[Midnightbsd-cvs] src [9200] vendor/bind/dist/version: Vendor import (trimmed) BIND 9.8.8
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Nov 3 08:20:07 EDT 2016
Revision: 9200
http://svnweb.midnightbsd.org/src/?rev=9200
Author: laffer1
Date: 2016-11-03 08:20:06 -0400 (Thu, 03 Nov 2016)
Log Message:
-----------
Vendor import (trimmed) BIND 9.8.8
Modified Paths:
--------------
vendor/bind/dist/bin/Makefile.in
vendor/bind/dist/bin/check/Makefile.in
vendor/bind/dist/bin/check/check-tool.c
vendor/bind/dist/bin/check/check-tool.h
vendor/bind/dist/bin/check/named-checkconf.8
vendor/bind/dist/bin/check/named-checkconf.c
vendor/bind/dist/bin/check/named-checkconf.docbook
vendor/bind/dist/bin/check/named-checkconf.html
vendor/bind/dist/bin/check/named-checkzone.8
vendor/bind/dist/bin/check/named-checkzone.c
vendor/bind/dist/bin/check/named-checkzone.docbook
vendor/bind/dist/bin/check/named-checkzone.html
vendor/bind/dist/bin/confgen/Makefile.in
vendor/bind/dist/bin/confgen/ddns-confgen.8
vendor/bind/dist/bin/confgen/ddns-confgen.c
vendor/bind/dist/bin/confgen/ddns-confgen.docbook
vendor/bind/dist/bin/confgen/ddns-confgen.html
vendor/bind/dist/bin/confgen/include/confgen/os.h
vendor/bind/dist/bin/confgen/keygen.c
vendor/bind/dist/bin/confgen/keygen.h
vendor/bind/dist/bin/confgen/rndc-confgen.8
vendor/bind/dist/bin/confgen/rndc-confgen.c
vendor/bind/dist/bin/confgen/rndc-confgen.docbook
vendor/bind/dist/bin/confgen/rndc-confgen.html
vendor/bind/dist/bin/confgen/unix/Makefile.in
vendor/bind/dist/bin/confgen/unix/os.c
vendor/bind/dist/bin/confgen/util.c
vendor/bind/dist/bin/confgen/util.h
vendor/bind/dist/bin/confgen/win32/os.c
vendor/bind/dist/bin/dig/Makefile.in
vendor/bind/dist/bin/dig/dig.1
vendor/bind/dist/bin/dig/dig.c
vendor/bind/dist/bin/dig/dig.docbook
vendor/bind/dist/bin/dig/dig.html
vendor/bind/dist/bin/dig/dighost.c
vendor/bind/dist/bin/dig/host.1
vendor/bind/dist/bin/dig/host.c
vendor/bind/dist/bin/dig/host.docbook
vendor/bind/dist/bin/dig/host.html
vendor/bind/dist/bin/dig/include/dig/dig.h
vendor/bind/dist/bin/dig/nslookup.1
vendor/bind/dist/bin/dig/nslookup.c
vendor/bind/dist/bin/dig/nslookup.docbook
vendor/bind/dist/bin/dig/nslookup.html
vendor/bind/dist/bin/dnssec/Makefile.in
vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.8
vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.c
vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.docbook
vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.html
vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.8
vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.c
vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.docbook
vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.html
vendor/bind/dist/bin/dnssec/dnssec-keygen.8
vendor/bind/dist/bin/dnssec/dnssec-keygen.c
vendor/bind/dist/bin/dnssec/dnssec-keygen.docbook
vendor/bind/dist/bin/dnssec/dnssec-keygen.html
vendor/bind/dist/bin/dnssec/dnssec-revoke.8
vendor/bind/dist/bin/dnssec/dnssec-revoke.c
vendor/bind/dist/bin/dnssec/dnssec-revoke.docbook
vendor/bind/dist/bin/dnssec/dnssec-revoke.html
vendor/bind/dist/bin/dnssec/dnssec-settime.8
vendor/bind/dist/bin/dnssec/dnssec-settime.c
vendor/bind/dist/bin/dnssec/dnssec-settime.docbook
vendor/bind/dist/bin/dnssec/dnssec-settime.html
vendor/bind/dist/bin/dnssec/dnssec-signzone.8
vendor/bind/dist/bin/dnssec/dnssec-signzone.c
vendor/bind/dist/bin/dnssec/dnssec-signzone.docbook
vendor/bind/dist/bin/dnssec/dnssec-signzone.html
vendor/bind/dist/bin/dnssec/dnssectool.c
vendor/bind/dist/bin/dnssec/dnssectool.h
vendor/bind/dist/bin/named/Makefile.in
vendor/bind/dist/bin/named/bind9.xsl
vendor/bind/dist/bin/named/bindkeys.pl
vendor/bind/dist/bin/named/builtin.c
vendor/bind/dist/bin/named/client.c
vendor/bind/dist/bin/named/config.c
vendor/bind/dist/bin/named/control.c
vendor/bind/dist/bin/named/controlconf.c
vendor/bind/dist/bin/named/convertxsl.pl
vendor/bind/dist/bin/named/include/dlz/dlz_dlopen_driver.h
vendor/bind/dist/bin/named/include/named/builtin.h
vendor/bind/dist/bin/named/include/named/client.h
vendor/bind/dist/bin/named/include/named/config.h
vendor/bind/dist/bin/named/include/named/control.h
vendor/bind/dist/bin/named/include/named/globals.h
vendor/bind/dist/bin/named/include/named/interfacemgr.h
vendor/bind/dist/bin/named/include/named/listenlist.h
vendor/bind/dist/bin/named/include/named/log.h
vendor/bind/dist/bin/named/include/named/logconf.h
vendor/bind/dist/bin/named/include/named/lwaddr.h
vendor/bind/dist/bin/named/include/named/lwdclient.h
vendor/bind/dist/bin/named/include/named/lwresd.h
vendor/bind/dist/bin/named/include/named/lwsearch.h
vendor/bind/dist/bin/named/include/named/main.h
vendor/bind/dist/bin/named/include/named/notify.h
vendor/bind/dist/bin/named/include/named/ns_smf_globals.h
vendor/bind/dist/bin/named/include/named/query.h
vendor/bind/dist/bin/named/include/named/server.h
vendor/bind/dist/bin/named/include/named/sortlist.h
vendor/bind/dist/bin/named/include/named/statschannel.h
vendor/bind/dist/bin/named/include/named/tkeyconf.h
vendor/bind/dist/bin/named/include/named/tsigconf.h
vendor/bind/dist/bin/named/include/named/types.h
vendor/bind/dist/bin/named/include/named/update.h
vendor/bind/dist/bin/named/include/named/xfrout.h
vendor/bind/dist/bin/named/include/named/zoneconf.h
vendor/bind/dist/bin/named/interfacemgr.c
vendor/bind/dist/bin/named/listenlist.c
vendor/bind/dist/bin/named/log.c
vendor/bind/dist/bin/named/logconf.c
vendor/bind/dist/bin/named/lwaddr.c
vendor/bind/dist/bin/named/lwdclient.c
vendor/bind/dist/bin/named/lwderror.c
vendor/bind/dist/bin/named/lwdgabn.c
vendor/bind/dist/bin/named/lwdgnba.c
vendor/bind/dist/bin/named/lwdgrbn.c
vendor/bind/dist/bin/named/lwdnoop.c
vendor/bind/dist/bin/named/lwresd.8
vendor/bind/dist/bin/named/lwresd.c
vendor/bind/dist/bin/named/lwresd.docbook
vendor/bind/dist/bin/named/lwresd.html
vendor/bind/dist/bin/named/lwsearch.c
vendor/bind/dist/bin/named/main.c
vendor/bind/dist/bin/named/named.8
vendor/bind/dist/bin/named/named.conf.5
vendor/bind/dist/bin/named/named.conf.docbook
vendor/bind/dist/bin/named/named.conf.html
vendor/bind/dist/bin/named/named.docbook
vendor/bind/dist/bin/named/named.html
vendor/bind/dist/bin/named/notify.c
vendor/bind/dist/bin/named/query.c
vendor/bind/dist/bin/named/server.c
vendor/bind/dist/bin/named/sortlist.c
vendor/bind/dist/bin/named/statschannel.c
vendor/bind/dist/bin/named/tkeyconf.c
vendor/bind/dist/bin/named/tsigconf.c
vendor/bind/dist/bin/named/unix/Makefile.in
vendor/bind/dist/bin/named/unix/dlz_dlopen_driver.c
vendor/bind/dist/bin/named/unix/include/named/os.h
vendor/bind/dist/bin/named/unix/os.c
vendor/bind/dist/bin/named/update.c
vendor/bind/dist/bin/named/xfrout.c
vendor/bind/dist/bin/named/zoneconf.c
vendor/bind/dist/bin/nsupdate/Makefile.in
vendor/bind/dist/bin/nsupdate/nsupdate.1
vendor/bind/dist/bin/nsupdate/nsupdate.c
vendor/bind/dist/bin/nsupdate/nsupdate.docbook
vendor/bind/dist/bin/nsupdate/nsupdate.html
vendor/bind/dist/bin/pkcs11/Makefile.in
vendor/bind/dist/bin/pkcs11/include/pkcs11.h
vendor/bind/dist/bin/pkcs11/include/pkcs11f.h
vendor/bind/dist/bin/pkcs11/include/pkcs11t.h
vendor/bind/dist/bin/pkcs11/pkcs11-destroy.8
vendor/bind/dist/bin/pkcs11/pkcs11-destroy.c
vendor/bind/dist/bin/pkcs11/pkcs11-destroy.docbook
vendor/bind/dist/bin/pkcs11/pkcs11-destroy.html
vendor/bind/dist/bin/pkcs11/pkcs11-keygen.8
vendor/bind/dist/bin/pkcs11/pkcs11-keygen.c
vendor/bind/dist/bin/pkcs11/pkcs11-keygen.docbook
vendor/bind/dist/bin/pkcs11/pkcs11-keygen.html
vendor/bind/dist/bin/pkcs11/pkcs11-list.8
vendor/bind/dist/bin/pkcs11/pkcs11-list.c
vendor/bind/dist/bin/pkcs11/pkcs11-list.docbook
vendor/bind/dist/bin/pkcs11/pkcs11-list.html
vendor/bind/dist/bin/pkcs11/unix/cryptoki.h
vendor/bind/dist/bin/pkcs11/unix/unix.c
vendor/bind/dist/bin/pkcs11/win32/cryptoki.h
vendor/bind/dist/bin/pkcs11/win32/win32.c
vendor/bind/dist/bin/rndc/Makefile.in
vendor/bind/dist/bin/rndc/include/rndc/os.h
vendor/bind/dist/bin/rndc/rndc.8
vendor/bind/dist/bin/rndc/rndc.c
vendor/bind/dist/bin/rndc/rndc.conf
vendor/bind/dist/bin/rndc/rndc.conf.5
vendor/bind/dist/bin/rndc/rndc.conf.docbook
vendor/bind/dist/bin/rndc/rndc.conf.html
vendor/bind/dist/bin/rndc/rndc.docbook
vendor/bind/dist/bin/rndc/rndc.html
vendor/bind/dist/bin/rndc/util.c
vendor/bind/dist/bin/rndc/util.h
vendor/bind/dist/bin/tools/Makefile.in
vendor/bind/dist/bin/tools/arpaname.1
vendor/bind/dist/bin/tools/arpaname.c
vendor/bind/dist/bin/tools/arpaname.docbook
vendor/bind/dist/bin/tools/arpaname.html
vendor/bind/dist/bin/tools/genrandom.8
vendor/bind/dist/bin/tools/genrandom.c
vendor/bind/dist/bin/tools/genrandom.docbook
vendor/bind/dist/bin/tools/genrandom.html
vendor/bind/dist/bin/tools/isc-hmac-fixup.8
vendor/bind/dist/bin/tools/isc-hmac-fixup.c
vendor/bind/dist/bin/tools/isc-hmac-fixup.docbook
vendor/bind/dist/bin/tools/isc-hmac-fixup.html
vendor/bind/dist/bin/tools/named-journalprint.8
vendor/bind/dist/bin/tools/named-journalprint.c
vendor/bind/dist/bin/tools/named-journalprint.docbook
vendor/bind/dist/bin/tools/named-journalprint.html
vendor/bind/dist/bin/tools/nsec3hash.8
vendor/bind/dist/bin/tools/nsec3hash.c
vendor/bind/dist/bin/tools/nsec3hash.docbook
vendor/bind/dist/bin/tools/nsec3hash.html
vendor/bind/dist/doc/Makefile.in
vendor/bind/dist/doc/arm/Bv9ARM-book.xml
vendor/bind/dist/doc/arm/Bv9ARM.ch01.html
vendor/bind/dist/doc/arm/Bv9ARM.ch02.html
vendor/bind/dist/doc/arm/Bv9ARM.ch03.html
vendor/bind/dist/doc/arm/Bv9ARM.ch04.html
vendor/bind/dist/doc/arm/Bv9ARM.ch05.html
vendor/bind/dist/doc/arm/Bv9ARM.ch06.html
vendor/bind/dist/doc/arm/Bv9ARM.ch07.html
vendor/bind/dist/doc/arm/Bv9ARM.ch08.html
vendor/bind/dist/doc/arm/Bv9ARM.ch09.html
vendor/bind/dist/doc/arm/Bv9ARM.ch10.html
vendor/bind/dist/doc/arm/Bv9ARM.html
vendor/bind/dist/doc/arm/Makefile.in
vendor/bind/dist/doc/arm/README-SGML
vendor/bind/dist/doc/arm/dnssec.xml
vendor/bind/dist/doc/arm/latex-fixup.pl
vendor/bind/dist/doc/arm/libdns.xml
vendor/bind/dist/doc/arm/man.arpaname.html
vendor/bind/dist/doc/arm/man.ddns-confgen.html
vendor/bind/dist/doc/arm/man.dig.html
vendor/bind/dist/doc/arm/man.dnssec-dsfromkey.html
vendor/bind/dist/doc/arm/man.dnssec-keyfromlabel.html
vendor/bind/dist/doc/arm/man.dnssec-keygen.html
vendor/bind/dist/doc/arm/man.dnssec-revoke.html
vendor/bind/dist/doc/arm/man.dnssec-settime.html
vendor/bind/dist/doc/arm/man.dnssec-signzone.html
vendor/bind/dist/doc/arm/man.genrandom.html
vendor/bind/dist/doc/arm/man.host.html
vendor/bind/dist/doc/arm/man.isc-hmac-fixup.html
vendor/bind/dist/doc/arm/man.named-checkconf.html
vendor/bind/dist/doc/arm/man.named-checkzone.html
vendor/bind/dist/doc/arm/man.named-journalprint.html
vendor/bind/dist/doc/arm/man.named.html
vendor/bind/dist/doc/arm/man.nsec3hash.html
vendor/bind/dist/doc/arm/man.nsupdate.html
vendor/bind/dist/doc/arm/man.rndc-confgen.html
vendor/bind/dist/doc/arm/man.rndc.conf.html
vendor/bind/dist/doc/arm/man.rndc.html
vendor/bind/dist/doc/arm/managed-keys.xml
vendor/bind/dist/doc/arm/pkcs11.xml
vendor/bind/dist/doc/doxygen/Doxyfile.in
vendor/bind/dist/doc/doxygen/Makefile.in
vendor/bind/dist/doc/doxygen/doxygen-input-filter.in
vendor/bind/dist/doc/doxygen/isc-footer.html
vendor/bind/dist/doc/doxygen/isc-header.html
vendor/bind/dist/doc/doxygen/mainpage
vendor/bind/dist/doc/misc/Makefile.in
vendor/bind/dist/doc/misc/dnssec
vendor/bind/dist/doc/misc/format-options.pl
vendor/bind/dist/doc/misc/ipv6
vendor/bind/dist/doc/misc/migration
vendor/bind/dist/doc/misc/migration-4to9
vendor/bind/dist/doc/misc/options
vendor/bind/dist/doc/misc/rfc-compliance
vendor/bind/dist/doc/misc/roadmap
vendor/bind/dist/doc/misc/sdb
vendor/bind/dist/doc/misc/sort-options.pl
vendor/bind/dist/doc/xsl/Makefile.in
vendor/bind/dist/doc/xsl/copyright.xsl
vendor/bind/dist/doc/xsl/isc-docbook-chunk.xsl.in
vendor/bind/dist/doc/xsl/isc-docbook-html.xsl.in
vendor/bind/dist/doc/xsl/isc-docbook-latex-mappings.xml
vendor/bind/dist/doc/xsl/isc-docbook-latex.xsl.in
vendor/bind/dist/doc/xsl/isc-docbook-text.xsl
vendor/bind/dist/doc/xsl/isc-manpage.xsl.in
vendor/bind/dist/doc/xsl/pre-latex.xsl
vendor/bind/dist/lib/Atffile
vendor/bind/dist/lib/Makefile.in
vendor/bind/dist/lib/bind9/Makefile.in
vendor/bind/dist/lib/bind9/api
vendor/bind/dist/lib/bind9/check.c
vendor/bind/dist/lib/bind9/getaddresses.c
vendor/bind/dist/lib/bind9/include/Makefile.in
vendor/bind/dist/lib/bind9/include/bind9/Makefile.in
vendor/bind/dist/lib/bind9/include/bind9/check.h
vendor/bind/dist/lib/bind9/include/bind9/getaddresses.h
vendor/bind/dist/lib/bind9/include/bind9/version.h
vendor/bind/dist/lib/bind9/version.c
vendor/bind/dist/lib/dns/Makefile.in
vendor/bind/dist/lib/dns/acache.c
vendor/bind/dist/lib/dns/acl.c
vendor/bind/dist/lib/dns/adb.c
vendor/bind/dist/lib/dns/api
vendor/bind/dist/lib/dns/byaddr.c
vendor/bind/dist/lib/dns/cache.c
vendor/bind/dist/lib/dns/callbacks.c
vendor/bind/dist/lib/dns/client.c
vendor/bind/dist/lib/dns/compress.c
vendor/bind/dist/lib/dns/db.c
vendor/bind/dist/lib/dns/dbiterator.c
vendor/bind/dist/lib/dns/dbtable.c
vendor/bind/dist/lib/dns/diff.c
vendor/bind/dist/lib/dns/dispatch.c
vendor/bind/dist/lib/dns/dlz.c
vendor/bind/dist/lib/dns/dns64.c
vendor/bind/dist/lib/dns/dnssec.c
vendor/bind/dist/lib/dns/ds.c
vendor/bind/dist/lib/dns/dst_api.c
vendor/bind/dist/lib/dns/dst_internal.h
vendor/bind/dist/lib/dns/dst_lib.c
vendor/bind/dist/lib/dns/dst_openssl.h
vendor/bind/dist/lib/dns/dst_parse.c
vendor/bind/dist/lib/dns/dst_parse.h
vendor/bind/dist/lib/dns/dst_result.c
vendor/bind/dist/lib/dns/ecdb.c
vendor/bind/dist/lib/dns/forward.c
vendor/bind/dist/lib/dns/gen-unix.h
vendor/bind/dist/lib/dns/gen.c
vendor/bind/dist/lib/dns/gssapi_link.c
vendor/bind/dist/lib/dns/gssapictx.c
vendor/bind/dist/lib/dns/hmac_link.c
vendor/bind/dist/lib/dns/include/Makefile.in
vendor/bind/dist/lib/dns/include/dns/Makefile.in
vendor/bind/dist/lib/dns/include/dns/acache.h
vendor/bind/dist/lib/dns/include/dns/acl.h
vendor/bind/dist/lib/dns/include/dns/adb.h
vendor/bind/dist/lib/dns/include/dns/bit.h
vendor/bind/dist/lib/dns/include/dns/byaddr.h
vendor/bind/dist/lib/dns/include/dns/cache.h
vendor/bind/dist/lib/dns/include/dns/callbacks.h
vendor/bind/dist/lib/dns/include/dns/cert.h
vendor/bind/dist/lib/dns/include/dns/client.h
vendor/bind/dist/lib/dns/include/dns/compress.h
vendor/bind/dist/lib/dns/include/dns/db.h
vendor/bind/dist/lib/dns/include/dns/dbiterator.h
vendor/bind/dist/lib/dns/include/dns/dbtable.h
vendor/bind/dist/lib/dns/include/dns/diff.h
vendor/bind/dist/lib/dns/include/dns/dispatch.h
vendor/bind/dist/lib/dns/include/dns/dlz.h
vendor/bind/dist/lib/dns/include/dns/dlz_dlopen.h
vendor/bind/dist/lib/dns/include/dns/dns64.h
vendor/bind/dist/lib/dns/include/dns/dnssec.h
vendor/bind/dist/lib/dns/include/dns/ds.h
vendor/bind/dist/lib/dns/include/dns/ecdb.h
vendor/bind/dist/lib/dns/include/dns/events.h
vendor/bind/dist/lib/dns/include/dns/fixedname.h
vendor/bind/dist/lib/dns/include/dns/forward.h
vendor/bind/dist/lib/dns/include/dns/iptable.h
vendor/bind/dist/lib/dns/include/dns/journal.h
vendor/bind/dist/lib/dns/include/dns/keydata.h
vendor/bind/dist/lib/dns/include/dns/keyflags.h
vendor/bind/dist/lib/dns/include/dns/keytable.h
vendor/bind/dist/lib/dns/include/dns/keyvalues.h
vendor/bind/dist/lib/dns/include/dns/lib.h
vendor/bind/dist/lib/dns/include/dns/log.h
vendor/bind/dist/lib/dns/include/dns/lookup.h
vendor/bind/dist/lib/dns/include/dns/master.h
vendor/bind/dist/lib/dns/include/dns/masterdump.h
vendor/bind/dist/lib/dns/include/dns/message.h
vendor/bind/dist/lib/dns/include/dns/name.h
vendor/bind/dist/lib/dns/include/dns/ncache.h
vendor/bind/dist/lib/dns/include/dns/nsec.h
vendor/bind/dist/lib/dns/include/dns/nsec3.h
vendor/bind/dist/lib/dns/include/dns/opcode.h
vendor/bind/dist/lib/dns/include/dns/order.h
vendor/bind/dist/lib/dns/include/dns/peer.h
vendor/bind/dist/lib/dns/include/dns/portlist.h
vendor/bind/dist/lib/dns/include/dns/private.h
vendor/bind/dist/lib/dns/include/dns/rbt.h
vendor/bind/dist/lib/dns/include/dns/rcode.h
vendor/bind/dist/lib/dns/include/dns/rdata.h
vendor/bind/dist/lib/dns/include/dns/rdataclass.h
vendor/bind/dist/lib/dns/include/dns/rdatalist.h
vendor/bind/dist/lib/dns/include/dns/rdataset.h
vendor/bind/dist/lib/dns/include/dns/rdatasetiter.h
vendor/bind/dist/lib/dns/include/dns/rdataslab.h
vendor/bind/dist/lib/dns/include/dns/rdatatype.h
vendor/bind/dist/lib/dns/include/dns/request.h
vendor/bind/dist/lib/dns/include/dns/resolver.h
vendor/bind/dist/lib/dns/include/dns/result.h
vendor/bind/dist/lib/dns/include/dns/rootns.h
vendor/bind/dist/lib/dns/include/dns/rpz.h
vendor/bind/dist/lib/dns/include/dns/rriterator.h
vendor/bind/dist/lib/dns/include/dns/sdb.h
vendor/bind/dist/lib/dns/include/dns/sdlz.h
vendor/bind/dist/lib/dns/include/dns/secalg.h
vendor/bind/dist/lib/dns/include/dns/secproto.h
vendor/bind/dist/lib/dns/include/dns/soa.h
vendor/bind/dist/lib/dns/include/dns/ssu.h
vendor/bind/dist/lib/dns/include/dns/stats.h
vendor/bind/dist/lib/dns/include/dns/tcpmsg.h
vendor/bind/dist/lib/dns/include/dns/time.h
vendor/bind/dist/lib/dns/include/dns/timer.h
vendor/bind/dist/lib/dns/include/dns/tkey.h
vendor/bind/dist/lib/dns/include/dns/tsec.h
vendor/bind/dist/lib/dns/include/dns/tsig.h
vendor/bind/dist/lib/dns/include/dns/ttl.h
vendor/bind/dist/lib/dns/include/dns/types.h
vendor/bind/dist/lib/dns/include/dns/validator.h
vendor/bind/dist/lib/dns/include/dns/version.h
vendor/bind/dist/lib/dns/include/dns/view.h
vendor/bind/dist/lib/dns/include/dns/xfrin.h
vendor/bind/dist/lib/dns/include/dns/zone.h
vendor/bind/dist/lib/dns/include/dns/zonekey.h
vendor/bind/dist/lib/dns/include/dns/zt.h
vendor/bind/dist/lib/dns/include/dst/Makefile.in
vendor/bind/dist/lib/dns/include/dst/dst.h
vendor/bind/dist/lib/dns/include/dst/gssapi.h
vendor/bind/dist/lib/dns/include/dst/lib.h
vendor/bind/dist/lib/dns/include/dst/result.h
vendor/bind/dist/lib/dns/iptable.c
vendor/bind/dist/lib/dns/journal.c
vendor/bind/dist/lib/dns/key.c
vendor/bind/dist/lib/dns/keydata.c
vendor/bind/dist/lib/dns/keytable.c
vendor/bind/dist/lib/dns/lib.c
vendor/bind/dist/lib/dns/log.c
vendor/bind/dist/lib/dns/lookup.c
vendor/bind/dist/lib/dns/master.c
vendor/bind/dist/lib/dns/masterdump.c
vendor/bind/dist/lib/dns/message.c
vendor/bind/dist/lib/dns/name.c
vendor/bind/dist/lib/dns/ncache.c
vendor/bind/dist/lib/dns/nsec.c
vendor/bind/dist/lib/dns/nsec3.c
vendor/bind/dist/lib/dns/openssl_link.c
vendor/bind/dist/lib/dns/openssldh_link.c
vendor/bind/dist/lib/dns/openssldsa_link.c
vendor/bind/dist/lib/dns/opensslecdsa_link.c
vendor/bind/dist/lib/dns/opensslgost_link.c
vendor/bind/dist/lib/dns/opensslrsa_link.c
vendor/bind/dist/lib/dns/order.c
vendor/bind/dist/lib/dns/peer.c
vendor/bind/dist/lib/dns/portlist.c
vendor/bind/dist/lib/dns/private.c
vendor/bind/dist/lib/dns/rbt.c
vendor/bind/dist/lib/dns/rbtdb.c
vendor/bind/dist/lib/dns/rbtdb.h
vendor/bind/dist/lib/dns/rbtdb64.c
vendor/bind/dist/lib/dns/rbtdb64.h
vendor/bind/dist/lib/dns/rcode.c
vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.c
vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.h
vendor/bind/dist/lib/dns/rdata/ch_3/a_1.c
vendor/bind/dist/lib/dns/rdata/ch_3/a_1.h
vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.c
vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.h
vendor/bind/dist/lib/dns/rdata/generic/cert_37.c
vendor/bind/dist/lib/dns/rdata/generic/cert_37.h
vendor/bind/dist/lib/dns/rdata/generic/cname_5.c
vendor/bind/dist/lib/dns/rdata/generic/cname_5.h
vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.c
vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.h
vendor/bind/dist/lib/dns/rdata/generic/dname_39.c
vendor/bind/dist/lib/dns/rdata/generic/dname_39.h
vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.c
vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.h
vendor/bind/dist/lib/dns/rdata/generic/ds_43.c
vendor/bind/dist/lib/dns/rdata/generic/ds_43.h
vendor/bind/dist/lib/dns/rdata/generic/eui48_108.c
vendor/bind/dist/lib/dns/rdata/generic/eui64_109.c
vendor/bind/dist/lib/dns/rdata/generic/gpos_27.c
vendor/bind/dist/lib/dns/rdata/generic/gpos_27.h
vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.c
vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.h
vendor/bind/dist/lib/dns/rdata/generic/hip_55.c
vendor/bind/dist/lib/dns/rdata/generic/hip_55.h
vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.c
vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.h
vendor/bind/dist/lib/dns/rdata/generic/isdn_20.c
vendor/bind/dist/lib/dns/rdata/generic/isdn_20.h
vendor/bind/dist/lib/dns/rdata/generic/key_25.c
vendor/bind/dist/lib/dns/rdata/generic/key_25.h
vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.c
vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.h
vendor/bind/dist/lib/dns/rdata/generic/l32_105.c
vendor/bind/dist/lib/dns/rdata/generic/l64_106.c
vendor/bind/dist/lib/dns/rdata/generic/loc_29.c
vendor/bind/dist/lib/dns/rdata/generic/loc_29.h
vendor/bind/dist/lib/dns/rdata/generic/mb_7.c
vendor/bind/dist/lib/dns/rdata/generic/mb_7.h
vendor/bind/dist/lib/dns/rdata/generic/md_3.c
vendor/bind/dist/lib/dns/rdata/generic/md_3.h
vendor/bind/dist/lib/dns/rdata/generic/mf_4.c
vendor/bind/dist/lib/dns/rdata/generic/mf_4.h
vendor/bind/dist/lib/dns/rdata/generic/mg_8.c
vendor/bind/dist/lib/dns/rdata/generic/mg_8.h
vendor/bind/dist/lib/dns/rdata/generic/minfo_14.c
vendor/bind/dist/lib/dns/rdata/generic/minfo_14.h
vendor/bind/dist/lib/dns/rdata/generic/mr_9.c
vendor/bind/dist/lib/dns/rdata/generic/mr_9.h
vendor/bind/dist/lib/dns/rdata/generic/mx_15.c
vendor/bind/dist/lib/dns/rdata/generic/mx_15.h
vendor/bind/dist/lib/dns/rdata/generic/nid_104.c
vendor/bind/dist/lib/dns/rdata/generic/ns_2.c
vendor/bind/dist/lib/dns/rdata/generic/ns_2.h
vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.c
vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.h
vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.c
vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.h
vendor/bind/dist/lib/dns/rdata/generic/nsec_47.c
vendor/bind/dist/lib/dns/rdata/generic/nsec_47.h
vendor/bind/dist/lib/dns/rdata/generic/null_10.c
vendor/bind/dist/lib/dns/rdata/generic/null_10.h
vendor/bind/dist/lib/dns/rdata/generic/nxt_30.c
vendor/bind/dist/lib/dns/rdata/generic/nxt_30.h
vendor/bind/dist/lib/dns/rdata/generic/opt_41.c
vendor/bind/dist/lib/dns/rdata/generic/opt_41.h
vendor/bind/dist/lib/dns/rdata/generic/proforma.c
vendor/bind/dist/lib/dns/rdata/generic/proforma.h
vendor/bind/dist/lib/dns/rdata/generic/ptr_12.c
vendor/bind/dist/lib/dns/rdata/generic/ptr_12.h
vendor/bind/dist/lib/dns/rdata/generic/rp_17.c
vendor/bind/dist/lib/dns/rdata/generic/rp_17.h
vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.c
vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.h
vendor/bind/dist/lib/dns/rdata/generic/rt_21.c
vendor/bind/dist/lib/dns/rdata/generic/rt_21.h
vendor/bind/dist/lib/dns/rdata/generic/sig_24.c
vendor/bind/dist/lib/dns/rdata/generic/sig_24.h
vendor/bind/dist/lib/dns/rdata/generic/soa_6.c
vendor/bind/dist/lib/dns/rdata/generic/soa_6.h
vendor/bind/dist/lib/dns/rdata/generic/spf_99.c
vendor/bind/dist/lib/dns/rdata/generic/spf_99.h
vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.c
vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.h
vendor/bind/dist/lib/dns/rdata/generic/tkey_249.c
vendor/bind/dist/lib/dns/rdata/generic/tkey_249.h
vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.c
vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.h
vendor/bind/dist/lib/dns/rdata/generic/txt_16.c
vendor/bind/dist/lib/dns/rdata/generic/txt_16.h
vendor/bind/dist/lib/dns/rdata/generic/unspec_103.c
vendor/bind/dist/lib/dns/rdata/generic/unspec_103.h
vendor/bind/dist/lib/dns/rdata/generic/uri_256.c
vendor/bind/dist/lib/dns/rdata/generic/uri_256.h
vendor/bind/dist/lib/dns/rdata/generic/x25_19.c
vendor/bind/dist/lib/dns/rdata/generic/x25_19.h
vendor/bind/dist/lib/dns/rdata/hs_4/a_1.c
vendor/bind/dist/lib/dns/rdata/hs_4/a_1.h
vendor/bind/dist/lib/dns/rdata/in_1/a6_38.c
vendor/bind/dist/lib/dns/rdata/in_1/a6_38.h
vendor/bind/dist/lib/dns/rdata/in_1/a_1.c
vendor/bind/dist/lib/dns/rdata/in_1/a_1.h
vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.c
vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.h
vendor/bind/dist/lib/dns/rdata/in_1/apl_42.c
vendor/bind/dist/lib/dns/rdata/in_1/apl_42.h
vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.c
vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.h
vendor/bind/dist/lib/dns/rdata/in_1/kx_36.c
vendor/bind/dist/lib/dns/rdata/in_1/kx_36.h
vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.c
vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.h
vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.c
vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.h
vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.c
vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.h
vendor/bind/dist/lib/dns/rdata/in_1/px_26.c
vendor/bind/dist/lib/dns/rdata/in_1/px_26.h
vendor/bind/dist/lib/dns/rdata/in_1/srv_33.c
vendor/bind/dist/lib/dns/rdata/in_1/srv_33.h
vendor/bind/dist/lib/dns/rdata/in_1/wks_11.c
vendor/bind/dist/lib/dns/rdata/in_1/wks_11.h
vendor/bind/dist/lib/dns/rdata/rdatastructpre.h
vendor/bind/dist/lib/dns/rdata/rdatastructsuf.h
vendor/bind/dist/lib/dns/rdata.c
vendor/bind/dist/lib/dns/rdatalist.c
vendor/bind/dist/lib/dns/rdatalist_p.h
vendor/bind/dist/lib/dns/rdataset.c
vendor/bind/dist/lib/dns/rdatasetiter.c
vendor/bind/dist/lib/dns/rdataslab.c
vendor/bind/dist/lib/dns/request.c
vendor/bind/dist/lib/dns/resolver.c
vendor/bind/dist/lib/dns/result.c
vendor/bind/dist/lib/dns/rootns.c
vendor/bind/dist/lib/dns/rpz.c
vendor/bind/dist/lib/dns/rriterator.c
vendor/bind/dist/lib/dns/sdb.c
vendor/bind/dist/lib/dns/sdlz.c
vendor/bind/dist/lib/dns/soa.c
vendor/bind/dist/lib/dns/spnego.asn1
vendor/bind/dist/lib/dns/spnego.c
vendor/bind/dist/lib/dns/spnego.h
vendor/bind/dist/lib/dns/spnego_asn1.c
vendor/bind/dist/lib/dns/spnego_asn1.pl
vendor/bind/dist/lib/dns/ssu.c
vendor/bind/dist/lib/dns/ssu_external.c
vendor/bind/dist/lib/dns/stats.c
vendor/bind/dist/lib/dns/tcpmsg.c
vendor/bind/dist/lib/dns/tests/Makefile.in
vendor/bind/dist/lib/dns/tests/dbiterator_test.c
vendor/bind/dist/lib/dns/tests/dbversion_test.c
vendor/bind/dist/lib/dns/tests/dnstest.c
vendor/bind/dist/lib/dns/tests/dnstest.h
vendor/bind/dist/lib/dns/tests/master_test.c
vendor/bind/dist/lib/dns/tests/nsec3_test.c
vendor/bind/dist/lib/dns/tests/rdata_test.c
vendor/bind/dist/lib/dns/tests/rdataset_test.c
vendor/bind/dist/lib/dns/tests/testdata/dbiterator/zone1.data
vendor/bind/dist/lib/dns/tests/testdata/nsec3/1024.db
vendor/bind/dist/lib/dns/tests/testdata/nsec3/2048.db
vendor/bind/dist/lib/dns/tests/testdata/nsec3/4096.db
vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-1024.db
vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-2048.db
vendor/bind/dist/lib/dns/tests/time_test.c
vendor/bind/dist/lib/dns/tests/zonemgr_test.c
vendor/bind/dist/lib/dns/time.c
vendor/bind/dist/lib/dns/timer.c
vendor/bind/dist/lib/dns/tkey.c
vendor/bind/dist/lib/dns/tsec.c
vendor/bind/dist/lib/dns/tsig.c
vendor/bind/dist/lib/dns/ttl.c
vendor/bind/dist/lib/dns/validator.c
vendor/bind/dist/lib/dns/version.c
vendor/bind/dist/lib/dns/view.c
vendor/bind/dist/lib/dns/xfrin.c
vendor/bind/dist/lib/dns/zone.c
vendor/bind/dist/lib/dns/zonekey.c
vendor/bind/dist/lib/dns/zt.c
vendor/bind/dist/lib/export/Makefile.in
vendor/bind/dist/lib/export/dns/Makefile.in
vendor/bind/dist/lib/export/dns/include/Makefile.in
vendor/bind/dist/lib/export/dns/include/dns/Makefile.in
vendor/bind/dist/lib/export/dns/include/dst/Makefile.in
vendor/bind/dist/lib/export/irs/Makefile.in
vendor/bind/dist/lib/export/irs/include/Makefile.in
vendor/bind/dist/lib/export/irs/include/irs/Makefile.in
vendor/bind/dist/lib/export/isc/Makefile.in
vendor/bind/dist/lib/export/isc/include/Makefile.in
vendor/bind/dist/lib/export/isc/include/isc/Makefile.in
vendor/bind/dist/lib/export/isc/include/isc/bind9.h
vendor/bind/dist/lib/export/isc/nls/Makefile.in
vendor/bind/dist/lib/export/isc/nothreads/Makefile.in
vendor/bind/dist/lib/export/isc/nothreads/include/Makefile.in
vendor/bind/dist/lib/export/isc/nothreads/include/isc/Makefile.in
vendor/bind/dist/lib/export/isc/pthreads/Makefile.in
vendor/bind/dist/lib/export/isc/pthreads/include/Makefile.in
vendor/bind/dist/lib/export/isc/pthreads/include/isc/Makefile.in
vendor/bind/dist/lib/export/isc/unix/Makefile.in
vendor/bind/dist/lib/export/isc/unix/include/Makefile.in
vendor/bind/dist/lib/export/isc/unix/include/isc/Makefile.in
vendor/bind/dist/lib/export/isccfg/Makefile.in
vendor/bind/dist/lib/export/isccfg/include/Makefile.in
vendor/bind/dist/lib/export/isccfg/include/isccfg/Makefile.in
vendor/bind/dist/lib/export/samples/Makefile-postinstall.in
vendor/bind/dist/lib/export/samples/Makefile.in
vendor/bind/dist/lib/export/samples/nsprobe.c
vendor/bind/dist/lib/export/samples/sample-async.c
vendor/bind/dist/lib/export/samples/sample-gai.c
vendor/bind/dist/lib/export/samples/sample-request.c
vendor/bind/dist/lib/export/samples/sample-update.c
vendor/bind/dist/lib/export/samples/sample.c
vendor/bind/dist/lib/irs/Makefile.in
vendor/bind/dist/lib/irs/api
vendor/bind/dist/lib/irs/context.c
vendor/bind/dist/lib/irs/dnsconf.c
vendor/bind/dist/lib/irs/gai_strerror.c
vendor/bind/dist/lib/irs/getaddrinfo.c
vendor/bind/dist/lib/irs/getnameinfo.c
vendor/bind/dist/lib/irs/include/Makefile.in
vendor/bind/dist/lib/irs/include/irs/Makefile.in
vendor/bind/dist/lib/irs/include/irs/context.h
vendor/bind/dist/lib/irs/include/irs/dnsconf.h
vendor/bind/dist/lib/irs/include/irs/netdb.h.in
vendor/bind/dist/lib/irs/include/irs/platform.h.in
vendor/bind/dist/lib/irs/include/irs/resconf.h
vendor/bind/dist/lib/irs/include/irs/types.h
vendor/bind/dist/lib/irs/include/irs/version.h
vendor/bind/dist/lib/irs/resconf.c
vendor/bind/dist/lib/irs/version.c
vendor/bind/dist/lib/isc/Makefile.in
vendor/bind/dist/lib/isc/alpha/Makefile.in
vendor/bind/dist/lib/isc/alpha/include/Makefile.in
vendor/bind/dist/lib/isc/alpha/include/isc/Makefile.in
vendor/bind/dist/lib/isc/alpha/include/isc/atomic.h
vendor/bind/dist/lib/isc/api
vendor/bind/dist/lib/isc/app_api.c
vendor/bind/dist/lib/isc/assertions.c
vendor/bind/dist/lib/isc/backtrace-emptytbl.c
vendor/bind/dist/lib/isc/backtrace.c
vendor/bind/dist/lib/isc/base32.c
vendor/bind/dist/lib/isc/base64.c
vendor/bind/dist/lib/isc/bitstring.c
vendor/bind/dist/lib/isc/buffer.c
vendor/bind/dist/lib/isc/bufferlist.c
vendor/bind/dist/lib/isc/commandline.c
vendor/bind/dist/lib/isc/entropy.c
vendor/bind/dist/lib/isc/error.c
vendor/bind/dist/lib/isc/event.c
vendor/bind/dist/lib/isc/fsaccess.c
vendor/bind/dist/lib/isc/hash.c
vendor/bind/dist/lib/isc/heap.c
vendor/bind/dist/lib/isc/hex.c
vendor/bind/dist/lib/isc/hmacmd5.c
vendor/bind/dist/lib/isc/hmacsha.c
vendor/bind/dist/lib/isc/httpd.c
vendor/bind/dist/lib/isc/ia64/Makefile.in
vendor/bind/dist/lib/isc/ia64/include/Makefile.in
vendor/bind/dist/lib/isc/ia64/include/isc/Makefile.in
vendor/bind/dist/lib/isc/ia64/include/isc/atomic.h
vendor/bind/dist/lib/isc/include/Makefile.in
vendor/bind/dist/lib/isc/include/isc/Makefile.in
vendor/bind/dist/lib/isc/include/isc/app.h
vendor/bind/dist/lib/isc/include/isc/assertions.h
vendor/bind/dist/lib/isc/include/isc/backtrace.h
vendor/bind/dist/lib/isc/include/isc/base32.h
vendor/bind/dist/lib/isc/include/isc/base64.h
vendor/bind/dist/lib/isc/include/isc/bind9.h
vendor/bind/dist/lib/isc/include/isc/bitstring.h
vendor/bind/dist/lib/isc/include/isc/boolean.h
vendor/bind/dist/lib/isc/include/isc/buffer.h
vendor/bind/dist/lib/isc/include/isc/bufferlist.h
vendor/bind/dist/lib/isc/include/isc/commandline.h
vendor/bind/dist/lib/isc/include/isc/entropy.h
vendor/bind/dist/lib/isc/include/isc/error.h
vendor/bind/dist/lib/isc/include/isc/event.h
vendor/bind/dist/lib/isc/include/isc/eventclass.h
vendor/bind/dist/lib/isc/include/isc/file.h
vendor/bind/dist/lib/isc/include/isc/formatcheck.h
vendor/bind/dist/lib/isc/include/isc/fsaccess.h
vendor/bind/dist/lib/isc/include/isc/hash.h
vendor/bind/dist/lib/isc/include/isc/heap.h
vendor/bind/dist/lib/isc/include/isc/hex.h
vendor/bind/dist/lib/isc/include/isc/hmacmd5.h
vendor/bind/dist/lib/isc/include/isc/hmacsha.h
vendor/bind/dist/lib/isc/include/isc/httpd.h
vendor/bind/dist/lib/isc/include/isc/interfaceiter.h
vendor/bind/dist/lib/isc/include/isc/ipv6.h
vendor/bind/dist/lib/isc/include/isc/iterated_hash.h
vendor/bind/dist/lib/isc/include/isc/lang.h
vendor/bind/dist/lib/isc/include/isc/lex.h
vendor/bind/dist/lib/isc/include/isc/lfsr.h
vendor/bind/dist/lib/isc/include/isc/lib.h
vendor/bind/dist/lib/isc/include/isc/list.h
vendor/bind/dist/lib/isc/include/isc/log.h
vendor/bind/dist/lib/isc/include/isc/magic.h
vendor/bind/dist/lib/isc/include/isc/md5.h
vendor/bind/dist/lib/isc/include/isc/mem.h
vendor/bind/dist/lib/isc/include/isc/msgcat.h
vendor/bind/dist/lib/isc/include/isc/msgs.h
vendor/bind/dist/lib/isc/include/isc/mutexblock.h
vendor/bind/dist/lib/isc/include/isc/namespace.h
vendor/bind/dist/lib/isc/include/isc/netaddr.h
vendor/bind/dist/lib/isc/include/isc/netscope.h
vendor/bind/dist/lib/isc/include/isc/ondestroy.h
vendor/bind/dist/lib/isc/include/isc/os.h
vendor/bind/dist/lib/isc/include/isc/parseint.h
vendor/bind/dist/lib/isc/include/isc/platform.h.in
vendor/bind/dist/lib/isc/include/isc/portset.h
vendor/bind/dist/lib/isc/include/isc/print.h
vendor/bind/dist/lib/isc/include/isc/quota.h
vendor/bind/dist/lib/isc/include/isc/radix.h
vendor/bind/dist/lib/isc/include/isc/random.h
vendor/bind/dist/lib/isc/include/isc/ratelimiter.h
vendor/bind/dist/lib/isc/include/isc/refcount.h
vendor/bind/dist/lib/isc/include/isc/region.h
vendor/bind/dist/lib/isc/include/isc/resource.h
vendor/bind/dist/lib/isc/include/isc/result.h
vendor/bind/dist/lib/isc/include/isc/resultclass.h
vendor/bind/dist/lib/isc/include/isc/rwlock.h
vendor/bind/dist/lib/isc/include/isc/serial.h
vendor/bind/dist/lib/isc/include/isc/sha1.h
vendor/bind/dist/lib/isc/include/isc/sha2.h
vendor/bind/dist/lib/isc/include/isc/sockaddr.h
vendor/bind/dist/lib/isc/include/isc/socket.h
vendor/bind/dist/lib/isc/include/isc/stats.h
vendor/bind/dist/lib/isc/include/isc/stdio.h
vendor/bind/dist/lib/isc/include/isc/stdlib.h
vendor/bind/dist/lib/isc/include/isc/string.h
vendor/bind/dist/lib/isc/include/isc/symtab.h
vendor/bind/dist/lib/isc/include/isc/task.h
vendor/bind/dist/lib/isc/include/isc/taskpool.h
vendor/bind/dist/lib/isc/include/isc/timer.h
vendor/bind/dist/lib/isc/include/isc/types.h
vendor/bind/dist/lib/isc/include/isc/util.h
vendor/bind/dist/lib/isc/include/isc/version.h
vendor/bind/dist/lib/isc/include/isc/xml.h
vendor/bind/dist/lib/isc/inet_aton.c
vendor/bind/dist/lib/isc/inet_ntop.c
vendor/bind/dist/lib/isc/inet_pton.c
vendor/bind/dist/lib/isc/iterated_hash.c
vendor/bind/dist/lib/isc/lex.c
vendor/bind/dist/lib/isc/lfsr.c
vendor/bind/dist/lib/isc/lib.c
vendor/bind/dist/lib/isc/log.c
vendor/bind/dist/lib/isc/md5.c
vendor/bind/dist/lib/isc/mem.c
vendor/bind/dist/lib/isc/mem_api.c
vendor/bind/dist/lib/isc/mips/Makefile.in
vendor/bind/dist/lib/isc/mips/include/Makefile.in
vendor/bind/dist/lib/isc/mips/include/isc/Makefile.in
vendor/bind/dist/lib/isc/mips/include/isc/atomic.h
vendor/bind/dist/lib/isc/mutexblock.c
vendor/bind/dist/lib/isc/netaddr.c
vendor/bind/dist/lib/isc/netscope.c
vendor/bind/dist/lib/isc/nls/Makefile.in
vendor/bind/dist/lib/isc/nls/msgcat.c
vendor/bind/dist/lib/isc/noatomic/Makefile.in
vendor/bind/dist/lib/isc/noatomic/include/Makefile.in
vendor/bind/dist/lib/isc/noatomic/include/isc/Makefile.in
vendor/bind/dist/lib/isc/noatomic/include/isc/atomic.h
vendor/bind/dist/lib/isc/nothreads/Makefile.in
vendor/bind/dist/lib/isc/nothreads/condition.c
vendor/bind/dist/lib/isc/nothreads/include/Makefile.in
vendor/bind/dist/lib/isc/nothreads/include/isc/Makefile.in
vendor/bind/dist/lib/isc/nothreads/include/isc/condition.h
vendor/bind/dist/lib/isc/nothreads/include/isc/mutex.h
vendor/bind/dist/lib/isc/nothreads/include/isc/once.h
vendor/bind/dist/lib/isc/nothreads/include/isc/thread.h
vendor/bind/dist/lib/isc/nothreads/mutex.c
vendor/bind/dist/lib/isc/nothreads/thread.c
vendor/bind/dist/lib/isc/ondestroy.c
vendor/bind/dist/lib/isc/parseint.c
vendor/bind/dist/lib/isc/portset.c
vendor/bind/dist/lib/isc/powerpc/Makefile.in
vendor/bind/dist/lib/isc/powerpc/include/Makefile.in
vendor/bind/dist/lib/isc/powerpc/include/isc/Makefile.in
vendor/bind/dist/lib/isc/powerpc/include/isc/atomic.h
vendor/bind/dist/lib/isc/print.c
vendor/bind/dist/lib/isc/pthreads/Makefile.in
vendor/bind/dist/lib/isc/pthreads/condition.c
vendor/bind/dist/lib/isc/pthreads/include/Makefile.in
vendor/bind/dist/lib/isc/pthreads/include/isc/Makefile.in
vendor/bind/dist/lib/isc/pthreads/include/isc/condition.h
vendor/bind/dist/lib/isc/pthreads/include/isc/mutex.h
vendor/bind/dist/lib/isc/pthreads/include/isc/once.h
vendor/bind/dist/lib/isc/pthreads/include/isc/thread.h
vendor/bind/dist/lib/isc/pthreads/mutex.c
vendor/bind/dist/lib/isc/pthreads/thread.c
vendor/bind/dist/lib/isc/quota.c
vendor/bind/dist/lib/isc/radix.c
vendor/bind/dist/lib/isc/random.c
vendor/bind/dist/lib/isc/ratelimiter.c
vendor/bind/dist/lib/isc/refcount.c
vendor/bind/dist/lib/isc/regex.c
vendor/bind/dist/lib/isc/region.c
vendor/bind/dist/lib/isc/result.c
vendor/bind/dist/lib/isc/rwlock.c
vendor/bind/dist/lib/isc/serial.c
vendor/bind/dist/lib/isc/sha1.c
vendor/bind/dist/lib/isc/sha2.c
vendor/bind/dist/lib/isc/sockaddr.c
vendor/bind/dist/lib/isc/socket_api.c
vendor/bind/dist/lib/isc/sparc64/Makefile.in
vendor/bind/dist/lib/isc/sparc64/include/Makefile.in
vendor/bind/dist/lib/isc/sparc64/include/isc/Makefile.in
vendor/bind/dist/lib/isc/sparc64/include/isc/atomic.h
vendor/bind/dist/lib/isc/stats.c
vendor/bind/dist/lib/isc/string.c
vendor/bind/dist/lib/isc/strtoul.c
vendor/bind/dist/lib/isc/symtab.c
vendor/bind/dist/lib/isc/task.c
vendor/bind/dist/lib/isc/task_api.c
vendor/bind/dist/lib/isc/task_p.h
vendor/bind/dist/lib/isc/taskpool.c
vendor/bind/dist/lib/isc/tests/Makefile.in
vendor/bind/dist/lib/isc/tests/hash_test.c
vendor/bind/dist/lib/isc/tests/isctest.c
vendor/bind/dist/lib/isc/tests/isctest.h
vendor/bind/dist/lib/isc/tests/parse_test.c
vendor/bind/dist/lib/isc/tests/sockaddr_test.c
vendor/bind/dist/lib/isc/tests/symtab_test.c
vendor/bind/dist/lib/isc/tests/taskpool_test.c
vendor/bind/dist/lib/isc/timer.c
vendor/bind/dist/lib/isc/timer_api.c
vendor/bind/dist/lib/isc/timer_p.h
vendor/bind/dist/lib/isc/unix/Makefile.in
vendor/bind/dist/lib/isc/unix/app.c
vendor/bind/dist/lib/isc/unix/dir.c
vendor/bind/dist/lib/isc/unix/entropy.c
vendor/bind/dist/lib/isc/unix/errno2result.c
vendor/bind/dist/lib/isc/unix/errno2result.h
vendor/bind/dist/lib/isc/unix/file.c
vendor/bind/dist/lib/isc/unix/fsaccess.c
vendor/bind/dist/lib/isc/unix/ifiter_getifaddrs.c
vendor/bind/dist/lib/isc/unix/ifiter_ioctl.c
vendor/bind/dist/lib/isc/unix/ifiter_sysctl.c
vendor/bind/dist/lib/isc/unix/include/Makefile.in
vendor/bind/dist/lib/isc/unix/include/isc/Makefile.in
vendor/bind/dist/lib/isc/unix/include/isc/dir.h
vendor/bind/dist/lib/isc/unix/include/isc/int.h
vendor/bind/dist/lib/isc/unix/include/isc/keyboard.h
vendor/bind/dist/lib/isc/unix/include/isc/net.h
vendor/bind/dist/lib/isc/unix/include/isc/netdb.h
vendor/bind/dist/lib/isc/unix/include/isc/offset.h
vendor/bind/dist/lib/isc/unix/include/isc/stat.h
vendor/bind/dist/lib/isc/unix/include/isc/stdtime.h
vendor/bind/dist/lib/isc/unix/include/isc/strerror.h
vendor/bind/dist/lib/isc/unix/include/isc/syslog.h
vendor/bind/dist/lib/isc/unix/include/isc/time.h
vendor/bind/dist/lib/isc/unix/interfaceiter.c
vendor/bind/dist/lib/isc/unix/ipv6.c
vendor/bind/dist/lib/isc/unix/keyboard.c
vendor/bind/dist/lib/isc/unix/net.c
vendor/bind/dist/lib/isc/unix/os.c
vendor/bind/dist/lib/isc/unix/resource.c
vendor/bind/dist/lib/isc/unix/socket.c
vendor/bind/dist/lib/isc/unix/socket_p.h
vendor/bind/dist/lib/isc/unix/stdio.c
vendor/bind/dist/lib/isc/unix/stdtime.c
vendor/bind/dist/lib/isc/unix/strerror.c
vendor/bind/dist/lib/isc/unix/syslog.c
vendor/bind/dist/lib/isc/unix/time.c
vendor/bind/dist/lib/isc/version.c
vendor/bind/dist/lib/isc/x86_32/Makefile.in
vendor/bind/dist/lib/isc/x86_32/include/Makefile.in
vendor/bind/dist/lib/isc/x86_32/include/isc/Makefile.in
vendor/bind/dist/lib/isc/x86_32/include/isc/atomic.h
vendor/bind/dist/lib/isc/x86_64/Makefile.in
vendor/bind/dist/lib/isc/x86_64/include/Makefile.in
vendor/bind/dist/lib/isc/x86_64/include/isc/Makefile.in
vendor/bind/dist/lib/isc/x86_64/include/isc/atomic.h
vendor/bind/dist/lib/isccc/Makefile.in
vendor/bind/dist/lib/isccc/alist.c
vendor/bind/dist/lib/isccc/api
vendor/bind/dist/lib/isccc/base64.c
vendor/bind/dist/lib/isccc/cc.c
vendor/bind/dist/lib/isccc/ccmsg.c
vendor/bind/dist/lib/isccc/include/Makefile.in
vendor/bind/dist/lib/isccc/include/isccc/Makefile.in
vendor/bind/dist/lib/isccc/include/isccc/alist.h
vendor/bind/dist/lib/isccc/include/isccc/base64.h
vendor/bind/dist/lib/isccc/include/isccc/cc.h
vendor/bind/dist/lib/isccc/include/isccc/ccmsg.h
vendor/bind/dist/lib/isccc/include/isccc/events.h
vendor/bind/dist/lib/isccc/include/isccc/lib.h
vendor/bind/dist/lib/isccc/include/isccc/result.h
vendor/bind/dist/lib/isccc/include/isccc/sexpr.h
vendor/bind/dist/lib/isccc/include/isccc/symtab.h
vendor/bind/dist/lib/isccc/include/isccc/symtype.h
vendor/bind/dist/lib/isccc/include/isccc/types.h
vendor/bind/dist/lib/isccc/include/isccc/util.h
vendor/bind/dist/lib/isccc/include/isccc/version.h
vendor/bind/dist/lib/isccc/lib.c
vendor/bind/dist/lib/isccc/result.c
vendor/bind/dist/lib/isccc/sexpr.c
vendor/bind/dist/lib/isccc/symtab.c
vendor/bind/dist/lib/isccc/version.c
vendor/bind/dist/lib/isccfg/Makefile.in
vendor/bind/dist/lib/isccfg/aclconf.c
vendor/bind/dist/lib/isccfg/api
vendor/bind/dist/lib/isccfg/dnsconf.c
vendor/bind/dist/lib/isccfg/include/Makefile.in
vendor/bind/dist/lib/isccfg/include/isccfg/Makefile.in
vendor/bind/dist/lib/isccfg/include/isccfg/aclconf.h
vendor/bind/dist/lib/isccfg/include/isccfg/cfg.h
vendor/bind/dist/lib/isccfg/include/isccfg/dnsconf.h
vendor/bind/dist/lib/isccfg/include/isccfg/grammar.h
vendor/bind/dist/lib/isccfg/include/isccfg/log.h
vendor/bind/dist/lib/isccfg/include/isccfg/namedconf.h
vendor/bind/dist/lib/isccfg/include/isccfg/version.h
vendor/bind/dist/lib/isccfg/log.c
vendor/bind/dist/lib/isccfg/namedconf.c
vendor/bind/dist/lib/isccfg/parser.c
vendor/bind/dist/lib/isccfg/version.c
vendor/bind/dist/lib/lwres/Makefile.in
vendor/bind/dist/lib/lwres/api
vendor/bind/dist/lib/lwres/assert_p.h
vendor/bind/dist/lib/lwres/context.c
vendor/bind/dist/lib/lwres/context_p.h
vendor/bind/dist/lib/lwres/gai_strerror.c
vendor/bind/dist/lib/lwres/getaddrinfo.c
vendor/bind/dist/lib/lwres/gethost.c
vendor/bind/dist/lib/lwres/getipnode.c
vendor/bind/dist/lib/lwres/getnameinfo.c
vendor/bind/dist/lib/lwres/getrrset.c
vendor/bind/dist/lib/lwres/herror.c
vendor/bind/dist/lib/lwres/include/Makefile.in
vendor/bind/dist/lib/lwres/include/lwres/Makefile.in
vendor/bind/dist/lib/lwres/include/lwres/context.h
vendor/bind/dist/lib/lwres/include/lwres/int.h
vendor/bind/dist/lib/lwres/include/lwres/ipv6.h
vendor/bind/dist/lib/lwres/include/lwres/lang.h
vendor/bind/dist/lib/lwres/include/lwres/list.h
vendor/bind/dist/lib/lwres/include/lwres/lwbuffer.h
vendor/bind/dist/lib/lwres/include/lwres/lwpacket.h
vendor/bind/dist/lib/lwres/include/lwres/lwres.h
vendor/bind/dist/lib/lwres/include/lwres/netdb.h.in
vendor/bind/dist/lib/lwres/include/lwres/platform.h.in
vendor/bind/dist/lib/lwres/include/lwres/result.h
vendor/bind/dist/lib/lwres/include/lwres/stdlib.h
vendor/bind/dist/lib/lwres/include/lwres/version.h
vendor/bind/dist/lib/lwres/lwbuffer.c
vendor/bind/dist/lib/lwres/lwconfig.c
vendor/bind/dist/lib/lwres/lwinetaton.c
vendor/bind/dist/lib/lwres/lwinetntop.c
vendor/bind/dist/lib/lwres/lwinetpton.c
vendor/bind/dist/lib/lwres/lwpacket.c
vendor/bind/dist/lib/lwres/lwres_gabn.c
vendor/bind/dist/lib/lwres/lwres_gnba.c
vendor/bind/dist/lib/lwres/lwres_grbn.c
vendor/bind/dist/lib/lwres/lwres_noop.c
vendor/bind/dist/lib/lwres/lwresutil.c
vendor/bind/dist/lib/lwres/man/Makefile.in
vendor/bind/dist/lib/lwres/man/lwres.3
vendor/bind/dist/lib/lwres/man/lwres.docbook
vendor/bind/dist/lib/lwres/man/lwres.html
vendor/bind/dist/lib/lwres/man/lwres_buffer.3
vendor/bind/dist/lib/lwres/man/lwres_buffer.docbook
vendor/bind/dist/lib/lwres/man/lwres_buffer.html
vendor/bind/dist/lib/lwres/man/lwres_config.3
vendor/bind/dist/lib/lwres/man/lwres_config.docbook
vendor/bind/dist/lib/lwres/man/lwres_config.html
vendor/bind/dist/lib/lwres/man/lwres_context.3
vendor/bind/dist/lib/lwres/man/lwres_context.docbook
vendor/bind/dist/lib/lwres/man/lwres_context.html
vendor/bind/dist/lib/lwres/man/lwres_gabn.3
vendor/bind/dist/lib/lwres/man/lwres_gabn.docbook
vendor/bind/dist/lib/lwres/man/lwres_gabn.html
vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.3
vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.docbook
vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.html
vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.3
vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.docbook
vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.html
vendor/bind/dist/lib/lwres/man/lwres_gethostent.3
vendor/bind/dist/lib/lwres/man/lwres_gethostent.docbook
vendor/bind/dist/lib/lwres/man/lwres_gethostent.html
vendor/bind/dist/lib/lwres/man/lwres_getipnode.3
vendor/bind/dist/lib/lwres/man/lwres_getipnode.docbook
vendor/bind/dist/lib/lwres/man/lwres_getipnode.html
vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.3
vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.docbook
vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.html
vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.3
vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.docbook
vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.html
vendor/bind/dist/lib/lwres/man/lwres_gnba.3
vendor/bind/dist/lib/lwres/man/lwres_gnba.docbook
vendor/bind/dist/lib/lwres/man/lwres_gnba.html
vendor/bind/dist/lib/lwres/man/lwres_hstrerror.3
vendor/bind/dist/lib/lwres/man/lwres_hstrerror.docbook
vendor/bind/dist/lib/lwres/man/lwres_hstrerror.html
vendor/bind/dist/lib/lwres/man/lwres_inetntop.3
vendor/bind/dist/lib/lwres/man/lwres_inetntop.docbook
vendor/bind/dist/lib/lwres/man/lwres_inetntop.html
vendor/bind/dist/lib/lwres/man/lwres_noop.3
vendor/bind/dist/lib/lwres/man/lwres_noop.docbook
vendor/bind/dist/lib/lwres/man/lwres_noop.html
vendor/bind/dist/lib/lwres/man/lwres_packet.3
vendor/bind/dist/lib/lwres/man/lwres_packet.docbook
vendor/bind/dist/lib/lwres/man/lwres_packet.html
vendor/bind/dist/lib/lwres/man/lwres_resutil.3
vendor/bind/dist/lib/lwres/man/lwres_resutil.docbook
vendor/bind/dist/lib/lwres/man/lwres_resutil.html
vendor/bind/dist/lib/lwres/print.c
vendor/bind/dist/lib/lwres/print_p.h
vendor/bind/dist/lib/lwres/unix/Makefile.in
vendor/bind/dist/lib/lwres/unix/include/Makefile.in
vendor/bind/dist/lib/lwres/unix/include/lwres/Makefile.in
vendor/bind/dist/lib/lwres/unix/include/lwres/net.h
vendor/bind/dist/lib/lwres/version.c
vendor/bind/dist/make/Makefile.in
vendor/bind/dist/make/includes.in
vendor/bind/dist/make/mkdep.in
vendor/bind/dist/make/rules.in
vendor/bind/dist/srcid
vendor/bind/dist/unit/Makefile.in
vendor/bind/dist/unit/README
vendor/bind/dist/unit/atf-src/AUTHORS
vendor/bind/dist/unit/atf-src/Atffile
vendor/bind/dist/unit/atf-src/COPYING
vendor/bind/dist/unit/atf-src/INSTALL
vendor/bind/dist/unit/atf-src/Makefile.am
vendor/bind/dist/unit/atf-src/Makefile.in
vendor/bind/dist/unit/atf-src/NEWS
vendor/bind/dist/unit/atf-src/admin/Makefile.am.inc
vendor/bind/dist/unit/atf-src/admin/check-style-c.awk
vendor/bind/dist/unit/atf-src/admin/check-style-common.awk
vendor/bind/dist/unit/atf-src/admin/check-style-cpp.awk
vendor/bind/dist/unit/atf-src/admin/check-style-man.awk
vendor/bind/dist/unit/atf-src/admin/check-style-shell.awk
vendor/bind/dist/unit/atf-src/admin/check-style.sh
vendor/bind/dist/unit/atf-src/admin/compile
vendor/bind/dist/unit/atf-src/admin/depcomp
vendor/bind/dist/unit/atf-src/admin/install-sh
vendor/bind/dist/unit/atf-src/admin/ltmain.sh
vendor/bind/dist/unit/atf-src/admin/missing
vendor/bind/dist/unit/atf-src/atf-c/Atffile
vendor/bind/dist/unit/atf-src/atf-c/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-c/atf-c-api.3
vendor/bind/dist/unit/atf-src/atf-c/atf_c_test.c
vendor/bind/dist/unit/atf-src/atf-c/check.c
vendor/bind/dist/unit/atf-src/atf-c/check.h
vendor/bind/dist/unit/atf-src/atf-c/check_test.c
vendor/bind/dist/unit/atf-src/atf-c/config.c
vendor/bind/dist/unit/atf-src/atf-c/config_test.c
vendor/bind/dist/unit/atf-src/atf-c/defs.h.in
vendor/bind/dist/unit/atf-src/atf-c/detail/Atffile
vendor/bind/dist/unit/atf-src/atf-c/detail/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.c
vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.h
vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/env.c
vendor/bind/dist/unit/atf-src/atf-c/detail/env_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/fs.c
vendor/bind/dist/unit/atf-src/atf-c/detail/fs.h
vendor/bind/dist/unit/atf-src/atf-c/detail/fs_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/list.c
vendor/bind/dist/unit/atf-src/atf-c/detail/list.h
vendor/bind/dist/unit/atf-src/atf-c/detail/list_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/map.c
vendor/bind/dist/unit/atf-src/atf-c/detail/map.h
vendor/bind/dist/unit/atf-src/atf-c/detail/map_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/process.c
vendor/bind/dist/unit/atf-src/atf-c/detail/process.h
vendor/bind/dist/unit/atf-src/atf-c/detail/process_helpers.c
vendor/bind/dist/unit/atf-src/atf-c/detail/process_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/sanity.h
vendor/bind/dist/unit/atf-src/atf-c/detail/sanity_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.c
vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.h
vendor/bind/dist/unit/atf-src/atf-c/detail/text.c
vendor/bind/dist/unit/atf-src/atf-c/detail/text.h
vendor/bind/dist/unit/atf-src/atf-c/detail/text_test.c
vendor/bind/dist/unit/atf-src/atf-c/detail/tp_main.c
vendor/bind/dist/unit/atf-src/atf-c/detail/user.c
vendor/bind/dist/unit/atf-src/atf-c/detail/user.h
vendor/bind/dist/unit/atf-src/atf-c/detail/user_test.c
vendor/bind/dist/unit/atf-src/atf-c/error.c
vendor/bind/dist/unit/atf-src/atf-c/error.h
vendor/bind/dist/unit/atf-src/atf-c/error_test.c
vendor/bind/dist/unit/atf-src/atf-c/macros.h
vendor/bind/dist/unit/atf-src/atf-c/macros_h_test.c
vendor/bind/dist/unit/atf-src/atf-c/macros_test.c
vendor/bind/dist/unit/atf-src/atf-c/pkg_config_test.sh
vendor/bind/dist/unit/atf-src/atf-c/tc.c
vendor/bind/dist/unit/atf-src/atf-c/tc.h
vendor/bind/dist/unit/atf-src/atf-c/tc_test.c
vendor/bind/dist/unit/atf-src/atf-c/tp.c
vendor/bind/dist/unit/atf-src/atf-c/tp.h
vendor/bind/dist/unit/atf-src/atf-c/tp_test.c
vendor/bind/dist/unit/atf-src/atf-c/utils.c
vendor/bind/dist/unit/atf-src/atf-c/utils.h
vendor/bind/dist/unit/atf-src/atf-c/utils_test.c
vendor/bind/dist/unit/atf-src/atf-c++/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-c++/atf-c++-api.3
vendor/bind/dist/unit/atf-src/atf-c++/check.cpp
vendor/bind/dist/unit/atf-src/atf-c++/check.hpp
vendor/bind/dist/unit/atf-src/atf-c++/check_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/config.cpp
vendor/bind/dist/unit/atf-src/atf-c++/config.hpp
vendor/bind/dist/unit/atf-src/atf-c++/config_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/Atffile
vendor/bind/dist/unit/atf-src/atf-c++/detail/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-c++/detail/application.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/application.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/application_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/env.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/env.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/env_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/expand_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/fs_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/parser_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/process.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/process.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/process_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/sanity.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/text.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/text.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/text_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.cpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.hpp
vendor/bind/dist/unit/atf-src/atf-c++/macros.hpp
vendor/bind/dist/unit/atf-src/atf-c++/macros_hpp_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/macros_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/pkg_config_test.sh
vendor/bind/dist/unit/atf-src/atf-c++/tests.cpp
vendor/bind/dist/unit/atf-src/atf-c++/tests.hpp
vendor/bind/dist/unit/atf-src/atf-c++/tests_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/utils.hpp
vendor/bind/dist/unit/atf-src/atf-c++/utils_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++.hpp
vendor/bind/dist/unit/atf-src/atf-c.h
vendor/bind/dist/unit/atf-src/atf-config/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-config/atf-config.1
vendor/bind/dist/unit/atf-src/atf-config/atf-config.cpp
vendor/bind/dist/unit/atf-src/atf-config/integration_test.sh
vendor/bind/dist/unit/atf-src/atf-report/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-report/atf-report.1
vendor/bind/dist/unit/atf-src/atf-report/atf-report.cpp
vendor/bind/dist/unit/atf-src/atf-report/fail_helper.cpp
vendor/bind/dist/unit/atf-src/atf-report/integration_test.sh
vendor/bind/dist/unit/atf-src/atf-report/misc_helpers.cpp
vendor/bind/dist/unit/atf-src/atf-report/pass_helper.cpp
vendor/bind/dist/unit/atf-src/atf-report/reader.cpp
vendor/bind/dist/unit/atf-src/atf-report/reader.hpp
vendor/bind/dist/unit/atf-src/atf-report/reader_test.cpp
vendor/bind/dist/unit/atf-src/atf-report/tests-results.css
vendor/bind/dist/unit/atf-src/atf-report/tests-results.dtd
vendor/bind/dist/unit/atf-src/atf-report/tests-results.xsl
vendor/bind/dist/unit/atf-src/atf-run/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-run/atf-run.1
vendor/bind/dist/unit/atf-src/atf-run/atf-run.cpp
vendor/bind/dist/unit/atf-src/atf-run/atffile.cpp
vendor/bind/dist/unit/atf-src/atf-run/atffile.hpp
vendor/bind/dist/unit/atf-src/atf-run/atffile_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/config.cpp
vendor/bind/dist/unit/atf-src/atf-run/config_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/fs.cpp
vendor/bind/dist/unit/atf-src/atf-run/fs.hpp
vendor/bind/dist/unit/atf-src/atf-run/fs_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/integration_test.sh
vendor/bind/dist/unit/atf-src/atf-run/io.cpp
vendor/bind/dist/unit/atf-src/atf-run/io.hpp
vendor/bind/dist/unit/atf-src/atf-run/io_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/misc_helpers.cpp
vendor/bind/dist/unit/atf-src/atf-run/pass_helper.cpp
vendor/bind/dist/unit/atf-src/atf-run/requirements.cpp
vendor/bind/dist/unit/atf-src/atf-run/requirements_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/several_tcs_helper.c
vendor/bind/dist/unit/atf-src/atf-run/share/atf-run.hooks
vendor/bind/dist/unit/atf-src/atf-run/signals.cpp
vendor/bind/dist/unit/atf-src/atf-run/signals.hpp
vendor/bind/dist/unit/atf-src/atf-run/signals_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/test-program.cpp
vendor/bind/dist/unit/atf-src/atf-run/test_program_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/timer.cpp
vendor/bind/dist/unit/atf-src/atf-run/timer.hpp
vendor/bind/dist/unit/atf-src/atf-run/user.cpp
vendor/bind/dist/unit/atf-src/atf-run/user.hpp
vendor/bind/dist/unit/atf-src/atf-run/user_test.cpp
vendor/bind/dist/unit/atf-src/atf-run/zero_tcs_helper.c
vendor/bind/dist/unit/atf-src/atf-sh/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-sh/atf-check.1
vendor/bind/dist/unit/atf-src/atf-sh/atf-check.cpp
vendor/bind/dist/unit/atf-src/atf-sh/atf-check_test.sh
vendor/bind/dist/unit/atf-src/atf-sh/atf-sh-api.3
vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.cpp
vendor/bind/dist/unit/atf-src/atf-sh/atf_check_test.sh
vendor/bind/dist/unit/atf-src/atf-sh/config_test.sh
vendor/bind/dist/unit/atf-src/atf-sh/libatf-sh.subr
vendor/bind/dist/unit/atf-src/atf-sh/misc_helpers.sh
vendor/bind/dist/unit/atf-src/atf-sh/normalize_test.sh
vendor/bind/dist/unit/atf-src/atf-sh/tc_test.sh
vendor/bind/dist/unit/atf-src/atf-sh/tp_test.sh
vendor/bind/dist/unit/atf-src/atf-version/Makefile.am.inc
vendor/bind/dist/unit/atf-src/atf-version/atf-version.1
vendor/bind/dist/unit/atf-src/atf-version/atf-version.cpp
vendor/bind/dist/unit/atf-src/atf-version/generate-revision.sh
vendor/bind/dist/unit/atf-src/bootstrap/Makefile.am.inc
vendor/bind/dist/unit/atf-src/bootstrap/h_app_empty.cpp
vendor/bind/dist/unit/atf-src/bootstrap/h_app_opts_args.cpp
vendor/bind/dist/unit/atf-src/bootstrap/h_tp_atf_check_sh.sh
vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_cpp.cpp
vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_sh.sh
vendor/bind/dist/unit/atf-src/bootstrap/package.m4
vendor/bind/dist/unit/atf-src/bootstrap/t_application_help.at
vendor/bind/dist/unit/atf-src/bootstrap/t_application_opts_args.at
vendor/bind/dist/unit/atf-src/bootstrap/t_atf_config.at
vendor/bind/dist/unit/atf-src/bootstrap/t_atf_run.at
vendor/bind/dist/unit/atf-src/bootstrap/t_subr_atf_check.at
vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_compare.at
vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_filter.at
vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_list.at
vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_run.at
vendor/bind/dist/unit/atf-src/bootstrap/testsuite
vendor/bind/dist/unit/atf-src/bootstrap/testsuite.at
vendor/bind/dist/unit/atf-src/configure.ac
vendor/bind/dist/unit/atf-src/doc/Makefile.am.inc
vendor/bind/dist/unit/atf-src/doc/atf-formats.5
vendor/bind/dist/unit/atf-src/doc/atf-test-case.4
vendor/bind/dist/unit/atf-src/doc/atf-test-program.1
vendor/bind/dist/unit/atf-src/doc/atf.7.in
vendor/bind/dist/unit/atf-src/m4/compiler-flags.m4
vendor/bind/dist/unit/atf-src/m4/cxx-std-funcs.m4
vendor/bind/dist/unit/atf-src/m4/developer-mode.m4
vendor/bind/dist/unit/atf-src/m4/module-application.m4
vendor/bind/dist/unit/atf-src/m4/module-defs.m4
vendor/bind/dist/unit/atf-src/m4/module-env.m4
vendor/bind/dist/unit/atf-src/m4/module-fs.m4
vendor/bind/dist/unit/atf-src/m4/module-sanity.m4
vendor/bind/dist/unit/atf-src/m4/module-signals.m4
vendor/bind/dist/unit/atf-src/test-programs/Atffile
vendor/bind/dist/unit/atf-src/test-programs/Makefile.am.inc
vendor/bind/dist/unit/atf-src/test-programs/c_helpers.c
vendor/bind/dist/unit/atf-src/test-programs/config_test.sh
vendor/bind/dist/unit/atf-src/test-programs/cpp_helpers.cpp
vendor/bind/dist/unit/atf-src/test-programs/expect_test.sh
vendor/bind/dist/unit/atf-src/test-programs/meta_data_test.sh
vendor/bind/dist/unit/atf-src/test-programs/result_test.sh
vendor/bind/dist/unit/atf-src/test-programs/sh_helpers.sh
vendor/bind/dist/unit/atf-src/test-programs/srcdir_test.sh
vendor/bind/dist/unit/unittest.sh.in
vendor/bind/dist/util/mksymtbl.pl
vendor/bind/dist/version
Added Paths:
-----------
vendor/bind/dist/bin/confgen/win32/confgentool.dsp.in
vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.filters.in
vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.in
vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.user
vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp.in
vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak.in
vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in
vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in
vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.user
vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp.in
vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak.in
vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.filters.in
vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in
vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.user
vendor/bind/dist/bin/pkcs11/openssl-0.9.8za-patch
vendor/bind/dist/bin/pkcs11/openssl-1.0.0m-patch
vendor/bind/dist/bin/pkcs11/openssl-1.0.1h-patch
vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp.in
vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak.in
vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.filters.in
vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in
vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.user
vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp.in
vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak.in
vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.filters.in
vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in
vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.user
vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp.in
vendor/bind/dist/bin/pkcs11/win32/pk11list.mak.in
vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.filters.in
vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in
vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.user
vendor/bind/dist/bin/tools/win32/arpaname.dsp.in
vendor/bind/dist/bin/tools/win32/arpaname.mak.in
vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.filters.in
vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.in
vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.user
vendor/bind/dist/bin/tools/win32/genrandom.dsp.in
vendor/bind/dist/bin/tools/win32/genrandom.mak.in
vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.filters.in
vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.in
vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.user
vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp.in
vendor/bind/dist/bin/tools/win32/ischmacfixup.mak.in
vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.filters.in
vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.in
vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.user
vendor/bind/dist/bin/tools/win32/journalprint.dsp.in
vendor/bind/dist/bin/tools/win32/journalprint.mak.in
vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.filters.in
vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.in
vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.user
vendor/bind/dist/bin/tools/win32/nsec3hash.dsp.in
vendor/bind/dist/bin/tools/win32/nsec3hash.mak.in
vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.filters.in
vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.in
vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.user
vendor/bind/dist/lib/dns/rdata/generic/caa_257.c
vendor/bind/dist/lib/dns/rdata/generic/caa_257.h
vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.c
vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.h
vendor/bind/dist/lib/dns/rdata/generic/cds_59.c
vendor/bind/dist/lib/dns/rdata/generic/cds_59.h
vendor/bind/dist/lib/dns/tests/db_test.c
vendor/bind/dist/lib/isc/include/isc/safe.h
vendor/bind/dist/lib/isc/safe.c
vendor/bind/dist/lib/isc/tests/lex_test.c
vendor/bind/dist/lib/isc/tests/print_test.c
vendor/bind/dist/lib/isc/tests/safe_test.c
vendor/bind/dist/lib/lwres/Atffile
vendor/bind/dist/lib/lwres/compat.c
vendor/bind/dist/lib/lwres/include/lwres/string.h
vendor/bind/dist/lib/lwres/tests/
vendor/bind/dist/lib/lwres/tests/Atffile
vendor/bind/dist/lib/lwres/tests/Makefile.in
vendor/bind/dist/lib/lwres/tests/config_test.c
vendor/bind/dist/lib/lwres/tests/testdata/
vendor/bind/dist/lib/lwres/tests/testdata/link-local.conf
vendor/bind/dist/unit/atf-src/Kyuafile
vendor/bind/dist/unit/atf-src/TODO
vendor/bind/dist/unit/atf-src/atf-c/Kyuafile
vendor/bind/dist/unit/atf-src/atf-c/atf-c.m4
vendor/bind/dist/unit/atf-src/atf-c/atf-common.m4
vendor/bind/dist/unit/atf-src/atf-c/detail/Kyuafile
vendor/bind/dist/unit/atf-src/atf-c/unused_test.c
vendor/bind/dist/unit/atf-src/atf-c++/Kyuafile
vendor/bind/dist/unit/atf-src/atf-c++/atf-c++.m4
vendor/bind/dist/unit/atf-src/atf-c++/detail/Kyuafile
vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array.hpp
vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/noncopyable.hpp
vendor/bind/dist/unit/atf-src/atf-c++/unused_test.cpp
vendor/bind/dist/unit/atf-src/atf-c++/utils.cpp
vendor/bind/dist/unit/atf-src/atf-config/Kyuafile
vendor/bind/dist/unit/atf-src/atf-report/Kyuafile
vendor/bind/dist/unit/atf-src/atf-run/Kyuafile
vendor/bind/dist/unit/atf-src/atf-sh/Kyuafile
vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.m4
vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.pc.in
vendor/bind/dist/unit/atf-src/test-programs/Kyuafile
Removed Paths:
-------------
vendor/bind/dist/bin/check/win32/
vendor/bind/dist/bin/confgen/win32/confgentool.dsp
vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp
vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak
vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp
vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak
vendor/bind/dist/bin/dig/win32/
vendor/bind/dist/bin/dnssec/win32/
vendor/bind/dist/bin/named/win32/
vendor/bind/dist/bin/nsupdate/win32/
vendor/bind/dist/bin/pkcs11/openssl-0.9.8s-patch
vendor/bind/dist/bin/pkcs11/openssl-0.9.8x-patch
vendor/bind/dist/bin/pkcs11/openssl-1.0.0f-patch
vendor/bind/dist/bin/pkcs11/openssl-1.0.0j-patch
vendor/bind/dist/bin/pkcs11/openssl-1.0.1c-patch
vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp
vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak
vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp
vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak
vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp
vendor/bind/dist/bin/pkcs11/win32/pk11list.mak
vendor/bind/dist/bin/rndc/win32/
vendor/bind/dist/bin/tests/
vendor/bind/dist/bin/tools/win32/arpaname.dsp
vendor/bind/dist/bin/tools/win32/arpaname.mak
vendor/bind/dist/bin/tools/win32/genrandom.dsp
vendor/bind/dist/bin/tools/win32/genrandom.mak
vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp
vendor/bind/dist/bin/tools/win32/ischmacfixup.mak
vendor/bind/dist/bin/tools/win32/journalprint.dsp
vendor/bind/dist/bin/tools/win32/journalprint.mak
vendor/bind/dist/bin/tools/win32/nsec3hash.dsp
vendor/bind/dist/bin/tools/win32/nsec3hash.mak
vendor/bind/dist/bin/win32/
vendor/bind/dist/doc/arm/Bv9ARM.pdf
vendor/bind/dist/lib/bind9/win32/
vendor/bind/dist/lib/dns/gen-win32.h
vendor/bind/dist/lib/dns/win32/
vendor/bind/dist/lib/isc/win32/
vendor/bind/dist/lib/isccc/win32/
vendor/bind/dist/lib/isccfg/win32/
vendor/bind/dist/lib/lwres/strtoul.c
vendor/bind/dist/lib/lwres/win32/
vendor/bind/dist/lib/tests/
vendor/bind/dist/lib/win32/
vendor/bind/dist/unit/atf-src/aclocal.m4
vendor/bind/dist/unit/atf-src/admin/check-install.sh
vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers_test.c
vendor/bind/dist/unit/atf-src/configure
vendor/bind/dist/unit/atf-src/test-programs/fork_test.sh
Property Changed:
----------------
vendor/bind/dist/bin/named/bindkeys.pl
vendor/bind/dist/bin/named/convertxsl.pl
vendor/bind/dist/unit/atf-src/admin/check-style.sh
vendor/bind/dist/unit/atf-src/admin/compile
vendor/bind/dist/unit/atf-src/admin/config.guess
vendor/bind/dist/unit/atf-src/admin/config.sub
vendor/bind/dist/unit/atf-src/admin/depcomp
vendor/bind/dist/unit/atf-src/admin/install-sh
vendor/bind/dist/unit/atf-src/admin/ltmain.sh
vendor/bind/dist/unit/atf-src/admin/missing
vendor/bind/dist/unit/atf-src/atf-version/generate-revision.sh
vendor/bind/dist/unit/atf-src/bootstrap/testsuite
vendor/bind/dist/util/mksymtbl.pl
Modified: vendor/bind/dist/bin/Makefile.in
===================================================================
--- vendor/bind/dist/bin/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $
+# $Id: Makefile.in,v 1.29 2009/10/05 12:07:08 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/check/Makefile.in
===================================================================
--- vendor/bind/dist/bin/check/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -70,7 +70,7 @@
-c ${srcdir}/named-checkzone.c
named-checkconf at EXEEXT@: named-checkconf. at O@ check-tool. at O@ ${ISCDEPLIBS} \
- ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
+ ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
export BASEOBJS="named-checkconf. at O@ check-tool. at O@"; \
export LIBS0="${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
${FINALBUILDCMD}
Modified: vendor/bind/dist/bin/check/check-tool.c
===================================================================
--- vendor/bind/dist/bin/check/check-tool.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/check-tool.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check-tool.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: check-tool.c,v 1.41 2010/09/07 23:46:59 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/check/check-tool.h
===================================================================
--- vendor/bind/dist/bin/check/check-tool.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/check-tool.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check-tool.h,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: check-tool.h,v 1.16 2010/09/07 23:46:59 tbox Exp $ */
#ifndef CHECK_TOOL_H
#define CHECK_TOOL_H
Modified: vendor/bind/dist/bin/check/named-checkconf.8
===================================================================
--- vendor/bind/dist/bin/check/named-checkconf.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkconf.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkconf.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: named\-checkconf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 14, 2000
+.\" Date: January 10, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
+.TH "NAMED\-CHECKCONF" "8" "January 10, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -33,7 +33,7 @@
named\-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS"
.HP 16
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\-checkconf\fR
@@ -84,6 +84,14 @@
and included files in canonical form if no errors were detected.
.RE
.PP
+\-x
+.RS 4
+When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks ('?'). This allows the contents of
+\fInamed.conf\fR
+and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data. This option cannot be used without
+\fB\-p\fR.
+.RE
+.PP
\-z
.RS 4
Perform a test load of all master zones found in
@@ -113,7 +121,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/check/named-checkconf.c
===================================================================
--- vendor/bind/dist/bin/check/named-checkconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkconf.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: named-checkconf.c,v 1.54.62.2 2011/03/12 04:59:13 tbox Exp $ */
/*! \file */
@@ -39,10 +39,13 @@
#include <bind9/check.h>
+#include <dns/db.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/name.h>
+#include <dns/rdataclass.h>
#include <dns/result.h>
+#include <dns/rootns.h>
#include <dns/zone.h>
#include "check-tool.h"
@@ -140,15 +143,27 @@
}
static isc_result_t
-config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
- int i;
+configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_rdataclass_t rdclass;
+ isc_textregion_t r;
- for (i = 0;; i++) {
- if (maps[i] == NULL)
- return (ISC_R_NOTFOUND);
- if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
- return (ISC_R_SUCCESS);
- }
+ if (zfile == NULL)
+ return (ISC_R_FAILURE);
+
+ DE_CONST(zclass, r.base);
+ r.length = strlen(zclass);
+ result = dns_rdataclass_fromtext(&rdclass, &r);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = dns_rootns_create(mctx, rdclass, zfile, &db);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ dns_db_detach(&db);
+ return (ISC_R_SUCCESS);
}
/*% configure the zone */
@@ -161,7 +176,7 @@
isc_result_t result;
const char *zclass;
const char *zname;
- const char *zfile;
+ const char *zfile = NULL;
const cfg_obj_t *maps[4];
const cfg_obj_t *zoptions = NULL;
const cfg_obj_t *classobj = NULL;
@@ -195,15 +210,31 @@
cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL)
return (ISC_R_FAILURE);
- if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
- return (ISC_R_SUCCESS);
+
+ /*
+ * Skip checks when using an alternate data source.
+ */
cfg_map_get(zoptions, "database", &dbobj);
- if (dbobj != NULL)
+ if (dbobj != NULL &&
+ strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
+ strcmp("rbt64", cfg_obj_asstring(dbobj)) != 0)
return (ISC_R_SUCCESS);
+
cfg_map_get(zoptions, "file", &fileobj);
- if (fileobj == NULL)
+ if (fileobj != NULL)
+ zfile = cfg_obj_asstring(fileobj);
+
+ /*
+ * Check hints files for hint zones.
+ * Skip loading checks for any type other than master.
+ */
+ if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0)
+ return (configure_hint(zfile, zclass, mctx));
+ else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0))
+ return (ISC_R_SUCCESS);
+
+ if (zfile == NULL)
return (ISC_R_FAILURE);
- zfile = cfg_obj_asstring(fileobj);
obj = NULL;
if (get_maps(maps, "check-dup-records", &obj)) {
@@ -326,8 +357,7 @@
masterformat = dns_masterformat_text;
fmtobj = NULL;
- result = config_get(maps, "masterfile-format", &fmtobj);
- if (result == ISC_R_SUCCESS) {
+ if (get_maps(maps, "masterfile-format", &fmtobj)) {
const char *masterformatstr = cfg_obj_asstring(fmtobj);
if (strcasecmp(masterformatstr, "text") == 0)
masterformat = dns_masterformat_text;
@@ -341,7 +371,7 @@
if (result != ISC_R_SUCCESS)
fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
dns_result_totext(result));
- return(result);
+ return (result);
}
/*% configure a view */
@@ -442,10 +472,11 @@
isc_entropy_t *ectx = NULL;
isc_boolean_t load_zones = ISC_FALSE;
isc_boolean_t print = ISC_FALSE;
+ unsigned int flags = 0;
isc_commandline_errprint = ISC_FALSE;
- while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) {
+ while ((c = isc_commandline_parse(argc, argv, "dhjt:pvxz")) != EOF) {
switch (c) {
case 'd':
debug++;
@@ -472,6 +503,10 @@
printf(VERSION "\n");
exit(0);
+ case 'x':
+ flags |= CFG_PRINTER_XKEY;
+ break;
+
case 'z':
load_zones = ISC_TRUE;
docheckmx = ISC_FALSE;
@@ -494,6 +529,11 @@
}
}
+ if (((flags & CFG_PRINTER_XKEY) != 0) && !print) {
+ fprintf(stderr, "%s: -x cannot be used without -p\n", program);
+ exit(1);
+ }
+
if (isc_commandline_index + 1 < argc)
usage();
if (argv[isc_commandline_index] != NULL)
@@ -534,7 +574,7 @@
}
if (print && exit_status == 0)
- cfg_print(config, output, NULL);
+ cfg_printx(config, flags, output, NULL);
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
Modified: vendor/bind/dist/bin/check/named-checkconf.docbook
===================================================================
--- vendor/bind/dist/bin/check/named-checkconf.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkconf.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.named-checkconf">
<refentryinfo>
- <date>June 14, 2000</date>
+ <date>January 10, 2014</date>
</refentryinfo>
<refmeta>
@@ -36,6 +35,7 @@
<year>2005</year>
<year>2007</year>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -60,6 +60,7 @@
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg choice="req">filename</arg>
<arg><option>-p</option></arg>
+ <arg><option>-x</option></arg>
<arg><option>-z</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -130,6 +131,21 @@
</varlistentry>
<varlistentry>
+ <term>-x</term>
+ <listitem>
+ <para>
+ When printing the configuration files in canonical
+ form, obscure shared secrets by replacing them with
+ strings of question marks ('?'). This allows the
+ contents of <filename>named.conf</filename> and related
+ files to be shared — for example, when submitting
+ bug reports — without compromising private data.
+ This option cannot be used without <option>-p</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-z</term>
<listitem>
<para>
Modified: vendor/bind/dist/bin/check/named-checkconf.html
===================================================================
--- vendor/bind/dist/bin/check/named-checkconf.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkconf.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543396"></a><h2>DESCRIPTION</h2>
+<a name="id2543411"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@@ -52,7 +52,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543445"></a><h2>OPTIONS</h2>
+<a name="id2543460"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -74,6 +74,16 @@
Print out the <code class="filename">named.conf</code> and included files
in canonical form if no errors were detected.
</p></dd>
+<dt><span class="term">-x</span></dt>
+<dd><p>
+ When printing the configuration files in canonical
+ form, obscure shared secrets by replacing them with
+ strings of question marks ('?'). This allows the
+ contents of <code class="filename">named.conf</code> and related
+ files to be shared — for example, when submitting
+ bug reports — without compromising private data.
+ This option cannot be used without <code class="option">-p</code>.
+ </p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
Perform a test load of all master zones found in
@@ -91,7 +101,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543569"></a><h2>RETURN VALUES</h2>
+<a name="id2543604"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
@@ -98,7 +108,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543580"></a><h2>SEE ALSO</h2>
+<a name="id2543616"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
@@ -105,7 +115,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543610"></a><h2>AUTHOR</h2>
+<a name="id2543645"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/check/named-checkzone.8
===================================================================
--- vendor/bind/dist/bin/check/named-checkzone.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkzone.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2009, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkzone.8,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: named\-checkzone
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 13, 2000
+.\" Date: April 29, 2013
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
+.TH "NAMED\-CHECKZONE" "8" "April 29, 2013" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -238,7 +238,7 @@
.PP
\-T \fImode\fR
.RS 4
-Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are
+Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present. Possible modes are
\fB"warn"\fR
(default),
\fB"ignore"\fR.
@@ -289,7 +289,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007, 2009, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/check/named-checkzone.c
===================================================================
--- vendor/bind/dist/bin/check/named-checkzone.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkzone.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkzone.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: named-checkzone.c,v 1.61.62.2 2011/12/22 23:45:54 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/check/named-checkzone.docbook
===================================================================
--- vendor/bind/dist/bin/check/named-checkzone.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkzone.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.docbook,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ -->
<refentry id="man.named-checkzone">
<refentryinfo>
- <date>June 13, 2000</date>
+ <date>April 29, 2013</date>
</refentryinfo>
<refmeta>
@@ -39,6 +38,7 @@
<year>2009</year>
<year>2010</year>
<year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -386,10 +386,10 @@
<term>-T <replaceable class="parameter">mode</replaceable></term>
<listitem>
<para>
- Check if Sender Policy Framework records (TXT and SPF)
- both exist or both don't exist. A warning is issued
- if they don't match. Possible modes are
- <command>"warn"</command> (default), <command>"ignore"</command>.
+ Check if Sender Policy Framework (SPF) records exist
+ and issues a warning if an SPF-formatted TXT record is
+ not also present. Possible modes are <command>"warn"</command>
+ (default), <command>"ignore"</command>.
</para>
</listitem>
</varlistentry>
Modified: vendor/bind/dist/bin/check/named-checkzone.html
===================================================================
--- vendor/bind/dist/bin/check/named-checkzone.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/check/named-checkzone.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.html,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -33,7 +33,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543716"></a><h2>DESCRIPTION</h2>
+<a name="id2543726"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543751"></a><h2>OPTIONS</h2>
+<a name="id2543762"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -216,10 +216,10 @@
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
- Check if Sender Policy Framework records (TXT and SPF)
- both exist or both don't exist. A warning is issued
- if they don't match. Possible modes are
- <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
+ Check if Sender Policy Framework (SPF) records exist
+ and issues a warning if an SPF-formatted TXT record is
+ not also present. Possible modes are <span><strong class="command">"warn"</strong></span>
+ (default), <span><strong class="command">"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -254,7 +254,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544422"></a><h2>RETURN VALUES</h2>
+<a name="id2544433"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
@@ -261,7 +261,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544434"></a><h2>SEE ALSO</h2>
+<a name="id2544513"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@@ -269,7 +269,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544603"></a><h2>AUTHOR</h2>
+<a name="id2544546"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/confgen/Makefile.in
===================================================================
--- vendor/bind/dist/bin/confgen/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+# $Id: Makefile.in,v 1.8 2009/12/05 23:31:40 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/confgen/ddns-confgen.8
===================================================================
--- vendor/bind/dist/bin/confgen/ddns-confgen.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/ddns-confgen.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: ddns-confgen.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: ddns\-confgen
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jan 29, 2009
+.\" Date: September 18, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DDNS\-CONFGEN" "8" "Jan 29, 2009" "BIND9" "BIND9"
+.TH "DDNS\-CONFGEN" "8" "September 18, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -139,5 +139,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/confgen/ddns-confgen.c
===================================================================
--- vendor/bind/dist/bin/confgen/ddns-confgen.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/ddns-confgen.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ddns-confgen.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: ddns-confgen.c,v 1.9.308.2 2011/03/12 04:59:13 tbox Exp $ */
/*! \file */
@@ -46,6 +46,7 @@
#include <dns/keyvalues.h>
#include <dns/name.h>
+#include <dns/result.h>
#include <dst/dst.h>
#include <confgen/os.h>
@@ -99,9 +100,11 @@
int len = 0;
int ch;
+ dns_result_register();
+
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
- memcpy(program, "ddns-confgen", 13);
+ memmove(program, "ddns-confgen", 13);
progname = program;
isc_commandline_errprint = ISC_FALSE;
Modified: vendor/bind/dist/bin/confgen/ddns-confgen.docbook
===================================================================
--- vendor/bind/dist/bin/confgen/ddns-confgen.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/ddns-confgen.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: ddns-confgen.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.ddns-confgen">
<refentryinfo>
- <date>Jan 29, 2009</date>
+ <date>September 18, 2009</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<docinfo>
<copyright>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/confgen/ddns-confgen.html
===================================================================
--- vendor/bind/dist/bin/confgen/ddns-confgen.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/ddns-confgen.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: ddns-confgen.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543396"></a><h2>DESCRIPTION</h2>
+<a name="id2543406"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">ddns-confgen</strong></span>
generates a key for use by <span><strong class="command">nsupdate</strong></span>
and <span><strong class="command">named</strong></span>. It simplifies configuration
@@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543456"></a><h2>OPTIONS</h2>
+<a name="id2543466"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
@@ -125,7 +125,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543643"></a><h2>SEE ALSO</h2>
+<a name="id2543654"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -133,7 +133,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543682"></a><h2>AUTHOR</h2>
+<a name="id2543692"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/confgen/include/confgen/os.h
===================================================================
--- vendor/bind/dist/bin/confgen/include/confgen/os.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/include/confgen/os.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.h,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: os.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/confgen/keygen.c
===================================================================
--- vendor/bind/dist/bin/confgen/keygen.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/keygen.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keygen.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/confgen/keygen.h
===================================================================
--- vendor/bind/dist/bin/confgen/keygen.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/keygen.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keygen.h,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: keygen.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
#ifndef RNDC_KEYGEN_H
#define RNDC_KEYGEN_H 1
Modified: vendor/bind/dist/bin/confgen/rndc-confgen.8
===================================================================
--- vendor/bind/dist/bin/confgen/rndc-confgen.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/rndc-confgen.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc-confgen.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: rndc\-confgen
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Aug 27, 2001
+.\" Date: June 15, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9"
+.TH "RNDC\-CONFGEN" "8" "June 15, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -205,7 +205,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2001, 2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/confgen/rndc-confgen.c
===================================================================
--- vendor/bind/dist/bin/confgen/rndc-confgen.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/rndc-confgen.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rndc-confgen.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: rndc-confgen.c,v 1.5.308.2 2011/03/12 04:59:13 tbox Exp $ */
/*! \file */
@@ -120,7 +120,7 @@
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
- memcpy(program, "rndc-confgen", 13);
+ memmove(program, "rndc-confgen", 13);
progname = program;
keyname = DEFAULT_KEYNAME;
Modified: vendor/bind/dist/bin/confgen/rndc-confgen.docbook
===================================================================
--- vendor/bind/dist/bin/confgen/rndc-confgen.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/rndc-confgen.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.rndc-confgen">
<refentryinfo>
- <date>Aug 27, 2001</date>
+ <date>June 15, 2009</date>
</refentryinfo>
<refmeta>
@@ -41,6 +40,7 @@
<year>2005</year>
<year>2007</year>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/bin/confgen/rndc-confgen.html
===================================================================
--- vendor/bind/dist/bin/confgen/rndc-confgen.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/rndc-confgen.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543433"></a><h2>DESCRIPTION</h2>
+<a name="id2543444"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@@ -48,7 +48,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543478"></a><h2>OPTIONS</h2>
+<a name="id2543489"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@@ -155,7 +155,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543792"></a><h2>EXAMPLES</h2>
+<a name="id2543802"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@@ -172,7 +172,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543833"></a><h2>SEE ALSO</h2>
+<a name="id2543844"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -180,7 +180,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543872"></a><h2>AUTHOR</h2>
+<a name="id2543882"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/confgen/unix/Makefile.in
===================================================================
--- vendor/bind/dist/bin/confgen/unix/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/unix/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/06/11 23:47:55 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/confgen/unix/os.c
===================================================================
--- vendor/bind/dist/bin/confgen/unix/os.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/unix/os.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/confgen/util.c
===================================================================
--- vendor/bind/dist/bin/confgen/util.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/util.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: util.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: util.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/confgen/util.h
===================================================================
--- vendor/bind/dist/bin/confgen/util.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/util.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: util.h,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: util.h,v 1.4 2009/09/29 15:06:05 fdupont Exp $ */
#ifndef RNDC_UTIL_H
#define RNDC_UTIL_H 1
Deleted: vendor/bind/dist/bin/confgen/win32/confgentool.dsp
===================================================================
--- vendor/bind/dist/bin/confgen/win32/confgentool.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/confgentool.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,135 +0,0 @@
-# Microsoft Developer Studio Project File - Name="confgentool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=confgentool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "confgentool.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "confgentool.mak" CFG="confgentool - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "confgentool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "confgentool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "confgentool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32
-# ADD LINK32 /out:"Release/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Release/confgentool.lib"
-
-!ELSEIF "$(CFG)" == "confgentool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32
-# ADD LINK32 /debug /out:"Debug/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Debug/confgentool.lib"
-
-!ENDIF
-
-# Begin Target
-
-# Name "confgentool - Win32 Release"
-# Name "confgentool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=..\keygen.h
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.h
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\keygen.c
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\os.c
-# End Source File
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/confgen/win32/confgentool.dsp.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/confgentool.dsp.in (rev 0)
+++ vendor/bind/dist/bin/confgen/win32/confgentool.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,135 @@
+# Microsoft Developer Studio Project File - Name="confgentool" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Static-Link Library" 0x0104
+
+CFG=confgentool - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "confgentool.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "confgentool.mak" CFG="confgentool - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "confgentool - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Static-Link Library")
+!MESSAGE "confgentool - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Static-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "confgentool - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" @COPTY@ /FD /c /Fdconfgentool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /out:"Release/confgentool.lib"
+LIB32=lib.exe
+# ADD BASE LIB32
+# ADD LIB32 /out:"Release/confgentool.lib"
+
+!ELSEIF "$(CFG)" == "confgentool - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR @COPTY@ /FD /GZ /c /Fdconfgentool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /debug /out:"Debug/confgentool.lib"
+LIB32=lib.exe
+# ADD BASE LIB32
+# ADD LIB32 /out:"Debug/confgentool.lib"
+
+!ENDIF
+
+# Begin Target
+
+# Name "confgentool - @PLATFORM@ Release"
+# Name "confgentool - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\keygen.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\util.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\keygen.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\util.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\os.c
+# End Source File
+# End Group
+# End Target
+# End Project
Added: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/confgentool.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Deleted: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp
===================================================================
--- vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="ddnsconfgen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=ddnsconfgen - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "ddnsconfgen.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "ddnsconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ddnsconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/ddns-confgen.exe"
-
-!ELSEIF "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "ddnsconfgen - Win32 Release"
-# Name "ddnsconfgen - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\ddns-confgen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp.in (rev 0)
+++ vendor/bind/dist/bin/confgen/win32/ddnsconfgen.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="ddnsconfgen" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=ddnsconfgen - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "ddnsconfgen.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "ddnsconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "ddnsconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/ddns-confgen.exe"
+
+!ELSEIF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "ddnsconfgen - @PLATFORM@ Release"
+# Name "ddnsconfgen - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\ddns-confgen.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak
===================================================================
--- vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,337 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on ddnsconfgen.dsp
-!IF "$(CFG)" == ""
-CFG=ddnsconfgen - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to ddnsconfgen - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "ddnsconfgen - Win32 Release" && "$(CFG)" != "ddnsconfgen - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "ddnsconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ddnsconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\ddns-confgen.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\os.obj"
- - at erase "$(INTDIR)\ddns-confgen.obj"
- - at erase "$(INTDIR)\keygen.obj"
- - at erase "$(INTDIR)\util.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\ddns-confgen.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\ddnsconfgen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\ddns-confgen.pdb" /machine:I386 /out:"../../../Build/Release/ddns-confgen.exe"
-LINK32_OBJS= \
- "$(INTDIR)\os.obj" \
- "$(INTDIR)\ddns-confgen.obj" \
- "$(INTDIR)\keygen.obj" \
- "$(INTDIR)\util.obj"
-
-"..\..\..\Build\Release\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\ddns-confgen.exe" "$(OUTDIR)\ddnsconfgen.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\os.obj"
- - at erase "$(INTDIR)\os.sbr"
- - at erase "$(INTDIR)\ddns-confgen.obj"
- - at erase "$(INTDIR)\ddns-confgen.sbr"
- - at erase "$(INTDIR)\keygen.obj"
- - at erase "$(INTDIR)\keygen.sbr"
- - at erase "$(INTDIR)\util.obj"
- - at erase "$(INTDIR)\util.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\ddnsconfgen.bsc"
- - at erase "$(OUTDIR)\ddns-confgen.pdb"
- - at erase "..\..\..\Build\Debug\ddns-confgen.exe"
- - at erase "..\..\..\Build\Debug\ddns-confgen.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc"
-BSC32_SBRS= \
- "$(INTDIR)\os.sbr" \
- "$(INTDIR)\ddns-confgen.sbr" \
- "$(INTDIR)\keygen.sbr" \
- "$(INTDIR)\util.sbr"
-
-"$(OUTDIR)\ddnsconfgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\ddns-confgen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept
-LINK32_OBJS= \
- "$(INTDIR)\os.obj" \
- "$(INTDIR)\ddns-confgen.obj" \
- "$(INTDIR)\keygen.obj" \
- "$(INTDIR)\util.obj"
-
-"..\..\..\Build\Debug\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("ddnsconfgen.dep")
-!INCLUDE "ddnsconfgen.dep"
-!ELSE
-!MESSAGE Warning: cannot find "ddnsconfgen.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release" || "$(CFG)" == "ddnsconfgen - Win32 Debug"
-SOURCE=.\os.c
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ELSEIF "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\os.obj" "$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF
-
-SOURCE="..\ddns-confgen.c"
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\ddns-confgen.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\ddns-confgen.obj" "$(INTDIR)\ddns-confgen.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-SOURCE=..\keygen.c
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\keygen.obj" "$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-SOURCE=..\util.c
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\util.obj" "$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak.in (rev 0)
+++ vendor/bind/dist/bin/confgen/win32/ddnsconfgen.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,337 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on ddnsconfgen.dsp
+!IF "$(CFG)" == ""
+CFG=ddnsconfgen - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to ddnsconfgen - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "ddnsconfgen - @PLATFORM@ Release" && "$(CFG)" != "ddnsconfgen - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "ddnsconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "ddnsconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\ddns-confgen.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\os.obj"
+ - at erase "$(INTDIR)\ddns-confgen.obj"
+ - at erase "$(INTDIR)\keygen.obj"
+ - at erase "$(INTDIR)\util.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\ddns-confgen.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\ddnsconfgen.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\ddns-confgen.pdb" @MACHINE@ /out:"../../../Build/Release/ddns-confgen.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\ddns-confgen.obj" \
+ "$(INTDIR)\keygen.obj" \
+ "$(INTDIR)\util.obj"
+
+"..\..\..\Build\Release\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\ddns-confgen.exe" "$(OUTDIR)\ddnsconfgen.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\os.obj"
+ - at erase "$(INTDIR)\os.sbr"
+ - at erase "$(INTDIR)\ddns-confgen.obj"
+ - at erase "$(INTDIR)\ddns-confgen.sbr"
+ - at erase "$(INTDIR)\keygen.obj"
+ - at erase "$(INTDIR)\keygen.sbr"
+ - at erase "$(INTDIR)\util.obj"
+ - at erase "$(INTDIR)\util.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\ddnsconfgen.bsc"
+ - at erase "$(OUTDIR)\ddns-confgen.pdb"
+ - at erase "..\..\..\Build\Debug\ddns-confgen.exe"
+ - at erase "..\..\..\Build\Debug\ddns-confgen.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\os.sbr" \
+ "$(INTDIR)\ddns-confgen.sbr" \
+ "$(INTDIR)\keygen.sbr" \
+ "$(INTDIR)\util.sbr"
+
+"$(OUTDIR)\ddnsconfgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\ddns-confgen.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\ddns-confgen.obj" \
+ "$(INTDIR)\keygen.obj" \
+ "$(INTDIR)\util.obj"
+
+"..\..\..\Build\Debug\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("ddnsconfgen.dep")
+!INCLUDE "ddnsconfgen.dep"
+!ELSE
+!MESSAGE Warning: cannot find "ddnsconfgen.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release" || "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
+SOURCE=.\os.c
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\os.obj" "$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF
+
+SOURCE="..\ddns-confgen.c"
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\ddns-confgen.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\ddns-confgen.obj" "$(INTDIR)\ddns-confgen.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\keygen.c
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\keygen.obj" "$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\util.c
+
+!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\util.obj" "$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Modified: vendor/bind/dist/bin/confgen/win32/os.c
===================================================================
--- vendor/bind/dist/bin/confgen/win32/os.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/os.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
#include <config.h>
Deleted: vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp
===================================================================
--- vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="rndcconfgen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=rndcconfgen - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "rndcconfgen.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe"
-
-!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "rndcconfgen - Win32 Release"
-# Name "rndcconfgen - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\rndc-confgen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp.in (rev 0)
+++ vendor/bind/dist/bin/confgen/win32/rndcconfgen.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="rndcconfgen" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=rndcconfgen - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "rndcconfgen.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "rndcconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "rndcconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/rndc-confgen.exe"
+
+!ELSEIF "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "rndcconfgen - @PLATFORM@ Release"
+# Name "rndcconfgen - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\rndc-confgen.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak
===================================================================
--- vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,336 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on confgen.dsp
-!IF "$(CFG)" == ""
-CFG=rndcconfgen - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to rndcconfgen - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "rndcconfgen - Win32 Release" && "$(CFG)" != "rndcconfgen - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\rndc-confgen.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\os.obj"
- - at erase "$(INTDIR)\rndc-confgen.obj"
- - at erase "$(INTDIR)\keygen.obj"
- - at erase "$(INTDIR)\util.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\rndc-confgen.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\confgen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\rndc-confgen.pdb" /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe"
-LINK32_OBJS= \
- "$(INTDIR)\os.obj" \
- "$(INTDIR)\rndc-confgen.obj" \
- "$(INTDIR)\keygen.obj" \
- "$(INTDIR)\util.obj"
-
-"..\..\..\Build\Release\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\rndc-confgen.exe" "$(OUTDIR)\confgen.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\os.obj"
- - at erase "$(INTDIR)\os.sbr"
- - at erase "$(INTDIR)\rndc-confgen.obj"
- - at erase "$(INTDIR)\rndc-confgen.sbr"
- - at erase "$(INTDIR)\keygen.obj"
- - at erase "$(INTDIR)\keygen.sbr"
- - at erase "$(INTDIR)\util.obj"
- - at erase "$(INTDIR)\util.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\confgen.bsc"
- - at erase "$(OUTDIR)\rndc-confgen.pdb"
- - at erase "..\..\..\Build\Debug\rndc-confgen.exe"
- - at erase "..\..\..\Build\Debug\rndc-confgen.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc"
-BSC32_SBRS= \
- "$(INTDIR)\os.sbr" \
- "$(INTDIR)\rndc-confgen.sbr" \
- "$(INTDIR)\keygen.sbr" \
- "$(INTDIR)\util.sbr"
-
-"$(OUTDIR)\confgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc-confgen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
-LINK32_OBJS= \
- "$(INTDIR)\os.obj" \
- "$(INTDIR)\rndc-confgen.obj" \
- "$(INTDIR)\keygen.obj" \
- "$(INTDIR)\util.obj"
-
-"..\..\..\Build\Debug\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("confgen.dep")
-!INCLUDE "confgen.dep"
-!ELSE
-!MESSAGE Warning: cannot find "confgen.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release" || "$(CFG)" == "rndcconfgen - Win32 Debug"
-SOURCE=.\os.c
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\os.obj" "$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF
-
-SOURCE="..\rndc-confgen.c"
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\rndc-confgen.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\rndc-confgen.obj" "$(INTDIR)\rndc-confgen.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-SOURCE=..\keygen.c
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\keygen.obj" "$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-SOURCE=..\util.c
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\util.obj" "$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak.in (rev 0)
+++ vendor/bind/dist/bin/confgen/win32/rndcconfgen.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,336 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on confgen.dsp
+!IF "$(CFG)" == ""
+CFG=rndcconfgen - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to rndcconfgen - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "rndcconfgen - @PLATFORM@ Release" && "$(CFG)" != "rndcconfgen - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "rndcconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "rndcconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\rndc-confgen.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\os.obj"
+ - at erase "$(INTDIR)\rndc-confgen.obj"
+ - at erase "$(INTDIR)\keygen.obj"
+ - at erase "$(INTDIR)\util.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\rndc-confgen.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\confgen.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\rndc-confgen.pdb" @MACHINE@ /out:"../../../Build/Release/rndc-confgen.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\rndc-confgen.obj" \
+ "$(INTDIR)\keygen.obj" \
+ "$(INTDIR)\util.obj"
+
+"..\..\..\Build\Release\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\rndc-confgen.exe" "$(OUTDIR)\confgen.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\os.obj"
+ - at erase "$(INTDIR)\os.sbr"
+ - at erase "$(INTDIR)\rndc-confgen.obj"
+ - at erase "$(INTDIR)\rndc-confgen.sbr"
+ - at erase "$(INTDIR)\keygen.obj"
+ - at erase "$(INTDIR)\keygen.sbr"
+ - at erase "$(INTDIR)\util.obj"
+ - at erase "$(INTDIR)\util.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\confgen.bsc"
+ - at erase "$(OUTDIR)\rndc-confgen.pdb"
+ - at erase "..\..\..\Build\Debug\rndc-confgen.exe"
+ - at erase "..\..\..\Build\Debug\rndc-confgen.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\os.sbr" \
+ "$(INTDIR)\rndc-confgen.sbr" \
+ "$(INTDIR)\keygen.sbr" \
+ "$(INTDIR)\util.sbr"
+
+"$(OUTDIR)\confgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc-confgen.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\rndc-confgen.obj" \
+ "$(INTDIR)\keygen.obj" \
+ "$(INTDIR)\util.obj"
+
+"..\..\..\Build\Debug\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("confgen.dep")
+!INCLUDE "confgen.dep"
+!ELSE
+!MESSAGE Warning: cannot find "confgen.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release" || "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
+SOURCE=.\os.c
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\os.obj" "$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF
+
+SOURCE="..\rndc-confgen.c"
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\rndc-confgen.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\rndc-confgen.obj" "$(INTDIR)\rndc-confgen.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\keygen.c
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\keygen.obj" "$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\util.c
+
+!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\util.obj" "$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Modified: vendor/bind/dist/bin/dig/Makefile.in
===================================================================
--- vendor/bind/dist/bin/dig/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+# $Id: Makefile.in,v 1.47 2009/12/05 23:31:40 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/dig/dig.1
===================================================================
--- vendor/bind/dist/bin/dig/dig.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/dig.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: dig
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: February 12, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "DIG" "1" "February 12, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -33,7 +33,7 @@
dig \- DNS lookup utility
.SH "SYNOPSIS"
.HP 4
-\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
.HP 4
\fBdig\fR [\fB\-h\fR]
.HP 4
@@ -57,7 +57,7 @@
Unless it is told to query a specific name server,
\fBdig\fR
will try each of the servers listed in
-\fI/etc/resolv.conf\fR. If no usable server addreses are found,
+\fI/etc/resolv.conf\fR. If no usable server addresses are found,
\fBdig\fR
will send the query to the local host.
.PP
@@ -70,7 +70,7 @@
via
\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
.PP
-The IN and CH class names overlap with the IN and CH top level domains names. Either use the
+The IN and CH class names overlap with the IN and CH top level domain names. Either use the
\fB\-t\fR
and
\fB\-c\fR
@@ -186,10 +186,16 @@
The
\fB\-q\fR
option sets the query name to
-\fIname\fR. This useful do distinguish the
+\fIname\fR. This is useful to distinguish the
\fIname\fR
from other arguments.
.PP
+The
+\fB\-v\fR
+causes
+\fBdig\fR
+to print the version number and exit.
+.PP
Reverse lookups \(em mapping addresses to names \(em are simplified by the
\fB\-x\fR
option.
@@ -241,68 +247,54 @@
to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
\fB+keyword=value\fR. The query options are:
.PP
-\fB+[no]tcp\fR
+\fB+[no]aaflag\fR
.RS 4
-Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+A synonym for
+\fI+[no]aaonly\fR.
.RE
.PP
-\fB+[no]vc\fR
+\fB+[no]aaonly\fR
.RS 4
-Use [do not use] TCP when querying name servers. This alternate syntax to
-\fI+[no]tcp\fR
-is provided for backwards compatibility. The "vc" stands for "virtual circuit".
+Sets the "aa" flag in the query.
.RE
.PP
-\fB+[no]ignore\fR
+\fB+[no]additional\fR
.RS 4
-Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
+Display [do not display] the additional section of a reply. The default is to display it.
.RE
.PP
-\fB+domain=somename\fR
+\fB+[no]adflag\fR
.RS 4
-Set the search list to contain the single domain
-\fIsomename\fR, as if specified in a
-\fBdomain\fR
-directive in
-\fI/etc/resolv.conf\fR, and enable search list processing as if the
-\fI+search\fR
-option were given.
+Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
.RE
.PP
-\fB+[no]search\fR
+\fB+[no]all\fR
.RS 4
-Use [do not use] the search list defined by the searchlist or domain directive in
-\fIresolv.conf\fR
-(if any). The search list is not used by default.
+Set or clear all display flags.
.RE
.PP
-\fB+[no]showsearch\fR
+\fB+[no]answer\fR
.RS 4
-Perform [do not perform] a search showing intermediate results.
+Display [do not display] the answer section of a reply. The default is to display it.
.RE
.PP
-\fB+[no]defname\fR
+\fB+[no]authority\fR
.RS 4
-Deprecated, treated as a synonym for
-\fI+[no]search\fR
+Display [do not display] the authority section of a reply. The default is to display it.
.RE
.PP
-\fB+[no]aaonly\fR
+\fB+[no]besteffort\fR
.RS 4
-Sets the "aa" flag in the query.
+Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
.RE
.PP
-\fB+[no]aaflag\fR
+\fB+bufsize=B\fR
.RS 4
-A synonym for
-\fI+[no]aaonly\fR.
+Set the UDP message buffer size advertised using EDNS0 to
+\fIB\fR
+bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
.RE
.PP
-\fB+[no]adflag\fR
-.RS 4
-Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
-.RE
-.PP
\fB+[no]cdflag\fR
.RS 4
Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
@@ -313,48 +305,52 @@
Display [do not display] the CLASS when printing the record.
.RE
.PP
-\fB+[no]ttlid\fR
+\fB+[no]cmd\fR
.RS 4
-Display [do not display] the TTL when printing the record.
+Toggles the printing of the initial comment in the output identifying the version of
+\fBdig\fR
+and the query options that have been applied. This comment is printed by default.
.RE
.PP
-\fB+[no]recurse\fR
+\fB+[no]comments\fR
.RS 4
-Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
-\fBdig\fR
-normally sends recursive queries. Recursion is automatically disabled when the
-\fI+nssearch\fR
-or
-\fI+trace\fR
-query options are used.
+Toggle the display of comment lines in the output. The default is to print comments.
.RE
.PP
-\fB+[no]nssearch\fR
+\fB+[no]defname\fR
.RS 4
-When this option is set,
-\fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
+Deprecated, treated as a synonym for
+\fI+[no]search\fR
.RE
.PP
-\fB+[no]trace\fR
+\fB+[no]dnssec\fR
.RS 4
-Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
-\fBdig\fR
-makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
.RE
.PP
-\fB+[no]cmd\fR
+\fB+domain=somename\fR
.RS 4
-Toggles the printing of the initial comment in the output identifying the version of
-\fBdig\fR
-and the query options that have been applied. This comment is printed by default.
+Set the search list to contain the single domain
+\fIsomename\fR, as if specified in a
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR, and enable search list processing as if the
+\fI+search\fR
+option were given.
.RE
.PP
-\fB+[no]short\fR
+\fB+[no]edns[=#]\fR
.RS 4
-Provide a terse answer. The default is to print the answer in a verbose form.
+Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
+\fB+noedns\fR
+clears the remembered EDNS version. EDNS is set to 0 by default.
.RE
.PP
+\fB+[no]fail\fR
+.RS 4
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
+.RE
+.PP
\fB+[no]identify\fR
.RS 4
Show [or do not show] the IP address and port number that supplied the answer when the
@@ -362,62 +358,75 @@
option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
.RE
.PP
-\fB+[no]comments\fR
+\fB+[no]ignore\fR
.RS 4
-Toggle the display of comment lines in the output. The default is to print comments.
+Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
.RE
.PP
-\fB+[no]stats\fR
+\fB+[no]keepopen\fR
.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
+Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is
+\fB+nokeepopen\fR.
.RE
.PP
-\fB+[no]qr\fR
+\fB+[no]multiline\fR
.RS 4
-Print [do not print] the query as it is sent. By default, the query is not printed.
+Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
+\fBdig\fR
+output.
.RE
.PP
-\fB+[no]question\fR
+\fB+ndots=D\fR
.RS 4
-Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
+Set the number of dots that have to appear in
+\fIname\fR
+to
+\fID\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR.
.RE
.PP
-\fB+[no]answer\fR
+\fB+[no]nsid\fR
.RS 4
-Display [do not display] the answer section of a reply. The default is to display it.
+Include an EDNS name server ID request when sending a query.
.RE
.PP
-\fB+[no]authority\fR
+\fB+[no]nssearch\fR
.RS 4
-Display [do not display] the authority section of a reply. The default is to display it.
+When this option is set,
+\fBdig\fR
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
.RE
.PP
-\fB+[no]additional\fR
+\fB+[no]onesoa\fR
.RS 4
-Display [do not display] the additional section of a reply. The default is to display it.
+Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
.RE
.PP
-\fB+[no]all\fR
+\fB+[no]qr\fR
.RS 4
-Set or clear all display flags.
+Print [do not print] the query as it is sent. By default, the query is not printed.
.RE
.PP
-\fB+time=T\fR
+\fB+[no]question\fR
.RS 4
-Sets the timeout for a query to
-\fIT\fR
-seconds. The default timeout is 5 seconds. An attempt to set
-\fIT\fR
-to less than 1 will result in a query timeout of 1 second being applied.
+Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
.RE
.PP
-\fB+tries=T\fR
+\fB+[no]recurse\fR
.RS 4
-Sets the number of times to try UDP queries to server to
-\fIT\fR
-instead of the default, 3. If
-\fIT\fR
-is less than or equal to zero, the number of tries is silently rounded up to 1.
+Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
+\fBdig\fR
+normally sends recursive queries. Recursion is automatically disabled when the
+\fI+nssearch\fR
+or
+\fI+trace\fR
+query options are used.
.RE
.PP
\fB+retry=T\fR
@@ -428,67 +437,70 @@
\fI+tries\fR, this does not include the initial query.
.RE
.PP
-\fB+ndots=D\fR
+\fB+[no]search\fR
.RS 4
-Set the number of dots that have to appear in
-\fIname\fR
-to
-\fID\fR
-for it to be considered absolute. The default value is that defined using the ndots statement in
-\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
-\fBsearch\fR
-or
-\fBdomain\fR
-directive in
-\fI/etc/resolv.conf\fR.
+Use [do not use] the search list defined by the searchlist or domain directive in
+\fIresolv.conf\fR
+(if any). The search list is not used by default.
.RE
.PP
-\fB+bufsize=B\fR
+\fB+[no]short\fR
.RS 4
-Set the UDP message buffer size advertised using EDNS0 to
-\fIB\fR
-bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
+Provide a terse answer. The default is to print the answer in a verbose form.
.RE
.PP
-\fB+edns=#\fR
+\fB+[no]showsearch\fR
.RS 4
-Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
-\fB+noedns\fR
-clears the remembered EDNS version.
+Perform [do not perform] a search showing intermediate results.
.RE
.PP
-\fB+[no]multiline\fR
+\fB+[no]sigchase\fR
.RS 4
-Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
-\fBdig\fR
-output.
+Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
-\fB+[no]onesoa\fR
+\fB+[no]stats\fR
.RS 4
-Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
.RE
.PP
-\fB+[no]fail\fR
+\fB+[no]tcp\fR
.RS 4
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
+Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an
+ixfr=N
+query is requested, in which case the default is TCP. AXFR queries always use TCP.
.RE
.PP
-\fB+[no]besteffort\fR
+\fB+time=T\fR
.RS 4
-Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
+Sets the timeout for a query to
+\fIT\fR
+seconds. The default timeout is 5 seconds. An attempt to set
+\fIT\fR
+to less than 1 will result in a query timeout of 1 second being applied.
.RE
.PP
-\fB+[no]dnssec\fR
+\fB+[no]topdown\fR
.RS 4
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
+When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
-\fB+[no]sigchase\fR
+\fB+[no]trace\fR
.RS 4
-Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
+Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
+\fBdig\fR
+makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
.RE
.PP
+\fB+tries=T\fR
+.RS 4
+Sets the number of times to try UDP queries to server to
+\fIT\fR
+instead of the default, 3. If
+\fIT\fR
+is less than or equal to zero, the number of tries is silently rounded up to 1.
+.RE
+.PP
\fB+trusted\-key=####\fR
.RS 4
Specifies a file containing trusted keys to be used with
@@ -505,14 +517,16 @@
Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
-\fB+[no]topdown\fR
+\fB+[no]ttlid\fR
.RS 4
-When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
+Display [do not display] the TTL when printing the record.
.RE
.PP
-\fB+[no]nsid\fR
+\fB+[no]vc\fR
.RS 4
-Include an EDNS name server ID request when sending a query.
+Use [do not use] TCP when querying name servers. This alternate syntax to
+\fI+[no]tcp\fR
+is provided for backwards compatibility. The "vc" stands for "virtual circuit".
.RE
.SH "MULTIPLE QUERIES"
.PP
@@ -576,7 +590,7 @@
.PP
There are probably too many query options.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/dig/dig.c
===================================================================
--- vendor/bind/dist/bin/dig/dig.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/dig.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dig.c,v 1.237.124.4 2011/12/07 17:23:55 each Exp $ */
/*! \file */
@@ -225,6 +225,7 @@
#endif
" +[no]multiline (Print records in an expanded format)\n"
" +[no]onesoa (AXFR prints only one soa record)\n"
+" +[no]keepopen (Keep the TCP socket open between queries)\n"
" global d-opts and servers (before host name) affect all queries.\n"
" local d-opts and servers (after host name) affect only that lookup.\n"
" -h (print help and exit)\n"
@@ -238,7 +239,6 @@
void
received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
isc_uint64_t diff;
- isc_time_t now;
time_t tnow;
struct tm tmnow;
char time_str[100];
@@ -246,10 +246,8 @@
isc_sockaddr_format(from, fromtext, sizeof(fromtext));
- TIME_NOW(&now);
-
if (query->lookup->stats && !short_form) {
- diff = isc_time_microdiff(&now, &query->time_sent);
+ diff = isc_time_microdiff(&query->time_recv, &query->time_sent);
printf(";; Query time: %ld msec\n", (long int)diff/1000);
printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
time(&tnow);
@@ -275,7 +273,7 @@
}
puts("");
} else if (query->lookup->identify && !short_form) {
- diff = isc_time_microdiff(&now, &query->time_sent);
+ diff = isc_time_microdiff(&query->time_recv, &query->time_sent);
printf(";; Received %" ISC_PRINT_QUADFORMAT "u bytes "
"from %s(%s) in %d ms\n\n",
query->lookup->doing_xfr ?
@@ -303,7 +301,6 @@
say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
isc_result_t result;
isc_uint64_t diff;
- isc_time_t now;
char store[sizeof("12345678901234567890")];
if (query->lookup->trace || query->lookup->ns_search_only) {
@@ -317,8 +314,7 @@
return (result);
check_result(result, "dns_rdata_totext");
if (query->lookup->identify) {
- TIME_NOW(&now);
- diff = isc_time_microdiff(&now, &query->time_sent);
+ diff = isc_time_microdiff(&query->time_recv, &query->time_sent);
ADD_STRING(buf, " from server ");
ADD_STRING(buf, query->servname);
snprintf(store, 19, " in %d ms.", (int)diff/1000);
@@ -534,10 +530,11 @@
(msg->rcode == dns_rcode_formerr ||
msg->rcode == dns_rcode_notimp))
printf("\n;; WARNING: EDNS query returned status "
- "%s - retry with '+noedns'\n",
- rcode_totext(msg->rcode));
+ "%s - retry with '%s+noedns'\n",
+ rcode_totext(msg->rcode),
+ query->lookup->dnssec ? "+nodnssec ": "");
if (msg != query->lookup->sendmsg && extrabytes != 0U)
- printf(";; WARNING: Messages has %u extra byte%s at "
+ printf(";; WARNING: Message has %u extra byte%s at "
"end\n", extrabytes, extrabytes != 0 ? "s" : "");
}
@@ -891,6 +888,10 @@
lookup->ignore = ISC_TRUE;
}
break;
+ case 'k':
+ FULLCHECK("keepopen");
+ keep_open = state;
+ break;
case 'm': /* multiline */
FULLCHECK("multiline");
multiline = state;
@@ -1045,8 +1046,10 @@
switch (cmd[1]) {
case 'c': /* tcp */
FULLCHECK("tcp");
- if (!is_batchfile)
+ if (!is_batchfile) {
lookup->tcp_mode = state;
+ lookup->tcp_mode_set = ISC_TRUE;
+ }
break;
case 'i': /* timeout */
FULLCHECK("timeout");
@@ -1124,8 +1127,10 @@
break;
case 'v':
FULLCHECK("vc");
- if (!is_batchfile)
+ if (!is_batchfile) {
lookup->tcp_mode = state;
+ lookup->tcp_mode_set = ISC_TRUE;
+ }
break;
default:
invalid_option:
@@ -1340,10 +1345,12 @@
(*lookup)->ixfr_serial = serial;
(*lookup)->section_question = plusquest;
(*lookup)->comments = pluscomm;
- (*lookup)->tcp_mode = ISC_TRUE;
+ if (!(*lookup)->tcp_mode_set)
+ (*lookup)->tcp_mode = ISC_TRUE;
} else {
(*lookup)->rdtype = rdtype;
- (*lookup)->rdtypeset = ISC_TRUE;
+ if (!config_only)
+ (*lookup)->rdtypeset = ISC_TRUE;
if (rdtype == dns_rdatatype_axfr) {
(*lookup)->section_question = plusquest;
(*lookup)->comments = pluscomm;
@@ -1385,6 +1392,7 @@
ip6_int, ISC_FALSE) == ISC_R_SUCCESS) {
strncpy((*lookup)->textname, textname,
sizeof((*lookup)->textname));
+ (*lookup)->textname[sizeof((*lookup)->textname)-1] = 0;
debug("looking up %s", (*lookup)->textname);
(*lookup)->trace_root = ISC_TF((*lookup)->trace ||
(*lookup)->ns_search_only);
@@ -1448,7 +1456,8 @@
static void
parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
- int argc, char **argv) {
+ int argc, char **argv)
+{
isc_result_t result;
isc_textregion_t tr;
isc_boolean_t firstarg = ISC_TRUE;
@@ -1539,8 +1548,25 @@
debug("main parsing %s", rv[0]);
if (strncmp(rv[0], "%", 1) == 0)
break;
- if (strncmp(rv[0], "@", 1) == 0) {
- addresscount = getaddresses(lookup, &rv[0][1], NULL);
+ if (rv[0][0] == '@') {
+
+ if (is_batchfile && !config_only) {
+ addresscount = getaddresses(lookup, &rv[0][1],
+ &result);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "couldn't get address "
+ "for '%s': %s: skipping "
+ "lookup\n", &rv[0][1],
+ isc_result_totext(result));
+ if (ISC_LINK_LINKED(lookup, link))
+ ISC_LIST_DEQUEUE(lookup_list,
+ lookup, link);
+ destroy_lookup(lookup);
+ return;
+ }
+ } else
+ addresscount = getaddresses(lookup, &rv[0][1],
+ NULL);
} else if (rv[0][0] == '+') {
plus_option(&rv[0][1], is_batchfile,
lookup);
@@ -1604,7 +1630,8 @@
lookup->section_question =
plusquest;
lookup->comments = pluscomm;
- lookup->tcp_mode = ISC_TRUE;
+ if (!lookup->tcp_mode_set)
+ lookup->tcp_mode = ISC_TRUE;
} else {
lookup->rdtype = rdtype;
lookup->rdtypeset = ISC_TRUE;
Modified: vendor/bind/dist/bin/dig/dig.docbook
===================================================================
--- vendor/bind/dist/bin/dig/dig.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/dig.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,8 +1,8 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.docbook,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ -->
<refentry id="man.dig">
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>February 12, 2014</date>
</refentryinfo>
<refmeta>
@@ -46,6 +45,7 @@
<year>2009</year>
<year>2010</year>
<year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -69,6 +69,7 @@
<arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
<arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg><option>-v</option></arg>
<arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
<arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
<arg><option>-4</option></arg>
@@ -118,7 +119,7 @@
<para>
Unless it is told to query a specific name server,
<command>dig</command> will try each of the servers listed in
- <filename>/etc/resolv.conf</filename>. If no usable server addreses
+ <filename>/etc/resolv.conf</filename>. If no usable server addresses
are found, <command>dig</command> will send the query to the local
host.
</para>
@@ -137,7 +138,7 @@
<para>
The IN and CH class names overlap with the IN and CH top level
- domains names. Either use the <option>-t</option> and
+ domain names. Either use the <option>-t</option> and
<option>-c</option> options to specify the type and class,
use the <option>-q</option> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
@@ -155,56 +156,56 @@
<variablelist>
- <varlistentry>
- <term><constant>server</constant></term>
- <listitem>
- <para>
- is the name or IP address of the name server to query. This
- can be an IPv4 address in dotted-decimal notation or an IPv6
- address in colon-delimited notation. When the supplied
- <parameter>server</parameter> argument is a hostname,
- <command>dig</command> resolves that name before querying
- that name server.
- </para>
- <para>
- If no <parameter>server</parameter> argument is
- provided, <command>dig</command> consults
- <filename>/etc/resolv.conf</filename>; if an
- address is found there, it queries the name server at
- that address. If either of the <option>-4</option> or
- <option>-6</option> options are in use, then
- only addresses for the corresponding transport
- will be tried. If no usable addresses are found,
- <command>dig</command> will send the query to the
- local host. The reply from the name server that
- responds is displayed.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><constant>server</constant></term>
+ <listitem>
+ <para>
+ is the name or IP address of the name server to query. This
+ can be an IPv4 address in dotted-decimal notation or an IPv6
+ address in colon-delimited notation. When the supplied
+ <parameter>server</parameter> argument is a hostname,
+ <command>dig</command> resolves that name before querying
+ that name server.
+ </para>
+ <para>
+ If no <parameter>server</parameter> argument is
+ provided, <command>dig</command> consults
+ <filename>/etc/resolv.conf</filename>; if an
+ address is found there, it queries the name server at
+ that address. If either of the <option>-4</option> or
+ <option>-6</option> options are in use, then
+ only addresses for the corresponding transport
+ will be tried. If no usable addresses are found,
+ <command>dig</command> will send the query to the
+ local host. The reply from the name server that
+ responds is displayed.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><constant>name</constant></term>
- <listitem>
- <para>
- is the name of the resource record that is to be looked up.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><constant>name</constant></term>
+ <listitem>
+ <para>
+ is the name of the resource record that is to be looked up.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><constant>type</constant></term>
- <listitem>
- <para>
- indicates what type of query is required —
- ANY, A, MX, SIG, etc.
- <parameter>type</parameter> can be any valid query
- type. If no
- <parameter>type</parameter> argument is supplied,
- <command>dig</command> will perform a lookup for an
- A record.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><constant>type</constant></term>
+ <listitem>
+ <para>
+ indicates what type of query is required —
+ ANY, A, MX, SIG, etc.
+ <parameter>type</parameter> can be any valid query
+ type. If no
+ <parameter>type</parameter> argument is supplied,
+ <command>dig</command> will perform a lookup for an
+ A record.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
@@ -244,7 +245,7 @@
<para>
The <option>-m</option> option enables memory usage debugging.
<!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
- documented in include/isc/mem.h -->
+ documented in include/isc/mem.h -->
</para>
<para>
@@ -280,11 +281,16 @@
<para>
The <option>-q</option> option sets the query name to
- <parameter>name</parameter>. This useful do distinguish the
+ <parameter>name</parameter>. This is useful to distinguish the
<parameter>name</parameter> from other arguments.
</para>
<para>
+ The <option>-v</option> causes <command>dig</command> to
+ print the version number and exit.
+ </para>
+
+ <para>
Reverse lookups — mapping addresses to names — are simplified by the
<option>-x</option> option. <parameter>addr</parameter> is
an IPv4
@@ -314,13 +320,13 @@
base-64
encoded string, typically generated by
<citerefentry>
- <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
Caution should be taken when using the <option>-y</option> option on
multi-user systems as the key can be visible in the output from
<citerefentry>
- <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
+ <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
or in the shell's history file. When
using TSIG authentication with <command>dig</command>, the name
@@ -355,109 +361,36 @@
<variablelist>
- <varlistentry>
- <term><option>+[no]tcp</option></term>
- <listitem>
- <para>
- Use [do not use] TCP when querying name servers. The default
- behavior is to use UDP unless an AXFR or IXFR query is
- requested, in
- which case a TCP connection is used.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]aaflag</option></term>
+ <listitem>
+ <para>
+ A synonym for <parameter>+[no]aaonly</parameter>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]vc</option></term>
- <listitem>
- <para>
- Use [do not use] TCP when querying name servers. This alternate
- syntax to <parameter>+[no]tcp</parameter> is
- provided for backwards
- compatibility. The "vc" stands for "virtual circuit".
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]aaonly</option></term>
+ <listitem>
+ <para>
+ Sets the "aa" flag in the query.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]ignore</option></term>
- <listitem>
- <para>
- Ignore truncation in UDP responses instead of retrying with TCP.
- By
- default, TCP retries are performed.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]additional</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the additional section of a
+ reply. The default is to display it.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+domain=somename</option></term>
- <listitem>
- <para>
- Set the search list to contain the single domain
- <parameter>somename</parameter>, as if specified in
- a
- <command>domain</command> directive in
- <filename>/etc/resolv.conf</filename>, and enable
- search list
- processing as if the <parameter>+search</parameter>
- option were given.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>+[no]search</option></term>
- <listitem>
- <para>
- Use [do not use] the search list defined by the searchlist or
- domain
- directive in <filename>resolv.conf</filename> (if
- any).
- The search list is not used by default.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>+[no]showsearch</option></term>
- <listitem>
- <para>
- Perform [do not perform] a search showing intermediate
- results.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>+[no]defname</option></term>
- <listitem>
- <para>
- Deprecated, treated as a synonym for <parameter>+[no]search</parameter>
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>+[no]aaonly</option></term>
- <listitem>
- <para>
- Sets the "aa" flag in the query.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>+[no]aaflag</option></term>
- <listitem>
- <para>
- A synonym for <parameter>+[no]aaonly</parameter>.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>+[no]adflag</option></term>
+ <varlistentry>
+ <term><option>+[no]adflag</option></term>
<listitem>
<para>
Set [do not set] the AD (authentic data) bit in the
@@ -472,403 +405,469 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><option>+[no]cdflag</option></term>
- <listitem>
- <para>
- Set [do not set] the CD (checking disabled) bit in the query.
- This
- requests the server to not perform DNSSEC validation of
- responses.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]all</option></term>
+ <listitem>
+ <para>
+ Set or clear all display flags.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]cl</option></term>
- <listitem>
- <para>
- Display [do not display] the CLASS when printing the record.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]answer</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the answer section of a
+ reply. The default is to display it.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]ttlid</option></term>
- <listitem>
- <para>
- Display [do not display] the TTL when printing the record.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]authority</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the authority section of a
+ reply. The default is to display it.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]recurse</option></term>
- <listitem>
- <para>
- Toggle the setting of the RD (recursion desired) bit in the
- query.
- This bit is set by default, which means <command>dig</command>
- normally sends recursive queries. Recursion is automatically
- disabled
- when the <parameter>+nssearch</parameter> or
- <parameter>+trace</parameter> query options are
- used.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]besteffort</option></term>
+ <listitem>
+ <para>
+ Attempt to display the contents of messages which are
+ malformed. The default is to not display malformed
+ answers.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]nssearch</option></term>
- <listitem>
- <para>
- When this option is set, <command>dig</command>
- attempts to find the
- authoritative name servers for the zone containing the name
- being
- looked up and display the SOA record that each name server has
- for the
- zone.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+bufsize=B</option></term>
+ <listitem>
+ <para>
+ Set the UDP message buffer size advertised using EDNS0
+ to <parameter>B</parameter> bytes. The maximum and
+ minimum sizes of this buffer are 65535 and 0 respectively.
+ Values outside this range are rounded up or down
+ appropriately. Values other than zero will cause a
+ EDNS query to be sent.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]trace</option></term>
- <listitem>
- <para>
- Toggle tracing of the delegation path from the root name servers
- for
- the name being looked up. Tracing is disabled by default. When
- tracing is enabled, <command>dig</command> makes
- iterative queries to
- resolve the name being looked up. It will follow referrals from
- the
- root servers, showing the answer from each server that was used
- to
- resolve the lookup.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]cdflag</option></term>
+ <listitem>
+ <para>
+ Set [do not set] the CD (checking disabled) bit in
+ the query. This requests the server to not perform
+ DNSSEC validation of responses.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]cmd</option></term>
- <listitem>
- <para>
- Toggles the printing of the initial comment in the output
- identifying
- the version of <command>dig</command> and the query
- options that have
- been applied. This comment is printed by default.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]cl</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the CLASS when printing the
+ record.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]short</option></term>
- <listitem>
- <para>
- Provide a terse answer. The default is to print the answer in a
- verbose form.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]cmd</option></term>
+ <listitem>
+ <para>
+ Toggles the printing of the initial comment in the
+ output identifying the version of <command>dig</command>
+ and the query options that have been applied. This
+ comment is printed by default.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]identify</option></term>
- <listitem>
- <para>
- Show [or do not show] the IP address and port number that
- supplied the
- answer when the <parameter>+short</parameter> option
- is enabled. If
- short form answers are requested, the default is not to show the
- source address and port number of the server that provided the
- answer.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]comments</option></term>
+ <listitem>
+ <para>
+ Toggle the display of comment lines in the output.
+ The default is to print comments.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]comments</option></term>
- <listitem>
- <para>
- Toggle the display of comment lines in the output. The default
- is to
- print comments.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]defname</option></term>
+ <listitem>
+ <para>
+ Deprecated, treated as a synonym for
+ <parameter>+[no]search</parameter>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]stats</option></term>
- <listitem>
- <para>
- This query option toggles the printing of statistics: when the
- query
- was made, the size of the reply and so on. The default
- behavior is
- to print the query statistics.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]dnssec</option></term>
+ <listitem>
+ <para>
+ Requests DNSSEC records be sent by setting the DNSSEC
+ OK bit (DO) in the OPT record in the additional section
+ of the query.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]qr</option></term>
- <listitem>
- <para>
- Print [do not print] the query as it is sent.
- By default, the query is not printed.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+domain=somename</option></term>
+ <listitem>
+ <para>
+ Set the search list to contain the single domain
+ <parameter>somename</parameter>, as if specified in
+ a <command>domain</command> directive in
+ <filename>/etc/resolv.conf</filename>, and enable
+ search list processing as if the
+ <parameter>+search</parameter> option were given.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]question</option></term>
- <listitem>
- <para>
- Print [do not print] the question section of a query when an
- answer is
- returned. The default is to print the question section as a
- comment.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]edns[=#]</option></term>
+ <listitem>
+ <para>
+ Specify the EDNS version to query with. Valid values
+ are 0 to 255. Setting the EDNS version will cause
+ a EDNS query to be sent. <option>+noedns</option>
+ clears the remembered EDNS version. EDNS is set to
+ 0 by default.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]answer</option></term>
- <listitem>
- <para>
- Display [do not display] the answer section of a reply. The
- default
- is to display it.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]fail</option></term>
+ <listitem>
+ <para>
+ Do not try the next server if you receive a SERVFAIL.
+ The default is to not try the next server which is
+ the reverse of normal stub resolver behavior.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]authority</option></term>
- <listitem>
- <para>
- Display [do not display] the authority section of a reply. The
- default is to display it.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]identify</option></term>
+ <listitem>
+ <para>
+ Show [or do not show] the IP address and port number
+ that supplied the answer when the
+ <parameter>+short</parameter> option is enabled. If
+ short form answers are requested, the default is not
+ to show the source address and port number of the
+ server that provided the answer.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]additional</option></term>
- <listitem>
- <para>
- Display [do not display] the additional section of a reply.
- The default is to display it.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]ignore</option></term>
+ <listitem>
+ <para>
+ Ignore truncation in UDP responses instead of retrying
+ with TCP. By default, TCP retries are performed.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]all</option></term>
- <listitem>
- <para>
- Set or clear all display flags.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]keepopen</option></term>
+ <listitem>
+ <para>
+ Keep the TCP socket open between queries and reuse
+ it rather than creating a new TCP socket for each
+ lookup. The default is <option>+nokeepopen</option>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+time=T</option></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><option>+[no]multiline</option></term>
+ <listitem>
+ <para>
+ Print records like the SOA records in a verbose
+ multi-line format with human-readable comments. The
+ default is to print each record on a single line, to
+ facilitate machine parsing of the <command>dig</command>
+ output.
+ </para>
+ </listitem>
+ </varlistentry>
- Sets the timeout for a query to
- <parameter>T</parameter> seconds. The default
- timeout is 5 seconds.
- An attempt to set <parameter>T</parameter> to less
- than 1 will result
- in a query timeout of 1 second being applied.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+ndots=D</option></term>
+ <listitem>
+ <para>
+ Set the number of dots that have to appear in
+ <parameter>name</parameter> to <parameter>D</parameter>
+ for it to be considered absolute. The default value
+ is that defined using the ndots statement in
+ <filename>/etc/resolv.conf</filename>, or 1 if no
+ ndots statement is present. Names with fewer dots
+ are interpreted as relative names and will be searched
+ for in the domains listed in the <option>search</option>
+ or <option>domain</option> directive in
+ <filename>/etc/resolv.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+tries=T</option></term>
- <listitem>
- <para>
- Sets the number of times to try UDP queries to server to
- <parameter>T</parameter> instead of the default, 3.
- If
- <parameter>T</parameter> is less than or equal to
- zero, the number of
- tries is silently rounded up to 1.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]nsid</option></term>
+ <listitem>
+ <para>
+ Include an EDNS name server ID request when sending
+ a query.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+retry=T</option></term>
- <listitem>
- <para>
- Sets the number of times to retry UDP queries to server to
- <parameter>T</parameter> instead of the default, 2.
- Unlike
- <parameter>+tries</parameter>, this does not include
- the initial
- query.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]nssearch</option></term>
+ <listitem>
+ <para>
+ When this option is set, <command>dig</command>
+ attempts to find the authoritative name servers for
+ the zone containing the name being looked up and
+ display the SOA record that each name server has for
+ the zone.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+ndots=D</option></term>
- <listitem>
- <para>
- Set the number of dots that have to appear in
- <parameter>name</parameter> to <parameter>D</parameter> for it to be
- considered absolute. The default value is that defined using
- the
- ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no
- ndots statement is present. Names with fewer dots are
- interpreted as
- relative names and will be searched for in the domains listed in
- the
- <option>search</option> or <option>domain</option> directive in
- <filename>/etc/resolv.conf</filename>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]onesoa</option></term>
+ <listitem>
+ <para>
+ Print only one (starting) SOA record when performing
+ an AXFR. The default is to print both the starting
+ and ending SOA records.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+bufsize=B</option></term>
- <listitem>
- <para>
- Set the UDP message buffer size advertised using EDNS0 to
- <parameter>B</parameter> bytes. The maximum and minimum sizes
- of this buffer are 65535 and 0 respectively. Values outside
- this range are rounded up or down appropriately.
- Values other than zero will cause a EDNS query to be sent.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]qr</option></term>
+ <listitem>
+ <para>
+ Print [do not print] the query as it is sent. By
+ default, the query is not printed.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
- <term><option>+edns=#</option></term>
+ <term><option>+[no]question</option></term>
<listitem>
<para>
- Specify the EDNS version to query with. Valid values
- are 0 to 255. Setting the EDNS version will cause a
- EDNS query to be sent. <option>+noedns</option> clears the
- remembered EDNS version.
+ Print [do not print] the question section of a query
+ when an answer is returned. The default is to print
+ the question section as a comment.
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><option>+[no]multiline</option></term>
- <listitem>
- <para>
- Print records like the SOA records in a verbose multi-line
- format with human-readable comments. The default is to print
- each record on a single line, to facilitate machine parsing
- of the <command>dig</command> output.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]recurse</option></term>
+ <listitem>
+ <para>
+ Toggle the setting of the RD (recursion desired) bit
+ in the query. This bit is set by default, which means
+ <command>dig</command> normally sends recursive
+ queries. Recursion is automatically disabled when
+ the <parameter>+nssearch</parameter> or
+ <parameter>+trace</parameter> query options are used.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
- <term><option>+[no]onesoa</option></term>
+ <term><option>+retry=T</option></term>
<listitem>
<para>
- Print only one (starting) SOA record when performing
- an AXFR. The default is to print both the starting and
- ending SOA records.
+ Sets the number of times to retry UDP queries to
+ server to <parameter>T</parameter> instead of the
+ default, 2. Unlike <parameter>+tries</parameter>,
+ this does not include the initial query.
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><option>+[no]fail</option></term>
- <listitem>
- <para>
- Do not try the next server if you receive a SERVFAIL. The
- default is
- to not try the next server which is the reverse of normal stub
- resolver
- behavior.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]search</option></term>
+ <listitem>
+ <para>
+ Use [do not use] the search list defined by the
+ searchlist or domain directive in
+ <filename>resolv.conf</filename> (if any). The search
+ list is not used by default.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]besteffort</option></term>
- <listitem>
- <para>
- Attempt to display the contents of messages which are malformed.
- The default is to not display malformed answers.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]short</option></term>
+ <listitem>
+ <para>
+ Provide a terse answer. The default is to print the
+ answer in a verbose form.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]dnssec</option></term>
- <listitem>
- <para>
- Requests DNSSEC records be sent by setting the DNSSEC OK bit
- (DO)
- in the OPT record in the additional section of the query.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]showsearch</option></term>
+ <listitem>
+ <para>
+ Perform [do not perform] a search showing intermediate
+ results.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]sigchase</option></term>
- <listitem>
- <para>
- Chase DNSSEC signature chains. Requires dig be compiled with
- -DDIG_SIGCHASE.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+[no]sigchase</option></term>
+ <listitem>
+ <para>
+ Chase DNSSEC signature chains. Requires dig be
+ compiled with -DDIG_SIGCHASE.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+trusted-key=####</option></term>
- <listitem>
- <para>
- Specifies a file containing trusted keys to be used with
- <option>+sigchase</option>. Each DNSKEY record must be
- on its own line.
- </para>
+ <varlistentry>
+ <term><option>+[no]stats</option></term>
+ <listitem>
<para>
- If not specified, <command>dig</command> will look for
- <filename>/etc/trusted-key.key</filename> then
- <filename>trusted-key.key</filename> in the current directory.
+ This query option toggles the printing of statistics:
+ when the query was made, the size of the reply and
+ so on. The default behavior is to print the query
+ statistics.
</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]tcp</option></term>
+ <listitem>
<para>
- Requires dig be compiled with -DDIG_SIGCHASE.
+ Use [do not use] TCP when querying name servers. The
+ default behavior is to use UDP unless an
+ <literal>ixfr=N</literal> query is requested, in which
+ case the default is TCP. AXFR queries always use
+ TCP.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>+[no]topdown</option></term>
- <listitem>
- <para>
- When chasing DNSSEC signature chains perform a top-down
- validation.
- Requires dig be compiled with -DDIG_SIGCHASE.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>+time=T</option></term>
+ <listitem>
+ <para>
- <varlistentry>
- <term><option>+[no]nsid</option></term>
- <listitem>
- <para>
- Include an EDNS name server ID request when sending a query.
- </para>
- </listitem>
- </varlistentry>
+ Sets the timeout for a query to
+ <parameter>T</parameter> seconds. The default
+ timeout is 5 seconds.
+ An attempt to set <parameter>T</parameter> to less
+ than 1 will result
+ in a query timeout of 1 second being applied.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>+[no]topdown</option></term>
+ <listitem>
+ <para>
+ When chasing DNSSEC signature chains perform a top-down
+ validation. Requires dig be compiled with -DDIG_SIGCHASE.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>+[no]trace</option></term>
+ <listitem>
+ <para>
+ Toggle tracing of the delegation path from the root
+ name servers for the name being looked up. Tracing
+ is disabled by default. When tracing is enabled,
+ <command>dig</command> makes iterative queries to
+ resolve the name being looked up. It will follow
+ referrals from the root servers, showing the answer
+ from each server that was used to resolve the lookup.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+tries=T</option></term>
+ <listitem>
+ <para>
+ Sets the number of times to try UDP queries to server
+ to <parameter>T</parameter> instead of the default,
+ 3. If <parameter>T</parameter> is less than or equal
+ to zero, the number of tries is silently rounded up
+ to 1.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+trusted-key=####</option></term>
+ <listitem>
+ <para>
+ Specifies a file containing trusted keys to be used
+ with <option>+sigchase</option>. Each DNSKEY record
+ must be on its own line.
+ </para> <para>
+ If not specified, <command>dig</command> will look
+ for <filename>/etc/trusted-key.key</filename> then
+ <filename>trusted-key.key</filename> in the current
+ directory.
+ </para> <para>
+ Requires dig be compiled with -DDIG_SIGCHASE.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]ttlid</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the TTL when printing the
+ record.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]vc</option></term>
+ <listitem>
+ <para>
+ Use [do not use] TCP when querying name servers. This
+ alternate syntax to <parameter>+[no]tcp</parameter>
+ is provided for backwards compatibility. The "vc"
+ stands for "virtual circuit".
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</para>
@@ -949,13 +948,13 @@
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
- <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
+ <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>RFC1035</citetitle>.
</para>
Modified: vendor/bind/dist/bin/dig/dig.html
===================================================================
--- vendor/bind/dist/bin/dig/dig.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/dig.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.html,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,12 +29,12 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543527"></a><h2>DESCRIPTION</h2>
+<a name="id2543541"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -58,7 +58,7 @@
<p>
Unless it is told to query a specific name server,
<span><strong class="command">dig</strong></span> will try each of the servers listed in
- <code class="filename">/etc/resolv.conf</code>. If no usable server addreses
+ <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
are found, <span><strong class="command">dig</strong></span> will send the query to the local
host.
</p>
@@ -74,7 +74,7 @@
</p>
<p>
The IN and CH class names overlap with the IN and CH top level
- domains names. Either use the <code class="option">-t</code> and
+ domain names. Either use the <code class="option">-t</code> and
<code class="option">-c</code> options to specify the type and class,
use the <code class="option">-q</code> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
@@ -81,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543606"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543620"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -94,47 +94,47 @@
<dt><span class="term"><code class="constant">server</code></span></dt>
<dd>
<p>
- is the name or IP address of the name server to query. This
- can be an IPv4 address in dotted-decimal notation or an IPv6
- address in colon-delimited notation. When the supplied
- <em class="parameter"><code>server</code></em> argument is a hostname,
- <span><strong class="command">dig</strong></span> resolves that name before querying
- that name server.
- </p>
+ is the name or IP address of the name server to query. This
+ can be an IPv4 address in dotted-decimal notation or an IPv6
+ address in colon-delimited notation. When the supplied
+ <em class="parameter"><code>server</code></em> argument is a hostname,
+ <span><strong class="command">dig</strong></span> resolves that name before querying
+ that name server.
+ </p>
<p>
- If no <em class="parameter"><code>server</code></em> argument is
- provided, <span><strong class="command">dig</strong></span> consults
- <code class="filename">/etc/resolv.conf</code>; if an
- address is found there, it queries the name server at
- that address. If either of the <code class="option">-4</code> or
- <code class="option">-6</code> options are in use, then
- only addresses for the corresponding transport
- will be tried. If no usable addresses are found,
- <span><strong class="command">dig</strong></span> will send the query to the
- local host. The reply from the name server that
- responds is displayed.
- </p>
+ If no <em class="parameter"><code>server</code></em> argument is
+ provided, <span><strong class="command">dig</strong></span> consults
+ <code class="filename">/etc/resolv.conf</code>; if an
+ address is found there, it queries the name server at
+ that address. If either of the <code class="option">-4</code> or
+ <code class="option">-6</code> options are in use, then
+ only addresses for the corresponding transport
+ will be tried. If no usable addresses are found,
+ <span><strong class="command">dig</strong></span> will send the query to the
+ local host. The reply from the name server that
+ responds is displayed.
+ </p>
</dd>
<dt><span class="term"><code class="constant">name</code></span></dt>
<dd><p>
- is the name of the resource record that is to be looked up.
- </p></dd>
+ is the name of the resource record that is to be looked up.
+ </p></dd>
<dt><span class="term"><code class="constant">type</code></span></dt>
<dd><p>
- indicates what type of query is required —
- ANY, A, MX, SIG, etc.
- <em class="parameter"><code>type</code></em> can be any valid query
- type. If no
- <em class="parameter"><code>type</code></em> argument is supplied,
- <span><strong class="command">dig</strong></span> will perform a lookup for an
- A record.
- </p></dd>
+ indicates what type of query is required —
+ ANY, A, MX, SIG, etc.
+ <em class="parameter"><code>type</code></em> can be any valid query
+ type. If no
+ <em class="parameter"><code>type</code></em> argument is supplied,
+ <span><strong class="command">dig</strong></span> will perform a lookup for an
+ A record.
+ </p></dd>
</dl></div>
<p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543709"></a><h2>OPTIONS</h2>
+<a name="id2543723"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@@ -193,10 +193,14 @@
</p>
<p>
The <code class="option">-q</code> option sets the query name to
- <em class="parameter"><code>name</code></em>. This useful do distinguish the
+ <em class="parameter"><code>name</code></em>. This is useful to distinguish the
<em class="parameter"><code>name</code></em> from other arguments.
</p>
<p>
+ The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to
+ print the version number and exit.
+ </p>
+<p>
Reverse lookups — mapping addresses to names — are simplified by the
<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
an IPv4
@@ -238,7 +242,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544058"></a><h2>QUERY OPTIONS</h2>
+<a name="id2544014"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -258,62 +262,19 @@
</p>
<div class="variablelist"><dl>
-<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
+<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
<dd><p>
- Use [do not use] TCP when querying name servers. The default
- behavior is to use UDP unless an AXFR or IXFR query is
- requested, in
- which case a TCP connection is used.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
-<dd><p>
- Use [do not use] TCP when querying name servers. This alternate
- syntax to <em class="parameter"><code>+[no]tcp</code></em> is
- provided for backwards
- compatibility. The "vc" stands for "virtual circuit".
- </p></dd>
-<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
-<dd><p>
- Ignore truncation in UDP responses instead of retrying with TCP.
- By
- default, TCP retries are performed.
- </p></dd>
-<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
-<dd><p>
- Set the search list to contain the single domain
- <em class="parameter"><code>somename</code></em>, as if specified in
- a
- <span><strong class="command">domain</strong></span> directive in
- <code class="filename">/etc/resolv.conf</code>, and enable
- search list
- processing as if the <em class="parameter"><code>+search</code></em>
- option were given.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]search</code></span></dt>
-<dd><p>
- Use [do not use] the search list defined by the searchlist or
- domain
- directive in <code class="filename">resolv.conf</code> (if
- any).
- The search list is not used by default.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
-<dd><p>
- Perform [do not perform] a search showing intermediate
- results.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
-<dd><p>
- Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
- </p></dd>
+ A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
<dd><p>
- Sets the "aa" flag in the query.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
+ Sets the "aa" flag in the query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
<dd><p>
- A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
- </p></dd>
+ Display [do not display] the additional section of a
+ reply. The default is to display it.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
<dd><p>
Set [do not set] the AD (authentic data) bit in the
@@ -325,244 +286,278 @@
from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated.
</p></dd>
+<dt><span class="term"><code class="option">+[no]all</code></span></dt>
+<dd><p>
+ Set or clear all display flags.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
+<dd><p>
+ Display [do not display] the answer section of a
+ reply. The default is to display it.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
+<dd><p>
+ Display [do not display] the authority section of a
+ reply. The default is to display it.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
+<dd><p>
+ Attempt to display the contents of messages which are
+ malformed. The default is to not display malformed
+ answers.
+ </p></dd>
+<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
+<dd><p>
+ Set the UDP message buffer size advertised using EDNS0
+ to <em class="parameter"><code>B</code></em> bytes. The maximum and
+ minimum sizes of this buffer are 65535 and 0 respectively.
+ Values outside this range are rounded up or down
+ appropriately. Values other than zero will cause a
+ EDNS query to be sent.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
<dd><p>
- Set [do not set] the CD (checking disabled) bit in the query.
- This
- requests the server to not perform DNSSEC validation of
- responses.
- </p></dd>
+ Set [do not set] the CD (checking disabled) bit in
+ the query. This requests the server to not perform
+ DNSSEC validation of responses.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
<dd><p>
- Display [do not display] the CLASS when printing the record.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
+ Display [do not display] the CLASS when printing the
+ record.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
- Display [do not display] the TTL when printing the record.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
+ Toggles the printing of the initial comment in the
+ output identifying the version of <span><strong class="command">dig</strong></span>
+ and the query options that have been applied. This
+ comment is printed by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
- Toggle the setting of the RD (recursion desired) bit in the
- query.
- This bit is set by default, which means <span><strong class="command">dig</strong></span>
- normally sends recursive queries. Recursion is automatically
- disabled
- when the <em class="parameter"><code>+nssearch</code></em> or
- <em class="parameter"><code>+trace</code></em> query options are
- used.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
+ Toggle the display of comment lines in the output.
+ The default is to print comments.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
<dd><p>
- When this option is set, <span><strong class="command">dig</strong></span>
- attempts to find the
- authoritative name servers for the zone containing the name
- being
- looked up and display the SOA record that each name server has
- for the
- zone.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
+ Deprecated, treated as a synonym for
+ <em class="parameter"><code>+[no]search</code></em>
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
<dd><p>
- Toggle tracing of the delegation path from the root name servers
- for
- the name being looked up. Tracing is disabled by default. When
- tracing is enabled, <span><strong class="command">dig</strong></span> makes
- iterative queries to
- resolve the name being looked up. It will follow referrals from
- the
- root servers, showing the answer from each server that was used
- to
- resolve the lookup.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
+ Requests DNSSEC records be sent by setting the DNSSEC
+ OK bit (DO) in the OPT record in the additional section
+ of the query.
+ </p></dd>
+<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
<dd><p>
- Toggles the printing of the initial comment in the output
- identifying
- the version of <span><strong class="command">dig</strong></span> and the query
- options that have
- been applied. This comment is printed by default.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]short</code></span></dt>
+ Set the search list to contain the single domain
+ <em class="parameter"><code>somename</code></em>, as if specified in
+ a <span><strong class="command">domain</strong></span> directive in
+ <code class="filename">/etc/resolv.conf</code>, and enable
+ search list processing as if the
+ <em class="parameter"><code>+search</code></em> option were given.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
<dd><p>
- Provide a terse answer. The default is to print the answer in a
- verbose form.
- </p></dd>
+ Specify the EDNS version to query with. Valid values
+ are 0 to 255. Setting the EDNS version will cause
+ a EDNS query to be sent. <code class="option">+noedns</code>
+ clears the remembered EDNS version. EDNS is set to
+ 0 by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
+<dd><p>
+ Do not try the next server if you receive a SERVFAIL.
+ The default is to not try the next server which is
+ the reverse of normal stub resolver behavior.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
<dd><p>
- Show [or do not show] the IP address and port number that
- supplied the
- answer when the <em class="parameter"><code>+short</code></em> option
- is enabled. If
- short form answers are requested, the default is not to show the
- source address and port number of the server that provided the
- answer.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
+ Show [or do not show] the IP address and port number
+ that supplied the answer when the
+ <em class="parameter"><code>+short</code></em> option is enabled. If
+ short form answers are requested, the default is not
+ to show the source address and port number of the
+ server that provided the answer.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
<dd><p>
- Toggle the display of comment lines in the output. The default
- is to
- print comments.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
+ Ignore truncation in UDP responses instead of retrying
+ with TCP. By default, TCP retries are performed.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
<dd><p>
- This query option toggles the printing of statistics: when the
- query
- was made, the size of the reply and so on. The default
- behavior is
- to print the query statistics.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
+ Keep the TCP socket open between queries and reuse
+ it rather than creating a new TCP socket for each
+ lookup. The default is <code class="option">+nokeepopen</code>.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
- Print [do not print] the query as it is sent.
- By default, the query is not printed.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]question</code></span></dt>
+ Print records like the SOA records in a verbose
+ multi-line format with human-readable comments. The
+ default is to print each record on a single line, to
+ facilitate machine parsing of the <span><strong class="command">dig</strong></span>
+ output.
+ </p></dd>
+<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
<dd><p>
- Print [do not print] the question section of a query when an
- answer is
- returned. The default is to print the question section as a
- comment.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
+ Set the number of dots that have to appear in
+ <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
+ for it to be considered absolute. The default value
+ is that defined using the ndots statement in
+ <code class="filename">/etc/resolv.conf</code>, or 1 if no
+ ndots statement is present. Names with fewer dots
+ are interpreted as relative names and will be searched
+ for in the domains listed in the <code class="option">search</code>
+ or <code class="option">domain</code> directive in
+ <code class="filename">/etc/resolv.conf</code>.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
<dd><p>
- Display [do not display] the answer section of a reply. The
- default
- is to display it.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
+ Include an EDNS name server ID request when sending
+ a query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
- Display [do not display] the authority section of a reply. The
- default is to display it.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
+ When this option is set, <span><strong class="command">dig</strong></span>
+ attempts to find the authoritative name servers for
+ the zone containing the name being looked up and
+ display the SOA record that each name server has for
+ the zone.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
<dd><p>
- Display [do not display] the additional section of a reply.
- The default is to display it.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]all</code></span></dt>
+ Print only one (starting) SOA record when performing
+ an AXFR. The default is to print both the starting
+ and ending SOA records.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd><p>
- Set or clear all display flags.
- </p></dd>
-<dt><span class="term"><code class="option">+time=T</code></span></dt>
+ Print [do not print] the query as it is sent. By
+ default, the query is not printed.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd><p>
-
- Sets the timeout for a query to
- <em class="parameter"><code>T</code></em> seconds. The default
- timeout is 5 seconds.
- An attempt to set <em class="parameter"><code>T</code></em> to less
- than 1 will result
- in a query timeout of 1 second being applied.
- </p></dd>
-<dt><span class="term"><code class="option">+tries=T</code></span></dt>
+ Print [do not print] the question section of a query
+ when an answer is returned. The default is to print
+ the question section as a comment.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
<dd><p>
- Sets the number of times to try UDP queries to server to
- <em class="parameter"><code>T</code></em> instead of the default, 3.
- If
- <em class="parameter"><code>T</code></em> is less than or equal to
- zero, the number of
- tries is silently rounded up to 1.
- </p></dd>
+ Toggle the setting of the RD (recursion desired) bit
+ in the query. This bit is set by default, which means
+ <span><strong class="command">dig</strong></span> normally sends recursive
+ queries. Recursion is automatically disabled when
+ the <em class="parameter"><code>+nssearch</code></em> or
+ <em class="parameter"><code>+trace</code></em> query options are used.
+ </p></dd>
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
<dd><p>
- Sets the number of times to retry UDP queries to server to
- <em class="parameter"><code>T</code></em> instead of the default, 2.
- Unlike
- <em class="parameter"><code>+tries</code></em>, this does not include
- the initial
- query.
- </p></dd>
-<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
+ Sets the number of times to retry UDP queries to
+ server to <em class="parameter"><code>T</code></em> instead of the
+ default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
+ this does not include the initial query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]search</code></span></dt>
<dd><p>
- Set the number of dots that have to appear in
- <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
- considered absolute. The default value is that defined using
- the
- ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
- ndots statement is present. Names with fewer dots are
- interpreted as
- relative names and will be searched for in the domains listed in
- the
- <code class="option">search</code> or <code class="option">domain</code> directive in
- <code class="filename">/etc/resolv.conf</code>.
- </p></dd>
-<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
+ Use [do not use] the search list defined by the
+ searchlist or domain directive in
+ <code class="filename">resolv.conf</code> (if any). The search
+ list is not used by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]short</code></span></dt>
<dd><p>
- Set the UDP message buffer size advertised using EDNS0 to
- <em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes
- of this buffer are 65535 and 0 respectively. Values outside
- this range are rounded up or down appropriately.
- Values other than zero will cause a EDNS query to be sent.
- </p></dd>
-<dt><span class="term"><code class="option">+edns=#</code></span></dt>
+ Provide a terse answer. The default is to print the
+ answer in a verbose form.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dd><p>
- Specify the EDNS version to query with. Valid values
- are 0 to 255. Setting the EDNS version will cause a
- EDNS query to be sent. <code class="option">+noedns</code> clears the
- remembered EDNS version.
+ Perform [do not perform] a search showing intermediate
+ results.
</p></dd>
-<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
+<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
<dd><p>
- Print records like the SOA records in a verbose multi-line
- format with human-readable comments. The default is to print
- each record on a single line, to facilitate machine parsing
- of the <span><strong class="command">dig</strong></span> output.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
+ Chase DNSSEC signature chains. Requires dig be
+ compiled with -DDIG_SIGCHASE.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
- Print only one (starting) SOA record when performing
- an AXFR. The default is to print both the starting and
- ending SOA records.
+ This query option toggles the printing of statistics:
+ when the query was made, the size of the reply and
+ so on. The default behavior is to print the query
+ statistics.
</p></dd>
-<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
+<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
- Do not try the next server if you receive a SERVFAIL. The
- default is
- to not try the next server which is the reverse of normal stub
- resolver
- behavior.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
+ Use [do not use] TCP when querying name servers. The
+ default behavior is to use UDP unless an
+ <code class="literal">ixfr=N</code> query is requested, in which
+ case the default is TCP. AXFR queries always use
+ TCP.
+ </p></dd>
+<dt><span class="term"><code class="option">+time=T</code></span></dt>
<dd><p>
- Attempt to display the contents of messages which are malformed.
- The default is to not display malformed answers.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
+
+ Sets the timeout for a query to
+ <em class="parameter"><code>T</code></em> seconds. The default
+ timeout is 5 seconds.
+ An attempt to set <em class="parameter"><code>T</code></em> to less
+ than 1 will result
+ in a query timeout of 1 second being applied.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dd><p>
- Requests DNSSEC records be sent by setting the DNSSEC OK bit
- (DO)
- in the OPT record in the additional section of the query.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
+ When chasing DNSSEC signature chains perform a top-down
+ validation. Requires dig be compiled with -DDIG_SIGCHASE.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd><p>
- Chase DNSSEC signature chains. Requires dig be compiled with
- -DDIG_SIGCHASE.
- </p></dd>
+ Toggle tracing of the delegation path from the root
+ name servers for the name being looked up. Tracing
+ is disabled by default. When tracing is enabled,
+ <span><strong class="command">dig</strong></span> makes iterative queries to
+ resolve the name being looked up. It will follow
+ referrals from the root servers, showing the answer
+ from each server that was used to resolve the lookup.
+ </p></dd>
+<dt><span class="term"><code class="option">+tries=T</code></span></dt>
+<dd><p>
+ Sets the number of times to try UDP queries to server
+ to <em class="parameter"><code>T</code></em> instead of the default,
+ 3. If <em class="parameter"><code>T</code></em> is less than or equal
+ to zero, the number of tries is silently rounded up
+ to 1.
+ </p></dd>
<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
<dd>
<p>
- Specifies a file containing trusted keys to be used with
- <code class="option">+sigchase</code>. Each DNSKEY record must be
- on its own line.
- </p>
+ Specifies a file containing trusted keys to be used
+ with <code class="option">+sigchase</code>. Each DNSKEY record
+ must be on its own line.
+ </p>
<p>
- If not specified, <span><strong class="command">dig</strong></span> will look for
- <code class="filename">/etc/trusted-key.key</code> then
- <code class="filename">trusted-key.key</code> in the current directory.
+ If not specified, <span><strong class="command">dig</strong></span> will look
+ for <code class="filename">/etc/trusted-key.key</code> then
+ <code class="filename">trusted-key.key</code> in the current
+ directory.
</p>
<p>
- Requires dig be compiled with -DDIG_SIGCHASE.
+ Requires dig be compiled with -DDIG_SIGCHASE.
</p>
</dd>
-<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
+<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
<dd><p>
- When chasing DNSSEC signature chains perform a top-down
- validation.
- Requires dig be compiled with -DDIG_SIGCHASE.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
+ Display [do not display] the TTL when printing the
+ record.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
<dd><p>
- Include an EDNS name server ID request when sending a query.
- </p></dd>
+ Use [do not use] TCP when querying name servers. This
+ alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
+ is provided for backwards compatibility. The "vc"
+ stands for "virtual circuit".
+ </p></dd>
</dl></div>
<p>
@@ -569,7 +564,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545207"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2545116"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@@ -615,7 +610,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545337"></a><h2>IDN SUPPORT</h2>
+<a name="id2545178"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -629,7 +624,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545360"></a><h2>FILES</h2>
+<a name="id2545201"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
@@ -636,7 +631,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545377"></a><h2>SEE ALSO</h2>
+<a name="id2545218"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -644,7 +639,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545414"></a><h2>BUGS</h2>
+<a name="id2545255"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
Modified: vendor/bind/dist/bin/dig/dighost.c
===================================================================
--- vendor/bind/dist/bin/dig/dighost.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/dighost.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dighost.c,v 1.336.22.9 2011/12/07 17:23:55 each Exp $ */
/*! \file
* \note
@@ -46,8 +46,10 @@
#include <dns/byaddr.h>
#ifdef DIG_SIGCHASE
+#include <dns/callbacks.h>
#include <dns/dnssec.h>
#include <dns/ds.h>
+#include <dns/master.h>
#include <dns/nsec.h>
#include <isc/random.h>
#include <ctype.h>
@@ -123,7 +125,8 @@
usesearch = ISC_FALSE,
showsearch = ISC_FALSE,
qr = ISC_FALSE,
- is_dst_up = ISC_FALSE;
+ is_dst_up = ISC_FALSE,
+ keep_open = ISC_FALSE;
in_port_t port = 53;
unsigned int timeout = 0;
unsigned int extrabytes;
@@ -155,6 +158,9 @@
int idnoptions = 0;
#endif
+isc_socket_t *keep = NULL;
+isc_sockaddr_t keepaddr;
+
/*%
* Exit Codes:
*
@@ -178,6 +184,7 @@
isc_entropy_t *entp = NULL;
isc_mempool_t *commctx = NULL;
isc_boolean_t debugging = ISC_FALSE;
+isc_boolean_t debugtiming = ISC_FALSE;
isc_boolean_t memdebugging = ISC_FALSE;
char *progname = NULL;
isc_mutex_t lookup_lock;
@@ -250,11 +257,10 @@
dns_rdataset_t ** sigrdataset);
static void nameFromString(const char *str, dns_name_t *p_ret);
int inf_name(dns_name_t * name1, dns_name_t * name2);
-isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
- char **tempp, FILE **fp);
isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
void clean_trustedkey(void);
-void insert_trustedkey(dst_key_t **key);
+isc_result_t insert_trustedkey(void *arg, dns_name_t *name,
+ dns_rdataset_t *rdataset);
#if DIG_SIGCHASE_BU
isc_result_t getneededrr(dns_message_t *msg);
void sigchase_bottom_up(dns_message_t *msg);
@@ -365,6 +371,12 @@
static void
send_tcp_connect(dig_query_t *query);
+static void
+check_next_lookup(dig_lookup_t *lookup);
+
+static isc_boolean_t
+next_origin(dig_lookup_t *oldlookup);
+
static void *
mem_alloc(void *arg, size_t size) {
return (isc_mem_get(arg, size));
@@ -444,7 +456,7 @@
append(const char *text, int len, char **p, char *end) {
if (len > end - *p)
return (ISC_R_NOSPACE);
- memcpy(*p, text, len);
+ memmove(*p, text, len);
*p += len;
return (ISC_R_SUCCESS);
}
@@ -461,7 +473,7 @@
result = append(".", 1, p, end);
if (result != ISC_R_SUCCESS)
return (result);
- len = dot - in;
+ len = (int)(dot - in);
} else {
len = strlen(in);
}
@@ -491,7 +503,7 @@
result = dns_byaddr_createptrname2(&addr, options, name);
if (result != ISC_R_SUCCESS)
return (result);
- dns_name_format(name, reverse, len);
+ dns_name_format(name, reverse, (unsigned int)len);
return (ISC_R_SUCCESS);
} else {
/*
@@ -537,9 +549,15 @@
void
debug(const char *format, ...) {
va_list args;
+ isc_time_t t;
if (debugging) {
fflush(stdout);
+ if (debugtiming) {
+ TIME_NOW(&t);
+ fprintf(stderr, "%d.%06d: ", isc_time_seconds(&t),
+ isc_time_nanoseconds(&t) / 1000);
+ }
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
@@ -601,7 +619,8 @@
static void
copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) {
dig_server_t *newsrv;
- char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+ char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255") +
+ sizeof("%4000000000")];
int af;
int i;
@@ -616,6 +635,12 @@
lwres_net_ntop(af, confdata->nameservers[i].address,
tmp, sizeof(tmp));
+ if (af == AF_INET6 && confdata->nameservers[i].zone != 0) {
+ char buf[sizeof("%4000000000")];
+ snprintf(buf, sizeof(buf), "%%%u",
+ confdata->nameservers[i].zone);
+ strlcat(tmp, buf, sizeof(tmp));
+ }
newsrv = make_server(tmp, tmp);
ISC_LINK_INIT(newsrv, link);
ISC_LIST_ENQUEUE(*dest, newsrv, link);
@@ -781,6 +806,7 @@
looknew->retries = tries;
looknew->nsfound = 0;
looknew->tcp_mode = ISC_FALSE;
+ looknew->tcp_mode_set = ISC_FALSE;
looknew->ip6_int = ISC_FALSE;
looknew->comments = ISC_TRUE;
looknew->stats = ISC_TRUE;
@@ -858,6 +884,7 @@
looknew->cdflag = lookold->cdflag;
looknew->ns_search_only = lookold->ns_search_only;
looknew->tcp_mode = lookold->tcp_mode;
+ looknew->tcp_mode_set = lookold->tcp_mode_set;
looknew->comments = lookold->comments;
looknew->stats = lookold->stats;
looknew->section_question = lookold->section_question;
@@ -871,6 +898,9 @@
dns_name_copy(dns_fixedname_name(&lookold->fdomain),
dns_fixedname_name(&looknew->fdomain), NULL);
+ dns_name_copy(dns_fixedname_name(&lookold->fdomain),
+ dns_fixedname_name(&looknew->fdomain), NULL);
+
if (servers)
clone_server_list(lookold->my_server_list,
&looknew->my_server_list);
@@ -1318,6 +1348,7 @@
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create");
+ isc_mem_setname(mctx, "dig", NULL);
result = isc_log_create(mctx, &lctx, &logconfig);
check_result(result, "isc_log_create");
@@ -1336,6 +1367,7 @@
result = isc_task_create(taskmgr, 0, &global_task);
check_result(result, "isc_task_create");
+ isc_task_setname(global_task, "dig", NULL);
result = isc_timermgr_create(mctx, &timermgr);
check_result(result, "isc_timermgr_create");
@@ -1679,8 +1711,10 @@
}
novalidation:
#endif
- setup_lookup(current_lookup);
- do_lookup(current_lookup);
+ if (setup_lookup(current_lookup))
+ do_lookup(current_lookup);
+ else if (next_origin(current_lookup))
+ check_next_lookup(current_lookup);
} else {
check_if_done();
}
@@ -1881,14 +1915,17 @@
* Return ISC_TRUE iff there was another searchlist entry.
*/
static isc_boolean_t
-next_origin(dig_query_t *query) {
- dig_lookup_t *lookup;
+next_origin(dig_lookup_t *oldlookup) {
+ dig_lookup_t *newlookup;
dig_searchlist_t *search;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_result_t result;
INSIST(!free_now);
debug("next_origin()");
- debug("following up %s", query->lookup->textname);
+ debug("following up %s", oldlookup->textname);
if (!usesearch)
/*
@@ -1896,23 +1933,36 @@
* about finding the next entry.
*/
return (ISC_FALSE);
- if (query->lookup->origin == NULL && !query->lookup->need_search)
+
+ /*
+ * Check for a absolute name or ndots being met.
+ */
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ result = dns_name_fromstring2(name, oldlookup->textname, NULL,
+ 0, NULL);
+ if (result == ISC_R_SUCCESS &&
+ (dns_name_isabsolute(name) ||
+ (int)dns_name_countlabels(name) > ndots))
+ return (ISC_FALSE);
+
+ if (oldlookup->origin == NULL && !oldlookup->need_search)
/*
* Then we just did rootorg; there's nothing left.
*/
return (ISC_FALSE);
- if (query->lookup->origin == NULL && query->lookup->need_search) {
- lookup = requeue_lookup(query->lookup, ISC_TRUE);
- lookup->origin = ISC_LIST_HEAD(search_list);
- lookup->need_search = ISC_FALSE;
+ if (oldlookup->origin == NULL && oldlookup->need_search) {
+ newlookup = requeue_lookup(oldlookup, ISC_TRUE);
+ newlookup->origin = ISC_LIST_HEAD(search_list);
+ newlookup->need_search = ISC_FALSE;
} else {
- search = ISC_LIST_NEXT(query->lookup->origin, link);
- if (search == NULL && query->lookup->done_as_is)
+ search = ISC_LIST_NEXT(oldlookup->origin, link);
+ if (search == NULL && oldlookup->done_as_is)
return (ISC_FALSE);
- lookup = requeue_lookup(query->lookup, ISC_TRUE);
- lookup->origin = search;
+ newlookup = requeue_lookup(oldlookup, ISC_TRUE);
+ newlookup->origin = search;
}
- cancel_lookup(query->lookup);
+ cancel_lookup(oldlookup);
return (ISC_TRUE);
}
@@ -1988,7 +2038,7 @@
* well as the query structures and buffer space for the replies. If the
* server list is empty, clone it from the system default list.
*/
-void
+isc_boolean_t
setup_lookup(dig_lookup_t *lookup) {
isc_result_t result;
isc_uint32_t id;
@@ -2114,21 +2164,36 @@
if (lookup->trace && lookup->trace_root) {
dns_name_clone(dns_rootname, lookup->name);
} else {
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
len = strlen(lookup->textname);
isc_buffer_init(&b, lookup->textname, len);
isc_buffer_add(&b, len);
- result = dns_name_fromtext(lookup->name, &b,
- lookup->oname, 0,
- &lookup->namebuf);
+ result = dns_name_fromtext(name, &b, NULL, 0, NULL);
+ if (result == ISC_R_SUCCESS &&
+ !dns_name_isabsolute(name))
+ result = dns_name_concatenate(name,
+ lookup->oname,
+ lookup->name,
+ &lookup->namebuf);
+ else if (result == ISC_R_SUCCESS)
+ result = dns_name_copy(name, lookup->name,
+ &lookup->namebuf);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(lookup->sendmsg,
+ &lookup->name);
+ dns_message_puttempname(lookup->sendmsg,
+ &lookup->oname);
+ if (result == DNS_R_NAMETOOLONG)
+ return (ISC_FALSE);
+ fatal("'%s' is not in legal name syntax (%s)",
+ lookup->textname,
+ isc_result_totext(result));
+ }
}
- if (result != ISC_R_SUCCESS) {
- dns_message_puttempname(lookup->sendmsg,
- &lookup->name);
- dns_message_puttempname(lookup->sendmsg,
- &lookup->oname);
- fatal("'%s' is not in legal name syntax (%s)",
- lookup->textname, isc_result_totext(result));
- }
dns_message_puttempname(lookup->sendmsg, &lookup->oname);
} else
#endif
@@ -2304,6 +2369,7 @@
query->rr_count = 0;
query->msg_count = 0;
query->byte_count = 0;
+ query->ixfr_axfr = ISC_FALSE;
ISC_LIST_INIT(query->recvlist);
ISC_LIST_INIT(query->lengthlist);
query->sock = NULL;
@@ -2326,6 +2392,7 @@
printmessage(ISC_LIST_HEAD(lookup->q), lookup->sendmsg,
ISC_TRUE);
}
+ return (ISC_TRUE);
}
/*%
@@ -2352,8 +2419,10 @@
for (b = ISC_LIST_HEAD(sevent->bufferlist);
b != NULL;
- b = ISC_LIST_HEAD(sevent->bufferlist))
+ b = ISC_LIST_HEAD(sevent->bufferlist)) {
ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
+ isc_mem_free(mctx, b);
+ }
query = event->ev_arg;
query->waiting_senddone = ISC_FALSE;
@@ -2508,6 +2577,15 @@
}
INSIST(query->sock == NULL);
+
+ if (keep != NULL && isc_sockaddr_equal(&keepaddr, &query->sockaddr)) {
+ sockcount++;
+ isc_socket_attach(keep, &query->sock);
+ query->waiting_connect = ISC_FALSE;
+ launch_next_query(query, ISC_TRUE);
+ goto search;
+ }
+
result = isc_socket_create(socketmgr,
isc_sockaddr_pf(&query->sockaddr),
isc_sockettype_tcp, &query->sock);
@@ -2530,6 +2608,7 @@
result = isc_socket_connect(query->sock, &query->sockaddr,
global_task, connect_done, query);
check_result(result, "isc_socket_connect");
+ search:
/*
* If we're at the endgame of a nameserver search, we need to
* immediately bring up all the queries. Do it here.
@@ -2545,6 +2624,17 @@
}
}
+static isc_buffer_t *
+clone_buffer(isc_buffer_t *source) {
+ isc_buffer_t *buffer;
+ buffer = isc_mem_allocate(mctx, sizeof(*buffer));
+ if (buffer == NULL)
+ fatal("memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ *buffer = *source;
+ return (buffer);
+}
+
/*%
* Send a UDP packet to the remote nameserver, possible starting the
* recv action as well. Also make sure that the timer is running and
@@ -2554,6 +2644,7 @@
send_udp(dig_query_t *query) {
dig_lookup_t *l = NULL;
isc_result_t result;
+ isc_buffer_t *sendbuf;
debug("send_udp(%p)", query);
@@ -2600,14 +2691,16 @@
debug("recvcount=%d", recvcount);
}
ISC_LIST_INIT(query->sendlist);
- ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
+ sendbuf = clone_buffer(&query->sendbuf);
+ ISC_LIST_ENQUEUE(query->sendlist, sendbuf, link);
debug("sending a request");
TIME_NOW(&query->time_sent);
INSIST(query->sock != NULL);
query->waiting_senddone = ISC_TRUE;
- result = isc_socket_sendtov(query->sock, &query->sendlist,
- global_task, send_done, query,
- &query->sockaddr, NULL);
+ result = isc_socket_sendtov2(query->sock, &query->sendlist,
+ global_task, send_done, query,
+ &query->sockaddr, NULL,
+ ISC_SOCKFLAG_NORETRY);
check_result(result, "isc_socket_sendtov");
sendcount++;
}
@@ -2769,6 +2862,7 @@
launch_next_query(dig_query_t *query, isc_boolean_t include_question) {
isc_result_t result;
dig_lookup_t *l;
+ isc_buffer_t *buffer;
INSIST(!free_now);
@@ -2792,9 +2886,15 @@
isc_buffer_putuint16(&query->slbuf, (isc_uint16_t) query->sendbuf.used);
ISC_LIST_INIT(query->sendlist);
ISC_LINK_INIT(&query->slbuf, link);
- ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link);
- if (include_question)
- ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
+ if (!query->first_soa_rcvd) {
+ buffer = clone_buffer(&query->slbuf);
+ ISC_LIST_ENQUEUE(query->sendlist, buffer, link);
+ if (include_question) {
+ buffer = clone_buffer(&query->sendbuf);
+ ISC_LIST_ENQUEUE(query->sendlist, buffer, link);
+ }
+ }
+
ISC_LINK_INIT(&query->lengthbuf, link);
ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link);
@@ -2894,6 +2994,12 @@
UNLOCK_LOOKUP;
return;
}
+ if (keep_open) {
+ if (keep != NULL)
+ isc_socket_detach(&keep);
+ isc_socket_attach(query->sock, &keep);
+ keepaddr = query->sockaddr;
+ }
launch_next_query(query, ISC_TRUE);
isc_event_free(&event);
UNLOCK_LOOKUP;
@@ -2917,6 +3023,9 @@
isc_boolean_t ixfr = query->lookup->rdtype == dns_rdatatype_ixfr;
isc_boolean_t axfr = query->lookup->rdtype == dns_rdatatype_axfr;
+ if (ixfr)
+ axfr = query->ixfr_axfr;
+
debug("check_for_more_data()");
/*
@@ -2965,7 +3074,7 @@
query->second_rr_rcvd = ISC_TRUE;
query->second_rr_serial = 0;
debug("got the second rr as nonsoa");
- axfr = ISC_TRUE;
+ axfr = query->ixfr_axfr = ISC_TRUE;
goto next_rdata;
}
@@ -3080,6 +3189,7 @@
INSIST(recvcount >= 0);
query = event->ev_arg;
+ TIME_NOW(&query->time_recv);
debug("lookup=%p, query=%p", query->lookup, query);
l = query->lookup;
@@ -3401,9 +3511,9 @@
}
if (!l->doing_xfr || l->xfr_q == query) {
- if (msg->rcode != dns_rcode_noerror &&
+ if (msg->rcode == dns_rcode_nxdomain &&
(l->origin != NULL || l->need_search)) {
- if (!next_origin(query) || showsearch) {
+ if (!next_origin(query->lookup) || showsearch) {
printmessage(query, msg, ISC_TRUE);
received(b->used, &sevent->address, query);
}
@@ -3672,19 +3782,32 @@
if (current_lookup != NULL) {
if (current_lookup->timer != NULL)
isc_timer_detach(¤t_lookup->timer);
- q = ISC_LIST_HEAD(current_lookup->q);
- while (q != NULL) {
- debug("canceling query %p, belonging to %p",
+ for (q = ISC_LIST_HEAD(current_lookup->q);
+ q != NULL;
+ q = nq)
+ {
+ nq = ISC_LIST_NEXT(q, link);
+ debug("canceling pending query %p, belonging to %p",
q, current_lookup);
- nq = ISC_LIST_NEXT(q, link);
- if (q->sock != NULL) {
+ if (q->sock != NULL)
isc_socket_cancel(q->sock, NULL,
ISC_SOCKCANCEL_ALL);
- } else {
+ else
clear_query(q);
- }
- q = nq;
}
+ for (q = ISC_LIST_HEAD(current_lookup->connecting);
+ q != NULL;
+ q = nq)
+ {
+ nq = ISC_LIST_NEXT(q, clink);
+ debug("canceling connecting query %p, belonging to %p",
+ q, current_lookup);
+ if (q->sock != NULL)
+ isc_socket_cancel(q->sock, NULL,
+ ISC_SOCKCANCEL_ALL);
+ else
+ clear_query(q);
+ }
}
l = ISC_LIST_HEAD(lookup_list);
while (l != NULL) {
@@ -3710,6 +3833,8 @@
isc_result_t result;
#endif
+ if (keep != NULL)
+ isc_socket_detach(&keep);
debug("destroy_libs()");
if (global_task != NULL) {
debug("freeing task");
@@ -3861,7 +3986,7 @@
fromlen = isc_buffer_usedlength(buffer) - used_org;
if (fromlen >= MAXDLEN)
return (ISC_R_SUCCESS);
- memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen);
+ memmove(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen);
end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
if (absolute && !end_with_dot) {
fromlen++;
@@ -3890,8 +4015,8 @@
return (ISC_R_NOSPACE);
isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org);
- memcpy(isc_buffer_used(buffer), tmp1, tolen);
- isc_buffer_add(buffer, tolen);
+ memmove(isc_buffer_used(buffer), tmp1, tolen);
+ isc_buffer_add(buffer, (unsigned int)tolen);
return (ISC_R_SUCCESS);
}
@@ -3910,7 +4035,8 @@
if (namelen + 1 + originlen >= namesize)
return idn_buffer_overflow;
- name[namelen++] = '.';
+ if (*origin != '.')
+ name[namelen++] = '.';
(void)strcpy(name + namelen, origin);
return idn_success;
}
@@ -4133,17 +4259,35 @@
return (NULL);
}
-void
-insert_trustedkey(dst_key_t **keyp)
+isc_result_t
+insert_trustedkey(void *arg, dns_name_t *name, dns_rdataset_t *rdataset)
{
- if (*keyp == NULL)
- return;
- if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
- return;
+ isc_result_t result;
+ dst_key_t *key;
- tk_list.key[tk_list.nb_tk++] = *keyp;
- *keyp = NULL;
- return;
+ UNUSED(arg);
+
+ if (rdataset == NULL || rdataset->type != dns_rdatatype_dnskey)
+ return (ISC_R_SUCCESS);
+
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset)) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_buffer_t b;
+
+ dns_rdataset_current(rdataset, &rdata);
+ isc_buffer_init(&b, rdata.data, rdata.length);
+ isc_buffer_add(&b, rdata.length);
+ if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
+ return (ISC_R_SUCCESS);
+ key = NULL;
+ result = dst_key_fromdns(name, rdata.rdclass, &b, mctx, &key);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ tk_list.key[tk_list.nb_tk++] = key;
+ }
+ return (ISC_R_SUCCESS);
}
void
@@ -4190,86 +4334,11 @@
}
isc_result_t
-opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
- FILE *f = NULL;
- isc_result_t result;
- char *tempname = NULL;
- char *tempnamekey = NULL;
- int tempnamelen;
- int tempnamekeylen;
- char *x;
- char *cp;
- isc_uint32_t which;
-
- while (1) {
- tempnamelen = strlen(file) + 20;
- tempname = isc_mem_allocate(mctx, tempnamelen);
- if (tempname == NULL)
- return (ISC_R_NOMEMORY);
- memset(tempname, 0, tempnamelen);
-
- result = isc_file_mktemplate(file, tempname, tempnamelen);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
-
- cp = tempname;
- while (*cp != '\0')
- cp++;
- if (cp == tempname) {
- isc_mem_free(mctx, tempname);
- return (ISC_R_FAILURE);
- }
-
- x = cp--;
- while (cp >= tempname && *cp == 'X') {
- isc_random_get(&which);
- *cp = alphnum[which % (sizeof(alphnum) - 1)];
- x = cp--;
- }
-
- tempnamekeylen = tempnamelen+5;
- tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
- if (tempnamekey == NULL)
- return (ISC_R_NOMEMORY);
-
- memset(tempnamekey, 0, tempnamekeylen);
- strlcpy(tempnamekey, tempname, tempnamelen);
- strcat(tempnamekey ,".key");
-
-
- if (isc_file_exists(tempnamekey)) {
- isc_mem_free(mctx, tempnamekey);
- isc_mem_free(mctx, tempname);
- continue;
- }
-
- if ((f = fopen(tempnamekey, "w")) == NULL) {
- printf("get_trusted_key(): trusted key not found %s\n",
- tempnamekey);
- return (ISC_R_FAILURE);
- }
- break;
- }
- isc_mem_free(mctx, tempnamekey);
- *tempp = tempname;
- *fp = f;
- return (ISC_R_SUCCESS);
-
- cleanup:
- isc_mem_free(mctx, tempname);
-
- return (result);
-}
-
-isc_result_t
get_trusted_key(isc_mem_t *mctx)
{
isc_result_t result;
const char *filename = NULL;
- char *filetemp = NULL;
- char buf[1500];
- FILE *fp, *fptemp;
- dst_key_t *key = NULL;
+ dns_rdatacallbacks_t callbacks;
result = isc_file_exists(trustedkey);
if (result != ISC_TRUE) {
@@ -4290,40 +4359,11 @@
return (ISC_R_FAILURE);
}
- if ((fp = fopen(filename, "r")) == NULL) {
- printf("get_trusted_key(): trusted key not found %s\n",
- filename);
- return (ISC_R_FAILURE);
- }
- while (fgets(buf, sizeof(buf), fp) != NULL) {
- result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp);
- if (result != ISC_R_SUCCESS) {
- fclose(fp);
- return (ISC_R_FAILURE);
- }
- if (fputs(buf, fptemp) < 0) {
- fclose(fp);
- fclose(fptemp);
- return (ISC_R_FAILURE);
- }
- fclose(fptemp);
- result = dst_key_fromnamedfile(filetemp, NULL, DST_TYPE_PUBLIC,
- mctx, &key);
- removetmpkey(mctx, filetemp);
- isc_mem_free(mctx, filetemp);
- if (result != ISC_R_SUCCESS) {
- fclose(fp);
- return (ISC_R_FAILURE);
- }
-#if 0
- dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
-#endif
- insert_trustedkey(&key);
- if (key != NULL)
- dst_key_free(&key);
- }
- fclose(fp);
- return (ISC_R_SUCCESS);
+ dns_rdatacallbacks_init_stdio(&callbacks);
+ callbacks.add = insert_trustedkey;
+ return (dns_master_loadfile(filename, dns_rootname, dns_rootname,
+ current_lookup->rdclass, 0, &callbacks,
+ mctx));
}
@@ -4337,7 +4377,7 @@
REQUIRE(p_ret != NULL);
REQUIRE(str != NULL);
- isc_buffer_init(&buffer, str, len);
+ isc_buffer_constinit(&buffer, str, len);
isc_buffer_add(&buffer, len);
dns_fixedname_init(&fixedname);
Modified: vendor/bind/dist/bin/dig/host.1
===================================================================
--- vendor/bind/dist/bin/dig/host.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/host.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: host.1,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: host
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: January 20, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "HOST" "1" "January 20, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -33,7 +33,7 @@
host \- DNS lookup utility
.SH "SYNOPSIS"
.HP 5
-\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server]
+\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
.SH "DESCRIPTION"
.PP
\fBhost\fR
@@ -194,6 +194,12 @@
\fIusage\fR
and
\fItrace\fR.
+.PP
+The
+\fB\-V\fR
+option causes
+\fBhost\fR
+to print the version number and exit.
.SH "IDN SUPPORT"
.PP
If
@@ -213,7 +219,7 @@
\fBdig\fR(1),
\fBnamed\fR(8).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/dig/host.c
===================================================================
--- vendor/bind/dist/bin/dig/host.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/host.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
-
/*! \file */
#include <config.h>
@@ -166,7 +164,8 @@
" -W specifies how long to wait for a reply\n"
" -4 use IPv4 query transport only\n"
" -6 use IPv6 query transport only\n"
-" -m set memory debugging flag (trace|record|usage)\n", stderr);
+" -m set memory debugging flag (trace|record|usage)\n"
+" -v print version number and exit\n", stderr);
exit(1);
}
@@ -603,9 +602,15 @@
return (result);
}
-static const char * optstring = "46ac:dilnm:rst:vwCDN:R:TW:";
+static const char * optstring = "46ac:dilnm:rst:vVwCDN:R:TW:";
+/*% version */
static void
+version(void) {
+ fputs("host " VERSION "\n", stderr);
+}
+
+static void
pre_parse_args(int argc, char **argv) {
int c;
@@ -635,9 +640,15 @@
case 's': break;
case 't': break;
case 'v': break;
+ case 'V':
+ version();
+ exit(0);
+ break;
case 'w': break;
case 'C': break;
case 'D':
+ if (debugging)
+ debugtiming = ISC_TRUE;
debugging = ISC_TRUE;
break;
case 'N': break;
@@ -754,6 +765,9 @@
if (!lookup->rdtypeset ||
lookup->rdtype != dns_rdatatype_axfr)
lookup->rdtype = dns_rdatatype_any;
+#ifdef WITH_IDN
+ idnoptions = 0;
+#endif
list_type = dns_rdatatype_any;
list_addresses = ISC_FALSE;
lookup->rdtypeset = ISC_TRUE;
Modified: vendor/bind/dist/bin/dig/host.docbook
===================================================================
--- vendor/bind/dist/bin/dig/host.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/host.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.host">
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>January 20, 2009</date>
</refentryinfo>
<refmeta>
@@ -43,6 +42,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -65,6 +65,8 @@
<arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
<arg><option>-4</option></arg>
<arg><option>-6</option></arg>
+ <arg><option>-v</option></arg>
+ <arg><option>-V</option></arg>
<arg choice="req">name</arg>
<arg choice="opt">server</arg>
</cmdsynopsis>
@@ -238,6 +240,11 @@
<parameter>record</parameter>, <parameter>usage</parameter> and
<parameter>trace</parameter>.
</para>
+
+ <para>
+ The <option>-V</option> option causes <command>host</command>
+ to print the version number and exit.
+ </para>
</refsect1>
<refsect1>
Modified: vendor/bind/dist/bin/dig/host.html
===================================================================
--- vendor/bind/dist/bin/dig/host.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/host.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
+<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543436"></a><h2>DESCRIPTION</h2>
+<a name="id2543454"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -182,9 +182,13 @@
<em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em> and
<em class="parameter"><code>trace</code></em>.
</p>
+<p>
+ The <code class="option">-V</code> option causes <span><strong class="command">host</strong></span>
+ to print the version number and exit.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543802"></a><h2>IDN SUPPORT</h2>
+<a name="id2543831"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -198,12 +202,12 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543825"></a><h2>FILES</h2>
+<a name="id2543853"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543836"></a><h2>SEE ALSO</h2>
+<a name="id2543865"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
Modified: vendor/bind/dist/bin/dig/include/dig/dig.h
===================================================================
--- vendor/bind/dist/bin/dig/include/dig/dig.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/include/dig/dig.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.h,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dig.h,v 1.111.306.3 2011/12/07 17:23:55 each Exp $ */
#ifndef DIG_H
#define DIG_H
@@ -117,6 +117,7 @@
trace, /*% dig +trace */
trace_root, /*% initial query for either +trace or +nssearch */
tcp_mode,
+ tcp_mode_set,
ip6_int,
comments,
stats,
@@ -202,6 +203,7 @@
isc_uint32_t second_rr_serial;
isc_uint32_t msg_count;
isc_uint32_t rr_count;
+ isc_boolean_t ixfr_axfr;
char *servname;
char *userarg;
isc_bufferlist_t sendlist,
@@ -218,6 +220,7 @@
ISC_LINK(dig_query_t) clink;
isc_sockaddr_t sockaddr;
isc_time_t time_sent;
+ isc_time_t time_recv;
isc_uint64_t byte_count;
isc_buffer_t sendbuf;
};
@@ -275,7 +278,8 @@
extern isc_taskmgr_t *taskmgr;
extern isc_task_t *global_task;
extern isc_boolean_t free_now;
-extern isc_boolean_t debugging, memdebugging;
+extern isc_boolean_t debugging, debugtiming, memdebugging;
+extern isc_boolean_t keep_open;
extern char *progname;
extern int tries;
@@ -307,7 +311,7 @@
void
check_result(isc_result_t result, const char *msg);
-void
+isc_boolean_t
setup_lookup(dig_lookup_t *lookup);
void
Modified: vendor/bind/dist/bin/dig/nslookup.1
===================================================================
--- vendor/bind/dist/bin/dig/nslookup.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/nslookup.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nslookup.1,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: nslookup
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: January 24, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "NSLOOKUP" "1" "January 24, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -61,6 +61,12 @@
.fi
.RE
.sp
+.PP
+The
+\fB\-version\fR
+option causes
+\fBnslookup\fR
+to print the version number and immediately exits.
.SH "INTERACTIVE COMMANDS"
.PP
\fBhost\fR [server]
@@ -216,6 +222,11 @@
(Default = recurse; abbreviation = [no]rec)
.RE
.PP
+\fBndots=\fR\fInumber\fR
+.RS 4
+Set the number of dots (label separators) in a domain that will disable searching. Absolute names always stop searching.
+.RE
+.PP
\fBretry=\fR\fInumber\fR
.RS 4
Set the number of retries to number.
@@ -254,5 +265,5 @@
.PP
Andrew Cherenson
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/dig/nslookup.c
===================================================================
--- vendor/bind/dist/bin/dig/nslookup.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/nslookup.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nslookup.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
-
#include <config.h>
#include <stdlib.h>
@@ -434,8 +432,7 @@
dns_name_format(query->lookup->name,
nametext, sizeof(nametext));
printf("** server can't find %s: %s\n",
- (msg->rcode != dns_rcode_nxdomain) ? nametext :
- query->lookup->textname, rcode_totext(msg->rcode));
+ nametext, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
/* the lookup failed */
@@ -494,8 +491,8 @@
printf(" %s\t\t%s\n",
usesearch ? "search" : "nosearch",
recurse ? "recurse" : "norecurse");
- printf(" timeout = %d\t\tretry = %d\tport = %d\n",
- timeout, tries, port);
+ printf(" timeout = %d\t\tretry = %d\tport = %d\tndots = %d\n",
+ timeout, tries, port, ndots);
printf(" querytype = %-8s\tclass = %s\n", deftype, defclass);
printf(" srchlist = ");
for (listent = ISC_LIST_HEAD(search_list);
@@ -567,6 +564,19 @@
}
static void
+set_ndots(const char *value) {
+ isc_uint32_t n;
+ isc_result_t result = parse_uint(&n, value, 128, "ndots");
+ if (result == ISC_R_SUCCESS)
+ ndots = n;
+}
+
+static void
+version(void) {
+ fputs("nslookup " VERSION "\n", stderr);
+}
+
+static void
setoption(char *opt) {
if (strncasecmp(opt, "all", 4) == 0) {
show_settings(ISC_TRUE, ISC_FALSE);
@@ -646,6 +656,8 @@
nofail=ISC_FALSE;
} else if (strncasecmp(opt, "nofail", 3) == 0) {
nofail=ISC_TRUE;
+ } else if (strncasecmp(opt, "ndots=", 6) == 0) {
+ set_ndots(&opt[6]);
} else {
printf("*** Invalid option: %s\n", opt);
}
@@ -775,9 +787,12 @@
for (argc--, argv++; argc > 0; argc--, argv++) {
debug("main parsing %s", argv[0]);
if (argv[0][0] == '-') {
- if (argv[0][1] != 0)
+ if (strncasecmp(argv[0], "-ver", 4) == 0) {
+ version();
+ exit(0);
+ } else if (argv[0][1] != 0) {
setoption(&argv[0][1]);
- else
+ } else
have_lookup = ISC_TRUE;
} else {
if (!have_lookup) {
Modified: vendor/bind/dist/bin/dig/nslookup.docbook
===================================================================
--- vendor/bind/dist/bin/dig/nslookup.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/nslookup.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,6 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<!--
- Copyright (c) 1985, 1989
- The Regents of the University of California. All rights reserved.
@@ -30,11 +29,7 @@
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- - 3. All advertising materials mentioning features or use of this software
- - must display the following acknowledgement:
- - This product includes software developed by the University of
- - California, Berkeley and its contributors.
- - 4. Neither the name of the University nor the names of its contributors
+ - 3. Neither the name of the University nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
@@ -53,7 +48,7 @@
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>January 24, 2014</date>
</refentryinfo>
<refmeta>
@@ -74,6 +69,8 @@
<year>2006</year>
<year>2007</year>
<year>2010</year>
+ <year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -136,6 +133,11 @@
</programlisting>
<!-- </informalexample> -->
</para>
+ <para>
+ The <option>-version</option> option causes
+ <command>nslookup</command> to print the version
+ number and immediately exits.
+ </para>
</refsect1>
@@ -410,6 +412,17 @@
</varlistentry>
<varlistentry>
+ <term><constant>ndots=</constant><replaceable>number</replaceable></term>
+ <listitem>
+ <para>
+ Set the number of dots (label separators) in a domain
+ that will disable searching. Absolute names always
+ stop searching.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><constant>retry=</constant><replaceable>number</replaceable></term>
<listitem>
<para>
Modified: vendor/bind/dist/bin/dig/nslookup.html
===================================================================
--- vendor/bind/dist/bin/dig/nslookup.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dig/nslookup.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -21,7 +21,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476277"></a><div class="titlepage"></div>
+<a name="id2476283"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>nslookup — query Internet name servers interactively</p>
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543361"></a><h2>DESCRIPTION</h2>
+<a name="id2543442"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">Nslookup</strong></span>
is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
has two modes: interactive and non-interactive. Interactive mode allows
@@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543377"></a><h2>ARGUMENTS</h2>
+<a name="id2543458"></a><h2>ARGUMENTS</h2>
<p>
Interactive mode is entered in the following cases:
</p>
@@ -76,9 +76,14 @@
<p>
</p>
+<p>
+ The <code class="option">-version</code> option causes
+ <span><strong class="command">nslookup</strong></span> to print the version
+ number and immediately exits.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543420"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2543512"></a><h2>INTERACTIVE COMMANDS</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
<dd>
@@ -249,6 +254,12 @@
(Default = recurse; abbreviation = [no]rec)
</p>
</dd>
+<dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+ Set the number of dots (label separators) in a domain
+ that will disable searching. Absolute names always
+ stop searching.
+ </p></dd>
<dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
Set the number of retries to number.
@@ -288,12 +299,12 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2546286"></a><h2>FILES</h2>
+<a name="id2546326"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2546298"></a><h2>SEE ALSO</h2>
+<a name="id2546338"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
@@ -300,7 +311,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2546332"></a><h2>Author</h2>
+<a name="id2546372"></a><h2>Author</h2>
<p>
Andrew Cherenson
</p>
Modified: vendor/bind/dist/bin/dnssec/Makefile.in
===================================================================
--- vendor/bind/dist/bin/dnssec/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+# $Id: Makefile.in,v 1.42 2009/12/05 23:31:40 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.8
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-dsfromkey.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: dnssec\-dsfromkey
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: August 26, 2009
+.\" Date: May 17, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DNSSEC\-DSFROMKEY" "8" "August 26, 2009" "BIND9" "BIND9"
+.TH "DNSSEC\-DSFROMKEY" "8" "May 17, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -139,5 +139,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.c
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-dsfromkey.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: dnssec-dsfromkey.c,v 1.19.14.2 2011/09/05 23:45:53 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.docbook
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-dsfromkey.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.dnssec-dsfromkey">
<refentryinfo>
- <date>August 26, 2009</date>
+ <date>May 17, 2012</date>
</refentryinfo>
<refmeta>
@@ -40,6 +39,7 @@
<year>2009</year>
<year>2010</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.html
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-dsfromkey.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-dsfromkey.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543468"></a><h2>DESCRIPTION</h2>
+<a name="id2543479"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
@@ -39,7 +39,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543480"></a><h2>OPTIONS</h2>
+<a name="id2543491"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@@ -101,7 +101,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543667"></a><h2>EXAMPLE</h2>
+<a name="id2543677"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -116,7 +116,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543697"></a><h2>FILES</h2>
+<a name="id2543707"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -130,13 +130,13 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543732"></a><h2>CAVEAT</h2>
+<a name="id2543742"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543741"></a><h2>SEE ALSO</h2>
+<a name="id2543752"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -146,7 +146,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543781"></a><h2>AUTHOR</h2>
+<a name="id2543792"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.8
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keyfromlabel.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: dnssec\-keyfromlabel
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: February 8, 2008
+.\" Date: February 27, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DNSSEC\-KEYFROMLABEL" "8" "February 8, 2008" "BIND9" "BIND9"
+.TH "DNSSEC\-KEYFROMLABEL" "8" "February 27, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -32,11 +32,12 @@
dnssec\-keyfromlabel \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP 20
-\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
+\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keyfromlabel\fR
-gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034.
+generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM). The private key file can be used for DNSSEC signing of zone data as if it were a conventional signing key created by
+\fBdnssec\-keygen\fR, but the key material is stored within the HSM, and the actual signing takes place there.
.PP
The
\fBname\fR
@@ -127,6 +128,11 @@
Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
.RE
.PP
+\-S \fIkey\fR
+.RS 4
+Generate a key as an explicit successor to an existing key. The name, algorithm, size, and type of the key will be set to match the predecessor. The activation date of the new key will be set to the inactivation date of the existing one. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
+.RE
+.PP
\-t \fItype\fR
.RS 4
Indicates the use of the key.
@@ -145,7 +151,7 @@
.RE
.SH "TIMING OPTIONS"
.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'.
.PP
\-P \fIdate/offset\fR
.RS 4
@@ -171,6 +177,15 @@
.RS 4
Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
.RE
+.PP
+\-i \fIinterval\fR
+.RS 4
+Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
+.sp
+If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
+.sp
+As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
+.RE
.SH "GENERATED KEY FILES"
.PP
When
@@ -215,5 +230,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.c
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keyfromlabel.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dnssec-keyfromlabel.c,v 1.32.14.4 2011/11/30 00:51:38 marka Exp $ */
/*! \file */
@@ -102,6 +102,11 @@
fprintf(stderr, " -G: generate key only; do not set -P or -A\n");
fprintf(stderr, " -C: generate a backward-compatible key, omitting"
" all dates\n");
+ fprintf(stderr, " -S <key>: generate a successor to an existing "
+ "key\n");
+ fprintf(stderr, " -i <interval>: prepublication interval for "
+ "successor key "
+ "(default: 30 days)\n");
fprintf(stderr, "Output:\n");
fprintf(stderr, " K<name>+<alg>+<id>.key, "
"K<name>+<alg>+<id>.private\n");
@@ -114,6 +119,8 @@
char *algname = NULL, *freeit = NULL;
char *nametype = NULL, *type = NULL;
const char *directory = NULL;
+ const char *predecessor = NULL;
+ dst_key_t *prevkey = NULL;
#ifdef USE_PKCS11
const char *engine = "pkcs11";
#else
@@ -142,6 +149,7 @@
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
isc_stdtime_t now;
+ int prepub = -1;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
@@ -165,9 +173,8 @@
isc_stdtime_get(&now);
- while ((ch = isc_commandline_parse(argc, argv,
- "3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
- {
+#define CMDLINE_FLAGS "3A:a:Cc:D:E:Ff:GhI:i:K:kl:n:P:p:R:S:t:v:y"
+ while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case '3':
use_nsec3 = ISC_TRUE;
@@ -234,62 +241,48 @@
if (setpub || unsetpub)
fatal("-P specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setpub = ISC_TRUE;
- publish = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetpub = ISC_TRUE;
- }
+ publish = strtotime(isc_commandline_argument,
+ now, now, &setpub);
+ unsetpub = !setpub;
break;
case 'A':
if (setact || unsetact)
fatal("-A specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setact = ISC_TRUE;
- activate = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetact = ISC_TRUE;
- }
+ activate = strtotime(isc_commandline_argument,
+ now, now, &setact);
+ unsetact = !setact;
break;
case 'R':
if (setrev || unsetrev)
fatal("-R specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setrev = ISC_TRUE;
- revoke = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetrev = ISC_TRUE;
- }
+ revoke = strtotime(isc_commandline_argument,
+ now, now, &setrev);
+ unsetrev = !setrev;
break;
case 'I':
if (setinact || unsetinact)
fatal("-I specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setinact = ISC_TRUE;
- inactive = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetinact = ISC_TRUE;
- }
+ inactive = strtotime(isc_commandline_argument,
+ now, now, &setinact);
+ unsetinact = !setinact;
break;
case 'D':
if (setdel || unsetdel)
fatal("-D specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setdel = ISC_TRUE;
- delete = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetdel = ISC_TRUE;
- }
+ delete = strtotime(isc_commandline_argument,
+ now, now, &setdel);
+ unsetdel = !setdel;
break;
+ case 'S':
+ predecessor = isc_commandline_argument;
+ break;
+ case 'i':
+ prepub = strtottl(isc_commandline_argument);
+ break;
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
@@ -318,78 +311,190 @@
setup_logging(verbose, mctx, &log);
- if (label == NULL)
- fatal("the key label was not specified");
- if (argc < isc_commandline_index + 1)
- fatal("the key name was not specified");
- if (argc > isc_commandline_index + 1)
- fatal("extraneous arguments");
+ if (predecessor == NULL) {
+ if (label == NULL)
+ fatal("the key label was not specified");
+ if (argc < isc_commandline_index + 1)
+ fatal("the key name was not specified");
+ if (argc > isc_commandline_index + 1)
+ fatal("extraneous arguments");
- if (strchr(label, ':') == NULL &&
- engine != NULL && strlen(engine) != 0U) {
- char *l;
- int len;
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&buf, argv[isc_commandline_index],
+ strlen(argv[isc_commandline_index]));
+ isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
+ ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
+ if (ret != ISC_R_SUCCESS)
+ fatal("invalid key name %s: %s",
+ argv[isc_commandline_index],
+ isc_result_totext(ret));
- len = strlen(label) + strlen(engine) + 2;
- l = isc_mem_allocate(mctx, len);
- if (l == NULL)
- fatal("cannot allocate memory");
- snprintf(l, len, "%s:%s", engine, label);
- isc_mem_free(mctx, label);
- label = l;
- }
+ if (strchr(label, ':') == NULL) {
+ char *l;
+ int len;
- if (algname == NULL) {
+ len = strlen(label) + 8;
+ l = isc_mem_allocate(mctx, len);
+ if (l == NULL)
+ fatal("cannot allocate memory");
+ snprintf(l, len, "pkcs11:%s", label);
+ isc_mem_free(mctx, label);
+ label = l;
+ }
+
+ if (algname == NULL) {
+ if (use_nsec3)
+ algname = strdup(DEFAULT_NSEC3_ALGORITHM);
+ else
+ algname = strdup(DEFAULT_ALGORITHM);
+ if (algname == NULL)
+ fatal("strdup failed");
+ freeit = algname;
+ if (verbose > 0)
+ fprintf(stderr, "no algorithm specified; "
+ "defaulting to %s\n", algname);
+ }
+
+ if (strcasecmp(algname, "RSA") == 0) {
+ fprintf(stderr, "The use of RSA (RSAMD5) is not "
+ "recommended.\nIf you still wish to "
+ "use RSA (RSAMD5) please specify "
+ "\"-a RSAMD5\"\n");
+ if (freeit != NULL)
+ free(freeit);
+ return (1);
+ } else {
+ r.base = algname;
+ r.length = strlen(algname);
+ ret = dns_secalg_fromtext(&alg, &r);
+ if (ret != ISC_R_SUCCESS)
+ fatal("unknown algorithm %s", algname);
+ if (alg == DST_ALG_DH)
+ options |= DST_TYPE_KEY;
+ }
+
+ if (use_nsec3 &&
+ alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
+ alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
+ alg != DST_ALG_ECCGOST &&
+ alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
+ fatal("%s is incompatible with NSEC3; "
+ "do not use the -3 option", algname);
+ }
+
+ if (type != NULL && (options & DST_TYPE_KEY) != 0) {
+ if (strcasecmp(type, "NOAUTH") == 0)
+ flags |= DNS_KEYTYPE_NOAUTH;
+ else if (strcasecmp(type, "NOCONF") == 0)
+ flags |= DNS_KEYTYPE_NOCONF;
+ else if (strcasecmp(type, "NOAUTHCONF") == 0)
+ flags |= (DNS_KEYTYPE_NOAUTH |
+ DNS_KEYTYPE_NOCONF);
+ else if (strcasecmp(type, "AUTHCONF") == 0)
+ /* nothing */;
+ else
+ fatal("invalid type %s", type);
+ }
+
+ if (!oldstyle && prepub > 0) {
+ if (setpub && setact && (activate - prepub) < publish)
+ fatal("Activation and publication dates "
+ "are closer together than the\n\t"
+ "prepublication interval.");
+
+ if (!setpub && !setact) {
+ setpub = setact = ISC_TRUE;
+ publish = now;
+ activate = now + prepub;
+ } else if (setpub && !setact) {
+ setact = ISC_TRUE;
+ activate = publish + prepub;
+ } else if (setact && !setpub) {
+ setpub = ISC_TRUE;
+ publish = activate - prepub;
+ }
+
+ if ((activate - prepub) < now)
+ fatal("Time until activation is shorter "
+ "than the\n\tprepublication interval.");
+ }
+ } else {
+ char keystr[DST_KEY_FORMATSIZE];
+ isc_stdtime_t when;
+ int major, minor;
+
+ if (prepub == -1)
+ prepub = (30 * 86400);
+
+ if (algname != NULL)
+ fatal("-S and -a cannot be used together");
+ if (nametype != NULL)
+ fatal("-S and -n cannot be used together");
+ if (type != NULL)
+ fatal("-S and -t cannot be used together");
+ if (setpub || unsetpub)
+ fatal("-S and -P cannot be used together");
+ if (setact || unsetact)
+ fatal("-S and -A cannot be used together");
if (use_nsec3)
- algname = strdup(DEFAULT_NSEC3_ALGORITHM);
- else
- algname = strdup(DEFAULT_ALGORITHM);
- if (algname == NULL)
- fatal("strdup failed");
- freeit = algname;
- if (verbose > 0)
- fprintf(stderr, "no algorithm specified; "
- "defaulting to %s\n", algname);
- }
+ fatal("-S and -3 cannot be used together");
+ if (oldstyle)
+ fatal("-S and -C cannot be used together");
+ if (genonly)
+ fatal("-S and -G cannot be used together");
- if (strcasecmp(algname, "RSA") == 0) {
- fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
- "If you still wish to use RSA (RSAMD5) please "
- "specify \"-a RSAMD5\"\n");
- if (freeit != NULL)
- free(freeit);
- return (1);
- } else {
- r.base = algname;
- r.length = strlen(algname);
- ret = dns_secalg_fromtext(&alg, &r);
+ ret = dst_key_fromnamedfile(predecessor, directory,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
+ mctx, &prevkey);
if (ret != ISC_R_SUCCESS)
- fatal("unknown algorithm %s", algname);
- if (alg == DST_ALG_DH)
- options |= DST_TYPE_KEY;
- }
+ fatal("Invalid keyfile %s: %s",
+ predecessor, isc_result_totext(ret));
+ if (!dst_key_isprivate(prevkey))
+ fatal("%s is not a private key", predecessor);
- if (use_nsec3 &&
- alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
- alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
- alg != DST_ALG_ECCGOST &&
- alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
- fatal("%s is incompatible with NSEC3; "
- "do not use the -3 option", algname);
- }
+ name = dst_key_name(prevkey);
+ alg = dst_key_alg(prevkey);
+ flags = dst_key_flags(prevkey);
- if (type != NULL && (options & DST_TYPE_KEY) != 0) {
- if (strcasecmp(type, "NOAUTH") == 0)
- flags |= DNS_KEYTYPE_NOAUTH;
- else if (strcasecmp(type, "NOCONF") == 0)
- flags |= DNS_KEYTYPE_NOCONF;
- else if (strcasecmp(type, "NOAUTHCONF") == 0) {
- flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
- }
- else if (strcasecmp(type, "AUTHCONF") == 0)
- /* nothing */;
- else
- fatal("invalid type %s", type);
+ dst_key_format(prevkey, keystr, sizeof(keystr));
+ dst_key_getprivateformat(prevkey, &major, &minor);
+ if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
+ fatal("Key %s has incompatible format version %d.%d\n\t"
+ "It is not possible to generate a successor key.",
+ keystr, major, minor);
+
+ ret = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
+ if (ret != ISC_R_SUCCESS)
+ fatal("Key %s has no activation date.\n\t"
+ "You must use dnssec-settime -A to set one "
+ "before generating a successor.", keystr);
+
+ ret = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &activate);
+ if (ret != ISC_R_SUCCESS)
+ fatal("Key %s has no inactivation date.\n\t"
+ "You must use dnssec-settime -I to set one "
+ "before generating a successor.", keystr);
+
+ publish = activate - prepub;
+ if (publish < now)
+ fatal("Key %s becomes inactive\n\t"
+ "sooner than the prepublication period "
+ "for the new key ends.\n\t"
+ "Either change the inactivation date with "
+ "dnssec-settime -I,\n\t"
+ "or use the -i option to set a shorter "
+ "prepublication interval.", keystr);
+
+ ret = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
+ if (ret != ISC_R_SUCCESS)
+ fprintf(stderr, "%s: WARNING: Key %s has no removal "
+ "date;\n\t it will remain in the zone "
+ "indefinitely after rollover.\n\t "
+ "You can use dnssec-settime -D to "
+ "change this.\n", program, keystr);
+
+ setpub = setact = ISC_TRUE;
}
if (nametype == NULL) {
@@ -437,16 +542,6 @@
fatal("a key with algorithm '%s' cannot be a zone key",
algname);
- dns_fixedname_init(&fname);
- name = dns_fixedname_name(&fname);
- isc_buffer_init(&buf, argv[isc_commandline_index],
- strlen(argv[isc_commandline_index]));
- isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
- ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
- if (ret != ISC_R_SUCCESS)
- fatal("invalid key name %s: %s", argv[isc_commandline_index],
- isc_result_totext(ret));
-
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
/* associate the key */
@@ -557,6 +652,8 @@
isc_result_totext(ret));
printf("%s\n", filename);
dst_key_free(&key);
+ if (prevkey != NULL)
+ dst_key_free(&prevkey);
cleanup_logging(&log);
cleanup_entropy(&ectx);
Modified: vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.docbook
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keyfromlabel.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
- <date>February 8, 2008</date>
+ <date>February 27, 2014</date>
</refentryinfo>
<refmeta>
@@ -41,6 +40,7 @@
<year>2010</year>
<year>2011</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -58,6 +58,7 @@
<arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
<arg><option>-G</option></arg>
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
<arg><option>-k</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
@@ -64,6 +65,7 @@
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
<arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg><option>-S <replaceable class="parameter">key</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
<arg><option>-y</option></arg>
@@ -74,9 +76,12 @@
<refsect1>
<title>DESCRIPTION</title>
<para><command>dnssec-keyfromlabel</command>
- gets keys with the given label from a crypto hardware and builds
- key files for DNSSEC (Secure DNS), as defined in RFC 2535
- and RFC 4034.
+ generates a key pair of files that referencing a key object stored
+ in a cryptographic hardware service module (HSM). The private key
+ file can be used for DNSSEC signing of zone data as if it were a
+ conventional signing key created by <command>dnssec-keygen</command>,
+ but the key material is stored within the HSM, and the actual signing
+ takes place there.
</para>
<para>
The <option>name</option> of the key is specified on the command
@@ -249,6 +254,21 @@
</varlistentry>
<varlistentry>
+ <term>-S <replaceable class="parameter">key</replaceable></term>
+ <listitem>
+ <para>
+ Generate a key as an explicit successor to an existing key.
+ The name, algorithm, size, and type of the key will be set
+ to match the predecessor. The activation date of the new
+ key will be set to the inactivation date of the existing
+ one. The publication date will be set to the activation
+ date minus the prepublication interval, which defaults to
+ 30 days.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-t <replaceable class="parameter">type</replaceable></term>
<listitem>
<para>
@@ -296,7 +316,8 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</para>
<variablelist>
@@ -356,6 +377,34 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>-i <replaceable class="parameter">interval</replaceable></term>
+ <listitem>
+ <para>
+ Sets the prepublication interval for a key. If set, then
+ the publication and activation dates must be separated by at least
+ this much time. If the activation date is specified but the
+ publication date isn't, then the publication date will default
+ to this much time before the activation date; conversely, if
+ the publication date is specified but activation date isn't,
+ then activation will be set to this much time after publication.
+ </para>
+ <para>
+ If the key is being created as an explicit successor to another
+ key, then the default prepublication interval is 30 days;
+ otherwise it is zero.
+ </para>
+ <para>
+ As with date offsets, if the argument is followed by one of
+ the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
+ interval is measured in years, months, weeks, days, hours,
+ or minutes, respectively. Without a suffix, the interval is
+ measured in seconds.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
Modified: vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.html
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keyfromlabel.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -28,14 +28,17 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543498"></a><h2>DESCRIPTION</h2>
+<a name="id2543526"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
- gets keys with the given label from a crypto hardware and builds
- key files for DNSSEC (Secure DNS), as defined in RFC 2535
- and RFC 4034.
+ generates a key pair of files that referencing a key object stored
+ in a cryptographic hardware service module (HSM). The private key
+ file can be used for DNSSEC signing of zone data as if it were a
+ conventional signing key created by <span><strong class="command">dnssec-keygen</strong></span>,
+ but the key material is stored within the HSM, and the actual signing
+ takes place there.
</p>
<p>
The <code class="option">name</code> of the key is specified on the command
@@ -44,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543516"></a><h2>OPTIONS</h2>
+<a name="id2543547"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -142,6 +145,16 @@
Other possible values for this argument are listed in
RFC 2535 and its successors.
</p></dd>
+<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
+<dd><p>
+ Generate a key as an explicit successor to an existing key.
+ The name, algorithm, size, and type of the key will be set
+ to match the predecessor. The activation date of the new
+ key will be set to the inactivation date of the existing
+ one. The publication date will be set to the activation
+ date minus the prepublication interval, which defaults to
+ 30 days.
+ </p></dd>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd><p>
Indicates the use of the key. <code class="option">type</code> must be
@@ -164,7 +177,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543880"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543996"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -173,7 +186,8 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</p>
<div class="variablelist"><dl>
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
@@ -208,10 +222,34 @@
date, the key will no longer be included in the zone. (It
may remain in the key repository, however.)
</p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
+<dd>
+<p>
+ Sets the prepublication interval for a key. If set, then
+ the publication and activation dates must be separated by at least
+ this much time. If the activation date is specified but the
+ publication date isn't, then the publication date will default
+ to this much time before the activation date; conversely, if
+ the publication date is specified but activation date isn't,
+ then activation will be set to this much time after publication.
+ </p>
+<p>
+ If the key is being created as an explicit successor to another
+ key, then the default prepublication interval is 30 days;
+ otherwise it is zero.
+ </p>
+<p>
+ As with date offsets, if the argument is followed by one of
+ the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
+ interval is measured in years, months, weeks, days, hours,
+ or minutes, respectively. Without a suffix, the interval is
+ measured in seconds.
+ </p>
+</dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544046"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2544118"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@@ -250,7 +288,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544119"></a><h2>SEE ALSO</h2>
+<a name="id2544190"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -258,7 +296,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544152"></a><h2>AUTHOR</h2>
+<a name="id2544224"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/dnssec/dnssec-keygen.8
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keygen.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keygen.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: dnssec\-keygen
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 30, 2000
+.\" Date: February 07, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
+.TH "DNSSEC\-KEYGEN" "8" "February 07, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -195,7 +195,7 @@
.RE
.SH "TIMING OPTIONS"
.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'.
.PP
\-P \fIdate/offset\fR
.RS 4
@@ -204,7 +204,7 @@
.PP
\-A \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now".
+Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now". If set, if and \-P is not set, then the publication date will be set to the activation date minus the prepublication interval.
.RE
.PP
\-R \fIdate/offset\fR
@@ -298,7 +298,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/dnssec/dnssec-keygen.c
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keygen.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keygen.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keygen.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dnssec-keygen.c,v 1.115.14.4 2011/11/30 00:51:38 marka Exp $ */
/*! \file */
@@ -394,61 +394,41 @@
if (setpub || unsetpub)
fatal("-P specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setpub = ISC_TRUE;
- publish = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetpub = ISC_TRUE;
- }
+ publish = strtotime(isc_commandline_argument,
+ now, now, &setpub);
+ unsetpub = !setpub;
break;
case 'A':
if (setact || unsetact)
fatal("-A specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setact = ISC_TRUE;
- activate = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetact = ISC_TRUE;
- }
+ activate = strtotime(isc_commandline_argument,
+ now, now, &setact);
+ unsetact = !setact;
break;
case 'R':
if (setrev || unsetrev)
fatal("-R specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setrev = ISC_TRUE;
- revoke = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetrev = ISC_TRUE;
- }
+ revoke = strtotime(isc_commandline_argument,
+ now, now, &setrev);
+ unsetrev = !setrev;
break;
case 'I':
if (setinact || unsetinact)
fatal("-I specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setinact = ISC_TRUE;
- inactive = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetinact = ISC_TRUE;
- }
+ inactive = strtotime(isc_commandline_argument,
+ now, now, &setinact);
+ unsetinact = !setinact;
break;
case 'D':
if (setdel || unsetdel)
fatal("-D specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setdel = ISC_TRUE;
- delete = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetdel = ISC_TRUE;
- }
+ delete = strtotime(isc_commandline_argument,
+ now, now, &setdel);
+ unsetdel = !setdel;
break;
case 'S':
predecessor = isc_commandline_argument;
@@ -646,9 +626,9 @@
mctx, &prevkey);
if (ret != ISC_R_SUCCESS)
fatal("Invalid keyfile %s: %s",
- filename, isc_result_totext(ret));
+ predecessor, isc_result_totext(ret));
if (!dst_key_isprivate(prevkey))
- fatal("%s is not a private key", filename);
+ fatal("%s is not a private key", predecessor);
name = dst_key_name(prevkey);
alg = dst_key_alg(prevkey);
@@ -935,9 +915,9 @@
if (setpub)
dst_key_settime(key, DST_TIME_PUBLISH, publish);
- else if (setact)
+ else if (setact && !unsetpub)
dst_key_settime(key, DST_TIME_PUBLISH,
- activate);
+ activate - prepub);
else if (!genonly && !unsetpub)
dst_key_settime(key, DST_TIME_PUBLISH, now);
Modified: vendor/bind/dist/bin/dnssec/dnssec-keygen.docbook
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keygen.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keygen.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
- <date>June 30, 2000</date>
+ <date>February 07, 2014</date>
</refentryinfo>
<refmeta>
@@ -44,6 +43,7 @@
<year>2009</year>
<year>2010</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -425,7 +425,8 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</para>
<variablelist>
@@ -448,7 +449,9 @@
Sets the date on which the key is to be activated. After that
date, the key will be included in the zone and used to sign
it. If not set, and if the -G option has not been used, the
- default is "now".
+ default is "now". If set, if and -P is not set, then
+ the publication date will be set to the activation date
+ minus the prepublication interval.
</para>
</listitem>
</varlistentry>
Modified: vendor/bind/dist/bin/dnssec/dnssec-keygen.html
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-keygen.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-keygen.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543582"></a><h2>DESCRIPTION</h2>
+<a name="id2543593"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -46,7 +46,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543601"></a><h2>OPTIONS</h2>
+<a name="id2543611"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -251,7 +251,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544169"></a><h2>TIMING OPTIONS</h2>
+<a name="id2544180"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -260,7 +260,8 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</p>
<div class="variablelist"><dl>
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
@@ -275,7 +276,9 @@
Sets the date on which the key is to be activated. After that
date, the key will be included in the zone and used to sign
it. If not set, and if the -G option has not been used, the
- default is "now".
+ default is "now". If set, if and -P is not set, then
+ the publication date will be set to the activation date
+ minus the prepublication interval.
</p></dd>
<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
@@ -322,7 +325,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544359"></a><h2>GENERATED KEYS</h2>
+<a name="id2543004"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -368,7 +371,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544441"></a><h2>EXAMPLE</h2>
+<a name="id2543086"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -389,7 +392,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544485"></a><h2>SEE ALSO</h2>
+<a name="id2543130"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -398,7 +401,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544584"></a><h2>AUTHOR</h2>
+<a name="id2544731"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/dnssec/dnssec-revoke.8
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-revoke.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-revoke.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-revoke.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: dnssec\-revoke
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 1, 2009
+.\" Date: October 20, 2011
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DNSSEC\-REVOKE" "8" "June 1, 2009" "BIND9" "BIND9"
+.TH "DNSSEC\-REVOKE" "8" "October 20, 2011" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -84,5 +84,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/dnssec/dnssec-revoke.c
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-revoke.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-revoke.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-revoke.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dnssec-revoke.c,v 1.22.124.2 2011/10/20 23:46:27 tbox Exp $ */
/*! \file */
@@ -249,12 +249,10 @@
dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
if (strcmp(oldname, newname) == 0)
goto cleanup;
- if (access(oldname, F_OK) == 0)
- unlink(oldname);
+ (void)unlink(oldname);
isc_buffer_clear(&buf);
dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
- if (access(oldname, F_OK) == 0)
- unlink(oldname);
+ (void)unlink(oldname);
}
} else {
dst_key_format(key, keystr, sizeof(keystr));
Modified: vendor/bind/dist/bin/dnssec/dnssec-revoke.docbook
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-revoke.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-revoke.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-revoke.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.dnssec-revoke">
<refentryinfo>
- <date>June 1, 2009</date>
+ <date>October 20, 2011</date>
</refentryinfo>
<refmeta>
@@ -38,6 +37,7 @@
<copyright>
<year>2009</year>
<year>2011</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/dnssec/dnssec-revoke.html
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-revoke.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-revoke.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-revoke.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543382"></a><h2>DESCRIPTION</h2>
+<a name="id2543393"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -39,7 +39,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543394"></a><h2>OPTIONS</h2>
+<a name="id2543404"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -77,7 +77,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543512"></a><h2>SEE ALSO</h2>
+<a name="id2543523"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
@@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543537"></a><h2>AUTHOR</h2>
+<a name="id2543547"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/dnssec/dnssec-settime.8
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-settime.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-settime.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-settime.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: dnssec\-settime
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: July 15, 2009
+.\" Date: February 07, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DNSSEC\-SETTIME" "8" "July 15, 2009" "BIND9" "BIND9"
+.TH "DNSSEC\-SETTIME" "8" "February 07, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -83,7 +83,7 @@
.RE
.SH "TIMING OPTIONS"
.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To unset a date, use 'none'.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To unset a date, use 'none' or 'never'.
.PP
\-P \fIdate/offset\fR
.RS 4
@@ -162,5 +162,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009\-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/dnssec/dnssec-settime.c
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-settime.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-settime.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-settime.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dnssec-settime.c,v 1.28.16.3 2011/06/02 20:24:11 each Exp $ */
/*! \file */
@@ -243,13 +243,9 @@
fatal("-P specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetpub = ISC_TRUE;
- } else {
- setpub = ISC_TRUE;
- pub = strtotime(isc_commandline_argument,
- now, now);
- }
+ pub = strtotime(isc_commandline_argument,
+ now, now, &setpub);
+ unsetpub = !setpub;
break;
case 'A':
if (setact || unsetact)
@@ -256,13 +252,9 @@
fatal("-A specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetact = ISC_TRUE;
- } else {
- setact = ISC_TRUE;
- act = strtotime(isc_commandline_argument,
- now, now);
- }
+ act = strtotime(isc_commandline_argument,
+ now, now, &setact);
+ unsetact = !setact;
break;
case 'R':
if (setrev || unsetrev)
@@ -269,13 +261,9 @@
fatal("-R specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetrev = ISC_TRUE;
- } else {
- setrev = ISC_TRUE;
- rev = strtotime(isc_commandline_argument,
- now, now);
- }
+ rev = strtotime(isc_commandline_argument,
+ now, now, &setrev);
+ unsetrev = !setrev;
break;
case 'I':
if (setinact || unsetinact)
@@ -282,13 +270,9 @@
fatal("-I specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetinact = ISC_TRUE;
- } else {
- setinact = ISC_TRUE;
- inact = strtotime(isc_commandline_argument,
- now, now);
- }
+ inact = strtotime(isc_commandline_argument,
+ now, now, &setinact);
+ unsetinact = !setinact;
break;
case 'D':
if (setdel || unsetdel)
@@ -295,13 +279,9 @@
fatal("-D specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetdel = ISC_TRUE;
- } else {
- setdel = ISC_TRUE;
- del = strtotime(isc_commandline_argument,
- now, now);
- }
+ del = strtotime(isc_commandline_argument,
+ now, now, &setdel);
+ unsetdel = !setdel;
break;
case 'S':
predecessor = isc_commandline_argument;
Modified: vendor/bind/dist/bin/dnssec/dnssec-settime.docbook
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-settime.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-settime.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-settime.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
- <date>July 15, 2009</date>
+ <date>February 07, 2014</date>
</refentryinfo>
<refmeta>
@@ -39,6 +38,7 @@
<year>2009</year>
<year>2010</year>
<year>2011</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -156,7 +156,7 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds. To unset a date, use 'none'.
+ is computed in seconds. To unset a date, use 'none' or 'never'.
</para>
<variablelist>
Modified: vendor/bind/dist/bin/dnssec/dnssec-settime.html
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-settime.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-settime.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-settime.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543424"></a><h2>DESCRIPTION</h2>
+<a name="id2543434"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -57,7 +57,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543472"></a><h2>OPTIONS</h2>
+<a name="id2543482"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@@ -90,7 +90,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543563"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543574"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -99,7 +99,7 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds. To unset a date, use 'none'.
+ is computed in seconds. To unset a date, use 'none' or 'never'.
</p>
<div class="variablelist"><dl>
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
@@ -169,7 +169,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543770"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2543781"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@@ -195,7 +195,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543848"></a><h2>SEE ALSO</h2>
+<a name="id2543859"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -203,7 +203,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543881"></a><h2>AUTHOR</h2>
+<a name="id2543892"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/dnssec/dnssec-signzone.8
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-signzone.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-signzone.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: dnssec\-signzone
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 05, 2009
+.\" Date: October 13, 2013
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DNSSEC\-SIGNZONE" "8" "June 05, 2009" "BIND9" "BIND9"
+.TH "DNSSEC\-SIGNZONE" "8" "October 13, 2013" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -309,7 +309,7 @@
.PP
\-H \fIiterations\fR
.RS 4
-When generating an NSEC3 chain, use this many interations. The default is 10.
+When generating an NSEC3 chain, use this many iterations. The default is 10.
.RE
.PP
\-A
@@ -378,7 +378,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/dnssec/dnssec-signzone.c
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-signzone.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-signzone.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $ */
+/* $Id: dnssec-signzone.c,v 1.262.110.9 2011/07/19 23:47:12 tbox Exp $ */
/*! \file */
@@ -426,6 +426,8 @@
result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_rrsig,
set->type, 0, &sigset, NULL);
if (result == ISC_R_NOTFOUND) {
+ vbprintf(2, "no existing signatures for %s/%s\n",
+ namestr, typestr);
result = ISC_R_SUCCESS;
nosigs = ISC_TRUE;
}
@@ -650,7 +652,7 @@
fatal("unable to grow hashlist: out of memory");
}
memset(l->hashbuf + l->entries * l->length, 0, l->length);
- memcpy(l->hashbuf + l->entries * l->length, hash, len);
+ memmove(l->hashbuf + l->entries * l->length, hash, len);
l->entries++;
}
@@ -665,7 +667,8 @@
unsigned int len;
size_t i;
- len = isc_iterated_hash(hash, hashalg, iterations, salt, salt_length,
+ len = isc_iterated_hash(hash, hashalg, iterations,
+ salt, (int)salt_length,
name->ndata, name->length);
if (verbose) {
dns_name_format(name, nametext, sizeof nametext);
@@ -717,7 +720,7 @@
hashlist_findnext(const hashlist_t *l,
const unsigned char hash[NSEC3_MAX_HASH_LENGTH])
{
- unsigned int entries = l->entries;
+ size_t entries = l->entries;
const unsigned char *next = bsearch(hash, l->hashbuf, l->entries,
l->length, hashlist_comp);
INSIST(next != NULL);
@@ -729,8 +732,8 @@
next = l->hashbuf;
if (next[l->length - 1] == 0)
break;
- } while (entries-- > 1);
- INSIST(entries != 0);
+ } while (entries-- > 1U);
+ INSIST(entries != 0U);
return (next);
}
@@ -1614,7 +1617,8 @@
fprintf(stderr, "No self signing KSK found. Using "
"self signed ZSK's for active "
"algorithm list.\n");
- memcpy(ksk_algorithms, self_algorithms, sizeof(ksk_algorithms));
+ memmove(ksk_algorithms, self_algorithms,
+ sizeof(ksk_algorithms));
if (!allzsksigned)
fprintf(stderr, "warning: not all ZSK's are self "
"signed.\n");
@@ -2070,10 +2074,14 @@
}
/*
- * Remove signatures covering the given type (0 == all signatures).
+ * Remove signatures covering the given type. If type == 0,
+ * then remove all signatures, unless this is a delegation, in
+ * which case remove all signatures except for DS or nsec_datatype
*/
static void
-remove_sigs(dns_dbnode_t *node, dns_rdatatype_t which) {
+remove_sigs(dns_dbnode_t *node, isc_boolean_t delegation,
+ dns_rdatatype_t which)
+{
isc_result_t result;
dns_rdatatype_t type, covers;
dns_rdatasetiter_t *rdsiter = NULL;
@@ -2090,14 +2098,21 @@
covers = rdataset.covers;
dns_rdataset_disassociate(&rdataset);
- if (type == dns_rdatatype_rrsig &&
- (covers == which || which == 0))
- {
- result = dns_db_deleterdataset(gdb, node, gversion,
- type, covers);
- check_result(result, "dns_db_deleterdataset()");
+ if (type != dns_rdatatype_rrsig)
continue;
- }
+
+ if (which == 0 && delegation &&
+ (dns_rdatatype_atparent(covers) ||
+ (nsec_datatype == dns_rdatatype_nsec &&
+ covers == nsec_datatype)))
+ continue;
+
+ if (which != 0 && covers != which)
+ continue;
+
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ type, covers);
+ check_result(result, "dns_db_deleterdataset()");
}
dns_rdatasetiter_destroy(&rdsiter);
}
@@ -2184,7 +2199,7 @@
if (delegation(name, node, &nsttl)) {
zonecut = dns_fixedname_name(&fzonecut);
dns_name_copy(name, zonecut, NULL);
- remove_sigs(node, 0);
+ remove_sigs(node, ISC_TRUE, 0);
if (generateds)
add_ds(name, node, nsttl);
}
@@ -2206,7 +2221,7 @@
(zonecut != NULL &&
dns_name_issubdomain(nextname, zonecut)))
{
- remove_sigs(nextnode, 0);
+ remove_sigs(nextnode, ISC_FALSE, 0);
remove_records(nextnode, dns_rdatatype_nsec,
ISC_FALSE);
dns_db_detachnode(gdb, &nextnode);
@@ -2234,7 +2249,7 @@
static void
addnsec3param(const unsigned char *salt, size_t salt_length,
- unsigned int iterations)
+ dns_iterations_t iterations)
{
dns_dbnode_t *node = NULL;
dns_rdata_nsec3param_t nsec3param;
@@ -2254,7 +2269,7 @@
nsec3param.flags = 0;
nsec3param.hash = unknownalg ? DNS_NSEC3_UNKNOWNALG : dns_hash_sha1;
nsec3param.iterations = iterations;
- nsec3param.salt_length = salt_length;
+ nsec3param.salt_length = (unsigned char)salt_length;
DE_CONST(salt, nsec3param.salt);
isc_buffer_init(&b, nsec3parambuf, sizeof(nsec3parambuf));
@@ -2551,7 +2566,7 @@
* Generate NSEC3 records for the zone.
*/
static void
-nsec3ify(unsigned int hashalg, unsigned int iterations,
+nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
const unsigned char *salt, size_t salt_length, hashlist_t *hashlist)
{
dns_dbiterator_t *dbiter = NULL;
@@ -2617,7 +2632,7 @@
if (!dns_name_issubdomain(nextname, gorigin) ||
(zonecut != NULL &&
dns_name_issubdomain(nextname, zonecut))) {
- remove_sigs(nextnode, 0);
+ remove_sigs(nextnode, ISC_FALSE, 0);
dns_db_detachnode(gdb, &nextnode);
result = dns_dbiterator_next(dbiter);
continue;
@@ -2625,7 +2640,7 @@
if (delegation(nextname, nextnode, &nsttl)) {
zonecut = dns_fixedname_name(&fzonecut);
dns_name_copy(nextname, zonecut, NULL);
- remove_sigs(nextnode, 0);
+ remove_sigs(nextnode, ISC_TRUE, 0);
if (generateds)
add_ds(nextname, nextnode, nsttl);
if (OPTOUT(nsec3flags) &&
@@ -2954,7 +2969,7 @@
}
static void
-build_final_keylist() {
+build_final_keylist(void) {
isc_result_t result;
dns_dbversion_t *ver = NULL;
dns_diff_t diff;
@@ -3082,7 +3097,7 @@
"Use -u to update it.");
} else if (!set_salt) {
salt_length = orig_saltlen;
- memcpy(saltbuf, orig_salt, orig_saltlen);
+ memmove(saltbuf, orig_salt, orig_saltlen);
salt = saltbuf;
}
@@ -3726,12 +3741,12 @@
isc_stdtime_get(&now);
if (startstr != NULL) {
- starttime = strtotime(startstr, now, now);
+ starttime = strtotime(startstr, now, now, NULL);
} else
starttime = now - 3600; /* Allow for some clock skew. */
if (endstr != NULL) {
- endtime = strtotime(endstr, now, starttime);
+ endtime = strtotime(endstr, now, starttime, NULL);
} else
endtime = starttime + (30 * 24 * 60 * 60);
Modified: vendor/bind/dist/bin/dnssec/dnssec-signzone.docbook
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-signzone.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-signzone.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
- <date>June 05, 2009</date>
+ <date>October 13, 2013</date>
</refentryinfo>
<refmeta>
@@ -43,6 +42,8 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
+ <year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -593,7 +594,7 @@
<term>-H <replaceable class="parameter">iterations</replaceable></term>
<listitem>
<para>
- When generating an NSEC3 chain, use this many interations. The
+ When generating an NSEC3 chain, use this many iterations. The
default is 10.
</para>
</listitem>
Modified: vendor/bind/dist/bin/dnssec/dnssec-signzone.html
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssec-signzone.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssec-signzone.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="repl!
aceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543597"></a><h2>DESCRIPTION</h2>
+<a name="id2543611"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543612"></a><h2>OPTIONS</h2>
+<a name="id2543626"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -347,7 +347,7 @@
</p></dd>
<dt><span class="term">-H <em class="replaceable"><code>iterations</code></em></span></dt>
<dd><p>
- When generating an NSEC3 chain, use this many interations. The
+ When generating an NSEC3 chain, use this many iterations. The
default is 10.
</p></dd>
<dt><span class="term">-A</span></dt>
@@ -379,7 +379,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544965"></a><h2>EXAMPLE</h2>
+<a name="id2544910"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -409,7 +409,7 @@
%</pre>
</div>
<div class="refsect1" lang="en">
-<a name="id2545020"></a><h2>SEE ALSO</h2>
+<a name="id2545034"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
@@ -416,7 +416,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545045"></a><h2>AUTHOR</h2>
+<a name="id2545059"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/dnssec/dnssectool.c
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssectool.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssectool.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssectool.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: dnssectool.c,v 1.60.162.3 2011/10/21 03:56:32 marka Exp $ */
/*! \file */
@@ -279,6 +279,12 @@
return(0); /* silence compiler warning */
}
+static inline isc_boolean_t
+isnone(const char *str) {
+ return (ISC_TF((strcasecmp(str, "none") == 0) ||
+ (strcasecmp(str, "never") == 0)));
+}
+
dns_ttl_t
strtottl(const char *str) {
const char *orig = str;
@@ -285,6 +291,9 @@
dns_ttl_t ttl;
char *endp;
+ if (isnone(str))
+ return ((dns_ttl_t) 0);
+
ttl = strtol(str, &endp, 0);
if (ttl == 0 && endp == str)
fatal("TTL must be numeric");
@@ -293,16 +302,51 @@
}
isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
+strtotime(const char *str, isc_int64_t now, isc_int64_t base,
+ isc_boolean_t *setp)
+{
isc_int64_t val, offset;
isc_result_t result;
const char *orig = str;
char *endp;
+ size_t n;
+ if (isnone(str)) {
+ if (setp != NULL)
+ *setp = ISC_FALSE;
+ return ((isc_stdtime_t) 0);
+ }
+
+ if (setp != NULL)
+ *setp = ISC_TRUE;
+
if ((str[0] == '0' || str[0] == '-') && str[1] == '\0')
return ((isc_stdtime_t) 0);
- if (strncmp(str, "now", 3) == 0) {
+ /*
+ * We accept times in the following formats:
+ * now([+-]offset)
+ * YYYYMMDD([+-]offset)
+ * YYYYMMDDhhmmss([+-]offset)
+ * [+-]offset
+ */
+ n = strspn(str, "0123456789");
+ if ((n == 8u || n == 14u) &&
+ (str[n] == '\0' || str[n] == '-' || str[n] == '+'))
+ {
+ char timestr[15];
+
+ strlcpy(timestr, str, sizeof(timestr));
+ timestr[n] = 0;
+ if (n == 8u)
+ strlcat(timestr, "000000", sizeof(timestr));
+ result = dns_time64_fromtext(timestr, &val);
+ if (result != ISC_R_SUCCESS)
+ fatal("time value %s is invalid: %s", orig,
+ isc_result_totext(result));
+ base = val;
+ str += n;
+ } else if (strncmp(str, "now", 3) == 0) {
base = now;
str += 3;
}
@@ -317,21 +361,8 @@
offset = strtol(str + 1, &endp, 0);
offset = time_units((isc_stdtime_t) offset, endp, orig);
val = base - offset;
- } else if (strlen(str) == 8U) {
- char timestr[15];
- sprintf(timestr, "%s000000", str);
- result = dns_time64_fromtext(timestr, &val);
- if (result != ISC_R_SUCCESS)
- fatal("time value %s is invalid: %s", orig,
- isc_result_totext(result));
- } else if (strlen(str) > 14U) {
+ } else
fatal("time value %s is invalid", orig);
- } else {
- result = dns_time64_fromtext(str, &val);
- if (result != ISC_R_SUCCESS)
- fatal("time value %s is invalid: %s", orig,
- isc_result_totext(result));
- }
return ((isc_stdtime_t) val);
}
Modified: vendor/bind/dist/bin/dnssec/dnssectool.h
===================================================================
--- vendor/bind/dist/bin/dnssec/dnssectool.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/dnssec/dnssectool.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssectool.h,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: dnssectool.h,v 1.31.162.2 2011/10/20 23:46:27 tbox Exp $ */
#ifndef DNSSECTOOL_H
#define DNSSECTOOL_H 1
@@ -63,7 +63,8 @@
dns_ttl_t strtottl(const char *str);
isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base);
+strtotime(const char *str, isc_int64_t now, isc_int64_t base,
+ isc_boolean_t *setp);
dns_rdataclass_t
strtoclass(const char *str);
Modified: vendor/bind/dist/bin/named/Makefile.in
===================================================================
--- vendor/bind/dist/bin/named/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $
+# $Id: Makefile.in,v 1.114.14.2 2011/03/10 23:47:25 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -102,7 +102,7 @@
SRCS = builtin.c client.c config.c control.c \
controlconf.c interfacemgr.c \
listenlist.c log.c logconf.c main.c notify.c \
- query.c server.c sortlist.c statschannel.c symtbl.c symtbl-empty.c \
+ query.c server.c sortlist.c statschannel.c \
tkeyconf.c tsigconf.c update.c xfrout.c \
zoneconf.c \
lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
@@ -124,6 +124,7 @@
-DDESCRIPTION=\"${DESCRIPTION}\" \
-DSRCID=\"${SRCID}\" \
-DCONFIGARGS="\"${CONFIGARGS}\"" \
+ -DBUILDER="\"make\"" \
-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
-DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
Modified: vendor/bind/dist/bin/named/bind9.xsl
===================================================================
--- vendor/bind/dist/bin/named/bind9.xsl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/bind9.xsl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: bind9.xsl,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp $ -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
Modified: vendor/bind/dist/bin/named/bindkeys.pl
===================================================================
--- vendor/bind/dist/bin/named/bindkeys.pl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/bindkeys.pl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,12 +14,12 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: bindkeys.pl,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+# $Id: bindkeys.pl,v 1.7 2011/01/04 23:47:13 tbox Exp $
use strict;
use warnings;
-my $rev = '$Id: bindkeys.pl,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $';
+my $rev = '$Id: bindkeys.pl,v 1.7 2011/01/04 23:47:13 tbox Exp $';
$rev =~ s/\$//g;
$rev =~ s/,v//g;
$rev =~ s/Id: //;
Property changes on: vendor/bind/dist/bin/named/bindkeys.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/bin/named/builtin.c
===================================================================
--- vendor/bind/dist/bin/named/builtin.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/builtin.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: builtin.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: builtin.c,v 1.20.14.3 2012/01/11 20:19:40 ckb Exp $ */
/*! \file
* \brief
@@ -117,7 +117,7 @@
rdata[j++] = decimal[c];
}
}
- memcpy(&rdata[j], "\07in-addr\04arpa", 14);
+ memmove(&rdata[j], "\07in-addr\04arpa", 14);
return (j + 14);
}
@@ -276,7 +276,8 @@
*/
return (ISC_R_NOTFOUND);
}
- return (dns_sdb_putrdata(lookup, dns_rdatatype_cname, 600, rdata, len));
+ return (dns_sdb_putrdata(lookup, dns_rdatatype_cname, 600,
+ rdata, (unsigned int)len));
}
static isc_result_t
@@ -312,7 +313,7 @@
if (len > 255)
len = 255; /* Silently truncate */
buf[0] = len;
- memcpy(&buf[1], text, len);
+ memmove(&buf[1], text, len);
return (dns_sdb_putrdata(lookup, dns_rdatatype_txt, 0, buf, len + 1));
}
@@ -492,11 +493,11 @@
isc_mem_put(ns_g_mctx, empty, sizeof (*empty));
} else {
if (strcmp(argv[0], "empty") == 0)
- memcpy(empty, &empty_builtin,
- sizeof (empty_builtin));
+ memmove(empty, &empty_builtin,
+ sizeof (empty_builtin));
else
- memcpy(empty, &dns64_builtin,
- sizeof (empty_builtin));
+ memmove(empty, &dns64_builtin,
+ sizeof (empty_builtin));
empty->server = server;
empty->contact = contact;
*dbdata = empty;
Modified: vendor/bind/dist/bin/named/client.c
===================================================================
--- vendor/bind/dist/bin/named/client.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/client.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: client.c,v 1.271.10.4 2012/01/31 23:46:39 tbox Exp $ */
#include <config.h>
@@ -214,6 +214,8 @@
static void client_start(isc_task_t *task, isc_event_t *event);
static void client_request(isc_task_t *task, isc_event_t *event);
static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+static inline isc_boolean_t
+allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl);
void
ns_client_recursing(ns_client_t *client) {
@@ -972,6 +974,19 @@
result = dns_compress_init(&cctx, -1, client->mctx);
if (result != ISC_R_SUCCESS)
goto done;
+ if (client->peeraddr_valid && client->view != NULL) {
+ isc_netaddr_t netaddr;
+ dns_name_t *name = NULL;
+
+ isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+ if (client->message->tsigkey != NULL)
+ name = &client->message->tsigkey->name;
+ if (client->view->nocasecompress == NULL ||
+ !allowed(&netaddr, name, client->view->nocasecompress))
+ {
+ dns_compress_setsensitive(&cctx, ISC_TRUE);
+ }
+ }
cleanup_cctx = ISC_TRUE;
result = dns_message_renderbegin(client->message, &cctx, &buffer);
@@ -1188,36 +1203,17 @@
static inline isc_result_t
client_addopt(ns_client_t *client) {
- dns_rdataset_t *rdataset;
- dns_rdatalist_t *rdatalist;
- dns_rdata_t *rdata;
+ char nsid[BUFSIZ], *nsidp;
isc_result_t result;
dns_view_t *view;
dns_resolver_t *resolver;
isc_uint16_t udpsize;
+ dns_ednsopt_t ednsopts[DNS_EDNSOPTIONS];
+ int count = 0;
+ unsigned int flags;
REQUIRE(client->opt == NULL); /* XXXRTH free old. */
- rdatalist = NULL;
- result = dns_message_gettemprdatalist(client->message, &rdatalist);
- if (result != ISC_R_SUCCESS)
- return (result);
- rdata = NULL;
- result = dns_message_gettemprdata(client->message, &rdata);
- if (result != ISC_R_SUCCESS)
- return (result);
- rdataset = NULL;
- result = dns_message_gettemprdataset(client->message, &rdataset);
- if (result != ISC_R_SUCCESS)
- return (result);
- dns_rdataset_init(rdataset);
-
- rdatalist->type = dns_rdatatype_opt;
- rdatalist->covers = 0;
-
- /*
- * Set the maximum UDP buffer size.
- */
view = client->view;
resolver = (view != NULL) ? view->resolver : NULL;
if (resolver != NULL)
@@ -1224,26 +1220,13 @@
udpsize = dns_resolver_getudpsize(resolver);
else
udpsize = ns_g_udpsize;
- rdatalist->rdclass = udpsize;
- /*
- * Set EXTENDED-RCODE, VERSION and Z to 0.
- */
- rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
+ flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE;
/* Set EDNS options if applicable */
- if (client->attributes & NS_CLIENTATTR_WANTNSID &&
+ if ((client->attributes & NS_CLIENTATTR_WANTNSID) != 0 &&
(ns_g_server->server_id != NULL ||
ns_g_server->server_usehostname)) {
- /*
- * Space required for NSID data:
- * 2 bytes for opt code
- * + 2 bytes for NSID length
- * + NSID itself
- */
- char nsid[BUFSIZ], *nsidp;
- isc_buffer_t *buffer = NULL;
-
if (ns_g_server->server_usehostname) {
isc_result_t result;
result = ns_os_gethostname(nsid, sizeof(nsid));
@@ -1254,35 +1237,16 @@
} else
nsidp = ns_g_server->server_id;
- rdata->length = strlen(nsidp) + 4;
- result = isc_buffer_allocate(client->mctx, &buffer,
- rdata->length);
- if (result != ISC_R_SUCCESS)
- goto no_nsid;
-
- isc_buffer_putuint16(buffer, DNS_OPT_NSID);
- isc_buffer_putuint16(buffer, strlen(nsidp));
- isc_buffer_putstr(buffer, nsidp);
- rdata->data = buffer->base;
- dns_message_takebuffer(client->message, &buffer);
- } else {
-no_nsid:
- rdata->data = NULL;
- rdata->length = 0;
+ INSIST(count < DNS_EDNSOPTIONS);
+ ednsopts[count].code = DNS_OPT_NSID;
+ ednsopts[count].length = strlen(nsidp);
+ ednsopts[count].value = (unsigned char *)nsidp;
+ count++;
}
-
- rdata->rdclass = rdatalist->rdclass;
- rdata->type = rdatalist->type;
- rdata->flags = 0;
-
- ISC_LIST_INIT(rdatalist->rdata);
- ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
- RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
- == ISC_R_SUCCESS);
-
- client->opt = rdataset;
-
- return (ISC_R_SUCCESS);
+ no_nsid:
+ result = dns_message_buildopt(client->message, &client->opt, 0,
+ udpsize, flags, ednsopts, count);
+ return (result);
}
static inline isc_boolean_t
@@ -1363,6 +1327,83 @@
return (ISC_TF(view == myview));
}
+static isc_result_t
+process_opt(ns_client_t *client, dns_rdataset_t *opt) {
+ dns_rdata_t rdata;
+ isc_buffer_t optbuf;
+ isc_result_t result;
+ isc_uint16_t optcode;
+ isc_uint16_t optlen;
+
+ /*
+ * Set the client's UDP buffer size.
+ */
+ client->udpsize = opt->rdclass;
+
+ /*
+ * If the requested UDP buffer size is less than 512,
+ * ignore it and use 512.
+ */
+ if (client->udpsize < 512)
+ client->udpsize = 512;
+
+ /*
+ * Get the flags out of the OPT record.
+ */
+ client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF);
+
+ /*
+ * Do we understand this version of EDNS?
+ *
+ * XXXRTH need library support for this!
+ */
+ client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
+ if (client->ednsversion > 0) {
+ isc_stats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_badednsver);
+ result = client_addopt(client);
+ if (result == ISC_R_SUCCESS)
+ result = DNS_R_BADVERS;
+ ns_client_error(client, result);
+ goto cleanup;
+ }
+
+ /* Check for NSID request */
+ result = dns_rdataset_first(opt);
+ if (result == ISC_R_SUCCESS) {
+ dns_rdata_init(&rdata);
+ dns_rdataset_current(opt, &rdata);
+ isc_buffer_init(&optbuf, rdata.data, rdata.length);
+ isc_buffer_add(&optbuf, rdata.length);
+ while (isc_buffer_remaininglength(&optbuf) >= 4) {
+ optcode = isc_buffer_getuint16(&optbuf);
+ optlen = isc_buffer_getuint16(&optbuf);
+ switch (optcode) {
+ case DNS_OPT_NSID:
+ client->attributes |= NS_CLIENTATTR_WANTNSID;
+ isc_buffer_forward(&optbuf, optlen);
+ break;
+ default:
+ isc_buffer_forward(&optbuf, optlen);
+ break;
+ }
+ }
+ }
+
+ isc_stats_increment(ns_g_server->nsstats, dns_nsstatscounter_edns0in);
+
+ /*
+ * Create an OPT for our reply.
+ */
+ result = client_addopt(client);
+ if (result != ISC_R_SUCCESS) {
+ ns_client_error(client, result);
+ goto cleanup;
+ }
+ cleanup:
+ return (result);
+}
+
/*
* Handle an incoming request event from the socket (UDP case)
* or tcpmsg (TCP case).
@@ -1384,8 +1425,6 @@
dns_messageid_t id;
unsigned int flags;
isc_boolean_t notimp;
- dns_rdata_t rdata;
- isc_uint16_t optcode;
REQUIRE(event != NULL);
client = event->ev_arg;
@@ -1585,67 +1624,9 @@
*/
opt = dns_message_getopt(client->message);
if (opt != NULL) {
- /*
- * Set the client's UDP buffer size.
- */
- client->udpsize = opt->rdclass;
-
- /*
- * If the requested UDP buffer size is less than 512,
- * ignore it and use 512.
- */
- if (client->udpsize < 512)
- client->udpsize = 512;
-
- /*
- * Get the flags out of the OPT record.
- */
- client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF);
-
- /*
- * Do we understand this version of EDNS?
- *
- * XXXRTH need library support for this!
- */
- client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
- if (client->ednsversion > 0) {
- isc_stats_increment(ns_g_server->nsstats,
- dns_nsstatscounter_badednsver);
- result = client_addopt(client);
- if (result == ISC_R_SUCCESS)
- result = DNS_R_BADVERS;
- ns_client_error(client, result);
+ result = process_opt(client, opt);
+ if (result != ISC_R_SUCCESS)
goto cleanup;
- }
-
- /* Check for NSID request */
- result = dns_rdataset_first(opt);
- if (result == ISC_R_SUCCESS) {
- dns_rdata_init(&rdata);
- dns_rdataset_current(opt, &rdata);
- if (rdata.length >= 2) {
- isc_buffer_t nsidbuf;
- isc_buffer_init(&nsidbuf,
- rdata.data, rdata.length);
- isc_buffer_add(&nsidbuf, rdata.length);
- optcode = isc_buffer_getuint16(&nsidbuf);
- if (optcode == DNS_OPT_NSID)
- client->attributes |=
- NS_CLIENTATTR_WANTNSID;
- }
- }
-
- isc_stats_increment(ns_g_server->nsstats,
- dns_nsstatscounter_edns0in);
-
- /*
- * Create an OPT for our reply.
- */
- result = client_addopt(client);
- if (result != ISC_R_SUCCESS) {
- ns_client_error(client, result);
- goto cleanup;
- }
}
if (client->message->rdclass == 0) {
@@ -2691,7 +2672,8 @@
static void
ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
if (client->peeraddr_valid)
- isc_sockaddr_format(&client->peeraddr, peerbuf, len);
+ isc_sockaddr_format(&client->peeraddr, peerbuf,
+ (unsigned int)len);
else
snprintf(peerbuf, len, "@%p", client);
}
@@ -2753,6 +2735,9 @@
int len = 1024;
isc_result_t result;
+ if (!isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(1)))
+ return;
+
/*
* Note that these are multiline debug messages. We want a newline
* to appear in the log after each message.
Modified: vendor/bind/dist/bin/named/config.c
===================================================================
--- vendor/bind/dist/bin/named/config.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/config.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: config.c,v 1.113.16.2 2011/02/28 01:19:58 tbox Exp $ */
/*! \file */
@@ -97,7 +97,7 @@
statistics-file \"named.stats\";\n\
statistics-interval 60;\n\
tcp-clients 100;\n\
- tcp-listen-queue 3;\n\
+ tcp-listen-queue 10;\n\
# tkey-dhkey <none>\n\
# tkey-gssapi-credential <none>\n\
# tkey-domain <none>\n\
@@ -555,7 +555,7 @@
if (new == NULL)
goto cleanup;
if (listcount != 0) {
- memcpy(new, lists, oldsize);
+ memmove(new, lists, oldsize);
isc_mem_put(mctx, lists, oldsize);
}
lists = new;
@@ -590,7 +590,7 @@
if (new == NULL)
goto cleanup;
if (stackcount != 0) {
- memcpy(new, stack, oldsize);
+ memmove(new, stack, oldsize);
isc_mem_put(mctx, stack, oldsize);
}
stack = new;
@@ -617,7 +617,7 @@
if (new == NULL)
goto cleanup;
if (addrcount != 0) {
- memcpy(new, addrs, oldsize);
+ memmove(new, addrs, oldsize);
isc_mem_put(mctx, addrs, oldsize);
}
addrs = new;
@@ -629,7 +629,7 @@
if (new == NULL)
goto cleanup;
if (keycount != 0) {
- memcpy(new, keys, oldsize);
+ memmove(new, keys, oldsize);
isc_mem_put(mctx, keys, oldsize);
}
keys = new;
@@ -677,7 +677,7 @@
new = isc_mem_get(mctx, newsize);
if (new == NULL)
goto cleanup;
- memcpy(new, addrs, newsize);
+ memmove(new, addrs, newsize);
} else
new = NULL;
isc_mem_put(mctx, addrs, oldsize);
@@ -690,7 +690,7 @@
new = isc_mem_get(mctx, newsize);
if (new == NULL)
goto cleanup;
- memcpy(new, keys, newsize);
+ memmove(new, keys, newsize);
} else
new = NULL;
isc_mem_put(mctx, keys, oldsize);
Modified: vendor/bind/dist/bin/named/control.c
===================================================================
--- vendor/bind/dist/bin/named/control.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/control.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: control.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: control.c,v 1.41 2010/12/03 22:05:19 each Exp $ */
/*! \file */
@@ -105,7 +105,8 @@
} else if (command_compare(command, NS_COMMAND_REFRESH)) {
result = ns_server_refreshcommand(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_RETRANSFER)) {
- result = ns_server_retransfercommand(ns_g_server, command);
+ result = ns_server_retransfercommand(ns_g_server,
+ command, text);
} else if (command_compare(command, NS_COMMAND_HALT)) {
#ifdef HAVE_LIBSCF
/*
@@ -196,11 +197,11 @@
result = ns_server_validation(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_SIGN) ||
command_compare(command, NS_COMMAND_LOADKEYS)) {
- result = ns_server_rekey(ns_g_server, command);
+ result = ns_server_rekey(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_ADDZONE)) {
- result = ns_server_add_zone(ns_g_server, command);
+ result = ns_server_add_zone(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_DELZONE)) {
- result = ns_server_del_zone(ns_g_server, command);
+ result = ns_server_del_zone(ns_g_server, command, text);
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
Modified: vendor/bind/dist/bin/named/controlconf.c
===================================================================
--- vendor/bind/dist/bin/named/controlconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/controlconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: controlconf.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: controlconf.c,v 1.60.544.3 2011/12/22 08:10:09 marka Exp $ */
/*! \file */
@@ -24,6 +24,7 @@
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/event.h>
+#include <isc/file.h>
#include <isc/mem.h>
#include <isc/net.h>
#include <isc/netaddr.h>
@@ -367,7 +368,7 @@
secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
if (secret.rstart == NULL)
goto cleanup;
- memcpy(secret.rstart, key->secret.base, key->secret.length);
+ memmove(secret.rstart, key->secret.base, key->secret.length);
secret.rend = secret.rstart + key->secret.length;
result = isccc_cc_fromwire(&ccregion, &request, &secret);
if (result == ISC_R_SUCCESS)
@@ -784,8 +785,8 @@
free_controlkey(keyid, mctx);
break;
}
- memcpy(keyid->secret.base, isc_buffer_base(&b),
- keyid->secret.length);
+ memmove(keyid->secret.base, isc_buffer_base(&b),
+ keyid->secret.length);
}
}
}
@@ -811,6 +812,13 @@
char secret[1024];
isc_buffer_t b;
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_INFO,
+ "configuring command channel from '%s'",
+ ns_g_keyfile);
+ if (! isc_file_exists(ns_g_keyfile))
+ return (ISC_R_FILENOTFOUND);
+
CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx));
CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config));
CHECK(cfg_map_get(config, "key", &key));
@@ -864,8 +872,8 @@
"out of memory", keyid->keyname);
CHECK(ISC_R_NOMEMORY);
}
- memcpy(keyid->secret.base, isc_buffer_base(&b),
- keyid->secret.length);
+ memmove(keyid->secret.base, isc_buffer_base(&b),
+ keyid->secret.length);
ISC_LIST_APPEND(*keyids, keyid, link);
keyid = NULL;
result = ISC_R_SUCCESS;
Modified: vendor/bind/dist/bin/named/convertxsl.pl
===================================================================
--- vendor/bind/dist/bin/named/convertxsl.pl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/convertxsl.pl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,12 +14,12 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: convertxsl.pl,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+# $Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $
use strict;
use warnings;
-my $rev = '$Id: convertxsl.pl,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $';
+my $rev = '$Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $';
$rev =~ s/\$//g;
$rev =~ s/,v//g;
$rev =~ s/Id: //;
Property changes on: vendor/bind/dist/bin/named/convertxsl.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/bin/named/include/dlz/dlz_dlopen_driver.h
===================================================================
--- vendor/bind/dist/bin/named/include/dlz/dlz_dlopen_driver.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/dlz/dlz_dlopen_driver.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dlz_dlopen_driver.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011/03/17 09:41:06 fdupont Exp $ */
#ifndef DLZ_DLOPEN_DRIVER_H
#define DLZ_DLOPEN_DRIVER_H
Modified: vendor/bind/dist/bin/named/include/named/builtin.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/builtin.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/builtin.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: builtin.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: builtin.h,v 1.6 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_BUILTIN_H
#define NAMED_BUILTIN_H 1
Modified: vendor/bind/dist/bin/named/include/named/client.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/client.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/client.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.h,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: client.h,v 1.91.278.2 2012/01/31 23:46:39 tbox Exp $ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
Modified: vendor/bind/dist/bin/named/include/named/config.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/config.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/config.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: config.h,v 1.16 2009/06/11 23:47:55 tbox Exp $ */
#ifndef NAMED_CONFIG_H
#define NAMED_CONFIG_H 1
Modified: vendor/bind/dist/bin/named/include/named/control.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/control.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/control.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: control.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: control.h,v 1.31 2010/08/16 22:21:06 marka Exp $ */
#ifndef NAMED_CONTROL_H
#define NAMED_CONTROL_H 1
Modified: vendor/bind/dist/bin/named/include/named/globals.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/globals.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/globals.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: globals.h,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: globals.h,v 1.89.54.2 2011/06/17 23:47:10 tbox Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
@@ -70,6 +70,7 @@
EXTERN const char * ns_g_description INIT(DESCRIPTION);
EXTERN const char * ns_g_srcid INIT(SRCID);
EXTERN const char * ns_g_configargs INIT(CONFIGARGS);
+EXTERN const char * ns_g_builder INIT(BUILDER);
EXTERN in_port_t ns_g_port INIT(0);
EXTERN in_port_t lwresd_g_listenport INIT(0);
Modified: vendor/bind/dist/bin/named/include/named/interfacemgr.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/interfacemgr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/interfacemgr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfacemgr.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: interfacemgr.h,v 1.33 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_INTERFACEMGR_H
#define NAMED_INTERFACEMGR_H 1
Modified: vendor/bind/dist/bin/named/include/named/listenlist.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/listenlist.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/listenlist.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: listenlist.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: listenlist.h,v 1.15 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_LISTENLIST_H
#define NAMED_LISTENLIST_H 1
Modified: vendor/bind/dist/bin/named/include/named/log.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/log.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/log.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: log.h,v 1.27 2009/01/07 23:47:46 tbox Exp $ */
#ifndef NAMED_LOG_H
#define NAMED_LOG_H 1
Modified: vendor/bind/dist/bin/named/include/named/logconf.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/logconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/logconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: logconf.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: logconf.h,v 1.17 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_LOGCONF_H
#define NAMED_LOGCONF_H 1
Modified: vendor/bind/dist/bin/named/include/named/lwaddr.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/lwaddr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/lwaddr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwaddr.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: lwaddr.h,v 1.8 2007/06/19 23:46:59 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/include/named/lwdclient.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/lwdclient.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/lwdclient.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdclient.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: lwdclient.h,v 1.20 2009/01/17 23:47:42 tbox Exp $ */
#ifndef NAMED_LWDCLIENT_H
#define NAMED_LWDCLIENT_H 1
Modified: vendor/bind/dist/bin/named/include/named/lwresd.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/lwresd.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/lwresd.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwresd.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: lwresd.h,v 1.19 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_LWRESD_H
#define NAMED_LWRESD_H 1
Modified: vendor/bind/dist/bin/named/include/named/lwsearch.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/lwsearch.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/lwsearch.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwsearch.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: lwsearch.h,v 1.9 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_LWSEARCH_H
#define NAMED_LWSEARCH_H 1
Modified: vendor/bind/dist/bin/named/include/named/main.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/main.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/main.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: main.h,v 1.17 2009/09/29 23:48:03 tbox Exp $ */
#ifndef NAMED_MAIN_H
#define NAMED_MAIN_H 1
@@ -22,6 +22,10 @@
/*! \file */
+#ifdef ISC_MAIN_HOOK
+#define main(argc, argv) bindmain(argc, argv)
+#endif
+
ISC_PLATFORM_NORETURN_PRE void
ns_main_earlyfatal(const char *format, ...)
ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
Modified: vendor/bind/dist/bin/named/include/named/notify.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/notify.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/notify.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: notify.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: notify.h,v 1.16 2009/01/17 23:47:42 tbox Exp $ */
#ifndef NAMED_NOTIFY_H
#define NAMED_NOTIFY_H 1
Modified: vendor/bind/dist/bin/named/include/named/ns_smf_globals.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/ns_smf_globals.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/ns_smf_globals.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ns_smf_globals.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: ns_smf_globals.h,v 1.7 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NS_SMF_GLOBALS_H
#define NS_SMF_GLOBALS_H 1
Modified: vendor/bind/dist/bin/named/include/named/query.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/query.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/query.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: query.h,v 1.45 2011/01/13 04:59:24 tbox Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1
Modified: vendor/bind/dist/bin/named/include/named/server.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/server.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/server.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.h,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: server.h,v 1.110 2010/08/16 23:46:52 tbox Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
@@ -224,7 +224,8 @@
*/
isc_result_t
-ns_server_retransfercommand(ns_server_t *server, char *args);
+ns_server_retransfercommand(ns_server_t *server, char *args,
+ isc_buffer_t *text);
/*%<
* Act on a "retransfer" command from the command channel.
*/
@@ -304,7 +305,7 @@
* take place incrementally.
*/
isc_result_t
-ns_server_rekey(ns_server_t *server, char *args);
+ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text);
/*%
* Dump the current recursive queries.
@@ -328,12 +329,12 @@
* Add a zone to a running process
*/
isc_result_t
-ns_server_add_zone(ns_server_t *server, char *args);
+ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text);
/*%
* Deletes a zone from a running process
*/
isc_result_t
-ns_server_del_zone(ns_server_t *server, char *args);
+ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text);
#endif /* NAMED_SERVER_H */
Modified: vendor/bind/dist/bin/named/include/named/sortlist.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/sortlist.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/sortlist.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sortlist.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: sortlist.h,v 1.11 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_SORTLIST_H
#define NAMED_SORTLIST_H 1
Modified: vendor/bind/dist/bin/named/include/named/statschannel.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/statschannel.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/statschannel.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: statschannel.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: statschannel.h,v 1.3 2008/04/03 05:55:51 marka Exp $ */
#ifndef NAMED_STATSCHANNEL_H
#define NAMED_STATSCHANNEL_H 1
Modified: vendor/bind/dist/bin/named/include/named/tkeyconf.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/tkeyconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/tkeyconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tkeyconf.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: tkeyconf.h,v 1.16 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NS_TKEYCONF_H
#define NS_TKEYCONF_H 1
Modified: vendor/bind/dist/bin/named/include/named/tsigconf.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/tsigconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/tsigconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsigconf.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: tsigconf.h,v 1.18 2009/06/11 23:47:55 tbox Exp $ */
#ifndef NS_TSIGCONF_H
#define NS_TSIGCONF_H 1
Modified: vendor/bind/dist/bin/named/include/named/types.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/types.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/types.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: types.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: types.h,v 1.31 2009/01/09 23:47:45 tbox Exp $ */
#ifndef NAMED_TYPES_H
#define NAMED_TYPES_H 1
Modified: vendor/bind/dist/bin/named/include/named/update.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/update.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/update.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: update.h,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_UPDATE_H
#define NAMED_UPDATE_H 1
Modified: vendor/bind/dist/bin/named/include/named/xfrout.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/xfrout.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/xfrout.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: xfrout.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: xfrout.h,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
#ifndef NAMED_XFROUT_H
#define NAMED_XFROUT_H 1
Modified: vendor/bind/dist/bin/named/include/named/zoneconf.h
===================================================================
--- vendor/bind/dist/bin/named/include/named/zoneconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/include/named/zoneconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zoneconf.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: zoneconf.h,v 1.28 2010/12/20 23:47:20 tbox Exp $ */
#ifndef NS_ZONECONF_H
#define NS_ZONECONF_H 1
Modified: vendor/bind/dist/bin/named/interfacemgr.c
===================================================================
--- vendor/bind/dist/bin/named/interfacemgr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/interfacemgr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfacemgr.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: interfacemgr.c,v 1.95.426.2 2011/03/12 04:59:14 tbox Exp $ */
/*! \file */
@@ -525,15 +525,22 @@
return (result);
if (result != ISC_R_SUCCESS) {
- isc_log_write(IFMGR_COMMON_LOGARGS,
- ISC_LOG_WARNING,
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_WARNING,
"omitting IPv4 interface %s from "
- "localnets ACL: %s",
- interface->name,
+ "localnets ACL: %s", interface->name,
isc_result_totext(result));
return (ISC_R_SUCCESS);
}
+ if (prefixlen == 0U) {
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_WARNING,
+ "omitting %s interface %s from localnets ACL: "
+ "zero prefix length detected",
+ (netaddr->family == AF_INET) ? "IPv4" : "IPv6",
+ interface->name);
+ return (ISC_R_SUCCESS);
+ }
+
result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable,
netaddr, prefixlen, ISC_TRUE);
if (result != ISC_R_SUCCESS)
Modified: vendor/bind/dist/bin/named/listenlist.c
===================================================================
--- vendor/bind/dist/bin/named/listenlist.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/listenlist.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: listenlist.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: listenlist.c,v 1.14 2007/06/19 23:46:59 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/log.c
===================================================================
--- vendor/bind/dist/bin/named/log.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/log.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: log.c,v 1.49 2009/01/07 01:46:40 jinmei Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/logconf.c
===================================================================
--- vendor/bind/dist/bin/named/logconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/logconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: logconf.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: logconf.c,v 1.42.816.3 2011/03/05 23:52:06 tbox Exp $ */
/*! \file */
@@ -41,10 +41,10 @@
/*%
* Set up a logging category according to the named.conf data
- * in 'ccat' and add it to 'lctx'.
+ * in 'ccat' and add it to 'logconfig'.
*/
static isc_result_t
-category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) {
+category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *logconfig) {
isc_result_t result;
const char *catname;
isc_logcategory_t *category;
@@ -64,6 +64,9 @@
return (ISC_R_SUCCESS);
}
+ if (logconfig == NULL)
+ return (ISC_R_SUCCESS);
+
module = NULL;
destinations = cfg_tuple_get(ccat, "destinations");
@@ -74,7 +77,7 @@
const cfg_obj_t *channel = cfg_listelt_value(element);
const char *channelname = cfg_obj_asstring(channel);
- result = isc_log_usechannel(lctx, channelname, category,
+ result = isc_log_usechannel(logconfig, channelname, category,
module);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
@@ -89,10 +92,11 @@
/*%
* Set up a logging channel according to the named.conf data
- * in 'cchan' and add it to 'lctx'.
+ * in 'cchan' and add it to 'logconfig'.
*/
static isc_result_t
-channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
+channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *logconfig)
+{
isc_result_t result;
isc_logdestination_t dest;
unsigned int type;
@@ -215,8 +219,11 @@
level = cfg_obj_asuint32(severity);
}
- result = isc_log_createchannel(lctx, channelname,
- type, level, &dest, flags);
+ if (logconfig == NULL)
+ result = ISC_R_SUCCESS;
+ else
+ result = isc_log_createchannel(logconfig, channelname,
+ type, level, &dest, flags);
if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {
FILE *fp;
@@ -226,22 +233,21 @@
* Fix defect #22771
*/
result = isc_file_isplainfile(dest.file.name);
- if (result == ISC_R_SUCCESS ||
- result == ISC_R_FILENOTFOUND) {
+ if (result == ISC_R_SUCCESS || result == ISC_R_FILENOTFOUND) {
/*
* Test that the file can be opened, since
* isc_log_open() can't effectively report
- * failures when called in
- * isc_log_doit().
+ * failures when called in isc_log_doit().
*/
result = isc_stdio_open(dest.file.name, "a", &fp);
if (result != ISC_R_SUCCESS) {
- syslog(LOG_ERR,
- "isc_stdio_open '%s' failed: %s",
- dest.file.name,
- isc_result_totext(result));
+ if (logconfig != NULL && !ns_g_nosyslog)
+ syslog(LOG_ERR,
+ "isc_stdio_open '%s' failed: "
+ "%s", dest.file.name,
+ isc_result_totext(result));
fprintf(stderr,
- "isc_stdio_open '%s' failed: %s",
+ "isc_stdio_open '%s' failed: %s\n",
dest.file.name,
isc_result_totext(result));
} else
@@ -248,10 +254,10 @@
(void)isc_stdio_close(fp);
goto done;
}
- if (!ns_g_nosyslog)
+ if (logconfig != NULL && !ns_g_nosyslog)
syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
dest.file.name, isc_result_totext(result));
- fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
+ fprintf(stderr, "isc_file_isplainfile '%s' failed: %s\n",
dest.file.name, isc_result_totext(result));
}
@@ -260,7 +266,7 @@
}
isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) {
+ns_log_configure(isc_logconfig_t *logconfig, const cfg_obj_t *logstmt) {
isc_result_t result;
const cfg_obj_t *channels = NULL;
const cfg_obj_t *categories = NULL;
@@ -269,7 +275,8 @@
isc_boolean_t unmatched_set = ISC_FALSE;
const cfg_obj_t *catname;
- CHECK(ns_log_setdefaultchannels(logconf));
+ if (logconfig != NULL)
+ CHECK(ns_log_setdefaultchannels(logconfig));
(void)cfg_map_get(logstmt, "channel", &channels);
for (element = cfg_list_first(channels);
@@ -277,7 +284,7 @@
element = cfg_list_next(element))
{
const cfg_obj_t *channel = cfg_listelt_value(element);
- CHECK(channel_fromconf(channel, logconf));
+ CHECK(channel_fromconf(channel, logconfig));
}
(void)cfg_map_get(logstmt, "category", &categories);
@@ -286,7 +293,7 @@
element = cfg_list_next(element))
{
const cfg_obj_t *category = cfg_listelt_value(element);
- CHECK(category_fromconf(category, logconf));
+ CHECK(category_fromconf(category, logconfig));
if (!default_set) {
catname = cfg_tuple_get(category, "name");
if (strcmp(cfg_obj_asstring(catname), "default") == 0)
@@ -299,16 +306,14 @@
}
}
- if (!default_set)
- CHECK(ns_log_setdefaultcategory(logconf));
+ if (logconfig != NULL && !default_set)
+ CHECK(ns_log_setdefaultcategory(logconfig));
- if (!unmatched_set)
- CHECK(ns_log_setunmatchedcategory(logconf));
+ if (logconfig != NULL && !unmatched_set)
+ CHECK(ns_log_setunmatchedcategory(logconfig));
return (ISC_R_SUCCESS);
cleanup:
- if (logconf != NULL)
- isc_logconfig_destroy(&logconf);
return (result);
}
Modified: vendor/bind/dist/bin/named/lwaddr.c
===================================================================
--- vendor/bind/dist/bin/named/lwaddr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwaddr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwaddr.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwaddr.c,v 1.10 2008/01/11 23:46:56 tbox Exp $ */
/*! \file */
@@ -41,11 +41,11 @@
if (la->family == LWRES_ADDRTYPE_V4) {
struct in_addr ina;
- memcpy(&ina.s_addr, la->address, 4);
+ memmove(&ina.s_addr, la->address, 4);
isc_netaddr_fromin(na, &ina);
} else {
struct in6_addr ina6;
- memcpy(&ina6.s6_addr, la->address, 16);
+ memmove(&ina6.s6_addr, la->address, 16);
isc_netaddr_fromin6(na, &ina6);
}
return (ISC_R_SUCCESS);
@@ -77,11 +77,11 @@
if (na->family == AF_INET) {
la->family = LWRES_ADDRTYPE_V4;
la->length = 4;
- memcpy(la->address, &na->type.in, 4);
+ memmove(la->address, &na->type.in, 4);
} else {
la->family = LWRES_ADDRTYPE_V6;
la->length = 16;
- memcpy(la->address, &na->type.in6, 16);
+ memmove(la->address, &na->type.in6, 16);
}
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/bin/named/lwdclient.c
===================================================================
--- vendor/bind/dist/bin/named/lwdclient.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwdclient.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdclient.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwdclient.c,v 1.22 2007/06/18 23:47:18 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/lwderror.c
===================================================================
--- vendor/bind/dist/bin/named/lwderror.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwderror.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwderror.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwderror.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/lwdgabn.c
===================================================================
--- vendor/bind/dist/bin/named/lwdgabn.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwdgabn.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgabn.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwdgabn.c,v 1.24 2009/09/02 23:48:01 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/lwdgnba.c
===================================================================
--- vendor/bind/dist/bin/named/lwdgnba.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwdgnba.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgnba.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwdgnba.c,v 1.22 2008/01/14 23:46:56 tbox Exp $ */
/*! \file */
@@ -226,12 +226,12 @@
client->na.family = AF_INET;
if (req->addr.length != 4)
goto out;
- memcpy(&client->na.type.in, req->addr.address, 4);
+ memmove(&client->na.type.in, req->addr.address, 4);
} else if (req->addr.family == LWRES_ADDRTYPE_V6) {
client->na.family = AF_INET6;
if (req->addr.length != 16)
goto out;
- memcpy(&client->na.type.in6, req->addr.address, 16);
+ memmove(&client->na.type.in6, req->addr.address, 16);
} else {
goto out;
}
Modified: vendor/bind/dist/bin/named/lwdgrbn.c
===================================================================
--- vendor/bind/dist/bin/named/lwdgrbn.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwdgrbn.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgrbn.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwdgrbn.c,v 1.22 2009/09/02 23:48:01 tbox Exp $ */
/*! \file */
@@ -124,8 +124,8 @@
lens = isc_mem_get(mctx, size * sizeof(*lens));
if (lens == NULL)
goto out;
- memcpy(rdatas, oldrdatas, used * sizeof(*rdatas));
- memcpy(lens, oldlens, used * sizeof(*lens));
+ memmove(rdatas, oldrdatas, used * sizeof(*rdatas));
+ memmove(lens, oldlens, used * sizeof(*lens));
isc_mem_put(mctx, oldrdatas,
oldsize * sizeof(*oldrdatas));
isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
@@ -158,8 +158,8 @@
newlens = isc_mem_get(mctx, used * sizeof(*lens));
if (newlens == NULL)
goto out;
- memcpy(newrdatas, rdatas, used * sizeof(*rdatas));
- memcpy(newlens, lens, used * sizeof(*lens));
+ memmove(newrdatas, rdatas, used * sizeof(*rdatas));
+ memmove(newlens, lens, used * sizeof(*lens));
isc_mem_put(mctx, rdatas, size * sizeof(*rdatas));
isc_mem_put(mctx, lens, size * sizeof(*lens));
grbn->rdatas = newrdatas;
@@ -204,6 +204,8 @@
lwres_grbnresponse_t *grbn;
int i;
+ REQUIRE(event != NULL);
+
UNUSED(task);
lwb.base = NULL;
@@ -324,9 +326,6 @@
(grbn->nsigs == 1) ? "" : "s");
}
- dns_lookup_destroy(&client->lookup);
- isc_event_free(&event);
-
/*
* Render the packet.
*/
@@ -362,6 +361,9 @@
NS_LWDCLIENT_SETSEND(client);
+ dns_lookup_destroy(&client->lookup);
+ isc_event_free(&event);
+
return;
out:
@@ -384,8 +386,7 @@
if (lwb.base != NULL)
lwres_context_freemem(cm->lwctx, lwb.base, lwb.length);
- if (event != NULL)
- isc_event_free(&event);
+ isc_event_free(&event);
ns_lwdclient_log(50, "error constructing getrrsetbyname response");
ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
Modified: vendor/bind/dist/bin/named/lwdnoop.c
===================================================================
--- vendor/bind/dist/bin/named/lwdnoop.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwdnoop.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdnoop.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwdnoop.c,v 1.13 2008/01/22 23:28:04 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/lwresd.8
===================================================================
--- vendor/bind/dist/bin/named/lwresd.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwresd.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwresd.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwresd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 30, 2000
+.\" Date: January 20, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9"
+.TH "LWRESD" "8" "January 20, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -217,7 +217,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/named/lwresd.c
===================================================================
--- vendor/bind/dist/bin/named/lwresd.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwresd.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwresd.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: lwresd.c,v 1.60 2009/09/02 23:48:01 tbox Exp $ */
/*! \file
* \brief
Modified: vendor/bind/dist/bin/named/lwresd.docbook
===================================================================
--- vendor/bind/dist/bin/named/lwresd.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwresd.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>June 30, 2000</date>
+ <date>January 20, 2009</date>
</refentryinfo>
<refmeta>
@@ -42,6 +41,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/bin/named/lwresd.html
===================================================================
--- vendor/bind/dist/bin/named/lwresd.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwresd.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476274"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">lwresd</span> — lightweight resolver daemon</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543469"></a><h2>DESCRIPTION</h2>
+<a name="id2543479"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">lwresd</strong></span>
is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
@@ -67,7 +67,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543516"></a><h2>OPTIONS</h2>
+<a name="id2543526"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -197,7 +197,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543933"></a><h2>FILES</h2>
+<a name="id2543943"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -210,7 +210,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543973"></a><h2>SEE ALSO</h2>
+<a name="id2543982"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
@@ -217,7 +217,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544007"></a><h2>AUTHOR</h2>
+<a name="id2544017"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/named/lwsearch.c
===================================================================
--- vendor/bind/dist/bin/named/lwsearch.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/lwsearch.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwsearch.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: lwsearch.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/main.c
===================================================================
--- vendor/bind/dist/bin/named/main.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/main.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
-
/*! \file */
#include <config.h>
@@ -390,7 +388,7 @@
int arglen;
if (end == NULL)
end = arg + strlen(arg);
- arglen = end - arg;
+ arglen = (int)(end - arg);
for (def = defs; def->name != NULL; def++) {
if (arglen == (int)strlen(def->name) &&
memcmp(arg, def->name, arglen) == 0) {
@@ -410,15 +408,16 @@
parse_command_line(int argc, char *argv[]) {
int ch;
int port;
+ const char *p;
isc_boolean_t disable6 = ISC_FALSE;
isc_boolean_t disable4 = ISC_FALSE;
save_command_line(argc, argv);
+ /* PLEASE keep options synchronized when main is hooked! */
+#define CMDLINE_FLAGS "46c:C:d:E:fFgi:lm:n:N:p:P:sS:t:T:u:vVx:"
isc_commandline_errprint = ISC_FALSE;
- while ((ch = isc_commandline_parse(argc, argv,
- "46c:C:d:E:fFgi:lm:n:N:p:P:"
- "sS:t:T:u:vVx:")) != -1) {
+ while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case '4':
if (disable4)
@@ -544,8 +543,25 @@
printf("%s %s", ns_g_product, ns_g_version);
if (*ns_g_description != 0)
printf(" %s", ns_g_description);
- printf(" <id:%s> built with %s\n", ns_g_srcid,
- ns_g_configargs);
+ printf(" <id:%s> built by %s with %s\n", ns_g_srcid,
+ ns_g_builder, ns_g_configargs);
+#ifdef __clang__
+ printf("compiled by CLANG %s\n", __VERSION__);
+#else
+#if defined(__ICC) || defined(__INTEL_COMPILER)
+ printf("compiled by ICC %s\n", __VERSION__);
+#else
+#ifdef __GNUC__
+ printf("compiled by GCC %s\n", __VERSION__);
+#endif
+#endif
+#endif
+#ifdef _MSC_VER
+ printf("compiled by MSVC %d\n", _MSC_VER);
+#endif
+#ifdef __SUNPRO_C
+ printf("compiled by Solaris Studio %x\n", __SUNPRO_C);
+#endif
#ifdef OPENSSL
printf("using OpenSSL version: %s\n",
OPENSSL_VERSION_TEXT);
@@ -562,8 +578,14 @@
usage();
if (isc_commandline_option == '?')
exit(0);
- ns_main_earlyfatal("unknown option '-%c'",
- isc_commandline_option);
+ p = strchr(CMDLINE_FLAGS, isc_commandline_option);
+ if (p == NULL || *++p != ':')
+ ns_main_earlyfatal("unknown option '-%c'",
+ isc_commandline_option);
+ else
+ ns_main_earlyfatal("option '-%c' requires "
+ "an argument",
+ isc_commandline_option);
/* FALLTHROUGH */
default:
ns_main_earlyfatal("parsing options returned %d", ch);
@@ -669,7 +691,7 @@
}
static void
-dump_symboltable() {
+dump_symboltable(void) {
int i;
isc_result_t result;
const char *fname;
@@ -1026,6 +1048,8 @@
}
#endif /* HAVE_LIBSCF */
+/* main entry point, possibly hooked */
+
int
main(int argc, char *argv[]) {
isc_result_t result;
Modified: vendor/bind/dist/bin/named/named.8
===================================================================
--- vendor/bind/dist/bin/named/named.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/named.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: named
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: May 21, 2009
+.\" Date: October 05, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NAMED" "8" "May 21, 2009" "BIND9" "BIND9"
+.TH "NAMED" "8" "October 05, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -267,7 +267,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/named/named.conf.5
===================================================================
--- vendor/bind/dist/bin/named/named.conf.5 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/named.conf.5 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: \fInamed.conf\fR
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Aug 13, 2004
+.\" Date: January 08, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
+.TH "\fINAMED.CONF\fR" "5" "January 08, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -187,7 +187,7 @@
random\-device \fIquoted_string\fR;
recursive\-clients \fIinteger\fR;
serial\-query\-rate \fIinteger\fR;
- server\-id ( \fIquoted_string\fR | none );
+ server\-id ( \fIquoted_string\fR | hostname | none );
stacksize \fIsize\fR;
statistics\-file \fIquoted_string\fR;
statistics\-interval \fIinteger\fR; // not yet implemented
@@ -322,7 +322,7 @@
zone\-statistics \fIboolean\fR;
key\-directory \fIquoted_string\fR;
managed\-keys\-directory \fIquoted_string\fR;
- auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBcreate\fR|\fBoff\fR;
+ auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBoff\fR;
try\-tcp\-refresh \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
@@ -592,5 +592,5 @@
\fBrndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/named/named.conf.docbook
===================================================================
--- vendor/bind/dist/bin/named/named.conf.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/named.conf.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.docbook,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Aug 13, 2004</date>
+ <date>January 08, 2014</date>
</refentryinfo>
<refmeta>
@@ -45,6 +44,7 @@
<year>2010</year>
<year>2011</year>
<year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -219,7 +219,7 @@
random-device <replaceable>quoted_string</replaceable>;
recursive-clients <replaceable>integer</replaceable>;
serial-query-rate <replaceable>integer</replaceable>;
- server-id ( <replaceable>quoted_string</replaceable> | none );
+ server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
stacksize <replaceable>size</replaceable>;
statistics-file <replaceable>quoted_string</replaceable>;
statistics-interval <replaceable>integer</replaceable>; // not yet implemented
@@ -365,7 +365,7 @@
zone-statistics <replaceable>boolean</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
managed-keys-directory <replaceable>quoted_string</replaceable>;
- auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>;
+ auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
try-tcp-refresh <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
Modified: vendor/bind/dist/bin/named/named.conf.html
===================================================================
--- vendor/bind/dist/bin/named/named.conf.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/named.conf.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.html,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -21,7 +21,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> — configuration file for named</p>
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543356"></a><h2>DESCRIPTION</h2>
+<a name="id2543367"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
<span><strong class="command">named</strong></span>. Statements are enclosed
@@ -50,7 +50,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543384"></a><h2>ACL</h2>
+<a name="id2543395"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl\xA0<em class="replaceable"><code>string</code></em>\xA0{\xA0<em class="replaceable"><code>address_match_element</code></em>;\xA0...\xA0};<br>
<br>
@@ -57,7 +57,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543400"></a><h2>KEY</h2>
+<a name="id2543411"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key\xA0<em class="replaceable"><code>domain_name</code></em>\xA0{<br>
algorithm\xA0<em class="replaceable"><code>string</code></em>;<br>
@@ -66,7 +66,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543419"></a><h2>MASTERS</h2>
+<a name="id2543430"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters\xA0<em class="replaceable"><code>string</code></em>\xA0[<span class="optional">\xA0port\xA0<em class="replaceable"><code>integer</code></em>\xA0</span>]\xA0{<br>
(\xA0<em class="replaceable"><code>masters</code></em>\xA0|\xA0<em class="replaceable"><code>ipv4_address</code></em>\xA0[<span class="optional">port\xA0<em class="replaceable"><code>integer</code></em></span>]\xA0|<br>
@@ -75,7 +75,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543465"></a><h2>SERVER</h2>
+<a name="id2543476"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server\xA0(\xA0<em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em>\xA0|\xA0<em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em>\xA0)\xA0{<br>
bogus\xA0<em class="replaceable"><code>boolean</code></em>;<br>
@@ -97,7 +97,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543533"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2543544"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys\xA0{<br>
<em class="replaceable"><code>domain_name</code></em>\xA0<em class="replaceable"><code>flags</code></em>\xA0<em class="replaceable"><code>protocol</code></em>\xA0<em class="replaceable"><code>algorithm</code></em>\xA0<em class="replaceable"><code>key</code></em>;\xA0...\xA0<br>
@@ -105,7 +105,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543559"></a><h2>MANAGED-KEYS</h2>
+<a name="id2543570"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys\xA0{<br>
<em class="replaceable"><code>domain_name</code></em>\xA0<code class="constant">initial-key</code>\xA0<em class="replaceable"><code>flags</code></em>\xA0<em class="replaceable"><code>protocol</code></em>\xA0<em class="replaceable"><code>algorithm</code></em>\xA0<em class="replaceable"><code>key</code></em>;\xA0...\xA0<br>
@@ -113,7 +113,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543588"></a><h2>CONTROLS</h2>
+<a name="id2543598"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls\xA0{<br>
inet\xA0(\xA0<em class="replaceable"><code>ipv4_address</code></em>\xA0|\xA0<em class="replaceable"><code>ipv6_address</code></em>\xA0|\xA0*\xA0)<br>
@@ -125,7 +125,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543623"></a><h2>LOGGING</h2>
+<a name="id2543634"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging\xA0{<br>
channel\xA0<em class="replaceable"><code>string</code></em>\xA0{<br>
@@ -143,7 +143,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543661"></a><h2>LWRES</h2>
+<a name="id2543672"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres\xA0{<br>
listen-on\xA0[<span class="optional">\xA0port\xA0<em class="replaceable"><code>integer</code></em>\xA0</span>]\xA0{<br>
@@ -156,7 +156,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543703"></a><h2>OPTIONS</h2>
+<a name="id2543714"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options\xA0{<br>
avoid-v4-udp-ports\xA0{\xA0<em class="replaceable"><code>port</code></em>;\xA0...\xA0};<br>
@@ -184,7 +184,7 @@
random-device\xA0<em class="replaceable"><code>quoted_string</code></em>;<br>
recursive-clients\xA0<em class="replaceable"><code>integer</code></em>;<br>
serial-query-rate\xA0<em class="replaceable"><code>integer</code></em>;<br>
- server-id\xA0(\xA0<em class="replaceable"><code>quoted_string</code></em>\xA0|\xA0none\xA0);<br>
+ server-id\xA0(\xA0<em class="replaceable"><code>quoted_string</code></em>\xA0|\xA0hostname\xA0|\xA0none\xA0);<br>
stacksize\xA0<em class="replaceable"><code>size</code></em>;<br>
statistics-file\xA0<em class="replaceable"><code>quoted_string</code></em>;<br>
statistics-interval\xA0<em class="replaceable"><code>integer</code></em>;\xA0//\xA0not\xA0yet\xA0implemented<br>
@@ -330,7 +330,7 @@
zone-statistics\xA0<em class="replaceable"><code>boolean</code></em>;<br>
key-directory\xA0<em class="replaceable"><code>quoted_string</code></em>;<br>
managed-keys-directory\xA0<em class="replaceable"><code>quoted_string</code></em>;<br>
- auto-dnssec\xA0<code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>;<br>
+ auto-dnssec\xA0<code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
try-tcp-refresh\xA0<em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl\xA0<em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl-cache\xA0<em class="replaceable"><code>boolean</code></em>;<br>
@@ -360,7 +360,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544578"></a><h2>VIEW</h2>
+<a name="id2544586"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view\xA0<em class="replaceable"><code>string</code></em>\xA0<em class="replaceable"><code>optional_class</code></em>\xA0{<br>
match-clients\xA0{\xA0<em class="replaceable"><code>address_match_element</code></em>;\xA0...\xA0};<br>
@@ -523,7 +523,7 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2545287"></a><h2>ZONE</h2>
+<a name="id2545296"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone\xA0<em class="replaceable"><code>string</code></em>\xA0<em class="replaceable"><code>optional_class</code></em>\xA0{<br>
type\xA0(\xA0master\xA0|\xA0slave\xA0|\xA0stub\xA0|\xA0hint\xA0|<br>
@@ -618,12 +618,12 @@
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2545667"></a><h2>FILES</h2>
+<a name="id2545675"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545678"></a><h2>SEE ALSO</h2>
+<a name="id2545687"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
Modified: vendor/bind/dist/bin/named/named.docbook
===================================================================
--- vendor/bind/dist/bin/named/named.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/named.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.docbook,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
<refentry id="man.named">
<refentryinfo>
- <date>May 21, 2009</date>
+ <date>October 05, 2009</date>
</refentryinfo>
<refmeta>
@@ -43,6 +42,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/bin/named/named.html
===================================================================
--- vendor/bind/dist/bin/named/named.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/named.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.html,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543482"></a><h2>DESCRIPTION</h2>
+<a name="id2543492"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -47,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543507"></a><h2>OPTIONS</h2>
+<a name="id2543516"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -228,7 +228,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543964"></a><h2>SIGNALS</h2>
+<a name="id2543974"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -249,7 +249,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544012"></a><h2>CONFIGURATION</h2>
+<a name="id2544022"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@@ -266,7 +266,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544049"></a><h2>FILES</h2>
+<a name="id2544058"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -279,7 +279,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544088"></a><h2>SEE ALSO</h2>
+<a name="id2544234"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -292,7 +292,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544295"></a><h2>AUTHOR</h2>
+<a name="id2544305"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/named/notify.c
===================================================================
--- vendor/bind/dist/bin/named/notify.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/notify.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: notify.c,v 1.1.1.1 2013-01-30 01:44:56 laffer1 Exp $ */
+/* $Id: notify.c,v 1.37 2007/06/19 23:46:59 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/bin/named/query.c
===================================================================
--- vendor/bind/dist/bin/named/query.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/query.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: query.c,v 1.353.8.24 2012/02/07 01:14:39 marka Exp $ */
/*! \file */
@@ -773,7 +773,7 @@
if (queryonacl == NULL)
queryonacl = client->view->queryonacl;
- result = ns_client_checkaclsilent(client, NULL,
+ result = ns_client_checkaclsilent(client, &client->destaddr,
queryonacl, ISC_TRUE);
if ((options & DNS_GETDB_NOLOG) == 0 &&
result != ISC_R_SUCCESS)
@@ -2237,7 +2237,7 @@
dns64 != NULL; dns64 = dns_dns64_next(dns64)) {
dns_rdataset_current(rdataset, &rdata);
- isc__buffer_availableregion(buffer, &r);
+ isc_buffer_availableregion(buffer, &r);
INSIST(r.length >= 16);
result = dns_dns64_aaaafroma(dns64, &netaddr,
client->signer,
@@ -2477,11 +2477,12 @@
if (result == ISC_R_SUCCESS) {
/*
* We've already got an RRset of the given name and type.
- * There's nothing else to do;
*/
CTRACE("query_addrrset: dns_message_findname succeeded: done");
if (dbuf != NULL)
query_releasename(client, namep);
+ if ((rdataset->attributes & DNS_RDATASETATTR_REQUIRED) != 0)
+ mrdataset->attributes |= DNS_RDATASETATTR_REQUIRED;
return;
} else if (result == DNS_R_NXDOMAIN) {
/*
@@ -2521,7 +2522,8 @@
static inline isc_result_t
query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
- unsigned int override_ttl, isc_boolean_t isassociated)
+ unsigned int override_ttl, isc_boolean_t isassociated,
+ dns_section_t section)
{
dns_name_t *name;
dns_dbnode_t *node;
@@ -2624,8 +2626,11 @@
sigrdatasetp = &sigrdataset;
else
sigrdatasetp = NULL;
+
+ if (section == DNS_SECTION_ADDITIONAL)
+ rdataset->attributes |= DNS_RDATASETATTR_REQUIRED;
query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL,
- DNS_SECTION_AUTHORITY);
+ section);
}
cleanup:
@@ -4863,7 +4868,7 @@
* response policy zone cannot verify.
*/
client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
- DNS_MESSAGEFLAG_AD);
+ NS_CLIENTATTR_WANTAD);
return (ISC_R_SUCCESS);
}
@@ -4900,12 +4905,12 @@
switch (rdata->type) {
case dns_rdatatype_a:
INSIST(rdata->length == 4);
- memcpy(&ina.s_addr, rdata->data, 4);
+ memmove(&ina.s_addr, rdata->data, 4);
isc_netaddr_fromin(netaddr, &ina);
return (ISC_R_SUCCESS);
case dns_rdatatype_aaaa:
INSIST(rdata->length == 16);
- memcpy(in6a.s6_addr, rdata->data, 16);
+ memmove(in6a.s6_addr, rdata->data, 16);
isc_netaddr_fromin6(netaddr, &in6a);
return (ISC_R_SUCCESS);
default:
@@ -5055,7 +5060,7 @@
ISC_LIST_PREPEND(msg->sections[section], name, link);
ISC_LIST_UNLINK(name->list, rdataset, link);
ISC_LIST_PREPEND(name->list, rdataset, link);
- rdataset->attributes |= DNS_RDATASETATTR_REQUIREDGLUE;
+ rdataset->attributes |= DNS_RDATASETATTR_REQUIRED;
}
}
@@ -5178,8 +5183,7 @@
dns_fixedname_t fixed;
dns_hash_t hash;
dns_name_t name;
- int order;
- unsigned int count;
+ unsigned int skip = 0, labels;
dns_rdata_nsec3_t nsec3;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_boolean_t optout;
@@ -5192,6 +5196,7 @@
dns_name_init(&name, NULL);
dns_name_clone(qname, &name);
+ labels = dns_name_countlabels(&name);
/*
* Map unknown algorithm to known value.
@@ -5223,13 +5228,14 @@
dns_rdata_reset(&rdata);
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
if (found != NULL && optout &&
- dns_name_fullcompare(&name, dns_db_origin(db), &order,
- &count) == dns_namereln_subdomain) {
+ dns_name_issubdomain(&name, dns_db_origin(db)))
+ {
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset))
dns_rdataset_disassociate(sigrdataset);
- count = dns_name_countlabels(&name) - 1;
- dns_name_getlabelsequence(&name, 1, count, &name);
+ skip++;
+ dns_name_getlabelsequence(qname, skip, labels - skip,
+ &name);
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
"looking for closest provable encloser");
@@ -5247,7 +5253,11 @@
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
"expected covering NSEC3, got an exact match");
- if (found != NULL)
+ if (found == qname) {
+ if (skip != 0U)
+ dns_name_getlabelsequence(qname, skip, labels - skip,
+ found);
+ } else if (found != NULL)
dns_name_copy(&name, found, NULL);
return;
}
@@ -5387,6 +5397,10 @@
isc_boolean_t resuming;
int line = -1;
isc_boolean_t dns64_exclude, dns64;
+ isc_boolean_t nxrewrite = ISC_FALSE;
+ isc_boolean_t associated;
+ dns_section_t section;
+ dns_ttl_t ttl;
CTRACE("query_find");
@@ -5730,9 +5744,11 @@
switch (rpz_st->m.policy) {
case DNS_RPZ_POLICY_NXDOMAIN:
result = DNS_R_NXDOMAIN;
+ nxrewrite = ISC_TRUE;
break;
case DNS_RPZ_POLICY_NODATA:
result = DNS_R_NXRRSET;
+ nxrewrite = ISC_TRUE;
break;
case DNS_RPZ_POLICY_RECORD:
result = rpz_st->m.result;
@@ -5791,7 +5807,8 @@
* response policy zone cannot verify.
*/
client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
- DNS_MESSAGEFLAG_AD);
+ NS_CLIENTATTR_WANTAD);
+ client->message->flags &= ~DNS_MESSAGEFLAG_AD;
query_putrdataset(client, &sigrdataset);
rpz_st->q.is_zone = is_zone;
is_zone = ISC_TRUE;
@@ -6275,15 +6292,22 @@
*/
query_releasename(client, &fname);
}
+
/*
- * Add SOA.
+ * Add SOA to the additional section if generated by a RPZ
+ * rewrite.
*/
+ associated = dns_rdataset_isassociated(rdataset);
+ section = nxrewrite ? DNS_SECTION_ADDITIONAL :
+ DNS_SECTION_AUTHORITY;
+
result = query_addsoa(client, db, version, ISC_UINT32_MAX,
- dns_rdataset_isassociated(rdataset));
+ associated, section);
if (result != ISC_R_SUCCESS) {
QUERY_ERROR(result);
goto cleanup;
}
+
/*
* Add NSEC record if we found one.
*/
@@ -6318,20 +6342,23 @@
}
/*
- * Add SOA. If the query was for a SOA record force the
+ * Add SOA to the additional section if generated by a
+ * RPZ rewrite.
+ *
+ * If the query was for a SOA record force the
* ttl to zero so that it is possible for clients to find
* the containing zone of an arbitrary name with a stub
* resolver and not have it cached.
*/
- if (qtype == dns_rdatatype_soa &&
- zone != NULL &&
- dns_zone_getzeronosoattl(zone))
- result = query_addsoa(client, db, version, 0,
- dns_rdataset_isassociated(rdataset));
- else
- result = query_addsoa(client, db, version,
- ISC_UINT32_MAX,
- dns_rdataset_isassociated(rdataset));
+ associated = dns_rdataset_isassociated(rdataset);
+ section = nxrewrite ? DNS_SECTION_ADDITIONAL :
+ DNS_SECTION_AUTHORITY;
+ ttl = ISC_UINT32_MAX;
+ if (!nxrewrite && qtype == dns_rdatatype_soa &&
+ zone != NULL && dns_zone_getzeronosoattl(zone))
+ ttl = 0;
+ result = query_addsoa(client, db, version, ttl, associated,
+ section);
if (result != ISC_R_SUCCESS) {
QUERY_ERROR(result);
goto cleanup;
@@ -6814,7 +6841,8 @@
goto addauth;
}
- if (dns_db_issecure(db)) {
+ if (qtype == dns_rdatatype_rrsig &&
+ dns_db_issecure(db)) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(client->query.qname,
namebuf,
@@ -6994,7 +7022,8 @@
* Add a fake SOA record.
*/
(void)query_addsoa(client, db, version,
- 600, ISC_FALSE);
+ 600, ISC_FALSE,
+ DNS_SECTION_AUTHORITY);
goto cleanup;
}
#endif
Modified: vendor/bind/dist/bin/named/server.c
===================================================================
--- vendor/bind/dist/bin/named/server.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/server.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: server.c,v 1.599.8.19 2012/02/22 00:33:32 each Exp $ */
/*! \file */
@@ -74,11 +74,13 @@
#include <dns/portlist.h>
#include <dns/rbt.h>
#include <dns/rdataclass.h>
+#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/rdatastruct.h>
#include <dns/resolver.h>
#include <dns/rootns.h>
#include <dns/secalg.h>
+#include <dns/soa.h>
#include <dns/stats.h>
#include <dns/tkey.h>
#include <dns/tsig.h>
@@ -121,6 +123,14 @@
if (result != ISC_R_SUCCESS) goto cleanup; \
} while (0)
+#define TCHECK(op) \
+ do { tresult = (op); \
+ if (tresult != ISC_R_SUCCESS) { \
+ isc_buffer_clear(text); \
+ goto cleanup; \
+ } \
+ } while (0)
+
#define CHECKM(op, msg) \
do { result = (op); \
if (result != ISC_R_SUCCESS) { \
@@ -341,12 +351,12 @@
static isc_result_t
ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx,
- isc_mem_t *mctx, ns_listenelt_t **target);
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+ isc_uint16_t family, ns_listenelt_t **target);
static isc_result_t
ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx,
- isc_mem_t *mctx, ns_listenlist_t **target);
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+ isc_uint16_t family, ns_listenlist_t **target);
static isc_result_t
configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
@@ -370,6 +380,15 @@
static void
newzone_cfgctx_destroy(void **cfgp);
+static isc_result_t
+putstr(isc_buffer_t *b, const char *str);
+
+static isc_result_t
+putnull(isc_buffer_t *b);
+
+isc_result_t
+add_comment(FILE *fp, const char *viewname);
+
/*%
* Configure a single view ACL at '*aclp'. Get its configuration from
* 'vconfig' (for per-view configuration) and maybe from 'config'
@@ -1302,35 +1321,32 @@
return (ISC_FALSE);
}
-static void
-check_dbtype(dns_zone_t **zonep, unsigned int dbtypec, const char **dbargv,
+static isc_result_t
+check_dbtype(dns_zone_t *zone, unsigned int dbtypec, const char **dbargv,
isc_mem_t *mctx)
{
char **argv = NULL;
unsigned int i;
- isc_result_t result;
+ isc_result_t result = ISC_R_SUCCESS;
- result = dns_zone_getdbtype(*zonep, &argv, mctx);
- if (result != ISC_R_SUCCESS) {
- dns_zone_detach(zonep);
- return;
- }
+ CHECK(dns_zone_getdbtype(zone, &argv, mctx));
/*
* Check that all the arguments match.
*/
for (i = 0; i < dbtypec; i++)
- if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) {
- dns_zone_detach(zonep);
- break;
- }
+ if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0)
+ CHECK(ISC_R_FAILURE);
/*
* Check that there are not extra arguments.
*/
if (i == dbtypec && argv[i] != NULL)
- dns_zone_detach(zonep);
+ result = ISC_R_FAILURE;
+
+ cleanup:
isc_mem_free(mctx, argv);
+ return (result);
}
static isc_result_t
@@ -1623,6 +1639,235 @@
return (ISC_R_SUCCESS);
}
+static isc_result_t
+add_soa(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
+ dns_name_t *origin, dns_name_t *contact)
+{
+ dns_dbnode_t *node = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset;
+ isc_result_t result;
+ unsigned char buf[DNS_SOA_BUFFERSIZE];
+
+ dns_rdataset_init(&rdataset);
+ dns_rdatalist_init(&rdatalist);
+ CHECK(dns_soa_buildrdata(origin, contact, dns_db_class(db),
+ 0, 28800, 7200, 604800, 86400, buf, &rdata));
+ rdatalist.type = rdata.type;
+ rdatalist.covers = 0;
+ rdatalist.rdclass = rdata.rdclass;
+ rdatalist.ttl = 86400;
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+ CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset));
+ CHECK(dns_db_findnode(db, name, ISC_TRUE, &node));
+ CHECK(dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL));
+ cleanup:
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+
+static isc_result_t
+add_ns(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
+ dns_name_t *nsname)
+{
+ dns_dbnode_t *node = NULL;
+ dns_rdata_ns_t ns;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset;
+ isc_result_t result;
+ isc_buffer_t b;
+ unsigned char buf[DNS_NAME_MAXWIRE];
+
+ isc_buffer_init(&b, buf, sizeof(buf));
+
+ dns_rdataset_init(&rdataset);
+ dns_rdatalist_init(&rdatalist);
+ ns.common.rdtype = dns_rdatatype_ns;
+ ns.common.rdclass = dns_db_class(db);
+ ns.mctx = NULL;
+ dns_name_init(&ns.name, NULL);
+ dns_name_clone(nsname, &ns.name);
+ CHECK(dns_rdata_fromstruct(&rdata, dns_db_class(db), dns_rdatatype_ns,
+ &ns, &b));
+ rdatalist.type = rdata.type;
+ rdatalist.covers = 0;
+ rdatalist.rdclass = rdata.rdclass;
+ rdatalist.ttl = 86400;
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+ CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset));
+ CHECK(dns_db_findnode(db, name, ISC_TRUE, &node));
+ CHECK(dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL));
+ cleanup:
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+
+static isc_result_t
+create_empty_zone(dns_zone_t *zone, dns_name_t *name, dns_view_t *view,
+ const cfg_obj_t *zonelist, const char **empty_dbtype,
+ int empty_dbtypec, isc_boolean_t zonestats_on)
+{
+ char namebuf[DNS_NAME_FORMATSIZE];
+ const cfg_listelt_t *element;
+ const cfg_obj_t *obj;
+ const cfg_obj_t *zconfig;
+ const cfg_obj_t *zoptions;
+ const char *rbt_dbtype[4] = { "rbt" };
+ const char *sep = ": view ";
+ const char *str;
+ const char *viewname = view->name;
+ dns_db_t *db = NULL;
+ dns_dbversion_t *version = NULL;
+ dns_fixedname_t cfixed;
+ dns_fixedname_t fixed;
+ dns_fixedname_t nsfixed;
+ dns_name_t *contact;
+ dns_name_t *ns;
+ dns_name_t *zname;
+ dns_zone_t *myzone = NULL;
+ int rbt_dbtypec = 1;
+ isc_result_t result;
+ dns_namereln_t namereln;
+ int order;
+ unsigned int nlabels;
+
+ dns_fixedname_init(&fixed);
+ zname = dns_fixedname_name(&fixed);
+ dns_fixedname_init(&nsfixed);
+ ns = dns_fixedname_name(&nsfixed);
+ dns_fixedname_init(&cfixed);
+ contact = dns_fixedname_name(&cfixed);
+
+ /*
+ * Look for forward "zones" beneath this empty zone and if so
+ * create a custom db for the empty zone.
+ */
+ for (element = cfg_list_first(zonelist);
+ element != NULL;
+ element = cfg_list_next(element)) {
+
+ zconfig = cfg_listelt_value(element);
+ str = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
+ CHECK(dns_name_fromstring(zname, str, 0, NULL));
+ namereln = dns_name_fullcompare(zname, name, &order, &nlabels);
+ if (namereln != dns_namereln_subdomain)
+ continue;
+
+ zoptions = cfg_tuple_get(zconfig, "options");
+
+ obj = NULL;
+ (void)cfg_map_get(zoptions, "type", &obj);
+ INSIST(obj != NULL);
+ if (strcasecmp(cfg_obj_asstring(obj), "forward") == 0) {
+ obj = NULL;
+ (void)cfg_map_get(zoptions, "forward", &obj);
+ if (obj == NULL)
+ continue;
+ if (strcasecmp(cfg_obj_asstring(obj), "only") != 0)
+ continue;
+ }
+ if (db == NULL) {
+ CHECK(dns_db_create(view->mctx, "rbt", name,
+ dns_dbtype_zone, view->rdclass,
+ 0, NULL, &db));
+ CHECK(dns_db_newversion(db, &version));
+ if (strcmp(empty_dbtype[2], "@") == 0)
+ dns_name_clone(name, ns);
+ else
+ CHECK(dns_name_fromstring(ns, empty_dbtype[2],
+ 0, NULL));
+ CHECK(dns_name_fromstring(contact, empty_dbtype[3],
+ 0, NULL));
+ CHECK(add_soa(db, version, name, ns, contact));
+ CHECK(add_ns(db, version, name, ns));
+ }
+ CHECK(add_ns(db, version, zname, dns_rootname));
+ }
+
+ /*
+ * Is the existing zone the ok to use?
+ */
+ if (zone != NULL) {
+ unsigned int typec;
+ const char **dbargv;
+
+ if (db != NULL) {
+ typec = rbt_dbtypec;
+ dbargv = rbt_dbtype;
+ } else {
+ typec = empty_dbtypec;
+ dbargv = empty_dbtype;
+ }
+
+ result = check_dbtype(zone, typec, dbargv, view->mctx);
+ if (result != ISC_R_SUCCESS)
+ zone = NULL;
+
+ if (zone != NULL && dns_zone_gettype(zone) != dns_zone_master)
+ zone = NULL;
+ if (zone != NULL && dns_zone_getfile(zone) != NULL)
+ zone = NULL;
+ }
+
+ if (zone == NULL) {
+ CHECK(dns_zone_create(&myzone, view->mctx));
+ zone = myzone;
+ CHECK(dns_zone_setorigin(zone, name));
+ CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
+ if (db == NULL)
+ CHECK(dns_zone_setdbtype(zone, empty_dbtypec,
+ empty_dbtype));
+ dns_zone_setclass(zone, view->rdclass);
+ dns_zone_settype(zone, dns_zone_master);
+ dns_zone_setstats(zone, ns_g_server->zonestats);
+ }
+
+ dns_zone_setoption(zone, ~DNS_ZONEOPT_NOCHECKNS, ISC_FALSE);
+ dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, ISC_TRUE);
+ dns_zone_setnotifytype(zone, dns_notifytype_no);
+ dns_zone_setdialup(zone, dns_dialuptype_no);
+ if (view->queryacl)
+ dns_zone_setqueryacl(zone, view->queryacl);
+ else
+ dns_zone_clearqueryacl(zone);
+ if (view->queryonacl)
+ dns_zone_setqueryonacl(zone, view->queryonacl);
+ else
+ dns_zone_clearqueryonacl(zone);
+ dns_zone_clearupdateacl(zone);
+ dns_zone_clearxfracl(zone);
+
+ CHECK(setquerystats(zone, view->mctx, zonestats_on));
+ if (db != NULL) {
+ dns_db_closeversion(db, &version, ISC_TRUE);
+ CHECK(dns_zone_replacedb(zone, db, ISC_FALSE));
+ }
+ dns_zone_setview(zone, view);
+ CHECK(dns_view_addzone(view, zone));
+
+ if (!strcmp(viewname, "_default")) {
+ sep = "";
+ viewname = "";
+ }
+ dns_name_format(name, namebuf, sizeof(namebuf));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO, "automatic empty zone%s%s: %s",
+ sep, viewname, namebuf);
+
+ cleanup:
+ if (myzone != NULL)
+ dns_zone_detach(&myzone);
+ if (version != NULL)
+ dns_db_closeversion(db, &version, ISC_FALSE);
+ if (db != NULL)
+ dns_db_detach(&db);
+ return (result);
+}
+
/*
* Configure 'view' according to 'vconfig', taking defaults from 'config'
* where values are missing in 'vconfig'.
@@ -1676,7 +1921,6 @@
isc_uint32_t max_clients_per_query;
const char *sep = ": view ";
const char *viewname = view->name;
- const char *forview = " for view ";
isc_boolean_t rfc1918;
isc_boolean_t empty_zones_enable;
const cfg_obj_t *disablelist = NULL;
@@ -1722,8 +1966,6 @@
if (!strcmp(viewname, "_default")) {
sep = "";
viewname = "";
- forview = "";
- POST(forview);
}
/*
@@ -1908,9 +2150,9 @@
obj = NULL;
if (dlz != NULL) {
- (void)cfg_map_get(cfg_tuple_get(dlz, "options"),
- "database", &obj);
+ (void)cfg_map_get(dlz, "database", &obj);
if (obj != NULL) {
+ const cfg_obj_t *name;
char *s = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
if (s == NULL) {
result = ISC_R_NOMEMORY;
@@ -1923,8 +2165,8 @@
goto cleanup;
}
- obj = cfg_tuple_get(dlz, "name");
- result = dns_dlzcreate(mctx, cfg_obj_asstring(obj),
+ name = cfg_map_getname(dlz);
+ result = dns_dlzcreate(mctx, cfg_obj_asstring(name),
dlzargv[0], dlzargc, dlzargv,
&view->dlzdatabase);
isc_mem_free(mctx, s);
@@ -2643,6 +2885,14 @@
}
/*
+ * Ignore case when compressing responses to the specified
+ * clients. This causes case not always to be preserved,
+ * and is needed by some broken clients.
+ */
+ CHECK(configure_view_acl(vconfig, config, "no-case-compress", NULL,
+ actx, ns_g_mctx, &view->nocasecompress));
+
+ /*
* Filter setting on addresses in the answer section.
*/
CHECK(configure_view_acl(vconfig, config, "deny-answer-addresses",
@@ -2980,44 +3230,13 @@
if (pview != NULL) {
(void)dns_view_findzone(pview, name, &zone);
dns_view_detach(&pview);
- if (zone != NULL)
- check_dbtype(&zone, empty_dbtypec,
- empty_dbtype, mctx);
- if (zone != NULL) {
- dns_zone_setview(zone, view);
- CHECK(dns_view_addzone(view, zone));
- CHECK(setquerystats(zone, mctx,
- zonestats_on));
- dns_zone_detach(&zone);
- continue;
- }
}
- CHECK(dns_zone_create(&zone, mctx));
- CHECK(dns_zone_setorigin(zone, name));
- dns_zone_setview(zone, view);
- CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr,
- zone));
- dns_zone_setclass(zone, view->rdclass);
- dns_zone_settype(zone, dns_zone_master);
- dns_zone_setstats(zone, ns_g_server->zonestats);
- CHECK(dns_zone_setdbtype(zone, empty_dbtypec,
- empty_dbtype));
- if (view->queryacl != NULL)
- dns_zone_setqueryacl(zone, view->queryacl);
- if (view->queryonacl != NULL)
- dns_zone_setqueryonacl(zone, view->queryonacl);
- dns_zone_setdialup(zone, dns_dialuptype_no);
- dns_zone_setnotifytype(zone, dns_notifytype_no);
- dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS,
- ISC_TRUE);
- CHECK(setquerystats(zone, mctx, zonestats_on));
- CHECK(dns_view_addzone(view, zone));
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_SERVER, ISC_LOG_INFO,
- "automatic empty zone%s%s: %s",
- sep, viewname, empty);
- dns_zone_detach(&zone);
+ CHECK(create_empty_zone(zone, name, view, zonelist,
+ empty_dbtype, empty_dbtypec,
+ zonestats_on));
+ if (zone != NULL)
+ dns_zone_detach(&zone);
}
}
@@ -3473,8 +3692,16 @@
(void)cfg_map_get(zoptions, "forward", &forwardtype);
(void)cfg_map_get(zoptions, "forwarders", &forwarders);
- result = configure_forward(config, view, origin, forwarders,
- forwardtype);
+ CHECK(configure_forward(config, view, origin, forwarders,
+ forwardtype));
+
+ /*
+ * Forward zones may also set delegation only.
+ */
+ only = NULL;
+ tresult = cfg_map_get(zoptions, "delegation-only", &only);
+ if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
+ CHECK(dns_view_adddelegationonly(view, origin));
goto cleanup;
}
@@ -4108,6 +4335,9 @@
case dns_zone_stub:
type = "stub";
break;
+ case dns_zone_staticstub:
+ type = "static-stub";
+ break;
default:
type = "other";
break;
@@ -4200,8 +4430,8 @@
(int) isc_buffer_usedlength(&key_txtbuffer),
(char*) isc_buffer_base(&key_txtbuffer));
- RUNTIME_CHECK(isc_stdio_flush(fp) == ISC_R_SUCCESS);
- RUNTIME_CHECK(isc_stdio_close(fp) == ISC_R_SUCCESS);
+ CHECK(isc_stdio_flush(fp));
+ CHECK(isc_stdio_close(fp));
dst_key_free(&key);
@@ -4214,6 +4444,11 @@
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"failed to generate session key "
"for dynamic DNS: %s", isc_result_totext(result));
+ if (fp != NULL) {
+ if (isc_file_exists(filename))
+ (void)isc_file_remove(filename);
+ (void)isc_stdio_close(fp);
+ }
if (tsigkey != NULL)
dns_tsigkey_detach(&tsigkey);
if (key != NULL)
@@ -4437,7 +4672,10 @@
dns_viewlist_t viewlist, builtin_viewlist;
in_port_t listen_port, udpport_low, udpport_high;
int i;
+ int num_zones = 0;
+ isc_boolean_t exclusive = ISC_FALSE;
isc_interval_t interval;
+ isc_logconfig_t *logc = NULL;
isc_portset_t *v4portset = NULL;
isc_portset_t *v6portset = NULL;
isc_resourcevalue_t nfiles;
@@ -4446,12 +4684,10 @@
isc_uint32_t interface_interval;
isc_uint32_t reserved;
isc_uint32_t udpsize;
+ ns_cache_t *nsc;
ns_cachelist_t cachelist, tmpcachelist;
+ struct cfg_context *nzctx;
unsigned int maxsocks;
- ns_cache_t *nsc;
- struct cfg_context *nzctx;
- int num_zones = 0;
- isc_boolean_t exclusive = ISC_FALSE;
ISC_LIST_INIT(viewlist);
ISC_LIST_INIT(builtin_viewlist);
@@ -4739,8 +4975,8 @@
result = ns_config_get(maps, "tcp-listen-queue", &obj);
INSIST(result == ISC_R_SUCCESS);
ns_g_listen = cfg_obj_asuint32(obj);
- if (ns_g_listen < 3)
- ns_g_listen = 3;
+ if ((ns_g_listen > 0) && (ns_g_listen < 10))
+ ns_g_listen = 10;
/*
* Configure the interface manager according to the "listen-on"
@@ -4762,7 +4998,8 @@
/* check return code? */
(void)ns_listenlist_fromconfig(clistenon, config,
ns_g_aclconfctx,
- ns_g_mctx, &listenon);
+ ns_g_mctx, AF_INET,
+ &listenon);
} else if (!ns_g_lwresdonly) {
/*
* Not specified, use default.
@@ -4789,7 +5026,8 @@
/* check return code? */
(void)ns_listenlist_fromconfig(clistenon, config,
ns_g_aclconfctx,
- ns_g_mctx, &listenon);
+ ns_g_mctx, AF_INET6,
+ &listenon);
} else if (!ns_g_lwresdonly) {
isc_boolean_t enable;
/*
@@ -5112,13 +5350,30 @@
* unprivileged user, not root.
*/
if (ns_g_logstderr) {
+ const cfg_obj_t *logobj = NULL;
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
- "ignoring config file logging "
- "statement due to -g option");
+ "not using config file logging "
+ "statement for logging due to "
+ "-g option");
+
+ (void)cfg_map_get(config, "logging", &logobj);
+ if (logobj != NULL) {
+ result = ns_log_configure(NULL, logobj);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_ERROR,
+ "checking logging configuration "
+ "failed: %s",
+ isc_result_totext(result));
+ goto cleanup;
+ }
+ }
} else {
const cfg_obj_t *logobj = NULL;
- isc_logconfig_t *logc = NULL;
CHECKM(isc_logconfig_create(ns_g_lctx, &logc),
"creating new logging configuration");
@@ -5137,11 +5392,9 @@
"setting up default 'category default'");
}
- result = isc_logconfig_use(ns_g_lctx, logc);
- if (result != ISC_R_SUCCESS) {
- isc_logconfig_destroy(&logc);
- CHECKM(result, "installing logging configuration");
- }
+ CHECKM(isc_logconfig_use(ns_g_lctx, logc),
+ "installing logging configuration");
+ logc = NULL;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
@@ -5273,6 +5526,9 @@
result = ISC_R_SUCCESS;
cleanup:
+ if (logc != NULL)
+ isc_logconfig_destroy(&logc);
+
if (v4portset != NULL)
isc_portset_destroy(ns_g_mctx, &v4portset);
@@ -5286,7 +5542,7 @@
}
if (bindkeys_parser != NULL) {
- if (bindkeys != NULL)
+ if (bindkeys != NULL)
cfg_obj_destroy(bindkeys_parser, &bindkeys);
cfg_parser_destroy(&bindkeys_parser);
}
@@ -5971,17 +6227,18 @@
*/
static isc_result_t
zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
- const char **zonename)
+ const char **zonename, isc_buffer_t *text)
{
char *input, *ptr;
const char *zonetxt;
char *classtxt;
const char *viewtxt = NULL;
- dns_fixedname_t name;
+ dns_fixedname_t fname;
+ dns_name_t *name;
isc_result_t result;
- isc_buffer_t buf;
dns_view_t *view = NULL;
dns_rdataclass_t rdclass;
+ char problem[DNS_NAME_FORMATSIZE + 500] = "";
REQUIRE(zonep != NULL && *zonep == NULL);
REQUIRE(zonename == NULL || *zonename == NULL);
@@ -6007,38 +6264,44 @@
viewtxt = next_token(&input, " \t");
}
- isc_buffer_constinit(&buf, zonetxt, strlen(zonetxt));
- isc_buffer_add(&buf, strlen(zonetxt));
- dns_fixedname_init(&name);
- result = dns_name_fromtext(dns_fixedname_name(&name),
- &buf, dns_rootname, 0, NULL);
- if (result != ISC_R_SUCCESS)
- goto fail1;
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ CHECK(dns_name_fromstring(name, zonetxt, 0, NULL));
if (classtxt != NULL) {
isc_textregion_t r;
r.base = classtxt;
r.length = strlen(classtxt);
- result = dns_rdataclass_fromtext(&rdclass, &r);
- if (result != ISC_R_SUCCESS)
- goto fail1;
+ CHECK(dns_rdataclass_fromtext(&rdclass, &r));
} else
rdclass = dns_rdataclass_in;
if (viewtxt == NULL) {
- result = dns_viewlist_findzone(&server->viewlist,
- dns_fixedname_name(&name),
+ result = dns_viewlist_findzone(&server->viewlist, name,
ISC_TF(classtxt == NULL),
rdclass, zonep);
+ if (result == ISC_R_NOTFOUND)
+ snprintf(problem, sizeof(problem),
+ "no matching zone '%s' in any view",
+ zonetxt);
+ else if (result == ISC_R_MULTIPLE)
+ snprintf(problem, sizeof(problem),
+ "zone '%s' was found in multiple views",
+ zonetxt);
} else {
result = dns_viewlist_find(&server->viewlist, viewtxt,
rdclass, &view);
+ if (result != ISC_R_SUCCESS) {
+ snprintf(problem, sizeof(problem),
+ "no matching view '%s'", viewtxt);
+ goto report;
+ }
+
+ result = dns_zt_find(view->zonetable, name, 0, NULL, zonep);
if (result != ISC_R_SUCCESS)
- goto fail1;
-
- result = dns_zt_find(view->zonetable, dns_fixedname_name(&name),
- 0, NULL, zonep);
- dns_view_detach(&view);
+ snprintf(problem, sizeof(problem),
+ "no matching zone '%s' in view '%s'",
+ zonetxt, viewtxt);
}
/* Partial match? */
@@ -6046,7 +6309,19 @@
dns_zone_detach(zonep);
if (result == DNS_R_PARTIALMATCH)
result = ISC_R_NOTFOUND;
- fail1:
+ report:
+ if (result != ISC_R_SUCCESS) {
+ isc_result_t tresult;
+
+ tresult = putstr(text, problem);
+ if (tresult == ISC_R_SUCCESS)
+ putnull(text);
+ }
+
+ cleanup:
+ if (view != NULL)
+ dns_view_detach(&view);
+
return (result);
}
@@ -6054,12 +6329,14 @@
* Act on a "retransfer" command from the command channel.
*/
isc_result_t
-ns_server_retransfercommand(ns_server_t *server, char *args) {
+ns_server_retransfercommand(ns_server_t *server, char *args,
+ isc_buffer_t *text)
+{
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
- result = zone_from_args(server, args, &zone, NULL);
+ result = zone_from_args(server, args, &zone, NULL, text);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
@@ -6083,7 +6360,7 @@
dns_zonetype_t type;
const char *msg = NULL;
- result = zone_from_args(server, args, &zone, NULL);
+ result = zone_from_args(server, args, &zone, NULL, text);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
@@ -6143,7 +6420,7 @@
dns_zone_t *zone = NULL;
const unsigned char msg[] = "zone notify queued";
- result = zone_from_args(server, args, &zone, NULL);
+ result = zone_from_args(server, args, &zone, NULL, text);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
@@ -6168,7 +6445,7 @@
const unsigned char msg2[] = "not a slave or stub zone";
dns_zonetype_t type;
- result = zone_from_args(server, args, &zone, NULL);
+ result = zone_from_args(server, args, &zone, NULL, text);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
@@ -6202,8 +6479,8 @@
static isc_result_t
ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx,
- isc_mem_t *mctx, ns_listenlist_t **target)
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+ isc_uint16_t family, ns_listenlist_t **target)
{
isc_result_t result;
const cfg_listelt_t *element;
@@ -6222,7 +6499,7 @@
ns_listenelt_t *delt = NULL;
const cfg_obj_t *listener = cfg_listelt_value(element);
result = ns_listenelt_fromconfig(listener, config, actx,
- mctx, &delt);
+ mctx, family, &delt);
if (result != ISC_R_SUCCESS)
goto cleanup;
ISC_LIST_APPEND(dlist->elts, delt, link);
@@ -6241,8 +6518,8 @@
*/
static isc_result_t
ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx,
- isc_mem_t *mctx, ns_listenelt_t **target)
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+ isc_uint16_t family, ns_listenelt_t **target)
{
isc_result_t result;
const cfg_obj_t *portobj;
@@ -6273,9 +6550,9 @@
if (result != ISC_R_SUCCESS)
return (result);
- result = cfg_acl_fromconfig(cfg_tuple_get(listener, "acl"),
- config, ns_g_lctx, actx, mctx, 0,
- &delt->acl);
+ result = cfg_acl_fromconfig2(cfg_tuple_get(listener, "acl"),
+ config, ns_g_lctx, actx, mctx, 0,
+ family, &delt->acl);
if (result != ISC_R_SUCCESS) {
ns_listenelt_destroy(delt);
return (result);
@@ -7001,7 +7278,7 @@
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
- "version: %s%s%s%s\n"
+ "version: %s%s%s%s <id:%s>\n"
#ifdef ISC_PLATFORM_USETHREADS
"CPUs found: %u\n"
"worker threads: %u\n"
@@ -7015,7 +7292,7 @@
"recursive clients: %d/%d/%d\n"
"tcp clients: %d/%d\n"
"server is up and running",
- ns_g_version, ob, alt, cb,
+ ns_g_version, ob, alt, cb, ns_g_srcid,
#ifdef ISC_PLATFORM_USETHREADS
ns_g_cpus_detected, ns_g_cpus,
#endif
@@ -7259,7 +7536,7 @@
* Act on a "sign" or "loadkeys" command from the command channel.
*/
isc_result_t
-ns_server_rekey(ns_server_t *server, char *args) {
+ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
@@ -7269,7 +7546,7 @@
if (strncasecmp(args, NS_COMMAND_SIGN, strlen(NS_COMMAND_SIGN)) == 0)
fullsign = ISC_TRUE;
- result = zone_from_args(server, args, &zone, NULL);
+ result = zone_from_args(server, args, &zone, NULL, text);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
@@ -7313,7 +7590,7 @@
isc_boolean_t frozen;
const char *msg = NULL;
- result = zone_from_args(server, args, &zone, NULL);
+ result = zone_from_args(server, args, &zone, NULL, text);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
@@ -7433,11 +7710,28 @@
#endif /* HAVE_LIBSCF */
/*
+ * Emit a comment at the top of the nzf file containing the viewname
+ * Expects the fp to already be open for writing
+ */
+#define HEADER1 "# New zone file for view: "
+#define HEADER2 "\n# This file contains configuration for zones added by\n" \
+ "# the 'rndc addzone' command. DO NOT EDIT BY HAND.\n"
+isc_result_t
+add_comment(FILE *fp, const char *viewname) {
+ isc_result_t result;
+ CHECK(isc_stdio_write(HEADER1, sizeof(HEADER1) - 1, 1, fp, NULL));
+ CHECK(isc_stdio_write(viewname, strlen(viewname), 1, fp, NULL));
+ CHECK(isc_stdio_write(HEADER2, sizeof(HEADER2) - 1, 1, fp, NULL));
+ cleanup:
+ return (result);
+}
+
+/*
* Act on an "addzone" command from the command channel.
*/
isc_result_t
-ns_server_add_zone(ns_server_t *server, char *args) {
- isc_result_t result;
+ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) {
+ isc_result_t result, tresult;
isc_buffer_t argbuf;
size_t arglen;
cfg_parser_t *parser = NULL;
@@ -7452,16 +7746,19 @@
const char *argp;
const char *viewname = NULL;
dns_rdataclass_t rdclass;
- dns_view_t *view = 0;
- isc_buffer_t buf, *nbuf = NULL;
- dns_name_t dnsname;
+ dns_view_t *view = NULL;
+ isc_buffer_t buf;
+ dns_fixedname_t fname;
+ dns_name_t *dnsname;
dns_zone_t *zone = NULL;
FILE *fp = NULL;
struct cfg_context *cfg = NULL;
+ char namebuf[DNS_NAME_FORMATSIZE];
+ off_t offset;
/* Try to parse the argument string */
arglen = strlen(args);
- isc_buffer_init(&argbuf, args, arglen);
+ isc_buffer_init(&argbuf, args, (unsigned int)arglen);
isc_buffer_add(&argbuf, strlen(args));
CHECK(cfg_parser_create(server->mctx, ns_g_lctx, &parser));
CHECK(cfg_parse_buffer(parser, &argbuf, &cfg_type_addzoneconf,
@@ -7471,11 +7768,11 @@
zonename = cfg_obj_asstring(cfg_tuple_get(parms, "name"));
isc_buffer_constinit(&buf, zonename, strlen(zonename));
isc_buffer_add(&buf, strlen(zonename));
- dns_name_init(&dnsname, NULL);
- isc_buffer_allocate(server->mctx, &nbuf, 256);
- dns_name_setbuffer(&dnsname, nbuf);
- CHECK(dns_name_fromtext(&dnsname, &buf, dns_rootname, ISC_FALSE, NULL));
+ dns_fixedname_init(&fname);
+ dnsname = dns_fixedname_name(&fname);
+ CHECK(dns_name_fromtext(dnsname, &buf, dns_rootname, ISC_FALSE, NULL));
+
/* Make sense of optional class argument */
obj = cfg_tuple_get(parms, "class");
CHECK(ns_config_getclass(obj, dns_rdataclass_in, &rdclass));
@@ -7503,7 +7800,7 @@
}
/* Zone shouldn't already exist */
- result = dns_zt_find(view->zonetable, &dnsname, 0, NULL, &zone);
+ result = dns_zt_find(view->zonetable, dnsname, 0, NULL, &zone);
if (result == ISC_R_SUCCESS) {
result = ISC_R_EXISTS;
goto cleanup;
@@ -7530,7 +7827,17 @@
}
/* Open save file for write configuration */
- CHECK(isc_stdio_open(view->new_zone_file, "a", &fp));
+ result = isc_stdio_open(view->new_zone_file, "a", &fp);
+ if (result != ISC_R_SUCCESS) {
+ TCHECK(putstr(text, "unable to open '"));
+ TCHECK(putstr(text, view->new_zone_file));
+ TCHECK(putstr(text, "': "));
+ TCHECK(putstr(text, isc_result_totext(result)));
+ goto cleanup;
+ }
+ CHECK(isc_stdio_tell(fp, &offset));
+ if (offset == 0)
+ CHECK(add_comment(fp, view->name));
/* Mark view unfrozen so that zone can be added */
result = isc_task_beginexclusive(server->task);
@@ -7540,11 +7847,14 @@
server->mctx, view, cfg->actx, ISC_FALSE);
dns_view_freeze(view);
isc_task_endexclusive(server->task);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
+ TCHECK(putstr(text, "configure_zone failed: "));
+ TCHECK(putstr(text, isc_result_totext(result)));
goto cleanup;
+ }
/* Is it there yet? */
- CHECK(dns_zt_find(view->zonetable, &dnsname, 0, NULL, &zone));
+ CHECK(dns_zt_find(view->zonetable, dnsname, 0, NULL, &zone));
/*
* Load the zone from the master file. If this fails, we'll
@@ -7554,6 +7864,9 @@
if (result != ISC_R_SUCCESS) {
dns_db_t *dbp = NULL;
+ TCHECK(putstr(text, "dns_zone_loadnew failed: "));
+ TCHECK(putstr(text, isc_result_totext(result)));
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"addzone failed; reverting.");
@@ -7572,10 +7885,13 @@
/* Flag the zone as having been added at runtime */
dns_zone_setadded(zone, ISC_TRUE);
- /* Emit just the zone name from args */
- CHECK(isc_stdio_write("zone ", 5, 1, fp, NULL));
- CHECK(isc_stdio_write(zonename, strlen(zonename), 1, fp, NULL));
- CHECK(isc_stdio_write(" ", 1, 1, fp, NULL));
+ /* Emit the zone name, quoted and escaped */
+ isc_buffer_init(&buf, namebuf, sizeof(namebuf));
+ CHECK(dns_name_totext(dnsname, ISC_TRUE, &buf));
+ putnull(&buf);
+ CHECK(isc_stdio_write("zone \"", 6, 1, fp, NULL));
+ CHECK(isc_stdio_write(namebuf, strlen(namebuf), 1, fp, NULL));
+ CHECK(isc_stdio_write("\" ", 2, 1, fp, NULL));
/* Classname, if not default */
if (classname != NULL && *classname != '\0') {
@@ -7608,6 +7924,8 @@
result = ISC_R_SUCCESS;
cleanup:
+ if (isc_buffer_usedlength(text) > 0)
+ putnull(text);
if (fp != NULL)
isc_stdio_close(fp);
if (parser != NULL) {
@@ -7619,8 +7937,6 @@
dns_zone_detach(&zone);
if (view != NULL)
dns_view_detach(&view);
- if (nbuf != NULL)
- isc_buffer_free(&nbuf);
return (result);
}
@@ -7629,20 +7945,21 @@
* Act on a "delzone" command from the command channel.
*/
isc_result_t
-ns_server_del_zone(ns_server_t *server, char *args) {
- isc_result_t result;
- dns_zone_t *zone = NULL;
- dns_view_t *view = NULL;
- dns_db_t *dbp = NULL;
- const char *filename = NULL;
- char *tmpname = NULL;
- char buf[1024];
- const char *zonename = NULL;
- size_t znamelen = 0;
- FILE *ifp = NULL, *ofp = NULL;
+ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) {
+ isc_result_t result;
+ dns_zone_t *zone = NULL;
+ dns_view_t *view = NULL;
+ dns_db_t *dbp = NULL;
+ const char *filename = NULL;
+ char *tmpname = NULL;
+ char buf[1024];
+ const char *zonename = NULL;
+ size_t znamelen = 0;
+ FILE *ifp = NULL, *ofp = NULL;
+ isc_boolean_t inheader = ISC_TRUE;
/* Parse parameters */
- CHECK(zone_from_args(server, args, &zone, &zonename));
+ CHECK(zone_from_args(server, args, &zone, &zonename, text));
if (zone == NULL) {
result = ISC_R_UNEXPECTEDEND;
@@ -7684,28 +8001,44 @@
goto cleanup;
}
CHECK(isc_stdio_open(tmpname, "w", &ofp));
+ CHECK(add_comment(ofp, view->name));
/* Look for the entry for that zone */
while (fgets(buf, 1024, ifp)) {
- /* A 'zone' line */
- if (strncasecmp(buf, "zone", 4)) {
+ /* Skip initial comment, if any */
+ if (inheader && *buf == '#')
+ continue;
+ if (*buf != '#')
+ inheader = ISC_FALSE;
+
+ /*
+ * Any other lines not starting with zone, copy
+ * them out and continue.
+ */
+ if (strncasecmp(buf, "zone", 4) != 0) {
fputs(buf, ofp);
continue;
}
p = buf+4;
- /* Locate a name */
+ /* This is a zone; find its name. */
while (*p &&
((*p == '"') || isspace((unsigned char)*p)))
p++;
- /* Is that the zone we're looking for */
- if (strncasecmp(p, zonename, znamelen)) {
+ /*
+ * If it's not the zone we're looking for, copy
+ * it out and continue
+ */
+ if (strncasecmp(p, zonename, znamelen) != 0) {
fputs(buf, ofp);
continue;
}
- /* And nothing else? */
+ /*
+ * But if it is the zone we want, skip over it
+ * so it will be omitted from the new file
+ */
p += znamelen;
if (isspace((unsigned char)*p) ||
*p == '"' || *p == '{') {
@@ -7714,7 +8047,7 @@
break;
}
- /* Spit it out, keep looking */
+ /* Copy the rest of the buffer out and continue */
fputs(buf, ofp);
}
@@ -7770,6 +8103,8 @@
result = ISC_R_SUCCESS;
cleanup:
+ if (isc_buffer_usedlength(text) > 0)
+ putnull(text);
if (ifp != NULL)
isc_stdio_close(ifp);
if (ofp != NULL) {
@@ -7809,3 +8144,26 @@
isc_mem_putanddetach(&cfg->mctx, cfg, sizeof(*cfg));
*cfgp = NULL;
}
+
+static isc_result_t
+putstr(isc_buffer_t *b, const char *str) {
+ unsigned int l = strlen(str);
+
+ /*
+ * Use >= to leave space for NUL termination.
+ */
+ if (l >= isc_buffer_availablelength(b))
+ return (ISC_R_NOSPACE);
+
+ isc_buffer_putmem(b, (const unsigned char *)str, l);
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+putnull(isc_buffer_t *b) {
+ if (isc_buffer_availablelength(b) == 0)
+ return (ISC_R_NOSPACE);
+
+ isc_buffer_putuint8(b, 0);
+ return (ISC_R_SUCCESS);
+}
Modified: vendor/bind/dist/bin/named/sortlist.c
===================================================================
--- vendor/bind/dist/bin/named/sortlist.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/sortlist.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sortlist.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: sortlist.c,v 1.17 2007/09/14 01:46:05 marka Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/statschannel.c
===================================================================
--- vendor/bind/dist/bin/named/statschannel.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/statschannel.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: statschannel.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: statschannel.c,v 1.26.150.2 2011/03/12 04:59:14 tbox Exp $ */
/*! \file */
@@ -958,6 +958,8 @@
xmlFreeTextWriter(writer);
xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 1);
+ if (*buf == NULL)
+ goto error;
xmlFreeDoc(doc);
return (ISC_R_SUCCESS);
@@ -982,7 +984,7 @@
isc_buffer_t *b, isc_httpdfree_t **freecb,
void **freecb_args)
{
- unsigned char *msg;
+ unsigned char *msg = NULL;
int msglen;
ns_server_t *server = arg;
isc_result_t result;
Modified: vendor/bind/dist/bin/named/tkeyconf.c
===================================================================
--- vendor/bind/dist/bin/named/tkeyconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/tkeyconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tkeyconf.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: tkeyconf.c,v 1.33 2010/12/20 23:47:20 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/tsigconf.c
===================================================================
--- vendor/bind/dist/bin/named/tsigconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/tsigconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsigconf.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: tsigconf.c,v 1.35 2011/01/11 23:47:12 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/named/unix/Makefile.in
===================================================================
--- vendor/bind/dist/bin/named/unix/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/unix/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+# $Id: Makefile.in,v 1.13.244.2 2011/03/10 23:47:26 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/named/unix/dlz_dlopen_driver.c
===================================================================
--- vendor/bind/dist/bin/named/unix/dlz_dlopen_driver.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/unix/dlz_dlopen_driver.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dlz_dlopen_driver.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: dlz_dlopen_driver.c,v 1.1.4.6 2012/02/22 23:46:35 tbox Exp $ */
#include <config.h>
@@ -240,11 +240,13 @@
cd->dl_path = isc_mem_strdup(cd->mctx, argv[1]);
if (cd->dl_path == NULL) {
+ result = ISC_R_NOMEMORY;
goto failed;
}
cd->dlzname = isc_mem_strdup(cd->mctx, dlzname);
if (cd->dlzname == NULL) {
+ result = ISC_R_NOMEMORY;
goto failed;
}
@@ -274,6 +276,7 @@
dlopen_log(ISC_LOG_ERROR,
"dlz_dlopen failed to open library '%s' - %s",
cd->dl_path, dlerror());
+ result = ISC_R_FAILURE;
goto failed;
}
@@ -292,6 +295,7 @@
cd->dlz_findzonedb == NULL)
{
/* We're missing a required symbol */
+ result = ISC_R_FAILURE;
goto failed;
}
@@ -327,6 +331,7 @@
"dlz_dlopen: incorrect version %d "
"should be %d in '%s'",
cd->version, DLZ_DLOPEN_VERSION, cd->dl_path);
+ result = ISC_R_FAILURE;
goto failed;
}
@@ -370,7 +375,6 @@
return (result);
}
-
/*
* Called when bind is shutting down
*/
Modified: vendor/bind/dist/bin/named/unix/include/named/os.h
===================================================================
--- vendor/bind/dist/bin/named/unix/include/named/os.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/unix/include/named/os.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: os.h,v 1.31 2009/08/05 23:47:43 tbox Exp $ */
#ifndef NS_OS_H
#define NS_OS_H 1
Modified: vendor/bind/dist/bin/named/unix/os.c
===================================================================
--- vendor/bind/dist/bin/named/unix/os.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/unix/os.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: os.c,v 1.104.38.3 2011/03/02 00:04:01 marka Exp $ */
/*! \file */
@@ -120,6 +120,9 @@
#ifdef HAVE_SYS_CAPABILITY_H
#include <sys/capability.h>
#else
+#ifdef HAVE_LINUX_TYPES_H
+#include <linux/types.h>
+#endif
/*%
* We define _LINUX_FS_H to prevent it from being included. We don't need
* anything from it, and the files it includes cause warnings with 2.2
@@ -194,8 +197,8 @@
#ifdef HAVE_LIBCAP
#define SET_CAP(flag) \
do { \
+ cap_flag_value_t curval; \
capval = (flag); \
- cap_flag_value_t curval; \
err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \
if (err != -1 && curval) { \
err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \
@@ -604,7 +607,7 @@
}
void
-ns_os_adjustnofile() {
+ns_os_adjustnofile(void) {
#ifdef HAVE_LINUXTHREADS
isc_result_t result;
isc_resourcevalue_t newvalue;
Modified: vendor/bind/dist/bin/named/update.c
===================================================================
--- vendor/bind/dist/bin/named/update.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/update.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: update.c,v 1.186.16.7 2011/11/03 02:55:34 each Exp $ */
#include <config.h>
@@ -398,7 +398,6 @@
* Create a singleton diff.
*/
dns_diff_init(diff->mctx, &temp_diff);
- temp_diff.resign = diff->resign;
ISC_LIST_APPEND(temp_diff.tuples, *tuple, link);
/*
@@ -2004,7 +2003,8 @@
for (i = 0; i < nkeys; i++) {
if (rrsig.keyid == dst_key_id(keys[i])) {
found = ISC_TRUE;
- if (!dst_key_isprivate(keys[i])) {
+ if (!dst_key_inactive(keys[i]) &&
+ !dst_key_isprivate(keys[i])) {
/*
* The re-signing code in zone.c
* will mark this as offline.
@@ -2147,7 +2147,6 @@
dns_diff_init(client->mctx, &affected);
dns_diff_init(client->mctx, &sig_diff);
- sig_diff.resign = dns_zone_getsigresigninginterval(zone);
dns_diff_init(client->mctx, &nsec_diff);
dns_diff_init(client->mctx, &nsec_mindiff);
@@ -4019,10 +4018,18 @@
dns_diff_clear(&ctx.del_diff);
dns_diff_clear(&ctx.add_diff);
} else {
- CHECK(do_diff(&ctx.del_diff, db, ver,
- &diff));
- CHECK(do_diff(&ctx.add_diff, db, ver,
- &diff));
+ result = do_diff(&ctx.del_diff, db, ver,
+ &diff);
+ if (result == ISC_R_SUCCESS) {
+ result = do_diff(&ctx.add_diff,
+ db, ver,
+ &diff);
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_diff_clear(&ctx.del_diff);
+ dns_diff_clear(&ctx.add_diff);
+ goto failure;
+ }
CHECK(update_one_rr(db, ver, &diff,
DNS_DIFFOP_ADD,
name, ttl, &rdata));
@@ -4170,10 +4177,9 @@
#define ALLOW_SECURE_TO_INSECURE(zone) \
((dns_zone_getoptions(zone) & DNS_ZONEOPT_SECURETOINSECURE) != 0)
+ CHECK(rrset_exists(db, oldver, zonename, dns_rdatatype_dnskey,
+ 0, &had_dnskey));
if (!ALLOW_SECURE_TO_INSECURE(zone)) {
- CHECK(rrset_exists(db, oldver, zonename,
- dns_rdatatype_dnskey, 0,
- &had_dnskey));
if (had_dnskey && !has_dnskey) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: all DNSKEY "
@@ -4467,6 +4473,8 @@
static isc_result_t
send_forward_event(ns_client_t *client, dns_zone_t *zone) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char classbuf[DNS_RDATACLASS_FORMATSIZE];
isc_result_t result = ISC_R_SUCCESS;
update_event_t *event = NULL;
isc_task_t *zonetask = NULL;
@@ -4492,6 +4500,15 @@
client->nupdates++;
event->ev_arg = evclient;
+ dns_name_format(dns_zone_getorigin(zone), namebuf,
+ sizeof(namebuf));
+ dns_rdataclass_format(dns_zone_getclass(zone), classbuf,
+ sizeof(classbuf));
+
+ ns_client_log(client, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE,
+ LOGLEVEL_PROTOCOL, "forwarding update for zone '%s/%s'",
+ namebuf, classbuf);
+
dns_zone_gettask(zone, &zonetask);
isc_task_send(zonetask, ISC_EVENT_PTR(&event));
Modified: vendor/bind/dist/bin/named/xfrout.c
===================================================================
--- vendor/bind/dist/bin/named/xfrout.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/xfrout.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: xfrout.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: xfrout.c,v 1.139.16.4 2011/12/01 01:00:50 marka Exp $ */
#include <config.h>
Modified: vendor/bind/dist/bin/named/zoneconf.c
===================================================================
--- vendor/bind/dist/bin/named/zoneconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/named/zoneconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zoneconf.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: zoneconf.c,v 1.170.14.7 2012/01/31 23:46:39 tbox Exp $ */
/*% */
@@ -462,7 +462,7 @@
if (rdata == NULL)
return (ISC_R_NOMEMORY);
region.base = (unsigned char *)(rdata + 1);
- memcpy(region.base, &na.type, region.length);
+ memmove(region.base, &na.type, region.length);
dns_rdata_init(rdata);
dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
rdatalist->type, ®ion);
@@ -490,7 +490,7 @@
}
region.length = sregion.length;
region.base = (unsigned char *)(rdata + 1);
- memcpy(region.base, sregion.base, region.length);
+ memmove(region.base, sregion.base, region.length);
dns_rdata_init(rdata);
dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
dns_rdatatype_ns, ®ion);
@@ -554,7 +554,7 @@
return (ISC_R_NOMEMORY);
region.length = sregion.length;
region.base = (unsigned char *)(rdata + 1);
- memcpy(region.base, sregion.base, region.length);
+ memmove(region.base, sregion.base, region.length);
dns_rdata_init(rdata);
dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
dns_rdatatype_ns, ®ion);
Modified: vendor/bind/dist/bin/nsupdate/Makefile.in
===================================================================
--- vendor/bind/dist/bin/nsupdate/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/nsupdate/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2006-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2006-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -23,10 +23,12 @@
@BIND9_MAKE_INCLUDES@
+DST_GSSAPI_INC = @DST_GSSAPI_INC@
+
CINCLUDES = ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
- ${ISC_INCLUDES} ${ISCCFG_INCLUDES} @DST_GSSAPI_INC@
+ ${ISC_INCLUDES} ${ISCCFG_INCLUDES} ${DST_GSSAPI_INC}
-CDEFINES = @USE_GSSAPI@
+CDEFINES = -DVERSION=\"${VERSION}\" @USE_GSSAPI@
CWARNINGS =
LWRESLIBS = ../../lib/lwres/liblwres. at A@
Modified: vendor/bind/dist/bin/nsupdate/nsupdate.1
===================================================================
--- vendor/bind/dist/bin/nsupdate/nsupdate.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/nsupdate/nsupdate.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2010, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nsupdate.1,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: nsupdate
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Aug 25, 2009
+.\" Date: April 18, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NSUPDATE" "1" "Aug 25, 2009" "BIND9" "BIND9"
+.TH "NSUPDATE" "1" "April 18, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -33,7 +33,7 @@
nsupdate \- Dynamic DNS update utility
.SH "SYNOPSIS"
.HP 9
-\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
+\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [filename]
.SH "DESCRIPTION"
.PP
\fBnsupdate\fR
@@ -97,7 +97,18 @@
\fIkeyname\fR
is the name of the key, and
\fIsecret\fR
-is the base64 encoded shared secret. Use of the
+is the base64 encoded shared secret.
+\fIhmac\fR
+is the name of the key algorithm; valid choices are
+hmac\-md5,
+hmac\-sha1,
+hmac\-sha224,
+hmac\-sha256,
+hmac\-sha384, or
+hmac\-sha512. If
+\fIhmac\fR
+is not specified, the default is
+hmac\-md5. NOTE: Use of the
\fB\-y\fR
option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from
\fBps\fR(1)
@@ -168,6 +179,10 @@
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used. This option may be specified multiple times.
+.PP
+The \-V option causes
+\fBnsupdate\fR
+to print the version number and exit.
.SH "INPUT FORMAT"
.PP
\fBnsupdate\fR
@@ -228,12 +243,15 @@
will clear the default ttl.
.RE
.PP
-\fBkey\fR {name} {secret}
+\fBkey\fR [hmac:] {keyname} {secret}
.RS 4
Specifies that all updates are to be TSIG\-signed using the
\fIkeyname\fR
-\fIkeysecret\fR
-pair. The
+\fIsecret\fR
+pair. If
+\fIhmac\fR
+is specified, then it sets the signing algorithm in use; the default is
+hmac\-md5. The
\fBkey\fR
command overrides any key specified on the command line via
\fB\-y\fR
@@ -358,6 +376,16 @@
Turn on debugging.
.RE
.PP
+\fBversion\fR
+.RS 4
+Print version number.
+.RE
+.PP
+\fBhelp\fR
+.RS 4
+Print a list of commands.
+.RE
+.PP
Lines beginning with a semicolon are comments and are ignored.
.SH "EXAMPLES"
.PP
@@ -435,7 +463,7 @@
.PP
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2010, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/nsupdate/nsupdate.c
===================================================================
--- vendor/bind/dist/bin/nsupdate/nsupdate.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/nsupdate/nsupdate.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsupdate.c,v 1.1.1.2 2013-08-22 22:51:52 laffer1 Exp $ */
+/* $Id: nsupdate.c,v 1.193.12.4 2011/11/03 04:30:09 each Exp $ */
/*! \file */
@@ -81,8 +81,12 @@
#ifdef GSSAPI
#include <dst/gssapi.h>
+#ifdef WIN32
+#include <krb5/krb5.h>
+#else
#include ISC_PLATFORM_KRB5HEADER
#endif
+#endif
#include <bind9/getaddresses.h>
@@ -110,6 +114,9 @@
#define DNSDEFAULTPORT 53
+/* Number of addresses to request from bind9_getaddresses() */
+#define MAX_SERVERADDRS 4
+
static isc_uint16_t dnsport = DNSDEFAULTPORT;
#ifndef RESOLV_CONF
@@ -148,13 +155,11 @@
static dst_key_t *sig0key = NULL;
static lwres_context_t *lwctx = NULL;
static lwres_conf_t *lwconf;
-static isc_sockaddr_t *servers;
+static isc_sockaddr_t *servers = NULL;
+static isc_boolean_t default_servers = ISC_TRUE;
static int ns_inuse = 0;
static int ns_total = 0;
-static isc_sockaddr_t *userserver = NULL;
static isc_sockaddr_t *localaddr = NULL;
-static isc_sockaddr_t *serveraddr = NULL;
-static isc_sockaddr_t tempaddr;
static const char *keyfile = NULL;
static char *keystr = NULL;
static isc_entropy_t *entropy = NULL;
@@ -539,8 +544,8 @@
n = s;
}
- isc_buffer_init(&keynamesrc, name, n - name);
- isc_buffer_add(&keynamesrc, n - name);
+ isc_buffer_init(&keynamesrc, name, (unsigned int)(n - name));
+ isc_buffer_add(&keynamesrc, (unsigned int)(n - name));
debug("namefromtext");
result = dns_name_fromtext(keyname, &keynamesrc, dns_rootname, 0, NULL);
@@ -705,8 +710,8 @@
doshutdown(void) {
isc_task_detach(&global_task);
- if (userserver != NULL)
- isc_mem_put(mctx, userserver, sizeof(isc_sockaddr_t));
+ if (servers != NULL)
+ isc_mem_put(mctx, servers, ns_total * sizeof(isc_sockaddr_t));
if (localaddr != NULL)
isc_mem_put(mctx, localaddr, sizeof(isc_sockaddr_t));
@@ -735,8 +740,6 @@
lwres_conf_clear(lwctx);
lwres_context_destroy(&lwctx);
- isc_mem_put(mctx, servers, ns_total * sizeof(isc_sockaddr_t));
-
ddebug("Destroying request manager");
dns_requestmgr_detach(&requestmgr);
@@ -817,30 +820,54 @@
(void)lwres_conf_parse(lwctx, RESOLV_CONF);
lwconf = lwres_conf_get(lwctx);
- ns_total = lwconf->nsnext;
- if (ns_total <= 0) {
- /* No name servers in resolv.conf; default to loopback. */
- struct in_addr localhost;
- ns_total = 1;
+ ns_inuse = 0;
+ if (local_only || lwconf->nsnext <= 0) {
+ struct in_addr in;
+ struct in6_addr in6;
+
+ if (local_only && keyfile == NULL)
+ keyfile = SESSION_KEYFILE;
+
+ default_servers = ISC_FALSE;
+
+ if (servers != NULL)
+ isc_mem_put(mctx, servers,
+ ns_total * sizeof(isc_sockaddr_t));
+
+ ns_total = (have_ipv4 ? 1 : 0) + (have_ipv6 ? 1 : 0);
servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t));
if (servers == NULL)
fatal("out of memory");
- localhost.s_addr = htonl(INADDR_LOOPBACK);
- isc_sockaddr_fromin(&servers[0], &localhost, dnsport);
+
+ if (have_ipv4) {
+ in.s_addr = htonl(INADDR_LOOPBACK);
+ isc_sockaddr_fromin(&servers[0], &in, dnsport);
+ }
+ if (have_ipv6) {
+ memset(&in6, 0, sizeof(in6));
+ in6.s6_addr[15] = 1;
+ isc_sockaddr_fromin6(&servers[(have_ipv4 ? 1 : 0)],
+ &in6, dnsport);
+ }
} else {
+ ns_total = lwconf->nsnext;
servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t));
if (servers == NULL)
fatal("out of memory");
for (i = 0; i < ns_total; i++) {
- if (lwconf->nameservers[i].family == LWRES_ADDRTYPE_V4) {
+ if (lwconf->nameservers[i].family == LWRES_ADDRTYPE_V4)
+ {
struct in_addr in4;
- memcpy(&in4, lwconf->nameservers[i].address, 4);
- isc_sockaddr_fromin(&servers[i], &in4, dnsport);
+ memmove(&in4,
+ lwconf->nameservers[i].address, 4);
+ isc_sockaddr_fromin(&servers[i],
+ &in4, dnsport);
} else {
struct in6_addr in6;
- memcpy(&in6, lwconf->nameservers[i].address, 16);
- isc_sockaddr_fromin6(&servers[i], &in6,
- dnsport);
+ memmove(&in6,
+ lwconf->nameservers[i].address, 16);
+ isc_sockaddr_fromin6(&servers[i],
+ &in6, dnsport);
}
}
}
@@ -917,20 +944,21 @@
}
static void
-get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
+get_addresses(char *host, in_port_t port,
+ isc_sockaddr_t *sockaddr, int naddrs)
+{
int count;
isc_result_t result;
isc_app_block();
- result = bind9_getaddresses(host, port, sockaddr, 1, &count);
+ result = bind9_getaddresses(host, port, sockaddr, naddrs, &count);
isc_app_unblock();
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
host, isc_result_totext(result));
- INSIST(count == 1);
}
-#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:r:R::t:u:"
+#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:r:R::t:u:V"
static void
pre_parse_args(int argc, char **argv) {
@@ -965,6 +993,11 @@
}
static void
+version(void) {
+ fputs("nsupdate " VERSION "\n", stderr);
+}
+
+static void
parse_args(int argc, char **argv, isc_mem_t *mctx, isc_entropy_t **ectx) {
int ch;
isc_uint32_t i;
@@ -1001,6 +1034,10 @@
case 'v':
usevc = ISC_TRUE;
break;
+ case 'V':
+ version();
+ exit(0);
+ break;
case 'k':
keyfile = isc_commandline_argument;
break;
@@ -1066,22 +1103,6 @@
exit(1);
}
- if (local_only) {
- struct in_addr localhost;
-
- if (keyfile == NULL)
- keyfile = SESSION_KEYFILE;
-
- if (userserver == NULL) {
- userserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t));
- if (userserver == NULL)
- fatal("out of memory");
- }
-
- localhost.s_addr = htonl(INADDR_LOOPBACK);
- isc_sockaddr_fromin(userserver, &localhost, dnsport);
- }
-
#ifdef GSSAPI
if (usegsstsig && (keyfile != NULL || keystr != NULL)) {
fprintf(stderr, "%s: cannot specify -g with -k or -y\n",
@@ -1371,14 +1392,19 @@
}
}
- if (userserver == NULL) {
- userserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t));
- if (userserver == NULL)
- fatal("out of memory");
- }
+ if (servers != NULL)
+ isc_mem_put(mctx, servers, ns_total * sizeof(isc_sockaddr_t));
- get_address(server, (in_port_t)port, userserver);
+ default_servers = ISC_FALSE;
+ ns_total = MAX_SERVERADDRS;
+ servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t));
+ if (servers == NULL)
+ fatal("out of memory");
+
+ memset(servers, 0, ns_total * sizeof(isc_sockaddr_t));
+ get_addresses(server, (in_port_t)port, servers, ns_total);
+
return (STATUS_MORE);
}
@@ -1535,16 +1561,20 @@
#ifdef GSSAPI
char *word;
char buf[1024];
+ int n;
- word = nsu_strsep(&cmdline, " \t\r\n");
- if (word == NULL || *word == 0) {
- if (realm != NULL)
- isc_mem_free(mctx, realm);
+ if (realm != NULL) {
+ isc_mem_free(mctx, realm);
realm = NULL;
- return (STATUS_MORE);
}
- snprintf(buf, sizeof(buf), "@%s", word);
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (word == NULL || *word == 0)
+ return (STATUS_MORE);
+
+ n = snprintf(buf, sizeof(buf), "@%s", word);
+ if (n < 0 || (size_t)n >= sizeof(buf))
+ fatal("realm is too long");
realm = isc_mem_strdup(mctx, buf);
if (realm == NULL)
fatal("out of memory");
@@ -1976,6 +2006,7 @@
}
if (strcasecmp(word, "help") == 0) {
fprintf(stdout,
+"nsupdate " VERSION ":\n"
"local address [port] (set local resolver)\n"
"server address [port] (set master server for zone)\n"
"send (send the update request)\n"
@@ -1996,6 +2027,10 @@
"update delete .... (remove the given record(s) from the zone)\n");
return (STATUS_MORE);
}
+ if (strcasecmp(word, "version") == 0) {
+ fprintf(stdout, "nsupdate " VERSION "\n");
+ return (STATUS_MORE);
+ }
fprintf(stderr, "incorrect section name: %s\n", word);
return (STATUS_SYNTAX);
}
@@ -2037,12 +2072,12 @@
if (tsig.error != 0) {
if (isc_buffer_remaininglength(b) < 1)
check_result(ISC_R_NOSPACE, "isc_buffer_remaininglength");
- isc__buffer_putstr(b, "(" /*)*/);
+ isc_buffer_putstr(b, "(" /*)*/);
result = dns_tsigrcode_totext(tsig.error, b);
check_result(result, "dns_tsigrcode_totext");
if (isc_buffer_remaininglength(b) < 1)
check_result(ISC_R_NOSPACE, "isc_buffer_remaininglength");
- isc__buffer_putstr(b, /*(*/ ")");
+ isc_buffer_putstr(b, /*(*/ ")");
}
}
@@ -2179,6 +2214,19 @@
}
static void
+next_server(const char *caller, isc_sockaddr_t *addr, isc_result_t eresult) {
+ char addrbuf[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
+ fprintf(stderr, "; Communication with %s failed: %s\n",
+ addrbuf, isc_result_totext(eresult));
+ if (++ns_inuse >= ns_total)
+ fatal("could not reach any name server");
+ else
+ ddebug("%s: trying next server", caller);
+}
+
+static void
recvsoa(isc_task_t *task, isc_event_t *event) {
dns_requestevent_t *reqev = NULL;
dns_request_t *request = NULL;
@@ -2222,15 +2270,7 @@
}
if (eresult != ISC_R_SUCCESS) {
- char addrbuf[ISC_SOCKADDR_FORMATSIZE];
-
- isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
- fprintf(stderr, "; Communication with %s failed: %s\n",
- addrbuf, isc_result_totext(eresult));
- if (userserver != NULL)
- fatal("could not talk to specified name server");
- else if (++ns_inuse >= lwconf->nsnext)
- fatal("could not talk to any default name server");
+ next_server("recvsoa", addr, eresult);
ddebug("Destroying request [%p]", request);
dns_request_destroy(&request);
dns_message_renderreset(soaquery);
@@ -2252,7 +2292,7 @@
check_result(result, "dns_message_create");
result = dns_request_getresponse(request, rcvmsg,
DNS_MESSAGEPARSE_PRESERVEORDER);
- if (result == DNS_R_TSIGERRORSET && userserver != NULL) {
+ if (result == DNS_R_TSIGERRORSET && servers != NULL) {
dns_message_destroy(&rcvmsg);
ddebug("Destroying request [%p]", request);
dns_request_destroy(&request);
@@ -2368,9 +2408,7 @@
fprintf(stderr, "The master is: %s\n", namestr);
}
- if (userserver != NULL)
- serveraddr = userserver;
- else {
+ if (servers == NULL) {
char serverstr[DNS_NAME_MAXTEXT+1];
isc_buffer_t buf;
@@ -2378,8 +2416,14 @@
result = dns_name_totext(&master, ISC_TRUE, &buf);
check_result(result, "dns_name_totext");
serverstr[isc_buffer_usedlength(&buf)] = 0;
- get_address(serverstr, dnsport, &tempaddr);
- serveraddr = &tempaddr;
+
+ ns_total = MAX_SERVERADDRS;
+ servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t));
+ if (servers == NULL)
+ fatal("out of memory");
+
+ memset(servers, 0, ns_total * sizeof(isc_sockaddr_t));
+ get_addresses(serverstr, dnsport, servers, ns_total);
}
dns_rdata_freestruct(&soa);
@@ -2391,11 +2435,11 @@
dns_name_dup(&master, mctx, &restart_master);
start_gssrequest(&master);
} else {
- send_update(zonename, serveraddr, localaddr);
+ send_update(zonename, &servers[ns_inuse], localaddr);
setzoneclass(dns_rdataclass_none);
}
#else
- send_update(zonename, serveraddr, localaddr);
+ send_update(zonename, &servers[ns_inuse], localaddr);
setzoneclass(dns_rdataclass_none);
#endif
@@ -2421,10 +2465,7 @@
dns_request_destroy(&request);
dns_message_renderreset(soaquery);
dns_message_settsigkey(soaquery, NULL);
- if (userserver != NULL)
- sendrequest(localaddr, userserver, soaquery, &request);
- else
- sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
+ sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
goto out;
}
@@ -2441,7 +2482,7 @@
reqinfo->msg = msg;
reqinfo->addr = destaddr;
result = dns_request_createvia3(requestmgr, msg, srcaddr, destaddr, 0,
- (userserver != NULL) ? tsigkey : NULL,
+ default_servers ? NULL : tsigkey,
FIND_TIMEOUT * 20, FIND_TIMEOUT, 3,
global_task, recvsoa, reqinfo, request);
check_result(result, "dns_request_createvia");
@@ -2533,10 +2574,10 @@
if (kserver == NULL)
fatal("out of memory");
}
- if (userserver == NULL)
- get_address(namestr, dnsport, kserver);
+ if (servers == NULL)
+ get_addresses(namestr, dnsport, kserver, 1);
else
- (void)memcpy(kserver, userserver, sizeof(isc_sockaddr_t));
+ memmove(kserver, &servers[ns_inuse], sizeof(isc_sockaddr_t));
dns_fixedname_init(&fname);
servname = dns_fixedname_name(&fname);
@@ -2665,20 +2706,11 @@
}
if (eresult != ISC_R_SUCCESS) {
- char addrbuf[ISC_SOCKADDR_FORMATSIZE];
-
- isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
- fprintf(stderr, "; Communication with %s failed: %s\n",
- addrbuf, isc_result_totext(eresult));
- if (userserver != NULL)
- fatal("could not talk to specified name server");
- else if (++ns_inuse >= lwconf->nsnext)
- fatal("could not talk to any default name server");
+ next_server("recvgss", addr, eresult);
ddebug("Destroying request [%p]", request);
dns_request_destroy(&request);
dns_message_renderreset(tsigquery);
- sendrequest(localaddr, &servers[ns_inuse], tsigquery,
- &request);
+ sendrequest(localaddr, &servers[ns_inuse], tsigquery, &request);
isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t));
isc_event_free(&event);
return;
@@ -2766,7 +2798,7 @@
check_result(result, "dns_message_checksig");
#endif /* 0 */
- send_update(&tmpzonename, serveraddr, localaddr);
+ send_update(&tmpzonename, &servers[ns_inuse], localaddr);
setzoneclass(dns_rdataclass_none);
break;
@@ -2800,8 +2832,8 @@
if (answer != NULL)
dns_message_destroy(&answer);
- if (userzone != NULL && userserver != NULL && ! usegsstsig) {
- send_update(userzone, userserver, localaddr);
+ if (userzone != NULL && ! usegsstsig) {
+ send_update(userzone, &servers[ns_inuse], localaddr);
setzoneclass(dns_rdataclass_none);
return;
}
@@ -2810,7 +2842,7 @@
&soaquery);
check_result(result, "dns_message_create");
- if (userserver == NULL)
+ if (default_servers)
soaquery->flags |= DNS_MESSAGEFLAG_RD;
result = dns_message_gettempname(soaquery, &name);
@@ -2862,12 +2894,8 @@
ISC_LIST_APPEND(name->list, rdataset, link);
dns_message_addname(soaquery, name, DNS_SECTION_QUESTION);
- if (userserver != NULL)
- sendrequest(localaddr, userserver, soaquery, &request);
- else {
- ns_inuse = 0;
- sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
- }
+ ns_inuse = 0;
+ sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
}
static void
Modified: vendor/bind/dist/bin/nsupdate/nsupdate.docbook
===================================================================
--- vendor/bind/dist/bin/nsupdate/nsupdate.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/nsupdate/nsupdate.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.nsupdate">
<refentryinfo>
- <date>Aug 25, 2009</date>
+ <date>April 18, 2014</date>
</refentryinfo>
<refmeta>
<refentrytitle><application>nsupdate</application></refentrytitle>
@@ -42,6 +41,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -70,6 +70,7 @@
<arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
<arg><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg><option>-v</option></arg>
+ <arg><option>-V</option></arg>
<arg>filename</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -156,7 +157,13 @@
<optional><parameter>hmac:</parameter></optional><parameter>keyname:secret.</parameter>
<parameter>keyname</parameter> is the name of the key, and
<parameter>secret</parameter> is the base64 encoded shared secret.
- Use of the <option>-y</option> option is discouraged because the
+ <parameter>hmac</parameter> is the name of the key algorithm;
+ valid choices are <literal>hmac-md5</literal>,
+ <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>,
+ <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or
+ <literal>hmac-sha512</literal>. If <parameter>hmac</parameter>
+ is not specified, the default is <literal>hmac-md5</literal>.
+ NOTE: Use of the <option>-y</option> option is discouraged because the
shared secret is supplied as a command line argument in clear text.
This may be visible in the output from
<citerefentry>
@@ -236,6 +243,10 @@
<filename>keyboard</filename> indicates that keyboard input
should be used. This option may be specified multiple times.
</para>
+ <para>
+ The -V option causes <command>nsupdate</command> to print the
+ version number and exit.
+ </para>
</refsect1>
<refsect1>
@@ -369,15 +380,17 @@
<varlistentry>
<term>
<command>key</command>
- <arg choice="req">name</arg>
+ <arg choice="opt">hmac:</arg><arg choice="req">keyname</arg>
<arg choice="req">secret</arg>
</term>
<listitem>
<para>
Specifies that all updates are to be TSIG-signed using the
- <parameter>keyname</parameter> <parameter>keysecret</parameter> pair.
- The <command>key</command> command
- overrides any key specified on the command line via
+ <parameter>keyname</parameter> <parameter>secret</parameter> pair.
+ If <parameter>hmac</parameter> is specified, then it sets the
+ signing algorithm in use; the default is
+ <literal>hmac-md5</literal>. The <command>key</command>
+ command overrides any key specified on the command line via
<option>-y</option> or <option>-k</option>.
</para>
</listitem>
@@ -621,6 +634,28 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <command>version</command>
+ </term>
+ <listitem>
+ <para>
+ Print version number.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>help</command>
+ </term>
+ <listitem>
+ <para>
+ Print a list of commands.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</para>
Modified: vendor/bind/dist/bin/nsupdate/nsupdate.html
===================================================================
--- vendor/bind/dist/bin/nsupdate/nsupdate.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/nsupdate/nsupdate.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
+<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543459"></a><h2>DESCRIPTION</h2>
+<a name="id2543473"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -113,7 +113,13 @@
[<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
<em class="parameter"><code>keyname</code></em> is the name of the key, and
<em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
- Use of the <code class="option">-y</code> option is discouraged because the
+ <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
+ valid choices are <code class="literal">hmac-md5</code>,
+ <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
+ <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
+ <code class="literal">hmac-sha512</code>. If <em class="parameter"><code>hmac</code></em>
+ is not specified, the default is <code class="literal">hmac-md5</code>.
+ NOTE: Use of the <code class="option">-y</code> option is discouraged because the
shared secret is supplied as a command line argument in clear text.
This may be visible in the output from
<span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
@@ -190,9 +196,13 @@
<code class="filename">keyboard</code> indicates that keyboard input
should be used. This option may be specified multiple times.
</p>
+<p>
+ The -V option causes <span><strong class="command">nsupdate</strong></span> to print the
+ version number and exit.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543790"></a><h2>INPUT FORMAT</h2>
+<a name="id2543843"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@@ -296,14 +306,16 @@
</p></dd>
<dt><span class="term">
<span><strong class="command">key</strong></span>
- {name}
+ [hmac:] {keyname}
{secret}
</span></dt>
<dd><p>
Specifies that all updates are to be TSIG-signed using the
- <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
- The <span><strong class="command">key</strong></span> command
- overrides any key specified on the command line via
+ <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.
+ If <em class="parameter"><code>hmac</code></em> is specified, then it sets the
+ signing algorithm in use; the default is
+ <code class="literal">hmac-md5</code>. The <span><strong class="command">key</strong></span>
+ command overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
@@ -472,6 +484,18 @@
<dd><p>
Turn on debugging.
</p></dd>
+<dt><span class="term">
+ <span><strong class="command">version</strong></span>
+ </span></dt>
+<dd><p>
+ Print version number.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">help</strong></span>
+ </span></dt>
+<dd><p>
+ Print a list of commands.
+ </p></dd>
</dl></div>
<p>
</p>
@@ -480,7 +504,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544702"></a><h2>EXAMPLES</h2>
+<a name="id2544800"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@@ -534,7 +558,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544746"></a><h2>FILES</h2>
+<a name="id2544843"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -557,7 +581,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544829"></a><h2>SEE ALSO</h2>
+<a name="id2541991"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@@ -572,7 +596,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2542156"></a><h2>BUGS</h2>
+<a name="id2545189"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
Modified: vendor/bind/dist/bin/pkcs11/Makefile.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2009/10/05 12:07:08 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/pkcs11/include/pkcs11.h
===================================================================
--- vendor/bind/dist/bin/pkcs11/include/pkcs11.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/include/pkcs11.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/* pkcs11.h include file for PKCS #11. */
-/* $Revision: 1.1.1.1 $ */
+/* $Revision: 1.2 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
Modified: vendor/bind/dist/bin/pkcs11/include/pkcs11f.h
===================================================================
--- vendor/bind/dist/bin/pkcs11/include/pkcs11f.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/include/pkcs11f.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/* pkcs11f.h include file for PKCS #11. */
-/* $Revision: 1.1.1.1 $ */
+/* $Revision: 1.2 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
Modified: vendor/bind/dist/bin/pkcs11/include/pkcs11t.h
===================================================================
--- vendor/bind/dist/bin/pkcs11/include/pkcs11t.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/include/pkcs11t.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/* pkcs11t.h include file for PKCS #11. */
-/* $Revision: 1.1.1.1 $ */
+/* $Revision: 1.2 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
Deleted: vendor/bind/dist/bin/pkcs11/openssl-0.9.8s-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-0.9.8s-patch 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/openssl-0.9.8s-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,15768 +0,0 @@
-Index: openssl/Configure
-diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
---- openssl/Configure:1.8.6.1 Sun Jan 15 15:45:33 2012
-+++ openssl/Configure Mon Jun 13 14:25:15 2011
-@@ -12,7 +12,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -25,6 +25,12 @@
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
- #
-+# --pk11-libname PKCS#11 library name.
-+# (No default)
-+#
-+# --pk11-flavor either crypto-accelerator or sign-only
-+# (No default)
-+#
- # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
- # to live in the subdirectory lib/ and the header files in
- # include/. A value is required.
-@@ -335,7 +341,7 @@
- "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
- ####
- "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -343,7 +349,7 @@
- "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### SPARC Linux setups
- # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
- # assisted with debugging of following two configs.
-@@ -590,6 +596,10 @@
- my $idx_ranlib = $idx++;
- my $idx_arflags = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+my $pk11_flavor="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -828,6 +838,14 @@
- {
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
-+ elsif (/^--pk11-flavor=(.*)$/)
-+ {
-+ $pk11_flavor=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -963,6 +981,22 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
-+if (! $pk11_flavor
-+ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
-+ {
-+ print STDERR "You must set --pk11-flavor.\n";
-+ print STDERR "Choices are crypto-accelerator and sign-only.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1078,6 +1112,25 @@
- print "\n";
- }
-
-+if ($pk11_flavor eq "crypto-accelerator")
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $options .= " no-hw-pkcs11so";
-+ print " no-hw-pkcs11so [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11SO\n";
-+ }
-+else
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $options .= " no-hw-pkcs11ca";
-+ print " no-hw-pkcs11ca [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11CA\n";
-+}
-+
- my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
-
- $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
-@@ -1129,6 +1182,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1492,6 +1547,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-Index: openssl/Makefile.org
-diff -u openssl/Makefile.org:1.4.6.1 openssl/Makefile.org:1.4
---- openssl/Makefile.org:1.4.6.1 Sun Jan 15 15:45:33 2012
-+++ openssl/Makefile.org Mon Jun 13 14:25:15 2011
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
-Index: openssl/README.pkcs11
-diff -u /dev/null openssl/README.pkcs11:1.6.4.1
---- /dev/null Mon Jan 16 18:53:41 2012
-+++ openssl/README.pkcs11 Mon Jun 13 18:27:39 2011
-@@ -0,0 +1,261 @@
-+ISC modified
-+============
-+
-+The previous key naming scheme was kept for backward compatibility.
-+
-+The PKCS#11 engine exists in two flavors, crypto-accelerator and
-+sign-only. The first one is from the Solaris patch and uses the
-+PKCS#11 device for all crypto operations it supports. The second
-+is a stripped down version which provides only the useful
-+function (i.e., signature with a RSA private key in the device
-+protected key store and key loading).
-+
-+As a hint PKCS#11 boards should use the crypto-accelerator flavor,
-+external PKCS#11 devices the sign-only. SCA 6000 is an example
-+of the first, AEP Keyper of the second.
-+
-+Note it is mandatory to set a pk11-flavor (and only one) in
-+config/Configure.
-+
-+PKCS#11 engine support for OpenSSL 0.9.8l
-+=========================================
-+
-+[Nov 19, 2009]
-+
-+Contents:
-+
-+Overview
-+Revisions of the patch for 0.9.8 branch
-+FAQs
-+Feedback
-+
-+Overview
-+========
-+
-+This patch containing code available in OpenSolaris adds support for PKCS#11
-+engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
-+OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
-+must provide PKCS#11 backend otherwise the patch is useless. You provide the
-+PKCS#11 library name during the build configuration phase, see below.
-+
-+Patch can be applied like this:
-+
-+ # NOTE: use gtar if on Solaris
-+ tar xfzv openssl-0.9.8l.tar.gz
-+ # now download the patch to the current directory
-+ # ...
-+ cd openssl-0.9.8l
-+ # NOTE: must use gpatch if on Solaris (is part of the system)
-+ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
-+
-+It is designed to support pure acceleration for RSA, DSA, DH and all the
-+symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
-+except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
-+
-+According to the PKCS#11 providers installed on your machine, it can support
-+following mechanisms:
-+
-+ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
-+ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
-+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
-+ SHA256, SHA384, SHA512
-+
-+Note that for AES counter mode the application must provide their own EVP
-+functions since OpenSSL doesn't support counter mode through EVP yet. You may
-+see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
-+example of code that uses the PKCS#11 engine and deals with the fork-safety
-+problem (see engine.c and packet.c files if interested).
-+
-+You must provide the location of PKCS#11 library in your system to the
-+configure script. You will be instructed to do that when you try to run the
-+config script:
-+
-+ $ ./config
-+ Operating system: i86pc-whatever-solaris2
-+ Configuring for solaris-x86-cc
-+ You must set --pk11-libname for PKCS#11 library.
-+ See README.pkcs11 for more information.
-+
-+Taking openCryptoki project on Linux AMD64 box as an example, you would run
-+configure script like this:
-+
-+ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
-+
-+To check whether newly built openssl really supports PKCS#11 it's enough to run
-+"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
-+output. If you see no PKCS#11 engine support check that the built openssl binary
-+and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
-+
-+The patch, during various phases of development, was tested on Solaris against
-+PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
-+OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
-+(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
-+information). Some Linux distributions even ship those libraries with the
-+system. The patch should work on any system that is supported by OpenSSL itself
-+and has functional PKCS#11 library.
-+
-+The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
-+copyrighted by RSA Security Inc., see pkcs11.h for more information.
-+
-+Other added/modified code in this patch is copyrighted by Sun Microsystems,
-+Inc. and is released under the OpenSSL license (see LICENSE file for more
-+information).
-+
-+Revisions of the patch for 0.9.8 branch
-+=======================================
-+
-+2009-11-19
-+- adjusted for OpenSSL version 0.9.8l
-+
-+- bugs and RFEs:
-+
-+ 6479874 OpenSSL should support RSA key by reference/hardware keystores
-+ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
-+ 6732677 make check to trigger Solaris specific code automatic in the
-+ PKCS#11 engine
-+
-+2009-03-11
-+- adjusted for OpenSSL version 0.9.8j
-+
-+- README.pkcs11 moved out of the patch, and is shipped together with it in a
-+ tarball instead so that it can be read before the patch is applied.
-+
-+- fixed bugs:
-+
-+ 6804216 pkcs#11 engine should support a key length range for RC4
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-12-02
-+- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
-+
-+ 6723504 more granular locking in PKCS#11 engine
-+ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
-+ 6710420 PKCS#11 engine source should be lint clean
-+ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
-+ it seriously
-+ 6746712 PKCS#11 engine source code should be cstyle clean
-+ 6731380 return codes of several functions are not checked in the PKCS#11
-+ engine code
-+ 6746735 PKCS#11 engine should use extended FILE space API
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-08-01
-+- fixed bug
-+
-+ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
-+ and digests
-+
-+- Solaris specific code for slot selection made automatic
-+
-+2008-07-29
-+- update the patch to OpenSSL 0.9.8h version
-+- pkcs11t.h updated to the latest version:
-+
-+ 6545665 make CKM_AES_CTR available to non-kernel users
-+
-+- fixed bugs in the engine code:
-+
-+ 6602801 PK11_SESSION cache has to employ reference counting scheme for
-+ asymmetric key operations
-+ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
-+ atomically
-+ 6607307 pkcs#11 engine can't read RSA private keys
-+ 6652362 pk11_RSA_finish() is cutting corners
-+ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
-+ suboptimal way
-+ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
-+ resilient to destroy failures
-+ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
-+ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
-+ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
-+ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
-+ of big numbers leading to failures
-+ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
-+ -1
-+ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
-+ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
-+ checked
-+ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
-+ structure reuse
-+ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
-+ OPENSSL_NO_{RSA,DSA,DH}
-+ defines but fails miserably
-+ 6709966 make check_new_*() to return values to indicate cache hit/miss
-+ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
-+ generate_params parameter
-+ 6709513 PKCS#11 engine sets IV length even for ECB modes
-+ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
-+ PKCS#11 engine
-+ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
-+
-+- new features and enhancements:
-+
-+ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
-+ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
-+ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
-+ ciphers and digests
-+
-+2007-10-15
-+- update for 0.9.8f version
-+- update for "6607670 teach pkcs#11 engine how to use keys be reference"
-+
-+2007-10-02
-+- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
-+- draft for "6607307 pkcs#11 engine can't read RSA private keys"
-+
-+2007-09-26
-+- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
-+ significant performance drop
-+- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
-+
-+2007-05-25
-+- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
-+
-+2007-05-19
-+- initial patch for 0.9.8e using latest OpenSolaris code
-+
-+FAQs
-+====
-+
-+(1) my build failed on Linux distro with this error:
-+
-+../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
-+hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
-+
-+Answer:
-+
-+ - don't use "no-threads" when configuring
-+ - if you didn't then OpenSSL failed to create a threaded library by
-+ default. You may manually edit Configure and try again. Look for the
-+ architecture that Configure printed, for example:
-+
-+Configured for linux-elf.
-+
-+ - then edit Configure, find string "linux-elf" (inluding the quotes),
-+ and add flags to support threads to the 4th column of the 2nd string.
-+ If you build with GCC then adding "-pthread" should be enough. With
-+ "linux-elf" as an example, you would add " -pthread" right after
-+ "-D_REENTRANT", like this:
-+
-+....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
-+
-+(2) I'm using MinGW/MSYS environment and get undeclared reference error for
-+pthread_atfork() function when trying to build OpenSSL with the patch.
-+
-+Answer:
-+
-+ Sorry, pthread_atfork() is not implemented in the current pthread-win32
-+ (as of Nov 2009). You can not use the patch there.
-+
-+
-+Feedback
-+========
-+
-+Please send feedback to security-discuss at opensolaris.org. The patch was
-+created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
-+
-+Latest version should be always available on http://blogs.sun.com/janp.
-+
-Index: openssl/crypto/opensslconf.h
-diff -u openssl/crypto/opensslconf.h:1.5.10.1 openssl/crypto/opensslconf.h:1.5
---- openssl/crypto/opensslconf.h:1.5.10.1 Sun Jan 15 15:45:34 2012
-+++ openssl/crypto/opensslconf.h Fri Sep 4 10:43:21 2009
-@@ -38,6 +38,9 @@
-
- #endif /* OPENSSL_DOING_MAKEDEPEND */
-
-+#ifndef OPENSSL_THREADS
-+# define OPENSSL_THREADS
-+#endif
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
- # define OPENSSL_NO_DYNAMIC_ENGINE
- #endif
-@@ -79,6 +82,8 @@
- # endif
- #endif
-
-+#define OPENSSL_CPUID_OBJ
-+
- /* crypto/opensslconf.h.in */
-
- #ifdef OPENSSL_DOING_MAKEDEPEND
-@@ -140,7 +145,7 @@
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
--#undef RC4_CHUNK
-+#define RC4_CHUNK unsigned long
- #endif
- #endif
-
-@@ -148,7 +153,7 @@
- /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
- #ifndef DES_LONG
--#define DES_LONG unsigned long
-+#define DES_LONG unsigned int
- #endif
- #endif
-
-@@ -162,9 +167,9 @@
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
--#undef SIXTY_FOUR_BIT_LONG
-+#define SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
--#define THIRTY_TWO_BIT
-+#undef THIRTY_TWO_BIT
- #undef SIXTEEN_BIT
- #undef EIGHT_BIT
- #endif
-@@ -178,7 +183,7 @@
-
- #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
- #define CONFIG_HEADER_BF_LOCL_H
--#undef BF_PTR
-+#define BF_PTR2
- #endif /* HEADER_BF_LOCL_H */
-
- #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-@@ -208,7 +213,7 @@
- /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
- #ifndef DES_UNROLL
--#undef DES_UNROLL
-+#define DES_UNROLL
- #endif
-
- /* These default values were supplied by
-Index: openssl/crypto/bio/bss_file.c
-diff -u openssl/crypto/bio/bss_file.c:1.5.6.1 openssl/crypto/bio/bss_file.c:1.5
---- openssl/crypto/bio/bss_file.c:1.5.6.1 Sun Jan 15 15:45:35 2012
-+++ openssl/crypto/bio/bss_file.c Mon Jun 13 14:25:17 2011
-@@ -125,7 +125,7 @@
- {
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-- if (errno == ENOENT)
-+ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
- else
- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-Index: openssl/crypto/engine/Makefile
-diff -u openssl/crypto/engine/Makefile:1.6.6.1 openssl/crypto/engine/Makefile:1.6
---- openssl/crypto/engine/Makefile:1.6.6.1 Sun Jan 15 15:45:35 2012
-+++ openssl/crypto/engine/Makefile Mon Jun 13 14:25:19 2011
-@@ -21,12 +21,14 @@
- eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- tb_cipher.c tb_digest.c \
-- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
-+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \
-+ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
- LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
- eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- tb_cipher.o tb_digest.o \
-- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
-+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \
-+ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
-
- SRC= $(LIBSRC)
-
-@@ -288,6 +290,102 @@
- eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
- eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
- eng_table.o: eng_table.c
-+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11.c
-+hw_pk11_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11_pub.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11_pub.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11_pub.c
-+hw_pk11so.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11so.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11so.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11so.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11so.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11so.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11so.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11so.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11so.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11so.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11so.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11so.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11so.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11so.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11so.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11so.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11so.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11so.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11so.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11so.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11so.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11so.c
-+hw_pk11so_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11so_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11so_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11so_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11so_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11so_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11so_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11so_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11so_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11so_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11so_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11so_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11so_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11so_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11so_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11so_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11so_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11so_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11so_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11so_pub.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11so_pub.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11so_pub.c
- tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
- tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
- tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-Index: openssl/crypto/engine/cryptoki.h
-diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
-@@ -0,0 +1,103 @@
-+/*
-+ * CDDL HEADER START
-+ *
-+ * The contents of this file are subject to the terms of the
-+ * Common Development and Distribution License, Version 1.0 only
-+ * (the "License"). You may not use this file except in compliance
-+ * with the License.
-+ *
-+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-+ * or http://www.opensolaris.org/os/licensing.
-+ * See the License for the specific language governing permissions
-+ * and limitations under the License.
-+ *
-+ * When distributing Covered Code, include this CDDL HEADER in each
-+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-+ * If applicable, add the following below this CDDL HEADER, with the
-+ * fields enclosed by brackets "[]" replaced with your own identifying
-+ * information: Portions Copyright [yyyy] [name of copyright owner]
-+ *
-+ * CDDL HEADER END
-+ */
-+/*
-+ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+#ifndef _CRYPTOKI_H
-+#define _CRYPTOKI_H
-+
-+/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef CK_PTR
-+#define CK_PTR *
-+#endif
-+
-+#ifndef CK_DEFINE_FUNCTION
-+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION
-+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION_POINTER
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef CK_CALLBACK_FUNCTION
-+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef NULL_PTR
-+#include <unistd.h> /* For NULL */
-+#define NULL_PTR NULL
-+#endif
-+
-+/*
-+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
-+ */
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#define CK_DISABLE_TRUE_FALSE
-+#ifndef TRUE
-+#define TRUE 1
-+#endif /* TRUE */
-+#ifndef FALSE
-+#define FALSE 0
-+#endif /* FALSE */
-+#endif /* CK_DISABLE_TRUE_FALSE */
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+#include "pkcs11.h"
-+
-+/* Solaris specific functions */
-+
-+#include <stdlib.h>
-+
-+/*
-+ * SUNW_C_GetMechSession will initialize the framework and do all
-+ * the necessary PKCS#11 calls to create a session capable of
-+ * providing operations on the requested mechanism
-+ */
-+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
-+ CK_SESSION_HANDLE_PTR hSession);
-+
-+/*
-+ * SUNW_C_KeyToObject will create a secret key object for the given
-+ * mechanism from the rawkey data.
-+ */
-+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
-+ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
-+ CK_OBJECT_HANDLE_PTR obj);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* _CRYPTOKI_H */
-Index: openssl/crypto/engine/eng_all.c
-diff -u openssl/crypto/engine/eng_all.c:1.4.6.1 openssl/crypto/engine/eng_all.c:1.4
---- openssl/crypto/engine/eng_all.c:1.4.6.1 Sun Jan 15 15:45:36 2012
-+++ openssl/crypto/engine/eng_all.c Mon Jun 13 14:25:19 2011
-@@ -110,6 +110,14 @@
- #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
- #endif
-+#ifndef OPENSSL_NO_HW_PKCS11
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+ ENGINE_load_pk11ca();
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+ ENGINE_load_pk11so();
-+#endif
-+#endif
- #endif
- }
-
-Index: openssl/crypto/engine/engine.h
-diff -u openssl/crypto/engine/engine.h:1.4.6.1 openssl/crypto/engine/engine.h:1.4
---- openssl/crypto/engine/engine.h:1.4.6.1 Sun Jan 15 15:45:36 2012
-+++ openssl/crypto/engine/engine.h Mon Jun 13 14:25:19 2011
-@@ -344,6 +344,12 @@
- void ENGINE_load_capi(void);
- #endif
- #endif
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+void ENGINE_load_pk11ca(void);
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+void ENGINE_load_pk11so(void);
-+#endif
-
- /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
-Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.2
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:35 2011
-@@ -0,0 +1,4057 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+#include <openssl/aes.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/* #undef DEBUG_SLOT_SELECTION */
-+/*
-+ * Solaris specific code. See comment at check_hw_mechanisms() for more
-+ * information.
-+ */
-+#if defined(__SVR4) && defined(__sun)
-+#undef SOLARIS_HW_SLOT_SELECTION
-+#endif
-+
-+/*
-+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
-+ * there are official OIDs for mechanisms based on this mode. With our changes,
-+ * an application can define its own EVP calls for AES counter mode and then
-+ * it can make use of hardware acceleration through this engine. However, it's
-+ * better if we keep AES CTR support code under ifdef's.
-+ */
-+#define SOLARIS_AES_CTR
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.c"
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NIDs for AES counter mode that will be defined during the engine
-+ * initialization.
-+ */
-+static int NID_aes_128_ctr = NID_undef;
-+static int NID_aes_192_ctr = NID_undef;
-+static int NID_aes_256_ctr = NID_undef;
-+#endif /* SOLARIS_AES_CTR */
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
-+ * library. See comment at check_hw_mechanisms() for more information.
-+ */
-+static int *hw_cnids;
-+static int *hw_dnids;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+#ifndef OPENSSL_NO_RSA
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DH
-+int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
-+#endif
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+/* Symmetric cipher and digest support functions */
-+static int cipher_nid_to_pk11(int nid);
-+#ifdef SOLARIS_AES_CTR
-+static int pk11_add_NID(char *sn, char *ln);
-+static int pk11_add_aes_ctr_NIDs(void);
-+#endif /* SOLARIS_AES_CTR */
-+static int pk11_usable_ciphers(const int **nids);
-+static int pk11_usable_digests(const int **nids);
-+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc);
-+static int pk11_cipher_final(PK11_SESSION *sp);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl);
-+#else
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl);
-+#endif
-+static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
-+static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid);
-+static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid);
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len);
-+static int md_nid_to_pk11(int nid);
-+static int pk11_digest_init(EVP_MD_CTX *ctx);
-+static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
-+ size_t count);
-+static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
-+static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-+static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
-+ int *local_cipher_nids);
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest,
-+ int *local_digest_nids);
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
-+ int id);
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+static int check_hw_mechanisms(void);
-+static int nid_in_table(int nid, int *nid_table);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* Index for the supported ciphers */
-+enum pk11_cipher_id {
-+ PK11_DES_CBC,
-+ PK11_DES3_CBC,
-+ PK11_DES_ECB,
-+ PK11_DES3_ECB,
-+ PK11_RC4,
-+ PK11_AES_128_CBC,
-+ PK11_AES_192_CBC,
-+ PK11_AES_256_CBC,
-+ PK11_AES_128_ECB,
-+ PK11_AES_192_ECB,
-+ PK11_AES_256_ECB,
-+ PK11_BLOWFISH_CBC,
-+#ifdef SOLARIS_AES_CTR
-+ PK11_AES_128_CTR,
-+ PK11_AES_192_CTR,
-+ PK11_AES_256_CTR,
-+#endif /* SOLARIS_AES_CTR */
-+ PK11_CIPHER_MAX
-+};
-+
-+/* Index for the supported digests */
-+enum pk11_digest_id {
-+ PK11_MD5,
-+ PK11_SHA1,
-+ PK11_SHA224,
-+ PK11_SHA256,
-+ PK11_SHA384,
-+ PK11_SHA512,
-+ PK11_DIGEST_MAX
-+};
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static int cipher_nids[PK11_CIPHER_MAX];
-+static int digest_nids[PK11_DIGEST_MAX];
-+static int cipher_count = 0;
-+static int digest_count = 0;
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_recover = CK_FALSE;
-+static CK_BBOOL pk11_have_dsa = CK_FALSE;
-+static CK_BBOOL pk11_have_dh = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+typedef struct PK11_CIPHER_st
-+ {
-+ enum pk11_cipher_id id;
-+ int nid;
-+ int iv_len;
-+ int min_key_len;
-+ int max_key_len;
-+ CK_KEY_TYPE key_type;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_CIPHER;
-+
-+static PK11_CIPHER ciphers[] =
-+ {
-+ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
-+ CKK_DES, CKM_DES_CBC, },
-+ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
-+ CKK_DES3, CKM_DES3_CBC, },
-+ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
-+ CKK_DES, CKM_DES_ECB, },
-+ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
-+ CKK_DES3, CKM_DES3_ECB, },
-+ { PK11_RC4, NID_rc4, 0, 16, 256,
-+ CKK_RC4, CKM_RC4, },
-+ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
-+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
-+#ifdef SOLARIS_AES_CTR
-+ /* we don't know the correct NIDs until the engine is initialized */
-+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
-+ CKK_AES, CKM_AES_CTR, },
-+#endif /* SOLARIS_AES_CTR */
-+ };
-+
-+typedef struct PK11_DIGEST_st
-+ {
-+ enum pk11_digest_id id;
-+ int nid;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_DIGEST;
-+
-+static PK11_DIGEST digests[] =
-+ {
-+ {PK11_MD5, NID_md5, CKM_MD5, },
-+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
-+ {PK11_SHA224, NID_sha224, CKM_SHA224, },
-+ {PK11_SHA256, NID_sha256, CKM_SHA256, },
-+ {PK11_SHA384, NID_sha384, CKM_SHA384, },
-+ {PK11_SHA512, NID_sha512, CKM_SHA512, },
-+ {0, NID_undef, 0xFFFF, },
-+ };
-+
-+/*
-+ * Structure to be used for the cipher_data/md_data in
-+ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
-+ * session in multiple cipher_update calls
-+ */
-+typedef struct PK11_CIPHER_STATE_st
-+ {
-+ PK11_SESSION *sp;
-+ } PK11_CIPHER_STATE;
-+
-+
-+/*
-+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
-+ * called when libcrypto requests a cipher NID.
-+ *
-+ * Note how the PK11_CIPHER_STATE is used here.
-+ */
-+
-+/* DES CBC EVP */
-+static const EVP_CIPHER pk11_des_cbc =
-+ {
-+ NID_des_cbc,
-+ 8, 8, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/* 3DES CBC EVP */
-+static const EVP_CIPHER pk11_3des_cbc =
-+ {
-+ NID_des_ede3_cbc,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
-+ * get_asn1_parameters fields are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_des_ecb =
-+ {
-+ NID_des_ecb,
-+ 8, 8, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_3des_ecb =
-+ {
-+ NID_des_ede3_ecb,
-+ 8, 24, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+
-+static const EVP_CIPHER pk11_aes_128_cbc =
-+ {
-+ NID_aes_128_cbc,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_cbc =
-+ {
-+ NID_aes_192_cbc,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_cbc =
-+ {
-+ NID_aes_256_cbc,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use IV so that's why set_asn1_parameters and
-+ * get_asn1_parameters are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_aes_128_ecb =
-+ {
-+ NID_aes_128_ecb,
-+ 16, 16, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_ecb =
-+ {
-+ NID_aes_192_ecb,
-+ 16, 24, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_ecb =
-+ {
-+ NID_aes_256_ecb,
-+ 16, 32, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
-+ * created in pk11_library_init(). Note that the need to change these structures
-+ * is the reason why we don't define them with the const keyword.
-+ */
-+static EVP_CIPHER pk11_aes_128_ctr =
-+ {
-+ NID_undef,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_192_ctr =
-+ {
-+ NID_undef,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_256_ctr =
-+ {
-+ NID_undef,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+#endif /* SOLARIS_AES_CTR */
-+
-+static const EVP_CIPHER pk11_bf_cbc =
-+ {
-+ NID_bf_cbc,
-+ 8, 16, 8,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_rc4 =
-+ {
-+ NID_rc4,
-+ 1, 16, 0,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_MD pk11_md5 =
-+ {
-+ NID_md5,
-+ NID_md5WithRSAEncryption,
-+ MD5_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ MD5_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha1 =
-+ {
-+ NID_sha1,
-+ NID_sha1WithRSAEncryption,
-+ SHA_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha224 =
-+ {
-+ NID_sha224,
-+ NID_sha224WithRSAEncryption,
-+ SHA224_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-224 uses the same cblock size as SHA-256 */
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha256 =
-+ {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha384 =
-+ {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-384 uses the same cblock size as SHA-512 */
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha512 =
-+ {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11SO
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name =
-+ "PKCS #11 engine support (crypto accelerator)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+#ifndef OPENSSL_NO_RSA
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DSA], NULL);
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DH] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DH], NULL);
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (find_lock[OP_DSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
-+ OPENSSL_free(find_lock[OP_DSA]);
-+ find_lock[OP_DSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (find_lock[OP_DH] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DH]);
-+ OPENSSL_free(find_lock[OP_DH]);
-+ find_lock[OP_DH] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ const RSA_METHOD *rsa = NULL;
-+ RSA_METHOD *pk11_rsa = PK11_RSA();
-+#endif /* OPENSSL_NO_RSA */
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name) ||
-+ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
-+ !ENGINE_set_digests(e, pk11_engine_digests))
-+ return (0);
-+#ifndef OPENSSL_NO_RSA
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (pk11_have_dsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DSA(e, PK11_DSA()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (pk11_have_dh == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DH(e, PK11_DH()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DH */
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+/*
-+ * Apache calls OpenSSL function RSA_blinding_on() once during startup
-+ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
-+ * here, we wire it back to the OpenSSL software implementation.
-+ * Since it is used only once, performance is not a concern.
-+ */
-+#ifndef OPENSSL_NO_RSA
-+ rsa = RSA_PKCS1_SSLeay();
-+ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
-+ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
-+ if (pk11_have_recover != CK_TRUE)
-+ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
-+#endif /* OPENSSL_NO_RSA */
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ LOCK_OBJSTORE(OP_DSA);
-+ LOCK_OBJSTORE(OP_DH);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ CK_ULONG ul_state_len;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * We must do this before we start working with slots since we need all
-+ * NIDs there.
-+ */
-+ if (pk11_add_aes_ctr_NIDs() == 0)
-+ goto err;
-+#endif /* SOLARIS_AES_CTR */
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Disable digest if C_GetOperationState is not supported since
-+ * this function is required by OpenSSL digest copy function
-+ */
-+ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
-+ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
-+ != CKR_OK) {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: C_GetOperationState() not supported, "
-+ "setting digest_count to 0\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ digest_count = 0;
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ (void) pk11_destroy_dsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ (void) pk11_destroy_dh_key_objects(NULL);
-+#endif /* OPENSSL_NO_DH */
-+ (void) pk11_destroy_cipher_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+ myslot = SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ sp->opdata_dsa_pub_num = NULL;
-+ sp->opdata_dsa_priv = NULL;
-+ sp->opdata_dsa_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ sp->opdata_dh_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DH */
-+ case OP_CIPHER:
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ sp->opdata_encrypt = -1;
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Destroy DSA public key from single session. */
-+int
-+pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
-+ ret, uselock, OP_DSA, CK_FALSE);
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy DSA private key from single session. */
-+int
-+pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
-+ ret, uselock, OP_DSA, CK_TRUE);
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv = NULL;
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_dsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+/* Destroy DH key from single session. */
-+int
-+pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
-+ ret, uselock, OP_DH, CK_TRUE);
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DH key object wrapper.
-+ *
-+ * arg0: pointer to PKCS#11 engine session structure
-+ * if session is NULL, try to destroy all objects in the free list
-+ */
-+int
-+pk11_destroy_dh_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DH].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DH].head;
-+ uselock = FALSE;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dh_object(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DH].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/* Symmetric ciphers and digests support functions */
-+
-+static int
-+cipher_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; i++)
-+ if (ciphers[i].nid == nid)
-+ return (ciphers[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_usable_ciphers(const int **nids)
-+ {
-+ if (cipher_count > 0)
-+ *nids = cipher_nids;
-+ else
-+ *nids = NULL;
-+ return (cipher_count);
-+ }
-+
-+static int
-+pk11_usable_digests(const int **nids)
-+ {
-+ if (digest_count > 0)
-+ *nids = digest_nids;
-+ else
-+ *nids = NULL;
-+ return (digest_count);
-+ }
-+
-+/*
-+ * Init context for encryption or decryption using a symmetric key.
-+ */
-+static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
-+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
-+ {
-+ CK_RV rv;
-+#ifdef SOLARIS_AES_CTR
-+ CK_AES_CTR_PARAMS ctr_params;
-+#endif /* SOLARIS_AES_CTR */
-+
-+ /*
-+ * We expect pmech->mechanism to be already set and
-+ * pParameter/ulParameterLen initialized to NULL/0 before
-+ * pk11_init_symetric() is called.
-+ */
-+ OPENSSL_assert(pmech->mechanism != 0);
-+ OPENSSL_assert(pmech->pParameter == NULL);
-+ OPENSSL_assert(pmech->ulParameterLen == 0);
-+
-+#ifdef SOLARIS_AES_CTR
-+ if (ctx->cipher->nid == NID_aes_128_ctr ||
-+ ctx->cipher->nid == NID_aes_192_ctr ||
-+ ctx->cipher->nid == NID_aes_256_ctr)
-+ {
-+ pmech->pParameter = (void *)(&ctr_params);
-+ pmech->ulParameterLen = sizeof (ctr_params);
-+ /*
-+ * For now, we are limited to the fixed length of the counter,
-+ * it covers the whole counter block. That's what RFC 4344
-+ * needs. For more information on internal structure of the
-+ * counter block, see RFC 3686. If needed in the future, we can
-+ * add code so that the counter length can be set via
-+ * ENGINE_ctrl() function.
-+ */
-+ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
-+ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
-+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
-+ }
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ {
-+ if (pcipher->iv_len > 0)
-+ {
-+ pmech->pParameter = (void *)ctx->iv;
-+ pmech->ulParameterLen = pcipher->iv_len;
-+ }
-+ }
-+
-+ /* if we get here, the encryption needs to be reinitialized */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+ else
-+ rv = pFuncList->C_DecryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
-+ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+ {
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ PK11_CIPHER *p_ciph_table_row;
-+
-+ state->sp = NULL;
-+
-+ index = cipher_nid_to_pk11(ctx->cipher->nid);
-+ if (index < 0 || index >= PK11_CIPHER_MAX)
-+ return (0);
-+
-+ p_ciph_table_row = &ciphers[index];
-+ /*
-+ * iv_len in the ctx->cipher structure is the maximum IV length for the
-+ * current cipher and it must be less or equal to the IV length in our
-+ * ciphers table. The key length must be in the allowed interval. From
-+ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
-+ * key length to be in some range, all other NIDs have a precise key
-+ * length. Every application can define its own EVP functions so this
-+ * code serves as a sanity check.
-+ *
-+ * Note that the reason why the IV length in ctx->cipher might be
-+ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
-+ * macro to define functions that return EVP structures for all DES
-+ * modes. So, even ECB modes get 8 byte IV.
-+ */
-+ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
-+ ctx->key_len < p_ciph_table_row->min_key_len ||
-+ ctx->key_len > p_ciph_table_row->max_key_len) {
-+ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
-+ return (0);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
-+ return (0);
-+
-+ /* if applicable, the mechanism parameter is used for IV */
-+ mech.mechanism = p_ciph_table_row->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ /* The key object is destroyed here if it is not the current key. */
-+ (void) check_new_cipher_key(sp, key, ctx->key_len);
-+
-+ /*
-+ * If the key is the same and the encryption is also the same, then
-+ * just reuse it. However, we must not forget to reinitialize the
-+ * context that was finalized in pk11_cipher_cleanup().
-+ */
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
-+ sp->opdata_encrypt == ctx->encrypt)
-+ {
-+ state->sp = sp;
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+ /*
-+ * Check if the key has been invalidated. If so, a new key object
-+ * needs to be created.
-+ */
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ sp->opdata_cipher_key = pk11_get_cipher_key(
-+ ctx, key, p_ciph_table_row->key_type, sp);
-+ }
-+
-+ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
-+ {
-+ /*
-+ * The previous encryption/decryption is different. Need to
-+ * terminate the previous * active encryption/decryption here.
-+ */
-+ if (!pk11_cipher_final(sp))
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+ }
-+
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ /* now initialize the context with a new key */
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ sp->opdata_encrypt = ctx->encrypt;
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+/*
-+ * When reusing the same key in an encryption/decryption session for a
-+ * decryption/encryption session, we need to close the active session
-+ * and recreate a new one. Note that the key is in the global session so
-+ * that it needs not be recreated.
-+ *
-+ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
-+ * development, these two functions in the PKCS#11 libraries used return
-+ * unexpected errors when passing in 0 length output. It may be a good
-+ * idea to try them again if performance is a problem here and fix
-+ * C_En/DecryptFinial if there are bugs there causing the problem.
-+ */
-+static int
-+pk11_cipher_final(PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
-+ return (0);
-+ }
-+
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * An engine interface function. The calling function allocates sufficient
-+ * memory for the output buffer "out" to hold the results.
-+ */
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl)
-+#else
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl)
-+#endif
-+ {
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ CK_RV rv;
-+ unsigned long outl = inl;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ sp = (PK11_SESSION *) state->sp;
-+
-+ if (!inl)
-+ return (1);
-+
-+ /* RC4 is the only stream cipher we support */
-+ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ if (ctx->encrypt)
-+ {
-+ rv = pFuncList->C_EncryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_ENCRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+ else
-+ {
-+ rv = pFuncList->C_DecryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_DECRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+
-+ /*
-+ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
-+ * the same size of input.
-+ * The application has guaranteed to call the block ciphers with
-+ * correctly aligned buffers.
-+ */
-+ if (inl != outl)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
-+ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
-+ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
-+ * the engine can't find out that it's the finalizing call. We wouldn't
-+ * necessarily have to finalize the context here since reinitializing it with
-+ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
-+ * let's do it. Some implementations might leak memory if the previously used
-+ * context is initialized without finalizing it first.
-+ */
-+static int
-+pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
-+ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
-+ PK11_CIPHER_STATE *state = ctx->cipher_data;
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * We are not interested in the data here, we just need to get
-+ * rid of the context.
-+ */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptFinal(
-+ state->sp->session, buf, &len);
-+ else
-+ rv = pFuncList->C_DecryptFinal(
-+ state->sp->session, buf, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
-+ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ state->sp = NULL;
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Registered by the ENGINE when used to find out how to deal with
-+ * a particular NID in the ENGINE. This says what we'll do at the
-+ * top level - note, that list is restricted by what we answer with
-+ */
-+/* ARGSUSED */
-+static int
-+pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid)
-+ {
-+ if (!cipher)
-+ return (pk11_usable_ciphers(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_des_ede3_cbc:
-+ *cipher = &pk11_3des_cbc;
-+ break;
-+ case NID_des_cbc:
-+ *cipher = &pk11_des_cbc;
-+ break;
-+ case NID_des_ede3_ecb:
-+ *cipher = &pk11_3des_ecb;
-+ break;
-+ case NID_des_ecb:
-+ *cipher = &pk11_des_ecb;
-+ break;
-+ case NID_aes_128_cbc:
-+ *cipher = &pk11_aes_128_cbc;
-+ break;
-+ case NID_aes_192_cbc:
-+ *cipher = &pk11_aes_192_cbc;
-+ break;
-+ case NID_aes_256_cbc:
-+ *cipher = &pk11_aes_256_cbc;
-+ break;
-+ case NID_aes_128_ecb:
-+ *cipher = &pk11_aes_128_ecb;
-+ break;
-+ case NID_aes_192_ecb:
-+ *cipher = &pk11_aes_192_ecb;
-+ break;
-+ case NID_aes_256_ecb:
-+ *cipher = &pk11_aes_256_ecb;
-+ break;
-+ case NID_bf_cbc:
-+ *cipher = &pk11_bf_cbc;
-+ break;
-+ case NID_rc4:
-+ *cipher = &pk11_rc4;
-+ break;
-+ default:
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * These can't be in separated cases because the NIDs
-+ * here are not constants.
-+ */
-+ if (nid == NID_aes_128_ctr)
-+ *cipher = &pk11_aes_128_ctr;
-+ else if (nid == NID_aes_192_ctr)
-+ *cipher = &pk11_aes_192_ctr;
-+ else if (nid == NID_aes_256_ctr)
-+ *cipher = &pk11_aes_256_ctr;
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ *cipher = NULL;
-+ break;
-+ }
-+ return (*cipher != NULL);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid)
-+ {
-+ if (!digest)
-+ return (pk11_usable_digests(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_md5:
-+ *digest = &pk11_md5;
-+ break;
-+ case NID_sha1:
-+ *digest = &pk11_sha1;
-+ break;
-+ case NID_sha224:
-+ *digest = &pk11_sha224;
-+ break;
-+ case NID_sha256:
-+ *digest = &pk11_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &pk11_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &pk11_sha512;
-+ break;
-+ default:
-+ *digest = NULL;
-+ break;
-+ }
-+ return (*digest != NULL);
-+ }
-+
-+
-+/* Create a secret key object in a PKCS#11 session */
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
-+ CK_ULONG ul_key_attr_count = 6;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_VALUE, (void*) NULL, 0},
-+ };
-+
-+ /*
-+ * Create secret key object in global_session. All other sessions
-+ * can use the key handles. Here is why:
-+ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
-+ * It may then call DecryptInit and DecryptUpdate using the same key.
-+ * To use the same key object, we need to call EncryptFinal with
-+ * a 0 length message. Currently, this does not work for 3DES
-+ * mechanism. To get around this problem, we close the session and
-+ * then create a new session to use the same key object. When a session
-+ * is closed, all the object handles will be invalid. Thus, create key
-+ * objects in a global session, an individual session may be closed to
-+ * terminate the active operation.
-+ */
-+ CK_SESSION_HANDLE session = global_session;
-+ a_key_template[0].pValue = &obj_key;
-+ a_key_template[1].pValue = &key_type;
-+ a_key_template[5].pValue = (void *) key;
-+ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Save the key information used in this session.
-+ * The max can be saved is PK11_KEY_LEN_MAX.
-+ */
-+ sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ?
-+ PK11_KEY_LEN_MAX : ctx->key_len;
-+ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
-+err:
-+
-+ return (h_key);
-+ }
-+
-+static int
-+md_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; i++)
-+ if (digests[i].nid == nid)
-+ return (digests[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_digest_init(EVP_MD_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_SESSION *sp;
-+ PK11_DIGEST *pdp;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ state->sp = NULL;
-+
-+ index = md_nid_to_pk11(ctx->digest->type);
-+ if (index < 0 || index >= PK11_DIGEST_MAX)
-+ return (0);
-+
-+ pdp = &digests[index];
-+ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
-+ return (0);
-+
-+ /* at present, no parameter is needed for supported digests */
-+ mech.mechanism = pdp->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ rv = pFuncList->C_DigestInit(sp->session, &mech);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
-+ pk11_return_session(sp, OP_DIGEST);
-+ return (0);
-+ }
-+
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-+ {
-+ CK_RV rv;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ /* 0 length message will cause a failure in C_DigestFinal */
-+ if (count == 0)
-+ return (1);
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
-+ count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-+ {
-+ CK_RV rv;
-+ unsigned long len;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+ len = ctx->digest->md_size;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ if (ctx->digest->md_size != len)
-+ return (0);
-+
-+ /*
-+ * Final is called and digest is returned, so return the session
-+ * to the pool
-+ */
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-+ {
-+ CK_RV rv;
-+ int ret = 0;
-+ PK11_CIPHER_STATE *state, *state_to;
-+ CK_BYTE_PTR pstate = NULL;
-+ CK_ULONG ul_state_len;
-+
-+ /* The copy-from state */
-+ state = (PK11_CIPHER_STATE *) from->md_data;
-+ if (state == NULL || state->sp == NULL)
-+ goto err;
-+
-+ /* Initialize the copy-to state */
-+ if (!pk11_digest_init(to))
-+ goto err;
-+ state_to = (PK11_CIPHER_STATE *) to->md_data;
-+
-+ /* Get the size of the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+ if (ul_state_len == 0)
-+ {
-+ goto err;
-+ }
-+
-+ pstate = OPENSSL_malloc(ul_state_len);
-+ if (pstate == NULL)
-+ {
-+ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /* Set the operation state of the copy-to session */
-+ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
-+ ul_state_len, 0, 0);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY,
-+ PK11_R_SET_OPERATION_STATE, rv);
-+ goto err;
-+ }
-+
-+ ret = 1;
-+err:
-+ if (pstate != NULL)
-+ OPENSSL_free(pstate);
-+
-+ return (ret);
-+ }
-+
-+/* Return any pending session state to the pool */
-+static int
-+pk11_digest_cleanup(EVP_MD_CTX *ctx)
-+ {
-+ PK11_CIPHER_STATE *state = ctx->md_data;
-+ unsigned char buf[EVP_MAX_MD_SIZE];
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * If state->sp is not NULL then pk11_digest_final() has not
-+ * been called yet. We must call it now to free any memory
-+ * that might have been allocated in the token when
-+ * pk11_digest_init() was called. pk11_digest_final()
-+ * will return the session to the cache.
-+ */
-+ if (!pk11_digest_final(ctx, buf))
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Check if the new key is the same as the key object in the session. If the key
-+ * is the same, no need to create a new key object. Otherwise, the old key
-+ * object needs to be destroyed and a new one will be created. Return 1 for
-+ * cache hit, 0 for cache miss. Note that we must check the key length first
-+ * otherwise we could end up reusing a different, longer key with the same
-+ * prefix.
-+ */
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len)
-+ {
-+ if (sp->opdata_key_len != key_len ||
-+ memcmp(sp->opdata_key, key, key_len) != 0)
-+ {
-+ (void) pk11_destroy_cipher_key_objects(sp);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/* Destroy one or more secret key objects. */
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_CIPHER].head;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
-+ {
-+ /*
-+ * The secret key object is created in the
-+ * global_session. See pk11_get_cipher_key().
-+ */
-+ if (pk11_destroy_object(global_session,
-+ sp->opdata_cipher_key, CK_FALSE) == 0)
-+ goto err;
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ }
-+ }
-+ ret = 1;
-+err:
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_X_509
-+ * CKM_RSA_PKCS
-+ * CKM_DSA
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * Symmetric ciphers optionally supported
-+ *
-+ * CKM_DES3_CBC
-+ * CKM_DES_CBC
-+ * CKM_AES_CBC
-+ * CKM_DES3_ECB
-+ * CKM_DES_ECB
-+ * CKM_AES_ECB
-+ * CKM_AES_CTR
-+ * CKM_RC4
-+ * CKM_BLOWFISH_CBC
-+ *
-+ * Digests optionally supported
-+ *
-+ * CKM_MD5
-+ * CKM_SHA_1
-+ * CKM_SHA224
-+ * CKM_SHA256
-+ * CKM_SHA384
-+ * CKM_SHA512
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ int slot_n_cipher = 0;
-+ int slot_n_digest = 0;
-+ CK_SLOT_ID current_slot = 0;
-+ int current_slot_n_cipher = 0;
-+ int current_slot_n_digest = 0;
-+
-+ int local_cipher_nids[PK11_CIPHER_MAX];
-+ int local_digest_nids[PK11_DIGEST_MAX];
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ CK_BBOOL slot_has_recover = CK_FALSE;
-+ CK_BBOOL slot_has_dsa = CK_FALSE;
-+ CK_BBOOL slot_has_dh = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_RSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ /*
-+ * Check if this slot is capable of encryption,
-+ * decryption, sign, and verify with CKM_RSA_X_509.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_RSA_X_509, &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY) &&
-+ (mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ if (mech_info.flags & CKF_VERIFY_RECOVER)
-+ {
-+ slot_has_recover = CK_TRUE;
-+ }
-+ }
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_DSA.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
-+ &mech_info);
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ slot_has_dsa = CK_TRUE;
-+ }
-+
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ /*
-+ * Check if this slot is capable of DH key generataion and
-+ * derivation.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
-+
-+ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
-+ {
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_DERIVE, &mech_info);
-+ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
-+ {
-+ slot_has_dh = CK_TRUE;
-+ }
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ if (!found_candidate_slot &&
-+ (slot_has_rsa || slot_has_dsa || slot_has_dh))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ pk11_have_recover = slot_has_recover;
-+ pk11_have_dsa = slot_has_dsa;
-+ pk11_have_dh = slot_has_dh;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa/dsa/dh\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ found_candidate_slot = CK_FALSE;
-+ best_slot_sofar = 0;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ current_slot = pSlotList[i];
-+ current_slot_n_cipher = 0;
-+ current_slot_n_digest = 0;
-+ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
-+ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
-+
-+ pk11_find_symmetric_ciphers(pFuncList, current_slot,
-+ ¤t_slot_n_cipher, local_cipher_nids);
-+
-+ pk11_find_digests(pFuncList, current_slot,
-+ ¤t_slot_n_digest, local_digest_nids);
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
-+ current_slot_n_cipher);
-+ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
-+ current_slot_n_digest);
-+ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
-+ PK11_DBG, best_slot_sofar);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * If the current slot supports more ciphers/digests than
-+ * the previous best one we change the current best to this one,
-+ * otherwise leave it where it is.
-+ */
-+ if ((current_slot_n_cipher + current_slot_n_digest) >
-+ (slot_n_cipher + slot_n_digest))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: changing best so far slot to %d\n",
-+ PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = SLOTID = current_slot;
-+ cipher_count = slot_n_cipher = current_slot_n_cipher;
-+ digest_count = slot_n_digest = current_slot_n_digest;
-+ (void) memcpy(cipher_nids, local_cipher_nids,
-+ sizeof (local_cipher_nids));
-+ (void) memcpy(digest_nids, local_digest_nids,
-+ sizeof (local_digest_nids));
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
-+ fprintf(stderr,
-+ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+ fprintf(stderr,
-+ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
-+ fprintf(stderr,
-+ "%s: digest_count %d\n", PK11_DBG, digest_count);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ OPENSSL_free(hw_cnids);
-+ OPENSSL_free(hw_dnids);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
-+ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
-+ int *local_cipher_nids, int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if ((mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT))
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(ciphers[id].nid, hw_cnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_cipher_nids[(*current_slot_n_cipher)++] =
-+ ciphers[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if (mech_info.flags & CKF_DIGEST)
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(digests[id].nid, hw_dnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_digest_nids[(*current_slot_n_digest)++] =
-+ digests[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+/* create a new NID when we have no OID for that mechanism */
-+static int pk11_add_NID(char *sn, char *ln)
-+ {
-+ ASN1_OBJECT *o;
-+ int nid;
-+
-+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
-+ 1, sn, ln)) == NULL)
-+ {
-+ return (0);
-+ }
-+
-+ /* will return NID_undef on error */
-+ nid = OBJ_add_object(o);
-+ ASN1_OBJECT_free(o);
-+
-+ return (nid);
-+ }
-+
-+/*
-+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
-+ * have to help ourselves here.
-+ */
-+static int pk11_add_aes_ctr_NIDs(void)
-+ {
-+ /* are we already set? */
-+ if (NID_aes_256_ctr != NID_undef)
-+ return (1);
-+
-+ /*
-+ * There are no official names for AES counter modes yet so we just
-+ * follow the format of those that exist.
-+ */
-+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
-+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
-+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
-+ return (1);
-+
-+err:
-+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
-+ return (0);
-+ }
-+#endif /* SOLARIS_AES_CTR */
-+
-+/* Find what symmetric ciphers this slot supports. */
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; ++i)
-+ {
-+ pk11_get_symmetric_cipher(pflist, current_slot,
-+ ciphers[i].mech_type, current_slot_n_cipher,
-+ local_cipher_nids, ciphers[i].id);
-+ }
-+ }
-+
-+/* Find what digest algorithms this slot supports. */
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; ++i)
-+ {
-+ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
-+ current_slot_n_digest, local_digest_nids, digests[i].id);
-+ }
-+ }
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * It would be great if we could use pkcs11_kernel directly since this library
-+ * offers hardware slots only. That's the easiest way to achieve the situation
-+ * where we use the hardware accelerators when present and OpenSSL native code
-+ * otherwise. That presumes the fact that OpenSSL native code is faster than the
-+ * code in the soft token. It's a logical assumption - Crypto Framework has some
-+ * inherent overhead so going there for the software implementation of a
-+ * mechanism should be logically slower in contrast to the OpenSSL native code,
-+ * presuming that both implementations are of similar speed. For example, the
-+ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
-+ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
-+ * that use the PKCS#11 engine by default, we must somehow avoid that regression
-+ * on machines without hardware acceleration. That's why switching to the
-+ * pkcs11_kernel library seems like a very good idea.
-+ *
-+ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
-+ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
-+ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
-+ * library, we would have had a performance regression on machines without
-+ * hardware acceleration for asymmetric operations for all applications that use
-+ * the PKCS#11 engine. There is one such application - Apache web server since
-+ * it's shipped configured to use the PKCS#11 engine by default. Having said
-+ * that, we can't switch to the pkcs11_kernel library now and have to come with
-+ * a solution that, on non-accelerated machines, uses the OpenSSL native code
-+ * for all symmetric ciphers and digests while it uses the soft token for
-+ * asymmetric operations.
-+ *
-+ * This is the idea: dlopen() pkcs11_kernel directly and find out what
-+ * mechanisms are there. We don't care about duplications (more slots can
-+ * support the same mechanism), we just want to know what mechanisms can be
-+ * possibly supported in hardware on that particular machine. As said before,
-+ * pkcs11_kernel will show you hardware providers only.
-+ *
-+ * Then, we rely on the fact that since we use libpkcs11 library we will find
-+ * the metaslot. When we go through the metaslot's mechanisms for symmetric
-+ * ciphers and digests, we check that any found mechanism is in the table
-+ * created using the pkcs11_kernel library. So, as a result we have two arrays
-+ * of mechanisms that were advertised as supported in hardware which was the
-+ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
-+ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
-+ * information.
-+ *
-+ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
-+ * the code won't be used.
-+ */
-+#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
-+static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
-+#else
-+static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
-+#endif
-+
-+/*
-+ * Check hardware capabilities of the machines. The output are two lists,
-+ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
-+ * providers together. They are not sorted and may contain duplicate mechanisms.
-+ */
-+static int check_hw_mechanisms(void)
-+ {
-+ int i;
-+ CK_RV rv;
-+ void *handle;
-+ CK_C_GetFunctionList p;
-+ CK_TOKEN_INFO token_info;
-+ CK_ULONG ulSlotCount = 0;
-+ int n_cipher = 0, n_digest = 0;
-+ CK_FUNCTION_LIST_PTR pflist = NULL;
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
-+ int hw_ctable_size, hw_dtable_size;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
-+ PK11_DBG);
-+#endif
-+ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ if ((p = (CK_C_GetFunctionList)dlsym(handle,
-+ PK11_GET_FUNCTION_LIST)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ if (p(&pflist) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /* no slots, set the hw mechanism tables as empty */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
-+#endif
-+ hw_cnids = OPENSSL_malloc(sizeof (int));
-+ hw_dnids = OPENSSL_malloc(sizeof (int));
-+ if (hw_cnids == NULL || hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ /* this means empty tables */
-+ hw_cnids[0] = NID_undef;
-+ hw_dnids[0] = NID_undef;
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the slot list for processing */
-+ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /*
-+ * We don't care about duplicit mechanisms in multiple slots and also
-+ * reserve one slot for the terminal NID_undef which we use to stop the
-+ * search.
-+ */
-+ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
-+ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
-+ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
-+ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
-+ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * Do not use memset since we should not rely on the fact that NID_undef
-+ * is zero now.
-+ */
-+ for (i = 0; i < hw_ctable_size; ++i)
-+ tmp_hw_cnids[i] = NID_undef;
-+ for (i = 0; i < hw_dtable_size; ++i)
-+ tmp_hw_dnids[i] = NID_undef;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
-+ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
-+ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
-+ PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * We are filling the hw mech tables here. Global tables are
-+ * still NULL so all mechanisms are put into tmp tables.
-+ */
-+ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
-+ &n_cipher, tmp_hw_cnids);
-+ pk11_find_digests(pflist, pSlotList[i],
-+ &n_digest, tmp_hw_dnids);
-+ }
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects. Also, C_Finalize() is triggered by
-+ * dlclose(3C).
-+ */
-+#if 0
-+ pflist->C_Finalize(NULL);
-+#endif
-+ OPENSSL_free(pSlotList);
-+ (void) dlclose(handle);
-+ hw_cnids = tmp_hw_cnids;
-+ hw_dnids = tmp_hw_dnids;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+
-+err:
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+ if (tmp_hw_cnids != NULL)
-+ OPENSSL_free(tmp_hw_cnids);
-+ if (tmp_hw_dnids != NULL)
-+ OPENSSL_free(tmp_hw_dnids);
-+
-+ return (0);
-+ }
-+
-+/*
-+ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
-+ * non-existent).
-+ */
-+static int nid_in_table(int nid, int *nid_table)
-+ {
-+ int i = 0;
-+
-+ /*
-+ * a special case. NULL means that we are initializing a new
-+ * table.
-+ */
-+ if (nid_table == NULL)
-+ return (1);
-+
-+ /*
-+ * the table is never full, there is always at least one
-+ * NID_undef.
-+ */
-+ while (nid_table[i] != NID_undef)
-+ {
-+ if (nid_table[i++] == nid)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+ }
-+
-+ return (0);
-+ }
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11_err.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.4.10.1
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 21:52:40 2011
-@@ -0,0 +1,288 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_err.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/err.h>
-+#include "hw_pk11_err.h"
-+
-+/* BEGIN ERROR CODES */
-+#ifndef OPENSSL_NO_ERR
-+static ERR_STRING_DATA pk11_str_functs[]=
-+{
-+{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
-+{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
-+{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
-+{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
-+{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
-+{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
-+{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
-+{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
-+{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
-+{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
-+{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
-+{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
-+{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
-+{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
-+{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
-+{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
-+{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
-+{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
-+{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
-+{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
-+{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
-+{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
-+{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
-+{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
-+{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
-+{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
-+{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
-+{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
-+{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
-+{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
-+{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
-+{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
-+{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
-+{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
-+{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
-+{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
-+{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
-+{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
-+{ 0, NULL}
-+};
-+
-+static ERR_STRING_DATA pk11_str_reasons[]=
-+{
-+{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
-+{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
-+{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
-+{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
-+{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
-+{ PK11_R_INITIALIZE, "C_Initialize failed"},
-+{ PK11_R_FINALIZE, "C_Finalize failed"},
-+{ PK11_R_GETINFO, "C_GetInfo faile"},
-+{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
-+{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
-+{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
-+{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
-+{ PK11_R_NO_MODULUS, "no modulus"},
-+{ PK11_R_NO_EXPONENT, "no exponent"},
-+{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
-+{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
-+{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
-+{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
-+{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
-+{ PK11_R_OPENSESSION, "C_OpenSession failed"},
-+{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
-+{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
-+{ PK11_R_ENCRYPT, "C_Encrypt failed"},
-+{ PK11_R_SIGNINIT, "C_SignInit failed"},
-+{ PK11_R_SIGN, "C_Sign failed"},
-+{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
-+{ PK11_R_DECRYPT, "C_Decrypt failed"},
-+{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
-+{ PK11_R_VERIFY, "C_Verify failed"},
-+{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
-+{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
-+{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
-+{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
-+{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
-+{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
-+{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
-+{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
-+{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
-+{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
-+{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
-+{ PK11_R_MALLOC_FAILURE, "malloc failure"},
-+{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
-+{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
-+{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
-+{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
-+{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
-+{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
-+{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
-+{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
-+{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
-+{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
-+{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
-+{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
-+{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
-+{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
-+{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
-+{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
-+{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
-+{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
-+{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
-+{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
-+{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
-+{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
-+{ PK11_R_ATFORK_FAILED, "atfork() failed" },
-+{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
-+{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
-+{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
-+{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
-+{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
-+{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
-+{ PK11_R_PIPE_FAILED, "pipe() failed" },
-+{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
-+{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
-+{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
-+{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
-+{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
-+{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
-+{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
-+{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
-+{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
-+{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
-+{ PK11_R_MMAP_FAILED, "mmap() failed" },
-+{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
-+{ PK11_R_MLOCK_FAILED, "mlock() failed" },
-+{ PK11_R_FORK_FAILED, "fork() failed" },
-+{ 0, NULL}
-+};
-+#endif /* OPENSSL_NO_ERR */
-+
-+static int pk11_lib_error_code = 0;
-+static int pk11_error_init = 1;
-+
-+static void
-+ERR_load_pk11_strings(void)
-+ {
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+
-+ if (pk11_error_init)
-+ {
-+ pk11_error_init = 0;
-+#ifndef OPENSSL_NO_ERR
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ }
-+}
-+
-+static void
-+ERR_unload_pk11_strings(void)
-+ {
-+ if (pk11_error_init == 0)
-+ {
-+#ifndef OPENSSL_NO_ERR
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ pk11_error_init = 1;
-+ }
-+}
-+
-+void
-+ERR_pk11_error(int function, int reason, char *file, int line)
-+{
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-+}
-+
-+void
-+PK11err_add_data(int function, int reason, CK_RV rv)
-+{
-+ char tmp_buf[20];
-+
-+ PK11err(function, reason);
-+ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
-+ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-+}
-Index: openssl/crypto/engine/hw_pk11_err.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.9.10.1
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:52:40 2011
-@@ -0,0 +1,440 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#ifndef HW_PK11_ERR_H
-+#define HW_PK11_ERR_H
-+
-+void ERR_pk11_error(int function, int reason, char *file, int line);
-+void PK11err_add_data(int function, int reason, CK_RV rv);
-+#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
-+
-+/* Error codes for the PK11 functions. */
-+
-+/* Function codes. */
-+
-+#define PK11_F_INIT 100
-+#define PK11_F_FINISH 101
-+#define PK11_F_DESTROY 102
-+#define PK11_F_CTRL 103
-+#define PK11_F_RSA_INIT 104
-+#define PK11_F_RSA_FINISH 105
-+#define PK11_F_GET_PUB_RSA_KEY 106
-+#define PK11_F_GET_PRIV_RSA_KEY 107
-+#define PK11_F_RSA_GEN_KEY 108
-+#define PK11_F_RSA_PUB_ENC 109
-+#define PK11_F_RSA_PRIV_ENC 110
-+#define PK11_F_RSA_PUB_DEC 111
-+#define PK11_F_RSA_PRIV_DEC 112
-+#define PK11_F_RSA_SIGN 113
-+#define PK11_F_RSA_VERIFY 114
-+#define PK11_F_RAND_ADD 115
-+#define PK11_F_RAND_BYTES 116
-+#define PK11_F_GET_SESSION 117
-+#define PK11_F_FREE_SESSION 118
-+#define PK11_F_LOAD_PUBKEY 119
-+#define PK11_F_LOAD_PRIVKEY 120
-+#define PK11_F_RSA_PUB_ENC_LOW 121
-+#define PK11_F_RSA_PRIV_ENC_LOW 122
-+#define PK11_F_RSA_PUB_DEC_LOW 123
-+#define PK11_F_RSA_PRIV_DEC_LOW 124
-+#define PK11_F_DSA_SIGN 125
-+#define PK11_F_DSA_VERIFY 126
-+#define PK11_F_DSA_INIT 127
-+#define PK11_F_DSA_FINISH 128
-+#define PK11_F_GET_PUB_DSA_KEY 129
-+#define PK11_F_GET_PRIV_DSA_KEY 130
-+#define PK11_F_DH_INIT 131
-+#define PK11_F_DH_FINISH 132
-+#define PK11_F_MOD_EXP_DH 133
-+#define PK11_F_GET_DH_KEY 134
-+#define PK11_F_FREE_ALL_SESSIONS 135
-+#define PK11_F_SETUP_SESSION 136
-+#define PK11_F_DESTROY_OBJECT 137
-+#define PK11_F_CIPHER_INIT 138
-+#define PK11_F_CIPHER_DO_CIPHER 139
-+#define PK11_F_GET_CIPHER_KEY 140
-+#define PK11_F_DIGEST_INIT 141
-+#define PK11_F_DIGEST_UPDATE 142
-+#define PK11_F_DIGEST_FINAL 143
-+#define PK11_F_CHOOSE_SLOT 144
-+#define PK11_F_CIPHER_FINAL 145
-+#define PK11_F_LIBRARY_INIT 146
-+#define PK11_F_LOAD 147
-+#define PK11_F_DH_GEN_KEY 148
-+#define PK11_F_DH_COMP_KEY 149
-+#define PK11_F_DIGEST_COPY 150
-+#define PK11_F_CIPHER_CLEANUP 151
-+#define PK11_F_ACTIVE_ADD 152
-+#define PK11_F_ACTIVE_DELETE 153
-+#define PK11_F_CHECK_HW_MECHANISMS 154
-+#define PK11_F_INIT_SYMMETRIC 155
-+#define PK11_F_ADD_AES_CTR_NIDS 156
-+#define PK11_F_INIT_ALL_LOCKS 157
-+#define PK11_F_RETURN_SESSION 158
-+#define PK11_F_GET_PIN 159
-+#define PK11_F_FIND_ONE_OBJECT 160
-+#define PK11_F_CHECK_TOKEN_ATTRS 161
-+#define PK11_F_CACHE_PIN 162
-+#define PK11_F_MLOCK_PIN_IN_MEMORY 163
-+#define PK11_F_TOKEN_LOGIN 164
-+#define PK11_F_TOKEN_RELOGIN 165
-+#define PK11_F_RUN_ASKPASS 166
-+
-+/* Reason codes. */
-+#define PK11_R_ALREADY_LOADED 100
-+#define PK11_R_DSO_FAILURE 101
-+#define PK11_R_NOT_LOADED 102
-+#define PK11_R_PASSED_NULL_PARAMETER 103
-+#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
-+#define PK11_R_INITIALIZE 105
-+#define PK11_R_FINALIZE 106
-+#define PK11_R_GETINFO 107
-+#define PK11_R_GETSLOTLIST 108
-+#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
-+#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
-+#define PK11_R_GETATTRIBUTVALUE 111
-+#define PK11_R_NO_MODULUS 112
-+#define PK11_R_NO_EXPONENT 113
-+#define PK11_R_FINDOBJECTSINIT 114
-+#define PK11_R_FINDOBJECTS 115
-+#define PK11_R_FINDOBJECTSFINAL 116
-+#define PK11_R_CREATEOBJECT 118
-+#define PK11_R_DESTROYOBJECT 119
-+#define PK11_R_OPENSESSION 120
-+#define PK11_R_CLOSESESSION 121
-+#define PK11_R_ENCRYPTINIT 122
-+#define PK11_R_ENCRYPT 123
-+#define PK11_R_SIGNINIT 124
-+#define PK11_R_SIGN 125
-+#define PK11_R_DECRYPTINIT 126
-+#define PK11_R_DECRYPT 127
-+#define PK11_R_VERIFYINIT 128
-+#define PK11_R_VERIFY 129
-+#define PK11_R_VERIFYRECOVERINIT 130
-+#define PK11_R_VERIFYRECOVER 131
-+#define PK11_R_GEN_KEY 132
-+#define PK11_R_SEEDRANDOM 133
-+#define PK11_R_GENERATERANDOM 134
-+#define PK11_R_INVALID_MESSAGE_LENGTH 135
-+#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
-+#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
-+#define PK11_R_UNKNOWN_PADDING_TYPE 138
-+#define PK11_R_PADDING_CHECK_FAILED 139
-+#define PK11_R_DIGEST_TOO_BIG 140
-+#define PK11_R_MALLOC_FAILURE 141
-+#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
-+#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
-+#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
-+#define PK11_R_MISSING_KEY_COMPONENT 145
-+#define PK11_R_INVALID_SIGNATURE_LENGTH 146
-+#define PK11_R_INVALID_DSA_SIGNATURE_R 147
-+#define PK11_R_INVALID_DSA_SIGNATURE_S 148
-+#define PK11_R_INCONSISTENT_KEY 149
-+#define PK11_R_ENCRYPTUPDATE 150
-+#define PK11_R_DECRYPTUPDATE 151
-+#define PK11_R_DIGESTINIT 152
-+#define PK11_R_DIGESTUPDATE 153
-+#define PK11_R_DIGESTFINAL 154
-+#define PK11_R_ENCRYPTFINAL 155
-+#define PK11_R_DECRYPTFINAL 156
-+#define PK11_R_NO_PRNG_SUPPORT 157
-+#define PK11_R_GETTOKENINFO 158
-+#define PK11_R_DERIVEKEY 159
-+#define PK11_R_GET_OPERATION_STATE 160
-+#define PK11_R_SET_OPERATION_STATE 161
-+#define PK11_R_INVALID_HANDLE 162
-+#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
-+#define PK11_R_INVALID_OPERATION_TYPE 164
-+#define PK11_R_ADD_NID_FAILED 165
-+#define PK11_R_ATFORK_FAILED 166
-+
-+#define PK11_R_TOKEN_LOGIN_FAILED 167
-+#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
-+#define PK11_R_INVALID_PKCS11_URI 169
-+#define PK11_R_COULD_NOT_READ_PIN 170
-+#define PK11_R_COULD_NOT_OPEN_COMMAND 171
-+#define PK11_R_PIPE_FAILED 172
-+#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
-+#define PK11_R_BAD_PASSPHRASE_SPEC 174
-+#define PK11_R_TOKEN_NOT_INITIALIZED 175
-+#define PK11_R_TOKEN_PIN_NOT_SET 176
-+#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
-+#define PK11_R_MISSING_OBJECT_LABEL 178
-+#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
-+#define PK11_R_PRIV_KEY_NOT_FOUND 180
-+#define PK11_R_NO_OBJECT_FOUND 181
-+#define PK11_R_PIN_CACHING_POLICY_INVALID 182
-+#define PK11_R_SYSCONF_FAILED 183
-+#define PK11_R_MMAP_FAILED 183
-+#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
-+#define PK11_R_MLOCK_FAILED 185
-+#define PK11_R_FORK_FAILED 186
-+
-+/* max byte length of a symetric key we support */
-+#define PK11_KEY_LEN_MAX 32
-+
-+#ifdef NOPTHREADS
-+/*
-+ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
-+ * free_session list and active_list but generally serves as a global
-+ * per-process lock for the whole engine.
-+ *
-+ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
-+ * the global engine lock. This is not optimal w.r.t. performance but
-+ * it's safe.
-+ */
-+#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
-+#endif
-+
-+/*
-+ * This structure encapsulates all reusable information for a PKCS#11
-+ * session. A list of these objects is created on behalf of the
-+ * calling application using an on-demand method. Each operation
-+ * type (see PK11_OPTYPE below) has its own per-process list.
-+ * Each of the lists is basically a cache for faster PKCS#11 object
-+ * access to avoid expensive C_Find{,Init,Final}Object() calls.
-+ *
-+ * When a new request comes in, an object will be taken from the list
-+ * (if there is one) or a new one is created to handle the request
-+ * (if the list is empty). See pk11_get_session() on how it is done.
-+ */
-+typedef struct PK11_st_SESSION
-+ {
-+ struct PK11_st_SESSION *next;
-+ CK_SESSION_HANDLE session; /* PK11 session handle */
-+ pid_t pid; /* Current process ID */
-+ CK_BBOOL pub_persistent; /* is pub key in keystore? */
-+ CK_BBOOL priv_persistent;/* is priv key in keystore? */
-+ union
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
-+ RSA *rsa_pub; /* pub key addr */
-+ BIGNUM *rsa_n_num; /* pub modulus */
-+ BIGNUM *rsa_e_num; /* pub exponent */
-+ RSA *rsa_priv; /* priv key addr */
-+ BIGNUM *rsa_pn_num; /* pub modulus */
-+ BIGNUM *rsa_pe_num; /* pub exponent */
-+ BIGNUM *rsa_d_num; /* priv exponent */
-+ } u_RSA;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
-+ DSA *dsa_pub; /* pub key addr */
-+ BIGNUM *dsa_pub_num; /* pub key */
-+ DSA *dsa_priv; /* priv key addr */
-+ BIGNUM *dsa_priv_num; /* priv key */
-+ } u_DSA;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dh_key; /* key handle */
-+ DH *dh; /* dh key addr */
-+ BIGNUM *dh_priv_num; /* priv dh key */
-+ } u_DH;
-+#endif /* OPENSSL_NO_DH */
-+ struct
-+ {
-+ CK_OBJECT_HANDLE cipher_key; /* key handle */
-+ unsigned char key[PK11_KEY_LEN_MAX];
-+ int key_len; /* priv key len */
-+ int encrypt; /* 1/0 enc/decr */
-+ } u_cipher;
-+ } opdata_u;
-+ } PK11_SESSION;
-+
-+#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
-+#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
-+#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
-+#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
-+#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
-+#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
-+#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
-+#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
-+#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
-+#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
-+#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
-+#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
-+#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
-+#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
-+#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
-+#define opdata_dh_key opdata_u.u_DH.dh_key
-+#define opdata_dh opdata_u.u_DH.dh
-+#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
-+#define opdata_cipher_key opdata_u.u_cipher.cipher_key
-+#define opdata_key opdata_u.u_cipher.key
-+#define opdata_key_len opdata_u.u_cipher.key_len
-+#define opdata_encrypt opdata_u.u_cipher.encrypt
-+
-+/*
-+ * We have 3 different groups of operation types:
-+ * 1) asymmetric operations
-+ * 2) random operations
-+ * 3) symmetric and digest operations
-+ *
-+ * This division into groups stems from the fact that it's common that hardware
-+ * providers may support operations from one group only. For example, hardware
-+ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
-+ * only a single group of operations.
-+ *
-+ * For every group a different slot can be chosen. That means that we must have
-+ * at least 3 different lists of cached PKCS#11 sessions since sessions from
-+ * different groups may be initialized in different slots.
-+ *
-+ * To provide locking granularity in multithreaded environment, the groups are
-+ * further splitted into types with each type having a separate session cache.
-+ */
-+typedef enum PK11_OPTYPE_ENUM
-+ {
-+ OP_RAND,
-+ OP_RSA,
-+ OP_DSA,
-+ OP_DH,
-+ OP_CIPHER,
-+ OP_DIGEST,
-+ OP_MAX
-+ } PK11_OPTYPE;
-+
-+/*
-+ * This structure contains the heads of the lists forming the object caches
-+ * and locks associated with the lists.
-+ */
-+typedef struct PK11_st_CACHE
-+ {
-+ PK11_SESSION *head;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *lock;
-+#endif
-+ } PK11_CACHE;
-+
-+/* structure for tracking handles of asymmetric key objects */
-+typedef struct PK11_active_st
-+ {
-+ CK_OBJECT_HANDLE h;
-+ unsigned int refcnt;
-+ struct PK11_active_st *prev;
-+ struct PK11_active_st *next;
-+ } PK11_active;
-+
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *find_lock[];
-+#endif
-+extern PK11_active *active_list[];
-+/*
-+ * These variables are specific for the RSA keys by reference code. See
-+ * hw_pk11_pub.c for explanation.
-+ */
-+extern CK_FLAGS pubkey_token_flags;
-+
-+#ifndef NOPTHREADS
-+#define LOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_lock(find_lock[alg_type])
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_unlock(find_lock[alg_type])
-+#else
-+#define LOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
-+#endif
-+
-+extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+extern int pk11_token_relogin(CK_SESSION_HANDLE session);
-+
-+#ifndef OPENSSL_NO_RSA
-+extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern RSA_METHOD *PK11_RSA(void);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DSA_METHOD *PK11_DSA(void);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DH_METHOD *PK11_DH(void);
-+#endif /* OPENSSL_NO_DH */
-+
-+extern CK_FUNCTION_LIST_PTR pFuncList;
-+
-+#endif /* HW_PK11_ERR_H */
-Index: openssl/crypto/engine/hw_pk11_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.32.4.3
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11_pub.c Fri Jun 17 07:56:20 2011
-@@ -0,0 +1,3530 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif /* OPENSSL_NO_DH */
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+#ifndef OPENSSL_NO_RSA
-+/* RSA stuff */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_init(RSA *rsa);
-+static int pk11_RSA_finish(RSA *rsa);
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#else
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#endif
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+#endif
-+
-+/* DSA stuff */
-+#ifndef OPENSSL_NO_DSA
-+static int pk11_DSA_init(DSA *dsa);
-+static int pk11_DSA_finish(DSA *dsa);
-+static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa);
-+static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
-+
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
-+#endif
-+
-+/* DH stuff */
-+#ifndef OPENSSL_NO_DH
-+static int pk11_DH_init(DH *dh);
-+static int pk11_DH_finish(DH *dh);
-+static int pk11_DH_generate_key(DH *dh);
-+static int pk11_DH_compute_key(unsigned char *key,
-+ const BIGNUM *pub_key, DH *dh);
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
-+ BIGNUM **priv_key, CK_SESSION_HANDLE session);
-+
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
-+#endif
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa =
-+ {
-+ "PKCS#11 RSA method",
-+ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
-+ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
-+ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
-+ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
-+ NULL, /* rsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_RSA_init, /* init */
-+ pk11_RSA_finish, /* finish */
-+ RSA_FLAG_SIGN_VER, /* flags */
-+ NULL, /* app_data */
-+ pk11_RSA_sign, /* rsa_sign */
-+ pk11_RSA_verify /* rsa_verify */
-+ };
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ return (&pk11_rsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Our internal DSA_METHOD that we provide pointers to */
-+static DSA_METHOD pk11_dsa =
-+ {
-+ "PKCS#11 DSA method",
-+ pk11_dsa_do_sign, /* dsa_do_sign */
-+ NULL, /* dsa_sign_setup */
-+ pk11_dsa_do_verify, /* dsa_do_verify */
-+ NULL, /* dsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_DSA_init, /* init */
-+ pk11_DSA_finish, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+ };
-+
-+DSA_METHOD *
-+PK11_DSA(void)
-+ {
-+ return (&pk11_dsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DH
-+/*
-+ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
-+ * output buffer may somewhat exceed the precise number of bytes needed, but
-+ * should not exceed it by a large amount. That may be caused, for example, by
-+ * rounding it up to multiple of X in the underlying bignum library. 8 should be
-+ * enough.
-+ */
-+#define DH_BUF_RESERVE 8
-+
-+/* Our internal DH_METHOD that we provide pointers to */
-+static DH_METHOD pk11_dh =
-+ {
-+ "PKCS#11 DH method",
-+ pk11_DH_generate_key, /* generate_key */
-+ pk11_DH_compute_key, /* compute_key */
-+ NULL, /* bn_mod_exp */
-+ pk11_DH_init, /* init */
-+ pk11_DH_finish, /* finish */
-+ 0, /* flags */
-+ NULL, /* app_data */
-+ NULL /* generate_params */
-+ };
-+
-+DH_METHOD *
-+PK11_DH(void)
-+ {
-+ return (&pk11_dh);
-+ }
-+#endif
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+/* Lengths of DSA data and signature */
-+#define DSA_DATA_LEN 20
-+#define DSA_SIGNATURE_LEN 40
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+#ifndef OPENSSL_NO_RSA
-+/*
-+ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
-+ * support all paddings in this engine although PK11 library does not
-+ * support all the paddings used in OpenSSL.
-+ * The input errors should have been checked in the padding functions.
-+ */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ i = RSA_padding_add_SSLv23(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+
-+/*
-+ * Similar to Openssl to take advantage of the paddings. The input errors
-+ * should be catched in the padding functions
-+ */
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ case RSA_SSLV23_PADDING:
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int j, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+
-+ num = BN_num_bytes(rsa->n);
-+
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ /* make data into a big number */
-+ if (BN_bin2bn(from, (int)flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's paddings here.
-+ */
-+ for (j = 0; j < r; j++)
-+ if (buf[j] != 0)
-+ break;
-+
-+ p = buf + j;
-+ j = r - j; /* j is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ r = RSA_padding_check_SSLv23(to, num, p, j, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, j, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int i, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+ num = BN_num_bytes(rsa->n);
-+ buf = (unsigned char *)OPENSSL_malloc(num);
-+ if (buf == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ if (BN_bin2bn(from, flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's here
-+ */
-+ for (i = 0; i < r; i++)
-+ if (buf[i] != 0)
-+ break;
-+
-+ p = buf + i;
-+ i = r - i; /* i is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, i, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/*
-+ * This function implements RSA public encryption using C_EncryptInit and
-+ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_encrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Encrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_encrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_encrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private encryption using C_SignInit and
-+ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG ul_sig_len = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ {
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
-+ PK11_R_SIGNINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char *)from, flen, to, &ul_sig_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
-+ rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ retval = ul_sig_len;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private decryption using C_DecryptInit and
-+ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Decrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA public decryption using C_VerifyRecoverInit
-+ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyRecoverInit(sp->session,
-+ p_mech, h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVERINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_VerifyRecover(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVER, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+static int pk11_RSA_init(RSA *rsa)
-+ {
-+ /*
-+ * This flag in the RSA_METHOD enables the new rsa_sign,
-+ * rsa_verify functions. See rsa.h for details.
-+ */
-+ rsa->flags |= RSA_FLAG_SIGN_VER;
-+
-+ return (1);
-+ }
-+
-+static int pk11_RSA_finish(RSA *rsa)
-+ {
-+ /*
-+ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
-+ * to do the same as in the original function, i.e. to free bignum
-+ * structures.
-+ */
-+ if (rsa->_method_mod_n != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_n);
-+ if (rsa->_method_mod_p != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_p);
-+ if (rsa->_method_mod_q != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_q);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#else
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#endif
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto err;
-+ }
-+ rv = pFuncList->C_Verify(sp->session, s, i,
-+ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* The DSA function implementation */
-+/* ARGSUSED */
-+static int pk11_DSA_init(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DSA_finish(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+
-+static DSA_SIG *
-+pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-+ {
-+ BIGNUM *r = NULL, *s = NULL;
-+ int i;
-+ DSA_SIG *dsa_sig = NULL;
-+
-+ CK_RV rv;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+
-+ /*
-+ * The signature is the concatenation of r and s,
-+ * each is 20 bytes long
-+ */
-+ unsigned char sigret[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_priv(sp, dsa);
-+
-+ h_priv_key = sp->opdata_dsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_dsa_priv_key =
-+ pk11_get_private_dsa_key((DSA *)dsa,
-+ &sp->opdata_dsa_priv,
-+ &sp->opdata_dsa_priv_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto ret;
-+ }
-+
-+ (void) memset(sigret, 0, siglen);
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char*) dgst, dlen, sigret,
-+ (CK_ULONG_PTR) &siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
-+ goto ret;
-+ }
-+ }
-+
-+
-+ if ((s = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((r = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((dsa_sig = DSA_SIG_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
-+ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ dsa_sig->r = r;
-+ dsa_sig->s = s;
-+
-+ret:
-+ if (dsa_sig == NULL)
-+ {
-+ if (r != NULL)
-+ BN_free(r);
-+ if (s != NULL)
-+ BN_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (dsa_sig);
-+ }
-+
-+static int
-+pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
-+ DSA *dsa)
-+ {
-+ int i;
-+ CK_RV rv;
-+ int retval = 0;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+
-+ unsigned char sigbuf[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_R);
-+ goto ret;
-+ }
-+
-+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_S);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_pub(sp, dsa);
-+
-+ h_pub_key = sp->opdata_dsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_dsa_pub_key =
-+ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
-+ &sp->opdata_dsa_pub_num, sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto ret;
-+ }
-+
-+ /*
-+ * The representation of each of the two big numbers could
-+ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
-+ * to act accordingly and shift if necessary.
-+ */
-+ (void) memset(sigbuf, 0, siglen);
-+ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
-+ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
-+ BN_num_bytes(sig->s));
-+
-+ rv = pFuncList->C_Verify(sp->session,
-+ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto ret;
-+ }
-+ }
-+
-+ retval = 1;
-+ret:
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * Create a public key object in a session from a given dsa structure.
-+ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ if (init_template_value(dsa->p, &a_key_template[4].pValue,
-+ &a_key_template[4].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_pub_num != NULL)
-+ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ for (i = 4; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given dsa structure
-+ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ int i;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 9;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(dsa->p, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_priv_num != NULL)
-+ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ /*
-+ * 5 to 8 entries in the key template are key components.
-+ * They need to be freed apon exit or error.
-+ */
-+ for (i = 5; i <= 8; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only public key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_pub != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only private key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_priv != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+
-+#ifndef OPENSSL_NO_DH
-+/* The DH function implementation */
-+/* ARGSUSED */
-+static int pk11_DH_init(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DH_finish(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/*
-+ * Generate DH key-pair.
-+ *
-+ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
-+ * and override it even if it is set. OpenSSL does not touch dh->priv_key
-+ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
-+ * is not capable of providing this functionality. This could be a problem
-+ * for applications relying on OpenSSL's semantics.
-+ */
-+static int pk11_DH_generate_key(DH *dh)
-+ {
-+ CK_ULONG i;
-+ CK_RV rv, rv1;
-+ int reuse_mem_len = 0, ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ CK_BYTE_PTR reuse_mem;
-+
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_pub_key_attr_count = 3;
-+ CK_ATTRIBUTE pub_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *)NULL, 0},
-+ {CKA_BASE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG ul_priv_key_attr_count = 3;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_SENSITIVE, &false, sizeof (false)},
-+ {CKA_DERIVE, &true, sizeof (true)}
-+ };
-+
-+ CK_ULONG pub_key_attr_result_count = 1;
-+ CK_ATTRIBUTE pub_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
-+ if (pub_key_template[1].ulValueLen > 0)
-+ {
-+ /*
-+ * We must not increase ulValueLen by DH_BUF_RESERVE since that
-+ * could cause the same rounding problem. See definition of
-+ * DH_BUF_RESERVE above.
-+ */
-+ pub_key_template[1].pValue =
-+ OPENSSL_malloc(pub_key_template[1].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[1].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
-+ if (pub_key_template[2].ulValueLen > 0)
-+ {
-+ pub_key_template[2].pValue =
-+ OPENSSL_malloc(pub_key_template[2].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[2].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ /*
-+ * Note: we are only using PK11_SESSION structure for getting
-+ * a session handle. The objects created in this function are
-+ * destroyed before return and thus not cached.
-+ */
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ rv = pFuncList->C_GenerateKeyPair(sp->session,
-+ &mechanism,
-+ pub_key_template,
-+ ul_pub_key_attr_count,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_pub_key,
-+ &h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Reuse the larger memory allocated. We know the larger memory
-+ * should be sufficient for reuse.
-+ */
-+ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
-+ {
-+ reuse_mem = pub_key_template[1].pValue;
-+ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
-+ }
-+ else
-+ {
-+ reuse_mem = pub_key_template[2].pValue;
-+ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK || rv1 != CKR_OK)
-+ {
-+ rv = (rv != CKR_OK) ? rv : rv1;
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
-+ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+
-+ /* Reuse the memory allocated */
-+ pub_key_result[0].pValue = reuse_mem;
-+ pub_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (pub_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->pub_key == NULL)
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
-+ pub_key_result[0].ulValueLen, dh->pub_key);
-+ if (dh->pub_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ /* Reuse the memory allocated */
-+ priv_key_result[0].pValue = reuse_mem;
-+ priv_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->priv_key == NULL)
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
-+ priv_key_result[0].ulValueLen, dh->priv_key);
-+ if (dh->priv_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ ret = 1;
-+
-+err:
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ for (i = 1; i <= 2; i++)
-+ {
-+ if (pub_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(pub_key_template[i].pValue);
-+ pub_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh)
-+ {
-+ unsigned int i;
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
-+ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
-+ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
-+ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_priv_key_attr_count = 2;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_RV rv;
-+ int ret = -1;
-+ PK11_SESSION *sp = NULL;
-+
-+ if (dh->priv_key == NULL)
-+ goto err;
-+
-+ priv_key_template[0].pValue = &key_class;
-+ priv_key_template[1].pValue = &key_type;
-+
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ mechanism.ulParameterLen = BN_num_bytes(pub_key);
-+ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
-+ if (mechanism.pParameter == NULL)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ BN_bn2bin(pub_key, mechanism.pParameter);
-+
-+ (void) check_new_dh_key(sp, dh);
-+
-+ h_key = sp->opdata_dh_key;
-+ if (h_key == CK_INVALID_HANDLE)
-+ h_key = sp->opdata_dh_key =
-+ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
-+ &sp->opdata_dh_priv_num, sp->session);
-+
-+ if (h_key == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_DeriveKey(sp->session,
-+ &mechanism,
-+ h_key,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+ priv_key_result[0].pValue =
-+ OPENSSL_malloc(priv_key_result[0].ulValueLen);
-+ if (!priv_key_result[0].pValue)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * OpenSSL allocates the output buffer 'key' which is the same
-+ * length of the public key. It is long enough for the derived key
-+ */
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ /*
-+ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
-+ * leading zeros from a computed shared secret. However,
-+ * OpenSSL always did it so we must do the same here. The
-+ * vagueness of the spec regarding leading zero bytes was
-+ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
-+ * zeros are stripped before the computed data is used as the
-+ * pre-master secret.
-+ */
-+ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
-+ {
-+ if (((char *)priv_key_result[0].pValue)[i] != 0)
-+ break;
-+ }
-+
-+ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
-+ priv_key_result[0].ulValueLen - i);
-+ ret = priv_key_result[0].ulValueLen - i;
-+ }
-+
-+err:
-+
-+ if (h_derived_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+ if (priv_key_result[0].pValue)
-+ {
-+ OPENSSL_free(priv_key_result[0].pValue);
-+ priv_key_result[0].pValue = NULL;
-+ }
-+
-+ if (mechanism.pParameter)
-+ {
-+ OPENSSL_free(mechanism.pParameter);
-+ mechanism.pParameter = NULL;
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
-+ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE key_type = CKK_DH;
-+ CK_ULONG found;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ULONG ul_key_attr_count = 7;
-+ CK_ATTRIBUTE key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ {CKA_DERIVE, &true, sizeof (true)},
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *) NULL, 0},
-+ {CKA_BASE, (void *) NULL, 0},
-+ {CKA_VALUE, (void *) NULL, 0},
-+ };
-+
-+ key_template[0].pValue = &class;
-+ key_template[1].pValue = &key_type;
-+
-+ key_template[4].ulValueLen = BN_num_bytes(dh->p);
-+ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[4].ulValueLen);
-+ if (key_template[4].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->p, key_template[4].pValue);
-+
-+ key_template[5].ulValueLen = BN_num_bytes(dh->g);
-+ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[5].ulValueLen);
-+ if (key_template[5].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->g, key_template[5].pValue);
-+
-+ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
-+ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[6].ulValueLen);
-+ if (key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->priv_key, key_template[6].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DH);
-+ rv = pFuncList->C_FindObjectsInit(session, key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dh_priv_num != NULL)
-+ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dh;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DH);
-+
-+malloc_err:
-+ for (i = 4; i <= 6; i++)
-+ {
-+ if (key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(key_template[i].pValue);
-+ key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ *
-+ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
-+ * to CK_INVALID_HANDLE even when it fails to destroy the object.
-+ */
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
-+ {
-+ /*
-+ * Provide protection against DH structure reuse by making the
-+ * check for cache hit stronger. Private key component of DH key
-+ * is unique so it is sufficient to compare it with value cached
-+ * in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dh != dh) ||
-+ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dh_object(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ goto err;
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11ca.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.2.4.2
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:32 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
-+
-+#define token_lock pk11ca_token_lock
-+#define find_lock pk11ca_find_lock
-+#define active_list pk11ca_active_list
-+#define pubkey_token_flags pk11ca_pubkey_token_flags
-+#define pubkey_SLOTID pk11ca_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11ca_error
-+#define PK11err_add_data PK11CAerr_add_data
-+#define pk11_get_session pk11ca_get_session
-+#define pk11_return_session pk11ca_return_session
-+#define pk11_active_add pk11ca_active_add
-+#define pk11_active_delete pk11ca_active_delete
-+#define pk11_active_remove pk11ca_active_remove
-+#define pk11_free_active_list pk11ca_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11ca_load_privkey
-+#define pk11_load_pubkey pk11ca_load_pubkey
-+#define PK11_RSA PK11CA_RSA
-+#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
-+#define PK11_DSA PK11CA_DSA
-+#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11ca_destroy_dh_object
-+#define PK11_DH PK11CA_DH
-+#define pk11_token_relogin pk11ca_token_relogin
-+#define pFuncList pk11ca_pFuncList
-+#define pk11_pin pk11ca_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11ca
-Index: openssl/crypto/engine/hw_pk11so.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.3.4.2
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:35 2011
-@@ -0,0 +1,1745 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/*#undef DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_DSA
-+#define OPENSSL_NO_DSA
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#define OPENSSL_NO_DH
-+#endif
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.c"
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11CA
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name))
-+ return (0);
-+
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ if (optype == OP_RSA)
-+ {
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_PKCS
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ CK_SLOT_ID current_slot = 0;
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * Check if this slot is capable of signing with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ }
-+
-+ if (!found_candidate_slot && slot_has_rsa)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ /*SLOTID = pSlotList[0];*/
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11so.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.2.4.2
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:32 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
-+
-+#define token_lock pk11so_token_lock
-+#define find_lock pk11so_find_lock
-+#define active_list pk11so_active_list
-+#define pubkey_token_flags pk11so_pubkey_token_flags
-+#define pubkey_SLOTID pk11so_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11so_error
-+#define PK11err_add_data PK11SOerr_add_data
-+#define pk11_get_session pk11so_get_session
-+#define pk11_return_session pk11so_return_session
-+#define pk11_active_add pk11so_active_add
-+#define pk11_active_delete pk11so_active_delete
-+#define pk11_active_remove pk11so_active_remove
-+#define pk11_free_active_list pk11so_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11so_load_privkey
-+#define pk11_load_pubkey pk11so_load_pubkey
-+#define PK11_RSA PK11SO_RSA
-+#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
-+#define PK11_DSA PK11SO_DSA
-+#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11so_destroy_dh_object
-+#define PK11_DH PK11SO_DH
-+#define pk11_token_relogin pk11so_token_relogin
-+#define pFuncList pk11so_pFuncList
-+#define pk11_pin pk11so_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11so
-Index: openssl/crypto/engine/hw_pk11so_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.2.4.3
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/hw_pk11so_pub.c Fri Jun 17 07:56:21 2011
-@@ -0,0 +1,1622 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+/* RSA stuff */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa;
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ const RSA_METHOD *rsa;
-+
-+ if (pk11_rsa.name == NULL)
-+ {
-+ rsa = RSA_PKCS1_SSLeay();
-+ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
-+ pk11_rsa.name = "PKCS#11 RSA method";
-+ pk11_rsa.rsa_sign = pk11_RSA_sign;
-+ }
-+ return (&pk11_rsa);
-+ }
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ goto err;
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/pkcs11.h
-diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,299 @@
-+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+#ifndef _PKCS11_H_
-+#define _PKCS11_H_ 1
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* Before including this file (pkcs11.h) (or pkcs11t.h by
-+ * itself), 6 platform-specific macros must be defined. These
-+ * macros are described below, and typical definitions for them
-+ * are also given. Be advised that these definitions can depend
-+ * on both the platform and the compiler used (and possibly also
-+ * on whether a Cryptoki library is linked statically or
-+ * dynamically).
-+ *
-+ * In addition to defining these 6 macros, the packing convention
-+ * for Cryptoki structures should be set. The Cryptoki
-+ * convention on packing is that structures should be 1-byte
-+ * aligned.
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, this might be done by using the following
-+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(push, cryptoki, 1)
-+ *
-+ * and using the following preprocessor directive after including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(pop, cryptoki)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, this might be done by using
-+ * the following preprocessor directive before including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(1)
-+ *
-+ * In a UNIX environment, you're on your own for this. You might
-+ * not need to do (or be able to do!) anything.
-+ *
-+ *
-+ * Now for the macros:
-+ *
-+ *
-+ * 1. CK_PTR: The indirection string for making a pointer to an
-+ * object. It can be used like this:
-+ *
-+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR far *
-+ *
-+ * In a typical UNIX environment, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ *
-+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
-+ * an exportable Cryptoki library function definition out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion to define the exposed Cryptoki functions in
-+ * a Cryptoki library:
-+ *
-+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * )
-+ * {
-+ * ...
-+ * }
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to define a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllexport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to define a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
-+ * an importable Cryptoki library function declaration out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion:
-+ *
-+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * );
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to declare a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllimport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to declare a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
-+ * which makes a Cryptoki API function pointer declaration or
-+ * function pointer type declaration out of a return type and a
-+ * function name. It should be used in the following fashion:
-+ *
-+ * // Define funcPtr to be a pointer to a Cryptoki API function
-+ * // taking arguments args and returning CK_RV.
-+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
-+ *
-+ * or
-+ *
-+ * // Define funcPtrType to be the type of a pointer to a
-+ * // Cryptoki API function taking arguments args and returning
-+ * // CK_RV, and then define funcPtr to be a variable of type
-+ * // funcPtrType.
-+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
-+ * funcPtrType funcPtr;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to access
-+ * functions in a Win32 Cryptoki .dll, in might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __declspec(dllimport) (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to access functions in a Win16 Cryptoki .dll, it might
-+ * be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __export _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
-+ * a function pointer type for an application callback out of
-+ * a return type for the callback and a name for the callback.
-+ * It should be used in the following fashion:
-+ *
-+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
-+ *
-+ * to declare a function pointer, myCallback, to a callback
-+ * which takes arguments args and returns a CK_RV. It can also
-+ * be used like this:
-+ *
-+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
-+ * myCallbackType myCallback;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to do Win32
-+ * Cryptoki development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to do Win16 development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
-+ *
-+ * In any ANSI/ISO C environment (and in many others as well),
-+ * this should best be defined by
-+ *
-+ * #ifndef NULL_PTR
-+ * #define NULL_PTR 0
-+ * #endif
-+ */
-+
-+
-+/* All the various Cryptoki types and #define'd values are in the
-+ * file pkcs11t.h. */
-+#include "pkcs11t.h"
-+
-+#define __PASTE(x,y) x##y
-+
-+
-+/* ==============================================================
-+ * Define the "extern" form of all the entry points.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ extern CK_DECLARE_FUNCTION(CK_RV, name)
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define the typedef form of all the entry points. That is, for
-+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
-+ * a pointer to that kind of function.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define structed vector of entry points. A CK_FUNCTION_LIST
-+ * contains a CK_VERSION indicating a library's Cryptoki version
-+ * and then a whole slew of function pointers to the routines in
-+ * the library. This type was declared, but not defined, in
-+ * pkcs11t.h.
-+ * ==============================================================
-+ */
-+
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ __PASTE(CK_,name) name;
-+
-+struct CK_FUNCTION_LIST {
-+
-+ CK_VERSION version; /* Cryptoki version */
-+
-+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+};
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+#undef __PASTE
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
-Index: openssl/crypto/engine/pkcs11f.h
-diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,912 @@
-+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* This header file contains pretty much everything about all the */
-+/* Cryptoki function prototypes. Because this information is */
-+/* used for more than just declaring function prototypes, the */
-+/* order of the functions appearing herein is important, and */
-+/* should not be altered. */
-+
-+/* General-purpose */
-+
-+/* C_Initialize initializes the Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Initialize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
-+ * cast to CK_C_INITIALIZE_ARGS_PTR
-+ * and dereferenced */
-+);
-+#endif
-+
-+
-+/* C_Finalize indicates that an application is done with the
-+ * Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Finalize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-+
-+
-+/* C_GetInfo returns general information about Cryptoki. */
-+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_INFO_PTR pInfo /* location that receives information */
-+);
-+#endif
-+
-+
-+/* C_GetFunctionList returns the function list. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
-+ * function list */
-+);
-+#endif
-+
-+
-+
-+/* Slot and token management */
-+
-+/* C_GetSlotList obtains a list of slots in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_BBOOL tokenPresent, /* only slots with tokens? */
-+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
-+ CK_ULONG_PTR pulCount /* receives number of slots */
-+);
-+#endif
-+
-+
-+/* C_GetSlotInfo obtains information about a particular slot in
-+ * the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the ID of the slot */
-+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-+);
-+#endif
-+
-+
-+/* C_GetTokenInfo obtains information about a particular token
-+ * in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismList obtains a list of mechanism types
-+ * supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of token's slot */
-+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
-+ CK_ULONG_PTR pulCount /* gets # of mechs. */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismInfo obtains information about a particular
-+ * mechanism possibly supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_MECHANISM_TYPE type, /* type of mechanism */
-+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
-+);
-+#endif
-+
-+
-+/* C_InitToken initializes a token. */
-+CK_PKCS11_FUNCTION_INFO(C_InitToken)
-+#ifdef CK_NEED_ARG_LIST
-+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
-+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
-+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-+);
-+#endif
-+
-+
-+/* C_InitPIN initializes the normal user's PIN. */
-+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
-+ CK_ULONG ulPinLen /* length in bytes of the PIN */
-+);
-+#endif
-+
-+
-+/* C_SetPIN modifies the PIN of the user who is logged in. */
-+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
-+ CK_ULONG ulOldLen, /* length of the old PIN */
-+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
-+ CK_ULONG ulNewLen /* length of the new PIN */
-+);
-+#endif
-+
-+
-+
-+/* Session management */
-+
-+/* C_OpenSession opens a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the slot's ID */
-+ CK_FLAGS flags, /* from CK_SESSION_INFO */
-+ CK_VOID_PTR pApplication, /* passed to callback */
-+ CK_NOTIFY Notify, /* callback function */
-+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
-+);
-+#endif
-+
-+
-+/* C_CloseSession closes a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CloseAllSessions closes all sessions with a token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID /* the token's slot */
-+);
-+#endif
-+
-+
-+/* C_GetSessionInfo obtains information about the session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_SESSION_INFO_PTR pInfo /* receives session info */
-+);
-+#endif
-+
-+
-+/* C_GetOperationState obtains the state of the cryptographic operation
-+ * in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* gets state */
-+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
-+);
-+#endif
-+
-+
-+/* C_SetOperationState restores the state of the cryptographic
-+ * operation in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* holds state */
-+ CK_ULONG ulOperationStateLen, /* holds state length */
-+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
-+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
-+);
-+#endif
-+
-+
-+/* C_Login logs a user into a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Login)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_USER_TYPE userType, /* the user type */
-+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
-+ CK_ULONG ulPinLen /* the length of the PIN */
-+);
-+#endif
-+
-+
-+/* C_Logout logs a user out from a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Logout)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Object management */
-+
-+/* C_CreateObject creates a new object. */
-+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
-+);
-+#endif
-+
-+
-+/* C_CopyObject copies an object, creating a new object for the
-+ * copy. */
-+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-+);
-+#endif
-+
-+
-+/* C_DestroyObject destroys an object. */
-+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject /* the object's handle */
-+);
-+#endif
-+
-+
-+/* C_GetObjectSize gets the size of an object in bytes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ULONG_PTR pulSize /* receives size of object */
-+);
-+#endif
-+
-+
-+/* C_GetAttributeValue obtains the value of one or more object
-+ * attributes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_SetAttributeValue modifies the value of one or more object
-+ * attributes */
-+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsInit initializes a search for token and session
-+ * objects that match a template. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
-+ CK_ULONG ulCount /* attrs in search template */
-+);
-+#endif
-+
-+
-+/* C_FindObjects continues a search for token and session
-+ * objects that match a template, obtaining additional object
-+ * handles. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
-+ CK_ULONG ulMaxObjectCount, /* max handles to get */
-+ CK_ULONG_PTR pulObjectCount /* actual # returned */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsFinal finishes a search for token and session
-+ * objects. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Encryption and decryption */
-+
-+/* C_EncryptInit initializes an encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
-+);
-+#endif
-+
-+
-+/* C_Encrypt encrypts single-part data. */
-+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pData, /* the plaintext data */
-+ CK_ULONG ulDataLen, /* bytes of plaintext */
-+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptUpdate continues a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext data len */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptFinal finishes a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session handle */
-+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
-+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
-+);
-+#endif
-+
-+
-+/* C_DecryptInit initializes a decryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
-+);
-+#endif
-+
-+
-+/* C_Decrypt decrypts encrypted data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
-+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
-+ CK_BYTE_PTR pData, /* gets plaintext */
-+ CK_ULONG_PTR pulDataLen /* gets p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptUpdate continues a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
-+ CK_ULONG ulEncryptedPartLen, /* input length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptFinal finishes a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pLastPart, /* gets plaintext */
-+ CK_ULONG_PTR pulLastPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+
-+/* Message digesting */
-+
-+/* C_DigestInit initializes a message-digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-+);
-+#endif
-+
-+
-+/* C_Digest digests data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Digest)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* data to be digested */
-+ CK_ULONG ulDataLen, /* bytes of data to digest */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets digest length */
-+);
-+#endif
-+
-+
-+/* C_DigestUpdate continues a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* data to be digested */
-+ CK_ULONG ulPartLen /* bytes of data to be digested */
-+);
-+#endif
-+
-+
-+/* C_DigestKey continues a multi-part message-digesting
-+ * operation, by digesting the value of a secret key as part of
-+ * the data already digested. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hKey /* secret key to digest */
-+);
-+#endif
-+
-+
-+/* C_DigestFinal finishes a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
-+);
-+#endif
-+
-+
-+
-+/* Signing and MACing */
-+
-+/* C_SignInit initializes a signature (private key encryption)
-+ * operation, where the signature is (will be) an appendix to
-+ * the data, and plaintext cannot be recovered from the
-+ *signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of signature key */
-+);
-+#endif
-+
-+
-+/* C_Sign signs (encrypts with private key) data in a single
-+ * part, where the signature is (will be) an appendix to the
-+ * data, and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Sign)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignUpdate continues a multiple-part signature operation,
-+ * where the signature is (will be) an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* the data to sign */
-+ CK_ULONG ulPartLen /* count of bytes to sign */
-+);
-+#endif
-+
-+
-+/* C_SignFinal finishes a multiple-part signature operation,
-+ * returning the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignRecoverInit initializes a signature operation, where
-+ * the data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
-+);
-+#endif
-+
-+
-+/* C_SignRecover signs data in a single operation, where the
-+ * data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+
-+/* Verifying signatures and MACs */
-+
-+/* C_VerifyInit initializes a verification operation, where the
-+ * signature is an appendix to the data, and plaintext cannot
-+ * cannot be recovered from the signature (e.g. DSA). */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_Verify verifies a signature in a single-part operation,
-+ * where the signature is an appendix to the data, and plaintext
-+ * cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Verify)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* signed data */
-+ CK_ULONG ulDataLen, /* length of signed data */
-+ CK_BYTE_PTR pSignature, /* signature */
-+ CK_ULONG ulSignatureLen /* signature length*/
-+);
-+#endif
-+
-+
-+/* C_VerifyUpdate continues a multiple-part verification
-+ * operation, where the signature is an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* signed data */
-+ CK_ULONG ulPartLen /* length of signed data */
-+);
-+#endif
-+
-+
-+/* C_VerifyFinal finishes a multiple-part verification
-+ * operation, checking the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen /* signature length */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecoverInit initializes a signature verification
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecover verifies a signature in a single-part
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen, /* signature length */
-+ CK_BYTE_PTR pData, /* gets signed data */
-+ CK_ULONG_PTR pulDataLen /* gets signed data len */
-+);
-+#endif
-+
-+
-+
-+/* Dual-function cryptographic operations */
-+
-+/* C_DigestEncryptUpdate continues a multiple-part digesting
-+ * and encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptDigestUpdate continues a multiple-part decryption and
-+ * digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
-+);
-+#endif
-+
-+
-+/* C_SignEncryptUpdate continues a multiple-part signing and
-+ * encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
-+ * verify operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets p-text length */
-+);
-+#endif
-+
-+
-+
-+/* Key management */
-+
-+/* C_GenerateKey generates a secret key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
-+ CK_ULONG ulCount, /* # of attrs in template */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
-+);
-+#endif
-+
-+
-+/* C_GenerateKeyPair generates a public-key/private-key pair,
-+ * creating new key objects. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session
-+ * handle */
-+ CK_MECHANISM_PTR pMechanism, /* key-gen
-+ * mech. */
-+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
-+ * for pub.
-+ * key */
-+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
-+ * attrs. */
-+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
-+ * for priv.
-+ * key */
-+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
-+ * attrs. */
-+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
-+ * key
-+ * handle */
-+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
-+ * priv. key
-+ * handle */
-+);
-+#endif
-+
-+
-+/* C_WrapKey wraps (i.e., encrypts) a key. */
-+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
-+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
-+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
-+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
-+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
-+);
-+#endif
-+
-+
-+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
-+ * key object. */
-+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
-+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
-+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
-+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+/* C_DeriveKey derives a key from a base key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
-+ CK_OBJECT_HANDLE hBaseKey, /* base key */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+
-+/* Random number generation */
-+
-+/* C_SeedRandom mixes additional seed material into the token's
-+ * random number generator. */
-+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSeed, /* the seed material */
-+ CK_ULONG ulSeedLen /* length of seed material */
-+);
-+#endif
-+
-+
-+/* C_GenerateRandom generates random data. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR RandomData, /* receives the random data */
-+ CK_ULONG ulRandomLen /* # of bytes to generate */
-+);
-+#endif
-+
-+
-+
-+/* Parallel function management */
-+
-+/* C_GetFunctionStatus is a legacy function; it obtains an
-+ * updated status of a function running in parallel with an
-+ * application. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CancelFunction is a legacy function; it cancels a function
-+ * running in parallel. */
-+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Functions added in for Cryptoki Version 2.01 or later */
-+
-+/* C_WaitForSlotEvent waits for a slot event (token insertion,
-+ * removal, etc.) to occur. */
-+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FLAGS flags, /* blocking/nonblocking flag */
-+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
-+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-Index: openssl/crypto/engine/pkcs11t.h
-diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Mon Jan 16 18:53:42 2012
-+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
-@@ -0,0 +1,1885 @@
-+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* See top of pkcs11.h for information about the macros that
-+ * must be defined and the structure-packing conventions that
-+ * must be set before including this file. */
-+
-+#ifndef _PKCS11T_H_
-+#define _PKCS11T_H_ 1
-+
-+#define CRYPTOKI_VERSION_MAJOR 2
-+#define CRYPTOKI_VERSION_MINOR 20
-+#define CRYPTOKI_VERSION_AMENDMENT 3
-+
-+#define CK_TRUE 1
-+#define CK_FALSE 0
-+
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#ifndef FALSE
-+#define FALSE CK_FALSE
-+#endif
-+
-+#ifndef TRUE
-+#define TRUE CK_TRUE
-+#endif
-+#endif
-+
-+/* an unsigned 8-bit value */
-+typedef unsigned char CK_BYTE;
-+
-+/* an unsigned 8-bit character */
-+typedef CK_BYTE CK_CHAR;
-+
-+/* an 8-bit UTF-8 character */
-+typedef CK_BYTE CK_UTF8CHAR;
-+
-+/* a BYTE-sized Boolean flag */
-+typedef CK_BYTE CK_BBOOL;
-+
-+/* an unsigned value, at least 32 bits long */
-+typedef unsigned long int CK_ULONG;
-+
-+/* a signed value, the same size as a CK_ULONG */
-+/* CK_LONG is new for v2.0 */
-+typedef long int CK_LONG;
-+
-+/* at least 32 bits; each bit is a Boolean flag */
-+typedef CK_ULONG CK_FLAGS;
-+
-+
-+/* some special values for certain CK_ULONG variables */
-+#define CK_UNAVAILABLE_INFORMATION (~0UL)
-+#define CK_EFFECTIVELY_INFINITE 0
-+
-+
-+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
-+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-+typedef void CK_PTR CK_VOID_PTR;
-+
-+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-+
-+
-+/* The following value is always invalid if used as a session */
-+/* handle or object handle */
-+#define CK_INVALID_HANDLE 0
-+
-+
-+typedef struct CK_VERSION {
-+ CK_BYTE major; /* integer portion of version number */
-+ CK_BYTE minor; /* 1/100ths portion of version number */
-+} CK_VERSION;
-+
-+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-+
-+
-+typedef struct CK_INFO {
-+ /* manufacturerID and libraryDecription have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags; /* must be zero */
-+
-+ /* libraryDescription and libraryVersion are new for v2.0 */
-+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
-+ CK_VERSION libraryVersion; /* version of library */
-+} CK_INFO;
-+
-+typedef CK_INFO CK_PTR CK_INFO_PTR;
-+
-+
-+/* CK_NOTIFICATION enumerates the types of notifications that
-+ * Cryptoki provides to an application */
-+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_NOTIFICATION;
-+#define CKN_SURRENDER 0
-+
-+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
-+#define CKN_OTP_CHANGED 1
-+
-+
-+typedef CK_ULONG CK_SLOT_ID;
-+
-+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-+
-+
-+/* CK_SLOT_INFO provides information about a slot */
-+typedef struct CK_SLOT_INFO {
-+ /* slotDescription and manufacturerID have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags;
-+
-+ /* hardwareVersion and firmwareVersion are new for v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+} CK_SLOT_INFO;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-+
-+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-+
-+
-+/* CK_TOKEN_INFO provides information about a token */
-+typedef struct CK_TOKEN_INFO {
-+ /* label, manufacturerID, and model have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR label[32]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_UTF8CHAR model[16]; /* blank padded */
-+ CK_CHAR serialNumber[16]; /* blank padded */
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
-+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
-+ * changed from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulMaxSessionCount; /* max open sessions */
-+ CK_ULONG ulSessionCount; /* sess. now open */
-+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
-+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
-+ CK_ULONG ulMaxPinLen; /* in bytes */
-+ CK_ULONG ulMinPinLen; /* in bytes */
-+ CK_ULONG ulTotalPublicMemory; /* in bytes */
-+ CK_ULONG ulFreePublicMemory; /* in bytes */
-+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
-+ CK_ULONG ulFreePrivateMemory; /* in bytes */
-+
-+ /* hardwareVersion, firmwareVersion, and time are new for
-+ * v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+ CK_CHAR utcTime[16]; /* time */
-+} CK_TOKEN_INFO;
-+
-+/* The flags parameter is defined as follows:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RNG 0x00000001 /* has random #
-+ * generator */
-+#define CKF_WRITE_PROTECTED 0x00000002 /* token is
-+ * write-
-+ * protected */
-+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
-+ * login */
-+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
-+ * PIN is set */
-+
-+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
-+ * that means that *every* time the state of cryptographic
-+ * operations of a session is successfully saved, all keys
-+ * needed to continue those operations are stored in the state */
-+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-+
-+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
-+ * that the token has some sort of clock. The time on that
-+ * clock is returned in the token info structure */
-+#define CKF_CLOCK_ON_TOKEN 0x00000040
-+
-+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
-+ * set, that means that there is some way for the user to login
-+ * without sending a PIN through the Cryptoki library itself */
-+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-+
-+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
-+ * that means that a single session with the token can perform
-+ * dual simultaneous cryptographic operations (digest and
-+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
-+ * and sign) */
-+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-+
-+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
-+ * token has been initialized using C_InitializeToken or an
-+ * equivalent mechanism outside the scope of PKCS #11.
-+ * Calling C_InitializeToken when this flag is set will cause
-+ * the token to be reinitialized. */
-+#define CKF_TOKEN_INITIALIZED 0x00000400
-+
-+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
-+ * true, the token supports secondary authentication for
-+ * private key objects. This flag is deprecated in v2.11 and
-+ onwards. */
-+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
-+
-+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect user login PIN has been entered at least once
-+ * since the last successful authentication. */
-+#define CKF_USER_PIN_COUNT_LOW 0x00010000
-+
-+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect user PIN will it to become locked. */
-+#define CKF_USER_PIN_FINAL_TRY 0x00020000
-+
-+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
-+ * user PIN has been locked. User login to the token is not
-+ * possible. */
-+#define CKF_USER_PIN_LOCKED 0x00040000
-+
-+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the user PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
-+
-+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect SO login PIN has been entered at least once since
-+ * the last successful authentication. */
-+#define CKF_SO_PIN_COUNT_LOW 0x00100000
-+
-+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect SO PIN will it to become locked. */
-+#define CKF_SO_PIN_FINAL_TRY 0x00200000
-+
-+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
-+ * PIN has been locked. SO login to the token is not possible.
-+ */
-+#define CKF_SO_PIN_LOCKED 0x00400000
-+
-+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the SO PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
-+
-+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-+
-+
-+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
-+ * identifies a session */
-+typedef CK_ULONG CK_SESSION_HANDLE;
-+
-+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-+
-+
-+/* CK_USER_TYPE enumerates the types of Cryptoki users */
-+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_USER_TYPE;
-+/* Security Officer */
-+#define CKU_SO 0
-+/* Normal user */
-+#define CKU_USER 1
-+/* Context specific (added in v2.20) */
-+#define CKU_CONTEXT_SPECIFIC 2
-+
-+/* CK_STATE enumerates the session states */
-+/* CK_STATE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_STATE;
-+#define CKS_RO_PUBLIC_SESSION 0
-+#define CKS_RO_USER_FUNCTIONS 1
-+#define CKS_RW_PUBLIC_SESSION 2
-+#define CKS_RW_USER_FUNCTIONS 3
-+#define CKS_RW_SO_FUNCTIONS 4
-+
-+
-+/* CK_SESSION_INFO provides information about a session */
-+typedef struct CK_SESSION_INFO {
-+ CK_SLOT_ID slotID;
-+ CK_STATE state;
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulDeviceError; /* device-dependent error code */
-+} CK_SESSION_INFO;
-+
-+/* The flags are defined in the following table:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-+
-+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-+
-+
-+/* CK_OBJECT_HANDLE is a token-specific identifier for an
-+ * object */
-+typedef CK_ULONG CK_OBJECT_HANDLE;
-+
-+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-+
-+
-+/* CK_OBJECT_CLASS is a value that identifies the classes (or
-+ * types) of objects that Cryptoki recognizes. It is defined
-+ * as follows: */
-+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_OBJECT_CLASS;
-+
-+/* The following classes of objects are defined: */
-+/* CKO_HW_FEATURE is new for v2.10 */
-+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
-+/* CKO_MECHANISM is new for v2.20 */
-+#define CKO_DATA 0x00000000
-+#define CKO_CERTIFICATE 0x00000001
-+#define CKO_PUBLIC_KEY 0x00000002
-+#define CKO_PRIVATE_KEY 0x00000003
-+#define CKO_SECRET_KEY 0x00000004
-+#define CKO_HW_FEATURE 0x00000005
-+#define CKO_DOMAIN_PARAMETERS 0x00000006
-+#define CKO_MECHANISM 0x00000007
-+
-+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
-+#define CKO_OTP_KEY 0x00000008
-+
-+#define CKO_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-+
-+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
-+ * value that identifies the hardware feature type of an object
-+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
-+typedef CK_ULONG CK_HW_FEATURE_TYPE;
-+
-+/* The following hardware feature types are defined */
-+/* CKH_USER_INTERFACE is new for v2.20 */
-+#define CKH_MONOTONIC_COUNTER 0x00000001
-+#define CKH_CLOCK 0x00000002
-+#define CKH_USER_INTERFACE 0x00000003
-+#define CKH_VENDOR_DEFINED 0x80000000
-+
-+/* CK_KEY_TYPE is a value that identifies a key type */
-+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_KEY_TYPE;
-+
-+/* the following key types are defined: */
-+#define CKK_RSA 0x00000000
-+#define CKK_DSA 0x00000001
-+#define CKK_DH 0x00000002
-+
-+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
-+#define CKK_ECDSA 0x00000003
-+#define CKK_EC 0x00000003
-+#define CKK_X9_42_DH 0x00000004
-+#define CKK_KEA 0x00000005
-+
-+#define CKK_GENERIC_SECRET 0x00000010
-+#define CKK_RC2 0x00000011
-+#define CKK_RC4 0x00000012
-+#define CKK_DES 0x00000013
-+#define CKK_DES2 0x00000014
-+#define CKK_DES3 0x00000015
-+
-+/* all these key types are new for v2.0 */
-+#define CKK_CAST 0x00000016
-+#define CKK_CAST3 0x00000017
-+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
-+#define CKK_CAST5 0x00000018
-+#define CKK_CAST128 0x00000018
-+#define CKK_RC5 0x00000019
-+#define CKK_IDEA 0x0000001A
-+#define CKK_SKIPJACK 0x0000001B
-+#define CKK_BATON 0x0000001C
-+#define CKK_JUNIPER 0x0000001D
-+#define CKK_CDMF 0x0000001E
-+#define CKK_AES 0x0000001F
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKK_BLOWFISH 0x00000020
-+#define CKK_TWOFISH 0x00000021
-+
-+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
-+#define CKK_SECURID 0x00000022
-+#define CKK_HOTP 0x00000023
-+#define CKK_ACTI 0x00000024
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_CAMELLIA 0x00000025
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_ARIA 0x00000026
-+
-+
-+#define CKK_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
-+ * type */
-+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_CERTIFICATE_TYPE;
-+
-+/* The following certificate types are defined: */
-+/* CKC_X_509_ATTR_CERT is new for v2.10 */
-+/* CKC_WTLS is new for v2.20 */
-+#define CKC_X_509 0x00000000
-+#define CKC_X_509_ATTR_CERT 0x00000001
-+#define CKC_WTLS 0x00000002
-+#define CKC_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
-+ * type */
-+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-+
-+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
-+ consists of an array of values. */
-+#define CKF_ARRAY_ATTRIBUTE 0x40000000
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_FORMAT attribute */
-+#define CK_OTP_FORMAT_DECIMAL 0
-+#define CK_OTP_FORMAT_HEXADECIMAL 1
-+#define CK_OTP_FORMAT_ALPHANUMERIC 2
-+#define CK_OTP_FORMAT_BINARY 3
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
-+#define CK_OTP_PARAM_IGNORED 0
-+#define CK_OTP_PARAM_OPTIONAL 1
-+#define CK_OTP_PARAM_MANDATORY 2
-+
-+/* The following attribute types are defined: */
-+#define CKA_CLASS 0x00000000
-+#define CKA_TOKEN 0x00000001
-+#define CKA_PRIVATE 0x00000002
-+#define CKA_LABEL 0x00000003
-+#define CKA_APPLICATION 0x00000010
-+#define CKA_VALUE 0x00000011
-+
-+/* CKA_OBJECT_ID is new for v2.10 */
-+#define CKA_OBJECT_ID 0x00000012
-+
-+#define CKA_CERTIFICATE_TYPE 0x00000080
-+#define CKA_ISSUER 0x00000081
-+#define CKA_SERIAL_NUMBER 0x00000082
-+
-+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
-+ * for v2.10 */
-+#define CKA_AC_ISSUER 0x00000083
-+#define CKA_OWNER 0x00000084
-+#define CKA_ATTR_TYPES 0x00000085
-+
-+/* CKA_TRUSTED is new for v2.11 */
-+#define CKA_TRUSTED 0x00000086
-+
-+/* CKA_CERTIFICATE_CATEGORY ...
-+ * CKA_CHECK_VALUE are new for v2.20 */
-+#define CKA_CERTIFICATE_CATEGORY 0x00000087
-+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
-+#define CKA_URL 0x00000089
-+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
-+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
-+#define CKA_CHECK_VALUE 0x00000090
-+
-+#define CKA_KEY_TYPE 0x00000100
-+#define CKA_SUBJECT 0x00000101
-+#define CKA_ID 0x00000102
-+#define CKA_SENSITIVE 0x00000103
-+#define CKA_ENCRYPT 0x00000104
-+#define CKA_DECRYPT 0x00000105
-+#define CKA_WRAP 0x00000106
-+#define CKA_UNWRAP 0x00000107
-+#define CKA_SIGN 0x00000108
-+#define CKA_SIGN_RECOVER 0x00000109
-+#define CKA_VERIFY 0x0000010A
-+#define CKA_VERIFY_RECOVER 0x0000010B
-+#define CKA_DERIVE 0x0000010C
-+#define CKA_START_DATE 0x00000110
-+#define CKA_END_DATE 0x00000111
-+#define CKA_MODULUS 0x00000120
-+#define CKA_MODULUS_BITS 0x00000121
-+#define CKA_PUBLIC_EXPONENT 0x00000122
-+#define CKA_PRIVATE_EXPONENT 0x00000123
-+#define CKA_PRIME_1 0x00000124
-+#define CKA_PRIME_2 0x00000125
-+#define CKA_EXPONENT_1 0x00000126
-+#define CKA_EXPONENT_2 0x00000127
-+#define CKA_COEFFICIENT 0x00000128
-+#define CKA_PRIME 0x00000130
-+#define CKA_SUBPRIME 0x00000131
-+#define CKA_BASE 0x00000132
-+
-+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
-+#define CKA_PRIME_BITS 0x00000133
-+#define CKA_SUBPRIME_BITS 0x00000134
-+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
-+/* (To retain backwards-compatibility) */
-+
-+#define CKA_VALUE_BITS 0x00000160
-+#define CKA_VALUE_LEN 0x00000161
-+
-+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
-+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
-+ * and CKA_EC_POINT are new for v2.0 */
-+#define CKA_EXTRACTABLE 0x00000162
-+#define CKA_LOCAL 0x00000163
-+#define CKA_NEVER_EXTRACTABLE 0x00000164
-+#define CKA_ALWAYS_SENSITIVE 0x00000165
-+
-+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
-+#define CKA_KEY_GEN_MECHANISM 0x00000166
-+
-+#define CKA_MODIFIABLE 0x00000170
-+
-+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
-+ * CKA_EC_PARAMS is preferred. */
-+#define CKA_ECDSA_PARAMS 0x00000180
-+#define CKA_EC_PARAMS 0x00000180
-+
-+#define CKA_EC_POINT 0x00000181
-+
-+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
-+ * are new for v2.10. Deprecated in v2.11 and onwards. */
-+#define CKA_SECONDARY_AUTH 0x00000200
-+#define CKA_AUTH_PIN_FLAGS 0x00000201
-+
-+/* CKA_ALWAYS_AUTHENTICATE ...
-+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
-+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
-+
-+#define CKA_WRAP_WITH_TRUSTED 0x00000210
-+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
-+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
-+
-+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
-+#define CKA_OTP_FORMAT 0x00000220
-+#define CKA_OTP_LENGTH 0x00000221
-+#define CKA_OTP_TIME_INTERVAL 0x00000222
-+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
-+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
-+#define CKA_OTP_TIME_REQUIREMENT 0x00000225
-+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
-+#define CKA_OTP_PIN_REQUIREMENT 0x00000227
-+#define CKA_OTP_COUNTER 0x0000022E
-+#define CKA_OTP_TIME 0x0000022F
-+#define CKA_OTP_USER_IDENTIFIER 0x0000022A
-+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
-+#define CKA_OTP_SERVICE_LOGO 0x0000022C
-+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
-+
-+
-+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
-+ * are new for v2.10 */
-+#define CKA_HW_FEATURE_TYPE 0x00000300
-+#define CKA_RESET_ON_INIT 0x00000301
-+#define CKA_HAS_RESET 0x00000302
-+
-+/* The following attributes are new for v2.20 */
-+#define CKA_PIXEL_X 0x00000400
-+#define CKA_PIXEL_Y 0x00000401
-+#define CKA_RESOLUTION 0x00000402
-+#define CKA_CHAR_ROWS 0x00000403
-+#define CKA_CHAR_COLUMNS 0x00000404
-+#define CKA_COLOR 0x00000405
-+#define CKA_BITS_PER_PIXEL 0x00000406
-+#define CKA_CHAR_SETS 0x00000480
-+#define CKA_ENCODING_METHODS 0x00000481
-+#define CKA_MIME_TYPES 0x00000482
-+#define CKA_MECHANISM_TYPE 0x00000500
-+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
-+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
-+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
-+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
-+
-+#define CKA_VENDOR_DEFINED 0x80000000
-+
-+/* CK_ATTRIBUTE is a structure that includes the type, length
-+ * and value of an attribute */
-+typedef struct CK_ATTRIBUTE {
-+ CK_ATTRIBUTE_TYPE type;
-+ CK_VOID_PTR pValue;
-+
-+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulValueLen; /* in bytes */
-+} CK_ATTRIBUTE;
-+
-+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-+
-+
-+/* CK_DATE is a structure that defines a date */
-+typedef struct CK_DATE{
-+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
-+ CK_CHAR month[2]; /* the month ("01" - "12") */
-+ CK_CHAR day[2]; /* the day ("01" - "31") */
-+} CK_DATE;
-+
-+
-+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
-+ * type */
-+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_MECHANISM_TYPE;
-+
-+/* the following mechanism types are defined: */
-+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-+#define CKM_RSA_PKCS 0x00000001
-+#define CKM_RSA_9796 0x00000002
-+#define CKM_RSA_X_509 0x00000003
-+
-+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
-+ * are new for v2.0. They are mechanisms which hash and sign */
-+#define CKM_MD2_RSA_PKCS 0x00000004
-+#define CKM_MD5_RSA_PKCS 0x00000005
-+#define CKM_SHA1_RSA_PKCS 0x00000006
-+
-+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
-+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
-+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
-+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
-+#define CKM_RSA_PKCS_OAEP 0x00000009
-+
-+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
-+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
-+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
-+#define CKM_RSA_X9_31 0x0000000B
-+#define CKM_SHA1_RSA_X9_31 0x0000000C
-+#define CKM_RSA_PKCS_PSS 0x0000000D
-+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
-+
-+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-+#define CKM_DSA 0x00000011
-+#define CKM_DSA_SHA1 0x00000012
-+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-+#define CKM_DH_PKCS_DERIVE 0x00000021
-+
-+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
-+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
-+ * v2.11 */
-+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
-+#define CKM_X9_42_DH_DERIVE 0x00000031
-+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
-+#define CKM_X9_42_MQV_DERIVE 0x00000033
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_RSA_PKCS 0x00000040
-+#define CKM_SHA384_RSA_PKCS 0x00000041
-+#define CKM_SHA512_RSA_PKCS 0x00000042
-+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
-+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
-+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
-+
-+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_RSA_PKCS 0x00000046
-+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
-+
-+#define CKM_RC2_KEY_GEN 0x00000100
-+#define CKM_RC2_ECB 0x00000101
-+#define CKM_RC2_CBC 0x00000102
-+#define CKM_RC2_MAC 0x00000103
-+
-+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-+#define CKM_RC2_MAC_GENERAL 0x00000104
-+#define CKM_RC2_CBC_PAD 0x00000105
-+
-+#define CKM_RC4_KEY_GEN 0x00000110
-+#define CKM_RC4 0x00000111
-+#define CKM_DES_KEY_GEN 0x00000120
-+#define CKM_DES_ECB 0x00000121
-+#define CKM_DES_CBC 0x00000122
-+#define CKM_DES_MAC 0x00000123
-+
-+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-+#define CKM_DES_MAC_GENERAL 0x00000124
-+#define CKM_DES_CBC_PAD 0x00000125
-+
-+#define CKM_DES2_KEY_GEN 0x00000130
-+#define CKM_DES3_KEY_GEN 0x00000131
-+#define CKM_DES3_ECB 0x00000132
-+#define CKM_DES3_CBC 0x00000133
-+#define CKM_DES3_MAC 0x00000134
-+
-+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
-+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
-+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-+#define CKM_DES3_MAC_GENERAL 0x00000135
-+#define CKM_DES3_CBC_PAD 0x00000136
-+#define CKM_CDMF_KEY_GEN 0x00000140
-+#define CKM_CDMF_ECB 0x00000141
-+#define CKM_CDMF_CBC 0x00000142
-+#define CKM_CDMF_MAC 0x00000143
-+#define CKM_CDMF_MAC_GENERAL 0x00000144
-+#define CKM_CDMF_CBC_PAD 0x00000145
-+
-+/* the following four DES mechanisms are new for v2.20 */
-+#define CKM_DES_OFB64 0x00000150
-+#define CKM_DES_OFB8 0x00000151
-+#define CKM_DES_CFB64 0x00000152
-+#define CKM_DES_CFB8 0x00000153
-+
-+#define CKM_MD2 0x00000200
-+
-+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD2_HMAC 0x00000201
-+#define CKM_MD2_HMAC_GENERAL 0x00000202
-+
-+#define CKM_MD5 0x00000210
-+
-+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD5_HMAC 0x00000211
-+#define CKM_MD5_HMAC_GENERAL 0x00000212
-+
-+#define CKM_SHA_1 0x00000220
-+
-+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-+#define CKM_SHA_1_HMAC 0x00000221
-+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-+
-+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
-+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
-+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
-+#define CKM_RIPEMD128 0x00000230
-+#define CKM_RIPEMD128_HMAC 0x00000231
-+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
-+#define CKM_RIPEMD160 0x00000240
-+#define CKM_RIPEMD160_HMAC 0x00000241
-+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256 0x00000250
-+#define CKM_SHA256_HMAC 0x00000251
-+#define CKM_SHA256_HMAC_GENERAL 0x00000252
-+
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224 0x00000255
-+#define CKM_SHA224_HMAC 0x00000256
-+#define CKM_SHA224_HMAC_GENERAL 0x00000257
-+
-+#define CKM_SHA384 0x00000260
-+#define CKM_SHA384_HMAC 0x00000261
-+#define CKM_SHA384_HMAC_GENERAL 0x00000262
-+#define CKM_SHA512 0x00000270
-+#define CKM_SHA512_HMAC 0x00000271
-+#define CKM_SHA512_HMAC_GENERAL 0x00000272
-+
-+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_SECURID_KEY_GEN 0x00000280
-+#define CKM_SECURID 0x00000282
-+
-+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_HOTP_KEY_GEN 0x00000290
-+#define CKM_HOTP 0x00000291
-+
-+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_ACTI 0x000002A0
-+#define CKM_ACTI_KEY_GEN 0x000002A1
-+
-+/* All of the following mechanisms are new for v2.0 */
-+/* Note that CAST128 and CAST5 are the same algorithm */
-+#define CKM_CAST_KEY_GEN 0x00000300
-+#define CKM_CAST_ECB 0x00000301
-+#define CKM_CAST_CBC 0x00000302
-+#define CKM_CAST_MAC 0x00000303
-+#define CKM_CAST_MAC_GENERAL 0x00000304
-+#define CKM_CAST_CBC_PAD 0x00000305
-+#define CKM_CAST3_KEY_GEN 0x00000310
-+#define CKM_CAST3_ECB 0x00000311
-+#define CKM_CAST3_CBC 0x00000312
-+#define CKM_CAST3_MAC 0x00000313
-+#define CKM_CAST3_MAC_GENERAL 0x00000314
-+#define CKM_CAST3_CBC_PAD 0x00000315
-+#define CKM_CAST5_KEY_GEN 0x00000320
-+#define CKM_CAST128_KEY_GEN 0x00000320
-+#define CKM_CAST5_ECB 0x00000321
-+#define CKM_CAST128_ECB 0x00000321
-+#define CKM_CAST5_CBC 0x00000322
-+#define CKM_CAST128_CBC 0x00000322
-+#define CKM_CAST5_MAC 0x00000323
-+#define CKM_CAST128_MAC 0x00000323
-+#define CKM_CAST5_MAC_GENERAL 0x00000324
-+#define CKM_CAST128_MAC_GENERAL 0x00000324
-+#define CKM_CAST5_CBC_PAD 0x00000325
-+#define CKM_CAST128_CBC_PAD 0x00000325
-+#define CKM_RC5_KEY_GEN 0x00000330
-+#define CKM_RC5_ECB 0x00000331
-+#define CKM_RC5_CBC 0x00000332
-+#define CKM_RC5_MAC 0x00000333
-+#define CKM_RC5_MAC_GENERAL 0x00000334
-+#define CKM_RC5_CBC_PAD 0x00000335
-+#define CKM_IDEA_KEY_GEN 0x00000340
-+#define CKM_IDEA_ECB 0x00000341
-+#define CKM_IDEA_CBC 0x00000342
-+#define CKM_IDEA_MAC 0x00000343
-+#define CKM_IDEA_MAC_GENERAL 0x00000344
-+#define CKM_IDEA_CBC_PAD 0x00000345
-+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-+#define CKM_XOR_BASE_AND_DATA 0x00000364
-+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-+
-+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
-+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
-+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
-+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
-+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
-+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
-+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
-+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
-+
-+/* CKM_TLS_PRF is new for v2.20 */
-+#define CKM_TLS_PRF 0x00000378
-+
-+#define CKM_SSL3_MD5_MAC 0x00000380
-+#define CKM_SSL3_SHA1_MAC 0x00000381
-+#define CKM_MD5_KEY_DERIVATION 0x00000390
-+#define CKM_MD2_KEY_DERIVATION 0x00000391
-+#define CKM_SHA1_KEY_DERIVATION 0x00000392
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_KEY_DERIVATION 0x00000393
-+#define CKM_SHA384_KEY_DERIVATION 0x00000394
-+#define CKM_SHA512_KEY_DERIVATION 0x00000395
-+
-+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_KEY_DERIVATION 0x00000396
-+
-+#define CKM_PBE_MD2_DES_CBC 0x000003A0
-+#define CKM_PBE_MD5_DES_CBC 0x000003A1
-+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-+#define CKM_PBE_SHA1_RC4_128 0x000003A6
-+#define CKM_PBE_SHA1_RC4_40 0x000003A7
-+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-+
-+/* CKM_PKCS5_PBKD2 is new for v2.10 */
-+#define CKM_PKCS5_PBKD2 0x000003B0
-+
-+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-+
-+/* WTLS mechanisms are new for v2.20 */
-+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
-+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
-+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
-+#define CKM_WTLS_PRF 0x000003D3
-+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
-+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
-+
-+#define CKM_KEY_WRAP_LYNKS 0x00000400
-+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-+
-+/* CKM_CMS_SIG is new for v2.20 */
-+#define CKM_CMS_SIG 0x00000500
-+
-+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
-+#define CKM_KIP_DERIVE 0x00000510
-+#define CKM_KIP_WRAP 0x00000511
-+#define CKM_KIP_MAC 0x00000512
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_CAMELLIA_KEY_GEN 0x00000550
-+#define CKM_CAMELLIA_ECB 0x00000551
-+#define CKM_CAMELLIA_CBC 0x00000552
-+#define CKM_CAMELLIA_MAC 0x00000553
-+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
-+#define CKM_CAMELLIA_CBC_PAD 0x00000555
-+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
-+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
-+#define CKM_CAMELLIA_CTR 0x00000558
-+
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_ARIA_KEY_GEN 0x00000560
-+#define CKM_ARIA_ECB 0x00000561
-+#define CKM_ARIA_CBC 0x00000562
-+#define CKM_ARIA_MAC 0x00000563
-+#define CKM_ARIA_MAC_GENERAL 0x00000564
-+#define CKM_ARIA_CBC_PAD 0x00000565
-+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
-+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
-+
-+/* Fortezza mechanisms */
-+#define CKM_SKIPJACK_KEY_GEN 0x00001000
-+#define CKM_SKIPJACK_ECB64 0x00001001
-+#define CKM_SKIPJACK_CBC64 0x00001002
-+#define CKM_SKIPJACK_OFB64 0x00001003
-+#define CKM_SKIPJACK_CFB64 0x00001004
-+#define CKM_SKIPJACK_CFB32 0x00001005
-+#define CKM_SKIPJACK_CFB16 0x00001006
-+#define CKM_SKIPJACK_CFB8 0x00001007
-+#define CKM_SKIPJACK_WRAP 0x00001008
-+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-+#define CKM_SKIPJACK_RELAYX 0x0000100a
-+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-+#define CKM_KEA_KEY_DERIVE 0x00001011
-+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-+#define CKM_BATON_KEY_GEN 0x00001030
-+#define CKM_BATON_ECB128 0x00001031
-+#define CKM_BATON_ECB96 0x00001032
-+#define CKM_BATON_CBC128 0x00001033
-+#define CKM_BATON_COUNTER 0x00001034
-+#define CKM_BATON_SHUFFLE 0x00001035
-+#define CKM_BATON_WRAP 0x00001036
-+
-+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
-+ * CKM_EC_KEY_PAIR_GEN is preferred */
-+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-+#define CKM_EC_KEY_PAIR_GEN 0x00001040
-+
-+#define CKM_ECDSA 0x00001041
-+#define CKM_ECDSA_SHA1 0x00001042
-+
-+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
-+ * are new for v2.11 */
-+#define CKM_ECDH1_DERIVE 0x00001050
-+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
-+#define CKM_ECMQV_DERIVE 0x00001052
-+
-+#define CKM_JUNIPER_KEY_GEN 0x00001060
-+#define CKM_JUNIPER_ECB128 0x00001061
-+#define CKM_JUNIPER_CBC128 0x00001062
-+#define CKM_JUNIPER_COUNTER 0x00001063
-+#define CKM_JUNIPER_SHUFFLE 0x00001064
-+#define CKM_JUNIPER_WRAP 0x00001065
-+#define CKM_FASTHASH 0x00001070
-+
-+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
-+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
-+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
-+ * new for v2.11 */
-+#define CKM_AES_KEY_GEN 0x00001080
-+#define CKM_AES_ECB 0x00001081
-+#define CKM_AES_CBC 0x00001082
-+#define CKM_AES_MAC 0x00001083
-+#define CKM_AES_MAC_GENERAL 0x00001084
-+#define CKM_AES_CBC_PAD 0x00001085
-+
-+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_AES_CTR 0x00001086
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKM_BLOWFISH_KEY_GEN 0x00001090
-+#define CKM_BLOWFISH_CBC 0x00001091
-+#define CKM_TWOFISH_KEY_GEN 0x00001092
-+#define CKM_TWOFISH_CBC 0x00001093
-+
-+
-+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
-+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
-+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
-+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
-+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
-+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
-+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
-+
-+#define CKM_DSA_PARAMETER_GEN 0x00002000
-+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
-+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
-+
-+#define CKM_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-+
-+
-+/* CK_MECHANISM is a structure that specifies a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM {
-+ CK_MECHANISM_TYPE mechanism;
-+ CK_VOID_PTR pParameter;
-+
-+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulParameterLen; /* in bytes */
-+} CK_MECHANISM;
-+
-+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-+
-+
-+/* CK_MECHANISM_INFO provides information about a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM_INFO {
-+ CK_ULONG ulMinKeySize;
-+ CK_ULONG ulMaxKeySize;
-+ CK_FLAGS flags;
-+} CK_MECHANISM_INFO;
-+
-+/* The flags are defined as follows:
-+ * Bit Flag Mask Meaning */
-+#define CKF_HW 0x00000001 /* performed by HW */
-+
-+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
-+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
-+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
-+ * and CKF_DERIVE are new for v2.0. They specify whether or not
-+ * a mechanism can be used for a particular task */
-+#define CKF_ENCRYPT 0x00000100
-+#define CKF_DECRYPT 0x00000200
-+#define CKF_DIGEST 0x00000400
-+#define CKF_SIGN 0x00000800
-+#define CKF_SIGN_RECOVER 0x00001000
-+#define CKF_VERIFY 0x00002000
-+#define CKF_VERIFY_RECOVER 0x00004000
-+#define CKF_GENERATE 0x00008000
-+#define CKF_GENERATE_KEY_PAIR 0x00010000
-+#define CKF_WRAP 0x00020000
-+#define CKF_UNWRAP 0x00040000
-+#define CKF_DERIVE 0x00080000
-+
-+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
-+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
-+ * describe a token's EC capabilities not available in mechanism
-+ * information. */
-+#define CKF_EC_F_P 0x00100000
-+#define CKF_EC_F_2M 0x00200000
-+#define CKF_EC_ECPARAMETERS 0x00400000
-+#define CKF_EC_NAMEDCURVE 0x00800000
-+#define CKF_EC_UNCOMPRESS 0x01000000
-+#define CKF_EC_COMPRESS 0x02000000
-+
-+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
-+
-+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-+
-+
-+/* CK_RV is a value that identifies the return value of a
-+ * Cryptoki function */
-+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_RV;
-+
-+#define CKR_OK 0x00000000
-+#define CKR_CANCEL 0x00000001
-+#define CKR_HOST_MEMORY 0x00000002
-+#define CKR_SLOT_ID_INVALID 0x00000003
-+
-+/* CKR_FLAGS_INVALID was removed for v2.0 */
-+
-+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-+#define CKR_GENERAL_ERROR 0x00000005
-+#define CKR_FUNCTION_FAILED 0x00000006
-+
-+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
-+ * and CKR_CANT_LOCK are new for v2.01 */
-+#define CKR_ARGUMENTS_BAD 0x00000007
-+#define CKR_NO_EVENT 0x00000008
-+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-+#define CKR_CANT_LOCK 0x0000000A
-+
-+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-+#define CKR_DATA_INVALID 0x00000020
-+#define CKR_DATA_LEN_RANGE 0x00000021
-+#define CKR_DEVICE_ERROR 0x00000030
-+#define CKR_DEVICE_MEMORY 0x00000031
-+#define CKR_DEVICE_REMOVED 0x00000032
-+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-+#define CKR_FUNCTION_CANCELED 0x00000050
-+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-+
-+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-+
-+#define CKR_KEY_HANDLE_INVALID 0x00000060
-+
-+/* CKR_KEY_SENSITIVE was removed for v2.0 */
-+
-+#define CKR_KEY_SIZE_RANGE 0x00000062
-+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-+
-+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
-+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
-+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
-+ * v2.0 */
-+#define CKR_KEY_NOT_NEEDED 0x00000064
-+#define CKR_KEY_CHANGED 0x00000065
-+#define CKR_KEY_NEEDED 0x00000066
-+#define CKR_KEY_INDIGESTIBLE 0x00000067
-+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-+
-+#define CKR_MECHANISM_INVALID 0x00000070
-+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-+
-+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
-+ * were removed for v2.0 */
-+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-+#define CKR_OPERATION_ACTIVE 0x00000090
-+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-+#define CKR_PIN_INCORRECT 0x000000A0
-+#define CKR_PIN_INVALID 0x000000A1
-+#define CKR_PIN_LEN_RANGE 0x000000A2
-+
-+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-+#define CKR_PIN_EXPIRED 0x000000A3
-+#define CKR_PIN_LOCKED 0x000000A4
-+
-+#define CKR_SESSION_CLOSED 0x000000B0
-+#define CKR_SESSION_COUNT 0x000000B1
-+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-+#define CKR_SESSION_READ_ONLY 0x000000B5
-+#define CKR_SESSION_EXISTS 0x000000B6
-+
-+/* CKR_SESSION_READ_ONLY_EXISTS and
-+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-+
-+#define CKR_SIGNATURE_INVALID 0x000000C0
-+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-+#define CKR_USER_NOT_LOGGED_IN 0x00000101
-+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-+#define CKR_USER_TYPE_INVALID 0x00000103
-+
-+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
-+ * are new to v2.01 */
-+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-+#define CKR_USER_TOO_MANY_TYPES 0x00000105
-+
-+#define CKR_WRAPPED_KEY_INVALID 0x00000110
-+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-+
-+/* These are new to v2.0 */
-+#define CKR_RANDOM_NO_RNG 0x00000121
-+
-+/* These are new to v2.11 */
-+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
-+
-+/* These are new to v2.0 */
-+#define CKR_BUFFER_TOO_SMALL 0x00000150
-+#define CKR_SAVED_STATE_INVALID 0x00000160
-+#define CKR_INFORMATION_SENSITIVE 0x00000170
-+#define CKR_STATE_UNSAVEABLE 0x00000180
-+
-+/* These are new to v2.01 */
-+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-+#define CKR_MUTEX_BAD 0x000001A0
-+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-+
-+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
-+#define CKR_NEW_PIN_MODE 0x000001B0
-+#define CKR_NEXT_OTP 0x000001B1
-+
-+/* This is new to v2.20 */
-+#define CKR_FUNCTION_REJECTED 0x00000200
-+
-+#define CKR_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_NOTIFY is an application callback that processes events */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_NOTIFICATION event,
-+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
-+);
-+
-+
-+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
-+ * version and pointers of appropriate types to all the
-+ * Cryptoki functions */
-+/* CK_FUNCTION_LIST is new for v2.0 */
-+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-+
-+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-+
-+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-+
-+
-+/* CK_CREATEMUTEX is an application callback for creating a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-+);
-+
-+
-+/* CK_DESTROYMUTEX is an application callback for destroying a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_LOCKMUTEX is an application callback for locking a mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_UNLOCKMUTEX is an application callback for unlocking a
-+ * mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
-+ * C_Initialize */
-+typedef struct CK_C_INITIALIZE_ARGS {
-+ CK_CREATEMUTEX CreateMutex;
-+ CK_DESTROYMUTEX DestroyMutex;
-+ CK_LOCKMUTEX LockMutex;
-+ CK_UNLOCKMUTEX UnlockMutex;
-+ CK_FLAGS flags;
-+ CK_VOID_PTR pReserved;
-+} CK_C_INITIALIZE_ARGS;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-+#define CKF_OS_LOCKING_OK 0x00000002
-+
-+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-+
-+
-+/* additional flags for parameters to functions */
-+
-+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-+#define CKF_DONT_BLOCK 1
-+
-+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
-+ * Generation Function (MGF) applied to a message block when
-+ * formatting a message block for the PKCS #1 OAEP encryption
-+ * scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-+
-+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-+
-+/* The following MGFs are defined */
-+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
-+ * are new for v2.20 */
-+#define CKG_MGF1_SHA1 0x00000001
-+#define CKG_MGF1_SHA256 0x00000002
-+#define CKG_MGF1_SHA384 0x00000003
-+#define CKG_MGF1_SHA512 0x00000004
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKG_MGF1_SHA224 0x00000005
-+
-+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
-+ * of the encoding parameter when formatting a message block
-+ * for the PKCS #1 OAEP encryption scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-+
-+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-+
-+/* The following encoding parameter sources are defined */
-+#define CKZ_DATA_SPECIFIED 0x00000001
-+
-+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_OAEP mechanism. */
-+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-+ CK_VOID_PTR pSourceData;
-+ CK_ULONG ulSourceDataLen;
-+} CK_RSA_PKCS_OAEP_PARAMS;
-+
-+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-+
-+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
-+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_PSS mechanism(s). */
-+typedef struct CK_RSA_PKCS_PSS_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_ULONG sLen;
-+} CK_RSA_PKCS_PSS_PARAMS;
-+
-+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-+
-+/* CK_EC_KDF_TYPE is new for v2.11. */
-+typedef CK_ULONG CK_EC_KDF_TYPE;
-+
-+/* The following EC Key Derivation Functions are defined */
-+#define CKD_NULL 0x00000001
-+#define CKD_SHA1_KDF 0x00000002
-+
-+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
-+ * where each party contributes one key pair.
-+ */
-+typedef struct CK_ECDH1_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_ECDH1_DERIVE_PARAMS;
-+
-+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
-+typedef struct CK_ECDH2_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_ECDH2_DERIVE_PARAMS;
-+
-+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_ECMQV_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_ECMQV_DERIVE_PARAMS;
-+
-+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-+
-+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
-+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
-+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-+
-+/* The following X9.42 DH key derivation functions are defined
-+ (besides CKD_NULL already defined : */
-+#define CKD_SHA1_KDF_ASN1 0x00000003
-+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
-+
-+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
-+ * contributes one key pair */
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_X9_42_DH1_DERIVE_PARAMS;
-+
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-+
-+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
-+ * mechanisms, where each party contributes two key pairs */
-+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_X9_42_DH2_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_X9_42_MQV_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-+
-+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
-+ * CKM_KEA_DERIVE mechanism */
-+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-+typedef struct CK_KEA_DERIVE_PARAMS {
-+ CK_BBOOL isSender;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pRandomB;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_KEA_DERIVE_PARAMS;
-+
-+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
-+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
-+ * holds the effective keysize */
-+typedef CK_ULONG CK_RC2_PARAMS;
-+
-+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-+
-+
-+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
-+ * mechanism */
-+typedef struct CK_RC2_CBC_PARAMS {
-+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+
-+ CK_BYTE iv[8]; /* IV for CBC mode */
-+} CK_RC2_CBC_PARAMS;
-+
-+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC2_MAC_GENERAL mechanism */
-+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC2_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
-+ * CKM_RC5_MAC mechanisms */
-+/* CK_RC5_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+} CK_RC5_PARAMS;
-+
-+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-+
-+
-+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
-+ * mechanism */
-+/* CK_RC5_CBC_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_CBC_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_BYTE_PTR pIv; /* pointer to IV */
-+ CK_ULONG ulIvLen; /* length of IV in bytes */
-+} CK_RC5_CBC_PARAMS;
-+
-+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC5_MAC_GENERAL mechanism */
-+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC5_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
-+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
-+ * the MAC */
-+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-+
-+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-+
-+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
-+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[8];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pPassword;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPAndGLen;
-+ CK_ULONG ulQLen;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pPrimeP;
-+ CK_BYTE_PTR pBaseG;
-+ CK_BYTE_PTR pSubprimeQ;
-+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-+
-+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
-+
-+
-+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_RELAYX mechanism */
-+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-+ CK_ULONG ulOldWrappedXLen;
-+ CK_BYTE_PTR pOldWrappedX;
-+ CK_ULONG ulOldPasswordLen;
-+ CK_BYTE_PTR pOldPassword;
-+ CK_ULONG ulOldPublicDataLen;
-+ CK_BYTE_PTR pOldPublicData;
-+ CK_ULONG ulOldRandomLen;
-+ CK_BYTE_PTR pOldRandomA;
-+ CK_ULONG ulNewPasswordLen;
-+ CK_BYTE_PTR pNewPassword;
-+ CK_ULONG ulNewPublicDataLen;
-+ CK_BYTE_PTR pNewPublicData;
-+ CK_ULONG ulNewRandomLen;
-+ CK_BYTE_PTR pNewRandomA;
-+} CK_SKIPJACK_RELAYX_PARAMS;
-+
-+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
-+
-+
-+typedef struct CK_PBE_PARAMS {
-+ CK_BYTE_PTR pInitVector;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pSalt;
-+ CK_ULONG ulSaltLen;
-+ CK_ULONG ulIteration;
-+} CK_PBE_PARAMS;
-+
-+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-+
-+
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
-+ * CKM_KEY_WRAP_SET_OAEP mechanism */
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-+ CK_BYTE bBC; /* block contents byte */
-+ CK_BYTE_PTR pX; /* extra data */
-+ CK_ULONG ulXLen; /* length of extra data in bytes */
-+} CK_KEY_WRAP_SET_OAEP_PARAMS;
-+
-+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
-+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_SSL3_RANDOM_DATA;
-+
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_VERSION_PTR pVersion;
-+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hClientMacSecret;
-+ CK_OBJECT_HANDLE hServerMacSecret;
-+ CK_OBJECT_HANDLE hClientKey;
-+ CK_OBJECT_HANDLE hServerKey;
-+ CK_BYTE_PTR pIVClient;
-+ CK_BYTE_PTR pIVServer;
-+} CK_SSL3_KEY_MAT_OUT;
-+
-+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_PARAMS {
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_BBOOL bIsExport;
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_SSL3_KEY_MAT_PARAMS;
-+
-+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-+
-+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
-+typedef struct CK_TLS_PRF_PARAMS {
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_TLS_PRF_PARAMS;
-+
-+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-+
-+/* WTLS is new for version 2.20 */
-+typedef struct CK_WTLS_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_WTLS_RANDOM_DATA;
-+
-+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-+
-+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_BYTE_PTR pVersion;
-+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_PRF_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_WTLS_PRF_PARAMS;
-+
-+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hMacSecret;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pIV;
-+} CK_WTLS_KEY_MAT_OUT;
-+
-+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_ULONG ulSequenceNumber;
-+ CK_BBOOL bIsExport;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_WTLS_KEY_MAT_PARAMS;
-+
-+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-+
-+/* CMS is new for version 2.20 */
-+typedef struct CK_CMS_SIG_PARAMS {
-+ CK_OBJECT_HANDLE certificateHandle;
-+ CK_MECHANISM_PTR pSigningMechanism;
-+ CK_MECHANISM_PTR pDigestMechanism;
-+ CK_UTF8CHAR_PTR pContentType;
-+ CK_BYTE_PTR pRequestedAttributes;
-+ CK_ULONG ulRequestedAttributesLen;
-+ CK_BYTE_PTR pRequiredAttributes;
-+ CK_ULONG ulRequiredAttributesLen;
-+} CK_CMS_SIG_PARAMS;
-+
-+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-+
-+typedef struct CK_KEY_DERIVATION_STRING_DATA {
-+ CK_BYTE_PTR pData;
-+ CK_ULONG ulLen;
-+} CK_KEY_DERIVATION_STRING_DATA;
-+
-+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-+ CK_KEY_DERIVATION_STRING_DATA_PTR;
-+
-+
-+/* The CK_EXTRACT_PARAMS is used for the
-+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
-+ * of the base key should be used as the first bit of the
-+ * derived key */
-+/* CK_EXTRACT_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_EXTRACT_PARAMS;
-+
-+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-+
-+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
-+ * indicate the Pseudo-Random Function (PRF) used to generate
-+ * key bits using PKCS #5 PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-+
-+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-+
-+/* The following PRFs are defined in PKCS #5 v2.0. */
-+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
-+
-+
-+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
-+ * source of the salt value when deriving a key using PKCS #5
-+ * PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-+
-+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-+
-+/* The following salt value sources are defined in PKCS #5 v2.0. */
-+#define CKZ_SALT_SPECIFIED 0x00000001
-+
-+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
-+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
-+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
-+typedef struct CK_PKCS5_PBKD2_PARAMS {
-+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-+ CK_VOID_PTR pSaltSourceData;
-+ CK_ULONG ulSaltSourceDataLen;
-+ CK_ULONG iterations;
-+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-+ CK_VOID_PTR pPrfData;
-+ CK_ULONG ulPrfDataLen;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG_PTR ulPasswordLen;
-+} CK_PKCS5_PBKD2_PARAMS;
-+
-+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-+
-+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
-+
-+typedef CK_ULONG CK_OTP_PARAM_TYPE;
-+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
-+
-+typedef struct CK_OTP_PARAM {
-+ CK_OTP_PARAM_TYPE type;
-+ CK_VOID_PTR pValue;
-+ CK_ULONG ulValueLen;
-+} CK_OTP_PARAM;
-+
-+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-+
-+typedef struct CK_OTP_PARAMS {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_PARAMS;
-+
-+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-+
-+typedef struct CK_OTP_SIGNATURE_INFO {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_SIGNATURE_INFO;
-+
-+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CK_OTP_VALUE 0
-+#define CK_OTP_PIN 1
-+#define CK_OTP_CHALLENGE 2
-+#define CK_OTP_TIME 3
-+#define CK_OTP_COUNTER 4
-+#define CK_OTP_FLAGS 5
-+#define CK_OTP_OUTPUT_LENGTH 6
-+#define CK_OTP_OUTPUT_FORMAT 7
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CKF_NEXT_OTP 0x00000001
-+#define CKF_EXCLUDE_TIME 0x00000002
-+#define CKF_EXCLUDE_COUNTER 0x00000004
-+#define CKF_EXCLUDE_CHALLENGE 0x00000008
-+#define CKF_EXCLUDE_PIN 0x00000010
-+#define CKF_USER_FRIENDLY_OTP 0x00000020
-+
-+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
-+typedef struct CK_KIP_PARAMS {
-+ CK_MECHANISM_PTR pMechanism;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+} CK_KIP_PARAMS;
-+
-+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-+
-+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_AES_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_AES_CTR_PARAMS;
-+
-+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_CAMELLIA_CTR_PARAMS;
-+
-+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+#endif
-Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.7.6.1 openssl/util/libeay.num:1.7
---- openssl/util/libeay.num:1.7.6.1 Sun Jan 15 15:45:40 2012
-+++ openssl/util/libeay.num Mon Jun 13 14:25:25 2011
-@@ -3728,3 +3728,5 @@
- pqueue_size 4114 EXIST::FUNCTION:
- OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
- OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:
-+ENGINE_load_pk11ca 4117 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
-+ENGINE_load_pk11so 4117 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
-Index: openssl/util/mk1mf.pl
-diff -u openssl/util/mk1mf.pl:1.8.6.1 openssl/util/mk1mf.pl:1.8
---- openssl/util/mk1mf.pl:1.8.6.1 Sun Jan 15 15:45:40 2012
-+++ openssl/util/mk1mf.pl Mon Jun 13 14:25:25 2011
-@@ -87,6 +87,8 @@
- no-ecdh - No ECDH
- no-engine - No engine
- no-hw - No hw
-+ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
-+ no-hw-pkcs11so - No hw PKCS#11 SO flavor
- nasm - Use NASM for x86 asm
- nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
-@@ -242,6 +244,8 @@
- $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
- $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
- $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
- $cflags.=" -DOPENSSL_FIPS" if $fips;
- $cflags.= " -DZLIB" if $zlib_opt;
- $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-@@ -316,6 +320,9 @@
- $dir=$val;
- }
-
-+ if ($key eq "PK11_LIB_LOCATION")
-+ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
-+
- if ($key eq "KRB5_INCLUDES")
- { $cflags .= " $val";}
-
-@@ -1301,6 +1308,8 @@
- "no-ecdh" => \$no_ecdh,
- "no-engine" => \$no_engine,
- "no-hw" => \$no_hw,
-+ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
-+ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
- "just-ssl" =>
- [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
-Index: openssl/util/mkdef.pl
-diff -u openssl/util/mkdef.pl:1.6.6.1 openssl/util/mkdef.pl:1.6
---- openssl/util/mkdef.pl:1.6.6.1 Sun Jan 15 15:45:40 2012
-+++ openssl/util/mkdef.pl Mon Jun 13 14:25:25 2011
-@@ -93,7 +93,7 @@
- # External "algorithms"
- "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
- # Engines
-- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-+ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
- # RFC3779 support
- "RFC3779",
- # TLS extension support
-@@ -122,6 +122,7 @@
- my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
- my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
- my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
-+my $no_pkcs11ca; my $no_pkcs11so;
- my $no_seed;
- my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
- my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake;
-@@ -214,6 +215,8 @@
- elsif (/^no-cms$/) { $no_cms=1; }
- elsif (/^no-capieng$/) { $no_capieng=1; }
- elsif (/^no-jpake$/) { $no_jpake=1; }
-+ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
-+ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
- }
-
-
-@@ -1155,6 +1158,8 @@
- if ($keyword eq "KRB5" && $no_krb5) { return 0; }
- if ($keyword eq "ENGINE" && $no_engine) { return 0; }
- if ($keyword eq "HW" && $no_hw) { return 0; }
-+ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
-+ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
-Index: openssl/util/pl/VC-32.pl
-diff -u openssl/util/pl/VC-32.pl:1.6.6.1 openssl/util/pl/VC-32.pl:1.6
---- openssl/util/pl/VC-32.pl:1.6.6.1 Sun Jan 15 15:45:41 2012
-+++ openssl/util/pl/VC-32.pl Mon Jun 13 14:25:26 2011
-@@ -52,7 +52,7 @@
- my $f = $shlib || $fips ?' /MD':' /MT';
- $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
- $opt_cflags=$f.' /Ox';
-- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-+ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
- }
- elsif ($FLAVOR =~ /CE/)
Deleted: vendor/bind/dist/bin/pkcs11/openssl-0.9.8x-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-0.9.8x-patch 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/openssl-0.9.8x-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,15768 +0,0 @@
-Index: openssl/Configure
-diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
---- openssl/Configure:1.8.6.1 Sun Jan 15 15:45:33 2012
-+++ openssl/Configure Mon Jun 13 14:25:15 2011
-@@ -12,7 +12,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -25,6 +25,12 @@
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
- #
-+# --pk11-libname PKCS#11 library name.
-+# (No default)
-+#
-+# --pk11-flavor either crypto-accelerator or sign-only
-+# (No default)
-+#
- # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
- # to live in the subdirectory lib/ and the header files in
- # include/. A value is required.
-@@ -335,7 +341,7 @@
- "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
- ####
- "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -343,7 +349,7 @@
- "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### SPARC Linux setups
- # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
- # assisted with debugging of following two configs.
-@@ -590,6 +596,10 @@
- my $idx_ranlib = $idx++;
- my $idx_arflags = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+my $pk11_flavor="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -828,6 +838,14 @@
- {
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
-+ elsif (/^--pk11-flavor=(.*)$/)
-+ {
-+ $pk11_flavor=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -963,6 +981,22 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
-+if (! $pk11_flavor
-+ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
-+ {
-+ print STDERR "You must set --pk11-flavor.\n";
-+ print STDERR "Choices are crypto-accelerator and sign-only.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1078,6 +1112,25 @@
- print "\n";
- }
-
-+if ($pk11_flavor eq "crypto-accelerator")
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $options .= " no-hw-pkcs11so";
-+ print " no-hw-pkcs11so [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11SO\n";
-+ }
-+else
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $options .= " no-hw-pkcs11ca";
-+ print " no-hw-pkcs11ca [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11CA\n";
-+}
-+
- my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
-
- $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
-@@ -1129,6 +1182,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1492,6 +1547,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-Index: openssl/Makefile.org
-diff -u openssl/Makefile.org:1.4.6.1 openssl/Makefile.org:1.4
---- openssl/Makefile.org:1.4.6.1 Sun Jan 15 15:45:33 2012
-+++ openssl/Makefile.org Mon Jun 13 14:25:15 2011
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
-Index: openssl/README.pkcs11
-diff -u /dev/null openssl/README.pkcs11:1.6.4.1
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/README.pkcs11 Mon Jun 13 18:27:39 2011
-@@ -0,0 +1,261 @@
-+ISC modified
-+============
-+
-+The previous key naming scheme was kept for backward compatibility.
-+
-+The PKCS#11 engine exists in two flavors, crypto-accelerator and
-+sign-only. The first one is from the Solaris patch and uses the
-+PKCS#11 device for all crypto operations it supports. The second
-+is a stripped down version which provides only the useful
-+function (i.e., signature with a RSA private key in the device
-+protected key store and key loading).
-+
-+As a hint PKCS#11 boards should use the crypto-accelerator flavor,
-+external PKCS#11 devices the sign-only. SCA 6000 is an example
-+of the first, AEP Keyper of the second.
-+
-+Note it is mandatory to set a pk11-flavor (and only one) in
-+config/Configure.
-+
-+PKCS#11 engine support for OpenSSL 0.9.8l
-+=========================================
-+
-+[Nov 19, 2009]
-+
-+Contents:
-+
-+Overview
-+Revisions of the patch for 0.9.8 branch
-+FAQs
-+Feedback
-+
-+Overview
-+========
-+
-+This patch containing code available in OpenSolaris adds support for PKCS#11
-+engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
-+OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
-+must provide PKCS#11 backend otherwise the patch is useless. You provide the
-+PKCS#11 library name during the build configuration phase, see below.
-+
-+Patch can be applied like this:
-+
-+ # NOTE: use gtar if on Solaris
-+ tar xfzv openssl-0.9.8l.tar.gz
-+ # now download the patch to the current directory
-+ # ...
-+ cd openssl-0.9.8l
-+ # NOTE: must use gpatch if on Solaris (is part of the system)
-+ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
-+
-+It is designed to support pure acceleration for RSA, DSA, DH and all the
-+symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
-+except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
-+
-+According to the PKCS#11 providers installed on your machine, it can support
-+following mechanisms:
-+
-+ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
-+ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
-+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
-+ SHA256, SHA384, SHA512
-+
-+Note that for AES counter mode the application must provide their own EVP
-+functions since OpenSSL doesn't support counter mode through EVP yet. You may
-+see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
-+example of code that uses the PKCS#11 engine and deals with the fork-safety
-+problem (see engine.c and packet.c files if interested).
-+
-+You must provide the location of PKCS#11 library in your system to the
-+configure script. You will be instructed to do that when you try to run the
-+config script:
-+
-+ $ ./config
-+ Operating system: i86pc-whatever-solaris2
-+ Configuring for solaris-x86-cc
-+ You must set --pk11-libname for PKCS#11 library.
-+ See README.pkcs11 for more information.
-+
-+Taking openCryptoki project on Linux AMD64 box as an example, you would run
-+configure script like this:
-+
-+ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
-+
-+To check whether newly built openssl really supports PKCS#11 it's enough to run
-+"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
-+output. If you see no PKCS#11 engine support check that the built openssl binary
-+and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
-+
-+The patch, during various phases of development, was tested on Solaris against
-+PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
-+OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
-+(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
-+information). Some Linux distributions even ship those libraries with the
-+system. The patch should work on any system that is supported by OpenSSL itself
-+and has functional PKCS#11 library.
-+
-+The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
-+copyrighted by RSA Security Inc., see pkcs11.h for more information.
-+
-+Other added/modified code in this patch is copyrighted by Sun Microsystems,
-+Inc. and is released under the OpenSSL license (see LICENSE file for more
-+information).
-+
-+Revisions of the patch for 0.9.8 branch
-+=======================================
-+
-+2009-11-19
-+- adjusted for OpenSSL version 0.9.8l
-+
-+- bugs and RFEs:
-+
-+ 6479874 OpenSSL should support RSA key by reference/hardware keystores
-+ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
-+ 6732677 make check to trigger Solaris specific code automatic in the
-+ PKCS#11 engine
-+
-+2009-03-11
-+- adjusted for OpenSSL version 0.9.8j
-+
-+- README.pkcs11 moved out of the patch, and is shipped together with it in a
-+ tarball instead so that it can be read before the patch is applied.
-+
-+- fixed bugs:
-+
-+ 6804216 pkcs#11 engine should support a key length range for RC4
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-12-02
-+- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
-+
-+ 6723504 more granular locking in PKCS#11 engine
-+ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
-+ 6710420 PKCS#11 engine source should be lint clean
-+ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
-+ it seriously
-+ 6746712 PKCS#11 engine source code should be cstyle clean
-+ 6731380 return codes of several functions are not checked in the PKCS#11
-+ engine code
-+ 6746735 PKCS#11 engine should use extended FILE space API
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-08-01
-+- fixed bug
-+
-+ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
-+ and digests
-+
-+- Solaris specific code for slot selection made automatic
-+
-+2008-07-29
-+- update the patch to OpenSSL 0.9.8h version
-+- pkcs11t.h updated to the latest version:
-+
-+ 6545665 make CKM_AES_CTR available to non-kernel users
-+
-+- fixed bugs in the engine code:
-+
-+ 6602801 PK11_SESSION cache has to employ reference counting scheme for
-+ asymmetric key operations
-+ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
-+ atomically
-+ 6607307 pkcs#11 engine can't read RSA private keys
-+ 6652362 pk11_RSA_finish() is cutting corners
-+ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
-+ suboptimal way
-+ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
-+ resilient to destroy failures
-+ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
-+ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
-+ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
-+ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
-+ of big numbers leading to failures
-+ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
-+ -1
-+ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
-+ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
-+ checked
-+ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
-+ structure reuse
-+ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
-+ OPENSSL_NO_{RSA,DSA,DH}
-+ defines but fails miserably
-+ 6709966 make check_new_*() to return values to indicate cache hit/miss
-+ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
-+ generate_params parameter
-+ 6709513 PKCS#11 engine sets IV length even for ECB modes
-+ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
-+ PKCS#11 engine
-+ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
-+
-+- new features and enhancements:
-+
-+ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
-+ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
-+ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
-+ ciphers and digests
-+
-+2007-10-15
-+- update for 0.9.8f version
-+- update for "6607670 teach pkcs#11 engine how to use keys be reference"
-+
-+2007-10-02
-+- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
-+- draft for "6607307 pkcs#11 engine can't read RSA private keys"
-+
-+2007-09-26
-+- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
-+ significant performance drop
-+- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
-+
-+2007-05-25
-+- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
-+
-+2007-05-19
-+- initial patch for 0.9.8e using latest OpenSolaris code
-+
-+FAQs
-+====
-+
-+(1) my build failed on Linux distro with this error:
-+
-+../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
-+hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
-+
-+Answer:
-+
-+ - don't use "no-threads" when configuring
-+ - if you didn't then OpenSSL failed to create a threaded library by
-+ default. You may manually edit Configure and try again. Look for the
-+ architecture that Configure printed, for example:
-+
-+Configured for linux-elf.
-+
-+ - then edit Configure, find string "linux-elf" (inluding the quotes),
-+ and add flags to support threads to the 4th column of the 2nd string.
-+ If you build with GCC then adding "-pthread" should be enough. With
-+ "linux-elf" as an example, you would add " -pthread" right after
-+ "-D_REENTRANT", like this:
-+
-+....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
-+
-+(2) I'm using MinGW/MSYS environment and get undeclared reference error for
-+pthread_atfork() function when trying to build OpenSSL with the patch.
-+
-+Answer:
-+
-+ Sorry, pthread_atfork() is not implemented in the current pthread-win32
-+ (as of Nov 2009). You can not use the patch there.
-+
-+
-+Feedback
-+========
-+
-+Please send feedback to security-discuss at opensolaris.org. The patch was
-+created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
-+
-+Latest version should be always available on http://blogs.sun.com/janp.
-+
-Index: openssl/crypto/opensslconf.h
-diff -u openssl/crypto/opensslconf.h:1.5.10.1 openssl/crypto/opensslconf.h:1.5
---- openssl/crypto/opensslconf.h:1.5.10.1 Sun Jan 15 15:45:34 2012
-+++ openssl/crypto/opensslconf.h Fri Sep 4 10:43:21 2009
-@@ -38,6 +38,9 @@
-
- #endif /* OPENSSL_DOING_MAKEDEPEND */
-
-+#ifndef OPENSSL_THREADS
-+# define OPENSSL_THREADS
-+#endif
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
- # define OPENSSL_NO_DYNAMIC_ENGINE
- #endif
-@@ -79,6 +82,8 @@
- # endif
- #endif
-
-+#define OPENSSL_CPUID_OBJ
-+
- /* crypto/opensslconf.h.in */
-
- #ifdef OPENSSL_DOING_MAKEDEPEND
-@@ -140,7 +145,7 @@
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
--#undef RC4_CHUNK
-+#define RC4_CHUNK unsigned long
- #endif
- #endif
-
-@@ -148,7 +153,7 @@
- /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
- #ifndef DES_LONG
--#define DES_LONG unsigned long
-+#define DES_LONG unsigned int
- #endif
- #endif
-
-@@ -162,9 +167,9 @@
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
--#undef SIXTY_FOUR_BIT_LONG
-+#define SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
--#define THIRTY_TWO_BIT
-+#undef THIRTY_TWO_BIT
- #undef SIXTEEN_BIT
- #undef EIGHT_BIT
- #endif
-@@ -178,7 +183,7 @@
-
- #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
- #define CONFIG_HEADER_BF_LOCL_H
--#undef BF_PTR
-+#define BF_PTR2
- #endif /* HEADER_BF_LOCL_H */
-
- #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-@@ -208,7 +213,7 @@
- /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
- #ifndef DES_UNROLL
--#undef DES_UNROLL
-+#define DES_UNROLL
- #endif
-
- /* These default values were supplied by
-Index: openssl/crypto/bio/bss_file.c
-diff -u openssl/crypto/bio/bss_file.c:1.5.6.1 openssl/crypto/bio/bss_file.c:1.5
---- openssl/crypto/bio/bss_file.c:1.5.6.1 Sun Jan 15 15:45:35 2012
-+++ openssl/crypto/bio/bss_file.c Mon Jun 13 14:25:17 2011
-@@ -125,7 +125,7 @@
- {
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-- if (errno == ENOENT)
-+ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
- else
- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-Index: openssl/crypto/engine/Makefile
-diff -u openssl/crypto/engine/Makefile:1.6.6.1 openssl/crypto/engine/Makefile:1.6
---- openssl/crypto/engine/Makefile:1.6.6.1 Sun Jan 15 15:45:35 2012
-+++ openssl/crypto/engine/Makefile Mon Jun 13 14:25:19 2011
-@@ -21,12 +21,14 @@
- eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- tb_cipher.c tb_digest.c \
-- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
-+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \
-+ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
- LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
- eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- tb_cipher.o tb_digest.o \
-- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
-+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \
-+ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
-
- SRC= $(LIBSRC)
-
-@@ -288,6 +290,102 @@
- eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
- eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
- eng_table.o: eng_table.c
-+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11.c
-+hw_pk11_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11_pub.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11_pub.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11_pub.c
-+hw_pk11so.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11so.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11so.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11so.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11so.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11so.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11so.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11so.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11so.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11so.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11so.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11so.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11so.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11so.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11so.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11so.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11so.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11so.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11so.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11so.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11so.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11so.c
-+hw_pk11so_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11so_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11so_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11so_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11so_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11so_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11so_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11so_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11so_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11so_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11so_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11so_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11so_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11so_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11so_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11so_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11so_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11so_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11so_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11so_pub.o: ../../include/openssl/pem2.h ../cryptlib.h
-+hw_pk11so_pub.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11so_pub.c
- tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
- tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
- tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-Index: openssl/crypto/engine/cryptoki.h
-diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
-@@ -0,0 +1,103 @@
-+/*
-+ * CDDL HEADER START
-+ *
-+ * The contents of this file are subject to the terms of the
-+ * Common Development and Distribution License, Version 1.0 only
-+ * (the "License"). You may not use this file except in compliance
-+ * with the License.
-+ *
-+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-+ * or http://www.opensolaris.org/os/licensing.
-+ * See the License for the specific language governing permissions
-+ * and limitations under the License.
-+ *
-+ * When distributing Covered Code, include this CDDL HEADER in each
-+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-+ * If applicable, add the following below this CDDL HEADER, with the
-+ * fields enclosed by brackets "[]" replaced with your own identifying
-+ * information: Portions Copyright [yyyy] [name of copyright owner]
-+ *
-+ * CDDL HEADER END
-+ */
-+/*
-+ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+#ifndef _CRYPTOKI_H
-+#define _CRYPTOKI_H
-+
-+/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef CK_PTR
-+#define CK_PTR *
-+#endif
-+
-+#ifndef CK_DEFINE_FUNCTION
-+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION
-+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION_POINTER
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef CK_CALLBACK_FUNCTION
-+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef NULL_PTR
-+#include <unistd.h> /* For NULL */
-+#define NULL_PTR NULL
-+#endif
-+
-+/*
-+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
-+ */
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#define CK_DISABLE_TRUE_FALSE
-+#ifndef TRUE
-+#define TRUE 1
-+#endif /* TRUE */
-+#ifndef FALSE
-+#define FALSE 0
-+#endif /* FALSE */
-+#endif /* CK_DISABLE_TRUE_FALSE */
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+#include "pkcs11.h"
-+
-+/* Solaris specific functions */
-+
-+#include <stdlib.h>
-+
-+/*
-+ * SUNW_C_GetMechSession will initialize the framework and do all
-+ * the necessary PKCS#11 calls to create a session capable of
-+ * providing operations on the requested mechanism
-+ */
-+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
-+ CK_SESSION_HANDLE_PTR hSession);
-+
-+/*
-+ * SUNW_C_KeyToObject will create a secret key object for the given
-+ * mechanism from the rawkey data.
-+ */
-+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
-+ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
-+ CK_OBJECT_HANDLE_PTR obj);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* _CRYPTOKI_H */
-Index: openssl/crypto/engine/eng_all.c
-diff -u openssl/crypto/engine/eng_all.c:1.4.6.1 openssl/crypto/engine/eng_all.c:1.4
---- openssl/crypto/engine/eng_all.c:1.4.6.1 Sun Jan 15 15:45:36 2012
-+++ openssl/crypto/engine/eng_all.c Mon Jun 13 14:25:19 2011
-@@ -110,6 +110,14 @@
- #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
- #endif
-+#ifndef OPENSSL_NO_HW_PKCS11
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+ ENGINE_load_pk11ca();
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+ ENGINE_load_pk11so();
-+#endif
-+#endif
- #endif
- }
-
-Index: openssl/crypto/engine/engine.h
-diff -u openssl/crypto/engine/engine.h:1.4.6.1 openssl/crypto/engine/engine.h:1.4
---- openssl/crypto/engine/engine.h:1.4.6.1 Sun Jan 15 15:45:36 2012
-+++ openssl/crypto/engine/engine.h Mon Jun 13 14:25:19 2011
-@@ -344,6 +344,12 @@
- void ENGINE_load_capi(void);
- #endif
- #endif
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+void ENGINE_load_pk11ca(void);
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+void ENGINE_load_pk11so(void);
-+#endif
-
- /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
-Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:35 2011
-@@ -0,0 +1,4057 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+#include <openssl/aes.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/* #undef DEBUG_SLOT_SELECTION */
-+/*
-+ * Solaris specific code. See comment at check_hw_mechanisms() for more
-+ * information.
-+ */
-+#if defined(__SVR4) && defined(__sun)
-+#undef SOLARIS_HW_SLOT_SELECTION
-+#endif
-+
-+/*
-+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
-+ * there are official OIDs for mechanisms based on this mode. With our changes,
-+ * an application can define its own EVP calls for AES counter mode and then
-+ * it can make use of hardware acceleration through this engine. However, it's
-+ * better if we keep AES CTR support code under ifdef's.
-+ */
-+#define SOLARIS_AES_CTR
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.c"
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NIDs for AES counter mode that will be defined during the engine
-+ * initialization.
-+ */
-+static int NID_aes_128_ctr = NID_undef;
-+static int NID_aes_192_ctr = NID_undef;
-+static int NID_aes_256_ctr = NID_undef;
-+#endif /* SOLARIS_AES_CTR */
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
-+ * library. See comment at check_hw_mechanisms() for more information.
-+ */
-+static int *hw_cnids;
-+static int *hw_dnids;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+#ifndef OPENSSL_NO_RSA
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DH
-+int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
-+#endif
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+/* Symmetric cipher and digest support functions */
-+static int cipher_nid_to_pk11(int nid);
-+#ifdef SOLARIS_AES_CTR
-+static int pk11_add_NID(char *sn, char *ln);
-+static int pk11_add_aes_ctr_NIDs(void);
-+#endif /* SOLARIS_AES_CTR */
-+static int pk11_usable_ciphers(const int **nids);
-+static int pk11_usable_digests(const int **nids);
-+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc);
-+static int pk11_cipher_final(PK11_SESSION *sp);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl);
-+#else
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl);
-+#endif
-+static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
-+static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid);
-+static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid);
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len);
-+static int md_nid_to_pk11(int nid);
-+static int pk11_digest_init(EVP_MD_CTX *ctx);
-+static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
-+ size_t count);
-+static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
-+static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-+static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
-+ int *local_cipher_nids);
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest,
-+ int *local_digest_nids);
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
-+ int id);
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+static int check_hw_mechanisms(void);
-+static int nid_in_table(int nid, int *nid_table);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* Index for the supported ciphers */
-+enum pk11_cipher_id {
-+ PK11_DES_CBC,
-+ PK11_DES3_CBC,
-+ PK11_DES_ECB,
-+ PK11_DES3_ECB,
-+ PK11_RC4,
-+ PK11_AES_128_CBC,
-+ PK11_AES_192_CBC,
-+ PK11_AES_256_CBC,
-+ PK11_AES_128_ECB,
-+ PK11_AES_192_ECB,
-+ PK11_AES_256_ECB,
-+ PK11_BLOWFISH_CBC,
-+#ifdef SOLARIS_AES_CTR
-+ PK11_AES_128_CTR,
-+ PK11_AES_192_CTR,
-+ PK11_AES_256_CTR,
-+#endif /* SOLARIS_AES_CTR */
-+ PK11_CIPHER_MAX
-+};
-+
-+/* Index for the supported digests */
-+enum pk11_digest_id {
-+ PK11_MD5,
-+ PK11_SHA1,
-+ PK11_SHA224,
-+ PK11_SHA256,
-+ PK11_SHA384,
-+ PK11_SHA512,
-+ PK11_DIGEST_MAX
-+};
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static int cipher_nids[PK11_CIPHER_MAX];
-+static int digest_nids[PK11_DIGEST_MAX];
-+static int cipher_count = 0;
-+static int digest_count = 0;
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_recover = CK_FALSE;
-+static CK_BBOOL pk11_have_dsa = CK_FALSE;
-+static CK_BBOOL pk11_have_dh = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+typedef struct PK11_CIPHER_st
-+ {
-+ enum pk11_cipher_id id;
-+ int nid;
-+ int iv_len;
-+ int min_key_len;
-+ int max_key_len;
-+ CK_KEY_TYPE key_type;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_CIPHER;
-+
-+static PK11_CIPHER ciphers[] =
-+ {
-+ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
-+ CKK_DES, CKM_DES_CBC, },
-+ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
-+ CKK_DES3, CKM_DES3_CBC, },
-+ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
-+ CKK_DES, CKM_DES_ECB, },
-+ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
-+ CKK_DES3, CKM_DES3_ECB, },
-+ { PK11_RC4, NID_rc4, 0, 16, 256,
-+ CKK_RC4, CKM_RC4, },
-+ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
-+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
-+#ifdef SOLARIS_AES_CTR
-+ /* we don't know the correct NIDs until the engine is initialized */
-+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
-+ CKK_AES, CKM_AES_CTR, },
-+#endif /* SOLARIS_AES_CTR */
-+ };
-+
-+typedef struct PK11_DIGEST_st
-+ {
-+ enum pk11_digest_id id;
-+ int nid;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_DIGEST;
-+
-+static PK11_DIGEST digests[] =
-+ {
-+ {PK11_MD5, NID_md5, CKM_MD5, },
-+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
-+ {PK11_SHA224, NID_sha224, CKM_SHA224, },
-+ {PK11_SHA256, NID_sha256, CKM_SHA256, },
-+ {PK11_SHA384, NID_sha384, CKM_SHA384, },
-+ {PK11_SHA512, NID_sha512, CKM_SHA512, },
-+ {0, NID_undef, 0xFFFF, },
-+ };
-+
-+/*
-+ * Structure to be used for the cipher_data/md_data in
-+ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
-+ * session in multiple cipher_update calls
-+ */
-+typedef struct PK11_CIPHER_STATE_st
-+ {
-+ PK11_SESSION *sp;
-+ } PK11_CIPHER_STATE;
-+
-+
-+/*
-+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
-+ * called when libcrypto requests a cipher NID.
-+ *
-+ * Note how the PK11_CIPHER_STATE is used here.
-+ */
-+
-+/* DES CBC EVP */
-+static const EVP_CIPHER pk11_des_cbc =
-+ {
-+ NID_des_cbc,
-+ 8, 8, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/* 3DES CBC EVP */
-+static const EVP_CIPHER pk11_3des_cbc =
-+ {
-+ NID_des_ede3_cbc,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
-+ * get_asn1_parameters fields are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_des_ecb =
-+ {
-+ NID_des_ecb,
-+ 8, 8, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_3des_ecb =
-+ {
-+ NID_des_ede3_ecb,
-+ 8, 24, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+
-+static const EVP_CIPHER pk11_aes_128_cbc =
-+ {
-+ NID_aes_128_cbc,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_cbc =
-+ {
-+ NID_aes_192_cbc,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_cbc =
-+ {
-+ NID_aes_256_cbc,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use IV so that's why set_asn1_parameters and
-+ * get_asn1_parameters are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_aes_128_ecb =
-+ {
-+ NID_aes_128_ecb,
-+ 16, 16, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_ecb =
-+ {
-+ NID_aes_192_ecb,
-+ 16, 24, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_ecb =
-+ {
-+ NID_aes_256_ecb,
-+ 16, 32, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
-+ * created in pk11_library_init(). Note that the need to change these structures
-+ * is the reason why we don't define them with the const keyword.
-+ */
-+static EVP_CIPHER pk11_aes_128_ctr =
-+ {
-+ NID_undef,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_192_ctr =
-+ {
-+ NID_undef,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_256_ctr =
-+ {
-+ NID_undef,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+#endif /* SOLARIS_AES_CTR */
-+
-+static const EVP_CIPHER pk11_bf_cbc =
-+ {
-+ NID_bf_cbc,
-+ 8, 16, 8,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_rc4 =
-+ {
-+ NID_rc4,
-+ 1, 16, 0,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_MD pk11_md5 =
-+ {
-+ NID_md5,
-+ NID_md5WithRSAEncryption,
-+ MD5_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ MD5_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha1 =
-+ {
-+ NID_sha1,
-+ NID_sha1WithRSAEncryption,
-+ SHA_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha224 =
-+ {
-+ NID_sha224,
-+ NID_sha224WithRSAEncryption,
-+ SHA224_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-224 uses the same cblock size as SHA-256 */
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha256 =
-+ {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha384 =
-+ {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-384 uses the same cblock size as SHA-512 */
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha512 =
-+ {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11SO
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name =
-+ "PKCS #11 engine support (crypto accelerator)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+#ifndef OPENSSL_NO_RSA
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DSA], NULL);
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DH] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DH], NULL);
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (find_lock[OP_DSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
-+ OPENSSL_free(find_lock[OP_DSA]);
-+ find_lock[OP_DSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (find_lock[OP_DH] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DH]);
-+ OPENSSL_free(find_lock[OP_DH]);
-+ find_lock[OP_DH] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ const RSA_METHOD *rsa = NULL;
-+ RSA_METHOD *pk11_rsa = PK11_RSA();
-+#endif /* OPENSSL_NO_RSA */
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name) ||
-+ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
-+ !ENGINE_set_digests(e, pk11_engine_digests))
-+ return (0);
-+#ifndef OPENSSL_NO_RSA
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (pk11_have_dsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DSA(e, PK11_DSA()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (pk11_have_dh == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DH(e, PK11_DH()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DH */
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+/*
-+ * Apache calls OpenSSL function RSA_blinding_on() once during startup
-+ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
-+ * here, we wire it back to the OpenSSL software implementation.
-+ * Since it is used only once, performance is not a concern.
-+ */
-+#ifndef OPENSSL_NO_RSA
-+ rsa = RSA_PKCS1_SSLeay();
-+ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
-+ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
-+ if (pk11_have_recover != CK_TRUE)
-+ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
-+#endif /* OPENSSL_NO_RSA */
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ LOCK_OBJSTORE(OP_DSA);
-+ LOCK_OBJSTORE(OP_DH);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ CK_ULONG ul_state_len;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * We must do this before we start working with slots since we need all
-+ * NIDs there.
-+ */
-+ if (pk11_add_aes_ctr_NIDs() == 0)
-+ goto err;
-+#endif /* SOLARIS_AES_CTR */
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Disable digest if C_GetOperationState is not supported since
-+ * this function is required by OpenSSL digest copy function
-+ */
-+ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
-+ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
-+ != CKR_OK) {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: C_GetOperationState() not supported, "
-+ "setting digest_count to 0\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ digest_count = 0;
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ (void) pk11_destroy_dsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ (void) pk11_destroy_dh_key_objects(NULL);
-+#endif /* OPENSSL_NO_DH */
-+ (void) pk11_destroy_cipher_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+ myslot = SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ sp->opdata_dsa_pub_num = NULL;
-+ sp->opdata_dsa_priv = NULL;
-+ sp->opdata_dsa_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ sp->opdata_dh_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DH */
-+ case OP_CIPHER:
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ sp->opdata_encrypt = -1;
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Destroy DSA public key from single session. */
-+int
-+pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
-+ ret, uselock, OP_DSA, CK_FALSE);
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy DSA private key from single session. */
-+int
-+pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
-+ ret, uselock, OP_DSA, CK_TRUE);
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv = NULL;
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_dsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+/* Destroy DH key from single session. */
-+int
-+pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
-+ ret, uselock, OP_DH, CK_TRUE);
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DH key object wrapper.
-+ *
-+ * arg0: pointer to PKCS#11 engine session structure
-+ * if session is NULL, try to destroy all objects in the free list
-+ */
-+int
-+pk11_destroy_dh_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DH].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DH].head;
-+ uselock = FALSE;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dh_object(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DH].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/* Symmetric ciphers and digests support functions */
-+
-+static int
-+cipher_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; i++)
-+ if (ciphers[i].nid == nid)
-+ return (ciphers[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_usable_ciphers(const int **nids)
-+ {
-+ if (cipher_count > 0)
-+ *nids = cipher_nids;
-+ else
-+ *nids = NULL;
-+ return (cipher_count);
-+ }
-+
-+static int
-+pk11_usable_digests(const int **nids)
-+ {
-+ if (digest_count > 0)
-+ *nids = digest_nids;
-+ else
-+ *nids = NULL;
-+ return (digest_count);
-+ }
-+
-+/*
-+ * Init context for encryption or decryption using a symmetric key.
-+ */
-+static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
-+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
-+ {
-+ CK_RV rv;
-+#ifdef SOLARIS_AES_CTR
-+ CK_AES_CTR_PARAMS ctr_params;
-+#endif /* SOLARIS_AES_CTR */
-+
-+ /*
-+ * We expect pmech->mechanism to be already set and
-+ * pParameter/ulParameterLen initialized to NULL/0 before
-+ * pk11_init_symetric() is called.
-+ */
-+ OPENSSL_assert(pmech->mechanism != 0);
-+ OPENSSL_assert(pmech->pParameter == NULL);
-+ OPENSSL_assert(pmech->ulParameterLen == 0);
-+
-+#ifdef SOLARIS_AES_CTR
-+ if (ctx->cipher->nid == NID_aes_128_ctr ||
-+ ctx->cipher->nid == NID_aes_192_ctr ||
-+ ctx->cipher->nid == NID_aes_256_ctr)
-+ {
-+ pmech->pParameter = (void *)(&ctr_params);
-+ pmech->ulParameterLen = sizeof (ctr_params);
-+ /*
-+ * For now, we are limited to the fixed length of the counter,
-+ * it covers the whole counter block. That's what RFC 4344
-+ * needs. For more information on internal structure of the
-+ * counter block, see RFC 3686. If needed in the future, we can
-+ * add code so that the counter length can be set via
-+ * ENGINE_ctrl() function.
-+ */
-+ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
-+ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
-+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
-+ }
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ {
-+ if (pcipher->iv_len > 0)
-+ {
-+ pmech->pParameter = (void *)ctx->iv;
-+ pmech->ulParameterLen = pcipher->iv_len;
-+ }
-+ }
-+
-+ /* if we get here, the encryption needs to be reinitialized */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+ else
-+ rv = pFuncList->C_DecryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
-+ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+ {
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ PK11_CIPHER *p_ciph_table_row;
-+
-+ state->sp = NULL;
-+
-+ index = cipher_nid_to_pk11(ctx->cipher->nid);
-+ if (index < 0 || index >= PK11_CIPHER_MAX)
-+ return (0);
-+
-+ p_ciph_table_row = &ciphers[index];
-+ /*
-+ * iv_len in the ctx->cipher structure is the maximum IV length for the
-+ * current cipher and it must be less or equal to the IV length in our
-+ * ciphers table. The key length must be in the allowed interval. From
-+ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
-+ * key length to be in some range, all other NIDs have a precise key
-+ * length. Every application can define its own EVP functions so this
-+ * code serves as a sanity check.
-+ *
-+ * Note that the reason why the IV length in ctx->cipher might be
-+ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
-+ * macro to define functions that return EVP structures for all DES
-+ * modes. So, even ECB modes get 8 byte IV.
-+ */
-+ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
-+ ctx->key_len < p_ciph_table_row->min_key_len ||
-+ ctx->key_len > p_ciph_table_row->max_key_len) {
-+ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
-+ return (0);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
-+ return (0);
-+
-+ /* if applicable, the mechanism parameter is used for IV */
-+ mech.mechanism = p_ciph_table_row->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ /* The key object is destroyed here if it is not the current key. */
-+ (void) check_new_cipher_key(sp, key, ctx->key_len);
-+
-+ /*
-+ * If the key is the same and the encryption is also the same, then
-+ * just reuse it. However, we must not forget to reinitialize the
-+ * context that was finalized in pk11_cipher_cleanup().
-+ */
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
-+ sp->opdata_encrypt == ctx->encrypt)
-+ {
-+ state->sp = sp;
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+ /*
-+ * Check if the key has been invalidated. If so, a new key object
-+ * needs to be created.
-+ */
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ sp->opdata_cipher_key = pk11_get_cipher_key(
-+ ctx, key, p_ciph_table_row->key_type, sp);
-+ }
-+
-+ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
-+ {
-+ /*
-+ * The previous encryption/decryption is different. Need to
-+ * terminate the previous * active encryption/decryption here.
-+ */
-+ if (!pk11_cipher_final(sp))
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+ }
-+
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ /* now initialize the context with a new key */
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ sp->opdata_encrypt = ctx->encrypt;
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+/*
-+ * When reusing the same key in an encryption/decryption session for a
-+ * decryption/encryption session, we need to close the active session
-+ * and recreate a new one. Note that the key is in the global session so
-+ * that it needs not be recreated.
-+ *
-+ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
-+ * development, these two functions in the PKCS#11 libraries used return
-+ * unexpected errors when passing in 0 length output. It may be a good
-+ * idea to try them again if performance is a problem here and fix
-+ * C_En/DecryptFinial if there are bugs there causing the problem.
-+ */
-+static int
-+pk11_cipher_final(PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
-+ return (0);
-+ }
-+
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * An engine interface function. The calling function allocates sufficient
-+ * memory for the output buffer "out" to hold the results.
-+ */
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl)
-+#else
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl)
-+#endif
-+ {
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ CK_RV rv;
-+ unsigned long outl = inl;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ sp = (PK11_SESSION *) state->sp;
-+
-+ if (!inl)
-+ return (1);
-+
-+ /* RC4 is the only stream cipher we support */
-+ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ if (ctx->encrypt)
-+ {
-+ rv = pFuncList->C_EncryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_ENCRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+ else
-+ {
-+ rv = pFuncList->C_DecryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_DECRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+
-+ /*
-+ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
-+ * the same size of input.
-+ * The application has guaranteed to call the block ciphers with
-+ * correctly aligned buffers.
-+ */
-+ if (inl != outl)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
-+ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
-+ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
-+ * the engine can't find out that it's the finalizing call. We wouldn't
-+ * necessarily have to finalize the context here since reinitializing it with
-+ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
-+ * let's do it. Some implementations might leak memory if the previously used
-+ * context is initialized without finalizing it first.
-+ */
-+static int
-+pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
-+ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
-+ PK11_CIPHER_STATE *state = ctx->cipher_data;
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * We are not interested in the data here, we just need to get
-+ * rid of the context.
-+ */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptFinal(
-+ state->sp->session, buf, &len);
-+ else
-+ rv = pFuncList->C_DecryptFinal(
-+ state->sp->session, buf, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
-+ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ state->sp = NULL;
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Registered by the ENGINE when used to find out how to deal with
-+ * a particular NID in the ENGINE. This says what we'll do at the
-+ * top level - note, that list is restricted by what we answer with
-+ */
-+/* ARGSUSED */
-+static int
-+pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid)
-+ {
-+ if (!cipher)
-+ return (pk11_usable_ciphers(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_des_ede3_cbc:
-+ *cipher = &pk11_3des_cbc;
-+ break;
-+ case NID_des_cbc:
-+ *cipher = &pk11_des_cbc;
-+ break;
-+ case NID_des_ede3_ecb:
-+ *cipher = &pk11_3des_ecb;
-+ break;
-+ case NID_des_ecb:
-+ *cipher = &pk11_des_ecb;
-+ break;
-+ case NID_aes_128_cbc:
-+ *cipher = &pk11_aes_128_cbc;
-+ break;
-+ case NID_aes_192_cbc:
-+ *cipher = &pk11_aes_192_cbc;
-+ break;
-+ case NID_aes_256_cbc:
-+ *cipher = &pk11_aes_256_cbc;
-+ break;
-+ case NID_aes_128_ecb:
-+ *cipher = &pk11_aes_128_ecb;
-+ break;
-+ case NID_aes_192_ecb:
-+ *cipher = &pk11_aes_192_ecb;
-+ break;
-+ case NID_aes_256_ecb:
-+ *cipher = &pk11_aes_256_ecb;
-+ break;
-+ case NID_bf_cbc:
-+ *cipher = &pk11_bf_cbc;
-+ break;
-+ case NID_rc4:
-+ *cipher = &pk11_rc4;
-+ break;
-+ default:
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * These can't be in separated cases because the NIDs
-+ * here are not constants.
-+ */
-+ if (nid == NID_aes_128_ctr)
-+ *cipher = &pk11_aes_128_ctr;
-+ else if (nid == NID_aes_192_ctr)
-+ *cipher = &pk11_aes_192_ctr;
-+ else if (nid == NID_aes_256_ctr)
-+ *cipher = &pk11_aes_256_ctr;
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ *cipher = NULL;
-+ break;
-+ }
-+ return (*cipher != NULL);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid)
-+ {
-+ if (!digest)
-+ return (pk11_usable_digests(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_md5:
-+ *digest = &pk11_md5;
-+ break;
-+ case NID_sha1:
-+ *digest = &pk11_sha1;
-+ break;
-+ case NID_sha224:
-+ *digest = &pk11_sha224;
-+ break;
-+ case NID_sha256:
-+ *digest = &pk11_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &pk11_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &pk11_sha512;
-+ break;
-+ default:
-+ *digest = NULL;
-+ break;
-+ }
-+ return (*digest != NULL);
-+ }
-+
-+
-+/* Create a secret key object in a PKCS#11 session */
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
-+ CK_ULONG ul_key_attr_count = 6;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_VALUE, (void*) NULL, 0},
-+ };
-+
-+ /*
-+ * Create secret key object in global_session. All other sessions
-+ * can use the key handles. Here is why:
-+ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
-+ * It may then call DecryptInit and DecryptUpdate using the same key.
-+ * To use the same key object, we need to call EncryptFinal with
-+ * a 0 length message. Currently, this does not work for 3DES
-+ * mechanism. To get around this problem, we close the session and
-+ * then create a new session to use the same key object. When a session
-+ * is closed, all the object handles will be invalid. Thus, create key
-+ * objects in a global session, an individual session may be closed to
-+ * terminate the active operation.
-+ */
-+ CK_SESSION_HANDLE session = global_session;
-+ a_key_template[0].pValue = &obj_key;
-+ a_key_template[1].pValue = &key_type;
-+ a_key_template[5].pValue = (void *) key;
-+ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Save the key information used in this session.
-+ * The max can be saved is PK11_KEY_LEN_MAX.
-+ */
-+ sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ?
-+ PK11_KEY_LEN_MAX : ctx->key_len;
-+ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
-+err:
-+
-+ return (h_key);
-+ }
-+
-+static int
-+md_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; i++)
-+ if (digests[i].nid == nid)
-+ return (digests[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_digest_init(EVP_MD_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_SESSION *sp;
-+ PK11_DIGEST *pdp;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ state->sp = NULL;
-+
-+ index = md_nid_to_pk11(ctx->digest->type);
-+ if (index < 0 || index >= PK11_DIGEST_MAX)
-+ return (0);
-+
-+ pdp = &digests[index];
-+ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
-+ return (0);
-+
-+ /* at present, no parameter is needed for supported digests */
-+ mech.mechanism = pdp->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ rv = pFuncList->C_DigestInit(sp->session, &mech);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
-+ pk11_return_session(sp, OP_DIGEST);
-+ return (0);
-+ }
-+
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-+ {
-+ CK_RV rv;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ /* 0 length message will cause a failure in C_DigestFinal */
-+ if (count == 0)
-+ return (1);
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
-+ count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-+ {
-+ CK_RV rv;
-+ unsigned long len;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+ len = ctx->digest->md_size;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ if (ctx->digest->md_size != len)
-+ return (0);
-+
-+ /*
-+ * Final is called and digest is returned, so return the session
-+ * to the pool
-+ */
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-+ {
-+ CK_RV rv;
-+ int ret = 0;
-+ PK11_CIPHER_STATE *state, *state_to;
-+ CK_BYTE_PTR pstate = NULL;
-+ CK_ULONG ul_state_len;
-+
-+ /* The copy-from state */
-+ state = (PK11_CIPHER_STATE *) from->md_data;
-+ if (state == NULL || state->sp == NULL)
-+ goto err;
-+
-+ /* Initialize the copy-to state */
-+ if (!pk11_digest_init(to))
-+ goto err;
-+ state_to = (PK11_CIPHER_STATE *) to->md_data;
-+
-+ /* Get the size of the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+ if (ul_state_len == 0)
-+ {
-+ goto err;
-+ }
-+
-+ pstate = OPENSSL_malloc(ul_state_len);
-+ if (pstate == NULL)
-+ {
-+ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /* Set the operation state of the copy-to session */
-+ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
-+ ul_state_len, 0, 0);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY,
-+ PK11_R_SET_OPERATION_STATE, rv);
-+ goto err;
-+ }
-+
-+ ret = 1;
-+err:
-+ if (pstate != NULL)
-+ OPENSSL_free(pstate);
-+
-+ return (ret);
-+ }
-+
-+/* Return any pending session state to the pool */
-+static int
-+pk11_digest_cleanup(EVP_MD_CTX *ctx)
-+ {
-+ PK11_CIPHER_STATE *state = ctx->md_data;
-+ unsigned char buf[EVP_MAX_MD_SIZE];
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * If state->sp is not NULL then pk11_digest_final() has not
-+ * been called yet. We must call it now to free any memory
-+ * that might have been allocated in the token when
-+ * pk11_digest_init() was called. pk11_digest_final()
-+ * will return the session to the cache.
-+ */
-+ if (!pk11_digest_final(ctx, buf))
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Check if the new key is the same as the key object in the session. If the key
-+ * is the same, no need to create a new key object. Otherwise, the old key
-+ * object needs to be destroyed and a new one will be created. Return 1 for
-+ * cache hit, 0 for cache miss. Note that we must check the key length first
-+ * otherwise we could end up reusing a different, longer key with the same
-+ * prefix.
-+ */
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len)
-+ {
-+ if (sp->opdata_key_len != key_len ||
-+ memcmp(sp->opdata_key, key, key_len) != 0)
-+ {
-+ (void) pk11_destroy_cipher_key_objects(sp);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/* Destroy one or more secret key objects. */
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_CIPHER].head;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
-+ {
-+ /*
-+ * The secret key object is created in the
-+ * global_session. See pk11_get_cipher_key().
-+ */
-+ if (pk11_destroy_object(global_session,
-+ sp->opdata_cipher_key, CK_FALSE) == 0)
-+ goto err;
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ }
-+ }
-+ ret = 1;
-+err:
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_X_509
-+ * CKM_RSA_PKCS
-+ * CKM_DSA
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * Symmetric ciphers optionally supported
-+ *
-+ * CKM_DES3_CBC
-+ * CKM_DES_CBC
-+ * CKM_AES_CBC
-+ * CKM_DES3_ECB
-+ * CKM_DES_ECB
-+ * CKM_AES_ECB
-+ * CKM_AES_CTR
-+ * CKM_RC4
-+ * CKM_BLOWFISH_CBC
-+ *
-+ * Digests optionally supported
-+ *
-+ * CKM_MD5
-+ * CKM_SHA_1
-+ * CKM_SHA224
-+ * CKM_SHA256
-+ * CKM_SHA384
-+ * CKM_SHA512
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ int slot_n_cipher = 0;
-+ int slot_n_digest = 0;
-+ CK_SLOT_ID current_slot = 0;
-+ int current_slot_n_cipher = 0;
-+ int current_slot_n_digest = 0;
-+
-+ int local_cipher_nids[PK11_CIPHER_MAX];
-+ int local_digest_nids[PK11_DIGEST_MAX];
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ CK_BBOOL slot_has_recover = CK_FALSE;
-+ CK_BBOOL slot_has_dsa = CK_FALSE;
-+ CK_BBOOL slot_has_dh = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_RSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ /*
-+ * Check if this slot is capable of encryption,
-+ * decryption, sign, and verify with CKM_RSA_X_509.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_RSA_X_509, &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY) &&
-+ (mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ if (mech_info.flags & CKF_VERIFY_RECOVER)
-+ {
-+ slot_has_recover = CK_TRUE;
-+ }
-+ }
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_DSA.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
-+ &mech_info);
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ slot_has_dsa = CK_TRUE;
-+ }
-+
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ /*
-+ * Check if this slot is capable of DH key generataion and
-+ * derivation.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
-+
-+ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
-+ {
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_DERIVE, &mech_info);
-+ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
-+ {
-+ slot_has_dh = CK_TRUE;
-+ }
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ if (!found_candidate_slot &&
-+ (slot_has_rsa || slot_has_dsa || slot_has_dh))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ pk11_have_recover = slot_has_recover;
-+ pk11_have_dsa = slot_has_dsa;
-+ pk11_have_dh = slot_has_dh;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa/dsa/dh\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ found_candidate_slot = CK_FALSE;
-+ best_slot_sofar = 0;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ current_slot = pSlotList[i];
-+ current_slot_n_cipher = 0;
-+ current_slot_n_digest = 0;
-+ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
-+ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
-+
-+ pk11_find_symmetric_ciphers(pFuncList, current_slot,
-+ ¤t_slot_n_cipher, local_cipher_nids);
-+
-+ pk11_find_digests(pFuncList, current_slot,
-+ ¤t_slot_n_digest, local_digest_nids);
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
-+ current_slot_n_cipher);
-+ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
-+ current_slot_n_digest);
-+ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
-+ PK11_DBG, best_slot_sofar);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * If the current slot supports more ciphers/digests than
-+ * the previous best one we change the current best to this one,
-+ * otherwise leave it where it is.
-+ */
-+ if ((current_slot_n_cipher + current_slot_n_digest) >
-+ (slot_n_cipher + slot_n_digest))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: changing best so far slot to %d\n",
-+ PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = SLOTID = current_slot;
-+ cipher_count = slot_n_cipher = current_slot_n_cipher;
-+ digest_count = slot_n_digest = current_slot_n_digest;
-+ (void) memcpy(cipher_nids, local_cipher_nids,
-+ sizeof (local_cipher_nids));
-+ (void) memcpy(digest_nids, local_digest_nids,
-+ sizeof (local_digest_nids));
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
-+ fprintf(stderr,
-+ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+ fprintf(stderr,
-+ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
-+ fprintf(stderr,
-+ "%s: digest_count %d\n", PK11_DBG, digest_count);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ OPENSSL_free(hw_cnids);
-+ OPENSSL_free(hw_dnids);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
-+ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
-+ int *local_cipher_nids, int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if ((mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT))
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(ciphers[id].nid, hw_cnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_cipher_nids[(*current_slot_n_cipher)++] =
-+ ciphers[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if (mech_info.flags & CKF_DIGEST)
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(digests[id].nid, hw_dnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_digest_nids[(*current_slot_n_digest)++] =
-+ digests[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+/* create a new NID when we have no OID for that mechanism */
-+static int pk11_add_NID(char *sn, char *ln)
-+ {
-+ ASN1_OBJECT *o;
-+ int nid;
-+
-+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
-+ 1, sn, ln)) == NULL)
-+ {
-+ return (0);
-+ }
-+
-+ /* will return NID_undef on error */
-+ nid = OBJ_add_object(o);
-+ ASN1_OBJECT_free(o);
-+
-+ return (nid);
-+ }
-+
-+/*
-+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
-+ * have to help ourselves here.
-+ */
-+static int pk11_add_aes_ctr_NIDs(void)
-+ {
-+ /* are we already set? */
-+ if (NID_aes_256_ctr != NID_undef)
-+ return (1);
-+
-+ /*
-+ * There are no official names for AES counter modes yet so we just
-+ * follow the format of those that exist.
-+ */
-+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
-+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
-+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
-+ return (1);
-+
-+err:
-+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
-+ return (0);
-+ }
-+#endif /* SOLARIS_AES_CTR */
-+
-+/* Find what symmetric ciphers this slot supports. */
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; ++i)
-+ {
-+ pk11_get_symmetric_cipher(pflist, current_slot,
-+ ciphers[i].mech_type, current_slot_n_cipher,
-+ local_cipher_nids, ciphers[i].id);
-+ }
-+ }
-+
-+/* Find what digest algorithms this slot supports. */
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; ++i)
-+ {
-+ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
-+ current_slot_n_digest, local_digest_nids, digests[i].id);
-+ }
-+ }
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * It would be great if we could use pkcs11_kernel directly since this library
-+ * offers hardware slots only. That's the easiest way to achieve the situation
-+ * where we use the hardware accelerators when present and OpenSSL native code
-+ * otherwise. That presumes the fact that OpenSSL native code is faster than the
-+ * code in the soft token. It's a logical assumption - Crypto Framework has some
-+ * inherent overhead so going there for the software implementation of a
-+ * mechanism should be logically slower in contrast to the OpenSSL native code,
-+ * presuming that both implementations are of similar speed. For example, the
-+ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
-+ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
-+ * that use the PKCS#11 engine by default, we must somehow avoid that regression
-+ * on machines without hardware acceleration. That's why switching to the
-+ * pkcs11_kernel library seems like a very good idea.
-+ *
-+ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
-+ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
-+ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
-+ * library, we would have had a performance regression on machines without
-+ * hardware acceleration for asymmetric operations for all applications that use
-+ * the PKCS#11 engine. There is one such application - Apache web server since
-+ * it's shipped configured to use the PKCS#11 engine by default. Having said
-+ * that, we can't switch to the pkcs11_kernel library now and have to come with
-+ * a solution that, on non-accelerated machines, uses the OpenSSL native code
-+ * for all symmetric ciphers and digests while it uses the soft token for
-+ * asymmetric operations.
-+ *
-+ * This is the idea: dlopen() pkcs11_kernel directly and find out what
-+ * mechanisms are there. We don't care about duplications (more slots can
-+ * support the same mechanism), we just want to know what mechanisms can be
-+ * possibly supported in hardware on that particular machine. As said before,
-+ * pkcs11_kernel will show you hardware providers only.
-+ *
-+ * Then, we rely on the fact that since we use libpkcs11 library we will find
-+ * the metaslot. When we go through the metaslot's mechanisms for symmetric
-+ * ciphers and digests, we check that any found mechanism is in the table
-+ * created using the pkcs11_kernel library. So, as a result we have two arrays
-+ * of mechanisms that were advertised as supported in hardware which was the
-+ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
-+ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
-+ * information.
-+ *
-+ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
-+ * the code won't be used.
-+ */
-+#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
-+static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
-+#else
-+static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
-+#endif
-+
-+/*
-+ * Check hardware capabilities of the machines. The output are two lists,
-+ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
-+ * providers together. They are not sorted and may contain duplicate mechanisms.
-+ */
-+static int check_hw_mechanisms(void)
-+ {
-+ int i;
-+ CK_RV rv;
-+ void *handle;
-+ CK_C_GetFunctionList p;
-+ CK_TOKEN_INFO token_info;
-+ CK_ULONG ulSlotCount = 0;
-+ int n_cipher = 0, n_digest = 0;
-+ CK_FUNCTION_LIST_PTR pflist = NULL;
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
-+ int hw_ctable_size, hw_dtable_size;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
-+ PK11_DBG);
-+#endif
-+ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ if ((p = (CK_C_GetFunctionList)dlsym(handle,
-+ PK11_GET_FUNCTION_LIST)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ if (p(&pflist) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /* no slots, set the hw mechanism tables as empty */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
-+#endif
-+ hw_cnids = OPENSSL_malloc(sizeof (int));
-+ hw_dnids = OPENSSL_malloc(sizeof (int));
-+ if (hw_cnids == NULL || hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ /* this means empty tables */
-+ hw_cnids[0] = NID_undef;
-+ hw_dnids[0] = NID_undef;
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the slot list for processing */
-+ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /*
-+ * We don't care about duplicit mechanisms in multiple slots and also
-+ * reserve one slot for the terminal NID_undef which we use to stop the
-+ * search.
-+ */
-+ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
-+ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
-+ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
-+ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
-+ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * Do not use memset since we should not rely on the fact that NID_undef
-+ * is zero now.
-+ */
-+ for (i = 0; i < hw_ctable_size; ++i)
-+ tmp_hw_cnids[i] = NID_undef;
-+ for (i = 0; i < hw_dtable_size; ++i)
-+ tmp_hw_dnids[i] = NID_undef;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
-+ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
-+ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
-+ PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * We are filling the hw mech tables here. Global tables are
-+ * still NULL so all mechanisms are put into tmp tables.
-+ */
-+ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
-+ &n_cipher, tmp_hw_cnids);
-+ pk11_find_digests(pflist, pSlotList[i],
-+ &n_digest, tmp_hw_dnids);
-+ }
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects. Also, C_Finalize() is triggered by
-+ * dlclose(3C).
-+ */
-+#if 0
-+ pflist->C_Finalize(NULL);
-+#endif
-+ OPENSSL_free(pSlotList);
-+ (void) dlclose(handle);
-+ hw_cnids = tmp_hw_cnids;
-+ hw_dnids = tmp_hw_dnids;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+
-+err:
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+ if (tmp_hw_cnids != NULL)
-+ OPENSSL_free(tmp_hw_cnids);
-+ if (tmp_hw_dnids != NULL)
-+ OPENSSL_free(tmp_hw_dnids);
-+
-+ return (0);
-+ }
-+
-+/*
-+ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
-+ * non-existent).
-+ */
-+static int nid_in_table(int nid, int *nid_table)
-+ {
-+ int i = 0;
-+
-+ /*
-+ * a special case. NULL means that we are initializing a new
-+ * table.
-+ */
-+ if (nid_table == NULL)
-+ return (1);
-+
-+ /*
-+ * the table is never full, there is always at least one
-+ * NID_undef.
-+ */
-+ while (nid_table[i] != NID_undef)
-+ {
-+ if (nid_table[i++] == nid)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+ }
-+
-+ return (0);
-+ }
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11_err.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.4.10.1
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 21:52:40 2011
-@@ -0,0 +1,288 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_err.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/err.h>
-+#include "hw_pk11_err.h"
-+
-+/* BEGIN ERROR CODES */
-+#ifndef OPENSSL_NO_ERR
-+static ERR_STRING_DATA pk11_str_functs[]=
-+{
-+{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
-+{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
-+{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
-+{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
-+{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
-+{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
-+{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
-+{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
-+{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
-+{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
-+{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
-+{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
-+{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
-+{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
-+{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
-+{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
-+{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
-+{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
-+{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
-+{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
-+{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
-+{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
-+{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
-+{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
-+{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
-+{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
-+{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
-+{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
-+{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
-+{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
-+{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
-+{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
-+{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
-+{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
-+{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
-+{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
-+{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
-+{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
-+{ 0, NULL}
-+};
-+
-+static ERR_STRING_DATA pk11_str_reasons[]=
-+{
-+{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
-+{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
-+{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
-+{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
-+{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
-+{ PK11_R_INITIALIZE, "C_Initialize failed"},
-+{ PK11_R_FINALIZE, "C_Finalize failed"},
-+{ PK11_R_GETINFO, "C_GetInfo faile"},
-+{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
-+{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
-+{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
-+{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
-+{ PK11_R_NO_MODULUS, "no modulus"},
-+{ PK11_R_NO_EXPONENT, "no exponent"},
-+{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
-+{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
-+{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
-+{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
-+{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
-+{ PK11_R_OPENSESSION, "C_OpenSession failed"},
-+{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
-+{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
-+{ PK11_R_ENCRYPT, "C_Encrypt failed"},
-+{ PK11_R_SIGNINIT, "C_SignInit failed"},
-+{ PK11_R_SIGN, "C_Sign failed"},
-+{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
-+{ PK11_R_DECRYPT, "C_Decrypt failed"},
-+{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
-+{ PK11_R_VERIFY, "C_Verify failed"},
-+{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
-+{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
-+{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
-+{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
-+{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
-+{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
-+{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
-+{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
-+{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
-+{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
-+{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
-+{ PK11_R_MALLOC_FAILURE, "malloc failure"},
-+{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
-+{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
-+{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
-+{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
-+{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
-+{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
-+{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
-+{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
-+{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
-+{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
-+{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
-+{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
-+{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
-+{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
-+{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
-+{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
-+{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
-+{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
-+{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
-+{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
-+{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
-+{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
-+{ PK11_R_ATFORK_FAILED, "atfork() failed" },
-+{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
-+{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
-+{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
-+{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
-+{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
-+{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
-+{ PK11_R_PIPE_FAILED, "pipe() failed" },
-+{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
-+{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
-+{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
-+{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
-+{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
-+{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
-+{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
-+{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
-+{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
-+{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
-+{ PK11_R_MMAP_FAILED, "mmap() failed" },
-+{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
-+{ PK11_R_MLOCK_FAILED, "mlock() failed" },
-+{ PK11_R_FORK_FAILED, "fork() failed" },
-+{ 0, NULL}
-+};
-+#endif /* OPENSSL_NO_ERR */
-+
-+static int pk11_lib_error_code = 0;
-+static int pk11_error_init = 1;
-+
-+static void
-+ERR_load_pk11_strings(void)
-+ {
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+
-+ if (pk11_error_init)
-+ {
-+ pk11_error_init = 0;
-+#ifndef OPENSSL_NO_ERR
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ }
-+}
-+
-+static void
-+ERR_unload_pk11_strings(void)
-+ {
-+ if (pk11_error_init == 0)
-+ {
-+#ifndef OPENSSL_NO_ERR
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ pk11_error_init = 1;
-+ }
-+}
-+
-+void
-+ERR_pk11_error(int function, int reason, char *file, int line)
-+{
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-+}
-+
-+void
-+PK11err_add_data(int function, int reason, CK_RV rv)
-+{
-+ char tmp_buf[20];
-+
-+ PK11err(function, reason);
-+ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
-+ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-+}
-Index: openssl/crypto/engine/hw_pk11_err.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.9.10.1
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:52:40 2011
-@@ -0,0 +1,440 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#ifndef HW_PK11_ERR_H
-+#define HW_PK11_ERR_H
-+
-+void ERR_pk11_error(int function, int reason, char *file, int line);
-+void PK11err_add_data(int function, int reason, CK_RV rv);
-+#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
-+
-+/* Error codes for the PK11 functions. */
-+
-+/* Function codes. */
-+
-+#define PK11_F_INIT 100
-+#define PK11_F_FINISH 101
-+#define PK11_F_DESTROY 102
-+#define PK11_F_CTRL 103
-+#define PK11_F_RSA_INIT 104
-+#define PK11_F_RSA_FINISH 105
-+#define PK11_F_GET_PUB_RSA_KEY 106
-+#define PK11_F_GET_PRIV_RSA_KEY 107
-+#define PK11_F_RSA_GEN_KEY 108
-+#define PK11_F_RSA_PUB_ENC 109
-+#define PK11_F_RSA_PRIV_ENC 110
-+#define PK11_F_RSA_PUB_DEC 111
-+#define PK11_F_RSA_PRIV_DEC 112
-+#define PK11_F_RSA_SIGN 113
-+#define PK11_F_RSA_VERIFY 114
-+#define PK11_F_RAND_ADD 115
-+#define PK11_F_RAND_BYTES 116
-+#define PK11_F_GET_SESSION 117
-+#define PK11_F_FREE_SESSION 118
-+#define PK11_F_LOAD_PUBKEY 119
-+#define PK11_F_LOAD_PRIVKEY 120
-+#define PK11_F_RSA_PUB_ENC_LOW 121
-+#define PK11_F_RSA_PRIV_ENC_LOW 122
-+#define PK11_F_RSA_PUB_DEC_LOW 123
-+#define PK11_F_RSA_PRIV_DEC_LOW 124
-+#define PK11_F_DSA_SIGN 125
-+#define PK11_F_DSA_VERIFY 126
-+#define PK11_F_DSA_INIT 127
-+#define PK11_F_DSA_FINISH 128
-+#define PK11_F_GET_PUB_DSA_KEY 129
-+#define PK11_F_GET_PRIV_DSA_KEY 130
-+#define PK11_F_DH_INIT 131
-+#define PK11_F_DH_FINISH 132
-+#define PK11_F_MOD_EXP_DH 133
-+#define PK11_F_GET_DH_KEY 134
-+#define PK11_F_FREE_ALL_SESSIONS 135
-+#define PK11_F_SETUP_SESSION 136
-+#define PK11_F_DESTROY_OBJECT 137
-+#define PK11_F_CIPHER_INIT 138
-+#define PK11_F_CIPHER_DO_CIPHER 139
-+#define PK11_F_GET_CIPHER_KEY 140
-+#define PK11_F_DIGEST_INIT 141
-+#define PK11_F_DIGEST_UPDATE 142
-+#define PK11_F_DIGEST_FINAL 143
-+#define PK11_F_CHOOSE_SLOT 144
-+#define PK11_F_CIPHER_FINAL 145
-+#define PK11_F_LIBRARY_INIT 146
-+#define PK11_F_LOAD 147
-+#define PK11_F_DH_GEN_KEY 148
-+#define PK11_F_DH_COMP_KEY 149
-+#define PK11_F_DIGEST_COPY 150
-+#define PK11_F_CIPHER_CLEANUP 151
-+#define PK11_F_ACTIVE_ADD 152
-+#define PK11_F_ACTIVE_DELETE 153
-+#define PK11_F_CHECK_HW_MECHANISMS 154
-+#define PK11_F_INIT_SYMMETRIC 155
-+#define PK11_F_ADD_AES_CTR_NIDS 156
-+#define PK11_F_INIT_ALL_LOCKS 157
-+#define PK11_F_RETURN_SESSION 158
-+#define PK11_F_GET_PIN 159
-+#define PK11_F_FIND_ONE_OBJECT 160
-+#define PK11_F_CHECK_TOKEN_ATTRS 161
-+#define PK11_F_CACHE_PIN 162
-+#define PK11_F_MLOCK_PIN_IN_MEMORY 163
-+#define PK11_F_TOKEN_LOGIN 164
-+#define PK11_F_TOKEN_RELOGIN 165
-+#define PK11_F_RUN_ASKPASS 166
-+
-+/* Reason codes. */
-+#define PK11_R_ALREADY_LOADED 100
-+#define PK11_R_DSO_FAILURE 101
-+#define PK11_R_NOT_LOADED 102
-+#define PK11_R_PASSED_NULL_PARAMETER 103
-+#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
-+#define PK11_R_INITIALIZE 105
-+#define PK11_R_FINALIZE 106
-+#define PK11_R_GETINFO 107
-+#define PK11_R_GETSLOTLIST 108
-+#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
-+#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
-+#define PK11_R_GETATTRIBUTVALUE 111
-+#define PK11_R_NO_MODULUS 112
-+#define PK11_R_NO_EXPONENT 113
-+#define PK11_R_FINDOBJECTSINIT 114
-+#define PK11_R_FINDOBJECTS 115
-+#define PK11_R_FINDOBJECTSFINAL 116
-+#define PK11_R_CREATEOBJECT 118
-+#define PK11_R_DESTROYOBJECT 119
-+#define PK11_R_OPENSESSION 120
-+#define PK11_R_CLOSESESSION 121
-+#define PK11_R_ENCRYPTINIT 122
-+#define PK11_R_ENCRYPT 123
-+#define PK11_R_SIGNINIT 124
-+#define PK11_R_SIGN 125
-+#define PK11_R_DECRYPTINIT 126
-+#define PK11_R_DECRYPT 127
-+#define PK11_R_VERIFYINIT 128
-+#define PK11_R_VERIFY 129
-+#define PK11_R_VERIFYRECOVERINIT 130
-+#define PK11_R_VERIFYRECOVER 131
-+#define PK11_R_GEN_KEY 132
-+#define PK11_R_SEEDRANDOM 133
-+#define PK11_R_GENERATERANDOM 134
-+#define PK11_R_INVALID_MESSAGE_LENGTH 135
-+#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
-+#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
-+#define PK11_R_UNKNOWN_PADDING_TYPE 138
-+#define PK11_R_PADDING_CHECK_FAILED 139
-+#define PK11_R_DIGEST_TOO_BIG 140
-+#define PK11_R_MALLOC_FAILURE 141
-+#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
-+#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
-+#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
-+#define PK11_R_MISSING_KEY_COMPONENT 145
-+#define PK11_R_INVALID_SIGNATURE_LENGTH 146
-+#define PK11_R_INVALID_DSA_SIGNATURE_R 147
-+#define PK11_R_INVALID_DSA_SIGNATURE_S 148
-+#define PK11_R_INCONSISTENT_KEY 149
-+#define PK11_R_ENCRYPTUPDATE 150
-+#define PK11_R_DECRYPTUPDATE 151
-+#define PK11_R_DIGESTINIT 152
-+#define PK11_R_DIGESTUPDATE 153
-+#define PK11_R_DIGESTFINAL 154
-+#define PK11_R_ENCRYPTFINAL 155
-+#define PK11_R_DECRYPTFINAL 156
-+#define PK11_R_NO_PRNG_SUPPORT 157
-+#define PK11_R_GETTOKENINFO 158
-+#define PK11_R_DERIVEKEY 159
-+#define PK11_R_GET_OPERATION_STATE 160
-+#define PK11_R_SET_OPERATION_STATE 161
-+#define PK11_R_INVALID_HANDLE 162
-+#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
-+#define PK11_R_INVALID_OPERATION_TYPE 164
-+#define PK11_R_ADD_NID_FAILED 165
-+#define PK11_R_ATFORK_FAILED 166
-+
-+#define PK11_R_TOKEN_LOGIN_FAILED 167
-+#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
-+#define PK11_R_INVALID_PKCS11_URI 169
-+#define PK11_R_COULD_NOT_READ_PIN 170
-+#define PK11_R_COULD_NOT_OPEN_COMMAND 171
-+#define PK11_R_PIPE_FAILED 172
-+#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
-+#define PK11_R_BAD_PASSPHRASE_SPEC 174
-+#define PK11_R_TOKEN_NOT_INITIALIZED 175
-+#define PK11_R_TOKEN_PIN_NOT_SET 176
-+#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
-+#define PK11_R_MISSING_OBJECT_LABEL 178
-+#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
-+#define PK11_R_PRIV_KEY_NOT_FOUND 180
-+#define PK11_R_NO_OBJECT_FOUND 181
-+#define PK11_R_PIN_CACHING_POLICY_INVALID 182
-+#define PK11_R_SYSCONF_FAILED 183
-+#define PK11_R_MMAP_FAILED 183
-+#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
-+#define PK11_R_MLOCK_FAILED 185
-+#define PK11_R_FORK_FAILED 186
-+
-+/* max byte length of a symetric key we support */
-+#define PK11_KEY_LEN_MAX 32
-+
-+#ifdef NOPTHREADS
-+/*
-+ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
-+ * free_session list and active_list but generally serves as a global
-+ * per-process lock for the whole engine.
-+ *
-+ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
-+ * the global engine lock. This is not optimal w.r.t. performance but
-+ * it's safe.
-+ */
-+#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
-+#endif
-+
-+/*
-+ * This structure encapsulates all reusable information for a PKCS#11
-+ * session. A list of these objects is created on behalf of the
-+ * calling application using an on-demand method. Each operation
-+ * type (see PK11_OPTYPE below) has its own per-process list.
-+ * Each of the lists is basically a cache for faster PKCS#11 object
-+ * access to avoid expensive C_Find{,Init,Final}Object() calls.
-+ *
-+ * When a new request comes in, an object will be taken from the list
-+ * (if there is one) or a new one is created to handle the request
-+ * (if the list is empty). See pk11_get_session() on how it is done.
-+ */
-+typedef struct PK11_st_SESSION
-+ {
-+ struct PK11_st_SESSION *next;
-+ CK_SESSION_HANDLE session; /* PK11 session handle */
-+ pid_t pid; /* Current process ID */
-+ CK_BBOOL pub_persistent; /* is pub key in keystore? */
-+ CK_BBOOL priv_persistent;/* is priv key in keystore? */
-+ union
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
-+ RSA *rsa_pub; /* pub key addr */
-+ BIGNUM *rsa_n_num; /* pub modulus */
-+ BIGNUM *rsa_e_num; /* pub exponent */
-+ RSA *rsa_priv; /* priv key addr */
-+ BIGNUM *rsa_pn_num; /* pub modulus */
-+ BIGNUM *rsa_pe_num; /* pub exponent */
-+ BIGNUM *rsa_d_num; /* priv exponent */
-+ } u_RSA;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
-+ DSA *dsa_pub; /* pub key addr */
-+ BIGNUM *dsa_pub_num; /* pub key */
-+ DSA *dsa_priv; /* priv key addr */
-+ BIGNUM *dsa_priv_num; /* priv key */
-+ } u_DSA;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dh_key; /* key handle */
-+ DH *dh; /* dh key addr */
-+ BIGNUM *dh_priv_num; /* priv dh key */
-+ } u_DH;
-+#endif /* OPENSSL_NO_DH */
-+ struct
-+ {
-+ CK_OBJECT_HANDLE cipher_key; /* key handle */
-+ unsigned char key[PK11_KEY_LEN_MAX];
-+ int key_len; /* priv key len */
-+ int encrypt; /* 1/0 enc/decr */
-+ } u_cipher;
-+ } opdata_u;
-+ } PK11_SESSION;
-+
-+#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
-+#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
-+#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
-+#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
-+#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
-+#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
-+#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
-+#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
-+#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
-+#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
-+#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
-+#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
-+#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
-+#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
-+#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
-+#define opdata_dh_key opdata_u.u_DH.dh_key
-+#define opdata_dh opdata_u.u_DH.dh
-+#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
-+#define opdata_cipher_key opdata_u.u_cipher.cipher_key
-+#define opdata_key opdata_u.u_cipher.key
-+#define opdata_key_len opdata_u.u_cipher.key_len
-+#define opdata_encrypt opdata_u.u_cipher.encrypt
-+
-+/*
-+ * We have 3 different groups of operation types:
-+ * 1) asymmetric operations
-+ * 2) random operations
-+ * 3) symmetric and digest operations
-+ *
-+ * This division into groups stems from the fact that it's common that hardware
-+ * providers may support operations from one group only. For example, hardware
-+ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
-+ * only a single group of operations.
-+ *
-+ * For every group a different slot can be chosen. That means that we must have
-+ * at least 3 different lists of cached PKCS#11 sessions since sessions from
-+ * different groups may be initialized in different slots.
-+ *
-+ * To provide locking granularity in multithreaded environment, the groups are
-+ * further splitted into types with each type having a separate session cache.
-+ */
-+typedef enum PK11_OPTYPE_ENUM
-+ {
-+ OP_RAND,
-+ OP_RSA,
-+ OP_DSA,
-+ OP_DH,
-+ OP_CIPHER,
-+ OP_DIGEST,
-+ OP_MAX
-+ } PK11_OPTYPE;
-+
-+/*
-+ * This structure contains the heads of the lists forming the object caches
-+ * and locks associated with the lists.
-+ */
-+typedef struct PK11_st_CACHE
-+ {
-+ PK11_SESSION *head;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *lock;
-+#endif
-+ } PK11_CACHE;
-+
-+/* structure for tracking handles of asymmetric key objects */
-+typedef struct PK11_active_st
-+ {
-+ CK_OBJECT_HANDLE h;
-+ unsigned int refcnt;
-+ struct PK11_active_st *prev;
-+ struct PK11_active_st *next;
-+ } PK11_active;
-+
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *find_lock[];
-+#endif
-+extern PK11_active *active_list[];
-+/*
-+ * These variables are specific for the RSA keys by reference code. See
-+ * hw_pk11_pub.c for explanation.
-+ */
-+extern CK_FLAGS pubkey_token_flags;
-+
-+#ifndef NOPTHREADS
-+#define LOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_lock(find_lock[alg_type])
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_unlock(find_lock[alg_type])
-+#else
-+#define LOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
-+#endif
-+
-+extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+extern int pk11_token_relogin(CK_SESSION_HANDLE session);
-+
-+#ifndef OPENSSL_NO_RSA
-+extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern RSA_METHOD *PK11_RSA(void);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DSA_METHOD *PK11_DSA(void);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DH_METHOD *PK11_DH(void);
-+#endif /* OPENSSL_NO_DH */
-+
-+extern CK_FUNCTION_LIST_PTR pFuncList;
-+
-+#endif /* HW_PK11_ERR_H */
-Index: openssl/crypto/engine/hw_pk11_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.32.4.4
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:10 2012
-@@ -0,0 +1,3530 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif /* OPENSSL_NO_DH */
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+#ifndef OPENSSL_NO_RSA
-+/* RSA stuff */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_init(RSA *rsa);
-+static int pk11_RSA_finish(RSA *rsa);
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#else
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#endif
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+#endif
-+
-+/* DSA stuff */
-+#ifndef OPENSSL_NO_DSA
-+static int pk11_DSA_init(DSA *dsa);
-+static int pk11_DSA_finish(DSA *dsa);
-+static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa);
-+static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
-+
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
-+#endif
-+
-+/* DH stuff */
-+#ifndef OPENSSL_NO_DH
-+static int pk11_DH_init(DH *dh);
-+static int pk11_DH_finish(DH *dh);
-+static int pk11_DH_generate_key(DH *dh);
-+static int pk11_DH_compute_key(unsigned char *key,
-+ const BIGNUM *pub_key, DH *dh);
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
-+ BIGNUM **priv_key, CK_SESSION_HANDLE session);
-+
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
-+#endif
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa =
-+ {
-+ "PKCS#11 RSA method",
-+ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
-+ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
-+ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
-+ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
-+ NULL, /* rsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_RSA_init, /* init */
-+ pk11_RSA_finish, /* finish */
-+ RSA_FLAG_SIGN_VER, /* flags */
-+ NULL, /* app_data */
-+ pk11_RSA_sign, /* rsa_sign */
-+ pk11_RSA_verify /* rsa_verify */
-+ };
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ return (&pk11_rsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Our internal DSA_METHOD that we provide pointers to */
-+static DSA_METHOD pk11_dsa =
-+ {
-+ "PKCS#11 DSA method",
-+ pk11_dsa_do_sign, /* dsa_do_sign */
-+ NULL, /* dsa_sign_setup */
-+ pk11_dsa_do_verify, /* dsa_do_verify */
-+ NULL, /* dsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_DSA_init, /* init */
-+ pk11_DSA_finish, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+ };
-+
-+DSA_METHOD *
-+PK11_DSA(void)
-+ {
-+ return (&pk11_dsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DH
-+/*
-+ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
-+ * output buffer may somewhat exceed the precise number of bytes needed, but
-+ * should not exceed it by a large amount. That may be caused, for example, by
-+ * rounding it up to multiple of X in the underlying bignum library. 8 should be
-+ * enough.
-+ */
-+#define DH_BUF_RESERVE 8
-+
-+/* Our internal DH_METHOD that we provide pointers to */
-+static DH_METHOD pk11_dh =
-+ {
-+ "PKCS#11 DH method",
-+ pk11_DH_generate_key, /* generate_key */
-+ pk11_DH_compute_key, /* compute_key */
-+ NULL, /* bn_mod_exp */
-+ pk11_DH_init, /* init */
-+ pk11_DH_finish, /* finish */
-+ 0, /* flags */
-+ NULL, /* app_data */
-+ NULL /* generate_params */
-+ };
-+
-+DH_METHOD *
-+PK11_DH(void)
-+ {
-+ return (&pk11_dh);
-+ }
-+#endif
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+/* Lengths of DSA data and signature */
-+#define DSA_DATA_LEN 20
-+#define DSA_SIGNATURE_LEN 40
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+#ifndef OPENSSL_NO_RSA
-+/*
-+ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
-+ * support all paddings in this engine although PK11 library does not
-+ * support all the paddings used in OpenSSL.
-+ * The input errors should have been checked in the padding functions.
-+ */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ i = RSA_padding_add_SSLv23(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+
-+/*
-+ * Similar to Openssl to take advantage of the paddings. The input errors
-+ * should be catched in the padding functions
-+ */
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ case RSA_SSLV23_PADDING:
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int j, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+
-+ num = BN_num_bytes(rsa->n);
-+
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ /* make data into a big number */
-+ if (BN_bin2bn(from, (int)flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's paddings here.
-+ */
-+ for (j = 0; j < r; j++)
-+ if (buf[j] != 0)
-+ break;
-+
-+ p = buf + j;
-+ j = r - j; /* j is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ r = RSA_padding_check_SSLv23(to, num, p, j, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, j, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int i, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+ num = BN_num_bytes(rsa->n);
-+ buf = (unsigned char *)OPENSSL_malloc(num);
-+ if (buf == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ if (BN_bin2bn(from, flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's here
-+ */
-+ for (i = 0; i < r; i++)
-+ if (buf[i] != 0)
-+ break;
-+
-+ p = buf + i;
-+ i = r - i; /* i is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, i, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/*
-+ * This function implements RSA public encryption using C_EncryptInit and
-+ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_encrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Encrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_encrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_encrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private encryption using C_SignInit and
-+ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG ul_sig_len = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ {
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
-+ PK11_R_SIGNINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char *)from, flen, to, &ul_sig_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
-+ rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ retval = ul_sig_len;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private decryption using C_DecryptInit and
-+ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Decrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA public decryption using C_VerifyRecoverInit
-+ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyRecoverInit(sp->session,
-+ p_mech, h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVERINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_VerifyRecover(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVER, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+static int pk11_RSA_init(RSA *rsa)
-+ {
-+ /*
-+ * This flag in the RSA_METHOD enables the new rsa_sign,
-+ * rsa_verify functions. See rsa.h for details.
-+ */
-+ rsa->flags |= RSA_FLAG_SIGN_VER;
-+
-+ return (1);
-+ }
-+
-+static int pk11_RSA_finish(RSA *rsa)
-+ {
-+ /*
-+ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
-+ * to do the same as in the original function, i.e. to free bignum
-+ * structures.
-+ */
-+ if (rsa->_method_mod_n != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_n);
-+ if (rsa->_method_mod_p != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_p);
-+ if (rsa->_method_mod_q != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_q);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#else
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#endif
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto err;
-+ }
-+ rv = pFuncList->C_Verify(sp->session, s, i,
-+ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* The DSA function implementation */
-+/* ARGSUSED */
-+static int pk11_DSA_init(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DSA_finish(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+
-+static DSA_SIG *
-+pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-+ {
-+ BIGNUM *r = NULL, *s = NULL;
-+ int i;
-+ DSA_SIG *dsa_sig = NULL;
-+
-+ CK_RV rv;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+
-+ /*
-+ * The signature is the concatenation of r and s,
-+ * each is 20 bytes long
-+ */
-+ unsigned char sigret[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_priv(sp, dsa);
-+
-+ h_priv_key = sp->opdata_dsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_dsa_priv_key =
-+ pk11_get_private_dsa_key((DSA *)dsa,
-+ &sp->opdata_dsa_priv,
-+ &sp->opdata_dsa_priv_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto ret;
-+ }
-+
-+ (void) memset(sigret, 0, siglen);
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char*) dgst, dlen, sigret,
-+ (CK_ULONG_PTR) &siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
-+ goto ret;
-+ }
-+ }
-+
-+
-+ if ((s = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((r = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((dsa_sig = DSA_SIG_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
-+ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ dsa_sig->r = r;
-+ dsa_sig->s = s;
-+
-+ret:
-+ if (dsa_sig == NULL)
-+ {
-+ if (r != NULL)
-+ BN_free(r);
-+ if (s != NULL)
-+ BN_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (dsa_sig);
-+ }
-+
-+static int
-+pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
-+ DSA *dsa)
-+ {
-+ int i;
-+ CK_RV rv;
-+ int retval = 0;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+
-+ unsigned char sigbuf[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_R);
-+ goto ret;
-+ }
-+
-+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_S);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_pub(sp, dsa);
-+
-+ h_pub_key = sp->opdata_dsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_dsa_pub_key =
-+ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
-+ &sp->opdata_dsa_pub_num, sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto ret;
-+ }
-+
-+ /*
-+ * The representation of each of the two big numbers could
-+ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
-+ * to act accordingly and shift if necessary.
-+ */
-+ (void) memset(sigbuf, 0, siglen);
-+ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
-+ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
-+ BN_num_bytes(sig->s));
-+
-+ rv = pFuncList->C_Verify(sp->session,
-+ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto ret;
-+ }
-+ }
-+
-+ retval = 1;
-+ret:
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * Create a public key object in a session from a given dsa structure.
-+ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ if (init_template_value(dsa->p, &a_key_template[4].pValue,
-+ &a_key_template[4].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_pub_num != NULL)
-+ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ for (i = 4; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given dsa structure
-+ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ int i;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 9;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(dsa->p, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_priv_num != NULL)
-+ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ /*
-+ * 5 to 8 entries in the key template are key components.
-+ * They need to be freed apon exit or error.
-+ */
-+ for (i = 5; i <= 8; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only public key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_pub != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only private key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_priv != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+
-+#ifndef OPENSSL_NO_DH
-+/* The DH function implementation */
-+/* ARGSUSED */
-+static int pk11_DH_init(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DH_finish(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/*
-+ * Generate DH key-pair.
-+ *
-+ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
-+ * and override it even if it is set. OpenSSL does not touch dh->priv_key
-+ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
-+ * is not capable of providing this functionality. This could be a problem
-+ * for applications relying on OpenSSL's semantics.
-+ */
-+static int pk11_DH_generate_key(DH *dh)
-+ {
-+ CK_ULONG i;
-+ CK_RV rv, rv1;
-+ int reuse_mem_len = 0, ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ CK_BYTE_PTR reuse_mem;
-+
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_pub_key_attr_count = 3;
-+ CK_ATTRIBUTE pub_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *)NULL, 0},
-+ {CKA_BASE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG ul_priv_key_attr_count = 3;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_SENSITIVE, &false, sizeof (false)},
-+ {CKA_DERIVE, &true, sizeof (true)}
-+ };
-+
-+ CK_ULONG pub_key_attr_result_count = 1;
-+ CK_ATTRIBUTE pub_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
-+ if (pub_key_template[1].ulValueLen > 0)
-+ {
-+ /*
-+ * We must not increase ulValueLen by DH_BUF_RESERVE since that
-+ * could cause the same rounding problem. See definition of
-+ * DH_BUF_RESERVE above.
-+ */
-+ pub_key_template[1].pValue =
-+ OPENSSL_malloc(pub_key_template[1].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[1].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
-+ if (pub_key_template[2].ulValueLen > 0)
-+ {
-+ pub_key_template[2].pValue =
-+ OPENSSL_malloc(pub_key_template[2].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[2].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ /*
-+ * Note: we are only using PK11_SESSION structure for getting
-+ * a session handle. The objects created in this function are
-+ * destroyed before return and thus not cached.
-+ */
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ rv = pFuncList->C_GenerateKeyPair(sp->session,
-+ &mechanism,
-+ pub_key_template,
-+ ul_pub_key_attr_count,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_pub_key,
-+ &h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Reuse the larger memory allocated. We know the larger memory
-+ * should be sufficient for reuse.
-+ */
-+ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
-+ {
-+ reuse_mem = pub_key_template[1].pValue;
-+ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
-+ }
-+ else
-+ {
-+ reuse_mem = pub_key_template[2].pValue;
-+ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK || rv1 != CKR_OK)
-+ {
-+ rv = (rv != CKR_OK) ? rv : rv1;
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
-+ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+
-+ /* Reuse the memory allocated */
-+ pub_key_result[0].pValue = reuse_mem;
-+ pub_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (pub_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->pub_key == NULL)
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
-+ pub_key_result[0].ulValueLen, dh->pub_key);
-+ if (dh->pub_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ /* Reuse the memory allocated */
-+ priv_key_result[0].pValue = reuse_mem;
-+ priv_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->priv_key == NULL)
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
-+ priv_key_result[0].ulValueLen, dh->priv_key);
-+ if (dh->priv_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ ret = 1;
-+
-+err:
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ for (i = 1; i <= 2; i++)
-+ {
-+ if (pub_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(pub_key_template[i].pValue);
-+ pub_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh)
-+ {
-+ unsigned int i;
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
-+ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
-+ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
-+ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_priv_key_attr_count = 2;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_RV rv;
-+ int ret = -1;
-+ PK11_SESSION *sp = NULL;
-+
-+ if (dh->priv_key == NULL)
-+ goto err;
-+
-+ priv_key_template[0].pValue = &key_class;
-+ priv_key_template[1].pValue = &key_type;
-+
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ mechanism.ulParameterLen = BN_num_bytes(pub_key);
-+ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
-+ if (mechanism.pParameter == NULL)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ BN_bn2bin(pub_key, mechanism.pParameter);
-+
-+ (void) check_new_dh_key(sp, dh);
-+
-+ h_key = sp->opdata_dh_key;
-+ if (h_key == CK_INVALID_HANDLE)
-+ h_key = sp->opdata_dh_key =
-+ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
-+ &sp->opdata_dh_priv_num, sp->session);
-+
-+ if (h_key == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_DeriveKey(sp->session,
-+ &mechanism,
-+ h_key,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+ priv_key_result[0].pValue =
-+ OPENSSL_malloc(priv_key_result[0].ulValueLen);
-+ if (!priv_key_result[0].pValue)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * OpenSSL allocates the output buffer 'key' which is the same
-+ * length of the public key. It is long enough for the derived key
-+ */
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ /*
-+ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
-+ * leading zeros from a computed shared secret. However,
-+ * OpenSSL always did it so we must do the same here. The
-+ * vagueness of the spec regarding leading zero bytes was
-+ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
-+ * zeros are stripped before the computed data is used as the
-+ * pre-master secret.
-+ */
-+ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
-+ {
-+ if (((char *)priv_key_result[0].pValue)[i] != 0)
-+ break;
-+ }
-+
-+ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
-+ priv_key_result[0].ulValueLen - i);
-+ ret = priv_key_result[0].ulValueLen - i;
-+ }
-+
-+err:
-+
-+ if (h_derived_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+ if (priv_key_result[0].pValue)
-+ {
-+ OPENSSL_free(priv_key_result[0].pValue);
-+ priv_key_result[0].pValue = NULL;
-+ }
-+
-+ if (mechanism.pParameter)
-+ {
-+ OPENSSL_free(mechanism.pParameter);
-+ mechanism.pParameter = NULL;
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
-+ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE key_type = CKK_DH;
-+ CK_ULONG found;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ULONG ul_key_attr_count = 7;
-+ CK_ATTRIBUTE key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ {CKA_DERIVE, &true, sizeof (true)},
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *) NULL, 0},
-+ {CKA_BASE, (void *) NULL, 0},
-+ {CKA_VALUE, (void *) NULL, 0},
-+ };
-+
-+ key_template[0].pValue = &class;
-+ key_template[1].pValue = &key_type;
-+
-+ key_template[4].ulValueLen = BN_num_bytes(dh->p);
-+ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[4].ulValueLen);
-+ if (key_template[4].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->p, key_template[4].pValue);
-+
-+ key_template[5].ulValueLen = BN_num_bytes(dh->g);
-+ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[5].ulValueLen);
-+ if (key_template[5].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->g, key_template[5].pValue);
-+
-+ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
-+ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[6].ulValueLen);
-+ if (key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->priv_key, key_template[6].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DH);
-+ rv = pFuncList->C_FindObjectsInit(session, key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dh_priv_num != NULL)
-+ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dh;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DH);
-+
-+malloc_err:
-+ for (i = 4; i <= 6; i++)
-+ {
-+ if (key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(key_template[i].pValue);
-+ key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ *
-+ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
-+ * to CK_INVALID_HANDLE even when it fails to destroy the object.
-+ */
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
-+ {
-+ /*
-+ * Provide protection against DH structure reuse by making the
-+ * check for cache hit stronger. Private key component of DH key
-+ * is unique so it is sufficient to compare it with value cached
-+ * in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dh != dh) ||
-+ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dh_object(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ return (0);
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ return (0);
-+ }
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11ca.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.2.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:32 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
-+
-+#define token_lock pk11ca_token_lock
-+#define find_lock pk11ca_find_lock
-+#define active_list pk11ca_active_list
-+#define pubkey_token_flags pk11ca_pubkey_token_flags
-+#define pubkey_SLOTID pk11ca_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11ca_error
-+#define PK11err_add_data PK11CAerr_add_data
-+#define pk11_get_session pk11ca_get_session
-+#define pk11_return_session pk11ca_return_session
-+#define pk11_active_add pk11ca_active_add
-+#define pk11_active_delete pk11ca_active_delete
-+#define pk11_active_remove pk11ca_active_remove
-+#define pk11_free_active_list pk11ca_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11ca_load_privkey
-+#define pk11_load_pubkey pk11ca_load_pubkey
-+#define PK11_RSA PK11CA_RSA
-+#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
-+#define PK11_DSA PK11CA_DSA
-+#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11ca_destroy_dh_object
-+#define PK11_DH PK11CA_DH
-+#define pk11_token_relogin pk11ca_token_relogin
-+#define pFuncList pk11ca_pFuncList
-+#define pk11_pin pk11ca_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11ca
-Index: openssl/crypto/engine/hw_pk11so.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.3.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:35 2011
-@@ -0,0 +1,1745 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/*#undef DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_DSA
-+#define OPENSSL_NO_DSA
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#define OPENSSL_NO_DH
-+#endif
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.c"
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11CA
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name))
-+ return (0);
-+
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ if (optype == OP_RSA)
-+ {
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_PKCS
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ CK_SLOT_ID current_slot = 0;
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * Check if this slot is capable of signing with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ }
-+
-+ if (!found_candidate_slot && slot_has_rsa)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ /*SLOTID = pSlotList[0];*/
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11so.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.2.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:32 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
-+
-+#define token_lock pk11so_token_lock
-+#define find_lock pk11so_find_lock
-+#define active_list pk11so_active_list
-+#define pubkey_token_flags pk11so_pubkey_token_flags
-+#define pubkey_SLOTID pk11so_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11so_error
-+#define PK11err_add_data PK11SOerr_add_data
-+#define pk11_get_session pk11so_get_session
-+#define pk11_return_session pk11so_return_session
-+#define pk11_active_add pk11so_active_add
-+#define pk11_active_delete pk11so_active_delete
-+#define pk11_active_remove pk11so_active_remove
-+#define pk11_free_active_list pk11so_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11so_load_privkey
-+#define pk11_load_pubkey pk11so_load_pubkey
-+#define PK11_RSA PK11SO_RSA
-+#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
-+#define PK11_DSA PK11SO_DSA
-+#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11so_destroy_dh_object
-+#define PK11_DH PK11SO_DH
-+#define pk11_token_relogin pk11so_token_relogin
-+#define pFuncList pk11so_pFuncList
-+#define pk11_pin pk11so_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11so
-Index: openssl/crypto/engine/hw_pk11so_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.2.4.4
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:11 2012
-@@ -0,0 +1,1622 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+/* RSA stuff */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa;
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ const RSA_METHOD *rsa;
-+
-+ if (pk11_rsa.name == NULL)
-+ {
-+ rsa = RSA_PKCS1_SSLeay();
-+ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
-+ pk11_rsa.name = "PKCS#11 RSA method";
-+ pk11_rsa.rsa_sign = pk11_RSA_sign;
-+ }
-+ return (&pk11_rsa);
-+ }
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ return (0);
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ return (0);
-+ }
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/pkcs11.h
-diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,299 @@
-+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+#ifndef _PKCS11_H_
-+#define _PKCS11_H_ 1
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* Before including this file (pkcs11.h) (or pkcs11t.h by
-+ * itself), 6 platform-specific macros must be defined. These
-+ * macros are described below, and typical definitions for them
-+ * are also given. Be advised that these definitions can depend
-+ * on both the platform and the compiler used (and possibly also
-+ * on whether a Cryptoki library is linked statically or
-+ * dynamically).
-+ *
-+ * In addition to defining these 6 macros, the packing convention
-+ * for Cryptoki structures should be set. The Cryptoki
-+ * convention on packing is that structures should be 1-byte
-+ * aligned.
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, this might be done by using the following
-+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(push, cryptoki, 1)
-+ *
-+ * and using the following preprocessor directive after including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(pop, cryptoki)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, this might be done by using
-+ * the following preprocessor directive before including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(1)
-+ *
-+ * In a UNIX environment, you're on your own for this. You might
-+ * not need to do (or be able to do!) anything.
-+ *
-+ *
-+ * Now for the macros:
-+ *
-+ *
-+ * 1. CK_PTR: The indirection string for making a pointer to an
-+ * object. It can be used like this:
-+ *
-+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR far *
-+ *
-+ * In a typical UNIX environment, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ *
-+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
-+ * an exportable Cryptoki library function definition out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion to define the exposed Cryptoki functions in
-+ * a Cryptoki library:
-+ *
-+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * )
-+ * {
-+ * ...
-+ * }
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to define a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllexport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to define a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
-+ * an importable Cryptoki library function declaration out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion:
-+ *
-+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * );
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to declare a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllimport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to declare a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
-+ * which makes a Cryptoki API function pointer declaration or
-+ * function pointer type declaration out of a return type and a
-+ * function name. It should be used in the following fashion:
-+ *
-+ * // Define funcPtr to be a pointer to a Cryptoki API function
-+ * // taking arguments args and returning CK_RV.
-+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
-+ *
-+ * or
-+ *
-+ * // Define funcPtrType to be the type of a pointer to a
-+ * // Cryptoki API function taking arguments args and returning
-+ * // CK_RV, and then define funcPtr to be a variable of type
-+ * // funcPtrType.
-+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
-+ * funcPtrType funcPtr;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to access
-+ * functions in a Win32 Cryptoki .dll, in might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __declspec(dllimport) (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to access functions in a Win16 Cryptoki .dll, it might
-+ * be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __export _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
-+ * a function pointer type for an application callback out of
-+ * a return type for the callback and a name for the callback.
-+ * It should be used in the following fashion:
-+ *
-+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
-+ *
-+ * to declare a function pointer, myCallback, to a callback
-+ * which takes arguments args and returns a CK_RV. It can also
-+ * be used like this:
-+ *
-+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
-+ * myCallbackType myCallback;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to do Win32
-+ * Cryptoki development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to do Win16 development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
-+ *
-+ * In any ANSI/ISO C environment (and in many others as well),
-+ * this should best be defined by
-+ *
-+ * #ifndef NULL_PTR
-+ * #define NULL_PTR 0
-+ * #endif
-+ */
-+
-+
-+/* All the various Cryptoki types and #define'd values are in the
-+ * file pkcs11t.h. */
-+#include "pkcs11t.h"
-+
-+#define __PASTE(x,y) x##y
-+
-+
-+/* ==============================================================
-+ * Define the "extern" form of all the entry points.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ extern CK_DECLARE_FUNCTION(CK_RV, name)
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define the typedef form of all the entry points. That is, for
-+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
-+ * a pointer to that kind of function.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define structed vector of entry points. A CK_FUNCTION_LIST
-+ * contains a CK_VERSION indicating a library's Cryptoki version
-+ * and then a whole slew of function pointers to the routines in
-+ * the library. This type was declared, but not defined, in
-+ * pkcs11t.h.
-+ * ==============================================================
-+ */
-+
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ __PASTE(CK_,name) name;
-+
-+struct CK_FUNCTION_LIST {
-+
-+ CK_VERSION version; /* Cryptoki version */
-+
-+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+};
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+#undef __PASTE
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
-Index: openssl/crypto/engine/pkcs11f.h
-diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,912 @@
-+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* This header file contains pretty much everything about all the */
-+/* Cryptoki function prototypes. Because this information is */
-+/* used for more than just declaring function prototypes, the */
-+/* order of the functions appearing herein is important, and */
-+/* should not be altered. */
-+
-+/* General-purpose */
-+
-+/* C_Initialize initializes the Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Initialize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
-+ * cast to CK_C_INITIALIZE_ARGS_PTR
-+ * and dereferenced */
-+);
-+#endif
-+
-+
-+/* C_Finalize indicates that an application is done with the
-+ * Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Finalize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-+
-+
-+/* C_GetInfo returns general information about Cryptoki. */
-+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_INFO_PTR pInfo /* location that receives information */
-+);
-+#endif
-+
-+
-+/* C_GetFunctionList returns the function list. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
-+ * function list */
-+);
-+#endif
-+
-+
-+
-+/* Slot and token management */
-+
-+/* C_GetSlotList obtains a list of slots in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_BBOOL tokenPresent, /* only slots with tokens? */
-+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
-+ CK_ULONG_PTR pulCount /* receives number of slots */
-+);
-+#endif
-+
-+
-+/* C_GetSlotInfo obtains information about a particular slot in
-+ * the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the ID of the slot */
-+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-+);
-+#endif
-+
-+
-+/* C_GetTokenInfo obtains information about a particular token
-+ * in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismList obtains a list of mechanism types
-+ * supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of token's slot */
-+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
-+ CK_ULONG_PTR pulCount /* gets # of mechs. */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismInfo obtains information about a particular
-+ * mechanism possibly supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_MECHANISM_TYPE type, /* type of mechanism */
-+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
-+);
-+#endif
-+
-+
-+/* C_InitToken initializes a token. */
-+CK_PKCS11_FUNCTION_INFO(C_InitToken)
-+#ifdef CK_NEED_ARG_LIST
-+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
-+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
-+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-+);
-+#endif
-+
-+
-+/* C_InitPIN initializes the normal user's PIN. */
-+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
-+ CK_ULONG ulPinLen /* length in bytes of the PIN */
-+);
-+#endif
-+
-+
-+/* C_SetPIN modifies the PIN of the user who is logged in. */
-+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
-+ CK_ULONG ulOldLen, /* length of the old PIN */
-+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
-+ CK_ULONG ulNewLen /* length of the new PIN */
-+);
-+#endif
-+
-+
-+
-+/* Session management */
-+
-+/* C_OpenSession opens a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the slot's ID */
-+ CK_FLAGS flags, /* from CK_SESSION_INFO */
-+ CK_VOID_PTR pApplication, /* passed to callback */
-+ CK_NOTIFY Notify, /* callback function */
-+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
-+);
-+#endif
-+
-+
-+/* C_CloseSession closes a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CloseAllSessions closes all sessions with a token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID /* the token's slot */
-+);
-+#endif
-+
-+
-+/* C_GetSessionInfo obtains information about the session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_SESSION_INFO_PTR pInfo /* receives session info */
-+);
-+#endif
-+
-+
-+/* C_GetOperationState obtains the state of the cryptographic operation
-+ * in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* gets state */
-+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
-+);
-+#endif
-+
-+
-+/* C_SetOperationState restores the state of the cryptographic
-+ * operation in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* holds state */
-+ CK_ULONG ulOperationStateLen, /* holds state length */
-+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
-+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
-+);
-+#endif
-+
-+
-+/* C_Login logs a user into a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Login)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_USER_TYPE userType, /* the user type */
-+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
-+ CK_ULONG ulPinLen /* the length of the PIN */
-+);
-+#endif
-+
-+
-+/* C_Logout logs a user out from a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Logout)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Object management */
-+
-+/* C_CreateObject creates a new object. */
-+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
-+);
-+#endif
-+
-+
-+/* C_CopyObject copies an object, creating a new object for the
-+ * copy. */
-+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-+);
-+#endif
-+
-+
-+/* C_DestroyObject destroys an object. */
-+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject /* the object's handle */
-+);
-+#endif
-+
-+
-+/* C_GetObjectSize gets the size of an object in bytes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ULONG_PTR pulSize /* receives size of object */
-+);
-+#endif
-+
-+
-+/* C_GetAttributeValue obtains the value of one or more object
-+ * attributes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_SetAttributeValue modifies the value of one or more object
-+ * attributes */
-+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsInit initializes a search for token and session
-+ * objects that match a template. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
-+ CK_ULONG ulCount /* attrs in search template */
-+);
-+#endif
-+
-+
-+/* C_FindObjects continues a search for token and session
-+ * objects that match a template, obtaining additional object
-+ * handles. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
-+ CK_ULONG ulMaxObjectCount, /* max handles to get */
-+ CK_ULONG_PTR pulObjectCount /* actual # returned */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsFinal finishes a search for token and session
-+ * objects. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Encryption and decryption */
-+
-+/* C_EncryptInit initializes an encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
-+);
-+#endif
-+
-+
-+/* C_Encrypt encrypts single-part data. */
-+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pData, /* the plaintext data */
-+ CK_ULONG ulDataLen, /* bytes of plaintext */
-+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptUpdate continues a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext data len */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptFinal finishes a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session handle */
-+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
-+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
-+);
-+#endif
-+
-+
-+/* C_DecryptInit initializes a decryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
-+);
-+#endif
-+
-+
-+/* C_Decrypt decrypts encrypted data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
-+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
-+ CK_BYTE_PTR pData, /* gets plaintext */
-+ CK_ULONG_PTR pulDataLen /* gets p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptUpdate continues a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
-+ CK_ULONG ulEncryptedPartLen, /* input length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptFinal finishes a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pLastPart, /* gets plaintext */
-+ CK_ULONG_PTR pulLastPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+
-+/* Message digesting */
-+
-+/* C_DigestInit initializes a message-digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-+);
-+#endif
-+
-+
-+/* C_Digest digests data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Digest)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* data to be digested */
-+ CK_ULONG ulDataLen, /* bytes of data to digest */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets digest length */
-+);
-+#endif
-+
-+
-+/* C_DigestUpdate continues a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* data to be digested */
-+ CK_ULONG ulPartLen /* bytes of data to be digested */
-+);
-+#endif
-+
-+
-+/* C_DigestKey continues a multi-part message-digesting
-+ * operation, by digesting the value of a secret key as part of
-+ * the data already digested. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hKey /* secret key to digest */
-+);
-+#endif
-+
-+
-+/* C_DigestFinal finishes a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
-+);
-+#endif
-+
-+
-+
-+/* Signing and MACing */
-+
-+/* C_SignInit initializes a signature (private key encryption)
-+ * operation, where the signature is (will be) an appendix to
-+ * the data, and plaintext cannot be recovered from the
-+ *signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of signature key */
-+);
-+#endif
-+
-+
-+/* C_Sign signs (encrypts with private key) data in a single
-+ * part, where the signature is (will be) an appendix to the
-+ * data, and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Sign)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignUpdate continues a multiple-part signature operation,
-+ * where the signature is (will be) an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* the data to sign */
-+ CK_ULONG ulPartLen /* count of bytes to sign */
-+);
-+#endif
-+
-+
-+/* C_SignFinal finishes a multiple-part signature operation,
-+ * returning the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignRecoverInit initializes a signature operation, where
-+ * the data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
-+);
-+#endif
-+
-+
-+/* C_SignRecover signs data in a single operation, where the
-+ * data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+
-+/* Verifying signatures and MACs */
-+
-+/* C_VerifyInit initializes a verification operation, where the
-+ * signature is an appendix to the data, and plaintext cannot
-+ * cannot be recovered from the signature (e.g. DSA). */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_Verify verifies a signature in a single-part operation,
-+ * where the signature is an appendix to the data, and plaintext
-+ * cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Verify)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* signed data */
-+ CK_ULONG ulDataLen, /* length of signed data */
-+ CK_BYTE_PTR pSignature, /* signature */
-+ CK_ULONG ulSignatureLen /* signature length*/
-+);
-+#endif
-+
-+
-+/* C_VerifyUpdate continues a multiple-part verification
-+ * operation, where the signature is an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* signed data */
-+ CK_ULONG ulPartLen /* length of signed data */
-+);
-+#endif
-+
-+
-+/* C_VerifyFinal finishes a multiple-part verification
-+ * operation, checking the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen /* signature length */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecoverInit initializes a signature verification
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecover verifies a signature in a single-part
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen, /* signature length */
-+ CK_BYTE_PTR pData, /* gets signed data */
-+ CK_ULONG_PTR pulDataLen /* gets signed data len */
-+);
-+#endif
-+
-+
-+
-+/* Dual-function cryptographic operations */
-+
-+/* C_DigestEncryptUpdate continues a multiple-part digesting
-+ * and encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptDigestUpdate continues a multiple-part decryption and
-+ * digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
-+);
-+#endif
-+
-+
-+/* C_SignEncryptUpdate continues a multiple-part signing and
-+ * encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
-+ * verify operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets p-text length */
-+);
-+#endif
-+
-+
-+
-+/* Key management */
-+
-+/* C_GenerateKey generates a secret key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
-+ CK_ULONG ulCount, /* # of attrs in template */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
-+);
-+#endif
-+
-+
-+/* C_GenerateKeyPair generates a public-key/private-key pair,
-+ * creating new key objects. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session
-+ * handle */
-+ CK_MECHANISM_PTR pMechanism, /* key-gen
-+ * mech. */
-+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
-+ * for pub.
-+ * key */
-+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
-+ * attrs. */
-+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
-+ * for priv.
-+ * key */
-+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
-+ * attrs. */
-+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
-+ * key
-+ * handle */
-+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
-+ * priv. key
-+ * handle */
-+);
-+#endif
-+
-+
-+/* C_WrapKey wraps (i.e., encrypts) a key. */
-+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
-+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
-+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
-+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
-+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
-+);
-+#endif
-+
-+
-+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
-+ * key object. */
-+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
-+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
-+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
-+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+/* C_DeriveKey derives a key from a base key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
-+ CK_OBJECT_HANDLE hBaseKey, /* base key */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+
-+/* Random number generation */
-+
-+/* C_SeedRandom mixes additional seed material into the token's
-+ * random number generator. */
-+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSeed, /* the seed material */
-+ CK_ULONG ulSeedLen /* length of seed material */
-+);
-+#endif
-+
-+
-+/* C_GenerateRandom generates random data. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR RandomData, /* receives the random data */
-+ CK_ULONG ulRandomLen /* # of bytes to generate */
-+);
-+#endif
-+
-+
-+
-+/* Parallel function management */
-+
-+/* C_GetFunctionStatus is a legacy function; it obtains an
-+ * updated status of a function running in parallel with an
-+ * application. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CancelFunction is a legacy function; it cancels a function
-+ * running in parallel. */
-+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Functions added in for Cryptoki Version 2.01 or later */
-+
-+/* C_WaitForSlotEvent waits for a slot event (token insertion,
-+ * removal, etc.) to occur. */
-+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FLAGS flags, /* blocking/nonblocking flag */
-+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
-+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-Index: openssl/crypto/engine/pkcs11t.h
-diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
-@@ -0,0 +1,1885 @@
-+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* See top of pkcs11.h for information about the macros that
-+ * must be defined and the structure-packing conventions that
-+ * must be set before including this file. */
-+
-+#ifndef _PKCS11T_H_
-+#define _PKCS11T_H_ 1
-+
-+#define CRYPTOKI_VERSION_MAJOR 2
-+#define CRYPTOKI_VERSION_MINOR 20
-+#define CRYPTOKI_VERSION_AMENDMENT 3
-+
-+#define CK_TRUE 1
-+#define CK_FALSE 0
-+
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#ifndef FALSE
-+#define FALSE CK_FALSE
-+#endif
-+
-+#ifndef TRUE
-+#define TRUE CK_TRUE
-+#endif
-+#endif
-+
-+/* an unsigned 8-bit value */
-+typedef unsigned char CK_BYTE;
-+
-+/* an unsigned 8-bit character */
-+typedef CK_BYTE CK_CHAR;
-+
-+/* an 8-bit UTF-8 character */
-+typedef CK_BYTE CK_UTF8CHAR;
-+
-+/* a BYTE-sized Boolean flag */
-+typedef CK_BYTE CK_BBOOL;
-+
-+/* an unsigned value, at least 32 bits long */
-+typedef unsigned long int CK_ULONG;
-+
-+/* a signed value, the same size as a CK_ULONG */
-+/* CK_LONG is new for v2.0 */
-+typedef long int CK_LONG;
-+
-+/* at least 32 bits; each bit is a Boolean flag */
-+typedef CK_ULONG CK_FLAGS;
-+
-+
-+/* some special values for certain CK_ULONG variables */
-+#define CK_UNAVAILABLE_INFORMATION (~0UL)
-+#define CK_EFFECTIVELY_INFINITE 0
-+
-+
-+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
-+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-+typedef void CK_PTR CK_VOID_PTR;
-+
-+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-+
-+
-+/* The following value is always invalid if used as a session */
-+/* handle or object handle */
-+#define CK_INVALID_HANDLE 0
-+
-+
-+typedef struct CK_VERSION {
-+ CK_BYTE major; /* integer portion of version number */
-+ CK_BYTE minor; /* 1/100ths portion of version number */
-+} CK_VERSION;
-+
-+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-+
-+
-+typedef struct CK_INFO {
-+ /* manufacturerID and libraryDecription have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags; /* must be zero */
-+
-+ /* libraryDescription and libraryVersion are new for v2.0 */
-+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
-+ CK_VERSION libraryVersion; /* version of library */
-+} CK_INFO;
-+
-+typedef CK_INFO CK_PTR CK_INFO_PTR;
-+
-+
-+/* CK_NOTIFICATION enumerates the types of notifications that
-+ * Cryptoki provides to an application */
-+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_NOTIFICATION;
-+#define CKN_SURRENDER 0
-+
-+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
-+#define CKN_OTP_CHANGED 1
-+
-+
-+typedef CK_ULONG CK_SLOT_ID;
-+
-+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-+
-+
-+/* CK_SLOT_INFO provides information about a slot */
-+typedef struct CK_SLOT_INFO {
-+ /* slotDescription and manufacturerID have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags;
-+
-+ /* hardwareVersion and firmwareVersion are new for v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+} CK_SLOT_INFO;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-+
-+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-+
-+
-+/* CK_TOKEN_INFO provides information about a token */
-+typedef struct CK_TOKEN_INFO {
-+ /* label, manufacturerID, and model have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR label[32]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_UTF8CHAR model[16]; /* blank padded */
-+ CK_CHAR serialNumber[16]; /* blank padded */
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
-+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
-+ * changed from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulMaxSessionCount; /* max open sessions */
-+ CK_ULONG ulSessionCount; /* sess. now open */
-+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
-+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
-+ CK_ULONG ulMaxPinLen; /* in bytes */
-+ CK_ULONG ulMinPinLen; /* in bytes */
-+ CK_ULONG ulTotalPublicMemory; /* in bytes */
-+ CK_ULONG ulFreePublicMemory; /* in bytes */
-+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
-+ CK_ULONG ulFreePrivateMemory; /* in bytes */
-+
-+ /* hardwareVersion, firmwareVersion, and time are new for
-+ * v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+ CK_CHAR utcTime[16]; /* time */
-+} CK_TOKEN_INFO;
-+
-+/* The flags parameter is defined as follows:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RNG 0x00000001 /* has random #
-+ * generator */
-+#define CKF_WRITE_PROTECTED 0x00000002 /* token is
-+ * write-
-+ * protected */
-+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
-+ * login */
-+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
-+ * PIN is set */
-+
-+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
-+ * that means that *every* time the state of cryptographic
-+ * operations of a session is successfully saved, all keys
-+ * needed to continue those operations are stored in the state */
-+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-+
-+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
-+ * that the token has some sort of clock. The time on that
-+ * clock is returned in the token info structure */
-+#define CKF_CLOCK_ON_TOKEN 0x00000040
-+
-+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
-+ * set, that means that there is some way for the user to login
-+ * without sending a PIN through the Cryptoki library itself */
-+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-+
-+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
-+ * that means that a single session with the token can perform
-+ * dual simultaneous cryptographic operations (digest and
-+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
-+ * and sign) */
-+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-+
-+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
-+ * token has been initialized using C_InitializeToken or an
-+ * equivalent mechanism outside the scope of PKCS #11.
-+ * Calling C_InitializeToken when this flag is set will cause
-+ * the token to be reinitialized. */
-+#define CKF_TOKEN_INITIALIZED 0x00000400
-+
-+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
-+ * true, the token supports secondary authentication for
-+ * private key objects. This flag is deprecated in v2.11 and
-+ onwards. */
-+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
-+
-+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect user login PIN has been entered at least once
-+ * since the last successful authentication. */
-+#define CKF_USER_PIN_COUNT_LOW 0x00010000
-+
-+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect user PIN will it to become locked. */
-+#define CKF_USER_PIN_FINAL_TRY 0x00020000
-+
-+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
-+ * user PIN has been locked. User login to the token is not
-+ * possible. */
-+#define CKF_USER_PIN_LOCKED 0x00040000
-+
-+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the user PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
-+
-+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect SO login PIN has been entered at least once since
-+ * the last successful authentication. */
-+#define CKF_SO_PIN_COUNT_LOW 0x00100000
-+
-+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect SO PIN will it to become locked. */
-+#define CKF_SO_PIN_FINAL_TRY 0x00200000
-+
-+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
-+ * PIN has been locked. SO login to the token is not possible.
-+ */
-+#define CKF_SO_PIN_LOCKED 0x00400000
-+
-+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the SO PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
-+
-+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-+
-+
-+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
-+ * identifies a session */
-+typedef CK_ULONG CK_SESSION_HANDLE;
-+
-+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-+
-+
-+/* CK_USER_TYPE enumerates the types of Cryptoki users */
-+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_USER_TYPE;
-+/* Security Officer */
-+#define CKU_SO 0
-+/* Normal user */
-+#define CKU_USER 1
-+/* Context specific (added in v2.20) */
-+#define CKU_CONTEXT_SPECIFIC 2
-+
-+/* CK_STATE enumerates the session states */
-+/* CK_STATE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_STATE;
-+#define CKS_RO_PUBLIC_SESSION 0
-+#define CKS_RO_USER_FUNCTIONS 1
-+#define CKS_RW_PUBLIC_SESSION 2
-+#define CKS_RW_USER_FUNCTIONS 3
-+#define CKS_RW_SO_FUNCTIONS 4
-+
-+
-+/* CK_SESSION_INFO provides information about a session */
-+typedef struct CK_SESSION_INFO {
-+ CK_SLOT_ID slotID;
-+ CK_STATE state;
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulDeviceError; /* device-dependent error code */
-+} CK_SESSION_INFO;
-+
-+/* The flags are defined in the following table:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-+
-+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-+
-+
-+/* CK_OBJECT_HANDLE is a token-specific identifier for an
-+ * object */
-+typedef CK_ULONG CK_OBJECT_HANDLE;
-+
-+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-+
-+
-+/* CK_OBJECT_CLASS is a value that identifies the classes (or
-+ * types) of objects that Cryptoki recognizes. It is defined
-+ * as follows: */
-+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_OBJECT_CLASS;
-+
-+/* The following classes of objects are defined: */
-+/* CKO_HW_FEATURE is new for v2.10 */
-+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
-+/* CKO_MECHANISM is new for v2.20 */
-+#define CKO_DATA 0x00000000
-+#define CKO_CERTIFICATE 0x00000001
-+#define CKO_PUBLIC_KEY 0x00000002
-+#define CKO_PRIVATE_KEY 0x00000003
-+#define CKO_SECRET_KEY 0x00000004
-+#define CKO_HW_FEATURE 0x00000005
-+#define CKO_DOMAIN_PARAMETERS 0x00000006
-+#define CKO_MECHANISM 0x00000007
-+
-+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
-+#define CKO_OTP_KEY 0x00000008
-+
-+#define CKO_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-+
-+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
-+ * value that identifies the hardware feature type of an object
-+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
-+typedef CK_ULONG CK_HW_FEATURE_TYPE;
-+
-+/* The following hardware feature types are defined */
-+/* CKH_USER_INTERFACE is new for v2.20 */
-+#define CKH_MONOTONIC_COUNTER 0x00000001
-+#define CKH_CLOCK 0x00000002
-+#define CKH_USER_INTERFACE 0x00000003
-+#define CKH_VENDOR_DEFINED 0x80000000
-+
-+/* CK_KEY_TYPE is a value that identifies a key type */
-+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_KEY_TYPE;
-+
-+/* the following key types are defined: */
-+#define CKK_RSA 0x00000000
-+#define CKK_DSA 0x00000001
-+#define CKK_DH 0x00000002
-+
-+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
-+#define CKK_ECDSA 0x00000003
-+#define CKK_EC 0x00000003
-+#define CKK_X9_42_DH 0x00000004
-+#define CKK_KEA 0x00000005
-+
-+#define CKK_GENERIC_SECRET 0x00000010
-+#define CKK_RC2 0x00000011
-+#define CKK_RC4 0x00000012
-+#define CKK_DES 0x00000013
-+#define CKK_DES2 0x00000014
-+#define CKK_DES3 0x00000015
-+
-+/* all these key types are new for v2.0 */
-+#define CKK_CAST 0x00000016
-+#define CKK_CAST3 0x00000017
-+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
-+#define CKK_CAST5 0x00000018
-+#define CKK_CAST128 0x00000018
-+#define CKK_RC5 0x00000019
-+#define CKK_IDEA 0x0000001A
-+#define CKK_SKIPJACK 0x0000001B
-+#define CKK_BATON 0x0000001C
-+#define CKK_JUNIPER 0x0000001D
-+#define CKK_CDMF 0x0000001E
-+#define CKK_AES 0x0000001F
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKK_BLOWFISH 0x00000020
-+#define CKK_TWOFISH 0x00000021
-+
-+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
-+#define CKK_SECURID 0x00000022
-+#define CKK_HOTP 0x00000023
-+#define CKK_ACTI 0x00000024
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_CAMELLIA 0x00000025
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_ARIA 0x00000026
-+
-+
-+#define CKK_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
-+ * type */
-+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_CERTIFICATE_TYPE;
-+
-+/* The following certificate types are defined: */
-+/* CKC_X_509_ATTR_CERT is new for v2.10 */
-+/* CKC_WTLS is new for v2.20 */
-+#define CKC_X_509 0x00000000
-+#define CKC_X_509_ATTR_CERT 0x00000001
-+#define CKC_WTLS 0x00000002
-+#define CKC_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
-+ * type */
-+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-+
-+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
-+ consists of an array of values. */
-+#define CKF_ARRAY_ATTRIBUTE 0x40000000
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_FORMAT attribute */
-+#define CK_OTP_FORMAT_DECIMAL 0
-+#define CK_OTP_FORMAT_HEXADECIMAL 1
-+#define CK_OTP_FORMAT_ALPHANUMERIC 2
-+#define CK_OTP_FORMAT_BINARY 3
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
-+#define CK_OTP_PARAM_IGNORED 0
-+#define CK_OTP_PARAM_OPTIONAL 1
-+#define CK_OTP_PARAM_MANDATORY 2
-+
-+/* The following attribute types are defined: */
-+#define CKA_CLASS 0x00000000
-+#define CKA_TOKEN 0x00000001
-+#define CKA_PRIVATE 0x00000002
-+#define CKA_LABEL 0x00000003
-+#define CKA_APPLICATION 0x00000010
-+#define CKA_VALUE 0x00000011
-+
-+/* CKA_OBJECT_ID is new for v2.10 */
-+#define CKA_OBJECT_ID 0x00000012
-+
-+#define CKA_CERTIFICATE_TYPE 0x00000080
-+#define CKA_ISSUER 0x00000081
-+#define CKA_SERIAL_NUMBER 0x00000082
-+
-+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
-+ * for v2.10 */
-+#define CKA_AC_ISSUER 0x00000083
-+#define CKA_OWNER 0x00000084
-+#define CKA_ATTR_TYPES 0x00000085
-+
-+/* CKA_TRUSTED is new for v2.11 */
-+#define CKA_TRUSTED 0x00000086
-+
-+/* CKA_CERTIFICATE_CATEGORY ...
-+ * CKA_CHECK_VALUE are new for v2.20 */
-+#define CKA_CERTIFICATE_CATEGORY 0x00000087
-+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
-+#define CKA_URL 0x00000089
-+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
-+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
-+#define CKA_CHECK_VALUE 0x00000090
-+
-+#define CKA_KEY_TYPE 0x00000100
-+#define CKA_SUBJECT 0x00000101
-+#define CKA_ID 0x00000102
-+#define CKA_SENSITIVE 0x00000103
-+#define CKA_ENCRYPT 0x00000104
-+#define CKA_DECRYPT 0x00000105
-+#define CKA_WRAP 0x00000106
-+#define CKA_UNWRAP 0x00000107
-+#define CKA_SIGN 0x00000108
-+#define CKA_SIGN_RECOVER 0x00000109
-+#define CKA_VERIFY 0x0000010A
-+#define CKA_VERIFY_RECOVER 0x0000010B
-+#define CKA_DERIVE 0x0000010C
-+#define CKA_START_DATE 0x00000110
-+#define CKA_END_DATE 0x00000111
-+#define CKA_MODULUS 0x00000120
-+#define CKA_MODULUS_BITS 0x00000121
-+#define CKA_PUBLIC_EXPONENT 0x00000122
-+#define CKA_PRIVATE_EXPONENT 0x00000123
-+#define CKA_PRIME_1 0x00000124
-+#define CKA_PRIME_2 0x00000125
-+#define CKA_EXPONENT_1 0x00000126
-+#define CKA_EXPONENT_2 0x00000127
-+#define CKA_COEFFICIENT 0x00000128
-+#define CKA_PRIME 0x00000130
-+#define CKA_SUBPRIME 0x00000131
-+#define CKA_BASE 0x00000132
-+
-+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
-+#define CKA_PRIME_BITS 0x00000133
-+#define CKA_SUBPRIME_BITS 0x00000134
-+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
-+/* (To retain backwards-compatibility) */
-+
-+#define CKA_VALUE_BITS 0x00000160
-+#define CKA_VALUE_LEN 0x00000161
-+
-+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
-+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
-+ * and CKA_EC_POINT are new for v2.0 */
-+#define CKA_EXTRACTABLE 0x00000162
-+#define CKA_LOCAL 0x00000163
-+#define CKA_NEVER_EXTRACTABLE 0x00000164
-+#define CKA_ALWAYS_SENSITIVE 0x00000165
-+
-+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
-+#define CKA_KEY_GEN_MECHANISM 0x00000166
-+
-+#define CKA_MODIFIABLE 0x00000170
-+
-+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
-+ * CKA_EC_PARAMS is preferred. */
-+#define CKA_ECDSA_PARAMS 0x00000180
-+#define CKA_EC_PARAMS 0x00000180
-+
-+#define CKA_EC_POINT 0x00000181
-+
-+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
-+ * are new for v2.10. Deprecated in v2.11 and onwards. */
-+#define CKA_SECONDARY_AUTH 0x00000200
-+#define CKA_AUTH_PIN_FLAGS 0x00000201
-+
-+/* CKA_ALWAYS_AUTHENTICATE ...
-+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
-+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
-+
-+#define CKA_WRAP_WITH_TRUSTED 0x00000210
-+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
-+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
-+
-+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
-+#define CKA_OTP_FORMAT 0x00000220
-+#define CKA_OTP_LENGTH 0x00000221
-+#define CKA_OTP_TIME_INTERVAL 0x00000222
-+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
-+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
-+#define CKA_OTP_TIME_REQUIREMENT 0x00000225
-+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
-+#define CKA_OTP_PIN_REQUIREMENT 0x00000227
-+#define CKA_OTP_COUNTER 0x0000022E
-+#define CKA_OTP_TIME 0x0000022F
-+#define CKA_OTP_USER_IDENTIFIER 0x0000022A
-+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
-+#define CKA_OTP_SERVICE_LOGO 0x0000022C
-+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
-+
-+
-+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
-+ * are new for v2.10 */
-+#define CKA_HW_FEATURE_TYPE 0x00000300
-+#define CKA_RESET_ON_INIT 0x00000301
-+#define CKA_HAS_RESET 0x00000302
-+
-+/* The following attributes are new for v2.20 */
-+#define CKA_PIXEL_X 0x00000400
-+#define CKA_PIXEL_Y 0x00000401
-+#define CKA_RESOLUTION 0x00000402
-+#define CKA_CHAR_ROWS 0x00000403
-+#define CKA_CHAR_COLUMNS 0x00000404
-+#define CKA_COLOR 0x00000405
-+#define CKA_BITS_PER_PIXEL 0x00000406
-+#define CKA_CHAR_SETS 0x00000480
-+#define CKA_ENCODING_METHODS 0x00000481
-+#define CKA_MIME_TYPES 0x00000482
-+#define CKA_MECHANISM_TYPE 0x00000500
-+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
-+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
-+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
-+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
-+
-+#define CKA_VENDOR_DEFINED 0x80000000
-+
-+/* CK_ATTRIBUTE is a structure that includes the type, length
-+ * and value of an attribute */
-+typedef struct CK_ATTRIBUTE {
-+ CK_ATTRIBUTE_TYPE type;
-+ CK_VOID_PTR pValue;
-+
-+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulValueLen; /* in bytes */
-+} CK_ATTRIBUTE;
-+
-+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-+
-+
-+/* CK_DATE is a structure that defines a date */
-+typedef struct CK_DATE{
-+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
-+ CK_CHAR month[2]; /* the month ("01" - "12") */
-+ CK_CHAR day[2]; /* the day ("01" - "31") */
-+} CK_DATE;
-+
-+
-+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
-+ * type */
-+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_MECHANISM_TYPE;
-+
-+/* the following mechanism types are defined: */
-+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-+#define CKM_RSA_PKCS 0x00000001
-+#define CKM_RSA_9796 0x00000002
-+#define CKM_RSA_X_509 0x00000003
-+
-+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
-+ * are new for v2.0. They are mechanisms which hash and sign */
-+#define CKM_MD2_RSA_PKCS 0x00000004
-+#define CKM_MD5_RSA_PKCS 0x00000005
-+#define CKM_SHA1_RSA_PKCS 0x00000006
-+
-+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
-+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
-+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
-+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
-+#define CKM_RSA_PKCS_OAEP 0x00000009
-+
-+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
-+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
-+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
-+#define CKM_RSA_X9_31 0x0000000B
-+#define CKM_SHA1_RSA_X9_31 0x0000000C
-+#define CKM_RSA_PKCS_PSS 0x0000000D
-+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
-+
-+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-+#define CKM_DSA 0x00000011
-+#define CKM_DSA_SHA1 0x00000012
-+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-+#define CKM_DH_PKCS_DERIVE 0x00000021
-+
-+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
-+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
-+ * v2.11 */
-+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
-+#define CKM_X9_42_DH_DERIVE 0x00000031
-+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
-+#define CKM_X9_42_MQV_DERIVE 0x00000033
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_RSA_PKCS 0x00000040
-+#define CKM_SHA384_RSA_PKCS 0x00000041
-+#define CKM_SHA512_RSA_PKCS 0x00000042
-+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
-+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
-+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
-+
-+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_RSA_PKCS 0x00000046
-+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
-+
-+#define CKM_RC2_KEY_GEN 0x00000100
-+#define CKM_RC2_ECB 0x00000101
-+#define CKM_RC2_CBC 0x00000102
-+#define CKM_RC2_MAC 0x00000103
-+
-+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-+#define CKM_RC2_MAC_GENERAL 0x00000104
-+#define CKM_RC2_CBC_PAD 0x00000105
-+
-+#define CKM_RC4_KEY_GEN 0x00000110
-+#define CKM_RC4 0x00000111
-+#define CKM_DES_KEY_GEN 0x00000120
-+#define CKM_DES_ECB 0x00000121
-+#define CKM_DES_CBC 0x00000122
-+#define CKM_DES_MAC 0x00000123
-+
-+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-+#define CKM_DES_MAC_GENERAL 0x00000124
-+#define CKM_DES_CBC_PAD 0x00000125
-+
-+#define CKM_DES2_KEY_GEN 0x00000130
-+#define CKM_DES3_KEY_GEN 0x00000131
-+#define CKM_DES3_ECB 0x00000132
-+#define CKM_DES3_CBC 0x00000133
-+#define CKM_DES3_MAC 0x00000134
-+
-+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
-+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
-+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-+#define CKM_DES3_MAC_GENERAL 0x00000135
-+#define CKM_DES3_CBC_PAD 0x00000136
-+#define CKM_CDMF_KEY_GEN 0x00000140
-+#define CKM_CDMF_ECB 0x00000141
-+#define CKM_CDMF_CBC 0x00000142
-+#define CKM_CDMF_MAC 0x00000143
-+#define CKM_CDMF_MAC_GENERAL 0x00000144
-+#define CKM_CDMF_CBC_PAD 0x00000145
-+
-+/* the following four DES mechanisms are new for v2.20 */
-+#define CKM_DES_OFB64 0x00000150
-+#define CKM_DES_OFB8 0x00000151
-+#define CKM_DES_CFB64 0x00000152
-+#define CKM_DES_CFB8 0x00000153
-+
-+#define CKM_MD2 0x00000200
-+
-+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD2_HMAC 0x00000201
-+#define CKM_MD2_HMAC_GENERAL 0x00000202
-+
-+#define CKM_MD5 0x00000210
-+
-+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD5_HMAC 0x00000211
-+#define CKM_MD5_HMAC_GENERAL 0x00000212
-+
-+#define CKM_SHA_1 0x00000220
-+
-+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-+#define CKM_SHA_1_HMAC 0x00000221
-+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-+
-+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
-+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
-+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
-+#define CKM_RIPEMD128 0x00000230
-+#define CKM_RIPEMD128_HMAC 0x00000231
-+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
-+#define CKM_RIPEMD160 0x00000240
-+#define CKM_RIPEMD160_HMAC 0x00000241
-+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256 0x00000250
-+#define CKM_SHA256_HMAC 0x00000251
-+#define CKM_SHA256_HMAC_GENERAL 0x00000252
-+
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224 0x00000255
-+#define CKM_SHA224_HMAC 0x00000256
-+#define CKM_SHA224_HMAC_GENERAL 0x00000257
-+
-+#define CKM_SHA384 0x00000260
-+#define CKM_SHA384_HMAC 0x00000261
-+#define CKM_SHA384_HMAC_GENERAL 0x00000262
-+#define CKM_SHA512 0x00000270
-+#define CKM_SHA512_HMAC 0x00000271
-+#define CKM_SHA512_HMAC_GENERAL 0x00000272
-+
-+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_SECURID_KEY_GEN 0x00000280
-+#define CKM_SECURID 0x00000282
-+
-+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_HOTP_KEY_GEN 0x00000290
-+#define CKM_HOTP 0x00000291
-+
-+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_ACTI 0x000002A0
-+#define CKM_ACTI_KEY_GEN 0x000002A1
-+
-+/* All of the following mechanisms are new for v2.0 */
-+/* Note that CAST128 and CAST5 are the same algorithm */
-+#define CKM_CAST_KEY_GEN 0x00000300
-+#define CKM_CAST_ECB 0x00000301
-+#define CKM_CAST_CBC 0x00000302
-+#define CKM_CAST_MAC 0x00000303
-+#define CKM_CAST_MAC_GENERAL 0x00000304
-+#define CKM_CAST_CBC_PAD 0x00000305
-+#define CKM_CAST3_KEY_GEN 0x00000310
-+#define CKM_CAST3_ECB 0x00000311
-+#define CKM_CAST3_CBC 0x00000312
-+#define CKM_CAST3_MAC 0x00000313
-+#define CKM_CAST3_MAC_GENERAL 0x00000314
-+#define CKM_CAST3_CBC_PAD 0x00000315
-+#define CKM_CAST5_KEY_GEN 0x00000320
-+#define CKM_CAST128_KEY_GEN 0x00000320
-+#define CKM_CAST5_ECB 0x00000321
-+#define CKM_CAST128_ECB 0x00000321
-+#define CKM_CAST5_CBC 0x00000322
-+#define CKM_CAST128_CBC 0x00000322
-+#define CKM_CAST5_MAC 0x00000323
-+#define CKM_CAST128_MAC 0x00000323
-+#define CKM_CAST5_MAC_GENERAL 0x00000324
-+#define CKM_CAST128_MAC_GENERAL 0x00000324
-+#define CKM_CAST5_CBC_PAD 0x00000325
-+#define CKM_CAST128_CBC_PAD 0x00000325
-+#define CKM_RC5_KEY_GEN 0x00000330
-+#define CKM_RC5_ECB 0x00000331
-+#define CKM_RC5_CBC 0x00000332
-+#define CKM_RC5_MAC 0x00000333
-+#define CKM_RC5_MAC_GENERAL 0x00000334
-+#define CKM_RC5_CBC_PAD 0x00000335
-+#define CKM_IDEA_KEY_GEN 0x00000340
-+#define CKM_IDEA_ECB 0x00000341
-+#define CKM_IDEA_CBC 0x00000342
-+#define CKM_IDEA_MAC 0x00000343
-+#define CKM_IDEA_MAC_GENERAL 0x00000344
-+#define CKM_IDEA_CBC_PAD 0x00000345
-+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-+#define CKM_XOR_BASE_AND_DATA 0x00000364
-+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-+
-+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
-+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
-+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
-+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
-+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
-+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
-+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
-+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
-+
-+/* CKM_TLS_PRF is new for v2.20 */
-+#define CKM_TLS_PRF 0x00000378
-+
-+#define CKM_SSL3_MD5_MAC 0x00000380
-+#define CKM_SSL3_SHA1_MAC 0x00000381
-+#define CKM_MD5_KEY_DERIVATION 0x00000390
-+#define CKM_MD2_KEY_DERIVATION 0x00000391
-+#define CKM_SHA1_KEY_DERIVATION 0x00000392
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_KEY_DERIVATION 0x00000393
-+#define CKM_SHA384_KEY_DERIVATION 0x00000394
-+#define CKM_SHA512_KEY_DERIVATION 0x00000395
-+
-+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_KEY_DERIVATION 0x00000396
-+
-+#define CKM_PBE_MD2_DES_CBC 0x000003A0
-+#define CKM_PBE_MD5_DES_CBC 0x000003A1
-+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-+#define CKM_PBE_SHA1_RC4_128 0x000003A6
-+#define CKM_PBE_SHA1_RC4_40 0x000003A7
-+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-+
-+/* CKM_PKCS5_PBKD2 is new for v2.10 */
-+#define CKM_PKCS5_PBKD2 0x000003B0
-+
-+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-+
-+/* WTLS mechanisms are new for v2.20 */
-+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
-+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
-+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
-+#define CKM_WTLS_PRF 0x000003D3
-+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
-+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
-+
-+#define CKM_KEY_WRAP_LYNKS 0x00000400
-+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-+
-+/* CKM_CMS_SIG is new for v2.20 */
-+#define CKM_CMS_SIG 0x00000500
-+
-+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
-+#define CKM_KIP_DERIVE 0x00000510
-+#define CKM_KIP_WRAP 0x00000511
-+#define CKM_KIP_MAC 0x00000512
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_CAMELLIA_KEY_GEN 0x00000550
-+#define CKM_CAMELLIA_ECB 0x00000551
-+#define CKM_CAMELLIA_CBC 0x00000552
-+#define CKM_CAMELLIA_MAC 0x00000553
-+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
-+#define CKM_CAMELLIA_CBC_PAD 0x00000555
-+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
-+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
-+#define CKM_CAMELLIA_CTR 0x00000558
-+
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_ARIA_KEY_GEN 0x00000560
-+#define CKM_ARIA_ECB 0x00000561
-+#define CKM_ARIA_CBC 0x00000562
-+#define CKM_ARIA_MAC 0x00000563
-+#define CKM_ARIA_MAC_GENERAL 0x00000564
-+#define CKM_ARIA_CBC_PAD 0x00000565
-+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
-+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
-+
-+/* Fortezza mechanisms */
-+#define CKM_SKIPJACK_KEY_GEN 0x00001000
-+#define CKM_SKIPJACK_ECB64 0x00001001
-+#define CKM_SKIPJACK_CBC64 0x00001002
-+#define CKM_SKIPJACK_OFB64 0x00001003
-+#define CKM_SKIPJACK_CFB64 0x00001004
-+#define CKM_SKIPJACK_CFB32 0x00001005
-+#define CKM_SKIPJACK_CFB16 0x00001006
-+#define CKM_SKIPJACK_CFB8 0x00001007
-+#define CKM_SKIPJACK_WRAP 0x00001008
-+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-+#define CKM_SKIPJACK_RELAYX 0x0000100a
-+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-+#define CKM_KEA_KEY_DERIVE 0x00001011
-+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-+#define CKM_BATON_KEY_GEN 0x00001030
-+#define CKM_BATON_ECB128 0x00001031
-+#define CKM_BATON_ECB96 0x00001032
-+#define CKM_BATON_CBC128 0x00001033
-+#define CKM_BATON_COUNTER 0x00001034
-+#define CKM_BATON_SHUFFLE 0x00001035
-+#define CKM_BATON_WRAP 0x00001036
-+
-+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
-+ * CKM_EC_KEY_PAIR_GEN is preferred */
-+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-+#define CKM_EC_KEY_PAIR_GEN 0x00001040
-+
-+#define CKM_ECDSA 0x00001041
-+#define CKM_ECDSA_SHA1 0x00001042
-+
-+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
-+ * are new for v2.11 */
-+#define CKM_ECDH1_DERIVE 0x00001050
-+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
-+#define CKM_ECMQV_DERIVE 0x00001052
-+
-+#define CKM_JUNIPER_KEY_GEN 0x00001060
-+#define CKM_JUNIPER_ECB128 0x00001061
-+#define CKM_JUNIPER_CBC128 0x00001062
-+#define CKM_JUNIPER_COUNTER 0x00001063
-+#define CKM_JUNIPER_SHUFFLE 0x00001064
-+#define CKM_JUNIPER_WRAP 0x00001065
-+#define CKM_FASTHASH 0x00001070
-+
-+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
-+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
-+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
-+ * new for v2.11 */
-+#define CKM_AES_KEY_GEN 0x00001080
-+#define CKM_AES_ECB 0x00001081
-+#define CKM_AES_CBC 0x00001082
-+#define CKM_AES_MAC 0x00001083
-+#define CKM_AES_MAC_GENERAL 0x00001084
-+#define CKM_AES_CBC_PAD 0x00001085
-+
-+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_AES_CTR 0x00001086
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKM_BLOWFISH_KEY_GEN 0x00001090
-+#define CKM_BLOWFISH_CBC 0x00001091
-+#define CKM_TWOFISH_KEY_GEN 0x00001092
-+#define CKM_TWOFISH_CBC 0x00001093
-+
-+
-+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
-+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
-+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
-+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
-+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
-+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
-+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
-+
-+#define CKM_DSA_PARAMETER_GEN 0x00002000
-+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
-+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
-+
-+#define CKM_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-+
-+
-+/* CK_MECHANISM is a structure that specifies a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM {
-+ CK_MECHANISM_TYPE mechanism;
-+ CK_VOID_PTR pParameter;
-+
-+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulParameterLen; /* in bytes */
-+} CK_MECHANISM;
-+
-+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-+
-+
-+/* CK_MECHANISM_INFO provides information about a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM_INFO {
-+ CK_ULONG ulMinKeySize;
-+ CK_ULONG ulMaxKeySize;
-+ CK_FLAGS flags;
-+} CK_MECHANISM_INFO;
-+
-+/* The flags are defined as follows:
-+ * Bit Flag Mask Meaning */
-+#define CKF_HW 0x00000001 /* performed by HW */
-+
-+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
-+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
-+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
-+ * and CKF_DERIVE are new for v2.0. They specify whether or not
-+ * a mechanism can be used for a particular task */
-+#define CKF_ENCRYPT 0x00000100
-+#define CKF_DECRYPT 0x00000200
-+#define CKF_DIGEST 0x00000400
-+#define CKF_SIGN 0x00000800
-+#define CKF_SIGN_RECOVER 0x00001000
-+#define CKF_VERIFY 0x00002000
-+#define CKF_VERIFY_RECOVER 0x00004000
-+#define CKF_GENERATE 0x00008000
-+#define CKF_GENERATE_KEY_PAIR 0x00010000
-+#define CKF_WRAP 0x00020000
-+#define CKF_UNWRAP 0x00040000
-+#define CKF_DERIVE 0x00080000
-+
-+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
-+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
-+ * describe a token's EC capabilities not available in mechanism
-+ * information. */
-+#define CKF_EC_F_P 0x00100000
-+#define CKF_EC_F_2M 0x00200000
-+#define CKF_EC_ECPARAMETERS 0x00400000
-+#define CKF_EC_NAMEDCURVE 0x00800000
-+#define CKF_EC_UNCOMPRESS 0x01000000
-+#define CKF_EC_COMPRESS 0x02000000
-+
-+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
-+
-+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-+
-+
-+/* CK_RV is a value that identifies the return value of a
-+ * Cryptoki function */
-+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_RV;
-+
-+#define CKR_OK 0x00000000
-+#define CKR_CANCEL 0x00000001
-+#define CKR_HOST_MEMORY 0x00000002
-+#define CKR_SLOT_ID_INVALID 0x00000003
-+
-+/* CKR_FLAGS_INVALID was removed for v2.0 */
-+
-+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-+#define CKR_GENERAL_ERROR 0x00000005
-+#define CKR_FUNCTION_FAILED 0x00000006
-+
-+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
-+ * and CKR_CANT_LOCK are new for v2.01 */
-+#define CKR_ARGUMENTS_BAD 0x00000007
-+#define CKR_NO_EVENT 0x00000008
-+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-+#define CKR_CANT_LOCK 0x0000000A
-+
-+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-+#define CKR_DATA_INVALID 0x00000020
-+#define CKR_DATA_LEN_RANGE 0x00000021
-+#define CKR_DEVICE_ERROR 0x00000030
-+#define CKR_DEVICE_MEMORY 0x00000031
-+#define CKR_DEVICE_REMOVED 0x00000032
-+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-+#define CKR_FUNCTION_CANCELED 0x00000050
-+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-+
-+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-+
-+#define CKR_KEY_HANDLE_INVALID 0x00000060
-+
-+/* CKR_KEY_SENSITIVE was removed for v2.0 */
-+
-+#define CKR_KEY_SIZE_RANGE 0x00000062
-+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-+
-+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
-+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
-+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
-+ * v2.0 */
-+#define CKR_KEY_NOT_NEEDED 0x00000064
-+#define CKR_KEY_CHANGED 0x00000065
-+#define CKR_KEY_NEEDED 0x00000066
-+#define CKR_KEY_INDIGESTIBLE 0x00000067
-+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-+
-+#define CKR_MECHANISM_INVALID 0x00000070
-+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-+
-+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
-+ * were removed for v2.0 */
-+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-+#define CKR_OPERATION_ACTIVE 0x00000090
-+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-+#define CKR_PIN_INCORRECT 0x000000A0
-+#define CKR_PIN_INVALID 0x000000A1
-+#define CKR_PIN_LEN_RANGE 0x000000A2
-+
-+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-+#define CKR_PIN_EXPIRED 0x000000A3
-+#define CKR_PIN_LOCKED 0x000000A4
-+
-+#define CKR_SESSION_CLOSED 0x000000B0
-+#define CKR_SESSION_COUNT 0x000000B1
-+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-+#define CKR_SESSION_READ_ONLY 0x000000B5
-+#define CKR_SESSION_EXISTS 0x000000B6
-+
-+/* CKR_SESSION_READ_ONLY_EXISTS and
-+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-+
-+#define CKR_SIGNATURE_INVALID 0x000000C0
-+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-+#define CKR_USER_NOT_LOGGED_IN 0x00000101
-+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-+#define CKR_USER_TYPE_INVALID 0x00000103
-+
-+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
-+ * are new to v2.01 */
-+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-+#define CKR_USER_TOO_MANY_TYPES 0x00000105
-+
-+#define CKR_WRAPPED_KEY_INVALID 0x00000110
-+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-+
-+/* These are new to v2.0 */
-+#define CKR_RANDOM_NO_RNG 0x00000121
-+
-+/* These are new to v2.11 */
-+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
-+
-+/* These are new to v2.0 */
-+#define CKR_BUFFER_TOO_SMALL 0x00000150
-+#define CKR_SAVED_STATE_INVALID 0x00000160
-+#define CKR_INFORMATION_SENSITIVE 0x00000170
-+#define CKR_STATE_UNSAVEABLE 0x00000180
-+
-+/* These are new to v2.01 */
-+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-+#define CKR_MUTEX_BAD 0x000001A0
-+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-+
-+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
-+#define CKR_NEW_PIN_MODE 0x000001B0
-+#define CKR_NEXT_OTP 0x000001B1
-+
-+/* This is new to v2.20 */
-+#define CKR_FUNCTION_REJECTED 0x00000200
-+
-+#define CKR_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_NOTIFY is an application callback that processes events */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_NOTIFICATION event,
-+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
-+);
-+
-+
-+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
-+ * version and pointers of appropriate types to all the
-+ * Cryptoki functions */
-+/* CK_FUNCTION_LIST is new for v2.0 */
-+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-+
-+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-+
-+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-+
-+
-+/* CK_CREATEMUTEX is an application callback for creating a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-+);
-+
-+
-+/* CK_DESTROYMUTEX is an application callback for destroying a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_LOCKMUTEX is an application callback for locking a mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_UNLOCKMUTEX is an application callback for unlocking a
-+ * mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
-+ * C_Initialize */
-+typedef struct CK_C_INITIALIZE_ARGS {
-+ CK_CREATEMUTEX CreateMutex;
-+ CK_DESTROYMUTEX DestroyMutex;
-+ CK_LOCKMUTEX LockMutex;
-+ CK_UNLOCKMUTEX UnlockMutex;
-+ CK_FLAGS flags;
-+ CK_VOID_PTR pReserved;
-+} CK_C_INITIALIZE_ARGS;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-+#define CKF_OS_LOCKING_OK 0x00000002
-+
-+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-+
-+
-+/* additional flags for parameters to functions */
-+
-+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-+#define CKF_DONT_BLOCK 1
-+
-+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
-+ * Generation Function (MGF) applied to a message block when
-+ * formatting a message block for the PKCS #1 OAEP encryption
-+ * scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-+
-+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-+
-+/* The following MGFs are defined */
-+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
-+ * are new for v2.20 */
-+#define CKG_MGF1_SHA1 0x00000001
-+#define CKG_MGF1_SHA256 0x00000002
-+#define CKG_MGF1_SHA384 0x00000003
-+#define CKG_MGF1_SHA512 0x00000004
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKG_MGF1_SHA224 0x00000005
-+
-+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
-+ * of the encoding parameter when formatting a message block
-+ * for the PKCS #1 OAEP encryption scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-+
-+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-+
-+/* The following encoding parameter sources are defined */
-+#define CKZ_DATA_SPECIFIED 0x00000001
-+
-+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_OAEP mechanism. */
-+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-+ CK_VOID_PTR pSourceData;
-+ CK_ULONG ulSourceDataLen;
-+} CK_RSA_PKCS_OAEP_PARAMS;
-+
-+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-+
-+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
-+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_PSS mechanism(s). */
-+typedef struct CK_RSA_PKCS_PSS_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_ULONG sLen;
-+} CK_RSA_PKCS_PSS_PARAMS;
-+
-+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-+
-+/* CK_EC_KDF_TYPE is new for v2.11. */
-+typedef CK_ULONG CK_EC_KDF_TYPE;
-+
-+/* The following EC Key Derivation Functions are defined */
-+#define CKD_NULL 0x00000001
-+#define CKD_SHA1_KDF 0x00000002
-+
-+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
-+ * where each party contributes one key pair.
-+ */
-+typedef struct CK_ECDH1_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_ECDH1_DERIVE_PARAMS;
-+
-+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
-+typedef struct CK_ECDH2_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_ECDH2_DERIVE_PARAMS;
-+
-+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_ECMQV_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_ECMQV_DERIVE_PARAMS;
-+
-+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-+
-+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
-+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
-+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-+
-+/* The following X9.42 DH key derivation functions are defined
-+ (besides CKD_NULL already defined : */
-+#define CKD_SHA1_KDF_ASN1 0x00000003
-+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
-+
-+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
-+ * contributes one key pair */
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_X9_42_DH1_DERIVE_PARAMS;
-+
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-+
-+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
-+ * mechanisms, where each party contributes two key pairs */
-+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_X9_42_DH2_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_X9_42_MQV_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-+
-+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
-+ * CKM_KEA_DERIVE mechanism */
-+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-+typedef struct CK_KEA_DERIVE_PARAMS {
-+ CK_BBOOL isSender;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pRandomB;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_KEA_DERIVE_PARAMS;
-+
-+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
-+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
-+ * holds the effective keysize */
-+typedef CK_ULONG CK_RC2_PARAMS;
-+
-+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-+
-+
-+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
-+ * mechanism */
-+typedef struct CK_RC2_CBC_PARAMS {
-+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+
-+ CK_BYTE iv[8]; /* IV for CBC mode */
-+} CK_RC2_CBC_PARAMS;
-+
-+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC2_MAC_GENERAL mechanism */
-+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC2_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
-+ * CKM_RC5_MAC mechanisms */
-+/* CK_RC5_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+} CK_RC5_PARAMS;
-+
-+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-+
-+
-+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
-+ * mechanism */
-+/* CK_RC5_CBC_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_CBC_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_BYTE_PTR pIv; /* pointer to IV */
-+ CK_ULONG ulIvLen; /* length of IV in bytes */
-+} CK_RC5_CBC_PARAMS;
-+
-+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC5_MAC_GENERAL mechanism */
-+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC5_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
-+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
-+ * the MAC */
-+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-+
-+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-+
-+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
-+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[8];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pPassword;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPAndGLen;
-+ CK_ULONG ulQLen;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pPrimeP;
-+ CK_BYTE_PTR pBaseG;
-+ CK_BYTE_PTR pSubprimeQ;
-+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-+
-+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
-+
-+
-+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_RELAYX mechanism */
-+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-+ CK_ULONG ulOldWrappedXLen;
-+ CK_BYTE_PTR pOldWrappedX;
-+ CK_ULONG ulOldPasswordLen;
-+ CK_BYTE_PTR pOldPassword;
-+ CK_ULONG ulOldPublicDataLen;
-+ CK_BYTE_PTR pOldPublicData;
-+ CK_ULONG ulOldRandomLen;
-+ CK_BYTE_PTR pOldRandomA;
-+ CK_ULONG ulNewPasswordLen;
-+ CK_BYTE_PTR pNewPassword;
-+ CK_ULONG ulNewPublicDataLen;
-+ CK_BYTE_PTR pNewPublicData;
-+ CK_ULONG ulNewRandomLen;
-+ CK_BYTE_PTR pNewRandomA;
-+} CK_SKIPJACK_RELAYX_PARAMS;
-+
-+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
-+
-+
-+typedef struct CK_PBE_PARAMS {
-+ CK_BYTE_PTR pInitVector;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pSalt;
-+ CK_ULONG ulSaltLen;
-+ CK_ULONG ulIteration;
-+} CK_PBE_PARAMS;
-+
-+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-+
-+
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
-+ * CKM_KEY_WRAP_SET_OAEP mechanism */
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-+ CK_BYTE bBC; /* block contents byte */
-+ CK_BYTE_PTR pX; /* extra data */
-+ CK_ULONG ulXLen; /* length of extra data in bytes */
-+} CK_KEY_WRAP_SET_OAEP_PARAMS;
-+
-+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
-+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_SSL3_RANDOM_DATA;
-+
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_VERSION_PTR pVersion;
-+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hClientMacSecret;
-+ CK_OBJECT_HANDLE hServerMacSecret;
-+ CK_OBJECT_HANDLE hClientKey;
-+ CK_OBJECT_HANDLE hServerKey;
-+ CK_BYTE_PTR pIVClient;
-+ CK_BYTE_PTR pIVServer;
-+} CK_SSL3_KEY_MAT_OUT;
-+
-+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_PARAMS {
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_BBOOL bIsExport;
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_SSL3_KEY_MAT_PARAMS;
-+
-+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-+
-+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
-+typedef struct CK_TLS_PRF_PARAMS {
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_TLS_PRF_PARAMS;
-+
-+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-+
-+/* WTLS is new for version 2.20 */
-+typedef struct CK_WTLS_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_WTLS_RANDOM_DATA;
-+
-+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-+
-+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_BYTE_PTR pVersion;
-+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_PRF_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_WTLS_PRF_PARAMS;
-+
-+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hMacSecret;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pIV;
-+} CK_WTLS_KEY_MAT_OUT;
-+
-+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_ULONG ulSequenceNumber;
-+ CK_BBOOL bIsExport;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_WTLS_KEY_MAT_PARAMS;
-+
-+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-+
-+/* CMS is new for version 2.20 */
-+typedef struct CK_CMS_SIG_PARAMS {
-+ CK_OBJECT_HANDLE certificateHandle;
-+ CK_MECHANISM_PTR pSigningMechanism;
-+ CK_MECHANISM_PTR pDigestMechanism;
-+ CK_UTF8CHAR_PTR pContentType;
-+ CK_BYTE_PTR pRequestedAttributes;
-+ CK_ULONG ulRequestedAttributesLen;
-+ CK_BYTE_PTR pRequiredAttributes;
-+ CK_ULONG ulRequiredAttributesLen;
-+} CK_CMS_SIG_PARAMS;
-+
-+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-+
-+typedef struct CK_KEY_DERIVATION_STRING_DATA {
-+ CK_BYTE_PTR pData;
-+ CK_ULONG ulLen;
-+} CK_KEY_DERIVATION_STRING_DATA;
-+
-+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-+ CK_KEY_DERIVATION_STRING_DATA_PTR;
-+
-+
-+/* The CK_EXTRACT_PARAMS is used for the
-+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
-+ * of the base key should be used as the first bit of the
-+ * derived key */
-+/* CK_EXTRACT_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_EXTRACT_PARAMS;
-+
-+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-+
-+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
-+ * indicate the Pseudo-Random Function (PRF) used to generate
-+ * key bits using PKCS #5 PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-+
-+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-+
-+/* The following PRFs are defined in PKCS #5 v2.0. */
-+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
-+
-+
-+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
-+ * source of the salt value when deriving a key using PKCS #5
-+ * PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-+
-+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-+
-+/* The following salt value sources are defined in PKCS #5 v2.0. */
-+#define CKZ_SALT_SPECIFIED 0x00000001
-+
-+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
-+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
-+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
-+typedef struct CK_PKCS5_PBKD2_PARAMS {
-+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-+ CK_VOID_PTR pSaltSourceData;
-+ CK_ULONG ulSaltSourceDataLen;
-+ CK_ULONG iterations;
-+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-+ CK_VOID_PTR pPrfData;
-+ CK_ULONG ulPrfDataLen;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG_PTR ulPasswordLen;
-+} CK_PKCS5_PBKD2_PARAMS;
-+
-+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-+
-+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
-+
-+typedef CK_ULONG CK_OTP_PARAM_TYPE;
-+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
-+
-+typedef struct CK_OTP_PARAM {
-+ CK_OTP_PARAM_TYPE type;
-+ CK_VOID_PTR pValue;
-+ CK_ULONG ulValueLen;
-+} CK_OTP_PARAM;
-+
-+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-+
-+typedef struct CK_OTP_PARAMS {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_PARAMS;
-+
-+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-+
-+typedef struct CK_OTP_SIGNATURE_INFO {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_SIGNATURE_INFO;
-+
-+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CK_OTP_VALUE 0
-+#define CK_OTP_PIN 1
-+#define CK_OTP_CHALLENGE 2
-+#define CK_OTP_TIME 3
-+#define CK_OTP_COUNTER 4
-+#define CK_OTP_FLAGS 5
-+#define CK_OTP_OUTPUT_LENGTH 6
-+#define CK_OTP_OUTPUT_FORMAT 7
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CKF_NEXT_OTP 0x00000001
-+#define CKF_EXCLUDE_TIME 0x00000002
-+#define CKF_EXCLUDE_COUNTER 0x00000004
-+#define CKF_EXCLUDE_CHALLENGE 0x00000008
-+#define CKF_EXCLUDE_PIN 0x00000010
-+#define CKF_USER_FRIENDLY_OTP 0x00000020
-+
-+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
-+typedef struct CK_KIP_PARAMS {
-+ CK_MECHANISM_PTR pMechanism;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+} CK_KIP_PARAMS;
-+
-+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-+
-+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_AES_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_AES_CTR_PARAMS;
-+
-+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_CAMELLIA_CTR_PARAMS;
-+
-+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+#endif
-Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.7.6.1 openssl/util/libeay.num:1.7
---- openssl/util/libeay.num:1.7.6.1 Sun Jan 15 15:45:40 2012
-+++ openssl/util/libeay.num Mon Jun 13 14:25:25 2011
-@@ -3728,3 +3728,5 @@
- pqueue_size 4114 EXIST::FUNCTION:
- OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
- OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:
-+ENGINE_load_pk11ca 4117 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
-+ENGINE_load_pk11so 4117 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
-Index: openssl/util/mk1mf.pl
-diff -u openssl/util/mk1mf.pl:1.8.6.1 openssl/util/mk1mf.pl:1.8
---- openssl/util/mk1mf.pl:1.8.6.1 Sun Jan 15 15:45:40 2012
-+++ openssl/util/mk1mf.pl Mon Jun 13 14:25:25 2011
-@@ -87,6 +87,8 @@
- no-ecdh - No ECDH
- no-engine - No engine
- no-hw - No hw
-+ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
-+ no-hw-pkcs11so - No hw PKCS#11 SO flavor
- nasm - Use NASM for x86 asm
- nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
-@@ -242,6 +244,8 @@
- $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
- $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
- $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
- $cflags.=" -DOPENSSL_FIPS" if $fips;
- $cflags.= " -DZLIB" if $zlib_opt;
- $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-@@ -316,6 +320,9 @@
- $dir=$val;
- }
-
-+ if ($key eq "PK11_LIB_LOCATION")
-+ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
-+
- if ($key eq "KRB5_INCLUDES")
- { $cflags .= " $val";}
-
-@@ -1301,6 +1308,8 @@
- "no-ecdh" => \$no_ecdh,
- "no-engine" => \$no_engine,
- "no-hw" => \$no_hw,
-+ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
-+ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
- "just-ssl" =>
- [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
-Index: openssl/util/mkdef.pl
-diff -u openssl/util/mkdef.pl:1.6.6.1 openssl/util/mkdef.pl:1.6
---- openssl/util/mkdef.pl:1.6.6.1 Sun Jan 15 15:45:40 2012
-+++ openssl/util/mkdef.pl Mon Jun 13 14:25:25 2011
-@@ -93,7 +93,7 @@
- # External "algorithms"
- "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
- # Engines
-- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-+ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
- # RFC3779 support
- "RFC3779",
- # TLS extension support
-@@ -122,6 +122,7 @@
- my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
- my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
- my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
-+my $no_pkcs11ca; my $no_pkcs11so;
- my $no_seed;
- my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
- my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake;
-@@ -214,6 +215,8 @@
- elsif (/^no-cms$/) { $no_cms=1; }
- elsif (/^no-capieng$/) { $no_capieng=1; }
- elsif (/^no-jpake$/) { $no_jpake=1; }
-+ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
-+ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
- }
-
-
-@@ -1155,6 +1158,8 @@
- if ($keyword eq "KRB5" && $no_krb5) { return 0; }
- if ($keyword eq "ENGINE" && $no_engine) { return 0; }
- if ($keyword eq "HW" && $no_hw) { return 0; }
-+ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
-+ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
-Index: openssl/util/pl/VC-32.pl
-diff -u openssl/util/pl/VC-32.pl:1.6.6.1.2.1 openssl/util/pl/VC-32.pl:1.6.2.1
---- openssl/util/pl/VC-32.pl:1.6.6.1.2.1 Tue Jun 19 14:58:52 2012
-+++ openssl/util/pl/VC-32.pl Tue Jun 19 15:00:09 2012
-@@ -52,7 +52,7 @@
- my $f = $shlib || $fips ?' /MD':' /MT';
- $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
- $opt_cflags=$f.' /Ox';
-- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-+ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
- }
- elsif ($FLAVOR =~ /CE/)
Added: vendor/bind/dist/bin/pkcs11/openssl-0.9.8za-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-0.9.8za-patch (rev 0)
+++ vendor/bind/dist/bin/pkcs11/openssl-0.9.8za-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,15908 @@
+Index: openssl/Configure
+diff -u openssl/Configure:1.8.6.1.4.1.2.1 openssl/Configure:1.8.2.2
+--- openssl/Configure:1.8.6.1.4.1.2.1 Thu Jul 3 12:12:31 2014
++++ openssl/Configure Thu Jul 3 12:31:57 2014
+@@ -12,7 +12,7 @@
+
+ # see INSTALL for instructions.
+
+-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
++my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+ # Options:
+ #
+@@ -25,6 +25,12 @@
+ # default). This needn't be set in advance, you can
+ # just as well use "make INSTALL_PREFIX=/whatever install".
+ #
++# --pk11-libname PKCS#11 library name.
++# (No default)
++#
++# --pk11-flavor either crypto-accelerator or sign-only
++# (No default)
++#
+ # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
+ # to live in the subdirectory lib/ and the header files in
+ # include/. A value is required.
+@@ -336,7 +342,7 @@
+ "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IA-32 targets...
+ "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+ ####
+ "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -344,7 +350,7 @@
+ "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
+ # assisted with debugging of following two configs.
+@@ -591,6 +597,10 @@
+ my $idx_ranlib = $idx++;
+ my $idx_arflags = $idx++;
+
++# PKCS#11 engine patch
++my $pk11_libname="";
++my $pk11_flavor="";
++
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
+@@ -829,6 +839,14 @@
+ {
+ $flags.=$_." ";
+ }
++ elsif (/^--pk11-libname=(.*)$/)
++ {
++ $pk11_libname=$1;
++ }
++ elsif (/^--pk11-flavor=(.*)$/)
++ {
++ $pk11_flavor=$1;
++ }
+ elsif (/^--prefix=(.*)$/)
+ {
+ $prefix=$1;
+@@ -964,6 +982,22 @@
+ exit 0;
+ }
+
++if (! $pk11_libname)
++ {
++ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
++ print STDERR "See README.pkcs11 for more information.\n";
++ exit 1;
++ }
++
++if (! $pk11_flavor
++ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
++ {
++ print STDERR "You must set --pk11-flavor.\n";
++ print STDERR "Choices are crypto-accelerator and sign-only.\n";
++ print STDERR "See README.pkcs11 for more information.\n";
++ exit 1;
++ }
++
+ if ($target =~ m/^CygWin32(-.*)$/) {
+ $target = "Cygwin".$1;
+ }
+@@ -1079,6 +1113,25 @@
+ print "\n";
+ }
+
++if ($pk11_flavor eq "crypto-accelerator")
++ {
++ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
++ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
++ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
++ $options .= " no-hw-pkcs11so";
++ print " no-hw-pkcs11so [pk11-flavor]";
++ print " OPENSSL_NO_HW_PKCS11SO\n";
++ }
++else
++ {
++ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
++ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
++ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
++ $options .= " no-hw-pkcs11ca";
++ print " no-hw-pkcs11ca [pk11-flavor]";
++ print " OPENSSL_NO_HW_PKCS11CA\n";
++}
++
+ my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
+
+ $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
+@@ -1130,6 +1183,8 @@
+ if ($flags ne "") { $cflags="$flags$cflags"; }
+ else { $no_user_cflags=1; }
+
++$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
++
+ # Kerberos settings. The flavor must be provided from outside, either through
+ # the script "config" or manually.
+ if (!$no_krb5)
+@@ -1493,6 +1548,7 @@
+ s/^VERSION=.*/VERSION=$version/;
+ s/^MAJOR=.*/MAJOR=$major/;
+ s/^MINOR=.*/MINOR=$minor/;
++ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
+ s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+ s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+Index: openssl/Makefile.org
+diff -u openssl/Makefile.org:1.4.6.1.6.1 openssl/Makefile.org:1.4.2.1
+--- openssl/Makefile.org:1.4.6.1.6.1 Thu Jul 3 12:12:31 2014
++++ openssl/Makefile.org Thu Jul 3 12:31:58 2014
+@@ -26,6 +26,9 @@
+ INSTALL_PREFIX=
+ INSTALLTOP=/usr/local/ssl
+
++# You must set this through --pk11-libname configure option.
++PK11_LIB_LOCATION=
++
+ # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+ OPENSSLDIR=/usr/local/ssl
+
+Index: openssl/README.pkcs11
+diff -u /dev/null openssl/README.pkcs11:1.6.4.2
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/README.pkcs11 Fri Oct 4 14:45:25 2013
+@@ -0,0 +1,266 @@
++ISC modified
++============
++
++The previous key naming scheme was kept for backward compatibility.
++
++The PKCS#11 engine exists in two flavors, crypto-accelerator and
++sign-only. The first one is from the Solaris patch and uses the
++PKCS#11 device for all crypto operations it supports. The second
++is a stripped down version which provides only the useful
++function (i.e., signature with a RSA private key in the device
++protected key store and key loading).
++
++As a hint PKCS#11 boards should use the crypto-accelerator flavor,
++external PKCS#11 devices the sign-only. SCA 6000 is an example
++of the first, AEP Keyper of the second.
++
++Note it is mandatory to set a pk11-flavor (and only one) in
++config/Configure.
++
++It is highly recommended to compile in (vs. as a DSO) the engine.
++The way to configure this is system dependent, on Unixes it is no-shared
++(and is in general the default), on WIN32 it is enable-static-engine
++(and still enable to build the OpenSSL libraries as DLLs).
++
++PKCS#11 engine support for OpenSSL 0.9.8l
++=========================================
++
++[Nov 19, 2009]
++
++Contents:
++
++Overview
++Revisions of the patch for 0.9.8 branch
++FAQs
++Feedback
++
++Overview
++========
++
++This patch containing code available in OpenSolaris adds support for PKCS#11
++engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
++OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
++must provide PKCS#11 backend otherwise the patch is useless. You provide the
++PKCS#11 library name during the build configuration phase, see below.
++
++Patch can be applied like this:
++
++ # NOTE: use gtar if on Solaris
++ tar xfzv openssl-0.9.8l.tar.gz
++ # now download the patch to the current directory
++ # ...
++ cd openssl-0.9.8l
++ # NOTE: must use gpatch if on Solaris (is part of the system)
++ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
++
++It is designed to support pure acceleration for RSA, DSA, DH and all the
++symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
++except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
++
++According to the PKCS#11 providers installed on your machine, it can support
++following mechanisms:
++
++ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
++ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
++ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
++ SHA256, SHA384, SHA512
++
++Note that for AES counter mode the application must provide their own EVP
++functions since OpenSSL doesn't support counter mode through EVP yet. You may
++see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
++example of code that uses the PKCS#11 engine and deals with the fork-safety
++problem (see engine.c and packet.c files if interested).
++
++You must provide the location of PKCS#11 library in your system to the
++configure script. You will be instructed to do that when you try to run the
++config script:
++
++ $ ./config
++ Operating system: i86pc-whatever-solaris2
++ Configuring for solaris-x86-cc
++ You must set --pk11-libname for PKCS#11 library.
++ See README.pkcs11 for more information.
++
++Taking openCryptoki project on Linux AMD64 box as an example, you would run
++configure script like this:
++
++ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
++
++To check whether newly built openssl really supports PKCS#11 it's enough to run
++"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
++output. If you see no PKCS#11 engine support check that the built openssl binary
++and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
++
++The patch, during various phases of development, was tested on Solaris against
++PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
++OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
++(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
++information). Some Linux distributions even ship those libraries with the
++system. The patch should work on any system that is supported by OpenSSL itself
++and has functional PKCS#11 library.
++
++The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
++copyrighted by RSA Security Inc., see pkcs11.h for more information.
++
++Other added/modified code in this patch is copyrighted by Sun Microsystems,
++Inc. and is released under the OpenSSL license (see LICENSE file for more
++information).
++
++Revisions of the patch for 0.9.8 branch
++=======================================
++
++2009-11-19
++- adjusted for OpenSSL version 0.9.8l
++
++- bugs and RFEs:
++
++ 6479874 OpenSSL should support RSA key by reference/hardware keystores
++ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
++ 6732677 make check to trigger Solaris specific code automatic in the
++ PKCS#11 engine
++
++2009-03-11
++- adjusted for OpenSSL version 0.9.8j
++
++- README.pkcs11 moved out of the patch, and is shipped together with it in a
++ tarball instead so that it can be read before the patch is applied.
++
++- fixed bugs:
++
++ 6804216 pkcs#11 engine should support a key length range for RC4
++ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
++ meta slot is disabled
++
++2008-12-02
++- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
++
++ 6723504 more granular locking in PKCS#11 engine
++ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
++ 6710420 PKCS#11 engine source should be lint clean
++ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
++ it seriously
++ 6746712 PKCS#11 engine source code should be cstyle clean
++ 6731380 return codes of several functions are not checked in the PKCS#11
++ engine code
++ 6746735 PKCS#11 engine should use extended FILE space API
++ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
++ meta slot is disabled
++
++2008-08-01
++- fixed bug
++
++ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
++ and digests
++
++- Solaris specific code for slot selection made automatic
++
++2008-07-29
++- update the patch to OpenSSL 0.9.8h version
++- pkcs11t.h updated to the latest version:
++
++ 6545665 make CKM_AES_CTR available to non-kernel users
++
++- fixed bugs in the engine code:
++
++ 6602801 PK11_SESSION cache has to employ reference counting scheme for
++ asymmetric key operations
++ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
++ atomically
++ 6607307 pkcs#11 engine can't read RSA private keys
++ 6652362 pk11_RSA_finish() is cutting corners
++ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
++ suboptimal way
++ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
++ resilient to destroy failures
++ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
++ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
++ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
++ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
++ of big numbers leading to failures
++ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
++ -1
++ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
++ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
++ checked
++ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
++ structure reuse
++ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
++ OPENSSL_NO_{RSA,DSA,DH}
++ defines but fails miserably
++ 6709966 make check_new_*() to return values to indicate cache hit/miss
++ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
++ generate_params parameter
++ 6709513 PKCS#11 engine sets IV length even for ECB modes
++ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
++ PKCS#11 engine
++ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
++
++- new features and enhancements:
++
++ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
++ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
++ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
++ ciphers and digests
++
++2007-10-15
++- update for 0.9.8f version
++- update for "6607670 teach pkcs#11 engine how to use keys be reference"
++
++2007-10-02
++- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
++- draft for "6607307 pkcs#11 engine can't read RSA private keys"
++
++2007-09-26
++- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
++ significant performance drop
++- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
++
++2007-05-25
++- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
++
++2007-05-19
++- initial patch for 0.9.8e using latest OpenSolaris code
++
++FAQs
++====
++
++(1) my build failed on Linux distro with this error:
++
++../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
++hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
++
++Answer:
++
++ - don't use "no-threads" when configuring
++ - if you didn't then OpenSSL failed to create a threaded library by
++ default. You may manually edit Configure and try again. Look for the
++ architecture that Configure printed, for example:
++
++Configured for linux-elf.
++
++ - then edit Configure, find string "linux-elf" (inluding the quotes),
++ and add flags to support threads to the 4th column of the 2nd string.
++ If you build with GCC then adding "-pthread" should be enough. With
++ "linux-elf" as an example, you would add " -pthread" right after
++ "-D_REENTRANT", like this:
++
++....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
++
++(2) I'm using MinGW/MSYS environment and get undeclared reference error for
++pthread_atfork() function when trying to build OpenSSL with the patch.
++
++Answer:
++
++ Sorry, pthread_atfork() is not implemented in the current pthread-win32
++ (as of Nov 2009). You can not use the patch there.
++
++
++Feedback
++========
++
++Please send feedback to security-discuss at opensolaris.org. The patch was
++created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
++
++Latest version should be always available on http://blogs.sun.com/janp.
++
+Index: openssl/crypto/opensslconf.h
+diff -u openssl/crypto/opensslconf.h:1.5.10.1 openssl/crypto/opensslconf.h:1.5
+--- openssl/crypto/opensslconf.h:1.5.10.1 Sun Jan 15 15:45:34 2012
++++ openssl/crypto/opensslconf.h Fri Sep 4 10:43:21 2009
+@@ -38,6 +38,9 @@
+
+ #endif /* OPENSSL_DOING_MAKEDEPEND */
+
++#ifndef OPENSSL_THREADS
++# define OPENSSL_THREADS
++#endif
+ #ifndef OPENSSL_NO_DYNAMIC_ENGINE
+ # define OPENSSL_NO_DYNAMIC_ENGINE
+ #endif
+@@ -79,6 +82,8 @@
+ # endif
+ #endif
+
++#define OPENSSL_CPUID_OBJ
++
+ /* crypto/opensslconf.h.in */
+
+ #ifdef OPENSSL_DOING_MAKEDEPEND
+@@ -140,7 +145,7 @@
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+-#undef RC4_CHUNK
++#define RC4_CHUNK unsigned long
+ #endif
+ #endif
+
+@@ -148,7 +153,7 @@
+ /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+ #ifndef DES_LONG
+-#define DES_LONG unsigned long
++#define DES_LONG unsigned int
+ #endif
+ #endif
+
+@@ -162,9 +167,9 @@
+ /* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+-#undef SIXTY_FOUR_BIT_LONG
++#define SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+-#define THIRTY_TWO_BIT
++#undef THIRTY_TWO_BIT
+ #undef SIXTEEN_BIT
+ #undef EIGHT_BIT
+ #endif
+@@ -178,7 +183,7 @@
+
+ #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+ #define CONFIG_HEADER_BF_LOCL_H
+-#undef BF_PTR
++#define BF_PTR2
+ #endif /* HEADER_BF_LOCL_H */
+
+ #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+@@ -208,7 +213,7 @@
+ /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+ #ifndef DES_UNROLL
+-#undef DES_UNROLL
++#define DES_UNROLL
+ #endif
+
+ /* These default values were supplied by
+Index: openssl/crypto/bio/bss_file.c
+diff -u openssl/crypto/bio/bss_file.c:1.5.6.1 openssl/crypto/bio/bss_file.c:1.5
+--- openssl/crypto/bio/bss_file.c:1.5.6.1 Sun Jan 15 15:45:35 2012
++++ openssl/crypto/bio/bss_file.c Mon Jun 13 14:25:17 2011
+@@ -125,7 +125,7 @@
+ {
+ SYSerr(SYS_F_FOPEN,get_last_sys_error());
+ ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
+- if (errno == ENOENT)
++ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
+ BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
+ else
+ BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+Index: openssl/crypto/engine/Makefile
+diff -u openssl/crypto/engine/Makefile:1.6.6.1 openssl/crypto/engine/Makefile:1.6
+--- openssl/crypto/engine/Makefile:1.6.6.1 Sun Jan 15 15:45:35 2012
++++ openssl/crypto/engine/Makefile Mon Jun 13 14:25:19 2011
+@@ -21,12 +21,14 @@
+ eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+ tb_cipher.c tb_digest.c \
+- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
++ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \
++ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
+ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+ eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+ tb_cipher.o tb_digest.o \
+- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
++ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \
++ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
+
+ SRC= $(LIBSRC)
+
+@@ -288,6 +290,102 @@
+ eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+ eng_table.o: eng_table.c
++hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
++hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
++hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
++hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
++hw_pk11.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
++hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
++hw_pk11.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
++hw_pk11.o: ../../include/openssl/ui.h ../../include/openssl/err.h
++hw_pk11.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
++hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
++hw_pk11.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
++hw_pk11.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
++hw_pk11.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
++hw_pk11.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
++hw_pk11.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
++hw_pk11.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
++hw_pk11.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
++hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
++hw_pk11.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
++hw_pk11.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
++hw_pk11.o: ../../include/openssl/pem2.h ../cryptlib.h
++hw_pk11.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11.c
++hw_pk11_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
++hw_pk11_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
++hw_pk11_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
++hw_pk11_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++hw_pk11_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
++hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
++hw_pk11_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
++hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
++hw_pk11_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
++hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
++hw_pk11_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
++hw_pk11_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++hw_pk11_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
++hw_pk11_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
++hw_pk11_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
++hw_pk11_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
++hw_pk11_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
++hw_pk11_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
++hw_pk11_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
++hw_pk11_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
++hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
++hw_pk11_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
++hw_pk11_pub.o: ../../include/openssl/pem2.h ../cryptlib.h
++hw_pk11_pub.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11_pub.c
++hw_pk11so.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
++hw_pk11so.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
++hw_pk11so.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
++hw_pk11so.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++hw_pk11so.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
++hw_pk11so.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
++hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
++hw_pk11so.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
++hw_pk11so.o: ../../include/openssl/ui.h ../../include/openssl/err.h
++hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
++hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
++hw_pk11so.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++hw_pk11so.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
++hw_pk11so.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
++hw_pk11so.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
++hw_pk11so.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
++hw_pk11so.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
++hw_pk11so.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
++hw_pk11so.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
++hw_pk11so.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
++hw_pk11so.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
++hw_pk11so.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
++hw_pk11so.o: ../../include/openssl/pem2.h ../cryptlib.h
++hw_pk11so.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11so.c
++hw_pk11so_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
++hw_pk11so_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
++hw_pk11so_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
++hw_pk11so_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++hw_pk11so_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
++hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
++hw_pk11so_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
++hw_pk11so_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
++hw_pk11so_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
++hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
++hw_pk11so_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
++hw_pk11so_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++hw_pk11so_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
++hw_pk11so_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
++hw_pk11so_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
++hw_pk11so_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
++hw_pk11so_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
++hw_pk11so_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
++hw_pk11so_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
++hw_pk11so_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
++hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
++hw_pk11so_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
++hw_pk11so_pub.o: ../../include/openssl/pem2.h ../cryptlib.h
++hw_pk11so_pub.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11so_pub.c
+ tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
+ tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+Index: openssl/crypto/engine/cryptoki.h
+diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
+@@ -0,0 +1,103 @@
++/*
++ * CDDL HEADER START
++ *
++ * The contents of this file are subject to the terms of the
++ * Common Development and Distribution License, Version 1.0 only
++ * (the "License"). You may not use this file except in compliance
++ * with the License.
++ *
++ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
++ * or http://www.opensolaris.org/os/licensing.
++ * See the License for the specific language governing permissions
++ * and limitations under the License.
++ *
++ * When distributing Covered Code, include this CDDL HEADER in each
++ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
++ * If applicable, add the following below this CDDL HEADER, with the
++ * fields enclosed by brackets "[]" replaced with your own identifying
++ * information: Portions Copyright [yyyy] [name of copyright owner]
++ *
++ * CDDL HEADER END
++ */
++/*
++ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++#ifndef _CRYPTOKI_H
++#define _CRYPTOKI_H
++
++/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#ifndef CK_PTR
++#define CK_PTR *
++#endif
++
++#ifndef CK_DEFINE_FUNCTION
++#define CK_DEFINE_FUNCTION(returnType, name) returnType name
++#endif
++
++#ifndef CK_DECLARE_FUNCTION
++#define CK_DECLARE_FUNCTION(returnType, name) returnType name
++#endif
++
++#ifndef CK_DECLARE_FUNCTION_POINTER
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
++#endif
++
++#ifndef CK_CALLBACK_FUNCTION
++#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
++#endif
++
++#ifndef NULL_PTR
++#include <unistd.h> /* For NULL */
++#define NULL_PTR NULL
++#endif
++
++/*
++ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
++ */
++#ifndef CK_DISABLE_TRUE_FALSE
++#define CK_DISABLE_TRUE_FALSE
++#ifndef TRUE
++#define TRUE 1
++#endif /* TRUE */
++#ifndef FALSE
++#define FALSE 0
++#endif /* FALSE */
++#endif /* CK_DISABLE_TRUE_FALSE */
++
++#undef CK_PKCS11_FUNCTION_INFO
++
++#include "pkcs11.h"
++
++/* Solaris specific functions */
++
++#include <stdlib.h>
++
++/*
++ * SUNW_C_GetMechSession will initialize the framework and do all
++ * the necessary PKCS#11 calls to create a session capable of
++ * providing operations on the requested mechanism
++ */
++CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
++ CK_SESSION_HANDLE_PTR hSession);
++
++/*
++ * SUNW_C_KeyToObject will create a secret key object for the given
++ * mechanism from the rawkey data.
++ */
++CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
++ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
++ CK_OBJECT_HANDLE_PTR obj);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* _CRYPTOKI_H */
+Index: openssl/crypto/engine/eng_all.c
+diff -u openssl/crypto/engine/eng_all.c:1.4.6.1.6.1 openssl/crypto/engine/eng_all.c:1.4.2.1
+--- openssl/crypto/engine/eng_all.c:1.4.6.1.6.1 Thu Jul 3 12:12:33 2014
++++ openssl/crypto/engine/eng_all.c Thu Jul 3 12:31:59 2014
+@@ -110,6 +110,14 @@
+ #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+ ENGINE_load_cryptodev();
+ #endif
++#ifndef OPENSSL_NO_HW_PKCS11
++#ifndef OPENSSL_NO_HW_PKCS11CA
++ ENGINE_load_pk11ca();
++#endif
++#ifndef OPENSSL_NO_HW_PKCS11SO
++ ENGINE_load_pk11so();
++#endif
++#endif
+ #endif
+ }
+
+Index: openssl/crypto/engine/engine.h
+diff -u openssl/crypto/engine/engine.h:1.4.6.1.6.1 openssl/crypto/engine/engine.h:1.4.2.1
+--- openssl/crypto/engine/engine.h:1.4.6.1.6.1 Thu Jul 3 12:12:33 2014
++++ openssl/crypto/engine/engine.h Thu Jul 3 12:32:00 2014
+@@ -344,6 +344,12 @@
+ void ENGINE_load_cryptodev(void);
+ void ENGINE_load_padlock(void);
+ void ENGINE_load_builtin_engines(void);
++#ifndef OPENSSL_NO_HW_PKCS11CA
++void ENGINE_load_pk11ca(void);
++#endif
++#ifndef OPENSSL_NO_HW_PKCS11SO
++void ENGINE_load_pk11so(void);
++#endif
+
+ /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling. */
+Index: openssl/crypto/engine/hw_pk11.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.4
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11.c Fri Oct 4 14:45:25 2013
+@@ -0,0 +1,4116 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/md5.h>
++#include <openssl/pem.h>
++#ifndef OPENSSL_NO_RSA
++#include <openssl/rsa.h>
++#endif
++#ifndef OPENSSL_NO_DSA
++#include <openssl/dsa.h>
++#endif
++#ifndef OPENSSL_NO_DH
++#include <openssl/dh.h>
++#endif
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++#include <openssl/aes.h>
++#include <openssl/des.h>
++
++#ifdef OPENSSL_SYS_WIN32
++typedef int pid_t;
++#define getpid() GetCurrentProcessId()
++#define NOPTHREADS
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <signal.h>
++#include <unistd.h>
++#include <dlfcn.h>
++#endif
++
++/* Debug mutexes */
++/*#undef DEBUG_MUTEX */
++#define DEBUG_MUTEX
++
++#ifndef NOPTHREADS
++/* for pthread error check on Linuxes */
++#ifdef DEBUG_MUTEX
++#define __USE_UNIX98
++#endif
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11CA
++
++/* label for debug messages printed on stderr */
++#define PK11_DBG "PKCS#11 ENGINE DEBUG"
++/* prints a lot of debug messages on stderr about slot selection process */
++/* #undef DEBUG_SLOT_SELECTION */
++/*
++ * Solaris specific code. See comment at check_hw_mechanisms() for more
++ * information.
++ */
++#if defined(__SVR4) && defined(__sun)
++#undef SOLARIS_HW_SLOT_SELECTION
++#endif
++
++/*
++ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
++ * there are official OIDs for mechanisms based on this mode. With our changes,
++ * an application can define its own EVP calls for AES counter mode and then
++ * it can make use of hardware acceleration through this engine. However, it's
++ * better if we keep AES CTR support code under ifdef's.
++ */
++#define SOLARIS_AES_CTR
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11ca.h"
++#include "hw_pk11_err.c"
++
++#ifdef SOLARIS_AES_CTR
++/*
++ * NIDs for AES counter mode that will be defined during the engine
++ * initialization.
++ */
++static int NID_aes_128_ctr = NID_undef;
++static int NID_aes_192_ctr = NID_undef;
++static int NID_aes_256_ctr = NID_undef;
++#endif /* SOLARIS_AES_CTR */
++
++/*
++ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
++ * uri_struct manipulation, and static token info. All of that is used by the
++ * RSA keys by reference feature.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *token_lock;
++#endif
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++/*
++ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
++ * library. See comment at check_hw_mechanisms() for more information.
++ */
++static int *hw_cnids;
++static int *hw_dnids;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++/* PKCS#11 session caches and their locks for all operation types */
++static PK11_CACHE session_cache[OP_MAX];
++
++/*
++ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
++ * logging into the token.
++ */
++CK_FLAGS pubkey_token_flags;
++
++/*
++ * As stated in v2.20, 11.7 Object Management Function, in section for
++ * C_FindObjectsInit(), at most one search operation may be active at a given
++ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
++ * grouped together to form one atomic search operation. This is already
++ * ensured by the property of unique PKCS#11 session handle used for each
++ * PK11_SESSION object.
++ *
++ * This is however not the biggest concern - maintaining consistency of the
++ * underlying object store is more important. The same section of the spec also
++ * says that one thread can be in the middle of a search operation while another
++ * thread destroys the object matching the search template which would result in
++ * invalid handle returned from the search operation.
++ *
++ * Hence, the following locks are used for both protection of the object stores.
++ * They are also used for active list protection.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *find_lock[OP_MAX] = { NULL };
++#endif
++
++/*
++ * lists of asymmetric key handles which are active (referenced by at least one
++ * PK11_SESSION structure, either held by a thread or present in free_session
++ * list) for given algorithm type
++ */
++PK11_active *active_list[OP_MAX] = { NULL };
++
++/*
++ * Create all secret key objects in a global session so that they are available
++ * to use for other sessions. These other sessions may be opened or closed
++ * without losing the secret key objects.
++ */
++static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
++
++/* ENGINE level stuff */
++static int pk11_init(ENGINE *e);
++static int pk11_library_init(ENGINE *e);
++static int pk11_finish(ENGINE *e);
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
++static int pk11_destroy(ENGINE *e);
++
++/* RAND stuff */
++static void pk11_rand_seed(const void *buf, int num);
++static void pk11_rand_add(const void *buf, int num, double add_entropy);
++static void pk11_rand_cleanup(void);
++static int pk11_rand_bytes(unsigned char *buf, int num);
++static int pk11_rand_status(void);
++
++/* These functions are also used in other files */
++PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++
++/* active list manipulation functions used in this file */
++extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
++extern void pk11_free_active_list(PK11_OPTYPE type);
++
++#ifndef OPENSSL_NO_RSA
++int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++#endif
++#ifndef OPENSSL_NO_DSA
++int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++#endif
++#ifndef OPENSSL_NO_DH
++int pk11_destroy_dh_key_objects(PK11_SESSION *session);
++int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
++#endif
++
++/* Local helper functions */
++static int pk11_free_all_sessions(void);
++static int pk11_free_session_list(PK11_OPTYPE optype);
++static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
++static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent);
++static const char *get_PK11_LIBNAME(void);
++static void free_PK11_LIBNAME(void);
++static long set_PK11_LIBNAME(const char *name);
++
++/* Symmetric cipher and digest support functions */
++static int cipher_nid_to_pk11(int nid);
++#ifdef SOLARIS_AES_CTR
++static int pk11_add_NID(char *sn, char *ln);
++static int pk11_add_aes_ctr_NIDs(void);
++#endif /* SOLARIS_AES_CTR */
++static int pk11_usable_ciphers(const int **nids);
++static int pk11_usable_digests(const int **nids);
++static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc);
++static int pk11_cipher_final(PK11_SESSION *sp);
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, unsigned int inl);
++#else
++static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl);
++#endif
++static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
++static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid);
++static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
++ const int **nids, int nid);
++static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
++static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
++ int key_len);
++static int md_nid_to_pk11(int nid);
++static int pk11_digest_init(EVP_MD_CTX *ctx);
++static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
++ size_t count);
++static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
++static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
++static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
++
++static int pk11_choose_slots(int *any_slot_found);
++static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
++ int *local_cipher_nids);
++static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_digest,
++ int *local_digest_nids);
++static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
++ int id);
++static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
++ int id);
++
++static int pk11_init_all_locks(void);
++static void pk11_free_all_locks(void);
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++static int check_hw_mechanisms(void);
++static int nid_in_table(int nid, int *nid_table);
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++/* Index for the supported ciphers */
++enum pk11_cipher_id {
++ PK11_DES_CBC,
++ PK11_DES3_CBC,
++ PK11_DES_ECB,
++ PK11_DES3_ECB,
++ PK11_RC4,
++ PK11_AES_128_CBC,
++ PK11_AES_192_CBC,
++ PK11_AES_256_CBC,
++ PK11_AES_128_ECB,
++ PK11_AES_192_ECB,
++ PK11_AES_256_ECB,
++ PK11_BLOWFISH_CBC,
++#ifdef SOLARIS_AES_CTR
++ PK11_AES_128_CTR,
++ PK11_AES_192_CTR,
++ PK11_AES_256_CTR,
++#endif /* SOLARIS_AES_CTR */
++ PK11_CIPHER_MAX
++};
++
++/* Index for the supported digests */
++enum pk11_digest_id {
++ PK11_MD5,
++ PK11_SHA1,
++ PK11_SHA224,
++ PK11_SHA256,
++ PK11_SHA384,
++ PK11_SHA512,
++ PK11_DIGEST_MAX
++};
++
++#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
++ { \
++ if (uselock) \
++ LOCK_OBJSTORE(alg_type); \
++ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
++ { \
++ retval = pk11_destroy_object(sp->session, obj_hdl, \
++ priv ? sp->priv_persistent : sp->pub_persistent); \
++ } \
++ if (uselock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ }
++
++static int cipher_nids[PK11_CIPHER_MAX];
++static int digest_nids[PK11_DIGEST_MAX];
++static int cipher_count = 0;
++static int digest_count = 0;
++static CK_BBOOL pk11_have_rsa = CK_FALSE;
++static CK_BBOOL pk11_have_recover = CK_FALSE;
++static CK_BBOOL pk11_have_dsa = CK_FALSE;
++static CK_BBOOL pk11_have_dh = CK_FALSE;
++static CK_BBOOL pk11_have_random = CK_FALSE;
++
++typedef struct PK11_CIPHER_st
++ {
++ enum pk11_cipher_id id;
++ int nid;
++ int iv_len;
++ int min_key_len;
++ int max_key_len;
++ CK_KEY_TYPE key_type;
++ CK_MECHANISM_TYPE mech_type;
++ } PK11_CIPHER;
++
++static PK11_CIPHER ciphers[] =
++ {
++ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
++ CKK_DES, CKM_DES_CBC, },
++ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
++ CKK_DES3, CKM_DES3_CBC, },
++ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
++ CKK_DES, CKM_DES_ECB, },
++ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
++ CKK_DES3, CKM_DES3_ECB, },
++ { PK11_RC4, NID_rc4, 0, 16, 256,
++ CKK_RC4, CKM_RC4, },
++ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
++ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
++#ifdef SOLARIS_AES_CTR
++ /* we don't know the correct NIDs until the engine is initialized */
++ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
++ CKK_AES, CKM_AES_CTR, },
++ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
++ CKK_AES, CKM_AES_CTR, },
++ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
++ CKK_AES, CKM_AES_CTR, },
++#endif /* SOLARIS_AES_CTR */
++ };
++
++typedef struct PK11_DIGEST_st
++ {
++ enum pk11_digest_id id;
++ int nid;
++ CK_MECHANISM_TYPE mech_type;
++ } PK11_DIGEST;
++
++static PK11_DIGEST digests[] =
++ {
++ {PK11_MD5, NID_md5, CKM_MD5, },
++ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
++ {PK11_SHA224, NID_sha224, CKM_SHA224, },
++ {PK11_SHA256, NID_sha256, CKM_SHA256, },
++ {PK11_SHA384, NID_sha384, CKM_SHA384, },
++ {PK11_SHA512, NID_sha512, CKM_SHA512, },
++ {0, NID_undef, 0xFFFF, },
++ };
++
++/*
++ * Structure to be used for the cipher_data/md_data in
++ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
++ * session in multiple cipher_update calls
++ */
++typedef struct PK11_CIPHER_STATE_st
++ {
++ PK11_SESSION *sp;
++ } PK11_CIPHER_STATE;
++
++
++/*
++ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
++ * called when libcrypto requests a cipher NID.
++ *
++ * Note how the PK11_CIPHER_STATE is used here.
++ */
++
++/* DES CBC EVP */
++static const EVP_CIPHER pk11_des_cbc =
++ {
++ NID_des_cbc,
++ 8, 8, 8,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/* 3DES CBC EVP */
++static const EVP_CIPHER pk11_3des_cbc =
++ {
++ NID_des_ede3_cbc,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/*
++ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
++ * get_asn1_parameters fields are set to NULL.
++ */
++static const EVP_CIPHER pk11_des_ecb =
++ {
++ NID_des_ecb,
++ 8, 8, 8,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_3des_ecb =
++ {
++ NID_des_ede3_ecb,
++ 8, 24, 8,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++
++static const EVP_CIPHER pk11_aes_128_cbc =
++ {
++ NID_aes_128_cbc,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_192_cbc =
++ {
++ NID_aes_192_cbc,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_256_cbc =
++ {
++ NID_aes_256_cbc,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/*
++ * ECB modes don't use IV so that's why set_asn1_parameters and
++ * get_asn1_parameters are set to NULL.
++ */
++static const EVP_CIPHER pk11_aes_128_ecb =
++ {
++ NID_aes_128_ecb,
++ 16, 16, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_192_ecb =
++ {
++ NID_aes_192_ecb,
++ 16, 24, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_256_ecb =
++ {
++ NID_aes_256_ecb,
++ 16, 32, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++#ifdef SOLARIS_AES_CTR
++/*
++ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
++ * created in pk11_library_init(). Note that the need to change these structures
++ * is the reason why we don't define them with the const keyword.
++ */
++static EVP_CIPHER pk11_aes_128_ctr =
++ {
++ NID_undef,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static EVP_CIPHER pk11_aes_192_ctr =
++ {
++ NID_undef,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static EVP_CIPHER pk11_aes_256_ctr =
++ {
++ NID_undef,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++#endif /* SOLARIS_AES_CTR */
++
++static const EVP_CIPHER pk11_bf_cbc =
++ {
++ NID_bf_cbc,
++ 8, 16, 8,
++ EVP_CIPH_VARIABLE_LENGTH,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_rc4 =
++ {
++ NID_rc4,
++ 1, 16, 0,
++ EVP_CIPH_VARIABLE_LENGTH,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_MD pk11_md5 =
++ {
++ NID_md5,
++ NID_md5WithRSAEncryption,
++ MD5_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ MD5_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha1 =
++ {
++ NID_sha1,
++ NID_sha1WithRSAEncryption,
++ SHA_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha224 =
++ {
++ NID_sha224,
++ NID_sha224WithRSAEncryption,
++ SHA224_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ /* SHA-224 uses the same cblock size as SHA-256 */
++ SHA256_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha256 =
++ {
++ NID_sha256,
++ NID_sha256WithRSAEncryption,
++ SHA256_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA256_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha384 =
++ {
++ NID_sha384,
++ NID_sha384WithRSAEncryption,
++ SHA384_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ /* SHA-384 uses the same cblock size as SHA-512 */
++ SHA512_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha512 =
++ {
++ NID_sha512,
++ NID_sha512WithRSAEncryption,
++ SHA512_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA512_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * The definitions for control commands specific to this engine
++ */
++#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
++#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
++#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
++static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
++ {
++ {
++ PK11_CMD_SO_PATH,
++ "SO_PATH",
++ "Specifies the path to the 'pkcs#11' shared library",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_PIN,
++ "PIN",
++ "Specifies the pin code",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_SLOT,
++ "SLOT",
++ "Specifies the slot (default is auto select)",
++ ENGINE_CMD_FLAG_NUMERIC,
++ },
++ {0, NULL, NULL, 0}
++ };
++
++
++static RAND_METHOD pk11_random =
++ {
++ pk11_rand_seed,
++ pk11_rand_bytes,
++ pk11_rand_cleanup,
++ pk11_rand_add,
++ pk11_rand_bytes,
++ pk11_rand_status
++ };
++
++
++/* Constants used when creating the ENGINE */
++#ifdef OPENSSL_NO_HW_PK11SO
++#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
++#endif
++static const char *engine_pk11_id = "pkcs11";
++static const char *engine_pk11_name =
++ "PKCS #11 engine support (crypto accelerator)";
++
++CK_FUNCTION_LIST_PTR pFuncList = NULL;
++static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
++
++/*
++ * This is a static string constant for the DSO file name and the function
++ * symbol names to bind to. We set it in the Configure script based on whether
++ * this is 32 or 64 bit build.
++ */
++static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
++CK_SLOT_ID pubkey_SLOTID = 0;
++static CK_SLOT_ID rand_SLOTID = 0;
++static CK_SLOT_ID SLOTID = 0;
++char *pk11_pin = NULL;
++static CK_BBOOL pk11_library_initialized = FALSE;
++static CK_BBOOL pk11_atfork_initialized = FALSE;
++static int pk11_pid = 0;
++
++static DSO *pk11_dso = NULL;
++
++/* allocate and initialize all locks used by the engine itself */
++static int pk11_init_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++ pthread_mutexattr_t attr;
++
++ if (pthread_mutexattr_init(&attr) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 100);
++ return (0);
++ }
++
++#ifdef DEBUG_MUTEX
++ if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 101);
++ return (0);
++ }
++#endif
++
++ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(token_lock, &attr);
++
++#ifndef OPENSSL_NO_RSA
++ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_RSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_RSA], &attr);
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_DSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_DSA], &attr);
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_DH] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_DH], &attr);
++#endif /* OPENSSL_NO_DH */
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ session_cache[type].lock =
++ OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (session_cache[type].lock == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(session_cache[type].lock, &attr);
++ }
++
++ return (1);
++
++malloc_err:
++ pk11_free_all_locks();
++ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
++ return (0);
++#else
++ return (1);
++#endif
++ }
++
++static void pk11_free_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++
++ if (token_lock != NULL)
++ {
++ (void) pthread_mutex_destroy(token_lock);
++ OPENSSL_free(token_lock);
++ token_lock = NULL;
++ }
++
++#ifndef OPENSSL_NO_RSA
++ if (find_lock[OP_RSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
++ OPENSSL_free(find_lock[OP_RSA]);
++ find_lock[OP_RSA] = NULL;
++ }
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ if (find_lock[OP_DSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
++ OPENSSL_free(find_lock[OP_DSA]);
++ find_lock[OP_DSA] = NULL;
++ }
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ if (find_lock[OP_DH] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_DH]);
++ OPENSSL_free(find_lock[OP_DH]);
++ find_lock[OP_DH] = NULL;
++ }
++#endif /* OPENSSL_NO_DH */
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (session_cache[type].lock != NULL)
++ {
++ (void) pthread_mutex_destroy(session_cache[type].lock);
++ OPENSSL_free(session_cache[type].lock);
++ session_cache[type].lock = NULL;
++ }
++ }
++#endif
++ }
++
++/*
++ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
++ */
++static int bind_pk11(ENGINE *e)
++ {
++#ifndef OPENSSL_NO_RSA
++ const RSA_METHOD *rsa = NULL;
++ RSA_METHOD *pk11_rsa = PK11_RSA();
++#endif /* OPENSSL_NO_RSA */
++ if (!pk11_library_initialized)
++ if (!pk11_library_init(e))
++ return (0);
++
++ if (!ENGINE_set_id(e, engine_pk11_id) ||
++ !ENGINE_set_name(e, engine_pk11_name) ||
++ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
++ !ENGINE_set_digests(e, pk11_engine_digests))
++ return (0);
++#ifndef OPENSSL_NO_RSA
++ if (pk11_have_rsa == CK_TRUE)
++ {
++ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
++ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
++ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ if (pk11_have_dsa == CK_TRUE)
++ {
++ if (!ENGINE_set_DSA(e, PK11_DSA()))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ if (pk11_have_dh == CK_TRUE)
++ {
++ if (!ENGINE_set_DH(e, PK11_DH()))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_DH */
++ if (pk11_have_random)
++ {
++ if (!ENGINE_set_RAND(e, &pk11_random))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered random\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++ if (!ENGINE_set_init_function(e, pk11_init) ||
++ !ENGINE_set_destroy_function(e, pk11_destroy) ||
++ !ENGINE_set_finish_function(e, pk11_finish) ||
++ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
++ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
++ return (0);
++
++/*
++ * Apache calls OpenSSL function RSA_blinding_on() once during startup
++ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
++ * here, we wire it back to the OpenSSL software implementation.
++ * Since it is used only once, performance is not a concern.
++ */
++#ifndef OPENSSL_NO_RSA
++ rsa = RSA_PKCS1_SSLeay();
++ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
++ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
++ if (pk11_have_recover != CK_TRUE)
++ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
++#endif /* OPENSSL_NO_RSA */
++
++ /* Ensure the pk11 error handling is set up */
++ ERR_load_pk11_strings();
++
++ return (1);
++ }
++
++/* Dynamic engine support is disabled at a higher level for Solaris */
++#ifdef ENGINE_DYNAMIC_SUPPORT
++#error "dynamic engine not supported"
++static int bind_helper(ENGINE *e, const char *id)
++ {
++ if (id && (strcmp(id, engine_pk11_id) != 0))
++ return (0);
++
++ if (!bind_pk11(e))
++ return (0);
++
++ return (1);
++ }
++
++IMPLEMENT_DYNAMIC_CHECK_FN()
++IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
++
++#else
++static ENGINE *engine_pk11(void)
++ {
++ ENGINE *ret = ENGINE_new();
++
++ if (!ret)
++ return (NULL);
++
++ if (!bind_pk11(ret))
++ {
++ ENGINE_free(ret);
++ return (NULL);
++ }
++
++ return (ret);
++ }
++
++void
++ENGINE_load_pk11(void)
++ {
++ ENGINE *e_pk11 = NULL;
++
++ /*
++ * Do not use dynamic PKCS#11 library on Solaris due to
++ * security reasons. We will link it in statically.
++ */
++ /* Attempt to load PKCS#11 library */
++ if (!pk11_dso)
++ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
++ return;
++ }
++
++ e_pk11 = engine_pk11();
++ if (!e_pk11)
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ return;
++ }
++
++ /*
++ * At this point, the pk11 shared library is either dynamically
++ * loaded or statically linked in. So, initialize the pk11
++ * library before calling ENGINE_set_default since the latter
++ * needs cipher and digest algorithm information
++ */
++ if (!pk11_library_init(e_pk11))
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ ENGINE_free(e_pk11);
++ return;
++ }
++
++ ENGINE_add(e_pk11);
++
++ ENGINE_free(e_pk11);
++ ERR_clear_error();
++ }
++#endif /* ENGINE_DYNAMIC_SUPPORT */
++
++/*
++ * These are the static string constants for the DSO file name and
++ * the function symbol names to bind to.
++ */
++static const char *PK11_LIBNAME = NULL;
++
++static const char *get_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ return (PK11_LIBNAME);
++
++ return (def_PK11_LIBNAME);
++ }
++
++static void free_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ OPENSSL_free((void*)PK11_LIBNAME);
++
++ PK11_LIBNAME = NULL;
++ }
++
++static long set_PK11_LIBNAME(const char *name)
++ {
++ free_PK11_LIBNAME();
++
++ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
++ }
++
++/* acquire all engine specific mutexes before fork */
++static void pk11_fork_prepare(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ LOCK_OBJSTORE(OP_RSA);
++ LOCK_OBJSTORE(OP_DSA);
++ LOCK_OBJSTORE(OP_DH);
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++ for (i = 0; i < OP_MAX; i++)
++ {
++ OPENSSL_assert(pthread_mutex_lock(session_cache[i].lock) == 0);
++ }
++#endif
++ }
++
++/* release all engine specific mutexes */
++static void pk11_fork_parent(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_DH);
++ UNLOCK_OBJSTORE(OP_DSA);
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/*
++ * same situation as in parent - we need to unlock all locks to make them
++ * accessible to all threads.
++ */
++static void pk11_fork_child(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_DH);
++ UNLOCK_OBJSTORE(OP_DSA);
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/* Initialization function for the pk11 engine */
++static int pk11_init(ENGINE *e)
++{
++ return (pk11_library_init(e));
++}
++
++static CK_C_INITIALIZE_ARGS pk11_init_args =
++ {
++ NULL_PTR, /* CreateMutex */
++ NULL_PTR, /* DestroyMutex */
++ NULL_PTR, /* LockMutex */
++ NULL_PTR, /* UnlockMutex */
++ CKF_OS_LOCKING_OK, /* flags */
++ NULL_PTR, /* pReserved */
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * It selects a slot based on predefined critiera. In the process, it also
++ * count how many ciphers and digests to support. Since the cipher and
++ * digest information is needed when setting default engine, this function
++ * needs to be called before calling ENGINE_set_default.
++ */
++/* ARGSUSED */
++static int pk11_library_init(ENGINE *e)
++ {
++ CK_C_GetFunctionList p;
++ CK_RV rv = CKR_OK;
++ CK_INFO info;
++ CK_ULONG ul_state_len;
++ int any_slot_found;
++ int i;
++#ifndef OPENSSL_SYS_WIN32
++ struct sigaction sigint_act, sigterm_act, sighup_act;
++#endif
++
++ /*
++ * pk11_library_initialized is set to 0 in pk11_finish() which
++ * is called from ENGINE_finish(). However, if there is still
++ * at least one existing functional reference to the engine
++ * (see engine(3) for more information), pk11_finish() is
++ * skipped. For example, this can happen if an application
++ * forgets to clear one cipher context. In case of a fork()
++ * when the application is finishing the engine so that it can
++ * be reinitialized in the child, forgotten functional
++ * reference causes pk11_library_initialized to stay 1. In
++ * that case we need the PID check so that we properly
++ * initialize the engine again.
++ */
++ if (pk11_library_initialized)
++ {
++ if (pk11_pid == getpid())
++ {
++ return (1);
++ }
++ else
++ {
++ global_session = CK_INVALID_HANDLE;
++ /*
++ * free the locks first to prevent memory leak in case
++ * the application calls fork() without finishing the
++ * engine first.
++ */
++ pk11_free_all_locks();
++ }
++ }
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++#ifdef SOLARIS_AES_CTR
++ /*
++ * We must do this before we start working with slots since we need all
++ * NIDs there.
++ */
++ if (pk11_add_aes_ctr_NIDs() == 0)
++ goto err;
++#endif /* SOLARIS_AES_CTR */
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (check_hw_mechanisms() == 0)
++ goto err;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++ /* get the C_GetFunctionList function from the loaded library */
++ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
++ PK11_GET_FUNCTION_LIST);
++ if (!p)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ rv = p(&pFuncList);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
++ goto err;
++ }
++
++#ifndef OPENSSL_SYS_WIN32
++ /* Not all PKCS#11 library are signal safe! */
++
++ (void) memset(&sigint_act, 0, sizeof(sigint_act));
++ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
++ (void) memset(&sighup_act, 0, sizeof(sighup_act));
++ (void) sigaction(SIGINT, NULL, &sigint_act);
++ (void) sigaction(SIGTERM, NULL, &sigterm_act);
++ (void) sigaction(SIGHUP, NULL, &sighup_act);
++#endif
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++#ifndef OPENSSL_SYS_WIN32
++ (void) sigaction(SIGINT, &sigint_act, NULL);
++ (void) sigaction(SIGTERM, &sigterm_act, NULL);
++ (void) sigaction(SIGHUP, &sighup_act, NULL);
++#endif
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetInfo(&info);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
++ goto err;
++ }
++
++ if (pk11_choose_slots(&any_slot_found) == 0)
++ goto err;
++
++ /*
++ * The library we use, set in def_PK11_LIBNAME, may not offer any
++ * slot(s). In that case, we must not proceed but we must not return an
++ * error. The reason is that applications that try to set up the PKCS#11
++ * engine don't exit on error during the engine initialization just
++ * because no slot was present.
++ */
++ if (any_slot_found == 0)
++ return (1);
++
++ if (global_session == CK_INVALID_HANDLE)
++ {
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT,
++ PK11_R_OPENSESSION, rv);
++ goto err;
++ }
++ }
++
++ /*
++ * Disable digest if C_GetOperationState is not supported since
++ * this function is required by OpenSSL digest copy function
++ */
++ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
++ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
++ != CKR_OK) {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: C_GetOperationState() not supported, "
++ "setting digest_count to 0\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ digest_count = 0;
++ }
++
++ pk11_library_initialized = TRUE;
++ pk11_pid = getpid();
++ /*
++ * if initialization of the locks fails pk11_init_all_locks()
++ * will do the cleanup.
++ */
++ if (!pk11_init_all_locks())
++ goto err;
++ for (i = 0; i < OP_MAX; i++)
++ session_cache[i].head = NULL;
++ /*
++ * initialize active lists. We only use active lists
++ * for asymmetric ciphers.
++ */
++ for (i = 0; i < OP_MAX; i++)
++ active_list[i] = NULL;
++
++#ifndef NOPTHREADS
++ if (!pk11_atfork_initialized)
++ {
++ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
++ pk11_fork_child) != 0)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
++ goto err;
++ }
++ pk11_atfork_initialized = TRUE;
++ }
++#endif
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Destructor (complements the "ENGINE_pk11()" constructor) */
++/* ARGSUSED */
++static int pk11_destroy(ENGINE *e)
++ {
++ free_PK11_LIBNAME();
++ ERR_unload_pk11_strings();
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++ return (1);
++ }
++
++/*
++ * Termination function to clean up the session, the token, and the pk11
++ * library.
++ */
++/* ARGSUSED */
++static int pk11_finish(ENGINE *e)
++ {
++ int i;
++
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
++ goto err;
++ }
++
++ OPENSSL_assert(pFuncList != NULL);
++
++ if (pk11_free_all_sessions() == 0)
++ goto err;
++
++ /* free all active lists */
++ for (i = 0; i < OP_MAX; i++)
++ pk11_free_active_list(i);
++
++ pFuncList->C_CloseSession(global_session);
++ global_session = CK_INVALID_HANDLE;
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects.
++ */
++#if 0
++ pFuncList->C_Finalize(NULL);
++#endif
++
++ if (!DSO_free(pk11_dso))
++ {
++ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++ pk11_dso = NULL;
++ pFuncList = NULL;
++ pk11_library_initialized = FALSE;
++ pk11_pid = 0;
++ /*
++ * There is no way how to unregister atfork handlers (other than
++ * unloading the library) so we just free the locks. For this reason
++ * the atfork handlers check if the engine is initialized and bail out
++ * immediately if not. This is necessary in case a process finishes
++ * the engine before calling fork().
++ */
++ pk11_free_all_locks();
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Standard engine interface function to set the dynamic library path */
++/* ARGSUSED */
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
++ {
++ int initialized = ((pk11_dso == NULL) ? 0 : 1);
++
++ switch (cmd)
++ {
++ case PK11_CMD_SO_PATH:
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ if (initialized)
++ {
++ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
++ return (0);
++ }
++
++ return (set_PK11_LIBNAME((const char *)p));
++ case PK11_CMD_PIN:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ pk11_pin = BUF_strdup(p);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ return (1);
++ case PK11_CMD_SLOT:
++ SLOTID = (CK_SLOT_ID)i;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: slot set\n", PK11_DBG);
++#endif
++ return (1);
++ default:
++ break;
++ }
++
++ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
++
++ return (0);
++ }
++
++
++/* Required function by the engine random interface. It does nothing here */
++static void pk11_rand_cleanup(void)
++ {
++ return;
++ }
++
++/* ARGSUSED */
++static void pk11_rand_add(const void *buf, int num, double add)
++ {
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return;
++
++ /*
++ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
++ * the calling functions do not care anyway
++ */
++ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
++ pk11_return_session(sp, OP_RAND);
++
++ return;
++ }
++
++static void pk11_rand_seed(const void *buf, int num)
++ {
++ pk11_rand_add(buf, num, 0);
++ }
++
++static int pk11_rand_bytes(unsigned char *buf, int num)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return (0);
++
++ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
++ pk11_return_session(sp, OP_RAND);
++ return (0);
++ }
++
++ pk11_return_session(sp, OP_RAND);
++ return (1);
++ }
++
++/* Required function by the engine random interface. It does nothing here */
++static int pk11_rand_status(void)
++ {
++ return (1);
++ }
++
++/* Free all BIGNUM structures from PK11_SESSION. */
++static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ switch (optype)
++ {
++#ifndef OPENSSL_NO_RSA
++ case OP_RSA:
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++ break;
++#endif
++#ifndef OPENSSL_NO_DSA
++ case OP_DSA:
++ if (sp->opdata_dsa_pub_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_pub_num);
++ sp->opdata_dsa_pub_num = NULL;
++ }
++ if (sp->opdata_dsa_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_priv_num);
++ sp->opdata_dsa_priv_num = NULL;
++ }
++ break;
++#endif
++#ifndef OPENSSL_NO_DH
++ case OP_DH:
++ if (sp->opdata_dh_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dh_priv_num);
++ sp->opdata_dh_priv_num = NULL;
++ }
++ break;
++#endif
++ default:
++ break;
++ }
++ }
++
++/*
++ * Get new PK11_SESSION structure ready for use. Every process must have
++ * its own freelist of PK11_SESSION structures so handle fork() here
++ * by destroying the old and creating new freelist.
++ * The returned PK11_SESSION structure is disconnected from the freelist.
++ */
++PK11_SESSION *
++pk11_get_session(PK11_OPTYPE optype)
++ {
++ PK11_SESSION *sp = NULL, *sp1, *freelist;
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock = NULL;
++#endif
++ static pid_t pid = 0;
++ pid_t new_pid;
++ CK_RV rv;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (NULL);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ /*
++ * Will use it to find out if we forked. We cannot use the PID field in
++ * the session structure because we could get a newly allocated session
++ * here, with no PID information.
++ */
++ if (pid == 0)
++ pid = getpid();
++
++ freelist = session_cache[optype].head;
++ sp = freelist;
++
++ /*
++ * If the free list is empty, allocate new unitialized (filled
++ * with zeroes) PK11_SESSION structure otherwise return first
++ * structure from the freelist.
++ */
++ if (sp == NULL)
++ {
++ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ (void) memset(sp, 0, sizeof (PK11_SESSION));
++
++ /*
++ * It is a new session so it will look like a cache miss to the
++ * code below. So, we must not try to to destroy its members so
++ * mark them as unused.
++ */
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ }
++ else
++ {
++ freelist = sp->next;
++ }
++
++ /*
++ * Check whether we have forked. In that case, we must get rid of all
++ * inherited sessions and start allocating new ones.
++ */
++ if (pid != (new_pid = getpid()))
++ {
++ pid = new_pid;
++
++ /*
++ * We are a new process and thus need to free any inherited
++ * PK11_SESSION objects aside from the first session (sp) which
++ * is the only PK11_SESSION structure we will reuse (for the
++ * head of the list).
++ */
++ while ((sp1 = freelist) != NULL)
++ {
++ freelist = sp1->next;
++ /*
++ * NOTE: we do not want to call pk11_free_all_sessions()
++ * here because it would close underlying PKCS#11
++ * sessions and destroy all objects.
++ */
++ pk11_free_nums(sp1, optype);
++ OPENSSL_free(sp1);
++ }
++
++ /* we have to free the active list as well. */
++ pk11_free_active_list(optype);
++
++ /* Initialize the process */
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * Choose slot here since the slot table is different on this
++ * process. If we are here then we must have found at least one
++ * usable slot before so we don't need to check any_slot_found.
++ * See pk11_library_init()'s usage of this function for more
++ * information.
++ */
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (check_hw_mechanisms() == 0)
++ goto err;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ if (pk11_choose_slots(NULL) == 0)
++ goto err;
++
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * It is an inherited session from our parent so it needs
++ * re-initialization.
++ */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++ if (pk11_token_relogin(sp->session) == 0)
++ {
++ /*
++ * We will keep the session in the cache list and let
++ * the caller cope with the situation.
++ */
++ freelist = sp;
++ sp = NULL;
++ goto err;
++ }
++ }
++
++ if (sp->pid == 0)
++ {
++ /* It is a new session and needs initialization. */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ }
++ }
++
++ /* set new head for the list of PK11_SESSION objects */
++ session_cache[optype].head = freelist;
++
++err:
++ if (sp != NULL)
++ sp->next = NULL;
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (sp);
++ }
++
++
++void
++pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ PK11_SESSION *freelist;
++
++ /*
++ * If this is a session from the parent it will be taken care of and
++ * freed in pk11_get_session() as part of the post-fork clean up the
++ * next time we will ask for a new session.
++ */
++ if (sp == NULL || sp->pid != getpid())
++ return;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_RETURN_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return;
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ sp->next = freelist;
++ session_cache[optype].head = sp;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++
++
++/* Destroy all objects. This function is called when the engine is finished */
++static int pk11_free_all_sessions()
++ {
++ int ret = 1;
++ int type;
++
++#ifndef OPENSSL_NO_RSA
++ (void) pk11_destroy_rsa_key_objects(NULL);
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ (void) pk11_destroy_dsa_key_objects(NULL);
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ (void) pk11_destroy_dh_key_objects(NULL);
++#endif /* OPENSSL_NO_DH */
++ (void) pk11_destroy_cipher_key_objects(NULL);
++
++ /*
++ * We try to release as much as we can but any error means that we will
++ * return 0 on exit.
++ */
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (pk11_free_session_list(type) == 0)
++ ret = 0;
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy session structures from the linked list specified. Free as many
++ * sessions as possible but any failure in C_CloseSession() means that we
++ * return an error on return.
++ */
++static int pk11_free_session_list(PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *freelist = NULL;
++ pid_t mypid = getpid();
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ int ret = 1;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ while ((sp = freelist) != NULL)
++ {
++ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
++ {
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_CLOSESESSION, rv);
++ ret = 0;
++ }
++ }
++ freelist = sp->next;
++ pk11_free_nums(sp, optype);
++ OPENSSL_free(sp);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (ret);
++ }
++
++
++static int
++pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ CK_SLOT_ID myslot;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ myslot = pubkey_SLOTID;
++ break;
++ case OP_RAND:
++ myslot = rand_SLOTID;
++ break;
++ case OP_DIGEST:
++ case OP_CIPHER:
++ myslot = SLOTID;
++ break;
++ default:
++ PK11err(PK11_F_SETUP_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++ sp->session = CK_INVALID_HANDLE;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
++ {
++ /*
++ * We are probably a child process so force the
++ * reinitialize of the session
++ */
++ pk11_library_initialized = FALSE;
++ if (!pk11_library_init(NULL))
++ return (0);
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ }
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ sp->pid = getpid();
++
++ switch (optype)
++ {
++#ifndef OPENSSL_NO_RSA
++ case OP_RSA:
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ sp->opdata_rsa_n_num = NULL;
++ sp->opdata_rsa_e_num = NULL;
++ sp->opdata_rsa_priv = NULL;
++ sp->opdata_rsa_pn_num = NULL;
++ sp->opdata_rsa_pe_num = NULL;
++ sp->opdata_rsa_d_num = NULL;
++ break;
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ case OP_DSA:
++ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_pub = NULL;
++ sp->opdata_dsa_pub_num = NULL;
++ sp->opdata_dsa_priv = NULL;
++ sp->opdata_dsa_priv_num = NULL;
++ break;
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ case OP_DH:
++ sp->opdata_dh_key = CK_INVALID_HANDLE;
++ sp->opdata_dh = NULL;
++ sp->opdata_dh_priv_num = NULL;
++ break;
++#endif /* OPENSSL_NO_DH */
++ case OP_CIPHER:
++ sp->opdata_cipher_key = CK_INVALID_HANDLE;
++ sp->opdata_encrypt = -1;
++ break;
++ default:
++ break;
++ }
++
++ /*
++ * We always initialize the session as containing a non-persistent
++ * object. The key load functions set it to persistent if that is so.
++ */
++ sp->pub_persistent = CK_FALSE;
++ sp->priv_persistent = CK_FALSE;
++ return (1);
++ }
++
++#ifndef OPENSSL_NO_RSA
++/* Destroy RSA public key from single session. */
++int
++pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
++ ret, uselock, OP_RSA, CK_FALSE);
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy RSA private key from single session. */
++int
++pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
++ ret, uselock, OP_RSA, CK_TRUE);
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv = NULL;
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * For the RSA key by reference code, public components 'n'/'e'
++ * are the key components we use to check for the cache hit. We
++ * must free those as well.
++ */
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_rsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_RSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_RSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_RSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++/* Destroy DSA public key from single session. */
++int
++pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
++ ret, uselock, OP_DSA, CK_FALSE);
++ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_pub = NULL;
++ if (sp->opdata_dsa_pub_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_pub_num);
++ sp->opdata_dsa_pub_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy DSA private key from single session. */
++int
++pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
++ ret, uselock, OP_DSA, CK_TRUE);
++ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_priv = NULL;
++ if (sp->opdata_dsa_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_priv_num);
++ sp->opdata_dsa_priv_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_dsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_DSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_DSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_DSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++/* Destroy DH key from single session. */
++int
++pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
++ ret, uselock, OP_DH, CK_TRUE);
++ sp->opdata_dh_key = CK_INVALID_HANDLE;
++ sp->opdata_dh = NULL;
++ if (sp->opdata_dh_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dh_priv_num);
++ sp->opdata_dh_priv_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy DH key object wrapper.
++ *
++ * arg0: pointer to PKCS#11 engine session structure
++ * if session is NULL, try to destroy all objects in the free list
++ */
++int
++pk11_destroy_dh_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_DH].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_DH].head;
++ uselock = FALSE;
++ }
++
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_dh_object(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_DH].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_DH */
++
++static int
++pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent)
++ {
++ CK_RV rv;
++
++ /*
++ * We never try to destroy persistent objects which are the objects
++ * stored in the keystore. Also, we always use read-only sessions so
++ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
++ */
++ if (persistent == CK_TRUE)
++ return (1);
++
++ rv = pFuncList->C_DestroyObject(session, oh);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
++ rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++
++/* Symmetric ciphers and digests support functions */
++
++static int
++cipher_nid_to_pk11(int nid)
++ {
++ int i;
++
++ for (i = 0; i < PK11_CIPHER_MAX; i++)
++ if (ciphers[i].nid == nid)
++ return (ciphers[i].id);
++ return (-1);
++ }
++
++static int
++pk11_usable_ciphers(const int **nids)
++ {
++ if (cipher_count > 0)
++ *nids = cipher_nids;
++ else
++ *nids = NULL;
++ return (cipher_count);
++ }
++
++static int
++pk11_usable_digests(const int **nids)
++ {
++ if (digest_count > 0)
++ *nids = digest_nids;
++ else
++ *nids = NULL;
++ return (digest_count);
++ }
++
++/*
++ * Init context for encryption or decryption using a symmetric key.
++ */
++static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
++ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
++ {
++ CK_RV rv;
++#ifdef SOLARIS_AES_CTR
++ CK_AES_CTR_PARAMS ctr_params;
++#endif /* SOLARIS_AES_CTR */
++
++ /*
++ * We expect pmech->mechanism to be already set and
++ * pParameter/ulParameterLen initialized to NULL/0 before
++ * pk11_init_symetric() is called.
++ */
++ OPENSSL_assert(pmech->mechanism != 0);
++ OPENSSL_assert(pmech->pParameter == NULL);
++ OPENSSL_assert(pmech->ulParameterLen == 0);
++
++#ifdef SOLARIS_AES_CTR
++ if (ctx->cipher->nid == NID_aes_128_ctr ||
++ ctx->cipher->nid == NID_aes_192_ctr ||
++ ctx->cipher->nid == NID_aes_256_ctr)
++ {
++ pmech->pParameter = (void *)(&ctr_params);
++ pmech->ulParameterLen = sizeof (ctr_params);
++ /*
++ * For now, we are limited to the fixed length of the counter,
++ * it covers the whole counter block. That's what RFC 4344
++ * needs. For more information on internal structure of the
++ * counter block, see RFC 3686. If needed in the future, we can
++ * add code so that the counter length can be set via
++ * ENGINE_ctrl() function.
++ */
++ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
++ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
++ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
++ }
++ else
++#endif /* SOLARIS_AES_CTR */
++ {
++ if (pcipher->iv_len > 0)
++ {
++ pmech->pParameter = (void *)ctx->iv;
++ pmech->ulParameterLen = pcipher->iv_len;
++ }
++ }
++
++ /* if we get here, the encryption needs to be reinitialized */
++ if (ctx->encrypt)
++ rv = pFuncList->C_EncryptInit(sp->session, pmech,
++ sp->opdata_cipher_key);
++ else
++ rv = pFuncList->C_DecryptInit(sp->session, pmech,
++ sp->opdata_cipher_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
++ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++
++ return (1);
++ }
++
++/* ARGSUSED */
++static int
++pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc)
++ {
++ CK_MECHANISM mech;
++ int index;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
++ PK11_SESSION *sp;
++ PK11_CIPHER *p_ciph_table_row;
++
++ state->sp = NULL;
++
++ index = cipher_nid_to_pk11(ctx->cipher->nid);
++ if (index < 0 || index >= PK11_CIPHER_MAX)
++ return (0);
++
++ p_ciph_table_row = &ciphers[index];
++ /*
++ * iv_len in the ctx->cipher structure is the maximum IV length for the
++ * current cipher and it must be less or equal to the IV length in our
++ * ciphers table. The key length must be in the allowed interval. From
++ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
++ * key length to be in some range, all other NIDs have a precise key
++ * length. Every application can define its own EVP functions so this
++ * code serves as a sanity check.
++ *
++ * Note that the reason why the IV length in ctx->cipher might be
++ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
++ * macro to define functions that return EVP structures for all DES
++ * modes. So, even ECB modes get 8 byte IV.
++ */
++ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
++ ctx->key_len < p_ciph_table_row->min_key_len ||
++ ctx->key_len > p_ciph_table_row->max_key_len) {
++ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
++ return (0);
++ }
++
++ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
++ return (0);
++
++ /* if applicable, the mechanism parameter is used for IV */
++ mech.mechanism = p_ciph_table_row->mech_type;
++ mech.pParameter = NULL;
++ mech.ulParameterLen = 0;
++
++ /* The key object is destroyed here if it is not the current key. */
++ (void) check_new_cipher_key(sp, key, ctx->key_len);
++
++ /*
++ * If the key is the same and the encryption is also the same, then
++ * just reuse it. However, we must not forget to reinitialize the
++ * context that was finalized in pk11_cipher_cleanup().
++ */
++ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
++ sp->opdata_encrypt == ctx->encrypt)
++ {
++ state->sp = sp;
++ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
++ return (0);
++
++ return (1);
++ }
++
++ /*
++ * Check if the key has been invalidated. If so, a new key object
++ * needs to be created.
++ */
++ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
++ {
++ sp->opdata_cipher_key = pk11_get_cipher_key(
++ ctx, key, p_ciph_table_row->key_type, sp);
++ }
++
++ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
++ {
++ /*
++ * The previous encryption/decryption is different. Need to
++ * terminate the previous * active encryption/decryption here.
++ */
++ if (!pk11_cipher_final(sp))
++ {
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++ }
++
++ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
++ {
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++
++ /* now initialize the context with a new key */
++ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
++ return (0);
++
++ sp->opdata_encrypt = ctx->encrypt;
++ state->sp = sp;
++
++ return (1);
++ }
++
++/*
++ * When reusing the same key in an encryption/decryption session for a
++ * decryption/encryption session, we need to close the active session
++ * and recreate a new one. Note that the key is in the global session so
++ * that it needs not be recreated.
++ *
++ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
++ * development, these two functions in the PKCS#11 libraries used return
++ * unexpected errors when passing in 0 length output. It may be a good
++ * idea to try them again if performance is a problem here and fix
++ * C_En/DecryptFinial if there are bugs there causing the problem.
++ */
++static int
++pk11_cipher_final(PK11_SESSION *sp)
++ {
++ CK_RV rv;
++
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++/*
++ * An engine interface function. The calling function allocates sufficient
++ * memory for the output buffer "out" to hold the results.
++ */
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int
++pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, unsigned int inl)
++#else
++static int
++pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl)
++#endif
++ {
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
++ PK11_SESSION *sp;
++ CK_RV rv;
++ unsigned long outl = inl;
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ sp = (PK11_SESSION *) state->sp;
++
++ if (!inl)
++ return (1);
++
++ /* RC4 is the only stream cipher we support */
++ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
++ return (0);
++
++ if (ctx->encrypt)
++ {
++ rv = pFuncList->C_EncryptUpdate(sp->session,
++ (unsigned char *)in, inl, out, &outl);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
++ PK11_R_ENCRYPTUPDATE, rv);
++ return (0);
++ }
++ }
++ else
++ {
++ rv = pFuncList->C_DecryptUpdate(sp->session,
++ (unsigned char *)in, inl, out, &outl);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
++ PK11_R_DECRYPTUPDATE, rv);
++ return (0);
++ }
++ }
++
++ /*
++ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
++ * the same size of input.
++ * The application has guaranteed to call the block ciphers with
++ * correctly aligned buffers.
++ */
++ if (inl != outl)
++ return (0);
++
++ return (1);
++ }
++
++/*
++ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
++ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
++ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
++ * the engine can't find out that it's the finalizing call. We wouldn't
++ * necessarily have to finalize the context here since reinitializing it with
++ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
++ * let's do it. Some implementations might leak memory if the previously used
++ * context is initialized without finalizing it first.
++ */
++static int
++pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
++ {
++ CK_RV rv;
++ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
++ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
++ PK11_CIPHER_STATE *state = ctx->cipher_data;
++
++ if (state != NULL && state->sp != NULL)
++ {
++ /*
++ * We are not interested in the data here, we just need to get
++ * rid of the context.
++ */
++ if (ctx->encrypt)
++ rv = pFuncList->C_EncryptFinal(
++ state->sp->session, buf, &len);
++ else
++ rv = pFuncList->C_DecryptFinal(
++ state->sp->session, buf, &len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
++ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
++ pk11_return_session(state->sp, OP_CIPHER);
++ return (0);
++ }
++
++ pk11_return_session(state->sp, OP_CIPHER);
++ state->sp = NULL;
++ }
++
++ return (1);
++ }
++
++/*
++ * Registered by the ENGINE when used to find out how to deal with
++ * a particular NID in the ENGINE. This says what we'll do at the
++ * top level - note, that list is restricted by what we answer with
++ */
++/* ARGSUSED */
++static int
++pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid)
++ {
++ if (!cipher)
++ return (pk11_usable_ciphers(nids));
++
++ switch (nid)
++ {
++ case NID_des_ede3_cbc:
++ *cipher = &pk11_3des_cbc;
++ break;
++ case NID_des_cbc:
++ *cipher = &pk11_des_cbc;
++ break;
++ case NID_des_ede3_ecb:
++ *cipher = &pk11_3des_ecb;
++ break;
++ case NID_des_ecb:
++ *cipher = &pk11_des_ecb;
++ break;
++ case NID_aes_128_cbc:
++ *cipher = &pk11_aes_128_cbc;
++ break;
++ case NID_aes_192_cbc:
++ *cipher = &pk11_aes_192_cbc;
++ break;
++ case NID_aes_256_cbc:
++ *cipher = &pk11_aes_256_cbc;
++ break;
++ case NID_aes_128_ecb:
++ *cipher = &pk11_aes_128_ecb;
++ break;
++ case NID_aes_192_ecb:
++ *cipher = &pk11_aes_192_ecb;
++ break;
++ case NID_aes_256_ecb:
++ *cipher = &pk11_aes_256_ecb;
++ break;
++ case NID_bf_cbc:
++ *cipher = &pk11_bf_cbc;
++ break;
++ case NID_rc4:
++ *cipher = &pk11_rc4;
++ break;
++ default:
++#ifdef SOLARIS_AES_CTR
++ /*
++ * These can't be in separated cases because the NIDs
++ * here are not constants.
++ */
++ if (nid == NID_aes_128_ctr)
++ *cipher = &pk11_aes_128_ctr;
++ else if (nid == NID_aes_192_ctr)
++ *cipher = &pk11_aes_192_ctr;
++ else if (nid == NID_aes_256_ctr)
++ *cipher = &pk11_aes_256_ctr;
++ else
++#endif /* SOLARIS_AES_CTR */
++ *cipher = NULL;
++ break;
++ }
++ return (*cipher != NULL);
++ }
++
++/* ARGSUSED */
++static int
++pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
++ const int **nids, int nid)
++ {
++ if (!digest)
++ return (pk11_usable_digests(nids));
++
++ switch (nid)
++ {
++ case NID_md5:
++ *digest = &pk11_md5;
++ break;
++ case NID_sha1:
++ *digest = &pk11_sha1;
++ break;
++ case NID_sha224:
++ *digest = &pk11_sha224;
++ break;
++ case NID_sha256:
++ *digest = &pk11_sha256;
++ break;
++ case NID_sha384:
++ *digest = &pk11_sha384;
++ break;
++ case NID_sha512:
++ *digest = &pk11_sha512;
++ break;
++ default:
++ *digest = NULL;
++ break;
++ }
++ return (*digest != NULL);
++ }
++
++
++/* Create a secret key object in a PKCS#11 session */
++static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
++ CK_ULONG ul_key_attr_count = 6;
++ unsigned char key_buf[PK11_KEY_LEN_MAX];
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VALUE, (void*) NULL, 0},
++ };
++
++ /*
++ * Create secret key object in global_session. All other sessions
++ * can use the key handles. Here is why:
++ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
++ * It may then call DecryptInit and DecryptUpdate using the same key.
++ * To use the same key object, we need to call EncryptFinal with
++ * a 0 length message. Currently, this does not work for 3DES
++ * mechanism. To get around this problem, we close the session and
++ * then create a new session to use the same key object. When a session
++ * is closed, all the object handles will be invalid. Thus, create key
++ * objects in a global session, an individual session may be closed to
++ * terminate the active operation.
++ */
++ CK_SESSION_HANDLE session = global_session;
++ a_key_template[0].pValue = &obj_key;
++ a_key_template[1].pValue = &key_type;
++ if (ctx->key_len > PK11_KEY_LEN_MAX)
++ {
++ a_key_template[5].pValue = (void *) key;
++ }
++ else
++ {
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++ memcpy(key_buf, key, ctx->key_len);
++ if ((key_type == CKK_DES) ||
++ (key_type == CKK_DES2) ||
++ (key_type == CKK_DES3))
++ DES_fixup_key_parity((DES_cblock *) &key_buf[0]);
++ if ((key_type == CKK_DES2) ||
++ (key_type == CKK_DES3))
++ DES_fixup_key_parity((DES_cblock *) &key_buf[8]);
++ if (key_type == CKK_DES3)
++ DES_fixup_key_parity((DES_cblock *) &key_buf[16]);
++ a_key_template[5].pValue = (void *) key_buf;
++ }
++ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
++ rv);
++ goto err;
++ }
++
++ /*
++ * Save the key information used in this session.
++ * The max can be saved is PK11_KEY_LEN_MAX.
++ */
++ if (ctx->key_len > PK11_KEY_LEN_MAX)
++ {
++ sp->opdata_key_len = PK11_KEY_LEN_MAX;
++ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
++ }
++ else
++ {
++ sp->opdata_key_len = ctx->key_len;
++ (void) memcpy(sp->opdata_key, key_buf, sp->opdata_key_len);
++ }
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++err:
++
++ return (h_key);
++ }
++
++static int
++md_nid_to_pk11(int nid)
++ {
++ int i;
++
++ for (i = 0; i < PK11_DIGEST_MAX; i++)
++ if (digests[i].nid == nid)
++ return (digests[i].id);
++ return (-1);
++ }
++
++static int
++pk11_digest_init(EVP_MD_CTX *ctx)
++ {
++ CK_RV rv;
++ CK_MECHANISM mech;
++ int index;
++ PK11_SESSION *sp;
++ PK11_DIGEST *pdp;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++
++ state->sp = NULL;
++
++ index = md_nid_to_pk11(ctx->digest->type);
++ if (index < 0 || index >= PK11_DIGEST_MAX)
++ return (0);
++
++ pdp = &digests[index];
++ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
++ return (0);
++
++ /* at present, no parameter is needed for supported digests */
++ mech.mechanism = pdp->mech_type;
++ mech.pParameter = NULL;
++ mech.ulParameterLen = 0;
++
++ rv = pFuncList->C_DigestInit(sp->session, &mech);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
++ pk11_return_session(sp, OP_DIGEST);
++ return (0);
++ }
++
++ state->sp = sp;
++
++ return (1);
++ }
++
++static int
++pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
++ {
++ CK_RV rv;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++
++ /* 0 length message will cause a failure in C_DigestFinal */
++ if (count == 0)
++ return (1);
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
++ count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++ return (0);
++ }
++
++ return (1);
++ }
++
++static int
++pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
++ {
++ CK_RV rv;
++ unsigned long len;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++ len = ctx->digest->md_size;
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++ return (0);
++ }
++
++ if (ctx->digest->md_size != len)
++ return (0);
++
++ /*
++ * Final is called and digest is returned, so return the session
++ * to the pool
++ */
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++
++ return (1);
++ }
++
++static int
++pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
++ {
++ CK_RV rv;
++ int ret = 0;
++ PK11_CIPHER_STATE *state, *state_to;
++ CK_BYTE_PTR pstate = NULL;
++ CK_ULONG ul_state_len;
++
++ /* The copy-from state */
++ state = (PK11_CIPHER_STATE *) from->md_data;
++ if (state == NULL || state->sp == NULL)
++ goto err;
++
++ /* Initialize the copy-to state */
++ if (!pk11_digest_init(to))
++ goto err;
++ state_to = (PK11_CIPHER_STATE *) to->md_data;
++
++ /* Get the size of the operation state of the copy-from session */
++ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
++ &ul_state_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
++ rv);
++ goto err;
++ }
++ if (ul_state_len == 0)
++ {
++ goto err;
++ }
++
++ pstate = OPENSSL_malloc(ul_state_len);
++ if (pstate == NULL)
++ {
++ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the operation state of the copy-from session */
++ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
++ &ul_state_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
++ rv);
++ goto err;
++ }
++
++ /* Set the operation state of the copy-to session */
++ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
++ ul_state_len, 0, 0);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY,
++ PK11_R_SET_OPERATION_STATE, rv);
++ goto err;
++ }
++
++ ret = 1;
++err:
++ if (pstate != NULL)
++ OPENSSL_free(pstate);
++
++ return (ret);
++ }
++
++/* Return any pending session state to the pool */
++static int
++pk11_digest_cleanup(EVP_MD_CTX *ctx)
++ {
++ PK11_CIPHER_STATE *state = ctx->md_data;
++ unsigned char buf[EVP_MAX_MD_SIZE];
++
++ if (state != NULL && state->sp != NULL)
++ {
++ /*
++ * If state->sp is not NULL then pk11_digest_final() has not
++ * been called yet. We must call it now to free any memory
++ * that might have been allocated in the token when
++ * pk11_digest_init() was called. pk11_digest_final()
++ * will return the session to the cache.
++ */
++ if (!pk11_digest_final(ctx, buf))
++ return (0);
++ }
++
++ return (1);
++ }
++
++/*
++ * Check if the new key is the same as the key object in the session. If the key
++ * is the same, no need to create a new key object. Otherwise, the old key
++ * object needs to be destroyed and a new one will be created. Return 1 for
++ * cache hit, 0 for cache miss. Note that we must check the key length first
++ * otherwise we could end up reusing a different, longer key with the same
++ * prefix.
++ */
++static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
++ int key_len)
++ {
++ if (sp->opdata_key_len != key_len ||
++ memcmp(sp->opdata_key, key, key_len) != 0)
++ {
++ (void) pk11_destroy_cipher_key_objects(sp);
++ return (0);
++ }
++ return (1);
++ }
++
++/* Destroy one or more secret key objects. */
++static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
++ {
++ int ret = 0;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_CIPHER].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_CIPHER].head;
++ }
++
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
++ {
++ /*
++ * The secret key object is created in the
++ * global_session. See pk11_get_cipher_key().
++ */
++ if (pk11_destroy_object(global_session,
++ sp->opdata_cipher_key, CK_FALSE) == 0)
++ goto err;
++ sp->opdata_cipher_key = CK_INVALID_HANDLE;
++ }
++ }
++ ret = 1;
++err:
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_CIPHER].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++
++
++/*
++ * Public key mechanisms optionally supported
++ *
++ * CKM_RSA_X_509
++ * CKM_RSA_PKCS
++ * CKM_DSA
++ *
++ * The first slot that supports at least one of those mechanisms is chosen as a
++ * public key slot.
++ *
++ * Symmetric ciphers optionally supported
++ *
++ * CKM_DES3_CBC
++ * CKM_DES_CBC
++ * CKM_AES_CBC
++ * CKM_DES3_ECB
++ * CKM_DES_ECB
++ * CKM_AES_ECB
++ * CKM_AES_CTR
++ * CKM_RC4
++ * CKM_BLOWFISH_CBC
++ *
++ * Digests optionally supported
++ *
++ * CKM_MD5
++ * CKM_SHA_1
++ * CKM_SHA224
++ * CKM_SHA256
++ * CKM_SHA384
++ * CKM_SHA512
++ *
++ * The output of this function is a set of global variables indicating which
++ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
++ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
++ * variables carry information about which slot was chosen for (a) public key
++ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
++ */
++static int
++pk11_choose_slots(int *any_slot_found)
++ {
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ CK_ULONG ulSlotCount = 0;
++ CK_MECHANISM_INFO mech_info;
++ CK_TOKEN_INFO token_info;
++ unsigned int i;
++ CK_RV rv;
++ CK_SLOT_ID best_slot_sofar = 0;
++ CK_BBOOL found_candidate_slot = CK_FALSE;
++ int slot_n_cipher = 0;
++ int slot_n_digest = 0;
++ CK_SLOT_ID current_slot = 0;
++ int current_slot_n_cipher = 0;
++ int current_slot_n_digest = 0;
++
++ int local_cipher_nids[PK11_CIPHER_MAX];
++ int local_digest_nids[PK11_DIGEST_MAX];
++
++ /* let's initialize the output parameter */
++ if (any_slot_found != NULL)
++ *any_slot_found = 0;
++
++ /* Get slot list for memory allocation */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ return (0);
++ }
++
++ /* it's not an error if we didn't find any providers */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++
++ /* Get the slot list for processing */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ OPENSSL_free(pSlotList);
++ return (0);
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
++ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
++
++ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ /* Check if slot has random support. */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (token_info.flags & CKF_RNG)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ pk11_have_random = CK_TRUE;
++ rand_SLOTID = current_slot;
++ break;
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ pubkey_SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ CK_BBOOL slot_has_rsa = CK_FALSE;
++ CK_BBOOL slot_has_recover = CK_FALSE;
++ CK_BBOOL slot_has_dsa = CK_FALSE;
++ CK_BBOOL slot_has_dh = CK_FALSE;
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++#ifndef OPENSSL_NO_RSA
++ /*
++ * Check if this slot is capable of signing and
++ * verifying with CKM_RSA_PKCS.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
++ &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY)))
++ {
++ /*
++ * Check if this slot is capable of encryption,
++ * decryption, sign, and verify with CKM_RSA_X_509.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_RSA_X_509, &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY) &&
++ (mech_info.flags & CKF_ENCRYPT) &&
++ (mech_info.flags & CKF_DECRYPT)))
++ {
++ slot_has_rsa = CK_TRUE;
++ if (mech_info.flags & CKF_VERIFY_RECOVER)
++ {
++ slot_has_recover = CK_TRUE;
++ }
++ }
++ }
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++ /*
++ * Check if this slot is capable of signing and
++ * verifying with CKM_DSA.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
++ &mech_info);
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY)))
++ {
++ slot_has_dsa = CK_TRUE;
++ }
++
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++ /*
++ * Check if this slot is capable of DH key generataion and
++ * derivation.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
++
++ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
++ {
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_DH_PKCS_DERIVE, &mech_info);
++ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
++ {
++ slot_has_dh = CK_TRUE;
++ }
++ }
++#endif /* OPENSSL_NO_DH */
++
++ if (!found_candidate_slot &&
++ (slot_has_rsa || slot_has_dsa || slot_has_dh))
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: potential slot: %d\n", PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = current_slot;
++ pk11_have_rsa = slot_has_rsa;
++ pk11_have_recover = slot_has_recover;
++ pk11_have_dsa = slot_has_dsa;
++ pk11_have_dh = slot_has_dh;
++ found_candidate_slot = CK_TRUE;
++ /*
++ * Cache the flags for later use. We might
++ * need those if RSA keys by reference feature
++ * is used.
++ */
++ pubkey_token_flags = token_info.flags;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: setting found_candidate_slot to CK_TRUE\n",
++ PK11_DBG);
++ fprintf(stderr,
++ "%s: best so far slot: %d\n", PK11_DBG,
++ best_slot_sofar);
++ fprintf(stderr, "%s: pubkey flags changed to "
++ "%lu.\n", PK11_DBG, pubkey_token_flags);
++ }
++ else
++ {
++ fprintf(stderr,
++ "%s: no rsa/dsa/dh\n", PK11_DBG);
++ }
++#else
++ } /* if */
++#endif /* DEBUG_SLOT_SELECTION */
++ } /* for */
++
++ if (found_candidate_slot == CK_TRUE)
++ {
++ pubkey_SLOTID = best_slot_sofar;
++ }
++
++ found_candidate_slot = CK_FALSE;
++ best_slot_sofar = 0;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ current_slot = pSlotList[i];
++ current_slot_n_cipher = 0;
++ current_slot_n_digest = 0;
++ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
++ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
++
++ pk11_find_symmetric_ciphers(pFuncList, current_slot,
++ ¤t_slot_n_cipher, local_cipher_nids);
++
++ pk11_find_digests(pFuncList, current_slot,
++ ¤t_slot_n_digest, local_digest_nids);
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
++ current_slot_n_cipher);
++ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
++ current_slot_n_digest);
++ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
++ PK11_DBG, best_slot_sofar);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * If the current slot supports more ciphers/digests than
++ * the previous best one we change the current best to this one,
++ * otherwise leave it where it is.
++ */
++ if ((current_slot_n_cipher + current_slot_n_digest) >
++ (slot_n_cipher + slot_n_digest))
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: changing best so far slot to %d\n",
++ PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = SLOTID = current_slot;
++ cipher_count = slot_n_cipher = current_slot_n_cipher;
++ digest_count = slot_n_digest = current_slot_n_digest;
++ (void) memcpy(cipher_nids, local_cipher_nids,
++ sizeof (local_cipher_nids));
++ (void) memcpy(digest_nids, local_digest_nids,
++ sizeof (local_digest_nids));
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
++ fprintf(stderr,
++ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
++ fprintf(stderr,
++ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
++ fprintf(stderr,
++ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
++ fprintf(stderr,
++ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
++ fprintf(stderr,
++ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
++ fprintf(stderr,
++ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
++ fprintf(stderr,
++ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
++ fprintf(stderr,
++ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
++ fprintf(stderr,
++ "%s: digest_count %d\n", PK11_DBG, digest_count);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ OPENSSL_free(hw_cnids);
++ OPENSSL_free(hw_dnids);
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++ if (any_slot_found != NULL)
++ *any_slot_found = 1;
++ return (1);
++ }
++
++static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
++ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
++ int *local_cipher_nids, int id)
++ {
++ CK_MECHANISM_INFO mech_info;
++ CK_RV rv;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
++
++ if (rv != CKR_OK)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " not found\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ return;
++ }
++
++ if ((mech_info.flags & CKF_ENCRYPT) &&
++ (mech_info.flags & CKF_DECRYPT))
++ {
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (nid_in_table(ciphers[id].nid, hw_cnids))
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " usable\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ local_cipher_nids[(*current_slot_n_cipher)++] =
++ ciphers[id].nid;
++ }
++#ifdef SOLARIS_HW_SLOT_SELECTION
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " rejected, software implementation only\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ }
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " unusable\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++
++ return;
++ }
++
++static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
++ int id)
++ {
++ CK_MECHANISM_INFO mech_info;
++ CK_RV rv;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
++
++ if (rv != CKR_OK)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " not found\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ return;
++ }
++
++ if (mech_info.flags & CKF_DIGEST)
++ {
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (nid_in_table(digests[id].nid, hw_dnids))
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " usable\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ local_digest_nids[(*current_slot_n_digest)++] =
++ digests[id].nid;
++ }
++#ifdef SOLARIS_HW_SLOT_SELECTION
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " rejected, software implementation only\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ }
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " unusable\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++
++ return;
++ }
++
++#ifdef SOLARIS_AES_CTR
++/* create a new NID when we have no OID for that mechanism */
++static int pk11_add_NID(char *sn, char *ln)
++ {
++ ASN1_OBJECT *o;
++ int nid;
++
++ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
++ 1, sn, ln)) == NULL)
++ {
++ return (0);
++ }
++
++ /* will return NID_undef on error */
++ nid = OBJ_add_object(o);
++ ASN1_OBJECT_free(o);
++
++ return (nid);
++ }
++
++/*
++ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
++ * have to help ourselves here.
++ */
++static int pk11_add_aes_ctr_NIDs(void)
++ {
++ /* are we already set? */
++ if (NID_aes_256_ctr != NID_undef)
++ return (1);
++
++ /*
++ * There are no official names for AES counter modes yet so we just
++ * follow the format of those that exist.
++ */
++ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
++ NID_undef)
++ goto err;
++ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
++ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
++ NID_undef)
++ goto err;
++ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
++ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
++ NID_undef)
++ goto err;
++ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
++ return (1);
++
++err:
++ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
++ return (0);
++ }
++#endif /* SOLARIS_AES_CTR */
++
++/* Find what symmetric ciphers this slot supports. */
++static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
++ {
++ int i;
++
++ for (i = 0; i < PK11_CIPHER_MAX; ++i)
++ {
++ pk11_get_symmetric_cipher(pflist, current_slot,
++ ciphers[i].mech_type, current_slot_n_cipher,
++ local_cipher_nids, ciphers[i].id);
++ }
++ }
++
++/* Find what digest algorithms this slot supports. */
++static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
++ {
++ int i;
++
++ for (i = 0; i < PK11_DIGEST_MAX; ++i)
++ {
++ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
++ current_slot_n_digest, local_digest_nids, digests[i].id);
++ }
++ }
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++/*
++ * It would be great if we could use pkcs11_kernel directly since this library
++ * offers hardware slots only. That's the easiest way to achieve the situation
++ * where we use the hardware accelerators when present and OpenSSL native code
++ * otherwise. That presumes the fact that OpenSSL native code is faster than the
++ * code in the soft token. It's a logical assumption - Crypto Framework has some
++ * inherent overhead so going there for the software implementation of a
++ * mechanism should be logically slower in contrast to the OpenSSL native code,
++ * presuming that both implementations are of similar speed. For example, the
++ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
++ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
++ * that use the PKCS#11 engine by default, we must somehow avoid that regression
++ * on machines without hardware acceleration. That's why switching to the
++ * pkcs11_kernel library seems like a very good idea.
++ *
++ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
++ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
++ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
++ * library, we would have had a performance regression on machines without
++ * hardware acceleration for asymmetric operations for all applications that use
++ * the PKCS#11 engine. There is one such application - Apache web server since
++ * it's shipped configured to use the PKCS#11 engine by default. Having said
++ * that, we can't switch to the pkcs11_kernel library now and have to come with
++ * a solution that, on non-accelerated machines, uses the OpenSSL native code
++ * for all symmetric ciphers and digests while it uses the soft token for
++ * asymmetric operations.
++ *
++ * This is the idea: dlopen() pkcs11_kernel directly and find out what
++ * mechanisms are there. We don't care about duplications (more slots can
++ * support the same mechanism), we just want to know what mechanisms can be
++ * possibly supported in hardware on that particular machine. As said before,
++ * pkcs11_kernel will show you hardware providers only.
++ *
++ * Then, we rely on the fact that since we use libpkcs11 library we will find
++ * the metaslot. When we go through the metaslot's mechanisms for symmetric
++ * ciphers and digests, we check that any found mechanism is in the table
++ * created using the pkcs11_kernel library. So, as a result we have two arrays
++ * of mechanisms that were advertised as supported in hardware which was the
++ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
++ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
++ * information.
++ *
++ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
++ * the code won't be used.
++ */
++#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
++static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
++#else
++static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
++#endif
++
++/*
++ * Check hardware capabilities of the machines. The output are two lists,
++ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
++ * providers together. They are not sorted and may contain duplicate mechanisms.
++ */
++static int check_hw_mechanisms(void)
++ {
++ int i;
++ CK_RV rv;
++ void *handle;
++ CK_C_GetFunctionList p;
++ CK_TOKEN_INFO token_info;
++ CK_ULONG ulSlotCount = 0;
++ int n_cipher = 0, n_digest = 0;
++ CK_FUNCTION_LIST_PTR pflist = NULL;
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
++ int hw_ctable_size, hw_dtable_size;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
++ PK11_DBG);
++#endif
++ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ if ((p = (CK_C_GetFunctionList)dlsym(handle,
++ PK11_GET_FUNCTION_LIST)) == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ if (p(&pflist) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
++ PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
++ goto err;
++ }
++
++ /* no slots, set the hw mechanism tables as empty */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
++#endif
++ hw_cnids = OPENSSL_malloc(sizeof (int));
++ hw_dnids = OPENSSL_malloc(sizeof (int));
++ if (hw_cnids == NULL || hw_dnids == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS,
++ PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ /* this means empty tables */
++ hw_cnids[0] = NID_undef;
++ hw_dnids[0] = NID_undef;
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the slot list for processing */
++ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
++ goto err;
++ }
++
++ /*
++ * We don't care about duplicit mechanisms in multiple slots and also
++ * reserve one slot for the terminal NID_undef which we use to stop the
++ * search.
++ */
++ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
++ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
++ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
++ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
++ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * Do not use memset since we should not rely on the fact that NID_undef
++ * is zero now.
++ */
++ for (i = 0; i < hw_ctable_size; ++i)
++ tmp_hw_cnids[i] = NID_undef;
++ for (i = 0; i < hw_dtable_size; ++i)
++ tmp_hw_dnids[i] = NID_undef;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
++ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
++ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
++ PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * We are filling the hw mech tables here. Global tables are
++ * still NULL so all mechanisms are put into tmp tables.
++ */
++ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
++ &n_cipher, tmp_hw_cnids);
++ pk11_find_digests(pflist, pSlotList[i],
++ &n_digest, tmp_hw_dnids);
++ }
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects. Also, C_Finalize() is triggered by
++ * dlclose(3C).
++ */
++#if 0
++ pflist->C_Finalize(NULL);
++#endif
++ OPENSSL_free(pSlotList);
++ (void) dlclose(handle);
++ hw_cnids = tmp_hw_cnids;
++ hw_dnids = tmp_hw_dnids;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++
++err:
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++ if (tmp_hw_cnids != NULL)
++ OPENSSL_free(tmp_hw_cnids);
++ if (tmp_hw_dnids != NULL)
++ OPENSSL_free(tmp_hw_dnids);
++
++ return (0);
++ }
++
++/*
++ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
++ * non-existent).
++ */
++static int nid_in_table(int nid, int *nid_table)
++ {
++ int i = 0;
++
++ /*
++ * a special case. NULL means that we are initializing a new
++ * table.
++ */
++ if (nid_table == NULL)
++ return (1);
++
++ /*
++ * the table is never full, there is always at least one
++ * NID_undef.
++ */
++ while (nid_table[i] != NID_undef)
++ {
++ if (nid_table[i++] == nid)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++ }
++
++ return (0);
++ }
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++#endif /* OPENSSL_NO_HW_PK11CA */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11_err.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.4.10.1
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 21:52:40 2011
+@@ -0,0 +1,288 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_err.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <openssl/err.h>
++#include "hw_pk11_err.h"
++
++/* BEGIN ERROR CODES */
++#ifndef OPENSSL_NO_ERR
++static ERR_STRING_DATA pk11_str_functs[]=
++{
++{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
++{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
++{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
++{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
++{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
++{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
++{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
++{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
++{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
++{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
++{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
++{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
++{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
++{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
++{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
++{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
++{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
++{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
++{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
++{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
++{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
++{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
++{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
++{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
++{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
++{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
++{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
++{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
++{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
++{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
++{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
++{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
++{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
++{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
++{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
++{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
++{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
++{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
++{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
++{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
++{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
++{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
++{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
++{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
++{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
++{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
++{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
++{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
++{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
++{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
++{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
++{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
++{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
++{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
++{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
++{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
++{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
++{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
++{ 0, NULL}
++};
++
++static ERR_STRING_DATA pk11_str_reasons[]=
++{
++{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
++{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
++{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
++{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
++{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
++{ PK11_R_INITIALIZE, "C_Initialize failed"},
++{ PK11_R_FINALIZE, "C_Finalize failed"},
++{ PK11_R_GETINFO, "C_GetInfo faile"},
++{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
++{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
++{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
++{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
++{ PK11_R_NO_MODULUS, "no modulus"},
++{ PK11_R_NO_EXPONENT, "no exponent"},
++{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
++{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
++{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
++{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
++{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
++{ PK11_R_OPENSESSION, "C_OpenSession failed"},
++{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
++{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
++{ PK11_R_ENCRYPT, "C_Encrypt failed"},
++{ PK11_R_SIGNINIT, "C_SignInit failed"},
++{ PK11_R_SIGN, "C_Sign failed"},
++{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
++{ PK11_R_DECRYPT, "C_Decrypt failed"},
++{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
++{ PK11_R_VERIFY, "C_Verify failed"},
++{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
++{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
++{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
++{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
++{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
++{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
++{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
++{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
++{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
++{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
++{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
++{ PK11_R_MALLOC_FAILURE, "malloc failure"},
++{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
++{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
++{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
++{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
++{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
++{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
++{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
++{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
++{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
++{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
++{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
++{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
++{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
++{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
++{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
++{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
++{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
++{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
++{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
++{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
++{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
++{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
++{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
++{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
++{ PK11_R_ATFORK_FAILED, "atfork() failed" },
++{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
++{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
++{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
++{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
++{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
++{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
++{ PK11_R_PIPE_FAILED, "pipe() failed" },
++{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
++{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
++{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
++{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
++{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
++{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
++{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
++{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
++{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
++{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
++{ PK11_R_MMAP_FAILED, "mmap() failed" },
++{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
++{ PK11_R_MLOCK_FAILED, "mlock() failed" },
++{ PK11_R_FORK_FAILED, "fork() failed" },
++{ 0, NULL}
++};
++#endif /* OPENSSL_NO_ERR */
++
++static int pk11_lib_error_code = 0;
++static int pk11_error_init = 1;
++
++static void
++ERR_load_pk11_strings(void)
++ {
++ if (pk11_lib_error_code == 0)
++ pk11_lib_error_code = ERR_get_next_error_library();
++
++ if (pk11_error_init)
++ {
++ pk11_error_init = 0;
++#ifndef OPENSSL_NO_ERR
++ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
++ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
++#endif
++ }
++}
++
++static void
++ERR_unload_pk11_strings(void)
++ {
++ if (pk11_error_init == 0)
++ {
++#ifndef OPENSSL_NO_ERR
++ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
++ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
++#endif
++ pk11_error_init = 1;
++ }
++}
++
++void
++ERR_pk11_error(int function, int reason, char *file, int line)
++{
++ if (pk11_lib_error_code == 0)
++ pk11_lib_error_code = ERR_get_next_error_library();
++ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
++}
++
++void
++PK11err_add_data(int function, int reason, CK_RV rv)
++{
++ char tmp_buf[20];
++
++ PK11err(function, reason);
++ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
++ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
++}
+Index: openssl/crypto/engine/hw_pk11_err.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.9.10.2
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11_err.h Fri Oct 4 14:45:25 2013
+@@ -0,0 +1,440 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#ifndef HW_PK11_ERR_H
++#define HW_PK11_ERR_H
++
++void ERR_pk11_error(int function, int reason, char *file, int line);
++void PK11err_add_data(int function, int reason, CK_RV rv);
++#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
++
++/* Error codes for the PK11 functions. */
++
++/* Function codes. */
++
++#define PK11_F_INIT 100
++#define PK11_F_FINISH 101
++#define PK11_F_DESTROY 102
++#define PK11_F_CTRL 103
++#define PK11_F_RSA_INIT 104
++#define PK11_F_RSA_FINISH 105
++#define PK11_F_GET_PUB_RSA_KEY 106
++#define PK11_F_GET_PRIV_RSA_KEY 107
++#define PK11_F_RSA_GEN_KEY 108
++#define PK11_F_RSA_PUB_ENC 109
++#define PK11_F_RSA_PRIV_ENC 110
++#define PK11_F_RSA_PUB_DEC 111
++#define PK11_F_RSA_PRIV_DEC 112
++#define PK11_F_RSA_SIGN 113
++#define PK11_F_RSA_VERIFY 114
++#define PK11_F_RAND_ADD 115
++#define PK11_F_RAND_BYTES 116
++#define PK11_F_GET_SESSION 117
++#define PK11_F_FREE_SESSION 118
++#define PK11_F_LOAD_PUBKEY 119
++#define PK11_F_LOAD_PRIVKEY 120
++#define PK11_F_RSA_PUB_ENC_LOW 121
++#define PK11_F_RSA_PRIV_ENC_LOW 122
++#define PK11_F_RSA_PUB_DEC_LOW 123
++#define PK11_F_RSA_PRIV_DEC_LOW 124
++#define PK11_F_DSA_SIGN 125
++#define PK11_F_DSA_VERIFY 126
++#define PK11_F_DSA_INIT 127
++#define PK11_F_DSA_FINISH 128
++#define PK11_F_GET_PUB_DSA_KEY 129
++#define PK11_F_GET_PRIV_DSA_KEY 130
++#define PK11_F_DH_INIT 131
++#define PK11_F_DH_FINISH 132
++#define PK11_F_MOD_EXP_DH 133
++#define PK11_F_GET_DH_KEY 134
++#define PK11_F_FREE_ALL_SESSIONS 135
++#define PK11_F_SETUP_SESSION 136
++#define PK11_F_DESTROY_OBJECT 137
++#define PK11_F_CIPHER_INIT 138
++#define PK11_F_CIPHER_DO_CIPHER 139
++#define PK11_F_GET_CIPHER_KEY 140
++#define PK11_F_DIGEST_INIT 141
++#define PK11_F_DIGEST_UPDATE 142
++#define PK11_F_DIGEST_FINAL 143
++#define PK11_F_CHOOSE_SLOT 144
++#define PK11_F_CIPHER_FINAL 145
++#define PK11_F_LIBRARY_INIT 146
++#define PK11_F_LOAD 147
++#define PK11_F_DH_GEN_KEY 148
++#define PK11_F_DH_COMP_KEY 149
++#define PK11_F_DIGEST_COPY 150
++#define PK11_F_CIPHER_CLEANUP 151
++#define PK11_F_ACTIVE_ADD 152
++#define PK11_F_ACTIVE_DELETE 153
++#define PK11_F_CHECK_HW_MECHANISMS 154
++#define PK11_F_INIT_SYMMETRIC 155
++#define PK11_F_ADD_AES_CTR_NIDS 156
++#define PK11_F_INIT_ALL_LOCKS 157
++#define PK11_F_RETURN_SESSION 158
++#define PK11_F_GET_PIN 159
++#define PK11_F_FIND_ONE_OBJECT 160
++#define PK11_F_CHECK_TOKEN_ATTRS 161
++#define PK11_F_CACHE_PIN 162
++#define PK11_F_MLOCK_PIN_IN_MEMORY 163
++#define PK11_F_TOKEN_LOGIN 164
++#define PK11_F_TOKEN_RELOGIN 165
++#define PK11_F_RUN_ASKPASS 166
++
++/* Reason codes. */
++#define PK11_R_ALREADY_LOADED 100
++#define PK11_R_DSO_FAILURE 101
++#define PK11_R_NOT_LOADED 102
++#define PK11_R_PASSED_NULL_PARAMETER 103
++#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
++#define PK11_R_INITIALIZE 105
++#define PK11_R_FINALIZE 106
++#define PK11_R_GETINFO 107
++#define PK11_R_GETSLOTLIST 108
++#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
++#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
++#define PK11_R_GETATTRIBUTVALUE 111
++#define PK11_R_NO_MODULUS 112
++#define PK11_R_NO_EXPONENT 113
++#define PK11_R_FINDOBJECTSINIT 114
++#define PK11_R_FINDOBJECTS 115
++#define PK11_R_FINDOBJECTSFINAL 116
++#define PK11_R_CREATEOBJECT 118
++#define PK11_R_DESTROYOBJECT 119
++#define PK11_R_OPENSESSION 120
++#define PK11_R_CLOSESESSION 121
++#define PK11_R_ENCRYPTINIT 122
++#define PK11_R_ENCRYPT 123
++#define PK11_R_SIGNINIT 124
++#define PK11_R_SIGN 125
++#define PK11_R_DECRYPTINIT 126
++#define PK11_R_DECRYPT 127
++#define PK11_R_VERIFYINIT 128
++#define PK11_R_VERIFY 129
++#define PK11_R_VERIFYRECOVERINIT 130
++#define PK11_R_VERIFYRECOVER 131
++#define PK11_R_GEN_KEY 132
++#define PK11_R_SEEDRANDOM 133
++#define PK11_R_GENERATERANDOM 134
++#define PK11_R_INVALID_MESSAGE_LENGTH 135
++#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
++#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
++#define PK11_R_UNKNOWN_PADDING_TYPE 138
++#define PK11_R_PADDING_CHECK_FAILED 139
++#define PK11_R_DIGEST_TOO_BIG 140
++#define PK11_R_MALLOC_FAILURE 141
++#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
++#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
++#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
++#define PK11_R_MISSING_KEY_COMPONENT 145
++#define PK11_R_INVALID_SIGNATURE_LENGTH 146
++#define PK11_R_INVALID_DSA_SIGNATURE_R 147
++#define PK11_R_INVALID_DSA_SIGNATURE_S 148
++#define PK11_R_INCONSISTENT_KEY 149
++#define PK11_R_ENCRYPTUPDATE 150
++#define PK11_R_DECRYPTUPDATE 151
++#define PK11_R_DIGESTINIT 152
++#define PK11_R_DIGESTUPDATE 153
++#define PK11_R_DIGESTFINAL 154
++#define PK11_R_ENCRYPTFINAL 155
++#define PK11_R_DECRYPTFINAL 156
++#define PK11_R_NO_PRNG_SUPPORT 157
++#define PK11_R_GETTOKENINFO 158
++#define PK11_R_DERIVEKEY 159
++#define PK11_R_GET_OPERATION_STATE 160
++#define PK11_R_SET_OPERATION_STATE 161
++#define PK11_R_INVALID_HANDLE 162
++#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
++#define PK11_R_INVALID_OPERATION_TYPE 164
++#define PK11_R_ADD_NID_FAILED 165
++#define PK11_R_ATFORK_FAILED 166
++
++#define PK11_R_TOKEN_LOGIN_FAILED 167
++#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
++#define PK11_R_INVALID_PKCS11_URI 169
++#define PK11_R_COULD_NOT_READ_PIN 170
++#define PK11_R_COULD_NOT_OPEN_COMMAND 171
++#define PK11_R_PIPE_FAILED 172
++#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
++#define PK11_R_BAD_PASSPHRASE_SPEC 174
++#define PK11_R_TOKEN_NOT_INITIALIZED 175
++#define PK11_R_TOKEN_PIN_NOT_SET 176
++#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
++#define PK11_R_MISSING_OBJECT_LABEL 178
++#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
++#define PK11_R_PRIV_KEY_NOT_FOUND 180
++#define PK11_R_NO_OBJECT_FOUND 181
++#define PK11_R_PIN_CACHING_POLICY_INVALID 182
++#define PK11_R_SYSCONF_FAILED 183
++#define PK11_R_MMAP_FAILED 183
++#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
++#define PK11_R_MLOCK_FAILED 185
++#define PK11_R_FORK_FAILED 186
++
++/* max byte length of a symetric key we support */
++#define PK11_KEY_LEN_MAX 32
++
++#ifdef NOPTHREADS
++/*
++ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
++ * free_session list and active_list but generally serves as a global
++ * per-process lock for the whole engine.
++ *
++ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
++ * the global engine lock. This is not optimal w.r.t. performance but
++ * it's safe.
++ */
++#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
++#endif
++
++/*
++ * This structure encapsulates all reusable information for a PKCS#11
++ * session. A list of these objects is created on behalf of the
++ * calling application using an on-demand method. Each operation
++ * type (see PK11_OPTYPE below) has its own per-process list.
++ * Each of the lists is basically a cache for faster PKCS#11 object
++ * access to avoid expensive C_Find{,Init,Final}Object() calls.
++ *
++ * When a new request comes in, an object will be taken from the list
++ * (if there is one) or a new one is created to handle the request
++ * (if the list is empty). See pk11_get_session() on how it is done.
++ */
++typedef struct PK11_st_SESSION
++ {
++ struct PK11_st_SESSION *next;
++ CK_SESSION_HANDLE session; /* PK11 session handle */
++ pid_t pid; /* Current process ID */
++ CK_BBOOL pub_persistent; /* is pub key in keystore? */
++ CK_BBOOL priv_persistent;/* is priv key in keystore? */
++ union
++ {
++#ifndef OPENSSL_NO_RSA
++ struct
++ {
++ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
++ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
++ RSA *rsa_pub; /* pub key addr */
++ BIGNUM *rsa_n_num; /* pub modulus */
++ BIGNUM *rsa_e_num; /* pub exponent */
++ RSA *rsa_priv; /* priv key addr */
++ BIGNUM *rsa_pn_num; /* pub modulus */
++ BIGNUM *rsa_pe_num; /* pub exponent */
++ BIGNUM *rsa_d_num; /* priv exponent */
++ } u_RSA;
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ struct
++ {
++ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
++ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
++ DSA *dsa_pub; /* pub key addr */
++ BIGNUM *dsa_pub_num; /* pub key */
++ DSA *dsa_priv; /* priv key addr */
++ BIGNUM *dsa_priv_num; /* priv key */
++ } u_DSA;
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ struct
++ {
++ CK_OBJECT_HANDLE dh_key; /* key handle */
++ DH *dh; /* dh key addr */
++ BIGNUM *dh_priv_num; /* priv dh key */
++ } u_DH;
++#endif /* OPENSSL_NO_DH */
++ struct
++ {
++ CK_OBJECT_HANDLE cipher_key; /* key handle */
++ unsigned char key[PK11_KEY_LEN_MAX];
++ int key_len; /* priv key len */
++ int encrypt; /* 1/0 enc/decr */
++ } u_cipher;
++ } opdata_u;
++ } PK11_SESSION;
++
++#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
++#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
++#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
++#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
++#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
++#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
++#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
++#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
++#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
++#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
++#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
++#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
++#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
++#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
++#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
++#define opdata_dh_key opdata_u.u_DH.dh_key
++#define opdata_dh opdata_u.u_DH.dh
++#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
++#define opdata_cipher_key opdata_u.u_cipher.cipher_key
++#define opdata_key opdata_u.u_cipher.key
++#define opdata_key_len opdata_u.u_cipher.key_len
++#define opdata_encrypt opdata_u.u_cipher.encrypt
++
++/*
++ * We have 3 different groups of operation types:
++ * 1) asymmetric operations
++ * 2) random operations
++ * 3) symmetric and digest operations
++ *
++ * This division into groups stems from the fact that it's common that hardware
++ * providers may support operations from one group only. For example, hardware
++ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
++ * only a single group of operations.
++ *
++ * For every group a different slot can be chosen. That means that we must have
++ * at least 3 different lists of cached PKCS#11 sessions since sessions from
++ * different groups may be initialized in different slots.
++ *
++ * To provide locking granularity in multithreaded environment, the groups are
++ * further splitted into types with each type having a separate session cache.
++ */
++typedef enum PK11_OPTYPE_ENUM
++ {
++ OP_RAND,
++ OP_RSA,
++ OP_DSA,
++ OP_DH,
++ OP_CIPHER,
++ OP_DIGEST,
++ OP_MAX
++ } PK11_OPTYPE;
++
++/*
++ * This structure contains the heads of the lists forming the object caches
++ * and locks associated with the lists.
++ */
++typedef struct PK11_st_CACHE
++ {
++ PK11_SESSION *head;
++#ifndef NOPTHREADS
++ pthread_mutex_t *lock;
++#endif
++ } PK11_CACHE;
++
++/* structure for tracking handles of asymmetric key objects */
++typedef struct PK11_active_st
++ {
++ CK_OBJECT_HANDLE h;
++ unsigned int refcnt;
++ struct PK11_active_st *prev;
++ struct PK11_active_st *next;
++ } PK11_active;
++
++#ifndef NOPTHREADS
++extern pthread_mutex_t *find_lock[];
++#endif
++extern PK11_active *active_list[];
++/*
++ * These variables are specific for the RSA keys by reference code. See
++ * hw_pk11_pub.c for explanation.
++ */
++extern CK_FLAGS pubkey_token_flags;
++
++#ifndef NOPTHREADS
++#define LOCK_OBJSTORE(alg_type) \
++ OPENSSL_assert(pthread_mutex_lock(find_lock[alg_type]) == 0)
++#define UNLOCK_OBJSTORE(alg_type) \
++ OPENSSL_assert(pthread_mutex_unlock(find_lock[alg_type]) == 0)
++#else
++#define LOCK_OBJSTORE(alg_type) \
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
++#define UNLOCK_OBJSTORE(alg_type) \
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
++#endif
++
++extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++extern int pk11_token_relogin(CK_SESSION_HANDLE session);
++
++#ifndef OPENSSL_NO_RSA
++extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++extern RSA_METHOD *PK11_RSA(void);
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++extern DSA_METHOD *PK11_DSA(void);
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
++extern DH_METHOD *PK11_DH(void);
++#endif /* OPENSSL_NO_DH */
++
++extern CK_FUNCTION_LIST_PTR pFuncList;
++
++#endif /* HW_PK11_ERR_H */
+Index: openssl/crypto/engine/hw_pk11_pub.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.32.4.7
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11_pub.c Fri Oct 4 14:45:25 2013
+@@ -0,0 +1,3556 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_pub.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/pem.h>
++#ifndef OPENSSL_NO_RSA
++#include <openssl/rsa.h>
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++#include <openssl/dsa.h>
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++#include <openssl/dh.h>
++#endif /* OPENSSL_NO_DH */
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++#define NOPTHREADS
++typedef int pid_t;
++#define HAVE_GETPASSPHRASE
++static char *getpassphrase(const char *prompt);
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <unistd.h>
++#endif
++
++#ifndef NOPTHREADS
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11CA
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11ca.h"
++#include "hw_pk11_err.h"
++
++static CK_BBOOL pk11_login_done = CK_FALSE;
++extern CK_SLOT_ID pubkey_SLOTID;
++#ifndef NOPTHREADS
++extern pthread_mutex_t *token_lock;
++#endif
++
++#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
++#define getpassphrase(x) getpass(x)
++#endif
++
++#ifndef OPENSSL_NO_RSA
++/* RSA stuff */
++static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_init(RSA *rsa);
++static int pk11_RSA_finish(RSA *rsa);
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_RSA_verify(int dtype, const unsigned char *m,
++ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa);
++#else
++static int pk11_RSA_verify(int dtype, const unsigned char *m,
++ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa);
++#endif
++EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++
++static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session);
++
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
++#endif
++
++/* DSA stuff */
++#ifndef OPENSSL_NO_DSA
++static int pk11_DSA_init(DSA *dsa);
++static int pk11_DSA_finish(DSA *dsa);
++static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
++ DSA *dsa);
++static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
++ DSA_SIG *sig, DSA *dsa);
++
++static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
++ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
++ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
++
++static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
++static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
++#endif
++
++/* DH stuff */
++#ifndef OPENSSL_NO_DH
++static int pk11_DH_init(DH *dh);
++static int pk11_DH_finish(DH *dh);
++static int pk11_DH_generate_key(DH *dh);
++static int pk11_DH_compute_key(unsigned char *key,
++ const BIGNUM *pub_key, DH *dh);
++
++static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
++ BIGNUM **priv_key, CK_SESSION_HANDLE session);
++
++static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
++#endif
++
++static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
++static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
++ CK_ULONG *ulValueLen);
++static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
++
++static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private);
++
++/* Read mode string to be used for fopen() */
++#if SOLARIS_OPENSSL
++static char *read_mode_flags = "rF";
++#else
++static char *read_mode_flags = "r";
++#endif
++
++/*
++ * increment/create reference for an asymmetric key handle via active list
++ * manipulation. If active list operation fails, unlock (if locked), set error
++ * variable and jump to the specified label.
++ */
++#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
++ { \
++ if (pk11_active_add(key_handle, alg_type) < 0) \
++ { \
++ var = TRUE; \
++ if (unlock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ goto label; \
++ } \
++ }
++
++/*
++ * Find active list entry according to object handle and return pointer to the
++ * entry otherwise return NULL.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ for (entry = active_list[type]; entry != NULL; entry = entry->next)
++ if (entry->h == h)
++ return (entry);
++
++ return (NULL);
++ }
++
++/*
++ * Search for an entry in the active list using PKCS#11 object handle as a
++ * search key and return refcnt of the found/created entry or -1 in case of
++ * failure.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if (h == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ /* search for entry in the active list */
++ if ((entry = pk11_active_find(h, type)) != NULL)
++ entry->refcnt++;
++ else
++ {
++ /* not found, create new entry and add it to the list */
++ entry = OPENSSL_malloc(sizeof (PK11_active));
++ if (entry == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
++ return (-1);
++ }
++ entry->h = h;
++ entry->refcnt = 1;
++ entry->prev = NULL;
++ entry->next = NULL;
++ /* connect the newly created entry to the list */
++ if (active_list[type] == NULL)
++ active_list[type] = entry;
++ else /* make the entry first in the list */
++ {
++ entry->next = active_list[type];
++ active_list[type]->prev = entry;
++ active_list[type] = entry;
++ }
++ }
++
++ return (entry->refcnt);
++ }
++
++/*
++ * Remove active list entry from the list and free it.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++void
++pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
++ {
++ PK11_active *prev_entry;
++
++ /* remove the entry from the list and free it */
++ if ((prev_entry = entry->prev) != NULL)
++ {
++ prev_entry->next = entry->next;
++ if (entry->next != NULL)
++ entry->next->prev = prev_entry;
++ }
++ else
++ {
++ active_list[type] = entry->next;
++ /* we were the first but not the only one */
++ if (entry->next != NULL)
++ entry->next->prev = NULL;
++ }
++
++ /* sanitization */
++ entry->h = CK_INVALID_HANDLE;
++ entry->prev = NULL;
++ entry->next = NULL;
++ OPENSSL_free(entry);
++ }
++
++/* Free all entries from the active list. */
++void
++pk11_free_active_list(PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ /* only for asymmetric types since only they have C_Find* locks. */
++ switch (type)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ break;
++ default:
++ return;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(type);
++ while ((entry = active_list[type]) != NULL)
++ pk11_active_remove(entry, type);
++ UNLOCK_OBJSTORE(type);
++ }
++
++/*
++ * Search for active list entry associated with given PKCS#11 object handle,
++ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
++ *
++ * Return 1 if the PKCS#11 object associated with the entry has no references,
++ * return 0 if there is at least one reference, -1 on error.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if ((entry = pk11_active_find(h, type)) == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ OPENSSL_assert(entry->refcnt > 0);
++ entry->refcnt--;
++ if (entry->refcnt == 0)
++ {
++ pk11_active_remove(entry, type);
++ return (1);
++ }
++
++ return (0);
++ }
++
++#ifndef OPENSSL_NO_RSA
++/* Our internal RSA_METHOD that we provide pointers to */
++static RSA_METHOD pk11_rsa =
++ {
++ "PKCS#11 RSA method",
++ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
++ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
++ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
++ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
++ NULL, /* rsa_mod_exp */
++ NULL, /* bn_mod_exp */
++ pk11_RSA_init, /* init */
++ pk11_RSA_finish, /* finish */
++ RSA_FLAG_SIGN_VER, /* flags */
++ NULL, /* app_data */
++ pk11_RSA_sign, /* rsa_sign */
++ pk11_RSA_verify /* rsa_verify */
++ };
++
++RSA_METHOD *
++PK11_RSA(void)
++ {
++ return (&pk11_rsa);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DSA
++/* Our internal DSA_METHOD that we provide pointers to */
++static DSA_METHOD pk11_dsa =
++ {
++ "PKCS#11 DSA method",
++ pk11_dsa_do_sign, /* dsa_do_sign */
++ NULL, /* dsa_sign_setup */
++ pk11_dsa_do_verify, /* dsa_do_verify */
++ NULL, /* dsa_mod_exp */
++ NULL, /* bn_mod_exp */
++ pk11_DSA_init, /* init */
++ pk11_DSA_finish, /* finish */
++ 0, /* flags */
++ NULL /* app_data */
++ };
++
++DSA_METHOD *
++PK11_DSA(void)
++ {
++ return (&pk11_dsa);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DH
++/*
++ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
++ * output buffer may somewhat exceed the precise number of bytes needed, but
++ * should not exceed it by a large amount. That may be caused, for example, by
++ * rounding it up to multiple of X in the underlying bignum library. 8 should be
++ * enough.
++ */
++#define DH_BUF_RESERVE 8
++
++/* Our internal DH_METHOD that we provide pointers to */
++static DH_METHOD pk11_dh =
++ {
++ "PKCS#11 DH method",
++ pk11_DH_generate_key, /* generate_key */
++ pk11_DH_compute_key, /* compute_key */
++ NULL, /* bn_mod_exp */
++ pk11_DH_init, /* init */
++ pk11_DH_finish, /* finish */
++ 0, /* flags */
++ NULL, /* app_data */
++ NULL /* generate_params */
++ };
++
++DH_METHOD *
++PK11_DH(void)
++ {
++ return (&pk11_dh);
++ }
++#endif
++
++/* Size of an SSL signature: MD5+SHA1 */
++#define SSL_SIG_LENGTH 36
++
++/* Lengths of DSA data and signature */
++#define DSA_DATA_LEN 20
++#define DSA_SIGNATURE_LEN 40
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++
++#ifndef OPENSSL_NO_RSA
++/*
++ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
++ * support all paddings in this engine although PK11 library does not
++ * support all the paddings used in OpenSSL.
++ * The input errors should have been checked in the padding functions.
++ */
++static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ int i, num = 0, r = -1;
++ unsigned char *buf = NULL;
++
++ num = BN_num_bytes(rsa->n);
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
++ break;
++#ifndef OPENSSL_NO_SHA
++ case RSA_PKCS1_OAEP_PADDING:
++ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
++ break;
++#endif
++ case RSA_SSLV23_PADDING:
++ i = RSA_padding_add_SSLv23(buf, num, from, flen);
++ break;
++ case RSA_NO_PADDING:
++ i = RSA_padding_add_none(buf, num, from, flen);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (i <= 0) goto err;
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
++err:
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++
++/*
++ * Similar to Openssl to take advantage of the paddings. The input errors
++ * should be catched in the padding functions
++ */
++static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ int i, num = 0, r = -1;
++ unsigned char *buf = NULL;
++
++ num = BN_num_bytes(rsa->n);
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
++ break;
++ case RSA_NO_PADDING:
++ i = RSA_padding_add_none(buf, num, from, flen);
++ break;
++ case RSA_SSLV23_PADDING:
++ default:
++ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (i <= 0) goto err;
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
++err:
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/* Similar to OpenSSL code. Input errors are also checked here */
++static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ BIGNUM f;
++ int j, num = 0, r = -1;
++ unsigned char *p;
++ unsigned char *buf = NULL;
++
++ BN_init(&f);
++
++ num = BN_num_bytes(rsa->n);
++
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * This check was for equality but PGP does evil things
++ * and chops off the top '0' bytes
++ */
++ if (flen > num)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC,
++ PK11_R_DATA_GREATER_THAN_MOD_LEN);
++ goto err;
++ }
++
++ /* make data into a big number */
++ if (BN_bin2bn(from, (int)flen, &f) == NULL)
++ goto err;
++
++ if (BN_ucmp(&f, rsa->n) >= 0)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC,
++ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
++ goto err;
++ }
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
++
++ /*
++ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
++ * Needs to skip these 0's paddings here.
++ */
++ for (j = 0; j < r; j++)
++ if (buf[j] != 0)
++ break;
++
++ p = buf + j;
++ j = r - j; /* j is only used with no-padding mode */
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
++ break;
++#ifndef OPENSSL_NO_SHA
++ case RSA_PKCS1_OAEP_PADDING:
++ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
++ break;
++#endif
++ case RSA_SSLV23_PADDING:
++ r = RSA_padding_check_SSLv23(to, num, p, j, num);
++ break;
++ case RSA_NO_PADDING:
++ r = RSA_padding_check_none(to, num, p, j, num);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (r < 0)
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
++
++err:
++ BN_clear_free(&f);
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/* Similar to OpenSSL code. Input errors are also checked here */
++static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ BIGNUM f;
++ int i, num = 0, r = -1;
++ unsigned char *p;
++ unsigned char *buf = NULL;
++
++ BN_init(&f);
++ num = BN_num_bytes(rsa->n);
++ buf = (unsigned char *)OPENSSL_malloc(num);
++ if (buf == NULL)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * This check was for equality but PGP does evil things
++ * and chops off the top '0' bytes
++ */
++ if (flen > num)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
++ goto err;
++ }
++
++ if (BN_bin2bn(from, flen, &f) == NULL)
++ goto err;
++
++ if (BN_ucmp(&f, rsa->n) >= 0)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC,
++ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
++ goto err;
++ }
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
++
++ /*
++ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
++ * Needs to skip these 0's here
++ */
++ for (i = 0; i < r; i++)
++ if (buf[i] != 0)
++ break;
++
++ p = buf + i;
++ i = r - i; /* i is only used with no-padding mode */
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
++ break;
++ case RSA_NO_PADDING:
++ r = RSA_padding_check_none(to, num, p, i, num);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (r < 0)
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
++
++err:
++ BN_clear_free(&f);
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/*
++ * This function implements RSA public encryption using C_EncryptInit and
++ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_public_encrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_encrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
++ PK11_R_ENCRYPTINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Encrypt(sp->session,
++ (unsigned char *)from, flen, to, &bytes_encrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
++ PK11_R_ENCRYPT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_encrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA private encryption using C_SignInit and
++ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_private_encrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG ul_sig_len = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ {
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ }
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech,
++ h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
++ PK11_R_SIGNINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Sign(sp->session,
++ (unsigned char *)from, flen, to, &ul_sig_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
++ rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ retval = ul_sig_len;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA private decryption using C_DecryptInit and
++ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_private_decrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_decrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
++ h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
++ PK11_R_DECRYPTINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Decrypt(sp->session,
++ (unsigned char *)from, flen, to, &bytes_decrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
++ PK11_R_DECRYPT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_decrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA public decryption using C_VerifyRecoverInit
++ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_public_decrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_decrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyRecoverInit(sp->session,
++ p_mech, h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
++ PK11_R_VERIFYRECOVERINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_VerifyRecover(sp->session,
++ (unsigned char *)from, flen, to, &bytes_decrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
++ PK11_R_VERIFYRECOVER, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_decrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++static int pk11_RSA_init(RSA *rsa)
++ {
++ /*
++ * This flag in the RSA_METHOD enables the new rsa_sign,
++ * rsa_verify functions. See rsa.h for details.
++ */
++ rsa->flags |= RSA_FLAG_SIGN_VER;
++
++ return (1);
++ }
++
++static int pk11_RSA_finish(RSA *rsa)
++ {
++ /*
++ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
++ * to do the same as in the original function, i.e. to free bignum
++ * structures.
++ */
++ if (rsa->_method_mod_n != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_n);
++ if (rsa->_method_mod_p != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_p);
++ if (rsa->_method_mod_q != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_q);
++
++ return (1);
++ }
++
++/*
++ * Standard engine interface function. Majority codes here are from
++ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
++ * See more details in rsa/rsa_sign.c
++ */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++ unsigned long ulsiglen;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key((RSA *)rsa,
++ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
++ sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto err;
++ }
++
++ ulsiglen = j;
++ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
++ (CK_ULONG_PTR) &ulsiglen);
++ *siglen = ulsiglen;
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_RSA_verify(int type, const unsigned char *m,
++ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa)
++#else
++static int pk11_RSA_verify(int type, const unsigned char *m,
++ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa)
++#endif
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
++ rv);
++ goto err;
++ }
++ rv = pFuncList->C_Verify(sp->session, s, i,
++ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++static int hndidx_rsa = -1;
++
++#define MAXATTR 1024
++
++/*
++ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *privkey;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BBOOL rollback = FALSE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for private keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize the OpenSSL RSA
++ * structure with something we can use to look up the key. Note that we
++ * never ask for private components.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(privkey_file, "pkcs11:") == privkey_file)
++ {
++ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_TRUE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ if (hndidx_rsa == -1)
++ hndidx_rsa = RSA_get_ex_new_index(0,
++ "pkcs11 RSA HSM key handle",
++ NULL, NULL, NULL);
++
++ /*
++ * We might have a cache hit which we could confirm
++ * according to the 'n'/'e' params, RSA public pointer
++ * as NULL, and non-NULL RSA private pointer. However,
++ * it is easier just to recreate everything. We expect
++ * the keys to be loaded once and used many times. We
++ * do not check the return value because even in case
++ * of failure the sp structure will have both key
++ * pointer and object handle cleaned and
++ * pk11_destroy_object() reports the failure to the
++ * OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, FALSE);
++
++ sp->opdata_rsa_priv_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->priv_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA private structure pointer. We do not
++ * use it now for key-by-ref keys but let's do it for
++ * consistency reasons.
++ */
++ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
++ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ /*
++ * We do not use pk11_get_private_rsa_key() here so we
++ * must take care of handle management ourselves.
++ */
++ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, TRUE, rollback, err);
++
++ /*
++ * Those are the sensitive components we do not want to export
++ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
++ */
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++ /*
++ * Must have 'n'/'e' components in the session structure as
++ * well. They serve as a public look-up key for the private key
++ * in the keystore.
++ */
++ attr_to_BN(&get_templ[0], attr_data[0],
++ &sp->opdata_rsa_pn_num);
++ attr_to_BN(&get_templ[1], attr_data[1],
++ &sp->opdata_rsa_pe_num);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++ }
++ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
++ (void) fclose(privkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_priv(sp, rsa);
++ sp->priv_persistent = CK_FALSE;
++
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa,
++ &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ if (h_priv_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ rollback = rollback;
++ return (pkey);
++ }
++
++/*
++ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *pubkey;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for public keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize OpenSSL RSA
++ * structure with something we can use to look up the key.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
++ {
++ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_FALSE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * We load a new public key so we will create a new RSA
++ * structure. No cache hit is possible.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, FALSE);
++
++ sp->opdata_rsa_pub_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->pub_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA public structure pointer.
++ */
++ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER;
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PUBKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++
++ /*
++ * Create a session object from it so that when calling
++ * pk11_get_public_rsa_key() the next time, we can find it. The
++ * reason why we do that is that we cannot tell from the RSA
++ * structure (OpenSSL RSA structure does not have any room for
++ * additional data used by the engine, for example) if it bears
++ * a public key stored in the keystore or not so it's better if
++ * we always have a session key. Note that this is different
++ * from what we do for the private keystore objects but in that
++ * case, we can tell from the RSA structure that the keystore
++ * object is in play - the 'd' component is NULL in that case.
++ */
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
++ (void) fclose(pubkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_pub(sp, rsa);
++ sp->pub_persistent = CK_FALSE;
++
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ return (pkey);
++ }
++
++/*
++ * Create a public key object in a session from a given rsa structure.
++ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
++ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY_RECOVER, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
++ };
++
++ int i;
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
++ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[6].ulValueLen);
++ if (a_key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->n, a_key_template[6].pValue);
++
++ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
++ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[7].ulValueLen);
++ if (a_key_template[7].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->e, a_key_template[7].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (rsa_n_num != NULL)
++ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ if (rsa_e_num != NULL)
++ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ BN_free(*rsa_n_num);
++ *rsa_n_num = NULL;
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ for (i = 6; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given rsa structure.
++ * The *rsa_d_num pointer is non-NULL for RSA private keys.
++ */
++static CK_OBJECT_HANDLE
++pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ int i;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 14;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIME_1, (void *)NULL, 0},
++ {CKA_PRIME_2, (void *)NULL, 0},
++ {CKA_EXPONENT_1, (void *)NULL, 0},
++ {CKA_EXPONENT_2, (void *)NULL, 0},
++ {CKA_COEFFICIENT, (void *)NULL, 0},
++ };
++
++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
++ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
++ LOCK_OBJSTORE(OP_RSA);
++ goto set;
++ }
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(rsa->n, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(rsa->e, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(rsa->d, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0 ||
++ init_template_value(rsa->p, &a_key_template[9].pValue,
++ &a_key_template[9].ulValueLen) == 0 ||
++ init_template_value(rsa->q, &a_key_template[10].pValue,
++ &a_key_template[10].ulValueLen) == 0 ||
++ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
++ &a_key_template[11].ulValueLen) == 0 ||
++ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
++ &a_key_template[12].ulValueLen) == 0 ||
++ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
++ &a_key_template[13].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * We are getting the private key but the private 'd'
++ * component is NULL. That means this is key by reference RSA
++ * key. In that case, we can use only public components for
++ * searching for the private key handle.
++ */
++ if (rsa->d == NULL)
++ {
++ ul_key_attr_count = 8;
++ /*
++ * We will perform the search in the token, not in the existing
++ * session keys.
++ */
++ a_key_template[2].pValue = &mytrue;
++ }
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ /*
++ * We have an RSA structure with 'n'/'e' components
++ * only so we tried to find the private key in the
++ * keystore. If it was really a token key we have a
++ * problem. Note that for other key types we just
++ * create a new session key using the private
++ * components from the RSA structure.
++ */
++ if (rsa->d == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_PRIV_KEY_NOT_FOUND);
++ goto err;
++ }
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++set:
++ if (rsa_d_num != NULL)
++ {
++ /*
++ * When RSA keys by reference code is used, we never
++ * extract private components from the keystore. In
++ * that case 'd' was set to NULL and we expect the
++ * application to properly cope with that. It is
++ * documented in openssl(5). In general, if keys by
++ * reference are used we expect it to be used
++ * exclusively using the high level API and then there
++ * is no problem. If the application expects the
++ * private components to be read from the keystore
++ * then that is not a supported way of usage.
++ */
++ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ else
++ *rsa_d_num = NULL;
++ }
++
++ /*
++ * For the key by reference code, we need public components as well
++ * since 'd' component is always NULL. For that reason, we always cache
++ * 'n'/'e' components as well.
++ */
++ *rsa_n_num = BN_dup(rsa->n);
++ *rsa_e_num = BN_dup(rsa->e);
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0 &&
++ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ /*
++ * 6 to 13 entries in the key template are key components.
++ * They need to be freed upon exit or error.
++ */
++ for (i = 6; i <= 13; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making the
++ * check for cache hit stronger. Only public components of RSA
++ * key matter here so it is sufficient to compare them with values
++ * cached in PK11_SESSION structure.
++ *
++ * We must check the handle as well since with key by reference, public
++ * components 'n'/'e' are cached in private keys as well. That means we
++ * could have a cache hit in a private key when looking for a public
++ * key. That would not work, you cannot have one PKCS#11 object for
++ * both data signing and verifying.
++ */
++ if ((sp->opdata_rsa_pub != rsa) ||
++ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making
++ * the check for cache hit stronger. Comparing public exponent
++ * of RSA key with value cached in PK11_SESSION structure
++ * should be sufficient. Note that we want to compare the
++ * public component since with the keys by reference
++ * mechanism, private components are not in the RSA
++ * structure. Also, see check_new_rsa_key_pub() about why we
++ * compare the handle as well.
++ */
++ if ((sp->opdata_rsa_priv != rsa) ||
++ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_pn_num == NULL) ||
++ (sp->opdata_rsa_pe_num == NULL) ||
++ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DSA
++/* The DSA function implementation */
++/* ARGSUSED */
++static int pk11_DSA_init(DSA *dsa)
++ {
++ return (1);
++ }
++
++/* ARGSUSED */
++static int pk11_DSA_finish(DSA *dsa)
++ {
++ return (1);
++ }
++
++
++static DSA_SIG *
++pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
++ {
++ BIGNUM *r = NULL, *s = NULL;
++ int i;
++ DSA_SIG *dsa_sig = NULL;
++
++ CK_RV rv;
++ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
++ CK_MECHANISM *p_mech = &Mechanism_dsa;
++ CK_OBJECT_HANDLE h_priv_key;
++
++ /*
++ * The signature is the concatenation of r and s,
++ * each is 20 bytes long
++ */
++ unsigned char sigret[DSA_SIGNATURE_LEN];
++ unsigned long siglen = DSA_SIGNATURE_LEN;
++ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
++
++ PK11_SESSION *sp = NULL;
++
++ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
++ goto ret;
++ }
++
++ i = BN_num_bytes(dsa->q); /* should be 20 */
++ if (dlen > i)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
++ goto ret;
++ }
++
++ if ((sp = pk11_get_session(OP_DSA)) == NULL)
++ goto ret;
++
++ (void) check_new_dsa_key_priv(sp, dsa);
++
++ h_priv_key = sp->opdata_dsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_dsa_priv_key =
++ pk11_get_private_dsa_key((DSA *)dsa,
++ &sp->opdata_dsa_priv,
++ &sp->opdata_dsa_priv_num, sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto ret;
++ }
++
++ (void) memset(sigret, 0, siglen);
++ rv = pFuncList->C_Sign(sp->session,
++ (unsigned char*) dgst, dlen, sigret,
++ (CK_ULONG_PTR) &siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
++ goto ret;
++ }
++ }
++
++
++ if ((s = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if ((r = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if ((dsa_sig = DSA_SIG_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
++ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ dsa_sig->r = r;
++ dsa_sig->s = s;
++
++ret:
++ if (dsa_sig == NULL)
++ {
++ if (r != NULL)
++ BN_free(r);
++ if (s != NULL)
++ BN_free(s);
++ }
++
++ pk11_return_session(sp, OP_DSA);
++ return (dsa_sig);
++ }
++
++static int
++pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
++ DSA *dsa)
++ {
++ int i;
++ CK_RV rv;
++ int retval = 0;
++ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
++ CK_MECHANISM *p_mech = &Mechanism_dsa;
++ CK_OBJECT_HANDLE h_pub_key;
++
++ unsigned char sigbuf[DSA_SIGNATURE_LEN];
++ unsigned long siglen = DSA_SIGNATURE_LEN;
++ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
++
++ PK11_SESSION *sp = NULL;
++
++ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_DSA_SIGNATURE_R);
++ goto ret;
++ }
++
++ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_DSA_SIGNATURE_S);
++ goto ret;
++ }
++
++ i = BN_num_bytes(dsa->q); /* should be 20 */
++
++ if (dlen > i)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_SIGNATURE_LENGTH);
++ goto ret;
++ }
++
++ if ((sp = pk11_get_session(OP_DSA)) == NULL)
++ goto ret;
++
++ (void) check_new_dsa_key_pub(sp, dsa);
++
++ h_pub_key = sp->opdata_dsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_dsa_pub_key =
++ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
++ &sp->opdata_dsa_pub_num, sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
++ rv);
++ goto ret;
++ }
++
++ /*
++ * The representation of each of the two big numbers could
++ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
++ * to act accordingly and shift if necessary.
++ */
++ (void) memset(sigbuf, 0, siglen);
++ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
++ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
++ BN_num_bytes(sig->s));
++
++ rv = pFuncList->C_Verify(sp->session,
++ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
++ goto ret;
++ }
++ }
++
++ retval = 1;
++ret:
++
++ pk11_return_session(sp, OP_DSA);
++ return (retval);
++ }
++
++
++/*
++ * Create a public key object in a session from a given dsa structure.
++ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
++ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_KEY_TYPE k_type = CKK_DSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++ int i;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_PRIME, (void *)NULL, 0}, /* p */
++ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
++ {CKA_BASE, (void *)NULL, 0}, /* g */
++ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
++ };
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ if (init_template_value(dsa->p, &a_key_template[4].pValue,
++ &a_key_template[4].ulValueLen) == 0 ||
++ init_template_value(dsa->q, &a_key_template[5].pValue,
++ &a_key_template[5].ulValueLen) == 0 ||
++ init_template_value(dsa->g, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DSA);
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (dsa_pub_num != NULL)
++ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DSA);
++
++malloc_err:
++ for (i = 4; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given dsa structure
++ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
++ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ int i;
++ CK_ULONG found;
++ CK_KEY_TYPE k_type = CKK_DSA;
++ CK_ULONG ul_key_attr_count = 9;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_PRIME, (void *)NULL, 0}, /* p */
++ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
++ {CKA_BASE, (void *)NULL, 0}, /* g */
++ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
++ };
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(dsa->p, &a_key_template[5].pValue,
++ &a_key_template[5].ulValueLen) == 0 ||
++ init_template_value(dsa->q, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(dsa->g, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DSA);
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (dsa_priv_num != NULL)
++ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DSA);
++
++malloc_err:
++ /*
++ * 5 to 8 entries in the key template are key components.
++ * They need to be freed apon exit or error.
++ */
++ for (i = 5; i <= 8; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
++ {
++ /*
++ * Provide protection against DSA structure reuse by making the
++ * check for cache hit stronger. Only public key component of DSA
++ * key matters here so it is sufficient to compare it with value
++ * cached in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dsa_pub != dsa) ||
++ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
++ {
++ /*
++ * Provide protection against DSA structure reuse by making the
++ * check for cache hit stronger. Only private key component of DSA
++ * key matters here so it is sufficient to compare it with value
++ * cached in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dsa_priv != dsa) ||
++ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++
++#ifndef OPENSSL_NO_DH
++/* The DH function implementation */
++/* ARGSUSED */
++static int pk11_DH_init(DH *dh)
++ {
++ return (1);
++ }
++
++/* ARGSUSED */
++static int pk11_DH_finish(DH *dh)
++ {
++ return (1);
++ }
++
++/*
++ * Generate DH key-pair.
++ *
++ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
++ * and override it even if it is set. OpenSSL does not touch dh->priv_key
++ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
++ * is not capable of providing this functionality. This could be a problem
++ * for applications relying on OpenSSL's semantics.
++ */
++static int pk11_DH_generate_key(DH *dh)
++ {
++ CK_ULONG i;
++ CK_RV rv, rv1;
++ int reuse_mem_len = 0, ret = 0;
++ PK11_SESSION *sp = NULL;
++ CK_BYTE_PTR reuse_mem;
++
++ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++
++ CK_ULONG ul_pub_key_attr_count = 3;
++ CK_ATTRIBUTE pub_key_template[] =
++ {
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_PRIME, (void *)NULL, 0},
++ {CKA_BASE, (void *)NULL, 0}
++ };
++
++ CK_ULONG ul_priv_key_attr_count = 3;
++ CK_ATTRIBUTE priv_key_template[] =
++ {
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DERIVE, &mytrue, sizeof (mytrue)}
++ };
++
++ CK_ULONG pub_key_attr_result_count = 1;
++ CK_ATTRIBUTE pub_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ CK_ULONG priv_key_attr_result_count = 1;
++ CK_ATTRIBUTE priv_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
++ if (pub_key_template[1].ulValueLen > 0)
++ {
++ /*
++ * We must not increase ulValueLen by DH_BUF_RESERVE since that
++ * could cause the same rounding problem. See definition of
++ * DH_BUF_RESERVE above.
++ */
++ pub_key_template[1].pValue =
++ OPENSSL_malloc(pub_key_template[1].ulValueLen +
++ DH_BUF_RESERVE);
++ if (pub_key_template[1].pValue == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
++ }
++ else
++ goto err;
++
++ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
++ if (pub_key_template[2].ulValueLen > 0)
++ {
++ pub_key_template[2].pValue =
++ OPENSSL_malloc(pub_key_template[2].ulValueLen +
++ DH_BUF_RESERVE);
++ if (pub_key_template[2].pValue == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
++ }
++ else
++ goto err;
++
++ /*
++ * Note: we are only using PK11_SESSION structure for getting
++ * a session handle. The objects created in this function are
++ * destroyed before return and thus not cached.
++ */
++ if ((sp = pk11_get_session(OP_DH)) == NULL)
++ goto err;
++
++ rv = pFuncList->C_GenerateKeyPair(sp->session,
++ &mechanism,
++ pub_key_template,
++ ul_pub_key_attr_count,
++ priv_key_template,
++ ul_priv_key_attr_count,
++ &h_pub_key,
++ &h_priv_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
++ goto err;
++ }
++
++ /*
++ * Reuse the larger memory allocated. We know the larger memory
++ * should be sufficient for reuse.
++ */
++ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
++ {
++ reuse_mem = pub_key_template[1].pValue;
++ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
++ }
++ else
++ {
++ reuse_mem = pub_key_template[2].pValue;
++ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
++ pub_key_result, pub_key_attr_result_count);
++ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK || rv1 != CKR_OK)
++ {
++ rv = (rv != CKR_OK) ? rv : rv1;
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
++ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
++ goto err;
++ }
++
++ /* Reuse the memory allocated */
++ pub_key_result[0].pValue = reuse_mem;
++ pub_key_result[0].ulValueLen = reuse_mem_len;
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
++ pub_key_result, pub_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (pub_key_result[0].type == CKA_VALUE)
++ {
++ if (dh->pub_key == NULL)
++ if ((dh->pub_key = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
++ pub_key_result[0].ulValueLen, dh->pub_key);
++ if (dh->pub_key == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ }
++
++ /* Reuse the memory allocated */
++ priv_key_result[0].pValue = reuse_mem;
++ priv_key_result[0].ulValueLen = reuse_mem_len;
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (priv_key_result[0].type == CKA_VALUE)
++ {
++ if (dh->priv_key == NULL)
++ if ((dh->priv_key = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
++ priv_key_result[0].ulValueLen, dh->priv_key);
++ if (dh->priv_key == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ }
++
++ ret = 1;
++
++err:
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++
++ for (i = 1; i <= 2; i++)
++ {
++ if (pub_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(pub_key_template[i].pValue);
++ pub_key_template[i].pValue = NULL;
++ }
++ }
++
++ pk11_return_session(sp, OP_DH);
++ return (ret);
++ }
++
++static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
++ DH *dh)
++ {
++ unsigned int i;
++ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
++ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
++ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
++ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++
++ CK_ULONG seclen;
++ CK_ULONG ul_priv_key_attr_count = 3;
++ CK_ATTRIBUTE priv_key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
++ {CKA_VALUE_LEN, &seclen, sizeof (seclen)},
++ };
++
++ CK_ULONG priv_key_attr_result_count = 1;
++ CK_ATTRIBUTE priv_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ CK_RV rv;
++ int ret = -1;
++ PK11_SESSION *sp = NULL;
++
++ if (dh->priv_key == NULL)
++ goto err;
++
++ priv_key_template[0].pValue = &key_class;
++ priv_key_template[1].pValue = &key_type;
++ seclen = BN_num_bytes(dh->p);
++
++ if ((sp = pk11_get_session(OP_DH)) == NULL)
++ goto err;
++
++ mechanism.ulParameterLen = BN_num_bytes(pub_key);
++ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
++ if (mechanism.pParameter == NULL)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ BN_bn2bin(pub_key, mechanism.pParameter);
++
++ (void) check_new_dh_key(sp, dh);
++
++ h_key = sp->opdata_dh_key;
++ if (h_key == CK_INVALID_HANDLE)
++ h_key = sp->opdata_dh_key =
++ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
++ &sp->opdata_dh_priv_num, sp->session);
++
++ if (h_key == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
++ goto err;
++ }
++
++ rv = pFuncList->C_DeriveKey(sp->session,
++ &mechanism,
++ h_key,
++ priv_key_template,
++ ul_priv_key_attr_count,
++ &h_derived_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
++ rv);
++ goto err;
++ }
++
++ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
++ goto err;
++ }
++ priv_key_result[0].pValue =
++ OPENSSL_malloc(priv_key_result[0].ulValueLen);
++ if (!priv_key_result[0].pValue)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
++ rv);
++ goto err;
++ }
++
++ /*
++ * OpenSSL allocates the output buffer 'key' which is the same
++ * length of the public key. It is long enough for the derived key
++ */
++ if (priv_key_result[0].type == CKA_VALUE)
++ {
++ /*
++ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
++ * leading zeros from a computed shared secret. However,
++ * OpenSSL always did it so we must do the same here. The
++ * vagueness of the spec regarding leading zero bytes was
++ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
++ * zeros are stripped before the computed data is used as the
++ * pre-master secret.
++ */
++ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
++ {
++ if (((char *)priv_key_result[0].pValue)[i] != 0)
++ break;
++ }
++
++ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
++ priv_key_result[0].ulValueLen - i);
++ ret = priv_key_result[0].ulValueLen - i;
++ }
++
++err:
++
++ if (h_derived_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++ if (priv_key_result[0].pValue)
++ {
++ OPENSSL_free(priv_key_result[0].pValue);
++ priv_key_result[0].pValue = NULL;
++ }
++
++ if (mechanism.pParameter)
++ {
++ OPENSSL_free(mechanism.pParameter);
++ mechanism.pParameter = NULL;
++ }
++
++ pk11_return_session(sp, OP_DH);
++ return (ret);
++ }
++
++
++static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
++ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE key_type = CKK_DH;
++ CK_ULONG found;
++ CK_BBOOL rollback = FALSE;
++ int i;
++
++ CK_ULONG ul_key_attr_count = 7;
++ CK_ATTRIBUTE key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (class)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
++ {CKA_DERIVE, &mytrue, sizeof (mytrue)},
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_PRIME, (void *) NULL, 0},
++ {CKA_BASE, (void *) NULL, 0},
++ {CKA_VALUE, (void *) NULL, 0},
++ };
++
++ key_template[0].pValue = &class;
++ key_template[1].pValue = &key_type;
++
++ key_template[4].ulValueLen = BN_num_bytes(dh->p);
++ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[4].ulValueLen);
++ if (key_template[4].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->p, key_template[4].pValue);
++
++ key_template[5].ulValueLen = BN_num_bytes(dh->g);
++ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[5].ulValueLen);
++ if (key_template[5].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->g, key_template[5].pValue);
++
++ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
++ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[6].ulValueLen);
++ if (key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->priv_key, key_template[6].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DH);
++ rv = pFuncList->C_FindObjectsInit(session, key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
++ rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
++ rv);
++ goto err;
++ }
++ }
++
++ if (dh_priv_num != NULL)
++ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dh;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DH);
++
++malloc_err:
++ for (i = 4; i <= 6; i++)
++ {
++ if (key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(key_template[i].pValue);
++ key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ *
++ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
++ * to CK_INVALID_HANDLE even when it fails to destroy the object.
++ */
++static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
++ {
++ /*
++ * Provide protection against DH structure reuse by making the
++ * check for cache hit stronger. Private key component of DH key
++ * is unique so it is sufficient to compare it with value cached
++ * in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dh != dh) ||
++ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dh_object(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++/*
++ * Local function to simplify key template population
++ * Return 0 -- error, 1 -- no error
++ */
++static int
++init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
++ CK_ULONG *ul_value_len)
++ {
++ CK_ULONG len = 0;
++
++ /*
++ * This function can be used on non-initialized BIGNUMs. It is
++ * easier to check that here than individually in the callers.
++ */
++ if (bn != NULL)
++ len = BN_num_bytes(bn);
++
++ if (bn == NULL || len == 0)
++ return (1);
++
++ *ul_value_len = len;
++ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
++ if (*p_value == NULL)
++ return (0);
++
++ BN_bn2bin(bn, *p_value);
++
++ return (1);
++ }
++
++static void
++attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
++ {
++ if (attr->ulValueLen > 0)
++ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
++ }
++
++/*
++ * Find one object in the token. It is an error if we can not find the
++ * object or if we find more objects based on the template we got.
++ * Assume object store locked.
++ *
++ * Returns:
++ * 1 OK
++ * 0 no object or more than 1 object found
++ */
++static int
++find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
++ {
++ CK_RV rv;
++ CK_ULONG objcnt;
++
++ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_FINDOBJECTSINIT, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(s);
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
++ rv);
++ return (0);
++ }
++
++ (void) pFuncList->C_FindObjectsFinal(s);
++
++ if (objcnt > 1)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
++ return (0);
++ }
++ else if (objcnt == 0)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
++ return (0);
++ }
++ return (1);
++ }
++
++/* from uri stuff */
++
++extern char *pk11_pin;
++
++static int pk11_get_pin(void);
++
++static int
++pk11_get_pin(void)
++{
++ char *pin;
++
++ /* The getpassphrase() function is not MT safe. */
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ pin = getpassphrase("Enter PIN: ");
++ if (pin == NULL)
++ {
++ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ pk11_pin = BUF_strdup(pin);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ memset(pin, 0, strlen(pin));
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (1);
++ }
++
++/*
++ * Log in to the keystore if we are supposed to do that at all. Take care of
++ * reading and caching the PIN etc. Log in only once even when called from
++ * multiple threads.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++static int
++pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private)
++ {
++ CK_RV rv;
++
++#if 0
++ /* doesn't work on the AEP Keyper??? */
++ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_NOT_INITIALIZED);
++ return (0);
++ }
++#endif
++
++ /*
++ * If login is required or needed but the PIN has not been
++ * even initialized we can bail out right now. Note that we
++ * are supposed to always log in if we are going to access
++ * private keys. However, we may need to log in even for
++ * accessing public keys in case that the CKF_LOGIN_REQUIRED
++ * flag is set.
++ */
++ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE)) &&
++ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
++ return (0);
++ }
++
++ /*
++ * Note on locking: it is possible that more than one thread
++ * gets into pk11_get_pin() so we must deal with that. We
++ * cannot avoid it since we cannot guard fork() in there with
++ * a lock because we could end up in a dead lock in the
++ * child. Why? Remember we are in a multithreaded environment
++ * so we must lock all mutexes in the prefork function to
++ * avoid a situation in which a thread that did not call
++ * fork() held a lock, making future unlocking impossible. We
++ * lock right before C_Login().
++ */
++ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE))
++ {
++ if (*login_done == CK_FALSE)
++ {
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_PIN_NOT_PROVIDED);
++ return (0);
++ }
++ }
++
++ /*
++ * Note that what we are logging into is the keystore from
++ * pubkey_SLOTID because we work with OP_RSA session type here.
++ * That also means that we can work with only one keystore in
++ * the engine.
++ *
++ * We must make sure we do not try to login more than once.
++ * Also, see the comment above on locking strategy.
++ */
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if (*login_done == CK_FALSE)
++ {
++ if ((rv = pFuncList->C_Login(session,
++ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
++ strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++ goto err_locked;
++ }
++
++ *login_done = CK_TRUE;
++
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++ else
++ {
++ /*
++ * If token does not require login we take it as the
++ * login was done.
++ */
++ *login_done = CK_TRUE;
++ }
++
++ return (1);
++
++err_locked:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++
++/*
++ * Log in to the keystore in the child if we were logged in in the
++ * parent. There are similarities in the code with pk11_token_login()
++ * but still it is quite different so we need a separate function for
++ * this.
++ *
++ * Note that this function is called under the locked session mutex when fork is
++ * detected. That means that C_Login() will be called from the child just once.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++int
++pk11_token_relogin(CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ return (0);
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if ((rv = pFuncList->C_Login(session, CKU_USER,
++ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (1);
++ }
++
++#ifdef OPENSSL_SYS_WIN32
++char *getpassphrase(const char *prompt)
++ {
++ static char buf[128];
++ HANDLE h;
++ DWORD cc, mode;
++ int cnt;
++
++ h = GetStdHandle(STD_INPUT_HANDLE);
++ fputs(prompt, stderr);
++ fflush(stderr);
++ fflush(stdout);
++ FlushConsoleInputBuffer(h);
++ GetConsoleMode(h, &mode);
++ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
++
++ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
++ {
++ ReadFile(h, buf + cnt, 1, &cc, NULL);
++ if (buf[cnt] == '\r')
++ break;
++ fputc('*', stdout);
++ fflush(stderr);
++ fflush(stdout);
++ }
++
++ SetConsoleMode(h, mode);
++ buf[cnt] = '\0';
++ fputs("\n", stderr);
++ return buf;
++ }
++#endif /* OPENSSL_SYS_WIN32 */
++#endif /* OPENSSL_NO_HW_PK11CA */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11ca.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.2.4.2
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:32 2011
+@@ -0,0 +1,32 @@
++/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
++
++#define token_lock pk11ca_token_lock
++#define find_lock pk11ca_find_lock
++#define active_list pk11ca_active_list
++#define pubkey_token_flags pk11ca_pubkey_token_flags
++#define pubkey_SLOTID pk11ca_pubkey_SLOTID
++#define ERR_pk11_error ERR_pk11ca_error
++#define PK11err_add_data PK11CAerr_add_data
++#define pk11_get_session pk11ca_get_session
++#define pk11_return_session pk11ca_return_session
++#define pk11_active_add pk11ca_active_add
++#define pk11_active_delete pk11ca_active_delete
++#define pk11_active_remove pk11ca_active_remove
++#define pk11_free_active_list pk11ca_free_active_list
++#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
++#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
++#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
++#define pk11_load_privkey pk11ca_load_privkey
++#define pk11_load_pubkey pk11ca_load_pubkey
++#define PK11_RSA PK11CA_RSA
++#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
++#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
++#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
++#define PK11_DSA PK11CA_DSA
++#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
++#define pk11_destroy_dh_object pk11ca_destroy_dh_object
++#define PK11_DH PK11CA_DH
++#define pk11_token_relogin pk11ca_token_relogin
++#define pFuncList pk11ca_pFuncList
++#define pk11_pin pk11ca_pin
++#define ENGINE_load_pk11 ENGINE_load_pk11ca
+Index: openssl/crypto/engine/hw_pk11so.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.3.4.3
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11so.c Fri Oct 4 14:45:25 2013
+@@ -0,0 +1,1775 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++/* Modified to keep only RNG and RSA Sign */
++
++#ifdef OPENSSL_NO_RSA
++#error RSA is disabled
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/md5.h>
++#include <openssl/pem.h>
++#include <openssl/rsa.h>
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++typedef int pid_t;
++#define getpid() GetCurrentProcessId()
++#define NOPTHREADS
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <signal.h>
++#include <unistd.h>
++#include <dlfcn.h>
++#endif
++
++/* Debug mutexes */
++/*#undef DEBUG_MUTEX */
++#define DEBUG_MUTEX
++
++#ifndef NOPTHREADS
++/* for pthread error check on Linuxes */
++#ifdef DEBUG_MUTEX
++#define __USE_UNIX98
++#endif
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11SO
++
++/* label for debug messages printed on stderr */
++#define PK11_DBG "PKCS#11 ENGINE DEBUG"
++/* prints a lot of debug messages on stderr about slot selection process */
++/*#undef DEBUG_SLOT_SELECTION */
++
++#ifndef OPENSSL_NO_DSA
++#define OPENSSL_NO_DSA
++#endif
++#ifndef OPENSSL_NO_DH
++#define OPENSSL_NO_DH
++#endif
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11so.h"
++#include "hw_pk11_err.c"
++
++/*
++ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
++ * uri_struct manipulation, and static token info. All of that is used by the
++ * RSA keys by reference feature.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *token_lock;
++#endif
++
++/* PKCS#11 session caches and their locks for all operation types */
++static PK11_CACHE session_cache[OP_MAX];
++
++/*
++ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
++ * logging into the token.
++ */
++CK_FLAGS pubkey_token_flags;
++
++/*
++ * As stated in v2.20, 11.7 Object Management Function, in section for
++ * C_FindObjectsInit(), at most one search operation may be active at a given
++ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
++ * grouped together to form one atomic search operation. This is already
++ * ensured by the property of unique PKCS#11 session handle used for each
++ * PK11_SESSION object.
++ *
++ * This is however not the biggest concern - maintaining consistency of the
++ * underlying object store is more important. The same section of the spec also
++ * says that one thread can be in the middle of a search operation while another
++ * thread destroys the object matching the search template which would result in
++ * invalid handle returned from the search operation.
++ *
++ * Hence, the following locks are used for both protection of the object stores.
++ * They are also used for active list protection.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *find_lock[OP_MAX] = { NULL };
++#endif
++
++/*
++ * lists of asymmetric key handles which are active (referenced by at least one
++ * PK11_SESSION structure, either held by a thread or present in free_session
++ * list) for given algorithm type
++ */
++PK11_active *active_list[OP_MAX] = { NULL };
++
++/*
++ * Create all secret key objects in a global session so that they are available
++ * to use for other sessions. These other sessions may be opened or closed
++ * without losing the secret key objects.
++ */
++static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
++
++/* ENGINE level stuff */
++static int pk11_init(ENGINE *e);
++static int pk11_library_init(ENGINE *e);
++static int pk11_finish(ENGINE *e);
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
++static int pk11_destroy(ENGINE *e);
++
++/* RAND stuff */
++static void pk11_rand_seed(const void *buf, int num);
++static void pk11_rand_add(const void *buf, int num, double add_entropy);
++static void pk11_rand_cleanup(void);
++static int pk11_rand_bytes(unsigned char *buf, int num);
++static int pk11_rand_status(void);
++
++/* These functions are also used in other files */
++PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++
++/* active list manipulation functions used in this file */
++extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
++extern void pk11_free_active_list(PK11_OPTYPE type);
++
++int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++
++/* Local helper functions */
++static int pk11_free_all_sessions(void);
++static int pk11_free_session_list(PK11_OPTYPE optype);
++static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent);
++static const char *get_PK11_LIBNAME(void);
++static void free_PK11_LIBNAME(void);
++static long set_PK11_LIBNAME(const char *name);
++
++static int pk11_choose_slots(int *any_slot_found);
++
++static int pk11_init_all_locks(void);
++static void pk11_free_all_locks(void);
++
++#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
++ { \
++ if (uselock) \
++ LOCK_OBJSTORE(alg_type); \
++ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
++ { \
++ retval = pk11_destroy_object(sp->session, obj_hdl, \
++ priv ? sp->priv_persistent : sp->pub_persistent); \
++ } \
++ if (uselock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ }
++
++static CK_BBOOL pk11_have_rsa = CK_FALSE;
++static CK_BBOOL pk11_have_random = CK_FALSE;
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * The definitions for control commands specific to this engine
++ */
++#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
++#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
++#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
++static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
++ {
++ {
++ PK11_CMD_SO_PATH,
++ "SO_PATH",
++ "Specifies the path to the 'pkcs#11' shared library",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_PIN,
++ "PIN",
++ "Specifies the pin code",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_SLOT,
++ "SLOT",
++ "Specifies the slot (default is auto select)",
++ ENGINE_CMD_FLAG_NUMERIC,
++ },
++ {0, NULL, NULL, 0}
++ };
++
++
++static RAND_METHOD pk11_random =
++ {
++ pk11_rand_seed,
++ pk11_rand_bytes,
++ pk11_rand_cleanup,
++ pk11_rand_add,
++ pk11_rand_bytes,
++ pk11_rand_status
++ };
++
++
++/* Constants used when creating the ENGINE */
++#ifdef OPENSSL_NO_HW_PK11CA
++#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
++#endif
++static const char *engine_pk11_id = "pkcs11";
++static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
++
++CK_FUNCTION_LIST_PTR pFuncList = NULL;
++static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
++
++/*
++ * This is a static string constant for the DSO file name and the function
++ * symbol names to bind to. We set it in the Configure script based on whether
++ * this is 32 or 64 bit build.
++ */
++static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
++
++/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
++CK_SLOT_ID pubkey_SLOTID = 0;
++static CK_SLOT_ID rand_SLOTID = 0;
++static CK_SLOT_ID SLOTID = 0;
++char *pk11_pin = NULL;
++static CK_BBOOL pk11_library_initialized = FALSE;
++static CK_BBOOL pk11_atfork_initialized = FALSE;
++static int pk11_pid = 0;
++
++static DSO *pk11_dso = NULL;
++
++/* allocate and initialize all locks used by the engine itself */
++static int pk11_init_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++ pthread_mutexattr_t attr;
++
++ if (pthread_mutexattr_init(&attr) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 100);
++ return (0);
++ }
++
++#ifdef DEBUG_MUTEX
++ if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 101);
++ return (0);
++ }
++#endif
++
++ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(token_lock, &attr);
++
++ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_RSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_RSA], &attr);
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ session_cache[type].lock =
++ OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (session_cache[type].lock == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(session_cache[type].lock, &attr);
++ }
++
++ return (1);
++
++malloc_err:
++ pk11_free_all_locks();
++ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
++ return (0);
++#else
++ return (1);
++#endif
++ }
++
++static void pk11_free_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++
++ if (token_lock != NULL)
++ {
++ (void) pthread_mutex_destroy(token_lock);
++ OPENSSL_free(token_lock);
++ token_lock = NULL;
++ }
++
++ if (find_lock[OP_RSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
++ OPENSSL_free(find_lock[OP_RSA]);
++ find_lock[OP_RSA] = NULL;
++ }
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (session_cache[type].lock != NULL)
++ {
++ (void) pthread_mutex_destroy(session_cache[type].lock);
++ OPENSSL_free(session_cache[type].lock);
++ session_cache[type].lock = NULL;
++ }
++ }
++#endif
++ }
++
++/*
++ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
++ */
++static int bind_pk11(ENGINE *e)
++ {
++ if (!pk11_library_initialized)
++ if (!pk11_library_init(e))
++ return (0);
++
++ if (!ENGINE_set_id(e, engine_pk11_id) ||
++ !ENGINE_set_name(e, engine_pk11_name))
++ return (0);
++
++ if (pk11_have_rsa == CK_TRUE)
++ {
++ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
++ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
++ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++
++ if (pk11_have_random)
++ {
++ if (!ENGINE_set_RAND(e, &pk11_random))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered random\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++ if (!ENGINE_set_init_function(e, pk11_init) ||
++ !ENGINE_set_destroy_function(e, pk11_destroy) ||
++ !ENGINE_set_finish_function(e, pk11_finish) ||
++ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
++ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
++ return (0);
++
++ /* Ensure the pk11 error handling is set up */
++ ERR_load_pk11_strings();
++
++ return (1);
++ }
++
++/* Dynamic engine support is disabled at a higher level for Solaris */
++#ifdef ENGINE_DYNAMIC_SUPPORT
++#error "dynamic engine not supported"
++static int bind_helper(ENGINE *e, const char *id)
++ {
++ if (id && (strcmp(id, engine_pk11_id) != 0))
++ return (0);
++
++ if (!bind_pk11(e))
++ return (0);
++
++ return (1);
++ }
++
++IMPLEMENT_DYNAMIC_CHECK_FN()
++IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
++
++#else
++static ENGINE *engine_pk11(void)
++ {
++ ENGINE *ret = ENGINE_new();
++
++ if (!ret)
++ return (NULL);
++
++ if (!bind_pk11(ret))
++ {
++ ENGINE_free(ret);
++ return (NULL);
++ }
++
++ return (ret);
++ }
++
++void
++ENGINE_load_pk11(void)
++ {
++ ENGINE *e_pk11 = NULL;
++
++ /*
++ * Do not use dynamic PKCS#11 library on Solaris due to
++ * security reasons. We will link it in statically.
++ */
++ /* Attempt to load PKCS#11 library */
++ if (!pk11_dso)
++ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
++ return;
++ }
++
++ e_pk11 = engine_pk11();
++ if (!e_pk11)
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ return;
++ }
++
++ /*
++ * At this point, the pk11 shared library is either dynamically
++ * loaded or statically linked in. So, initialize the pk11
++ * library before calling ENGINE_set_default since the latter
++ * needs cipher and digest algorithm information
++ */
++ if (!pk11_library_init(e_pk11))
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ ENGINE_free(e_pk11);
++ return;
++ }
++
++ ENGINE_add(e_pk11);
++
++ ENGINE_free(e_pk11);
++ ERR_clear_error();
++ }
++#endif /* ENGINE_DYNAMIC_SUPPORT */
++
++/*
++ * These are the static string constants for the DSO file name and
++ * the function symbol names to bind to.
++ */
++static const char *PK11_LIBNAME = NULL;
++
++static const char *get_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ return (PK11_LIBNAME);
++
++ return (def_PK11_LIBNAME);
++ }
++
++static void free_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ OPENSSL_free((void*)PK11_LIBNAME);
++
++ PK11_LIBNAME = NULL;
++ }
++
++static long set_PK11_LIBNAME(const char *name)
++ {
++ free_PK11_LIBNAME();
++
++ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
++ }
++
++/* acquire all engine specific mutexes before fork */
++static void pk11_fork_prepare(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ LOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++ for (i = 0; i < OP_MAX; i++)
++ {
++ OPENSSL_assert(pthread_mutex_lock(session_cache[i].lock) == 0);
++ }
++#endif
++ }
++
++/* release all engine specific mutexes */
++static void pk11_fork_parent(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/*
++ * same situation as in parent - we need to unlock all locks to make them
++ * accessible to all threads.
++ */
++static void pk11_fork_child(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/* Initialization function for the pk11 engine */
++static int pk11_init(ENGINE *e)
++{
++ return (pk11_library_init(e));
++}
++
++static CK_C_INITIALIZE_ARGS pk11_init_args =
++ {
++ NULL_PTR, /* CreateMutex */
++ NULL_PTR, /* DestroyMutex */
++ NULL_PTR, /* LockMutex */
++ NULL_PTR, /* UnlockMutex */
++ CKF_OS_LOCKING_OK, /* flags */
++ NULL_PTR, /* pReserved */
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * It selects a slot based on predefined critiera. In the process, it also
++ * count how many ciphers and digests to support. Since the cipher and
++ * digest information is needed when setting default engine, this function
++ * needs to be called before calling ENGINE_set_default.
++ */
++/* ARGSUSED */
++static int pk11_library_init(ENGINE *e)
++ {
++ CK_C_GetFunctionList p;
++ CK_RV rv = CKR_OK;
++ CK_INFO info;
++ int any_slot_found;
++ int i;
++#ifndef OPENSSL_SYS_WIN32
++ struct sigaction sigint_act, sigterm_act, sighup_act;
++#endif
++
++ /*
++ * pk11_library_initialized is set to 0 in pk11_finish() which
++ * is called from ENGINE_finish(). However, if there is still
++ * at least one existing functional reference to the engine
++ * (see engine(3) for more information), pk11_finish() is
++ * skipped. For example, this can happen if an application
++ * forgets to clear one cipher context. In case of a fork()
++ * when the application is finishing the engine so that it can
++ * be reinitialized in the child, forgotten functional
++ * reference causes pk11_library_initialized to stay 1. In
++ * that case we need the PID check so that we properly
++ * initialize the engine again.
++ */
++ if (pk11_library_initialized)
++ {
++ if (pk11_pid == getpid())
++ {
++ return (1);
++ }
++ else
++ {
++ global_session = CK_INVALID_HANDLE;
++ /*
++ * free the locks first to prevent memory leak in case
++ * the application calls fork() without finishing the
++ * engine first.
++ */
++ pk11_free_all_locks();
++ }
++ }
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the C_GetFunctionList function from the loaded library */
++ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
++ PK11_GET_FUNCTION_LIST);
++ if (!p)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ rv = p(&pFuncList);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
++ goto err;
++ }
++
++#ifndef OPENSSL_SYS_WIN32
++ /* Not all PKCS#11 library are signal safe! */
++
++ (void) memset(&sigint_act, 0, sizeof(sigint_act));
++ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
++ (void) memset(&sighup_act, 0, sizeof(sighup_act));
++ (void) sigaction(SIGINT, NULL, &sigint_act);
++ (void) sigaction(SIGTERM, NULL, &sigterm_act);
++ (void) sigaction(SIGHUP, NULL, &sighup_act);
++#endif
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++#ifndef OPENSSL_SYS_WIN32
++ (void) sigaction(SIGINT, &sigint_act, NULL);
++ (void) sigaction(SIGTERM, &sigterm_act, NULL);
++ (void) sigaction(SIGHUP, &sighup_act, NULL);
++#endif
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetInfo(&info);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
++ goto err;
++ }
++
++ if (pk11_choose_slots(&any_slot_found) == 0)
++ goto err;
++
++ /*
++ * The library we use, set in def_PK11_LIBNAME, may not offer any
++ * slot(s). In that case, we must not proceed but we must not return an
++ * error. The reason is that applications that try to set up the PKCS#11
++ * engine don't exit on error during the engine initialization just
++ * because no slot was present.
++ */
++ if (any_slot_found == 0)
++ return (1);
++
++ if (global_session == CK_INVALID_HANDLE)
++ {
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT,
++ PK11_R_OPENSESSION, rv);
++ goto err;
++ }
++ }
++
++ pk11_library_initialized = TRUE;
++ pk11_pid = getpid();
++ /*
++ * if initialization of the locks fails pk11_init_all_locks()
++ * will do the cleanup.
++ */
++ if (!pk11_init_all_locks())
++ goto err;
++ for (i = 0; i < OP_MAX; i++)
++ session_cache[i].head = NULL;
++ /*
++ * initialize active lists. We only use active lists
++ * for asymmetric ciphers.
++ */
++ for (i = 0; i < OP_MAX; i++)
++ active_list[i] = NULL;
++
++#ifndef NOPTHREADS
++ if (!pk11_atfork_initialized)
++ {
++ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
++ pk11_fork_child) != 0)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
++ goto err;
++ }
++ pk11_atfork_initialized = TRUE;
++ }
++#endif
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Destructor (complements the "ENGINE_pk11()" constructor) */
++/* ARGSUSED */
++static int pk11_destroy(ENGINE *e)
++ {
++ free_PK11_LIBNAME();
++ ERR_unload_pk11_strings();
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++ return (1);
++ }
++
++/*
++ * Termination function to clean up the session, the token, and the pk11
++ * library.
++ */
++/* ARGSUSED */
++static int pk11_finish(ENGINE *e)
++ {
++ int i;
++
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
++ goto err;
++ }
++
++ OPENSSL_assert(pFuncList != NULL);
++
++ if (pk11_free_all_sessions() == 0)
++ goto err;
++
++ /* free all active lists */
++ for (i = 0; i < OP_MAX; i++)
++ pk11_free_active_list(i);
++
++ pFuncList->C_CloseSession(global_session);
++ global_session = CK_INVALID_HANDLE;
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects.
++ */
++#if 0
++ pFuncList->C_Finalize(NULL);
++#endif
++
++ if (!DSO_free(pk11_dso))
++ {
++ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++ pk11_dso = NULL;
++ pFuncList = NULL;
++ pk11_library_initialized = FALSE;
++ pk11_pid = 0;
++ /*
++ * There is no way how to unregister atfork handlers (other than
++ * unloading the library) so we just free the locks. For this reason
++ * the atfork handlers check if the engine is initialized and bail out
++ * immediately if not. This is necessary in case a process finishes
++ * the engine before calling fork().
++ */
++ pk11_free_all_locks();
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Standard engine interface function to set the dynamic library path */
++/* ARGSUSED */
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
++ {
++ int initialized = ((pk11_dso == NULL) ? 0 : 1);
++
++ switch (cmd)
++ {
++ case PK11_CMD_SO_PATH:
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ if (initialized)
++ {
++ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
++ return (0);
++ }
++
++ return (set_PK11_LIBNAME((const char *)p));
++ case PK11_CMD_PIN:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ pk11_pin = BUF_strdup(p);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ return (1);
++ case PK11_CMD_SLOT:
++ SLOTID = (CK_SLOT_ID)i;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: slot set\n", PK11_DBG);
++#endif
++ return (1);
++ default:
++ break;
++ }
++
++ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
++
++ return (0);
++ }
++
++
++/* Required function by the engine random interface. It does nothing here */
++static void pk11_rand_cleanup(void)
++ {
++ return;
++ }
++
++/* ARGSUSED */
++static void pk11_rand_add(const void *buf, int num, double add)
++ {
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return;
++
++ /*
++ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
++ * the calling functions do not care anyway
++ */
++ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
++ pk11_return_session(sp, OP_RAND);
++
++ return;
++ }
++
++static void pk11_rand_seed(const void *buf, int num)
++ {
++ pk11_rand_add(buf, num, 0);
++ }
++
++static int pk11_rand_bytes(unsigned char *buf, int num)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return (0);
++
++ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
++ pk11_return_session(sp, OP_RAND);
++ return (0);
++ }
++
++ pk11_return_session(sp, OP_RAND);
++ return (1);
++ }
++
++/* Required function by the engine random interface. It does nothing here */
++static int pk11_rand_status(void)
++ {
++ return (1);
++ }
++
++/* Free all BIGNUM structures from PK11_SESSION. */
++static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ switch (optype)
++ {
++ case OP_RSA:
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++ break;
++ default:
++ break;
++ }
++ }
++
++/*
++ * Get new PK11_SESSION structure ready for use. Every process must have
++ * its own freelist of PK11_SESSION structures so handle fork() here
++ * by destroying the old and creating new freelist.
++ * The returned PK11_SESSION structure is disconnected from the freelist.
++ */
++PK11_SESSION *
++pk11_get_session(PK11_OPTYPE optype)
++ {
++ PK11_SESSION *sp = NULL, *sp1, *freelist;
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock = NULL;
++#endif
++ static pid_t pid = 0;
++ pid_t new_pid;
++ CK_RV rv;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (NULL);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ /*
++ * Will use it to find out if we forked. We cannot use the PID field in
++ * the session structure because we could get a newly allocated session
++ * here, with no PID information.
++ */
++ if (pid == 0)
++ pid = getpid();
++
++ freelist = session_cache[optype].head;
++ sp = freelist;
++
++ /*
++ * If the free list is empty, allocate new unitialized (filled
++ * with zeroes) PK11_SESSION structure otherwise return first
++ * structure from the freelist.
++ */
++ if (sp == NULL)
++ {
++ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ (void) memset(sp, 0, sizeof (PK11_SESSION));
++
++ /*
++ * It is a new session so it will look like a cache miss to the
++ * code below. So, we must not try to to destroy its members so
++ * mark them as unused.
++ */
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ }
++ else
++ {
++ freelist = sp->next;
++ }
++
++ /*
++ * Check whether we have forked. In that case, we must get rid of all
++ * inherited sessions and start allocating new ones.
++ */
++ if (pid != (new_pid = getpid()))
++ {
++ pid = new_pid;
++
++ /*
++ * We are a new process and thus need to free any inherited
++ * PK11_SESSION objects aside from the first session (sp) which
++ * is the only PK11_SESSION structure we will reuse (for the
++ * head of the list).
++ */
++ while ((sp1 = freelist) != NULL)
++ {
++ freelist = sp1->next;
++ /*
++ * NOTE: we do not want to call pk11_free_all_sessions()
++ * here because it would close underlying PKCS#11
++ * sessions and destroy all objects.
++ */
++ pk11_free_nums(sp1, optype);
++ OPENSSL_free(sp1);
++ }
++
++ /* we have to free the active list as well. */
++ pk11_free_active_list(optype);
++
++ /* Initialize the process */
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * Choose slot here since the slot table is different on this
++ * process. If we are here then we must have found at least one
++ * usable slot before so we don't need to check any_slot_found.
++ * See pk11_library_init()'s usage of this function for more
++ * information.
++ */
++ if (pk11_choose_slots(NULL) == 0)
++ goto err;
++
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * It is an inherited session from our parent so it needs
++ * re-initialization.
++ */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++ if (pk11_token_relogin(sp->session) == 0)
++ {
++ /*
++ * We will keep the session in the cache list and let
++ * the caller cope with the situation.
++ */
++ freelist = sp;
++ sp = NULL;
++ goto err;
++ }
++ }
++
++ if (sp->pid == 0)
++ {
++ /* It is a new session and needs initialization. */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ }
++ }
++
++ /* set new head for the list of PK11_SESSION objects */
++ session_cache[optype].head = freelist;
++
++err:
++ if (sp != NULL)
++ sp->next = NULL;
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (sp);
++ }
++
++
++void
++pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ PK11_SESSION *freelist;
++
++ /*
++ * If this is a session from the parent it will be taken care of and
++ * freed in pk11_get_session() as part of the post-fork clean up the
++ * next time we will ask for a new session.
++ */
++ if (sp == NULL || sp->pid != getpid())
++ return;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_RETURN_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return;
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ sp->next = freelist;
++ session_cache[optype].head = sp;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++
++
++/* Destroy all objects. This function is called when the engine is finished */
++static int pk11_free_all_sessions()
++ {
++ int ret = 1;
++ int type;
++
++ (void) pk11_destroy_rsa_key_objects(NULL);
++
++ /*
++ * We try to release as much as we can but any error means that we will
++ * return 0 on exit.
++ */
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (pk11_free_session_list(type) == 0)
++ ret = 0;
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy session structures from the linked list specified. Free as many
++ * sessions as possible but any failure in C_CloseSession() means that we
++ * return an error on return.
++ */
++static int pk11_free_session_list(PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *freelist = NULL;
++ pid_t mypid = getpid();
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ int ret = 1;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ while ((sp = freelist) != NULL)
++ {
++ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
++ {
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_CLOSESESSION, rv);
++ ret = 0;
++ }
++ }
++ freelist = sp->next;
++ pk11_free_nums(sp, optype);
++ OPENSSL_free(sp);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (ret);
++ }
++
++
++static int
++pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ CK_SLOT_ID myslot;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ myslot = pubkey_SLOTID;
++ break;
++ case OP_RAND:
++ myslot = rand_SLOTID;
++ break;
++ default:
++ PK11err(PK11_F_SETUP_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++ sp->session = CK_INVALID_HANDLE;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
++ {
++ /*
++ * We are probably a child process so force the
++ * reinitialize of the session
++ */
++ pk11_library_initialized = FALSE;
++ if (!pk11_library_init(NULL))
++ return (0);
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ }
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ sp->pid = getpid();
++
++ if (optype == OP_RSA)
++ {
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ sp->opdata_rsa_n_num = NULL;
++ sp->opdata_rsa_e_num = NULL;
++ sp->opdata_rsa_priv = NULL;
++ sp->opdata_rsa_pn_num = NULL;
++ sp->opdata_rsa_pe_num = NULL;
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * We always initialize the session as containing a non-persistent
++ * object. The key load functions set it to persistent if that is so.
++ */
++ sp->pub_persistent = CK_FALSE;
++ sp->priv_persistent = CK_FALSE;
++ return (1);
++ }
++
++/* Destroy RSA public key from single session. */
++int
++pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
++ ret, uselock, OP_RSA, CK_FALSE);
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy RSA private key from single session. */
++int
++pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
++ ret, uselock, OP_RSA, CK_TRUE);
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv = NULL;
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * For the RSA key by reference code, public components 'n'/'e'
++ * are the key components we use to check for the cache hit. We
++ * must free those as well.
++ */
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_rsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_RSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_RSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_RSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++
++static int
++pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent)
++ {
++ CK_RV rv;
++
++ /*
++ * We never try to destroy persistent objects which are the objects
++ * stored in the keystore. Also, we always use read-only sessions so
++ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
++ */
++ if (persistent == CK_TRUE)
++ return (1);
++
++ rv = pFuncList->C_DestroyObject(session, oh);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
++ rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++
++/*
++ * Public key mechanisms optionally supported
++ *
++ * CKM_RSA_PKCS
++ *
++ * The first slot that supports at least one of those mechanisms is chosen as a
++ * public key slot.
++ *
++ * The output of this function is a set of global variables indicating which
++ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
++ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
++ * variables carry information about which slot was chosen for (a) public key
++ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
++ */
++static int
++pk11_choose_slots(int *any_slot_found)
++ {
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ CK_ULONG ulSlotCount = 0;
++ CK_MECHANISM_INFO mech_info;
++ CK_TOKEN_INFO token_info;
++ unsigned int i;
++ CK_RV rv;
++ CK_SLOT_ID best_slot_sofar = 0;
++ CK_BBOOL found_candidate_slot = CK_FALSE;
++ CK_SLOT_ID current_slot = 0;
++
++ /* let's initialize the output parameter */
++ if (any_slot_found != NULL)
++ *any_slot_found = 0;
++
++ /* Get slot list for memory allocation */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ return (0);
++ }
++
++ /* it's not an error if we didn't find any providers */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++
++ /* Get the slot list for processing */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ OPENSSL_free(pSlotList);
++ return (0);
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
++ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
++
++ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ /* Check if slot has random support. */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (token_info.flags & CKF_RNG)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ pk11_have_random = CK_TRUE;
++ rand_SLOTID = current_slot;
++ break;
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ pubkey_SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ CK_BBOOL slot_has_rsa = CK_FALSE;
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * Check if this slot is capable of signing with CKM_RSA_PKCS.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
++ &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
++ {
++ slot_has_rsa = CK_TRUE;
++ }
++
++ if (!found_candidate_slot && slot_has_rsa)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: potential slot: %d\n", PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = current_slot;
++ pk11_have_rsa = slot_has_rsa;
++ found_candidate_slot = CK_TRUE;
++ /*
++ * Cache the flags for later use. We might
++ * need those if RSA keys by reference feature
++ * is used.
++ */
++ pubkey_token_flags = token_info.flags;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: setting found_candidate_slot to CK_TRUE\n",
++ PK11_DBG);
++ fprintf(stderr,
++ "%s: best so far slot: %d\n", PK11_DBG,
++ best_slot_sofar);
++ fprintf(stderr, "%s: pubkey flags changed to "
++ "%lu.\n", PK11_DBG, pubkey_token_flags);
++ }
++ else
++ {
++ fprintf(stderr,
++ "%s: no rsa\n", PK11_DBG);
++ }
++#else
++ } /* if */
++#endif /* DEBUG_SLOT_SELECTION */
++ } /* for */
++
++ if (found_candidate_slot == CK_TRUE)
++ {
++ pubkey_SLOTID = best_slot_sofar;
++ }
++
++ /*SLOTID = pSlotList[0];*/
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
++ fprintf(stderr,
++ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
++ fprintf(stderr,
++ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
++ fprintf(stderr,
++ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++
++ if (any_slot_found != NULL)
++ *any_slot_found = 1;
++ return (1);
++ }
++
++#endif /* OPENSSL_NO_HW_PK11SO */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11so.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.2.4.2
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:32 2011
+@@ -0,0 +1,32 @@
++/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
++
++#define token_lock pk11so_token_lock
++#define find_lock pk11so_find_lock
++#define active_list pk11so_active_list
++#define pubkey_token_flags pk11so_pubkey_token_flags
++#define pubkey_SLOTID pk11so_pubkey_SLOTID
++#define ERR_pk11_error ERR_pk11so_error
++#define PK11err_add_data PK11SOerr_add_data
++#define pk11_get_session pk11so_get_session
++#define pk11_return_session pk11so_return_session
++#define pk11_active_add pk11so_active_add
++#define pk11_active_delete pk11so_active_delete
++#define pk11_active_remove pk11so_active_remove
++#define pk11_free_active_list pk11so_free_active_list
++#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
++#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
++#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
++#define pk11_load_privkey pk11so_load_privkey
++#define pk11_load_pubkey pk11so_load_pubkey
++#define PK11_RSA PK11SO_RSA
++#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
++#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
++#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
++#define PK11_DSA PK11SO_DSA
++#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
++#define pk11_destroy_dh_object pk11so_destroy_dh_object
++#define PK11_DH PK11SO_DH
++#define pk11_token_relogin pk11so_token_relogin
++#define pFuncList pk11so_pFuncList
++#define pk11_pin pk11so_pin
++#define ENGINE_load_pk11 ENGINE_load_pk11so
+Index: openssl/crypto/engine/hw_pk11so_pub.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.2.4.6
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/hw_pk11so_pub.c Fri Oct 4 14:45:25 2013
+@@ -0,0 +1,1642 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_pub.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++/* Modified to keep only RNG and RSA Sign */
++
++#ifdef OPENSSL_NO_RSA
++#error RSA is disabled
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/pem.h>
++#include <openssl/rsa.h>
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++#define NOPTHREADS
++typedef int pid_t;
++#define HAVE_GETPASSPHRASE
++static char *getpassphrase(const char *prompt);
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <unistd.h>
++#endif
++
++#ifndef NOPTHREADS
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11SO
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11so.h"
++#include "hw_pk11_err.h"
++
++static CK_BBOOL pk11_login_done = CK_FALSE;
++extern CK_SLOT_ID pubkey_SLOTID;
++#ifndef NOPTHREADS
++extern pthread_mutex_t *token_lock;
++#endif
++
++#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
++#define getpassphrase(x) getpass(x)
++#endif
++
++/* RSA stuff */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
++EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session);
++
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
++
++static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
++static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
++ CK_ULONG *ulValueLen);
++static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
++
++static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private);
++
++/* Read mode string to be used for fopen() */
++#if SOLARIS_OPENSSL
++static char *read_mode_flags = "rF";
++#else
++static char *read_mode_flags = "r";
++#endif
++
++/*
++ * increment/create reference for an asymmetric key handle via active list
++ * manipulation. If active list operation fails, unlock (if locked), set error
++ * variable and jump to the specified label.
++ */
++#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
++ { \
++ if (pk11_active_add(key_handle, alg_type) < 0) \
++ { \
++ var = TRUE; \
++ if (unlock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ goto label; \
++ } \
++ }
++
++/*
++ * Find active list entry according to object handle and return pointer to the
++ * entry otherwise return NULL.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ for (entry = active_list[type]; entry != NULL; entry = entry->next)
++ if (entry->h == h)
++ return (entry);
++
++ return (NULL);
++ }
++
++/*
++ * Search for an entry in the active list using PKCS#11 object handle as a
++ * search key and return refcnt of the found/created entry or -1 in case of
++ * failure.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if (h == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ /* search for entry in the active list */
++ if ((entry = pk11_active_find(h, type)) != NULL)
++ entry->refcnt++;
++ else
++ {
++ /* not found, create new entry and add it to the list */
++ entry = OPENSSL_malloc(sizeof (PK11_active));
++ if (entry == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
++ return (-1);
++ }
++ entry->h = h;
++ entry->refcnt = 1;
++ entry->prev = NULL;
++ entry->next = NULL;
++ /* connect the newly created entry to the list */
++ if (active_list[type] == NULL)
++ active_list[type] = entry;
++ else /* make the entry first in the list */
++ {
++ entry->next = active_list[type];
++ active_list[type]->prev = entry;
++ active_list[type] = entry;
++ }
++ }
++
++ return (entry->refcnt);
++ }
++
++/*
++ * Remove active list entry from the list and free it.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++void
++pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
++ {
++ PK11_active *prev_entry;
++
++ /* remove the entry from the list and free it */
++ if ((prev_entry = entry->prev) != NULL)
++ {
++ prev_entry->next = entry->next;
++ if (entry->next != NULL)
++ entry->next->prev = prev_entry;
++ }
++ else
++ {
++ active_list[type] = entry->next;
++ /* we were the first but not the only one */
++ if (entry->next != NULL)
++ entry->next->prev = NULL;
++ }
++
++ /* sanitization */
++ entry->h = CK_INVALID_HANDLE;
++ entry->prev = NULL;
++ entry->next = NULL;
++ OPENSSL_free(entry);
++ }
++
++/* Free all entries from the active list. */
++void
++pk11_free_active_list(PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ /* only for asymmetric types since only they have C_Find* locks. */
++ switch (type)
++ {
++ case OP_RSA:
++ break;
++ default:
++ return;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(type);
++ while ((entry = active_list[type]) != NULL)
++ pk11_active_remove(entry, type);
++ UNLOCK_OBJSTORE(type);
++ }
++
++/*
++ * Search for active list entry associated with given PKCS#11 object handle,
++ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
++ *
++ * Return 1 if the PKCS#11 object associated with the entry has no references,
++ * return 0 if there is at least one reference, -1 on error.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if ((entry = pk11_active_find(h, type)) == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ OPENSSL_assert(entry->refcnt > 0);
++ entry->refcnt--;
++ if (entry->refcnt == 0)
++ {
++ pk11_active_remove(entry, type);
++ return (1);
++ }
++
++ return (0);
++ }
++
++/* Our internal RSA_METHOD that we provide pointers to */
++static RSA_METHOD pk11_rsa;
++
++RSA_METHOD *
++PK11_RSA(void)
++ {
++ const RSA_METHOD *rsa;
++
++ if (pk11_rsa.name == NULL)
++ {
++ rsa = RSA_PKCS1_SSLeay();
++ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
++ pk11_rsa.name = "PKCS#11 RSA method";
++ pk11_rsa.rsa_sign = pk11_RSA_sign;
++ }
++ return (&pk11_rsa);
++ }
++
++/* Size of an SSL signature: MD5+SHA1 */
++#define SSL_SIG_LENGTH 36
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++
++/*
++ * Standard engine interface function. Majority codes here are from
++ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
++ * See more details in rsa/rsa_sign.c
++ */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++ unsigned long ulsiglen;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key((RSA *)rsa,
++ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
++ sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto err;
++ }
++
++ ulsiglen = j;
++ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
++ (CK_ULONG_PTR) &ulsiglen);
++ *siglen = ulsiglen;
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++static int hndidx_rsa = -1;
++
++#define MAXATTR 1024
++
++/*
++ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *privkey;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BBOOL rollback = FALSE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for private keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize the OpenSSL RSA
++ * structure with something we can use to look up the key. Note that we
++ * never ask for private components.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(privkey_file, "pkcs11:") == privkey_file)
++ {
++ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_TRUE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ if (hndidx_rsa == -1)
++ hndidx_rsa = RSA_get_ex_new_index(0,
++ "pkcs11 RSA HSM key handle",
++ NULL, NULL, NULL);
++
++ /*
++ * We might have a cache hit which we could confirm
++ * according to the 'n'/'e' params, RSA public pointer
++ * as NULL, and non-NULL RSA private pointer. However,
++ * it is easier just to recreate everything. We expect
++ * the keys to be loaded once and used many times. We
++ * do not check the return value because even in case
++ * of failure the sp structure will have both key
++ * pointer and object handle cleaned and
++ * pk11_destroy_object() reports the failure to the
++ * OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, FALSE);
++
++ sp->opdata_rsa_priv_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->priv_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA private structure pointer. We do not
++ * use it now for key-by-ref keys but let's do it for
++ * consistency reasons.
++ */
++ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
++ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ /*
++ * We do not use pk11_get_private_rsa_key() here so we
++ * must take care of handle management ourselves.
++ */
++ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, TRUE, rollback, err);
++
++ /*
++ * Those are the sensitive components we do not want to export
++ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
++ */
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++ /*
++ * Must have 'n'/'e' components in the session structure as
++ * well. They serve as a public look-up key for the private key
++ * in the keystore.
++ */
++ attr_to_BN(&get_templ[0], attr_data[0],
++ &sp->opdata_rsa_pn_num);
++ attr_to_BN(&get_templ[1], attr_data[1],
++ &sp->opdata_rsa_pe_num);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++ }
++ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
++ (void) fclose(privkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_priv(sp, rsa);
++ sp->priv_persistent = CK_FALSE;
++
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa,
++ &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ if (h_priv_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ rollback = rollback;
++ return (pkey);
++ }
++
++/*
++ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *pubkey;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for public keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize OpenSSL RSA
++ * structure with something we can use to look up the key.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
++ {
++ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_FALSE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * We load a new public key so we will create a new RSA
++ * structure. No cache hit is possible.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, FALSE);
++
++ sp->opdata_rsa_pub_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->pub_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA public structure pointer.
++ */
++ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER;
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PUBKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++
++ /*
++ * Create a session object from it so that when calling
++ * pk11_get_public_rsa_key() the next time, we can find it. The
++ * reason why we do that is that we cannot tell from the RSA
++ * structure (OpenSSL RSA structure does not have any room for
++ * additional data used by the engine, for example) if it bears
++ * a public key stored in the keystore or not so it's better if
++ * we always have a session key. Note that this is different
++ * from what we do for the private keystore objects but in that
++ * case, we can tell from the RSA structure that the keystore
++ * object is in play - the 'd' component is NULL in that case.
++ */
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
++ (void) fclose(pubkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_pub(sp, rsa);
++ sp->pub_persistent = CK_FALSE;
++
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ return (pkey);
++ }
++
++/*
++ * Create a public key object in a session from a given rsa structure.
++ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
++ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY_RECOVER, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
++ };
++
++ int i;
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
++ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[6].ulValueLen);
++ if (a_key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->n, a_key_template[6].pValue);
++
++ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
++ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[7].ulValueLen);
++ if (a_key_template[7].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->e, a_key_template[7].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (rsa_n_num != NULL)
++ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ if (rsa_e_num != NULL)
++ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ BN_free(*rsa_n_num);
++ *rsa_n_num = NULL;
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ for (i = 6; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given rsa structure.
++ * The *rsa_d_num pointer is non-NULL for RSA private keys.
++ */
++static CK_OBJECT_HANDLE
++pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ int i;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 14;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIME_1, (void *)NULL, 0},
++ {CKA_PRIME_2, (void *)NULL, 0},
++ {CKA_EXPONENT_1, (void *)NULL, 0},
++ {CKA_EXPONENT_2, (void *)NULL, 0},
++ {CKA_COEFFICIENT, (void *)NULL, 0},
++ };
++
++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
++ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
++ LOCK_OBJSTORE(OP_RSA);
++ goto set;
++ }
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(rsa->n, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(rsa->e, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(rsa->d, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0 ||
++ init_template_value(rsa->p, &a_key_template[9].pValue,
++ &a_key_template[9].ulValueLen) == 0 ||
++ init_template_value(rsa->q, &a_key_template[10].pValue,
++ &a_key_template[10].ulValueLen) == 0 ||
++ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
++ &a_key_template[11].ulValueLen) == 0 ||
++ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
++ &a_key_template[12].ulValueLen) == 0 ||
++ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
++ &a_key_template[13].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * We are getting the private key but the private 'd'
++ * component is NULL. That means this is key by reference RSA
++ * key. In that case, we can use only public components for
++ * searching for the private key handle.
++ */
++ if (rsa->d == NULL)
++ {
++ ul_key_attr_count = 8;
++ /*
++ * We will perform the search in the token, not in the existing
++ * session keys.
++ */
++ a_key_template[2].pValue = &mytrue;
++ }
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ /*
++ * We have an RSA structure with 'n'/'e' components
++ * only so we tried to find the private key in the
++ * keystore. If it was really a token key we have a
++ * problem. Note that for other key types we just
++ * create a new session key using the private
++ * components from the RSA structure.
++ */
++ if (rsa->d == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_PRIV_KEY_NOT_FOUND);
++ goto err;
++ }
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++set:
++ if (rsa_d_num != NULL)
++ {
++ /*
++ * When RSA keys by reference code is used, we never
++ * extract private components from the keystore. In
++ * that case 'd' was set to NULL and we expect the
++ * application to properly cope with that. It is
++ * documented in openssl(5). In general, if keys by
++ * reference are used we expect it to be used
++ * exclusively using the high level API and then there
++ * is no problem. If the application expects the
++ * private components to be read from the keystore
++ * then that is not a supported way of usage.
++ */
++ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ else
++ *rsa_d_num = NULL;
++ }
++
++ /*
++ * For the key by reference code, we need public components as well
++ * since 'd' component is always NULL. For that reason, we always cache
++ * 'n'/'e' components as well.
++ */
++ *rsa_n_num = BN_dup(rsa->n);
++ *rsa_e_num = BN_dup(rsa->e);
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0 &&
++ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ /*
++ * 6 to 13 entries in the key template are key components.
++ * They need to be freed upon exit or error.
++ */
++ for (i = 6; i <= 13; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making the
++ * check for cache hit stronger. Only public components of RSA
++ * key matter here so it is sufficient to compare them with values
++ * cached in PK11_SESSION structure.
++ *
++ * We must check the handle as well since with key by reference, public
++ * components 'n'/'e' are cached in private keys as well. That means we
++ * could have a cache hit in a private key when looking for a public
++ * key. That would not work, you cannot have one PKCS#11 object for
++ * both data signing and verifying.
++ */
++ if ((sp->opdata_rsa_pub != rsa) ||
++ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making
++ * the check for cache hit stronger. Comparing public exponent
++ * of RSA key with value cached in PK11_SESSION structure
++ * should be sufficient. Note that we want to compare the
++ * public component since with the keys by reference
++ * mechanism, private components are not in the RSA
++ * structure. Also, see check_new_rsa_key_pub() about why we
++ * compare the handle as well.
++ */
++ if ((sp->opdata_rsa_priv != rsa) ||
++ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_pn_num == NULL) ||
++ (sp->opdata_rsa_pe_num == NULL) ||
++ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Local function to simplify key template population
++ * Return 0 -- error, 1 -- no error
++ */
++static int
++init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
++ CK_ULONG *ul_value_len)
++ {
++ CK_ULONG len = 0;
++
++ /*
++ * This function can be used on non-initialized BIGNUMs. It is
++ * easier to check that here than individually in the callers.
++ */
++ if (bn != NULL)
++ len = BN_num_bytes(bn);
++
++ if (bn == NULL || len == 0)
++ return (1);
++
++ *ul_value_len = len;
++ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
++ if (*p_value == NULL)
++ return (0);
++
++ BN_bn2bin(bn, *p_value);
++
++ return (1);
++ }
++
++static void
++attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
++ {
++ if (attr->ulValueLen > 0)
++ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
++ }
++
++/*
++ * Find one object in the token. It is an error if we can not find the
++ * object or if we find more objects based on the template we got.
++ * Assume object store locked.
++ *
++ * Returns:
++ * 1 OK
++ * 0 no object or more than 1 object found
++ */
++static int
++find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
++ {
++ CK_RV rv;
++ CK_ULONG objcnt;
++
++ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_FINDOBJECTSINIT, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(s);
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
++ rv);
++ return (0);
++ }
++
++ (void) pFuncList->C_FindObjectsFinal(s);
++
++ if (objcnt > 1)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
++ return (0);
++ }
++ else if (objcnt == 0)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
++ return (0);
++ }
++ return (1);
++ }
++
++/* from uri stuff */
++
++extern char *pk11_pin;
++
++static int pk11_get_pin(void);
++
++static int
++pk11_get_pin(void)
++{
++ char *pin;
++
++ /* The getpassphrase() function is not MT safe. */
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ pin = getpassphrase("Enter PIN: ");
++ if (pin == NULL)
++ {
++ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ pk11_pin = BUF_strdup(pin);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ memset(pin, 0, strlen(pin));
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (1);
++ }
++
++/*
++ * Log in to the keystore if we are supposed to do that at all. Take care of
++ * reading and caching the PIN etc. Log in only once even when called from
++ * multiple threads.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++static int
++pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private)
++ {
++ CK_RV rv;
++
++#if 0
++ /* doesn't work on the AEP Keyper??? */
++ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_NOT_INITIALIZED);
++ return (0);
++ }
++#endif
++
++ /*
++ * If login is required or needed but the PIN has not been
++ * even initialized we can bail out right now. Note that we
++ * are supposed to always log in if we are going to access
++ * private keys. However, we may need to log in even for
++ * accessing public keys in case that the CKF_LOGIN_REQUIRED
++ * flag is set.
++ */
++ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE)) &&
++ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
++ return (0);
++ }
++
++ /*
++ * Note on locking: it is possible that more than one thread
++ * gets into pk11_get_pin() so we must deal with that. We
++ * cannot avoid it since we cannot guard fork() in there with
++ * a lock because we could end up in a dead lock in the
++ * child. Why? Remember we are in a multithreaded environment
++ * so we must lock all mutexes in the prefork function to
++ * avoid a situation in which a thread that did not call
++ * fork() held a lock, making future unlocking impossible. We
++ * lock right before C_Login().
++ */
++ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE))
++ {
++ if (*login_done == CK_FALSE)
++ {
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_PIN_NOT_PROVIDED);
++ return (0);
++ }
++ }
++
++ /*
++ * Note that what we are logging into is the keystore from
++ * pubkey_SLOTID because we work with OP_RSA session type here.
++ * That also means that we can work with only one keystore in
++ * the engine.
++ *
++ * We must make sure we do not try to login more than once.
++ * Also, see the comment above on locking strategy.
++ */
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if (*login_done == CK_FALSE)
++ {
++ if ((rv = pFuncList->C_Login(session,
++ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
++ strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++ goto err_locked;
++ }
++
++ *login_done = CK_TRUE;
++
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++ else
++ {
++ /*
++ * If token does not require login we take it as the
++ * login was done.
++ */
++ *login_done = CK_TRUE;
++ }
++
++ return (1);
++
++err_locked:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++
++/*
++ * Log in to the keystore in the child if we were logged in in the
++ * parent. There are similarities in the code with pk11_token_login()
++ * but still it is quite different so we need a separate function for
++ * this.
++ *
++ * Note that this function is called under the locked session mutex when fork is
++ * detected. That means that C_Login() will be called from the child just once.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++int
++pk11_token_relogin(CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ return (0);
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if ((rv = pFuncList->C_Login(session, CKU_USER,
++ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (1);
++ }
++
++#ifdef OPENSSL_SYS_WIN32
++char *getpassphrase(const char *prompt)
++ {
++ static char buf[128];
++ HANDLE h;
++ DWORD cc, mode;
++ int cnt;
++
++ h = GetStdHandle(STD_INPUT_HANDLE);
++ fputs(prompt, stderr);
++ fflush(stderr);
++ fflush(stdout);
++ FlushConsoleInputBuffer(h);
++ GetConsoleMode(h, &mode);
++ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
++
++ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
++ {
++ ReadFile(h, buf + cnt, 1, &cc, NULL);
++ if (buf[cnt] == '\r')
++ break;
++ fputc('*', stdout);
++ fflush(stderr);
++ fflush(stdout);
++ }
++
++ SetConsoleMode(h, mode);
++ buf[cnt] = '\0';
++ fputs("\n", stderr);
++ return buf;
++ }
++#endif /* OPENSSL_SYS_WIN32 */
++#endif /* OPENSSL_NO_HW_PK11SO */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/pkcs11.h
+diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
+@@ -0,0 +1,299 @@
++/* pkcs11.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++#ifndef _PKCS11_H_
++#define _PKCS11_H_ 1
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/* Before including this file (pkcs11.h) (or pkcs11t.h by
++ * itself), 6 platform-specific macros must be defined. These
++ * macros are described below, and typical definitions for them
++ * are also given. Be advised that these definitions can depend
++ * on both the platform and the compiler used (and possibly also
++ * on whether a Cryptoki library is linked statically or
++ * dynamically).
++ *
++ * In addition to defining these 6 macros, the packing convention
++ * for Cryptoki structures should be set. The Cryptoki
++ * convention on packing is that structures should be 1-byte
++ * aligned.
++ *
++ * If you're using Microsoft Developer Studio 5.0 to produce
++ * Win32 stuff, this might be done by using the following
++ * preprocessor directive before including pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(push, cryptoki, 1)
++ *
++ * and using the following preprocessor directive after including
++ * pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(pop, cryptoki)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to produce Win16 stuff, this might be done by using
++ * the following preprocessor directive before including
++ * pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(1)
++ *
++ * In a UNIX environment, you're on your own for this. You might
++ * not need to do (or be able to do!) anything.
++ *
++ *
++ * Now for the macros:
++ *
++ *
++ * 1. CK_PTR: The indirection string for making a pointer to an
++ * object. It can be used like this:
++ *
++ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to produce
++ * Win32 stuff, it might be defined by:
++ *
++ * #define CK_PTR *
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to produce Win16 stuff, it might be defined by:
++ *
++ * #define CK_PTR far *
++ *
++ * In a typical UNIX environment, it might be defined by:
++ *
++ * #define CK_PTR *
++ *
++ *
++ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
++ * an exportable Cryptoki library function definition out of a
++ * return type and a function name. It should be used in the
++ * following fashion to define the exposed Cryptoki functions in
++ * a Cryptoki library:
++ *
++ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
++ * CK_VOID_PTR pReserved
++ * )
++ * {
++ * ...
++ * }
++ *
++ * If you're using Microsoft Developer Studio 5.0 to define a
++ * function in a Win32 Cryptoki .dll, it might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType __declspec(dllexport) name
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to define a function in a Win16 Cryptoki .dll, it
++ * might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType __export _far _pascal name
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType name
++ *
++ *
++ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
++ * an importable Cryptoki library function declaration out of a
++ * return type and a function name. It should be used in the
++ * following fashion:
++ *
++ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
++ * CK_VOID_PTR pReserved
++ * );
++ *
++ * If you're using Microsoft Developer Studio 5.0 to declare a
++ * function in a Win32 Cryptoki .dll, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType __declspec(dllimport) name
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to declare a function in a Win16 Cryptoki .dll, it
++ * might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType __export _far _pascal name
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType name
++ *
++ *
++ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
++ * which makes a Cryptoki API function pointer declaration or
++ * function pointer type declaration out of a return type and a
++ * function name. It should be used in the following fashion:
++ *
++ * // Define funcPtr to be a pointer to a Cryptoki API function
++ * // taking arguments args and returning CK_RV.
++ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
++ *
++ * or
++ *
++ * // Define funcPtrType to be the type of a pointer to a
++ * // Cryptoki API function taking arguments args and returning
++ * // CK_RV, and then define funcPtr to be a variable of type
++ * // funcPtrType.
++ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
++ * funcPtrType funcPtr;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to access
++ * functions in a Win32 Cryptoki .dll, in might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType __declspec(dllimport) (* name)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to access functions in a Win16 Cryptoki .dll, it might
++ * be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType __export _far _pascal (* name)
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType (* name)
++ *
++ *
++ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
++ * a function pointer type for an application callback out of
++ * a return type for the callback and a name for the callback.
++ * It should be used in the following fashion:
++ *
++ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
++ *
++ * to declare a function pointer, myCallback, to a callback
++ * which takes arguments args and returns a CK_RV. It can also
++ * be used like this:
++ *
++ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
++ * myCallbackType myCallback;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to do Win32
++ * Cryptoki development, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType (* name)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to do Win16 development, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType _far _pascal (* name)
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType (* name)
++ *
++ *
++ * 6. NULL_PTR: This macro is the value of a NULL pointer.
++ *
++ * In any ANSI/ISO C environment (and in many others as well),
++ * this should best be defined by
++ *
++ * #ifndef NULL_PTR
++ * #define NULL_PTR 0
++ * #endif
++ */
++
++
++/* All the various Cryptoki types and #define'd values are in the
++ * file pkcs11t.h. */
++#include "pkcs11t.h"
++
++#define __PASTE(x,y) x##y
++
++
++/* ==============================================================
++ * Define the "extern" form of all the entry points.
++ * ==============================================================
++ */
++
++#define CK_NEED_ARG_LIST 1
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ extern CK_DECLARE_FUNCTION(CK_RV, name)
++
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++#undef CK_NEED_ARG_LIST
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++/* ==============================================================
++ * Define the typedef form of all the entry points. That is, for
++ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
++ * a pointer to that kind of function.
++ * ==============================================================
++ */
++
++#define CK_NEED_ARG_LIST 1
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
++
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++#undef CK_NEED_ARG_LIST
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++/* ==============================================================
++ * Define structed vector of entry points. A CK_FUNCTION_LIST
++ * contains a CK_VERSION indicating a library's Cryptoki version
++ * and then a whole slew of function pointers to the routines in
++ * the library. This type was declared, but not defined, in
++ * pkcs11t.h.
++ * ==============================================================
++ */
++
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ __PASTE(CK_,name) name;
++
++struct CK_FUNCTION_LIST {
++
++ CK_VERSION version; /* Cryptoki version */
++
++/* Pile all the function pointers into the CK_FUNCTION_LIST. */
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++};
++
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++#undef __PASTE
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
+Index: openssl/crypto/engine/pkcs11f.h
+diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
+@@ -0,0 +1,912 @@
++/* pkcs11f.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++/* This header file contains pretty much everything about all the */
++/* Cryptoki function prototypes. Because this information is */
++/* used for more than just declaring function prototypes, the */
++/* order of the functions appearing herein is important, and */
++/* should not be altered. */
++
++/* General-purpose */
++
++/* C_Initialize initializes the Cryptoki library. */
++CK_PKCS11_FUNCTION_INFO(C_Initialize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
++ * cast to CK_C_INITIALIZE_ARGS_PTR
++ * and dereferenced */
++);
++#endif
++
++
++/* C_Finalize indicates that an application is done with the
++ * Cryptoki library. */
++CK_PKCS11_FUNCTION_INFO(C_Finalize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
++);
++#endif
++
++
++/* C_GetInfo returns general information about Cryptoki. */
++CK_PKCS11_FUNCTION_INFO(C_GetInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_INFO_PTR pInfo /* location that receives information */
++);
++#endif
++
++
++/* C_GetFunctionList returns the function list. */
++CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
++ * function list */
++);
++#endif
++
++
++
++/* Slot and token management */
++
++/* C_GetSlotList obtains a list of slots in the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_BBOOL tokenPresent, /* only slots with tokens? */
++ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
++ CK_ULONG_PTR pulCount /* receives number of slots */
++);
++#endif
++
++
++/* C_GetSlotInfo obtains information about a particular slot in
++ * the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* the ID of the slot */
++ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
++);
++#endif
++
++
++/* C_GetTokenInfo obtains information about a particular token
++ * in the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
++);
++#endif
++
++
++/* C_GetMechanismList obtains a list of mechanism types
++ * supported by a token. */
++CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of token's slot */
++ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
++ CK_ULONG_PTR pulCount /* gets # of mechs. */
++);
++#endif
++
++
++/* C_GetMechanismInfo obtains information about a particular
++ * mechanism possibly supported by a token. */
++CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_MECHANISM_TYPE type, /* type of mechanism */
++ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
++);
++#endif
++
++
++/* C_InitToken initializes a token. */
++CK_PKCS11_FUNCTION_INFO(C_InitToken)
++#ifdef CK_NEED_ARG_LIST
++/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
++ CK_ULONG ulPinLen, /* length in bytes of the PIN */
++ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
++);
++#endif
++
++
++/* C_InitPIN initializes the normal user's PIN. */
++CK_PKCS11_FUNCTION_INFO(C_InitPIN)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
++ CK_ULONG ulPinLen /* length in bytes of the PIN */
++);
++#endif
++
++
++/* C_SetPIN modifies the PIN of the user who is logged in. */
++CK_PKCS11_FUNCTION_INFO(C_SetPIN)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
++ CK_ULONG ulOldLen, /* length of the old PIN */
++ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
++ CK_ULONG ulNewLen /* length of the new PIN */
++);
++#endif
++
++
++
++/* Session management */
++
++/* C_OpenSession opens a session between an application and a
++ * token. */
++CK_PKCS11_FUNCTION_INFO(C_OpenSession)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* the slot's ID */
++ CK_FLAGS flags, /* from CK_SESSION_INFO */
++ CK_VOID_PTR pApplication, /* passed to callback */
++ CK_NOTIFY Notify, /* callback function */
++ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
++);
++#endif
++
++
++/* C_CloseSession closes a session between an application and a
++ * token. */
++CK_PKCS11_FUNCTION_INFO(C_CloseSession)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++/* C_CloseAllSessions closes all sessions with a token. */
++CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID /* the token's slot */
++);
++#endif
++
++
++/* C_GetSessionInfo obtains information about the session. */
++CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_SESSION_INFO_PTR pInfo /* receives session info */
++);
++#endif
++
++
++/* C_GetOperationState obtains the state of the cryptographic operation
++ * in a session. */
++CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pOperationState, /* gets state */
++ CK_ULONG_PTR pulOperationStateLen /* gets state length */
++);
++#endif
++
++
++/* C_SetOperationState restores the state of the cryptographic
++ * operation in a session. */
++CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pOperationState, /* holds state */
++ CK_ULONG ulOperationStateLen, /* holds state length */
++ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
++ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
++);
++#endif
++
++
++/* C_Login logs a user into a token. */
++CK_PKCS11_FUNCTION_INFO(C_Login)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_USER_TYPE userType, /* the user type */
++ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
++ CK_ULONG ulPinLen /* the length of the PIN */
++);
++#endif
++
++
++/* C_Logout logs a user out from a token. */
++CK_PKCS11_FUNCTION_INFO(C_Logout)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Object management */
++
++/* C_CreateObject creates a new object. */
++CK_PKCS11_FUNCTION_INFO(C_CreateObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
++ CK_ULONG ulCount, /* attributes in template */
++ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
++);
++#endif
++
++
++/* C_CopyObject copies an object, creating a new object for the
++ * copy. */
++CK_PKCS11_FUNCTION_INFO(C_CopyObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
++ CK_ULONG ulCount, /* attributes in template */
++ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
++);
++#endif
++
++
++/* C_DestroyObject destroys an object. */
++CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject /* the object's handle */
++);
++#endif
++
++
++/* C_GetObjectSize gets the size of an object in bytes. */
++CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ULONG_PTR pulSize /* receives size of object */
++);
++#endif
++
++
++/* C_GetAttributeValue obtains the value of one or more object
++ * attributes. */
++CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
++ CK_ULONG ulCount /* attributes in template */
++);
++#endif
++
++
++/* C_SetAttributeValue modifies the value of one or more object
++ * attributes */
++CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
++ CK_ULONG ulCount /* attributes in template */
++);
++#endif
++
++
++/* C_FindObjectsInit initializes a search for token and session
++ * objects that match a template. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
++ CK_ULONG ulCount /* attrs in search template */
++);
++#endif
++
++
++/* C_FindObjects continues a search for token and session
++ * objects that match a template, obtaining additional object
++ * handles. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjects)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
++ CK_ULONG ulMaxObjectCount, /* max handles to get */
++ CK_ULONG_PTR pulObjectCount /* actual # returned */
++);
++#endif
++
++
++/* C_FindObjectsFinal finishes a search for token and session
++ * objects. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Encryption and decryption */
++
++/* C_EncryptInit initializes an encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of encryption key */
++);
++#endif
++
++
++/* C_Encrypt encrypts single-part data. */
++CK_PKCS11_FUNCTION_INFO(C_Encrypt)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pData, /* the plaintext data */
++ CK_ULONG ulDataLen, /* bytes of plaintext */
++ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
++);
++#endif
++
++
++/* C_EncryptUpdate continues a multiple-part encryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext data len */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
++);
++#endif
++
++
++/* C_EncryptFinal finishes a multiple-part encryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session handle */
++ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
++ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
++);
++#endif
++
++
++/* C_DecryptInit initializes a decryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of decryption key */
++);
++#endif
++
++
++/* C_Decrypt decrypts encrypted data in a single part. */
++CK_PKCS11_FUNCTION_INFO(C_Decrypt)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedData, /* ciphertext */
++ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
++ CK_BYTE_PTR pData, /* gets plaintext */
++ CK_ULONG_PTR pulDataLen /* gets p-text size */
++);
++#endif
++
++
++/* C_DecryptUpdate continues a multiple-part decryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
++ CK_ULONG ulEncryptedPartLen, /* input length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* p-text size */
++);
++#endif
++
++
++/* C_DecryptFinal finishes a multiple-part decryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pLastPart, /* gets plaintext */
++ CK_ULONG_PTR pulLastPartLen /* p-text size */
++);
++#endif
++
++
++
++/* Message digesting */
++
++/* C_DigestInit initializes a message-digesting operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
++);
++#endif
++
++
++/* C_Digest digests data in a single part. */
++CK_PKCS11_FUNCTION_INFO(C_Digest)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* data to be digested */
++ CK_ULONG ulDataLen, /* bytes of data to digest */
++ CK_BYTE_PTR pDigest, /* gets the message digest */
++ CK_ULONG_PTR pulDigestLen /* gets digest length */
++);
++#endif
++
++
++/* C_DigestUpdate continues a multiple-part message-digesting
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* data to be digested */
++ CK_ULONG ulPartLen /* bytes of data to be digested */
++);
++#endif
++
++
++/* C_DigestKey continues a multi-part message-digesting
++ * operation, by digesting the value of a secret key as part of
++ * the data already digested. */
++CK_PKCS11_FUNCTION_INFO(C_DigestKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hKey /* secret key to digest */
++);
++#endif
++
++
++/* C_DigestFinal finishes a multiple-part message-digesting
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pDigest, /* gets the message digest */
++ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
++);
++#endif
++
++
++
++/* Signing and MACing */
++
++/* C_SignInit initializes a signature (private key encryption)
++ * operation, where the signature is (will be) an appendix to
++ * the data, and plaintext cannot be recovered from the
++ *signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of signature key */
++);
++#endif
++
++
++/* C_Sign signs (encrypts with private key) data in a single
++ * part, where the signature is (will be) an appendix to the
++ * data, and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_Sign)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* the data to sign */
++ CK_ULONG ulDataLen, /* count of bytes to sign */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++/* C_SignUpdate continues a multiple-part signature operation,
++ * where the signature is (will be) an appendix to the data,
++ * and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* the data to sign */
++ CK_ULONG ulPartLen /* count of bytes to sign */
++);
++#endif
++
++
++/* C_SignFinal finishes a multiple-part signature operation,
++ * returning the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++/* C_SignRecoverInit initializes a signature operation, where
++ * the data can be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of the signature key */
++);
++#endif
++
++
++/* C_SignRecover signs data in a single operation, where the
++ * data can be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignRecover)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* the data to sign */
++ CK_ULONG ulDataLen, /* count of bytes to sign */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++
++/* Verifying signatures and MACs */
++
++/* C_VerifyInit initializes a verification operation, where the
++ * signature is an appendix to the data, and plaintext cannot
++ * cannot be recovered from the signature (e.g. DSA). */
++CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
++ CK_OBJECT_HANDLE hKey /* verification key */
++);
++#endif
++
++
++/* C_Verify verifies a signature in a single-part operation,
++ * where the signature is an appendix to the data, and plaintext
++ * cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_Verify)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* signed data */
++ CK_ULONG ulDataLen, /* length of signed data */
++ CK_BYTE_PTR pSignature, /* signature */
++ CK_ULONG ulSignatureLen /* signature length*/
++);
++#endif
++
++
++/* C_VerifyUpdate continues a multiple-part verification
++ * operation, where the signature is an appendix to the data,
++ * and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* signed data */
++ CK_ULONG ulPartLen /* length of signed data */
++);
++#endif
++
++
++/* C_VerifyFinal finishes a multiple-part verification
++ * operation, checking the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* signature to verify */
++ CK_ULONG ulSignatureLen /* signature length */
++);
++#endif
++
++
++/* C_VerifyRecoverInit initializes a signature verification
++ * operation, where the data is recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
++ CK_OBJECT_HANDLE hKey /* verification key */
++);
++#endif
++
++
++/* C_VerifyRecover verifies a signature in a single-part
++ * operation, where the data is recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* signature to verify */
++ CK_ULONG ulSignatureLen, /* signature length */
++ CK_BYTE_PTR pData, /* gets signed data */
++ CK_ULONG_PTR pulDataLen /* gets signed data len */
++);
++#endif
++
++
++
++/* Dual-function cryptographic operations */
++
++/* C_DigestEncryptUpdate continues a multiple-part digesting
++ * and encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext length */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
++);
++#endif
++
++
++/* C_DecryptDigestUpdate continues a multiple-part decryption and
++ * digesting operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
++ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* gets plaintext len */
++);
++#endif
++
++
++/* C_SignEncryptUpdate continues a multiple-part signing and
++ * encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext length */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
++);
++#endif
++
++
++/* C_DecryptVerifyUpdate continues a multiple-part decryption and
++ * verify operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
++ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* gets p-text length */
++);
++#endif
++
++
++
++/* Key management */
++
++/* C_GenerateKey generates a secret key, creating a new key
++ * object. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
++ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
++ CK_ULONG ulCount, /* # of attrs in template */
++ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
++);
++#endif
++
++
++/* C_GenerateKeyPair generates a public-key/private-key pair,
++ * creating new key objects. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session
++ * handle */
++ CK_MECHANISM_PTR pMechanism, /* key-gen
++ * mech. */
++ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
++ * for pub.
++ * key */
++ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
++ * attrs. */
++ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
++ * for priv.
++ * key */
++ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
++ * attrs. */
++ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
++ * key
++ * handle */
++ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
++ * priv. key
++ * handle */
++);
++#endif
++
++
++/* C_WrapKey wraps (i.e., encrypts) a key. */
++CK_PKCS11_FUNCTION_INFO(C_WrapKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
++ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
++ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
++ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
++ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
++);
++#endif
++
++
++/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
++ * key object. */
++CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
++ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
++ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
++ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
++ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
++ CK_ULONG ulAttributeCount, /* template length */
++ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
++);
++#endif
++
++
++/* C_DeriveKey derives a key from a base key, creating a new key
++ * object. */
++CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
++ CK_OBJECT_HANDLE hBaseKey, /* base key */
++ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
++ CK_ULONG ulAttributeCount, /* template length */
++ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
++);
++#endif
++
++
++
++/* Random number generation */
++
++/* C_SeedRandom mixes additional seed material into the token's
++ * random number generator. */
++CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSeed, /* the seed material */
++ CK_ULONG ulSeedLen /* length of seed material */
++);
++#endif
++
++
++/* C_GenerateRandom generates random data. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR RandomData, /* receives the random data */
++ CK_ULONG ulRandomLen /* # of bytes to generate */
++);
++#endif
++
++
++
++/* Parallel function management */
++
++/* C_GetFunctionStatus is a legacy function; it obtains an
++ * updated status of a function running in parallel with an
++ * application. */
++CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++/* C_CancelFunction is a legacy function; it cancels a function
++ * running in parallel. */
++CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Functions added in for Cryptoki Version 2.01 or later */
++
++/* C_WaitForSlotEvent waits for a slot event (token insertion,
++ * removal, etc.) to occur. */
++CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_FLAGS flags, /* blocking/nonblocking flag */
++ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
++ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
++);
++#endif
+Index: openssl/crypto/engine/pkcs11t.h
+diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
+--- /dev/null Thu Jul 3 12:39:57 2014
++++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
+@@ -0,0 +1,1885 @@
++/* pkcs11t.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++/* See top of pkcs11.h for information about the macros that
++ * must be defined and the structure-packing conventions that
++ * must be set before including this file. */
++
++#ifndef _PKCS11T_H_
++#define _PKCS11T_H_ 1
++
++#define CRYPTOKI_VERSION_MAJOR 2
++#define CRYPTOKI_VERSION_MINOR 20
++#define CRYPTOKI_VERSION_AMENDMENT 3
++
++#define CK_TRUE 1
++#define CK_FALSE 0
++
++#ifndef CK_DISABLE_TRUE_FALSE
++#ifndef FALSE
++#define FALSE CK_FALSE
++#endif
++
++#ifndef TRUE
++#define TRUE CK_TRUE
++#endif
++#endif
++
++/* an unsigned 8-bit value */
++typedef unsigned char CK_BYTE;
++
++/* an unsigned 8-bit character */
++typedef CK_BYTE CK_CHAR;
++
++/* an 8-bit UTF-8 character */
++typedef CK_BYTE CK_UTF8CHAR;
++
++/* a BYTE-sized Boolean flag */
++typedef CK_BYTE CK_BBOOL;
++
++/* an unsigned value, at least 32 bits long */
++typedef unsigned long int CK_ULONG;
++
++/* a signed value, the same size as a CK_ULONG */
++/* CK_LONG is new for v2.0 */
++typedef long int CK_LONG;
++
++/* at least 32 bits; each bit is a Boolean flag */
++typedef CK_ULONG CK_FLAGS;
++
++
++/* some special values for certain CK_ULONG variables */
++#define CK_UNAVAILABLE_INFORMATION (~0UL)
++#define CK_EFFECTIVELY_INFINITE 0
++
++
++typedef CK_BYTE CK_PTR CK_BYTE_PTR;
++typedef CK_CHAR CK_PTR CK_CHAR_PTR;
++typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
++typedef CK_ULONG CK_PTR CK_ULONG_PTR;
++typedef void CK_PTR CK_VOID_PTR;
++
++/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
++typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
++
++
++/* The following value is always invalid if used as a session */
++/* handle or object handle */
++#define CK_INVALID_HANDLE 0
++
++
++typedef struct CK_VERSION {
++ CK_BYTE major; /* integer portion of version number */
++ CK_BYTE minor; /* 1/100ths portion of version number */
++} CK_VERSION;
++
++typedef CK_VERSION CK_PTR CK_VERSION_PTR;
++
++
++typedef struct CK_INFO {
++ /* manufacturerID and libraryDecription have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_FLAGS flags; /* must be zero */
++
++ /* libraryDescription and libraryVersion are new for v2.0 */
++ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
++ CK_VERSION libraryVersion; /* version of library */
++} CK_INFO;
++
++typedef CK_INFO CK_PTR CK_INFO_PTR;
++
++
++/* CK_NOTIFICATION enumerates the types of notifications that
++ * Cryptoki provides to an application */
++/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
++ * for v2.0 */
++typedef CK_ULONG CK_NOTIFICATION;
++#define CKN_SURRENDER 0
++
++/* The following notification is new for PKCS #11 v2.20 amendment 3 */
++#define CKN_OTP_CHANGED 1
++
++
++typedef CK_ULONG CK_SLOT_ID;
++
++typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
++
++
++/* CK_SLOT_INFO provides information about a slot */
++typedef struct CK_SLOT_INFO {
++ /* slotDescription and manufacturerID have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_UTF8CHAR slotDescription[64]; /* blank padded */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_FLAGS flags;
++
++ /* hardwareVersion and firmwareVersion are new for v2.0 */
++ CK_VERSION hardwareVersion; /* version of hardware */
++ CK_VERSION firmwareVersion; /* version of firmware */
++} CK_SLOT_INFO;
++
++/* flags: bit flags that provide capabilities of the slot
++ * Bit Flag Mask Meaning
++ */
++#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
++#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
++#define CKF_HW_SLOT 0x00000004 /* hardware slot */
++
++typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
++
++
++/* CK_TOKEN_INFO provides information about a token */
++typedef struct CK_TOKEN_INFO {
++ /* label, manufacturerID, and model have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_UTF8CHAR label[32]; /* blank padded */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_UTF8CHAR model[16]; /* blank padded */
++ CK_CHAR serialNumber[16]; /* blank padded */
++ CK_FLAGS flags; /* see below */
++
++ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
++ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
++ * changed from CK_USHORT to CK_ULONG for v2.0 */
++ CK_ULONG ulMaxSessionCount; /* max open sessions */
++ CK_ULONG ulSessionCount; /* sess. now open */
++ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
++ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
++ CK_ULONG ulMaxPinLen; /* in bytes */
++ CK_ULONG ulMinPinLen; /* in bytes */
++ CK_ULONG ulTotalPublicMemory; /* in bytes */
++ CK_ULONG ulFreePublicMemory; /* in bytes */
++ CK_ULONG ulTotalPrivateMemory; /* in bytes */
++ CK_ULONG ulFreePrivateMemory; /* in bytes */
++
++ /* hardwareVersion, firmwareVersion, and time are new for
++ * v2.0 */
++ CK_VERSION hardwareVersion; /* version of hardware */
++ CK_VERSION firmwareVersion; /* version of firmware */
++ CK_CHAR utcTime[16]; /* time */
++} CK_TOKEN_INFO;
++
++/* The flags parameter is defined as follows:
++ * Bit Flag Mask Meaning
++ */
++#define CKF_RNG 0x00000001 /* has random #
++ * generator */
++#define CKF_WRITE_PROTECTED 0x00000002 /* token is
++ * write-
++ * protected */
++#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
++ * login */
++#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
++ * PIN is set */
++
++/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
++ * that means that *every* time the state of cryptographic
++ * operations of a session is successfully saved, all keys
++ * needed to continue those operations are stored in the state */
++#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
++
++/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
++ * that the token has some sort of clock. The time on that
++ * clock is returned in the token info structure */
++#define CKF_CLOCK_ON_TOKEN 0x00000040
++
++/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
++ * set, that means that there is some way for the user to login
++ * without sending a PIN through the Cryptoki library itself */
++#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
++
++/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
++ * that means that a single session with the token can perform
++ * dual simultaneous cryptographic operations (digest and
++ * encrypt; decrypt and digest; sign and encrypt; and decrypt
++ * and sign) */
++#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
++
++/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
++ * token has been initialized using C_InitializeToken or an
++ * equivalent mechanism outside the scope of PKCS #11.
++ * Calling C_InitializeToken when this flag is set will cause
++ * the token to be reinitialized. */
++#define CKF_TOKEN_INITIALIZED 0x00000400
++
++/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
++ * true, the token supports secondary authentication for
++ * private key objects. This flag is deprecated in v2.11 and
++ onwards. */
++#define CKF_SECONDARY_AUTHENTICATION 0x00000800
++
++/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
++ * incorrect user login PIN has been entered at least once
++ * since the last successful authentication. */
++#define CKF_USER_PIN_COUNT_LOW 0x00010000
++
++/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
++ * supplying an incorrect user PIN will it to become locked. */
++#define CKF_USER_PIN_FINAL_TRY 0x00020000
++
++/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
++ * user PIN has been locked. User login to the token is not
++ * possible. */
++#define CKF_USER_PIN_LOCKED 0x00040000
++
++/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
++ * the user PIN value is the default value set by token
++ * initialization or manufacturing, or the PIN has been
++ * expired by the card. */
++#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
++
++/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
++ * incorrect SO login PIN has been entered at least once since
++ * the last successful authentication. */
++#define CKF_SO_PIN_COUNT_LOW 0x00100000
++
++/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
++ * supplying an incorrect SO PIN will it to become locked. */
++#define CKF_SO_PIN_FINAL_TRY 0x00200000
++
++/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
++ * PIN has been locked. SO login to the token is not possible.
++ */
++#define CKF_SO_PIN_LOCKED 0x00400000
++
++/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
++ * the SO PIN value is the default value set by token
++ * initialization or manufacturing, or the PIN has been
++ * expired by the card. */
++#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
++
++typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
++
++
++/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
++ * identifies a session */
++typedef CK_ULONG CK_SESSION_HANDLE;
++
++typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
++
++
++/* CK_USER_TYPE enumerates the types of Cryptoki users */
++/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_USER_TYPE;
++/* Security Officer */
++#define CKU_SO 0
++/* Normal user */
++#define CKU_USER 1
++/* Context specific (added in v2.20) */
++#define CKU_CONTEXT_SPECIFIC 2
++
++/* CK_STATE enumerates the session states */
++/* CK_STATE has been changed from an enum to a CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_STATE;
++#define CKS_RO_PUBLIC_SESSION 0
++#define CKS_RO_USER_FUNCTIONS 1
++#define CKS_RW_PUBLIC_SESSION 2
++#define CKS_RW_USER_FUNCTIONS 3
++#define CKS_RW_SO_FUNCTIONS 4
++
++
++/* CK_SESSION_INFO provides information about a session */
++typedef struct CK_SESSION_INFO {
++ CK_SLOT_ID slotID;
++ CK_STATE state;
++ CK_FLAGS flags; /* see below */
++
++ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulDeviceError; /* device-dependent error code */
++} CK_SESSION_INFO;
++
++/* The flags are defined in the following table:
++ * Bit Flag Mask Meaning
++ */
++#define CKF_RW_SESSION 0x00000002 /* session is r/w */
++#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
++
++typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
++
++
++/* CK_OBJECT_HANDLE is a token-specific identifier for an
++ * object */
++typedef CK_ULONG CK_OBJECT_HANDLE;
++
++typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
++
++
++/* CK_OBJECT_CLASS is a value that identifies the classes (or
++ * types) of objects that Cryptoki recognizes. It is defined
++ * as follows: */
++/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_OBJECT_CLASS;
++
++/* The following classes of objects are defined: */
++/* CKO_HW_FEATURE is new for v2.10 */
++/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
++/* CKO_MECHANISM is new for v2.20 */
++#define CKO_DATA 0x00000000
++#define CKO_CERTIFICATE 0x00000001
++#define CKO_PUBLIC_KEY 0x00000002
++#define CKO_PRIVATE_KEY 0x00000003
++#define CKO_SECRET_KEY 0x00000004
++#define CKO_HW_FEATURE 0x00000005
++#define CKO_DOMAIN_PARAMETERS 0x00000006
++#define CKO_MECHANISM 0x00000007
++
++/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
++#define CKO_OTP_KEY 0x00000008
++
++#define CKO_VENDOR_DEFINED 0x80000000
++
++typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
++
++/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
++ * value that identifies the hardware feature type of an object
++ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
++typedef CK_ULONG CK_HW_FEATURE_TYPE;
++
++/* The following hardware feature types are defined */
++/* CKH_USER_INTERFACE is new for v2.20 */
++#define CKH_MONOTONIC_COUNTER 0x00000001
++#define CKH_CLOCK 0x00000002
++#define CKH_USER_INTERFACE 0x00000003
++#define CKH_VENDOR_DEFINED 0x80000000
++
++/* CK_KEY_TYPE is a value that identifies a key type */
++/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
++typedef CK_ULONG CK_KEY_TYPE;
++
++/* the following key types are defined: */
++#define CKK_RSA 0x00000000
++#define CKK_DSA 0x00000001
++#define CKK_DH 0x00000002
++
++/* CKK_ECDSA and CKK_KEA are new for v2.0 */
++/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
++#define CKK_ECDSA 0x00000003
++#define CKK_EC 0x00000003
++#define CKK_X9_42_DH 0x00000004
++#define CKK_KEA 0x00000005
++
++#define CKK_GENERIC_SECRET 0x00000010
++#define CKK_RC2 0x00000011
++#define CKK_RC4 0x00000012
++#define CKK_DES 0x00000013
++#define CKK_DES2 0x00000014
++#define CKK_DES3 0x00000015
++
++/* all these key types are new for v2.0 */
++#define CKK_CAST 0x00000016
++#define CKK_CAST3 0x00000017
++/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
++#define CKK_CAST5 0x00000018
++#define CKK_CAST128 0x00000018
++#define CKK_RC5 0x00000019
++#define CKK_IDEA 0x0000001A
++#define CKK_SKIPJACK 0x0000001B
++#define CKK_BATON 0x0000001C
++#define CKK_JUNIPER 0x0000001D
++#define CKK_CDMF 0x0000001E
++#define CKK_AES 0x0000001F
++
++/* BlowFish and TwoFish are new for v2.20 */
++#define CKK_BLOWFISH 0x00000020
++#define CKK_TWOFISH 0x00000021
++
++/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
++#define CKK_SECURID 0x00000022
++#define CKK_HOTP 0x00000023
++#define CKK_ACTI 0x00000024
++
++/* Camellia is new for PKCS #11 v2.20 amendment 3 */
++#define CKK_CAMELLIA 0x00000025
++/* ARIA is new for PKCS #11 v2.20 amendment 3 */
++#define CKK_ARIA 0x00000026
++
++
++#define CKK_VENDOR_DEFINED 0x80000000
++
++
++/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
++ * type */
++/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
++ * for v2.0 */
++typedef CK_ULONG CK_CERTIFICATE_TYPE;
++
++/* The following certificate types are defined: */
++/* CKC_X_509_ATTR_CERT is new for v2.10 */
++/* CKC_WTLS is new for v2.20 */
++#define CKC_X_509 0x00000000
++#define CKC_X_509_ATTR_CERT 0x00000001
++#define CKC_WTLS 0x00000002
++#define CKC_VENDOR_DEFINED 0x80000000
++
++
++/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
++ * type */
++/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_ATTRIBUTE_TYPE;
++
++/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
++ consists of an array of values. */
++#define CKF_ARRAY_ATTRIBUTE 0x40000000
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
++ and relates to the CKA_OTP_FORMAT attribute */
++#define CK_OTP_FORMAT_DECIMAL 0
++#define CK_OTP_FORMAT_HEXADECIMAL 1
++#define CK_OTP_FORMAT_ALPHANUMERIC 2
++#define CK_OTP_FORMAT_BINARY 3
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
++ and relates to the CKA_OTP_..._REQUIREMENT attributes */
++#define CK_OTP_PARAM_IGNORED 0
++#define CK_OTP_PARAM_OPTIONAL 1
++#define CK_OTP_PARAM_MANDATORY 2
++
++/* The following attribute types are defined: */
++#define CKA_CLASS 0x00000000
++#define CKA_TOKEN 0x00000001
++#define CKA_PRIVATE 0x00000002
++#define CKA_LABEL 0x00000003
++#define CKA_APPLICATION 0x00000010
++#define CKA_VALUE 0x00000011
++
++/* CKA_OBJECT_ID is new for v2.10 */
++#define CKA_OBJECT_ID 0x00000012
++
++#define CKA_CERTIFICATE_TYPE 0x00000080
++#define CKA_ISSUER 0x00000081
++#define CKA_SERIAL_NUMBER 0x00000082
++
++/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
++ * for v2.10 */
++#define CKA_AC_ISSUER 0x00000083
++#define CKA_OWNER 0x00000084
++#define CKA_ATTR_TYPES 0x00000085
++
++/* CKA_TRUSTED is new for v2.11 */
++#define CKA_TRUSTED 0x00000086
++
++/* CKA_CERTIFICATE_CATEGORY ...
++ * CKA_CHECK_VALUE are new for v2.20 */
++#define CKA_CERTIFICATE_CATEGORY 0x00000087
++#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
++#define CKA_URL 0x00000089
++#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
++#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
++#define CKA_CHECK_VALUE 0x00000090
++
++#define CKA_KEY_TYPE 0x00000100
++#define CKA_SUBJECT 0x00000101
++#define CKA_ID 0x00000102
++#define CKA_SENSITIVE 0x00000103
++#define CKA_ENCRYPT 0x00000104
++#define CKA_DECRYPT 0x00000105
++#define CKA_WRAP 0x00000106
++#define CKA_UNWRAP 0x00000107
++#define CKA_SIGN 0x00000108
++#define CKA_SIGN_RECOVER 0x00000109
++#define CKA_VERIFY 0x0000010A
++#define CKA_VERIFY_RECOVER 0x0000010B
++#define CKA_DERIVE 0x0000010C
++#define CKA_START_DATE 0x00000110
++#define CKA_END_DATE 0x00000111
++#define CKA_MODULUS 0x00000120
++#define CKA_MODULUS_BITS 0x00000121
++#define CKA_PUBLIC_EXPONENT 0x00000122
++#define CKA_PRIVATE_EXPONENT 0x00000123
++#define CKA_PRIME_1 0x00000124
++#define CKA_PRIME_2 0x00000125
++#define CKA_EXPONENT_1 0x00000126
++#define CKA_EXPONENT_2 0x00000127
++#define CKA_COEFFICIENT 0x00000128
++#define CKA_PRIME 0x00000130
++#define CKA_SUBPRIME 0x00000131
++#define CKA_BASE 0x00000132
++
++/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
++#define CKA_PRIME_BITS 0x00000133
++#define CKA_SUBPRIME_BITS 0x00000134
++#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
++/* (To retain backwards-compatibility) */
++
++#define CKA_VALUE_BITS 0x00000160
++#define CKA_VALUE_LEN 0x00000161
++
++/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
++ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
++ * and CKA_EC_POINT are new for v2.0 */
++#define CKA_EXTRACTABLE 0x00000162
++#define CKA_LOCAL 0x00000163
++#define CKA_NEVER_EXTRACTABLE 0x00000164
++#define CKA_ALWAYS_SENSITIVE 0x00000165
++
++/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
++#define CKA_KEY_GEN_MECHANISM 0x00000166
++
++#define CKA_MODIFIABLE 0x00000170
++
++/* CKA_ECDSA_PARAMS is deprecated in v2.11,
++ * CKA_EC_PARAMS is preferred. */
++#define CKA_ECDSA_PARAMS 0x00000180
++#define CKA_EC_PARAMS 0x00000180
++
++#define CKA_EC_POINT 0x00000181
++
++/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
++ * are new for v2.10. Deprecated in v2.11 and onwards. */
++#define CKA_SECONDARY_AUTH 0x00000200
++#define CKA_AUTH_PIN_FLAGS 0x00000201
++
++/* CKA_ALWAYS_AUTHENTICATE ...
++ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
++#define CKA_ALWAYS_AUTHENTICATE 0x00000202
++
++#define CKA_WRAP_WITH_TRUSTED 0x00000210
++#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
++#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
++
++/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
++#define CKA_OTP_FORMAT 0x00000220
++#define CKA_OTP_LENGTH 0x00000221
++#define CKA_OTP_TIME_INTERVAL 0x00000222
++#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
++#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
++#define CKA_OTP_TIME_REQUIREMENT 0x00000225
++#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
++#define CKA_OTP_PIN_REQUIREMENT 0x00000227
++#define CKA_OTP_COUNTER 0x0000022E
++#define CKA_OTP_TIME 0x0000022F
++#define CKA_OTP_USER_IDENTIFIER 0x0000022A
++#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
++#define CKA_OTP_SERVICE_LOGO 0x0000022C
++#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
++
++
++/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
++ * are new for v2.10 */
++#define CKA_HW_FEATURE_TYPE 0x00000300
++#define CKA_RESET_ON_INIT 0x00000301
++#define CKA_HAS_RESET 0x00000302
++
++/* The following attributes are new for v2.20 */
++#define CKA_PIXEL_X 0x00000400
++#define CKA_PIXEL_Y 0x00000401
++#define CKA_RESOLUTION 0x00000402
++#define CKA_CHAR_ROWS 0x00000403
++#define CKA_CHAR_COLUMNS 0x00000404
++#define CKA_COLOR 0x00000405
++#define CKA_BITS_PER_PIXEL 0x00000406
++#define CKA_CHAR_SETS 0x00000480
++#define CKA_ENCODING_METHODS 0x00000481
++#define CKA_MIME_TYPES 0x00000482
++#define CKA_MECHANISM_TYPE 0x00000500
++#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
++#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
++#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
++#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
++
++#define CKA_VENDOR_DEFINED 0x80000000
++
++/* CK_ATTRIBUTE is a structure that includes the type, length
++ * and value of an attribute */
++typedef struct CK_ATTRIBUTE {
++ CK_ATTRIBUTE_TYPE type;
++ CK_VOID_PTR pValue;
++
++ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
++ CK_ULONG ulValueLen; /* in bytes */
++} CK_ATTRIBUTE;
++
++typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
++
++
++/* CK_DATE is a structure that defines a date */
++typedef struct CK_DATE{
++ CK_CHAR year[4]; /* the year ("1900" - "9999") */
++ CK_CHAR month[2]; /* the month ("01" - "12") */
++ CK_CHAR day[2]; /* the day ("01" - "31") */
++} CK_DATE;
++
++
++/* CK_MECHANISM_TYPE is a value that identifies a mechanism
++ * type */
++/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_MECHANISM_TYPE;
++
++/* the following mechanism types are defined: */
++#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
++#define CKM_RSA_PKCS 0x00000001
++#define CKM_RSA_9796 0x00000002
++#define CKM_RSA_X_509 0x00000003
++
++/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
++ * are new for v2.0. They are mechanisms which hash and sign */
++#define CKM_MD2_RSA_PKCS 0x00000004
++#define CKM_MD5_RSA_PKCS 0x00000005
++#define CKM_SHA1_RSA_PKCS 0x00000006
++
++/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
++ * CKM_RSA_PKCS_OAEP are new for v2.10 */
++#define CKM_RIPEMD128_RSA_PKCS 0x00000007
++#define CKM_RIPEMD160_RSA_PKCS 0x00000008
++#define CKM_RSA_PKCS_OAEP 0x00000009
++
++/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
++ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
++#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
++#define CKM_RSA_X9_31 0x0000000B
++#define CKM_SHA1_RSA_X9_31 0x0000000C
++#define CKM_RSA_PKCS_PSS 0x0000000D
++#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
++
++#define CKM_DSA_KEY_PAIR_GEN 0x00000010
++#define CKM_DSA 0x00000011
++#define CKM_DSA_SHA1 0x00000012
++#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
++#define CKM_DH_PKCS_DERIVE 0x00000021
++
++/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
++ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
++ * v2.11 */
++#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
++#define CKM_X9_42_DH_DERIVE 0x00000031
++#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
++#define CKM_X9_42_MQV_DERIVE 0x00000033
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256_RSA_PKCS 0x00000040
++#define CKM_SHA384_RSA_PKCS 0x00000041
++#define CKM_SHA512_RSA_PKCS 0x00000042
++#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
++#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
++#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
++
++/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224_RSA_PKCS 0x00000046
++#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
++
++#define CKM_RC2_KEY_GEN 0x00000100
++#define CKM_RC2_ECB 0x00000101
++#define CKM_RC2_CBC 0x00000102
++#define CKM_RC2_MAC 0x00000103
++
++/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
++#define CKM_RC2_MAC_GENERAL 0x00000104
++#define CKM_RC2_CBC_PAD 0x00000105
++
++#define CKM_RC4_KEY_GEN 0x00000110
++#define CKM_RC4 0x00000111
++#define CKM_DES_KEY_GEN 0x00000120
++#define CKM_DES_ECB 0x00000121
++#define CKM_DES_CBC 0x00000122
++#define CKM_DES_MAC 0x00000123
++
++/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
++#define CKM_DES_MAC_GENERAL 0x00000124
++#define CKM_DES_CBC_PAD 0x00000125
++
++#define CKM_DES2_KEY_GEN 0x00000130
++#define CKM_DES3_KEY_GEN 0x00000131
++#define CKM_DES3_ECB 0x00000132
++#define CKM_DES3_CBC 0x00000133
++#define CKM_DES3_MAC 0x00000134
++
++/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
++ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
++ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
++#define CKM_DES3_MAC_GENERAL 0x00000135
++#define CKM_DES3_CBC_PAD 0x00000136
++#define CKM_CDMF_KEY_GEN 0x00000140
++#define CKM_CDMF_ECB 0x00000141
++#define CKM_CDMF_CBC 0x00000142
++#define CKM_CDMF_MAC 0x00000143
++#define CKM_CDMF_MAC_GENERAL 0x00000144
++#define CKM_CDMF_CBC_PAD 0x00000145
++
++/* the following four DES mechanisms are new for v2.20 */
++#define CKM_DES_OFB64 0x00000150
++#define CKM_DES_OFB8 0x00000151
++#define CKM_DES_CFB64 0x00000152
++#define CKM_DES_CFB8 0x00000153
++
++#define CKM_MD2 0x00000200
++
++/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
++#define CKM_MD2_HMAC 0x00000201
++#define CKM_MD2_HMAC_GENERAL 0x00000202
++
++#define CKM_MD5 0x00000210
++
++/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
++#define CKM_MD5_HMAC 0x00000211
++#define CKM_MD5_HMAC_GENERAL 0x00000212
++
++#define CKM_SHA_1 0x00000220
++
++/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
++#define CKM_SHA_1_HMAC 0x00000221
++#define CKM_SHA_1_HMAC_GENERAL 0x00000222
++
++/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
++ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
++ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
++#define CKM_RIPEMD128 0x00000230
++#define CKM_RIPEMD128_HMAC 0x00000231
++#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
++#define CKM_RIPEMD160 0x00000240
++#define CKM_RIPEMD160_HMAC 0x00000241
++#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256 0x00000250
++#define CKM_SHA256_HMAC 0x00000251
++#define CKM_SHA256_HMAC_GENERAL 0x00000252
++
++/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224 0x00000255
++#define CKM_SHA224_HMAC 0x00000256
++#define CKM_SHA224_HMAC_GENERAL 0x00000257
++
++#define CKM_SHA384 0x00000260
++#define CKM_SHA384_HMAC 0x00000261
++#define CKM_SHA384_HMAC_GENERAL 0x00000262
++#define CKM_SHA512 0x00000270
++#define CKM_SHA512_HMAC 0x00000271
++#define CKM_SHA512_HMAC_GENERAL 0x00000272
++
++/* SecurID is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_SECURID_KEY_GEN 0x00000280
++#define CKM_SECURID 0x00000282
++
++/* HOTP is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_HOTP_KEY_GEN 0x00000290
++#define CKM_HOTP 0x00000291
++
++/* ACTI is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_ACTI 0x000002A0
++#define CKM_ACTI_KEY_GEN 0x000002A1
++
++/* All of the following mechanisms are new for v2.0 */
++/* Note that CAST128 and CAST5 are the same algorithm */
++#define CKM_CAST_KEY_GEN 0x00000300
++#define CKM_CAST_ECB 0x00000301
++#define CKM_CAST_CBC 0x00000302
++#define CKM_CAST_MAC 0x00000303
++#define CKM_CAST_MAC_GENERAL 0x00000304
++#define CKM_CAST_CBC_PAD 0x00000305
++#define CKM_CAST3_KEY_GEN 0x00000310
++#define CKM_CAST3_ECB 0x00000311
++#define CKM_CAST3_CBC 0x00000312
++#define CKM_CAST3_MAC 0x00000313
++#define CKM_CAST3_MAC_GENERAL 0x00000314
++#define CKM_CAST3_CBC_PAD 0x00000315
++#define CKM_CAST5_KEY_GEN 0x00000320
++#define CKM_CAST128_KEY_GEN 0x00000320
++#define CKM_CAST5_ECB 0x00000321
++#define CKM_CAST128_ECB 0x00000321
++#define CKM_CAST5_CBC 0x00000322
++#define CKM_CAST128_CBC 0x00000322
++#define CKM_CAST5_MAC 0x00000323
++#define CKM_CAST128_MAC 0x00000323
++#define CKM_CAST5_MAC_GENERAL 0x00000324
++#define CKM_CAST128_MAC_GENERAL 0x00000324
++#define CKM_CAST5_CBC_PAD 0x00000325
++#define CKM_CAST128_CBC_PAD 0x00000325
++#define CKM_RC5_KEY_GEN 0x00000330
++#define CKM_RC5_ECB 0x00000331
++#define CKM_RC5_CBC 0x00000332
++#define CKM_RC5_MAC 0x00000333
++#define CKM_RC5_MAC_GENERAL 0x00000334
++#define CKM_RC5_CBC_PAD 0x00000335
++#define CKM_IDEA_KEY_GEN 0x00000340
++#define CKM_IDEA_ECB 0x00000341
++#define CKM_IDEA_CBC 0x00000342
++#define CKM_IDEA_MAC 0x00000343
++#define CKM_IDEA_MAC_GENERAL 0x00000344
++#define CKM_IDEA_CBC_PAD 0x00000345
++#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
++#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
++#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
++#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
++#define CKM_XOR_BASE_AND_DATA 0x00000364
++#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
++#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
++#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
++#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
++
++/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
++ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
++ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
++#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
++#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
++#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
++#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
++#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
++
++/* CKM_TLS_PRF is new for v2.20 */
++#define CKM_TLS_PRF 0x00000378
++
++#define CKM_SSL3_MD5_MAC 0x00000380
++#define CKM_SSL3_SHA1_MAC 0x00000381
++#define CKM_MD5_KEY_DERIVATION 0x00000390
++#define CKM_MD2_KEY_DERIVATION 0x00000391
++#define CKM_SHA1_KEY_DERIVATION 0x00000392
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256_KEY_DERIVATION 0x00000393
++#define CKM_SHA384_KEY_DERIVATION 0x00000394
++#define CKM_SHA512_KEY_DERIVATION 0x00000395
++
++/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224_KEY_DERIVATION 0x00000396
++
++#define CKM_PBE_MD2_DES_CBC 0x000003A0
++#define CKM_PBE_MD5_DES_CBC 0x000003A1
++#define CKM_PBE_MD5_CAST_CBC 0x000003A2
++#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
++#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
++#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
++#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
++#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
++#define CKM_PBE_SHA1_RC4_128 0x000003A6
++#define CKM_PBE_SHA1_RC4_40 0x000003A7
++#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
++#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
++#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
++#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
++
++/* CKM_PKCS5_PBKD2 is new for v2.10 */
++#define CKM_PKCS5_PBKD2 0x000003B0
++
++#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
++
++/* WTLS mechanisms are new for v2.20 */
++#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
++#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
++#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
++#define CKM_WTLS_PRF 0x000003D3
++#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
++#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
++
++#define CKM_KEY_WRAP_LYNKS 0x00000400
++#define CKM_KEY_WRAP_SET_OAEP 0x00000401
++
++/* CKM_CMS_SIG is new for v2.20 */
++#define CKM_CMS_SIG 0x00000500
++
++/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
++#define CKM_KIP_DERIVE 0x00000510
++#define CKM_KIP_WRAP 0x00000511
++#define CKM_KIP_MAC 0x00000512
++
++/* Camellia is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_CAMELLIA_KEY_GEN 0x00000550
++#define CKM_CAMELLIA_ECB 0x00000551
++#define CKM_CAMELLIA_CBC 0x00000552
++#define CKM_CAMELLIA_MAC 0x00000553
++#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
++#define CKM_CAMELLIA_CBC_PAD 0x00000555
++#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
++#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
++#define CKM_CAMELLIA_CTR 0x00000558
++
++/* ARIA is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_ARIA_KEY_GEN 0x00000560
++#define CKM_ARIA_ECB 0x00000561
++#define CKM_ARIA_CBC 0x00000562
++#define CKM_ARIA_MAC 0x00000563
++#define CKM_ARIA_MAC_GENERAL 0x00000564
++#define CKM_ARIA_CBC_PAD 0x00000565
++#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
++#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
++
++/* Fortezza mechanisms */
++#define CKM_SKIPJACK_KEY_GEN 0x00001000
++#define CKM_SKIPJACK_ECB64 0x00001001
++#define CKM_SKIPJACK_CBC64 0x00001002
++#define CKM_SKIPJACK_OFB64 0x00001003
++#define CKM_SKIPJACK_CFB64 0x00001004
++#define CKM_SKIPJACK_CFB32 0x00001005
++#define CKM_SKIPJACK_CFB16 0x00001006
++#define CKM_SKIPJACK_CFB8 0x00001007
++#define CKM_SKIPJACK_WRAP 0x00001008
++#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
++#define CKM_SKIPJACK_RELAYX 0x0000100a
++#define CKM_KEA_KEY_PAIR_GEN 0x00001010
++#define CKM_KEA_KEY_DERIVE 0x00001011
++#define CKM_FORTEZZA_TIMESTAMP 0x00001020
++#define CKM_BATON_KEY_GEN 0x00001030
++#define CKM_BATON_ECB128 0x00001031
++#define CKM_BATON_ECB96 0x00001032
++#define CKM_BATON_CBC128 0x00001033
++#define CKM_BATON_COUNTER 0x00001034
++#define CKM_BATON_SHUFFLE 0x00001035
++#define CKM_BATON_WRAP 0x00001036
++
++/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
++ * CKM_EC_KEY_PAIR_GEN is preferred */
++#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
++#define CKM_EC_KEY_PAIR_GEN 0x00001040
++
++#define CKM_ECDSA 0x00001041
++#define CKM_ECDSA_SHA1 0x00001042
++
++/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
++ * are new for v2.11 */
++#define CKM_ECDH1_DERIVE 0x00001050
++#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
++#define CKM_ECMQV_DERIVE 0x00001052
++
++#define CKM_JUNIPER_KEY_GEN 0x00001060
++#define CKM_JUNIPER_ECB128 0x00001061
++#define CKM_JUNIPER_CBC128 0x00001062
++#define CKM_JUNIPER_COUNTER 0x00001063
++#define CKM_JUNIPER_SHUFFLE 0x00001064
++#define CKM_JUNIPER_WRAP 0x00001065
++#define CKM_FASTHASH 0x00001070
++
++/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
++ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
++ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
++ * new for v2.11 */
++#define CKM_AES_KEY_GEN 0x00001080
++#define CKM_AES_ECB 0x00001081
++#define CKM_AES_CBC 0x00001082
++#define CKM_AES_MAC 0x00001083
++#define CKM_AES_MAC_GENERAL 0x00001084
++#define CKM_AES_CBC_PAD 0x00001085
++
++/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_AES_CTR 0x00001086
++
++/* BlowFish and TwoFish are new for v2.20 */
++#define CKM_BLOWFISH_KEY_GEN 0x00001090
++#define CKM_BLOWFISH_CBC 0x00001091
++#define CKM_TWOFISH_KEY_GEN 0x00001092
++#define CKM_TWOFISH_CBC 0x00001093
++
++
++/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
++#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
++#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
++#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
++#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
++#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
++#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
++
++#define CKM_DSA_PARAMETER_GEN 0x00002000
++#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
++#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
++
++#define CKM_VENDOR_DEFINED 0x80000000
++
++typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
++
++
++/* CK_MECHANISM is a structure that specifies a particular
++ * mechanism */
++typedef struct CK_MECHANISM {
++ CK_MECHANISM_TYPE mechanism;
++ CK_VOID_PTR pParameter;
++
++ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulParameterLen; /* in bytes */
++} CK_MECHANISM;
++
++typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
++
++
++/* CK_MECHANISM_INFO provides information about a particular
++ * mechanism */
++typedef struct CK_MECHANISM_INFO {
++ CK_ULONG ulMinKeySize;
++ CK_ULONG ulMaxKeySize;
++ CK_FLAGS flags;
++} CK_MECHANISM_INFO;
++
++/* The flags are defined as follows:
++ * Bit Flag Mask Meaning */
++#define CKF_HW 0x00000001 /* performed by HW */
++
++/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
++ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
++ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
++ * and CKF_DERIVE are new for v2.0. They specify whether or not
++ * a mechanism can be used for a particular task */
++#define CKF_ENCRYPT 0x00000100
++#define CKF_DECRYPT 0x00000200
++#define CKF_DIGEST 0x00000400
++#define CKF_SIGN 0x00000800
++#define CKF_SIGN_RECOVER 0x00001000
++#define CKF_VERIFY 0x00002000
++#define CKF_VERIFY_RECOVER 0x00004000
++#define CKF_GENERATE 0x00008000
++#define CKF_GENERATE_KEY_PAIR 0x00010000
++#define CKF_WRAP 0x00020000
++#define CKF_UNWRAP 0x00040000
++#define CKF_DERIVE 0x00080000
++
++/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
++ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
++ * describe a token's EC capabilities not available in mechanism
++ * information. */
++#define CKF_EC_F_P 0x00100000
++#define CKF_EC_F_2M 0x00200000
++#define CKF_EC_ECPARAMETERS 0x00400000
++#define CKF_EC_NAMEDCURVE 0x00800000
++#define CKF_EC_UNCOMPRESS 0x01000000
++#define CKF_EC_COMPRESS 0x02000000
++
++#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
++
++typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
++
++
++/* CK_RV is a value that identifies the return value of a
++ * Cryptoki function */
++/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
++typedef CK_ULONG CK_RV;
++
++#define CKR_OK 0x00000000
++#define CKR_CANCEL 0x00000001
++#define CKR_HOST_MEMORY 0x00000002
++#define CKR_SLOT_ID_INVALID 0x00000003
++
++/* CKR_FLAGS_INVALID was removed for v2.0 */
++
++/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
++#define CKR_GENERAL_ERROR 0x00000005
++#define CKR_FUNCTION_FAILED 0x00000006
++
++/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
++ * and CKR_CANT_LOCK are new for v2.01 */
++#define CKR_ARGUMENTS_BAD 0x00000007
++#define CKR_NO_EVENT 0x00000008
++#define CKR_NEED_TO_CREATE_THREADS 0x00000009
++#define CKR_CANT_LOCK 0x0000000A
++
++#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
++#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
++#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
++#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
++#define CKR_DATA_INVALID 0x00000020
++#define CKR_DATA_LEN_RANGE 0x00000021
++#define CKR_DEVICE_ERROR 0x00000030
++#define CKR_DEVICE_MEMORY 0x00000031
++#define CKR_DEVICE_REMOVED 0x00000032
++#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
++#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
++#define CKR_FUNCTION_CANCELED 0x00000050
++#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
++
++/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
++#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
++
++#define CKR_KEY_HANDLE_INVALID 0x00000060
++
++/* CKR_KEY_SENSITIVE was removed for v2.0 */
++
++#define CKR_KEY_SIZE_RANGE 0x00000062
++#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
++
++/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
++ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
++ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
++ * v2.0 */
++#define CKR_KEY_NOT_NEEDED 0x00000064
++#define CKR_KEY_CHANGED 0x00000065
++#define CKR_KEY_NEEDED 0x00000066
++#define CKR_KEY_INDIGESTIBLE 0x00000067
++#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
++#define CKR_KEY_NOT_WRAPPABLE 0x00000069
++#define CKR_KEY_UNEXTRACTABLE 0x0000006A
++
++#define CKR_MECHANISM_INVALID 0x00000070
++#define CKR_MECHANISM_PARAM_INVALID 0x00000071
++
++/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
++ * were removed for v2.0 */
++#define CKR_OBJECT_HANDLE_INVALID 0x00000082
++#define CKR_OPERATION_ACTIVE 0x00000090
++#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
++#define CKR_PIN_INCORRECT 0x000000A0
++#define CKR_PIN_INVALID 0x000000A1
++#define CKR_PIN_LEN_RANGE 0x000000A2
++
++/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
++#define CKR_PIN_EXPIRED 0x000000A3
++#define CKR_PIN_LOCKED 0x000000A4
++
++#define CKR_SESSION_CLOSED 0x000000B0
++#define CKR_SESSION_COUNT 0x000000B1
++#define CKR_SESSION_HANDLE_INVALID 0x000000B3
++#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
++#define CKR_SESSION_READ_ONLY 0x000000B5
++#define CKR_SESSION_EXISTS 0x000000B6
++
++/* CKR_SESSION_READ_ONLY_EXISTS and
++ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
++#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
++#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
++
++#define CKR_SIGNATURE_INVALID 0x000000C0
++#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
++#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
++#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
++#define CKR_TOKEN_NOT_PRESENT 0x000000E0
++#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
++#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
++#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
++#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
++#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
++#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
++#define CKR_USER_NOT_LOGGED_IN 0x00000101
++#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
++#define CKR_USER_TYPE_INVALID 0x00000103
++
++/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
++ * are new to v2.01 */
++#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
++#define CKR_USER_TOO_MANY_TYPES 0x00000105
++
++#define CKR_WRAPPED_KEY_INVALID 0x00000110
++#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
++#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
++#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
++#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
++#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
++
++/* These are new to v2.0 */
++#define CKR_RANDOM_NO_RNG 0x00000121
++
++/* These are new to v2.11 */
++#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
++
++/* These are new to v2.0 */
++#define CKR_BUFFER_TOO_SMALL 0x00000150
++#define CKR_SAVED_STATE_INVALID 0x00000160
++#define CKR_INFORMATION_SENSITIVE 0x00000170
++#define CKR_STATE_UNSAVEABLE 0x00000180
++
++/* These are new to v2.01 */
++#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
++#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
++#define CKR_MUTEX_BAD 0x000001A0
++#define CKR_MUTEX_NOT_LOCKED 0x000001A1
++
++/* The following return values are new for PKCS #11 v2.20 amendment 3 */
++#define CKR_NEW_PIN_MODE 0x000001B0
++#define CKR_NEXT_OTP 0x000001B1
++
++/* This is new to v2.20 */
++#define CKR_FUNCTION_REJECTED 0x00000200
++
++#define CKR_VENDOR_DEFINED 0x80000000
++
++
++/* CK_NOTIFY is an application callback that processes events */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_NOTIFICATION event,
++ CK_VOID_PTR pApplication /* passed to C_OpenSession */
++);
++
++
++/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
++ * version and pointers of appropriate types to all the
++ * Cryptoki functions */
++/* CK_FUNCTION_LIST is new for v2.0 */
++typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
++
++typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
++
++typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
++
++
++/* CK_CREATEMUTEX is an application callback for creating a
++ * mutex object */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
++ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
++);
++
++
++/* CK_DESTROYMUTEX is an application callback for destroying a
++ * mutex object */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_LOCKMUTEX is an application callback for locking a mutex */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_UNLOCKMUTEX is an application callback for unlocking a
++ * mutex */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_C_INITIALIZE_ARGS provides the optional arguments to
++ * C_Initialize */
++typedef struct CK_C_INITIALIZE_ARGS {
++ CK_CREATEMUTEX CreateMutex;
++ CK_DESTROYMUTEX DestroyMutex;
++ CK_LOCKMUTEX LockMutex;
++ CK_UNLOCKMUTEX UnlockMutex;
++ CK_FLAGS flags;
++ CK_VOID_PTR pReserved;
++} CK_C_INITIALIZE_ARGS;
++
++/* flags: bit flags that provide capabilities of the slot
++ * Bit Flag Mask Meaning
++ */
++#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
++#define CKF_OS_LOCKING_OK 0x00000002
++
++typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
++
++
++/* additional flags for parameters to functions */
++
++/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
++#define CKF_DONT_BLOCK 1
++
++/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
++ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
++ * Generation Function (MGF) applied to a message block when
++ * formatting a message block for the PKCS #1 OAEP encryption
++ * scheme. */
++typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
++
++typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
++
++/* The following MGFs are defined */
++/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
++ * are new for v2.20 */
++#define CKG_MGF1_SHA1 0x00000001
++#define CKG_MGF1_SHA256 0x00000002
++#define CKG_MGF1_SHA384 0x00000003
++#define CKG_MGF1_SHA512 0x00000004
++/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
++#define CKG_MGF1_SHA224 0x00000005
++
++/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
++ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
++ * of the encoding parameter when formatting a message block
++ * for the PKCS #1 OAEP encryption scheme. */
++typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
++
++typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
++
++/* The following encoding parameter sources are defined */
++#define CKZ_DATA_SPECIFIED 0x00000001
++
++/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
++ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
++ * CKM_RSA_PKCS_OAEP mechanism. */
++typedef struct CK_RSA_PKCS_OAEP_PARAMS {
++ CK_MECHANISM_TYPE hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
++ CK_VOID_PTR pSourceData;
++ CK_ULONG ulSourceDataLen;
++} CK_RSA_PKCS_OAEP_PARAMS;
++
++typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
++
++/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
++ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
++ * CKM_RSA_PKCS_PSS mechanism(s). */
++typedef struct CK_RSA_PKCS_PSS_PARAMS {
++ CK_MECHANISM_TYPE hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ CK_ULONG sLen;
++} CK_RSA_PKCS_PSS_PARAMS;
++
++typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
++
++/* CK_EC_KDF_TYPE is new for v2.11. */
++typedef CK_ULONG CK_EC_KDF_TYPE;
++
++/* The following EC Key Derivation Functions are defined */
++#define CKD_NULL 0x00000001
++#define CKD_SHA1_KDF 0x00000002
++
++/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
++ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
++ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
++ * where each party contributes one key pair.
++ */
++typedef struct CK_ECDH1_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_ECDH1_DERIVE_PARAMS;
++
++typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
++
++
++/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
++ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
++ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
++typedef struct CK_ECDH2_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++} CK_ECDH2_DERIVE_PARAMS;
++
++typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
++
++typedef struct CK_ECMQV_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++ CK_OBJECT_HANDLE publicKey;
++} CK_ECMQV_DERIVE_PARAMS;
++
++typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
++
++/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
++ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
++typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
++typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
++
++/* The following X9.42 DH key derivation functions are defined
++ (besides CKD_NULL already defined : */
++#define CKD_SHA1_KDF_ASN1 0x00000003
++#define CKD_SHA1_KDF_CONCATENATE 0x00000004
++
++/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
++ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
++ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
++ * contributes one key pair */
++typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_X9_42_DH1_DERIVE_PARAMS;
++
++typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
++
++/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
++ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
++ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
++ * mechanisms, where each party contributes two key pairs */
++typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++} CK_X9_42_DH2_DERIVE_PARAMS;
++
++typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
++
++typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++ CK_OBJECT_HANDLE publicKey;
++} CK_X9_42_MQV_DERIVE_PARAMS;
++
++typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
++
++/* CK_KEA_DERIVE_PARAMS provides the parameters to the
++ * CKM_KEA_DERIVE mechanism */
++/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
++typedef struct CK_KEA_DERIVE_PARAMS {
++ CK_BBOOL isSender;
++ CK_ULONG ulRandomLen;
++ CK_BYTE_PTR pRandomA;
++ CK_BYTE_PTR pRandomB;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_KEA_DERIVE_PARAMS;
++
++typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
++
++
++/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
++ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
++ * holds the effective keysize */
++typedef CK_ULONG CK_RC2_PARAMS;
++
++typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
++
++
++/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
++ * mechanism */
++typedef struct CK_RC2_CBC_PARAMS {
++ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
++
++ CK_BYTE iv[8]; /* IV for CBC mode */
++} CK_RC2_CBC_PARAMS;
++
++typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
++
++
++/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
++ * CKM_RC2_MAC_GENERAL mechanism */
++/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef struct CK_RC2_MAC_GENERAL_PARAMS {
++ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
++ CK_ULONG ulMacLength; /* Length of MAC in bytes */
++} CK_RC2_MAC_GENERAL_PARAMS;
++
++typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
++ CK_RC2_MAC_GENERAL_PARAMS_PTR;
++
++
++/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
++ * CKM_RC5_MAC mechanisms */
++/* CK_RC5_PARAMS is new for v2.0 */
++typedef struct CK_RC5_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++} CK_RC5_PARAMS;
++
++typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
++
++
++/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
++ * mechanism */
++/* CK_RC5_CBC_PARAMS is new for v2.0 */
++typedef struct CK_RC5_CBC_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++ CK_BYTE_PTR pIv; /* pointer to IV */
++ CK_ULONG ulIvLen; /* length of IV in bytes */
++} CK_RC5_CBC_PARAMS;
++
++typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
++
++
++/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
++ * CKM_RC5_MAC_GENERAL mechanism */
++/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef struct CK_RC5_MAC_GENERAL_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++ CK_ULONG ulMacLength; /* Length of MAC in bytes */
++} CK_RC5_MAC_GENERAL_PARAMS;
++
++typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
++ CK_RC5_MAC_GENERAL_PARAMS_PTR;
++
++
++/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
++ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
++ * the MAC */
++/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
++
++typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
++
++/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
++typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[8];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
++ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
++/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
++typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
++ CK_ULONG ulPasswordLen;
++ CK_BYTE_PTR pPassword;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPAndGLen;
++ CK_ULONG ulQLen;
++ CK_ULONG ulRandomLen;
++ CK_BYTE_PTR pRandomA;
++ CK_BYTE_PTR pPrimeP;
++ CK_BYTE_PTR pBaseG;
++ CK_BYTE_PTR pSubprimeQ;
++} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
++
++typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
++ CK_SKIPJACK_PRIVATE_WRAP_PTR;
++
++
++/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
++ * CKM_SKIPJACK_RELAYX mechanism */
++/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
++typedef struct CK_SKIPJACK_RELAYX_PARAMS {
++ CK_ULONG ulOldWrappedXLen;
++ CK_BYTE_PTR pOldWrappedX;
++ CK_ULONG ulOldPasswordLen;
++ CK_BYTE_PTR pOldPassword;
++ CK_ULONG ulOldPublicDataLen;
++ CK_BYTE_PTR pOldPublicData;
++ CK_ULONG ulOldRandomLen;
++ CK_BYTE_PTR pOldRandomA;
++ CK_ULONG ulNewPasswordLen;
++ CK_BYTE_PTR pNewPassword;
++ CK_ULONG ulNewPublicDataLen;
++ CK_BYTE_PTR pNewPublicData;
++ CK_ULONG ulNewRandomLen;
++ CK_BYTE_PTR pNewRandomA;
++} CK_SKIPJACK_RELAYX_PARAMS;
++
++typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
++ CK_SKIPJACK_RELAYX_PARAMS_PTR;
++
++
++typedef struct CK_PBE_PARAMS {
++ CK_BYTE_PTR pInitVector;
++ CK_UTF8CHAR_PTR pPassword;
++ CK_ULONG ulPasswordLen;
++ CK_BYTE_PTR pSalt;
++ CK_ULONG ulSaltLen;
++ CK_ULONG ulIteration;
++} CK_PBE_PARAMS;
++
++typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
++
++
++/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
++ * CKM_KEY_WRAP_SET_OAEP mechanism */
++/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
++typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
++ CK_BYTE bBC; /* block contents byte */
++ CK_BYTE_PTR pX; /* extra data */
++ CK_ULONG ulXLen; /* length of extra data in bytes */
++} CK_KEY_WRAP_SET_OAEP_PARAMS;
++
++typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
++ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
++
++
++typedef struct CK_SSL3_RANDOM_DATA {
++ CK_BYTE_PTR pClientRandom;
++ CK_ULONG ulClientRandomLen;
++ CK_BYTE_PTR pServerRandom;
++ CK_ULONG ulServerRandomLen;
++} CK_SSL3_RANDOM_DATA;
++
++
++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
++ CK_SSL3_RANDOM_DATA RandomInfo;
++ CK_VERSION_PTR pVersion;
++} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
++
++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
++ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
++
++
++typedef struct CK_SSL3_KEY_MAT_OUT {
++ CK_OBJECT_HANDLE hClientMacSecret;
++ CK_OBJECT_HANDLE hServerMacSecret;
++ CK_OBJECT_HANDLE hClientKey;
++ CK_OBJECT_HANDLE hServerKey;
++ CK_BYTE_PTR pIVClient;
++ CK_BYTE_PTR pIVServer;
++} CK_SSL3_KEY_MAT_OUT;
++
++typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
++
++
++typedef struct CK_SSL3_KEY_MAT_PARAMS {
++ CK_ULONG ulMacSizeInBits;
++ CK_ULONG ulKeySizeInBits;
++ CK_ULONG ulIVSizeInBits;
++ CK_BBOOL bIsExport;
++ CK_SSL3_RANDOM_DATA RandomInfo;
++ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
++} CK_SSL3_KEY_MAT_PARAMS;
++
++typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
++
++/* CK_TLS_PRF_PARAMS is new for version 2.20 */
++typedef struct CK_TLS_PRF_PARAMS {
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++ CK_BYTE_PTR pLabel;
++ CK_ULONG ulLabelLen;
++ CK_BYTE_PTR pOutput;
++ CK_ULONG_PTR pulOutputLen;
++} CK_TLS_PRF_PARAMS;
++
++typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
++
++/* WTLS is new for version 2.20 */
++typedef struct CK_WTLS_RANDOM_DATA {
++ CK_BYTE_PTR pClientRandom;
++ CK_ULONG ulClientRandomLen;
++ CK_BYTE_PTR pServerRandom;
++ CK_ULONG ulServerRandomLen;
++} CK_WTLS_RANDOM_DATA;
++
++typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
++
++typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_WTLS_RANDOM_DATA RandomInfo;
++ CK_BYTE_PTR pVersion;
++} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
++
++typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
++ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
++
++typedef struct CK_WTLS_PRF_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++ CK_BYTE_PTR pLabel;
++ CK_ULONG ulLabelLen;
++ CK_BYTE_PTR pOutput;
++ CK_ULONG_PTR pulOutputLen;
++} CK_WTLS_PRF_PARAMS;
++
++typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
++
++typedef struct CK_WTLS_KEY_MAT_OUT {
++ CK_OBJECT_HANDLE hMacSecret;
++ CK_OBJECT_HANDLE hKey;
++ CK_BYTE_PTR pIV;
++} CK_WTLS_KEY_MAT_OUT;
++
++typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
++
++typedef struct CK_WTLS_KEY_MAT_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_ULONG ulMacSizeInBits;
++ CK_ULONG ulKeySizeInBits;
++ CK_ULONG ulIVSizeInBits;
++ CK_ULONG ulSequenceNumber;
++ CK_BBOOL bIsExport;
++ CK_WTLS_RANDOM_DATA RandomInfo;
++ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
++} CK_WTLS_KEY_MAT_PARAMS;
++
++typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
++
++/* CMS is new for version 2.20 */
++typedef struct CK_CMS_SIG_PARAMS {
++ CK_OBJECT_HANDLE certificateHandle;
++ CK_MECHANISM_PTR pSigningMechanism;
++ CK_MECHANISM_PTR pDigestMechanism;
++ CK_UTF8CHAR_PTR pContentType;
++ CK_BYTE_PTR pRequestedAttributes;
++ CK_ULONG ulRequestedAttributesLen;
++ CK_BYTE_PTR pRequiredAttributes;
++ CK_ULONG ulRequiredAttributesLen;
++} CK_CMS_SIG_PARAMS;
++
++typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
++
++typedef struct CK_KEY_DERIVATION_STRING_DATA {
++ CK_BYTE_PTR pData;
++ CK_ULONG ulLen;
++} CK_KEY_DERIVATION_STRING_DATA;
++
++typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
++ CK_KEY_DERIVATION_STRING_DATA_PTR;
++
++
++/* The CK_EXTRACT_PARAMS is used for the
++ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
++ * of the base key should be used as the first bit of the
++ * derived key */
++/* CK_EXTRACT_PARAMS is new for v2.0 */
++typedef CK_ULONG CK_EXTRACT_PARAMS;
++
++typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
++
++/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
++ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
++ * indicate the Pseudo-Random Function (PRF) used to generate
++ * key bits using PKCS #5 PBKDF2. */
++typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
++
++typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
++
++/* The following PRFs are defined in PKCS #5 v2.0. */
++#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
++
++
++/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
++ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
++ * source of the salt value when deriving a key using PKCS #5
++ * PBKDF2. */
++typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
++
++typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
++
++/* The following salt value sources are defined in PKCS #5 v2.0. */
++#define CKZ_SALT_SPECIFIED 0x00000001
++
++/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
++ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
++ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
++typedef struct CK_PKCS5_PBKD2_PARAMS {
++ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
++ CK_VOID_PTR pSaltSourceData;
++ CK_ULONG ulSaltSourceDataLen;
++ CK_ULONG iterations;
++ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
++ CK_VOID_PTR pPrfData;
++ CK_ULONG ulPrfDataLen;
++ CK_UTF8CHAR_PTR pPassword;
++ CK_ULONG_PTR ulPasswordLen;
++} CK_PKCS5_PBKD2_PARAMS;
++
++typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
++
++/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
++
++typedef CK_ULONG CK_OTP_PARAM_TYPE;
++typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
++
++typedef struct CK_OTP_PARAM {
++ CK_OTP_PARAM_TYPE type;
++ CK_VOID_PTR pValue;
++ CK_ULONG ulValueLen;
++} CK_OTP_PARAM;
++
++typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
++
++typedef struct CK_OTP_PARAMS {
++ CK_OTP_PARAM_PTR pParams;
++ CK_ULONG ulCount;
++} CK_OTP_PARAMS;
++
++typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
++
++typedef struct CK_OTP_SIGNATURE_INFO {
++ CK_OTP_PARAM_PTR pParams;
++ CK_ULONG ulCount;
++} CK_OTP_SIGNATURE_INFO;
++
++typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
++#define CK_OTP_VALUE 0
++#define CK_OTP_PIN 1
++#define CK_OTP_CHALLENGE 2
++#define CK_OTP_TIME 3
++#define CK_OTP_COUNTER 4
++#define CK_OTP_FLAGS 5
++#define CK_OTP_OUTPUT_LENGTH 6
++#define CK_OTP_OUTPUT_FORMAT 7
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
++#define CKF_NEXT_OTP 0x00000001
++#define CKF_EXCLUDE_TIME 0x00000002
++#define CKF_EXCLUDE_COUNTER 0x00000004
++#define CKF_EXCLUDE_CHALLENGE 0x00000008
++#define CKF_EXCLUDE_PIN 0x00000010
++#define CKF_USER_FRIENDLY_OTP 0x00000020
++
++/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
++typedef struct CK_KIP_PARAMS {
++ CK_MECHANISM_PTR pMechanism;
++ CK_OBJECT_HANDLE hKey;
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++} CK_KIP_PARAMS;
++
++typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
++
++/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_AES_CTR_PARAMS {
++ CK_ULONG ulCounterBits;
++ CK_BYTE cb[16];
++} CK_AES_CTR_PARAMS;
++
++typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
++
++/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_CAMELLIA_CTR_PARAMS {
++ CK_ULONG ulCounterBits;
++ CK_BYTE cb[16];
++} CK_CAMELLIA_CTR_PARAMS;
++
++typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
++
++/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++#endif
+Index: openssl/util/libeay.num
+diff -u openssl/util/libeay.num:1.7.6.1.4.1.2.1 openssl/util/libeay.num:1.7.2.2
+--- openssl/util/libeay.num:1.7.6.1.4.1.2.1 Thu Jul 3 12:12:37 2014
++++ openssl/util/libeay.num Thu Jul 3 12:32:04 2014
+@@ -3730,3 +3730,5 @@
+ pqueue_size 4114 EXIST::FUNCTION:
+ OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
+ OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:
++ENGINE_load_pk11ca 4117 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
++ENGINE_load_pk11so 4117 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
+Index: openssl/util/mk1mf.pl
+diff -u openssl/util/mk1mf.pl:1.8.6.1 openssl/util/mk1mf.pl:1.8
+--- openssl/util/mk1mf.pl:1.8.6.1 Sun Jan 15 15:45:40 2012
++++ openssl/util/mk1mf.pl Mon Jun 13 14:25:25 2011
+@@ -87,6 +87,8 @@
+ no-ecdh - No ECDH
+ no-engine - No engine
+ no-hw - No hw
++ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
++ no-hw-pkcs11so - No hw PKCS#11 SO flavor
+ nasm - Use NASM for x86 asm
+ nw-nasm - Use NASM x86 asm for NetWare
+ nw-mwasm - Use Metrowerks x86 asm for NetWare
+@@ -242,6 +244,8 @@
+ $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
+ $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
+ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
++$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
++$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
+ $cflags.=" -DOPENSSL_FIPS" if $fips;
+ $cflags.= " -DZLIB" if $zlib_opt;
+ $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+@@ -316,6 +320,9 @@
+ $dir=$val;
+ }
+
++ if ($key eq "PK11_LIB_LOCATION")
++ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
++
+ if ($key eq "KRB5_INCLUDES")
+ { $cflags .= " $val";}
+
+@@ -1301,6 +1308,8 @@
+ "no-ecdh" => \$no_ecdh,
+ "no-engine" => \$no_engine,
+ "no-hw" => \$no_hw,
++ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
++ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
+ "just-ssl" =>
+ [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
+ \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
+Index: openssl/util/mkdef.pl
+diff -u openssl/util/mkdef.pl:1.6.6.1 openssl/util/mkdef.pl:1.6
+--- openssl/util/mkdef.pl:1.6.6.1 Sun Jan 15 15:45:40 2012
++++ openssl/util/mkdef.pl Mon Jun 13 14:25:25 2011
+@@ -93,7 +93,7 @@
+ # External "algorithms"
+ "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
+ # Engines
+- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
++ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
+ # RFC3779 support
+ "RFC3779",
+ # TLS extension support
+@@ -122,6 +122,7 @@
+ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+ my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
++my $no_pkcs11ca; my $no_pkcs11so;
+ my $no_seed;
+ my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
+ my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake;
+@@ -214,6 +215,8 @@
+ elsif (/^no-cms$/) { $no_cms=1; }
+ elsif (/^no-capieng$/) { $no_capieng=1; }
+ elsif (/^no-jpake$/) { $no_jpake=1; }
++ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
++ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
+ }
+
+
+@@ -1155,6 +1158,8 @@
+ if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+ if ($keyword eq "ENGINE" && $no_engine) { return 0; }
+ if ($keyword eq "HW" && $no_hw) { return 0; }
++ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
++ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
+ if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+ if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
+ if ($keyword eq "GMP" && $no_gmp) { return 0; }
+Index: openssl/util/pl/VC-32.pl
+diff -u openssl/util/pl/VC-32.pl:1.6.6.1.2.1.4.1 openssl/util/pl/VC-32.pl:1.6.2.2
+--- openssl/util/pl/VC-32.pl:1.6.6.1.2.1.4.1 Thu Jul 3 12:12:38 2014
++++ openssl/util/pl/VC-32.pl Thu Jul 3 12:32:04 2014
+@@ -52,7 +52,7 @@
+ my $f = $shlib || $fips ?' /MD':' /MT';
+ $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
+ $opt_cflags=$f.' /Ox';
+- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
++ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
+ $lflags="/nologo /subsystem:console /opt:ref";
+ }
+ elsif ($FLAVOR =~ /CE/)
Deleted: vendor/bind/dist/bin/pkcs11/openssl-1.0.0f-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-1.0.0f-patch 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/openssl-1.0.0f-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,15789 +0,0 @@
-Index: openssl/Configure
-diff -u openssl/Configure:1.9.2.1 openssl/Configure:1.10
---- openssl/Configure:1.9.2.1 Sun Jan 15 16:09:40 2012
-+++ openssl/Configure Sun Jan 15 16:30:04 2012
-@@ -10,7 +10,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -23,6 +23,12 @@
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
- #
-+# --pk11-libname PKCS#11 library name.
-+# (No default)
-+#
-+# --pk11-flavor either crypto-accelerator or sign-only
-+# (No default)
-+#
- # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
- # to live in the subdirectory lib/ and the header files in
- # include/. A value is required.
-@@ -343,7 +349,7 @@
- "linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
- ####
- "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -351,7 +357,7 @@
- "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### SPARC Linux setups
- # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
-@@ -622,6 +628,10 @@
- my $idx_arflags = $idx++;
- my $idx_multilib = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+my $pk11_flavor="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -824,6 +834,14 @@
- {
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
-+ elsif (/^--pk11-flavor=(.*)$/)
-+ {
-+ $pk11_flavor=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -961,6 +979,22 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
-+if (! $pk11_flavor
-+ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
-+ {
-+ print STDERR "You must set --pk11-flavor.\n";
-+ print STDERR "Choices are crypto-accelerator and sign-only.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1036,6 +1070,25 @@
- $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
- }
-
-+if ($pk11_flavor eq "crypto-accelerator")
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $options .= " no-hw-pkcs11so";
-+ print " no-hw-pkcs11so [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11SO\n";
-+ }
-+else
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $options .= " no-hw-pkcs11ca";
-+ print " no-hw-pkcs11ca [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11CA\n";
-+}
-+
- my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
-
- $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-@@ -1123,6 +1176,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1492,6 +1547,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-Index: openssl/Makefile.org
-diff -u openssl/Makefile.org:1.5.2.1 openssl/Makefile.org:1.5
---- openssl/Makefile.org:1.5.2.1 Sun Jan 15 16:09:41 2012
-+++ openssl/Makefile.org Mon Jun 13 17:13:25 2011
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
-Index: openssl/README.pkcs11
-diff -u /dev/null openssl/README.pkcs11:1.7
---- /dev/null Mon Jan 16 18:54:22 2012
-+++ openssl/README.pkcs11 Mon Jun 13 18:27:17 2011
-@@ -0,0 +1,261 @@
-+ISC modified
-+============
-+
-+The previous key naming scheme was kept for backward compatibility.
-+
-+The PKCS#11 engine exists in two flavors, crypto-accelerator and
-+sign-only. The first one is from the Solaris patch and uses the
-+PKCS#11 device for all crypto operations it supports. The second
-+is a stripped down version which provides only the useful
-+function (i.e., signature with a RSA private key in the device
-+protected key store and key loading).
-+
-+As a hint PKCS#11 boards should use the crypto-accelerator flavor,
-+external PKCS#11 devices the sign-only. SCA 6000 is an example
-+of the first, AEP Keyper of the second.
-+
-+Note it is mandatory to set a pk11-flavor (and only one) in
-+config/Configure.
-+
-+PKCS#11 engine support for OpenSSL 0.9.8l
-+=========================================
-+
-+[Nov 19, 2009]
-+
-+Contents:
-+
-+Overview
-+Revisions of the patch for 0.9.8 branch
-+FAQs
-+Feedback
-+
-+Overview
-+========
-+
-+This patch containing code available in OpenSolaris adds support for PKCS#11
-+engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
-+OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
-+must provide PKCS#11 backend otherwise the patch is useless. You provide the
-+PKCS#11 library name during the build configuration phase, see below.
-+
-+Patch can be applied like this:
-+
-+ # NOTE: use gtar if on Solaris
-+ tar xfzv openssl-0.9.8l.tar.gz
-+ # now download the patch to the current directory
-+ # ...
-+ cd openssl-0.9.8l
-+ # NOTE: must use gpatch if on Solaris (is part of the system)
-+ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
-+
-+It is designed to support pure acceleration for RSA, DSA, DH and all the
-+symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
-+except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
-+
-+According to the PKCS#11 providers installed on your machine, it can support
-+following mechanisms:
-+
-+ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
-+ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
-+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
-+ SHA256, SHA384, SHA512
-+
-+Note that for AES counter mode the application must provide their own EVP
-+functions since OpenSSL doesn't support counter mode through EVP yet. You may
-+see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
-+example of code that uses the PKCS#11 engine and deals with the fork-safety
-+problem (see engine.c and packet.c files if interested).
-+
-+You must provide the location of PKCS#11 library in your system to the
-+configure script. You will be instructed to do that when you try to run the
-+config script:
-+
-+ $ ./config
-+ Operating system: i86pc-whatever-solaris2
-+ Configuring for solaris-x86-cc
-+ You must set --pk11-libname for PKCS#11 library.
-+ See README.pkcs11 for more information.
-+
-+Taking openCryptoki project on Linux AMD64 box as an example, you would run
-+configure script like this:
-+
-+ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
-+
-+To check whether newly built openssl really supports PKCS#11 it's enough to run
-+"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
-+output. If you see no PKCS#11 engine support check that the built openssl binary
-+and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
-+
-+The patch, during various phases of development, was tested on Solaris against
-+PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
-+OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
-+(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
-+information). Some Linux distributions even ship those libraries with the
-+system. The patch should work on any system that is supported by OpenSSL itself
-+and has functional PKCS#11 library.
-+
-+The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
-+copyrighted by RSA Security Inc., see pkcs11.h for more information.
-+
-+Other added/modified code in this patch is copyrighted by Sun Microsystems,
-+Inc. and is released under the OpenSSL license (see LICENSE file for more
-+information).
-+
-+Revisions of the patch for 0.9.8 branch
-+=======================================
-+
-+2009-11-19
-+- adjusted for OpenSSL version 0.9.8l
-+
-+- bugs and RFEs:
-+
-+ 6479874 OpenSSL should support RSA key by reference/hardware keystores
-+ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
-+ 6732677 make check to trigger Solaris specific code automatic in the
-+ PKCS#11 engine
-+
-+2009-03-11
-+- adjusted for OpenSSL version 0.9.8j
-+
-+- README.pkcs11 moved out of the patch, and is shipped together with it in a
-+ tarball instead so that it can be read before the patch is applied.
-+
-+- fixed bugs:
-+
-+ 6804216 pkcs#11 engine should support a key length range for RC4
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-12-02
-+- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
-+
-+ 6723504 more granular locking in PKCS#11 engine
-+ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
-+ 6710420 PKCS#11 engine source should be lint clean
-+ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
-+ it seriously
-+ 6746712 PKCS#11 engine source code should be cstyle clean
-+ 6731380 return codes of several functions are not checked in the PKCS#11
-+ engine code
-+ 6746735 PKCS#11 engine should use extended FILE space API
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-08-01
-+- fixed bug
-+
-+ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
-+ and digests
-+
-+- Solaris specific code for slot selection made automatic
-+
-+2008-07-29
-+- update the patch to OpenSSL 0.9.8h version
-+- pkcs11t.h updated to the latest version:
-+
-+ 6545665 make CKM_AES_CTR available to non-kernel users
-+
-+- fixed bugs in the engine code:
-+
-+ 6602801 PK11_SESSION cache has to employ reference counting scheme for
-+ asymmetric key operations
-+ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
-+ atomically
-+ 6607307 pkcs#11 engine can't read RSA private keys
-+ 6652362 pk11_RSA_finish() is cutting corners
-+ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
-+ suboptimal way
-+ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
-+ resilient to destroy failures
-+ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
-+ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
-+ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
-+ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
-+ of big numbers leading to failures
-+ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
-+ -1
-+ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
-+ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
-+ checked
-+ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
-+ structure reuse
-+ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
-+ OPENSSL_NO_{RSA,DSA,DH}
-+ defines but fails miserably
-+ 6709966 make check_new_*() to return values to indicate cache hit/miss
-+ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
-+ generate_params parameter
-+ 6709513 PKCS#11 engine sets IV length even for ECB modes
-+ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
-+ PKCS#11 engine
-+ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
-+
-+- new features and enhancements:
-+
-+ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
-+ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
-+ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
-+ ciphers and digests
-+
-+2007-10-15
-+- update for 0.9.8f version
-+- update for "6607670 teach pkcs#11 engine how to use keys be reference"
-+
-+2007-10-02
-+- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
-+- draft for "6607307 pkcs#11 engine can't read RSA private keys"
-+
-+2007-09-26
-+- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
-+ significant performance drop
-+- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
-+
-+2007-05-25
-+- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
-+
-+2007-05-19
-+- initial patch for 0.9.8e using latest OpenSolaris code
-+
-+FAQs
-+====
-+
-+(1) my build failed on Linux distro with this error:
-+
-+../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
-+hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
-+
-+Answer:
-+
-+ - don't use "no-threads" when configuring
-+ - if you didn't then OpenSSL failed to create a threaded library by
-+ default. You may manually edit Configure and try again. Look for the
-+ architecture that Configure printed, for example:
-+
-+Configured for linux-elf.
-+
-+ - then edit Configure, find string "linux-elf" (inluding the quotes),
-+ and add flags to support threads to the 4th column of the 2nd string.
-+ If you build with GCC then adding "-pthread" should be enough. With
-+ "linux-elf" as an example, you would add " -pthread" right after
-+ "-D_REENTRANT", like this:
-+
-+....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
-+
-+(2) I'm using MinGW/MSYS environment and get undeclared reference error for
-+pthread_atfork() function when trying to build OpenSSL with the patch.
-+
-+Answer:
-+
-+ Sorry, pthread_atfork() is not implemented in the current pthread-win32
-+ (as of Nov 2009). You can not use the patch there.
-+
-+
-+Feedback
-+========
-+
-+Please send feedback to security-discuss at opensolaris.org. The patch was
-+created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
-+
-+Latest version should be always available on http://blogs.sun.com/janp.
-+
-Index: openssl/crypto/opensslconf.h
-diff -u openssl/crypto/opensslconf.h:1.6.2.1 openssl/crypto/opensslconf.h:1.6
---- openssl/crypto/opensslconf.h:1.6.2.1 Sun Jan 15 16:09:43 2012
-+++ openssl/crypto/opensslconf.h Mon Jun 13 17:13:28 2011
-@@ -29,6 +29,9 @@
-
- #endif /* OPENSSL_DOING_MAKEDEPEND */
-
-+#ifndef OPENSSL_THREADS
-+# define OPENSSL_THREADS
-+#endif
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
- # define OPENSSL_NO_DYNAMIC_ENGINE
- #endif
-@@ -61,6 +64,8 @@
- # endif
- #endif
-
-+#define OPENSSL_CPUID_OBJ
-+
- /* crypto/opensslconf.h.in */
-
- /* Generate 80386 code? */
-@@ -107,7 +112,7 @@
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
--#undef RC4_CHUNK
-+#define RC4_CHUNK unsigned long
- #endif
- #endif
-
-@@ -115,7 +120,7 @@
- /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
- #ifndef DES_LONG
--#define DES_LONG unsigned long
-+#define DES_LONG unsigned int
- #endif
- #endif
-
-@@ -126,9 +131,9 @@
- /* Should we define BN_DIV2W here? */
-
- /* Only one for the following should be defined */
--#undef SIXTY_FOUR_BIT_LONG
-+#define SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
--#define THIRTY_TWO_BIT
-+#undef THIRTY_TWO_BIT
- #endif
-
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-@@ -140,7 +145,7 @@
-
- #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
- #define CONFIG_HEADER_BF_LOCL_H
--#undef BF_PTR
-+#define BF_PTR2
- #endif /* HEADER_BF_LOCL_H */
-
- #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-@@ -170,7 +175,7 @@
- /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
- #ifndef DES_UNROLL
--#undef DES_UNROLL
-+#define DES_UNROLL
- #endif
-
- /* These default values were supplied by
-Index: openssl/crypto/bio/bss_file.c
-diff -u openssl/crypto/bio/bss_file.c:1.6.2.1 openssl/crypto/bio/bss_file.c:1.6
---- openssl/crypto/bio/bss_file.c:1.6.2.1 Sun Jan 15 16:09:44 2012
-+++ openssl/crypto/bio/bss_file.c Mon Jun 13 17:13:31 2011
-@@ -168,7 +168,7 @@
- {
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-- if (errno == ENOENT)
-+ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
- else
- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-Index: openssl/crypto/engine/Makefile
-diff -u openssl/crypto/engine/Makefile:1.8.2.1 openssl/crypto/engine/Makefile:1.8
---- openssl/crypto/engine/Makefile:1.8.2.1 Sun Jan 15 16:09:46 2012
-+++ openssl/crypto/engine/Makefile Tue Jun 14 21:51:32 2011
-@@ -21,12 +21,14 @@
- eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
-- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
-+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
-+ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
- LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
- eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
-- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
-+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
-+ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
-
- SRC= $(LIBSRC)
-
-@@ -264,6 +266,83 @@
- eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
- eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
- eng_table.o: eng_table.c
-+hw_pk11.o: ../../e_os.h ../../include/openssl/aes.h
-+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-+hw_pk11.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
-+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-+hw_pk11.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-+hw_pk11.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
-+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-+hw_pk11.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-+hw_pk11.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-+hw_pk11.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-+hw_pk11.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-+hw_pk11.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h hw_pk11.c
-+hw_pk11.o: hw_pk11_err.c hw_pk11_err.h hw_pk11ca.h pkcs11.h pkcs11f.h pkcs11t.h
-+hw_pk11_pub.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-+hw_pk11_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+hw_pk11_pub.o: ../../include/openssl/objects.h
-+hw_pk11_pub.o: ../../include/openssl/opensslconf.h
-+hw_pk11_pub.o: ../../include/openssl/opensslv.h
-+hw_pk11_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-+hw_pk11_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-+hw_pk11_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-+hw_pk11_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-+hw_pk11_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11_pub.c hw_pk11ca.h
-+hw_pk11_pub.o: pkcs11.h pkcs11f.h pkcs11t.h
-+hw_pk11so.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11so.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11so.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11so.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11so.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11so.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11so.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-+hw_pk11so.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-+hw_pk11so.o: ../../include/openssl/opensslconf.h
-+hw_pk11so.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-+hw_pk11so.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-+hw_pk11so.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-+hw_pk11so.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-+hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-+hw_pk11so.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h
-+hw_pk11so.o: hw_pk11_err.c hw_pk11_err.h hw_pk11so.c hw_pk11so.h pkcs11.h
-+hw_pk11so.o: pkcs11f.h pkcs11t.h
-+hw_pk11so_pub.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11so_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11so_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11so_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11so_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11so_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11so_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+hw_pk11so_pub.o: ../../include/openssl/objects.h
-+hw_pk11so_pub.o: ../../include/openssl/opensslconf.h
-+hw_pk11so_pub.o: ../../include/openssl/opensslv.h
-+hw_pk11so_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-+hw_pk11so_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-+hw_pk11so_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-+hw_pk11so_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-+hw_pk11so_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11so.h
-+hw_pk11so_pub.o: hw_pk11so_pub.c pkcs11.h pkcs11f.h pkcs11t.h
- tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
- tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
- tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-Index: openssl/crypto/engine/cryptoki.h
-diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
-@@ -0,0 +1,103 @@
-+/*
-+ * CDDL HEADER START
-+ *
-+ * The contents of this file are subject to the terms of the
-+ * Common Development and Distribution License, Version 1.0 only
-+ * (the "License"). You may not use this file except in compliance
-+ * with the License.
-+ *
-+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-+ * or http://www.opensolaris.org/os/licensing.
-+ * See the License for the specific language governing permissions
-+ * and limitations under the License.
-+ *
-+ * When distributing Covered Code, include this CDDL HEADER in each
-+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-+ * If applicable, add the following below this CDDL HEADER, with the
-+ * fields enclosed by brackets "[]" replaced with your own identifying
-+ * information: Portions Copyright [yyyy] [name of copyright owner]
-+ *
-+ * CDDL HEADER END
-+ */
-+/*
-+ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+#ifndef _CRYPTOKI_H
-+#define _CRYPTOKI_H
-+
-+/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef CK_PTR
-+#define CK_PTR *
-+#endif
-+
-+#ifndef CK_DEFINE_FUNCTION
-+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION
-+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION_POINTER
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef CK_CALLBACK_FUNCTION
-+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef NULL_PTR
-+#include <unistd.h> /* For NULL */
-+#define NULL_PTR NULL
-+#endif
-+
-+/*
-+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
-+ */
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#define CK_DISABLE_TRUE_FALSE
-+#ifndef TRUE
-+#define TRUE 1
-+#endif /* TRUE */
-+#ifndef FALSE
-+#define FALSE 0
-+#endif /* FALSE */
-+#endif /* CK_DISABLE_TRUE_FALSE */
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+#include "pkcs11.h"
-+
-+/* Solaris specific functions */
-+
-+#include <stdlib.h>
-+
-+/*
-+ * SUNW_C_GetMechSession will initialize the framework and do all
-+ * the necessary PKCS#11 calls to create a session capable of
-+ * providing operations on the requested mechanism
-+ */
-+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
-+ CK_SESSION_HANDLE_PTR hSession);
-+
-+/*
-+ * SUNW_C_KeyToObject will create a secret key object for the given
-+ * mechanism from the rawkey data.
-+ */
-+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
-+ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
-+ CK_OBJECT_HANDLE_PTR obj);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* _CRYPTOKI_H */
-Index: openssl/crypto/engine/eng_all.c
-diff -u openssl/crypto/engine/eng_all.c:1.5.2.1 openssl/crypto/engine/eng_all.c:1.5
---- openssl/crypto/engine/eng_all.c:1.5.2.1 Sun Jan 15 16:09:46 2012
-+++ openssl/crypto/engine/eng_all.c Mon Jun 13 17:13:35 2011
-@@ -111,6 +111,14 @@
- #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
- #endif
-+#ifndef OPENSSL_NO_HW_PKCS11
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+ ENGINE_load_pk11ca();
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+ ENGINE_load_pk11so();
-+#endif
-+#endif
- #endif
- }
-
-Index: openssl/crypto/engine/engine.h
-diff -u openssl/crypto/engine/engine.h:1.5.2.1 openssl/crypto/engine/engine.h:1.5
---- openssl/crypto/engine/engine.h:1.5.2.1 Sun Jan 15 16:09:46 2012
-+++ openssl/crypto/engine/engine.h Mon Jun 13 17:13:36 2011
-@@ -336,6 +336,12 @@
- void ENGINE_load_ubsec(void);
- void ENGINE_load_padlock(void);
- void ENGINE_load_capi(void);
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+void ENGINE_load_pk11ca(void);
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+void ENGINE_load_pk11so(void);
-+#endif
- #ifndef OPENSSL_NO_GMP
- void ENGINE_load_gmp(void);
- #endif
-Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:53 2011
-@@ -0,0 +1,4057 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+#include <openssl/aes.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/* #undef DEBUG_SLOT_SELECTION */
-+/*
-+ * Solaris specific code. See comment at check_hw_mechanisms() for more
-+ * information.
-+ */
-+#if defined(__SVR4) && defined(__sun)
-+#undef SOLARIS_HW_SLOT_SELECTION
-+#endif
-+
-+/*
-+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
-+ * there are official OIDs for mechanisms based on this mode. With our changes,
-+ * an application can define its own EVP calls for AES counter mode and then
-+ * it can make use of hardware acceleration through this engine. However, it's
-+ * better if we keep AES CTR support code under ifdef's.
-+ */
-+#define SOLARIS_AES_CTR
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.c"
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NIDs for AES counter mode that will be defined during the engine
-+ * initialization.
-+ */
-+static int NID_aes_128_ctr = NID_undef;
-+static int NID_aes_192_ctr = NID_undef;
-+static int NID_aes_256_ctr = NID_undef;
-+#endif /* SOLARIS_AES_CTR */
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
-+ * library. See comment at check_hw_mechanisms() for more information.
-+ */
-+static int *hw_cnids;
-+static int *hw_dnids;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+#ifndef OPENSSL_NO_RSA
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DH
-+int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
-+#endif
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+/* Symmetric cipher and digest support functions */
-+static int cipher_nid_to_pk11(int nid);
-+#ifdef SOLARIS_AES_CTR
-+static int pk11_add_NID(char *sn, char *ln);
-+static int pk11_add_aes_ctr_NIDs(void);
-+#endif /* SOLARIS_AES_CTR */
-+static int pk11_usable_ciphers(const int **nids);
-+static int pk11_usable_digests(const int **nids);
-+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc);
-+static int pk11_cipher_final(PK11_SESSION *sp);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl);
-+#else
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl);
-+#endif
-+static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
-+static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid);
-+static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid);
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len);
-+static int md_nid_to_pk11(int nid);
-+static int pk11_digest_init(EVP_MD_CTX *ctx);
-+static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
-+ size_t count);
-+static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
-+static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-+static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
-+ int *local_cipher_nids);
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest,
-+ int *local_digest_nids);
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
-+ int id);
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+static int check_hw_mechanisms(void);
-+static int nid_in_table(int nid, int *nid_table);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* Index for the supported ciphers */
-+enum pk11_cipher_id {
-+ PK11_DES_CBC,
-+ PK11_DES3_CBC,
-+ PK11_DES_ECB,
-+ PK11_DES3_ECB,
-+ PK11_RC4,
-+ PK11_AES_128_CBC,
-+ PK11_AES_192_CBC,
-+ PK11_AES_256_CBC,
-+ PK11_AES_128_ECB,
-+ PK11_AES_192_ECB,
-+ PK11_AES_256_ECB,
-+ PK11_BLOWFISH_CBC,
-+#ifdef SOLARIS_AES_CTR
-+ PK11_AES_128_CTR,
-+ PK11_AES_192_CTR,
-+ PK11_AES_256_CTR,
-+#endif /* SOLARIS_AES_CTR */
-+ PK11_CIPHER_MAX
-+};
-+
-+/* Index for the supported digests */
-+enum pk11_digest_id {
-+ PK11_MD5,
-+ PK11_SHA1,
-+ PK11_SHA224,
-+ PK11_SHA256,
-+ PK11_SHA384,
-+ PK11_SHA512,
-+ PK11_DIGEST_MAX
-+};
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static int cipher_nids[PK11_CIPHER_MAX];
-+static int digest_nids[PK11_DIGEST_MAX];
-+static int cipher_count = 0;
-+static int digest_count = 0;
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_recover = CK_FALSE;
-+static CK_BBOOL pk11_have_dsa = CK_FALSE;
-+static CK_BBOOL pk11_have_dh = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+typedef struct PK11_CIPHER_st
-+ {
-+ enum pk11_cipher_id id;
-+ int nid;
-+ int iv_len;
-+ int min_key_len;
-+ int max_key_len;
-+ CK_KEY_TYPE key_type;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_CIPHER;
-+
-+static PK11_CIPHER ciphers[] =
-+ {
-+ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
-+ CKK_DES, CKM_DES_CBC, },
-+ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
-+ CKK_DES3, CKM_DES3_CBC, },
-+ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
-+ CKK_DES, CKM_DES_ECB, },
-+ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
-+ CKK_DES3, CKM_DES3_ECB, },
-+ { PK11_RC4, NID_rc4, 0, 16, 256,
-+ CKK_RC4, CKM_RC4, },
-+ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
-+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
-+#ifdef SOLARIS_AES_CTR
-+ /* we don't know the correct NIDs until the engine is initialized */
-+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
-+ CKK_AES, CKM_AES_CTR, },
-+#endif /* SOLARIS_AES_CTR */
-+ };
-+
-+typedef struct PK11_DIGEST_st
-+ {
-+ enum pk11_digest_id id;
-+ int nid;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_DIGEST;
-+
-+static PK11_DIGEST digests[] =
-+ {
-+ {PK11_MD5, NID_md5, CKM_MD5, },
-+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
-+ {PK11_SHA224, NID_sha224, CKM_SHA224, },
-+ {PK11_SHA256, NID_sha256, CKM_SHA256, },
-+ {PK11_SHA384, NID_sha384, CKM_SHA384, },
-+ {PK11_SHA512, NID_sha512, CKM_SHA512, },
-+ {0, NID_undef, 0xFFFF, },
-+ };
-+
-+/*
-+ * Structure to be used for the cipher_data/md_data in
-+ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
-+ * session in multiple cipher_update calls
-+ */
-+typedef struct PK11_CIPHER_STATE_st
-+ {
-+ PK11_SESSION *sp;
-+ } PK11_CIPHER_STATE;
-+
-+
-+/*
-+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
-+ * called when libcrypto requests a cipher NID.
-+ *
-+ * Note how the PK11_CIPHER_STATE is used here.
-+ */
-+
-+/* DES CBC EVP */
-+static const EVP_CIPHER pk11_des_cbc =
-+ {
-+ NID_des_cbc,
-+ 8, 8, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/* 3DES CBC EVP */
-+static const EVP_CIPHER pk11_3des_cbc =
-+ {
-+ NID_des_ede3_cbc,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
-+ * get_asn1_parameters fields are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_des_ecb =
-+ {
-+ NID_des_ecb,
-+ 8, 8, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_3des_ecb =
-+ {
-+ NID_des_ede3_ecb,
-+ 8, 24, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+
-+static const EVP_CIPHER pk11_aes_128_cbc =
-+ {
-+ NID_aes_128_cbc,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_cbc =
-+ {
-+ NID_aes_192_cbc,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_cbc =
-+ {
-+ NID_aes_256_cbc,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use IV so that's why set_asn1_parameters and
-+ * get_asn1_parameters are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_aes_128_ecb =
-+ {
-+ NID_aes_128_ecb,
-+ 16, 16, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_ecb =
-+ {
-+ NID_aes_192_ecb,
-+ 16, 24, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_ecb =
-+ {
-+ NID_aes_256_ecb,
-+ 16, 32, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
-+ * created in pk11_library_init(). Note that the need to change these structures
-+ * is the reason why we don't define them with the const keyword.
-+ */
-+static EVP_CIPHER pk11_aes_128_ctr =
-+ {
-+ NID_undef,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_192_ctr =
-+ {
-+ NID_undef,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_256_ctr =
-+ {
-+ NID_undef,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+#endif /* SOLARIS_AES_CTR */
-+
-+static const EVP_CIPHER pk11_bf_cbc =
-+ {
-+ NID_bf_cbc,
-+ 8, 16, 8,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_rc4 =
-+ {
-+ NID_rc4,
-+ 1, 16, 0,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_MD pk11_md5 =
-+ {
-+ NID_md5,
-+ NID_md5WithRSAEncryption,
-+ MD5_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ MD5_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha1 =
-+ {
-+ NID_sha1,
-+ NID_sha1WithRSAEncryption,
-+ SHA_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha224 =
-+ {
-+ NID_sha224,
-+ NID_sha224WithRSAEncryption,
-+ SHA224_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-224 uses the same cblock size as SHA-256 */
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha256 =
-+ {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha384 =
-+ {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-384 uses the same cblock size as SHA-512 */
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha512 =
-+ {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11SO
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name =
-+ "PKCS #11 engine support (crypto accelerator)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+#ifndef OPENSSL_NO_RSA
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DSA], NULL);
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DH] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DH], NULL);
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (find_lock[OP_DSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
-+ OPENSSL_free(find_lock[OP_DSA]);
-+ find_lock[OP_DSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (find_lock[OP_DH] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DH]);
-+ OPENSSL_free(find_lock[OP_DH]);
-+ find_lock[OP_DH] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ const RSA_METHOD *rsa = NULL;
-+ RSA_METHOD *pk11_rsa = PK11_RSA();
-+#endif /* OPENSSL_NO_RSA */
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name) ||
-+ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
-+ !ENGINE_set_digests(e, pk11_engine_digests))
-+ return (0);
-+#ifndef OPENSSL_NO_RSA
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (pk11_have_dsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DSA(e, PK11_DSA()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (pk11_have_dh == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DH(e, PK11_DH()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DH */
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+/*
-+ * Apache calls OpenSSL function RSA_blinding_on() once during startup
-+ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
-+ * here, we wire it back to the OpenSSL software implementation.
-+ * Since it is used only once, performance is not a concern.
-+ */
-+#ifndef OPENSSL_NO_RSA
-+ rsa = RSA_PKCS1_SSLeay();
-+ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
-+ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
-+ if (pk11_have_recover != CK_TRUE)
-+ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
-+#endif /* OPENSSL_NO_RSA */
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ LOCK_OBJSTORE(OP_DSA);
-+ LOCK_OBJSTORE(OP_DH);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ CK_ULONG ul_state_len;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * We must do this before we start working with slots since we need all
-+ * NIDs there.
-+ */
-+ if (pk11_add_aes_ctr_NIDs() == 0)
-+ goto err;
-+#endif /* SOLARIS_AES_CTR */
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Disable digest if C_GetOperationState is not supported since
-+ * this function is required by OpenSSL digest copy function
-+ */
-+ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
-+ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
-+ != CKR_OK) {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: C_GetOperationState() not supported, "
-+ "setting digest_count to 0\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ digest_count = 0;
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ (void) pk11_destroy_dsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ (void) pk11_destroy_dh_key_objects(NULL);
-+#endif /* OPENSSL_NO_DH */
-+ (void) pk11_destroy_cipher_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+ myslot = SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ sp->opdata_dsa_pub_num = NULL;
-+ sp->opdata_dsa_priv = NULL;
-+ sp->opdata_dsa_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ sp->opdata_dh_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DH */
-+ case OP_CIPHER:
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ sp->opdata_encrypt = -1;
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Destroy DSA public key from single session. */
-+int
-+pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
-+ ret, uselock, OP_DSA, CK_FALSE);
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy DSA private key from single session. */
-+int
-+pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
-+ ret, uselock, OP_DSA, CK_TRUE);
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv = NULL;
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_dsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+/* Destroy DH key from single session. */
-+int
-+pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
-+ ret, uselock, OP_DH, CK_TRUE);
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DH key object wrapper.
-+ *
-+ * arg0: pointer to PKCS#11 engine session structure
-+ * if session is NULL, try to destroy all objects in the free list
-+ */
-+int
-+pk11_destroy_dh_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DH].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DH].head;
-+ uselock = FALSE;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dh_object(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DH].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/* Symmetric ciphers and digests support functions */
-+
-+static int
-+cipher_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; i++)
-+ if (ciphers[i].nid == nid)
-+ return (ciphers[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_usable_ciphers(const int **nids)
-+ {
-+ if (cipher_count > 0)
-+ *nids = cipher_nids;
-+ else
-+ *nids = NULL;
-+ return (cipher_count);
-+ }
-+
-+static int
-+pk11_usable_digests(const int **nids)
-+ {
-+ if (digest_count > 0)
-+ *nids = digest_nids;
-+ else
-+ *nids = NULL;
-+ return (digest_count);
-+ }
-+
-+/*
-+ * Init context for encryption or decryption using a symmetric key.
-+ */
-+static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
-+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
-+ {
-+ CK_RV rv;
-+#ifdef SOLARIS_AES_CTR
-+ CK_AES_CTR_PARAMS ctr_params;
-+#endif /* SOLARIS_AES_CTR */
-+
-+ /*
-+ * We expect pmech->mechanism to be already set and
-+ * pParameter/ulParameterLen initialized to NULL/0 before
-+ * pk11_init_symetric() is called.
-+ */
-+ OPENSSL_assert(pmech->mechanism != 0);
-+ OPENSSL_assert(pmech->pParameter == NULL);
-+ OPENSSL_assert(pmech->ulParameterLen == 0);
-+
-+#ifdef SOLARIS_AES_CTR
-+ if (ctx->cipher->nid == NID_aes_128_ctr ||
-+ ctx->cipher->nid == NID_aes_192_ctr ||
-+ ctx->cipher->nid == NID_aes_256_ctr)
-+ {
-+ pmech->pParameter = (void *)(&ctr_params);
-+ pmech->ulParameterLen = sizeof (ctr_params);
-+ /*
-+ * For now, we are limited to the fixed length of the counter,
-+ * it covers the whole counter block. That's what RFC 4344
-+ * needs. For more information on internal structure of the
-+ * counter block, see RFC 3686. If needed in the future, we can
-+ * add code so that the counter length can be set via
-+ * ENGINE_ctrl() function.
-+ */
-+ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
-+ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
-+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
-+ }
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ {
-+ if (pcipher->iv_len > 0)
-+ {
-+ pmech->pParameter = (void *)ctx->iv;
-+ pmech->ulParameterLen = pcipher->iv_len;
-+ }
-+ }
-+
-+ /* if we get here, the encryption needs to be reinitialized */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+ else
-+ rv = pFuncList->C_DecryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
-+ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+ {
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ PK11_CIPHER *p_ciph_table_row;
-+
-+ state->sp = NULL;
-+
-+ index = cipher_nid_to_pk11(ctx->cipher->nid);
-+ if (index < 0 || index >= PK11_CIPHER_MAX)
-+ return (0);
-+
-+ p_ciph_table_row = &ciphers[index];
-+ /*
-+ * iv_len in the ctx->cipher structure is the maximum IV length for the
-+ * current cipher and it must be less or equal to the IV length in our
-+ * ciphers table. The key length must be in the allowed interval. From
-+ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
-+ * key length to be in some range, all other NIDs have a precise key
-+ * length. Every application can define its own EVP functions so this
-+ * code serves as a sanity check.
-+ *
-+ * Note that the reason why the IV length in ctx->cipher might be
-+ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
-+ * macro to define functions that return EVP structures for all DES
-+ * modes. So, even ECB modes get 8 byte IV.
-+ */
-+ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
-+ ctx->key_len < p_ciph_table_row->min_key_len ||
-+ ctx->key_len > p_ciph_table_row->max_key_len) {
-+ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
-+ return (0);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
-+ return (0);
-+
-+ /* if applicable, the mechanism parameter is used for IV */
-+ mech.mechanism = p_ciph_table_row->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ /* The key object is destroyed here if it is not the current key. */
-+ (void) check_new_cipher_key(sp, key, ctx->key_len);
-+
-+ /*
-+ * If the key is the same and the encryption is also the same, then
-+ * just reuse it. However, we must not forget to reinitialize the
-+ * context that was finalized in pk11_cipher_cleanup().
-+ */
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
-+ sp->opdata_encrypt == ctx->encrypt)
-+ {
-+ state->sp = sp;
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+ /*
-+ * Check if the key has been invalidated. If so, a new key object
-+ * needs to be created.
-+ */
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ sp->opdata_cipher_key = pk11_get_cipher_key(
-+ ctx, key, p_ciph_table_row->key_type, sp);
-+ }
-+
-+ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
-+ {
-+ /*
-+ * The previous encryption/decryption is different. Need to
-+ * terminate the previous * active encryption/decryption here.
-+ */
-+ if (!pk11_cipher_final(sp))
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+ }
-+
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ /* now initialize the context with a new key */
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ sp->opdata_encrypt = ctx->encrypt;
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+/*
-+ * When reusing the same key in an encryption/decryption session for a
-+ * decryption/encryption session, we need to close the active session
-+ * and recreate a new one. Note that the key is in the global session so
-+ * that it needs not be recreated.
-+ *
-+ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
-+ * development, these two functions in the PKCS#11 libraries used return
-+ * unexpected errors when passing in 0 length output. It may be a good
-+ * idea to try them again if performance is a problem here and fix
-+ * C_En/DecryptFinial if there are bugs there causing the problem.
-+ */
-+static int
-+pk11_cipher_final(PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
-+ return (0);
-+ }
-+
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * An engine interface function. The calling function allocates sufficient
-+ * memory for the output buffer "out" to hold the results.
-+ */
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl)
-+#else
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl)
-+#endif
-+ {
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ CK_RV rv;
-+ unsigned long outl = inl;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ sp = (PK11_SESSION *) state->sp;
-+
-+ if (!inl)
-+ return (1);
-+
-+ /* RC4 is the only stream cipher we support */
-+ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ if (ctx->encrypt)
-+ {
-+ rv = pFuncList->C_EncryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_ENCRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+ else
-+ {
-+ rv = pFuncList->C_DecryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_DECRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+
-+ /*
-+ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
-+ * the same size of input.
-+ * The application has guaranteed to call the block ciphers with
-+ * correctly aligned buffers.
-+ */
-+ if (inl != outl)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
-+ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
-+ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
-+ * the engine can't find out that it's the finalizing call. We wouldn't
-+ * necessarily have to finalize the context here since reinitializing it with
-+ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
-+ * let's do it. Some implementations might leak memory if the previously used
-+ * context is initialized without finalizing it first.
-+ */
-+static int
-+pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
-+ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
-+ PK11_CIPHER_STATE *state = ctx->cipher_data;
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * We are not interested in the data here, we just need to get
-+ * rid of the context.
-+ */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptFinal(
-+ state->sp->session, buf, &len);
-+ else
-+ rv = pFuncList->C_DecryptFinal(
-+ state->sp->session, buf, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
-+ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ state->sp = NULL;
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Registered by the ENGINE when used to find out how to deal with
-+ * a particular NID in the ENGINE. This says what we'll do at the
-+ * top level - note, that list is restricted by what we answer with
-+ */
-+/* ARGSUSED */
-+static int
-+pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid)
-+ {
-+ if (!cipher)
-+ return (pk11_usable_ciphers(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_des_ede3_cbc:
-+ *cipher = &pk11_3des_cbc;
-+ break;
-+ case NID_des_cbc:
-+ *cipher = &pk11_des_cbc;
-+ break;
-+ case NID_des_ede3_ecb:
-+ *cipher = &pk11_3des_ecb;
-+ break;
-+ case NID_des_ecb:
-+ *cipher = &pk11_des_ecb;
-+ break;
-+ case NID_aes_128_cbc:
-+ *cipher = &pk11_aes_128_cbc;
-+ break;
-+ case NID_aes_192_cbc:
-+ *cipher = &pk11_aes_192_cbc;
-+ break;
-+ case NID_aes_256_cbc:
-+ *cipher = &pk11_aes_256_cbc;
-+ break;
-+ case NID_aes_128_ecb:
-+ *cipher = &pk11_aes_128_ecb;
-+ break;
-+ case NID_aes_192_ecb:
-+ *cipher = &pk11_aes_192_ecb;
-+ break;
-+ case NID_aes_256_ecb:
-+ *cipher = &pk11_aes_256_ecb;
-+ break;
-+ case NID_bf_cbc:
-+ *cipher = &pk11_bf_cbc;
-+ break;
-+ case NID_rc4:
-+ *cipher = &pk11_rc4;
-+ break;
-+ default:
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * These can't be in separated cases because the NIDs
-+ * here are not constants.
-+ */
-+ if (nid == NID_aes_128_ctr)
-+ *cipher = &pk11_aes_128_ctr;
-+ else if (nid == NID_aes_192_ctr)
-+ *cipher = &pk11_aes_192_ctr;
-+ else if (nid == NID_aes_256_ctr)
-+ *cipher = &pk11_aes_256_ctr;
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ *cipher = NULL;
-+ break;
-+ }
-+ return (*cipher != NULL);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid)
-+ {
-+ if (!digest)
-+ return (pk11_usable_digests(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_md5:
-+ *digest = &pk11_md5;
-+ break;
-+ case NID_sha1:
-+ *digest = &pk11_sha1;
-+ break;
-+ case NID_sha224:
-+ *digest = &pk11_sha224;
-+ break;
-+ case NID_sha256:
-+ *digest = &pk11_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &pk11_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &pk11_sha512;
-+ break;
-+ default:
-+ *digest = NULL;
-+ break;
-+ }
-+ return (*digest != NULL);
-+ }
-+
-+
-+/* Create a secret key object in a PKCS#11 session */
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
-+ CK_ULONG ul_key_attr_count = 6;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_VALUE, (void*) NULL, 0},
-+ };
-+
-+ /*
-+ * Create secret key object in global_session. All other sessions
-+ * can use the key handles. Here is why:
-+ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
-+ * It may then call DecryptInit and DecryptUpdate using the same key.
-+ * To use the same key object, we need to call EncryptFinal with
-+ * a 0 length message. Currently, this does not work for 3DES
-+ * mechanism. To get around this problem, we close the session and
-+ * then create a new session to use the same key object. When a session
-+ * is closed, all the object handles will be invalid. Thus, create key
-+ * objects in a global session, an individual session may be closed to
-+ * terminate the active operation.
-+ */
-+ CK_SESSION_HANDLE session = global_session;
-+ a_key_template[0].pValue = &obj_key;
-+ a_key_template[1].pValue = &key_type;
-+ a_key_template[5].pValue = (void *) key;
-+ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Save the key information used in this session.
-+ * The max can be saved is PK11_KEY_LEN_MAX.
-+ */
-+ sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ?
-+ PK11_KEY_LEN_MAX : ctx->key_len;
-+ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
-+err:
-+
-+ return (h_key);
-+ }
-+
-+static int
-+md_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; i++)
-+ if (digests[i].nid == nid)
-+ return (digests[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_digest_init(EVP_MD_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_SESSION *sp;
-+ PK11_DIGEST *pdp;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ state->sp = NULL;
-+
-+ index = md_nid_to_pk11(ctx->digest->type);
-+ if (index < 0 || index >= PK11_DIGEST_MAX)
-+ return (0);
-+
-+ pdp = &digests[index];
-+ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
-+ return (0);
-+
-+ /* at present, no parameter is needed for supported digests */
-+ mech.mechanism = pdp->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ rv = pFuncList->C_DigestInit(sp->session, &mech);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
-+ pk11_return_session(sp, OP_DIGEST);
-+ return (0);
-+ }
-+
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-+ {
-+ CK_RV rv;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ /* 0 length message will cause a failure in C_DigestFinal */
-+ if (count == 0)
-+ return (1);
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
-+ count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-+ {
-+ CK_RV rv;
-+ unsigned long len;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+ len = ctx->digest->md_size;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ if (ctx->digest->md_size != len)
-+ return (0);
-+
-+ /*
-+ * Final is called and digest is returned, so return the session
-+ * to the pool
-+ */
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-+ {
-+ CK_RV rv;
-+ int ret = 0;
-+ PK11_CIPHER_STATE *state, *state_to;
-+ CK_BYTE_PTR pstate = NULL;
-+ CK_ULONG ul_state_len;
-+
-+ /* The copy-from state */
-+ state = (PK11_CIPHER_STATE *) from->md_data;
-+ if (state == NULL || state->sp == NULL)
-+ goto err;
-+
-+ /* Initialize the copy-to state */
-+ if (!pk11_digest_init(to))
-+ goto err;
-+ state_to = (PK11_CIPHER_STATE *) to->md_data;
-+
-+ /* Get the size of the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+ if (ul_state_len == 0)
-+ {
-+ goto err;
-+ }
-+
-+ pstate = OPENSSL_malloc(ul_state_len);
-+ if (pstate == NULL)
-+ {
-+ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /* Set the operation state of the copy-to session */
-+ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
-+ ul_state_len, 0, 0);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY,
-+ PK11_R_SET_OPERATION_STATE, rv);
-+ goto err;
-+ }
-+
-+ ret = 1;
-+err:
-+ if (pstate != NULL)
-+ OPENSSL_free(pstate);
-+
-+ return (ret);
-+ }
-+
-+/* Return any pending session state to the pool */
-+static int
-+pk11_digest_cleanup(EVP_MD_CTX *ctx)
-+ {
-+ PK11_CIPHER_STATE *state = ctx->md_data;
-+ unsigned char buf[EVP_MAX_MD_SIZE];
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * If state->sp is not NULL then pk11_digest_final() has not
-+ * been called yet. We must call it now to free any memory
-+ * that might have been allocated in the token when
-+ * pk11_digest_init() was called. pk11_digest_final()
-+ * will return the session to the cache.
-+ */
-+ if (!pk11_digest_final(ctx, buf))
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Check if the new key is the same as the key object in the session. If the key
-+ * is the same, no need to create a new key object. Otherwise, the old key
-+ * object needs to be destroyed and a new one will be created. Return 1 for
-+ * cache hit, 0 for cache miss. Note that we must check the key length first
-+ * otherwise we could end up reusing a different, longer key with the same
-+ * prefix.
-+ */
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len)
-+ {
-+ if (sp->opdata_key_len != key_len ||
-+ memcmp(sp->opdata_key, key, key_len) != 0)
-+ {
-+ (void) pk11_destroy_cipher_key_objects(sp);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/* Destroy one or more secret key objects. */
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_CIPHER].head;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
-+ {
-+ /*
-+ * The secret key object is created in the
-+ * global_session. See pk11_get_cipher_key().
-+ */
-+ if (pk11_destroy_object(global_session,
-+ sp->opdata_cipher_key, CK_FALSE) == 0)
-+ goto err;
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ }
-+ }
-+ ret = 1;
-+err:
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_X_509
-+ * CKM_RSA_PKCS
-+ * CKM_DSA
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * Symmetric ciphers optionally supported
-+ *
-+ * CKM_DES3_CBC
-+ * CKM_DES_CBC
-+ * CKM_AES_CBC
-+ * CKM_DES3_ECB
-+ * CKM_DES_ECB
-+ * CKM_AES_ECB
-+ * CKM_AES_CTR
-+ * CKM_RC4
-+ * CKM_BLOWFISH_CBC
-+ *
-+ * Digests optionally supported
-+ *
-+ * CKM_MD5
-+ * CKM_SHA_1
-+ * CKM_SHA224
-+ * CKM_SHA256
-+ * CKM_SHA384
-+ * CKM_SHA512
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ int slot_n_cipher = 0;
-+ int slot_n_digest = 0;
-+ CK_SLOT_ID current_slot = 0;
-+ int current_slot_n_cipher = 0;
-+ int current_slot_n_digest = 0;
-+
-+ int local_cipher_nids[PK11_CIPHER_MAX];
-+ int local_digest_nids[PK11_DIGEST_MAX];
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ CK_BBOOL slot_has_recover = CK_FALSE;
-+ CK_BBOOL slot_has_dsa = CK_FALSE;
-+ CK_BBOOL slot_has_dh = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_RSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ /*
-+ * Check if this slot is capable of encryption,
-+ * decryption, sign, and verify with CKM_RSA_X_509.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_RSA_X_509, &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY) &&
-+ (mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ if (mech_info.flags & CKF_VERIFY_RECOVER)
-+ {
-+ slot_has_recover = CK_TRUE;
-+ }
-+ }
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_DSA.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
-+ &mech_info);
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ slot_has_dsa = CK_TRUE;
-+ }
-+
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ /*
-+ * Check if this slot is capable of DH key generataion and
-+ * derivation.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
-+
-+ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
-+ {
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_DERIVE, &mech_info);
-+ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
-+ {
-+ slot_has_dh = CK_TRUE;
-+ }
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ if (!found_candidate_slot &&
-+ (slot_has_rsa || slot_has_dsa || slot_has_dh))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ pk11_have_recover = slot_has_recover;
-+ pk11_have_dsa = slot_has_dsa;
-+ pk11_have_dh = slot_has_dh;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa/dsa/dh\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ found_candidate_slot = CK_FALSE;
-+ best_slot_sofar = 0;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ current_slot = pSlotList[i];
-+ current_slot_n_cipher = 0;
-+ current_slot_n_digest = 0;
-+ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
-+ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
-+
-+ pk11_find_symmetric_ciphers(pFuncList, current_slot,
-+ ¤t_slot_n_cipher, local_cipher_nids);
-+
-+ pk11_find_digests(pFuncList, current_slot,
-+ ¤t_slot_n_digest, local_digest_nids);
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
-+ current_slot_n_cipher);
-+ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
-+ current_slot_n_digest);
-+ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
-+ PK11_DBG, best_slot_sofar);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * If the current slot supports more ciphers/digests than
-+ * the previous best one we change the current best to this one,
-+ * otherwise leave it where it is.
-+ */
-+ if ((current_slot_n_cipher + current_slot_n_digest) >
-+ (slot_n_cipher + slot_n_digest))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: changing best so far slot to %d\n",
-+ PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = SLOTID = current_slot;
-+ cipher_count = slot_n_cipher = current_slot_n_cipher;
-+ digest_count = slot_n_digest = current_slot_n_digest;
-+ (void) memcpy(cipher_nids, local_cipher_nids,
-+ sizeof (local_cipher_nids));
-+ (void) memcpy(digest_nids, local_digest_nids,
-+ sizeof (local_digest_nids));
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
-+ fprintf(stderr,
-+ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+ fprintf(stderr,
-+ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
-+ fprintf(stderr,
-+ "%s: digest_count %d\n", PK11_DBG, digest_count);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ OPENSSL_free(hw_cnids);
-+ OPENSSL_free(hw_dnids);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
-+ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
-+ int *local_cipher_nids, int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if ((mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT))
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(ciphers[id].nid, hw_cnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_cipher_nids[(*current_slot_n_cipher)++] =
-+ ciphers[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if (mech_info.flags & CKF_DIGEST)
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(digests[id].nid, hw_dnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_digest_nids[(*current_slot_n_digest)++] =
-+ digests[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+/* create a new NID when we have no OID for that mechanism */
-+static int pk11_add_NID(char *sn, char *ln)
-+ {
-+ ASN1_OBJECT *o;
-+ int nid;
-+
-+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
-+ 1, sn, ln)) == NULL)
-+ {
-+ return (0);
-+ }
-+
-+ /* will return NID_undef on error */
-+ nid = OBJ_add_object(o);
-+ ASN1_OBJECT_free(o);
-+
-+ return (nid);
-+ }
-+
-+/*
-+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
-+ * have to help ourselves here.
-+ */
-+static int pk11_add_aes_ctr_NIDs(void)
-+ {
-+ /* are we already set? */
-+ if (NID_aes_256_ctr != NID_undef)
-+ return (1);
-+
-+ /*
-+ * There are no official names for AES counter modes yet so we just
-+ * follow the format of those that exist.
-+ */
-+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
-+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
-+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
-+ return (1);
-+
-+err:
-+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
-+ return (0);
-+ }
-+#endif /* SOLARIS_AES_CTR */
-+
-+/* Find what symmetric ciphers this slot supports. */
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; ++i)
-+ {
-+ pk11_get_symmetric_cipher(pflist, current_slot,
-+ ciphers[i].mech_type, current_slot_n_cipher,
-+ local_cipher_nids, ciphers[i].id);
-+ }
-+ }
-+
-+/* Find what digest algorithms this slot supports. */
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; ++i)
-+ {
-+ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
-+ current_slot_n_digest, local_digest_nids, digests[i].id);
-+ }
-+ }
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * It would be great if we could use pkcs11_kernel directly since this library
-+ * offers hardware slots only. That's the easiest way to achieve the situation
-+ * where we use the hardware accelerators when present and OpenSSL native code
-+ * otherwise. That presumes the fact that OpenSSL native code is faster than the
-+ * code in the soft token. It's a logical assumption - Crypto Framework has some
-+ * inherent overhead so going there for the software implementation of a
-+ * mechanism should be logically slower in contrast to the OpenSSL native code,
-+ * presuming that both implementations are of similar speed. For example, the
-+ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
-+ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
-+ * that use the PKCS#11 engine by default, we must somehow avoid that regression
-+ * on machines without hardware acceleration. That's why switching to the
-+ * pkcs11_kernel library seems like a very good idea.
-+ *
-+ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
-+ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
-+ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
-+ * library, we would have had a performance regression on machines without
-+ * hardware acceleration for asymmetric operations for all applications that use
-+ * the PKCS#11 engine. There is one such application - Apache web server since
-+ * it's shipped configured to use the PKCS#11 engine by default. Having said
-+ * that, we can't switch to the pkcs11_kernel library now and have to come with
-+ * a solution that, on non-accelerated machines, uses the OpenSSL native code
-+ * for all symmetric ciphers and digests while it uses the soft token for
-+ * asymmetric operations.
-+ *
-+ * This is the idea: dlopen() pkcs11_kernel directly and find out what
-+ * mechanisms are there. We don't care about duplications (more slots can
-+ * support the same mechanism), we just want to know what mechanisms can be
-+ * possibly supported in hardware on that particular machine. As said before,
-+ * pkcs11_kernel will show you hardware providers only.
-+ *
-+ * Then, we rely on the fact that since we use libpkcs11 library we will find
-+ * the metaslot. When we go through the metaslot's mechanisms for symmetric
-+ * ciphers and digests, we check that any found mechanism is in the table
-+ * created using the pkcs11_kernel library. So, as a result we have two arrays
-+ * of mechanisms that were advertised as supported in hardware which was the
-+ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
-+ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
-+ * information.
-+ *
-+ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
-+ * the code won't be used.
-+ */
-+#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
-+static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
-+#else
-+static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
-+#endif
-+
-+/*
-+ * Check hardware capabilities of the machines. The output are two lists,
-+ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
-+ * providers together. They are not sorted and may contain duplicate mechanisms.
-+ */
-+static int check_hw_mechanisms(void)
-+ {
-+ int i;
-+ CK_RV rv;
-+ void *handle;
-+ CK_C_GetFunctionList p;
-+ CK_TOKEN_INFO token_info;
-+ CK_ULONG ulSlotCount = 0;
-+ int n_cipher = 0, n_digest = 0;
-+ CK_FUNCTION_LIST_PTR pflist = NULL;
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
-+ int hw_ctable_size, hw_dtable_size;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
-+ PK11_DBG);
-+#endif
-+ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ if ((p = (CK_C_GetFunctionList)dlsym(handle,
-+ PK11_GET_FUNCTION_LIST)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ if (p(&pflist) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /* no slots, set the hw mechanism tables as empty */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
-+#endif
-+ hw_cnids = OPENSSL_malloc(sizeof (int));
-+ hw_dnids = OPENSSL_malloc(sizeof (int));
-+ if (hw_cnids == NULL || hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ /* this means empty tables */
-+ hw_cnids[0] = NID_undef;
-+ hw_dnids[0] = NID_undef;
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the slot list for processing */
-+ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /*
-+ * We don't care about duplicit mechanisms in multiple slots and also
-+ * reserve one slot for the terminal NID_undef which we use to stop the
-+ * search.
-+ */
-+ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
-+ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
-+ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
-+ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
-+ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * Do not use memset since we should not rely on the fact that NID_undef
-+ * is zero now.
-+ */
-+ for (i = 0; i < hw_ctable_size; ++i)
-+ tmp_hw_cnids[i] = NID_undef;
-+ for (i = 0; i < hw_dtable_size; ++i)
-+ tmp_hw_dnids[i] = NID_undef;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
-+ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
-+ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
-+ PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * We are filling the hw mech tables here. Global tables are
-+ * still NULL so all mechanisms are put into tmp tables.
-+ */
-+ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
-+ &n_cipher, tmp_hw_cnids);
-+ pk11_find_digests(pflist, pSlotList[i],
-+ &n_digest, tmp_hw_dnids);
-+ }
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects. Also, C_Finalize() is triggered by
-+ * dlclose(3C).
-+ */
-+#if 0
-+ pflist->C_Finalize(NULL);
-+#endif
-+ OPENSSL_free(pSlotList);
-+ (void) dlclose(handle);
-+ hw_cnids = tmp_hw_cnids;
-+ hw_dnids = tmp_hw_dnids;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+
-+err:
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+ if (tmp_hw_cnids != NULL)
-+ OPENSSL_free(tmp_hw_cnids);
-+ if (tmp_hw_dnids != NULL)
-+ OPENSSL_free(tmp_hw_dnids);
-+
-+ return (0);
-+ }
-+
-+/*
-+ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
-+ * non-existent).
-+ */
-+static int nid_in_table(int nid, int *nid_table)
-+ {
-+ int i = 0;
-+
-+ /*
-+ * a special case. NULL means that we are initializing a new
-+ * table.
-+ */
-+ if (nid_table == NULL)
-+ return (1);
-+
-+ /*
-+ * the table is never full, there is always at least one
-+ * NID_undef.
-+ */
-+ while (nid_table[i] != NID_undef)
-+ {
-+ if (nid_table[i++] == nid)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+ }
-+
-+ return (0);
-+ }
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11_err.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
-@@ -0,0 +1,288 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_err.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/err.h>
-+#include "hw_pk11_err.h"
-+
-+/* BEGIN ERROR CODES */
-+#ifndef OPENSSL_NO_ERR
-+static ERR_STRING_DATA pk11_str_functs[]=
-+{
-+{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
-+{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
-+{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
-+{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
-+{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
-+{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
-+{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
-+{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
-+{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
-+{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
-+{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
-+{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
-+{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
-+{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
-+{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
-+{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
-+{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
-+{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
-+{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
-+{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
-+{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
-+{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
-+{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
-+{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
-+{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
-+{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
-+{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
-+{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
-+{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
-+{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
-+{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
-+{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
-+{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
-+{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
-+{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
-+{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
-+{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
-+{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
-+{ 0, NULL}
-+};
-+
-+static ERR_STRING_DATA pk11_str_reasons[]=
-+{
-+{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
-+{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
-+{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
-+{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
-+{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
-+{ PK11_R_INITIALIZE, "C_Initialize failed"},
-+{ PK11_R_FINALIZE, "C_Finalize failed"},
-+{ PK11_R_GETINFO, "C_GetInfo faile"},
-+{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
-+{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
-+{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
-+{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
-+{ PK11_R_NO_MODULUS, "no modulus"},
-+{ PK11_R_NO_EXPONENT, "no exponent"},
-+{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
-+{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
-+{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
-+{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
-+{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
-+{ PK11_R_OPENSESSION, "C_OpenSession failed"},
-+{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
-+{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
-+{ PK11_R_ENCRYPT, "C_Encrypt failed"},
-+{ PK11_R_SIGNINIT, "C_SignInit failed"},
-+{ PK11_R_SIGN, "C_Sign failed"},
-+{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
-+{ PK11_R_DECRYPT, "C_Decrypt failed"},
-+{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
-+{ PK11_R_VERIFY, "C_Verify failed"},
-+{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
-+{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
-+{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
-+{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
-+{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
-+{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
-+{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
-+{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
-+{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
-+{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
-+{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
-+{ PK11_R_MALLOC_FAILURE, "malloc failure"},
-+{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
-+{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
-+{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
-+{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
-+{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
-+{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
-+{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
-+{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
-+{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
-+{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
-+{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
-+{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
-+{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
-+{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
-+{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
-+{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
-+{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
-+{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
-+{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
-+{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
-+{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
-+{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
-+{ PK11_R_ATFORK_FAILED, "atfork() failed" },
-+{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
-+{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
-+{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
-+{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
-+{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
-+{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
-+{ PK11_R_PIPE_FAILED, "pipe() failed" },
-+{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
-+{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
-+{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
-+{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
-+{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
-+{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
-+{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
-+{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
-+{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
-+{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
-+{ PK11_R_MMAP_FAILED, "mmap() failed" },
-+{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
-+{ PK11_R_MLOCK_FAILED, "mlock() failed" },
-+{ PK11_R_FORK_FAILED, "fork() failed" },
-+{ 0, NULL}
-+};
-+#endif /* OPENSSL_NO_ERR */
-+
-+static int pk11_lib_error_code = 0;
-+static int pk11_error_init = 1;
-+
-+static void
-+ERR_load_pk11_strings(void)
-+ {
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+
-+ if (pk11_error_init)
-+ {
-+ pk11_error_init = 0;
-+#ifndef OPENSSL_NO_ERR
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ }
-+}
-+
-+static void
-+ERR_unload_pk11_strings(void)
-+ {
-+ if (pk11_error_init == 0)
-+ {
-+#ifndef OPENSSL_NO_ERR
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ pk11_error_init = 1;
-+ }
-+}
-+
-+void
-+ERR_pk11_error(int function, int reason, char *file, int line)
-+{
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-+}
-+
-+void
-+PK11err_add_data(int function, int reason, CK_RV rv)
-+{
-+ char tmp_buf[20];
-+
-+ PK11err(function, reason);
-+ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
-+ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-+}
-Index: openssl/crypto/engine/hw_pk11_err.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:51:32 2011
-@@ -0,0 +1,440 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#ifndef HW_PK11_ERR_H
-+#define HW_PK11_ERR_H
-+
-+void ERR_pk11_error(int function, int reason, char *file, int line);
-+void PK11err_add_data(int function, int reason, CK_RV rv);
-+#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
-+
-+/* Error codes for the PK11 functions. */
-+
-+/* Function codes. */
-+
-+#define PK11_F_INIT 100
-+#define PK11_F_FINISH 101
-+#define PK11_F_DESTROY 102
-+#define PK11_F_CTRL 103
-+#define PK11_F_RSA_INIT 104
-+#define PK11_F_RSA_FINISH 105
-+#define PK11_F_GET_PUB_RSA_KEY 106
-+#define PK11_F_GET_PRIV_RSA_KEY 107
-+#define PK11_F_RSA_GEN_KEY 108
-+#define PK11_F_RSA_PUB_ENC 109
-+#define PK11_F_RSA_PRIV_ENC 110
-+#define PK11_F_RSA_PUB_DEC 111
-+#define PK11_F_RSA_PRIV_DEC 112
-+#define PK11_F_RSA_SIGN 113
-+#define PK11_F_RSA_VERIFY 114
-+#define PK11_F_RAND_ADD 115
-+#define PK11_F_RAND_BYTES 116
-+#define PK11_F_GET_SESSION 117
-+#define PK11_F_FREE_SESSION 118
-+#define PK11_F_LOAD_PUBKEY 119
-+#define PK11_F_LOAD_PRIVKEY 120
-+#define PK11_F_RSA_PUB_ENC_LOW 121
-+#define PK11_F_RSA_PRIV_ENC_LOW 122
-+#define PK11_F_RSA_PUB_DEC_LOW 123
-+#define PK11_F_RSA_PRIV_DEC_LOW 124
-+#define PK11_F_DSA_SIGN 125
-+#define PK11_F_DSA_VERIFY 126
-+#define PK11_F_DSA_INIT 127
-+#define PK11_F_DSA_FINISH 128
-+#define PK11_F_GET_PUB_DSA_KEY 129
-+#define PK11_F_GET_PRIV_DSA_KEY 130
-+#define PK11_F_DH_INIT 131
-+#define PK11_F_DH_FINISH 132
-+#define PK11_F_MOD_EXP_DH 133
-+#define PK11_F_GET_DH_KEY 134
-+#define PK11_F_FREE_ALL_SESSIONS 135
-+#define PK11_F_SETUP_SESSION 136
-+#define PK11_F_DESTROY_OBJECT 137
-+#define PK11_F_CIPHER_INIT 138
-+#define PK11_F_CIPHER_DO_CIPHER 139
-+#define PK11_F_GET_CIPHER_KEY 140
-+#define PK11_F_DIGEST_INIT 141
-+#define PK11_F_DIGEST_UPDATE 142
-+#define PK11_F_DIGEST_FINAL 143
-+#define PK11_F_CHOOSE_SLOT 144
-+#define PK11_F_CIPHER_FINAL 145
-+#define PK11_F_LIBRARY_INIT 146
-+#define PK11_F_LOAD 147
-+#define PK11_F_DH_GEN_KEY 148
-+#define PK11_F_DH_COMP_KEY 149
-+#define PK11_F_DIGEST_COPY 150
-+#define PK11_F_CIPHER_CLEANUP 151
-+#define PK11_F_ACTIVE_ADD 152
-+#define PK11_F_ACTIVE_DELETE 153
-+#define PK11_F_CHECK_HW_MECHANISMS 154
-+#define PK11_F_INIT_SYMMETRIC 155
-+#define PK11_F_ADD_AES_CTR_NIDS 156
-+#define PK11_F_INIT_ALL_LOCKS 157
-+#define PK11_F_RETURN_SESSION 158
-+#define PK11_F_GET_PIN 159
-+#define PK11_F_FIND_ONE_OBJECT 160
-+#define PK11_F_CHECK_TOKEN_ATTRS 161
-+#define PK11_F_CACHE_PIN 162
-+#define PK11_F_MLOCK_PIN_IN_MEMORY 163
-+#define PK11_F_TOKEN_LOGIN 164
-+#define PK11_F_TOKEN_RELOGIN 165
-+#define PK11_F_RUN_ASKPASS 166
-+
-+/* Reason codes. */
-+#define PK11_R_ALREADY_LOADED 100
-+#define PK11_R_DSO_FAILURE 101
-+#define PK11_R_NOT_LOADED 102
-+#define PK11_R_PASSED_NULL_PARAMETER 103
-+#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
-+#define PK11_R_INITIALIZE 105
-+#define PK11_R_FINALIZE 106
-+#define PK11_R_GETINFO 107
-+#define PK11_R_GETSLOTLIST 108
-+#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
-+#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
-+#define PK11_R_GETATTRIBUTVALUE 111
-+#define PK11_R_NO_MODULUS 112
-+#define PK11_R_NO_EXPONENT 113
-+#define PK11_R_FINDOBJECTSINIT 114
-+#define PK11_R_FINDOBJECTS 115
-+#define PK11_R_FINDOBJECTSFINAL 116
-+#define PK11_R_CREATEOBJECT 118
-+#define PK11_R_DESTROYOBJECT 119
-+#define PK11_R_OPENSESSION 120
-+#define PK11_R_CLOSESESSION 121
-+#define PK11_R_ENCRYPTINIT 122
-+#define PK11_R_ENCRYPT 123
-+#define PK11_R_SIGNINIT 124
-+#define PK11_R_SIGN 125
-+#define PK11_R_DECRYPTINIT 126
-+#define PK11_R_DECRYPT 127
-+#define PK11_R_VERIFYINIT 128
-+#define PK11_R_VERIFY 129
-+#define PK11_R_VERIFYRECOVERINIT 130
-+#define PK11_R_VERIFYRECOVER 131
-+#define PK11_R_GEN_KEY 132
-+#define PK11_R_SEEDRANDOM 133
-+#define PK11_R_GENERATERANDOM 134
-+#define PK11_R_INVALID_MESSAGE_LENGTH 135
-+#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
-+#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
-+#define PK11_R_UNKNOWN_PADDING_TYPE 138
-+#define PK11_R_PADDING_CHECK_FAILED 139
-+#define PK11_R_DIGEST_TOO_BIG 140
-+#define PK11_R_MALLOC_FAILURE 141
-+#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
-+#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
-+#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
-+#define PK11_R_MISSING_KEY_COMPONENT 145
-+#define PK11_R_INVALID_SIGNATURE_LENGTH 146
-+#define PK11_R_INVALID_DSA_SIGNATURE_R 147
-+#define PK11_R_INVALID_DSA_SIGNATURE_S 148
-+#define PK11_R_INCONSISTENT_KEY 149
-+#define PK11_R_ENCRYPTUPDATE 150
-+#define PK11_R_DECRYPTUPDATE 151
-+#define PK11_R_DIGESTINIT 152
-+#define PK11_R_DIGESTUPDATE 153
-+#define PK11_R_DIGESTFINAL 154
-+#define PK11_R_ENCRYPTFINAL 155
-+#define PK11_R_DECRYPTFINAL 156
-+#define PK11_R_NO_PRNG_SUPPORT 157
-+#define PK11_R_GETTOKENINFO 158
-+#define PK11_R_DERIVEKEY 159
-+#define PK11_R_GET_OPERATION_STATE 160
-+#define PK11_R_SET_OPERATION_STATE 161
-+#define PK11_R_INVALID_HANDLE 162
-+#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
-+#define PK11_R_INVALID_OPERATION_TYPE 164
-+#define PK11_R_ADD_NID_FAILED 165
-+#define PK11_R_ATFORK_FAILED 166
-+
-+#define PK11_R_TOKEN_LOGIN_FAILED 167
-+#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
-+#define PK11_R_INVALID_PKCS11_URI 169
-+#define PK11_R_COULD_NOT_READ_PIN 170
-+#define PK11_R_COULD_NOT_OPEN_COMMAND 171
-+#define PK11_R_PIPE_FAILED 172
-+#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
-+#define PK11_R_BAD_PASSPHRASE_SPEC 174
-+#define PK11_R_TOKEN_NOT_INITIALIZED 175
-+#define PK11_R_TOKEN_PIN_NOT_SET 176
-+#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
-+#define PK11_R_MISSING_OBJECT_LABEL 178
-+#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
-+#define PK11_R_PRIV_KEY_NOT_FOUND 180
-+#define PK11_R_NO_OBJECT_FOUND 181
-+#define PK11_R_PIN_CACHING_POLICY_INVALID 182
-+#define PK11_R_SYSCONF_FAILED 183
-+#define PK11_R_MMAP_FAILED 183
-+#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
-+#define PK11_R_MLOCK_FAILED 185
-+#define PK11_R_FORK_FAILED 186
-+
-+/* max byte length of a symetric key we support */
-+#define PK11_KEY_LEN_MAX 32
-+
-+#ifdef NOPTHREADS
-+/*
-+ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
-+ * free_session list and active_list but generally serves as a global
-+ * per-process lock for the whole engine.
-+ *
-+ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
-+ * the global engine lock. This is not optimal w.r.t. performance but
-+ * it's safe.
-+ */
-+#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
-+#endif
-+
-+/*
-+ * This structure encapsulates all reusable information for a PKCS#11
-+ * session. A list of these objects is created on behalf of the
-+ * calling application using an on-demand method. Each operation
-+ * type (see PK11_OPTYPE below) has its own per-process list.
-+ * Each of the lists is basically a cache for faster PKCS#11 object
-+ * access to avoid expensive C_Find{,Init,Final}Object() calls.
-+ *
-+ * When a new request comes in, an object will be taken from the list
-+ * (if there is one) or a new one is created to handle the request
-+ * (if the list is empty). See pk11_get_session() on how it is done.
-+ */
-+typedef struct PK11_st_SESSION
-+ {
-+ struct PK11_st_SESSION *next;
-+ CK_SESSION_HANDLE session; /* PK11 session handle */
-+ pid_t pid; /* Current process ID */
-+ CK_BBOOL pub_persistent; /* is pub key in keystore? */
-+ CK_BBOOL priv_persistent;/* is priv key in keystore? */
-+ union
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
-+ RSA *rsa_pub; /* pub key addr */
-+ BIGNUM *rsa_n_num; /* pub modulus */
-+ BIGNUM *rsa_e_num; /* pub exponent */
-+ RSA *rsa_priv; /* priv key addr */
-+ BIGNUM *rsa_pn_num; /* pub modulus */
-+ BIGNUM *rsa_pe_num; /* pub exponent */
-+ BIGNUM *rsa_d_num; /* priv exponent */
-+ } u_RSA;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
-+ DSA *dsa_pub; /* pub key addr */
-+ BIGNUM *dsa_pub_num; /* pub key */
-+ DSA *dsa_priv; /* priv key addr */
-+ BIGNUM *dsa_priv_num; /* priv key */
-+ } u_DSA;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dh_key; /* key handle */
-+ DH *dh; /* dh key addr */
-+ BIGNUM *dh_priv_num; /* priv dh key */
-+ } u_DH;
-+#endif /* OPENSSL_NO_DH */
-+ struct
-+ {
-+ CK_OBJECT_HANDLE cipher_key; /* key handle */
-+ unsigned char key[PK11_KEY_LEN_MAX];
-+ int key_len; /* priv key len */
-+ int encrypt; /* 1/0 enc/decr */
-+ } u_cipher;
-+ } opdata_u;
-+ } PK11_SESSION;
-+
-+#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
-+#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
-+#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
-+#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
-+#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
-+#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
-+#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
-+#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
-+#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
-+#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
-+#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
-+#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
-+#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
-+#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
-+#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
-+#define opdata_dh_key opdata_u.u_DH.dh_key
-+#define opdata_dh opdata_u.u_DH.dh
-+#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
-+#define opdata_cipher_key opdata_u.u_cipher.cipher_key
-+#define opdata_key opdata_u.u_cipher.key
-+#define opdata_key_len opdata_u.u_cipher.key_len
-+#define opdata_encrypt opdata_u.u_cipher.encrypt
-+
-+/*
-+ * We have 3 different groups of operation types:
-+ * 1) asymmetric operations
-+ * 2) random operations
-+ * 3) symmetric and digest operations
-+ *
-+ * This division into groups stems from the fact that it's common that hardware
-+ * providers may support operations from one group only. For example, hardware
-+ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
-+ * only a single group of operations.
-+ *
-+ * For every group a different slot can be chosen. That means that we must have
-+ * at least 3 different lists of cached PKCS#11 sessions since sessions from
-+ * different groups may be initialized in different slots.
-+ *
-+ * To provide locking granularity in multithreaded environment, the groups are
-+ * further splitted into types with each type having a separate session cache.
-+ */
-+typedef enum PK11_OPTYPE_ENUM
-+ {
-+ OP_RAND,
-+ OP_RSA,
-+ OP_DSA,
-+ OP_DH,
-+ OP_CIPHER,
-+ OP_DIGEST,
-+ OP_MAX
-+ } PK11_OPTYPE;
-+
-+/*
-+ * This structure contains the heads of the lists forming the object caches
-+ * and locks associated with the lists.
-+ */
-+typedef struct PK11_st_CACHE
-+ {
-+ PK11_SESSION *head;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *lock;
-+#endif
-+ } PK11_CACHE;
-+
-+/* structure for tracking handles of asymmetric key objects */
-+typedef struct PK11_active_st
-+ {
-+ CK_OBJECT_HANDLE h;
-+ unsigned int refcnt;
-+ struct PK11_active_st *prev;
-+ struct PK11_active_st *next;
-+ } PK11_active;
-+
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *find_lock[];
-+#endif
-+extern PK11_active *active_list[];
-+/*
-+ * These variables are specific for the RSA keys by reference code. See
-+ * hw_pk11_pub.c for explanation.
-+ */
-+extern CK_FLAGS pubkey_token_flags;
-+
-+#ifndef NOPTHREADS
-+#define LOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_lock(find_lock[alg_type])
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_unlock(find_lock[alg_type])
-+#else
-+#define LOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
-+#endif
-+
-+extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+extern int pk11_token_relogin(CK_SESSION_HANDLE session);
-+
-+#ifndef OPENSSL_NO_RSA
-+extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern RSA_METHOD *PK11_RSA(void);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DSA_METHOD *PK11_DSA(void);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DH_METHOD *PK11_DH(void);
-+#endif /* OPENSSL_NO_DH */
-+
-+extern CK_FUNCTION_LIST_PTR pFuncList;
-+
-+#endif /* HW_PK11_ERR_H */
-Index: openssl/crypto/engine/hw_pk11_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.37
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11_pub.c Fri Jun 17 07:55:25 2011
-@@ -0,0 +1,3530 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif /* OPENSSL_NO_DH */
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+#ifndef OPENSSL_NO_RSA
-+/* RSA stuff */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_init(RSA *rsa);
-+static int pk11_RSA_finish(RSA *rsa);
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#else
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#endif
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+#endif
-+
-+/* DSA stuff */
-+#ifndef OPENSSL_NO_DSA
-+static int pk11_DSA_init(DSA *dsa);
-+static int pk11_DSA_finish(DSA *dsa);
-+static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa);
-+static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
-+
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
-+#endif
-+
-+/* DH stuff */
-+#ifndef OPENSSL_NO_DH
-+static int pk11_DH_init(DH *dh);
-+static int pk11_DH_finish(DH *dh);
-+static int pk11_DH_generate_key(DH *dh);
-+static int pk11_DH_compute_key(unsigned char *key,
-+ const BIGNUM *pub_key, DH *dh);
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
-+ BIGNUM **priv_key, CK_SESSION_HANDLE session);
-+
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
-+#endif
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa =
-+ {
-+ "PKCS#11 RSA method",
-+ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
-+ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
-+ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
-+ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
-+ NULL, /* rsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_RSA_init, /* init */
-+ pk11_RSA_finish, /* finish */
-+ RSA_FLAG_SIGN_VER, /* flags */
-+ NULL, /* app_data */
-+ pk11_RSA_sign, /* rsa_sign */
-+ pk11_RSA_verify /* rsa_verify */
-+ };
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ return (&pk11_rsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Our internal DSA_METHOD that we provide pointers to */
-+static DSA_METHOD pk11_dsa =
-+ {
-+ "PKCS#11 DSA method",
-+ pk11_dsa_do_sign, /* dsa_do_sign */
-+ NULL, /* dsa_sign_setup */
-+ pk11_dsa_do_verify, /* dsa_do_verify */
-+ NULL, /* dsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_DSA_init, /* init */
-+ pk11_DSA_finish, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+ };
-+
-+DSA_METHOD *
-+PK11_DSA(void)
-+ {
-+ return (&pk11_dsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DH
-+/*
-+ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
-+ * output buffer may somewhat exceed the precise number of bytes needed, but
-+ * should not exceed it by a large amount. That may be caused, for example, by
-+ * rounding it up to multiple of X in the underlying bignum library. 8 should be
-+ * enough.
-+ */
-+#define DH_BUF_RESERVE 8
-+
-+/* Our internal DH_METHOD that we provide pointers to */
-+static DH_METHOD pk11_dh =
-+ {
-+ "PKCS#11 DH method",
-+ pk11_DH_generate_key, /* generate_key */
-+ pk11_DH_compute_key, /* compute_key */
-+ NULL, /* bn_mod_exp */
-+ pk11_DH_init, /* init */
-+ pk11_DH_finish, /* finish */
-+ 0, /* flags */
-+ NULL, /* app_data */
-+ NULL /* generate_params */
-+ };
-+
-+DH_METHOD *
-+PK11_DH(void)
-+ {
-+ return (&pk11_dh);
-+ }
-+#endif
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+/* Lengths of DSA data and signature */
-+#define DSA_DATA_LEN 20
-+#define DSA_SIGNATURE_LEN 40
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+#ifndef OPENSSL_NO_RSA
-+/*
-+ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
-+ * support all paddings in this engine although PK11 library does not
-+ * support all the paddings used in OpenSSL.
-+ * The input errors should have been checked in the padding functions.
-+ */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ i = RSA_padding_add_SSLv23(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+
-+/*
-+ * Similar to Openssl to take advantage of the paddings. The input errors
-+ * should be catched in the padding functions
-+ */
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ case RSA_SSLV23_PADDING:
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int j, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+
-+ num = BN_num_bytes(rsa->n);
-+
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ /* make data into a big number */
-+ if (BN_bin2bn(from, (int)flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's paddings here.
-+ */
-+ for (j = 0; j < r; j++)
-+ if (buf[j] != 0)
-+ break;
-+
-+ p = buf + j;
-+ j = r - j; /* j is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ r = RSA_padding_check_SSLv23(to, num, p, j, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, j, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int i, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+ num = BN_num_bytes(rsa->n);
-+ buf = (unsigned char *)OPENSSL_malloc(num);
-+ if (buf == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ if (BN_bin2bn(from, flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's here
-+ */
-+ for (i = 0; i < r; i++)
-+ if (buf[i] != 0)
-+ break;
-+
-+ p = buf + i;
-+ i = r - i; /* i is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, i, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/*
-+ * This function implements RSA public encryption using C_EncryptInit and
-+ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_encrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Encrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_encrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_encrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private encryption using C_SignInit and
-+ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG ul_sig_len = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ {
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
-+ PK11_R_SIGNINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char *)from, flen, to, &ul_sig_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
-+ rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ retval = ul_sig_len;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private decryption using C_DecryptInit and
-+ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Decrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA public decryption using C_VerifyRecoverInit
-+ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyRecoverInit(sp->session,
-+ p_mech, h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVERINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_VerifyRecover(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVER, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+static int pk11_RSA_init(RSA *rsa)
-+ {
-+ /*
-+ * This flag in the RSA_METHOD enables the new rsa_sign,
-+ * rsa_verify functions. See rsa.h for details.
-+ */
-+ rsa->flags |= RSA_FLAG_SIGN_VER;
-+
-+ return (1);
-+ }
-+
-+static int pk11_RSA_finish(RSA *rsa)
-+ {
-+ /*
-+ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
-+ * to do the same as in the original function, i.e. to free bignum
-+ * structures.
-+ */
-+ if (rsa->_method_mod_n != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_n);
-+ if (rsa->_method_mod_p != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_p);
-+ if (rsa->_method_mod_q != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_q);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#else
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#endif
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto err;
-+ }
-+ rv = pFuncList->C_Verify(sp->session, s, i,
-+ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* The DSA function implementation */
-+/* ARGSUSED */
-+static int pk11_DSA_init(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DSA_finish(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+
-+static DSA_SIG *
-+pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-+ {
-+ BIGNUM *r = NULL, *s = NULL;
-+ int i;
-+ DSA_SIG *dsa_sig = NULL;
-+
-+ CK_RV rv;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+
-+ /*
-+ * The signature is the concatenation of r and s,
-+ * each is 20 bytes long
-+ */
-+ unsigned char sigret[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_priv(sp, dsa);
-+
-+ h_priv_key = sp->opdata_dsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_dsa_priv_key =
-+ pk11_get_private_dsa_key((DSA *)dsa,
-+ &sp->opdata_dsa_priv,
-+ &sp->opdata_dsa_priv_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto ret;
-+ }
-+
-+ (void) memset(sigret, 0, siglen);
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char*) dgst, dlen, sigret,
-+ (CK_ULONG_PTR) &siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
-+ goto ret;
-+ }
-+ }
-+
-+
-+ if ((s = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((r = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((dsa_sig = DSA_SIG_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
-+ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ dsa_sig->r = r;
-+ dsa_sig->s = s;
-+
-+ret:
-+ if (dsa_sig == NULL)
-+ {
-+ if (r != NULL)
-+ BN_free(r);
-+ if (s != NULL)
-+ BN_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (dsa_sig);
-+ }
-+
-+static int
-+pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
-+ DSA *dsa)
-+ {
-+ int i;
-+ CK_RV rv;
-+ int retval = 0;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+
-+ unsigned char sigbuf[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_R);
-+ goto ret;
-+ }
-+
-+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_S);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_pub(sp, dsa);
-+
-+ h_pub_key = sp->opdata_dsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_dsa_pub_key =
-+ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
-+ &sp->opdata_dsa_pub_num, sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto ret;
-+ }
-+
-+ /*
-+ * The representation of each of the two big numbers could
-+ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
-+ * to act accordingly and shift if necessary.
-+ */
-+ (void) memset(sigbuf, 0, siglen);
-+ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
-+ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
-+ BN_num_bytes(sig->s));
-+
-+ rv = pFuncList->C_Verify(sp->session,
-+ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto ret;
-+ }
-+ }
-+
-+ retval = 1;
-+ret:
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * Create a public key object in a session from a given dsa structure.
-+ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ if (init_template_value(dsa->p, &a_key_template[4].pValue,
-+ &a_key_template[4].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_pub_num != NULL)
-+ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ for (i = 4; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given dsa structure
-+ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ int i;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 9;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(dsa->p, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_priv_num != NULL)
-+ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ /*
-+ * 5 to 8 entries in the key template are key components.
-+ * They need to be freed apon exit or error.
-+ */
-+ for (i = 5; i <= 8; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only public key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_pub != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only private key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_priv != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+
-+#ifndef OPENSSL_NO_DH
-+/* The DH function implementation */
-+/* ARGSUSED */
-+static int pk11_DH_init(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DH_finish(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/*
-+ * Generate DH key-pair.
-+ *
-+ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
-+ * and override it even if it is set. OpenSSL does not touch dh->priv_key
-+ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
-+ * is not capable of providing this functionality. This could be a problem
-+ * for applications relying on OpenSSL's semantics.
-+ */
-+static int pk11_DH_generate_key(DH *dh)
-+ {
-+ CK_ULONG i;
-+ CK_RV rv, rv1;
-+ int reuse_mem_len = 0, ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ CK_BYTE_PTR reuse_mem;
-+
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_pub_key_attr_count = 3;
-+ CK_ATTRIBUTE pub_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *)NULL, 0},
-+ {CKA_BASE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG ul_priv_key_attr_count = 3;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_SENSITIVE, &false, sizeof (false)},
-+ {CKA_DERIVE, &true, sizeof (true)}
-+ };
-+
-+ CK_ULONG pub_key_attr_result_count = 1;
-+ CK_ATTRIBUTE pub_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
-+ if (pub_key_template[1].ulValueLen > 0)
-+ {
-+ /*
-+ * We must not increase ulValueLen by DH_BUF_RESERVE since that
-+ * could cause the same rounding problem. See definition of
-+ * DH_BUF_RESERVE above.
-+ */
-+ pub_key_template[1].pValue =
-+ OPENSSL_malloc(pub_key_template[1].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[1].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
-+ if (pub_key_template[2].ulValueLen > 0)
-+ {
-+ pub_key_template[2].pValue =
-+ OPENSSL_malloc(pub_key_template[2].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[2].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ /*
-+ * Note: we are only using PK11_SESSION structure for getting
-+ * a session handle. The objects created in this function are
-+ * destroyed before return and thus not cached.
-+ */
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ rv = pFuncList->C_GenerateKeyPair(sp->session,
-+ &mechanism,
-+ pub_key_template,
-+ ul_pub_key_attr_count,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_pub_key,
-+ &h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Reuse the larger memory allocated. We know the larger memory
-+ * should be sufficient for reuse.
-+ */
-+ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
-+ {
-+ reuse_mem = pub_key_template[1].pValue;
-+ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
-+ }
-+ else
-+ {
-+ reuse_mem = pub_key_template[2].pValue;
-+ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK || rv1 != CKR_OK)
-+ {
-+ rv = (rv != CKR_OK) ? rv : rv1;
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
-+ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+
-+ /* Reuse the memory allocated */
-+ pub_key_result[0].pValue = reuse_mem;
-+ pub_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (pub_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->pub_key == NULL)
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
-+ pub_key_result[0].ulValueLen, dh->pub_key);
-+ if (dh->pub_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ /* Reuse the memory allocated */
-+ priv_key_result[0].pValue = reuse_mem;
-+ priv_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->priv_key == NULL)
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
-+ priv_key_result[0].ulValueLen, dh->priv_key);
-+ if (dh->priv_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ ret = 1;
-+
-+err:
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ for (i = 1; i <= 2; i++)
-+ {
-+ if (pub_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(pub_key_template[i].pValue);
-+ pub_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh)
-+ {
-+ unsigned int i;
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
-+ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
-+ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
-+ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_priv_key_attr_count = 2;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_RV rv;
-+ int ret = -1;
-+ PK11_SESSION *sp = NULL;
-+
-+ if (dh->priv_key == NULL)
-+ goto err;
-+
-+ priv_key_template[0].pValue = &key_class;
-+ priv_key_template[1].pValue = &key_type;
-+
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ mechanism.ulParameterLen = BN_num_bytes(pub_key);
-+ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
-+ if (mechanism.pParameter == NULL)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ BN_bn2bin(pub_key, mechanism.pParameter);
-+
-+ (void) check_new_dh_key(sp, dh);
-+
-+ h_key = sp->opdata_dh_key;
-+ if (h_key == CK_INVALID_HANDLE)
-+ h_key = sp->opdata_dh_key =
-+ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
-+ &sp->opdata_dh_priv_num, sp->session);
-+
-+ if (h_key == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_DeriveKey(sp->session,
-+ &mechanism,
-+ h_key,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+ priv_key_result[0].pValue =
-+ OPENSSL_malloc(priv_key_result[0].ulValueLen);
-+ if (!priv_key_result[0].pValue)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * OpenSSL allocates the output buffer 'key' which is the same
-+ * length of the public key. It is long enough for the derived key
-+ */
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ /*
-+ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
-+ * leading zeros from a computed shared secret. However,
-+ * OpenSSL always did it so we must do the same here. The
-+ * vagueness of the spec regarding leading zero bytes was
-+ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
-+ * zeros are stripped before the computed data is used as the
-+ * pre-master secret.
-+ */
-+ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
-+ {
-+ if (((char *)priv_key_result[0].pValue)[i] != 0)
-+ break;
-+ }
-+
-+ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
-+ priv_key_result[0].ulValueLen - i);
-+ ret = priv_key_result[0].ulValueLen - i;
-+ }
-+
-+err:
-+
-+ if (h_derived_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+ if (priv_key_result[0].pValue)
-+ {
-+ OPENSSL_free(priv_key_result[0].pValue);
-+ priv_key_result[0].pValue = NULL;
-+ }
-+
-+ if (mechanism.pParameter)
-+ {
-+ OPENSSL_free(mechanism.pParameter);
-+ mechanism.pParameter = NULL;
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
-+ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE key_type = CKK_DH;
-+ CK_ULONG found;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ULONG ul_key_attr_count = 7;
-+ CK_ATTRIBUTE key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ {CKA_DERIVE, &true, sizeof (true)},
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *) NULL, 0},
-+ {CKA_BASE, (void *) NULL, 0},
-+ {CKA_VALUE, (void *) NULL, 0},
-+ };
-+
-+ key_template[0].pValue = &class;
-+ key_template[1].pValue = &key_type;
-+
-+ key_template[4].ulValueLen = BN_num_bytes(dh->p);
-+ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[4].ulValueLen);
-+ if (key_template[4].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->p, key_template[4].pValue);
-+
-+ key_template[5].ulValueLen = BN_num_bytes(dh->g);
-+ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[5].ulValueLen);
-+ if (key_template[5].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->g, key_template[5].pValue);
-+
-+ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
-+ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[6].ulValueLen);
-+ if (key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->priv_key, key_template[6].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DH);
-+ rv = pFuncList->C_FindObjectsInit(session, key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dh_priv_num != NULL)
-+ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dh;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DH);
-+
-+malloc_err:
-+ for (i = 4; i <= 6; i++)
-+ {
-+ if (key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(key_template[i].pValue);
-+ key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ *
-+ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
-+ * to CK_INVALID_HANDLE even when it fails to destroy the object.
-+ */
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
-+ {
-+ /*
-+ * Provide protection against DH structure reuse by making the
-+ * check for cache hit stronger. Private key component of DH key
-+ * is unique so it is sufficient to compare it with value cached
-+ * in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dh != dh) ||
-+ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dh_object(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ goto err;
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11ca.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
-+
-+#define token_lock pk11ca_token_lock
-+#define find_lock pk11ca_find_lock
-+#define active_list pk11ca_active_list
-+#define pubkey_token_flags pk11ca_pubkey_token_flags
-+#define pubkey_SLOTID pk11ca_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11ca_error
-+#define PK11err_add_data PK11CAerr_add_data
-+#define pk11_get_session pk11ca_get_session
-+#define pk11_return_session pk11ca_return_session
-+#define pk11_active_add pk11ca_active_add
-+#define pk11_active_delete pk11ca_active_delete
-+#define pk11_active_remove pk11ca_active_remove
-+#define pk11_free_active_list pk11ca_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11ca_load_privkey
-+#define pk11_load_pubkey pk11ca_load_pubkey
-+#define PK11_RSA PK11CA_RSA
-+#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
-+#define PK11_DSA PK11CA_DSA
-+#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11ca_destroy_dh_object
-+#define PK11_DH PK11CA_DH
-+#define pk11_token_relogin pk11ca_token_relogin
-+#define pFuncList pk11ca_pFuncList
-+#define pk11_pin pk11ca_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11ca
-Index: openssl/crypto/engine/hw_pk11so.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:53 2011
-@@ -0,0 +1,1745 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/*#undef DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_DSA
-+#define OPENSSL_NO_DSA
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#define OPENSSL_NO_DH
-+#endif
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.c"
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11CA
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name))
-+ return (0);
-+
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ if (optype == OP_RSA)
-+ {
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_PKCS
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ CK_SLOT_ID current_slot = 0;
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * Check if this slot is capable of signing with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ }
-+
-+ if (!found_candidate_slot && slot_has_rsa)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ /*SLOTID = pSlotList[0];*/
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11so.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
-+
-+#define token_lock pk11so_token_lock
-+#define find_lock pk11so_find_lock
-+#define active_list pk11so_active_list
-+#define pubkey_token_flags pk11so_pubkey_token_flags
-+#define pubkey_SLOTID pk11so_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11so_error
-+#define PK11err_add_data PK11SOerr_add_data
-+#define pk11_get_session pk11so_get_session
-+#define pk11_return_session pk11so_return_session
-+#define pk11_active_add pk11so_active_add
-+#define pk11_active_delete pk11so_active_delete
-+#define pk11_active_remove pk11so_active_remove
-+#define pk11_free_active_list pk11so_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11so_load_privkey
-+#define pk11_load_pubkey pk11so_load_pubkey
-+#define PK11_RSA PK11SO_RSA
-+#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
-+#define PK11_DSA PK11SO_DSA
-+#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11so_destroy_dh_object
-+#define PK11_DH PK11SO_DH
-+#define pk11_token_relogin pk11so_token_relogin
-+#define pFuncList pk11so_pFuncList
-+#define pk11_pin pk11so_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11so
-Index: openssl/crypto/engine/hw_pk11so_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.7
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/hw_pk11so_pub.c Fri Jun 17 07:55:25 2011
-@@ -0,0 +1,1622 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+/* RSA stuff */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa;
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ const RSA_METHOD *rsa;
-+
-+ if (pk11_rsa.name == NULL)
-+ {
-+ rsa = RSA_PKCS1_SSLeay();
-+ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
-+ pk11_rsa.name = "PKCS#11 RSA method";
-+ pk11_rsa.rsa_sign = pk11_RSA_sign;
-+ }
-+ return (&pk11_rsa);
-+ }
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ goto err;
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/pkcs11.h
-diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,299 @@
-+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+#ifndef _PKCS11_H_
-+#define _PKCS11_H_ 1
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* Before including this file (pkcs11.h) (or pkcs11t.h by
-+ * itself), 6 platform-specific macros must be defined. These
-+ * macros are described below, and typical definitions for them
-+ * are also given. Be advised that these definitions can depend
-+ * on both the platform and the compiler used (and possibly also
-+ * on whether a Cryptoki library is linked statically or
-+ * dynamically).
-+ *
-+ * In addition to defining these 6 macros, the packing convention
-+ * for Cryptoki structures should be set. The Cryptoki
-+ * convention on packing is that structures should be 1-byte
-+ * aligned.
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, this might be done by using the following
-+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(push, cryptoki, 1)
-+ *
-+ * and using the following preprocessor directive after including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(pop, cryptoki)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, this might be done by using
-+ * the following preprocessor directive before including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(1)
-+ *
-+ * In a UNIX environment, you're on your own for this. You might
-+ * not need to do (or be able to do!) anything.
-+ *
-+ *
-+ * Now for the macros:
-+ *
-+ *
-+ * 1. CK_PTR: The indirection string for making a pointer to an
-+ * object. It can be used like this:
-+ *
-+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR far *
-+ *
-+ * In a typical UNIX environment, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ *
-+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
-+ * an exportable Cryptoki library function definition out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion to define the exposed Cryptoki functions in
-+ * a Cryptoki library:
-+ *
-+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * )
-+ * {
-+ * ...
-+ * }
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to define a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllexport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to define a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
-+ * an importable Cryptoki library function declaration out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion:
-+ *
-+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * );
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to declare a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllimport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to declare a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
-+ * which makes a Cryptoki API function pointer declaration or
-+ * function pointer type declaration out of a return type and a
-+ * function name. It should be used in the following fashion:
-+ *
-+ * // Define funcPtr to be a pointer to a Cryptoki API function
-+ * // taking arguments args and returning CK_RV.
-+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
-+ *
-+ * or
-+ *
-+ * // Define funcPtrType to be the type of a pointer to a
-+ * // Cryptoki API function taking arguments args and returning
-+ * // CK_RV, and then define funcPtr to be a variable of type
-+ * // funcPtrType.
-+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
-+ * funcPtrType funcPtr;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to access
-+ * functions in a Win32 Cryptoki .dll, in might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __declspec(dllimport) (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to access functions in a Win16 Cryptoki .dll, it might
-+ * be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __export _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
-+ * a function pointer type for an application callback out of
-+ * a return type for the callback and a name for the callback.
-+ * It should be used in the following fashion:
-+ *
-+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
-+ *
-+ * to declare a function pointer, myCallback, to a callback
-+ * which takes arguments args and returns a CK_RV. It can also
-+ * be used like this:
-+ *
-+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
-+ * myCallbackType myCallback;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to do Win32
-+ * Cryptoki development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to do Win16 development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
-+ *
-+ * In any ANSI/ISO C environment (and in many others as well),
-+ * this should best be defined by
-+ *
-+ * #ifndef NULL_PTR
-+ * #define NULL_PTR 0
-+ * #endif
-+ */
-+
-+
-+/* All the various Cryptoki types and #define'd values are in the
-+ * file pkcs11t.h. */
-+#include "pkcs11t.h"
-+
-+#define __PASTE(x,y) x##y
-+
-+
-+/* ==============================================================
-+ * Define the "extern" form of all the entry points.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ extern CK_DECLARE_FUNCTION(CK_RV, name)
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define the typedef form of all the entry points. That is, for
-+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
-+ * a pointer to that kind of function.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define structed vector of entry points. A CK_FUNCTION_LIST
-+ * contains a CK_VERSION indicating a library's Cryptoki version
-+ * and then a whole slew of function pointers to the routines in
-+ * the library. This type was declared, but not defined, in
-+ * pkcs11t.h.
-+ * ==============================================================
-+ */
-+
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ __PASTE(CK_,name) name;
-+
-+struct CK_FUNCTION_LIST {
-+
-+ CK_VERSION version; /* Cryptoki version */
-+
-+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+};
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+#undef __PASTE
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
-Index: openssl/crypto/engine/pkcs11f.h
-diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,912 @@
-+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* This header file contains pretty much everything about all the */
-+/* Cryptoki function prototypes. Because this information is */
-+/* used for more than just declaring function prototypes, the */
-+/* order of the functions appearing herein is important, and */
-+/* should not be altered. */
-+
-+/* General-purpose */
-+
-+/* C_Initialize initializes the Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Initialize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
-+ * cast to CK_C_INITIALIZE_ARGS_PTR
-+ * and dereferenced */
-+);
-+#endif
-+
-+
-+/* C_Finalize indicates that an application is done with the
-+ * Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Finalize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-+
-+
-+/* C_GetInfo returns general information about Cryptoki. */
-+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_INFO_PTR pInfo /* location that receives information */
-+);
-+#endif
-+
-+
-+/* C_GetFunctionList returns the function list. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
-+ * function list */
-+);
-+#endif
-+
-+
-+
-+/* Slot and token management */
-+
-+/* C_GetSlotList obtains a list of slots in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_BBOOL tokenPresent, /* only slots with tokens? */
-+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
-+ CK_ULONG_PTR pulCount /* receives number of slots */
-+);
-+#endif
-+
-+
-+/* C_GetSlotInfo obtains information about a particular slot in
-+ * the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the ID of the slot */
-+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-+);
-+#endif
-+
-+
-+/* C_GetTokenInfo obtains information about a particular token
-+ * in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismList obtains a list of mechanism types
-+ * supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of token's slot */
-+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
-+ CK_ULONG_PTR pulCount /* gets # of mechs. */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismInfo obtains information about a particular
-+ * mechanism possibly supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_MECHANISM_TYPE type, /* type of mechanism */
-+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
-+);
-+#endif
-+
-+
-+/* C_InitToken initializes a token. */
-+CK_PKCS11_FUNCTION_INFO(C_InitToken)
-+#ifdef CK_NEED_ARG_LIST
-+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
-+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
-+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-+);
-+#endif
-+
-+
-+/* C_InitPIN initializes the normal user's PIN. */
-+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
-+ CK_ULONG ulPinLen /* length in bytes of the PIN */
-+);
-+#endif
-+
-+
-+/* C_SetPIN modifies the PIN of the user who is logged in. */
-+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
-+ CK_ULONG ulOldLen, /* length of the old PIN */
-+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
-+ CK_ULONG ulNewLen /* length of the new PIN */
-+);
-+#endif
-+
-+
-+
-+/* Session management */
-+
-+/* C_OpenSession opens a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the slot's ID */
-+ CK_FLAGS flags, /* from CK_SESSION_INFO */
-+ CK_VOID_PTR pApplication, /* passed to callback */
-+ CK_NOTIFY Notify, /* callback function */
-+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
-+);
-+#endif
-+
-+
-+/* C_CloseSession closes a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CloseAllSessions closes all sessions with a token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID /* the token's slot */
-+);
-+#endif
-+
-+
-+/* C_GetSessionInfo obtains information about the session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_SESSION_INFO_PTR pInfo /* receives session info */
-+);
-+#endif
-+
-+
-+/* C_GetOperationState obtains the state of the cryptographic operation
-+ * in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* gets state */
-+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
-+);
-+#endif
-+
-+
-+/* C_SetOperationState restores the state of the cryptographic
-+ * operation in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* holds state */
-+ CK_ULONG ulOperationStateLen, /* holds state length */
-+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
-+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
-+);
-+#endif
-+
-+
-+/* C_Login logs a user into a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Login)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_USER_TYPE userType, /* the user type */
-+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
-+ CK_ULONG ulPinLen /* the length of the PIN */
-+);
-+#endif
-+
-+
-+/* C_Logout logs a user out from a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Logout)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Object management */
-+
-+/* C_CreateObject creates a new object. */
-+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
-+);
-+#endif
-+
-+
-+/* C_CopyObject copies an object, creating a new object for the
-+ * copy. */
-+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-+);
-+#endif
-+
-+
-+/* C_DestroyObject destroys an object. */
-+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject /* the object's handle */
-+);
-+#endif
-+
-+
-+/* C_GetObjectSize gets the size of an object in bytes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ULONG_PTR pulSize /* receives size of object */
-+);
-+#endif
-+
-+
-+/* C_GetAttributeValue obtains the value of one or more object
-+ * attributes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_SetAttributeValue modifies the value of one or more object
-+ * attributes */
-+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsInit initializes a search for token and session
-+ * objects that match a template. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
-+ CK_ULONG ulCount /* attrs in search template */
-+);
-+#endif
-+
-+
-+/* C_FindObjects continues a search for token and session
-+ * objects that match a template, obtaining additional object
-+ * handles. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
-+ CK_ULONG ulMaxObjectCount, /* max handles to get */
-+ CK_ULONG_PTR pulObjectCount /* actual # returned */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsFinal finishes a search for token and session
-+ * objects. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Encryption and decryption */
-+
-+/* C_EncryptInit initializes an encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
-+);
-+#endif
-+
-+
-+/* C_Encrypt encrypts single-part data. */
-+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pData, /* the plaintext data */
-+ CK_ULONG ulDataLen, /* bytes of plaintext */
-+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptUpdate continues a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext data len */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptFinal finishes a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session handle */
-+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
-+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
-+);
-+#endif
-+
-+
-+/* C_DecryptInit initializes a decryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
-+);
-+#endif
-+
-+
-+/* C_Decrypt decrypts encrypted data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
-+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
-+ CK_BYTE_PTR pData, /* gets plaintext */
-+ CK_ULONG_PTR pulDataLen /* gets p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptUpdate continues a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
-+ CK_ULONG ulEncryptedPartLen, /* input length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptFinal finishes a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pLastPart, /* gets plaintext */
-+ CK_ULONG_PTR pulLastPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+
-+/* Message digesting */
-+
-+/* C_DigestInit initializes a message-digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-+);
-+#endif
-+
-+
-+/* C_Digest digests data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Digest)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* data to be digested */
-+ CK_ULONG ulDataLen, /* bytes of data to digest */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets digest length */
-+);
-+#endif
-+
-+
-+/* C_DigestUpdate continues a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* data to be digested */
-+ CK_ULONG ulPartLen /* bytes of data to be digested */
-+);
-+#endif
-+
-+
-+/* C_DigestKey continues a multi-part message-digesting
-+ * operation, by digesting the value of a secret key as part of
-+ * the data already digested. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hKey /* secret key to digest */
-+);
-+#endif
-+
-+
-+/* C_DigestFinal finishes a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
-+);
-+#endif
-+
-+
-+
-+/* Signing and MACing */
-+
-+/* C_SignInit initializes a signature (private key encryption)
-+ * operation, where the signature is (will be) an appendix to
-+ * the data, and plaintext cannot be recovered from the
-+ *signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of signature key */
-+);
-+#endif
-+
-+
-+/* C_Sign signs (encrypts with private key) data in a single
-+ * part, where the signature is (will be) an appendix to the
-+ * data, and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Sign)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignUpdate continues a multiple-part signature operation,
-+ * where the signature is (will be) an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* the data to sign */
-+ CK_ULONG ulPartLen /* count of bytes to sign */
-+);
-+#endif
-+
-+
-+/* C_SignFinal finishes a multiple-part signature operation,
-+ * returning the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignRecoverInit initializes a signature operation, where
-+ * the data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
-+);
-+#endif
-+
-+
-+/* C_SignRecover signs data in a single operation, where the
-+ * data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+
-+/* Verifying signatures and MACs */
-+
-+/* C_VerifyInit initializes a verification operation, where the
-+ * signature is an appendix to the data, and plaintext cannot
-+ * cannot be recovered from the signature (e.g. DSA). */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_Verify verifies a signature in a single-part operation,
-+ * where the signature is an appendix to the data, and plaintext
-+ * cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Verify)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* signed data */
-+ CK_ULONG ulDataLen, /* length of signed data */
-+ CK_BYTE_PTR pSignature, /* signature */
-+ CK_ULONG ulSignatureLen /* signature length*/
-+);
-+#endif
-+
-+
-+/* C_VerifyUpdate continues a multiple-part verification
-+ * operation, where the signature is an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* signed data */
-+ CK_ULONG ulPartLen /* length of signed data */
-+);
-+#endif
-+
-+
-+/* C_VerifyFinal finishes a multiple-part verification
-+ * operation, checking the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen /* signature length */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecoverInit initializes a signature verification
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecover verifies a signature in a single-part
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen, /* signature length */
-+ CK_BYTE_PTR pData, /* gets signed data */
-+ CK_ULONG_PTR pulDataLen /* gets signed data len */
-+);
-+#endif
-+
-+
-+
-+/* Dual-function cryptographic operations */
-+
-+/* C_DigestEncryptUpdate continues a multiple-part digesting
-+ * and encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptDigestUpdate continues a multiple-part decryption and
-+ * digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
-+);
-+#endif
-+
-+
-+/* C_SignEncryptUpdate continues a multiple-part signing and
-+ * encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
-+ * verify operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets p-text length */
-+);
-+#endif
-+
-+
-+
-+/* Key management */
-+
-+/* C_GenerateKey generates a secret key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
-+ CK_ULONG ulCount, /* # of attrs in template */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
-+);
-+#endif
-+
-+
-+/* C_GenerateKeyPair generates a public-key/private-key pair,
-+ * creating new key objects. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session
-+ * handle */
-+ CK_MECHANISM_PTR pMechanism, /* key-gen
-+ * mech. */
-+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
-+ * for pub.
-+ * key */
-+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
-+ * attrs. */
-+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
-+ * for priv.
-+ * key */
-+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
-+ * attrs. */
-+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
-+ * key
-+ * handle */
-+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
-+ * priv. key
-+ * handle */
-+);
-+#endif
-+
-+
-+/* C_WrapKey wraps (i.e., encrypts) a key. */
-+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
-+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
-+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
-+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
-+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
-+);
-+#endif
-+
-+
-+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
-+ * key object. */
-+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
-+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
-+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
-+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+/* C_DeriveKey derives a key from a base key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
-+ CK_OBJECT_HANDLE hBaseKey, /* base key */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+
-+/* Random number generation */
-+
-+/* C_SeedRandom mixes additional seed material into the token's
-+ * random number generator. */
-+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSeed, /* the seed material */
-+ CK_ULONG ulSeedLen /* length of seed material */
-+);
-+#endif
-+
-+
-+/* C_GenerateRandom generates random data. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR RandomData, /* receives the random data */
-+ CK_ULONG ulRandomLen /* # of bytes to generate */
-+);
-+#endif
-+
-+
-+
-+/* Parallel function management */
-+
-+/* C_GetFunctionStatus is a legacy function; it obtains an
-+ * updated status of a function running in parallel with an
-+ * application. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CancelFunction is a legacy function; it cancels a function
-+ * running in parallel. */
-+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Functions added in for Cryptoki Version 2.01 or later */
-+
-+/* C_WaitForSlotEvent waits for a slot event (token insertion,
-+ * removal, etc.) to occur. */
-+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FLAGS flags, /* blocking/nonblocking flag */
-+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
-+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-Index: openssl/crypto/engine/pkcs11t.h
-diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Mon Jan 16 18:54:23 2012
-+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
-@@ -0,0 +1,1885 @@
-+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* See top of pkcs11.h for information about the macros that
-+ * must be defined and the structure-packing conventions that
-+ * must be set before including this file. */
-+
-+#ifndef _PKCS11T_H_
-+#define _PKCS11T_H_ 1
-+
-+#define CRYPTOKI_VERSION_MAJOR 2
-+#define CRYPTOKI_VERSION_MINOR 20
-+#define CRYPTOKI_VERSION_AMENDMENT 3
-+
-+#define CK_TRUE 1
-+#define CK_FALSE 0
-+
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#ifndef FALSE
-+#define FALSE CK_FALSE
-+#endif
-+
-+#ifndef TRUE
-+#define TRUE CK_TRUE
-+#endif
-+#endif
-+
-+/* an unsigned 8-bit value */
-+typedef unsigned char CK_BYTE;
-+
-+/* an unsigned 8-bit character */
-+typedef CK_BYTE CK_CHAR;
-+
-+/* an 8-bit UTF-8 character */
-+typedef CK_BYTE CK_UTF8CHAR;
-+
-+/* a BYTE-sized Boolean flag */
-+typedef CK_BYTE CK_BBOOL;
-+
-+/* an unsigned value, at least 32 bits long */
-+typedef unsigned long int CK_ULONG;
-+
-+/* a signed value, the same size as a CK_ULONG */
-+/* CK_LONG is new for v2.0 */
-+typedef long int CK_LONG;
-+
-+/* at least 32 bits; each bit is a Boolean flag */
-+typedef CK_ULONG CK_FLAGS;
-+
-+
-+/* some special values for certain CK_ULONG variables */
-+#define CK_UNAVAILABLE_INFORMATION (~0UL)
-+#define CK_EFFECTIVELY_INFINITE 0
-+
-+
-+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
-+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-+typedef void CK_PTR CK_VOID_PTR;
-+
-+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-+
-+
-+/* The following value is always invalid if used as a session */
-+/* handle or object handle */
-+#define CK_INVALID_HANDLE 0
-+
-+
-+typedef struct CK_VERSION {
-+ CK_BYTE major; /* integer portion of version number */
-+ CK_BYTE minor; /* 1/100ths portion of version number */
-+} CK_VERSION;
-+
-+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-+
-+
-+typedef struct CK_INFO {
-+ /* manufacturerID and libraryDecription have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags; /* must be zero */
-+
-+ /* libraryDescription and libraryVersion are new for v2.0 */
-+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
-+ CK_VERSION libraryVersion; /* version of library */
-+} CK_INFO;
-+
-+typedef CK_INFO CK_PTR CK_INFO_PTR;
-+
-+
-+/* CK_NOTIFICATION enumerates the types of notifications that
-+ * Cryptoki provides to an application */
-+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_NOTIFICATION;
-+#define CKN_SURRENDER 0
-+
-+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
-+#define CKN_OTP_CHANGED 1
-+
-+
-+typedef CK_ULONG CK_SLOT_ID;
-+
-+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-+
-+
-+/* CK_SLOT_INFO provides information about a slot */
-+typedef struct CK_SLOT_INFO {
-+ /* slotDescription and manufacturerID have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags;
-+
-+ /* hardwareVersion and firmwareVersion are new for v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+} CK_SLOT_INFO;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-+
-+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-+
-+
-+/* CK_TOKEN_INFO provides information about a token */
-+typedef struct CK_TOKEN_INFO {
-+ /* label, manufacturerID, and model have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR label[32]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_UTF8CHAR model[16]; /* blank padded */
-+ CK_CHAR serialNumber[16]; /* blank padded */
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
-+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
-+ * changed from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulMaxSessionCount; /* max open sessions */
-+ CK_ULONG ulSessionCount; /* sess. now open */
-+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
-+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
-+ CK_ULONG ulMaxPinLen; /* in bytes */
-+ CK_ULONG ulMinPinLen; /* in bytes */
-+ CK_ULONG ulTotalPublicMemory; /* in bytes */
-+ CK_ULONG ulFreePublicMemory; /* in bytes */
-+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
-+ CK_ULONG ulFreePrivateMemory; /* in bytes */
-+
-+ /* hardwareVersion, firmwareVersion, and time are new for
-+ * v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+ CK_CHAR utcTime[16]; /* time */
-+} CK_TOKEN_INFO;
-+
-+/* The flags parameter is defined as follows:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RNG 0x00000001 /* has random #
-+ * generator */
-+#define CKF_WRITE_PROTECTED 0x00000002 /* token is
-+ * write-
-+ * protected */
-+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
-+ * login */
-+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
-+ * PIN is set */
-+
-+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
-+ * that means that *every* time the state of cryptographic
-+ * operations of a session is successfully saved, all keys
-+ * needed to continue those operations are stored in the state */
-+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-+
-+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
-+ * that the token has some sort of clock. The time on that
-+ * clock is returned in the token info structure */
-+#define CKF_CLOCK_ON_TOKEN 0x00000040
-+
-+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
-+ * set, that means that there is some way for the user to login
-+ * without sending a PIN through the Cryptoki library itself */
-+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-+
-+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
-+ * that means that a single session with the token can perform
-+ * dual simultaneous cryptographic operations (digest and
-+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
-+ * and sign) */
-+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-+
-+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
-+ * token has been initialized using C_InitializeToken or an
-+ * equivalent mechanism outside the scope of PKCS #11.
-+ * Calling C_InitializeToken when this flag is set will cause
-+ * the token to be reinitialized. */
-+#define CKF_TOKEN_INITIALIZED 0x00000400
-+
-+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
-+ * true, the token supports secondary authentication for
-+ * private key objects. This flag is deprecated in v2.11 and
-+ onwards. */
-+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
-+
-+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect user login PIN has been entered at least once
-+ * since the last successful authentication. */
-+#define CKF_USER_PIN_COUNT_LOW 0x00010000
-+
-+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect user PIN will it to become locked. */
-+#define CKF_USER_PIN_FINAL_TRY 0x00020000
-+
-+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
-+ * user PIN has been locked. User login to the token is not
-+ * possible. */
-+#define CKF_USER_PIN_LOCKED 0x00040000
-+
-+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the user PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
-+
-+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect SO login PIN has been entered at least once since
-+ * the last successful authentication. */
-+#define CKF_SO_PIN_COUNT_LOW 0x00100000
-+
-+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect SO PIN will it to become locked. */
-+#define CKF_SO_PIN_FINAL_TRY 0x00200000
-+
-+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
-+ * PIN has been locked. SO login to the token is not possible.
-+ */
-+#define CKF_SO_PIN_LOCKED 0x00400000
-+
-+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the SO PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
-+
-+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-+
-+
-+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
-+ * identifies a session */
-+typedef CK_ULONG CK_SESSION_HANDLE;
-+
-+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-+
-+
-+/* CK_USER_TYPE enumerates the types of Cryptoki users */
-+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_USER_TYPE;
-+/* Security Officer */
-+#define CKU_SO 0
-+/* Normal user */
-+#define CKU_USER 1
-+/* Context specific (added in v2.20) */
-+#define CKU_CONTEXT_SPECIFIC 2
-+
-+/* CK_STATE enumerates the session states */
-+/* CK_STATE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_STATE;
-+#define CKS_RO_PUBLIC_SESSION 0
-+#define CKS_RO_USER_FUNCTIONS 1
-+#define CKS_RW_PUBLIC_SESSION 2
-+#define CKS_RW_USER_FUNCTIONS 3
-+#define CKS_RW_SO_FUNCTIONS 4
-+
-+
-+/* CK_SESSION_INFO provides information about a session */
-+typedef struct CK_SESSION_INFO {
-+ CK_SLOT_ID slotID;
-+ CK_STATE state;
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulDeviceError; /* device-dependent error code */
-+} CK_SESSION_INFO;
-+
-+/* The flags are defined in the following table:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-+
-+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-+
-+
-+/* CK_OBJECT_HANDLE is a token-specific identifier for an
-+ * object */
-+typedef CK_ULONG CK_OBJECT_HANDLE;
-+
-+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-+
-+
-+/* CK_OBJECT_CLASS is a value that identifies the classes (or
-+ * types) of objects that Cryptoki recognizes. It is defined
-+ * as follows: */
-+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_OBJECT_CLASS;
-+
-+/* The following classes of objects are defined: */
-+/* CKO_HW_FEATURE is new for v2.10 */
-+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
-+/* CKO_MECHANISM is new for v2.20 */
-+#define CKO_DATA 0x00000000
-+#define CKO_CERTIFICATE 0x00000001
-+#define CKO_PUBLIC_KEY 0x00000002
-+#define CKO_PRIVATE_KEY 0x00000003
-+#define CKO_SECRET_KEY 0x00000004
-+#define CKO_HW_FEATURE 0x00000005
-+#define CKO_DOMAIN_PARAMETERS 0x00000006
-+#define CKO_MECHANISM 0x00000007
-+
-+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
-+#define CKO_OTP_KEY 0x00000008
-+
-+#define CKO_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-+
-+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
-+ * value that identifies the hardware feature type of an object
-+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
-+typedef CK_ULONG CK_HW_FEATURE_TYPE;
-+
-+/* The following hardware feature types are defined */
-+/* CKH_USER_INTERFACE is new for v2.20 */
-+#define CKH_MONOTONIC_COUNTER 0x00000001
-+#define CKH_CLOCK 0x00000002
-+#define CKH_USER_INTERFACE 0x00000003
-+#define CKH_VENDOR_DEFINED 0x80000000
-+
-+/* CK_KEY_TYPE is a value that identifies a key type */
-+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_KEY_TYPE;
-+
-+/* the following key types are defined: */
-+#define CKK_RSA 0x00000000
-+#define CKK_DSA 0x00000001
-+#define CKK_DH 0x00000002
-+
-+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
-+#define CKK_ECDSA 0x00000003
-+#define CKK_EC 0x00000003
-+#define CKK_X9_42_DH 0x00000004
-+#define CKK_KEA 0x00000005
-+
-+#define CKK_GENERIC_SECRET 0x00000010
-+#define CKK_RC2 0x00000011
-+#define CKK_RC4 0x00000012
-+#define CKK_DES 0x00000013
-+#define CKK_DES2 0x00000014
-+#define CKK_DES3 0x00000015
-+
-+/* all these key types are new for v2.0 */
-+#define CKK_CAST 0x00000016
-+#define CKK_CAST3 0x00000017
-+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
-+#define CKK_CAST5 0x00000018
-+#define CKK_CAST128 0x00000018
-+#define CKK_RC5 0x00000019
-+#define CKK_IDEA 0x0000001A
-+#define CKK_SKIPJACK 0x0000001B
-+#define CKK_BATON 0x0000001C
-+#define CKK_JUNIPER 0x0000001D
-+#define CKK_CDMF 0x0000001E
-+#define CKK_AES 0x0000001F
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKK_BLOWFISH 0x00000020
-+#define CKK_TWOFISH 0x00000021
-+
-+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
-+#define CKK_SECURID 0x00000022
-+#define CKK_HOTP 0x00000023
-+#define CKK_ACTI 0x00000024
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_CAMELLIA 0x00000025
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_ARIA 0x00000026
-+
-+
-+#define CKK_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
-+ * type */
-+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_CERTIFICATE_TYPE;
-+
-+/* The following certificate types are defined: */
-+/* CKC_X_509_ATTR_CERT is new for v2.10 */
-+/* CKC_WTLS is new for v2.20 */
-+#define CKC_X_509 0x00000000
-+#define CKC_X_509_ATTR_CERT 0x00000001
-+#define CKC_WTLS 0x00000002
-+#define CKC_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
-+ * type */
-+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-+
-+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
-+ consists of an array of values. */
-+#define CKF_ARRAY_ATTRIBUTE 0x40000000
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_FORMAT attribute */
-+#define CK_OTP_FORMAT_DECIMAL 0
-+#define CK_OTP_FORMAT_HEXADECIMAL 1
-+#define CK_OTP_FORMAT_ALPHANUMERIC 2
-+#define CK_OTP_FORMAT_BINARY 3
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
-+#define CK_OTP_PARAM_IGNORED 0
-+#define CK_OTP_PARAM_OPTIONAL 1
-+#define CK_OTP_PARAM_MANDATORY 2
-+
-+/* The following attribute types are defined: */
-+#define CKA_CLASS 0x00000000
-+#define CKA_TOKEN 0x00000001
-+#define CKA_PRIVATE 0x00000002
-+#define CKA_LABEL 0x00000003
-+#define CKA_APPLICATION 0x00000010
-+#define CKA_VALUE 0x00000011
-+
-+/* CKA_OBJECT_ID is new for v2.10 */
-+#define CKA_OBJECT_ID 0x00000012
-+
-+#define CKA_CERTIFICATE_TYPE 0x00000080
-+#define CKA_ISSUER 0x00000081
-+#define CKA_SERIAL_NUMBER 0x00000082
-+
-+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
-+ * for v2.10 */
-+#define CKA_AC_ISSUER 0x00000083
-+#define CKA_OWNER 0x00000084
-+#define CKA_ATTR_TYPES 0x00000085
-+
-+/* CKA_TRUSTED is new for v2.11 */
-+#define CKA_TRUSTED 0x00000086
-+
-+/* CKA_CERTIFICATE_CATEGORY ...
-+ * CKA_CHECK_VALUE are new for v2.20 */
-+#define CKA_CERTIFICATE_CATEGORY 0x00000087
-+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
-+#define CKA_URL 0x00000089
-+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
-+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
-+#define CKA_CHECK_VALUE 0x00000090
-+
-+#define CKA_KEY_TYPE 0x00000100
-+#define CKA_SUBJECT 0x00000101
-+#define CKA_ID 0x00000102
-+#define CKA_SENSITIVE 0x00000103
-+#define CKA_ENCRYPT 0x00000104
-+#define CKA_DECRYPT 0x00000105
-+#define CKA_WRAP 0x00000106
-+#define CKA_UNWRAP 0x00000107
-+#define CKA_SIGN 0x00000108
-+#define CKA_SIGN_RECOVER 0x00000109
-+#define CKA_VERIFY 0x0000010A
-+#define CKA_VERIFY_RECOVER 0x0000010B
-+#define CKA_DERIVE 0x0000010C
-+#define CKA_START_DATE 0x00000110
-+#define CKA_END_DATE 0x00000111
-+#define CKA_MODULUS 0x00000120
-+#define CKA_MODULUS_BITS 0x00000121
-+#define CKA_PUBLIC_EXPONENT 0x00000122
-+#define CKA_PRIVATE_EXPONENT 0x00000123
-+#define CKA_PRIME_1 0x00000124
-+#define CKA_PRIME_2 0x00000125
-+#define CKA_EXPONENT_1 0x00000126
-+#define CKA_EXPONENT_2 0x00000127
-+#define CKA_COEFFICIENT 0x00000128
-+#define CKA_PRIME 0x00000130
-+#define CKA_SUBPRIME 0x00000131
-+#define CKA_BASE 0x00000132
-+
-+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
-+#define CKA_PRIME_BITS 0x00000133
-+#define CKA_SUBPRIME_BITS 0x00000134
-+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
-+/* (To retain backwards-compatibility) */
-+
-+#define CKA_VALUE_BITS 0x00000160
-+#define CKA_VALUE_LEN 0x00000161
-+
-+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
-+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
-+ * and CKA_EC_POINT are new for v2.0 */
-+#define CKA_EXTRACTABLE 0x00000162
-+#define CKA_LOCAL 0x00000163
-+#define CKA_NEVER_EXTRACTABLE 0x00000164
-+#define CKA_ALWAYS_SENSITIVE 0x00000165
-+
-+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
-+#define CKA_KEY_GEN_MECHANISM 0x00000166
-+
-+#define CKA_MODIFIABLE 0x00000170
-+
-+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
-+ * CKA_EC_PARAMS is preferred. */
-+#define CKA_ECDSA_PARAMS 0x00000180
-+#define CKA_EC_PARAMS 0x00000180
-+
-+#define CKA_EC_POINT 0x00000181
-+
-+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
-+ * are new for v2.10. Deprecated in v2.11 and onwards. */
-+#define CKA_SECONDARY_AUTH 0x00000200
-+#define CKA_AUTH_PIN_FLAGS 0x00000201
-+
-+/* CKA_ALWAYS_AUTHENTICATE ...
-+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
-+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
-+
-+#define CKA_WRAP_WITH_TRUSTED 0x00000210
-+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
-+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
-+
-+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
-+#define CKA_OTP_FORMAT 0x00000220
-+#define CKA_OTP_LENGTH 0x00000221
-+#define CKA_OTP_TIME_INTERVAL 0x00000222
-+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
-+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
-+#define CKA_OTP_TIME_REQUIREMENT 0x00000225
-+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
-+#define CKA_OTP_PIN_REQUIREMENT 0x00000227
-+#define CKA_OTP_COUNTER 0x0000022E
-+#define CKA_OTP_TIME 0x0000022F
-+#define CKA_OTP_USER_IDENTIFIER 0x0000022A
-+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
-+#define CKA_OTP_SERVICE_LOGO 0x0000022C
-+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
-+
-+
-+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
-+ * are new for v2.10 */
-+#define CKA_HW_FEATURE_TYPE 0x00000300
-+#define CKA_RESET_ON_INIT 0x00000301
-+#define CKA_HAS_RESET 0x00000302
-+
-+/* The following attributes are new for v2.20 */
-+#define CKA_PIXEL_X 0x00000400
-+#define CKA_PIXEL_Y 0x00000401
-+#define CKA_RESOLUTION 0x00000402
-+#define CKA_CHAR_ROWS 0x00000403
-+#define CKA_CHAR_COLUMNS 0x00000404
-+#define CKA_COLOR 0x00000405
-+#define CKA_BITS_PER_PIXEL 0x00000406
-+#define CKA_CHAR_SETS 0x00000480
-+#define CKA_ENCODING_METHODS 0x00000481
-+#define CKA_MIME_TYPES 0x00000482
-+#define CKA_MECHANISM_TYPE 0x00000500
-+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
-+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
-+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
-+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
-+
-+#define CKA_VENDOR_DEFINED 0x80000000
-+
-+/* CK_ATTRIBUTE is a structure that includes the type, length
-+ * and value of an attribute */
-+typedef struct CK_ATTRIBUTE {
-+ CK_ATTRIBUTE_TYPE type;
-+ CK_VOID_PTR pValue;
-+
-+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulValueLen; /* in bytes */
-+} CK_ATTRIBUTE;
-+
-+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-+
-+
-+/* CK_DATE is a structure that defines a date */
-+typedef struct CK_DATE{
-+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
-+ CK_CHAR month[2]; /* the month ("01" - "12") */
-+ CK_CHAR day[2]; /* the day ("01" - "31") */
-+} CK_DATE;
-+
-+
-+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
-+ * type */
-+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_MECHANISM_TYPE;
-+
-+/* the following mechanism types are defined: */
-+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-+#define CKM_RSA_PKCS 0x00000001
-+#define CKM_RSA_9796 0x00000002
-+#define CKM_RSA_X_509 0x00000003
-+
-+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
-+ * are new for v2.0. They are mechanisms which hash and sign */
-+#define CKM_MD2_RSA_PKCS 0x00000004
-+#define CKM_MD5_RSA_PKCS 0x00000005
-+#define CKM_SHA1_RSA_PKCS 0x00000006
-+
-+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
-+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
-+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
-+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
-+#define CKM_RSA_PKCS_OAEP 0x00000009
-+
-+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
-+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
-+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
-+#define CKM_RSA_X9_31 0x0000000B
-+#define CKM_SHA1_RSA_X9_31 0x0000000C
-+#define CKM_RSA_PKCS_PSS 0x0000000D
-+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
-+
-+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-+#define CKM_DSA 0x00000011
-+#define CKM_DSA_SHA1 0x00000012
-+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-+#define CKM_DH_PKCS_DERIVE 0x00000021
-+
-+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
-+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
-+ * v2.11 */
-+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
-+#define CKM_X9_42_DH_DERIVE 0x00000031
-+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
-+#define CKM_X9_42_MQV_DERIVE 0x00000033
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_RSA_PKCS 0x00000040
-+#define CKM_SHA384_RSA_PKCS 0x00000041
-+#define CKM_SHA512_RSA_PKCS 0x00000042
-+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
-+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
-+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
-+
-+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_RSA_PKCS 0x00000046
-+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
-+
-+#define CKM_RC2_KEY_GEN 0x00000100
-+#define CKM_RC2_ECB 0x00000101
-+#define CKM_RC2_CBC 0x00000102
-+#define CKM_RC2_MAC 0x00000103
-+
-+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-+#define CKM_RC2_MAC_GENERAL 0x00000104
-+#define CKM_RC2_CBC_PAD 0x00000105
-+
-+#define CKM_RC4_KEY_GEN 0x00000110
-+#define CKM_RC4 0x00000111
-+#define CKM_DES_KEY_GEN 0x00000120
-+#define CKM_DES_ECB 0x00000121
-+#define CKM_DES_CBC 0x00000122
-+#define CKM_DES_MAC 0x00000123
-+
-+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-+#define CKM_DES_MAC_GENERAL 0x00000124
-+#define CKM_DES_CBC_PAD 0x00000125
-+
-+#define CKM_DES2_KEY_GEN 0x00000130
-+#define CKM_DES3_KEY_GEN 0x00000131
-+#define CKM_DES3_ECB 0x00000132
-+#define CKM_DES3_CBC 0x00000133
-+#define CKM_DES3_MAC 0x00000134
-+
-+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
-+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
-+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-+#define CKM_DES3_MAC_GENERAL 0x00000135
-+#define CKM_DES3_CBC_PAD 0x00000136
-+#define CKM_CDMF_KEY_GEN 0x00000140
-+#define CKM_CDMF_ECB 0x00000141
-+#define CKM_CDMF_CBC 0x00000142
-+#define CKM_CDMF_MAC 0x00000143
-+#define CKM_CDMF_MAC_GENERAL 0x00000144
-+#define CKM_CDMF_CBC_PAD 0x00000145
-+
-+/* the following four DES mechanisms are new for v2.20 */
-+#define CKM_DES_OFB64 0x00000150
-+#define CKM_DES_OFB8 0x00000151
-+#define CKM_DES_CFB64 0x00000152
-+#define CKM_DES_CFB8 0x00000153
-+
-+#define CKM_MD2 0x00000200
-+
-+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD2_HMAC 0x00000201
-+#define CKM_MD2_HMAC_GENERAL 0x00000202
-+
-+#define CKM_MD5 0x00000210
-+
-+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD5_HMAC 0x00000211
-+#define CKM_MD5_HMAC_GENERAL 0x00000212
-+
-+#define CKM_SHA_1 0x00000220
-+
-+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-+#define CKM_SHA_1_HMAC 0x00000221
-+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-+
-+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
-+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
-+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
-+#define CKM_RIPEMD128 0x00000230
-+#define CKM_RIPEMD128_HMAC 0x00000231
-+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
-+#define CKM_RIPEMD160 0x00000240
-+#define CKM_RIPEMD160_HMAC 0x00000241
-+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256 0x00000250
-+#define CKM_SHA256_HMAC 0x00000251
-+#define CKM_SHA256_HMAC_GENERAL 0x00000252
-+
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224 0x00000255
-+#define CKM_SHA224_HMAC 0x00000256
-+#define CKM_SHA224_HMAC_GENERAL 0x00000257
-+
-+#define CKM_SHA384 0x00000260
-+#define CKM_SHA384_HMAC 0x00000261
-+#define CKM_SHA384_HMAC_GENERAL 0x00000262
-+#define CKM_SHA512 0x00000270
-+#define CKM_SHA512_HMAC 0x00000271
-+#define CKM_SHA512_HMAC_GENERAL 0x00000272
-+
-+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_SECURID_KEY_GEN 0x00000280
-+#define CKM_SECURID 0x00000282
-+
-+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_HOTP_KEY_GEN 0x00000290
-+#define CKM_HOTP 0x00000291
-+
-+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_ACTI 0x000002A0
-+#define CKM_ACTI_KEY_GEN 0x000002A1
-+
-+/* All of the following mechanisms are new for v2.0 */
-+/* Note that CAST128 and CAST5 are the same algorithm */
-+#define CKM_CAST_KEY_GEN 0x00000300
-+#define CKM_CAST_ECB 0x00000301
-+#define CKM_CAST_CBC 0x00000302
-+#define CKM_CAST_MAC 0x00000303
-+#define CKM_CAST_MAC_GENERAL 0x00000304
-+#define CKM_CAST_CBC_PAD 0x00000305
-+#define CKM_CAST3_KEY_GEN 0x00000310
-+#define CKM_CAST3_ECB 0x00000311
-+#define CKM_CAST3_CBC 0x00000312
-+#define CKM_CAST3_MAC 0x00000313
-+#define CKM_CAST3_MAC_GENERAL 0x00000314
-+#define CKM_CAST3_CBC_PAD 0x00000315
-+#define CKM_CAST5_KEY_GEN 0x00000320
-+#define CKM_CAST128_KEY_GEN 0x00000320
-+#define CKM_CAST5_ECB 0x00000321
-+#define CKM_CAST128_ECB 0x00000321
-+#define CKM_CAST5_CBC 0x00000322
-+#define CKM_CAST128_CBC 0x00000322
-+#define CKM_CAST5_MAC 0x00000323
-+#define CKM_CAST128_MAC 0x00000323
-+#define CKM_CAST5_MAC_GENERAL 0x00000324
-+#define CKM_CAST128_MAC_GENERAL 0x00000324
-+#define CKM_CAST5_CBC_PAD 0x00000325
-+#define CKM_CAST128_CBC_PAD 0x00000325
-+#define CKM_RC5_KEY_GEN 0x00000330
-+#define CKM_RC5_ECB 0x00000331
-+#define CKM_RC5_CBC 0x00000332
-+#define CKM_RC5_MAC 0x00000333
-+#define CKM_RC5_MAC_GENERAL 0x00000334
-+#define CKM_RC5_CBC_PAD 0x00000335
-+#define CKM_IDEA_KEY_GEN 0x00000340
-+#define CKM_IDEA_ECB 0x00000341
-+#define CKM_IDEA_CBC 0x00000342
-+#define CKM_IDEA_MAC 0x00000343
-+#define CKM_IDEA_MAC_GENERAL 0x00000344
-+#define CKM_IDEA_CBC_PAD 0x00000345
-+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-+#define CKM_XOR_BASE_AND_DATA 0x00000364
-+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-+
-+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
-+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
-+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
-+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
-+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
-+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
-+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
-+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
-+
-+/* CKM_TLS_PRF is new for v2.20 */
-+#define CKM_TLS_PRF 0x00000378
-+
-+#define CKM_SSL3_MD5_MAC 0x00000380
-+#define CKM_SSL3_SHA1_MAC 0x00000381
-+#define CKM_MD5_KEY_DERIVATION 0x00000390
-+#define CKM_MD2_KEY_DERIVATION 0x00000391
-+#define CKM_SHA1_KEY_DERIVATION 0x00000392
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_KEY_DERIVATION 0x00000393
-+#define CKM_SHA384_KEY_DERIVATION 0x00000394
-+#define CKM_SHA512_KEY_DERIVATION 0x00000395
-+
-+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_KEY_DERIVATION 0x00000396
-+
-+#define CKM_PBE_MD2_DES_CBC 0x000003A0
-+#define CKM_PBE_MD5_DES_CBC 0x000003A1
-+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-+#define CKM_PBE_SHA1_RC4_128 0x000003A6
-+#define CKM_PBE_SHA1_RC4_40 0x000003A7
-+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-+
-+/* CKM_PKCS5_PBKD2 is new for v2.10 */
-+#define CKM_PKCS5_PBKD2 0x000003B0
-+
-+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-+
-+/* WTLS mechanisms are new for v2.20 */
-+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
-+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
-+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
-+#define CKM_WTLS_PRF 0x000003D3
-+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
-+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
-+
-+#define CKM_KEY_WRAP_LYNKS 0x00000400
-+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-+
-+/* CKM_CMS_SIG is new for v2.20 */
-+#define CKM_CMS_SIG 0x00000500
-+
-+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
-+#define CKM_KIP_DERIVE 0x00000510
-+#define CKM_KIP_WRAP 0x00000511
-+#define CKM_KIP_MAC 0x00000512
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_CAMELLIA_KEY_GEN 0x00000550
-+#define CKM_CAMELLIA_ECB 0x00000551
-+#define CKM_CAMELLIA_CBC 0x00000552
-+#define CKM_CAMELLIA_MAC 0x00000553
-+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
-+#define CKM_CAMELLIA_CBC_PAD 0x00000555
-+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
-+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
-+#define CKM_CAMELLIA_CTR 0x00000558
-+
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_ARIA_KEY_GEN 0x00000560
-+#define CKM_ARIA_ECB 0x00000561
-+#define CKM_ARIA_CBC 0x00000562
-+#define CKM_ARIA_MAC 0x00000563
-+#define CKM_ARIA_MAC_GENERAL 0x00000564
-+#define CKM_ARIA_CBC_PAD 0x00000565
-+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
-+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
-+
-+/* Fortezza mechanisms */
-+#define CKM_SKIPJACK_KEY_GEN 0x00001000
-+#define CKM_SKIPJACK_ECB64 0x00001001
-+#define CKM_SKIPJACK_CBC64 0x00001002
-+#define CKM_SKIPJACK_OFB64 0x00001003
-+#define CKM_SKIPJACK_CFB64 0x00001004
-+#define CKM_SKIPJACK_CFB32 0x00001005
-+#define CKM_SKIPJACK_CFB16 0x00001006
-+#define CKM_SKIPJACK_CFB8 0x00001007
-+#define CKM_SKIPJACK_WRAP 0x00001008
-+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-+#define CKM_SKIPJACK_RELAYX 0x0000100a
-+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-+#define CKM_KEA_KEY_DERIVE 0x00001011
-+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-+#define CKM_BATON_KEY_GEN 0x00001030
-+#define CKM_BATON_ECB128 0x00001031
-+#define CKM_BATON_ECB96 0x00001032
-+#define CKM_BATON_CBC128 0x00001033
-+#define CKM_BATON_COUNTER 0x00001034
-+#define CKM_BATON_SHUFFLE 0x00001035
-+#define CKM_BATON_WRAP 0x00001036
-+
-+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
-+ * CKM_EC_KEY_PAIR_GEN is preferred */
-+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-+#define CKM_EC_KEY_PAIR_GEN 0x00001040
-+
-+#define CKM_ECDSA 0x00001041
-+#define CKM_ECDSA_SHA1 0x00001042
-+
-+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
-+ * are new for v2.11 */
-+#define CKM_ECDH1_DERIVE 0x00001050
-+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
-+#define CKM_ECMQV_DERIVE 0x00001052
-+
-+#define CKM_JUNIPER_KEY_GEN 0x00001060
-+#define CKM_JUNIPER_ECB128 0x00001061
-+#define CKM_JUNIPER_CBC128 0x00001062
-+#define CKM_JUNIPER_COUNTER 0x00001063
-+#define CKM_JUNIPER_SHUFFLE 0x00001064
-+#define CKM_JUNIPER_WRAP 0x00001065
-+#define CKM_FASTHASH 0x00001070
-+
-+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
-+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
-+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
-+ * new for v2.11 */
-+#define CKM_AES_KEY_GEN 0x00001080
-+#define CKM_AES_ECB 0x00001081
-+#define CKM_AES_CBC 0x00001082
-+#define CKM_AES_MAC 0x00001083
-+#define CKM_AES_MAC_GENERAL 0x00001084
-+#define CKM_AES_CBC_PAD 0x00001085
-+
-+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_AES_CTR 0x00001086
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKM_BLOWFISH_KEY_GEN 0x00001090
-+#define CKM_BLOWFISH_CBC 0x00001091
-+#define CKM_TWOFISH_KEY_GEN 0x00001092
-+#define CKM_TWOFISH_CBC 0x00001093
-+
-+
-+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
-+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
-+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
-+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
-+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
-+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
-+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
-+
-+#define CKM_DSA_PARAMETER_GEN 0x00002000
-+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
-+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
-+
-+#define CKM_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-+
-+
-+/* CK_MECHANISM is a structure that specifies a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM {
-+ CK_MECHANISM_TYPE mechanism;
-+ CK_VOID_PTR pParameter;
-+
-+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulParameterLen; /* in bytes */
-+} CK_MECHANISM;
-+
-+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-+
-+
-+/* CK_MECHANISM_INFO provides information about a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM_INFO {
-+ CK_ULONG ulMinKeySize;
-+ CK_ULONG ulMaxKeySize;
-+ CK_FLAGS flags;
-+} CK_MECHANISM_INFO;
-+
-+/* The flags are defined as follows:
-+ * Bit Flag Mask Meaning */
-+#define CKF_HW 0x00000001 /* performed by HW */
-+
-+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
-+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
-+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
-+ * and CKF_DERIVE are new for v2.0. They specify whether or not
-+ * a mechanism can be used for a particular task */
-+#define CKF_ENCRYPT 0x00000100
-+#define CKF_DECRYPT 0x00000200
-+#define CKF_DIGEST 0x00000400
-+#define CKF_SIGN 0x00000800
-+#define CKF_SIGN_RECOVER 0x00001000
-+#define CKF_VERIFY 0x00002000
-+#define CKF_VERIFY_RECOVER 0x00004000
-+#define CKF_GENERATE 0x00008000
-+#define CKF_GENERATE_KEY_PAIR 0x00010000
-+#define CKF_WRAP 0x00020000
-+#define CKF_UNWRAP 0x00040000
-+#define CKF_DERIVE 0x00080000
-+
-+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
-+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
-+ * describe a token's EC capabilities not available in mechanism
-+ * information. */
-+#define CKF_EC_F_P 0x00100000
-+#define CKF_EC_F_2M 0x00200000
-+#define CKF_EC_ECPARAMETERS 0x00400000
-+#define CKF_EC_NAMEDCURVE 0x00800000
-+#define CKF_EC_UNCOMPRESS 0x01000000
-+#define CKF_EC_COMPRESS 0x02000000
-+
-+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
-+
-+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-+
-+
-+/* CK_RV is a value that identifies the return value of a
-+ * Cryptoki function */
-+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_RV;
-+
-+#define CKR_OK 0x00000000
-+#define CKR_CANCEL 0x00000001
-+#define CKR_HOST_MEMORY 0x00000002
-+#define CKR_SLOT_ID_INVALID 0x00000003
-+
-+/* CKR_FLAGS_INVALID was removed for v2.0 */
-+
-+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-+#define CKR_GENERAL_ERROR 0x00000005
-+#define CKR_FUNCTION_FAILED 0x00000006
-+
-+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
-+ * and CKR_CANT_LOCK are new for v2.01 */
-+#define CKR_ARGUMENTS_BAD 0x00000007
-+#define CKR_NO_EVENT 0x00000008
-+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-+#define CKR_CANT_LOCK 0x0000000A
-+
-+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-+#define CKR_DATA_INVALID 0x00000020
-+#define CKR_DATA_LEN_RANGE 0x00000021
-+#define CKR_DEVICE_ERROR 0x00000030
-+#define CKR_DEVICE_MEMORY 0x00000031
-+#define CKR_DEVICE_REMOVED 0x00000032
-+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-+#define CKR_FUNCTION_CANCELED 0x00000050
-+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-+
-+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-+
-+#define CKR_KEY_HANDLE_INVALID 0x00000060
-+
-+/* CKR_KEY_SENSITIVE was removed for v2.0 */
-+
-+#define CKR_KEY_SIZE_RANGE 0x00000062
-+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-+
-+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
-+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
-+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
-+ * v2.0 */
-+#define CKR_KEY_NOT_NEEDED 0x00000064
-+#define CKR_KEY_CHANGED 0x00000065
-+#define CKR_KEY_NEEDED 0x00000066
-+#define CKR_KEY_INDIGESTIBLE 0x00000067
-+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-+
-+#define CKR_MECHANISM_INVALID 0x00000070
-+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-+
-+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
-+ * were removed for v2.0 */
-+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-+#define CKR_OPERATION_ACTIVE 0x00000090
-+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-+#define CKR_PIN_INCORRECT 0x000000A0
-+#define CKR_PIN_INVALID 0x000000A1
-+#define CKR_PIN_LEN_RANGE 0x000000A2
-+
-+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-+#define CKR_PIN_EXPIRED 0x000000A3
-+#define CKR_PIN_LOCKED 0x000000A4
-+
-+#define CKR_SESSION_CLOSED 0x000000B0
-+#define CKR_SESSION_COUNT 0x000000B1
-+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-+#define CKR_SESSION_READ_ONLY 0x000000B5
-+#define CKR_SESSION_EXISTS 0x000000B6
-+
-+/* CKR_SESSION_READ_ONLY_EXISTS and
-+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-+
-+#define CKR_SIGNATURE_INVALID 0x000000C0
-+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-+#define CKR_USER_NOT_LOGGED_IN 0x00000101
-+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-+#define CKR_USER_TYPE_INVALID 0x00000103
-+
-+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
-+ * are new to v2.01 */
-+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-+#define CKR_USER_TOO_MANY_TYPES 0x00000105
-+
-+#define CKR_WRAPPED_KEY_INVALID 0x00000110
-+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-+
-+/* These are new to v2.0 */
-+#define CKR_RANDOM_NO_RNG 0x00000121
-+
-+/* These are new to v2.11 */
-+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
-+
-+/* These are new to v2.0 */
-+#define CKR_BUFFER_TOO_SMALL 0x00000150
-+#define CKR_SAVED_STATE_INVALID 0x00000160
-+#define CKR_INFORMATION_SENSITIVE 0x00000170
-+#define CKR_STATE_UNSAVEABLE 0x00000180
-+
-+/* These are new to v2.01 */
-+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-+#define CKR_MUTEX_BAD 0x000001A0
-+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-+
-+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
-+#define CKR_NEW_PIN_MODE 0x000001B0
-+#define CKR_NEXT_OTP 0x000001B1
-+
-+/* This is new to v2.20 */
-+#define CKR_FUNCTION_REJECTED 0x00000200
-+
-+#define CKR_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_NOTIFY is an application callback that processes events */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_NOTIFICATION event,
-+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
-+);
-+
-+
-+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
-+ * version and pointers of appropriate types to all the
-+ * Cryptoki functions */
-+/* CK_FUNCTION_LIST is new for v2.0 */
-+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-+
-+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-+
-+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-+
-+
-+/* CK_CREATEMUTEX is an application callback for creating a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-+);
-+
-+
-+/* CK_DESTROYMUTEX is an application callback for destroying a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_LOCKMUTEX is an application callback for locking a mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_UNLOCKMUTEX is an application callback for unlocking a
-+ * mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
-+ * C_Initialize */
-+typedef struct CK_C_INITIALIZE_ARGS {
-+ CK_CREATEMUTEX CreateMutex;
-+ CK_DESTROYMUTEX DestroyMutex;
-+ CK_LOCKMUTEX LockMutex;
-+ CK_UNLOCKMUTEX UnlockMutex;
-+ CK_FLAGS flags;
-+ CK_VOID_PTR pReserved;
-+} CK_C_INITIALIZE_ARGS;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-+#define CKF_OS_LOCKING_OK 0x00000002
-+
-+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-+
-+
-+/* additional flags for parameters to functions */
-+
-+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-+#define CKF_DONT_BLOCK 1
-+
-+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
-+ * Generation Function (MGF) applied to a message block when
-+ * formatting a message block for the PKCS #1 OAEP encryption
-+ * scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-+
-+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-+
-+/* The following MGFs are defined */
-+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
-+ * are new for v2.20 */
-+#define CKG_MGF1_SHA1 0x00000001
-+#define CKG_MGF1_SHA256 0x00000002
-+#define CKG_MGF1_SHA384 0x00000003
-+#define CKG_MGF1_SHA512 0x00000004
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKG_MGF1_SHA224 0x00000005
-+
-+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
-+ * of the encoding parameter when formatting a message block
-+ * for the PKCS #1 OAEP encryption scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-+
-+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-+
-+/* The following encoding parameter sources are defined */
-+#define CKZ_DATA_SPECIFIED 0x00000001
-+
-+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_OAEP mechanism. */
-+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-+ CK_VOID_PTR pSourceData;
-+ CK_ULONG ulSourceDataLen;
-+} CK_RSA_PKCS_OAEP_PARAMS;
-+
-+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-+
-+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
-+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_PSS mechanism(s). */
-+typedef struct CK_RSA_PKCS_PSS_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_ULONG sLen;
-+} CK_RSA_PKCS_PSS_PARAMS;
-+
-+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-+
-+/* CK_EC_KDF_TYPE is new for v2.11. */
-+typedef CK_ULONG CK_EC_KDF_TYPE;
-+
-+/* The following EC Key Derivation Functions are defined */
-+#define CKD_NULL 0x00000001
-+#define CKD_SHA1_KDF 0x00000002
-+
-+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
-+ * where each party contributes one key pair.
-+ */
-+typedef struct CK_ECDH1_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_ECDH1_DERIVE_PARAMS;
-+
-+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
-+typedef struct CK_ECDH2_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_ECDH2_DERIVE_PARAMS;
-+
-+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_ECMQV_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_ECMQV_DERIVE_PARAMS;
-+
-+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-+
-+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
-+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
-+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-+
-+/* The following X9.42 DH key derivation functions are defined
-+ (besides CKD_NULL already defined : */
-+#define CKD_SHA1_KDF_ASN1 0x00000003
-+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
-+
-+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
-+ * contributes one key pair */
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_X9_42_DH1_DERIVE_PARAMS;
-+
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-+
-+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
-+ * mechanisms, where each party contributes two key pairs */
-+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_X9_42_DH2_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_X9_42_MQV_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-+
-+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
-+ * CKM_KEA_DERIVE mechanism */
-+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-+typedef struct CK_KEA_DERIVE_PARAMS {
-+ CK_BBOOL isSender;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pRandomB;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_KEA_DERIVE_PARAMS;
-+
-+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
-+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
-+ * holds the effective keysize */
-+typedef CK_ULONG CK_RC2_PARAMS;
-+
-+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-+
-+
-+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
-+ * mechanism */
-+typedef struct CK_RC2_CBC_PARAMS {
-+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+
-+ CK_BYTE iv[8]; /* IV for CBC mode */
-+} CK_RC2_CBC_PARAMS;
-+
-+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC2_MAC_GENERAL mechanism */
-+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC2_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
-+ * CKM_RC5_MAC mechanisms */
-+/* CK_RC5_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+} CK_RC5_PARAMS;
-+
-+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-+
-+
-+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
-+ * mechanism */
-+/* CK_RC5_CBC_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_CBC_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_BYTE_PTR pIv; /* pointer to IV */
-+ CK_ULONG ulIvLen; /* length of IV in bytes */
-+} CK_RC5_CBC_PARAMS;
-+
-+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC5_MAC_GENERAL mechanism */
-+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC5_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
-+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
-+ * the MAC */
-+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-+
-+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-+
-+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
-+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[8];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pPassword;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPAndGLen;
-+ CK_ULONG ulQLen;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pPrimeP;
-+ CK_BYTE_PTR pBaseG;
-+ CK_BYTE_PTR pSubprimeQ;
-+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-+
-+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
-+
-+
-+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_RELAYX mechanism */
-+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-+ CK_ULONG ulOldWrappedXLen;
-+ CK_BYTE_PTR pOldWrappedX;
-+ CK_ULONG ulOldPasswordLen;
-+ CK_BYTE_PTR pOldPassword;
-+ CK_ULONG ulOldPublicDataLen;
-+ CK_BYTE_PTR pOldPublicData;
-+ CK_ULONG ulOldRandomLen;
-+ CK_BYTE_PTR pOldRandomA;
-+ CK_ULONG ulNewPasswordLen;
-+ CK_BYTE_PTR pNewPassword;
-+ CK_ULONG ulNewPublicDataLen;
-+ CK_BYTE_PTR pNewPublicData;
-+ CK_ULONG ulNewRandomLen;
-+ CK_BYTE_PTR pNewRandomA;
-+} CK_SKIPJACK_RELAYX_PARAMS;
-+
-+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
-+
-+
-+typedef struct CK_PBE_PARAMS {
-+ CK_BYTE_PTR pInitVector;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pSalt;
-+ CK_ULONG ulSaltLen;
-+ CK_ULONG ulIteration;
-+} CK_PBE_PARAMS;
-+
-+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-+
-+
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
-+ * CKM_KEY_WRAP_SET_OAEP mechanism */
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-+ CK_BYTE bBC; /* block contents byte */
-+ CK_BYTE_PTR pX; /* extra data */
-+ CK_ULONG ulXLen; /* length of extra data in bytes */
-+} CK_KEY_WRAP_SET_OAEP_PARAMS;
-+
-+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
-+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_SSL3_RANDOM_DATA;
-+
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_VERSION_PTR pVersion;
-+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hClientMacSecret;
-+ CK_OBJECT_HANDLE hServerMacSecret;
-+ CK_OBJECT_HANDLE hClientKey;
-+ CK_OBJECT_HANDLE hServerKey;
-+ CK_BYTE_PTR pIVClient;
-+ CK_BYTE_PTR pIVServer;
-+} CK_SSL3_KEY_MAT_OUT;
-+
-+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_PARAMS {
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_BBOOL bIsExport;
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_SSL3_KEY_MAT_PARAMS;
-+
-+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-+
-+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
-+typedef struct CK_TLS_PRF_PARAMS {
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_TLS_PRF_PARAMS;
-+
-+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-+
-+/* WTLS is new for version 2.20 */
-+typedef struct CK_WTLS_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_WTLS_RANDOM_DATA;
-+
-+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-+
-+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_BYTE_PTR pVersion;
-+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_PRF_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_WTLS_PRF_PARAMS;
-+
-+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hMacSecret;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pIV;
-+} CK_WTLS_KEY_MAT_OUT;
-+
-+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_ULONG ulSequenceNumber;
-+ CK_BBOOL bIsExport;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_WTLS_KEY_MAT_PARAMS;
-+
-+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-+
-+/* CMS is new for version 2.20 */
-+typedef struct CK_CMS_SIG_PARAMS {
-+ CK_OBJECT_HANDLE certificateHandle;
-+ CK_MECHANISM_PTR pSigningMechanism;
-+ CK_MECHANISM_PTR pDigestMechanism;
-+ CK_UTF8CHAR_PTR pContentType;
-+ CK_BYTE_PTR pRequestedAttributes;
-+ CK_ULONG ulRequestedAttributesLen;
-+ CK_BYTE_PTR pRequiredAttributes;
-+ CK_ULONG ulRequiredAttributesLen;
-+} CK_CMS_SIG_PARAMS;
-+
-+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-+
-+typedef struct CK_KEY_DERIVATION_STRING_DATA {
-+ CK_BYTE_PTR pData;
-+ CK_ULONG ulLen;
-+} CK_KEY_DERIVATION_STRING_DATA;
-+
-+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-+ CK_KEY_DERIVATION_STRING_DATA_PTR;
-+
-+
-+/* The CK_EXTRACT_PARAMS is used for the
-+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
-+ * of the base key should be used as the first bit of the
-+ * derived key */
-+/* CK_EXTRACT_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_EXTRACT_PARAMS;
-+
-+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-+
-+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
-+ * indicate the Pseudo-Random Function (PRF) used to generate
-+ * key bits using PKCS #5 PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-+
-+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-+
-+/* The following PRFs are defined in PKCS #5 v2.0. */
-+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
-+
-+
-+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
-+ * source of the salt value when deriving a key using PKCS #5
-+ * PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-+
-+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-+
-+/* The following salt value sources are defined in PKCS #5 v2.0. */
-+#define CKZ_SALT_SPECIFIED 0x00000001
-+
-+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
-+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
-+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
-+typedef struct CK_PKCS5_PBKD2_PARAMS {
-+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-+ CK_VOID_PTR pSaltSourceData;
-+ CK_ULONG ulSaltSourceDataLen;
-+ CK_ULONG iterations;
-+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-+ CK_VOID_PTR pPrfData;
-+ CK_ULONG ulPrfDataLen;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG_PTR ulPasswordLen;
-+} CK_PKCS5_PBKD2_PARAMS;
-+
-+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-+
-+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
-+
-+typedef CK_ULONG CK_OTP_PARAM_TYPE;
-+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
-+
-+typedef struct CK_OTP_PARAM {
-+ CK_OTP_PARAM_TYPE type;
-+ CK_VOID_PTR pValue;
-+ CK_ULONG ulValueLen;
-+} CK_OTP_PARAM;
-+
-+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-+
-+typedef struct CK_OTP_PARAMS {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_PARAMS;
-+
-+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-+
-+typedef struct CK_OTP_SIGNATURE_INFO {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_SIGNATURE_INFO;
-+
-+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CK_OTP_VALUE 0
-+#define CK_OTP_PIN 1
-+#define CK_OTP_CHALLENGE 2
-+#define CK_OTP_TIME 3
-+#define CK_OTP_COUNTER 4
-+#define CK_OTP_FLAGS 5
-+#define CK_OTP_OUTPUT_LENGTH 6
-+#define CK_OTP_OUTPUT_FORMAT 7
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CKF_NEXT_OTP 0x00000001
-+#define CKF_EXCLUDE_TIME 0x00000002
-+#define CKF_EXCLUDE_COUNTER 0x00000004
-+#define CKF_EXCLUDE_CHALLENGE 0x00000008
-+#define CKF_EXCLUDE_PIN 0x00000010
-+#define CKF_USER_FRIENDLY_OTP 0x00000020
-+
-+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
-+typedef struct CK_KIP_PARAMS {
-+ CK_MECHANISM_PTR pMechanism;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+} CK_KIP_PARAMS;
-+
-+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-+
-+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_AES_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_AES_CTR_PARAMS;
-+
-+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_CAMELLIA_CTR_PARAMS;
-+
-+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+#endif
-Index: openssl/test/clean_test.com
-diff -u openssl/test/clean_test.com:1.1.2.1 openssl/test/clean_test.com:removed
---- openssl/test/clean_test.com:1.1.2.1 Sun Jan 15 16:09:50 2012
-+++ openssl/test/clean_test.com Mon Jan 16 18:54:23 2012
-@@ -1,35 +0,0 @@
--$!
--$! Delete various test results files.
--$!
--$ def_orig = f$environment( "default")
--$ proc = f$environment( "procedure")
--$ proc_dev_dir = f$parse( "A.;", proc) - "A.;"
--$!
--$ on control_c then goto tidy
--$ on error then goto tidy
--$!
--$ set default 'proc_dev_dir'
--$!
--$ files := *.cms;*, *.srl;*, *.ss;*, -
-- cms.err;*, cms.out;*, newreq.pem;*, -
-- p.txt-zlib-cipher;*, -
-- smtst.txt;*, testkey.pem;*, testreq.pem;*, -
-- test_*.err;*, test_*.out;*, -
-- .rnd;*
--$!
--$ delim = ","
--$ i = 0
--$ loop:
--$ file = f$edit( f$element( i, delim, files), "trim")
--$ if (file .eqs. delim) then goto loop_end
--$ if (f$search( file) .nes. "") then -
-- delete 'p1' 'file'
--$ i = i+ 1
--$ goto loop
--$ loop_end:
--$!
--$ tidy:
--$
--$ if (f$type( def_orig) .nes. "") then -
-- set default 'def_orig'
--$!
-Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.8.2.1 openssl/util/libeay.num:1.9
---- openssl/util/libeay.num:1.8.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/libeay.num Sun Jan 15 16:30:10 2012
-@@ -4194,3 +4194,5 @@
- OPENSSL_strncasecmp 4566 EXIST::FUNCTION:
- OPENSSL_gmtime 4567 EXIST::FUNCTION:
- OPENSSL_gmtime_adj 4568 EXIST::FUNCTION:
-+ENGINE_load_pk11ca 4569 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
-+ENGINE_load_pk11so 4569 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
-Index: openssl/util/mk1mf.pl
-diff -u openssl/util/mk1mf.pl:1.9.2.1 openssl/util/mk1mf.pl:1.9
---- openssl/util/mk1mf.pl:1.9.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/mk1mf.pl Mon Jun 13 17:13:56 2011
-@@ -109,6 +109,8 @@
- no-ecdh - No ECDH
- no-engine - No engine
- no-hw - No hw
-+ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
-+ no-hw-pkcs11so - No hw PKCS#11 SO flavor
- nasm - Use NASM for x86 asm
- nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
-@@ -270,6 +272,8 @@
- $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
- $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
- $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
- $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
- $cflags.= " -DZLIB" if $zlib_opt;
- $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-@@ -335,6 +339,9 @@
- $dir=$val;
- }
-
-+ if ($key eq "PK11_LIB_LOCATION")
-+ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
-+
- if ($key eq "KRB5_INCLUDES")
- { $cflags .= " $val";}
-
-@@ -1067,6 +1074,8 @@
- "no-gost" => \$no_gost,
- "no-engine" => \$no_engine,
- "no-hw" => \$no_hw,
-+ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
-+ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
- "just-ssl" =>
- [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
-Index: openssl/util/mkdef.pl
-diff -u openssl/util/mkdef.pl:1.7.2.1 openssl/util/mkdef.pl:1.8
---- openssl/util/mkdef.pl:1.7.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/mkdef.pl Sun Jan 15 16:30:10 2012
-@@ -94,7 +94,7 @@
- # External "algorithms"
- "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
- # Engines
-- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-+ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
- # RFC3779
- "RFC3779",
- # TLS
-@@ -125,6 +125,7 @@
- my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
- my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
- my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
-+my $no_pkcs11ca; my $no_pkcs11so;
- my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
- my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
- my $no_jpake; my $no_ssl2;
-@@ -218,6 +219,8 @@
- elsif (/^no-ssl2$/) { $no_ssl2=1; }
- elsif (/^no-capieng$/) { $no_capieng=1; }
- elsif (/^no-jpake$/) { $no_jpake=1; }
-+ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
-+ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
- }
-
-
-@@ -1165,6 +1168,8 @@
- if ($keyword eq "KRB5" && $no_krb5) { return 0; }
- if ($keyword eq "ENGINE" && $no_engine) { return 0; }
- if ($keyword eq "HW" && $no_hw) { return 0; }
-+ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
-+ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
-Index: openssl/util/pl/VC-32.pl
-diff -u openssl/util/pl/VC-32.pl:1.7.2.1 openssl/util/pl/VC-32.pl:1.7
---- openssl/util/pl/VC-32.pl:1.7.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/pl/VC-32.pl Mon Jun 13 17:13:57 2011
-@@ -36,7 +36,7 @@
- my $f = $shlib?' /MD':' /MT';
- $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
- $opt_cflags=$f.' /Ox';
-- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-+ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
-
- *::perlasm_compile_target = sub {
Deleted: vendor/bind/dist/bin/pkcs11/openssl-1.0.0j-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-1.0.0j-patch 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/openssl-1.0.0j-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,15749 +0,0 @@
-Index: openssl/Configure
-diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
---- openssl/Configure:1.9.2.1.2.1 Tue Jun 19 14:46:03 2012
-+++ openssl/Configure Tue Jun 19 14:49:21 2012
-@@ -10,7 +10,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -23,6 +23,12 @@
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
- #
-+# --pk11-libname PKCS#11 library name.
-+# (No default)
-+#
-+# --pk11-flavor either crypto-accelerator or sign-only
-+# (No default)
-+#
- # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
- # to live in the subdirectory lib/ and the header files in
- # include/. A value is required.
-@@ -343,7 +349,7 @@
- "linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
- ####
- "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -351,7 +357,7 @@
- "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### SPARC Linux setups
- # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
-@@ -622,6 +628,10 @@
- my $idx_arflags = $idx++;
- my $idx_multilib = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+my $pk11_flavor="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -824,6 +834,14 @@
- {
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
-+ elsif (/^--pk11-flavor=(.*)$/)
-+ {
-+ $pk11_flavor=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -961,6 +979,22 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
-+if (! $pk11_flavor
-+ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
-+ {
-+ print STDERR "You must set --pk11-flavor.\n";
-+ print STDERR "Choices are crypto-accelerator and sign-only.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1038,6 +1072,25 @@
- $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
- }
-
-+if ($pk11_flavor eq "crypto-accelerator")
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $options .= " no-hw-pkcs11so";
-+ print " no-hw-pkcs11so [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11SO\n";
-+ }
-+else
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $options .= " no-hw-pkcs11ca";
-+ print " no-hw-pkcs11ca [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11CA\n";
-+}
-+
- my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
-
- $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-@@ -1125,6 +1178,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1494,6 +1549,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-Index: openssl/Makefile.org
-diff -u openssl/Makefile.org:1.5.2.1.2.1 openssl/Makefile.org:1.6
---- openssl/Makefile.org:1.5.2.1.2.1 Tue Jun 19 14:46:04 2012
-+++ openssl/Makefile.org Tue Jun 19 14:49:21 2012
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
-Index: openssl/README.pkcs11
-diff -u /dev/null openssl/README.pkcs11:1.7
---- /dev/null Tue Jun 19 16:23:56 2012
-+++ openssl/README.pkcs11 Mon Jun 13 18:27:17 2011
-@@ -0,0 +1,261 @@
-+ISC modified
-+============
-+
-+The previous key naming scheme was kept for backward compatibility.
-+
-+The PKCS#11 engine exists in two flavors, crypto-accelerator and
-+sign-only. The first one is from the Solaris patch and uses the
-+PKCS#11 device for all crypto operations it supports. The second
-+is a stripped down version which provides only the useful
-+function (i.e., signature with a RSA private key in the device
-+protected key store and key loading).
-+
-+As a hint PKCS#11 boards should use the crypto-accelerator flavor,
-+external PKCS#11 devices the sign-only. SCA 6000 is an example
-+of the first, AEP Keyper of the second.
-+
-+Note it is mandatory to set a pk11-flavor (and only one) in
-+config/Configure.
-+
-+PKCS#11 engine support for OpenSSL 0.9.8l
-+=========================================
-+
-+[Nov 19, 2009]
-+
-+Contents:
-+
-+Overview
-+Revisions of the patch for 0.9.8 branch
-+FAQs
-+Feedback
-+
-+Overview
-+========
-+
-+This patch containing code available in OpenSolaris adds support for PKCS#11
-+engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
-+OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
-+must provide PKCS#11 backend otherwise the patch is useless. You provide the
-+PKCS#11 library name during the build configuration phase, see below.
-+
-+Patch can be applied like this:
-+
-+ # NOTE: use gtar if on Solaris
-+ tar xfzv openssl-0.9.8l.tar.gz
-+ # now download the patch to the current directory
-+ # ...
-+ cd openssl-0.9.8l
-+ # NOTE: must use gpatch if on Solaris (is part of the system)
-+ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
-+
-+It is designed to support pure acceleration for RSA, DSA, DH and all the
-+symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
-+except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
-+
-+According to the PKCS#11 providers installed on your machine, it can support
-+following mechanisms:
-+
-+ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
-+ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
-+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
-+ SHA256, SHA384, SHA512
-+
-+Note that for AES counter mode the application must provide their own EVP
-+functions since OpenSSL doesn't support counter mode through EVP yet. You may
-+see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
-+example of code that uses the PKCS#11 engine and deals with the fork-safety
-+problem (see engine.c and packet.c files if interested).
-+
-+You must provide the location of PKCS#11 library in your system to the
-+configure script. You will be instructed to do that when you try to run the
-+config script:
-+
-+ $ ./config
-+ Operating system: i86pc-whatever-solaris2
-+ Configuring for solaris-x86-cc
-+ You must set --pk11-libname for PKCS#11 library.
-+ See README.pkcs11 for more information.
-+
-+Taking openCryptoki project on Linux AMD64 box as an example, you would run
-+configure script like this:
-+
-+ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
-+
-+To check whether newly built openssl really supports PKCS#11 it's enough to run
-+"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
-+output. If you see no PKCS#11 engine support check that the built openssl binary
-+and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
-+
-+The patch, during various phases of development, was tested on Solaris against
-+PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
-+OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
-+(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
-+information). Some Linux distributions even ship those libraries with the
-+system. The patch should work on any system that is supported by OpenSSL itself
-+and has functional PKCS#11 library.
-+
-+The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
-+copyrighted by RSA Security Inc., see pkcs11.h for more information.
-+
-+Other added/modified code in this patch is copyrighted by Sun Microsystems,
-+Inc. and is released under the OpenSSL license (see LICENSE file for more
-+information).
-+
-+Revisions of the patch for 0.9.8 branch
-+=======================================
-+
-+2009-11-19
-+- adjusted for OpenSSL version 0.9.8l
-+
-+- bugs and RFEs:
-+
-+ 6479874 OpenSSL should support RSA key by reference/hardware keystores
-+ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
-+ 6732677 make check to trigger Solaris specific code automatic in the
-+ PKCS#11 engine
-+
-+2009-03-11
-+- adjusted for OpenSSL version 0.9.8j
-+
-+- README.pkcs11 moved out of the patch, and is shipped together with it in a
-+ tarball instead so that it can be read before the patch is applied.
-+
-+- fixed bugs:
-+
-+ 6804216 pkcs#11 engine should support a key length range for RC4
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-12-02
-+- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
-+
-+ 6723504 more granular locking in PKCS#11 engine
-+ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
-+ 6710420 PKCS#11 engine source should be lint clean
-+ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
-+ it seriously
-+ 6746712 PKCS#11 engine source code should be cstyle clean
-+ 6731380 return codes of several functions are not checked in the PKCS#11
-+ engine code
-+ 6746735 PKCS#11 engine should use extended FILE space API
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-08-01
-+- fixed bug
-+
-+ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
-+ and digests
-+
-+- Solaris specific code for slot selection made automatic
-+
-+2008-07-29
-+- update the patch to OpenSSL 0.9.8h version
-+- pkcs11t.h updated to the latest version:
-+
-+ 6545665 make CKM_AES_CTR available to non-kernel users
-+
-+- fixed bugs in the engine code:
-+
-+ 6602801 PK11_SESSION cache has to employ reference counting scheme for
-+ asymmetric key operations
-+ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
-+ atomically
-+ 6607307 pkcs#11 engine can't read RSA private keys
-+ 6652362 pk11_RSA_finish() is cutting corners
-+ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
-+ suboptimal way
-+ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
-+ resilient to destroy failures
-+ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
-+ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
-+ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
-+ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
-+ of big numbers leading to failures
-+ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
-+ -1
-+ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
-+ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
-+ checked
-+ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
-+ structure reuse
-+ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
-+ OPENSSL_NO_{RSA,DSA,DH}
-+ defines but fails miserably
-+ 6709966 make check_new_*() to return values to indicate cache hit/miss
-+ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
-+ generate_params parameter
-+ 6709513 PKCS#11 engine sets IV length even for ECB modes
-+ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
-+ PKCS#11 engine
-+ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
-+
-+- new features and enhancements:
-+
-+ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
-+ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
-+ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
-+ ciphers and digests
-+
-+2007-10-15
-+- update for 0.9.8f version
-+- update for "6607670 teach pkcs#11 engine how to use keys be reference"
-+
-+2007-10-02
-+- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
-+- draft for "6607307 pkcs#11 engine can't read RSA private keys"
-+
-+2007-09-26
-+- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
-+ significant performance drop
-+- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
-+
-+2007-05-25
-+- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
-+
-+2007-05-19
-+- initial patch for 0.9.8e using latest OpenSolaris code
-+
-+FAQs
-+====
-+
-+(1) my build failed on Linux distro with this error:
-+
-+../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
-+hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
-+
-+Answer:
-+
-+ - don't use "no-threads" when configuring
-+ - if you didn't then OpenSSL failed to create a threaded library by
-+ default. You may manually edit Configure and try again. Look for the
-+ architecture that Configure printed, for example:
-+
-+Configured for linux-elf.
-+
-+ - then edit Configure, find string "linux-elf" (inluding the quotes),
-+ and add flags to support threads to the 4th column of the 2nd string.
-+ If you build with GCC then adding "-pthread" should be enough. With
-+ "linux-elf" as an example, you would add " -pthread" right after
-+ "-D_REENTRANT", like this:
-+
-+....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
-+
-+(2) I'm using MinGW/MSYS environment and get undeclared reference error for
-+pthread_atfork() function when trying to build OpenSSL with the patch.
-+
-+Answer:
-+
-+ Sorry, pthread_atfork() is not implemented in the current pthread-win32
-+ (as of Nov 2009). You can not use the patch there.
-+
-+
-+Feedback
-+========
-+
-+Please send feedback to security-discuss at opensolaris.org. The patch was
-+created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
-+
-+Latest version should be always available on http://blogs.sun.com/janp.
-+
-Index: openssl/crypto/opensslconf.h
-diff -u openssl/crypto/opensslconf.h:1.6.2.1 openssl/crypto/opensslconf.h:1.6
---- openssl/crypto/opensslconf.h:1.6.2.1 Sun Jan 15 16:09:43 2012
-+++ openssl/crypto/opensslconf.h Mon Jun 13 17:13:28 2011
-@@ -29,6 +29,9 @@
-
- #endif /* OPENSSL_DOING_MAKEDEPEND */
-
-+#ifndef OPENSSL_THREADS
-+# define OPENSSL_THREADS
-+#endif
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
- # define OPENSSL_NO_DYNAMIC_ENGINE
- #endif
-@@ -61,6 +64,8 @@
- # endif
- #endif
-
-+#define OPENSSL_CPUID_OBJ
-+
- /* crypto/opensslconf.h.in */
-
- /* Generate 80386 code? */
-@@ -107,7 +112,7 @@
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
--#undef RC4_CHUNK
-+#define RC4_CHUNK unsigned long
- #endif
- #endif
-
-@@ -115,7 +120,7 @@
- /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
- #ifndef DES_LONG
--#define DES_LONG unsigned long
-+#define DES_LONG unsigned int
- #endif
- #endif
-
-@@ -126,9 +131,9 @@
- /* Should we define BN_DIV2W here? */
-
- /* Only one for the following should be defined */
--#undef SIXTY_FOUR_BIT_LONG
-+#define SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
--#define THIRTY_TWO_BIT
-+#undef THIRTY_TWO_BIT
- #endif
-
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-@@ -140,7 +145,7 @@
-
- #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
- #define CONFIG_HEADER_BF_LOCL_H
--#undef BF_PTR
-+#define BF_PTR2
- #endif /* HEADER_BF_LOCL_H */
-
- #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-@@ -170,7 +175,7 @@
- /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
- #ifndef DES_UNROLL
--#undef DES_UNROLL
-+#define DES_UNROLL
- #endif
-
- /* These default values were supplied by
-Index: openssl/crypto/bio/bss_file.c
-diff -u openssl/crypto/bio/bss_file.c:1.6.2.1 openssl/crypto/bio/bss_file.c:1.6
---- openssl/crypto/bio/bss_file.c:1.6.2.1 Sun Jan 15 16:09:44 2012
-+++ openssl/crypto/bio/bss_file.c Mon Jun 13 17:13:31 2011
-@@ -168,7 +168,7 @@
- {
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-- if (errno == ENOENT)
-+ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
- else
- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-Index: openssl/crypto/engine/Makefile
-diff -u openssl/crypto/engine/Makefile:1.8.2.1 openssl/crypto/engine/Makefile:1.8
---- openssl/crypto/engine/Makefile:1.8.2.1 Sun Jan 15 16:09:46 2012
-+++ openssl/crypto/engine/Makefile Tue Jun 14 21:51:32 2011
-@@ -21,12 +21,14 @@
- eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
-- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
-+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
-+ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
- LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
- eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
-- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
-+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
-+ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
-
- SRC= $(LIBSRC)
-
-@@ -264,6 +266,83 @@
- eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
- eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
- eng_table.o: eng_table.c
-+hw_pk11.o: ../../e_os.h ../../include/openssl/aes.h
-+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-+hw_pk11.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
-+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-+hw_pk11.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-+hw_pk11.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
-+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-+hw_pk11.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-+hw_pk11.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-+hw_pk11.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-+hw_pk11.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-+hw_pk11.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h hw_pk11.c
-+hw_pk11.o: hw_pk11_err.c hw_pk11_err.h hw_pk11ca.h pkcs11.h pkcs11f.h pkcs11t.h
-+hw_pk11_pub.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-+hw_pk11_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+hw_pk11_pub.o: ../../include/openssl/objects.h
-+hw_pk11_pub.o: ../../include/openssl/opensslconf.h
-+hw_pk11_pub.o: ../../include/openssl/opensslv.h
-+hw_pk11_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-+hw_pk11_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-+hw_pk11_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-+hw_pk11_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-+hw_pk11_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11_pub.c hw_pk11ca.h
-+hw_pk11_pub.o: pkcs11.h pkcs11f.h pkcs11t.h
-+hw_pk11so.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11so.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11so.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11so.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11so.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11so.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11so.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-+hw_pk11so.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-+hw_pk11so.o: ../../include/openssl/opensslconf.h
-+hw_pk11so.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-+hw_pk11so.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-+hw_pk11so.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-+hw_pk11so.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-+hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-+hw_pk11so.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h
-+hw_pk11so.o: hw_pk11_err.c hw_pk11_err.h hw_pk11so.c hw_pk11so.h pkcs11.h
-+hw_pk11so.o: pkcs11f.h pkcs11t.h
-+hw_pk11so_pub.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11so_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11so_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11so_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11so_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11so_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11so_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+hw_pk11so_pub.o: ../../include/openssl/objects.h
-+hw_pk11so_pub.o: ../../include/openssl/opensslconf.h
-+hw_pk11so_pub.o: ../../include/openssl/opensslv.h
-+hw_pk11so_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-+hw_pk11so_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-+hw_pk11so_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-+hw_pk11so_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-+hw_pk11so_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11so.h
-+hw_pk11so_pub.o: hw_pk11so_pub.c pkcs11.h pkcs11f.h pkcs11t.h
- tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
- tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
- tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-Index: openssl/crypto/engine/cryptoki.h
-diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Tue Jun 19 16:23:56 2012
-+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
-@@ -0,0 +1,103 @@
-+/*
-+ * CDDL HEADER START
-+ *
-+ * The contents of this file are subject to the terms of the
-+ * Common Development and Distribution License, Version 1.0 only
-+ * (the "License"). You may not use this file except in compliance
-+ * with the License.
-+ *
-+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-+ * or http://www.opensolaris.org/os/licensing.
-+ * See the License for the specific language governing permissions
-+ * and limitations under the License.
-+ *
-+ * When distributing Covered Code, include this CDDL HEADER in each
-+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-+ * If applicable, add the following below this CDDL HEADER, with the
-+ * fields enclosed by brackets "[]" replaced with your own identifying
-+ * information: Portions Copyright [yyyy] [name of copyright owner]
-+ *
-+ * CDDL HEADER END
-+ */
-+/*
-+ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+#ifndef _CRYPTOKI_H
-+#define _CRYPTOKI_H
-+
-+/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef CK_PTR
-+#define CK_PTR *
-+#endif
-+
-+#ifndef CK_DEFINE_FUNCTION
-+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION
-+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION_POINTER
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef CK_CALLBACK_FUNCTION
-+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef NULL_PTR
-+#include <unistd.h> /* For NULL */
-+#define NULL_PTR NULL
-+#endif
-+
-+/*
-+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
-+ */
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#define CK_DISABLE_TRUE_FALSE
-+#ifndef TRUE
-+#define TRUE 1
-+#endif /* TRUE */
-+#ifndef FALSE
-+#define FALSE 0
-+#endif /* FALSE */
-+#endif /* CK_DISABLE_TRUE_FALSE */
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+#include "pkcs11.h"
-+
-+/* Solaris specific functions */
-+
-+#include <stdlib.h>
-+
-+/*
-+ * SUNW_C_GetMechSession will initialize the framework and do all
-+ * the necessary PKCS#11 calls to create a session capable of
-+ * providing operations on the requested mechanism
-+ */
-+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
-+ CK_SESSION_HANDLE_PTR hSession);
-+
-+/*
-+ * SUNW_C_KeyToObject will create a secret key object for the given
-+ * mechanism from the rawkey data.
-+ */
-+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
-+ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
-+ CK_OBJECT_HANDLE_PTR obj);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* _CRYPTOKI_H */
-Index: openssl/crypto/engine/eng_all.c
-diff -u openssl/crypto/engine/eng_all.c:1.5.2.1 openssl/crypto/engine/eng_all.c:1.5
---- openssl/crypto/engine/eng_all.c:1.5.2.1 Sun Jan 15 16:09:46 2012
-+++ openssl/crypto/engine/eng_all.c Mon Jun 13 17:13:35 2011
-@@ -111,6 +111,14 @@
- #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
- #endif
-+#ifndef OPENSSL_NO_HW_PKCS11
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+ ENGINE_load_pk11ca();
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+ ENGINE_load_pk11so();
-+#endif
-+#endif
- #endif
- }
-
-Index: openssl/crypto/engine/engine.h
-diff -u openssl/crypto/engine/engine.h:1.5.2.1 openssl/crypto/engine/engine.h:1.5
---- openssl/crypto/engine/engine.h:1.5.2.1 Sun Jan 15 16:09:46 2012
-+++ openssl/crypto/engine/engine.h Mon Jun 13 17:13:36 2011
-@@ -336,6 +336,12 @@
- void ENGINE_load_ubsec(void);
- void ENGINE_load_padlock(void);
- void ENGINE_load_capi(void);
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+void ENGINE_load_pk11ca(void);
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+void ENGINE_load_pk11so(void);
-+#endif
- #ifndef OPENSSL_NO_GMP
- void ENGINE_load_gmp(void);
- #endif
-Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
---- /dev/null Tue Jun 19 16:23:56 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:53 2011
-@@ -0,0 +1,4057 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+#include <openssl/aes.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/* #undef DEBUG_SLOT_SELECTION */
-+/*
-+ * Solaris specific code. See comment at check_hw_mechanisms() for more
-+ * information.
-+ */
-+#if defined(__SVR4) && defined(__sun)
-+#undef SOLARIS_HW_SLOT_SELECTION
-+#endif
-+
-+/*
-+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
-+ * there are official OIDs for mechanisms based on this mode. With our changes,
-+ * an application can define its own EVP calls for AES counter mode and then
-+ * it can make use of hardware acceleration through this engine. However, it's
-+ * better if we keep AES CTR support code under ifdef's.
-+ */
-+#define SOLARIS_AES_CTR
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.c"
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NIDs for AES counter mode that will be defined during the engine
-+ * initialization.
-+ */
-+static int NID_aes_128_ctr = NID_undef;
-+static int NID_aes_192_ctr = NID_undef;
-+static int NID_aes_256_ctr = NID_undef;
-+#endif /* SOLARIS_AES_CTR */
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
-+ * library. See comment at check_hw_mechanisms() for more information.
-+ */
-+static int *hw_cnids;
-+static int *hw_dnids;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+#ifndef OPENSSL_NO_RSA
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DH
-+int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
-+#endif
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+/* Symmetric cipher and digest support functions */
-+static int cipher_nid_to_pk11(int nid);
-+#ifdef SOLARIS_AES_CTR
-+static int pk11_add_NID(char *sn, char *ln);
-+static int pk11_add_aes_ctr_NIDs(void);
-+#endif /* SOLARIS_AES_CTR */
-+static int pk11_usable_ciphers(const int **nids);
-+static int pk11_usable_digests(const int **nids);
-+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc);
-+static int pk11_cipher_final(PK11_SESSION *sp);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl);
-+#else
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl);
-+#endif
-+static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
-+static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid);
-+static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid);
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len);
-+static int md_nid_to_pk11(int nid);
-+static int pk11_digest_init(EVP_MD_CTX *ctx);
-+static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
-+ size_t count);
-+static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
-+static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-+static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
-+ int *local_cipher_nids);
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest,
-+ int *local_digest_nids);
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
-+ int id);
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+static int check_hw_mechanisms(void);
-+static int nid_in_table(int nid, int *nid_table);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* Index for the supported ciphers */
-+enum pk11_cipher_id {
-+ PK11_DES_CBC,
-+ PK11_DES3_CBC,
-+ PK11_DES_ECB,
-+ PK11_DES3_ECB,
-+ PK11_RC4,
-+ PK11_AES_128_CBC,
-+ PK11_AES_192_CBC,
-+ PK11_AES_256_CBC,
-+ PK11_AES_128_ECB,
-+ PK11_AES_192_ECB,
-+ PK11_AES_256_ECB,
-+ PK11_BLOWFISH_CBC,
-+#ifdef SOLARIS_AES_CTR
-+ PK11_AES_128_CTR,
-+ PK11_AES_192_CTR,
-+ PK11_AES_256_CTR,
-+#endif /* SOLARIS_AES_CTR */
-+ PK11_CIPHER_MAX
-+};
-+
-+/* Index for the supported digests */
-+enum pk11_digest_id {
-+ PK11_MD5,
-+ PK11_SHA1,
-+ PK11_SHA224,
-+ PK11_SHA256,
-+ PK11_SHA384,
-+ PK11_SHA512,
-+ PK11_DIGEST_MAX
-+};
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static int cipher_nids[PK11_CIPHER_MAX];
-+static int digest_nids[PK11_DIGEST_MAX];
-+static int cipher_count = 0;
-+static int digest_count = 0;
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_recover = CK_FALSE;
-+static CK_BBOOL pk11_have_dsa = CK_FALSE;
-+static CK_BBOOL pk11_have_dh = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+typedef struct PK11_CIPHER_st
-+ {
-+ enum pk11_cipher_id id;
-+ int nid;
-+ int iv_len;
-+ int min_key_len;
-+ int max_key_len;
-+ CK_KEY_TYPE key_type;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_CIPHER;
-+
-+static PK11_CIPHER ciphers[] =
-+ {
-+ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
-+ CKK_DES, CKM_DES_CBC, },
-+ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
-+ CKK_DES3, CKM_DES3_CBC, },
-+ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
-+ CKK_DES, CKM_DES_ECB, },
-+ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
-+ CKK_DES3, CKM_DES3_ECB, },
-+ { PK11_RC4, NID_rc4, 0, 16, 256,
-+ CKK_RC4, CKM_RC4, },
-+ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
-+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
-+#ifdef SOLARIS_AES_CTR
-+ /* we don't know the correct NIDs until the engine is initialized */
-+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
-+ CKK_AES, CKM_AES_CTR, },
-+#endif /* SOLARIS_AES_CTR */
-+ };
-+
-+typedef struct PK11_DIGEST_st
-+ {
-+ enum pk11_digest_id id;
-+ int nid;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_DIGEST;
-+
-+static PK11_DIGEST digests[] =
-+ {
-+ {PK11_MD5, NID_md5, CKM_MD5, },
-+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
-+ {PK11_SHA224, NID_sha224, CKM_SHA224, },
-+ {PK11_SHA256, NID_sha256, CKM_SHA256, },
-+ {PK11_SHA384, NID_sha384, CKM_SHA384, },
-+ {PK11_SHA512, NID_sha512, CKM_SHA512, },
-+ {0, NID_undef, 0xFFFF, },
-+ };
-+
-+/*
-+ * Structure to be used for the cipher_data/md_data in
-+ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
-+ * session in multiple cipher_update calls
-+ */
-+typedef struct PK11_CIPHER_STATE_st
-+ {
-+ PK11_SESSION *sp;
-+ } PK11_CIPHER_STATE;
-+
-+
-+/*
-+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
-+ * called when libcrypto requests a cipher NID.
-+ *
-+ * Note how the PK11_CIPHER_STATE is used here.
-+ */
-+
-+/* DES CBC EVP */
-+static const EVP_CIPHER pk11_des_cbc =
-+ {
-+ NID_des_cbc,
-+ 8, 8, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/* 3DES CBC EVP */
-+static const EVP_CIPHER pk11_3des_cbc =
-+ {
-+ NID_des_ede3_cbc,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
-+ * get_asn1_parameters fields are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_des_ecb =
-+ {
-+ NID_des_ecb,
-+ 8, 8, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_3des_ecb =
-+ {
-+ NID_des_ede3_ecb,
-+ 8, 24, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+
-+static const EVP_CIPHER pk11_aes_128_cbc =
-+ {
-+ NID_aes_128_cbc,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_cbc =
-+ {
-+ NID_aes_192_cbc,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_cbc =
-+ {
-+ NID_aes_256_cbc,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use IV so that's why set_asn1_parameters and
-+ * get_asn1_parameters are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_aes_128_ecb =
-+ {
-+ NID_aes_128_ecb,
-+ 16, 16, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_ecb =
-+ {
-+ NID_aes_192_ecb,
-+ 16, 24, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_ecb =
-+ {
-+ NID_aes_256_ecb,
-+ 16, 32, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
-+ * created in pk11_library_init(). Note that the need to change these structures
-+ * is the reason why we don't define them with the const keyword.
-+ */
-+static EVP_CIPHER pk11_aes_128_ctr =
-+ {
-+ NID_undef,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_192_ctr =
-+ {
-+ NID_undef,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_256_ctr =
-+ {
-+ NID_undef,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+#endif /* SOLARIS_AES_CTR */
-+
-+static const EVP_CIPHER pk11_bf_cbc =
-+ {
-+ NID_bf_cbc,
-+ 8, 16, 8,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_rc4 =
-+ {
-+ NID_rc4,
-+ 1, 16, 0,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_MD pk11_md5 =
-+ {
-+ NID_md5,
-+ NID_md5WithRSAEncryption,
-+ MD5_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ MD5_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha1 =
-+ {
-+ NID_sha1,
-+ NID_sha1WithRSAEncryption,
-+ SHA_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha224 =
-+ {
-+ NID_sha224,
-+ NID_sha224WithRSAEncryption,
-+ SHA224_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-224 uses the same cblock size as SHA-256 */
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha256 =
-+ {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha384 =
-+ {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-384 uses the same cblock size as SHA-512 */
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha512 =
-+ {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11SO
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name =
-+ "PKCS #11 engine support (crypto accelerator)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+#ifndef OPENSSL_NO_RSA
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DSA], NULL);
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DH] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DH], NULL);
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (find_lock[OP_DSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
-+ OPENSSL_free(find_lock[OP_DSA]);
-+ find_lock[OP_DSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (find_lock[OP_DH] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DH]);
-+ OPENSSL_free(find_lock[OP_DH]);
-+ find_lock[OP_DH] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ const RSA_METHOD *rsa = NULL;
-+ RSA_METHOD *pk11_rsa = PK11_RSA();
-+#endif /* OPENSSL_NO_RSA */
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name) ||
-+ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
-+ !ENGINE_set_digests(e, pk11_engine_digests))
-+ return (0);
-+#ifndef OPENSSL_NO_RSA
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (pk11_have_dsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DSA(e, PK11_DSA()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (pk11_have_dh == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DH(e, PK11_DH()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DH */
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+/*
-+ * Apache calls OpenSSL function RSA_blinding_on() once during startup
-+ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
-+ * here, we wire it back to the OpenSSL software implementation.
-+ * Since it is used only once, performance is not a concern.
-+ */
-+#ifndef OPENSSL_NO_RSA
-+ rsa = RSA_PKCS1_SSLeay();
-+ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
-+ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
-+ if (pk11_have_recover != CK_TRUE)
-+ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
-+#endif /* OPENSSL_NO_RSA */
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ LOCK_OBJSTORE(OP_DSA);
-+ LOCK_OBJSTORE(OP_DH);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ CK_ULONG ul_state_len;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * We must do this before we start working with slots since we need all
-+ * NIDs there.
-+ */
-+ if (pk11_add_aes_ctr_NIDs() == 0)
-+ goto err;
-+#endif /* SOLARIS_AES_CTR */
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Disable digest if C_GetOperationState is not supported since
-+ * this function is required by OpenSSL digest copy function
-+ */
-+ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
-+ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
-+ != CKR_OK) {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: C_GetOperationState() not supported, "
-+ "setting digest_count to 0\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ digest_count = 0;
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ (void) pk11_destroy_dsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ (void) pk11_destroy_dh_key_objects(NULL);
-+#endif /* OPENSSL_NO_DH */
-+ (void) pk11_destroy_cipher_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+ myslot = SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ sp->opdata_dsa_pub_num = NULL;
-+ sp->opdata_dsa_priv = NULL;
-+ sp->opdata_dsa_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ sp->opdata_dh_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DH */
-+ case OP_CIPHER:
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ sp->opdata_encrypt = -1;
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Destroy DSA public key from single session. */
-+int
-+pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
-+ ret, uselock, OP_DSA, CK_FALSE);
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy DSA private key from single session. */
-+int
-+pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
-+ ret, uselock, OP_DSA, CK_TRUE);
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv = NULL;
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_dsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+/* Destroy DH key from single session. */
-+int
-+pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
-+ ret, uselock, OP_DH, CK_TRUE);
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DH key object wrapper.
-+ *
-+ * arg0: pointer to PKCS#11 engine session structure
-+ * if session is NULL, try to destroy all objects in the free list
-+ */
-+int
-+pk11_destroy_dh_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DH].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DH].head;
-+ uselock = FALSE;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dh_object(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DH].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/* Symmetric ciphers and digests support functions */
-+
-+static int
-+cipher_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; i++)
-+ if (ciphers[i].nid == nid)
-+ return (ciphers[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_usable_ciphers(const int **nids)
-+ {
-+ if (cipher_count > 0)
-+ *nids = cipher_nids;
-+ else
-+ *nids = NULL;
-+ return (cipher_count);
-+ }
-+
-+static int
-+pk11_usable_digests(const int **nids)
-+ {
-+ if (digest_count > 0)
-+ *nids = digest_nids;
-+ else
-+ *nids = NULL;
-+ return (digest_count);
-+ }
-+
-+/*
-+ * Init context for encryption or decryption using a symmetric key.
-+ */
-+static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
-+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
-+ {
-+ CK_RV rv;
-+#ifdef SOLARIS_AES_CTR
-+ CK_AES_CTR_PARAMS ctr_params;
-+#endif /* SOLARIS_AES_CTR */
-+
-+ /*
-+ * We expect pmech->mechanism to be already set and
-+ * pParameter/ulParameterLen initialized to NULL/0 before
-+ * pk11_init_symetric() is called.
-+ */
-+ OPENSSL_assert(pmech->mechanism != 0);
-+ OPENSSL_assert(pmech->pParameter == NULL);
-+ OPENSSL_assert(pmech->ulParameterLen == 0);
-+
-+#ifdef SOLARIS_AES_CTR
-+ if (ctx->cipher->nid == NID_aes_128_ctr ||
-+ ctx->cipher->nid == NID_aes_192_ctr ||
-+ ctx->cipher->nid == NID_aes_256_ctr)
-+ {
-+ pmech->pParameter = (void *)(&ctr_params);
-+ pmech->ulParameterLen = sizeof (ctr_params);
-+ /*
-+ * For now, we are limited to the fixed length of the counter,
-+ * it covers the whole counter block. That's what RFC 4344
-+ * needs. For more information on internal structure of the
-+ * counter block, see RFC 3686. If needed in the future, we can
-+ * add code so that the counter length can be set via
-+ * ENGINE_ctrl() function.
-+ */
-+ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
-+ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
-+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
-+ }
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ {
-+ if (pcipher->iv_len > 0)
-+ {
-+ pmech->pParameter = (void *)ctx->iv;
-+ pmech->ulParameterLen = pcipher->iv_len;
-+ }
-+ }
-+
-+ /* if we get here, the encryption needs to be reinitialized */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+ else
-+ rv = pFuncList->C_DecryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
-+ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+ {
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ PK11_CIPHER *p_ciph_table_row;
-+
-+ state->sp = NULL;
-+
-+ index = cipher_nid_to_pk11(ctx->cipher->nid);
-+ if (index < 0 || index >= PK11_CIPHER_MAX)
-+ return (0);
-+
-+ p_ciph_table_row = &ciphers[index];
-+ /*
-+ * iv_len in the ctx->cipher structure is the maximum IV length for the
-+ * current cipher and it must be less or equal to the IV length in our
-+ * ciphers table. The key length must be in the allowed interval. From
-+ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
-+ * key length to be in some range, all other NIDs have a precise key
-+ * length. Every application can define its own EVP functions so this
-+ * code serves as a sanity check.
-+ *
-+ * Note that the reason why the IV length in ctx->cipher might be
-+ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
-+ * macro to define functions that return EVP structures for all DES
-+ * modes. So, even ECB modes get 8 byte IV.
-+ */
-+ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
-+ ctx->key_len < p_ciph_table_row->min_key_len ||
-+ ctx->key_len > p_ciph_table_row->max_key_len) {
-+ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
-+ return (0);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
-+ return (0);
-+
-+ /* if applicable, the mechanism parameter is used for IV */
-+ mech.mechanism = p_ciph_table_row->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ /* The key object is destroyed here if it is not the current key. */
-+ (void) check_new_cipher_key(sp, key, ctx->key_len);
-+
-+ /*
-+ * If the key is the same and the encryption is also the same, then
-+ * just reuse it. However, we must not forget to reinitialize the
-+ * context that was finalized in pk11_cipher_cleanup().
-+ */
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
-+ sp->opdata_encrypt == ctx->encrypt)
-+ {
-+ state->sp = sp;
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+ /*
-+ * Check if the key has been invalidated. If so, a new key object
-+ * needs to be created.
-+ */
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ sp->opdata_cipher_key = pk11_get_cipher_key(
-+ ctx, key, p_ciph_table_row->key_type, sp);
-+ }
-+
-+ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
-+ {
-+ /*
-+ * The previous encryption/decryption is different. Need to
-+ * terminate the previous * active encryption/decryption here.
-+ */
-+ if (!pk11_cipher_final(sp))
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+ }
-+
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ /* now initialize the context with a new key */
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ sp->opdata_encrypt = ctx->encrypt;
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+/*
-+ * When reusing the same key in an encryption/decryption session for a
-+ * decryption/encryption session, we need to close the active session
-+ * and recreate a new one. Note that the key is in the global session so
-+ * that it needs not be recreated.
-+ *
-+ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
-+ * development, these two functions in the PKCS#11 libraries used return
-+ * unexpected errors when passing in 0 length output. It may be a good
-+ * idea to try them again if performance is a problem here and fix
-+ * C_En/DecryptFinial if there are bugs there causing the problem.
-+ */
-+static int
-+pk11_cipher_final(PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
-+ return (0);
-+ }
-+
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * An engine interface function. The calling function allocates sufficient
-+ * memory for the output buffer "out" to hold the results.
-+ */
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl)
-+#else
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl)
-+#endif
-+ {
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ CK_RV rv;
-+ unsigned long outl = inl;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ sp = (PK11_SESSION *) state->sp;
-+
-+ if (!inl)
-+ return (1);
-+
-+ /* RC4 is the only stream cipher we support */
-+ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ if (ctx->encrypt)
-+ {
-+ rv = pFuncList->C_EncryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_ENCRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+ else
-+ {
-+ rv = pFuncList->C_DecryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_DECRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+
-+ /*
-+ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
-+ * the same size of input.
-+ * The application has guaranteed to call the block ciphers with
-+ * correctly aligned buffers.
-+ */
-+ if (inl != outl)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
-+ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
-+ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
-+ * the engine can't find out that it's the finalizing call. We wouldn't
-+ * necessarily have to finalize the context here since reinitializing it with
-+ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
-+ * let's do it. Some implementations might leak memory if the previously used
-+ * context is initialized without finalizing it first.
-+ */
-+static int
-+pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
-+ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
-+ PK11_CIPHER_STATE *state = ctx->cipher_data;
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * We are not interested in the data here, we just need to get
-+ * rid of the context.
-+ */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptFinal(
-+ state->sp->session, buf, &len);
-+ else
-+ rv = pFuncList->C_DecryptFinal(
-+ state->sp->session, buf, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
-+ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ state->sp = NULL;
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Registered by the ENGINE when used to find out how to deal with
-+ * a particular NID in the ENGINE. This says what we'll do at the
-+ * top level - note, that list is restricted by what we answer with
-+ */
-+/* ARGSUSED */
-+static int
-+pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid)
-+ {
-+ if (!cipher)
-+ return (pk11_usable_ciphers(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_des_ede3_cbc:
-+ *cipher = &pk11_3des_cbc;
-+ break;
-+ case NID_des_cbc:
-+ *cipher = &pk11_des_cbc;
-+ break;
-+ case NID_des_ede3_ecb:
-+ *cipher = &pk11_3des_ecb;
-+ break;
-+ case NID_des_ecb:
-+ *cipher = &pk11_des_ecb;
-+ break;
-+ case NID_aes_128_cbc:
-+ *cipher = &pk11_aes_128_cbc;
-+ break;
-+ case NID_aes_192_cbc:
-+ *cipher = &pk11_aes_192_cbc;
-+ break;
-+ case NID_aes_256_cbc:
-+ *cipher = &pk11_aes_256_cbc;
-+ break;
-+ case NID_aes_128_ecb:
-+ *cipher = &pk11_aes_128_ecb;
-+ break;
-+ case NID_aes_192_ecb:
-+ *cipher = &pk11_aes_192_ecb;
-+ break;
-+ case NID_aes_256_ecb:
-+ *cipher = &pk11_aes_256_ecb;
-+ break;
-+ case NID_bf_cbc:
-+ *cipher = &pk11_bf_cbc;
-+ break;
-+ case NID_rc4:
-+ *cipher = &pk11_rc4;
-+ break;
-+ default:
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * These can't be in separated cases because the NIDs
-+ * here are not constants.
-+ */
-+ if (nid == NID_aes_128_ctr)
-+ *cipher = &pk11_aes_128_ctr;
-+ else if (nid == NID_aes_192_ctr)
-+ *cipher = &pk11_aes_192_ctr;
-+ else if (nid == NID_aes_256_ctr)
-+ *cipher = &pk11_aes_256_ctr;
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ *cipher = NULL;
-+ break;
-+ }
-+ return (*cipher != NULL);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid)
-+ {
-+ if (!digest)
-+ return (pk11_usable_digests(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_md5:
-+ *digest = &pk11_md5;
-+ break;
-+ case NID_sha1:
-+ *digest = &pk11_sha1;
-+ break;
-+ case NID_sha224:
-+ *digest = &pk11_sha224;
-+ break;
-+ case NID_sha256:
-+ *digest = &pk11_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &pk11_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &pk11_sha512;
-+ break;
-+ default:
-+ *digest = NULL;
-+ break;
-+ }
-+ return (*digest != NULL);
-+ }
-+
-+
-+/* Create a secret key object in a PKCS#11 session */
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
-+ CK_ULONG ul_key_attr_count = 6;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_VALUE, (void*) NULL, 0},
-+ };
-+
-+ /*
-+ * Create secret key object in global_session. All other sessions
-+ * can use the key handles. Here is why:
-+ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
-+ * It may then call DecryptInit and DecryptUpdate using the same key.
-+ * To use the same key object, we need to call EncryptFinal with
-+ * a 0 length message. Currently, this does not work for 3DES
-+ * mechanism. To get around this problem, we close the session and
-+ * then create a new session to use the same key object. When a session
-+ * is closed, all the object handles will be invalid. Thus, create key
-+ * objects in a global session, an individual session may be closed to
-+ * terminate the active operation.
-+ */
-+ CK_SESSION_HANDLE session = global_session;
-+ a_key_template[0].pValue = &obj_key;
-+ a_key_template[1].pValue = &key_type;
-+ a_key_template[5].pValue = (void *) key;
-+ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Save the key information used in this session.
-+ * The max can be saved is PK11_KEY_LEN_MAX.
-+ */
-+ sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ?
-+ PK11_KEY_LEN_MAX : ctx->key_len;
-+ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
-+err:
-+
-+ return (h_key);
-+ }
-+
-+static int
-+md_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; i++)
-+ if (digests[i].nid == nid)
-+ return (digests[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_digest_init(EVP_MD_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_SESSION *sp;
-+ PK11_DIGEST *pdp;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ state->sp = NULL;
-+
-+ index = md_nid_to_pk11(ctx->digest->type);
-+ if (index < 0 || index >= PK11_DIGEST_MAX)
-+ return (0);
-+
-+ pdp = &digests[index];
-+ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
-+ return (0);
-+
-+ /* at present, no parameter is needed for supported digests */
-+ mech.mechanism = pdp->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ rv = pFuncList->C_DigestInit(sp->session, &mech);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
-+ pk11_return_session(sp, OP_DIGEST);
-+ return (0);
-+ }
-+
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-+ {
-+ CK_RV rv;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ /* 0 length message will cause a failure in C_DigestFinal */
-+ if (count == 0)
-+ return (1);
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
-+ count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-+ {
-+ CK_RV rv;
-+ unsigned long len;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+ len = ctx->digest->md_size;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ if (ctx->digest->md_size != len)
-+ return (0);
-+
-+ /*
-+ * Final is called and digest is returned, so return the session
-+ * to the pool
-+ */
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-+ {
-+ CK_RV rv;
-+ int ret = 0;
-+ PK11_CIPHER_STATE *state, *state_to;
-+ CK_BYTE_PTR pstate = NULL;
-+ CK_ULONG ul_state_len;
-+
-+ /* The copy-from state */
-+ state = (PK11_CIPHER_STATE *) from->md_data;
-+ if (state == NULL || state->sp == NULL)
-+ goto err;
-+
-+ /* Initialize the copy-to state */
-+ if (!pk11_digest_init(to))
-+ goto err;
-+ state_to = (PK11_CIPHER_STATE *) to->md_data;
-+
-+ /* Get the size of the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+ if (ul_state_len == 0)
-+ {
-+ goto err;
-+ }
-+
-+ pstate = OPENSSL_malloc(ul_state_len);
-+ if (pstate == NULL)
-+ {
-+ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /* Set the operation state of the copy-to session */
-+ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
-+ ul_state_len, 0, 0);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY,
-+ PK11_R_SET_OPERATION_STATE, rv);
-+ goto err;
-+ }
-+
-+ ret = 1;
-+err:
-+ if (pstate != NULL)
-+ OPENSSL_free(pstate);
-+
-+ return (ret);
-+ }
-+
-+/* Return any pending session state to the pool */
-+static int
-+pk11_digest_cleanup(EVP_MD_CTX *ctx)
-+ {
-+ PK11_CIPHER_STATE *state = ctx->md_data;
-+ unsigned char buf[EVP_MAX_MD_SIZE];
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * If state->sp is not NULL then pk11_digest_final() has not
-+ * been called yet. We must call it now to free any memory
-+ * that might have been allocated in the token when
-+ * pk11_digest_init() was called. pk11_digest_final()
-+ * will return the session to the cache.
-+ */
-+ if (!pk11_digest_final(ctx, buf))
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Check if the new key is the same as the key object in the session. If the key
-+ * is the same, no need to create a new key object. Otherwise, the old key
-+ * object needs to be destroyed and a new one will be created. Return 1 for
-+ * cache hit, 0 for cache miss. Note that we must check the key length first
-+ * otherwise we could end up reusing a different, longer key with the same
-+ * prefix.
-+ */
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len)
-+ {
-+ if (sp->opdata_key_len != key_len ||
-+ memcmp(sp->opdata_key, key, key_len) != 0)
-+ {
-+ (void) pk11_destroy_cipher_key_objects(sp);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/* Destroy one or more secret key objects. */
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_CIPHER].head;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
-+ {
-+ /*
-+ * The secret key object is created in the
-+ * global_session. See pk11_get_cipher_key().
-+ */
-+ if (pk11_destroy_object(global_session,
-+ sp->opdata_cipher_key, CK_FALSE) == 0)
-+ goto err;
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ }
-+ }
-+ ret = 1;
-+err:
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_X_509
-+ * CKM_RSA_PKCS
-+ * CKM_DSA
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * Symmetric ciphers optionally supported
-+ *
-+ * CKM_DES3_CBC
-+ * CKM_DES_CBC
-+ * CKM_AES_CBC
-+ * CKM_DES3_ECB
-+ * CKM_DES_ECB
-+ * CKM_AES_ECB
-+ * CKM_AES_CTR
-+ * CKM_RC4
-+ * CKM_BLOWFISH_CBC
-+ *
-+ * Digests optionally supported
-+ *
-+ * CKM_MD5
-+ * CKM_SHA_1
-+ * CKM_SHA224
-+ * CKM_SHA256
-+ * CKM_SHA384
-+ * CKM_SHA512
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ int slot_n_cipher = 0;
-+ int slot_n_digest = 0;
-+ CK_SLOT_ID current_slot = 0;
-+ int current_slot_n_cipher = 0;
-+ int current_slot_n_digest = 0;
-+
-+ int local_cipher_nids[PK11_CIPHER_MAX];
-+ int local_digest_nids[PK11_DIGEST_MAX];
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ CK_BBOOL slot_has_recover = CK_FALSE;
-+ CK_BBOOL slot_has_dsa = CK_FALSE;
-+ CK_BBOOL slot_has_dh = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_RSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ /*
-+ * Check if this slot is capable of encryption,
-+ * decryption, sign, and verify with CKM_RSA_X_509.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_RSA_X_509, &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY) &&
-+ (mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ if (mech_info.flags & CKF_VERIFY_RECOVER)
-+ {
-+ slot_has_recover = CK_TRUE;
-+ }
-+ }
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_DSA.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
-+ &mech_info);
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ slot_has_dsa = CK_TRUE;
-+ }
-+
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ /*
-+ * Check if this slot is capable of DH key generataion and
-+ * derivation.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
-+
-+ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
-+ {
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_DERIVE, &mech_info);
-+ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
-+ {
-+ slot_has_dh = CK_TRUE;
-+ }
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ if (!found_candidate_slot &&
-+ (slot_has_rsa || slot_has_dsa || slot_has_dh))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ pk11_have_recover = slot_has_recover;
-+ pk11_have_dsa = slot_has_dsa;
-+ pk11_have_dh = slot_has_dh;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa/dsa/dh\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ found_candidate_slot = CK_FALSE;
-+ best_slot_sofar = 0;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ current_slot = pSlotList[i];
-+ current_slot_n_cipher = 0;
-+ current_slot_n_digest = 0;
-+ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
-+ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
-+
-+ pk11_find_symmetric_ciphers(pFuncList, current_slot,
-+ ¤t_slot_n_cipher, local_cipher_nids);
-+
-+ pk11_find_digests(pFuncList, current_slot,
-+ ¤t_slot_n_digest, local_digest_nids);
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
-+ current_slot_n_cipher);
-+ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
-+ current_slot_n_digest);
-+ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
-+ PK11_DBG, best_slot_sofar);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * If the current slot supports more ciphers/digests than
-+ * the previous best one we change the current best to this one,
-+ * otherwise leave it where it is.
-+ */
-+ if ((current_slot_n_cipher + current_slot_n_digest) >
-+ (slot_n_cipher + slot_n_digest))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: changing best so far slot to %d\n",
-+ PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = SLOTID = current_slot;
-+ cipher_count = slot_n_cipher = current_slot_n_cipher;
-+ digest_count = slot_n_digest = current_slot_n_digest;
-+ (void) memcpy(cipher_nids, local_cipher_nids,
-+ sizeof (local_cipher_nids));
-+ (void) memcpy(digest_nids, local_digest_nids,
-+ sizeof (local_digest_nids));
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
-+ fprintf(stderr,
-+ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+ fprintf(stderr,
-+ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
-+ fprintf(stderr,
-+ "%s: digest_count %d\n", PK11_DBG, digest_count);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ OPENSSL_free(hw_cnids);
-+ OPENSSL_free(hw_dnids);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
-+ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
-+ int *local_cipher_nids, int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if ((mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT))
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(ciphers[id].nid, hw_cnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_cipher_nids[(*current_slot_n_cipher)++] =
-+ ciphers[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if (mech_info.flags & CKF_DIGEST)
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(digests[id].nid, hw_dnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_digest_nids[(*current_slot_n_digest)++] =
-+ digests[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+/* create a new NID when we have no OID for that mechanism */
-+static int pk11_add_NID(char *sn, char *ln)
-+ {
-+ ASN1_OBJECT *o;
-+ int nid;
-+
-+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
-+ 1, sn, ln)) == NULL)
-+ {
-+ return (0);
-+ }
-+
-+ /* will return NID_undef on error */
-+ nid = OBJ_add_object(o);
-+ ASN1_OBJECT_free(o);
-+
-+ return (nid);
-+ }
-+
-+/*
-+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
-+ * have to help ourselves here.
-+ */
-+static int pk11_add_aes_ctr_NIDs(void)
-+ {
-+ /* are we already set? */
-+ if (NID_aes_256_ctr != NID_undef)
-+ return (1);
-+
-+ /*
-+ * There are no official names for AES counter modes yet so we just
-+ * follow the format of those that exist.
-+ */
-+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
-+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
-+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
-+ return (1);
-+
-+err:
-+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
-+ return (0);
-+ }
-+#endif /* SOLARIS_AES_CTR */
-+
-+/* Find what symmetric ciphers this slot supports. */
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; ++i)
-+ {
-+ pk11_get_symmetric_cipher(pflist, current_slot,
-+ ciphers[i].mech_type, current_slot_n_cipher,
-+ local_cipher_nids, ciphers[i].id);
-+ }
-+ }
-+
-+/* Find what digest algorithms this slot supports. */
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; ++i)
-+ {
-+ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
-+ current_slot_n_digest, local_digest_nids, digests[i].id);
-+ }
-+ }
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * It would be great if we could use pkcs11_kernel directly since this library
-+ * offers hardware slots only. That's the easiest way to achieve the situation
-+ * where we use the hardware accelerators when present and OpenSSL native code
-+ * otherwise. That presumes the fact that OpenSSL native code is faster than the
-+ * code in the soft token. It's a logical assumption - Crypto Framework has some
-+ * inherent overhead so going there for the software implementation of a
-+ * mechanism should be logically slower in contrast to the OpenSSL native code,
-+ * presuming that both implementations are of similar speed. For example, the
-+ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
-+ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
-+ * that use the PKCS#11 engine by default, we must somehow avoid that regression
-+ * on machines without hardware acceleration. That's why switching to the
-+ * pkcs11_kernel library seems like a very good idea.
-+ *
-+ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
-+ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
-+ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
-+ * library, we would have had a performance regression on machines without
-+ * hardware acceleration for asymmetric operations for all applications that use
-+ * the PKCS#11 engine. There is one such application - Apache web server since
-+ * it's shipped configured to use the PKCS#11 engine by default. Having said
-+ * that, we can't switch to the pkcs11_kernel library now and have to come with
-+ * a solution that, on non-accelerated machines, uses the OpenSSL native code
-+ * for all symmetric ciphers and digests while it uses the soft token for
-+ * asymmetric operations.
-+ *
-+ * This is the idea: dlopen() pkcs11_kernel directly and find out what
-+ * mechanisms are there. We don't care about duplications (more slots can
-+ * support the same mechanism), we just want to know what mechanisms can be
-+ * possibly supported in hardware on that particular machine. As said before,
-+ * pkcs11_kernel will show you hardware providers only.
-+ *
-+ * Then, we rely on the fact that since we use libpkcs11 library we will find
-+ * the metaslot. When we go through the metaslot's mechanisms for symmetric
-+ * ciphers and digests, we check that any found mechanism is in the table
-+ * created using the pkcs11_kernel library. So, as a result we have two arrays
-+ * of mechanisms that were advertised as supported in hardware which was the
-+ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
-+ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
-+ * information.
-+ *
-+ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
-+ * the code won't be used.
-+ */
-+#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
-+static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
-+#else
-+static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
-+#endif
-+
-+/*
-+ * Check hardware capabilities of the machines. The output are two lists,
-+ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
-+ * providers together. They are not sorted and may contain duplicate mechanisms.
-+ */
-+static int check_hw_mechanisms(void)
-+ {
-+ int i;
-+ CK_RV rv;
-+ void *handle;
-+ CK_C_GetFunctionList p;
-+ CK_TOKEN_INFO token_info;
-+ CK_ULONG ulSlotCount = 0;
-+ int n_cipher = 0, n_digest = 0;
-+ CK_FUNCTION_LIST_PTR pflist = NULL;
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
-+ int hw_ctable_size, hw_dtable_size;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
-+ PK11_DBG);
-+#endif
-+ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ if ((p = (CK_C_GetFunctionList)dlsym(handle,
-+ PK11_GET_FUNCTION_LIST)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ if (p(&pflist) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /* no slots, set the hw mechanism tables as empty */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
-+#endif
-+ hw_cnids = OPENSSL_malloc(sizeof (int));
-+ hw_dnids = OPENSSL_malloc(sizeof (int));
-+ if (hw_cnids == NULL || hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ /* this means empty tables */
-+ hw_cnids[0] = NID_undef;
-+ hw_dnids[0] = NID_undef;
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the slot list for processing */
-+ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /*
-+ * We don't care about duplicit mechanisms in multiple slots and also
-+ * reserve one slot for the terminal NID_undef which we use to stop the
-+ * search.
-+ */
-+ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
-+ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
-+ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
-+ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
-+ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * Do not use memset since we should not rely on the fact that NID_undef
-+ * is zero now.
-+ */
-+ for (i = 0; i < hw_ctable_size; ++i)
-+ tmp_hw_cnids[i] = NID_undef;
-+ for (i = 0; i < hw_dtable_size; ++i)
-+ tmp_hw_dnids[i] = NID_undef;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
-+ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
-+ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
-+ PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * We are filling the hw mech tables here. Global tables are
-+ * still NULL so all mechanisms are put into tmp tables.
-+ */
-+ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
-+ &n_cipher, tmp_hw_cnids);
-+ pk11_find_digests(pflist, pSlotList[i],
-+ &n_digest, tmp_hw_dnids);
-+ }
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects. Also, C_Finalize() is triggered by
-+ * dlclose(3C).
-+ */
-+#if 0
-+ pflist->C_Finalize(NULL);
-+#endif
-+ OPENSSL_free(pSlotList);
-+ (void) dlclose(handle);
-+ hw_cnids = tmp_hw_cnids;
-+ hw_dnids = tmp_hw_dnids;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+
-+err:
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+ if (tmp_hw_cnids != NULL)
-+ OPENSSL_free(tmp_hw_cnids);
-+ if (tmp_hw_dnids != NULL)
-+ OPENSSL_free(tmp_hw_dnids);
-+
-+ return (0);
-+ }
-+
-+/*
-+ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
-+ * non-existent).
-+ */
-+static int nid_in_table(int nid, int *nid_table)
-+ {
-+ int i = 0;
-+
-+ /*
-+ * a special case. NULL means that we are initializing a new
-+ * table.
-+ */
-+ if (nid_table == NULL)
-+ return (1);
-+
-+ /*
-+ * the table is never full, there is always at least one
-+ * NID_undef.
-+ */
-+ while (nid_table[i] != NID_undef)
-+ {
-+ if (nid_table[i++] == nid)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+ }
-+
-+ return (0);
-+ }
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11_err.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
---- /dev/null Tue Jun 19 16:23:56 2012
-+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
-@@ -0,0 +1,288 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_err.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/err.h>
-+#include "hw_pk11_err.h"
-+
-+/* BEGIN ERROR CODES */
-+#ifndef OPENSSL_NO_ERR
-+static ERR_STRING_DATA pk11_str_functs[]=
-+{
-+{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
-+{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
-+{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
-+{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
-+{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
-+{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
-+{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
-+{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
-+{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
-+{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
-+{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
-+{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
-+{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
-+{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
-+{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
-+{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
-+{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
-+{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
-+{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
-+{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
-+{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
-+{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
-+{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
-+{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
-+{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
-+{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
-+{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
-+{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
-+{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
-+{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
-+{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
-+{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
-+{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
-+{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
-+{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
-+{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
-+{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
-+{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
-+{ 0, NULL}
-+};
-+
-+static ERR_STRING_DATA pk11_str_reasons[]=
-+{
-+{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
-+{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
-+{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
-+{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
-+{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
-+{ PK11_R_INITIALIZE, "C_Initialize failed"},
-+{ PK11_R_FINALIZE, "C_Finalize failed"},
-+{ PK11_R_GETINFO, "C_GetInfo faile"},
-+{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
-+{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
-+{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
-+{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
-+{ PK11_R_NO_MODULUS, "no modulus"},
-+{ PK11_R_NO_EXPONENT, "no exponent"},
-+{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
-+{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
-+{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
-+{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
-+{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
-+{ PK11_R_OPENSESSION, "C_OpenSession failed"},
-+{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
-+{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
-+{ PK11_R_ENCRYPT, "C_Encrypt failed"},
-+{ PK11_R_SIGNINIT, "C_SignInit failed"},
-+{ PK11_R_SIGN, "C_Sign failed"},
-+{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
-+{ PK11_R_DECRYPT, "C_Decrypt failed"},
-+{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
-+{ PK11_R_VERIFY, "C_Verify failed"},
-+{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
-+{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
-+{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
-+{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
-+{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
-+{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
-+{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
-+{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
-+{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
-+{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
-+{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
-+{ PK11_R_MALLOC_FAILURE, "malloc failure"},
-+{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
-+{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
-+{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
-+{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
-+{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
-+{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
-+{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
-+{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
-+{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
-+{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
-+{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
-+{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
-+{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
-+{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
-+{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
-+{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
-+{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
-+{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
-+{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
-+{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
-+{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
-+{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
-+{ PK11_R_ATFORK_FAILED, "atfork() failed" },
-+{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
-+{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
-+{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
-+{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
-+{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
-+{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
-+{ PK11_R_PIPE_FAILED, "pipe() failed" },
-+{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
-+{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
-+{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
-+{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
-+{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
-+{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
-+{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
-+{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
-+{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
-+{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
-+{ PK11_R_MMAP_FAILED, "mmap() failed" },
-+{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
-+{ PK11_R_MLOCK_FAILED, "mlock() failed" },
-+{ PK11_R_FORK_FAILED, "fork() failed" },
-+{ 0, NULL}
-+};
-+#endif /* OPENSSL_NO_ERR */
-+
-+static int pk11_lib_error_code = 0;
-+static int pk11_error_init = 1;
-+
-+static void
-+ERR_load_pk11_strings(void)
-+ {
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+
-+ if (pk11_error_init)
-+ {
-+ pk11_error_init = 0;
-+#ifndef OPENSSL_NO_ERR
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ }
-+}
-+
-+static void
-+ERR_unload_pk11_strings(void)
-+ {
-+ if (pk11_error_init == 0)
-+ {
-+#ifndef OPENSSL_NO_ERR
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ pk11_error_init = 1;
-+ }
-+}
-+
-+void
-+ERR_pk11_error(int function, int reason, char *file, int line)
-+{
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-+}
-+
-+void
-+PK11err_add_data(int function, int reason, CK_RV rv)
-+{
-+ char tmp_buf[20];
-+
-+ PK11err(function, reason);
-+ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
-+ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-+}
-Index: openssl/crypto/engine/hw_pk11_err.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:51:32 2011
-@@ -0,0 +1,440 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#ifndef HW_PK11_ERR_H
-+#define HW_PK11_ERR_H
-+
-+void ERR_pk11_error(int function, int reason, char *file, int line);
-+void PK11err_add_data(int function, int reason, CK_RV rv);
-+#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
-+
-+/* Error codes for the PK11 functions. */
-+
-+/* Function codes. */
-+
-+#define PK11_F_INIT 100
-+#define PK11_F_FINISH 101
-+#define PK11_F_DESTROY 102
-+#define PK11_F_CTRL 103
-+#define PK11_F_RSA_INIT 104
-+#define PK11_F_RSA_FINISH 105
-+#define PK11_F_GET_PUB_RSA_KEY 106
-+#define PK11_F_GET_PRIV_RSA_KEY 107
-+#define PK11_F_RSA_GEN_KEY 108
-+#define PK11_F_RSA_PUB_ENC 109
-+#define PK11_F_RSA_PRIV_ENC 110
-+#define PK11_F_RSA_PUB_DEC 111
-+#define PK11_F_RSA_PRIV_DEC 112
-+#define PK11_F_RSA_SIGN 113
-+#define PK11_F_RSA_VERIFY 114
-+#define PK11_F_RAND_ADD 115
-+#define PK11_F_RAND_BYTES 116
-+#define PK11_F_GET_SESSION 117
-+#define PK11_F_FREE_SESSION 118
-+#define PK11_F_LOAD_PUBKEY 119
-+#define PK11_F_LOAD_PRIVKEY 120
-+#define PK11_F_RSA_PUB_ENC_LOW 121
-+#define PK11_F_RSA_PRIV_ENC_LOW 122
-+#define PK11_F_RSA_PUB_DEC_LOW 123
-+#define PK11_F_RSA_PRIV_DEC_LOW 124
-+#define PK11_F_DSA_SIGN 125
-+#define PK11_F_DSA_VERIFY 126
-+#define PK11_F_DSA_INIT 127
-+#define PK11_F_DSA_FINISH 128
-+#define PK11_F_GET_PUB_DSA_KEY 129
-+#define PK11_F_GET_PRIV_DSA_KEY 130
-+#define PK11_F_DH_INIT 131
-+#define PK11_F_DH_FINISH 132
-+#define PK11_F_MOD_EXP_DH 133
-+#define PK11_F_GET_DH_KEY 134
-+#define PK11_F_FREE_ALL_SESSIONS 135
-+#define PK11_F_SETUP_SESSION 136
-+#define PK11_F_DESTROY_OBJECT 137
-+#define PK11_F_CIPHER_INIT 138
-+#define PK11_F_CIPHER_DO_CIPHER 139
-+#define PK11_F_GET_CIPHER_KEY 140
-+#define PK11_F_DIGEST_INIT 141
-+#define PK11_F_DIGEST_UPDATE 142
-+#define PK11_F_DIGEST_FINAL 143
-+#define PK11_F_CHOOSE_SLOT 144
-+#define PK11_F_CIPHER_FINAL 145
-+#define PK11_F_LIBRARY_INIT 146
-+#define PK11_F_LOAD 147
-+#define PK11_F_DH_GEN_KEY 148
-+#define PK11_F_DH_COMP_KEY 149
-+#define PK11_F_DIGEST_COPY 150
-+#define PK11_F_CIPHER_CLEANUP 151
-+#define PK11_F_ACTIVE_ADD 152
-+#define PK11_F_ACTIVE_DELETE 153
-+#define PK11_F_CHECK_HW_MECHANISMS 154
-+#define PK11_F_INIT_SYMMETRIC 155
-+#define PK11_F_ADD_AES_CTR_NIDS 156
-+#define PK11_F_INIT_ALL_LOCKS 157
-+#define PK11_F_RETURN_SESSION 158
-+#define PK11_F_GET_PIN 159
-+#define PK11_F_FIND_ONE_OBJECT 160
-+#define PK11_F_CHECK_TOKEN_ATTRS 161
-+#define PK11_F_CACHE_PIN 162
-+#define PK11_F_MLOCK_PIN_IN_MEMORY 163
-+#define PK11_F_TOKEN_LOGIN 164
-+#define PK11_F_TOKEN_RELOGIN 165
-+#define PK11_F_RUN_ASKPASS 166
-+
-+/* Reason codes. */
-+#define PK11_R_ALREADY_LOADED 100
-+#define PK11_R_DSO_FAILURE 101
-+#define PK11_R_NOT_LOADED 102
-+#define PK11_R_PASSED_NULL_PARAMETER 103
-+#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
-+#define PK11_R_INITIALIZE 105
-+#define PK11_R_FINALIZE 106
-+#define PK11_R_GETINFO 107
-+#define PK11_R_GETSLOTLIST 108
-+#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
-+#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
-+#define PK11_R_GETATTRIBUTVALUE 111
-+#define PK11_R_NO_MODULUS 112
-+#define PK11_R_NO_EXPONENT 113
-+#define PK11_R_FINDOBJECTSINIT 114
-+#define PK11_R_FINDOBJECTS 115
-+#define PK11_R_FINDOBJECTSFINAL 116
-+#define PK11_R_CREATEOBJECT 118
-+#define PK11_R_DESTROYOBJECT 119
-+#define PK11_R_OPENSESSION 120
-+#define PK11_R_CLOSESESSION 121
-+#define PK11_R_ENCRYPTINIT 122
-+#define PK11_R_ENCRYPT 123
-+#define PK11_R_SIGNINIT 124
-+#define PK11_R_SIGN 125
-+#define PK11_R_DECRYPTINIT 126
-+#define PK11_R_DECRYPT 127
-+#define PK11_R_VERIFYINIT 128
-+#define PK11_R_VERIFY 129
-+#define PK11_R_VERIFYRECOVERINIT 130
-+#define PK11_R_VERIFYRECOVER 131
-+#define PK11_R_GEN_KEY 132
-+#define PK11_R_SEEDRANDOM 133
-+#define PK11_R_GENERATERANDOM 134
-+#define PK11_R_INVALID_MESSAGE_LENGTH 135
-+#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
-+#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
-+#define PK11_R_UNKNOWN_PADDING_TYPE 138
-+#define PK11_R_PADDING_CHECK_FAILED 139
-+#define PK11_R_DIGEST_TOO_BIG 140
-+#define PK11_R_MALLOC_FAILURE 141
-+#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
-+#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
-+#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
-+#define PK11_R_MISSING_KEY_COMPONENT 145
-+#define PK11_R_INVALID_SIGNATURE_LENGTH 146
-+#define PK11_R_INVALID_DSA_SIGNATURE_R 147
-+#define PK11_R_INVALID_DSA_SIGNATURE_S 148
-+#define PK11_R_INCONSISTENT_KEY 149
-+#define PK11_R_ENCRYPTUPDATE 150
-+#define PK11_R_DECRYPTUPDATE 151
-+#define PK11_R_DIGESTINIT 152
-+#define PK11_R_DIGESTUPDATE 153
-+#define PK11_R_DIGESTFINAL 154
-+#define PK11_R_ENCRYPTFINAL 155
-+#define PK11_R_DECRYPTFINAL 156
-+#define PK11_R_NO_PRNG_SUPPORT 157
-+#define PK11_R_GETTOKENINFO 158
-+#define PK11_R_DERIVEKEY 159
-+#define PK11_R_GET_OPERATION_STATE 160
-+#define PK11_R_SET_OPERATION_STATE 161
-+#define PK11_R_INVALID_HANDLE 162
-+#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
-+#define PK11_R_INVALID_OPERATION_TYPE 164
-+#define PK11_R_ADD_NID_FAILED 165
-+#define PK11_R_ATFORK_FAILED 166
-+
-+#define PK11_R_TOKEN_LOGIN_FAILED 167
-+#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
-+#define PK11_R_INVALID_PKCS11_URI 169
-+#define PK11_R_COULD_NOT_READ_PIN 170
-+#define PK11_R_COULD_NOT_OPEN_COMMAND 171
-+#define PK11_R_PIPE_FAILED 172
-+#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
-+#define PK11_R_BAD_PASSPHRASE_SPEC 174
-+#define PK11_R_TOKEN_NOT_INITIALIZED 175
-+#define PK11_R_TOKEN_PIN_NOT_SET 176
-+#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
-+#define PK11_R_MISSING_OBJECT_LABEL 178
-+#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
-+#define PK11_R_PRIV_KEY_NOT_FOUND 180
-+#define PK11_R_NO_OBJECT_FOUND 181
-+#define PK11_R_PIN_CACHING_POLICY_INVALID 182
-+#define PK11_R_SYSCONF_FAILED 183
-+#define PK11_R_MMAP_FAILED 183
-+#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
-+#define PK11_R_MLOCK_FAILED 185
-+#define PK11_R_FORK_FAILED 186
-+
-+/* max byte length of a symetric key we support */
-+#define PK11_KEY_LEN_MAX 32
-+
-+#ifdef NOPTHREADS
-+/*
-+ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
-+ * free_session list and active_list but generally serves as a global
-+ * per-process lock for the whole engine.
-+ *
-+ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
-+ * the global engine lock. This is not optimal w.r.t. performance but
-+ * it's safe.
-+ */
-+#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
-+#endif
-+
-+/*
-+ * This structure encapsulates all reusable information for a PKCS#11
-+ * session. A list of these objects is created on behalf of the
-+ * calling application using an on-demand method. Each operation
-+ * type (see PK11_OPTYPE below) has its own per-process list.
-+ * Each of the lists is basically a cache for faster PKCS#11 object
-+ * access to avoid expensive C_Find{,Init,Final}Object() calls.
-+ *
-+ * When a new request comes in, an object will be taken from the list
-+ * (if there is one) or a new one is created to handle the request
-+ * (if the list is empty). See pk11_get_session() on how it is done.
-+ */
-+typedef struct PK11_st_SESSION
-+ {
-+ struct PK11_st_SESSION *next;
-+ CK_SESSION_HANDLE session; /* PK11 session handle */
-+ pid_t pid; /* Current process ID */
-+ CK_BBOOL pub_persistent; /* is pub key in keystore? */
-+ CK_BBOOL priv_persistent;/* is priv key in keystore? */
-+ union
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
-+ RSA *rsa_pub; /* pub key addr */
-+ BIGNUM *rsa_n_num; /* pub modulus */
-+ BIGNUM *rsa_e_num; /* pub exponent */
-+ RSA *rsa_priv; /* priv key addr */
-+ BIGNUM *rsa_pn_num; /* pub modulus */
-+ BIGNUM *rsa_pe_num; /* pub exponent */
-+ BIGNUM *rsa_d_num; /* priv exponent */
-+ } u_RSA;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
-+ DSA *dsa_pub; /* pub key addr */
-+ BIGNUM *dsa_pub_num; /* pub key */
-+ DSA *dsa_priv; /* priv key addr */
-+ BIGNUM *dsa_priv_num; /* priv key */
-+ } u_DSA;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dh_key; /* key handle */
-+ DH *dh; /* dh key addr */
-+ BIGNUM *dh_priv_num; /* priv dh key */
-+ } u_DH;
-+#endif /* OPENSSL_NO_DH */
-+ struct
-+ {
-+ CK_OBJECT_HANDLE cipher_key; /* key handle */
-+ unsigned char key[PK11_KEY_LEN_MAX];
-+ int key_len; /* priv key len */
-+ int encrypt; /* 1/0 enc/decr */
-+ } u_cipher;
-+ } opdata_u;
-+ } PK11_SESSION;
-+
-+#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
-+#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
-+#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
-+#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
-+#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
-+#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
-+#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
-+#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
-+#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
-+#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
-+#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
-+#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
-+#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
-+#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
-+#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
-+#define opdata_dh_key opdata_u.u_DH.dh_key
-+#define opdata_dh opdata_u.u_DH.dh
-+#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
-+#define opdata_cipher_key opdata_u.u_cipher.cipher_key
-+#define opdata_key opdata_u.u_cipher.key
-+#define opdata_key_len opdata_u.u_cipher.key_len
-+#define opdata_encrypt opdata_u.u_cipher.encrypt
-+
-+/*
-+ * We have 3 different groups of operation types:
-+ * 1) asymmetric operations
-+ * 2) random operations
-+ * 3) symmetric and digest operations
-+ *
-+ * This division into groups stems from the fact that it's common that hardware
-+ * providers may support operations from one group only. For example, hardware
-+ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
-+ * only a single group of operations.
-+ *
-+ * For every group a different slot can be chosen. That means that we must have
-+ * at least 3 different lists of cached PKCS#11 sessions since sessions from
-+ * different groups may be initialized in different slots.
-+ *
-+ * To provide locking granularity in multithreaded environment, the groups are
-+ * further splitted into types with each type having a separate session cache.
-+ */
-+typedef enum PK11_OPTYPE_ENUM
-+ {
-+ OP_RAND,
-+ OP_RSA,
-+ OP_DSA,
-+ OP_DH,
-+ OP_CIPHER,
-+ OP_DIGEST,
-+ OP_MAX
-+ } PK11_OPTYPE;
-+
-+/*
-+ * This structure contains the heads of the lists forming the object caches
-+ * and locks associated with the lists.
-+ */
-+typedef struct PK11_st_CACHE
-+ {
-+ PK11_SESSION *head;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *lock;
-+#endif
-+ } PK11_CACHE;
-+
-+/* structure for tracking handles of asymmetric key objects */
-+typedef struct PK11_active_st
-+ {
-+ CK_OBJECT_HANDLE h;
-+ unsigned int refcnt;
-+ struct PK11_active_st *prev;
-+ struct PK11_active_st *next;
-+ } PK11_active;
-+
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *find_lock[];
-+#endif
-+extern PK11_active *active_list[];
-+/*
-+ * These variables are specific for the RSA keys by reference code. See
-+ * hw_pk11_pub.c for explanation.
-+ */
-+extern CK_FLAGS pubkey_token_flags;
-+
-+#ifndef NOPTHREADS
-+#define LOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_lock(find_lock[alg_type])
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_unlock(find_lock[alg_type])
-+#else
-+#define LOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
-+#endif
-+
-+extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+extern int pk11_token_relogin(CK_SESSION_HANDLE session);
-+
-+#ifndef OPENSSL_NO_RSA
-+extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern RSA_METHOD *PK11_RSA(void);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DSA_METHOD *PK11_DSA(void);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DH_METHOD *PK11_DH(void);
-+#endif /* OPENSSL_NO_DH */
-+
-+extern CK_FUNCTION_LIST_PTR pFuncList;
-+
-+#endif /* HW_PK11_ERR_H */
-Index: openssl/crypto/engine/hw_pk11_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:24 2012
-@@ -0,0 +1,3530 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif /* OPENSSL_NO_DH */
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+#ifndef OPENSSL_NO_RSA
-+/* RSA stuff */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_init(RSA *rsa);
-+static int pk11_RSA_finish(RSA *rsa);
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#else
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#endif
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+#endif
-+
-+/* DSA stuff */
-+#ifndef OPENSSL_NO_DSA
-+static int pk11_DSA_init(DSA *dsa);
-+static int pk11_DSA_finish(DSA *dsa);
-+static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa);
-+static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
-+
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
-+#endif
-+
-+/* DH stuff */
-+#ifndef OPENSSL_NO_DH
-+static int pk11_DH_init(DH *dh);
-+static int pk11_DH_finish(DH *dh);
-+static int pk11_DH_generate_key(DH *dh);
-+static int pk11_DH_compute_key(unsigned char *key,
-+ const BIGNUM *pub_key, DH *dh);
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
-+ BIGNUM **priv_key, CK_SESSION_HANDLE session);
-+
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
-+#endif
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa =
-+ {
-+ "PKCS#11 RSA method",
-+ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
-+ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
-+ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
-+ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
-+ NULL, /* rsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_RSA_init, /* init */
-+ pk11_RSA_finish, /* finish */
-+ RSA_FLAG_SIGN_VER, /* flags */
-+ NULL, /* app_data */
-+ pk11_RSA_sign, /* rsa_sign */
-+ pk11_RSA_verify /* rsa_verify */
-+ };
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ return (&pk11_rsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Our internal DSA_METHOD that we provide pointers to */
-+static DSA_METHOD pk11_dsa =
-+ {
-+ "PKCS#11 DSA method",
-+ pk11_dsa_do_sign, /* dsa_do_sign */
-+ NULL, /* dsa_sign_setup */
-+ pk11_dsa_do_verify, /* dsa_do_verify */
-+ NULL, /* dsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_DSA_init, /* init */
-+ pk11_DSA_finish, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+ };
-+
-+DSA_METHOD *
-+PK11_DSA(void)
-+ {
-+ return (&pk11_dsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DH
-+/*
-+ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
-+ * output buffer may somewhat exceed the precise number of bytes needed, but
-+ * should not exceed it by a large amount. That may be caused, for example, by
-+ * rounding it up to multiple of X in the underlying bignum library. 8 should be
-+ * enough.
-+ */
-+#define DH_BUF_RESERVE 8
-+
-+/* Our internal DH_METHOD that we provide pointers to */
-+static DH_METHOD pk11_dh =
-+ {
-+ "PKCS#11 DH method",
-+ pk11_DH_generate_key, /* generate_key */
-+ pk11_DH_compute_key, /* compute_key */
-+ NULL, /* bn_mod_exp */
-+ pk11_DH_init, /* init */
-+ pk11_DH_finish, /* finish */
-+ 0, /* flags */
-+ NULL, /* app_data */
-+ NULL /* generate_params */
-+ };
-+
-+DH_METHOD *
-+PK11_DH(void)
-+ {
-+ return (&pk11_dh);
-+ }
-+#endif
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+/* Lengths of DSA data and signature */
-+#define DSA_DATA_LEN 20
-+#define DSA_SIGNATURE_LEN 40
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+#ifndef OPENSSL_NO_RSA
-+/*
-+ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
-+ * support all paddings in this engine although PK11 library does not
-+ * support all the paddings used in OpenSSL.
-+ * The input errors should have been checked in the padding functions.
-+ */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ i = RSA_padding_add_SSLv23(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+
-+/*
-+ * Similar to Openssl to take advantage of the paddings. The input errors
-+ * should be catched in the padding functions
-+ */
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ case RSA_SSLV23_PADDING:
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int j, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+
-+ num = BN_num_bytes(rsa->n);
-+
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ /* make data into a big number */
-+ if (BN_bin2bn(from, (int)flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's paddings here.
-+ */
-+ for (j = 0; j < r; j++)
-+ if (buf[j] != 0)
-+ break;
-+
-+ p = buf + j;
-+ j = r - j; /* j is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ r = RSA_padding_check_SSLv23(to, num, p, j, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, j, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int i, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+ num = BN_num_bytes(rsa->n);
-+ buf = (unsigned char *)OPENSSL_malloc(num);
-+ if (buf == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ if (BN_bin2bn(from, flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's here
-+ */
-+ for (i = 0; i < r; i++)
-+ if (buf[i] != 0)
-+ break;
-+
-+ p = buf + i;
-+ i = r - i; /* i is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, i, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/*
-+ * This function implements RSA public encryption using C_EncryptInit and
-+ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_encrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Encrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_encrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_encrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private encryption using C_SignInit and
-+ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG ul_sig_len = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ {
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
-+ PK11_R_SIGNINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char *)from, flen, to, &ul_sig_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
-+ rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ retval = ul_sig_len;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private decryption using C_DecryptInit and
-+ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Decrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA public decryption using C_VerifyRecoverInit
-+ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyRecoverInit(sp->session,
-+ p_mech, h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVERINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_VerifyRecover(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVER, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+static int pk11_RSA_init(RSA *rsa)
-+ {
-+ /*
-+ * This flag in the RSA_METHOD enables the new rsa_sign,
-+ * rsa_verify functions. See rsa.h for details.
-+ */
-+ rsa->flags |= RSA_FLAG_SIGN_VER;
-+
-+ return (1);
-+ }
-+
-+static int pk11_RSA_finish(RSA *rsa)
-+ {
-+ /*
-+ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
-+ * to do the same as in the original function, i.e. to free bignum
-+ * structures.
-+ */
-+ if (rsa->_method_mod_n != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_n);
-+ if (rsa->_method_mod_p != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_p);
-+ if (rsa->_method_mod_q != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_q);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#else
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#endif
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto err;
-+ }
-+ rv = pFuncList->C_Verify(sp->session, s, i,
-+ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* The DSA function implementation */
-+/* ARGSUSED */
-+static int pk11_DSA_init(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DSA_finish(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+
-+static DSA_SIG *
-+pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-+ {
-+ BIGNUM *r = NULL, *s = NULL;
-+ int i;
-+ DSA_SIG *dsa_sig = NULL;
-+
-+ CK_RV rv;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+
-+ /*
-+ * The signature is the concatenation of r and s,
-+ * each is 20 bytes long
-+ */
-+ unsigned char sigret[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_priv(sp, dsa);
-+
-+ h_priv_key = sp->opdata_dsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_dsa_priv_key =
-+ pk11_get_private_dsa_key((DSA *)dsa,
-+ &sp->opdata_dsa_priv,
-+ &sp->opdata_dsa_priv_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto ret;
-+ }
-+
-+ (void) memset(sigret, 0, siglen);
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char*) dgst, dlen, sigret,
-+ (CK_ULONG_PTR) &siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
-+ goto ret;
-+ }
-+ }
-+
-+
-+ if ((s = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((r = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((dsa_sig = DSA_SIG_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
-+ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ dsa_sig->r = r;
-+ dsa_sig->s = s;
-+
-+ret:
-+ if (dsa_sig == NULL)
-+ {
-+ if (r != NULL)
-+ BN_free(r);
-+ if (s != NULL)
-+ BN_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (dsa_sig);
-+ }
-+
-+static int
-+pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
-+ DSA *dsa)
-+ {
-+ int i;
-+ CK_RV rv;
-+ int retval = 0;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+
-+ unsigned char sigbuf[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_R);
-+ goto ret;
-+ }
-+
-+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_S);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_pub(sp, dsa);
-+
-+ h_pub_key = sp->opdata_dsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_dsa_pub_key =
-+ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
-+ &sp->opdata_dsa_pub_num, sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto ret;
-+ }
-+
-+ /*
-+ * The representation of each of the two big numbers could
-+ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
-+ * to act accordingly and shift if necessary.
-+ */
-+ (void) memset(sigbuf, 0, siglen);
-+ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
-+ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
-+ BN_num_bytes(sig->s));
-+
-+ rv = pFuncList->C_Verify(sp->session,
-+ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto ret;
-+ }
-+ }
-+
-+ retval = 1;
-+ret:
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * Create a public key object in a session from a given dsa structure.
-+ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ if (init_template_value(dsa->p, &a_key_template[4].pValue,
-+ &a_key_template[4].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_pub_num != NULL)
-+ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ for (i = 4; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given dsa structure
-+ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ int i;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 9;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(dsa->p, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_priv_num != NULL)
-+ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ /*
-+ * 5 to 8 entries in the key template are key components.
-+ * They need to be freed apon exit or error.
-+ */
-+ for (i = 5; i <= 8; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only public key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_pub != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only private key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_priv != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+
-+#ifndef OPENSSL_NO_DH
-+/* The DH function implementation */
-+/* ARGSUSED */
-+static int pk11_DH_init(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DH_finish(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/*
-+ * Generate DH key-pair.
-+ *
-+ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
-+ * and override it even if it is set. OpenSSL does not touch dh->priv_key
-+ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
-+ * is not capable of providing this functionality. This could be a problem
-+ * for applications relying on OpenSSL's semantics.
-+ */
-+static int pk11_DH_generate_key(DH *dh)
-+ {
-+ CK_ULONG i;
-+ CK_RV rv, rv1;
-+ int reuse_mem_len = 0, ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ CK_BYTE_PTR reuse_mem;
-+
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_pub_key_attr_count = 3;
-+ CK_ATTRIBUTE pub_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *)NULL, 0},
-+ {CKA_BASE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG ul_priv_key_attr_count = 3;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_SENSITIVE, &false, sizeof (false)},
-+ {CKA_DERIVE, &true, sizeof (true)}
-+ };
-+
-+ CK_ULONG pub_key_attr_result_count = 1;
-+ CK_ATTRIBUTE pub_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
-+ if (pub_key_template[1].ulValueLen > 0)
-+ {
-+ /*
-+ * We must not increase ulValueLen by DH_BUF_RESERVE since that
-+ * could cause the same rounding problem. See definition of
-+ * DH_BUF_RESERVE above.
-+ */
-+ pub_key_template[1].pValue =
-+ OPENSSL_malloc(pub_key_template[1].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[1].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
-+ if (pub_key_template[2].ulValueLen > 0)
-+ {
-+ pub_key_template[2].pValue =
-+ OPENSSL_malloc(pub_key_template[2].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[2].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ /*
-+ * Note: we are only using PK11_SESSION structure for getting
-+ * a session handle. The objects created in this function are
-+ * destroyed before return and thus not cached.
-+ */
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ rv = pFuncList->C_GenerateKeyPair(sp->session,
-+ &mechanism,
-+ pub_key_template,
-+ ul_pub_key_attr_count,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_pub_key,
-+ &h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Reuse the larger memory allocated. We know the larger memory
-+ * should be sufficient for reuse.
-+ */
-+ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
-+ {
-+ reuse_mem = pub_key_template[1].pValue;
-+ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
-+ }
-+ else
-+ {
-+ reuse_mem = pub_key_template[2].pValue;
-+ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK || rv1 != CKR_OK)
-+ {
-+ rv = (rv != CKR_OK) ? rv : rv1;
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
-+ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+
-+ /* Reuse the memory allocated */
-+ pub_key_result[0].pValue = reuse_mem;
-+ pub_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (pub_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->pub_key == NULL)
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
-+ pub_key_result[0].ulValueLen, dh->pub_key);
-+ if (dh->pub_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ /* Reuse the memory allocated */
-+ priv_key_result[0].pValue = reuse_mem;
-+ priv_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->priv_key == NULL)
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
-+ priv_key_result[0].ulValueLen, dh->priv_key);
-+ if (dh->priv_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ ret = 1;
-+
-+err:
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ for (i = 1; i <= 2; i++)
-+ {
-+ if (pub_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(pub_key_template[i].pValue);
-+ pub_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh)
-+ {
-+ unsigned int i;
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
-+ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
-+ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
-+ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_priv_key_attr_count = 2;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_RV rv;
-+ int ret = -1;
-+ PK11_SESSION *sp = NULL;
-+
-+ if (dh->priv_key == NULL)
-+ goto err;
-+
-+ priv_key_template[0].pValue = &key_class;
-+ priv_key_template[1].pValue = &key_type;
-+
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ mechanism.ulParameterLen = BN_num_bytes(pub_key);
-+ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
-+ if (mechanism.pParameter == NULL)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ BN_bn2bin(pub_key, mechanism.pParameter);
-+
-+ (void) check_new_dh_key(sp, dh);
-+
-+ h_key = sp->opdata_dh_key;
-+ if (h_key == CK_INVALID_HANDLE)
-+ h_key = sp->opdata_dh_key =
-+ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
-+ &sp->opdata_dh_priv_num, sp->session);
-+
-+ if (h_key == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_DeriveKey(sp->session,
-+ &mechanism,
-+ h_key,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+ priv_key_result[0].pValue =
-+ OPENSSL_malloc(priv_key_result[0].ulValueLen);
-+ if (!priv_key_result[0].pValue)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * OpenSSL allocates the output buffer 'key' which is the same
-+ * length of the public key. It is long enough for the derived key
-+ */
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ /*
-+ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
-+ * leading zeros from a computed shared secret. However,
-+ * OpenSSL always did it so we must do the same here. The
-+ * vagueness of the spec regarding leading zero bytes was
-+ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
-+ * zeros are stripped before the computed data is used as the
-+ * pre-master secret.
-+ */
-+ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
-+ {
-+ if (((char *)priv_key_result[0].pValue)[i] != 0)
-+ break;
-+ }
-+
-+ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
-+ priv_key_result[0].ulValueLen - i);
-+ ret = priv_key_result[0].ulValueLen - i;
-+ }
-+
-+err:
-+
-+ if (h_derived_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+ if (priv_key_result[0].pValue)
-+ {
-+ OPENSSL_free(priv_key_result[0].pValue);
-+ priv_key_result[0].pValue = NULL;
-+ }
-+
-+ if (mechanism.pParameter)
-+ {
-+ OPENSSL_free(mechanism.pParameter);
-+ mechanism.pParameter = NULL;
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
-+ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE key_type = CKK_DH;
-+ CK_ULONG found;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ULONG ul_key_attr_count = 7;
-+ CK_ATTRIBUTE key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ {CKA_DERIVE, &true, sizeof (true)},
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *) NULL, 0},
-+ {CKA_BASE, (void *) NULL, 0},
-+ {CKA_VALUE, (void *) NULL, 0},
-+ };
-+
-+ key_template[0].pValue = &class;
-+ key_template[1].pValue = &key_type;
-+
-+ key_template[4].ulValueLen = BN_num_bytes(dh->p);
-+ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[4].ulValueLen);
-+ if (key_template[4].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->p, key_template[4].pValue);
-+
-+ key_template[5].ulValueLen = BN_num_bytes(dh->g);
-+ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[5].ulValueLen);
-+ if (key_template[5].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->g, key_template[5].pValue);
-+
-+ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
-+ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[6].ulValueLen);
-+ if (key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->priv_key, key_template[6].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DH);
-+ rv = pFuncList->C_FindObjectsInit(session, key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dh_priv_num != NULL)
-+ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dh;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DH);
-+
-+malloc_err:
-+ for (i = 4; i <= 6; i++)
-+ {
-+ if (key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(key_template[i].pValue);
-+ key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ *
-+ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
-+ * to CK_INVALID_HANDLE even when it fails to destroy the object.
-+ */
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
-+ {
-+ /*
-+ * Provide protection against DH structure reuse by making the
-+ * check for cache hit stronger. Private key component of DH key
-+ * is unique so it is sufficient to compare it with value cached
-+ * in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dh != dh) ||
-+ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dh_object(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ return (0);
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ return (0);
-+ }
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11ca.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
-+
-+#define token_lock pk11ca_token_lock
-+#define find_lock pk11ca_find_lock
-+#define active_list pk11ca_active_list
-+#define pubkey_token_flags pk11ca_pubkey_token_flags
-+#define pubkey_SLOTID pk11ca_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11ca_error
-+#define PK11err_add_data PK11CAerr_add_data
-+#define pk11_get_session pk11ca_get_session
-+#define pk11_return_session pk11ca_return_session
-+#define pk11_active_add pk11ca_active_add
-+#define pk11_active_delete pk11ca_active_delete
-+#define pk11_active_remove pk11ca_active_remove
-+#define pk11_free_active_list pk11ca_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11ca_load_privkey
-+#define pk11_load_pubkey pk11ca_load_pubkey
-+#define PK11_RSA PK11CA_RSA
-+#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
-+#define PK11_DSA PK11CA_DSA
-+#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11ca_destroy_dh_object
-+#define PK11_DH PK11CA_DH
-+#define pk11_token_relogin pk11ca_token_relogin
-+#define pFuncList pk11ca_pFuncList
-+#define pk11_pin pk11ca_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11ca
-Index: openssl/crypto/engine/hw_pk11so.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:53 2011
-@@ -0,0 +1,1745 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/*#undef DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_DSA
-+#define OPENSSL_NO_DSA
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#define OPENSSL_NO_DH
-+#endif
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.c"
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11CA
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name))
-+ return (0);
-+
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ if (optype == OP_RSA)
-+ {
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_PKCS
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ CK_SLOT_ID current_slot = 0;
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * Check if this slot is capable of signing with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ }
-+
-+ if (!found_candidate_slot && slot_has_rsa)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ /*SLOTID = pSlotList[0];*/
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11so.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
-+
-+#define token_lock pk11so_token_lock
-+#define find_lock pk11so_find_lock
-+#define active_list pk11so_active_list
-+#define pubkey_token_flags pk11so_pubkey_token_flags
-+#define pubkey_SLOTID pk11so_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11so_error
-+#define PK11err_add_data PK11SOerr_add_data
-+#define pk11_get_session pk11so_get_session
-+#define pk11_return_session pk11so_return_session
-+#define pk11_active_add pk11so_active_add
-+#define pk11_active_delete pk11so_active_delete
-+#define pk11_active_remove pk11so_active_remove
-+#define pk11_free_active_list pk11so_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11so_load_privkey
-+#define pk11_load_pubkey pk11so_load_pubkey
-+#define PK11_RSA PK11SO_RSA
-+#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
-+#define PK11_DSA PK11SO_DSA
-+#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11so_destroy_dh_object
-+#define PK11_DH PK11SO_DH
-+#define pk11_token_relogin pk11so_token_relogin
-+#define pFuncList pk11so_pFuncList
-+#define pk11_pin pk11so_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11so
-Index: openssl/crypto/engine/hw_pk11so_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:24 2012
-@@ -0,0 +1,1622 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+/* RSA stuff */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa;
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ const RSA_METHOD *rsa;
-+
-+ if (pk11_rsa.name == NULL)
-+ {
-+ rsa = RSA_PKCS1_SSLeay();
-+ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
-+ pk11_rsa.name = "PKCS#11 RSA method";
-+ pk11_rsa.rsa_sign = pk11_RSA_sign;
-+ }
-+ return (&pk11_rsa);
-+ }
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ return (0);
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ return (0);
-+ }
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/pkcs11.h
-diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,299 @@
-+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+#ifndef _PKCS11_H_
-+#define _PKCS11_H_ 1
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* Before including this file (pkcs11.h) (or pkcs11t.h by
-+ * itself), 6 platform-specific macros must be defined. These
-+ * macros are described below, and typical definitions for them
-+ * are also given. Be advised that these definitions can depend
-+ * on both the platform and the compiler used (and possibly also
-+ * on whether a Cryptoki library is linked statically or
-+ * dynamically).
-+ *
-+ * In addition to defining these 6 macros, the packing convention
-+ * for Cryptoki structures should be set. The Cryptoki
-+ * convention on packing is that structures should be 1-byte
-+ * aligned.
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, this might be done by using the following
-+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(push, cryptoki, 1)
-+ *
-+ * and using the following preprocessor directive after including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(pop, cryptoki)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, this might be done by using
-+ * the following preprocessor directive before including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(1)
-+ *
-+ * In a UNIX environment, you're on your own for this. You might
-+ * not need to do (or be able to do!) anything.
-+ *
-+ *
-+ * Now for the macros:
-+ *
-+ *
-+ * 1. CK_PTR: The indirection string for making a pointer to an
-+ * object. It can be used like this:
-+ *
-+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR far *
-+ *
-+ * In a typical UNIX environment, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ *
-+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
-+ * an exportable Cryptoki library function definition out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion to define the exposed Cryptoki functions in
-+ * a Cryptoki library:
-+ *
-+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * )
-+ * {
-+ * ...
-+ * }
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to define a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllexport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to define a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
-+ * an importable Cryptoki library function declaration out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion:
-+ *
-+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * );
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to declare a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllimport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to declare a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
-+ * which makes a Cryptoki API function pointer declaration or
-+ * function pointer type declaration out of a return type and a
-+ * function name. It should be used in the following fashion:
-+ *
-+ * // Define funcPtr to be a pointer to a Cryptoki API function
-+ * // taking arguments args and returning CK_RV.
-+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
-+ *
-+ * or
-+ *
-+ * // Define funcPtrType to be the type of a pointer to a
-+ * // Cryptoki API function taking arguments args and returning
-+ * // CK_RV, and then define funcPtr to be a variable of type
-+ * // funcPtrType.
-+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
-+ * funcPtrType funcPtr;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to access
-+ * functions in a Win32 Cryptoki .dll, in might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __declspec(dllimport) (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to access functions in a Win16 Cryptoki .dll, it might
-+ * be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __export _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
-+ * a function pointer type for an application callback out of
-+ * a return type for the callback and a name for the callback.
-+ * It should be used in the following fashion:
-+ *
-+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
-+ *
-+ * to declare a function pointer, myCallback, to a callback
-+ * which takes arguments args and returns a CK_RV. It can also
-+ * be used like this:
-+ *
-+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
-+ * myCallbackType myCallback;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to do Win32
-+ * Cryptoki development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to do Win16 development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
-+ *
-+ * In any ANSI/ISO C environment (and in many others as well),
-+ * this should best be defined by
-+ *
-+ * #ifndef NULL_PTR
-+ * #define NULL_PTR 0
-+ * #endif
-+ */
-+
-+
-+/* All the various Cryptoki types and #define'd values are in the
-+ * file pkcs11t.h. */
-+#include "pkcs11t.h"
-+
-+#define __PASTE(x,y) x##y
-+
-+
-+/* ==============================================================
-+ * Define the "extern" form of all the entry points.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ extern CK_DECLARE_FUNCTION(CK_RV, name)
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define the typedef form of all the entry points. That is, for
-+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
-+ * a pointer to that kind of function.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define structed vector of entry points. A CK_FUNCTION_LIST
-+ * contains a CK_VERSION indicating a library's Cryptoki version
-+ * and then a whole slew of function pointers to the routines in
-+ * the library. This type was declared, but not defined, in
-+ * pkcs11t.h.
-+ * ==============================================================
-+ */
-+
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ __PASTE(CK_,name) name;
-+
-+struct CK_FUNCTION_LIST {
-+
-+ CK_VERSION version; /* Cryptoki version */
-+
-+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+};
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+#undef __PASTE
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
-Index: openssl/crypto/engine/pkcs11f.h
-diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,912 @@
-+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* This header file contains pretty much everything about all the */
-+/* Cryptoki function prototypes. Because this information is */
-+/* used for more than just declaring function prototypes, the */
-+/* order of the functions appearing herein is important, and */
-+/* should not be altered. */
-+
-+/* General-purpose */
-+
-+/* C_Initialize initializes the Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Initialize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
-+ * cast to CK_C_INITIALIZE_ARGS_PTR
-+ * and dereferenced */
-+);
-+#endif
-+
-+
-+/* C_Finalize indicates that an application is done with the
-+ * Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Finalize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-+
-+
-+/* C_GetInfo returns general information about Cryptoki. */
-+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_INFO_PTR pInfo /* location that receives information */
-+);
-+#endif
-+
-+
-+/* C_GetFunctionList returns the function list. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
-+ * function list */
-+);
-+#endif
-+
-+
-+
-+/* Slot and token management */
-+
-+/* C_GetSlotList obtains a list of slots in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_BBOOL tokenPresent, /* only slots with tokens? */
-+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
-+ CK_ULONG_PTR pulCount /* receives number of slots */
-+);
-+#endif
-+
-+
-+/* C_GetSlotInfo obtains information about a particular slot in
-+ * the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the ID of the slot */
-+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-+);
-+#endif
-+
-+
-+/* C_GetTokenInfo obtains information about a particular token
-+ * in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismList obtains a list of mechanism types
-+ * supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of token's slot */
-+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
-+ CK_ULONG_PTR pulCount /* gets # of mechs. */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismInfo obtains information about a particular
-+ * mechanism possibly supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_MECHANISM_TYPE type, /* type of mechanism */
-+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
-+);
-+#endif
-+
-+
-+/* C_InitToken initializes a token. */
-+CK_PKCS11_FUNCTION_INFO(C_InitToken)
-+#ifdef CK_NEED_ARG_LIST
-+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
-+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
-+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-+);
-+#endif
-+
-+
-+/* C_InitPIN initializes the normal user's PIN. */
-+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
-+ CK_ULONG ulPinLen /* length in bytes of the PIN */
-+);
-+#endif
-+
-+
-+/* C_SetPIN modifies the PIN of the user who is logged in. */
-+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
-+ CK_ULONG ulOldLen, /* length of the old PIN */
-+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
-+ CK_ULONG ulNewLen /* length of the new PIN */
-+);
-+#endif
-+
-+
-+
-+/* Session management */
-+
-+/* C_OpenSession opens a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the slot's ID */
-+ CK_FLAGS flags, /* from CK_SESSION_INFO */
-+ CK_VOID_PTR pApplication, /* passed to callback */
-+ CK_NOTIFY Notify, /* callback function */
-+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
-+);
-+#endif
-+
-+
-+/* C_CloseSession closes a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CloseAllSessions closes all sessions with a token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID /* the token's slot */
-+);
-+#endif
-+
-+
-+/* C_GetSessionInfo obtains information about the session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_SESSION_INFO_PTR pInfo /* receives session info */
-+);
-+#endif
-+
-+
-+/* C_GetOperationState obtains the state of the cryptographic operation
-+ * in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* gets state */
-+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
-+);
-+#endif
-+
-+
-+/* C_SetOperationState restores the state of the cryptographic
-+ * operation in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* holds state */
-+ CK_ULONG ulOperationStateLen, /* holds state length */
-+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
-+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
-+);
-+#endif
-+
-+
-+/* C_Login logs a user into a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Login)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_USER_TYPE userType, /* the user type */
-+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
-+ CK_ULONG ulPinLen /* the length of the PIN */
-+);
-+#endif
-+
-+
-+/* C_Logout logs a user out from a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Logout)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Object management */
-+
-+/* C_CreateObject creates a new object. */
-+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
-+);
-+#endif
-+
-+
-+/* C_CopyObject copies an object, creating a new object for the
-+ * copy. */
-+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-+);
-+#endif
-+
-+
-+/* C_DestroyObject destroys an object. */
-+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject /* the object's handle */
-+);
-+#endif
-+
-+
-+/* C_GetObjectSize gets the size of an object in bytes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ULONG_PTR pulSize /* receives size of object */
-+);
-+#endif
-+
-+
-+/* C_GetAttributeValue obtains the value of one or more object
-+ * attributes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_SetAttributeValue modifies the value of one or more object
-+ * attributes */
-+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsInit initializes a search for token and session
-+ * objects that match a template. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
-+ CK_ULONG ulCount /* attrs in search template */
-+);
-+#endif
-+
-+
-+/* C_FindObjects continues a search for token and session
-+ * objects that match a template, obtaining additional object
-+ * handles. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
-+ CK_ULONG ulMaxObjectCount, /* max handles to get */
-+ CK_ULONG_PTR pulObjectCount /* actual # returned */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsFinal finishes a search for token and session
-+ * objects. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Encryption and decryption */
-+
-+/* C_EncryptInit initializes an encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
-+);
-+#endif
-+
-+
-+/* C_Encrypt encrypts single-part data. */
-+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pData, /* the plaintext data */
-+ CK_ULONG ulDataLen, /* bytes of plaintext */
-+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptUpdate continues a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext data len */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptFinal finishes a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session handle */
-+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
-+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
-+);
-+#endif
-+
-+
-+/* C_DecryptInit initializes a decryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
-+);
-+#endif
-+
-+
-+/* C_Decrypt decrypts encrypted data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
-+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
-+ CK_BYTE_PTR pData, /* gets plaintext */
-+ CK_ULONG_PTR pulDataLen /* gets p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptUpdate continues a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
-+ CK_ULONG ulEncryptedPartLen, /* input length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptFinal finishes a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pLastPart, /* gets plaintext */
-+ CK_ULONG_PTR pulLastPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+
-+/* Message digesting */
-+
-+/* C_DigestInit initializes a message-digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-+);
-+#endif
-+
-+
-+/* C_Digest digests data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Digest)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* data to be digested */
-+ CK_ULONG ulDataLen, /* bytes of data to digest */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets digest length */
-+);
-+#endif
-+
-+
-+/* C_DigestUpdate continues a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* data to be digested */
-+ CK_ULONG ulPartLen /* bytes of data to be digested */
-+);
-+#endif
-+
-+
-+/* C_DigestKey continues a multi-part message-digesting
-+ * operation, by digesting the value of a secret key as part of
-+ * the data already digested. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hKey /* secret key to digest */
-+);
-+#endif
-+
-+
-+/* C_DigestFinal finishes a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
-+);
-+#endif
-+
-+
-+
-+/* Signing and MACing */
-+
-+/* C_SignInit initializes a signature (private key encryption)
-+ * operation, where the signature is (will be) an appendix to
-+ * the data, and plaintext cannot be recovered from the
-+ *signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of signature key */
-+);
-+#endif
-+
-+
-+/* C_Sign signs (encrypts with private key) data in a single
-+ * part, where the signature is (will be) an appendix to the
-+ * data, and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Sign)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignUpdate continues a multiple-part signature operation,
-+ * where the signature is (will be) an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* the data to sign */
-+ CK_ULONG ulPartLen /* count of bytes to sign */
-+);
-+#endif
-+
-+
-+/* C_SignFinal finishes a multiple-part signature operation,
-+ * returning the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignRecoverInit initializes a signature operation, where
-+ * the data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
-+);
-+#endif
-+
-+
-+/* C_SignRecover signs data in a single operation, where the
-+ * data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+
-+/* Verifying signatures and MACs */
-+
-+/* C_VerifyInit initializes a verification operation, where the
-+ * signature is an appendix to the data, and plaintext cannot
-+ * cannot be recovered from the signature (e.g. DSA). */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_Verify verifies a signature in a single-part operation,
-+ * where the signature is an appendix to the data, and plaintext
-+ * cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Verify)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* signed data */
-+ CK_ULONG ulDataLen, /* length of signed data */
-+ CK_BYTE_PTR pSignature, /* signature */
-+ CK_ULONG ulSignatureLen /* signature length*/
-+);
-+#endif
-+
-+
-+/* C_VerifyUpdate continues a multiple-part verification
-+ * operation, where the signature is an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* signed data */
-+ CK_ULONG ulPartLen /* length of signed data */
-+);
-+#endif
-+
-+
-+/* C_VerifyFinal finishes a multiple-part verification
-+ * operation, checking the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen /* signature length */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecoverInit initializes a signature verification
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecover verifies a signature in a single-part
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen, /* signature length */
-+ CK_BYTE_PTR pData, /* gets signed data */
-+ CK_ULONG_PTR pulDataLen /* gets signed data len */
-+);
-+#endif
-+
-+
-+
-+/* Dual-function cryptographic operations */
-+
-+/* C_DigestEncryptUpdate continues a multiple-part digesting
-+ * and encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptDigestUpdate continues a multiple-part decryption and
-+ * digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
-+);
-+#endif
-+
-+
-+/* C_SignEncryptUpdate continues a multiple-part signing and
-+ * encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
-+ * verify operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets p-text length */
-+);
-+#endif
-+
-+
-+
-+/* Key management */
-+
-+/* C_GenerateKey generates a secret key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
-+ CK_ULONG ulCount, /* # of attrs in template */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
-+);
-+#endif
-+
-+
-+/* C_GenerateKeyPair generates a public-key/private-key pair,
-+ * creating new key objects. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session
-+ * handle */
-+ CK_MECHANISM_PTR pMechanism, /* key-gen
-+ * mech. */
-+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
-+ * for pub.
-+ * key */
-+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
-+ * attrs. */
-+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
-+ * for priv.
-+ * key */
-+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
-+ * attrs. */
-+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
-+ * key
-+ * handle */
-+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
-+ * priv. key
-+ * handle */
-+);
-+#endif
-+
-+
-+/* C_WrapKey wraps (i.e., encrypts) a key. */
-+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
-+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
-+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
-+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
-+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
-+);
-+#endif
-+
-+
-+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
-+ * key object. */
-+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
-+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
-+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
-+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+/* C_DeriveKey derives a key from a base key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
-+ CK_OBJECT_HANDLE hBaseKey, /* base key */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+
-+/* Random number generation */
-+
-+/* C_SeedRandom mixes additional seed material into the token's
-+ * random number generator. */
-+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSeed, /* the seed material */
-+ CK_ULONG ulSeedLen /* length of seed material */
-+);
-+#endif
-+
-+
-+/* C_GenerateRandom generates random data. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR RandomData, /* receives the random data */
-+ CK_ULONG ulRandomLen /* # of bytes to generate */
-+);
-+#endif
-+
-+
-+
-+/* Parallel function management */
-+
-+/* C_GetFunctionStatus is a legacy function; it obtains an
-+ * updated status of a function running in parallel with an
-+ * application. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CancelFunction is a legacy function; it cancels a function
-+ * running in parallel. */
-+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Functions added in for Cryptoki Version 2.01 or later */
-+
-+/* C_WaitForSlotEvent waits for a slot event (token insertion,
-+ * removal, etc.) to occur. */
-+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FLAGS flags, /* blocking/nonblocking flag */
-+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
-+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-Index: openssl/crypto/engine/pkcs11t.h
-diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Tue Jun 19 16:23:57 2012
-+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
-@@ -0,0 +1,1885 @@
-+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* See top of pkcs11.h for information about the macros that
-+ * must be defined and the structure-packing conventions that
-+ * must be set before including this file. */
-+
-+#ifndef _PKCS11T_H_
-+#define _PKCS11T_H_ 1
-+
-+#define CRYPTOKI_VERSION_MAJOR 2
-+#define CRYPTOKI_VERSION_MINOR 20
-+#define CRYPTOKI_VERSION_AMENDMENT 3
-+
-+#define CK_TRUE 1
-+#define CK_FALSE 0
-+
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#ifndef FALSE
-+#define FALSE CK_FALSE
-+#endif
-+
-+#ifndef TRUE
-+#define TRUE CK_TRUE
-+#endif
-+#endif
-+
-+/* an unsigned 8-bit value */
-+typedef unsigned char CK_BYTE;
-+
-+/* an unsigned 8-bit character */
-+typedef CK_BYTE CK_CHAR;
-+
-+/* an 8-bit UTF-8 character */
-+typedef CK_BYTE CK_UTF8CHAR;
-+
-+/* a BYTE-sized Boolean flag */
-+typedef CK_BYTE CK_BBOOL;
-+
-+/* an unsigned value, at least 32 bits long */
-+typedef unsigned long int CK_ULONG;
-+
-+/* a signed value, the same size as a CK_ULONG */
-+/* CK_LONG is new for v2.0 */
-+typedef long int CK_LONG;
-+
-+/* at least 32 bits; each bit is a Boolean flag */
-+typedef CK_ULONG CK_FLAGS;
-+
-+
-+/* some special values for certain CK_ULONG variables */
-+#define CK_UNAVAILABLE_INFORMATION (~0UL)
-+#define CK_EFFECTIVELY_INFINITE 0
-+
-+
-+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
-+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-+typedef void CK_PTR CK_VOID_PTR;
-+
-+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-+
-+
-+/* The following value is always invalid if used as a session */
-+/* handle or object handle */
-+#define CK_INVALID_HANDLE 0
-+
-+
-+typedef struct CK_VERSION {
-+ CK_BYTE major; /* integer portion of version number */
-+ CK_BYTE minor; /* 1/100ths portion of version number */
-+} CK_VERSION;
-+
-+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-+
-+
-+typedef struct CK_INFO {
-+ /* manufacturerID and libraryDecription have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags; /* must be zero */
-+
-+ /* libraryDescription and libraryVersion are new for v2.0 */
-+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
-+ CK_VERSION libraryVersion; /* version of library */
-+} CK_INFO;
-+
-+typedef CK_INFO CK_PTR CK_INFO_PTR;
-+
-+
-+/* CK_NOTIFICATION enumerates the types of notifications that
-+ * Cryptoki provides to an application */
-+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_NOTIFICATION;
-+#define CKN_SURRENDER 0
-+
-+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
-+#define CKN_OTP_CHANGED 1
-+
-+
-+typedef CK_ULONG CK_SLOT_ID;
-+
-+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-+
-+
-+/* CK_SLOT_INFO provides information about a slot */
-+typedef struct CK_SLOT_INFO {
-+ /* slotDescription and manufacturerID have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags;
-+
-+ /* hardwareVersion and firmwareVersion are new for v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+} CK_SLOT_INFO;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-+
-+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-+
-+
-+/* CK_TOKEN_INFO provides information about a token */
-+typedef struct CK_TOKEN_INFO {
-+ /* label, manufacturerID, and model have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR label[32]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_UTF8CHAR model[16]; /* blank padded */
-+ CK_CHAR serialNumber[16]; /* blank padded */
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
-+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
-+ * changed from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulMaxSessionCount; /* max open sessions */
-+ CK_ULONG ulSessionCount; /* sess. now open */
-+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
-+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
-+ CK_ULONG ulMaxPinLen; /* in bytes */
-+ CK_ULONG ulMinPinLen; /* in bytes */
-+ CK_ULONG ulTotalPublicMemory; /* in bytes */
-+ CK_ULONG ulFreePublicMemory; /* in bytes */
-+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
-+ CK_ULONG ulFreePrivateMemory; /* in bytes */
-+
-+ /* hardwareVersion, firmwareVersion, and time are new for
-+ * v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+ CK_CHAR utcTime[16]; /* time */
-+} CK_TOKEN_INFO;
-+
-+/* The flags parameter is defined as follows:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RNG 0x00000001 /* has random #
-+ * generator */
-+#define CKF_WRITE_PROTECTED 0x00000002 /* token is
-+ * write-
-+ * protected */
-+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
-+ * login */
-+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
-+ * PIN is set */
-+
-+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
-+ * that means that *every* time the state of cryptographic
-+ * operations of a session is successfully saved, all keys
-+ * needed to continue those operations are stored in the state */
-+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-+
-+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
-+ * that the token has some sort of clock. The time on that
-+ * clock is returned in the token info structure */
-+#define CKF_CLOCK_ON_TOKEN 0x00000040
-+
-+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
-+ * set, that means that there is some way for the user to login
-+ * without sending a PIN through the Cryptoki library itself */
-+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-+
-+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
-+ * that means that a single session with the token can perform
-+ * dual simultaneous cryptographic operations (digest and
-+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
-+ * and sign) */
-+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-+
-+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
-+ * token has been initialized using C_InitializeToken or an
-+ * equivalent mechanism outside the scope of PKCS #11.
-+ * Calling C_InitializeToken when this flag is set will cause
-+ * the token to be reinitialized. */
-+#define CKF_TOKEN_INITIALIZED 0x00000400
-+
-+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
-+ * true, the token supports secondary authentication for
-+ * private key objects. This flag is deprecated in v2.11 and
-+ onwards. */
-+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
-+
-+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect user login PIN has been entered at least once
-+ * since the last successful authentication. */
-+#define CKF_USER_PIN_COUNT_LOW 0x00010000
-+
-+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect user PIN will it to become locked. */
-+#define CKF_USER_PIN_FINAL_TRY 0x00020000
-+
-+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
-+ * user PIN has been locked. User login to the token is not
-+ * possible. */
-+#define CKF_USER_PIN_LOCKED 0x00040000
-+
-+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the user PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
-+
-+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect SO login PIN has been entered at least once since
-+ * the last successful authentication. */
-+#define CKF_SO_PIN_COUNT_LOW 0x00100000
-+
-+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect SO PIN will it to become locked. */
-+#define CKF_SO_PIN_FINAL_TRY 0x00200000
-+
-+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
-+ * PIN has been locked. SO login to the token is not possible.
-+ */
-+#define CKF_SO_PIN_LOCKED 0x00400000
-+
-+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the SO PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
-+
-+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-+
-+
-+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
-+ * identifies a session */
-+typedef CK_ULONG CK_SESSION_HANDLE;
-+
-+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-+
-+
-+/* CK_USER_TYPE enumerates the types of Cryptoki users */
-+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_USER_TYPE;
-+/* Security Officer */
-+#define CKU_SO 0
-+/* Normal user */
-+#define CKU_USER 1
-+/* Context specific (added in v2.20) */
-+#define CKU_CONTEXT_SPECIFIC 2
-+
-+/* CK_STATE enumerates the session states */
-+/* CK_STATE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_STATE;
-+#define CKS_RO_PUBLIC_SESSION 0
-+#define CKS_RO_USER_FUNCTIONS 1
-+#define CKS_RW_PUBLIC_SESSION 2
-+#define CKS_RW_USER_FUNCTIONS 3
-+#define CKS_RW_SO_FUNCTIONS 4
-+
-+
-+/* CK_SESSION_INFO provides information about a session */
-+typedef struct CK_SESSION_INFO {
-+ CK_SLOT_ID slotID;
-+ CK_STATE state;
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulDeviceError; /* device-dependent error code */
-+} CK_SESSION_INFO;
-+
-+/* The flags are defined in the following table:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-+
-+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-+
-+
-+/* CK_OBJECT_HANDLE is a token-specific identifier for an
-+ * object */
-+typedef CK_ULONG CK_OBJECT_HANDLE;
-+
-+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-+
-+
-+/* CK_OBJECT_CLASS is a value that identifies the classes (or
-+ * types) of objects that Cryptoki recognizes. It is defined
-+ * as follows: */
-+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_OBJECT_CLASS;
-+
-+/* The following classes of objects are defined: */
-+/* CKO_HW_FEATURE is new for v2.10 */
-+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
-+/* CKO_MECHANISM is new for v2.20 */
-+#define CKO_DATA 0x00000000
-+#define CKO_CERTIFICATE 0x00000001
-+#define CKO_PUBLIC_KEY 0x00000002
-+#define CKO_PRIVATE_KEY 0x00000003
-+#define CKO_SECRET_KEY 0x00000004
-+#define CKO_HW_FEATURE 0x00000005
-+#define CKO_DOMAIN_PARAMETERS 0x00000006
-+#define CKO_MECHANISM 0x00000007
-+
-+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
-+#define CKO_OTP_KEY 0x00000008
-+
-+#define CKO_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-+
-+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
-+ * value that identifies the hardware feature type of an object
-+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
-+typedef CK_ULONG CK_HW_FEATURE_TYPE;
-+
-+/* The following hardware feature types are defined */
-+/* CKH_USER_INTERFACE is new for v2.20 */
-+#define CKH_MONOTONIC_COUNTER 0x00000001
-+#define CKH_CLOCK 0x00000002
-+#define CKH_USER_INTERFACE 0x00000003
-+#define CKH_VENDOR_DEFINED 0x80000000
-+
-+/* CK_KEY_TYPE is a value that identifies a key type */
-+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_KEY_TYPE;
-+
-+/* the following key types are defined: */
-+#define CKK_RSA 0x00000000
-+#define CKK_DSA 0x00000001
-+#define CKK_DH 0x00000002
-+
-+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
-+#define CKK_ECDSA 0x00000003
-+#define CKK_EC 0x00000003
-+#define CKK_X9_42_DH 0x00000004
-+#define CKK_KEA 0x00000005
-+
-+#define CKK_GENERIC_SECRET 0x00000010
-+#define CKK_RC2 0x00000011
-+#define CKK_RC4 0x00000012
-+#define CKK_DES 0x00000013
-+#define CKK_DES2 0x00000014
-+#define CKK_DES3 0x00000015
-+
-+/* all these key types are new for v2.0 */
-+#define CKK_CAST 0x00000016
-+#define CKK_CAST3 0x00000017
-+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
-+#define CKK_CAST5 0x00000018
-+#define CKK_CAST128 0x00000018
-+#define CKK_RC5 0x00000019
-+#define CKK_IDEA 0x0000001A
-+#define CKK_SKIPJACK 0x0000001B
-+#define CKK_BATON 0x0000001C
-+#define CKK_JUNIPER 0x0000001D
-+#define CKK_CDMF 0x0000001E
-+#define CKK_AES 0x0000001F
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKK_BLOWFISH 0x00000020
-+#define CKK_TWOFISH 0x00000021
-+
-+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
-+#define CKK_SECURID 0x00000022
-+#define CKK_HOTP 0x00000023
-+#define CKK_ACTI 0x00000024
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_CAMELLIA 0x00000025
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_ARIA 0x00000026
-+
-+
-+#define CKK_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
-+ * type */
-+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_CERTIFICATE_TYPE;
-+
-+/* The following certificate types are defined: */
-+/* CKC_X_509_ATTR_CERT is new for v2.10 */
-+/* CKC_WTLS is new for v2.20 */
-+#define CKC_X_509 0x00000000
-+#define CKC_X_509_ATTR_CERT 0x00000001
-+#define CKC_WTLS 0x00000002
-+#define CKC_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
-+ * type */
-+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-+
-+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
-+ consists of an array of values. */
-+#define CKF_ARRAY_ATTRIBUTE 0x40000000
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_FORMAT attribute */
-+#define CK_OTP_FORMAT_DECIMAL 0
-+#define CK_OTP_FORMAT_HEXADECIMAL 1
-+#define CK_OTP_FORMAT_ALPHANUMERIC 2
-+#define CK_OTP_FORMAT_BINARY 3
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
-+#define CK_OTP_PARAM_IGNORED 0
-+#define CK_OTP_PARAM_OPTIONAL 1
-+#define CK_OTP_PARAM_MANDATORY 2
-+
-+/* The following attribute types are defined: */
-+#define CKA_CLASS 0x00000000
-+#define CKA_TOKEN 0x00000001
-+#define CKA_PRIVATE 0x00000002
-+#define CKA_LABEL 0x00000003
-+#define CKA_APPLICATION 0x00000010
-+#define CKA_VALUE 0x00000011
-+
-+/* CKA_OBJECT_ID is new for v2.10 */
-+#define CKA_OBJECT_ID 0x00000012
-+
-+#define CKA_CERTIFICATE_TYPE 0x00000080
-+#define CKA_ISSUER 0x00000081
-+#define CKA_SERIAL_NUMBER 0x00000082
-+
-+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
-+ * for v2.10 */
-+#define CKA_AC_ISSUER 0x00000083
-+#define CKA_OWNER 0x00000084
-+#define CKA_ATTR_TYPES 0x00000085
-+
-+/* CKA_TRUSTED is new for v2.11 */
-+#define CKA_TRUSTED 0x00000086
-+
-+/* CKA_CERTIFICATE_CATEGORY ...
-+ * CKA_CHECK_VALUE are new for v2.20 */
-+#define CKA_CERTIFICATE_CATEGORY 0x00000087
-+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
-+#define CKA_URL 0x00000089
-+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
-+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
-+#define CKA_CHECK_VALUE 0x00000090
-+
-+#define CKA_KEY_TYPE 0x00000100
-+#define CKA_SUBJECT 0x00000101
-+#define CKA_ID 0x00000102
-+#define CKA_SENSITIVE 0x00000103
-+#define CKA_ENCRYPT 0x00000104
-+#define CKA_DECRYPT 0x00000105
-+#define CKA_WRAP 0x00000106
-+#define CKA_UNWRAP 0x00000107
-+#define CKA_SIGN 0x00000108
-+#define CKA_SIGN_RECOVER 0x00000109
-+#define CKA_VERIFY 0x0000010A
-+#define CKA_VERIFY_RECOVER 0x0000010B
-+#define CKA_DERIVE 0x0000010C
-+#define CKA_START_DATE 0x00000110
-+#define CKA_END_DATE 0x00000111
-+#define CKA_MODULUS 0x00000120
-+#define CKA_MODULUS_BITS 0x00000121
-+#define CKA_PUBLIC_EXPONENT 0x00000122
-+#define CKA_PRIVATE_EXPONENT 0x00000123
-+#define CKA_PRIME_1 0x00000124
-+#define CKA_PRIME_2 0x00000125
-+#define CKA_EXPONENT_1 0x00000126
-+#define CKA_EXPONENT_2 0x00000127
-+#define CKA_COEFFICIENT 0x00000128
-+#define CKA_PRIME 0x00000130
-+#define CKA_SUBPRIME 0x00000131
-+#define CKA_BASE 0x00000132
-+
-+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
-+#define CKA_PRIME_BITS 0x00000133
-+#define CKA_SUBPRIME_BITS 0x00000134
-+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
-+/* (To retain backwards-compatibility) */
-+
-+#define CKA_VALUE_BITS 0x00000160
-+#define CKA_VALUE_LEN 0x00000161
-+
-+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
-+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
-+ * and CKA_EC_POINT are new for v2.0 */
-+#define CKA_EXTRACTABLE 0x00000162
-+#define CKA_LOCAL 0x00000163
-+#define CKA_NEVER_EXTRACTABLE 0x00000164
-+#define CKA_ALWAYS_SENSITIVE 0x00000165
-+
-+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
-+#define CKA_KEY_GEN_MECHANISM 0x00000166
-+
-+#define CKA_MODIFIABLE 0x00000170
-+
-+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
-+ * CKA_EC_PARAMS is preferred. */
-+#define CKA_ECDSA_PARAMS 0x00000180
-+#define CKA_EC_PARAMS 0x00000180
-+
-+#define CKA_EC_POINT 0x00000181
-+
-+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
-+ * are new for v2.10. Deprecated in v2.11 and onwards. */
-+#define CKA_SECONDARY_AUTH 0x00000200
-+#define CKA_AUTH_PIN_FLAGS 0x00000201
-+
-+/* CKA_ALWAYS_AUTHENTICATE ...
-+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
-+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
-+
-+#define CKA_WRAP_WITH_TRUSTED 0x00000210
-+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
-+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
-+
-+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
-+#define CKA_OTP_FORMAT 0x00000220
-+#define CKA_OTP_LENGTH 0x00000221
-+#define CKA_OTP_TIME_INTERVAL 0x00000222
-+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
-+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
-+#define CKA_OTP_TIME_REQUIREMENT 0x00000225
-+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
-+#define CKA_OTP_PIN_REQUIREMENT 0x00000227
-+#define CKA_OTP_COUNTER 0x0000022E
-+#define CKA_OTP_TIME 0x0000022F
-+#define CKA_OTP_USER_IDENTIFIER 0x0000022A
-+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
-+#define CKA_OTP_SERVICE_LOGO 0x0000022C
-+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
-+
-+
-+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
-+ * are new for v2.10 */
-+#define CKA_HW_FEATURE_TYPE 0x00000300
-+#define CKA_RESET_ON_INIT 0x00000301
-+#define CKA_HAS_RESET 0x00000302
-+
-+/* The following attributes are new for v2.20 */
-+#define CKA_PIXEL_X 0x00000400
-+#define CKA_PIXEL_Y 0x00000401
-+#define CKA_RESOLUTION 0x00000402
-+#define CKA_CHAR_ROWS 0x00000403
-+#define CKA_CHAR_COLUMNS 0x00000404
-+#define CKA_COLOR 0x00000405
-+#define CKA_BITS_PER_PIXEL 0x00000406
-+#define CKA_CHAR_SETS 0x00000480
-+#define CKA_ENCODING_METHODS 0x00000481
-+#define CKA_MIME_TYPES 0x00000482
-+#define CKA_MECHANISM_TYPE 0x00000500
-+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
-+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
-+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
-+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
-+
-+#define CKA_VENDOR_DEFINED 0x80000000
-+
-+/* CK_ATTRIBUTE is a structure that includes the type, length
-+ * and value of an attribute */
-+typedef struct CK_ATTRIBUTE {
-+ CK_ATTRIBUTE_TYPE type;
-+ CK_VOID_PTR pValue;
-+
-+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulValueLen; /* in bytes */
-+} CK_ATTRIBUTE;
-+
-+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-+
-+
-+/* CK_DATE is a structure that defines a date */
-+typedef struct CK_DATE{
-+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
-+ CK_CHAR month[2]; /* the month ("01" - "12") */
-+ CK_CHAR day[2]; /* the day ("01" - "31") */
-+} CK_DATE;
-+
-+
-+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
-+ * type */
-+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_MECHANISM_TYPE;
-+
-+/* the following mechanism types are defined: */
-+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-+#define CKM_RSA_PKCS 0x00000001
-+#define CKM_RSA_9796 0x00000002
-+#define CKM_RSA_X_509 0x00000003
-+
-+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
-+ * are new for v2.0. They are mechanisms which hash and sign */
-+#define CKM_MD2_RSA_PKCS 0x00000004
-+#define CKM_MD5_RSA_PKCS 0x00000005
-+#define CKM_SHA1_RSA_PKCS 0x00000006
-+
-+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
-+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
-+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
-+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
-+#define CKM_RSA_PKCS_OAEP 0x00000009
-+
-+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
-+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
-+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
-+#define CKM_RSA_X9_31 0x0000000B
-+#define CKM_SHA1_RSA_X9_31 0x0000000C
-+#define CKM_RSA_PKCS_PSS 0x0000000D
-+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
-+
-+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-+#define CKM_DSA 0x00000011
-+#define CKM_DSA_SHA1 0x00000012
-+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-+#define CKM_DH_PKCS_DERIVE 0x00000021
-+
-+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
-+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
-+ * v2.11 */
-+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
-+#define CKM_X9_42_DH_DERIVE 0x00000031
-+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
-+#define CKM_X9_42_MQV_DERIVE 0x00000033
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_RSA_PKCS 0x00000040
-+#define CKM_SHA384_RSA_PKCS 0x00000041
-+#define CKM_SHA512_RSA_PKCS 0x00000042
-+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
-+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
-+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
-+
-+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_RSA_PKCS 0x00000046
-+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
-+
-+#define CKM_RC2_KEY_GEN 0x00000100
-+#define CKM_RC2_ECB 0x00000101
-+#define CKM_RC2_CBC 0x00000102
-+#define CKM_RC2_MAC 0x00000103
-+
-+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-+#define CKM_RC2_MAC_GENERAL 0x00000104
-+#define CKM_RC2_CBC_PAD 0x00000105
-+
-+#define CKM_RC4_KEY_GEN 0x00000110
-+#define CKM_RC4 0x00000111
-+#define CKM_DES_KEY_GEN 0x00000120
-+#define CKM_DES_ECB 0x00000121
-+#define CKM_DES_CBC 0x00000122
-+#define CKM_DES_MAC 0x00000123
-+
-+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-+#define CKM_DES_MAC_GENERAL 0x00000124
-+#define CKM_DES_CBC_PAD 0x00000125
-+
-+#define CKM_DES2_KEY_GEN 0x00000130
-+#define CKM_DES3_KEY_GEN 0x00000131
-+#define CKM_DES3_ECB 0x00000132
-+#define CKM_DES3_CBC 0x00000133
-+#define CKM_DES3_MAC 0x00000134
-+
-+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
-+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
-+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-+#define CKM_DES3_MAC_GENERAL 0x00000135
-+#define CKM_DES3_CBC_PAD 0x00000136
-+#define CKM_CDMF_KEY_GEN 0x00000140
-+#define CKM_CDMF_ECB 0x00000141
-+#define CKM_CDMF_CBC 0x00000142
-+#define CKM_CDMF_MAC 0x00000143
-+#define CKM_CDMF_MAC_GENERAL 0x00000144
-+#define CKM_CDMF_CBC_PAD 0x00000145
-+
-+/* the following four DES mechanisms are new for v2.20 */
-+#define CKM_DES_OFB64 0x00000150
-+#define CKM_DES_OFB8 0x00000151
-+#define CKM_DES_CFB64 0x00000152
-+#define CKM_DES_CFB8 0x00000153
-+
-+#define CKM_MD2 0x00000200
-+
-+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD2_HMAC 0x00000201
-+#define CKM_MD2_HMAC_GENERAL 0x00000202
-+
-+#define CKM_MD5 0x00000210
-+
-+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD5_HMAC 0x00000211
-+#define CKM_MD5_HMAC_GENERAL 0x00000212
-+
-+#define CKM_SHA_1 0x00000220
-+
-+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-+#define CKM_SHA_1_HMAC 0x00000221
-+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-+
-+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
-+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
-+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
-+#define CKM_RIPEMD128 0x00000230
-+#define CKM_RIPEMD128_HMAC 0x00000231
-+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
-+#define CKM_RIPEMD160 0x00000240
-+#define CKM_RIPEMD160_HMAC 0x00000241
-+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256 0x00000250
-+#define CKM_SHA256_HMAC 0x00000251
-+#define CKM_SHA256_HMAC_GENERAL 0x00000252
-+
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224 0x00000255
-+#define CKM_SHA224_HMAC 0x00000256
-+#define CKM_SHA224_HMAC_GENERAL 0x00000257
-+
-+#define CKM_SHA384 0x00000260
-+#define CKM_SHA384_HMAC 0x00000261
-+#define CKM_SHA384_HMAC_GENERAL 0x00000262
-+#define CKM_SHA512 0x00000270
-+#define CKM_SHA512_HMAC 0x00000271
-+#define CKM_SHA512_HMAC_GENERAL 0x00000272
-+
-+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_SECURID_KEY_GEN 0x00000280
-+#define CKM_SECURID 0x00000282
-+
-+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_HOTP_KEY_GEN 0x00000290
-+#define CKM_HOTP 0x00000291
-+
-+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_ACTI 0x000002A0
-+#define CKM_ACTI_KEY_GEN 0x000002A1
-+
-+/* All of the following mechanisms are new for v2.0 */
-+/* Note that CAST128 and CAST5 are the same algorithm */
-+#define CKM_CAST_KEY_GEN 0x00000300
-+#define CKM_CAST_ECB 0x00000301
-+#define CKM_CAST_CBC 0x00000302
-+#define CKM_CAST_MAC 0x00000303
-+#define CKM_CAST_MAC_GENERAL 0x00000304
-+#define CKM_CAST_CBC_PAD 0x00000305
-+#define CKM_CAST3_KEY_GEN 0x00000310
-+#define CKM_CAST3_ECB 0x00000311
-+#define CKM_CAST3_CBC 0x00000312
-+#define CKM_CAST3_MAC 0x00000313
-+#define CKM_CAST3_MAC_GENERAL 0x00000314
-+#define CKM_CAST3_CBC_PAD 0x00000315
-+#define CKM_CAST5_KEY_GEN 0x00000320
-+#define CKM_CAST128_KEY_GEN 0x00000320
-+#define CKM_CAST5_ECB 0x00000321
-+#define CKM_CAST128_ECB 0x00000321
-+#define CKM_CAST5_CBC 0x00000322
-+#define CKM_CAST128_CBC 0x00000322
-+#define CKM_CAST5_MAC 0x00000323
-+#define CKM_CAST128_MAC 0x00000323
-+#define CKM_CAST5_MAC_GENERAL 0x00000324
-+#define CKM_CAST128_MAC_GENERAL 0x00000324
-+#define CKM_CAST5_CBC_PAD 0x00000325
-+#define CKM_CAST128_CBC_PAD 0x00000325
-+#define CKM_RC5_KEY_GEN 0x00000330
-+#define CKM_RC5_ECB 0x00000331
-+#define CKM_RC5_CBC 0x00000332
-+#define CKM_RC5_MAC 0x00000333
-+#define CKM_RC5_MAC_GENERAL 0x00000334
-+#define CKM_RC5_CBC_PAD 0x00000335
-+#define CKM_IDEA_KEY_GEN 0x00000340
-+#define CKM_IDEA_ECB 0x00000341
-+#define CKM_IDEA_CBC 0x00000342
-+#define CKM_IDEA_MAC 0x00000343
-+#define CKM_IDEA_MAC_GENERAL 0x00000344
-+#define CKM_IDEA_CBC_PAD 0x00000345
-+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-+#define CKM_XOR_BASE_AND_DATA 0x00000364
-+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-+
-+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
-+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
-+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
-+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
-+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
-+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
-+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
-+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
-+
-+/* CKM_TLS_PRF is new for v2.20 */
-+#define CKM_TLS_PRF 0x00000378
-+
-+#define CKM_SSL3_MD5_MAC 0x00000380
-+#define CKM_SSL3_SHA1_MAC 0x00000381
-+#define CKM_MD5_KEY_DERIVATION 0x00000390
-+#define CKM_MD2_KEY_DERIVATION 0x00000391
-+#define CKM_SHA1_KEY_DERIVATION 0x00000392
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_KEY_DERIVATION 0x00000393
-+#define CKM_SHA384_KEY_DERIVATION 0x00000394
-+#define CKM_SHA512_KEY_DERIVATION 0x00000395
-+
-+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_KEY_DERIVATION 0x00000396
-+
-+#define CKM_PBE_MD2_DES_CBC 0x000003A0
-+#define CKM_PBE_MD5_DES_CBC 0x000003A1
-+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-+#define CKM_PBE_SHA1_RC4_128 0x000003A6
-+#define CKM_PBE_SHA1_RC4_40 0x000003A7
-+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-+
-+/* CKM_PKCS5_PBKD2 is new for v2.10 */
-+#define CKM_PKCS5_PBKD2 0x000003B0
-+
-+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-+
-+/* WTLS mechanisms are new for v2.20 */
-+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
-+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
-+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
-+#define CKM_WTLS_PRF 0x000003D3
-+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
-+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
-+
-+#define CKM_KEY_WRAP_LYNKS 0x00000400
-+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-+
-+/* CKM_CMS_SIG is new for v2.20 */
-+#define CKM_CMS_SIG 0x00000500
-+
-+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
-+#define CKM_KIP_DERIVE 0x00000510
-+#define CKM_KIP_WRAP 0x00000511
-+#define CKM_KIP_MAC 0x00000512
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_CAMELLIA_KEY_GEN 0x00000550
-+#define CKM_CAMELLIA_ECB 0x00000551
-+#define CKM_CAMELLIA_CBC 0x00000552
-+#define CKM_CAMELLIA_MAC 0x00000553
-+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
-+#define CKM_CAMELLIA_CBC_PAD 0x00000555
-+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
-+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
-+#define CKM_CAMELLIA_CTR 0x00000558
-+
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_ARIA_KEY_GEN 0x00000560
-+#define CKM_ARIA_ECB 0x00000561
-+#define CKM_ARIA_CBC 0x00000562
-+#define CKM_ARIA_MAC 0x00000563
-+#define CKM_ARIA_MAC_GENERAL 0x00000564
-+#define CKM_ARIA_CBC_PAD 0x00000565
-+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
-+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
-+
-+/* Fortezza mechanisms */
-+#define CKM_SKIPJACK_KEY_GEN 0x00001000
-+#define CKM_SKIPJACK_ECB64 0x00001001
-+#define CKM_SKIPJACK_CBC64 0x00001002
-+#define CKM_SKIPJACK_OFB64 0x00001003
-+#define CKM_SKIPJACK_CFB64 0x00001004
-+#define CKM_SKIPJACK_CFB32 0x00001005
-+#define CKM_SKIPJACK_CFB16 0x00001006
-+#define CKM_SKIPJACK_CFB8 0x00001007
-+#define CKM_SKIPJACK_WRAP 0x00001008
-+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-+#define CKM_SKIPJACK_RELAYX 0x0000100a
-+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-+#define CKM_KEA_KEY_DERIVE 0x00001011
-+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-+#define CKM_BATON_KEY_GEN 0x00001030
-+#define CKM_BATON_ECB128 0x00001031
-+#define CKM_BATON_ECB96 0x00001032
-+#define CKM_BATON_CBC128 0x00001033
-+#define CKM_BATON_COUNTER 0x00001034
-+#define CKM_BATON_SHUFFLE 0x00001035
-+#define CKM_BATON_WRAP 0x00001036
-+
-+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
-+ * CKM_EC_KEY_PAIR_GEN is preferred */
-+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-+#define CKM_EC_KEY_PAIR_GEN 0x00001040
-+
-+#define CKM_ECDSA 0x00001041
-+#define CKM_ECDSA_SHA1 0x00001042
-+
-+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
-+ * are new for v2.11 */
-+#define CKM_ECDH1_DERIVE 0x00001050
-+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
-+#define CKM_ECMQV_DERIVE 0x00001052
-+
-+#define CKM_JUNIPER_KEY_GEN 0x00001060
-+#define CKM_JUNIPER_ECB128 0x00001061
-+#define CKM_JUNIPER_CBC128 0x00001062
-+#define CKM_JUNIPER_COUNTER 0x00001063
-+#define CKM_JUNIPER_SHUFFLE 0x00001064
-+#define CKM_JUNIPER_WRAP 0x00001065
-+#define CKM_FASTHASH 0x00001070
-+
-+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
-+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
-+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
-+ * new for v2.11 */
-+#define CKM_AES_KEY_GEN 0x00001080
-+#define CKM_AES_ECB 0x00001081
-+#define CKM_AES_CBC 0x00001082
-+#define CKM_AES_MAC 0x00001083
-+#define CKM_AES_MAC_GENERAL 0x00001084
-+#define CKM_AES_CBC_PAD 0x00001085
-+
-+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_AES_CTR 0x00001086
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKM_BLOWFISH_KEY_GEN 0x00001090
-+#define CKM_BLOWFISH_CBC 0x00001091
-+#define CKM_TWOFISH_KEY_GEN 0x00001092
-+#define CKM_TWOFISH_CBC 0x00001093
-+
-+
-+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
-+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
-+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
-+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
-+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
-+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
-+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
-+
-+#define CKM_DSA_PARAMETER_GEN 0x00002000
-+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
-+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
-+
-+#define CKM_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-+
-+
-+/* CK_MECHANISM is a structure that specifies a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM {
-+ CK_MECHANISM_TYPE mechanism;
-+ CK_VOID_PTR pParameter;
-+
-+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulParameterLen; /* in bytes */
-+} CK_MECHANISM;
-+
-+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-+
-+
-+/* CK_MECHANISM_INFO provides information about a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM_INFO {
-+ CK_ULONG ulMinKeySize;
-+ CK_ULONG ulMaxKeySize;
-+ CK_FLAGS flags;
-+} CK_MECHANISM_INFO;
-+
-+/* The flags are defined as follows:
-+ * Bit Flag Mask Meaning */
-+#define CKF_HW 0x00000001 /* performed by HW */
-+
-+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
-+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
-+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
-+ * and CKF_DERIVE are new for v2.0. They specify whether or not
-+ * a mechanism can be used for a particular task */
-+#define CKF_ENCRYPT 0x00000100
-+#define CKF_DECRYPT 0x00000200
-+#define CKF_DIGEST 0x00000400
-+#define CKF_SIGN 0x00000800
-+#define CKF_SIGN_RECOVER 0x00001000
-+#define CKF_VERIFY 0x00002000
-+#define CKF_VERIFY_RECOVER 0x00004000
-+#define CKF_GENERATE 0x00008000
-+#define CKF_GENERATE_KEY_PAIR 0x00010000
-+#define CKF_WRAP 0x00020000
-+#define CKF_UNWRAP 0x00040000
-+#define CKF_DERIVE 0x00080000
-+
-+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
-+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
-+ * describe a token's EC capabilities not available in mechanism
-+ * information. */
-+#define CKF_EC_F_P 0x00100000
-+#define CKF_EC_F_2M 0x00200000
-+#define CKF_EC_ECPARAMETERS 0x00400000
-+#define CKF_EC_NAMEDCURVE 0x00800000
-+#define CKF_EC_UNCOMPRESS 0x01000000
-+#define CKF_EC_COMPRESS 0x02000000
-+
-+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
-+
-+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-+
-+
-+/* CK_RV is a value that identifies the return value of a
-+ * Cryptoki function */
-+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_RV;
-+
-+#define CKR_OK 0x00000000
-+#define CKR_CANCEL 0x00000001
-+#define CKR_HOST_MEMORY 0x00000002
-+#define CKR_SLOT_ID_INVALID 0x00000003
-+
-+/* CKR_FLAGS_INVALID was removed for v2.0 */
-+
-+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-+#define CKR_GENERAL_ERROR 0x00000005
-+#define CKR_FUNCTION_FAILED 0x00000006
-+
-+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
-+ * and CKR_CANT_LOCK are new for v2.01 */
-+#define CKR_ARGUMENTS_BAD 0x00000007
-+#define CKR_NO_EVENT 0x00000008
-+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-+#define CKR_CANT_LOCK 0x0000000A
-+
-+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-+#define CKR_DATA_INVALID 0x00000020
-+#define CKR_DATA_LEN_RANGE 0x00000021
-+#define CKR_DEVICE_ERROR 0x00000030
-+#define CKR_DEVICE_MEMORY 0x00000031
-+#define CKR_DEVICE_REMOVED 0x00000032
-+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-+#define CKR_FUNCTION_CANCELED 0x00000050
-+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-+
-+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-+
-+#define CKR_KEY_HANDLE_INVALID 0x00000060
-+
-+/* CKR_KEY_SENSITIVE was removed for v2.0 */
-+
-+#define CKR_KEY_SIZE_RANGE 0x00000062
-+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-+
-+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
-+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
-+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
-+ * v2.0 */
-+#define CKR_KEY_NOT_NEEDED 0x00000064
-+#define CKR_KEY_CHANGED 0x00000065
-+#define CKR_KEY_NEEDED 0x00000066
-+#define CKR_KEY_INDIGESTIBLE 0x00000067
-+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-+
-+#define CKR_MECHANISM_INVALID 0x00000070
-+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-+
-+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
-+ * were removed for v2.0 */
-+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-+#define CKR_OPERATION_ACTIVE 0x00000090
-+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-+#define CKR_PIN_INCORRECT 0x000000A0
-+#define CKR_PIN_INVALID 0x000000A1
-+#define CKR_PIN_LEN_RANGE 0x000000A2
-+
-+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-+#define CKR_PIN_EXPIRED 0x000000A3
-+#define CKR_PIN_LOCKED 0x000000A4
-+
-+#define CKR_SESSION_CLOSED 0x000000B0
-+#define CKR_SESSION_COUNT 0x000000B1
-+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-+#define CKR_SESSION_READ_ONLY 0x000000B5
-+#define CKR_SESSION_EXISTS 0x000000B6
-+
-+/* CKR_SESSION_READ_ONLY_EXISTS and
-+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-+
-+#define CKR_SIGNATURE_INVALID 0x000000C0
-+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-+#define CKR_USER_NOT_LOGGED_IN 0x00000101
-+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-+#define CKR_USER_TYPE_INVALID 0x00000103
-+
-+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
-+ * are new to v2.01 */
-+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-+#define CKR_USER_TOO_MANY_TYPES 0x00000105
-+
-+#define CKR_WRAPPED_KEY_INVALID 0x00000110
-+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-+
-+/* These are new to v2.0 */
-+#define CKR_RANDOM_NO_RNG 0x00000121
-+
-+/* These are new to v2.11 */
-+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
-+
-+/* These are new to v2.0 */
-+#define CKR_BUFFER_TOO_SMALL 0x00000150
-+#define CKR_SAVED_STATE_INVALID 0x00000160
-+#define CKR_INFORMATION_SENSITIVE 0x00000170
-+#define CKR_STATE_UNSAVEABLE 0x00000180
-+
-+/* These are new to v2.01 */
-+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-+#define CKR_MUTEX_BAD 0x000001A0
-+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-+
-+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
-+#define CKR_NEW_PIN_MODE 0x000001B0
-+#define CKR_NEXT_OTP 0x000001B1
-+
-+/* This is new to v2.20 */
-+#define CKR_FUNCTION_REJECTED 0x00000200
-+
-+#define CKR_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_NOTIFY is an application callback that processes events */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_NOTIFICATION event,
-+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
-+);
-+
-+
-+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
-+ * version and pointers of appropriate types to all the
-+ * Cryptoki functions */
-+/* CK_FUNCTION_LIST is new for v2.0 */
-+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-+
-+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-+
-+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-+
-+
-+/* CK_CREATEMUTEX is an application callback for creating a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-+);
-+
-+
-+/* CK_DESTROYMUTEX is an application callback for destroying a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_LOCKMUTEX is an application callback for locking a mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_UNLOCKMUTEX is an application callback for unlocking a
-+ * mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
-+ * C_Initialize */
-+typedef struct CK_C_INITIALIZE_ARGS {
-+ CK_CREATEMUTEX CreateMutex;
-+ CK_DESTROYMUTEX DestroyMutex;
-+ CK_LOCKMUTEX LockMutex;
-+ CK_UNLOCKMUTEX UnlockMutex;
-+ CK_FLAGS flags;
-+ CK_VOID_PTR pReserved;
-+} CK_C_INITIALIZE_ARGS;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-+#define CKF_OS_LOCKING_OK 0x00000002
-+
-+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-+
-+
-+/* additional flags for parameters to functions */
-+
-+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-+#define CKF_DONT_BLOCK 1
-+
-+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
-+ * Generation Function (MGF) applied to a message block when
-+ * formatting a message block for the PKCS #1 OAEP encryption
-+ * scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-+
-+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-+
-+/* The following MGFs are defined */
-+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
-+ * are new for v2.20 */
-+#define CKG_MGF1_SHA1 0x00000001
-+#define CKG_MGF1_SHA256 0x00000002
-+#define CKG_MGF1_SHA384 0x00000003
-+#define CKG_MGF1_SHA512 0x00000004
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKG_MGF1_SHA224 0x00000005
-+
-+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
-+ * of the encoding parameter when formatting a message block
-+ * for the PKCS #1 OAEP encryption scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-+
-+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-+
-+/* The following encoding parameter sources are defined */
-+#define CKZ_DATA_SPECIFIED 0x00000001
-+
-+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_OAEP mechanism. */
-+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-+ CK_VOID_PTR pSourceData;
-+ CK_ULONG ulSourceDataLen;
-+} CK_RSA_PKCS_OAEP_PARAMS;
-+
-+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-+
-+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
-+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_PSS mechanism(s). */
-+typedef struct CK_RSA_PKCS_PSS_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_ULONG sLen;
-+} CK_RSA_PKCS_PSS_PARAMS;
-+
-+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-+
-+/* CK_EC_KDF_TYPE is new for v2.11. */
-+typedef CK_ULONG CK_EC_KDF_TYPE;
-+
-+/* The following EC Key Derivation Functions are defined */
-+#define CKD_NULL 0x00000001
-+#define CKD_SHA1_KDF 0x00000002
-+
-+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
-+ * where each party contributes one key pair.
-+ */
-+typedef struct CK_ECDH1_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_ECDH1_DERIVE_PARAMS;
-+
-+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
-+typedef struct CK_ECDH2_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_ECDH2_DERIVE_PARAMS;
-+
-+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_ECMQV_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_ECMQV_DERIVE_PARAMS;
-+
-+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-+
-+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
-+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
-+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-+
-+/* The following X9.42 DH key derivation functions are defined
-+ (besides CKD_NULL already defined : */
-+#define CKD_SHA1_KDF_ASN1 0x00000003
-+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
-+
-+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
-+ * contributes one key pair */
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_X9_42_DH1_DERIVE_PARAMS;
-+
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-+
-+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
-+ * mechanisms, where each party contributes two key pairs */
-+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_X9_42_DH2_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_X9_42_MQV_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-+
-+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
-+ * CKM_KEA_DERIVE mechanism */
-+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-+typedef struct CK_KEA_DERIVE_PARAMS {
-+ CK_BBOOL isSender;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pRandomB;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_KEA_DERIVE_PARAMS;
-+
-+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
-+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
-+ * holds the effective keysize */
-+typedef CK_ULONG CK_RC2_PARAMS;
-+
-+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-+
-+
-+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
-+ * mechanism */
-+typedef struct CK_RC2_CBC_PARAMS {
-+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+
-+ CK_BYTE iv[8]; /* IV for CBC mode */
-+} CK_RC2_CBC_PARAMS;
-+
-+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC2_MAC_GENERAL mechanism */
-+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC2_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
-+ * CKM_RC5_MAC mechanisms */
-+/* CK_RC5_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+} CK_RC5_PARAMS;
-+
-+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-+
-+
-+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
-+ * mechanism */
-+/* CK_RC5_CBC_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_CBC_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_BYTE_PTR pIv; /* pointer to IV */
-+ CK_ULONG ulIvLen; /* length of IV in bytes */
-+} CK_RC5_CBC_PARAMS;
-+
-+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC5_MAC_GENERAL mechanism */
-+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC5_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
-+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
-+ * the MAC */
-+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-+
-+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-+
-+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
-+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[8];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pPassword;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPAndGLen;
-+ CK_ULONG ulQLen;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pPrimeP;
-+ CK_BYTE_PTR pBaseG;
-+ CK_BYTE_PTR pSubprimeQ;
-+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-+
-+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
-+
-+
-+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_RELAYX mechanism */
-+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-+ CK_ULONG ulOldWrappedXLen;
-+ CK_BYTE_PTR pOldWrappedX;
-+ CK_ULONG ulOldPasswordLen;
-+ CK_BYTE_PTR pOldPassword;
-+ CK_ULONG ulOldPublicDataLen;
-+ CK_BYTE_PTR pOldPublicData;
-+ CK_ULONG ulOldRandomLen;
-+ CK_BYTE_PTR pOldRandomA;
-+ CK_ULONG ulNewPasswordLen;
-+ CK_BYTE_PTR pNewPassword;
-+ CK_ULONG ulNewPublicDataLen;
-+ CK_BYTE_PTR pNewPublicData;
-+ CK_ULONG ulNewRandomLen;
-+ CK_BYTE_PTR pNewRandomA;
-+} CK_SKIPJACK_RELAYX_PARAMS;
-+
-+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
-+
-+
-+typedef struct CK_PBE_PARAMS {
-+ CK_BYTE_PTR pInitVector;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pSalt;
-+ CK_ULONG ulSaltLen;
-+ CK_ULONG ulIteration;
-+} CK_PBE_PARAMS;
-+
-+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-+
-+
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
-+ * CKM_KEY_WRAP_SET_OAEP mechanism */
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-+ CK_BYTE bBC; /* block contents byte */
-+ CK_BYTE_PTR pX; /* extra data */
-+ CK_ULONG ulXLen; /* length of extra data in bytes */
-+} CK_KEY_WRAP_SET_OAEP_PARAMS;
-+
-+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
-+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_SSL3_RANDOM_DATA;
-+
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_VERSION_PTR pVersion;
-+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hClientMacSecret;
-+ CK_OBJECT_HANDLE hServerMacSecret;
-+ CK_OBJECT_HANDLE hClientKey;
-+ CK_OBJECT_HANDLE hServerKey;
-+ CK_BYTE_PTR pIVClient;
-+ CK_BYTE_PTR pIVServer;
-+} CK_SSL3_KEY_MAT_OUT;
-+
-+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_PARAMS {
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_BBOOL bIsExport;
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_SSL3_KEY_MAT_PARAMS;
-+
-+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-+
-+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
-+typedef struct CK_TLS_PRF_PARAMS {
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_TLS_PRF_PARAMS;
-+
-+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-+
-+/* WTLS is new for version 2.20 */
-+typedef struct CK_WTLS_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_WTLS_RANDOM_DATA;
-+
-+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-+
-+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_BYTE_PTR pVersion;
-+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_PRF_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_WTLS_PRF_PARAMS;
-+
-+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hMacSecret;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pIV;
-+} CK_WTLS_KEY_MAT_OUT;
-+
-+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_ULONG ulSequenceNumber;
-+ CK_BBOOL bIsExport;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_WTLS_KEY_MAT_PARAMS;
-+
-+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-+
-+/* CMS is new for version 2.20 */
-+typedef struct CK_CMS_SIG_PARAMS {
-+ CK_OBJECT_HANDLE certificateHandle;
-+ CK_MECHANISM_PTR pSigningMechanism;
-+ CK_MECHANISM_PTR pDigestMechanism;
-+ CK_UTF8CHAR_PTR pContentType;
-+ CK_BYTE_PTR pRequestedAttributes;
-+ CK_ULONG ulRequestedAttributesLen;
-+ CK_BYTE_PTR pRequiredAttributes;
-+ CK_ULONG ulRequiredAttributesLen;
-+} CK_CMS_SIG_PARAMS;
-+
-+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-+
-+typedef struct CK_KEY_DERIVATION_STRING_DATA {
-+ CK_BYTE_PTR pData;
-+ CK_ULONG ulLen;
-+} CK_KEY_DERIVATION_STRING_DATA;
-+
-+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-+ CK_KEY_DERIVATION_STRING_DATA_PTR;
-+
-+
-+/* The CK_EXTRACT_PARAMS is used for the
-+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
-+ * of the base key should be used as the first bit of the
-+ * derived key */
-+/* CK_EXTRACT_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_EXTRACT_PARAMS;
-+
-+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-+
-+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
-+ * indicate the Pseudo-Random Function (PRF) used to generate
-+ * key bits using PKCS #5 PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-+
-+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-+
-+/* The following PRFs are defined in PKCS #5 v2.0. */
-+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
-+
-+
-+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
-+ * source of the salt value when deriving a key using PKCS #5
-+ * PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-+
-+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-+
-+/* The following salt value sources are defined in PKCS #5 v2.0. */
-+#define CKZ_SALT_SPECIFIED 0x00000001
-+
-+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
-+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
-+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
-+typedef struct CK_PKCS5_PBKD2_PARAMS {
-+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-+ CK_VOID_PTR pSaltSourceData;
-+ CK_ULONG ulSaltSourceDataLen;
-+ CK_ULONG iterations;
-+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-+ CK_VOID_PTR pPrfData;
-+ CK_ULONG ulPrfDataLen;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG_PTR ulPasswordLen;
-+} CK_PKCS5_PBKD2_PARAMS;
-+
-+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-+
-+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
-+
-+typedef CK_ULONG CK_OTP_PARAM_TYPE;
-+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
-+
-+typedef struct CK_OTP_PARAM {
-+ CK_OTP_PARAM_TYPE type;
-+ CK_VOID_PTR pValue;
-+ CK_ULONG ulValueLen;
-+} CK_OTP_PARAM;
-+
-+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-+
-+typedef struct CK_OTP_PARAMS {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_PARAMS;
-+
-+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-+
-+typedef struct CK_OTP_SIGNATURE_INFO {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_SIGNATURE_INFO;
-+
-+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CK_OTP_VALUE 0
-+#define CK_OTP_PIN 1
-+#define CK_OTP_CHALLENGE 2
-+#define CK_OTP_TIME 3
-+#define CK_OTP_COUNTER 4
-+#define CK_OTP_FLAGS 5
-+#define CK_OTP_OUTPUT_LENGTH 6
-+#define CK_OTP_OUTPUT_FORMAT 7
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CKF_NEXT_OTP 0x00000001
-+#define CKF_EXCLUDE_TIME 0x00000002
-+#define CKF_EXCLUDE_COUNTER 0x00000004
-+#define CKF_EXCLUDE_CHALLENGE 0x00000008
-+#define CKF_EXCLUDE_PIN 0x00000010
-+#define CKF_USER_FRIENDLY_OTP 0x00000020
-+
-+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
-+typedef struct CK_KIP_PARAMS {
-+ CK_MECHANISM_PTR pMechanism;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+} CK_KIP_PARAMS;
-+
-+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-+
-+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_AES_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_AES_CTR_PARAMS;
-+
-+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_CAMELLIA_CTR_PARAMS;
-+
-+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+#endif
-Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.8.2.1 openssl/util/libeay.num:1.9
---- openssl/util/libeay.num:1.8.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/libeay.num Sun Jan 15 16:30:10 2012
-@@ -4194,3 +4194,5 @@
- OPENSSL_strncasecmp 4566 EXIST::FUNCTION:
- OPENSSL_gmtime 4567 EXIST::FUNCTION:
- OPENSSL_gmtime_adj 4568 EXIST::FUNCTION:
-+ENGINE_load_pk11ca 4569 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
-+ENGINE_load_pk11so 4569 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
-Index: openssl/util/mk1mf.pl
-diff -u openssl/util/mk1mf.pl:1.9.2.1 openssl/util/mk1mf.pl:1.9
---- openssl/util/mk1mf.pl:1.9.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/mk1mf.pl Mon Jun 13 17:13:56 2011
-@@ -109,6 +109,8 @@
- no-ecdh - No ECDH
- no-engine - No engine
- no-hw - No hw
-+ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
-+ no-hw-pkcs11so - No hw PKCS#11 SO flavor
- nasm - Use NASM for x86 asm
- nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
-@@ -270,6 +272,8 @@
- $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
- $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
- $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
- $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
- $cflags.= " -DZLIB" if $zlib_opt;
- $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-@@ -335,6 +339,9 @@
- $dir=$val;
- }
-
-+ if ($key eq "PK11_LIB_LOCATION")
-+ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
-+
- if ($key eq "KRB5_INCLUDES")
- { $cflags .= " $val";}
-
-@@ -1067,6 +1074,8 @@
- "no-gost" => \$no_gost,
- "no-engine" => \$no_engine,
- "no-hw" => \$no_hw,
-+ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
-+ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
- "just-ssl" =>
- [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
-Index: openssl/util/mkdef.pl
-diff -u openssl/util/mkdef.pl:1.7.2.1 openssl/util/mkdef.pl:1.8
---- openssl/util/mkdef.pl:1.7.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/mkdef.pl Sun Jan 15 16:30:10 2012
-@@ -94,7 +94,7 @@
- # External "algorithms"
- "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
- # Engines
-- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-+ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
- # RFC3779
- "RFC3779",
- # TLS
-@@ -125,6 +125,7 @@
- my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
- my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
- my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
-+my $no_pkcs11ca; my $no_pkcs11so;
- my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
- my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
- my $no_jpake; my $no_ssl2;
-@@ -218,6 +219,8 @@
- elsif (/^no-ssl2$/) { $no_ssl2=1; }
- elsif (/^no-capieng$/) { $no_capieng=1; }
- elsif (/^no-jpake$/) { $no_jpake=1; }
-+ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
-+ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
- }
-
-
-@@ -1165,6 +1168,8 @@
- if ($keyword eq "KRB5" && $no_krb5) { return 0; }
- if ($keyword eq "ENGINE" && $no_engine) { return 0; }
- if ($keyword eq "HW" && $no_hw) { return 0; }
-+ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
-+ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
-Index: openssl/util/pl/VC-32.pl
-diff -u openssl/util/pl/VC-32.pl:1.7.2.1 openssl/util/pl/VC-32.pl:1.7
---- openssl/util/pl/VC-32.pl:1.7.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/pl/VC-32.pl Mon Jun 13 17:13:57 2011
-@@ -36,7 +36,7 @@
- my $f = $shlib?' /MD':' /MT';
- $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
- $opt_cflags=$f.' /Ox';
-- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-+ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
-
- *::perlasm_compile_target = sub {
Added: vendor/bind/dist/bin/pkcs11/openssl-1.0.0m-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-1.0.0m-patch (rev 0)
+++ vendor/bind/dist/bin/pkcs11/openssl-1.0.0m-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,15889 @@
+Index: openssl/Configure
+diff -u openssl/Configure:1.9.2.1.2.1.4.1.2.1 openssl/Configure:1.11.2.2
+--- openssl/Configure:1.9.2.1.2.1.4.1.2.1 Tue Jan 7 09:25:41 2014
++++ openssl/Configure Tue Jan 7 09:28:47 2014
+@@ -10,7 +10,7 @@
+
+ # see INSTALL for instructions.
+
+-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
++my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+ # Options:
+ #
+@@ -23,6 +23,12 @@
+ # default). This needn't be set in advance, you can
+ # just as well use "make INSTALL_PREFIX=/whatever install".
+ #
++# --pk11-libname PKCS#11 library name.
++# (No default)
++#
++# --pk11-flavor either crypto-accelerator or sign-only
++# (No default)
++#
+ # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
+ # to live in the subdirectory lib/ and the header files in
+ # include/. A value is required.
+@@ -344,7 +350,7 @@
+ "linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IA-32 targets...
+ "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+ ####
+ "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -352,7 +358,7 @@
+ "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
+@@ -623,6 +629,10 @@
+ my $idx_arflags = $idx++;
+ my $idx_multilib = $idx++;
+
++# PKCS#11 engine patch
++my $pk11_libname="";
++my $pk11_flavor="";
++
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
+@@ -825,6 +835,14 @@
+ {
+ $flags.=$_." ";
+ }
++ elsif (/^--pk11-libname=(.*)$/)
++ {
++ $pk11_libname=$1;
++ }
++ elsif (/^--pk11-flavor=(.*)$/)
++ {
++ $pk11_flavor=$1;
++ }
+ elsif (/^--prefix=(.*)$/)
+ {
+ $prefix=$1;
+@@ -962,6 +980,22 @@
+ exit 0;
+ }
+
++if (! $pk11_libname)
++ {
++ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
++ print STDERR "See README.pkcs11 for more information.\n";
++ exit 1;
++ }
++
++if (! $pk11_flavor
++ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
++ {
++ print STDERR "You must set --pk11-flavor.\n";
++ print STDERR "Choices are crypto-accelerator and sign-only.\n";
++ print STDERR "See README.pkcs11 for more information.\n";
++ exit 1;
++ }
++
+ if ($target =~ m/^CygWin32(-.*)$/) {
+ $target = "Cygwin".$1;
+ }
+@@ -1039,6 +1073,25 @@
+ $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+ }
+
++if ($pk11_flavor eq "crypto-accelerator")
++ {
++ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
++ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
++ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
++ $options .= " no-hw-pkcs11so";
++ print " no-hw-pkcs11so [pk11-flavor]";
++ print " OPENSSL_NO_HW_PKCS11SO\n";
++ }
++else
++ {
++ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
++ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
++ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
++ $options .= " no-hw-pkcs11ca";
++ print " no-hw-pkcs11ca [pk11-flavor]";
++ print " OPENSSL_NO_HW_PKCS11CA\n";
++}
++
+ my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
+
+ $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
+@@ -1126,6 +1179,8 @@
+ if ($flags ne "") { $cflags="$flags$cflags"; }
+ else { $no_user_cflags=1; }
+
++$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
++
+ # Kerberos settings. The flavor must be provided from outside, either through
+ # the script "config" or manually.
+ if (!$no_krb5)
+@@ -1495,6 +1550,7 @@
+ s/^VERSION=.*/VERSION=$version/;
+ s/^MAJOR=.*/MAJOR=$major/;
+ s/^MINOR=.*/MINOR=$minor/;
++ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
+ s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+ s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+Index: openssl/Makefile.org
+diff -u openssl/Makefile.org:1.5.2.1.2.1 openssl/Makefile.org:1.6
+--- openssl/Makefile.org:1.5.2.1.2.1 Tue Jun 19 14:46:04 2012
++++ openssl/Makefile.org Tue Jun 19 14:49:21 2012
+@@ -26,6 +26,9 @@
+ INSTALL_PREFIX=
+ INSTALLTOP=/usr/local/ssl
+
++# You must set this through --pk11-libname configure option.
++PK11_LIB_LOCATION=
++
+ # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+ OPENSSLDIR=/usr/local/ssl
+
+Index: openssl/README.pkcs11
+diff -u /dev/null openssl/README.pkcs11:1.7.4.1
+--- /dev/null Thu Jul 3 12:42:32 2014
++++ openssl/README.pkcs11 Fri Oct 4 14:33:56 2013
+@@ -0,0 +1,266 @@
++ISC modified
++============
++
++The previous key naming scheme was kept for backward compatibility.
++
++The PKCS#11 engine exists in two flavors, crypto-accelerator and
++sign-only. The first one is from the Solaris patch and uses the
++PKCS#11 device for all crypto operations it supports. The second
++is a stripped down version which provides only the useful
++function (i.e., signature with a RSA private key in the device
++protected key store and key loading).
++
++As a hint PKCS#11 boards should use the crypto-accelerator flavor,
++external PKCS#11 devices the sign-only. SCA 6000 is an example
++of the first, AEP Keyper of the second.
++
++Note it is mandatory to set a pk11-flavor (and only one) in
++config/Configure.
++
++It is highly recommended to compile in (vs. as a DSO) the engine.
++The way to configure this is system dependent, on Unixes it is no-shared
++(and is in general the default), on WIN32 it is enable-static-engine
++(and still enable to build the OpenSSL libraries as DLLs).
++
++PKCS#11 engine support for OpenSSL 0.9.8l
++=========================================
++
++[Nov 19, 2009]
++
++Contents:
++
++Overview
++Revisions of the patch for 0.9.8 branch
++FAQs
++Feedback
++
++Overview
++========
++
++This patch containing code available in OpenSolaris adds support for PKCS#11
++engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
++OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
++must provide PKCS#11 backend otherwise the patch is useless. You provide the
++PKCS#11 library name during the build configuration phase, see below.
++
++Patch can be applied like this:
++
++ # NOTE: use gtar if on Solaris
++ tar xfzv openssl-0.9.8l.tar.gz
++ # now download the patch to the current directory
++ # ...
++ cd openssl-0.9.8l
++ # NOTE: must use gpatch if on Solaris (is part of the system)
++ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
++
++It is designed to support pure acceleration for RSA, DSA, DH and all the
++symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
++except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
++
++According to the PKCS#11 providers installed on your machine, it can support
++following mechanisms:
++
++ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
++ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
++ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
++ SHA256, SHA384, SHA512
++
++Note that for AES counter mode the application must provide their own EVP
++functions since OpenSSL doesn't support counter mode through EVP yet. You may
++see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
++example of code that uses the PKCS#11 engine and deals with the fork-safety
++problem (see engine.c and packet.c files if interested).
++
++You must provide the location of PKCS#11 library in your system to the
++configure script. You will be instructed to do that when you try to run the
++config script:
++
++ $ ./config
++ Operating system: i86pc-whatever-solaris2
++ Configuring for solaris-x86-cc
++ You must set --pk11-libname for PKCS#11 library.
++ See README.pkcs11 for more information.
++
++Taking openCryptoki project on Linux AMD64 box as an example, you would run
++configure script like this:
++
++ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
++
++To check whether newly built openssl really supports PKCS#11 it's enough to run
++"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
++output. If you see no PKCS#11 engine support check that the built openssl binary
++and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
++
++The patch, during various phases of development, was tested on Solaris against
++PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
++OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
++(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
++information). Some Linux distributions even ship those libraries with the
++system. The patch should work on any system that is supported by OpenSSL itself
++and has functional PKCS#11 library.
++
++The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
++copyrighted by RSA Security Inc., see pkcs11.h for more information.
++
++Other added/modified code in this patch is copyrighted by Sun Microsystems,
++Inc. and is released under the OpenSSL license (see LICENSE file for more
++information).
++
++Revisions of the patch for 0.9.8 branch
++=======================================
++
++2009-11-19
++- adjusted for OpenSSL version 0.9.8l
++
++- bugs and RFEs:
++
++ 6479874 OpenSSL should support RSA key by reference/hardware keystores
++ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
++ 6732677 make check to trigger Solaris specific code automatic in the
++ PKCS#11 engine
++
++2009-03-11
++- adjusted for OpenSSL version 0.9.8j
++
++- README.pkcs11 moved out of the patch, and is shipped together with it in a
++ tarball instead so that it can be read before the patch is applied.
++
++- fixed bugs:
++
++ 6804216 pkcs#11 engine should support a key length range for RC4
++ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
++ meta slot is disabled
++
++2008-12-02
++- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
++
++ 6723504 more granular locking in PKCS#11 engine
++ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
++ 6710420 PKCS#11 engine source should be lint clean
++ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
++ it seriously
++ 6746712 PKCS#11 engine source code should be cstyle clean
++ 6731380 return codes of several functions are not checked in the PKCS#11
++ engine code
++ 6746735 PKCS#11 engine should use extended FILE space API
++ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
++ meta slot is disabled
++
++2008-08-01
++- fixed bug
++
++ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
++ and digests
++
++- Solaris specific code for slot selection made automatic
++
++2008-07-29
++- update the patch to OpenSSL 0.9.8h version
++- pkcs11t.h updated to the latest version:
++
++ 6545665 make CKM_AES_CTR available to non-kernel users
++
++- fixed bugs in the engine code:
++
++ 6602801 PK11_SESSION cache has to employ reference counting scheme for
++ asymmetric key operations
++ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
++ atomically
++ 6607307 pkcs#11 engine can't read RSA private keys
++ 6652362 pk11_RSA_finish() is cutting corners
++ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
++ suboptimal way
++ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
++ resilient to destroy failures
++ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
++ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
++ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
++ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
++ of big numbers leading to failures
++ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
++ -1
++ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
++ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
++ checked
++ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
++ structure reuse
++ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
++ OPENSSL_NO_{RSA,DSA,DH}
++ defines but fails miserably
++ 6709966 make check_new_*() to return values to indicate cache hit/miss
++ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
++ generate_params parameter
++ 6709513 PKCS#11 engine sets IV length even for ECB modes
++ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
++ PKCS#11 engine
++ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
++
++- new features and enhancements:
++
++ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
++ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
++ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
++ ciphers and digests
++
++2007-10-15
++- update for 0.9.8f version
++- update for "6607670 teach pkcs#11 engine how to use keys be reference"
++
++2007-10-02
++- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
++- draft for "6607307 pkcs#11 engine can't read RSA private keys"
++
++2007-09-26
++- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
++ significant performance drop
++- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
++
++2007-05-25
++- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
++
++2007-05-19
++- initial patch for 0.9.8e using latest OpenSolaris code
++
++FAQs
++====
++
++(1) my build failed on Linux distro with this error:
++
++../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
++hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
++
++Answer:
++
++ - don't use "no-threads" when configuring
++ - if you didn't then OpenSSL failed to create a threaded library by
++ default. You may manually edit Configure and try again. Look for the
++ architecture that Configure printed, for example:
++
++Configured for linux-elf.
++
++ - then edit Configure, find string "linux-elf" (inluding the quotes),
++ and add flags to support threads to the 4th column of the 2nd string.
++ If you build with GCC then adding "-pthread" should be enough. With
++ "linux-elf" as an example, you would add " -pthread" right after
++ "-D_REENTRANT", like this:
++
++....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
++
++(2) I'm using MinGW/MSYS environment and get undeclared reference error for
++pthread_atfork() function when trying to build OpenSSL with the patch.
++
++Answer:
++
++ Sorry, pthread_atfork() is not implemented in the current pthread-win32
++ (as of Nov 2009). You can not use the patch there.
++
++
++Feedback
++========
++
++Please send feedback to security-discuss at opensolaris.org. The patch was
++created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
++
++Latest version should be always available on http://blogs.sun.com/janp.
++
+Index: openssl/crypto/opensslconf.h
+diff -u openssl/crypto/opensslconf.h:1.6.2.1 openssl/crypto/opensslconf.h:1.6
+--- openssl/crypto/opensslconf.h:1.6.2.1 Sun Jan 15 16:09:43 2012
++++ openssl/crypto/opensslconf.h Mon Jun 13 17:13:28 2011
+@@ -29,6 +29,9 @@
+
+ #endif /* OPENSSL_DOING_MAKEDEPEND */
+
++#ifndef OPENSSL_THREADS
++# define OPENSSL_THREADS
++#endif
+ #ifndef OPENSSL_NO_DYNAMIC_ENGINE
+ # define OPENSSL_NO_DYNAMIC_ENGINE
+ #endif
+@@ -61,6 +64,8 @@
+ # endif
+ #endif
+
++#define OPENSSL_CPUID_OBJ
++
+ /* crypto/opensslconf.h.in */
+
+ /* Generate 80386 code? */
+@@ -107,7 +112,7 @@
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+-#undef RC4_CHUNK
++#define RC4_CHUNK unsigned long
+ #endif
+ #endif
+
+@@ -115,7 +120,7 @@
+ /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+ #ifndef DES_LONG
+-#define DES_LONG unsigned long
++#define DES_LONG unsigned int
+ #endif
+ #endif
+
+@@ -126,9 +131,9 @@
+ /* Should we define BN_DIV2W here? */
+
+ /* Only one for the following should be defined */
+-#undef SIXTY_FOUR_BIT_LONG
++#define SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+-#define THIRTY_TWO_BIT
++#undef THIRTY_TWO_BIT
+ #endif
+
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+@@ -140,7 +145,7 @@
+
+ #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+ #define CONFIG_HEADER_BF_LOCL_H
+-#undef BF_PTR
++#define BF_PTR2
+ #endif /* HEADER_BF_LOCL_H */
+
+ #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+@@ -170,7 +175,7 @@
+ /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+ #ifndef DES_UNROLL
+-#undef DES_UNROLL
++#define DES_UNROLL
+ #endif
+
+ /* These default values were supplied by
+Index: openssl/crypto/bio/bss_file.c
+diff -u openssl/crypto/bio/bss_file.c:1.6.2.1 openssl/crypto/bio/bss_file.c:1.6
+--- openssl/crypto/bio/bss_file.c:1.6.2.1 Sun Jan 15 16:09:44 2012
++++ openssl/crypto/bio/bss_file.c Mon Jun 13 17:13:31 2011
+@@ -168,7 +168,7 @@
+ {
+ SYSerr(SYS_F_FOPEN,get_last_sys_error());
+ ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
+- if (errno == ENOENT)
++ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
+ BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
+ else
+ BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+Index: openssl/crypto/engine/Makefile
+diff -u openssl/crypto/engine/Makefile:1.8.2.1 openssl/crypto/engine/Makefile:1.8
+--- openssl/crypto/engine/Makefile:1.8.2.1 Sun Jan 15 16:09:46 2012
++++ openssl/crypto/engine/Makefile Tue Jun 14 21:51:32 2011
+@@ -21,12 +21,14 @@
+ eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+ tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
+- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
++ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
++ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
+ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+ eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+ tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
+- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
++ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
++ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
+
+ SRC= $(LIBSRC)
+
+@@ -264,6 +266,83 @@
+ eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+ eng_table.o: eng_table.c
++hw_pk11.o: ../../e_os.h ../../include/openssl/aes.h
++hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
++hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
++hw_pk11.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
++hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++hw_pk11.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
++hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/err.h
++hw_pk11.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
++hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
++hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++hw_pk11.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
++hw_pk11.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
++hw_pk11.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++hw_pk11.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++hw_pk11.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h hw_pk11.c
++hw_pk11.o: hw_pk11_err.c hw_pk11_err.h hw_pk11ca.h pkcs11.h pkcs11f.h pkcs11t.h
++hw_pk11_pub.o: ../../e_os.h ../../include/openssl/asn1.h
++hw_pk11_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
++hw_pk11_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
++hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
++hw_pk11_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
++hw_pk11_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
++hw_pk11_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
++hw_pk11_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
++hw_pk11_pub.o: ../../include/openssl/objects.h
++hw_pk11_pub.o: ../../include/openssl/opensslconf.h
++hw_pk11_pub.o: ../../include/openssl/opensslv.h
++hw_pk11_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
++hw_pk11_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
++hw_pk11_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
++hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++hw_pk11_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++hw_pk11_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11_pub.c hw_pk11ca.h
++hw_pk11_pub.o: pkcs11.h pkcs11f.h pkcs11t.h
++hw_pk11so.o: ../../e_os.h ../../include/openssl/asn1.h
++hw_pk11so.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
++hw_pk11so.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
++hw_pk11so.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
++hw_pk11so.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
++hw_pk11so.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
++hw_pk11so.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
++hw_pk11so.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++hw_pk11so.o: ../../include/openssl/opensslconf.h
++hw_pk11so.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
++hw_pk11so.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
++hw_pk11so.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++hw_pk11so.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++hw_pk11so.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h
++hw_pk11so.o: hw_pk11_err.c hw_pk11_err.h hw_pk11so.c hw_pk11so.h pkcs11.h
++hw_pk11so.o: pkcs11f.h pkcs11t.h
++hw_pk11so_pub.o: ../../e_os.h ../../include/openssl/asn1.h
++hw_pk11so_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
++hw_pk11so_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
++hw_pk11so_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
++hw_pk11so_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
++hw_pk11so_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
++hw_pk11so_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
++hw_pk11so_pub.o: ../../include/openssl/objects.h
++hw_pk11so_pub.o: ../../include/openssl/opensslconf.h
++hw_pk11so_pub.o: ../../include/openssl/opensslv.h
++hw_pk11so_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
++hw_pk11so_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
++hw_pk11so_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
++hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++hw_pk11so_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++hw_pk11so_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11so.h
++hw_pk11so_pub.o: hw_pk11so_pub.c pkcs11.h pkcs11f.h pkcs11t.h
+ tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
+ tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+Index: openssl/crypto/engine/cryptoki.h
+diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
+--- /dev/null Thu Jul 3 12:42:32 2014
++++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
+@@ -0,0 +1,103 @@
++/*
++ * CDDL HEADER START
++ *
++ * The contents of this file are subject to the terms of the
++ * Common Development and Distribution License, Version 1.0 only
++ * (the "License"). You may not use this file except in compliance
++ * with the License.
++ *
++ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
++ * or http://www.opensolaris.org/os/licensing.
++ * See the License for the specific language governing permissions
++ * and limitations under the License.
++ *
++ * When distributing Covered Code, include this CDDL HEADER in each
++ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
++ * If applicable, add the following below this CDDL HEADER, with the
++ * fields enclosed by brackets "[]" replaced with your own identifying
++ * information: Portions Copyright [yyyy] [name of copyright owner]
++ *
++ * CDDL HEADER END
++ */
++/*
++ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++#ifndef _CRYPTOKI_H
++#define _CRYPTOKI_H
++
++/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#ifndef CK_PTR
++#define CK_PTR *
++#endif
++
++#ifndef CK_DEFINE_FUNCTION
++#define CK_DEFINE_FUNCTION(returnType, name) returnType name
++#endif
++
++#ifndef CK_DECLARE_FUNCTION
++#define CK_DECLARE_FUNCTION(returnType, name) returnType name
++#endif
++
++#ifndef CK_DECLARE_FUNCTION_POINTER
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
++#endif
++
++#ifndef CK_CALLBACK_FUNCTION
++#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
++#endif
++
++#ifndef NULL_PTR
++#include <unistd.h> /* For NULL */
++#define NULL_PTR NULL
++#endif
++
++/*
++ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
++ */
++#ifndef CK_DISABLE_TRUE_FALSE
++#define CK_DISABLE_TRUE_FALSE
++#ifndef TRUE
++#define TRUE 1
++#endif /* TRUE */
++#ifndef FALSE
++#define FALSE 0
++#endif /* FALSE */
++#endif /* CK_DISABLE_TRUE_FALSE */
++
++#undef CK_PKCS11_FUNCTION_INFO
++
++#include "pkcs11.h"
++
++/* Solaris specific functions */
++
++#include <stdlib.h>
++
++/*
++ * SUNW_C_GetMechSession will initialize the framework and do all
++ * the necessary PKCS#11 calls to create a session capable of
++ * providing operations on the requested mechanism
++ */
++CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
++ CK_SESSION_HANDLE_PTR hSession);
++
++/*
++ * SUNW_C_KeyToObject will create a secret key object for the given
++ * mechanism from the rawkey data.
++ */
++CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
++ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
++ CK_OBJECT_HANDLE_PTR obj);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* _CRYPTOKI_H */
+Index: openssl/crypto/engine/eng_all.c
+diff -u openssl/crypto/engine/eng_all.c:1.5.2.1 openssl/crypto/engine/eng_all.c:1.5
+--- openssl/crypto/engine/eng_all.c:1.5.2.1 Sun Jan 15 16:09:46 2012
++++ openssl/crypto/engine/eng_all.c Mon Jun 13 17:13:35 2011
+@@ -111,6 +111,14 @@
+ #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ ENGINE_load_capi();
+ #endif
++#ifndef OPENSSL_NO_HW_PKCS11
++#ifndef OPENSSL_NO_HW_PKCS11CA
++ ENGINE_load_pk11ca();
++#endif
++#ifndef OPENSSL_NO_HW_PKCS11SO
++ ENGINE_load_pk11so();
++#endif
++#endif
+ #endif
+ }
+
+Index: openssl/crypto/engine/engine.h
+diff -u openssl/crypto/engine/engine.h:1.5.2.1 openssl/crypto/engine/engine.h:1.5
+--- openssl/crypto/engine/engine.h:1.5.2.1 Sun Jan 15 16:09:46 2012
++++ openssl/crypto/engine/engine.h Mon Jun 13 17:13:36 2011
+@@ -336,6 +336,12 @@
+ void ENGINE_load_ubsec(void);
+ void ENGINE_load_padlock(void);
+ void ENGINE_load_capi(void);
++#ifndef OPENSSL_NO_HW_PKCS11CA
++void ENGINE_load_pk11ca(void);
++#endif
++#ifndef OPENSSL_NO_HW_PKCS11SO
++void ENGINE_load_pk11so(void);
++#endif
+ #ifndef OPENSSL_NO_GMP
+ void ENGINE_load_gmp(void);
+ #endif
+Index: openssl/crypto/engine/hw_pk11.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30.4.2
+--- /dev/null Thu Jul 3 12:42:32 2014
++++ openssl/crypto/engine/hw_pk11.c Fri Oct 4 14:33:56 2013
+@@ -0,0 +1,4116 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/md5.h>
++#include <openssl/pem.h>
++#ifndef OPENSSL_NO_RSA
++#include <openssl/rsa.h>
++#endif
++#ifndef OPENSSL_NO_DSA
++#include <openssl/dsa.h>
++#endif
++#ifndef OPENSSL_NO_DH
++#include <openssl/dh.h>
++#endif
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++#include <openssl/aes.h>
++#include <openssl/des.h>
++
++#ifdef OPENSSL_SYS_WIN32
++typedef int pid_t;
++#define getpid() GetCurrentProcessId()
++#define NOPTHREADS
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <signal.h>
++#include <unistd.h>
++#include <dlfcn.h>
++#endif
++
++/* Debug mutexes */
++/*#undef DEBUG_MUTEX */
++#define DEBUG_MUTEX
++
++#ifndef NOPTHREADS
++/* for pthread error check on Linuxes */
++#ifdef DEBUG_MUTEX
++#define __USE_UNIX98
++#endif
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11CA
++
++/* label for debug messages printed on stderr */
++#define PK11_DBG "PKCS#11 ENGINE DEBUG"
++/* prints a lot of debug messages on stderr about slot selection process */
++/* #undef DEBUG_SLOT_SELECTION */
++/*
++ * Solaris specific code. See comment at check_hw_mechanisms() for more
++ * information.
++ */
++#if defined(__SVR4) && defined(__sun)
++#undef SOLARIS_HW_SLOT_SELECTION
++#endif
++
++/*
++ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
++ * there are official OIDs for mechanisms based on this mode. With our changes,
++ * an application can define its own EVP calls for AES counter mode and then
++ * it can make use of hardware acceleration through this engine. However, it's
++ * better if we keep AES CTR support code under ifdef's.
++ */
++#define SOLARIS_AES_CTR
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11ca.h"
++#include "hw_pk11_err.c"
++
++#ifdef SOLARIS_AES_CTR
++/*
++ * NIDs for AES counter mode that will be defined during the engine
++ * initialization.
++ */
++static int NID_aes_128_ctr = NID_undef;
++static int NID_aes_192_ctr = NID_undef;
++static int NID_aes_256_ctr = NID_undef;
++#endif /* SOLARIS_AES_CTR */
++
++/*
++ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
++ * uri_struct manipulation, and static token info. All of that is used by the
++ * RSA keys by reference feature.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *token_lock;
++#endif
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++/*
++ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
++ * library. See comment at check_hw_mechanisms() for more information.
++ */
++static int *hw_cnids;
++static int *hw_dnids;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++/* PKCS#11 session caches and their locks for all operation types */
++static PK11_CACHE session_cache[OP_MAX];
++
++/*
++ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
++ * logging into the token.
++ */
++CK_FLAGS pubkey_token_flags;
++
++/*
++ * As stated in v2.20, 11.7 Object Management Function, in section for
++ * C_FindObjectsInit(), at most one search operation may be active at a given
++ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
++ * grouped together to form one atomic search operation. This is already
++ * ensured by the property of unique PKCS#11 session handle used for each
++ * PK11_SESSION object.
++ *
++ * This is however not the biggest concern - maintaining consistency of the
++ * underlying object store is more important. The same section of the spec also
++ * says that one thread can be in the middle of a search operation while another
++ * thread destroys the object matching the search template which would result in
++ * invalid handle returned from the search operation.
++ *
++ * Hence, the following locks are used for both protection of the object stores.
++ * They are also used for active list protection.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *find_lock[OP_MAX] = { NULL };
++#endif
++
++/*
++ * lists of asymmetric key handles which are active (referenced by at least one
++ * PK11_SESSION structure, either held by a thread or present in free_session
++ * list) for given algorithm type
++ */
++PK11_active *active_list[OP_MAX] = { NULL };
++
++/*
++ * Create all secret key objects in a global session so that they are available
++ * to use for other sessions. These other sessions may be opened or closed
++ * without losing the secret key objects.
++ */
++static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
++
++/* ENGINE level stuff */
++static int pk11_init(ENGINE *e);
++static int pk11_library_init(ENGINE *e);
++static int pk11_finish(ENGINE *e);
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
++static int pk11_destroy(ENGINE *e);
++
++/* RAND stuff */
++static void pk11_rand_seed(const void *buf, int num);
++static void pk11_rand_add(const void *buf, int num, double add_entropy);
++static void pk11_rand_cleanup(void);
++static int pk11_rand_bytes(unsigned char *buf, int num);
++static int pk11_rand_status(void);
++
++/* These functions are also used in other files */
++PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++
++/* active list manipulation functions used in this file */
++extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
++extern void pk11_free_active_list(PK11_OPTYPE type);
++
++#ifndef OPENSSL_NO_RSA
++int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++#endif
++#ifndef OPENSSL_NO_DSA
++int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++#endif
++#ifndef OPENSSL_NO_DH
++int pk11_destroy_dh_key_objects(PK11_SESSION *session);
++int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
++#endif
++
++/* Local helper functions */
++static int pk11_free_all_sessions(void);
++static int pk11_free_session_list(PK11_OPTYPE optype);
++static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
++static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent);
++static const char *get_PK11_LIBNAME(void);
++static void free_PK11_LIBNAME(void);
++static long set_PK11_LIBNAME(const char *name);
++
++/* Symmetric cipher and digest support functions */
++static int cipher_nid_to_pk11(int nid);
++#ifdef SOLARIS_AES_CTR
++static int pk11_add_NID(char *sn, char *ln);
++static int pk11_add_aes_ctr_NIDs(void);
++#endif /* SOLARIS_AES_CTR */
++static int pk11_usable_ciphers(const int **nids);
++static int pk11_usable_digests(const int **nids);
++static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc);
++static int pk11_cipher_final(PK11_SESSION *sp);
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, unsigned int inl);
++#else
++static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl);
++#endif
++static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
++static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid);
++static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
++ const int **nids, int nid);
++static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
++static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
++ int key_len);
++static int md_nid_to_pk11(int nid);
++static int pk11_digest_init(EVP_MD_CTX *ctx);
++static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
++ size_t count);
++static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
++static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
++static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
++
++static int pk11_choose_slots(int *any_slot_found);
++static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
++ int *local_cipher_nids);
++static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_digest,
++ int *local_digest_nids);
++static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
++ int id);
++static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
++ int id);
++
++static int pk11_init_all_locks(void);
++static void pk11_free_all_locks(void);
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++static int check_hw_mechanisms(void);
++static int nid_in_table(int nid, int *nid_table);
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++/* Index for the supported ciphers */
++enum pk11_cipher_id {
++ PK11_DES_CBC,
++ PK11_DES3_CBC,
++ PK11_DES_ECB,
++ PK11_DES3_ECB,
++ PK11_RC4,
++ PK11_AES_128_CBC,
++ PK11_AES_192_CBC,
++ PK11_AES_256_CBC,
++ PK11_AES_128_ECB,
++ PK11_AES_192_ECB,
++ PK11_AES_256_ECB,
++ PK11_BLOWFISH_CBC,
++#ifdef SOLARIS_AES_CTR
++ PK11_AES_128_CTR,
++ PK11_AES_192_CTR,
++ PK11_AES_256_CTR,
++#endif /* SOLARIS_AES_CTR */
++ PK11_CIPHER_MAX
++};
++
++/* Index for the supported digests */
++enum pk11_digest_id {
++ PK11_MD5,
++ PK11_SHA1,
++ PK11_SHA224,
++ PK11_SHA256,
++ PK11_SHA384,
++ PK11_SHA512,
++ PK11_DIGEST_MAX
++};
++
++#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
++ { \
++ if (uselock) \
++ LOCK_OBJSTORE(alg_type); \
++ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
++ { \
++ retval = pk11_destroy_object(sp->session, obj_hdl, \
++ priv ? sp->priv_persistent : sp->pub_persistent); \
++ } \
++ if (uselock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ }
++
++static int cipher_nids[PK11_CIPHER_MAX];
++static int digest_nids[PK11_DIGEST_MAX];
++static int cipher_count = 0;
++static int digest_count = 0;
++static CK_BBOOL pk11_have_rsa = CK_FALSE;
++static CK_BBOOL pk11_have_recover = CK_FALSE;
++static CK_BBOOL pk11_have_dsa = CK_FALSE;
++static CK_BBOOL pk11_have_dh = CK_FALSE;
++static CK_BBOOL pk11_have_random = CK_FALSE;
++
++typedef struct PK11_CIPHER_st
++ {
++ enum pk11_cipher_id id;
++ int nid;
++ int iv_len;
++ int min_key_len;
++ int max_key_len;
++ CK_KEY_TYPE key_type;
++ CK_MECHANISM_TYPE mech_type;
++ } PK11_CIPHER;
++
++static PK11_CIPHER ciphers[] =
++ {
++ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
++ CKK_DES, CKM_DES_CBC, },
++ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
++ CKK_DES3, CKM_DES3_CBC, },
++ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
++ CKK_DES, CKM_DES_ECB, },
++ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
++ CKK_DES3, CKM_DES3_ECB, },
++ { PK11_RC4, NID_rc4, 0, 16, 256,
++ CKK_RC4, CKM_RC4, },
++ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
++ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
++#ifdef SOLARIS_AES_CTR
++ /* we don't know the correct NIDs until the engine is initialized */
++ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
++ CKK_AES, CKM_AES_CTR, },
++ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
++ CKK_AES, CKM_AES_CTR, },
++ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
++ CKK_AES, CKM_AES_CTR, },
++#endif /* SOLARIS_AES_CTR */
++ };
++
++typedef struct PK11_DIGEST_st
++ {
++ enum pk11_digest_id id;
++ int nid;
++ CK_MECHANISM_TYPE mech_type;
++ } PK11_DIGEST;
++
++static PK11_DIGEST digests[] =
++ {
++ {PK11_MD5, NID_md5, CKM_MD5, },
++ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
++ {PK11_SHA224, NID_sha224, CKM_SHA224, },
++ {PK11_SHA256, NID_sha256, CKM_SHA256, },
++ {PK11_SHA384, NID_sha384, CKM_SHA384, },
++ {PK11_SHA512, NID_sha512, CKM_SHA512, },
++ {0, NID_undef, 0xFFFF, },
++ };
++
++/*
++ * Structure to be used for the cipher_data/md_data in
++ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
++ * session in multiple cipher_update calls
++ */
++typedef struct PK11_CIPHER_STATE_st
++ {
++ PK11_SESSION *sp;
++ } PK11_CIPHER_STATE;
++
++
++/*
++ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
++ * called when libcrypto requests a cipher NID.
++ *
++ * Note how the PK11_CIPHER_STATE is used here.
++ */
++
++/* DES CBC EVP */
++static const EVP_CIPHER pk11_des_cbc =
++ {
++ NID_des_cbc,
++ 8, 8, 8,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/* 3DES CBC EVP */
++static const EVP_CIPHER pk11_3des_cbc =
++ {
++ NID_des_ede3_cbc,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/*
++ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
++ * get_asn1_parameters fields are set to NULL.
++ */
++static const EVP_CIPHER pk11_des_ecb =
++ {
++ NID_des_ecb,
++ 8, 8, 8,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_3des_ecb =
++ {
++ NID_des_ede3_ecb,
++ 8, 24, 8,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++
++static const EVP_CIPHER pk11_aes_128_cbc =
++ {
++ NID_aes_128_cbc,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_192_cbc =
++ {
++ NID_aes_192_cbc,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_256_cbc =
++ {
++ NID_aes_256_cbc,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/*
++ * ECB modes don't use IV so that's why set_asn1_parameters and
++ * get_asn1_parameters are set to NULL.
++ */
++static const EVP_CIPHER pk11_aes_128_ecb =
++ {
++ NID_aes_128_ecb,
++ 16, 16, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_192_ecb =
++ {
++ NID_aes_192_ecb,
++ 16, 24, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_256_ecb =
++ {
++ NID_aes_256_ecb,
++ 16, 32, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++#ifdef SOLARIS_AES_CTR
++/*
++ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
++ * created in pk11_library_init(). Note that the need to change these structures
++ * is the reason why we don't define them with the const keyword.
++ */
++static EVP_CIPHER pk11_aes_128_ctr =
++ {
++ NID_undef,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static EVP_CIPHER pk11_aes_192_ctr =
++ {
++ NID_undef,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static EVP_CIPHER pk11_aes_256_ctr =
++ {
++ NID_undef,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++#endif /* SOLARIS_AES_CTR */
++
++static const EVP_CIPHER pk11_bf_cbc =
++ {
++ NID_bf_cbc,
++ 8, 16, 8,
++ EVP_CIPH_VARIABLE_LENGTH,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_rc4 =
++ {
++ NID_rc4,
++ 1, 16, 0,
++ EVP_CIPH_VARIABLE_LENGTH,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_MD pk11_md5 =
++ {
++ NID_md5,
++ NID_md5WithRSAEncryption,
++ MD5_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ MD5_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha1 =
++ {
++ NID_sha1,
++ NID_sha1WithRSAEncryption,
++ SHA_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha224 =
++ {
++ NID_sha224,
++ NID_sha224WithRSAEncryption,
++ SHA224_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ /* SHA-224 uses the same cblock size as SHA-256 */
++ SHA256_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha256 =
++ {
++ NID_sha256,
++ NID_sha256WithRSAEncryption,
++ SHA256_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA256_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha384 =
++ {
++ NID_sha384,
++ NID_sha384WithRSAEncryption,
++ SHA384_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ /* SHA-384 uses the same cblock size as SHA-512 */
++ SHA512_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha512 =
++ {
++ NID_sha512,
++ NID_sha512WithRSAEncryption,
++ SHA512_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA512_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * The definitions for control commands specific to this engine
++ */
++#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
++#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
++#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
++static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
++ {
++ {
++ PK11_CMD_SO_PATH,
++ "SO_PATH",
++ "Specifies the path to the 'pkcs#11' shared library",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_PIN,
++ "PIN",
++ "Specifies the pin code",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_SLOT,
++ "SLOT",
++ "Specifies the slot (default is auto select)",
++ ENGINE_CMD_FLAG_NUMERIC,
++ },
++ {0, NULL, NULL, 0}
++ };
++
++
++static RAND_METHOD pk11_random =
++ {
++ pk11_rand_seed,
++ pk11_rand_bytes,
++ pk11_rand_cleanup,
++ pk11_rand_add,
++ pk11_rand_bytes,
++ pk11_rand_status
++ };
++
++
++/* Constants used when creating the ENGINE */
++#ifdef OPENSSL_NO_HW_PK11SO
++#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
++#endif
++static const char *engine_pk11_id = "pkcs11";
++static const char *engine_pk11_name =
++ "PKCS #11 engine support (crypto accelerator)";
++
++CK_FUNCTION_LIST_PTR pFuncList = NULL;
++static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
++
++/*
++ * This is a static string constant for the DSO file name and the function
++ * symbol names to bind to. We set it in the Configure script based on whether
++ * this is 32 or 64 bit build.
++ */
++static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
++CK_SLOT_ID pubkey_SLOTID = 0;
++static CK_SLOT_ID rand_SLOTID = 0;
++static CK_SLOT_ID SLOTID = 0;
++char *pk11_pin = NULL;
++static CK_BBOOL pk11_library_initialized = FALSE;
++static CK_BBOOL pk11_atfork_initialized = FALSE;
++static int pk11_pid = 0;
++
++static DSO *pk11_dso = NULL;
++
++/* allocate and initialize all locks used by the engine itself */
++static int pk11_init_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++ pthread_mutexattr_t attr;
++
++ if (pthread_mutexattr_init(&attr) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 100);
++ return (0);
++ }
++
++#ifdef DEBUG_MUTEX
++ if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 101);
++ return (0);
++ }
++#endif
++
++ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(token_lock, &attr);
++
++#ifndef OPENSSL_NO_RSA
++ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_RSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_RSA], &attr);
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_DSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_DSA], &attr);
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_DH] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_DH], &attr);
++#endif /* OPENSSL_NO_DH */
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ session_cache[type].lock =
++ OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (session_cache[type].lock == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(session_cache[type].lock, &attr);
++ }
++
++ return (1);
++
++malloc_err:
++ pk11_free_all_locks();
++ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
++ return (0);
++#else
++ return (1);
++#endif
++ }
++
++static void pk11_free_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++
++ if (token_lock != NULL)
++ {
++ (void) pthread_mutex_destroy(token_lock);
++ OPENSSL_free(token_lock);
++ token_lock = NULL;
++ }
++
++#ifndef OPENSSL_NO_RSA
++ if (find_lock[OP_RSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
++ OPENSSL_free(find_lock[OP_RSA]);
++ find_lock[OP_RSA] = NULL;
++ }
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ if (find_lock[OP_DSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
++ OPENSSL_free(find_lock[OP_DSA]);
++ find_lock[OP_DSA] = NULL;
++ }
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ if (find_lock[OP_DH] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_DH]);
++ OPENSSL_free(find_lock[OP_DH]);
++ find_lock[OP_DH] = NULL;
++ }
++#endif /* OPENSSL_NO_DH */
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (session_cache[type].lock != NULL)
++ {
++ (void) pthread_mutex_destroy(session_cache[type].lock);
++ OPENSSL_free(session_cache[type].lock);
++ session_cache[type].lock = NULL;
++ }
++ }
++#endif
++ }
++
++/*
++ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
++ */
++static int bind_pk11(ENGINE *e)
++ {
++#ifndef OPENSSL_NO_RSA
++ const RSA_METHOD *rsa = NULL;
++ RSA_METHOD *pk11_rsa = PK11_RSA();
++#endif /* OPENSSL_NO_RSA */
++ if (!pk11_library_initialized)
++ if (!pk11_library_init(e))
++ return (0);
++
++ if (!ENGINE_set_id(e, engine_pk11_id) ||
++ !ENGINE_set_name(e, engine_pk11_name) ||
++ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
++ !ENGINE_set_digests(e, pk11_engine_digests))
++ return (0);
++#ifndef OPENSSL_NO_RSA
++ if (pk11_have_rsa == CK_TRUE)
++ {
++ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
++ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
++ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ if (pk11_have_dsa == CK_TRUE)
++ {
++ if (!ENGINE_set_DSA(e, PK11_DSA()))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ if (pk11_have_dh == CK_TRUE)
++ {
++ if (!ENGINE_set_DH(e, PK11_DH()))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_DH */
++ if (pk11_have_random)
++ {
++ if (!ENGINE_set_RAND(e, &pk11_random))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered random\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++ if (!ENGINE_set_init_function(e, pk11_init) ||
++ !ENGINE_set_destroy_function(e, pk11_destroy) ||
++ !ENGINE_set_finish_function(e, pk11_finish) ||
++ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
++ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
++ return (0);
++
++/*
++ * Apache calls OpenSSL function RSA_blinding_on() once during startup
++ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
++ * here, we wire it back to the OpenSSL software implementation.
++ * Since it is used only once, performance is not a concern.
++ */
++#ifndef OPENSSL_NO_RSA
++ rsa = RSA_PKCS1_SSLeay();
++ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
++ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
++ if (pk11_have_recover != CK_TRUE)
++ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
++#endif /* OPENSSL_NO_RSA */
++
++ /* Ensure the pk11 error handling is set up */
++ ERR_load_pk11_strings();
++
++ return (1);
++ }
++
++/* Dynamic engine support is disabled at a higher level for Solaris */
++#ifdef ENGINE_DYNAMIC_SUPPORT
++#error "dynamic engine not supported"
++static int bind_helper(ENGINE *e, const char *id)
++ {
++ if (id && (strcmp(id, engine_pk11_id) != 0))
++ return (0);
++
++ if (!bind_pk11(e))
++ return (0);
++
++ return (1);
++ }
++
++IMPLEMENT_DYNAMIC_CHECK_FN()
++IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
++
++#else
++static ENGINE *engine_pk11(void)
++ {
++ ENGINE *ret = ENGINE_new();
++
++ if (!ret)
++ return (NULL);
++
++ if (!bind_pk11(ret))
++ {
++ ENGINE_free(ret);
++ return (NULL);
++ }
++
++ return (ret);
++ }
++
++void
++ENGINE_load_pk11(void)
++ {
++ ENGINE *e_pk11 = NULL;
++
++ /*
++ * Do not use dynamic PKCS#11 library on Solaris due to
++ * security reasons. We will link it in statically.
++ */
++ /* Attempt to load PKCS#11 library */
++ if (!pk11_dso)
++ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
++ return;
++ }
++
++ e_pk11 = engine_pk11();
++ if (!e_pk11)
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ return;
++ }
++
++ /*
++ * At this point, the pk11 shared library is either dynamically
++ * loaded or statically linked in. So, initialize the pk11
++ * library before calling ENGINE_set_default since the latter
++ * needs cipher and digest algorithm information
++ */
++ if (!pk11_library_init(e_pk11))
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ ENGINE_free(e_pk11);
++ return;
++ }
++
++ ENGINE_add(e_pk11);
++
++ ENGINE_free(e_pk11);
++ ERR_clear_error();
++ }
++#endif /* ENGINE_DYNAMIC_SUPPORT */
++
++/*
++ * These are the static string constants for the DSO file name and
++ * the function symbol names to bind to.
++ */
++static const char *PK11_LIBNAME = NULL;
++
++static const char *get_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ return (PK11_LIBNAME);
++
++ return (def_PK11_LIBNAME);
++ }
++
++static void free_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ OPENSSL_free((void*)PK11_LIBNAME);
++
++ PK11_LIBNAME = NULL;
++ }
++
++static long set_PK11_LIBNAME(const char *name)
++ {
++ free_PK11_LIBNAME();
++
++ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
++ }
++
++/* acquire all engine specific mutexes before fork */
++static void pk11_fork_prepare(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ LOCK_OBJSTORE(OP_RSA);
++ LOCK_OBJSTORE(OP_DSA);
++ LOCK_OBJSTORE(OP_DH);
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++ for (i = 0; i < OP_MAX; i++)
++ {
++ OPENSSL_assert(pthread_mutex_lock(session_cache[i].lock) == 0);
++ }
++#endif
++ }
++
++/* release all engine specific mutexes */
++static void pk11_fork_parent(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_DH);
++ UNLOCK_OBJSTORE(OP_DSA);
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/*
++ * same situation as in parent - we need to unlock all locks to make them
++ * accessible to all threads.
++ */
++static void pk11_fork_child(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_DH);
++ UNLOCK_OBJSTORE(OP_DSA);
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/* Initialization function for the pk11 engine */
++static int pk11_init(ENGINE *e)
++{
++ return (pk11_library_init(e));
++}
++
++static CK_C_INITIALIZE_ARGS pk11_init_args =
++ {
++ NULL_PTR, /* CreateMutex */
++ NULL_PTR, /* DestroyMutex */
++ NULL_PTR, /* LockMutex */
++ NULL_PTR, /* UnlockMutex */
++ CKF_OS_LOCKING_OK, /* flags */
++ NULL_PTR, /* pReserved */
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * It selects a slot based on predefined critiera. In the process, it also
++ * count how many ciphers and digests to support. Since the cipher and
++ * digest information is needed when setting default engine, this function
++ * needs to be called before calling ENGINE_set_default.
++ */
++/* ARGSUSED */
++static int pk11_library_init(ENGINE *e)
++ {
++ CK_C_GetFunctionList p;
++ CK_RV rv = CKR_OK;
++ CK_INFO info;
++ CK_ULONG ul_state_len;
++ int any_slot_found;
++ int i;
++#ifndef OPENSSL_SYS_WIN32
++ struct sigaction sigint_act, sigterm_act, sighup_act;
++#endif
++
++ /*
++ * pk11_library_initialized is set to 0 in pk11_finish() which
++ * is called from ENGINE_finish(). However, if there is still
++ * at least one existing functional reference to the engine
++ * (see engine(3) for more information), pk11_finish() is
++ * skipped. For example, this can happen if an application
++ * forgets to clear one cipher context. In case of a fork()
++ * when the application is finishing the engine so that it can
++ * be reinitialized in the child, forgotten functional
++ * reference causes pk11_library_initialized to stay 1. In
++ * that case we need the PID check so that we properly
++ * initialize the engine again.
++ */
++ if (pk11_library_initialized)
++ {
++ if (pk11_pid == getpid())
++ {
++ return (1);
++ }
++ else
++ {
++ global_session = CK_INVALID_HANDLE;
++ /*
++ * free the locks first to prevent memory leak in case
++ * the application calls fork() without finishing the
++ * engine first.
++ */
++ pk11_free_all_locks();
++ }
++ }
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++#ifdef SOLARIS_AES_CTR
++ /*
++ * We must do this before we start working with slots since we need all
++ * NIDs there.
++ */
++ if (pk11_add_aes_ctr_NIDs() == 0)
++ goto err;
++#endif /* SOLARIS_AES_CTR */
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (check_hw_mechanisms() == 0)
++ goto err;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++ /* get the C_GetFunctionList function from the loaded library */
++ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
++ PK11_GET_FUNCTION_LIST);
++ if (!p)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ rv = p(&pFuncList);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
++ goto err;
++ }
++
++#ifndef OPENSSL_SYS_WIN32
++ /* Not all PKCS#11 library are signal safe! */
++
++ (void) memset(&sigint_act, 0, sizeof(sigint_act));
++ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
++ (void) memset(&sighup_act, 0, sizeof(sighup_act));
++ (void) sigaction(SIGINT, NULL, &sigint_act);
++ (void) sigaction(SIGTERM, NULL, &sigterm_act);
++ (void) sigaction(SIGHUP, NULL, &sighup_act);
++#endif
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++#ifndef OPENSSL_SYS_WIN32
++ (void) sigaction(SIGINT, &sigint_act, NULL);
++ (void) sigaction(SIGTERM, &sigterm_act, NULL);
++ (void) sigaction(SIGHUP, &sighup_act, NULL);
++#endif
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetInfo(&info);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
++ goto err;
++ }
++
++ if (pk11_choose_slots(&any_slot_found) == 0)
++ goto err;
++
++ /*
++ * The library we use, set in def_PK11_LIBNAME, may not offer any
++ * slot(s). In that case, we must not proceed but we must not return an
++ * error. The reason is that applications that try to set up the PKCS#11
++ * engine don't exit on error during the engine initialization just
++ * because no slot was present.
++ */
++ if (any_slot_found == 0)
++ return (1);
++
++ if (global_session == CK_INVALID_HANDLE)
++ {
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT,
++ PK11_R_OPENSESSION, rv);
++ goto err;
++ }
++ }
++
++ /*
++ * Disable digest if C_GetOperationState is not supported since
++ * this function is required by OpenSSL digest copy function
++ */
++ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
++ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
++ != CKR_OK) {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: C_GetOperationState() not supported, "
++ "setting digest_count to 0\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ digest_count = 0;
++ }
++
++ pk11_library_initialized = TRUE;
++ pk11_pid = getpid();
++ /*
++ * if initialization of the locks fails pk11_init_all_locks()
++ * will do the cleanup.
++ */
++ if (!pk11_init_all_locks())
++ goto err;
++ for (i = 0; i < OP_MAX; i++)
++ session_cache[i].head = NULL;
++ /*
++ * initialize active lists. We only use active lists
++ * for asymmetric ciphers.
++ */
++ for (i = 0; i < OP_MAX; i++)
++ active_list[i] = NULL;
++
++#ifndef NOPTHREADS
++ if (!pk11_atfork_initialized)
++ {
++ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
++ pk11_fork_child) != 0)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
++ goto err;
++ }
++ pk11_atfork_initialized = TRUE;
++ }
++#endif
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Destructor (complements the "ENGINE_pk11()" constructor) */
++/* ARGSUSED */
++static int pk11_destroy(ENGINE *e)
++ {
++ free_PK11_LIBNAME();
++ ERR_unload_pk11_strings();
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++ return (1);
++ }
++
++/*
++ * Termination function to clean up the session, the token, and the pk11
++ * library.
++ */
++/* ARGSUSED */
++static int pk11_finish(ENGINE *e)
++ {
++ int i;
++
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
++ goto err;
++ }
++
++ OPENSSL_assert(pFuncList != NULL);
++
++ if (pk11_free_all_sessions() == 0)
++ goto err;
++
++ /* free all active lists */
++ for (i = 0; i < OP_MAX; i++)
++ pk11_free_active_list(i);
++
++ pFuncList->C_CloseSession(global_session);
++ global_session = CK_INVALID_HANDLE;
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects.
++ */
++#if 0
++ pFuncList->C_Finalize(NULL);
++#endif
++
++ if (!DSO_free(pk11_dso))
++ {
++ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++ pk11_dso = NULL;
++ pFuncList = NULL;
++ pk11_library_initialized = FALSE;
++ pk11_pid = 0;
++ /*
++ * There is no way how to unregister atfork handlers (other than
++ * unloading the library) so we just free the locks. For this reason
++ * the atfork handlers check if the engine is initialized and bail out
++ * immediately if not. This is necessary in case a process finishes
++ * the engine before calling fork().
++ */
++ pk11_free_all_locks();
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Standard engine interface function to set the dynamic library path */
++/* ARGSUSED */
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
++ {
++ int initialized = ((pk11_dso == NULL) ? 0 : 1);
++
++ switch (cmd)
++ {
++ case PK11_CMD_SO_PATH:
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ if (initialized)
++ {
++ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
++ return (0);
++ }
++
++ return (set_PK11_LIBNAME((const char *)p));
++ case PK11_CMD_PIN:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ pk11_pin = BUF_strdup(p);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ return (1);
++ case PK11_CMD_SLOT:
++ SLOTID = (CK_SLOT_ID)i;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: slot set\n", PK11_DBG);
++#endif
++ return (1);
++ default:
++ break;
++ }
++
++ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
++
++ return (0);
++ }
++
++
++/* Required function by the engine random interface. It does nothing here */
++static void pk11_rand_cleanup(void)
++ {
++ return;
++ }
++
++/* ARGSUSED */
++static void pk11_rand_add(const void *buf, int num, double add)
++ {
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return;
++
++ /*
++ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
++ * the calling functions do not care anyway
++ */
++ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
++ pk11_return_session(sp, OP_RAND);
++
++ return;
++ }
++
++static void pk11_rand_seed(const void *buf, int num)
++ {
++ pk11_rand_add(buf, num, 0);
++ }
++
++static int pk11_rand_bytes(unsigned char *buf, int num)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return (0);
++
++ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
++ pk11_return_session(sp, OP_RAND);
++ return (0);
++ }
++
++ pk11_return_session(sp, OP_RAND);
++ return (1);
++ }
++
++/* Required function by the engine random interface. It does nothing here */
++static int pk11_rand_status(void)
++ {
++ return (1);
++ }
++
++/* Free all BIGNUM structures from PK11_SESSION. */
++static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ switch (optype)
++ {
++#ifndef OPENSSL_NO_RSA
++ case OP_RSA:
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++ break;
++#endif
++#ifndef OPENSSL_NO_DSA
++ case OP_DSA:
++ if (sp->opdata_dsa_pub_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_pub_num);
++ sp->opdata_dsa_pub_num = NULL;
++ }
++ if (sp->opdata_dsa_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_priv_num);
++ sp->opdata_dsa_priv_num = NULL;
++ }
++ break;
++#endif
++#ifndef OPENSSL_NO_DH
++ case OP_DH:
++ if (sp->opdata_dh_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dh_priv_num);
++ sp->opdata_dh_priv_num = NULL;
++ }
++ break;
++#endif
++ default:
++ break;
++ }
++ }
++
++/*
++ * Get new PK11_SESSION structure ready for use. Every process must have
++ * its own freelist of PK11_SESSION structures so handle fork() here
++ * by destroying the old and creating new freelist.
++ * The returned PK11_SESSION structure is disconnected from the freelist.
++ */
++PK11_SESSION *
++pk11_get_session(PK11_OPTYPE optype)
++ {
++ PK11_SESSION *sp = NULL, *sp1, *freelist;
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock = NULL;
++#endif
++ static pid_t pid = 0;
++ pid_t new_pid;
++ CK_RV rv;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (NULL);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ /*
++ * Will use it to find out if we forked. We cannot use the PID field in
++ * the session structure because we could get a newly allocated session
++ * here, with no PID information.
++ */
++ if (pid == 0)
++ pid = getpid();
++
++ freelist = session_cache[optype].head;
++ sp = freelist;
++
++ /*
++ * If the free list is empty, allocate new unitialized (filled
++ * with zeroes) PK11_SESSION structure otherwise return first
++ * structure from the freelist.
++ */
++ if (sp == NULL)
++ {
++ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ (void) memset(sp, 0, sizeof (PK11_SESSION));
++
++ /*
++ * It is a new session so it will look like a cache miss to the
++ * code below. So, we must not try to to destroy its members so
++ * mark them as unused.
++ */
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ }
++ else
++ {
++ freelist = sp->next;
++ }
++
++ /*
++ * Check whether we have forked. In that case, we must get rid of all
++ * inherited sessions and start allocating new ones.
++ */
++ if (pid != (new_pid = getpid()))
++ {
++ pid = new_pid;
++
++ /*
++ * We are a new process and thus need to free any inherited
++ * PK11_SESSION objects aside from the first session (sp) which
++ * is the only PK11_SESSION structure we will reuse (for the
++ * head of the list).
++ */
++ while ((sp1 = freelist) != NULL)
++ {
++ freelist = sp1->next;
++ /*
++ * NOTE: we do not want to call pk11_free_all_sessions()
++ * here because it would close underlying PKCS#11
++ * sessions and destroy all objects.
++ */
++ pk11_free_nums(sp1, optype);
++ OPENSSL_free(sp1);
++ }
++
++ /* we have to free the active list as well. */
++ pk11_free_active_list(optype);
++
++ /* Initialize the process */
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * Choose slot here since the slot table is different on this
++ * process. If we are here then we must have found at least one
++ * usable slot before so we don't need to check any_slot_found.
++ * See pk11_library_init()'s usage of this function for more
++ * information.
++ */
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (check_hw_mechanisms() == 0)
++ goto err;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ if (pk11_choose_slots(NULL) == 0)
++ goto err;
++
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * It is an inherited session from our parent so it needs
++ * re-initialization.
++ */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++ if (pk11_token_relogin(sp->session) == 0)
++ {
++ /*
++ * We will keep the session in the cache list and let
++ * the caller cope with the situation.
++ */
++ freelist = sp;
++ sp = NULL;
++ goto err;
++ }
++ }
++
++ if (sp->pid == 0)
++ {
++ /* It is a new session and needs initialization. */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ }
++ }
++
++ /* set new head for the list of PK11_SESSION objects */
++ session_cache[optype].head = freelist;
++
++err:
++ if (sp != NULL)
++ sp->next = NULL;
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (sp);
++ }
++
++
++void
++pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ PK11_SESSION *freelist;
++
++ /*
++ * If this is a session from the parent it will be taken care of and
++ * freed in pk11_get_session() as part of the post-fork clean up the
++ * next time we will ask for a new session.
++ */
++ if (sp == NULL || sp->pid != getpid())
++ return;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_RETURN_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return;
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ sp->next = freelist;
++ session_cache[optype].head = sp;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++
++
++/* Destroy all objects. This function is called when the engine is finished */
++static int pk11_free_all_sessions()
++ {
++ int ret = 1;
++ int type;
++
++#ifndef OPENSSL_NO_RSA
++ (void) pk11_destroy_rsa_key_objects(NULL);
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ (void) pk11_destroy_dsa_key_objects(NULL);
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ (void) pk11_destroy_dh_key_objects(NULL);
++#endif /* OPENSSL_NO_DH */
++ (void) pk11_destroy_cipher_key_objects(NULL);
++
++ /*
++ * We try to release as much as we can but any error means that we will
++ * return 0 on exit.
++ */
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (pk11_free_session_list(type) == 0)
++ ret = 0;
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy session structures from the linked list specified. Free as many
++ * sessions as possible but any failure in C_CloseSession() means that we
++ * return an error on return.
++ */
++static int pk11_free_session_list(PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *freelist = NULL;
++ pid_t mypid = getpid();
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ int ret = 1;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ while ((sp = freelist) != NULL)
++ {
++ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
++ {
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_CLOSESESSION, rv);
++ ret = 0;
++ }
++ }
++ freelist = sp->next;
++ pk11_free_nums(sp, optype);
++ OPENSSL_free(sp);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (ret);
++ }
++
++
++static int
++pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ CK_SLOT_ID myslot;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ myslot = pubkey_SLOTID;
++ break;
++ case OP_RAND:
++ myslot = rand_SLOTID;
++ break;
++ case OP_DIGEST:
++ case OP_CIPHER:
++ myslot = SLOTID;
++ break;
++ default:
++ PK11err(PK11_F_SETUP_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++ sp->session = CK_INVALID_HANDLE;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
++ {
++ /*
++ * We are probably a child process so force the
++ * reinitialize of the session
++ */
++ pk11_library_initialized = FALSE;
++ if (!pk11_library_init(NULL))
++ return (0);
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ }
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ sp->pid = getpid();
++
++ switch (optype)
++ {
++#ifndef OPENSSL_NO_RSA
++ case OP_RSA:
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ sp->opdata_rsa_n_num = NULL;
++ sp->opdata_rsa_e_num = NULL;
++ sp->opdata_rsa_priv = NULL;
++ sp->opdata_rsa_pn_num = NULL;
++ sp->opdata_rsa_pe_num = NULL;
++ sp->opdata_rsa_d_num = NULL;
++ break;
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ case OP_DSA:
++ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_pub = NULL;
++ sp->opdata_dsa_pub_num = NULL;
++ sp->opdata_dsa_priv = NULL;
++ sp->opdata_dsa_priv_num = NULL;
++ break;
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ case OP_DH:
++ sp->opdata_dh_key = CK_INVALID_HANDLE;
++ sp->opdata_dh = NULL;
++ sp->opdata_dh_priv_num = NULL;
++ break;
++#endif /* OPENSSL_NO_DH */
++ case OP_CIPHER:
++ sp->opdata_cipher_key = CK_INVALID_HANDLE;
++ sp->opdata_encrypt = -1;
++ break;
++ default:
++ break;
++ }
++
++ /*
++ * We always initialize the session as containing a non-persistent
++ * object. The key load functions set it to persistent if that is so.
++ */
++ sp->pub_persistent = CK_FALSE;
++ sp->priv_persistent = CK_FALSE;
++ return (1);
++ }
++
++#ifndef OPENSSL_NO_RSA
++/* Destroy RSA public key from single session. */
++int
++pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
++ ret, uselock, OP_RSA, CK_FALSE);
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy RSA private key from single session. */
++int
++pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
++ ret, uselock, OP_RSA, CK_TRUE);
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv = NULL;
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * For the RSA key by reference code, public components 'n'/'e'
++ * are the key components we use to check for the cache hit. We
++ * must free those as well.
++ */
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_rsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_RSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_RSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_RSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++/* Destroy DSA public key from single session. */
++int
++pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
++ ret, uselock, OP_DSA, CK_FALSE);
++ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_pub = NULL;
++ if (sp->opdata_dsa_pub_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_pub_num);
++ sp->opdata_dsa_pub_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy DSA private key from single session. */
++int
++pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
++ ret, uselock, OP_DSA, CK_TRUE);
++ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_priv = NULL;
++ if (sp->opdata_dsa_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_priv_num);
++ sp->opdata_dsa_priv_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_dsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_DSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_DSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_DSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++/* Destroy DH key from single session. */
++int
++pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
++ ret, uselock, OP_DH, CK_TRUE);
++ sp->opdata_dh_key = CK_INVALID_HANDLE;
++ sp->opdata_dh = NULL;
++ if (sp->opdata_dh_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dh_priv_num);
++ sp->opdata_dh_priv_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy DH key object wrapper.
++ *
++ * arg0: pointer to PKCS#11 engine session structure
++ * if session is NULL, try to destroy all objects in the free list
++ */
++int
++pk11_destroy_dh_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_DH].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_DH].head;
++ uselock = FALSE;
++ }
++
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_dh_object(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_DH].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_DH */
++
++static int
++pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent)
++ {
++ CK_RV rv;
++
++ /*
++ * We never try to destroy persistent objects which are the objects
++ * stored in the keystore. Also, we always use read-only sessions so
++ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
++ */
++ if (persistent == CK_TRUE)
++ return (1);
++
++ rv = pFuncList->C_DestroyObject(session, oh);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
++ rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++
++/* Symmetric ciphers and digests support functions */
++
++static int
++cipher_nid_to_pk11(int nid)
++ {
++ int i;
++
++ for (i = 0; i < PK11_CIPHER_MAX; i++)
++ if (ciphers[i].nid == nid)
++ return (ciphers[i].id);
++ return (-1);
++ }
++
++static int
++pk11_usable_ciphers(const int **nids)
++ {
++ if (cipher_count > 0)
++ *nids = cipher_nids;
++ else
++ *nids = NULL;
++ return (cipher_count);
++ }
++
++static int
++pk11_usable_digests(const int **nids)
++ {
++ if (digest_count > 0)
++ *nids = digest_nids;
++ else
++ *nids = NULL;
++ return (digest_count);
++ }
++
++/*
++ * Init context for encryption or decryption using a symmetric key.
++ */
++static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
++ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
++ {
++ CK_RV rv;
++#ifdef SOLARIS_AES_CTR
++ CK_AES_CTR_PARAMS ctr_params;
++#endif /* SOLARIS_AES_CTR */
++
++ /*
++ * We expect pmech->mechanism to be already set and
++ * pParameter/ulParameterLen initialized to NULL/0 before
++ * pk11_init_symetric() is called.
++ */
++ OPENSSL_assert(pmech->mechanism != 0);
++ OPENSSL_assert(pmech->pParameter == NULL);
++ OPENSSL_assert(pmech->ulParameterLen == 0);
++
++#ifdef SOLARIS_AES_CTR
++ if (ctx->cipher->nid == NID_aes_128_ctr ||
++ ctx->cipher->nid == NID_aes_192_ctr ||
++ ctx->cipher->nid == NID_aes_256_ctr)
++ {
++ pmech->pParameter = (void *)(&ctr_params);
++ pmech->ulParameterLen = sizeof (ctr_params);
++ /*
++ * For now, we are limited to the fixed length of the counter,
++ * it covers the whole counter block. That's what RFC 4344
++ * needs. For more information on internal structure of the
++ * counter block, see RFC 3686. If needed in the future, we can
++ * add code so that the counter length can be set via
++ * ENGINE_ctrl() function.
++ */
++ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
++ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
++ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
++ }
++ else
++#endif /* SOLARIS_AES_CTR */
++ {
++ if (pcipher->iv_len > 0)
++ {
++ pmech->pParameter = (void *)ctx->iv;
++ pmech->ulParameterLen = pcipher->iv_len;
++ }
++ }
++
++ /* if we get here, the encryption needs to be reinitialized */
++ if (ctx->encrypt)
++ rv = pFuncList->C_EncryptInit(sp->session, pmech,
++ sp->opdata_cipher_key);
++ else
++ rv = pFuncList->C_DecryptInit(sp->session, pmech,
++ sp->opdata_cipher_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
++ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++
++ return (1);
++ }
++
++/* ARGSUSED */
++static int
++pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc)
++ {
++ CK_MECHANISM mech;
++ int index;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
++ PK11_SESSION *sp;
++ PK11_CIPHER *p_ciph_table_row;
++
++ state->sp = NULL;
++
++ index = cipher_nid_to_pk11(ctx->cipher->nid);
++ if (index < 0 || index >= PK11_CIPHER_MAX)
++ return (0);
++
++ p_ciph_table_row = &ciphers[index];
++ /*
++ * iv_len in the ctx->cipher structure is the maximum IV length for the
++ * current cipher and it must be less or equal to the IV length in our
++ * ciphers table. The key length must be in the allowed interval. From
++ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
++ * key length to be in some range, all other NIDs have a precise key
++ * length. Every application can define its own EVP functions so this
++ * code serves as a sanity check.
++ *
++ * Note that the reason why the IV length in ctx->cipher might be
++ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
++ * macro to define functions that return EVP structures for all DES
++ * modes. So, even ECB modes get 8 byte IV.
++ */
++ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
++ ctx->key_len < p_ciph_table_row->min_key_len ||
++ ctx->key_len > p_ciph_table_row->max_key_len) {
++ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
++ return (0);
++ }
++
++ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
++ return (0);
++
++ /* if applicable, the mechanism parameter is used for IV */
++ mech.mechanism = p_ciph_table_row->mech_type;
++ mech.pParameter = NULL;
++ mech.ulParameterLen = 0;
++
++ /* The key object is destroyed here if it is not the current key. */
++ (void) check_new_cipher_key(sp, key, ctx->key_len);
++
++ /*
++ * If the key is the same and the encryption is also the same, then
++ * just reuse it. However, we must not forget to reinitialize the
++ * context that was finalized in pk11_cipher_cleanup().
++ */
++ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
++ sp->opdata_encrypt == ctx->encrypt)
++ {
++ state->sp = sp;
++ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
++ return (0);
++
++ return (1);
++ }
++
++ /*
++ * Check if the key has been invalidated. If so, a new key object
++ * needs to be created.
++ */
++ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
++ {
++ sp->opdata_cipher_key = pk11_get_cipher_key(
++ ctx, key, p_ciph_table_row->key_type, sp);
++ }
++
++ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
++ {
++ /*
++ * The previous encryption/decryption is different. Need to
++ * terminate the previous * active encryption/decryption here.
++ */
++ if (!pk11_cipher_final(sp))
++ {
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++ }
++
++ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
++ {
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++
++ /* now initialize the context with a new key */
++ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
++ return (0);
++
++ sp->opdata_encrypt = ctx->encrypt;
++ state->sp = sp;
++
++ return (1);
++ }
++
++/*
++ * When reusing the same key in an encryption/decryption session for a
++ * decryption/encryption session, we need to close the active session
++ * and recreate a new one. Note that the key is in the global session so
++ * that it needs not be recreated.
++ *
++ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
++ * development, these two functions in the PKCS#11 libraries used return
++ * unexpected errors when passing in 0 length output. It may be a good
++ * idea to try them again if performance is a problem here and fix
++ * C_En/DecryptFinial if there are bugs there causing the problem.
++ */
++static int
++pk11_cipher_final(PK11_SESSION *sp)
++ {
++ CK_RV rv;
++
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++/*
++ * An engine interface function. The calling function allocates sufficient
++ * memory for the output buffer "out" to hold the results.
++ */
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int
++pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, unsigned int inl)
++#else
++static int
++pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl)
++#endif
++ {
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
++ PK11_SESSION *sp;
++ CK_RV rv;
++ unsigned long outl = inl;
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ sp = (PK11_SESSION *) state->sp;
++
++ if (!inl)
++ return (1);
++
++ /* RC4 is the only stream cipher we support */
++ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
++ return (0);
++
++ if (ctx->encrypt)
++ {
++ rv = pFuncList->C_EncryptUpdate(sp->session,
++ (unsigned char *)in, inl, out, &outl);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
++ PK11_R_ENCRYPTUPDATE, rv);
++ return (0);
++ }
++ }
++ else
++ {
++ rv = pFuncList->C_DecryptUpdate(sp->session,
++ (unsigned char *)in, inl, out, &outl);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
++ PK11_R_DECRYPTUPDATE, rv);
++ return (0);
++ }
++ }
++
++ /*
++ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
++ * the same size of input.
++ * The application has guaranteed to call the block ciphers with
++ * correctly aligned buffers.
++ */
++ if (inl != outl)
++ return (0);
++
++ return (1);
++ }
++
++/*
++ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
++ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
++ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
++ * the engine can't find out that it's the finalizing call. We wouldn't
++ * necessarily have to finalize the context here since reinitializing it with
++ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
++ * let's do it. Some implementations might leak memory if the previously used
++ * context is initialized without finalizing it first.
++ */
++static int
++pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
++ {
++ CK_RV rv;
++ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
++ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
++ PK11_CIPHER_STATE *state = ctx->cipher_data;
++
++ if (state != NULL && state->sp != NULL)
++ {
++ /*
++ * We are not interested in the data here, we just need to get
++ * rid of the context.
++ */
++ if (ctx->encrypt)
++ rv = pFuncList->C_EncryptFinal(
++ state->sp->session, buf, &len);
++ else
++ rv = pFuncList->C_DecryptFinal(
++ state->sp->session, buf, &len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
++ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
++ pk11_return_session(state->sp, OP_CIPHER);
++ return (0);
++ }
++
++ pk11_return_session(state->sp, OP_CIPHER);
++ state->sp = NULL;
++ }
++
++ return (1);
++ }
++
++/*
++ * Registered by the ENGINE when used to find out how to deal with
++ * a particular NID in the ENGINE. This says what we'll do at the
++ * top level - note, that list is restricted by what we answer with
++ */
++/* ARGSUSED */
++static int
++pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid)
++ {
++ if (!cipher)
++ return (pk11_usable_ciphers(nids));
++
++ switch (nid)
++ {
++ case NID_des_ede3_cbc:
++ *cipher = &pk11_3des_cbc;
++ break;
++ case NID_des_cbc:
++ *cipher = &pk11_des_cbc;
++ break;
++ case NID_des_ede3_ecb:
++ *cipher = &pk11_3des_ecb;
++ break;
++ case NID_des_ecb:
++ *cipher = &pk11_des_ecb;
++ break;
++ case NID_aes_128_cbc:
++ *cipher = &pk11_aes_128_cbc;
++ break;
++ case NID_aes_192_cbc:
++ *cipher = &pk11_aes_192_cbc;
++ break;
++ case NID_aes_256_cbc:
++ *cipher = &pk11_aes_256_cbc;
++ break;
++ case NID_aes_128_ecb:
++ *cipher = &pk11_aes_128_ecb;
++ break;
++ case NID_aes_192_ecb:
++ *cipher = &pk11_aes_192_ecb;
++ break;
++ case NID_aes_256_ecb:
++ *cipher = &pk11_aes_256_ecb;
++ break;
++ case NID_bf_cbc:
++ *cipher = &pk11_bf_cbc;
++ break;
++ case NID_rc4:
++ *cipher = &pk11_rc4;
++ break;
++ default:
++#ifdef SOLARIS_AES_CTR
++ /*
++ * These can't be in separated cases because the NIDs
++ * here are not constants.
++ */
++ if (nid == NID_aes_128_ctr)
++ *cipher = &pk11_aes_128_ctr;
++ else if (nid == NID_aes_192_ctr)
++ *cipher = &pk11_aes_192_ctr;
++ else if (nid == NID_aes_256_ctr)
++ *cipher = &pk11_aes_256_ctr;
++ else
++#endif /* SOLARIS_AES_CTR */
++ *cipher = NULL;
++ break;
++ }
++ return (*cipher != NULL);
++ }
++
++/* ARGSUSED */
++static int
++pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
++ const int **nids, int nid)
++ {
++ if (!digest)
++ return (pk11_usable_digests(nids));
++
++ switch (nid)
++ {
++ case NID_md5:
++ *digest = &pk11_md5;
++ break;
++ case NID_sha1:
++ *digest = &pk11_sha1;
++ break;
++ case NID_sha224:
++ *digest = &pk11_sha224;
++ break;
++ case NID_sha256:
++ *digest = &pk11_sha256;
++ break;
++ case NID_sha384:
++ *digest = &pk11_sha384;
++ break;
++ case NID_sha512:
++ *digest = &pk11_sha512;
++ break;
++ default:
++ *digest = NULL;
++ break;
++ }
++ return (*digest != NULL);
++ }
++
++
++/* Create a secret key object in a PKCS#11 session */
++static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
++ CK_ULONG ul_key_attr_count = 6;
++ unsigned char key_buf[PK11_KEY_LEN_MAX];
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VALUE, (void*) NULL, 0},
++ };
++
++ /*
++ * Create secret key object in global_session. All other sessions
++ * can use the key handles. Here is why:
++ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
++ * It may then call DecryptInit and DecryptUpdate using the same key.
++ * To use the same key object, we need to call EncryptFinal with
++ * a 0 length message. Currently, this does not work for 3DES
++ * mechanism. To get around this problem, we close the session and
++ * then create a new session to use the same key object. When a session
++ * is closed, all the object handles will be invalid. Thus, create key
++ * objects in a global session, an individual session may be closed to
++ * terminate the active operation.
++ */
++ CK_SESSION_HANDLE session = global_session;
++ a_key_template[0].pValue = &obj_key;
++ a_key_template[1].pValue = &key_type;
++ if (ctx->key_len > PK11_KEY_LEN_MAX)
++ {
++ a_key_template[5].pValue = (void *) key;
++ }
++ else
++ {
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++ memcpy(key_buf, key, ctx->key_len);
++ if ((key_type == CKK_DES) ||
++ (key_type == CKK_DES2) ||
++ (key_type == CKK_DES3))
++ DES_fixup_key_parity((DES_cblock *) &key_buf[0]);
++ if ((key_type == CKK_DES2) ||
++ (key_type == CKK_DES3))
++ DES_fixup_key_parity((DES_cblock *) &key_buf[8]);
++ if (key_type == CKK_DES3)
++ DES_fixup_key_parity((DES_cblock *) &key_buf[16]);
++ a_key_template[5].pValue = (void *) key_buf;
++ }
++ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
++ rv);
++ goto err;
++ }
++
++ /*
++ * Save the key information used in this session.
++ * The max can be saved is PK11_KEY_LEN_MAX.
++ */
++ if (ctx->key_len > PK11_KEY_LEN_MAX)
++ {
++ sp->opdata_key_len = PK11_KEY_LEN_MAX;
++ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
++ }
++ else
++ {
++ sp->opdata_key_len = ctx->key_len;
++ (void) memcpy(sp->opdata_key, key_buf, sp->opdata_key_len);
++ }
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++err:
++
++ return (h_key);
++ }
++
++static int
++md_nid_to_pk11(int nid)
++ {
++ int i;
++
++ for (i = 0; i < PK11_DIGEST_MAX; i++)
++ if (digests[i].nid == nid)
++ return (digests[i].id);
++ return (-1);
++ }
++
++static int
++pk11_digest_init(EVP_MD_CTX *ctx)
++ {
++ CK_RV rv;
++ CK_MECHANISM mech;
++ int index;
++ PK11_SESSION *sp;
++ PK11_DIGEST *pdp;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++
++ state->sp = NULL;
++
++ index = md_nid_to_pk11(ctx->digest->type);
++ if (index < 0 || index >= PK11_DIGEST_MAX)
++ return (0);
++
++ pdp = &digests[index];
++ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
++ return (0);
++
++ /* at present, no parameter is needed for supported digests */
++ mech.mechanism = pdp->mech_type;
++ mech.pParameter = NULL;
++ mech.ulParameterLen = 0;
++
++ rv = pFuncList->C_DigestInit(sp->session, &mech);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
++ pk11_return_session(sp, OP_DIGEST);
++ return (0);
++ }
++
++ state->sp = sp;
++
++ return (1);
++ }
++
++static int
++pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
++ {
++ CK_RV rv;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++
++ /* 0 length message will cause a failure in C_DigestFinal */
++ if (count == 0)
++ return (1);
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
++ count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++ return (0);
++ }
++
++ return (1);
++ }
++
++static int
++pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
++ {
++ CK_RV rv;
++ unsigned long len;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++ len = ctx->digest->md_size;
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++ return (0);
++ }
++
++ if (ctx->digest->md_size != len)
++ return (0);
++
++ /*
++ * Final is called and digest is returned, so return the session
++ * to the pool
++ */
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++
++ return (1);
++ }
++
++static int
++pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
++ {
++ CK_RV rv;
++ int ret = 0;
++ PK11_CIPHER_STATE *state, *state_to;
++ CK_BYTE_PTR pstate = NULL;
++ CK_ULONG ul_state_len;
++
++ /* The copy-from state */
++ state = (PK11_CIPHER_STATE *) from->md_data;
++ if (state == NULL || state->sp == NULL)
++ goto err;
++
++ /* Initialize the copy-to state */
++ if (!pk11_digest_init(to))
++ goto err;
++ state_to = (PK11_CIPHER_STATE *) to->md_data;
++
++ /* Get the size of the operation state of the copy-from session */
++ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
++ &ul_state_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
++ rv);
++ goto err;
++ }
++ if (ul_state_len == 0)
++ {
++ goto err;
++ }
++
++ pstate = OPENSSL_malloc(ul_state_len);
++ if (pstate == NULL)
++ {
++ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the operation state of the copy-from session */
++ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
++ &ul_state_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
++ rv);
++ goto err;
++ }
++
++ /* Set the operation state of the copy-to session */
++ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
++ ul_state_len, 0, 0);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY,
++ PK11_R_SET_OPERATION_STATE, rv);
++ goto err;
++ }
++
++ ret = 1;
++err:
++ if (pstate != NULL)
++ OPENSSL_free(pstate);
++
++ return (ret);
++ }
++
++/* Return any pending session state to the pool */
++static int
++pk11_digest_cleanup(EVP_MD_CTX *ctx)
++ {
++ PK11_CIPHER_STATE *state = ctx->md_data;
++ unsigned char buf[EVP_MAX_MD_SIZE];
++
++ if (state != NULL && state->sp != NULL)
++ {
++ /*
++ * If state->sp is not NULL then pk11_digest_final() has not
++ * been called yet. We must call it now to free any memory
++ * that might have been allocated in the token when
++ * pk11_digest_init() was called. pk11_digest_final()
++ * will return the session to the cache.
++ */
++ if (!pk11_digest_final(ctx, buf))
++ return (0);
++ }
++
++ return (1);
++ }
++
++/*
++ * Check if the new key is the same as the key object in the session. If the key
++ * is the same, no need to create a new key object. Otherwise, the old key
++ * object needs to be destroyed and a new one will be created. Return 1 for
++ * cache hit, 0 for cache miss. Note that we must check the key length first
++ * otherwise we could end up reusing a different, longer key with the same
++ * prefix.
++ */
++static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
++ int key_len)
++ {
++ if (sp->opdata_key_len != key_len ||
++ memcmp(sp->opdata_key, key, key_len) != 0)
++ {
++ (void) pk11_destroy_cipher_key_objects(sp);
++ return (0);
++ }
++ return (1);
++ }
++
++/* Destroy one or more secret key objects. */
++static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
++ {
++ int ret = 0;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_CIPHER].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_CIPHER].head;
++ }
++
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
++ {
++ /*
++ * The secret key object is created in the
++ * global_session. See pk11_get_cipher_key().
++ */
++ if (pk11_destroy_object(global_session,
++ sp->opdata_cipher_key, CK_FALSE) == 0)
++ goto err;
++ sp->opdata_cipher_key = CK_INVALID_HANDLE;
++ }
++ }
++ ret = 1;
++err:
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_CIPHER].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++
++
++/*
++ * Public key mechanisms optionally supported
++ *
++ * CKM_RSA_X_509
++ * CKM_RSA_PKCS
++ * CKM_DSA
++ *
++ * The first slot that supports at least one of those mechanisms is chosen as a
++ * public key slot.
++ *
++ * Symmetric ciphers optionally supported
++ *
++ * CKM_DES3_CBC
++ * CKM_DES_CBC
++ * CKM_AES_CBC
++ * CKM_DES3_ECB
++ * CKM_DES_ECB
++ * CKM_AES_ECB
++ * CKM_AES_CTR
++ * CKM_RC4
++ * CKM_BLOWFISH_CBC
++ *
++ * Digests optionally supported
++ *
++ * CKM_MD5
++ * CKM_SHA_1
++ * CKM_SHA224
++ * CKM_SHA256
++ * CKM_SHA384
++ * CKM_SHA512
++ *
++ * The output of this function is a set of global variables indicating which
++ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
++ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
++ * variables carry information about which slot was chosen for (a) public key
++ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
++ */
++static int
++pk11_choose_slots(int *any_slot_found)
++ {
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ CK_ULONG ulSlotCount = 0;
++ CK_MECHANISM_INFO mech_info;
++ CK_TOKEN_INFO token_info;
++ unsigned int i;
++ CK_RV rv;
++ CK_SLOT_ID best_slot_sofar = 0;
++ CK_BBOOL found_candidate_slot = CK_FALSE;
++ int slot_n_cipher = 0;
++ int slot_n_digest = 0;
++ CK_SLOT_ID current_slot = 0;
++ int current_slot_n_cipher = 0;
++ int current_slot_n_digest = 0;
++
++ int local_cipher_nids[PK11_CIPHER_MAX];
++ int local_digest_nids[PK11_DIGEST_MAX];
++
++ /* let's initialize the output parameter */
++ if (any_slot_found != NULL)
++ *any_slot_found = 0;
++
++ /* Get slot list for memory allocation */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ return (0);
++ }
++
++ /* it's not an error if we didn't find any providers */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++
++ /* Get the slot list for processing */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ OPENSSL_free(pSlotList);
++ return (0);
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
++ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
++
++ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ /* Check if slot has random support. */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (token_info.flags & CKF_RNG)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ pk11_have_random = CK_TRUE;
++ rand_SLOTID = current_slot;
++ break;
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ pubkey_SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ CK_BBOOL slot_has_rsa = CK_FALSE;
++ CK_BBOOL slot_has_recover = CK_FALSE;
++ CK_BBOOL slot_has_dsa = CK_FALSE;
++ CK_BBOOL slot_has_dh = CK_FALSE;
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++#ifndef OPENSSL_NO_RSA
++ /*
++ * Check if this slot is capable of signing and
++ * verifying with CKM_RSA_PKCS.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
++ &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY)))
++ {
++ /*
++ * Check if this slot is capable of encryption,
++ * decryption, sign, and verify with CKM_RSA_X_509.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_RSA_X_509, &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY) &&
++ (mech_info.flags & CKF_ENCRYPT) &&
++ (mech_info.flags & CKF_DECRYPT)))
++ {
++ slot_has_rsa = CK_TRUE;
++ if (mech_info.flags & CKF_VERIFY_RECOVER)
++ {
++ slot_has_recover = CK_TRUE;
++ }
++ }
++ }
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++ /*
++ * Check if this slot is capable of signing and
++ * verifying with CKM_DSA.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
++ &mech_info);
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY)))
++ {
++ slot_has_dsa = CK_TRUE;
++ }
++
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++ /*
++ * Check if this slot is capable of DH key generataion and
++ * derivation.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
++
++ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
++ {
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_DH_PKCS_DERIVE, &mech_info);
++ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
++ {
++ slot_has_dh = CK_TRUE;
++ }
++ }
++#endif /* OPENSSL_NO_DH */
++
++ if (!found_candidate_slot &&
++ (slot_has_rsa || slot_has_dsa || slot_has_dh))
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: potential slot: %d\n", PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = current_slot;
++ pk11_have_rsa = slot_has_rsa;
++ pk11_have_recover = slot_has_recover;
++ pk11_have_dsa = slot_has_dsa;
++ pk11_have_dh = slot_has_dh;
++ found_candidate_slot = CK_TRUE;
++ /*
++ * Cache the flags for later use. We might
++ * need those if RSA keys by reference feature
++ * is used.
++ */
++ pubkey_token_flags = token_info.flags;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: setting found_candidate_slot to CK_TRUE\n",
++ PK11_DBG);
++ fprintf(stderr,
++ "%s: best so far slot: %d\n", PK11_DBG,
++ best_slot_sofar);
++ fprintf(stderr, "%s: pubkey flags changed to "
++ "%lu.\n", PK11_DBG, pubkey_token_flags);
++ }
++ else
++ {
++ fprintf(stderr,
++ "%s: no rsa/dsa/dh\n", PK11_DBG);
++ }
++#else
++ } /* if */
++#endif /* DEBUG_SLOT_SELECTION */
++ } /* for */
++
++ if (found_candidate_slot == CK_TRUE)
++ {
++ pubkey_SLOTID = best_slot_sofar;
++ }
++
++ found_candidate_slot = CK_FALSE;
++ best_slot_sofar = 0;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ current_slot = pSlotList[i];
++ current_slot_n_cipher = 0;
++ current_slot_n_digest = 0;
++ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
++ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
++
++ pk11_find_symmetric_ciphers(pFuncList, current_slot,
++ ¤t_slot_n_cipher, local_cipher_nids);
++
++ pk11_find_digests(pFuncList, current_slot,
++ ¤t_slot_n_digest, local_digest_nids);
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
++ current_slot_n_cipher);
++ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
++ current_slot_n_digest);
++ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
++ PK11_DBG, best_slot_sofar);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * If the current slot supports more ciphers/digests than
++ * the previous best one we change the current best to this one,
++ * otherwise leave it where it is.
++ */
++ if ((current_slot_n_cipher + current_slot_n_digest) >
++ (slot_n_cipher + slot_n_digest))
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: changing best so far slot to %d\n",
++ PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = SLOTID = current_slot;
++ cipher_count = slot_n_cipher = current_slot_n_cipher;
++ digest_count = slot_n_digest = current_slot_n_digest;
++ (void) memcpy(cipher_nids, local_cipher_nids,
++ sizeof (local_cipher_nids));
++ (void) memcpy(digest_nids, local_digest_nids,
++ sizeof (local_digest_nids));
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
++ fprintf(stderr,
++ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
++ fprintf(stderr,
++ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
++ fprintf(stderr,
++ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
++ fprintf(stderr,
++ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
++ fprintf(stderr,
++ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
++ fprintf(stderr,
++ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
++ fprintf(stderr,
++ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
++ fprintf(stderr,
++ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
++ fprintf(stderr,
++ "%s: digest_count %d\n", PK11_DBG, digest_count);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ OPENSSL_free(hw_cnids);
++ OPENSSL_free(hw_dnids);
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++ if (any_slot_found != NULL)
++ *any_slot_found = 1;
++ return (1);
++ }
++
++static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
++ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
++ int *local_cipher_nids, int id)
++ {
++ CK_MECHANISM_INFO mech_info;
++ CK_RV rv;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
++
++ if (rv != CKR_OK)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " not found\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ return;
++ }
++
++ if ((mech_info.flags & CKF_ENCRYPT) &&
++ (mech_info.flags & CKF_DECRYPT))
++ {
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (nid_in_table(ciphers[id].nid, hw_cnids))
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " usable\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ local_cipher_nids[(*current_slot_n_cipher)++] =
++ ciphers[id].nid;
++ }
++#ifdef SOLARIS_HW_SLOT_SELECTION
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " rejected, software implementation only\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ }
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " unusable\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++
++ return;
++ }
++
++static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
++ int id)
++ {
++ CK_MECHANISM_INFO mech_info;
++ CK_RV rv;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
++
++ if (rv != CKR_OK)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " not found\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ return;
++ }
++
++ if (mech_info.flags & CKF_DIGEST)
++ {
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (nid_in_table(digests[id].nid, hw_dnids))
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " usable\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ local_digest_nids[(*current_slot_n_digest)++] =
++ digests[id].nid;
++ }
++#ifdef SOLARIS_HW_SLOT_SELECTION
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " rejected, software implementation only\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ }
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " unusable\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++
++ return;
++ }
++
++#ifdef SOLARIS_AES_CTR
++/* create a new NID when we have no OID for that mechanism */
++static int pk11_add_NID(char *sn, char *ln)
++ {
++ ASN1_OBJECT *o;
++ int nid;
++
++ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
++ 1, sn, ln)) == NULL)
++ {
++ return (0);
++ }
++
++ /* will return NID_undef on error */
++ nid = OBJ_add_object(o);
++ ASN1_OBJECT_free(o);
++
++ return (nid);
++ }
++
++/*
++ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
++ * have to help ourselves here.
++ */
++static int pk11_add_aes_ctr_NIDs(void)
++ {
++ /* are we already set? */
++ if (NID_aes_256_ctr != NID_undef)
++ return (1);
++
++ /*
++ * There are no official names for AES counter modes yet so we just
++ * follow the format of those that exist.
++ */
++ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
++ NID_undef)
++ goto err;
++ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
++ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
++ NID_undef)
++ goto err;
++ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
++ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
++ NID_undef)
++ goto err;
++ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
++ return (1);
++
++err:
++ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
++ return (0);
++ }
++#endif /* SOLARIS_AES_CTR */
++
++/* Find what symmetric ciphers this slot supports. */
++static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
++ {
++ int i;
++
++ for (i = 0; i < PK11_CIPHER_MAX; ++i)
++ {
++ pk11_get_symmetric_cipher(pflist, current_slot,
++ ciphers[i].mech_type, current_slot_n_cipher,
++ local_cipher_nids, ciphers[i].id);
++ }
++ }
++
++/* Find what digest algorithms this slot supports. */
++static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
++ {
++ int i;
++
++ for (i = 0; i < PK11_DIGEST_MAX; ++i)
++ {
++ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
++ current_slot_n_digest, local_digest_nids, digests[i].id);
++ }
++ }
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++/*
++ * It would be great if we could use pkcs11_kernel directly since this library
++ * offers hardware slots only. That's the easiest way to achieve the situation
++ * where we use the hardware accelerators when present and OpenSSL native code
++ * otherwise. That presumes the fact that OpenSSL native code is faster than the
++ * code in the soft token. It's a logical assumption - Crypto Framework has some
++ * inherent overhead so going there for the software implementation of a
++ * mechanism should be logically slower in contrast to the OpenSSL native code,
++ * presuming that both implementations are of similar speed. For example, the
++ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
++ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
++ * that use the PKCS#11 engine by default, we must somehow avoid that regression
++ * on machines without hardware acceleration. That's why switching to the
++ * pkcs11_kernel library seems like a very good idea.
++ *
++ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
++ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
++ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
++ * library, we would have had a performance regression on machines without
++ * hardware acceleration for asymmetric operations for all applications that use
++ * the PKCS#11 engine. There is one such application - Apache web server since
++ * it's shipped configured to use the PKCS#11 engine by default. Having said
++ * that, we can't switch to the pkcs11_kernel library now and have to come with
++ * a solution that, on non-accelerated machines, uses the OpenSSL native code
++ * for all symmetric ciphers and digests while it uses the soft token for
++ * asymmetric operations.
++ *
++ * This is the idea: dlopen() pkcs11_kernel directly and find out what
++ * mechanisms are there. We don't care about duplications (more slots can
++ * support the same mechanism), we just want to know what mechanisms can be
++ * possibly supported in hardware on that particular machine. As said before,
++ * pkcs11_kernel will show you hardware providers only.
++ *
++ * Then, we rely on the fact that since we use libpkcs11 library we will find
++ * the metaslot. When we go through the metaslot's mechanisms for symmetric
++ * ciphers and digests, we check that any found mechanism is in the table
++ * created using the pkcs11_kernel library. So, as a result we have two arrays
++ * of mechanisms that were advertised as supported in hardware which was the
++ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
++ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
++ * information.
++ *
++ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
++ * the code won't be used.
++ */
++#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
++static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
++#else
++static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
++#endif
++
++/*
++ * Check hardware capabilities of the machines. The output are two lists,
++ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
++ * providers together. They are not sorted and may contain duplicate mechanisms.
++ */
++static int check_hw_mechanisms(void)
++ {
++ int i;
++ CK_RV rv;
++ void *handle;
++ CK_C_GetFunctionList p;
++ CK_TOKEN_INFO token_info;
++ CK_ULONG ulSlotCount = 0;
++ int n_cipher = 0, n_digest = 0;
++ CK_FUNCTION_LIST_PTR pflist = NULL;
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
++ int hw_ctable_size, hw_dtable_size;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
++ PK11_DBG);
++#endif
++ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ if ((p = (CK_C_GetFunctionList)dlsym(handle,
++ PK11_GET_FUNCTION_LIST)) == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ if (p(&pflist) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
++ PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
++ goto err;
++ }
++
++ /* no slots, set the hw mechanism tables as empty */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
++#endif
++ hw_cnids = OPENSSL_malloc(sizeof (int));
++ hw_dnids = OPENSSL_malloc(sizeof (int));
++ if (hw_cnids == NULL || hw_dnids == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS,
++ PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ /* this means empty tables */
++ hw_cnids[0] = NID_undef;
++ hw_dnids[0] = NID_undef;
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the slot list for processing */
++ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
++ goto err;
++ }
++
++ /*
++ * We don't care about duplicit mechanisms in multiple slots and also
++ * reserve one slot for the terminal NID_undef which we use to stop the
++ * search.
++ */
++ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
++ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
++ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
++ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
++ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * Do not use memset since we should not rely on the fact that NID_undef
++ * is zero now.
++ */
++ for (i = 0; i < hw_ctable_size; ++i)
++ tmp_hw_cnids[i] = NID_undef;
++ for (i = 0; i < hw_dtable_size; ++i)
++ tmp_hw_dnids[i] = NID_undef;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
++ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
++ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
++ PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * We are filling the hw mech tables here. Global tables are
++ * still NULL so all mechanisms are put into tmp tables.
++ */
++ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
++ &n_cipher, tmp_hw_cnids);
++ pk11_find_digests(pflist, pSlotList[i],
++ &n_digest, tmp_hw_dnids);
++ }
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects. Also, C_Finalize() is triggered by
++ * dlclose(3C).
++ */
++#if 0
++ pflist->C_Finalize(NULL);
++#endif
++ OPENSSL_free(pSlotList);
++ (void) dlclose(handle);
++ hw_cnids = tmp_hw_cnids;
++ hw_dnids = tmp_hw_dnids;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++
++err:
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++ if (tmp_hw_cnids != NULL)
++ OPENSSL_free(tmp_hw_cnids);
++ if (tmp_hw_dnids != NULL)
++ OPENSSL_free(tmp_hw_dnids);
++
++ return (0);
++ }
++
++/*
++ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
++ * non-existent).
++ */
++static int nid_in_table(int nid, int *nid_table)
++ {
++ int i = 0;
++
++ /*
++ * a special case. NULL means that we are initializing a new
++ * table.
++ */
++ if (nid_table == NULL)
++ return (1);
++
++ /*
++ * the table is never full, there is always at least one
++ * NID_undef.
++ */
++ while (nid_table[i] != NID_undef)
++ {
++ if (nid_table[i++] == nid)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++ }
++
++ return (0);
++ }
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++#endif /* OPENSSL_NO_HW_PK11CA */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11_err.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
+--- /dev/null Thu Jul 3 12:42:32 2014
++++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
+@@ -0,0 +1,288 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_err.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <openssl/err.h>
++#include "hw_pk11_err.h"
++
++/* BEGIN ERROR CODES */
++#ifndef OPENSSL_NO_ERR
++static ERR_STRING_DATA pk11_str_functs[]=
++{
++{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
++{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
++{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
++{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
++{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
++{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
++{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
++{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
++{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
++{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
++{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
++{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
++{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
++{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
++{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
++{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
++{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
++{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
++{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
++{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
++{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
++{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
++{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
++{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
++{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
++{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
++{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
++{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
++{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
++{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
++{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
++{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
++{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
++{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
++{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
++{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
++{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
++{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
++{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
++{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
++{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
++{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
++{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
++{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
++{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
++{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
++{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
++{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
++{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
++{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
++{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
++{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
++{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
++{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
++{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
++{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
++{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
++{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
++{ 0, NULL}
++};
++
++static ERR_STRING_DATA pk11_str_reasons[]=
++{
++{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
++{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
++{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
++{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
++{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
++{ PK11_R_INITIALIZE, "C_Initialize failed"},
++{ PK11_R_FINALIZE, "C_Finalize failed"},
++{ PK11_R_GETINFO, "C_GetInfo faile"},
++{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
++{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
++{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
++{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
++{ PK11_R_NO_MODULUS, "no modulus"},
++{ PK11_R_NO_EXPONENT, "no exponent"},
++{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
++{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
++{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
++{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
++{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
++{ PK11_R_OPENSESSION, "C_OpenSession failed"},
++{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
++{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
++{ PK11_R_ENCRYPT, "C_Encrypt failed"},
++{ PK11_R_SIGNINIT, "C_SignInit failed"},
++{ PK11_R_SIGN, "C_Sign failed"},
++{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
++{ PK11_R_DECRYPT, "C_Decrypt failed"},
++{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
++{ PK11_R_VERIFY, "C_Verify failed"},
++{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
++{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
++{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
++{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
++{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
++{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
++{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
++{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
++{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
++{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
++{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
++{ PK11_R_MALLOC_FAILURE, "malloc failure"},
++{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
++{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
++{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
++{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
++{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
++{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
++{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
++{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
++{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
++{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
++{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
++{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
++{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
++{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
++{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
++{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
++{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
++{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
++{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
++{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
++{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
++{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
++{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
++{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
++{ PK11_R_ATFORK_FAILED, "atfork() failed" },
++{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
++{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
++{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
++{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
++{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
++{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
++{ PK11_R_PIPE_FAILED, "pipe() failed" },
++{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
++{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
++{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
++{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
++{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
++{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
++{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
++{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
++{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
++{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
++{ PK11_R_MMAP_FAILED, "mmap() failed" },
++{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
++{ PK11_R_MLOCK_FAILED, "mlock() failed" },
++{ PK11_R_FORK_FAILED, "fork() failed" },
++{ 0, NULL}
++};
++#endif /* OPENSSL_NO_ERR */
++
++static int pk11_lib_error_code = 0;
++static int pk11_error_init = 1;
++
++static void
++ERR_load_pk11_strings(void)
++ {
++ if (pk11_lib_error_code == 0)
++ pk11_lib_error_code = ERR_get_next_error_library();
++
++ if (pk11_error_init)
++ {
++ pk11_error_init = 0;
++#ifndef OPENSSL_NO_ERR
++ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
++ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
++#endif
++ }
++}
++
++static void
++ERR_unload_pk11_strings(void)
++ {
++ if (pk11_error_init == 0)
++ {
++#ifndef OPENSSL_NO_ERR
++ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
++ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
++#endif
++ pk11_error_init = 1;
++ }
++}
++
++void
++ERR_pk11_error(int function, int reason, char *file, int line)
++{
++ if (pk11_lib_error_code == 0)
++ pk11_lib_error_code = ERR_get_next_error_library();
++ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
++}
++
++void
++PK11err_add_data(int function, int reason, CK_RV rv)
++{
++ char tmp_buf[20];
++
++ PK11err(function, reason);
++ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
++ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
++}
+Index: openssl/crypto/engine/hw_pk11_err.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12.4.1
+--- /dev/null Thu Jul 3 12:42:32 2014
++++ openssl/crypto/engine/hw_pk11_err.h Fri Oct 4 14:33:56 2013
+@@ -0,0 +1,440 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#ifndef HW_PK11_ERR_H
++#define HW_PK11_ERR_H
++
++void ERR_pk11_error(int function, int reason, char *file, int line);
++void PK11err_add_data(int function, int reason, CK_RV rv);
++#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
++
++/* Error codes for the PK11 functions. */
++
++/* Function codes. */
++
++#define PK11_F_INIT 100
++#define PK11_F_FINISH 101
++#define PK11_F_DESTROY 102
++#define PK11_F_CTRL 103
++#define PK11_F_RSA_INIT 104
++#define PK11_F_RSA_FINISH 105
++#define PK11_F_GET_PUB_RSA_KEY 106
++#define PK11_F_GET_PRIV_RSA_KEY 107
++#define PK11_F_RSA_GEN_KEY 108
++#define PK11_F_RSA_PUB_ENC 109
++#define PK11_F_RSA_PRIV_ENC 110
++#define PK11_F_RSA_PUB_DEC 111
++#define PK11_F_RSA_PRIV_DEC 112
++#define PK11_F_RSA_SIGN 113
++#define PK11_F_RSA_VERIFY 114
++#define PK11_F_RAND_ADD 115
++#define PK11_F_RAND_BYTES 116
++#define PK11_F_GET_SESSION 117
++#define PK11_F_FREE_SESSION 118
++#define PK11_F_LOAD_PUBKEY 119
++#define PK11_F_LOAD_PRIVKEY 120
++#define PK11_F_RSA_PUB_ENC_LOW 121
++#define PK11_F_RSA_PRIV_ENC_LOW 122
++#define PK11_F_RSA_PUB_DEC_LOW 123
++#define PK11_F_RSA_PRIV_DEC_LOW 124
++#define PK11_F_DSA_SIGN 125
++#define PK11_F_DSA_VERIFY 126
++#define PK11_F_DSA_INIT 127
++#define PK11_F_DSA_FINISH 128
++#define PK11_F_GET_PUB_DSA_KEY 129
++#define PK11_F_GET_PRIV_DSA_KEY 130
++#define PK11_F_DH_INIT 131
++#define PK11_F_DH_FINISH 132
++#define PK11_F_MOD_EXP_DH 133
++#define PK11_F_GET_DH_KEY 134
++#define PK11_F_FREE_ALL_SESSIONS 135
++#define PK11_F_SETUP_SESSION 136
++#define PK11_F_DESTROY_OBJECT 137
++#define PK11_F_CIPHER_INIT 138
++#define PK11_F_CIPHER_DO_CIPHER 139
++#define PK11_F_GET_CIPHER_KEY 140
++#define PK11_F_DIGEST_INIT 141
++#define PK11_F_DIGEST_UPDATE 142
++#define PK11_F_DIGEST_FINAL 143
++#define PK11_F_CHOOSE_SLOT 144
++#define PK11_F_CIPHER_FINAL 145
++#define PK11_F_LIBRARY_INIT 146
++#define PK11_F_LOAD 147
++#define PK11_F_DH_GEN_KEY 148
++#define PK11_F_DH_COMP_KEY 149
++#define PK11_F_DIGEST_COPY 150
++#define PK11_F_CIPHER_CLEANUP 151
++#define PK11_F_ACTIVE_ADD 152
++#define PK11_F_ACTIVE_DELETE 153
++#define PK11_F_CHECK_HW_MECHANISMS 154
++#define PK11_F_INIT_SYMMETRIC 155
++#define PK11_F_ADD_AES_CTR_NIDS 156
++#define PK11_F_INIT_ALL_LOCKS 157
++#define PK11_F_RETURN_SESSION 158
++#define PK11_F_GET_PIN 159
++#define PK11_F_FIND_ONE_OBJECT 160
++#define PK11_F_CHECK_TOKEN_ATTRS 161
++#define PK11_F_CACHE_PIN 162
++#define PK11_F_MLOCK_PIN_IN_MEMORY 163
++#define PK11_F_TOKEN_LOGIN 164
++#define PK11_F_TOKEN_RELOGIN 165
++#define PK11_F_RUN_ASKPASS 166
++
++/* Reason codes. */
++#define PK11_R_ALREADY_LOADED 100
++#define PK11_R_DSO_FAILURE 101
++#define PK11_R_NOT_LOADED 102
++#define PK11_R_PASSED_NULL_PARAMETER 103
++#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
++#define PK11_R_INITIALIZE 105
++#define PK11_R_FINALIZE 106
++#define PK11_R_GETINFO 107
++#define PK11_R_GETSLOTLIST 108
++#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
++#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
++#define PK11_R_GETATTRIBUTVALUE 111
++#define PK11_R_NO_MODULUS 112
++#define PK11_R_NO_EXPONENT 113
++#define PK11_R_FINDOBJECTSINIT 114
++#define PK11_R_FINDOBJECTS 115
++#define PK11_R_FINDOBJECTSFINAL 116
++#define PK11_R_CREATEOBJECT 118
++#define PK11_R_DESTROYOBJECT 119
++#define PK11_R_OPENSESSION 120
++#define PK11_R_CLOSESESSION 121
++#define PK11_R_ENCRYPTINIT 122
++#define PK11_R_ENCRYPT 123
++#define PK11_R_SIGNINIT 124
++#define PK11_R_SIGN 125
++#define PK11_R_DECRYPTINIT 126
++#define PK11_R_DECRYPT 127
++#define PK11_R_VERIFYINIT 128
++#define PK11_R_VERIFY 129
++#define PK11_R_VERIFYRECOVERINIT 130
++#define PK11_R_VERIFYRECOVER 131
++#define PK11_R_GEN_KEY 132
++#define PK11_R_SEEDRANDOM 133
++#define PK11_R_GENERATERANDOM 134
++#define PK11_R_INVALID_MESSAGE_LENGTH 135
++#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
++#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
++#define PK11_R_UNKNOWN_PADDING_TYPE 138
++#define PK11_R_PADDING_CHECK_FAILED 139
++#define PK11_R_DIGEST_TOO_BIG 140
++#define PK11_R_MALLOC_FAILURE 141
++#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
++#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
++#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
++#define PK11_R_MISSING_KEY_COMPONENT 145
++#define PK11_R_INVALID_SIGNATURE_LENGTH 146
++#define PK11_R_INVALID_DSA_SIGNATURE_R 147
++#define PK11_R_INVALID_DSA_SIGNATURE_S 148
++#define PK11_R_INCONSISTENT_KEY 149
++#define PK11_R_ENCRYPTUPDATE 150
++#define PK11_R_DECRYPTUPDATE 151
++#define PK11_R_DIGESTINIT 152
++#define PK11_R_DIGESTUPDATE 153
++#define PK11_R_DIGESTFINAL 154
++#define PK11_R_ENCRYPTFINAL 155
++#define PK11_R_DECRYPTFINAL 156
++#define PK11_R_NO_PRNG_SUPPORT 157
++#define PK11_R_GETTOKENINFO 158
++#define PK11_R_DERIVEKEY 159
++#define PK11_R_GET_OPERATION_STATE 160
++#define PK11_R_SET_OPERATION_STATE 161
++#define PK11_R_INVALID_HANDLE 162
++#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
++#define PK11_R_INVALID_OPERATION_TYPE 164
++#define PK11_R_ADD_NID_FAILED 165
++#define PK11_R_ATFORK_FAILED 166
++
++#define PK11_R_TOKEN_LOGIN_FAILED 167
++#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
++#define PK11_R_INVALID_PKCS11_URI 169
++#define PK11_R_COULD_NOT_READ_PIN 170
++#define PK11_R_COULD_NOT_OPEN_COMMAND 171
++#define PK11_R_PIPE_FAILED 172
++#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
++#define PK11_R_BAD_PASSPHRASE_SPEC 174
++#define PK11_R_TOKEN_NOT_INITIALIZED 175
++#define PK11_R_TOKEN_PIN_NOT_SET 176
++#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
++#define PK11_R_MISSING_OBJECT_LABEL 178
++#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
++#define PK11_R_PRIV_KEY_NOT_FOUND 180
++#define PK11_R_NO_OBJECT_FOUND 181
++#define PK11_R_PIN_CACHING_POLICY_INVALID 182
++#define PK11_R_SYSCONF_FAILED 183
++#define PK11_R_MMAP_FAILED 183
++#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
++#define PK11_R_MLOCK_FAILED 185
++#define PK11_R_FORK_FAILED 186
++
++/* max byte length of a symetric key we support */
++#define PK11_KEY_LEN_MAX 32
++
++#ifdef NOPTHREADS
++/*
++ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
++ * free_session list and active_list but generally serves as a global
++ * per-process lock for the whole engine.
++ *
++ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
++ * the global engine lock. This is not optimal w.r.t. performance but
++ * it's safe.
++ */
++#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
++#endif
++
++/*
++ * This structure encapsulates all reusable information for a PKCS#11
++ * session. A list of these objects is created on behalf of the
++ * calling application using an on-demand method. Each operation
++ * type (see PK11_OPTYPE below) has its own per-process list.
++ * Each of the lists is basically a cache for faster PKCS#11 object
++ * access to avoid expensive C_Find{,Init,Final}Object() calls.
++ *
++ * When a new request comes in, an object will be taken from the list
++ * (if there is one) or a new one is created to handle the request
++ * (if the list is empty). See pk11_get_session() on how it is done.
++ */
++typedef struct PK11_st_SESSION
++ {
++ struct PK11_st_SESSION *next;
++ CK_SESSION_HANDLE session; /* PK11 session handle */
++ pid_t pid; /* Current process ID */
++ CK_BBOOL pub_persistent; /* is pub key in keystore? */
++ CK_BBOOL priv_persistent;/* is priv key in keystore? */
++ union
++ {
++#ifndef OPENSSL_NO_RSA
++ struct
++ {
++ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
++ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
++ RSA *rsa_pub; /* pub key addr */
++ BIGNUM *rsa_n_num; /* pub modulus */
++ BIGNUM *rsa_e_num; /* pub exponent */
++ RSA *rsa_priv; /* priv key addr */
++ BIGNUM *rsa_pn_num; /* pub modulus */
++ BIGNUM *rsa_pe_num; /* pub exponent */
++ BIGNUM *rsa_d_num; /* priv exponent */
++ } u_RSA;
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ struct
++ {
++ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
++ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
++ DSA *dsa_pub; /* pub key addr */
++ BIGNUM *dsa_pub_num; /* pub key */
++ DSA *dsa_priv; /* priv key addr */
++ BIGNUM *dsa_priv_num; /* priv key */
++ } u_DSA;
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ struct
++ {
++ CK_OBJECT_HANDLE dh_key; /* key handle */
++ DH *dh; /* dh key addr */
++ BIGNUM *dh_priv_num; /* priv dh key */
++ } u_DH;
++#endif /* OPENSSL_NO_DH */
++ struct
++ {
++ CK_OBJECT_HANDLE cipher_key; /* key handle */
++ unsigned char key[PK11_KEY_LEN_MAX];
++ int key_len; /* priv key len */
++ int encrypt; /* 1/0 enc/decr */
++ } u_cipher;
++ } opdata_u;
++ } PK11_SESSION;
++
++#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
++#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
++#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
++#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
++#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
++#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
++#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
++#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
++#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
++#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
++#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
++#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
++#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
++#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
++#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
++#define opdata_dh_key opdata_u.u_DH.dh_key
++#define opdata_dh opdata_u.u_DH.dh
++#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
++#define opdata_cipher_key opdata_u.u_cipher.cipher_key
++#define opdata_key opdata_u.u_cipher.key
++#define opdata_key_len opdata_u.u_cipher.key_len
++#define opdata_encrypt opdata_u.u_cipher.encrypt
++
++/*
++ * We have 3 different groups of operation types:
++ * 1) asymmetric operations
++ * 2) random operations
++ * 3) symmetric and digest operations
++ *
++ * This division into groups stems from the fact that it's common that hardware
++ * providers may support operations from one group only. For example, hardware
++ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
++ * only a single group of operations.
++ *
++ * For every group a different slot can be chosen. That means that we must have
++ * at least 3 different lists of cached PKCS#11 sessions since sessions from
++ * different groups may be initialized in different slots.
++ *
++ * To provide locking granularity in multithreaded environment, the groups are
++ * further splitted into types with each type having a separate session cache.
++ */
++typedef enum PK11_OPTYPE_ENUM
++ {
++ OP_RAND,
++ OP_RSA,
++ OP_DSA,
++ OP_DH,
++ OP_CIPHER,
++ OP_DIGEST,
++ OP_MAX
++ } PK11_OPTYPE;
++
++/*
++ * This structure contains the heads of the lists forming the object caches
++ * and locks associated with the lists.
++ */
++typedef struct PK11_st_CACHE
++ {
++ PK11_SESSION *head;
++#ifndef NOPTHREADS
++ pthread_mutex_t *lock;
++#endif
++ } PK11_CACHE;
++
++/* structure for tracking handles of asymmetric key objects */
++typedef struct PK11_active_st
++ {
++ CK_OBJECT_HANDLE h;
++ unsigned int refcnt;
++ struct PK11_active_st *prev;
++ struct PK11_active_st *next;
++ } PK11_active;
++
++#ifndef NOPTHREADS
++extern pthread_mutex_t *find_lock[];
++#endif
++extern PK11_active *active_list[];
++/*
++ * These variables are specific for the RSA keys by reference code. See
++ * hw_pk11_pub.c for explanation.
++ */
++extern CK_FLAGS pubkey_token_flags;
++
++#ifndef NOPTHREADS
++#define LOCK_OBJSTORE(alg_type) \
++ OPENSSL_assert(pthread_mutex_lock(find_lock[alg_type]) == 0)
++#define UNLOCK_OBJSTORE(alg_type) \
++ OPENSSL_assert(pthread_mutex_unlock(find_lock[alg_type]) == 0)
++#else
++#define LOCK_OBJSTORE(alg_type) \
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
++#define UNLOCK_OBJSTORE(alg_type) \
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
++#endif
++
++extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++extern int pk11_token_relogin(CK_SESSION_HANDLE session);
++
++#ifndef OPENSSL_NO_RSA
++extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++extern RSA_METHOD *PK11_RSA(void);
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++extern DSA_METHOD *PK11_DSA(void);
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
++extern DH_METHOD *PK11_DH(void);
++#endif /* OPENSSL_NO_DH */
++
++extern CK_FUNCTION_LIST_PTR pFuncList;
++
++#endif /* HW_PK11_ERR_H */
+Index: openssl/crypto/engine/hw_pk11_pub.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38.2.3
+--- /dev/null Thu Jul 3 12:42:32 2014
++++ openssl/crypto/engine/hw_pk11_pub.c Fri Oct 4 14:33:56 2013
+@@ -0,0 +1,3556 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_pub.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/pem.h>
++#ifndef OPENSSL_NO_RSA
++#include <openssl/rsa.h>
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++#include <openssl/dsa.h>
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++#include <openssl/dh.h>
++#endif /* OPENSSL_NO_DH */
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++#define NOPTHREADS
++typedef int pid_t;
++#define HAVE_GETPASSPHRASE
++static char *getpassphrase(const char *prompt);
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <unistd.h>
++#endif
++
++#ifndef NOPTHREADS
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11CA
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11ca.h"
++#include "hw_pk11_err.h"
++
++static CK_BBOOL pk11_login_done = CK_FALSE;
++extern CK_SLOT_ID pubkey_SLOTID;
++#ifndef NOPTHREADS
++extern pthread_mutex_t *token_lock;
++#endif
++
++#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
++#define getpassphrase(x) getpass(x)
++#endif
++
++#ifndef OPENSSL_NO_RSA
++/* RSA stuff */
++static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_init(RSA *rsa);
++static int pk11_RSA_finish(RSA *rsa);
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_RSA_verify(int dtype, const unsigned char *m,
++ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa);
++#else
++static int pk11_RSA_verify(int dtype, const unsigned char *m,
++ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa);
++#endif
++EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++
++static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session);
++
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
++#endif
++
++/* DSA stuff */
++#ifndef OPENSSL_NO_DSA
++static int pk11_DSA_init(DSA *dsa);
++static int pk11_DSA_finish(DSA *dsa);
++static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
++ DSA *dsa);
++static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
++ DSA_SIG *sig, DSA *dsa);
++
++static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
++ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
++ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
++
++static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
++static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
++#endif
++
++/* DH stuff */
++#ifndef OPENSSL_NO_DH
++static int pk11_DH_init(DH *dh);
++static int pk11_DH_finish(DH *dh);
++static int pk11_DH_generate_key(DH *dh);
++static int pk11_DH_compute_key(unsigned char *key,
++ const BIGNUM *pub_key, DH *dh);
++
++static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
++ BIGNUM **priv_key, CK_SESSION_HANDLE session);
++
++static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
++#endif
++
++static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
++static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
++ CK_ULONG *ulValueLen);
++static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
++
++static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private);
++
++/* Read mode string to be used for fopen() */
++#if SOLARIS_OPENSSL
++static char *read_mode_flags = "rF";
++#else
++static char *read_mode_flags = "r";
++#endif
++
++/*
++ * increment/create reference for an asymmetric key handle via active list
++ * manipulation. If active list operation fails, unlock (if locked), set error
++ * variable and jump to the specified label.
++ */
++#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
++ { \
++ if (pk11_active_add(key_handle, alg_type) < 0) \
++ { \
++ var = TRUE; \
++ if (unlock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ goto label; \
++ } \
++ }
++
++/*
++ * Find active list entry according to object handle and return pointer to the
++ * entry otherwise return NULL.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ for (entry = active_list[type]; entry != NULL; entry = entry->next)
++ if (entry->h == h)
++ return (entry);
++
++ return (NULL);
++ }
++
++/*
++ * Search for an entry in the active list using PKCS#11 object handle as a
++ * search key and return refcnt of the found/created entry or -1 in case of
++ * failure.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if (h == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ /* search for entry in the active list */
++ if ((entry = pk11_active_find(h, type)) != NULL)
++ entry->refcnt++;
++ else
++ {
++ /* not found, create new entry and add it to the list */
++ entry = OPENSSL_malloc(sizeof (PK11_active));
++ if (entry == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
++ return (-1);
++ }
++ entry->h = h;
++ entry->refcnt = 1;
++ entry->prev = NULL;
++ entry->next = NULL;
++ /* connect the newly created entry to the list */
++ if (active_list[type] == NULL)
++ active_list[type] = entry;
++ else /* make the entry first in the list */
++ {
++ entry->next = active_list[type];
++ active_list[type]->prev = entry;
++ active_list[type] = entry;
++ }
++ }
++
++ return (entry->refcnt);
++ }
++
++/*
++ * Remove active list entry from the list and free it.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++void
++pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
++ {
++ PK11_active *prev_entry;
++
++ /* remove the entry from the list and free it */
++ if ((prev_entry = entry->prev) != NULL)
++ {
++ prev_entry->next = entry->next;
++ if (entry->next != NULL)
++ entry->next->prev = prev_entry;
++ }
++ else
++ {
++ active_list[type] = entry->next;
++ /* we were the first but not the only one */
++ if (entry->next != NULL)
++ entry->next->prev = NULL;
++ }
++
++ /* sanitization */
++ entry->h = CK_INVALID_HANDLE;
++ entry->prev = NULL;
++ entry->next = NULL;
++ OPENSSL_free(entry);
++ }
++
++/* Free all entries from the active list. */
++void
++pk11_free_active_list(PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ /* only for asymmetric types since only they have C_Find* locks. */
++ switch (type)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ break;
++ default:
++ return;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(type);
++ while ((entry = active_list[type]) != NULL)
++ pk11_active_remove(entry, type);
++ UNLOCK_OBJSTORE(type);
++ }
++
++/*
++ * Search for active list entry associated with given PKCS#11 object handle,
++ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
++ *
++ * Return 1 if the PKCS#11 object associated with the entry has no references,
++ * return 0 if there is at least one reference, -1 on error.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if ((entry = pk11_active_find(h, type)) == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ OPENSSL_assert(entry->refcnt > 0);
++ entry->refcnt--;
++ if (entry->refcnt == 0)
++ {
++ pk11_active_remove(entry, type);
++ return (1);
++ }
++
++ return (0);
++ }
++
++#ifndef OPENSSL_NO_RSA
++/* Our internal RSA_METHOD that we provide pointers to */
++static RSA_METHOD pk11_rsa =
++ {
++ "PKCS#11 RSA method",
++ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
++ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
++ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
++ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
++ NULL, /* rsa_mod_exp */
++ NULL, /* bn_mod_exp */
++ pk11_RSA_init, /* init */
++ pk11_RSA_finish, /* finish */
++ RSA_FLAG_SIGN_VER, /* flags */
++ NULL, /* app_data */
++ pk11_RSA_sign, /* rsa_sign */
++ pk11_RSA_verify /* rsa_verify */
++ };
++
++RSA_METHOD *
++PK11_RSA(void)
++ {
++ return (&pk11_rsa);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DSA
++/* Our internal DSA_METHOD that we provide pointers to */
++static DSA_METHOD pk11_dsa =
++ {
++ "PKCS#11 DSA method",
++ pk11_dsa_do_sign, /* dsa_do_sign */
++ NULL, /* dsa_sign_setup */
++ pk11_dsa_do_verify, /* dsa_do_verify */
++ NULL, /* dsa_mod_exp */
++ NULL, /* bn_mod_exp */
++ pk11_DSA_init, /* init */
++ pk11_DSA_finish, /* finish */
++ 0, /* flags */
++ NULL /* app_data */
++ };
++
++DSA_METHOD *
++PK11_DSA(void)
++ {
++ return (&pk11_dsa);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DH
++/*
++ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
++ * output buffer may somewhat exceed the precise number of bytes needed, but
++ * should not exceed it by a large amount. That may be caused, for example, by
++ * rounding it up to multiple of X in the underlying bignum library. 8 should be
++ * enough.
++ */
++#define DH_BUF_RESERVE 8
++
++/* Our internal DH_METHOD that we provide pointers to */
++static DH_METHOD pk11_dh =
++ {
++ "PKCS#11 DH method",
++ pk11_DH_generate_key, /* generate_key */
++ pk11_DH_compute_key, /* compute_key */
++ NULL, /* bn_mod_exp */
++ pk11_DH_init, /* init */
++ pk11_DH_finish, /* finish */
++ 0, /* flags */
++ NULL, /* app_data */
++ NULL /* generate_params */
++ };
++
++DH_METHOD *
++PK11_DH(void)
++ {
++ return (&pk11_dh);
++ }
++#endif
++
++/* Size of an SSL signature: MD5+SHA1 */
++#define SSL_SIG_LENGTH 36
++
++/* Lengths of DSA data and signature */
++#define DSA_DATA_LEN 20
++#define DSA_SIGNATURE_LEN 40
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++
++#ifndef OPENSSL_NO_RSA
++/*
++ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
++ * support all paddings in this engine although PK11 library does not
++ * support all the paddings used in OpenSSL.
++ * The input errors should have been checked in the padding functions.
++ */
++static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ int i, num = 0, r = -1;
++ unsigned char *buf = NULL;
++
++ num = BN_num_bytes(rsa->n);
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
++ break;
++#ifndef OPENSSL_NO_SHA
++ case RSA_PKCS1_OAEP_PADDING:
++ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
++ break;
++#endif
++ case RSA_SSLV23_PADDING:
++ i = RSA_padding_add_SSLv23(buf, num, from, flen);
++ break;
++ case RSA_NO_PADDING:
++ i = RSA_padding_add_none(buf, num, from, flen);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (i <= 0) goto err;
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
++err:
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++
++/*
++ * Similar to Openssl to take advantage of the paddings. The input errors
++ * should be catched in the padding functions
++ */
++static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ int i, num = 0, r = -1;
++ unsigned char *buf = NULL;
++
++ num = BN_num_bytes(rsa->n);
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
++ break;
++ case RSA_NO_PADDING:
++ i = RSA_padding_add_none(buf, num, from, flen);
++ break;
++ case RSA_SSLV23_PADDING:
++ default:
++ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (i <= 0) goto err;
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
++err:
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/* Similar to OpenSSL code. Input errors are also checked here */
++static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ BIGNUM f;
++ int j, num = 0, r = -1;
++ unsigned char *p;
++ unsigned char *buf = NULL;
++
++ BN_init(&f);
++
++ num = BN_num_bytes(rsa->n);
++
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * This check was for equality but PGP does evil things
++ * and chops off the top '0' bytes
++ */
++ if (flen > num)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC,
++ PK11_R_DATA_GREATER_THAN_MOD_LEN);
++ goto err;
++ }
++
++ /* make data into a big number */
++ if (BN_bin2bn(from, (int)flen, &f) == NULL)
++ goto err;
++
++ if (BN_ucmp(&f, rsa->n) >= 0)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC,
++ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
++ goto err;
++ }
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
++
++ /*
++ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
++ * Needs to skip these 0's paddings here.
++ */
++ for (j = 0; j < r; j++)
++ if (buf[j] != 0)
++ break;
++
++ p = buf + j;
++ j = r - j; /* j is only used with no-padding mode */
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
++ break;
++#ifndef OPENSSL_NO_SHA
++ case RSA_PKCS1_OAEP_PADDING:
++ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
++ break;
++#endif
++ case RSA_SSLV23_PADDING:
++ r = RSA_padding_check_SSLv23(to, num, p, j, num);
++ break;
++ case RSA_NO_PADDING:
++ r = RSA_padding_check_none(to, num, p, j, num);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (r < 0)
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
++
++err:
++ BN_clear_free(&f);
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/* Similar to OpenSSL code. Input errors are also checked here */
++static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ BIGNUM f;
++ int i, num = 0, r = -1;
++ unsigned char *p;
++ unsigned char *buf = NULL;
++
++ BN_init(&f);
++ num = BN_num_bytes(rsa->n);
++ buf = (unsigned char *)OPENSSL_malloc(num);
++ if (buf == NULL)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * This check was for equality but PGP does evil things
++ * and chops off the top '0' bytes
++ */
++ if (flen > num)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
++ goto err;
++ }
++
++ if (BN_bin2bn(from, flen, &f) == NULL)
++ goto err;
++
++ if (BN_ucmp(&f, rsa->n) >= 0)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC,
++ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
++ goto err;
++ }
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
++
++ /*
++ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
++ * Needs to skip these 0's here
++ */
++ for (i = 0; i < r; i++)
++ if (buf[i] != 0)
++ break;
++
++ p = buf + i;
++ i = r - i; /* i is only used with no-padding mode */
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
++ break;
++ case RSA_NO_PADDING:
++ r = RSA_padding_check_none(to, num, p, i, num);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (r < 0)
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
++
++err:
++ BN_clear_free(&f);
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/*
++ * This function implements RSA public encryption using C_EncryptInit and
++ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_public_encrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_encrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
++ PK11_R_ENCRYPTINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Encrypt(sp->session,
++ (unsigned char *)from, flen, to, &bytes_encrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
++ PK11_R_ENCRYPT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_encrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA private encryption using C_SignInit and
++ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_private_encrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG ul_sig_len = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ {
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ }
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech,
++ h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
++ PK11_R_SIGNINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Sign(sp->session,
++ (unsigned char *)from, flen, to, &ul_sig_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
++ rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ retval = ul_sig_len;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA private decryption using C_DecryptInit and
++ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_private_decrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_decrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
++ h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
++ PK11_R_DECRYPTINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Decrypt(sp->session,
++ (unsigned char *)from, flen, to, &bytes_decrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
++ PK11_R_DECRYPT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_decrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA public decryption using C_VerifyRecoverInit
++ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_public_decrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_decrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyRecoverInit(sp->session,
++ p_mech, h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
++ PK11_R_VERIFYRECOVERINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_VerifyRecover(sp->session,
++ (unsigned char *)from, flen, to, &bytes_decrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
++ PK11_R_VERIFYRECOVER, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_decrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++static int pk11_RSA_init(RSA *rsa)
++ {
++ /*
++ * This flag in the RSA_METHOD enables the new rsa_sign,
++ * rsa_verify functions. See rsa.h for details.
++ */
++ rsa->flags |= RSA_FLAG_SIGN_VER;
++
++ return (1);
++ }
++
++static int pk11_RSA_finish(RSA *rsa)
++ {
++ /*
++ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
++ * to do the same as in the original function, i.e. to free bignum
++ * structures.
++ */
++ if (rsa->_method_mod_n != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_n);
++ if (rsa->_method_mod_p != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_p);
++ if (rsa->_method_mod_q != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_q);
++
++ return (1);
++ }
++
++/*
++ * Standard engine interface function. Majority codes here are from
++ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
++ * See more details in rsa/rsa_sign.c
++ */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++ unsigned long ulsiglen;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key((RSA *)rsa,
++ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
++ sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto err;
++ }
++
++ ulsiglen = j;
++ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
++ (CK_ULONG_PTR) &ulsiglen);
++ *siglen = ulsiglen;
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_RSA_verify(int type, const unsigned char *m,
++ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa)
++#else
++static int pk11_RSA_verify(int type, const unsigned char *m,
++ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa)
++#endif
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
++ rv);
++ goto err;
++ }
++ rv = pFuncList->C_Verify(sp->session, s, i,
++ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++static int hndidx_rsa = -1;
++
++#define MAXATTR 1024
++
++/*
++ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *privkey;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BBOOL rollback = FALSE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for private keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize the OpenSSL RSA
++ * structure with something we can use to look up the key. Note that we
++ * never ask for private components.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(privkey_file, "pkcs11:") == privkey_file)
++ {
++ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_TRUE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ if (hndidx_rsa == -1)
++ hndidx_rsa = RSA_get_ex_new_index(0,
++ "pkcs11 RSA HSM key handle",
++ NULL, NULL, NULL);
++
++ /*
++ * We might have a cache hit which we could confirm
++ * according to the 'n'/'e' params, RSA public pointer
++ * as NULL, and non-NULL RSA private pointer. However,
++ * it is easier just to recreate everything. We expect
++ * the keys to be loaded once and used many times. We
++ * do not check the return value because even in case
++ * of failure the sp structure will have both key
++ * pointer and object handle cleaned and
++ * pk11_destroy_object() reports the failure to the
++ * OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, FALSE);
++
++ sp->opdata_rsa_priv_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->priv_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA private structure pointer. We do not
++ * use it now for key-by-ref keys but let's do it for
++ * consistency reasons.
++ */
++ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
++ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ /*
++ * We do not use pk11_get_private_rsa_key() here so we
++ * must take care of handle management ourselves.
++ */
++ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, TRUE, rollback, err);
++
++ /*
++ * Those are the sensitive components we do not want to export
++ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
++ */
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++ /*
++ * Must have 'n'/'e' components in the session structure as
++ * well. They serve as a public look-up key for the private key
++ * in the keystore.
++ */
++ attr_to_BN(&get_templ[0], attr_data[0],
++ &sp->opdata_rsa_pn_num);
++ attr_to_BN(&get_templ[1], attr_data[1],
++ &sp->opdata_rsa_pe_num);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++ }
++ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
++ (void) fclose(privkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_priv(sp, rsa);
++ sp->priv_persistent = CK_FALSE;
++
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa,
++ &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ if (h_priv_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ rollback = rollback;
++ return (pkey);
++ }
++
++/*
++ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *pubkey;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for public keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize OpenSSL RSA
++ * structure with something we can use to look up the key.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
++ {
++ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_FALSE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * We load a new public key so we will create a new RSA
++ * structure. No cache hit is possible.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, FALSE);
++
++ sp->opdata_rsa_pub_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->pub_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA public structure pointer.
++ */
++ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER;
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PUBKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++
++ /*
++ * Create a session object from it so that when calling
++ * pk11_get_public_rsa_key() the next time, we can find it. The
++ * reason why we do that is that we cannot tell from the RSA
++ * structure (OpenSSL RSA structure does not have any room for
++ * additional data used by the engine, for example) if it bears
++ * a public key stored in the keystore or not so it's better if
++ * we always have a session key. Note that this is different
++ * from what we do for the private keystore objects but in that
++ * case, we can tell from the RSA structure that the keystore
++ * object is in play - the 'd' component is NULL in that case.
++ */
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
++ (void) fclose(pubkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_pub(sp, rsa);
++ sp->pub_persistent = CK_FALSE;
++
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ return (pkey);
++ }
++
++/*
++ * Create a public key object in a session from a given rsa structure.
++ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
++ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY_RECOVER, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
++ };
++
++ int i;
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
++ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[6].ulValueLen);
++ if (a_key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->n, a_key_template[6].pValue);
++
++ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
++ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[7].ulValueLen);
++ if (a_key_template[7].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->e, a_key_template[7].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (rsa_n_num != NULL)
++ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ if (rsa_e_num != NULL)
++ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ BN_free(*rsa_n_num);
++ *rsa_n_num = NULL;
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ for (i = 6; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given rsa structure.
++ * The *rsa_d_num pointer is non-NULL for RSA private keys.
++ */
++static CK_OBJECT_HANDLE
++pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ int i;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 14;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIME_1, (void *)NULL, 0},
++ {CKA_PRIME_2, (void *)NULL, 0},
++ {CKA_EXPONENT_1, (void *)NULL, 0},
++ {CKA_EXPONENT_2, (void *)NULL, 0},
++ {CKA_COEFFICIENT, (void *)NULL, 0},
++ };
++
++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
++ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
++ LOCK_OBJSTORE(OP_RSA);
++ goto set;
++ }
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(rsa->n, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(rsa->e, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(rsa->d, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0 ||
++ init_template_value(rsa->p, &a_key_template[9].pValue,
++ &a_key_template[9].ulValueLen) == 0 ||
++ init_template_value(rsa->q, &a_key_template[10].pValue,
++ &a_key_template[10].ulValueLen) == 0 ||
++ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
++ &a_key_template[11].ulValueLen) == 0 ||
++ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
++ &a_key_template[12].ulValueLen) == 0 ||
++ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
++ &a_key_template[13].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * We are getting the private key but the private 'd'
++ * component is NULL. That means this is key by reference RSA
++ * key. In that case, we can use only public components for
++ * searching for the private key handle.
++ */
++ if (rsa->d == NULL)
++ {
++ ul_key_attr_count = 8;
++ /*
++ * We will perform the search in the token, not in the existing
++ * session keys.
++ */
++ a_key_template[2].pValue = &mytrue;
++ }
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ /*
++ * We have an RSA structure with 'n'/'e' components
++ * only so we tried to find the private key in the
++ * keystore. If it was really a token key we have a
++ * problem. Note that for other key types we just
++ * create a new session key using the private
++ * components from the RSA structure.
++ */
++ if (rsa->d == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_PRIV_KEY_NOT_FOUND);
++ goto err;
++ }
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++set:
++ if (rsa_d_num != NULL)
++ {
++ /*
++ * When RSA keys by reference code is used, we never
++ * extract private components from the keystore. In
++ * that case 'd' was set to NULL and we expect the
++ * application to properly cope with that. It is
++ * documented in openssl(5). In general, if keys by
++ * reference are used we expect it to be used
++ * exclusively using the high level API and then there
++ * is no problem. If the application expects the
++ * private components to be read from the keystore
++ * then that is not a supported way of usage.
++ */
++ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ else
++ *rsa_d_num = NULL;
++ }
++
++ /*
++ * For the key by reference code, we need public components as well
++ * since 'd' component is always NULL. For that reason, we always cache
++ * 'n'/'e' components as well.
++ */
++ *rsa_n_num = BN_dup(rsa->n);
++ *rsa_e_num = BN_dup(rsa->e);
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0 &&
++ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ /*
++ * 6 to 13 entries in the key template are key components.
++ * They need to be freed upon exit or error.
++ */
++ for (i = 6; i <= 13; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making the
++ * check for cache hit stronger. Only public components of RSA
++ * key matter here so it is sufficient to compare them with values
++ * cached in PK11_SESSION structure.
++ *
++ * We must check the handle as well since with key by reference, public
++ * components 'n'/'e' are cached in private keys as well. That means we
++ * could have a cache hit in a private key when looking for a public
++ * key. That would not work, you cannot have one PKCS#11 object for
++ * both data signing and verifying.
++ */
++ if ((sp->opdata_rsa_pub != rsa) ||
++ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making
++ * the check for cache hit stronger. Comparing public exponent
++ * of RSA key with value cached in PK11_SESSION structure
++ * should be sufficient. Note that we want to compare the
++ * public component since with the keys by reference
++ * mechanism, private components are not in the RSA
++ * structure. Also, see check_new_rsa_key_pub() about why we
++ * compare the handle as well.
++ */
++ if ((sp->opdata_rsa_priv != rsa) ||
++ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_pn_num == NULL) ||
++ (sp->opdata_rsa_pe_num == NULL) ||
++ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DSA
++/* The DSA function implementation */
++/* ARGSUSED */
++static int pk11_DSA_init(DSA *dsa)
++ {
++ return (1);
++ }
++
++/* ARGSUSED */
++static int pk11_DSA_finish(DSA *dsa)
++ {
++ return (1);
++ }
++
++
++static DSA_SIG *
++pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
++ {
++ BIGNUM *r = NULL, *s = NULL;
++ int i;
++ DSA_SIG *dsa_sig = NULL;
++
++ CK_RV rv;
++ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
++ CK_MECHANISM *p_mech = &Mechanism_dsa;
++ CK_OBJECT_HANDLE h_priv_key;
++
++ /*
++ * The signature is the concatenation of r and s,
++ * each is 20 bytes long
++ */
++ unsigned char sigret[DSA_SIGNATURE_LEN];
++ unsigned long siglen = DSA_SIGNATURE_LEN;
++ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
++
++ PK11_SESSION *sp = NULL;
++
++ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
++ goto ret;
++ }
++
++ i = BN_num_bytes(dsa->q); /* should be 20 */
++ if (dlen > i)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
++ goto ret;
++ }
++
++ if ((sp = pk11_get_session(OP_DSA)) == NULL)
++ goto ret;
++
++ (void) check_new_dsa_key_priv(sp, dsa);
++
++ h_priv_key = sp->opdata_dsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_dsa_priv_key =
++ pk11_get_private_dsa_key((DSA *)dsa,
++ &sp->opdata_dsa_priv,
++ &sp->opdata_dsa_priv_num, sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto ret;
++ }
++
++ (void) memset(sigret, 0, siglen);
++ rv = pFuncList->C_Sign(sp->session,
++ (unsigned char*) dgst, dlen, sigret,
++ (CK_ULONG_PTR) &siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
++ goto ret;
++ }
++ }
++
++
++ if ((s = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if ((r = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if ((dsa_sig = DSA_SIG_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
++ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ dsa_sig->r = r;
++ dsa_sig->s = s;
++
++ret:
++ if (dsa_sig == NULL)
++ {
++ if (r != NULL)
++ BN_free(r);
++ if (s != NULL)
++ BN_free(s);
++ }
++
++ pk11_return_session(sp, OP_DSA);
++ return (dsa_sig);
++ }
++
++static int
++pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
++ DSA *dsa)
++ {
++ int i;
++ CK_RV rv;
++ int retval = 0;
++ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
++ CK_MECHANISM *p_mech = &Mechanism_dsa;
++ CK_OBJECT_HANDLE h_pub_key;
++
++ unsigned char sigbuf[DSA_SIGNATURE_LEN];
++ unsigned long siglen = DSA_SIGNATURE_LEN;
++ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
++
++ PK11_SESSION *sp = NULL;
++
++ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_DSA_SIGNATURE_R);
++ goto ret;
++ }
++
++ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_DSA_SIGNATURE_S);
++ goto ret;
++ }
++
++ i = BN_num_bytes(dsa->q); /* should be 20 */
++
++ if (dlen > i)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_SIGNATURE_LENGTH);
++ goto ret;
++ }
++
++ if ((sp = pk11_get_session(OP_DSA)) == NULL)
++ goto ret;
++
++ (void) check_new_dsa_key_pub(sp, dsa);
++
++ h_pub_key = sp->opdata_dsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_dsa_pub_key =
++ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
++ &sp->opdata_dsa_pub_num, sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
++ rv);
++ goto ret;
++ }
++
++ /*
++ * The representation of each of the two big numbers could
++ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
++ * to act accordingly and shift if necessary.
++ */
++ (void) memset(sigbuf, 0, siglen);
++ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
++ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
++ BN_num_bytes(sig->s));
++
++ rv = pFuncList->C_Verify(sp->session,
++ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
++ goto ret;
++ }
++ }
++
++ retval = 1;
++ret:
++
++ pk11_return_session(sp, OP_DSA);
++ return (retval);
++ }
++
++
++/*
++ * Create a public key object in a session from a given dsa structure.
++ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
++ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_KEY_TYPE k_type = CKK_DSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++ int i;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_PRIME, (void *)NULL, 0}, /* p */
++ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
++ {CKA_BASE, (void *)NULL, 0}, /* g */
++ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
++ };
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ if (init_template_value(dsa->p, &a_key_template[4].pValue,
++ &a_key_template[4].ulValueLen) == 0 ||
++ init_template_value(dsa->q, &a_key_template[5].pValue,
++ &a_key_template[5].ulValueLen) == 0 ||
++ init_template_value(dsa->g, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DSA);
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (dsa_pub_num != NULL)
++ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DSA);
++
++malloc_err:
++ for (i = 4; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given dsa structure
++ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
++ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ int i;
++ CK_ULONG found;
++ CK_KEY_TYPE k_type = CKK_DSA;
++ CK_ULONG ul_key_attr_count = 9;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_PRIME, (void *)NULL, 0}, /* p */
++ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
++ {CKA_BASE, (void *)NULL, 0}, /* g */
++ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
++ };
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(dsa->p, &a_key_template[5].pValue,
++ &a_key_template[5].ulValueLen) == 0 ||
++ init_template_value(dsa->q, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(dsa->g, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DSA);
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (dsa_priv_num != NULL)
++ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DSA);
++
++malloc_err:
++ /*
++ * 5 to 8 entries in the key template are key components.
++ * They need to be freed apon exit or error.
++ */
++ for (i = 5; i <= 8; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
++ {
++ /*
++ * Provide protection against DSA structure reuse by making the
++ * check for cache hit stronger. Only public key component of DSA
++ * key matters here so it is sufficient to compare it with value
++ * cached in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dsa_pub != dsa) ||
++ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
++ {
++ /*
++ * Provide protection against DSA structure reuse by making the
++ * check for cache hit stronger. Only private key component of DSA
++ * key matters here so it is sufficient to compare it with value
++ * cached in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dsa_priv != dsa) ||
++ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++
++#ifndef OPENSSL_NO_DH
++/* The DH function implementation */
++/* ARGSUSED */
++static int pk11_DH_init(DH *dh)
++ {
++ return (1);
++ }
++
++/* ARGSUSED */
++static int pk11_DH_finish(DH *dh)
++ {
++ return (1);
++ }
++
++/*
++ * Generate DH key-pair.
++ *
++ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
++ * and override it even if it is set. OpenSSL does not touch dh->priv_key
++ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
++ * is not capable of providing this functionality. This could be a problem
++ * for applications relying on OpenSSL's semantics.
++ */
++static int pk11_DH_generate_key(DH *dh)
++ {
++ CK_ULONG i;
++ CK_RV rv, rv1;
++ int reuse_mem_len = 0, ret = 0;
++ PK11_SESSION *sp = NULL;
++ CK_BYTE_PTR reuse_mem;
++
++ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++
++ CK_ULONG ul_pub_key_attr_count = 3;
++ CK_ATTRIBUTE pub_key_template[] =
++ {
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_PRIME, (void *)NULL, 0},
++ {CKA_BASE, (void *)NULL, 0}
++ };
++
++ CK_ULONG ul_priv_key_attr_count = 3;
++ CK_ATTRIBUTE priv_key_template[] =
++ {
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DERIVE, &mytrue, sizeof (mytrue)}
++ };
++
++ CK_ULONG pub_key_attr_result_count = 1;
++ CK_ATTRIBUTE pub_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ CK_ULONG priv_key_attr_result_count = 1;
++ CK_ATTRIBUTE priv_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
++ if (pub_key_template[1].ulValueLen > 0)
++ {
++ /*
++ * We must not increase ulValueLen by DH_BUF_RESERVE since that
++ * could cause the same rounding problem. See definition of
++ * DH_BUF_RESERVE above.
++ */
++ pub_key_template[1].pValue =
++ OPENSSL_malloc(pub_key_template[1].ulValueLen +
++ DH_BUF_RESERVE);
++ if (pub_key_template[1].pValue == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
++ }
++ else
++ goto err;
++
++ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
++ if (pub_key_template[2].ulValueLen > 0)
++ {
++ pub_key_template[2].pValue =
++ OPENSSL_malloc(pub_key_template[2].ulValueLen +
++ DH_BUF_RESERVE);
++ if (pub_key_template[2].pValue == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
++ }
++ else
++ goto err;
++
++ /*
++ * Note: we are only using PK11_SESSION structure for getting
++ * a session handle. The objects created in this function are
++ * destroyed before return and thus not cached.
++ */
++ if ((sp = pk11_get_session(OP_DH)) == NULL)
++ goto err;
++
++ rv = pFuncList->C_GenerateKeyPair(sp->session,
++ &mechanism,
++ pub_key_template,
++ ul_pub_key_attr_count,
++ priv_key_template,
++ ul_priv_key_attr_count,
++ &h_pub_key,
++ &h_priv_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
++ goto err;
++ }
++
++ /*
++ * Reuse the larger memory allocated. We know the larger memory
++ * should be sufficient for reuse.
++ */
++ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
++ {
++ reuse_mem = pub_key_template[1].pValue;
++ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
++ }
++ else
++ {
++ reuse_mem = pub_key_template[2].pValue;
++ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
++ pub_key_result, pub_key_attr_result_count);
++ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK || rv1 != CKR_OK)
++ {
++ rv = (rv != CKR_OK) ? rv : rv1;
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
++ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
++ goto err;
++ }
++
++ /* Reuse the memory allocated */
++ pub_key_result[0].pValue = reuse_mem;
++ pub_key_result[0].ulValueLen = reuse_mem_len;
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
++ pub_key_result, pub_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (pub_key_result[0].type == CKA_VALUE)
++ {
++ if (dh->pub_key == NULL)
++ if ((dh->pub_key = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
++ pub_key_result[0].ulValueLen, dh->pub_key);
++ if (dh->pub_key == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ }
++
++ /* Reuse the memory allocated */
++ priv_key_result[0].pValue = reuse_mem;
++ priv_key_result[0].ulValueLen = reuse_mem_len;
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (priv_key_result[0].type == CKA_VALUE)
++ {
++ if (dh->priv_key == NULL)
++ if ((dh->priv_key = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
++ priv_key_result[0].ulValueLen, dh->priv_key);
++ if (dh->priv_key == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ }
++
++ ret = 1;
++
++err:
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++
++ for (i = 1; i <= 2; i++)
++ {
++ if (pub_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(pub_key_template[i].pValue);
++ pub_key_template[i].pValue = NULL;
++ }
++ }
++
++ pk11_return_session(sp, OP_DH);
++ return (ret);
++ }
++
++static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
++ DH *dh)
++ {
++ unsigned int i;
++ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
++ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
++ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
++ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++
++ CK_ULONG seclen;
++ CK_ULONG ul_priv_key_attr_count = 3;
++ CK_ATTRIBUTE priv_key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
++ {CKA_VALUE_LEN, &seclen, sizeof (seclen)},
++ };
++
++ CK_ULONG priv_key_attr_result_count = 1;
++ CK_ATTRIBUTE priv_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ CK_RV rv;
++ int ret = -1;
++ PK11_SESSION *sp = NULL;
++
++ if (dh->priv_key == NULL)
++ goto err;
++
++ priv_key_template[0].pValue = &key_class;
++ priv_key_template[1].pValue = &key_type;
++ seclen = BN_num_bytes(dh->p);
++
++ if ((sp = pk11_get_session(OP_DH)) == NULL)
++ goto err;
++
++ mechanism.ulParameterLen = BN_num_bytes(pub_key);
++ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
++ if (mechanism.pParameter == NULL)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ BN_bn2bin(pub_key, mechanism.pParameter);
++
++ (void) check_new_dh_key(sp, dh);
++
++ h_key = sp->opdata_dh_key;
++ if (h_key == CK_INVALID_HANDLE)
++ h_key = sp->opdata_dh_key =
++ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
++ &sp->opdata_dh_priv_num, sp->session);
++
++ if (h_key == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
++ goto err;
++ }
++
++ rv = pFuncList->C_DeriveKey(sp->session,
++ &mechanism,
++ h_key,
++ priv_key_template,
++ ul_priv_key_attr_count,
++ &h_derived_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
++ rv);
++ goto err;
++ }
++
++ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
++ goto err;
++ }
++ priv_key_result[0].pValue =
++ OPENSSL_malloc(priv_key_result[0].ulValueLen);
++ if (!priv_key_result[0].pValue)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
++ rv);
++ goto err;
++ }
++
++ /*
++ * OpenSSL allocates the output buffer 'key' which is the same
++ * length of the public key. It is long enough for the derived key
++ */
++ if (priv_key_result[0].type == CKA_VALUE)
++ {
++ /*
++ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
++ * leading zeros from a computed shared secret. However,
++ * OpenSSL always did it so we must do the same here. The
++ * vagueness of the spec regarding leading zero bytes was
++ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
++ * zeros are stripped before the computed data is used as the
++ * pre-master secret.
++ */
++ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
++ {
++ if (((char *)priv_key_result[0].pValue)[i] != 0)
++ break;
++ }
++
++ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
++ priv_key_result[0].ulValueLen - i);
++ ret = priv_key_result[0].ulValueLen - i;
++ }
++
++err:
++
++ if (h_derived_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++ if (priv_key_result[0].pValue)
++ {
++ OPENSSL_free(priv_key_result[0].pValue);
++ priv_key_result[0].pValue = NULL;
++ }
++
++ if (mechanism.pParameter)
++ {
++ OPENSSL_free(mechanism.pParameter);
++ mechanism.pParameter = NULL;
++ }
++
++ pk11_return_session(sp, OP_DH);
++ return (ret);
++ }
++
++
++static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
++ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE key_type = CKK_DH;
++ CK_ULONG found;
++ CK_BBOOL rollback = FALSE;
++ int i;
++
++ CK_ULONG ul_key_attr_count = 7;
++ CK_ATTRIBUTE key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (class)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
++ {CKA_DERIVE, &mytrue, sizeof (mytrue)},
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_PRIME, (void *) NULL, 0},
++ {CKA_BASE, (void *) NULL, 0},
++ {CKA_VALUE, (void *) NULL, 0},
++ };
++
++ key_template[0].pValue = &class;
++ key_template[1].pValue = &key_type;
++
++ key_template[4].ulValueLen = BN_num_bytes(dh->p);
++ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[4].ulValueLen);
++ if (key_template[4].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->p, key_template[4].pValue);
++
++ key_template[5].ulValueLen = BN_num_bytes(dh->g);
++ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[5].ulValueLen);
++ if (key_template[5].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->g, key_template[5].pValue);
++
++ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
++ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[6].ulValueLen);
++ if (key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->priv_key, key_template[6].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DH);
++ rv = pFuncList->C_FindObjectsInit(session, key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
++ rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
++ rv);
++ goto err;
++ }
++ }
++
++ if (dh_priv_num != NULL)
++ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dh;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DH);
++
++malloc_err:
++ for (i = 4; i <= 6; i++)
++ {
++ if (key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(key_template[i].pValue);
++ key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ *
++ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
++ * to CK_INVALID_HANDLE even when it fails to destroy the object.
++ */
++static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
++ {
++ /*
++ * Provide protection against DH structure reuse by making the
++ * check for cache hit stronger. Private key component of DH key
++ * is unique so it is sufficient to compare it with value cached
++ * in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dh != dh) ||
++ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dh_object(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++/*
++ * Local function to simplify key template population
++ * Return 0 -- error, 1 -- no error
++ */
++static int
++init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
++ CK_ULONG *ul_value_len)
++ {
++ CK_ULONG len = 0;
++
++ /*
++ * This function can be used on non-initialized BIGNUMs. It is
++ * easier to check that here than individually in the callers.
++ */
++ if (bn != NULL)
++ len = BN_num_bytes(bn);
++
++ if (bn == NULL || len == 0)
++ return (1);
++
++ *ul_value_len = len;
++ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
++ if (*p_value == NULL)
++ return (0);
++
++ BN_bn2bin(bn, *p_value);
++
++ return (1);
++ }
++
++static void
++attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
++ {
++ if (attr->ulValueLen > 0)
++ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
++ }
++
++/*
++ * Find one object in the token. It is an error if we can not find the
++ * object or if we find more objects based on the template we got.
++ * Assume object store locked.
++ *
++ * Returns:
++ * 1 OK
++ * 0 no object or more than 1 object found
++ */
++static int
++find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
++ {
++ CK_RV rv;
++ CK_ULONG objcnt;
++
++ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_FINDOBJECTSINIT, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(s);
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
++ rv);
++ return (0);
++ }
++
++ (void) pFuncList->C_FindObjectsFinal(s);
++
++ if (objcnt > 1)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
++ return (0);
++ }
++ else if (objcnt == 0)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
++ return (0);
++ }
++ return (1);
++ }
++
++/* from uri stuff */
++
++extern char *pk11_pin;
++
++static int pk11_get_pin(void);
++
++static int
++pk11_get_pin(void)
++{
++ char *pin;
++
++ /* The getpassphrase() function is not MT safe. */
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ pin = getpassphrase("Enter PIN: ");
++ if (pin == NULL)
++ {
++ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ pk11_pin = BUF_strdup(pin);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ memset(pin, 0, strlen(pin));
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (1);
++ }
++
++/*
++ * Log in to the keystore if we are supposed to do that at all. Take care of
++ * reading and caching the PIN etc. Log in only once even when called from
++ * multiple threads.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++static int
++pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private)
++ {
++ CK_RV rv;
++
++#if 0
++ /* doesn't work on the AEP Keyper??? */
++ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_NOT_INITIALIZED);
++ return (0);
++ }
++#endif
++
++ /*
++ * If login is required or needed but the PIN has not been
++ * even initialized we can bail out right now. Note that we
++ * are supposed to always log in if we are going to access
++ * private keys. However, we may need to log in even for
++ * accessing public keys in case that the CKF_LOGIN_REQUIRED
++ * flag is set.
++ */
++ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE)) &&
++ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
++ return (0);
++ }
++
++ /*
++ * Note on locking: it is possible that more than one thread
++ * gets into pk11_get_pin() so we must deal with that. We
++ * cannot avoid it since we cannot guard fork() in there with
++ * a lock because we could end up in a dead lock in the
++ * child. Why? Remember we are in a multithreaded environment
++ * so we must lock all mutexes in the prefork function to
++ * avoid a situation in which a thread that did not call
++ * fork() held a lock, making future unlocking impossible. We
++ * lock right before C_Login().
++ */
++ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE))
++ {
++ if (*login_done == CK_FALSE)
++ {
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_PIN_NOT_PROVIDED);
++ return (0);
++ }
++ }
++
++ /*
++ * Note that what we are logging into is the keystore from
++ * pubkey_SLOTID because we work with OP_RSA session type here.
++ * That also means that we can work with only one keystore in
++ * the engine.
++ *
++ * We must make sure we do not try to login more than once.
++ * Also, see the comment above on locking strategy.
++ */
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if (*login_done == CK_FALSE)
++ {
++ if ((rv = pFuncList->C_Login(session,
++ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
++ strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++ goto err_locked;
++ }
++
++ *login_done = CK_TRUE;
++
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++ else
++ {
++ /*
++ * If token does not require login we take it as the
++ * login was done.
++ */
++ *login_done = CK_TRUE;
++ }
++
++ return (1);
++
++err_locked:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++
++/*
++ * Log in to the keystore in the child if we were logged in in the
++ * parent. There are similarities in the code with pk11_token_login()
++ * but still it is quite different so we need a separate function for
++ * this.
++ *
++ * Note that this function is called under the locked session mutex when fork is
++ * detected. That means that C_Login() will be called from the child just once.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++int
++pk11_token_relogin(CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ return (0);
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if ((rv = pFuncList->C_Login(session, CKU_USER,
++ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (1);
++ }
++
++#ifdef OPENSSL_SYS_WIN32
++char *getpassphrase(const char *prompt)
++ {
++ static char buf[128];
++ HANDLE h;
++ DWORD cc, mode;
++ int cnt;
++
++ h = GetStdHandle(STD_INPUT_HANDLE);
++ fputs(prompt, stderr);
++ fflush(stderr);
++ fflush(stdout);
++ FlushConsoleInputBuffer(h);
++ GetConsoleMode(h, &mode);
++ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
++
++ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
++ {
++ ReadFile(h, buf + cnt, 1, &cc, NULL);
++ if (buf[cnt] == '\r')
++ break;
++ fputc('*', stdout);
++ fflush(stderr);
++ fflush(stdout);
++ }
++
++ SetConsoleMode(h, mode);
++ buf[cnt] = '\0';
++ fputs("\n", stderr);
++ return buf;
++ }
++#endif /* OPENSSL_SYS_WIN32 */
++#endif /* OPENSSL_NO_HW_PK11CA */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11ca.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
+--- /dev/null Thu Jul 3 12:42:33 2014
++++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
+@@ -0,0 +1,32 @@
++/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
++
++#define token_lock pk11ca_token_lock
++#define find_lock pk11ca_find_lock
++#define active_list pk11ca_active_list
++#define pubkey_token_flags pk11ca_pubkey_token_flags
++#define pubkey_SLOTID pk11ca_pubkey_SLOTID
++#define ERR_pk11_error ERR_pk11ca_error
++#define PK11err_add_data PK11CAerr_add_data
++#define pk11_get_session pk11ca_get_session
++#define pk11_return_session pk11ca_return_session
++#define pk11_active_add pk11ca_active_add
++#define pk11_active_delete pk11ca_active_delete
++#define pk11_active_remove pk11ca_active_remove
++#define pk11_free_active_list pk11ca_free_active_list
++#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
++#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
++#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
++#define pk11_load_privkey pk11ca_load_privkey
++#define pk11_load_pubkey pk11ca_load_pubkey
++#define PK11_RSA PK11CA_RSA
++#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
++#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
++#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
++#define PK11_DSA PK11CA_DSA
++#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
++#define pk11_destroy_dh_object pk11ca_destroy_dh_object
++#define PK11_DH PK11CA_DH
++#define pk11_token_relogin pk11ca_token_relogin
++#define pFuncList pk11ca_pFuncList
++#define pk11_pin pk11ca_pin
++#define ENGINE_load_pk11 ENGINE_load_pk11ca
+Index: openssl/crypto/engine/hw_pk11so.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7.4.1
+--- /dev/null Thu Jul 3 12:42:33 2014
++++ openssl/crypto/engine/hw_pk11so.c Fri Oct 4 14:33:56 2013
+@@ -0,0 +1,1775 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++/* Modified to keep only RNG and RSA Sign */
++
++#ifdef OPENSSL_NO_RSA
++#error RSA is disabled
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/md5.h>
++#include <openssl/pem.h>
++#include <openssl/rsa.h>
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++typedef int pid_t;
++#define getpid() GetCurrentProcessId()
++#define NOPTHREADS
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <signal.h>
++#include <unistd.h>
++#include <dlfcn.h>
++#endif
++
++/* Debug mutexes */
++/*#undef DEBUG_MUTEX */
++#define DEBUG_MUTEX
++
++#ifndef NOPTHREADS
++/* for pthread error check on Linuxes */
++#ifdef DEBUG_MUTEX
++#define __USE_UNIX98
++#endif
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11SO
++
++/* label for debug messages printed on stderr */
++#define PK11_DBG "PKCS#11 ENGINE DEBUG"
++/* prints a lot of debug messages on stderr about slot selection process */
++/*#undef DEBUG_SLOT_SELECTION */
++
++#ifndef OPENSSL_NO_DSA
++#define OPENSSL_NO_DSA
++#endif
++#ifndef OPENSSL_NO_DH
++#define OPENSSL_NO_DH
++#endif
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11so.h"
++#include "hw_pk11_err.c"
++
++/*
++ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
++ * uri_struct manipulation, and static token info. All of that is used by the
++ * RSA keys by reference feature.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *token_lock;
++#endif
++
++/* PKCS#11 session caches and their locks for all operation types */
++static PK11_CACHE session_cache[OP_MAX];
++
++/*
++ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
++ * logging into the token.
++ */
++CK_FLAGS pubkey_token_flags;
++
++/*
++ * As stated in v2.20, 11.7 Object Management Function, in section for
++ * C_FindObjectsInit(), at most one search operation may be active at a given
++ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
++ * grouped together to form one atomic search operation. This is already
++ * ensured by the property of unique PKCS#11 session handle used for each
++ * PK11_SESSION object.
++ *
++ * This is however not the biggest concern - maintaining consistency of the
++ * underlying object store is more important. The same section of the spec also
++ * says that one thread can be in the middle of a search operation while another
++ * thread destroys the object matching the search template which would result in
++ * invalid handle returned from the search operation.
++ *
++ * Hence, the following locks are used for both protection of the object stores.
++ * They are also used for active list protection.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *find_lock[OP_MAX] = { NULL };
++#endif
++
++/*
++ * lists of asymmetric key handles which are active (referenced by at least one
++ * PK11_SESSION structure, either held by a thread or present in free_session
++ * list) for given algorithm type
++ */
++PK11_active *active_list[OP_MAX] = { NULL };
++
++/*
++ * Create all secret key objects in a global session so that they are available
++ * to use for other sessions. These other sessions may be opened or closed
++ * without losing the secret key objects.
++ */
++static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
++
++/* ENGINE level stuff */
++static int pk11_init(ENGINE *e);
++static int pk11_library_init(ENGINE *e);
++static int pk11_finish(ENGINE *e);
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
++static int pk11_destroy(ENGINE *e);
++
++/* RAND stuff */
++static void pk11_rand_seed(const void *buf, int num);
++static void pk11_rand_add(const void *buf, int num, double add_entropy);
++static void pk11_rand_cleanup(void);
++static int pk11_rand_bytes(unsigned char *buf, int num);
++static int pk11_rand_status(void);
++
++/* These functions are also used in other files */
++PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++
++/* active list manipulation functions used in this file */
++extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
++extern void pk11_free_active_list(PK11_OPTYPE type);
++
++int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++
++/* Local helper functions */
++static int pk11_free_all_sessions(void);
++static int pk11_free_session_list(PK11_OPTYPE optype);
++static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent);
++static const char *get_PK11_LIBNAME(void);
++static void free_PK11_LIBNAME(void);
++static long set_PK11_LIBNAME(const char *name);
++
++static int pk11_choose_slots(int *any_slot_found);
++
++static int pk11_init_all_locks(void);
++static void pk11_free_all_locks(void);
++
++#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
++ { \
++ if (uselock) \
++ LOCK_OBJSTORE(alg_type); \
++ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
++ { \
++ retval = pk11_destroy_object(sp->session, obj_hdl, \
++ priv ? sp->priv_persistent : sp->pub_persistent); \
++ } \
++ if (uselock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ }
++
++static CK_BBOOL pk11_have_rsa = CK_FALSE;
++static CK_BBOOL pk11_have_random = CK_FALSE;
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * The definitions for control commands specific to this engine
++ */
++#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
++#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
++#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
++static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
++ {
++ {
++ PK11_CMD_SO_PATH,
++ "SO_PATH",
++ "Specifies the path to the 'pkcs#11' shared library",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_PIN,
++ "PIN",
++ "Specifies the pin code",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_SLOT,
++ "SLOT",
++ "Specifies the slot (default is auto select)",
++ ENGINE_CMD_FLAG_NUMERIC,
++ },
++ {0, NULL, NULL, 0}
++ };
++
++
++static RAND_METHOD pk11_random =
++ {
++ pk11_rand_seed,
++ pk11_rand_bytes,
++ pk11_rand_cleanup,
++ pk11_rand_add,
++ pk11_rand_bytes,
++ pk11_rand_status
++ };
++
++
++/* Constants used when creating the ENGINE */
++#ifdef OPENSSL_NO_HW_PK11CA
++#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
++#endif
++static const char *engine_pk11_id = "pkcs11";
++static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
++
++CK_FUNCTION_LIST_PTR pFuncList = NULL;
++static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
++
++/*
++ * This is a static string constant for the DSO file name and the function
++ * symbol names to bind to. We set it in the Configure script based on whether
++ * this is 32 or 64 bit build.
++ */
++static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
++
++/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
++CK_SLOT_ID pubkey_SLOTID = 0;
++static CK_SLOT_ID rand_SLOTID = 0;
++static CK_SLOT_ID SLOTID = 0;
++char *pk11_pin = NULL;
++static CK_BBOOL pk11_library_initialized = FALSE;
++static CK_BBOOL pk11_atfork_initialized = FALSE;
++static int pk11_pid = 0;
++
++static DSO *pk11_dso = NULL;
++
++/* allocate and initialize all locks used by the engine itself */
++static int pk11_init_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++ pthread_mutexattr_t attr;
++
++ if (pthread_mutexattr_init(&attr) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 100);
++ return (0);
++ }
++
++#ifdef DEBUG_MUTEX
++ if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 101);
++ return (0);
++ }
++#endif
++
++ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(token_lock, &attr);
++
++ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_RSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_RSA], &attr);
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ session_cache[type].lock =
++ OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (session_cache[type].lock == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(session_cache[type].lock, &attr);
++ }
++
++ return (1);
++
++malloc_err:
++ pk11_free_all_locks();
++ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
++ return (0);
++#else
++ return (1);
++#endif
++ }
++
++static void pk11_free_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++
++ if (token_lock != NULL)
++ {
++ (void) pthread_mutex_destroy(token_lock);
++ OPENSSL_free(token_lock);
++ token_lock = NULL;
++ }
++
++ if (find_lock[OP_RSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
++ OPENSSL_free(find_lock[OP_RSA]);
++ find_lock[OP_RSA] = NULL;
++ }
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (session_cache[type].lock != NULL)
++ {
++ (void) pthread_mutex_destroy(session_cache[type].lock);
++ OPENSSL_free(session_cache[type].lock);
++ session_cache[type].lock = NULL;
++ }
++ }
++#endif
++ }
++
++/*
++ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
++ */
++static int bind_pk11(ENGINE *e)
++ {
++ if (!pk11_library_initialized)
++ if (!pk11_library_init(e))
++ return (0);
++
++ if (!ENGINE_set_id(e, engine_pk11_id) ||
++ !ENGINE_set_name(e, engine_pk11_name))
++ return (0);
++
++ if (pk11_have_rsa == CK_TRUE)
++ {
++ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
++ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
++ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++
++ if (pk11_have_random)
++ {
++ if (!ENGINE_set_RAND(e, &pk11_random))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered random\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++ if (!ENGINE_set_init_function(e, pk11_init) ||
++ !ENGINE_set_destroy_function(e, pk11_destroy) ||
++ !ENGINE_set_finish_function(e, pk11_finish) ||
++ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
++ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
++ return (0);
++
++ /* Ensure the pk11 error handling is set up */
++ ERR_load_pk11_strings();
++
++ return (1);
++ }
++
++/* Dynamic engine support is disabled at a higher level for Solaris */
++#ifdef ENGINE_DYNAMIC_SUPPORT
++#error "dynamic engine not supported"
++static int bind_helper(ENGINE *e, const char *id)
++ {
++ if (id && (strcmp(id, engine_pk11_id) != 0))
++ return (0);
++
++ if (!bind_pk11(e))
++ return (0);
++
++ return (1);
++ }
++
++IMPLEMENT_DYNAMIC_CHECK_FN()
++IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
++
++#else
++static ENGINE *engine_pk11(void)
++ {
++ ENGINE *ret = ENGINE_new();
++
++ if (!ret)
++ return (NULL);
++
++ if (!bind_pk11(ret))
++ {
++ ENGINE_free(ret);
++ return (NULL);
++ }
++
++ return (ret);
++ }
++
++void
++ENGINE_load_pk11(void)
++ {
++ ENGINE *e_pk11 = NULL;
++
++ /*
++ * Do not use dynamic PKCS#11 library on Solaris due to
++ * security reasons. We will link it in statically.
++ */
++ /* Attempt to load PKCS#11 library */
++ if (!pk11_dso)
++ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
++ return;
++ }
++
++ e_pk11 = engine_pk11();
++ if (!e_pk11)
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ return;
++ }
++
++ /*
++ * At this point, the pk11 shared library is either dynamically
++ * loaded or statically linked in. So, initialize the pk11
++ * library before calling ENGINE_set_default since the latter
++ * needs cipher and digest algorithm information
++ */
++ if (!pk11_library_init(e_pk11))
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ ENGINE_free(e_pk11);
++ return;
++ }
++
++ ENGINE_add(e_pk11);
++
++ ENGINE_free(e_pk11);
++ ERR_clear_error();
++ }
++#endif /* ENGINE_DYNAMIC_SUPPORT */
++
++/*
++ * These are the static string constants for the DSO file name and
++ * the function symbol names to bind to.
++ */
++static const char *PK11_LIBNAME = NULL;
++
++static const char *get_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ return (PK11_LIBNAME);
++
++ return (def_PK11_LIBNAME);
++ }
++
++static void free_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ OPENSSL_free((void*)PK11_LIBNAME);
++
++ PK11_LIBNAME = NULL;
++ }
++
++static long set_PK11_LIBNAME(const char *name)
++ {
++ free_PK11_LIBNAME();
++
++ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
++ }
++
++/* acquire all engine specific mutexes before fork */
++static void pk11_fork_prepare(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ LOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++ for (i = 0; i < OP_MAX; i++)
++ {
++ OPENSSL_assert(pthread_mutex_lock(session_cache[i].lock) == 0);
++ }
++#endif
++ }
++
++/* release all engine specific mutexes */
++static void pk11_fork_parent(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/*
++ * same situation as in parent - we need to unlock all locks to make them
++ * accessible to all threads.
++ */
++static void pk11_fork_child(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/* Initialization function for the pk11 engine */
++static int pk11_init(ENGINE *e)
++{
++ return (pk11_library_init(e));
++}
++
++static CK_C_INITIALIZE_ARGS pk11_init_args =
++ {
++ NULL_PTR, /* CreateMutex */
++ NULL_PTR, /* DestroyMutex */
++ NULL_PTR, /* LockMutex */
++ NULL_PTR, /* UnlockMutex */
++ CKF_OS_LOCKING_OK, /* flags */
++ NULL_PTR, /* pReserved */
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * It selects a slot based on predefined critiera. In the process, it also
++ * count how many ciphers and digests to support. Since the cipher and
++ * digest information is needed when setting default engine, this function
++ * needs to be called before calling ENGINE_set_default.
++ */
++/* ARGSUSED */
++static int pk11_library_init(ENGINE *e)
++ {
++ CK_C_GetFunctionList p;
++ CK_RV rv = CKR_OK;
++ CK_INFO info;
++ int any_slot_found;
++ int i;
++#ifndef OPENSSL_SYS_WIN32
++ struct sigaction sigint_act, sigterm_act, sighup_act;
++#endif
++
++ /*
++ * pk11_library_initialized is set to 0 in pk11_finish() which
++ * is called from ENGINE_finish(). However, if there is still
++ * at least one existing functional reference to the engine
++ * (see engine(3) for more information), pk11_finish() is
++ * skipped. For example, this can happen if an application
++ * forgets to clear one cipher context. In case of a fork()
++ * when the application is finishing the engine so that it can
++ * be reinitialized in the child, forgotten functional
++ * reference causes pk11_library_initialized to stay 1. In
++ * that case we need the PID check so that we properly
++ * initialize the engine again.
++ */
++ if (pk11_library_initialized)
++ {
++ if (pk11_pid == getpid())
++ {
++ return (1);
++ }
++ else
++ {
++ global_session = CK_INVALID_HANDLE;
++ /*
++ * free the locks first to prevent memory leak in case
++ * the application calls fork() without finishing the
++ * engine first.
++ */
++ pk11_free_all_locks();
++ }
++ }
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the C_GetFunctionList function from the loaded library */
++ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
++ PK11_GET_FUNCTION_LIST);
++ if (!p)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ rv = p(&pFuncList);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
++ goto err;
++ }
++
++#ifndef OPENSSL_SYS_WIN32
++ /* Not all PKCS#11 library are signal safe! */
++
++ (void) memset(&sigint_act, 0, sizeof(sigint_act));
++ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
++ (void) memset(&sighup_act, 0, sizeof(sighup_act));
++ (void) sigaction(SIGINT, NULL, &sigint_act);
++ (void) sigaction(SIGTERM, NULL, &sigterm_act);
++ (void) sigaction(SIGHUP, NULL, &sighup_act);
++#endif
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++#ifndef OPENSSL_SYS_WIN32
++ (void) sigaction(SIGINT, &sigint_act, NULL);
++ (void) sigaction(SIGTERM, &sigterm_act, NULL);
++ (void) sigaction(SIGHUP, &sighup_act, NULL);
++#endif
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetInfo(&info);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
++ goto err;
++ }
++
++ if (pk11_choose_slots(&any_slot_found) == 0)
++ goto err;
++
++ /*
++ * The library we use, set in def_PK11_LIBNAME, may not offer any
++ * slot(s). In that case, we must not proceed but we must not return an
++ * error. The reason is that applications that try to set up the PKCS#11
++ * engine don't exit on error during the engine initialization just
++ * because no slot was present.
++ */
++ if (any_slot_found == 0)
++ return (1);
++
++ if (global_session == CK_INVALID_HANDLE)
++ {
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT,
++ PK11_R_OPENSESSION, rv);
++ goto err;
++ }
++ }
++
++ pk11_library_initialized = TRUE;
++ pk11_pid = getpid();
++ /*
++ * if initialization of the locks fails pk11_init_all_locks()
++ * will do the cleanup.
++ */
++ if (!pk11_init_all_locks())
++ goto err;
++ for (i = 0; i < OP_MAX; i++)
++ session_cache[i].head = NULL;
++ /*
++ * initialize active lists. We only use active lists
++ * for asymmetric ciphers.
++ */
++ for (i = 0; i < OP_MAX; i++)
++ active_list[i] = NULL;
++
++#ifndef NOPTHREADS
++ if (!pk11_atfork_initialized)
++ {
++ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
++ pk11_fork_child) != 0)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
++ goto err;
++ }
++ pk11_atfork_initialized = TRUE;
++ }
++#endif
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Destructor (complements the "ENGINE_pk11()" constructor) */
++/* ARGSUSED */
++static int pk11_destroy(ENGINE *e)
++ {
++ free_PK11_LIBNAME();
++ ERR_unload_pk11_strings();
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++ return (1);
++ }
++
++/*
++ * Termination function to clean up the session, the token, and the pk11
++ * library.
++ */
++/* ARGSUSED */
++static int pk11_finish(ENGINE *e)
++ {
++ int i;
++
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
++ goto err;
++ }
++
++ OPENSSL_assert(pFuncList != NULL);
++
++ if (pk11_free_all_sessions() == 0)
++ goto err;
++
++ /* free all active lists */
++ for (i = 0; i < OP_MAX; i++)
++ pk11_free_active_list(i);
++
++ pFuncList->C_CloseSession(global_session);
++ global_session = CK_INVALID_HANDLE;
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects.
++ */
++#if 0
++ pFuncList->C_Finalize(NULL);
++#endif
++
++ if (!DSO_free(pk11_dso))
++ {
++ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++ pk11_dso = NULL;
++ pFuncList = NULL;
++ pk11_library_initialized = FALSE;
++ pk11_pid = 0;
++ /*
++ * There is no way how to unregister atfork handlers (other than
++ * unloading the library) so we just free the locks. For this reason
++ * the atfork handlers check if the engine is initialized and bail out
++ * immediately if not. This is necessary in case a process finishes
++ * the engine before calling fork().
++ */
++ pk11_free_all_locks();
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Standard engine interface function to set the dynamic library path */
++/* ARGSUSED */
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
++ {
++ int initialized = ((pk11_dso == NULL) ? 0 : 1);
++
++ switch (cmd)
++ {
++ case PK11_CMD_SO_PATH:
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ if (initialized)
++ {
++ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
++ return (0);
++ }
++
++ return (set_PK11_LIBNAME((const char *)p));
++ case PK11_CMD_PIN:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ pk11_pin = BUF_strdup(p);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ return (1);
++ case PK11_CMD_SLOT:
++ SLOTID = (CK_SLOT_ID)i;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: slot set\n", PK11_DBG);
++#endif
++ return (1);
++ default:
++ break;
++ }
++
++ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
++
++ return (0);
++ }
++
++
++/* Required function by the engine random interface. It does nothing here */
++static void pk11_rand_cleanup(void)
++ {
++ return;
++ }
++
++/* ARGSUSED */
++static void pk11_rand_add(const void *buf, int num, double add)
++ {
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return;
++
++ /*
++ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
++ * the calling functions do not care anyway
++ */
++ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
++ pk11_return_session(sp, OP_RAND);
++
++ return;
++ }
++
++static void pk11_rand_seed(const void *buf, int num)
++ {
++ pk11_rand_add(buf, num, 0);
++ }
++
++static int pk11_rand_bytes(unsigned char *buf, int num)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return (0);
++
++ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
++ pk11_return_session(sp, OP_RAND);
++ return (0);
++ }
++
++ pk11_return_session(sp, OP_RAND);
++ return (1);
++ }
++
++/* Required function by the engine random interface. It does nothing here */
++static int pk11_rand_status(void)
++ {
++ return (1);
++ }
++
++/* Free all BIGNUM structures from PK11_SESSION. */
++static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ switch (optype)
++ {
++ case OP_RSA:
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++ break;
++ default:
++ break;
++ }
++ }
++
++/*
++ * Get new PK11_SESSION structure ready for use. Every process must have
++ * its own freelist of PK11_SESSION structures so handle fork() here
++ * by destroying the old and creating new freelist.
++ * The returned PK11_SESSION structure is disconnected from the freelist.
++ */
++PK11_SESSION *
++pk11_get_session(PK11_OPTYPE optype)
++ {
++ PK11_SESSION *sp = NULL, *sp1, *freelist;
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock = NULL;
++#endif
++ static pid_t pid = 0;
++ pid_t new_pid;
++ CK_RV rv;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (NULL);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ /*
++ * Will use it to find out if we forked. We cannot use the PID field in
++ * the session structure because we could get a newly allocated session
++ * here, with no PID information.
++ */
++ if (pid == 0)
++ pid = getpid();
++
++ freelist = session_cache[optype].head;
++ sp = freelist;
++
++ /*
++ * If the free list is empty, allocate new unitialized (filled
++ * with zeroes) PK11_SESSION structure otherwise return first
++ * structure from the freelist.
++ */
++ if (sp == NULL)
++ {
++ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ (void) memset(sp, 0, sizeof (PK11_SESSION));
++
++ /*
++ * It is a new session so it will look like a cache miss to the
++ * code below. So, we must not try to to destroy its members so
++ * mark them as unused.
++ */
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ }
++ else
++ {
++ freelist = sp->next;
++ }
++
++ /*
++ * Check whether we have forked. In that case, we must get rid of all
++ * inherited sessions and start allocating new ones.
++ */
++ if (pid != (new_pid = getpid()))
++ {
++ pid = new_pid;
++
++ /*
++ * We are a new process and thus need to free any inherited
++ * PK11_SESSION objects aside from the first session (sp) which
++ * is the only PK11_SESSION structure we will reuse (for the
++ * head of the list).
++ */
++ while ((sp1 = freelist) != NULL)
++ {
++ freelist = sp1->next;
++ /*
++ * NOTE: we do not want to call pk11_free_all_sessions()
++ * here because it would close underlying PKCS#11
++ * sessions and destroy all objects.
++ */
++ pk11_free_nums(sp1, optype);
++ OPENSSL_free(sp1);
++ }
++
++ /* we have to free the active list as well. */
++ pk11_free_active_list(optype);
++
++ /* Initialize the process */
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * Choose slot here since the slot table is different on this
++ * process. If we are here then we must have found at least one
++ * usable slot before so we don't need to check any_slot_found.
++ * See pk11_library_init()'s usage of this function for more
++ * information.
++ */
++ if (pk11_choose_slots(NULL) == 0)
++ goto err;
++
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * It is an inherited session from our parent so it needs
++ * re-initialization.
++ */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++ if (pk11_token_relogin(sp->session) == 0)
++ {
++ /*
++ * We will keep the session in the cache list and let
++ * the caller cope with the situation.
++ */
++ freelist = sp;
++ sp = NULL;
++ goto err;
++ }
++ }
++
++ if (sp->pid == 0)
++ {
++ /* It is a new session and needs initialization. */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ }
++ }
++
++ /* set new head for the list of PK11_SESSION objects */
++ session_cache[optype].head = freelist;
++
++err:
++ if (sp != NULL)
++ sp->next = NULL;
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (sp);
++ }
++
++
++void
++pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ PK11_SESSION *freelist;
++
++ /*
++ * If this is a session from the parent it will be taken care of and
++ * freed in pk11_get_session() as part of the post-fork clean up the
++ * next time we will ask for a new session.
++ */
++ if (sp == NULL || sp->pid != getpid())
++ return;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_RETURN_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return;
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ sp->next = freelist;
++ session_cache[optype].head = sp;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++
++
++/* Destroy all objects. This function is called when the engine is finished */
++static int pk11_free_all_sessions()
++ {
++ int ret = 1;
++ int type;
++
++ (void) pk11_destroy_rsa_key_objects(NULL);
++
++ /*
++ * We try to release as much as we can but any error means that we will
++ * return 0 on exit.
++ */
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (pk11_free_session_list(type) == 0)
++ ret = 0;
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy session structures from the linked list specified. Free as many
++ * sessions as possible but any failure in C_CloseSession() means that we
++ * return an error on return.
++ */
++static int pk11_free_session_list(PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *freelist = NULL;
++ pid_t mypid = getpid();
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ int ret = 1;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ while ((sp = freelist) != NULL)
++ {
++ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
++ {
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_CLOSESESSION, rv);
++ ret = 0;
++ }
++ }
++ freelist = sp->next;
++ pk11_free_nums(sp, optype);
++ OPENSSL_free(sp);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (ret);
++ }
++
++
++static int
++pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ CK_SLOT_ID myslot;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ myslot = pubkey_SLOTID;
++ break;
++ case OP_RAND:
++ myslot = rand_SLOTID;
++ break;
++ default:
++ PK11err(PK11_F_SETUP_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++ sp->session = CK_INVALID_HANDLE;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
++ {
++ /*
++ * We are probably a child process so force the
++ * reinitialize of the session
++ */
++ pk11_library_initialized = FALSE;
++ if (!pk11_library_init(NULL))
++ return (0);
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ }
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ sp->pid = getpid();
++
++ if (optype == OP_RSA)
++ {
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ sp->opdata_rsa_n_num = NULL;
++ sp->opdata_rsa_e_num = NULL;
++ sp->opdata_rsa_priv = NULL;
++ sp->opdata_rsa_pn_num = NULL;
++ sp->opdata_rsa_pe_num = NULL;
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * We always initialize the session as containing a non-persistent
++ * object. The key load functions set it to persistent if that is so.
++ */
++ sp->pub_persistent = CK_FALSE;
++ sp->priv_persistent = CK_FALSE;
++ return (1);
++ }
++
++/* Destroy RSA public key from single session. */
++int
++pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
++ ret, uselock, OP_RSA, CK_FALSE);
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy RSA private key from single session. */
++int
++pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
++ ret, uselock, OP_RSA, CK_TRUE);
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv = NULL;
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * For the RSA key by reference code, public components 'n'/'e'
++ * are the key components we use to check for the cache hit. We
++ * must free those as well.
++ */
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_rsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_RSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_RSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_RSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++
++static int
++pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent)
++ {
++ CK_RV rv;
++
++ /*
++ * We never try to destroy persistent objects which are the objects
++ * stored in the keystore. Also, we always use read-only sessions so
++ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
++ */
++ if (persistent == CK_TRUE)
++ return (1);
++
++ rv = pFuncList->C_DestroyObject(session, oh);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
++ rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++
++/*
++ * Public key mechanisms optionally supported
++ *
++ * CKM_RSA_PKCS
++ *
++ * The first slot that supports at least one of those mechanisms is chosen as a
++ * public key slot.
++ *
++ * The output of this function is a set of global variables indicating which
++ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
++ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
++ * variables carry information about which slot was chosen for (a) public key
++ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
++ */
++static int
++pk11_choose_slots(int *any_slot_found)
++ {
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ CK_ULONG ulSlotCount = 0;
++ CK_MECHANISM_INFO mech_info;
++ CK_TOKEN_INFO token_info;
++ unsigned int i;
++ CK_RV rv;
++ CK_SLOT_ID best_slot_sofar = 0;
++ CK_BBOOL found_candidate_slot = CK_FALSE;
++ CK_SLOT_ID current_slot = 0;
++
++ /* let's initialize the output parameter */
++ if (any_slot_found != NULL)
++ *any_slot_found = 0;
++
++ /* Get slot list for memory allocation */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ return (0);
++ }
++
++ /* it's not an error if we didn't find any providers */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++
++ /* Get the slot list for processing */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ OPENSSL_free(pSlotList);
++ return (0);
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
++ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
++
++ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ /* Check if slot has random support. */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (token_info.flags & CKF_RNG)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ pk11_have_random = CK_TRUE;
++ rand_SLOTID = current_slot;
++ break;
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ pubkey_SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ CK_BBOOL slot_has_rsa = CK_FALSE;
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * Check if this slot is capable of signing with CKM_RSA_PKCS.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
++ &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
++ {
++ slot_has_rsa = CK_TRUE;
++ }
++
++ if (!found_candidate_slot && slot_has_rsa)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: potential slot: %d\n", PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = current_slot;
++ pk11_have_rsa = slot_has_rsa;
++ found_candidate_slot = CK_TRUE;
++ /*
++ * Cache the flags for later use. We might
++ * need those if RSA keys by reference feature
++ * is used.
++ */
++ pubkey_token_flags = token_info.flags;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: setting found_candidate_slot to CK_TRUE\n",
++ PK11_DBG);
++ fprintf(stderr,
++ "%s: best so far slot: %d\n", PK11_DBG,
++ best_slot_sofar);
++ fprintf(stderr, "%s: pubkey flags changed to "
++ "%lu.\n", PK11_DBG, pubkey_token_flags);
++ }
++ else
++ {
++ fprintf(stderr,
++ "%s: no rsa\n", PK11_DBG);
++ }
++#else
++ } /* if */
++#endif /* DEBUG_SLOT_SELECTION */
++ } /* for */
++
++ if (found_candidate_slot == CK_TRUE)
++ {
++ pubkey_SLOTID = best_slot_sofar;
++ }
++
++ /*SLOTID = pSlotList[0];*/
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
++ fprintf(stderr,
++ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
++ fprintf(stderr,
++ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
++ fprintf(stderr,
++ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++
++ if (any_slot_found != NULL)
++ *any_slot_found = 1;
++ return (1);
++ }
++
++#endif /* OPENSSL_NO_HW_PK11SO */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11so.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
+--- /dev/null Thu Jul 3 12:42:33 2014
++++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
+@@ -0,0 +1,32 @@
++/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
++
++#define token_lock pk11so_token_lock
++#define find_lock pk11so_find_lock
++#define active_list pk11so_active_list
++#define pubkey_token_flags pk11so_pubkey_token_flags
++#define pubkey_SLOTID pk11so_pubkey_SLOTID
++#define ERR_pk11_error ERR_pk11so_error
++#define PK11err_add_data PK11SOerr_add_data
++#define pk11_get_session pk11so_get_session
++#define pk11_return_session pk11so_return_session
++#define pk11_active_add pk11so_active_add
++#define pk11_active_delete pk11so_active_delete
++#define pk11_active_remove pk11so_active_remove
++#define pk11_free_active_list pk11so_free_active_list
++#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
++#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
++#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
++#define pk11_load_privkey pk11so_load_privkey
++#define pk11_load_pubkey pk11so_load_pubkey
++#define PK11_RSA PK11SO_RSA
++#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
++#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
++#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
++#define PK11_DSA PK11SO_DSA
++#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
++#define pk11_destroy_dh_object pk11so_destroy_dh_object
++#define PK11_DH PK11SO_DH
++#define pk11_token_relogin pk11so_token_relogin
++#define pFuncList pk11so_pFuncList
++#define pk11_pin pk11so_pin
++#define ENGINE_load_pk11 ENGINE_load_pk11so
+Index: openssl/crypto/engine/hw_pk11so_pub.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8.2.2
+--- /dev/null Thu Jul 3 12:42:33 2014
++++ openssl/crypto/engine/hw_pk11so_pub.c Fri Oct 4 14:33:56 2013
+@@ -0,0 +1,1642 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_pub.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++/* Modified to keep only RNG and RSA Sign */
++
++#ifdef OPENSSL_NO_RSA
++#error RSA is disabled
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/pem.h>
++#include <openssl/rsa.h>
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++#define NOPTHREADS
++typedef int pid_t;
++#define HAVE_GETPASSPHRASE
++static char *getpassphrase(const char *prompt);
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <unistd.h>
++#endif
++
++#ifndef NOPTHREADS
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11SO
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11so.h"
++#include "hw_pk11_err.h"
++
++static CK_BBOOL pk11_login_done = CK_FALSE;
++extern CK_SLOT_ID pubkey_SLOTID;
++#ifndef NOPTHREADS
++extern pthread_mutex_t *token_lock;
++#endif
++
++#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
++#define getpassphrase(x) getpass(x)
++#endif
++
++/* RSA stuff */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
++EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session);
++
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
++
++static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
++static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
++ CK_ULONG *ulValueLen);
++static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
++
++static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private);
++
++/* Read mode string to be used for fopen() */
++#if SOLARIS_OPENSSL
++static char *read_mode_flags = "rF";
++#else
++static char *read_mode_flags = "r";
++#endif
++
++/*
++ * increment/create reference for an asymmetric key handle via active list
++ * manipulation. If active list operation fails, unlock (if locked), set error
++ * variable and jump to the specified label.
++ */
++#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
++ { \
++ if (pk11_active_add(key_handle, alg_type) < 0) \
++ { \
++ var = TRUE; \
++ if (unlock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ goto label; \
++ } \
++ }
++
++/*
++ * Find active list entry according to object handle and return pointer to the
++ * entry otherwise return NULL.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ for (entry = active_list[type]; entry != NULL; entry = entry->next)
++ if (entry->h == h)
++ return (entry);
++
++ return (NULL);
++ }
++
++/*
++ * Search for an entry in the active list using PKCS#11 object handle as a
++ * search key and return refcnt of the found/created entry or -1 in case of
++ * failure.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if (h == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ /* search for entry in the active list */
++ if ((entry = pk11_active_find(h, type)) != NULL)
++ entry->refcnt++;
++ else
++ {
++ /* not found, create new entry and add it to the list */
++ entry = OPENSSL_malloc(sizeof (PK11_active));
++ if (entry == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
++ return (-1);
++ }
++ entry->h = h;
++ entry->refcnt = 1;
++ entry->prev = NULL;
++ entry->next = NULL;
++ /* connect the newly created entry to the list */
++ if (active_list[type] == NULL)
++ active_list[type] = entry;
++ else /* make the entry first in the list */
++ {
++ entry->next = active_list[type];
++ active_list[type]->prev = entry;
++ active_list[type] = entry;
++ }
++ }
++
++ return (entry->refcnt);
++ }
++
++/*
++ * Remove active list entry from the list and free it.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++void
++pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
++ {
++ PK11_active *prev_entry;
++
++ /* remove the entry from the list and free it */
++ if ((prev_entry = entry->prev) != NULL)
++ {
++ prev_entry->next = entry->next;
++ if (entry->next != NULL)
++ entry->next->prev = prev_entry;
++ }
++ else
++ {
++ active_list[type] = entry->next;
++ /* we were the first but not the only one */
++ if (entry->next != NULL)
++ entry->next->prev = NULL;
++ }
++
++ /* sanitization */
++ entry->h = CK_INVALID_HANDLE;
++ entry->prev = NULL;
++ entry->next = NULL;
++ OPENSSL_free(entry);
++ }
++
++/* Free all entries from the active list. */
++void
++pk11_free_active_list(PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ /* only for asymmetric types since only they have C_Find* locks. */
++ switch (type)
++ {
++ case OP_RSA:
++ break;
++ default:
++ return;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(type);
++ while ((entry = active_list[type]) != NULL)
++ pk11_active_remove(entry, type);
++ UNLOCK_OBJSTORE(type);
++ }
++
++/*
++ * Search for active list entry associated with given PKCS#11 object handle,
++ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
++ *
++ * Return 1 if the PKCS#11 object associated with the entry has no references,
++ * return 0 if there is at least one reference, -1 on error.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if ((entry = pk11_active_find(h, type)) == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ OPENSSL_assert(entry->refcnt > 0);
++ entry->refcnt--;
++ if (entry->refcnt == 0)
++ {
++ pk11_active_remove(entry, type);
++ return (1);
++ }
++
++ return (0);
++ }
++
++/* Our internal RSA_METHOD that we provide pointers to */
++static RSA_METHOD pk11_rsa;
++
++RSA_METHOD *
++PK11_RSA(void)
++ {
++ const RSA_METHOD *rsa;
++
++ if (pk11_rsa.name == NULL)
++ {
++ rsa = RSA_PKCS1_SSLeay();
++ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
++ pk11_rsa.name = "PKCS#11 RSA method";
++ pk11_rsa.rsa_sign = pk11_RSA_sign;
++ }
++ return (&pk11_rsa);
++ }
++
++/* Size of an SSL signature: MD5+SHA1 */
++#define SSL_SIG_LENGTH 36
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++
++/*
++ * Standard engine interface function. Majority codes here are from
++ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
++ * See more details in rsa/rsa_sign.c
++ */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++ unsigned long ulsiglen;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key((RSA *)rsa,
++ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
++ sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto err;
++ }
++
++ ulsiglen = j;
++ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
++ (CK_ULONG_PTR) &ulsiglen);
++ *siglen = ulsiglen;
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++static int hndidx_rsa = -1;
++
++#define MAXATTR 1024
++
++/*
++ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *privkey;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BBOOL rollback = FALSE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for private keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize the OpenSSL RSA
++ * structure with something we can use to look up the key. Note that we
++ * never ask for private components.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(privkey_file, "pkcs11:") == privkey_file)
++ {
++ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_TRUE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ if (hndidx_rsa == -1)
++ hndidx_rsa = RSA_get_ex_new_index(0,
++ "pkcs11 RSA HSM key handle",
++ NULL, NULL, NULL);
++
++ /*
++ * We might have a cache hit which we could confirm
++ * according to the 'n'/'e' params, RSA public pointer
++ * as NULL, and non-NULL RSA private pointer. However,
++ * it is easier just to recreate everything. We expect
++ * the keys to be loaded once and used many times. We
++ * do not check the return value because even in case
++ * of failure the sp structure will have both key
++ * pointer and object handle cleaned and
++ * pk11_destroy_object() reports the failure to the
++ * OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, FALSE);
++
++ sp->opdata_rsa_priv_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->priv_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA private structure pointer. We do not
++ * use it now for key-by-ref keys but let's do it for
++ * consistency reasons.
++ */
++ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
++ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ /*
++ * We do not use pk11_get_private_rsa_key() here so we
++ * must take care of handle management ourselves.
++ */
++ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, TRUE, rollback, err);
++
++ /*
++ * Those are the sensitive components we do not want to export
++ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
++ */
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++ /*
++ * Must have 'n'/'e' components in the session structure as
++ * well. They serve as a public look-up key for the private key
++ * in the keystore.
++ */
++ attr_to_BN(&get_templ[0], attr_data[0],
++ &sp->opdata_rsa_pn_num);
++ attr_to_BN(&get_templ[1], attr_data[1],
++ &sp->opdata_rsa_pe_num);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++ }
++ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
++ (void) fclose(privkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_priv(sp, rsa);
++ sp->priv_persistent = CK_FALSE;
++
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa,
++ &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ if (h_priv_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ rollback = rollback;
++ return (pkey);
++ }
++
++/*
++ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *pubkey;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for public keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize OpenSSL RSA
++ * structure with something we can use to look up the key.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
++ {
++ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_FALSE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * We load a new public key so we will create a new RSA
++ * structure. No cache hit is possible.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, FALSE);
++
++ sp->opdata_rsa_pub_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->pub_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA public structure pointer.
++ */
++ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER;
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PUBKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++
++ /*
++ * Create a session object from it so that when calling
++ * pk11_get_public_rsa_key() the next time, we can find it. The
++ * reason why we do that is that we cannot tell from the RSA
++ * structure (OpenSSL RSA structure does not have any room for
++ * additional data used by the engine, for example) if it bears
++ * a public key stored in the keystore or not so it's better if
++ * we always have a session key. Note that this is different
++ * from what we do for the private keystore objects but in that
++ * case, we can tell from the RSA structure that the keystore
++ * object is in play - the 'd' component is NULL in that case.
++ */
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
++ (void) fclose(pubkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_pub(sp, rsa);
++ sp->pub_persistent = CK_FALSE;
++
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ return (pkey);
++ }
++
++/*
++ * Create a public key object in a session from a given rsa structure.
++ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
++ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY_RECOVER, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
++ };
++
++ int i;
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
++ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[6].ulValueLen);
++ if (a_key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->n, a_key_template[6].pValue);
++
++ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
++ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[7].ulValueLen);
++ if (a_key_template[7].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->e, a_key_template[7].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (rsa_n_num != NULL)
++ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ if (rsa_e_num != NULL)
++ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ BN_free(*rsa_n_num);
++ *rsa_n_num = NULL;
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ for (i = 6; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given rsa structure.
++ * The *rsa_d_num pointer is non-NULL for RSA private keys.
++ */
++static CK_OBJECT_HANDLE
++pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ int i;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 14;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIME_1, (void *)NULL, 0},
++ {CKA_PRIME_2, (void *)NULL, 0},
++ {CKA_EXPONENT_1, (void *)NULL, 0},
++ {CKA_EXPONENT_2, (void *)NULL, 0},
++ {CKA_COEFFICIENT, (void *)NULL, 0},
++ };
++
++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
++ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
++ LOCK_OBJSTORE(OP_RSA);
++ goto set;
++ }
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(rsa->n, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(rsa->e, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(rsa->d, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0 ||
++ init_template_value(rsa->p, &a_key_template[9].pValue,
++ &a_key_template[9].ulValueLen) == 0 ||
++ init_template_value(rsa->q, &a_key_template[10].pValue,
++ &a_key_template[10].ulValueLen) == 0 ||
++ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
++ &a_key_template[11].ulValueLen) == 0 ||
++ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
++ &a_key_template[12].ulValueLen) == 0 ||
++ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
++ &a_key_template[13].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * We are getting the private key but the private 'd'
++ * component is NULL. That means this is key by reference RSA
++ * key. In that case, we can use only public components for
++ * searching for the private key handle.
++ */
++ if (rsa->d == NULL)
++ {
++ ul_key_attr_count = 8;
++ /*
++ * We will perform the search in the token, not in the existing
++ * session keys.
++ */
++ a_key_template[2].pValue = &mytrue;
++ }
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ /*
++ * We have an RSA structure with 'n'/'e' components
++ * only so we tried to find the private key in the
++ * keystore. If it was really a token key we have a
++ * problem. Note that for other key types we just
++ * create a new session key using the private
++ * components from the RSA structure.
++ */
++ if (rsa->d == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_PRIV_KEY_NOT_FOUND);
++ goto err;
++ }
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++set:
++ if (rsa_d_num != NULL)
++ {
++ /*
++ * When RSA keys by reference code is used, we never
++ * extract private components from the keystore. In
++ * that case 'd' was set to NULL and we expect the
++ * application to properly cope with that. It is
++ * documented in openssl(5). In general, if keys by
++ * reference are used we expect it to be used
++ * exclusively using the high level API and then there
++ * is no problem. If the application expects the
++ * private components to be read from the keystore
++ * then that is not a supported way of usage.
++ */
++ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ else
++ *rsa_d_num = NULL;
++ }
++
++ /*
++ * For the key by reference code, we need public components as well
++ * since 'd' component is always NULL. For that reason, we always cache
++ * 'n'/'e' components as well.
++ */
++ *rsa_n_num = BN_dup(rsa->n);
++ *rsa_e_num = BN_dup(rsa->e);
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0 &&
++ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ /*
++ * 6 to 13 entries in the key template are key components.
++ * They need to be freed upon exit or error.
++ */
++ for (i = 6; i <= 13; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making the
++ * check for cache hit stronger. Only public components of RSA
++ * key matter here so it is sufficient to compare them with values
++ * cached in PK11_SESSION structure.
++ *
++ * We must check the handle as well since with key by reference, public
++ * components 'n'/'e' are cached in private keys as well. That means we
++ * could have a cache hit in a private key when looking for a public
++ * key. That would not work, you cannot have one PKCS#11 object for
++ * both data signing and verifying.
++ */
++ if ((sp->opdata_rsa_pub != rsa) ||
++ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making
++ * the check for cache hit stronger. Comparing public exponent
++ * of RSA key with value cached in PK11_SESSION structure
++ * should be sufficient. Note that we want to compare the
++ * public component since with the keys by reference
++ * mechanism, private components are not in the RSA
++ * structure. Also, see check_new_rsa_key_pub() about why we
++ * compare the handle as well.
++ */
++ if ((sp->opdata_rsa_priv != rsa) ||
++ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_pn_num == NULL) ||
++ (sp->opdata_rsa_pe_num == NULL) ||
++ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Local function to simplify key template population
++ * Return 0 -- error, 1 -- no error
++ */
++static int
++init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
++ CK_ULONG *ul_value_len)
++ {
++ CK_ULONG len = 0;
++
++ /*
++ * This function can be used on non-initialized BIGNUMs. It is
++ * easier to check that here than individually in the callers.
++ */
++ if (bn != NULL)
++ len = BN_num_bytes(bn);
++
++ if (bn == NULL || len == 0)
++ return (1);
++
++ *ul_value_len = len;
++ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
++ if (*p_value == NULL)
++ return (0);
++
++ BN_bn2bin(bn, *p_value);
++
++ return (1);
++ }
++
++static void
++attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
++ {
++ if (attr->ulValueLen > 0)
++ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
++ }
++
++/*
++ * Find one object in the token. It is an error if we can not find the
++ * object or if we find more objects based on the template we got.
++ * Assume object store locked.
++ *
++ * Returns:
++ * 1 OK
++ * 0 no object or more than 1 object found
++ */
++static int
++find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
++ {
++ CK_RV rv;
++ CK_ULONG objcnt;
++
++ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_FINDOBJECTSINIT, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(s);
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
++ rv);
++ return (0);
++ }
++
++ (void) pFuncList->C_FindObjectsFinal(s);
++
++ if (objcnt > 1)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
++ return (0);
++ }
++ else if (objcnt == 0)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
++ return (0);
++ }
++ return (1);
++ }
++
++/* from uri stuff */
++
++extern char *pk11_pin;
++
++static int pk11_get_pin(void);
++
++static int
++pk11_get_pin(void)
++{
++ char *pin;
++
++ /* The getpassphrase() function is not MT safe. */
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ pin = getpassphrase("Enter PIN: ");
++ if (pin == NULL)
++ {
++ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ pk11_pin = BUF_strdup(pin);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ memset(pin, 0, strlen(pin));
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (1);
++ }
++
++/*
++ * Log in to the keystore if we are supposed to do that at all. Take care of
++ * reading and caching the PIN etc. Log in only once even when called from
++ * multiple threads.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++static int
++pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private)
++ {
++ CK_RV rv;
++
++#if 0
++ /* doesn't work on the AEP Keyper??? */
++ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_NOT_INITIALIZED);
++ return (0);
++ }
++#endif
++
++ /*
++ * If login is required or needed but the PIN has not been
++ * even initialized we can bail out right now. Note that we
++ * are supposed to always log in if we are going to access
++ * private keys. However, we may need to log in even for
++ * accessing public keys in case that the CKF_LOGIN_REQUIRED
++ * flag is set.
++ */
++ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE)) &&
++ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
++ return (0);
++ }
++
++ /*
++ * Note on locking: it is possible that more than one thread
++ * gets into pk11_get_pin() so we must deal with that. We
++ * cannot avoid it since we cannot guard fork() in there with
++ * a lock because we could end up in a dead lock in the
++ * child. Why? Remember we are in a multithreaded environment
++ * so we must lock all mutexes in the prefork function to
++ * avoid a situation in which a thread that did not call
++ * fork() held a lock, making future unlocking impossible. We
++ * lock right before C_Login().
++ */
++ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE))
++ {
++ if (*login_done == CK_FALSE)
++ {
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_PIN_NOT_PROVIDED);
++ return (0);
++ }
++ }
++
++ /*
++ * Note that what we are logging into is the keystore from
++ * pubkey_SLOTID because we work with OP_RSA session type here.
++ * That also means that we can work with only one keystore in
++ * the engine.
++ *
++ * We must make sure we do not try to login more than once.
++ * Also, see the comment above on locking strategy.
++ */
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if (*login_done == CK_FALSE)
++ {
++ if ((rv = pFuncList->C_Login(session,
++ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
++ strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++ goto err_locked;
++ }
++
++ *login_done = CK_TRUE;
++
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++ else
++ {
++ /*
++ * If token does not require login we take it as the
++ * login was done.
++ */
++ *login_done = CK_TRUE;
++ }
++
++ return (1);
++
++err_locked:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++
++/*
++ * Log in to the keystore in the child if we were logged in in the
++ * parent. There are similarities in the code with pk11_token_login()
++ * but still it is quite different so we need a separate function for
++ * this.
++ *
++ * Note that this function is called under the locked session mutex when fork is
++ * detected. That means that C_Login() will be called from the child just once.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++int
++pk11_token_relogin(CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ return (0);
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if ((rv = pFuncList->C_Login(session, CKU_USER,
++ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (1);
++ }
++
++#ifdef OPENSSL_SYS_WIN32
++char *getpassphrase(const char *prompt)
++ {
++ static char buf[128];
++ HANDLE h;
++ DWORD cc, mode;
++ int cnt;
++
++ h = GetStdHandle(STD_INPUT_HANDLE);
++ fputs(prompt, stderr);
++ fflush(stderr);
++ fflush(stdout);
++ FlushConsoleInputBuffer(h);
++ GetConsoleMode(h, &mode);
++ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
++
++ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
++ {
++ ReadFile(h, buf + cnt, 1, &cc, NULL);
++ if (buf[cnt] == '\r')
++ break;
++ fputc('*', stdout);
++ fflush(stderr);
++ fflush(stdout);
++ }
++
++ SetConsoleMode(h, mode);
++ buf[cnt] = '\0';
++ fputs("\n", stderr);
++ return buf;
++ }
++#endif /* OPENSSL_SYS_WIN32 */
++#endif /* OPENSSL_NO_HW_PK11SO */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/pkcs11.h
+diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
+--- /dev/null Thu Jul 3 12:42:33 2014
++++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
+@@ -0,0 +1,299 @@
++/* pkcs11.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++#ifndef _PKCS11_H_
++#define _PKCS11_H_ 1
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/* Before including this file (pkcs11.h) (or pkcs11t.h by
++ * itself), 6 platform-specific macros must be defined. These
++ * macros are described below, and typical definitions for them
++ * are also given. Be advised that these definitions can depend
++ * on both the platform and the compiler used (and possibly also
++ * on whether a Cryptoki library is linked statically or
++ * dynamically).
++ *
++ * In addition to defining these 6 macros, the packing convention
++ * for Cryptoki structures should be set. The Cryptoki
++ * convention on packing is that structures should be 1-byte
++ * aligned.
++ *
++ * If you're using Microsoft Developer Studio 5.0 to produce
++ * Win32 stuff, this might be done by using the following
++ * preprocessor directive before including pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(push, cryptoki, 1)
++ *
++ * and using the following preprocessor directive after including
++ * pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(pop, cryptoki)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to produce Win16 stuff, this might be done by using
++ * the following preprocessor directive before including
++ * pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(1)
++ *
++ * In a UNIX environment, you're on your own for this. You might
++ * not need to do (or be able to do!) anything.
++ *
++ *
++ * Now for the macros:
++ *
++ *
++ * 1. CK_PTR: The indirection string for making a pointer to an
++ * object. It can be used like this:
++ *
++ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to produce
++ * Win32 stuff, it might be defined by:
++ *
++ * #define CK_PTR *
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to produce Win16 stuff, it might be defined by:
++ *
++ * #define CK_PTR far *
++ *
++ * In a typical UNIX environment, it might be defined by:
++ *
++ * #define CK_PTR *
++ *
++ *
++ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
++ * an exportable Cryptoki library function definition out of a
++ * return type and a function name. It should be used in the
++ * following fashion to define the exposed Cryptoki functions in
++ * a Cryptoki library:
++ *
++ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
++ * CK_VOID_PTR pReserved
++ * )
++ * {
++ * ...
++ * }
++ *
++ * If you're using Microsoft Developer Studio 5.0 to define a
++ * function in a Win32 Cryptoki .dll, it might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType __declspec(dllexport) name
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to define a function in a Win16 Cryptoki .dll, it
++ * might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType __export _far _pascal name
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType name
++ *
++ *
++ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
++ * an importable Cryptoki library function declaration out of a
++ * return type and a function name. It should be used in the
++ * following fashion:
++ *
++ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
++ * CK_VOID_PTR pReserved
++ * );
++ *
++ * If you're using Microsoft Developer Studio 5.0 to declare a
++ * function in a Win32 Cryptoki .dll, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType __declspec(dllimport) name
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to declare a function in a Win16 Cryptoki .dll, it
++ * might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType __export _far _pascal name
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType name
++ *
++ *
++ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
++ * which makes a Cryptoki API function pointer declaration or
++ * function pointer type declaration out of a return type and a
++ * function name. It should be used in the following fashion:
++ *
++ * // Define funcPtr to be a pointer to a Cryptoki API function
++ * // taking arguments args and returning CK_RV.
++ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
++ *
++ * or
++ *
++ * // Define funcPtrType to be the type of a pointer to a
++ * // Cryptoki API function taking arguments args and returning
++ * // CK_RV, and then define funcPtr to be a variable of type
++ * // funcPtrType.
++ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
++ * funcPtrType funcPtr;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to access
++ * functions in a Win32 Cryptoki .dll, in might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType __declspec(dllimport) (* name)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to access functions in a Win16 Cryptoki .dll, it might
++ * be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType __export _far _pascal (* name)
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType (* name)
++ *
++ *
++ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
++ * a function pointer type for an application callback out of
++ * a return type for the callback and a name for the callback.
++ * It should be used in the following fashion:
++ *
++ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
++ *
++ * to declare a function pointer, myCallback, to a callback
++ * which takes arguments args and returns a CK_RV. It can also
++ * be used like this:
++ *
++ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
++ * myCallbackType myCallback;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to do Win32
++ * Cryptoki development, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType (* name)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to do Win16 development, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType _far _pascal (* name)
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType (* name)
++ *
++ *
++ * 6. NULL_PTR: This macro is the value of a NULL pointer.
++ *
++ * In any ANSI/ISO C environment (and in many others as well),
++ * this should best be defined by
++ *
++ * #ifndef NULL_PTR
++ * #define NULL_PTR 0
++ * #endif
++ */
++
++
++/* All the various Cryptoki types and #define'd values are in the
++ * file pkcs11t.h. */
++#include "pkcs11t.h"
++
++#define __PASTE(x,y) x##y
++
++
++/* ==============================================================
++ * Define the "extern" form of all the entry points.
++ * ==============================================================
++ */
++
++#define CK_NEED_ARG_LIST 1
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ extern CK_DECLARE_FUNCTION(CK_RV, name)
++
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++#undef CK_NEED_ARG_LIST
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++/* ==============================================================
++ * Define the typedef form of all the entry points. That is, for
++ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
++ * a pointer to that kind of function.
++ * ==============================================================
++ */
++
++#define CK_NEED_ARG_LIST 1
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
++
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++#undef CK_NEED_ARG_LIST
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++/* ==============================================================
++ * Define structed vector of entry points. A CK_FUNCTION_LIST
++ * contains a CK_VERSION indicating a library's Cryptoki version
++ * and then a whole slew of function pointers to the routines in
++ * the library. This type was declared, but not defined, in
++ * pkcs11t.h.
++ * ==============================================================
++ */
++
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ __PASTE(CK_,name) name;
++
++struct CK_FUNCTION_LIST {
++
++ CK_VERSION version; /* Cryptoki version */
++
++/* Pile all the function pointers into the CK_FUNCTION_LIST. */
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++};
++
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++#undef __PASTE
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
+Index: openssl/crypto/engine/pkcs11f.h
+diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
+--- /dev/null Thu Jul 3 12:42:33 2014
++++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
+@@ -0,0 +1,912 @@
++/* pkcs11f.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++/* This header file contains pretty much everything about all the */
++/* Cryptoki function prototypes. Because this information is */
++/* used for more than just declaring function prototypes, the */
++/* order of the functions appearing herein is important, and */
++/* should not be altered. */
++
++/* General-purpose */
++
++/* C_Initialize initializes the Cryptoki library. */
++CK_PKCS11_FUNCTION_INFO(C_Initialize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
++ * cast to CK_C_INITIALIZE_ARGS_PTR
++ * and dereferenced */
++);
++#endif
++
++
++/* C_Finalize indicates that an application is done with the
++ * Cryptoki library. */
++CK_PKCS11_FUNCTION_INFO(C_Finalize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
++);
++#endif
++
++
++/* C_GetInfo returns general information about Cryptoki. */
++CK_PKCS11_FUNCTION_INFO(C_GetInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_INFO_PTR pInfo /* location that receives information */
++);
++#endif
++
++
++/* C_GetFunctionList returns the function list. */
++CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
++ * function list */
++);
++#endif
++
++
++
++/* Slot and token management */
++
++/* C_GetSlotList obtains a list of slots in the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_BBOOL tokenPresent, /* only slots with tokens? */
++ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
++ CK_ULONG_PTR pulCount /* receives number of slots */
++);
++#endif
++
++
++/* C_GetSlotInfo obtains information about a particular slot in
++ * the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* the ID of the slot */
++ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
++);
++#endif
++
++
++/* C_GetTokenInfo obtains information about a particular token
++ * in the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
++);
++#endif
++
++
++/* C_GetMechanismList obtains a list of mechanism types
++ * supported by a token. */
++CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of token's slot */
++ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
++ CK_ULONG_PTR pulCount /* gets # of mechs. */
++);
++#endif
++
++
++/* C_GetMechanismInfo obtains information about a particular
++ * mechanism possibly supported by a token. */
++CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_MECHANISM_TYPE type, /* type of mechanism */
++ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
++);
++#endif
++
++
++/* C_InitToken initializes a token. */
++CK_PKCS11_FUNCTION_INFO(C_InitToken)
++#ifdef CK_NEED_ARG_LIST
++/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
++ CK_ULONG ulPinLen, /* length in bytes of the PIN */
++ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
++);
++#endif
++
++
++/* C_InitPIN initializes the normal user's PIN. */
++CK_PKCS11_FUNCTION_INFO(C_InitPIN)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
++ CK_ULONG ulPinLen /* length in bytes of the PIN */
++);
++#endif
++
++
++/* C_SetPIN modifies the PIN of the user who is logged in. */
++CK_PKCS11_FUNCTION_INFO(C_SetPIN)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
++ CK_ULONG ulOldLen, /* length of the old PIN */
++ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
++ CK_ULONG ulNewLen /* length of the new PIN */
++);
++#endif
++
++
++
++/* Session management */
++
++/* C_OpenSession opens a session between an application and a
++ * token. */
++CK_PKCS11_FUNCTION_INFO(C_OpenSession)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* the slot's ID */
++ CK_FLAGS flags, /* from CK_SESSION_INFO */
++ CK_VOID_PTR pApplication, /* passed to callback */
++ CK_NOTIFY Notify, /* callback function */
++ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
++);
++#endif
++
++
++/* C_CloseSession closes a session between an application and a
++ * token. */
++CK_PKCS11_FUNCTION_INFO(C_CloseSession)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++/* C_CloseAllSessions closes all sessions with a token. */
++CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID /* the token's slot */
++);
++#endif
++
++
++/* C_GetSessionInfo obtains information about the session. */
++CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_SESSION_INFO_PTR pInfo /* receives session info */
++);
++#endif
++
++
++/* C_GetOperationState obtains the state of the cryptographic operation
++ * in a session. */
++CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pOperationState, /* gets state */
++ CK_ULONG_PTR pulOperationStateLen /* gets state length */
++);
++#endif
++
++
++/* C_SetOperationState restores the state of the cryptographic
++ * operation in a session. */
++CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pOperationState, /* holds state */
++ CK_ULONG ulOperationStateLen, /* holds state length */
++ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
++ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
++);
++#endif
++
++
++/* C_Login logs a user into a token. */
++CK_PKCS11_FUNCTION_INFO(C_Login)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_USER_TYPE userType, /* the user type */
++ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
++ CK_ULONG ulPinLen /* the length of the PIN */
++);
++#endif
++
++
++/* C_Logout logs a user out from a token. */
++CK_PKCS11_FUNCTION_INFO(C_Logout)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Object management */
++
++/* C_CreateObject creates a new object. */
++CK_PKCS11_FUNCTION_INFO(C_CreateObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
++ CK_ULONG ulCount, /* attributes in template */
++ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
++);
++#endif
++
++
++/* C_CopyObject copies an object, creating a new object for the
++ * copy. */
++CK_PKCS11_FUNCTION_INFO(C_CopyObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
++ CK_ULONG ulCount, /* attributes in template */
++ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
++);
++#endif
++
++
++/* C_DestroyObject destroys an object. */
++CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject /* the object's handle */
++);
++#endif
++
++
++/* C_GetObjectSize gets the size of an object in bytes. */
++CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ULONG_PTR pulSize /* receives size of object */
++);
++#endif
++
++
++/* C_GetAttributeValue obtains the value of one or more object
++ * attributes. */
++CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
++ CK_ULONG ulCount /* attributes in template */
++);
++#endif
++
++
++/* C_SetAttributeValue modifies the value of one or more object
++ * attributes */
++CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
++ CK_ULONG ulCount /* attributes in template */
++);
++#endif
++
++
++/* C_FindObjectsInit initializes a search for token and session
++ * objects that match a template. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
++ CK_ULONG ulCount /* attrs in search template */
++);
++#endif
++
++
++/* C_FindObjects continues a search for token and session
++ * objects that match a template, obtaining additional object
++ * handles. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjects)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
++ CK_ULONG ulMaxObjectCount, /* max handles to get */
++ CK_ULONG_PTR pulObjectCount /* actual # returned */
++);
++#endif
++
++
++/* C_FindObjectsFinal finishes a search for token and session
++ * objects. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Encryption and decryption */
++
++/* C_EncryptInit initializes an encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of encryption key */
++);
++#endif
++
++
++/* C_Encrypt encrypts single-part data. */
++CK_PKCS11_FUNCTION_INFO(C_Encrypt)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pData, /* the plaintext data */
++ CK_ULONG ulDataLen, /* bytes of plaintext */
++ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
++);
++#endif
++
++
++/* C_EncryptUpdate continues a multiple-part encryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext data len */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
++);
++#endif
++
++
++/* C_EncryptFinal finishes a multiple-part encryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session handle */
++ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
++ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
++);
++#endif
++
++
++/* C_DecryptInit initializes a decryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of decryption key */
++);
++#endif
++
++
++/* C_Decrypt decrypts encrypted data in a single part. */
++CK_PKCS11_FUNCTION_INFO(C_Decrypt)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedData, /* ciphertext */
++ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
++ CK_BYTE_PTR pData, /* gets plaintext */
++ CK_ULONG_PTR pulDataLen /* gets p-text size */
++);
++#endif
++
++
++/* C_DecryptUpdate continues a multiple-part decryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
++ CK_ULONG ulEncryptedPartLen, /* input length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* p-text size */
++);
++#endif
++
++
++/* C_DecryptFinal finishes a multiple-part decryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pLastPart, /* gets plaintext */
++ CK_ULONG_PTR pulLastPartLen /* p-text size */
++);
++#endif
++
++
++
++/* Message digesting */
++
++/* C_DigestInit initializes a message-digesting operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
++);
++#endif
++
++
++/* C_Digest digests data in a single part. */
++CK_PKCS11_FUNCTION_INFO(C_Digest)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* data to be digested */
++ CK_ULONG ulDataLen, /* bytes of data to digest */
++ CK_BYTE_PTR pDigest, /* gets the message digest */
++ CK_ULONG_PTR pulDigestLen /* gets digest length */
++);
++#endif
++
++
++/* C_DigestUpdate continues a multiple-part message-digesting
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* data to be digested */
++ CK_ULONG ulPartLen /* bytes of data to be digested */
++);
++#endif
++
++
++/* C_DigestKey continues a multi-part message-digesting
++ * operation, by digesting the value of a secret key as part of
++ * the data already digested. */
++CK_PKCS11_FUNCTION_INFO(C_DigestKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hKey /* secret key to digest */
++);
++#endif
++
++
++/* C_DigestFinal finishes a multiple-part message-digesting
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pDigest, /* gets the message digest */
++ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
++);
++#endif
++
++
++
++/* Signing and MACing */
++
++/* C_SignInit initializes a signature (private key encryption)
++ * operation, where the signature is (will be) an appendix to
++ * the data, and plaintext cannot be recovered from the
++ *signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of signature key */
++);
++#endif
++
++
++/* C_Sign signs (encrypts with private key) data in a single
++ * part, where the signature is (will be) an appendix to the
++ * data, and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_Sign)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* the data to sign */
++ CK_ULONG ulDataLen, /* count of bytes to sign */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++/* C_SignUpdate continues a multiple-part signature operation,
++ * where the signature is (will be) an appendix to the data,
++ * and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* the data to sign */
++ CK_ULONG ulPartLen /* count of bytes to sign */
++);
++#endif
++
++
++/* C_SignFinal finishes a multiple-part signature operation,
++ * returning the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++/* C_SignRecoverInit initializes a signature operation, where
++ * the data can be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of the signature key */
++);
++#endif
++
++
++/* C_SignRecover signs data in a single operation, where the
++ * data can be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignRecover)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* the data to sign */
++ CK_ULONG ulDataLen, /* count of bytes to sign */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++
++/* Verifying signatures and MACs */
++
++/* C_VerifyInit initializes a verification operation, where the
++ * signature is an appendix to the data, and plaintext cannot
++ * cannot be recovered from the signature (e.g. DSA). */
++CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
++ CK_OBJECT_HANDLE hKey /* verification key */
++);
++#endif
++
++
++/* C_Verify verifies a signature in a single-part operation,
++ * where the signature is an appendix to the data, and plaintext
++ * cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_Verify)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* signed data */
++ CK_ULONG ulDataLen, /* length of signed data */
++ CK_BYTE_PTR pSignature, /* signature */
++ CK_ULONG ulSignatureLen /* signature length*/
++);
++#endif
++
++
++/* C_VerifyUpdate continues a multiple-part verification
++ * operation, where the signature is an appendix to the data,
++ * and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* signed data */
++ CK_ULONG ulPartLen /* length of signed data */
++);
++#endif
++
++
++/* C_VerifyFinal finishes a multiple-part verification
++ * operation, checking the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* signature to verify */
++ CK_ULONG ulSignatureLen /* signature length */
++);
++#endif
++
++
++/* C_VerifyRecoverInit initializes a signature verification
++ * operation, where the data is recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
++ CK_OBJECT_HANDLE hKey /* verification key */
++);
++#endif
++
++
++/* C_VerifyRecover verifies a signature in a single-part
++ * operation, where the data is recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* signature to verify */
++ CK_ULONG ulSignatureLen, /* signature length */
++ CK_BYTE_PTR pData, /* gets signed data */
++ CK_ULONG_PTR pulDataLen /* gets signed data len */
++);
++#endif
++
++
++
++/* Dual-function cryptographic operations */
++
++/* C_DigestEncryptUpdate continues a multiple-part digesting
++ * and encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext length */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
++);
++#endif
++
++
++/* C_DecryptDigestUpdate continues a multiple-part decryption and
++ * digesting operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
++ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* gets plaintext len */
++);
++#endif
++
++
++/* C_SignEncryptUpdate continues a multiple-part signing and
++ * encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext length */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
++);
++#endif
++
++
++/* C_DecryptVerifyUpdate continues a multiple-part decryption and
++ * verify operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
++ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* gets p-text length */
++);
++#endif
++
++
++
++/* Key management */
++
++/* C_GenerateKey generates a secret key, creating a new key
++ * object. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
++ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
++ CK_ULONG ulCount, /* # of attrs in template */
++ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
++);
++#endif
++
++
++/* C_GenerateKeyPair generates a public-key/private-key pair,
++ * creating new key objects. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session
++ * handle */
++ CK_MECHANISM_PTR pMechanism, /* key-gen
++ * mech. */
++ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
++ * for pub.
++ * key */
++ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
++ * attrs. */
++ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
++ * for priv.
++ * key */
++ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
++ * attrs. */
++ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
++ * key
++ * handle */
++ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
++ * priv. key
++ * handle */
++);
++#endif
++
++
++/* C_WrapKey wraps (i.e., encrypts) a key. */
++CK_PKCS11_FUNCTION_INFO(C_WrapKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
++ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
++ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
++ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
++ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
++);
++#endif
++
++
++/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
++ * key object. */
++CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
++ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
++ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
++ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
++ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
++ CK_ULONG ulAttributeCount, /* template length */
++ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
++);
++#endif
++
++
++/* C_DeriveKey derives a key from a base key, creating a new key
++ * object. */
++CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
++ CK_OBJECT_HANDLE hBaseKey, /* base key */
++ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
++ CK_ULONG ulAttributeCount, /* template length */
++ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
++);
++#endif
++
++
++
++/* Random number generation */
++
++/* C_SeedRandom mixes additional seed material into the token's
++ * random number generator. */
++CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSeed, /* the seed material */
++ CK_ULONG ulSeedLen /* length of seed material */
++);
++#endif
++
++
++/* C_GenerateRandom generates random data. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR RandomData, /* receives the random data */
++ CK_ULONG ulRandomLen /* # of bytes to generate */
++);
++#endif
++
++
++
++/* Parallel function management */
++
++/* C_GetFunctionStatus is a legacy function; it obtains an
++ * updated status of a function running in parallel with an
++ * application. */
++CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++/* C_CancelFunction is a legacy function; it cancels a function
++ * running in parallel. */
++CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Functions added in for Cryptoki Version 2.01 or later */
++
++/* C_WaitForSlotEvent waits for a slot event (token insertion,
++ * removal, etc.) to occur. */
++CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_FLAGS flags, /* blocking/nonblocking flag */
++ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
++ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
++);
++#endif
+Index: openssl/crypto/engine/pkcs11t.h
+diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
+--- /dev/null Thu Jul 3 12:42:33 2014
++++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
+@@ -0,0 +1,1885 @@
++/* pkcs11t.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++/* See top of pkcs11.h for information about the macros that
++ * must be defined and the structure-packing conventions that
++ * must be set before including this file. */
++
++#ifndef _PKCS11T_H_
++#define _PKCS11T_H_ 1
++
++#define CRYPTOKI_VERSION_MAJOR 2
++#define CRYPTOKI_VERSION_MINOR 20
++#define CRYPTOKI_VERSION_AMENDMENT 3
++
++#define CK_TRUE 1
++#define CK_FALSE 0
++
++#ifndef CK_DISABLE_TRUE_FALSE
++#ifndef FALSE
++#define FALSE CK_FALSE
++#endif
++
++#ifndef TRUE
++#define TRUE CK_TRUE
++#endif
++#endif
++
++/* an unsigned 8-bit value */
++typedef unsigned char CK_BYTE;
++
++/* an unsigned 8-bit character */
++typedef CK_BYTE CK_CHAR;
++
++/* an 8-bit UTF-8 character */
++typedef CK_BYTE CK_UTF8CHAR;
++
++/* a BYTE-sized Boolean flag */
++typedef CK_BYTE CK_BBOOL;
++
++/* an unsigned value, at least 32 bits long */
++typedef unsigned long int CK_ULONG;
++
++/* a signed value, the same size as a CK_ULONG */
++/* CK_LONG is new for v2.0 */
++typedef long int CK_LONG;
++
++/* at least 32 bits; each bit is a Boolean flag */
++typedef CK_ULONG CK_FLAGS;
++
++
++/* some special values for certain CK_ULONG variables */
++#define CK_UNAVAILABLE_INFORMATION (~0UL)
++#define CK_EFFECTIVELY_INFINITE 0
++
++
++typedef CK_BYTE CK_PTR CK_BYTE_PTR;
++typedef CK_CHAR CK_PTR CK_CHAR_PTR;
++typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
++typedef CK_ULONG CK_PTR CK_ULONG_PTR;
++typedef void CK_PTR CK_VOID_PTR;
++
++/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
++typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
++
++
++/* The following value is always invalid if used as a session */
++/* handle or object handle */
++#define CK_INVALID_HANDLE 0
++
++
++typedef struct CK_VERSION {
++ CK_BYTE major; /* integer portion of version number */
++ CK_BYTE minor; /* 1/100ths portion of version number */
++} CK_VERSION;
++
++typedef CK_VERSION CK_PTR CK_VERSION_PTR;
++
++
++typedef struct CK_INFO {
++ /* manufacturerID and libraryDecription have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_FLAGS flags; /* must be zero */
++
++ /* libraryDescription and libraryVersion are new for v2.0 */
++ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
++ CK_VERSION libraryVersion; /* version of library */
++} CK_INFO;
++
++typedef CK_INFO CK_PTR CK_INFO_PTR;
++
++
++/* CK_NOTIFICATION enumerates the types of notifications that
++ * Cryptoki provides to an application */
++/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
++ * for v2.0 */
++typedef CK_ULONG CK_NOTIFICATION;
++#define CKN_SURRENDER 0
++
++/* The following notification is new for PKCS #11 v2.20 amendment 3 */
++#define CKN_OTP_CHANGED 1
++
++
++typedef CK_ULONG CK_SLOT_ID;
++
++typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
++
++
++/* CK_SLOT_INFO provides information about a slot */
++typedef struct CK_SLOT_INFO {
++ /* slotDescription and manufacturerID have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_UTF8CHAR slotDescription[64]; /* blank padded */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_FLAGS flags;
++
++ /* hardwareVersion and firmwareVersion are new for v2.0 */
++ CK_VERSION hardwareVersion; /* version of hardware */
++ CK_VERSION firmwareVersion; /* version of firmware */
++} CK_SLOT_INFO;
++
++/* flags: bit flags that provide capabilities of the slot
++ * Bit Flag Mask Meaning
++ */
++#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
++#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
++#define CKF_HW_SLOT 0x00000004 /* hardware slot */
++
++typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
++
++
++/* CK_TOKEN_INFO provides information about a token */
++typedef struct CK_TOKEN_INFO {
++ /* label, manufacturerID, and model have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_UTF8CHAR label[32]; /* blank padded */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_UTF8CHAR model[16]; /* blank padded */
++ CK_CHAR serialNumber[16]; /* blank padded */
++ CK_FLAGS flags; /* see below */
++
++ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
++ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
++ * changed from CK_USHORT to CK_ULONG for v2.0 */
++ CK_ULONG ulMaxSessionCount; /* max open sessions */
++ CK_ULONG ulSessionCount; /* sess. now open */
++ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
++ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
++ CK_ULONG ulMaxPinLen; /* in bytes */
++ CK_ULONG ulMinPinLen; /* in bytes */
++ CK_ULONG ulTotalPublicMemory; /* in bytes */
++ CK_ULONG ulFreePublicMemory; /* in bytes */
++ CK_ULONG ulTotalPrivateMemory; /* in bytes */
++ CK_ULONG ulFreePrivateMemory; /* in bytes */
++
++ /* hardwareVersion, firmwareVersion, and time are new for
++ * v2.0 */
++ CK_VERSION hardwareVersion; /* version of hardware */
++ CK_VERSION firmwareVersion; /* version of firmware */
++ CK_CHAR utcTime[16]; /* time */
++} CK_TOKEN_INFO;
++
++/* The flags parameter is defined as follows:
++ * Bit Flag Mask Meaning
++ */
++#define CKF_RNG 0x00000001 /* has random #
++ * generator */
++#define CKF_WRITE_PROTECTED 0x00000002 /* token is
++ * write-
++ * protected */
++#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
++ * login */
++#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
++ * PIN is set */
++
++/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
++ * that means that *every* time the state of cryptographic
++ * operations of a session is successfully saved, all keys
++ * needed to continue those operations are stored in the state */
++#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
++
++/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
++ * that the token has some sort of clock. The time on that
++ * clock is returned in the token info structure */
++#define CKF_CLOCK_ON_TOKEN 0x00000040
++
++/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
++ * set, that means that there is some way for the user to login
++ * without sending a PIN through the Cryptoki library itself */
++#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
++
++/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
++ * that means that a single session with the token can perform
++ * dual simultaneous cryptographic operations (digest and
++ * encrypt; decrypt and digest; sign and encrypt; and decrypt
++ * and sign) */
++#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
++
++/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
++ * token has been initialized using C_InitializeToken or an
++ * equivalent mechanism outside the scope of PKCS #11.
++ * Calling C_InitializeToken when this flag is set will cause
++ * the token to be reinitialized. */
++#define CKF_TOKEN_INITIALIZED 0x00000400
++
++/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
++ * true, the token supports secondary authentication for
++ * private key objects. This flag is deprecated in v2.11 and
++ onwards. */
++#define CKF_SECONDARY_AUTHENTICATION 0x00000800
++
++/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
++ * incorrect user login PIN has been entered at least once
++ * since the last successful authentication. */
++#define CKF_USER_PIN_COUNT_LOW 0x00010000
++
++/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
++ * supplying an incorrect user PIN will it to become locked. */
++#define CKF_USER_PIN_FINAL_TRY 0x00020000
++
++/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
++ * user PIN has been locked. User login to the token is not
++ * possible. */
++#define CKF_USER_PIN_LOCKED 0x00040000
++
++/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
++ * the user PIN value is the default value set by token
++ * initialization or manufacturing, or the PIN has been
++ * expired by the card. */
++#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
++
++/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
++ * incorrect SO login PIN has been entered at least once since
++ * the last successful authentication. */
++#define CKF_SO_PIN_COUNT_LOW 0x00100000
++
++/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
++ * supplying an incorrect SO PIN will it to become locked. */
++#define CKF_SO_PIN_FINAL_TRY 0x00200000
++
++/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
++ * PIN has been locked. SO login to the token is not possible.
++ */
++#define CKF_SO_PIN_LOCKED 0x00400000
++
++/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
++ * the SO PIN value is the default value set by token
++ * initialization or manufacturing, or the PIN has been
++ * expired by the card. */
++#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
++
++typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
++
++
++/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
++ * identifies a session */
++typedef CK_ULONG CK_SESSION_HANDLE;
++
++typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
++
++
++/* CK_USER_TYPE enumerates the types of Cryptoki users */
++/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_USER_TYPE;
++/* Security Officer */
++#define CKU_SO 0
++/* Normal user */
++#define CKU_USER 1
++/* Context specific (added in v2.20) */
++#define CKU_CONTEXT_SPECIFIC 2
++
++/* CK_STATE enumerates the session states */
++/* CK_STATE has been changed from an enum to a CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_STATE;
++#define CKS_RO_PUBLIC_SESSION 0
++#define CKS_RO_USER_FUNCTIONS 1
++#define CKS_RW_PUBLIC_SESSION 2
++#define CKS_RW_USER_FUNCTIONS 3
++#define CKS_RW_SO_FUNCTIONS 4
++
++
++/* CK_SESSION_INFO provides information about a session */
++typedef struct CK_SESSION_INFO {
++ CK_SLOT_ID slotID;
++ CK_STATE state;
++ CK_FLAGS flags; /* see below */
++
++ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulDeviceError; /* device-dependent error code */
++} CK_SESSION_INFO;
++
++/* The flags are defined in the following table:
++ * Bit Flag Mask Meaning
++ */
++#define CKF_RW_SESSION 0x00000002 /* session is r/w */
++#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
++
++typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
++
++
++/* CK_OBJECT_HANDLE is a token-specific identifier for an
++ * object */
++typedef CK_ULONG CK_OBJECT_HANDLE;
++
++typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
++
++
++/* CK_OBJECT_CLASS is a value that identifies the classes (or
++ * types) of objects that Cryptoki recognizes. It is defined
++ * as follows: */
++/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_OBJECT_CLASS;
++
++/* The following classes of objects are defined: */
++/* CKO_HW_FEATURE is new for v2.10 */
++/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
++/* CKO_MECHANISM is new for v2.20 */
++#define CKO_DATA 0x00000000
++#define CKO_CERTIFICATE 0x00000001
++#define CKO_PUBLIC_KEY 0x00000002
++#define CKO_PRIVATE_KEY 0x00000003
++#define CKO_SECRET_KEY 0x00000004
++#define CKO_HW_FEATURE 0x00000005
++#define CKO_DOMAIN_PARAMETERS 0x00000006
++#define CKO_MECHANISM 0x00000007
++
++/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
++#define CKO_OTP_KEY 0x00000008
++
++#define CKO_VENDOR_DEFINED 0x80000000
++
++typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
++
++/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
++ * value that identifies the hardware feature type of an object
++ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
++typedef CK_ULONG CK_HW_FEATURE_TYPE;
++
++/* The following hardware feature types are defined */
++/* CKH_USER_INTERFACE is new for v2.20 */
++#define CKH_MONOTONIC_COUNTER 0x00000001
++#define CKH_CLOCK 0x00000002
++#define CKH_USER_INTERFACE 0x00000003
++#define CKH_VENDOR_DEFINED 0x80000000
++
++/* CK_KEY_TYPE is a value that identifies a key type */
++/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
++typedef CK_ULONG CK_KEY_TYPE;
++
++/* the following key types are defined: */
++#define CKK_RSA 0x00000000
++#define CKK_DSA 0x00000001
++#define CKK_DH 0x00000002
++
++/* CKK_ECDSA and CKK_KEA are new for v2.0 */
++/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
++#define CKK_ECDSA 0x00000003
++#define CKK_EC 0x00000003
++#define CKK_X9_42_DH 0x00000004
++#define CKK_KEA 0x00000005
++
++#define CKK_GENERIC_SECRET 0x00000010
++#define CKK_RC2 0x00000011
++#define CKK_RC4 0x00000012
++#define CKK_DES 0x00000013
++#define CKK_DES2 0x00000014
++#define CKK_DES3 0x00000015
++
++/* all these key types are new for v2.0 */
++#define CKK_CAST 0x00000016
++#define CKK_CAST3 0x00000017
++/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
++#define CKK_CAST5 0x00000018
++#define CKK_CAST128 0x00000018
++#define CKK_RC5 0x00000019
++#define CKK_IDEA 0x0000001A
++#define CKK_SKIPJACK 0x0000001B
++#define CKK_BATON 0x0000001C
++#define CKK_JUNIPER 0x0000001D
++#define CKK_CDMF 0x0000001E
++#define CKK_AES 0x0000001F
++
++/* BlowFish and TwoFish are new for v2.20 */
++#define CKK_BLOWFISH 0x00000020
++#define CKK_TWOFISH 0x00000021
++
++/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
++#define CKK_SECURID 0x00000022
++#define CKK_HOTP 0x00000023
++#define CKK_ACTI 0x00000024
++
++/* Camellia is new for PKCS #11 v2.20 amendment 3 */
++#define CKK_CAMELLIA 0x00000025
++/* ARIA is new for PKCS #11 v2.20 amendment 3 */
++#define CKK_ARIA 0x00000026
++
++
++#define CKK_VENDOR_DEFINED 0x80000000
++
++
++/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
++ * type */
++/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
++ * for v2.0 */
++typedef CK_ULONG CK_CERTIFICATE_TYPE;
++
++/* The following certificate types are defined: */
++/* CKC_X_509_ATTR_CERT is new for v2.10 */
++/* CKC_WTLS is new for v2.20 */
++#define CKC_X_509 0x00000000
++#define CKC_X_509_ATTR_CERT 0x00000001
++#define CKC_WTLS 0x00000002
++#define CKC_VENDOR_DEFINED 0x80000000
++
++
++/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
++ * type */
++/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_ATTRIBUTE_TYPE;
++
++/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
++ consists of an array of values. */
++#define CKF_ARRAY_ATTRIBUTE 0x40000000
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
++ and relates to the CKA_OTP_FORMAT attribute */
++#define CK_OTP_FORMAT_DECIMAL 0
++#define CK_OTP_FORMAT_HEXADECIMAL 1
++#define CK_OTP_FORMAT_ALPHANUMERIC 2
++#define CK_OTP_FORMAT_BINARY 3
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
++ and relates to the CKA_OTP_..._REQUIREMENT attributes */
++#define CK_OTP_PARAM_IGNORED 0
++#define CK_OTP_PARAM_OPTIONAL 1
++#define CK_OTP_PARAM_MANDATORY 2
++
++/* The following attribute types are defined: */
++#define CKA_CLASS 0x00000000
++#define CKA_TOKEN 0x00000001
++#define CKA_PRIVATE 0x00000002
++#define CKA_LABEL 0x00000003
++#define CKA_APPLICATION 0x00000010
++#define CKA_VALUE 0x00000011
++
++/* CKA_OBJECT_ID is new for v2.10 */
++#define CKA_OBJECT_ID 0x00000012
++
++#define CKA_CERTIFICATE_TYPE 0x00000080
++#define CKA_ISSUER 0x00000081
++#define CKA_SERIAL_NUMBER 0x00000082
++
++/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
++ * for v2.10 */
++#define CKA_AC_ISSUER 0x00000083
++#define CKA_OWNER 0x00000084
++#define CKA_ATTR_TYPES 0x00000085
++
++/* CKA_TRUSTED is new for v2.11 */
++#define CKA_TRUSTED 0x00000086
++
++/* CKA_CERTIFICATE_CATEGORY ...
++ * CKA_CHECK_VALUE are new for v2.20 */
++#define CKA_CERTIFICATE_CATEGORY 0x00000087
++#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
++#define CKA_URL 0x00000089
++#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
++#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
++#define CKA_CHECK_VALUE 0x00000090
++
++#define CKA_KEY_TYPE 0x00000100
++#define CKA_SUBJECT 0x00000101
++#define CKA_ID 0x00000102
++#define CKA_SENSITIVE 0x00000103
++#define CKA_ENCRYPT 0x00000104
++#define CKA_DECRYPT 0x00000105
++#define CKA_WRAP 0x00000106
++#define CKA_UNWRAP 0x00000107
++#define CKA_SIGN 0x00000108
++#define CKA_SIGN_RECOVER 0x00000109
++#define CKA_VERIFY 0x0000010A
++#define CKA_VERIFY_RECOVER 0x0000010B
++#define CKA_DERIVE 0x0000010C
++#define CKA_START_DATE 0x00000110
++#define CKA_END_DATE 0x00000111
++#define CKA_MODULUS 0x00000120
++#define CKA_MODULUS_BITS 0x00000121
++#define CKA_PUBLIC_EXPONENT 0x00000122
++#define CKA_PRIVATE_EXPONENT 0x00000123
++#define CKA_PRIME_1 0x00000124
++#define CKA_PRIME_2 0x00000125
++#define CKA_EXPONENT_1 0x00000126
++#define CKA_EXPONENT_2 0x00000127
++#define CKA_COEFFICIENT 0x00000128
++#define CKA_PRIME 0x00000130
++#define CKA_SUBPRIME 0x00000131
++#define CKA_BASE 0x00000132
++
++/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
++#define CKA_PRIME_BITS 0x00000133
++#define CKA_SUBPRIME_BITS 0x00000134
++#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
++/* (To retain backwards-compatibility) */
++
++#define CKA_VALUE_BITS 0x00000160
++#define CKA_VALUE_LEN 0x00000161
++
++/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
++ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
++ * and CKA_EC_POINT are new for v2.0 */
++#define CKA_EXTRACTABLE 0x00000162
++#define CKA_LOCAL 0x00000163
++#define CKA_NEVER_EXTRACTABLE 0x00000164
++#define CKA_ALWAYS_SENSITIVE 0x00000165
++
++/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
++#define CKA_KEY_GEN_MECHANISM 0x00000166
++
++#define CKA_MODIFIABLE 0x00000170
++
++/* CKA_ECDSA_PARAMS is deprecated in v2.11,
++ * CKA_EC_PARAMS is preferred. */
++#define CKA_ECDSA_PARAMS 0x00000180
++#define CKA_EC_PARAMS 0x00000180
++
++#define CKA_EC_POINT 0x00000181
++
++/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
++ * are new for v2.10. Deprecated in v2.11 and onwards. */
++#define CKA_SECONDARY_AUTH 0x00000200
++#define CKA_AUTH_PIN_FLAGS 0x00000201
++
++/* CKA_ALWAYS_AUTHENTICATE ...
++ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
++#define CKA_ALWAYS_AUTHENTICATE 0x00000202
++
++#define CKA_WRAP_WITH_TRUSTED 0x00000210
++#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
++#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
++
++/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
++#define CKA_OTP_FORMAT 0x00000220
++#define CKA_OTP_LENGTH 0x00000221
++#define CKA_OTP_TIME_INTERVAL 0x00000222
++#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
++#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
++#define CKA_OTP_TIME_REQUIREMENT 0x00000225
++#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
++#define CKA_OTP_PIN_REQUIREMENT 0x00000227
++#define CKA_OTP_COUNTER 0x0000022E
++#define CKA_OTP_TIME 0x0000022F
++#define CKA_OTP_USER_IDENTIFIER 0x0000022A
++#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
++#define CKA_OTP_SERVICE_LOGO 0x0000022C
++#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
++
++
++/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
++ * are new for v2.10 */
++#define CKA_HW_FEATURE_TYPE 0x00000300
++#define CKA_RESET_ON_INIT 0x00000301
++#define CKA_HAS_RESET 0x00000302
++
++/* The following attributes are new for v2.20 */
++#define CKA_PIXEL_X 0x00000400
++#define CKA_PIXEL_Y 0x00000401
++#define CKA_RESOLUTION 0x00000402
++#define CKA_CHAR_ROWS 0x00000403
++#define CKA_CHAR_COLUMNS 0x00000404
++#define CKA_COLOR 0x00000405
++#define CKA_BITS_PER_PIXEL 0x00000406
++#define CKA_CHAR_SETS 0x00000480
++#define CKA_ENCODING_METHODS 0x00000481
++#define CKA_MIME_TYPES 0x00000482
++#define CKA_MECHANISM_TYPE 0x00000500
++#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
++#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
++#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
++#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
++
++#define CKA_VENDOR_DEFINED 0x80000000
++
++/* CK_ATTRIBUTE is a structure that includes the type, length
++ * and value of an attribute */
++typedef struct CK_ATTRIBUTE {
++ CK_ATTRIBUTE_TYPE type;
++ CK_VOID_PTR pValue;
++
++ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
++ CK_ULONG ulValueLen; /* in bytes */
++} CK_ATTRIBUTE;
++
++typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
++
++
++/* CK_DATE is a structure that defines a date */
++typedef struct CK_DATE{
++ CK_CHAR year[4]; /* the year ("1900" - "9999") */
++ CK_CHAR month[2]; /* the month ("01" - "12") */
++ CK_CHAR day[2]; /* the day ("01" - "31") */
++} CK_DATE;
++
++
++/* CK_MECHANISM_TYPE is a value that identifies a mechanism
++ * type */
++/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_MECHANISM_TYPE;
++
++/* the following mechanism types are defined: */
++#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
++#define CKM_RSA_PKCS 0x00000001
++#define CKM_RSA_9796 0x00000002
++#define CKM_RSA_X_509 0x00000003
++
++/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
++ * are new for v2.0. They are mechanisms which hash and sign */
++#define CKM_MD2_RSA_PKCS 0x00000004
++#define CKM_MD5_RSA_PKCS 0x00000005
++#define CKM_SHA1_RSA_PKCS 0x00000006
++
++/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
++ * CKM_RSA_PKCS_OAEP are new for v2.10 */
++#define CKM_RIPEMD128_RSA_PKCS 0x00000007
++#define CKM_RIPEMD160_RSA_PKCS 0x00000008
++#define CKM_RSA_PKCS_OAEP 0x00000009
++
++/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
++ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
++#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
++#define CKM_RSA_X9_31 0x0000000B
++#define CKM_SHA1_RSA_X9_31 0x0000000C
++#define CKM_RSA_PKCS_PSS 0x0000000D
++#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
++
++#define CKM_DSA_KEY_PAIR_GEN 0x00000010
++#define CKM_DSA 0x00000011
++#define CKM_DSA_SHA1 0x00000012
++#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
++#define CKM_DH_PKCS_DERIVE 0x00000021
++
++/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
++ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
++ * v2.11 */
++#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
++#define CKM_X9_42_DH_DERIVE 0x00000031
++#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
++#define CKM_X9_42_MQV_DERIVE 0x00000033
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256_RSA_PKCS 0x00000040
++#define CKM_SHA384_RSA_PKCS 0x00000041
++#define CKM_SHA512_RSA_PKCS 0x00000042
++#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
++#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
++#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
++
++/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224_RSA_PKCS 0x00000046
++#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
++
++#define CKM_RC2_KEY_GEN 0x00000100
++#define CKM_RC2_ECB 0x00000101
++#define CKM_RC2_CBC 0x00000102
++#define CKM_RC2_MAC 0x00000103
++
++/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
++#define CKM_RC2_MAC_GENERAL 0x00000104
++#define CKM_RC2_CBC_PAD 0x00000105
++
++#define CKM_RC4_KEY_GEN 0x00000110
++#define CKM_RC4 0x00000111
++#define CKM_DES_KEY_GEN 0x00000120
++#define CKM_DES_ECB 0x00000121
++#define CKM_DES_CBC 0x00000122
++#define CKM_DES_MAC 0x00000123
++
++/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
++#define CKM_DES_MAC_GENERAL 0x00000124
++#define CKM_DES_CBC_PAD 0x00000125
++
++#define CKM_DES2_KEY_GEN 0x00000130
++#define CKM_DES3_KEY_GEN 0x00000131
++#define CKM_DES3_ECB 0x00000132
++#define CKM_DES3_CBC 0x00000133
++#define CKM_DES3_MAC 0x00000134
++
++/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
++ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
++ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
++#define CKM_DES3_MAC_GENERAL 0x00000135
++#define CKM_DES3_CBC_PAD 0x00000136
++#define CKM_CDMF_KEY_GEN 0x00000140
++#define CKM_CDMF_ECB 0x00000141
++#define CKM_CDMF_CBC 0x00000142
++#define CKM_CDMF_MAC 0x00000143
++#define CKM_CDMF_MAC_GENERAL 0x00000144
++#define CKM_CDMF_CBC_PAD 0x00000145
++
++/* the following four DES mechanisms are new for v2.20 */
++#define CKM_DES_OFB64 0x00000150
++#define CKM_DES_OFB8 0x00000151
++#define CKM_DES_CFB64 0x00000152
++#define CKM_DES_CFB8 0x00000153
++
++#define CKM_MD2 0x00000200
++
++/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
++#define CKM_MD2_HMAC 0x00000201
++#define CKM_MD2_HMAC_GENERAL 0x00000202
++
++#define CKM_MD5 0x00000210
++
++/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
++#define CKM_MD5_HMAC 0x00000211
++#define CKM_MD5_HMAC_GENERAL 0x00000212
++
++#define CKM_SHA_1 0x00000220
++
++/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
++#define CKM_SHA_1_HMAC 0x00000221
++#define CKM_SHA_1_HMAC_GENERAL 0x00000222
++
++/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
++ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
++ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
++#define CKM_RIPEMD128 0x00000230
++#define CKM_RIPEMD128_HMAC 0x00000231
++#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
++#define CKM_RIPEMD160 0x00000240
++#define CKM_RIPEMD160_HMAC 0x00000241
++#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256 0x00000250
++#define CKM_SHA256_HMAC 0x00000251
++#define CKM_SHA256_HMAC_GENERAL 0x00000252
++
++/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224 0x00000255
++#define CKM_SHA224_HMAC 0x00000256
++#define CKM_SHA224_HMAC_GENERAL 0x00000257
++
++#define CKM_SHA384 0x00000260
++#define CKM_SHA384_HMAC 0x00000261
++#define CKM_SHA384_HMAC_GENERAL 0x00000262
++#define CKM_SHA512 0x00000270
++#define CKM_SHA512_HMAC 0x00000271
++#define CKM_SHA512_HMAC_GENERAL 0x00000272
++
++/* SecurID is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_SECURID_KEY_GEN 0x00000280
++#define CKM_SECURID 0x00000282
++
++/* HOTP is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_HOTP_KEY_GEN 0x00000290
++#define CKM_HOTP 0x00000291
++
++/* ACTI is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_ACTI 0x000002A0
++#define CKM_ACTI_KEY_GEN 0x000002A1
++
++/* All of the following mechanisms are new for v2.0 */
++/* Note that CAST128 and CAST5 are the same algorithm */
++#define CKM_CAST_KEY_GEN 0x00000300
++#define CKM_CAST_ECB 0x00000301
++#define CKM_CAST_CBC 0x00000302
++#define CKM_CAST_MAC 0x00000303
++#define CKM_CAST_MAC_GENERAL 0x00000304
++#define CKM_CAST_CBC_PAD 0x00000305
++#define CKM_CAST3_KEY_GEN 0x00000310
++#define CKM_CAST3_ECB 0x00000311
++#define CKM_CAST3_CBC 0x00000312
++#define CKM_CAST3_MAC 0x00000313
++#define CKM_CAST3_MAC_GENERAL 0x00000314
++#define CKM_CAST3_CBC_PAD 0x00000315
++#define CKM_CAST5_KEY_GEN 0x00000320
++#define CKM_CAST128_KEY_GEN 0x00000320
++#define CKM_CAST5_ECB 0x00000321
++#define CKM_CAST128_ECB 0x00000321
++#define CKM_CAST5_CBC 0x00000322
++#define CKM_CAST128_CBC 0x00000322
++#define CKM_CAST5_MAC 0x00000323
++#define CKM_CAST128_MAC 0x00000323
++#define CKM_CAST5_MAC_GENERAL 0x00000324
++#define CKM_CAST128_MAC_GENERAL 0x00000324
++#define CKM_CAST5_CBC_PAD 0x00000325
++#define CKM_CAST128_CBC_PAD 0x00000325
++#define CKM_RC5_KEY_GEN 0x00000330
++#define CKM_RC5_ECB 0x00000331
++#define CKM_RC5_CBC 0x00000332
++#define CKM_RC5_MAC 0x00000333
++#define CKM_RC5_MAC_GENERAL 0x00000334
++#define CKM_RC5_CBC_PAD 0x00000335
++#define CKM_IDEA_KEY_GEN 0x00000340
++#define CKM_IDEA_ECB 0x00000341
++#define CKM_IDEA_CBC 0x00000342
++#define CKM_IDEA_MAC 0x00000343
++#define CKM_IDEA_MAC_GENERAL 0x00000344
++#define CKM_IDEA_CBC_PAD 0x00000345
++#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
++#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
++#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
++#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
++#define CKM_XOR_BASE_AND_DATA 0x00000364
++#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
++#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
++#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
++#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
++
++/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
++ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
++ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
++#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
++#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
++#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
++#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
++#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
++
++/* CKM_TLS_PRF is new for v2.20 */
++#define CKM_TLS_PRF 0x00000378
++
++#define CKM_SSL3_MD5_MAC 0x00000380
++#define CKM_SSL3_SHA1_MAC 0x00000381
++#define CKM_MD5_KEY_DERIVATION 0x00000390
++#define CKM_MD2_KEY_DERIVATION 0x00000391
++#define CKM_SHA1_KEY_DERIVATION 0x00000392
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256_KEY_DERIVATION 0x00000393
++#define CKM_SHA384_KEY_DERIVATION 0x00000394
++#define CKM_SHA512_KEY_DERIVATION 0x00000395
++
++/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224_KEY_DERIVATION 0x00000396
++
++#define CKM_PBE_MD2_DES_CBC 0x000003A0
++#define CKM_PBE_MD5_DES_CBC 0x000003A1
++#define CKM_PBE_MD5_CAST_CBC 0x000003A2
++#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
++#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
++#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
++#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
++#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
++#define CKM_PBE_SHA1_RC4_128 0x000003A6
++#define CKM_PBE_SHA1_RC4_40 0x000003A7
++#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
++#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
++#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
++#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
++
++/* CKM_PKCS5_PBKD2 is new for v2.10 */
++#define CKM_PKCS5_PBKD2 0x000003B0
++
++#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
++
++/* WTLS mechanisms are new for v2.20 */
++#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
++#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
++#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
++#define CKM_WTLS_PRF 0x000003D3
++#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
++#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
++
++#define CKM_KEY_WRAP_LYNKS 0x00000400
++#define CKM_KEY_WRAP_SET_OAEP 0x00000401
++
++/* CKM_CMS_SIG is new for v2.20 */
++#define CKM_CMS_SIG 0x00000500
++
++/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
++#define CKM_KIP_DERIVE 0x00000510
++#define CKM_KIP_WRAP 0x00000511
++#define CKM_KIP_MAC 0x00000512
++
++/* Camellia is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_CAMELLIA_KEY_GEN 0x00000550
++#define CKM_CAMELLIA_ECB 0x00000551
++#define CKM_CAMELLIA_CBC 0x00000552
++#define CKM_CAMELLIA_MAC 0x00000553
++#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
++#define CKM_CAMELLIA_CBC_PAD 0x00000555
++#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
++#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
++#define CKM_CAMELLIA_CTR 0x00000558
++
++/* ARIA is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_ARIA_KEY_GEN 0x00000560
++#define CKM_ARIA_ECB 0x00000561
++#define CKM_ARIA_CBC 0x00000562
++#define CKM_ARIA_MAC 0x00000563
++#define CKM_ARIA_MAC_GENERAL 0x00000564
++#define CKM_ARIA_CBC_PAD 0x00000565
++#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
++#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
++
++/* Fortezza mechanisms */
++#define CKM_SKIPJACK_KEY_GEN 0x00001000
++#define CKM_SKIPJACK_ECB64 0x00001001
++#define CKM_SKIPJACK_CBC64 0x00001002
++#define CKM_SKIPJACK_OFB64 0x00001003
++#define CKM_SKIPJACK_CFB64 0x00001004
++#define CKM_SKIPJACK_CFB32 0x00001005
++#define CKM_SKIPJACK_CFB16 0x00001006
++#define CKM_SKIPJACK_CFB8 0x00001007
++#define CKM_SKIPJACK_WRAP 0x00001008
++#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
++#define CKM_SKIPJACK_RELAYX 0x0000100a
++#define CKM_KEA_KEY_PAIR_GEN 0x00001010
++#define CKM_KEA_KEY_DERIVE 0x00001011
++#define CKM_FORTEZZA_TIMESTAMP 0x00001020
++#define CKM_BATON_KEY_GEN 0x00001030
++#define CKM_BATON_ECB128 0x00001031
++#define CKM_BATON_ECB96 0x00001032
++#define CKM_BATON_CBC128 0x00001033
++#define CKM_BATON_COUNTER 0x00001034
++#define CKM_BATON_SHUFFLE 0x00001035
++#define CKM_BATON_WRAP 0x00001036
++
++/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
++ * CKM_EC_KEY_PAIR_GEN is preferred */
++#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
++#define CKM_EC_KEY_PAIR_GEN 0x00001040
++
++#define CKM_ECDSA 0x00001041
++#define CKM_ECDSA_SHA1 0x00001042
++
++/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
++ * are new for v2.11 */
++#define CKM_ECDH1_DERIVE 0x00001050
++#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
++#define CKM_ECMQV_DERIVE 0x00001052
++
++#define CKM_JUNIPER_KEY_GEN 0x00001060
++#define CKM_JUNIPER_ECB128 0x00001061
++#define CKM_JUNIPER_CBC128 0x00001062
++#define CKM_JUNIPER_COUNTER 0x00001063
++#define CKM_JUNIPER_SHUFFLE 0x00001064
++#define CKM_JUNIPER_WRAP 0x00001065
++#define CKM_FASTHASH 0x00001070
++
++/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
++ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
++ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
++ * new for v2.11 */
++#define CKM_AES_KEY_GEN 0x00001080
++#define CKM_AES_ECB 0x00001081
++#define CKM_AES_CBC 0x00001082
++#define CKM_AES_MAC 0x00001083
++#define CKM_AES_MAC_GENERAL 0x00001084
++#define CKM_AES_CBC_PAD 0x00001085
++
++/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_AES_CTR 0x00001086
++
++/* BlowFish and TwoFish are new for v2.20 */
++#define CKM_BLOWFISH_KEY_GEN 0x00001090
++#define CKM_BLOWFISH_CBC 0x00001091
++#define CKM_TWOFISH_KEY_GEN 0x00001092
++#define CKM_TWOFISH_CBC 0x00001093
++
++
++/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
++#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
++#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
++#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
++#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
++#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
++#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
++
++#define CKM_DSA_PARAMETER_GEN 0x00002000
++#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
++#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
++
++#define CKM_VENDOR_DEFINED 0x80000000
++
++typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
++
++
++/* CK_MECHANISM is a structure that specifies a particular
++ * mechanism */
++typedef struct CK_MECHANISM {
++ CK_MECHANISM_TYPE mechanism;
++ CK_VOID_PTR pParameter;
++
++ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulParameterLen; /* in bytes */
++} CK_MECHANISM;
++
++typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
++
++
++/* CK_MECHANISM_INFO provides information about a particular
++ * mechanism */
++typedef struct CK_MECHANISM_INFO {
++ CK_ULONG ulMinKeySize;
++ CK_ULONG ulMaxKeySize;
++ CK_FLAGS flags;
++} CK_MECHANISM_INFO;
++
++/* The flags are defined as follows:
++ * Bit Flag Mask Meaning */
++#define CKF_HW 0x00000001 /* performed by HW */
++
++/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
++ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
++ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
++ * and CKF_DERIVE are new for v2.0. They specify whether or not
++ * a mechanism can be used for a particular task */
++#define CKF_ENCRYPT 0x00000100
++#define CKF_DECRYPT 0x00000200
++#define CKF_DIGEST 0x00000400
++#define CKF_SIGN 0x00000800
++#define CKF_SIGN_RECOVER 0x00001000
++#define CKF_VERIFY 0x00002000
++#define CKF_VERIFY_RECOVER 0x00004000
++#define CKF_GENERATE 0x00008000
++#define CKF_GENERATE_KEY_PAIR 0x00010000
++#define CKF_WRAP 0x00020000
++#define CKF_UNWRAP 0x00040000
++#define CKF_DERIVE 0x00080000
++
++/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
++ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
++ * describe a token's EC capabilities not available in mechanism
++ * information. */
++#define CKF_EC_F_P 0x00100000
++#define CKF_EC_F_2M 0x00200000
++#define CKF_EC_ECPARAMETERS 0x00400000
++#define CKF_EC_NAMEDCURVE 0x00800000
++#define CKF_EC_UNCOMPRESS 0x01000000
++#define CKF_EC_COMPRESS 0x02000000
++
++#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
++
++typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
++
++
++/* CK_RV is a value that identifies the return value of a
++ * Cryptoki function */
++/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
++typedef CK_ULONG CK_RV;
++
++#define CKR_OK 0x00000000
++#define CKR_CANCEL 0x00000001
++#define CKR_HOST_MEMORY 0x00000002
++#define CKR_SLOT_ID_INVALID 0x00000003
++
++/* CKR_FLAGS_INVALID was removed for v2.0 */
++
++/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
++#define CKR_GENERAL_ERROR 0x00000005
++#define CKR_FUNCTION_FAILED 0x00000006
++
++/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
++ * and CKR_CANT_LOCK are new for v2.01 */
++#define CKR_ARGUMENTS_BAD 0x00000007
++#define CKR_NO_EVENT 0x00000008
++#define CKR_NEED_TO_CREATE_THREADS 0x00000009
++#define CKR_CANT_LOCK 0x0000000A
++
++#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
++#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
++#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
++#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
++#define CKR_DATA_INVALID 0x00000020
++#define CKR_DATA_LEN_RANGE 0x00000021
++#define CKR_DEVICE_ERROR 0x00000030
++#define CKR_DEVICE_MEMORY 0x00000031
++#define CKR_DEVICE_REMOVED 0x00000032
++#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
++#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
++#define CKR_FUNCTION_CANCELED 0x00000050
++#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
++
++/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
++#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
++
++#define CKR_KEY_HANDLE_INVALID 0x00000060
++
++/* CKR_KEY_SENSITIVE was removed for v2.0 */
++
++#define CKR_KEY_SIZE_RANGE 0x00000062
++#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
++
++/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
++ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
++ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
++ * v2.0 */
++#define CKR_KEY_NOT_NEEDED 0x00000064
++#define CKR_KEY_CHANGED 0x00000065
++#define CKR_KEY_NEEDED 0x00000066
++#define CKR_KEY_INDIGESTIBLE 0x00000067
++#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
++#define CKR_KEY_NOT_WRAPPABLE 0x00000069
++#define CKR_KEY_UNEXTRACTABLE 0x0000006A
++
++#define CKR_MECHANISM_INVALID 0x00000070
++#define CKR_MECHANISM_PARAM_INVALID 0x00000071
++
++/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
++ * were removed for v2.0 */
++#define CKR_OBJECT_HANDLE_INVALID 0x00000082
++#define CKR_OPERATION_ACTIVE 0x00000090
++#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
++#define CKR_PIN_INCORRECT 0x000000A0
++#define CKR_PIN_INVALID 0x000000A1
++#define CKR_PIN_LEN_RANGE 0x000000A2
++
++/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
++#define CKR_PIN_EXPIRED 0x000000A3
++#define CKR_PIN_LOCKED 0x000000A4
++
++#define CKR_SESSION_CLOSED 0x000000B0
++#define CKR_SESSION_COUNT 0x000000B1
++#define CKR_SESSION_HANDLE_INVALID 0x000000B3
++#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
++#define CKR_SESSION_READ_ONLY 0x000000B5
++#define CKR_SESSION_EXISTS 0x000000B6
++
++/* CKR_SESSION_READ_ONLY_EXISTS and
++ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
++#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
++#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
++
++#define CKR_SIGNATURE_INVALID 0x000000C0
++#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
++#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
++#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
++#define CKR_TOKEN_NOT_PRESENT 0x000000E0
++#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
++#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
++#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
++#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
++#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
++#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
++#define CKR_USER_NOT_LOGGED_IN 0x00000101
++#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
++#define CKR_USER_TYPE_INVALID 0x00000103
++
++/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
++ * are new to v2.01 */
++#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
++#define CKR_USER_TOO_MANY_TYPES 0x00000105
++
++#define CKR_WRAPPED_KEY_INVALID 0x00000110
++#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
++#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
++#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
++#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
++#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
++
++/* These are new to v2.0 */
++#define CKR_RANDOM_NO_RNG 0x00000121
++
++/* These are new to v2.11 */
++#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
++
++/* These are new to v2.0 */
++#define CKR_BUFFER_TOO_SMALL 0x00000150
++#define CKR_SAVED_STATE_INVALID 0x00000160
++#define CKR_INFORMATION_SENSITIVE 0x00000170
++#define CKR_STATE_UNSAVEABLE 0x00000180
++
++/* These are new to v2.01 */
++#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
++#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
++#define CKR_MUTEX_BAD 0x000001A0
++#define CKR_MUTEX_NOT_LOCKED 0x000001A1
++
++/* The following return values are new for PKCS #11 v2.20 amendment 3 */
++#define CKR_NEW_PIN_MODE 0x000001B0
++#define CKR_NEXT_OTP 0x000001B1
++
++/* This is new to v2.20 */
++#define CKR_FUNCTION_REJECTED 0x00000200
++
++#define CKR_VENDOR_DEFINED 0x80000000
++
++
++/* CK_NOTIFY is an application callback that processes events */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_NOTIFICATION event,
++ CK_VOID_PTR pApplication /* passed to C_OpenSession */
++);
++
++
++/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
++ * version and pointers of appropriate types to all the
++ * Cryptoki functions */
++/* CK_FUNCTION_LIST is new for v2.0 */
++typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
++
++typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
++
++typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
++
++
++/* CK_CREATEMUTEX is an application callback for creating a
++ * mutex object */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
++ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
++);
++
++
++/* CK_DESTROYMUTEX is an application callback for destroying a
++ * mutex object */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_LOCKMUTEX is an application callback for locking a mutex */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_UNLOCKMUTEX is an application callback for unlocking a
++ * mutex */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_C_INITIALIZE_ARGS provides the optional arguments to
++ * C_Initialize */
++typedef struct CK_C_INITIALIZE_ARGS {
++ CK_CREATEMUTEX CreateMutex;
++ CK_DESTROYMUTEX DestroyMutex;
++ CK_LOCKMUTEX LockMutex;
++ CK_UNLOCKMUTEX UnlockMutex;
++ CK_FLAGS flags;
++ CK_VOID_PTR pReserved;
++} CK_C_INITIALIZE_ARGS;
++
++/* flags: bit flags that provide capabilities of the slot
++ * Bit Flag Mask Meaning
++ */
++#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
++#define CKF_OS_LOCKING_OK 0x00000002
++
++typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
++
++
++/* additional flags for parameters to functions */
++
++/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
++#define CKF_DONT_BLOCK 1
++
++/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
++ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
++ * Generation Function (MGF) applied to a message block when
++ * formatting a message block for the PKCS #1 OAEP encryption
++ * scheme. */
++typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
++
++typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
++
++/* The following MGFs are defined */
++/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
++ * are new for v2.20 */
++#define CKG_MGF1_SHA1 0x00000001
++#define CKG_MGF1_SHA256 0x00000002
++#define CKG_MGF1_SHA384 0x00000003
++#define CKG_MGF1_SHA512 0x00000004
++/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
++#define CKG_MGF1_SHA224 0x00000005
++
++/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
++ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
++ * of the encoding parameter when formatting a message block
++ * for the PKCS #1 OAEP encryption scheme. */
++typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
++
++typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
++
++/* The following encoding parameter sources are defined */
++#define CKZ_DATA_SPECIFIED 0x00000001
++
++/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
++ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
++ * CKM_RSA_PKCS_OAEP mechanism. */
++typedef struct CK_RSA_PKCS_OAEP_PARAMS {
++ CK_MECHANISM_TYPE hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
++ CK_VOID_PTR pSourceData;
++ CK_ULONG ulSourceDataLen;
++} CK_RSA_PKCS_OAEP_PARAMS;
++
++typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
++
++/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
++ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
++ * CKM_RSA_PKCS_PSS mechanism(s). */
++typedef struct CK_RSA_PKCS_PSS_PARAMS {
++ CK_MECHANISM_TYPE hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ CK_ULONG sLen;
++} CK_RSA_PKCS_PSS_PARAMS;
++
++typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
++
++/* CK_EC_KDF_TYPE is new for v2.11. */
++typedef CK_ULONG CK_EC_KDF_TYPE;
++
++/* The following EC Key Derivation Functions are defined */
++#define CKD_NULL 0x00000001
++#define CKD_SHA1_KDF 0x00000002
++
++/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
++ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
++ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
++ * where each party contributes one key pair.
++ */
++typedef struct CK_ECDH1_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_ECDH1_DERIVE_PARAMS;
++
++typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
++
++
++/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
++ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
++ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
++typedef struct CK_ECDH2_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++} CK_ECDH2_DERIVE_PARAMS;
++
++typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
++
++typedef struct CK_ECMQV_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++ CK_OBJECT_HANDLE publicKey;
++} CK_ECMQV_DERIVE_PARAMS;
++
++typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
++
++/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
++ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
++typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
++typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
++
++/* The following X9.42 DH key derivation functions are defined
++ (besides CKD_NULL already defined : */
++#define CKD_SHA1_KDF_ASN1 0x00000003
++#define CKD_SHA1_KDF_CONCATENATE 0x00000004
++
++/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
++ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
++ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
++ * contributes one key pair */
++typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_X9_42_DH1_DERIVE_PARAMS;
++
++typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
++
++/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
++ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
++ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
++ * mechanisms, where each party contributes two key pairs */
++typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++} CK_X9_42_DH2_DERIVE_PARAMS;
++
++typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
++
++typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++ CK_OBJECT_HANDLE publicKey;
++} CK_X9_42_MQV_DERIVE_PARAMS;
++
++typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
++
++/* CK_KEA_DERIVE_PARAMS provides the parameters to the
++ * CKM_KEA_DERIVE mechanism */
++/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
++typedef struct CK_KEA_DERIVE_PARAMS {
++ CK_BBOOL isSender;
++ CK_ULONG ulRandomLen;
++ CK_BYTE_PTR pRandomA;
++ CK_BYTE_PTR pRandomB;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_KEA_DERIVE_PARAMS;
++
++typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
++
++
++/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
++ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
++ * holds the effective keysize */
++typedef CK_ULONG CK_RC2_PARAMS;
++
++typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
++
++
++/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
++ * mechanism */
++typedef struct CK_RC2_CBC_PARAMS {
++ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
++
++ CK_BYTE iv[8]; /* IV for CBC mode */
++} CK_RC2_CBC_PARAMS;
++
++typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
++
++
++/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
++ * CKM_RC2_MAC_GENERAL mechanism */
++/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef struct CK_RC2_MAC_GENERAL_PARAMS {
++ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
++ CK_ULONG ulMacLength; /* Length of MAC in bytes */
++} CK_RC2_MAC_GENERAL_PARAMS;
++
++typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
++ CK_RC2_MAC_GENERAL_PARAMS_PTR;
++
++
++/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
++ * CKM_RC5_MAC mechanisms */
++/* CK_RC5_PARAMS is new for v2.0 */
++typedef struct CK_RC5_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++} CK_RC5_PARAMS;
++
++typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
++
++
++/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
++ * mechanism */
++/* CK_RC5_CBC_PARAMS is new for v2.0 */
++typedef struct CK_RC5_CBC_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++ CK_BYTE_PTR pIv; /* pointer to IV */
++ CK_ULONG ulIvLen; /* length of IV in bytes */
++} CK_RC5_CBC_PARAMS;
++
++typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
++
++
++/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
++ * CKM_RC5_MAC_GENERAL mechanism */
++/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef struct CK_RC5_MAC_GENERAL_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++ CK_ULONG ulMacLength; /* Length of MAC in bytes */
++} CK_RC5_MAC_GENERAL_PARAMS;
++
++typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
++ CK_RC5_MAC_GENERAL_PARAMS_PTR;
++
++
++/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
++ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
++ * the MAC */
++/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
++
++typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
++
++/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
++typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[8];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
++ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
++/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
++typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
++ CK_ULONG ulPasswordLen;
++ CK_BYTE_PTR pPassword;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPAndGLen;
++ CK_ULONG ulQLen;
++ CK_ULONG ulRandomLen;
++ CK_BYTE_PTR pRandomA;
++ CK_BYTE_PTR pPrimeP;
++ CK_BYTE_PTR pBaseG;
++ CK_BYTE_PTR pSubprimeQ;
++} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
++
++typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
++ CK_SKIPJACK_PRIVATE_WRAP_PTR;
++
++
++/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
++ * CKM_SKIPJACK_RELAYX mechanism */
++/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
++typedef struct CK_SKIPJACK_RELAYX_PARAMS {
++ CK_ULONG ulOldWrappedXLen;
++ CK_BYTE_PTR pOldWrappedX;
++ CK_ULONG ulOldPasswordLen;
++ CK_BYTE_PTR pOldPassword;
++ CK_ULONG ulOldPublicDataLen;
++ CK_BYTE_PTR pOldPublicData;
++ CK_ULONG ulOldRandomLen;
++ CK_BYTE_PTR pOldRandomA;
++ CK_ULONG ulNewPasswordLen;
++ CK_BYTE_PTR pNewPassword;
++ CK_ULONG ulNewPublicDataLen;
++ CK_BYTE_PTR pNewPublicData;
++ CK_ULONG ulNewRandomLen;
++ CK_BYTE_PTR pNewRandomA;
++} CK_SKIPJACK_RELAYX_PARAMS;
++
++typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
++ CK_SKIPJACK_RELAYX_PARAMS_PTR;
++
++
++typedef struct CK_PBE_PARAMS {
++ CK_BYTE_PTR pInitVector;
++ CK_UTF8CHAR_PTR pPassword;
++ CK_ULONG ulPasswordLen;
++ CK_BYTE_PTR pSalt;
++ CK_ULONG ulSaltLen;
++ CK_ULONG ulIteration;
++} CK_PBE_PARAMS;
++
++typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
++
++
++/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
++ * CKM_KEY_WRAP_SET_OAEP mechanism */
++/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
++typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
++ CK_BYTE bBC; /* block contents byte */
++ CK_BYTE_PTR pX; /* extra data */
++ CK_ULONG ulXLen; /* length of extra data in bytes */
++} CK_KEY_WRAP_SET_OAEP_PARAMS;
++
++typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
++ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
++
++
++typedef struct CK_SSL3_RANDOM_DATA {
++ CK_BYTE_PTR pClientRandom;
++ CK_ULONG ulClientRandomLen;
++ CK_BYTE_PTR pServerRandom;
++ CK_ULONG ulServerRandomLen;
++} CK_SSL3_RANDOM_DATA;
++
++
++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
++ CK_SSL3_RANDOM_DATA RandomInfo;
++ CK_VERSION_PTR pVersion;
++} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
++
++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
++ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
++
++
++typedef struct CK_SSL3_KEY_MAT_OUT {
++ CK_OBJECT_HANDLE hClientMacSecret;
++ CK_OBJECT_HANDLE hServerMacSecret;
++ CK_OBJECT_HANDLE hClientKey;
++ CK_OBJECT_HANDLE hServerKey;
++ CK_BYTE_PTR pIVClient;
++ CK_BYTE_PTR pIVServer;
++} CK_SSL3_KEY_MAT_OUT;
++
++typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
++
++
++typedef struct CK_SSL3_KEY_MAT_PARAMS {
++ CK_ULONG ulMacSizeInBits;
++ CK_ULONG ulKeySizeInBits;
++ CK_ULONG ulIVSizeInBits;
++ CK_BBOOL bIsExport;
++ CK_SSL3_RANDOM_DATA RandomInfo;
++ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
++} CK_SSL3_KEY_MAT_PARAMS;
++
++typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
++
++/* CK_TLS_PRF_PARAMS is new for version 2.20 */
++typedef struct CK_TLS_PRF_PARAMS {
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++ CK_BYTE_PTR pLabel;
++ CK_ULONG ulLabelLen;
++ CK_BYTE_PTR pOutput;
++ CK_ULONG_PTR pulOutputLen;
++} CK_TLS_PRF_PARAMS;
++
++typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
++
++/* WTLS is new for version 2.20 */
++typedef struct CK_WTLS_RANDOM_DATA {
++ CK_BYTE_PTR pClientRandom;
++ CK_ULONG ulClientRandomLen;
++ CK_BYTE_PTR pServerRandom;
++ CK_ULONG ulServerRandomLen;
++} CK_WTLS_RANDOM_DATA;
++
++typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
++
++typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_WTLS_RANDOM_DATA RandomInfo;
++ CK_BYTE_PTR pVersion;
++} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
++
++typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
++ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
++
++typedef struct CK_WTLS_PRF_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++ CK_BYTE_PTR pLabel;
++ CK_ULONG ulLabelLen;
++ CK_BYTE_PTR pOutput;
++ CK_ULONG_PTR pulOutputLen;
++} CK_WTLS_PRF_PARAMS;
++
++typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
++
++typedef struct CK_WTLS_KEY_MAT_OUT {
++ CK_OBJECT_HANDLE hMacSecret;
++ CK_OBJECT_HANDLE hKey;
++ CK_BYTE_PTR pIV;
++} CK_WTLS_KEY_MAT_OUT;
++
++typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
++
++typedef struct CK_WTLS_KEY_MAT_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_ULONG ulMacSizeInBits;
++ CK_ULONG ulKeySizeInBits;
++ CK_ULONG ulIVSizeInBits;
++ CK_ULONG ulSequenceNumber;
++ CK_BBOOL bIsExport;
++ CK_WTLS_RANDOM_DATA RandomInfo;
++ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
++} CK_WTLS_KEY_MAT_PARAMS;
++
++typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
++
++/* CMS is new for version 2.20 */
++typedef struct CK_CMS_SIG_PARAMS {
++ CK_OBJECT_HANDLE certificateHandle;
++ CK_MECHANISM_PTR pSigningMechanism;
++ CK_MECHANISM_PTR pDigestMechanism;
++ CK_UTF8CHAR_PTR pContentType;
++ CK_BYTE_PTR pRequestedAttributes;
++ CK_ULONG ulRequestedAttributesLen;
++ CK_BYTE_PTR pRequiredAttributes;
++ CK_ULONG ulRequiredAttributesLen;
++} CK_CMS_SIG_PARAMS;
++
++typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
++
++typedef struct CK_KEY_DERIVATION_STRING_DATA {
++ CK_BYTE_PTR pData;
++ CK_ULONG ulLen;
++} CK_KEY_DERIVATION_STRING_DATA;
++
++typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
++ CK_KEY_DERIVATION_STRING_DATA_PTR;
++
++
++/* The CK_EXTRACT_PARAMS is used for the
++ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
++ * of the base key should be used as the first bit of the
++ * derived key */
++/* CK_EXTRACT_PARAMS is new for v2.0 */
++typedef CK_ULONG CK_EXTRACT_PARAMS;
++
++typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
++
++/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
++ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
++ * indicate the Pseudo-Random Function (PRF) used to generate
++ * key bits using PKCS #5 PBKDF2. */
++typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
++
++typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
++
++/* The following PRFs are defined in PKCS #5 v2.0. */
++#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
++
++
++/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
++ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
++ * source of the salt value when deriving a key using PKCS #5
++ * PBKDF2. */
++typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
++
++typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
++
++/* The following salt value sources are defined in PKCS #5 v2.0. */
++#define CKZ_SALT_SPECIFIED 0x00000001
++
++/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
++ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
++ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
++typedef struct CK_PKCS5_PBKD2_PARAMS {
++ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
++ CK_VOID_PTR pSaltSourceData;
++ CK_ULONG ulSaltSourceDataLen;
++ CK_ULONG iterations;
++ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
++ CK_VOID_PTR pPrfData;
++ CK_ULONG ulPrfDataLen;
++ CK_UTF8CHAR_PTR pPassword;
++ CK_ULONG_PTR ulPasswordLen;
++} CK_PKCS5_PBKD2_PARAMS;
++
++typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
++
++/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
++
++typedef CK_ULONG CK_OTP_PARAM_TYPE;
++typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
++
++typedef struct CK_OTP_PARAM {
++ CK_OTP_PARAM_TYPE type;
++ CK_VOID_PTR pValue;
++ CK_ULONG ulValueLen;
++} CK_OTP_PARAM;
++
++typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
++
++typedef struct CK_OTP_PARAMS {
++ CK_OTP_PARAM_PTR pParams;
++ CK_ULONG ulCount;
++} CK_OTP_PARAMS;
++
++typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
++
++typedef struct CK_OTP_SIGNATURE_INFO {
++ CK_OTP_PARAM_PTR pParams;
++ CK_ULONG ulCount;
++} CK_OTP_SIGNATURE_INFO;
++
++typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
++#define CK_OTP_VALUE 0
++#define CK_OTP_PIN 1
++#define CK_OTP_CHALLENGE 2
++#define CK_OTP_TIME 3
++#define CK_OTP_COUNTER 4
++#define CK_OTP_FLAGS 5
++#define CK_OTP_OUTPUT_LENGTH 6
++#define CK_OTP_OUTPUT_FORMAT 7
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
++#define CKF_NEXT_OTP 0x00000001
++#define CKF_EXCLUDE_TIME 0x00000002
++#define CKF_EXCLUDE_COUNTER 0x00000004
++#define CKF_EXCLUDE_CHALLENGE 0x00000008
++#define CKF_EXCLUDE_PIN 0x00000010
++#define CKF_USER_FRIENDLY_OTP 0x00000020
++
++/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
++typedef struct CK_KIP_PARAMS {
++ CK_MECHANISM_PTR pMechanism;
++ CK_OBJECT_HANDLE hKey;
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++} CK_KIP_PARAMS;
++
++typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
++
++/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_AES_CTR_PARAMS {
++ CK_ULONG ulCounterBits;
++ CK_BYTE cb[16];
++} CK_AES_CTR_PARAMS;
++
++typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
++
++/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_CAMELLIA_CTR_PARAMS {
++ CK_ULONG ulCounterBits;
++ CK_BYTE cb[16];
++} CK_CAMELLIA_CTR_PARAMS;
++
++typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
++
++/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++#endif
+Index: openssl/util/libeay.num
+diff -u openssl/util/libeay.num:1.8.2.1.6.1.4.1 openssl/util/libeay.num:1.9.2.2
+--- openssl/util/libeay.num:1.8.2.1.6.1.4.1 Thu Jul 3 12:17:29 2014
++++ openssl/util/libeay.num Thu Jul 3 12:35:43 2014
+@@ -4196,3 +4196,5 @@
+ OPENSSL_strncasecmp 4566 EXIST::FUNCTION:
+ OPENSSL_gmtime 4567 EXIST::FUNCTION:
+ OPENSSL_gmtime_adj 4568 EXIST::FUNCTION:
++ENGINE_load_pk11ca 4569 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
++ENGINE_load_pk11so 4569 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
+Index: openssl/util/mk1mf.pl
+diff -u openssl/util/mk1mf.pl:1.9.2.1 openssl/util/mk1mf.pl:1.9
+--- openssl/util/mk1mf.pl:1.9.2.1 Sun Jan 15 16:09:52 2012
++++ openssl/util/mk1mf.pl Mon Jun 13 17:13:56 2011
+@@ -109,6 +109,8 @@
+ no-ecdh - No ECDH
+ no-engine - No engine
+ no-hw - No hw
++ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
++ no-hw-pkcs11so - No hw PKCS#11 SO flavor
+ nasm - Use NASM for x86 asm
+ nw-nasm - Use NASM x86 asm for NetWare
+ nw-mwasm - Use Metrowerks x86 asm for NetWare
+@@ -270,6 +272,8 @@
+ $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
+ $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
+ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
++$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
++$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
+ $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
+ $cflags.= " -DZLIB" if $zlib_opt;
+ $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+@@ -335,6 +339,9 @@
+ $dir=$val;
+ }
+
++ if ($key eq "PK11_LIB_LOCATION")
++ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
++
+ if ($key eq "KRB5_INCLUDES")
+ { $cflags .= " $val";}
+
+@@ -1067,6 +1074,8 @@
+ "no-gost" => \$no_gost,
+ "no-engine" => \$no_engine,
+ "no-hw" => \$no_hw,
++ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
++ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
+ "just-ssl" =>
+ [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
+ \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
+Index: openssl/util/mkdef.pl
+diff -u openssl/util/mkdef.pl:1.7.2.1 openssl/util/mkdef.pl:1.8
+--- openssl/util/mkdef.pl:1.7.2.1 Sun Jan 15 16:09:52 2012
++++ openssl/util/mkdef.pl Sun Jan 15 16:30:10 2012
+@@ -94,7 +94,7 @@
+ # External "algorithms"
+ "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
+ # Engines
+- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
++ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
+ # RFC3779
+ "RFC3779",
+ # TLS
+@@ -125,6 +125,7 @@
+ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+ my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
++my $no_pkcs11ca; my $no_pkcs11so;
+ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
+ my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+ my $no_jpake; my $no_ssl2;
+@@ -218,6 +219,8 @@
+ elsif (/^no-ssl2$/) { $no_ssl2=1; }
+ elsif (/^no-capieng$/) { $no_capieng=1; }
+ elsif (/^no-jpake$/) { $no_jpake=1; }
++ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
++ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
+ }
+
+
+@@ -1165,6 +1168,8 @@
+ if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+ if ($keyword eq "ENGINE" && $no_engine) { return 0; }
+ if ($keyword eq "HW" && $no_hw) { return 0; }
++ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
++ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
+ if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+ if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
+ if ($keyword eq "GMP" && $no_gmp) { return 0; }
+Index: openssl/util/pl/VC-32.pl
+diff -u openssl/util/pl/VC-32.pl:1.7.2.1 openssl/util/pl/VC-32.pl:1.7
+--- openssl/util/pl/VC-32.pl:1.7.2.1 Sun Jan 15 16:09:52 2012
++++ openssl/util/pl/VC-32.pl Mon Jun 13 17:13:57 2011
+@@ -36,7 +36,7 @@
+ my $f = $shlib?' /MD':' /MT';
+ $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
+ $opt_cflags=$f.' /Ox';
+- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
++ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
+ $lflags="/nologo /subsystem:console /opt:ref";
+
+ *::perlasm_compile_target = sub {
Deleted: vendor/bind/dist/bin/pkcs11/openssl-1.0.1c-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-1.0.1c-patch 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/openssl-1.0.1c-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,15750 +0,0 @@
-Index: openssl/Configure
-diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
---- openssl/Configure:1.9.2.1.2.1.2.1 Tue Jun 19 15:29:45 2012
-+++ openssl/Configure Tue Jun 19 16:17:49 2012
-@@ -10,7 +10,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -23,6 +23,12 @@
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
- #
-+# --pk11-libname PKCS#11 library name.
-+# (No default)
-+#
-+# --pk11-flavor either crypto-accelerator or sign-only
-+# (No default)
-+#
- # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
- # to live in the subdirectory lib/ and the header files in
- # include/. A value is required.
-@@ -350,7 +356,7 @@
- "linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
- ####
- "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -358,7 +364,7 @@
- "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-@@ -655,6 +661,10 @@
- my $idx_arflags = $idx++;
- my $idx_multilib = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+my $pk11_flavor="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -874,6 +884,14 @@
- $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
-+ elsif (/^--pk11-flavor=(.*)$/)
-+ {
-+ $pk11_flavor=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -1041,6 +1059,22 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
-+if (! $pk11_flavor
-+ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
-+ {
-+ print STDERR "You must set --pk11-flavor.\n";
-+ print STDERR "Choices are crypto-accelerator and sign-only.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1118,6 +1152,25 @@
- $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
- }
-
-+if ($pk11_flavor eq "crypto-accelerator")
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
-+ $options .= " no-hw-pkcs11so";
-+ print " no-hw-pkcs11so [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11SO\n";
-+ }
-+else
-+ {
-+ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
-+ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
-+ $options .= " no-hw-pkcs11ca";
-+ print " no-hw-pkcs11ca [pk11-flavor]";
-+ print " OPENSSL_NO_HW_PKCS11CA\n";
-+}
-+
- my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
-
- $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-@@ -1207,6 +1260,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1596,6 +1651,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-Index: openssl/Makefile.org
-diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1 openssl/Makefile.org:1.7
---- openssl/Makefile.org:1.5.2.1.2.1.2.1 Tue Jun 19 15:29:46 2012
-+++ openssl/Makefile.org Tue Jun 19 16:17:49 2012
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
-Index: openssl/README.pkcs11
-diff -u /dev/null openssl/README.pkcs11:1.7
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/README.pkcs11 Mon Jun 13 18:27:17 2011
-@@ -0,0 +1,261 @@
-+ISC modified
-+============
-+
-+The previous key naming scheme was kept for backward compatibility.
-+
-+The PKCS#11 engine exists in two flavors, crypto-accelerator and
-+sign-only. The first one is from the Solaris patch and uses the
-+PKCS#11 device for all crypto operations it supports. The second
-+is a stripped down version which provides only the useful
-+function (i.e., signature with a RSA private key in the device
-+protected key store and key loading).
-+
-+As a hint PKCS#11 boards should use the crypto-accelerator flavor,
-+external PKCS#11 devices the sign-only. SCA 6000 is an example
-+of the first, AEP Keyper of the second.
-+
-+Note it is mandatory to set a pk11-flavor (and only one) in
-+config/Configure.
-+
-+PKCS#11 engine support for OpenSSL 0.9.8l
-+=========================================
-+
-+[Nov 19, 2009]
-+
-+Contents:
-+
-+Overview
-+Revisions of the patch for 0.9.8 branch
-+FAQs
-+Feedback
-+
-+Overview
-+========
-+
-+This patch containing code available in OpenSolaris adds support for PKCS#11
-+engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
-+OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
-+must provide PKCS#11 backend otherwise the patch is useless. You provide the
-+PKCS#11 library name during the build configuration phase, see below.
-+
-+Patch can be applied like this:
-+
-+ # NOTE: use gtar if on Solaris
-+ tar xfzv openssl-0.9.8l.tar.gz
-+ # now download the patch to the current directory
-+ # ...
-+ cd openssl-0.9.8l
-+ # NOTE: must use gpatch if on Solaris (is part of the system)
-+ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
-+
-+It is designed to support pure acceleration for RSA, DSA, DH and all the
-+symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
-+except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
-+
-+According to the PKCS#11 providers installed on your machine, it can support
-+following mechanisms:
-+
-+ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
-+ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
-+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
-+ SHA256, SHA384, SHA512
-+
-+Note that for AES counter mode the application must provide their own EVP
-+functions since OpenSSL doesn't support counter mode through EVP yet. You may
-+see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
-+example of code that uses the PKCS#11 engine and deals with the fork-safety
-+problem (see engine.c and packet.c files if interested).
-+
-+You must provide the location of PKCS#11 library in your system to the
-+configure script. You will be instructed to do that when you try to run the
-+config script:
-+
-+ $ ./config
-+ Operating system: i86pc-whatever-solaris2
-+ Configuring for solaris-x86-cc
-+ You must set --pk11-libname for PKCS#11 library.
-+ See README.pkcs11 for more information.
-+
-+Taking openCryptoki project on Linux AMD64 box as an example, you would run
-+configure script like this:
-+
-+ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
-+
-+To check whether newly built openssl really supports PKCS#11 it's enough to run
-+"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
-+output. If you see no PKCS#11 engine support check that the built openssl binary
-+and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
-+
-+The patch, during various phases of development, was tested on Solaris against
-+PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
-+OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
-+(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
-+information). Some Linux distributions even ship those libraries with the
-+system. The patch should work on any system that is supported by OpenSSL itself
-+and has functional PKCS#11 library.
-+
-+The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
-+copyrighted by RSA Security Inc., see pkcs11.h for more information.
-+
-+Other added/modified code in this patch is copyrighted by Sun Microsystems,
-+Inc. and is released under the OpenSSL license (see LICENSE file for more
-+information).
-+
-+Revisions of the patch for 0.9.8 branch
-+=======================================
-+
-+2009-11-19
-+- adjusted for OpenSSL version 0.9.8l
-+
-+- bugs and RFEs:
-+
-+ 6479874 OpenSSL should support RSA key by reference/hardware keystores
-+ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
-+ 6732677 make check to trigger Solaris specific code automatic in the
-+ PKCS#11 engine
-+
-+2009-03-11
-+- adjusted for OpenSSL version 0.9.8j
-+
-+- README.pkcs11 moved out of the patch, and is shipped together with it in a
-+ tarball instead so that it can be read before the patch is applied.
-+
-+- fixed bugs:
-+
-+ 6804216 pkcs#11 engine should support a key length range for RC4
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-12-02
-+- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
-+
-+ 6723504 more granular locking in PKCS#11 engine
-+ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
-+ 6710420 PKCS#11 engine source should be lint clean
-+ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
-+ it seriously
-+ 6746712 PKCS#11 engine source code should be cstyle clean
-+ 6731380 return codes of several functions are not checked in the PKCS#11
-+ engine code
-+ 6746735 PKCS#11 engine should use extended FILE space API
-+ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
-+ meta slot is disabled
-+
-+2008-08-01
-+- fixed bug
-+
-+ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
-+ and digests
-+
-+- Solaris specific code for slot selection made automatic
-+
-+2008-07-29
-+- update the patch to OpenSSL 0.9.8h version
-+- pkcs11t.h updated to the latest version:
-+
-+ 6545665 make CKM_AES_CTR available to non-kernel users
-+
-+- fixed bugs in the engine code:
-+
-+ 6602801 PK11_SESSION cache has to employ reference counting scheme for
-+ asymmetric key operations
-+ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
-+ atomically
-+ 6607307 pkcs#11 engine can't read RSA private keys
-+ 6652362 pk11_RSA_finish() is cutting corners
-+ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
-+ suboptimal way
-+ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
-+ resilient to destroy failures
-+ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
-+ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
-+ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
-+ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
-+ of big numbers leading to failures
-+ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
-+ -1
-+ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
-+ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
-+ checked
-+ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
-+ structure reuse
-+ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
-+ OPENSSL_NO_{RSA,DSA,DH}
-+ defines but fails miserably
-+ 6709966 make check_new_*() to return values to indicate cache hit/miss
-+ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
-+ generate_params parameter
-+ 6709513 PKCS#11 engine sets IV length even for ECB modes
-+ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
-+ PKCS#11 engine
-+ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
-+
-+- new features and enhancements:
-+
-+ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
-+ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
-+ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
-+ ciphers and digests
-+
-+2007-10-15
-+- update for 0.9.8f version
-+- update for "6607670 teach pkcs#11 engine how to use keys be reference"
-+
-+2007-10-02
-+- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
-+- draft for "6607307 pkcs#11 engine can't read RSA private keys"
-+
-+2007-09-26
-+- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
-+ significant performance drop
-+- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
-+
-+2007-05-25
-+- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
-+
-+2007-05-19
-+- initial patch for 0.9.8e using latest OpenSolaris code
-+
-+FAQs
-+====
-+
-+(1) my build failed on Linux distro with this error:
-+
-+../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
-+hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
-+
-+Answer:
-+
-+ - don't use "no-threads" when configuring
-+ - if you didn't then OpenSSL failed to create a threaded library by
-+ default. You may manually edit Configure and try again. Look for the
-+ architecture that Configure printed, for example:
-+
-+Configured for linux-elf.
-+
-+ - then edit Configure, find string "linux-elf" (inluding the quotes),
-+ and add flags to support threads to the 4th column of the 2nd string.
-+ If you build with GCC then adding "-pthread" should be enough. With
-+ "linux-elf" as an example, you would add " -pthread" right after
-+ "-D_REENTRANT", like this:
-+
-+....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
-+
-+(2) I'm using MinGW/MSYS environment and get undeclared reference error for
-+pthread_atfork() function when trying to build OpenSSL with the patch.
-+
-+Answer:
-+
-+ Sorry, pthread_atfork() is not implemented in the current pthread-win32
-+ (as of Nov 2009). You can not use the patch there.
-+
-+
-+Feedback
-+========
-+
-+Please send feedback to security-discuss at opensolaris.org. The patch was
-+created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
-+
-+Latest version should be always available on http://blogs.sun.com/janp.
-+
-Index: openssl/crypto/opensslconf.h
-diff -u openssl/crypto/opensslconf.h:1.6.2.1.4.1 openssl/crypto/opensslconf.h:1.7
---- openssl/crypto/opensslconf.h:1.6.2.1.4.1 Tue Jun 19 15:29:49 2012
-+++ openssl/crypto/opensslconf.h Tue Jun 19 16:17:51 2012
-@@ -35,6 +35,9 @@
-
- #endif /* OPENSSL_DOING_MAKEDEPEND */
-
-+#ifndef OPENSSL_THREADS
-+# define OPENSSL_THREADS
-+#endif
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
- # define OPENSSL_NO_DYNAMIC_ENGINE
- #endif
-@@ -73,6 +76,8 @@
- # endif
- #endif
-
-+#define OPENSSL_CPUID_OBJ
-+
- /* crypto/opensslconf.h.in */
-
- /* Generate 80386 code? */
-@@ -119,7 +124,7 @@
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
--#undef RC4_CHUNK
-+#define RC4_CHUNK unsigned long
- #endif
- #endif
-
-@@ -127,7 +132,7 @@
- /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
- #ifndef DES_LONG
--#define DES_LONG unsigned long
-+#define DES_LONG unsigned int
- #endif
- #endif
-
-@@ -138,9 +143,9 @@
- /* Should we define BN_DIV2W here? */
-
- /* Only one for the following should be defined */
--#undef SIXTY_FOUR_BIT_LONG
-+#define SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
--#define THIRTY_TWO_BIT
-+#undef THIRTY_TWO_BIT
- #endif
-
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-@@ -152,7 +157,7 @@
-
- #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
- #define CONFIG_HEADER_BF_LOCL_H
--#undef BF_PTR
-+#define BF_PTR2
- #endif /* HEADER_BF_LOCL_H */
-
- #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-@@ -182,7 +187,7 @@
- /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
- #ifndef DES_UNROLL
--#undef DES_UNROLL
-+#define DES_UNROLL
- #endif
-
- /* These default values were supplied by
-Index: openssl/crypto/bio/bss_file.c
-diff -u openssl/crypto/bio/bss_file.c:1.6.2.1 openssl/crypto/bio/bss_file.c:1.6
---- openssl/crypto/bio/bss_file.c:1.6.2.1 Sun Jan 15 16:09:44 2012
-+++ openssl/crypto/bio/bss_file.c Mon Jun 13 17:13:31 2011
-@@ -168,7 +168,7 @@
- {
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-- if (errno == ENOENT)
-+ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
- else
- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-Index: openssl/crypto/engine/Makefile
-diff -u openssl/crypto/engine/Makefile:1.8.2.1.4.1 openssl/crypto/engine/Makefile:1.9
---- openssl/crypto/engine/Makefile:1.8.2.1.4.1 Tue Jun 19 15:30:00 2012
-+++ openssl/crypto/engine/Makefile Tue Jun 19 16:18:00 2012
-@@ -22,13 +22,15 @@
- tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
-- eng_rsax.c eng_rdrand.c
-+ eng_rsax.c eng_rdrand.c \
-+ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
- LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
- eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
-- eng_rsax.o eng_rdrand.o
-+ eng_rsax.o eng_rdrand.o \
-+ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
-
- SRC= $(LIBSRC)
-
-@@ -294,6 +296,83 @@
- eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
- eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
- eng_table.o: eng_table.c
-+hw_pk11.o: ../../e_os.h ../../include/openssl/aes.h
-+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-+hw_pk11.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
-+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-+hw_pk11.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-+hw_pk11.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
-+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-+hw_pk11.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-+hw_pk11.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-+hw_pk11.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-+hw_pk11.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-+hw_pk11.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h hw_pk11.c
-+hw_pk11.o: hw_pk11_err.c hw_pk11_err.h hw_pk11ca.h pkcs11.h pkcs11f.h pkcs11t.h
-+hw_pk11_pub.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-+hw_pk11_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+hw_pk11_pub.o: ../../include/openssl/objects.h
-+hw_pk11_pub.o: ../../include/openssl/opensslconf.h
-+hw_pk11_pub.o: ../../include/openssl/opensslv.h
-+hw_pk11_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-+hw_pk11_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-+hw_pk11_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-+hw_pk11_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-+hw_pk11_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11_pub.c hw_pk11ca.h
-+hw_pk11_pub.o: pkcs11.h pkcs11f.h pkcs11t.h
-+hw_pk11so.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11so.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11so.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11so.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11so.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11so.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11so.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-+hw_pk11so.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-+hw_pk11so.o: ../../include/openssl/opensslconf.h
-+hw_pk11so.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-+hw_pk11so.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-+hw_pk11so.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-+hw_pk11so.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-+hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-+hw_pk11so.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h
-+hw_pk11so.o: hw_pk11_err.c hw_pk11_err.h hw_pk11so.c hw_pk11so.h pkcs11.h
-+hw_pk11so.o: pkcs11f.h pkcs11t.h
-+hw_pk11so_pub.o: ../../e_os.h ../../include/openssl/asn1.h
-+hw_pk11so_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-+hw_pk11so_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-+hw_pk11so_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-+hw_pk11so_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-+hw_pk11so_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-+hw_pk11so_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+hw_pk11so_pub.o: ../../include/openssl/objects.h
-+hw_pk11so_pub.o: ../../include/openssl/opensslconf.h
-+hw_pk11so_pub.o: ../../include/openssl/opensslv.h
-+hw_pk11so_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-+hw_pk11so_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-+hw_pk11so_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-+hw_pk11so_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-+hw_pk11so_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11so.h
-+hw_pk11so_pub.o: hw_pk11so_pub.c pkcs11.h pkcs11f.h pkcs11t.h
- tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
- tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
- tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-Index: openssl/crypto/engine/cryptoki.h
-diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
-@@ -0,0 +1,103 @@
-+/*
-+ * CDDL HEADER START
-+ *
-+ * The contents of this file are subject to the terms of the
-+ * Common Development and Distribution License, Version 1.0 only
-+ * (the "License"). You may not use this file except in compliance
-+ * with the License.
-+ *
-+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-+ * or http://www.opensolaris.org/os/licensing.
-+ * See the License for the specific language governing permissions
-+ * and limitations under the License.
-+ *
-+ * When distributing Covered Code, include this CDDL HEADER in each
-+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-+ * If applicable, add the following below this CDDL HEADER, with the
-+ * fields enclosed by brackets "[]" replaced with your own identifying
-+ * information: Portions Copyright [yyyy] [name of copyright owner]
-+ *
-+ * CDDL HEADER END
-+ */
-+/*
-+ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+#ifndef _CRYPTOKI_H
-+#define _CRYPTOKI_H
-+
-+/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef CK_PTR
-+#define CK_PTR *
-+#endif
-+
-+#ifndef CK_DEFINE_FUNCTION
-+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION
-+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION_POINTER
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef CK_CALLBACK_FUNCTION
-+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef NULL_PTR
-+#include <unistd.h> /* For NULL */
-+#define NULL_PTR NULL
-+#endif
-+
-+/*
-+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
-+ */
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#define CK_DISABLE_TRUE_FALSE
-+#ifndef TRUE
-+#define TRUE 1
-+#endif /* TRUE */
-+#ifndef FALSE
-+#define FALSE 0
-+#endif /* FALSE */
-+#endif /* CK_DISABLE_TRUE_FALSE */
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+#include "pkcs11.h"
-+
-+/* Solaris specific functions */
-+
-+#include <stdlib.h>
-+
-+/*
-+ * SUNW_C_GetMechSession will initialize the framework and do all
-+ * the necessary PKCS#11 calls to create a session capable of
-+ * providing operations on the requested mechanism
-+ */
-+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
-+ CK_SESSION_HANDLE_PTR hSession);
-+
-+/*
-+ * SUNW_C_KeyToObject will create a secret key object for the given
-+ * mechanism from the rawkey data.
-+ */
-+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
-+ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
-+ CK_OBJECT_HANDLE_PTR obj);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* _CRYPTOKI_H */
-Index: openssl/crypto/engine/eng_all.c
-diff -u openssl/crypto/engine/eng_all.c:1.5.2.1.4.1 openssl/crypto/engine/eng_all.c:1.6
---- openssl/crypto/engine/eng_all.c:1.5.2.1.4.1 Tue Jun 19 15:30:00 2012
-+++ openssl/crypto/engine/eng_all.c Tue Jun 19 16:18:00 2012
-@@ -119,6 +119,14 @@
- #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
- #endif
-+#ifndef OPENSSL_NO_HW_PKCS11
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+ ENGINE_load_pk11ca();
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+ ENGINE_load_pk11so();
-+#endif
-+#endif
- #endif
- ENGINE_register_all_complete();
- }
-Index: openssl/crypto/engine/engine.h
-diff -u openssl/crypto/engine/engine.h:1.5.2.1.4.1 openssl/crypto/engine/engine.h:1.6
---- openssl/crypto/engine/engine.h:1.5.2.1.4.1 Tue Jun 19 15:30:00 2012
-+++ openssl/crypto/engine/engine.h Tue Jun 19 16:18:00 2012
-@@ -343,6 +343,12 @@
- void ENGINE_load_ubsec(void);
- void ENGINE_load_padlock(void);
- void ENGINE_load_capi(void);
-+#ifndef OPENSSL_NO_HW_PKCS11CA
-+void ENGINE_load_pk11ca(void);
-+#endif
-+#ifndef OPENSSL_NO_HW_PKCS11SO
-+void ENGINE_load_pk11so(void);
-+#endif
- #ifndef OPENSSL_NO_GMP
- void ENGINE_load_gmp(void);
- #endif
-Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:53 2011
-@@ -0,0 +1,4057 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+#include <openssl/aes.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/* #undef DEBUG_SLOT_SELECTION */
-+/*
-+ * Solaris specific code. See comment at check_hw_mechanisms() for more
-+ * information.
-+ */
-+#if defined(__SVR4) && defined(__sun)
-+#undef SOLARIS_HW_SLOT_SELECTION
-+#endif
-+
-+/*
-+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
-+ * there are official OIDs for mechanisms based on this mode. With our changes,
-+ * an application can define its own EVP calls for AES counter mode and then
-+ * it can make use of hardware acceleration through this engine. However, it's
-+ * better if we keep AES CTR support code under ifdef's.
-+ */
-+#define SOLARIS_AES_CTR
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.c"
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NIDs for AES counter mode that will be defined during the engine
-+ * initialization.
-+ */
-+static int NID_aes_128_ctr = NID_undef;
-+static int NID_aes_192_ctr = NID_undef;
-+static int NID_aes_256_ctr = NID_undef;
-+#endif /* SOLARIS_AES_CTR */
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
-+ * library. See comment at check_hw_mechanisms() for more information.
-+ */
-+static int *hw_cnids;
-+static int *hw_dnids;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+#ifndef OPENSSL_NO_RSA
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+#endif
-+#ifndef OPENSSL_NO_DH
-+int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
-+#endif
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+/* Symmetric cipher and digest support functions */
-+static int cipher_nid_to_pk11(int nid);
-+#ifdef SOLARIS_AES_CTR
-+static int pk11_add_NID(char *sn, char *ln);
-+static int pk11_add_aes_ctr_NIDs(void);
-+#endif /* SOLARIS_AES_CTR */
-+static int pk11_usable_ciphers(const int **nids);
-+static int pk11_usable_digests(const int **nids);
-+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc);
-+static int pk11_cipher_final(PK11_SESSION *sp);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl);
-+#else
-+static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl);
-+#endif
-+static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
-+static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid);
-+static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid);
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len);
-+static int md_nid_to_pk11(int nid);
-+static int pk11_digest_init(EVP_MD_CTX *ctx);
-+static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
-+ size_t count);
-+static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
-+static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-+static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
-+ int *local_cipher_nids);
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest,
-+ int *local_digest_nids);
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
-+ int id);
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+static int check_hw_mechanisms(void);
-+static int nid_in_table(int nid, int *nid_table);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+/* Index for the supported ciphers */
-+enum pk11_cipher_id {
-+ PK11_DES_CBC,
-+ PK11_DES3_CBC,
-+ PK11_DES_ECB,
-+ PK11_DES3_ECB,
-+ PK11_RC4,
-+ PK11_AES_128_CBC,
-+ PK11_AES_192_CBC,
-+ PK11_AES_256_CBC,
-+ PK11_AES_128_ECB,
-+ PK11_AES_192_ECB,
-+ PK11_AES_256_ECB,
-+ PK11_BLOWFISH_CBC,
-+#ifdef SOLARIS_AES_CTR
-+ PK11_AES_128_CTR,
-+ PK11_AES_192_CTR,
-+ PK11_AES_256_CTR,
-+#endif /* SOLARIS_AES_CTR */
-+ PK11_CIPHER_MAX
-+};
-+
-+/* Index for the supported digests */
-+enum pk11_digest_id {
-+ PK11_MD5,
-+ PK11_SHA1,
-+ PK11_SHA224,
-+ PK11_SHA256,
-+ PK11_SHA384,
-+ PK11_SHA512,
-+ PK11_DIGEST_MAX
-+};
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static int cipher_nids[PK11_CIPHER_MAX];
-+static int digest_nids[PK11_DIGEST_MAX];
-+static int cipher_count = 0;
-+static int digest_count = 0;
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_recover = CK_FALSE;
-+static CK_BBOOL pk11_have_dsa = CK_FALSE;
-+static CK_BBOOL pk11_have_dh = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+typedef struct PK11_CIPHER_st
-+ {
-+ enum pk11_cipher_id id;
-+ int nid;
-+ int iv_len;
-+ int min_key_len;
-+ int max_key_len;
-+ CK_KEY_TYPE key_type;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_CIPHER;
-+
-+static PK11_CIPHER ciphers[] =
-+ {
-+ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
-+ CKK_DES, CKM_DES_CBC, },
-+ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
-+ CKK_DES3, CKM_DES3_CBC, },
-+ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
-+ CKK_DES, CKM_DES_ECB, },
-+ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
-+ CKK_DES3, CKM_DES3_ECB, },
-+ { PK11_RC4, NID_rc4, 0, 16, 256,
-+ CKK_RC4, CKM_RC4, },
-+ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
-+ CKK_AES, CKM_AES_CBC, },
-+ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
-+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
-+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
-+#ifdef SOLARIS_AES_CTR
-+ /* we don't know the correct NIDs until the engine is initialized */
-+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
-+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
-+ CKK_AES, CKM_AES_CTR, },
-+#endif /* SOLARIS_AES_CTR */
-+ };
-+
-+typedef struct PK11_DIGEST_st
-+ {
-+ enum pk11_digest_id id;
-+ int nid;
-+ CK_MECHANISM_TYPE mech_type;
-+ } PK11_DIGEST;
-+
-+static PK11_DIGEST digests[] =
-+ {
-+ {PK11_MD5, NID_md5, CKM_MD5, },
-+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
-+ {PK11_SHA224, NID_sha224, CKM_SHA224, },
-+ {PK11_SHA256, NID_sha256, CKM_SHA256, },
-+ {PK11_SHA384, NID_sha384, CKM_SHA384, },
-+ {PK11_SHA512, NID_sha512, CKM_SHA512, },
-+ {0, NID_undef, 0xFFFF, },
-+ };
-+
-+/*
-+ * Structure to be used for the cipher_data/md_data in
-+ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
-+ * session in multiple cipher_update calls
-+ */
-+typedef struct PK11_CIPHER_STATE_st
-+ {
-+ PK11_SESSION *sp;
-+ } PK11_CIPHER_STATE;
-+
-+
-+/*
-+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
-+ * called when libcrypto requests a cipher NID.
-+ *
-+ * Note how the PK11_CIPHER_STATE is used here.
-+ */
-+
-+/* DES CBC EVP */
-+static const EVP_CIPHER pk11_des_cbc =
-+ {
-+ NID_des_cbc,
-+ 8, 8, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/* 3DES CBC EVP */
-+static const EVP_CIPHER pk11_3des_cbc =
-+ {
-+ NID_des_ede3_cbc,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
-+ * get_asn1_parameters fields are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_des_ecb =
-+ {
-+ NID_des_ecb,
-+ 8, 8, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_3des_ecb =
-+ {
-+ NID_des_ede3_ecb,
-+ 8, 24, 8,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+
-+static const EVP_CIPHER pk11_aes_128_cbc =
-+ {
-+ NID_aes_128_cbc,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_cbc =
-+ {
-+ NID_aes_192_cbc,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_cbc =
-+ {
-+ NID_aes_256_cbc,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+/*
-+ * ECB modes don't use IV so that's why set_asn1_parameters and
-+ * get_asn1_parameters are set to NULL.
-+ */
-+static const EVP_CIPHER pk11_aes_128_ecb =
-+ {
-+ NID_aes_128_ecb,
-+ 16, 16, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_192_ecb =
-+ {
-+ NID_aes_192_ecb,
-+ 16, 24, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_aes_256_ecb =
-+ {
-+ NID_aes_256_ecb,
-+ 16, 32, 0,
-+ EVP_CIPH_ECB_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
-+ * created in pk11_library_init(). Note that the need to change these structures
-+ * is the reason why we don't define them with the const keyword.
-+ */
-+static EVP_CIPHER pk11_aes_128_ctr =
-+ {
-+ NID_undef,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_192_ctr =
-+ {
-+ NID_undef,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static EVP_CIPHER pk11_aes_256_ctr =
-+ {
-+ NID_undef,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+#endif /* SOLARIS_AES_CTR */
-+
-+static const EVP_CIPHER pk11_bf_cbc =
-+ {
-+ NID_bf_cbc,
-+ 8, 16, 8,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+ };
-+
-+static const EVP_CIPHER pk11_rc4 =
-+ {
-+ NID_rc4,
-+ 1, 16, 0,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ pk11_cipher_init,
-+ pk11_cipher_do_cipher,
-+ pk11_cipher_cleanup,
-+ sizeof (PK11_CIPHER_STATE),
-+ NULL,
-+ NULL,
-+ NULL
-+ };
-+
-+static const EVP_MD pk11_md5 =
-+ {
-+ NID_md5,
-+ NID_md5WithRSAEncryption,
-+ MD5_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ MD5_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha1 =
-+ {
-+ NID_sha1,
-+ NID_sha1WithRSAEncryption,
-+ SHA_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha224 =
-+ {
-+ NID_sha224,
-+ NID_sha224WithRSAEncryption,
-+ SHA224_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-224 uses the same cblock size as SHA-256 */
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha256 =
-+ {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha384 =
-+ {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ /* SHA-384 uses the same cblock size as SHA-512 */
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+static const EVP_MD pk11_sha512 =
-+ {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+ 0,
-+ pk11_digest_init,
-+ pk11_digest_update,
-+ pk11_digest_final,
-+ pk11_digest_copy,
-+ pk11_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof (PK11_CIPHER_STATE),
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11SO
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name =
-+ "PKCS #11 engine support (crypto accelerator)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+#ifndef OPENSSL_NO_RSA
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DSA], NULL);
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_DH] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_DH], NULL);
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (find_lock[OP_DSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
-+ OPENSSL_free(find_lock[OP_DSA]);
-+ find_lock[OP_DSA] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (find_lock[OP_DH] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_DH]);
-+ OPENSSL_free(find_lock[OP_DH]);
-+ find_lock[OP_DH] = NULL;
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ const RSA_METHOD *rsa = NULL;
-+ RSA_METHOD *pk11_rsa = PK11_RSA();
-+#endif /* OPENSSL_NO_RSA */
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name) ||
-+ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
-+ !ENGINE_set_digests(e, pk11_engine_digests))
-+ return (0);
-+#ifndef OPENSSL_NO_RSA
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ if (pk11_have_dsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DSA(e, PK11_DSA()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ if (pk11_have_dh == CK_TRUE)
-+ {
-+ if (!ENGINE_set_DH(e, PK11_DH()))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+#endif /* OPENSSL_NO_DH */
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+/*
-+ * Apache calls OpenSSL function RSA_blinding_on() once during startup
-+ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
-+ * here, we wire it back to the OpenSSL software implementation.
-+ * Since it is used only once, performance is not a concern.
-+ */
-+#ifndef OPENSSL_NO_RSA
-+ rsa = RSA_PKCS1_SSLeay();
-+ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
-+ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
-+ if (pk11_have_recover != CK_TRUE)
-+ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
-+#endif /* OPENSSL_NO_RSA */
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ LOCK_OBJSTORE(OP_DSA);
-+ LOCK_OBJSTORE(OP_DH);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_DH);
-+ UNLOCK_OBJSTORE(OP_DSA);
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ CK_ULONG ul_state_len;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * We must do this before we start working with slots since we need all
-+ * NIDs there.
-+ */
-+ if (pk11_add_aes_ctr_NIDs() == 0)
-+ goto err;
-+#endif /* SOLARIS_AES_CTR */
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Disable digest if C_GetOperationState is not supported since
-+ * this function is required by OpenSSL digest copy function
-+ */
-+ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
-+ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
-+ != CKR_OK) {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: C_GetOperationState() not supported, "
-+ "setting digest_count to 0\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ digest_count = 0;
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ break;
-+#endif
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (check_hw_mechanisms() == 0)
-+ goto err;
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+#ifndef OPENSSL_NO_RSA
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ (void) pk11_destroy_dsa_key_objects(NULL);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ (void) pk11_destroy_dh_key_objects(NULL);
-+#endif /* OPENSSL_NO_DH */
-+ (void) pk11_destroy_cipher_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+ myslot = SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ switch (optype)
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ case OP_RSA:
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ case OP_DSA:
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ sp->opdata_dsa_pub_num = NULL;
-+ sp->opdata_dsa_priv = NULL;
-+ sp->opdata_dsa_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ case OP_DH:
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ sp->opdata_dh_priv_num = NULL;
-+ break;
-+#endif /* OPENSSL_NO_DH */
-+ case OP_CIPHER:
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ sp->opdata_encrypt = -1;
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Destroy DSA public key from single session. */
-+int
-+pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
-+ ret, uselock, OP_DSA, CK_FALSE);
-+ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_pub = NULL;
-+ if (sp->opdata_dsa_pub_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_pub_num);
-+ sp->opdata_dsa_pub_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy DSA private key from single session. */
-+int
-+pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
-+ ret, uselock, OP_DSA, CK_TRUE);
-+ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_dsa_priv = NULL;
-+ if (sp->opdata_dsa_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dsa_priv_num);
-+ sp->opdata_dsa_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_dsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+/* Destroy DH key from single session. */
-+int
-+pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
-+ ret, uselock, OP_DH, CK_TRUE);
-+ sp->opdata_dh_key = CK_INVALID_HANDLE;
-+ sp->opdata_dh = NULL;
-+ if (sp->opdata_dh_priv_num != NULL)
-+ {
-+ BN_free(sp->opdata_dh_priv_num);
-+ sp->opdata_dh_priv_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy DH key object wrapper.
-+ *
-+ * arg0: pointer to PKCS#11 engine session structure
-+ * if session is NULL, try to destroy all objects in the free list
-+ */
-+int
-+pk11_destroy_dh_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_DH].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_DH].head;
-+ uselock = FALSE;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_dh_object(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_DH].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/* Symmetric ciphers and digests support functions */
-+
-+static int
-+cipher_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; i++)
-+ if (ciphers[i].nid == nid)
-+ return (ciphers[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_usable_ciphers(const int **nids)
-+ {
-+ if (cipher_count > 0)
-+ *nids = cipher_nids;
-+ else
-+ *nids = NULL;
-+ return (cipher_count);
-+ }
-+
-+static int
-+pk11_usable_digests(const int **nids)
-+ {
-+ if (digest_count > 0)
-+ *nids = digest_nids;
-+ else
-+ *nids = NULL;
-+ return (digest_count);
-+ }
-+
-+/*
-+ * Init context for encryption or decryption using a symmetric key.
-+ */
-+static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
-+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
-+ {
-+ CK_RV rv;
-+#ifdef SOLARIS_AES_CTR
-+ CK_AES_CTR_PARAMS ctr_params;
-+#endif /* SOLARIS_AES_CTR */
-+
-+ /*
-+ * We expect pmech->mechanism to be already set and
-+ * pParameter/ulParameterLen initialized to NULL/0 before
-+ * pk11_init_symetric() is called.
-+ */
-+ OPENSSL_assert(pmech->mechanism != 0);
-+ OPENSSL_assert(pmech->pParameter == NULL);
-+ OPENSSL_assert(pmech->ulParameterLen == 0);
-+
-+#ifdef SOLARIS_AES_CTR
-+ if (ctx->cipher->nid == NID_aes_128_ctr ||
-+ ctx->cipher->nid == NID_aes_192_ctr ||
-+ ctx->cipher->nid == NID_aes_256_ctr)
-+ {
-+ pmech->pParameter = (void *)(&ctr_params);
-+ pmech->ulParameterLen = sizeof (ctr_params);
-+ /*
-+ * For now, we are limited to the fixed length of the counter,
-+ * it covers the whole counter block. That's what RFC 4344
-+ * needs. For more information on internal structure of the
-+ * counter block, see RFC 3686. If needed in the future, we can
-+ * add code so that the counter length can be set via
-+ * ENGINE_ctrl() function.
-+ */
-+ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
-+ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
-+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
-+ }
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ {
-+ if (pcipher->iv_len > 0)
-+ {
-+ pmech->pParameter = (void *)ctx->iv;
-+ pmech->ulParameterLen = pcipher->iv_len;
-+ }
-+ }
-+
-+ /* if we get here, the encryption needs to be reinitialized */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+ else
-+ rv = pFuncList->C_DecryptInit(sp->session, pmech,
-+ sp->opdata_cipher_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
-+ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+ {
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ PK11_CIPHER *p_ciph_table_row;
-+
-+ state->sp = NULL;
-+
-+ index = cipher_nid_to_pk11(ctx->cipher->nid);
-+ if (index < 0 || index >= PK11_CIPHER_MAX)
-+ return (0);
-+
-+ p_ciph_table_row = &ciphers[index];
-+ /*
-+ * iv_len in the ctx->cipher structure is the maximum IV length for the
-+ * current cipher and it must be less or equal to the IV length in our
-+ * ciphers table. The key length must be in the allowed interval. From
-+ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
-+ * key length to be in some range, all other NIDs have a precise key
-+ * length. Every application can define its own EVP functions so this
-+ * code serves as a sanity check.
-+ *
-+ * Note that the reason why the IV length in ctx->cipher might be
-+ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
-+ * macro to define functions that return EVP structures for all DES
-+ * modes. So, even ECB modes get 8 byte IV.
-+ */
-+ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
-+ ctx->key_len < p_ciph_table_row->min_key_len ||
-+ ctx->key_len > p_ciph_table_row->max_key_len) {
-+ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
-+ return (0);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
-+ return (0);
-+
-+ /* if applicable, the mechanism parameter is used for IV */
-+ mech.mechanism = p_ciph_table_row->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ /* The key object is destroyed here if it is not the current key. */
-+ (void) check_new_cipher_key(sp, key, ctx->key_len);
-+
-+ /*
-+ * If the key is the same and the encryption is also the same, then
-+ * just reuse it. However, we must not forget to reinitialize the
-+ * context that was finalized in pk11_cipher_cleanup().
-+ */
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
-+ sp->opdata_encrypt == ctx->encrypt)
-+ {
-+ state->sp = sp;
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+ /*
-+ * Check if the key has been invalidated. If so, a new key object
-+ * needs to be created.
-+ */
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ sp->opdata_cipher_key = pk11_get_cipher_key(
-+ ctx, key, p_ciph_table_row->key_type, sp);
-+ }
-+
-+ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
-+ {
-+ /*
-+ * The previous encryption/decryption is different. Need to
-+ * terminate the previous * active encryption/decryption here.
-+ */
-+ if (!pk11_cipher_final(sp))
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+ }
-+
-+ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
-+ {
-+ pk11_return_session(sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ /* now initialize the context with a new key */
-+ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
-+ return (0);
-+
-+ sp->opdata_encrypt = ctx->encrypt;
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+/*
-+ * When reusing the same key in an encryption/decryption session for a
-+ * decryption/encryption session, we need to close the active session
-+ * and recreate a new one. Note that the key is in the global session so
-+ * that it needs not be recreated.
-+ *
-+ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
-+ * development, these two functions in the PKCS#11 libraries used return
-+ * unexpected errors when passing in 0 length output. It may be a good
-+ * idea to try them again if performance is a problem here and fix
-+ * C_En/DecryptFinial if there are bugs there causing the problem.
-+ */
-+static int
-+pk11_cipher_final(PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
-+ return (0);
-+ }
-+
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * An engine interface function. The calling function allocates sufficient
-+ * memory for the output buffer "out" to hold the results.
-+ */
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl)
-+#else
-+static int
-+pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl)
-+#endif
-+ {
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
-+ PK11_SESSION *sp;
-+ CK_RV rv;
-+ unsigned long outl = inl;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ sp = (PK11_SESSION *) state->sp;
-+
-+ if (!inl)
-+ return (1);
-+
-+ /* RC4 is the only stream cipher we support */
-+ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ if (ctx->encrypt)
-+ {
-+ rv = pFuncList->C_EncryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_ENCRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+ else
-+ {
-+ rv = pFuncList->C_DecryptUpdate(sp->session,
-+ (unsigned char *)in, inl, out, &outl);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
-+ PK11_R_DECRYPTUPDATE, rv);
-+ return (0);
-+ }
-+ }
-+
-+ /*
-+ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
-+ * the same size of input.
-+ * The application has guaranteed to call the block ciphers with
-+ * correctly aligned buffers.
-+ */
-+ if (inl != outl)
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
-+ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
-+ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
-+ * the engine can't find out that it's the finalizing call. We wouldn't
-+ * necessarily have to finalize the context here since reinitializing it with
-+ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
-+ * let's do it. Some implementations might leak memory if the previously used
-+ * context is initialized without finalizing it first.
-+ */
-+static int
-+pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
-+ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
-+ PK11_CIPHER_STATE *state = ctx->cipher_data;
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * We are not interested in the data here, we just need to get
-+ * rid of the context.
-+ */
-+ if (ctx->encrypt)
-+ rv = pFuncList->C_EncryptFinal(
-+ state->sp->session, buf, &len);
-+ else
-+ rv = pFuncList->C_DecryptFinal(
-+ state->sp->session, buf, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
-+ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ return (0);
-+ }
-+
-+ pk11_return_session(state->sp, OP_CIPHER);
-+ state->sp = NULL;
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Registered by the ENGINE when used to find out how to deal with
-+ * a particular NID in the ENGINE. This says what we'll do at the
-+ * top level - note, that list is restricted by what we answer with
-+ */
-+/* ARGSUSED */
-+static int
-+pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-+ const int **nids, int nid)
-+ {
-+ if (!cipher)
-+ return (pk11_usable_ciphers(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_des_ede3_cbc:
-+ *cipher = &pk11_3des_cbc;
-+ break;
-+ case NID_des_cbc:
-+ *cipher = &pk11_des_cbc;
-+ break;
-+ case NID_des_ede3_ecb:
-+ *cipher = &pk11_3des_ecb;
-+ break;
-+ case NID_des_ecb:
-+ *cipher = &pk11_des_ecb;
-+ break;
-+ case NID_aes_128_cbc:
-+ *cipher = &pk11_aes_128_cbc;
-+ break;
-+ case NID_aes_192_cbc:
-+ *cipher = &pk11_aes_192_cbc;
-+ break;
-+ case NID_aes_256_cbc:
-+ *cipher = &pk11_aes_256_cbc;
-+ break;
-+ case NID_aes_128_ecb:
-+ *cipher = &pk11_aes_128_ecb;
-+ break;
-+ case NID_aes_192_ecb:
-+ *cipher = &pk11_aes_192_ecb;
-+ break;
-+ case NID_aes_256_ecb:
-+ *cipher = &pk11_aes_256_ecb;
-+ break;
-+ case NID_bf_cbc:
-+ *cipher = &pk11_bf_cbc;
-+ break;
-+ case NID_rc4:
-+ *cipher = &pk11_rc4;
-+ break;
-+ default:
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * These can't be in separated cases because the NIDs
-+ * here are not constants.
-+ */
-+ if (nid == NID_aes_128_ctr)
-+ *cipher = &pk11_aes_128_ctr;
-+ else if (nid == NID_aes_192_ctr)
-+ *cipher = &pk11_aes_192_ctr;
-+ else if (nid == NID_aes_256_ctr)
-+ *cipher = &pk11_aes_256_ctr;
-+ else
-+#endif /* SOLARIS_AES_CTR */
-+ *cipher = NULL;
-+ break;
-+ }
-+ return (*cipher != NULL);
-+ }
-+
-+/* ARGSUSED */
-+static int
-+pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
-+ const int **nids, int nid)
-+ {
-+ if (!digest)
-+ return (pk11_usable_digests(nids));
-+
-+ switch (nid)
-+ {
-+ case NID_md5:
-+ *digest = &pk11_md5;
-+ break;
-+ case NID_sha1:
-+ *digest = &pk11_sha1;
-+ break;
-+ case NID_sha224:
-+ *digest = &pk11_sha224;
-+ break;
-+ case NID_sha256:
-+ *digest = &pk11_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &pk11_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &pk11_sha512;
-+ break;
-+ default:
-+ *digest = NULL;
-+ break;
-+ }
-+ return (*digest != NULL);
-+ }
-+
-+
-+/* Create a secret key object in a PKCS#11 session */
-+static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
-+ CK_ULONG ul_key_attr_count = 6;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_VALUE, (void*) NULL, 0},
-+ };
-+
-+ /*
-+ * Create secret key object in global_session. All other sessions
-+ * can use the key handles. Here is why:
-+ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
-+ * It may then call DecryptInit and DecryptUpdate using the same key.
-+ * To use the same key object, we need to call EncryptFinal with
-+ * a 0 length message. Currently, this does not work for 3DES
-+ * mechanism. To get around this problem, we close the session and
-+ * then create a new session to use the same key object. When a session
-+ * is closed, all the object handles will be invalid. Thus, create key
-+ * objects in a global session, an individual session may be closed to
-+ * terminate the active operation.
-+ */
-+ CK_SESSION_HANDLE session = global_session;
-+ a_key_template[0].pValue = &obj_key;
-+ a_key_template[1].pValue = &key_type;
-+ a_key_template[5].pValue = (void *) key;
-+ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Save the key information used in this session.
-+ * The max can be saved is PK11_KEY_LEN_MAX.
-+ */
-+ sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ?
-+ PK11_KEY_LEN_MAX : ctx->key_len;
-+ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
-+err:
-+
-+ return (h_key);
-+ }
-+
-+static int
-+md_nid_to_pk11(int nid)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; i++)
-+ if (digests[i].nid == nid)
-+ return (digests[i].id);
-+ return (-1);
-+ }
-+
-+static int
-+pk11_digest_init(EVP_MD_CTX *ctx)
-+ {
-+ CK_RV rv;
-+ CK_MECHANISM mech;
-+ int index;
-+ PK11_SESSION *sp;
-+ PK11_DIGEST *pdp;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ state->sp = NULL;
-+
-+ index = md_nid_to_pk11(ctx->digest->type);
-+ if (index < 0 || index >= PK11_DIGEST_MAX)
-+ return (0);
-+
-+ pdp = &digests[index];
-+ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
-+ return (0);
-+
-+ /* at present, no parameter is needed for supported digests */
-+ mech.mechanism = pdp->mech_type;
-+ mech.pParameter = NULL;
-+ mech.ulParameterLen = 0;
-+
-+ rv = pFuncList->C_DigestInit(sp->session, &mech);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
-+ pk11_return_session(sp, OP_DIGEST);
-+ return (0);
-+ }
-+
-+ state->sp = sp;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-+ {
-+ CK_RV rv;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+
-+ /* 0 length message will cause a failure in C_DigestFinal */
-+ if (count == 0)
-+ return (1);
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
-+ count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-+ {
-+ CK_RV rv;
-+ unsigned long len;
-+ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
-+ len = ctx->digest->md_size;
-+
-+ if (state == NULL || state->sp == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+ return (0);
-+ }
-+
-+ if (ctx->digest->md_size != len)
-+ return (0);
-+
-+ /*
-+ * Final is called and digest is returned, so return the session
-+ * to the pool
-+ */
-+ pk11_return_session(state->sp, OP_DIGEST);
-+ state->sp = NULL;
-+
-+ return (1);
-+ }
-+
-+static int
-+pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-+ {
-+ CK_RV rv;
-+ int ret = 0;
-+ PK11_CIPHER_STATE *state, *state_to;
-+ CK_BYTE_PTR pstate = NULL;
-+ CK_ULONG ul_state_len;
-+
-+ /* The copy-from state */
-+ state = (PK11_CIPHER_STATE *) from->md_data;
-+ if (state == NULL || state->sp == NULL)
-+ goto err;
-+
-+ /* Initialize the copy-to state */
-+ if (!pk11_digest_init(to))
-+ goto err;
-+ state_to = (PK11_CIPHER_STATE *) to->md_data;
-+
-+ /* Get the size of the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+ if (ul_state_len == 0)
-+ {
-+ goto err;
-+ }
-+
-+ pstate = OPENSSL_malloc(ul_state_len);
-+ if (pstate == NULL)
-+ {
-+ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the operation state of the copy-from session */
-+ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
-+ &ul_state_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /* Set the operation state of the copy-to session */
-+ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
-+ ul_state_len, 0, 0);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DIGEST_COPY,
-+ PK11_R_SET_OPERATION_STATE, rv);
-+ goto err;
-+ }
-+
-+ ret = 1;
-+err:
-+ if (pstate != NULL)
-+ OPENSSL_free(pstate);
-+
-+ return (ret);
-+ }
-+
-+/* Return any pending session state to the pool */
-+static int
-+pk11_digest_cleanup(EVP_MD_CTX *ctx)
-+ {
-+ PK11_CIPHER_STATE *state = ctx->md_data;
-+ unsigned char buf[EVP_MAX_MD_SIZE];
-+
-+ if (state != NULL && state->sp != NULL)
-+ {
-+ /*
-+ * If state->sp is not NULL then pk11_digest_final() has not
-+ * been called yet. We must call it now to free any memory
-+ * that might have been allocated in the token when
-+ * pk11_digest_init() was called. pk11_digest_final()
-+ * will return the session to the cache.
-+ */
-+ if (!pk11_digest_final(ctx, buf))
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Check if the new key is the same as the key object in the session. If the key
-+ * is the same, no need to create a new key object. Otherwise, the old key
-+ * object needs to be destroyed and a new one will be created. Return 1 for
-+ * cache hit, 0 for cache miss. Note that we must check the key length first
-+ * otherwise we could end up reusing a different, longer key with the same
-+ * prefix.
-+ */
-+static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
-+ int key_len)
-+ {
-+ if (sp->opdata_key_len != key_len ||
-+ memcmp(sp->opdata_key, key, key_len) != 0)
-+ {
-+ (void) pk11_destroy_cipher_key_objects(sp);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/* Destroy one or more secret key objects. */
-+static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_CIPHER].head;
-+ }
-+
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
-+ {
-+ /*
-+ * The secret key object is created in the
-+ * global_session. See pk11_get_cipher_key().
-+ */
-+ if (pk11_destroy_object(global_session,
-+ sp->opdata_cipher_key, CK_FALSE) == 0)
-+ goto err;
-+ sp->opdata_cipher_key = CK_INVALID_HANDLE;
-+ }
-+ }
-+ ret = 1;
-+err:
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_X_509
-+ * CKM_RSA_PKCS
-+ * CKM_DSA
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * Symmetric ciphers optionally supported
-+ *
-+ * CKM_DES3_CBC
-+ * CKM_DES_CBC
-+ * CKM_AES_CBC
-+ * CKM_DES3_ECB
-+ * CKM_DES_ECB
-+ * CKM_AES_ECB
-+ * CKM_AES_CTR
-+ * CKM_RC4
-+ * CKM_BLOWFISH_CBC
-+ *
-+ * Digests optionally supported
-+ *
-+ * CKM_MD5
-+ * CKM_SHA_1
-+ * CKM_SHA224
-+ * CKM_SHA256
-+ * CKM_SHA384
-+ * CKM_SHA512
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ int slot_n_cipher = 0;
-+ int slot_n_digest = 0;
-+ CK_SLOT_ID current_slot = 0;
-+ int current_slot_n_cipher = 0;
-+ int current_slot_n_digest = 0;
-+
-+ int local_cipher_nids[PK11_CIPHER_MAX];
-+ int local_digest_nids[PK11_DIGEST_MAX];
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ CK_BBOOL slot_has_recover = CK_FALSE;
-+ CK_BBOOL slot_has_dsa = CK_FALSE;
-+ CK_BBOOL slot_has_dh = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_RSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ /*
-+ * Check if this slot is capable of encryption,
-+ * decryption, sign, and verify with CKM_RSA_X_509.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_RSA_X_509, &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY) &&
-+ (mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ if (mech_info.flags & CKF_VERIFY_RECOVER)
-+ {
-+ slot_has_recover = CK_TRUE;
-+ }
-+ }
-+ }
-+#endif /* OPENSSL_NO_RSA */
-+
-+#ifndef OPENSSL_NO_DSA
-+ /*
-+ * Check if this slot is capable of signing and
-+ * verifying with CKM_DSA.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
-+ &mech_info);
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
-+ (mech_info.flags & CKF_VERIFY)))
-+ {
-+ slot_has_dsa = CK_TRUE;
-+ }
-+
-+#endif /* OPENSSL_NO_DSA */
-+
-+#ifndef OPENSSL_NO_DH
-+ /*
-+ * Check if this slot is capable of DH key generataion and
-+ * derivation.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
-+
-+ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
-+ {
-+ rv = pFuncList->C_GetMechanismInfo(current_slot,
-+ CKM_DH_PKCS_DERIVE, &mech_info);
-+ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
-+ {
-+ slot_has_dh = CK_TRUE;
-+ }
-+ }
-+#endif /* OPENSSL_NO_DH */
-+
-+ if (!found_candidate_slot &&
-+ (slot_has_rsa || slot_has_dsa || slot_has_dh))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ pk11_have_recover = slot_has_recover;
-+ pk11_have_dsa = slot_has_dsa;
-+ pk11_have_dh = slot_has_dh;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa/dsa/dh\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ found_candidate_slot = CK_FALSE;
-+ best_slot_sofar = 0;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ current_slot = pSlotList[i];
-+ current_slot_n_cipher = 0;
-+ current_slot_n_digest = 0;
-+ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
-+ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
-+
-+ pk11_find_symmetric_ciphers(pFuncList, current_slot,
-+ ¤t_slot_n_cipher, local_cipher_nids);
-+
-+ pk11_find_digests(pFuncList, current_slot,
-+ ¤t_slot_n_digest, local_digest_nids);
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
-+ current_slot_n_cipher);
-+ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
-+ current_slot_n_digest);
-+ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
-+ PK11_DBG, best_slot_sofar);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * If the current slot supports more ciphers/digests than
-+ * the previous best one we change the current best to this one,
-+ * otherwise leave it where it is.
-+ */
-+ if ((current_slot_n_cipher + current_slot_n_digest) >
-+ (slot_n_cipher + slot_n_digest))
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: changing best so far slot to %d\n",
-+ PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = SLOTID = current_slot;
-+ cipher_count = slot_n_cipher = current_slot_n_cipher;
-+ digest_count = slot_n_digest = current_slot_n_digest;
-+ (void) memcpy(cipher_nids, local_cipher_nids,
-+ sizeof (local_cipher_nids));
-+ (void) memcpy(digest_nids, local_digest_nids,
-+ sizeof (local_digest_nids));
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
-+ fprintf(stderr,
-+ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+ fprintf(stderr,
-+ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
-+ fprintf(stderr,
-+ "%s: digest_count %d\n", PK11_DBG, digest_count);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ OPENSSL_free(hw_cnids);
-+ OPENSSL_free(hw_dnids);
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
-+ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
-+ int *local_cipher_nids, int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if ((mech_info.flags & CKF_ENCRYPT) &&
-+ (mech_info.flags & CKF_DECRYPT))
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(ciphers[id].nid, hw_cnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_cipher_nids[(*current_slot_n_cipher)++] =
-+ ciphers[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
-+ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
-+ int id)
-+ {
-+ CK_MECHANISM_INFO mech_info;
-+ CK_RV rv;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
-+
-+ if (rv != CKR_OK)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " not found\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return;
-+ }
-+
-+ if (mech_info.flags & CKF_DIGEST)
-+ {
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+ if (nid_in_table(digests[id].nid, hw_dnids))
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " usable\n");
-+#endif /* DEBUG_SLOT_SELECTION */
-+ local_digest_nids[(*current_slot_n_digest)++] =
-+ digests[id].nid;
-+ }
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " rejected, software implementation only\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+ }
-+#ifdef DEBUG_SLOT_SELECTION
-+ else
-+ {
-+ fprintf(stderr, " unusable\n");
-+ }
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ return;
-+ }
-+
-+#ifdef SOLARIS_AES_CTR
-+/* create a new NID when we have no OID for that mechanism */
-+static int pk11_add_NID(char *sn, char *ln)
-+ {
-+ ASN1_OBJECT *o;
-+ int nid;
-+
-+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
-+ 1, sn, ln)) == NULL)
-+ {
-+ return (0);
-+ }
-+
-+ /* will return NID_undef on error */
-+ nid = OBJ_add_object(o);
-+ ASN1_OBJECT_free(o);
-+
-+ return (nid);
-+ }
-+
-+/*
-+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
-+ * have to help ourselves here.
-+ */
-+static int pk11_add_aes_ctr_NIDs(void)
-+ {
-+ /* are we already set? */
-+ if (NID_aes_256_ctr != NID_undef)
-+ return (1);
-+
-+ /*
-+ * There are no official names for AES counter modes yet so we just
-+ * follow the format of those that exist.
-+ */
-+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
-+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
-+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
-+ return (1);
-+
-+err:
-+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
-+ return (0);
-+ }
-+#endif /* SOLARIS_AES_CTR */
-+
-+/* Find what symmetric ciphers this slot supports. */
-+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_CIPHER_MAX; ++i)
-+ {
-+ pk11_get_symmetric_cipher(pflist, current_slot,
-+ ciphers[i].mech_type, current_slot_n_cipher,
-+ local_cipher_nids, ciphers[i].id);
-+ }
-+ }
-+
-+/* Find what digest algorithms this slot supports. */
-+static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
-+ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
-+ {
-+ int i;
-+
-+ for (i = 0; i < PK11_DIGEST_MAX; ++i)
-+ {
-+ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
-+ current_slot_n_digest, local_digest_nids, digests[i].id);
-+ }
-+ }
-+
-+#ifdef SOLARIS_HW_SLOT_SELECTION
-+/*
-+ * It would be great if we could use pkcs11_kernel directly since this library
-+ * offers hardware slots only. That's the easiest way to achieve the situation
-+ * where we use the hardware accelerators when present and OpenSSL native code
-+ * otherwise. That presumes the fact that OpenSSL native code is faster than the
-+ * code in the soft token. It's a logical assumption - Crypto Framework has some
-+ * inherent overhead so going there for the software implementation of a
-+ * mechanism should be logically slower in contrast to the OpenSSL native code,
-+ * presuming that both implementations are of similar speed. For example, the
-+ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
-+ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
-+ * that use the PKCS#11 engine by default, we must somehow avoid that regression
-+ * on machines without hardware acceleration. That's why switching to the
-+ * pkcs11_kernel library seems like a very good idea.
-+ *
-+ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
-+ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
-+ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
-+ * library, we would have had a performance regression on machines without
-+ * hardware acceleration for asymmetric operations for all applications that use
-+ * the PKCS#11 engine. There is one such application - Apache web server since
-+ * it's shipped configured to use the PKCS#11 engine by default. Having said
-+ * that, we can't switch to the pkcs11_kernel library now and have to come with
-+ * a solution that, on non-accelerated machines, uses the OpenSSL native code
-+ * for all symmetric ciphers and digests while it uses the soft token for
-+ * asymmetric operations.
-+ *
-+ * This is the idea: dlopen() pkcs11_kernel directly and find out what
-+ * mechanisms are there. We don't care about duplications (more slots can
-+ * support the same mechanism), we just want to know what mechanisms can be
-+ * possibly supported in hardware on that particular machine. As said before,
-+ * pkcs11_kernel will show you hardware providers only.
-+ *
-+ * Then, we rely on the fact that since we use libpkcs11 library we will find
-+ * the metaslot. When we go through the metaslot's mechanisms for symmetric
-+ * ciphers and digests, we check that any found mechanism is in the table
-+ * created using the pkcs11_kernel library. So, as a result we have two arrays
-+ * of mechanisms that were advertised as supported in hardware which was the
-+ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
-+ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
-+ * information.
-+ *
-+ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
-+ * the code won't be used.
-+ */
-+#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
-+static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
-+#else
-+static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
-+#endif
-+
-+/*
-+ * Check hardware capabilities of the machines. The output are two lists,
-+ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
-+ * providers together. They are not sorted and may contain duplicate mechanisms.
-+ */
-+static int check_hw_mechanisms(void)
-+ {
-+ int i;
-+ CK_RV rv;
-+ void *handle;
-+ CK_C_GetFunctionList p;
-+ CK_TOKEN_INFO token_info;
-+ CK_ULONG ulSlotCount = 0;
-+ int n_cipher = 0, n_digest = 0;
-+ CK_FUNCTION_LIST_PTR pflist = NULL;
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
-+ int hw_ctable_size, hw_dtable_size;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
-+ PK11_DBG);
-+#endif
-+ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ if ((p = (CK_C_GetFunctionList)dlsym(handle,
-+ PK11_GET_FUNCTION_LIST)) == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ if (p(&pflist) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /* no slots, set the hw mechanism tables as empty */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
-+#endif
-+ hw_cnids = OPENSSL_malloc(sizeof (int));
-+ hw_dnids = OPENSSL_malloc(sizeof (int));
-+ if (hw_cnids == NULL || hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS,
-+ PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ /* this means empty tables */
-+ hw_cnids[0] = NID_undef;
-+ hw_dnids[0] = NID_undef;
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the slot list for processing */
-+ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
-+ goto err;
-+ }
-+
-+ /*
-+ * We don't care about duplicit mechanisms in multiple slots and also
-+ * reserve one slot for the terminal NID_undef which we use to stop the
-+ * search.
-+ */
-+ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
-+ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
-+ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
-+ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
-+ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
-+ {
-+ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * Do not use memset since we should not rely on the fact that NID_undef
-+ * is zero now.
-+ */
-+ for (i = 0; i < hw_ctable_size; ++i)
-+ tmp_hw_cnids[i] = NID_undef;
-+ for (i = 0; i < hw_dtable_size; ++i)
-+ tmp_hw_dnids[i] = NID_undef;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
-+ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
-+ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
-+ PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * We are filling the hw mech tables here. Global tables are
-+ * still NULL so all mechanisms are put into tmp tables.
-+ */
-+ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
-+ &n_cipher, tmp_hw_cnids);
-+ pk11_find_digests(pflist, pSlotList[i],
-+ &n_digest, tmp_hw_dnids);
-+ }
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects. Also, C_Finalize() is triggered by
-+ * dlclose(3C).
-+ */
-+#if 0
-+ pflist->C_Finalize(NULL);
-+#endif
-+ OPENSSL_free(pSlotList);
-+ (void) dlclose(handle);
-+ hw_cnids = tmp_hw_cnids;
-+ hw_dnids = tmp_hw_dnids;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+
-+err:
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+ if (tmp_hw_cnids != NULL)
-+ OPENSSL_free(tmp_hw_cnids);
-+ if (tmp_hw_dnids != NULL)
-+ OPENSSL_free(tmp_hw_dnids);
-+
-+ return (0);
-+ }
-+
-+/*
-+ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
-+ * non-existent).
-+ */
-+static int nid_in_table(int nid, int *nid_table)
-+ {
-+ int i = 0;
-+
-+ /*
-+ * a special case. NULL means that we are initializing a new
-+ * table.
-+ */
-+ if (nid_table == NULL)
-+ return (1);
-+
-+ /*
-+ * the table is never full, there is always at least one
-+ * NID_undef.
-+ */
-+ while (nid_table[i] != NID_undef)
-+ {
-+ if (nid_table[i++] == nid)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+ }
-+
-+ return (0);
-+ }
-+#endif /* SOLARIS_HW_SLOT_SELECTION */
-+
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11_err.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
-@@ -0,0 +1,288 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_err.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/err.h>
-+#include "hw_pk11_err.h"
-+
-+/* BEGIN ERROR CODES */
-+#ifndef OPENSSL_NO_ERR
-+static ERR_STRING_DATA pk11_str_functs[]=
-+{
-+{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
-+{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
-+{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
-+{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
-+{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
-+{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
-+{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
-+{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
-+{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
-+{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
-+{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
-+{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
-+{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
-+{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
-+{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
-+{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
-+{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
-+{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
-+{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
-+{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
-+{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
-+{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
-+{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
-+{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
-+{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
-+{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
-+{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
-+{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
-+{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
-+{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
-+{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
-+{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
-+{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
-+{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
-+{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
-+{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
-+{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
-+{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
-+{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
-+{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
-+{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
-+{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
-+{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
-+{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
-+{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
-+{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
-+{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
-+{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
-+{ 0, NULL}
-+};
-+
-+static ERR_STRING_DATA pk11_str_reasons[]=
-+{
-+{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
-+{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
-+{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
-+{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
-+{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
-+{ PK11_R_INITIALIZE, "C_Initialize failed"},
-+{ PK11_R_FINALIZE, "C_Finalize failed"},
-+{ PK11_R_GETINFO, "C_GetInfo faile"},
-+{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
-+{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
-+{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
-+{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
-+{ PK11_R_NO_MODULUS, "no modulus"},
-+{ PK11_R_NO_EXPONENT, "no exponent"},
-+{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
-+{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
-+{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
-+{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
-+{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
-+{ PK11_R_OPENSESSION, "C_OpenSession failed"},
-+{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
-+{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
-+{ PK11_R_ENCRYPT, "C_Encrypt failed"},
-+{ PK11_R_SIGNINIT, "C_SignInit failed"},
-+{ PK11_R_SIGN, "C_Sign failed"},
-+{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
-+{ PK11_R_DECRYPT, "C_Decrypt failed"},
-+{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
-+{ PK11_R_VERIFY, "C_Verify failed"},
-+{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
-+{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
-+{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
-+{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
-+{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
-+{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
-+{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
-+{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
-+{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
-+{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
-+{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
-+{ PK11_R_MALLOC_FAILURE, "malloc failure"},
-+{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
-+{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
-+{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
-+{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
-+{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
-+{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
-+{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
-+{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
-+{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
-+{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
-+{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
-+{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
-+{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
-+{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
-+{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
-+{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
-+{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
-+{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
-+{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
-+{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
-+{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
-+{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
-+{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
-+{ PK11_R_ATFORK_FAILED, "atfork() failed" },
-+{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
-+{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
-+{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
-+{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
-+{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
-+{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
-+{ PK11_R_PIPE_FAILED, "pipe() failed" },
-+{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
-+{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
-+{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
-+{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
-+{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
-+{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
-+{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
-+{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
-+{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
-+{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
-+{ PK11_R_MMAP_FAILED, "mmap() failed" },
-+{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
-+{ PK11_R_MLOCK_FAILED, "mlock() failed" },
-+{ PK11_R_FORK_FAILED, "fork() failed" },
-+{ 0, NULL}
-+};
-+#endif /* OPENSSL_NO_ERR */
-+
-+static int pk11_lib_error_code = 0;
-+static int pk11_error_init = 1;
-+
-+static void
-+ERR_load_pk11_strings(void)
-+ {
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+
-+ if (pk11_error_init)
-+ {
-+ pk11_error_init = 0;
-+#ifndef OPENSSL_NO_ERR
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ }
-+}
-+
-+static void
-+ERR_unload_pk11_strings(void)
-+ {
-+ if (pk11_error_init == 0)
-+ {
-+#ifndef OPENSSL_NO_ERR
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
-+ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
-+#endif
-+ pk11_error_init = 1;
-+ }
-+}
-+
-+void
-+ERR_pk11_error(int function, int reason, char *file, int line)
-+{
-+ if (pk11_lib_error_code == 0)
-+ pk11_lib_error_code = ERR_get_next_error_library();
-+ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-+}
-+
-+void
-+PK11err_add_data(int function, int reason, CK_RV rv)
-+{
-+ char tmp_buf[20];
-+
-+ PK11err(function, reason);
-+ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
-+ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-+}
-Index: openssl/crypto/engine/hw_pk11_err.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:51:32 2011
-@@ -0,0 +1,440 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#ifndef HW_PK11_ERR_H
-+#define HW_PK11_ERR_H
-+
-+void ERR_pk11_error(int function, int reason, char *file, int line);
-+void PK11err_add_data(int function, int reason, CK_RV rv);
-+#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
-+
-+/* Error codes for the PK11 functions. */
-+
-+/* Function codes. */
-+
-+#define PK11_F_INIT 100
-+#define PK11_F_FINISH 101
-+#define PK11_F_DESTROY 102
-+#define PK11_F_CTRL 103
-+#define PK11_F_RSA_INIT 104
-+#define PK11_F_RSA_FINISH 105
-+#define PK11_F_GET_PUB_RSA_KEY 106
-+#define PK11_F_GET_PRIV_RSA_KEY 107
-+#define PK11_F_RSA_GEN_KEY 108
-+#define PK11_F_RSA_PUB_ENC 109
-+#define PK11_F_RSA_PRIV_ENC 110
-+#define PK11_F_RSA_PUB_DEC 111
-+#define PK11_F_RSA_PRIV_DEC 112
-+#define PK11_F_RSA_SIGN 113
-+#define PK11_F_RSA_VERIFY 114
-+#define PK11_F_RAND_ADD 115
-+#define PK11_F_RAND_BYTES 116
-+#define PK11_F_GET_SESSION 117
-+#define PK11_F_FREE_SESSION 118
-+#define PK11_F_LOAD_PUBKEY 119
-+#define PK11_F_LOAD_PRIVKEY 120
-+#define PK11_F_RSA_PUB_ENC_LOW 121
-+#define PK11_F_RSA_PRIV_ENC_LOW 122
-+#define PK11_F_RSA_PUB_DEC_LOW 123
-+#define PK11_F_RSA_PRIV_DEC_LOW 124
-+#define PK11_F_DSA_SIGN 125
-+#define PK11_F_DSA_VERIFY 126
-+#define PK11_F_DSA_INIT 127
-+#define PK11_F_DSA_FINISH 128
-+#define PK11_F_GET_PUB_DSA_KEY 129
-+#define PK11_F_GET_PRIV_DSA_KEY 130
-+#define PK11_F_DH_INIT 131
-+#define PK11_F_DH_FINISH 132
-+#define PK11_F_MOD_EXP_DH 133
-+#define PK11_F_GET_DH_KEY 134
-+#define PK11_F_FREE_ALL_SESSIONS 135
-+#define PK11_F_SETUP_SESSION 136
-+#define PK11_F_DESTROY_OBJECT 137
-+#define PK11_F_CIPHER_INIT 138
-+#define PK11_F_CIPHER_DO_CIPHER 139
-+#define PK11_F_GET_CIPHER_KEY 140
-+#define PK11_F_DIGEST_INIT 141
-+#define PK11_F_DIGEST_UPDATE 142
-+#define PK11_F_DIGEST_FINAL 143
-+#define PK11_F_CHOOSE_SLOT 144
-+#define PK11_F_CIPHER_FINAL 145
-+#define PK11_F_LIBRARY_INIT 146
-+#define PK11_F_LOAD 147
-+#define PK11_F_DH_GEN_KEY 148
-+#define PK11_F_DH_COMP_KEY 149
-+#define PK11_F_DIGEST_COPY 150
-+#define PK11_F_CIPHER_CLEANUP 151
-+#define PK11_F_ACTIVE_ADD 152
-+#define PK11_F_ACTIVE_DELETE 153
-+#define PK11_F_CHECK_HW_MECHANISMS 154
-+#define PK11_F_INIT_SYMMETRIC 155
-+#define PK11_F_ADD_AES_CTR_NIDS 156
-+#define PK11_F_INIT_ALL_LOCKS 157
-+#define PK11_F_RETURN_SESSION 158
-+#define PK11_F_GET_PIN 159
-+#define PK11_F_FIND_ONE_OBJECT 160
-+#define PK11_F_CHECK_TOKEN_ATTRS 161
-+#define PK11_F_CACHE_PIN 162
-+#define PK11_F_MLOCK_PIN_IN_MEMORY 163
-+#define PK11_F_TOKEN_LOGIN 164
-+#define PK11_F_TOKEN_RELOGIN 165
-+#define PK11_F_RUN_ASKPASS 166
-+
-+/* Reason codes. */
-+#define PK11_R_ALREADY_LOADED 100
-+#define PK11_R_DSO_FAILURE 101
-+#define PK11_R_NOT_LOADED 102
-+#define PK11_R_PASSED_NULL_PARAMETER 103
-+#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
-+#define PK11_R_INITIALIZE 105
-+#define PK11_R_FINALIZE 106
-+#define PK11_R_GETINFO 107
-+#define PK11_R_GETSLOTLIST 108
-+#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
-+#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
-+#define PK11_R_GETATTRIBUTVALUE 111
-+#define PK11_R_NO_MODULUS 112
-+#define PK11_R_NO_EXPONENT 113
-+#define PK11_R_FINDOBJECTSINIT 114
-+#define PK11_R_FINDOBJECTS 115
-+#define PK11_R_FINDOBJECTSFINAL 116
-+#define PK11_R_CREATEOBJECT 118
-+#define PK11_R_DESTROYOBJECT 119
-+#define PK11_R_OPENSESSION 120
-+#define PK11_R_CLOSESESSION 121
-+#define PK11_R_ENCRYPTINIT 122
-+#define PK11_R_ENCRYPT 123
-+#define PK11_R_SIGNINIT 124
-+#define PK11_R_SIGN 125
-+#define PK11_R_DECRYPTINIT 126
-+#define PK11_R_DECRYPT 127
-+#define PK11_R_VERIFYINIT 128
-+#define PK11_R_VERIFY 129
-+#define PK11_R_VERIFYRECOVERINIT 130
-+#define PK11_R_VERIFYRECOVER 131
-+#define PK11_R_GEN_KEY 132
-+#define PK11_R_SEEDRANDOM 133
-+#define PK11_R_GENERATERANDOM 134
-+#define PK11_R_INVALID_MESSAGE_LENGTH 135
-+#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
-+#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
-+#define PK11_R_UNKNOWN_PADDING_TYPE 138
-+#define PK11_R_PADDING_CHECK_FAILED 139
-+#define PK11_R_DIGEST_TOO_BIG 140
-+#define PK11_R_MALLOC_FAILURE 141
-+#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
-+#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
-+#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
-+#define PK11_R_MISSING_KEY_COMPONENT 145
-+#define PK11_R_INVALID_SIGNATURE_LENGTH 146
-+#define PK11_R_INVALID_DSA_SIGNATURE_R 147
-+#define PK11_R_INVALID_DSA_SIGNATURE_S 148
-+#define PK11_R_INCONSISTENT_KEY 149
-+#define PK11_R_ENCRYPTUPDATE 150
-+#define PK11_R_DECRYPTUPDATE 151
-+#define PK11_R_DIGESTINIT 152
-+#define PK11_R_DIGESTUPDATE 153
-+#define PK11_R_DIGESTFINAL 154
-+#define PK11_R_ENCRYPTFINAL 155
-+#define PK11_R_DECRYPTFINAL 156
-+#define PK11_R_NO_PRNG_SUPPORT 157
-+#define PK11_R_GETTOKENINFO 158
-+#define PK11_R_DERIVEKEY 159
-+#define PK11_R_GET_OPERATION_STATE 160
-+#define PK11_R_SET_OPERATION_STATE 161
-+#define PK11_R_INVALID_HANDLE 162
-+#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
-+#define PK11_R_INVALID_OPERATION_TYPE 164
-+#define PK11_R_ADD_NID_FAILED 165
-+#define PK11_R_ATFORK_FAILED 166
-+
-+#define PK11_R_TOKEN_LOGIN_FAILED 167
-+#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
-+#define PK11_R_INVALID_PKCS11_URI 169
-+#define PK11_R_COULD_NOT_READ_PIN 170
-+#define PK11_R_COULD_NOT_OPEN_COMMAND 171
-+#define PK11_R_PIPE_FAILED 172
-+#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
-+#define PK11_R_BAD_PASSPHRASE_SPEC 174
-+#define PK11_R_TOKEN_NOT_INITIALIZED 175
-+#define PK11_R_TOKEN_PIN_NOT_SET 176
-+#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
-+#define PK11_R_MISSING_OBJECT_LABEL 178
-+#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
-+#define PK11_R_PRIV_KEY_NOT_FOUND 180
-+#define PK11_R_NO_OBJECT_FOUND 181
-+#define PK11_R_PIN_CACHING_POLICY_INVALID 182
-+#define PK11_R_SYSCONF_FAILED 183
-+#define PK11_R_MMAP_FAILED 183
-+#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
-+#define PK11_R_MLOCK_FAILED 185
-+#define PK11_R_FORK_FAILED 186
-+
-+/* max byte length of a symetric key we support */
-+#define PK11_KEY_LEN_MAX 32
-+
-+#ifdef NOPTHREADS
-+/*
-+ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
-+ * free_session list and active_list but generally serves as a global
-+ * per-process lock for the whole engine.
-+ *
-+ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
-+ * the global engine lock. This is not optimal w.r.t. performance but
-+ * it's safe.
-+ */
-+#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
-+#endif
-+
-+/*
-+ * This structure encapsulates all reusable information for a PKCS#11
-+ * session. A list of these objects is created on behalf of the
-+ * calling application using an on-demand method. Each operation
-+ * type (see PK11_OPTYPE below) has its own per-process list.
-+ * Each of the lists is basically a cache for faster PKCS#11 object
-+ * access to avoid expensive C_Find{,Init,Final}Object() calls.
-+ *
-+ * When a new request comes in, an object will be taken from the list
-+ * (if there is one) or a new one is created to handle the request
-+ * (if the list is empty). See pk11_get_session() on how it is done.
-+ */
-+typedef struct PK11_st_SESSION
-+ {
-+ struct PK11_st_SESSION *next;
-+ CK_SESSION_HANDLE session; /* PK11 session handle */
-+ pid_t pid; /* Current process ID */
-+ CK_BBOOL pub_persistent; /* is pub key in keystore? */
-+ CK_BBOOL priv_persistent;/* is priv key in keystore? */
-+ union
-+ {
-+#ifndef OPENSSL_NO_RSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
-+ RSA *rsa_pub; /* pub key addr */
-+ BIGNUM *rsa_n_num; /* pub modulus */
-+ BIGNUM *rsa_e_num; /* pub exponent */
-+ RSA *rsa_priv; /* priv key addr */
-+ BIGNUM *rsa_pn_num; /* pub modulus */
-+ BIGNUM *rsa_pe_num; /* pub exponent */
-+ BIGNUM *rsa_d_num; /* priv exponent */
-+ } u_RSA;
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
-+ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
-+ DSA *dsa_pub; /* pub key addr */
-+ BIGNUM *dsa_pub_num; /* pub key */
-+ DSA *dsa_priv; /* priv key addr */
-+ BIGNUM *dsa_priv_num; /* priv key */
-+ } u_DSA;
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+ struct
-+ {
-+ CK_OBJECT_HANDLE dh_key; /* key handle */
-+ DH *dh; /* dh key addr */
-+ BIGNUM *dh_priv_num; /* priv dh key */
-+ } u_DH;
-+#endif /* OPENSSL_NO_DH */
-+ struct
-+ {
-+ CK_OBJECT_HANDLE cipher_key; /* key handle */
-+ unsigned char key[PK11_KEY_LEN_MAX];
-+ int key_len; /* priv key len */
-+ int encrypt; /* 1/0 enc/decr */
-+ } u_cipher;
-+ } opdata_u;
-+ } PK11_SESSION;
-+
-+#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
-+#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
-+#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
-+#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
-+#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
-+#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
-+#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
-+#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
-+#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
-+#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
-+#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
-+#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
-+#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
-+#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
-+#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
-+#define opdata_dh_key opdata_u.u_DH.dh_key
-+#define opdata_dh opdata_u.u_DH.dh
-+#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
-+#define opdata_cipher_key opdata_u.u_cipher.cipher_key
-+#define opdata_key opdata_u.u_cipher.key
-+#define opdata_key_len opdata_u.u_cipher.key_len
-+#define opdata_encrypt opdata_u.u_cipher.encrypt
-+
-+/*
-+ * We have 3 different groups of operation types:
-+ * 1) asymmetric operations
-+ * 2) random operations
-+ * 3) symmetric and digest operations
-+ *
-+ * This division into groups stems from the fact that it's common that hardware
-+ * providers may support operations from one group only. For example, hardware
-+ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
-+ * only a single group of operations.
-+ *
-+ * For every group a different slot can be chosen. That means that we must have
-+ * at least 3 different lists of cached PKCS#11 sessions since sessions from
-+ * different groups may be initialized in different slots.
-+ *
-+ * To provide locking granularity in multithreaded environment, the groups are
-+ * further splitted into types with each type having a separate session cache.
-+ */
-+typedef enum PK11_OPTYPE_ENUM
-+ {
-+ OP_RAND,
-+ OP_RSA,
-+ OP_DSA,
-+ OP_DH,
-+ OP_CIPHER,
-+ OP_DIGEST,
-+ OP_MAX
-+ } PK11_OPTYPE;
-+
-+/*
-+ * This structure contains the heads of the lists forming the object caches
-+ * and locks associated with the lists.
-+ */
-+typedef struct PK11_st_CACHE
-+ {
-+ PK11_SESSION *head;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *lock;
-+#endif
-+ } PK11_CACHE;
-+
-+/* structure for tracking handles of asymmetric key objects */
-+typedef struct PK11_active_st
-+ {
-+ CK_OBJECT_HANDLE h;
-+ unsigned int refcnt;
-+ struct PK11_active_st *prev;
-+ struct PK11_active_st *next;
-+ } PK11_active;
-+
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *find_lock[];
-+#endif
-+extern PK11_active *active_list[];
-+/*
-+ * These variables are specific for the RSA keys by reference code. See
-+ * hw_pk11_pub.c for explanation.
-+ */
-+extern CK_FLAGS pubkey_token_flags;
-+
-+#ifndef NOPTHREADS
-+#define LOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_lock(find_lock[alg_type])
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ (void) pthread_mutex_unlock(find_lock[alg_type])
-+#else
-+#define LOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
-+#define UNLOCK_OBJSTORE(alg_type) \
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
-+#endif
-+
-+extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+extern int pk11_token_relogin(CK_SESSION_HANDLE session);
-+
-+#ifndef OPENSSL_NO_RSA
-+extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+extern RSA_METHOD *PK11_RSA(void);
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DSA_METHOD *PK11_DSA(void);
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
-+extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
-+extern DH_METHOD *PK11_DH(void);
-+#endif /* OPENSSL_NO_DH */
-+
-+extern CK_FUNCTION_LIST_PTR pFuncList;
-+
-+#endif /* HW_PK11_ERR_H */
-Index: openssl/crypto/engine/hw_pk11_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:24 2012
-@@ -0,0 +1,3530 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#ifndef OPENSSL_NO_RSA
-+#include <openssl/rsa.h>
-+#endif /* OPENSSL_NO_RSA */
-+#ifndef OPENSSL_NO_DSA
-+#include <openssl/dsa.h>
-+#endif /* OPENSSL_NO_DSA */
-+#ifndef OPENSSL_NO_DH
-+#include <openssl/dh.h>
-+#endif /* OPENSSL_NO_DH */
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11CA
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11ca.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+#ifndef OPENSSL_NO_RSA
-+/* RSA stuff */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding);
-+static int pk11_RSA_init(RSA *rsa);
-+static int pk11_RSA_finish(RSA *rsa);
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#else
-+static int pk11_RSA_verify(int dtype, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
-+#endif
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+#endif
-+
-+/* DSA stuff */
-+#ifndef OPENSSL_NO_DSA
-+static int pk11_DSA_init(DSA *dsa);
-+static int pk11_DSA_finish(DSA *dsa);
-+static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa);
-+static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
-+ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
-+
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
-+#endif
-+
-+/* DH stuff */
-+#ifndef OPENSSL_NO_DH
-+static int pk11_DH_init(DH *dh);
-+static int pk11_DH_finish(DH *dh);
-+static int pk11_DH_generate_key(DH *dh);
-+static int pk11_DH_compute_key(unsigned char *key,
-+ const BIGNUM *pub_key, DH *dh);
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
-+ BIGNUM **priv_key, CK_SESSION_HANDLE session);
-+
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
-+#endif
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+#ifndef OPENSSL_NO_RSA
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa =
-+ {
-+ "PKCS#11 RSA method",
-+ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
-+ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
-+ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
-+ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
-+ NULL, /* rsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_RSA_init, /* init */
-+ pk11_RSA_finish, /* finish */
-+ RSA_FLAG_SIGN_VER, /* flags */
-+ NULL, /* app_data */
-+ pk11_RSA_sign, /* rsa_sign */
-+ pk11_RSA_verify /* rsa_verify */
-+ };
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ return (&pk11_rsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* Our internal DSA_METHOD that we provide pointers to */
-+static DSA_METHOD pk11_dsa =
-+ {
-+ "PKCS#11 DSA method",
-+ pk11_dsa_do_sign, /* dsa_do_sign */
-+ NULL, /* dsa_sign_setup */
-+ pk11_dsa_do_verify, /* dsa_do_verify */
-+ NULL, /* dsa_mod_exp */
-+ NULL, /* bn_mod_exp */
-+ pk11_DSA_init, /* init */
-+ pk11_DSA_finish, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+ };
-+
-+DSA_METHOD *
-+PK11_DSA(void)
-+ {
-+ return (&pk11_dsa);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DH
-+/*
-+ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
-+ * output buffer may somewhat exceed the precise number of bytes needed, but
-+ * should not exceed it by a large amount. That may be caused, for example, by
-+ * rounding it up to multiple of X in the underlying bignum library. 8 should be
-+ * enough.
-+ */
-+#define DH_BUF_RESERVE 8
-+
-+/* Our internal DH_METHOD that we provide pointers to */
-+static DH_METHOD pk11_dh =
-+ {
-+ "PKCS#11 DH method",
-+ pk11_DH_generate_key, /* generate_key */
-+ pk11_DH_compute_key, /* compute_key */
-+ NULL, /* bn_mod_exp */
-+ pk11_DH_init, /* init */
-+ pk11_DH_finish, /* finish */
-+ 0, /* flags */
-+ NULL, /* app_data */
-+ NULL /* generate_params */
-+ };
-+
-+DH_METHOD *
-+PK11_DH(void)
-+ {
-+ return (&pk11_dh);
-+ }
-+#endif
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+/* Lengths of DSA data and signature */
-+#define DSA_DATA_LEN 20
-+#define DSA_SIGNATURE_LEN 40
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+#ifndef OPENSSL_NO_RSA
-+/*
-+ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
-+ * support all paddings in this engine although PK11 library does not
-+ * support all the paddings used in OpenSSL.
-+ * The input errors should have been checked in the padding functions.
-+ */
-+static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ i = RSA_padding_add_SSLv23(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+
-+/*
-+ * Similar to Openssl to take advantage of the paddings. The input errors
-+ * should be catched in the padding functions
-+ */
-+static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ int i, num = 0, r = -1;
-+ unsigned char *buf = NULL;
-+
-+ num = BN_num_bytes(rsa->n);
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
-+ break;
-+ case RSA_NO_PADDING:
-+ i = RSA_padding_add_none(buf, num, from, flen);
-+ break;
-+ case RSA_SSLV23_PADDING:
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (i <= 0) goto err;
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
-+err:
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int j, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+
-+ num = BN_num_bytes(rsa->n);
-+
-+ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ /* make data into a big number */
-+ if (BN_bin2bn(from, (int)flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PRIV_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's paddings here.
-+ */
-+ for (j = 0; j < r; j++)
-+ if (buf[j] != 0)
-+ break;
-+
-+ p = buf + j;
-+ j = r - j; /* j is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
-+ break;
-+#ifndef OPENSSL_NO_SHA
-+ case RSA_PKCS1_OAEP_PADDING:
-+ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
-+ break;
-+#endif
-+ case RSA_SSLV23_PADDING:
-+ r = RSA_padding_check_SSLv23(to, num, p, j, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, j, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/* Similar to OpenSSL code. Input errors are also checked here */
-+static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding)
-+ {
-+ BIGNUM f;
-+ int i, num = 0, r = -1;
-+ unsigned char *p;
-+ unsigned char *buf = NULL;
-+
-+ BN_init(&f);
-+ num = BN_num_bytes(rsa->n);
-+ buf = (unsigned char *)OPENSSL_malloc(num);
-+ if (buf == NULL)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /*
-+ * This check was for equality but PGP does evil things
-+ * and chops off the top '0' bytes
-+ */
-+ if (flen > num)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
-+ goto err;
-+ }
-+
-+ if (BN_bin2bn(from, flen, &f) == NULL)
-+ goto err;
-+
-+ if (BN_ucmp(&f, rsa->n) >= 0)
-+ {
-+ RSAerr(PK11_F_RSA_PUB_DEC,
-+ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
-+ goto err;
-+ }
-+
-+ /* PK11 functions are called here */
-+ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
-+
-+ /*
-+ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
-+ * Needs to skip these 0's here
-+ */
-+ for (i = 0; i < r; i++)
-+ if (buf[i] != 0)
-+ break;
-+
-+ p = buf + i;
-+ i = r - i; /* i is only used with no-padding mode */
-+
-+ switch (padding)
-+ {
-+ case RSA_PKCS1_PADDING:
-+ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
-+ break;
-+ case RSA_NO_PADDING:
-+ r = RSA_padding_check_none(to, num, p, i, num);
-+ break;
-+ default:
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
-+ goto err;
-+ }
-+ if (r < 0)
-+ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
-+
-+err:
-+ BN_clear_free(&f);
-+ if (buf != NULL)
-+ {
-+ OPENSSL_cleanse(buf, num);
-+ OPENSSL_free(buf);
-+ }
-+ return (r);
-+ }
-+
-+/*
-+ * This function implements RSA public encryption using C_EncryptInit and
-+ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_encrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Encrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_encrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
-+ PK11_R_ENCRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_encrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private encryption using C_SignInit and
-+ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_encrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG ul_sig_len = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ {
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
-+ PK11_R_SIGNINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char *)from, flen, to, &ul_sig_len);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
-+ rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ retval = ul_sig_len;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA private decryption using C_DecryptInit and
-+ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_private_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
-+ h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPTINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_Decrypt(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
-+ PK11_R_DECRYPT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * This function implements RSA public decryption using C_VerifyRecoverInit
-+ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
-+ * The calling function allocated sufficient memory in "to" to store results.
-+ */
-+static int pk11_RSA_public_decrypt_low(int flen,
-+ const unsigned char *from, unsigned char *to, RSA *rsa)
-+ {
-+ CK_ULONG bytes_decrypted = flen;
-+ int retval = -1;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (-1);
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyRecoverInit(sp->session,
-+ p_mech, h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVERINIT, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+
-+ rv = pFuncList->C_VerifyRecover(sp->session,
-+ (unsigned char *)from, flen, to, &bytes_decrypted);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
-+ PK11_R_VERIFYRECOVER, rv);
-+ pk11_return_session(sp, OP_RSA);
-+ return (-1);
-+ }
-+ retval = bytes_decrypted;
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (retval);
-+ }
-+
-+static int pk11_RSA_init(RSA *rsa)
-+ {
-+ /*
-+ * This flag in the RSA_METHOD enables the new rsa_sign,
-+ * rsa_verify functions. See rsa.h for details.
-+ */
-+ rsa->flags |= RSA_FLAG_SIGN_VER;
-+
-+ return (1);
-+ }
-+
-+static int pk11_RSA_finish(RSA *rsa)
-+ {
-+ /*
-+ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
-+ * to do the same as in the original function, i.e. to free bignum
-+ * structures.
-+ */
-+ if (rsa->_method_mod_n != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_n);
-+ if (rsa->_method_mod_p != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_p);
-+ if (rsa->_method_mod_q != NULL)
-+ BN_MONT_CTX_free(rsa->_method_mod_q);
-+
-+ return (1);
-+ }
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10000000L
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#else
-+static int pk11_RSA_verify(int type, const unsigned char *m,
-+ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa)
-+#endif
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+
-+ h_pub_key = sp->opdata_rsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
-+ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
-+ sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto err;
-+ }
-+ rv = pFuncList->C_Verify(sp->session, s, i,
-+ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+#ifndef OPENSSL_NO_DSA
-+/* The DSA function implementation */
-+/* ARGSUSED */
-+static int pk11_DSA_init(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DSA_finish(DSA *dsa)
-+ {
-+ return (1);
-+ }
-+
-+
-+static DSA_SIG *
-+pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-+ {
-+ BIGNUM *r = NULL, *s = NULL;
-+ int i;
-+ DSA_SIG *dsa_sig = NULL;
-+
-+ CK_RV rv;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+
-+ /*
-+ * The signature is the concatenation of r and s,
-+ * each is 20 bytes long
-+ */
-+ unsigned char sigret[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_priv(sp, dsa);
-+
-+ h_priv_key = sp->opdata_dsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_dsa_priv_key =
-+ pk11_get_private_dsa_key((DSA *)dsa,
-+ &sp->opdata_dsa_priv,
-+ &sp->opdata_dsa_priv_num, sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto ret;
-+ }
-+
-+ (void) memset(sigret, 0, siglen);
-+ rv = pFuncList->C_Sign(sp->session,
-+ (unsigned char*) dgst, dlen, sigret,
-+ (CK_ULONG_PTR) &siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
-+ goto ret;
-+ }
-+ }
-+
-+
-+ if ((s = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((r = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if ((dsa_sig = DSA_SIG_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
-+ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
-+ {
-+ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto ret;
-+ }
-+
-+ dsa_sig->r = r;
-+ dsa_sig->s = s;
-+
-+ret:
-+ if (dsa_sig == NULL)
-+ {
-+ if (r != NULL)
-+ BN_free(r);
-+ if (s != NULL)
-+ BN_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (dsa_sig);
-+ }
-+
-+static int
-+pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
-+ DSA *dsa)
-+ {
-+ int i;
-+ CK_RV rv;
-+ int retval = 0;
-+ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
-+ CK_MECHANISM *p_mech = &Mechanism_dsa;
-+ CK_OBJECT_HANDLE h_pub_key;
-+
-+ unsigned char sigbuf[DSA_SIGNATURE_LEN];
-+ unsigned long siglen = DSA_SIGNATURE_LEN;
-+ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
-+
-+ PK11_SESSION *sp = NULL;
-+
-+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_R);
-+ goto ret;
-+ }
-+
-+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_DSA_SIGNATURE_S);
-+ goto ret;
-+ }
-+
-+ i = BN_num_bytes(dsa->q); /* should be 20 */
-+
-+ if (dlen > i)
-+ {
-+ PK11err(PK11_F_DSA_VERIFY,
-+ PK11_R_INVALID_SIGNATURE_LENGTH);
-+ goto ret;
-+ }
-+
-+ if ((sp = pk11_get_session(OP_DSA)) == NULL)
-+ goto ret;
-+
-+ (void) check_new_dsa_key_pub(sp, dsa);
-+
-+ h_pub_key = sp->opdata_dsa_pub_key;
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ h_pub_key = sp->opdata_dsa_pub_key =
-+ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
-+ &sp->opdata_dsa_pub_num, sp->session);
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
-+ h_pub_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
-+ rv);
-+ goto ret;
-+ }
-+
-+ /*
-+ * The representation of each of the two big numbers could
-+ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
-+ * to act accordingly and shift if necessary.
-+ */
-+ (void) memset(sigbuf, 0, siglen);
-+ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
-+ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
-+ BN_num_bytes(sig->s));
-+
-+ rv = pFuncList->C_Verify(sp->session,
-+ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
-+ goto ret;
-+ }
-+ }
-+
-+ retval = 1;
-+ret:
-+
-+ pk11_return_session(sp, OP_DSA);
-+ return (retval);
-+ }
-+
-+
-+/*
-+ * Create a public key object in a session from a given dsa structure.
-+ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ if (init_template_value(dsa->p, &a_key_template[4].pValue,
-+ &a_key_template[4].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_pub_num != NULL)
-+ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ for (i = 4; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given dsa structure
-+ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
-+ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ int i;
-+ CK_ULONG found;
-+ CK_KEY_TYPE k_type = CKK_DSA;
-+ CK_ULONG ul_key_attr_count = 9;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_PRIME, (void *)NULL, 0}, /* p */
-+ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
-+ {CKA_BASE, (void *)NULL, 0}, /* g */
-+ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
-+ };
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(dsa->p, &a_key_template[5].pValue,
-+ &a_key_template[5].ulValueLen) == 0 ||
-+ init_template_value(dsa->q, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(dsa->g, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DSA);
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dsa_priv_num != NULL)
-+ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DSA);
-+
-+malloc_err:
-+ /*
-+ * 5 to 8 entries in the key template are key components.
-+ * They need to be freed apon exit or error.
-+ */
-+ for (i = 5; i <= 8; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only public key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_pub != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
-+ {
-+ /*
-+ * Provide protection against DSA structure reuse by making the
-+ * check for cache hit stronger. Only private key component of DSA
-+ * key matters here so it is sufficient to compare it with value
-+ * cached in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dsa_priv != dsa) ||
-+ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+
-+#ifndef OPENSSL_NO_DH
-+/* The DH function implementation */
-+/* ARGSUSED */
-+static int pk11_DH_init(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/* ARGSUSED */
-+static int pk11_DH_finish(DH *dh)
-+ {
-+ return (1);
-+ }
-+
-+/*
-+ * Generate DH key-pair.
-+ *
-+ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
-+ * and override it even if it is set. OpenSSL does not touch dh->priv_key
-+ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
-+ * is not capable of providing this functionality. This could be a problem
-+ * for applications relying on OpenSSL's semantics.
-+ */
-+static int pk11_DH_generate_key(DH *dh)
-+ {
-+ CK_ULONG i;
-+ CK_RV rv, rv1;
-+ int reuse_mem_len = 0, ret = 0;
-+ PK11_SESSION *sp = NULL;
-+ CK_BYTE_PTR reuse_mem;
-+
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_pub_key_attr_count = 3;
-+ CK_ATTRIBUTE pub_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *)NULL, 0},
-+ {CKA_BASE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG ul_priv_key_attr_count = 3;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_SENSITIVE, &false, sizeof (false)},
-+ {CKA_DERIVE, &true, sizeof (true)}
-+ };
-+
-+ CK_ULONG pub_key_attr_result_count = 1;
-+ CK_ATTRIBUTE pub_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
-+ if (pub_key_template[1].ulValueLen > 0)
-+ {
-+ /*
-+ * We must not increase ulValueLen by DH_BUF_RESERVE since that
-+ * could cause the same rounding problem. See definition of
-+ * DH_BUF_RESERVE above.
-+ */
-+ pub_key_template[1].pValue =
-+ OPENSSL_malloc(pub_key_template[1].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[1].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
-+ if (pub_key_template[2].ulValueLen > 0)
-+ {
-+ pub_key_template[2].pValue =
-+ OPENSSL_malloc(pub_key_template[2].ulValueLen +
-+ DH_BUF_RESERVE);
-+ if (pub_key_template[2].pValue == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
-+ }
-+ else
-+ goto err;
-+
-+ /*
-+ * Note: we are only using PK11_SESSION structure for getting
-+ * a session handle. The objects created in this function are
-+ * destroyed before return and thus not cached.
-+ */
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ rv = pFuncList->C_GenerateKeyPair(sp->session,
-+ &mechanism,
-+ pub_key_template,
-+ ul_pub_key_attr_count,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_pub_key,
-+ &h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * Reuse the larger memory allocated. We know the larger memory
-+ * should be sufficient for reuse.
-+ */
-+ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
-+ {
-+ reuse_mem = pub_key_template[1].pValue;
-+ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
-+ }
-+ else
-+ {
-+ reuse_mem = pub_key_template[2].pValue;
-+ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK || rv1 != CKR_OK)
-+ {
-+ rv = (rv != CKR_OK) ? rv : rv1;
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
-+ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+
-+ /* Reuse the memory allocated */
-+ pub_key_result[0].pValue = reuse_mem;
-+ pub_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
-+ pub_key_result, pub_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (pub_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->pub_key == NULL)
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
-+ pub_key_result[0].ulValueLen, dh->pub_key);
-+ if (dh->pub_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ /* Reuse the memory allocated */
-+ priv_key_result[0].pValue = reuse_mem;
-+ priv_key_result[0].ulValueLen = reuse_mem_len;
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ if (dh->priv_key == NULL)
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
-+ priv_key_result[0].ulValueLen, dh->priv_key);
-+ if (dh->priv_key == NULL)
-+ {
-+ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ }
-+
-+ ret = 1;
-+
-+err:
-+
-+ if (h_pub_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_GEN_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+
-+ for (i = 1; i <= 2; i++)
-+ {
-+ if (pub_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(pub_key_template[i].pValue);
-+ pub_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh)
-+ {
-+ unsigned int i;
-+ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
-+ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
-+ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
-+ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+
-+ CK_ULONG ul_priv_key_attr_count = 2;
-+ CK_ATTRIBUTE priv_key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ };
-+
-+ CK_ULONG priv_key_attr_result_count = 1;
-+ CK_ATTRIBUTE priv_key_result[] =
-+ {
-+ {CKA_VALUE, (void *)NULL, 0}
-+ };
-+
-+ CK_RV rv;
-+ int ret = -1;
-+ PK11_SESSION *sp = NULL;
-+
-+ if (dh->priv_key == NULL)
-+ goto err;
-+
-+ priv_key_template[0].pValue = &key_class;
-+ priv_key_template[1].pValue = &key_type;
-+
-+ if ((sp = pk11_get_session(OP_DH)) == NULL)
-+ goto err;
-+
-+ mechanism.ulParameterLen = BN_num_bytes(pub_key);
-+ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
-+ if (mechanism.pParameter == NULL)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ BN_bn2bin(pub_key, mechanism.pParameter);
-+
-+ (void) check_new_dh_key(sp, dh);
-+
-+ h_key = sp->opdata_dh_key;
-+ if (h_key == CK_INVALID_HANDLE)
-+ h_key = sp->opdata_dh_key =
-+ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
-+ &sp->opdata_dh_priv_num, sp->session);
-+
-+ if (h_key == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_DeriveKey(sp->session,
-+ &mechanism,
-+ h_key,
-+ priv_key_template,
-+ ul_priv_key_attr_count,
-+ &h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
-+ goto err;
-+ }
-+ priv_key_result[0].pValue =
-+ OPENSSL_malloc(priv_key_result[0].ulValueLen);
-+ if (!priv_key_result[0].pValue)
-+ {
-+ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
-+ priv_key_result, priv_key_attr_result_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
-+ rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * OpenSSL allocates the output buffer 'key' which is the same
-+ * length of the public key. It is long enough for the derived key
-+ */
-+ if (priv_key_result[0].type == CKA_VALUE)
-+ {
-+ /*
-+ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
-+ * leading zeros from a computed shared secret. However,
-+ * OpenSSL always did it so we must do the same here. The
-+ * vagueness of the spec regarding leading zero bytes was
-+ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
-+ * zeros are stripped before the computed data is used as the
-+ * pre-master secret.
-+ */
-+ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
-+ {
-+ if (((char *)priv_key_result[0].pValue)[i] != 0)
-+ break;
-+ }
-+
-+ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
-+ priv_key_result[0].ulValueLen - i);
-+ ret = priv_key_result[0].ulValueLen - i;
-+ }
-+
-+err:
-+
-+ if (h_derived_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DH_COMP_KEY,
-+ PK11_R_DESTROYOBJECT, rv);
-+ }
-+ }
-+ if (priv_key_result[0].pValue)
-+ {
-+ OPENSSL_free(priv_key_result[0].pValue);
-+ priv_key_result[0].pValue = NULL;
-+ }
-+
-+ if (mechanism.pParameter)
-+ {
-+ OPENSSL_free(mechanism.pParameter);
-+ mechanism.pParameter = NULL;
-+ }
-+
-+ pk11_return_session(sp, OP_DH);
-+ return (ret);
-+ }
-+
-+
-+static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
-+ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE key_type = CKK_DH;
-+ CK_ULONG found;
-+ CK_BBOOL rollback = FALSE;
-+ int i;
-+
-+ CK_ULONG ul_key_attr_count = 7;
-+ CK_ATTRIBUTE key_template[] =
-+ {
-+ {CKA_CLASS, (void*) NULL, sizeof (class)},
-+ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
-+ {CKA_DERIVE, &true, sizeof (true)},
-+ {CKA_PRIVATE, &false, sizeof (false)},
-+ {CKA_PRIME, (void *) NULL, 0},
-+ {CKA_BASE, (void *) NULL, 0},
-+ {CKA_VALUE, (void *) NULL, 0},
-+ };
-+
-+ key_template[0].pValue = &class;
-+ key_template[1].pValue = &key_type;
-+
-+ key_template[4].ulValueLen = BN_num_bytes(dh->p);
-+ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[4].ulValueLen);
-+ if (key_template[4].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->p, key_template[4].pValue);
-+
-+ key_template[5].ulValueLen = BN_num_bytes(dh->g);
-+ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[5].ulValueLen);
-+ if (key_template[5].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->g, key_template[5].pValue);
-+
-+ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
-+ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)key_template[6].ulValueLen);
-+ if (key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(dh->priv_key, key_template[6].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_DH);
-+ rv = pFuncList->C_FindObjectsInit(session, key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
-+ rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
-+ rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (dh_priv_num != NULL)
-+ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = dh;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_DH);
-+
-+malloc_err:
-+ for (i = 4; i <= 6; i++)
-+ {
-+ if (key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(key_template[i].pValue);
-+ key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ *
-+ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
-+ * to CK_INVALID_HANDLE even when it fails to destroy the object.
-+ */
-+static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
-+ {
-+ /*
-+ * Provide protection against DH structure reuse by making the
-+ * check for cache hit stronger. Private key component of DH key
-+ * is unique so it is sufficient to compare it with value cached
-+ * in PK11_SESSION structure.
-+ */
-+ if ((sp->opdata_dh != dh) ||
-+ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_dh_object(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+#endif
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ return (0);
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ return (0);
-+ }
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11CA */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11ca.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
-+
-+#define token_lock pk11ca_token_lock
-+#define find_lock pk11ca_find_lock
-+#define active_list pk11ca_active_list
-+#define pubkey_token_flags pk11ca_pubkey_token_flags
-+#define pubkey_SLOTID pk11ca_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11ca_error
-+#define PK11err_add_data PK11CAerr_add_data
-+#define pk11_get_session pk11ca_get_session
-+#define pk11_return_session pk11ca_return_session
-+#define pk11_active_add pk11ca_active_add
-+#define pk11_active_delete pk11ca_active_delete
-+#define pk11_active_remove pk11ca_active_remove
-+#define pk11_free_active_list pk11ca_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11ca_load_privkey
-+#define pk11_load_pubkey pk11ca_load_pubkey
-+#define PK11_RSA PK11CA_RSA
-+#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
-+#define PK11_DSA PK11CA_DSA
-+#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11ca_destroy_dh_object
-+#define PK11_DH PK11CA_DH
-+#define pk11_token_relogin pk11ca_token_relogin
-+#define pFuncList pk11ca_pFuncList
-+#define pk11_pin pk11ca_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11ca
-Index: openssl/crypto/engine/hw_pk11so.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:53 2011
-@@ -0,0 +1,1745 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/md5.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+typedef int pid_t;
-+#define getpid() GetCurrentProcessId()
-+#define NOPTHREADS
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <signal.h>
-+#include <unistd.h>
-+#include <dlfcn.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+/* label for debug messages printed on stderr */
-+#define PK11_DBG "PKCS#11 ENGINE DEBUG"
-+/* prints a lot of debug messages on stderr about slot selection process */
-+/*#undef DEBUG_SLOT_SELECTION */
-+
-+#ifndef OPENSSL_NO_DSA
-+#define OPENSSL_NO_DSA
-+#endif
-+#ifndef OPENSSL_NO_DH
-+#define OPENSSL_NO_DH
-+#endif
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.c"
-+
-+/*
-+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
-+ * uri_struct manipulation, and static token info. All of that is used by the
-+ * RSA keys by reference feature.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *token_lock;
-+#endif
-+
-+/* PKCS#11 session caches and their locks for all operation types */
-+static PK11_CACHE session_cache[OP_MAX];
-+
-+/*
-+ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
-+ * logging into the token.
-+ */
-+CK_FLAGS pubkey_token_flags;
-+
-+/*
-+ * As stated in v2.20, 11.7 Object Management Function, in section for
-+ * C_FindObjectsInit(), at most one search operation may be active at a given
-+ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
-+ * grouped together to form one atomic search operation. This is already
-+ * ensured by the property of unique PKCS#11 session handle used for each
-+ * PK11_SESSION object.
-+ *
-+ * This is however not the biggest concern - maintaining consistency of the
-+ * underlying object store is more important. The same section of the spec also
-+ * says that one thread can be in the middle of a search operation while another
-+ * thread destroys the object matching the search template which would result in
-+ * invalid handle returned from the search operation.
-+ *
-+ * Hence, the following locks are used for both protection of the object stores.
-+ * They are also used for active list protection.
-+ */
-+#ifndef NOPTHREADS
-+pthread_mutex_t *find_lock[OP_MAX] = { NULL };
-+#endif
-+
-+/*
-+ * lists of asymmetric key handles which are active (referenced by at least one
-+ * PK11_SESSION structure, either held by a thread or present in free_session
-+ * list) for given algorithm type
-+ */
-+PK11_active *active_list[OP_MAX] = { NULL };
-+
-+/*
-+ * Create all secret key objects in a global session so that they are available
-+ * to use for other sessions. These other sessions may be opened or closed
-+ * without losing the secret key objects.
-+ */
-+static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
-+
-+/* ENGINE level stuff */
-+static int pk11_init(ENGINE *e);
-+static int pk11_library_init(ENGINE *e);
-+static int pk11_finish(ENGINE *e);
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+static int pk11_destroy(ENGINE *e);
-+
-+/* RAND stuff */
-+static void pk11_rand_seed(const void *buf, int num);
-+static void pk11_rand_add(const void *buf, int num, double add_entropy);
-+static void pk11_rand_cleanup(void);
-+static int pk11_rand_bytes(unsigned char *buf, int num);
-+static int pk11_rand_status(void);
-+
-+/* These functions are also used in other files */
-+PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
-+void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+
-+/* active list manipulation functions used in this file */
-+extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
-+extern void pk11_free_active_list(PK11_OPTYPE type);
-+
-+int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
-+int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
-+int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
-+
-+/* Local helper functions */
-+static int pk11_free_all_sessions(void);
-+static int pk11_free_session_list(PK11_OPTYPE optype);
-+static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
-+static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent);
-+static const char *get_PK11_LIBNAME(void);
-+static void free_PK11_LIBNAME(void);
-+static long set_PK11_LIBNAME(const char *name);
-+
-+static int pk11_choose_slots(int *any_slot_found);
-+
-+static int pk11_init_all_locks(void);
-+static void pk11_free_all_locks(void);
-+
-+#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
-+ { \
-+ if (uselock) \
-+ LOCK_OBJSTORE(alg_type); \
-+ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
-+ { \
-+ retval = pk11_destroy_object(sp->session, obj_hdl, \
-+ priv ? sp->priv_persistent : sp->pub_persistent); \
-+ } \
-+ if (uselock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ }
-+
-+static CK_BBOOL pk11_have_rsa = CK_FALSE;
-+static CK_BBOOL pk11_have_random = CK_FALSE;
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * The definitions for control commands specific to this engine
-+ */
-+#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
-+#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
-+#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
-+static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
-+ {
-+ {
-+ PK11_CMD_SO_PATH,
-+ "SO_PATH",
-+ "Specifies the path to the 'pkcs#11' shared library",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_PIN,
-+ "PIN",
-+ "Specifies the pin code",
-+ ENGINE_CMD_FLAG_STRING
-+ },
-+ {
-+ PK11_CMD_SLOT,
-+ "SLOT",
-+ "Specifies the slot (default is auto select)",
-+ ENGINE_CMD_FLAG_NUMERIC,
-+ },
-+ {0, NULL, NULL, 0}
-+ };
-+
-+
-+static RAND_METHOD pk11_random =
-+ {
-+ pk11_rand_seed,
-+ pk11_rand_bytes,
-+ pk11_rand_cleanup,
-+ pk11_rand_add,
-+ pk11_rand_bytes,
-+ pk11_rand_status
-+ };
-+
-+
-+/* Constants used when creating the ENGINE */
-+#ifdef OPENSSL_NO_HW_PK11CA
-+#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
-+#endif
-+static const char *engine_pk11_id = "pkcs11";
-+static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
-+
-+CK_FUNCTION_LIST_PTR pFuncList = NULL;
-+static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
-+
-+/*
-+ * This is a static string constant for the DSO file name and the function
-+ * symbol names to bind to. We set it in the Configure script based on whether
-+ * this is 32 or 64 bit build.
-+ */
-+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-+
-+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
-+CK_SLOT_ID pubkey_SLOTID = 0;
-+static CK_SLOT_ID rand_SLOTID = 0;
-+static CK_SLOT_ID SLOTID = 0;
-+char *pk11_pin = NULL;
-+static CK_BBOOL pk11_library_initialized = FALSE;
-+static CK_BBOOL pk11_atfork_initialized = FALSE;
-+static int pk11_pid = 0;
-+
-+static DSO *pk11_dso = NULL;
-+
-+/* allocate and initialize all locks used by the engine itself */
-+static int pk11_init_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(token_lock, NULL);
-+
-+ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (find_lock[OP_RSA] == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ session_cache[type].lock =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t));
-+ if (session_cache[type].lock == NULL)
-+ goto malloc_err;
-+ (void) pthread_mutex_init(session_cache[type].lock, NULL);
-+ }
-+
-+ return (1);
-+
-+malloc_err:
-+ pk11_free_all_locks();
-+ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+#else
-+ return (1);
-+#endif
-+ }
-+
-+static void pk11_free_all_locks(void)
-+ {
-+#ifndef NOPTHREADS
-+ int type;
-+
-+ if (find_lock[OP_RSA] != NULL)
-+ {
-+ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
-+ OPENSSL_free(find_lock[OP_RSA]);
-+ find_lock[OP_RSA] = NULL;
-+ }
-+
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (session_cache[type].lock != NULL)
-+ {
-+ (void) pthread_mutex_destroy(session_cache[type].lock);
-+ OPENSSL_free(session_cache[type].lock);
-+ session_cache[type].lock = NULL;
-+ }
-+ }
-+#endif
-+ }
-+
-+/*
-+ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
-+ */
-+static int bind_pk11(ENGINE *e)
-+ {
-+ if (!pk11_library_initialized)
-+ if (!pk11_library_init(e))
-+ return (0);
-+
-+ if (!ENGINE_set_id(e, engine_pk11_id) ||
-+ !ENGINE_set_name(e, engine_pk11_name))
-+ return (0);
-+
-+ if (pk11_have_rsa == CK_TRUE)
-+ {
-+ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
-+ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
-+ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+
-+ if (pk11_have_random)
-+ {
-+ if (!ENGINE_set_RAND(e, &pk11_random))
-+ return (0);
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: registered random\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ }
-+ if (!ENGINE_set_init_function(e, pk11_init) ||
-+ !ENGINE_set_destroy_function(e, pk11_destroy) ||
-+ !ENGINE_set_finish_function(e, pk11_finish) ||
-+ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
-+ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
-+ return (0);
-+
-+ /* Ensure the pk11 error handling is set up */
-+ ERR_load_pk11_strings();
-+
-+ return (1);
-+ }
-+
-+/* Dynamic engine support is disabled at a higher level for Solaris */
-+#ifdef ENGINE_DYNAMIC_SUPPORT
-+#error "dynamic engine not supported"
-+static int bind_helper(ENGINE *e, const char *id)
-+ {
-+ if (id && (strcmp(id, engine_pk11_id) != 0))
-+ return (0);
-+
-+ if (!bind_pk11(e))
-+ return (0);
-+
-+ return (1);
-+ }
-+
-+IMPLEMENT_DYNAMIC_CHECK_FN()
-+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-+
-+#else
-+static ENGINE *engine_pk11(void)
-+ {
-+ ENGINE *ret = ENGINE_new();
-+
-+ if (!ret)
-+ return (NULL);
-+
-+ if (!bind_pk11(ret))
-+ {
-+ ENGINE_free(ret);
-+ return (NULL);
-+ }
-+
-+ return (ret);
-+ }
-+
-+void
-+ENGINE_load_pk11(void)
-+ {
-+ ENGINE *e_pk11 = NULL;
-+
-+ /*
-+ * Do not use dynamic PKCS#11 library on Solaris due to
-+ * security reasons. We will link it in statically.
-+ */
-+ /* Attempt to load PKCS#11 library */
-+ if (!pk11_dso)
-+ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
-+ return;
-+ }
-+
-+ e_pk11 = engine_pk11();
-+ if (!e_pk11)
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ return;
-+ }
-+
-+ /*
-+ * At this point, the pk11 shared library is either dynamically
-+ * loaded or statically linked in. So, initialize the pk11
-+ * library before calling ENGINE_set_default since the latter
-+ * needs cipher and digest algorithm information
-+ */
-+ if (!pk11_library_init(e_pk11))
-+ {
-+ DSO_free(pk11_dso);
-+ pk11_dso = NULL;
-+ ENGINE_free(e_pk11);
-+ return;
-+ }
-+
-+ ENGINE_add(e_pk11);
-+
-+ ENGINE_free(e_pk11);
-+ ERR_clear_error();
-+ }
-+#endif /* ENGINE_DYNAMIC_SUPPORT */
-+
-+/*
-+ * These are the static string constants for the DSO file name and
-+ * the function symbol names to bind to.
-+ */
-+static const char *PK11_LIBNAME = NULL;
-+
-+static const char *get_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ return (PK11_LIBNAME);
-+
-+ return (def_PK11_LIBNAME);
-+ }
-+
-+static void free_PK11_LIBNAME(void)
-+ {
-+ if (PK11_LIBNAME)
-+ OPENSSL_free((void*)PK11_LIBNAME);
-+
-+ PK11_LIBNAME = NULL;
-+ }
-+
-+static long set_PK11_LIBNAME(const char *name)
-+ {
-+ free_PK11_LIBNAME();
-+
-+ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-+ }
-+
-+/* acquire all engine specific mutexes before fork */
-+static void pk11_fork_prepare(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ LOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_lock(token_lock);
-+ for (i = 0; i < OP_MAX; i++)
-+ {
-+ (void) pthread_mutex_lock(session_cache[i].lock);
-+ }
-+#endif
-+ }
-+
-+/* release all engine specific mutexes */
-+static void pk11_fork_parent(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/*
-+ * same situation as in parent - we need to unlock all locks to make them
-+ * accessible to all threads.
-+ */
-+static void pk11_fork_child(void)
-+ {
-+#ifndef NOPTHREADS
-+ int i;
-+
-+ if (!pk11_library_initialized)
-+ return;
-+
-+ for (i = OP_MAX - 1; i >= 0; i--)
-+ {
-+ (void) pthread_mutex_unlock(session_cache[i].lock);
-+ }
-+ UNLOCK_OBJSTORE(OP_RSA);
-+ (void) pthread_mutex_unlock(token_lock);
-+#endif
-+ }
-+
-+/* Initialization function for the pk11 engine */
-+static int pk11_init(ENGINE *e)
-+{
-+ return (pk11_library_init(e));
-+}
-+
-+static CK_C_INITIALIZE_ARGS pk11_init_args =
-+ {
-+ NULL_PTR, /* CreateMutex */
-+ NULL_PTR, /* DestroyMutex */
-+ NULL_PTR, /* LockMutex */
-+ NULL_PTR, /* UnlockMutex */
-+ CKF_OS_LOCKING_OK, /* flags */
-+ NULL_PTR, /* pReserved */
-+ };
-+
-+/*
-+ * Initialization function. Sets up various PKCS#11 library components.
-+ * It selects a slot based on predefined critiera. In the process, it also
-+ * count how many ciphers and digests to support. Since the cipher and
-+ * digest information is needed when setting default engine, this function
-+ * needs to be called before calling ENGINE_set_default.
-+ */
-+/* ARGSUSED */
-+static int pk11_library_init(ENGINE *e)
-+ {
-+ CK_C_GetFunctionList p;
-+ CK_RV rv = CKR_OK;
-+ CK_INFO info;
-+ int any_slot_found;
-+ int i;
-+#ifndef OPENSSL_SYS_WIN32
-+ struct sigaction sigint_act, sigterm_act, sighup_act;
-+#endif
-+
-+ /*
-+ * pk11_library_initialized is set to 0 in pk11_finish() which
-+ * is called from ENGINE_finish(). However, if there is still
-+ * at least one existing functional reference to the engine
-+ * (see engine(3) for more information), pk11_finish() is
-+ * skipped. For example, this can happen if an application
-+ * forgets to clear one cipher context. In case of a fork()
-+ * when the application is finishing the engine so that it can
-+ * be reinitialized in the child, forgotten functional
-+ * reference causes pk11_library_initialized to stay 1. In
-+ * that case we need the PID check so that we properly
-+ * initialize the engine again.
-+ */
-+ if (pk11_library_initialized)
-+ {
-+ if (pk11_pid == getpid())
-+ {
-+ return (1);
-+ }
-+ else
-+ {
-+ global_session = CK_INVALID_HANDLE;
-+ /*
-+ * free the locks first to prevent memory leak in case
-+ * the application calls fork() without finishing the
-+ * engine first.
-+ */
-+ pk11_free_all_locks();
-+ }
-+ }
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the C_GetFunctionList function from the loaded library */
-+ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
-+ PK11_GET_FUNCTION_LIST);
-+ if (!p)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the full function list from the loaded library */
-+ rv = p(&pFuncList);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
-+ goto err;
-+ }
-+
-+#ifndef OPENSSL_SYS_WIN32
-+ /* Not all PKCS#11 library are signal safe! */
-+
-+ (void) memset(&sigint_act, 0, sizeof(sigint_act));
-+ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
-+ (void) memset(&sighup_act, 0, sizeof(sighup_act));
-+ (void) sigaction(SIGINT, NULL, &sigint_act);
-+ (void) sigaction(SIGTERM, NULL, &sigterm_act);
-+ (void) sigaction(SIGHUP, NULL, &sighup_act);
-+#endif
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+#ifndef OPENSSL_SYS_WIN32
-+ (void) sigaction(SIGINT, &sigint_act, NULL);
-+ (void) sigaction(SIGTERM, &sigterm_act, NULL);
-+ (void) sigaction(SIGHUP, &sighup_act, NULL);
-+#endif
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_GetInfo(&info);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
-+ goto err;
-+ }
-+
-+ if (pk11_choose_slots(&any_slot_found) == 0)
-+ goto err;
-+
-+ /*
-+ * The library we use, set in def_PK11_LIBNAME, may not offer any
-+ * slot(s). In that case, we must not proceed but we must not return an
-+ * error. The reason is that applications that try to set up the PKCS#11
-+ * engine don't exit on error during the engine initialization just
-+ * because no slot was present.
-+ */
-+ if (any_slot_found == 0)
-+ return (1);
-+
-+ if (global_session == CK_INVALID_HANDLE)
-+ {
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LIBRARY_INIT,
-+ PK11_R_OPENSESSION, rv);
-+ goto err;
-+ }
-+ }
-+
-+ pk11_library_initialized = TRUE;
-+ pk11_pid = getpid();
-+ /*
-+ * if initialization of the locks fails pk11_init_all_locks()
-+ * will do the cleanup.
-+ */
-+ if (!pk11_init_all_locks())
-+ goto err;
-+ for (i = 0; i < OP_MAX; i++)
-+ session_cache[i].head = NULL;
-+ /*
-+ * initialize active lists. We only use active lists
-+ * for asymmetric ciphers.
-+ */
-+ for (i = 0; i < OP_MAX; i++)
-+ active_list[i] = NULL;
-+
-+#ifndef NOPTHREADS
-+ if (!pk11_atfork_initialized)
-+ {
-+ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
-+ pk11_fork_child) != 0)
-+ {
-+ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
-+ goto err;
-+ }
-+ pk11_atfork_initialized = TRUE;
-+ }
-+#endif
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Destructor (complements the "ENGINE_pk11()" constructor) */
-+/* ARGSUSED */
-+static int pk11_destroy(ENGINE *e)
-+ {
-+ free_PK11_LIBNAME();
-+ ERR_unload_pk11_strings();
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+ return (1);
-+ }
-+
-+/*
-+ * Termination function to clean up the session, the token, and the pk11
-+ * library.
-+ */
-+/* ARGSUSED */
-+static int pk11_finish(ENGINE *e)
-+ {
-+ int i;
-+
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (pk11_dso == NULL)
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
-+ goto err;
-+ }
-+
-+ OPENSSL_assert(pFuncList != NULL);
-+
-+ if (pk11_free_all_sessions() == 0)
-+ goto err;
-+
-+ /* free all active lists */
-+ for (i = 0; i < OP_MAX; i++)
-+ pk11_free_active_list(i);
-+
-+ pFuncList->C_CloseSession(global_session);
-+ global_session = CK_INVALID_HANDLE;
-+
-+ /*
-+ * Since we are part of a library (libcrypto.so), calling this function
-+ * may have side-effects.
-+ */
-+#if 0
-+ pFuncList->C_Finalize(NULL);
-+#endif
-+
-+ if (!DSO_free(pk11_dso))
-+ {
-+ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
-+ goto err;
-+ }
-+ pk11_dso = NULL;
-+ pFuncList = NULL;
-+ pk11_library_initialized = FALSE;
-+ pk11_pid = 0;
-+ /*
-+ * There is no way how to unregister atfork handlers (other than
-+ * unloading the library) so we just free the locks. For this reason
-+ * the atfork handlers check if the engine is initialized and bail out
-+ * immediately if not. This is necessary in case a process finishes
-+ * the engine before calling fork().
-+ */
-+ pk11_free_all_locks();
-+
-+ return (1);
-+
-+err:
-+ return (0);
-+ }
-+
-+/* Standard engine interface function to set the dynamic library path */
-+/* ARGSUSED */
-+static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-+ {
-+ int initialized = ((pk11_dso == NULL) ? 0 : 1);
-+
-+ switch (cmd)
-+ {
-+ case PK11_CMD_SO_PATH:
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ if (initialized)
-+ {
-+ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
-+ return (0);
-+ }
-+
-+ return (set_PK11_LIBNAME((const char *)p));
-+ case PK11_CMD_PIN:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+
-+ if (p == NULL)
-+ {
-+ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-+ return (0);
-+ }
-+
-+ pk11_pin = BUF_strdup(p);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+ return (1);
-+ case PK11_CMD_SLOT:
-+ SLOTID = (CK_SLOT_ID)i;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: slot set\n", PK11_DBG);
-+#endif
-+ return (1);
-+ default:
-+ break;
-+ }
-+
-+ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-+
-+ return (0);
-+ }
-+
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static void pk11_rand_cleanup(void)
-+ {
-+ return;
-+ }
-+
-+/* ARGSUSED */
-+static void pk11_rand_add(const void *buf, int num, double add)
-+ {
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return;
-+
-+ /*
-+ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
-+ * the calling functions do not care anyway
-+ */
-+ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
-+ pk11_return_session(sp, OP_RAND);
-+
-+ return;
-+ }
-+
-+static void pk11_rand_seed(const void *buf, int num)
-+ {
-+ pk11_rand_add(buf, num, 0);
-+ }
-+
-+static int pk11_rand_bytes(unsigned char *buf, int num)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp;
-+
-+ if ((sp = pk11_get_session(OP_RAND)) == NULL)
-+ return (0);
-+
-+ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
-+ pk11_return_session(sp, OP_RAND);
-+ return (0);
-+ }
-+
-+ pk11_return_session(sp, OP_RAND);
-+ return (1);
-+ }
-+
-+/* Required function by the engine random interface. It does nothing here */
-+static int pk11_rand_status(void)
-+ {
-+ return (1);
-+ }
-+
-+/* Free all BIGNUM structures from PK11_SESSION. */
-+static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+
-+/*
-+ * Get new PK11_SESSION structure ready for use. Every process must have
-+ * its own freelist of PK11_SESSION structures so handle fork() here
-+ * by destroying the old and creating new freelist.
-+ * The returned PK11_SESSION structure is disconnected from the freelist.
-+ */
-+PK11_SESSION *
-+pk11_get_session(PK11_OPTYPE optype)
-+ {
-+ PK11_SESSION *sp = NULL, *sp1, *freelist;
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock = NULL;
-+#endif
-+ static pid_t pid = 0;
-+ pid_t new_pid;
-+ CK_RV rv;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (NULL);
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ /*
-+ * Will use it to find out if we forked. We cannot use the PID field in
-+ * the session structure because we could get a newly allocated session
-+ * here, with no PID information.
-+ */
-+ if (pid == 0)
-+ pid = getpid();
-+
-+ freelist = session_cache[optype].head;
-+ sp = freelist;
-+
-+ /*
-+ * If the free list is empty, allocate new unitialized (filled
-+ * with zeroes) PK11_SESSION structure otherwise return first
-+ * structure from the freelist.
-+ */
-+ if (sp == NULL)
-+ {
-+ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
-+ {
-+ PK11err(PK11_F_GET_SESSION,
-+ PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ (void) memset(sp, 0, sizeof (PK11_SESSION));
-+
-+ /*
-+ * It is a new session so it will look like a cache miss to the
-+ * code below. So, we must not try to to destroy its members so
-+ * mark them as unused.
-+ */
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ }
-+ else
-+ {
-+ freelist = sp->next;
-+ }
-+
-+ /*
-+ * Check whether we have forked. In that case, we must get rid of all
-+ * inherited sessions and start allocating new ones.
-+ */
-+ if (pid != (new_pid = getpid()))
-+ {
-+ pid = new_pid;
-+
-+ /*
-+ * We are a new process and thus need to free any inherited
-+ * PK11_SESSION objects aside from the first session (sp) which
-+ * is the only PK11_SESSION structure we will reuse (for the
-+ * head of the list).
-+ */
-+ while ((sp1 = freelist) != NULL)
-+ {
-+ freelist = sp1->next;
-+ /*
-+ * NOTE: we do not want to call pk11_free_all_sessions()
-+ * here because it would close underlying PKCS#11
-+ * sessions and destroy all objects.
-+ */
-+ pk11_free_nums(sp1, optype);
-+ OPENSSL_free(sp1);
-+ }
-+
-+ /* we have to free the active list as well. */
-+ pk11_free_active_list(optype);
-+
-+ /* Initialize the process */
-+ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
-+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * Choose slot here since the slot table is different on this
-+ * process. If we are here then we must have found at least one
-+ * usable slot before so we don't need to check any_slot_found.
-+ * See pk11_library_init()'s usage of this function for more
-+ * information.
-+ */
-+ if (pk11_choose_slots(NULL) == 0)
-+ goto err;
-+
-+ /* Open the global_session for the new process */
-+ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &global_session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
-+ rv);
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+
-+ /*
-+ * It is an inherited session from our parent so it needs
-+ * re-initialization.
-+ */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ goto err;
-+ }
-+ if (pk11_token_relogin(sp->session) == 0)
-+ {
-+ /*
-+ * We will keep the session in the cache list and let
-+ * the caller cope with the situation.
-+ */
-+ freelist = sp;
-+ sp = NULL;
-+ goto err;
-+ }
-+ }
-+
-+ if (sp->pid == 0)
-+ {
-+ /* It is a new session and needs initialization. */
-+ if (pk11_setup_session(sp, optype) == 0)
-+ {
-+ OPENSSL_free(sp);
-+ sp = NULL;
-+ }
-+ }
-+
-+ /* set new head for the list of PK11_SESSION objects */
-+ session_cache[optype].head = freelist;
-+
-+err:
-+ if (sp != NULL)
-+ sp->next = NULL;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (sp);
-+ }
-+
-+
-+void
-+pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ PK11_SESSION *freelist;
-+
-+ /*
-+ * If this is a session from the parent it will be taken care of and
-+ * freed in pk11_get_session() as part of the post-fork clean up the
-+ * next time we will ask for a new session.
-+ */
-+ if (sp == NULL || sp->pid != getpid())
-+ return;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_RETURN_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return;
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ sp->next = freelist;
-+ session_cache[optype].head = sp;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+
-+
-+/* Destroy all objects. This function is called when the engine is finished */
-+static int pk11_free_all_sessions()
-+ {
-+ int ret = 1;
-+ int type;
-+
-+ (void) pk11_destroy_rsa_key_objects(NULL);
-+
-+ /*
-+ * We try to release as much as we can but any error means that we will
-+ * return 0 on exit.
-+ */
-+ for (type = 0; type < OP_MAX; type++)
-+ {
-+ if (pk11_free_session_list(type) == 0)
-+ ret = 0;
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy session structures from the linked list specified. Free as many
-+ * sessions as possible but any failure in C_CloseSession() means that we
-+ * return an error on return.
-+ */
-+static int pk11_free_session_list(PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *freelist = NULL;
-+ pid_t mypid = getpid();
-+#ifndef NOPTHREADS
-+ pthread_mutex_t *freelist_lock;
-+#endif
-+ int ret = 1;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ case OP_DSA:
-+ case OP_DH:
-+ case OP_RAND:
-+ case OP_DIGEST:
-+ case OP_CIPHER:
-+#ifndef NOPTHREADS
-+ freelist_lock = session_cache[optype].lock;
-+#endif
-+ break;
-+ default:
-+ PK11err(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(freelist_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ freelist = session_cache[optype].head;
-+ while ((sp = freelist) != NULL)
-+ {
-+ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
-+ {
-+ rv = pFuncList->C_CloseSession(sp->session);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
-+ PK11_R_CLOSESESSION, rv);
-+ ret = 0;
-+ }
-+ }
-+ freelist = sp->next;
-+ pk11_free_nums(sp, optype);
-+ OPENSSL_free(sp);
-+ }
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(freelist_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (ret);
-+ }
-+
-+
-+static int
-+pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
-+ {
-+ CK_RV rv;
-+ CK_SLOT_ID myslot;
-+
-+ switch (optype)
-+ {
-+ case OP_RSA:
-+ myslot = pubkey_SLOTID;
-+ break;
-+ case OP_RAND:
-+ myslot = rand_SLOTID;
-+ break;
-+ default:
-+ PK11err(PK11_F_SETUP_SESSION,
-+ PK11_R_INVALID_OPERATION_TYPE);
-+ return (0);
-+ }
-+
-+ sp->session = CK_INVALID_HANDLE;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
-+ {
-+ /*
-+ * We are probably a child process so force the
-+ * reinitialize of the session
-+ */
-+ pk11_library_initialized = FALSE;
-+ if (!pk11_library_init(NULL))
-+ return (0);
-+ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
-+ NULL_PTR, NULL_PTR, &sp->session);
-+ }
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
-+ return (0);
-+ }
-+
-+ sp->pid = getpid();
-+
-+ if (optype == OP_RSA)
-+ {
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ sp->opdata_rsa_n_num = NULL;
-+ sp->opdata_rsa_e_num = NULL;
-+ sp->opdata_rsa_priv = NULL;
-+ sp->opdata_rsa_pn_num = NULL;
-+ sp->opdata_rsa_pe_num = NULL;
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * We always initialize the session as containing a non-persistent
-+ * object. The key load functions set it to persistent if that is so.
-+ */
-+ sp->pub_persistent = CK_FALSE;
-+ sp->priv_persistent = CK_FALSE;
-+ return (1);
-+ }
-+
-+/* Destroy RSA public key from single session. */
-+int
-+pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
-+ ret, uselock, OP_RSA, CK_FALSE);
-+ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_pub = NULL;
-+ if (sp->opdata_rsa_n_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_n_num);
-+ sp->opdata_rsa_n_num = NULL;
-+ }
-+ if (sp->opdata_rsa_e_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_e_num);
-+ sp->opdata_rsa_e_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/* Destroy RSA private key from single session. */
-+int
-+pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
-+ {
-+ int ret = 0;
-+
-+ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
-+ {
-+ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
-+ ret, uselock, OP_RSA, CK_TRUE);
-+ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
-+ sp->opdata_rsa_priv = NULL;
-+ if (sp->opdata_rsa_d_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_d_num);
-+ sp->opdata_rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the RSA key by reference code, public components 'n'/'e'
-+ * are the key components we use to check for the cache hit. We
-+ * must free those as well.
-+ */
-+ if (sp->opdata_rsa_pn_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pn_num);
-+ sp->opdata_rsa_pn_num = NULL;
-+ }
-+ if (sp->opdata_rsa_pe_num != NULL)
-+ {
-+ BN_free(sp->opdata_rsa_pe_num);
-+ sp->opdata_rsa_pe_num = NULL;
-+ }
-+ }
-+
-+ return (ret);
-+ }
-+
-+/*
-+ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
-+ * objects in the free list.
-+ */
-+int
-+pk11_destroy_rsa_key_objects(PK11_SESSION *session)
-+ {
-+ int ret = 1;
-+ PK11_SESSION *sp = NULL;
-+ PK11_SESSION *local_free_session;
-+ CK_BBOOL uselock = TRUE;
-+
-+ if (session != NULL)
-+ local_free_session = session;
-+ else
-+ {
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ local_free_session = session_cache[OP_RSA].head;
-+ uselock = FALSE;
-+ }
-+
-+ /*
-+ * go through the list of sessions and delete key objects
-+ */
-+ while ((sp = local_free_session) != NULL)
-+ {
-+ local_free_session = sp->next;
-+
-+ /*
-+ * Do not terminate list traversal if one of the
-+ * destroy operations fails.
-+ */
-+ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
-+ {
-+ ret = 0;
-+ continue;
-+ }
-+ }
-+
-+#ifndef NOPTHREADS
-+ if (session == NULL)
-+ (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
-+#else
-+ if (session == NULL)
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (ret);
-+ }
-+
-+static int
-+pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
-+ CK_BBOOL persistent)
-+ {
-+ CK_RV rv;
-+
-+ /*
-+ * We never try to destroy persistent objects which are the objects
-+ * stored in the keystore. Also, we always use read-only sessions so
-+ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
-+ */
-+ if (persistent == CK_TRUE)
-+ return (1);
-+
-+ rv = pFuncList->C_DestroyObject(session, oh);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
-+ rv);
-+ return (0);
-+ }
-+
-+ return (1);
-+ }
-+
-+
-+/*
-+ * Public key mechanisms optionally supported
-+ *
-+ * CKM_RSA_PKCS
-+ *
-+ * The first slot that supports at least one of those mechanisms is chosen as a
-+ * public key slot.
-+ *
-+ * The output of this function is a set of global variables indicating which
-+ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
-+ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
-+ * variables carry information about which slot was chosen for (a) public key
-+ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
-+ */
-+static int
-+pk11_choose_slots(int *any_slot_found)
-+ {
-+ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
-+ CK_ULONG ulSlotCount = 0;
-+ CK_MECHANISM_INFO mech_info;
-+ CK_TOKEN_INFO token_info;
-+ unsigned int i;
-+ CK_RV rv;
-+ CK_SLOT_ID best_slot_sofar = 0;
-+ CK_BBOOL found_candidate_slot = CK_FALSE;
-+ CK_SLOT_ID current_slot = 0;
-+
-+ /* let's initialize the output parameter */
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 0;
-+
-+ /* Get slot list for memory allocation */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ return (0);
-+ }
-+
-+ /* it's not an error if we didn't find any providers */
-+ if (ulSlotCount == 0)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ return (1);
-+ }
-+
-+ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
-+
-+ if (pSlotList == NULL)
-+ {
-+ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
-+ return (0);
-+ }
-+
-+ /* Get the slot list for processing */
-+ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
-+ OPENSSL_free(pSlotList);
-+ return (0);
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
-+ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
-+
-+ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ /* Check if slot has random support. */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (token_info.flags & CKF_RNG)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ pk11_have_random = CK_TRUE;
-+ rand_SLOTID = current_slot;
-+ break;
-+ }
-+ }
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ pubkey_SLOTID = pSlotList[0];
-+ for (i = 0; i < ulSlotCount; i++)
-+ {
-+ CK_BBOOL slot_has_rsa = CK_FALSE;
-+ current_slot = pSlotList[i];
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
-+ if (rv != CKR_OK)
-+ continue;
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ /*
-+ * Check if this slot is capable of signing with CKM_RSA_PKCS.
-+ */
-+ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
-+ &mech_info);
-+
-+ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
-+ {
-+ slot_has_rsa = CK_TRUE;
-+ }
-+
-+ if (!found_candidate_slot && slot_has_rsa)
-+ {
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: potential slot: %d\n", PK11_DBG, current_slot);
-+#endif /* DEBUG_SLOT_SELECTION */
-+ best_slot_sofar = current_slot;
-+ pk11_have_rsa = slot_has_rsa;
-+ found_candidate_slot = CK_TRUE;
-+ /*
-+ * Cache the flags for later use. We might
-+ * need those if RSA keys by reference feature
-+ * is used.
-+ */
-+ pubkey_token_flags = token_info.flags;
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: setting found_candidate_slot to CK_TRUE\n",
-+ PK11_DBG);
-+ fprintf(stderr,
-+ "%s: best so far slot: %d\n", PK11_DBG,
-+ best_slot_sofar);
-+ fprintf(stderr, "%s: pubkey flags changed to "
-+ "%lu.\n", PK11_DBG, pubkey_token_flags);
-+ }
-+ else
-+ {
-+ fprintf(stderr,
-+ "%s: no rsa\n", PK11_DBG);
-+ }
-+#else
-+ } /* if */
-+#endif /* DEBUG_SLOT_SELECTION */
-+ } /* for */
-+
-+ if (found_candidate_slot == CK_TRUE)
-+ {
-+ pubkey_SLOTID = best_slot_sofar;
-+ }
-+
-+ /*SLOTID = pSlotList[0];*/
-+
-+#ifdef DEBUG_SLOT_SELECTION
-+ fprintf(stderr,
-+ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
-+ fprintf(stderr,
-+ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
-+ fprintf(stderr,
-+ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
-+ fprintf(stderr,
-+ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
-+#endif /* DEBUG_SLOT_SELECTION */
-+
-+ if (pSlotList != NULL)
-+ OPENSSL_free(pSlotList);
-+
-+ if (any_slot_found != NULL)
-+ *any_slot_found = 1;
-+ return (1);
-+ }
-+
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/hw_pk11so.h
-diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
---- /dev/null Tue Jun 19 16:21:26 2012
-+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
-@@ -0,0 +1,32 @@
-+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
-+
-+#define token_lock pk11so_token_lock
-+#define find_lock pk11so_find_lock
-+#define active_list pk11so_active_list
-+#define pubkey_token_flags pk11so_pubkey_token_flags
-+#define pubkey_SLOTID pk11so_pubkey_SLOTID
-+#define ERR_pk11_error ERR_pk11so_error
-+#define PK11err_add_data PK11SOerr_add_data
-+#define pk11_get_session pk11so_get_session
-+#define pk11_return_session pk11so_return_session
-+#define pk11_active_add pk11so_active_add
-+#define pk11_active_delete pk11so_active_delete
-+#define pk11_active_remove pk11so_active_remove
-+#define pk11_free_active_list pk11so_free_active_list
-+#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
-+#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
-+#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
-+#define pk11_load_privkey pk11so_load_privkey
-+#define pk11_load_pubkey pk11so_load_pubkey
-+#define PK11_RSA PK11SO_RSA
-+#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
-+#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
-+#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
-+#define PK11_DSA PK11SO_DSA
-+#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
-+#define pk11_destroy_dh_object pk11so_destroy_dh_object
-+#define PK11_DH PK11SO_DH
-+#define pk11_token_relogin pk11so_token_relogin
-+#define pFuncList pk11so_pFuncList
-+#define pk11_pin pk11so_pin
-+#define ENGINE_load_pk11 ENGINE_load_pk11so
-Index: openssl/crypto/engine/hw_pk11so_pub.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
---- /dev/null Tue Jun 19 16:21:26 2012
-+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:24 2012
-@@ -0,0 +1,1622 @@
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+/* crypto/engine/hw_pk11_pub.c */
-+/*
-+ * This product includes software developed by the OpenSSL Project for
-+ * use in the OpenSSL Toolkit (http://www.openssl.org/).
-+ *
-+ * This project also referenced hw_pkcs11-0.9.7b.patch written by
-+ * Afchine Madjlessi.
-+ */
-+/*
-+ * ====================================================================
-+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay at cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh at cryptsoft.com).
-+ *
-+ */
-+
-+/* Modified to keep only RNG and RSA Sign */
-+
-+#ifdef OPENSSL_NO_RSA
-+#error RSA is disabled
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+
-+#include <openssl/e_os2.h>
-+#include <openssl/crypto.h>
-+#include <cryptlib.h>
-+#include <openssl/engine.h>
-+#include <openssl/dso.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/pem.h>
-+#include <openssl/rsa.h>
-+#include <openssl/rand.h>
-+#include <openssl/objects.h>
-+#include <openssl/x509.h>
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#define NOPTHREADS
-+typedef int pid_t;
-+#define HAVE_GETPASSPHRASE
-+static char *getpassphrase(const char *prompt);
-+#ifndef NULL_PTR
-+#define NULL_PTR NULL
-+#endif
-+#define CK_DEFINE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllexport) name
-+#define CK_DECLARE_FUNCTION(returnType, name) \
-+ returnType __declspec(dllimport) name
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ returnType __declspec(dllimport) (* name)
-+#else
-+#include <unistd.h>
-+#endif
-+
-+#ifndef NOPTHREADS
-+#include <pthread.h>
-+#endif
-+
-+#ifndef OPENSSL_NO_HW
-+#ifndef OPENSSL_NO_HW_PK11
-+#ifndef OPENSSL_NO_HW_PK11SO
-+
-+#ifdef OPENSSL_SYS_WIN32
-+#pragma pack(push, cryptoki, 1)
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
-+#else
-+#include "cryptoki.h"
-+#include "pkcs11.h"
-+#endif
-+#include "hw_pk11so.h"
-+#include "hw_pk11_err.h"
-+
-+static CK_BBOOL pk11_login_done = CK_FALSE;
-+extern CK_SLOT_ID pubkey_SLOTID;
-+#ifndef NOPTHREADS
-+extern pthread_mutex_t *token_lock;
-+#endif
-+
-+#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
-+#define getpassphrase(x) getpass(x)
-+#endif
-+
-+/* RSA stuff */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
-+static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
-+ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session);
-+
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
-+
-+static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
-+static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
-+ CK_ULONG *ulValueLen);
-+static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
-+
-+static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private);
-+
-+/* Read mode string to be used for fopen() */
-+#if SOLARIS_OPENSSL
-+static char *read_mode_flags = "rF";
-+#else
-+static char *read_mode_flags = "r";
-+#endif
-+
-+/*
-+ * increment/create reference for an asymmetric key handle via active list
-+ * manipulation. If active list operation fails, unlock (if locked), set error
-+ * variable and jump to the specified label.
-+ */
-+#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
-+ { \
-+ if (pk11_active_add(key_handle, alg_type) < 0) \
-+ { \
-+ var = TRUE; \
-+ if (unlock) \
-+ UNLOCK_OBJSTORE(alg_type); \
-+ goto label; \
-+ } \
-+ }
-+
-+/*
-+ * Find active list entry according to object handle and return pointer to the
-+ * entry otherwise return NULL.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ for (entry = active_list[type]; entry != NULL; entry = entry->next)
-+ if (entry->h == h)
-+ return (entry);
-+
-+ return (NULL);
-+ }
-+
-+/*
-+ * Search for an entry in the active list using PKCS#11 object handle as a
-+ * search key and return refcnt of the found/created entry or -1 in case of
-+ * failure.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if (h == CK_INVALID_HANDLE)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ /* search for entry in the active list */
-+ if ((entry = pk11_active_find(h, type)) != NULL)
-+ entry->refcnt++;
-+ else
-+ {
-+ /* not found, create new entry and add it to the list */
-+ entry = OPENSSL_malloc(sizeof (PK11_active));
-+ if (entry == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
-+ return (-1);
-+ }
-+ entry->h = h;
-+ entry->refcnt = 1;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ /* connect the newly created entry to the list */
-+ if (active_list[type] == NULL)
-+ active_list[type] = entry;
-+ else /* make the entry first in the list */
-+ {
-+ entry->next = active_list[type];
-+ active_list[type]->prev = entry;
-+ active_list[type] = entry;
-+ }
-+ }
-+
-+ return (entry->refcnt);
-+ }
-+
-+/*
-+ * Remove active list entry from the list and free it.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+void
-+pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
-+ {
-+ PK11_active *prev_entry;
-+
-+ /* remove the entry from the list and free it */
-+ if ((prev_entry = entry->prev) != NULL)
-+ {
-+ prev_entry->next = entry->next;
-+ if (entry->next != NULL)
-+ entry->next->prev = prev_entry;
-+ }
-+ else
-+ {
-+ active_list[type] = entry->next;
-+ /* we were the first but not the only one */
-+ if (entry->next != NULL)
-+ entry->next->prev = NULL;
-+ }
-+
-+ /* sanitization */
-+ entry->h = CK_INVALID_HANDLE;
-+ entry->prev = NULL;
-+ entry->next = NULL;
-+ OPENSSL_free(entry);
-+ }
-+
-+/* Free all entries from the active list. */
-+void
-+pk11_free_active_list(PK11_OPTYPE type)
-+ {
-+ PK11_active *entry;
-+
-+ /* only for asymmetric types since only they have C_Find* locks. */
-+ switch (type)
-+ {
-+ case OP_RSA:
-+ break;
-+ default:
-+ return;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(type);
-+ while ((entry = active_list[type]) != NULL)
-+ pk11_active_remove(entry, type);
-+ UNLOCK_OBJSTORE(type);
-+ }
-+
-+/*
-+ * Search for active list entry associated with given PKCS#11 object handle,
-+ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
-+ *
-+ * Return 1 if the PKCS#11 object associated with the entry has no references,
-+ * return 0 if there is at least one reference, -1 on error.
-+ *
-+ * This function presumes it is called with lock protecting the active list
-+ * held.
-+ */
-+int
-+pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
-+ {
-+ PK11_active *entry = NULL;
-+
-+ if ((entry = pk11_active_find(h, type)) == NULL)
-+ {
-+ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
-+ return (-1);
-+ }
-+
-+ OPENSSL_assert(entry->refcnt > 0);
-+ entry->refcnt--;
-+ if (entry->refcnt == 0)
-+ {
-+ pk11_active_remove(entry, type);
-+ return (1);
-+ }
-+
-+ return (0);
-+ }
-+
-+/* Our internal RSA_METHOD that we provide pointers to */
-+static RSA_METHOD pk11_rsa;
-+
-+RSA_METHOD *
-+PK11_RSA(void)
-+ {
-+ const RSA_METHOD *rsa;
-+
-+ if (pk11_rsa.name == NULL)
-+ {
-+ rsa = RSA_PKCS1_SSLeay();
-+ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
-+ pk11_rsa.name = "PKCS#11 RSA method";
-+ pk11_rsa.rsa_sign = pk11_RSA_sign;
-+ }
-+ return (&pk11_rsa);
-+ }
-+
-+/* Size of an SSL signature: MD5+SHA1 */
-+#define SSL_SIG_LENGTH 36
-+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
-+
-+/*
-+ * Standard engine interface function. Majority codes here are from
-+ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
-+ * See more details in rsa/rsa_sign.c
-+ */
-+static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-+ {
-+ X509_SIG sig;
-+ ASN1_TYPE parameter;
-+ int i, j = 0;
-+ unsigned char *p, *s = NULL;
-+ X509_ALGOR algor;
-+ ASN1_OCTET_STRING digest;
-+ CK_RV rv;
-+ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
-+ CK_MECHANISM *p_mech = &mech_rsa;
-+ CK_OBJECT_HANDLE h_priv_key;
-+ PK11_SESSION *sp = NULL;
-+ int ret = 0;
-+ unsigned long ulsiglen;
-+
-+ /* Encode the digest */
-+ /* Special case: SSL signature, just check the length */
-+ if (type == NID_md5_sha1)
-+ {
-+ if (m_len != SSL_SIG_LENGTH)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_INVALID_MESSAGE_LENGTH);
-+ goto err;
-+ }
-+ i = SSL_SIG_LENGTH;
-+ s = (unsigned char *)m;
-+ }
-+ else
-+ {
-+ sig.algor = &algor;
-+ sig.algor->algorithm = OBJ_nid2obj(type);
-+ if (sig.algor->algorithm == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ALGORITHM_TYPE);
-+ goto err;
-+ }
-+ if (sig.algor->algorithm->length == 0)
-+ {
-+ PK11err(PK11_F_RSA_SIGN,
-+ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
-+ goto err;
-+ }
-+ parameter.type = V_ASN1_NULL;
-+ parameter.value.ptr = NULL;
-+ sig.algor->parameter = ¶meter;
-+
-+ sig.digest = &digest;
-+ sig.digest->data = (unsigned char *)m;
-+ sig.digest->length = m_len;
-+
-+ i = i2d_X509_SIG(&sig, NULL);
-+ }
-+
-+ j = RSA_size(rsa);
-+ if ((i - RSA_PKCS1_PADDING) > j)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
-+ goto err;
-+ }
-+
-+ if (type != NID_md5_sha1)
-+ {
-+ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
-+ if (s == NULL)
-+ {
-+ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ p = s;
-+ (void) i2d_X509_SIG(&sig, &p);
-+ }
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ goto err;
-+
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+
-+ h_priv_key = sp->opdata_rsa_priv_key;
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key((RSA *)rsa,
-+ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
-+ sp->session);
-+
-+ if (h_priv_key != CK_INVALID_HANDLE)
-+ {
-+ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
-+ goto err;
-+ }
-+
-+ ulsiglen = j;
-+ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
-+ (CK_ULONG_PTR) &ulsiglen);
-+ *siglen = ulsiglen;
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
-+ goto err;
-+ }
-+ ret = 1;
-+ }
-+
-+err:
-+ if ((type != NID_md5_sha1) && (s != NULL))
-+ {
-+ (void) memset(s, 0, (unsigned int)(j + 1));
-+ OPENSSL_free(s);
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (ret);
-+ }
-+
-+static int hndidx_rsa = -1;
-+
-+#define MAXATTR 1024
-+
-+/*
-+ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *privkey;
-+ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BBOOL rollback = FALSE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for private keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize the OpenSSL RSA
-+ * structure with something we can use to look up the key. Note that we
-+ * never ask for private components.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(privkey_file, "pkcs11:") == privkey_file)
-+ {
-+ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_TRUE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ if (hndidx_rsa == -1)
-+ hndidx_rsa = RSA_get_ex_new_index(0,
-+ "pkcs11 RSA HSM key handle",
-+ NULL, NULL, NULL);
-+
-+ /*
-+ * We might have a cache hit which we could confirm
-+ * according to the 'n'/'e' params, RSA public pointer
-+ * as NULL, and non-NULL RSA private pointer. However,
-+ * it is easier just to recreate everything. We expect
-+ * the keys to be loaded once and used many times. We
-+ * do not check the return value because even in case
-+ * of failure the sp structure will have both key
-+ * pointer and object handle cleaned and
-+ * pk11_destroy_object() reports the failure to the
-+ * OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+
-+ sp->opdata_rsa_priv_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->priv_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA private structure pointer. We do not
-+ * use it now for key-by-ref keys but let's do it for
-+ * consistency reasons.
-+ */
-+ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
-+ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ /*
-+ * We do not use pk11_get_private_rsa_key() here so we
-+ * must take care of handle management ourselves.
-+ */
-+ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, FALSE, rollback, err);
-+
-+ /*
-+ * Those are the sensitive components we do not want to export
-+ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+ /*
-+ * Must have 'n'/'e' components in the session structure as
-+ * well. They serve as a public look-up key for the private key
-+ * in the keystore.
-+ */
-+ attr_to_BN(&get_templ[0], attr_data[0],
-+ &sp->opdata_rsa_pn_num);
-+ attr_to_BN(&get_templ[1], attr_data[1],
-+ &sp->opdata_rsa_pe_num);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+ }
-+ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
-+ (void) fclose(privkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_priv(sp, rsa);
-+ sp->priv_persistent = CK_FALSE;
-+
-+ h_priv_key = sp->opdata_rsa_priv_key =
-+ pk11_get_private_rsa_key(rsa,
-+ &sp->opdata_rsa_priv,
-+ &sp->opdata_rsa_d_num,
-+ &sp->opdata_rsa_pn_num,
-+ &sp->opdata_rsa_pe_num, sp->session);
-+ if (h_priv_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ rollback = rollback;
-+ return (pkey);
-+ }
-+
-+/*
-+ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
-+ * PKCS#11 token.
-+ */
-+/* ARGSUSED */
-+EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
-+ UI_METHOD *ui_method, void *callback_data)
-+ {
-+ EVP_PKEY *pkey = NULL;
-+ FILE *pubkey;
-+ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
-+ RSA *rsa = NULL;
-+ PK11_SESSION *sp;
-+ /* Anything else below is needed for the key by reference extension. */
-+ CK_RV rv;
-+ CK_BBOOL is_token = TRUE;
-+ CK_BYTE attr_data[2][MAXATTR];
-+ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
-+ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
-+
-+ /* we look for public keys only */
-+ CK_ATTRIBUTE search_templ[] =
-+ {
-+ {CKA_TOKEN, &is_token, sizeof(is_token)},
-+ {CKA_CLASS, &key_class, sizeof(key_class)},
-+ {CKA_LABEL, NULL, 0}
-+ };
-+
-+ /*
-+ * These public attributes are needed to initialize OpenSSL RSA
-+ * structure with something we can use to look up the key.
-+ */
-+ CK_ATTRIBUTE get_templ[] =
-+ {
-+ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
-+ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
-+ };
-+
-+ if ((sp = pk11_get_session(OP_RSA)) == NULL)
-+ return (NULL);
-+
-+ /*
-+ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
-+ */
-+ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
-+ {
-+ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
-+ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
-+
-+ if (pk11_token_login(sp->session, &pk11_login_done,
-+ CK_FALSE) == 0)
-+ goto err;
-+
-+ /*
-+ * Now let's try to find the key in the token. It is a failure
-+ * if we can't find it.
-+ */
-+ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
-+ &ks_key) == 0)
-+ goto err;
-+
-+ /*
-+ * We load a new public key so we will create a new RSA
-+ * structure. No cache hit is possible.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+
-+ sp->opdata_rsa_pub_key = ks_key;
-+ /* This object shall not be deleted on a cache miss. */
-+ sp->pub_persistent = CK_TRUE;
-+
-+ /*
-+ * Cache the RSA public structure pointer.
-+ */
-+ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
-+ goto err;
-+
-+ /*
-+ * Now we have to initialize an OpenSSL RSA structure,
-+ * everything else is 0 or NULL.
-+ */
-+ rsa->flags = RSA_FLAG_SIGN_VER;
-+
-+ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
-+ get_templ, 2)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_LOAD_PUBKEY,
-+ PK11_R_GETATTRIBUTVALUE, rv);
-+ goto err;
-+ }
-+
-+ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
-+ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
-+
-+ if ((pkey = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
-+ goto err;
-+
-+ /*
-+ * Create a session object from it so that when calling
-+ * pk11_get_public_rsa_key() the next time, we can find it. The
-+ * reason why we do that is that we cannot tell from the RSA
-+ * structure (OpenSSL RSA structure does not have any room for
-+ * additional data used by the engine, for example) if it bears
-+ * a public key stored in the keystore or not so it's better if
-+ * we always have a session key. Note that this is different
-+ * from what we do for the private keystore objects but in that
-+ * case, we can tell from the RSA structure that the keystore
-+ * object is in play - the 'd' component is NULL in that case.
-+ */
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
-+ {
-+ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
-+ (void) fclose(pubkey);
-+ if (pkey != NULL)
-+ {
-+ rsa = EVP_PKEY_get1_RSA(pkey);
-+ if (rsa != NULL)
-+ {
-+ /*
-+ * This will always destroy the RSA
-+ * object since we have a new RSA
-+ * structure here.
-+ */
-+ (void) check_new_rsa_key_pub(sp, rsa);
-+ sp->pub_persistent = CK_FALSE;
-+
-+ h_pub_key = sp->opdata_rsa_pub_key =
-+ pk11_get_public_rsa_key(rsa,
-+ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
-+ &sp->opdata_rsa_e_num, sp->session);
-+ if (h_pub_key == CK_INVALID_HANDLE)
-+ goto err;
-+ }
-+ else
-+ goto err;
-+ }
-+ }
-+
-+ pk11_return_session(sp, OP_RSA);
-+ return (pkey);
-+err:
-+ pk11_return_session(sp, OP_RSA);
-+ if (rsa != NULL)
-+ RSA_free(rsa);
-+ if (pkey != NULL)
-+ {
-+ EVP_PKEY_free(pkey);
-+ pkey = NULL;
-+ }
-+ return (pkey);
-+ }
-+
-+/*
-+ * Create a public key object in a session from a given rsa structure.
-+ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
-+ */
-+static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
-+ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
-+ CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 8;
-+ CK_BBOOL rollback = FALSE;
-+
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_VERIFY, &true, sizeof (true)},
-+ {CKA_VERIFY_RECOVER, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
-+ };
-+
-+ int i;
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
-+ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[6].ulValueLen);
-+ if (a_key_template[6].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->n, a_key_template[6].pValue);
-+
-+ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
-+ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
-+ (size_t)a_key_template[7].ulValueLen);
-+ if (a_key_template[7].pValue == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ BN_bn2bin(rsa->e, a_key_template[7].pValue);
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+ if (rsa_n_num != NULL)
-+ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ if (rsa_e_num != NULL)
-+ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ BN_free(*rsa_n_num);
-+ *rsa_n_num = NULL;
-+ rollback = TRUE;
-+ goto err;
-+ }
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ for (i = 6; i <= 7; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Create a private key object in the session from a given rsa structure.
-+ * The *rsa_d_num pointer is non-NULL for RSA private keys.
-+ */
-+static CK_OBJECT_HANDLE
-+pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
-+ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
-+ int i;
-+ CK_ULONG found;
-+ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
-+ CK_KEY_TYPE k_type = CKK_RSA;
-+ CK_ULONG ul_key_attr_count = 14;
-+ CK_BBOOL rollback = FALSE;
-+
-+ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
-+ CK_ATTRIBUTE a_key_template[] =
-+ {
-+ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
-+ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (true)},
-+ {CKA_SENSITIVE, &false, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
-+ {CKA_SIGN, &true, sizeof (true)},
-+ {CKA_MODULUS, (void *)NULL, 0},
-+ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
-+ {CKA_PRIME_1, (void *)NULL, 0},
-+ {CKA_PRIME_2, (void *)NULL, 0},
-+ {CKA_EXPONENT_1, (void *)NULL, 0},
-+ {CKA_EXPONENT_2, (void *)NULL, 0},
-+ {CKA_COEFFICIENT, (void *)NULL, 0},
-+ };
-+
-+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
-+ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
-+ LOCK_OBJSTORE(OP_RSA);
-+ goto set;
-+ }
-+
-+ a_key_template[0].pValue = &o_key;
-+ a_key_template[1].pValue = &k_type;
-+
-+ /* Put the private key components into the template */
-+ if (init_template_value(rsa->n, &a_key_template[6].pValue,
-+ &a_key_template[6].ulValueLen) == 0 ||
-+ init_template_value(rsa->e, &a_key_template[7].pValue,
-+ &a_key_template[7].ulValueLen) == 0 ||
-+ init_template_value(rsa->d, &a_key_template[8].pValue,
-+ &a_key_template[8].ulValueLen) == 0 ||
-+ init_template_value(rsa->p, &a_key_template[9].pValue,
-+ &a_key_template[9].ulValueLen) == 0 ||
-+ init_template_value(rsa->q, &a_key_template[10].pValue,
-+ &a_key_template[10].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
-+ &a_key_template[11].ulValueLen) == 0 ||
-+ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
-+ &a_key_template[12].ulValueLen) == 0 ||
-+ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
-+ &a_key_template[13].ulValueLen) == 0)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ goto malloc_err;
-+ }
-+
-+ /* see find_lock array definition for more info on object locking */
-+ LOCK_OBJSTORE(OP_RSA);
-+
-+ /*
-+ * We are getting the private key but the private 'd'
-+ * component is NULL. That means this is key by reference RSA
-+ * key. In that case, we can use only public components for
-+ * searching for the private key handle.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ ul_key_attr_count = 8;
-+ /*
-+ * We will perform the search in the token, not in the existing
-+ * session keys.
-+ */
-+ a_key_template[2].pValue = &true;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
-+ ul_key_attr_count);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTS, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjectsFinal(session);
-+
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_FINDOBJECTSFINAL, rv);
-+ goto err;
-+ }
-+
-+ if (found == 0)
-+ {
-+ /*
-+ * We have an RSA structure with 'n'/'e' components
-+ * only so we tried to find the private key in the
-+ * keystore. If it was really a token key we have a
-+ * problem. Note that for other key types we just
-+ * create a new session key using the private
-+ * components from the RSA structure.
-+ */
-+ if (rsa->d == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_PRIV_KEY_NOT_FOUND);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_CreateObject(session,
-+ a_key_template, ul_key_attr_count, &h_key);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
-+ PK11_R_CREATEOBJECT, rv);
-+ goto err;
-+ }
-+ }
-+
-+set:
-+ if (rsa_d_num != NULL)
-+ {
-+ /*
-+ * When RSA keys by reference code is used, we never
-+ * extract private components from the keystore. In
-+ * that case 'd' was set to NULL and we expect the
-+ * application to properly cope with that. It is
-+ * documented in openssl(5). In general, if keys by
-+ * reference are used we expect it to be used
-+ * exclusively using the high level API and then there
-+ * is no problem. If the application expects the
-+ * private components to be read from the keystore
-+ * then that is not a supported way of usage.
-+ */
-+ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
-+ {
-+ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
-+ rollback = TRUE;
-+ goto err;
-+ }
-+ else
-+ *rsa_d_num = NULL;
-+ }
-+
-+ /*
-+ * For the key by reference code, we need public components as well
-+ * since 'd' component is always NULL. For that reason, we always cache
-+ * 'n'/'e' components as well.
-+ */
-+ *rsa_n_num = BN_dup(rsa->n);
-+ *rsa_e_num = BN_dup(rsa->e);
-+
-+ /* LINTED: E_CONSTANT_CONDITION */
-+ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
-+ if (key_ptr != NULL)
-+ *key_ptr = rsa;
-+
-+err:
-+ if (rollback)
-+ {
-+ /*
-+ * We do not care about the return value from C_DestroyObject()
-+ * since we are doing rollback.
-+ */
-+ if (found == 0 &&
-+ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
-+ (void) pFuncList->C_DestroyObject(session, h_key);
-+ h_key = CK_INVALID_HANDLE;
-+ }
-+
-+ UNLOCK_OBJSTORE(OP_RSA);
-+
-+malloc_err:
-+ /*
-+ * 6 to 13 entries in the key template are key components.
-+ * They need to be freed upon exit or error.
-+ */
-+ for (i = 6; i <= 13; i++)
-+ {
-+ if (a_key_template[i].pValue != NULL)
-+ {
-+ (void) memset(a_key_template[i].pValue, 0,
-+ a_key_template[i].ulValueLen);
-+ OPENSSL_free(a_key_template[i].pValue);
-+ a_key_template[i].pValue = NULL;
-+ }
-+ }
-+
-+ return (h_key);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making the
-+ * check for cache hit stronger. Only public components of RSA
-+ * key matter here so it is sufficient to compare them with values
-+ * cached in PK11_SESSION structure.
-+ *
-+ * We must check the handle as well since with key by reference, public
-+ * components 'n'/'e' are cached in private keys as well. That means we
-+ * could have a cache hit in a private key when looking for a public
-+ * key. That would not work, you cannot have one PKCS#11 object for
-+ * both data signing and verifying.
-+ */
-+ if ((sp->opdata_rsa_pub != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Check for cache miss and clean the object pointer and handle
-+ * in such case. Return 1 for cache hit, 0 for cache miss.
-+ */
-+static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
-+ {
-+ /*
-+ * Provide protection against RSA structure reuse by making
-+ * the check for cache hit stronger. Comparing public exponent
-+ * of RSA key with value cached in PK11_SESSION structure
-+ * should be sufficient. Note that we want to compare the
-+ * public component since with the keys by reference
-+ * mechanism, private components are not in the RSA
-+ * structure. Also, see check_new_rsa_key_pub() about why we
-+ * compare the handle as well.
-+ */
-+ if ((sp->opdata_rsa_priv != rsa) ||
-+ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
-+ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
-+ (sp->opdata_rsa_pn_num == NULL) ||
-+ (sp->opdata_rsa_pe_num == NULL) ||
-+ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
-+ {
-+ /*
-+ * We do not check the return value because even in case of
-+ * failure the sp structure will have both key pointer
-+ * and object handle cleaned and pk11_destroy_object()
-+ * reports the failure to the OpenSSL error message buffer.
-+ */
-+ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
-+ return (0);
-+ }
-+ return (1);
-+ }
-+
-+/*
-+ * Local function to simplify key template population
-+ * Return 0 -- error, 1 -- no error
-+ */
-+static int
-+init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
-+ CK_ULONG *ul_value_len)
-+ {
-+ CK_ULONG len = 0;
-+
-+ /*
-+ * This function can be used on non-initialized BIGNUMs. It is
-+ * easier to check that here than individually in the callers.
-+ */
-+ if (bn != NULL)
-+ len = BN_num_bytes(bn);
-+
-+ if (bn == NULL || len == 0)
-+ return (1);
-+
-+ *ul_value_len = len;
-+ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
-+ if (*p_value == NULL)
-+ return (0);
-+
-+ BN_bn2bin(bn, *p_value);
-+
-+ return (1);
-+ }
-+
-+static void
-+attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
-+ {
-+ if (attr->ulValueLen > 0)
-+ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
-+ }
-+
-+/*
-+ * Find one object in the token. It is an error if we can not find the
-+ * object or if we find more objects based on the template we got.
-+ *
-+ * Returns:
-+ * 1 OK
-+ * 0 no object or more than 1 object found
-+ */
-+static int
-+find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
-+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
-+ {
-+ CK_RV rv;
-+ CK_ULONG objcnt;
-+
-+ LOCK_OBJSTORE(op);
-+ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_FINDOBJECTSINIT, rv);
-+ goto err;
-+ }
-+
-+ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
-+ if (rv != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
-+ rv);
-+ goto err;
-+ }
-+
-+ (void) pFuncList->C_FindObjectsFinal(s);
-+ UNLOCK_OBJSTORE(op);
-+
-+ if (objcnt > 1)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT,
-+ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
-+ return (0);
-+ }
-+ else if (objcnt == 0)
-+ {
-+ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
-+ return (0);
-+ }
-+ return (1);
-+err:
-+ UNLOCK_OBJSTORE(op);
-+ return (0);
-+ }
-+
-+/* from uri stuff */
-+
-+extern char *pk11_pin;
-+
-+static int pk11_get_pin(void);
-+
-+static int
-+pk11_get_pin(void)
-+{
-+ char *pin;
-+
-+ /* The getpassphrase() function is not MT safe. */
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ pin = getpassphrase("Enter PIN: ");
-+ if (pin == NULL)
-+ {
-+ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ pk11_pin = BUF_strdup(pin);
-+ if (pk11_pin == NULL)
-+ {
-+ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+ memset(pin, 0, strlen(pin));
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore if we are supposed to do that at all. Take care of
-+ * reading and caching the PIN etc. Log in only once even when called from
-+ * multiple threads.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+static int
-+pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
-+ CK_BBOOL is_private)
-+ {
-+ CK_RV rv;
-+
-+#if 0
-+ /* doesn't work on the AEP Keyper??? */
-+ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_NOT_INITIALIZED);
-+ goto err;
-+ }
-+#endif
-+
-+ /*
-+ * If login is required or needed but the PIN has not been
-+ * even initialized we can bail out right now. Note that we
-+ * are supposed to always log in if we are going to access
-+ * private keys. However, we may need to log in even for
-+ * accessing public keys in case that the CKF_LOGIN_REQUIRED
-+ * flag is set.
-+ */
-+ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE)) &&
-+ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
-+ goto err;
-+ }
-+
-+ /*
-+ * Note on locking: it is possible that more than one thread
-+ * gets into pk11_get_pin() so we must deal with that. We
-+ * cannot avoid it since we cannot guard fork() in there with
-+ * a lock because we could end up in a dead lock in the
-+ * child. Why? Remember we are in a multithreaded environment
-+ * so we must lock all mutexes in the prefork function to
-+ * avoid a situation in which a thread that did not call
-+ * fork() held a lock, making future unlocking impossible. We
-+ * lock right before C_Login().
-+ */
-+ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
-+ (is_private == CK_TRUE))
-+ {
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ {
-+ PK11err(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_PIN_NOT_PROVIDED);
-+ goto err;
-+ }
-+ }
-+
-+ /*
-+ * Note that what we are logging into is the keystore from
-+ * pubkey_SLOTID because we work with OP_RSA session type here.
-+ * That also means that we can work with only one keystore in
-+ * the engine.
-+ *
-+ * We must make sure we do not try to login more than once.
-+ * Also, see the comment above on locking strategy.
-+ */
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if (*login_done == CK_FALSE)
-+ {
-+ if ((rv = pFuncList->C_Login(session,
-+ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
-+ strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_LOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+ goto err_locked;
-+ }
-+
-+ *login_done = CK_TRUE;
-+
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ }
-+ else
-+ {
-+ /*
-+ * If token does not require login we take it as the
-+ * login was done.
-+ */
-+ *login_done = CK_TRUE;
-+ }
-+
-+ return (1);
-+
-+err_locked:
-+ if (pk11_pin) {
-+ memset(pk11_pin, 0, strlen(pk11_pin));
-+ OPENSSL_free((void*)pk11_pin);
-+ }
-+ pk11_pin = NULL;
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+err:
-+ return (0);
-+ }
-+
-+/*
-+ * Log in to the keystore in the child if we were logged in in the
-+ * parent. There are similarities in the code with pk11_token_login()
-+ * but still it is quite different so we need a separate function for
-+ * this.
-+ *
-+ * Note that this function is called under the locked session mutex when fork is
-+ * detected. That means that C_Login() will be called from the child just once.
-+ *
-+ * Returns:
-+ * 1 on success
-+ * 0 on failure
-+ */
-+int
-+pk11_token_relogin(CK_SESSION_HANDLE session)
-+ {
-+ CK_RV rv;
-+
-+ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
-+ goto err;
-+
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_lock(token_lock);
-+#else
-+ (void) pthread_mutex_lock(freelist_lock);
-+#endif
-+ if ((rv = pFuncList->C_Login(session, CKU_USER,
-+ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
-+ {
-+ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
-+ PK11_R_TOKEN_LOGIN_FAILED, rv);
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+ goto err;
-+ }
-+#ifndef NOPTHREADS
-+ (void) pthread_mutex_unlock(token_lock);
-+#else
-+ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
-+#endif
-+
-+ return (1);
-+err:
-+ return (0);
-+ }
-+
-+#ifdef OPENSSL_SYS_WIN32
-+char *getpassphrase(const char *prompt)
-+ {
-+ static char buf[128];
-+ HANDLE h;
-+ DWORD cc, mode;
-+ int cnt;
-+
-+ h = GetStdHandle(STD_INPUT_HANDLE);
-+ fputs(prompt, stderr);
-+ fflush(stderr);
-+ fflush(stdout);
-+ FlushConsoleInputBuffer(h);
-+ GetConsoleMode(h, &mode);
-+ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
-+
-+ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
-+ {
-+ ReadFile(h, buf + cnt, 1, &cc, NULL);
-+ if (buf[cnt] == '\r')
-+ break;
-+ fputc('*', stdout);
-+ fflush(stderr);
-+ fflush(stdout);
-+ }
-+
-+ SetConsoleMode(h, mode);
-+ buf[cnt] = '\0';
-+ fputs("\n", stderr);
-+ return buf;
-+ }
-+#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* OPENSSL_NO_HW_PK11SO */
-+#endif /* OPENSSL_NO_HW_PK11 */
-+#endif /* OPENSSL_NO_HW */
-Index: openssl/crypto/engine/pkcs11.h
-diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Tue Jun 19 16:21:26 2012
-+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,299 @@
-+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+#ifndef _PKCS11_H_
-+#define _PKCS11_H_ 1
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* Before including this file (pkcs11.h) (or pkcs11t.h by
-+ * itself), 6 platform-specific macros must be defined. These
-+ * macros are described below, and typical definitions for them
-+ * are also given. Be advised that these definitions can depend
-+ * on both the platform and the compiler used (and possibly also
-+ * on whether a Cryptoki library is linked statically or
-+ * dynamically).
-+ *
-+ * In addition to defining these 6 macros, the packing convention
-+ * for Cryptoki structures should be set. The Cryptoki
-+ * convention on packing is that structures should be 1-byte
-+ * aligned.
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, this might be done by using the following
-+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(push, cryptoki, 1)
-+ *
-+ * and using the following preprocessor directive after including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(pop, cryptoki)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, this might be done by using
-+ * the following preprocessor directive before including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(1)
-+ *
-+ * In a UNIX environment, you're on your own for this. You might
-+ * not need to do (or be able to do!) anything.
-+ *
-+ *
-+ * Now for the macros:
-+ *
-+ *
-+ * 1. CK_PTR: The indirection string for making a pointer to an
-+ * object. It can be used like this:
-+ *
-+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR far *
-+ *
-+ * In a typical UNIX environment, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ *
-+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
-+ * an exportable Cryptoki library function definition out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion to define the exposed Cryptoki functions in
-+ * a Cryptoki library:
-+ *
-+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * )
-+ * {
-+ * ...
-+ * }
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to define a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllexport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to define a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
-+ * an importable Cryptoki library function declaration out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion:
-+ *
-+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * );
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to declare a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllimport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to declare a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
-+ * which makes a Cryptoki API function pointer declaration or
-+ * function pointer type declaration out of a return type and a
-+ * function name. It should be used in the following fashion:
-+ *
-+ * // Define funcPtr to be a pointer to a Cryptoki API function
-+ * // taking arguments args and returning CK_RV.
-+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
-+ *
-+ * or
-+ *
-+ * // Define funcPtrType to be the type of a pointer to a
-+ * // Cryptoki API function taking arguments args and returning
-+ * // CK_RV, and then define funcPtr to be a variable of type
-+ * // funcPtrType.
-+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
-+ * funcPtrType funcPtr;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to access
-+ * functions in a Win32 Cryptoki .dll, in might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __declspec(dllimport) (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to access functions in a Win16 Cryptoki .dll, it might
-+ * be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __export _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
-+ * a function pointer type for an application callback out of
-+ * a return type for the callback and a name for the callback.
-+ * It should be used in the following fashion:
-+ *
-+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
-+ *
-+ * to declare a function pointer, myCallback, to a callback
-+ * which takes arguments args and returns a CK_RV. It can also
-+ * be used like this:
-+ *
-+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
-+ * myCallbackType myCallback;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to do Win32
-+ * Cryptoki development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to do Win16 development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
-+ *
-+ * In any ANSI/ISO C environment (and in many others as well),
-+ * this should best be defined by
-+ *
-+ * #ifndef NULL_PTR
-+ * #define NULL_PTR 0
-+ * #endif
-+ */
-+
-+
-+/* All the various Cryptoki types and #define'd values are in the
-+ * file pkcs11t.h. */
-+#include "pkcs11t.h"
-+
-+#define __PASTE(x,y) x##y
-+
-+
-+/* ==============================================================
-+ * Define the "extern" form of all the entry points.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ extern CK_DECLARE_FUNCTION(CK_RV, name)
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define the typedef form of all the entry points. That is, for
-+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
-+ * a pointer to that kind of function.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define structed vector of entry points. A CK_FUNCTION_LIST
-+ * contains a CK_VERSION indicating a library's Cryptoki version
-+ * and then a whole slew of function pointers to the routines in
-+ * the library. This type was declared, but not defined, in
-+ * pkcs11t.h.
-+ * ==============================================================
-+ */
-+
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ __PASTE(CK_,name) name;
-+
-+struct CK_FUNCTION_LIST {
-+
-+ CK_VERSION version; /* Cryptoki version */
-+
-+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+};
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+#undef __PASTE
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
-Index: openssl/crypto/engine/pkcs11f.h
-diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Tue Jun 19 16:21:26 2012
-+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
-@@ -0,0 +1,912 @@
-+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* This header file contains pretty much everything about all the */
-+/* Cryptoki function prototypes. Because this information is */
-+/* used for more than just declaring function prototypes, the */
-+/* order of the functions appearing herein is important, and */
-+/* should not be altered. */
-+
-+/* General-purpose */
-+
-+/* C_Initialize initializes the Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Initialize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
-+ * cast to CK_C_INITIALIZE_ARGS_PTR
-+ * and dereferenced */
-+);
-+#endif
-+
-+
-+/* C_Finalize indicates that an application is done with the
-+ * Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Finalize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-+
-+
-+/* C_GetInfo returns general information about Cryptoki. */
-+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_INFO_PTR pInfo /* location that receives information */
-+);
-+#endif
-+
-+
-+/* C_GetFunctionList returns the function list. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
-+ * function list */
-+);
-+#endif
-+
-+
-+
-+/* Slot and token management */
-+
-+/* C_GetSlotList obtains a list of slots in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_BBOOL tokenPresent, /* only slots with tokens? */
-+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
-+ CK_ULONG_PTR pulCount /* receives number of slots */
-+);
-+#endif
-+
-+
-+/* C_GetSlotInfo obtains information about a particular slot in
-+ * the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the ID of the slot */
-+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-+);
-+#endif
-+
-+
-+/* C_GetTokenInfo obtains information about a particular token
-+ * in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismList obtains a list of mechanism types
-+ * supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of token's slot */
-+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
-+ CK_ULONG_PTR pulCount /* gets # of mechs. */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismInfo obtains information about a particular
-+ * mechanism possibly supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_MECHANISM_TYPE type, /* type of mechanism */
-+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
-+);
-+#endif
-+
-+
-+/* C_InitToken initializes a token. */
-+CK_PKCS11_FUNCTION_INFO(C_InitToken)
-+#ifdef CK_NEED_ARG_LIST
-+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
-+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
-+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-+);
-+#endif
-+
-+
-+/* C_InitPIN initializes the normal user's PIN. */
-+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
-+ CK_ULONG ulPinLen /* length in bytes of the PIN */
-+);
-+#endif
-+
-+
-+/* C_SetPIN modifies the PIN of the user who is logged in. */
-+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
-+ CK_ULONG ulOldLen, /* length of the old PIN */
-+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
-+ CK_ULONG ulNewLen /* length of the new PIN */
-+);
-+#endif
-+
-+
-+
-+/* Session management */
-+
-+/* C_OpenSession opens a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the slot's ID */
-+ CK_FLAGS flags, /* from CK_SESSION_INFO */
-+ CK_VOID_PTR pApplication, /* passed to callback */
-+ CK_NOTIFY Notify, /* callback function */
-+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
-+);
-+#endif
-+
-+
-+/* C_CloseSession closes a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CloseAllSessions closes all sessions with a token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID /* the token's slot */
-+);
-+#endif
-+
-+
-+/* C_GetSessionInfo obtains information about the session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_SESSION_INFO_PTR pInfo /* receives session info */
-+);
-+#endif
-+
-+
-+/* C_GetOperationState obtains the state of the cryptographic operation
-+ * in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* gets state */
-+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
-+);
-+#endif
-+
-+
-+/* C_SetOperationState restores the state of the cryptographic
-+ * operation in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* holds state */
-+ CK_ULONG ulOperationStateLen, /* holds state length */
-+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
-+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
-+);
-+#endif
-+
-+
-+/* C_Login logs a user into a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Login)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_USER_TYPE userType, /* the user type */
-+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
-+ CK_ULONG ulPinLen /* the length of the PIN */
-+);
-+#endif
-+
-+
-+/* C_Logout logs a user out from a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Logout)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Object management */
-+
-+/* C_CreateObject creates a new object. */
-+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
-+);
-+#endif
-+
-+
-+/* C_CopyObject copies an object, creating a new object for the
-+ * copy. */
-+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-+);
-+#endif
-+
-+
-+/* C_DestroyObject destroys an object. */
-+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject /* the object's handle */
-+);
-+#endif
-+
-+
-+/* C_GetObjectSize gets the size of an object in bytes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ULONG_PTR pulSize /* receives size of object */
-+);
-+#endif
-+
-+
-+/* C_GetAttributeValue obtains the value of one or more object
-+ * attributes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_SetAttributeValue modifies the value of one or more object
-+ * attributes */
-+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsInit initializes a search for token and session
-+ * objects that match a template. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
-+ CK_ULONG ulCount /* attrs in search template */
-+);
-+#endif
-+
-+
-+/* C_FindObjects continues a search for token and session
-+ * objects that match a template, obtaining additional object
-+ * handles. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
-+ CK_ULONG ulMaxObjectCount, /* max handles to get */
-+ CK_ULONG_PTR pulObjectCount /* actual # returned */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsFinal finishes a search for token and session
-+ * objects. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Encryption and decryption */
-+
-+/* C_EncryptInit initializes an encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
-+);
-+#endif
-+
-+
-+/* C_Encrypt encrypts single-part data. */
-+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pData, /* the plaintext data */
-+ CK_ULONG ulDataLen, /* bytes of plaintext */
-+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptUpdate continues a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext data len */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptFinal finishes a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session handle */
-+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
-+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
-+);
-+#endif
-+
-+
-+/* C_DecryptInit initializes a decryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
-+);
-+#endif
-+
-+
-+/* C_Decrypt decrypts encrypted data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
-+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
-+ CK_BYTE_PTR pData, /* gets plaintext */
-+ CK_ULONG_PTR pulDataLen /* gets p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptUpdate continues a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
-+ CK_ULONG ulEncryptedPartLen, /* input length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptFinal finishes a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pLastPart, /* gets plaintext */
-+ CK_ULONG_PTR pulLastPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+
-+/* Message digesting */
-+
-+/* C_DigestInit initializes a message-digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-+);
-+#endif
-+
-+
-+/* C_Digest digests data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Digest)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* data to be digested */
-+ CK_ULONG ulDataLen, /* bytes of data to digest */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets digest length */
-+);
-+#endif
-+
-+
-+/* C_DigestUpdate continues a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* data to be digested */
-+ CK_ULONG ulPartLen /* bytes of data to be digested */
-+);
-+#endif
-+
-+
-+/* C_DigestKey continues a multi-part message-digesting
-+ * operation, by digesting the value of a secret key as part of
-+ * the data already digested. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hKey /* secret key to digest */
-+);
-+#endif
-+
-+
-+/* C_DigestFinal finishes a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
-+);
-+#endif
-+
-+
-+
-+/* Signing and MACing */
-+
-+/* C_SignInit initializes a signature (private key encryption)
-+ * operation, where the signature is (will be) an appendix to
-+ * the data, and plaintext cannot be recovered from the
-+ *signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of signature key */
-+);
-+#endif
-+
-+
-+/* C_Sign signs (encrypts with private key) data in a single
-+ * part, where the signature is (will be) an appendix to the
-+ * data, and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Sign)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignUpdate continues a multiple-part signature operation,
-+ * where the signature is (will be) an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* the data to sign */
-+ CK_ULONG ulPartLen /* count of bytes to sign */
-+);
-+#endif
-+
-+
-+/* C_SignFinal finishes a multiple-part signature operation,
-+ * returning the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignRecoverInit initializes a signature operation, where
-+ * the data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
-+);
-+#endif
-+
-+
-+/* C_SignRecover signs data in a single operation, where the
-+ * data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+
-+/* Verifying signatures and MACs */
-+
-+/* C_VerifyInit initializes a verification operation, where the
-+ * signature is an appendix to the data, and plaintext cannot
-+ * cannot be recovered from the signature (e.g. DSA). */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_Verify verifies a signature in a single-part operation,
-+ * where the signature is an appendix to the data, and plaintext
-+ * cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Verify)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* signed data */
-+ CK_ULONG ulDataLen, /* length of signed data */
-+ CK_BYTE_PTR pSignature, /* signature */
-+ CK_ULONG ulSignatureLen /* signature length*/
-+);
-+#endif
-+
-+
-+/* C_VerifyUpdate continues a multiple-part verification
-+ * operation, where the signature is an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* signed data */
-+ CK_ULONG ulPartLen /* length of signed data */
-+);
-+#endif
-+
-+
-+/* C_VerifyFinal finishes a multiple-part verification
-+ * operation, checking the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen /* signature length */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecoverInit initializes a signature verification
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecover verifies a signature in a single-part
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen, /* signature length */
-+ CK_BYTE_PTR pData, /* gets signed data */
-+ CK_ULONG_PTR pulDataLen /* gets signed data len */
-+);
-+#endif
-+
-+
-+
-+/* Dual-function cryptographic operations */
-+
-+/* C_DigestEncryptUpdate continues a multiple-part digesting
-+ * and encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptDigestUpdate continues a multiple-part decryption and
-+ * digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
-+);
-+#endif
-+
-+
-+/* C_SignEncryptUpdate continues a multiple-part signing and
-+ * encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
-+ * verify operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets p-text length */
-+);
-+#endif
-+
-+
-+
-+/* Key management */
-+
-+/* C_GenerateKey generates a secret key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
-+ CK_ULONG ulCount, /* # of attrs in template */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
-+);
-+#endif
-+
-+
-+/* C_GenerateKeyPair generates a public-key/private-key pair,
-+ * creating new key objects. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session
-+ * handle */
-+ CK_MECHANISM_PTR pMechanism, /* key-gen
-+ * mech. */
-+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
-+ * for pub.
-+ * key */
-+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
-+ * attrs. */
-+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
-+ * for priv.
-+ * key */
-+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
-+ * attrs. */
-+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
-+ * key
-+ * handle */
-+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
-+ * priv. key
-+ * handle */
-+);
-+#endif
-+
-+
-+/* C_WrapKey wraps (i.e., encrypts) a key. */
-+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
-+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
-+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
-+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
-+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
-+);
-+#endif
-+
-+
-+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
-+ * key object. */
-+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
-+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
-+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
-+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+/* C_DeriveKey derives a key from a base key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
-+ CK_OBJECT_HANDLE hBaseKey, /* base key */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+
-+/* Random number generation */
-+
-+/* C_SeedRandom mixes additional seed material into the token's
-+ * random number generator. */
-+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSeed, /* the seed material */
-+ CK_ULONG ulSeedLen /* length of seed material */
-+);
-+#endif
-+
-+
-+/* C_GenerateRandom generates random data. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR RandomData, /* receives the random data */
-+ CK_ULONG ulRandomLen /* # of bytes to generate */
-+);
-+#endif
-+
-+
-+
-+/* Parallel function management */
-+
-+/* C_GetFunctionStatus is a legacy function; it obtains an
-+ * updated status of a function running in parallel with an
-+ * application. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CancelFunction is a legacy function; it cancels a function
-+ * running in parallel. */
-+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Functions added in for Cryptoki Version 2.01 or later */
-+
-+/* C_WaitForSlotEvent waits for a slot event (token insertion,
-+ * removal, etc.) to occur. */
-+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FLAGS flags, /* blocking/nonblocking flag */
-+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
-+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-Index: openssl/crypto/engine/pkcs11t.h
-diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Tue Jun 19 16:21:26 2012
-+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
-@@ -0,0 +1,1885 @@
-+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* See top of pkcs11.h for information about the macros that
-+ * must be defined and the structure-packing conventions that
-+ * must be set before including this file. */
-+
-+#ifndef _PKCS11T_H_
-+#define _PKCS11T_H_ 1
-+
-+#define CRYPTOKI_VERSION_MAJOR 2
-+#define CRYPTOKI_VERSION_MINOR 20
-+#define CRYPTOKI_VERSION_AMENDMENT 3
-+
-+#define CK_TRUE 1
-+#define CK_FALSE 0
-+
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#ifndef FALSE
-+#define FALSE CK_FALSE
-+#endif
-+
-+#ifndef TRUE
-+#define TRUE CK_TRUE
-+#endif
-+#endif
-+
-+/* an unsigned 8-bit value */
-+typedef unsigned char CK_BYTE;
-+
-+/* an unsigned 8-bit character */
-+typedef CK_BYTE CK_CHAR;
-+
-+/* an 8-bit UTF-8 character */
-+typedef CK_BYTE CK_UTF8CHAR;
-+
-+/* a BYTE-sized Boolean flag */
-+typedef CK_BYTE CK_BBOOL;
-+
-+/* an unsigned value, at least 32 bits long */
-+typedef unsigned long int CK_ULONG;
-+
-+/* a signed value, the same size as a CK_ULONG */
-+/* CK_LONG is new for v2.0 */
-+typedef long int CK_LONG;
-+
-+/* at least 32 bits; each bit is a Boolean flag */
-+typedef CK_ULONG CK_FLAGS;
-+
-+
-+/* some special values for certain CK_ULONG variables */
-+#define CK_UNAVAILABLE_INFORMATION (~0UL)
-+#define CK_EFFECTIVELY_INFINITE 0
-+
-+
-+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
-+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-+typedef void CK_PTR CK_VOID_PTR;
-+
-+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-+
-+
-+/* The following value is always invalid if used as a session */
-+/* handle or object handle */
-+#define CK_INVALID_HANDLE 0
-+
-+
-+typedef struct CK_VERSION {
-+ CK_BYTE major; /* integer portion of version number */
-+ CK_BYTE minor; /* 1/100ths portion of version number */
-+} CK_VERSION;
-+
-+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-+
-+
-+typedef struct CK_INFO {
-+ /* manufacturerID and libraryDecription have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags; /* must be zero */
-+
-+ /* libraryDescription and libraryVersion are new for v2.0 */
-+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
-+ CK_VERSION libraryVersion; /* version of library */
-+} CK_INFO;
-+
-+typedef CK_INFO CK_PTR CK_INFO_PTR;
-+
-+
-+/* CK_NOTIFICATION enumerates the types of notifications that
-+ * Cryptoki provides to an application */
-+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_NOTIFICATION;
-+#define CKN_SURRENDER 0
-+
-+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
-+#define CKN_OTP_CHANGED 1
-+
-+
-+typedef CK_ULONG CK_SLOT_ID;
-+
-+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-+
-+
-+/* CK_SLOT_INFO provides information about a slot */
-+typedef struct CK_SLOT_INFO {
-+ /* slotDescription and manufacturerID have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags;
-+
-+ /* hardwareVersion and firmwareVersion are new for v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+} CK_SLOT_INFO;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-+
-+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-+
-+
-+/* CK_TOKEN_INFO provides information about a token */
-+typedef struct CK_TOKEN_INFO {
-+ /* label, manufacturerID, and model have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR label[32]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_UTF8CHAR model[16]; /* blank padded */
-+ CK_CHAR serialNumber[16]; /* blank padded */
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
-+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
-+ * changed from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulMaxSessionCount; /* max open sessions */
-+ CK_ULONG ulSessionCount; /* sess. now open */
-+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
-+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
-+ CK_ULONG ulMaxPinLen; /* in bytes */
-+ CK_ULONG ulMinPinLen; /* in bytes */
-+ CK_ULONG ulTotalPublicMemory; /* in bytes */
-+ CK_ULONG ulFreePublicMemory; /* in bytes */
-+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
-+ CK_ULONG ulFreePrivateMemory; /* in bytes */
-+
-+ /* hardwareVersion, firmwareVersion, and time are new for
-+ * v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+ CK_CHAR utcTime[16]; /* time */
-+} CK_TOKEN_INFO;
-+
-+/* The flags parameter is defined as follows:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RNG 0x00000001 /* has random #
-+ * generator */
-+#define CKF_WRITE_PROTECTED 0x00000002 /* token is
-+ * write-
-+ * protected */
-+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
-+ * login */
-+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
-+ * PIN is set */
-+
-+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
-+ * that means that *every* time the state of cryptographic
-+ * operations of a session is successfully saved, all keys
-+ * needed to continue those operations are stored in the state */
-+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-+
-+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
-+ * that the token has some sort of clock. The time on that
-+ * clock is returned in the token info structure */
-+#define CKF_CLOCK_ON_TOKEN 0x00000040
-+
-+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
-+ * set, that means that there is some way for the user to login
-+ * without sending a PIN through the Cryptoki library itself */
-+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-+
-+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
-+ * that means that a single session with the token can perform
-+ * dual simultaneous cryptographic operations (digest and
-+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
-+ * and sign) */
-+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-+
-+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
-+ * token has been initialized using C_InitializeToken or an
-+ * equivalent mechanism outside the scope of PKCS #11.
-+ * Calling C_InitializeToken when this flag is set will cause
-+ * the token to be reinitialized. */
-+#define CKF_TOKEN_INITIALIZED 0x00000400
-+
-+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
-+ * true, the token supports secondary authentication for
-+ * private key objects. This flag is deprecated in v2.11 and
-+ onwards. */
-+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
-+
-+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect user login PIN has been entered at least once
-+ * since the last successful authentication. */
-+#define CKF_USER_PIN_COUNT_LOW 0x00010000
-+
-+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect user PIN will it to become locked. */
-+#define CKF_USER_PIN_FINAL_TRY 0x00020000
-+
-+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
-+ * user PIN has been locked. User login to the token is not
-+ * possible. */
-+#define CKF_USER_PIN_LOCKED 0x00040000
-+
-+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the user PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
-+
-+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect SO login PIN has been entered at least once since
-+ * the last successful authentication. */
-+#define CKF_SO_PIN_COUNT_LOW 0x00100000
-+
-+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect SO PIN will it to become locked. */
-+#define CKF_SO_PIN_FINAL_TRY 0x00200000
-+
-+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
-+ * PIN has been locked. SO login to the token is not possible.
-+ */
-+#define CKF_SO_PIN_LOCKED 0x00400000
-+
-+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the SO PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
-+
-+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-+
-+
-+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
-+ * identifies a session */
-+typedef CK_ULONG CK_SESSION_HANDLE;
-+
-+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-+
-+
-+/* CK_USER_TYPE enumerates the types of Cryptoki users */
-+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_USER_TYPE;
-+/* Security Officer */
-+#define CKU_SO 0
-+/* Normal user */
-+#define CKU_USER 1
-+/* Context specific (added in v2.20) */
-+#define CKU_CONTEXT_SPECIFIC 2
-+
-+/* CK_STATE enumerates the session states */
-+/* CK_STATE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_STATE;
-+#define CKS_RO_PUBLIC_SESSION 0
-+#define CKS_RO_USER_FUNCTIONS 1
-+#define CKS_RW_PUBLIC_SESSION 2
-+#define CKS_RW_USER_FUNCTIONS 3
-+#define CKS_RW_SO_FUNCTIONS 4
-+
-+
-+/* CK_SESSION_INFO provides information about a session */
-+typedef struct CK_SESSION_INFO {
-+ CK_SLOT_ID slotID;
-+ CK_STATE state;
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulDeviceError; /* device-dependent error code */
-+} CK_SESSION_INFO;
-+
-+/* The flags are defined in the following table:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-+
-+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-+
-+
-+/* CK_OBJECT_HANDLE is a token-specific identifier for an
-+ * object */
-+typedef CK_ULONG CK_OBJECT_HANDLE;
-+
-+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-+
-+
-+/* CK_OBJECT_CLASS is a value that identifies the classes (or
-+ * types) of objects that Cryptoki recognizes. It is defined
-+ * as follows: */
-+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_OBJECT_CLASS;
-+
-+/* The following classes of objects are defined: */
-+/* CKO_HW_FEATURE is new for v2.10 */
-+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
-+/* CKO_MECHANISM is new for v2.20 */
-+#define CKO_DATA 0x00000000
-+#define CKO_CERTIFICATE 0x00000001
-+#define CKO_PUBLIC_KEY 0x00000002
-+#define CKO_PRIVATE_KEY 0x00000003
-+#define CKO_SECRET_KEY 0x00000004
-+#define CKO_HW_FEATURE 0x00000005
-+#define CKO_DOMAIN_PARAMETERS 0x00000006
-+#define CKO_MECHANISM 0x00000007
-+
-+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
-+#define CKO_OTP_KEY 0x00000008
-+
-+#define CKO_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-+
-+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
-+ * value that identifies the hardware feature type of an object
-+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
-+typedef CK_ULONG CK_HW_FEATURE_TYPE;
-+
-+/* The following hardware feature types are defined */
-+/* CKH_USER_INTERFACE is new for v2.20 */
-+#define CKH_MONOTONIC_COUNTER 0x00000001
-+#define CKH_CLOCK 0x00000002
-+#define CKH_USER_INTERFACE 0x00000003
-+#define CKH_VENDOR_DEFINED 0x80000000
-+
-+/* CK_KEY_TYPE is a value that identifies a key type */
-+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_KEY_TYPE;
-+
-+/* the following key types are defined: */
-+#define CKK_RSA 0x00000000
-+#define CKK_DSA 0x00000001
-+#define CKK_DH 0x00000002
-+
-+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
-+#define CKK_ECDSA 0x00000003
-+#define CKK_EC 0x00000003
-+#define CKK_X9_42_DH 0x00000004
-+#define CKK_KEA 0x00000005
-+
-+#define CKK_GENERIC_SECRET 0x00000010
-+#define CKK_RC2 0x00000011
-+#define CKK_RC4 0x00000012
-+#define CKK_DES 0x00000013
-+#define CKK_DES2 0x00000014
-+#define CKK_DES3 0x00000015
-+
-+/* all these key types are new for v2.0 */
-+#define CKK_CAST 0x00000016
-+#define CKK_CAST3 0x00000017
-+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
-+#define CKK_CAST5 0x00000018
-+#define CKK_CAST128 0x00000018
-+#define CKK_RC5 0x00000019
-+#define CKK_IDEA 0x0000001A
-+#define CKK_SKIPJACK 0x0000001B
-+#define CKK_BATON 0x0000001C
-+#define CKK_JUNIPER 0x0000001D
-+#define CKK_CDMF 0x0000001E
-+#define CKK_AES 0x0000001F
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKK_BLOWFISH 0x00000020
-+#define CKK_TWOFISH 0x00000021
-+
-+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
-+#define CKK_SECURID 0x00000022
-+#define CKK_HOTP 0x00000023
-+#define CKK_ACTI 0x00000024
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_CAMELLIA 0x00000025
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_ARIA 0x00000026
-+
-+
-+#define CKK_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
-+ * type */
-+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_CERTIFICATE_TYPE;
-+
-+/* The following certificate types are defined: */
-+/* CKC_X_509_ATTR_CERT is new for v2.10 */
-+/* CKC_WTLS is new for v2.20 */
-+#define CKC_X_509 0x00000000
-+#define CKC_X_509_ATTR_CERT 0x00000001
-+#define CKC_WTLS 0x00000002
-+#define CKC_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
-+ * type */
-+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-+
-+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
-+ consists of an array of values. */
-+#define CKF_ARRAY_ATTRIBUTE 0x40000000
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_FORMAT attribute */
-+#define CK_OTP_FORMAT_DECIMAL 0
-+#define CK_OTP_FORMAT_HEXADECIMAL 1
-+#define CK_OTP_FORMAT_ALPHANUMERIC 2
-+#define CK_OTP_FORMAT_BINARY 3
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
-+#define CK_OTP_PARAM_IGNORED 0
-+#define CK_OTP_PARAM_OPTIONAL 1
-+#define CK_OTP_PARAM_MANDATORY 2
-+
-+/* The following attribute types are defined: */
-+#define CKA_CLASS 0x00000000
-+#define CKA_TOKEN 0x00000001
-+#define CKA_PRIVATE 0x00000002
-+#define CKA_LABEL 0x00000003
-+#define CKA_APPLICATION 0x00000010
-+#define CKA_VALUE 0x00000011
-+
-+/* CKA_OBJECT_ID is new for v2.10 */
-+#define CKA_OBJECT_ID 0x00000012
-+
-+#define CKA_CERTIFICATE_TYPE 0x00000080
-+#define CKA_ISSUER 0x00000081
-+#define CKA_SERIAL_NUMBER 0x00000082
-+
-+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
-+ * for v2.10 */
-+#define CKA_AC_ISSUER 0x00000083
-+#define CKA_OWNER 0x00000084
-+#define CKA_ATTR_TYPES 0x00000085
-+
-+/* CKA_TRUSTED is new for v2.11 */
-+#define CKA_TRUSTED 0x00000086
-+
-+/* CKA_CERTIFICATE_CATEGORY ...
-+ * CKA_CHECK_VALUE are new for v2.20 */
-+#define CKA_CERTIFICATE_CATEGORY 0x00000087
-+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
-+#define CKA_URL 0x00000089
-+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
-+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
-+#define CKA_CHECK_VALUE 0x00000090
-+
-+#define CKA_KEY_TYPE 0x00000100
-+#define CKA_SUBJECT 0x00000101
-+#define CKA_ID 0x00000102
-+#define CKA_SENSITIVE 0x00000103
-+#define CKA_ENCRYPT 0x00000104
-+#define CKA_DECRYPT 0x00000105
-+#define CKA_WRAP 0x00000106
-+#define CKA_UNWRAP 0x00000107
-+#define CKA_SIGN 0x00000108
-+#define CKA_SIGN_RECOVER 0x00000109
-+#define CKA_VERIFY 0x0000010A
-+#define CKA_VERIFY_RECOVER 0x0000010B
-+#define CKA_DERIVE 0x0000010C
-+#define CKA_START_DATE 0x00000110
-+#define CKA_END_DATE 0x00000111
-+#define CKA_MODULUS 0x00000120
-+#define CKA_MODULUS_BITS 0x00000121
-+#define CKA_PUBLIC_EXPONENT 0x00000122
-+#define CKA_PRIVATE_EXPONENT 0x00000123
-+#define CKA_PRIME_1 0x00000124
-+#define CKA_PRIME_2 0x00000125
-+#define CKA_EXPONENT_1 0x00000126
-+#define CKA_EXPONENT_2 0x00000127
-+#define CKA_COEFFICIENT 0x00000128
-+#define CKA_PRIME 0x00000130
-+#define CKA_SUBPRIME 0x00000131
-+#define CKA_BASE 0x00000132
-+
-+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
-+#define CKA_PRIME_BITS 0x00000133
-+#define CKA_SUBPRIME_BITS 0x00000134
-+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
-+/* (To retain backwards-compatibility) */
-+
-+#define CKA_VALUE_BITS 0x00000160
-+#define CKA_VALUE_LEN 0x00000161
-+
-+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
-+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
-+ * and CKA_EC_POINT are new for v2.0 */
-+#define CKA_EXTRACTABLE 0x00000162
-+#define CKA_LOCAL 0x00000163
-+#define CKA_NEVER_EXTRACTABLE 0x00000164
-+#define CKA_ALWAYS_SENSITIVE 0x00000165
-+
-+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
-+#define CKA_KEY_GEN_MECHANISM 0x00000166
-+
-+#define CKA_MODIFIABLE 0x00000170
-+
-+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
-+ * CKA_EC_PARAMS is preferred. */
-+#define CKA_ECDSA_PARAMS 0x00000180
-+#define CKA_EC_PARAMS 0x00000180
-+
-+#define CKA_EC_POINT 0x00000181
-+
-+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
-+ * are new for v2.10. Deprecated in v2.11 and onwards. */
-+#define CKA_SECONDARY_AUTH 0x00000200
-+#define CKA_AUTH_PIN_FLAGS 0x00000201
-+
-+/* CKA_ALWAYS_AUTHENTICATE ...
-+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
-+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
-+
-+#define CKA_WRAP_WITH_TRUSTED 0x00000210
-+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
-+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
-+
-+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
-+#define CKA_OTP_FORMAT 0x00000220
-+#define CKA_OTP_LENGTH 0x00000221
-+#define CKA_OTP_TIME_INTERVAL 0x00000222
-+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
-+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
-+#define CKA_OTP_TIME_REQUIREMENT 0x00000225
-+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
-+#define CKA_OTP_PIN_REQUIREMENT 0x00000227
-+#define CKA_OTP_COUNTER 0x0000022E
-+#define CKA_OTP_TIME 0x0000022F
-+#define CKA_OTP_USER_IDENTIFIER 0x0000022A
-+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
-+#define CKA_OTP_SERVICE_LOGO 0x0000022C
-+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
-+
-+
-+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
-+ * are new for v2.10 */
-+#define CKA_HW_FEATURE_TYPE 0x00000300
-+#define CKA_RESET_ON_INIT 0x00000301
-+#define CKA_HAS_RESET 0x00000302
-+
-+/* The following attributes are new for v2.20 */
-+#define CKA_PIXEL_X 0x00000400
-+#define CKA_PIXEL_Y 0x00000401
-+#define CKA_RESOLUTION 0x00000402
-+#define CKA_CHAR_ROWS 0x00000403
-+#define CKA_CHAR_COLUMNS 0x00000404
-+#define CKA_COLOR 0x00000405
-+#define CKA_BITS_PER_PIXEL 0x00000406
-+#define CKA_CHAR_SETS 0x00000480
-+#define CKA_ENCODING_METHODS 0x00000481
-+#define CKA_MIME_TYPES 0x00000482
-+#define CKA_MECHANISM_TYPE 0x00000500
-+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
-+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
-+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
-+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
-+
-+#define CKA_VENDOR_DEFINED 0x80000000
-+
-+/* CK_ATTRIBUTE is a structure that includes the type, length
-+ * and value of an attribute */
-+typedef struct CK_ATTRIBUTE {
-+ CK_ATTRIBUTE_TYPE type;
-+ CK_VOID_PTR pValue;
-+
-+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulValueLen; /* in bytes */
-+} CK_ATTRIBUTE;
-+
-+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-+
-+
-+/* CK_DATE is a structure that defines a date */
-+typedef struct CK_DATE{
-+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
-+ CK_CHAR month[2]; /* the month ("01" - "12") */
-+ CK_CHAR day[2]; /* the day ("01" - "31") */
-+} CK_DATE;
-+
-+
-+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
-+ * type */
-+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_MECHANISM_TYPE;
-+
-+/* the following mechanism types are defined: */
-+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-+#define CKM_RSA_PKCS 0x00000001
-+#define CKM_RSA_9796 0x00000002
-+#define CKM_RSA_X_509 0x00000003
-+
-+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
-+ * are new for v2.0. They are mechanisms which hash and sign */
-+#define CKM_MD2_RSA_PKCS 0x00000004
-+#define CKM_MD5_RSA_PKCS 0x00000005
-+#define CKM_SHA1_RSA_PKCS 0x00000006
-+
-+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
-+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
-+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
-+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
-+#define CKM_RSA_PKCS_OAEP 0x00000009
-+
-+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
-+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
-+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
-+#define CKM_RSA_X9_31 0x0000000B
-+#define CKM_SHA1_RSA_X9_31 0x0000000C
-+#define CKM_RSA_PKCS_PSS 0x0000000D
-+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
-+
-+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-+#define CKM_DSA 0x00000011
-+#define CKM_DSA_SHA1 0x00000012
-+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-+#define CKM_DH_PKCS_DERIVE 0x00000021
-+
-+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
-+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
-+ * v2.11 */
-+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
-+#define CKM_X9_42_DH_DERIVE 0x00000031
-+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
-+#define CKM_X9_42_MQV_DERIVE 0x00000033
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_RSA_PKCS 0x00000040
-+#define CKM_SHA384_RSA_PKCS 0x00000041
-+#define CKM_SHA512_RSA_PKCS 0x00000042
-+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
-+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
-+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
-+
-+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_RSA_PKCS 0x00000046
-+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
-+
-+#define CKM_RC2_KEY_GEN 0x00000100
-+#define CKM_RC2_ECB 0x00000101
-+#define CKM_RC2_CBC 0x00000102
-+#define CKM_RC2_MAC 0x00000103
-+
-+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-+#define CKM_RC2_MAC_GENERAL 0x00000104
-+#define CKM_RC2_CBC_PAD 0x00000105
-+
-+#define CKM_RC4_KEY_GEN 0x00000110
-+#define CKM_RC4 0x00000111
-+#define CKM_DES_KEY_GEN 0x00000120
-+#define CKM_DES_ECB 0x00000121
-+#define CKM_DES_CBC 0x00000122
-+#define CKM_DES_MAC 0x00000123
-+
-+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-+#define CKM_DES_MAC_GENERAL 0x00000124
-+#define CKM_DES_CBC_PAD 0x00000125
-+
-+#define CKM_DES2_KEY_GEN 0x00000130
-+#define CKM_DES3_KEY_GEN 0x00000131
-+#define CKM_DES3_ECB 0x00000132
-+#define CKM_DES3_CBC 0x00000133
-+#define CKM_DES3_MAC 0x00000134
-+
-+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
-+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
-+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-+#define CKM_DES3_MAC_GENERAL 0x00000135
-+#define CKM_DES3_CBC_PAD 0x00000136
-+#define CKM_CDMF_KEY_GEN 0x00000140
-+#define CKM_CDMF_ECB 0x00000141
-+#define CKM_CDMF_CBC 0x00000142
-+#define CKM_CDMF_MAC 0x00000143
-+#define CKM_CDMF_MAC_GENERAL 0x00000144
-+#define CKM_CDMF_CBC_PAD 0x00000145
-+
-+/* the following four DES mechanisms are new for v2.20 */
-+#define CKM_DES_OFB64 0x00000150
-+#define CKM_DES_OFB8 0x00000151
-+#define CKM_DES_CFB64 0x00000152
-+#define CKM_DES_CFB8 0x00000153
-+
-+#define CKM_MD2 0x00000200
-+
-+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD2_HMAC 0x00000201
-+#define CKM_MD2_HMAC_GENERAL 0x00000202
-+
-+#define CKM_MD5 0x00000210
-+
-+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD5_HMAC 0x00000211
-+#define CKM_MD5_HMAC_GENERAL 0x00000212
-+
-+#define CKM_SHA_1 0x00000220
-+
-+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-+#define CKM_SHA_1_HMAC 0x00000221
-+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-+
-+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
-+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
-+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
-+#define CKM_RIPEMD128 0x00000230
-+#define CKM_RIPEMD128_HMAC 0x00000231
-+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
-+#define CKM_RIPEMD160 0x00000240
-+#define CKM_RIPEMD160_HMAC 0x00000241
-+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256 0x00000250
-+#define CKM_SHA256_HMAC 0x00000251
-+#define CKM_SHA256_HMAC_GENERAL 0x00000252
-+
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224 0x00000255
-+#define CKM_SHA224_HMAC 0x00000256
-+#define CKM_SHA224_HMAC_GENERAL 0x00000257
-+
-+#define CKM_SHA384 0x00000260
-+#define CKM_SHA384_HMAC 0x00000261
-+#define CKM_SHA384_HMAC_GENERAL 0x00000262
-+#define CKM_SHA512 0x00000270
-+#define CKM_SHA512_HMAC 0x00000271
-+#define CKM_SHA512_HMAC_GENERAL 0x00000272
-+
-+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_SECURID_KEY_GEN 0x00000280
-+#define CKM_SECURID 0x00000282
-+
-+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_HOTP_KEY_GEN 0x00000290
-+#define CKM_HOTP 0x00000291
-+
-+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_ACTI 0x000002A0
-+#define CKM_ACTI_KEY_GEN 0x000002A1
-+
-+/* All of the following mechanisms are new for v2.0 */
-+/* Note that CAST128 and CAST5 are the same algorithm */
-+#define CKM_CAST_KEY_GEN 0x00000300
-+#define CKM_CAST_ECB 0x00000301
-+#define CKM_CAST_CBC 0x00000302
-+#define CKM_CAST_MAC 0x00000303
-+#define CKM_CAST_MAC_GENERAL 0x00000304
-+#define CKM_CAST_CBC_PAD 0x00000305
-+#define CKM_CAST3_KEY_GEN 0x00000310
-+#define CKM_CAST3_ECB 0x00000311
-+#define CKM_CAST3_CBC 0x00000312
-+#define CKM_CAST3_MAC 0x00000313
-+#define CKM_CAST3_MAC_GENERAL 0x00000314
-+#define CKM_CAST3_CBC_PAD 0x00000315
-+#define CKM_CAST5_KEY_GEN 0x00000320
-+#define CKM_CAST128_KEY_GEN 0x00000320
-+#define CKM_CAST5_ECB 0x00000321
-+#define CKM_CAST128_ECB 0x00000321
-+#define CKM_CAST5_CBC 0x00000322
-+#define CKM_CAST128_CBC 0x00000322
-+#define CKM_CAST5_MAC 0x00000323
-+#define CKM_CAST128_MAC 0x00000323
-+#define CKM_CAST5_MAC_GENERAL 0x00000324
-+#define CKM_CAST128_MAC_GENERAL 0x00000324
-+#define CKM_CAST5_CBC_PAD 0x00000325
-+#define CKM_CAST128_CBC_PAD 0x00000325
-+#define CKM_RC5_KEY_GEN 0x00000330
-+#define CKM_RC5_ECB 0x00000331
-+#define CKM_RC5_CBC 0x00000332
-+#define CKM_RC5_MAC 0x00000333
-+#define CKM_RC5_MAC_GENERAL 0x00000334
-+#define CKM_RC5_CBC_PAD 0x00000335
-+#define CKM_IDEA_KEY_GEN 0x00000340
-+#define CKM_IDEA_ECB 0x00000341
-+#define CKM_IDEA_CBC 0x00000342
-+#define CKM_IDEA_MAC 0x00000343
-+#define CKM_IDEA_MAC_GENERAL 0x00000344
-+#define CKM_IDEA_CBC_PAD 0x00000345
-+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-+#define CKM_XOR_BASE_AND_DATA 0x00000364
-+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-+
-+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
-+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
-+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
-+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
-+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
-+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
-+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
-+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
-+
-+/* CKM_TLS_PRF is new for v2.20 */
-+#define CKM_TLS_PRF 0x00000378
-+
-+#define CKM_SSL3_MD5_MAC 0x00000380
-+#define CKM_SSL3_SHA1_MAC 0x00000381
-+#define CKM_MD5_KEY_DERIVATION 0x00000390
-+#define CKM_MD2_KEY_DERIVATION 0x00000391
-+#define CKM_SHA1_KEY_DERIVATION 0x00000392
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_KEY_DERIVATION 0x00000393
-+#define CKM_SHA384_KEY_DERIVATION 0x00000394
-+#define CKM_SHA512_KEY_DERIVATION 0x00000395
-+
-+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_KEY_DERIVATION 0x00000396
-+
-+#define CKM_PBE_MD2_DES_CBC 0x000003A0
-+#define CKM_PBE_MD5_DES_CBC 0x000003A1
-+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-+#define CKM_PBE_SHA1_RC4_128 0x000003A6
-+#define CKM_PBE_SHA1_RC4_40 0x000003A7
-+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-+
-+/* CKM_PKCS5_PBKD2 is new for v2.10 */
-+#define CKM_PKCS5_PBKD2 0x000003B0
-+
-+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-+
-+/* WTLS mechanisms are new for v2.20 */
-+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
-+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
-+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
-+#define CKM_WTLS_PRF 0x000003D3
-+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
-+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
-+
-+#define CKM_KEY_WRAP_LYNKS 0x00000400
-+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-+
-+/* CKM_CMS_SIG is new for v2.20 */
-+#define CKM_CMS_SIG 0x00000500
-+
-+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
-+#define CKM_KIP_DERIVE 0x00000510
-+#define CKM_KIP_WRAP 0x00000511
-+#define CKM_KIP_MAC 0x00000512
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_CAMELLIA_KEY_GEN 0x00000550
-+#define CKM_CAMELLIA_ECB 0x00000551
-+#define CKM_CAMELLIA_CBC 0x00000552
-+#define CKM_CAMELLIA_MAC 0x00000553
-+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
-+#define CKM_CAMELLIA_CBC_PAD 0x00000555
-+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
-+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
-+#define CKM_CAMELLIA_CTR 0x00000558
-+
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_ARIA_KEY_GEN 0x00000560
-+#define CKM_ARIA_ECB 0x00000561
-+#define CKM_ARIA_CBC 0x00000562
-+#define CKM_ARIA_MAC 0x00000563
-+#define CKM_ARIA_MAC_GENERAL 0x00000564
-+#define CKM_ARIA_CBC_PAD 0x00000565
-+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
-+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
-+
-+/* Fortezza mechanisms */
-+#define CKM_SKIPJACK_KEY_GEN 0x00001000
-+#define CKM_SKIPJACK_ECB64 0x00001001
-+#define CKM_SKIPJACK_CBC64 0x00001002
-+#define CKM_SKIPJACK_OFB64 0x00001003
-+#define CKM_SKIPJACK_CFB64 0x00001004
-+#define CKM_SKIPJACK_CFB32 0x00001005
-+#define CKM_SKIPJACK_CFB16 0x00001006
-+#define CKM_SKIPJACK_CFB8 0x00001007
-+#define CKM_SKIPJACK_WRAP 0x00001008
-+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-+#define CKM_SKIPJACK_RELAYX 0x0000100a
-+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-+#define CKM_KEA_KEY_DERIVE 0x00001011
-+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-+#define CKM_BATON_KEY_GEN 0x00001030
-+#define CKM_BATON_ECB128 0x00001031
-+#define CKM_BATON_ECB96 0x00001032
-+#define CKM_BATON_CBC128 0x00001033
-+#define CKM_BATON_COUNTER 0x00001034
-+#define CKM_BATON_SHUFFLE 0x00001035
-+#define CKM_BATON_WRAP 0x00001036
-+
-+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
-+ * CKM_EC_KEY_PAIR_GEN is preferred */
-+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-+#define CKM_EC_KEY_PAIR_GEN 0x00001040
-+
-+#define CKM_ECDSA 0x00001041
-+#define CKM_ECDSA_SHA1 0x00001042
-+
-+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
-+ * are new for v2.11 */
-+#define CKM_ECDH1_DERIVE 0x00001050
-+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
-+#define CKM_ECMQV_DERIVE 0x00001052
-+
-+#define CKM_JUNIPER_KEY_GEN 0x00001060
-+#define CKM_JUNIPER_ECB128 0x00001061
-+#define CKM_JUNIPER_CBC128 0x00001062
-+#define CKM_JUNIPER_COUNTER 0x00001063
-+#define CKM_JUNIPER_SHUFFLE 0x00001064
-+#define CKM_JUNIPER_WRAP 0x00001065
-+#define CKM_FASTHASH 0x00001070
-+
-+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
-+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
-+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
-+ * new for v2.11 */
-+#define CKM_AES_KEY_GEN 0x00001080
-+#define CKM_AES_ECB 0x00001081
-+#define CKM_AES_CBC 0x00001082
-+#define CKM_AES_MAC 0x00001083
-+#define CKM_AES_MAC_GENERAL 0x00001084
-+#define CKM_AES_CBC_PAD 0x00001085
-+
-+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_AES_CTR 0x00001086
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKM_BLOWFISH_KEY_GEN 0x00001090
-+#define CKM_BLOWFISH_CBC 0x00001091
-+#define CKM_TWOFISH_KEY_GEN 0x00001092
-+#define CKM_TWOFISH_CBC 0x00001093
-+
-+
-+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
-+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
-+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
-+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
-+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
-+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
-+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
-+
-+#define CKM_DSA_PARAMETER_GEN 0x00002000
-+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
-+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
-+
-+#define CKM_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-+
-+
-+/* CK_MECHANISM is a structure that specifies a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM {
-+ CK_MECHANISM_TYPE mechanism;
-+ CK_VOID_PTR pParameter;
-+
-+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulParameterLen; /* in bytes */
-+} CK_MECHANISM;
-+
-+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-+
-+
-+/* CK_MECHANISM_INFO provides information about a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM_INFO {
-+ CK_ULONG ulMinKeySize;
-+ CK_ULONG ulMaxKeySize;
-+ CK_FLAGS flags;
-+} CK_MECHANISM_INFO;
-+
-+/* The flags are defined as follows:
-+ * Bit Flag Mask Meaning */
-+#define CKF_HW 0x00000001 /* performed by HW */
-+
-+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
-+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
-+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
-+ * and CKF_DERIVE are new for v2.0. They specify whether or not
-+ * a mechanism can be used for a particular task */
-+#define CKF_ENCRYPT 0x00000100
-+#define CKF_DECRYPT 0x00000200
-+#define CKF_DIGEST 0x00000400
-+#define CKF_SIGN 0x00000800
-+#define CKF_SIGN_RECOVER 0x00001000
-+#define CKF_VERIFY 0x00002000
-+#define CKF_VERIFY_RECOVER 0x00004000
-+#define CKF_GENERATE 0x00008000
-+#define CKF_GENERATE_KEY_PAIR 0x00010000
-+#define CKF_WRAP 0x00020000
-+#define CKF_UNWRAP 0x00040000
-+#define CKF_DERIVE 0x00080000
-+
-+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
-+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
-+ * describe a token's EC capabilities not available in mechanism
-+ * information. */
-+#define CKF_EC_F_P 0x00100000
-+#define CKF_EC_F_2M 0x00200000
-+#define CKF_EC_ECPARAMETERS 0x00400000
-+#define CKF_EC_NAMEDCURVE 0x00800000
-+#define CKF_EC_UNCOMPRESS 0x01000000
-+#define CKF_EC_COMPRESS 0x02000000
-+
-+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
-+
-+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-+
-+
-+/* CK_RV is a value that identifies the return value of a
-+ * Cryptoki function */
-+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_RV;
-+
-+#define CKR_OK 0x00000000
-+#define CKR_CANCEL 0x00000001
-+#define CKR_HOST_MEMORY 0x00000002
-+#define CKR_SLOT_ID_INVALID 0x00000003
-+
-+/* CKR_FLAGS_INVALID was removed for v2.0 */
-+
-+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-+#define CKR_GENERAL_ERROR 0x00000005
-+#define CKR_FUNCTION_FAILED 0x00000006
-+
-+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
-+ * and CKR_CANT_LOCK are new for v2.01 */
-+#define CKR_ARGUMENTS_BAD 0x00000007
-+#define CKR_NO_EVENT 0x00000008
-+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-+#define CKR_CANT_LOCK 0x0000000A
-+
-+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-+#define CKR_DATA_INVALID 0x00000020
-+#define CKR_DATA_LEN_RANGE 0x00000021
-+#define CKR_DEVICE_ERROR 0x00000030
-+#define CKR_DEVICE_MEMORY 0x00000031
-+#define CKR_DEVICE_REMOVED 0x00000032
-+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-+#define CKR_FUNCTION_CANCELED 0x00000050
-+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-+
-+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-+
-+#define CKR_KEY_HANDLE_INVALID 0x00000060
-+
-+/* CKR_KEY_SENSITIVE was removed for v2.0 */
-+
-+#define CKR_KEY_SIZE_RANGE 0x00000062
-+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-+
-+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
-+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
-+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
-+ * v2.0 */
-+#define CKR_KEY_NOT_NEEDED 0x00000064
-+#define CKR_KEY_CHANGED 0x00000065
-+#define CKR_KEY_NEEDED 0x00000066
-+#define CKR_KEY_INDIGESTIBLE 0x00000067
-+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-+
-+#define CKR_MECHANISM_INVALID 0x00000070
-+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-+
-+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
-+ * were removed for v2.0 */
-+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-+#define CKR_OPERATION_ACTIVE 0x00000090
-+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-+#define CKR_PIN_INCORRECT 0x000000A0
-+#define CKR_PIN_INVALID 0x000000A1
-+#define CKR_PIN_LEN_RANGE 0x000000A2
-+
-+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-+#define CKR_PIN_EXPIRED 0x000000A3
-+#define CKR_PIN_LOCKED 0x000000A4
-+
-+#define CKR_SESSION_CLOSED 0x000000B0
-+#define CKR_SESSION_COUNT 0x000000B1
-+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-+#define CKR_SESSION_READ_ONLY 0x000000B5
-+#define CKR_SESSION_EXISTS 0x000000B6
-+
-+/* CKR_SESSION_READ_ONLY_EXISTS and
-+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-+
-+#define CKR_SIGNATURE_INVALID 0x000000C0
-+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-+#define CKR_USER_NOT_LOGGED_IN 0x00000101
-+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-+#define CKR_USER_TYPE_INVALID 0x00000103
-+
-+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
-+ * are new to v2.01 */
-+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-+#define CKR_USER_TOO_MANY_TYPES 0x00000105
-+
-+#define CKR_WRAPPED_KEY_INVALID 0x00000110
-+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-+
-+/* These are new to v2.0 */
-+#define CKR_RANDOM_NO_RNG 0x00000121
-+
-+/* These are new to v2.11 */
-+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
-+
-+/* These are new to v2.0 */
-+#define CKR_BUFFER_TOO_SMALL 0x00000150
-+#define CKR_SAVED_STATE_INVALID 0x00000160
-+#define CKR_INFORMATION_SENSITIVE 0x00000170
-+#define CKR_STATE_UNSAVEABLE 0x00000180
-+
-+/* These are new to v2.01 */
-+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-+#define CKR_MUTEX_BAD 0x000001A0
-+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-+
-+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
-+#define CKR_NEW_PIN_MODE 0x000001B0
-+#define CKR_NEXT_OTP 0x000001B1
-+
-+/* This is new to v2.20 */
-+#define CKR_FUNCTION_REJECTED 0x00000200
-+
-+#define CKR_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_NOTIFY is an application callback that processes events */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_NOTIFICATION event,
-+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
-+);
-+
-+
-+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
-+ * version and pointers of appropriate types to all the
-+ * Cryptoki functions */
-+/* CK_FUNCTION_LIST is new for v2.0 */
-+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-+
-+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-+
-+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-+
-+
-+/* CK_CREATEMUTEX is an application callback for creating a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-+);
-+
-+
-+/* CK_DESTROYMUTEX is an application callback for destroying a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_LOCKMUTEX is an application callback for locking a mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_UNLOCKMUTEX is an application callback for unlocking a
-+ * mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
-+ * C_Initialize */
-+typedef struct CK_C_INITIALIZE_ARGS {
-+ CK_CREATEMUTEX CreateMutex;
-+ CK_DESTROYMUTEX DestroyMutex;
-+ CK_LOCKMUTEX LockMutex;
-+ CK_UNLOCKMUTEX UnlockMutex;
-+ CK_FLAGS flags;
-+ CK_VOID_PTR pReserved;
-+} CK_C_INITIALIZE_ARGS;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-+#define CKF_OS_LOCKING_OK 0x00000002
-+
-+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-+
-+
-+/* additional flags for parameters to functions */
-+
-+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-+#define CKF_DONT_BLOCK 1
-+
-+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
-+ * Generation Function (MGF) applied to a message block when
-+ * formatting a message block for the PKCS #1 OAEP encryption
-+ * scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-+
-+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-+
-+/* The following MGFs are defined */
-+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
-+ * are new for v2.20 */
-+#define CKG_MGF1_SHA1 0x00000001
-+#define CKG_MGF1_SHA256 0x00000002
-+#define CKG_MGF1_SHA384 0x00000003
-+#define CKG_MGF1_SHA512 0x00000004
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKG_MGF1_SHA224 0x00000005
-+
-+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
-+ * of the encoding parameter when formatting a message block
-+ * for the PKCS #1 OAEP encryption scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-+
-+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-+
-+/* The following encoding parameter sources are defined */
-+#define CKZ_DATA_SPECIFIED 0x00000001
-+
-+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_OAEP mechanism. */
-+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-+ CK_VOID_PTR pSourceData;
-+ CK_ULONG ulSourceDataLen;
-+} CK_RSA_PKCS_OAEP_PARAMS;
-+
-+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-+
-+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
-+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_PSS mechanism(s). */
-+typedef struct CK_RSA_PKCS_PSS_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_ULONG sLen;
-+} CK_RSA_PKCS_PSS_PARAMS;
-+
-+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-+
-+/* CK_EC_KDF_TYPE is new for v2.11. */
-+typedef CK_ULONG CK_EC_KDF_TYPE;
-+
-+/* The following EC Key Derivation Functions are defined */
-+#define CKD_NULL 0x00000001
-+#define CKD_SHA1_KDF 0x00000002
-+
-+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
-+ * where each party contributes one key pair.
-+ */
-+typedef struct CK_ECDH1_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_ECDH1_DERIVE_PARAMS;
-+
-+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
-+typedef struct CK_ECDH2_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_ECDH2_DERIVE_PARAMS;
-+
-+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_ECMQV_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_ECMQV_DERIVE_PARAMS;
-+
-+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-+
-+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
-+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
-+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-+
-+/* The following X9.42 DH key derivation functions are defined
-+ (besides CKD_NULL already defined : */
-+#define CKD_SHA1_KDF_ASN1 0x00000003
-+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
-+
-+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
-+ * contributes one key pair */
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_X9_42_DH1_DERIVE_PARAMS;
-+
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-+
-+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
-+ * mechanisms, where each party contributes two key pairs */
-+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_X9_42_DH2_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_X9_42_MQV_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-+
-+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
-+ * CKM_KEA_DERIVE mechanism */
-+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-+typedef struct CK_KEA_DERIVE_PARAMS {
-+ CK_BBOOL isSender;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pRandomB;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_KEA_DERIVE_PARAMS;
-+
-+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
-+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
-+ * holds the effective keysize */
-+typedef CK_ULONG CK_RC2_PARAMS;
-+
-+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-+
-+
-+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
-+ * mechanism */
-+typedef struct CK_RC2_CBC_PARAMS {
-+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+
-+ CK_BYTE iv[8]; /* IV for CBC mode */
-+} CK_RC2_CBC_PARAMS;
-+
-+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC2_MAC_GENERAL mechanism */
-+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC2_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
-+ * CKM_RC5_MAC mechanisms */
-+/* CK_RC5_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+} CK_RC5_PARAMS;
-+
-+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-+
-+
-+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
-+ * mechanism */
-+/* CK_RC5_CBC_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_CBC_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_BYTE_PTR pIv; /* pointer to IV */
-+ CK_ULONG ulIvLen; /* length of IV in bytes */
-+} CK_RC5_CBC_PARAMS;
-+
-+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC5_MAC_GENERAL mechanism */
-+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC5_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
-+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
-+ * the MAC */
-+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-+
-+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-+
-+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
-+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[8];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pPassword;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPAndGLen;
-+ CK_ULONG ulQLen;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pPrimeP;
-+ CK_BYTE_PTR pBaseG;
-+ CK_BYTE_PTR pSubprimeQ;
-+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-+
-+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
-+
-+
-+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_RELAYX mechanism */
-+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-+ CK_ULONG ulOldWrappedXLen;
-+ CK_BYTE_PTR pOldWrappedX;
-+ CK_ULONG ulOldPasswordLen;
-+ CK_BYTE_PTR pOldPassword;
-+ CK_ULONG ulOldPublicDataLen;
-+ CK_BYTE_PTR pOldPublicData;
-+ CK_ULONG ulOldRandomLen;
-+ CK_BYTE_PTR pOldRandomA;
-+ CK_ULONG ulNewPasswordLen;
-+ CK_BYTE_PTR pNewPassword;
-+ CK_ULONG ulNewPublicDataLen;
-+ CK_BYTE_PTR pNewPublicData;
-+ CK_ULONG ulNewRandomLen;
-+ CK_BYTE_PTR pNewRandomA;
-+} CK_SKIPJACK_RELAYX_PARAMS;
-+
-+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
-+
-+
-+typedef struct CK_PBE_PARAMS {
-+ CK_BYTE_PTR pInitVector;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pSalt;
-+ CK_ULONG ulSaltLen;
-+ CK_ULONG ulIteration;
-+} CK_PBE_PARAMS;
-+
-+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-+
-+
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
-+ * CKM_KEY_WRAP_SET_OAEP mechanism */
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-+ CK_BYTE bBC; /* block contents byte */
-+ CK_BYTE_PTR pX; /* extra data */
-+ CK_ULONG ulXLen; /* length of extra data in bytes */
-+} CK_KEY_WRAP_SET_OAEP_PARAMS;
-+
-+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
-+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_SSL3_RANDOM_DATA;
-+
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_VERSION_PTR pVersion;
-+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hClientMacSecret;
-+ CK_OBJECT_HANDLE hServerMacSecret;
-+ CK_OBJECT_HANDLE hClientKey;
-+ CK_OBJECT_HANDLE hServerKey;
-+ CK_BYTE_PTR pIVClient;
-+ CK_BYTE_PTR pIVServer;
-+} CK_SSL3_KEY_MAT_OUT;
-+
-+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_PARAMS {
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_BBOOL bIsExport;
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_SSL3_KEY_MAT_PARAMS;
-+
-+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-+
-+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
-+typedef struct CK_TLS_PRF_PARAMS {
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_TLS_PRF_PARAMS;
-+
-+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-+
-+/* WTLS is new for version 2.20 */
-+typedef struct CK_WTLS_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_WTLS_RANDOM_DATA;
-+
-+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-+
-+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_BYTE_PTR pVersion;
-+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_PRF_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_WTLS_PRF_PARAMS;
-+
-+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hMacSecret;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pIV;
-+} CK_WTLS_KEY_MAT_OUT;
-+
-+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_ULONG ulSequenceNumber;
-+ CK_BBOOL bIsExport;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_WTLS_KEY_MAT_PARAMS;
-+
-+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-+
-+/* CMS is new for version 2.20 */
-+typedef struct CK_CMS_SIG_PARAMS {
-+ CK_OBJECT_HANDLE certificateHandle;
-+ CK_MECHANISM_PTR pSigningMechanism;
-+ CK_MECHANISM_PTR pDigestMechanism;
-+ CK_UTF8CHAR_PTR pContentType;
-+ CK_BYTE_PTR pRequestedAttributes;
-+ CK_ULONG ulRequestedAttributesLen;
-+ CK_BYTE_PTR pRequiredAttributes;
-+ CK_ULONG ulRequiredAttributesLen;
-+} CK_CMS_SIG_PARAMS;
-+
-+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-+
-+typedef struct CK_KEY_DERIVATION_STRING_DATA {
-+ CK_BYTE_PTR pData;
-+ CK_ULONG ulLen;
-+} CK_KEY_DERIVATION_STRING_DATA;
-+
-+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-+ CK_KEY_DERIVATION_STRING_DATA_PTR;
-+
-+
-+/* The CK_EXTRACT_PARAMS is used for the
-+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
-+ * of the base key should be used as the first bit of the
-+ * derived key */
-+/* CK_EXTRACT_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_EXTRACT_PARAMS;
-+
-+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-+
-+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
-+ * indicate the Pseudo-Random Function (PRF) used to generate
-+ * key bits using PKCS #5 PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-+
-+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-+
-+/* The following PRFs are defined in PKCS #5 v2.0. */
-+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
-+
-+
-+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
-+ * source of the salt value when deriving a key using PKCS #5
-+ * PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-+
-+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-+
-+/* The following salt value sources are defined in PKCS #5 v2.0. */
-+#define CKZ_SALT_SPECIFIED 0x00000001
-+
-+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
-+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
-+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
-+typedef struct CK_PKCS5_PBKD2_PARAMS {
-+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-+ CK_VOID_PTR pSaltSourceData;
-+ CK_ULONG ulSaltSourceDataLen;
-+ CK_ULONG iterations;
-+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-+ CK_VOID_PTR pPrfData;
-+ CK_ULONG ulPrfDataLen;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG_PTR ulPasswordLen;
-+} CK_PKCS5_PBKD2_PARAMS;
-+
-+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-+
-+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
-+
-+typedef CK_ULONG CK_OTP_PARAM_TYPE;
-+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
-+
-+typedef struct CK_OTP_PARAM {
-+ CK_OTP_PARAM_TYPE type;
-+ CK_VOID_PTR pValue;
-+ CK_ULONG ulValueLen;
-+} CK_OTP_PARAM;
-+
-+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-+
-+typedef struct CK_OTP_PARAMS {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_PARAMS;
-+
-+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-+
-+typedef struct CK_OTP_SIGNATURE_INFO {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_SIGNATURE_INFO;
-+
-+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CK_OTP_VALUE 0
-+#define CK_OTP_PIN 1
-+#define CK_OTP_CHALLENGE 2
-+#define CK_OTP_TIME 3
-+#define CK_OTP_COUNTER 4
-+#define CK_OTP_FLAGS 5
-+#define CK_OTP_OUTPUT_LENGTH 6
-+#define CK_OTP_OUTPUT_FORMAT 7
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CKF_NEXT_OTP 0x00000001
-+#define CKF_EXCLUDE_TIME 0x00000002
-+#define CKF_EXCLUDE_COUNTER 0x00000004
-+#define CKF_EXCLUDE_CHALLENGE 0x00000008
-+#define CKF_EXCLUDE_PIN 0x00000010
-+#define CKF_USER_FRIENDLY_OTP 0x00000020
-+
-+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
-+typedef struct CK_KIP_PARAMS {
-+ CK_MECHANISM_PTR pMechanism;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+} CK_KIP_PARAMS;
-+
-+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-+
-+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_AES_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_AES_CTR_PARAMS;
-+
-+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_CAMELLIA_CTR_PARAMS;
-+
-+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+#endif
-Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.8.2.1.4.1 openssl/util/libeay.num:1.10
---- openssl/util/libeay.num:1.8.2.1.4.1 Tue Jun 19 15:30:18 2012
-+++ openssl/util/libeay.num Tue Jun 19 16:18:10 2012
-@@ -4310,3 +4310,5 @@
- BIO_s_datagram_sctp 4680 EXIST::FUNCTION:DGRAM,SCTP
- BIO_dgram_is_sctp 4681 EXIST::FUNCTION:SCTP
- BIO_dgram_sctp_notification_cb 4682 EXIST::FUNCTION:SCTP
-+ENGINE_load_pk11ca 4683 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
-+ENGINE_load_pk11so 4683 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
-Index: openssl/util/mk1mf.pl
-diff -u openssl/util/mk1mf.pl:1.9.2.1.4.1 openssl/util/mk1mf.pl:1.10
---- openssl/util/mk1mf.pl:1.9.2.1.4.1 Tue Jun 19 15:30:18 2012
-+++ openssl/util/mk1mf.pl Tue Jun 19 16:18:10 2012
-@@ -114,6 +114,8 @@
- no-ecdh - No ECDH
- no-engine - No engine
- no-hw - No hw
-+ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
-+ no-hw-pkcs11so - No hw PKCS#11 SO flavor
- nasm - Use NASM for x86 asm
- nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
-@@ -278,6 +280,8 @@
- $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
- $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
- $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
-+$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
- $cflags.=" -DOPENSSL_FIPS" if $fips;
- $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
- $cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
-@@ -345,6 +349,9 @@
- $dir=$val;
- }
-
-+ if ($key eq "PK11_LIB_LOCATION")
-+ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
-+
- if ($key eq "KRB5_INCLUDES")
- { $cflags .= " $val";}
-
-@@ -1131,6 +1138,8 @@
- "no-gost" => \$no_gost,
- "no-engine" => \$no_engine,
- "no-hw" => \$no_hw,
-+ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
-+ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
- "no-rsax" => 0,
- "just-ssl" =>
- [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
-Index: openssl/util/mkdef.pl
-diff -u openssl/util/mkdef.pl:1.7.2.1.4.1 openssl/util/mkdef.pl:1.9
---- openssl/util/mkdef.pl:1.7.2.1.4.1 Tue Jun 19 15:30:18 2012
-+++ openssl/util/mkdef.pl Tue Jun 19 16:18:10 2012
-@@ -96,7 +96,7 @@
- # External "algorithms"
- "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
- # Engines
-- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-+ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
- # RFC3779
- "RFC3779",
- # TLS
-@@ -133,6 +133,7 @@
- my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
- my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
- my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
-+my $no_pkcs11ca; my $no_pkcs11so;
- my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
- my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
- my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
-@@ -235,6 +236,8 @@
- elsif (/^no-jpake$/) { $no_jpake=1; }
- elsif (/^no-srp$/) { $no_srp=1; }
- elsif (/^no-sctp$/) { $no_sctp=1; }
-+ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
-+ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
- }
-
-
-@@ -1189,6 +1192,8 @@
- if ($keyword eq "KRB5" && $no_krb5) { return 0; }
- if ($keyword eq "ENGINE" && $no_engine) { return 0; }
- if ($keyword eq "HW" && $no_hw) { return 0; }
-+ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
-+ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
-Index: openssl/util/pl/VC-32.pl
-diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1 openssl/util/pl/VC-32.pl:1.8
---- openssl/util/pl/VC-32.pl:1.7.2.1.4.1 Tue Jun 19 15:30:18 2012
-+++ openssl/util/pl/VC-32.pl Tue Jun 19 16:18:10 2012
-@@ -46,7 +46,7 @@
- my $f = $shlib || $fips ?' /MD':' /MT';
- $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
- $opt_cflags=$f.' /Ox';
-- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-+ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
-
- *::perlasm_compile_target = sub {
Added: vendor/bind/dist/bin/pkcs11/openssl-1.0.1h-patch
===================================================================
--- vendor/bind/dist/bin/pkcs11/openssl-1.0.1h-patch (rev 0)
+++ vendor/bind/dist/bin/pkcs11/openssl-1.0.1h-patch 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,15784 @@
+Index: openssl/Configure
+diff -u openssl/Configure:1.9.2.1.2.1.2.1.2.1.2.1.2.1 openssl/Configure:1.15
+--- openssl/Configure:1.9.2.1.2.1.2.1.2.1.2.1.2.1 Mon Apr 14 12:42:45 2014
++++ openssl/Configure Mon Apr 14 12:44:20 2014
+@@ -10,7 +10,7 @@
+
+ # see INSTALL for instructions.
+
+-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
++my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION --pk11-flavor=FLAVOR [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+ # Options:
+ #
+@@ -23,6 +23,12 @@
+ # default). This needn't be set in advance, you can
+ # just as well use "make INSTALL_PREFIX=/whatever install".
+ #
++# --pk11-libname PKCS#11 library name.
++# (No default)
++#
++# --pk11-flavor either crypto-accelerator or sign-only
++# (No default)
++#
+ # --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
+ # to live in the subdirectory lib/ and the header files in
+ # include/. A value is required.
+@@ -352,7 +358,7 @@
+ "linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IA-32 targets...
+ "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+ ####
+ "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -360,7 +366,7 @@
+ "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT -pthread::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+@@ -657,6 +663,10 @@
+ my $idx_arflags = $idx++;
+ my $idx_multilib = $idx++;
+
++# PKCS#11 engine patch
++my $pk11_libname="";
++my $pk11_flavor="";
++
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
+@@ -876,6 +886,14 @@
+ $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+ $flags.=$_." ";
+ }
++ elsif (/^--pk11-libname=(.*)$/)
++ {
++ $pk11_libname=$1;
++ }
++ elsif (/^--pk11-flavor=(.*)$/)
++ {
++ $pk11_flavor=$1;
++ }
+ elsif (/^--prefix=(.*)$/)
+ {
+ $prefix=$1;
+@@ -1043,6 +1061,22 @@
+ exit 0;
+ }
+
++if (! $pk11_libname)
++ {
++ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
++ print STDERR "See README.pkcs11 for more information.\n";
++ exit 1;
++ }
++
++if (! $pk11_flavor
++ || !($pk11_flavor eq "crypto-accelerator" || $pk11_flavor eq "sign-only"))
++ {
++ print STDERR "You must set --pk11-flavor.\n";
++ print STDERR "Choices are crypto-accelerator and sign-only.\n";
++ print STDERR "See README.pkcs11 for more information.\n";
++ exit 1;
++ }
++
+ if ($target =~ m/^CygWin32(-.*)$/) {
+ $target = "Cygwin".$1;
+ }
+@@ -1120,6 +1154,25 @@
+ $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+ }
+
++if ($pk11_flavor eq "crypto-accelerator")
++ {
++ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11SO\n";
++ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
++ $depflags .= " -DOPENSSL_NO_HW_PKCS11SO";
++ $options .= " no-hw-pkcs11so";
++ print " no-hw-pkcs11so [pk11-flavor]";
++ print " OPENSSL_NO_HW_PKCS11SO\n";
++ }
++else
++ {
++ $openssl_other_defines .= "#define OPENSSL_NO_HW_PKCS11CA\n";
++ $default_depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
++ $depflags .= " -DOPENSSL_NO_HW_PKCS11CA";
++ $options .= " no-hw-pkcs11ca";
++ print " no-hw-pkcs11ca [pk11-flavor]";
++ print " OPENSSL_NO_HW_PKCS11CA\n";
++}
++
+ my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
+
+ $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
+@@ -1209,6 +1262,8 @@
+ if ($flags ne "") { $cflags="$flags$cflags"; }
+ else { $no_user_cflags=1; }
+
++$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
++
+ # Kerberos settings. The flavor must be provided from outside, either through
+ # the script "config" or manually.
+ if (!$no_krb5)
+@@ -1598,6 +1653,7 @@
+ s/^VERSION=.*/VERSION=$version/;
+ s/^MAJOR=.*/MAJOR=$major/;
+ s/^MINOR=.*/MINOR=$minor/;
++ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
+ s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+ s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+Index: openssl/Makefile.org
+diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1.2.1.2.1 openssl/Makefile.org:1.10
+--- openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1.2.1.2.1 Mon Apr 14 12:42:45 2014
++++ openssl/Makefile.org Mon Apr 14 12:44:20 2014
+@@ -26,6 +26,9 @@
+ INSTALL_PREFIX=
+ INSTALLTOP=/usr/local/ssl
+
++# You must set this through --pk11-libname configure option.
++PK11_LIB_LOCATION=
++
+ # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+ OPENSSLDIR=/usr/local/ssl
+
+Index: openssl/README.pkcs11
+diff -u /dev/null openssl/README.pkcs11:1.8
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/README.pkcs11 Fri Oct 4 14:16:43 2013
+@@ -0,0 +1,266 @@
++ISC modified
++============
++
++The previous key naming scheme was kept for backward compatibility.
++
++The PKCS#11 engine exists in two flavors, crypto-accelerator and
++sign-only. The first one is from the Solaris patch and uses the
++PKCS#11 device for all crypto operations it supports. The second
++is a stripped down version which provides only the useful
++function (i.e., signature with a RSA private key in the device
++protected key store and key loading).
++
++As a hint PKCS#11 boards should use the crypto-accelerator flavor,
++external PKCS#11 devices the sign-only. SCA 6000 is an example
++of the first, AEP Keyper of the second.
++
++Note it is mandatory to set a pk11-flavor (and only one) in
++config/Configure.
++
++It is highly recommended to compile in (vs. as a DSO) the engine.
++The way to configure this is system dependent, on Unixes it is no-shared
++(and is in general the default), on WIN32 it is enable-static-engine
++(and still enable to build the OpenSSL libraries as DLLs).
++
++PKCS#11 engine support for OpenSSL 0.9.8l
++=========================================
++
++[Nov 19, 2009]
++
++Contents:
++
++Overview
++Revisions of the patch for 0.9.8 branch
++FAQs
++Feedback
++
++Overview
++========
++
++This patch containing code available in OpenSolaris adds support for PKCS#11
++engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
++OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
++must provide PKCS#11 backend otherwise the patch is useless. You provide the
++PKCS#11 library name during the build configuration phase, see below.
++
++Patch can be applied like this:
++
++ # NOTE: use gtar if on Solaris
++ tar xfzv openssl-0.9.8l.tar.gz
++ # now download the patch to the current directory
++ # ...
++ cd openssl-0.9.8l
++ # NOTE: must use gpatch if on Solaris (is part of the system)
++ patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
++
++It is designed to support pure acceleration for RSA, DSA, DH and all the
++symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
++except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
++
++According to the PKCS#11 providers installed on your machine, it can support
++following mechanisms:
++
++ RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
++ AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
++ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
++ SHA256, SHA384, SHA512
++
++Note that for AES counter mode the application must provide their own EVP
++functions since OpenSSL doesn't support counter mode through EVP yet. You may
++see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
++example of code that uses the PKCS#11 engine and deals with the fork-safety
++problem (see engine.c and packet.c files if interested).
++
++You must provide the location of PKCS#11 library in your system to the
++configure script. You will be instructed to do that when you try to run the
++config script:
++
++ $ ./config
++ Operating system: i86pc-whatever-solaris2
++ Configuring for solaris-x86-cc
++ You must set --pk11-libname for PKCS#11 library.
++ See README.pkcs11 for more information.
++
++Taking openCryptoki project on Linux AMD64 box as an example, you would run
++configure script like this:
++
++ ./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
++
++To check whether newly built openssl really supports PKCS#11 it's enough to run
++"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
++output. If you see no PKCS#11 engine support check that the built openssl binary
++and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
++
++The patch, during various phases of development, was tested on Solaris against
++PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
++OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
++(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
++information). Some Linux distributions even ship those libraries with the
++system. The patch should work on any system that is supported by OpenSSL itself
++and has functional PKCS#11 library.
++
++The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
++copyrighted by RSA Security Inc., see pkcs11.h for more information.
++
++Other added/modified code in this patch is copyrighted by Sun Microsystems,
++Inc. and is released under the OpenSSL license (see LICENSE file for more
++information).
++
++Revisions of the patch for 0.9.8 branch
++=======================================
++
++2009-11-19
++- adjusted for OpenSSL version 0.9.8l
++
++- bugs and RFEs:
++
++ 6479874 OpenSSL should support RSA key by reference/hardware keystores
++ 6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
++ 6732677 make check to trigger Solaris specific code automatic in the
++ PKCS#11 engine
++
++2009-03-11
++- adjusted for OpenSSL version 0.9.8j
++
++- README.pkcs11 moved out of the patch, and is shipped together with it in a
++ tarball instead so that it can be read before the patch is applied.
++
++- fixed bugs:
++
++ 6804216 pkcs#11 engine should support a key length range for RC4
++ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
++ meta slot is disabled
++
++2008-12-02
++- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
++
++ 6723504 more granular locking in PKCS#11 engine
++ 6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
++ 6710420 PKCS#11 engine source should be lint clean
++ 6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
++ it seriously
++ 6746712 PKCS#11 engine source code should be cstyle clean
++ 6731380 return codes of several functions are not checked in the PKCS#11
++ engine code
++ 6746735 PKCS#11 engine should use extended FILE space API
++ 6734038 Apache SSL web server using the pkcs11 engine fails to start if
++ meta slot is disabled
++
++2008-08-01
++- fixed bug
++
++ 6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
++ and digests
++
++- Solaris specific code for slot selection made automatic
++
++2008-07-29
++- update the patch to OpenSSL 0.9.8h version
++- pkcs11t.h updated to the latest version:
++
++ 6545665 make CKM_AES_CTR available to non-kernel users
++
++- fixed bugs in the engine code:
++
++ 6602801 PK11_SESSION cache has to employ reference counting scheme for
++ asymmetric key operations
++ 6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
++ atomically
++ 6607307 pkcs#11 engine can't read RSA private keys
++ 6652362 pk11_RSA_finish() is cutting corners
++ 6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
++ suboptimal way
++ 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
++ resilient to destroy failures
++ 6667273 OpenSSL engine should not use free() but OPENSSL_free()
++ 6670363 PKCS#11 engine fails to reuse existing symmetric keys
++ 6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
++ 6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
++ of big numbers leading to failures
++ 6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
++ -1
++ 6706622 pk11_load_{pub,priv}key create corrupted RSA key references
++ 6707129 return values from BN_new() in pk11_DH_generate_key() are not
++ checked
++ 6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
++ structure reuse
++ 6707782 OpenSSL PKCS#11 engine pretends to be aware of
++ OPENSSL_NO_{RSA,DSA,DH}
++ defines but fails miserably
++ 6709966 make check_new_*() to return values to indicate cache hit/miss
++ 6705200 pk11_dh struct initialization in PKCS#11 engine is missing
++ generate_params parameter
++ 6709513 PKCS#11 engine sets IV length even for ECB modes
++ 6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
++ PKCS#11 engine
++ 6728871 PKCS#11 engine must reset global_session in pk11_finish()
++
++- new features and enhancements:
++
++ 6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
++ 6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
++ 6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
++ ciphers and digests
++
++2007-10-15
++- update for 0.9.8f version
++- update for "6607670 teach pkcs#11 engine how to use keys be reference"
++
++2007-10-02
++- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
++- draft for "6607307 pkcs#11 engine can't read RSA private keys"
++
++2007-09-26
++- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
++ significant performance drop
++- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
++
++2007-05-25
++- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
++
++2007-05-19
++- initial patch for 0.9.8e using latest OpenSolaris code
++
++FAQs
++====
++
++(1) my build failed on Linux distro with this error:
++
++../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
++hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
++
++Answer:
++
++ - don't use "no-threads" when configuring
++ - if you didn't then OpenSSL failed to create a threaded library by
++ default. You may manually edit Configure and try again. Look for the
++ architecture that Configure printed, for example:
++
++Configured for linux-elf.
++
++ - then edit Configure, find string "linux-elf" (inluding the quotes),
++ and add flags to support threads to the 4th column of the 2nd string.
++ If you build with GCC then adding "-pthread" should be enough. With
++ "linux-elf" as an example, you would add " -pthread" right after
++ "-D_REENTRANT", like this:
++
++....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
++
++(2) I'm using MinGW/MSYS environment and get undeclared reference error for
++pthread_atfork() function when trying to build OpenSSL with the patch.
++
++Answer:
++
++ Sorry, pthread_atfork() is not implemented in the current pthread-win32
++ (as of Nov 2009). You can not use the patch there.
++
++
++Feedback
++========
++
++Please send feedback to security-discuss at opensolaris.org. The patch was
++created by Jan.Pechanec at Sun.COM from code available in OpenSolaris.
++
++Latest version should be always available on http://blogs.sun.com/janp.
++
+Index: openssl/crypto/opensslconf.h
+diff -u openssl/crypto/opensslconf.h:1.6.2.1.4.1 openssl/crypto/opensslconf.h:1.7
+--- openssl/crypto/opensslconf.h:1.6.2.1.4.1 Tue Jun 19 15:29:49 2012
++++ openssl/crypto/opensslconf.h Tue Jun 19 16:17:51 2012
+@@ -35,6 +35,9 @@
+
+ #endif /* OPENSSL_DOING_MAKEDEPEND */
+
++#ifndef OPENSSL_THREADS
++# define OPENSSL_THREADS
++#endif
+ #ifndef OPENSSL_NO_DYNAMIC_ENGINE
+ # define OPENSSL_NO_DYNAMIC_ENGINE
+ #endif
+@@ -73,6 +76,8 @@
+ # endif
+ #endif
+
++#define OPENSSL_CPUID_OBJ
++
+ /* crypto/opensslconf.h.in */
+
+ /* Generate 80386 code? */
+@@ -119,7 +124,7 @@
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+-#undef RC4_CHUNK
++#define RC4_CHUNK unsigned long
+ #endif
+ #endif
+
+@@ -127,7 +132,7 @@
+ /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+ #ifndef DES_LONG
+-#define DES_LONG unsigned long
++#define DES_LONG unsigned int
+ #endif
+ #endif
+
+@@ -138,9 +143,9 @@
+ /* Should we define BN_DIV2W here? */
+
+ /* Only one for the following should be defined */
+-#undef SIXTY_FOUR_BIT_LONG
++#define SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+-#define THIRTY_TWO_BIT
++#undef THIRTY_TWO_BIT
+ #endif
+
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+@@ -152,7 +157,7 @@
+
+ #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+ #define CONFIG_HEADER_BF_LOCL_H
+-#undef BF_PTR
++#define BF_PTR2
+ #endif /* HEADER_BF_LOCL_H */
+
+ #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+@@ -182,7 +187,7 @@
+ /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+ #ifndef DES_UNROLL
+-#undef DES_UNROLL
++#define DES_UNROLL
+ #endif
+
+ /* These default values were supplied by
+Index: openssl/crypto/bio/bss_file.c
+diff -u openssl/crypto/bio/bss_file.c:1.6.2.1 openssl/crypto/bio/bss_file.c:1.6
+--- openssl/crypto/bio/bss_file.c:1.6.2.1 Sun Jan 15 16:09:44 2012
++++ openssl/crypto/bio/bss_file.c Mon Jun 13 17:13:31 2011
+@@ -168,7 +168,7 @@
+ {
+ SYSerr(SYS_F_FOPEN,get_last_sys_error());
+ ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
+- if (errno == ENOENT)
++ if ((errno == ENOENT) || ((*mode == 'r') && (errno == EACCES)))
+ BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
+ else
+ BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+Index: openssl/crypto/engine/Makefile
+diff -u openssl/crypto/engine/Makefile:1.8.2.1.4.1 openssl/crypto/engine/Makefile:1.9
+--- openssl/crypto/engine/Makefile:1.8.2.1.4.1 Tue Jun 19 15:30:00 2012
++++ openssl/crypto/engine/Makefile Tue Jun 19 16:18:00 2012
+@@ -22,13 +22,15 @@
+ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+ tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
+- eng_rsax.c eng_rdrand.c
++ eng_rsax.c eng_rdrand.c \
++ hw_pk11.c hw_pk11_pub.c hw_pk11so.c hw_pk11so_pub.c
+ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+ eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+ tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
+- eng_rsax.o eng_rdrand.o
++ eng_rsax.o eng_rdrand.o \
++ hw_pk11.o hw_pk11_pub.o hw_pk11so.o hw_pk11so_pub.o
+
+ SRC= $(LIBSRC)
+
+@@ -294,6 +296,83 @@
+ eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+ eng_table.o: eng_table.c
++hw_pk11.o: ../../e_os.h ../../include/openssl/aes.h
++hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
++hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
++hw_pk11.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
++hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++hw_pk11.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
++hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/err.h
++hw_pk11.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
++hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
++hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++hw_pk11.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
++hw_pk11.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
++hw_pk11.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++hw_pk11.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++hw_pk11.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h hw_pk11.c
++hw_pk11.o: hw_pk11_err.c hw_pk11_err.h hw_pk11ca.h pkcs11.h pkcs11f.h pkcs11t.h
++hw_pk11_pub.o: ../../e_os.h ../../include/openssl/asn1.h
++hw_pk11_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
++hw_pk11_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
++hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
++hw_pk11_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
++hw_pk11_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
++hw_pk11_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
++hw_pk11_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
++hw_pk11_pub.o: ../../include/openssl/objects.h
++hw_pk11_pub.o: ../../include/openssl/opensslconf.h
++hw_pk11_pub.o: ../../include/openssl/opensslv.h
++hw_pk11_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
++hw_pk11_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
++hw_pk11_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
++hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++hw_pk11_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++hw_pk11_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11_pub.c hw_pk11ca.h
++hw_pk11_pub.o: pkcs11.h pkcs11f.h pkcs11t.h
++hw_pk11so.o: ../../e_os.h ../../include/openssl/asn1.h
++hw_pk11so.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
++hw_pk11so.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
++hw_pk11so.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
++hw_pk11so.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
++hw_pk11so.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
++hw_pk11so.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++hw_pk11so.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
++hw_pk11so.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++hw_pk11so.o: ../../include/openssl/opensslconf.h
++hw_pk11so.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++hw_pk11so.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
++hw_pk11so.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
++hw_pk11so.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++hw_pk11so.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++hw_pk11so.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++hw_pk11so.o: ../../include/openssl/x509_vfy.h ../cryptlib.h cryptoki.h
++hw_pk11so.o: hw_pk11_err.c hw_pk11_err.h hw_pk11so.c hw_pk11so.h pkcs11.h
++hw_pk11so.o: pkcs11f.h pkcs11t.h
++hw_pk11so_pub.o: ../../e_os.h ../../include/openssl/asn1.h
++hw_pk11so_pub.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
++hw_pk11so_pub.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
++hw_pk11so_pub.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
++hw_pk11so_pub.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
++hw_pk11so_pub.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
++hw_pk11so_pub.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++hw_pk11so_pub.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
++hw_pk11so_pub.o: ../../include/openssl/objects.h
++hw_pk11so_pub.o: ../../include/openssl/opensslconf.h
++hw_pk11so_pub.o: ../../include/openssl/opensslv.h
++hw_pk11so_pub.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
++hw_pk11so_pub.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
++hw_pk11so_pub.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
++hw_pk11so_pub.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++hw_pk11so_pub.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++hw_pk11so_pub.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++hw_pk11so_pub.o: ../cryptlib.h cryptoki.h hw_pk11_err.h hw_pk11so.h
++hw_pk11so_pub.o: hw_pk11so_pub.c pkcs11.h pkcs11f.h pkcs11t.h
+ tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
+ tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+Index: openssl/crypto/engine/cryptoki.h
+diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
+@@ -0,0 +1,103 @@
++/*
++ * CDDL HEADER START
++ *
++ * The contents of this file are subject to the terms of the
++ * Common Development and Distribution License, Version 1.0 only
++ * (the "License"). You may not use this file except in compliance
++ * with the License.
++ *
++ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
++ * or http://www.opensolaris.org/os/licensing.
++ * See the License for the specific language governing permissions
++ * and limitations under the License.
++ *
++ * When distributing Covered Code, include this CDDL HEADER in each
++ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
++ * If applicable, add the following below this CDDL HEADER, with the
++ * fields enclosed by brackets "[]" replaced with your own identifying
++ * information: Portions Copyright [yyyy] [name of copyright owner]
++ *
++ * CDDL HEADER END
++ */
++/*
++ * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++#ifndef _CRYPTOKI_H
++#define _CRYPTOKI_H
++
++/* ident "@(#)cryptoki.h 1.2 05/06/08 SMI" */
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#ifndef CK_PTR
++#define CK_PTR *
++#endif
++
++#ifndef CK_DEFINE_FUNCTION
++#define CK_DEFINE_FUNCTION(returnType, name) returnType name
++#endif
++
++#ifndef CK_DECLARE_FUNCTION
++#define CK_DECLARE_FUNCTION(returnType, name) returnType name
++#endif
++
++#ifndef CK_DECLARE_FUNCTION_POINTER
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
++#endif
++
++#ifndef CK_CALLBACK_FUNCTION
++#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
++#endif
++
++#ifndef NULL_PTR
++#include <unistd.h> /* For NULL */
++#define NULL_PTR NULL
++#endif
++
++/*
++ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
++ */
++#ifndef CK_DISABLE_TRUE_FALSE
++#define CK_DISABLE_TRUE_FALSE
++#ifndef TRUE
++#define TRUE 1
++#endif /* TRUE */
++#ifndef FALSE
++#define FALSE 0
++#endif /* FALSE */
++#endif /* CK_DISABLE_TRUE_FALSE */
++
++#undef CK_PKCS11_FUNCTION_INFO
++
++#include "pkcs11.h"
++
++/* Solaris specific functions */
++
++#include <stdlib.h>
++
++/*
++ * SUNW_C_GetMechSession will initialize the framework and do all
++ * the necessary PKCS#11 calls to create a session capable of
++ * providing operations on the requested mechanism
++ */
++CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
++ CK_SESSION_HANDLE_PTR hSession);
++
++/*
++ * SUNW_C_KeyToObject will create a secret key object for the given
++ * mechanism from the rawkey data.
++ */
++CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
++ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
++ CK_OBJECT_HANDLE_PTR obj);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* _CRYPTOKI_H */
+Index: openssl/crypto/engine/eng_all.c
+diff -u openssl/crypto/engine/eng_all.c:1.5.2.1.4.1 openssl/crypto/engine/eng_all.c:1.6
+--- openssl/crypto/engine/eng_all.c:1.5.2.1.4.1 Tue Jun 19 15:30:00 2012
++++ openssl/crypto/engine/eng_all.c Tue Jun 19 16:18:00 2012
+@@ -119,6 +119,14 @@
+ #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ ENGINE_load_capi();
+ #endif
++#ifndef OPENSSL_NO_HW_PKCS11
++#ifndef OPENSSL_NO_HW_PKCS11CA
++ ENGINE_load_pk11ca();
++#endif
++#ifndef OPENSSL_NO_HW_PKCS11SO
++ ENGINE_load_pk11so();
++#endif
++#endif
+ #endif
+ ENGINE_register_all_complete();
+ }
+Index: openssl/crypto/engine/engine.h
+diff -u openssl/crypto/engine/engine.h:1.5.2.1.4.1 openssl/crypto/engine/engine.h:1.6
+--- openssl/crypto/engine/engine.h:1.5.2.1.4.1 Tue Jun 19 15:30:00 2012
++++ openssl/crypto/engine/engine.h Tue Jun 19 16:18:00 2012
+@@ -343,6 +343,12 @@
+ void ENGINE_load_ubsec(void);
+ void ENGINE_load_padlock(void);
+ void ENGINE_load_capi(void);
++#ifndef OPENSSL_NO_HW_PKCS11CA
++void ENGINE_load_pk11ca(void);
++#endif
++#ifndef OPENSSL_NO_HW_PKCS11SO
++void ENGINE_load_pk11so(void);
++#endif
+ #ifndef OPENSSL_NO_GMP
+ void ENGINE_load_gmp(void);
+ #endif
+Index: openssl/crypto/engine/hw_pk11.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.33
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11.c Fri Oct 4 14:07:41 2013
+@@ -0,0 +1,4010 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/md5.h>
++#include <openssl/pem.h>
++#ifndef OPENSSL_NO_RSA
++#include <openssl/rsa.h>
++#endif
++#ifndef OPENSSL_NO_DSA
++#include <openssl/dsa.h>
++#endif
++#ifndef OPENSSL_NO_DH
++#include <openssl/dh.h>
++#endif
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++#include <openssl/aes.h>
++#include <openssl/des.h>
++
++#ifdef OPENSSL_SYS_WIN32
++typedef int pid_t;
++#define getpid() GetCurrentProcessId()
++#define NOPTHREADS
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <signal.h>
++#include <unistd.h>
++#include <dlfcn.h>
++#endif
++
++/* Debug mutexes */
++/*#undef DEBUG_MUTEX */
++#define DEBUG_MUTEX
++
++#ifndef NOPTHREADS
++/* for pthread error check on Linuxes */
++#ifdef DEBUG_MUTEX
++#define __USE_UNIX98
++#endif
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11CA
++
++/* label for debug messages printed on stderr */
++#define PK11_DBG "PKCS#11 ENGINE DEBUG"
++/* prints a lot of debug messages on stderr about slot selection process */
++/* #undef DEBUG_SLOT_SELECTION */
++/*
++ * Solaris specific code. See comment at check_hw_mechanisms() for more
++ * information.
++ */
++#if defined(__SVR4) && defined(__sun)
++#undef SOLARIS_HW_SLOT_SELECTION
++#endif
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11ca.h"
++#include "hw_pk11_err.c"
++
++/*
++ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
++ * uri_struct manipulation, and static token info. All of that is used by the
++ * RSA keys by reference feature.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *token_lock;
++#endif
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++/*
++ * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
++ * library. See comment at check_hw_mechanisms() for more information.
++ */
++static int *hw_cnids;
++static int *hw_dnids;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++/* PKCS#11 session caches and their locks for all operation types */
++static PK11_CACHE session_cache[OP_MAX];
++
++/*
++ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
++ * logging into the token.
++ */
++CK_FLAGS pubkey_token_flags;
++
++/*
++ * As stated in v2.20, 11.7 Object Management Function, in section for
++ * C_FindObjectsInit(), at most one search operation may be active at a given
++ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
++ * grouped together to form one atomic search operation. This is already
++ * ensured by the property of unique PKCS#11 session handle used for each
++ * PK11_SESSION object.
++ *
++ * This is however not the biggest concern - maintaining consistency of the
++ * underlying object store is more important. The same section of the spec also
++ * says that one thread can be in the middle of a search operation while another
++ * thread destroys the object matching the search template which would result in
++ * invalid handle returned from the search operation.
++ *
++ * Hence, the following locks are used for both protection of the object stores.
++ * They are also used for active list protection.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *find_lock[OP_MAX] = { NULL };
++#endif
++
++/*
++ * lists of asymmetric key handles which are active (referenced by at least one
++ * PK11_SESSION structure, either held by a thread or present in free_session
++ * list) for given algorithm type
++ */
++PK11_active *active_list[OP_MAX] = { NULL };
++
++/*
++ * Create all secret key objects in a global session so that they are available
++ * to use for other sessions. These other sessions may be opened or closed
++ * without losing the secret key objects.
++ */
++static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
++
++/* ENGINE level stuff */
++static int pk11_init(ENGINE *e);
++static int pk11_library_init(ENGINE *e);
++static int pk11_finish(ENGINE *e);
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
++static int pk11_destroy(ENGINE *e);
++
++/* RAND stuff */
++static void pk11_rand_seed(const void *buf, int num);
++static void pk11_rand_add(const void *buf, int num, double add_entropy);
++static void pk11_rand_cleanup(void);
++static int pk11_rand_bytes(unsigned char *buf, int num);
++static int pk11_rand_status(void);
++
++/* These functions are also used in other files */
++PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++
++/* active list manipulation functions used in this file */
++extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
++extern void pk11_free_active_list(PK11_OPTYPE type);
++
++#ifndef OPENSSL_NO_RSA
++int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++#endif
++#ifndef OPENSSL_NO_DSA
++int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++#endif
++#ifndef OPENSSL_NO_DH
++int pk11_destroy_dh_key_objects(PK11_SESSION *session);
++int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
++#endif
++
++/* Local helper functions */
++static int pk11_free_all_sessions(void);
++static int pk11_free_session_list(PK11_OPTYPE optype);
++static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
++static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent);
++static const char *get_PK11_LIBNAME(void);
++static void free_PK11_LIBNAME(void);
++static long set_PK11_LIBNAME(const char *name);
++
++/* Symmetric cipher and digest support functions */
++static int cipher_nid_to_pk11(int nid);
++static int pk11_usable_ciphers(const int **nids);
++static int pk11_usable_digests(const int **nids);
++static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc);
++static int pk11_cipher_final(PK11_SESSION *sp);
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, unsigned int inl);
++#else
++static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl);
++#endif
++static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
++static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid);
++static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
++ const int **nids, int nid);
++static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
++static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
++ int key_len);
++static int md_nid_to_pk11(int nid);
++static int pk11_digest_init(EVP_MD_CTX *ctx);
++static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
++ size_t count);
++static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
++static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
++static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
++
++static int pk11_choose_slots(int *any_slot_found);
++static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_cipher,
++ int *local_cipher_nids);
++static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_digest,
++ int *local_digest_nids);
++static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
++ int id);
++static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
++ int id);
++
++static int pk11_init_all_locks(void);
++static void pk11_free_all_locks(void);
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++static int check_hw_mechanisms(void);
++static int nid_in_table(int nid, int *nid_table);
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++/* Index for the supported ciphers */
++enum pk11_cipher_id {
++ PK11_DES_CBC,
++ PK11_DES3_CBC,
++ PK11_DES_ECB,
++ PK11_DES3_ECB,
++ PK11_RC4,
++ PK11_AES_128_CBC,
++ PK11_AES_192_CBC,
++ PK11_AES_256_CBC,
++ PK11_AES_128_ECB,
++ PK11_AES_192_ECB,
++ PK11_AES_256_ECB,
++ PK11_AES_128_CTR,
++ PK11_AES_192_CTR,
++ PK11_AES_256_CTR,
++ PK11_BLOWFISH_CBC,
++ PK11_CIPHER_MAX
++};
++
++/* Index for the supported digests */
++enum pk11_digest_id {
++ PK11_MD5,
++ PK11_SHA1,
++ PK11_SHA224,
++ PK11_SHA256,
++ PK11_SHA384,
++ PK11_SHA512,
++ PK11_DIGEST_MAX
++};
++
++#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
++ { \
++ if (uselock) \
++ LOCK_OBJSTORE(alg_type); \
++ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
++ { \
++ retval = pk11_destroy_object(sp->session, obj_hdl, \
++ priv ? sp->priv_persistent : sp->pub_persistent); \
++ } \
++ if (uselock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ }
++
++static int cipher_nids[PK11_CIPHER_MAX];
++static int digest_nids[PK11_DIGEST_MAX];
++static int cipher_count = 0;
++static int digest_count = 0;
++static CK_BBOOL pk11_have_rsa = CK_FALSE;
++static CK_BBOOL pk11_have_recover = CK_FALSE;
++static CK_BBOOL pk11_have_dsa = CK_FALSE;
++static CK_BBOOL pk11_have_dh = CK_FALSE;
++static CK_BBOOL pk11_have_random = CK_FALSE;
++
++typedef struct PK11_CIPHER_st
++ {
++ enum pk11_cipher_id id;
++ int nid;
++ int iv_len;
++ int min_key_len;
++ int max_key_len;
++ CK_KEY_TYPE key_type;
++ CK_MECHANISM_TYPE mech_type;
++ } PK11_CIPHER;
++
++static PK11_CIPHER ciphers[] =
++ {
++ { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
++ CKK_DES, CKM_DES_CBC, },
++ { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
++ CKK_DES3, CKM_DES3_CBC, },
++ { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
++ CKK_DES, CKM_DES_ECB, },
++ { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
++ CKK_DES3, CKM_DES3_ECB, },
++ { PK11_RC4, NID_rc4, 0, 16, 256,
++ CKK_RC4, CKM_RC4, },
++ { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
++ CKK_AES, CKM_AES_CBC, },
++ { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
++ CKK_AES, CKM_AES_ECB, },
++ { PK11_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16,
++ CKK_AES, CKM_AES_CTR, },
++ { PK11_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24,
++ CKK_AES, CKM_AES_CTR, },
++ { PK11_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32,
++ CKK_AES, CKM_AES_CTR, },
++ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
++ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
++ };
++
++typedef struct PK11_DIGEST_st
++ {
++ enum pk11_digest_id id;
++ int nid;
++ CK_MECHANISM_TYPE mech_type;
++ } PK11_DIGEST;
++
++static PK11_DIGEST digests[] =
++ {
++ {PK11_MD5, NID_md5, CKM_MD5, },
++ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
++ {PK11_SHA224, NID_sha224, CKM_SHA224, },
++ {PK11_SHA256, NID_sha256, CKM_SHA256, },
++ {PK11_SHA384, NID_sha384, CKM_SHA384, },
++ {PK11_SHA512, NID_sha512, CKM_SHA512, },
++ {0, NID_undef, 0xFFFF, },
++ };
++
++/*
++ * Structure to be used for the cipher_data/md_data in
++ * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
++ * session in multiple cipher_update calls
++ */
++typedef struct PK11_CIPHER_STATE_st
++ {
++ PK11_SESSION *sp;
++ } PK11_CIPHER_STATE;
++
++
++/*
++ * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
++ * called when libcrypto requests a cipher NID.
++ *
++ * Note how the PK11_CIPHER_STATE is used here.
++ */
++
++/* DES CBC EVP */
++static const EVP_CIPHER pk11_des_cbc =
++ {
++ NID_des_cbc,
++ 8, 8, 8,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/* 3DES CBC EVP */
++static const EVP_CIPHER pk11_3des_cbc =
++ {
++ NID_des_ede3_cbc,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/*
++ * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
++ * get_asn1_parameters fields are set to NULL.
++ */
++static const EVP_CIPHER pk11_des_ecb =
++ {
++ NID_des_ecb,
++ 8, 8, 8,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_3des_ecb =
++ {
++ NID_des_ede3_ecb,
++ 8, 24, 8,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++
++static const EVP_CIPHER pk11_aes_128_cbc =
++ {
++ NID_aes_128_cbc,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_192_cbc =
++ {
++ NID_aes_192_cbc,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_256_cbc =
++ {
++ NID_aes_256_cbc,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++/*
++ * ECB modes don't use IV so that's why set_asn1_parameters and
++ * get_asn1_parameters are set to NULL.
++ */
++static const EVP_CIPHER pk11_aes_128_ecb =
++ {
++ NID_aes_128_ecb,
++ 16, 16, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_192_ecb =
++ {
++ NID_aes_192_ecb,
++ 16, 24, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_256_ecb =
++ {
++ NID_aes_256_ecb,
++ 16, 32, 0,
++ EVP_CIPH_ECB_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_128_ctr =
++ {
++ NID_aes_128_ctr,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_192_ctr =
++ {
++ NID_aes_192_ctr,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_aes_256_ctr =
++ {
++ NID_aes_256_ctr,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_bf_cbc =
++ {
++ NID_bf_cbc,
++ 8, 16, 8,
++ EVP_CIPH_VARIABLE_LENGTH,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++ };
++
++static const EVP_CIPHER pk11_rc4 =
++ {
++ NID_rc4,
++ 1, 16, 0,
++ EVP_CIPH_VARIABLE_LENGTH,
++ pk11_cipher_init,
++ pk11_cipher_do_cipher,
++ pk11_cipher_cleanup,
++ sizeof (PK11_CIPHER_STATE),
++ NULL,
++ NULL,
++ NULL
++ };
++
++static const EVP_MD pk11_md5 =
++ {
++ NID_md5,
++ NID_md5WithRSAEncryption,
++ MD5_DIGEST_LENGTH,
++ 0,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ MD5_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha1 =
++ {
++ NID_sha1,
++ NID_sha1WithRSAEncryption,
++ SHA_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha224 =
++ {
++ NID_sha224,
++ NID_sha224WithRSAEncryption,
++ SHA224_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ /* SHA-224 uses the same cblock size as SHA-256 */
++ SHA256_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha256 =
++ {
++ NID_sha256,
++ NID_sha256WithRSAEncryption,
++ SHA256_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA256_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha384 =
++ {
++ NID_sha384,
++ NID_sha384WithRSAEncryption,
++ SHA384_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ /* SHA-384 uses the same cblock size as SHA-512 */
++ SHA512_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++static const EVP_MD pk11_sha512 =
++ {
++ NID_sha512,
++ NID_sha512WithRSAEncryption,
++ SHA512_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++ pk11_digest_init,
++ pk11_digest_update,
++ pk11_digest_final,
++ pk11_digest_copy,
++ pk11_digest_cleanup,
++ EVP_PKEY_RSA_method,
++ SHA512_CBLOCK,
++ sizeof (PK11_CIPHER_STATE),
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * The definitions for control commands specific to this engine
++ */
++#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
++#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
++#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
++static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
++ {
++ {
++ PK11_CMD_SO_PATH,
++ "SO_PATH",
++ "Specifies the path to the 'pkcs#11' shared library",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_PIN,
++ "PIN",
++ "Specifies the pin code",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_SLOT,
++ "SLOT",
++ "Specifies the slot (default is auto select)",
++ ENGINE_CMD_FLAG_NUMERIC,
++ },
++ {0, NULL, NULL, 0}
++ };
++
++
++static RAND_METHOD pk11_random =
++ {
++ pk11_rand_seed,
++ pk11_rand_bytes,
++ pk11_rand_cleanup,
++ pk11_rand_add,
++ pk11_rand_bytes,
++ pk11_rand_status
++ };
++
++
++/* Constants used when creating the ENGINE */
++#ifdef OPENSSL_NO_HW_PK11SO
++#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
++#endif
++static const char *engine_pk11_id = "pkcs11";
++static const char *engine_pk11_name =
++ "PKCS #11 engine support (crypto accelerator)";
++
++CK_FUNCTION_LIST_PTR pFuncList = NULL;
++static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
++
++/*
++ * This is a static string constant for the DSO file name and the function
++ * symbol names to bind to. We set it in the Configure script based on whether
++ * this is 32 or 64 bit build.
++ */
++static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
++CK_SLOT_ID pubkey_SLOTID = 0;
++static CK_SLOT_ID rand_SLOTID = 0;
++static CK_SLOT_ID SLOTID = 0;
++char *pk11_pin = NULL;
++static CK_BBOOL pk11_library_initialized = FALSE;
++static CK_BBOOL pk11_atfork_initialized = FALSE;
++static int pk11_pid = 0;
++
++static DSO *pk11_dso = NULL;
++
++/* allocate and initialize all locks used by the engine itself */
++static int pk11_init_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++ pthread_mutexattr_t attr;
++
++ if (pthread_mutexattr_init(&attr) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 100);
++ return (0);
++ }
++
++#ifdef DEBUG_MUTEX
++ if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 101);
++ return (0);
++ }
++#endif
++
++ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(token_lock, &attr);
++
++#ifndef OPENSSL_NO_RSA
++ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_RSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_RSA], &attr);
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++ find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_DSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_DSA], &attr);
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++ find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_DH] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_DH], &attr);
++#endif /* OPENSSL_NO_DH */
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ session_cache[type].lock =
++ OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (session_cache[type].lock == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(session_cache[type].lock, &attr);
++ }
++
++ return (1);
++
++malloc_err:
++ pk11_free_all_locks();
++ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
++ return (0);
++#else
++ return (1);
++#endif
++ }
++
++static void pk11_free_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++
++ if (token_lock != NULL)
++ {
++ (void) pthread_mutex_destroy(token_lock);
++ OPENSSL_free(token_lock);
++ token_lock = NULL;
++ }
++
++#ifndef OPENSSL_NO_RSA
++ if (find_lock[OP_RSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
++ OPENSSL_free(find_lock[OP_RSA]);
++ find_lock[OP_RSA] = NULL;
++ }
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ if (find_lock[OP_DSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_DSA]);
++ OPENSSL_free(find_lock[OP_DSA]);
++ find_lock[OP_DSA] = NULL;
++ }
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ if (find_lock[OP_DH] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_DH]);
++ OPENSSL_free(find_lock[OP_DH]);
++ find_lock[OP_DH] = NULL;
++ }
++#endif /* OPENSSL_NO_DH */
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (session_cache[type].lock != NULL)
++ {
++ (void) pthread_mutex_destroy(session_cache[type].lock);
++ OPENSSL_free(session_cache[type].lock);
++ session_cache[type].lock = NULL;
++ }
++ }
++#endif
++ }
++
++/*
++ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
++ */
++static int bind_pk11(ENGINE *e)
++ {
++#ifndef OPENSSL_NO_RSA
++ const RSA_METHOD *rsa = NULL;
++ RSA_METHOD *pk11_rsa = PK11_RSA();
++#endif /* OPENSSL_NO_RSA */
++ if (!pk11_library_initialized)
++ if (!pk11_library_init(e))
++ return (0);
++
++ if (!ENGINE_set_id(e, engine_pk11_id) ||
++ !ENGINE_set_name(e, engine_pk11_name) ||
++ !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
++ !ENGINE_set_digests(e, pk11_engine_digests))
++ return (0);
++#ifndef OPENSSL_NO_RSA
++ if (pk11_have_rsa == CK_TRUE)
++ {
++ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
++ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
++ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ if (pk11_have_dsa == CK_TRUE)
++ {
++ if (!ENGINE_set_DSA(e, PK11_DSA()))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ if (pk11_have_dh == CK_TRUE)
++ {
++ if (!ENGINE_set_DH(e, PK11_DH()))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered DH\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++#endif /* OPENSSL_NO_DH */
++ if (pk11_have_random)
++ {
++ if (!ENGINE_set_RAND(e, &pk11_random))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered random\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++ if (!ENGINE_set_init_function(e, pk11_init) ||
++ !ENGINE_set_destroy_function(e, pk11_destroy) ||
++ !ENGINE_set_finish_function(e, pk11_finish) ||
++ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
++ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
++ return (0);
++
++/*
++ * Apache calls OpenSSL function RSA_blinding_on() once during startup
++ * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
++ * here, we wire it back to the OpenSSL software implementation.
++ * Since it is used only once, performance is not a concern.
++ */
++#ifndef OPENSSL_NO_RSA
++ rsa = RSA_PKCS1_SSLeay();
++ pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
++ pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
++ if (pk11_have_recover != CK_TRUE)
++ pk11_rsa->rsa_pub_dec = rsa->rsa_pub_dec;
++#endif /* OPENSSL_NO_RSA */
++
++ /* Ensure the pk11 error handling is set up */
++ ERR_load_pk11_strings();
++
++ return (1);
++ }
++
++/* Dynamic engine support is disabled at a higher level for Solaris */
++#ifdef ENGINE_DYNAMIC_SUPPORT
++#error "dynamic engine not supported"
++static int bind_helper(ENGINE *e, const char *id)
++ {
++ if (id && (strcmp(id, engine_pk11_id) != 0))
++ return (0);
++
++ if (!bind_pk11(e))
++ return (0);
++
++ return (1);
++ }
++
++IMPLEMENT_DYNAMIC_CHECK_FN()
++IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
++
++#else
++static ENGINE *engine_pk11(void)
++ {
++ ENGINE *ret = ENGINE_new();
++
++ if (!ret)
++ return (NULL);
++
++ if (!bind_pk11(ret))
++ {
++ ENGINE_free(ret);
++ return (NULL);
++ }
++
++ return (ret);
++ }
++
++void
++ENGINE_load_pk11(void)
++ {
++ ENGINE *e_pk11 = NULL;
++
++ /*
++ * Do not use dynamic PKCS#11 library on Solaris due to
++ * security reasons. We will link it in statically.
++ */
++ /* Attempt to load PKCS#11 library */
++ if (!pk11_dso)
++ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
++ return;
++ }
++
++ e_pk11 = engine_pk11();
++ if (!e_pk11)
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ return;
++ }
++
++ /*
++ * At this point, the pk11 shared library is either dynamically
++ * loaded or statically linked in. So, initialize the pk11
++ * library before calling ENGINE_set_default since the latter
++ * needs cipher and digest algorithm information
++ */
++ if (!pk11_library_init(e_pk11))
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ ENGINE_free(e_pk11);
++ return;
++ }
++
++ ENGINE_add(e_pk11);
++
++ ENGINE_free(e_pk11);
++ ERR_clear_error();
++ }
++#endif /* ENGINE_DYNAMIC_SUPPORT */
++
++/*
++ * These are the static string constants for the DSO file name and
++ * the function symbol names to bind to.
++ */
++static const char *PK11_LIBNAME = NULL;
++
++static const char *get_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ return (PK11_LIBNAME);
++
++ return (def_PK11_LIBNAME);
++ }
++
++static void free_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ OPENSSL_free((void*)PK11_LIBNAME);
++
++ PK11_LIBNAME = NULL;
++ }
++
++static long set_PK11_LIBNAME(const char *name)
++ {
++ free_PK11_LIBNAME();
++
++ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
++ }
++
++/* acquire all engine specific mutexes before fork */
++static void pk11_fork_prepare(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ LOCK_OBJSTORE(OP_RSA);
++ LOCK_OBJSTORE(OP_DSA);
++ LOCK_OBJSTORE(OP_DH);
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++ for (i = 0; i < OP_MAX; i++)
++ {
++ OPENSSL_assert(pthread_mutex_lock(session_cache[i].lock) == 0);
++ }
++#endif
++ }
++
++/* release all engine specific mutexes */
++static void pk11_fork_parent(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_DH);
++ UNLOCK_OBJSTORE(OP_DSA);
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/*
++ * same situation as in parent - we need to unlock all locks to make them
++ * accessible to all threads.
++ */
++static void pk11_fork_child(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_DH);
++ UNLOCK_OBJSTORE(OP_DSA);
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/* Initialization function for the pk11 engine */
++static int pk11_init(ENGINE *e)
++{
++ return (pk11_library_init(e));
++}
++
++static CK_C_INITIALIZE_ARGS pk11_init_args =
++ {
++ NULL_PTR, /* CreateMutex */
++ NULL_PTR, /* DestroyMutex */
++ NULL_PTR, /* LockMutex */
++ NULL_PTR, /* UnlockMutex */
++ CKF_OS_LOCKING_OK, /* flags */
++ NULL_PTR, /* pReserved */
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * It selects a slot based on predefined critiera. In the process, it also
++ * count how many ciphers and digests to support. Since the cipher and
++ * digest information is needed when setting default engine, this function
++ * needs to be called before calling ENGINE_set_default.
++ */
++/* ARGSUSED */
++static int pk11_library_init(ENGINE *e)
++ {
++ CK_C_GetFunctionList p;
++ CK_RV rv = CKR_OK;
++ CK_INFO info;
++ CK_ULONG ul_state_len;
++ int any_slot_found;
++ int i;
++#ifndef OPENSSL_SYS_WIN32
++ struct sigaction sigint_act, sigterm_act, sighup_act;
++#endif
++
++ /*
++ * pk11_library_initialized is set to 0 in pk11_finish() which
++ * is called from ENGINE_finish(). However, if there is still
++ * at least one existing functional reference to the engine
++ * (see engine(3) for more information), pk11_finish() is
++ * skipped. For example, this can happen if an application
++ * forgets to clear one cipher context. In case of a fork()
++ * when the application is finishing the engine so that it can
++ * be reinitialized in the child, forgotten functional
++ * reference causes pk11_library_initialized to stay 1. In
++ * that case we need the PID check so that we properly
++ * initialize the engine again.
++ */
++ if (pk11_library_initialized)
++ {
++ if (pk11_pid == getpid())
++ {
++ return (1);
++ }
++ else
++ {
++ global_session = CK_INVALID_HANDLE;
++ /*
++ * free the locks first to prevent memory leak in case
++ * the application calls fork() without finishing the
++ * engine first.
++ */
++ pk11_free_all_locks();
++ }
++ }
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (check_hw_mechanisms() == 0)
++ goto err;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++ /* get the C_GetFunctionList function from the loaded library */
++ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
++ PK11_GET_FUNCTION_LIST);
++ if (!p)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ rv = p(&pFuncList);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
++ goto err;
++ }
++
++#ifndef OPENSSL_SYS_WIN32
++ /* Not all PKCS#11 library are signal safe! */
++
++ (void) memset(&sigint_act, 0, sizeof(sigint_act));
++ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
++ (void) memset(&sighup_act, 0, sizeof(sighup_act));
++ (void) sigaction(SIGINT, NULL, &sigint_act);
++ (void) sigaction(SIGTERM, NULL, &sigterm_act);
++ (void) sigaction(SIGHUP, NULL, &sighup_act);
++#endif
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++#ifndef OPENSSL_SYS_WIN32
++ (void) sigaction(SIGINT, &sigint_act, NULL);
++ (void) sigaction(SIGTERM, &sigterm_act, NULL);
++ (void) sigaction(SIGHUP, &sighup_act, NULL);
++#endif
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetInfo(&info);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
++ goto err;
++ }
++
++ if (pk11_choose_slots(&any_slot_found) == 0)
++ goto err;
++
++ /*
++ * The library we use, set in def_PK11_LIBNAME, may not offer any
++ * slot(s). In that case, we must not proceed but we must not return an
++ * error. The reason is that applications that try to set up the PKCS#11
++ * engine don't exit on error during the engine initialization just
++ * because no slot was present.
++ */
++ if (any_slot_found == 0)
++ return (1);
++
++ if (global_session == CK_INVALID_HANDLE)
++ {
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT,
++ PK11_R_OPENSESSION, rv);
++ goto err;
++ }
++ }
++
++ /*
++ * Disable digest if C_GetOperationState is not supported since
++ * this function is required by OpenSSL digest copy function
++ */
++ /* Keyper fails to return CKR_FUNCTION_NOT_SUPPORTED */
++ if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
++ != CKR_OK) {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: C_GetOperationState() not supported, "
++ "setting digest_count to 0\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ digest_count = 0;
++ }
++
++ pk11_library_initialized = TRUE;
++ pk11_pid = getpid();
++ /*
++ * if initialization of the locks fails pk11_init_all_locks()
++ * will do the cleanup.
++ */
++ if (!pk11_init_all_locks())
++ goto err;
++ for (i = 0; i < OP_MAX; i++)
++ session_cache[i].head = NULL;
++ /*
++ * initialize active lists. We only use active lists
++ * for asymmetric ciphers.
++ */
++ for (i = 0; i < OP_MAX; i++)
++ active_list[i] = NULL;
++
++#ifndef NOPTHREADS
++ if (!pk11_atfork_initialized)
++ {
++ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
++ pk11_fork_child) != 0)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
++ goto err;
++ }
++ pk11_atfork_initialized = TRUE;
++ }
++#endif
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Destructor (complements the "ENGINE_pk11()" constructor) */
++/* ARGSUSED */
++static int pk11_destroy(ENGINE *e)
++ {
++ free_PK11_LIBNAME();
++ ERR_unload_pk11_strings();
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++ return (1);
++ }
++
++/*
++ * Termination function to clean up the session, the token, and the pk11
++ * library.
++ */
++/* ARGSUSED */
++static int pk11_finish(ENGINE *e)
++ {
++ int i;
++
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
++ goto err;
++ }
++
++ OPENSSL_assert(pFuncList != NULL);
++
++ if (pk11_free_all_sessions() == 0)
++ goto err;
++
++ /* free all active lists */
++ for (i = 0; i < OP_MAX; i++)
++ pk11_free_active_list(i);
++
++ pFuncList->C_CloseSession(global_session);
++ global_session = CK_INVALID_HANDLE;
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects.
++ */
++#if 0
++ pFuncList->C_Finalize(NULL);
++#endif
++
++ if (!DSO_free(pk11_dso))
++ {
++ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++ pk11_dso = NULL;
++ pFuncList = NULL;
++ pk11_library_initialized = FALSE;
++ pk11_pid = 0;
++ /*
++ * There is no way how to unregister atfork handlers (other than
++ * unloading the library) so we just free the locks. For this reason
++ * the atfork handlers check if the engine is initialized and bail out
++ * immediately if not. This is necessary in case a process finishes
++ * the engine before calling fork().
++ */
++ pk11_free_all_locks();
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Standard engine interface function to set the dynamic library path */
++/* ARGSUSED */
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
++ {
++ int initialized = ((pk11_dso == NULL) ? 0 : 1);
++
++ switch (cmd)
++ {
++ case PK11_CMD_SO_PATH:
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ if (initialized)
++ {
++ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
++ return (0);
++ }
++
++ return (set_PK11_LIBNAME((const char *)p));
++ case PK11_CMD_PIN:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ pk11_pin = BUF_strdup(p);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ return (1);
++ case PK11_CMD_SLOT:
++ SLOTID = (CK_SLOT_ID)i;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: slot set\n", PK11_DBG);
++#endif
++ return (1);
++ default:
++ break;
++ }
++
++ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
++
++ return (0);
++ }
++
++
++/* Required function by the engine random interface. It does nothing here */
++static void pk11_rand_cleanup(void)
++ {
++ return;
++ }
++
++/* ARGSUSED */
++static void pk11_rand_add(const void *buf, int num, double add)
++ {
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return;
++
++ /*
++ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
++ * the calling functions do not care anyway
++ */
++ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
++ pk11_return_session(sp, OP_RAND);
++
++ return;
++ }
++
++static void pk11_rand_seed(const void *buf, int num)
++ {
++ pk11_rand_add(buf, num, 0);
++ }
++
++static int pk11_rand_bytes(unsigned char *buf, int num)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return (0);
++
++ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
++ pk11_return_session(sp, OP_RAND);
++ return (0);
++ }
++
++ pk11_return_session(sp, OP_RAND);
++ return (1);
++ }
++
++/* Required function by the engine random interface. It does nothing here */
++static int pk11_rand_status(void)
++ {
++ return (1);
++ }
++
++/* Free all BIGNUM structures from PK11_SESSION. */
++static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ switch (optype)
++ {
++#ifndef OPENSSL_NO_RSA
++ case OP_RSA:
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++ break;
++#endif
++#ifndef OPENSSL_NO_DSA
++ case OP_DSA:
++ if (sp->opdata_dsa_pub_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_pub_num);
++ sp->opdata_dsa_pub_num = NULL;
++ }
++ if (sp->opdata_dsa_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_priv_num);
++ sp->opdata_dsa_priv_num = NULL;
++ }
++ break;
++#endif
++#ifndef OPENSSL_NO_DH
++ case OP_DH:
++ if (sp->opdata_dh_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dh_priv_num);
++ sp->opdata_dh_priv_num = NULL;
++ }
++ break;
++#endif
++ default:
++ break;
++ }
++ }
++
++/*
++ * Get new PK11_SESSION structure ready for use. Every process must have
++ * its own freelist of PK11_SESSION structures so handle fork() here
++ * by destroying the old and creating new freelist.
++ * The returned PK11_SESSION structure is disconnected from the freelist.
++ */
++PK11_SESSION *
++pk11_get_session(PK11_OPTYPE optype)
++ {
++ PK11_SESSION *sp = NULL, *sp1, *freelist;
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock = NULL;
++#endif
++ static pid_t pid = 0;
++ pid_t new_pid;
++ CK_RV rv;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (NULL);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ /*
++ * Will use it to find out if we forked. We cannot use the PID field in
++ * the session structure because we could get a newly allocated session
++ * here, with no PID information.
++ */
++ if (pid == 0)
++ pid = getpid();
++
++ freelist = session_cache[optype].head;
++ sp = freelist;
++
++ /*
++ * If the free list is empty, allocate new unitialized (filled
++ * with zeroes) PK11_SESSION structure otherwise return first
++ * structure from the freelist.
++ */
++ if (sp == NULL)
++ {
++ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ (void) memset(sp, 0, sizeof (PK11_SESSION));
++
++ /*
++ * It is a new session so it will look like a cache miss to the
++ * code below. So, we must not try to to destroy its members so
++ * mark them as unused.
++ */
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ }
++ else
++ {
++ freelist = sp->next;
++ }
++
++ /*
++ * Check whether we have forked. In that case, we must get rid of all
++ * inherited sessions and start allocating new ones.
++ */
++ if (pid != (new_pid = getpid()))
++ {
++ pid = new_pid;
++
++ /*
++ * We are a new process and thus need to free any inherited
++ * PK11_SESSION objects aside from the first session (sp) which
++ * is the only PK11_SESSION structure we will reuse (for the
++ * head of the list).
++ */
++ while ((sp1 = freelist) != NULL)
++ {
++ freelist = sp1->next;
++ /*
++ * NOTE: we do not want to call pk11_free_all_sessions()
++ * here because it would close underlying PKCS#11
++ * sessions and destroy all objects.
++ */
++ pk11_free_nums(sp1, optype);
++ OPENSSL_free(sp1);
++ }
++
++ /* we have to free the active list as well. */
++ pk11_free_active_list(optype);
++
++ /* Initialize the process */
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * Choose slot here since the slot table is different on this
++ * process. If we are here then we must have found at least one
++ * usable slot before so we don't need to check any_slot_found.
++ * See pk11_library_init()'s usage of this function for more
++ * information.
++ */
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (check_hw_mechanisms() == 0)
++ goto err;
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ if (pk11_choose_slots(NULL) == 0)
++ goto err;
++
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * It is an inherited session from our parent so it needs
++ * re-initialization.
++ */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++ if (pk11_token_relogin(sp->session) == 0)
++ {
++ /*
++ * We will keep the session in the cache list and let
++ * the caller cope with the situation.
++ */
++ freelist = sp;
++ sp = NULL;
++ goto err;
++ }
++ }
++
++ if (sp->pid == 0)
++ {
++ /* It is a new session and needs initialization. */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ }
++ }
++
++ /* set new head for the list of PK11_SESSION objects */
++ session_cache[optype].head = freelist;
++
++err:
++ if (sp != NULL)
++ sp->next = NULL;
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (sp);
++ }
++
++
++void
++pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ PK11_SESSION *freelist;
++
++ /*
++ * If this is a session from the parent it will be taken care of and
++ * freed in pk11_get_session() as part of the post-fork clean up the
++ * next time we will ask for a new session.
++ */
++ if (sp == NULL || sp->pid != getpid())
++ return;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_RETURN_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return;
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ sp->next = freelist;
++ session_cache[optype].head = sp;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++
++
++/* Destroy all objects. This function is called when the engine is finished */
++static int pk11_free_all_sessions()
++ {
++ int ret = 1;
++ int type;
++
++#ifndef OPENSSL_NO_RSA
++ (void) pk11_destroy_rsa_key_objects(NULL);
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ (void) pk11_destroy_dsa_key_objects(NULL);
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ (void) pk11_destroy_dh_key_objects(NULL);
++#endif /* OPENSSL_NO_DH */
++ (void) pk11_destroy_cipher_key_objects(NULL);
++
++ /*
++ * We try to release as much as we can but any error means that we will
++ * return 0 on exit.
++ */
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (pk11_free_session_list(type) == 0)
++ ret = 0;
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy session structures from the linked list specified. Free as many
++ * sessions as possible but any failure in C_CloseSession() means that we
++ * return an error on return.
++ */
++static int pk11_free_session_list(PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *freelist = NULL;
++ pid_t mypid = getpid();
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ int ret = 1;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ while ((sp = freelist) != NULL)
++ {
++ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
++ {
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_CLOSESESSION, rv);
++ ret = 0;
++ }
++ }
++ freelist = sp->next;
++ pk11_free_nums(sp, optype);
++ OPENSSL_free(sp);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (ret);
++ }
++
++
++static int
++pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ CK_SLOT_ID myslot;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ myslot = pubkey_SLOTID;
++ break;
++ case OP_RAND:
++ myslot = rand_SLOTID;
++ break;
++ case OP_DIGEST:
++ case OP_CIPHER:
++ myslot = SLOTID;
++ break;
++ default:
++ PK11err(PK11_F_SETUP_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++ sp->session = CK_INVALID_HANDLE;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
++ {
++ /*
++ * We are probably a child process so force the
++ * reinitialize of the session
++ */
++ pk11_library_initialized = FALSE;
++ if (!pk11_library_init(NULL))
++ return (0);
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ }
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ sp->pid = getpid();
++
++ switch (optype)
++ {
++#ifndef OPENSSL_NO_RSA
++ case OP_RSA:
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ sp->opdata_rsa_n_num = NULL;
++ sp->opdata_rsa_e_num = NULL;
++ sp->opdata_rsa_priv = NULL;
++ sp->opdata_rsa_pn_num = NULL;
++ sp->opdata_rsa_pe_num = NULL;
++ sp->opdata_rsa_d_num = NULL;
++ break;
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ case OP_DSA:
++ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_pub = NULL;
++ sp->opdata_dsa_pub_num = NULL;
++ sp->opdata_dsa_priv = NULL;
++ sp->opdata_dsa_priv_num = NULL;
++ break;
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ case OP_DH:
++ sp->opdata_dh_key = CK_INVALID_HANDLE;
++ sp->opdata_dh = NULL;
++ sp->opdata_dh_priv_num = NULL;
++ break;
++#endif /* OPENSSL_NO_DH */
++ case OP_CIPHER:
++ sp->opdata_cipher_key = CK_INVALID_HANDLE;
++ sp->opdata_encrypt = -1;
++ break;
++ default:
++ break;
++ }
++
++ /*
++ * We always initialize the session as containing a non-persistent
++ * object. The key load functions set it to persistent if that is so.
++ */
++ sp->pub_persistent = CK_FALSE;
++ sp->priv_persistent = CK_FALSE;
++ return (1);
++ }
++
++#ifndef OPENSSL_NO_RSA
++/* Destroy RSA public key from single session. */
++int
++pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
++ ret, uselock, OP_RSA, CK_FALSE);
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy RSA private key from single session. */
++int
++pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
++ ret, uselock, OP_RSA, CK_TRUE);
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv = NULL;
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * For the RSA key by reference code, public components 'n'/'e'
++ * are the key components we use to check for the cache hit. We
++ * must free those as well.
++ */
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_rsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_RSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_RSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_RSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++/* Destroy DSA public key from single session. */
++int
++pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key,
++ ret, uselock, OP_DSA, CK_FALSE);
++ sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_pub = NULL;
++ if (sp->opdata_dsa_pub_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_pub_num);
++ sp->opdata_dsa_pub_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy DSA private key from single session. */
++int
++pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key,
++ ret, uselock, OP_DSA, CK_TRUE);
++ sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_dsa_priv = NULL;
++ if (sp->opdata_dsa_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dsa_priv_num);
++ sp->opdata_dsa_priv_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy DSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_dsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_DSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_DSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_DSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++/* Destroy DH key from single session. */
++int
++pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_dh_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_dh_key,
++ ret, uselock, OP_DH, CK_TRUE);
++ sp->opdata_dh_key = CK_INVALID_HANDLE;
++ sp->opdata_dh = NULL;
++ if (sp->opdata_dh_priv_num != NULL)
++ {
++ BN_free(sp->opdata_dh_priv_num);
++ sp->opdata_dh_priv_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy DH key object wrapper.
++ *
++ * arg0: pointer to PKCS#11 engine session structure
++ * if session is NULL, try to destroy all objects in the free list
++ */
++int
++pk11_destroy_dh_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_DH].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_DH].head;
++ uselock = FALSE;
++ }
++
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_dh_object(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_DH].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++#endif /* OPENSSL_NO_DH */
++
++static int
++pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent)
++ {
++ CK_RV rv;
++
++ /*
++ * We never try to destroy persistent objects which are the objects
++ * stored in the keystore. Also, we always use read-only sessions so
++ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
++ */
++ if (persistent == CK_TRUE)
++ return (1);
++
++ rv = pFuncList->C_DestroyObject(session, oh);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
++ rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++
++/* Symmetric ciphers and digests support functions */
++
++static int
++cipher_nid_to_pk11(int nid)
++ {
++ int i;
++
++ for (i = 0; i < PK11_CIPHER_MAX; i++)
++ if (ciphers[i].nid == nid)
++ return (ciphers[i].id);
++ return (-1);
++ }
++
++static int
++pk11_usable_ciphers(const int **nids)
++ {
++ if (cipher_count > 0)
++ *nids = cipher_nids;
++ else
++ *nids = NULL;
++ return (cipher_count);
++ }
++
++static int
++pk11_usable_digests(const int **nids)
++ {
++ if (digest_count > 0)
++ *nids = digest_nids;
++ else
++ *nids = NULL;
++ return (digest_count);
++ }
++
++/*
++ * Init context for encryption or decryption using a symmetric key.
++ */
++static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
++ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
++ {
++ CK_RV rv;
++ CK_AES_CTR_PARAMS ctr_params;
++
++ /*
++ * We expect pmech->mechanism to be already set and
++ * pParameter/ulParameterLen initialized to NULL/0 before
++ * pk11_init_symetric() is called.
++ */
++ OPENSSL_assert(pmech->mechanism != 0);
++ OPENSSL_assert(pmech->pParameter == NULL);
++ OPENSSL_assert(pmech->ulParameterLen == 0);
++
++ if (ctx->cipher->nid == NID_aes_128_ctr ||
++ ctx->cipher->nid == NID_aes_192_ctr ||
++ ctx->cipher->nid == NID_aes_256_ctr)
++ {
++ pmech->pParameter = (void *)(&ctr_params);
++ pmech->ulParameterLen = sizeof (ctr_params);
++ /*
++ * For now, we are limited to the fixed length of the counter,
++ * it covers the whole counter block. That's what RFC 4344
++ * needs. For more information on internal structure of the
++ * counter block, see RFC 3686. If needed in the future, we can
++ * add code so that the counter length can be set via
++ * ENGINE_ctrl() function.
++ */
++ ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
++ OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
++ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
++ }
++ else
++ {
++ if (pcipher->iv_len > 0)
++ {
++ pmech->pParameter = (void *)ctx->iv;
++ pmech->ulParameterLen = pcipher->iv_len;
++ }
++ }
++
++ /* if we get here, the encryption needs to be reinitialized */
++ if (ctx->encrypt)
++ rv = pFuncList->C_EncryptInit(sp->session, pmech,
++ sp->opdata_cipher_key);
++ else
++ rv = pFuncList->C_DecryptInit(sp->session, pmech,
++ sp->opdata_cipher_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
++ PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++
++ return (1);
++ }
++
++/* ARGSUSED */
++static int
++pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc)
++ {
++ CK_MECHANISM mech;
++ int index;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
++ PK11_SESSION *sp;
++ PK11_CIPHER *p_ciph_table_row;
++
++ state->sp = NULL;
++
++ index = cipher_nid_to_pk11(ctx->cipher->nid);
++ if (index < 0 || index >= PK11_CIPHER_MAX)
++ return (0);
++
++ p_ciph_table_row = &ciphers[index];
++ /*
++ * iv_len in the ctx->cipher structure is the maximum IV length for the
++ * current cipher and it must be less or equal to the IV length in our
++ * ciphers table. The key length must be in the allowed interval. From
++ * all cipher modes that the PKCS#11 engine supports only RC4 allows a
++ * key length to be in some range, all other NIDs have a precise key
++ * length. Every application can define its own EVP functions so this
++ * code serves as a sanity check.
++ *
++ * Note that the reason why the IV length in ctx->cipher might be
++ * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
++ * macro to define functions that return EVP structures for all DES
++ * modes. So, even ECB modes get 8 byte IV.
++ */
++ if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
++ ctx->key_len < p_ciph_table_row->min_key_len ||
++ ctx->key_len > p_ciph_table_row->max_key_len) {
++ PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
++ return (0);
++ }
++
++ if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
++ return (0);
++
++ /* if applicable, the mechanism parameter is used for IV */
++ mech.mechanism = p_ciph_table_row->mech_type;
++ mech.pParameter = NULL;
++ mech.ulParameterLen = 0;
++
++ /* The key object is destroyed here if it is not the current key. */
++ (void) check_new_cipher_key(sp, key, ctx->key_len);
++
++ /*
++ * If the key is the same and the encryption is also the same, then
++ * just reuse it. However, we must not forget to reinitialize the
++ * context that was finalized in pk11_cipher_cleanup().
++ */
++ if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
++ sp->opdata_encrypt == ctx->encrypt)
++ {
++ state->sp = sp;
++ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
++ return (0);
++
++ return (1);
++ }
++
++ /*
++ * Check if the key has been invalidated. If so, a new key object
++ * needs to be created.
++ */
++ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
++ {
++ sp->opdata_cipher_key = pk11_get_cipher_key(
++ ctx, key, p_ciph_table_row->key_type, sp);
++ }
++
++ if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
++ {
++ /*
++ * The previous encryption/decryption is different. Need to
++ * terminate the previous * active encryption/decryption here.
++ */
++ if (!pk11_cipher_final(sp))
++ {
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++ }
++
++ if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
++ {
++ pk11_return_session(sp, OP_CIPHER);
++ return (0);
++ }
++
++ /* now initialize the context with a new key */
++ if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
++ return (0);
++
++ sp->opdata_encrypt = ctx->encrypt;
++ state->sp = sp;
++
++ return (1);
++ }
++
++/*
++ * When reusing the same key in an encryption/decryption session for a
++ * decryption/encryption session, we need to close the active session
++ * and recreate a new one. Note that the key is in the global session so
++ * that it needs not be recreated.
++ *
++ * It is more appropriate to use C_En/DecryptFinish here. At the time of this
++ * development, these two functions in the PKCS#11 libraries used return
++ * unexpected errors when passing in 0 length output. It may be a good
++ * idea to try them again if performance is a problem here and fix
++ * C_En/DecryptFinial if there are bugs there causing the problem.
++ */
++static int
++pk11_cipher_final(PK11_SESSION *sp)
++ {
++ CK_RV rv;
++
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++/*
++ * An engine interface function. The calling function allocates sufficient
++ * memory for the output buffer "out" to hold the results.
++ */
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int
++pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, unsigned int inl)
++#else
++static int
++pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl)
++#endif
++ {
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
++ PK11_SESSION *sp;
++ CK_RV rv;
++ unsigned long outl = inl;
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ sp = (PK11_SESSION *) state->sp;
++
++ if (!inl)
++ return (1);
++
++ /* RC4 is the only stream cipher we support */
++ if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
++ return (0);
++
++ if (ctx->encrypt)
++ {
++ rv = pFuncList->C_EncryptUpdate(sp->session,
++ (unsigned char *)in, inl, out, &outl);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
++ PK11_R_ENCRYPTUPDATE, rv);
++ return (0);
++ }
++ }
++ else
++ {
++ rv = pFuncList->C_DecryptUpdate(sp->session,
++ (unsigned char *)in, inl, out, &outl);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
++ PK11_R_DECRYPTUPDATE, rv);
++ return (0);
++ }
++ }
++
++ /*
++ * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
++ * the same size of input.
++ * The application has guaranteed to call the block ciphers with
++ * correctly aligned buffers.
++ */
++ if (inl != outl)
++ return (0);
++
++ return (1);
++ }
++
++/*
++ * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
++ * here is the right thing because in EVP_DecryptFinal_ex(), engine's
++ * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
++ * the engine can't find out that it's the finalizing call. We wouldn't
++ * necessarily have to finalize the context here since reinitializing it with
++ * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
++ * let's do it. Some implementations might leak memory if the previously used
++ * context is initialized without finalizing it first.
++ */
++static int
++pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
++ {
++ CK_RV rv;
++ CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
++ CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
++ PK11_CIPHER_STATE *state = ctx->cipher_data;
++
++ if (state != NULL && state->sp != NULL)
++ {
++ /*
++ * We are not interested in the data here, we just need to get
++ * rid of the context.
++ */
++ if (ctx->encrypt)
++ rv = pFuncList->C_EncryptFinal(
++ state->sp->session, buf, &len);
++ else
++ rv = pFuncList->C_DecryptFinal(
++ state->sp->session, buf, &len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
++ PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
++ pk11_return_session(state->sp, OP_CIPHER);
++ return (0);
++ }
++
++ pk11_return_session(state->sp, OP_CIPHER);
++ state->sp = NULL;
++ }
++
++ return (1);
++ }
++
++/*
++ * Registered by the ENGINE when used to find out how to deal with
++ * a particular NID in the ENGINE. This says what we'll do at the
++ * top level - note, that list is restricted by what we answer with
++ */
++/* ARGSUSED */
++static int
++pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid)
++ {
++ if (!cipher)
++ return (pk11_usable_ciphers(nids));
++
++ switch (nid)
++ {
++ case NID_des_ede3_cbc:
++ *cipher = &pk11_3des_cbc;
++ break;
++ case NID_des_cbc:
++ *cipher = &pk11_des_cbc;
++ break;
++ case NID_des_ede3_ecb:
++ *cipher = &pk11_3des_ecb;
++ break;
++ case NID_des_ecb:
++ *cipher = &pk11_des_ecb;
++ break;
++ case NID_aes_128_cbc:
++ *cipher = &pk11_aes_128_cbc;
++ break;
++ case NID_aes_192_cbc:
++ *cipher = &pk11_aes_192_cbc;
++ break;
++ case NID_aes_256_cbc:
++ *cipher = &pk11_aes_256_cbc;
++ break;
++ case NID_aes_128_ecb:
++ *cipher = &pk11_aes_128_ecb;
++ break;
++ case NID_aes_192_ecb:
++ *cipher = &pk11_aes_192_ecb;
++ break;
++ case NID_aes_256_ecb:
++ *cipher = &pk11_aes_256_ecb;
++ break;
++ case NID_bf_cbc:
++ *cipher = &pk11_bf_cbc;
++ break;
++ case NID_rc4:
++ *cipher = &pk11_rc4;
++ break;
++ case NID_aes_128_ctr:
++ *cipher = &pk11_aes_128_ctr;
++ break;
++ case NID_aes_192_ctr:
++ *cipher = &pk11_aes_192_ctr;
++ break;
++ case NID_aes_256_ctr:
++ *cipher = &pk11_aes_256_ctr;
++ break;
++ default:
++ *cipher = NULL;
++ break;
++ }
++ return (*cipher != NULL);
++ }
++
++/* ARGSUSED */
++static int
++pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
++ const int **nids, int nid)
++ {
++ if (!digest)
++ return (pk11_usable_digests(nids));
++
++ switch (nid)
++ {
++ case NID_md5:
++ *digest = &pk11_md5;
++ break;
++ case NID_sha1:
++ *digest = &pk11_sha1;
++ break;
++ case NID_sha224:
++ *digest = &pk11_sha224;
++ break;
++ case NID_sha256:
++ *digest = &pk11_sha256;
++ break;
++ case NID_sha384:
++ *digest = &pk11_sha384;
++ break;
++ case NID_sha512:
++ *digest = &pk11_sha512;
++ break;
++ default:
++ *digest = NULL;
++ break;
++ }
++ return (*digest != NULL);
++ }
++
++
++/* Create a secret key object in a PKCS#11 session */
++static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
++ CK_ULONG ul_key_attr_count = 6;
++ unsigned char key_buf[PK11_KEY_LEN_MAX];
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VALUE, (void*) NULL, 0},
++ };
++
++ /*
++ * Create secret key object in global_session. All other sessions
++ * can use the key handles. Here is why:
++ * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
++ * It may then call DecryptInit and DecryptUpdate using the same key.
++ * To use the same key object, we need to call EncryptFinal with
++ * a 0 length message. Currently, this does not work for 3DES
++ * mechanism. To get around this problem, we close the session and
++ * then create a new session to use the same key object. When a session
++ * is closed, all the object handles will be invalid. Thus, create key
++ * objects in a global session, an individual session may be closed to
++ * terminate the active operation.
++ */
++ CK_SESSION_HANDLE session = global_session;
++ a_key_template[0].pValue = &obj_key;
++ a_key_template[1].pValue = &key_type;
++ if (ctx->key_len > PK11_KEY_LEN_MAX)
++ {
++ a_key_template[5].pValue = (void *) key;
++ }
++ else
++ {
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++ memcpy(key_buf, key, ctx->key_len);
++ if ((key_type == CKK_DES) ||
++ (key_type == CKK_DES2) ||
++ (key_type == CKK_DES3))
++ DES_fixup_key_parity((DES_cblock *) &key_buf[0]);
++ if ((key_type == CKK_DES2) ||
++ (key_type == CKK_DES3))
++ DES_fixup_key_parity((DES_cblock *) &key_buf[8]);
++ if (key_type == CKK_DES3)
++ DES_fixup_key_parity((DES_cblock *) &key_buf[16]);
++ a_key_template[5].pValue = (void *) key_buf;
++ }
++ a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++ PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
++ rv);
++ goto err;
++ }
++
++ /*
++ * Save the key information used in this session.
++ * The max can be saved is PK11_KEY_LEN_MAX.
++ */
++ if (ctx->key_len > PK11_KEY_LEN_MAX)
++ {
++ sp->opdata_key_len = PK11_KEY_LEN_MAX;
++ (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
++ }
++ else
++ {
++ sp->opdata_key_len = ctx->key_len;
++ (void) memcpy(sp->opdata_key, key_buf, sp->opdata_key_len);
++ }
++ memset(key_buf, 0, PK11_KEY_LEN_MAX);
++err:
++
++ return (h_key);
++ }
++
++static int
++md_nid_to_pk11(int nid)
++ {
++ int i;
++
++ for (i = 0; i < PK11_DIGEST_MAX; i++)
++ if (digests[i].nid == nid)
++ return (digests[i].id);
++ return (-1);
++ }
++
++static int
++pk11_digest_init(EVP_MD_CTX *ctx)
++ {
++ CK_RV rv;
++ CK_MECHANISM mech;
++ int index;
++ PK11_SESSION *sp;
++ PK11_DIGEST *pdp;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++
++ state->sp = NULL;
++
++ index = md_nid_to_pk11(ctx->digest->type);
++ if (index < 0 || index >= PK11_DIGEST_MAX)
++ return (0);
++
++ pdp = &digests[index];
++ if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
++ return (0);
++
++ /* at present, no parameter is needed for supported digests */
++ mech.mechanism = pdp->mech_type;
++ mech.pParameter = NULL;
++ mech.ulParameterLen = 0;
++
++ rv = pFuncList->C_DigestInit(sp->session, &mech);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
++ pk11_return_session(sp, OP_DIGEST);
++ return (0);
++ }
++
++ state->sp = sp;
++
++ return (1);
++ }
++
++static int
++pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
++ {
++ CK_RV rv;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++
++ /* 0 length message will cause a failure in C_DigestFinal */
++ if (count == 0)
++ return (1);
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
++ count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++ return (0);
++ }
++
++ return (1);
++ }
++
++static int
++pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
++ {
++ CK_RV rv;
++ unsigned long len;
++ PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
++ len = ctx->digest->md_size;
++
++ if (state == NULL || state->sp == NULL)
++ return (0);
++
++ rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++ return (0);
++ }
++
++ if (ctx->digest->md_size != len)
++ return (0);
++
++ /*
++ * Final is called and digest is returned, so return the session
++ * to the pool
++ */
++ pk11_return_session(state->sp, OP_DIGEST);
++ state->sp = NULL;
++
++ return (1);
++ }
++
++static int
++pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
++ {
++ CK_RV rv;
++ int ret = 0;
++ PK11_CIPHER_STATE *state, *state_to;
++ CK_BYTE_PTR pstate = NULL;
++ CK_ULONG ul_state_len;
++
++ /* The copy-from state */
++ state = (PK11_CIPHER_STATE *) from->md_data;
++ if (state == NULL || state->sp == NULL)
++ goto err;
++
++ /* Initialize the copy-to state */
++ if (!pk11_digest_init(to))
++ goto err;
++ state_to = (PK11_CIPHER_STATE *) to->md_data;
++
++ /* Get the size of the operation state of the copy-from session */
++ rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
++ &ul_state_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
++ rv);
++ goto err;
++ }
++ if (ul_state_len == 0)
++ {
++ goto err;
++ }
++
++ pstate = OPENSSL_malloc(ul_state_len);
++ if (pstate == NULL)
++ {
++ PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the operation state of the copy-from session */
++ rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
++ &ul_state_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
++ rv);
++ goto err;
++ }
++
++ /* Set the operation state of the copy-to session */
++ rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
++ ul_state_len, 0, 0);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DIGEST_COPY,
++ PK11_R_SET_OPERATION_STATE, rv);
++ goto err;
++ }
++
++ ret = 1;
++err:
++ if (pstate != NULL)
++ OPENSSL_free(pstate);
++
++ return (ret);
++ }
++
++/* Return any pending session state to the pool */
++static int
++pk11_digest_cleanup(EVP_MD_CTX *ctx)
++ {
++ PK11_CIPHER_STATE *state = ctx->md_data;
++ unsigned char buf[EVP_MAX_MD_SIZE];
++
++ if (state != NULL && state->sp != NULL)
++ {
++ /*
++ * If state->sp is not NULL then pk11_digest_final() has not
++ * been called yet. We must call it now to free any memory
++ * that might have been allocated in the token when
++ * pk11_digest_init() was called. pk11_digest_final()
++ * will return the session to the cache.
++ */
++ if (!pk11_digest_final(ctx, buf))
++ return (0);
++ }
++
++ return (1);
++ }
++
++/*
++ * Check if the new key is the same as the key object in the session. If the key
++ * is the same, no need to create a new key object. Otherwise, the old key
++ * object needs to be destroyed and a new one will be created. Return 1 for
++ * cache hit, 0 for cache miss. Note that we must check the key length first
++ * otherwise we could end up reusing a different, longer key with the same
++ * prefix.
++ */
++static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
++ int key_len)
++ {
++ if (sp->opdata_key_len != key_len ||
++ memcmp(sp->opdata_key, key, key_len) != 0)
++ {
++ (void) pk11_destroy_cipher_key_objects(sp);
++ return (0);
++ }
++ return (1);
++ }
++
++/* Destroy one or more secret key objects. */
++static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
++ {
++ int ret = 0;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_CIPHER].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_CIPHER].head;
++ }
++
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
++ {
++ /*
++ * The secret key object is created in the
++ * global_session. See pk11_get_cipher_key().
++ */
++ if (pk11_destroy_object(global_session,
++ sp->opdata_cipher_key, CK_FALSE) == 0)
++ goto err;
++ sp->opdata_cipher_key = CK_INVALID_HANDLE;
++ }
++ }
++ ret = 1;
++err:
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_CIPHER].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++
++
++/*
++ * Public key mechanisms optionally supported
++ *
++ * CKM_RSA_X_509
++ * CKM_RSA_PKCS
++ * CKM_DSA
++ *
++ * The first slot that supports at least one of those mechanisms is chosen as a
++ * public key slot.
++ *
++ * Symmetric ciphers optionally supported
++ *
++ * CKM_DES3_CBC
++ * CKM_DES_CBC
++ * CKM_AES_CBC
++ * CKM_DES3_ECB
++ * CKM_DES_ECB
++ * CKM_AES_ECB
++ * CKM_AES_CTR
++ * CKM_RC4
++ * CKM_BLOWFISH_CBC
++ *
++ * Digests optionally supported
++ *
++ * CKM_MD5
++ * CKM_SHA_1
++ * CKM_SHA224
++ * CKM_SHA256
++ * CKM_SHA384
++ * CKM_SHA512
++ *
++ * The output of this function is a set of global variables indicating which
++ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
++ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
++ * variables carry information about which slot was chosen for (a) public key
++ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
++ */
++static int
++pk11_choose_slots(int *any_slot_found)
++ {
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ CK_ULONG ulSlotCount = 0;
++ CK_MECHANISM_INFO mech_info;
++ CK_TOKEN_INFO token_info;
++ unsigned int i;
++ CK_RV rv;
++ CK_SLOT_ID best_slot_sofar = 0;
++ CK_BBOOL found_candidate_slot = CK_FALSE;
++ int slot_n_cipher = 0;
++ int slot_n_digest = 0;
++ CK_SLOT_ID current_slot = 0;
++ int current_slot_n_cipher = 0;
++ int current_slot_n_digest = 0;
++
++ int local_cipher_nids[PK11_CIPHER_MAX];
++ int local_digest_nids[PK11_DIGEST_MAX];
++
++ /* let's initialize the output parameter */
++ if (any_slot_found != NULL)
++ *any_slot_found = 0;
++
++ /* Get slot list for memory allocation */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ return (0);
++ }
++
++ /* it's not an error if we didn't find any providers */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++
++ /* Get the slot list for processing */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ OPENSSL_free(pSlotList);
++ return (0);
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
++ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
++
++ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ /* Check if slot has random support. */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (token_info.flags & CKF_RNG)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ pk11_have_random = CK_TRUE;
++ rand_SLOTID = current_slot;
++ break;
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ pubkey_SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ CK_BBOOL slot_has_rsa = CK_FALSE;
++ CK_BBOOL slot_has_recover = CK_FALSE;
++ CK_BBOOL slot_has_dsa = CK_FALSE;
++ CK_BBOOL slot_has_dh = CK_FALSE;
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++#ifndef OPENSSL_NO_RSA
++ /*
++ * Check if this slot is capable of signing and
++ * verifying with CKM_RSA_PKCS.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
++ &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY)))
++ {
++ /*
++ * Check if this slot is capable of encryption,
++ * decryption, sign, and verify with CKM_RSA_X_509.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_RSA_X_509, &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY) &&
++ (mech_info.flags & CKF_ENCRYPT) &&
++ (mech_info.flags & CKF_DECRYPT)))
++ {
++ slot_has_rsa = CK_TRUE;
++ if (mech_info.flags & CKF_VERIFY_RECOVER)
++ {
++ slot_has_recover = CK_TRUE;
++ }
++ }
++ }
++#endif /* OPENSSL_NO_RSA */
++
++#ifndef OPENSSL_NO_DSA
++ /*
++ * Check if this slot is capable of signing and
++ * verifying with CKM_DSA.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
++ &mech_info);
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
++ (mech_info.flags & CKF_VERIFY)))
++ {
++ slot_has_dsa = CK_TRUE;
++ }
++
++#endif /* OPENSSL_NO_DSA */
++
++#ifndef OPENSSL_NO_DH
++ /*
++ * Check if this slot is capable of DH key generataion and
++ * derivation.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
++
++ if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
++ {
++ rv = pFuncList->C_GetMechanismInfo(current_slot,
++ CKM_DH_PKCS_DERIVE, &mech_info);
++ if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
++ {
++ slot_has_dh = CK_TRUE;
++ }
++ }
++#endif /* OPENSSL_NO_DH */
++
++ if (!found_candidate_slot &&
++ (slot_has_rsa || slot_has_dsa || slot_has_dh))
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: potential slot: %d\n", PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = current_slot;
++ pk11_have_rsa = slot_has_rsa;
++ pk11_have_recover = slot_has_recover;
++ pk11_have_dsa = slot_has_dsa;
++ pk11_have_dh = slot_has_dh;
++ found_candidate_slot = CK_TRUE;
++ /*
++ * Cache the flags for later use. We might
++ * need those if RSA keys by reference feature
++ * is used.
++ */
++ pubkey_token_flags = token_info.flags;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: setting found_candidate_slot to CK_TRUE\n",
++ PK11_DBG);
++ fprintf(stderr,
++ "%s: best so far slot: %d\n", PK11_DBG,
++ best_slot_sofar);
++ fprintf(stderr, "%s: pubkey flags changed to "
++ "%lu.\n", PK11_DBG, pubkey_token_flags);
++ }
++ else
++ {
++ fprintf(stderr,
++ "%s: no rsa/dsa/dh\n", PK11_DBG);
++ }
++#else
++ } /* if */
++#endif /* DEBUG_SLOT_SELECTION */
++ } /* for */
++
++ if (found_candidate_slot == CK_TRUE)
++ {
++ pubkey_SLOTID = best_slot_sofar;
++ }
++
++ found_candidate_slot = CK_FALSE;
++ best_slot_sofar = 0;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ current_slot = pSlotList[i];
++ current_slot_n_cipher = 0;
++ current_slot_n_digest = 0;
++ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
++ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
++
++ pk11_find_symmetric_ciphers(pFuncList, current_slot,
++ ¤t_slot_n_cipher, local_cipher_nids);
++
++ pk11_find_digests(pFuncList, current_slot,
++ ¤t_slot_n_digest, local_digest_nids);
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
++ current_slot_n_cipher);
++ fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
++ current_slot_n_digest);
++ fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
++ PK11_DBG, best_slot_sofar);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * If the current slot supports more ciphers/digests than
++ * the previous best one we change the current best to this one,
++ * otherwise leave it where it is.
++ */
++ if ((current_slot_n_cipher + current_slot_n_digest) >
++ (slot_n_cipher + slot_n_digest))
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: changing best so far slot to %d\n",
++ PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = SLOTID = current_slot;
++ cipher_count = slot_n_cipher = current_slot_n_cipher;
++ digest_count = slot_n_digest = current_slot_n_digest;
++ (void) memcpy(cipher_nids, local_cipher_nids,
++ sizeof (local_cipher_nids));
++ (void) memcpy(digest_nids, local_digest_nids,
++ sizeof (local_digest_nids));
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
++ fprintf(stderr,
++ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
++ fprintf(stderr,
++ "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
++ fprintf(stderr,
++ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
++ fprintf(stderr,
++ "%s: pk11_have_recover %d\n", PK11_DBG, pk11_have_recover);
++ fprintf(stderr,
++ "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
++ fprintf(stderr,
++ "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
++ fprintf(stderr,
++ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
++ fprintf(stderr,
++ "%s: cipher_count %d\n", PK11_DBG, cipher_count);
++ fprintf(stderr,
++ "%s: digest_count %d\n", PK11_DBG, digest_count);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ OPENSSL_free(hw_cnids);
++ OPENSSL_free(hw_dnids);
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++ if (any_slot_found != NULL)
++ *any_slot_found = 1;
++ return (1);
++ }
++
++static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
++ int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
++ int *local_cipher_nids, int id)
++ {
++ CK_MECHANISM_INFO mech_info;
++ CK_RV rv;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
++
++ if (rv != CKR_OK)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " not found\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ return;
++ }
++
++ if ((mech_info.flags & CKF_ENCRYPT) &&
++ (mech_info.flags & CKF_DECRYPT))
++ {
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (nid_in_table(ciphers[id].nid, hw_cnids))
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " usable\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ local_cipher_nids[(*current_slot_n_cipher)++] =
++ ciphers[id].nid;
++ }
++#ifdef SOLARIS_HW_SLOT_SELECTION
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " rejected, software implementation only\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ }
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " unusable\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++
++ return;
++ }
++
++static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
++ CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
++ int id)
++ {
++ CK_MECHANISM_INFO mech_info;
++ CK_RV rv;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
++
++ if (rv != CKR_OK)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " not found\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ return;
++ }
++
++ if (mech_info.flags & CKF_DIGEST)
++ {
++#ifdef SOLARIS_HW_SLOT_SELECTION
++ if (nid_in_table(digests[id].nid, hw_dnids))
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " usable\n");
++#endif /* DEBUG_SLOT_SELECTION */
++ local_digest_nids[(*current_slot_n_digest)++] =
++ digests[id].nid;
++ }
++#ifdef SOLARIS_HW_SLOT_SELECTION
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " rejected, software implementation only\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++ }
++#ifdef DEBUG_SLOT_SELECTION
++ else
++ {
++ fprintf(stderr, " unusable\n");
++ }
++#endif /* DEBUG_SLOT_SELECTION */
++
++ return;
++ }
++
++/* Find what symmetric ciphers this slot supports. */
++static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
++ {
++ int i;
++
++ for (i = 0; i < PK11_CIPHER_MAX; ++i)
++ {
++ pk11_get_symmetric_cipher(pflist, current_slot,
++ ciphers[i].mech_type, current_slot_n_cipher,
++ local_cipher_nids, ciphers[i].id);
++ }
++ }
++
++/* Find what digest algorithms this slot supports. */
++static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
++ CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
++ {
++ int i;
++
++ for (i = 0; i < PK11_DIGEST_MAX; ++i)
++ {
++ pk11_get_digest(pflist, current_slot, digests[i].mech_type,
++ current_slot_n_digest, local_digest_nids, digests[i].id);
++ }
++ }
++
++#ifdef SOLARIS_HW_SLOT_SELECTION
++/*
++ * It would be great if we could use pkcs11_kernel directly since this library
++ * offers hardware slots only. That's the easiest way to achieve the situation
++ * where we use the hardware accelerators when present and OpenSSL native code
++ * otherwise. That presumes the fact that OpenSSL native code is faster than the
++ * code in the soft token. It's a logical assumption - Crypto Framework has some
++ * inherent overhead so going there for the software implementation of a
++ * mechanism should be logically slower in contrast to the OpenSSL native code,
++ * presuming that both implementations are of similar speed. For example, the
++ * soft token for AES is roughly three times slower than OpenSSL for 64 byte
++ * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
++ * that use the PKCS#11 engine by default, we must somehow avoid that regression
++ * on machines without hardware acceleration. That's why switching to the
++ * pkcs11_kernel library seems like a very good idea.
++ *
++ * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
++ * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
++ * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
++ * library, we would have had a performance regression on machines without
++ * hardware acceleration for asymmetric operations for all applications that use
++ * the PKCS#11 engine. There is one such application - Apache web server since
++ * it's shipped configured to use the PKCS#11 engine by default. Having said
++ * that, we can't switch to the pkcs11_kernel library now and have to come with
++ * a solution that, on non-accelerated machines, uses the OpenSSL native code
++ * for all symmetric ciphers and digests while it uses the soft token for
++ * asymmetric operations.
++ *
++ * This is the idea: dlopen() pkcs11_kernel directly and find out what
++ * mechanisms are there. We don't care about duplications (more slots can
++ * support the same mechanism), we just want to know what mechanisms can be
++ * possibly supported in hardware on that particular machine. As said before,
++ * pkcs11_kernel will show you hardware providers only.
++ *
++ * Then, we rely on the fact that since we use libpkcs11 library we will find
++ * the metaslot. When we go through the metaslot's mechanisms for symmetric
++ * ciphers and digests, we check that any found mechanism is in the table
++ * created using the pkcs11_kernel library. So, as a result we have two arrays
++ * of mechanisms that were advertised as supported in hardware which was the
++ * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
++ * code for symmetric ciphers and digests. See pk11_choose_slots() for more
++ * information.
++ *
++ * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
++ * the code won't be used.
++ */
++#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
++static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
++#else
++static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
++#endif
++
++/*
++ * Check hardware capabilities of the machines. The output are two lists,
++ * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
++ * providers together. They are not sorted and may contain duplicate mechanisms.
++ */
++static int check_hw_mechanisms(void)
++ {
++ int i;
++ CK_RV rv;
++ void *handle;
++ CK_C_GetFunctionList p;
++ CK_TOKEN_INFO token_info;
++ CK_ULONG ulSlotCount = 0;
++ int n_cipher = 0, n_digest = 0;
++ CK_FUNCTION_LIST_PTR pflist = NULL;
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL;
++ int hw_ctable_size, hw_dtable_size;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
++ PK11_DBG);
++#endif
++ if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ if ((p = (CK_C_GetFunctionList)dlsym(handle,
++ PK11_GET_FUNCTION_LIST)) == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ if (p(&pflist) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ rv = pflist->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
++ PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
++ goto err;
++ }
++
++ /* no slots, set the hw mechanism tables as empty */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
++#endif
++ hw_cnids = OPENSSL_malloc(sizeof (int));
++ hw_dnids = OPENSSL_malloc(sizeof (int));
++ if (hw_cnids == NULL || hw_dnids == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS,
++ PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ /* this means empty tables */
++ hw_cnids[0] = NID_undef;
++ hw_dnids[0] = NID_undef;
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the slot list for processing */
++ if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
++ goto err;
++ }
++
++ /*
++ * We don't care about duplicit mechanisms in multiple slots and also
++ * reserve one slot for the terminal NID_undef which we use to stop the
++ * search.
++ */
++ hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
++ hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
++ tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
++ tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
++ if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
++ {
++ PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * Do not use memset since we should not rely on the fact that NID_undef
++ * is zero now.
++ */
++ for (i = 0; i < hw_ctable_size; ++i)
++ tmp_hw_cnids[i] = NID_undef;
++ for (i = 0; i < hw_dtable_size; ++i)
++ tmp_hw_dnids[i] = NID_undef;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
++ fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
++ fprintf(stderr, "%s: now looking for mechs supported in hw\n",
++ PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * We are filling the hw mech tables here. Global tables are
++ * still NULL so all mechanisms are put into tmp tables.
++ */
++ pk11_find_symmetric_ciphers(pflist, pSlotList[i],
++ &n_cipher, tmp_hw_cnids);
++ pk11_find_digests(pflist, pSlotList[i],
++ &n_digest, tmp_hw_dnids);
++ }
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects. Also, C_Finalize() is triggered by
++ * dlclose(3C).
++ */
++#if 0
++ pflist->C_Finalize(NULL);
++#endif
++ OPENSSL_free(pSlotList);
++ (void) dlclose(handle);
++ hw_cnids = tmp_hw_cnids;
++ hw_dnids = tmp_hw_dnids;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++
++err:
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++ if (tmp_hw_cnids != NULL)
++ OPENSSL_free(tmp_hw_cnids);
++ if (tmp_hw_dnids != NULL)
++ OPENSSL_free(tmp_hw_dnids);
++
++ return (0);
++ }
++
++/*
++ * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
++ * non-existent).
++ */
++static int nid_in_table(int nid, int *nid_table)
++ {
++ int i = 0;
++
++ /*
++ * a special case. NULL means that we are initializing a new
++ * table.
++ */
++ if (nid_table == NULL)
++ return (1);
++
++ /*
++ * the table is never full, there is always at least one
++ * NID_undef.
++ */
++ while (nid_table[i] != NID_undef)
++ {
++ if (nid_table[i++] == nid)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++ }
++
++ return (0);
++ }
++#endif /* SOLARIS_HW_SLOT_SELECTION */
++
++#endif /* OPENSSL_NO_HW_PK11CA */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11_err.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
+@@ -0,0 +1,288 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_err.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <openssl/err.h>
++#include "hw_pk11_err.h"
++
++/* BEGIN ERROR CODES */
++#ifndef OPENSSL_NO_ERR
++static ERR_STRING_DATA pk11_str_functs[]=
++{
++{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
++{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
++{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
++{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
++{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
++{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
++{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
++{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
++{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
++{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
++{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
++{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
++{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
++{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
++{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
++{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
++{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
++{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
++{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
++{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
++{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
++{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
++{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
++{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
++{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
++{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
++{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
++{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
++{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
++{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
++{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
++{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
++{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
++{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
++{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
++{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
++{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
++{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
++{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
++{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
++{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
++{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
++{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
++{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
++{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
++{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
++{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
++{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
++{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
++{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
++{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
++{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
++{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
++{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
++{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
++{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
++{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
++{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
++{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
++{ 0, NULL}
++};
++
++static ERR_STRING_DATA pk11_str_reasons[]=
++{
++{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
++{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
++{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
++{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
++{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
++{ PK11_R_INITIALIZE, "C_Initialize failed"},
++{ PK11_R_FINALIZE, "C_Finalize failed"},
++{ PK11_R_GETINFO, "C_GetInfo faile"},
++{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
++{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
++{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
++{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
++{ PK11_R_NO_MODULUS, "no modulus"},
++{ PK11_R_NO_EXPONENT, "no exponent"},
++{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
++{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
++{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
++{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
++{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
++{ PK11_R_OPENSESSION, "C_OpenSession failed"},
++{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
++{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
++{ PK11_R_ENCRYPT, "C_Encrypt failed"},
++{ PK11_R_SIGNINIT, "C_SignInit failed"},
++{ PK11_R_SIGN, "C_Sign failed"},
++{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
++{ PK11_R_DECRYPT, "C_Decrypt failed"},
++{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
++{ PK11_R_VERIFY, "C_Verify failed"},
++{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
++{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
++{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
++{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
++{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
++{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
++{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
++{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
++{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
++{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
++{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
++{ PK11_R_MALLOC_FAILURE, "malloc failure"},
++{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
++{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
++{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
++{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
++{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
++{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
++{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
++{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
++{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
++{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
++{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
++{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
++{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
++{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
++{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
++{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
++{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
++{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
++{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
++{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
++{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
++{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
++{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
++{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
++{ PK11_R_ATFORK_FAILED, "atfork() failed" },
++{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login() failed on token" },
++{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
++{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
++{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
++{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
++{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen() dialog command" },
++{ PK11_R_PIPE_FAILED, "pipe() failed" },
++{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
++{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
++{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
++{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
++{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
++{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
++{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
++{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
++{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
++{ PK11_R_SYSCONF_FAILED, "sysconf() failed" },
++{ PK11_R_MMAP_FAILED, "mmap() failed" },
++{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
++{ PK11_R_MLOCK_FAILED, "mlock() failed" },
++{ PK11_R_FORK_FAILED, "fork() failed" },
++{ 0, NULL}
++};
++#endif /* OPENSSL_NO_ERR */
++
++static int pk11_lib_error_code = 0;
++static int pk11_error_init = 1;
++
++static void
++ERR_load_pk11_strings(void)
++ {
++ if (pk11_lib_error_code == 0)
++ pk11_lib_error_code = ERR_get_next_error_library();
++
++ if (pk11_error_init)
++ {
++ pk11_error_init = 0;
++#ifndef OPENSSL_NO_ERR
++ ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
++ ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
++#endif
++ }
++}
++
++static void
++ERR_unload_pk11_strings(void)
++ {
++ if (pk11_error_init == 0)
++ {
++#ifndef OPENSSL_NO_ERR
++ ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
++ ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
++#endif
++ pk11_error_init = 1;
++ }
++}
++
++void
++ERR_pk11_error(int function, int reason, char *file, int line)
++{
++ if (pk11_lib_error_code == 0)
++ pk11_lib_error_code = ERR_get_next_error_library();
++ ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
++}
++
++void
++PK11err_add_data(int function, int reason, CK_RV rv)
++{
++ char tmp_buf[20];
++
++ PK11err(function, reason);
++ (void) BIO_snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
++ ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
++}
+Index: openssl/crypto/engine/hw_pk11_err.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.13
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11_err.h Fri Oct 4 14:04:20 2013
+@@ -0,0 +1,440 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#ifndef HW_PK11_ERR_H
++#define HW_PK11_ERR_H
++
++void ERR_pk11_error(int function, int reason, char *file, int line);
++void PK11err_add_data(int function, int reason, CK_RV rv);
++#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
++
++/* Error codes for the PK11 functions. */
++
++/* Function codes. */
++
++#define PK11_F_INIT 100
++#define PK11_F_FINISH 101
++#define PK11_F_DESTROY 102
++#define PK11_F_CTRL 103
++#define PK11_F_RSA_INIT 104
++#define PK11_F_RSA_FINISH 105
++#define PK11_F_GET_PUB_RSA_KEY 106
++#define PK11_F_GET_PRIV_RSA_KEY 107
++#define PK11_F_RSA_GEN_KEY 108
++#define PK11_F_RSA_PUB_ENC 109
++#define PK11_F_RSA_PRIV_ENC 110
++#define PK11_F_RSA_PUB_DEC 111
++#define PK11_F_RSA_PRIV_DEC 112
++#define PK11_F_RSA_SIGN 113
++#define PK11_F_RSA_VERIFY 114
++#define PK11_F_RAND_ADD 115
++#define PK11_F_RAND_BYTES 116
++#define PK11_F_GET_SESSION 117
++#define PK11_F_FREE_SESSION 118
++#define PK11_F_LOAD_PUBKEY 119
++#define PK11_F_LOAD_PRIVKEY 120
++#define PK11_F_RSA_PUB_ENC_LOW 121
++#define PK11_F_RSA_PRIV_ENC_LOW 122
++#define PK11_F_RSA_PUB_DEC_LOW 123
++#define PK11_F_RSA_PRIV_DEC_LOW 124
++#define PK11_F_DSA_SIGN 125
++#define PK11_F_DSA_VERIFY 126
++#define PK11_F_DSA_INIT 127
++#define PK11_F_DSA_FINISH 128
++#define PK11_F_GET_PUB_DSA_KEY 129
++#define PK11_F_GET_PRIV_DSA_KEY 130
++#define PK11_F_DH_INIT 131
++#define PK11_F_DH_FINISH 132
++#define PK11_F_MOD_EXP_DH 133
++#define PK11_F_GET_DH_KEY 134
++#define PK11_F_FREE_ALL_SESSIONS 135
++#define PK11_F_SETUP_SESSION 136
++#define PK11_F_DESTROY_OBJECT 137
++#define PK11_F_CIPHER_INIT 138
++#define PK11_F_CIPHER_DO_CIPHER 139
++#define PK11_F_GET_CIPHER_KEY 140
++#define PK11_F_DIGEST_INIT 141
++#define PK11_F_DIGEST_UPDATE 142
++#define PK11_F_DIGEST_FINAL 143
++#define PK11_F_CHOOSE_SLOT 144
++#define PK11_F_CIPHER_FINAL 145
++#define PK11_F_LIBRARY_INIT 146
++#define PK11_F_LOAD 147
++#define PK11_F_DH_GEN_KEY 148
++#define PK11_F_DH_COMP_KEY 149
++#define PK11_F_DIGEST_COPY 150
++#define PK11_F_CIPHER_CLEANUP 151
++#define PK11_F_ACTIVE_ADD 152
++#define PK11_F_ACTIVE_DELETE 153
++#define PK11_F_CHECK_HW_MECHANISMS 154
++#define PK11_F_INIT_SYMMETRIC 155
++#define PK11_F_ADD_AES_CTR_NIDS 156
++#define PK11_F_INIT_ALL_LOCKS 157
++#define PK11_F_RETURN_SESSION 158
++#define PK11_F_GET_PIN 159
++#define PK11_F_FIND_ONE_OBJECT 160
++#define PK11_F_CHECK_TOKEN_ATTRS 161
++#define PK11_F_CACHE_PIN 162
++#define PK11_F_MLOCK_PIN_IN_MEMORY 163
++#define PK11_F_TOKEN_LOGIN 164
++#define PK11_F_TOKEN_RELOGIN 165
++#define PK11_F_RUN_ASKPASS 166
++
++/* Reason codes. */
++#define PK11_R_ALREADY_LOADED 100
++#define PK11_R_DSO_FAILURE 101
++#define PK11_R_NOT_LOADED 102
++#define PK11_R_PASSED_NULL_PARAMETER 103
++#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
++#define PK11_R_INITIALIZE 105
++#define PK11_R_FINALIZE 106
++#define PK11_R_GETINFO 107
++#define PK11_R_GETSLOTLIST 108
++#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
++#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
++#define PK11_R_GETATTRIBUTVALUE 111
++#define PK11_R_NO_MODULUS 112
++#define PK11_R_NO_EXPONENT 113
++#define PK11_R_FINDOBJECTSINIT 114
++#define PK11_R_FINDOBJECTS 115
++#define PK11_R_FINDOBJECTSFINAL 116
++#define PK11_R_CREATEOBJECT 118
++#define PK11_R_DESTROYOBJECT 119
++#define PK11_R_OPENSESSION 120
++#define PK11_R_CLOSESESSION 121
++#define PK11_R_ENCRYPTINIT 122
++#define PK11_R_ENCRYPT 123
++#define PK11_R_SIGNINIT 124
++#define PK11_R_SIGN 125
++#define PK11_R_DECRYPTINIT 126
++#define PK11_R_DECRYPT 127
++#define PK11_R_VERIFYINIT 128
++#define PK11_R_VERIFY 129
++#define PK11_R_VERIFYRECOVERINIT 130
++#define PK11_R_VERIFYRECOVER 131
++#define PK11_R_GEN_KEY 132
++#define PK11_R_SEEDRANDOM 133
++#define PK11_R_GENERATERANDOM 134
++#define PK11_R_INVALID_MESSAGE_LENGTH 135
++#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
++#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
++#define PK11_R_UNKNOWN_PADDING_TYPE 138
++#define PK11_R_PADDING_CHECK_FAILED 139
++#define PK11_R_DIGEST_TOO_BIG 140
++#define PK11_R_MALLOC_FAILURE 141
++#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
++#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
++#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
++#define PK11_R_MISSING_KEY_COMPONENT 145
++#define PK11_R_INVALID_SIGNATURE_LENGTH 146
++#define PK11_R_INVALID_DSA_SIGNATURE_R 147
++#define PK11_R_INVALID_DSA_SIGNATURE_S 148
++#define PK11_R_INCONSISTENT_KEY 149
++#define PK11_R_ENCRYPTUPDATE 150
++#define PK11_R_DECRYPTUPDATE 151
++#define PK11_R_DIGESTINIT 152
++#define PK11_R_DIGESTUPDATE 153
++#define PK11_R_DIGESTFINAL 154
++#define PK11_R_ENCRYPTFINAL 155
++#define PK11_R_DECRYPTFINAL 156
++#define PK11_R_NO_PRNG_SUPPORT 157
++#define PK11_R_GETTOKENINFO 158
++#define PK11_R_DERIVEKEY 159
++#define PK11_R_GET_OPERATION_STATE 160
++#define PK11_R_SET_OPERATION_STATE 161
++#define PK11_R_INVALID_HANDLE 162
++#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
++#define PK11_R_INVALID_OPERATION_TYPE 164
++#define PK11_R_ADD_NID_FAILED 165
++#define PK11_R_ATFORK_FAILED 166
++
++#define PK11_R_TOKEN_LOGIN_FAILED 167
++#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
++#define PK11_R_INVALID_PKCS11_URI 169
++#define PK11_R_COULD_NOT_READ_PIN 170
++#define PK11_R_COULD_NOT_OPEN_COMMAND 171
++#define PK11_R_PIPE_FAILED 172
++#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
++#define PK11_R_BAD_PASSPHRASE_SPEC 174
++#define PK11_R_TOKEN_NOT_INITIALIZED 175
++#define PK11_R_TOKEN_PIN_NOT_SET 176
++#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
++#define PK11_R_MISSING_OBJECT_LABEL 178
++#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
++#define PK11_R_PRIV_KEY_NOT_FOUND 180
++#define PK11_R_NO_OBJECT_FOUND 181
++#define PK11_R_PIN_CACHING_POLICY_INVALID 182
++#define PK11_R_SYSCONF_FAILED 183
++#define PK11_R_MMAP_FAILED 183
++#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
++#define PK11_R_MLOCK_FAILED 185
++#define PK11_R_FORK_FAILED 186
++
++/* max byte length of a symetric key we support */
++#define PK11_KEY_LEN_MAX 32
++
++#ifdef NOPTHREADS
++/*
++ * CRYPTO_LOCK_PK11_ENGINE lock is primarily used for the protection of the
++ * free_session list and active_list but generally serves as a global
++ * per-process lock for the whole engine.
++ *
++ * We reuse CRYPTO_LOCK_EC lock (which is defined in OpenSSL for EC method) as
++ * the global engine lock. This is not optimal w.r.t. performance but
++ * it's safe.
++ */
++#define CRYPTO_LOCK_PK11_ENGINE CRYPTO_LOCK_EC
++#endif
++
++/*
++ * This structure encapsulates all reusable information for a PKCS#11
++ * session. A list of these objects is created on behalf of the
++ * calling application using an on-demand method. Each operation
++ * type (see PK11_OPTYPE below) has its own per-process list.
++ * Each of the lists is basically a cache for faster PKCS#11 object
++ * access to avoid expensive C_Find{,Init,Final}Object() calls.
++ *
++ * When a new request comes in, an object will be taken from the list
++ * (if there is one) or a new one is created to handle the request
++ * (if the list is empty). See pk11_get_session() on how it is done.
++ */
++typedef struct PK11_st_SESSION
++ {
++ struct PK11_st_SESSION *next;
++ CK_SESSION_HANDLE session; /* PK11 session handle */
++ pid_t pid; /* Current process ID */
++ CK_BBOOL pub_persistent; /* is pub key in keystore? */
++ CK_BBOOL priv_persistent;/* is priv key in keystore? */
++ union
++ {
++#ifndef OPENSSL_NO_RSA
++ struct
++ {
++ CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
++ CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
++ RSA *rsa_pub; /* pub key addr */
++ BIGNUM *rsa_n_num; /* pub modulus */
++ BIGNUM *rsa_e_num; /* pub exponent */
++ RSA *rsa_priv; /* priv key addr */
++ BIGNUM *rsa_pn_num; /* pub modulus */
++ BIGNUM *rsa_pe_num; /* pub exponent */
++ BIGNUM *rsa_d_num; /* priv exponent */
++ } u_RSA;
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++ struct
++ {
++ CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
++ CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
++ DSA *dsa_pub; /* pub key addr */
++ BIGNUM *dsa_pub_num; /* pub key */
++ DSA *dsa_priv; /* priv key addr */
++ BIGNUM *dsa_priv_num; /* priv key */
++ } u_DSA;
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++ struct
++ {
++ CK_OBJECT_HANDLE dh_key; /* key handle */
++ DH *dh; /* dh key addr */
++ BIGNUM *dh_priv_num; /* priv dh key */
++ } u_DH;
++#endif /* OPENSSL_NO_DH */
++ struct
++ {
++ CK_OBJECT_HANDLE cipher_key; /* key handle */
++ unsigned char key[PK11_KEY_LEN_MAX];
++ int key_len; /* priv key len */
++ int encrypt; /* 1/0 enc/decr */
++ } u_cipher;
++ } opdata_u;
++ } PK11_SESSION;
++
++#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
++#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
++#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
++#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
++#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
++#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
++#define opdata_rsa_pn_num opdata_u.u_RSA.rsa_pn_num
++#define opdata_rsa_pe_num opdata_u.u_RSA.rsa_pe_num
++#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
++#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
++#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
++#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
++#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
++#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
++#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
++#define opdata_dh_key opdata_u.u_DH.dh_key
++#define opdata_dh opdata_u.u_DH.dh
++#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
++#define opdata_cipher_key opdata_u.u_cipher.cipher_key
++#define opdata_key opdata_u.u_cipher.key
++#define opdata_key_len opdata_u.u_cipher.key_len
++#define opdata_encrypt opdata_u.u_cipher.encrypt
++
++/*
++ * We have 3 different groups of operation types:
++ * 1) asymmetric operations
++ * 2) random operations
++ * 3) symmetric and digest operations
++ *
++ * This division into groups stems from the fact that it's common that hardware
++ * providers may support operations from one group only. For example, hardware
++ * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
++ * only a single group of operations.
++ *
++ * For every group a different slot can be chosen. That means that we must have
++ * at least 3 different lists of cached PKCS#11 sessions since sessions from
++ * different groups may be initialized in different slots.
++ *
++ * To provide locking granularity in multithreaded environment, the groups are
++ * further splitted into types with each type having a separate session cache.
++ */
++typedef enum PK11_OPTYPE_ENUM
++ {
++ OP_RAND,
++ OP_RSA,
++ OP_DSA,
++ OP_DH,
++ OP_CIPHER,
++ OP_DIGEST,
++ OP_MAX
++ } PK11_OPTYPE;
++
++/*
++ * This structure contains the heads of the lists forming the object caches
++ * and locks associated with the lists.
++ */
++typedef struct PK11_st_CACHE
++ {
++ PK11_SESSION *head;
++#ifndef NOPTHREADS
++ pthread_mutex_t *lock;
++#endif
++ } PK11_CACHE;
++
++/* structure for tracking handles of asymmetric key objects */
++typedef struct PK11_active_st
++ {
++ CK_OBJECT_HANDLE h;
++ unsigned int refcnt;
++ struct PK11_active_st *prev;
++ struct PK11_active_st *next;
++ } PK11_active;
++
++#ifndef NOPTHREADS
++extern pthread_mutex_t *find_lock[];
++#endif
++extern PK11_active *active_list[];
++/*
++ * These variables are specific for the RSA keys by reference code. See
++ * hw_pk11_pub.c for explanation.
++ */
++extern CK_FLAGS pubkey_token_flags;
++
++#ifndef NOPTHREADS
++#define LOCK_OBJSTORE(alg_type) \
++ OPENSSL_assert(pthread_mutex_lock(find_lock[alg_type]) == 0)
++#define UNLOCK_OBJSTORE(alg_type) \
++ OPENSSL_assert(pthread_mutex_unlock(find_lock[alg_type]) == 0)
++#else
++#define LOCK_OBJSTORE(alg_type) \
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE)
++#define UNLOCK_OBJSTORE(alg_type) \
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE)
++#endif
++
++extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++extern int pk11_token_relogin(CK_SESSION_HANDLE session);
++
++#ifndef OPENSSL_NO_RSA
++extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++extern RSA_METHOD *PK11_RSA(void);
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++extern DSA_METHOD *PK11_DSA(void);
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
++extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
++extern DH_METHOD *PK11_DH(void);
++#endif /* OPENSSL_NO_DH */
++
++extern CK_FUNCTION_LIST_PTR pFuncList;
++
++#endif /* HW_PK11_ERR_H */
+Index: openssl/crypto/engine/hw_pk11_pub.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.42
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11_pub.c Fri Oct 4 14:27:06 2013
+@@ -0,0 +1,3556 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_pub.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/pem.h>
++#ifndef OPENSSL_NO_RSA
++#include <openssl/rsa.h>
++#endif /* OPENSSL_NO_RSA */
++#ifndef OPENSSL_NO_DSA
++#include <openssl/dsa.h>
++#endif /* OPENSSL_NO_DSA */
++#ifndef OPENSSL_NO_DH
++#include <openssl/dh.h>
++#endif /* OPENSSL_NO_DH */
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++#define NOPTHREADS
++typedef int pid_t;
++#define HAVE_GETPASSPHRASE
++static char *getpassphrase(const char *prompt);
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <unistd.h>
++#endif
++
++#ifndef NOPTHREADS
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11CA
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11ca.h"
++#include "hw_pk11_err.h"
++
++static CK_BBOOL pk11_login_done = CK_FALSE;
++extern CK_SLOT_ID pubkey_SLOTID;
++#ifndef NOPTHREADS
++extern pthread_mutex_t *token_lock;
++#endif
++
++#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
++#define getpassphrase(x) getpass(x)
++#endif
++
++#ifndef OPENSSL_NO_RSA
++/* RSA stuff */
++static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++static int pk11_RSA_init(RSA *rsa);
++static int pk11_RSA_finish(RSA *rsa);
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_RSA_verify(int dtype, const unsigned char *m,
++ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa);
++#else
++static int pk11_RSA_verify(int dtype, const unsigned char *m,
++ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa);
++#endif
++EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++
++static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa);
++
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session);
++
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
++#endif
++
++/* DSA stuff */
++#ifndef OPENSSL_NO_DSA
++static int pk11_DSA_init(DSA *dsa);
++static int pk11_DSA_finish(DSA *dsa);
++static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen,
++ DSA *dsa);
++static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
++ DSA_SIG *sig, DSA *dsa);
++
++static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
++ BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
++ BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
++
++static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa);
++static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa);
++#endif
++
++/* DH stuff */
++#ifndef OPENSSL_NO_DH
++static int pk11_DH_init(DH *dh);
++static int pk11_DH_finish(DH *dh);
++static int pk11_DH_generate_key(DH *dh);
++static int pk11_DH_compute_key(unsigned char *key,
++ const BIGNUM *pub_key, DH *dh);
++
++static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
++ BIGNUM **priv_key, CK_SESSION_HANDLE session);
++
++static int check_new_dh_key(PK11_SESSION *sp, DH *dh);
++#endif
++
++static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
++static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
++ CK_ULONG *ulValueLen);
++static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
++
++static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private);
++
++/* Read mode string to be used for fopen() */
++#if SOLARIS_OPENSSL
++static char *read_mode_flags = "rF";
++#else
++static char *read_mode_flags = "r";
++#endif
++
++/*
++ * increment/create reference for an asymmetric key handle via active list
++ * manipulation. If active list operation fails, unlock (if locked), set error
++ * variable and jump to the specified label.
++ */
++#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
++ { \
++ if (pk11_active_add(key_handle, alg_type) < 0) \
++ { \
++ var = TRUE; \
++ if (unlock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ goto label; \
++ } \
++ }
++
++/*
++ * Find active list entry according to object handle and return pointer to the
++ * entry otherwise return NULL.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ for (entry = active_list[type]; entry != NULL; entry = entry->next)
++ if (entry->h == h)
++ return (entry);
++
++ return (NULL);
++ }
++
++/*
++ * Search for an entry in the active list using PKCS#11 object handle as a
++ * search key and return refcnt of the found/created entry or -1 in case of
++ * failure.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if (h == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ /* search for entry in the active list */
++ if ((entry = pk11_active_find(h, type)) != NULL)
++ entry->refcnt++;
++ else
++ {
++ /* not found, create new entry and add it to the list */
++ entry = OPENSSL_malloc(sizeof (PK11_active));
++ if (entry == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
++ return (-1);
++ }
++ entry->h = h;
++ entry->refcnt = 1;
++ entry->prev = NULL;
++ entry->next = NULL;
++ /* connect the newly created entry to the list */
++ if (active_list[type] == NULL)
++ active_list[type] = entry;
++ else /* make the entry first in the list */
++ {
++ entry->next = active_list[type];
++ active_list[type]->prev = entry;
++ active_list[type] = entry;
++ }
++ }
++
++ return (entry->refcnt);
++ }
++
++/*
++ * Remove active list entry from the list and free it.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++void
++pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
++ {
++ PK11_active *prev_entry;
++
++ /* remove the entry from the list and free it */
++ if ((prev_entry = entry->prev) != NULL)
++ {
++ prev_entry->next = entry->next;
++ if (entry->next != NULL)
++ entry->next->prev = prev_entry;
++ }
++ else
++ {
++ active_list[type] = entry->next;
++ /* we were the first but not the only one */
++ if (entry->next != NULL)
++ entry->next->prev = NULL;
++ }
++
++ /* sanitization */
++ entry->h = CK_INVALID_HANDLE;
++ entry->prev = NULL;
++ entry->next = NULL;
++ OPENSSL_free(entry);
++ }
++
++/* Free all entries from the active list. */
++void
++pk11_free_active_list(PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ /* only for asymmetric types since only they have C_Find* locks. */
++ switch (type)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ break;
++ default:
++ return;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(type);
++ while ((entry = active_list[type]) != NULL)
++ pk11_active_remove(entry, type);
++ UNLOCK_OBJSTORE(type);
++ }
++
++/*
++ * Search for active list entry associated with given PKCS#11 object handle,
++ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
++ *
++ * Return 1 if the PKCS#11 object associated with the entry has no references,
++ * return 0 if there is at least one reference, -1 on error.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if ((entry = pk11_active_find(h, type)) == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ OPENSSL_assert(entry->refcnt > 0);
++ entry->refcnt--;
++ if (entry->refcnt == 0)
++ {
++ pk11_active_remove(entry, type);
++ return (1);
++ }
++
++ return (0);
++ }
++
++#ifndef OPENSSL_NO_RSA
++/* Our internal RSA_METHOD that we provide pointers to */
++static RSA_METHOD pk11_rsa =
++ {
++ "PKCS#11 RSA method",
++ pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
++ pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
++ pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
++ pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
++ NULL, /* rsa_mod_exp */
++ NULL, /* bn_mod_exp */
++ pk11_RSA_init, /* init */
++ pk11_RSA_finish, /* finish */
++ RSA_FLAG_SIGN_VER, /* flags */
++ NULL, /* app_data */
++ pk11_RSA_sign, /* rsa_sign */
++ pk11_RSA_verify /* rsa_verify */
++ };
++
++RSA_METHOD *
++PK11_RSA(void)
++ {
++ return (&pk11_rsa);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DSA
++/* Our internal DSA_METHOD that we provide pointers to */
++static DSA_METHOD pk11_dsa =
++ {
++ "PKCS#11 DSA method",
++ pk11_dsa_do_sign, /* dsa_do_sign */
++ NULL, /* dsa_sign_setup */
++ pk11_dsa_do_verify, /* dsa_do_verify */
++ NULL, /* dsa_mod_exp */
++ NULL, /* bn_mod_exp */
++ pk11_DSA_init, /* init */
++ pk11_DSA_finish, /* finish */
++ 0, /* flags */
++ NULL /* app_data */
++ };
++
++DSA_METHOD *
++PK11_DSA(void)
++ {
++ return (&pk11_dsa);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DH
++/*
++ * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
++ * output buffer may somewhat exceed the precise number of bytes needed, but
++ * should not exceed it by a large amount. That may be caused, for example, by
++ * rounding it up to multiple of X in the underlying bignum library. 8 should be
++ * enough.
++ */
++#define DH_BUF_RESERVE 8
++
++/* Our internal DH_METHOD that we provide pointers to */
++static DH_METHOD pk11_dh =
++ {
++ "PKCS#11 DH method",
++ pk11_DH_generate_key, /* generate_key */
++ pk11_DH_compute_key, /* compute_key */
++ NULL, /* bn_mod_exp */
++ pk11_DH_init, /* init */
++ pk11_DH_finish, /* finish */
++ 0, /* flags */
++ NULL, /* app_data */
++ NULL /* generate_params */
++ };
++
++DH_METHOD *
++PK11_DH(void)
++ {
++ return (&pk11_dh);
++ }
++#endif
++
++/* Size of an SSL signature: MD5+SHA1 */
++#define SSL_SIG_LENGTH 36
++
++/* Lengths of DSA data and signature */
++#define DSA_DATA_LEN 20
++#define DSA_SIGNATURE_LEN 40
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++
++#ifndef OPENSSL_NO_RSA
++/*
++ * Similiar to OpenSSL to take advantage of the paddings. The goal is to
++ * support all paddings in this engine although PK11 library does not
++ * support all the paddings used in OpenSSL.
++ * The input errors should have been checked in the padding functions.
++ */
++static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ int i, num = 0, r = -1;
++ unsigned char *buf = NULL;
++
++ num = BN_num_bytes(rsa->n);
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
++ break;
++#ifndef OPENSSL_NO_SHA
++ case RSA_PKCS1_OAEP_PADDING:
++ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
++ break;
++#endif
++ case RSA_SSLV23_PADDING:
++ i = RSA_padding_add_SSLv23(buf, num, from, flen);
++ break;
++ case RSA_NO_PADDING:
++ i = RSA_padding_add_none(buf, num, from, flen);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (i <= 0) goto err;
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
++err:
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++
++/*
++ * Similar to Openssl to take advantage of the paddings. The input errors
++ * should be catched in the padding functions
++ */
++static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ int i, num = 0, r = -1;
++ unsigned char *buf = NULL;
++
++ num = BN_num_bytes(rsa->n);
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
++ break;
++ case RSA_NO_PADDING:
++ i = RSA_padding_add_none(buf, num, from, flen);
++ break;
++ case RSA_SSLV23_PADDING:
++ default:
++ RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (i <= 0) goto err;
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
++err:
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/* Similar to OpenSSL code. Input errors are also checked here */
++static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ BIGNUM f;
++ int j, num = 0, r = -1;
++ unsigned char *p;
++ unsigned char *buf = NULL;
++
++ BN_init(&f);
++
++ num = BN_num_bytes(rsa->n);
++
++ if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * This check was for equality but PGP does evil things
++ * and chops off the top '0' bytes
++ */
++ if (flen > num)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC,
++ PK11_R_DATA_GREATER_THAN_MOD_LEN);
++ goto err;
++ }
++
++ /* make data into a big number */
++ if (BN_bin2bn(from, (int)flen, &f) == NULL)
++ goto err;
++
++ if (BN_ucmp(&f, rsa->n) >= 0)
++ {
++ RSAerr(PK11_F_RSA_PRIV_DEC,
++ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
++ goto err;
++ }
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
++
++ /*
++ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
++ * Needs to skip these 0's paddings here.
++ */
++ for (j = 0; j < r; j++)
++ if (buf[j] != 0)
++ break;
++
++ p = buf + j;
++ j = r - j; /* j is only used with no-padding mode */
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
++ break;
++#ifndef OPENSSL_NO_SHA
++ case RSA_PKCS1_OAEP_PADDING:
++ r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
++ break;
++#endif
++ case RSA_SSLV23_PADDING:
++ r = RSA_padding_check_SSLv23(to, num, p, j, num);
++ break;
++ case RSA_NO_PADDING:
++ r = RSA_padding_check_none(to, num, p, j, num);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (r < 0)
++ RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
++
++err:
++ BN_clear_free(&f);
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/* Similar to OpenSSL code. Input errors are also checked here */
++static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding)
++ {
++ BIGNUM f;
++ int i, num = 0, r = -1;
++ unsigned char *p;
++ unsigned char *buf = NULL;
++
++ BN_init(&f);
++ num = BN_num_bytes(rsa->n);
++ buf = (unsigned char *)OPENSSL_malloc(num);
++ if (buf == NULL)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /*
++ * This check was for equality but PGP does evil things
++ * and chops off the top '0' bytes
++ */
++ if (flen > num)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
++ goto err;
++ }
++
++ if (BN_bin2bn(from, flen, &f) == NULL)
++ goto err;
++
++ if (BN_ucmp(&f, rsa->n) >= 0)
++ {
++ RSAerr(PK11_F_RSA_PUB_DEC,
++ PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
++ goto err;
++ }
++
++ /* PK11 functions are called here */
++ r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
++
++ /*
++ * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
++ * Needs to skip these 0's here
++ */
++ for (i = 0; i < r; i++)
++ if (buf[i] != 0)
++ break;
++
++ p = buf + i;
++ i = r - i; /* i is only used with no-padding mode */
++
++ switch (padding)
++ {
++ case RSA_PKCS1_PADDING:
++ r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
++ break;
++ case RSA_NO_PADDING:
++ r = RSA_padding_check_none(to, num, p, i, num);
++ break;
++ default:
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
++ goto err;
++ }
++ if (r < 0)
++ RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
++
++err:
++ BN_clear_free(&f);
++ if (buf != NULL)
++ {
++ OPENSSL_cleanse(buf, num);
++ OPENSSL_free(buf);
++ }
++ return (r);
++ }
++
++/*
++ * This function implements RSA public encryption using C_EncryptInit and
++ * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_public_encrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_encrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_EncryptInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
++ PK11_R_ENCRYPTINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Encrypt(sp->session,
++ (unsigned char *)from, flen, to, &bytes_encrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
++ PK11_R_ENCRYPT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_encrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA private encryption using C_SignInit and
++ * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_private_encrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG ul_sig_len = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ {
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ }
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech,
++ h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
++ PK11_R_SIGNINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Sign(sp->session,
++ (unsigned char *)from, flen, to, &ul_sig_len);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
++ rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ retval = ul_sig_len;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA private decryption using C_DecryptInit and
++ * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_private_decrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_decrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num, &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DecryptInit(sp->session, p_mech,
++ h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
++ PK11_R_DECRYPTINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_Decrypt(sp->session,
++ (unsigned char *)from, flen, to, &bytes_decrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
++ PK11_R_DECRYPT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_decrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++
++/*
++ * This function implements RSA public decryption using C_VerifyRecoverInit
++ * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
++ * The calling function allocated sufficient memory in "to" to store results.
++ */
++static int pk11_RSA_public_decrypt_low(int flen,
++ const unsigned char *from, unsigned char *to, RSA *rsa)
++ {
++ CK_ULONG bytes_decrypted = flen;
++ int retval = -1;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (-1);
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyRecoverInit(sp->session,
++ p_mech, h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
++ PK11_R_VERIFYRECOVERINIT, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++
++ rv = pFuncList->C_VerifyRecover(sp->session,
++ (unsigned char *)from, flen, to, &bytes_decrypted);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
++ PK11_R_VERIFYRECOVER, rv);
++ pk11_return_session(sp, OP_RSA);
++ return (-1);
++ }
++ retval = bytes_decrypted;
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (retval);
++ }
++
++static int pk11_RSA_init(RSA *rsa)
++ {
++ /*
++ * This flag in the RSA_METHOD enables the new rsa_sign,
++ * rsa_verify functions. See rsa.h for details.
++ */
++ rsa->flags |= RSA_FLAG_SIGN_VER;
++
++ return (1);
++ }
++
++static int pk11_RSA_finish(RSA *rsa)
++ {
++ /*
++ * Since we are overloading OpenSSL's native RSA_eay_finish() we need
++ * to do the same as in the original function, i.e. to free bignum
++ * structures.
++ */
++ if (rsa->_method_mod_n != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_n);
++ if (rsa->_method_mod_p != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_p);
++ if (rsa->_method_mod_q != NULL)
++ BN_MONT_CTX_free(rsa->_method_mod_q);
++
++ return (1);
++ }
++
++/*
++ * Standard engine interface function. Majority codes here are from
++ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
++ * See more details in rsa/rsa_sign.c
++ */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++ unsigned long ulsiglen;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key((RSA *)rsa,
++ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
++ sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto err;
++ }
++
++ ulsiglen = j;
++ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
++ (CK_ULONG_PTR) &ulsiglen);
++ *siglen = ulsiglen;
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++#if OPENSSL_VERSION_NUMBER < 0x10000000L
++static int pk11_RSA_verify(int type, const unsigned char *m,
++ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa)
++#else
++static int pk11_RSA_verify(int type, const unsigned char *m,
++ unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen,
++ const RSA *rsa)
++#endif
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_pub_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_VERIFY,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_pub(sp, rsa);
++
++ h_pub_key = sp->opdata_rsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
++ &sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
++ sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
++ rv);
++ goto err;
++ }
++ rv = pFuncList->C_Verify(sp->session, s, i,
++ (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++static int hndidx_rsa = -1;
++
++#define MAXATTR 1024
++
++/*
++ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *privkey;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BBOOL rollback = FALSE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for private keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize the OpenSSL RSA
++ * structure with something we can use to look up the key. Note that we
++ * never ask for private components.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(privkey_file, "pkcs11:") == privkey_file)
++ {
++ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_TRUE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ if (hndidx_rsa == -1)
++ hndidx_rsa = RSA_get_ex_new_index(0,
++ "pkcs11 RSA HSM key handle",
++ NULL, NULL, NULL);
++
++ /*
++ * We might have a cache hit which we could confirm
++ * according to the 'n'/'e' params, RSA public pointer
++ * as NULL, and non-NULL RSA private pointer. However,
++ * it is easier just to recreate everything. We expect
++ * the keys to be loaded once and used many times. We
++ * do not check the return value because even in case
++ * of failure the sp structure will have both key
++ * pointer and object handle cleaned and
++ * pk11_destroy_object() reports the failure to the
++ * OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, FALSE);
++
++ sp->opdata_rsa_priv_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->priv_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA private structure pointer. We do not
++ * use it now for key-by-ref keys but let's do it for
++ * consistency reasons.
++ */
++ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
++ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ /*
++ * We do not use pk11_get_private_rsa_key() here so we
++ * must take care of handle management ourselves.
++ */
++ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, TRUE, rollback, err);
++
++ /*
++ * Those are the sensitive components we do not want to export
++ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
++ */
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++ /*
++ * Must have 'n'/'e' components in the session structure as
++ * well. They serve as a public look-up key for the private key
++ * in the keystore.
++ */
++ attr_to_BN(&get_templ[0], attr_data[0],
++ &sp->opdata_rsa_pn_num);
++ attr_to_BN(&get_templ[1], attr_data[1],
++ &sp->opdata_rsa_pe_num);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++ }
++ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
++ (void) fclose(privkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_priv(sp, rsa);
++ sp->priv_persistent = CK_FALSE;
++
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa,
++ &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ if (h_priv_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ rollback = rollback;
++ return (pkey);
++ }
++
++/*
++ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *pubkey;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for public keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize OpenSSL RSA
++ * structure with something we can use to look up the key.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
++ {
++ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_FALSE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * We load a new public key so we will create a new RSA
++ * structure. No cache hit is possible.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, FALSE);
++
++ sp->opdata_rsa_pub_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->pub_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA public structure pointer.
++ */
++ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER;
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PUBKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++
++ /*
++ * Create a session object from it so that when calling
++ * pk11_get_public_rsa_key() the next time, we can find it. The
++ * reason why we do that is that we cannot tell from the RSA
++ * structure (OpenSSL RSA structure does not have any room for
++ * additional data used by the engine, for example) if it bears
++ * a public key stored in the keystore or not so it's better if
++ * we always have a session key. Note that this is different
++ * from what we do for the private keystore objects but in that
++ * case, we can tell from the RSA structure that the keystore
++ * object is in play - the 'd' component is NULL in that case.
++ */
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
++ (void) fclose(pubkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_pub(sp, rsa);
++ sp->pub_persistent = CK_FALSE;
++
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ return (pkey);
++ }
++
++/*
++ * Create a public key object in a session from a given rsa structure.
++ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
++ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY_RECOVER, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
++ };
++
++ int i;
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
++ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[6].ulValueLen);
++ if (a_key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->n, a_key_template[6].pValue);
++
++ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
++ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[7].ulValueLen);
++ if (a_key_template[7].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->e, a_key_template[7].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (rsa_n_num != NULL)
++ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ if (rsa_e_num != NULL)
++ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ BN_free(*rsa_n_num);
++ *rsa_n_num = NULL;
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ for (i = 6; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given rsa structure.
++ * The *rsa_d_num pointer is non-NULL for RSA private keys.
++ */
++static CK_OBJECT_HANDLE
++pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ int i;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 14;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIME_1, (void *)NULL, 0},
++ {CKA_PRIME_2, (void *)NULL, 0},
++ {CKA_EXPONENT_1, (void *)NULL, 0},
++ {CKA_EXPONENT_2, (void *)NULL, 0},
++ {CKA_COEFFICIENT, (void *)NULL, 0},
++ };
++
++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
++ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
++ LOCK_OBJSTORE(OP_RSA);
++ goto set;
++ }
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(rsa->n, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(rsa->e, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(rsa->d, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0 ||
++ init_template_value(rsa->p, &a_key_template[9].pValue,
++ &a_key_template[9].ulValueLen) == 0 ||
++ init_template_value(rsa->q, &a_key_template[10].pValue,
++ &a_key_template[10].ulValueLen) == 0 ||
++ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
++ &a_key_template[11].ulValueLen) == 0 ||
++ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
++ &a_key_template[12].ulValueLen) == 0 ||
++ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
++ &a_key_template[13].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * We are getting the private key but the private 'd'
++ * component is NULL. That means this is key by reference RSA
++ * key. In that case, we can use only public components for
++ * searching for the private key handle.
++ */
++ if (rsa->d == NULL)
++ {
++ ul_key_attr_count = 8;
++ /*
++ * We will perform the search in the token, not in the existing
++ * session keys.
++ */
++ a_key_template[2].pValue = &mytrue;
++ }
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ /*
++ * We have an RSA structure with 'n'/'e' components
++ * only so we tried to find the private key in the
++ * keystore. If it was really a token key we have a
++ * problem. Note that for other key types we just
++ * create a new session key using the private
++ * components from the RSA structure.
++ */
++ if (rsa->d == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_PRIV_KEY_NOT_FOUND);
++ goto err;
++ }
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++set:
++ if (rsa_d_num != NULL)
++ {
++ /*
++ * When RSA keys by reference code is used, we never
++ * extract private components from the keystore. In
++ * that case 'd' was set to NULL and we expect the
++ * application to properly cope with that. It is
++ * documented in openssl(5). In general, if keys by
++ * reference are used we expect it to be used
++ * exclusively using the high level API and then there
++ * is no problem. If the application expects the
++ * private components to be read from the keystore
++ * then that is not a supported way of usage.
++ */
++ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ else
++ *rsa_d_num = NULL;
++ }
++
++ /*
++ * For the key by reference code, we need public components as well
++ * since 'd' component is always NULL. For that reason, we always cache
++ * 'n'/'e' components as well.
++ */
++ *rsa_n_num = BN_dup(rsa->n);
++ *rsa_e_num = BN_dup(rsa->e);
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0 &&
++ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ /*
++ * 6 to 13 entries in the key template are key components.
++ * They need to be freed upon exit or error.
++ */
++ for (i = 6; i <= 13; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making the
++ * check for cache hit stronger. Only public components of RSA
++ * key matter here so it is sufficient to compare them with values
++ * cached in PK11_SESSION structure.
++ *
++ * We must check the handle as well since with key by reference, public
++ * components 'n'/'e' are cached in private keys as well. That means we
++ * could have a cache hit in a private key when looking for a public
++ * key. That would not work, you cannot have one PKCS#11 object for
++ * both data signing and verifying.
++ */
++ if ((sp->opdata_rsa_pub != rsa) ||
++ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making
++ * the check for cache hit stronger. Comparing public exponent
++ * of RSA key with value cached in PK11_SESSION structure
++ * should be sufficient. Note that we want to compare the
++ * public component since with the keys by reference
++ * mechanism, private components are not in the RSA
++ * structure. Also, see check_new_rsa_key_pub() about why we
++ * compare the handle as well.
++ */
++ if ((sp->opdata_rsa_priv != rsa) ||
++ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_pn_num == NULL) ||
++ (sp->opdata_rsa_pe_num == NULL) ||
++ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++#ifndef OPENSSL_NO_DSA
++/* The DSA function implementation */
++/* ARGSUSED */
++static int pk11_DSA_init(DSA *dsa)
++ {
++ return (1);
++ }
++
++/* ARGSUSED */
++static int pk11_DSA_finish(DSA *dsa)
++ {
++ return (1);
++ }
++
++
++static DSA_SIG *
++pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
++ {
++ BIGNUM *r = NULL, *s = NULL;
++ int i;
++ DSA_SIG *dsa_sig = NULL;
++
++ CK_RV rv;
++ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
++ CK_MECHANISM *p_mech = &Mechanism_dsa;
++ CK_OBJECT_HANDLE h_priv_key;
++
++ /*
++ * The signature is the concatenation of r and s,
++ * each is 20 bytes long
++ */
++ unsigned char sigret[DSA_SIGNATURE_LEN];
++ unsigned long siglen = DSA_SIGNATURE_LEN;
++ unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
++
++ PK11_SESSION *sp = NULL;
++
++ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
++ goto ret;
++ }
++
++ i = BN_num_bytes(dsa->q); /* should be 20 */
++ if (dlen > i)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
++ goto ret;
++ }
++
++ if ((sp = pk11_get_session(OP_DSA)) == NULL)
++ goto ret;
++
++ (void) check_new_dsa_key_priv(sp, dsa);
++
++ h_priv_key = sp->opdata_dsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_dsa_priv_key =
++ pk11_get_private_dsa_key((DSA *)dsa,
++ &sp->opdata_dsa_priv,
++ &sp->opdata_dsa_priv_num, sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto ret;
++ }
++
++ (void) memset(sigret, 0, siglen);
++ rv = pFuncList->C_Sign(sp->session,
++ (unsigned char*) dgst, dlen, sigret,
++ (CK_ULONG_PTR) &siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
++ goto ret;
++ }
++ }
++
++
++ if ((s = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if ((r = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if ((dsa_sig = DSA_SIG_new()) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ if (BN_bin2bn(sigret, siglen2, r) == NULL ||
++ BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
++ {
++ PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto ret;
++ }
++
++ dsa_sig->r = r;
++ dsa_sig->s = s;
++
++ret:
++ if (dsa_sig == NULL)
++ {
++ if (r != NULL)
++ BN_free(r);
++ if (s != NULL)
++ BN_free(s);
++ }
++
++ pk11_return_session(sp, OP_DSA);
++ return (dsa_sig);
++ }
++
++static int
++pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig,
++ DSA *dsa)
++ {
++ int i;
++ CK_RV rv;
++ int retval = 0;
++ CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
++ CK_MECHANISM *p_mech = &Mechanism_dsa;
++ CK_OBJECT_HANDLE h_pub_key;
++
++ unsigned char sigbuf[DSA_SIGNATURE_LEN];
++ unsigned long siglen = DSA_SIGNATURE_LEN;
++ unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
++
++ PK11_SESSION *sp = NULL;
++
++ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_DSA_SIGNATURE_R);
++ goto ret;
++ }
++
++ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_DSA_SIGNATURE_S);
++ goto ret;
++ }
++
++ i = BN_num_bytes(dsa->q); /* should be 20 */
++
++ if (dlen > i)
++ {
++ PK11err(PK11_F_DSA_VERIFY,
++ PK11_R_INVALID_SIGNATURE_LENGTH);
++ goto ret;
++ }
++
++ if ((sp = pk11_get_session(OP_DSA)) == NULL)
++ goto ret;
++
++ (void) check_new_dsa_key_pub(sp, dsa);
++
++ h_pub_key = sp->opdata_dsa_pub_key;
++ if (h_pub_key == CK_INVALID_HANDLE)
++ h_pub_key = sp->opdata_dsa_pub_key =
++ pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
++ &sp->opdata_dsa_pub_num, sp->session);
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_VerifyInit(sp->session, p_mech,
++ h_pub_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
++ rv);
++ goto ret;
++ }
++
++ /*
++ * The representation of each of the two big numbers could
++ * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
++ * to act accordingly and shift if necessary.
++ */
++ (void) memset(sigbuf, 0, siglen);
++ BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
++ BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
++ BN_num_bytes(sig->s));
++
++ rv = pFuncList->C_Verify(sp->session,
++ (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
++ goto ret;
++ }
++ }
++
++ retval = 1;
++ret:
++
++ pk11_return_session(sp, OP_DSA);
++ return (retval);
++ }
++
++
++/*
++ * Create a public key object in a session from a given dsa structure.
++ * The *dsa_pub_num pointer is non-NULL for DSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
++ DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_KEY_TYPE k_type = CKK_DSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++ int i;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_PRIME, (void *)NULL, 0}, /* p */
++ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
++ {CKA_BASE, (void *)NULL, 0}, /* g */
++ {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */
++ };
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ if (init_template_value(dsa->p, &a_key_template[4].pValue,
++ &a_key_template[4].ulValueLen) == 0 ||
++ init_template_value(dsa->q, &a_key_template[5].pValue,
++ &a_key_template[5].ulValueLen) == 0 ||
++ init_template_value(dsa->g, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(dsa->pub_key, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DSA);
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (dsa_pub_num != NULL)
++ if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DSA);
++
++malloc_err:
++ for (i = 4; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given dsa structure
++ * The *dsa_priv_num pointer is non-NULL for DSA private keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
++ DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ int i;
++ CK_ULONG found;
++ CK_KEY_TYPE k_type = CKK_DSA;
++ CK_ULONG ul_key_attr_count = 9;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_PRIME, (void *)NULL, 0}, /* p */
++ {CKA_SUBPRIME, (void *)NULL, 0}, /* q */
++ {CKA_BASE, (void *)NULL, 0}, /* g */
++ {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */
++ };
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(dsa->p, &a_key_template[5].pValue,
++ &a_key_template[5].ulValueLen) == 0 ||
++ init_template_value(dsa->q, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(dsa->g, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(dsa->priv_key, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DSA);
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (dsa_priv_num != NULL)
++ if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DSA);
++
++malloc_err:
++ /*
++ * 5 to 8 entries in the key template are key components.
++ * They need to be freed apon exit or error.
++ */
++ for (i = 5; i <= 8; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa)
++ {
++ /*
++ * Provide protection against DSA structure reuse by making the
++ * check for cache hit stronger. Only public key component of DSA
++ * key matters here so it is sufficient to compare it with value
++ * cached in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dsa_pub != dsa) ||
++ (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa)
++ {
++ /*
++ * Provide protection against DSA structure reuse by making the
++ * check for cache hit stronger. Only private key component of DSA
++ * key matters here so it is sufficient to compare it with value
++ * cached in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dsa_priv != dsa) ||
++ (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++
++#ifndef OPENSSL_NO_DH
++/* The DH function implementation */
++/* ARGSUSED */
++static int pk11_DH_init(DH *dh)
++ {
++ return (1);
++ }
++
++/* ARGSUSED */
++static int pk11_DH_finish(DH *dh)
++ {
++ return (1);
++ }
++
++/*
++ * Generate DH key-pair.
++ *
++ * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
++ * and override it even if it is set. OpenSSL does not touch dh->priv_key
++ * if set and just computes dh->pub_key. It looks like PKCS#11 standard
++ * is not capable of providing this functionality. This could be a problem
++ * for applications relying on OpenSSL's semantics.
++ */
++static int pk11_DH_generate_key(DH *dh)
++ {
++ CK_ULONG i;
++ CK_RV rv, rv1;
++ int reuse_mem_len = 0, ret = 0;
++ PK11_SESSION *sp = NULL;
++ CK_BYTE_PTR reuse_mem;
++
++ CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++
++ CK_ULONG ul_pub_key_attr_count = 3;
++ CK_ATTRIBUTE pub_key_template[] =
++ {
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_PRIME, (void *)NULL, 0},
++ {CKA_BASE, (void *)NULL, 0}
++ };
++
++ CK_ULONG ul_priv_key_attr_count = 3;
++ CK_ATTRIBUTE priv_key_template[] =
++ {
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DERIVE, &mytrue, sizeof (mytrue)}
++ };
++
++ CK_ULONG pub_key_attr_result_count = 1;
++ CK_ATTRIBUTE pub_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ CK_ULONG priv_key_attr_result_count = 1;
++ CK_ATTRIBUTE priv_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
++ if (pub_key_template[1].ulValueLen > 0)
++ {
++ /*
++ * We must not increase ulValueLen by DH_BUF_RESERVE since that
++ * could cause the same rounding problem. See definition of
++ * DH_BUF_RESERVE above.
++ */
++ pub_key_template[1].pValue =
++ OPENSSL_malloc(pub_key_template[1].ulValueLen +
++ DH_BUF_RESERVE);
++ if (pub_key_template[1].pValue == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
++ }
++ else
++ goto err;
++
++ pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
++ if (pub_key_template[2].ulValueLen > 0)
++ {
++ pub_key_template[2].pValue =
++ OPENSSL_malloc(pub_key_template[2].ulValueLen +
++ DH_BUF_RESERVE);
++ if (pub_key_template[2].pValue == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
++ }
++ else
++ goto err;
++
++ /*
++ * Note: we are only using PK11_SESSION structure for getting
++ * a session handle. The objects created in this function are
++ * destroyed before return and thus not cached.
++ */
++ if ((sp = pk11_get_session(OP_DH)) == NULL)
++ goto err;
++
++ rv = pFuncList->C_GenerateKeyPair(sp->session,
++ &mechanism,
++ pub_key_template,
++ ul_pub_key_attr_count,
++ priv_key_template,
++ ul_priv_key_attr_count,
++ &h_pub_key,
++ &h_priv_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
++ goto err;
++ }
++
++ /*
++ * Reuse the larger memory allocated. We know the larger memory
++ * should be sufficient for reuse.
++ */
++ if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
++ {
++ reuse_mem = pub_key_template[1].pValue;
++ reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
++ }
++ else
++ {
++ reuse_mem = pub_key_template[2].pValue;
++ reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
++ pub_key_result, pub_key_attr_result_count);
++ rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK || rv1 != CKR_OK)
++ {
++ rv = (rv != CKR_OK) ? rv : rv1;
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 ||
++ ((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
++ goto err;
++ }
++
++ /* Reuse the memory allocated */
++ pub_key_result[0].pValue = reuse_mem;
++ pub_key_result[0].ulValueLen = reuse_mem_len;
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
++ pub_key_result, pub_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (pub_key_result[0].type == CKA_VALUE)
++ {
++ if (dh->pub_key == NULL)
++ if ((dh->pub_key = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
++ pub_key_result[0].ulValueLen, dh->pub_key);
++ if (dh->pub_key == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ }
++
++ /* Reuse the memory allocated */
++ priv_key_result[0].pValue = reuse_mem;
++ priv_key_result[0].ulValueLen = reuse_mem_len;
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ if (priv_key_result[0].type == CKA_VALUE)
++ {
++ if (dh->priv_key == NULL)
++ if ((dh->priv_key = BN_new()) == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
++ priv_key_result[0].ulValueLen, dh->priv_key);
++ if (dh->priv_key == NULL)
++ {
++ PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ }
++
++ ret = 1;
++
++err:
++
++ if (h_pub_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_GEN_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++
++ for (i = 1; i <= 2; i++)
++ {
++ if (pub_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(pub_key_template[i].pValue);
++ pub_key_template[i].pValue = NULL;
++ }
++ }
++
++ pk11_return_session(sp, OP_DH);
++ return (ret);
++ }
++
++static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
++ DH *dh)
++ {
++ unsigned int i;
++ CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
++ CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
++ CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
++ CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++
++ CK_ULONG seclen;
++ CK_ULONG ul_priv_key_attr_count = 3;
++ CK_ATTRIBUTE priv_key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (key_class)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
++ {CKA_VALUE_LEN, &seclen, sizeof (seclen)},
++ };
++
++ CK_ULONG priv_key_attr_result_count = 1;
++ CK_ATTRIBUTE priv_key_result[] =
++ {
++ {CKA_VALUE, (void *)NULL, 0}
++ };
++
++ CK_RV rv;
++ int ret = -1;
++ PK11_SESSION *sp = NULL;
++
++ if (dh->priv_key == NULL)
++ goto err;
++
++ priv_key_template[0].pValue = &key_class;
++ priv_key_template[1].pValue = &key_type;
++ seclen = BN_num_bytes(dh->p);
++
++ if ((sp = pk11_get_session(OP_DH)) == NULL)
++ goto err;
++
++ mechanism.ulParameterLen = BN_num_bytes(pub_key);
++ mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
++ if (mechanism.pParameter == NULL)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ BN_bn2bin(pub_key, mechanism.pParameter);
++
++ (void) check_new_dh_key(sp, dh);
++
++ h_key = sp->opdata_dh_key;
++ if (h_key == CK_INVALID_HANDLE)
++ h_key = sp->opdata_dh_key =
++ pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
++ &sp->opdata_dh_priv_num, sp->session);
++
++ if (h_key == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
++ goto err;
++ }
++
++ rv = pFuncList->C_DeriveKey(sp->session,
++ &mechanism,
++ h_key,
++ priv_key_template,
++ ul_priv_key_attr_count,
++ &h_derived_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
++ rv);
++ goto err;
++ }
++
++ if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
++ goto err;
++ }
++ priv_key_result[0].pValue =
++ OPENSSL_malloc(priv_key_result[0].ulValueLen);
++ if (!priv_key_result[0].pValue)
++ {
++ PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
++ priv_key_result, priv_key_attr_result_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
++ rv);
++ goto err;
++ }
++
++ /*
++ * OpenSSL allocates the output buffer 'key' which is the same
++ * length of the public key. It is long enough for the derived key
++ */
++ if (priv_key_result[0].type == CKA_VALUE)
++ {
++ /*
++ * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
++ * leading zeros from a computed shared secret. However,
++ * OpenSSL always did it so we must do the same here. The
++ * vagueness of the spec regarding leading zero bytes was
++ * finally cleared with TLS 1.1 (RFC 4346) saying that leading
++ * zeros are stripped before the computed data is used as the
++ * pre-master secret.
++ */
++ for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
++ {
++ if (((char *)priv_key_result[0].pValue)[i] != 0)
++ break;
++ }
++
++ (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
++ priv_key_result[0].ulValueLen - i);
++ ret = priv_key_result[0].ulValueLen - i;
++ }
++
++err:
++
++ if (h_derived_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DH_COMP_KEY,
++ PK11_R_DESTROYOBJECT, rv);
++ }
++ }
++ if (priv_key_result[0].pValue)
++ {
++ OPENSSL_free(priv_key_result[0].pValue);
++ priv_key_result[0].pValue = NULL;
++ }
++
++ if (mechanism.pParameter)
++ {
++ OPENSSL_free(mechanism.pParameter);
++ mechanism.pParameter = NULL;
++ }
++
++ pk11_return_session(sp, OP_DH);
++ return (ret);
++ }
++
++
++static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
++ DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE key_type = CKK_DH;
++ CK_ULONG found;
++ CK_BBOOL rollback = FALSE;
++ int i;
++
++ CK_ULONG ul_key_attr_count = 7;
++ CK_ATTRIBUTE key_template[] =
++ {
++ {CKA_CLASS, (void*) NULL, sizeof (class)},
++ {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
++ {CKA_DERIVE, &mytrue, sizeof (mytrue)},
++ {CKA_PRIVATE, &myfalse, sizeof (myfalse)},
++ {CKA_PRIME, (void *) NULL, 0},
++ {CKA_BASE, (void *) NULL, 0},
++ {CKA_VALUE, (void *) NULL, 0},
++ };
++
++ key_template[0].pValue = &class;
++ key_template[1].pValue = &key_type;
++
++ key_template[4].ulValueLen = BN_num_bytes(dh->p);
++ key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[4].ulValueLen);
++ if (key_template[4].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->p, key_template[4].pValue);
++
++ key_template[5].ulValueLen = BN_num_bytes(dh->g);
++ key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[5].ulValueLen);
++ if (key_template[5].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->g, key_template[5].pValue);
++
++ key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
++ key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)key_template[6].ulValueLen);
++ if (key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(dh->priv_key, key_template[6].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_DH);
++ rv = pFuncList->C_FindObjectsInit(session, key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
++ rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
++ rv);
++ goto err;
++ }
++ }
++
++ if (dh_priv_num != NULL)
++ if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
++ {
++ PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = dh;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_DH);
++
++malloc_err:
++ for (i = 4; i <= 6; i++)
++ {
++ if (key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(key_template[i].pValue);
++ key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ *
++ * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
++ * to CK_INVALID_HANDLE even when it fails to destroy the object.
++ */
++static int check_new_dh_key(PK11_SESSION *sp, DH *dh)
++ {
++ /*
++ * Provide protection against DH structure reuse by making the
++ * check for cache hit stronger. Private key component of DH key
++ * is unique so it is sufficient to compare it with value cached
++ * in PK11_SESSION structure.
++ */
++ if ((sp->opdata_dh != dh) ||
++ (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_dh_object(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++#endif
++
++/*
++ * Local function to simplify key template population
++ * Return 0 -- error, 1 -- no error
++ */
++static int
++init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
++ CK_ULONG *ul_value_len)
++ {
++ CK_ULONG len = 0;
++
++ /*
++ * This function can be used on non-initialized BIGNUMs. It is
++ * easier to check that here than individually in the callers.
++ */
++ if (bn != NULL)
++ len = BN_num_bytes(bn);
++
++ if (bn == NULL || len == 0)
++ return (1);
++
++ *ul_value_len = len;
++ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
++ if (*p_value == NULL)
++ return (0);
++
++ BN_bn2bin(bn, *p_value);
++
++ return (1);
++ }
++
++static void
++attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
++ {
++ if (attr->ulValueLen > 0)
++ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
++ }
++
++/*
++ * Find one object in the token. It is an error if we can not find the
++ * object or if we find more objects based on the template we got.
++ * Assume object store locked.
++ *
++ * Returns:
++ * 1 OK
++ * 0 no object or more than 1 object found
++ */
++static int
++find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
++ {
++ CK_RV rv;
++ CK_ULONG objcnt;
++
++ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_FINDOBJECTSINIT, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(s);
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
++ rv);
++ return (0);
++ }
++
++ (void) pFuncList->C_FindObjectsFinal(s);
++
++ if (objcnt > 1)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
++ return (0);
++ }
++ else if (objcnt == 0)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
++ return (0);
++ }
++ return (1);
++ }
++
++/* from uri stuff */
++
++extern char *pk11_pin;
++
++static int pk11_get_pin(void);
++
++static int
++pk11_get_pin(void)
++{
++ char *pin;
++
++ /* The getpassphrase() function is not MT safe. */
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ pin = getpassphrase("Enter PIN: ");
++ if (pin == NULL)
++ {
++ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ pk11_pin = BUF_strdup(pin);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ memset(pin, 0, strlen(pin));
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (1);
++ }
++
++/*
++ * Log in to the keystore if we are supposed to do that at all. Take care of
++ * reading and caching the PIN etc. Log in only once even when called from
++ * multiple threads.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++static int
++pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private)
++ {
++ CK_RV rv;
++
++#if 0
++ /* doesn't work on the AEP Keyper??? */
++ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_NOT_INITIALIZED);
++ return (0);
++ }
++#endif
++
++ /*
++ * If login is required or needed but the PIN has not been
++ * even initialized we can bail out right now. Note that we
++ * are supposed to always log in if we are going to access
++ * private keys. However, we may need to log in even for
++ * accessing public keys in case that the CKF_LOGIN_REQUIRED
++ * flag is set.
++ */
++ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE)) &&
++ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
++ return (0);
++ }
++
++ /*
++ * Note on locking: it is possible that more than one thread
++ * gets into pk11_get_pin() so we must deal with that. We
++ * cannot avoid it since we cannot guard fork() in there with
++ * a lock because we could end up in a dead lock in the
++ * child. Why? Remember we are in a multithreaded environment
++ * so we must lock all mutexes in the prefork function to
++ * avoid a situation in which a thread that did not call
++ * fork() held a lock, making future unlocking impossible. We
++ * lock right before C_Login().
++ */
++ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE))
++ {
++ if (*login_done == CK_FALSE)
++ {
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_PIN_NOT_PROVIDED);
++ return (0);
++ }
++ }
++
++ /*
++ * Note that what we are logging into is the keystore from
++ * pubkey_SLOTID because we work with OP_RSA session type here.
++ * That also means that we can work with only one keystore in
++ * the engine.
++ *
++ * We must make sure we do not try to login more than once.
++ * Also, see the comment above on locking strategy.
++ */
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if (*login_done == CK_FALSE)
++ {
++ if ((rv = pFuncList->C_Login(session,
++ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
++ strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++ goto err_locked;
++ }
++
++ *login_done = CK_TRUE;
++
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++ else
++ {
++ /*
++ * If token does not require login we take it as the
++ * login was done.
++ */
++ *login_done = CK_TRUE;
++ }
++
++ return (1);
++
++err_locked:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++
++/*
++ * Log in to the keystore in the child if we were logged in in the
++ * parent. There are similarities in the code with pk11_token_login()
++ * but still it is quite different so we need a separate function for
++ * this.
++ *
++ * Note that this function is called under the locked session mutex when fork is
++ * detected. That means that C_Login() will be called from the child just once.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++int
++pk11_token_relogin(CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ return (0);
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if ((rv = pFuncList->C_Login(session, CKU_USER,
++ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (1);
++ }
++
++#ifdef OPENSSL_SYS_WIN32
++char *getpassphrase(const char *prompt)
++ {
++ static char buf[128];
++ HANDLE h;
++ DWORD cc, mode;
++ int cnt;
++
++ h = GetStdHandle(STD_INPUT_HANDLE);
++ fputs(prompt, stderr);
++ fflush(stderr);
++ fflush(stdout);
++ FlushConsoleInputBuffer(h);
++ GetConsoleMode(h, &mode);
++ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
++
++ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
++ {
++ ReadFile(h, buf + cnt, 1, &cc, NULL);
++ if (buf[cnt] == '\r')
++ break;
++ fputc('*', stdout);
++ fflush(stderr);
++ fflush(stdout);
++ }
++
++ SetConsoleMode(h, mode);
++ buf[cnt] = '\0';
++ fputs("\n", stderr);
++ return buf;
++ }
++#endif /* OPENSSL_SYS_WIN32 */
++#endif /* OPENSSL_NO_HW_PK11CA */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11ca.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
+@@ -0,0 +1,32 @@
++/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
++
++#define token_lock pk11ca_token_lock
++#define find_lock pk11ca_find_lock
++#define active_list pk11ca_active_list
++#define pubkey_token_flags pk11ca_pubkey_token_flags
++#define pubkey_SLOTID pk11ca_pubkey_SLOTID
++#define ERR_pk11_error ERR_pk11ca_error
++#define PK11err_add_data PK11CAerr_add_data
++#define pk11_get_session pk11ca_get_session
++#define pk11_return_session pk11ca_return_session
++#define pk11_active_add pk11ca_active_add
++#define pk11_active_delete pk11ca_active_delete
++#define pk11_active_remove pk11ca_active_remove
++#define pk11_free_active_list pk11ca_free_active_list
++#define pk11_destroy_rsa_key_objects pk11ca_destroy_rsa_key_objects
++#define pk11_destroy_rsa_object_pub pk11ca_destroy_rsa_object_pub
++#define pk11_destroy_rsa_object_priv pk11ca_destroy_rsa_object_priv
++#define pk11_load_privkey pk11ca_load_privkey
++#define pk11_load_pubkey pk11ca_load_pubkey
++#define PK11_RSA PK11CA_RSA
++#define pk11_destroy_dsa_key_objects pk11ca_destroy_dsa_key_objects
++#define pk11_destroy_dsa_object_pub pk11ca_destroy_dsa_object_pub
++#define pk11_destroy_dsa_object_priv pk11ca_destroy_dsa_object_priv
++#define PK11_DSA PK11CA_DSA
++#define pk11_destroy_dh_key_objects pk11ca_destroy_dh_key_objects
++#define pk11_destroy_dh_object pk11ca_destroy_dh_object
++#define PK11_DH PK11CA_DH
++#define pk11_token_relogin pk11ca_token_relogin
++#define pFuncList pk11ca_pFuncList
++#define pk11_pin pk11ca_pin
++#define ENGINE_load_pk11 ENGINE_load_pk11ca
+Index: openssl/crypto/engine/hw_pk11so.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.8
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11so.c Fri Oct 4 14:05:16 2013
+@@ -0,0 +1,1775 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++/* Modified to keep only RNG and RSA Sign */
++
++#ifdef OPENSSL_NO_RSA
++#error RSA is disabled
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/md5.h>
++#include <openssl/pem.h>
++#include <openssl/rsa.h>
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++typedef int pid_t;
++#define getpid() GetCurrentProcessId()
++#define NOPTHREADS
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <signal.h>
++#include <unistd.h>
++#include <dlfcn.h>
++#endif
++
++/* Debug mutexes */
++/*#undef DEBUG_MUTEX */
++#define DEBUG_MUTEX
++
++#ifndef NOPTHREADS
++/* for pthread error check on Linuxes */
++#ifdef DEBUG_MUTEX
++#define __USE_UNIX98
++#endif
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11SO
++
++/* label for debug messages printed on stderr */
++#define PK11_DBG "PKCS#11 ENGINE DEBUG"
++/* prints a lot of debug messages on stderr about slot selection process */
++/*#undef DEBUG_SLOT_SELECTION */
++
++#ifndef OPENSSL_NO_DSA
++#define OPENSSL_NO_DSA
++#endif
++#ifndef OPENSSL_NO_DH
++#define OPENSSL_NO_DH
++#endif
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11so.h"
++#include "hw_pk11_err.c"
++
++/*
++ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
++ * uri_struct manipulation, and static token info. All of that is used by the
++ * RSA keys by reference feature.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *token_lock;
++#endif
++
++/* PKCS#11 session caches and their locks for all operation types */
++static PK11_CACHE session_cache[OP_MAX];
++
++/*
++ * We cache the flags so that we do not have to run C_GetTokenInfo() again when
++ * logging into the token.
++ */
++CK_FLAGS pubkey_token_flags;
++
++/*
++ * As stated in v2.20, 11.7 Object Management Function, in section for
++ * C_FindObjectsInit(), at most one search operation may be active at a given
++ * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
++ * grouped together to form one atomic search operation. This is already
++ * ensured by the property of unique PKCS#11 session handle used for each
++ * PK11_SESSION object.
++ *
++ * This is however not the biggest concern - maintaining consistency of the
++ * underlying object store is more important. The same section of the spec also
++ * says that one thread can be in the middle of a search operation while another
++ * thread destroys the object matching the search template which would result in
++ * invalid handle returned from the search operation.
++ *
++ * Hence, the following locks are used for both protection of the object stores.
++ * They are also used for active list protection.
++ */
++#ifndef NOPTHREADS
++pthread_mutex_t *find_lock[OP_MAX] = { NULL };
++#endif
++
++/*
++ * lists of asymmetric key handles which are active (referenced by at least one
++ * PK11_SESSION structure, either held by a thread or present in free_session
++ * list) for given algorithm type
++ */
++PK11_active *active_list[OP_MAX] = { NULL };
++
++/*
++ * Create all secret key objects in a global session so that they are available
++ * to use for other sessions. These other sessions may be opened or closed
++ * without losing the secret key objects.
++ */
++static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
++
++/* ENGINE level stuff */
++static int pk11_init(ENGINE *e);
++static int pk11_library_init(ENGINE *e);
++static int pk11_finish(ENGINE *e);
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
++static int pk11_destroy(ENGINE *e);
++
++/* RAND stuff */
++static void pk11_rand_seed(const void *buf, int num);
++static void pk11_rand_add(const void *buf, int num, double add_entropy);
++static void pk11_rand_cleanup(void);
++static int pk11_rand_bytes(unsigned char *buf, int num);
++static int pk11_rand_status(void);
++
++/* These functions are also used in other files */
++PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
++void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++
++/* active list manipulation functions used in this file */
++extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
++extern void pk11_free_active_list(PK11_OPTYPE type);
++
++int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
++int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
++int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
++
++/* Local helper functions */
++static int pk11_free_all_sessions(void);
++static int pk11_free_session_list(PK11_OPTYPE optype);
++static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
++static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent);
++static const char *get_PK11_LIBNAME(void);
++static void free_PK11_LIBNAME(void);
++static long set_PK11_LIBNAME(const char *name);
++
++static int pk11_choose_slots(int *any_slot_found);
++
++static int pk11_init_all_locks(void);
++static void pk11_free_all_locks(void);
++
++#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type, priv) \
++ { \
++ if (uselock) \
++ LOCK_OBJSTORE(alg_type); \
++ if (pk11_active_delete(obj_hdl, alg_type) == 1) \
++ { \
++ retval = pk11_destroy_object(sp->session, obj_hdl, \
++ priv ? sp->priv_persistent : sp->pub_persistent); \
++ } \
++ if (uselock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ }
++
++static CK_BBOOL pk11_have_rsa = CK_FALSE;
++static CK_BBOOL pk11_have_random = CK_FALSE;
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * The definitions for control commands specific to this engine
++ */
++#define PK11_CMD_SO_PATH ENGINE_CMD_BASE
++#define PK11_CMD_PIN (ENGINE_CMD_BASE+1)
++#define PK11_CMD_SLOT (ENGINE_CMD_BASE+2)
++static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
++ {
++ {
++ PK11_CMD_SO_PATH,
++ "SO_PATH",
++ "Specifies the path to the 'pkcs#11' shared library",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_PIN,
++ "PIN",
++ "Specifies the pin code",
++ ENGINE_CMD_FLAG_STRING
++ },
++ {
++ PK11_CMD_SLOT,
++ "SLOT",
++ "Specifies the slot (default is auto select)",
++ ENGINE_CMD_FLAG_NUMERIC,
++ },
++ {0, NULL, NULL, 0}
++ };
++
++
++static RAND_METHOD pk11_random =
++ {
++ pk11_rand_seed,
++ pk11_rand_bytes,
++ pk11_rand_cleanup,
++ pk11_rand_add,
++ pk11_rand_bytes,
++ pk11_rand_status
++ };
++
++
++/* Constants used when creating the ENGINE */
++#ifdef OPENSSL_NO_HW_PK11CA
++#error "can't load both crypto-accelerator and sign-only PKCS#11 engines"
++#endif
++static const char *engine_pk11_id = "pkcs11";
++static const char *engine_pk11_name = "PKCS #11 engine support (sign only)";
++
++CK_FUNCTION_LIST_PTR pFuncList = NULL;
++static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
++
++/*
++ * This is a static string constant for the DSO file name and the function
++ * symbol names to bind to. We set it in the Configure script based on whether
++ * this is 32 or 64 bit build.
++ */
++static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
++
++/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
++CK_SLOT_ID pubkey_SLOTID = 0;
++static CK_SLOT_ID rand_SLOTID = 0;
++static CK_SLOT_ID SLOTID = 0;
++char *pk11_pin = NULL;
++static CK_BBOOL pk11_library_initialized = FALSE;
++static CK_BBOOL pk11_atfork_initialized = FALSE;
++static int pk11_pid = 0;
++
++static DSO *pk11_dso = NULL;
++
++/* allocate and initialize all locks used by the engine itself */
++static int pk11_init_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++ pthread_mutexattr_t attr;
++
++ if (pthread_mutexattr_init(&attr) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 100);
++ return (0);
++ }
++
++#ifdef DEBUG_MUTEX
++ if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK) != 0)
++ {
++ PK11err(PK11_F_INIT_ALL_LOCKS, 101);
++ return (0);
++ }
++#endif
++
++ if ((token_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(token_lock, &attr);
++
++ find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (find_lock[OP_RSA] == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(find_lock[OP_RSA], &attr);
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ session_cache[type].lock =
++ OPENSSL_malloc(sizeof (pthread_mutex_t));
++ if (session_cache[type].lock == NULL)
++ goto malloc_err;
++ (void) pthread_mutex_init(session_cache[type].lock, &attr);
++ }
++
++ return (1);
++
++malloc_err:
++ pk11_free_all_locks();
++ PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
++ return (0);
++#else
++ return (1);
++#endif
++ }
++
++static void pk11_free_all_locks(void)
++ {
++#ifndef NOPTHREADS
++ int type;
++
++ if (token_lock != NULL)
++ {
++ (void) pthread_mutex_destroy(token_lock);
++ OPENSSL_free(token_lock);
++ token_lock = NULL;
++ }
++
++ if (find_lock[OP_RSA] != NULL)
++ {
++ (void) pthread_mutex_destroy(find_lock[OP_RSA]);
++ OPENSSL_free(find_lock[OP_RSA]);
++ find_lock[OP_RSA] = NULL;
++ }
++
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (session_cache[type].lock != NULL)
++ {
++ (void) pthread_mutex_destroy(session_cache[type].lock);
++ OPENSSL_free(session_cache[type].lock);
++ session_cache[type].lock = NULL;
++ }
++ }
++#endif
++ }
++
++/*
++ * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
++ */
++static int bind_pk11(ENGINE *e)
++ {
++ if (!pk11_library_initialized)
++ if (!pk11_library_init(e))
++ return (0);
++
++ if (!ENGINE_set_id(e, engine_pk11_id) ||
++ !ENGINE_set_name(e, engine_pk11_name))
++ return (0);
++
++ if (pk11_have_rsa == CK_TRUE)
++ {
++ if (!ENGINE_set_RSA(e, PK11_RSA()) ||
++ !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
++ !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++
++ if (pk11_have_random)
++ {
++ if (!ENGINE_set_RAND(e, &pk11_random))
++ return (0);
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: registered random\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ }
++ if (!ENGINE_set_init_function(e, pk11_init) ||
++ !ENGINE_set_destroy_function(e, pk11_destroy) ||
++ !ENGINE_set_finish_function(e, pk11_finish) ||
++ !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
++ !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
++ return (0);
++
++ /* Ensure the pk11 error handling is set up */
++ ERR_load_pk11_strings();
++
++ return (1);
++ }
++
++/* Dynamic engine support is disabled at a higher level for Solaris */
++#ifdef ENGINE_DYNAMIC_SUPPORT
++#error "dynamic engine not supported"
++static int bind_helper(ENGINE *e, const char *id)
++ {
++ if (id && (strcmp(id, engine_pk11_id) != 0))
++ return (0);
++
++ if (!bind_pk11(e))
++ return (0);
++
++ return (1);
++ }
++
++IMPLEMENT_DYNAMIC_CHECK_FN()
++IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
++
++#else
++static ENGINE *engine_pk11(void)
++ {
++ ENGINE *ret = ENGINE_new();
++
++ if (!ret)
++ return (NULL);
++
++ if (!bind_pk11(ret))
++ {
++ ENGINE_free(ret);
++ return (NULL);
++ }
++
++ return (ret);
++ }
++
++void
++ENGINE_load_pk11(void)
++ {
++ ENGINE *e_pk11 = NULL;
++
++ /*
++ * Do not use dynamic PKCS#11 library on Solaris due to
++ * security reasons. We will link it in statically.
++ */
++ /* Attempt to load PKCS#11 library */
++ if (!pk11_dso)
++ pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
++ return;
++ }
++
++ e_pk11 = engine_pk11();
++ if (!e_pk11)
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ return;
++ }
++
++ /*
++ * At this point, the pk11 shared library is either dynamically
++ * loaded or statically linked in. So, initialize the pk11
++ * library before calling ENGINE_set_default since the latter
++ * needs cipher and digest algorithm information
++ */
++ if (!pk11_library_init(e_pk11))
++ {
++ DSO_free(pk11_dso);
++ pk11_dso = NULL;
++ ENGINE_free(e_pk11);
++ return;
++ }
++
++ ENGINE_add(e_pk11);
++
++ ENGINE_free(e_pk11);
++ ERR_clear_error();
++ }
++#endif /* ENGINE_DYNAMIC_SUPPORT */
++
++/*
++ * These are the static string constants for the DSO file name and
++ * the function symbol names to bind to.
++ */
++static const char *PK11_LIBNAME = NULL;
++
++static const char *get_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ return (PK11_LIBNAME);
++
++ return (def_PK11_LIBNAME);
++ }
++
++static void free_PK11_LIBNAME(void)
++ {
++ if (PK11_LIBNAME)
++ OPENSSL_free((void*)PK11_LIBNAME);
++
++ PK11_LIBNAME = NULL;
++ }
++
++static long set_PK11_LIBNAME(const char *name)
++ {
++ free_PK11_LIBNAME();
++
++ return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
++ }
++
++/* acquire all engine specific mutexes before fork */
++static void pk11_fork_prepare(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ LOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++ for (i = 0; i < OP_MAX; i++)
++ {
++ OPENSSL_assert(pthread_mutex_lock(session_cache[i].lock) == 0);
++ }
++#endif
++ }
++
++/* release all engine specific mutexes */
++static void pk11_fork_parent(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/*
++ * same situation as in parent - we need to unlock all locks to make them
++ * accessible to all threads.
++ */
++static void pk11_fork_child(void)
++ {
++#ifndef NOPTHREADS
++ int i;
++
++ if (!pk11_library_initialized)
++ return;
++
++ for (i = OP_MAX - 1; i >= 0; i--)
++ {
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[i].lock) == 0);
++ }
++ UNLOCK_OBJSTORE(OP_RSA);
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#endif
++ }
++
++/* Initialization function for the pk11 engine */
++static int pk11_init(ENGINE *e)
++{
++ return (pk11_library_init(e));
++}
++
++static CK_C_INITIALIZE_ARGS pk11_init_args =
++ {
++ NULL_PTR, /* CreateMutex */
++ NULL_PTR, /* DestroyMutex */
++ NULL_PTR, /* LockMutex */
++ NULL_PTR, /* UnlockMutex */
++ CKF_OS_LOCKING_OK, /* flags */
++ NULL_PTR, /* pReserved */
++ };
++
++/*
++ * Initialization function. Sets up various PKCS#11 library components.
++ * It selects a slot based on predefined critiera. In the process, it also
++ * count how many ciphers and digests to support. Since the cipher and
++ * digest information is needed when setting default engine, this function
++ * needs to be called before calling ENGINE_set_default.
++ */
++/* ARGSUSED */
++static int pk11_library_init(ENGINE *e)
++ {
++ CK_C_GetFunctionList p;
++ CK_RV rv = CKR_OK;
++ CK_INFO info;
++ int any_slot_found;
++ int i;
++#ifndef OPENSSL_SYS_WIN32
++ struct sigaction sigint_act, sigterm_act, sighup_act;
++#endif
++
++ /*
++ * pk11_library_initialized is set to 0 in pk11_finish() which
++ * is called from ENGINE_finish(). However, if there is still
++ * at least one existing functional reference to the engine
++ * (see engine(3) for more information), pk11_finish() is
++ * skipped. For example, this can happen if an application
++ * forgets to clear one cipher context. In case of a fork()
++ * when the application is finishing the engine so that it can
++ * be reinitialized in the child, forgotten functional
++ * reference causes pk11_library_initialized to stay 1. In
++ * that case we need the PID check so that we properly
++ * initialize the engine again.
++ */
++ if (pk11_library_initialized)
++ {
++ if (pk11_pid == getpid())
++ {
++ return (1);
++ }
++ else
++ {
++ global_session = CK_INVALID_HANDLE;
++ /*
++ * free the locks first to prevent memory leak in case
++ * the application calls fork() without finishing the
++ * engine first.
++ */
++ pk11_free_all_locks();
++ }
++ }
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the C_GetFunctionList function from the loaded library */
++ p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
++ PK11_GET_FUNCTION_LIST);
++ if (!p)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++
++ /* get the full function list from the loaded library */
++ rv = p(&pFuncList);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
++ goto err;
++ }
++
++#ifndef OPENSSL_SYS_WIN32
++ /* Not all PKCS#11 library are signal safe! */
++
++ (void) memset(&sigint_act, 0, sizeof(sigint_act));
++ (void) memset(&sigterm_act, 0, sizeof(sigterm_act));
++ (void) memset(&sighup_act, 0, sizeof(sighup_act));
++ (void) sigaction(SIGINT, NULL, &sigint_act);
++ (void) sigaction(SIGTERM, NULL, &sigterm_act);
++ (void) sigaction(SIGHUP, NULL, &sighup_act);
++#endif
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++#ifndef OPENSSL_SYS_WIN32
++ (void) sigaction(SIGINT, &sigint_act, NULL);
++ (void) sigaction(SIGTERM, &sigterm_act, NULL);
++ (void) sigaction(SIGHUP, &sighup_act, NULL);
++#endif
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_GetInfo(&info);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
++ goto err;
++ }
++
++ if (pk11_choose_slots(&any_slot_found) == 0)
++ goto err;
++
++ /*
++ * The library we use, set in def_PK11_LIBNAME, may not offer any
++ * slot(s). In that case, we must not proceed but we must not return an
++ * error. The reason is that applications that try to set up the PKCS#11
++ * engine don't exit on error during the engine initialization just
++ * because no slot was present.
++ */
++ if (any_slot_found == 0)
++ return (1);
++
++ if (global_session == CK_INVALID_HANDLE)
++ {
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_LIBRARY_INIT,
++ PK11_R_OPENSESSION, rv);
++ goto err;
++ }
++ }
++
++ pk11_library_initialized = TRUE;
++ pk11_pid = getpid();
++ /*
++ * if initialization of the locks fails pk11_init_all_locks()
++ * will do the cleanup.
++ */
++ if (!pk11_init_all_locks())
++ goto err;
++ for (i = 0; i < OP_MAX; i++)
++ session_cache[i].head = NULL;
++ /*
++ * initialize active lists. We only use active lists
++ * for asymmetric ciphers.
++ */
++ for (i = 0; i < OP_MAX; i++)
++ active_list[i] = NULL;
++
++#ifndef NOPTHREADS
++ if (!pk11_atfork_initialized)
++ {
++ if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
++ pk11_fork_child) != 0)
++ {
++ PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
++ goto err;
++ }
++ pk11_atfork_initialized = TRUE;
++ }
++#endif
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Destructor (complements the "ENGINE_pk11()" constructor) */
++/* ARGSUSED */
++static int pk11_destroy(ENGINE *e)
++ {
++ free_PK11_LIBNAME();
++ ERR_unload_pk11_strings();
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++ return (1);
++ }
++
++/*
++ * Termination function to clean up the session, the token, and the pk11
++ * library.
++ */
++/* ARGSUSED */
++static int pk11_finish(ENGINE *e)
++ {
++ int i;
++
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (pk11_dso == NULL)
++ {
++ PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
++ goto err;
++ }
++
++ OPENSSL_assert(pFuncList != NULL);
++
++ if (pk11_free_all_sessions() == 0)
++ goto err;
++
++ /* free all active lists */
++ for (i = 0; i < OP_MAX; i++)
++ pk11_free_active_list(i);
++
++ pFuncList->C_CloseSession(global_session);
++ global_session = CK_INVALID_HANDLE;
++
++ /*
++ * Since we are part of a library (libcrypto.so), calling this function
++ * may have side-effects.
++ */
++#if 0
++ pFuncList->C_Finalize(NULL);
++#endif
++
++ if (!DSO_free(pk11_dso))
++ {
++ PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
++ goto err;
++ }
++ pk11_dso = NULL;
++ pFuncList = NULL;
++ pk11_library_initialized = FALSE;
++ pk11_pid = 0;
++ /*
++ * There is no way how to unregister atfork handlers (other than
++ * unloading the library) so we just free the locks. For this reason
++ * the atfork handlers check if the engine is initialized and bail out
++ * immediately if not. This is necessary in case a process finishes
++ * the engine before calling fork().
++ */
++ pk11_free_all_locks();
++
++ return (1);
++
++err:
++ return (0);
++ }
++
++/* Standard engine interface function to set the dynamic library path */
++/* ARGSUSED */
++static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
++ {
++ int initialized = ((pk11_dso == NULL) ? 0 : 1);
++
++ switch (cmd)
++ {
++ case PK11_CMD_SO_PATH:
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ if (initialized)
++ {
++ PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
++ return (0);
++ }
++
++ return (set_PK11_LIBNAME((const char *)p));
++ case PK11_CMD_PIN:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++
++ if (p == NULL)
++ {
++ PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
++ return (0);
++ }
++
++ pk11_pin = BUF_strdup(p);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++ return (1);
++ case PK11_CMD_SLOT:
++ SLOTID = (CK_SLOT_ID)i;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: slot set\n", PK11_DBG);
++#endif
++ return (1);
++ default:
++ break;
++ }
++
++ PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
++
++ return (0);
++ }
++
++
++/* Required function by the engine random interface. It does nothing here */
++static void pk11_rand_cleanup(void)
++ {
++ return;
++ }
++
++/* ARGSUSED */
++static void pk11_rand_add(const void *buf, int num, double add)
++ {
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return;
++
++ /*
++ * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
++ * the calling functions do not care anyway
++ */
++ pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
++ pk11_return_session(sp, OP_RAND);
++
++ return;
++ }
++
++static void pk11_rand_seed(const void *buf, int num)
++ {
++ pk11_rand_add(buf, num, 0);
++ }
++
++static int pk11_rand_bytes(unsigned char *buf, int num)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp;
++
++ if ((sp = pk11_get_session(OP_RAND)) == NULL)
++ return (0);
++
++ rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
++ pk11_return_session(sp, OP_RAND);
++ return (0);
++ }
++
++ pk11_return_session(sp, OP_RAND);
++ return (1);
++ }
++
++/* Required function by the engine random interface. It does nothing here */
++static int pk11_rand_status(void)
++ {
++ return (1);
++ }
++
++/* Free all BIGNUM structures from PK11_SESSION. */
++static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ switch (optype)
++ {
++ case OP_RSA:
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++ break;
++ default:
++ break;
++ }
++ }
++
++/*
++ * Get new PK11_SESSION structure ready for use. Every process must have
++ * its own freelist of PK11_SESSION structures so handle fork() here
++ * by destroying the old and creating new freelist.
++ * The returned PK11_SESSION structure is disconnected from the freelist.
++ */
++PK11_SESSION *
++pk11_get_session(PK11_OPTYPE optype)
++ {
++ PK11_SESSION *sp = NULL, *sp1, *freelist;
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock = NULL;
++#endif
++ static pid_t pid = 0;
++ pid_t new_pid;
++ CK_RV rv;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (NULL);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ /*
++ * Will use it to find out if we forked. We cannot use the PID field in
++ * the session structure because we could get a newly allocated session
++ * here, with no PID information.
++ */
++ if (pid == 0)
++ pid = getpid();
++
++ freelist = session_cache[optype].head;
++ sp = freelist;
++
++ /*
++ * If the free list is empty, allocate new unitialized (filled
++ * with zeroes) PK11_SESSION structure otherwise return first
++ * structure from the freelist.
++ */
++ if (sp == NULL)
++ {
++ if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
++ {
++ PK11err(PK11_F_GET_SESSION,
++ PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ (void) memset(sp, 0, sizeof (PK11_SESSION));
++
++ /*
++ * It is a new session so it will look like a cache miss to the
++ * code below. So, we must not try to to destroy its members so
++ * mark them as unused.
++ */
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ }
++ else
++ {
++ freelist = sp->next;
++ }
++
++ /*
++ * Check whether we have forked. In that case, we must get rid of all
++ * inherited sessions and start allocating new ones.
++ */
++ if (pid != (new_pid = getpid()))
++ {
++ pid = new_pid;
++
++ /*
++ * We are a new process and thus need to free any inherited
++ * PK11_SESSION objects aside from the first session (sp) which
++ * is the only PK11_SESSION structure we will reuse (for the
++ * head of the list).
++ */
++ while ((sp1 = freelist) != NULL)
++ {
++ freelist = sp1->next;
++ /*
++ * NOTE: we do not want to call pk11_free_all_sessions()
++ * here because it would close underlying PKCS#11
++ * sessions and destroy all objects.
++ */
++ pk11_free_nums(sp1, optype);
++ OPENSSL_free(sp1);
++ }
++
++ /* we have to free the active list as well. */
++ pk11_free_active_list(optype);
++
++ /* Initialize the process */
++ rv = pFuncList->C_Initialize((CK_VOID_PTR)&pk11_init_args);
++ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * Choose slot here since the slot table is different on this
++ * process. If we are here then we must have found at least one
++ * usable slot before so we don't need to check any_slot_found.
++ * See pk11_library_init()'s usage of this function for more
++ * information.
++ */
++ if (pk11_choose_slots(NULL) == 0)
++ goto err;
++
++ /* Open the global_session for the new process */
++ rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &global_session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
++ rv);
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++
++ /*
++ * It is an inherited session from our parent so it needs
++ * re-initialization.
++ */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ goto err;
++ }
++ if (pk11_token_relogin(sp->session) == 0)
++ {
++ /*
++ * We will keep the session in the cache list and let
++ * the caller cope with the situation.
++ */
++ freelist = sp;
++ sp = NULL;
++ goto err;
++ }
++ }
++
++ if (sp->pid == 0)
++ {
++ /* It is a new session and needs initialization. */
++ if (pk11_setup_session(sp, optype) == 0)
++ {
++ OPENSSL_free(sp);
++ sp = NULL;
++ }
++ }
++
++ /* set new head for the list of PK11_SESSION objects */
++ session_cache[optype].head = freelist;
++
++err:
++ if (sp != NULL)
++ sp->next = NULL;
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (sp);
++ }
++
++
++void
++pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ PK11_SESSION *freelist;
++
++ /*
++ * If this is a session from the parent it will be taken care of and
++ * freed in pk11_get_session() as part of the post-fork clean up the
++ * next time we will ask for a new session.
++ */
++ if (sp == NULL || sp->pid != getpid())
++ return;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_RETURN_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return;
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ sp->next = freelist;
++ session_cache[optype].head = sp;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++
++
++/* Destroy all objects. This function is called when the engine is finished */
++static int pk11_free_all_sessions()
++ {
++ int ret = 1;
++ int type;
++
++ (void) pk11_destroy_rsa_key_objects(NULL);
++
++ /*
++ * We try to release as much as we can but any error means that we will
++ * return 0 on exit.
++ */
++ for (type = 0; type < OP_MAX; type++)
++ {
++ if (pk11_free_session_list(type) == 0)
++ ret = 0;
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy session structures from the linked list specified. Free as many
++ * sessions as possible but any failure in C_CloseSession() means that we
++ * return an error on return.
++ */
++static int pk11_free_session_list(PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *freelist = NULL;
++ pid_t mypid = getpid();
++#ifndef NOPTHREADS
++ pthread_mutex_t *freelist_lock;
++#endif
++ int ret = 1;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ case OP_DSA:
++ case OP_DH:
++ case OP_RAND:
++ case OP_DIGEST:
++ case OP_CIPHER:
++#ifndef NOPTHREADS
++ freelist_lock = session_cache[optype].lock;
++#endif
++ break;
++ default:
++ PK11err(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(freelist_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ freelist = session_cache[optype].head;
++ while ((sp = freelist) != NULL)
++ {
++ if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
++ {
++ rv = pFuncList->C_CloseSession(sp->session);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
++ PK11_R_CLOSESESSION, rv);
++ ret = 0;
++ }
++ }
++ freelist = sp->next;
++ pk11_free_nums(sp, optype);
++ OPENSSL_free(sp);
++ }
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(freelist_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (ret);
++ }
++
++
++static int
++pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
++ {
++ CK_RV rv;
++ CK_SLOT_ID myslot;
++
++ switch (optype)
++ {
++ case OP_RSA:
++ myslot = pubkey_SLOTID;
++ break;
++ case OP_RAND:
++ myslot = rand_SLOTID;
++ break;
++ default:
++ PK11err(PK11_F_SETUP_SESSION,
++ PK11_R_INVALID_OPERATION_TYPE);
++ return (0);
++ }
++
++ sp->session = CK_INVALID_HANDLE;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
++ {
++ /*
++ * We are probably a child process so force the
++ * reinitialize of the session
++ */
++ pk11_library_initialized = FALSE;
++ if (!pk11_library_init(NULL))
++ return (0);
++ rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
++ NULL_PTR, NULL_PTR, &sp->session);
++ }
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
++ return (0);
++ }
++
++ sp->pid = getpid();
++
++ if (optype == OP_RSA)
++ {
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ sp->opdata_rsa_n_num = NULL;
++ sp->opdata_rsa_e_num = NULL;
++ sp->opdata_rsa_priv = NULL;
++ sp->opdata_rsa_pn_num = NULL;
++ sp->opdata_rsa_pe_num = NULL;
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * We always initialize the session as containing a non-persistent
++ * object. The key load functions set it to persistent if that is so.
++ */
++ sp->pub_persistent = CK_FALSE;
++ sp->priv_persistent = CK_FALSE;
++ return (1);
++ }
++
++/* Destroy RSA public key from single session. */
++int
++pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key,
++ ret, uselock, OP_RSA, CK_FALSE);
++ sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_pub = NULL;
++ if (sp->opdata_rsa_n_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_n_num);
++ sp->opdata_rsa_n_num = NULL;
++ }
++ if (sp->opdata_rsa_e_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_e_num);
++ sp->opdata_rsa_e_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/* Destroy RSA private key from single session. */
++int
++pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
++ {
++ int ret = 0;
++
++ if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
++ {
++ TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key,
++ ret, uselock, OP_RSA, CK_TRUE);
++ sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
++ sp->opdata_rsa_priv = NULL;
++ if (sp->opdata_rsa_d_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_d_num);
++ sp->opdata_rsa_d_num = NULL;
++ }
++
++ /*
++ * For the RSA key by reference code, public components 'n'/'e'
++ * are the key components we use to check for the cache hit. We
++ * must free those as well.
++ */
++ if (sp->opdata_rsa_pn_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pn_num);
++ sp->opdata_rsa_pn_num = NULL;
++ }
++ if (sp->opdata_rsa_pe_num != NULL)
++ {
++ BN_free(sp->opdata_rsa_pe_num);
++ sp->opdata_rsa_pe_num = NULL;
++ }
++ }
++
++ return (ret);
++ }
++
++/*
++ * Destroy RSA key object wrapper. If session is NULL, try to destroy all
++ * objects in the free list.
++ */
++int
++pk11_destroy_rsa_key_objects(PK11_SESSION *session)
++ {
++ int ret = 1;
++ PK11_SESSION *sp = NULL;
++ PK11_SESSION *local_free_session;
++ CK_BBOOL uselock = TRUE;
++
++ if (session != NULL)
++ local_free_session = session;
++ else
++ {
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(session_cache[OP_RSA].lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ local_free_session = session_cache[OP_RSA].head;
++ uselock = FALSE;
++ }
++
++ /*
++ * go through the list of sessions and delete key objects
++ */
++ while ((sp = local_free_session) != NULL)
++ {
++ local_free_session = sp->next;
++
++ /*
++ * Do not terminate list traversal if one of the
++ * destroy operations fails.
++ */
++ if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
++ {
++ ret = 0;
++ continue;
++ }
++ }
++
++#ifndef NOPTHREADS
++ if (session == NULL)
++ OPENSSL_assert(pthread_mutex_unlock(session_cache[OP_RSA].lock) == 0);
++#else
++ if (session == NULL)
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (ret);
++ }
++
++static int
++pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh,
++ CK_BBOOL persistent)
++ {
++ CK_RV rv;
++
++ /*
++ * We never try to destroy persistent objects which are the objects
++ * stored in the keystore. Also, we always use read-only sessions so
++ * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
++ */
++ if (persistent == CK_TRUE)
++ return (1);
++
++ rv = pFuncList->C_DestroyObject(session, oh);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
++ rv);
++ return (0);
++ }
++
++ return (1);
++ }
++
++
++/*
++ * Public key mechanisms optionally supported
++ *
++ * CKM_RSA_PKCS
++ *
++ * The first slot that supports at least one of those mechanisms is chosen as a
++ * public key slot.
++ *
++ * The output of this function is a set of global variables indicating which
++ * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
++ * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
++ * variables carry information about which slot was chosen for (a) public key
++ * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
++ */
++static int
++pk11_choose_slots(int *any_slot_found)
++ {
++ CK_SLOT_ID_PTR pSlotList = NULL_PTR;
++ CK_ULONG ulSlotCount = 0;
++ CK_MECHANISM_INFO mech_info;
++ CK_TOKEN_INFO token_info;
++ unsigned int i;
++ CK_RV rv;
++ CK_SLOT_ID best_slot_sofar = 0;
++ CK_BBOOL found_candidate_slot = CK_FALSE;
++ CK_SLOT_ID current_slot = 0;
++
++ /* let's initialize the output parameter */
++ if (any_slot_found != NULL)
++ *any_slot_found = 0;
++
++ /* Get slot list for memory allocation */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ return (0);
++ }
++
++ /* it's not an error if we didn't find any providers */
++ if (ulSlotCount == 0)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ return (1);
++ }
++
++ pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
++
++ if (pSlotList == NULL)
++ {
++ PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
++ return (0);
++ }
++
++ /* Get the slot list for processing */
++ rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
++ OPENSSL_free(pSlotList);
++ return (0);
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
++ fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
++
++ fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ /* Check if slot has random support. */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (token_info.flags & CKF_RNG)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++ pk11_have_random = CK_TRUE;
++ rand_SLOTID = current_slot;
++ break;
++ }
++ }
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ pubkey_SLOTID = pSlotList[0];
++ for (i = 0; i < ulSlotCount; i++)
++ {
++ CK_BBOOL slot_has_rsa = CK_FALSE;
++ current_slot = pSlotList[i];
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
++#endif /* DEBUG_SLOT_SELECTION */
++ rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
++ if (rv != CKR_OK)
++ continue;
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ /*
++ * Check if this slot is capable of signing with CKM_RSA_PKCS.
++ */
++ rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
++ &mech_info);
++
++ if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN)))
++ {
++ slot_has_rsa = CK_TRUE;
++ }
++
++ if (!found_candidate_slot && slot_has_rsa)
++ {
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: potential slot: %d\n", PK11_DBG, current_slot);
++#endif /* DEBUG_SLOT_SELECTION */
++ best_slot_sofar = current_slot;
++ pk11_have_rsa = slot_has_rsa;
++ found_candidate_slot = CK_TRUE;
++ /*
++ * Cache the flags for later use. We might
++ * need those if RSA keys by reference feature
++ * is used.
++ */
++ pubkey_token_flags = token_info.flags;
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: setting found_candidate_slot to CK_TRUE\n",
++ PK11_DBG);
++ fprintf(stderr,
++ "%s: best so far slot: %d\n", PK11_DBG,
++ best_slot_sofar);
++ fprintf(stderr, "%s: pubkey flags changed to "
++ "%lu.\n", PK11_DBG, pubkey_token_flags);
++ }
++ else
++ {
++ fprintf(stderr,
++ "%s: no rsa\n", PK11_DBG);
++ }
++#else
++ } /* if */
++#endif /* DEBUG_SLOT_SELECTION */
++ } /* for */
++
++ if (found_candidate_slot == CK_TRUE)
++ {
++ pubkey_SLOTID = best_slot_sofar;
++ }
++
++ /*SLOTID = pSlotList[0];*/
++
++#ifdef DEBUG_SLOT_SELECTION
++ fprintf(stderr,
++ "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
++ fprintf(stderr,
++ "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
++ fprintf(stderr,
++ "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
++ fprintf(stderr,
++ "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
++#endif /* DEBUG_SLOT_SELECTION */
++
++ if (pSlotList != NULL)
++ OPENSSL_free(pSlotList);
++
++ if (any_slot_found != NULL)
++ *any_slot_found = 1;
++ return (1);
++ }
++
++#endif /* OPENSSL_NO_HW_PK11SO */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/hw_pk11so.h
+diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
+@@ -0,0 +1,32 @@
++/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
++
++#define token_lock pk11so_token_lock
++#define find_lock pk11so_find_lock
++#define active_list pk11so_active_list
++#define pubkey_token_flags pk11so_pubkey_token_flags
++#define pubkey_SLOTID pk11so_pubkey_SLOTID
++#define ERR_pk11_error ERR_pk11so_error
++#define PK11err_add_data PK11SOerr_add_data
++#define pk11_get_session pk11so_get_session
++#define pk11_return_session pk11so_return_session
++#define pk11_active_add pk11so_active_add
++#define pk11_active_delete pk11so_active_delete
++#define pk11_active_remove pk11so_active_remove
++#define pk11_free_active_list pk11so_free_active_list
++#define pk11_destroy_rsa_key_objects pk11so_destroy_rsa_key_objects
++#define pk11_destroy_rsa_object_pub pk11so_destroy_rsa_object_pub
++#define pk11_destroy_rsa_object_priv pk11so_destroy_rsa_object_priv
++#define pk11_load_privkey pk11so_load_privkey
++#define pk11_load_pubkey pk11so_load_pubkey
++#define PK11_RSA PK11SO_RSA
++#define pk11_destroy_dsa_key_objects pk11so_destroy_dsa_key_objects
++#define pk11_destroy_dsa_object_pub pk11so_destroy_dsa_object_pub
++#define pk11_destroy_dsa_object_priv pk11so_destroy_dsa_object_priv
++#define PK11_DSA PK11SO_DSA
++#define pk11_destroy_dh_key_objects pk11so_destroy_dh_key_objects
++#define pk11_destroy_dh_object pk11so_destroy_dh_object
++#define PK11_DH PK11SO_DH
++#define pk11_token_relogin pk11so_token_relogin
++#define pFuncList pk11so_pFuncList
++#define pk11_pin pk11so_pin
++#define ENGINE_load_pk11 ENGINE_load_pk11so
+Index: openssl/crypto/engine/hw_pk11so_pub.c
+diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.10
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/hw_pk11so_pub.c Fri Oct 4 14:05:38 2013
+@@ -0,0 +1,1642 @@
++/*
++ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
++ * Use is subject to license terms.
++ */
++
++/* crypto/engine/hw_pk11_pub.c */
++/*
++ * This product includes software developed by the OpenSSL Project for
++ * use in the OpenSSL Toolkit (http://www.openssl.org/).
++ *
++ * This project also referenced hw_pkcs11-0.9.7b.patch written by
++ * Afchine Madjlessi.
++ */
++/*
++ * ====================================================================
++ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++/* Modified to keep only RNG and RSA Sign */
++
++#ifdef OPENSSL_NO_RSA
++#error RSA is disabled
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++
++#include <openssl/e_os2.h>
++#include <openssl/crypto.h>
++#include <cryptlib.h>
++#include <openssl/engine.h>
++#include <openssl/dso.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/pem.h>
++#include <openssl/rsa.h>
++#include <openssl/rand.h>
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++
++#ifdef OPENSSL_SYS_WIN32
++#define NOPTHREADS
++typedef int pid_t;
++#define HAVE_GETPASSPHRASE
++static char *getpassphrase(const char *prompt);
++#ifndef NULL_PTR
++#define NULL_PTR NULL
++#endif
++#define CK_DEFINE_FUNCTION(returnType, name) \
++ returnType __declspec(dllexport) name
++#define CK_DECLARE_FUNCTION(returnType, name) \
++ returnType __declspec(dllimport) name
++#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ returnType __declspec(dllimport) (* name)
++#else
++#include <unistd.h>
++#endif
++
++#ifndef NOPTHREADS
++#include <pthread.h>
++#endif
++
++#ifndef OPENSSL_NO_HW
++#ifndef OPENSSL_NO_HW_PK11
++#ifndef OPENSSL_NO_HW_PK11SO
++
++#ifdef OPENSSL_SYS_WIN32
++#pragma pack(push, cryptoki, 1)
++#include "cryptoki.h"
++#include "pkcs11.h"
++#pragma pack(pop, cryptoki)
++#else
++#include "cryptoki.h"
++#include "pkcs11.h"
++#endif
++#include "hw_pk11so.h"
++#include "hw_pk11_err.h"
++
++static CK_BBOOL pk11_login_done = CK_FALSE;
++extern CK_SLOT_ID pubkey_SLOTID;
++#ifndef NOPTHREADS
++extern pthread_mutex_t *token_lock;
++#endif
++
++#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
++#define getpassphrase(x) getpass(x)
++#endif
++
++/* RSA stuff */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
++EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data);
++
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session);
++static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
++ BIGNUM **rsa_d_num, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session);
++
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa);
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa);
++
++static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey);
++static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue,
++ CK_ULONG *ulValueLen);
++static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn);
++
++static int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private);
++
++/* Read mode string to be used for fopen() */
++#if SOLARIS_OPENSSL
++static char *read_mode_flags = "rF";
++#else
++static char *read_mode_flags = "r";
++#endif
++
++/*
++ * increment/create reference for an asymmetric key handle via active list
++ * manipulation. If active list operation fails, unlock (if locked), set error
++ * variable and jump to the specified label.
++ */
++#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
++ { \
++ if (pk11_active_add(key_handle, alg_type) < 0) \
++ { \
++ var = TRUE; \
++ if (unlock) \
++ UNLOCK_OBJSTORE(alg_type); \
++ goto label; \
++ } \
++ }
++
++/*
++ * Find active list entry according to object handle and return pointer to the
++ * entry otherwise return NULL.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ for (entry = active_list[type]; entry != NULL; entry = entry->next)
++ if (entry->h == h)
++ return (entry);
++
++ return (NULL);
++ }
++
++/*
++ * Search for an entry in the active list using PKCS#11 object handle as a
++ * search key and return refcnt of the found/created entry or -1 in case of
++ * failure.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if (h == CK_INVALID_HANDLE)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ /* search for entry in the active list */
++ if ((entry = pk11_active_find(h, type)) != NULL)
++ entry->refcnt++;
++ else
++ {
++ /* not found, create new entry and add it to the list */
++ entry = OPENSSL_malloc(sizeof (PK11_active));
++ if (entry == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
++ return (-1);
++ }
++ entry->h = h;
++ entry->refcnt = 1;
++ entry->prev = NULL;
++ entry->next = NULL;
++ /* connect the newly created entry to the list */
++ if (active_list[type] == NULL)
++ active_list[type] = entry;
++ else /* make the entry first in the list */
++ {
++ entry->next = active_list[type];
++ active_list[type]->prev = entry;
++ active_list[type] = entry;
++ }
++ }
++
++ return (entry->refcnt);
++ }
++
++/*
++ * Remove active list entry from the list and free it.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++void
++pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
++ {
++ PK11_active *prev_entry;
++
++ /* remove the entry from the list and free it */
++ if ((prev_entry = entry->prev) != NULL)
++ {
++ prev_entry->next = entry->next;
++ if (entry->next != NULL)
++ entry->next->prev = prev_entry;
++ }
++ else
++ {
++ active_list[type] = entry->next;
++ /* we were the first but not the only one */
++ if (entry->next != NULL)
++ entry->next->prev = NULL;
++ }
++
++ /* sanitization */
++ entry->h = CK_INVALID_HANDLE;
++ entry->prev = NULL;
++ entry->next = NULL;
++ OPENSSL_free(entry);
++ }
++
++/* Free all entries from the active list. */
++void
++pk11_free_active_list(PK11_OPTYPE type)
++ {
++ PK11_active *entry;
++
++ /* only for asymmetric types since only they have C_Find* locks. */
++ switch (type)
++ {
++ case OP_RSA:
++ break;
++ default:
++ return;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(type);
++ while ((entry = active_list[type]) != NULL)
++ pk11_active_remove(entry, type);
++ UNLOCK_OBJSTORE(type);
++ }
++
++/*
++ * Search for active list entry associated with given PKCS#11 object handle,
++ * decrement its refcnt and if it drops to 0, disconnect the entry and free it.
++ *
++ * Return 1 if the PKCS#11 object associated with the entry has no references,
++ * return 0 if there is at least one reference, -1 on error.
++ *
++ * This function presumes it is called with lock protecting the active list
++ * held.
++ */
++int
++pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
++ {
++ PK11_active *entry = NULL;
++
++ if ((entry = pk11_active_find(h, type)) == NULL)
++ {
++ PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
++ return (-1);
++ }
++
++ OPENSSL_assert(entry->refcnt > 0);
++ entry->refcnt--;
++ if (entry->refcnt == 0)
++ {
++ pk11_active_remove(entry, type);
++ return (1);
++ }
++
++ return (0);
++ }
++
++/* Our internal RSA_METHOD that we provide pointers to */
++static RSA_METHOD pk11_rsa;
++
++RSA_METHOD *
++PK11_RSA(void)
++ {
++ const RSA_METHOD *rsa;
++
++ if (pk11_rsa.name == NULL)
++ {
++ rsa = RSA_PKCS1_SSLeay();
++ memcpy(&pk11_rsa, rsa, sizeof(*rsa));
++ pk11_rsa.name = "PKCS#11 RSA method";
++ pk11_rsa.rsa_sign = pk11_RSA_sign;
++ }
++ return (&pk11_rsa);
++ }
++
++/* Size of an SSL signature: MD5+SHA1 */
++#define SSL_SIG_LENGTH 36
++
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
++
++/*
++ * Standard engine interface function. Majority codes here are from
++ * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
++ * See more details in rsa/rsa_sign.c
++ */
++static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
++ {
++ X509_SIG sig;
++ ASN1_TYPE parameter;
++ int i, j = 0;
++ unsigned char *p, *s = NULL;
++ X509_ALGOR algor;
++ ASN1_OCTET_STRING digest;
++ CK_RV rv;
++ CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
++ CK_MECHANISM *p_mech = &mech_rsa;
++ CK_OBJECT_HANDLE h_priv_key;
++ PK11_SESSION *sp = NULL;
++ int ret = 0;
++ unsigned long ulsiglen;
++
++ /* Encode the digest */
++ /* Special case: SSL signature, just check the length */
++ if (type == NID_md5_sha1)
++ {
++ if (m_len != SSL_SIG_LENGTH)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_INVALID_MESSAGE_LENGTH);
++ goto err;
++ }
++ i = SSL_SIG_LENGTH;
++ s = (unsigned char *)m;
++ }
++ else
++ {
++ sig.algor = &algor;
++ sig.algor->algorithm = OBJ_nid2obj(type);
++ if (sig.algor->algorithm == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ALGORITHM_TYPE);
++ goto err;
++ }
++ if (sig.algor->algorithm->length == 0)
++ {
++ PK11err(PK11_F_RSA_SIGN,
++ PK11_R_UNKNOWN_ASN1_OBJECT_ID);
++ goto err;
++ }
++ parameter.type = V_ASN1_NULL;
++ parameter.value.ptr = NULL;
++ sig.algor->parameter = ¶meter;
++
++ sig.digest = &digest;
++ sig.digest->data = (unsigned char *)m;
++ sig.digest->length = m_len;
++
++ i = i2d_X509_SIG(&sig, NULL);
++ }
++
++ j = RSA_size(rsa);
++ if ((i - RSA_PKCS1_PADDING) > j)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
++ goto err;
++ }
++
++ if (type != NID_md5_sha1)
++ {
++ s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
++ if (s == NULL)
++ {
++ PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
++ goto err;
++ }
++ p = s;
++ (void) i2d_X509_SIG(&sig, &p);
++ }
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ goto err;
++
++ (void) check_new_rsa_key_priv(sp, rsa);
++
++ h_priv_key = sp->opdata_rsa_priv_key;
++ if (h_priv_key == CK_INVALID_HANDLE)
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key((RSA *)rsa,
++ &sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num, &sp->opdata_rsa_pe_num,
++ sp->session);
++
++ if (h_priv_key != CK_INVALID_HANDLE)
++ {
++ rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
++ goto err;
++ }
++
++ ulsiglen = j;
++ rv = pFuncList->C_Sign(sp->session, s, i, sigret,
++ (CK_ULONG_PTR) &ulsiglen);
++ *siglen = ulsiglen;
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
++ goto err;
++ }
++ ret = 1;
++ }
++
++err:
++ if ((type != NID_md5_sha1) && (s != NULL))
++ {
++ (void) memset(s, 0, (unsigned int)(j + 1));
++ OPENSSL_free(s);
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (ret);
++ }
++
++static int hndidx_rsa = -1;
++
++#define MAXATTR 1024
++
++/*
++ * Load RSA private key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *privkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *privkey;
++ CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BBOOL rollback = FALSE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for private keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize the OpenSSL RSA
++ * structure with something we can use to look up the key. Note that we
++ * never ask for private components.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(privkey_file, "pkcs11:") == privkey_file)
++ {
++ search_templ[2].pValue = strstr(privkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_TRUE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ if (hndidx_rsa == -1)
++ hndidx_rsa = RSA_get_ex_new_index(0,
++ "pkcs11 RSA HSM key handle",
++ NULL, NULL, NULL);
++
++ /*
++ * We might have a cache hit which we could confirm
++ * according to the 'n'/'e' params, RSA public pointer
++ * as NULL, and non-NULL RSA private pointer. However,
++ * it is easier just to recreate everything. We expect
++ * the keys to be loaded once and used many times. We
++ * do not check the return value because even in case
++ * of failure the sp structure will have both key
++ * pointer and object handle cleaned and
++ * pk11_destroy_object() reports the failure to the
++ * OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, FALSE);
++
++ sp->opdata_rsa_priv_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->priv_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA private structure pointer. We do not
++ * use it now for key-by-ref keys but let's do it for
++ * consistency reasons.
++ */
++ if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER | RSA_FLAG_EXT_PKEY;
++ RSA_set_ex_data(rsa, hndidx_rsa, (void *) ks_key);
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PRIVKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ /*
++ * We do not use pk11_get_private_rsa_key() here so we
++ * must take care of handle management ourselves.
++ */
++ KEY_HANDLE_REFHOLD(ks_key, OP_RSA, TRUE, rollback, err);
++
++ /*
++ * Those are the sensitive components we do not want to export
++ * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp).
++ */
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++ /*
++ * Must have 'n'/'e' components in the session structure as
++ * well. They serve as a public look-up key for the private key
++ * in the keystore.
++ */
++ attr_to_BN(&get_templ[0], attr_data[0],
++ &sp->opdata_rsa_pn_num);
++ attr_to_BN(&get_templ[1], attr_data[1],
++ &sp->opdata_rsa_pe_num);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++ }
++ else if ((privkey = fopen(privkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
++ (void) fclose(privkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_priv(sp, rsa);
++ sp->priv_persistent = CK_FALSE;
++
++ h_priv_key = sp->opdata_rsa_priv_key =
++ pk11_get_private_rsa_key(rsa,
++ &sp->opdata_rsa_priv,
++ &sp->opdata_rsa_d_num,
++ &sp->opdata_rsa_pn_num,
++ &sp->opdata_rsa_pe_num, sp->session);
++ if (h_priv_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ rollback = rollback;
++ return (pkey);
++ }
++
++/*
++ * Load RSA public key from a file or get its PKCS#11 handle if stored in the
++ * PKCS#11 token.
++ */
++/* ARGSUSED */
++EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
++ UI_METHOD *ui_method, void *callback_data)
++ {
++ EVP_PKEY *pkey = NULL;
++ FILE *pubkey;
++ CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
++ RSA *rsa = NULL;
++ PK11_SESSION *sp;
++ /* Anything else below is needed for the key by reference extension. */
++ CK_RV rv;
++ CK_BBOOL is_token = TRUE;
++ CK_BYTE attr_data[2][MAXATTR];
++ CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY;
++ CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */
++
++ /* we look for public keys only */
++ CK_ATTRIBUTE search_templ[] =
++ {
++ {CKA_TOKEN, &is_token, sizeof(is_token)},
++ {CKA_CLASS, &key_class, sizeof(key_class)},
++ {CKA_LABEL, NULL, 0}
++ };
++
++ /*
++ * These public attributes are needed to initialize OpenSSL RSA
++ * structure with something we can use to look up the key.
++ */
++ CK_ATTRIBUTE get_templ[] =
++ {
++ {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */
++ {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */
++ };
++
++ if ((sp = pk11_get_session(OP_RSA)) == NULL)
++ return (NULL);
++
++ /*
++ * Use simple scheme "pkcs11:<KEY_LABEL>" for now.
++ */
++ if (strstr(pubkey_file, "pkcs11:") == pubkey_file)
++ {
++ search_templ[2].pValue = strstr(pubkey_file, ":") + 1;
++ search_templ[2].ulValueLen = strlen(search_templ[2].pValue);
++
++ if (pk11_token_login(sp->session, &pk11_login_done,
++ CK_FALSE) == 0)
++ goto err;
++
++ /* see find_lock array definition
++ for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * Now let's try to find the key in the token. It is a failure
++ * if we can't find it.
++ */
++ if (find_one_object(OP_RSA, sp->session, search_templ, 3,
++ &ks_key) == 0)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * We load a new public key so we will create a new RSA
++ * structure. No cache hit is possible.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, FALSE);
++
++ sp->opdata_rsa_pub_key = ks_key;
++ /* This object shall not be deleted on a cache miss. */
++ sp->pub_persistent = CK_TRUE;
++
++ /*
++ * Cache the RSA public structure pointer.
++ */
++ if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ goto err;
++ }
++
++ /*
++ * Now we have to initialize an OpenSSL RSA structure,
++ * everything else is 0 or NULL.
++ */
++ rsa->flags = RSA_FLAG_SIGN_VER;
++
++ if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key,
++ get_templ, 2)) != CKR_OK)
++ {
++ UNLOCK_OBJSTORE(OP_RSA);
++ PK11err_add_data(PK11_F_LOAD_PUBKEY,
++ PK11_R_GETATTRIBUTVALUE, rv);
++ goto err;
++ }
++
++ attr_to_BN(&get_templ[0], attr_data[0], &rsa->n);
++ attr_to_BN(&get_templ[1], attr_data[1], &rsa->e);
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++ if ((pkey = EVP_PKEY_new()) == NULL)
++ goto err;
++
++ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0)
++ goto err;
++
++ /*
++ * Create a session object from it so that when calling
++ * pk11_get_public_rsa_key() the next time, we can find it. The
++ * reason why we do that is that we cannot tell from the RSA
++ * structure (OpenSSL RSA structure does not have any room for
++ * additional data used by the engine, for example) if it bears
++ * a public key stored in the keystore or not so it's better if
++ * we always have a session key. Note that this is different
++ * from what we do for the private keystore objects but in that
++ * case, we can tell from the RSA structure that the keystore
++ * object is in play - the 'd' component is NULL in that case.
++ */
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
++ {
++ pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
++ (void) fclose(pubkey);
++ if (pkey != NULL)
++ {
++ rsa = EVP_PKEY_get1_RSA(pkey);
++ if (rsa != NULL)
++ {
++ /*
++ * This will always destroy the RSA
++ * object since we have a new RSA
++ * structure here.
++ */
++ (void) check_new_rsa_key_pub(sp, rsa);
++ sp->pub_persistent = CK_FALSE;
++
++ h_pub_key = sp->opdata_rsa_pub_key =
++ pk11_get_public_rsa_key(rsa,
++ &sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
++ &sp->opdata_rsa_e_num, sp->session);
++ if (h_pub_key == CK_INVALID_HANDLE)
++ goto err;
++ }
++ else
++ goto err;
++ }
++ }
++
++ pk11_return_session(sp, OP_RSA);
++ return (pkey);
++err:
++ pk11_return_session(sp, OP_RSA);
++ if (rsa != NULL)
++ RSA_free(rsa);
++ if (pkey != NULL)
++ {
++ EVP_PKEY_free(pkey);
++ pkey = NULL;
++ }
++ return (pkey);
++ }
++
++/*
++ * Create a public key object in a session from a given rsa structure.
++ * The *rsa_n_num and *rsa_e_num pointers are non-NULL for RSA public keys.
++ */
++static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA *rsa,
++ RSA **key_ptr, BIGNUM **rsa_n_num, BIGNUM **rsa_e_num,
++ CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 8;
++ CK_BBOOL rollback = FALSE;
++
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY, &mytrue, sizeof (mytrue)},
++ {CKA_VERIFY_RECOVER, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
++ };
++
++ int i;
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ a_key_template[6].ulValueLen = BN_num_bytes(rsa->n);
++ a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[6].ulValueLen);
++ if (a_key_template[6].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->n, a_key_template[6].pValue);
++
++ a_key_template[7].ulValueLen = BN_num_bytes(rsa->e);
++ a_key_template[7].pValue = (CK_VOID_PTR)OPENSSL_malloc(
++ (size_t)a_key_template[7].ulValueLen);
++ if (a_key_template[7].pValue == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ BN_bn2bin(rsa->e, a_key_template[7].pValue);
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++ if (rsa_n_num != NULL)
++ if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ if (rsa_e_num != NULL)
++ if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
++ {
++ PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ BN_free(*rsa_n_num);
++ *rsa_n_num = NULL;
++ rollback = TRUE;
++ goto err;
++ }
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ for (i = 6; i <= 7; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Create a private key object in the session from a given rsa structure.
++ * The *rsa_d_num pointer is non-NULL for RSA private keys.
++ */
++static CK_OBJECT_HANDLE
++pk11_get_private_rsa_key(RSA *rsa, RSA **key_ptr, BIGNUM **rsa_d_num,
++ BIGNUM **rsa_n_num, BIGNUM **rsa_e_num, CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++ CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
++ int i;
++ CK_ULONG found;
++ CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
++ CK_KEY_TYPE k_type = CKK_RSA;
++ CK_ULONG ul_key_attr_count = 14;
++ CK_BBOOL rollback = FALSE;
++
++ /* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
++ CK_ATTRIBUTE a_key_template[] =
++ {
++ {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
++ {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_SENSITIVE, &myfalse, sizeof (myfalse)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_SIGN, &mytrue, sizeof (mytrue)},
++ {CKA_MODULUS, (void *)NULL, 0},
++ {CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
++ {CKA_PRIME_1, (void *)NULL, 0},
++ {CKA_PRIME_2, (void *)NULL, 0},
++ {CKA_EXPONENT_1, (void *)NULL, 0},
++ {CKA_EXPONENT_2, (void *)NULL, 0},
++ {CKA_COEFFICIENT, (void *)NULL, 0},
++ };
++
++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) {
++ h_key = (CK_OBJECT_HANDLE)RSA_get_ex_data(rsa, hndidx_rsa);
++ LOCK_OBJSTORE(OP_RSA);
++ goto set;
++ }
++
++ a_key_template[0].pValue = &o_key;
++ a_key_template[1].pValue = &k_type;
++
++ /* Put the private key components into the template */
++ if (init_template_value(rsa->n, &a_key_template[6].pValue,
++ &a_key_template[6].ulValueLen) == 0 ||
++ init_template_value(rsa->e, &a_key_template[7].pValue,
++ &a_key_template[7].ulValueLen) == 0 ||
++ init_template_value(rsa->d, &a_key_template[8].pValue,
++ &a_key_template[8].ulValueLen) == 0 ||
++ init_template_value(rsa->p, &a_key_template[9].pValue,
++ &a_key_template[9].ulValueLen) == 0 ||
++ init_template_value(rsa->q, &a_key_template[10].pValue,
++ &a_key_template[10].ulValueLen) == 0 ||
++ init_template_value(rsa->dmp1, &a_key_template[11].pValue,
++ &a_key_template[11].ulValueLen) == 0 ||
++ init_template_value(rsa->dmq1, &a_key_template[12].pValue,
++ &a_key_template[12].ulValueLen) == 0 ||
++ init_template_value(rsa->iqmp, &a_key_template[13].pValue,
++ &a_key_template[13].ulValueLen) == 0)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ goto malloc_err;
++ }
++
++ /* see find_lock array definition for more info on object locking */
++ LOCK_OBJSTORE(OP_RSA);
++
++ /*
++ * We are getting the private key but the private 'd'
++ * component is NULL. That means this is key by reference RSA
++ * key. In that case, we can use only public components for
++ * searching for the private key handle.
++ */
++ if (rsa->d == NULL)
++ {
++ ul_key_attr_count = 8;
++ /*
++ * We will perform the search in the token, not in the existing
++ * session keys.
++ */
++ a_key_template[2].pValue = &mytrue;
++ }
++
++ rv = pFuncList->C_FindObjectsInit(session, a_key_template,
++ ul_key_attr_count);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSINIT, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
++
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(session);
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTS, rv);
++ goto err;
++ }
++
++ rv = pFuncList->C_FindObjectsFinal(session);
++
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_FINDOBJECTSFINAL, rv);
++ goto err;
++ }
++
++ if (found == 0)
++ {
++ /*
++ * We have an RSA structure with 'n'/'e' components
++ * only so we tried to find the private key in the
++ * keystore. If it was really a token key we have a
++ * problem. Note that for other key types we just
++ * create a new session key using the private
++ * components from the RSA structure.
++ */
++ if (rsa->d == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_PRIV_KEY_NOT_FOUND);
++ goto err;
++ }
++
++ rv = pFuncList->C_CreateObject(session,
++ a_key_template, ul_key_attr_count, &h_key);
++ if (rv != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
++ PK11_R_CREATEOBJECT, rv);
++ goto err;
++ }
++ }
++
++set:
++ if (rsa_d_num != NULL)
++ {
++ /*
++ * When RSA keys by reference code is used, we never
++ * extract private components from the keystore. In
++ * that case 'd' was set to NULL and we expect the
++ * application to properly cope with that. It is
++ * documented in openssl(5). In general, if keys by
++ * reference are used we expect it to be used
++ * exclusively using the high level API and then there
++ * is no problem. If the application expects the
++ * private components to be read from the keystore
++ * then that is not a supported way of usage.
++ */
++ if (rsa->d != NULL && (*rsa_d_num = BN_dup(rsa->d)) == NULL)
++ {
++ PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
++ rollback = TRUE;
++ goto err;
++ }
++ else
++ *rsa_d_num = NULL;
++ }
++
++ /*
++ * For the key by reference code, we need public components as well
++ * since 'd' component is always NULL. For that reason, we always cache
++ * 'n'/'e' components as well.
++ */
++ *rsa_n_num = BN_dup(rsa->n);
++ *rsa_e_num = BN_dup(rsa->e);
++
++ /* LINTED: E_CONSTANT_CONDITION */
++ KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
++ if (key_ptr != NULL)
++ *key_ptr = rsa;
++
++err:
++ if (rollback)
++ {
++ /*
++ * We do not care about the return value from C_DestroyObject()
++ * since we are doing rollback.
++ */
++ if (found == 0 &&
++ (rsa->flags & RSA_FLAG_EXT_PKEY) == 0)
++ (void) pFuncList->C_DestroyObject(session, h_key);
++ h_key = CK_INVALID_HANDLE;
++ }
++
++ UNLOCK_OBJSTORE(OP_RSA);
++
++malloc_err:
++ /*
++ * 6 to 13 entries in the key template are key components.
++ * They need to be freed upon exit or error.
++ */
++ for (i = 6; i <= 13; i++)
++ {
++ if (a_key_template[i].pValue != NULL)
++ {
++ (void) memset(a_key_template[i].pValue, 0,
++ a_key_template[i].ulValueLen);
++ OPENSSL_free(a_key_template[i].pValue);
++ a_key_template[i].pValue = NULL;
++ }
++ }
++
++ return (h_key);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making the
++ * check for cache hit stronger. Only public components of RSA
++ * key matter here so it is sufficient to compare them with values
++ * cached in PK11_SESSION structure.
++ *
++ * We must check the handle as well since with key by reference, public
++ * components 'n'/'e' are cached in private keys as well. That means we
++ * could have a cache hit in a private key when looking for a public
++ * key. That would not work, you cannot have one PKCS#11 object for
++ * both data signing and verifying.
++ */
++ if ((sp->opdata_rsa_pub != rsa) ||
++ (BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_pub(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Check for cache miss and clean the object pointer and handle
++ * in such case. Return 1 for cache hit, 0 for cache miss.
++ */
++static int check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa)
++ {
++ /*
++ * Provide protection against RSA structure reuse by making
++ * the check for cache hit stronger. Comparing public exponent
++ * of RSA key with value cached in PK11_SESSION structure
++ * should be sufficient. Note that we want to compare the
++ * public component since with the keys by reference
++ * mechanism, private components are not in the RSA
++ * structure. Also, see check_new_rsa_key_pub() about why we
++ * compare the handle as well.
++ */
++ if ((sp->opdata_rsa_priv != rsa) ||
++ (BN_cmp(sp->opdata_rsa_pn_num, rsa->n) != 0) ||
++ (BN_cmp(sp->opdata_rsa_pe_num, rsa->e) != 0) ||
++ (sp->opdata_rsa_pn_num == NULL) ||
++ (sp->opdata_rsa_pe_num == NULL) ||
++ (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE))
++ {
++ /*
++ * We do not check the return value because even in case of
++ * failure the sp structure will have both key pointer
++ * and object handle cleaned and pk11_destroy_object()
++ * reports the failure to the OpenSSL error message buffer.
++ */
++ (void) pk11_destroy_rsa_object_priv(sp, TRUE);
++ return (0);
++ }
++ return (1);
++ }
++
++/*
++ * Local function to simplify key template population
++ * Return 0 -- error, 1 -- no error
++ */
++static int
++init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value,
++ CK_ULONG *ul_value_len)
++ {
++ CK_ULONG len = 0;
++
++ /*
++ * This function can be used on non-initialized BIGNUMs. It is
++ * easier to check that here than individually in the callers.
++ */
++ if (bn != NULL)
++ len = BN_num_bytes(bn);
++
++ if (bn == NULL || len == 0)
++ return (1);
++
++ *ul_value_len = len;
++ *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len);
++ if (*p_value == NULL)
++ return (0);
++
++ BN_bn2bin(bn, *p_value);
++
++ return (1);
++ }
++
++static void
++attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn)
++ {
++ if (attr->ulValueLen > 0)
++ *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL);
++ }
++
++/*
++ * Find one object in the token. It is an error if we can not find the
++ * object or if we find more objects based on the template we got.
++ * Assume object store locked.
++ *
++ * Returns:
++ * 1 OK
++ * 0 no object or more than 1 object found
++ */
++static int
++find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s,
++ CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey)
++ {
++ CK_RV rv;
++ CK_ULONG objcnt;
++
++ if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_FINDOBJECTSINIT, rv);
++ return (0);
++ }
++
++ rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt);
++ if (rv != CKR_OK)
++ {
++ (void) pFuncList->C_FindObjectsFinal(s);
++ PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS,
++ rv);
++ return (0);
++ }
++
++ (void) pFuncList->C_FindObjectsFinal(s);
++
++ if (objcnt > 1)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT,
++ PK11_R_MORE_THAN_ONE_OBJECT_FOUND);
++ return (0);
++ }
++ else if (objcnt == 0)
++ {
++ PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND);
++ return (0);
++ }
++ return (1);
++ }
++
++/* from uri stuff */
++
++extern char *pk11_pin;
++
++static int pk11_get_pin(void);
++
++static int
++pk11_get_pin(void)
++{
++ char *pin;
++
++ /* The getpassphrase() function is not MT safe. */
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ pin = getpassphrase("Enter PIN: ");
++ if (pin == NULL)
++ {
++ PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ pk11_pin = BUF_strdup(pin);
++ if (pk11_pin == NULL)
++ {
++ PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++ memset(pin, 0, strlen(pin));
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (1);
++ }
++
++/*
++ * Log in to the keystore if we are supposed to do that at all. Take care of
++ * reading and caching the PIN etc. Log in only once even when called from
++ * multiple threads.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++static int
++pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
++ CK_BBOOL is_private)
++ {
++ CK_RV rv;
++
++#if 0
++ /* doesn't work on the AEP Keyper??? */
++ if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_NOT_INITIALIZED);
++ return (0);
++ }
++#endif
++
++ /*
++ * If login is required or needed but the PIN has not been
++ * even initialized we can bail out right now. Note that we
++ * are supposed to always log in if we are going to access
++ * private keys. However, we may need to log in even for
++ * accessing public keys in case that the CKF_LOGIN_REQUIRED
++ * flag is set.
++ */
++ if (((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE)) &&
++ (~pubkey_token_flags & CKF_USER_PIN_INITIALIZED))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
++ return (0);
++ }
++
++ /*
++ * Note on locking: it is possible that more than one thread
++ * gets into pk11_get_pin() so we must deal with that. We
++ * cannot avoid it since we cannot guard fork() in there with
++ * a lock because we could end up in a dead lock in the
++ * child. Why? Remember we are in a multithreaded environment
++ * so we must lock all mutexes in the prefork function to
++ * avoid a situation in which a thread that did not call
++ * fork() held a lock, making future unlocking impossible. We
++ * lock right before C_Login().
++ */
++ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED) ||
++ (is_private == CK_TRUE))
++ {
++ if (*login_done == CK_FALSE)
++ {
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ {
++ PK11err(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_PIN_NOT_PROVIDED);
++ return (0);
++ }
++ }
++
++ /*
++ * Note that what we are logging into is the keystore from
++ * pubkey_SLOTID because we work with OP_RSA session type here.
++ * That also means that we can work with only one keystore in
++ * the engine.
++ *
++ * We must make sure we do not try to login more than once.
++ * Also, see the comment above on locking strategy.
++ */
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if (*login_done == CK_FALSE)
++ {
++ if ((rv = pFuncList->C_Login(session,
++ CKU_USER, (CK_UTF8CHAR*)pk11_pin,
++ strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_LOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++ goto err_locked;
++ }
++
++ *login_done = CK_TRUE;
++
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ }
++ else
++ {
++ /*
++ * If token does not require login we take it as the
++ * login was done.
++ */
++ *login_done = CK_TRUE;
++ }
++
++ return (1);
++
++err_locked:
++ if (pk11_pin) {
++ memset(pk11_pin, 0, strlen(pk11_pin));
++ OPENSSL_free((void*)pk11_pin);
++ }
++ pk11_pin = NULL;
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++
++/*
++ * Log in to the keystore in the child if we were logged in in the
++ * parent. There are similarities in the code with pk11_token_login()
++ * but still it is quite different so we need a separate function for
++ * this.
++ *
++ * Note that this function is called under the locked session mutex when fork is
++ * detected. That means that C_Login() will be called from the child just once.
++ *
++ * Returns:
++ * 1 on success
++ * 0 on failure
++ */
++int
++pk11_token_relogin(CK_SESSION_HANDLE session)
++ {
++ CK_RV rv;
++
++ if ((pk11_pin == NULL) && (pk11_get_pin() == 0))
++ return (0);
++
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_lock(token_lock) == 0);
++#else
++ CRYPTO_w_lock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ if ((rv = pFuncList->C_Login(session, CKU_USER,
++ (CK_UTF8CHAR_PTR)pk11_pin, strlen(pk11_pin))) != CKR_OK)
++ {
++ PK11err_add_data(PK11_F_TOKEN_RELOGIN,
++ PK11_R_TOKEN_LOGIN_FAILED, rv);
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++ return (0);
++ }
++#ifndef NOPTHREADS
++ OPENSSL_assert(pthread_mutex_unlock(token_lock) == 0);
++#else
++ CRYPTO_w_unlock(CRYPTO_LOCK_PK11_ENGINE);
++#endif
++
++ return (1);
++ }
++
++#ifdef OPENSSL_SYS_WIN32
++char *getpassphrase(const char *prompt)
++ {
++ static char buf[128];
++ HANDLE h;
++ DWORD cc, mode;
++ int cnt;
++
++ h = GetStdHandle(STD_INPUT_HANDLE);
++ fputs(prompt, stderr);
++ fflush(stderr);
++ fflush(stdout);
++ FlushConsoleInputBuffer(h);
++ GetConsoleMode(h, &mode);
++ SetConsoleMode(h, ENABLE_PROCESSED_INPUT);
++
++ for (cnt = 0; cnt < sizeof(buf) - 1; cnt++)
++ {
++ ReadFile(h, buf + cnt, 1, &cc, NULL);
++ if (buf[cnt] == '\r')
++ break;
++ fputc('*', stdout);
++ fflush(stderr);
++ fflush(stdout);
++ }
++
++ SetConsoleMode(h, mode);
++ buf[cnt] = '\0';
++ fputs("\n", stderr);
++ return buf;
++ }
++#endif /* OPENSSL_SYS_WIN32 */
++#endif /* OPENSSL_NO_HW_PK11SO */
++#endif /* OPENSSL_NO_HW_PK11 */
++#endif /* OPENSSL_NO_HW */
+Index: openssl/crypto/engine/pkcs11.h
+diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
+@@ -0,0 +1,299 @@
++/* pkcs11.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++#ifndef _PKCS11_H_
++#define _PKCS11_H_ 1
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/* Before including this file (pkcs11.h) (or pkcs11t.h by
++ * itself), 6 platform-specific macros must be defined. These
++ * macros are described below, and typical definitions for them
++ * are also given. Be advised that these definitions can depend
++ * on both the platform and the compiler used (and possibly also
++ * on whether a Cryptoki library is linked statically or
++ * dynamically).
++ *
++ * In addition to defining these 6 macros, the packing convention
++ * for Cryptoki structures should be set. The Cryptoki
++ * convention on packing is that structures should be 1-byte
++ * aligned.
++ *
++ * If you're using Microsoft Developer Studio 5.0 to produce
++ * Win32 stuff, this might be done by using the following
++ * preprocessor directive before including pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(push, cryptoki, 1)
++ *
++ * and using the following preprocessor directive after including
++ * pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(pop, cryptoki)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to produce Win16 stuff, this might be done by using
++ * the following preprocessor directive before including
++ * pkcs11.h or pkcs11t.h:
++ *
++ * #pragma pack(1)
++ *
++ * In a UNIX environment, you're on your own for this. You might
++ * not need to do (or be able to do!) anything.
++ *
++ *
++ * Now for the macros:
++ *
++ *
++ * 1. CK_PTR: The indirection string for making a pointer to an
++ * object. It can be used like this:
++ *
++ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to produce
++ * Win32 stuff, it might be defined by:
++ *
++ * #define CK_PTR *
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to produce Win16 stuff, it might be defined by:
++ *
++ * #define CK_PTR far *
++ *
++ * In a typical UNIX environment, it might be defined by:
++ *
++ * #define CK_PTR *
++ *
++ *
++ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
++ * an exportable Cryptoki library function definition out of a
++ * return type and a function name. It should be used in the
++ * following fashion to define the exposed Cryptoki functions in
++ * a Cryptoki library:
++ *
++ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
++ * CK_VOID_PTR pReserved
++ * )
++ * {
++ * ...
++ * }
++ *
++ * If you're using Microsoft Developer Studio 5.0 to define a
++ * function in a Win32 Cryptoki .dll, it might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType __declspec(dllexport) name
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to define a function in a Win16 Cryptoki .dll, it
++ * might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType __export _far _pascal name
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DEFINE_FUNCTION(returnType, name) \
++ * returnType name
++ *
++ *
++ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
++ * an importable Cryptoki library function declaration out of a
++ * return type and a function name. It should be used in the
++ * following fashion:
++ *
++ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
++ * CK_VOID_PTR pReserved
++ * );
++ *
++ * If you're using Microsoft Developer Studio 5.0 to declare a
++ * function in a Win32 Cryptoki .dll, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType __declspec(dllimport) name
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to declare a function in a Win16 Cryptoki .dll, it
++ * might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType __export _far _pascal name
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION(returnType, name) \
++ * returnType name
++ *
++ *
++ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
++ * which makes a Cryptoki API function pointer declaration or
++ * function pointer type declaration out of a return type and a
++ * function name. It should be used in the following fashion:
++ *
++ * // Define funcPtr to be a pointer to a Cryptoki API function
++ * // taking arguments args and returning CK_RV.
++ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
++ *
++ * or
++ *
++ * // Define funcPtrType to be the type of a pointer to a
++ * // Cryptoki API function taking arguments args and returning
++ * // CK_RV, and then define funcPtr to be a variable of type
++ * // funcPtrType.
++ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
++ * funcPtrType funcPtr;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to access
++ * functions in a Win32 Cryptoki .dll, in might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType __declspec(dllimport) (* name)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to access functions in a Win16 Cryptoki .dll, it might
++ * be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType __export _far _pascal (* name)
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
++ * returnType (* name)
++ *
++ *
++ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
++ * a function pointer type for an application callback out of
++ * a return type for the callback and a name for the callback.
++ * It should be used in the following fashion:
++ *
++ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
++ *
++ * to declare a function pointer, myCallback, to a callback
++ * which takes arguments args and returns a CK_RV. It can also
++ * be used like this:
++ *
++ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
++ * myCallbackType myCallback;
++ *
++ * If you're using Microsoft Developer Studio 5.0 to do Win32
++ * Cryptoki development, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType (* name)
++ *
++ * If you're using an earlier version of Microsoft Developer
++ * Studio to do Win16 development, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType _far _pascal (* name)
++ *
++ * In a UNIX environment, it might be defined by:
++ *
++ * #define CK_CALLBACK_FUNCTION(returnType, name) \
++ * returnType (* name)
++ *
++ *
++ * 6. NULL_PTR: This macro is the value of a NULL pointer.
++ *
++ * In any ANSI/ISO C environment (and in many others as well),
++ * this should best be defined by
++ *
++ * #ifndef NULL_PTR
++ * #define NULL_PTR 0
++ * #endif
++ */
++
++
++/* All the various Cryptoki types and #define'd values are in the
++ * file pkcs11t.h. */
++#include "pkcs11t.h"
++
++#define __PASTE(x,y) x##y
++
++
++/* ==============================================================
++ * Define the "extern" form of all the entry points.
++ * ==============================================================
++ */
++
++#define CK_NEED_ARG_LIST 1
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ extern CK_DECLARE_FUNCTION(CK_RV, name)
++
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++#undef CK_NEED_ARG_LIST
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++/* ==============================================================
++ * Define the typedef form of all the entry points. That is, for
++ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
++ * a pointer to that kind of function.
++ * ==============================================================
++ */
++
++#define CK_NEED_ARG_LIST 1
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
++
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++#undef CK_NEED_ARG_LIST
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++/* ==============================================================
++ * Define structed vector of entry points. A CK_FUNCTION_LIST
++ * contains a CK_VERSION indicating a library's Cryptoki version
++ * and then a whole slew of function pointers to the routines in
++ * the library. This type was declared, but not defined, in
++ * pkcs11t.h.
++ * ==============================================================
++ */
++
++#define CK_PKCS11_FUNCTION_INFO(name) \
++ __PASTE(CK_,name) name;
++
++struct CK_FUNCTION_LIST {
++
++ CK_VERSION version; /* Cryptoki version */
++
++/* Pile all the function pointers into the CK_FUNCTION_LIST. */
++/* pkcs11f.h has all the information about the Cryptoki
++ * function prototypes. */
++#include "pkcs11f.h"
++
++};
++
++#undef CK_PKCS11_FUNCTION_INFO
++
++
++#undef __PASTE
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
+Index: openssl/crypto/engine/pkcs11f.h
+diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
+@@ -0,0 +1,912 @@
++/* pkcs11f.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++/* This header file contains pretty much everything about all the */
++/* Cryptoki function prototypes. Because this information is */
++/* used for more than just declaring function prototypes, the */
++/* order of the functions appearing herein is important, and */
++/* should not be altered. */
++
++/* General-purpose */
++
++/* C_Initialize initializes the Cryptoki library. */
++CK_PKCS11_FUNCTION_INFO(C_Initialize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
++ * cast to CK_C_INITIALIZE_ARGS_PTR
++ * and dereferenced */
++);
++#endif
++
++
++/* C_Finalize indicates that an application is done with the
++ * Cryptoki library. */
++CK_PKCS11_FUNCTION_INFO(C_Finalize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
++);
++#endif
++
++
++/* C_GetInfo returns general information about Cryptoki. */
++CK_PKCS11_FUNCTION_INFO(C_GetInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_INFO_PTR pInfo /* location that receives information */
++);
++#endif
++
++
++/* C_GetFunctionList returns the function list. */
++CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
++ * function list */
++);
++#endif
++
++
++
++/* Slot and token management */
++
++/* C_GetSlotList obtains a list of slots in the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_BBOOL tokenPresent, /* only slots with tokens? */
++ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
++ CK_ULONG_PTR pulCount /* receives number of slots */
++);
++#endif
++
++
++/* C_GetSlotInfo obtains information about a particular slot in
++ * the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* the ID of the slot */
++ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
++);
++#endif
++
++
++/* C_GetTokenInfo obtains information about a particular token
++ * in the system. */
++CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
++);
++#endif
++
++
++/* C_GetMechanismList obtains a list of mechanism types
++ * supported by a token. */
++CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of token's slot */
++ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
++ CK_ULONG_PTR pulCount /* gets # of mechs. */
++);
++#endif
++
++
++/* C_GetMechanismInfo obtains information about a particular
++ * mechanism possibly supported by a token. */
++CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_MECHANISM_TYPE type, /* type of mechanism */
++ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
++);
++#endif
++
++
++/* C_InitToken initializes a token. */
++CK_PKCS11_FUNCTION_INFO(C_InitToken)
++#ifdef CK_NEED_ARG_LIST
++/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
++(
++ CK_SLOT_ID slotID, /* ID of the token's slot */
++ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
++ CK_ULONG ulPinLen, /* length in bytes of the PIN */
++ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
++);
++#endif
++
++
++/* C_InitPIN initializes the normal user's PIN. */
++CK_PKCS11_FUNCTION_INFO(C_InitPIN)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
++ CK_ULONG ulPinLen /* length in bytes of the PIN */
++);
++#endif
++
++
++/* C_SetPIN modifies the PIN of the user who is logged in. */
++CK_PKCS11_FUNCTION_INFO(C_SetPIN)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
++ CK_ULONG ulOldLen, /* length of the old PIN */
++ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
++ CK_ULONG ulNewLen /* length of the new PIN */
++);
++#endif
++
++
++
++/* Session management */
++
++/* C_OpenSession opens a session between an application and a
++ * token. */
++CK_PKCS11_FUNCTION_INFO(C_OpenSession)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID, /* the slot's ID */
++ CK_FLAGS flags, /* from CK_SESSION_INFO */
++ CK_VOID_PTR pApplication, /* passed to callback */
++ CK_NOTIFY Notify, /* callback function */
++ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
++);
++#endif
++
++
++/* C_CloseSession closes a session between an application and a
++ * token. */
++CK_PKCS11_FUNCTION_INFO(C_CloseSession)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++/* C_CloseAllSessions closes all sessions with a token. */
++CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SLOT_ID slotID /* the token's slot */
++);
++#endif
++
++
++/* C_GetSessionInfo obtains information about the session. */
++CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_SESSION_INFO_PTR pInfo /* receives session info */
++);
++#endif
++
++
++/* C_GetOperationState obtains the state of the cryptographic operation
++ * in a session. */
++CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pOperationState, /* gets state */
++ CK_ULONG_PTR pulOperationStateLen /* gets state length */
++);
++#endif
++
++
++/* C_SetOperationState restores the state of the cryptographic
++ * operation in a session. */
++CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pOperationState, /* holds state */
++ CK_ULONG ulOperationStateLen, /* holds state length */
++ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
++ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
++);
++#endif
++
++
++/* C_Login logs a user into a token. */
++CK_PKCS11_FUNCTION_INFO(C_Login)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_USER_TYPE userType, /* the user type */
++ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
++ CK_ULONG ulPinLen /* the length of the PIN */
++);
++#endif
++
++
++/* C_Logout logs a user out from a token. */
++CK_PKCS11_FUNCTION_INFO(C_Logout)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Object management */
++
++/* C_CreateObject creates a new object. */
++CK_PKCS11_FUNCTION_INFO(C_CreateObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
++ CK_ULONG ulCount, /* attributes in template */
++ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
++);
++#endif
++
++
++/* C_CopyObject copies an object, creating a new object for the
++ * copy. */
++CK_PKCS11_FUNCTION_INFO(C_CopyObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
++ CK_ULONG ulCount, /* attributes in template */
++ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
++);
++#endif
++
++
++/* C_DestroyObject destroys an object. */
++CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject /* the object's handle */
++);
++#endif
++
++
++/* C_GetObjectSize gets the size of an object in bytes. */
++CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ULONG_PTR pulSize /* receives size of object */
++);
++#endif
++
++
++/* C_GetAttributeValue obtains the value of one or more object
++ * attributes. */
++CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
++ CK_ULONG ulCount /* attributes in template */
++);
++#endif
++
++
++/* C_SetAttributeValue modifies the value of one or more object
++ * attributes */
++CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hObject, /* the object's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
++ CK_ULONG ulCount /* attributes in template */
++);
++#endif
++
++
++/* C_FindObjectsInit initializes a search for token and session
++ * objects that match a template. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
++ CK_ULONG ulCount /* attrs in search template */
++);
++#endif
++
++
++/* C_FindObjects continues a search for token and session
++ * objects that match a template, obtaining additional object
++ * handles. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjects)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
++ CK_ULONG ulMaxObjectCount, /* max handles to get */
++ CK_ULONG_PTR pulObjectCount /* actual # returned */
++);
++#endif
++
++
++/* C_FindObjectsFinal finishes a search for token and session
++ * objects. */
++CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Encryption and decryption */
++
++/* C_EncryptInit initializes an encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of encryption key */
++);
++#endif
++
++
++/* C_Encrypt encrypts single-part data. */
++CK_PKCS11_FUNCTION_INFO(C_Encrypt)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pData, /* the plaintext data */
++ CK_ULONG ulDataLen, /* bytes of plaintext */
++ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
++);
++#endif
++
++
++/* C_EncryptUpdate continues a multiple-part encryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext data len */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
++);
++#endif
++
++
++/* C_EncryptFinal finishes a multiple-part encryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session handle */
++ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
++ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
++);
++#endif
++
++
++/* C_DecryptInit initializes a decryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of decryption key */
++);
++#endif
++
++
++/* C_Decrypt decrypts encrypted data in a single part. */
++CK_PKCS11_FUNCTION_INFO(C_Decrypt)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedData, /* ciphertext */
++ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
++ CK_BYTE_PTR pData, /* gets plaintext */
++ CK_ULONG_PTR pulDataLen /* gets p-text size */
++);
++#endif
++
++
++/* C_DecryptUpdate continues a multiple-part decryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
++ CK_ULONG ulEncryptedPartLen, /* input length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* p-text size */
++);
++#endif
++
++
++/* C_DecryptFinal finishes a multiple-part decryption
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pLastPart, /* gets plaintext */
++ CK_ULONG_PTR pulLastPartLen /* p-text size */
++);
++#endif
++
++
++
++/* Message digesting */
++
++/* C_DigestInit initializes a message-digesting operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
++);
++#endif
++
++
++/* C_Digest digests data in a single part. */
++CK_PKCS11_FUNCTION_INFO(C_Digest)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* data to be digested */
++ CK_ULONG ulDataLen, /* bytes of data to digest */
++ CK_BYTE_PTR pDigest, /* gets the message digest */
++ CK_ULONG_PTR pulDigestLen /* gets digest length */
++);
++#endif
++
++
++/* C_DigestUpdate continues a multiple-part message-digesting
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* data to be digested */
++ CK_ULONG ulPartLen /* bytes of data to be digested */
++);
++#endif
++
++
++/* C_DigestKey continues a multi-part message-digesting
++ * operation, by digesting the value of a secret key as part of
++ * the data already digested. */
++CK_PKCS11_FUNCTION_INFO(C_DigestKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_OBJECT_HANDLE hKey /* secret key to digest */
++);
++#endif
++
++
++/* C_DigestFinal finishes a multiple-part message-digesting
++ * operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pDigest, /* gets the message digest */
++ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
++);
++#endif
++
++
++
++/* Signing and MACing */
++
++/* C_SignInit initializes a signature (private key encryption)
++ * operation, where the signature is (will be) an appendix to
++ * the data, and plaintext cannot be recovered from the
++ *signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of signature key */
++);
++#endif
++
++
++/* C_Sign signs (encrypts with private key) data in a single
++ * part, where the signature is (will be) an appendix to the
++ * data, and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_Sign)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* the data to sign */
++ CK_ULONG ulDataLen, /* count of bytes to sign */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++/* C_SignUpdate continues a multiple-part signature operation,
++ * where the signature is (will be) an appendix to the data,
++ * and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* the data to sign */
++ CK_ULONG ulPartLen /* count of bytes to sign */
++);
++#endif
++
++
++/* C_SignFinal finishes a multiple-part signature operation,
++ * returning the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++/* C_SignRecoverInit initializes a signature operation, where
++ * the data can be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
++ CK_OBJECT_HANDLE hKey /* handle of the signature key */
++);
++#endif
++
++
++/* C_SignRecover signs data in a single operation, where the
++ * data can be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_SignRecover)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* the data to sign */
++ CK_ULONG ulDataLen, /* count of bytes to sign */
++ CK_BYTE_PTR pSignature, /* gets the signature */
++ CK_ULONG_PTR pulSignatureLen /* gets signature length */
++);
++#endif
++
++
++
++/* Verifying signatures and MACs */
++
++/* C_VerifyInit initializes a verification operation, where the
++ * signature is an appendix to the data, and plaintext cannot
++ * cannot be recovered from the signature (e.g. DSA). */
++CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
++ CK_OBJECT_HANDLE hKey /* verification key */
++);
++#endif
++
++
++/* C_Verify verifies a signature in a single-part operation,
++ * where the signature is an appendix to the data, and plaintext
++ * cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_Verify)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pData, /* signed data */
++ CK_ULONG ulDataLen, /* length of signed data */
++ CK_BYTE_PTR pSignature, /* signature */
++ CK_ULONG ulSignatureLen /* signature length*/
++);
++#endif
++
++
++/* C_VerifyUpdate continues a multiple-part verification
++ * operation, where the signature is an appendix to the data,
++ * and plaintext cannot be recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pPart, /* signed data */
++ CK_ULONG ulPartLen /* length of signed data */
++);
++#endif
++
++
++/* C_VerifyFinal finishes a multiple-part verification
++ * operation, checking the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* signature to verify */
++ CK_ULONG ulSignatureLen /* signature length */
++);
++#endif
++
++
++/* C_VerifyRecoverInit initializes a signature verification
++ * operation, where the data is recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
++ CK_OBJECT_HANDLE hKey /* verification key */
++);
++#endif
++
++
++/* C_VerifyRecover verifies a signature in a single-part
++ * operation, where the data is recovered from the signature. */
++CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSignature, /* signature to verify */
++ CK_ULONG ulSignatureLen, /* signature length */
++ CK_BYTE_PTR pData, /* gets signed data */
++ CK_ULONG_PTR pulDataLen /* gets signed data len */
++);
++#endif
++
++
++
++/* Dual-function cryptographic operations */
++
++/* C_DigestEncryptUpdate continues a multiple-part digesting
++ * and encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext length */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
++);
++#endif
++
++
++/* C_DecryptDigestUpdate continues a multiple-part decryption and
++ * digesting operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
++ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* gets plaintext len */
++);
++#endif
++
++
++/* C_SignEncryptUpdate continues a multiple-part signing and
++ * encryption operation. */
++CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pPart, /* the plaintext data */
++ CK_ULONG ulPartLen, /* plaintext length */
++ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
++ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
++);
++#endif
++
++
++/* C_DecryptVerifyUpdate continues a multiple-part decryption and
++ * verify operation. */
++CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
++ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
++ CK_BYTE_PTR pPart, /* gets plaintext */
++ CK_ULONG_PTR pulPartLen /* gets p-text length */
++);
++#endif
++
++
++
++/* Key management */
++
++/* C_GenerateKey generates a secret key, creating a new key
++ * object. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
++ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
++ CK_ULONG ulCount, /* # of attrs in template */
++ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
++);
++#endif
++
++
++/* C_GenerateKeyPair generates a public-key/private-key pair,
++ * creating new key objects. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session
++ * handle */
++ CK_MECHANISM_PTR pMechanism, /* key-gen
++ * mech. */
++ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
++ * for pub.
++ * key */
++ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
++ * attrs. */
++ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
++ * for priv.
++ * key */
++ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
++ * attrs. */
++ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
++ * key
++ * handle */
++ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
++ * priv. key
++ * handle */
++);
++#endif
++
++
++/* C_WrapKey wraps (i.e., encrypts) a key. */
++CK_PKCS11_FUNCTION_INFO(C_WrapKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
++ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
++ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
++ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
++ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
++);
++#endif
++
++
++/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
++ * key object. */
++CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
++ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
++ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
++ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
++ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
++ CK_ULONG ulAttributeCount, /* template length */
++ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
++);
++#endif
++
++
++/* C_DeriveKey derives a key from a base key, creating a new key
++ * object. */
++CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* session's handle */
++ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
++ CK_OBJECT_HANDLE hBaseKey, /* base key */
++ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
++ CK_ULONG ulAttributeCount, /* template length */
++ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
++);
++#endif
++
++
++
++/* Random number generation */
++
++/* C_SeedRandom mixes additional seed material into the token's
++ * random number generator. */
++CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR pSeed, /* the seed material */
++ CK_ULONG ulSeedLen /* length of seed material */
++);
++#endif
++
++
++/* C_GenerateRandom generates random data. */
++CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_BYTE_PTR RandomData, /* receives the random data */
++ CK_ULONG ulRandomLen /* # of bytes to generate */
++);
++#endif
++
++
++
++/* Parallel function management */
++
++/* C_GetFunctionStatus is a legacy function; it obtains an
++ * updated status of a function running in parallel with an
++ * application. */
++CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++/* C_CancelFunction is a legacy function; it cancels a function
++ * running in parallel. */
++CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_SESSION_HANDLE hSession /* the session's handle */
++);
++#endif
++
++
++
++/* Functions added in for Cryptoki Version 2.01 or later */
++
++/* C_WaitForSlotEvent waits for a slot event (token insertion,
++ * removal, etc.) to occur. */
++CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
++#ifdef CK_NEED_ARG_LIST
++(
++ CK_FLAGS flags, /* blocking/nonblocking flag */
++ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
++ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
++);
++#endif
+Index: openssl/crypto/engine/pkcs11t.h
+diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
+--- /dev/null Thu Jul 3 12:44:12 2014
++++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
+@@ -0,0 +1,1885 @@
++/* pkcs11t.h include file for PKCS #11. */
++/* $Revision$ */
++
++/* License to copy and use this software is granted provided that it is
++ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
++ * (Cryptoki)" in all material mentioning or referencing this software.
++
++ * License is also granted to make and use derivative works provided that
++ * such works are identified as "derived from the RSA Security Inc. PKCS #11
++ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
++ * referencing the derived work.
++
++ * RSA Security Inc. makes no representations concerning either the
++ * merchantability of this software or the suitability of this software for
++ * any particular purpose. It is provided "as is" without express or implied
++ * warranty of any kind.
++ */
++
++/* See top of pkcs11.h for information about the macros that
++ * must be defined and the structure-packing conventions that
++ * must be set before including this file. */
++
++#ifndef _PKCS11T_H_
++#define _PKCS11T_H_ 1
++
++#define CRYPTOKI_VERSION_MAJOR 2
++#define CRYPTOKI_VERSION_MINOR 20
++#define CRYPTOKI_VERSION_AMENDMENT 3
++
++#define CK_TRUE 1
++#define CK_FALSE 0
++
++#ifndef CK_DISABLE_TRUE_FALSE
++#ifndef FALSE
++#define FALSE CK_FALSE
++#endif
++
++#ifndef TRUE
++#define TRUE CK_TRUE
++#endif
++#endif
++
++/* an unsigned 8-bit value */
++typedef unsigned char CK_BYTE;
++
++/* an unsigned 8-bit character */
++typedef CK_BYTE CK_CHAR;
++
++/* an 8-bit UTF-8 character */
++typedef CK_BYTE CK_UTF8CHAR;
++
++/* a BYTE-sized Boolean flag */
++typedef CK_BYTE CK_BBOOL;
++
++/* an unsigned value, at least 32 bits long */
++typedef unsigned long int CK_ULONG;
++
++/* a signed value, the same size as a CK_ULONG */
++/* CK_LONG is new for v2.0 */
++typedef long int CK_LONG;
++
++/* at least 32 bits; each bit is a Boolean flag */
++typedef CK_ULONG CK_FLAGS;
++
++
++/* some special values for certain CK_ULONG variables */
++#define CK_UNAVAILABLE_INFORMATION (~0UL)
++#define CK_EFFECTIVELY_INFINITE 0
++
++
++typedef CK_BYTE CK_PTR CK_BYTE_PTR;
++typedef CK_CHAR CK_PTR CK_CHAR_PTR;
++typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
++typedef CK_ULONG CK_PTR CK_ULONG_PTR;
++typedef void CK_PTR CK_VOID_PTR;
++
++/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
++typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
++
++
++/* The following value is always invalid if used as a session */
++/* handle or object handle */
++#define CK_INVALID_HANDLE 0
++
++
++typedef struct CK_VERSION {
++ CK_BYTE major; /* integer portion of version number */
++ CK_BYTE minor; /* 1/100ths portion of version number */
++} CK_VERSION;
++
++typedef CK_VERSION CK_PTR CK_VERSION_PTR;
++
++
++typedef struct CK_INFO {
++ /* manufacturerID and libraryDecription have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_FLAGS flags; /* must be zero */
++
++ /* libraryDescription and libraryVersion are new for v2.0 */
++ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
++ CK_VERSION libraryVersion; /* version of library */
++} CK_INFO;
++
++typedef CK_INFO CK_PTR CK_INFO_PTR;
++
++
++/* CK_NOTIFICATION enumerates the types of notifications that
++ * Cryptoki provides to an application */
++/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
++ * for v2.0 */
++typedef CK_ULONG CK_NOTIFICATION;
++#define CKN_SURRENDER 0
++
++/* The following notification is new for PKCS #11 v2.20 amendment 3 */
++#define CKN_OTP_CHANGED 1
++
++
++typedef CK_ULONG CK_SLOT_ID;
++
++typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
++
++
++/* CK_SLOT_INFO provides information about a slot */
++typedef struct CK_SLOT_INFO {
++ /* slotDescription and manufacturerID have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_UTF8CHAR slotDescription[64]; /* blank padded */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_FLAGS flags;
++
++ /* hardwareVersion and firmwareVersion are new for v2.0 */
++ CK_VERSION hardwareVersion; /* version of hardware */
++ CK_VERSION firmwareVersion; /* version of firmware */
++} CK_SLOT_INFO;
++
++/* flags: bit flags that provide capabilities of the slot
++ * Bit Flag Mask Meaning
++ */
++#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
++#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
++#define CKF_HW_SLOT 0x00000004 /* hardware slot */
++
++typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
++
++
++/* CK_TOKEN_INFO provides information about a token */
++typedef struct CK_TOKEN_INFO {
++ /* label, manufacturerID, and model have been changed from
++ * CK_CHAR to CK_UTF8CHAR for v2.10 */
++ CK_UTF8CHAR label[32]; /* blank padded */
++ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
++ CK_UTF8CHAR model[16]; /* blank padded */
++ CK_CHAR serialNumber[16]; /* blank padded */
++ CK_FLAGS flags; /* see below */
++
++ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
++ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
++ * changed from CK_USHORT to CK_ULONG for v2.0 */
++ CK_ULONG ulMaxSessionCount; /* max open sessions */
++ CK_ULONG ulSessionCount; /* sess. now open */
++ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
++ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
++ CK_ULONG ulMaxPinLen; /* in bytes */
++ CK_ULONG ulMinPinLen; /* in bytes */
++ CK_ULONG ulTotalPublicMemory; /* in bytes */
++ CK_ULONG ulFreePublicMemory; /* in bytes */
++ CK_ULONG ulTotalPrivateMemory; /* in bytes */
++ CK_ULONG ulFreePrivateMemory; /* in bytes */
++
++ /* hardwareVersion, firmwareVersion, and time are new for
++ * v2.0 */
++ CK_VERSION hardwareVersion; /* version of hardware */
++ CK_VERSION firmwareVersion; /* version of firmware */
++ CK_CHAR utcTime[16]; /* time */
++} CK_TOKEN_INFO;
++
++/* The flags parameter is defined as follows:
++ * Bit Flag Mask Meaning
++ */
++#define CKF_RNG 0x00000001 /* has random #
++ * generator */
++#define CKF_WRITE_PROTECTED 0x00000002 /* token is
++ * write-
++ * protected */
++#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
++ * login */
++#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
++ * PIN is set */
++
++/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
++ * that means that *every* time the state of cryptographic
++ * operations of a session is successfully saved, all keys
++ * needed to continue those operations are stored in the state */
++#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
++
++/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
++ * that the token has some sort of clock. The time on that
++ * clock is returned in the token info structure */
++#define CKF_CLOCK_ON_TOKEN 0x00000040
++
++/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
++ * set, that means that there is some way for the user to login
++ * without sending a PIN through the Cryptoki library itself */
++#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
++
++/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
++ * that means that a single session with the token can perform
++ * dual simultaneous cryptographic operations (digest and
++ * encrypt; decrypt and digest; sign and encrypt; and decrypt
++ * and sign) */
++#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
++
++/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
++ * token has been initialized using C_InitializeToken or an
++ * equivalent mechanism outside the scope of PKCS #11.
++ * Calling C_InitializeToken when this flag is set will cause
++ * the token to be reinitialized. */
++#define CKF_TOKEN_INITIALIZED 0x00000400
++
++/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
++ * true, the token supports secondary authentication for
++ * private key objects. This flag is deprecated in v2.11 and
++ onwards. */
++#define CKF_SECONDARY_AUTHENTICATION 0x00000800
++
++/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
++ * incorrect user login PIN has been entered at least once
++ * since the last successful authentication. */
++#define CKF_USER_PIN_COUNT_LOW 0x00010000
++
++/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
++ * supplying an incorrect user PIN will it to become locked. */
++#define CKF_USER_PIN_FINAL_TRY 0x00020000
++
++/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
++ * user PIN has been locked. User login to the token is not
++ * possible. */
++#define CKF_USER_PIN_LOCKED 0x00040000
++
++/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
++ * the user PIN value is the default value set by token
++ * initialization or manufacturing, or the PIN has been
++ * expired by the card. */
++#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
++
++/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
++ * incorrect SO login PIN has been entered at least once since
++ * the last successful authentication. */
++#define CKF_SO_PIN_COUNT_LOW 0x00100000
++
++/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
++ * supplying an incorrect SO PIN will it to become locked. */
++#define CKF_SO_PIN_FINAL_TRY 0x00200000
++
++/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
++ * PIN has been locked. SO login to the token is not possible.
++ */
++#define CKF_SO_PIN_LOCKED 0x00400000
++
++/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
++ * the SO PIN value is the default value set by token
++ * initialization or manufacturing, or the PIN has been
++ * expired by the card. */
++#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
++
++typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
++
++
++/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
++ * identifies a session */
++typedef CK_ULONG CK_SESSION_HANDLE;
++
++typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
++
++
++/* CK_USER_TYPE enumerates the types of Cryptoki users */
++/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_USER_TYPE;
++/* Security Officer */
++#define CKU_SO 0
++/* Normal user */
++#define CKU_USER 1
++/* Context specific (added in v2.20) */
++#define CKU_CONTEXT_SPECIFIC 2
++
++/* CK_STATE enumerates the session states */
++/* CK_STATE has been changed from an enum to a CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_STATE;
++#define CKS_RO_PUBLIC_SESSION 0
++#define CKS_RO_USER_FUNCTIONS 1
++#define CKS_RW_PUBLIC_SESSION 2
++#define CKS_RW_USER_FUNCTIONS 3
++#define CKS_RW_SO_FUNCTIONS 4
++
++
++/* CK_SESSION_INFO provides information about a session */
++typedef struct CK_SESSION_INFO {
++ CK_SLOT_ID slotID;
++ CK_STATE state;
++ CK_FLAGS flags; /* see below */
++
++ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulDeviceError; /* device-dependent error code */
++} CK_SESSION_INFO;
++
++/* The flags are defined in the following table:
++ * Bit Flag Mask Meaning
++ */
++#define CKF_RW_SESSION 0x00000002 /* session is r/w */
++#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
++
++typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
++
++
++/* CK_OBJECT_HANDLE is a token-specific identifier for an
++ * object */
++typedef CK_ULONG CK_OBJECT_HANDLE;
++
++typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
++
++
++/* CK_OBJECT_CLASS is a value that identifies the classes (or
++ * types) of objects that Cryptoki recognizes. It is defined
++ * as follows: */
++/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_OBJECT_CLASS;
++
++/* The following classes of objects are defined: */
++/* CKO_HW_FEATURE is new for v2.10 */
++/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
++/* CKO_MECHANISM is new for v2.20 */
++#define CKO_DATA 0x00000000
++#define CKO_CERTIFICATE 0x00000001
++#define CKO_PUBLIC_KEY 0x00000002
++#define CKO_PRIVATE_KEY 0x00000003
++#define CKO_SECRET_KEY 0x00000004
++#define CKO_HW_FEATURE 0x00000005
++#define CKO_DOMAIN_PARAMETERS 0x00000006
++#define CKO_MECHANISM 0x00000007
++
++/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
++#define CKO_OTP_KEY 0x00000008
++
++#define CKO_VENDOR_DEFINED 0x80000000
++
++typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
++
++/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
++ * value that identifies the hardware feature type of an object
++ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
++typedef CK_ULONG CK_HW_FEATURE_TYPE;
++
++/* The following hardware feature types are defined */
++/* CKH_USER_INTERFACE is new for v2.20 */
++#define CKH_MONOTONIC_COUNTER 0x00000001
++#define CKH_CLOCK 0x00000002
++#define CKH_USER_INTERFACE 0x00000003
++#define CKH_VENDOR_DEFINED 0x80000000
++
++/* CK_KEY_TYPE is a value that identifies a key type */
++/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
++typedef CK_ULONG CK_KEY_TYPE;
++
++/* the following key types are defined: */
++#define CKK_RSA 0x00000000
++#define CKK_DSA 0x00000001
++#define CKK_DH 0x00000002
++
++/* CKK_ECDSA and CKK_KEA are new for v2.0 */
++/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
++#define CKK_ECDSA 0x00000003
++#define CKK_EC 0x00000003
++#define CKK_X9_42_DH 0x00000004
++#define CKK_KEA 0x00000005
++
++#define CKK_GENERIC_SECRET 0x00000010
++#define CKK_RC2 0x00000011
++#define CKK_RC4 0x00000012
++#define CKK_DES 0x00000013
++#define CKK_DES2 0x00000014
++#define CKK_DES3 0x00000015
++
++/* all these key types are new for v2.0 */
++#define CKK_CAST 0x00000016
++#define CKK_CAST3 0x00000017
++/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
++#define CKK_CAST5 0x00000018
++#define CKK_CAST128 0x00000018
++#define CKK_RC5 0x00000019
++#define CKK_IDEA 0x0000001A
++#define CKK_SKIPJACK 0x0000001B
++#define CKK_BATON 0x0000001C
++#define CKK_JUNIPER 0x0000001D
++#define CKK_CDMF 0x0000001E
++#define CKK_AES 0x0000001F
++
++/* BlowFish and TwoFish are new for v2.20 */
++#define CKK_BLOWFISH 0x00000020
++#define CKK_TWOFISH 0x00000021
++
++/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
++#define CKK_SECURID 0x00000022
++#define CKK_HOTP 0x00000023
++#define CKK_ACTI 0x00000024
++
++/* Camellia is new for PKCS #11 v2.20 amendment 3 */
++#define CKK_CAMELLIA 0x00000025
++/* ARIA is new for PKCS #11 v2.20 amendment 3 */
++#define CKK_ARIA 0x00000026
++
++
++#define CKK_VENDOR_DEFINED 0x80000000
++
++
++/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
++ * type */
++/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
++ * for v2.0 */
++typedef CK_ULONG CK_CERTIFICATE_TYPE;
++
++/* The following certificate types are defined: */
++/* CKC_X_509_ATTR_CERT is new for v2.10 */
++/* CKC_WTLS is new for v2.20 */
++#define CKC_X_509 0x00000000
++#define CKC_X_509_ATTR_CERT 0x00000001
++#define CKC_WTLS 0x00000002
++#define CKC_VENDOR_DEFINED 0x80000000
++
++
++/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
++ * type */
++/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_ATTRIBUTE_TYPE;
++
++/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
++ consists of an array of values. */
++#define CKF_ARRAY_ATTRIBUTE 0x40000000
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
++ and relates to the CKA_OTP_FORMAT attribute */
++#define CK_OTP_FORMAT_DECIMAL 0
++#define CK_OTP_FORMAT_HEXADECIMAL 1
++#define CK_OTP_FORMAT_ALPHANUMERIC 2
++#define CK_OTP_FORMAT_BINARY 3
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
++ and relates to the CKA_OTP_..._REQUIREMENT attributes */
++#define CK_OTP_PARAM_IGNORED 0
++#define CK_OTP_PARAM_OPTIONAL 1
++#define CK_OTP_PARAM_MANDATORY 2
++
++/* The following attribute types are defined: */
++#define CKA_CLASS 0x00000000
++#define CKA_TOKEN 0x00000001
++#define CKA_PRIVATE 0x00000002
++#define CKA_LABEL 0x00000003
++#define CKA_APPLICATION 0x00000010
++#define CKA_VALUE 0x00000011
++
++/* CKA_OBJECT_ID is new for v2.10 */
++#define CKA_OBJECT_ID 0x00000012
++
++#define CKA_CERTIFICATE_TYPE 0x00000080
++#define CKA_ISSUER 0x00000081
++#define CKA_SERIAL_NUMBER 0x00000082
++
++/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
++ * for v2.10 */
++#define CKA_AC_ISSUER 0x00000083
++#define CKA_OWNER 0x00000084
++#define CKA_ATTR_TYPES 0x00000085
++
++/* CKA_TRUSTED is new for v2.11 */
++#define CKA_TRUSTED 0x00000086
++
++/* CKA_CERTIFICATE_CATEGORY ...
++ * CKA_CHECK_VALUE are new for v2.20 */
++#define CKA_CERTIFICATE_CATEGORY 0x00000087
++#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
++#define CKA_URL 0x00000089
++#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
++#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
++#define CKA_CHECK_VALUE 0x00000090
++
++#define CKA_KEY_TYPE 0x00000100
++#define CKA_SUBJECT 0x00000101
++#define CKA_ID 0x00000102
++#define CKA_SENSITIVE 0x00000103
++#define CKA_ENCRYPT 0x00000104
++#define CKA_DECRYPT 0x00000105
++#define CKA_WRAP 0x00000106
++#define CKA_UNWRAP 0x00000107
++#define CKA_SIGN 0x00000108
++#define CKA_SIGN_RECOVER 0x00000109
++#define CKA_VERIFY 0x0000010A
++#define CKA_VERIFY_RECOVER 0x0000010B
++#define CKA_DERIVE 0x0000010C
++#define CKA_START_DATE 0x00000110
++#define CKA_END_DATE 0x00000111
++#define CKA_MODULUS 0x00000120
++#define CKA_MODULUS_BITS 0x00000121
++#define CKA_PUBLIC_EXPONENT 0x00000122
++#define CKA_PRIVATE_EXPONENT 0x00000123
++#define CKA_PRIME_1 0x00000124
++#define CKA_PRIME_2 0x00000125
++#define CKA_EXPONENT_1 0x00000126
++#define CKA_EXPONENT_2 0x00000127
++#define CKA_COEFFICIENT 0x00000128
++#define CKA_PRIME 0x00000130
++#define CKA_SUBPRIME 0x00000131
++#define CKA_BASE 0x00000132
++
++/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
++#define CKA_PRIME_BITS 0x00000133
++#define CKA_SUBPRIME_BITS 0x00000134
++#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
++/* (To retain backwards-compatibility) */
++
++#define CKA_VALUE_BITS 0x00000160
++#define CKA_VALUE_LEN 0x00000161
++
++/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
++ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
++ * and CKA_EC_POINT are new for v2.0 */
++#define CKA_EXTRACTABLE 0x00000162
++#define CKA_LOCAL 0x00000163
++#define CKA_NEVER_EXTRACTABLE 0x00000164
++#define CKA_ALWAYS_SENSITIVE 0x00000165
++
++/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
++#define CKA_KEY_GEN_MECHANISM 0x00000166
++
++#define CKA_MODIFIABLE 0x00000170
++
++/* CKA_ECDSA_PARAMS is deprecated in v2.11,
++ * CKA_EC_PARAMS is preferred. */
++#define CKA_ECDSA_PARAMS 0x00000180
++#define CKA_EC_PARAMS 0x00000180
++
++#define CKA_EC_POINT 0x00000181
++
++/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
++ * are new for v2.10. Deprecated in v2.11 and onwards. */
++#define CKA_SECONDARY_AUTH 0x00000200
++#define CKA_AUTH_PIN_FLAGS 0x00000201
++
++/* CKA_ALWAYS_AUTHENTICATE ...
++ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
++#define CKA_ALWAYS_AUTHENTICATE 0x00000202
++
++#define CKA_WRAP_WITH_TRUSTED 0x00000210
++#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
++#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
++
++/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
++#define CKA_OTP_FORMAT 0x00000220
++#define CKA_OTP_LENGTH 0x00000221
++#define CKA_OTP_TIME_INTERVAL 0x00000222
++#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
++#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
++#define CKA_OTP_TIME_REQUIREMENT 0x00000225
++#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
++#define CKA_OTP_PIN_REQUIREMENT 0x00000227
++#define CKA_OTP_COUNTER 0x0000022E
++#define CKA_OTP_TIME 0x0000022F
++#define CKA_OTP_USER_IDENTIFIER 0x0000022A
++#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
++#define CKA_OTP_SERVICE_LOGO 0x0000022C
++#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
++
++
++/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
++ * are new for v2.10 */
++#define CKA_HW_FEATURE_TYPE 0x00000300
++#define CKA_RESET_ON_INIT 0x00000301
++#define CKA_HAS_RESET 0x00000302
++
++/* The following attributes are new for v2.20 */
++#define CKA_PIXEL_X 0x00000400
++#define CKA_PIXEL_Y 0x00000401
++#define CKA_RESOLUTION 0x00000402
++#define CKA_CHAR_ROWS 0x00000403
++#define CKA_CHAR_COLUMNS 0x00000404
++#define CKA_COLOR 0x00000405
++#define CKA_BITS_PER_PIXEL 0x00000406
++#define CKA_CHAR_SETS 0x00000480
++#define CKA_ENCODING_METHODS 0x00000481
++#define CKA_MIME_TYPES 0x00000482
++#define CKA_MECHANISM_TYPE 0x00000500
++#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
++#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
++#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
++#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
++
++#define CKA_VENDOR_DEFINED 0x80000000
++
++/* CK_ATTRIBUTE is a structure that includes the type, length
++ * and value of an attribute */
++typedef struct CK_ATTRIBUTE {
++ CK_ATTRIBUTE_TYPE type;
++ CK_VOID_PTR pValue;
++
++ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
++ CK_ULONG ulValueLen; /* in bytes */
++} CK_ATTRIBUTE;
++
++typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
++
++
++/* CK_DATE is a structure that defines a date */
++typedef struct CK_DATE{
++ CK_CHAR year[4]; /* the year ("1900" - "9999") */
++ CK_CHAR month[2]; /* the month ("01" - "12") */
++ CK_CHAR day[2]; /* the day ("01" - "31") */
++} CK_DATE;
++
++
++/* CK_MECHANISM_TYPE is a value that identifies a mechanism
++ * type */
++/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++typedef CK_ULONG CK_MECHANISM_TYPE;
++
++/* the following mechanism types are defined: */
++#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
++#define CKM_RSA_PKCS 0x00000001
++#define CKM_RSA_9796 0x00000002
++#define CKM_RSA_X_509 0x00000003
++
++/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
++ * are new for v2.0. They are mechanisms which hash and sign */
++#define CKM_MD2_RSA_PKCS 0x00000004
++#define CKM_MD5_RSA_PKCS 0x00000005
++#define CKM_SHA1_RSA_PKCS 0x00000006
++
++/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
++ * CKM_RSA_PKCS_OAEP are new for v2.10 */
++#define CKM_RIPEMD128_RSA_PKCS 0x00000007
++#define CKM_RIPEMD160_RSA_PKCS 0x00000008
++#define CKM_RSA_PKCS_OAEP 0x00000009
++
++/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
++ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
++#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
++#define CKM_RSA_X9_31 0x0000000B
++#define CKM_SHA1_RSA_X9_31 0x0000000C
++#define CKM_RSA_PKCS_PSS 0x0000000D
++#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
++
++#define CKM_DSA_KEY_PAIR_GEN 0x00000010
++#define CKM_DSA 0x00000011
++#define CKM_DSA_SHA1 0x00000012
++#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
++#define CKM_DH_PKCS_DERIVE 0x00000021
++
++/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
++ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
++ * v2.11 */
++#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
++#define CKM_X9_42_DH_DERIVE 0x00000031
++#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
++#define CKM_X9_42_MQV_DERIVE 0x00000033
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256_RSA_PKCS 0x00000040
++#define CKM_SHA384_RSA_PKCS 0x00000041
++#define CKM_SHA512_RSA_PKCS 0x00000042
++#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
++#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
++#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
++
++/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224_RSA_PKCS 0x00000046
++#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
++
++#define CKM_RC2_KEY_GEN 0x00000100
++#define CKM_RC2_ECB 0x00000101
++#define CKM_RC2_CBC 0x00000102
++#define CKM_RC2_MAC 0x00000103
++
++/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
++#define CKM_RC2_MAC_GENERAL 0x00000104
++#define CKM_RC2_CBC_PAD 0x00000105
++
++#define CKM_RC4_KEY_GEN 0x00000110
++#define CKM_RC4 0x00000111
++#define CKM_DES_KEY_GEN 0x00000120
++#define CKM_DES_ECB 0x00000121
++#define CKM_DES_CBC 0x00000122
++#define CKM_DES_MAC 0x00000123
++
++/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
++#define CKM_DES_MAC_GENERAL 0x00000124
++#define CKM_DES_CBC_PAD 0x00000125
++
++#define CKM_DES2_KEY_GEN 0x00000130
++#define CKM_DES3_KEY_GEN 0x00000131
++#define CKM_DES3_ECB 0x00000132
++#define CKM_DES3_CBC 0x00000133
++#define CKM_DES3_MAC 0x00000134
++
++/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
++ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
++ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
++#define CKM_DES3_MAC_GENERAL 0x00000135
++#define CKM_DES3_CBC_PAD 0x00000136
++#define CKM_CDMF_KEY_GEN 0x00000140
++#define CKM_CDMF_ECB 0x00000141
++#define CKM_CDMF_CBC 0x00000142
++#define CKM_CDMF_MAC 0x00000143
++#define CKM_CDMF_MAC_GENERAL 0x00000144
++#define CKM_CDMF_CBC_PAD 0x00000145
++
++/* the following four DES mechanisms are new for v2.20 */
++#define CKM_DES_OFB64 0x00000150
++#define CKM_DES_OFB8 0x00000151
++#define CKM_DES_CFB64 0x00000152
++#define CKM_DES_CFB8 0x00000153
++
++#define CKM_MD2 0x00000200
++
++/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
++#define CKM_MD2_HMAC 0x00000201
++#define CKM_MD2_HMAC_GENERAL 0x00000202
++
++#define CKM_MD5 0x00000210
++
++/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
++#define CKM_MD5_HMAC 0x00000211
++#define CKM_MD5_HMAC_GENERAL 0x00000212
++
++#define CKM_SHA_1 0x00000220
++
++/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
++#define CKM_SHA_1_HMAC 0x00000221
++#define CKM_SHA_1_HMAC_GENERAL 0x00000222
++
++/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
++ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
++ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
++#define CKM_RIPEMD128 0x00000230
++#define CKM_RIPEMD128_HMAC 0x00000231
++#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
++#define CKM_RIPEMD160 0x00000240
++#define CKM_RIPEMD160_HMAC 0x00000241
++#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256 0x00000250
++#define CKM_SHA256_HMAC 0x00000251
++#define CKM_SHA256_HMAC_GENERAL 0x00000252
++
++/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224 0x00000255
++#define CKM_SHA224_HMAC 0x00000256
++#define CKM_SHA224_HMAC_GENERAL 0x00000257
++
++#define CKM_SHA384 0x00000260
++#define CKM_SHA384_HMAC 0x00000261
++#define CKM_SHA384_HMAC_GENERAL 0x00000262
++#define CKM_SHA512 0x00000270
++#define CKM_SHA512_HMAC 0x00000271
++#define CKM_SHA512_HMAC_GENERAL 0x00000272
++
++/* SecurID is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_SECURID_KEY_GEN 0x00000280
++#define CKM_SECURID 0x00000282
++
++/* HOTP is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_HOTP_KEY_GEN 0x00000290
++#define CKM_HOTP 0x00000291
++
++/* ACTI is new for PKCS #11 v2.20 amendment 1 */
++#define CKM_ACTI 0x000002A0
++#define CKM_ACTI_KEY_GEN 0x000002A1
++
++/* All of the following mechanisms are new for v2.0 */
++/* Note that CAST128 and CAST5 are the same algorithm */
++#define CKM_CAST_KEY_GEN 0x00000300
++#define CKM_CAST_ECB 0x00000301
++#define CKM_CAST_CBC 0x00000302
++#define CKM_CAST_MAC 0x00000303
++#define CKM_CAST_MAC_GENERAL 0x00000304
++#define CKM_CAST_CBC_PAD 0x00000305
++#define CKM_CAST3_KEY_GEN 0x00000310
++#define CKM_CAST3_ECB 0x00000311
++#define CKM_CAST3_CBC 0x00000312
++#define CKM_CAST3_MAC 0x00000313
++#define CKM_CAST3_MAC_GENERAL 0x00000314
++#define CKM_CAST3_CBC_PAD 0x00000315
++#define CKM_CAST5_KEY_GEN 0x00000320
++#define CKM_CAST128_KEY_GEN 0x00000320
++#define CKM_CAST5_ECB 0x00000321
++#define CKM_CAST128_ECB 0x00000321
++#define CKM_CAST5_CBC 0x00000322
++#define CKM_CAST128_CBC 0x00000322
++#define CKM_CAST5_MAC 0x00000323
++#define CKM_CAST128_MAC 0x00000323
++#define CKM_CAST5_MAC_GENERAL 0x00000324
++#define CKM_CAST128_MAC_GENERAL 0x00000324
++#define CKM_CAST5_CBC_PAD 0x00000325
++#define CKM_CAST128_CBC_PAD 0x00000325
++#define CKM_RC5_KEY_GEN 0x00000330
++#define CKM_RC5_ECB 0x00000331
++#define CKM_RC5_CBC 0x00000332
++#define CKM_RC5_MAC 0x00000333
++#define CKM_RC5_MAC_GENERAL 0x00000334
++#define CKM_RC5_CBC_PAD 0x00000335
++#define CKM_IDEA_KEY_GEN 0x00000340
++#define CKM_IDEA_ECB 0x00000341
++#define CKM_IDEA_CBC 0x00000342
++#define CKM_IDEA_MAC 0x00000343
++#define CKM_IDEA_MAC_GENERAL 0x00000344
++#define CKM_IDEA_CBC_PAD 0x00000345
++#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
++#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
++#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
++#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
++#define CKM_XOR_BASE_AND_DATA 0x00000364
++#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
++#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
++#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
++#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
++
++/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
++ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
++ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
++#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
++#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
++#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
++#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
++#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
++
++/* CKM_TLS_PRF is new for v2.20 */
++#define CKM_TLS_PRF 0x00000378
++
++#define CKM_SSL3_MD5_MAC 0x00000380
++#define CKM_SSL3_SHA1_MAC 0x00000381
++#define CKM_MD5_KEY_DERIVATION 0x00000390
++#define CKM_MD2_KEY_DERIVATION 0x00000391
++#define CKM_SHA1_KEY_DERIVATION 0x00000392
++
++/* CKM_SHA256/384/512 are new for v2.20 */
++#define CKM_SHA256_KEY_DERIVATION 0x00000393
++#define CKM_SHA384_KEY_DERIVATION 0x00000394
++#define CKM_SHA512_KEY_DERIVATION 0x00000395
++
++/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_SHA224_KEY_DERIVATION 0x00000396
++
++#define CKM_PBE_MD2_DES_CBC 0x000003A0
++#define CKM_PBE_MD5_DES_CBC 0x000003A1
++#define CKM_PBE_MD5_CAST_CBC 0x000003A2
++#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
++#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
++#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
++#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
++#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
++#define CKM_PBE_SHA1_RC4_128 0x000003A6
++#define CKM_PBE_SHA1_RC4_40 0x000003A7
++#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
++#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
++#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
++#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
++
++/* CKM_PKCS5_PBKD2 is new for v2.10 */
++#define CKM_PKCS5_PBKD2 0x000003B0
++
++#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
++
++/* WTLS mechanisms are new for v2.20 */
++#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
++#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
++#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
++#define CKM_WTLS_PRF 0x000003D3
++#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
++#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
++
++#define CKM_KEY_WRAP_LYNKS 0x00000400
++#define CKM_KEY_WRAP_SET_OAEP 0x00000401
++
++/* CKM_CMS_SIG is new for v2.20 */
++#define CKM_CMS_SIG 0x00000500
++
++/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
++#define CKM_KIP_DERIVE 0x00000510
++#define CKM_KIP_WRAP 0x00000511
++#define CKM_KIP_MAC 0x00000512
++
++/* Camellia is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_CAMELLIA_KEY_GEN 0x00000550
++#define CKM_CAMELLIA_ECB 0x00000551
++#define CKM_CAMELLIA_CBC 0x00000552
++#define CKM_CAMELLIA_MAC 0x00000553
++#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
++#define CKM_CAMELLIA_CBC_PAD 0x00000555
++#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
++#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
++#define CKM_CAMELLIA_CTR 0x00000558
++
++/* ARIA is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_ARIA_KEY_GEN 0x00000560
++#define CKM_ARIA_ECB 0x00000561
++#define CKM_ARIA_CBC 0x00000562
++#define CKM_ARIA_MAC 0x00000563
++#define CKM_ARIA_MAC_GENERAL 0x00000564
++#define CKM_ARIA_CBC_PAD 0x00000565
++#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
++#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
++
++/* Fortezza mechanisms */
++#define CKM_SKIPJACK_KEY_GEN 0x00001000
++#define CKM_SKIPJACK_ECB64 0x00001001
++#define CKM_SKIPJACK_CBC64 0x00001002
++#define CKM_SKIPJACK_OFB64 0x00001003
++#define CKM_SKIPJACK_CFB64 0x00001004
++#define CKM_SKIPJACK_CFB32 0x00001005
++#define CKM_SKIPJACK_CFB16 0x00001006
++#define CKM_SKIPJACK_CFB8 0x00001007
++#define CKM_SKIPJACK_WRAP 0x00001008
++#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
++#define CKM_SKIPJACK_RELAYX 0x0000100a
++#define CKM_KEA_KEY_PAIR_GEN 0x00001010
++#define CKM_KEA_KEY_DERIVE 0x00001011
++#define CKM_FORTEZZA_TIMESTAMP 0x00001020
++#define CKM_BATON_KEY_GEN 0x00001030
++#define CKM_BATON_ECB128 0x00001031
++#define CKM_BATON_ECB96 0x00001032
++#define CKM_BATON_CBC128 0x00001033
++#define CKM_BATON_COUNTER 0x00001034
++#define CKM_BATON_SHUFFLE 0x00001035
++#define CKM_BATON_WRAP 0x00001036
++
++/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
++ * CKM_EC_KEY_PAIR_GEN is preferred */
++#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
++#define CKM_EC_KEY_PAIR_GEN 0x00001040
++
++#define CKM_ECDSA 0x00001041
++#define CKM_ECDSA_SHA1 0x00001042
++
++/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
++ * are new for v2.11 */
++#define CKM_ECDH1_DERIVE 0x00001050
++#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
++#define CKM_ECMQV_DERIVE 0x00001052
++
++#define CKM_JUNIPER_KEY_GEN 0x00001060
++#define CKM_JUNIPER_ECB128 0x00001061
++#define CKM_JUNIPER_CBC128 0x00001062
++#define CKM_JUNIPER_COUNTER 0x00001063
++#define CKM_JUNIPER_SHUFFLE 0x00001064
++#define CKM_JUNIPER_WRAP 0x00001065
++#define CKM_FASTHASH 0x00001070
++
++/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
++ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
++ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
++ * new for v2.11 */
++#define CKM_AES_KEY_GEN 0x00001080
++#define CKM_AES_ECB 0x00001081
++#define CKM_AES_CBC 0x00001082
++#define CKM_AES_MAC 0x00001083
++#define CKM_AES_MAC_GENERAL 0x00001084
++#define CKM_AES_CBC_PAD 0x00001085
++
++/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
++#define CKM_AES_CTR 0x00001086
++
++/* BlowFish and TwoFish are new for v2.20 */
++#define CKM_BLOWFISH_KEY_GEN 0x00001090
++#define CKM_BLOWFISH_CBC 0x00001091
++#define CKM_TWOFISH_KEY_GEN 0x00001092
++#define CKM_TWOFISH_CBC 0x00001093
++
++
++/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
++#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
++#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
++#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
++#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
++#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
++#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
++
++#define CKM_DSA_PARAMETER_GEN 0x00002000
++#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
++#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
++
++#define CKM_VENDOR_DEFINED 0x80000000
++
++typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
++
++
++/* CK_MECHANISM is a structure that specifies a particular
++ * mechanism */
++typedef struct CK_MECHANISM {
++ CK_MECHANISM_TYPE mechanism;
++ CK_VOID_PTR pParameter;
++
++ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulParameterLen; /* in bytes */
++} CK_MECHANISM;
++
++typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
++
++
++/* CK_MECHANISM_INFO provides information about a particular
++ * mechanism */
++typedef struct CK_MECHANISM_INFO {
++ CK_ULONG ulMinKeySize;
++ CK_ULONG ulMaxKeySize;
++ CK_FLAGS flags;
++} CK_MECHANISM_INFO;
++
++/* The flags are defined as follows:
++ * Bit Flag Mask Meaning */
++#define CKF_HW 0x00000001 /* performed by HW */
++
++/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
++ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
++ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
++ * and CKF_DERIVE are new for v2.0. They specify whether or not
++ * a mechanism can be used for a particular task */
++#define CKF_ENCRYPT 0x00000100
++#define CKF_DECRYPT 0x00000200
++#define CKF_DIGEST 0x00000400
++#define CKF_SIGN 0x00000800
++#define CKF_SIGN_RECOVER 0x00001000
++#define CKF_VERIFY 0x00002000
++#define CKF_VERIFY_RECOVER 0x00004000
++#define CKF_GENERATE 0x00008000
++#define CKF_GENERATE_KEY_PAIR 0x00010000
++#define CKF_WRAP 0x00020000
++#define CKF_UNWRAP 0x00040000
++#define CKF_DERIVE 0x00080000
++
++/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
++ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
++ * describe a token's EC capabilities not available in mechanism
++ * information. */
++#define CKF_EC_F_P 0x00100000
++#define CKF_EC_F_2M 0x00200000
++#define CKF_EC_ECPARAMETERS 0x00400000
++#define CKF_EC_NAMEDCURVE 0x00800000
++#define CKF_EC_UNCOMPRESS 0x01000000
++#define CKF_EC_COMPRESS 0x02000000
++
++#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
++
++typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
++
++
++/* CK_RV is a value that identifies the return value of a
++ * Cryptoki function */
++/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
++typedef CK_ULONG CK_RV;
++
++#define CKR_OK 0x00000000
++#define CKR_CANCEL 0x00000001
++#define CKR_HOST_MEMORY 0x00000002
++#define CKR_SLOT_ID_INVALID 0x00000003
++
++/* CKR_FLAGS_INVALID was removed for v2.0 */
++
++/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
++#define CKR_GENERAL_ERROR 0x00000005
++#define CKR_FUNCTION_FAILED 0x00000006
++
++/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
++ * and CKR_CANT_LOCK are new for v2.01 */
++#define CKR_ARGUMENTS_BAD 0x00000007
++#define CKR_NO_EVENT 0x00000008
++#define CKR_NEED_TO_CREATE_THREADS 0x00000009
++#define CKR_CANT_LOCK 0x0000000A
++
++#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
++#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
++#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
++#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
++#define CKR_DATA_INVALID 0x00000020
++#define CKR_DATA_LEN_RANGE 0x00000021
++#define CKR_DEVICE_ERROR 0x00000030
++#define CKR_DEVICE_MEMORY 0x00000031
++#define CKR_DEVICE_REMOVED 0x00000032
++#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
++#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
++#define CKR_FUNCTION_CANCELED 0x00000050
++#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
++
++/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
++#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
++
++#define CKR_KEY_HANDLE_INVALID 0x00000060
++
++/* CKR_KEY_SENSITIVE was removed for v2.0 */
++
++#define CKR_KEY_SIZE_RANGE 0x00000062
++#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
++
++/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
++ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
++ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
++ * v2.0 */
++#define CKR_KEY_NOT_NEEDED 0x00000064
++#define CKR_KEY_CHANGED 0x00000065
++#define CKR_KEY_NEEDED 0x00000066
++#define CKR_KEY_INDIGESTIBLE 0x00000067
++#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
++#define CKR_KEY_NOT_WRAPPABLE 0x00000069
++#define CKR_KEY_UNEXTRACTABLE 0x0000006A
++
++#define CKR_MECHANISM_INVALID 0x00000070
++#define CKR_MECHANISM_PARAM_INVALID 0x00000071
++
++/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
++ * were removed for v2.0 */
++#define CKR_OBJECT_HANDLE_INVALID 0x00000082
++#define CKR_OPERATION_ACTIVE 0x00000090
++#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
++#define CKR_PIN_INCORRECT 0x000000A0
++#define CKR_PIN_INVALID 0x000000A1
++#define CKR_PIN_LEN_RANGE 0x000000A2
++
++/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
++#define CKR_PIN_EXPIRED 0x000000A3
++#define CKR_PIN_LOCKED 0x000000A4
++
++#define CKR_SESSION_CLOSED 0x000000B0
++#define CKR_SESSION_COUNT 0x000000B1
++#define CKR_SESSION_HANDLE_INVALID 0x000000B3
++#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
++#define CKR_SESSION_READ_ONLY 0x000000B5
++#define CKR_SESSION_EXISTS 0x000000B6
++
++/* CKR_SESSION_READ_ONLY_EXISTS and
++ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
++#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
++#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
++
++#define CKR_SIGNATURE_INVALID 0x000000C0
++#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
++#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
++#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
++#define CKR_TOKEN_NOT_PRESENT 0x000000E0
++#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
++#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
++#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
++#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
++#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
++#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
++#define CKR_USER_NOT_LOGGED_IN 0x00000101
++#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
++#define CKR_USER_TYPE_INVALID 0x00000103
++
++/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
++ * are new to v2.01 */
++#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
++#define CKR_USER_TOO_MANY_TYPES 0x00000105
++
++#define CKR_WRAPPED_KEY_INVALID 0x00000110
++#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
++#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
++#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
++#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
++#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
++
++/* These are new to v2.0 */
++#define CKR_RANDOM_NO_RNG 0x00000121
++
++/* These are new to v2.11 */
++#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
++
++/* These are new to v2.0 */
++#define CKR_BUFFER_TOO_SMALL 0x00000150
++#define CKR_SAVED_STATE_INVALID 0x00000160
++#define CKR_INFORMATION_SENSITIVE 0x00000170
++#define CKR_STATE_UNSAVEABLE 0x00000180
++
++/* These are new to v2.01 */
++#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
++#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
++#define CKR_MUTEX_BAD 0x000001A0
++#define CKR_MUTEX_NOT_LOCKED 0x000001A1
++
++/* The following return values are new for PKCS #11 v2.20 amendment 3 */
++#define CKR_NEW_PIN_MODE 0x000001B0
++#define CKR_NEXT_OTP 0x000001B1
++
++/* This is new to v2.20 */
++#define CKR_FUNCTION_REJECTED 0x00000200
++
++#define CKR_VENDOR_DEFINED 0x80000000
++
++
++/* CK_NOTIFY is an application callback that processes events */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
++ CK_SESSION_HANDLE hSession, /* the session's handle */
++ CK_NOTIFICATION event,
++ CK_VOID_PTR pApplication /* passed to C_OpenSession */
++);
++
++
++/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
++ * version and pointers of appropriate types to all the
++ * Cryptoki functions */
++/* CK_FUNCTION_LIST is new for v2.0 */
++typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
++
++typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
++
++typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
++
++
++/* CK_CREATEMUTEX is an application callback for creating a
++ * mutex object */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
++ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
++);
++
++
++/* CK_DESTROYMUTEX is an application callback for destroying a
++ * mutex object */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_LOCKMUTEX is an application callback for locking a mutex */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_UNLOCKMUTEX is an application callback for unlocking a
++ * mutex */
++typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
++ CK_VOID_PTR pMutex /* pointer to mutex */
++);
++
++
++/* CK_C_INITIALIZE_ARGS provides the optional arguments to
++ * C_Initialize */
++typedef struct CK_C_INITIALIZE_ARGS {
++ CK_CREATEMUTEX CreateMutex;
++ CK_DESTROYMUTEX DestroyMutex;
++ CK_LOCKMUTEX LockMutex;
++ CK_UNLOCKMUTEX UnlockMutex;
++ CK_FLAGS flags;
++ CK_VOID_PTR pReserved;
++} CK_C_INITIALIZE_ARGS;
++
++/* flags: bit flags that provide capabilities of the slot
++ * Bit Flag Mask Meaning
++ */
++#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
++#define CKF_OS_LOCKING_OK 0x00000002
++
++typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
++
++
++/* additional flags for parameters to functions */
++
++/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
++#define CKF_DONT_BLOCK 1
++
++/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
++ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
++ * Generation Function (MGF) applied to a message block when
++ * formatting a message block for the PKCS #1 OAEP encryption
++ * scheme. */
++typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
++
++typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
++
++/* The following MGFs are defined */
++/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
++ * are new for v2.20 */
++#define CKG_MGF1_SHA1 0x00000001
++#define CKG_MGF1_SHA256 0x00000002
++#define CKG_MGF1_SHA384 0x00000003
++#define CKG_MGF1_SHA512 0x00000004
++/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
++#define CKG_MGF1_SHA224 0x00000005
++
++/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
++ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
++ * of the encoding parameter when formatting a message block
++ * for the PKCS #1 OAEP encryption scheme. */
++typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
++
++typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
++
++/* The following encoding parameter sources are defined */
++#define CKZ_DATA_SPECIFIED 0x00000001
++
++/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
++ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
++ * CKM_RSA_PKCS_OAEP mechanism. */
++typedef struct CK_RSA_PKCS_OAEP_PARAMS {
++ CK_MECHANISM_TYPE hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
++ CK_VOID_PTR pSourceData;
++ CK_ULONG ulSourceDataLen;
++} CK_RSA_PKCS_OAEP_PARAMS;
++
++typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
++
++/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
++ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
++ * CKM_RSA_PKCS_PSS mechanism(s). */
++typedef struct CK_RSA_PKCS_PSS_PARAMS {
++ CK_MECHANISM_TYPE hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ CK_ULONG sLen;
++} CK_RSA_PKCS_PSS_PARAMS;
++
++typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
++
++/* CK_EC_KDF_TYPE is new for v2.11. */
++typedef CK_ULONG CK_EC_KDF_TYPE;
++
++/* The following EC Key Derivation Functions are defined */
++#define CKD_NULL 0x00000001
++#define CKD_SHA1_KDF 0x00000002
++
++/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
++ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
++ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
++ * where each party contributes one key pair.
++ */
++typedef struct CK_ECDH1_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_ECDH1_DERIVE_PARAMS;
++
++typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
++
++
++/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
++ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
++ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
++typedef struct CK_ECDH2_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++} CK_ECDH2_DERIVE_PARAMS;
++
++typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
++
++typedef struct CK_ECMQV_DERIVE_PARAMS {
++ CK_EC_KDF_TYPE kdf;
++ CK_ULONG ulSharedDataLen;
++ CK_BYTE_PTR pSharedData;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++ CK_OBJECT_HANDLE publicKey;
++} CK_ECMQV_DERIVE_PARAMS;
++
++typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
++
++/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
++ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
++typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
++typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
++
++/* The following X9.42 DH key derivation functions are defined
++ (besides CKD_NULL already defined : */
++#define CKD_SHA1_KDF_ASN1 0x00000003
++#define CKD_SHA1_KDF_CONCATENATE 0x00000004
++
++/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
++ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
++ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
++ * contributes one key pair */
++typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_X9_42_DH1_DERIVE_PARAMS;
++
++typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
++
++/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
++ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
++ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
++ * mechanisms, where each party contributes two key pairs */
++typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++} CK_X9_42_DH2_DERIVE_PARAMS;
++
++typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
++
++typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
++ CK_X9_42_DH_KDF_TYPE kdf;
++ CK_ULONG ulOtherInfoLen;
++ CK_BYTE_PTR pOtherInfo;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ CK_ULONG ulPublicDataLen2;
++ CK_BYTE_PTR pPublicData2;
++ CK_OBJECT_HANDLE publicKey;
++} CK_X9_42_MQV_DERIVE_PARAMS;
++
++typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
++
++/* CK_KEA_DERIVE_PARAMS provides the parameters to the
++ * CKM_KEA_DERIVE mechanism */
++/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
++typedef struct CK_KEA_DERIVE_PARAMS {
++ CK_BBOOL isSender;
++ CK_ULONG ulRandomLen;
++ CK_BYTE_PTR pRandomA;
++ CK_BYTE_PTR pRandomB;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++} CK_KEA_DERIVE_PARAMS;
++
++typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
++
++
++/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
++ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
++ * holds the effective keysize */
++typedef CK_ULONG CK_RC2_PARAMS;
++
++typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
++
++
++/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
++ * mechanism */
++typedef struct CK_RC2_CBC_PARAMS {
++ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
++ * v2.0 */
++ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
++
++ CK_BYTE iv[8]; /* IV for CBC mode */
++} CK_RC2_CBC_PARAMS;
++
++typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
++
++
++/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
++ * CKM_RC2_MAC_GENERAL mechanism */
++/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef struct CK_RC2_MAC_GENERAL_PARAMS {
++ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
++ CK_ULONG ulMacLength; /* Length of MAC in bytes */
++} CK_RC2_MAC_GENERAL_PARAMS;
++
++typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
++ CK_RC2_MAC_GENERAL_PARAMS_PTR;
++
++
++/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
++ * CKM_RC5_MAC mechanisms */
++/* CK_RC5_PARAMS is new for v2.0 */
++typedef struct CK_RC5_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++} CK_RC5_PARAMS;
++
++typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
++
++
++/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
++ * mechanism */
++/* CK_RC5_CBC_PARAMS is new for v2.0 */
++typedef struct CK_RC5_CBC_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++ CK_BYTE_PTR pIv; /* pointer to IV */
++ CK_ULONG ulIvLen; /* length of IV in bytes */
++} CK_RC5_CBC_PARAMS;
++
++typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
++
++
++/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
++ * CKM_RC5_MAC_GENERAL mechanism */
++/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef struct CK_RC5_MAC_GENERAL_PARAMS {
++ CK_ULONG ulWordsize; /* wordsize in bits */
++ CK_ULONG ulRounds; /* number of rounds */
++ CK_ULONG ulMacLength; /* Length of MAC in bytes */
++} CK_RC5_MAC_GENERAL_PARAMS;
++
++typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
++ CK_RC5_MAC_GENERAL_PARAMS_PTR;
++
++
++/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
++ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
++ * the MAC */
++/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
++typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
++
++typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
++
++/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
++typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[8];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
++ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
++/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
++typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
++ CK_ULONG ulPasswordLen;
++ CK_BYTE_PTR pPassword;
++ CK_ULONG ulPublicDataLen;
++ CK_BYTE_PTR pPublicData;
++ CK_ULONG ulPAndGLen;
++ CK_ULONG ulQLen;
++ CK_ULONG ulRandomLen;
++ CK_BYTE_PTR pRandomA;
++ CK_BYTE_PTR pPrimeP;
++ CK_BYTE_PTR pBaseG;
++ CK_BYTE_PTR pSubprimeQ;
++} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
++
++typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
++ CK_SKIPJACK_PRIVATE_WRAP_PTR;
++
++
++/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
++ * CKM_SKIPJACK_RELAYX mechanism */
++/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
++typedef struct CK_SKIPJACK_RELAYX_PARAMS {
++ CK_ULONG ulOldWrappedXLen;
++ CK_BYTE_PTR pOldWrappedX;
++ CK_ULONG ulOldPasswordLen;
++ CK_BYTE_PTR pOldPassword;
++ CK_ULONG ulOldPublicDataLen;
++ CK_BYTE_PTR pOldPublicData;
++ CK_ULONG ulOldRandomLen;
++ CK_BYTE_PTR pOldRandomA;
++ CK_ULONG ulNewPasswordLen;
++ CK_BYTE_PTR pNewPassword;
++ CK_ULONG ulNewPublicDataLen;
++ CK_BYTE_PTR pNewPublicData;
++ CK_ULONG ulNewRandomLen;
++ CK_BYTE_PTR pNewRandomA;
++} CK_SKIPJACK_RELAYX_PARAMS;
++
++typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
++ CK_SKIPJACK_RELAYX_PARAMS_PTR;
++
++
++typedef struct CK_PBE_PARAMS {
++ CK_BYTE_PTR pInitVector;
++ CK_UTF8CHAR_PTR pPassword;
++ CK_ULONG ulPasswordLen;
++ CK_BYTE_PTR pSalt;
++ CK_ULONG ulSaltLen;
++ CK_ULONG ulIteration;
++} CK_PBE_PARAMS;
++
++typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
++
++
++/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
++ * CKM_KEY_WRAP_SET_OAEP mechanism */
++/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
++typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
++ CK_BYTE bBC; /* block contents byte */
++ CK_BYTE_PTR pX; /* extra data */
++ CK_ULONG ulXLen; /* length of extra data in bytes */
++} CK_KEY_WRAP_SET_OAEP_PARAMS;
++
++typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
++ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
++
++
++typedef struct CK_SSL3_RANDOM_DATA {
++ CK_BYTE_PTR pClientRandom;
++ CK_ULONG ulClientRandomLen;
++ CK_BYTE_PTR pServerRandom;
++ CK_ULONG ulServerRandomLen;
++} CK_SSL3_RANDOM_DATA;
++
++
++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
++ CK_SSL3_RANDOM_DATA RandomInfo;
++ CK_VERSION_PTR pVersion;
++} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
++
++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
++ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
++
++
++typedef struct CK_SSL3_KEY_MAT_OUT {
++ CK_OBJECT_HANDLE hClientMacSecret;
++ CK_OBJECT_HANDLE hServerMacSecret;
++ CK_OBJECT_HANDLE hClientKey;
++ CK_OBJECT_HANDLE hServerKey;
++ CK_BYTE_PTR pIVClient;
++ CK_BYTE_PTR pIVServer;
++} CK_SSL3_KEY_MAT_OUT;
++
++typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
++
++
++typedef struct CK_SSL3_KEY_MAT_PARAMS {
++ CK_ULONG ulMacSizeInBits;
++ CK_ULONG ulKeySizeInBits;
++ CK_ULONG ulIVSizeInBits;
++ CK_BBOOL bIsExport;
++ CK_SSL3_RANDOM_DATA RandomInfo;
++ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
++} CK_SSL3_KEY_MAT_PARAMS;
++
++typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
++
++/* CK_TLS_PRF_PARAMS is new for version 2.20 */
++typedef struct CK_TLS_PRF_PARAMS {
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++ CK_BYTE_PTR pLabel;
++ CK_ULONG ulLabelLen;
++ CK_BYTE_PTR pOutput;
++ CK_ULONG_PTR pulOutputLen;
++} CK_TLS_PRF_PARAMS;
++
++typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
++
++/* WTLS is new for version 2.20 */
++typedef struct CK_WTLS_RANDOM_DATA {
++ CK_BYTE_PTR pClientRandom;
++ CK_ULONG ulClientRandomLen;
++ CK_BYTE_PTR pServerRandom;
++ CK_ULONG ulServerRandomLen;
++} CK_WTLS_RANDOM_DATA;
++
++typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
++
++typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_WTLS_RANDOM_DATA RandomInfo;
++ CK_BYTE_PTR pVersion;
++} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
++
++typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
++ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
++
++typedef struct CK_WTLS_PRF_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++ CK_BYTE_PTR pLabel;
++ CK_ULONG ulLabelLen;
++ CK_BYTE_PTR pOutput;
++ CK_ULONG_PTR pulOutputLen;
++} CK_WTLS_PRF_PARAMS;
++
++typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
++
++typedef struct CK_WTLS_KEY_MAT_OUT {
++ CK_OBJECT_HANDLE hMacSecret;
++ CK_OBJECT_HANDLE hKey;
++ CK_BYTE_PTR pIV;
++} CK_WTLS_KEY_MAT_OUT;
++
++typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
++
++typedef struct CK_WTLS_KEY_MAT_PARAMS {
++ CK_MECHANISM_TYPE DigestMechanism;
++ CK_ULONG ulMacSizeInBits;
++ CK_ULONG ulKeySizeInBits;
++ CK_ULONG ulIVSizeInBits;
++ CK_ULONG ulSequenceNumber;
++ CK_BBOOL bIsExport;
++ CK_WTLS_RANDOM_DATA RandomInfo;
++ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
++} CK_WTLS_KEY_MAT_PARAMS;
++
++typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
++
++/* CMS is new for version 2.20 */
++typedef struct CK_CMS_SIG_PARAMS {
++ CK_OBJECT_HANDLE certificateHandle;
++ CK_MECHANISM_PTR pSigningMechanism;
++ CK_MECHANISM_PTR pDigestMechanism;
++ CK_UTF8CHAR_PTR pContentType;
++ CK_BYTE_PTR pRequestedAttributes;
++ CK_ULONG ulRequestedAttributesLen;
++ CK_BYTE_PTR pRequiredAttributes;
++ CK_ULONG ulRequiredAttributesLen;
++} CK_CMS_SIG_PARAMS;
++
++typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
++
++typedef struct CK_KEY_DERIVATION_STRING_DATA {
++ CK_BYTE_PTR pData;
++ CK_ULONG ulLen;
++} CK_KEY_DERIVATION_STRING_DATA;
++
++typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
++ CK_KEY_DERIVATION_STRING_DATA_PTR;
++
++
++/* The CK_EXTRACT_PARAMS is used for the
++ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
++ * of the base key should be used as the first bit of the
++ * derived key */
++/* CK_EXTRACT_PARAMS is new for v2.0 */
++typedef CK_ULONG CK_EXTRACT_PARAMS;
++
++typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
++
++/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
++ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
++ * indicate the Pseudo-Random Function (PRF) used to generate
++ * key bits using PKCS #5 PBKDF2. */
++typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
++
++typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
++
++/* The following PRFs are defined in PKCS #5 v2.0. */
++#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
++
++
++/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
++ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
++ * source of the salt value when deriving a key using PKCS #5
++ * PBKDF2. */
++typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
++
++typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
++
++/* The following salt value sources are defined in PKCS #5 v2.0. */
++#define CKZ_SALT_SPECIFIED 0x00000001
++
++/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
++ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
++ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
++typedef struct CK_PKCS5_PBKD2_PARAMS {
++ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
++ CK_VOID_PTR pSaltSourceData;
++ CK_ULONG ulSaltSourceDataLen;
++ CK_ULONG iterations;
++ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
++ CK_VOID_PTR pPrfData;
++ CK_ULONG ulPrfDataLen;
++ CK_UTF8CHAR_PTR pPassword;
++ CK_ULONG_PTR ulPasswordLen;
++} CK_PKCS5_PBKD2_PARAMS;
++
++typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
++
++/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
++
++typedef CK_ULONG CK_OTP_PARAM_TYPE;
++typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
++
++typedef struct CK_OTP_PARAM {
++ CK_OTP_PARAM_TYPE type;
++ CK_VOID_PTR pValue;
++ CK_ULONG ulValueLen;
++} CK_OTP_PARAM;
++
++typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
++
++typedef struct CK_OTP_PARAMS {
++ CK_OTP_PARAM_PTR pParams;
++ CK_ULONG ulCount;
++} CK_OTP_PARAMS;
++
++typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
++
++typedef struct CK_OTP_SIGNATURE_INFO {
++ CK_OTP_PARAM_PTR pParams;
++ CK_ULONG ulCount;
++} CK_OTP_SIGNATURE_INFO;
++
++typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
++#define CK_OTP_VALUE 0
++#define CK_OTP_PIN 1
++#define CK_OTP_CHALLENGE 2
++#define CK_OTP_TIME 3
++#define CK_OTP_COUNTER 4
++#define CK_OTP_FLAGS 5
++#define CK_OTP_OUTPUT_LENGTH 6
++#define CK_OTP_OUTPUT_FORMAT 7
++
++/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
++#define CKF_NEXT_OTP 0x00000001
++#define CKF_EXCLUDE_TIME 0x00000002
++#define CKF_EXCLUDE_COUNTER 0x00000004
++#define CKF_EXCLUDE_CHALLENGE 0x00000008
++#define CKF_EXCLUDE_PIN 0x00000010
++#define CKF_USER_FRIENDLY_OTP 0x00000020
++
++/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
++typedef struct CK_KIP_PARAMS {
++ CK_MECHANISM_PTR pMechanism;
++ CK_OBJECT_HANDLE hKey;
++ CK_BYTE_PTR pSeed;
++ CK_ULONG ulSeedLen;
++} CK_KIP_PARAMS;
++
++typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
++
++/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_AES_CTR_PARAMS {
++ CK_ULONG ulCounterBits;
++ CK_BYTE cb[16];
++} CK_AES_CTR_PARAMS;
++
++typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
++
++/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_CAMELLIA_CTR_PARAMS {
++ CK_ULONG ulCounterBits;
++ CK_BYTE cb[16];
++} CK_CAMELLIA_CTR_PARAMS;
++
++typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
++
++/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
++typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
++ CK_BYTE iv[16];
++ CK_BYTE_PTR pData;
++ CK_ULONG length;
++} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
++
++typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
++
++#endif
+Index: openssl/util/libeay.num
+diff -u openssl/util/libeay.num:1.8.2.1.4.1.2.1.4.1 openssl/util/libeay.num:1.12
+--- openssl/util/libeay.num:1.8.2.1.4.1.2.1.4.1 Mon Apr 14 12:42:50 2014
++++ openssl/util/libeay.num Mon Apr 14 12:44:22 2014
+@@ -4312,3 +4312,5 @@
+ BIO_s_datagram_sctp 4680 EXIST::FUNCTION:DGRAM,SCTP
+ BIO_dgram_is_sctp 4681 EXIST::FUNCTION:SCTP
+ BIO_dgram_sctp_notification_cb 4682 EXIST::FUNCTION:SCTP
++ENGINE_load_pk11ca 4683 EXIST::FUNCTION:HW_PKCS11CA,ENGINE
++ENGINE_load_pk11so 4683 EXIST::FUNCTION:HW_PKCS11SO,ENGINE
+Index: openssl/util/mk1mf.pl
+diff -u openssl/util/mk1mf.pl:1.9.2.1.4.1 openssl/util/mk1mf.pl:1.10
+--- openssl/util/mk1mf.pl:1.9.2.1.4.1 Tue Jun 19 15:30:18 2012
++++ openssl/util/mk1mf.pl Tue Jun 19 16:18:10 2012
+@@ -114,6 +114,8 @@
+ no-ecdh - No ECDH
+ no-engine - No engine
+ no-hw - No hw
++ no-hw-pkcs11ca - No hw PKCS#11 CA flavor
++ no-hw-pkcs11so - No hw PKCS#11 SO flavor
+ nasm - Use NASM for x86 asm
+ nw-nasm - Use NASM x86 asm for NetWare
+ nw-mwasm - Use Metrowerks x86 asm for NetWare
+@@ -278,6 +280,8 @@
+ $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
+ $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
+ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
++$cflags.=" -DOPENSSL_NO_HW_PKCS11CA" if $no_hw_pkcs11ca;
++$cflags.=" -DOPENSSL_NO_HW_PKCS11SO" if $no_hw_pkcs11so;
+ $cflags.=" -DOPENSSL_FIPS" if $fips;
+ $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
+ $cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
+@@ -345,6 +349,9 @@
+ $dir=$val;
+ }
+
++ if ($key eq "PK11_LIB_LOCATION")
++ { $cflags .= " -D$key=\\\"$val\\\"" if $val ne "";}
++
+ if ($key eq "KRB5_INCLUDES")
+ { $cflags .= " $val";}
+
+@@ -1131,6 +1138,8 @@
+ "no-gost" => \$no_gost,
+ "no-engine" => \$no_engine,
+ "no-hw" => \$no_hw,
++ "no-hw-pkcs11ca" => \$no_hw_pkcs11ca,
++ "no-hw-pkcs11so" => \$no_hw_pkcs11so,
+ "no-rsax" => 0,
+ "just-ssl" =>
+ [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
+Index: openssl/util/mkdef.pl
+diff -u openssl/util/mkdef.pl:1.7.2.1.4.1 openssl/util/mkdef.pl:1.9
+--- openssl/util/mkdef.pl:1.7.2.1.4.1 Tue Jun 19 15:30:18 2012
++++ openssl/util/mkdef.pl Tue Jun 19 16:18:10 2012
+@@ -96,7 +96,7 @@
+ # External "algorithms"
+ "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
+ # Engines
+- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
++ "STATIC_ENGINE", "ENGINE", "HW", "GMP", "HW_PKCS11CA", "HW_PKCS11SO",
+ # RFC3779
+ "RFC3779",
+ # TLS
+@@ -133,6 +133,7 @@
+ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+ my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
++my $no_pkcs11ca; my $no_pkcs11so;
+ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
+ my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+ my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
+@@ -235,6 +236,8 @@
+ elsif (/^no-jpake$/) { $no_jpake=1; }
+ elsif (/^no-srp$/) { $no_srp=1; }
+ elsif (/^no-sctp$/) { $no_sctp=1; }
++ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
++ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
+ }
+
+
+@@ -1189,6 +1192,8 @@
+ if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+ if ($keyword eq "ENGINE" && $no_engine) { return 0; }
+ if ($keyword eq "HW" && $no_hw) { return 0; }
++ if ($keyword eq "HW_PKCS11CA" && $no_pkcs11ca) { return 0; }
++ if ($keyword eq "HW_PKCS11SO" && $no_pkcs11so) { return 0; }
+ if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+ if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
+ if ($keyword eq "GMP" && $no_gmp) { return 0; }
+Index: openssl/util/pl/VC-32.pl
+diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1.4.1 openssl/util/pl/VC-32.pl:1.10
+--- openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1.4.1 Mon Apr 14 12:42:50 2014
++++ openssl/util/pl/VC-32.pl Mon Apr 14 12:44:22 2014
+@@ -48,7 +48,7 @@
+ my $f = $shlib || $fips ?' /MD':' /MT';
+ $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
+ $opt_cflags=$f.' /Ox';
+- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
++ $dbg_cflags=$f.'d /Od /Zi -DDEBUG -D_DEBUG';
+ $lflags="/nologo /subsystem:console /opt:ref";
+
+ *::perlasm_compile_target = sub {
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-destroy.8
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-destroy.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-destroy.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: pkcs11-destroy.8,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id: pkcs11-destroy.8,v 1.3 2009/10/06 04:40:14 tbox Exp $
.\"
.hy 0
.ad l
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-destroy.c
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-destroy.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-destroy.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -38,7 +38,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: pkcs11-destroy.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: pkcs11-destroy.c,v 1.8 2010/01/13 21:19:52 fdupont Exp $ */
/* pkcs11-destroy [-m module] [-s $slot] [-i $id | -l $label] [-p $pin] */
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-destroy.docbook
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-destroy.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-destroy.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11-destroy.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.pkcs11-destroy">
<refentryinfo>
- <date>Sep 18, 2009</date>
+ <date>October 05, 2009</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<docinfo>
<copyright>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -126,10 +126,10 @@
<title>SEE ALSO</title>
<para>
<citerefentry>
- <refentrytitle>pkcs11-list</refentrytitle><manvolnum>3</manvolnum>
+ <refentrytitle>pkcs11-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pkcs11-keygen</refentrytitle><manvolnum>3</manvolnum>
+ <refentrytitle>pkcs11-list</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-destroy.html
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-destroy.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-destroy.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11-destroy.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id: pkcs11-destroy.html,v 1.3 2009/10/06 04:40:14 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-keygen.8
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-keygen.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-keygen.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: pkcs11-keygen.8,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id: pkcs11-keygen.8,v 1.4 2009/10/06 04:40:14 tbox Exp $
.\"
.hy 0
.ad l
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-keygen.c
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-keygen.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-keygen.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -38,7 +38,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: pkcs11-keygen.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: pkcs11-keygen.c,v 1.9 2009/10/26 23:36:53 each Exp $ */
/* pkcs11-keygen - pkcs11 rsa key generator
*
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-keygen.docbook
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-keygen.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-keygen.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11-keygen.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.pkcs11-keygen">
<refentryinfo>
- <date>Sep 18, 2009</date>
+ <date>October 05, 2009</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<docinfo>
<copyright>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-keygen.html
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-keygen.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-keygen.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11-keygen.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id: pkcs11-keygen.html,v 1.4 2009/10/06 04:40:14 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-list.8
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-list.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-list.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: pkcs11-list.8,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id: pkcs11-list.8,v 1.3 2009/10/06 04:40:14 tbox Exp $
.\"
.hy 0
.ad l
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-list.c
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-list.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-list.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -38,7 +38,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: pkcs11-list.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: pkcs11-list.c,v 1.7 2009/10/26 23:36:53 each Exp $ */
/* pkcs11-list [-P] [-m module] [-s slot] [-i $id | -l $label] [-p $pin] */
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-list.docbook
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-list.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-list.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11-list.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.pkcs11-list">
<refentryinfo>
- <date>Sep 18, 2009</date>
+ <date>October 05, 2009</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<docinfo>
<copyright>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -130,10 +130,10 @@
<title>SEE ALSO</title>
<para>
<citerefentry>
- <refentrytitle>pkcs11-keygen</refentrytitle><manvolnum>3</manvolnum>
+ <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>3</manvolnum>
+ <refentrytitle>pkcs11-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
Modified: vendor/bind/dist/bin/pkcs11/pkcs11-list.html
===================================================================
--- vendor/bind/dist/bin/pkcs11/pkcs11-list.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/pkcs11-list.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11-list.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id: pkcs11-list.html,v 1.3 2009/10/06 04:40:14 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
Modified: vendor/bind/dist/bin/pkcs11/unix/cryptoki.h
===================================================================
--- vendor/bind/dist/bin/pkcs11/unix/cryptoki.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/unix/cryptoki.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Revision: 1.1.1.1 $ */
+/* $Revision: 1.3 $ */
/*
* Portions Copyright RSA Security Inc.
Modified: vendor/bind/dist/bin/pkcs11/unix/unix.c
===================================================================
--- vendor/bind/dist/bin/pkcs11/unix/unix.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/unix/unix.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: unix.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: unix.c,v 1.4 2009/10/26 23:47:35 tbox Exp $ */
/* $Id */
Modified: vendor/bind/dist/bin/pkcs11/win32/cryptoki.h
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/cryptoki.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/cryptoki.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/* cryptoki.h include file for PKCS #11. */
-/* $Revision: 1.1.1.1 $ */
+/* $Revision: 1.2 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
Deleted: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,119 +0,0 @@
-# Microsoft Developer Studio Project File - Name="pk11destroy" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=pk11destroy - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "pk11destroy.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "pk11destroy.mak" CFG="pk11destroy - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "pk11destroy - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "pk11destroy - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "pk11destroy - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/pkcs11-destroy.exe"
-
-!ELSEIF "$(CFG)" == "pk11destroy - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/pkcs11-destroy.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "pk11destroy - Win32 Release"
-# Name "pk11destroy - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\pkcs11-destroy.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=".\cryptoki.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11t.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11f.h"
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp.in (rev 0)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11destroy.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,119 @@
+# Microsoft Developer Studio Project File - Name="pk11destroy" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=pk11destroy - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "pk11destroy.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "pk11destroy.mak" CFG="pk11destroy - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "pk11destroy - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "pk11destroy - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "pk11destroy - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/pkcs11-destroy.exe"
+
+!ELSEIF "$(CFG)" == "pk11destroy - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/pkcs11-destroy.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "pk11destroy - @PLATFORM@ Release"
+# Name "pk11destroy - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\pkcs11-destroy.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=".\cryptoki.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11t.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11f.h"
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,296 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on pk11destroy.dsp
-!IF "$(CFG)" == ""
-CFG=pk11destroy - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to pk11destroy - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "pk11destroy - Win32 Release" && "$(CFG)" != "pk11destroy - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "pk11destroy.mak" CFG="pk11destroy - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "pk11destroy - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "pk11destroy - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "pk11destroy - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "pk11destroy - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\pkcs11-destroy.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\pkcs11-destroy.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\pkcs11-destroy.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /Fp"$(INTDIR)\pk11destroy.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11destroy.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\pkcs11-destroy.pdb" /machine:I386 /out:"../../../Build/Release/pkcs11-destroy.exe"
-LINK32_OBJS= "$(INTDIR)\pkcs11-destroy.obj"
-
-"..\..\..\Build\Release\pkcs11-destroy.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "pk11destroy - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\pkcs11-destroy.exe" "$(OUTDIR)\pk11destroy.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\pkcs11-destroy.obj"
- - at erase "$(INTDIR)\pkcs11-destroy.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\pkcs11-destroy.pdb"
- - at erase "$(OUTDIR)\pk11destroy.bsc"
- - at erase "..\..\..\Build\Debug\pkcs11-destroy.exe"
- - at erase "..\..\..\Build\Debug\pkcs11-destroy.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11destroy.bsc"
-BSC32_SBRS= "$(INTDIR)\pkcs11-destroy.sbr"
-
-"$(OUTDIR)\pk11destroy.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\pkcs11-destroy.pdb" /debug /machine:I386 /out:"../../../Build/Debug/pkcs11-destroy.exe" /pdbtype:sept
-LINK32_OBJS= "$(INTDIR)\pkcs11-destroy.obj"
-
-"..\..\..\Build\Debug\pkcs11-destroy.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("pk11destroy.dep")
-!INCLUDE "pk11destroy.dep"
-!ELSE
-!MESSAGE Warning: cannot find "pk11destroy.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "pk11destroy - Win32 Release" || "$(CFG)" == "pk11destroy - Win32 Debug"
-SOURCE="..\pkcs11-destroy.c"
-
-!IF "$(CFG)" == "pk11destroy - Win32 Release"
-
-
-"$(INTDIR)\pkcs11-destroy.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "pk11destroy - Win32 Debug"
-
-
-"$(INTDIR)\pkcs11-destroy.obj" "$(INTDIR)\pkcs11-destroy.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak.in (rev 0)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11destroy.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,296 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on pk11destroy.dsp
+!IF "$(CFG)" == ""
+CFG=pk11destroy - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to pk11destroy - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "pk11destroy - @PLATFORM@ Release" && "$(CFG)" != "pk11destroy - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "pk11destroy.mak" CFG="pk11destroy - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "pk11destroy - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "pk11destroy - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "pk11destroy - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "pk11destroy - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\pkcs11-destroy.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\pkcs11-destroy.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\pkcs11-destroy.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /Fp"$(INTDIR)\pk11destroy.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11destroy.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\pkcs11-destroy.pdb" @MACHINE@ /out:"../../../Build/Release/pkcs11-destroy.exe"
+LINK32_OBJS= "$(INTDIR)\pkcs11-destroy.obj"
+
+"..\..\..\Build\Release\pkcs11-destroy.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "pk11destroy - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\pkcs11-destroy.exe" "$(OUTDIR)\pk11destroy.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\pkcs11-destroy.obj"
+ - at erase "$(INTDIR)\pkcs11-destroy.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\pkcs11-destroy.pdb"
+ - at erase "$(OUTDIR)\pk11destroy.bsc"
+ - at erase "..\..\..\Build\Debug\pkcs11-destroy.exe"
+ - at erase "..\..\..\Build\Debug\pkcs11-destroy.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11destroy.bsc"
+BSC32_SBRS= "$(INTDIR)\pkcs11-destroy.sbr"
+
+"$(OUTDIR)\pk11destroy.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\pkcs11-destroy.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/pkcs11-destroy.exe" /pdbtype:sept
+LINK32_OBJS= "$(INTDIR)\pkcs11-destroy.obj"
+
+"..\..\..\Build\Debug\pkcs11-destroy.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("pk11destroy.dep")
+!INCLUDE "pk11destroy.dep"
+!ELSE
+!MESSAGE Warning: cannot find "pk11destroy.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "pk11destroy - @PLATFORM@ Release" || "$(CFG)" == "pk11destroy - @PLATFORM@ Debug"
+SOURCE="..\pkcs11-destroy.c"
+
+!IF "$(CFG)" == "pk11destroy - @PLATFORM@ Release"
+
+
+"$(INTDIR)\pkcs11-destroy.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "pk11destroy - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\pkcs11-destroy.obj" "$(INTDIR)\pkcs11-destroy.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Deleted: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,119 +0,0 @@
-# Microsoft Developer Studio Project File - Name="pk11keygen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=pk11keygen - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "pk11keygen.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "pk11keygen.mak" CFG="pk11keygen - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "pk11keygen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "pk11keygen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "pk11keygen - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/pkcs11-keygen.exe"
-
-!ELSEIF "$(CFG)" == "pk11keygen - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/pkcs11-keygen.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "pk11keygen - Win32 Release"
-# Name "pk11keygen - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\pkcs11-keygen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=".\cryptoki.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11t.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11f.h"
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp.in (rev 0)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11keygen.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,119 @@
+# Microsoft Developer Studio Project File - Name="pk11keygen" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=pk11keygen - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "pk11keygen.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "pk11keygen.mak" CFG="pk11keygen - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "pk11keygen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "pk11keygen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "pk11keygen - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/pkcs11-keygen.exe"
+
+!ELSEIF "$(CFG)" == "pk11keygen - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/pkcs11-keygen.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "pk11keygen - @PLATFORM@ Release"
+# Name "pk11keygen - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\pkcs11-keygen.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=".\cryptoki.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11t.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11f.h"
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,296 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on pk11keygen.dsp
-!IF "$(CFG)" == ""
-CFG=pk11keygen - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to pk11keygen - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "pk11keygen - Win32 Release" && "$(CFG)" != "pk11keygen - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "pk11keygen.mak" CFG="pk11keygen - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "pk11keygen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "pk11keygen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "pk11keygen - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "pk11keygen - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\pkcs11-keygen.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\pkcs11-keygen.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\pkcs11-keygen.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /Fp"$(INTDIR)\pk11keygen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11keygen.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\pkcs11-keygen.pdb" /machine:I386 /out:"../../../Build/Release/pkcs11-keygen.exe"
-LINK32_OBJS= "$(INTDIR)\pkcs11-keygen.obj"
-
-"..\..\..\Build\Release\pkcs11-keygen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "pk11keygen - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\pkcs11-keygen.exe" "$(OUTDIR)\pk11keygen.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\pkcs11-keygen.obj"
- - at erase "$(INTDIR)\pkcs11-keygen.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\pkcs11-keygen.pdb"
- - at erase "$(OUTDIR)\pk11keygen.bsc"
- - at erase "..\..\..\Build\Debug\pkcs11-keygen.exe"
- - at erase "..\..\..\Build\Debug\pkcs11-keygen.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11keygen.bsc"
-BSC32_SBRS= "$(INTDIR)\pkcs11-keygen.sbr"
-
-"$(OUTDIR)\pk11keygen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\pkcs11-keygen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/pkcs11-keygen.exe" /pdbtype:sept
-LINK32_OBJS= "$(INTDIR)\pkcs11-keygen.obj"
-
-"..\..\..\Build\Debug\pkcs11-keygen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("pk11keygen.dep")
-!INCLUDE "pk11keygen.dep"
-!ELSE
-!MESSAGE Warning: cannot find "pk11keygen.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "pk11keygen - Win32 Release" || "$(CFG)" == "pk11keygen - Win32 Debug"
-SOURCE="..\pkcs11-keygen.c"
-
-!IF "$(CFG)" == "pk11keygen - Win32 Release"
-
-
-"$(INTDIR)\pkcs11-keygen.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "pk11keygen - Win32 Debug"
-
-
-"$(INTDIR)\pkcs11-keygen.obj" "$(INTDIR)\pkcs11-keygen.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak.in (rev 0)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11keygen.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,296 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on pk11keygen.dsp
+!IF "$(CFG)" == ""
+CFG=pk11keygen - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to pk11keygen - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "pk11keygen - @PLATFORM@ Release" && "$(CFG)" != "pk11keygen - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "pk11keygen.mak" CFG="pk11keygen - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "pk11keygen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "pk11keygen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "pk11keygen - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "pk11keygen - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\pkcs11-keygen.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\pkcs11-keygen.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\pkcs11-keygen.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /Fp"$(INTDIR)\pk11keygen.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11keygen.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\pkcs11-keygen.pdb" @MACHINE@ /out:"../../../Build/Release/pkcs11-keygen.exe"
+LINK32_OBJS= "$(INTDIR)\pkcs11-keygen.obj"
+
+"..\..\..\Build\Release\pkcs11-keygen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "pk11keygen - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\pkcs11-keygen.exe" "$(OUTDIR)\pk11keygen.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\pkcs11-keygen.obj"
+ - at erase "$(INTDIR)\pkcs11-keygen.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\pkcs11-keygen.pdb"
+ - at erase "$(OUTDIR)\pk11keygen.bsc"
+ - at erase "..\..\..\Build\Debug\pkcs11-keygen.exe"
+ - at erase "..\..\..\Build\Debug\pkcs11-keygen.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11keygen.bsc"
+BSC32_SBRS= "$(INTDIR)\pkcs11-keygen.sbr"
+
+"$(OUTDIR)\pk11keygen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\pkcs11-keygen.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/pkcs11-keygen.exe" /pdbtype:sept
+LINK32_OBJS= "$(INTDIR)\pkcs11-keygen.obj"
+
+"..\..\..\Build\Debug\pkcs11-keygen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("pk11keygen.dep")
+!INCLUDE "pk11keygen.dep"
+!ELSE
+!MESSAGE Warning: cannot find "pk11keygen.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "pk11keygen - @PLATFORM@ Release" || "$(CFG)" == "pk11keygen - @PLATFORM@ Debug"
+SOURCE="..\pkcs11-keygen.c"
+
+!IF "$(CFG)" == "pk11keygen - @PLATFORM@ Release"
+
+
+"$(INTDIR)\pkcs11-keygen.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "pk11keygen - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\pkcs11-keygen.obj" "$(INTDIR)\pkcs11-keygen.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Deleted: vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,119 +0,0 @@
-# Microsoft Developer Studio Project File - Name="pk11list" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=pk11list - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "pk11list.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "pk11list.mak" CFG="pk11list - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "pk11list - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "pk11list - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "pk11list - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/pkcs11-list.exe"
-
-!ELSEIF "$(CFG)" == "pk11list - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/pkcs11-list.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "pk11list - Win32 Release"
-# Name "pk11list - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\pkcs11-list.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=".\cryptoki.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11t.h"
-# End Source File
-# Begin Source File
-
-SOURCE="..\include\pkcs11f.h"
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp.in (rev 0)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11list.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,119 @@
+# Microsoft Developer Studio Project File - Name="pk11list" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=pk11list - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "pk11list.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "pk11list.mak" CFG="pk11list - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "pk11list - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "pk11list - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "pk11list - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/pkcs11-list.exe"
+
+!ELSEIF "$(CFG)" == "pk11list - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/pkcs11-list.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "pk11list - @PLATFORM@ Release"
+# Name "pk11list - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\pkcs11-list.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=".\cryptoki.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11t.h"
+# End Source File
+# Begin Source File
+
+SOURCE="..\include\pkcs11f.h"
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/pkcs11/win32/pk11list.mak
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11list.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11list.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,296 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on pk11list.dsp
-!IF "$(CFG)" == ""
-CFG=pk11list - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to pk11list - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "pk11list - Win32 Release" && "$(CFG)" != "pk11list - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "pk11list.mak" CFG="pk11list - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "pk11list - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "pk11list - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "pk11list - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "pk11list - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\pkcs11-list.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\pkcs11-list.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\pkcs11-list.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /Fp"$(INTDIR)\pk11list.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11list.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\pkcs11-list.pdb" /machine:I386 /out:"../../../Build/Release/pkcs11-list.exe"
-LINK32_OBJS= "$(INTDIR)\pkcs11-list.obj"
-
-"..\..\..\Build\Release\pkcs11-list.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "pk11list - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\pkcs11-list.exe" "$(OUTDIR)\pk11list.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\pkcs11-list.obj"
- - at erase "$(INTDIR)\pkcs11-list.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\pkcs11-list.pdb"
- - at erase "$(OUTDIR)\pk11list.bsc"
- - at erase "..\..\..\Build\Debug\pkcs11-list.exe"
- - at erase "..\..\..\Build\Debug\pkcs11-list.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /D "PK11_LIB_LOCATION=\"unknown_provider\"" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11list.bsc"
-BSC32_SBRS= "$(INTDIR)\pkcs11-list.sbr"
-
-"$(OUTDIR)\pk11list.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\pkcs11-list.pdb" /debug /machine:I386 /out:"../../../Build/Debug/pkcs11-list.exe" /pdbtype:sept
-LINK32_OBJS= "$(INTDIR)\pkcs11-list.obj"
-
-"..\..\..\Build\Debug\pkcs11-list.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("pk11list.dep")
-!INCLUDE "pk11list.dep"
-!ELSE
-!MESSAGE Warning: cannot find "pk11list.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "pk11list - Win32 Release" || "$(CFG)" == "pk11list - Win32 Debug"
-SOURCE="..\pkcs11-list.c"
-
-!IF "$(CFG)" == "pk11list - Win32 Release"
-
-
-"$(INTDIR)\pkcs11-list.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "pk11list - Win32 Debug"
-
-
-"$(INTDIR)\pkcs11-list.obj" "$(INTDIR)\pkcs11-list.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/pkcs11/win32/pk11list.mak.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11list.mak.in (rev 0)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11list.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,296 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on pk11list.dsp
+!IF "$(CFG)" == ""
+CFG=pk11list - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to pk11list - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "pk11list - @PLATFORM@ Release" && "$(CFG)" != "pk11list - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "pk11list.mak" CFG="pk11list - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "pk11list - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "pk11list - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "pk11list - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "pk11list - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\pkcs11-list.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\pkcs11-list.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\pkcs11-list.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /Fp"$(INTDIR)\pk11list.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11list.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\pkcs11-list.pdb" @MACHINE@ /out:"../../../Build/Release/pkcs11-list.exe"
+LINK32_OBJS= "$(INTDIR)\pkcs11-list.obj"
+
+"..\..\..\Build\Release\pkcs11-list.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "pk11list - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\pkcs11-list.exe" "$(OUTDIR)\pk11list.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\pkcs11-list.obj"
+ - at erase "$(INTDIR)\pkcs11-list.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\pkcs11-list.pdb"
+ - at erase "$(OUTDIR)\pk11list.bsc"
+ - at erase "..\..\..\Build\Debug\pkcs11-list.exe"
+ - at erase "..\..\..\Build\Debug\pkcs11-list.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../.." /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @PK11_LIB_LOCATION@ /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\pk11list.bsc"
+BSC32_SBRS= "$(INTDIR)\pkcs11-list.sbr"
+
+"$(OUTDIR)\pk11list.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\pkcs11-list.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/pkcs11-list.exe" /pdbtype:sept
+LINK32_OBJS= "$(INTDIR)\pkcs11-list.obj"
+
+"..\..\..\Build\Debug\pkcs11-list.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("pk11list.dep")
+!INCLUDE "pk11list.dep"
+!ELSE
+!MESSAGE Warning: cannot find "pk11list.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "pk11list - @PLATFORM@ Release" || "$(CFG)" == "pk11list - @PLATFORM@ Debug"
+SOURCE="..\pkcs11-list.c"
+
+!IF "$(CFG)" == "pk11list - @PLATFORM@ Release"
+
+
+"$(INTDIR)\pkcs11-list.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "pk11list - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\pkcs11-list.obj" "$(INTDIR)\pkcs11-list.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Modified: vendor/bind/dist/bin/pkcs11/win32/win32.c
===================================================================
--- vendor/bind/dist/bin/pkcs11/win32/win32.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/pkcs11/win32/win32.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: win32.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: win32.c,v 1.5 2009/10/26 23:47:35 tbox Exp $ */
/* $Id */
Modified: vendor/bind/dist/bin/rndc/Makefile.in
===================================================================
--- vendor/bind/dist/bin/rndc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+# $Id: Makefile.in,v 1.49 2009/12/05 23:31:40 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/rndc/include/rndc/os.h
===================================================================
--- vendor/bind/dist/bin/rndc/include/rndc/os.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/include/rndc/os.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: os.h,v 1.12 2009/06/10 00:27:21 each Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/rndc/rndc.8
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.8,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: rndc
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 30, 2000
+.\" Date: June 10, 2013
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "RNDC" "8" "June 30, 2000" "BIND9" "BIND9"
+.TH "RNDC" "8" "June 10, 2013" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -113,18 +113,237 @@
\fBrndc\fR
will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
.RE
+.SH "COMMANDS"
.PP
-For the complete set of commands supported by
-\fBrndc\fR, see the BIND 9 Administrator Reference Manual or run
+A list of commands supported by
\fBrndc\fR
-without arguments to see its help message.
+can be seen by running
+\fBrndc\fR
+without arguments.
+.PP
+Currently supported commands are:
+.PP
+\fBreload\fR
+.RS 4
+Reload configuration file and zones.
+.RE
+.PP
+\fBreload \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
+.RS 4
+Reload the given zone.
+.RE
+.PP
+\fBrefresh \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
+.RS 4
+Schedule zone maintenance for the given zone.
+.RE
+.PP
+\fBretransfer \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
+.RS 4
+Retransfer the given zone from the master.
+.RE
+.PP
+\fBsign \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
+.RS 4
+Fetch all DNSSEC keys for the given zone from the key directory (see the
+\fBkey\-directory\fR
+option in the BIND 9 Administrator Reference Manual). If they are within their publication period, merge them into the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the zone is automatically re\-signed with the new key set.
+.sp
+This command requires that the
+\fBauto\-dnssec\fR
+zone option be set to
+allow
+or
+maintain, and also requires the zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details.)
+.RE
+.PP
+\fBloadkeys \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
+.RS 4
+Fetch all DNSSEC keys for the given zone from the key directory. If they are within their publication period, merge them into the zone's DNSKEY RRset. Unlike
+\fBrndc sign\fR, however, the zone is not immediately re\-signed by the new keys, but is allowed to incrementally re\-sign over time.
+.sp
+This command requires that the
+\fBauto\-dnssec\fR
+zone option be set to
+maintain, and also requires the zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details.)
+.RE
+.PP
+\fBfreeze \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR
+.RS 4
+Suspend updates to a dynamic zone. If no zone is specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master file, and the journal file to be removed. All dynamic update attempts will be refused while the zone is frozen.
+.RE
+.PP
+\fBthaw \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR
+.RS 4
+Enable updates to a frozen dynamic zone. If no zone is specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re\-enables dynamic updates after the load has completed. After a zone is thawed, dynamic updates will no longer be refused.
+.RE
+.PP
+\fBnotify \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
+.RS 4
+Resend NOTIFY messages for the zone.
+.RE
+.PP
+\fBreconfig\fR
+.RS 4
+Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. This is faster than a full
+\fBreload\fR
+when there is a large number of zones because it avoids the need to examine the modification times of the zones files.
+.RE
+.PP
+\fBstats\fR
+.RS 4
+Write server statistics to the statistics file.
+.RE
+.PP
+\fBquerylog\fR [on|off]
+.RS 4
+Toggle query logging. Query logging can also be enabled by explicitly directing the
+\fBqueries\fR
+\fBcategory\fR
+to a
+\fBchannel\fR
+in the
+\fBlogging\fR
+section of
+\fInamed.conf\fR
+or by specifying
+\fBquerylog yes;\fR
+in the
+\fBoptions\fR
+section of
+\fInamed.conf\fR.
+.RE
+.PP
+\fBdumpdb \fR\fB[\-all|\-cache|\-zone]\fR\fB \fR\fB[\fIview ...\fR]\fR
+.RS 4
+Dump the server's caches (default) and/or zones to the dump file for the specified views. If no view is specified, all views are dumped.
+.RE
+.PP
+\fBsecroots \fR\fB[\fIview ...\fR]\fR
+.RS 4
+Dump the server's security roots to the secroots file for the specified views. If no view is specified, security roots for all views are dumped.
+.RE
+.PP
+\fBstop \fR\fB[\-p]\fR
+.RS 4
+Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones. If
+\fB\-p\fR
+is specified
+\fBnamed\fR's process id is returned. This allows an external process to determine when
+\fBnamed\fR
+had completed stopping.
+.RE
+.PP
+\fBhalt \fR\fB[\-p]\fR
+.RS 4
+Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted. If
+\fB\-p\fR
+is specified
+\fBnamed\fR's process id is returned. This allows an external process to determine when
+\fBnamed\fR
+had completed halting.
+.RE
+.PP
+\fBtrace\fR
+.RS 4
+Increment the servers debugging level by one.
+.RE
+.PP
+\fBtrace \fR\fB\fIlevel\fR\fR
+.RS 4
+Sets the server's debugging level to an explicit value.
+.RE
+.PP
+\fBnotrace\fR
+.RS 4
+Sets the server's debugging level to 0.
+.RE
+.PP
+\fBflush\fR
+.RS 4
+Flushes the server's cache.
+.RE
+.PP
+\fBflushname\fR \fIname\fR [\fIview\fR]
+.RS 4
+Flushes the given name from the server's cache.
+.RE
+.PP
+\fBstatus\fR
+.RS 4
+Display status of the server. Note that the number of zones includes the internal
+\fBbind/CH\fR
+zone and the default
+\fB./IN\fR
+hint zone if there is not an explicit root zone configured.
+.RE
+.PP
+\fBrecursing\fR
+.RS 4
+Dump the list of queries
+\fBnamed\fR
+is currently recursing on.
+.RE
+.PP
+\fBvalidation ( on | off | check ) \fR\fB[\fIview ...\fR]\fR\fB \fR
+.RS 4
+Enable, disable, or check the current status of DNSSEC validation. Note
+\fBdnssec\-enable\fR
+also needs to be set to
+\fByes\fR
+or
+\fBauto\fR
+to be effective. It defaults to enabled.
+.RE
+.PP
+\fBtsig\-list\fR
+.RS 4
+List the names of all TSIG keys currently configured for use by
+\fBnamed\fR
+in each view. The list both statically configured keys and dynamic TKEY\-negotiated keys.
+.RE
+.PP
+\fBtsig\-delete\fR \fIkeyname\fR [\fIview\fR]
+.RS 4
+Delete a given TKEY\-negotiated key from the server. (This does not apply to statically configured TSIG keys.)
+.RE
+.PP
+\fBaddzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR\fB\fIconfiguration\fR\fR\fB \fR
+.RS 4
+Add a zone while the server is running. This command requires the
+\fBallow\-new\-zones\fR
+option to be set to
+\fByes\fR. The
+\fIconfiguration\fR
+string specified on the command line is the zone configuration text that would ordinarily be placed in
+\fInamed.conf\fR.
+.sp
+The configuration is saved in a file called
+\fI\fIhash\fR\fR\fI.nzf\fR, where
+\fIhash\fR
+is a cryptographic hash generated from the name of the view. When
+\fBnamed\fR
+is restarted, the file will be loaded into the view configuration, so that zones that were added can persist after a restart.
+.sp
+This sample
+\fBaddzone\fR
+command would add the zone
+example.com
+to the default view:
+.sp
+$\fBrndc addzone example.com '{ type master; file "example.com.db"; };'\fR
+.sp
+(Note the brackets and semi\-colon around the zone configuration text.)
+.RE
+.PP
+\fBdelzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR
+.RS 4
+Delete a zone while the server is running. Only zones that were originally added via
+\fBrndc addzone\fR
+can be deleted in this manner.
+.RE
.SH "LIMITATIONS"
.PP
-\fBrndc\fR
-does not yet support all the commands of the BIND 8
-\fBndc\fR
-utility.
-.PP
There is currently no way to provide the shared secret for a
\fBkey_id\fR
without using the configuration file.
@@ -142,7 +361,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/rndc/rndc.c
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rndc.c,v 1.1.1.2 2013-08-22 22:51:53 laffer1 Exp $ */
+/* $Id: rndc.c,v 1.131.20.3 2011/11/03 22:06:31 each Exp $ */
/*! \file */
@@ -101,60 +101,58 @@
\n\
command is one of the following:\n\
\n\
- reload Reload configuration file and zones.\n\
- reload zone [class [view]]\n\
- Reload a single zone.\n\
- refresh zone [class [view]]\n\
- Schedule immediate maintenance for a zone.\n\
- retransfer zone [class [view]]\n\
- Retransfer a single zone without checking serial number.\n\
+ addzone zone [class [view]] { zone-options }\n\
+ Add zone to given view. Requires new-zone-file option.\n\
+ delzone zone [class [view]]\n\
+ Removes zone from given view. Requires new-zone-file option.\n\
+ dumpdb [-all|-cache|-zones] [view ...]\n\
+ Dump cache(s) to the dump file (named_dump.db).\n\
+ flush Flushes all of the server's caches.\n\
+ flush [view] Flushes the server's cache for a view.\n\
+ flushname name [view]\n\
+ Flush the given name from the server's cache(s)\n\
freeze Suspend updates to all dynamic zones.\n\
freeze zone [class [view]]\n\
Suspend updates to a dynamic zone.\n\
- thaw Enable updates to all dynamic zones and reload them.\n\
- thaw zone [class [view]]\n\
- Enable updates to a frozen dynamic zone and reload it.\n\
+ halt Stop the server without saving pending updates.\n\
+ halt -p Stop the server without saving pending updates reporting\n\
+ process id.\n\
+ loadkeys zone [class [view]]\n\
+ Update keys without signing immediately.\n\
notify zone [class [view]]\n\
Resend NOTIFY messages for the zone.\n\
+ notrace Set debugging level to 0.\n\
+ querylog Toggle query logging.\n\
reconfig Reload configuration file and new zones only.\n\
+ recursing Dump the queries that are currently recursing (named.recursing)\n\
+ refresh zone [class [view]]\n\
+ Schedule immediate maintenance for a zone.\n\
+ reload Reload configuration file and zones.\n\
+ reload zone [class [view]]\n\
+ Reload a single zone.\n\
+ retransfer zone [class [view]]\n\
+ Retransfer a single zone without checking serial number.\n\
+ secroots [view ...]\n\
+ Write security roots to the secroots file.\n\
sign zone [class [view]]\n\
Update zone keys, and sign as needed.\n\
- loadkeys zone [class [view]]\n\
- Update keys without signing immediately.\n\
stats Write server statistics to the statistics file.\n\
- querylog Toggle query logging.\n\
- dumpdb [-all|-cache|-zones] [view ...]\n\
- Dump cache(s) to the dump file (named_dump.db).\n\
- secroots [view ...]\n\
- Write security roots to the secroots file.\n\
+ status Display status of the server.\n\
stop Save pending updates to master files and stop the server.\n\
stop -p Save pending updates to master files and stop the server\n\
reporting process id.\n\
- halt Stop the server without saving pending updates.\n\
- halt -p Stop the server without saving pending updates reporting\n\
- process id.\n\
+ thaw Enable updates to all dynamic zones and reload them.\n\
+ thaw zone [class [view]]\n\
+ Enable updates to a frozen dynamic zone and reload it.\n\
trace Increment debugging level by one.\n\
trace level Change the debugging level.\n\
- notrace Set debugging level to 0.\n\
- flush Flushes all of the server's caches.\n\
- flush [view] Flushes the server's cache for a view.\n\
- flushname name [view]\n\
- Flush the given name from the server's cache(s)\n\
- status Display status of the server.\n\
- recursing Dump the queries that are currently recursing (named.recursing)\n\
+ tsig-delete keyname [view]\n\
+ Delete a TKEY-negotiated TSIG key.\n\
tsig-list List all currently active TSIG keys, including both statically\n\
configured and TKEY-negotiated keys.\n\
- tsig-delete keyname [view] \n\
- Delete a TKEY-negotiated TSIG key.\n\
validation newstate [view]\n\
Enable / disable DNSSEC validation.\n\
- addzone [\"file\"] zone [class [view]] { zone-options }\n\
- Add zone to given view. Requires new-zone-file option.\n\
- delzone [\"file\"] zone [class [view]]\n\
- Removes zone from given view. Requires new-zone-file option.\n\
- *restart Restart the server.\n\
\n\
-* == not yet implemented\n\
Version: %s\n",
progname, version);
@@ -469,6 +467,9 @@
conffile = admin_keyfile;
conftype = &cfg_type_rndckey;
+ if (c_flag)
+ fatal("%s does not exist", admin_conffile);
+
if (! isc_file_exists(conffile))
fatal("neither %s nor %s was found",
admin_conffile, admin_keyfile);
@@ -699,7 +700,7 @@
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
- memcpy(program, "rndc", 5);
+ memmove(program, "rndc", 5);
progname = program;
admin_conffile = RNDC_CONFFILE;
@@ -831,7 +832,7 @@
p = args;
for (i = 0; i < argc; i++) {
size_t len = strlen(argv[i]);
- memcpy(p, argv[i], len);
+ memmove(p, argv[i], len);
p += len;
*p++ = ' ';
}
Modified: vendor/bind/dist/bin/rndc/rndc.conf
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.conf 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.conf 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rndc.conf,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: rndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */
/*
* Sample rndc configuration file.
Modified: vendor/bind/dist/bin/rndc/rndc.conf.5
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.conf.5 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.conf.5 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.conf.5,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: \fIrndc.conf\fR
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 30, 2000
+.\" Date: June 18, 2007
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "\fIRNDC.CONF\fR" "5" "June 30, 2000" "BIND9" "BIND9"
+.TH "\fIRNDC.CONF\fR" "5" "June 18, 2007" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -208,7 +208,7 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/bin/rndc/rndc.conf.docbook
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.conf.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.conf.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.rndc.conf">
<refentryinfo>
- <date>June 30, 2000</date>
+ <date>June 18, 2007</date>
</refentryinfo>
<refmeta>
@@ -40,6 +39,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/bin/rndc/rndc.conf.html
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.conf.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.conf.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543354"></a><h2>DESCRIPTION</h2>
+<a name="id2543364"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -117,7 +117,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543502"></a><h2>EXAMPLE</h2>
+<a name="id2543512"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -191,7 +191,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543594"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2543604"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -201,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543616"></a><h2>SEE ALSO</h2>
+<a name="id2543625"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@@ -209,7 +209,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543654"></a><h2>AUTHOR</h2>
+<a name="id2543664"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/rndc/rndc.docbook
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.rndc">
<refentryinfo>
- <date>June 30, 2000</date>
+ <date>June 10, 2013</date>
</refentryinfo>
<refmeta>
@@ -40,6 +39,8 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
+ <year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -194,22 +195,399 @@
</varlistentry>
</variablelist>
+ </refsect1>
+ <refsect1>
+ <title>COMMANDS</title>
<para>
- For the complete set of commands supported by <command>rndc</command>,
- see the BIND 9 Administrator Reference Manual or run
- <command>rndc</command> without arguments to see its help
- message.
+ A list of commands supported by <command>rndc</command> can
+ be seen by running <command>rndc</command> without arguments.
</para>
+ <para>
+ Currently supported commands are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term><userinput>reload</userinput></term>
+ <listitem>
+ <para>
+ Reload configuration file and zones.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>reload <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Reload the given zone.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>refresh <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Schedule zone maintenance for the given zone.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>retransfer <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Retransfer the given zone from the master.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>sign <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Fetch all DNSSEC keys for the given zone
+ from the key directory (see the
+ <command>key-directory</command> option in
+ the BIND 9 Administrator Reference Manual). If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. If the DNSKEY RRset
+ is changed, then the zone is automatically
+ re-signed with the new key set.
+ </para>
+ <para>
+ This command requires that the
+ <command>auto-dnssec</command> zone option be set
+ to <literal>allow</literal> or
+ <literal>maintain</literal>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
+ (See "Dynamic Update Policies" in the Administrator
+ Reference Manual for more details.)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>loadkeys <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Fetch all DNSSEC keys for the given zone
+ from the key directory. If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. Unlike <command>rndc
+ sign</command>, however, the zone is not
+ immediately re-signed by the new keys, but is
+ allowed to incrementally re-sign over time.
+ </para>
+ <para>
+ This command requires that the
+ <command>auto-dnssec</command> zone option
+ be set to <literal>maintain</literal>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
+ (See "Dynamic Update Policies" in the Administrator
+ Reference Manual for more details.)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>freeze <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Suspend updates to a dynamic zone. If no zone is
+ specified, then all zones are suspended. This allows
+ manual edits to be made to a zone normally updated by
+ dynamic update. It also causes changes in the
+ journal file to be synced into the master file,
+ and the journal file to be removed.
+ All dynamic update attempts will be refused while
+ the zone is frozen.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>thaw <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Enable updates to a frozen dynamic zone. If no
+ zone is specified, then all frozen zones are
+ enabled. This causes the server to reload the zone
+ from disk, and re-enables dynamic updates after the
+ load has completed. After a zone is thawed,
+ dynamic updates will no longer be refused.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>notify <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
+ <listitem>
+ <para>
+ Resend NOTIFY messages for the zone.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>reconfig</userinput></term>
+ <listitem>
+ <para>
+ Reload the configuration file and load new zones,
+ but do not reload existing zone files even if they
+ have changed.
+ This is faster than a full <command>reload</command> when there
+ is a large number of zones because it avoids the need
+ to examine the
+ modification times of the zones files.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>stats</userinput></term>
+ <listitem>
+ <para>
+ Write server statistics to the statistics file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>querylog</userinput> <optional>on|off</optional> </term>
+ <listitem>
+ <para>
+ Toggle query logging. Query logging can also be enabled
+ by explicitly directing the <command>queries</command>
+ <command>category</command> to a
+ <command>channel</command> in the
+ <command>logging</command> section of
+ <filename>named.conf</filename> or by specifying
+ <command>querylog yes;</command> in the
+ <command>options</command> section of
+ <filename>named.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>dumpdb <optional>-all|-cache|-zone</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
+ <listitem>
+ <para>
+ Dump the server's caches (default) and/or zones to
+ the
+ dump file for the specified views. If no view is
+ specified, all
+ views are dumped.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>secroots <optional><replaceable>view ...</replaceable></optional></userinput></term>
+ <listitem>
+ <para>
+ Dump the server's security roots to the secroots
+ file for the specified views. If no view is
+ specified, security roots for all
+ views are dumped.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>stop <optional>-p</optional></userinput></term>
+ <listitem>
+ <para>
+ Stop the server, making sure any recent changes
+ made through dynamic update or IXFR are first saved to
+ the master files of the updated zones.
+ If <option>-p</option> is specified <command>named</command>'s process id is returned.
+ This allows an external process to determine when <command>named</command>
+ had completed stopping.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>halt <optional>-p</optional></userinput></term>
+ <listitem>
+ <para>
+ Stop the server immediately. Recent changes
+ made through dynamic update or IXFR are not saved to
+ the master files, but will be rolled forward from the
+ journal files when the server is restarted.
+ If <option>-p</option> is specified <command>named</command>'s process id is returned.
+ This allows an external process to determine when <command>named</command>
+ had completed halting.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>trace</userinput></term>
+ <listitem>
+ <para>
+ Increment the servers debugging level by one.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>trace <replaceable>level</replaceable></userinput></term>
+ <listitem>
+ <para>
+ Sets the server's debugging level to an explicit
+ value.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>notrace</userinput></term>
+ <listitem>
+ <para>
+ Sets the server's debugging level to 0.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>flush</userinput></term>
+ <listitem>
+ <para>
+ Flushes the server's cache.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>flushname</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
+ <listitem>
+ <para>
+ Flushes the given name from the server's cache.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>status</userinput></term>
+ <listitem>
+ <para>
+ Display status of the server.
+ Note that the number of zones includes the internal <command>bind/CH</command> zone
+ and the default <command>./IN</command>
+ hint zone if there is not an
+ explicit root zone configured.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>recursing</userinput></term>
+ <listitem>
+ <para>
+ Dump the list of queries <command>named</command> is currently recursing
+ on.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>validation ( on | off | check ) <optional><replaceable>view ...</replaceable></optional> </userinput></term>
+ <listitem>
+ <para>
+ Enable, disable, or check the current status of
+ DNSSEC validation.
+ Note <command>dnssec-enable</command> also needs to be
+ set to <userinput>yes</userinput> or
+ <userinput>auto</userinput> to be effective.
+ It defaults to enabled.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>tsig-list</userinput></term>
+ <listitem>
+ <para>
+ List the names of all TSIG keys currently configured
+ for use by <command>named</command> in each view. The
+ list both statically configured keys and dynamic
+ TKEY-negotiated keys.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>tsig-delete</userinput> <replaceable>keyname</replaceable> <optional><replaceable>view</replaceable></optional></term>
+ <listitem>
+ <para>
+ Delete a given TKEY-negotiated key from the server.
+ (This does not apply to statically configured TSIG
+ keys.)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>addzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
+ <listitem>
+ <para>
+ Add a zone while the server is running. This
+ command requires the
+ <command>allow-new-zones</command> option to be set
+ to <userinput>yes</userinput>. The
+ <replaceable>configuration</replaceable> string
+ specified on the command line is the zone
+ configuration text that would ordinarily be
+ placed in <filename>named.conf</filename>.
+ </para>
+ <para>
+ The configuration is saved in a file called
+ <filename><replaceable>hash</replaceable>.nzf</filename>,
+ where <replaceable>hash</replaceable> is a
+ cryptographic hash generated from the name of
+ the view. When <command>named</command> is
+ restarted, the file will be loaded into the view
+ configuration, so that zones that were added
+ can persist after a restart.
+ </para>
+ <para>
+ This sample <command>addzone</command> command
+ would add the zone <literal>example.com</literal>
+ to the default view:
+ </para>
+ <para>
+<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput>
+ </para>
+ <para>
+ (Note the brackets and semi-colon around the zone
+ configuration text.)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><userinput>delzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
+ <listitem>
+ <para>
+ Delete a zone while the server is running.
+ Only zones that were originally added via
+ <command>rndc addzone</command> can be deleted
+ in this manner.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
<title>LIMITATIONS</title>
- <para><command>rndc</command>
- does not yet support all the commands of
- the BIND 8 <command>ndc</command> utility.
- </para>
<para>
There is currently no way to provide the shared secret for a
<option>key_id</option> without using the configuration file.
Modified: vendor/bind/dist/bin/rndc/rndc.html
===================================================================
--- vendor/bind/dist/bin/rndc/rndc.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/rndc.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543415"></a><h2>DESCRIPTION</h2>
+<a name="id2543428"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543450"></a><h2>OPTIONS</h2>
+<a name="id2543463"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@@ -125,19 +125,263 @@
or write access.
</p></dd>
</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543659"></a><h2>COMMANDS</h2>
<p>
- For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
- see the BIND 9 Administrator Reference Manual or run
- <span><strong class="command">rndc</strong></span> without arguments to see its help
- message.
+ A list of commands supported by <span><strong class="command">rndc</strong></span> can
+ be seen by running <span><strong class="command">rndc</strong></span> without arguments.
</p>
+<p>
+ Currently supported commands are:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
+<dd><p>
+ Reload configuration file and zones.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Reload the given zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Schedule zone maintenance for the given zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Retransfer the given zone from the master.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd>
+<p>
+ Fetch all DNSSEC keys for the given zone
+ from the key directory (see the
+ <span><strong class="command">key-directory</strong></span> option in
+ the BIND 9 Administrator Reference Manual). If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. If the DNSKEY RRset
+ is changed, then the zone is automatically
+ re-signed with the new key set.
+ </p>
+<p>
+ This command requires that the
+ <span><strong class="command">auto-dnssec</strong></span> zone option be set
+ to <code class="literal">allow</code> or
+ <code class="literal">maintain</code>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
+ (See "Dynamic Update Policies" in the Administrator
+ Reference Manual for more details.)
+ </p>
+</dd>
+<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd>
+<p>
+ Fetch all DNSSEC keys for the given zone
+ from the key directory. If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
+ sign</strong></span>, however, the zone is not
+ immediately re-signed by the new keys, but is
+ allowed to incrementally re-sign over time.
+ </p>
+<p>
+ This command requires that the
+ <span><strong class="command">auto-dnssec</strong></span> zone option
+ be set to <code class="literal">maintain</code>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
+ (See "Dynamic Update Policies" in the Administrator
+ Reference Manual for more details.)
+ </p>
+</dd>
+<dt><span class="term"><strong class="userinput"><code>freeze [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Suspend updates to a dynamic zone. If no zone is
+ specified, then all zones are suspended. This allows
+ manual edits to be made to a zone normally updated by
+ dynamic update. It also causes changes in the
+ journal file to be synced into the master file,
+ and the journal file to be removed.
+ All dynamic update attempts will be refused while
+ the zone is frozen.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Enable updates to a frozen dynamic zone. If no
+ zone is specified, then all frozen zones are
+ enabled. This causes the server to reload the zone
+ from disk, and re-enables dynamic updates after the
+ load has completed. After a zone is thawed,
+ dynamic updates will no longer be refused.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Resend NOTIFY messages for the zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
+<dd><p>
+ Reload the configuration file and load new zones,
+ but do not reload existing zone files even if they
+ have changed.
+ This is faster than a full <span><strong class="command">reload</strong></span> when there
+ is a large number of zones because it avoids the need
+ to examine the
+ modification times of the zones files.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
+<dd><p>
+ Write server statistics to the statistics file.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt>
+<dd><p>
+ Toggle query logging. Query logging can also be enabled
+ by explicitly directing the <span><strong class="command">queries</strong></span>
+ <span><strong class="command">category</strong></span> to a
+ <span><strong class="command">channel</strong></span> in the
+ <span><strong class="command">logging</strong></span> section of
+ <code class="filename">named.conf</code> or by specifying
+ <span><strong class="command">querylog yes;</strong></span> in the
+ <span><strong class="command">options</strong></span> section of
+ <code class="filename">named.conf</code>.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dd><p>
+ Dump the server's caches (default) and/or zones to
+ the
+ dump file for the specified views. If no view is
+ specified, all
+ views are dumped.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dd><p>
+ Dump the server's security roots to the secroots
+ file for the specified views. If no view is
+ specified, security roots for all
+ views are dumped.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
+<dd><p>
+ Stop the server, making sure any recent changes
+ made through dynamic update or IXFR are first saved to
+ the master files of the updated zones.
+ If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span><strong class="command">named</strong></span>
+ had completed stopping.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
+<dd><p>
+ Stop the server immediately. Recent changes
+ made through dynamic update or IXFR are not saved to
+ the master files, but will be rolled forward from the
+ journal files when the server is restarted.
+ If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span><strong class="command">named</strong></span>
+ had completed halting.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
+<dd><p>
+ Increment the servers debugging level by one.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
+<dd><p>
+ Sets the server's debugging level to an explicit
+ value.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
+<dd><p>
+ Sets the server's debugging level to 0.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
+<dd><p>
+ Flushes the server's cache.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt>
+<dd><p>
+ Flushes the given name from the server's cache.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
+<dd><p>
+ Display status of the server.
+ Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
+ and the default <span><strong class="command">./IN</strong></span>
+ hint zone if there is not an
+ explicit root zone configured.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
+<dd><p>
+ Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
+ on.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>validation ( on | off | check ) [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>] </code></strong></span></dt>
+<dd><p>
+ Enable, disable, or check the current status of
+ DNSSEC validation.
+ Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
+ set to <strong class="userinput"><code>yes</code></strong> or
+ <strong class="userinput"><code>auto</code></strong> to be effective.
+ It defaults to enabled.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>
+<dd><p>
+ List the names of all TSIG keys currently configured
+ for use by <span><strong class="command">named</strong></span> in each view. The
+ list both statically configured keys and dynamic
+ TKEY-negotiated keys.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
+<dd><p>
+ Delete a given TKEY-negotiated key from the server.
+ (This does not apply to statically configured TSIG
+ keys.)
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt>
+<dd>
+<p>
+ Add a zone while the server is running. This
+ command requires the
+ <span><strong class="command">allow-new-zones</strong></span> option to be set
+ to <strong class="userinput"><code>yes</code></strong>. The
+ <em class="replaceable"><code>configuration</code></em> string
+ specified on the command line is the zone
+ configuration text that would ordinarily be
+ placed in <code class="filename">named.conf</code>.
+ </p>
+<p>
+ The configuration is saved in a file called
+ <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
+ where <em class="replaceable"><code>hash</code></em> is a
+ cryptographic hash generated from the name of
+ the view. When <span><strong class="command">named</strong></span> is
+ restarted, the file will be loaded into the view
+ configuration, so that zones that were added
+ can persist after a restart.
+ </p>
+<p>
+ This sample <span><strong class="command">addzone</strong></span> command
+ would add the zone <code class="literal">example.com</code>
+ to the default view:
+ </p>
+<p>
+<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>
+ </p>
+<p>
+ (Note the brackets and semi-colon around the zone
+ configuration text.)
+ </p>
+</dd>
+<dt><span class="term"><strong class="userinput"><code>delzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>
+<dd><p>
+ Delete a zone while the server is running.
+ Only zones that were originally added via
+ <span><strong class="command">rndc addzone</strong></span> can be deleted
+ in this manner.
+ </p></dd>
+</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543658"></a><h2>LIMITATIONS</h2>
-<p><span><strong class="command">rndc</strong></span>
- does not yet support all the commands of
- the BIND 8 <span><strong class="command">ndc</strong></span> utility.
- </p>
+<a name="id2544672"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@@ -147,7 +391,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543685"></a><h2>SEE ALSO</h2>
+<a name="id2544690"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -157,7 +401,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543740"></a><h2>AUTHOR</h2>
+<a name="id2544745"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/rndc/util.c
===================================================================
--- vendor/bind/dist/bin/rndc/util.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/util.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: util.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: util.c,v 1.7 2007/06/19 23:46:59 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/bin/rndc/util.h
===================================================================
--- vendor/bind/dist/bin/rndc/util.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/rndc/util.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: util.h,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: util.h,v 1.12 2009/09/29 23:48:03 tbox Exp $ */
#ifndef RNDC_UTIL_H
#define RNDC_UTIL_H 1
Modified: vendor/bind/dist/bin/tools/Makefile.in
===================================================================
--- vendor/bind/dist/bin/tools/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+# $Id: Makefile.in,v 1.13 2010/01/07 23:48:53 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/bin/tools/arpaname.1
===================================================================
--- vendor/bind/dist/bin/tools/arpaname.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/arpaname.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: arpaname.1,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: arpaname
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: March 4, 2009
+.\" Date: March 03, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "ARPANAME" "1" "March 4, 2009" "BIND9" "BIND9"
+.TH "ARPANAME" "1" "March 03, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -44,5 +44,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/tools/arpaname.c
===================================================================
--- vendor/bind/dist/bin/tools/arpaname.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/arpaname.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: arpaname.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: arpaname.c,v 1.4 2009/10/27 03:05:33 marka Exp $ */
#include "config.h"
Modified: vendor/bind/dist/bin/tools/arpaname.docbook
===================================================================
--- vendor/bind/dist/bin/tools/arpaname.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/arpaname.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: arpaname.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.arpaname">
<refentryinfo>
- <date>March 4, 2009</date>
+ <date>March 03, 2009</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<docinfo>
<copyright>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/tools/arpaname.html
===================================================================
--- vendor/bind/dist/bin/tools/arpaname.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/arpaname.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: arpaname.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543347"></a><h2>DESCRIPTION</h2>
+<a name="id2543356"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
@@ -38,13 +38,13 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543360"></a><h2>SEE ALSO</h2>
+<a name="id2543369"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543373"></a><h2>AUTHOR</h2>
+<a name="id2543383"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/tools/genrandom.8
===================================================================
--- vendor/bind/dist/bin/tools/genrandom.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/genrandom.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: genrandom.8,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: genrandom
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Feb 19, 2009
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "GENRANDOM" "8" "Feb 19, 2009" "BIND9" "BIND9"
+.TH "GENRANDOM" "8" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -65,5 +65,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009\-2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009\-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/tools/genrandom.c
===================================================================
--- vendor/bind/dist/bin/tools/genrandom.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/genrandom.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: genrandom.c,v 1.1.1.2 2013-08-22 22:51:54 laffer1 Exp $ */
+/* $Id: genrandom.c,v 1.7 2010/05/17 23:51:04 tbox Exp $ */
/*! \file */
#include <config.h>
@@ -120,7 +120,9 @@
return (0);
}
- len = strlen(argv[isc_commandline_index]) + 2;
+ len = strlen(argv[isc_commandline_index]);
+ INSIST((len + 2) > len);
+ len += 2;
name = (char *) malloc(len);
if (name == NULL) {
perror("malloc");
Modified: vendor/bind/dist/bin/tools/genrandom.docbook
===================================================================
--- vendor/bind/dist/bin/tools/genrandom.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/genrandom.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: genrandom.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.genrandom">
<refentryinfo>
- <date>Feb 19, 2009</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -40,6 +39,7 @@
<year>2010</year>
<year>2011</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/tools/genrandom.html
===================================================================
--- vendor/bind/dist/bin/tools/genrandom.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/genrandom.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: genrandom.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543370"></a><h2>DESCRIPTION</h2>
+<a name="id2543381"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@@ -40,7 +40,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543383"></a><h2>ARGUMENTS</h2>
+<a name="id2543394"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@@ -58,7 +58,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543444"></a><h2>SEE ALSO</h2>
+<a name="id2543454"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
@@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543470"></a><h2>AUTHOR</h2>
+<a name="id2543481"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/tools/isc-hmac-fixup.8
===================================================================
--- vendor/bind/dist/bin/tools/isc-hmac-fixup.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/isc-hmac-fixup.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: isc-hmac-fixup.8,v 1.1.1.2 2013-08-22 22:51:54 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: isc\-hmac\-fixup
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: January 5, 2010
+.\" Date: April 28, 2013
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "ISC\-HMAC\-FIXUP" "8" "January 5, 2010" "BIND9" "BIND9"
+.TH "ISC\-HMAC\-FIXUP" "8" "April 28, 2013" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -57,5 +57,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/tools/isc-hmac-fixup.c
===================================================================
--- vendor/bind/dist/bin/tools/isc-hmac-fixup.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/isc-hmac-fixup.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: isc-hmac-fixup.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: isc-hmac-fixup.c,v 1.4 2010/03/10 02:17:52 marka Exp $ */
#include <config.h>
@@ -52,7 +52,7 @@
fprintf(stderr, "error: %s\n", isc_result_totext(result));
return (1);
}
- isc__buffer_usedregion(&buf, &r);
+ isc_buffer_usedregion(&buf, &r);
if (!strcasecmp(argv[1], "md5") ||
!strcasecmp(argv[1], "hmac-md5")) {
Modified: vendor/bind/dist/bin/tools/isc-hmac-fixup.docbook
===================================================================
--- vendor/bind/dist/bin/tools/isc-hmac-fixup.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/isc-hmac-fixup.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-hmac-fixup.docbook,v 1.1.1.2 2013-08-22 22:51:54 laffer1 Exp $ -->
<refentry id="man.isc-hmac-fixup">
<refentryinfo>
- <date>January 5, 2010</date>
+ <date>April 28, 2013</date>
</refentryinfo>
<refmeta>
@@ -38,6 +37,7 @@
<copyright>
<year>2010</year>
<year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/tools/isc-hmac-fixup.html
===================================================================
--- vendor/bind/dist/bin/tools/isc-hmac-fixup.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/isc-hmac-fixup.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-hmac-fixup.html,v 1.1.1.2 2013-08-22 22:51:54 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543355"></a><h2>DESCRIPTION</h2>
+<a name="id2543366"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -57,7 +57,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543379"></a><h2>SECURITY CONSIDERATIONS</h2>
+<a name="id2543389"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@@ -68,7 +68,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543393"></a><h2>SEE ALSO</h2>
+<a name="id2543403"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
@@ -75,7 +75,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543410"></a><h2>AUTHOR</h2>
+<a name="id2543489"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/tools/named-journalprint.8
===================================================================
--- vendor/bind/dist/bin/tools/named-journalprint.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/named-journalprint.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-journalprint.8,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: named\-journalprint
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Feb 18, 2009
+.\" Date: December 04, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NAMED\-JOURNALPRINT" "8" "Feb 18, 2009" "BIND9" "BIND9"
+.TH "NAMED\-JOURNALPRINT" "8" "December 04, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -56,5 +56,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/tools/named-journalprint.c
===================================================================
--- vendor/bind/dist/bin/tools/named-journalprint.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/named-journalprint.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-journalprint.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id: named-journalprint.c,v 1.2 2009/12/04 21:59:23 marka Exp $ */
/*! \file */
#include <config.h>
Modified: vendor/bind/dist/bin/tools/named-journalprint.docbook
===================================================================
--- vendor/bind/dist/bin/tools/named-journalprint.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/named-journalprint.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-journalprint.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.named-journalprint">
<refentryinfo>
- <date>Feb 18, 2009</date>
+ <date>December 04, 2009</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<docinfo>
<copyright>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/tools/named-journalprint.html
===================================================================
--- vendor/bind/dist/bin/tools/named-journalprint.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/named-journalprint.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-journalprint.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543344"></a><h2>DESCRIPTION</h2>
+<a name="id2543354"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
@@ -57,7 +57,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543379"></a><h2>SEE ALSO</h2>
+<a name="id2543389"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543410"></a><h2>AUTHOR</h2>
+<a name="id2543420"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind/dist/bin/tools/nsec3hash.8
===================================================================
--- vendor/bind/dist/bin/tools/nsec3hash.8 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/nsec3hash.8 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nsec3hash.8,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -19,11 +19,11 @@
.\" Title: nsec3hash
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Feb 18, 2009
+.\" Date: March 02, 2009
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NSEC3HASH" "8" "Feb 18, 2009" "BIND9" "BIND9"
+.TH "NSEC3HASH" "8" "March 02, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -66,5 +66,5 @@
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: vendor/bind/dist/bin/tools/nsec3hash.c
===================================================================
--- vendor/bind/dist/bin/tools/nsec3hash.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/nsec3hash.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2008, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2006, 2008, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec3hash.c,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -59,8 +59,9 @@
}
static void
-usage() {
- printf("Usage: %s salt algorithm iterations domain\n", program);
+usage(void) {
+ fprintf(stderr, "Usage: %s salt algorithm iterations domain\n",
+ program);
exit(1);
}
@@ -115,7 +116,7 @@
region.base = hash;
region.length = length;
isc_buffer_init(&buffer, text, sizeof(text));
- isc_base32hex_totext(®ion, 1, "", &buffer);
+ isc_base32hexnp_totext(®ion, 1, "", &buffer);
fprintf(stdout, "%.*s (salt=%s, hash=%u, iterations=%u)\n",
(int)isc_buffer_usedlength(&buffer), text, argv[1], hash_alg, iterations);
return(0);
Modified: vendor/bind/dist/bin/tools/nsec3hash.docbook
===================================================================
--- vendor/bind/dist/bin/tools/nsec3hash.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/nsec3hash.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +17,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsec3hash.docbook,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
<refentry id="man.nsec3hash">
<refentryinfo>
- <date>Feb 18, 2009</date>
+ <date>March 02, 2009</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<docinfo>
<copyright>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
Modified: vendor/bind/dist/bin/tools/nsec3hash.html
===================================================================
--- vendor/bind/dist/bin/tools/nsec3hash.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/nsec3hash.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsec3hash.html,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543369"></a><h2>DESCRIPTION</h2>
+<a name="id2543379"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -39,7 +39,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543382"></a><h2>ARGUMENTS</h2>
+<a name="id2543392"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">salt</span></dt>
<dd><p>
@@ -63,7 +63,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543444"></a><h2>SEE ALSO</h2>
+<a name="id2543453"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
@@ -70,7 +70,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543461"></a><h2>AUTHOR</h2>
+<a name="id2543470"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Deleted: vendor/bind/dist/bin/tools/win32/arpaname.dsp
===================================================================
--- vendor/bind/dist/bin/tools/win32/arpaname.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/arpaname.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="arpaname" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=arpaname - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "arpaname.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "arpaname.mak" CFG="arpaname - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "arpaname - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "arpaname - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "arpaname - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/arpaname.exe"
-
-!ELSEIF "$(CFG)" == "arpaname - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/arpaname.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "arpaname - Win32 Release"
-# Name "arpaname - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\arpaname.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/tools/win32/arpaname.dsp.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/arpaname.dsp.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/arpaname.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="arpaname" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=arpaname - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "arpaname.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "arpaname.mak" CFG="arpaname - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "arpaname - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "arpaname - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "arpaname - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/arpaname.exe"
+
+!ELSEIF "$(CFG)" == "arpaname - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/arpaname.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "arpaname - @PLATFORM@ Release"
+# Name "arpaname - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\arpaname.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/tools/win32/arpaname.mak
===================================================================
--- vendor/bind/dist/bin/tools/win32/arpaname.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/arpaname.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,299 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on arpaname.dsp
-!IF "$(CFG)" == ""
-CFG=arpaname - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to arpaname - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "arpaname - Win32 Release" && "$(CFG)" != "arpaname - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "arpaname.mak" CFG="arpaname - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "arpaname - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "arpaname - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "arpaname - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "arpaname - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\arpaname.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\arpaname.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\arpaname.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\arpaname.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\arpaname.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\arpaname.pdb" /machine:I386 /out:"../../../Build/Release/arpaname.exe"
-LINK32_OBJS= \
- "$(INTDIR)\arpaname.obj"
-
-"..\..\..\Build\Release\arpaname.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "arpaname - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\arpaname.exe" "$(OUTDIR)\arpaname.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\arpaname.obj"
- - at erase "$(INTDIR)\arpaname.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\arpaname.pdb"
- - at erase "$(OUTDIR)\arpaname.bsc"
- - at erase "..\..\..\Build\Debug\arpaname.exe"
- - at erase "..\..\..\Build\Debug\arpaname.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\arpaname.bsc"
-BSC32_SBRS= \
- "$(INTDIR)\arpaname.sbr"
-
-"$(OUTDIR)\arpaname.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\arpaname.pdb" /debug /machine:I386 /out:"../../../Build/Debug/arpaname.exe" /pdbtype:sept
-LINK32_OBJS= \
- "$(INTDIR)\arpaname.obj"
-
-"..\..\..\Build\Debug\arpaname.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("arpaname.dep")
-!INCLUDE "arpaname.dep"
-!ELSE
-!MESSAGE Warning: cannot find "arpaname.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "arpaname - Win32 Release" || "$(CFG)" == "arpaname - Win32 Debug"
-SOURCE="..\arpaname.c"
-
-!IF "$(CFG)" == "arpaname - Win32 Release"
-
-
-"$(INTDIR)\arpaname.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "arpaname - Win32 Debug"
-
-
-"$(INTDIR)\arpaname.obj" "$(INTDIR)\arpaname.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/tools/win32/arpaname.mak.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/arpaname.mak.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/arpaname.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,299 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on arpaname.dsp
+!IF "$(CFG)" == ""
+CFG=arpaname - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to arpaname - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "arpaname - @PLATFORM@ Release" && "$(CFG)" != "arpaname - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "arpaname.mak" CFG="arpaname - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "arpaname - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "arpaname - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "arpaname - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "arpaname - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\arpaname.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\arpaname.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\arpaname.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\arpaname.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\arpaname.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\arpaname.pdb" @MACHINE@ /out:"../../../Build/Release/arpaname.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\arpaname.obj"
+
+"..\..\..\Build\Release\arpaname.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "arpaname - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\arpaname.exe" "$(OUTDIR)\arpaname.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\arpaname.obj"
+ - at erase "$(INTDIR)\arpaname.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\arpaname.pdb"
+ - at erase "$(OUTDIR)\arpaname.bsc"
+ - at erase "..\..\..\Build\Debug\arpaname.exe"
+ - at erase "..\..\..\Build\Debug\arpaname.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\arpaname.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\arpaname.sbr"
+
+"$(OUTDIR)\arpaname.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\arpaname.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/arpaname.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\arpaname.obj"
+
+"..\..\..\Build\Debug\arpaname.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("arpaname.dep")
+!INCLUDE "arpaname.dep"
+!ELSE
+!MESSAGE Warning: cannot find "arpaname.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "arpaname - @PLATFORM@ Release" || "$(CFG)" == "arpaname - @PLATFORM@ Debug"
+SOURCE="..\arpaname.c"
+
+!IF "$(CFG)" == "arpaname - @PLATFORM@ Release"
+
+
+"$(INTDIR)\arpaname.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "arpaname - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\arpaname.obj" "$(INTDIR)\arpaname.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/arpaname.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Deleted: vendor/bind/dist/bin/tools/win32/genrandom.dsp
===================================================================
--- vendor/bind/dist/bin/tools/win32/genrandom.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/genrandom.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="genrandom" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=genrandom - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "genrandom.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "genrandom.mak" CFG="genrandom - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "genrandom - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "genrandom - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "genrandom - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/genrandom.exe"
-
-!ELSEIF "$(CFG)" == "genrandom - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/genrandom.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "genrandom - Win32 Release"
-# Name "genrandom - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\genrandom.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/tools/win32/genrandom.dsp.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/genrandom.dsp.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/genrandom.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="genrandom" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=genrandom - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "genrandom.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "genrandom.mak" CFG="genrandom - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "genrandom - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "genrandom - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "genrandom - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/genrandom.exe"
+
+!ELSEIF "$(CFG)" == "genrandom - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/genrandom.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "genrandom - @PLATFORM@ Release"
+# Name "genrandom - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\genrandom.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/tools/win32/genrandom.mak
===================================================================
--- vendor/bind/dist/bin/tools/win32/genrandom.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/genrandom.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,299 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on genrandom.dsp
-!IF "$(CFG)" == ""
-CFG=genrandom - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to genrandom - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "genrandom - Win32 Release" && "$(CFG)" != "genrandom - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "genrandom.mak" CFG="genrandom - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "genrandom - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "genrandom - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "genrandom - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "genrandom - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\genrandom.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\genrandom.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\genrandom.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\genrandom.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\genrandom.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\genrandom.pdb" /machine:I386 /out:"../../../Build/Release/genrandom.exe"
-LINK32_OBJS= \
- "$(INTDIR)\genrandom.obj" \
-
-"..\..\..\Build\Release\genrandom.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "genrandom - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\genrandom.exe" "$(OUTDIR)\genrandom.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\genrandom.obj"
- - at erase "$(INTDIR)\genrandom.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\genrandom.pdb"
- - at erase "$(OUTDIR)\genrandom.bsc"
- - at erase "..\..\..\Build\Debug\genrandom.exe"
- - at erase "..\..\..\Build\Debug\genrandom.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\genrandom.bsc"
-BSC32_SBRS= \
- "$(INTDIR)\genrandom.sbr"
-
-"$(OUTDIR)\genrandom.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\genrandom.pdb" /debug /machine:I386 /out:"../../../Build/Debug/genrandom.exe" /pdbtype:sept
-LINK32_OBJS= \
- "$(INTDIR)\genrandom.obj"
-
-"..\..\..\Build\Debug\genrandom.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("genrandom.dep")
-!INCLUDE "genrandom.dep"
-!ELSE
-!MESSAGE Warning: cannot find "genrandom.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "genrandom - Win32 Release" || "$(CFG)" == "genrandom - Win32 Debug"
-SOURCE="..\genrandom.c"
-
-!IF "$(CFG)" == "genrandom - Win32 Release"
-
-
-"$(INTDIR)\genrandom.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "genrandom - Win32 Debug"
-
-
-"$(INTDIR)\genrandom.obj" "$(INTDIR)\genrandom.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/tools/win32/genrandom.mak.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/genrandom.mak.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/genrandom.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,299 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on genrandom.dsp
+!IF "$(CFG)" == ""
+CFG=genrandom - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to genrandom - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "genrandom - @PLATFORM@ Release" && "$(CFG)" != "genrandom - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "genrandom.mak" CFG="genrandom - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "genrandom - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "genrandom - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "genrandom - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "genrandom - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\genrandom.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\genrandom.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\genrandom.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\genrandom.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\genrandom.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\genrandom.pdb" @MACHINE@ /out:"../../../Build/Release/genrandom.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\genrandom.obj" \
+
+"..\..\..\Build\Release\genrandom.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "genrandom - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\genrandom.exe" "$(OUTDIR)\genrandom.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\genrandom.obj"
+ - at erase "$(INTDIR)\genrandom.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\genrandom.pdb"
+ - at erase "$(OUTDIR)\genrandom.bsc"
+ - at erase "..\..\..\Build\Debug\genrandom.exe"
+ - at erase "..\..\..\Build\Debug\genrandom.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\genrandom.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\genrandom.sbr"
+
+"$(OUTDIR)\genrandom.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\genrandom.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/genrandom.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\genrandom.obj"
+
+"..\..\..\Build\Debug\genrandom.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("genrandom.dep")
+!INCLUDE "genrandom.dep"
+!ELSE
+!MESSAGE Warning: cannot find "genrandom.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "genrandom - @PLATFORM@ Release" || "$(CFG)" == "genrandom - @PLATFORM@ Debug"
+SOURCE="..\genrandom.c"
+
+!IF "$(CFG)" == "genrandom - @PLATFORM@ Release"
+
+
+"$(INTDIR)\genrandom.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "genrandom - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\genrandom.obj" "$(INTDIR)\genrandom.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/genrandom.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Deleted: vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp
===================================================================
--- vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="ischmacfixup" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=ischmacfixup - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "ischmacfixup.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "ischmacfixup.mak" CFG="ischmacfixup - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "ischmacfixup - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ischmacfixup - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "ischmacfixup - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/isc-hmac-fixup.exe"
-
-!ELSEIF "$(CFG)" == "ischmacfixup - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/isc-hmac-fixup.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "ischmacfixup - Win32 Release"
-# Name "ischmacfixup - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\isc-hmac-fixup.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/ischmacfixup.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="ischmacfixup" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=ischmacfixup - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "ischmacfixup.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "ischmacfixup.mak" CFG="ischmacfixup - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "ischmacfixup - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "ischmacfixup - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "ischmacfixup - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/isc-hmac-fixup.exe"
+
+!ELSEIF "$(CFG)" == "ischmacfixup - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/isc-hmac-fixup.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "ischmacfixup - @PLATFORM@ Release"
+# Name "ischmacfixup - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\isc-hmac-fixup.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/tools/win32/ischmacfixup.mak
===================================================================
--- vendor/bind/dist/bin/tools/win32/ischmacfixup.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/ischmacfixup.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,299 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on ischmacfixup.dsp
-!IF "$(CFG)" == ""
-CFG=ischmacfixup - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to ischmacfixup - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "ischmacfixup - Win32 Release" && "$(CFG)" != "ischmacfixup - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "ischmacfixup.mak" CFG="ischmacfixup - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "ischmacfixup - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ischmacfixup - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "ischmacfixup - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "ischmacfixup - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\isc-hmac-fixup.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\isc-hmac-fixup.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\isc-hmac-fixup.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\isc-hmac-fixup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\isc-hmac-fixup.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\isc-hmac-fixup.pdb" /machine:I386 /out:"../../../Build/Release/isc-hmac-fixup.exe"
-LINK32_OBJS= \
- "$(INTDIR)\isc-hmac-fixup.obj"
-
-"..\..\..\Build\Release\isc-hmac-fixup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "ischmacfixup - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\isc-hmac-fixup.exe" "$(OUTDIR)\isc-hmac-fixup.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\isc-hmac-fixup.obj"
- - at erase "$(INTDIR)\isc-hmac-fixup.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\isc-hmac-fixup.pdb"
- - at erase "$(OUTDIR)\isc-hmac-fixup.bsc"
- - at erase "..\..\..\Build\Debug\isc-hmac-fixup.exe"
- - at erase "..\..\..\Build\Debug\isc-hmac-fixup.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\isc-hmac-fixup.bsc"
-BSC32_SBRS= \
- "$(INTDIR)\isc-hmac-fixup.sbr"
-
-"$(OUTDIR)\isc-hmac-fixup.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\isc-hmac-fixup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/isc-hmac-fixup.exe" /pdbtype:sept
-LINK32_OBJS= \
- "$(INTDIR)\isc-hmac-fixup.obj"
-
-"..\..\..\Build\Debug\isc-hmac-fixup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("isc-hmac-fixup.dep")
-!INCLUDE "isc-hmac-fixup.dep"
-!ELSE
-!MESSAGE Warning: cannot find "isc-hmac-fixup.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "ischmacfixup - Win32 Release" || "$(CFG)" == "ischmacfixup - Win32 Debug"
-SOURCE="..\isc-hmac-fixup.c"
-
-!IF "$(CFG)" == "ischmacfixup - Win32 Release"
-
-
-"$(INTDIR)\isc-hmac-fixup.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "ischmacfixup - Win32 Debug"
-
-
-"$(INTDIR)\isc-hmac-fixup.obj" "$(INTDIR)\isc-hmac-fixup.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/tools/win32/ischmacfixup.mak.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/ischmacfixup.mak.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/ischmacfixup.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,299 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on ischmacfixup.dsp
+!IF "$(CFG)" == ""
+CFG=ischmacfixup - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to ischmacfixup - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "ischmacfixup - @PLATFORM@ Release" && "$(CFG)" != "ischmacfixup - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "ischmacfixup.mak" CFG="ischmacfixup - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "ischmacfixup - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "ischmacfixup - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "ischmacfixup - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "ischmacfixup - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\isc-hmac-fixup.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\isc-hmac-fixup.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\isc-hmac-fixup.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\isc-hmac-fixup.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\isc-hmac-fixup.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\isc-hmac-fixup.pdb" @MACHINE@ /out:"../../../Build/Release/isc-hmac-fixup.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\isc-hmac-fixup.obj"
+
+"..\..\..\Build\Release\isc-hmac-fixup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "ischmacfixup - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\isc-hmac-fixup.exe" "$(OUTDIR)\isc-hmac-fixup.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\isc-hmac-fixup.obj"
+ - at erase "$(INTDIR)\isc-hmac-fixup.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\isc-hmac-fixup.pdb"
+ - at erase "$(OUTDIR)\isc-hmac-fixup.bsc"
+ - at erase "..\..\..\Build\Debug\isc-hmac-fixup.exe"
+ - at erase "..\..\..\Build\Debug\isc-hmac-fixup.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\isc-hmac-fixup.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\isc-hmac-fixup.sbr"
+
+"$(OUTDIR)\isc-hmac-fixup.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\isc-hmac-fixup.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/isc-hmac-fixup.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\isc-hmac-fixup.obj"
+
+"..\..\..\Build\Debug\isc-hmac-fixup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("isc-hmac-fixup.dep")
+!INCLUDE "isc-hmac-fixup.dep"
+!ELSE
+!MESSAGE Warning: cannot find "isc-hmac-fixup.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "ischmacfixup - @PLATFORM@ Release" || "$(CFG)" == "ischmacfixup - @PLATFORM@ Debug"
+SOURCE="..\isc-hmac-fixup.c"
+
+!IF "$(CFG)" == "ischmacfixup - @PLATFORM@ Release"
+
+
+"$(INTDIR)\isc-hmac-fixup.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "ischmacfixup - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\isc-hmac-fixup.obj" "$(INTDIR)\isc-hmac-fixup.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/ischmacfixup.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Deleted: vendor/bind/dist/bin/tools/win32/journalprint.dsp
===================================================================
--- vendor/bind/dist/bin/tools/win32/journalprint.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/journalprint.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="journalprint" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=journalprint - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "journalprint.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "journalprint.mak" CFG="journalprint - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "journalprint - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "journalprint - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "journalprint - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-journalprint.exe"
-
-!ELSEIF "$(CFG)" == "journalprint - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-journalprint.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "journalprint - Win32 Release"
-# Name "journalprint - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\named-journalprint.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/tools/win32/journalprint.dsp.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/journalprint.dsp.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/journalprint.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="journalprint" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=journalprint - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "journalprint.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "journalprint.mak" CFG="journalprint - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "journalprint - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "journalprint - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "journalprint - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/named-journalprint.exe"
+
+!ELSEIF "$(CFG)" == "journalprint - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/named-journalprint.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "journalprint - @PLATFORM@ Release"
+# Name "journalprint - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\named-journalprint.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/tools/win32/journalprint.mak
===================================================================
--- vendor/bind/dist/bin/tools/win32/journalprint.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/journalprint.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,299 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on journalprint.dsp
-!IF "$(CFG)" == ""
-CFG=journalprint - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to journalprint - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "journalprint - Win32 Release" && "$(CFG)" != "journalprint - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "journalprint.mak" CFG="journalprint - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "journalprint - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "journalprint - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "journalprint - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "journalprint - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\named-journalprint.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\named-journalprint.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\named-journalprint.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\journalprint.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\journalprint.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-journalprint.pdb" /machine:I386 /out:"../../../Build/Release/named-journalprint.exe"
-LINK32_OBJS= \
- "$(INTDIR)\named-journalprint.obj"
-
-"..\..\..\Build\Release\named-journalprint.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "journalprint - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\named-journalprint.exe" "$(OUTDIR)\journalprint.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\named-journalprint.obj"
- - at erase "$(INTDIR)\named-journalprint.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\named-journalprint.pdb"
- - at erase "$(OUTDIR)\journalprint.bsc"
- - at erase "..\..\..\Build\Debug\named-journalprint.exe"
- - at erase "..\..\..\Build\Debug\named-journalprint.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\journalprint.bsc"
-BSC32_SBRS= \
- "$(INTDIR)\named-journalprint.sbr"
-
-"$(OUTDIR)\journalprint.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-journalprint.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-journalprint.exe" /pdbtype:sept
-LINK32_OBJS= \
- "$(INTDIR)\named-journalprint.obj"
-
-"..\..\..\Build\Debug\named-journalprint.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("journalprint.dep")
-!INCLUDE "journalprint.dep"
-!ELSE
-!MESSAGE Warning: cannot find "journalprint.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "journalprint - Win32 Release" || "$(CFG)" == "journalprint - Win32 Debug"
-SOURCE="..\named-journalprint.c"
-
-!IF "$(CFG)" == "journalprint - Win32 Release"
-
-
-"$(INTDIR)\named-journalprint.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "journalprint - Win32 Debug"
-
-
-"$(INTDIR)\named-journalprint.obj" "$(INTDIR)\named-journalprint.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/tools/win32/journalprint.mak.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/journalprint.mak.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/journalprint.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,299 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on journalprint.dsp
+!IF "$(CFG)" == ""
+CFG=journalprint - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to journalprint - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "journalprint - @PLATFORM@ Release" && "$(CFG)" != "journalprint - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "journalprint.mak" CFG="journalprint - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "journalprint - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "journalprint - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "journalprint - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "journalprint - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\named-journalprint.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\named-journalprint.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\named-journalprint.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\journalprint.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\journalprint.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-journalprint.pdb" @MACHINE@ /out:"../../../Build/Release/named-journalprint.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\named-journalprint.obj"
+
+"..\..\..\Build\Release\named-journalprint.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "journalprint - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\named-journalprint.exe" "$(OUTDIR)\journalprint.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\named-journalprint.obj"
+ - at erase "$(INTDIR)\named-journalprint.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\named-journalprint.pdb"
+ - at erase "$(OUTDIR)\journalprint.bsc"
+ - at erase "..\..\..\Build\Debug\named-journalprint.exe"
+ - at erase "..\..\..\Build\Debug\named-journalprint.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\journalprint.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\named-journalprint.sbr"
+
+"$(OUTDIR)\journalprint.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-journalprint.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/named-journalprint.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\named-journalprint.obj"
+
+"..\..\..\Build\Debug\named-journalprint.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("journalprint.dep")
+!INCLUDE "journalprint.dep"
+!ELSE
+!MESSAGE Warning: cannot find "journalprint.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "journalprint - @PLATFORM@ Release" || "$(CFG)" == "journalprint - @PLATFORM@ Debug"
+SOURCE="..\named-journalprint.c"
+
+!IF "$(CFG)" == "journalprint - @PLATFORM@ Release"
+
+
+"$(INTDIR)\named-journalprint.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "journalprint - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\named-journalprint.obj" "$(INTDIR)\named-journalprint.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/journalprint.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Deleted: vendor/bind/dist/bin/tools/win32/nsec3hash.dsp
===================================================================
--- vendor/bind/dist/bin/tools/win32/nsec3hash.dsp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/nsec3hash.dsp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="nsec3hash" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=nsec3hash - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "nsec3hash.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "nsec3hash.mak" CFG="nsec3hash - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "nsec3hash - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "nsec3hash - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "nsec3hash - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nsec3hash.exe"
-
-!ELSEIF "$(CFG)" == "nsec3hash - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nsec3hash.exe" /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "nsec3hash - Win32 Release"
-# Name "nsec3hash - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\nsec3hash.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
Added: vendor/bind/dist/bin/tools/win32/nsec3hash.dsp.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/nsec3hash.dsp.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/nsec3hash.dsp.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="nsec3hash" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
+
+CFG=nsec3hash - @PLATFORM@ Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "nsec3hash.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "nsec3hash.mak" CFG="nsec3hash - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "nsec3hash - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "nsec3hash - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "nsec3hash - @PLATFORM@ Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/nsec3hash.exe"
+
+!ELSEIF "$(CFG)" == "nsec3hash - @PLATFORM@ Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X @COPTY@
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/nsec3hash.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "nsec3hash - @PLATFORM@ Release"
+# Name "nsec3hash - @PLATFORM@ Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\nsec3hash.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
Deleted: vendor/bind/dist/bin/tools/win32/nsec3hash.mak
===================================================================
--- vendor/bind/dist/bin/tools/win32/nsec3hash.mak 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/nsec3hash.mak 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,299 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on nsec3hash.dsp
-!IF "$(CFG)" == ""
-CFG=nsec3hash - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to nsec3hash - Win32 Debug.
-!ENDIF
-
-!IF "$(CFG)" != "nsec3hash - Win32 Release" && "$(CFG)" != "nsec3hash - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "nsec3hash.mak" CFG="nsec3hash - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "nsec3hash - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "nsec3hash - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-!ERROR An invalid configuration is specified.
-!ENDIF
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE
-NULL=nul
-!ENDIF
-
-!IF "$(CFG)" == "nsec3hash - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
- $(_VC_MANIFEST_BASENAME).auto.rc \
- $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF "$(CFG)" == "nsec3hash - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\nsec3hash.exe"
-
-
-CLEAN :
- - at erase "$(INTDIR)\nsec3hash.obj"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "..\..\..\Build\Release\nsec3hash.exe"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nsec3hash.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\nsec3hash.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nsec3hash.pdb" /machine:I386 /out:"../../../Build/Release/nsec3hash.exe"
-LINK32_OBJS= \
- "$(INTDIR)\nsec3hash.obj"
-
-"..\..\..\Build\Release\nsec3hash.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF "$(CFG)" == "nsec3hash - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\nsec3hash.exe" "$(OUTDIR)\nsec3hash.bsc"
-
-
-CLEAN :
- - at erase "$(INTDIR)\nsec3hash.obj"
- - at erase "$(INTDIR)\nsec3hash.sbr"
- - at erase "$(INTDIR)\vc60.idb"
- - at erase "$(INTDIR)\vc60.pdb"
- - at erase "$(OUTDIR)\nsec3hash.pdb"
- - at erase "$(OUTDIR)\nsec3hash.bsc"
- - at erase "..\..\..\Build\Debug\nsec3hash.exe"
- - at erase "..\..\..\Build\Debug\nsec3hash.ilk"
- -@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
-
-.c{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.obj::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.c{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cpp{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-.cxx{$(INTDIR)}.sbr::
- $(CPP) @<<
- $(CPP_PROJ) $<
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\nsec3hash.bsc"
-BSC32_SBRS= \
- "$(INTDIR)\nsec3hash.sbr"
-
-"$(OUTDIR)\nsec3hash.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
- $(BSC32) @<<
- $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nsec3hash.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nsec3hash.exe" /pdbtype:sept
-LINK32_OBJS= \
- "$(INTDIR)\nsec3hash.obj"
-
-"..\..\..\Build\Debug\nsec3hash.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
- $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("nsec3hash.dep")
-!INCLUDE "nsec3hash.dep"
-!ELSE
-!MESSAGE Warning: cannot find "nsec3hash.dep"
-!ENDIF
-!ENDIF
-
-
-!IF "$(CFG)" == "nsec3hash - Win32 Release" || "$(CFG)" == "nsec3hash - Win32 Debug"
-SOURCE="..\nsec3hash.c"
-
-!IF "$(CFG)" == "nsec3hash - Win32 Release"
-
-
-"$(INTDIR)\nsec3hash.obj" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF "$(CFG)" == "nsec3hash - Win32 Debug"
-
-
-"$(INTDIR)\nsec3hash.obj" "$(INTDIR)\nsec3hash.sbr" : $(SOURCE) "$(INTDIR)"
- $(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF
-
-!ENDIF
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
- type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
- type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
Added: vendor/bind/dist/bin/tools/win32/nsec3hash.mak.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/nsec3hash.mak.in (rev 0)
+++ vendor/bind/dist/bin/tools/win32/nsec3hash.mak.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,299 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on nsec3hash.dsp
+!IF "$(CFG)" == ""
+CFG=nsec3hash - @PLATFORM@ Debug
+!MESSAGE No configuration specified. Defaulting to nsec3hash - @PLATFORM@ Debug.
+!ENDIF
+
+!IF "$(CFG)" != "nsec3hash - @PLATFORM@ Release" && "$(CFG)" != "nsec3hash - @PLATFORM@ Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "nsec3hash.mak" CFG="nsec3hash - @PLATFORM@ Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "nsec3hash - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE "nsec3hash - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "nsec3hash - @PLATFORM@ Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "nsec3hash - @PLATFORM@ Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\nsec3hash.exe"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\nsec3hash.obj"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "..\..\..\Build\Release\nsec3hash.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nsec3hash.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nsec3hash.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nsec3hash.pdb" @MACHINE@ /out:"../../../Build/Release/nsec3hash.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\nsec3hash.obj"
+
+"..\..\..\Build\Release\nsec3hash.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "nsec3hash - @PLATFORM@ Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\nsec3hash.exe" "$(OUTDIR)\nsec3hash.bsc"
+
+
+CLEAN :
+ - at erase "$(INTDIR)\nsec3hash.obj"
+ - at erase "$(INTDIR)\nsec3hash.sbr"
+ - at erase "$(INTDIR)\vc60.idb"
+ - at erase "$(INTDIR)\vc60.pdb"
+ - at erase "$(OUTDIR)\nsec3hash.pdb"
+ - at erase "$(OUTDIR)\nsec3hash.bsc"
+ - at erase "..\..\..\Build\Debug\nsec3hash.exe"
+ - at erase "..\..\..\Build\Debug\nsec3hash.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nsec3hash.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\nsec3hash.sbr"
+
+"$(OUTDIR)\nsec3hash.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nsec3hash.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/nsec3hash.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\nsec3hash.obj"
+
+"..\..\..\Build\Debug\nsec3hash.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("nsec3hash.dep")
+!INCLUDE "nsec3hash.dep"
+!ELSE
+!MESSAGE Warning: cannot find "nsec3hash.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "nsec3hash - @PLATFORM@ Release" || "$(CFG)" == "nsec3hash - @PLATFORM@ Debug"
+SOURCE="..\nsec3hash.c"
+
+!IF "$(CFG)" == "nsec3hash - @PLATFORM@ Release"
+
+
+"$(INTDIR)\nsec3hash.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "nsec3hash - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\nsec3hash.obj" "$(INTDIR)\nsec3hash.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
Added: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.filters.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.filters.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.filters.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.filters.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.filters.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.in
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.in
===================================================================
--- vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.in 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.user
===================================================================
(Binary files differ)
Index: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.user
===================================================================
--- vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.user 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.user 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/bin/tools/win32/nsec3hash.vcxproj.user
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Modified: vendor/bind/dist/doc/Makefile.in
===================================================================
--- vendor/bind/dist/doc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:57 laffer1 Exp $
+# $Id: Makefile.in,v 1.11 2007/06/19 23:47:13 tbox Exp $
# This Makefile is a placeholder. It exists merely to make
# sure that its directory gets created in the object directory
Modified: vendor/bind/dist/doc/arm/Bv9ARM-book.xml
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM-book.xml 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM-book.xml 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,8 +1,8 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,6 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- File: $Id: Bv9ARM-book.xml,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@@ -34,6 +33,7 @@
<year>2011</year>
<year>2012</year>
<year>2013</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -43,6 +43,7 @@
<year>2003</year>
<holder>Internet Software Consortium.</holder>
</copyright>
+ <xi:include href="releaseinfo.xml"/>
</bookinfo>
<chapter id="Bv9ARM.ch01">
@@ -62,46 +63,43 @@
<title>Scope of Document</title>
<para>
- The Berkeley Internet Name Domain
- (<acronym>BIND</acronym>) implements a
- domain name server for a number of operating systems. This
- document provides basic information about the installation and
- care of the Internet Systems Consortium (<acronym>ISC</acronym>)
- <acronym>BIND</acronym> version 9 software package for
- system administrators.
+ The Berkeley Internet Name Domain
+ (<acronym>BIND</acronym>) implements a
+ domain name server for a number of operating systems. This
+ document provides basic information about the installation and
+ care of the Internet Systems Consortium (<acronym>ISC</acronym>)
+ <acronym>BIND</acronym> version 9 software package for
+ system administrators.
</para>
+ <xi:include href="pkgversion.xml"/>
+ </sect1>
- <para>
- This version of the manual corresponds to BIND version 9.8.
- </para>
-
- </sect1>
<sect1>
<title>Organization of This Document</title>
<para>
- In this document, <emphasis>Chapter 1</emphasis> introduces
- the basic <acronym>DNS</acronym> and <acronym>BIND</acronym> concepts. <emphasis>Chapter 2</emphasis>
- describes resource requirements for running <acronym>BIND</acronym> in various
- environments. Information in <emphasis>Chapter 3</emphasis> is
- <emphasis>task-oriented</emphasis> in its presentation and is
- organized functionally, to aid in the process of installing the
- <acronym>BIND</acronym> 9 software. The task-oriented
- section is followed by
- <emphasis>Chapter 4</emphasis>, which contains more advanced
- concepts that the system administrator may need for implementing
- certain options. <emphasis>Chapter 5</emphasis>
- describes the <acronym>BIND</acronym> 9 lightweight
- resolver. The contents of <emphasis>Chapter 6</emphasis> are
- organized as in a reference manual to aid in the ongoing
- maintenance of the software. <emphasis>Chapter 7</emphasis> addresses
- security considerations, and
- <emphasis>Chapter 8</emphasis> contains troubleshooting help. The
- main body of the document is followed by several
- <emphasis>appendices</emphasis> which contain useful reference
- information, such as a <emphasis>bibliography</emphasis> and
- historic information related to <acronym>BIND</acronym>
- and the Domain Name
- System.
+ In this document, <emphasis>Chapter 1</emphasis> introduces
+ the basic <acronym>DNS</acronym> and <acronym>BIND</acronym> concepts. <emphasis>Chapter 2</emphasis>
+ describes resource requirements for running <acronym>BIND</acronym> in various
+ environments. Information in <emphasis>Chapter 3</emphasis> is
+ <emphasis>task-oriented</emphasis> in its presentation and is
+ organized functionally, to aid in the process of installing the
+ <acronym>BIND</acronym> 9 software. The task-oriented
+ section is followed by
+ <emphasis>Chapter 4</emphasis>, which contains more advanced
+ concepts that the system administrator may need for implementing
+ certain options. <emphasis>Chapter 5</emphasis>
+ describes the <acronym>BIND</acronym> 9 lightweight
+ resolver. The contents of <emphasis>Chapter 6</emphasis> are
+ organized as in a reference manual to aid in the ongoing
+ maintenance of the software. <emphasis>Chapter 7</emphasis> addresses
+ security considerations, and
+ <emphasis>Chapter 8</emphasis> contains troubleshooting help. The
+ main body of the document is followed by several
+ <emphasis>appendices</emphasis> which contain useful reference
+ information, such as a <emphasis>bibliography</emphasis> and
+ historic information related to <acronym>BIND</acronym>
+ and the Domain Name
+ System.
</para>
</sect1>
<sect1>
@@ -108,302 +106,302 @@
<title>Conventions Used in This Document</title>
<para>
- In this document, we use the following general typographic
- conventions:
+ In this document, we use the following general typographic
+ conventions:
</para>
<informaltable>
- <tgroup cols="2">
- <colspec colname="1" colnum="1" colwidth="3.000in"/>
- <colspec colname="2" colnum="2" colwidth="2.625in"/>
- <tbody>
- <row>
- <entry colname="1">
- <para>
- <emphasis>To describe:</emphasis>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <emphasis>We use the style:</emphasis>
- </para>
- </entry>
- </row>
- <row>
- <entry colname="1">
- <para>
- a pathname, filename, URL, hostname,
- mailing list name, or new term or concept
- </para>
- </entry>
- <entry colname="2">
- <para>
- <filename>Fixed width</filename>
- </para>
- </entry>
- </row>
- <row>
- <entry colname="1">
- <para>
- literal user
- input
- </para>
- </entry>
- <entry colname="2">
- <para>
- <userinput>Fixed Width Bold</userinput>
- </para>
- </entry>
- </row>
- <row>
- <entry colname="1">
- <para>
- program output
- </para>
- </entry>
- <entry colname="2">
- <para>
- <computeroutput>Fixed Width</computeroutput>
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
+ <tgroup cols="2">
+ <colspec colname="1" colnum="1" colwidth="3.000in"/>
+ <colspec colname="2" colnum="2" colwidth="2.625in"/>
+ <tbody>
+ <row>
+ <entry colname="1">
+ <para>
+ <emphasis>To describe:</emphasis>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <emphasis>We use the style:</emphasis>
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry colname="1">
+ <para>
+ a pathname, filename, URL, hostname,
+ mailing list name, or new term or concept
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <filename>Fixed width</filename>
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry colname="1">
+ <para>
+ literal user
+ input
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <userinput>Fixed Width Bold</userinput>
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry colname="1">
+ <para>
+ program output
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <computeroutput>Fixed Width</computeroutput>
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
</informaltable>
<para>
- The following conventions are used in descriptions of the
- <acronym>BIND</acronym> configuration file:<informaltable colsep="0" frame="all" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="2Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="3.000in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="2.625in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1" colsep="1" rowsep="1">
- <para>
- <emphasis>To describe:</emphasis>
- </para>
- </entry>
- <entry colname="2" rowsep="1">
- <para>
- <emphasis>We use the style:</emphasis>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1" colsep="1" rowsep="1">
- <para>
- keywords
- </para>
- </entry>
- <entry colname="2" rowsep="1">
- <para>
- <literal>Fixed Width</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1" colsep="1" rowsep="1">
- <para>
- variables
- </para>
- </entry>
- <entry colname="2" rowsep="1">
- <para>
- <varname>Fixed Width</varname>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1" colsep="1">
- <para>
- Optional input
- </para>
- </entry>
- <entry colname="2">
- <para>
- <optional>Text is enclosed in square brackets</optional>
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
+ The following conventions are used in descriptions of the
+ <acronym>BIND</acronym> configuration file:<informaltable colsep="0" frame="all" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="2Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="3.000in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="2.625in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1" colsep="1" rowsep="1">
+ <para>
+ <emphasis>To describe:</emphasis>
+ </para>
+ </entry>
+ <entry colname="2" rowsep="1">
+ <para>
+ <emphasis>We use the style:</emphasis>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1" colsep="1" rowsep="1">
+ <para>
+ keywords
+ </para>
+ </entry>
+ <entry colname="2" rowsep="1">
+ <para>
+ <literal>Fixed Width</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1" colsep="1" rowsep="1">
+ <para>
+ variables
+ </para>
+ </entry>
+ <entry colname="2" rowsep="1">
+ <para>
+ <varname>Fixed Width</varname>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1" colsep="1">
+ <para>
+ Optional input
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <optional>Text is enclosed in square brackets</optional>
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
</para>
</sect1>
<sect1>
<title>The Domain Name System (<acronym>DNS</acronym>)</title>
<para>
- The purpose of this document is to explain the installation
- and upkeep of the <acronym>BIND</acronym> (Berkeley Internet
+ The purpose of this document is to explain the installation
+ and upkeep of the <acronym>BIND</acronym> (Berkeley Internet
Name Domain) software package, and we
- begin by reviewing the fundamentals of the Domain Name System
- (<acronym>DNS</acronym>) as they relate to <acronym>BIND</acronym>.
+ begin by reviewing the fundamentals of the Domain Name System
+ (<acronym>DNS</acronym>) as they relate to <acronym>BIND</acronym>.
</para>
<sect2>
- <title>DNS Fundamentals</title>
+ <title>DNS Fundamentals</title>
- <para>
- The Domain Name System (DNS) is a hierarchical, distributed
- database. It stores information for mapping Internet host names to
- IP
- addresses and vice versa, mail routing information, and other data
- used by Internet applications.
- </para>
+ <para>
+ The Domain Name System (DNS) is a hierarchical, distributed
+ database. It stores information for mapping Internet host names to
+ IP
+ addresses and vice versa, mail routing information, and other data
+ used by Internet applications.
+ </para>
- <para>
- Clients look up information in the DNS by calling a
- <emphasis>resolver</emphasis> library, which sends queries to one or
- more <emphasis>name servers</emphasis> and interprets the responses.
- The <acronym>BIND</acronym> 9 software distribution
- contains a
- name server, <command>named</command>, and a resolver
- library, <command>liblwres</command>. The older
- <command>libbind</command> resolver library is also available
- from ISC as a separate download.
- </para>
+ <para>
+ Clients look up information in the DNS by calling a
+ <emphasis>resolver</emphasis> library, which sends queries to one or
+ more <emphasis>name servers</emphasis> and interprets the responses.
+ The <acronym>BIND</acronym> 9 software distribution
+ contains a
+ name server, <command>named</command>, and a resolver
+ library, <command>liblwres</command>. The older
+ <command>libbind</command> resolver library is also available
+ from ISC as a separate download.
+ </para>
- </sect2><sect2>
- <title>Domains and Domain Names</title>
+ </sect2><sect2>
+ <title>Domains and Domain Names</title>
- <para>
- The data stored in the DNS is identified by <emphasis>domain names</emphasis> that are organized as a tree according to
- organizational or administrative boundaries. Each node of the tree,
- called a <emphasis>domain</emphasis>, is given a label. The domain
- name of the
- node is the concatenation of all the labels on the path from the
- node to the <emphasis>root</emphasis> node. This is represented
- in written form as a string of labels listed from right to left and
- separated by dots. A label need only be unique within its parent
- domain.
- </para>
+ <para>
+ The data stored in the DNS is identified by <emphasis>domain names</emphasis> that are organized as a tree according to
+ organizational or administrative boundaries. Each node of the tree,
+ called a <emphasis>domain</emphasis>, is given a label. The domain
+ name of the
+ node is the concatenation of all the labels on the path from the
+ node to the <emphasis>root</emphasis> node. This is represented
+ in written form as a string of labels listed from right to left and
+ separated by dots. A label need only be unique within its parent
+ domain.
+ </para>
- <para>
- For example, a domain name for a host at the
- company <emphasis>Example, Inc.</emphasis> could be
- <literal>ourhost.example.com</literal>,
- where <literal>com</literal> is the
- top level domain to which
- <literal>ourhost.example.com</literal> belongs,
- <literal>example</literal> is
- a subdomain of <literal>com</literal>, and
- <literal>ourhost</literal> is the
- name of the host.
- </para>
+ <para>
+ For example, a domain name for a host at the
+ company <emphasis>Example, Inc.</emphasis> could be
+ <literal>ourhost.example.com</literal>,
+ where <literal>com</literal> is the
+ top level domain to which
+ <literal>ourhost.example.com</literal> belongs,
+ <literal>example</literal> is
+ a subdomain of <literal>com</literal>, and
+ <literal>ourhost</literal> is the
+ name of the host.
+ </para>
- <para>
- For administrative purposes, the name space is partitioned into
- areas called <emphasis>zones</emphasis>, each starting at a node and
- extending down to the leaf nodes or to nodes where other zones
- start.
- The data for each zone is stored in a <emphasis>name server</emphasis>, which answers queries about the zone using the
- <emphasis>DNS protocol</emphasis>.
- </para>
+ <para>
+ For administrative purposes, the name space is partitioned into
+ areas called <emphasis>zones</emphasis>, each starting at a node and
+ extending down to the leaf nodes or to nodes where other zones
+ start.
+ The data for each zone is stored in a <emphasis>name server</emphasis>, which answers queries about the zone using the
+ <emphasis>DNS protocol</emphasis>.
+ </para>
- <para>
- The data associated with each domain name is stored in the
- form of <emphasis>resource records</emphasis> (<acronym>RR</acronym>s).
- Some of the supported resource record types are described in
- <xref linkend="types_of_resource_records_and_when_to_use_them"/>.
- </para>
+ <para>
+ The data associated with each domain name is stored in the
+ form of <emphasis>resource records</emphasis> (<acronym>RR</acronym>s).
+ Some of the supported resource record types are described in
+ <xref linkend="types_of_resource_records_and_when_to_use_them"/>.
+ </para>
- <para>
- For more detailed information about the design of the DNS and
- the DNS protocol, please refer to the standards documents listed in
- <xref linkend="rfcs"/>.
- </para>
+ <para>
+ For more detailed information about the design of the DNS and
+ the DNS protocol, please refer to the standards documents listed in
+ <xref linkend="rfcs"/>.
+ </para>
</sect2>
<sect2>
- <title>Zones</title>
- <para>
- To properly operate a name server, it is important to understand
- the difference between a <emphasis>zone</emphasis>
- and a <emphasis>domain</emphasis>.
- </para>
+ <title>Zones</title>
+ <para>
+ To properly operate a name server, it is important to understand
+ the difference between a <emphasis>zone</emphasis>
+ and a <emphasis>domain</emphasis>.
+ </para>
- <para>
- As stated previously, a zone is a point of delegation in
- the <acronym>DNS</acronym> tree. A zone consists of
- those contiguous parts of the domain
- tree for which a name server has complete information and over which
- it has authority. It contains all domain names from a certain point
- downward in the domain tree except those which are delegated to
- other zones. A delegation point is marked by one or more
- <emphasis>NS records</emphasis> in the
- parent zone, which should be matched by equivalent NS records at
- the root of the delegated zone.
- </para>
+ <para>
+ As stated previously, a zone is a point of delegation in
+ the <acronym>DNS</acronym> tree. A zone consists of
+ those contiguous parts of the domain
+ tree for which a name server has complete information and over which
+ it has authority. It contains all domain names from a certain point
+ downward in the domain tree except those which are delegated to
+ other zones. A delegation point is marked by one or more
+ <emphasis>NS records</emphasis> in the
+ parent zone, which should be matched by equivalent NS records at
+ the root of the delegated zone.
+ </para>
- <para>
- For instance, consider the <literal>example.com</literal>
- domain which includes names
- such as <literal>host.aaa.example.com</literal> and
- <literal>host.bbb.example.com</literal> even though
- the <literal>example.com</literal> zone includes
- only delegations for the <literal>aaa.example.com</literal> and
- <literal>bbb.example.com</literal> zones. A zone can
- map
- exactly to a single domain, but could also include only part of a
- domain, the rest of which could be delegated to other
- name servers. Every name in the <acronym>DNS</acronym>
- tree is a
- <emphasis>domain</emphasis>, even if it is
- <emphasis>terminal</emphasis>, that is, has no
- <emphasis>subdomains</emphasis>. Every subdomain is a domain and
- every domain except the root is also a subdomain. The terminology is
- not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
- to
- gain a complete understanding of this difficult and subtle
- topic.
- </para>
+ <para>
+ For instance, consider the <literal>example.com</literal>
+ domain which includes names
+ such as <literal>host.aaa.example.com</literal> and
+ <literal>host.bbb.example.com</literal> even though
+ the <literal>example.com</literal> zone includes
+ only delegations for the <literal>aaa.example.com</literal> and
+ <literal>bbb.example.com</literal> zones. A zone can
+ map
+ exactly to a single domain, but could also include only part of a
+ domain, the rest of which could be delegated to other
+ name servers. Every name in the <acronym>DNS</acronym>
+ tree is a
+ <emphasis>domain</emphasis>, even if it is
+ <emphasis>terminal</emphasis>, that is, has no
+ <emphasis>subdomains</emphasis>. Every subdomain is a domain and
+ every domain except the root is also a subdomain. The terminology is
+ not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
+ to
+ gain a complete understanding of this difficult and subtle
+ topic.
+ </para>
- <para>
- Though <acronym>BIND</acronym> is called a "domain name
- server",
- it deals primarily in terms of zones. The master and slave
- declarations in the <filename>named.conf</filename> file
- specify
- zones, not domains. When you ask some other site if it is willing to
- be a slave server for your <emphasis>domain</emphasis>, you are
- actually asking for slave service for some collection of zones.
- </para>
+ <para>
+ Though <acronym>BIND</acronym> is called a "domain name
+ server",
+ it deals primarily in terms of zones. The master and slave
+ declarations in the <filename>named.conf</filename> file
+ specify
+ zones, not domains. When you ask some other site if it is willing to
+ be a slave server for your <emphasis>domain</emphasis>, you are
+ actually asking for slave service for some collection of zones.
+ </para>
</sect2>
<sect2>
- <title>Authoritative Name Servers</title>
+ <title>Authoritative Name Servers</title>
- <para>
- Each zone is served by at least
- one <emphasis>authoritative name server</emphasis>,
- which contains the complete data for the zone.
- To make the DNS tolerant of server and network failures,
- most zones have two or more authoritative servers, on
- different networks.
- </para>
+ <para>
+ Each zone is served by at least
+ one <emphasis>authoritative name server</emphasis>,
+ which contains the complete data for the zone.
+ To make the DNS tolerant of server and network failures,
+ most zones have two or more authoritative servers, on
+ different networks.
+ </para>
- <para>
- Responses from authoritative servers have the "authoritative
- answer" (AA) bit set in the response packets. This makes them
- easy to identify when debugging DNS configurations using tools like
- <command>dig</command> (<xref linkend="diagnostic_tools"/>).
- </para>
+ <para>
+ Responses from authoritative servers have the "authoritative
+ answer" (AA) bit set in the response packets. This makes them
+ easy to identify when debugging DNS configurations using tools like
+ <command>dig</command> (<xref linkend="diagnostic_tools"/>).
+ </para>
- <sect3>
- <title>The Primary Master</title>
+ <sect3>
+ <title>The Primary Master</title>
- <para>
- The authoritative server where the master copy of the zone
- data is maintained is called the
+ <para>
+ The authoritative server where the master copy of the zone
+ data is maintained is called the
<emphasis>primary master</emphasis> server, or simply the
- <emphasis>primary</emphasis>. Typically it loads the zone
- contents from some local file edited by humans or perhaps
- generated mechanically from some other local file which is
- edited by humans. This file is called the
+ <emphasis>primary</emphasis>. Typically it loads the zone
+ contents from some local file edited by humans or perhaps
+ generated mechanically from some other local file which is
+ edited by humans. This file is called the
<emphasis>zone file</emphasis> or
<emphasis>master file</emphasis>.
- </para>
+ </para>
<para>
In some cases, however, the master file may not be edited
@@ -410,66 +408,66 @@
by humans at all, but may instead be the result of
<emphasis>dynamic update</emphasis> operations.
</para>
- </sect3>
+ </sect3>
- <sect3>
- <title>Slave Servers</title>
- <para>
- The other authoritative servers, the <emphasis>slave</emphasis>
- servers (also known as <emphasis>secondary</emphasis> servers)
- load
- the zone contents from another server using a replication process
- known as a <emphasis>zone transfer</emphasis>. Typically the data
- are
- transferred directly from the primary master, but it is also
- possible
- to transfer it from another slave. In other words, a slave server
- may itself act as a master to a subordinate slave server.
- </para>
- </sect3>
+ <sect3>
+ <title>Slave Servers</title>
+ <para>
+ The other authoritative servers, the <emphasis>slave</emphasis>
+ servers (also known as <emphasis>secondary</emphasis> servers)
+ load
+ the zone contents from another server using a replication process
+ known as a <emphasis>zone transfer</emphasis>. Typically the data
+ are
+ transferred directly from the primary master, but it is also
+ possible
+ to transfer it from another slave. In other words, a slave server
+ may itself act as a master to a subordinate slave server.
+ </para>
+ </sect3>
- <sect3>
- <title>Stealth Servers</title>
+ <sect3>
+ <title>Stealth Servers</title>
- <para>
- Usually all of the zone's authoritative servers are listed in
- NS records in the parent zone. These NS records constitute
- a <emphasis>delegation</emphasis> of the zone from the parent.
- The authoritative servers are also listed in the zone file itself,
- at the <emphasis>top level</emphasis> or <emphasis>apex</emphasis>
- of the zone. You can list servers in the zone's top-level NS
- records that are not in the parent's NS delegation, but you cannot
- list servers in the parent's delegation that are not present at
- the zone's top level.
- </para>
+ <para>
+ Usually all of the zone's authoritative servers are listed in
+ NS records in the parent zone. These NS records constitute
+ a <emphasis>delegation</emphasis> of the zone from the parent.
+ The authoritative servers are also listed in the zone file itself,
+ at the <emphasis>top level</emphasis> or <emphasis>apex</emphasis>
+ of the zone. You can list servers in the zone's top-level NS
+ records that are not in the parent's NS delegation, but you cannot
+ list servers in the parent's delegation that are not present at
+ the zone's top level.
+ </para>
- <para>
- A <emphasis>stealth server</emphasis> is a server that is
- authoritative for a zone but is not listed in that zone's NS
- records. Stealth servers can be used for keeping a local copy of
- a
- zone to speed up access to the zone's records or to make sure that
- the
- zone is available even if all the "official" servers for the zone
- are
- inaccessible.
- </para>
+ <para>
+ A <emphasis>stealth server</emphasis> is a server that is
+ authoritative for a zone but is not listed in that zone's NS
+ records. Stealth servers can be used for keeping a local copy of
+ a
+ zone to speed up access to the zone's records or to make sure that
+ the
+ zone is available even if all the "official" servers for the zone
+ are
+ inaccessible.
+ </para>
- <para>
- A configuration where the primary master server itself is a
- stealth server is often referred to as a "hidden primary"
- configuration. One use for this configuration is when the primary
- master
- is behind a firewall and therefore unable to communicate directly
- with the outside world.
- </para>
+ <para>
+ A configuration where the primary master server itself is a
+ stealth server is often referred to as a "hidden primary"
+ configuration. One use for this configuration is when the primary
+ master
+ is behind a firewall and therefore unable to communicate directly
+ with the outside world.
+ </para>
- </sect3>
+ </sect3>
</sect2>
<sect2>
- <title>Caching Name Servers</title>
+ <title>Caching Name Servers</title>
<!--
- Terminology here is inconsistent. Probably ought to
@@ -477,88 +475,88 @@
- with just a note about "caching" terminology.
-->
- <para>
- The resolver libraries provided by most operating systems are
- <emphasis>stub resolvers</emphasis>, meaning that they are not
- capable of
- performing the full DNS resolution process by themselves by talking
- directly to the authoritative servers. Instead, they rely on a
- local
- name server to perform the resolution on their behalf. Such a
- server
- is called a <emphasis>recursive</emphasis> name server; it performs
- <emphasis>recursive lookups</emphasis> for local clients.
- </para>
+ <para>
+ The resolver libraries provided by most operating systems are
+ <emphasis>stub resolvers</emphasis>, meaning that they are not
+ capable of
+ performing the full DNS resolution process by themselves by talking
+ directly to the authoritative servers. Instead, they rely on a
+ local
+ name server to perform the resolution on their behalf. Such a
+ server
+ is called a <emphasis>recursive</emphasis> name server; it performs
+ <emphasis>recursive lookups</emphasis> for local clients.
+ </para>
- <para>
- To improve performance, recursive servers cache the results of
- the lookups they perform. Since the processes of recursion and
- caching are intimately connected, the terms
- <emphasis>recursive server</emphasis> and
- <emphasis>caching server</emphasis> are often used synonymously.
- </para>
+ <para>
+ To improve performance, recursive servers cache the results of
+ the lookups they perform. Since the processes of recursion and
+ caching are intimately connected, the terms
+ <emphasis>recursive server</emphasis> and
+ <emphasis>caching server</emphasis> are often used synonymously.
+ </para>
- <para>
- The length of time for which a record may be retained in
- the cache of a caching name server is controlled by the
- Time To Live (TTL) field associated with each resource record.
- </para>
+ <para>
+ The length of time for which a record may be retained in
+ the cache of a caching name server is controlled by the
+ Time To Live (TTL) field associated with each resource record.
+ </para>
- <sect3>
- <title>Forwarding</title>
+ <sect3>
+ <title>Forwarding</title>
- <para>
- Even a caching name server does not necessarily perform
- the complete recursive lookup itself. Instead, it can
- <emphasis>forward</emphasis> some or all of the queries
- that it cannot satisfy from its cache to another caching name
- server,
- commonly referred to as a <emphasis>forwarder</emphasis>.
- </para>
+ <para>
+ Even a caching name server does not necessarily perform
+ the complete recursive lookup itself. Instead, it can
+ <emphasis>forward</emphasis> some or all of the queries
+ that it cannot satisfy from its cache to another caching name
+ server,
+ commonly referred to as a <emphasis>forwarder</emphasis>.
+ </para>
- <para>
- There may be one or more forwarders,
- and they are queried in turn until the list is exhausted or an
- answer
- is found. Forwarders are typically used when you do not
- wish all the servers at a given site to interact directly with the
- rest of
- the Internet servers. A typical scenario would involve a number
- of internal <acronym>DNS</acronym> servers and an
- Internet firewall. Servers unable
- to pass packets through the firewall would forward to the server
- that can do it, and that server would query the Internet <acronym>DNS</acronym> servers
- on the internal server's behalf.
- </para>
- </sect3>
+ <para>
+ There may be one or more forwarders,
+ and they are queried in turn until the list is exhausted or an
+ answer
+ is found. Forwarders are typically used when you do not
+ wish all the servers at a given site to interact directly with the
+ rest of
+ the Internet servers. A typical scenario would involve a number
+ of internal <acronym>DNS</acronym> servers and an
+ Internet firewall. Servers unable
+ to pass packets through the firewall would forward to the server
+ that can do it, and that server would query the Internet <acronym>DNS</acronym> servers
+ on the internal server's behalf.
+ </para>
+ </sect3>
</sect2>
<sect2>
- <title>Name Servers in Multiple Roles</title>
+ <title>Name Servers in Multiple Roles</title>
- <para>
- The <acronym>BIND</acronym> name server can
- simultaneously act as
- a master for some zones, a slave for other zones, and as a caching
- (recursive) server for a set of local clients.
- </para>
+ <para>
+ The <acronym>BIND</acronym> name server can
+ simultaneously act as
+ a master for some zones, a slave for other zones, and as a caching
+ (recursive) server for a set of local clients.
+ </para>
- <para>
- However, since the functions of authoritative name service
- and caching/recursive name service are logically separate, it is
- often advantageous to run them on separate server machines.
+ <para>
+ However, since the functions of authoritative name service
+ and caching/recursive name service are logically separate, it is
+ often advantageous to run them on separate server machines.
- A server that only provides authoritative name service
- (an <emphasis>authoritative-only</emphasis> server) can run with
- recursion disabled, improving reliability and security.
+ A server that only provides authoritative name service
+ (an <emphasis>authoritative-only</emphasis> server) can run with
+ recursion disabled, improving reliability and security.
- A server that is not authoritative for any zones and only provides
- recursive service to local
- clients (a <emphasis>caching-only</emphasis> server)
- does not need to be reachable from the Internet at large and can
- be placed inside a firewall.
- </para>
+ A server that is not authoritative for any zones and only provides
+ recursive service to local
+ clients (a <emphasis>caching-only</emphasis> server)
+ does not need to be reachable from the Internet at large and can
+ be placed inside a firewall.
+ </para>
</sect2>
</sect1>
@@ -572,29 +570,29 @@
<title>Hardware requirements</title>
<para>
- <acronym>DNS</acronym> hardware requirements have
- traditionally been quite modest.
- For many installations, servers that have been pensioned off from
- active duty have performed admirably as <acronym>DNS</acronym> servers.
+ <acronym>DNS</acronym> hardware requirements have
+ traditionally been quite modest.
+ For many installations, servers that have been pensioned off from
+ active duty have performed admirably as <acronym>DNS</acronym> servers.
</para>
<para>
- The DNSSEC features of <acronym>BIND</acronym> 9
- may prove to be quite
- CPU intensive however, so organizations that make heavy use of these
- features may wish to consider larger systems for these applications.
- <acronym>BIND</acronym> 9 is fully multithreaded, allowing
- full utilization of
- multiprocessor systems for installations that need it.
+ The DNSSEC features of <acronym>BIND</acronym> 9
+ may prove to be quite
+ CPU intensive however, so organizations that make heavy use of these
+ features may wish to consider larger systems for these applications.
+ <acronym>BIND</acronym> 9 is fully multithreaded, allowing
+ full utilization of
+ multiprocessor systems for installations that need it.
</para>
</sect1>
<sect1>
<title>CPU Requirements</title>
<para>
- CPU requirements for <acronym>BIND</acronym> 9 range from
- i486-class machines
- for serving of static zones without caching, to enterprise-class
- machines if you intend to process many dynamic updates and DNSSEC
- signed zones, serving many thousands of queries per second.
+ CPU requirements for <acronym>BIND</acronym> 9 range from
+ i486-class machines
+ for serving of static zones without caching, to enterprise-class
+ machines if you intend to process many dynamic updates and DNSSEC
+ signed zones, serving many thousands of queries per second.
</para>
</sect1>
@@ -601,44 +599,44 @@
<sect1>
<title>Memory Requirements</title>
<para>
- The memory of the server has to be large enough to fit the
- cache and zones loaded off disk. The <command>max-cache-size</command>
- option can be used to limit the amount of memory used by the cache,
- at the expense of reducing cache hit rates and causing more <acronym>DNS</acronym>
- traffic.
- Additionally, if additional section caching
- (<xref linkend="acache"/>) is enabled,
- the <command>max-acache-size</command> option can be used to
- limit the amount
- of memory used by the mechanism.
- It is still good practice to have enough memory to load
- all zone and cache data into memory — unfortunately, the best
- way
- to determine this for a given installation is to watch the name server
- in operation. After a few weeks the server process should reach
- a relatively stable size where entries are expiring from the cache as
- fast as they are being inserted.
+ The memory of the server has to be large enough to fit the
+ cache and zones loaded off disk. The <command>max-cache-size</command>
+ option can be used to limit the amount of memory used by the cache,
+ at the expense of reducing cache hit rates and causing more <acronym>DNS</acronym>
+ traffic.
+ Additionally, if additional section caching
+ (<xref linkend="acache"/>) is enabled,
+ the <command>max-acache-size</command> option can be used to
+ limit the amount
+ of memory used by the mechanism.
+ It is still good practice to have enough memory to load
+ all zone and cache data into memory — unfortunately, the best
+ way
+ to determine this for a given installation is to watch the name server
+ in operation. After a few weeks the server process should reach
+ a relatively stable size where entries are expiring from the cache as
+ fast as they are being inserted.
</para>
<!--
- - Add something here about leaving overhead for attacks?
+ - Add something here about leaving overhead for attacks?
- How much overhead? Percentage?
- -->
+ -->
</sect1>
<sect1>
<title>Name Server Intensive Environment Issues</title>
<para>
- For name server intensive environments, there are two alternative
- configurations that may be used. The first is where clients and
- any second-level internal name servers query a main name server, which
- has enough memory to build a large cache. This approach minimizes
- the bandwidth used by external name lookups. The second alternative
- is to set up second-level internal name servers to make queries
- independently.
- In this configuration, none of the individual machines needs to
- have as much memory or CPU power as in the first alternative, but
- this has the disadvantage of making many more external queries,
- as none of the name servers share their cached data.
+ For name server intensive environments, there are two alternative
+ configurations that may be used. The first is where clients and
+ any second-level internal name servers query a main name server, which
+ has enough memory to build a large cache. This approach minimizes
+ the bandwidth used by external name lookups. The second alternative
+ is to set up second-level internal name servers to make queries
+ independently.
+ In this configuration, none of the individual machines needs to
+ have as much memory or CPU power as in the first alternative, but
+ this has the disadvantage of making many more external queries,
+ as none of the name servers share their cached data.
</para>
</sect1>
@@ -645,14 +643,14 @@
<sect1>
<title>Supported Operating Systems</title>
<para>
- ISC <acronym>BIND</acronym> 9 compiles and runs on a large
- number
- of Unix-like operating systems and on
- Microsoft Windows Server 2003 and 2008, and Windows XP and Vista.
- For an up-to-date
- list of supported systems, see the README file in the top level
- directory
- of the BIND 9 source distribution.
+ ISC <acronym>BIND</acronym> 9 compiles and runs on a large
+ number
+ of Unix-like operating systems and on
+ Microsoft Windows Server 2003 and 2008, and Windows XP and Vista.
+ For an up-to-date
+ list of supported systems, see the README file in the top level
+ directory
+ of the BIND 9 source distribution.
</para>
</sect1>
</chapter>
@@ -668,16 +666,16 @@
<sect1 id="sample_configuration">
<title>Sample Configurations</title>
<sect2>
- <title>A Caching-only Name Server</title>
- <para>
- The following sample configuration is appropriate for a caching-only
- name server for use by clients internal to a corporation. All
- queries
- from outside clients are refused using the <command>allow-query</command>
- option. Alternatively, the same effect could be achieved using
- suitable
- firewall rules.
- </para>
+ <title>A Caching-only Name Server</title>
+ <para>
+ The following sample configuration is appropriate for a caching-only
+ name server for use by clients internal to a corporation. All
+ queries
+ from outside clients are refused using the <command>allow-query</command>
+ option. Alternatively, the same effect could be achieved using
+ suitable
+ firewall rules.
+ </para>
<programlisting>
// Two corporate subnets we wish to allow queries from.
@@ -700,12 +698,12 @@
</sect2>
<sect2>
- <title>An Authoritative-only Name Server</title>
- <para>
- This sample configuration is for an authoritative-only server
- that is the master server for "<filename>example.com</filename>"
- and a slave for the subdomain "<filename>eng.example.com</filename>".
- </para>
+ <title>An Authoritative-only Name Server</title>
+ <para>
+ This sample configuration is for an authoritative-only server
+ that is the master server for "<filename>example.com</filename>"
+ and a slave for the subdomain "<filename>eng.example.com</filename>".
+ </para>
<programlisting>
options {
@@ -733,8 +731,8 @@
// IP addresses of slave servers allowed to
// transfer example.com
allow-transfer {
- 192.168.4.14;
- 192.168.5.53;
+ 192.168.4.14;
+ 192.168.5.53;
};
};
// We are a slave server for eng.example.com
@@ -752,150 +750,150 @@
<sect1>
<title>Load Balancing</title>
<!--
- - Add explanation of why load balancing is fragile at best
+ - Add explanation of why load balancing is fragile at best
- and completely pointless in the general case.
- -->
+ -->
<para>
- A primitive form of load balancing can be achieved in
- the <acronym>DNS</acronym> by using multiple records
+ A primitive form of load balancing can be achieved in
+ the <acronym>DNS</acronym> by using multiple records
(such as multiple A records) for one name.
</para>
<para>
- For example, if you have three WWW servers with network addresses
- of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
- following means that clients will connect to each machine one third
- of the time:
+ For example, if you have three WWW servers with network addresses
+ of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
+ following means that clients will connect to each machine one third
+ of the time:
</para>
<informaltable colsep="0" rowsep="0">
- <tgroup cols="5" colsep="0" rowsep="0" tgroupstyle="2Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="0.500in"/>
- <colspec colname="3" colnum="3" colsep="0" colwidth="0.750in"/>
- <colspec colname="4" colnum="4" colsep="0" colwidth="0.750in"/>
- <colspec colname="5" colnum="5" colsep="0" colwidth="2.028in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- Name
- </para>
- </entry>
- <entry colname="2">
- <para>
- TTL
- </para>
- </entry>
- <entry colname="3">
- <para>
- CLASS
- </para>
- </entry>
- <entry colname="4">
- <para>
- TYPE
- </para>
- </entry>
- <entry colname="5">
- <para>
- Resource Record (RR) Data
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>www</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>600</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="5">
- <para>
- <literal>10.0.0.1</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para/>
- </entry>
- <entry colname="2">
- <para>
- <literal>600</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="5">
- <para>
- <literal>10.0.0.2</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para/>
- </entry>
- <entry colname="2">
- <para>
- <literal>600</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="5">
- <para>
- <literal>10.0.0.3</literal>
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
+ <tgroup cols="5" colsep="0" rowsep="0" tgroupstyle="2Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="0.500in"/>
+ <colspec colname="3" colnum="3" colsep="0" colwidth="0.750in"/>
+ <colspec colname="4" colnum="4" colsep="0" colwidth="0.750in"/>
+ <colspec colname="5" colnum="5" colsep="0" colwidth="2.028in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ Name
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ TTL
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ CLASS
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ TYPE
+ </para>
+ </entry>
+ <entry colname="5">
+ <para>
+ Resource Record (RR) Data
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>www</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>600</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para>
+ <literal>10.0.0.1</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para/>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>600</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para>
+ <literal>10.0.0.2</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para/>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>600</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para>
+ <literal>10.0.0.3</literal>
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
</informaltable>
<para>
- When a resolver queries for these records, <acronym>BIND</acronym> will rotate
- them and respond to the query with the records in a different
- order. In the example above, clients will randomly receive
- records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
- will use the first record returned and discard the rest.
+ When a resolver queries for these records, <acronym>BIND</acronym> will rotate
+ them and respond to the query with the records in a different
+ order. In the example above, clients will randomly receive
+ records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
+ will use the first record returned and discard the rest.
</para>
<para>
- For more detail on ordering responses, check the
- <command>rrset-order</command> sub-statement in the
- <command>options</command> statement, see
- <xref endterm="rrset_ordering_title" linkend="rrset_ordering"/>.
+ For more detail on ordering responses, check the
+ <command>rrset-order</command> sub-statement in the
+ <command>options</command> statement, see
+ <xref endterm="rrset_ordering_title" linkend="rrset_ordering"/>.
</para>
</sect1>
@@ -904,188 +902,188 @@
<title>Name Server Operations</title>
<sect2>
- <title>Tools for Use With the Name Server Daemon</title>
- <para>
- This section describes several indispensable diagnostic,
- administrative and monitoring tools available to the system
- administrator for controlling and debugging the name server
- daemon.
- </para>
- <sect3 id="diagnostic_tools">
- <title>Diagnostic Tools</title>
- <para>
- The <command>dig</command>, <command>host</command>, and
- <command>nslookup</command> programs are all command
- line tools
- for manually querying name servers. They differ in style and
- output format.
- </para>
+ <title>Tools for Use With the Name Server Daemon</title>
+ <para>
+ This section describes several indispensable diagnostic,
+ administrative and monitoring tools available to the system
+ administrator for controlling and debugging the name server
+ daemon.
+ </para>
+ <sect3 id="diagnostic_tools">
+ <title>Diagnostic Tools</title>
+ <para>
+ The <command>dig</command>, <command>host</command>, and
+ <command>nslookup</command> programs are all command
+ line tools
+ for manually querying name servers. They differ in style and
+ output format.
+ </para>
- <variablelist>
- <varlistentry>
- <term id="dig"><command>dig</command></term>
- <listitem>
- <para>
- The domain information groper (<command>dig</command>)
- is the most versatile and complete of these lookup tools.
- It has two modes: simple interactive
- mode for a single query, and batch mode which executes a
- query for
- each in a list of several query lines. All query options are
- accessible
- from the command line.
- </para>
- <cmdsynopsis label="Usage">
- <command>dig</command>
- <arg>@<replaceable>server</replaceable></arg>
- <arg choice="plain"><replaceable>domain</replaceable></arg>
- <arg><replaceable>query-type</replaceable></arg>
- <arg><replaceable>query-class</replaceable></arg>
- <arg>+<replaceable>query-option</replaceable></arg>
- <arg>-<replaceable>dig-option</replaceable></arg>
- <arg>%<replaceable>comment</replaceable></arg>
- </cmdsynopsis>
- <para>
- The usual simple use of <command>dig</command> will take the form
- </para>
- <simpara>
- <command>dig @server domain query-type query-class</command>
- </simpara>
- <para>
- For more information and a list of available commands and
- options, see the <command>dig</command> man
- page.
- </para>
- </listitem>
- </varlistentry>
+ <variablelist>
+ <varlistentry>
+ <term id="dig"><command>dig</command></term>
+ <listitem>
+ <para>
+ The domain information groper (<command>dig</command>)
+ is the most versatile and complete of these lookup tools.
+ It has two modes: simple interactive
+ mode for a single query, and batch mode which executes a
+ query for
+ each in a list of several query lines. All query options are
+ accessible
+ from the command line.
+ </para>
+ <cmdsynopsis label="Usage">
+ <command>dig</command>
+ <arg>@<replaceable>server</replaceable></arg>
+ <arg choice="plain"><replaceable>domain</replaceable></arg>
+ <arg><replaceable>query-type</replaceable></arg>
+ <arg><replaceable>query-class</replaceable></arg>
+ <arg>+<replaceable>query-option</replaceable></arg>
+ <arg>-<replaceable>dig-option</replaceable></arg>
+ <arg>%<replaceable>comment</replaceable></arg>
+ </cmdsynopsis>
+ <para>
+ The usual simple use of <command>dig</command> will take the form
+ </para>
+ <simpara>
+ <command>dig @server domain query-type query-class</command>
+ </simpara>
+ <para>
+ For more information and a list of available commands and
+ options, see the <command>dig</command> man
+ page.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>host</command></term>
- <listitem>
- <para>
- The <command>host</command> utility emphasizes
- simplicity
- and ease of use. By default, it converts
- between host names and Internet addresses, but its
- functionality
- can be extended with the use of options.
- </para>
- <cmdsynopsis label="Usage">
- <command>host</command>
- <arg>-aCdlnrsTwv</arg>
- <arg>-c <replaceable>class</replaceable></arg>
- <arg>-N <replaceable>ndots</replaceable></arg>
- <arg>-t <replaceable>type</replaceable></arg>
- <arg>-W <replaceable>timeout</replaceable></arg>
- <arg>-R <replaceable>retries</replaceable></arg>
- <arg>-m <replaceable>flag</replaceable></arg>
+ <varlistentry>
+ <term><command>host</command></term>
+ <listitem>
+ <para>
+ The <command>host</command> utility emphasizes
+ simplicity
+ and ease of use. By default, it converts
+ between host names and Internet addresses, but its
+ functionality
+ can be extended with the use of options.
+ </para>
+ <cmdsynopsis label="Usage">
+ <command>host</command>
+ <arg>-aCdlnrsTwv</arg>
+ <arg>-c <replaceable>class</replaceable></arg>
+ <arg>-N <replaceable>ndots</replaceable></arg>
+ <arg>-t <replaceable>type</replaceable></arg>
+ <arg>-W <replaceable>timeout</replaceable></arg>
+ <arg>-R <replaceable>retries</replaceable></arg>
+ <arg>-m <replaceable>flag</replaceable></arg>
<arg>-4</arg>
<arg>-6</arg>
- <arg choice="plain"><replaceable>hostname</replaceable></arg>
- <arg><replaceable>server</replaceable></arg>
- </cmdsynopsis>
- <para>
- For more information and a list of available commands and
- options, see the <command>host</command> man
- page.
- </para>
- </listitem>
- </varlistentry>
+ <arg choice="plain"><replaceable>hostname</replaceable></arg>
+ <arg><replaceable>server</replaceable></arg>
+ </cmdsynopsis>
+ <para>
+ For more information and a list of available commands and
+ options, see the <command>host</command> man
+ page.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>nslookup</command></term>
- <listitem>
- <para><command>nslookup</command>
+ <varlistentry>
+ <term><command>nslookup</command></term>
+ <listitem>
+ <para><command>nslookup</command>
has two modes: interactive and
- non-interactive. Interactive mode allows the user to
- query name servers for information about various
- hosts and domains or to print a list of hosts in a
- domain. Non-interactive mode is used to print just
- the name and requested information for a host or
- domain.
- </para>
- <cmdsynopsis label="Usage">
- <command>nslookup</command>
- <arg rep="repeat">-option</arg>
- <group>
- <arg><replaceable>host-to-find</replaceable></arg>
- <arg>- <arg>server</arg></arg>
- </group>
- </cmdsynopsis>
- <para>
- Interactive mode is entered when no arguments are given (the
- default name server will be used) or when the first argument
- is a
- hyphen (`-') and the second argument is the host name or
- Internet address
- of a name server.
- </para>
- <para>
- Non-interactive mode is used when the name or Internet
- address
- of the host to be looked up is given as the first argument.
- The
- optional second argument specifies the host name or address
- of a name server.
- </para>
- <para>
- Due to its arcane user interface and frequently inconsistent
- behavior, we do not recommend the use of <command>nslookup</command>.
- Use <command>dig</command> instead.
- </para>
- </listitem>
+ non-interactive. Interactive mode allows the user to
+ query name servers for information about various
+ hosts and domains or to print a list of hosts in a
+ domain. Non-interactive mode is used to print just
+ the name and requested information for a host or
+ domain.
+ </para>
+ <cmdsynopsis label="Usage">
+ <command>nslookup</command>
+ <arg rep="repeat">-option</arg>
+ <group>
+ <arg><replaceable>host-to-find</replaceable></arg>
+ <arg>- <arg>server</arg></arg>
+ </group>
+ </cmdsynopsis>
+ <para>
+ Interactive mode is entered when no arguments are given (the
+ default name server will be used) or when the first argument
+ is a
+ hyphen (`-') and the second argument is the host name or
+ Internet address
+ of a name server.
+ </para>
+ <para>
+ Non-interactive mode is used when the name or Internet
+ address
+ of the host to be looked up is given as the first argument.
+ The
+ optional second argument specifies the host name or address
+ of a name server.
+ </para>
+ <para>
+ Due to its arcane user interface and frequently inconsistent
+ behavior, we do not recommend the use of <command>nslookup</command>.
+ Use <command>dig</command> instead.
+ </para>
+ </listitem>
- </varlistentry>
- </variablelist>
- </sect3>
+ </varlistentry>
+ </variablelist>
+ </sect3>
- <sect3 id="admin_tools">
- <title>Administrative Tools</title>
- <para>
- Administrative tools play an integral part in the management
- of a server.
- </para>
- <variablelist>
- <varlistentry id="named-checkconf" xreflabel="Named Configuration Checking application">
+ <sect3 id="admin_tools">
+ <title>Administrative Tools</title>
+ <para>
+ Administrative tools play an integral part in the management
+ of a server.
+ </para>
+ <variablelist>
+ <varlistentry id="named-checkconf" xreflabel="Named Configuration Checking application">
- <term><command>named-checkconf</command></term>
- <listitem>
- <para>
- The <command>named-checkconf</command> program
- checks the syntax of a <filename>named.conf</filename> file.
- </para>
- <cmdsynopsis label="Usage">
- <command>named-checkconf</command>
- <arg>-jvz</arg>
- <arg>-t <replaceable>directory</replaceable></arg>
- <arg><replaceable>filename</replaceable></arg>
- </cmdsynopsis>
- </listitem>
- </varlistentry>
- <varlistentry id="named-checkzone" xreflabel="Zone Checking application">
+ <term><command>named-checkconf</command></term>
+ <listitem>
+ <para>
+ The <command>named-checkconf</command> program
+ checks the syntax of a <filename>named.conf</filename> file.
+ </para>
+ <cmdsynopsis label="Usage">
+ <command>named-checkconf</command>
+ <arg>-jvz</arg>
+ <arg>-t <replaceable>directory</replaceable></arg>
+ <arg><replaceable>filename</replaceable></arg>
+ </cmdsynopsis>
+ </listitem>
+ </varlistentry>
+ <varlistentry id="named-checkzone" xreflabel="Zone Checking application">
- <term><command>named-checkzone</command></term>
- <listitem>
- <para>
- The <command>named-checkzone</command> program
- checks a master file for
- syntax and consistency.
- </para>
- <cmdsynopsis label="Usage">
- <command>named-checkzone</command>
- <arg>-djqvD</arg>
- <arg>-c <replaceable>class</replaceable></arg>
- <arg>-o <replaceable>output</replaceable></arg>
- <arg>-t <replaceable>directory</replaceable></arg>
- <arg>-w <replaceable>directory</replaceable></arg>
- <arg>-k <replaceable>(ignore|warn|fail)</replaceable></arg>
- <arg>-n <replaceable>(ignore|warn|fail)</replaceable></arg>
- <arg>-W <replaceable>(ignore|warn)</replaceable></arg>
- <arg choice="plain"><replaceable>zone</replaceable></arg>
- <arg><replaceable>filename</replaceable></arg>
- </cmdsynopsis>
- </listitem>
- </varlistentry>
+ <term><command>named-checkzone</command></term>
+ <listitem>
+ <para>
+ The <command>named-checkzone</command> program
+ checks a master file for
+ syntax and consistency.
+ </para>
+ <cmdsynopsis label="Usage">
+ <command>named-checkzone</command>
+ <arg>-djqvD</arg>
+ <arg>-c <replaceable>class</replaceable></arg>
+ <arg>-o <replaceable>output</replaceable></arg>
+ <arg>-t <replaceable>directory</replaceable></arg>
+ <arg>-w <replaceable>directory</replaceable></arg>
+ <arg>-k <replaceable>(ignore|warn|fail)</replaceable></arg>
+ <arg>-n <replaceable>(ignore|warn|fail)</replaceable></arg>
+ <arg>-W <replaceable>(ignore|warn)</replaceable></arg>
+ <arg choice="plain"><replaceable>zone</replaceable></arg>
+ <arg><replaceable>filename</replaceable></arg>
+ </cmdsynopsis>
+ </listitem>
+ </varlistentry>
<varlistentry id="named-compilezone" xreflabel="Zone Compilation application">
<term><command>named-compilezone</command></term>
<listitem>
@@ -1096,558 +1094,139 @@
</para>
</listitem>
</varlistentry>
- <varlistentry id="rndc" xreflabel="Remote Name Daemon Control application">
+ <varlistentry id="rndc" xreflabel="Remote Name Daemon Control application">
- <term><command>rndc</command></term>
- <listitem>
- <para>
- The remote name daemon control
- (<command>rndc</command>) program allows the
- system
- administrator to control the operation of a name server.
- Since <acronym>BIND</acronym> 9.2, <command>rndc</command>
- supports all the commands of the BIND 8 <command>ndc</command>
- utility except <command>ndc start</command> and
- <command>ndc restart</command>, which were also
- not supported in <command>ndc</command>'s
- channel mode.
- If you run <command>rndc</command> without any
- options
- it will display a usage message as follows:
- </para>
- <cmdsynopsis label="Usage">
- <command>rndc</command>
- <arg>-c <replaceable>config</replaceable></arg>
- <arg>-s <replaceable>server</replaceable></arg>
- <arg>-p <replaceable>port</replaceable></arg>
- <arg>-y <replaceable>key</replaceable></arg>
- <arg choice="plain"><replaceable>command</replaceable></arg>
- <arg rep="repeat"><replaceable>command</replaceable></arg>
- </cmdsynopsis>
- <para>The <command>command</command>
- is one of the following:
- </para>
+ <term><command>rndc</command></term>
+ <listitem>
+ <para>
+ The remote name daemon control
+ (<command>rndc</command>) program allows the
+ system
+ administrator to control the operation of a name server.
+ Since <acronym>BIND</acronym> 9.2, <command>rndc</command>
+ supports all the commands of the BIND 8 <command>ndc</command>
+ utility except <command>ndc start</command> and
+ <command>ndc restart</command>, which were also
+ not supported in <command>ndc</command>'s
+ channel mode.
+ If you run <command>rndc</command> without any
+ options
+ it will display a usage message as follows:
+ </para>
+ <cmdsynopsis label="Usage">
+ <command>rndc</command>
+ <arg>-c <replaceable>config</replaceable></arg>
+ <arg>-s <replaceable>server</replaceable></arg>
+ <arg>-p <replaceable>port</replaceable></arg>
+ <arg>-y <replaceable>key</replaceable></arg>
+ <arg choice="plain"><replaceable>command</replaceable></arg>
+ <arg rep="repeat"><replaceable>command</replaceable></arg>
+ </cmdsynopsis>
- <variablelist>
+ <para>See <xref linkend="man.rndc"/> for details of
+ the available <command>rndc</command> commands.
+ </para>
- <varlistentry>
- <term><userinput>reload</userinput></term>
- <listitem>
- <para>
- Reload configuration file and zones.
- </para>
- </listitem>
- </varlistentry>
+ <para>
+ <command>rndc</command> requires a configuration file,
+ since all
+ communication with the server is authenticated with
+ digital signatures that rely on a shared secret, and
+ there is no way to provide that secret other than with a
+ configuration file. The default location for the
+ <command>rndc</command> configuration file is
+ <filename>/etc/rndc.conf</filename>, but an
+ alternate
+ location can be specified with the <option>-c</option>
+ option. If the configuration file is not found,
+ <command>rndc</command> will also look in
+ <filename>/etc/rndc.key</filename> (or whatever
+ <varname>sysconfdir</varname> was defined when
+ the <acronym>BIND</acronym> build was
+ configured).
+ The <filename>rndc.key</filename> file is
+ generated by
+ running <command>rndc-confgen -a</command> as
+ described in
+ <xref linkend="controls_statement_definition_and_usage"/>.
+ </para>
- <varlistentry>
- <term><userinput>reload <replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></userinput></term>
- <listitem>
- <para>
- Reload the given zone.
- </para>
- </listitem>
- </varlistentry>
+ <para>
+ The format of the configuration file is similar to
+ that of <filename>named.conf</filename>, but
+ limited to
+ only four statements, the <command>options</command>,
+ <command>key</command>, <command>server</command> and
+ <command>include</command>
+ statements. These statements are what associate the
+ secret keys to the servers with which they are meant to
+ be shared. The order of statements is not
+ significant.
+ </para>
- <varlistentry>
- <term><userinput>refresh <replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></userinput></term>
- <listitem>
- <para>
- Schedule zone maintenance for the given zone.
- </para>
- </listitem>
- </varlistentry>
+ <para>
+ The <command>options</command> statement has
+ three clauses:
+ <command>default-server</command>, <command>default-key</command>,
+ and <command>default-port</command>.
+ <command>default-server</command> takes a
+ host name or address argument and represents the server
+ that will
+ be contacted if no <option>-s</option>
+ option is provided on the command line.
+ <command>default-key</command> takes
+ the name of a key as its argument, as defined by a <command>key</command> statement.
+ <command>default-port</command> specifies the
+ port to which
+ <command>rndc</command> should connect if no
+ port is given on the command line or in a
+ <command>server</command> statement.
+ </para>
- <varlistentry>
- <term><userinput>retransfer <replaceable>zone</replaceable>
-
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></userinput></term>
- <listitem>
- <para>
- Retransfer the given zone from the master.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>sign <replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></userinput></term>
- <listitem>
- <para>
- Fetch all DNSSEC keys for the given zone
- from the key directory (see
- <command>key-directory</command> in
- <xref linkend="options"/>). If they are within
- their publication period, merge them into the
- zone's DNSKEY RRset. If the DNSKEY RRset
- is changed, then the zone is automatically
- re-signed with the new key set.
- </para>
- <para>
- This command requires that the
- <command>auto-dnssec</command> zone option be set
- to <literal>allow</literal> or
- <literal>maintain</literal>,
- and also requires the zone to be configured to
- allow dynamic DNS.
- See <xref linkend="dynamic_update_policies"/> for
- more details.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>loadkeys <replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></userinput></term>
- <listitem>
- <para>
- Fetch all DNSSEC keys for the given zone
- from the key directory (see
- <command>key-directory</command> in
- <xref linkend="options"/>). If they are within
- their publication period, merge them into the
- zone's DNSKEY RRset. Unlike <command>rndc
- sign</command>, however, the zone is not
- immediately re-signed by the new keys, but is
- allowed to incrementally re-sign over time.
- </para>
- <para>
- This command requires that the
- <command>auto-dnssec</command> zone option
- be set to <literal>maintain</literal>,
- and also requires the zone to be configured to
- allow dynamic DNS.
- See <xref linkend="dynamic_update_policies"/> for
- more details.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>freeze
- <optional><replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
- <listitem>
- <para>
- Suspend updates to a dynamic zone. If no zone is
- specified,
- then all zones are suspended. This allows manual
- edits to be made to a zone normally updated by dynamic
- update. It
- also causes changes in the journal file to be synced
- into the master
- and the journal file to be removed. All dynamic
- update attempts will
- be refused while the zone is frozen.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>thaw
- <optional><replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
- <listitem>
- <para>
- Enable updates to a frozen dynamic zone. If no zone
- is
- specified, then all frozen zones are enabled. This
- causes
- the server to reload the zone from disk, and
- re-enables dynamic updates
- after the load has completed. After a zone is thawed,
- dynamic updates
- will no longer be refused.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>notify <replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional></userinput></term>
- <listitem>
- <para>
- Resend NOTIFY messages for the zone.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>reconfig</userinput></term>
- <listitem>
- <para>
- Reload the configuration file and load new zones,
- but do not reload existing zone files even if they
- have changed.
- This is faster than a full <command>reload</command> when there
- is a large number of zones because it avoids the need
- to examine the
- modification times of the zones files.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>stats</userinput></term>
- <listitem>
- <para>
- Write server statistics to the statistics file.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>querylog</userinput></term>
- <listitem>
- <para>
- Toggle query logging. Query logging can also be enabled
- by explicitly directing the <command>queries</command>
- <command>category</command> to a
- <command>channel</command> in the
- <command>logging</command> section of
- <filename>named.conf</filename> or by specifying
- <command>querylog yes;</command> in the
- <command>options</command> section of
- <filename>named.conf</filename>.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>dumpdb
- <optional>-all|-cache|-zone</optional>
- <optional><replaceable>view ...</replaceable></optional></userinput></term>
- <listitem>
- <para>
- Dump the server's caches (default) and/or zones to
- the
- dump file for the specified views. If no view is
- specified, all
- views are dumped.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>secroots
- <optional><replaceable>view ...</replaceable></optional></userinput></term>
- <listitem>
- <para>
- Dump the server's security roots to the secroots
- file for the specified views. If no view is
- specified, security roots for all
- views are dumped.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>stop <optional>-p</optional></userinput></term>
- <listitem>
- <para>
- Stop the server, making sure any recent changes
- made through dynamic update or IXFR are first saved to
- the master files of the updated zones.
- If <option>-p</option> is specified <command>named</command>'s process id is returned.
- This allows an external process to determine when <command>named</command>
- had completed stopping.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>halt <optional>-p</optional></userinput></term>
- <listitem>
- <para>
- Stop the server immediately. Recent changes
- made through dynamic update or IXFR are not saved to
- the master files, but will be rolled forward from the
- journal files when the server is restarted.
- If <option>-p</option> is specified <command>named</command>'s process id is returned.
- This allows an external process to determine when <command>named</command>
- had completed halting.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>trace</userinput></term>
- <listitem>
- <para>
- Increment the servers debugging level by one.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>trace <replaceable>level</replaceable></userinput></term>
- <listitem>
- <para>
- Sets the server's debugging level to an explicit
- value.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>notrace</userinput></term>
- <listitem>
- <para>
- Sets the server's debugging level to 0.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>flush</userinput></term>
- <listitem>
- <para>
- Flushes the server's cache.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>flushname</userinput> <replaceable>name</replaceable></term>
- <listitem>
- <para>
- Flushes the given name from the server's cache.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>status</userinput></term>
- <listitem>
- <para>
- Display status of the server.
- Note that the number of zones includes the internal <command>bind/CH</command> zone
- and the default <command>./IN</command>
- hint zone if there is not an
- explicit root zone configured.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>recursing</userinput></term>
- <listitem>
- <para>
- Dump the list of queries <command>named</command> is currently recursing
- on.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>validation
- <optional>on|off</optional>
- <optional><replaceable>view ...</replaceable></optional>
- </userinput></term>
- <listitem>
- <para>
- Enable or disable DNSSEC validation.
- Note <command>dnssec-enable</command> also needs to be
- set to <userinput>yes</userinput> to be effective.
- It defaults to enabled.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>tsig-list</userinput></term>
- <listitem>
- <para>
- List the names of all TSIG keys currently configured
- for use by <command>named</command> in each view. The
- list both statically configured keys and dynamic
- TKEY-negotiated keys.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>tsig-delete</userinput>
- <replaceable>keyname</replaceable>
- <optional><replaceable>view</replaceable></optional></term>
- <listitem>
- <para>
- Delete a given TKEY-negotiated key from the server.
- (This does not apply to statically configured TSIG
- keys.)
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>addzone
- <replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional>
- <replaceable>configuration</replaceable>
- </userinput></term>
- <listitem>
- <para>
- Add a zone while the server is running. This
- command requires the
- <command>allow-new-zones</command> option to be set
- to <userinput>yes</userinput>. The
- <replaceable>configuration</replaceable> string
- specified on the command line is the zone
- configuration text that would ordinarily be
- placed in <filename>named.conf</filename>.
- </para>
- <para>
- The configuration is saved in a file called
- <filename><replaceable>hash</replaceable>.nzf</filename>,
- where <replaceable>hash</replaceable> is a
- cryptographic hash generated from the name of
- the view. When <command>named</command> is
- restarted, the file will be loaded into the view
- configuration, so that zones that were added
- can persist after a restart.
- </para>
- <para>
- This sample <command>addzone</command> command
- would add the zone <literal>example.com</literal>
- to the default view:
- </para>
- <para>
-<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput>
- </para>
- <para>
- (Note the brackets and semi-colon around the zone
- configuration text.)
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><userinput>delzone
- <replaceable>zone</replaceable>
- <optional><replaceable>class</replaceable>
- <optional><replaceable>view</replaceable></optional></optional>
- </userinput></term>
- <listitem>
- <para>
- Delete a zone while the server is running.
- Only zones that were originally added via
- <command>rndc addzone</command> can be deleted
- in this matter.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
-
- <para>
- A configuration file is required, since all
- communication with the server is authenticated with
- digital signatures that rely on a shared secret, and
- there is no way to provide that secret other than with a
- configuration file. The default location for the
- <command>rndc</command> configuration file is
- <filename>/etc/rndc.conf</filename>, but an
- alternate
- location can be specified with the <option>-c</option>
- option. If the configuration file is not found,
- <command>rndc</command> will also look in
- <filename>/etc/rndc.key</filename> (or whatever
- <varname>sysconfdir</varname> was defined when
- the <acronym>BIND</acronym> build was
- configured).
- The <filename>rndc.key</filename> file is
- generated by
- running <command>rndc-confgen -a</command> as
- described in
- <xref linkend="controls_statement_definition_and_usage"/>.
- </para>
-
- <para>
- The format of the configuration file is similar to
- that of <filename>named.conf</filename>, but
- limited to
- only four statements, the <command>options</command>,
- <command>key</command>, <command>server</command> and
- <command>include</command>
- statements. These statements are what associate the
- secret keys to the servers with which they are meant to
- be shared. The order of statements is not
- significant.
- </para>
-
- <para>
- The <command>options</command> statement has
- three clauses:
- <command>default-server</command>, <command>default-key</command>,
- and <command>default-port</command>.
- <command>default-server</command> takes a
- host name or address argument and represents the server
- that will
- be contacted if no <option>-s</option>
- option is provided on the command line.
- <command>default-key</command> takes
- the name of a key as its argument, as defined by a <command>key</command> statement.
- <command>default-port</command> specifies the
- port to which
- <command>rndc</command> should connect if no
- port is given on the command line or in a
- <command>server</command> statement.
- </para>
-
- <para>
- The <command>key</command> statement defines a
- key to be used
- by <command>rndc</command> when authenticating
- with
- <command>named</command>. Its syntax is
- identical to the
- <command>key</command> statement in <filename>named.conf</filename>.
- The keyword <userinput>key</userinput> is
- followed by a key name, which must be a valid
- domain name, though it need not actually be hierarchical;
- thus,
- a string like "<userinput>rndc_key</userinput>" is a valid
- name.
- The <command>key</command> statement has two
- clauses:
- <command>algorithm</command> and <command>secret</command>.
- While the configuration parser will accept any string as the
- argument
- to algorithm, currently only the string "<userinput>hmac-md5</userinput>"
- has any meaning. The secret is a base-64 encoded string
+ <para>
+ The <command>key</command> statement defines a
+ key to be used
+ by <command>rndc</command> when authenticating
+ with
+ <command>named</command>. Its syntax is
+ identical to the
+ <command>key</command> statement in <filename>named.conf</filename>.
+ The keyword <userinput>key</userinput> is
+ followed by a key name, which must be a valid
+ domain name, though it need not actually be hierarchical;
+ thus,
+ a string like "<userinput>rndc_key</userinput>" is a valid
+ name.
+ The <command>key</command> statement has two
+ clauses:
+ <command>algorithm</command> and <command>secret</command>.
+ While the configuration parser will accept any string as the
+ argument
+ to algorithm, currently only the string "<userinput>hmac-md5</userinput>"
+ has any meaning. The secret is a base-64 encoded string
as specified in RFC 3548.
- </para>
+ </para>
- <para>
- The <command>server</command> statement
- associates a key
- defined using the <command>key</command>
- statement with a server.
- The keyword <userinput>server</userinput> is followed by a
- host name or address. The <command>server</command> statement
- has two clauses: <command>key</command> and <command>port</command>.
- The <command>key</command> clause specifies the
- name of the key
- to be used when communicating with this server, and the
- <command>port</command> clause can be used to
- specify the port <command>rndc</command> should
- connect
- to on the server.
- </para>
+ <para>
+ The <command>server</command> statement
+ associates a key
+ defined using the <command>key</command>
+ statement with a server.
+ The keyword <userinput>server</userinput> is followed by a
+ host name or address. The <command>server</command> statement
+ has two clauses: <command>key</command> and <command>port</command>.
+ The <command>key</command> clause specifies the
+ name of the key
+ to be used when communicating with this server, and the
+ <command>port</command> clause can be used to
+ specify the port <command>rndc</command> should
+ connect
+ to on the server.
+ </para>
- <para>
- A sample minimal configuration file is as follows:
- </para>
+ <para>
+ A sample minimal configuration file is as follows:
+ </para>
<programlisting>
key rndc_key {
@@ -1661,103 +1240,103 @@
};
</programlisting>
- <para>
- This file, if installed as <filename>/etc/rndc.conf</filename>,
- would allow the command:
- </para>
+ <para>
+ This file, if installed as <filename>/etc/rndc.conf</filename>,
+ would allow the command:
+ </para>
- <para>
- <prompt>$ </prompt><userinput>rndc reload</userinput>
- </para>
+ <para>
+ <prompt>$ </prompt><userinput>rndc reload</userinput>
+ </para>
- <para>
- to connect to 127.0.0.1 port 953 and cause the name server
- to reload, if a name server on the local machine were
- running with
- following controls statements:
- </para>
+ <para>
+ to connect to 127.0.0.1 port 953 and cause the name server
+ to reload, if a name server on the local machine were
+ running with
+ following controls statements:
+ </para>
<programlisting>
controls {
- inet 127.0.0.1
- allow { localhost; } keys { rndc_key; };
+ inet 127.0.0.1
+ allow { localhost; } keys { rndc_key; };
};
</programlisting>
- <para>
- and it had an identical key statement for
- <literal>rndc_key</literal>.
- </para>
+ <para>
+ and it had an identical key statement for
+ <literal>rndc_key</literal>.
+ </para>
- <para>
- Running the <command>rndc-confgen</command>
- program will
- conveniently create a <filename>rndc.conf</filename>
- file for you, and also display the
- corresponding <command>controls</command>
- statement that you need to
- add to <filename>named.conf</filename>.
- Alternatively,
- you can run <command>rndc-confgen -a</command>
- to set up
- a <filename>rndc.key</filename> file and not
- modify
- <filename>named.conf</filename> at all.
- </para>
+ <para>
+ Running the <command>rndc-confgen</command>
+ program will
+ conveniently create a <filename>rndc.conf</filename>
+ file for you, and also display the
+ corresponding <command>controls</command>
+ statement that you need to
+ add to <filename>named.conf</filename>.
+ Alternatively,
+ you can run <command>rndc-confgen -a</command>
+ to set up
+ a <filename>rndc.key</filename> file and not
+ modify
+ <filename>named.conf</filename> at all.
+ </para>
- </listitem>
- </varlistentry>
- </variablelist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
- </sect3>
+ </sect3>
</sect2>
<sect2>
- <title>Signals</title>
- <para>
- Certain UNIX signals cause the name server to take specific
- actions, as described in the following table. These signals can
- be sent using the <command>kill</command> command.
- </para>
- <informaltable frame="all">
- <tgroup cols="2">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.125in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="4.000in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><command>SIGHUP</command></para>
- </entry>
- <entry colname="2">
- <para>
- Causes the server to read <filename>named.conf</filename> and
- reload the database.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>SIGTERM</command></para>
- </entry>
- <entry colname="2">
- <para>
- Causes the server to clean up and exit.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>SIGINT</command></para>
- </entry>
- <entry colname="2">
- <para>
- Causes the server to clean up and exit.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
+ <title>Signals</title>
+ <para>
+ Certain UNIX signals cause the name server to take specific
+ actions, as described in the following table. These signals can
+ be sent using the <command>kill</command> command.
+ </para>
+ <informaltable frame="all">
+ <tgroup cols="2">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.125in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="4.000in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>SIGHUP</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Causes the server to read <filename>named.conf</filename> and
+ reload the database.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>SIGTERM</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Causes the server to clean up and exit.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>SIGINT</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Causes the server to clean up and exit.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
</sect2>
</sect1>
</chapter>
@@ -1769,25 +1348,25 @@
<title>Notify</title>
<para>
- <acronym>DNS</acronym> NOTIFY is a mechanism that allows master
- servers to notify their slave servers of changes to a zone's data. In
- response to a <command>NOTIFY</command> from a master server, the
- slave will check to see that its version of the zone is the
- current version and, if not, initiate a zone transfer.
+ <acronym>DNS</acronym> NOTIFY is a mechanism that allows master
+ servers to notify their slave servers of changes to a zone's data. In
+ response to a <command>NOTIFY</command> from a master server, the
+ slave will check to see that its version of the zone is the
+ current version and, if not, initiate a zone transfer.
</para>
<para>
- For more information about <acronym>DNS</acronym>
- <command>NOTIFY</command>, see the description of the
- <command>notify</command> option in <xref linkend="boolean_options"/> and
- the description of the zone option <command>also-notify</command> in
- <xref linkend="zone_transfers"/>. The <command>NOTIFY</command>
- protocol is specified in RFC 1996.
+ For more information about <acronym>DNS</acronym>
+ <command>NOTIFY</command>, see the description of the
+ <command>notify</command> option in <xref linkend="boolean_options"/> and
+ the description of the zone option <command>also-notify</command> in
+ <xref linkend="zone_transfers"/>. The <command>NOTIFY</command>
+ protocol is specified in RFC 1996.
</para>
<note>
As a slave zone can also be a master to other slaves, <command>named</command>,
- by default, sends <command>NOTIFY</command> messages for every zone
+ by default, sends <command>NOTIFY</command> messages for every zone
it loads. Specifying <command>notify master-only;</command> will
cause <command>named</command> to only send <command>NOTIFY</command> for master
zones that it loads.
@@ -1799,10 +1378,10 @@
<title>Dynamic Update</title>
<para>
- Dynamic Update is a method for adding, replacing or deleting
- records in a master server by sending it a special form of DNS
- messages. The format and meaning of these messages is specified
- in RFC 2136.
+ Dynamic Update is a method for adding, replacing or deleting
+ records in a master server by sending it a special form of DNS
+ messages. The format and meaning of these messages is specified
+ in RFC 2136.
</para>
<para>
@@ -1815,7 +1394,7 @@
If the zone's <command>update-policy</command> is set to
<userinput>local</userinput>, updates to the zone
will be permitted for the key <varname>local-ddns</varname>,
- which will be generated by <command>named</command> at startup.
+ which will be generated by <command>named</command> at startup.
See <xref linkend="dynamic_update_policies"/> for more details.
</para>
@@ -1841,62 +1420,62 @@
<sect2 id="journal">
<title>The journal file</title>
- <para>
- All changes made to a zone using dynamic update are stored
- in the zone's journal file. This file is automatically created
- by the server when the first dynamic update takes place.
- The name of the journal file is formed by appending the extension
- <filename>.jnl</filename> to the name of the
- corresponding zone
- file unless specifically overridden. The journal file is in a
- binary format and should not be edited manually.
- </para>
+ <para>
+ All changes made to a zone using dynamic update are stored
+ in the zone's journal file. This file is automatically created
+ by the server when the first dynamic update takes place.
+ The name of the journal file is formed by appending the extension
+ <filename>.jnl</filename> to the name of the
+ corresponding zone
+ file unless specifically overridden. The journal file is in a
+ binary format and should not be edited manually.
+ </para>
- <para>
- The server will also occasionally write ("dump")
- the complete contents of the updated zone to its zone file.
- This is not done immediately after
- each dynamic update, because that would be too slow when a large
- zone is updated frequently. Instead, the dump is delayed by
- up to 15 minutes, allowing additional updates to take place.
- During the dump process, transient files will be created
- with the extensions <filename>.jnw</filename> and
- <filename>.jbk</filename>; under ordinary circumstances, these
- will be removed when the dump is complete, and can be safely
- ignored.
- </para>
+ <para>
+ The server will also occasionally write ("dump")
+ the complete contents of the updated zone to its zone file.
+ This is not done immediately after
+ each dynamic update, because that would be too slow when a large
+ zone is updated frequently. Instead, the dump is delayed by
+ up to 15 minutes, allowing additional updates to take place.
+ During the dump process, transient files will be created
+ with the extensions <filename>.jnw</filename> and
+ <filename>.jbk</filename>; under ordinary circumstances, these
+ will be removed when the dump is complete, and can be safely
+ ignored.
+ </para>
- <para>
- When a server is restarted after a shutdown or crash, it will replay
- the journal file to incorporate into the zone any updates that
- took
- place after the last zone dump.
- </para>
+ <para>
+ When a server is restarted after a shutdown or crash, it will replay
+ the journal file to incorporate into the zone any updates that
+ took
+ place after the last zone dump.
+ </para>
- <para>
- Changes that result from incoming incremental zone transfers are
- also
- journalled in a similar way.
- </para>
+ <para>
+ Changes that result from incoming incremental zone transfers are
+ also
+ journalled in a similar way.
+ </para>
- <para>
- The zone files of dynamic zones cannot normally be edited by
- hand because they are not guaranteed to contain the most recent
- dynamic changes — those are only in the journal file.
- The only way to ensure that the zone file of a dynamic zone
- is up to date is to run <command>rndc stop</command>.
- </para>
+ <para>
+ The zone files of dynamic zones cannot normally be edited by
+ hand because they are not guaranteed to contain the most recent
+ dynamic changes — those are only in the journal file.
+ The only way to ensure that the zone file of a dynamic zone
+ is up to date is to run <command>rndc stop</command>.
+ </para>
- <para>
- If you have to make changes to a dynamic zone
- manually, the following procedure will work: Disable dynamic updates
- to the zone using
- <command>rndc freeze <replaceable>zone</replaceable></command>.
- This will also remove the zone's <filename>.jnl</filename> file
- and update the master file. Edit the zone file. Run
- <command>rndc thaw <replaceable>zone</replaceable></command>
- to reload the changed zone and re-enable dynamic updates.
- </para>
+ <para>
+ If you have to make changes to a dynamic zone
+ manually, the following procedure will work: Disable dynamic updates
+ to the zone using
+ <command>rndc freeze <replaceable>zone</replaceable></command>.
+ This will also remove the zone's <filename>.jnl</filename> file
+ and update the master file. Edit the zone file. Run
+ <command>rndc thaw <replaceable>zone</replaceable></command>
+ to reload the changed zone and re-enable dynamic updates.
+ </para>
</sect2>
@@ -1906,32 +1485,32 @@
<title>Incremental Zone Transfers (IXFR)</title>
<para>
- The incremental zone transfer (IXFR) protocol is a way for
- slave servers to transfer only changed data, instead of having to
- transfer the entire zone. The IXFR protocol is specified in RFC
- 1995. See <xref linkend="proposed_standards"/>.
+ The incremental zone transfer (IXFR) protocol is a way for
+ slave servers to transfer only changed data, instead of having to
+ transfer the entire zone. The IXFR protocol is specified in RFC
+ 1995. See <xref linkend="proposed_standards"/>.
</para>
<para>
- When acting as a master, <acronym>BIND</acronym> 9
- supports IXFR for those zones
- where the necessary change history information is available. These
- include master zones maintained by dynamic update and slave zones
- whose data was obtained by IXFR. For manually maintained master
- zones, and for slave zones obtained by performing a full zone
- transfer (AXFR), IXFR is supported only if the option
- <command>ixfr-from-differences</command> is set
- to <userinput>yes</userinput>.
+ When acting as a master, <acronym>BIND</acronym> 9
+ supports IXFR for those zones
+ where the necessary change history information is available. These
+ include master zones maintained by dynamic update and slave zones
+ whose data was obtained by IXFR. For manually maintained master
+ zones, and for slave zones obtained by performing a full zone
+ transfer (AXFR), IXFR is supported only if the option
+ <command>ixfr-from-differences</command> is set
+ to <userinput>yes</userinput>.
</para>
<para>
- When acting as a slave, <acronym>BIND</acronym> 9 will attempt
- to use IXFR unless it is explicitly disabled via the
- <command>request-ixfr</command> option or the use of
- <command>ixfr-from-differences</command>. For
- more information about disabling IXFR, see the description
- of the <command>request-ixfr</command> clause of the
- <command>server</command> statement.
+ When acting as a slave, <acronym>BIND</acronym> 9 will attempt
+ to use IXFR unless it is explicitly disabled via the
+ <command>request-ixfr</command> option or the use of
+ <command>ixfr-from-differences</command>. For
+ more information about disabling IXFR, see the description
+ of the <command>request-ixfr</command> clause of the
+ <command>server</command> statement.
</para>
</sect1>
@@ -1938,164 +1517,164 @@
<sect1>
<title>Split DNS</title>
<para>
- Setting up different views, or visibility, of the DNS space to
- internal and external resolvers is usually referred to as a
+ Setting up different views, or visibility, of the DNS space to
+ internal and external resolvers is usually referred to as a
<emphasis>Split DNS</emphasis> setup. There are several
- reasons an organization would want to set up its DNS this way.
+ reasons an organization would want to set up its DNS this way.
</para>
<para>
- One common reason for setting up a DNS system this way is
- to hide "internal" DNS information from "external" clients on the
- Internet. There is some debate as to whether or not this is actually
- useful.
- Internal DNS information leaks out in many ways (via email headers,
- for example) and most savvy "attackers" can find the information
- they need using other means.
+ One common reason for setting up a DNS system this way is
+ to hide "internal" DNS information from "external" clients on the
+ Internet. There is some debate as to whether or not this is actually
+ useful.
+ Internal DNS information leaks out in many ways (via email headers,
+ for example) and most savvy "attackers" can find the information
+ they need using other means.
However, since listing addresses of internal servers that
- external clients cannot possibly reach can result in
- connection delays and other annoyances, an organization may
- choose to use a Split DNS to present a consistent view of itself
- to the outside world.
+ external clients cannot possibly reach can result in
+ connection delays and other annoyances, an organization may
+ choose to use a Split DNS to present a consistent view of itself
+ to the outside world.
</para>
<para>
- Another common reason for setting up a Split DNS system is
- to allow internal networks that are behind filters or in RFC 1918
- space (reserved IP space, as documented in RFC 1918) to resolve DNS
- on the Internet. Split DNS can also be used to allow mail from outside
- back in to the internal network.
+ Another common reason for setting up a Split DNS system is
+ to allow internal networks that are behind filters or in RFC 1918
+ space (reserved IP space, as documented in RFC 1918) to resolve DNS
+ on the Internet. Split DNS can also be used to allow mail from outside
+ back in to the internal network.
</para>
<sect2>
<title>Example split DNS setup</title>
<para>
- Let's say a company named <emphasis>Example, Inc.</emphasis>
- (<literal>example.com</literal>)
- has several corporate sites that have an internal network with
- reserved
- Internet Protocol (IP) space and an external demilitarized zone (DMZ),
- or "outside" section of a network, that is available to the public.
+ Let's say a company named <emphasis>Example, Inc.</emphasis>
+ (<literal>example.com</literal>)
+ has several corporate sites that have an internal network with
+ reserved
+ Internet Protocol (IP) space and an external demilitarized zone (DMZ),
+ or "outside" section of a network, that is available to the public.
</para>
<para>
- <emphasis>Example, Inc.</emphasis> wants its internal clients
- to be able to resolve external hostnames and to exchange mail with
- people on the outside. The company also wants its internal resolvers
- to have access to certain internal-only zones that are not available
- at all outside of the internal network.
+ <emphasis>Example, Inc.</emphasis> wants its internal clients
+ to be able to resolve external hostnames and to exchange mail with
+ people on the outside. The company also wants its internal resolvers
+ to have access to certain internal-only zones that are not available
+ at all outside of the internal network.
</para>
<para>
- In order to accomplish this, the company will set up two sets
- of name servers. One set will be on the inside network (in the
- reserved
- IP space) and the other set will be on bastion hosts, which are
- "proxy"
- hosts that can talk to both sides of its network, in the DMZ.
+ In order to accomplish this, the company will set up two sets
+ of name servers. One set will be on the inside network (in the
+ reserved
+ IP space) and the other set will be on bastion hosts, which are
+ "proxy"
+ hosts that can talk to both sides of its network, in the DMZ.
</para>
<para>
- The internal servers will be configured to forward all queries,
- except queries for <filename>site1.internal</filename>, <filename>site2.internal</filename>, <filename>site1.example.com</filename>,
- and <filename>site2.example.com</filename>, to the servers
- in the
- DMZ. These internal servers will have complete sets of information
- for <filename>site1.example.com</filename>, <filename>site2.example.com</filename>, <filename>site1.internal</filename>,
- and <filename>site2.internal</filename>.
+ The internal servers will be configured to forward all queries,
+ except queries for <filename>site1.internal</filename>, <filename>site2.internal</filename>, <filename>site1.example.com</filename>,
+ and <filename>site2.example.com</filename>, to the servers
+ in the
+ DMZ. These internal servers will have complete sets of information
+ for <filename>site1.example.com</filename>, <filename>site2.example.com</filename>, <filename>site1.internal</filename>,
+ and <filename>site2.internal</filename>.
</para>
<para>
- To protect the <filename>site1.internal</filename> and <filename>site2.internal</filename> domains,
- the internal name servers must be configured to disallow all queries
- to these domains from any external hosts, including the bastion
- hosts.
+ To protect the <filename>site1.internal</filename> and <filename>site2.internal</filename> domains,
+ the internal name servers must be configured to disallow all queries
+ to these domains from any external hosts, including the bastion
+ hosts.
</para>
<para>
- The external servers, which are on the bastion hosts, will
- be configured to serve the "public" version of the <filename>site1</filename> and <filename>site2.example.com</filename> zones.
- This could include things such as the host records for public servers
- (<filename>www.example.com</filename> and <filename>ftp.example.com</filename>),
- and mail exchange (MX) records (<filename>a.mx.example.com</filename> and <filename>b.mx.example.com</filename>).
+ The external servers, which are on the bastion hosts, will
+ be configured to serve the "public" version of the <filename>site1</filename> and <filename>site2.example.com</filename> zones.
+ This could include things such as the host records for public servers
+ (<filename>www.example.com</filename> and <filename>ftp.example.com</filename>),
+ and mail exchange (MX) records (<filename>a.mx.example.com</filename> and <filename>b.mx.example.com</filename>).
</para>
<para>
- In addition, the public <filename>site1</filename> and <filename>site2.example.com</filename> zones
- should have special MX records that contain wildcard (`*') records
- pointing to the bastion hosts. This is needed because external mail
- servers do not have any other way of looking up how to deliver mail
- to those internal hosts. With the wildcard records, the mail will
- be delivered to the bastion host, which can then forward it on to
- internal hosts.
+ In addition, the public <filename>site1</filename> and <filename>site2.example.com</filename> zones
+ should have special MX records that contain wildcard (`*') records
+ pointing to the bastion hosts. This is needed because external mail
+ servers do not have any other way of looking up how to deliver mail
+ to those internal hosts. With the wildcard records, the mail will
+ be delivered to the bastion host, which can then forward it on to
+ internal hosts.
</para>
<para>
- Here's an example of a wildcard MX record:
+ Here's an example of a wildcard MX record:
</para>
<programlisting>* IN MX 10 external1.example.com.</programlisting>
<para>
- Now that they accept mail on behalf of anything in the internal
- network, the bastion hosts will need to know how to deliver mail
- to internal hosts. In order for this to work properly, the resolvers
- on
- the bastion hosts will need to be configured to point to the internal
- name servers for DNS resolution.
+ Now that they accept mail on behalf of anything in the internal
+ network, the bastion hosts will need to know how to deliver mail
+ to internal hosts. In order for this to work properly, the resolvers
+ on
+ the bastion hosts will need to be configured to point to the internal
+ name servers for DNS resolution.
</para>
<para>
- Queries for internal hostnames will be answered by the internal
- servers, and queries for external hostnames will be forwarded back
- out to the DNS servers on the bastion hosts.
+ Queries for internal hostnames will be answered by the internal
+ servers, and queries for external hostnames will be forwarded back
+ out to the DNS servers on the bastion hosts.
</para>
<para>
- In order for all this to work properly, internal clients will
- need to be configured to query <emphasis>only</emphasis> the internal
- name servers for DNS queries. This could also be enforced via
- selective
- filtering on the network.
+ In order for all this to work properly, internal clients will
+ need to be configured to query <emphasis>only</emphasis> the internal
+ name servers for DNS queries. This could also be enforced via
+ selective
+ filtering on the network.
</para>
<para>
- If everything has been set properly, <emphasis>Example, Inc.</emphasis>'s
- internal clients will now be able to:
+ If everything has been set properly, <emphasis>Example, Inc.</emphasis>'s
+ internal clients will now be able to:
</para>
<itemizedlist>
- <listitem>
- <simpara>
- Look up any hostnames in the <literal>site1</literal>
- and
- <literal>site2.example.com</literal> zones.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- Look up any hostnames in the <literal>site1.internal</literal> and
- <literal>site2.internal</literal> domains.
- </simpara>
- </listitem>
- <listitem>
- <simpara>Look up any hostnames on the Internet.</simpara>
- </listitem>
- <listitem>
- <simpara>Exchange mail with both internal and external people.</simpara>
- </listitem>
+ <listitem>
+ <simpara>
+ Look up any hostnames in the <literal>site1</literal>
+ and
+ <literal>site2.example.com</literal> zones.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Look up any hostnames in the <literal>site1.internal</literal> and
+ <literal>site2.internal</literal> domains.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>Look up any hostnames on the Internet.</simpara>
+ </listitem>
+ <listitem>
+ <simpara>Exchange mail with both internal and external people.</simpara>
+ </listitem>
</itemizedlist>
<para>
- Hosts on the Internet will be able to:
+ Hosts on the Internet will be able to:
</para>
<itemizedlist>
- <listitem>
- <simpara>
- Look up any hostnames in the <literal>site1</literal>
- and
- <literal>site2.example.com</literal> zones.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- Exchange mail with anyone in the <literal>site1</literal> and
- <literal>site2.example.com</literal> zones.
- </simpara>
- </listitem>
+ <listitem>
+ <simpara>
+ Look up any hostnames in the <literal>site1</literal>
+ and
+ <literal>site2.example.com</literal> zones.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Exchange mail with anyone in the <literal>site1</literal> and
+ <literal>site2.example.com</literal> zones.
+ </simpara>
+ </listitem>
</itemizedlist>
<para>
- Here is an example configuration for the setup we just
- described above. Note that this is only configuration information;
- for information on how to configure your zone files, see <xref linkend="sample_configuration"/>.
+ Here is an example configuration for the setup we just
+ described above. Note that this is only configuration information;
+ for information on how to configure your zone files, see <xref linkend="sample_configuration"/>.
</para>
<para>
- Internal DNS server config:
+ Internal DNS server config:
</para>
<programlisting>
@@ -2110,7 +1689,7 @@
forward only;
// forward to external servers
forwarders {
- <varname>bastion-ips-go-here</varname>;
+ <varname>bastion-ips-go-here</varname>;
};
// sample allow-transfer (no one)
allow-transfer { none; };
@@ -2161,7 +1740,7 @@
</programlisting>
<para>
- External (bastion host) DNS server config:
+ External (bastion host) DNS server config:
</para>
<programlisting>
@@ -2200,8 +1779,8 @@
</programlisting>
<para>
- In the <filename>resolv.conf</filename> (or equivalent) on
- the bastion host(s):
+ In the <filename>resolv.conf</filename> (or equivalent) on
+ the bastion host(s):
</para>
<programlisting>
@@ -2216,89 +1795,89 @@
<sect1 id="tsig">
<title>TSIG</title>
<para>
- This is a short guide to setting up Transaction SIGnatures
- (TSIG) based transaction security in <acronym>BIND</acronym>. It describes changes
- to the configuration file as well as what changes are required for
- different features, including the process of creating transaction
- keys and using transaction signatures with <acronym>BIND</acronym>.
+ This is a short guide to setting up Transaction SIGnatures
+ (TSIG) based transaction security in <acronym>BIND</acronym>. It describes changes
+ to the configuration file as well as what changes are required for
+ different features, including the process of creating transaction
+ keys and using transaction signatures with <acronym>BIND</acronym>.
</para>
<para>
- <acronym>BIND</acronym> primarily supports TSIG for server
- to server communication.
- This includes zone transfer, notify, and recursive query messages.
- Resolvers based on newer versions of <acronym>BIND</acronym> 8 have limited support
- for TSIG.
+ <acronym>BIND</acronym> primarily supports TSIG for server
+ to server communication.
+ This includes zone transfer, notify, and recursive query messages.
+ Resolvers based on newer versions of <acronym>BIND</acronym> 8 have limited support
+ for TSIG.
</para>
<para>
- TSIG can also be useful for dynamic update. A primary
- server for a dynamic zone should control access to the dynamic
- update service, but IP-based access control is insufficient.
- The cryptographic access control provided by TSIG
- is far superior. The <command>nsupdate</command>
- program supports TSIG via the <option>-k</option> and
- <option>-y</option> command line options or inline by use
+ TSIG can also be useful for dynamic update. A primary
+ server for a dynamic zone should control access to the dynamic
+ update service, but IP-based access control is insufficient.
+ The cryptographic access control provided by TSIG
+ is far superior. The <command>nsupdate</command>
+ program supports TSIG via the <option>-k</option> and
+ <option>-y</option> command line options or inline by use
of the <command>key</command>.
</para>
<sect2>
- <title>Generate Shared Keys for Each Pair of Hosts</title>
- <para>
- A shared secret is generated to be shared between <emphasis>host1</emphasis> and <emphasis>host2</emphasis>.
- An arbitrary key name is chosen: "host1-host2.". The key name must
- be the same on both hosts.
- </para>
- <sect3>
- <title>Automatic Generation</title>
- <para>
- The following command will generate a 128-bit (16 byte) HMAC-SHA256
- key as described above. Longer keys are better, but shorter keys
- are easier to read. Note that the maximum key length is the digest
- length, here 256 bits.
- </para>
- <para>
- <userinput>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</userinput>
- </para>
- <para>
- The key is in the file <filename>Khost1-host2.+163+00000.private</filename>.
- Nothing directly uses this file, but the base-64 encoded string
- following "<literal>Key:</literal>"
- can be extracted from the file and used as a shared secret:
- </para>
- <programlisting>Key: La/E5CjG9O+os1jq0a2jdA==</programlisting>
- <para>
- The string "<literal>La/E5CjG9O+os1jq0a2jdA==</literal>" can
- be used as the shared secret.
- </para>
- </sect3>
- <sect3>
- <title>Manual Generation</title>
- <para>
- The shared secret is simply a random sequence of bits, encoded
- in base-64. Most ASCII strings are valid base-64 strings (assuming
- the length is a multiple of 4 and only valid characters are used),
- so the shared secret can be manually generated.
- </para>
- <para>
- Also, a known string can be run through <command>mmencode</command> or
- a similar program to generate base-64 encoded data.
- </para>
- </sect3>
+ <title>Generate Shared Keys for Each Pair of Hosts</title>
+ <para>
+ A shared secret is generated to be shared between <emphasis>host1</emphasis> and <emphasis>host2</emphasis>.
+ An arbitrary key name is chosen: "host1-host2.". The key name must
+ be the same on both hosts.
+ </para>
+ <sect3>
+ <title>Automatic Generation</title>
+ <para>
+ The following command will generate a 128-bit (16 byte) HMAC-SHA256
+ key as described above. Longer keys are better, but shorter keys
+ are easier to read. Note that the maximum key length is the digest
+ length, here 256 bits.
+ </para>
+ <para>
+ <userinput>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</userinput>
+ </para>
+ <para>
+ The key is in the file <filename>Khost1-host2.+163+00000.private</filename>.
+ Nothing directly uses this file, but the base-64 encoded string
+ following "<literal>Key:</literal>"
+ can be extracted from the file and used as a shared secret:
+ </para>
+ <programlisting>Key: La/E5CjG9O+os1jq0a2jdA==</programlisting>
+ <para>
+ The string "<literal>La/E5CjG9O+os1jq0a2jdA==</literal>" can
+ be used as the shared secret.
+ </para>
+ </sect3>
+ <sect3>
+ <title>Manual Generation</title>
+ <para>
+ The shared secret is simply a random sequence of bits, encoded
+ in base-64. Most ASCII strings are valid base-64 strings (assuming
+ the length is a multiple of 4 and only valid characters are used),
+ so the shared secret can be manually generated.
+ </para>
+ <para>
+ Also, a known string can be run through <command>mmencode</command> or
+ a similar program to generate base-64 encoded data.
+ </para>
+ </sect3>
</sect2>
<sect2>
- <title>Copying the Shared Secret to Both Machines</title>
- <para>
- This is beyond the scope of DNS. A secure transport mechanism
- should be used. This could be secure FTP, ssh, telephone, etc.
- </para>
+ <title>Copying the Shared Secret to Both Machines</title>
+ <para>
+ This is beyond the scope of DNS. A secure transport mechanism
+ should be used. This could be secure FTP, ssh, telephone, etc.
+ </para>
</sect2>
<sect2>
- <title>Informing the Servers of the Key's Existence</title>
- <para>
- Imagine <emphasis>host1</emphasis> and <emphasis>host 2</emphasis>
- are
- both servers. The following is added to each server's <filename>named.conf</filename> file:
- </para>
+ <title>Informing the Servers of the Key's Existence</title>
+ <para>
+ Imagine <emphasis>host1</emphasis> and <emphasis>host 2</emphasis>
+ are
+ both servers. The following is added to each server's <filename>named.conf</filename> file:
+ </para>
<programlisting>
key host1-host2. {
@@ -2307,28 +1886,28 @@
};
</programlisting>
- <para>
- The secret is the one generated above. Since this is a secret, it
- is recommended that either <filename>named.conf</filename> be
- non-world readable, or the key directive be added to a non-world
- readable file that is included by <filename>named.conf</filename>.
- </para>
- <para>
- At this point, the key is recognized. This means that if the
- server receives a message signed by this key, it can verify the
- signature. If the signature is successfully verified, the
- response is signed by the same key.
- </para>
+ <para>
+ The secret is the one generated above. Since this is a secret, it
+ is recommended that either <filename>named.conf</filename> be
+ non-world readable, or the key directive be added to a non-world
+ readable file that is included by <filename>named.conf</filename>.
+ </para>
+ <para>
+ At this point, the key is recognized. This means that if the
+ server receives a message signed by this key, it can verify the
+ signature. If the signature is successfully verified, the
+ response is signed by the same key.
+ </para>
</sect2>
<sect2>
- <title>Instructing the Server to Use the Key</title>
- <para>
- Since keys are shared between two hosts only, the server must
- be told when keys are to be used. The following is added to the <filename>named.conf</filename> file
- for <emphasis>host1</emphasis>, if the IP address of <emphasis>host2</emphasis> is
- 10.1.2.3:
- </para>
+ <title>Instructing the Server to Use the Key</title>
+ <para>
+ Since keys are shared between two hosts only, the server must
+ be told when keys are to be used. The following is added to the <filename>named.conf</filename> file
+ for <emphasis>host1</emphasis>, if the IP address of <emphasis>host2</emphasis> is
+ 10.1.2.3:
+ </para>
<programlisting>
server 10.1.2.3 {
@@ -2336,38 +1915,38 @@
};
</programlisting>
- <para>
- Multiple keys may be present, but only the first is used.
- This directive does not contain any secrets, so it may be in a
- world-readable
- file.
- </para>
- <para>
- If <emphasis>host1</emphasis> sends a message that is a request
- to that address, the message will be signed with the specified key. <emphasis>host1</emphasis> will
- expect any responses to signed messages to be signed with the same
- key.
- </para>
- <para>
- A similar statement must be present in <emphasis>host2</emphasis>'s
- configuration file (with <emphasis>host1</emphasis>'s address) for <emphasis>host2</emphasis> to
- sign request messages to <emphasis>host1</emphasis>.
- </para>
+ <para>
+ Multiple keys may be present, but only the first is used.
+ This directive does not contain any secrets, so it may be in a
+ world-readable
+ file.
+ </para>
+ <para>
+ If <emphasis>host1</emphasis> sends a message that is a request
+ to that address, the message will be signed with the specified key. <emphasis>host1</emphasis> will
+ expect any responses to signed messages to be signed with the same
+ key.
+ </para>
+ <para>
+ A similar statement must be present in <emphasis>host2</emphasis>'s
+ configuration file (with <emphasis>host1</emphasis>'s address) for <emphasis>host2</emphasis> to
+ sign request messages to <emphasis>host1</emphasis>.
+ </para>
</sect2>
<sect2>
- <title>TSIG Key Based Access Control</title>
- <para>
- <acronym>BIND</acronym> allows IP addresses and ranges
- to be specified in ACL
- definitions and
- <command>allow-{ query | transfer | update }</command>
- directives.
- This has been extended to allow TSIG keys also. The above key would
- be denoted <command>key host1-host2.</command>
- </para>
- <para>
- An example of an <command>allow-update</command> directive would be:
- </para>
+ <title>TSIG Key Based Access Control</title>
+ <para>
+ <acronym>BIND</acronym> allows IP addresses and ranges
+ to be specified in ACL
+ definitions and
+ <command>allow-{ query | transfer | update }</command>
+ directives.
+ This has been extended to allow TSIG keys also. The above key would
+ be denoted <command>key host1-host2.</command>
+ </para>
+ <para>
+ An example of an <command>allow-update</command> directive would be:
+ </para>
<programlisting>
allow-update { key host1-host2. ;};
@@ -2380,35 +1959,35 @@
<para>
See <xref linkend="dynamic_update_policies"/> for a discussion of
- the more flexible <command>update-policy</command> statement.
+ the more flexible <command>update-policy</command> statement.
</para>
</sect2>
<sect2>
- <title>Errors</title>
+ <title>Errors</title>
- <para>
- The processing of TSIG signed messages can result in
- several errors. If a signed message is sent to a non-TSIG aware
- server, a FORMERR (format error) will be returned, since the server will not
- understand the record. This is a result of misconfiguration,
- since the server must be explicitly configured to send a TSIG
- signed message to a specific server.
- </para>
+ <para>
+ The processing of TSIG signed messages can result in
+ several errors. If a signed message is sent to a non-TSIG aware
+ server, a FORMERR (format error) will be returned, since the server will not
+ understand the record. This is a result of misconfiguration,
+ since the server must be explicitly configured to send a TSIG
+ signed message to a specific server.
+ </para>
- <para>
- If a TSIG aware server receives a message signed by an
- unknown key, the response will be unsigned with the TSIG
- extended error code set to BADKEY. If a TSIG aware server
- receives a message with a signature that does not validate, the
- response will be unsigned with the TSIG extended error code set
- to BADSIG. If a TSIG aware server receives a message with a time
- outside of the allowed range, the response will be signed with
- the TSIG extended error code set to BADTIME, and the time values
- will be adjusted so that the response can be successfully
- verified. In any of these cases, the message's rcode (response code) is set to
- NOTAUTH (not authenticated).
- </para>
+ <para>
+ If a TSIG aware server receives a message signed by an
+ unknown key, the response will be unsigned with the TSIG
+ extended error code set to BADKEY. If a TSIG aware server
+ receives a message with a signature that does not validate, the
+ response will be unsigned with the TSIG extended error code set
+ to BADSIG. If a TSIG aware server receives a message with a time
+ outside of the allowed range, the response will be signed with
+ the TSIG extended error code set to BADTIME, and the time values
+ will be adjusted so that the response can be successfully
+ verified. In any of these cases, the message's rcode (response code) is set to
+ NOTAUTH (not authenticated).
+ </para>
</sect2>
</sect1>
@@ -2416,37 +1995,37 @@
<title>TKEY</title>
<para><command>TKEY</command>
- is a mechanism for automatically generating a shared secret
- between two hosts. There are several "modes" of
- <command>TKEY</command> that specify how the key is generated
- or assigned. <acronym>BIND</acronym> 9 implements only one of
- these modes, the Diffie-Hellman key exchange. Both hosts are
- required to have a Diffie-Hellman KEY record (although this
- record is not required to be present in a zone). The
- <command>TKEY</command> process must use signed messages,
- signed either by TSIG or SIG(0). The result of
- <command>TKEY</command> is a shared secret that can be used to
- sign messages with TSIG. <command>TKEY</command> can also be
- used to delete shared secrets that it had previously
- generated.
+ is a mechanism for automatically generating a shared secret
+ between two hosts. There are several "modes" of
+ <command>TKEY</command> that specify how the key is generated
+ or assigned. <acronym>BIND</acronym> 9 implements only one of
+ these modes, the Diffie-Hellman key exchange. Both hosts are
+ required to have a Diffie-Hellman KEY record (although this
+ record is not required to be present in a zone). The
+ <command>TKEY</command> process must use signed messages,
+ signed either by TSIG or SIG(0). The result of
+ <command>TKEY</command> is a shared secret that can be used to
+ sign messages with TSIG. <command>TKEY</command> can also be
+ used to delete shared secrets that it had previously
+ generated.
</para>
<para>
- The <command>TKEY</command> process is initiated by a
- client
- or server by sending a signed <command>TKEY</command>
- query
- (including any appropriate KEYs) to a TKEY-aware server. The
- server response, if it indicates success, will contain a
- <command>TKEY</command> record and any appropriate keys.
- After
- this exchange, both participants have enough information to
- determine the shared secret; the exact process depends on the
- <command>TKEY</command> mode. When using the
- Diffie-Hellman
- <command>TKEY</command> mode, Diffie-Hellman keys are
- exchanged,
- and the shared secret is derived by both participants.
+ The <command>TKEY</command> process is initiated by a
+ client
+ or server by sending a signed <command>TKEY</command>
+ query
+ (including any appropriate KEYs) to a TKEY-aware server. The
+ server response, if it indicates success, will contain a
+ <command>TKEY</command> record and any appropriate keys.
+ After
+ this exchange, both participants have enough information to
+ determine the shared secret; the exact process depends on the
+ <command>TKEY</command> mode. When using the
+ Diffie-Hellman
+ <command>TKEY</command> mode, Diffie-Hellman keys are
+ exchanged,
+ and the shared secret is derived by both participants.
</para>
</sect1>
@@ -2454,28 +2033,28 @@
<title>SIG(0)</title>
<para>
- <acronym>BIND</acronym> 9 partially supports DNSSEC SIG(0)
- transaction signatures as specified in RFC 2535 and RFC 2931.
- SIG(0)
- uses public/private keys to authenticate messages. Access control
- is performed in the same manner as TSIG keys; privileges can be
- granted or denied based on the key name.
+ <acronym>BIND</acronym> 9 partially supports DNSSEC SIG(0)
+ transaction signatures as specified in RFC 2535 and RFC 2931.
+ SIG(0)
+ uses public/private keys to authenticate messages. Access control
+ is performed in the same manner as TSIG keys; privileges can be
+ granted or denied based on the key name.
</para>
<para>
- When a SIG(0) signed message is received, it will only be
- verified if the key is known and trusted by the server; the server
- will not attempt to locate and/or validate the key.
+ When a SIG(0) signed message is received, it will only be
+ verified if the key is known and trusted by the server; the server
+ will not attempt to locate and/or validate the key.
</para>
<para>
- SIG(0) signing of multiple-message TCP streams is not
- supported.
+ SIG(0) signing of multiple-message TCP streams is not
+ supported.
</para>
<para>
- The only tool shipped with <acronym>BIND</acronym> 9 that
- generates SIG(0) signed messages is <command>nsupdate</command>.
+ The only tool shipped with <acronym>BIND</acronym> 9 that
+ generates SIG(0) signed messages is <command>nsupdate</command>.
</para>
</sect1>
@@ -2483,108 +2062,108 @@
<title>DNSSEC</title>
<para>
- Cryptographic authentication of DNS information is possible
- through the DNS Security (<emphasis>DNSSEC-bis</emphasis>) extensions,
- defined in RFC 4033, RFC 4034, and RFC 4035.
+ Cryptographic authentication of DNS information is possible
+ through the DNS Security (<emphasis>DNSSEC-bis</emphasis>) extensions,
+ defined in RFC 4033, RFC 4034, and RFC 4035.
This section describes the creation and use of DNSSEC signed zones.
</para>
<para>
- In order to set up a DNSSEC secure zone, there are a series
- of steps which must be followed. <acronym>BIND</acronym>
- 9 ships
- with several tools
- that are used in this process, which are explained in more detail
- below. In all cases, the <option>-h</option> option prints a
- full list of parameters. Note that the DNSSEC tools require the
- keyset files to be in the working directory or the
- directory specified by the <option>-d</option> option, and
- that the tools shipped with BIND 9.2.x and earlier are not compatible
- with the current ones.
+ In order to set up a DNSSEC secure zone, there are a series
+ of steps which must be followed. <acronym>BIND</acronym>
+ 9 ships
+ with several tools
+ that are used in this process, which are explained in more detail
+ below. In all cases, the <option>-h</option> option prints a
+ full list of parameters. Note that the DNSSEC tools require the
+ keyset files to be in the working directory or the
+ directory specified by the <option>-d</option> option, and
+ that the tools shipped with BIND 9.2.x and earlier are not compatible
+ with the current ones.
</para>
<para>
- There must also be communication with the administrators of
- the parent and/or child zone to transmit keys. A zone's security
- status must be indicated by the parent zone for a DNSSEC capable
- resolver to trust its data. This is done through the presence
- or absence of a <literal>DS</literal> record at the
- delegation
- point.
+ There must also be communication with the administrators of
+ the parent and/or child zone to transmit keys. A zone's security
+ status must be indicated by the parent zone for a DNSSEC capable
+ resolver to trust its data. This is done through the presence
+ or absence of a <literal>DS</literal> record at the
+ delegation
+ point.
</para>
<para>
- For other servers to trust data in this zone, they must
- either be statically configured with this zone's zone key or the
- zone key of another zone above this one in the DNS tree.
+ For other servers to trust data in this zone, they must
+ either be statically configured with this zone's zone key or the
+ zone key of another zone above this one in the DNS tree.
</para>
<sect2>
- <title>Generating Keys</title>
+ <title>Generating Keys</title>
- <para>
- The <command>dnssec-keygen</command> program is used to
- generate keys.
- </para>
+ <para>
+ The <command>dnssec-keygen</command> program is used to
+ generate keys.
+ </para>
- <para>
- A secure zone must contain one or more zone keys. The
- zone keys will sign all other records in the zone, as well as
- the zone keys of any secure delegated zones. Zone keys must
- have the same name as the zone, a name type of
- <command>ZONE</command>, and must be usable for
- authentication.
- It is recommended that zone keys use a cryptographic algorithm
- designated as "mandatory to implement" by the IETF; currently
- the only one is RSASHA1.
- </para>
+ <para>
+ A secure zone must contain one or more zone keys. The
+ zone keys will sign all other records in the zone, as well as
+ the zone keys of any secure delegated zones. Zone keys must
+ have the same name as the zone, a name type of
+ <command>ZONE</command>, and must be usable for
+ authentication.
+ It is recommended that zone keys use a cryptographic algorithm
+ designated as "mandatory to implement" by the IETF; currently
+ the only one is RSASHA1.
+ </para>
- <para>
- The following command will generate a 768-bit RSASHA1 key for
- the <filename>child.example</filename> zone:
- </para>
+ <para>
+ The following command will generate a 768-bit RSASHA1 key for
+ the <filename>child.example</filename> zone:
+ </para>
- <para>
- <userinput>dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example.</userinput>
- </para>
+ <para>
+ <userinput>dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example.</userinput>
+ </para>
- <para>
- Two output files will be produced:
- <filename>Kchild.example.+005+12345.key</filename> and
- <filename>Kchild.example.+005+12345.private</filename>
- (where
- 12345 is an example of a key tag). The key filenames contain
- the key name (<filename>child.example.</filename>),
- algorithm (3
- is DSA, 1 is RSAMD5, 5 is RSASHA1, etc.), and the key tag (12345 in
- this case).
- The private key (in the <filename>.private</filename>
- file) is
- used to generate signatures, and the public key (in the
- <filename>.key</filename> file) is used for signature
- verification.
- </para>
+ <para>
+ Two output files will be produced:
+ <filename>Kchild.example.+005+12345.key</filename> and
+ <filename>Kchild.example.+005+12345.private</filename>
+ (where
+ 12345 is an example of a key tag). The key filenames contain
+ the key name (<filename>child.example.</filename>),
+ algorithm (3
+ is DSA, 1 is RSAMD5, 5 is RSASHA1, etc.), and the key tag (12345 in
+ this case).
+ The private key (in the <filename>.private</filename>
+ file) is
+ used to generate signatures, and the public key (in the
+ <filename>.key</filename> file) is used for signature
+ verification.
+ </para>
- <para>
- To generate another key with the same properties (but with
- a different key tag), repeat the above command.
- </para>
+ <para>
+ To generate another key with the same properties (but with
+ a different key tag), repeat the above command.
+ </para>
- <para>
- The <command>dnssec-keyfromlabel</command> program is used
- to get a key pair from a crypto hardware and build the key
- files. Its usage is similar to <command>dnssec-keygen</command>.
- </para>
+ <para>
+ The <command>dnssec-keyfromlabel</command> program is used
+ to get a key pair from a crypto hardware and build the key
+ files. Its usage is similar to <command>dnssec-keygen</command>.
+ </para>
- <para>
- The public keys should be inserted into the zone file by
- including the <filename>.key</filename> files using
- <command>$INCLUDE</command> statements.
- </para>
+ <para>
+ The public keys should be inserted into the zone file by
+ including the <filename>.key</filename> files using
+ <command>$INCLUDE</command> statements.
+ </para>
</sect2>
<sect2>
- <title>Signing the Zone</title>
+ <title>Signing the Zone</title>
<para>
The <command>dnssec-signzone</command> program is used
@@ -2602,66 +2181,66 @@
zones need to be added manually.
</para>
- <para>
- The following command signs the zone, assuming it is in a
- file called <filename>zone.child.example</filename>. By
- default, all zone keys which have an available private key are
- used to generate signatures.
- </para>
+ <para>
+ The following command signs the zone, assuming it is in a
+ file called <filename>zone.child.example</filename>. By
+ default, all zone keys which have an available private key are
+ used to generate signatures.
+ </para>
- <para>
- <userinput>dnssec-signzone -o child.example zone.child.example</userinput>
- </para>
+ <para>
+ <userinput>dnssec-signzone -o child.example zone.child.example</userinput>
+ </para>
- <para>
- One output file is produced:
- <filename>zone.child.example.signed</filename>. This
- file
- should be referenced by <filename>named.conf</filename>
- as the
- input file for the zone.
- </para>
+ <para>
+ One output file is produced:
+ <filename>zone.child.example.signed</filename>. This
+ file
+ should be referenced by <filename>named.conf</filename>
+ as the
+ input file for the zone.
+ </para>
- <para><command>dnssec-signzone</command>
+ <para><command>dnssec-signzone</command>
will also produce a keyset and dsset files and optionally a
- dlvset file. These are used to provide the parent zone
- administrators with the <literal>DNSKEYs</literal> (or their
- corresponding <literal>DS</literal> records) that are the
- secure entry point to the zone.
- </para>
+ dlvset file. These are used to provide the parent zone
+ administrators with the <literal>DNSKEYs</literal> (or their
+ corresponding <literal>DS</literal> records) that are the
+ secure entry point to the zone.
+ </para>
</sect2>
<sect2>
- <title>Configuring Servers</title>
+ <title>Configuring Servers</title>
<para>
To enable <command>named</command> to respond appropriately
to DNS requests from DNSSEC aware clients,
<command>dnssec-enable</command> must be set to yes.
- (This is the default setting.)
- </para>
+ (This is the default setting.)
+ </para>
<para>
To enable <command>named</command> to validate answers from
other servers, the <command>dnssec-enable</command> option
- must be set to <userinput>yes</userinput>, and the
- <command>dnssec-validation</command> options must be set to
- <userinput>yes</userinput> or <userinput>auto</userinput>.
- </para>
+ must be set to <userinput>yes</userinput>, and the
+ <command>dnssec-validation</command> options must be set to
+ <userinput>yes</userinput> or <userinput>auto</userinput>.
+ </para>
<para>
- If <command>dnssec-validation</command> is set to
- <userinput>auto</userinput>, then a default
- trust anchor for the DNS root zone will be used.
- If it is set to <userinput>yes</userinput>, however,
- then at least one trust anchor must be configured
- with a <command>trusted-keys</command> or
- <command>managed-keys</command> statement in
- <filename>named.conf</filename>, or DNSSEC validation
- will not occur. The default setting is
- <userinput>yes</userinput>.
- </para>
+ If <command>dnssec-validation</command> is set to
+ <userinput>auto</userinput>, then a default
+ trust anchor for the DNS root zone will be used.
+ If it is set to <userinput>yes</userinput>, however,
+ then at least one trust anchor must be configured
+ with a <command>trusted-keys</command> or
+ <command>managed-keys</command> statement in
+ <filename>named.conf</filename>, or DNSSEC validation
+ will not occur. The default setting is
+ <userinput>yes</userinput>.
+ </para>
<para>
<command>trusted-keys</command> are copies of DNSKEY RRs
@@ -2674,13 +2253,13 @@
<para>
<command>managed-keys</command> are trusted keys which are
- automatically kept up to date via RFC 5011 trust anchor
- maintenance.
+ automatically kept up to date via RFC 5011 trust anchor
+ maintenance.
</para>
<para>
<command>trusted-keys</command> and
- <command>managed-keys</command> are described in more detail
+ <command>managed-keys</command> are described in more detail
later in this document.
</para>
@@ -2697,55 +2276,55 @@
more public keys for the root. This allows answers from
outside the organization to be validated. It will also
have several keys for parts of the namespace the organization
- controls. These are here to ensure that <command>named</command>
- is immune to compromises in the DNSSEC components of the security
- of parent zones.
+ controls. These are here to ensure that <command>named</command>
+ is immune to compromises in the DNSSEC components of the security
+ of parent zones.
</para>
<programlisting>
managed-keys {
/* Root Key */
- "." initial-key 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwS
- JxrGkxJWoZu6I7PzJu/E9gx4UC1zGAHlXKdE4zYIpRh
- aBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3zy2Xy
- 4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYg
- hf+6fElrmLkdaz MQ2OCnACR817DF4BBa7UR/beDHyp
- 5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M/lUUVRbke
- g1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq
- 66gKodQj+MiA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ
- 97S+LKUTpQcq27R7AT3/V5hRQxScINqwcz4jYqZD2fQ
- dgxbcDTClU0CRBdiieyLMNzXG3";
+ "." initial-key 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwS
+ JxrGkxJWoZu6I7PzJu/E9gx4UC1zGAHlXKdE4zYIpRh
+ aBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3zy2Xy
+ 4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYg
+ hf+6fElrmLkdaz MQ2OCnACR817DF4BBa7UR/beDHyp
+ 5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M/lUUVRbke
+ g1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq
+ 66gKodQj+MiA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ
+ 97S+LKUTpQcq27R7AT3/V5hRQxScINqwcz4jYqZD2fQ
+ dgxbcDTClU0CRBdiieyLMNzXG3";
};
trusted-keys {
- /* Key for our organization's forward zone */
- example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM6
- 5KbhTjrW1ZaARmPhEZZe3Y9ifgEuq7vZ/z
- GZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb
- 4JKUbbOTcM8pwXlj0EiX3oDFVmjHO444gL
- kBOUKUf/mC7HvfwYH/Be22GnClrinKJp1O
- g4ywzO9WglMk7jbfW33gUKvirTHr25GL7S
- TQUzBb5Usxt8lgnyTUHs1t3JwCY5hKZ6Cq
- FxmAVZP20igTixin/1LcrgX/KMEGd/biuv
- F4qJCyduieHukuY3H4XMAcR+xia2nIUPvm
- /oyWR8BW/hWdzOvnSCThlHf3xiYleDbt/o
- 1OTQ09A0=";
+ /* Key for our organization's forward zone */
+ example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM6
+ 5KbhTjrW1ZaARmPhEZZe3Y9ifgEuq7vZ/z
+ GZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb
+ 4JKUbbOTcM8pwXlj0EiX3oDFVmjHO444gL
+ kBOUKUf/mC7HvfwYH/Be22GnClrinKJp1O
+ g4ywzO9WglMk7jbfW33gUKvirTHr25GL7S
+ TQUzBb5Usxt8lgnyTUHs1t3JwCY5hKZ6Cq
+ FxmAVZP20igTixin/1LcrgX/KMEGd/biuv
+ F4qJCyduieHukuY3H4XMAcR+xia2nIUPvm
+ /oyWR8BW/hWdzOvnSCThlHf3xiYleDbt/o
+ 1OTQ09A0=";
- /* Key for our reverse zone. */
- 2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwc
- xOdNax071L18QqZnQQQAVVr+i
- LhGTnNGp3HoWQLUIzKrJVZ3zg
- gy3WwNT6kZo6c0tszYqbtvchm
- gQC8CzKojM/W16i6MG/eafGU3
- siaOdS0yOI6BgPsw+YZdzlYMa
- IJGf4M4dyoKIhzdZyQ2bYQrjy
- Q4LB0lC7aOnsMyYKHHYeRvPxj
- IQXmdqgOJGq+vsevG06zW+1xg
- YJh9rCIfnm1GX/KMgxLPG2vXT
- D/RnLX+D3T3UL7HJYHJhAZD5L
- 59VvjSPsZJHeDCUyWYrvPZesZ
- DIRvhDD52SKvbheeTJUm6Ehkz
- ytNN2SN96QRk8j/iI8ib";
+ /* Key for our reverse zone. */
+ 2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwc
+ xOdNax071L18QqZnQQQAVVr+i
+ LhGTnNGp3HoWQLUIzKrJVZ3zg
+ gy3WwNT6kZo6c0tszYqbtvchm
+ gQC8CzKojM/W16i6MG/eafGU3
+ siaOdS0yOI6BgPsw+YZdzlYMa
+ IJGf4M4dyoKIhzdZyQ2bYQrjy
+ Q4LB0lC7aOnsMyYKHHYeRvPxj
+ IQXmdqgOJGq+vsevG06zW+1xg
+ YJh9rCIfnm1GX/KMgxLPG2vXT
+ D/RnLX+D3T3UL7HJYHJhAZD5L
+ 59VvjSPsZJHeDCUyWYrvPZesZ
+ DIRvhDD52SKvbheeTJUm6Ehkz
+ ytNN2SN96QRk8j/iI8ib";
};
options {
@@ -2789,10 +2368,10 @@
forgery; it rejects the response and logs an error.
</para>
<para>
- The logged error reads "insecurity proof failed" and
- "got insecure response; parent indicates it should be secure".
+ The logged error reads "insecurity proof failed" and
+ "got insecure response; parent indicates it should be secure".
(Prior to BIND 9.7, the logged error was "not insecure".
- This referred to the zone, not the response.)
+ This referred to the zone, not the response.)
</para>
</note>
</sect2>
@@ -2809,52 +2388,52 @@
<title>IPv6 Support in <acronym>BIND</acronym> 9</title>
<para>
- <acronym>BIND</acronym> 9 fully supports all currently
- defined forms of IPv6 name to address and address to name
- lookups. It will also use IPv6 addresses to make queries when
- running on an IPv6 capable system.
+ <acronym>BIND</acronym> 9 fully supports all currently
+ defined forms of IPv6 name to address and address to name
+ lookups. It will also use IPv6 addresses to make queries when
+ running on an IPv6 capable system.
</para>
<para>
- For forward lookups, <acronym>BIND</acronym> 9 supports
- only AAAA records. RFC 3363 deprecated the use of A6 records,
- and client-side support for A6 records was accordingly removed
- from <acronym>BIND</acronym> 9.
- However, authoritative <acronym>BIND</acronym> 9 name servers still
- load zone files containing A6 records correctly, answer queries
- for A6 records, and accept zone transfer for a zone containing A6
- records.
+ For forward lookups, <acronym>BIND</acronym> 9 supports
+ only AAAA records. RFC 3363 deprecated the use of A6 records,
+ and client-side support for A6 records was accordingly removed
+ from <acronym>BIND</acronym> 9.
+ However, authoritative <acronym>BIND</acronym> 9 name servers still
+ load zone files containing A6 records correctly, answer queries
+ for A6 records, and accept zone transfer for a zone containing A6
+ records.
</para>
<para>
- For IPv6 reverse lookups, <acronym>BIND</acronym> 9 supports
- the traditional "nibble" format used in the
- <emphasis>ip6.arpa</emphasis> domain, as well as the older, deprecated
- <emphasis>ip6.int</emphasis> domain.
- Older versions of <acronym>BIND</acronym> 9
- supported the "binary label" (also known as "bitstring") format,
- but support of binary labels has been completely removed per
- RFC 3363.
- Many applications in <acronym>BIND</acronym> 9 do not understand
- the binary label format at all any more, and will return an
- error if given.
+ For IPv6 reverse lookups, <acronym>BIND</acronym> 9 supports
+ the traditional "nibble" format used in the
+ <emphasis>ip6.arpa</emphasis> domain, as well as the older, deprecated
+ <emphasis>ip6.int</emphasis> domain.
+ Older versions of <acronym>BIND</acronym> 9
+ supported the "binary label" (also known as "bitstring") format,
+ but support of binary labels has been completely removed per
+ RFC 3363.
+ Many applications in <acronym>BIND</acronym> 9 do not understand
+ the binary label format at all any more, and will return an
+ error if given.
In particular, an authoritative <acronym>BIND</acronym> 9
- name server will not load a zone file containing binary labels.
+ name server will not load a zone file containing binary labels.
</para>
<para>
- For an overview of the format and structure of IPv6 addresses,
- see <xref linkend="ipv6addresses"/>.
+ For an overview of the format and structure of IPv6 addresses,
+ see <xref linkend="ipv6addresses"/>.
</para>
<sect2>
- <title>Address Lookups Using AAAA Records</title>
+ <title>Address Lookups Using AAAA Records</title>
- <para>
- The IPv6 AAAA record is a parallel to the IPv4 A record,
- and, unlike the deprecated A6 record, specifies the entire
- IPv6 address in a single record. For example,
- </para>
+ <para>
+ The IPv6 AAAA record is a parallel to the IPv4 A record,
+ and, unlike the deprecated A6 record, specifies the entire
+ IPv6 address in a single record. For example,
+ </para>
<programlisting>
$ORIGIN example.com.
@@ -2861,30 +2440,30 @@
host 3600 IN AAAA 2001:db8::1
</programlisting>
- <para>
- Use of IPv4-in-IPv6 mapped addresses is not recommended.
+ <para>
+ Use of IPv4-in-IPv6 mapped addresses is not recommended.
If a host has an IPv4 address, use an A record, not
- a AAAA, with <literal>::ffff:192.168.42.1</literal> as
- the address.
- </para>
+ a AAAA, with <literal>::ffff:192.168.42.1</literal> as
+ the address.
+ </para>
</sect2>
<sect2>
- <title>Address to Name Lookups Using Nibble Format</title>
+ <title>Address to Name Lookups Using Nibble Format</title>
- <para>
- When looking up an address in nibble format, the address
- components are simply reversed, just as in IPv4, and
- <literal>ip6.arpa.</literal> is appended to the
- resulting name.
- For example, the following would provide reverse name lookup for
- a host with address
- <literal>2001:db8::1</literal>.
- </para>
+ <para>
+ When looking up an address in nibble format, the address
+ components are simply reversed, just as in IPv4, and
+ <literal>ip6.arpa.</literal> is appended to the
+ resulting name.
+ For example, the following would provide reverse name lookup for
+ a host with address
+ <literal>2001:db8::1</literal>.
+ </para>
<programlisting>
$ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 14400 IN PTR (
- host.example.com. )
+ host.example.com. )
</programlisting>
</sect2>
@@ -2896,24 +2475,24 @@
<sect1>
<title>The Lightweight Resolver Library</title>
<para>
- Traditionally applications have been linked with a stub resolver
- library that sends recursive DNS queries to a local caching name
- server.
+ Traditionally applications have been linked with a stub resolver
+ library that sends recursive DNS queries to a local caching name
+ server.
</para>
<para>
- IPv6 once introduced new complexity into the resolution process,
- such as following A6 chains and DNAME records, and simultaneous
- lookup of IPv4 and IPv6 addresses. Though most of the complexity was
- then removed, these are hard or impossible
- to implement in a traditional stub resolver.
+ IPv6 once introduced new complexity into the resolution process,
+ such as following A6 chains and DNAME records, and simultaneous
+ lookup of IPv4 and IPv6 addresses. Though most of the complexity was
+ then removed, these are hard or impossible
+ to implement in a traditional stub resolver.
</para>
<para>
- <acronym>BIND</acronym> 9 therefore can also provide resolution
- services to local clients
- using a combination of a lightweight resolver library and a resolver
- daemon process running on the local host. These communicate using
- a simple UDP-based protocol, the "lightweight resolver protocol"
- that is distinct from and simpler than the full DNS protocol.
+ <acronym>BIND</acronym> 9 therefore can also provide resolution
+ services to local clients
+ using a combination of a lightweight resolver library and a resolver
+ daemon process running on the local host. These communicate using
+ a simple UDP-based protocol, the "lightweight resolver protocol"
+ that is distinct from and simpler than the full DNS protocol.
</para>
</sect1>
<sect1 id="lwresd">
@@ -2920,51 +2499,51 @@
<title>Running a Resolver Daemon</title>
<para>
- To use the lightweight resolver interface, the system must
- run the resolver daemon <command>lwresd</command> or a
- local
- name server configured with a <command>lwres</command>
- statement.
+ To use the lightweight resolver interface, the system must
+ run the resolver daemon <command>lwresd</command> or a
+ local
+ name server configured with a <command>lwres</command>
+ statement.
</para>
<para>
- By default, applications using the lightweight resolver library will
- make
- UDP requests to the IPv4 loopback address (127.0.0.1) on port 921.
- The
- address can be overridden by <command>lwserver</command>
- lines in
- <filename>/etc/resolv.conf</filename>.
+ By default, applications using the lightweight resolver library will
+ make
+ UDP requests to the IPv4 loopback address (127.0.0.1) on port 921.
+ The
+ address can be overridden by <command>lwserver</command>
+ lines in
+ <filename>/etc/resolv.conf</filename>.
</para>
<para>
- The daemon currently only looks in the DNS, but in the future
- it may use other sources such as <filename>/etc/hosts</filename>,
- NIS, etc.
+ The daemon currently only looks in the DNS, but in the future
+ it may use other sources such as <filename>/etc/hosts</filename>,
+ NIS, etc.
</para>
<para>
- The <command>lwresd</command> daemon is essentially a
- caching-only name server that responds to requests using the
- lightweight
- resolver protocol rather than the DNS protocol. Because it needs
- to run on each host, it is designed to require no or minimal
- configuration.
- Unless configured otherwise, it uses the name servers listed on
- <command>nameserver</command> lines in <filename>/etc/resolv.conf</filename>
- as forwarders, but is also capable of doing the resolution
- autonomously if
- none are specified.
+ The <command>lwresd</command> daemon is essentially a
+ caching-only name server that responds to requests using the
+ lightweight
+ resolver protocol rather than the DNS protocol. Because it needs
+ to run on each host, it is designed to require no or minimal
+ configuration.
+ Unless configured otherwise, it uses the name servers listed on
+ <command>nameserver</command> lines in <filename>/etc/resolv.conf</filename>
+ as forwarders, but is also capable of doing the resolution
+ autonomously if
+ none are specified.
</para>
<para>
- The <command>lwresd</command> daemon may also be
- configured with a
- <filename>named.conf</filename> style configuration file,
- in
- <filename>/etc/lwresd.conf</filename> by default. A name
- server may also
- be configured to act as a lightweight resolver daemon using the
- <command>lwres</command> statement in <filename>named.conf</filename>.
+ The <command>lwresd</command> daemon may also be
+ configured with a
+ <filename>named.conf</filename> style configuration file,
+ in
+ <filename>/etc/lwresd.conf</filename> by default. A name
+ server may also
+ be configured to act as a lightweight resolver daemon using the
+ <command>lwres</command> statement in <filename>named.conf</filename>.
</para>
</sect1>
@@ -2993,120 +2572,120 @@
<sect1 id="configuration_file_elements">
<title>Configuration File Elements</title>
<para>
- Following is a list of elements used throughout the <acronym>BIND</acronym> configuration
- file documentation:
+ Following is a list of elements used throughout the <acronym>BIND</acronym> configuration
+ file documentation:
</para>
<informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="2Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.855in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.770in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>acl_name</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- The name of an <varname>address_match_list</varname> as
- defined by the <command>acl</command> statement.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>address_match_list</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A list of one or more
- <varname>ip_addr</varname>,
- <varname>ip_prefix</varname>, <varname>key_id</varname>,
- or <varname>acl_name</varname> elements, see
- <xref linkend="address_match_lists"/>.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>masters_list</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A named list of one or more <varname>ip_addr</varname>
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="2Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.855in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.770in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>acl_name</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The name of an <varname>address_match_list</varname> as
+ defined by the <command>acl</command> statement.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>address_match_list</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A list of one or more
+ <varname>ip_addr</varname>,
+ <varname>ip_prefix</varname>, <varname>key_id</varname>,
+ or <varname>acl_name</varname> elements, see
+ <xref linkend="address_match_lists"/>.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>masters_list</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A named list of one or more <varname>ip_addr</varname>
with optional <varname>key_id</varname> and/or
<varname>ip_port</varname>.
A <varname>masters_list</varname> may include other
<varname>masters_lists</varname>.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>domain_name</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A quoted string which will be used as
- a DNS name, for example "<literal>my.test.domain</literal>".
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>namelist</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A list of one or more <varname>domain_name</varname>
- elements.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>dotted_decimal</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- One to four integers valued 0 through
- 255 separated by dots (`.'), such as <command>123</command>,
- <command>45.67</command> or <command>89.123.45.67</command>.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>ip4_addr</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- An IPv4 address with exactly four elements
- in <varname>dotted_decimal</varname> notation.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>ip6_addr</varname>
- </para>
- </entry>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>domain_name</varname>
+ </para>
+ </entry>
<entry colname="2">
<para>
+ A quoted string which will be used as
+ a DNS name, for example "<literal>my.test.domain</literal>".
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>namelist</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A list of one or more <varname>domain_name</varname>
+ elements.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>dotted_decimal</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ One to four integers valued 0 through
+ 255 separated by dots (`.'), such as <command>123</command>,
+ <command>45.67</command> or <command>89.123.45.67</command>.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>ip4_addr</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ An IPv4 address with exactly four elements
+ in <varname>dotted_decimal</varname> notation.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>ip6_addr</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
An IPv6 address, such as <command>2001:db8::1234</command>.
IPv6 scoped addresses that have ambiguity on their
scope zones must be disambiguated by an appropriate
@@ -3128,126 +2707,126 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>ip_addr</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- An <varname>ip4_addr</varname> or <varname>ip6_addr</varname>.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>ip_port</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- An IP port <varname>number</varname>.
- The <varname>number</varname> is limited to 0
- through 65535, with values
- below 1024 typically restricted to use by processes running
- as root.
- In some cases, an asterisk (`*') character can be used as a
- placeholder to
- select a random high-numbered port.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>ip_prefix</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- An IP network specified as an <varname>ip_addr</varname>,
- followed by a slash (`/') and then the number of bits in the
- netmask.
- Trailing zeros in a <varname>ip_addr</varname>
- may omitted.
- For example, <command>127/8</command> is the
- network <command>127.0.0.0</command> with
- netmask <command>255.0.0.0</command> and <command>1.2.3.0/28</command> is
- network <command>1.2.3.0</command> with netmask <command>255.255.255.240</command>.
- </para>
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>ip_addr</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ An <varname>ip4_addr</varname> or <varname>ip6_addr</varname>.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>ip_port</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ An IP port <varname>number</varname>.
+ The <varname>number</varname> is limited to 0
+ through 65535, with values
+ below 1024 typically restricted to use by processes running
+ as root.
+ In some cases, an asterisk (`*') character can be used as a
+ placeholder to
+ select a random high-numbered port.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>ip_prefix</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ An IP network specified as an <varname>ip_addr</varname>,
+ followed by a slash (`/') and then the number of bits in the
+ netmask.
+ Trailing zeros in a <varname>ip_addr</varname>
+ may omitted.
+ For example, <command>127/8</command> is the
+ network <command>127.0.0.0</command> with
+ netmask <command>255.0.0.0</command> and <command>1.2.3.0/28</command> is
+ network <command>1.2.3.0</command> with netmask <command>255.255.255.240</command>.
+ </para>
+ <para>
When specifying a prefix involving a IPv6 scoped address
the scope may be omitted. In that case the prefix will
match packets from any scope.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>key_id</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A <varname>domain_name</varname> representing
- the name of a shared key, to be used for transaction
- security.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>key_list</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A list of one or more
- <varname>key_id</varname>s,
- separated by semicolons and ending with a semicolon.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>number</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A non-negative 32-bit integer
- (i.e., a number between 0 and 4294967295, inclusive).
- Its acceptable value might further
- be limited by the context in which it is used.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>path_name</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A quoted string which will be used as
- a pathname, such as <filename>zones/master/my.test.domain</filename>.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>port_list</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>key_id</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A <varname>domain_name</varname> representing
+ the name of a shared key, to be used for transaction
+ security.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>key_list</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A list of one or more
+ <varname>key_id</varname>s,
+ separated by semicolons and ending with a semicolon.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>number</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A non-negative 32-bit integer
+ (i.e., a number between 0 and 4294967295, inclusive).
+ Its acceptable value might further
+ be limited by the context in which it is used.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>path_name</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A quoted string which will be used as
+ a pathname, such as <filename>zones/master/my.test.domain</filename>.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>port_list</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
A list of an <varname>ip_port</varname> or a port
range.
A port range is specified in the form of
@@ -3264,99 +2843,101 @@
ports from 1024 through 65535.
In either case an asterisk (`*') character is not
allowed as a valid <varname>ip_port</varname>.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>size_spec</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A 64-bit unsigned integer, or the keywords
- <userinput>unlimited</userinput> or
- <userinput>default</userinput>.
- </para>
- <para>
- Integers may take values
- 0 <= value <= 18446744073709551615, though
- certain parameters may use a more limited range
- within these extremes. In most cases, setting a
- value to 0 does not literally mean zero; it means
- "undefined" or "as big as psosible", depending on
- the context. See the expalantions of particular
- parameters that use <varname>size_spec</varname>
- for details on how they interpret its use.
- </para>
- <para>
- Numeric values can optionally be followed by a
- scaling factor:
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>size_spec</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A 64-bit unsigned integer, or the keywords
+ <userinput>unlimited</userinput> or
+ <userinput>default</userinput>.
+ </para>
+ <para>
+ Integers may take values
+ 0 <= value <= 18446744073709551615, though
+ certain parameters
+ (such as <command>max-journal-size</command>) may
+ use a more limited range within these extremes.
+ In most cases, setting a value to 0 does not
+ literally mean zero; it means "undefined" or
+ "as big as possible", depending on the context.
+ See the explanations of particular parameters
+ that use <varname>size_spec</varname>
+ for details on how they interpret its use.
+ </para>
+ <para>
+ Numeric values can optionally be followed by a
+ scaling factor:
<userinput>K</userinput> or <userinput>k</userinput>
for kilobytes,
<userinput>M</userinput> or <userinput>m</userinput>
for megabytes, and
- <userinput>G</userinput> or <userinput>g</userinput>
- for gigabytes, which scale by 1024, 1024*1024, and
- 1024*1024*1024 respectively.
- </para>
+ <userinput>G</userinput> or <userinput>g</userinput>
+ for gigabytes, which scale by 1024, 1024*1024, and
+ 1024*1024*1024 respectively.
+ </para>
<para>
- <varname>unlimited</varname> generally means
- "as big as possible", though in certain contexts,
- (including <option>max-cache-size</option>), it may
- mean the largest possible 32-bit unsigned integer
- (0xffffffff); this distinction can be important when
- dealing with larger quantities.
- <varname>unlimited</varname> is usually the best way
- to safely set a very large number.
- </para>
+ <varname>unlimited</varname> generally means
+ "as big as possible", though in certain contexts,
+ (including <option>max-cache-size</option>), it may
+ mean the largest possible 32-bit unsigned integer
+ (0xffffffff); this distinction can be important when
+ dealing with larger quantities.
+ <varname>unlimited</varname> is usually the best way
+ to safely set a very large number.
+ </para>
<para>
- <varname>default</varname>
- uses the limit that was in force when the server was started.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>yes_or_no</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- Either <userinput>yes</userinput> or <userinput>no</userinput>.
- The words <userinput>true</userinput> and <userinput>false</userinput> are
- also accepted, as are the numbers <userinput>1</userinput>
- and <userinput>0</userinput>.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>dialup_option</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- One of <userinput>yes</userinput>,
- <userinput>no</userinput>, <userinput>notify</userinput>,
- <userinput>notify-passive</userinput>, <userinput>refresh</userinput> or
- <userinput>passive</userinput>.
- When used in a zone, <userinput>notify-passive</userinput>,
- <userinput>refresh</userinput>, and <userinput>passive</userinput>
- are restricted to slave and stub zones.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
+ <varname>default</varname>
+ uses the limit that was in force when the server was started.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>yes_or_no</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Either <userinput>yes</userinput> or <userinput>no</userinput>.
+ The words <userinput>true</userinput> and <userinput>false</userinput> are
+ also accepted, as are the numbers <userinput>1</userinput>
+ and <userinput>0</userinput>.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>dialup_option</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ One of <userinput>yes</userinput>,
+ <userinput>no</userinput>, <userinput>notify</userinput>,
+ <userinput>notify-passive</userinput>, <userinput>refresh</userinput> or
+ <userinput>passive</userinput>.
+ When used in a zone, <userinput>notify-passive</userinput>,
+ <userinput>refresh</userinput>, and <userinput>passive</userinput>
+ are restricted to slave and stub zones.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
</informaltable>
<sect2 id="address_match_lists">
- <title>Address Match Lists</title>
- <sect3>
- <title>Syntax</title>
+ <title>Address Match Lists</title>
+ <sect3>
+ <title>Syntax</title>
<programlisting><varname>address_match_list</varname> = address_match_list_element ;
<optional> address_match_list_element; ... </optional>
@@ -3364,67 +2945,67 @@
key key_id | acl_name | { address_match_list } )
</programlisting>
- </sect3>
- <sect3>
- <title>Definition and Usage</title>
- <para>
- Address match lists are primarily used to determine access
- control for various server operations. They are also used in
- the <command>listen-on</command> and <command>sortlist</command>
- statements. The elements which constitute an address match
- list can be any of the following:
- </para>
- <itemizedlist>
- <listitem>
- <simpara>an IP address (IPv4 or IPv6)</simpara>
- </listitem>
- <listitem>
- <simpara>an IP prefix (in `/' notation)</simpara>
- </listitem>
- <listitem>
- <simpara>
- a key ID, as defined by the <command>key</command>
- statement
- </simpara>
- </listitem>
- <listitem>
- <simpara>the name of an address match list defined with
- the <command>acl</command> statement
- </simpara>
- </listitem>
- <listitem>
- <simpara>a nested address match list enclosed in braces</simpara>
- </listitem>
- </itemizedlist>
+ </sect3>
+ <sect3>
+ <title>Definition and Usage</title>
+ <para>
+ Address match lists are primarily used to determine access
+ control for various server operations. They are also used in
+ the <command>listen-on</command> and <command>sortlist</command>
+ statements. The elements which constitute an address match
+ list can be any of the following:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <simpara>an IP address (IPv4 or IPv6)</simpara>
+ </listitem>
+ <listitem>
+ <simpara>an IP prefix (in `/' notation)</simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ a key ID, as defined by the <command>key</command>
+ statement
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>the name of an address match list defined with
+ the <command>acl</command> statement
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>a nested address match list enclosed in braces</simpara>
+ </listitem>
+ </itemizedlist>
- <para>
- Elements can be negated with a leading exclamation mark (`!'),
- and the match list names "any", "none", "localhost", and
- "localnets" are predefined. More information on those names
- can be found in the description of the acl statement.
- </para>
+ <para>
+ Elements can be negated with a leading exclamation mark (`!'),
+ and the match list names "any", "none", "localhost", and
+ "localnets" are predefined. More information on those names
+ can be found in the description of the acl statement.
+ </para>
- <para>
- The addition of the key clause made the name of this syntactic
- element something of a misnomer, since security keys can be used
- to validate access without regard to a host or network address.
- Nonetheless, the term "address match list" is still used
- throughout the documentation.
- </para>
+ <para>
+ The addition of the key clause made the name of this syntactic
+ element something of a misnomer, since security keys can be used
+ to validate access without regard to a host or network address.
+ Nonetheless, the term "address match list" is still used
+ throughout the documentation.
+ </para>
- <para>
- When a given IP address or prefix is compared to an address
- match list, the comparison takes place in approximately O(1)
- time. However, key comparisons require that the list of keys
- be traversed until a matching key is found, and therefore may
- be somewhat slower.
- </para>
+ <para>
+ When a given IP address or prefix is compared to an address
+ match list, the comparison takes place in approximately O(1)
+ time. However, key comparisons require that the list of keys
+ be traversed until a matching key is found, and therefore may
+ be somewhat slower.
+ </para>
- <para>
- The interpretation of a match depends on whether the list is being
- used for access control, defining <command>listen-on</command> ports, or in a
- <command>sortlist</command>, and whether the element was negated.
- </para>
+ <para>
+ The interpretation of a match depends on whether the list is being
+ used for access control, defining <command>listen-on</command> ports, or in a
+ <command>sortlist</command>, and whether the element was negated.
+ </para>
<para>
When used as an access control list, a non-negated match
@@ -3446,63 +3027,63 @@
addresses which do not match the list.
</para>
- <para>
- Order of insertion is significant. If more than one element
- in an ACL is found to match a given IP address or prefix,
- preference will be given to the one that came
- <emphasis>first</emphasis> in the ACL definition.
- Because of this first-match behavior, an element that
- defines a subset of another element in the list should
- come before the broader element, regardless of whether
- either is negated. For example, in
- <command>1.2.3/24; ! 1.2.3.13;</command>
- the 1.2.3.13 element is completely useless because the
- algorithm will match any lookup for 1.2.3.13 to the 1.2.3/24
- element. Using <command>! 1.2.3.13; 1.2.3/24</command> fixes
- that problem by having 1.2.3.13 blocked by the negation, but
- all other 1.2.3.* hosts fall through.
- </para>
- </sect3>
+ <para>
+ Order of insertion is significant. If more than one element
+ in an ACL is found to match a given IP address or prefix,
+ preference will be given to the one that came
+ <emphasis>first</emphasis> in the ACL definition.
+ Because of this first-match behavior, an element that
+ defines a subset of another element in the list should
+ come before the broader element, regardless of whether
+ either is negated. For example, in
+ <command>1.2.3/24; ! 1.2.3.13;</command>
+ the 1.2.3.13 element is completely useless because the
+ algorithm will match any lookup for 1.2.3.13 to the 1.2.3/24
+ element. Using <command>! 1.2.3.13; 1.2.3/24</command> fixes
+ that problem by having 1.2.3.13 blocked by the negation, but
+ all other 1.2.3.* hosts fall through.
+ </para>
+ </sect3>
</sect2>
<sect2>
- <title>Comment Syntax</title>
+ <title>Comment Syntax</title>
- <para>
- The <acronym>BIND</acronym> 9 comment syntax allows for
- comments to appear
- anywhere that whitespace may appear in a <acronym>BIND</acronym> configuration
- file. To appeal to programmers of all kinds, they can be written
- in the C, C++, or shell/perl style.
- </para>
+ <para>
+ The <acronym>BIND</acronym> 9 comment syntax allows for
+ comments to appear
+ anywhere that whitespace may appear in a <acronym>BIND</acronym> configuration
+ file. To appeal to programmers of all kinds, they can be written
+ in the C, C++, or shell/perl style.
+ </para>
- <sect3>
- <title>Syntax</title>
+ <sect3>
+ <title>Syntax</title>
- <para>
- <programlisting>/* This is a <acronym>BIND</acronym> comment as in C */</programlisting>
- <programlisting>// This is a <acronym>BIND</acronym> comment as in C++</programlisting>
- <programlisting># This is a <acronym>BIND</acronym> comment as in common UNIX shells
+ <para>
+ <programlisting>/* This is a <acronym>BIND</acronym> comment as in C */</programlisting>
+ <programlisting>// This is a <acronym>BIND</acronym> comment as in C++</programlisting>
+ <programlisting># This is a <acronym>BIND</acronym> comment as in common UNIX shells
# and perl</programlisting>
- </para>
- </sect3>
- <sect3>
- <title>Definition and Usage</title>
- <para>
- Comments may appear anywhere that whitespace may appear in
- a <acronym>BIND</acronym> configuration file.
- </para>
- <para>
- C-style comments start with the two characters /* (slash,
- star) and end with */ (star, slash). Because they are completely
- delimited with these characters, they can be used to comment only
- a portion of a line or to span multiple lines.
- </para>
- <para>
- C-style comments cannot be nested. For example, the following
- is not valid because the entire comment ends with the first */:
- </para>
- <para>
+ </para>
+ </sect3>
+ <sect3>
+ <title>Definition and Usage</title>
+ <para>
+ Comments may appear anywhere that whitespace may appear in
+ a <acronym>BIND</acronym> configuration file.
+ </para>
+ <para>
+ C-style comments start with the two characters /* (slash,
+ star) and end with */ (star, slash). Because they are completely
+ delimited with these characters, they can be used to comment only
+ a portion of a line or to span multiple lines.
+ </para>
+ <para>
+ C-style comments cannot be nested. For example, the following
+ is not valid because the entire comment ends with the first */:
+ </para>
+ <para>
<programlisting>/* This is the start of a comment.
This is still part of the comment.
@@ -3510,16 +3091,16 @@
This is no longer in any comment. */
</programlisting>
- </para>
+ </para>
- <para>
- C++-style comments start with the two characters // (slash,
- slash) and continue to the end of the physical line. They cannot
- be continued across multiple physical lines; to have one logical
- comment span multiple lines, each line must use the // pair.
- For example:
- </para>
- <para>
+ <para>
+ C++-style comments start with the two characters // (slash,
+ slash) and continue to the end of the physical line. They cannot
+ be continued across multiple physical lines; to have one logical
+ comment span multiple lines, each line must use the // pair.
+ For example:
+ </para>
+ <para>
<programlisting>// This is the start of a comment. The next line
// is a new comment, even though it is logically
@@ -3526,16 +3107,16 @@
// part of the previous comment.
</programlisting>
- </para>
- <para>
- Shell-style (or perl-style, if you prefer) comments start
- with the character <literal>#</literal> (number sign)
- and continue to the end of the
- physical line, as in C++ comments.
- For example:
- </para>
+ </para>
+ <para>
+ Shell-style (or perl-style, if you prefer) comments start
+ with the character <literal>#</literal> (number sign)
+ and continue to the end of the
+ physical line, as in C++ comments.
+ For example:
+ </para>
- <para>
+ <para>
<programlisting># This is the start of a comment. The next line
# is a new comment, even though it is logically
@@ -3542,17 +3123,17 @@
# part of the previous comment.
</programlisting>
- </para>
+ </para>
- <warning>
- <para>
- You cannot use the semicolon (`;') character
- to start a comment such as you would in a zone file. The
- semicolon indicates the end of a configuration
- statement.
- </para>
- </warning>
- </sect3>
+ <warning>
+ <para>
+ You cannot use the semicolon (`;') character
+ to start a comment such as you would in a zone file. The
+ semicolon indicates the end of a configuration
+ statement.
+ </para>
+ </warning>
+ </sect3>
</sect2>
</sect1>
@@ -3560,186 +3141,186 @@
<title>Configuration File Grammar</title>
<para>
- A <acronym>BIND</acronym> 9 configuration consists of
- statements and comments.
- Statements end with a semicolon. Statements and comments are the
- only elements that can appear without enclosing braces. Many
- statements contain a block of sub-statements, which are also
- terminated with a semicolon.
+ A <acronym>BIND</acronym> 9 configuration consists of
+ statements and comments.
+ Statements end with a semicolon. Statements and comments are the
+ only elements that can appear without enclosing braces. Many
+ statements contain a block of sub-statements, which are also
+ terminated with a semicolon.
</para>
<para>
- The following statements are supported:
+ The following statements are supported:
</para>
<informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="2Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.336in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.778in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><command>acl</command></para>
- </entry>
- <entry colname="2">
- <para>
- defines a named IP address
- matching list, for access control and other uses.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>controls</command></para>
- </entry>
- <entry colname="2">
- <para>
- declares control channels to be used
- by the <command>rndc</command> utility.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>include</command></para>
- </entry>
- <entry colname="2">
- <para>
- includes a file.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>key</command></para>
- </entry>
- <entry colname="2">
- <para>
- specifies key information for use in
- authentication and authorization using TSIG.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>logging</command></para>
- </entry>
- <entry colname="2">
- <para>
- specifies what the server logs, and where
- the log messages are sent.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>lwres</command></para>
- </entry>
- <entry colname="2">
- <para>
- configures <command>named</command> to
- also act as a light-weight resolver daemon (<command>lwresd</command>).
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>masters</command></para>
- </entry>
- <entry colname="2">
- <para>
- defines a named masters list for
- inclusion in stub and slave zone masters clauses.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>options</command></para>
- </entry>
- <entry colname="2">
- <para>
- controls global server configuration
- options and sets defaults for other statements.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>server</command></para>
- </entry>
- <entry colname="2">
- <para>
- sets certain configuration options on
- a per-server basis.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>statistics-channels</command></para>
- </entry>
- <entry colname="2">
- <para>
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="2Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.336in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.778in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>acl</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ defines a named IP address
+ matching list, for access control and other uses.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>controls</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ declares control channels to be used
+ by the <command>rndc</command> utility.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>include</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ includes a file.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>key</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ specifies key information for use in
+ authentication and authorization using TSIG.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>logging</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ specifies what the server logs, and where
+ the log messages are sent.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>lwres</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ configures <command>named</command> to
+ also act as a light-weight resolver daemon (<command>lwresd</command>).
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>masters</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ defines a named masters list for
+ inclusion in stub and slave zone masters clauses.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>options</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ controls global server configuration
+ options and sets defaults for other statements.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>server</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ sets certain configuration options on
+ a per-server basis.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>statistics-channels</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
declares communication channels to get access to
<command>named</command> statistics.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>trusted-keys</command></para>
- </entry>
- <entry colname="2">
- <para>
- defines trusted DNSSEC keys.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>managed-keys</command></para>
- </entry>
- <entry colname="2">
- <para>
- lists DNSSEC keys to be kept up to date
- using RFC 5011 trust anchor maintenance.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>view</command></para>
- </entry>
- <entry colname="2">
- <para>
- defines a view.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>zone</command></para>
- </entry>
- <entry colname="2">
- <para>
- defines a zone.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>trusted-keys</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ defines trusted DNSSEC keys.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>managed-keys</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ lists DNSSEC keys to be kept up to date
+ using RFC 5011 trust anchor maintenance.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>view</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ defines a view.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>zone</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ defines a zone.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
</informaltable>
<para>
- The <command>logging</command> and
- <command>options</command> statements may only occur once
- per
- configuration.
+ The <command>logging</command> and
+ <command>options</command> statements may only occur once
+ per
+ configuration.
</para>
<sect2>
- <title><command>acl</command> Statement Grammar</title>
+ <title><command>acl</command> Statement Grammar</title>
<programlisting><command>acl</command> acl-name {
address_match_list
@@ -3748,90 +3329,95 @@
</sect2>
<sect2 id="acl">
- <title><command>acl</command> Statement Definition and
- Usage</title>
+ <title><command>acl</command> Statement Definition and
+ Usage</title>
- <para>
- The <command>acl</command> statement assigns a symbolic
- name to an address match list. It gets its name from a primary
- use of address match lists: Access Control Lists (ACLs).
- </para>
+ <para>
+ The <command>acl</command> statement assigns a symbolic
+ name to an address match list. It gets its name from a primary
+ use of address match lists: Access Control Lists (ACLs).
+ </para>
- <para>
- Note that an address match list's name must be defined
- with <command>acl</command> before it can be used
- elsewhere; no forward references are allowed.
- </para>
+ <para>
+ Note that an address match list's name must be defined
+ with <command>acl</command> before it can be used
+ elsewhere; no forward references are allowed.
+ </para>
- <para>
- The following ACLs are built-in:
- </para>
+ <para>
+ The following ACLs are built-in:
+ </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.130in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="4.000in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><command>any</command></para>
- </entry>
- <entry colname="2">
- <para>
- Matches all hosts.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>none</command></para>
- </entry>
- <entry colname="2">
- <para>
- Matches no hosts.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>localhost</command></para>
- </entry>
- <entry colname="2">
- <para>
- Matches the IPv4 and IPv6 addresses of all network
- interfaces on the system.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>localnets</command></para>
- </entry>
- <entry colname="2">
- <para>
- Matches any host on an IPv4 or IPv6 network
- for which the system has an interface.
- Some systems do not provide a way to determine the prefix
- lengths of
- local IPv6 addresses.
- In such a case, <command>localnets</command>
- only matches the local
- IPv6 addresses, just like <command>localhost</command>.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.130in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="4.000in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>any</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Matches all hosts.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>none</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Matches no hosts.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>localhost</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Matches the IPv4 and IPv6 addresses of all network
+ interfaces on the system. When addresses are
+ added or removed, the <command>localhost</command>
+ ACL element is updated to reflect the changes.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>localnets</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Matches any host on an IPv4 or IPv6 network
+ for which the system has an interface.
+ When addresses are added or removed,
+ the <command>localnets</command>
+ ACL element is updated to reflect the changes.
+ Some systems do not provide a way to determine the prefix
+ lengths of
+ local IPv6 addresses.
+ In such a case, <command>localnets</command>
+ only matches the local
+ IPv6 addresses, just like <command>localhost</command>.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
</sect2>
<sect2>
- <title><command>controls</command> Statement Grammar</title>
+ <title><command>controls</command> Statement Grammar</title>
<programlisting><command>controls</command> {
[ inet ( ip_addr | * ) [ port ip_port ]
- allow { <replaceable> address_match_list </replaceable> }
- keys { <replaceable>key_list</replaceable> }; ]
+ allow { <replaceable> address_match_list </replaceable> }
+ keys { <replaceable>key_list</replaceable> }; ]
[ inet ...; ]
[ unix <replaceable>path</replaceable> perm <replaceable>number</replaceable> owner <replaceable>number</replaceable> group <replaceable>number</replaceable>
keys { <replaceable>key_list</replaceable> }; ]
@@ -3842,19 +3428,19 @@
</sect2>
<sect2 id="controls_statement_definition_and_usage">
- <title><command>controls</command> Statement Definition and
- Usage</title>
+ <title><command>controls</command> Statement Definition and
+ Usage</title>
- <para>
- The <command>controls</command> statement declares control
- channels to be used by system administrators to control the
- operation of the name server. These control channels are
- used by the <command>rndc</command> utility to send
- commands to and retrieve non-DNS results from a name server.
- </para>
+ <para>
+ The <command>controls</command> statement declares control
+ channels to be used by system administrators to control the
+ operation of the name server. These control channels are
+ used by the <command>rndc</command> utility to send
+ commands to and retrieve non-DNS results from a name server.
+ </para>
- <para>
- An <command>inet</command> control channel is a TCP socket
+ <para>
+ An <command>inet</command> control channel is a TCP socket
listening at the specified <command>ip_port</command> on the
specified <command>ip_addr</command>, which can be an IPv4 or IPv6
address. An <command>ip_addr</command> of <literal>*</literal> (asterisk) is
@@ -3861,27 +3447,27 @@
interpreted as the IPv4 wildcard address; connections will be
accepted on any of the system's IPv4 addresses.
To listen on the IPv6 wildcard address,
- use an <command>ip_addr</command> of <literal>::</literal>.
- If you will only use <command>rndc</command> on the local host,
- using the loopback address (<literal>127.0.0.1</literal>
- or <literal>::1</literal>) is recommended for maximum security.
- </para>
+ use an <command>ip_addr</command> of <literal>::</literal>.
+ If you will only use <command>rndc</command> on the local host,
+ using the loopback address (<literal>127.0.0.1</literal>
+ or <literal>::1</literal>) is recommended for maximum security.
+ </para>
- <para>
- If no port is specified, port 953 is used. The asterisk
+ <para>
+ If no port is specified, port 953 is used. The asterisk
"<literal>*</literal>" cannot be used for <command>ip_port</command>.
- </para>
+ </para>
- <para>
- The ability to issue commands over the control channel is
- restricted by the <command>allow</command> and
- <command>keys</command> clauses.
+ <para>
+ The ability to issue commands over the control channel is
+ restricted by the <command>allow</command> and
+ <command>keys</command> clauses.
Connections to the control channel are permitted based on the
- <command>address_match_list</command>. This is for simple
- IP address based filtering only; any <command>key_id</command>
- elements of the <command>address_match_list</command>
- are ignored.
- </para>
+ <command>address_match_list</command>. This is for simple
+ IP address based filtering only; any <command>key_id</command>
+ elements of the <command>address_match_list</command>
+ are ignored.
+ </para>
<para>
A <command>unix</command> control channel is a UNIX domain
@@ -3893,96 +3479,96 @@
as the permissions on the socket itself are ignored.
</para>
- <para>
- The primary authorization mechanism of the command
- channel is the <command>key_list</command>, which
- contains a list of <command>key_id</command>s.
- Each <command>key_id</command> in the <command>key_list</command>
+ <para>
+ The primary authorization mechanism of the command
+ channel is the <command>key_list</command>, which
+ contains a list of <command>key_id</command>s.
+ Each <command>key_id</command> in the <command>key_list</command>
is authorized to execute commands over the control channel.
- See <xref linkend="rndc"/> in <xref linkend="admin_tools"/>)
+ See <xref linkend="rndc"/> in <xref linkend="admin_tools"/>)
for information about configuring keys in <command>rndc</command>.
- </para>
+ </para>
- <para>
- If no <command>controls</command> statement is present,
- <command>named</command> will set up a default
- control channel listening on the loopback address 127.0.0.1
- and its IPv6 counterpart ::1.
- In this case, and also when the <command>controls</command> statement
- is present but does not have a <command>keys</command> clause,
- <command>named</command> will attempt to load the command channel key
- from the file <filename>rndc.key</filename> in
- <filename>/etc</filename> (or whatever <varname>sysconfdir</varname>
- was specified as when <acronym>BIND</acronym> was built).
- To create a <filename>rndc.key</filename> file, run
- <userinput>rndc-confgen -a</userinput>.
- </para>
+ <para>
+ If no <command>controls</command> statement is present,
+ <command>named</command> will set up a default
+ control channel listening on the loopback address 127.0.0.1
+ and its IPv6 counterpart ::1.
+ In this case, and also when the <command>controls</command> statement
+ is present but does not have a <command>keys</command> clause,
+ <command>named</command> will attempt to load the command channel key
+ from the file <filename>rndc.key</filename> in
+ <filename>/etc</filename> (or whatever <varname>sysconfdir</varname>
+ was specified as when <acronym>BIND</acronym> was built).
+ To create a <filename>rndc.key</filename> file, run
+ <userinput>rndc-confgen -a</userinput>.
+ </para>
- <para>
- The <filename>rndc.key</filename> feature was created to
- ease the transition of systems from <acronym>BIND</acronym> 8,
- which did not have digital signatures on its command channel
- messages and thus did not have a <command>keys</command> clause.
+ <para>
+ The <filename>rndc.key</filename> feature was created to
+ ease the transition of systems from <acronym>BIND</acronym> 8,
+ which did not have digital signatures on its command channel
+ messages and thus did not have a <command>keys</command> clause.
- It makes it possible to use an existing <acronym>BIND</acronym> 8
- configuration file in <acronym>BIND</acronym> 9 unchanged,
- and still have <command>rndc</command> work the same way
- <command>ndc</command> worked in BIND 8, simply by executing the
- command <userinput>rndc-confgen -a</userinput> after BIND 9 is
- installed.
- </para>
+ It makes it possible to use an existing <acronym>BIND</acronym> 8
+ configuration file in <acronym>BIND</acronym> 9 unchanged,
+ and still have <command>rndc</command> work the same way
+ <command>ndc</command> worked in BIND 8, simply by executing the
+ command <userinput>rndc-confgen -a</userinput> after BIND 9 is
+ installed.
+ </para>
- <para>
- Since the <filename>rndc.key</filename> feature
- is only intended to allow the backward-compatible usage of
- <acronym>BIND</acronym> 8 configuration files, this
- feature does not
- have a high degree of configurability. You cannot easily change
- the key name or the size of the secret, so you should make a
- <filename>rndc.conf</filename> with your own key if you
- wish to change
- those things. The <filename>rndc.key</filename> file
- also has its
- permissions set such that only the owner of the file (the user that
- <command>named</command> is running as) can access it.
- If you
- desire greater flexibility in allowing other users to access
- <command>rndc</command> commands, then you need to create
- a
- <filename>rndc.conf</filename> file and make it group
- readable by a group
- that contains the users who should have access.
- </para>
+ <para>
+ Since the <filename>rndc.key</filename> feature
+ is only intended to allow the backward-compatible usage of
+ <acronym>BIND</acronym> 8 configuration files, this
+ feature does not
+ have a high degree of configurability. You cannot easily change
+ the key name or the size of the secret, so you should make a
+ <filename>rndc.conf</filename> with your own key if you
+ wish to change
+ those things. The <filename>rndc.key</filename> file
+ also has its
+ permissions set such that only the owner of the file (the user that
+ <command>named</command> is running as) can access it.
+ If you
+ desire greater flexibility in allowing other users to access
+ <command>rndc</command> commands, then you need to create
+ a
+ <filename>rndc.conf</filename> file and make it group
+ readable by a group
+ that contains the users who should have access.
+ </para>
- <para>
- To disable the command channel, use an empty
+ <para>
+ To disable the command channel, use an empty
<command>controls</command> statement:
<command>controls { };</command>.
- </para>
+ </para>
</sect2>
<sect2>
- <title><command>include</command> Statement Grammar</title>
- <programlisting><command>include</command> <replaceable>filename</replaceable>;</programlisting>
+ <title><command>include</command> Statement Grammar</title>
+ <programlisting><command>include</command> <replaceable>filename</replaceable>;</programlisting>
</sect2>
<sect2>
- <title><command>include</command> Statement Definition and
- Usage</title>
+ <title><command>include</command> Statement Definition and
+ Usage</title>
- <para>
- The <command>include</command> statement inserts the
- specified file at the point where the <command>include</command>
- statement is encountered. The <command>include</command>
- statement facilitates the administration of configuration
- files
- by permitting the reading or writing of some things but not
- others. For example, the statement could include private keys
- that are readable only by the name server.
- </para>
+ <para>
+ The <command>include</command> statement inserts the
+ specified file at the point where the <command>include</command>
+ statement is encountered. The <command>include</command>
+ statement facilitates the administration of configuration
+ files
+ by permitting the reading or writing of some things but not
+ others. For example, the statement could include private keys
+ that are readable only by the name server.
+ </para>
</sect2>
<sect2>
- <title><command>key</command> Statement Grammar</title>
+ <title><command>key</command> Statement Grammar</title>
<programlisting><command>key</command> <replaceable>key_id</replaceable> {
algorithm <replaceable>string</replaceable>;
@@ -3993,35 +3579,35 @@
</sect2>
<sect2>
- <title><command>key</command> Statement Definition and Usage</title>
+ <title><command>key</command> Statement Definition and Usage</title>
- <para>
- The <command>key</command> statement defines a shared
- secret key for use with TSIG (see <xref linkend="tsig"/>)
- or the command channel
- (see <xref linkend="controls_statement_definition_and_usage"/>).
- </para>
+ <para>
+ The <command>key</command> statement defines a shared
+ secret key for use with TSIG (see <xref linkend="tsig"/>)
+ or the command channel
+ (see <xref linkend="controls_statement_definition_and_usage"/>).
+ </para>
- <para>
- The <command>key</command> statement can occur at the
- top level
- of the configuration file or inside a <command>view</command>
- statement. Keys defined in top-level <command>key</command>
- statements can be used in all views. Keys intended for use in
- a <command>controls</command> statement
- (see <xref linkend="controls_statement_definition_and_usage"/>)
- must be defined at the top level.
- </para>
+ <para>
+ The <command>key</command> statement can occur at the
+ top level
+ of the configuration file or inside a <command>view</command>
+ statement. Keys defined in top-level <command>key</command>
+ statements can be used in all views. Keys intended for use in
+ a <command>controls</command> statement
+ (see <xref linkend="controls_statement_definition_and_usage"/>)
+ must be defined at the top level.
+ </para>
- <para>
- The <replaceable>key_id</replaceable>, also known as the
- key name, is a domain name uniquely identifying the key. It can
- be used in a <command>server</command>
- statement to cause requests sent to that
- server to be signed with this key, or in address match lists to
- verify that incoming requests have been signed with a key
- matching this name, algorithm, and secret.
- </para>
+ <para>
+ The <replaceable>key_id</replaceable>, also known as the
+ key name, is a domain name uniquely identifying the key. It can
+ be used in a <command>server</command>
+ statement to cause requests sent to that
+ server to be signed with this key, or in address match lists to
+ verify that incoming requests have been signed with a key
+ matching this name, algorithm, and secret.
+ </para>
<para>
The <replaceable>algorithm_id</replaceable> is a string
@@ -4040,18 +3626,18 @@
</sect2>
<sect2>
- <title><command>logging</command> Statement Grammar</title>
+ <title><command>logging</command> Statement Grammar</title>
<programlisting><command>logging</command> {
[ <command>channel</command> <replaceable>channel_name</replaceable> {
( <command>file</command> <replaceable>path_name</replaceable>
- [ <command>versions</command> ( <replaceable>number</replaceable> | <command>unlimited</command> ) ]
- [ <command>size</command> <replaceable>size_spec</replaceable> ]
+ [ <command>versions</command> ( <replaceable>number</replaceable> | <command>unlimited</command> ) ]
+ [ <command>size</command> <replaceable>size_spec</replaceable> ]
| <command>syslog</command> <replaceable>syslog_facility</replaceable>
| <command>stderr</command>
| <command>null</command> );
[ <command>severity</command> (<option>critical</option> | <option>error</option> | <option>warning</option> | <option>notice</option> |
- <option>info</option> | <option>debug</option> [ <replaceable>level</replaceable> ] | <option>dynamic</option> ); ]
+ <option>info</option> | <option>debug</option> [ <replaceable>level</replaceable> ] | <option>dynamic</option> ); ]
[ <command>print-category</command> <option>yes</option> or <option>no</option>; ]
[ <command>print-severity</command> <option>yes</option> or <option>no</option>; ]
[ <command>print-time</command> <option>yes</option> or <option>no</option>; ]
@@ -4066,23 +3652,23 @@
</sect2>
<sect2>
- <title><command>logging</command> Statement Definition and
- Usage</title>
+ <title><command>logging</command> Statement Definition and
+ Usage</title>
- <para>
- The <command>logging</command> statement configures a
- wide
- variety of logging options for the name server. Its <command>channel</command> phrase
- associates output methods, format options and severity levels with
- a name that can then be used with the <command>category</command> phrase
- to select how various classes of messages are logged.
- </para>
- <para>
- Only one <command>logging</command> statement is used to
- define
- as many channels and categories as are wanted. If there is no <command>logging</command> statement,
- the logging configuration will be:
- </para>
+ <para>
+ The <command>logging</command> statement configures a
+ wide
+ variety of logging options for the name server. Its <command>channel</command> phrase
+ associates output methods, format options and severity levels with
+ a name that can then be used with the <command>category</command> phrase
+ to select how various classes of messages are logged.
+ </para>
+ <para>
+ Only one <command>logging</command> statement is used to
+ define
+ as many channels and categories as are wanted. If there is no <command>logging</command> statement,
+ the logging configuration will be:
+ </para>
<programlisting>logging {
category default { default_syslog; default_debug; };
@@ -4090,98 +3676,98 @@
};
</programlisting>
- <para>
- In <acronym>BIND</acronym> 9, the logging configuration
- is only established when
- the entire configuration file has been parsed. In <acronym>BIND</acronym> 8, it was
- established as soon as the <command>logging</command>
- statement
- was parsed. When the server is starting up, all logging messages
- regarding syntax errors in the configuration file go to the default
- channels, or to standard error if the "<option>-g</option>" option
- was specified.
- </para>
+ <para>
+ In <acronym>BIND</acronym> 9, the logging configuration
+ is only established when
+ the entire configuration file has been parsed. In <acronym>BIND</acronym> 8, it was
+ established as soon as the <command>logging</command>
+ statement
+ was parsed. When the server is starting up, all logging messages
+ regarding syntax errors in the configuration file go to the default
+ channels, or to standard error if the "<option>-g</option>" option
+ was specified.
+ </para>
- <sect3>
- <title>The <command>channel</command> Phrase</title>
+ <sect3>
+ <title>The <command>channel</command> Phrase</title>
- <para>
- All log output goes to one or more <emphasis>channels</emphasis>;
- you can make as many of them as you want.
- </para>
+ <para>
+ All log output goes to one or more <emphasis>channels</emphasis>;
+ you can make as many of them as you want.
+ </para>
- <para>
- Every channel definition must include a destination clause that
- says whether messages selected for the channel go to a file, to a
- particular syslog facility, to the standard error stream, or are
- discarded. It can optionally also limit the message severity level
- that will be accepted by the channel (the default is
- <command>info</command>), and whether to include a
- <command>named</command>-generated time stamp, the
- category name
- and/or severity level (the default is not to include any).
- </para>
+ <para>
+ Every channel definition must include a destination clause that
+ says whether messages selected for the channel go to a file, to a
+ particular syslog facility, to the standard error stream, or are
+ discarded. It can optionally also limit the message severity level
+ that will be accepted by the channel (the default is
+ <command>info</command>), and whether to include a
+ <command>named</command>-generated time stamp, the
+ category name
+ and/or severity level (the default is not to include any).
+ </para>
- <para>
- The <command>null</command> destination clause
- causes all messages sent to the channel to be discarded;
- in that case, other options for the channel are meaningless.
- </para>
+ <para>
+ The <command>null</command> destination clause
+ causes all messages sent to the channel to be discarded;
+ in that case, other options for the channel are meaningless.
+ </para>
- <para>
- The <command>file</command> destination clause directs
- the channel
- to a disk file. It can include limitations
- both on how large the file is allowed to become, and how many
- versions
- of the file will be saved each time the file is opened.
- </para>
+ <para>
+ The <command>file</command> destination clause directs
+ the channel
+ to a disk file. It can include limitations
+ both on how large the file is allowed to become, and how many
+ versions
+ of the file will be saved each time the file is opened.
+ </para>
- <para>
- If you use the <command>versions</command> log file
- option, then
- <command>named</command> will retain that many backup
- versions of the file by
- renaming them when opening. For example, if you choose to keep
- three old versions
- of the file <filename>lamers.log</filename>, then just
- before it is opened
- <filename>lamers.log.1</filename> is renamed to
- <filename>lamers.log.2</filename>, <filename>lamers.log.0</filename> is renamed
- to <filename>lamers.log.1</filename>, and <filename>lamers.log</filename> is
- renamed to <filename>lamers.log.0</filename>.
- You can say <command>versions unlimited</command> to
- not limit
- the number of versions.
- If a <command>size</command> option is associated with
- the log file,
- then renaming is only done when the file being opened exceeds the
- indicated size. No backup versions are kept by default; any
- existing
- log file is simply appended.
- </para>
+ <para>
+ If you use the <command>versions</command> log file
+ option, then
+ <command>named</command> will retain that many backup
+ versions of the file by
+ renaming them when opening. For example, if you choose to keep
+ three old versions
+ of the file <filename>lamers.log</filename>, then just
+ before it is opened
+ <filename>lamers.log.1</filename> is renamed to
+ <filename>lamers.log.2</filename>, <filename>lamers.log.0</filename> is renamed
+ to <filename>lamers.log.1</filename>, and <filename>lamers.log</filename> is
+ renamed to <filename>lamers.log.0</filename>.
+ You can say <command>versions unlimited</command> to
+ not limit
+ the number of versions.
+ If a <command>size</command> option is associated with
+ the log file,
+ then renaming is only done when the file being opened exceeds the
+ indicated size. No backup versions are kept by default; any
+ existing
+ log file is simply appended.
+ </para>
- <para>
- The <command>size</command> option for files is used
- to limit log
- growth. If the file ever exceeds the size, then <command>named</command> will
- stop writing to the file unless it has a <command>versions</command> option
- associated with it. If backup versions are kept, the files are
- rolled as
- described above and a new one begun. If there is no
- <command>versions</command> option, no more data will
- be written to the log
- until some out-of-band mechanism removes or truncates the log to
- less than the
- maximum size. The default behavior is not to limit the size of
- the
- file.
- </para>
+ <para>
+ The <command>size</command> option for files is used
+ to limit log
+ growth. If the file ever exceeds the size, then <command>named</command> will
+ stop writing to the file unless it has a <command>versions</command> option
+ associated with it. If backup versions are kept, the files are
+ rolled as
+ described above and a new one begun. If there is no
+ <command>versions</command> option, no more data will
+ be written to the log
+ until some out-of-band mechanism removes or truncates the log to
+ less than the
+ maximum size. The default behavior is not to limit the size of
+ the
+ file.
+ </para>
- <para>
- Example usage of the <command>size</command> and
- <command>versions</command> options:
- </para>
+ <para>
+ Example usage of the <command>size</command> and
+ <command>versions</command> options:
+ </para>
<programlisting>channel an_example_channel {
file "example.log" versions 3 size 20m;
@@ -4190,74 +3776,77 @@
};
</programlisting>
- <para>
- The <command>syslog</command> destination clause
- directs the
- channel to the system log. Its argument is a
- syslog facility as described in the <command>syslog</command> man
- page. Known facilities are <command>kern</command>, <command>user</command>,
- <command>mail</command>, <command>daemon</command>, <command>auth</command>,
- <command>syslog</command>, <command>lpr</command>, <command>news</command>,
- <command>uucp</command>, <command>cron</command>, <command>authpriv</command>,
- <command>ftp</command>, <command>local0</command>, <command>local1</command>,
- <command>local2</command>, <command>local3</command>, <command>local4</command>,
- <command>local5</command>, <command>local6</command> and
- <command>local7</command>, however not all facilities
- are supported on
- all operating systems.
- How <command>syslog</command> will handle messages
- sent to
- this facility is described in the <command>syslog.conf</command> man
- page. If you have a system which uses a very old version of <command>syslog</command> that
- only uses two arguments to the <command>openlog()</command> function,
- then this clause is silently ignored.
- </para>
- <para>
- The <command>severity</command> clause works like <command>syslog</command>'s
- "priorities", except that they can also be used if you are writing
- straight to a file rather than using <command>syslog</command>.
- Messages which are not at least of the severity level given will
- not be selected for the channel; messages of higher severity
- levels
- will be accepted.
- </para>
- <para>
- If you are using <command>syslog</command>, then the <command>syslog.conf</command> priorities
- will also determine what eventually passes through. For example,
- defining a channel facility and severity as <command>daemon</command> and <command>debug</command> but
- only logging <command>daemon.warning</command> via <command>syslog.conf</command> will
- cause messages of severity <command>info</command> and
- <command>notice</command> to
- be dropped. If the situation were reversed, with <command>named</command> writing
- messages of only <command>warning</command> or higher,
- then <command>syslogd</command> would
- print all messages it received from the channel.
- </para>
+ <para>
+ The <command>syslog</command> destination clause
+ directs the
+ channel to the system log. Its argument is a
+ syslog facility as described in the <command>syslog</command> man
+ page. Known facilities are <command>kern</command>, <command>user</command>,
+ <command>mail</command>, <command>daemon</command>, <command>auth</command>,
+ <command>syslog</command>, <command>lpr</command>, <command>news</command>,
+ <command>uucp</command>, <command>cron</command>, <command>authpriv</command>,
+ <command>ftp</command>, <command>local0</command>, <command>local1</command>,
+ <command>local2</command>, <command>local3</command>, <command>local4</command>,
+ <command>local5</command>, <command>local6</command> and
+ <command>local7</command>, however not all facilities
+ are supported on
+ all operating systems.
+ How <command>syslog</command> will handle messages
+ sent to
+ this facility is described in the <command>syslog.conf</command> man
+ page. If you have a system which uses a very old version of <command>syslog</command> that
+ only uses two arguments to the <command>openlog()</command> function,
+ then this clause is silently ignored.
+ </para>
+ <para>
+ On Windows machines syslog messages are directed to the EventViewer.
+ </para>
+ <para>
+ The <command>severity</command> clause works like <command>syslog</command>'s
+ "priorities", except that they can also be used if you are writing
+ straight to a file rather than using <command>syslog</command>.
+ Messages which are not at least of the severity level given will
+ not be selected for the channel; messages of higher severity
+ levels
+ will be accepted.
+ </para>
+ <para>
+ If you are using <command>syslog</command>, then the <command>syslog.conf</command> priorities
+ will also determine what eventually passes through. For example,
+ defining a channel facility and severity as <command>daemon</command> and <command>debug</command> but
+ only logging <command>daemon.warning</command> via <command>syslog.conf</command> will
+ cause messages of severity <command>info</command> and
+ <command>notice</command> to
+ be dropped. If the situation were reversed, with <command>named</command> writing
+ messages of only <command>warning</command> or higher,
+ then <command>syslogd</command> would
+ print all messages it received from the channel.
+ </para>
- <para>
- The <command>stderr</command> destination clause
- directs the
- channel to the server's standard error stream. This is intended
- for
- use when the server is running as a foreground process, for
- example
- when debugging a configuration.
- </para>
+ <para>
+ The <command>stderr</command> destination clause
+ directs the
+ channel to the server's standard error stream. This is intended
+ for
+ use when the server is running as a foreground process, for
+ example
+ when debugging a configuration.
+ </para>
- <para>
- The server can supply extensive debugging information when
- it is in debugging mode. If the server's global debug level is
- greater
- than zero, then debugging mode will be active. The global debug
- level is set either by starting the <command>named</command> server
- with the <option>-d</option> flag followed by a positive integer,
- or by running <command>rndc trace</command>.
- The global debug level
- can be set to zero, and debugging mode turned off, by running <command>rndc
+ <para>
+ The server can supply extensive debugging information when
+ it is in debugging mode. If the server's global debug level is
+ greater
+ than zero, then debugging mode will be active. The global debug
+ level is set either by starting the <command>named</command> server
+ with the <option>-d</option> flag followed by a positive integer,
+ or by running <command>rndc trace</command>.
+ The global debug level
+ can be set to zero, and debugging mode turned off, by running <command>rndc
notrace</command>. All debugging messages in the server have a debug
- level, and higher debug levels give more detailed output. Channels
- that specify a specific debug severity, for example:
- </para>
+ level, and higher debug levels give more detailed output. Channels
+ that specify a specific debug severity, for example:
+ </para>
<programlisting>channel specific_debug_level {
file "foo";
@@ -4265,42 +3854,42 @@
};
</programlisting>
- <para>
- will get debugging output of level 3 or less any time the
- server is in debugging mode, regardless of the global debugging
- level. Channels with <command>dynamic</command>
- severity use the
- server's global debug level to determine what messages to print.
- </para>
- <para>
- If <command>print-time</command> has been turned on,
- then
- the date and time will be logged. <command>print-time</command> may
- be specified for a <command>syslog</command> channel,
- but is usually
- pointless since <command>syslog</command> also logs
- the date and
- time. If <command>print-category</command> is
- requested, then the
- category of the message will be logged as well. Finally, if <command>print-severity</command> is
- on, then the severity level of the message will be logged. The <command>print-</command> options may
- be used in any combination, and will always be printed in the
- following
- order: time, category, severity. Here is an example where all
- three <command>print-</command> options
- are on:
- </para>
+ <para>
+ will get debugging output of level 3 or less any time the
+ server is in debugging mode, regardless of the global debugging
+ level. Channels with <command>dynamic</command>
+ severity use the
+ server's global debug level to determine what messages to print.
+ </para>
+ <para>
+ If <command>print-time</command> has been turned on,
+ then
+ the date and time will be logged. <command>print-time</command> may
+ be specified for a <command>syslog</command> channel,
+ but is usually
+ pointless since <command>syslog</command> also logs
+ the date and
+ time. If <command>print-category</command> is
+ requested, then the
+ category of the message will be logged as well. Finally, if <command>print-severity</command> is
+ on, then the severity level of the message will be logged. The <command>print-</command> options may
+ be used in any combination, and will always be printed in the
+ following
+ order: time, category, severity. Here is an example where all
+ three <command>print-</command> options
+ are on:
+ </para>
- <para>
- <computeroutput>28-Feb-2000 15:05:32.863 general: notice: running</computeroutput>
- </para>
+ <para>
+ <computeroutput>28-Feb-2000 15:05:32.863 general: notice: running</computeroutput>
+ </para>
- <para>
- There are four predefined channels that are used for
- <command>named</command>'s default logging as follows.
- How they are
- used is described in <xref linkend="the_category_phrase"/>.
- </para>
+ <para>
+ There are four predefined channels that are used for
+ <command>named</command>'s default logging as follows.
+ How they are
+ used is described in <xref linkend="the_category_phrase"/>.
+ </para>
<programlisting>channel default_syslog {
// send to syslog's daemon facility
@@ -4330,55 +3919,55 @@
};
</programlisting>
- <para>
- The <command>default_debug</command> channel has the
- special
- property that it only produces output when the server's debug
- level is
- nonzero. It normally writes to a file called <filename>named.run</filename>
- in the server's working directory.
- </para>
+ <para>
+ The <command>default_debug</command> channel has the
+ special
+ property that it only produces output when the server's debug
+ level is
+ nonzero. It normally writes to a file called <filename>named.run</filename>
+ in the server's working directory.
+ </para>
- <para>
- For security reasons, when the "<option>-u</option>"
- command line option is used, the <filename>named.run</filename> file
- is created only after <command>named</command> has
- changed to the
- new UID, and any debug output generated while <command>named</command> is
- starting up and still running as root is discarded. If you need
- to capture this output, you must run the server with the "<option>-g</option>"
- option and redirect standard error to a file.
- </para>
+ <para>
+ For security reasons, when the "<option>-u</option>"
+ command line option is used, the <filename>named.run</filename> file
+ is created only after <command>named</command> has
+ changed to the
+ new UID, and any debug output generated while <command>named</command> is
+ starting up and still running as root is discarded. If you need
+ to capture this output, you must run the server with the "<option>-g</option>"
+ option and redirect standard error to a file.
+ </para>
- <para>
- Once a channel is defined, it cannot be redefined. Thus you
- cannot alter the built-in channels directly, but you can modify
- the default logging by pointing categories at channels you have
- defined.
- </para>
- </sect3>
+ <para>
+ Once a channel is defined, it cannot be redefined. Thus you
+ cannot alter the built-in channels directly, but you can modify
+ the default logging by pointing categories at channels you have
+ defined.
+ </para>
+ </sect3>
- <sect3 id="the_category_phrase">
- <title>The <command>category</command> Phrase</title>
+ <sect3 id="the_category_phrase">
+ <title>The <command>category</command> Phrase</title>
- <para>
- There are many categories, so you can send the logs you want
- to see wherever you want, without seeing logs you don't want. If
- you don't specify a list of channels for a category, then log
- messages
- in that category will be sent to the <command>default</command> category
- instead. If you don't specify a default category, the following
- "default default" is used:
- </para>
+ <para>
+ There are many categories, so you can send the logs you want
+ to see wherever you want, without seeing logs you don't want. If
+ you don't specify a list of channels for a category, then log
+ messages
+ in that category will be sent to the <command>default</command> category
+ instead. If you don't specify a default category, the following
+ "default default" is used:
+ </para>
<programlisting>category default { default_syslog; default_debug; };
</programlisting>
- <para>
- As an example, let's say you want to log security events to
- a file, but you also want keep the default logging behavior. You'd
- specify the following:
- </para>
+ <para>
+ As an example, let's say you want to log security events to
+ a file, but you also want keep the default logging behavior. You'd
+ specify the following:
+ </para>
<programlisting>channel my_security_channel {
file "my_security_file";
@@ -4390,190 +3979,190 @@
default_debug;
};</programlisting>
- <para>
- To discard all messages in a category, specify the <command>null</command> channel:
- </para>
+ <para>
+ To discard all messages in a category, specify the <command>null</command> channel:
+ </para>
<programlisting>category xfer-out { null; };
category notify { null; };
</programlisting>
- <para>
- Following are the available categories and brief descriptions
- of the types of log information they contain. More
- categories may be added in future <acronym>BIND</acronym> releases.
- </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><command>default</command></para>
- </entry>
- <entry colname="2">
- <para>
- The default category defines the logging
- options for those categories where no specific
- configuration has been
- defined.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>general</command></para>
- </entry>
- <entry colname="2">
- <para>
- The catch-all. Many things still aren't
- classified into categories, and they all end up here.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>database</command></para>
- </entry>
- <entry colname="2">
- <para>
- Messages relating to the databases used
- internally by the name server to store zone and cache
- data.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>security</command></para>
- </entry>
- <entry colname="2">
- <para>
- Approval and denial of requests.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>config</command></para>
- </entry>
- <entry colname="2">
- <para>
- Configuration file parsing and processing.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>resolver</command></para>
- </entry>
- <entry colname="2">
- <para>
- DNS resolution, such as the recursive
- lookups performed on behalf of clients by a caching name
- server.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>xfer-in</command></para>
- </entry>
- <entry colname="2">
- <para>
- Zone transfers the server is receiving.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>xfer-out</command></para>
- </entry>
- <entry colname="2">
- <para>
- Zone transfers the server is sending.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>notify</command></para>
- </entry>
- <entry colname="2">
- <para>
- The NOTIFY protocol.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>client</command></para>
- </entry>
- <entry colname="2">
- <para>
- Processing of client requests.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>unmatched</command></para>
- </entry>
- <entry colname="2">
- <para>
- Messages that <command>named</command> was unable to determine the
- class of or for which there was no matching <command>view</command>.
- A one line summary is also logged to the <command>client</command> category.
- This category is best sent to a file or stderr, by
- default it is sent to
- the <command>null</command> channel.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>network</command></para>
- </entry>
- <entry colname="2">
- <para>
- Network operations.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>update</command></para>
- </entry>
- <entry colname="2">
- <para>
- Dynamic updates.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>update-security</command></para>
- </entry>
- <entry colname="2">
- <para>
- Approval and denial of update requests.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>queries</command></para>
- </entry>
- <entry colname="2">
- <para>
- Specify where queries should be logged to.
- </para>
- <para>
- At startup, specifying the category <command>queries</command> will also
- enable query logging unless <command>querylog</command> option has been
- specified.
- </para>
+ <para>
+ Following are the available categories and brief descriptions
+ of the types of log information they contain. More
+ categories may be added in future <acronym>BIND</acronym> releases.
+ </para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>default</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The default category defines the logging
+ options for those categories where no specific
+ configuration has been
+ defined.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>general</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The catch-all. Many things still aren't
+ classified into categories, and they all end up here.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>database</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Messages relating to the databases used
+ internally by the name server to store zone and cache
+ data.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>security</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Approval and denial of requests.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>config</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Configuration file parsing and processing.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>resolver</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ DNS resolution, such as the recursive
+ lookups performed on behalf of clients by a caching name
+ server.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>xfer-in</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Zone transfers the server is receiving.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>xfer-out</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Zone transfers the server is sending.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>notify</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The NOTIFY protocol.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>client</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Processing of client requests.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>unmatched</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Messages that <command>named</command> was unable to determine the
+ class of or for which there was no matching <command>view</command>.
+ A one line summary is also logged to the <command>client</command> category.
+ This category is best sent to a file or stderr, by
+ default it is sent to
+ the <command>null</command> channel.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>network</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Network operations.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>update</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Dynamic updates.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>update-security</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Approval and denial of update requests.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>queries</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Specify where queries should be logged to.
+ </para>
+ <para>
+ At startup, specifying the category <command>queries</command> will also
+ enable query logging unless <command>querylog</command> option has been
+ specified.
+ </para>
<para>
The query log entry reports the client's IP
@@ -4588,76 +4177,76 @@
reported.
</para>
- <para>
- <computeroutput>client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</computeroutput>
- </para>
- <para>
- <computeroutput>client ::1#62537: query: www.example.net IN AAAA -SE</computeroutput>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>query-errors</command></para>
- </entry>
- <entry colname="2">
- <para>
- Information about queries that resulted in some
- failure.
+ <para>
+ <computeroutput>client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</computeroutput>
</para>
+ <para>
+ <computeroutput>client ::1#62537: query: www.example.net IN AAAA -SE</computeroutput>
+ </para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>dispatch</command></para>
- </entry>
- <entry colname="2">
- <para>
- Dispatching of incoming packets to the
- server modules where they are to be processed.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>dnssec</command></para>
- </entry>
- <entry colname="2">
- <para>
- DNSSEC and TSIG protocol processing.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>lame-servers</command></para>
- </entry>
- <entry colname="2">
- <para>
- Lame servers. These are misconfigurations
- in remote servers, discovered by BIND 9 when trying to
- query those servers during resolution.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>delegation-only</command></para>
- </entry>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>query-errors</command></para>
+ </entry>
<entry colname="2">
<para>
+ Information about queries that resulted in some
+ failure.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>dispatch</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Dispatching of incoming packets to the
+ server modules where they are to be processed.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>dnssec</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ DNSSEC and TSIG protocol processing.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>lame-servers</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Lame servers. These are misconfigurations
+ in remote servers, discovered by BIND 9 when trying to
+ query those servers during resolution.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>delegation-only</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
Delegation only. Logs queries that have been
forced to NXDOMAIN as the result of a
delegation-only zone or a
- <command>delegation-only</command> in a hint
- or stub zone declaration.
+ <command>delegation-only</command> in a
+ forward, hint or stub zone declaration.
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>edns-disabled</command></para>
- </entry>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>edns-disabled</command></para>
+ </entry>
<entry colname="2">
<para>
Log queries that have been forced to use plain
@@ -4688,10 +4277,10 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>RPZ</command></para>
- </entry>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>RPZ</command></para>
+ </entry>
<entry colname="2">
<para>
Information about errors in response policy zone files,
@@ -4739,12 +4328,12 @@
</para>
<para>
<!-- NOTE: newlines and some spaces added so this would fit on page -->
- <programlisting>
+ <programlisting>
fetch completed at resolver.c:2970 for www.example.com/A
in 30.000183: timed out/success [domain:example.com,
referral:2,restart:7,qrysent:8,timeout:5,lame:0,neterr:0,
badresp:1,adberr:0,findfail:0,valfail:0]
- </programlisting>
+ </programlisting>
</para>
<para>
The first part before the colon shows that a recursive
@@ -4774,30 +4363,30 @@
following table.
</para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>referral</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>referral</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of referrals the resolver received
throughout the resolution process.
In the above example this is 2, which are most
likely com and example.com.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>restart</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>restart</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of cycles that the resolver tried
remote servers at the <varname>domain</varname>
zone.
@@ -4805,37 +4394,37 @@
(possibly resending it, depending on the response)
to each known name server of
the <varname>domain</varname> zone.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>qrysent</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>qrysent</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of queries the resolver sent at the
<varname>domain</varname> zone.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>timeout</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>timeout</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of timeouts since the resolver
received the last response.
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>lame</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>lame</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of lame servers the resolver detected
at the <varname>domain</varname> zone.
A server is detected to be lame either by an
@@ -4845,12 +4434,12 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>neterr</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>neterr</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of erroneous results that the
resolver encountered in sending queries
at the <varname>domain</varname> zone.
@@ -4860,12 +4449,12 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>badresp</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>badresp</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of unexpected responses (other than
<varname>lame</varname>) to queries sent by the
resolver at the <varname>domain</varname> zone.
@@ -4872,12 +4461,12 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>adberr</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>adberr</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
Failures in finding remote server addresses
of the <varname>domain</varname> zone in the ADB.
One common case of this is that the remote
@@ -4885,12 +4474,12 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>findfail</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>findfail</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
Failures of resolving remote server addresses.
This is a total number of failures throughout
the resolution process.
@@ -4897,12 +4486,12 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><varname>valfail</varname></para>
- </entry>
- <entry colname="2">
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><varname>valfail</varname></para>
+ </entry>
+ <entry colname="2">
+ <para>
Failures of DNSSEC validation.
Validation failures are counted throughout
the resolution process (not limited to
@@ -4934,16 +4523,16 @@
</sect2>
<sect2>
- <title><command>lwres</command> Statement Grammar</title>
+ <title><command>lwres</command> Statement Grammar</title>
- <para>
- This is the grammar of the <command>lwres</command>
- statement in the <filename>named.conf</filename> file:
- </para>
+ <para>
+ This is the grammar of the <command>lwres</command>
+ statement in the <filename>named.conf</filename> file:
+ </para>
<programlisting><command>lwres</command> {
<optional> listen-on { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
- <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
+ <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> view <replaceable>view_name</replaceable>; </optional>
<optional> search { <replaceable>domain_name</replaceable> ; <optional> <replaceable>domain_name</replaceable> ; ... </optional> }; </optional>
<optional> ndots <replaceable>number</replaceable>; </optional>
@@ -4952,62 +4541,62 @@
</sect2>
<sect2>
- <title><command>lwres</command> Statement Definition and Usage</title>
+ <title><command>lwres</command> Statement Definition and Usage</title>
- <para>
- The <command>lwres</command> statement configures the
- name
- server to also act as a lightweight resolver server. (See
- <xref linkend="lwresd"/>.) There may be multiple
- <command>lwres</command> statements configuring
- lightweight resolver servers with different properties.
- </para>
+ <para>
+ The <command>lwres</command> statement configures the
+ name
+ server to also act as a lightweight resolver server. (See
+ <xref linkend="lwresd"/>.) There may be multiple
+ <command>lwres</command> statements configuring
+ lightweight resolver servers with different properties.
+ </para>
- <para>
- The <command>listen-on</command> statement specifies a
- list of
- addresses (and ports) that this instance of a lightweight resolver
- daemon
- should accept requests on. If no port is specified, port 921 is
- used.
- If this statement is omitted, requests will be accepted on
- 127.0.0.1,
- port 921.
- </para>
+ <para>
+ The <command>listen-on</command> statement specifies a
+ list of
+ IPv4 addresses (and ports) that this instance of a lightweight
+ resolver daemon
+ should accept requests on. If no port is specified, port 921 is
+ used.
+ If this statement is omitted, requests will be accepted on
+ 127.0.0.1,
+ port 921.
+ </para>
- <para>
- The <command>view</command> statement binds this
- instance of a
- lightweight resolver daemon to a view in the DNS namespace, so that
- the
- response will be constructed in the same manner as a normal DNS
- query
- matching this view. If this statement is omitted, the default view
- is
- used, and if there is no default view, an error is triggered.
- </para>
+ <para>
+ The <command>view</command> statement binds this
+ instance of a
+ lightweight resolver daemon to a view in the DNS namespace, so that
+ the
+ response will be constructed in the same manner as a normal DNS
+ query
+ matching this view. If this statement is omitted, the default view
+ is
+ used, and if there is no default view, an error is triggered.
+ </para>
- <para>
- The <command>search</command> statement is equivalent to
- the
- <command>search</command> statement in
- <filename>/etc/resolv.conf</filename>. It provides a
- list of domains
- which are appended to relative names in queries.
- </para>
+ <para>
+ The <command>search</command> statement is equivalent to
+ the
+ <command>search</command> statement in
+ <filename>/etc/resolv.conf</filename>. It provides a
+ list of domains
+ which are appended to relative names in queries.
+ </para>
- <para>
- The <command>ndots</command> statement is equivalent to
- the
- <command>ndots</command> statement in
- <filename>/etc/resolv.conf</filename>. It indicates the
- minimum
- number of dots in a relative domain name that should result in an
- exact match lookup before search path elements are appended.
- </para>
+ <para>
+ The <command>ndots</command> statement is equivalent to
+ the
+ <command>ndots</command> statement in
+ <filename>/etc/resolv.conf</filename>. It indicates the
+ minimum
+ number of dots in a relative domain name that should result in an
+ exact match lookup before search path elements are appended.
+ </para>
</sect2>
<sect2>
- <title><command>masters</command> Statement Grammar</title>
+ <title><command>masters</command> Statement Grammar</title>
<programlisting>
<command>masters</command> <replaceable>name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> |
@@ -5017,21 +4606,21 @@
</sect2>
<sect2>
- <title><command>masters</command> Statement Definition and
- Usage</title>
- <para><command>masters</command>
+ <title><command>masters</command> Statement Definition and
+ Usage</title>
+ <para><command>masters</command>
lists allow for a common set of masters to be easily used by
- multiple stub and slave zones.
- </para>
+ multiple stub and slave zones.
+ </para>
</sect2>
<sect2>
- <title><command>options</command> Statement Grammar</title>
+ <title><command>options</command> Statement Grammar</title>
- <para>
- This is the grammar of the <command>options</command>
- statement in the <filename>named.conf</filename> file:
- </para>
+ <para>
+ This is the grammar of the <command>options</command>
+ statement in the <filename>named.conf</filename> file:
+ </para>
<programlisting><command>options</command> {
<optional> attach-cache <replaceable>cache_name</replaceable>; </optional>
@@ -5081,17 +4670,17 @@
<optional> dnssec-validation (<replaceable>yes_or_no</replaceable> | <constant>auto</constant>); </optional>
<optional> dnssec-lookaside ( <replaceable>auto</replaceable> |
<replaceable>no</replaceable> |
- <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); </optional>
+ <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); </optional>
<optional> dnssec-must-be-secure <replaceable>domain yes_or_no</replaceable>; </optional>
<optional> dnssec-accept-expired <replaceable>yes_or_no</replaceable>; </optional>
<optional> forward ( <replaceable>only</replaceable> | <replaceable>first</replaceable> ); </optional>
<optional> forwarders { <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> dual-stack-servers <optional>port <replaceable>ip_port</replaceable></optional> {
- ( <replaceable>domain_name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> |
- <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ) ;
- ... }; </optional>
+ ( <replaceable>domain_name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> |
+ <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ) ;
+ ... }; </optional>
<optional> check-names ( <replaceable>master</replaceable> | <replaceable>slave</replaceable> | <replaceable>response</replaceable> )
- ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
+ ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-dup-records ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-mx ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
@@ -5099,7 +4688,7 @@
<optional> check-mx-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-srv-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
- <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
+ <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> allow-new-zones { <replaceable>yes_or_no</replaceable> }; </optional>
<optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
@@ -5117,6 +4706,7 @@
<optional> try-tcp-refresh <replaceable>yes_or_no</replaceable>; </optional>
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
<optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
+ <optional> no-case-compress { <replaceable>address_match_list</replaceable> }; </optional>
<optional> use-v4-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> avoid-v4-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> use-v6-udp-ports { <replaceable>port_list</replaceable> }; </optional>
@@ -5124,13 +4714,13 @@
<optional> listen-on <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
<optional> listen-on-v6 <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
<optional> query-source ( ( <replaceable>ip4_addr</replaceable> | <replaceable>*</replaceable> )
- <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> |
- <optional> address ( <replaceable>ip4_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
- <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
+ <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> |
+ <optional> address ( <replaceable>ip4_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
+ <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
<optional> query-source-v6 ( ( <replaceable>ip6_addr</replaceable> | <replaceable>*</replaceable> )
- <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> |
- <optional> address ( <replaceable>ip6_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
- <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
+ <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> |
+ <optional> address ( <replaceable>ip6_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
+ <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
<optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
<optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional>
@@ -5152,7 +4742,7 @@
<optional> transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>)
- <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
+ <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> use-alt-transfer-source <replaceable>yes_or_no</replaceable>; </optional>
<optional> notify-delay <replaceable>seconds</replaceable> ; </optional>
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
@@ -5159,7 +4749,7 @@
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-to-soa <replaceable>yes_or_no</replaceable> ; </optional>
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
- <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
+ <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> max-ixfr-log-size <replaceable>number</replaceable>; </optional>
<optional> max-journal-size <replaceable>size_spec</replaceable>; </optional>
<optional> coresize <replaceable>size_spec</replaceable> ; </optional>
@@ -5200,7 +4790,7 @@
<optional> dns64 <replaceable>IPv6-prefix</replaceable> {
<optional> clients { <replaceable>address_match_list</replaceable> }; </optional>
<optional> mapped { <replaceable>address_match_list</replaceable> }; </optional>
- <optional> exclude { <replaceable>address_match_list</replaceable> }; </optional>
+ <optional> exclude { <replaceable>address_match_list</replaceable> }; </optional>
<optional> suffix IPv6-address; </optional>
<optional> recursive-only <replaceable>yes_or_no</replaceable>; </optional>
<optional> break-dnssec <replaceable>yes_or_no</replaceable>; </optional>
@@ -5213,7 +4803,7 @@
<optional> root-delegation-only <optional> exclude { <replaceable>namelist</replaceable> } </optional> ; </optional>
<optional> querylog <replaceable>yes_or_no</replaceable> ; </optional>
<optional> disable-algorithms <replaceable>domain</replaceable> { <replaceable>algorithm</replaceable>;
- <optional> <replaceable>algorithm</replaceable>; </optional> }; </optional>
+ <optional> <replaceable>algorithm</replaceable>; </optional> }; </optional>
<optional> acache-enable <replaceable>yes_or_no</replaceable> ; </optional>
<optional> acache-cleaning-interval <replaceable>number</replaceable>; </optional>
<optional> max-acache-size <replaceable>size_spec</replaceable> ; </optional>
@@ -5240,25 +4830,25 @@
</sect2>
<sect2 id="options">
- <title><command>options</command> Statement Definition and
- Usage</title>
+ <title><command>options</command> Statement Definition and
+ Usage</title>
- <para>
- The <command>options</command> statement sets up global
- options
- to be used by <acronym>BIND</acronym>. This statement
- may appear only
- once in a configuration file. If there is no <command>options</command>
- statement, an options block with each option set to its default will
- be used.
- </para>
+ <para>
+ The <command>options</command> statement sets up global
+ options
+ to be used by <acronym>BIND</acronym>. This statement
+ may appear only
+ once in a configuration file. If there is no <command>options</command>
+ statement, an options block with each option set to its default will
+ be used.
+ </para>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>attach-cache</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>attach-cache</command></term>
+ <listitem>
+ <para>
Allows multiple views to share a single cache
database.
Each view has its own cache database by default, but
@@ -5266,14 +4856,14 @@
for name resolution and caching, those views can
share a single cache to save memory and possibly
improve resolution efficiency by using this option.
- </para>
+ </para>
- <para>
- The <command>attach-cache</command> option
- may also be specified in <command>view</command>
- statements, in which case it overrides the
- global <command>attach-cache</command> option.
- </para>
+ <para>
+ The <command>attach-cache</command> option
+ may also be specified in <command>view</command>
+ statements, in which case it overrides the
+ global <command>attach-cache</command> option.
+ </para>
<para>
The <replaceable>cache_name</replaceable> specifies
@@ -5347,68 +4937,68 @@
configuration differences in different views do
not cause disruption with a shared cache.
</para>
- </listitem>
+ </listitem>
- </varlistentry>
+ </varlistentry>
- <varlistentry>
- <term><command>directory</command></term>
- <listitem>
- <para>
- The working directory of the server.
- Any non-absolute pathnames in the configuration file will be
- taken
- as relative to this directory. The default location for most
- server
- output files (e.g. <filename>named.run</filename>)
- is this directory.
- If a directory is not specified, the working directory
- defaults to `<filename>.</filename>', the directory from
- which the server
- was started. The directory specified should be an absolute
- path.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>directory</command></term>
+ <listitem>
+ <para>
+ The working directory of the server.
+ Any non-absolute pathnames in the configuration file will be
+ taken
+ as relative to this directory. The default location for most
+ server
+ output files (e.g. <filename>named.run</filename>)
+ is this directory.
+ If a directory is not specified, the working directory
+ defaults to `<filename>.</filename>', the directory from
+ which the server
+ was started. The directory specified should be an absolute
+ path.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>key-directory</command></term>
- <listitem>
- <para>
- When performing dynamic update of secure zones, the
- directory where the public and private DNSSEC key files
- should be found, if different than the current working
- directory. (Note that this option has no effect on the
- paths for files containing non-DNSSEC keys such as
- <filename>bind.keys</filename>,
- <filename>rndc.key</filename> or
- <filename>session.key</filename>.)
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>key-directory</command></term>
+ <listitem>
+ <para>
+ When performing dynamic update of secure zones, the
+ directory where the public and private DNSSEC key files
+ should be found, if different than the current working
+ directory. (Note that this option has no effect on the
+ paths for files containing non-DNSSEC keys such as
+ <filename>bind.keys</filename>,
+ <filename>rndc.key</filename> or
+ <filename>session.key</filename>.)
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>managed-keys-directory</command></term>
- <listitem>
- <para>
- Specifies the directory in which to store the files that
- track managed DNSSEC keys. By default, this is the working
- directory.
- </para>
- <para>
- If <command>named</command> is not configured to use views,
- then managed keys for the server will be tracked in a single
- file called <filename>managed-keys.bind</filename>.
- Otherwise, managed keys will be tracked in separate files,
- one file per view; each file name will be the SHA256 hash
- of the view name, followed by the extension
- <filename>.mkeys</filename>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>managed-keys-directory</command></term>
+ <listitem>
+ <para>
+ Specifies the directory in which to store the files that
+ track managed DNSSEC keys. By default, this is the working
+ directory.
+ </para>
+ <para>
+ If <command>named</command> is not configured to use views,
+ then managed keys for the server will be tracked in a single
+ file called <filename>managed-keys.bind</filename>.
+ Otherwise, managed keys will be tracked in separate files,
+ one file per view; each file name will be the SHA256 hash
+ of the view name, followed by the extension
+ <filename>.mkeys</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>named-xfer</command></term>
+ <varlistentry>
+ <term><command>named-xfer</command></term>
<listitem>
<para>
<emphasis>This option is obsolete.</emphasis> It
@@ -5453,8 +5043,8 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>tkey-domain</command></term>
+ <varlistentry>
+ <term><command>tkey-domain</command></term>
<listitem>
<para>
The domain appended to the names of all shared keys
@@ -5476,224 +5066,224 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>tkey-dhkey</command></term>
- <listitem>
- <para>
- The Diffie-Hellman key used by the server
- to generate shared keys with clients using the Diffie-Hellman
- mode
- of <command>TKEY</command>. The server must be
- able to load the
- public and private keys from files in the working directory.
- In
- most cases, the keyname should be the server's host name.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>tkey-dhkey</command></term>
+ <listitem>
+ <para>
+ The Diffie-Hellman key used by the server
+ to generate shared keys with clients using the Diffie-Hellman
+ mode
+ of <command>TKEY</command>. The server must be
+ able to load the
+ public and private keys from files in the working directory.
+ In
+ most cases, the keyname should be the server's host name.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>cache-file</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>cache-file</command></term>
+ <listitem>
+ <para>
This is for testing only. Do not use.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dump-file</command></term>
- <listitem>
- <para>
- The pathname of the file the server dumps
- the database to when instructed to do so with
- <command>rndc dumpdb</command>.
- If not specified, the default is <filename>named_dump.db</filename>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>dump-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server dumps
+ the database to when instructed to do so with
+ <command>rndc dumpdb</command>.
+ If not specified, the default is <filename>named_dump.db</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>memstatistics-file</command></term>
- <listitem>
- <para>
- The pathname of the file the server writes memory
- usage statistics to on exit. If not specified,
- the default is <filename>named.memstats</filename>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>memstatistics-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server writes memory
+ usage statistics to on exit. If not specified,
+ the default is <filename>named.memstats</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>pid-file</command></term>
- <listitem>
- <para>
- The pathname of the file the server writes its process ID
- in. If not specified, the default is
+ <varlistentry>
+ <term><command>pid-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server writes its process ID
+ in. If not specified, the default is
<filename>/var/run/named/named.pid</filename>.
- The PID file is used by programs that want to send signals to
- the running
- name server. Specifying <command>pid-file none</command> disables the
- use of a PID file — no file will be written and any
- existing one will be removed. Note that <command>none</command>
- is a keyword, not a filename, and therefore is not enclosed
- in
- double quotes.
- </para>
- </listitem>
- </varlistentry>
+ The PID file is used by programs that want to send signals to
+ the running
+ name server. Specifying <command>pid-file none</command> disables the
+ use of a PID file — no file will be written and any
+ existing one will be removed. Note that <command>none</command>
+ is a keyword, not a filename, and therefore is not enclosed
+ in
+ double quotes.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>recursing-file</command></term>
- <listitem>
- <para>
- The pathname of the file the server dumps
- the queries that are currently recursing when instructed
- to do so with <command>rndc recursing</command>.
- If not specified, the default is <filename>named.recursing</filename>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>recursing-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server dumps
+ the queries that are currently recursing when instructed
+ to do so with <command>rndc recursing</command>.
+ If not specified, the default is <filename>named.recursing</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>statistics-file</command></term>
- <listitem>
- <para>
- The pathname of the file the server appends statistics
- to when instructed to do so using <command>rndc stats</command>.
- If not specified, the default is <filename>named.stats</filename> in the
- server's current directory. The format of the file is
- described
- in <xref linkend="statsfile"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>statistics-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server appends statistics
+ to when instructed to do so using <command>rndc stats</command>.
+ If not specified, the default is <filename>named.stats</filename> in the
+ server's current directory. The format of the file is
+ described
+ in <xref linkend="statsfile"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>bindkeys-file</command></term>
- <listitem>
- <para>
- The pathname of a file to override the built-in trusted
+ <varlistentry>
+ <term><command>bindkeys-file</command></term>
+ <listitem>
+ <para>
+ The pathname of a file to override the built-in trusted
keys provided by <command>named</command>.
See the discussion of <command>dnssec-lookaside</command>
- and <command>dnssec-validation</command> for details.
- If not specified, the default is
+ and <command>dnssec-validation</command> for details.
+ If not specified, the default is
<filename>/etc/bind.keys</filename>.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>secroots-file</command></term>
- <listitem>
- <para>
- The pathname of the file the server dumps
- security roots to when instructed to do so with
- <command>rndc secroots</command>.
- If not specified, the default is
+ <varlistentry>
+ <term><command>secroots-file</command></term>
+ <listitem>
+ <para>
+ The pathname of the file the server dumps
+ security roots to when instructed to do so with
+ <command>rndc secroots</command>.
+ If not specified, the default is
<filename>named.secroots</filename>.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>session-keyfile</command></term>
- <listitem>
- <para>
- The pathname of the file into which to write a TSIG
- session key generated by <command>named</command> for use by
- <command>nsupdate -l</command>. If not specified, the
- default is <filename>/var/run/named/session.key</filename>.
- (See <xref linkend="dynamic_update_policies"/>, and in
- particular the discussion of the
- <command>update-policy</command> statement's
- <userinput>local</userinput> option for more
- information about this feature.)
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>session-keyfile</command></term>
+ <listitem>
+ <para>
+ The pathname of the file into which to write a TSIG
+ session key generated by <command>named</command> for use by
+ <command>nsupdate -l</command>. If not specified, the
+ default is <filename>/var/run/named/session.key</filename>.
+ (See <xref linkend="dynamic_update_policies"/>, and in
+ particular the discussion of the
+ <command>update-policy</command> statement's
+ <userinput>local</userinput> option for more
+ information about this feature.)
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>session-keyname</command></term>
- <listitem>
- <para>
- The key name to use for the TSIG session key.
- If not specified, the default is "local-ddns".
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>session-keyname</command></term>
+ <listitem>
+ <para>
+ The key name to use for the TSIG session key.
+ If not specified, the default is "local-ddns".
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>session-keyalg</command></term>
- <listitem>
- <para>
- The algorithm to use for the TSIG session key.
- Valid values are hmac-sha1, hmac-sha224, hmac-sha256,
- hmac-sha384, hmac-sha512 and hmac-md5. If not
- specified, the default is hmac-sha256.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>session-keyalg</command></term>
+ <listitem>
+ <para>
+ The algorithm to use for the TSIG session key.
+ Valid values are hmac-sha1, hmac-sha224, hmac-sha256,
+ hmac-sha384, hmac-sha512 and hmac-md5. If not
+ specified, the default is hmac-sha256.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>port</command></term>
- <listitem>
- <para>
- The UDP/TCP port number the server uses for
- receiving and sending DNS protocol traffic.
- The default is 53. This option is mainly intended for server
- testing;
- a server using a port other than 53 will not be able to
- communicate with
- the global DNS.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>port</command></term>
+ <listitem>
+ <para>
+ The UDP/TCP port number the server uses for
+ receiving and sending DNS protocol traffic.
+ The default is 53. This option is mainly intended for server
+ testing;
+ a server using a port other than 53 will not be able to
+ communicate with
+ the global DNS.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>random-device</command></term>
- <listitem>
- <para>
- The source of entropy to be used by the server. Entropy is
- primarily needed
- for DNSSEC operations, such as TKEY transactions and dynamic
- update of signed
- zones. This options specifies the device (or file) from which
- to read
- entropy. If this is a file, operations requiring entropy will
- fail when the
- file has been exhausted. If not specified, the default value
- is
- <filename>/dev/random</filename>
- (or equivalent) when present, and none otherwise. The
- <command>random-device</command> option takes
- effect during
- the initial configuration load at server startup time and
- is ignored on subsequent reloads.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>random-device</command></term>
+ <listitem>
+ <para>
+ The source of entropy to be used by the server. Entropy is
+ primarily needed
+ for DNSSEC operations, such as TKEY transactions and dynamic
+ update of signed
+ zones. This options specifies the device (or file) from which
+ to read
+ entropy. If this is a file, operations requiring entropy will
+ fail when the
+ file has been exhausted. If not specified, the default value
+ is
+ <filename>/dev/random</filename>
+ (or equivalent) when present, and none otherwise. The
+ <command>random-device</command> option takes
+ effect during
+ the initial configuration load at server startup time and
+ is ignored on subsequent reloads.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>preferred-glue</command></term>
- <listitem>
- <para>
- If specified, the listed type (A or AAAA) will be emitted
- before other glue
- in the additional section of a query response.
- The default is not to prefer any type (NONE).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>preferred-glue</command></term>
+ <listitem>
+ <para>
+ If specified, the listed type (A or AAAA) will be emitted
+ before other glue
+ in the additional section of a query response.
+ The default is not to prefer any type (NONE).
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry id="root_delegation_only">
- <term><command>root-delegation-only</command></term>
- <listitem>
- <para>
- Turn on enforcement of delegation-only in TLDs
+ <varlistentry id="root_delegation_only">
+ <term><command>root-delegation-only</command></term>
+ <listitem>
+ <para>
+ Turn on enforcement of delegation-only in TLDs
(top level domains) and root zones with an optional
exclude list.
- </para>
+ </para>
<para>
DS queries are expected to be made to and be answered by
delegation only zones. Such queries and responses are
@@ -5722,10 +5312,10 @@
(no records at the name) in the delegation only zone
when the query type is not ANY.
</para>
- <para>
- Note some TLDs are not delegation only (e.g. "DE", "LV",
+ <para>
+ Note some TLDs are not delegation only (e.g. "DE", "LV",
"US" and "MUSEUM"). This list is not exhaustive.
- </para>
+ </para>
<programlisting>
options {
@@ -5733,26 +5323,26 @@
};
</programlisting>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>disable-algorithms</command></term>
- <listitem>
- <para>
- Disable the specified DNSSEC algorithms at and below the
- specified name.
- Multiple <command>disable-algorithms</command>
- statements are allowed.
- Only the most specific will be applied.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>disable-algorithms</command></term>
+ <listitem>
+ <para>
+ Disable the specified DNSSEC algorithms at and below the
+ specified name.
+ Multiple <command>disable-algorithms</command>
+ statements are allowed.
+ Only the most specific will be applied.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dnssec-lookaside</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>dnssec-lookaside</command></term>
+ <listitem>
+ <para>
When set, <command>dnssec-lookaside</command> provides the
validator with an alternate method to validate DNSKEY
records at the top of a zone. When a DNSKEY is at or
@@ -5762,7 +5352,7 @@
will be appended to the key name and a DLV record will be
looked up to see if it can validate the key. If the DLV
record validates a DNSKEY (similarly to the way a DS
- record does) the DNSKEY RRset is deemed to be trusted.
+ record does) the DNSKEY RRset is deemed to be trusted.
</para>
<para>
If <command>dnssec-lookaside</command> is set to
@@ -5775,54 +5365,54 @@
<userinput>no</userinput>, then dnssec-lookaside
is not used.
</para>
- <para>
- The default DLV key is stored in the file
- <filename>bind.keys</filename>;
- <command>named</command> will load that key at
- startup if <command>dnssec-lookaside</command> is set to
- <constant>auto</constant>. A copy of the file is
- installed along with <acronym>BIND</acronym> 9, and is
- current as of the release date. If the DLV key expires, a
- new copy of <filename>bind.keys</filename> can be downloaded
- from <ulink url="https://www.isc.org/solutions/dlv/"
+ <para>
+ The default DLV key is stored in the file
+ <filename>bind.keys</filename>;
+ <command>named</command> will load that key at
+ startup if <command>dnssec-lookaside</command> is set to
+ <constant>auto</constant>. A copy of the file is
+ installed along with <acronym>BIND</acronym> 9, and is
+ current as of the release date. If the DLV key expires, a
+ new copy of <filename>bind.keys</filename> can be downloaded
+ from <ulink url="https://www.isc.org/solutions/dlv/"
>https://www.isc.org/solutions/dlv/</ulink>.
- </para>
- <para>
- (To prevent problems if <filename>bind.keys</filename> is
- not found, the current key is also compiled in to
- <command>named</command>. Relying on this is not
- recommended, however, as it requires <command>named</command>
- to be recompiled with a new key when the DLV key expires.)
- </para>
- <para>
- NOTE: <command>named</command> only loads certain specific
- keys from <filename>bind.keys</filename>: those for the
- DLV zone and for the DNS root zone. The file cannot be
- used to store keys for other zones.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ <para>
+ (To prevent problems if <filename>bind.keys</filename> is
+ not found, the current key is also compiled in to
+ <command>named</command>. Relying on this is not
+ recommended, however, as it requires <command>named</command>
+ to be recompiled with a new key when the DLV key expires.)
+ </para>
+ <para>
+ NOTE: <command>named</command> only loads certain specific
+ keys from <filename>bind.keys</filename>: those for the
+ DLV zone and for the DNS root zone. The file cannot be
+ used to store keys for other zones.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dnssec-must-be-secure</command></term>
- <listitem>
- <para>
- Specify hierarchies which must be or may not be secure
- (signed and validated). If <userinput>yes</userinput>,
- then <command>named</command> will only accept answers if
- they are secure. If <userinput>no</userinput>, then normal
- DNSSEC validation applies allowing for insecure answers to
- be accepted. The specified domain must be under a
- <command>trusted-keys</command> or
- <command>managed-keys</command> statement, or
- <command>dnssec-lookaside</command> must be active.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>dnssec-must-be-secure</command></term>
+ <listitem>
+ <para>
+ Specify hierarchies which must be or may not be secure
+ (signed and validated). If <userinput>yes</userinput>,
+ then <command>named</command> will only accept answers if
+ they are secure. If <userinput>no</userinput>, then normal
+ DNSSEC validation applies allowing for insecure answers to
+ be accepted. The specified domain must be under a
+ <command>trusted-keys</command> or
+ <command>managed-keys</command> statement, or
+ <command>dnssec-lookaside</command> must be active.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><command>dns64</command></term>
- <listitem>
+ <listitem>
<para>
This directive instructs <command>named</command> to
return mapped IPv4 addresses to AAAA queries when
@@ -5848,8 +5438,8 @@
<para>
Each <command>dns64</command> supports an optional
<command>clients</command> ACL that determines which
- clients are affected by this directive. If not defined,
- it defaults to <userinput>any;</userinput>.
+ clients are affected by this directive. If not defined,
+ it defaults to <userinput>any;</userinput>.
</para>
<para>
Each <command>dns64</command> supports an optional
@@ -5895,448 +5485,448 @@
<programlisting>
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
- dns64 64:FF9B::/96 {
- clients { any; };
- mapped { !rfc1918; any; };
- exclude { 64:FF9B::/96; ::ffff:0000:0000/96; };
- suffix ::;
- };
+ dns64 64:FF9B::/96 {
+ clients { any; };
+ mapped { !rfc1918; any; };
+ exclude { 64:FF9B::/96; ::ffff:0000:0000/96; };
+ suffix ::;
+ };
</programlisting>
- </listitem>
+ </listitem>
</varlistentry>
- </variablelist>
+ </variablelist>
- <sect3 id="boolean_options">
- <title>Boolean Options</title>
+ <sect3 id="boolean_options">
+ <title>Boolean Options</title>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>allow-new-zones</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, then zones can be
- added at runtime via <command>rndc addzone</command>
- or deleted via <command>rndc delzone</command>.
- The default is <userinput>no</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-new-zones</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, then zones can be
+ added at runtime via <command>rndc addzone</command>
+ or deleted via <command>rndc delzone</command>.
+ The default is <userinput>no</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>auth-nxdomain</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, then the <command>AA</command> bit
- is always set on NXDOMAIN responses, even if the server is
- not actually
- authoritative. The default is <userinput>no</userinput>;
- this is
- a change from <acronym>BIND</acronym> 8. If you
- are using very old DNS software, you
- may need to set it to <userinput>yes</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>auth-nxdomain</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, then the <command>AA</command> bit
+ is always set on NXDOMAIN responses, even if the server is
+ not actually
+ authoritative. The default is <userinput>no</userinput>;
+ this is
+ a change from <acronym>BIND</acronym> 8. If you
+ are using very old DNS software, you
+ may need to set it to <userinput>yes</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>deallocate-on-exit</command></term>
- <listitem>
- <para>
- This option was used in <acronym>BIND</acronym>
- 8 to enable checking
- for memory leaks on exit. <acronym>BIND</acronym> 9 ignores the option and always performs
- the checks.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>deallocate-on-exit</command></term>
+ <listitem>
+ <para>
+ This option was used in <acronym>BIND</acronym>
+ 8 to enable checking
+ for memory leaks on exit. <acronym>BIND</acronym> 9 ignores the option and always performs
+ the checks.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>memstatistics</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>memstatistics</command></term>
+ <listitem>
+ <para>
Write memory statistics to the file specified by
<command>memstatistics-file</command> at exit.
The default is <userinput>no</userinput> unless
'-m record' is specified on the command line in
which case it is <userinput>yes</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dialup</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, then the
- server treats all zones as if they are doing zone transfers
- across
- a dial-on-demand dialup link, which can be brought up by
- traffic
- originating from this server. This has different effects
- according
- to zone type and concentrates the zone maintenance so that
- it all
- happens in a short interval, once every <command>heartbeat-interval</command> and
- hopefully during the one call. It also suppresses some of
- the normal
- zone maintenance traffic. The default is <userinput>no</userinput>.
- </para>
- <para>
- The <command>dialup</command> option
- may also be specified in the <command>view</command> and
- <command>zone</command> statements,
- in which case it overrides the global <command>dialup</command>
- option.
- </para>
- <para>
- If the zone is a master zone, then the server will send out a
- NOTIFY
- request to all the slaves (default). This should trigger the
- zone serial
- number check in the slave (providing it supports NOTIFY)
- allowing the slave
- to verify the zone while the connection is active.
- The set of servers to which NOTIFY is sent can be controlled
- by
- <command>notify</command> and <command>also-notify</command>.
- </para>
- <para>
- If the
- zone is a slave or stub zone, then the server will suppress
- the regular
- "zone up to date" (refresh) queries and only perform them
- when the
- <command>heartbeat-interval</command> expires in
- addition to sending
- NOTIFY requests.
- </para>
- <para>
- Finer control can be achieved by using
- <userinput>notify</userinput> which only sends NOTIFY
- messages,
- <userinput>notify-passive</userinput> which sends NOTIFY
- messages and
- suppresses the normal refresh queries, <userinput>refresh</userinput>
- which suppresses normal refresh processing and sends refresh
- queries
- when the <command>heartbeat-interval</command>
- expires, and
- <userinput>passive</userinput> which just disables normal
- refresh
- processing.
- </para>
+ <varlistentry>
+ <term><command>dialup</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, then the
+ server treats all zones as if they are doing zone transfers
+ across
+ a dial-on-demand dialup link, which can be brought up by
+ traffic
+ originating from this server. This has different effects
+ according
+ to zone type and concentrates the zone maintenance so that
+ it all
+ happens in a short interval, once every <command>heartbeat-interval</command> and
+ hopefully during the one call. It also suppresses some of
+ the normal
+ zone maintenance traffic. The default is <userinput>no</userinput>.
+ </para>
+ <para>
+ The <command>dialup</command> option
+ may also be specified in the <command>view</command> and
+ <command>zone</command> statements,
+ in which case it overrides the global <command>dialup</command>
+ option.
+ </para>
+ <para>
+ If the zone is a master zone, then the server will send out a
+ NOTIFY
+ request to all the slaves (default). This should trigger the
+ zone serial
+ number check in the slave (providing it supports NOTIFY)
+ allowing the slave
+ to verify the zone while the connection is active.
+ The set of servers to which NOTIFY is sent can be controlled
+ by
+ <command>notify</command> and <command>also-notify</command>.
+ </para>
+ <para>
+ If the
+ zone is a slave or stub zone, then the server will suppress
+ the regular
+ "zone up to date" (refresh) queries and only perform them
+ when the
+ <command>heartbeat-interval</command> expires in
+ addition to sending
+ NOTIFY requests.
+ </para>
+ <para>
+ Finer control can be achieved by using
+ <userinput>notify</userinput> which only sends NOTIFY
+ messages,
+ <userinput>notify-passive</userinput> which sends NOTIFY
+ messages and
+ suppresses the normal refresh queries, <userinput>refresh</userinput>
+ which suppresses normal refresh processing and sends refresh
+ queries
+ when the <command>heartbeat-interval</command>
+ expires, and
+ <userinput>passive</userinput> which just disables normal
+ refresh
+ processing.
+ </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="4" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="1.150in"/>
- <colspec colname="3" colnum="3" colsep="0" colwidth="1.150in"/>
- <colspec colname="4" colnum="4" colsep="0" colwidth="1.150in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- dialup mode
- </para>
- </entry>
- <entry colname="2">
- <para>
- normal refresh
- </para>
- </entry>
- <entry colname="3">
- <para>
- heart-beat refresh
- </para>
- </entry>
- <entry colname="4">
- <para>
- heart-beat notify
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>no</command> (default)</para>
- </entry>
- <entry colname="2">
- <para>
- yes
- </para>
- </entry>
- <entry colname="3">
- <para>
- no
- </para>
- </entry>
- <entry colname="4">
- <para>
- no
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>yes</command></para>
- </entry>
- <entry colname="2">
- <para>
- no
- </para>
- </entry>
- <entry colname="3">
- <para>
- yes
- </para>
- </entry>
- <entry colname="4">
- <para>
- yes
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>notify</command></para>
- </entry>
- <entry colname="2">
- <para>
- yes
- </para>
- </entry>
- <entry colname="3">
- <para>
- no
- </para>
- </entry>
- <entry colname="4">
- <para>
- yes
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>refresh</command></para>
- </entry>
- <entry colname="2">
- <para>
- no
- </para>
- </entry>
- <entry colname="3">
- <para>
- yes
- </para>
- </entry>
- <entry colname="4">
- <para>
- no
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>passive</command></para>
- </entry>
- <entry colname="2">
- <para>
- no
- </para>
- </entry>
- <entry colname="3">
- <para>
- no
- </para>
- </entry>
- <entry colname="4">
- <para>
- no
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>notify-passive</command></para>
- </entry>
- <entry colname="2">
- <para>
- no
- </para>
- </entry>
- <entry colname="3">
- <para>
- no
- </para>
- </entry>
- <entry colname="4">
- <para>
- yes
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="4" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="1.150in"/>
+ <colspec colname="3" colnum="3" colsep="0" colwidth="1.150in"/>
+ <colspec colname="4" colnum="4" colsep="0" colwidth="1.150in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ dialup mode
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ normal refresh
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ heart-beat refresh
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ heart-beat notify
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>no</command> (default)</para>
+ </entry>
+ <entry colname="2">
+ <para>
+ yes
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ no
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>yes</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ yes
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ yes
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>notify</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ yes
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ yes
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>refresh</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ yes
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ no
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>passive</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ no
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>notify-passive</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ no
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ yes
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
- <para>
- Note that normal NOTIFY processing is not affected by
- <command>dialup</command>.
- </para>
+ <para>
+ Note that normal NOTIFY processing is not affected by
+ <command>dialup</command>.
+ </para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>fake-iquery</command></term>
- <listitem>
- <para>
- In <acronym>BIND</acronym> 8, this option
- enabled simulating the obsolete DNS query type
- IQUERY. <acronym>BIND</acronym> 9 never does
- IQUERY simulation.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>fake-iquery</command></term>
+ <listitem>
+ <para>
+ In <acronym>BIND</acronym> 8, this option
+ enabled simulating the obsolete DNS query type
+ IQUERY. <acronym>BIND</acronym> 9 never does
+ IQUERY simulation.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>fetch-glue</command></term>
- <listitem>
- <para>
- This option is obsolete.
- In BIND 8, <userinput>fetch-glue yes</userinput>
- caused the server to attempt to fetch glue resource records
- it
- didn't have when constructing the additional
- data section of a response. This is now considered a bad
- idea
- and BIND 9 never does it.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>fetch-glue</command></term>
+ <listitem>
+ <para>
+ This option is obsolete.
+ In BIND 8, <userinput>fetch-glue yes</userinput>
+ caused the server to attempt to fetch glue resource records
+ it
+ didn't have when constructing the additional
+ data section of a response. This is now considered a bad
+ idea
+ and BIND 9 never does it.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>flush-zones-on-shutdown</command></term>
- <listitem>
- <para>
- When the nameserver exits due receiving SIGTERM,
- flush or do not flush any pending zone writes. The default
- is
- <command>flush-zones-on-shutdown</command> <userinput>no</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>flush-zones-on-shutdown</command></term>
+ <listitem>
+ <para>
+ When the nameserver exits due receiving SIGTERM,
+ flush or do not flush any pending zone writes. The default
+ is
+ <command>flush-zones-on-shutdown</command> <userinput>no</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>has-old-clients</command></term>
- <listitem>
- <para>
- This option was incorrectly implemented
- in <acronym>BIND</acronym> 8, and is ignored by <acronym>BIND</acronym> 9.
- To achieve the intended effect
- of
- <command>has-old-clients</command> <userinput>yes</userinput>, specify
- the two separate options <command>auth-nxdomain</command> <userinput>yes</userinput>
- and <command>rfc2308-type1</command> <userinput>no</userinput> instead.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>has-old-clients</command></term>
+ <listitem>
+ <para>
+ This option was incorrectly implemented
+ in <acronym>BIND</acronym> 8, and is ignored by <acronym>BIND</acronym> 9.
+ To achieve the intended effect
+ of
+ <command>has-old-clients</command> <userinput>yes</userinput>, specify
+ the two separate options <command>auth-nxdomain</command> <userinput>yes</userinput>
+ and <command>rfc2308-type1</command> <userinput>no</userinput> instead.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>host-statistics</command></term>
- <listitem>
- <para>
- In BIND 8, this enables keeping of
- statistics for every host that the name server interacts
- with.
- Not implemented in BIND 9.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>host-statistics</command></term>
+ <listitem>
+ <para>
+ In BIND 8, this enables keeping of
+ statistics for every host that the name server interacts
+ with.
+ Not implemented in BIND 9.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>maintain-ixfr-base</command></term>
- <listitem>
- <para>
- <emphasis>This option is obsolete</emphasis>.
- It was used in <acronym>BIND</acronym> 8 to
- determine whether a transaction log was
- kept for Incremental Zone Transfer. <acronym>BIND</acronym> 9 maintains a transaction
- log whenever possible. If you need to disable outgoing
- incremental zone
- transfers, use <command>provide-ixfr</command> <userinput>no</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>maintain-ixfr-base</command></term>
+ <listitem>
+ <para>
+ <emphasis>This option is obsolete</emphasis>.
+ It was used in <acronym>BIND</acronym> 8 to
+ determine whether a transaction log was
+ kept for Incremental Zone Transfer. <acronym>BIND</acronym> 9 maintains a transaction
+ log whenever possible. If you need to disable outgoing
+ incremental zone
+ transfers, use <command>provide-ixfr</command> <userinput>no</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>minimal-responses</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, then when generating
- responses the server will only add records to the authority
- and additional data sections when they are required (e.g.
- delegations, negative responses). This may improve the
+ <varlistentry>
+ <term><command>minimal-responses</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, then when generating
+ responses the server will only add records to the authority
+ and additional data sections when they are required (e.g.
+ delegations, negative responses). This may improve the
performance of the server.
- The default is <userinput>no</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ The default is <userinput>no</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>multiple-cnames</command></term>
- <listitem>
- <para>
- This option was used in <acronym>BIND</acronym> 8 to allow
- a domain name to have multiple CNAME records in violation of
- the DNS standards. <acronym>BIND</acronym> 9.2 onwards
- always strictly enforces the CNAME rules both in master
+ <varlistentry>
+ <term><command>multiple-cnames</command></term>
+ <listitem>
+ <para>
+ This option was used in <acronym>BIND</acronym> 8 to allow
+ a domain name to have multiple CNAME records in violation of
+ the DNS standards. <acronym>BIND</acronym> 9.2 onwards
+ always strictly enforces the CNAME rules both in master
files and dynamic updates.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput> (the default),
- DNS NOTIFY messages are sent when a zone the server is
- authoritative for
- changes, see <xref linkend="notify"/>. The messages are
- sent to the
- servers listed in the zone's NS records (except the master
- server identified
- in the SOA MNAME field), and to any servers listed in the
- <command>also-notify</command> option.
- </para>
- <para>
- If <userinput>master-only</userinput>, notifies are only
- sent
- for master zones.
- If <userinput>explicit</userinput>, notifies are sent only
- to
- servers explicitly listed using <command>also-notify</command>.
- If <userinput>no</userinput>, no notifies are sent.
- </para>
- <para>
- The <command>notify</command> option may also be
- specified in the <command>zone</command>
- statement,
- in which case it overrides the <command>options notify</command> statement.
- It would only be necessary to turn off this option if it
- caused slaves
- to crash.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>notify</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput> (the default),
+ DNS NOTIFY messages are sent when a zone the server is
+ authoritative for
+ changes, see <xref linkend="notify"/>. The messages are
+ sent to the
+ servers listed in the zone's NS records (except the master
+ server identified
+ in the SOA MNAME field), and to any servers listed in the
+ <command>also-notify</command> option.
+ </para>
+ <para>
+ If <userinput>master-only</userinput>, notifies are only
+ sent
+ for master zones.
+ If <userinput>explicit</userinput>, notifies are sent only
+ to
+ servers explicitly listed using <command>also-notify</command>.
+ If <userinput>no</userinput>, no notifies are sent.
+ </para>
+ <para>
+ The <command>notify</command> option may also be
+ specified in the <command>zone</command>
+ statement,
+ in which case it overrides the <command>options notify</command> statement.
+ It would only be necessary to turn off this option if it
+ caused slaves
+ to crash.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify-to-soa</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>notify-to-soa</command></term>
+ <listitem>
+ <para>
If <userinput>yes</userinput> do not check the nameservers
in the NS RRset against the SOA MNAME. Normally a NOTIFY
message is not sent to the SOA MNAME (SOA ORIGIN) as it is
@@ -6345,444 +5935,444 @@
hidden master configurations and in that case you would
want the ultimate master to still send NOTIFY messages to
all the nameservers listed in the NS RRset.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>recursion</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, and a
- DNS query requests recursion, then the server will attempt
- to do
- all the work required to answer the query. If recursion is
- off
- and the server does not already know the answer, it will
- return a
- referral response. The default is
- <userinput>yes</userinput>.
- Note that setting <command>recursion no</command> does not prevent
- clients from getting data from the server's cache; it only
- prevents new data from being cached as an effect of client
- queries.
- Caching may still occur as an effect the server's internal
- operation, such as NOTIFY address lookups.
- See also <command>fetch-glue</command> above.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>recursion</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, and a
+ DNS query requests recursion, then the server will attempt
+ to do
+ all the work required to answer the query. If recursion is
+ off
+ and the server does not already know the answer, it will
+ return a
+ referral response. The default is
+ <userinput>yes</userinput>.
+ Note that setting <command>recursion no</command> does not prevent
+ clients from getting data from the server's cache; it only
+ prevents new data from being cached as an effect of client
+ queries.
+ Caching may still occur as an effect the server's internal
+ operation, such as NOTIFY address lookups.
+ See also <command>fetch-glue</command> above.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>request-nsid</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, then an empty EDNS(0)
- NSID (Name Server Identifier) option is sent with all
- queries to authoritative name servers during iterative
- resolution. If the authoritative server returns an NSID
- option in its response, then its contents are logged in
- the <command>resolver</command> category at level
- <command>info</command>.
- The default is <userinput>no</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>request-nsid</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, then an empty EDNS(0)
+ NSID (Name Server Identifier) option is sent with all
+ queries to authoritative name servers during iterative
+ resolution. If the authoritative server returns an NSID
+ option in its response, then its contents are logged in
+ the <command>resolver</command> category at level
+ <command>info</command>.
+ The default is <userinput>no</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>rfc2308-type1</command></term>
- <listitem>
- <para>
- Setting this to <userinput>yes</userinput> will
- cause the server to send NS records along with the SOA
- record for negative
- answers. The default is <userinput>no</userinput>.
- </para>
- <note>
- <simpara>
- Not yet implemented in <acronym>BIND</acronym>
- 9.
- </simpara>
- </note>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>rfc2308-type1</command></term>
+ <listitem>
+ <para>
+ Setting this to <userinput>yes</userinput> will
+ cause the server to send NS records along with the SOA
+ record for negative
+ answers. The default is <userinput>no</userinput>.
+ </para>
+ <note>
+ <simpara>
+ Not yet implemented in <acronym>BIND</acronym>
+ 9.
+ </simpara>
+ </note>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>use-id-pool</command></term>
- <listitem>
- <para>
- <emphasis>This option is obsolete</emphasis>.
- <acronym>BIND</acronym> 9 always allocates query
- IDs from a pool.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>use-id-pool</command></term>
+ <listitem>
+ <para>
+ <emphasis>This option is obsolete</emphasis>.
+ <acronym>BIND</acronym> 9 always allocates query
+ IDs from a pool.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>zone-statistics</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, the server will collect
- statistical data on all zones (unless specifically turned
- off
- on a per-zone basis by specifying <command>zone-statistics no</command>
- in the <command>zone</command> statement).
- The default is <userinput>no</userinput>.
- These statistics may be accessed
- using <command>rndc stats</command>, which will
- dump them to the file listed
- in the <command>statistics-file</command>. See
- also <xref linkend="statsfile"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>zone-statistics</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, the server will collect
+ statistical data on all zones (unless specifically turned
+ off
+ on a per-zone basis by specifying <command>zone-statistics no</command>
+ in the <command>zone</command> statement).
+ The default is <userinput>no</userinput>.
+ These statistics may be accessed
+ using <command>rndc stats</command>, which will
+ dump them to the file listed
+ in the <command>statistics-file</command>. See
+ also <xref linkend="statsfile"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>use-ixfr</command></term>
- <listitem>
- <para>
- <emphasis>This option is obsolete</emphasis>.
- If you need to disable IXFR to a particular server or
- servers, see
- the information on the <command>provide-ixfr</command> option
- in <xref linkend="server_statement_definition_and_usage"/>.
- See also
- <xref linkend="incremental_zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>use-ixfr</command></term>
+ <listitem>
+ <para>
+ <emphasis>This option is obsolete</emphasis>.
+ If you need to disable IXFR to a particular server or
+ servers, see
+ the information on the <command>provide-ixfr</command> option
+ in <xref linkend="server_statement_definition_and_usage"/>.
+ See also
+ <xref linkend="incremental_zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>provide-ixfr</command></term>
- <listitem>
- <para>
- See the description of
- <command>provide-ixfr</command> in
- <xref linkend="server_statement_definition_and_usage"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>provide-ixfr</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>provide-ixfr</command> in
+ <xref linkend="server_statement_definition_and_usage"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>request-ixfr</command></term>
- <listitem>
- <para>
- See the description of
- <command>request-ixfr</command> in
- <xref linkend="server_statement_definition_and_usage"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>request-ixfr</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>request-ixfr</command> in
+ <xref linkend="server_statement_definition_and_usage"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>treat-cr-as-space</command></term>
- <listitem>
- <para>
- This option was used in <acronym>BIND</acronym>
- 8 to make
- the server treat carriage return ("<command>\r</command>") characters the same way
- as a space or tab character,
- to facilitate loading of zone files on a UNIX system that
- were generated
- on an NT or DOS machine. In <acronym>BIND</acronym> 9, both UNIX "<command>\n</command>"
- and NT/DOS "<command>\r\n</command>" newlines
- are always accepted,
- and the option is ignored.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>treat-cr-as-space</command></term>
+ <listitem>
+ <para>
+ This option was used in <acronym>BIND</acronym>
+ 8 to make
+ the server treat carriage return ("<command>\r</command>") characters the same way
+ as a space or tab character,
+ to facilitate loading of zone files on a UNIX system that
+ were generated
+ on an NT or DOS machine. In <acronym>BIND</acronym> 9, both UNIX "<command>\n</command>"
+ and NT/DOS "<command>\r\n</command>" newlines
+ are always accepted,
+ and the option is ignored.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>additional-from-auth</command></term>
- <term><command>additional-from-cache</command></term>
- <listitem>
+ <varlistentry>
+ <term><command>additional-from-auth</command></term>
+ <term><command>additional-from-cache</command></term>
+ <listitem>
- <para>
- These options control the behavior of an authoritative
- server when
- answering queries which have additional data, or when
- following CNAME
- and DNAME chains.
- </para>
+ <para>
+ These options control the behavior of an authoritative
+ server when
+ answering queries which have additional data, or when
+ following CNAME
+ and DNAME chains.
+ </para>
- <para>
- When both of these options are set to <userinput>yes</userinput>
- (the default) and a
- query is being answered from authoritative data (a zone
- configured into the server), the additional data section of
- the
- reply will be filled in using data from other authoritative
- zones
- and from the cache. In some situations this is undesirable,
- such
- as when there is concern over the correctness of the cache,
- or
- in servers where slave zones may be added and modified by
- untrusted third parties. Also, avoiding
- the search for this additional data will speed up server
- operations
- at the possible expense of additional queries to resolve
- what would
- otherwise be provided in the additional section.
- </para>
+ <para>
+ When both of these options are set to <userinput>yes</userinput>
+ (the default) and a
+ query is being answered from authoritative data (a zone
+ configured into the server), the additional data section of
+ the
+ reply will be filled in using data from other authoritative
+ zones
+ and from the cache. In some situations this is undesirable,
+ such
+ as when there is concern over the correctness of the cache,
+ or
+ in servers where slave zones may be added and modified by
+ untrusted third parties. Also, avoiding
+ the search for this additional data will speed up server
+ operations
+ at the possible expense of additional queries to resolve
+ what would
+ otherwise be provided in the additional section.
+ </para>
- <para>
- For example, if a query asks for an MX record for host <literal>foo.example.com</literal>,
- and the record found is "<literal>MX 10 mail.example.net</literal>", normally the address
- records (A and AAAA) for <literal>mail.example.net</literal> will be provided as well,
- if known, even though they are not in the example.com zone.
- Setting these options to <command>no</command>
- disables this behavior and makes
- the server only search for additional data in the zone it
- answers from.
- </para>
+ <para>
+ For example, if a query asks for an MX record for host <literal>foo.example.com</literal>,
+ and the record found is "<literal>MX 10 mail.example.net</literal>", normally the address
+ records (A and AAAA) for <literal>mail.example.net</literal> will be provided as well,
+ if known, even though they are not in the example.com zone.
+ Setting these options to <command>no</command>
+ disables this behavior and makes
+ the server only search for additional data in the zone it
+ answers from.
+ </para>
- <para>
- These options are intended for use in authoritative-only
- servers, or in authoritative-only views. Attempts to set
- them to <command>no</command> without also
- specifying
- <command>recursion no</command> will cause the
- server to
- ignore the options and log a warning message.
- </para>
+ <para>
+ These options are intended for use in authoritative-only
+ servers, or in authoritative-only views. Attempts to set
+ them to <command>no</command> without also
+ specifying
+ <command>recursion no</command> will cause the
+ server to
+ ignore the options and log a warning message.
+ </para>
- <para>
- Specifying <command>additional-from-cache no</command> actually
- disables the use of the cache not only for additional data
- lookups
- but also when looking up the answer. This is usually the
- desired
- behavior in an authoritative-only server where the
- correctness of
- the cached data is an issue.
- </para>
+ <para>
+ Specifying <command>additional-from-cache no</command> actually
+ disables the use of the cache not only for additional data
+ lookups
+ but also when looking up the answer. This is usually the
+ desired
+ behavior in an authoritative-only server where the
+ correctness of
+ the cached data is an issue.
+ </para>
- <para>
- When a name server is non-recursively queried for a name
- that is not
- below the apex of any served zone, it normally answers with
- an
- "upwards referral" to the root servers or the servers of
- some other
- known parent of the query name. Since the data in an
- upwards referral
- comes from the cache, the server will not be able to provide
- upwards
- referrals when <command>additional-from-cache no</command>
- has been specified. Instead, it will respond to such
- queries
- with REFUSED. This should not cause any problems since
- upwards referrals are not required for the resolution
- process.
- </para>
+ <para>
+ When a name server is non-recursively queried for a name
+ that is not
+ below the apex of any served zone, it normally answers with
+ an
+ "upwards referral" to the root servers or the servers of
+ some other
+ known parent of the query name. Since the data in an
+ upwards referral
+ comes from the cache, the server will not be able to provide
+ upwards
+ referrals when <command>additional-from-cache no</command>
+ has been specified. Instead, it will respond to such
+ queries
+ with REFUSED. This should not cause any problems since
+ upwards referrals are not required for the resolution
+ process.
+ </para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>match-mapped-addresses</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, then an
- IPv4-mapped IPv6 address will match any address match
- list entries that match the corresponding IPv4 address.
- </para>
- <para>
- This option was introduced to work around a kernel quirk
- in some operating systems that causes IPv4 TCP
- connections, such as zone transfers, to be accepted on an
- IPv6 socket using mapped addresses. This caused address
- match lists designed for IPv4 to fail to match. However,
- <command>named</command> now solves this problem
- internally. The use of this option is discouraged.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>match-mapped-addresses</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, then an
+ IPv4-mapped IPv6 address will match any address match
+ list entries that match the corresponding IPv4 address.
+ </para>
+ <para>
+ This option was introduced to work around a kernel quirk
+ in some operating systems that causes IPv4 TCP
+ connections, such as zone transfers, to be accepted on an
+ IPv6 socket using mapped addresses. This caused address
+ match lists designed for IPv4 to fail to match. However,
+ <command>named</command> now solves this problem
+ internally. The use of this option is discouraged.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>filter-aaaa-on-v4</command></term>
- <listitem>
- <para>
- This option is only available when
- <acronym>BIND</acronym> 9 is compiled with the
- <userinput>--enable-filter-aaaa</userinput> option on the
- "configure" command line. It is intended to help the
- transition from IPv4 to IPv6 by not giving IPv6 addresses
- to DNS clients unless they have connections to the IPv6
- Internet. This is not recommended unless absolutely
- necessary. The default is <userinput>no</userinput>.
- The <command>filter-aaaa-on-v4</command> option
- may also be specified in <command>view</command> statements
- to override the global <command>filter-aaaa-on-v4</command>
- option.
- </para>
- <para>
- If <userinput>yes</userinput>,
- the DNS client is at an IPv4 address, in <command>filter-aaaa</command>,
- and if the response does not include DNSSEC signatures,
- then all AAAA records are deleted from the response.
- This filtering applies to all responses and not only
- authoritative responses.
- </para>
- <para>
- If <userinput>break-dnssec</userinput>,
- then AAAA records are deleted even when dnssec is enabled.
- As suggested by the name, this makes the response not verify,
- because the DNSSEC protocol is designed detect deletions.
- </para>
- <para>
- This mechanism can erroneously cause other servers to
+ <varlistentry>
+ <term><command>filter-aaaa-on-v4</command></term>
+ <listitem>
+ <para>
+ This option is only available when
+ <acronym>BIND</acronym> 9 is compiled with the
+ <userinput>--enable-filter-aaaa</userinput> option on the
+ "configure" command line. It is intended to help the
+ transition from IPv4 to IPv6 by not giving IPv6 addresses
+ to DNS clients unless they have connections to the IPv6
+ Internet. This is not recommended unless absolutely
+ necessary. The default is <userinput>no</userinput>.
+ The <command>filter-aaaa-on-v4</command> option
+ may also be specified in <command>view</command> statements
+ to override the global <command>filter-aaaa-on-v4</command>
+ option.
+ </para>
+ <para>
+ If <userinput>yes</userinput>,
+ the DNS client is at an IPv4 address, in <command>filter-aaaa</command>,
+ and if the response does not include DNSSEC signatures,
+ then all AAAA records are deleted from the response.
+ This filtering applies to all responses and not only
+ authoritative responses.
+ </para>
+ <para>
+ If <userinput>break-dnssec</userinput>,
+ then AAAA records are deleted even when dnssec is enabled.
+ As suggested by the name, this makes the response not verify,
+ because the DNSSEC protocol is designed detect deletions.
+ </para>
+ <para>
+ This mechanism can erroneously cause other servers to
not give AAAA records to their clients.
A recursing server with both IPv6 and IPv4 network connections
that queries an authoritative server using this mechanism
via IPv4 will be denied AAAA records even if its client is
using IPv6.
- </para>
- <para>
- This mechanism is applied to authoritative as well as
+ </para>
+ <para>
+ This mechanism is applied to authoritative as well as
non-authoritative records.
A client using IPv4 that is not allowed recursion can
erroneously be given AAAA records because the server is not
allowed to check for A records.
- </para>
- <para>
+ </para>
+ <para>
Some AAAA records are given to IPv4 clients in glue records.
IPv4 clients that are servers can then erroneously
answer requests for AAAA records received via IPv4.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>ixfr-from-differences</command></term>
- <listitem>
- <para>
- When <userinput>yes</userinput> and the server loads a new version of a master
- zone from its zone file or receives a new version of a slave
- file by a non-incremental zone transfer, it will compare
- the new version to the previous one and calculate a set
- of differences. The differences are then logged in the
- zone's journal file such that the changes can be transmitted
- to downstream slaves as an incremental zone transfer.
- </para>
- <para>
- By allowing incremental zone transfers to be used for
- non-dynamic zones, this option saves bandwidth at the
- expense of increased CPU and memory consumption at the
- master.
- In particular, if the new version of a zone is completely
- different from the previous one, the set of differences
- will be of a size comparable to the combined size of the
- old and new zone version, and the server will need to
- temporarily allocate memory to hold this complete
- difference set.
- </para>
- <para><command>ixfr-from-differences</command>
+ <varlistentry>
+ <term><command>ixfr-from-differences</command></term>
+ <listitem>
+ <para>
+ When <userinput>yes</userinput> and the server loads a new version of a master
+ zone from its zone file or receives a new version of a slave
+ file by a non-incremental zone transfer, it will compare
+ the new version to the previous one and calculate a set
+ of differences. The differences are then logged in the
+ zone's journal file such that the changes can be transmitted
+ to downstream slaves as an incremental zone transfer.
+ </para>
+ <para>
+ By allowing incremental zone transfers to be used for
+ non-dynamic zones, this option saves bandwidth at the
+ expense of increased CPU and memory consumption at the
+ master.
+ In particular, if the new version of a zone is completely
+ different from the previous one, the set of differences
+ will be of a size comparable to the combined size of the
+ old and new zone version, and the server will need to
+ temporarily allocate memory to hold this complete
+ difference set.
+ </para>
+ <para><command>ixfr-from-differences</command>
also accepts <command>master</command> and
- <command>slave</command> at the view and options
- levels which causes
- <command>ixfr-from-differences</command> to be enabled for
- all <command>master</command> or
- <command>slave</command> zones respectively.
- It is off by default.
- </para>
- </listitem>
- </varlistentry>
+ <command>slave</command> at the view and options
+ levels which causes
+ <command>ixfr-from-differences</command> to be enabled for
+ all <command>master</command> or
+ <command>slave</command> zones respectively.
+ It is off by default.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>multi-master</command></term>
- <listitem>
- <para>
- This should be set when you have multiple masters for a zone
- and the
- addresses refer to different machines. If <userinput>yes</userinput>, <command>named</command> will
- not log
- when the serial number on the master is less than what <command>named</command>
- currently
- has. The default is <userinput>no</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>multi-master</command></term>
+ <listitem>
+ <para>
+ This should be set when you have multiple masters for a zone
+ and the
+ addresses refer to different machines. If <userinput>yes</userinput>, <command>named</command> will
+ not log
+ when the serial number on the master is less than what <command>named</command>
+ currently
+ has. The default is <userinput>no</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dnssec-enable</command></term>
- <listitem>
- <para>
- Enable DNSSEC support in <command>named</command>. Unless set to <userinput>yes</userinput>,
- <command>named</command> behaves as if it does not support DNSSEC.
- The default is <userinput>yes</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>dnssec-enable</command></term>
+ <listitem>
+ <para>
+ Enable DNSSEC support in <command>named</command>. Unless set to <userinput>yes</userinput>,
+ <command>named</command> behaves as if it does not support DNSSEC.
+ The default is <userinput>yes</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dnssec-validation</command></term>
- <listitem>
- <para>
- Enable DNSSEC validation in <command>named</command>.
+ <varlistentry>
+ <term><command>dnssec-validation</command></term>
+ <listitem>
+ <para>
+ Enable DNSSEC validation in <command>named</command>.
Note <command>dnssec-enable</command> also needs to be
set to <userinput>yes</userinput> to be effective.
- If set to <userinput>no</userinput>, DNSSEC validation
- is disabled. If set to <userinput>auto</userinput>,
- DNSSEC validation is enabled, and a default
- trust-anchor for the DNS root zone is used. If set to
- <userinput>yes</userinput>, DNSSEC validation is enabled,
- but a trust anchor must be manually configured using
- a <command>trusted-keys</command> or
- <command>managed-keys</command> statement. The default
- is <userinput>yes</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ If set to <userinput>no</userinput>, DNSSEC validation
+ is disabled. If set to <userinput>auto</userinput>,
+ DNSSEC validation is enabled, and a default
+ trust-anchor for the DNS root zone is used. If set to
+ <userinput>yes</userinput>, DNSSEC validation is enabled,
+ but a trust anchor must be manually configured using
+ a <command>trusted-keys</command> or
+ <command>managed-keys</command> statement. The default
+ is <userinput>yes</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dnssec-accept-expired</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>dnssec-accept-expired</command></term>
+ <listitem>
+ <para>
Accept expired signatures when verifying DNSSEC signatures.
- The default is <userinput>no</userinput>.
+ The default is <userinput>no</userinput>.
Setting this option to <userinput>yes</userinput>
leaves <command>named</command> vulnerable to
replay attacks.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>querylog</command></term>
- <listitem>
- <para>
- Specify whether query logging should be started when <command>named</command>
- starts.
- If <command>querylog</command> is not specified,
- then the query logging
- is determined by the presence of the logging category <command>queries</command>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>querylog</command></term>
+ <listitem>
+ <para>
+ Specify whether query logging should be started when <command>named</command>
+ starts.
+ If <command>querylog</command> is not specified,
+ then the query logging
+ is determined by the presence of the logging category <command>queries</command>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>check-names</command></term>
- <listitem>
- <para>
- This option is used to restrict the character set and syntax
- of
- certain domain names in master files and/or DNS responses
- received
- from the network. The default varies according to usage
- area. For
- <command>master</command> zones the default is <command>fail</command>.
- For <command>slave</command> zones the default
- is <command>warn</command>.
- For answers received from the network (<command>response</command>)
- the default is <command>ignore</command>.
- </para>
- <para>
- The rules for legal hostnames and mail domains are derived
- from RFC 952 and RFC 821 as modified by RFC 1123.
- </para>
- <para><command>check-names</command>
+ <varlistentry>
+ <term><command>check-names</command></term>
+ <listitem>
+ <para>
+ This option is used to restrict the character set and syntax
+ of
+ certain domain names in master files and/or DNS responses
+ received
+ from the network. The default varies according to usage
+ area. For
+ <command>master</command> zones the default is <command>fail</command>.
+ For <command>slave</command> zones the default
+ is <command>warn</command>.
+ For answers received from the network (<command>response</command>)
+ the default is <command>ignore</command>.
+ </para>
+ <para>
+ The rules for legal hostnames and mail domains are derived
+ from RFC 952 and RFC 821 as modified by RFC 1123.
+ </para>
+ <para><command>check-names</command>
applies to the owner names of A, AAAA and MX records.
It also applies to the domain names in the RDATA of NS, SOA,
MX, and SRV records.
@@ -6789,9 +6379,9 @@
It also applies to the RDATA of PTR records where the owner
name indicated that it is a reverse lookup of a hostname
(the owner name ends in IN-ADDR.ARPA, IP6.ARPA, or IP6.INT).
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><command>check-dup-records</command></term>
@@ -6818,20 +6408,20 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>check-wildcard</command></term>
- <listitem>
- <para>
- This option is used to check for non-terminal wildcards.
- The use of non-terminal wildcards is almost always as a
- result of a failure
- to understand the wildcard matching algorithm (RFC 1034).
- This option
- affects master zones. The default (<command>yes</command>) is to check
- for non-terminal wildcards and issue a warning.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>check-wildcard</command></term>
+ <listitem>
+ <para>
+ This option is used to check for non-terminal wildcards.
+ The use of non-terminal wildcards is almost always as a
+ result of a failure
+ to understand the wildcard matching algorithm (RFC 1034).
+ This option
+ affects master zones. The default (<command>yes</command>) is to check
+ for non-terminal wildcards and issue a warning.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><command>check-integrity</command></term>
@@ -6847,13 +6437,16 @@
For NS records only names below top of zone are
checked (for out-of-zone names and glue consistency
checks use <command>named-checkzone</command>).
- The default is <command>yes</command>.
+ The default is <command>yes</command>.
</para>
<para>
- Check that the two forms of Sender Policy Framework
- records (TXT records starting with "v=spf1" and SPF) either
- both exist or both don't exist. Warnings are
- emitted it they don't and be suppressed with
+ The use of the SPF record for publishing Sender
+ Policy Framework is deprecated as the migration
+ from using TXT records to SPF records was abandoned.
+ Enabling this option also checks that a TXT Sender
+ Policy Framework record exists (starts with "v=spf1")
+ if there is an SPF record. Warnings are emitted if the
+ TXT record does not exist and can be suppressed with
<command>check-spf</command>.
</para>
</listitem>
@@ -6895,11 +6488,11 @@
<term><command>check-spf</command></term>
<listitem>
<para>
- When performing integrity checks, check that the
- two forms of Sender Policy Framwork records (TXT
- records starting with "v=spf1" and SPF) both exist
- or both don't exist and issue a warning if not
- met. The default is <command>warn</command>.
+ If <command>check-integrity</command> is set then
+ check that there is a TXT Sender Policy Framework
+ record present (starts with "v=spf1") if there is an
+ SPF record present. The default is
+ <command>warn</command>.
</para>
</listitem>
</varlistentry>
@@ -6907,12 +6500,12 @@
<varlistentry>
<term><command>zero-no-soa-ttl</command></term>
<listitem>
- <para>
+ <para>
When returning authoritative negative responses to
SOA queries set the TTL of the SOA record returned in
the authority section to zero.
The default is <command>yes</command>.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -6919,11 +6512,11 @@
<varlistentry>
<term><command>zero-no-soa-ttl-cache</command></term>
<listitem>
- <para>
+ <para>
When caching a negative response to a SOA query
set the TTL to zero.
The default is <command>no</command>.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -6930,29 +6523,29 @@
<varlistentry>
<term><command>update-check-ksk</command></term>
<listitem>
- <para>
- When set to the default value of <literal>yes</literal>,
- check the KSK bit in each key to determine how the key
- should be used when generating RRSIGs for a secure zone.
+ <para>
+ When set to the default value of <literal>yes</literal>,
+ check the KSK bit in each key to determine how the key
+ should be used when generating RRSIGs for a secure zone.
</para>
<para>
- Ordinarily, zone-signing keys (that is, keys without the
- KSK bit set) are used to sign the entire zone, while
- key-signing keys (keys with the KSK bit set) are only
- used to sign the DNSKEY RRset at the zone apex.
- However, if this option is set to <literal>no</literal>,
- then the KSK bit is ignored; KSKs are treated as if they
- were ZSKs and are used to sign the entire zone. This is
- similar to the <command>dnssec-signzone -z</command>
- command line option.
+ Ordinarily, zone-signing keys (that is, keys without the
+ KSK bit set) are used to sign the entire zone, while
+ key-signing keys (keys with the KSK bit set) are only
+ used to sign the DNSKEY RRset at the zone apex.
+ However, if this option is set to <literal>no</literal>,
+ then the KSK bit is ignored; KSKs are treated as if they
+ were ZSKs and are used to sign the entire zone. This is
+ similar to the <command>dnssec-signzone -z</command>
+ command line option.
</para>
<para>
- When this option is set to <literal>yes</literal>, there
- must be at least two active keys for every algorithm
- represented in the DNSKEY RRset: at least one KSK and one
- ZSK per algorithm. If there is any algorithm for which
- this requirement is not met, this option will be ignored
- for that algorithm.
+ When this option is set to <literal>yes</literal>, there
+ must be at least two active keys for every algorithm
+ represented in the DNSKEY RRset: at least one KSK and one
+ ZSK per algorithm. If there is any algorithm for which
+ this requirement is not met, this option will be ignored
+ for that algorithm.
</para>
</listitem>
</varlistentry>
@@ -6960,20 +6553,20 @@
<varlistentry>
<term><command>dnssec-dnskey-kskonly</command></term>
<listitem>
- <para>
- When this option and <command>update-check-ksk</command>
- are both set to <literal>yes</literal>, only key-signing
- keys (that is, keys with the KSK bit set) will be used
- to sign the DNSKEY RRset at the zone apex. Zone-signing
- keys (keys without the KSK bit set) will be used to sign
- the remainder of the zone, but not the DNSKEY RRset.
- This is similar to the
- <command>dnssec-signzone -x</command> command line option.
+ <para>
+ When this option and <command>update-check-ksk</command>
+ are both set to <literal>yes</literal>, only key-signing
+ keys (that is, keys with the KSK bit set) will be used
+ to sign the DNSKEY RRset at the zone apex. Zone-signing
+ keys (keys without the KSK bit set) will be used to sign
+ the remainder of the zone, but not the DNSKEY RRset.
+ This is similar to the
+ <command>dnssec-signzone -x</command> command line option.
</para>
<para>
The default is <command>no</command>. If
- <command>update-check-ksk</command> is set to
- <literal>no</literal>, this option is ignored.
+ <command>update-check-ksk</command> is set to
+ <literal>no</literal>, this option is ignored.
</para>
</listitem>
</varlistentry>
@@ -6981,7 +6574,7 @@
<varlistentry>
<term><command>try-tcp-refresh</command></term>
<listitem>
- <para>
+ <para>
Try to refresh the zone using TCP if UDP queries fail.
For BIND 8 compatibility, the default is
<command>yes</command>.
@@ -6992,148 +6585,148 @@
<varlistentry>
<term><command>dnssec-secure-to-insecure</command></term>
<listitem>
- <para>
+ <para>
Allow a dynamic zone to transition from secure to
- insecure (i.e., signed to unsigned) by deleting all
- of the DNSKEY records. The default is <command>no</command>.
- If set to <command>yes</command>, and if the DNSKEY RRset
- at the zone apex is deleted, all RRSIG and NSEC records
- will be removed from the zone as well.
+ insecure (i.e., signed to unsigned) by deleting all
+ of the DNSKEY records. The default is <command>no</command>.
+ If set to <command>yes</command>, and if the DNSKEY RRset
+ at the zone apex is deleted, all RRSIG and NSEC records
+ will be removed from the zone as well.
</para>
- <para>
- If the zone uses NSEC3, then it is also necessary to
- delete the NSEC3PARAM RRset from the zone apex; this will
- cause the removal of all corresponding NSEC3 records.
- (It is expected that this requirement will be eliminated
- in a future release.)
+ <para>
+ If the zone uses NSEC3, then it is also necessary to
+ delete the NSEC3PARAM RRset from the zone apex; this will
+ cause the removal of all corresponding NSEC3 records.
+ (It is expected that this requirement will be eliminated
+ in a future release.)
</para>
- <para>
- Note that if a zone has been configured with
- <command>auto-dnssec maintain</command> and the
- private keys remain accessible in the key repository,
- then the zone will be automatically signed again the
- next time <command>named</command> is started.
+ <para>
+ Note that if a zone has been configured with
+ <command>auto-dnssec maintain</command> and the
+ private keys remain accessible in the key repository,
+ then the zone will be automatically signed again the
+ next time <command>named</command> is started.
</para>
</listitem>
</varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3>
- <title>Forwarding</title>
- <para>
- The forwarding facility can be used to create a large site-wide
- cache on a few servers, reducing traffic over links to external
- name servers. It can also be used to allow queries by servers that
- do not have direct access to the Internet, but wish to look up
- exterior
- names anyway. Forwarding occurs only on those queries for which
- the server is not authoritative and does not have the answer in
- its cache.
- </para>
+ <sect3>
+ <title>Forwarding</title>
+ <para>
+ The forwarding facility can be used to create a large site-wide
+ cache on a few servers, reducing traffic over links to external
+ name servers. It can also be used to allow queries by servers that
+ do not have direct access to the Internet, but wish to look up
+ exterior
+ names anyway. Forwarding occurs only on those queries for which
+ the server is not authoritative and does not have the answer in
+ its cache.
+ </para>
- <variablelist>
- <varlistentry>
- <term><command>forward</command></term>
- <listitem>
- <para>
- This option is only meaningful if the
- forwarders list is not empty. A value of <varname>first</varname>,
- the default, causes the server to query the forwarders
- first — and
- if that doesn't answer the question, the server will then
- look for
- the answer itself. If <varname>only</varname> is
- specified, the
- server will only query the forwarders.
- </para>
- </listitem>
- </varlistentry>
+ <variablelist>
+ <varlistentry>
+ <term><command>forward</command></term>
+ <listitem>
+ <para>
+ This option is only meaningful if the
+ forwarders list is not empty. A value of <varname>first</varname>,
+ the default, causes the server to query the forwarders
+ first — and
+ if that doesn't answer the question, the server will then
+ look for
+ the answer itself. If <varname>only</varname> is
+ specified, the
+ server will only query the forwarders.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>forwarders</command></term>
- <listitem>
- <para>
- Specifies the IP addresses to be used
- for forwarding. The default is the empty list (no
- forwarding).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>forwarders</command></term>
+ <listitem>
+ <para>
+ Specifies the IP addresses to be used
+ for forwarding. The default is the empty list (no
+ forwarding).
+ </para>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- <para>
- Forwarding can also be configured on a per-domain basis, allowing
- for the global forwarding options to be overridden in a variety
- of ways. You can set particular domains to use different
- forwarders,
- or have a different <command>forward only/first</command> behavior,
- or not forward at all, see <xref linkend="zone_statement_grammar"/>.
- </para>
- </sect3>
+ <para>
+ Forwarding can also be configured on a per-domain basis, allowing
+ for the global forwarding options to be overridden in a variety
+ of ways. You can set particular domains to use different
+ forwarders,
+ or have a different <command>forward only/first</command> behavior,
+ or not forward at all, see <xref linkend="zone_statement_grammar"/>.
+ </para>
+ </sect3>
- <sect3>
- <title>Dual-stack Servers</title>
- <para>
- Dual-stack servers are used as servers of last resort to work
- around
- problems in reachability due the lack of support for either IPv4
- or IPv6
- on the host machine.
- </para>
+ <sect3>
+ <title>Dual-stack Servers</title>
+ <para>
+ Dual-stack servers are used as servers of last resort to work
+ around
+ problems in reachability due the lack of support for either IPv4
+ or IPv6
+ on the host machine.
+ </para>
- <variablelist>
- <varlistentry>
- <term><command>dual-stack-servers</command></term>
- <listitem>
- <para>
- Specifies host names or addresses of machines with access to
- both IPv4 and IPv6 transports. If a hostname is used, the
- server must be able
- to resolve the name using only the transport it has. If the
- machine is dual
- stacked, then the <command>dual-stack-servers</command> have no effect unless
- access to a transport has been disabled on the command line
- (e.g. <command>named -4</command>).
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </sect3>
+ <variablelist>
+ <varlistentry>
+ <term><command>dual-stack-servers</command></term>
+ <listitem>
+ <para>
+ Specifies host names or addresses of machines with access to
+ both IPv4 and IPv6 transports. If a hostname is used, the
+ server must be able
+ to resolve the name using only the transport it has. If the
+ machine is dual
+ stacked, then the <command>dual-stack-servers</command> have no effect unless
+ access to a transport has been disabled on the command line
+ (e.g. <command>named -4</command>).
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect3>
- <sect3 id="access_control">
- <title>Access Control</title>
+ <sect3 id="access_control">
+ <title>Access Control</title>
- <para>
- Access to the server can be restricted based on the IP address
- of the requesting system. See <xref linkend="address_match_lists"/> for
- details on how to specify IP address lists.
- </para>
+ <para>
+ Access to the server can be restricted based on the IP address
+ of the requesting system. See <xref linkend="address_match_lists"/> for
+ details on how to specify IP address lists.
+ </para>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>allow-notify</command></term>
- <listitem>
- <para>
- Specifies which hosts are allowed to
- notify this server, a slave, of zone changes in addition
- to the zone masters.
- <command>allow-notify</command> may also be
- specified in the
- <command>zone</command> statement, in which case
- it overrides the
- <command>options allow-notify</command>
- statement. It is only meaningful
- for a slave zone. If not specified, the default is to
- process notify messages
- only from a zone's master.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-notify</command></term>
+ <listitem>
+ <para>
+ Specifies which hosts are allowed to
+ notify this server, a slave, of zone changes in addition
+ to the zone masters.
+ <command>allow-notify</command> may also be
+ specified in the
+ <command>zone</command> statement, in which case
+ it overrides the
+ <command>options allow-notify</command>
+ statement. It is only meaningful
+ for a slave zone. If not specified, the default is to
+ process notify messages
+ only from a zone's master.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><command>allow-query</command></term>
@@ -7167,10 +6760,10 @@
necessarily knowing the internal network's addresses.
</para>
<para>
- Note that <command>allow-query-on</command> is only
- checked for queries that are permitted by
- <command>allow-query</command>. A query must be
- allowed by both ACLs, or it will be refused.
+ Note that <command>allow-query-on</command> is only
+ checked for queries that are permitted by
+ <command>allow-query</command>. A query must be
+ allowed by both ACLs, or it will be refused.
</para>
<para>
<command>allow-query-on</command> may
@@ -7220,9 +6813,9 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>allow-recursion</command></term>
- <listitem>
+ <varlistentry>
+ <term><command>allow-recursion</command></term>
+ <listitem>
<para>
Specifies which hosts are allowed to make recursive
queries through this server. If
@@ -7233,264 +6826,321 @@
(<command>localnets;</command>
<command>localhost;</command>) is used.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-recursion-on</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>allow-recursion-on</command></term>
+ <listitem>
+ <para>
Specifies which local addresses can accept recursive
queries. If not specified, the default is to allow
recursive queries on all addresses.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-update</command></term>
- <listitem>
- <para>
- Specifies which hosts are allowed to
- submit Dynamic DNS updates for master zones. The default is
- to deny
- updates from all hosts. Note that allowing updates based
- on the requestor's IP address is insecure; see
- <xref linkend="dynamic_update_security"/> for details.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-update</command></term>
+ <listitem>
+ <para>
+ Specifies which hosts are allowed to
+ submit Dynamic DNS updates for master zones. The default is
+ to deny
+ updates from all hosts. Note that allowing updates based
+ on the requestor's IP address is insecure; see
+ <xref linkend="dynamic_update_security"/> for details.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-update-forwarding</command></term>
- <listitem>
- <para>
- Specifies which hosts are allowed to
- submit Dynamic DNS updates to slave zones to be forwarded to
- the
- master. The default is <userinput>{ none; }</userinput>,
- which
- means that no update forwarding will be performed. To
- enable
- update forwarding, specify
- <userinput>allow-update-forwarding { any; };</userinput>.
- Specifying values other than <userinput>{ none; }</userinput> or
- <userinput>{ any; }</userinput> is usually
- counterproductive, since
- the responsibility for update access control should rest
- with the
- master server, not the slaves.
- </para>
- <para>
- Note that enabling the update forwarding feature on a slave
- server
- may expose master servers relying on insecure IP address
- based
- access control to attacks; see <xref linkend="dynamic_update_security"/>
- for more details.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-update-forwarding</command></term>
+ <listitem>
+ <para>
+ Specifies which hosts are allowed to
+ submit Dynamic DNS updates to slave zones to be forwarded to
+ the
+ master. The default is <userinput>{ none; }</userinput>,
+ which
+ means that no update forwarding will be performed. To
+ enable
+ update forwarding, specify
+ <userinput>allow-update-forwarding { any; };</userinput>.
+ Specifying values other than <userinput>{ none; }</userinput> or
+ <userinput>{ any; }</userinput> is usually
+ counterproductive, since
+ the responsibility for update access control should rest
+ with the
+ master server, not the slaves.
+ </para>
+ <para>
+ Note that enabling the update forwarding feature on a slave
+ server
+ may expose master servers relying on insecure IP address
+ based
+ access control to attacks; see <xref linkend="dynamic_update_security"/>
+ for more details.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-v6-synthesis</command></term>
- <listitem>
- <para>
- This option was introduced for the smooth transition from
- AAAA
- to A6 and from "nibble labels" to binary labels.
- However, since both A6 and binary labels were then
- deprecated,
- this option was also deprecated.
- It is now ignored with some warning messages.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-v6-synthesis</command></term>
+ <listitem>
+ <para>
+ This option was introduced for the smooth transition from
+ AAAA
+ to A6 and from "nibble labels" to binary labels.
+ However, since both A6 and binary labels were then
+ deprecated,
+ this option was also deprecated.
+ It is now ignored with some warning messages.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-transfer</command></term>
- <listitem>
- <para>
- Specifies which hosts are allowed to
- receive zone transfers from the server. <command>allow-transfer</command> may
- also be specified in the <command>zone</command>
- statement, in which
- case it overrides the <command>options allow-transfer</command> statement.
- If not specified, the default is to allow transfers to all
- hosts.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-transfer</command></term>
+ <listitem>
+ <para>
+ Specifies which hosts are allowed to
+ receive zone transfers from the server. <command>allow-transfer</command> may
+ also be specified in the <command>zone</command>
+ statement, in which
+ case it overrides the <command>options allow-transfer</command> statement.
+ If not specified, the default is to allow transfers to all
+ hosts.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>blackhole</command></term>
- <listitem>
- <para>
- Specifies a list of addresses that the
- server will not accept queries from or use to resolve a
- query. Queries
- from these addresses will not be responded to. The default
- is <userinput>none</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>blackhole</command></term>
+ <listitem>
+ <para>
+ Specifies a list of addresses that the
+ server will not accept queries from or use to resolve a
+ query. Queries
+ from these addresses will not be responded to. The default
+ is <userinput>none</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>filter-aaaa</command></term>
- <listitem>
- <para>
- Specifies a list of addresses to which
+ <varlistentry>
+ <term><command>filter-aaaa</command></term>
+ <listitem>
+ <para>
+ Specifies a list of addresses to which
<command>filter-aaaa-on-v4</command>
- is applies. The default is <userinput>any</userinput>.
- </para>
- </listitem>
- </varlistentry>
+ is applies. The default is <userinput>any</userinput>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>resolver-query-timeout</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>no-case-compress</command></term> <listitem>
+ <para>
+ Specifies a list of addresses which require responses
+ to use case-insensitive compression. This ACL can be
+ used when <command>named</command> needs to work with
+ clients that do not comply with the requirement in RFC
+ 1034 to use case-insensitive name comparisons when
+ checking for matching domain names.
+ </para>
+ <para>
+ If left undefined, the ACL defaults to
+ <command>none</command>: case-insensitive compression
+ will be used for all clients. If the ACL is defined and
+ matches a client, then case will be ignored when
+ compressing domain names in DNS responses sent to that
+ client.
+ </para>
+ <para>
+ This can result in slightly smaller responses: if
+ a response contains the names "example.com" and
+ "example.COM", case-insensitive compression would treat
+ the second one as a duplicate. It also ensures
+ that the case of the query name exactly matches the
+ case of the owner names of returned records, rather
+ than matching the case of the records entered in
+ the zone file. This allows responses to exactly
+ match the query, which is required by some clients
+ due to incorrect use of case-sensitive comparisons.
+ </para>
+ <para>
+ Case-insensitive compression is <emphasis>always</emphasis>
+ used in AXFR and IXFR responses, regardless of whether
+ the client matches this ACL.
+ </para>
+ <para>
+ There are circumstances in which <command>named</command>
+ will not preserve the case of owner names of records:
+ if a zone file defines records of different types with
+ the same name, but the capitalization of the name is
+ different (e.g., "www.example.com/A" and
+ "WWW.EXAMPLE.COM/AAAA"), then all responses for that
+ name will use the <emphasis>first</emphasis> version
+ of the name that was used in the zone file. This
+ limitation may be addressed in a future release. However,
+ domain names specified in the rdata of resource records
+ (i.e., records of type NS, MX, CNAME, etc) will always
+ have their case preserved unless the client matches this
+ ACL.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>resolver-query-timeout</command></term>
+ <listitem>
+ <para>
The amount of time the resolver will spend attempting
to resolve a recursive query before failing. The default
and minimum is <literal>10</literal> and the maximum is
<literal>30</literal>. Setting it to <literal>0</literal>
will result in the default being used.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3>
- <title>Interfaces</title>
- <para>
- The interfaces and ports that the server will answer queries
- from may be specified using the <command>listen-on</command> option. <command>listen-on</command> takes
- an optional port and an <varname>address_match_list</varname>.
- The server will listen on all interfaces allowed by the address
- match list. If a port is not specified, port 53 will be used.
- </para>
- <para>
- Multiple <command>listen-on</command> statements are
- allowed.
- For example,
- </para>
+ <sect3>
+ <title>Interfaces</title>
+ <para>
+ The interfaces and ports that the server will answer queries
+ from may be specified using the <command>listen-on</command> option. <command>listen-on</command> takes
+ an optional port and an <varname>address_match_list</varname>
+ of IPv4 addresses. (IPv6 addresses are ignored, with a
+ logged warning.)
+ The server will listen on all interfaces allowed by the address
+ match list. If a port is not specified, port 53 will be used.
+ </para>
+ <para>
+ Multiple <command>listen-on</command> statements are
+ allowed.
+ For example,
+ </para>
<programlisting>listen-on { 5.6.7.8; };
listen-on port 1234 { !1.2.3.4; 1.2/16; };
</programlisting>
- <para>
- will enable the name server on port 53 for the IP address
- 5.6.7.8, and on port 1234 of an address on the machine in net
- 1.2 that is not 1.2.3.4.
- </para>
+ <para>
+ will enable the name server on port 53 for the IP address
+ 5.6.7.8, and on port 1234 of an address on the machine in net
+ 1.2 that is not 1.2.3.4.
+ </para>
- <para>
- If no <command>listen-on</command> is specified, the
- server will listen on port 53 on all IPv4 interfaces.
- </para>
+ <para>
+ If no <command>listen-on</command> is specified, the
+ server will listen on port 53 on all IPv4 interfaces.
+ </para>
- <para>
- The <command>listen-on-v6</command> option is used to
- specify the interfaces and the ports on which the server will
- listen
- for incoming queries sent using IPv6.
- </para>
+ <para>
+ The <command>listen-on-v6</command> option is used to
+ specify the interfaces and the ports on which the server will
+ listen
+ for incoming queries sent using IPv6.
+ </para>
- <para>
- When <programlisting>{ any; }</programlisting> is
- specified
- as the <varname>address_match_list</varname> for the
- <command>listen-on-v6</command> option,
- the server does not bind a separate socket to each IPv6 interface
- address as it does for IPv4 if the operating system has enough API
- support for IPv6 (specifically if it conforms to RFC 3493 and RFC
- 3542).
- Instead, it listens on the IPv6 wildcard address.
- If the system only has incomplete API support for IPv6, however,
- the behavior is the same as that for IPv4.
- </para>
+ <para>
+ When <programlisting>{ any; }</programlisting> is
+ specified
+ as the <varname>address_match_list</varname> for the
+ <command>listen-on-v6</command> option,
+ the server does not bind a separate socket to each IPv6 interface
+ address as it does for IPv4 if the operating system has enough API
+ support for IPv6 (specifically if it conforms to RFC 3493 and RFC
+ 3542).
+ Instead, it listens on the IPv6 wildcard address.
+ If the system only has incomplete API support for IPv6, however,
+ the behavior is the same as that for IPv4.
+ </para>
- <para>
- A list of particular IPv6 addresses can also be specified, in
- which case
- the server listens on a separate socket for each specified
- address,
- regardless of whether the desired API is supported by the system.
- </para>
+ <para>
+ A list of particular IPv6 addresses can also be specified, in
+ which case
+ the server listens on a separate socket for each specified
+ address,
+ regardless of whether the desired API is supported by the system.
+ IPv4 addresses specified in <command>listen-on-v6</command>
+ will be ignored, with a logged warning.
+ </para>
- <para>
- Multiple <command>listen-on-v6</command> options can
- be used.
- For example,
- </para>
+ <para>
+ Multiple <command>listen-on-v6</command> options can
+ be used.
+ For example,
+ </para>
<programlisting>listen-on-v6 { any; };
listen-on-v6 port 1234 { !2001:db8::/32; any; };
</programlisting>
- <para>
- will enable the name server on port 53 for any IPv6 addresses
- (with a single wildcard socket),
- and on port 1234 of IPv6 addresses that is not in the prefix
- 2001:db8::/32 (with separate sockets for each matched address.)
- </para>
+ <para>
+ will enable the name server on port 53 for any IPv6 addresses
+ (with a single wildcard socket),
+ and on port 1234 of IPv6 addresses that is not in the prefix
+ 2001:db8::/32 (with separate sockets for each matched address.)
+ </para>
- <para>
- To make the server not listen on any IPv6 address, use
- </para>
+ <para>
+ To make the server not listen on any IPv6 address, use
+ </para>
<programlisting>listen-on-v6 { none; };
</programlisting>
- <para>
- If no <command>listen-on-v6</command> option is
- specified, the server will not listen on any IPv6 address
+ <para>
+ If no <command>listen-on-v6</command> option is
+ specified, the server will not listen on any IPv6 address
unless <command>-6</command> is specified when <command>named</command> is
invoked. If <command>-6</command> is specified then
<command>named</command> will listen on port 53 on all IPv6 interfaces by default.
- </para>
- </sect3>
+ </para>
+ </sect3>
- <sect3 id="query_address">
- <title>Query Address</title>
- <para>
- If the server doesn't know the answer to a question, it will
- query other name servers. <command>query-source</command> specifies
- the address and port used for such queries. For queries sent over
- IPv6, there is a separate <command>query-source-v6</command> option.
- If <command>address</command> is <command>*</command> (asterisk) or is omitted,
- a wildcard IP address (<command>INADDR_ANY</command>)
- will be used.
+ <sect3 id="query_address">
+ <title>Query Address</title>
+ <para>
+ If the server doesn't know the answer to a question, it will
+ query other name servers. <command>query-source</command> specifies
+ the address and port used for such queries. For queries sent over
+ IPv6, there is a separate <command>query-source-v6</command> option.
+ If <command>address</command> is <command>*</command> (asterisk) or is omitted,
+ a wildcard IP address (<command>INADDR_ANY</command>)
+ will be used.
</para>
<para>
- If <command>port</command> is <command>*</command> or is omitted,
+ If <command>port</command> is <command>*</command> or is omitted,
a random port number from a pre-configured
range is picked up and will be used for each query.
The port range(s) is that specified in
the <command>use-v4-udp-ports</command> (for IPv4)
- and <command>use-v6-udp-ports</command> (for IPv6)
+ and <command>use-v6-udp-ports</command> (for IPv6)
options, excluding the ranges specified in
the <command>avoid-v4-udp-ports</command>
- and <command>avoid-v6-udp-ports</command> options, respectively.
+ and <command>avoid-v6-udp-ports</command> options, respectively.
</para>
- <para>
+ <para>
The defaults of the <command>query-source</command> and
<command>query-source-v6</command> options
are:
- </para>
+ </para>
<programlisting>query-source address * port *;
query-source-v6 address * port *;
</programlisting>
- <para>
+ <para>
If <command>use-v4-udp-ports</command> or
- <command>use-v6-udp-ports</command> is unspecified,
+ <command>use-v6-udp-ports</command> is unspecified,
<command>named</command> will check if the operating
system provides a programming interface to retrieve the
system's default range for ephemeral ports.
@@ -7497,13 +7147,13 @@
If such an interface is available,
<command>named</command> will use the corresponding system
default range; otherwise, it will use its own defaults:
- </para>
+ </para>
<programlisting>use-v4-udp-ports { range 1024 65535; };
use-v6-udp-ports { range 1024 65535; };
</programlisting>
- <para>
+ <para>
Note: make sure the ranges be sufficiently large for
security. A desirable size depends on various parameters,
but we generally recommend it contain at least 16384 ports
@@ -7515,10 +7165,10 @@
is reloaded.
It is encouraged to
configure <command>use-v4-udp-ports</command> and
- <command>use-v6-udp-ports</command> explicitly so that the
- ranges are sufficiently large and are reasonably
- independent from the ranges used by other applications.
- </para>
+ <command>use-v6-udp-ports</command> explicitly so that the
+ ranges are sufficiently large and are reasonably
+ independent from the ranges used by other applications.
+ </para>
<para>
Note: the operational configuration
@@ -7533,11 +7183,11 @@
that can be safely used in the expected operational environment.
</para>
- <para>
+ <para>
The defaults of the <command>avoid-v4-udp-ports</command> and
<command>avoid-v6-udp-ports</command> options
are:
- </para>
+ </para>
<programlisting>avoid-v4-udp-ports {};
avoid-v6-udp-ports {};
@@ -7550,154 +7200,154 @@
option is now obsolete because reusing the same ports in
the pool may not be sufficiently secure.
For the same reason, it is generally strongly discouraged to
- specify a particular port for the
+ specify a particular port for the
<command>query-source</command> or
<command>query-source-v6</command> options;
it implicitly disables the use of randomized port numbers.
- </para>
+ </para>
- <variablelist>
- <varlistentry>
- <term><command>use-queryport-pool</command></term>
- <listitem>
- <para>
+ <variablelist>
+ <varlistentry>
+ <term><command>use-queryport-pool</command></term>
+ <listitem>
+ <para>
This option is obsolete.
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>queryport-pool-ports</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>queryport-pool-ports</command></term>
+ <listitem>
+ <para>
This option is obsolete.
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>queryport-pool-updateinterval</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>queryport-pool-updateinterval</command></term>
+ <listitem>
+ <para>
This option is obsolete.
</para>
</listitem>
</varlistentry>
- </variablelist>
- <note>
- <para>
- The address specified in the <command>query-source</command> option
- is used for both UDP and TCP queries, but the port applies only
- to UDP queries. TCP queries always use a random
- unprivileged port.
- </para>
- </note>
+ </variablelist>
<note>
<para>
+ The address specified in the <command>query-source</command> option
+ is used for both UDP and TCP queries, but the port applies only
+ to UDP queries. TCP queries always use a random
+ unprivileged port.
+ </para>
+ </note>
+ <note>
+ <para>
Solaris 2.5.1 and earlier does not support setting the source
address for TCP sockets.
</para>
</note>
- <note>
- <para>
- See also <command>transfer-source</command> and
- <command>notify-source</command>.
- </para>
- </note>
- </sect3>
+ <note>
+ <para>
+ See also <command>transfer-source</command> and
+ <command>notify-source</command>.
+ </para>
+ </note>
+ </sect3>
- <sect3 id="zone_transfers">
- <title>Zone Transfers</title>
- <para>
- <acronym>BIND</acronym> has mechanisms in place to
- facilitate zone transfers
- and set limits on the amount of load that transfers place on the
- system. The following options apply to zone transfers.
- </para>
+ <sect3 id="zone_transfers">
+ <title>Zone Transfers</title>
+ <para>
+ <acronym>BIND</acronym> has mechanisms in place to
+ facilitate zone transfers
+ and set limits on the amount of load that transfers place on the
+ system. The following options apply to zone transfers.
+ </para>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>also-notify</command></term>
- <listitem>
- <para>
- Defines a global list of IP addresses of name servers
- that are also sent NOTIFY messages whenever a fresh copy of
- the
- zone is loaded, in addition to the servers listed in the
- zone's NS records.
- This helps to ensure that copies of the zones will
- quickly converge on stealth servers.
- Optionally, a port may be specified with each
- <command>also-notify</command> address to send
- the notify messages to a port other than the
- default of 53.
- If an <command>also-notify</command> list
- is given in a <command>zone</command> statement,
- it will override
- the <command>options also-notify</command>
- statement. When a <command>zone notify</command>
- statement
- is set to <command>no</command>, the IP
- addresses in the global <command>also-notify</command> list will
- not be sent NOTIFY messages for that zone. The default is
- the empty
- list (no global notification list).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>also-notify</command></term>
+ <listitem>
+ <para>
+ Defines a global list of IP addresses of name servers
+ that are also sent NOTIFY messages whenever a fresh copy of
+ the
+ zone is loaded, in addition to the servers listed in the
+ zone's NS records.
+ This helps to ensure that copies of the zones will
+ quickly converge on stealth servers.
+ Optionally, a port may be specified with each
+ <command>also-notify</command> address to send
+ the notify messages to a port other than the
+ default of 53.
+ If an <command>also-notify</command> list
+ is given in a <command>zone</command> statement,
+ it will override
+ the <command>options also-notify</command>
+ statement. When a <command>zone notify</command>
+ statement
+ is set to <command>no</command>, the IP
+ addresses in the global <command>also-notify</command> list will
+ not be sent NOTIFY messages for that zone. The default is
+ the empty
+ list (no global notification list).
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-time-in</command></term>
- <listitem>
- <para>
- Inbound zone transfers running longer than
- this many minutes will be terminated. The default is 120
- minutes
- (2 hours). The maximum value is 28 days (40320 minutes).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-time-in</command></term>
+ <listitem>
+ <para>
+ Inbound zone transfers running longer than
+ this many minutes will be terminated. The default is 120
+ minutes
+ (2 hours). The maximum value is 28 days (40320 minutes).
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-idle-in</command></term>
- <listitem>
- <para>
- Inbound zone transfers making no progress
- in this many minutes will be terminated. The default is 60
- minutes
- (1 hour). The maximum value is 28 days (40320 minutes).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-idle-in</command></term>
+ <listitem>
+ <para>
+ Inbound zone transfers making no progress
+ in this many minutes will be terminated. The default is 60
+ minutes
+ (1 hour). The maximum value is 28 days (40320 minutes).
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-time-out</command></term>
- <listitem>
- <para>
- Outbound zone transfers running longer than
- this many minutes will be terminated. The default is 120
- minutes
- (2 hours). The maximum value is 28 days (40320 minutes).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-time-out</command></term>
+ <listitem>
+ <para>
+ Outbound zone transfers running longer than
+ this many minutes will be terminated. The default is 120
+ minutes
+ (2 hours). The maximum value is 28 days (40320 minutes).
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-idle-out</command></term>
- <listitem>
- <para>
- Outbound zone transfers making no progress
- in this many minutes will be terminated. The default is 60
- minutes (1
- hour). The maximum value is 28 days (40320 minutes).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-idle-out</command></term>
+ <listitem>
+ <para>
+ Outbound zone transfers making no progress
+ in this many minutes will be terminated. The default is 60
+ minutes (1
+ hour). The maximum value is 28 days (40320 minutes).
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>serial-query-rate</command></term>
+ <varlistentry>
+ <term><command>serial-query-rate</command></term>
<listitem>
<para>
Slave servers will periodically query master
@@ -7720,148 +7370,148 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>serial-queries</command></term>
- <listitem>
- <para>
- In BIND 8, the <command>serial-queries</command>
- option
- set the maximum number of concurrent serial number queries
- allowed to be outstanding at any given time.
- BIND 9 does not limit the number of outstanding
- serial queries and ignores the <command>serial-queries</command> option.
- Instead, it limits the rate at which the queries are sent
- as defined using the <command>serial-query-rate</command> option.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>serial-queries</command></term>
+ <listitem>
+ <para>
+ In BIND 8, the <command>serial-queries</command>
+ option
+ set the maximum number of concurrent serial number queries
+ allowed to be outstanding at any given time.
+ BIND 9 does not limit the number of outstanding
+ serial queries and ignores the <command>serial-queries</command> option.
+ Instead, it limits the rate at which the queries are sent
+ as defined using the <command>serial-query-rate</command> option.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfer-format</command></term>
- <listitem>
+ <varlistentry>
+ <term><command>transfer-format</command></term>
+ <listitem>
- <para>
- Zone transfers can be sent using two different formats,
- <command>one-answer</command> and
+ <para>
+ Zone transfers can be sent using two different formats,
+ <command>one-answer</command> and
<command>many-answers</command>.
- The <command>transfer-format</command> option is used
- on the master server to determine which format it sends.
- <command>one-answer</command> uses one DNS message per
- resource record transferred.
- <command>many-answers</command> packs as many resource
+ The <command>transfer-format</command> option is used
+ on the master server to determine which format it sends.
+ <command>one-answer</command> uses one DNS message per
+ resource record transferred.
+ <command>many-answers</command> packs as many resource
records as possible into a message.
<command>many-answers</command> is more efficient, but is
only supported by relatively new slave servers,
- such as <acronym>BIND</acronym> 9, <acronym>BIND</acronym>
+ such as <acronym>BIND</acronym> 9, <acronym>BIND</acronym>
8.x and <acronym>BIND</acronym> 4.9.5 onwards.
- The <command>many-answers</command> format is also supported by
+ The <command>many-answers</command> format is also supported by
recent Microsoft Windows nameservers.
The default is <command>many-answers</command>.
<command>transfer-format</command> may be overridden on a
per-server basis by using the <command>server</command>
statement.
- </para>
+ </para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfers-in</command></term>
- <listitem>
- <para>
- The maximum number of inbound zone transfers
- that can be running concurrently. The default value is <literal>10</literal>.
- Increasing <command>transfers-in</command> may
- speed up the convergence
- of slave zones, but it also may increase the load on the
- local system.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>transfers-in</command></term>
+ <listitem>
+ <para>
+ The maximum number of inbound zone transfers
+ that can be running concurrently. The default value is <literal>10</literal>.
+ Increasing <command>transfers-in</command> may
+ speed up the convergence
+ of slave zones, but it also may increase the load on the
+ local system.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfers-out</command></term>
- <listitem>
- <para>
- The maximum number of outbound zone transfers
- that can be running concurrently. Zone transfer requests in
- excess
- of the limit will be refused. The default value is <literal>10</literal>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>transfers-out</command></term>
+ <listitem>
+ <para>
+ The maximum number of outbound zone transfers
+ that can be running concurrently. Zone transfer requests in
+ excess
+ of the limit will be refused. The default value is <literal>10</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfers-per-ns</command></term>
- <listitem>
- <para>
- The maximum number of inbound zone transfers
- that can be concurrently transferring from a given remote
- name server.
- The default value is <literal>2</literal>.
- Increasing <command>transfers-per-ns</command>
- may
- speed up the convergence of slave zones, but it also may
- increase
- the load on the remote name server. <command>transfers-per-ns</command> may
- be overridden on a per-server basis by using the <command>transfers</command> phrase
- of the <command>server</command> statement.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>transfers-per-ns</command></term>
+ <listitem>
+ <para>
+ The maximum number of inbound zone transfers
+ that can be concurrently transferring from a given remote
+ name server.
+ The default value is <literal>2</literal>.
+ Increasing <command>transfers-per-ns</command>
+ may
+ speed up the convergence of slave zones, but it also may
+ increase
+ the load on the remote name server. <command>transfers-per-ns</command> may
+ be overridden on a per-server basis by using the <command>transfers</command> phrase
+ of the <command>server</command> statement.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfer-source</command></term>
- <listitem>
- <para><command>transfer-source</command>
+ <varlistentry>
+ <term><command>transfer-source</command></term>
+ <listitem>
+ <para><command>transfer-source</command>
determines which local address will be bound to IPv4
- TCP connections used to fetch zones transferred
- inbound by the server. It also determines the
- source IPv4 address, and optionally the UDP port,
- used for the refresh queries and forwarded dynamic
- updates. If not set, it defaults to a system
- controlled value which will usually be the address
- of the interface "closest to" the remote end. This
- address must appear in the remote end's
- <command>allow-transfer</command> option for the
- zone being transferred, if one is specified. This
- statement sets the
- <command>transfer-source</command> for all zones,
- but can be overridden on a per-view or per-zone
- basis by including a
- <command>transfer-source</command> statement within
- the <command>view</command> or
- <command>zone</command> block in the configuration
- file.
- </para>
- <note>
- <para>
- Solaris 2.5.1 and earlier does not support setting the
+ TCP connections used to fetch zones transferred
+ inbound by the server. It also determines the
+ source IPv4 address, and optionally the UDP port,
+ used for the refresh queries and forwarded dynamic
+ updates. If not set, it defaults to a system
+ controlled value which will usually be the address
+ of the interface "closest to" the remote end. This
+ address must appear in the remote end's
+ <command>allow-transfer</command> option for the
+ zone being transferred, if one is specified. This
+ statement sets the
+ <command>transfer-source</command> for all zones,
+ but can be overridden on a per-view or per-zone
+ basis by including a
+ <command>transfer-source</command> statement within
+ the <command>view</command> or
+ <command>zone</command> block in the configuration
+ file.
+ </para>
+ <note>
+ <para>
+ Solaris 2.5.1 and earlier does not support setting the
source address for TCP sockets.
- </para>
- </note>
- </listitem>
- </varlistentry>
+ </para>
+ </note>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfer-source-v6</command></term>
- <listitem>
- <para>
- The same as <command>transfer-source</command>,
- except zone transfers are performed using IPv6.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>transfer-source-v6</command></term>
+ <listitem>
+ <para>
+ The same as <command>transfer-source</command>,
+ except zone transfers are performed using IPv6.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>alt-transfer-source</command></term>
- <listitem>
- <para>
- An alternate transfer source if the one listed in
- <command>transfer-source</command> fails and
- <command>use-alt-transfer-source</command> is
- set.
- </para>
+ <varlistentry>
+ <term><command>alt-transfer-source</command></term>
+ <listitem>
+ <para>
+ An alternate transfer source if the one listed in
+ <command>transfer-source</command> fails and
+ <command>use-alt-transfer-source</command> is
+ set.
+ </para>
<note>
If you do not wish the alternate transfer source
to be used, you should set
@@ -7870,77 +7520,77 @@
getting an answer back to the first refresh
query.
</note>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>alt-transfer-source-v6</command></term>
- <listitem>
- <para>
- An alternate transfer source if the one listed in
- <command>transfer-source-v6</command> fails and
- <command>use-alt-transfer-source</command> is
- set.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>alt-transfer-source-v6</command></term>
+ <listitem>
+ <para>
+ An alternate transfer source if the one listed in
+ <command>transfer-source-v6</command> fails and
+ <command>use-alt-transfer-source</command> is
+ set.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>use-alt-transfer-source</command></term>
- <listitem>
- <para>
- Use the alternate transfer sources or not. If views are
- specified this defaults to <command>no</command>
- otherwise it defaults to
- <command>yes</command> (for BIND 8
- compatibility).
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>use-alt-transfer-source</command></term>
+ <listitem>
+ <para>
+ Use the alternate transfer sources or not. If views are
+ specified this defaults to <command>no</command>
+ otherwise it defaults to
+ <command>yes</command> (for BIND 8
+ compatibility).
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify-source</command></term>
- <listitem>
- <para><command>notify-source</command>
+ <varlistentry>
+ <term><command>notify-source</command></term>
+ <listitem>
+ <para><command>notify-source</command>
determines which local source address, and
- optionally UDP port, will be used to send NOTIFY
- messages. This address must appear in the slave
- server's <command>masters</command> zone clause or
- in an <command>allow-notify</command> clause. This
- statement sets the <command>notify-source</command>
- for all zones, but can be overridden on a per-zone or
- per-view basis by including a
- <command>notify-source</command> statement within
- the <command>zone</command> or
- <command>view</command> block in the configuration
- file.
- </para>
- <note>
- <para>
- Solaris 2.5.1 and earlier does not support setting the
+ optionally UDP port, will be used to send NOTIFY
+ messages. This address must appear in the slave
+ server's <command>masters</command> zone clause or
+ in an <command>allow-notify</command> clause. This
+ statement sets the <command>notify-source</command>
+ for all zones, but can be overridden on a per-zone or
+ per-view basis by including a
+ <command>notify-source</command> statement within
+ the <command>zone</command> or
+ <command>view</command> block in the configuration
+ file.
+ </para>
+ <note>
+ <para>
+ Solaris 2.5.1 and earlier does not support setting the
source address for TCP sockets.
- </para>
- </note>
- </listitem>
- </varlistentry>
+ </para>
+ </note>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify-source-v6</command></term>
- <listitem>
- <para>
- Like <command>notify-source</command>,
- but applies to notify messages sent to IPv6 addresses.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>notify-source-v6</command></term>
+ <listitem>
+ <para>
+ Like <command>notify-source</command>,
+ but applies to notify messages sent to IPv6 addresses.
+ </para>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3>
- <title>UDP Port Lists</title>
- <para>
+ <sect3>
+ <title>UDP Port Lists</title>
+ <para>
<command>use-v4-udp-ports</command>,
<command>avoid-v4-udp-ports</command>,
<command>use-v6-udp-ports</command>, and
@@ -7950,7 +7600,7 @@
See <xref linkend="query_address"/> about how the
available ports are determined.
For example, with the following configuration
- </para>
+ </para>
<programlisting>
use-v6-udp-ports { range 32768 65535; };
@@ -7967,13 +7617,13 @@
<para>
<command>avoid-v4-udp-ports</command> and
<command>avoid-v6-udp-ports</command> can be used
- to prevent <command>named</command> from choosing as its random source port a
- port that is blocked by your firewall or a port that is
- used by other applications;
+ to prevent <command>named</command> from choosing as its random source port a
+ port that is blocked by your firewall or a port that is
+ used by other applications;
if a query went out with a source port blocked by a
- firewall, the
+ firewall, the
answer would not get by the firewall and the name server would
- have to query again.
+ have to query again.
Note: the desired range can also be represented only with
<command>use-v4-udp-ports</command> and
<command>use-v6-udp-ports</command>, and the
@@ -7981,175 +7631,175 @@
sense; they are provided for backward compatibility and
to possibly simplify the port specification.
</para>
- </sect3>
+ </sect3>
- <sect3>
- <title>Operating System Resource Limits</title>
+ <sect3>
+ <title>Operating System Resource Limits</title>
- <para>
- The server's usage of many system resources can be limited.
- Scaled values are allowed when specifying resource limits. For
- example, <command>1G</command> can be used instead of
- <command>1073741824</command> to specify a limit of
- one
- gigabyte. <command>unlimited</command> requests
- unlimited use, or the
- maximum available amount. <command>default</command>
- uses the limit
- that was in force when the server was started. See the description
- of <command>size_spec</command> in <xref linkend="configuration_file_elements"/>.
- </para>
+ <para>
+ The server's usage of many system resources can be limited.
+ Scaled values are allowed when specifying resource limits. For
+ example, <command>1G</command> can be used instead of
+ <command>1073741824</command> to specify a limit of
+ one
+ gigabyte. <command>unlimited</command> requests
+ unlimited use, or the
+ maximum available amount. <command>default</command>
+ uses the limit
+ that was in force when the server was started. See the description
+ of <command>size_spec</command> in <xref linkend="configuration_file_elements"/>.
+ </para>
- <para>
- The following options set operating system resource limits for
- the name server process. Some operating systems don't support
- some or
- any of the limits. On such systems, a warning will be issued if
- the
- unsupported limit is used.
- </para>
+ <para>
+ The following options set operating system resource limits for
+ the name server process. Some operating systems don't support
+ some or
+ any of the limits. On such systems, a warning will be issued if
+ the
+ unsupported limit is used.
+ </para>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>coresize</command></term>
- <listitem>
- <para>
- The maximum size of a core dump. The default
- is <literal>default</literal>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>coresize</command></term>
+ <listitem>
+ <para>
+ The maximum size of a core dump. The default
+ is <literal>default</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>datasize</command></term>
- <listitem>
- <para>
- The maximum amount of data memory the server
- may use. The default is <literal>default</literal>.
- This is a hard limit on server memory usage.
- If the server attempts to allocate memory in excess of this
- limit, the allocation will fail, which may in turn leave
- the server unable to perform DNS service. Therefore,
- this option is rarely useful as a way of limiting the
- amount of memory used by the server, but it can be used
- to raise an operating system data size limit that is
- too small by default. If you wish to limit the amount
- of memory used by the server, use the
- <command>max-cache-size</command> and
- <command>recursive-clients</command>
- options instead.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>datasize</command></term>
+ <listitem>
+ <para>
+ The maximum amount of data memory the server
+ may use. The default is <literal>default</literal>.
+ This is a hard limit on server memory usage.
+ If the server attempts to allocate memory in excess of this
+ limit, the allocation will fail, which may in turn leave
+ the server unable to perform DNS service. Therefore,
+ this option is rarely useful as a way of limiting the
+ amount of memory used by the server, but it can be used
+ to raise an operating system data size limit that is
+ too small by default. If you wish to limit the amount
+ of memory used by the server, use the
+ <command>max-cache-size</command> and
+ <command>recursive-clients</command>
+ options instead.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>files</command></term>
- <listitem>
- <para>
- The maximum number of files the server
- may have open concurrently. The default is <literal>unlimited</literal>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>files</command></term>
+ <listitem>
+ <para>
+ The maximum number of files the server
+ may have open concurrently. The default is <literal>unlimited</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>stacksize</command></term>
- <listitem>
- <para>
- The maximum amount of stack memory the server
- may use. The default is <literal>default</literal>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>stacksize</command></term>
+ <listitem>
+ <para>
+ The maximum amount of stack memory the server
+ may use. The default is <literal>default</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3 id="server_resource_limits">
- <title>Server Resource Limits</title>
+ <sect3 id="server_resource_limits">
+ <title>Server Resource Limits</title>
- <para>
- The following options set limits on the server's
- resource consumption that are enforced internally by the
- server rather than the operating system.
- </para>
+ <para>
+ The following options set limits on the server's
+ resource consumption that are enforced internally by the
+ server rather than the operating system.
+ </para>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>max-ixfr-log-size</command></term>
- <listitem>
- <para>
- This option is obsolete; it is accepted
- and ignored for BIND 8 compatibility. The option
- <command>max-journal-size</command> performs a
- similar function in BIND 9.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-ixfr-log-size</command></term>
+ <listitem>
+ <para>
+ This option is obsolete; it is accepted
+ and ignored for BIND 8 compatibility. The option
+ <command>max-journal-size</command> performs a
+ similar function in BIND 9.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-journal-size</command></term>
- <listitem>
- <para>
- Sets a maximum size for each journal file
- (see <xref linkend="journal"/>). When the journal file
- approaches
- the specified size, some of the oldest transactions in the
- journal
- will be automatically removed. The default is
- <literal>unlimited</literal>.
- This may also be set on a per-zone basis.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-journal-size</command></term>
+ <listitem>
+ <para>
+ Sets a maximum size for each journal file
+ (see <xref linkend="journal"/>). When the journal file
+ approaches
+ the specified size, some of the oldest transactions in the
+ journal
+ will be automatically removed. The default is
+ <literal>unlimited</literal>.
+ This may also be set on a per-zone basis.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>host-statistics-max</command></term>
- <listitem>
- <para>
- In BIND 8, specifies the maximum number of host statistics
- entries to be kept.
- Not implemented in BIND 9.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>host-statistics-max</command></term>
+ <listitem>
+ <para>
+ In BIND 8, specifies the maximum number of host statistics
+ entries to be kept.
+ Not implemented in BIND 9.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>recursive-clients</command></term>
- <listitem>
- <para>
- The maximum number of simultaneous recursive lookups
- the server will perform on behalf of clients. The default
- is
- <literal>1000</literal>. Because each recursing
- client uses a fair
- bit of memory, on the order of 20 kilobytes, the value of
- the
- <command>recursive-clients</command> option may
- have to be decreased
- on hosts with limited memory.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>recursive-clients</command></term>
+ <listitem>
+ <para>
+ The maximum number of simultaneous recursive lookups
+ the server will perform on behalf of clients. The default
+ is
+ <literal>1000</literal>. Because each recursing
+ client uses a fair
+ bit of memory, on the order of 20 kilobytes, the value of
+ the
+ <command>recursive-clients</command> option may
+ have to be decreased
+ on hosts with limited memory.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>tcp-clients</command></term>
- <listitem>
- <para>
- The maximum number of simultaneous client TCP
- connections that the server will accept.
- The default is <literal>100</literal>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>tcp-clients</command></term>
+ <listitem>
+ <para>
+ The maximum number of simultaneous client TCP
+ connections that the server will accept.
+ The default is <literal>100</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>reserved-sockets</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>reserved-sockets</command></term>
+ <listitem>
+ <para>
The number of file descriptors reserved for TCP, stdio,
etc. This needs to be big enough to cover the number of
interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as
@@ -8158,158 +7808,159 @@
The minimum value is <literal>128</literal> and the
maximum value is <literal>128</literal> less than
maxsockets (-S). This option may be removed in the future.
- </para>
- <para>
+ </para>
+ <para>
This option has little effect on Windows.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-cache-size</command></term>
- <listitem>
- <para>
- The maximum amount of memory to use for the
- server's cache, in bytes.
- When the amount of data in the cache
- reaches this limit, the server will cause records to expire
- prematurely based on an LRU based strategy so that
- the limit is not exceeded.
- A value of 0 is special, meaning that
- records are purged from the cache only when their
- TTLs expire.
- Another special keyword <userinput>unlimited</userinput>
- means the maximum value of 32-bit unsigned integers
- (0xffffffff), which may not have the same effect as
- 0 on machines that support more than 32 bits of
- memory space.
- Any positive values less than 2MB will be ignored reset
- to 2MB.
- In a server with multiple views, the limit applies
- separately to the cache of each view.
- The default is 0.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-cache-size</command></term>
+ <listitem>
+ <para>
+ The maximum amount of memory to use for the
+ server's cache, in bytes.
+ When the amount of data in the cache
+ reaches this limit, the server will cause records to expire
+ prematurely based on an LRU based strategy so that
+ the limit is not exceeded.
+ A value of 0 is special, meaning that
+ records are purged from the cache only when their
+ TTLs expire.
+ Another special keyword <userinput>unlimited</userinput>
+ means the maximum value of 32-bit unsigned integers
+ (0xffffffff), which may not have the same effect as
+ 0 on machines that support more than 32 bits of
+ memory space.
+ Any positive values less than 2MB will be ignored reset
+ to 2MB.
+ In a server with multiple views, the limit applies
+ separately to the cache of each view.
+ The default is 0.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>tcp-listen-queue</command></term>
- <listitem>
- <para>
- The listen queue depth. The default and minimum is 3.
- If the kernel supports the accept filter "dataready" this
- also controls how
- many TCP connections that will be queued in kernel space
- waiting for
- some data before being passed to accept. Values less than 3
- will be
- silently raised.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>tcp-listen-queue</command></term>
+ <listitem>
+ <para>
+ The listen queue depth. The default and minimum is 10.
+ If the kernel supports the accept filter "dataready" this
+ also controls how
+ many TCP connections that will be queued in kernel space
+ waiting for
+ some data before being passed to accept. Nonzero values
+ less than 10 will be silently raised. A value of 0 may also
+ be used; on most platforms this sets the listen queue
+ length to a system-defined default value.
+ </para>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3>
- <title>Periodic Task Intervals</title>
+ <sect3>
+ <title>Periodic Task Intervals</title>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>cleaning-interval</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>cleaning-interval</command></term>
+ <listitem>
+ <para>
This interval is effectively obsolete. Previously,
the server would remove expired resource records
- from the cache every <command>cleaning-interval</command> minutes.
+ from the cache every <command>cleaning-interval</command> minutes.
<acronym>BIND</acronym> 9 now manages cache
memory in a more sophisticated manner and does not
rely on the periodic cleaning any more.
Specifying this option therefore has no effect on
the server's behavior.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>heartbeat-interval</command></term>
- <listitem>
- <para>
- The server will perform zone maintenance tasks
- for all zones marked as <command>dialup</command> whenever this
- interval expires. The default is 60 minutes. Reasonable
- values are up
- to 1 day (1440 minutes). The maximum value is 28 days
- (40320 minutes).
- If set to 0, no zone maintenance for these zones will occur.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>heartbeat-interval</command></term>
+ <listitem>
+ <para>
+ The server will perform zone maintenance tasks
+ for all zones marked as <command>dialup</command> whenever this
+ interval expires. The default is 60 minutes. Reasonable
+ values are up
+ to 1 day (1440 minutes). The maximum value is 28 days
+ (40320 minutes).
+ If set to 0, no zone maintenance for these zones will occur.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>interface-interval</command></term>
- <listitem>
- <para>
- The server will scan the network interface list
- every <command>interface-interval</command>
- minutes. The default
- is 60 minutes. The maximum value is 28 days (40320 minutes).
- If set to 0, interface scanning will only occur when
- the configuration file is loaded. After the scan, the
- server will
- begin listening for queries on any newly discovered
- interfaces (provided they are allowed by the
- <command>listen-on</command> configuration), and
- will
- stop listening on interfaces that have gone away.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>interface-interval</command></term>
+ <listitem>
+ <para>
+ The server will scan the network interface list
+ every <command>interface-interval</command>
+ minutes. The default
+ is 60 minutes. The maximum value is 28 days (40320 minutes).
+ If set to 0, interface scanning will only occur when
+ the configuration file is loaded. After the scan, the
+ server will
+ begin listening for queries on any newly discovered
+ interfaces (provided they are allowed by the
+ <command>listen-on</command> configuration), and
+ will
+ stop listening on interfaces that have gone away.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>statistics-interval</command></term>
- <listitem>
- <para>
- Name server statistics will be logged
- every <command>statistics-interval</command>
- minutes. The default is
- 60. The maximum value is 28 days (40320 minutes).
- If set to 0, no statistics will be logged.
- </para><note>
- <simpara>
- Not yet implemented in
- <acronym>BIND</acronym> 9.
- </simpara>
- </note>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>statistics-interval</command></term>
+ <listitem>
+ <para>
+ Name server statistics will be logged
+ every <command>statistics-interval</command>
+ minutes. The default is
+ 60. The maximum value is 28 days (40320 minutes).
+ If set to 0, no statistics will be logged.
+ </para><note>
+ <simpara>
+ Not yet implemented in
+ <acronym>BIND</acronym> 9.
+ </simpara>
+ </note>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3 id="topology">
- <title>Topology</title>
+ <sect3 id="topology">
+ <title>Topology</title>
- <para>
- All other things being equal, when the server chooses a name
- server
- to query from a list of name servers, it prefers the one that is
- topologically closest to itself. The <command>topology</command> statement
- takes an <command>address_match_list</command> and
- interprets it
- in a special way. Each top-level list element is assigned a
- distance.
- Non-negated elements get a distance based on their position in the
- list, where the closer the match is to the start of the list, the
- shorter the distance is between it and the server. A negated match
- will be assigned the maximum distance from the server. If there
- is no match, the address will get a distance which is further than
- any non-negated list element, and closer than any negated element.
- For example,
- </para>
+ <para>
+ All other things being equal, when the server chooses a name
+ server
+ to query from a list of name servers, it prefers the one that is
+ topologically closest to itself. The <command>topology</command> statement
+ takes an <command>address_match_list</command> and
+ interprets it
+ in a special way. Each top-level list element is assigned a
+ distance.
+ Non-negated elements get a distance based on their position in the
+ list, where the closer the match is to the start of the list, the
+ shorter the distance is between it and the server. A negated match
+ will be assigned the maximum distance from the server. If there
+ is no match, the address will get a distance which is further than
+ any non-negated list element, and closer than any negated element.
+ For example,
+ </para>
<programlisting>topology {
10/8;
@@ -8317,221 +7968,221 @@
{ 1.2/16; 3/8; };
};</programlisting>
- <para>
- will prefer servers on network 10 the most, followed by hosts
- on network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the
- exception of hosts on network 1.2.3 (netmask 255.255.255.0), which
- is preferred least of all.
- </para>
- <para>
- The default topology is
- </para>
+ <para>
+ will prefer servers on network 10 the most, followed by hosts
+ on network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the
+ exception of hosts on network 1.2.3 (netmask 255.255.255.0), which
+ is preferred least of all.
+ </para>
+ <para>
+ The default topology is
+ </para>
<programlisting> topology { localhost; localnets; };
</programlisting>
- <note>
- <simpara>
- The <command>topology</command> option
- is not implemented in <acronym>BIND</acronym> 9.
- </simpara>
- </note>
- </sect3>
+ <note>
+ <simpara>
+ The <command>topology</command> option
+ is not implemented in <acronym>BIND</acronym> 9.
+ </simpara>
+ </note>
+ </sect3>
- <sect3 id="the_sortlist_statement">
+ <sect3 id="the_sortlist_statement">
- <title>The <command>sortlist</command> Statement</title>
+ <title>The <command>sortlist</command> Statement</title>
- <para>
- The response to a DNS query may consist of multiple resource
- records (RRs) forming a resource records set (RRset).
- The name server will normally return the
- RRs within the RRset in an indeterminate order
- (but see the <command>rrset-order</command>
- statement in <xref linkend="rrset_ordering"/>).
- The client resolver code should rearrange the RRs as appropriate,
- that is, using any addresses on the local net in preference to
- other addresses.
- However, not all resolvers can do this or are correctly
- configured.
- When a client is using a local server, the sorting can be performed
- in the server, based on the client's address. This only requires
- configuring the name servers, not all the clients.
- </para>
+ <para>
+ The response to a DNS query may consist of multiple resource
+ records (RRs) forming a resource records set (RRset).
+ The name server will normally return the
+ RRs within the RRset in an indeterminate order
+ (but see the <command>rrset-order</command>
+ statement in <xref linkend="rrset_ordering"/>).
+ The client resolver code should rearrange the RRs as appropriate,
+ that is, using any addresses on the local net in preference to
+ other addresses.
+ However, not all resolvers can do this or are correctly
+ configured.
+ When a client is using a local server, the sorting can be performed
+ in the server, based on the client's address. This only requires
+ configuring the name servers, not all the clients.
+ </para>
- <para>
- The <command>sortlist</command> statement (see below)
- takes
- an <command>address_match_list</command> and
- interprets it even
- more specifically than the <command>topology</command>
- statement
- does (<xref linkend="topology"/>).
- Each top level statement in the <command>sortlist</command> must
- itself be an explicit <command>address_match_list</command> with
- one or two elements. The first element (which may be an IP
- address,
- an IP prefix, an ACL name or a nested <command>address_match_list</command>)
- of each top level list is checked against the source address of
- the query until a match is found.
- </para>
- <para>
- Once the source address of the query has been matched, if
- the top level statement contains only one element, the actual
- primitive
- element that matched the source address is used to select the
- address
- in the response to move to the beginning of the response. If the
- statement is a list of two elements, then the second element is
- treated the same as the <command>address_match_list</command> in
- a <command>topology</command> statement. Each top
- level element
- is assigned a distance and the address in the response with the
- minimum
- distance is moved to the beginning of the response.
- </para>
- <para>
- In the following example, any queries received from any of
- the addresses of the host itself will get responses preferring
- addresses
- on any of the locally connected networks. Next most preferred are
- addresses
- on the 192.168.1/24 network, and after that either the
- 192.168.2/24
- or
- 192.168.3/24 network with no preference shown between these two
- networks. Queries received from a host on the 192.168.1/24 network
- will prefer other addresses on that network to the 192.168.2/24
- and
- 192.168.3/24 networks. Queries received from a host on the
- 192.168.4/24
- or the 192.168.5/24 network will only prefer other addresses on
- their directly connected networks.
- </para>
+ <para>
+ The <command>sortlist</command> statement (see below)
+ takes
+ an <command>address_match_list</command> and
+ interprets it even
+ more specifically than the <command>topology</command>
+ statement
+ does (<xref linkend="topology"/>).
+ Each top level statement in the <command>sortlist</command> must
+ itself be an explicit <command>address_match_list</command> with
+ one or two elements. The first element (which may be an IP
+ address,
+ an IP prefix, an ACL name or a nested <command>address_match_list</command>)
+ of each top level list is checked against the source address of
+ the query until a match is found.
+ </para>
+ <para>
+ Once the source address of the query has been matched, if
+ the top level statement contains only one element, the actual
+ primitive
+ element that matched the source address is used to select the
+ address
+ in the response to move to the beginning of the response. If the
+ statement is a list of two elements, then the second element is
+ treated the same as the <command>address_match_list</command> in
+ a <command>topology</command> statement. Each top
+ level element
+ is assigned a distance and the address in the response with the
+ minimum
+ distance is moved to the beginning of the response.
+ </para>
+ <para>
+ In the following example, any queries received from any of
+ the addresses of the host itself will get responses preferring
+ addresses
+ on any of the locally connected networks. Next most preferred are
+ addresses
+ on the 192.168.1/24 network, and after that either the
+ 192.168.2/24
+ or
+ 192.168.3/24 network with no preference shown between these two
+ networks. Queries received from a host on the 192.168.1/24 network
+ will prefer other addresses on that network to the 192.168.2/24
+ and
+ 192.168.3/24 networks. Queries received from a host on the
+ 192.168.4/24
+ or the 192.168.5/24 network will only prefer other addresses on
+ their directly connected networks.
+ </para>
<programlisting>sortlist {
// IF the local host
// THEN first fit on the following nets
{ localhost;
- { localnets;
- 192.168.1/24;
- { 192.168.2/24; 192.168.3/24; }; }; };
+ { localnets;
+ 192.168.1/24;
+ { 192.168.2/24; 192.168.3/24; }; }; };
// IF on class C 192.168.1 THEN use .1, or .2 or .3
{ 192.168.1/24;
- { 192.168.1/24;
- { 192.168.2/24; 192.168.3/24; }; }; };
+ { 192.168.1/24;
+ { 192.168.2/24; 192.168.3/24; }; }; };
// IF on class C 192.168.2 THEN use .2, or .1 or .3
{ 192.168.2/24;
- { 192.168.2/24;
- { 192.168.1/24; 192.168.3/24; }; }; };
+ { 192.168.2/24;
+ { 192.168.1/24; 192.168.3/24; }; }; };
// IF on class C 192.168.3 THEN use .3, or .1 or .2
{ 192.168.3/24;
- { 192.168.3/24;
- { 192.168.1/24; 192.168.2/24; }; }; };
+ { 192.168.3/24;
+ { 192.168.1/24; 192.168.2/24; }; }; };
// IF .4 or .5 THEN prefer that net
{ { 192.168.4/24; 192.168.5/24; };
};
};</programlisting>
- <para>
- The following example will give reasonable behavior for the
- local host and hosts on directly connected networks. It is similar
- to the behavior of the address sort in <acronym>BIND</acronym> 4.9.x. Responses sent
- to queries from the local host will favor any of the directly
- connected
- networks. Responses sent to queries from any other hosts on a
- directly
- connected network will prefer addresses on that same network.
- Responses
- to other queries will not be sorted.
- </para>
+ <para>
+ The following example will give reasonable behavior for the
+ local host and hosts on directly connected networks. It is similar
+ to the behavior of the address sort in <acronym>BIND</acronym> 4.9.x. Responses sent
+ to queries from the local host will favor any of the directly
+ connected
+ networks. Responses sent to queries from any other hosts on a
+ directly
+ connected network will prefer addresses on that same network.
+ Responses
+ to other queries will not be sorted.
+ </para>
<programlisting>sortlist {
- { localhost; localnets; };
- { localnets; };
+ { localhost; localnets; };
+ { localnets; };
};
</programlisting>
- </sect3>
- <sect3 id="rrset_ordering">
- <title id="rrset_ordering_title">RRset Ordering</title>
- <para>
- When multiple records are returned in an answer it may be
- useful to configure the order of the records placed into the
- response.
- The <command>rrset-order</command> statement permits
- configuration
- of the ordering of the records in a multiple record response.
- See also the <command>sortlist</command> statement,
- <xref linkend="the_sortlist_statement"/>.
- </para>
+ </sect3>
+ <sect3 id="rrset_ordering">
+ <title id="rrset_ordering_title">RRset Ordering</title>
+ <para>
+ When multiple records are returned in an answer it may be
+ useful to configure the order of the records placed into the
+ response.
+ The <command>rrset-order</command> statement permits
+ configuration
+ of the ordering of the records in a multiple record response.
+ See also the <command>sortlist</command> statement,
+ <xref linkend="the_sortlist_statement"/>.
+ </para>
- <para>
- An <command>order_spec</command> is defined as
- follows:
- </para>
- <para>
+ <para>
+ An <command>order_spec</command> is defined as
+ follows:
+ </para>
+ <para>
<optional>class <replaceable>class_name</replaceable></optional>
- <optional>type <replaceable>type_name</replaceable></optional>
- <optional>name <replaceable>"domain_name"</replaceable></optional>
+ <optional>type <replaceable>type_name</replaceable></optional>
+ <optional>name <replaceable>"domain_name"</replaceable></optional>
order <replaceable>ordering</replaceable>
</para>
- <para>
- If no class is specified, the default is <command>ANY</command>.
- If no type is specified, the default is <command>ANY</command>.
- If no name is specified, the default is "<command>*</command>" (asterisk).
- </para>
- <para>
- The legal values for <command>ordering</command> are:
- </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="0.750in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.750in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><command>fixed</command></para>
- </entry>
- <entry colname="2">
- <para>
- Records are returned in the order they
- are defined in the zone file.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>random</command></para>
- </entry>
- <entry colname="2">
- <para>
- Records are returned in some random order.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>cyclic</command></para>
- </entry>
- <entry colname="2">
- <para>
- Records are returned in a cyclic round-robin order.
- </para>
- <para>
- If <acronym>BIND</acronym> is configured with the
- "--enable-fixed-rrset" option at compile time, then
- the initial ordering of the RRset will match the
- one specified in the zone file.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <para>
- For example:
- </para>
+ <para>
+ If no class is specified, the default is <command>ANY</command>.
+ If no type is specified, the default is <command>ANY</command>.
+ If no name is specified, the default is "<command>*</command>" (asterisk).
+ </para>
+ <para>
+ The legal values for <command>ordering</command> are:
+ </para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="0.750in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.750in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>fixed</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Records are returned in the order they
+ are defined in the zone file.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>random</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Records are returned in some random order.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>cyclic</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Records are returned in a cyclic round-robin order.
+ </para>
+ <para>
+ If <acronym>BIND</acronym> is configured with the
+ "--enable-fixed-rrset" option at compile time, then
+ the initial ordering of the RRset will match the
+ one specified in the zone file.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ For example:
+ </para>
<programlisting>rrset-order {
class IN type A name "host.example.com" order random;
@@ -8539,45 +8190,45 @@
};
</programlisting>
- <para>
- will cause any responses for type A records in class IN that
- have "<literal>host.example.com</literal>" as a
- suffix, to always be returned
- in random order. All other records are returned in cyclic order.
- </para>
- <para>
- If multiple <command>rrset-order</command> statements
- appear,
- they are not combined — the last one applies.
- </para>
+ <para>
+ will cause any responses for type A records in class IN that
+ have "<literal>host.example.com</literal>" as a
+ suffix, to always be returned
+ in random order. All other records are returned in cyclic order.
+ </para>
+ <para>
+ If multiple <command>rrset-order</command> statements
+ appear,
+ they are not combined — the last one applies.
+ </para>
- <note>
- <simpara>
- In this release of <acronym>BIND</acronym> 9, the
- <command>rrset-order</command> statement does not support
- "fixed" ordering by default. Fixed ordering can be enabled
- at compile time by specifying "--enable-fixed-rrset" on
- the "configure" command line.
- </simpara>
- </note>
- </sect3>
+ <note>
+ <simpara>
+ In this release of <acronym>BIND</acronym> 9, the
+ <command>rrset-order</command> statement does not support
+ "fixed" ordering by default. Fixed ordering can be enabled
+ at compile time by specifying "--enable-fixed-rrset" on
+ the "configure" command line.
+ </simpara>
+ </note>
+ </sect3>
- <sect3 id="tuning">
- <title>Tuning</title>
+ <sect3 id="tuning">
+ <title>Tuning</title>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>lame-ttl</command></term>
- <listitem>
- <para>
- Sets the number of seconds to cache a
- lame server indication. 0 disables caching. (This is
- <emphasis role="bold">NOT</emphasis> recommended.)
- The default is <literal>600</literal> (10 minutes) and the
- maximum value is
- <literal>1800</literal> (30 minutes).
- </para>
+ <varlistentry>
+ <term><command>lame-ttl</command></term>
+ <listitem>
+ <para>
+ Sets the number of seconds to cache a
+ lame server indication. 0 disables caching. (This is
+ <emphasis role="bold">NOT</emphasis> recommended.)
+ The default is <literal>600</literal> (10 minutes) and the
+ maximum value is
+ <literal>1800</literal> (30 minutes).
+ </para>
<para>
Lame-ttl also controls the amount of time DNSSEC
@@ -8586,57 +8237,57 @@
lame-ttl is set to less than 30 seconds.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-ncache-ttl</command></term>
- <listitem>
- <para>
- To reduce network traffic and increase performance,
- the server stores negative answers. <command>max-ncache-ttl</command> is
- used to set a maximum retention time for these answers in
- the server
- in seconds. The default
- <command>max-ncache-ttl</command> is <literal>10800</literal> seconds (3 hours).
- <command>max-ncache-ttl</command> cannot exceed
- 7 days and will
- be silently truncated to 7 days if set to a greater value.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-ncache-ttl</command></term>
+ <listitem>
+ <para>
+ To reduce network traffic and increase performance,
+ the server stores negative answers. <command>max-ncache-ttl</command> is
+ used to set a maximum retention time for these answers in
+ the server
+ in seconds. The default
+ <command>max-ncache-ttl</command> is <literal>10800</literal> seconds (3 hours).
+ <command>max-ncache-ttl</command> cannot exceed
+ 7 days and will
+ be silently truncated to 7 days if set to a greater value.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-cache-ttl</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>max-cache-ttl</command></term>
+ <listitem>
+ <para>
Sets the maximum time for which the server will
- cache ordinary (positive) answers. The default is
- one week (7 days).
+ cache ordinary (positive) answers. The default is
+ one week (7 days).
A value of zero may cause all queries to return
SERVFAIL, because of lost caches of intermediate
RRsets (such as NS and glue AAAA/A records) in the
resolution process.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>min-roots</command></term>
- <listitem>
- <para>
- The minimum number of root servers that
- is required for a request for the root servers to be
- accepted. The default
- is <userinput>2</userinput>.
- </para>
- <note>
- <simpara>
- Not implemented in <acronym>BIND</acronym> 9.
- </simpara>
- </note>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>min-roots</command></term>
+ <listitem>
+ <para>
+ The minimum number of root servers that
+ is required for a request for the root servers to be
+ accepted. The default
+ is <userinput>2</userinput>.
+ </para>
+ <note>
+ <simpara>
+ Not implemented in <acronym>BIND</acronym> 9.
+ </simpara>
+ </note>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><command>sig-validity-interval</command></term>
@@ -8709,32 +8360,32 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>min-refresh-time</command></term>
- <term><command>max-refresh-time</command></term>
- <term><command>min-retry-time</command></term>
- <term><command>max-retry-time</command></term>
- <listitem>
- <para>
- These options control the server's behavior on refreshing a
- zone
- (querying for SOA changes) or retrying failed transfers.
- Usually the SOA values for the zone are used, but these
- values
- are set by the master, giving slave server administrators
- little
- control over their contents.
- </para>
- <para>
- These options allow the administrator to set a minimum and
- maximum
- refresh and retry time either per-zone, per-view, or
- globally.
- These options are valid for slave and stub zones,
- and clamp the SOA refresh and retry times to the specified
- values.
- </para>
+ <varlistentry>
+ <term><command>min-refresh-time</command></term>
+ <term><command>max-refresh-time</command></term>
+ <term><command>min-retry-time</command></term>
+ <term><command>max-retry-time</command></term>
+ <listitem>
<para>
+ These options control the server's behavior on refreshing a
+ zone
+ (querying for SOA changes) or retrying failed transfers.
+ Usually the SOA values for the zone are used, but these
+ values
+ are set by the master, giving slave server administrators
+ little
+ control over their contents.
+ </para>
+ <para>
+ These options allow the administrator to set a minimum and
+ maximum
+ refresh and retry time either per-zone, per-view, or
+ globally.
+ These options are valid for slave and stub zones,
+ and clamp the SOA refresh and retry times to the specified
+ values.
+ </para>
+ <para>
The following defaults apply.
<command>min-refresh-time</command> 300 seconds,
<command>max-refresh-time</command> 2419200 seconds
@@ -8742,16 +8393,16 @@
and <command>max-retry-time</command> 1209600 seconds
(2 weeks).
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>edns-udp-size</command></term>
- <listitem>
- <para>
+ <varlistentry>
+ <term><command>edns-udp-size</command></term>
+ <listitem>
+ <para>
Sets the advertised EDNS UDP buffer size in bytes
- to control the size of packets received.
- Valid values are 512 to 4096 (values outside this range
+ to control the size of packets received.
+ Valid values are 512 to 4096 (values outside this range
will be silently adjusted). The default value
is 4096. The usual reason for setting
<command>edns-udp-size</command> to a non-default
@@ -8758,19 +8409,19 @@
value is to get UDP answers to pass through broken
firewalls that block fragmented packets and/or
block UDP packets that are greater than 512 bytes.
- </para>
+ </para>
<para>
<command>named</command> will fallback to using 512 bytes
if it get a series of timeout at the initial value. 512
bytes is not being offered to encourage sites to fix their
- firewalls. Small EDNS UDP sizes will result in the
+ firewalls. Small EDNS UDP sizes will result in the
excessive use of TCP.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-udp-size</command></term>
+ <varlistentry>
+ <term><command>max-udp-size</command></term>
<listitem>
<para>
Sets the maximum EDNS UDP message size
@@ -8795,16 +8446,16 @@
<varlistentry>
<term><command>masterfile-format</command></term>
<listitem>
- <para>Specifies
+ <para>Specifies
the file format of zone files (see
- <xref linkend="zonefile_format"/>).
- The default value is <constant>text</constant>, which is the
+ <xref linkend="zonefile_format"/>).
+ The default value is <constant>text</constant>, which is the
standard textual representation. Files in other formats
than <constant>text</constant> are typically expected
to be generated by the <command>named-compilezone</command> tool.
Note that when a zone file in a different format than
<constant>text</constant> is loaded, <command>named</command>
- may omit some of the checks which would be performed for a
+ may omit some of the checks which would be performed for a
file in the <constant>text</constant> format. In particular,
<command>check-names</command> checks do not apply
for the <constant>raw</constant> format. This means
@@ -8818,7 +8469,7 @@
statement within the <command>zone</command> or
<command>view</command> block in the configuration
file.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -8825,7 +8476,7 @@
<varlistentry id="clients-per-query">
<term><command>clients-per-query</command></term>
<term><command>max-clients-per-query</command></term>
- <listitem>
+ <listitem>
<para>These set the
initial value (minimum) and maximum number of recursive
simultaneous clients for any given query
@@ -8835,7 +8486,7 @@
default values are 10 and 100.
</para>
<para>
- This value should reflect how many queries come in for
+ This value should reflect how many queries come in for
a given name in the time it takes to resolve that name.
If the number of queries exceed this value, <command>named</command> will
assume that it is dealing with a non-responsive zone
@@ -8854,113 +8505,113 @@
then there is no upper bound other than imposed by
<command>recursive-clients</command>.
</para>
- </listitem>
+ </listitem>
</varlistentry>
- <varlistentry>
- <term><command>notify-delay</command></term>
- <listitem>
- <para>
- The delay, in seconds, between sending sets of notify
- messages for a zone. The default is five (5) seconds.
- </para>
- <para>
+ <varlistentry>
+ <term><command>notify-delay</command></term>
+ <listitem>
+ <para>
+ The delay, in seconds, between sending sets of notify
+ messages for a zone. The default is five (5) seconds.
+ </para>
+ <para>
The overall rate that NOTIFY messages are sent for all
zones is controlled by <command>serial-query-rate</command>.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
</variablelist>
- </sect3>
+ </sect3>
- <sect3 id="builtin">
- <title>Built-in server information zones</title>
+ <sect3 id="builtin">
+ <title>Built-in server information zones</title>
- <para>
- The server provides some helpful diagnostic information
- through a number of built-in zones under the
- pseudo-top-level-domain <literal>bind</literal> in the
- <command>CHAOS</command> class. These zones are part
- of a
- built-in view (see <xref linkend="view_statement_grammar"/>) of
- class
- <command>CHAOS</command> which is separate from the
- default view of class <command>IN</command>. Most global
- configuration options (<command>allow-query</command>,
- etc) will apply to this view, but some are locally
- overridden: <command>notify</command>,
- <command>recursion</command> and
- <command>allow-new-zones</command> are
- always set to <userinput>no</userinput>.
- </para>
- <para>
- If you need to disable these zones, use the options
- below, or hide the built-in <command>CHAOS</command>
- view by
- defining an explicit view of class <command>CHAOS</command>
- that matches all clients.
- </para>
+ <para>
+ The server provides some helpful diagnostic information
+ through a number of built-in zones under the
+ pseudo-top-level-domain <literal>bind</literal> in the
+ <command>CHAOS</command> class. These zones are part
+ of a
+ built-in view (see <xref linkend="view_statement_grammar"/>) of
+ class
+ <command>CHAOS</command> which is separate from the
+ default view of class <command>IN</command>. Most global
+ configuration options (<command>allow-query</command>,
+ etc) will apply to this view, but some are locally
+ overridden: <command>notify</command>,
+ <command>recursion</command> and
+ <command>allow-new-zones</command> are
+ always set to <userinput>no</userinput>.
+ </para>
+ <para>
+ If you need to disable these zones, use the options
+ below, or hide the built-in <command>CHAOS</command>
+ view by
+ defining an explicit view of class <command>CHAOS</command>
+ that matches all clients.
+ </para>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>version</command></term>
- <listitem>
- <para>
- The version the server should report
- via a query of the name <literal>version.bind</literal>
- with type <command>TXT</command>, class <command>CHAOS</command>.
- The default is the real version number of this server.
- Specifying <command>version none</command>
- disables processing of the queries.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>version</command></term>
+ <listitem>
+ <para>
+ The version the server should report
+ via a query of the name <literal>version.bind</literal>
+ with type <command>TXT</command>, class <command>CHAOS</command>.
+ The default is the real version number of this server.
+ Specifying <command>version none</command>
+ disables processing of the queries.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>hostname</command></term>
- <listitem>
- <para>
- The hostname the server should report via a query of
- the name <filename>hostname.bind</filename>
- with type <command>TXT</command>, class <command>CHAOS</command>.
- This defaults to the hostname of the machine hosting the
- name server as
- found by the gethostname() function. The primary purpose of such queries
- is to
- identify which of a group of anycast servers is actually
- answering your queries. Specifying <command>hostname none;</command>
- disables processing of the queries.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>hostname</command></term>
+ <listitem>
+ <para>
+ The hostname the server should report via a query of
+ the name <filename>hostname.bind</filename>
+ with type <command>TXT</command>, class <command>CHAOS</command>.
+ This defaults to the hostname of the machine hosting the
+ name server as
+ found by the gethostname() function. The primary purpose of such queries
+ is to
+ identify which of a group of anycast servers is actually
+ answering your queries. Specifying <command>hostname none;</command>
+ disables processing of the queries.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>server-id</command></term>
- <listitem>
- <para>
- The ID the server should report when receiving a Name
- Server Identifier (NSID) query, or a query of the name
- <filename>ID.SERVER</filename> with type
- <command>TXT</command>, class <command>CHAOS</command>.
- The primary purpose of such queries is to
- identify which of a group of anycast servers is actually
- answering your queries. Specifying <command>server-id none;</command>
- disables processing of the queries.
- Specifying <command>server-id hostname;</command> will cause <command>named</command> to
- use the hostname as found by the gethostname() function.
- The default <command>server-id</command> is <command>none</command>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>server-id</command></term>
+ <listitem>
+ <para>
+ The ID the server should report when receiving a Name
+ Server Identifier (NSID) query, or a query of the name
+ <filename>ID.SERVER</filename> with type
+ <command>TXT</command>, class <command>CHAOS</command>.
+ The primary purpose of such queries is to
+ identify which of a group of anycast servers is actually
+ answering your queries. Specifying <command>server-id none;</command>
+ disables processing of the queries.
+ Specifying <command>server-id hostname;</command> will cause <command>named</command> to
+ use the hostname as found by the gethostname() function.
+ The default <command>server-id</command> is <command>none</command>.
+ </para>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3 id="empty">
- <title>Built-in Empty Zones</title>
+ <sect3 id="empty">
+ <title>Built-in Empty Zones</title>
<para>
Named has some built-in empty zones (SOA and NS records only).
These are for zones that should normally be answered locally
@@ -8967,11 +8618,11 @@
and which queries should not be sent to the Internet's root
servers. The official servers which cover these namespaces
return NXDOMAIN responses to these queries. In particular,
- these cover the reverse namespaces for addresses from
- RFC 1918, RFC 4193, RFC 5737 and RFC 6598. They also include the
- reverse namespace for IPv6 local address (locally assigned),
- IPv6 link local addresses, the IPv6 loopback address and the
- IPv6 unknown address.
+ these cover the reverse namespaces for addresses from
+ RFC 1918, RFC 4193, RFC 5737 and RFC 6598. They also include the
+ reverse namespace for IPv6 local address (locally assigned),
+ IPv6 link local addresses, the IPv6 loopback address and the
+ IPv6 unknown address.
</para>
<para>
Named will attempt to determine if a built-in zone already exists
@@ -9105,15 +8756,15 @@
root servers, this is all built-in empty zones. This will
enable them to return referrals to deeper in the tree.
</note>
- <variablelist>
+ <variablelist>
<varlistentry>
<term><command>empty-server</command></term>
<listitem>
- <para>
+ <para>
Specify what server name will appear in the returned
SOA record for empty zones. If none is specified, then
the zone's name will be used.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -9120,11 +8771,11 @@
<varlistentry>
<term><command>empty-contact</command></term>
<listitem>
- <para>
+ <para>
Specify what contact name will appear in the returned
SOA record for empty zones. If none is specified, then
"." will be used.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -9131,10 +8782,10 @@
<varlistentry>
<term><command>empty-zones-enable</command></term>
<listitem>
- <para>
+ <para>
Enable or disable all empty zones. By default, they
are enabled.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -9141,132 +8792,132 @@
<varlistentry>
<term><command>disable-empty-zone</command></term>
<listitem>
- <para>
+ <para>
Disable individual empty zones. By default, none are
disabled. This option can be specified multiple times.
- </para>
+ </para>
</listitem>
</varlistentry>
- </variablelist>
- </sect3>
+ </variablelist>
+ </sect3>
- <sect3 id="acache">
- <title>Additional Section Caching</title>
+ <sect3 id="acache">
+ <title>Additional Section Caching</title>
- <para>
- The additional section cache, also called <command>acache</command>,
- is an internal cache to improve the response performance of BIND 9.
- When additional section caching is enabled, BIND 9 will
- cache an internal short-cut to the additional section content for
- each answer RR.
- Note that <command>acache</command> is an internal caching
- mechanism of BIND 9, and is not related to the DNS caching
- server function.
- </para>
+ <para>
+ The additional section cache, also called <command>acache</command>,
+ is an internal cache to improve the response performance of BIND 9.
+ When additional section caching is enabled, BIND 9 will
+ cache an internal short-cut to the additional section content for
+ each answer RR.
+ Note that <command>acache</command> is an internal caching
+ mechanism of BIND 9, and is not related to the DNS caching
+ server function.
+ </para>
- <para>
- Additional section caching does not change the
- response content (except the RRsets ordering of the additional
- section, see below), but can improve the response performance
- significantly.
- It is particularly effective when BIND 9 acts as an authoritative
- server for a zone that has many delegations with many glue RRs.
- </para>
+ <para>
+ Additional section caching does not change the
+ response content (except the RRsets ordering of the additional
+ section, see below), but can improve the response performance
+ significantly.
+ It is particularly effective when BIND 9 acts as an authoritative
+ server for a zone that has many delegations with many glue RRs.
+ </para>
- <para>
- In order to obtain the maximum performance improvement
- from additional section caching, setting
- <command>additional-from-cache</command>
- to <command>no</command> is recommended, since the current
- implementation of <command>acache</command>
- does not short-cut of additional section information from the
- DNS cache data.
- </para>
+ <para>
+ In order to obtain the maximum performance improvement
+ from additional section caching, setting
+ <command>additional-from-cache</command>
+ to <command>no</command> is recommended, since the current
+ implementation of <command>acache</command>
+ does not short-cut of additional section information from the
+ DNS cache data.
+ </para>
- <para>
- One obvious disadvantage of <command>acache</command> is
- that it requires much more
- memory for the internal cached data.
- Thus, if the response performance does not matter and memory
- consumption is much more critical, the
- <command>acache</command> mechanism can be
- disabled by setting <command>acache-enable</command> to
- <command>no</command>.
- It is also possible to specify the upper limit of memory
- consumption
- for acache by using <command>max-acache-size</command>.
- </para>
+ <para>
+ One obvious disadvantage of <command>acache</command> is
+ that it requires much more
+ memory for the internal cached data.
+ Thus, if the response performance does not matter and memory
+ consumption is much more critical, the
+ <command>acache</command> mechanism can be
+ disabled by setting <command>acache-enable</command> to
+ <command>no</command>.
+ It is also possible to specify the upper limit of memory
+ consumption
+ for acache by using <command>max-acache-size</command>.
+ </para>
- <para>
- Additional section caching also has a minor effect on the
- RRset ordering in the additional section.
- Without <command>acache</command>,
- <command>cyclic</command> order is effective for the additional
- section as well as the answer and authority sections.
- However, additional section caching fixes the ordering when it
- first caches an RRset for the additional section, and the same
- ordering will be kept in succeeding responses, regardless of the
- setting of <command>rrset-order</command>.
- The effect of this should be minor, however, since an
- RRset in the additional section
- typically only contains a small number of RRs (and in many cases
- it only contains a single RR), in which case the
- ordering does not matter much.
- </para>
+ <para>
+ Additional section caching also has a minor effect on the
+ RRset ordering in the additional section.
+ Without <command>acache</command>,
+ <command>cyclic</command> order is effective for the additional
+ section as well as the answer and authority sections.
+ However, additional section caching fixes the ordering when it
+ first caches an RRset for the additional section, and the same
+ ordering will be kept in succeeding responses, regardless of the
+ setting of <command>rrset-order</command>.
+ The effect of this should be minor, however, since an
+ RRset in the additional section
+ typically only contains a small number of RRs (and in many cases
+ it only contains a single RR), in which case the
+ ordering does not matter much.
+ </para>
- <para>
- The following is a summary of options related to
- <command>acache</command>.
- </para>
+ <para>
+ The following is a summary of options related to
+ <command>acache</command>.
+ </para>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>acache-enable</command></term>
- <listitem>
- <para>
- If <command>yes</command>, additional section caching is
+ <varlistentry>
+ <term><command>acache-enable</command></term>
+ <listitem>
+ <para>
+ If <command>yes</command>, additional section caching is
enabled. The default value is <command>no</command>.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>acache-cleaning-interval</command></term>
- <listitem>
- <para>
- The server will remove stale cache entries, based on an LRU
- based
- algorithm, every <command>acache-cleaning-interval</command> minutes.
- The default is 60 minutes.
- If set to 0, no periodic cleaning will occur.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>acache-cleaning-interval</command></term>
+ <listitem>
+ <para>
+ The server will remove stale cache entries, based on an LRU
+ based
+ algorithm, every <command>acache-cleaning-interval</command> minutes.
+ The default is 60 minutes.
+ If set to 0, no periodic cleaning will occur.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-acache-size</command></term>
- <listitem>
- <para>
- The maximum amount of memory in bytes to use for the server's acache.
- When the amount of data in the acache reaches this limit,
- the server
- will clean more aggressively so that the limit is not
- exceeded.
- In a server with multiple views, the limit applies
- separately to the
- acache of each view.
- The default is <literal>16M</literal>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-acache-size</command></term>
+ <listitem>
+ <para>
+ The maximum amount of memory in bytes to use for the server's acache.
+ When the amount of data in the acache reaches this limit,
+ the server
+ will clean more aggressively so that the limit is not
+ exceeded.
+ In a server with multiple views, the limit applies
+ separately to the
+ acache of each view.
+ The default is <literal>16M</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
+ </sect3>
- <sect3>
- <title>Content Filtering</title>
+ <sect3>
+ <title>Content Filtering</title>
<para>
<acronym>BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -9301,7 +8952,7 @@
<para>
In the <varname>address_match_list</varname> of the
<command>deny-answer-addresses</command> option, only
- <varname>ip_addr</varname>
+ <varname>ip_addr</varname>
and <varname>ip_prefix</varname>
are meaningful;
any <varname>key_id</varname> will be silently ignored.
@@ -9402,7 +9053,7 @@
</para>
</sect3>
- <sect3>
+ <sect3>
<title>Response Policy Zone (RPZ) Rewriting</title>
<para>
<acronym>BIND</acronym> 9 includes a limited
@@ -9612,24 +9263,24 @@
<para>
For example, you might use this option statement
- </para>
+ </para>
<programlisting> response-policy { zone "badlist"; };</programlisting>
- <para>
- and this zone statement
- </para>
+ <para>
+ and this zone statement
+ </para>
<programlisting> zone "badlist" {type master; file "master/badlist"; allow-query {none;}; };</programlisting>
- <para>
- with this zone file
- </para>
+ <para>
+ with this zone file
+ </para>
<programlisting>$TTL 1H
@ SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
- NS LOCALHOST.
+ NS LOCALHOST.
; QNAME policy records. There are no periods (.) after the owner names.
nxdomain.domain.com CNAME . ; NXDOMAIN policy
nodata.domain.com CNAME *. ; NODATA policy
bad.domain.com A 10.0.0.1 ; redirect to a walled garden
- AAAA 2001:2::1
+ AAAA 2001:2::1
; do not rewrite (PASSTHRU) OK.DOMAIN.COM
ok.domain.com CNAME rpz-passthru.
@@ -9648,36 +9299,37 @@
ns.domain.com.rpz-nsdname CNAME .
48.zz.2.2001.rpz-nsip CNAME .
</programlisting>
- <para>
- RPZ can affect server performance.
- Each configured response policy zone requires the server to
- perform one to four additional database lookups before a
- query can be answered.
- For example, a DNS server with four policy zones, each with all
- four kinds of response triggers, QNAME, IP, NSIP, and
- NSDNAME, requires a total of 17 times as many database
- lookups as a similar DNS server with no response policy zones.
- A <acronym>BIND9</acronym> server with adequate memory and one
- response policy zone with QNAME and IP triggers might achieve a
- maximum queries-per-second rate about 20% lower.
- A server with four response policy zones with QNAME and IP
- triggers might have a maximum QPS rate about 50% lower.
- </para>
+ <para>
+ RPZ can affect server performance.
+ Each configured response policy zone requires the server to
+ perform one to four additional database lookups before a
+ query can be answered.
+ For example, a DNS server with four policy zones, each with all
+ four kinds of response triggers, QNAME, IP, NSIP, and
+ NSDNAME, requires a total of 17 times as many database
+ lookups as a similar DNS server with no response policy zones.
+ A <acronym>BIND9</acronym> server with adequate memory and one
+ response policy zone with QNAME and IP triggers might achieve a
+ maximum queries-per-second rate about 20% lower.
+ A server with four response policy zones with QNAME and IP
+ triggers might have a maximum QPS rate about 50% lower.
+ </para>
- <para>
- Responses rewritten by RPZ are counted in the
- <command>RPZRewrites</command> statistics.
- </para>
- </sect3>
+ <para>
+ Responses rewritten by RPZ are counted in the
+ <command>RPZRewrites</command> statistics.
+ </para>
+ </sect3>
</sect2>
<sect2 id="server_statement_grammar">
- <title><command>server</command> Statement Grammar</title>
+ <title><command>server</command> Statement Grammar</title>
<programlisting><command>server</command> <replaceable>ip_addr[/prefixlen]</replaceable> {
<optional> bogus <replaceable>yes_or_no</replaceable> ; </optional>
<optional> provide-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
<optional> request-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
+ <optional> request-nsid <replaceable>yes_or_no</replaceable> ; </optional>
<optional> edns <replaceable>yes_or_no</replaceable> ; </optional>
<optional> edns-udp-size <replaceable>number</replaceable> ; </optional>
<optional> max-udp-size <replaceable>number</replaceable> ; </optional>
@@ -9689,9 +9341,9 @@
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> query-source <optional> address ( <replaceable>ip_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
- <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional>; </optional>
+ <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional>; </optional>
<optional> query-source-v6 <optional> address ( <replaceable>ip_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
- <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional>; </optional>
+ <optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional>; </optional>
<optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
<optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional>
@@ -9698,94 +9350,94 @@
};
</programlisting>
- </sect2>
+ </sect2>
- <sect2 id="server_statement_definition_and_usage">
- <title><command>server</command> Statement Definition and
- Usage</title>
+ <sect2 id="server_statement_definition_and_usage">
+ <title><command>server</command> Statement Definition and
+ Usage</title>
- <para>
- The <command>server</command> statement defines
- characteristics
- to be associated with a remote name server. If a prefix length is
- specified, then a range of servers is covered. Only the most
- specific
- server clause applies regardless of the order in
- <filename>named.conf</filename>.
- </para>
+ <para>
+ The <command>server</command> statement defines
+ characteristics
+ to be associated with a remote name server. If a prefix length is
+ specified, then a range of servers is covered. Only the most
+ specific
+ server clause applies regardless of the order in
+ <filename>named.conf</filename>.
+ </para>
- <para>
- The <command>server</command> statement can occur at
- the top level of the
- configuration file or inside a <command>view</command>
- statement.
- If a <command>view</command> statement contains
- one or more <command>server</command> statements, only
- those
- apply to the view and any top-level ones are ignored.
- If a view contains no <command>server</command>
- statements,
- any top-level <command>server</command> statements are
- used as
- defaults.
- </para>
+ <para>
+ The <command>server</command> statement can occur at
+ the top level of the
+ configuration file or inside a <command>view</command>
+ statement.
+ If a <command>view</command> statement contains
+ one or more <command>server</command> statements, only
+ those
+ apply to the view and any top-level ones are ignored.
+ If a view contains no <command>server</command>
+ statements,
+ any top-level <command>server</command> statements are
+ used as
+ defaults.
+ </para>
- <para>
- If you discover that a remote server is giving out bad data,
- marking it as bogus will prevent further queries to it. The
- default
- value of <command>bogus</command> is <command>no</command>.
- </para>
- <para>
- The <command>provide-ixfr</command> clause determines
- whether
- the local server, acting as master, will respond with an
- incremental
- zone transfer when the given remote server, a slave, requests it.
- If set to <command>yes</command>, incremental transfer
- will be provided
- whenever possible. If set to <command>no</command>,
- all transfers
- to the remote server will be non-incremental. If not set, the
- value
- of the <command>provide-ixfr</command> option in the
- view or
- global options block is used as a default.
- </para>
+ <para>
+ If you discover that a remote server is giving out bad data,
+ marking it as bogus will prevent further queries to it. The
+ default
+ value of <command>bogus</command> is <command>no</command>.
+ </para>
+ <para>
+ The <command>provide-ixfr</command> clause determines
+ whether
+ the local server, acting as master, will respond with an
+ incremental
+ zone transfer when the given remote server, a slave, requests it.
+ If set to <command>yes</command>, incremental transfer
+ will be provided
+ whenever possible. If set to <command>no</command>,
+ all transfers
+ to the remote server will be non-incremental. If not set, the
+ value
+ of the <command>provide-ixfr</command> option in the
+ view or
+ global options block is used as a default.
+ </para>
- <para>
- The <command>request-ixfr</command> clause determines
- whether
- the local server, acting as a slave, will request incremental zone
- transfers from the given remote server, a master. If not set, the
- value of the <command>request-ixfr</command> option in
- the view or
- global options block is used as a default.
- </para>
+ <para>
+ The <command>request-ixfr</command> clause determines
+ whether
+ the local server, acting as a slave, will request incremental zone
+ transfers from the given remote server, a master. If not set, the
+ value of the <command>request-ixfr</command> option in
+ the view or
+ global options block is used as a default.
+ </para>
- <para>
- IXFR requests to servers that do not support IXFR will
- automatically
- fall back to AXFR. Therefore, there is no need to manually list
- which servers support IXFR and which ones do not; the global
- default
- of <command>yes</command> should always work.
- The purpose of the <command>provide-ixfr</command> and
- <command>request-ixfr</command> clauses is
- to make it possible to disable the use of IXFR even when both
- master
- and slave claim to support it, for example if one of the servers
- is buggy and crashes or corrupts data when IXFR is used.
- </para>
+ <para>
+ IXFR requests to servers that do not support IXFR will
+ automatically
+ fall back to AXFR. Therefore, there is no need to manually list
+ which servers support IXFR and which ones do not; the global
+ default
+ of <command>yes</command> should always work.
+ The purpose of the <command>provide-ixfr</command> and
+ <command>request-ixfr</command> clauses is
+ to make it possible to disable the use of IXFR even when both
+ master
+ and slave claim to support it, for example if one of the servers
+ is buggy and crashes or corrupts data when IXFR is used.
+ </para>
- <para>
- The <command>edns</command> clause determines whether
- the local server will attempt to use EDNS when communicating
+ <para>
+ The <command>edns</command> clause determines whether
+ the local server will attempt to use EDNS when communicating
with the remote server. The default is <command>yes</command>.
- </para>
+ </para>
- <para>
- The <command>edns-udp-size</command> option sets the EDNS UDP size
+ <para>
+ The <command>edns-udp-size</command> option sets the EDNS UDP size
that is advertised by <command>named</command> when querying the remote server.
Valid values are 512 to 4096 bytes (values outside this range will be
silently adjusted). This option is useful when you wish to
@@ -9792,9 +9444,9 @@
advertises a different value to this server than the value you
advertise globally, for example, when there is a firewall at the
remote site that is blocking large replies.
- </para>
+ </para>
- <para>
+ <para>
The <command>max-udp-size</command> option sets the
maximum EDNS UDP message size <command>named</command> will send. Valid
values are 512 to 4096 bytes (values outside this range will
@@ -9803,65 +9455,65 @@
replies from <command>named</command>.
</para>
- <para>
- The server supports two zone transfer methods. The first, <command>one-answer</command>,
- uses one DNS message per resource record transferred. <command>many-answers</command> packs
- as many resource records as possible into a message. <command>many-answers</command> is
- more efficient, but is only known to be understood by <acronym>BIND</acronym> 9, <acronym>BIND</acronym>
- 8.x, and patched versions of <acronym>BIND</acronym>
- 4.9.5. You can specify which method
- to use for a server with the <command>transfer-format</command> option.
- If <command>transfer-format</command> is not
- specified, the <command>transfer-format</command>
- specified
- by the <command>options</command> statement will be
- used.
- </para>
+ <para>
+ The server supports two zone transfer methods. The first, <command>one-answer</command>,
+ uses one DNS message per resource record transferred. <command>many-answers</command> packs
+ as many resource records as possible into a message. <command>many-answers</command> is
+ more efficient, but is only known to be understood by <acronym>BIND</acronym> 9, <acronym>BIND</acronym>
+ 8.x, and patched versions of <acronym>BIND</acronym>
+ 4.9.5. You can specify which method
+ to use for a server with the <command>transfer-format</command> option.
+ If <command>transfer-format</command> is not
+ specified, the <command>transfer-format</command>
+ specified
+ by the <command>options</command> statement will be
+ used.
+ </para>
- <para><command>transfers</command>
+ <para><command>transfers</command>
is used to limit the number of concurrent inbound zone
- transfers from the specified server. If no
- <command>transfers</command> clause is specified, the
- limit is set according to the
- <command>transfers-per-ns</command> option.
- </para>
+ transfers from the specified server. If no
+ <command>transfers</command> clause is specified, the
+ limit is set according to the
+ <command>transfers-per-ns</command> option.
+ </para>
- <para>
- The <command>keys</command> clause identifies a
- <command>key_id</command> defined by the <command>key</command> statement,
- to be used for transaction security (TSIG, <xref linkend="tsig"/>)
- when talking to the remote server.
- When a request is sent to the remote server, a request signature
- will be generated using the key specified here and appended to the
- message. A request originating from the remote server is not
- required
- to be signed by this key.
- </para>
+ <para>
+ The <command>keys</command> clause identifies a
+ <command>key_id</command> defined by the <command>key</command> statement,
+ to be used for transaction security (TSIG, <xref linkend="tsig"/>)
+ when talking to the remote server.
+ When a request is sent to the remote server, a request signature
+ will be generated using the key specified here and appended to the
+ message. A request originating from the remote server is not
+ required
+ to be signed by this key.
+ </para>
- <para>
- Although the grammar of the <command>keys</command>
- clause
- allows for multiple keys, only a single key per server is
- currently
- supported.
- </para>
+ <para>
+ Although the grammar of the <command>keys</command>
+ clause
+ allows for multiple keys, only a single key per server is
+ currently
+ supported.
+ </para>
- <para>
- The <command>transfer-source</command> and
- <command>transfer-source-v6</command> clauses specify
- the IPv4 and IPv6 source
- address to be used for zone transfer with the remote server,
- respectively.
- For an IPv4 remote server, only <command>transfer-source</command> can
- be specified.
- Similarly, for an IPv6 remote server, only
- <command>transfer-source-v6</command> can be
- specified.
- For more details, see the description of
- <command>transfer-source</command> and
- <command>transfer-source-v6</command> in
- <xref linkend="zone_transfers"/>.
- </para>
+ <para>
+ The <command>transfer-source</command> and
+ <command>transfer-source-v6</command> clauses specify
+ the IPv4 and IPv6 source
+ address to be used for zone transfer with the remote server,
+ respectively.
+ For an IPv4 remote server, only <command>transfer-source</command> can
+ be specified.
+ Similarly, for an IPv6 remote server, only
+ <command>transfer-source-v6</command> can be
+ specified.
+ For more details, see the description of
+ <command>transfer-source</command> and
+ <command>transfer-source-v6</command> in
+ <xref linkend="zone_transfers"/>.
+ </para>
<para>
The <command>notify-source</command> and
@@ -9883,10 +9535,17 @@
only <command>query-source-v6</command> can be specified.
</para>
- </sect2>
+ <para>
+ The <command>request-nsid</command> clause determines
+ whether the local server will add a NSID EDNS option
+ to requests sent to the server. This overrides
+ <command>request-nsid</command> set at the view or
+ option level.
+ </para>
+ </sect2>
<sect2 id="statschannels">
- <title><command>statistics-channels</command> Statement Grammar</title>
+ <title><command>statistics-channels</command> Statement Grammar</title>
<programlisting><command>statistics-channels</command> {
[ inet ( ip_addr | * ) [ port ip_port ]
@@ -9897,17 +9556,17 @@
</sect2>
<sect2>
- <title><command>statistics-channels</command> Statement Definition and
- Usage</title>
+ <title><command>statistics-channels</command> Statement Definition and
+ Usage</title>
- <para>
- The <command>statistics-channels</command> statement
+ <para>
+ The <command>statistics-channels</command> statement
declares communication channels to be used by system
administrators to get access to statistics information of
the name server.
- </para>
+ </para>
- <para>
+ <para>
This statement intends to be flexible to support multiple
communication protocols in the future, but currently only
HTTP access is supported.
@@ -9915,10 +9574,10 @@
the <command>statistics-channels</command> statement is
still accepted even if it is built without the library,
but any HTTP access will fail with an error.
- </para>
+ </para>
- <para>
- An <command>inet</command> control channel is a TCP socket
+ <para>
+ An <command>inet</command> control channel is a TCP socket
listening at the specified <command>ip_port</command> on the
specified <command>ip_addr</command>, which can be an IPv4 or IPv6
address. An <command>ip_addr</command> of <literal>*</literal> (asterisk) is
@@ -9925,20 +9584,20 @@
interpreted as the IPv4 wildcard address; connections will be
accepted on any of the system's IPv4 addresses.
To listen on the IPv6 wildcard address,
- use an <command>ip_addr</command> of <literal>::</literal>.
- </para>
+ use an <command>ip_addr</command> of <literal>::</literal>.
+ </para>
- <para>
- If no port is specified, port 80 is used for HTTP channels.
+ <para>
+ If no port is specified, port 80 is used for HTTP channels.
The asterisk "<literal>*</literal>" cannot be used for
<command>ip_port</command>.
- </para>
+ </para>
- <para>
- The attempt of opening a statistics channel is
- restricted by the optional <command>allow</command> clause.
+ <para>
+ The attempt of opening a statistics channel is
+ restricted by the optional <command>allow</command> clause.
Connections to the statistics channel are permitted based on the
- <command>address_match_list</command>.
+ <command>address_match_list</command>.
If no <command>allow</command> clause is present,
<command>named</command> accepts connection
attempts from any address; since the statistics may
@@ -9945,17 +9604,17 @@
contain sensitive internal information, it is highly
recommended to restrict the source of connection requests
appropriately.
- </para>
+ </para>
- <para>
- If no <command>statistics-channels</command> statement is present,
- <command>named</command> will not open any communication channels.
- </para>
+ <para>
+ If no <command>statistics-channels</command> statement is present,
+ <command>named</command> will not open any communication channels.
+ </para>
</sect2>
<sect2 id="trusted-keys">
- <title><command>trusted-keys</command> Statement Grammar</title>
+ <title><command>trusted-keys</command> Statement Grammar</title>
<programlisting><command>trusted-keys</command> {
<replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ;
@@ -9963,7 +9622,7 @@
};
</programlisting>
- </sect2>
+ </sect2>
<sect2>
<title><command>trusted-keys</command> Statement Definition
and Usage</title>
@@ -10005,134 +9664,134 @@
</para>
</sect2>
- <sect2>
- <title><command>managed-keys</command> Statement Grammar</title>
+ <sect2>
+ <title><command>managed-keys</command> Statement Grammar</title>
<programlisting><command>managed-keys</command> {
- <replaceable>name</replaceable> <literal>initial-key</literal> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ;
- <optional> <replaceable>name</replaceable> <literal>initial-key</literal> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ; <optional>...</optional></optional>
+ <replaceable>name</replaceable> initial-key <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ;
+ <optional> <replaceable>name</replaceable> initial-key <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ; <optional>...</optional></optional>
};
</programlisting>
- </sect2>
+ </sect2>
<sect2 id="managed-keys">
<title><command>managed-keys</command> Statement Definition
and Usage</title>
<para>
The <command>managed-keys</command> statement, like
- <command>trusted-keys</command>, defines DNSSEC
- security roots. The difference is that
- <command>managed-keys</command> can be kept up to date
- automatically, without intervention from the resolver
- operator.
+ <command>trusted-keys</command>, defines DNSSEC
+ security roots. The difference is that
+ <command>managed-keys</command> can be kept up to date
+ automatically, without intervention from the resolver
+ operator.
</para>
<para>
- Suppose, for example, that a zone's key-signing
- key was compromised, and the zone owner had to revoke and
- replace the key. A resolver which had the old key in a
- <command>trusted-keys</command> statement would be
- unable to validate this zone any longer; it would
- reply with a SERVFAIL response code. This would
- continue until the resolver operator had updated the
- <command>trusted-keys</command> statement with the new key.
+ Suppose, for example, that a zone's key-signing
+ key was compromised, and the zone owner had to revoke and
+ replace the key. A resolver which had the old key in a
+ <command>trusted-keys</command> statement would be
+ unable to validate this zone any longer; it would
+ reply with a SERVFAIL response code. This would
+ continue until the resolver operator had updated the
+ <command>trusted-keys</command> statement with the new key.
</para>
<para>
- If, however, the zone were listed in a
- <command>managed-keys</command> statement instead, then the
- zone owner could add a "stand-by" key to the zone in advance.
- <command>named</command> would store the stand-by key, and
- when the original key was revoked, <command>named</command>
- would be able to transition smoothly to the new key. It would
- also recognize that the old key had been revoked, and cease
- using that key to validate answers, minimizing the damage that
- the compromised key could do.
+ If, however, the zone were listed in a
+ <command>managed-keys</command> statement instead, then the
+ zone owner could add a "stand-by" key to the zone in advance.
+ <command>named</command> would store the stand-by key, and
+ when the original key was revoked, <command>named</command>
+ would be able to transition smoothly to the new key. It would
+ also recognize that the old key had been revoked, and cease
+ using that key to validate answers, minimizing the damage that
+ the compromised key could do.
</para>
- <para>
- A <command>managed-keys</command> statement contains a list of
- the keys to be managed, along with information about how the
- keys are to be initialized for the first time. The only
- initialization method currently supported (as of
- <acronym>BIND</acronym> 9.7.0) is <literal>initial-key</literal>.
- This means the <command>managed-keys</command> statement must
- contain a copy of the initializing key. (Future releases may
- allow keys to be initialized by other methods, eliminating this
- requirement.)
+ <para>
+ A <command>managed-keys</command> statement contains a list of
+ the keys to be managed, along with information about how the
+ keys are to be initialized for the first time. The only
+ initialization method currently supported (as of
+ <acronym>BIND</acronym> 9.7.0) is <literal>initial-key</literal>.
+ This means the <command>managed-keys</command> statement must
+ contain a copy of the initializing key. (Future releases may
+ allow keys to be initialized by other methods, eliminating this
+ requirement.)
</para>
- <para>
- Consequently, a <command>managed-keys</command> statement
- appears similar to a <command>trusted-keys</command>, differing
- in the presence of the second field, containing the keyword
- <literal>initial-key</literal>. The difference is, whereas the
- keys listed in a <command>trusted-keys</command> continue to be
- trusted until they are removed from
- <filename>named.conf</filename>, an initializing key listed
- in a <command>managed-keys</command> statement is only trusted
- <emphasis>once</emphasis>: for as long as it takes to load the
- managed key database and start the RFC 5011 key maintenance
- process.
+ <para>
+ Consequently, a <command>managed-keys</command> statement
+ appears similar to a <command>trusted-keys</command>, differing
+ in the presence of the second field, containing the keyword
+ <literal>initial-key</literal>. The difference is, whereas the
+ keys listed in a <command>trusted-keys</command> continue to be
+ trusted until they are removed from
+ <filename>named.conf</filename>, an initializing key listed
+ in a <command>managed-keys</command> statement is only trusted
+ <emphasis>once</emphasis>: for as long as it takes to load the
+ managed key database and start the RFC 5011 key maintenance
+ process.
</para>
- <para>
- The first time <command>named</command> runs with a managed key
- configured in <filename>named.conf</filename>, it fetches the
- DNSKEY RRset directly from the zone apex, and validates it
- using the key specified in the <command>managed-keys</command>
- statement. If the DNSKEY RRset is validly signed, then it is
- used as the basis for a new managed keys database.
+ <para>
+ The first time <command>named</command> runs with a managed key
+ configured in <filename>named.conf</filename>, it fetches the
+ DNSKEY RRset directly from the zone apex, and validates it
+ using the key specified in the <command>managed-keys</command>
+ statement. If the DNSKEY RRset is validly signed, then it is
+ used as the basis for a new managed keys database.
</para>
- <para>
- From that point on, whenever <command>named</command> runs, it
- sees the <command>managed-keys</command> statement, checks to
- make sure RFC 5011 key maintenance has already been initialized
- for the specified domain, and if so, it simply moves on. The
- key specified in the <command>managed-keys</command> is not
- used to validate answers; it has been superseded by the key or
- keys stored in the managed keys database.
- </para>
- <para>
- The next time <command>named</command> runs after a name
- has been <emphasis>removed</emphasis> from the
- <command>managed-keys</command> statement, the corresponding
- zone will be removed from the managed keys database,
- and RFC 5011 key maintenance will no longer be used for that
- domain.
+ <para>
+ From that point on, whenever <command>named</command> runs, it
+ sees the <command>managed-keys</command> statement, checks to
+ make sure RFC 5011 key maintenance has already been initialized
+ for the specified domain, and if so, it simply moves on. The
+ key specified in the <command>managed-keys</command> is not
+ used to validate answers; it has been superseded by the key or
+ keys stored in the managed keys database.
</para>
<para>
+ The next time <command>named</command> runs after a name
+ has been <emphasis>removed</emphasis> from the
+ <command>managed-keys</command> statement, the corresponding
+ zone will be removed from the managed keys database,
+ and RFC 5011 key maintenance will no longer be used for that
+ domain.
+ </para>
+ <para>
<command>named</command> only maintains a single managed keys
- database; consequently, unlike <command>trusted-keys</command>,
- <command>managed-keys</command> may only be set at the top
- level of <filename>named.conf</filename>, not within a view.
+ database; consequently, unlike <command>trusted-keys</command>,
+ <command>managed-keys</command> may only be set at the top
+ level of <filename>named.conf</filename>, not within a view.
</para>
- <para>
- In the current implementation, the managed keys database is
- stored as a master-format zone file called
- <filename>managed-keys.bind</filename>. When the key database
- is changed, the zone is updated. As with any other dynamic
- zone, changes will be written into a journal file,
- <filename>managed-keys.bind.jnl</filename>. They are committed
- to the master file as soon as possible afterward; in the case
- of the managed key database, this will usually occur within 30
- seconds. So, whenever <command>named</command> is using
- automatic key maintenance, those two files can be expected to
- exist in the working directory. (For this reason among others,
- the working directory should be always be writable by
- <command>named</command>.)
+ <para>
+ In the current implementation, the managed keys database is
+ stored as a master-format zone file called
+ <filename>managed-keys.bind</filename>. When the key database
+ is changed, the zone is updated. As with any other dynamic
+ zone, changes will be written into a journal file,
+ <filename>managed-keys.bind.jnl</filename>. They are committed
+ to the master file as soon as possible afterward; in the case
+ of the managed key database, this will usually occur within 30
+ seconds. So, whenever <command>named</command> is using
+ automatic key maintenance, those two files can be expected to
+ exist in the working directory. (For this reason among others,
+ the working directory should be always be writable by
+ <command>named</command>.)
</para>
<para>
If the <command>dnssec-validation</command> option is
set to <userinput>auto</userinput>, <command>named</command>
will automatically initialize a managed key for the
- root zone. Similarly, if the <command>dnssec-lookaside</command>
- option is set to <userinput>auto</userinput>,
- <command>named</command> will automatically initialize
- a managed key for the zone <literal>dlv.isc.org</literal>.
- In both cases, the key that is used to initialize the key
- maintenance process is built into <command>named</command>,
- and can be overridden from <command>bindkeys-file</command>.
+ root zone. Similarly, if the <command>dnssec-lookaside</command>
+ option is set to <userinput>auto</userinput>,
+ <command>named</command> will automatically initialize
+ a managed key for the zone <literal>dlv.isc.org</literal>.
+ In both cases, the key that is used to initialize the key
+ maintenance process is built into <command>named</command>,
+ and can be overridden from <command>bindkeys-file</command>.
</para>
</sect2>
- <sect2 id="view_statement_grammar">
- <title><command>view</command> Statement Grammar</title>
+ <sect2 id="view_statement_grammar">
+ <title><command>view</command> Statement Grammar</title>
<programlisting><command>view</command> <replaceable>view_name</replaceable>
<optional><replaceable>class</replaceable></optional> {
@@ -10144,100 +9803,100 @@
};
</programlisting>
- </sect2>
- <sect2>
- <title><command>view</command> Statement Definition and Usage</title>
+ </sect2>
+ <sect2>
+ <title><command>view</command> Statement Definition and Usage</title>
- <para>
- The <command>view</command> statement is a powerful
- feature
- of <acronym>BIND</acronym> 9 that lets a name server
- answer a DNS query differently
- depending on who is asking. It is particularly useful for
- implementing
- split DNS setups without having to run multiple servers.
- </para>
+ <para>
+ The <command>view</command> statement is a powerful
+ feature
+ of <acronym>BIND</acronym> 9 that lets a name server
+ answer a DNS query differently
+ depending on who is asking. It is particularly useful for
+ implementing
+ split DNS setups without having to run multiple servers.
+ </para>
- <para>
- Each <command>view</command> statement defines a view
- of the
- DNS namespace that will be seen by a subset of clients. A client
- matches
- a view if its source IP address matches the
- <varname>address_match_list</varname> of the view's
- <command>match-clients</command> clause and its
- destination IP address matches
- the <varname>address_match_list</varname> of the
- view's
- <command>match-destinations</command> clause. If not
- specified, both
- <command>match-clients</command> and <command>match-destinations</command>
- default to matching all addresses. In addition to checking IP
- addresses
- <command>match-clients</command> and <command>match-destinations</command>
- can also take <command>keys</command> which provide an
- mechanism for the
- client to select the view. A view can also be specified
- as <command>match-recursive-only</command>, which
- means that only recursive
- requests from matching clients will match that view.
- The order of the <command>view</command> statements is
- significant —
- a client request will be resolved in the context of the first
- <command>view</command> that it matches.
- </para>
+ <para>
+ Each <command>view</command> statement defines a view
+ of the
+ DNS namespace that will be seen by a subset of clients. A client
+ matches
+ a view if its source IP address matches the
+ <varname>address_match_list</varname> of the view's
+ <command>match-clients</command> clause and its
+ destination IP address matches
+ the <varname>address_match_list</varname> of the
+ view's
+ <command>match-destinations</command> clause. If not
+ specified, both
+ <command>match-clients</command> and <command>match-destinations</command>
+ default to matching all addresses. In addition to checking IP
+ addresses
+ <command>match-clients</command> and <command>match-destinations</command>
+ can also take <command>keys</command> which provide an
+ mechanism for the
+ client to select the view. A view can also be specified
+ as <command>match-recursive-only</command>, which
+ means that only recursive
+ requests from matching clients will match that view.
+ The order of the <command>view</command> statements is
+ significant —
+ a client request will be resolved in the context of the first
+ <command>view</command> that it matches.
+ </para>
- <para>
- Zones defined within a <command>view</command>
- statement will
- only be accessible to clients that match the <command>view</command>.
- By defining a zone of the same name in multiple views, different
- zone data can be given to different clients, for example,
- "internal"
- and "external" clients in a split DNS setup.
- </para>
+ <para>
+ Zones defined within a <command>view</command>
+ statement will
+ only be accessible to clients that match the <command>view</command>.
+ By defining a zone of the same name in multiple views, different
+ zone data can be given to different clients, for example,
+ "internal"
+ and "external" clients in a split DNS setup.
+ </para>
- <para>
- Many of the options given in the <command>options</command> statement
- can also be used within a <command>view</command>
- statement, and then
- apply only when resolving queries with that view. When no
- view-specific
- value is given, the value in the <command>options</command> statement
- is used as a default. Also, zone options can have default values
- specified
- in the <command>view</command> statement; these
- view-specific defaults
- take precedence over those in the <command>options</command> statement.
- </para>
+ <para>
+ Many of the options given in the <command>options</command> statement
+ can also be used within a <command>view</command>
+ statement, and then
+ apply only when resolving queries with that view. When no
+ view-specific
+ value is given, the value in the <command>options</command> statement
+ is used as a default. Also, zone options can have default values
+ specified
+ in the <command>view</command> statement; these
+ view-specific defaults
+ take precedence over those in the <command>options</command> statement.
+ </para>
- <para>
- Views are class specific. If no class is given, class IN
- is assumed. Note that all non-IN views must contain a hint zone,
- since only the IN class has compiled-in default hints.
- </para>
+ <para>
+ Views are class specific. If no class is given, class IN
+ is assumed. Note that all non-IN views must contain a hint zone,
+ since only the IN class has compiled-in default hints.
+ </para>
- <para>
- If there are no <command>view</command> statements in
- the config
- file, a default view that matches any client is automatically
- created
- in class IN. Any <command>zone</command> statements
- specified on
- the top level of the configuration file are considered to be part
- of
- this default view, and the <command>options</command>
- statement will
- apply to the default view. If any explicit <command>view</command>
- statements are present, all <command>zone</command>
- statements must
- occur inside <command>view</command> statements.
- </para>
+ <para>
+ If there are no <command>view</command> statements in
+ the config
+ file, a default view that matches any client is automatically
+ created
+ in class IN. Any <command>zone</command> statements
+ specified on
+ the top level of the configuration file are considered to be part
+ of
+ this default view, and the <command>options</command>
+ statement will
+ apply to the default view. If any explicit <command>view</command>
+ statements are present, all <command>zone</command>
+ statements must
+ occur inside <command>view</command> statements.
+ </para>
- <para>
- Here is an example of a typical split DNS setup implemented
- using <command>view</command> statements:
- </para>
+ <para>
+ Here is an example of a typical split DNS setup implemented
+ using <command>view</command> statements:
+ </para>
<programlisting>view "internal" {
// This should match our internal networks.
@@ -10250,8 +9909,8 @@
// Provide a complete view of the example.com
// zone including addresses of internal hosts.
zone "example.com" {
- type master;
- file "example-internal.db";
+ type master;
+ file "example-internal.db";
};
};
@@ -10266,16 +9925,16 @@
// Provide a restricted view of the example.com
// zone containing only publicly accessible hosts.
zone "example.com" {
- type master;
- file "example-external.db";
+ type master;
+ file "example-external.db";
};
};
</programlisting>
- </sect2>
- <sect2 id="zone_statement_grammar">
- <title><command>zone</command>
- Statement Grammar</title>
+ </sect2>
+ <sect2 id="zone_statement_grammar">
+ <title><command>zone</command>
+ Statement Grammar</title>
<programlisting><command>zone</command> <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
type master;
@@ -10285,11 +9944,11 @@
<optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
<optional> update-policy <replaceable>local</replaceable> | { <replaceable>update_policy_rule</replaceable> <optional>...</optional> }; </optional>
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
- <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
+ <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> check-mx (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
- <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
+ <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-integrity <replaceable>yes_or_no</replaceable> ; </optional>
<optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
<optional> file <replaceable>string</replaceable> ; </optional>
@@ -10339,7 +9998,7 @@
<optional> dnssec-secure-to-insecure <replaceable>yes_or_no</replaceable> ; </optional>
<optional> try-tcp-refresh <replaceable>yes_or_no</replaceable>; </optional>
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
- <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
+ <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
<optional> file <replaceable>string</replaceable> ; </optional>
@@ -10353,8 +10012,8 @@
<optional> ixfr-tmp-file <replaceable>string</replaceable> ; </optional>
<optional> maintain-ixfr-base <replaceable>yes_or_no</replaceable> ; </optional>
<optional> masters <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> | <replaceable>ip_addr</replaceable>
- <optional>port <replaceable>ip_port</replaceable></optional>
- <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }; </optional>
+ <optional>port <replaceable>ip_port</replaceable></optional>
+ <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }; </optional>
<optional> max-ixfr-log-size <replaceable>number</replaceable> ; </optional>
<optional> max-transfer-idle-in <replaceable>number</replaceable> ; </optional>
<optional> max-transfer-idle-out <replaceable>number</replaceable> ; </optional>
@@ -10368,7 +10027,7 @@
<optional> transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>)
- <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
+ <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> use-alt-transfer-source <replaceable>yes_or_no</replaceable>; </optional>
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
@@ -10401,17 +10060,17 @@
<optional> forward (<constant>only</constant>|<constant>first</constant>) ; </optional>
<optional> forwarders { <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> masters <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> | <replaceable>ip_addr</replaceable>
- <optional>port <replaceable>ip_port</replaceable></optional>
- <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }; </optional>
+ <optional>port <replaceable>ip_port</replaceable></optional>
+ <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }; </optional>
<optional> max-transfer-idle-in <replaceable>number</replaceable> ; </optional>
<optional> max-transfer-time-in <replaceable>number</replaceable> ; </optional>
<optional> pubkey <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; </optional>
<optional> transfer-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>)
- <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
+ <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> alt-transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>)
- <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
+ <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> use-alt-transfer-source <replaceable>yes_or_no</replaceable>; </optional>
<optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
<optional> database <replaceable>string</replaceable> ; </optional>
@@ -10443,145 +10102,145 @@
</programlisting>
- </sect2>
- <sect2>
- <title><command>zone</command> Statement Definition and Usage</title>
- <sect3>
- <title>Zone Types</title>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
- <!--colspec colname="1" colnum="1" colsep="0" colwidth="1.108in"/-->
- <!--colspec colname="2" colnum="2" colsep="0" colwidth="4.017in"/-->
+ </sect2>
+ <sect2>
+ <title><command>zone</command> Statement Definition and Usage</title>
+ <sect3>
+ <title>Zone Types</title>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
+ <!--colspec colname="1" colnum="1" colsep="0" colwidth="1.108in"/-->
+ <!--colspec colname="2" colnum="2" colsep="0" colwidth="4.017in"/-->
<colspec colname="1" colnum="1" colsep="0"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="4.017in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>master</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- The server has a master copy of the data
- for the zone and will be able to provide authoritative
- answers for
- it.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>slave</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A slave zone is a replica of a master
- zone. The <command>masters</command> list
- specifies one or more IP addresses
- of master servers that the slave contacts to update
- its copy of the zone.
- Masters list elements can also be names of other
- masters lists.
- By default, transfers are made from port 53 on the
- servers; this can
- be changed for all servers by specifying a port number
- before the
- list of IP addresses, or on a per-server basis after
- the IP address.
- Authentication to the master can also be done with
- per-server TSIG keys.
- If a file is specified, then the
- replica will be written to this file whenever the zone
- is changed,
- and reloaded from this file on a server restart. Use
- of a file is
- recommended, since it often speeds server startup and
- eliminates
- a needless waste of bandwidth. Note that for large
- numbers (in the
- tens or hundreds of thousands) of zones per server, it
- is best to
- use a two-level naming scheme for zone filenames. For
- example,
- a slave server for the zone <literal>example.com</literal> might place
- the zone contents into a file called
- <filename>ex/example.com</filename> where <filename>ex/</filename> is
- just the first two letters of the zone name. (Most
- operating systems
- behave very slowly if you put 100000 files into
- a single directory.)
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>stub</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A stub zone is similar to a slave zone,
- except that it replicates only the NS records of a
- master zone instead
- of the entire zone. Stub zones are not a standard part
- of the DNS;
- they are a feature specific to the <acronym>BIND</acronym> implementation.
- </para>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="4.017in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>master</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The server has a master copy of the data
+ for the zone and will be able to provide authoritative
+ answers for
+ it.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>slave</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A slave zone is a replica of a master
+ zone. The <command>masters</command> list
+ specifies one or more IP addresses
+ of master servers that the slave contacts to update
+ its copy of the zone.
+ Masters list elements can also be names of other
+ masters lists.
+ By default, transfers are made from port 53 on the
+ servers; this can
+ be changed for all servers by specifying a port number
+ before the
+ list of IP addresses, or on a per-server basis after
+ the IP address.
+ Authentication to the master can also be done with
+ per-server TSIG keys.
+ If a file is specified, then the
+ replica will be written to this file whenever the zone
+ is changed,
+ and reloaded from this file on a server restart. Use
+ of a file is
+ recommended, since it often speeds server startup and
+ eliminates
+ a needless waste of bandwidth. Note that for large
+ numbers (in the
+ tens or hundreds of thousands) of zones per server, it
+ is best to
+ use a two-level naming scheme for zone filenames. For
+ example,
+ a slave server for the zone <literal>example.com</literal> might place
+ the zone contents into a file called
+ <filename>ex/example.com</filename> where <filename>ex/</filename> is
+ just the first two letters of the zone name. (Most
+ operating systems
+ behave very slowly if you put 100000 files into
+ a single directory.)
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>stub</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A stub zone is similar to a slave zone,
+ except that it replicates only the NS records of a
+ master zone instead
+ of the entire zone. Stub zones are not a standard part
+ of the DNS;
+ they are a feature specific to the <acronym>BIND</acronym> implementation.
+ </para>
- <para>
- Stub zones can be used to eliminate the need for glue
- NS record
- in a parent zone at the expense of maintaining a stub
- zone entry and
- a set of name server addresses in <filename>named.conf</filename>.
- This usage is not recommended for new configurations,
- and BIND 9
- supports it only in a limited way.
- In <acronym>BIND</acronym> 4/8, zone
- transfers of a parent zone
- included the NS records from stub children of that
- zone. This meant
- that, in some cases, users could get away with
- configuring child stubs
- only in the master server for the parent zone. <acronym>BIND</acronym>
- 9 never mixes together zone data from different zones
- in this
- way. Therefore, if a <acronym>BIND</acronym> 9 master serving a parent
- zone has child stub zones configured, all the slave
- servers for the
- parent zone also need to have the same child stub
- zones
- configured.
- </para>
+ <para>
+ Stub zones can be used to eliminate the need for glue
+ NS record
+ in a parent zone at the expense of maintaining a stub
+ zone entry and
+ a set of name server addresses in <filename>named.conf</filename>.
+ This usage is not recommended for new configurations,
+ and BIND 9
+ supports it only in a limited way.
+ In <acronym>BIND</acronym> 4/8, zone
+ transfers of a parent zone
+ included the NS records from stub children of that
+ zone. This meant
+ that, in some cases, users could get away with
+ configuring child stubs
+ only in the master server for the parent zone. <acronym>BIND</acronym>
+ 9 never mixes together zone data from different zones
+ in this
+ way. Therefore, if a <acronym>BIND</acronym> 9 master serving a parent
+ zone has child stub zones configured, all the slave
+ servers for the
+ parent zone also need to have the same child stub
+ zones
+ configured.
+ </para>
- <para>
- Stub zones can also be used as a way of forcing the
- resolution
- of a given domain to use a particular set of
- authoritative servers.
- For example, the caching name servers on a private
- network using
- RFC1918 addressing may be configured with stub zones
- for
- <literal>10.in-addr.arpa</literal>
- to use a set of internal name servers as the
- authoritative
- servers for that domain.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>static-stub</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
+ <para>
+ Stub zones can also be used as a way of forcing the
+ resolution
+ of a given domain to use a particular set of
+ authoritative servers.
+ For example, the caching name servers on a private
+ network using
+ RFC1918 addressing may be configured with stub zones
+ for
+ <literal>10.in-addr.arpa</literal>
+ to use a set of internal name servers as the
+ authoritative
+ servers for that domain.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>static-stub</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
A static-stub zone is similar to a stub zone
with the following exceptions:
the zone data is statically configured, rather
@@ -10591,12 +10250,12 @@
configured data (nameserver names and glue addresses)
is always used even if different authoritative
information is cached.
- </para>
- <para>
+ </para>
+ <para>
Zone data is configured via the
<command>server-addresses</command> and
<command>server-names</command> zone options.
- </para>
+ </para>
<para>
The zone data is maintained in the form of NS
and (if necessary) glue A or AAAA RRs
@@ -10621,70 +10280,70 @@
internally generated NS and (if necessary)
glue A or AAAA RRs
</para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>forward</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- A "forward zone" is a way to configure
- forwarding on a per-domain basis. A <command>zone</command> statement
- of type <command>forward</command> can
- contain a <command>forward</command>
- and/or <command>forwarders</command>
- statement,
- which will apply to queries within the domain given by
- the zone
- name. If no <command>forwarders</command>
- statement is present or
- an empty list for <command>forwarders</command> is given, then no
- forwarding will be done for the domain, canceling the
- effects of
- any forwarders in the <command>options</command> statement. Thus
- if you want to use this type of zone to change the
- behavior of the
- global <command>forward</command> option
- (that is, "forward first"
- to, then "forward only", or vice versa, but want to
- use the same
- servers as set globally) you need to re-specify the
- global forwarders.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>hint</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
- The initial set of root name servers is
- specified using a "hint zone". When the server starts
- up, it uses
- the root hints to find a root name server and get the
- most recent
- list of root name servers. If no hint zone is
- specified for class
- IN, the server uses a compiled-in default set of root
- servers hints.
- Classes other than IN have no built-in defaults hints.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>delegation-only</varname>
- </para>
- </entry>
- <entry colname="2">
- <para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>forward</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A "forward zone" is a way to configure
+ forwarding on a per-domain basis. A <command>zone</command> statement
+ of type <command>forward</command> can
+ contain a <command>forward</command>
+ and/or <command>forwarders</command>
+ statement,
+ which will apply to queries within the domain given by
+ the zone
+ name. If no <command>forwarders</command>
+ statement is present or
+ an empty list for <command>forwarders</command> is given, then no
+ forwarding will be done for the domain, canceling the
+ effects of
+ any forwarders in the <command>options</command> statement. Thus
+ if you want to use this type of zone to change the
+ behavior of the
+ global <command>forward</command> option
+ (that is, "forward first"
+ to, then "forward only", or vice versa, but want to
+ use the same
+ servers as set globally) you need to re-specify the
+ global forwarders.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>hint</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The initial set of root name servers is
+ specified using a "hint zone". When the server starts
+ up, it uses
+ the root hints to find a root name server and get the
+ most recent
+ list of root name servers. If no hint zone is
+ specified for class
+ IN, the server uses a compiled-in default set of root
+ servers hints.
+ Classes other than IN have no built-in defaults hints.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>delegation-only</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
This is used to enforce the delegation-only
status of infrastructure zones (e.g. COM,
NET, ORG). Any answer that is received
@@ -10693,477 +10352,478 @@
as NXDOMAIN. This does not apply to the
zone apex. This should not be applied to
leaf zones.
- </para>
- <para>
- <varname>delegation-only</varname> has no
- effect on answers received from forwarders.
- </para>
+ </para>
<para>
+ <varname>delegation-only</varname> has no
+ effect on answers received from forwarders.
+ </para>
+ <para>
See caveats in <xref linkend="root_delegation_only"/>.
</para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- </sect3>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect3>
- <sect3>
- <title>Class</title>
- <para>
- The zone's name may optionally be followed by a class. If
- a class is not specified, class <literal>IN</literal> (for <varname>Internet</varname>),
- is assumed. This is correct for the vast majority of cases.
- </para>
- <para>
- The <literal>hesiod</literal> class is
- named for an information service from MIT's Project Athena. It
- is
- used to share information about various systems databases, such
- as users, groups, printers and so on. The keyword
- <literal>HS</literal> is
- a synonym for hesiod.
- </para>
- <para>
- Another MIT development is Chaosnet, a LAN protocol created
- in the mid-1970s. Zone data for it can be specified with the <literal>CHAOS</literal> class.
- </para>
- </sect3>
- <sect3>
+ <sect3>
+ <title>Class</title>
+ <para>
+ The zone's name may optionally be followed by a class. If
+ a class is not specified, class <literal>IN</literal> (for <varname>Internet</varname>),
+ is assumed. This is correct for the vast majority of cases.
+ </para>
+ <para>
+ The <literal>hesiod</literal> class is
+ named for an information service from MIT's Project Athena. It
+ is
+ used to share information about various systems databases, such
+ as users, groups, printers and so on. The keyword
+ <literal>HS</literal> is
+ a synonym for hesiod.
+ </para>
+ <para>
+ Another MIT development is Chaosnet, a LAN protocol created
+ in the mid-1970s. Zone data for it can be specified with the <literal>CHAOS</literal> class.
+ </para>
+ </sect3>
+ <sect3>
- <title>Zone Options</title>
+ <title>Zone Options</title>
- <variablelist>
+ <variablelist>
- <varlistentry>
- <term><command>allow-notify</command></term>
- <listitem>
- <para>
- See the description of
- <command>allow-notify</command> in <xref linkend="access_control"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-notify</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>allow-notify</command> in <xref linkend="access_control"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-query</command></term>
- <listitem>
- <para>
- See the description of
- <command>allow-query</command> in <xref linkend="access_control"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-query</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>allow-query</command> in <xref linkend="access_control"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-query-on</command></term>
- <listitem>
- <para>
- See the description of
- <command>allow-query-on</command> in <xref linkend="access_control"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-query-on</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>allow-query-on</command> in <xref linkend="access_control"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-transfer</command></term>
- <listitem>
- <para>
- See the description of <command>allow-transfer</command>
- in <xref linkend="access_control"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-transfer</command></term>
+ <listitem>
+ <para>
+ See the description of <command>allow-transfer</command>
+ in <xref linkend="access_control"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-update</command></term>
- <listitem>
- <para>
- See the description of <command>allow-update</command>
- in <xref linkend="access_control"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-update</command></term>
+ <listitem>
+ <para>
+ See the description of <command>allow-update</command>
+ in <xref linkend="access_control"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>update-policy</command></term>
- <listitem>
- <para>
- Specifies a "Simple Secure Update" policy. See
- <xref linkend="dynamic_update_policies"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>update-policy</command></term>
+ <listitem>
+ <para>
+ Specifies a "Simple Secure Update" policy. See
+ <xref linkend="dynamic_update_policies"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>allow-update-forwarding</command></term>
- <listitem>
- <para>
- See the description of <command>allow-update-forwarding</command>
- in <xref linkend="access_control"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>allow-update-forwarding</command></term>
+ <listitem>
+ <para>
+ See the description of <command>allow-update-forwarding</command>
+ in <xref linkend="access_control"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>also-notify</command></term>
- <listitem>
- <para>
- Only meaningful if <command>notify</command>
- is
- active for this zone. The set of machines that will
- receive a
- <literal>DNS NOTIFY</literal> message
- for this zone is made up of all the listed name servers
- (other than
- the primary master) for the zone plus any IP addresses
- specified
- with <command>also-notify</command>. A port
- may be specified
- with each <command>also-notify</command>
- address to send the notify
- messages to a port other than the default of 53.
- <command>also-notify</command> is not
- meaningful for stub zones.
- The default is the empty list.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>also-notify</command></term>
+ <listitem>
+ <para>
+ Only meaningful if <command>notify</command>
+ is
+ active for this zone. The set of machines that will
+ receive a
+ <literal>DNS NOTIFY</literal> message
+ for this zone is made up of all the listed name servers
+ (other than
+ the primary master) for the zone plus any IP addresses
+ specified
+ with <command>also-notify</command>. A port
+ may be specified
+ with each <command>also-notify</command>
+ address to send the notify
+ messages to a port other than the default of 53.
+ <command>also-notify</command> is not
+ meaningful for stub zones.
+ The default is the empty list.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>check-names</command></term>
- <listitem>
- <para>
- This option is used to restrict the character set and
- syntax of
- certain domain names in master files and/or DNS responses
- received from the
- network. The default varies according to zone type. For <command>master</command> zones the default is <command>fail</command>. For <command>slave</command>
- zones the default is <command>warn</command>.
- It is not implemented for <command>hint</command> zones.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>check-names</command></term>
+ <listitem>
+ <para>
+ This option is used to restrict the character set and
+ syntax of
+ certain domain names in master files and/or DNS responses
+ received from the
+ network. The default varies according to zone type. For <command>master</command> zones the default is <command>fail</command>. For <command>slave</command>
+ zones the default is <command>warn</command>.
+ It is not implemented for <command>hint</command> zones.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>check-mx</command></term>
- <listitem>
- <para>
- See the description of
- <command>check-mx</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>check-mx</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>check-mx</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>check-spf</command></term>
- <listitem>
- <para>
- See the description of
- <command>check-spf</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>check-spf</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>check-spf</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>check-wildcard</command></term>
- <listitem>
- <para>
- See the description of
- <command>check-wildcard</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>check-wildcard</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>check-wildcard</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>check-integrity</command></term>
- <listitem>
- <para>
- See the description of
- <command>check-integrity</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>check-integrity</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>check-integrity</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>check-sibling</command></term>
- <listitem>
- <para>
- See the description of
- <command>check-sibling</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>check-sibling</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>check-sibling</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>zero-no-soa-ttl</command></term>
- <listitem>
- <para>
- See the description of
- <command>zero-no-soa-ttl</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>zero-no-soa-ttl</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>zero-no-soa-ttl</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
- <term><command>update-check-ksk</command></term>
- <listitem>
- <para>
- See the description of
- <command>update-check-ksk</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <term><command>update-check-ksk</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>update-check-ksk</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
- <term><command>dnssec-dnskey-kskonly</command></term>
- <listitem>
- <para>
- See the description of
- <command>dnssec-dnskey-kskonly</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <term><command>dnssec-dnskey-kskonly</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>dnssec-dnskey-kskonly</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
- <term><command>try-tcp-refresh</command></term>
- <listitem>
- <para>
- See the description of
- <command>try-tcp-refresh</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <term><command>try-tcp-refresh</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>try-tcp-refresh</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>database</command></term>
- <listitem>
- <para>
- Specify the type of database to be used for storing the
- zone data. The string following the <command>database</command> keyword
- is interpreted as a list of whitespace-delimited words.
- The first word
- identifies the database type, and any subsequent words are
- passed
- as arguments to the database to be interpreted in a way
- specific
- to the database type.
- </para>
- <para>
- The default is <userinput>"rbt"</userinput>, BIND 9's
- native in-memory
- red-black-tree database. This database does not take
- arguments.
- </para>
- <para>
- Other values are possible if additional database drivers
- have been linked into the server. Some sample drivers are
- included
- with the distribution but none are linked in by default.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>database</command></term>
+ <listitem>
+ <para>
+ Specify the type of database to be used for storing the
+ zone data. The string following the <command>database</command> keyword
+ is interpreted as a list of whitespace-delimited words.
+ The first word
+ identifies the database type, and any subsequent words are
+ passed
+ as arguments to the database to be interpreted in a way
+ specific
+ to the database type.
+ </para>
+ <para>
+ The default is <userinput>"rbt"</userinput>, BIND 9's
+ native in-memory
+ red-black-tree database. This database does not take
+ arguments.
+ </para>
+ <para>
+ Other values are possible if additional database drivers
+ have been linked into the server. Some sample drivers are
+ included
+ with the distribution but none are linked in by default.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>dialup</command></term>
- <listitem>
- <para>
- See the description of
- <command>dialup</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>dialup</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>dialup</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>delegation-only</command></term>
- <listitem>
- <para>
- The flag only applies to hint and stub zones. If set
- to <userinput>yes</userinput>, then the zone will also be
- treated as if it is also a delegation-only type zone.
- </para>
+ <varlistentry>
+ <term><command>delegation-only</command></term>
+ <listitem>
<para>
+ The flag only applies to forward, hint and stub
+ zones. If set to <userinput>yes</userinput>,
+ then the zone will also be treated as if it is
+ also a delegation-only type zone.
+ </para>
+ <para>
See caveats in <xref linkend="root_delegation_only"/>.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>forward</command></term>
- <listitem>
- <para>
- Only meaningful if the zone has a forwarders
- list. The <command>only</command> value causes
- the lookup to fail
- after trying the forwarders and getting no answer, while <command>first</command> would
- allow a normal lookup to be tried.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>forward</command></term>
+ <listitem>
+ <para>
+ Only meaningful if the zone has a forwarders
+ list. The <command>only</command> value causes
+ the lookup to fail
+ after trying the forwarders and getting no answer, while <command>first</command> would
+ allow a normal lookup to be tried.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>forwarders</command></term>
- <listitem>
- <para>
- Used to override the list of global forwarders.
- If it is not specified in a zone of type <command>forward</command>,
- no forwarding is done for the zone and the global options are
- not used.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>forwarders</command></term>
+ <listitem>
+ <para>
+ Used to override the list of global forwarders.
+ If it is not specified in a zone of type <command>forward</command>,
+ no forwarding is done for the zone and the global options are
+ not used.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>ixfr-base</command></term>
- <listitem>
- <para>
- Was used in <acronym>BIND</acronym> 8 to
- specify the name
- of the transaction log (journal) file for dynamic update
- and IXFR.
- <acronym>BIND</acronym> 9 ignores the option
- and constructs the name of the journal
- file by appending "<filename>.jnl</filename>"
- to the name of the
- zone file.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>ixfr-base</command></term>
+ <listitem>
+ <para>
+ Was used in <acronym>BIND</acronym> 8 to
+ specify the name
+ of the transaction log (journal) file for dynamic update
+ and IXFR.
+ <acronym>BIND</acronym> 9 ignores the option
+ and constructs the name of the journal
+ file by appending "<filename>.jnl</filename>"
+ to the name of the
+ zone file.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>ixfr-tmp-file</command></term>
- <listitem>
- <para>
- Was an undocumented option in <acronym>BIND</acronym> 8.
- Ignored in <acronym>BIND</acronym> 9.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>ixfr-tmp-file</command></term>
+ <listitem>
+ <para>
+ Was an undocumented option in <acronym>BIND</acronym> 8.
+ Ignored in <acronym>BIND</acronym> 9.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>journal</command></term>
- <listitem>
- <para>
- Allow the default journal's filename to be overridden.
- The default is the zone's filename with "<filename>.jnl</filename>" appended.
- This is applicable to <command>master</command> and <command>slave</command> zones.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>journal</command></term>
+ <listitem>
+ <para>
+ Allow the default journal's filename to be overridden.
+ The default is the zone's filename with "<filename>.jnl</filename>" appended.
+ This is applicable to <command>master</command> and <command>slave</command> zones.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-journal-size</command></term>
- <listitem>
- <para>
- See the description of
- <command>max-journal-size</command> in <xref linkend="server_resource_limits"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-journal-size</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>max-journal-size</command> in <xref linkend="server_resource_limits"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-time-in</command></term>
- <listitem>
- <para>
- See the description of
- <command>max-transfer-time-in</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-time-in</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>max-transfer-time-in</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-idle-in</command></term>
- <listitem>
- <para>
- See the description of
- <command>max-transfer-idle-in</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-idle-in</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>max-transfer-idle-in</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-time-out</command></term>
- <listitem>
- <para>
- See the description of
- <command>max-transfer-time-out</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-time-out</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>max-transfer-time-out</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>max-transfer-idle-out</command></term>
- <listitem>
- <para>
- See the description of
- <command>max-transfer-idle-out</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>max-transfer-idle-out</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>max-transfer-idle-out</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify</command></term>
- <listitem>
- <para>
- See the description of
- <command>notify</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>notify</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>notify</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify-delay</command></term>
- <listitem>
- <para>
- See the description of
- <command>notify-delay</command> in <xref linkend="tuning"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>notify-delay</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>notify-delay</command> in <xref linkend="tuning"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify-to-soa</command></term>
- <listitem>
- <para>
- See the description of
- <command>notify-to-soa</command> in
+ <varlistentry>
+ <term><command>notify-to-soa</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>notify-to-soa</command> in
<xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>pubkey</command></term>
- <listitem>
- <para>
- In <acronym>BIND</acronym> 8, this option was
- intended for specifying
- a public zone key for verification of signatures in DNSSEC
- signed
- zones when they are loaded from disk. <acronym>BIND</acronym> 9 does not verify signatures
- on load and ignores the option.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>pubkey</command></term>
+ <listitem>
+ <para>
+ In <acronym>BIND</acronym> 8, this option was
+ intended for specifying
+ a public zone key for verification of signatures in DNSSEC
+ signed
+ zones when they are loaded from disk. <acronym>BIND</acronym> 9 does not verify signatures
+ on load and ignores the option.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>zone-statistics</command></term>
- <listitem>
- <para>
- If <userinput>yes</userinput>, the server will keep
- statistical
- information for this zone, which can be dumped to the
- <command>statistics-file</command> defined in
- the server options.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>zone-statistics</command></term>
+ <listitem>
+ <para>
+ If <userinput>yes</userinput>, the server will keep
+ statistical
+ information for this zone, which can be dumped to the
+ <command>statistics-file</command> defined in
+ the server options.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>server-addresses</command></term>
- <listitem>
- <para>
- Only meaningful for static-stub zones.
+ <varlistentry>
+ <term><command>server-addresses</command></term>
+ <listitem>
+ <para>
+ Only meaningful for static-stub zones.
This is a list of IP addresses to which queries
should be sent in recursive resolution for the
zone.
@@ -11170,7 +10830,7 @@
A non empty list for this option will internally
configure the apex NS RR with associated glue A or
AAAA RRs.
- </para>
+ </para>
<para>
For example, if "example.com" is configured as a
static-stub zone with 192.0.2.1 and 2001:db8::1234
@@ -11188,14 +10848,14 @@
will initiate recursive resolution and send
queries to 192.0.2.1 and/or 2001:db8::1234.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>server-names</command></term>
- <listitem>
- <para>
- Only meaningful for static-stub zones.
+ <varlistentry>
+ <term><command>server-names</command></term>
+ <listitem>
+ <para>
+ Only meaningful for static-stub zones.
This is a list of domain names of nameservers that
act as authoritative servers of the static-stub
zone.
@@ -11234,215 +10894,215 @@
"ns2.example.net" to IP addresses, and then send
queries to (one or more of) these addresses.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>sig-validity-interval</command></term>
- <listitem>
- <para>
- See the description of
- <command>sig-validity-interval</command> in <xref linkend="tuning"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>sig-validity-interval</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>sig-validity-interval</command> in <xref linkend="tuning"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>sig-signing-nodes</command></term>
- <listitem>
- <para>
- See the description of
- <command>sig-signing-nodes</command> in <xref linkend="tuning"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>sig-signing-nodes</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>sig-signing-nodes</command> in <xref linkend="tuning"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>sig-signing-signatures</command></term>
- <listitem>
- <para>
- See the description of
- <command>sig-signing-signatures</command> in <xref linkend="tuning"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>sig-signing-signatures</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>sig-signing-signatures</command> in <xref linkend="tuning"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>sig-signing-type</command></term>
- <listitem>
- <para>
- See the description of
- <command>sig-signing-type</command> in <xref linkend="tuning"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>sig-signing-type</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>sig-signing-type</command> in <xref linkend="tuning"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfer-source</command></term>
- <listitem>
- <para>
- See the description of
- <command>transfer-source</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>transfer-source</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>transfer-source</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>transfer-source-v6</command></term>
- <listitem>
- <para>
- See the description of
- <command>transfer-source-v6</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>transfer-source-v6</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>transfer-source-v6</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>alt-transfer-source</command></term>
- <listitem>
- <para>
- See the description of
- <command>alt-transfer-source</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>alt-transfer-source</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>alt-transfer-source</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>alt-transfer-source-v6</command></term>
- <listitem>
- <para>
- See the description of
- <command>alt-transfer-source-v6</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>alt-transfer-source-v6</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>alt-transfer-source-v6</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>use-alt-transfer-source</command></term>
- <listitem>
- <para>
- See the description of
- <command>use-alt-transfer-source</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>use-alt-transfer-source</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>use-alt-transfer-source</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify-source</command></term>
- <listitem>
- <para>
- See the description of
- <command>notify-source</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>notify-source</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>notify-source</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>notify-source-v6</command></term>
- <listitem>
- <para>
- See the description of
- <command>notify-source-v6</command> in <xref linkend="zone_transfers"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>notify-source-v6</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>notify-source-v6</command> in <xref linkend="zone_transfers"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>min-refresh-time</command></term>
- <term><command>max-refresh-time</command></term>
- <term><command>min-retry-time</command></term>
- <term><command>max-retry-time</command></term>
- <listitem>
- <para>
- See the description in <xref linkend="tuning"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>min-refresh-time</command></term>
+ <term><command>max-refresh-time</command></term>
+ <term><command>min-retry-time</command></term>
+ <term><command>max-retry-time</command></term>
+ <listitem>
+ <para>
+ See the description in <xref linkend="tuning"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>ixfr-from-differences</command></term>
- <listitem>
- <para>
- See the description of
- <command>ixfr-from-differences</command> in <xref linkend="boolean_options"/>.
+ <varlistentry>
+ <term><command>ixfr-from-differences</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>ixfr-from-differences</command> in <xref linkend="boolean_options"/>.
(Note that the <command>ixfr-from-differences</command>
<userinput>master</userinput> and
<userinput>slave</userinput> choices are not
available at the zone level.)
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>key-directory</command></term>
- <listitem>
- <para>
- See the description of
- <command>key-directory</command> in <xref linkend="options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>key-directory</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>key-directory</command> in <xref linkend="options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>auto-dnssec</command></term>
- <listitem>
- <para>
- Zones configured for dynamic DNS may also use this
- option to allow varying levels of automatic DNSSEC key
- management. There are three possible settings:
- </para>
- <para>
- <command>auto-dnssec allow;</command> permits
- keys to be updated and the zone fully re-signed
- whenever the user issues the command <command>rndc sign
- <replaceable>zonename</replaceable></command>.
- </para>
- <para>
- <command>auto-dnssec maintain;</command> includes the
- above, but also automatically adjusts the zone's DNSSEC
- keys on schedule, according to the keys' timing metadata
- (see <xref linkend="man.dnssec-keygen"/> and
- <xref linkend="man.dnssec-settime"/>). The command
- <command>rndc sign
- <replaceable>zonename</replaceable></command> causes
- <command>named</command> to load keys from the key
- repository and sign the zone with all keys that are
- active.
- <command>rndc loadkeys
- <replaceable>zonename</replaceable></command> causes
- <command>named</command> to load keys from the key
- repository and schedule key maintenance events to occur
- in the future, but it does not sign the full zone
- immediately. Note: once keys have been loaded for a
- zone the first time, the repository will be searched
- for changes periodically, regardless of whether
- <command>rndc loadkeys</command> is used. The recheck
- interval is hard-coded to
- one hour.
- </para>
- <para>
- <command>auto-dnssec create;</command> includes the
- above, but also allows <command>named</command>
- to create new keys in the key repository when needed.
- (NOTE: This option is not yet implemented; the syntax is
- being reserved for future use.)
- </para>
- <para>
- The default setting is <command>auto-dnssec off</command>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>auto-dnssec</command></term>
+ <listitem>
+ <para>
+ Zones configured for dynamic DNS may also use this
+ option to allow varying levels of automatic DNSSEC key
+ management. There are three possible settings:
+ </para>
+ <para>
+ <command>auto-dnssec allow;</command> permits
+ keys to be updated and the zone fully re-signed
+ whenever the user issues the command <command>rndc sign
+ <replaceable>zonename</replaceable></command>.
+ </para>
+ <para>
+ <command>auto-dnssec maintain;</command> includes the
+ above, but also automatically adjusts the zone's DNSSEC
+ keys on schedule, according to the keys' timing metadata
+ (see <xref linkend="man.dnssec-keygen"/> and
+ <xref linkend="man.dnssec-settime"/>). The command
+ <command>rndc sign
+ <replaceable>zonename</replaceable></command> causes
+ <command>named</command> to load keys from the key
+ repository and sign the zone with all keys that are
+ active.
+ <command>rndc loadkeys
+ <replaceable>zonename</replaceable></command> causes
+ <command>named</command> to load keys from the key
+ repository and schedule key maintenance events to occur
+ in the future, but it does not sign the full zone
+ immediately. Note: once keys have been loaded for a
+ zone the first time, the repository will be searched
+ for changes periodically, regardless of whether
+ <command>rndc loadkeys</command> is used. The recheck
+ interval is hard-coded to
+ one hour.
+ </para>
+ <para>
+ <command>auto-dnssec create;</command> includes the
+ above, but also allows <command>named</command>
+ to create new keys in the key repository when needed.
+ (NOTE: This option is not yet implemented; the syntax is
+ being reserved for future use.)
+ </para>
+ <para>
+ The default setting is <command>auto-dnssec off</command>.
+ </para>
+ </listitem>
+ </varlistentry>
- <varlistentry>
- <term><command>multi-master</command></term>
- <listitem>
- <para>
- See the description of <command>multi-master</command> in
+ <varlistentry>
+ <term><command>multi-master</command></term>
+ <listitem>
+ <para>
+ See the description of <command>multi-master</command> in
<xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><command>masterfile-format</command></term>
@@ -11454,21 +11114,21 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>dnssec-secure-to-insecure</command></term>
- <listitem>
- <para>
- See the description of
- <command>dnssec-secure-to-insecure</command> in <xref linkend="boolean_options"/>.
- </para>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><command>dnssec-secure-to-insecure</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>dnssec-secure-to-insecure</command> in <xref linkend="boolean_options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
- </variablelist>
+ </variablelist>
- </sect3>
- <sect3 id="dynamic_update_policies">
- <title>Dynamic Update Policies</title>
+ </sect3>
+ <sect3 id="dynamic_update_policies">
+ <title>Dynamic Update Policies</title>
<para><acronym>BIND</acronym> 9 supports two alternative
methods of granting clients the right to perform
dynamic updates to a zone, configured by the
@@ -11502,54 +11162,54 @@
address is not relevant.
</para>
<para>
- There is a pre-defined <command>update-policy</command>
- rule which can be switched on with the command
- <command>update-policy local;</command>.
- Switching on this rule in a zone causes
- <command>named</command> to generate a TSIG session
- key and place it in a file, and to allow that key
- to update the zone. (By default, the file is
- <filename>/var/run/named/session.key</filename>, the key
- name is "local-ddns" and the key algorithm is HMAC-SHA256,
- but these values are configurable with the
- <command>session-keyfile</command>,
- <command>session-keyname</command> and
- <command>session-keyalg</command> options, respectively).
- </para>
+ There is a pre-defined <command>update-policy</command>
+ rule which can be switched on with the command
+ <command>update-policy local;</command>.
+ Switching on this rule in a zone causes
+ <command>named</command> to generate a TSIG session
+ key and place it in a file, and to allow that key
+ to update the zone. (By default, the file is
+ <filename>/var/run/named/session.key</filename>, the key
+ name is "local-ddns" and the key algorithm is HMAC-SHA256,
+ but these values are configurable with the
+ <command>session-keyfile</command>,
+ <command>session-keyname</command> and
+ <command>session-keyalg</command> options, respectively).
+ </para>
<para>
- A client running on the local system, and with appropriate
- permissions, may read that file and use the key to sign update
- requests. The zone's update policy will be set to allow that
- key to change any record within the zone. Assuming the
- key name is "local-ddns", this policy is equivalent to:
- </para>
+ A client running on the local system, and with appropriate
+ permissions, may read that file and use the key to sign update
+ requests. The zone's update policy will be set to allow that
+ key to change any record within the zone. Assuming the
+ key name is "local-ddns", this policy is equivalent to:
+ </para>
- <programlisting>update-policy { grant local-ddns zonesub any; };
- </programlisting>
+ <programlisting>update-policy { grant local-ddns zonesub any; };
+ </programlisting>
<para>
- The command <command>nsupdate -l</command> sends update
- requests to localhost, and signs them using the session key.
+ The command <command>nsupdate -l</command> sends update
+ requests to localhost, and signs them using the session key.
</para>
<para>
- Other rule definitions look like this:
- </para>
+ Other rule definitions look like this:
+ </para>
<programlisting>
( <command>grant</command> | <command>deny</command> ) <replaceable>identity</replaceable> <replaceable>nametype</replaceable> <optional> <replaceable>name</replaceable> </optional> <optional> <replaceable>types</replaceable> </optional>
</programlisting>
- <para>
- Each rule grants or denies privileges. Once a message has
- successfully matched a rule, the operation is immediately
- granted or denied and no further rules are examined. A rule
- is matched when the signer matches the identity field, the
- name matches the name field in accordance with the nametype
- field, and the type matches the types specified in the type
- field.
- </para>
- <para>
+ <para>
+ Each rule grants or denies privileges. Once a message has
+ successfully matched a rule, the operation is immediately
+ granted or denied and no further rules are examined. A rule
+ is matched when the signer matches the identity field, the
+ name matches the name field in accordance with the nametype
+ field, and the type matches the types specified in the type
+ field.
+ </para>
+ <para>
No signer is required for <replaceable>tcp-self</replaceable>
or <replaceable>6to4-self</replaceable> however the standard
reverse mapping / prefix conversion must match the identity
@@ -11575,15 +11235,15 @@
<para>
For nametypes <varname>krb5-self</varname>,
<varname>ms-self</varname>, <varname>krb5-subdomain</varname>,
- and <varname>ms-subdomain</varname> the
+ and <varname>ms-subdomain</varname> the
<replaceable>identity</replaceable> field specifies
the Windows or Kerberos realm of the machine belongs to.
</para>
- <para>
- The <replaceable>nametype</replaceable> field has 13
- values:
- <varname>name</varname>, <varname>subdomain</varname>,
- <varname>wildcard</varname>, <varname>self</varname>,
+ <para>
+ The <replaceable>nametype</replaceable> field has 13
+ values:
+ <varname>name</varname>, <varname>subdomain</varname>,
+ <varname>wildcard</varname>, <varname>self</varname>,
<varname>selfsub</varname>, <varname>selfwild</varname>,
<varname>krb5-self</varname>, <varname>ms-self</varname>,
<varname>krb5-subdomain</varname>,
@@ -11590,12 +11250,12 @@
<varname>ms-subdomain</varname>,
<varname>tcp-self</varname>, <varname>6to4-self</varname>,
<varname>zonesub</varname>, and <varname>external</varname>.
- </para>
- <informaltable>
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="0.819in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.681in"/>
- <tbody>
+ </para>
+ <informaltable>
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="0.819in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.681in"/>
+ <tbody>
<row rowsep="0">
<entry colname="1">
<para>
@@ -11641,8 +11301,8 @@
multiple zones without modification.
</para>
<para>
- When this rule is used, the
- <replaceable>name</replaceable> field is omitted.
+ When this rule is used, the
+ <replaceable>name</replaceable> field is omitted.
</para>
</entry>
</row>
@@ -11660,14 +11320,14 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <varname>self</varname>
- </para>
- </entry>
- <entry colname="2">
+ <row rowsep="0">
+ <entry colname="1">
<para>
+ <varname>self</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
This rule matches when the name being updated
matches the contents of the
<replaceable>identity</replaceable> field.
@@ -11720,7 +11380,7 @@
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
- to update machine.realm. The REALM to be matched
+ to update machine.realm. The REALM to be matched
is specified in the <replaceable>identity</replaceable>
field.
</para>
@@ -11752,7 +11412,7 @@
This rule takes a Kerberos machine principal
(host/machine at REALM) for machine in REALM and
and converts it machine.realm allowing the machine
- to update machine.realm. The REALM to be matched
+ to update machine.realm. The REALM to be matched
is specified in the <replaceable>identity</replaceable>
field.
</para>
@@ -11828,8 +11488,8 @@
field, the format of which is
"<constant>local:</constant><replaceable>path</replaceable>",
where <replaceable>path</replaceable> is the location
- of a UNIX-domain socket. (Currently, "local" is the
- only supported mechanism.)
+ of a UNIX-domain socket. (Currently, "local" is the
+ only supported mechanism.)
</para>
<para>
Requests to the external daemon are sent over the
@@ -11854,14 +11514,14 @@
</para>
</entry>
</row>
- </tbody>
- </tgroup>
- </informaltable>
+ </tbody>
+ </tgroup>
+ </informaltable>
- <para>
- In all cases, the <replaceable>name</replaceable>
- field must specify a fully-qualified domain name.
- </para>
+ <para>
+ In all cases, the <replaceable>name</replaceable>
+ field must specify a fully-qualified domain name.
+ </para>
<para>
If no types are explicitly specified, this rule matches
@@ -11872,442 +11532,442 @@
all records associated with a name, the rules are
checked for each existing record type.
</para>
- </sect3>
- </sect2>
+ </sect3>
+ </sect2>
</sect1>
<sect1>
- <title>Zone File</title>
- <sect2 id="types_of_resource_records_and_when_to_use_them">
- <title>Types of Resource Records and When to Use Them</title>
- <para>
- This section, largely borrowed from RFC 1034, describes the
- concept of a Resource Record (RR) and explains when each is used.
- Since the publication of RFC 1034, several new RRs have been
- identified
- and implemented in the DNS. These are also included.
- </para>
- <sect3>
- <title>Resource Records</title>
+ <title>Zone File</title>
+ <sect2 id="types_of_resource_records_and_when_to_use_them">
+ <title>Types of Resource Records and When to Use Them</title>
+ <para>
+ This section, largely borrowed from RFC 1034, describes the
+ concept of a Resource Record (RR) and explains when each is used.
+ Since the publication of RFC 1034, several new RRs have been
+ identified
+ and implemented in the DNS. These are also included.
+ </para>
+ <sect3>
+ <title>Resource Records</title>
- <para>
- A domain name identifies a node. Each node has a set of
- resource information, which may be empty. The set of resource
- information associated with a particular name is composed of
- separate RRs. The order of RRs in a set is not significant and
- need not be preserved by name servers, resolvers, or other
- parts of the DNS. However, sorting of multiple RRs is
- permitted for optimization purposes, for example, to specify
- that a particular nearby server be tried first. See <xref linkend="the_sortlist_statement"/> and <xref linkend="rrset_ordering"/>.
- </para>
+ <para>
+ A domain name identifies a node. Each node has a set of
+ resource information, which may be empty. The set of resource
+ information associated with a particular name is composed of
+ separate RRs. The order of RRs in a set is not significant and
+ need not be preserved by name servers, resolvers, or other
+ parts of the DNS. However, sorting of multiple RRs is
+ permitted for optimization purposes, for example, to specify
+ that a particular nearby server be tried first. See <xref linkend="the_sortlist_statement"/> and <xref linkend="rrset_ordering"/>.
+ </para>
- <para>
- The components of a Resource Record are:
- </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.000in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.500in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- owner name
- </para>
- </entry>
- <entry colname="2">
- <para>
- The domain name where the RR is found.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- type
- </para>
- </entry>
- <entry colname="2">
- <para>
- An encoded 16-bit value that specifies
- the type of the resource record.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- TTL
- </para>
- </entry>
- <entry colname="2">
- <para>
- The time-to-live of the RR. This field
- is a 32-bit integer in units of seconds, and is
- primarily used by
- resolvers when they cache RRs. The TTL describes how
- long a RR can
- be cached before it should be discarded.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- class
- </para>
- </entry>
- <entry colname="2">
- <para>
- An encoded 16-bit value that identifies
- a protocol family or instance of a protocol.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- RDATA
- </para>
- </entry>
- <entry colname="2">
- <para>
- The resource data. The format of the
- data is type (and sometimes class) specific.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <para>
- The following are <emphasis>types</emphasis> of valid RRs:
- </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.625in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- A
- </para>
- </entry>
- <entry colname="2">
- <para>
- A host address. In the IN class, this is a
- 32-bit IP address. Described in RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- AAAA
- </para>
- </entry>
- <entry colname="2">
- <para>
- IPv6 address. Described in RFC 1886.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- A6
- </para>
- </entry>
- <entry colname="2">
- <para>
- IPv6 address. This can be a partial
- address (a suffix) and an indirection to the name
- where the rest of the
- address (the prefix) can be found. Experimental.
- Described in RFC 2874.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- AFSDB
- </para>
- </entry>
- <entry colname="2">
- <para>
- Location of AFS database servers.
- Experimental. Described in RFC 1183.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- APL
- </para>
- </entry>
- <entry colname="2">
- <para>
- Address prefix list. Experimental.
- Described in RFC 3123.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- CERT
- </para>
- </entry>
- <entry colname="2">
- <para>
- Holds a digital certificate.
- Described in RFC 2538.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- CNAME
- </para>
- </entry>
- <entry colname="2">
- <para>
- Identifies the canonical name of an alias.
- Described in RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- DHCID
- </para>
- </entry>
- <entry colname="2">
- <para>
+ <para>
+ The components of a Resource Record are:
+ </para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.000in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.500in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ owner name
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The domain name where the RR is found.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ type
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ An encoded 16-bit value that specifies
+ the type of the resource record.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ TTL
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The time-to-live of the RR. This field
+ is a 32-bit integer in units of seconds, and is
+ primarily used by
+ resolvers when they cache RRs. The TTL describes how
+ long a RR can
+ be cached before it should be discarded.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ class
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ An encoded 16-bit value that identifies
+ a protocol family or instance of a protocol.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ RDATA
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The resource data. The format of the
+ data is type (and sometimes class) specific.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ The following are <emphasis>types</emphasis> of valid RRs:
+ </para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.625in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ A
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A host address. In the IN class, this is a
+ 32-bit IP address. Described in RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ AAAA
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ IPv6 address. Described in RFC 1886.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ A6
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ IPv6 address. This can be a partial
+ address (a suffix) and an indirection to the name
+ where the rest of the
+ address (the prefix) can be found. Experimental.
+ Described in RFC 2874.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ AFSDB
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Location of AFS database servers.
+ Experimental. Described in RFC 1183.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ APL
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Address prefix list. Experimental.
+ Described in RFC 3123.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ CERT
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Holds a digital certificate.
+ Described in RFC 2538.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ CNAME
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Identifies the canonical name of an alias.
+ Described in RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ DHCID
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
Is used for identifying which DHCP client is
associated with this name. Described in RFC 4701.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- DNAME
- </para>
- </entry>
- <entry colname="2">
- <para>
- Replaces the domain name specified with
- another name to be looked up, effectively aliasing an
- entire
- subtree of the domain name space rather than a single
- record
- as in the case of the CNAME RR.
- Described in RFC 2672.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- DNSKEY
- </para>
- </entry>
- <entry colname="2">
- <para>
- Stores a public key associated with a signed
- DNS zone. Described in RFC 4034.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- DS
- </para>
- </entry>
- <entry colname="2">
- <para>
- Stores the hash of a public key associated with a
- signed DNS zone. Described in RFC 4034.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- GPOS
- </para>
- </entry>
- <entry colname="2">
- <para>
- Specifies the global position. Superseded by LOC.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- HINFO
- </para>
- </entry>
- <entry colname="2">
- <para>
- Identifies the CPU and OS used by a host.
- Described in RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- IPSECKEY
- </para>
- </entry>
- <entry colname="2">
- <para>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ DNAME
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Replaces the domain name specified with
+ another name to be looked up, effectively aliasing an
+ entire
+ subtree of the domain name space rather than a single
+ record
+ as in the case of the CNAME RR.
+ Described in RFC 2672.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ DNSKEY
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Stores a public key associated with a signed
+ DNS zone. Described in RFC 4034.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ DS
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Stores the hash of a public key associated with a
+ signed DNS zone. Described in RFC 4034.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ GPOS
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Specifies the global position. Superseded by LOC.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ HINFO
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Identifies the CPU and OS used by a host.
+ Described in RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ IPSECKEY
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
Provides a method for storing IPsec keying material in
DNS. Described in RFC 4025.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- ISDN
- </para>
- </entry>
- <entry colname="2">
- <para>
- Representation of ISDN addresses.
- Experimental. Described in RFC 1183.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- KEY
- </para>
- </entry>
- <entry colname="2">
- <para>
- Stores a public key associated with a
- DNS name. Used in original DNSSEC; replaced
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ ISDN
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Representation of ISDN addresses.
+ Experimental. Described in RFC 1183.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ KEY
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Stores a public key associated with a
+ DNS name. Used in original DNSSEC; replaced
by DNSKEY in DNSSECbis, but still used with
SIG(0). Described in RFCs 2535 and 2931.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- KX
- </para>
- </entry>
- <entry colname="2">
- <para>
- Identifies a key exchanger for this
- DNS name. Described in RFC 2230.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- LOC
- </para>
- </entry>
- <entry colname="2">
- <para>
- For storing GPS info. Described in RFC 1876.
- Experimental.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- MX
- </para>
- </entry>
- <entry colname="2">
- <para>
- Identifies a mail exchange for the domain with
- a 16-bit preference value (lower is better)
- followed by the host name of the mail exchange.
- Described in RFC 974, RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- NAPTR
- </para>
- </entry>
- <entry colname="2">
- <para>
- Name authority pointer. Described in RFC 2915.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- NSAP
- </para>
- </entry>
- <entry colname="2">
- <para>
- A network service access point.
- Described in RFC 1706.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- NS
- </para>
- </entry>
- <entry colname="2">
- <para>
- The authoritative name server for the
- domain. Described in RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- NSEC
- </para>
- </entry>
- <entry colname="2">
- <para>
- Used in DNSSECbis to securely indicate that
- RRs with an owner name in a certain name interval do
- not exist in
- a zone and indicate what RR types are present for an
- existing name.
- Described in RFC 4034.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- NSEC3
- </para>
- </entry>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ KX
+ </para>
+ </entry>
<entry colname="2">
<para>
+ Identifies a key exchanger for this
+ DNS name. Described in RFC 2230.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ LOC
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ For storing GPS info. Described in RFC 1876.
+ Experimental.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ MX
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Identifies a mail exchange for the domain with
+ a 16-bit preference value (lower is better)
+ followed by the host name of the mail exchange.
+ Described in RFC 974, RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ NAPTR
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Name authority pointer. Described in RFC 2915.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ NSAP
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A network service access point.
+ Described in RFC 1706.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ NS
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The authoritative name server for the
+ domain. Described in RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ NSEC
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
Used in DNSSECbis to securely indicate that
+ RRs with an owner name in a certain name interval do
+ not exist in
+ a zone and indicate what RR types are present for an
+ existing name.
+ Described in RFC 4034.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ NSEC3
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Used in DNSSECbis to securely indicate that
RRs with an owner name in a certain name
interval do not exist in a zone and indicate
what RR types are present for an existing
@@ -12319,12 +11979,12 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- NSEC3PARAM
- </para>
- </entry>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ NSEC3PARAM
+ </para>
+ </entry>
<entry colname="2">
<para>
Used in DNSSECbis to tell the authoritative
@@ -12333,857 +11993,856 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- NXT
- </para>
- </entry>
- <entry colname="2">
- <para>
- Used in DNSSEC to securely indicate that
- RRs with an owner name in a certain name interval do
- not exist in
- a zone and indicate what RR types are present for an
- existing name.
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ NXT
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Used in DNSSEC to securely indicate that
+ RRs with an owner name in a certain name interval do
+ not exist in
+ a zone and indicate what RR types are present for an
+ existing name.
Used in original DNSSEC; replaced by NSEC in
DNSSECbis.
- Described in RFC 2535.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- PTR
- </para>
- </entry>
- <entry colname="2">
- <para>
- A pointer to another part of the domain
- name space. Described in RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- PX
- </para>
- </entry>
- <entry colname="2">
- <para>
- Provides mappings between RFC 822 and X.400
- addresses. Described in RFC 2163.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- RP
- </para>
- </entry>
- <entry colname="2">
- <para>
- Information on persons responsible
- for the domain. Experimental. Described in RFC 1183.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- RRSIG
- </para>
- </entry>
- <entry colname="2">
- <para>
- Contains DNSSECbis signature data. Described
+ Described in RFC 2535.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ PTR
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A pointer to another part of the domain
+ name space. Described in RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ PX
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Provides mappings between RFC 822 and X.400
+ addresses. Described in RFC 2163.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ RP
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Information on persons responsible
+ for the domain. Experimental. Described in RFC 1183.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ RRSIG
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Contains DNSSECbis signature data. Described
in RFC 4034.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- RT
- </para>
- </entry>
- <entry colname="2">
- <para>
- Route-through binding for hosts that
- do not have their own direct wide area network
- addresses.
- Experimental. Described in RFC 1183.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- SIG
- </para>
- </entry>
- <entry colname="2">
- <para>
- Contains DNSSEC signature data. Used in
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ RT
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Route-through binding for hosts that
+ do not have their own direct wide area network
+ addresses.
+ Experimental. Described in RFC 1183.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ SIG
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Contains DNSSEC signature data. Used in
original DNSSEC; replaced by RRSIG in
DNSSECbis, but still used for SIG(0).
Described in RFCs 2535 and 2931.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- SOA
- </para>
- </entry>
- <entry colname="2">
- <para>
- Identifies the start of a zone of authority.
- Described in RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- SPF
- </para>
- </entry>
- <entry colname="2">
- <para>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ SOA
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Identifies the start of a zone of authority.
+ Described in RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ SPF
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
Contains the Sender Policy Framework information
for a given email domain. Described in RFC 4408.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- SRV
- </para>
- </entry>
- <entry colname="2">
- <para>
- Information about well known network
- services (replaces WKS). Described in RFC 2782.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- SSHFP
- </para>
- </entry>
- <entry colname="2">
- <para>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ SRV
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Information about well known network
+ services (replaces WKS). Described in RFC 2782.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ SSHFP
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
Provides a way to securely publish a secure shell key's
fingerprint. Described in RFC 4255.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- TXT
- </para>
- </entry>
- <entry colname="2">
- <para>
- Text records. Described in RFC 1035.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- WKS
- </para>
- </entry>
- <entry colname="2">
- <para>
- Information about which well known
- network services, such as SMTP, that a domain
- supports. Historical.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- X25
- </para>
- </entry>
- <entry colname="2">
- <para>
- Representation of X.25 network addresses.
- Experimental. Described in RFC 1183.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <para>
- The following <emphasis>classes</emphasis> of resource records
- are currently valid in the DNS:
- </para>
- <informaltable colsep="0" rowsep="0"><tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.625in"/>
- <tbody>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ TXT
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Text records. Described in RFC 1035.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ WKS
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Information about which well known
+ network services, such as SMTP, that a domain
+ supports. Historical.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ X25
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Representation of X.25 network addresses.
+ Experimental. Described in RFC 1183.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ The following <emphasis>classes</emphasis> of resource records
+ are currently valid in the DNS:
+ </para>
+ <informaltable colsep="0" rowsep="0"><tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.625in"/>
+ <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- IN
- </para>
- </entry>
- <entry colname="2">
- <para>
- The Internet.
- </para>
- </entry>
- </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ IN
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The Internet.
+ </para>
+ </entry>
+ </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- CH
- </para>
- </entry>
- <entry colname="2">
- <para>
- Chaosnet, a LAN protocol created at MIT in the
- mid-1970s.
- Rarely used for its historical purpose, but reused for
- BIND's
- built-in server information zones, e.g.,
- <literal>version.bind</literal>.
- </para>
- </entry>
- </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ CH
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Chaosnet, a LAN protocol created at MIT in the
+ mid-1970s.
+ Rarely used for its historical purpose, but reused for
+ BIND's
+ built-in server information zones, e.g.,
+ <literal>version.bind</literal>.
+ </para>
+ </entry>
+ </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- HS
- </para>
- </entry>
- <entry colname="2">
- <para>
- Hesiod, an information service
- developed by MIT's Project Athena. It is used to share
- information
- about various systems databases, such as users,
- groups, printers
- and so on.
- </para>
- </entry>
- </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ HS
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Hesiod, an information service
+ developed by MIT's Project Athena. It is used to share
+ information
+ about various systems databases, such as users,
+ groups, printers
+ and so on.
+ </para>
+ </entry>
+ </row>
- </tbody>
- </tgroup>
- </informaltable>
+ </tbody>
+ </tgroup>
+ </informaltable>
- <para>
- The owner name is often implicit, rather than forming an
- integral
- part of the RR. For example, many name servers internally form
- tree
- or hash structures for the name space, and chain RRs off nodes.
- The remaining RR parts are the fixed header (type, class, TTL)
- which is consistent for all RRs, and a variable part (RDATA)
- that
- fits the needs of the resource being described.
- </para>
- <para>
- The meaning of the TTL field is a time limit on how long an
- RR can be kept in a cache. This limit does not apply to
- authoritative
- data in zones; it is also timed out, but by the refreshing
- policies
- for the zone. The TTL is assigned by the administrator for the
- zone where the data originates. While short TTLs can be used to
- minimize caching, and a zero TTL prohibits caching, the
- realities
- of Internet performance suggest that these times should be on
- the
- order of days for the typical host. If a change can be
- anticipated,
- the TTL can be reduced prior to the change to minimize
- inconsistency
- during the change, and then increased back to its former value
- following
- the change.
- </para>
- <para>
- The data in the RDATA section of RRs is carried as a combination
- of binary strings and domain names. The domain names are
- frequently
- used as "pointers" to other data in the DNS.
- </para>
- </sect3>
- <sect3>
- <title>Textual expression of RRs</title>
- <para>
- RRs are represented in binary form in the packets of the DNS
- protocol, and are usually represented in highly encoded form
- when
- stored in a name server or resolver. In the examples provided
- in
- RFC 1034, a style similar to that used in master files was
- employed
- in order to show the contents of RRs. In this format, most RRs
- are shown on a single line, although continuation lines are
- possible
- using parentheses.
- </para>
- <para>
- The start of the line gives the owner of the RR. If a line
- begins with a blank, then the owner is assumed to be the same as
- that of the previous RR. Blank lines are often included for
- readability.
- </para>
- <para>
- Following the owner, we list the TTL, type, and class of the
- RR. Class and type use the mnemonics defined above, and TTL is
- an integer before the type field. In order to avoid ambiguity
- in
- parsing, type and class mnemonics are disjoint, TTLs are
- integers,
- and the type mnemonic is always last. The IN class and TTL
- values
- are often omitted from examples in the interests of clarity.
- </para>
- <para>
- The resource data or RDATA section of the RR are given using
- knowledge of the typical representation for the data.
- </para>
- <para>
- For example, we might show the RRs carried in a message as:
- </para>
- <informaltable colsep="0" rowsep="0"><tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.381in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="1.020in"/>
- <colspec colname="3" colnum="3" colsep="0" colwidth="2.099in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>ISI.EDU.</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>MX</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>10 VENERA.ISI.EDU.</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para/>
- </entry>
- <entry colname="2">
- <para>
- <literal>MX</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>10 VAXA.ISI.EDU</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>VENERA.ISI.EDU</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>128.9.0.32</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para/>
- </entry>
- <entry colname="2">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>10.1.0.52</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>VAXA.ISI.EDU</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>10.2.0.27</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para/>
- </entry>
- <entry colname="2">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>128.9.0.33</literal>
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <para>
- The MX RRs have an RDATA section which consists of a 16-bit
- number followed by a domain name. The address RRs use a
- standard
- IP address format to contain a 32-bit internet address.
- </para>
- <para>
- The above example shows six RRs, with two RRs at each of three
- domain names.
- </para>
- <para>
- Similarly we might see:
- </para>
- <informaltable colsep="0" rowsep="0"><tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.491in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="1.067in"/>
- <colspec colname="3" colnum="3" colsep="0" colwidth="2.067in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>XX.LCS.MIT.EDU.</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>IN A</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>10.0.0.44</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
+ <para>
+ The owner name is often implicit, rather than forming an
+ integral
+ part of the RR. For example, many name servers internally form
+ tree
+ or hash structures for the name space, and chain RRs off nodes.
+ The remaining RR parts are the fixed header (type, class, TTL)
+ which is consistent for all RRs, and a variable part (RDATA)
+ that
+ fits the needs of the resource being described.
+ </para>
+ <para>
+ The meaning of the TTL field is a time limit on how long an
+ RR can be kept in a cache. This limit does not apply to
+ authoritative
+ data in zones; it is also timed out, but by the refreshing
+ policies
+ for the zone. The TTL is assigned by the administrator for the
+ zone where the data originates. While short TTLs can be used to
+ minimize caching, and a zero TTL prohibits caching, the
+ realities
+ of Internet performance suggest that these times should be on
+ the
+ order of days for the typical host. If a change can be
+ anticipated,
+ the TTL can be reduced prior to the change to minimize
+ inconsistency
+ during the change, and then increased back to its former value
+ following
+ the change.
+ </para>
+ <para>
+ The data in the RDATA section of RRs is carried as a combination
+ of binary strings and domain names. The domain names are
+ frequently
+ used as "pointers" to other data in the DNS.
+ </para>
+ </sect3>
+ <sect3>
+ <title>Textual expression of RRs</title>
+ <para>
+ RRs are represented in binary form in the packets of the DNS
+ protocol, and are usually represented in highly encoded form
+ when
+ stored in a name server or resolver. In the examples provided
+ in
+ RFC 1034, a style similar to that used in master files was
+ employed
+ in order to show the contents of RRs. In this format, most RRs
+ are shown on a single line, although continuation lines are
+ possible
+ using parentheses.
+ </para>
+ <para>
+ The start of the line gives the owner of the RR. If a line
+ begins with a blank, then the owner is assumed to be the same as
+ that of the previous RR. Blank lines are often included for
+ readability.
+ </para>
+ <para>
+ Following the owner, we list the TTL, type, and class of the
+ RR. Class and type use the mnemonics defined above, and TTL is
+ an integer before the type field. In order to avoid ambiguity
+ in
+ parsing, type and class mnemonics are disjoint, TTLs are
+ integers,
+ and the type mnemonic is always last. The IN class and TTL
+ values
+ are often omitted from examples in the interests of clarity.
+ </para>
+ <para>
+ The resource data or RDATA section of the RR are given using
+ knowledge of the typical representation for the data.
+ </para>
+ <para>
+ For example, we might show the RRs carried in a message as:
+ </para>
+ <informaltable colsep="0" rowsep="0"><tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.381in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="1.020in"/>
+ <colspec colname="3" colnum="3" colsep="0" colwidth="2.099in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>ISI.EDU.</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>MX</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>10 VENERA.ISI.EDU.</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para/>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>MX</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>10 VAXA.ISI.EDU</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>VENERA.ISI.EDU</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>128.9.0.32</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para/>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>10.1.0.52</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>VAXA.ISI.EDU</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>10.2.0.27</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para/>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>128.9.0.33</literal>
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ The MX RRs have an RDATA section which consists of a 16-bit
+ number followed by a domain name. The address RRs use a
+ standard
+ IP address format to contain a 32-bit internet address.
+ </para>
+ <para>
+ The above example shows six RRs, with two RRs at each of three
+ domain names.
+ </para>
+ <para>
+ Similarly we might see:
+ </para>
+ <informaltable colsep="0" rowsep="0"><tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.491in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="1.067in"/>
+ <colspec colname="3" colnum="3" colsep="0" colwidth="2.067in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>XX.LCS.MIT.EDU.</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>IN A</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>10.0.0.44</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
<entry colname="1"/>
- <entry colname="2">
- <para>
- <literal>CH A</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>MIT.EDU. 2420</literal>
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <para>
- This example shows two addresses for
+ <entry colname="2">
+ <para>
+ <literal>CH A</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>MIT.EDU. 2420</literal>
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ This example shows two addresses for
<literal>XX.LCS.MIT.EDU</literal>, each of a different class.
- </para>
- </sect3>
- </sect2>
+ </para>
+ </sect3>
+ </sect2>
- <sect2>
- <title>Discussion of MX Records</title>
+ <sect2>
+ <title>Discussion of MX Records</title>
- <para>
- As described above, domain servers store information as a
- series of resource records, each of which contains a particular
- piece of information about a given domain name (which is usually,
- but not always, a host). The simplest way to think of a RR is as
- a typed pair of data, a domain name matched with a relevant datum,
- and stored with some additional type information to help systems
- determine when the RR is relevant.
- </para>
+ <para>
+ As described above, domain servers store information as a
+ series of resource records, each of which contains a particular
+ piece of information about a given domain name (which is usually,
+ but not always, a host). The simplest way to think of a RR is as
+ a typed pair of data, a domain name matched with a relevant datum,
+ and stored with some additional type information to help systems
+ determine when the RR is relevant.
+ </para>
- <para>
- MX records are used to control delivery of email. The data
- specified in the record is a priority and a domain name. The
- priority
- controls the order in which email delivery is attempted, with the
- lowest number first. If two priorities are the same, a server is
- chosen randomly. If no servers at a given priority are responding,
- the mail transport agent will fall back to the next largest
- priority.
- Priority numbers do not have any absolute meaning — they are
- relevant
- only respective to other MX records for that domain name. The
- domain
- name given is the machine to which the mail will be delivered.
+ <para>
+ MX records are used to control delivery of email. The data
+ specified in the record is a priority and a domain name. The
+ priority
+ controls the order in which email delivery is attempted, with the
+ lowest number first. If two priorities are the same, a server is
+ chosen randomly. If no servers at a given priority are responding,
+ the mail transport agent will fall back to the next largest
+ priority.
+ Priority numbers do not have any absolute meaning — they are
+ relevant
+ only respective to other MX records for that domain name. The
+ domain
+ name given is the machine to which the mail will be delivered.
It <emphasis>must</emphasis> have an associated address record
(A or AAAA) — CNAME is not sufficient.
- </para>
- <para>
- For a given domain, if there is both a CNAME record and an
- MX record, the MX record is in error, and will be ignored.
- Instead,
- the mail will be delivered to the server specified in the MX
- record
- pointed to by the CNAME.
- For example:
- </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="5" colsep="0" rowsep="0" tgroupstyle="3Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.708in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="0.444in"/>
- <colspec colname="3" colnum="3" colsep="0" colwidth="0.444in"/>
- <colspec colname="4" colnum="4" colsep="0" colwidth="0.976in"/>
- <colspec colname="5" colnum="5" colsep="0" colwidth="1.553in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>example.com.</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>MX</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>10</literal>
- </para>
- </entry>
- <entry colname="5">
- <para>
- <literal>mail.example.com.</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para/>
- </entry>
- <entry colname="2">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>MX</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>10</literal>
- </para>
- </entry>
- <entry colname="5">
- <para>
- <literal>mail2.example.com.</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para/>
- </entry>
- <entry colname="2">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>MX</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>20</literal>
- </para>
- </entry>
- <entry colname="5">
- <para>
- <literal>mail.backup.org.</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>mail.example.com.</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>10.0.0.1</literal>
- </para>
- </entry>
- <entry colname="5">
- <para/>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>mail2.example.com.</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>IN</literal>
- </para>
- </entry>
- <entry colname="3">
- <para>
- <literal>A</literal>
- </para>
- </entry>
- <entry colname="4">
- <para>
- <literal>10.0.0.2</literal>
- </para>
- </entry>
- <entry colname="5">
- <para/>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable><para>
- Mail delivery will be attempted to <literal>mail.example.com</literal> and
- <literal>mail2.example.com</literal> (in
- any order), and if neither of those succeed, delivery to <literal>mail.backup.org</literal> will
- be attempted.
- </para>
- </sect2>
- <sect2 id="Setting_TTLs">
- <title>Setting TTLs</title>
- <para>
- The time-to-live of the RR field is a 32-bit integer represented
- in units of seconds, and is primarily used by resolvers when they
- cache RRs. The TTL describes how long a RR can be cached before it
- should be discarded. The following three types of TTL are
- currently
- used in a zone file.
- </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="0.750in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="4.375in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- SOA
- </para>
- </entry>
- <entry colname="2">
- <para>
- The last field in the SOA is the negative
- caching TTL. This controls how long other servers will
- cache no-such-domain
- (NXDOMAIN) responses from you.
- </para>
- <para>
- The maximum time for
- negative caching is 3 hours (3h).
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- $TTL
- </para>
- </entry>
- <entry colname="2">
- <para>
- The $TTL directive at the top of the
- zone file (before the SOA) gives a default TTL for every
- RR without
- a specific TTL set.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- RR TTLs
- </para>
- </entry>
- <entry colname="2">
- <para>
- Each RR can have a TTL as the second
- field in the RR, which will control how long other
- servers can cache
- the it.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <para>
- All of these TTLs default to units of seconds, though units
- can be explicitly specified, for example, <literal>1h30m</literal>.
- </para>
- </sect2>
- <sect2>
- <title>Inverse Mapping in IPv4</title>
- <para>
- Reverse name resolution (that is, translation from IP address
- to name) is achieved by means of the <emphasis>in-addr.arpa</emphasis> domain
- and PTR records. Entries in the in-addr.arpa domain are made in
- least-to-most significant order, read left to right. This is the
- opposite order to the way IP addresses are usually written. Thus,
- a machine with an IP address of 10.1.2.3 would have a
- corresponding
- in-addr.arpa name of
- 3.2.1.10.in-addr.arpa. This name should have a PTR resource record
- whose data field is the name of the machine or, optionally,
- multiple
- PTR records if the machine has more than one name. For example,
- in the <optional>example.com</optional> domain:
- </para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.125in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="4.000in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>$ORIGIN</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>2.1.10.in-addr.arpa</literal>
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para>
- <literal>3</literal>
- </para>
- </entry>
- <entry colname="2">
- <para>
- <literal>IN PTR foo.example.com.</literal>
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <note>
- <para>
- The <command>$ORIGIN</command> lines in the examples
- are for providing context to the examples only — they do not
- necessarily
- appear in the actual usage. They are only used here to indicate
- that the example is relative to the listed origin.
- </para>
- </note>
- </sect2>
- <sect2>
- <title>Other Zone File Directives</title>
- <para>
- The Master File Format was initially defined in RFC 1035 and
- has subsequently been extended. While the Master File Format
- itself
- is class independent all records in a Master File must be of the
- same
- class.
- </para>
- <para>
- Master File Directives include <command>$ORIGIN</command>, <command>$INCLUDE</command>,
- and <command>$TTL.</command>
- </para>
- <sect3>
- <title>The <command>@</command> (at-sign)</title>
- <para>
- When used in the label (or name) field, the asperand or
- at-sign (@) symbol represents the current origin.
- At the start of the zone file, it is the
- <<varname>zone_name</varname>> (followed by
- trailing dot).
- </para>
- </sect3>
- <sect3>
- <title>The <command>$ORIGIN</command> Directive</title>
- <para>
- Syntax: <command>$ORIGIN</command>
+ </para>
+ <para>
+ For a given domain, if there is both a CNAME record and an
+ MX record, the MX record is in error, and will be ignored.
+ Instead,
+ the mail will be delivered to the server specified in the MX
+ record
+ pointed to by the CNAME.
+ For example:
+ </para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="5" colsep="0" rowsep="0" tgroupstyle="3Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.708in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="0.444in"/>
+ <colspec colname="3" colnum="3" colsep="0" colwidth="0.444in"/>
+ <colspec colname="4" colnum="4" colsep="0" colwidth="0.976in"/>
+ <colspec colname="5" colnum="5" colsep="0" colwidth="1.553in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>example.com.</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>MX</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>10</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para>
+ <literal>mail.example.com.</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para/>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>MX</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>10</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para>
+ <literal>mail2.example.com.</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para/>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>MX</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>20</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para>
+ <literal>mail.backup.org.</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>mail.example.com.</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>10.0.0.1</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para/>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>mail2.example.com.</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>IN</literal>
+ </para>
+ </entry>
+ <entry colname="3">
+ <para>
+ <literal>A</literal>
+ </para>
+ </entry>
+ <entry colname="4">
+ <para>
+ <literal>10.0.0.2</literal>
+ </para>
+ </entry>
+ <entry colname="5">
+ <para/>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable><para>
+ Mail delivery will be attempted to <literal>mail.example.com</literal> and
+ <literal>mail2.example.com</literal> (in
+ any order), and if neither of those succeed, delivery to <literal>mail.backup.org</literal> will
+ be attempted.
+ </para>
+ </sect2>
+ <sect2 id="Setting_TTLs">
+ <title>Setting TTLs</title>
+ <para>
+ The time-to-live of the RR field is a 32-bit integer represented
+ in units of seconds, and is primarily used by resolvers when they
+ cache RRs. The TTL describes how long a RR can be cached before it
+ should be discarded. The following three types of TTL are
+ currently
+ used in a zone file.
+ </para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="0.750in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="4.375in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ SOA
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The last field in the SOA is the negative
+ caching TTL. This controls how long other servers will
+ cache no-such-domain
+ (NXDOMAIN) responses from you.
+ </para>
+ <para>
+ The maximum time for
+ negative caching is 3 hours (3h).
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ $TTL
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The $TTL directive at the top of the
+ zone file (before the SOA) gives a default TTL for every
+ RR without
+ a specific TTL set.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ RR TTLs
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Each RR can have a TTL as the second
+ field in the RR, which will control how long other
+ servers can cache it.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ All of these TTLs default to units of seconds, though units
+ can be explicitly specified, for example, <literal>1h30m</literal>.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Inverse Mapping in IPv4</title>
+ <para>
+ Reverse name resolution (that is, translation from IP address
+ to name) is achieved by means of the <emphasis>in-addr.arpa</emphasis> domain
+ and PTR records. Entries in the in-addr.arpa domain are made in
+ least-to-most significant order, read left to right. This is the
+ opposite order to the way IP addresses are usually written. Thus,
+ a machine with an IP address of 10.1.2.3 would have a
+ corresponding
+ in-addr.arpa name of
+ 3.2.1.10.in-addr.arpa. This name should have a PTR resource record
+ whose data field is the name of the machine or, optionally,
+ multiple
+ PTR records if the machine has more than one name. For example,
+ in the <optional>example.com</optional> domain:
+ </para>
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.125in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="4.000in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>$ORIGIN</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>2.1.10.in-addr.arpa</literal>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <literal>3</literal>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <literal>IN PTR foo.example.com.</literal>
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <note>
+ <para>
+ The <command>$ORIGIN</command> lines in the examples
+ are for providing context to the examples only — they do not
+ necessarily
+ appear in the actual usage. They are only used here to indicate
+ that the example is relative to the listed origin.
+ </para>
+ </note>
+ </sect2>
+ <sect2>
+ <title>Other Zone File Directives</title>
+ <para>
+ The Master File Format was initially defined in RFC 1035 and
+ has subsequently been extended. While the Master File Format
+ itself
+ is class independent all records in a Master File must be of the
+ same
+ class.
+ </para>
+ <para>
+ Master File Directives include <command>$ORIGIN</command>, <command>$INCLUDE</command>,
+ and <command>$TTL.</command>
+ </para>
+ <sect3>
+ <title>The <command>@</command> (at-sign)</title>
+ <para>
+ When used in the label (or name) field, the asperand or
+ at-sign (@) symbol represents the current origin.
+ At the start of the zone file, it is the
+ <<varname>zone_name</varname>> (followed by
+ trailing dot).
+ </para>
+ </sect3>
+ <sect3>
+ <title>The <command>$ORIGIN</command> Directive</title>
+ <para>
+ Syntax: <command>$ORIGIN</command>
<replaceable>domain-name</replaceable>
- <optional><replaceable>comment</replaceable></optional>
- </para>
- <para><command>$ORIGIN</command>
+ <optional><replaceable>comment</replaceable></optional>
+ </para>
+ <para><command>$ORIGIN</command>
sets the domain name that will be appended to any
- unqualified records. When a zone is first read in there
- is an implicit <command>$ORIGIN</command>
- <<varname>zone_name</varname>><command>.</command>
- (followed by trailing dot).
- The current <command>$ORIGIN</command> is appended to
- the domain specified in the <command>$ORIGIN</command>
- argument if it is not absolute.
- </para>
+ unqualified records. When a zone is first read in there
+ is an implicit <command>$ORIGIN</command>
+ <<varname>zone_name</varname>><command>.</command>
+ (followed by trailing dot).
+ The current <command>$ORIGIN</command> is appended to
+ the domain specified in the <command>$ORIGIN</command>
+ argument if it is not absolute.
+ </para>
<programlisting>
$ORIGIN example.com.
@@ -13190,95 +12849,95 @@
WWW CNAME MAIN-SERVER
</programlisting>
- <para>
- is equivalent to
- </para>
+ <para>
+ is equivalent to
+ </para>
<programlisting>
WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</programlisting>
- </sect3>
- <sect3>
- <title>The <command>$INCLUDE</command> Directive</title>
- <para>
- Syntax: <command>$INCLUDE</command>
- <replaceable>filename</replaceable>
- <optional>
+ </sect3>
+ <sect3>
+ <title>The <command>$INCLUDE</command> Directive</title>
+ <para>
+ Syntax: <command>$INCLUDE</command>
+ <replaceable>filename</replaceable>
+ <optional>
<replaceable>origin</replaceable> </optional>
- <optional> <replaceable>comment</replaceable> </optional>
- </para>
- <para>
- Read and process the file <filename>filename</filename> as
- if it were included into the file at this point. If <command>origin</command> is
- specified the file is processed with <command>$ORIGIN</command> set
- to that value, otherwise the current <command>$ORIGIN</command> is
- used.
- </para>
- <para>
- The origin and the current domain name
- revert to the values they had prior to the <command>$INCLUDE</command> once
- the file has been read.
- </para>
- <note>
- <para>
- RFC 1035 specifies that the current origin should be restored
- after
- an <command>$INCLUDE</command>, but it is silent
- on whether the current
- domain name should also be restored. BIND 9 restores both of
- them.
- This could be construed as a deviation from RFC 1035, a
- feature, or both.
- </para>
- </note>
- </sect3>
- <sect3>
- <title>The <command>$TTL</command> Directive</title>
- <para>
- Syntax: <command>$TTL</command>
- <replaceable>default-ttl</replaceable>
- <optional>
+ <optional> <replaceable>comment</replaceable> </optional>
+ </para>
+ <para>
+ Read and process the file <filename>filename</filename> as
+ if it were included into the file at this point. If <command>origin</command> is
+ specified the file is processed with <command>$ORIGIN</command> set
+ to that value, otherwise the current <command>$ORIGIN</command> is
+ used.
+ </para>
+ <para>
+ The origin and the current domain name
+ revert to the values they had prior to the <command>$INCLUDE</command> once
+ the file has been read.
+ </para>
+ <note>
+ <para>
+ RFC 1035 specifies that the current origin should be restored
+ after
+ an <command>$INCLUDE</command>, but it is silent
+ on whether the current
+ domain name should also be restored. BIND 9 restores both of
+ them.
+ This could be construed as a deviation from RFC 1035, a
+ feature, or both.
+ </para>
+ </note>
+ </sect3>
+ <sect3>
+ <title>The <command>$TTL</command> Directive</title>
+ <para>
+ Syntax: <command>$TTL</command>
+ <replaceable>default-ttl</replaceable>
+ <optional>
<replaceable>comment</replaceable> </optional>
- </para>
- <para>
- Set the default Time To Live (TTL) for subsequent records
- with undefined TTLs. Valid TTLs are of the range 0-2147483647
- seconds.
- </para>
- <para><command>$TTL</command>
+ </para>
+ <para>
+ Set the default Time To Live (TTL) for subsequent records
+ with undefined TTLs. Valid TTLs are of the range 0-2147483647
+ seconds.
+ </para>
+ <para><command>$TTL</command>
is defined in RFC 2308.
- </para>
- </sect3>
- </sect2>
- <sect2>
- <title><acronym>BIND</acronym> Master File Extension: the <command>$GENERATE</command> Directive</title>
- <para>
- Syntax: <command>$GENERATE</command>
+ </para>
+ </sect3>
+ </sect2>
+ <sect2>
+ <title><acronym>BIND</acronym> Master File Extension: the <command>$GENERATE</command> Directive</title>
+ <para>
+ Syntax: <command>$GENERATE</command>
<replaceable>range</replaceable>
<replaceable>lhs</replaceable>
- <optional><replaceable>ttl</replaceable></optional>
- <optional><replaceable>class</replaceable></optional>
+ <optional><replaceable>ttl</replaceable></optional>
+ <optional><replaceable>class</replaceable></optional>
<replaceable>type</replaceable>
<replaceable>rhs</replaceable>
- <optional><replaceable>comment</replaceable></optional>
- </para>
- <para><command>$GENERATE</command>
+ <optional><replaceable>comment</replaceable></optional>
+ </para>
+ <para><command>$GENERATE</command>
is used to create a series of resource records that only
- differ from each other by an
- iterator. <command>$GENERATE</command> can be used to
- easily generate the sets of records required to support
- sub /24 reverse delegations described in RFC 2317:
- Classless IN-ADDR.ARPA delegation.
- </para>
+ differ from each other by an
+ iterator. <command>$GENERATE</command> can be used to
+ easily generate the sets of records required to support
+ sub /24 reverse delegations described in RFC 2317:
+ Classless IN-ADDR.ARPA delegation.
+ </para>
<programlisting>$ORIGIN 0.0.192.IN-ADDR.ARPA.
$GENERATE 1-2 @ NS SERVER$.EXAMPLE.
$GENERATE 1-127 $ CNAME $.0</programlisting>
- <para>
- is equivalent to
- </para>
+ <para>
+ is equivalent to
+ </para>
<programlisting>0.0.0.192.IN-ADDR.ARPA. NS SERVER1.EXAMPLE.
0.0.0.192.IN-ADDR.ARPA. NS SERVER2.EXAMPLE.
@@ -13299,9 +12958,9 @@
$GENERATE 1-127 HOST-$ A 1.2.3.$
$GENERATE 1-127 HOST-$ MX "0 ."</programlisting>
- <para>
- is equivalent to
- </para>
+ <para>
+ is equivalent to
+ </para>
<programlisting>HOST-1.EXAMPLE. A 1.2.3.1
HOST-1.EXAMPLE. MX 0 .
@@ -13314,65 +12973,66 @@
HOST-127.EXAMPLE. MX 0 .
</programlisting>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="4.250in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><command>range</command></para>
- </entry>
- <entry colname="2">
- <para>
- This can be one of two forms: start-stop
- or start-stop/step. If the first form is used, then step
- is set to
- 1. All of start, stop and step must be positive.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>lhs</command></para>
- </entry>
- <entry colname="2">
- <para>This
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="0.875in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="4.250in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>range</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ This can be one of two forms: start-stop
+ or start-stop/step. If the first form is used, then step
+ is set to 1. start, stop and step must be positive
+ integers between 0 and (2^31)-1. start must not be
+ larger than stop.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>lhs</command></para>
+ </entry>
+ <entry colname="2">
+ <para>This
describes the owner name of the resource records
- to be created. Any single <command>$</command>
- (dollar sign)
- symbols within the <command>lhs</command> string
- are replaced by the iterator value.
+ to be created. Any single <command>$</command>
+ (dollar sign)
+ symbols within the <command>lhs</command> string
+ are replaced by the iterator value.
- To get a $ in the output, you need to escape the
- <command>$</command> using a backslash
- <command>\</command>,
- e.g. <command>\$</command>. The
- <command>$</command> may optionally be followed
- by modifiers which change the offset from the
- iterator, field width and base.
+ To get a $ in the output, you need to escape the
+ <command>$</command> using a backslash
+ <command>\</command>,
+ e.g. <command>\$</command>. The
+ <command>$</command> may optionally be followed
+ by modifiers which change the offset from the
+ iterator, field width and base.
- Modifiers are introduced by a
- <command>{</command> (left brace) immediately following the
- <command>$</command> as
- <command>${offset[,width[,base]]}</command>.
- For example, <command>${-20,3,d}</command>
- subtracts 20 from the current value, prints the
- result as a decimal in a zero-padded field of
- width 3.
+ Modifiers are introduced by a
+ <command>{</command> (left brace) immediately following the
+ <command>$</command> as
+ <command>${offset[,width[,base]]}</command>.
+ For example, <command>${-20,3,d}</command>
+ subtracts 20 from the current value, prints the
+ result as a decimal in a zero-padded field of
+ width 3.
Available output forms are decimal
- (<command>d</command>), octal
- (<command>o</command>), hexadecimal
- (<command>x</command> or <command>X</command>
- for uppercase) and nibble
+ (<command>d</command>), octal
+ (<command>o</command>), hexadecimal
+ (<command>x</command> or <command>X</command>
+ for uppercase) and nibble
(<command>n</command> or <command>N</command>\
for uppercase). The default modifier is
- <command>${0,0,d}</command>. If the
- <command>lhs</command> is not absolute, the
- current <command>$ORIGIN</command> is appended
- to the name.
- </para>
+ <command>${0,0,d}</command>. If the
+ <command>lhs</command> is not absolute, the
+ current <command>$ORIGIN</command> is appended
+ to the name.
+ </para>
<para>
In nibble mode the value will be treated as
if it was a reversed hexadecimal string
@@ -13387,69 +13047,69 @@
</para>
</entry>
</row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>ttl</command></para>
- </entry>
- <entry colname="2">
- <para>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>ttl</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
Specifies the time-to-live of the generated records. If
- not specified this will be inherited using the
- normal TTL inheritance rules.
- </para>
- <para><command>class</command>
+ not specified this will be inherited using the
+ normal TTL inheritance rules.
+ </para>
+ <para><command>class</command>
and <command>ttl</command> can be
- entered in either order.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>class</command></para>
- </entry>
- <entry colname="2">
- <para>
+ entered in either order.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>class</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
Specifies the class of the generated records.
- This must match the zone class if it is
- specified.
- </para>
- <para><command>class</command>
+ This must match the zone class if it is
+ specified.
+ </para>
+ <para><command>class</command>
and <command>ttl</command> can be
- entered in either order.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>type</command></para>
- </entry>
- <entry colname="2">
- <para>
+ entered in either order.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>type</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
Any valid type.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>rhs</command></para>
- </entry>
- <entry colname="2">
- <para>
- <command>rhs</command>, optionally, quoted string.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- <para>
- The <command>$GENERATE</command> directive is a <acronym>BIND</acronym> extension
- and not part of the standard zone file format.
- </para>
- <para>
- BIND 8 does not support the optional TTL and CLASS fields.
- </para>
- </sect2>
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>rhs</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ <command>rhs</command>, optionally, quoted string.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ The <command>$GENERATE</command> directive is a <acronym>BIND</acronym> extension
+ and not part of the standard zone file format.
+ </para>
+ <para>
+ BIND 8 does not support the optional TTL and CLASS fields.
+ </para>
+ </sect2>
<sect2 id="zonefile_format">
<title>Additional File Formats</title>
@@ -13481,7 +13141,7 @@
should then be converted to the binary form by the
<command>named-compilezone</command> command again.
</para>
- <para>
+ <para>
Although the <constant>raw</constant> format uses the
network byte order and avoids architecture-dependent
data alignment so that it is as much portable as
@@ -13495,8 +13155,8 @@
</sect1>
<sect1 id="statistics">
- <title>BIND9 Statistics</title>
- <para>
+ <title>BIND9 Statistics</title>
+ <para>
<acronym>BIND</acronym> 9 maintains lots of statistics
information and provides several interfaces for users to
get access to the statistics.
@@ -13504,96 +13164,96 @@
that were available in <acronym>BIND</acronym> 8 and
are meaningful in <acronym>BIND</acronym> 9,
and other information that is considered useful.
- </para>
+ </para>
- <para>
+ <para>
The statistics information is categorized into the following
sections.
- </para>
+ </para>
<informaltable frame="all">
- <tgroup cols="2">
- <colspec colname="1" colnum="1" colsep="0" colwidth="3.300in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="2.625in"/>
- <tbody>
+ <tgroup cols="2">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="3.300in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="2.625in"/>
+ <tbody>
<row rowsep="0">
- <entry colname="1">
- <para>Incoming Requests</para>
- </entry>
- <entry colname="2">
- <para>
- The number of incoming DNS requests for each OPCODE.
- </para>
- </entry>
+ <entry colname="1">
+ <para>Incoming Requests</para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The number of incoming DNS requests for each OPCODE.
+ </para>
+ </entry>
</row>
<row rowsep="0">
- <entry colname="1">
- <para>Incoming Queries</para>
- </entry>
- <entry colname="2">
- <para>
+ <entry colname="1">
+ <para>Incoming Queries</para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of incoming queries for each RR type.
- </para>
- </entry>
+ </para>
+ </entry>
</row>
<row rowsep="0">
- <entry colname="1">
- <para>Outgoing Queries</para>
- </entry>
- <entry colname="2">
- <para>
- The number of outgoing queries for each RR
- type sent from the internal resolver.
+ <entry colname="1">
+ <para>Outgoing Queries</para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The number of outgoing queries for each RR
+ type sent from the internal resolver.
Maintained per view.
- </para>
- </entry>
+ </para>
+ </entry>
</row>
<row rowsep="0">
- <entry colname="1">
- <para>Name Server Statistics</para>
- </entry>
- <entry colname="2">
- <para>
- Statistics counters about incoming request processing.
- </para>
- </entry>
+ <entry colname="1">
+ <para>Name Server Statistics</para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Statistics counters about incoming request processing.
+ </para>
+ </entry>
</row>
<row rowsep="0">
- <entry colname="1">
- <para>Zone Maintenance Statistics</para>
- </entry>
- <entry colname="2">
- <para>
- Statistics counters regarding zone maintenance
- operations such as zone transfers.
- </para>
- </entry>
+ <entry colname="1">
+ <para>Zone Maintenance Statistics</para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Statistics counters regarding zone maintenance
+ operations such as zone transfers.
+ </para>
+ </entry>
</row>
<row rowsep="0">
- <entry colname="1">
- <para>Resolver Statistics</para>
- </entry>
- <entry colname="2">
- <para>
- Statistics counters about name resolution
- performed in the internal resolver.
+ <entry colname="1">
+ <para>Resolver Statistics</para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Statistics counters about name resolution
+ performed in the internal resolver.
Maintained per view.
- </para>
- </entry>
+ </para>
+ </entry>
</row>
<row rowsep="0">
- <entry colname="1">
- <para>Cache DB RRsets</para>
- </entry>
- <entry colname="2">
- <para>
+ <entry colname="1">
+ <para>Cache DB RRsets</para>
+ </entry>
+ <entry colname="2">
+ <para>
The number of RRsets per RR type and nonexistent
names stored in the cache database.
If the exclamation mark (!) is printed for a RR
@@ -13601,19 +13261,19 @@
known to be nonexistent (this is also known as
"NXRRSET").
Maintained per view.
- </para>
- </entry>
+ </para>
+ </entry>
</row>
<row rowsep="0">
- <entry colname="1">
- <para>Socket I/O Statistics</para>
- </entry>
- <entry colname="2">
- <para>
- Statistics counters about network related events.
- </para>
- </entry>
+ <entry colname="1">
+ <para>Socket I/O Statistics</para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Statistics counters about network related events.
+ </para>
+ </entry>
</row>
</tbody>
@@ -13641,21 +13301,21 @@
(see <xref linkend="statschannels"/>.)
</para>
- <sect3 id="statsfile">
- <title>The Statistics File</title>
- <para>
- The text format statistics dump begins with a line, like:
+ <sect3 id="statsfile">
+ <title>The Statistics File</title>
+ <para>
+ The text format statistics dump begins with a line, like:
</para>
- <para>
+ <para>
<command>+++ Statistics Dump +++ (973798949)</command>
</para>
<para>
The number in parentheses is a standard
- Unix-style timestamp, measured as seconds since January 1, 1970.
+ Unix-style timestamp, measured as seconds since January 1, 1970.
- Following
- that line is a set of statistics information, which is categorized
- as described above.
+ Following
+ that line is a set of statistics information, which is categorized
+ as described above.
Each section begins with a line, like:
</para>
@@ -13673,14 +13333,14 @@
<para>
The statistics dump ends with the line where the
- number is identical to the number in the beginning line; for example:
- </para>
- <para>
+ number is identical to the number in the beginning line; for example:
+ </para>
+ <para>
<command>--- Statistics Dump --- (973798949)</command>
- </para>
+ </para>
</sect3>
- <sect2 id="statistics_counters">
+ <sect2 id="statistics_counters">
<title>Statistics Counters</title>
<para>
The following tables summarize statistics counters that
@@ -13700,10 +13360,10 @@
</para>
<sect3>
- <title>Name Server Statistics Counters</title>
+ <title>Name Server Statistics Counters</title>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
<colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
<colspec colname="2" colnum="2" colsep="0" colwidth="1.150in"/>
<colspec colname="3" colnum="3" colsep="0" colwidth="3.350in"/>
@@ -13710,19 +13370,19 @@
<tbody>
<row>
<entry colname="1">
- <para>
+ <para>
<emphasis>Symbol</emphasis>
- </para>
+ </para>
</entry>
<entry colname="2">
- <para>
+ <para>
<emphasis>BIND8 Symbol</emphasis>
- </para>
+ </para>
</entry>
<entry colname="3">
- <para>
+ <para>
<emphasis>Description</emphasis>
- </para>
+ </para>
</entry>
</row>
@@ -14267,28 +13927,28 @@
</entry>
</row>
</tbody>
- </tgroup>
- </informaltable>
- </sect3>
+ </tgroup>
+ </informaltable>
+ </sect3>
<sect3>
- <title>Zone Maintenance Statistics Counters</title>
+ <title>Zone Maintenance Statistics Counters</title>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
<colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
<colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
<tbody>
<row>
<entry colname="1">
- <para>
+ <para>
<emphasis>Symbol</emphasis>
- </para>
+ </para>
</entry>
<entry colname="2">
- <para>
+ <para>
<emphasis>Description</emphasis>
- </para>
+ </para>
</entry>
</row>
@@ -14423,15 +14083,15 @@
</entry>
</row>
</tbody>
- </tgroup>
- </informaltable>
+ </tgroup>
+ </informaltable>
</sect3>
<sect3>
- <title>Resolver Statistics Counters</title>
+ <title>Resolver Statistics Counters</title>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <informaltable colsep="0" rowsep="0">
+ <tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
<colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
<colspec colname="2" colnum="2" colsep="0" colwidth="1.150in"/>
<colspec colname="3" colnum="3" colsep="0" colwidth="3.350in"/>
@@ -14438,19 +14098,19 @@
<tbody>
<row>
<entry colname="1">
- <para>
+ <para>
<emphasis>Symbol</emphasis>
- </para>
+ </para>
</entry>
<entry colname="2">
- <para>
+ <para>
<emphasis>BIND8 Symbol</emphasis>
- </para>
+ </para>
</entry>
<entry colname="3">
- <para>
+ <para>
<emphasis>Description</emphasis>
- </para>
+ </para>
</entry>
</row>
@@ -14808,13 +14468,13 @@
</entry>
</row>
</tbody>
- </tgroup>
- </informaltable>
+ </tgroup>
+ </informaltable>
</sect3>
<sect3>
- <title>Socket I/O Statistics Counters</title>
+ <title>Socket I/O Statistics Counters</title>
<para>
Socket I/O statistics counters are defined per socket
@@ -14833,20 +14493,20 @@
</para>
<informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
<colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
<colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
<tbody>
<row>
<entry colname="1">
- <para>
+ <para>
<emphasis>Symbol</emphasis>
- </para>
+ </para>
</entry>
<entry colname="2">
- <para>
+ <para>
<emphasis>Description</emphasis>
- </para>
+ </para>
</entry>
</row>
@@ -14967,11 +14627,11 @@
</entry>
</row>
</tbody>
- </tgroup>
+ </tgroup>
</informaltable>
</sect3>
<sect3>
- <title>Compatibility with <emphasis>BIND</emphasis> 8 Counters</title>
+ <title>Compatibility with <emphasis>BIND</emphasis> 8 Counters</title>
<para>
Most statistics counters that were available
in <command>BIND</command> 8 are also supported in
@@ -14980,8 +14640,8 @@
in these tables.
</para>
- <variablelist>
- <varlistentry>
+ <variablelist>
+ <varlistentry>
<term><command>RFwdR,SFwdR</command></term>
<listitem>
<para>
@@ -14993,7 +14653,7 @@
</listitem>
</varlistentry>
- <varlistentry>
+ <varlistentry>
<term><command>RAXFR</command></term>
<listitem>
<para>
@@ -15002,7 +14662,7 @@
</listitem>
</varlistentry>
- <varlistentry>
+ <varlistentry>
<term><command>RIQ</command></term>
<listitem>
<para>
@@ -15011,7 +14671,7 @@
</listitem>
</varlistentry>
- <varlistentry>
+ <varlistentry>
<term><command>ROpts</command></term>
<listitem>
<para>
@@ -15023,7 +14683,7 @@
</varlistentry>
</variablelist>
</sect3>
- </sect2>
+ </sect2>
</sect1>
</chapter>
@@ -15030,29 +14690,29 @@
<chapter id="Bv9ARM.ch07">
<title><acronym>BIND</acronym> 9 Security Considerations</title>
<sect1 id="Access_Control_Lists">
- <title>Access Control Lists</title>
- <para>
- Access Control Lists (ACLs) are address match lists that
- you can set up and nickname for future use in <command>allow-notify</command>,
- <command>allow-query</command>, <command>allow-query-on</command>,
+ <title>Access Control Lists</title>
+ <para>
+ Access Control Lists (ACLs) are address match lists that
+ you can set up and nickname for future use in <command>allow-notify</command>,
+ <command>allow-query</command>, <command>allow-query-on</command>,
<command>allow-recursion</command>, <command>allow-recursion-on</command>,
- <command>blackhole</command>, <command>allow-transfer</command>,
- etc.
- </para>
- <para>
- Using ACLs allows you to have finer control over who can access
- your name server, without cluttering up your config files with huge
- lists of IP addresses.
- </para>
- <para>
- It is a <emphasis>good idea</emphasis> to use ACLs, and to
- control access to your server. Limiting access to your server by
- outside parties can help prevent spoofing and denial of service (DoS) attacks against
- your server.
- </para>
- <para>
- Here is an example of how to properly apply ACLs:
- </para>
+ <command>blackhole</command>, <command>allow-transfer</command>,
+ etc.
+ </para>
+ <para>
+ Using ACLs allows you to have finer control over who can access
+ your name server, without cluttering up your config files with huge
+ lists of IP addresses.
+ </para>
+ <para>
+ It is a <emphasis>good idea</emphasis> to use ACLs, and to
+ control access to your server. Limiting access to your server by
+ outside parties can help prevent spoofing and denial of service (DoS) attacks against
+ your server.
+ </para>
+ <para>
+ Here is an example of how to properly apply ACLs:
+ </para>
<programlisting>
// Set up an ACL named "bogusnets" that will block
@@ -15059,8 +14719,8 @@
// RFC1918 space and some reserved space, which is
// commonly used in spoofing attacks.
acl bogusnets {
- 0.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
- 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
+ 0.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
+ 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
};
// Set up an ACL called our-nets. Replace this with the
@@ -15083,14 +14743,14 @@
};
</programlisting>
- <para>
- This allows recursive queries of the server from the outside
- unless recursion has been previously disabled.
- </para>
+ <para>
+ This allows recursive queries of the server from the outside
+ unless recursion has been previously disabled.
+ </para>
</sect1>
<sect1>
- <title><command>Chroot</command> and <command>Setuid</command></title>
- <para>
+ <title><command>Chroot</command> and <command>Setuid</command></title>
+ <para>
On UNIX servers, it is possible to run <acronym>BIND</acronym>
in a <emphasis>chrooted</emphasis> environment (using
the <command>chroot()</command> function) by specifying
@@ -15098,114 +14758,114 @@
This can help improve system security by placing
<acronym>BIND</acronym> in a "sandbox", which will limit
the damage done if a server is compromised.
- </para>
- <para>
- Another useful feature in the UNIX version of <acronym>BIND</acronym> is the
- ability to run the daemon as an unprivileged user ( <option>-u</option> <replaceable>user</replaceable> ).
- We suggest running as an unprivileged user when using the <command>chroot</command> feature.
- </para>
- <para>
- Here is an example command line to load <acronym>BIND</acronym> in a <command>chroot</command> sandbox,
- <command>/var/named</command>, and to run <command>named</command> <command>setuid</command> to
- user 202:
- </para>
- <para>
- <userinput>/usr/local/sbin/named -u 202 -t /var/named</userinput>
- </para>
+ </para>
+ <para>
+ Another useful feature in the UNIX version of <acronym>BIND</acronym> is the
+ ability to run the daemon as an unprivileged user ( <option>-u</option> <replaceable>user</replaceable> ).
+ We suggest running as an unprivileged user when using the <command>chroot</command> feature.
+ </para>
+ <para>
+ Here is an example command line to load <acronym>BIND</acronym> in a <command>chroot</command> sandbox,
+ <command>/var/named</command>, and to run <command>named</command> <command>setuid</command> to
+ user 202:
+ </para>
+ <para>
+ <userinput>/usr/local/sbin/named -u 202 -t /var/named</userinput>
+ </para>
- <sect2>
- <title>The <command>chroot</command> Environment</title>
+ <sect2>
+ <title>The <command>chroot</command> Environment</title>
- <para>
- In order for a <command>chroot</command> environment
- to
- work properly in a particular directory
- (for example, <filename>/var/named</filename>),
- you will need to set up an environment that includes everything
- <acronym>BIND</acronym> needs to run.
- From <acronym>BIND</acronym>'s point of view, <filename>/var/named</filename> is
- the root of the filesystem. You will need to adjust the values of
- options like
- like <command>directory</command> and <command>pid-file</command> to account
- for this.
- </para>
- <para>
- Unlike with earlier versions of BIND, you typically will
- <emphasis>not</emphasis> need to compile <command>named</command>
- statically nor install shared libraries under the new root.
- However, depending on your operating system, you may need
- to set up things like
- <filename>/dev/zero</filename>,
- <filename>/dev/random</filename>,
- <filename>/dev/log</filename>, and
- <filename>/etc/localtime</filename>.
- </para>
- </sect2>
+ <para>
+ In order for a <command>chroot</command> environment
+ to
+ work properly in a particular directory
+ (for example, <filename>/var/named</filename>),
+ you will need to set up an environment that includes everything
+ <acronym>BIND</acronym> needs to run.
+ From <acronym>BIND</acronym>'s point of view, <filename>/var/named</filename> is
+ the root of the filesystem. You will need to adjust the values of
+ options like
+ like <command>directory</command> and <command>pid-file</command> to account
+ for this.
+ </para>
+ <para>
+ Unlike with earlier versions of BIND, you typically will
+ <emphasis>not</emphasis> need to compile <command>named</command>
+ statically nor install shared libraries under the new root.
+ However, depending on your operating system, you may need
+ to set up things like
+ <filename>/dev/zero</filename>,
+ <filename>/dev/random</filename>,
+ <filename>/dev/log</filename>, and
+ <filename>/etc/localtime</filename>.
+ </para>
+ </sect2>
- <sect2>
- <title>Using the <command>setuid</command> Function</title>
+ <sect2>
+ <title>Using the <command>setuid</command> Function</title>
- <para>
- Prior to running the <command>named</command> daemon,
- use
- the <command>touch</command> utility (to change file
- access and
- modification times) or the <command>chown</command>
- utility (to
- set the user id and/or group id) on files
- to which you want <acronym>BIND</acronym>
- to write.
- </para>
+ <para>
+ Prior to running the <command>named</command> daemon,
+ use
+ the <command>touch</command> utility (to change file
+ access and
+ modification times) or the <command>chown</command>
+ utility (to
+ set the user id and/or group id) on files
+ to which you want <acronym>BIND</acronym>
+ to write.
+ </para>
<note>
Note that if the <command>named</command> daemon is running as an
- unprivileged user, it will not be able to bind to new restricted
- ports if the server is reloaded.
+ unprivileged user, it will not be able to bind to new restricted
+ ports if the server is reloaded.
</note>
- </sect2>
+ </sect2>
</sect1>
<sect1 id="dynamic_update_security">
- <title>Dynamic Update Security</title>
+ <title>Dynamic Update Security</title>
- <para>
- Access to the dynamic
- update facility should be strictly limited. In earlier versions of
- <acronym>BIND</acronym>, the only way to do this was
- based on the IP
- address of the host requesting the update, by listing an IP address
- or
- network prefix in the <command>allow-update</command>
- zone option.
- This method is insecure since the source address of the update UDP
- packet
- is easily forged. Also note that if the IP addresses allowed by the
- <command>allow-update</command> option include the
- address of a slave
- server which performs forwarding of dynamic updates, the master can
- be
- trivially attacked by sending the update to the slave, which will
- forward it to the master with its own source IP address causing the
- master to approve it without question.
- </para>
+ <para>
+ Access to the dynamic
+ update facility should be strictly limited. In earlier versions of
+ <acronym>BIND</acronym>, the only way to do this was
+ based on the IP
+ address of the host requesting the update, by listing an IP address
+ or
+ network prefix in the <command>allow-update</command>
+ zone option.
+ This method is insecure since the source address of the update UDP
+ packet
+ is easily forged. Also note that if the IP addresses allowed by the
+ <command>allow-update</command> option include the
+ address of a slave
+ server which performs forwarding of dynamic updates, the master can
+ be
+ trivially attacked by sending the update to the slave, which will
+ forward it to the master with its own source IP address causing the
+ master to approve it without question.
+ </para>
- <para>
- For these reasons, we strongly recommend that updates be
- cryptographically authenticated by means of transaction signatures
- (TSIG). That is, the <command>allow-update</command>
- option should
- list only TSIG key names, not IP addresses or network
- prefixes. Alternatively, the new <command>update-policy</command>
- option can be used.
- </para>
+ <para>
+ For these reasons, we strongly recommend that updates be
+ cryptographically authenticated by means of transaction signatures
+ (TSIG). That is, the <command>allow-update</command>
+ option should
+ list only TSIG key names, not IP addresses or network
+ prefixes. Alternatively, the new <command>update-policy</command>
+ option can be used.
+ </para>
- <para>
- Some sites choose to keep all dynamically-updated DNS data
- in a subdomain and delegate that subdomain to a separate zone. This
- way, the top-level zone containing critical data such as the IP
- addresses
- of public web and mail servers need not allow dynamic update at
- all.
- </para>
+ <para>
+ Some sites choose to keep all dynamically-updated DNS data
+ in a subdomain and delegate that subdomain to a separate zone. This
+ way, the top-level zone containing critical data such as the IP
+ addresses
+ of public web and mail servers need not allow dynamic update at
+ all.
+ </para>
</sect1>
</chapter>
@@ -15213,22 +14873,22 @@
<chapter id="Bv9ARM.ch08">
<title>Troubleshooting</title>
<sect1>
- <title>Common Problems</title>
- <sect2>
- <title>It's not working; how can I figure out what's wrong?</title>
+ <title>Common Problems</title>
+ <sect2>
+ <title>It's not working; how can I figure out what's wrong?</title>
- <para>
- The best solution to solving installation and
- configuration issues is to take preventative measures by setting
- up logging files beforehand. The log files provide a
- source of hints and information that can be used to figure out
- what went wrong and how to fix the problem.
- </para>
+ <para>
+ The best solution to solving installation and
+ configuration issues is to take preventative measures by setting
+ up logging files beforehand. The log files provide a
+ source of hints and information that can be used to figure out
+ what went wrong and how to fix the problem.
+ </para>
- </sect2>
+ </sect2>
</sect1>
<sect1>
- <title>Incrementing and Changing the Serial Number</title>
+ <title>Incrementing and Changing the Serial Number</title>
<para>
Zone serial numbers are just numbers — they aren't
@@ -15243,464 +14903,464 @@
server will attempt to update its copy of the zone.
</para>
- <para>
- Setting the serial number to a lower number on the master
- server than the slave server means that the slave will not perform
- updates to its copy of the zone.
- </para>
+ <para>
+ Setting the serial number to a lower number on the master
+ server than the slave server means that the slave will not perform
+ updates to its copy of the zone.
+ </para>
- <para>
- The solution to this is to add 2147483647 (2^31-1) to the
- number, reload the zone and make sure all slaves have updated to
- the new zone serial number, then reset the number to what you want
- it to be, and reload the zone again.
- </para>
+ <para>
+ The solution to this is to add 2147483647 (2^31-1) to the
+ number, reload the zone and make sure all slaves have updated to
+ the new zone serial number, then reset the number to what you want
+ it to be, and reload the zone again.
+ </para>
</sect1>
<sect1>
- <title>Where Can I Get Help?</title>
+ <title>Where Can I Get Help?</title>
- <para>
- The Internet Systems Consortium
- (<acronym>ISC</acronym>) offers a wide range
- of support and service agreements for <acronym>BIND</acronym> and <acronym>DHCP</acronym> servers. Four
- levels of premium support are available and each level includes
- support for all <acronym>ISC</acronym> programs,
- significant discounts on products
- and training, and a recognized priority on bug fixes and
- non-funded feature requests. In addition, <acronym>ISC</acronym> offers a standard
- support agreement package which includes services ranging from bug
- fix announcements to remote support. It also includes training in
- <acronym>BIND</acronym> and <acronym>DHCP</acronym>.
- </para>
+ <para>
+ The Internet Systems Consortium
+ (<acronym>ISC</acronym>) offers a wide range
+ of support and service agreements for <acronym>BIND</acronym> and <acronym>DHCP</acronym> servers. Four
+ levels of premium support are available and each level includes
+ support for all <acronym>ISC</acronym> programs,
+ significant discounts on products
+ and training, and a recognized priority on bug fixes and
+ non-funded feature requests. In addition, <acronym>ISC</acronym> offers a standard
+ support agreement package which includes services ranging from bug
+ fix announcements to remote support. It also includes training in
+ <acronym>BIND</acronym> and <acronym>DHCP</acronym>.
+ </para>
- <para>
- To discuss arrangements for support, contact
- <ulink url="mailto:info at isc.org">info at isc.org</ulink> or visit the
- <acronym>ISC</acronym> web page at
+ <para>
+ To discuss arrangements for support, contact
+ <ulink url="mailto:info at isc.org">info at isc.org</ulink> or visit the
+ <acronym>ISC</acronym> web page at
<ulink url="http://www.isc.org/services/support/"
- >http://www.isc.org/services/support/</ulink>
- to read more.
- </para>
+ >http://www.isc.org/services/support/</ulink>
+ to read more.
+ </para>
</sect1>
</chapter>
<appendix id="Bv9ARM.ch09">
<title>Appendices</title>
<sect1>
- <title>Acknowledgments</title>
- <sect2 id="historical_dns_information">
- <title>A Brief History of the <acronym>DNS</acronym> and <acronym>BIND</acronym></title>
+ <title>Acknowledgments</title>
+ <sect2 id="historical_dns_information">
+ <title>A Brief History of the <acronym>DNS</acronym> and <acronym>BIND</acronym></title>
- <para>
- Although the "official" beginning of the Domain Name
- System occurred in 1984 with the publication of RFC 920, the
- core of the new system was described in 1983 in RFCs 882 and
- 883. From 1984 to 1987, the ARPAnet (the precursor to today's
- Internet) became a testbed of experimentation for developing the
- new naming/addressing scheme in a rapidly expanding,
- operational network environment. New RFCs were written and
- published in 1987 that modified the original documents to
- incorporate improvements based on the working model. RFC 1034,
- "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
- Names-Implementation and Specification" were published and
- became the standards upon which all <acronym>DNS</acronym> implementations are
- built.
- </para>
+ <para>
+ Although the "official" beginning of the Domain Name
+ System occurred in 1984 with the publication of RFC 920, the
+ core of the new system was described in 1983 in RFCs 882 and
+ 883. From 1984 to 1987, the ARPAnet (the precursor to today's
+ Internet) became a testbed of experimentation for developing the
+ new naming/addressing scheme in a rapidly expanding,
+ operational network environment. New RFCs were written and
+ published in 1987 that modified the original documents to
+ incorporate improvements based on the working model. RFC 1034,
+ "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
+ Names-Implementation and Specification" were published and
+ became the standards upon which all <acronym>DNS</acronym> implementations are
+ built.
+ </para>
- <para>
- The first working domain name server, called "Jeeves", was
- written in 1983-84 by Paul Mockapetris for operation on DEC
- Tops-20
- machines located at the University of Southern California's
- Information
- Sciences Institute (USC-ISI) and SRI International's Network
- Information
- Center (SRI-NIC). A <acronym>DNS</acronym> server for
- Unix machines, the Berkeley Internet
- Name Domain (<acronym>BIND</acronym>) package, was
- written soon after by a group of
- graduate students at the University of California at Berkeley
- under
- a grant from the US Defense Advanced Research Projects
- Administration
- (DARPA).
- </para>
- <para>
+ <para>
+ The first working domain name server, called "Jeeves", was
+ written in 1983-84 by Paul Mockapetris for operation on DEC
+ Tops-20
+ machines located at the University of Southern California's
+ Information
+ Sciences Institute (USC-ISI) and SRI International's Network
+ Information
+ Center (SRI-NIC). A <acronym>DNS</acronym> server for
+ Unix machines, the Berkeley Internet
+ Name Domain (<acronym>BIND</acronym>) package, was
+ written soon after by a group of
+ graduate students at the University of California at Berkeley
+ under
+ a grant from the US Defense Advanced Research Projects
+ Administration
+ (DARPA).
+ </para>
+ <para>
Versions of <acronym>BIND</acronym> through
- 4.8.3 were maintained by the Computer
- Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
- Painter, David Riggle and Songnian Zhou made up the initial <acronym>BIND</acronym>
- project team. After that, additional work on the software package
- was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
- Corporation
- employee on loan to the CSRG, worked on <acronym>BIND</acronym> for 2 years, from 1985
- to 1987. Many other people also contributed to <acronym>BIND</acronym> development
- during that time: Doug Kingston, Craig Partridge, Smoot
- Carl-Mitchell,
- Mike Muuss, Jim Bloom and Mike Schwartz. <acronym>BIND</acronym> maintenance was subsequently
- handled by Mike Karels and Øivind Kure.
- </para>
- <para>
- <acronym>BIND</acronym> versions 4.9 and 4.9.1 were
- released by Digital Equipment
- Corporation (now Compaq Computer Corporation). Paul Vixie, then
- a DEC employee, became <acronym>BIND</acronym>'s
- primary caretaker. He was assisted
- by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
- Beecher, Andrew
- Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
- Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
- Wolfhugel, and others.
- </para>
- <para>
- In 1994, <acronym>BIND</acronym> version 4.9.2 was sponsored by
- Vixie Enterprises. Paul
- Vixie became <acronym>BIND</acronym>'s principal
- architect/programmer.
- </para>
- <para>
- <acronym>BIND</acronym> versions from 4.9.3 onward
- have been developed and maintained
- by the Internet Systems Consortium and its predecessor,
- the Internet Software Consortium, with support being provided
- by ISC's sponsors.
- </para>
+ 4.8.3 were maintained by the Computer
+ Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
+ Painter, David Riggle and Songnian Zhou made up the initial <acronym>BIND</acronym>
+ project team. After that, additional work on the software package
+ was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
+ Corporation
+ employee on loan to the CSRG, worked on <acronym>BIND</acronym> for 2 years, from 1985
+ to 1987. Many other people also contributed to <acronym>BIND</acronym> development
+ during that time: Doug Kingston, Craig Partridge, Smoot
+ Carl-Mitchell,
+ Mike Muuss, Jim Bloom and Mike Schwartz. <acronym>BIND</acronym> maintenance was subsequently
+ handled by Mike Karels and Øivind Kure.
+ </para>
<para>
+ <acronym>BIND</acronym> versions 4.9 and 4.9.1 were
+ released by Digital Equipment
+ Corporation (now Compaq Computer Corporation). Paul Vixie, then
+ a DEC employee, became <acronym>BIND</acronym>'s
+ primary caretaker. He was assisted
+ by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
+ Beecher, Andrew
+ Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
+ Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
+ Wolfhugel, and others.
+ </para>
+ <para>
+ In 1994, <acronym>BIND</acronym> version 4.9.2 was sponsored by
+ Vixie Enterprises. Paul
+ Vixie became <acronym>BIND</acronym>'s principal
+ architect/programmer.
+ </para>
+ <para>
+ <acronym>BIND</acronym> versions from 4.9.3 onward
+ have been developed and maintained
+ by the Internet Systems Consortium and its predecessor,
+ the Internet Software Consortium, with support being provided
+ by ISC's sponsors.
+ </para>
+ <para>
As co-architects/programmers, Bob Halley and
- Paul Vixie released the first production-ready version of
+ Paul Vixie released the first production-ready version of
<acronym>BIND</acronym> version 8 in May 1997.
- </para>
+ </para>
<para>
BIND version 9 was released in September 2000 and is a
major rewrite of nearly all aspects of the underlying
BIND architecture.
- </para>
- <para>
+ </para>
+ <para>
BIND versions 4 and 8 are officially deprecated.
No additional development is done
on BIND version 4 or BIND version 8.
- </para>
- <para>
- <acronym>BIND</acronym> development work is made
- possible today by the sponsorship
- of several corporations, and by the tireless work efforts of
- numerous individuals.
- </para>
- </sect2>
+ </para>
+ <para>
+ <acronym>BIND</acronym> development work is made
+ possible today by the sponsorship
+ of several corporations, and by the tireless work efforts of
+ numerous individuals.
+ </para>
+ </sect2>
</sect1>
<sect1>
- <title>General <acronym>DNS</acronym> Reference Information</title>
- <sect2 id="ipv6addresses">
- <title>IPv6 addresses (AAAA)</title>
- <para>
- IPv6 addresses are 128-bit identifiers for interfaces and
- sets of interfaces which were introduced in the <acronym>DNS</acronym> to facilitate
- scalable Internet routing. There are three types of addresses: <emphasis>Unicast</emphasis>,
- an identifier for a single interface;
- <emphasis>Anycast</emphasis>,
- an identifier for a set of interfaces; and <emphasis>Multicast</emphasis>,
- an identifier for a set of interfaces. Here we describe the global
- Unicast address scheme. For more information, see RFC 3587,
+ <title>General <acronym>DNS</acronym> Reference Information</title>
+ <sect2 id="ipv6addresses">
+ <title>IPv6 addresses (AAAA)</title>
+ <para>
+ IPv6 addresses are 128-bit identifiers for interfaces and
+ sets of interfaces which were introduced in the <acronym>DNS</acronym> to facilitate
+ scalable Internet routing. There are three types of addresses: <emphasis>Unicast</emphasis>,
+ an identifier for a single interface;
+ <emphasis>Anycast</emphasis>,
+ an identifier for a set of interfaces; and <emphasis>Multicast</emphasis>,
+ an identifier for a set of interfaces. Here we describe the global
+ Unicast address scheme. For more information, see RFC 3587,
"Global Unicast Address Format."
- </para>
- <para>
+ </para>
+ <para>
IPv6 unicast addresses consist of a
<emphasis>global routing prefix</emphasis>, a
<emphasis>subnet identifier</emphasis>, and an
<emphasis>interface identifier</emphasis>.
- </para>
- <para>
- The global routing prefix is provided by the
- upstream provider or ISP, and (roughly) corresponds to the
+ </para>
+ <para>
+ The global routing prefix is provided by the
+ upstream provider or ISP, and (roughly) corresponds to the
IPv4 <emphasis>network</emphasis> section
- of the address range.
+ of the address range.
The subnet identifier is for local subnetting, much the
- same as subnetting an
- IPv4 /16 network into /24 subnets.
+ same as subnetting an
+ IPv4 /16 network into /24 subnets.
The interface identifier is the address of an individual
- interface on a given network; in IPv6, addresses belong to
- interfaces rather than to machines.
- </para>
- <para>
- The subnetting capability of IPv6 is much more flexible than
- that of IPv4: subnetting can be carried out on bit boundaries,
- in much the same way as Classless InterDomain Routing
- (CIDR), and the DNS PTR representation ("nibble" format)
- makes setting up reverse zones easier.
- </para>
- <para>
- The Interface Identifier must be unique on the local link,
- and is usually generated automatically by the IPv6
- implementation, although it is usually possible to
- override the default setting if necessary. A typical IPv6
- address might look like:
+ interface on a given network; in IPv6, addresses belong to
+ interfaces rather than to machines.
+ </para>
+ <para>
+ The subnetting capability of IPv6 is much more flexible than
+ that of IPv4: subnetting can be carried out on bit boundaries,
+ in much the same way as Classless InterDomain Routing
+ (CIDR), and the DNS PTR representation ("nibble" format)
+ makes setting up reverse zones easier.
+ </para>
+ <para>
+ The Interface Identifier must be unique on the local link,
+ and is usually generated automatically by the IPv6
+ implementation, although it is usually possible to
+ override the default setting if necessary. A typical IPv6
+ address might look like:
<command>2001:db8:201:9:a00:20ff:fe81:2b32</command>
</para>
- <para>
- IPv6 address specifications often contain long strings
- of zeros, so the architects have included a shorthand for
- specifying
- them. The double colon (`::') indicates the longest possible
- string
- of zeros that can fit, and can be used only once in an address.
- </para>
- </sect2>
+ <para>
+ IPv6 address specifications often contain long strings
+ of zeros, so the architects have included a shorthand for
+ specifying
+ them. The double colon (`::') indicates the longest possible
+ string
+ of zeros that can fit, and can be used only once in an address.
+ </para>
+ </sect2>
</sect1>
<sect1 id="bibliography">
- <title>Bibliography (and Suggested Reading)</title>
- <sect2 id="rfcs">
- <title>Request for Comments (RFCs)</title>
- <para>
- Specification documents for the Internet protocol suite, including
- the <acronym>DNS</acronym>, are published as part of
- the Request for Comments (RFCs)
- series of technical notes. The standards themselves are defined
- by the Internet Engineering Task Force (IETF) and the Internet
- Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
+ <title>Bibliography (and Suggested Reading)</title>
+ <sect2 id="rfcs">
+ <title>Request for Comments (RFCs)</title>
+ <para>
+ Specification documents for the Internet protocol suite, including
+ the <acronym>DNS</acronym>, are published as part of
+ the Request for Comments (RFCs)
+ series of technical notes. The standards themselves are defined
+ by the Internet Engineering Task Force (IETF) and the Internet
+ Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
</para>
<para>
- <ulink url="ftp://www.isi.edu/in-notes/">
+ <ulink url="ftp://www.isi.edu/in-notes/">
ftp://www.isi.edu/in-notes/RFC<replaceable>xxxx</replaceable>.txt
</ulink>
</para>
<para>
(where <replaceable>xxxx</replaceable> is
- the number of the RFC). RFCs are also available via the Web at:
+ the number of the RFC). RFCs are also available via the Web at:
</para>
<para>
- <ulink url="http://www.ietf.org/rfc/"
- >http://www.ietf.org/rfc/</ulink>.
- </para>
- <bibliography>
- <bibliodiv>
- <!-- one of (BIBLIOENTRY BIBLIOMIXED) -->
- <title>Standards</title>
- <biblioentry>
- <abbrev>RFC974</abbrev>
- <author>
- <surname>Partridge</surname>
- <firstname>C.</firstname>
- </author>
- <title>Mail Routing and the Domain System</title>
- <pubdate>January 1986</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1034</abbrev>
- <author>
- <surname>Mockapetris</surname>
- <firstname>P.V.</firstname>
- </author>
- <title>Domain Names — Concepts and Facilities</title>
- <pubdate>November 1987</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1035</abbrev>
- <author>
- <surname>Mockapetris</surname>
- <firstname>P. V.</firstname>
- </author> <title>Domain Names — Implementation and
- Specification</title>
- <pubdate>November 1987</pubdate>
- </biblioentry>
- </bibliodiv>
- <bibliodiv id="proposed_standards" xreflabel="Proposed Standards">
+ <ulink url="http://www.ietf.org/rfc/"
+ >http://www.ietf.org/rfc/</ulink>.
+ </para>
+ <bibliography>
+ <bibliodiv>
+ <!-- one of (BIBLIOENTRY BIBLIOMIXED) -->
+ <title>Standards</title>
+ <biblioentry>
+ <abbrev>RFC974</abbrev>
+ <author>
+ <surname>Partridge</surname>
+ <firstname>C.</firstname>
+ </author>
+ <title>Mail Routing and the Domain System</title>
+ <pubdate>January 1986</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1034</abbrev>
+ <author>
+ <surname>Mockapetris</surname>
+ <firstname>P.V.</firstname>
+ </author>
+ <title>Domain Names — Concepts and Facilities</title>
+ <pubdate>November 1987</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1035</abbrev>
+ <author>
+ <surname>Mockapetris</surname>
+ <firstname>P. V.</firstname>
+ </author> <title>Domain Names — Implementation and
+ Specification</title>
+ <pubdate>November 1987</pubdate>
+ </biblioentry>
+ </bibliodiv>
+ <bibliodiv id="proposed_standards" xreflabel="Proposed Standards">
- <title>Proposed Standards</title>
- <!-- one of (BIBLIOENTRY BIBLIOMIXED) -->
- <biblioentry>
- <abbrev>RFC2181</abbrev>
- <author>
- <surname>Elz</surname>
- <firstname>R., R. Bush</firstname>
- </author>
- <title>Clarifications to the <acronym>DNS</acronym>
- Specification</title>
- <pubdate>July 1997</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2308</abbrev>
- <author>
- <surname>Andrews</surname>
- <firstname>M.</firstname>
- </author>
- <title>Negative Caching of <acronym>DNS</acronym>
- Queries</title>
- <pubdate>March 1998</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1995</abbrev>
- <author>
- <surname>Ohta</surname>
- <firstname>M.</firstname>
- </author>
- <title>Incremental Zone Transfer in <acronym>DNS</acronym></title>
- <pubdate>August 1996</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1996</abbrev>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <title>A Mechanism for Prompt Notification of Zone Changes</title>
- <pubdate>August 1996</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2136</abbrev>
- <authorgroup>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Thomson</surname>
- </author>
- <author>
- <firstname>Y.</firstname>
- <surname>Rekhter</surname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Bound</surname>
- </author>
- </authorgroup>
- <title>Dynamic Updates in the Domain Name System</title>
- <pubdate>April 1997</pubdate>
- </biblioentry>
+ <title>Proposed Standards</title>
+ <!-- one of (BIBLIOENTRY BIBLIOMIXED) -->
<biblioentry>
- <abbrev>RFC2671</abbrev>
- <authorgroup>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
- </authorgroup>
- <title>Extension Mechanisms for DNS (EDNS0)</title>
- <pubdate>August 1997</pubdate>
+ <abbrev>RFC2181</abbrev>
+ <author>
+ <surname>Elz</surname>
+ <firstname>R., R. Bush</firstname>
+ </author>
+ <title>Clarifications to the <acronym>DNS</acronym>
+ Specification</title>
+ <pubdate>July 1997</pubdate>
</biblioentry>
<biblioentry>
- <abbrev>RFC2672</abbrev>
- <authorgroup>
- <author>
- <firstname>M.</firstname>
- <surname>Crawford</surname>
- </author>
- </authorgroup>
- <title>Non-Terminal DNS Name Redirection</title>
- <pubdate>August 1999</pubdate>
+ <abbrev>RFC2308</abbrev>
+ <author>
+ <surname>Andrews</surname>
+ <firstname>M.</firstname>
+ </author>
+ <title>Negative Caching of <acronym>DNS</acronym>
+ Queries</title>
+ <pubdate>March 1998</pubdate>
</biblioentry>
- <biblioentry>
- <abbrev>RFC2845</abbrev>
- <authorgroup>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <firstname>O.</firstname>
- <surname>Gudmundsson</surname>
- </author>
- <author>
- <firstname>D.</firstname>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- </author>
- <author>
- <firstname>B.</firstname>
- <surname>Wellington</surname>
- </author>
- </authorgroup>
- <title>Secret Key Transaction Authentication for <acronym>DNS</acronym> (TSIG)</title>
- <pubdate>May 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2930</abbrev>
- <authorgroup>
- <author>
- <firstname>D.</firstname>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- </author>
- </authorgroup>
- <title>Secret Key Establishment for DNS (TKEY RR)</title>
- <pubdate>September 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2931</abbrev>
- <authorgroup>
- <author>
- <firstname>D.</firstname>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- </author>
- </authorgroup>
- <title>DNS Request and Transaction Signatures (SIG(0)s)</title>
- <pubdate>September 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3007</abbrev>
- <authorgroup>
- <author>
- <firstname>B.</firstname>
- <surname>Wellington</surname>
- </author>
- </authorgroup>
- <title>Secure Domain Name System (DNS) Dynamic Update</title>
- <pubdate>November 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3645</abbrev>
- <authorgroup>
- <author>
- <firstname>S.</firstname>
- <surname>Kwan</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Garg</surname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Gilroy</surname>
- </author>
- <author>
- <firstname>L.</firstname>
- <surname>Esibov</surname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Westhead</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Hall</surname>
- </author>
- </authorgroup>
- <title>Generic Security Service Algorithm for Secret
+ <biblioentry>
+ <abbrev>RFC1995</abbrev>
+ <author>
+ <surname>Ohta</surname>
+ <firstname>M.</firstname>
+ </author>
+ <title>Incremental Zone Transfer in <acronym>DNS</acronym></title>
+ <pubdate>August 1996</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1996</abbrev>
+ <author>
+ <surname>Vixie</surname>
+ <firstname>P.</firstname>
+ </author>
+ <title>A Mechanism for Prompt Notification of Zone Changes</title>
+ <pubdate>August 1996</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2136</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Vixie</surname>
+ <firstname>P.</firstname>
+ </author>
+ <author>
+ <firstname>S.</firstname>
+ <surname>Thomson</surname>
+ </author>
+ <author>
+ <firstname>Y.</firstname>
+ <surname>Rekhter</surname>
+ </author>
+ <author>
+ <firstname>J.</firstname>
+ <surname>Bound</surname>
+ </author>
+ </authorgroup>
+ <title>Dynamic Updates in the Domain Name System</title>
+ <pubdate>April 1997</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2671</abbrev>
+ <authorgroup>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Vixie</surname>
+ </author>
+ </authorgroup>
+ <title>Extension Mechanisms for DNS (EDNS0)</title>
+ <pubdate>August 1997</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2672</abbrev>
+ <authorgroup>
+ <author>
+ <firstname>M.</firstname>
+ <surname>Crawford</surname>
+ </author>
+ </authorgroup>
+ <title>Non-Terminal DNS Name Redirection</title>
+ <pubdate>August 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2845</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Vixie</surname>
+ <firstname>P.</firstname>
+ </author>
+ <author>
+ <firstname>O.</firstname>
+ <surname>Gudmundsson</surname>
+ </author>
+ <author>
+ <firstname>D.</firstname>
+ <surname>Eastlake</surname>
+ <lineage>3rd</lineage>
+ </author>
+ <author>
+ <firstname>B.</firstname>
+ <surname>Wellington</surname>
+ </author>
+ </authorgroup>
+ <title>Secret Key Transaction Authentication for <acronym>DNS</acronym> (TSIG)</title>
+ <pubdate>May 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2930</abbrev>
+ <authorgroup>
+ <author>
+ <firstname>D.</firstname>
+ <surname>Eastlake</surname>
+ <lineage>3rd</lineage>
+ </author>
+ </authorgroup>
+ <title>Secret Key Establishment for DNS (TKEY RR)</title>
+ <pubdate>September 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2931</abbrev>
+ <authorgroup>
+ <author>
+ <firstname>D.</firstname>
+ <surname>Eastlake</surname>
+ <lineage>3rd</lineage>
+ </author>
+ </authorgroup>
+ <title>DNS Request and Transaction Signatures (SIG(0)s)</title>
+ <pubdate>September 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3007</abbrev>
+ <authorgroup>
+ <author>
+ <firstname>B.</firstname>
+ <surname>Wellington</surname>
+ </author>
+ </authorgroup>
+ <title>Secure Domain Name System (DNS) Dynamic Update</title>
+ <pubdate>November 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3645</abbrev>
+ <authorgroup>
+ <author>
+ <firstname>S.</firstname>
+ <surname>Kwan</surname>
+ </author>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Garg</surname>
+ </author>
+ <author>
+ <firstname>J.</firstname>
+ <surname>Gilroy</surname>
+ </author>
+ <author>
+ <firstname>L.</firstname>
+ <surname>Esibov</surname>
+ </author>
+ <author>
+ <firstname>J.</firstname>
+ <surname>Westhead</surname>
+ </author>
+ <author>
+ <firstname>R.</firstname>
+ <surname>Hall</surname>
+ </author>
+ </authorgroup>
+ <title>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</title>
- <pubdate>October 2003</pubdate>
- </biblioentry>
- </bibliodiv>
+ <pubdate>October 2003</pubdate>
+ </biblioentry>
+ </bibliodiv>
<bibliodiv>
<title><acronym>DNS</acronym> Security Proposed Standards</title>
<biblioentry>
<abbrev>RFC3225</abbrev>
- <authorgroup>
+ <authorgroup>
<author>
<firstname>D.</firstname>
<surname>Conrad</surname>
</author>
- </authorgroup>
+ </authorgroup>
<title>Indicating Resolver Support of DNSSEC</title>
<pubdate>December 2001</pubdate>
</biblioentry>
<biblioentry>
- <abbrev>RFC3833</abbrev>
- <authorgroup>
+ <abbrev>RFC3833</abbrev>
+ <authorgroup>
<author>
<firstname>D.</firstname>
<surname>Atkins</surname>
@@ -15714,8 +15374,8 @@
<pubdate>August 2004</pubdate>
</biblioentry>
<biblioentry>
- <abbrev>RFC4033</abbrev>
- <authorgroup>
+ <abbrev>RFC4033</abbrev>
+ <authorgroup>
<author>
<firstname>R.</firstname>
<surname>Arends</surname>
@@ -15741,8 +15401,8 @@
<pubdate>March 2005</pubdate>
</biblioentry>
<biblioentry>
- <abbrev>RFC4034</abbrev>
- <authorgroup>
+ <abbrev>RFC4034</abbrev>
+ <authorgroup>
<author>
<firstname>R.</firstname>
<surname>Arends</surname>
@@ -15768,8 +15428,8 @@
<pubdate>March 2005</pubdate>
</biblioentry>
<biblioentry>
- <abbrev>RFC4035</abbrev>
- <authorgroup>
+ <abbrev>RFC4035</abbrev>
+ <authorgroup>
<author>
<firstname>R.</firstname>
<surname>Arends</surname>
@@ -15795,720 +15455,720 @@
Security Extensions</title>
<pubdate>March 2005</pubdate>
</biblioentry>
- </bibliodiv>
- <bibliodiv>
- <title>Other Important RFCs About <acronym>DNS</acronym>
- Implementation</title>
- <biblioentry>
- <abbrev>RFC1535</abbrev>
- <author>
- <surname>Gavron</surname>
- <firstname>E.</firstname>
- </author>
- <title>A Security Problem and Proposed Correction With Widely
- Deployed <acronym>DNS</acronym> Software.</title>
- <pubdate>October 1993</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1536</abbrev>
- <authorgroup>
- <author>
- <surname>Kumar</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Postel</surname>
- </author>
- <author>
- <firstname>C.</firstname>
- <surname>Neuman</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Danzig</surname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Miller</surname>
- </author>
- </authorgroup>
- <title>Common <acronym>DNS</acronym> Implementation
- Errors and Suggested Fixes</title>
- <pubdate>October 1993</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1982</abbrev>
- <authorgroup>
- <author>
- <surname>Elz</surname>
- <firstname>R.</firstname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Bush</surname>
- </author>
- </authorgroup>
- <title>Serial Number Arithmetic</title>
- <pubdate>August 1996</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC4074</abbrev>
- <authorgroup>
- <author>
- <surname>Morishita</surname>
- <firstname>Y.</firstname>
- </author>
- <author>
- <firstname>T.</firstname>
- <surname>Jinmei</surname>
- </author>
- </authorgroup>
- <title>Common Misbehaviour Against <acronym>DNS</acronym>
+ </bibliodiv>
+ <bibliodiv>
+ <title>Other Important RFCs About <acronym>DNS</acronym>
+ Implementation</title>
+ <biblioentry>
+ <abbrev>RFC1535</abbrev>
+ <author>
+ <surname>Gavron</surname>
+ <firstname>E.</firstname>
+ </author>
+ <title>A Security Problem and Proposed Correction With Widely
+ Deployed <acronym>DNS</acronym> Software.</title>
+ <pubdate>October 1993</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1536</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Kumar</surname>
+ <firstname>A.</firstname>
+ </author>
+ <author>
+ <firstname>J.</firstname>
+ <surname>Postel</surname>
+ </author>
+ <author>
+ <firstname>C.</firstname>
+ <surname>Neuman</surname>
+ </author>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Danzig</surname>
+ </author>
+ <author>
+ <firstname>S.</firstname>
+ <surname>Miller</surname>
+ </author>
+ </authorgroup>
+ <title>Common <acronym>DNS</acronym> Implementation
+ Errors and Suggested Fixes</title>
+ <pubdate>October 1993</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1982</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Elz</surname>
+ <firstname>R.</firstname>
+ </author>
+ <author>
+ <firstname>R.</firstname>
+ <surname>Bush</surname>
+ </author>
+ </authorgroup>
+ <title>Serial Number Arithmetic</title>
+ <pubdate>August 1996</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC4074</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Morishita</surname>
+ <firstname>Y.</firstname>
+ </author>
+ <author>
+ <firstname>T.</firstname>
+ <surname>Jinmei</surname>
+ </author>
+ </authorgroup>
+ <title>Common Misbehaviour Against <acronym>DNS</acronym>
Queries for IPv6 Addresses</title>
- <pubdate>May 2005</pubdate>
- </biblioentry>
- </bibliodiv>
- <bibliodiv>
- <title>Resource Record Types</title>
- <biblioentry>
- <abbrev>RFC1183</abbrev>
- <authorgroup>
- <author>
- <surname>Everhart</surname>
- <firstname>C.F.</firstname>
- </author>
- <author>
- <firstname>L. A.</firstname>
- <surname>Mamakos</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Ullmann</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Mockapetris</surname>
- </author>
- </authorgroup>
- <title>New <acronym>DNS</acronym> RR Definitions</title>
- <pubdate>October 1990</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1706</abbrev>
- <authorgroup>
- <author>
- <surname>Manning</surname>
- <firstname>B.</firstname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Colella</surname>
- </author>
- </authorgroup>
- <title><acronym>DNS</acronym> NSAP Resource Records</title>
- <pubdate>October 1994</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2168</abbrev>
- <authorgroup>
- <author>
- <surname>Daniel</surname>
- <firstname>R.</firstname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Mealling</surname>
- </author>
- </authorgroup>
- <title>Resolution of Uniform Resource Identifiers using
- the Domain Name System</title>
- <pubdate>June 1997</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1876</abbrev>
- <authorgroup>
- <author>
- <surname>Davis</surname>
- <firstname>C.</firstname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
- <author>
- <firstname>T.</firstname>
- <firstname>Goodwin</firstname>
- </author>
- <author>
- <firstname>I.</firstname>
- <surname>Dickinson</surname>
- </author>
- </authorgroup>
- <title>A Means for Expressing Location Information in the
- Domain
- Name System</title>
- <pubdate>January 1996</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2052</abbrev>
- <authorgroup>
- <author>
- <surname>Gulbrandsen</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
- </authorgroup>
- <title>A <acronym>DNS</acronym> RR for Specifying the
- Location of
- Services.</title>
- <pubdate>October 1996</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2163</abbrev>
- <author>
- <surname>Allocchio</surname>
- <firstname>A.</firstname>
- </author>
- <title>Using the Internet <acronym>DNS</acronym> to
- Distribute MIXER
- Conformant Global Address Mapping</title>
- <pubdate>January 1998</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2230</abbrev>
- <author>
- <surname>Atkinson</surname>
- <firstname>R.</firstname>
- </author>
- <title>Key Exchange Delegation Record for the <acronym>DNS</acronym></title>
- <pubdate>October 1997</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2536</abbrev>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <title>DSA KEYs and SIGs in the Domain Name System (DNS)</title>
- <pubdate>March 1999</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2537</abbrev>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <title>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</title>
- <pubdate>March 1999</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2538</abbrev>
+ <pubdate>May 2005</pubdate>
+ </biblioentry>
+ </bibliodiv>
+ <bibliodiv>
+ <title>Resource Record Types</title>
+ <biblioentry>
+ <abbrev>RFC1183</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
<author>
+ <surname>Everhart</surname>
+ <firstname>C.F.</firstname>
+ </author>
+ <author>
+ <firstname>L. A.</firstname>
+ <surname>Mamakos</surname>
+ </author>
+ <author>
+ <firstname>R.</firstname>
+ <surname>Ullmann</surname>
+ </author>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Mockapetris</surname>
+ </author>
+ </authorgroup>
+ <title>New <acronym>DNS</acronym> RR Definitions</title>
+ <pubdate>October 1990</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1706</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Manning</surname>
+ <firstname>B.</firstname>
+ </author>
+ <author>
+ <firstname>R.</firstname>
+ <surname>Colella</surname>
+ </author>
+ </authorgroup>
+ <title><acronym>DNS</acronym> NSAP Resource Records</title>
+ <pubdate>October 1994</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2168</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Daniel</surname>
+ <firstname>R.</firstname>
+ </author>
+ <author>
+ <firstname>M.</firstname>
+ <surname>Mealling</surname>
+ </author>
+ </authorgroup>
+ <title>Resolution of Uniform Resource Identifiers using
+ the Domain Name System</title>
+ <pubdate>June 1997</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1876</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Davis</surname>
+ <firstname>C.</firstname>
+ </author>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Vixie</surname>
+ </author>
+ <author>
+ <firstname>T.</firstname>
+ <firstname>Goodwin</firstname>
+ </author>
+ <author>
+ <firstname>I.</firstname>
+ <surname>Dickinson</surname>
+ </author>
+ </authorgroup>
+ <title>A Means for Expressing Location Information in the
+ Domain
+ Name System</title>
+ <pubdate>January 1996</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2052</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Gulbrandsen</surname>
+ <firstname>A.</firstname>
+ </author>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Vixie</surname>
+ </author>
+ </authorgroup>
+ <title>A <acronym>DNS</acronym> RR for Specifying the
+ Location of
+ Services.</title>
+ <pubdate>October 1996</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2163</abbrev>
+ <author>
+ <surname>Allocchio</surname>
+ <firstname>A.</firstname>
+ </author>
+ <title>Using the Internet <acronym>DNS</acronym> to
+ Distribute MIXER
+ Conformant Global Address Mapping</title>
+ <pubdate>January 1998</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2230</abbrev>
+ <author>
+ <surname>Atkinson</surname>
+ <firstname>R.</firstname>
+ </author>
+ <title>Key Exchange Delegation Record for the <acronym>DNS</acronym></title>
+ <pubdate>October 1997</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2536</abbrev>
+ <author>
+ <surname>Eastlake</surname>
+ <firstname>D.</firstname>
+ <lineage>3rd</lineage>
+ </author>
+ <title>DSA KEYs and SIGs in the Domain Name System (DNS)</title>
+ <pubdate>March 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2537</abbrev>
+ <author>
+ <surname>Eastlake</surname>
+ <firstname>D.</firstname>
+ <lineage>3rd</lineage>
+ </author>
+ <title>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</title>
+ <pubdate>March 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2538</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Eastlake</surname>
+ <firstname>D.</firstname>
+ <lineage>3rd</lineage>
+ </author>
+ <author>
<surname>Gudmundsson</surname>
<firstname>O.</firstname>
</author>
</authorgroup>
- <title>Storing Certificates in the Domain Name System (DNS)</title>
- <pubdate>March 1999</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2539</abbrev>
+ <title>Storing Certificates in the Domain Name System (DNS)</title>
+ <pubdate>March 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2539</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
+ <author>
+ <surname>Eastlake</surname>
+ <firstname>D.</firstname>
+ <lineage>3rd</lineage>
+ </author>
</authorgroup>
- <title>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</title>
- <pubdate>March 1999</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2540</abbrev>
+ <title>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</title>
+ <pubdate>March 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2540</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
+ <author>
+ <surname>Eastlake</surname>
+ <firstname>D.</firstname>
+ <lineage>3rd</lineage>
+ </author>
</authorgroup>
- <title>Detached Domain Name System (DNS) Information</title>
- <pubdate>March 1999</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2782</abbrev>
- <author>
- <surname>Gulbrandsen</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Esibov</surname>
- <firstname>L.</firstname>
- </author>
- <title>A DNS RR for specifying the location of services (DNS SRV)</title>
- <pubdate>February 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2915</abbrev>
- <author>
- <surname>Mealling</surname>
- <firstname>M.</firstname>
- </author>
- <author>
- <surname>Daniel</surname>
- <firstname>R.</firstname>
- </author>
- <title>The Naming Authority Pointer (NAPTR) DNS Resource Record</title>
- <pubdate>September 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3110</abbrev>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <title>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</title>
- <pubdate>May 2001</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3123</abbrev>
- <author>
- <surname>Koch</surname>
- <firstname>P.</firstname>
- </author>
- <title>A DNS RR Type for Lists of Address Prefixes (APL RR)</title>
- <pubdate>June 2001</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3596</abbrev>
- <authorgroup>
- <author>
- <surname>Thomson</surname>
- <firstname>S.</firstname>
- </author>
- <author>
- <firstname>C.</firstname>
- <surname>Huitema</surname>
- </author>
- <author>
- <firstname>V.</firstname>
- <surname>Ksinant</surname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Souissi</surname>
- </author>
- </authorgroup>
- <title><acronym>DNS</acronym> Extensions to support IP
- version 6</title>
- <pubdate>October 2003</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3597</abbrev>
- <author>
- <surname>Gustafsson</surname>
- <firstname>A.</firstname>
- </author>
- <title>Handling of Unknown DNS Resource Record (RR) Types</title>
- <pubdate>September 2003</pubdate>
- </biblioentry>
- </bibliodiv>
- <bibliodiv>
- <title><acronym>DNS</acronym> and the Internet</title>
- <biblioentry>
- <abbrev>RFC1101</abbrev>
- <author>
- <surname>Mockapetris</surname>
- <firstname>P. V.</firstname>
- </author>
- <title><acronym>DNS</acronym> Encoding of Network Names
- and Other Types</title>
- <pubdate>April 1989</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1123</abbrev>
- <author>
- <surname>Braden</surname>
- <surname>R.</surname>
- </author>
- <title>Requirements for Internet Hosts - Application and
- Support</title>
- <pubdate>October 1989</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1591</abbrev>
- <author>
- <surname>Postel</surname>
- <firstname>J.</firstname>
- </author>
- <title>Domain Name System Structure and Delegation</title>
- <pubdate>March 1994</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2317</abbrev>
- <authorgroup>
- <author>
- <surname>Eidnes</surname>
- <firstname>H.</firstname>
- </author>
- <author>
- <firstname>G.</firstname>
- <surname>de Groot</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
- </authorgroup>
- <title>Classless IN-ADDR.ARPA Delegation</title>
- <pubdate>March 1998</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2826</abbrev>
- <authorgroup>
- <author>
- <surname>Internet Architecture Board</surname>
- </author>
- </authorgroup>
- <title>IAB Technical Comment on the Unique DNS Root</title>
- <pubdate>May 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2929</abbrev>
- <authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <author>
- <surname>Brunner-Williams</surname>
- <firstname>E.</firstname>
- </author>
- <author>
- <surname>Manning</surname>
- <firstname>B.</firstname>
- </author>
- </authorgroup>
- <title>Domain Name System (DNS) IANA Considerations</title>
- <pubdate>September 2000</pubdate>
- </biblioentry>
- </bibliodiv>
- <bibliodiv>
- <title><acronym>DNS</acronym> Operations</title>
- <biblioentry>
- <abbrev>RFC1033</abbrev>
- <author>
- <surname>Lottor</surname>
- <firstname>M.</firstname>
- </author>
- <title>Domain administrators operations guide.</title>
- <pubdate>November 1987</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1537</abbrev>
- <author>
- <surname>Beertema</surname>
- <firstname>P.</firstname>
- </author>
- <title>Common <acronym>DNS</acronym> Data File
- Configuration Errors</title>
- <pubdate>October 1993</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1912</abbrev>
- <author>
- <surname>Barr</surname>
- <firstname>D.</firstname>
- </author>
- <title>Common <acronym>DNS</acronym> Operational and
- Configuration Errors</title>
- <pubdate>February 1996</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2010</abbrev>
- <authorgroup>
- <author>
- <surname>Manning</surname>
- <firstname>B.</firstname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
- </authorgroup>
- <title>Operational Criteria for Root Name Servers.</title>
- <pubdate>October 1996</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2219</abbrev>
- <authorgroup>
- <author>
- <surname>Hamilton</surname>
- <firstname>M.</firstname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Wright</surname>
- </author>
- </authorgroup>
- <title>Use of <acronym>DNS</acronym> Aliases for
- Network Services.</title>
- <pubdate>October 1997</pubdate>
- </biblioentry>
- </bibliodiv>
+ <title>Detached Domain Name System (DNS) Information</title>
+ <pubdate>March 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2782</abbrev>
+ <author>
+ <surname>Gulbrandsen</surname>
+ <firstname>A.</firstname>
+ </author>
+ <author>
+ <surname>Vixie</surname>
+ <firstname>P.</firstname>
+ </author>
+ <author>
+ <surname>Esibov</surname>
+ <firstname>L.</firstname>
+ </author>
+ <title>A DNS RR for specifying the location of services (DNS SRV)</title>
+ <pubdate>February 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2915</abbrev>
+ <author>
+ <surname>Mealling</surname>
+ <firstname>M.</firstname>
+ </author>
+ <author>
+ <surname>Daniel</surname>
+ <firstname>R.</firstname>
+ </author>
+ <title>The Naming Authority Pointer (NAPTR) DNS Resource Record</title>
+ <pubdate>September 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3110</abbrev>
+ <author>
+ <surname>Eastlake</surname>
+ <firstname>D.</firstname>
+ <lineage>3rd</lineage>
+ </author>
+ <title>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</title>
+ <pubdate>May 2001</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3123</abbrev>
+ <author>
+ <surname>Koch</surname>
+ <firstname>P.</firstname>
+ </author>
+ <title>A DNS RR Type for Lists of Address Prefixes (APL RR)</title>
+ <pubdate>June 2001</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3596</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Thomson</surname>
+ <firstname>S.</firstname>
+ </author>
+ <author>
+ <firstname>C.</firstname>
+ <surname>Huitema</surname>
+ </author>
+ <author>
+ <firstname>V.</firstname>
+ <surname>Ksinant</surname>
+ </author>
+ <author>
+ <firstname>M.</firstname>
+ <surname>Souissi</surname>
+ </author>
+ </authorgroup>
+ <title><acronym>DNS</acronym> Extensions to support IP
+ version 6</title>
+ <pubdate>October 2003</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3597</abbrev>
+ <author>
+ <surname>Gustafsson</surname>
+ <firstname>A.</firstname>
+ </author>
+ <title>Handling of Unknown DNS Resource Record (RR) Types</title>
+ <pubdate>September 2003</pubdate>
+ </biblioentry>
+ </bibliodiv>
<bibliodiv>
- <title>Internationalized Domain Names</title>
- <biblioentry>
- <abbrev>RFC2825</abbrev>
+ <title><acronym>DNS</acronym> and the Internet</title>
+ <biblioentry>
+ <abbrev>RFC1101</abbrev>
+ <author>
+ <surname>Mockapetris</surname>
+ <firstname>P. V.</firstname>
+ </author>
+ <title><acronym>DNS</acronym> Encoding of Network Names
+ and Other Types</title>
+ <pubdate>April 1989</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1123</abbrev>
+ <author>
+ <surname>Braden</surname>
+ <surname>R.</surname>
+ </author>
+ <title>Requirements for Internet Hosts - Application and
+ Support</title>
+ <pubdate>October 1989</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1591</abbrev>
+ <author>
+ <surname>Postel</surname>
+ <firstname>J.</firstname>
+ </author>
+ <title>Domain Name System Structure and Delegation</title>
+ <pubdate>March 1994</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2317</abbrev>
<authorgroup>
- <author>
- <surname>IAB</surname>
- </author>
- <author>
- <surname>Daigle</surname>
- <firstname>R.</firstname>
- </author>
+ <author>
+ <surname>Eidnes</surname>
+ <firstname>H.</firstname>
+ </author>
+ <author>
+ <firstname>G.</firstname>
+ <surname>de Groot</surname>
+ </author>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Vixie</surname>
+ </author>
</authorgroup>
- <title>A Tangled Web: Issues of I18N, Domain Names,
+ <title>Classless IN-ADDR.ARPA Delegation</title>
+ <pubdate>March 1998</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2826</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Internet Architecture Board</surname>
+ </author>
+ </authorgroup>
+ <title>IAB Technical Comment on the Unique DNS Root</title>
+ <pubdate>May 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2929</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Eastlake</surname>
+ <firstname>D.</firstname>
+ <lineage>3rd</lineage>
+ </author>
+ <author>
+ <surname>Brunner-Williams</surname>
+ <firstname>E.</firstname>
+ </author>
+ <author>
+ <surname>Manning</surname>
+ <firstname>B.</firstname>
+ </author>
+ </authorgroup>
+ <title>Domain Name System (DNS) IANA Considerations</title>
+ <pubdate>September 2000</pubdate>
+ </biblioentry>
+ </bibliodiv>
+ <bibliodiv>
+ <title><acronym>DNS</acronym> Operations</title>
+ <biblioentry>
+ <abbrev>RFC1033</abbrev>
+ <author>
+ <surname>Lottor</surname>
+ <firstname>M.</firstname>
+ </author>
+ <title>Domain administrators operations guide.</title>
+ <pubdate>November 1987</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1537</abbrev>
+ <author>
+ <surname>Beertema</surname>
+ <firstname>P.</firstname>
+ </author>
+ <title>Common <acronym>DNS</acronym> Data File
+ Configuration Errors</title>
+ <pubdate>October 1993</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1912</abbrev>
+ <author>
+ <surname>Barr</surname>
+ <firstname>D.</firstname>
+ </author>
+ <title>Common <acronym>DNS</acronym> Operational and
+ Configuration Errors</title>
+ <pubdate>February 1996</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2010</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Manning</surname>
+ <firstname>B.</firstname>
+ </author>
+ <author>
+ <firstname>P.</firstname>
+ <surname>Vixie</surname>
+ </author>
+ </authorgroup>
+ <title>Operational Criteria for Root Name Servers.</title>
+ <pubdate>October 1996</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2219</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Hamilton</surname>
+ <firstname>M.</firstname>
+ </author>
+ <author>
+ <firstname>R.</firstname>
+ <surname>Wright</surname>
+ </author>
+ </authorgroup>
+ <title>Use of <acronym>DNS</acronym> Aliases for
+ Network Services.</title>
+ <pubdate>October 1997</pubdate>
+ </biblioentry>
+ </bibliodiv>
+ <bibliodiv>
+ <title>Internationalized Domain Names</title>
+ <biblioentry>
+ <abbrev>RFC2825</abbrev>
+ <authorgroup>
+ <author>
+ <surname>IAB</surname>
+ </author>
+ <author>
+ <surname>Daigle</surname>
+ <firstname>R.</firstname>
+ </author>
+ </authorgroup>
+ <title>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</title>
- <pubdate>May 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3490</abbrev>
+ <pubdate>May 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3490</abbrev>
<authorgroup>
- <author>
- <surname>Faltstrom</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Hoffman</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Costello</surname>
- <firstname>A.</firstname>
- </author>
+ <author>
+ <surname>Faltstrom</surname>
+ <firstname>P.</firstname>
+ </author>
+ <author>
+ <surname>Hoffman</surname>
+ <firstname>P.</firstname>
+ </author>
+ <author>
+ <surname>Costello</surname>
+ <firstname>A.</firstname>
+ </author>
</authorgroup>
- <title>Internationalizing Domain Names in Applications (IDNA)</title>
- <pubdate>March 2003</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3491</abbrev>
+ <title>Internationalizing Domain Names in Applications (IDNA)</title>
+ <pubdate>March 2003</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3491</abbrev>
<authorgroup>
- <author>
- <surname>Hoffman</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Blanchet</surname>
- <firstname>M.</firstname>
- </author>
+ <author>
+ <surname>Hoffman</surname>
+ <firstname>P.</firstname>
+ </author>
+ <author>
+ <surname>Blanchet</surname>
+ <firstname>M.</firstname>
+ </author>
</authorgroup>
- <title>Nameprep: A Stringprep Profile for Internationalized Domain Names</title>
- <pubdate>March 2003</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3492</abbrev>
+ <title>Nameprep: A Stringprep Profile for Internationalized Domain Names</title>
+ <pubdate>March 2003</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3492</abbrev>
<authorgroup>
- <author>
- <surname>Costello</surname>
- <firstname>A.</firstname>
- </author>
+ <author>
+ <surname>Costello</surname>
+ <firstname>A.</firstname>
+ </author>
</authorgroup>
- <title>Punycode: A Bootstring encoding of Unicode
+ <title>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</title>
- <pubdate>March 2003</pubdate>
- </biblioentry>
+ <pubdate>March 2003</pubdate>
+ </biblioentry>
</bibliodiv>
- <bibliodiv>
- <title>Other <acronym>DNS</acronym>-related RFCs</title>
- <note>
- <para>
- Note: the following list of RFCs, although
- <acronym>DNS</acronym>-related, are not
- concerned with implementing software.
- </para>
- </note>
- <biblioentry>
- <abbrev>RFC1464</abbrev>
- <author>
- <surname>Rosenbaum</surname>
- <firstname>R.</firstname>
- </author>
- <title>Using the Domain Name System To Store Arbitrary String
- Attributes</title>
- <pubdate>May 1993</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1713</abbrev>
- <author>
- <surname>Romao</surname>
- <firstname>A.</firstname>
- </author>
- <title>Tools for <acronym>DNS</acronym> Debugging</title>
- <pubdate>November 1994</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC1794</abbrev>
- <author>
- <surname>Brisco</surname>
- <firstname>T.</firstname>
- </author>
- <title><acronym>DNS</acronym> Support for Load
- Balancing</title>
- <pubdate>April 1995</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2240</abbrev>
- <author>
- <surname>Vaughan</surname>
- <firstname>O.</firstname>
- </author>
- <title>A Legal Basis for Domain Name Allocation</title>
- <pubdate>November 1997</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2345</abbrev>
- <authorgroup>
- <author>
- <surname>Klensin</surname>
- <firstname>J.</firstname>
- </author>
- <author>
- <firstname>T.</firstname>
- <surname>Wolf</surname>
- </author>
- <author>
- <firstname>G.</firstname>
- <surname>Oglesby</surname>
- </author>
- </authorgroup>
- <title>Domain Names and Company Name Retrieval</title>
- <pubdate>May 1998</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2352</abbrev>
- <author>
- <surname>Vaughan</surname>
- <firstname>O.</firstname>
- </author>
- <title>A Convention For Using Legal Names as Domain Names</title>
- <pubdate>May 1998</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3071</abbrev>
- <authorgroup>
- <author>
- <surname>Klensin</surname>
- <firstname>J.</firstname>
- </author>
- </authorgroup>
- <title>Reflections on the DNS, RFC 1591, and Categories of Domains</title>
- <pubdate>February 2001</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3258</abbrev>
- <authorgroup>
- <author>
- <surname>Hardie</surname>
- <firstname>T.</firstname>
- </author>
- </authorgroup>
- <title>Distributing Authoritative Name Servers via
+ <bibliodiv>
+ <title>Other <acronym>DNS</acronym>-related RFCs</title>
+ <note>
+ <para>
+ Note: the following list of RFCs, although
+ <acronym>DNS</acronym>-related, are not
+ concerned with implementing software.
+ </para>
+ </note>
+ <biblioentry>
+ <abbrev>RFC1464</abbrev>
+ <author>
+ <surname>Rosenbaum</surname>
+ <firstname>R.</firstname>
+ </author>
+ <title>Using the Domain Name System To Store Arbitrary String
+ Attributes</title>
+ <pubdate>May 1993</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1713</abbrev>
+ <author>
+ <surname>Romao</surname>
+ <firstname>A.</firstname>
+ </author>
+ <title>Tools for <acronym>DNS</acronym> Debugging</title>
+ <pubdate>November 1994</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC1794</abbrev>
+ <author>
+ <surname>Brisco</surname>
+ <firstname>T.</firstname>
+ </author>
+ <title><acronym>DNS</acronym> Support for Load
+ Balancing</title>
+ <pubdate>April 1995</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2240</abbrev>
+ <author>
+ <surname>Vaughan</surname>
+ <firstname>O.</firstname>
+ </author>
+ <title>A Legal Basis for Domain Name Allocation</title>
+ <pubdate>November 1997</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2345</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Klensin</surname>
+ <firstname>J.</firstname>
+ </author>
+ <author>
+ <firstname>T.</firstname>
+ <surname>Wolf</surname>
+ </author>
+ <author>
+ <firstname>G.</firstname>
+ <surname>Oglesby</surname>
+ </author>
+ </authorgroup>
+ <title>Domain Names and Company Name Retrieval</title>
+ <pubdate>May 1998</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2352</abbrev>
+ <author>
+ <surname>Vaughan</surname>
+ <firstname>O.</firstname>
+ </author>
+ <title>A Convention For Using Legal Names as Domain Names</title>
+ <pubdate>May 1998</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3071</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Klensin</surname>
+ <firstname>J.</firstname>
+ </author>
+ </authorgroup>
+ <title>Reflections on the DNS, RFC 1591, and Categories of Domains</title>
+ <pubdate>February 2001</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3258</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Hardie</surname>
+ <firstname>T.</firstname>
+ </author>
+ </authorgroup>
+ <title>Distributing Authoritative Name Servers via
Shared Unicast Addresses</title>
- <pubdate>April 2002</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3901</abbrev>
- <authorgroup>
- <author>
- <surname>Durand</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Ihren</surname>
- </author>
- </authorgroup>
- <title>DNS IPv6 Transport Operational Guidelines</title>
- <pubdate>September 2004</pubdate>
- </biblioentry>
- </bibliodiv>
- <bibliodiv>
- <title>Obsolete and Unimplemented Experimental RFC</title>
- <biblioentry>
- <abbrev>RFC1712</abbrev>
- <authorgroup>
- <author>
- <surname>Farrell</surname>
- <firstname>C.</firstname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Schulze</surname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Pleitner</surname>
- </author>
- <author>
- <firstname>D.</firstname>
- <surname>Baldoni</surname>
- </author>
- </authorgroup>
- <title><acronym>DNS</acronym> Encoding of Geographical
- Location</title>
- <pubdate>November 1994</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2673</abbrev>
- <authorgroup>
- <author>
- <surname>Crawford</surname>
- <firstname>M.</firstname>
- </author>
- </authorgroup>
- <title>Binary Labels in the Domain Name System</title>
- <pubdate>August 1999</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2874</abbrev>
- <authorgroup>
- <author>
- <surname>Crawford</surname>
- <firstname>M.</firstname>
- </author>
- <author>
- <surname>Huitema</surname>
- <firstname>C.</firstname>
- </author>
- </authorgroup>
- <title>DNS Extensions to Support IPv6 Address Aggregation
+ <pubdate>April 2002</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3901</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Durand</surname>
+ <firstname>A.</firstname>
+ </author>
+ <author>
+ <firstname>J.</firstname>
+ <surname>Ihren</surname>
+ </author>
+ </authorgroup>
+ <title>DNS IPv6 Transport Operational Guidelines</title>
+ <pubdate>September 2004</pubdate>
+ </biblioentry>
+ </bibliodiv>
+ <bibliodiv>
+ <title>Obsolete and Unimplemented Experimental RFC</title>
+ <biblioentry>
+ <abbrev>RFC1712</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Farrell</surname>
+ <firstname>C.</firstname>
+ </author>
+ <author>
+ <firstname>M.</firstname>
+ <surname>Schulze</surname>
+ </author>
+ <author>
+ <firstname>S.</firstname>
+ <surname>Pleitner</surname>
+ </author>
+ <author>
+ <firstname>D.</firstname>
+ <surname>Baldoni</surname>
+ </author>
+ </authorgroup>
+ <title><acronym>DNS</acronym> Encoding of Geographical
+ Location</title>
+ <pubdate>November 1994</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2673</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Crawford</surname>
+ <firstname>M.</firstname>
+ </author>
+ </authorgroup>
+ <title>Binary Labels in the Domain Name System</title>
+ <pubdate>August 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2874</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Crawford</surname>
+ <firstname>M.</firstname>
+ </author>
+ <author>
+ <surname>Huitema</surname>
+ <firstname>C.</firstname>
+ </author>
+ </authorgroup>
+ <title>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</title>
- <pubdate>July 2000</pubdate>
- </biblioentry>
- </bibliodiv>
- <bibliodiv>
- <title>Obsoleted DNS Security RFCs</title>
+ <pubdate>July 2000</pubdate>
+ </biblioentry>
+ </bibliodiv>
+ <bibliodiv>
+ <title>Obsoleted DNS Security RFCs</title>
<note>
<para>
Most of these have been consolidated into RFC4033,
@@ -16515,189 +16175,189 @@
RFC4034 and RFC4035 which collectively describe DNSSECbis.
</para>
</note>
- <biblioentry>
- <abbrev>RFC2065</abbrev>
- <authorgroup>
- <author>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- <firstname>D.</firstname>
- </author>
- <author>
- <firstname>C.</firstname>
- <surname>Kaufman</surname>
- </author>
- </authorgroup>
- <title>Domain Name System Security Extensions</title>
- <pubdate>January 1997</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2137</abbrev>
- <author>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- <firstname>D.</firstname>
- </author>
- <title>Secure Domain Name System Dynamic Update</title>
- <pubdate>April 1997</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC2535</abbrev>
- <authorgroup>
- <author>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- <firstname>D.</firstname>
- </author>
- </authorgroup>
- <title>Domain Name System Security Extensions</title>
- <pubdate>March 1999</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3008</abbrev>
- <authorgroup>
- <author>
- <surname>Wellington</surname>
- <firstname>B.</firstname>
- </author>
- </authorgroup>
- <title>Domain Name System Security (DNSSEC)
+ <biblioentry>
+ <abbrev>RFC2065</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Eastlake</surname>
+ <lineage>3rd</lineage>
+ <firstname>D.</firstname>
+ </author>
+ <author>
+ <firstname>C.</firstname>
+ <surname>Kaufman</surname>
+ </author>
+ </authorgroup>
+ <title>Domain Name System Security Extensions</title>
+ <pubdate>January 1997</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2137</abbrev>
+ <author>
+ <surname>Eastlake</surname>
+ <lineage>3rd</lineage>
+ <firstname>D.</firstname>
+ </author>
+ <title>Secure Domain Name System Dynamic Update</title>
+ <pubdate>April 1997</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC2535</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Eastlake</surname>
+ <lineage>3rd</lineage>
+ <firstname>D.</firstname>
+ </author>
+ </authorgroup>
+ <title>Domain Name System Security Extensions</title>
+ <pubdate>March 1999</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3008</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Wellington</surname>
+ <firstname>B.</firstname>
+ </author>
+ </authorgroup>
+ <title>Domain Name System Security (DNSSEC)
Signing Authority</title>
- <pubdate>November 2000</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3090</abbrev>
- <authorgroup>
- <author>
- <surname>Lewis</surname>
- <firstname>E.</firstname>
- </author>
- </authorgroup>
- <title>DNS Security Extension Clarification on Zone Status</title>
- <pubdate>March 2001</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3445</abbrev>
- <authorgroup>
- <author>
- <surname>Massey</surname>
- <firstname>D.</firstname>
- </author>
- <author>
- <surname>Rose</surname>
- <firstname>S.</firstname>
- </author>
- </authorgroup>
- <title>Limiting the Scope of the KEY Resource Record (RR)</title>
- <pubdate>December 2002</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3655</abbrev>
- <authorgroup>
- <author>
- <surname>Wellington</surname>
- <firstname>B.</firstname>
- </author>
- <author>
- <surname>Gudmundsson</surname>
- <firstname>O.</firstname>
- </author>
- </authorgroup>
- <title>Redefinition of DNS Authenticated Data (AD) bit</title>
- <pubdate>November 2003</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3658</abbrev>
- <authorgroup>
- <author>
- <surname>Gudmundsson</surname>
- <firstname>O.</firstname>
- </author>
- </authorgroup>
- <title>Delegation Signer (DS) Resource Record (RR)</title>
- <pubdate>December 2003</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3755</abbrev>
- <authorgroup>
- <author>
- <surname>Weiler</surname>
- <firstname>S.</firstname>
- </author>
- </authorgroup>
- <title>Legacy Resolver Compatibility for Delegation Signer (DS)</title>
- <pubdate>May 2004</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3757</abbrev>
- <authorgroup>
- <author>
- <surname>Kolkman</surname>
- <firstname>O.</firstname>
- </author>
- <author>
- <surname>Schlyter</surname>
- <firstname>J.</firstname>
- </author>
- <author>
- <surname>Lewis</surname>
- <firstname>E.</firstname>
- </author>
- </authorgroup>
- <title>Domain Name System KEY (DNSKEY) Resource Record
+ <pubdate>November 2000</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3090</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Lewis</surname>
+ <firstname>E.</firstname>
+ </author>
+ </authorgroup>
+ <title>DNS Security Extension Clarification on Zone Status</title>
+ <pubdate>March 2001</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3445</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Massey</surname>
+ <firstname>D.</firstname>
+ </author>
+ <author>
+ <surname>Rose</surname>
+ <firstname>S.</firstname>
+ </author>
+ </authorgroup>
+ <title>Limiting the Scope of the KEY Resource Record (RR)</title>
+ <pubdate>December 2002</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3655</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Wellington</surname>
+ <firstname>B.</firstname>
+ </author>
+ <author>
+ <surname>Gudmundsson</surname>
+ <firstname>O.</firstname>
+ </author>
+ </authorgroup>
+ <title>Redefinition of DNS Authenticated Data (AD) bit</title>
+ <pubdate>November 2003</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3658</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Gudmundsson</surname>
+ <firstname>O.</firstname>
+ </author>
+ </authorgroup>
+ <title>Delegation Signer (DS) Resource Record (RR)</title>
+ <pubdate>December 2003</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3755</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Weiler</surname>
+ <firstname>S.</firstname>
+ </author>
+ </authorgroup>
+ <title>Legacy Resolver Compatibility for Delegation Signer (DS)</title>
+ <pubdate>May 2004</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3757</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Kolkman</surname>
+ <firstname>O.</firstname>
+ </author>
+ <author>
+ <surname>Schlyter</surname>
+ <firstname>J.</firstname>
+ </author>
+ <author>
+ <surname>Lewis</surname>
+ <firstname>E.</firstname>
+ </author>
+ </authorgroup>
+ <title>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</title>
- <pubdate>April 2004</pubdate>
- </biblioentry>
- <biblioentry>
- <abbrev>RFC3845</abbrev>
- <authorgroup>
- <author>
- <surname>Schlyter</surname>
- <firstname>J.</firstname>
- </author>
- </authorgroup>
- <title>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</title>
- <pubdate>August 2004</pubdate>
- </biblioentry>
- </bibliodiv>
- </bibliography>
- </sect2>
- <sect2 id="internet_drafts">
- <title>Internet Drafts</title>
- <para>
- Internet Drafts (IDs) are rough-draft working documents of
- the Internet Engineering Task Force. They are, in essence, RFCs
- in the preliminary stages of development. Implementors are
- cautioned not
- to regard IDs as archival, and they should not be quoted or cited
- in any formal documents unless accompanied by the disclaimer that
- they are "works in progress." IDs have a lifespan of six months
- after which they are deleted unless updated by their authors.
- </para>
- </sect2>
- <sect2>
- <title>Other Documents About <acronym>BIND</acronym></title>
- <para/>
- <bibliography>
- <biblioentry>
- <authorgroup>
- <author>
- <surname>Albitz</surname>
- <firstname>Paul</firstname>
- </author>
- <author>
- <firstname>Cricket</firstname>
- <surname>Liu</surname>
- </author>
- </authorgroup>
- <title><acronym>DNS</acronym> and <acronym>BIND</acronym></title>
- <copyright>
- <year>1998</year>
- <holder>Sebastopol, CA: O'Reilly and Associates</holder>
- </copyright>
- </biblioentry>
- </bibliography>
- </sect2>
+ <pubdate>April 2004</pubdate>
+ </biblioentry>
+ <biblioentry>
+ <abbrev>RFC3845</abbrev>
+ <authorgroup>
+ <author>
+ <surname>Schlyter</surname>
+ <firstname>J.</firstname>
+ </author>
+ </authorgroup>
+ <title>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</title>
+ <pubdate>August 2004</pubdate>
+ </biblioentry>
+ </bibliodiv>
+ </bibliography>
+ </sect2>
+ <sect2 id="internet_drafts">
+ <title>Internet Drafts</title>
+ <para>
+ Internet Drafts (IDs) are rough-draft working documents of
+ the Internet Engineering Task Force. They are, in essence, RFCs
+ in the preliminary stages of development. Implementors are
+ cautioned not
+ to regard IDs as archival, and they should not be quoted or cited
+ in any formal documents unless accompanied by the disclaimer that
+ they are "works in progress." IDs have a lifespan of six months
+ after which they are deleted unless updated by their authors.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Other Documents About <acronym>BIND</acronym></title>
+ <para/>
+ <bibliography>
+ <biblioentry>
+ <authorgroup>
+ <author>
+ <surname>Albitz</surname>
+ <firstname>Paul</firstname>
+ </author>
+ <author>
+ <firstname>Cricket</firstname>
+ <surname>Liu</surname>
+ </author>
+ </authorgroup>
+ <title><acronym>DNS</acronym> and <acronym>BIND</acronym></title>
+ <copyright>
+ <year>1998</year>
+ <holder>Sebastopol, CA: O'Reilly and Associates</holder>
+ </copyright>
+ </biblioentry>
+ </bibliography>
+ </sect2>
</sect1>
<xi:include href="libdns.xml"/>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch01.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch01.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch01.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch01.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564378">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564402">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564541">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564723">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563506">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563530">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564626">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564807">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564744">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564846">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567184">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567260">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567433">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567563">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564828">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564931">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567268">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567345">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567586">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567648">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -71,7 +71,7 @@
</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564378"></a>Scope of Document</h2></div></div></div>
+<a name="id2563506"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<acronym class="acronym">BIND</acronym>) implements a
@@ -81,13 +81,11 @@
<acronym class="acronym">BIND</acronym> version 9 software package for
system administrators.
</p>
-<p>
- This version of the manual corresponds to BIND version 9.8.
- </p>
+<p>This version of the manual corresponds to BIND version 9.8.</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564402"></a>Organization of This Document</h2></div></div></div>
+<a name="id2563530"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
@@ -116,7 +114,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564541"></a>Conventions Used in This Document</h2></div></div></div>
+<a name="id2564626"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
@@ -243,7 +241,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564723"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
+<a name="id2564807"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
@@ -253,7 +251,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564744"></a>DNS Fundamentals</h3></div></div></div>
+<a name="id2564828"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@@ -275,7 +273,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564846"></a>Domains and Domain Names</h3></div></div></div>
+<a name="id2564931"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@@ -321,7 +319,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567184"></a>Zones</h3></div></div></div>
+<a name="id2567268"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@@ -374,7 +372,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567260"></a>Authoritative Name Servers</h3></div></div></div>
+<a name="id2567345"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@@ -391,7 +389,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567284"></a>The Primary Master</h4></div></div></div>
+<a name="id2567368"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@@ -411,7 +409,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567382"></a>Slave Servers</h4></div></div></div>
+<a name="id2567398"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@@ -427,7 +425,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567403"></a>Stealth Servers</h4></div></div></div>
+<a name="id2567419"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@@ -462,7 +460,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567433"></a>Caching Name Servers</h3></div></div></div>
+<a name="id2567586"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@@ -489,7 +487,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567537"></a>Forwarding</h4></div></div></div>
+<a name="id2567621"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@@ -516,7 +514,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567563"></a>Name Servers in Multiple Roles</h3></div></div></div>
+<a name="id2567648"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as
@@ -558,5 +556,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch02.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch02.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch02.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch02.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567597">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567624">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567637">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567742">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567682">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567708">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567789">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567816">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567827">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567597"></a>Hardware requirements</h2></div></div></div>
+<a name="id2567682"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@@ -73,7 +73,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567624"></a>CPU Requirements</h2></div></div></div>
+<a name="id2567708"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@@ -84,7 +84,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567637"></a>Memory Requirements</h2></div></div></div>
+<a name="id2567789"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
@@ -107,7 +107,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567732"></a>Name Server Intensive Environment Issues</h2></div></div></div>
+<a name="id2567816"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@@ -124,7 +124,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567742"></a>Supported Operating Systems</h2></div></div></div>
+<a name="id2567827"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number
@@ -154,5 +154,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch03.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch03.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch03.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch03.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,14 +47,14 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568011">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568034">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568388">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570424">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568393">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569446">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -68,7 +68,7 @@
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567774"></a>A Caching-only Name Server</h3></div></div></div>
+<a name="id2567995"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@@ -98,7 +98,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567995"></a>An Authoritative-only Name Server</h3></div></div></div>
+<a name="id2568011"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@@ -146,7 +146,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568018"></a>Load Balancing</h2></div></div></div>
+<a name="id2568034"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple records
@@ -289,10 +289,10 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568372"></a>Name Server Operations</h2></div></div></div>
+<a name="id2568388"></a>Name Server Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568377"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
+<a name="id2568393"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@@ -445,300 +445,12 @@
it will display a usage message as follows:
</p>
<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
-<p>The <span><strong class="command">command</strong></span>
- is one of the following:
+<p>See <a href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
+ the available <span><strong class="command">rndc</strong></span> commands.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
-<dd><p>
- Reload configuration file and zones.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Reload the given zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Schedule zone maintenance for the given zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
-
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Retransfer the given zone from the master.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd>
<p>
- Fetch all DNSSEC keys for the given zone
- from the key directory (see
- <span><strong class="command">key-directory</strong></span> in
- <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
- Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
- Usage”</a>). If they are within
- their publication period, merge them into the
- zone's DNSKEY RRset. If the DNSKEY RRset
- is changed, then the zone is automatically
- re-signed with the new key set.
- </p>
-<p>
- This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option be set
- to <code class="literal">allow</code> or
- <code class="literal">maintain</code>,
- and also requires the zone to be configured to
- allow dynamic DNS.
- See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a> for
- more details.
- </p>
-</dd>
-<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd>
-<p>
- Fetch all DNSSEC keys for the given zone
- from the key directory (see
- <span><strong class="command">key-directory</strong></span> in
- <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
- Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
- Usage”</a>). If they are within
- their publication period, merge them into the
- zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
- sign</strong></span>, however, the zone is not
- immediately re-signed by the new keys, but is
- allowed to incrementally re-sign over time.
- </p>
-<p>
- This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option
- be set to <code class="literal">maintain</code>,
- and also requires the zone to be configured to
- allow dynamic DNS.
- See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a> for
- more details.
- </p>
-</dd>
-<dt><span class="term"><strong class="userinput"><code>freeze
- [<span class="optional"><em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
-<dd><p>
- Suspend updates to a dynamic zone. If no zone is
- specified,
- then all zones are suspended. This allows manual
- edits to be made to a zone normally updated by dynamic
- update. It
- also causes changes in the journal file to be synced
- into the master
- and the journal file to be removed. All dynamic
- update attempts will
- be refused while the zone is frozen.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>thaw
- [<span class="optional"><em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
-<dd><p>
- Enable updates to a frozen dynamic zone. If no zone
- is
- specified, then all frozen zones are enabled. This
- causes
- the server to reload the zone from disk, and
- re-enables dynamic updates
- after the load has completed. After a zone is thawed,
- dynamic updates
- will no longer be refused.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Resend NOTIFY messages for the zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
-<dd><p>
- Reload the configuration file and load new zones,
- but do not reload existing zone files even if they
- have changed.
- This is faster than a full <span><strong class="command">reload</strong></span> when there
- is a large number of zones because it avoids the need
- to examine the
- modification times of the zones files.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
-<dd><p>
- Write server statistics to the statistics file.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
-<dd><p>
- Toggle query logging. Query logging can also be enabled
- by explicitly directing the <span><strong class="command">queries</strong></span>
- <span><strong class="command">category</strong></span> to a
- <span><strong class="command">channel</strong></span> in the
- <span><strong class="command">logging</strong></span> section of
- <code class="filename">named.conf</code> or by specifying
- <span><strong class="command">querylog yes;</strong></span> in the
- <span><strong class="command">options</strong></span> section of
- <code class="filename">named.conf</code>.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>dumpdb
- [<span class="optional">-all|-cache|-zone</span>]
- [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
-<dd><p>
- Dump the server's caches (default) and/or zones to
- the
- dump file for the specified views. If no view is
- specified, all
- views are dumped.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>secroots
- [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
-<dd><p>
- Dump the server's security roots to the secroots
- file for the specified views. If no view is
- specified, security roots for all
- views are dumped.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
-<dd><p>
- Stop the server, making sure any recent changes
- made through dynamic update or IXFR are first saved to
- the master files of the updated zones.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
- had completed stopping.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
-<dd><p>
- Stop the server immediately. Recent changes
- made through dynamic update or IXFR are not saved to
- the master files, but will be rolled forward from the
- journal files when the server is restarted.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
- had completed halting.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
-<dd><p>
- Increment the servers debugging level by one.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
-<dd><p>
- Sets the server's debugging level to an explicit
- value.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
-<dd><p>
- Sets the server's debugging level to 0.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
-<dd><p>
- Flushes the server's cache.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
- Flushes the given name from the server's cache.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
-<dd><p>
- Display status of the server.
- Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
- and the default <span><strong class="command">./IN</strong></span>
- hint zone if there is not an
- explicit root zone configured.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
-<dd><p>
- Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
- on.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>validation
- [<span class="optional">on|off</span>]
- [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]
- </code></strong></span></dt>
-<dd><p>
- Enable or disable DNSSEC validation.
- Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
- set to <strong class="userinput"><code>yes</code></strong> to be effective.
- It defaults to enabled.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>
-<dd><p>
- List the names of all TSIG keys currently configured
- for use by <span><strong class="command">named</strong></span> in each view. The
- list both statically configured keys and dynamic
- TKEY-negotiated keys.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong>
- <em class="replaceable"><code>keyname</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
-<dd><p>
- Delete a given TKEY-negotiated key from the server.
- (This does not apply to statically configured TSIG
- keys.)
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>addzone
- <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
- <em class="replaceable"><code>configuration</code></em>
- </code></strong></span></dt>
-<dd>
-<p>
- Add a zone while the server is running. This
- command requires the
- <span><strong class="command">allow-new-zones</strong></span> option to be set
- to <strong class="userinput"><code>yes</code></strong>. The
- <em class="replaceable"><code>configuration</code></em> string
- specified on the command line is the zone
- configuration text that would ordinarily be
- placed in <code class="filename">named.conf</code>.
- </p>
-<p>
- The configuration is saved in a file called
- <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
- where <em class="replaceable"><code>hash</code></em> is a
- cryptographic hash generated from the name of
- the view. When <span><strong class="command">named</strong></span> is
- restarted, the file will be loaded into the view
- configuration, so that zones that were added
- can persist after a restart.
- </p>
-<p>
- This sample <span><strong class="command">addzone</strong></span> command
- would add the zone <code class="literal">example.com</code>
- to the default view:
- </p>
-<p>
-<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>
- </p>
-<p>
- (Note the brackets and semi-colon around the zone
- configuration text.)
- </p>
-</dd>
-<dt><span class="term"><strong class="userinput"><code>delzone
- <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
- </code></strong></span></dt>
-<dd><p>
- Delete a zone while the server is running.
- Only zones that were originally added via
- <span><strong class="command">rndc addzone</strong></span> can be deleted
- in this matter.
- </p></dd>
-</dl></div>
-<p>
- A configuration file is required, since all
+ <span><strong class="command">rndc</strong></span> requires a configuration file,
+ since all
communication with the server is authenticated with
digital signatures that rely on a shared secret, and
there is no way to provide that secret other than with a
@@ -888,7 +600,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570424"></a>Signals</h3></div></div></div>
+<a name="id2569446"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
@@ -953,5 +665,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch04.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch04.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch04.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -49,59 +49,59 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570937">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570955">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569822">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569909">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571814">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571850">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571908">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571957">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570547">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570620">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570631">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570667">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570725">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570774">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571971">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572156">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570788">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570837">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572225">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572385">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570973">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571189">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571338">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608395">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563581">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563836">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563874">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563920">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563946">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571406">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571457">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571466">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607705">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563642">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563678">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563761">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563798">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563811">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563980">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564007">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564017">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564026">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564039">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564076">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564086">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571658">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571681">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582369">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582391">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611650">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608875">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609137">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635518">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635785">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635831">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609867">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608322">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610358">PKCS #11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610389">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2634958">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635004">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572604">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571626">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572871">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572892">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571756">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571778">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -258,7 +258,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570937"></a>Split DNS</h2></div></div></div>
+<a name="id2569822"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -288,7 +288,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570955"></a>Example split DNS setup</h3></div></div></div>
+<a name="id2569909"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@@ -545,7 +545,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564016"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2570547"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -553,7 +553,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2564033"></a>Automatic Generation</h4></div></div></div>
+<a name="id2570564"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
@@ -577,7 +577,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2564071"></a>Manual Generation</h4></div></div></div>
+<a name="id2570602"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -592,7 +592,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564089"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2570620"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@@ -600,7 +600,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571814"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2570631"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@@ -627,7 +627,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571850"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2570667"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@@ -659,7 +659,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571908"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2570725"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@@ -686,7 +686,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571957"></a>Errors</h3></div></div></div>
+<a name="id2570774"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@@ -712,7 +712,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571971"></a>TKEY</h2></div></div></div>
+<a name="id2570788"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@@ -748,7 +748,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572156"></a>SIG(0)</h2></div></div></div>
+<a name="id2570837"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC 2931.
@@ -809,7 +809,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572225"></a>Generating Keys</h3></div></div></div>
+<a name="id2570973"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@@ -865,7 +865,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572304"></a>Signing the Zone</h3></div></div></div>
+<a name="id2571189"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
@@ -907,7 +907,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572385"></a>Configuring Servers</h3></div></div></div>
+<a name="id2571338"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
@@ -1067,7 +1067,7 @@
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2608395"></a>Converting from insecure to secure</h3></div></div></div></div>
+<a name="id2607705"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
@@ -1093,7 +1093,7 @@
well. An NSEC chain will be generated as part of the initial
signing process.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563581"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563642"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
@@ -1129,7 +1129,7 @@
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563754"></a>Fully automatic zone signing</h3></div></div></div></div>
+<a name="id2563678"></a>Fully automatic zone signing</h3></div></div></div></div>
<p>To enable automatic signing, add the
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
<code class="filename">named.conf</code>.
@@ -1164,7 +1164,7 @@
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563836"></a>Private-type records</h3></div></div></div></div>
+<a name="id2563761"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@@ -1205,12 +1205,12 @@
<p>
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563874"></a>DNSKEY rollovers</h3></div></div></div></div>
+<a name="id2563798"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563886"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563811"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
the <code class="filename">K*</code> files for the new keys so that
<span><strong class="command">named</strong></span> can find them. You can then add the new
@@ -1232,7 +1232,7 @@
<span><strong class="command">named</strong></span> will clean out any signatures generated
by the old key after the update completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563920"></a>Automatic key rollovers</h3></div></div></div></div>
+<a name="id2563980"></a>Automatic key rollovers</h3></div></div></div></div>
<p>When a new key reaches its activation date (as set by
<span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
@@ -1247,7 +1247,7 @@
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563946"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
+<a name="id2564007"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<p>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
@@ -1254,7 +1254,7 @@
record. The old chain will be removed after the update request
completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563956"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
+<a name="id2564017"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<p>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
@@ -1261,13 +1261,13 @@
chain will be generated before the NSEC chain is
destroyed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571406"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
+<a name="id2564026"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571419"></a>Converting from secure to insecure</h3></div></div></div></div>
+<a name="id2564039"></a>Converting from secure to insecure</h3></div></div></div></div>
<p>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@@ -1282,7 +1282,7 @@
<span><strong class="command">allow</strong></span> instead (or it will re-sign).
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571457"></a>Periodic re-signing</h3></div></div></div></div>
+<a name="id2564076"></a>Periodic re-signing</h3></div></div></div></div>
<p>In any secure zone which supports dynamic updates, named
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
@@ -1289,7 +1289,7 @@
adjusted so as to spread the re-sign load over time rather than
all at once.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2571466"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
+<a name="id2564086"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<p>
<span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
@@ -1311,7 +1311,7 @@
configuration files.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571658"></a>Validating Resolver</h3></div></div></div>
+<a name="id2582369"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
<span><strong class="command">managed-keys</strong></span> statement. Information about
@@ -1322,7 +1322,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571681"></a>Authoritative Server</h3></div></div></div>
+<a name="id2582391"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1396,7 +1396,7 @@
Debian Linux, Solaris x86 and Windows Server 2003.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611650"></a>Prerequisites</h3></div></div></div>
+<a name="id2609867"></a>Prerequisites</h3></div></div></div>
<p>See the HSM vendor documentation for information about
installing, initializing, testing and troubleshooting the
HSM.</p>
@@ -1431,16 +1431,18 @@
other computationally-intensive operations. The AEP Keyper
is an example of such a device.</p></li>
</ul></div>
-<p>The modified OpenSSL code is included in the BIND 9 release,
- in the form of a context diff against the latest verions of
- OpenSSL. OpenSSL 0.9.8 and 1.0.0 are both supported; there are
- separate diffs for each version. In the examples to follow,
- we use OpenSSL 0.9.8, but the same methods work with OpenSSL 1.0.0.
+<p>
+ The modified OpenSSL code is included in the BIND 9 release,
+ in the form of a context diff against the latest versions of
+ OpenSSL. OpenSSL 0.9.8, 1.0.0, and 1.0.1 are supported; there are
+ separate diffs for each version. In the examples to follow,
+ we use OpenSSL 0.9.8, but the same methods work with OpenSSL
+ 1.0.0 and 1.0.1.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
The latest OpenSSL versions at the time of the BIND release
- are 0.9.8s and 1.0.0f.
+ are 0.9.8y, 1.0.0k and 1.0.1e.
ISC will provide an updated patch as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.</div>
@@ -1473,7 +1475,7 @@
when we configure BIND 9.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608605"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
+<a name="id2607984"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
@@ -1505,7 +1507,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608675"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
+<a name="id2608053"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
@@ -1527,7 +1529,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608724"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
+<a name="id2608102"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<p>SoftHSM is a software library provided by the OpenDNSSEC
project (http://www.opendnssec.org) which provides a PKCS#11
interface to a virtual HSM, implemented in the form of encrypted
@@ -1587,12 +1589,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608875"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
+<a name="id2608322"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
<p>When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608952"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
+<a name="id2608330"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<p>The PKCS #11 library for the AEP Keyper is currently
@@ -1608,7 +1610,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608984"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
+<a name="id2608430"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<pre class="screen">
@@ -1626,7 +1628,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609089"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
+<a name="id2608467"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure --enable-threads \
@@ -1643,7 +1645,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609137"></a>PKCS #11 Tools</h3></div></div></div>
+<a name="id2610358"></a>PKCS #11 Tools</h3></div></div></div>
<p>BIND 9 includes a minimal set of tools to operate the
HSM, including
<span><strong class="command">pkcs11-keygen</strong></span> to generate a new key pair
@@ -1661,7 +1663,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2635518"></a>Using the HSM</h3></div></div></div>
+<a name="id2610389"></a>Using the HSM</h3></div></div></div>
<p>First, we must set up the runtime environment so the
OpenSSL and PKCS #11 libraries can be loaded:</p>
<pre class="screen">
@@ -1749,7 +1751,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2635785"></a>Specifying the engine on the command line</h3></div></div></div>
+<a name="id2634958"></a>Specifying the engine on the command line</h3></div></div></div>
<p>The OpenSSL engine can be specified in
<span><strong class="command">named</strong></span> and all of the BIND
<span><strong class="command">dnssec-*</strong></span> tools by using the "-E
@@ -1770,7 +1772,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2635831"></a>Running named with automatic zone re-signing</h3></div></div></div>
+<a name="id2635004"></a>Running named with automatic zone re-signing</h3></div></div></div>
<p>If you want
<span><strong class="command">named</strong></span> to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
@@ -1806,7 +1808,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572604"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id2571626"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@@ -1844,7 +1846,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572871"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2571756"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -1863,7 +1865,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572892"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2571778"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
@@ -1898,5 +1900,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch05.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch05.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch05.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch05.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572925">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571811">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572925"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2571811"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
@@ -139,5 +139,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch06.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch06.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch06.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -48,30 +48,30 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574405">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573225">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574990"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573879"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575180"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574075"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575472"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574503"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574520"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575649"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575672"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575763"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575889"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574612"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574635"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574726"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574852"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577914"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577988"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578120"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578164"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576949"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577022"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577086"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577130"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578179"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577145"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
@@ -78,28 +78,28 @@
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590070"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589245"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590278"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589385"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590325"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589637"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590766"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590004"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591564"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595755">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595058">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597986">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597220">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598601">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598796">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599138"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597835">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597962">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598235"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -416,12 +416,14 @@
<p>
Integers may take values
0 <= value <= 18446744073709551615, though
- certain parameters may use a more limited range
- within these extremes. In most cases, setting a
- value to 0 does not literally mean zero; it means
- "undefined" or "as big as psosible", depending on
- the context. See the expalantions of particular
- parameters that use <code class="varname">size_spec</code>
+ certain parameters
+ (such as <span><strong class="command">max-journal-size</strong></span>) may
+ use a more limited range within these extremes.
+ In most cases, setting a value to 0 does not
+ literally mean zero; it means "undefined" or
+ "as big as possible", depending on the context.
+ See the explanations of particular parameters
+ that use <code class="varname">size_spec</code>
for details on how they interpret its use.
</p>
<p>
@@ -491,7 +493,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574103"></a>Syntax</h4></div></div></div>
+<a name="id2572992"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@@ -500,7 +502,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574131"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573019"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -584,7 +586,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574405"></a>Comment Syntax</h3></div></div></div>
+<a name="id2573225"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@@ -594,7 +596,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574420"></a>Syntax</h4></div></div></div>
+<a name="id2573240"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@@ -610,7 +612,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574450"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573338"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@@ -862,7 +864,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574990"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2573879"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@@ -918,7 +920,9 @@
<td>
<p>
Matches the IPv4 and IPv6 addresses of all network
- interfaces on the system.
+ interfaces on the system. When addresses are
+ added or removed, the <span><strong class="command">localhost</strong></span>
+ ACL element is updated to reflect the changes.
</p>
</td>
</tr>
@@ -930,6 +934,9 @@
<p>
Matches any host on an IPv4 or IPv6 network
for which the system has an interface.
+ When addresses are added or removed,
+ the <span><strong class="command">localnets</strong></span>
+ ACL element is updated to reflect the changes.
Some systems do not provide a way to determine the prefix
lengths of
local IPv6 addresses.
@@ -944,7 +951,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575180"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574075"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { <em class="replaceable"><code> address_match_list </code></em> }
@@ -1068,12 +1075,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575472"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574503"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575489"></a><span><strong class="command">include</strong></span> Statement Definition and
+<a name="id2574520"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@@ -1088,7 +1095,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575649"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574612"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@@ -1097,7 +1104,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575672"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2574635"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
@@ -1144,7 +1151,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575763"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574726"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
@@ -1168,7 +1175,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575889"></a><span><strong class="command">logging</strong></span> Statement Definition and
+<a name="id2574852"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@@ -1202,7 +1209,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2576009"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2574904"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@@ -1303,6 +1310,9 @@
then this clause is silently ignored.
</p>
<p>
+ On Windows machines syslog messages are directed to the EventViewer.
+ </p>
+<p>
The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
"priorities", except that they can also be used if you are writing
straight to a file rather than using <span><strong class="command">syslog</strong></span>.
@@ -1723,8 +1733,8 @@
Delegation only. Logs queries that have been
forced to NXDOMAIN as the result of a
delegation-only zone or a
- <span><strong class="command">delegation-only</strong></span> in a hint
- or stub zone declaration.
+ <span><strong class="command">delegation-only</strong></span> in a
+ forward, hint or stub zone declaration.
</p>
</td>
</tr>
@@ -1780,7 +1790,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2577326"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
+<a name="id2576361"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
@@ -2008,7 +2018,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577914"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2576949"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -2024,7 +2034,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577988"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2577022"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@@ -2036,8 +2046,8 @@
<p>
The <span><strong class="command">listen-on</strong></span> statement specifies a
list of
- addresses (and ports) that this instance of a lightweight resolver
- daemon
+ IPv4 addresses (and ports) that this instance of a lightweight
+ resolver daemon
should accept requests on. If no port is specified, port 921 is
used.
If this statement is omitted, requests will be accepted on
@@ -2075,7 +2085,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578120"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577086"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
@@ -2083,7 +2093,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578164"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="id2577130"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@@ -2092,7 +2102,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578179"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577145"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -2163,7 +2173,7 @@
[<span class="optional"> check-mx-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-srv-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-sibling <em class="replaceable"><code>yes_or_no</code></em>; </span>]
- [<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
+ [<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> allow-new-zones { <em class="replaceable"><code>yes_or_no</code></em> }; </span>]
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
@@ -2181,6 +2191,7 @@
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
+ [<span class="optional"> no-case-compress { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> use-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> use-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
@@ -3597,10 +3608,13 @@
The default is <span><strong class="command">yes</strong></span>.
</p>
<p>
- Check that the two forms of Sender Policy Framework
- records (TXT records starting with "v=spf1" and SPF) either
- both exist or both don't exist. Warnings are
- emitted it they don't and be suppressed with
+ The use of the SPF record for publishing Sender
+ Policy Framework is deprecated as the migration
+ from using TXT records to SPF records was abandoned.
+ Enabling this option also checks that a TXT Sender
+ Policy Framework record exists (starts with "v=spf1")
+ if there is an SPF record. Warnings are emitted if the
+ TXT record does not exist and can be suppressed with
<span><strong class="command">check-spf</strong></span>.
</p>
</dd>
@@ -3623,11 +3637,11 @@
</p></dd>
<dt><span class="term"><span><strong class="command">check-spf</strong></span></span></dt>
<dd><p>
- When performing integrity checks, check that the
- two forms of Sender Policy Framwork records (TXT
- records starting with "v=spf1" and SPF) both exist
- or both don't exist and issue a warning if not
- met. The default is <span><strong class="command">warn</strong></span>.
+ If <span><strong class="command">check-integrity</strong></span> is set then
+ check that there is a TXT Sender Policy Framework
+ record present (starts with "v=spf1") if there is an
+ SPF record present. The default is
+ <span><strong class="command">warn</strong></span>.
</p></dd>
<dt><span class="term"><span><strong class="command">zero-no-soa-ttl</strong></span></span></dt>
<dd><p>
@@ -3722,7 +3736,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583834"></a>Forwarding</h4></div></div></div>
+<a name="id2582944"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -3766,7 +3780,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583893"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2583002"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@@ -3971,6 +3985,57 @@
<span><strong class="command">filter-aaaa-on-v4</strong></span>
is applies. The default is <strong class="userinput"><code>any</code></strong>.
</p></dd>
+<dt><span class="term"><span><strong class="command">no-case-compress</strong></span></span></dt>
+<dd>
+<p>
+ Specifies a list of addresses which require responses
+ to use case-insensitive compression. This ACL can be
+ used when <span><strong class="command">named</strong></span> needs to work with
+ clients that do not comply with the requirement in RFC
+ 1034 to use case-insensitive name comparisons when
+ checking for matching domain names.
+ </p>
+<p>
+ If left undefined, the ACL defaults to
+ <span><strong class="command">none</strong></span>: case-insensitive compression
+ will be used for all clients. If the ACL is defined and
+ matches a client, then case will be ignored when
+ compressing domain names in DNS responses sent to that
+ client.
+ </p>
+<p>
+ This can result in slightly smaller responses: if
+ a response contains the names "example.com" and
+ "example.COM", case-insensitive compression would treat
+ the second one as a duplicate. It also ensures
+ that the case of the query name exactly matches the
+ case of the owner names of returned records, rather
+ than matching the case of the records entered in
+ the zone file. This allows responses to exactly
+ match the query, which is required by some clients
+ due to incorrect use of case-sensitive comparisons.
+ </p>
+<p>
+ Case-insensitive compression is <span class="emphasis"><em>always</em></span>
+ used in AXFR and IXFR responses, regardless of whether
+ the client matches this ACL.
+ </p>
+<p>
+ There are circumstances in which <span><strong class="command">named</strong></span>
+ will not preserve the case of owner names of records:
+ if a zone file defines records of different types with
+ the same name, but the capitalization of the name is
+ different (e.g., "www.example.com/A" and
+ "WWW.EXAMPLE.COM/AAAA"), then all responses for that
+ name will use the <span class="emphasis"><em>first</em></span> version
+ of the name that was used in the zone file. This
+ limitation may be addressed in a future release. However,
+ domain names specified in the rdata of resource records
+ (i.e., records of type NS, MX, CNAME, etc) will always
+ have their case preserved unless the client matches this
+ ACL.
+ </p>
+</dd>
<dt><span class="term"><span><strong class="command">resolver-query-timeout</strong></span></span></dt>
<dd><p>
The amount of time the resolver will spend attempting
@@ -3983,11 +4048,13 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2584590"></a>Interfaces</h4></div></div></div>
+<a name="id2583676"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
- an optional port and an <code class="varname">address_match_list</code>.
+ an optional port and an <code class="varname">address_match_list</code>
+ of IPv4 addresses. (IPv6 addresses are ignored, with a
+ logged warning.)
The server will listen on all interfaces allowed by the address
match list. If a port is not specified, port 53 will be used.
</p>
@@ -4035,6 +4102,8 @@
the server listens on a separate socket for each specified
address,
regardless of whether the desired API is supported by the system.
+ IPv4 addresses specified in <span><strong class="command">listen-on-v6</strong></span>
+ will be ignored, with a logged warning.
</p>
<p>
Multiple <span><strong class="command">listen-on-v6</strong></span> options can
@@ -4442,7 +4511,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585664"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2584958"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
@@ -4484,7 +4553,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585723"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2585018"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -4633,20 +4702,21 @@
</p></dd>
<dt><span class="term"><span><strong class="command">tcp-listen-queue</strong></span></span></dt>
<dd><p>
- The listen queue depth. The default and minimum is 3.
+ The listen queue depth. The default and minimum is 10.
If the kernel supports the accept filter "dataready" this
also controls how
many TCP connections that will be queued in kernel space
waiting for
- some data before being passed to accept. Values less than 3
- will be
- silently raised.
+ some data before being passed to accept. Nonzero values
+ less than 10 will be silently raised. A value of 0 may also
+ be used; on most platforms this sets the listen queue
+ length to a system-defined default value.
</p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586350"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2585441"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@@ -5554,7 +5624,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588612"></a>Content Filtering</h4></div></div></div>
+<a name="id2587838"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -5677,7 +5747,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588738"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
+<a name="id2587964"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 includes a limited
mechanism to modify DNS responses for requests
@@ -5950,6 +6020,7 @@
[<span class="optional"> bogus <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
+ [<span class="optional"> request-nsid <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> edns <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> edns-udp-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-udp-size <em class="replaceable"><code>number</code></em> ; </span>]
@@ -6138,6 +6209,13 @@
be specified. Similarly, for an IPv6 remote server,
only <span><strong class="command">query-source-v6</strong></span> can be specified.
</p>
+<p>
+ The <span><strong class="command">request-nsid</strong></span> clause determines
+ whether the local server will add a NSID EDNS option
+ to requests sent to the server. This overrides
+ <span><strong class="command">request-nsid</strong></span> set at the view or
+ option level.
+ </p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
@@ -6151,7 +6229,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590070"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<a name="id2589245"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@@ -6211,7 +6289,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590278"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2589385"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -6251,10 +6329,10 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590325"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2589637"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
- <em class="replaceable"><code>name</code></em> <code class="literal">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
- [<span class="optional"> <em class="replaceable"><code>name</code></em> <code class="literal">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
+ <em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
+ [<span class="optional"> <em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
};
</pre>
</div>
@@ -6389,7 +6467,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590766"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2590004"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@@ -6523,7 +6601,7 @@
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
- [<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
+ [<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em> ; </span>]
[<span class="optional"> file <em class="replaceable"><code>string</code></em> ; </span>]
@@ -6679,10 +6757,10 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2592398"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2591564"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592406"></a>Zone Types</h4></div></div></div>
+<a name="id2591572"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -6942,7 +7020,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2593019"></a>Class</h4></div></div></div>
+<a name="id2592117"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -6964,7 +7042,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2593052"></a>Zone Options</h4></div></div></div>
+<a name="id2592150"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@@ -7110,9 +7188,10 @@
<dt><span class="term"><span><strong class="command">delegation-only</strong></span></span></dt>
<dd>
<p>
- The flag only applies to hint and stub zones. If set
- to <strong class="userinput"><code>yes</code></strong>, then the zone will also be
- treated as if it is also a delegation-only type zone.
+ The flag only applies to forward, hint and stub
+ zones. If set to <strong class="userinput"><code>yes</code></strong>,
+ then the zone will also be treated as if it is
+ also a delegation-only type zone.
</p>
<p>
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
@@ -7846,7 +7925,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2595755"></a>Zone File</h2></div></div></div>
+<a name="id2595058"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -7859,7 +7938,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2595842"></a>Resource Records</h4></div></div></div>
+<a name="id2595076"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -8596,7 +8675,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597465"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2596563"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -8799,7 +8878,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2597986"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2597220"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -9041,8 +9120,7 @@
<p>
Each RR can have a TTL as the second
field in the RR, which will control how long other
- servers can cache
- the it.
+ servers can cache it.
</p>
</td>
</tr>
@@ -9055,7 +9133,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2598601"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2597835"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -9116,7 +9194,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2598796"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2597962"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -9131,7 +9209,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598819"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="id2597985"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@@ -9142,7 +9220,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598835"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2598001"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@@ -9171,7 +9249,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598964"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2598130"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@@ -9207,7 +9285,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2599101"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2598199"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@@ -9226,7 +9304,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2599138"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2598235"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@@ -9294,8 +9372,9 @@
<p>
This can be one of two forms: start-stop
or start-stop/step. If the first form is used, then step
- is set to
- 1. All of start, stop and step must be positive.
+ is set to 1. start, stop and step must be positive
+ integers between 0 and (2^31)-1. start must not be
+ larger than stop.
</p>
</td>
</tr>
@@ -9650,7 +9729,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600091"></a>Name Server Statistics Counters</h4></div></div></div>
+<a name="id2599257"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -10220,7 +10299,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2601596"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="id2600762"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -10374,7 +10453,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2601979"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="id2601213"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -10757,7 +10836,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2603138"></a>Socket I/O Statistics Counters</h4></div></div></div>
+<a name="id2602235"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@@ -10912,7 +10991,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2603579"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="id2602677"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in
@@ -10964,5 +11043,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch07.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch07.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch07.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603806"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602836"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603888">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603947">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603053">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603181">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@@ -114,7 +114,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603806"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="id2602836"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@@ -140,7 +140,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2603888"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2603053"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@@ -168,7 +168,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2603947"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2603181"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use
@@ -247,5 +247,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch08.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch08.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch08.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604027">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2604101">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604113">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604130">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603261">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603267">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603278">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603364">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2604027"></a>Common Problems</h2></div></div></div>
+<a name="id2603261"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2604101"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2603267"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2604113"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2603278"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2604130"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2603364"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
@@ -135,5 +135,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch09.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch09.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch09.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,31 +45,31 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604192">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603426">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604363">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603529">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607712">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606809">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609824">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609833">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609175">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609206">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609283">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609309">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2610282">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609133">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609143">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608485">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608516">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608593">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608619">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609319">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2604192"></a>Acknowledgments</h2></div></div></div>
+<a name="id2603426"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@@ -172,7 +172,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2604363"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<a name="id2603529"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@@ -260,17 +260,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2604619"></a>Bibliography</h4></div></div></div>
+<a name="id2603785"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id2604630"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2603796"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604653"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2603819"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604677"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and
+<a name="id2603843"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@@ -278,42 +278,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2604713"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
+<a name="id2603879"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604740"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
+<a name="id2603974"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604765"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2604000"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604858"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2604024"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604882"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2604048"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604937"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id2604103"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604964"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2604130"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604990"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2604156"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605052"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2604218"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605082"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2604248"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605112"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id2604278"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605139"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id2604305"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@@ -322,19 +322,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2605221"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id2604387"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605248"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2604413"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605284"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2604450"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605349"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2604515"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605414"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
+<a name="id2604580"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@@ -342,18 +342,18 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
-<a name="id2605488"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2604653"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605513"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id2604679"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605581"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2604747"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605617"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+<a name="id2604851"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
@@ -360,66 +360,66 @@
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2605662"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2604897"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605720"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id2604954"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605757"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2604992"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605793"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id2605027"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605847"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id2605081"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605885"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id2605120"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605911"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2605145"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605937"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605171"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606032"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605197"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606058"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605224"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606098"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605264"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606128"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605293"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606157"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id2605323"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606200"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2605366"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606233"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id2605399"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606260"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id2605426"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606283"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
+<a name="id2605449"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606341"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id2605507"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
@@ -426,24 +426,24 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2606373"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2605539"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606398"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
+<a name="id2605564"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606421"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id2605587"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606444"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2605610"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606490"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2605656"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606514"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2605680"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
@@ -450,21 +450,21 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2606571"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2605737"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606595"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
+<a name="id2605761"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606621"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
+<a name="id2605787"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606648"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id2605814"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606684"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
+<a name="id2605850"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
@@ -471,17 +471,17 @@
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
-<a name="id2606730"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
+<a name="id2605896"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606762"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2605928"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606808"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2605974"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606843"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id2606009"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@@ -497,47 +497,47 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2606888"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
+<a name="id2606054"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606910"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id2606076"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606936"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
+<a name="id2606102"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606962"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id2606128"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606985"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2606151"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607031"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2606197"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607054"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id2606220"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607081"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
+<a name="id2606247"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607175"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id2606273"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
-<a name="id2607219"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2606316"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607276"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2606374"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607303"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
+<a name="id2606401"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@@ -551,39 +551,39 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2607351"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2606449"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607390"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2606488"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607417"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2606515"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607447"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
+<a name="id2606545"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607473"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id2606570"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607499"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id2606597"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607536"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id2606633"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607572"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id2606669"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607598"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id2606696"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607625"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
+<a name="id2606723"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607670"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2606768"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@@ -604,14 +604,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607712"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="id2606809"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2607721"></a>Bibliography</h4></div></div></div>
+<a name="id2606819"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2607723"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright \xA9 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2606821"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright \xA9 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
@@ -648,7 +648,7 @@
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609824"></a>Prerequisite</h3></div></div></div>
+<a name="id2609133"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -657,7 +657,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609833"></a>Compilation</h3></div></div></div>
+<a name="id2609143"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
@@ -672,7 +672,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609175"></a>Installation</h3></div></div></div>
+<a name="id2608485"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
@@ -694,7 +694,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609206"></a>Known Defects/Restrictions</h3></div></div></div>
+<a name="id2608516"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -734,7 +734,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609283"></a>The dns.conf File</h3></div></div></div>
+<a name="id2608593"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -752,7 +752,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609309"></a>Sample Applications</h3></div></div></div>
+<a name="id2608619"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
@@ -759,7 +759,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609318"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id2608628"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -823,7 +823,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609409"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id2608718"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -856,7 +856,7 @@
consists of a single domain name. Example:
<div class="literallayout"><p><br>
\xA0\xA0www.example.com<br>
-\xA0\xA0mx.examle.net<br>
+\xA0\xA0mx.example.net<br>
\xA0\xA0ns.xxx.example<br>
</p></div>
</dd>
@@ -864,7 +864,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609462"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id2608772"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -905,7 +905,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609526"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id2608836"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -922,7 +922,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609541"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id2608851"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -1017,7 +1017,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610218"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id2609255"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
@@ -1074,7 +1074,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610282"></a>Library References</h3></div></div></div>
+<a name="id2609319"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
@@ -1099,5 +1099,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.ch10.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.ch10.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.ch10.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch10.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -131,5 +131,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/Bv9ARM.html
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.1.1.2 2013-08-22 22:51:57 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -40,8 +40,9 @@
<div class="titlepage">
<div>
<div><h1 class="title">
-<a name="id2563175"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="copyright">Copyright \xA9 2004-2013 Internet Systems Consortium, Inc. ("ISC")</p></div>
+<a name="id2563180"></a>BIND 9 Administrator Reference Manual</h1></div>
+<div><p class="releaseinfo">BIND Version 9.8.8</p></div>
+<div><p class="copyright">Copyright \xA9 2004-2014 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright \xA9 2000-2003 Internet Software Consortium.</p></div>
</div>
<hr>
@@ -51,39 +52,39 @@
<dl>
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564378">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564402">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564541">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564723">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563506">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563530">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564626">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564807">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564744">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564846">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567184">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567260">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567433">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567563">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564828">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564931">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567268">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567345">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567586">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567648">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567597">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567624">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567637">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567742">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567682">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567708">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567789">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567816">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567827">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568011">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568034">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568388">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570424">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568393">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569446">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@@ -92,64 +93,64 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570937">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570955">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569822">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569909">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571814">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571850">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571908">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571957">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570547">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570620">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570631">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570667">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570725">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570774">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571971">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572156">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570788">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570837">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572225">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572385">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570973">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571189">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571338">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608395">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563581">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563836">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563874">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563920">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563946">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571406">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571457">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571466">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607705">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563642">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563678">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563761">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563798">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563811">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563980">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564007">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564017">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564026">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564039">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564076">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564086">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571658">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571681">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582369">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582391">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611650">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608875">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609137">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635518">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635785">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635831">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609867">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608322">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610358">PKCS #11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610389">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2634958">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635004">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572604">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571626">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572871">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572892">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571756">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571778">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572925">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571811">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@@ -157,30 +158,30 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574405">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573225">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574990"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573879"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575180"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574075"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575472"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574503"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574520"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575649"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575672"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575763"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575889"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574612"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574635"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574726"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574852"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577914"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577988"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578120"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578164"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576949"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577022"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577086"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577130"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578179"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577145"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
@@ -187,28 +188,28 @@
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590070"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589245"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590278"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589385"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590325"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589637"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590766"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590004"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591564"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595755">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595058">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597986">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597220">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598601">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598796">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599138"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597835">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597962">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598235"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -217,41 +218,41 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603806"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602836"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603888">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603947">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603053">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603181">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604027">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2604101">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604113">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604130">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603261">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603267">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603278">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603364">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604192">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603426">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604363">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603529">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607712">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606809">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609824">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609833">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609175">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609206">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609283">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609309">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2610282">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609133">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609143">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608485">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608516">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608593">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608619">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609319">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>
@@ -339,5 +340,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Deleted: vendor/bind/dist/doc/arm/Bv9ARM.pdf
===================================================================
--- vendor/bind/dist/doc/arm/Bv9ARM.pdf 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Bv9ARM.pdf 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,22743 +0,0 @@
-%PDF-1.4
-5 0 obj
-<< /S /GoTo /D (chapter.1) >>
-endobj
-8 0 obj
-(1 Introduction)
-endobj
-9 0 obj
-<< /S /GoTo /D (section.1.1) >>
-endobj
-12 0 obj
-(1.1 Scope of Document)
-endobj
-13 0 obj
-<< /S /GoTo /D (section.1.2) >>
-endobj
-16 0 obj
-(1.2 Organization of This Document)
-endobj
-17 0 obj
-<< /S /GoTo /D (section.1.3) >>
-endobj
-20 0 obj
-(1.3 Conventions Used in This Document)
-endobj
-21 0 obj
-<< /S /GoTo /D (section.1.4) >>
-endobj
-24 0 obj
-(1.4 The Domain Name System \(DNS\))
-endobj
-25 0 obj
-<< /S /GoTo /D (subsection.1.4.1) >>
-endobj
-28 0 obj
-(1.4.1 DNS Fundamentals)
-endobj
-29 0 obj
-<< /S /GoTo /D (subsection.1.4.2) >>
-endobj
-32 0 obj
-(1.4.2 Domains and Domain Names)
-endobj
-33 0 obj
-<< /S /GoTo /D (subsection.1.4.3) >>
-endobj
-36 0 obj
-(1.4.3 Zones)
-endobj
-37 0 obj
-<< /S /GoTo /D (subsection.1.4.4) >>
-endobj
-40 0 obj
-(1.4.4 Authoritative Name Servers)
-endobj
-41 0 obj
-<< /S /GoTo /D (subsubsection.1.4.4.1) >>
-endobj
-44 0 obj
-(1.4.4.1 The Primary Master)
-endobj
-45 0 obj
-<< /S /GoTo /D (subsubsection.1.4.4.2) >>
-endobj
-48 0 obj
-(1.4.4.2 Slave Servers)
-endobj
-49 0 obj
-<< /S /GoTo /D (subsubsection.1.4.4.3) >>
-endobj
-52 0 obj
-(1.4.4.3 Stealth Servers)
-endobj
-53 0 obj
-<< /S /GoTo /D (subsection.1.4.5) >>
-endobj
-56 0 obj
-(1.4.5 Caching Name Servers)
-endobj
-57 0 obj
-<< /S /GoTo /D (subsubsection.1.4.5.1) >>
-endobj
-60 0 obj
-(1.4.5.1 Forwarding)
-endobj
-61 0 obj
-<< /S /GoTo /D (subsection.1.4.6) >>
-endobj
-64 0 obj
-(1.4.6 Name Servers in Multiple Roles)
-endobj
-65 0 obj
-<< /S /GoTo /D (chapter.2) >>
-endobj
-68 0 obj
-(2 BIND Resource Requirements)
-endobj
-69 0 obj
-<< /S /GoTo /D (section.2.1) >>
-endobj
-72 0 obj
-(2.1 Hardware requirements)
-endobj
-73 0 obj
-<< /S /GoTo /D (section.2.2) >>
-endobj
-76 0 obj
-(2.2 CPU Requirements)
-endobj
-77 0 obj
-<< /S /GoTo /D (section.2.3) >>
-endobj
-80 0 obj
-(2.3 Memory Requirements)
-endobj
-81 0 obj
-<< /S /GoTo /D (section.2.4) >>
-endobj
-84 0 obj
-(2.4 Name Server Intensive Environment Issues)
-endobj
-85 0 obj
-<< /S /GoTo /D (section.2.5) >>
-endobj
-88 0 obj
-(2.5 Supported Operating Systems)
-endobj
-89 0 obj
-<< /S /GoTo /D (chapter.3) >>
-endobj
-92 0 obj
-(3 Name Server Configuration)
-endobj
-93 0 obj
-<< /S /GoTo /D (section.3.1) >>
-endobj
-96 0 obj
-(3.1 Sample Configurations)
-endobj
-97 0 obj
-<< /S /GoTo /D (subsection.3.1.1) >>
-endobj
-100 0 obj
-(3.1.1 A Caching-only Name Server)
-endobj
-101 0 obj
-<< /S /GoTo /D (subsection.3.1.2) >>
-endobj
-104 0 obj
-(3.1.2 An Authoritative-only Name Server)
-endobj
-105 0 obj
-<< /S /GoTo /D (section.3.2) >>
-endobj
-108 0 obj
-(3.2 Load Balancing)
-endobj
-109 0 obj
-<< /S /GoTo /D (section.3.3) >>
-endobj
-112 0 obj
-(3.3 Name Server Operations)
-endobj
-113 0 obj
-<< /S /GoTo /D (subsection.3.3.1) >>
-endobj
-116 0 obj
-(3.3.1 Tools for Use With the Name Server Daemon)
-endobj
-117 0 obj
-<< /S /GoTo /D (subsubsection.3.3.1.1) >>
-endobj
-120 0 obj
-(3.3.1.1 Diagnostic Tools)
-endobj
-121 0 obj
-<< /S /GoTo /D (subsubsection.3.3.1.2) >>
-endobj
-124 0 obj
-(3.3.1.2 Administrative Tools)
-endobj
-125 0 obj
-<< /S /GoTo /D (subsection.3.3.2) >>
-endobj
-128 0 obj
-(3.3.2 Signals)
-endobj
-129 0 obj
-<< /S /GoTo /D (chapter.4) >>
-endobj
-132 0 obj
-(4 Advanced DNS Features)
-endobj
-133 0 obj
-<< /S /GoTo /D (section.4.1) >>
-endobj
-136 0 obj
-(4.1 Notify)
-endobj
-137 0 obj
-<< /S /GoTo /D (section.4.2) >>
-endobj
-140 0 obj
-(4.2 Dynamic Update)
-endobj
-141 0 obj
-<< /S /GoTo /D (subsection.4.2.1) >>
-endobj
-144 0 obj
-(4.2.1 The journal file)
-endobj
-145 0 obj
-<< /S /GoTo /D (section.4.3) >>
-endobj
-148 0 obj
-(4.3 Incremental Zone Transfers \(IXFR\))
-endobj
-149 0 obj
-<< /S /GoTo /D (section.4.4) >>
-endobj
-152 0 obj
-(4.4 Split DNS)
-endobj
-153 0 obj
-<< /S /GoTo /D (subsection.4.4.1) >>
-endobj
-156 0 obj
-(4.4.1 Example split DNS setup)
-endobj
-157 0 obj
-<< /S /GoTo /D (section.4.5) >>
-endobj
-160 0 obj
-(4.5 TSIG)
-endobj
-161 0 obj
-<< /S /GoTo /D (subsection.4.5.1) >>
-endobj
-164 0 obj
-(4.5.1 Generate Shared Keys for Each Pair of Hosts)
-endobj
-165 0 obj
-<< /S /GoTo /D (subsubsection.4.5.1.1) >>
-endobj
-168 0 obj
-(4.5.1.1 Automatic Generation)
-endobj
-169 0 obj
-<< /S /GoTo /D (subsubsection.4.5.1.2) >>
-endobj
-172 0 obj
-(4.5.1.2 Manual Generation)
-endobj
-173 0 obj
-<< /S /GoTo /D (subsection.4.5.2) >>
-endobj
-176 0 obj
-(4.5.2 Copying the Shared Secret to Both Machines)
-endobj
-177 0 obj
-<< /S /GoTo /D (subsection.4.5.3) >>
-endobj
-180 0 obj
-(4.5.3 Informing the Servers of the Key's Existence)
-endobj
-181 0 obj
-<< /S /GoTo /D (subsection.4.5.4) >>
-endobj
-184 0 obj
-(4.5.4 Instructing the Server to Use the Key)
-endobj
-185 0 obj
-<< /S /GoTo /D (subsection.4.5.5) >>
-endobj
-188 0 obj
-(4.5.5 TSIG Key Based Access Control)
-endobj
-189 0 obj
-<< /S /GoTo /D (subsection.4.5.6) >>
-endobj
-192 0 obj
-(4.5.6 Errors)
-endobj
-193 0 obj
-<< /S /GoTo /D (section.4.6) >>
-endobj
-196 0 obj
-(4.6 TKEY)
-endobj
-197 0 obj
-<< /S /GoTo /D (section.4.7) >>
-endobj
-200 0 obj
-(4.7 SIG\(0\))
-endobj
-201 0 obj
-<< /S /GoTo /D (section.4.8) >>
-endobj
-204 0 obj
-(4.8 DNSSEC)
-endobj
-205 0 obj
-<< /S /GoTo /D (subsection.4.8.1) >>
-endobj
-208 0 obj
-(4.8.1 Generating Keys)
-endobj
-209 0 obj
-<< /S /GoTo /D (subsection.4.8.2) >>
-endobj
-212 0 obj
-(4.8.2 Signing the Zone)
-endobj
-213 0 obj
-<< /S /GoTo /D (subsection.4.8.3) >>
-endobj
-216 0 obj
-(4.8.3 Configuring Servers)
-endobj
-217 0 obj
-<< /S /GoTo /D (section.4.9) >>
-endobj
-220 0 obj
-(4.9 DNSSEC, Dynamic Zones, and Automatic Signing)
-endobj
-221 0 obj
-<< /S /GoTo /D (subsection.4.9.1) >>
-endobj
-224 0 obj
-(4.9.1 Converting from insecure to secure)
-endobj
-225 0 obj
-<< /S /GoTo /D (subsection.4.9.2) >>
-endobj
-228 0 obj
-(4.9.2 Dynamic DNS update method)
-endobj
-229 0 obj
-<< /S /GoTo /D (subsection.4.9.3) >>
-endobj
-232 0 obj
-(4.9.3 Fully automatic zone signing)
-endobj
-233 0 obj
-<< /S /GoTo /D (subsection.4.9.4) >>
-endobj
-236 0 obj
-(4.9.4 Private-type records)
-endobj
-237 0 obj
-<< /S /GoTo /D (subsection.4.9.5) >>
-endobj
-240 0 obj
-(4.9.5 DNSKEY rollovers)
-endobj
-241 0 obj
-<< /S /GoTo /D (subsection.4.9.6) >>
-endobj
-244 0 obj
-(4.9.6 Dynamic DNS update method)
-endobj
-245 0 obj
-<< /S /GoTo /D (subsection.4.9.7) >>
-endobj
-248 0 obj
-(4.9.7 Automatic key rollovers)
-endobj
-249 0 obj
-<< /S /GoTo /D (subsection.4.9.8) >>
-endobj
-252 0 obj
-(4.9.8 NSEC3PARAM rollovers via UPDATE)
-endobj
-253 0 obj
-<< /S /GoTo /D (subsection.4.9.9) >>
-endobj
-256 0 obj
-(4.9.9 Converting from NSEC to NSEC3)
-endobj
-257 0 obj
-<< /S /GoTo /D (subsection.4.9.10) >>
-endobj
-260 0 obj
-(4.9.10 Converting from NSEC3 to NSEC)
-endobj
-261 0 obj
-<< /S /GoTo /D (subsection.4.9.11) >>
-endobj
-264 0 obj
-(4.9.11 Converting from secure to insecure)
-endobj
-265 0 obj
-<< /S /GoTo /D (subsection.4.9.12) >>
-endobj
-268 0 obj
-(4.9.12 Periodic re-signing)
-endobj
-269 0 obj
-<< /S /GoTo /D (subsection.4.9.13) >>
-endobj
-272 0 obj
-(4.9.13 NSEC3 and OPTOUT)
-endobj
-273 0 obj
-<< /S /GoTo /D (section.4.10) >>
-endobj
-276 0 obj
-(4.10 Dynamic Trust Anchor Management)
-endobj
-277 0 obj
-<< /S /GoTo /D (subsection.4.10.1) >>
-endobj
-280 0 obj
-(4.10.1 Validating Resolver)
-endobj
-281 0 obj
-<< /S /GoTo /D (subsection.4.10.2) >>
-endobj
-284 0 obj
-(4.10.2 Authoritative Server)
-endobj
-285 0 obj
-<< /S /GoTo /D (section.4.11) >>
-endobj
-288 0 obj
-(4.11 PKCS \04311 \(Cryptoki\) support)
-endobj
-289 0 obj
-<< /S /GoTo /D (subsection.4.11.1) >>
-endobj
-292 0 obj
-(4.11.1 Prerequisites)
-endobj
-293 0 obj
-<< /S /GoTo /D (subsubsection.4.11.1.1) >>
-endobj
-296 0 obj
-(4.11.1.1 Building OpenSSL for the AEP Keyper on Linux)
-endobj
-297 0 obj
-<< /S /GoTo /D (subsubsection.4.11.1.2) >>
-endobj
-300 0 obj
-(4.11.1.2 Building OpenSSL for the SCA 6000 on Solaris)
-endobj
-301 0 obj
-<< /S /GoTo /D (subsubsection.4.11.1.3) >>
-endobj
-304 0 obj
-(4.11.1.3 Building OpenSSL for SoftHSM)
-endobj
-305 0 obj
-<< /S /GoTo /D (subsection.4.11.2) >>
-endobj
-308 0 obj
-(4.11.2 Building BIND 9 with PKCS\04311)
-endobj
-309 0 obj
-<< /S /GoTo /D (subsubsection.4.11.2.1) >>
-endobj
-312 0 obj
-(4.11.2.1 Configuring BIND 9 for Linux with the AEP Keyper)
-endobj
-313 0 obj
-<< /S /GoTo /D (subsubsection.4.11.2.2) >>
-endobj
-316 0 obj
-(4.11.2.2 Configuring BIND 9 for Solaris with the SCA 6000)
-endobj
-317 0 obj
-<< /S /GoTo /D (subsubsection.4.11.2.3) >>
-endobj
-320 0 obj
-(4.11.2.3 Configuring BIND 9 for SoftHSM)
-endobj
-321 0 obj
-<< /S /GoTo /D (subsection.4.11.3) >>
-endobj
-324 0 obj
-(4.11.3 PKCS \04311 Tools)
-endobj
-325 0 obj
-<< /S /GoTo /D (subsection.4.11.4) >>
-endobj
-328 0 obj
-(4.11.4 Using the HSM)
-endobj
-329 0 obj
-<< /S /GoTo /D (subsection.4.11.5) >>
-endobj
-332 0 obj
-(4.11.5 Specifying the engine on the command line)
-endobj
-333 0 obj
-<< /S /GoTo /D (subsection.4.11.6) >>
-endobj
-336 0 obj
-(4.11.6 Running named with automatic zone re-signing)
-endobj
-337 0 obj
-<< /S /GoTo /D (section.4.12) >>
-endobj
-340 0 obj
-(4.12 IPv6 Support in BIND 9)
-endobj
-341 0 obj
-<< /S /GoTo /D (subsection.4.12.1) >>
-endobj
-344 0 obj
-(4.12.1 Address Lookups Using AAAA Records)
-endobj
-345 0 obj
-<< /S /GoTo /D (subsection.4.12.2) >>
-endobj
-348 0 obj
-(4.12.2 Address to Name Lookups Using Nibble Format)
-endobj
-349 0 obj
-<< /S /GoTo /D (chapter.5) >>
-endobj
-352 0 obj
-(5 The BIND 9 Lightweight Resolver)
-endobj
-353 0 obj
-<< /S /GoTo /D (section.5.1) >>
-endobj
-356 0 obj
-(5.1 The Lightweight Resolver Library)
-endobj
-357 0 obj
-<< /S /GoTo /D (section.5.2) >>
-endobj
-360 0 obj
-(5.2 Running a Resolver Daemon)
-endobj
-361 0 obj
-<< /S /GoTo /D (chapter.6) >>
-endobj
-364 0 obj
-(6 BIND 9 Configuration Reference)
-endobj
-365 0 obj
-<< /S /GoTo /D (section.6.1) >>
-endobj
-368 0 obj
-(6.1 Configuration File Elements)
-endobj
-369 0 obj
-<< /S /GoTo /D (subsection.6.1.1) >>
-endobj
-372 0 obj
-(6.1.1 Address Match Lists)
-endobj
-373 0 obj
-<< /S /GoTo /D (subsubsection.6.1.1.1) >>
-endobj
-376 0 obj
-(6.1.1.1 Syntax)
-endobj
-377 0 obj
-<< /S /GoTo /D (subsubsection.6.1.1.2) >>
-endobj
-380 0 obj
-(6.1.1.2 Definition and Usage)
-endobj
-381 0 obj
-<< /S /GoTo /D (subsection.6.1.2) >>
-endobj
-384 0 obj
-(6.1.2 Comment Syntax)
-endobj
-385 0 obj
-<< /S /GoTo /D (subsubsection.6.1.2.1) >>
-endobj
-388 0 obj
-(6.1.2.1 Syntax)
-endobj
-389 0 obj
-<< /S /GoTo /D (subsubsection.6.1.2.2) >>
-endobj
-392 0 obj
-(6.1.2.2 Definition and Usage)
-endobj
-393 0 obj
-<< /S /GoTo /D (section.6.2) >>
-endobj
-396 0 obj
-(6.2 Configuration File Grammar)
-endobj
-397 0 obj
-<< /S /GoTo /D (subsection.6.2.1) >>
-endobj
-400 0 obj
-(6.2.1 acl Statement Grammar)
-endobj
-401 0 obj
-<< /S /GoTo /D (subsection.6.2.2) >>
-endobj
-404 0 obj
-(6.2.2 acl Statement Definition and Usage)
-endobj
-405 0 obj
-<< /S /GoTo /D (subsection.6.2.3) >>
-endobj
-408 0 obj
-(6.2.3 controls Statement Grammar)
-endobj
-409 0 obj
-<< /S /GoTo /D (subsection.6.2.4) >>
-endobj
-412 0 obj
-(6.2.4 controls Statement Definition and Usage)
-endobj
-413 0 obj
-<< /S /GoTo /D (subsection.6.2.5) >>
-endobj
-416 0 obj
-(6.2.5 include Statement Grammar)
-endobj
-417 0 obj
-<< /S /GoTo /D (subsection.6.2.6) >>
-endobj
-420 0 obj
-(6.2.6 include Statement Definition and Usage)
-endobj
-421 0 obj
-<< /S /GoTo /D (subsection.6.2.7) >>
-endobj
-424 0 obj
-(6.2.7 key Statement Grammar)
-endobj
-425 0 obj
-<< /S /GoTo /D (subsection.6.2.8) >>
-endobj
-428 0 obj
-(6.2.8 key Statement Definition and Usage)
-endobj
-429 0 obj
-<< /S /GoTo /D (subsection.6.2.9) >>
-endobj
-432 0 obj
-(6.2.9 logging Statement Grammar)
-endobj
-433 0 obj
-<< /S /GoTo /D (subsection.6.2.10) >>
-endobj
-436 0 obj
-(6.2.10 logging Statement Definition and Usage)
-endobj
-437 0 obj
-<< /S /GoTo /D (subsubsection.6.2.10.1) >>
-endobj
-440 0 obj
-(6.2.10.1 The channel Phrase)
-endobj
-441 0 obj
-<< /S /GoTo /D (subsubsection.6.2.10.2) >>
-endobj
-444 0 obj
-(6.2.10.2 The category Phrase)
-endobj
-445 0 obj
-<< /S /GoTo /D (subsubsection.6.2.10.3) >>
-endobj
-448 0 obj
-(6.2.10.3 The query-errors Category)
-endobj
-449 0 obj
-<< /S /GoTo /D (subsection.6.2.11) >>
-endobj
-452 0 obj
-(6.2.11 lwres Statement Grammar)
-endobj
-453 0 obj
-<< /S /GoTo /D (subsection.6.2.12) >>
-endobj
-456 0 obj
-(6.2.12 lwres Statement Definition and Usage)
-endobj
-457 0 obj
-<< /S /GoTo /D (subsection.6.2.13) >>
-endobj
-460 0 obj
-(6.2.13 masters Statement Grammar)
-endobj
-461 0 obj
-<< /S /GoTo /D (subsection.6.2.14) >>
-endobj
-464 0 obj
-(6.2.14 masters Statement Definition and Usage)
-endobj
-465 0 obj
-<< /S /GoTo /D (subsection.6.2.15) >>
-endobj
-468 0 obj
-(6.2.15 options Statement Grammar)
-endobj
-469 0 obj
-<< /S /GoTo /D (subsection.6.2.16) >>
-endobj
-472 0 obj
-(6.2.16 options Statement Definition and Usage)
-endobj
-473 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.1) >>
-endobj
-476 0 obj
-(6.2.16.1 Boolean Options)
-endobj
-477 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.2) >>
-endobj
-480 0 obj
-(6.2.16.2 Forwarding)
-endobj
-481 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.3) >>
-endobj
-484 0 obj
-(6.2.16.3 Dual-stack Servers)
-endobj
-485 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.4) >>
-endobj
-488 0 obj
-(6.2.16.4 Access Control)
-endobj
-489 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.5) >>
-endobj
-492 0 obj
-(6.2.16.5 Interfaces)
-endobj
-493 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.6) >>
-endobj
-496 0 obj
-(6.2.16.6 Query Address)
-endobj
-497 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.7) >>
-endobj
-500 0 obj
-(6.2.16.7 Zone Transfers)
-endobj
-501 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.8) >>
-endobj
-504 0 obj
-(6.2.16.8 UDP Port Lists)
-endobj
-505 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.9) >>
-endobj
-508 0 obj
-(6.2.16.9 Operating System Resource Limits)
-endobj
-509 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.10) >>
-endobj
-512 0 obj
-(6.2.16.10 Server Resource Limits)
-endobj
-513 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.11) >>
-endobj
-516 0 obj
-(6.2.16.11 Periodic Task Intervals)
-endobj
-517 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.12) >>
-endobj
-520 0 obj
-(6.2.16.12 Topology)
-endobj
-521 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.13) >>
-endobj
-524 0 obj
-(6.2.16.13 The sortlist Statement)
-endobj
-525 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.14) >>
-endobj
-528 0 obj
-(6.2.16.14 RRset Ordering)
-endobj
-529 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.15) >>
-endobj
-532 0 obj
-(6.2.16.15 Tuning)
-endobj
-533 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.16) >>
-endobj
-536 0 obj
-(6.2.16.16 Built-in server information zones)
-endobj
-537 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.17) >>
-endobj
-540 0 obj
-(6.2.16.17 Built-in Empty Zones)
-endobj
-541 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.18) >>
-endobj
-544 0 obj
-(6.2.16.18 Additional Section Caching)
-endobj
-545 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.19) >>
-endobj
-548 0 obj
-(6.2.16.19 Content Filtering)
-endobj
-549 0 obj
-<< /S /GoTo /D (subsubsection.6.2.16.20) >>
-endobj
-552 0 obj
-(6.2.16.20 Response Policy Zone \(RPZ\) Rewriting)
-endobj
-553 0 obj
-<< /S /GoTo /D (subsection.6.2.17) >>
-endobj
-556 0 obj
-(6.2.17 server Statement Grammar)
-endobj
-557 0 obj
-<< /S /GoTo /D (subsection.6.2.18) >>
-endobj
-560 0 obj
-(6.2.18 server Statement Definition and Usage)
-endobj
-561 0 obj
-<< /S /GoTo /D (subsection.6.2.19) >>
-endobj
-564 0 obj
-(6.2.19 statistics-channels Statement Grammar)
-endobj
-565 0 obj
-<< /S /GoTo /D (subsection.6.2.20) >>
-endobj
-568 0 obj
-(6.2.20 statistics-channels Statement Definition and Usage)
-endobj
-569 0 obj
-<< /S /GoTo /D (subsection.6.2.21) >>
-endobj
-572 0 obj
-(6.2.21 trusted-keys Statement Grammar)
-endobj
-573 0 obj
-<< /S /GoTo /D (subsection.6.2.22) >>
-endobj
-576 0 obj
-(6.2.22 trusted-keys Statement Definition and Usage)
-endobj
-577 0 obj
-<< /S /GoTo /D (subsection.6.2.23) >>
-endobj
-580 0 obj
-(6.2.23 managed-keys Statement Grammar)
-endobj
-581 0 obj
-<< /S /GoTo /D (subsection.6.2.24) >>
-endobj
-584 0 obj
-(6.2.24 managed-keys Statement Definition and Usage)
-endobj
-585 0 obj
-<< /S /GoTo /D (subsection.6.2.25) >>
-endobj
-588 0 obj
-(6.2.25 view Statement Grammar)
-endobj
-589 0 obj
-<< /S /GoTo /D (subsection.6.2.26) >>
-endobj
-592 0 obj
-(6.2.26 view Statement Definition and Usage)
-endobj
-593 0 obj
-<< /S /GoTo /D (subsection.6.2.27) >>
-endobj
-596 0 obj
-(6.2.27 zone Statement Grammar)
-endobj
-597 0 obj
-<< /S /GoTo /D (subsection.6.2.28) >>
-endobj
-600 0 obj
-(6.2.28 zone Statement Definition and Usage)
-endobj
-601 0 obj
-<< /S /GoTo /D (subsubsection.6.2.28.1) >>
-endobj
-604 0 obj
-(6.2.28.1 Zone Types)
-endobj
-605 0 obj
-<< /S /GoTo /D (subsubsection.6.2.28.2) >>
-endobj
-608 0 obj
-(6.2.28.2 Class)
-endobj
-609 0 obj
-<< /S /GoTo /D (subsubsection.6.2.28.3) >>
-endobj
-612 0 obj
-(6.2.28.3 Zone Options)
-endobj
-613 0 obj
-<< /S /GoTo /D (subsubsection.6.2.28.4) >>
-endobj
-616 0 obj
-(6.2.28.4 Dynamic Update Policies)
-endobj
-617 0 obj
-<< /S /GoTo /D (section.6.3) >>
-endobj
-620 0 obj
-(6.3 Zone File)
-endobj
-621 0 obj
-<< /S /GoTo /D (subsection.6.3.1) >>
-endobj
-624 0 obj
-(6.3.1 Types of Resource Records and When to Use Them)
-endobj
-625 0 obj
-<< /S /GoTo /D (subsubsection.6.3.1.1) >>
-endobj
-628 0 obj
-(6.3.1.1 Resource Records)
-endobj
-629 0 obj
-<< /S /GoTo /D (subsubsection.6.3.1.2) >>
-endobj
-632 0 obj
-(6.3.1.2 Textual expression of RRs)
-endobj
-633 0 obj
-<< /S /GoTo /D (subsection.6.3.2) >>
-endobj
-636 0 obj
-(6.3.2 Discussion of MX Records)
-endobj
-637 0 obj
-<< /S /GoTo /D (subsection.6.3.3) >>
-endobj
-640 0 obj
-(6.3.3 Setting TTLs)
-endobj
-641 0 obj
-<< /S /GoTo /D (subsection.6.3.4) >>
-endobj
-644 0 obj
-(6.3.4 Inverse Mapping in IPv4)
-endobj
-645 0 obj
-<< /S /GoTo /D (subsection.6.3.5) >>
-endobj
-648 0 obj
-(6.3.5 Other Zone File Directives)
-endobj
-649 0 obj
-<< /S /GoTo /D (subsubsection.6.3.5.1) >>
-endobj
-652 0 obj
-(6.3.5.1 The @ \(at-sign\))
-endobj
-653 0 obj
-<< /S /GoTo /D (subsubsection.6.3.5.2) >>
-endobj
-656 0 obj
-(6.3.5.2 The \044ORIGIN Directive)
-endobj
-657 0 obj
-<< /S /GoTo /D (subsubsection.6.3.5.3) >>
-endobj
-660 0 obj
-(6.3.5.3 The \044INCLUDE Directive)
-endobj
-661 0 obj
-<< /S /GoTo /D (subsubsection.6.3.5.4) >>
-endobj
-664 0 obj
-(6.3.5.4 The \044TTL Directive)
-endobj
-665 0 obj
-<< /S /GoTo /D (subsection.6.3.6) >>
-endobj
-668 0 obj
-(6.3.6 BIND Master File Extension: the \044GENERATE Directive)
-endobj
-669 0 obj
-<< /S /GoTo /D (subsection.6.3.7) >>
-endobj
-672 0 obj
-(6.3.7 Additional File Formats)
-endobj
-673 0 obj
-<< /S /GoTo /D (section.6.4) >>
-endobj
-676 0 obj
-(6.4 BIND9 Statistics)
-endobj
-677 0 obj
-<< /S /GoTo /D (subsubsection.6.4.0.1) >>
-endobj
-680 0 obj
-(6.4.0.1 The Statistics File)
-endobj
-681 0 obj
-<< /S /GoTo /D (subsection.6.4.1) >>
-endobj
-684 0 obj
-(6.4.1 Statistics Counters)
-endobj
-685 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.1) >>
-endobj
-688 0 obj
-(6.4.1.1 Name Server Statistics Counters)
-endobj
-689 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.2) >>
-endobj
-692 0 obj
-(6.4.1.2 Zone Maintenance Statistics Counters)
-endobj
-693 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.3) >>
-endobj
-696 0 obj
-(6.4.1.3 Resolver Statistics Counters)
-endobj
-697 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.4) >>
-endobj
-700 0 obj
-(6.4.1.4 Socket I/O Statistics Counters)
-endobj
-701 0 obj
-<< /S /GoTo /D (subsubsection.6.4.1.5) >>
-endobj
-704 0 obj
-(6.4.1.5 Compatibility with BIND 8 Counters)
-endobj
-705 0 obj
-<< /S /GoTo /D (chapter.7) >>
-endobj
-708 0 obj
-(7 BIND 9 Security Considerations)
-endobj
-709 0 obj
-<< /S /GoTo /D (section.7.1) >>
-endobj
-712 0 obj
-(7.1 Access Control Lists)
-endobj
-713 0 obj
-<< /S /GoTo /D (section.7.2) >>
-endobj
-716 0 obj
-(7.2 Chroot and Setuid)
-endobj
-717 0 obj
-<< /S /GoTo /D (subsection.7.2.1) >>
-endobj
-720 0 obj
-(7.2.1 The chroot Environment)
-endobj
-721 0 obj
-<< /S /GoTo /D (subsection.7.2.2) >>
-endobj
-724 0 obj
-(7.2.2 Using the setuid Function)
-endobj
-725 0 obj
-<< /S /GoTo /D (section.7.3) >>
-endobj
-728 0 obj
-(7.3 Dynamic Update Security)
-endobj
-729 0 obj
-<< /S /GoTo /D (chapter.8) >>
-endobj
-732 0 obj
-(8 Troubleshooting)
-endobj
-733 0 obj
-<< /S /GoTo /D (section.8.1) >>
-endobj
-736 0 obj
-(8.1 Common Problems)
-endobj
-737 0 obj
-<< /S /GoTo /D (subsection.8.1.1) >>
-endobj
-740 0 obj
-(8.1.1 It's not working; how can I figure out what's wrong?)
-endobj
-741 0 obj
-<< /S /GoTo /D (section.8.2) >>
-endobj
-744 0 obj
-(8.2 Incrementing and Changing the Serial Number)
-endobj
-745 0 obj
-<< /S /GoTo /D (section.8.3) >>
-endobj
-748 0 obj
-(8.3 Where Can I Get Help?)
-endobj
-749 0 obj
-<< /S /GoTo /D (appendix.A) >>
-endobj
-752 0 obj
-(A Appendices)
-endobj
-753 0 obj
-<< /S /GoTo /D (section.A.1) >>
-endobj
-756 0 obj
-(A.1 Acknowledgments)
-endobj
-757 0 obj
-<< /S /GoTo /D (subsection.A.1.1) >>
-endobj
-760 0 obj
-(A.1.1 A Brief History of the DNS and BIND)
-endobj
-761 0 obj
-<< /S /GoTo /D (section.A.2) >>
-endobj
-764 0 obj
-(A.2 General DNS Reference Information)
-endobj
-765 0 obj
-<< /S /GoTo /D (subsection.A.2.1) >>
-endobj
-768 0 obj
-(A.2.1 IPv6 addresses \(AAAA\))
-endobj
-769 0 obj
-<< /S /GoTo /D (section.A.3) >>
-endobj
-772 0 obj
-(A.3 Bibliography \(and Suggested Reading\))
-endobj
-773 0 obj
-<< /S /GoTo /D (subsection.A.3.1) >>
-endobj
-776 0 obj
-(A.3.1 Request for Comments \(RFCs\))
-endobj
-777 0 obj
-<< /S /GoTo /D (subsection.A.3.2) >>
-endobj
-780 0 obj
-(A.3.2 Internet Drafts)
-endobj
-781 0 obj
-<< /S /GoTo /D (subsection.A.3.3) >>
-endobj
-784 0 obj
-(A.3.3 Other Documents About BIND)
-endobj
-785 0 obj
-<< /S /GoTo /D (section.A.4) >>
-endobj
-788 0 obj
-(A.4 BIND 9 DNS Library Support)
-endobj
-789 0 obj
-<< /S /GoTo /D (subsection.A.4.1) >>
-endobj
-792 0 obj
-(A.4.1 Prerequisite)
-endobj
-793 0 obj
-<< /S /GoTo /D (subsection.A.4.2) >>
-endobj
-796 0 obj
-(A.4.2 Compilation)
-endobj
-797 0 obj
-<< /S /GoTo /D (subsection.A.4.3) >>
-endobj
-800 0 obj
-(A.4.3 Installation)
-endobj
-801 0 obj
-<< /S /GoTo /D (subsection.A.4.4) >>
-endobj
-804 0 obj
-(A.4.4 Known Defects/Restrictions)
-endobj
-805 0 obj
-<< /S /GoTo /D (subsection.A.4.5) >>
-endobj
-808 0 obj
-(A.4.5 The dns.conf File)
-endobj
-809 0 obj
-<< /S /GoTo /D (subsection.A.4.6) >>
-endobj
-812 0 obj
-(A.4.6 Sample Applications)
-endobj
-813 0 obj
-<< /S /GoTo /D (subsubsection.A.4.6.1) >>
-endobj
-816 0 obj
-(A.4.6.1 sample: a simple stub resolver utility)
-endobj
-817 0 obj
-<< /S /GoTo /D (subsubsection.A.4.6.2) >>
-endobj
-820 0 obj
-(A.4.6.2 sample-async: a simple stub resolver, working asynchronously)
-endobj
-821 0 obj
-<< /S /GoTo /D (subsubsection.A.4.6.3) >>
-endobj
-824 0 obj
-(A.4.6.3 sample-request: a simple DNS transaction client)
-endobj
-825 0 obj
-<< /S /GoTo /D (subsubsection.A.4.6.4) >>
-endobj
-828 0 obj
-(A.4.6.4 sample-gai: getaddrinfo\(\) and getnameinfo\(\) test code)
-endobj
-829 0 obj
-<< /S /GoTo /D (subsubsection.A.4.6.5) >>
-endobj
-832 0 obj
-(A.4.6.5 sample-update: a simple dynamic update client program)
-endobj
-833 0 obj
-<< /S /GoTo /D (subsubsection.A.4.6.6) >>
-endobj
-836 0 obj
-(A.4.6.6 nsprobe: domain/name server checker in terms of RFC 4074)
-endobj
-837 0 obj
-<< /S /GoTo /D (subsection.A.4.7) >>
-endobj
-840 0 obj
-(A.4.7 Library References)
-endobj
-841 0 obj
-<< /S /GoTo /D (appendix.B) >>
-endobj
-844 0 obj
-(B Manual pages)
-endobj
-845 0 obj
-<< /S /GoTo /D (section.B.1) >>
-endobj
-848 0 obj
-(B.1 dig)
-endobj
-849 0 obj
-<< /S /GoTo /D (section.B.2) >>
-endobj
-852 0 obj
-(B.2 host)
-endobj
-853 0 obj
-<< /S /GoTo /D (section.B.3) >>
-endobj
-856 0 obj
-(B.3 dnssec-dsfromkey)
-endobj
-857 0 obj
-<< /S /GoTo /D (section.B.4) >>
-endobj
-860 0 obj
-(B.4 dnssec-keyfromlabel)
-endobj
-861 0 obj
-<< /S /GoTo /D (section.B.5) >>
-endobj
-864 0 obj
-(B.5 dnssec-keygen)
-endobj
-865 0 obj
-<< /S /GoTo /D (section.B.6) >>
-endobj
-868 0 obj
-(B.6 dnssec-revoke)
-endobj
-869 0 obj
-<< /S /GoTo /D (section.B.7) >>
-endobj
-872 0 obj
-(B.7 dnssec-settime)
-endobj
-873 0 obj
-<< /S /GoTo /D (section.B.8) >>
-endobj
-876 0 obj
-(B.8 dnssec-signzone)
-endobj
-877 0 obj
-<< /S /GoTo /D (section.B.9) >>
-endobj
-880 0 obj
-(B.9 named-checkconf)
-endobj
-881 0 obj
-<< /S /GoTo /D (section.B.10) >>
-endobj
-884 0 obj
-(B.10 named-checkzone)
-endobj
-885 0 obj
-<< /S /GoTo /D (section.B.11) >>
-endobj
-888 0 obj
-(B.11 named)
-endobj
-889 0 obj
-<< /S /GoTo /D (section.B.12) >>
-endobj
-892 0 obj
-(B.12 named-journalprint)
-endobj
-893 0 obj
-<< /S /GoTo /D (section.B.13) >>
-endobj
-896 0 obj
-(B.13 nsupdate)
-endobj
-897 0 obj
-<< /S /GoTo /D (section.B.14) >>
-endobj
-900 0 obj
-(B.14 rndc)
-endobj
-901 0 obj
-<< /S /GoTo /D (section.B.15) >>
-endobj
-904 0 obj
-(B.15 rndc.conf)
-endobj
-905 0 obj
-<< /S /GoTo /D (section.B.16) >>
-endobj
-908 0 obj
-(B.16 rndc-confgen)
-endobj
-909 0 obj
-<< /S /GoTo /D (section.B.17) >>
-endobj
-912 0 obj
-(B.17 ddns-confgen)
-endobj
-913 0 obj
-<< /S /GoTo /D (section.B.18) >>
-endobj
-916 0 obj
-(B.18 arpaname)
-endobj
-917 0 obj
-<< /S /GoTo /D (section.B.19) >>
-endobj
-920 0 obj
-(B.19 genrandom)
-endobj
-921 0 obj
-<< /S /GoTo /D (section.B.20) >>
-endobj
-924 0 obj
-(B.20 isc-hmac-fixup)
-endobj
-925 0 obj
-<< /S /GoTo /D (section.B.21) >>
-endobj
-928 0 obj
-(B.21 nsec3hash)
-endobj
-929 0 obj
-<< /S /GoTo /D [930 0 R /FitH ] >>
-endobj
-933 0 obj <<
-/Length 240
-/Filter /FlateDecode
->>
-stream
-xڕ\x90OK�A�\xC5\xEF\xF3)rl�\x9BN2\xC9\xFC9Z\xAARA\xA127\xF1\xB0\xB4[)\xB8[\xBA\xD6\xEF\xEFlW˂^$\x900\xEF\xFD\x98y��[\x8A *Z\x97�B�TK
-\xDB\xD6Xx+޽\xA1oFԡ\x8As\xE5\xF0\x87[ �L\xC1+T\@�1M\xB1_8\xB1Eo=C\xA5B\xC8\xCC~\xC0\x97\xD9,�C��y�Ċ�\x83•˻\x97\xD9r\xFD\xB4\x9A\x97\x97\xEC,\x8D\xE3f\xD7�\xBA\xC3ǹ\xAF\xCF\xC7~\x94\x9E\x9B}\xD37ݶ\x99\xBF\xE6� a$/\xBE\xE4K�c\xBC\\xF3Xw\x9F\xF5\xFB\xE0\x9B\xDB|
-\xA7\xE21�'p\xAE\xE4\xF0qH�'`\xD4�\xF03\x8Bz\x9A\xFC\xDFڱ�y\xB1n VG\xB31\xB0\x99�\x9E0�7l(%t\xEE�[\xFE�M^X\xFAendstream
-endobj
-930 0 obj <<
-/Type /Page
-/Contents 933 0 R
-/Resources 932 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 939 0 R
->> endobj
-931 0 obj <<
-/Type /XObject
-/Subtype /Form
-/FormType 1
-/PTEX.FileName (./isc-logo.pdf)
-/PTEX.PageNumber 1
-/PTEX.InfoDict 940 0 R
-/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000]
-/BBox [0.00000000 0.00000000 612.00000000 792.00000000]
-/PieceInfo <<
-/Illustrator 941 0 R
->>
-/Resources <<
-/ColorSpace <<
-/CS0 942 0 R
->>/Properties <<
-/MC0 943 0 R
->>/ExtGState <<
-/GS0 944 0 R
->>>>
-/Length 843
-/Filter /FlateDecode
->>
-stream
-H\x89tUI\x8E$7�\xBC\xE7+\xF4\x81b\x8B\x8B\xB6\xABۆO�c\xE0\x83�P\xB0}\xA9�`\xDC\xFF��\xC1LU7\xD06
-\xC8T\xA4$.A�\xEB\xE5\xB7\xD7\xF2\xF2åµ–\x9F~~-Ç\xA3\x96\xB1\xACt\xB5r\xE3\xE2\x9F?\x8F?\xCA\xF7\xE3\xE5\xF5\xF7Z\xEEo\xA5\x8A�\xCFg\xE7sF)owl\xFF\x8A\xED\xBFߎ�EK\xC5O\x8B\xF5!\xDDZq\xBC[oQ\xEE\xDF�\xEE|;\xC2\xC5`\xB8\x96\xC7\xE1K\xA6GQ\x97\xB9\xF0\xB2\xB2$h�\xBF\xFB\xF1\xD7\xF1\xF5\x83=\xAFKZ\xF4U\xE0_*�O\x83\xB7!ˬè‰\xCF7\x9F\xD2*�WYL\xA2\x9BD\x87m\x89\xE6\xB0z\xE1[\x93\x98\x8A�n�\xE2>?|\xB0%6K�\x9D\xF8
-\x9B\xD8�i\xEA?\xC3Қ)0*\xBE߃2!}�j\xB4rS�\x85[�2�1Z\x93\xDEGA\xA8u�\xA3r\x95~\xEEω\xE3\xDEeT\xE4�\xB2�\x8E\x87\xA61'\xEF\x8D\xC7�I\x8C\x82HGG\x8A`\xB4kf�\xF2\xB8\x97wa\xB1F\xDAFBA[c)L\x874SzZ\x8AӼ\xC4\xD3SF\xAC\xE4DZ\xCAІ9\xF9\xB8>\xA0H\x8D���\xBA\xA1
-J\x82x�i\x86\xFEO\xE1@\xBD-M\x86x\xF4\xC9�\x82\xEE\xB3�_\xA8OC8\xB3\xC4:�JXl\xA00$\x87(��\x95v\xE0\xAA~FC\xAC�\x9Em�\x86\xA2\xCBj\xA34QzÐŒT\xB3�\xAB\xB4$�\xD9�\x82\xB1\xB3 \xA0\xAC\x91�\xEE5��\xDE[\x9A\xB8��F\xDA3f\xF6�\xF2\xF9\x88ÏAk\x80\xA5�\xFBl0,\xA5\xB7'�XIo�\xCFy*\xE6#A\x9E\x87?+E#;\x99J\xB9\x96\xBAp\x94UQ\x96\xA7\xC2<
-F
-\x91\xE5Re\x81B�C��[\xAC\xD0W\xE7z�%A��2׹N\xF4\xD8�V\x9A\x91\xE6
-BqÕ•l9u\x9A × ^��D�5 � \x99]\xC0S\x97\xF7\xE3\x82H\xAF\x81X4�\xBE\xA2o\xC6\xD8 �\x8C\xC9\xC6\xDE�\xF5cU\xD1r\xCE�\xA3e\xA9\xFAx"�E]\xE6\x86`\xA6غ:Ac\xC1�Ѷ\xD3}\xB8o\xFCxb\x88���\xD2\xE9t�\x9E^\x82fO\x84\x80P\xC8\xFA\xC4\xD9t\x93\xCD\xDA1�6
-Ì‹<{a\x98\xEF\xBA\xF5�4\xD6\xD8(\xAE)tAtR�\xF7\xB4�[�bvL\xB7>\xB3o\xA0[Õ³\xFC\x98�\x93\xD3�\xD3�\x96�\xB2\AY\x9F`I\xF5\xCC\x{144209}sz\xA3\x93$\x8C\x89�\xFD\x9D\xC1\x98\x98IO
-!=�\xA7\xA0\xA8�\x8C�\xF8\x86vGc \xA3I#/'~<1\x82\xC0\xD4�RPy\xB1\xB4\xFDl�1\xBD�Ͷw1 чd
-
-}\xA1�\xFE�a #f\xDF\xCB\xFE\xDAF\xAFރ\xC7Y}\xEFA\xF4
-\xCB9b \x90:\x9E\xCE\xDEF"�\x8B�>64\x94~0IGD\x98�\xCB�ذ��$�\xD9tM\xE2\xAF%Z\xBDG\xF0\xBE\xA5\xDA\xF1\xA7a\x90\xD1̑�I\xBC�\xFD\x97/\xF8�\xFDz\xFC+\xC0 0�huendstream
-endobj
-940 0 obj
-<<
-/CreationDate (D:20100303120319-08'00')
-/Creator (Adobe Illustrator CS3)
-/Producer (Adobe PDF library 8.00)
-/ModDate (D:20100412113401-07'00')
-/Title (ISC_logo_only_RGB)
->>
-endobj
-941 0 obj
-<<
-/Private 945 0 R
-/LastModified (D:20100412113400-07'00')
->>
-endobj
-942 0 obj
-[/ICCBased 946 0 R]
-endobj
-943 0 obj
-<<
-/Intent 947 0 R
-/Usage 948 0 R
-/Name (Layer 1)
-/Type /OCG
->>
-endobj
-944 0 obj
-<<
-/OPM 1
-/BM /Normal
-/CA 1
-/OP false
-/SMask /None
-/ca 1
-/AIS false
-/op false
-/Type /ExtGState
-/SA true
->>
-endobj
-945 0 obj
-<<
-/RoundtripVersion 13
-/ContainerVersion 11
-/CreatorVersion 13
-/AIMetaData 949 0 R
-/AIPrivateData1 950 0 R
-/AIPrivateData2 951 0 R
-/AIPrivateData3 952 0 R
-/AIPrivateData4 953 0 R
-/AIPrivateData5 954 0 R
-/NumBlock 5
-/RoundtripStreamType 1
->>
-endobj
-946 0 obj
-<<
-/Length 281
-/Filter /FlateDecode
-/N 3
->>
-stream
-H\x89b``2ptqre�``\xC8\xCD+)
-rwR\x88\x88\x8CR`?\xCF\xC0\xC6\xC0\xCC �\x89\xC9\xC5�\x8E��> v^~^*��\xF8v\x8D\x81�D_\xD6�\x99\x85)\x8F�p%��\x95 \xE9?@l\x94\x92Z\x9C\xCC\xC0\xC0h dg\x97\x97� \xC5�\xE7 \xD9"I\xD9`\xF6��\xBB($\xC8�\xC8>�d\xF3\xA5C\xD8W@\xEC$�\xFB \x88]�\xF4�\x90\xFD�\xA4>�\xCCf\xE2 \x9B�aˀ\xD8%\xA9� {�\x9C\xF3�*\x8B2\xD33J��---��S\xF2\x93R�\x82+\x8BKRs\x8B�<\xF3\x92\xF3\x8B
-\xF2\x8B�KRS\x80j!\xEE��A\x88BP\x88i 5Zh\x92\xE8o\x82 ���\xD6\xE7 at p\xF82\x8A\x9DA\x88!@riQ�\x94\xC9\xC8dL\x98\x8F0c\x8E��\x83\xFFR��\x96?�1\x93^�\x86�:��\xFCS�bj\x86���\xFA��\xFB\xE6 �� \xC0\xC6O\xFDendstream
-endobj
-947 0 obj
-[/View/Design]
-endobj
-948 0 obj
-<<
-/CreatorInfo <<
-/Subtype /Artwork
-/Creator (Adobe Illustrator 13.0)
->>
->>
-endobj
-949 0 obj
-<<
-/Length 981
->>
-stream
-%!PS-Adobe-3.0
-%%Creator: Adobe Illustrator(R) 13.0
-%%AI8_CreatorVersion: 13.0.2
-%%For: (Brian Reid) ()
-%%Title: (ISC_logo_only_RGB.ai)
-%%CreationDate: 4/12/10 11:34 AM
-%%BoundingBox: 247 367 366 413
-%%HiResBoundingBox: 247.0869 367.5654 365.0859 412.583
-%%DocumentProcessColors: Cyan Magenta Yellow Black
-%AI5_FileFormat 9.0
-%AI12_BuildNumber: 434
-%AI3_ColorUsage: Color
-%AI7_ImageSettings: 0
-%%RGBProcessColor: 0 0.658824 0.8 (ISC logo blue)
-%%+ 0.372549 0.376471 0.384314 (PANTONE 425 U)
-%%+ 0 0 0 ([Registration])
-%AI3_TemplateBox: 306.5 395.5 306.5 395.5
-%AI3_TileBox: 18 33.1201 594 786.96
-%AI3_DocumentPreview: None
-%AI5_ArtSize: 612 792
-%AI5_RulerUnits: 3
-%AI9_ColorModel: 1
-%AI5_ArtFlags: 0 0 0 1 0 0 0 0 0
-%AI5_TargetResolution: 800
-%AI5_NumLayers: 1
-%AI9_OpenToView: -381 793 0.92 1268 743 26 0 0 117 75 0 0 1 1 1 0 1
-%AI5_OpenViewLayers: 7
-%%PageOrigin:0 0
-%AI7_GridSettings: 72 8 72 8 1 0 0.8 0.8 0.8 0.9 0.9 0.9
-%AI9_Flatten: 1
-%AI12_CMSettings: 00.MS
-%%EndComments
-endstream
-endobj
-950 0 obj
-<<
-/Length 11082
->>
-stream
-%%BoundingBox: 247 367 366 413
-%%HiResBoundingBox: 247.0869 367.5654 365.0859 412.583
-%AI7_Thumbnail: 128 52 8
-%%BeginData: 10932 Hex Bytes
-%0000330000660000990000CC0033000033330033660033990033CC0033FF
-%0066000066330066660066990066CC0066FF009900009933009966009999
-%0099CC0099FF00CC0000CC3300CC6600CC9900CCCC00CCFF00FF3300FF66
-%00FF9900FFCC3300003300333300663300993300CC3300FF333300333333
-%3333663333993333CC3333FF3366003366333366663366993366CC3366FF
-%3399003399333399663399993399CC3399FF33CC0033CC3333CC6633CC99
-%33CCCC33CCFF33FF0033FF3333FF6633FF9933FFCC33FFFF660000660033
-%6600666600996600CC6600FF6633006633336633666633996633CC6633FF
-%6666006666336666666666996666CC6666FF669900669933669966669999
-%6699CC6699FF66CC0066CC3366CC6666CC9966CCCC66CCFF66FF0066FF33
-%66FF6666FF9966FFCC66FFFF9900009900339900669900999900CC9900FF
-%9933009933339933669933999933CC9933FF996600996633996666996699
-%9966CC9966FF9999009999339999669999999999CC9999FF99CC0099CC33
-%99CC6699CC9999CCCC99CCFF99FF0099FF3399FF6699FF9999FFCC99FFFF
-%CC0000CC0033CC0066CC0099CC00CCCC00FFCC3300CC3333CC3366CC3399
-%CC33CCCC33FFCC6600CC6633CC6666CC6699CC66CCCC66FFCC9900CC9933
-%CC9966CC9999CC99CCCC99FFCCCC00CCCC33CCCC66CCCC99CCCCCCCCCCFF
-%CCFF00CCFF33CCFF66CCFF99CCFFCCCCFFFFFF0033FF0066FF0099FF00CC
-%FF3300FF3333FF3366FF3399FF33CCFF33FFFF6600FF6633FF6666FF6699
-%FF66CCFF66FFFF9900FF9933FF9966FF9999FF99CCFF99FFFFCC00FFCC33
-%FFCC66FFCC99FFCCCCFFCCFFFFFF33FFFF66FFFF99FFFFCC110000001100
-%000011111111220000002200000022222222440000004400000044444444
-%550000005500000055555555770000007700000077777777880000008800
-%000088888888AA000000AA000000AAAAAAAABB000000BB000000BBBBBBBB
-%DD000000DD000000DDDDDDDDEE000000EE000000EEEEEEEE0000000000FF
-%00FF0000FFFFFF0000FF00FFFFFF00FFFFFF
-%524C45FD1F52285252A8FD04FFFD05A8FFFFFFA87DFD4F52285252522852
-%525228525252285252522852525228525252285252522852277DA8FFFFA8
-%7D7D525227FD04527DA8FFFFA85252275252522852525228525252285252
-%522852525228525252285252522852525228525252285252522852525228
-%525252285252522852525228525!
25228525252285252522852525228FD21
-%52A8FFFF7D7D525227FD0752275252A8FFFF7DFD215227FD2A522E522752
-%2E5227522E5227522E5227522E5227522E5227522E5227527DFFFFA85252
-%27522E5227522E5227522E5227522752A8FF7D5227522E5227522E522752
-%2E5227522E5227522E5227522E5227522E522752277D7D7D275227522E52
-%27522E5227522E5227522E5227522E5227522E5227522E5227522E522752
-%2E5227FD1A52277DA8FFA87D2EFD11522E527DFFA853FD1D52A8FFFFFF7D
-%28FD285228525252285252522852525228525252285252522852277DFFFF
-%7D522752525228525252285252522852525228525252275252FFA8522752
-%285252522852525228525252285252522852525228525252277DFFA852A8
-%FF5227525252285252522852525228525252285252522852525228525252
-%285252522852525228FD1852277DFFFFFD1B52FFA8FD1A527DFFA8275252
-%FF7DFD265227522E5227522E5227522E5227522E5227522E522752277DFF
-%FF525227522E5227522E5227522E5227522E5227522E5227522E52275252
-%FFA852275227522E5227522E5227522E5227522E5227522E522752A8A827
-%522E527DA9275227522E5227522E5227522E5227522E5227522E52275227
-%5227522E5227522E5227522EFD17527DFFA8FD1E527DFFA8FD17527DFFFD
-%0452287DFFFD155228FD075228FD08522852525228525252285252522852
-%5252285252522852527D2752525228525252285252522852525228525252
-%2852525228525252285252527DFF7D522852525228525252285252522852
-%525228FD0452FF7D5228FD0452FF52522852525228525252285252522752
-%2752527DA1A8A8FFCACFA8CAA17D5252275228FD3C52A8FFFD145228A8FF
-%53FD0652FFA82EFD0C527D7DCAFD04FFAFAF85AF85AFAFFFFFFFA87DFD05
-%522E5227522E5227522E5227522E5227522E5227522E5227522E5227522E
-%5227522E5227522E5227522E5227522E5227522E5227522E5227522752A8
-%FF275227522E5227522E5227522E5227522E522752FFA827522E5227522E
-%FF7D522E5227522E522752275252A8FFFFAFAF603CFD041413FD04143C60
-%AFFFFF535227FD3A52277DFFA827FD11527DFFFD0852A8FFFD0952A8CFFF
-%FFAF3C3D1414141A141A141A141A141A14141461AFFFA8FD045228525252
-%285252522852525228525252285252522852525228525252285252522852
-%5252285252522852525228525252285252522852525227A8FF5227525252
-%2852525228525252285252522EFFA85227525252285228A87D5252522852
-%27527DFFFFAF603CFD07141A1414141A1414141AFD041460FFA8FD3D52!
FF
-%A8FD10527DFF7DFD0F527DFFFFA9611414141A141A141A141A141A141A14
-%1A141A141A141A14143CFFA827522E5227522E5227522E5227522E522752
-%2E5227522E5227522E5227522E5227522E5227522E5227522E5227522E52
-%27522E5227522E5227522E527DFF525227522E5227522E5227522E522752
-%A8FF27522E5227522E5227522852275252A8FFFF3C1413FD191436FFFD3C
-%5259FFA828FD0E52FF7DFD0D527DFFFF8B1414141A141A141A141A141A14
-%1A141A141A141A141A141A141A141A141460285252522852525228525252
-%285252522852525228525252275227522752275227525252285252522852
-%52522852525228525252285252522852525227A8FF7D2752525228525252
-%2852525227A8FF52275252522852525228522752A8FFA93CFD05141A1414
-%141A1414141A1414141A1414141A1414141A1414141A1414FD1552285252
-%7D527D597D527DFD065227FD1852FFA8FD0D52FFFFFD0A52277DFFFF601A
-%141A141A141A141A141A141A141A141A141A141A141A141A141A141A141A
-%141A142E5227522E5227522E5227522E5227522752527D7DA8A8FD09FFA8
-%FFA8A87D532852275227522E5227522E5227522E5227522E5227522E527D
-%FF525227522E5227522E52275252FF7D522E5227522E522752277DFFFF36
-%FD2314FD0E527D7DFD07FFA8A87DA87DA87DFD04A8FD05FFA87DFD15527D
-%FFA827FD0A52A8FF7DFD0952A8FFAF1414141A141A141A141A141A141A14
-%1A141A141A141A141A141A141A141A141A141A141A145252285252522852
-%525227527DA8FFFFFFA87D7D52522752275227522752275227522752527D
-%A8FFFFFFA87E52522752525228525252285252522852525227A8FF522752
-%5252285252522752FFA8275252522852525227A8FF85FD05141A1414141A
-%1414141A1414141A1414141A1414141A1414141A1414141A1414141AFD07
-%52275253A8FFFFFFA8FD045227FD0F522EFD04527D7DFFFFFFA87DFD1052
-%7DFF7DFD0A52FF7DFD0852A8FF8B1414141A141A141A141A141A141A141A
-%141A141A141A141A141A141A141A141A141A141A141A1427522E52275227
-%7DA8FFFFA85252275227522E5227522E5227522E5227522E5227522E5227
-%522E52275227527DFFFFFF7D52275227522E5227522E5227522752A8A827
-%5227522E52275227A8FF5227522752525227A8FF6113FD2714FD0652A8FF
-%FF7D7D28FD22527DA8FFFF7DFD0C5227A8FF7DFD0852A8FFFD06522EA8FF
-%61141A141A141A141A141A141A141A141A141A141A141A141A141A141A14
-%1A141A141A141A141A141A14285227527DFFFF7D52522752285252522852
-%52522852525228525252285252!
5228525252285252522852525228522752
-%52FFFFA8525228522852525228FD0452FF7D5228525252285252FF7D5252
-%52285227A8FF611414141A1414141A1414141A1414141A1414141A141414
-%1A1414141A1414141A1414141A1414141A141452277DFFFFA87D28FD2952
-%287DFFFF7EFD0B52A8FFFD065227A8FF7D2752525227A8FF8B141A141A14
-%1A141A141A141A141A141A141A141A141A141A141A141A141A141A141A14
-%1A141A141A141A1428A8FFFF525227522E5227522E5227522E5227522E52
-%27522E5227522E5227522E5227522E5227522E5227522E5227522E522752
-%7DFFA87D275227522E522752277EFF52275227522852A8FF52522752277D
-%FF8BFD121413FD0F1413FD0914FFFFA8FD3352FFFFA8FD0952FF7DFD0652
-%FFA8FD04527DFFAF141A141A141A141A141A141A141A141A141A14613C3C
-%141A141A141A141A141A141A143D3C3C141A141A141A14FF7D2752525228
-%525252285252522852525228525252285252522852525228525252285252
-%522852525228525252285252522852525227A8FFA8FD045228525252A8A8
-%27522852277DFF7D27522752A8FFFD051461A9AF848B1414141A141436AF
-%AFFFFFFFAFAF36FD04141A14141461A9FFAFFFAFAF601A1414141A7D2EFD
-%3552277DFFFFFD0752A8FFFD05527DFFFD04527DFF3C14141A141484FFFF
-%FFAF1A141A141A85FD09FF841A141A141A14AFFD08FF841A141A1427522E
-%5227522E5227522E5227522E5227522E5227522E5227522E5227522E5227
-%522E5227522E5227522E5227522E5227522E5227522E52277DA8FF52522E
-%5227527DFF52522E5227FFA852275252FF60FD061485FFFFFFAFFD041460
-%FD0BFF36FD0414AFFD0AFF60141414FD3A5253FFFF7DFD04527DFFA85252
-%527DFFA8285252FFAF1A141A141A141A84FFFFFFAF3D141A14FD05FF603D
-%60FD04FFAF141A1461FD04FFA96136AFFD04FF141A142852525228525252
-%285252522852525228525252285252522852525228525252285252522852
-%52522852525228525252285252522852525228522752A8FF5252285252FF
-%A8FD0452FF7D5227A8FF3C141AFD051485FFFFFFAF14141460FD04FF3614
-%141460FFFFFFA91A141484FFFFFFA91A141414FD04FF611414FD3D52A8FF
-%FD0452A8FF525228A8FF7D277DFF8B141A141A141A141A85FFFFFFAF1A14
-%1A60FD04FF3C141A1461FD04FF141A14FD04FF8B141A141AAFFFFFFF601A
-%142E5227522E5227522E5227522E5227522E5227522E5227522E5227522E
-%5227522E5227522E5227522E5227522E5227522E5227522E5227522E5227
-%522752A8FF5252277DFF7D2752A8FF2752A8FFFD08141385FFFFFFAF1!
414
-%1361FD04FF36FD04148584856014133CFD04FF60FD0414FD04FF851314FD
-%3D52287DFFFF525252FF7D5252FFA8527DFF3C1A141A141A141A141A85FF
-%FFFFAF1A141A60FD04FFAF141A141A141A141A141A3CFD04FF61141A141A
-%3C616061361A145252285252522852525228525252285252522852525228
-%525252285252522852525228525252285252522852525228525252275252
-%522752525228525252277DFF7E2752FFA82753FF7E27FFA914141A141414
-%1A1414148BFFFFFFAF1414143CAFFD04FFAFFD091461FD04FF3614141AFD
-%07141AFD2B522852285227FD075227FD075227A8FF7D27FFA8527DFF7D7D
-%FF3D141A141A141A141A141484FFFFFFA91A141A1485FD06FF603C141A14
-%1A14143CFD04FF61141A141A141A141A141A1427522E5227522E5227522E
-%5227522E5227522E5227522E5227522E5227522E5227522E522752275227
-%FD04527D7DA8A8FFA8FFA8FFA8A87D7D52522752275227FFA8527DFF277D
-%FF52A8AF13FD0A1485FFFFFFAFFD0414138BFD06FFA860FD05143CFD04FF
-%36FD0B14FD2852A8A8FD07FFA8FFA8FFA8FD06FFA87D5227527DFF7D7DFF
-%7DA8FF7DFF3C1A141A141A141A141A141A84FFFFFFAF3D141A141A148BFD
-%07FF8B141A141A3CFD04FF61141A141A141A141A141A1428525252285252
-%522852525228525252285252522852525228525252285252522752275252
-%A8A8FFFFFFA8A87D7DFD065227FD04527D7DA8FFFFA87D2752A8FF52FF7D
-%A8A8CAA914141A1414141A1414141A1485FFFFFFAFFD071460A8FD06FF8B
-%1414143CFD04FF36FD04141A1414141A1414FD2252A8FD04FF7D7D525228
-%5227FD0B52275252527DFFFFFF5253FFA8A8A8FFA8FF61141A141A141A14
-%1A141A141A85FFFFFFAF1A141A141A141A141A60FD06FF85141A3CFD04FF
-%61141A141A141A141A141A142E5227522E5227522E5227522E5227522E52
-%27522E5227522E5227522752277DA8FFFFA859522752275227522E522752
-%2E5227522E5227522E5227522752277DA8FF7DA8FFFFA8FFFFAFFD0C1413
-%85FFFFFFAFFD061413FD0414AFFD04FFA9141360FD04FF36FD051413FD05
-%14FD1D527DFFFFFF7D7DFD1E52A8FFA8FD05FF601A141A141A141A141A14
-%1A141A85FFFFFFAF1A141A143D363D141A141A14FD05FF3C1A3CFD04FF61
-%141A141A60AF85AF601A1452522852525228525252285252522852525228
-%52525228525252277DFFFFA87D2E52275252522852525228525252285252
-%52285252522852525228525252285228527DFD06FF3C141A1414141A1414
-%141A1414148BFFFFFFAF141414AFFFFFAF8BFD04143CFD04FF3C143CFD04
-%FF60FD04148BFFFFFFAF1414F!
D1752285259FFFFA9525227FD2352A8FD04
-%FFAF141A141A141A141A141A141A141484FFFFFFA91A141484FFFFFFA91A
-%141A1461FD04FF3C1414FD04FF8B141A141AA9FFFFFF85141427522E5227
-%522E5227522E5227522E5227522E52275227527DFFA87D27522E5227522E
-%5227522E5227522E5227522E5227522E5227522E5227522E5227522E5227
-%522752A8FFFFFF60FD0E1485FFFFFFAF14141485FD04FFFD041436FD04FF
-%3C141484FFFFFFA8FD0414FD04FF611414FD16527DFFFF7D5228FD275227
-%A8FFFFFF3D141A141A141A141A141A141A141A84FFFFFFAF3D141460FD04
-%FFAF363C3CFD05FF141A1461FD04FF853C148BFD04FF3C1A142752275227
-%52275227522752275227522752275227A8FFA82852275227522752275227
-%522752275227522752275227522752275227522752275227522752275227
-%52275252FFFFAFFD0F1485FFFFFFAFFD0414A8FD05FFAFFD05FF36FD0414
-%AFFD0AFF841414147D527D527D527D527D527D527D527D527D527D52A8FF
-%FF527D527D527D527D527D527D527D527D527D527D527D527D527D527D52
-%7D527D527D527D527D527D527D527D527DA8FF853C363D3C3C363D3C3C36
-%3D3C3C363D85FFFFFFAF3D363D3685FD0AFFAF3C363D3C3C60FD0AFF6136
-%3D3CFD16FFA8FD49FFAFFD11FFAFFD09FFAFFFFFFF
-%%EndData
-endstream
-endobj
-951 0 obj
-<<
-/Length 65536
->>
-stream
-%AI12_CompressedDatax\x9C\xEC\xBD\xEB\x8E]Iv&\xF6�\xE7�\xD2?�t\x8FM*î—¶1@\xE6\xC9LY�%5\xBA[�� @\xB1\xA8�\xC7E\xB2\xC1\xAA\x92\xDC~z\xC7Z\xEB\xFBV\xECs2Y]7\x8F\xC6@\xE7�\x93\x99+\xF7\x89�;"\xD6\xFD\xF6�\xFFÓ¯\xFB\xE2\xF6Ë\xFF\xFC\xF6E~�nN\xF1�\xE7Oo_\xF3\xF1Ó¯n�z\xF3\xD7_}\xF5\xED\xD7\xDF|�\xD0/~\xF3Ë›\xB8\xEEZ7\xDD\xFE\xF5\xF8�7\xFE\xC3\xDBO_\xBF\xFB\xF8\xE1W\xFA\xA7\x97i\xFD\xF1Q>\xFD\x8B\xBBO\xEF^\xB8\xF9\xCD\xDBw_\xFE\xF2\xE6�\xBF\\xE0ß½\xFBæ«·\xEB�\xFD\xDB\xF3�_}\xFC\xFD\xC7/>~\xF8\xEA\x8F_\xFC\xE6\xAF\xEE^\xBE~\xF7K>x\x8Dt\xFF\xFA\x9Bu[\xF9˘\xFE2\x86\x9B�\x95\xCB\xCD\xED߬�\xEE>~\xFB\xE1\xCBw�~\xF7\xF1\xFF\xFE\xD5M*\xFD&7\xF9\xD7nJ\xCC\xEB\xCF\xFF\xFB\xBBß¼\xFD\xFA\xFA\x9E\x97a\xB4)7\xBE\xAC\xAD\x96\xF5C]\x90:\xD7G\xD2\xCB:\xE4c\xF7�\xDF|\xFB\xFE\xED\x87o~\xFD\xE9ã›·_}\xFE\xF8\xD5\xC7O_\xFF\xEA\xE6\xFC\xC75\xFB\xBFy\xFD\xFB\xF5\x97\xD77\xFF\xE7Û¯\xBE\xFA\xF8\xEF7w_\xBD~\xF3\x9D\xD6\xCB\xD7/�\xDF}\xF5v\xBD\xE7\xFB\xD7\xDF\xDCLY\x91Û¿\x8Eé‹»o\xDF}\xF5\xE5\xDF~\xFB\xFE\x9Fß®�(\xB9�8\xA1#\xFE\xFD\xD7k\xA85\xAA\xFC,\xE0\xFE\xC5_\xBF_\x90ß¾\xFD\xE6\x9B5\xDB\xF5<YÕµ�\xC7Y,\xE0Mx\xD9\xEA�\xA9\xAC�\x86.Ý,\xDD\xCD?\xF5\xED[Y\xB3\xFFy\xC1sO\xB5L\xFD\xA1\x95�\xE5\x87Qr,7\xBF\xF8\xF5\xED\xDF\xFE\xEE\xEF\xFE\xF6ᦤz\xF3\xF7\xB8]\xAF_\xFC\xD3o\xDE\xFE\xFE\x9Dn\xEBZ\xF0\xFF\xFAK\x9B\xE8\xEFÞ¾\xFF\xC3Wk\xF1u\xEDrh/\xEBM\x9EU\xBE\xEF\x9Fq\xE7z{\xBD+\x8E\x9B\x9C_\xC6�\xE2M\x9Då¦\xF6r6\xBBg\xAF\xEB\xDB{\xF7\xF6\xDFu\xF3\xB7�?\xBC\xB5Å»\xFD\xF4\xCDo\xDF\xFD?k9ZL7}&\x83\xFE\xE6Û¯\xDE~\xFA\xFB�\xEF\xBEY\xAB\x91�4m\xE9\xFE\xE6\xE3\x97o\xBFZ\x8F\xF2\xCF>~\xF5ZWL\xAF\x88\xFF\xC3M\xB0�~\xF7\xFA\xD3\xEF\xDF~\xB3\x8E\xC2ǯ\xBE\xFDF�\xE6�\xF8\xD3ÚšW\xAF\xFF\xF8V\xB67\xDA�\xFE\xEE�o?\xFC\xEE\xE3?\xE8\xFC^\xE4�\xD7l\xF2Z\xC0\x99nbj㦗|\x93\x9A='\xF6\x9B^\xF1Ȩ\x8FÅŒd��\x81C\xF7\xB5п^{\xFBw\x9F\xDE\xFD\xFE݇_ab\xFD\x8B\xBF\xFA\xF4\xEE˽\xDF=\xDD�\xFB\xA6o\xB0vw\xFF\x9B\xFCg\x93\\xEF\xFB\xCD7o?`\xD2ëœ\xFF\xE6pn\xC2Ë¿\xF9\xEDz\xE2Ç/\xCF�\xDFË‚-\xA8\xB2\xB6\xF7\xC3:K\xEB\xB0\xD8\xDF\xFCg\xFD\xCB\xFA\xF8\xB7\xB0!
\xD9\xEB\xEF_\xAC\xBD\xF9\xF5\xA7w�d\xCC\xD3\xDF\xEA_\xC6�\xBF\xFE\xEA\xDB\xF5\xA7\xBF\xFA\xF4\xF1\xDB?\xFC\xF5\x87\xF9x\xFA\x85�\x84_\xBF\xFE\xE6_�&\xBC\xFD\xF0\xE5\xD7�\xB1
-f\xBF\xDE\xD8'�\xF4ջ{k\xB0\x85\xDB\xF8\xE5w\x8E\xF7\xBBO\xAF߬\xC7\xDE\xFC\xDD?\xFF\xB7\xB7o\xBEY��`\xFF\xF4\xDBo\xDF}\xF3\xF6O�\xF4\xDB7\xB2L\x9Fn\xEE>}\xFB\xF5\xBF\xDE\xFC\xEE\xE3ǯ|~\x97\xF2i�\xACP\xB9\xFF\x8Cg\xFCZ?\xF0\xE1\xEF>\xD8J?}�n\xB8~\xD2Œ\xFFឲ\xEE\xFE\xFC�\xD6�\xFFG�\xFD\xFC\xFA\xAB\xAF\xDE\xFD\xFE\xD3\xEB?\xFC\xEB\xBB7\xCF=\xE0\x99\xBF\xFB\x93\xECo?\xE0a�\xC7?\xBDݟ\xD7_\xF9\xFF\xF78\x96|\xFF\xCF�\xBFz\xF7\xF5\xFB}��\x90_\xBF\xFE\xF4ͻ7_\xBD\xFD\xED�\xBF\xFE\xE6\xED\xFB?=\xDA\xFD\xDBY\x9C\xED\xB0l
-}\xF8\xF0oo\xBF\xFA\xF8\x87\xC3$�\xF2\xFA×7\xFF\xE5\xF5\xA7?|\xD7вM\xFF\xF2\xEE×�C�\x9F\xF72~|\xFF�a\xDA7\xBF\xFD\xD7\xD7x\xAB\xD3\xFD\xE6_�\xF5\xCE\xDF~\x8Fc\xFC\xD5\xEB�\xAF?\xDD(܇�\xF2\xB3\xCE\xEF\xA2g\x97$\xC9`>h\xFDb�\xC6#\xE9{\xF1\xE2;hb\xBF\xB9\xFBp\xF8\xF3_}z\xFD\xE5\xBBEm\x97@\xF3\xF7�>\xBC~\xFF\xF6˛\xDF�\xF4\xCB\xD3SТ\xF1\xF5\xE6\xEE\xCB\xD3?\x9D\xFE\xB7S\x88\xEB\xFA�\xBFN?\xE7`\xFF�
-\xF8\x83_\xF8\xF4\x9F\xD7J\xDD=\xDC\xDDß\xEF\xEE\xEEn\xEF\xE6]\xBFkw\xF5\xAE\xDC\xE5\xBBx�n�n\xEFo\xEFnoo\xE7\xBA\xFAm\xBB-\xB7\xF96݆\xF98�\xE6y\xDEM\xF9�\xB3\xCD%\x96\xCC4\xC3�\xE3q<\x9C\xC6yÜ��c\xB4\xB1ä¿‘\xD6�\xFAc\xBF_×¹\xDF\xF5\xB9\xAE\xD1{\xAF\xEB*=\xF5\xD8c{l�\xEB\xBAowm=\xA7\x8D\xD6\xD7\xD5ZYW>\xB5\xDCR�-\xD4\xC7\xFA\xB0\xAE\xF3\xBA\xD6$\xEBm]\xA3\xCB�\xB5\x8Aܹ\xAE\xBC\xAE\xB8\xAEPCy\\xD7ú\xCE\xEB\xBA/\xEB\x95Ê^\xA3\x8C\xD3�v=\xB8\xE8g
-\xBF�\xAE\xC8+?\xEE\xCBV\xEA�׃^\xFB\xE7\xF5\xFF9\x9C\xA3~\x97+\x9EÓº"\xFEO\xE7\xBC.\xFEl\xBF\xCB=\xF1\xE4\x80x\xF1g\xFB\xFD�;\xFE\x9C\xD7�\xF1\xB9t=\xEC\xE7\x93\xFE\xDA\xFC\xAA�\xD75\x94\xBFw\\xE3 \xA4\x9F�\xD0\xFE\xC4\xCB\xFFtx\xCCŵV*\xAC\xB5\xBA\xAF\xEBj\xB8t\xE7\xEF�\xAE\x89\xEB�×^g\\xFCz\xF0\xEBQ\xAE\xD3\xFD\xE3C\xC0�q%\xBF\xB2_�W\xF5\xAB�\xAE\xEE\xD78=�\xBF\xE6\xE1\xBA=\w�\xD7\xF9꺿\xBCN\xEB\xDB\xE7\xBE�\x9F\xBF\xF4T\xADc\xDE×\x9F\xEB\xD8ß\xF5\xBB_\xF3|\xECa!E\xEAy\x9DÒº0A\xBE\xC6B\x9AÛ…<çµ”�\xFDq\x84��\xB1\x96�\xB2Ð \x8D>\xE4k\x8E\xDB\xD3¾\xB3\xAE\xF4\xC3x\H��j\xA6\x99�\x8A\xD6u\xB5\x85|\x82\x9Cs\xE1\xF4\xC2\xF7\x85\xC6\xF7\xFAÞ\xB7a]q\xA1w^W\xB9]ص�q=\xF1v\x9Cn\xC7\xC2\xF9\xBA\xBB=\xAFK6M\x96\xE7\xF1.\xAC+\xAE+\xAD+\xAFK\xD0LPs\xBDÈ¢$\xFDn\xCD\xE4N\x9F\xB2h\xCB\xED\x9D}\x9D\xEF\xCE'\xDB\xF1�4"\xEA�?\xFB��\xA1+Up\xE2�>\xEF\xEB\xE1p=�/\xA1�\x87+^\I\xAE\x93\xFD\xB7\xAE|u\x95\xAB\xEB\xFA\xAB=\xB9\x94\x98\x9D\xEC?\xBFƳ\xD7\xFC\xECu{}\x9D\x9E\x80\xEE\xFEÔµV\xAA\xDC\xFC\xC5�w\x9F\x84 .\x8A\xAC\xFF�\xF9\xD5}QQ\xFBn×¢\x93\xFA\x8FW\xC6w\xBBÒº\xEC{2\xC8 ?$\xFF\xB3\�\x97|\xFD@�\xF4ß…\xAB\xAE\xB9\xE9\xF1Y\xEF++q\xBBN\xED\xFD"#\x8F1Æ¥\xC1Ƕ\xD8ÏŒ\xB7\xEB\xC0\xDD\xC7\xC7\xF5>)\xE5u$Z\xEA�mn\xD7ɾ_�\xE61ÇœrYG\xA3\xE7\xB1�\xE4.\xDF/\x9E\xB0\xD6*\x96\xBC·\xB0\x93\xB9�\xBF\x9C\xCCG=kI�M[\xBB-[v^t\xE8q\xADw\\x9C\xAC\xAC\xD3"\xF8.ؾp�\x98^�\xCBO�\xC9
-\xC5�\xC1�\xBD\x8B"\xF6Bj\xC5h\xC1f\xC1d\xC3b\xC1`\xC5ޅ\xB7IqV\xF0u(\x9A.��\xD4<)NV\xC5Ʃ�x�\xB4\xD3ո e\x82\x88\x82\xD3B�\x8D>\x92b
-�\xBD\xC0\xB1�j\x9B7
->]\xFC!\x91X�\xD9^\xF4[�\xE4\xBD\xD2w\xE0\xBE\xD2}\xE3�B\xAB\x84?�\xA7\xA8z)b\x9FÖ·\xB5\xCC\xEB{\xBA_[s\xBF6\xED\xFC\xB8\xAE\x875\xCAY\xFF\x9D\xF5^w~ \x95ZK�~E\x96\xB7\xB8cV\xB2�BC\xC2�\x86\xF5\xB8�\x94dž\xAB\xE2"-\xA1�\x90pE\xBD\x82]N\xCF\xF9\xE5\xEC`/.�X.r�r\x9F~\xB1\xE4d[\n_\xD1�V\x9A\xDC�Ë‹\x8B\\x88_\�.\xB6]\xF3\xB0\xE4\xE3\x84u\xE7\xDAc\xFD\xEDt�\x9DP\xD5 \xC83m�\xEFu\xC4[�\xA1\xEB\xED\xB2G\xB2?\xC1w\xE6NW\xDFV^\xE4\x92,\xF2\xCBI\xD7\xFB(i\x8E\x83\xAC\x99T\xDA|Ty\xF3�\x89s\xA8\xC4Y!sFH\x9D\xF7*w\xDE\xCEyZ<\xACC\xF4\xCC�+\xA2 \x9F\xEB\xB5D\xFA\xBCU鳫\xFCYT�\x8D*\x81>@�\xBD\x85�\xDAT�\xCD"\x83\x9E�U|T�\xF4\xACB\xE8T!\xB4�\xE3y\xC2��\xE9\xFF\xF4ÕŸ\xBFNW\x80\xF1=\xAE\xF9]\xD7\xC9\xBC\xFD^\xD7ÝŸ\xBANJÍž\G梤\xFFQH\xA6a\xC3:\x93\x8F�O\xF9\xFDApv}?\xEB\xFF\xFC~�qa}\xBF\xD5\xFF\xF9]\xFE\xBF=\xAD\xFF\xA6^�\xDF\xE5\xEAz5\xA5\xD2\xF2\xDD\xF87�t|\x97\xFF\x93\xFE\x9F\xD6e_\x8B\xEA\x9F\xF4?\xFC\x82\xEF\xC10\xD6pG\xD9\xC0\xBD^g|?\x8BHs\xF1\xFDN\xE4"\xFB~\xC2/\xF3p-\xFEjR\xDCP9Nd�\xD9\xF9\xB4(}�\xADEéˆ \x95\xD0 a\xE0Su\x96\xB6\xB8C\x81\xCE"�\x88j-\x8A\xF0\x{1E6B5C}t/e\xE3\xBBk)\x8B�\xE9\x8B�\x8B~�\xD2(z\x85r\xA3\x85�\x8B/\xADg\xAA\xF8"_\xB2�£��\xFF\xBA��ê´˜ÙH\x82\x8B\xB1\xF5\xF5H\xD1u\x84\xD5\xC5\xF5�;\x89�\x92\xDD\xE0�\xC8\xE2\xDBr\xCB�c-m\xF5N\xBAD\xB24\�\x911�a�\xD7�Q\xA2\x81\xDD>\xACO\xC9&
-\xD9{e\xB1e1Xa\xAF\x{1CBD66}5\xED\xBE^㼤\xF7\xB0^\xB1(F\xDC)/�>\xBA䨓2\xD1Ge\xA0\xC2>\xA72\xCF\xC75\xBB\xBC0\xB8/l^<SE\xE2\xBC0^\xC4\xE0\xF3\x92\xEAE\xF65n9Tڽ_Rn\\xE4dI\xB6'0ʳ\xB2ʨ|rs\xC9{�GM\xC5j\xAA\xFE\xDC.\xB2v^�\xEEq�\x93\xB8V\xB4\xA8v\xD3U\x9B�Nv>\x89\xA2\xA2:IQ=c\xA8\xFAp�sQv\xA4\xC23X\xD4f]\xC6$\x84\xB1=\xDAQTf'\xCFH\xCA\xFE2�\xDDzШ\xFA\xC9թ\xA3*uT\xA4\xB6
-\xA5\xFC\xE1Bs\xDA:\x93\xEBJ'W\x94\xA0�\xB9^tÔ„\x8Ez\x8F\xAB5`\x83F�\x8C=.VyZ\xDFT
-\xD7˸\xEA"\xC0z:TÍ \xA2AUÄ\x97\xA1\xB6�\xD35\xA8m\xA8\xAE\xF1D\xDB8\xE8�\xA7\x83\xB2AE㬢\x8E\xE9�\x8F\xAEWP�/\xAE S\xBB\xB5
-\xC2Öœ|g�\xB1\xE3{?\xB8�\xCDuZn\x80->�\x9E\x8B\xAE�~\xF2Õ¦Fj:\xA8\xAC\xC6%\xA3\xFC\xE9|\xF2t\xC9(:\x9F<]2\xCA\xE7\xF9\xA4\xD2=\xB1\xD3D\xD8i\xEE\xD5JsI\xEF\xB2R\xBApR\xD3\xCC\xFDb(b\x94\x99J\xE3Z\xA9G\xE6\xB26\xE1�r\xC4Q\x92\x90%\xFA\xEE�\xBA\�Y�]\x9A\x93K�\xB6,\xDBj�\xB1�wn\xB0*#\xE9�\x98\xA9j\xE8\xBBg}o�\xA8�\xAD?\xAD�\xD6\xD7U\xF2~\xD6�\xED\xFE\x92b~\x92\xF7\x93\xB7\xEBJ\xBD\x93Ú“\xEE\x95^\xCFE\xEE\xDA"\xE6i1\xACÇ…\x8Ag!̧\xA5Ì·E\x97\x85"\x9Ba�j�u3\xD1b\xBB^\xA2\xC5ÜE\xC9%\xD8g\x8C\xCE\xF8\xA2p\x93�.*\xCC\xD5�\xF1\xE3i\xA1gR\x9A\x9F\x95\xFAw1�(G�\xBC\xD0�\xBE\xA8BP\xD6!\xEANU\x86Ò•6\x8BzVr\x{128CD1}\xE7\x94\xD3z/JB&{\xDC)\xD9vU�\x8A\xB60%\xEA\xC8�:\xAC དྷ\x86 \xC5h\xA9F'ÕŽL?�\\x83થ\ \x90\xA3y7^({O!\xFB
-\xA2\xC1��\xBB\xBE\xF9gQ8Ò—��\xF9\xDA`�P-�\\xB9\xCCP/\xBB\x9A�Lżw%3A\xCD\xFC\xACa\xE9t\xB0,=oW:Z\x95&�JÛœd\xC6$3%\xA9!\xE9�;Ò£Û
-\xECGf:�\xA3U"�A\xBEM-�G\xC5\xD4̨B\xA3i\xC9�\xE2l�\x96\xD2\x{1E151E}W\xF3\xEBh \xD9Bl\xF6+�\xAEh\xD7Ih龄\xC3\xE0:\x9A ]s\xBA=\xFBuw\xB8\xF6\xD7<)\xEB\xB2k\xF8\xD5�W\xF3k�t\x8Eby\xF6Ke\xB5\x93\xFDw\xAB8lZ\xD9\xD62\x8D ?\xA7`�\x95˧\x8A\xE5\x85Ry\xA9R��Ê£2y\xBE\xD2Û·"9\w\x87�y:*\xF0�_\xB2Q�\x885\xC1\xF5\xF8G\x88>6\xBE}�5x\xD5\xE1O`�jx\xDE�\xE2\x9FN\xE2\xCEO\xA5\x87*>\xFC\x8E\xA0�q\xE7K\xA4F�X�}HHÇ¢=\xA3\xE5\x9BtS\xC3\xCDB)�à·§\xBF\xF8\xE2\xC7�p\xF7\xF5)\xBC\�\xEELIn+5Ì¡?Ì,\xCC`\xB1\x80)\x9F\x94i\x8Eu\xEB\xFAt\xAE/\xEB\xC2Ì›\xDA_."[|�?\xC3P6#\xDE�\x92\xFC\xA4���\xB3"?\xAD7H]~X��:\xD6z\xF31\xEC\xA5j}\xD9\xE28L觎\xA4󉈘)\xB2\x8CÙ¢G^.z\xB2Æ”\x88\x9B\xC5bzV\x88\xBC\xBE}\xBC\x94\x97\xB3\xE4\xC3L~\xC2�:�YL_^\xFE\xA0+YbÔ•N\xB1\xB6\xB9\xB7\xDD6y\xBE�~\xBA\xA7\xF1Ó†Y3\xB9\xBBw_(}\x9A\xDF\xCF͹�\xDC3\x9EN\x81\xDE\xC4\xF5�:;\xED+\xAAa\xD6d\x85�9a\xAA�v\x86\xC5S\xA4\x84�\xBD\xB9\xAAN=TF\xB8S�\xFD\xC1\xD4\xF9�O\x90�\xCC�:`�=\xAB)\xD4$\x84\xB4T̪\xD2\xC1b�K\xA0\xB9\x85|\xF0�\xD9 \xA9�\xD7`Û˜'\x95
- ��xXq�6�fR\xE3a&
-\x90\x87\x91\x8B\x81\x8F\x9DT�2� y�\xB9�\xF9�8�xZ�_\xCBjN\xA9\xE0n\xC6\xDFn\xE959\xC3G\xB5X\x9D2\xBB\xE0�/\xC3\xC0B�J?\xF8QÌ“"\xBE\x94\xB3\xF2A\x{168704}�\xCA�\xC7J<h=\xD9I~u\xED\xA7\xC1\xDDÒuL×…T�:�\xD8\xCE\xD9�1t\xC6 at IrE\x89W<\\xE9\xF2:\xC1kC\xCF;.=
-\x9B\xCD\xF6\x8Bk\]\xF3�g\xCF\xE5u\xFB\x99\xEB\xE9\xD7\xF9\xFA:A\x89\xBB\xBE�~\xECu\xBA\xF8\xF5\xF1\xA7_\xA7\x9F>ğ�\x90��"y\x84\xFF\x85J\xC15\xAA�\xB2?8\xC2?\x8B\xF2'\x98\xDD.\xF0^\x95\x83\xF2�\xE2\x9F\xE1�1\xD4Oja*��\xB0H\xC0\xC9i\xC0\xFD\x92,\x84��
-(\xF0\x8F\x98
-\xF3�\x82\xEC&�[\x98m ��iO\xD0��`B�\xAA@ٖ\xD2-iæ�g\x95C�`p�j>4Gj9�\xA8\xC48P
-ҊM-�(\x86\xD1�R\x8C\x86\xEB\xE0i5L\xBD\x83s\xDC(\xC7\xC3�\xF5\xA0\xFF59�\xA1\xB7\xAF]\xD0�\xA5%\xA7i_\xB7�\xA2r\xE7D�\x84\xC5ܵ�ڲ\xE9K\x84\xC4\xC8k\xA9\xBD\x97\xE4\xE6Ht\xEAA�=\x92\x9F~\x90^\x8F\x84H\xAF\xD3�M\xBA\xFC\xFA,\xA6�H֓\xEB\xF4\xB9?\Ѹ\xEF}\x9D~\xF8G\xFE\xE3�\xFC\xA1(n�\xFEx\xE0\xE8\xF9\x80\xDE\xE0\xE9'\xF8\xD1�\xC1�\xBD\x89\xE0\xF5�\xCE~DpCn\xEA\xFF\xC6\xDF�v\x9F�\xBD�\xC4�\xA6l\xDE�\xBC:\x82\xCF�\x82?�\xF8\xFC\xD6V\xA9\xAF\xC2�pRm\xE1\xC8\xF4\x93+\xAF\x82\xE0�\xC5\xED\x84~�\x8A\xAB$pRQ\x80!�\xDD\xD1\xFC(��\xA2? ѯ�\x83�/\xBD!z?�ۇb\xE8\xAD2\xBA\xA3\x98\xA0\xA8~\x81\xEC\xF1
-\xE1\xB3;i�\xEDOO0�\x90\xFE\xEEB\x92\xF8,\xDA�\x91\xFF\xF4y쿸\x9E\xA2\xFF\xF1:\x90\x81\xD3g\xA8\xC2\xF3\xD75\xAD\xF8,\xCDxz\xFD\xE8\xAF\xD3\xF7\xB8绉\xD1\xD5u\xFAa\xB7\xFF\xA8�/Q\xFCg4�\xFD\x87��\xAF\xAEt\xB8�2\xB2\xAD\x97UcNh\xC34\x8C\xB9\x85�\xF3(\xB2�MK\xA0iFը\xA9ܞ\xE0K\xA4В�\xB0\xC1\x90
-\xA1h\xB4g>\xEA�L\1j6�%\xEF4\x80\xE3A\xFDM\xE9\xB4蘉)�a�wj\xBE\xB0 \xA2\xA4.\xA8\xA2\xA1�CqE\xA4\x92�%XI\xB5\x94\xB2\xC8\xD4Ѐ\x8E[%N�\xA7\xF6\xA04)\xC39\xD5�S\x84\xF8<jXGT2#\x9F\x99j[\xBBSW\x8B\xACFVwUU\xB2`H"\xC8\xFFxR\xBFUT\xE45\x9C\x94\xBF\xDDi\x9C\xC7=\xE4|\x91\xE8Mx�A]F\xB5/�\x97-\xBEʸ\x81\xD8\xD0\xEBI\xDD��\xC6w\xED\x99:x\xA5.\xFCQG_\xD41\xAAO\xA7x\xBA\xF2A\xDD]�\xF1=^x\xA1“H\xBE'\xD7\xE9"\xBC\xEF\xB9@\xBF˫|\xF6B<\xC5\xE9��\xF8ï\xF6\xF4:=���|||X\xAFz^K~\xBB\x88\xF4Ш\x92\xAA1$�7�Ԃw\xAFV\xBB[\xB5\xD3\xF58\xC1\xC6\xF6\\xB0\xC5\xD3p\x8B\xA7~\xA4KGI�o�}%\x97\xEE\xA4\xEDP:\xBA\x94v\xF0\xC5\xF6*ѯ�\xCF\xD2I\xB9\x9B9\x97\xE8^\xA2\x83\x89.&:\x99\xE8fRG\x93\xBB\x9A\xCC\xD9İ�8\x9C\xCC\xE5dN'u;\xB9\xE3\xC9\O�)<�\xF7\xBA
-�\xE6zÏŠ\x97�\x8E(uE\x9D\xE0\xBFs�\xBC\xC5
-7
-\xE6c\xE4p\xBA\x8A�\xBEW�\xCE�\xB1\xC3S�UC\x89D\x93�\xE2\xED\x95gÔ°\xF8\xE5\xC5\xF7\xF9p\xF0\xCE�\xA9\xB9U\x9F\xCFT]\xA2\xAB\xEF\xC7\xFC\xF4\xEA\xD0W\xE2\x94N\xE2�r\x97\xFD\xA3\xBA\x85�躇\xBEN\xFF\xFDT\xBF\x8D\xAC\x8A L�\xDE\xFC\xA2V\x9B\xAC�1\x9ET\xDC�\xEE\xDA\xF0\x90\x8C{\x88\x85w�|\xB1\xE3..#..\xA2-N�\xB5\xB0 \x8B\x8B@�\x8F\xABر�\x8C\xAB\xB8��×¹M\xEDv\x9D.")\x86_\xFDp\xB5\xC3u\x8C\xE6,�W&\xAB\xC9�\xA1\x8B\xD7\xD75\xAF\xBA\xBC\xBE�3\xFC3\x8A\xFF�\xC5\xFF\x8C\xE2F\xF1?\xA3\xF8\x9FQ\xFC\xCF(\xFE\xFFc�?:\x92� \xE7\xE9&\x87\x979\xAB/x;\x8A?s\x83\xBA�\xE1\xAB}\xD9\xC4C�\xF5�\x{147287}4\xCE\xC6\xD4\xF9'\xEE\xE7�\xFC\xC1\x9F\xE6F\x9CϺ�\xA7\xB8�\xB3\xBB�'\xD4\xF2\xE1\x9B9��\xFA\�I\x87J\xDF��\xDF\xF0\xD3ÕŸ\xAE?z\xFD\x9D\xD7剱S\xA3\xDFOOA\xF8\xFF\xE9�\xFAż\x8F\xEF5\xFD\xC8Þž\xF0\xEB\xADYg\xB2�*:�\xADg\xD5P\xCD�a\xC6ÕD\x91�O�)\xB0\xA3ÒŠj�T\xB3\x9F\xF6�L\xA7j5E\xB2�\x9D\xA2\xB7�\xD3\xF3pH�1\xDB("y�>Іd�\xB5,\x98\xBD3[\xBE�\xD2E\xEE�\xFA\x9A4\xF8\xB5-*}\x99.R�\xA9s\xAB\x86E�\xD2I�\x83\xEDj\x88;[�si\xED`u�\xB0\xBC\xF2\xDF�\xA6q\xB4š�\xD6�\x8B�|\xB2t\xB9 ̨\xE8d\xEB\x955v\xBB^\xEE\xE1\xA85\xF7\x8Be\xBE\xD8\xEBX\x82�m\xB3\x8B\xE9\x9C\xD4({\xF0\xC0 5\x866\xD9�\xC4(\x85�gKS�7\x94\xDD\xDD!�XL\xAB\x8B�\xD2x\x9A\x98�\xB2\x93?.S?>\x9F\xF6\xF1\x9D\xE18\xA7g\xE3q\xBE#"\xE7\xB3�9�\xC99\xFD\xF0\x98\x9Cˬ\x9A\x8B\x90\x9C%\x85\x9C�\x95cb\xCFs\x82\xCDOH�9]\xE7\x81|g\xF4\xE6hp\xABE&?"ê‹‚\xD4�\xA5:¶\xB68u�\xA8\xB6Hu�\xAA\xDAI\xA7f\x93\xD3\xE9��\xAB\xA3he�=
-W6\xDD-^٤\xCF'\x9D7$\xAC+�ˢs->\xF7ZĚ\x88\xD3}"b\x9DD\xC2��\xEB"o\xD0r\xE4\xEE5G.)\xF93ϒx\x8C\xD5\xF8
-w\x92�\xC0��H�\x929\x90�\xA9\x9F\xAD\xEC�k)\xAB(+�u\xED\xEE�\x8D+\xF1\xB8\xB2L�\x8D{\xD6%��\xA4˰^\xFE\xCEcq\xE5M\x{DC2E}M\xA8k-n\xD7v=\xAA\xF5S\xC2\xF7\xEF\xEE�4t_�\xF7\x87\x9A3�\xD7Ѭ\xEB\x98\xDE\xDE\xDF/|J\xEB0\x8Fu\xB8��"\xE7\x85\xE6]�&�z=>g\x9F޶M\xE9\xA4|ִ
-~\xA3C�%\x88��\xF4\xAFE\xFD\x8D�\xC4�\xE2�1DqD\x87\xBCpr
-Dp\xDE>\xE3Ǿ\x8Ey9z\xAFݛ\xA5C\xFE\xA9\x90m\x8F\xD8>\xC4kCj\x8E*/?\xA8\xA4|\xA72�\xE1d1\xF6&\x81[��b\xED\x88'+\xEB\xC0\xCA�E\xFE*b\x90�\x98!\x84*\xBC\xAC\x9F\x89L\xFB\xB1C!Tn}Jo襪\xE8\x85q%\xE2.J\xB8\x9FĜU�h\xA8\xFDd�n\xF9\xE5̩�g\xF4S\x87\xD2�%\x8F\xF3\xB3\xF1d$\xD9�y\xF0%\x87I\xEB\xF70\x9E\x91)\xDA0?I\xC2L\xCF�\xAA\xA5\xAB at 5\xA6�׋\xFF\xCB\xE1\xFF\xE7�\x91/s\x8E\xE3\xD6�N.\xF6\xFFL\xE5>\xFE;9Ԏ\xB1\xEB;u\xFAڅvAh�M/\xE2\xEE,\xDEFbm\xA2\xBA\xB0*\x9C\xF0[\xB0dlM\xF7 \xF1�M\xA2J\x9AF\xB5伓
-vgOD\xB6P\xBA~\x91\x87�4�\xB9*\xE1�\x92a\x81\xE0�\xE2��K\x8B\xFE\x8E'J\x96�\xFC>+q�È°\xAA\xEA\x9A\xDA�\xDF�\xEE\xBDc\xBD\x91iu\xCF\\xAB\x93:\x9D\x98lu\x8B�\x9B�\xF5%Eu��\xF5\xCFtOW\xBAC\x8AÒƒ\xA6&EMGZ\xE4K×\xA19\xF8�\xE1\xB1O��\xFD1@\x87\xA1~\xE3િE\xE9�uÖŸ\xE0\xA5gÔŸ\xAE\x82dd\xAB\xC7�\xB2\xA5\xFE+\x9E\xECd�\xF8\xAEK4ÔwHv:\xDD^\xD6Vx\xAE\xBEB\x87\x83o*\xBBc\xBAÓƒ:\xFA��\xA9N\xD9J\x82\xD4C\x8EÓ\xBB\xF8�\x91Ô´�\x9A\x98\xCEt\xAB\xA2\xA5, =t"\xFCUHÈŸ\xC9i~\x9AÕ¼\x85\xDD\xCBd\xF2\xAB\xEC\xE6Ó“L\xF2\xED��W�\xF0\xCEr~\x9A\xE7\xEC\xC2\xF0\xE9�Vs\x91\xEE|\x90\x8B\x9F\xCA\xC6[>\xDEaë’O�\xBB\xEE\xF1\xEB�\xC1\xBE\xA3\xD8w$;cٟij[\xB6\xD7g�\xA4l\xDE\xD7\xE9s \xD2?V4>}.A\xFA\xC7\xE6}\x9D\x9E\x91"�\xA1V\xB6\xAAÖµ\x94-�\xC2Ed
-\xC9�\x93Eâ˜\xAC\x822,\x91[R\xA6\xAC|i\x8E\x8C'X$Y\xE8\xD2*I\xBB\xA4\xBD(\xC5\xE6\x83mÒ‹�1\xC5\xF7\xEE\xF4\x8C}\xF2\xBB-\x94\xB4Q\xB2FÑ…\x8DR\xAC\x94;\xFB\xF7\xD2F\xF9y�\xE5\xB5}Ò¬\x93\x97R�c\xFBE�\xE8bv\xAA\x96\xE7�v\xBC\xBF�\xBE\xD7-\xB2�$\x8D�\xF7q\x93\xBE(�M|\xE2\xE5\xB0\xC4�
-\xEE\x87<\xB7\xC6\xF5�\xF4�O\x85\x9D\x9F8\xCEO\x93v\xF2\xB3\xD2N~Ξ6\x9E\xD8Ò¶%m at c\xD8V\xAB~a \xDB\xF6\xAC\xF5\x99\xD3\xC1�\xF7\xDC \xFC\xCBz\xD0.xÂ\xC1�(s�\x96,�\xFF>jT`\xF1x@Ú±\xA2\xAAp\xBB\xDC\xC9C '�4Ú³\x82FsA\xE3\x9E%FhE�ÚŸ\xD5~@\xEB\x81\xD8�h=\xA8V\xE4CÉ©�\xF2\x98(4U\xB5bG m<\x9FP\xA2\x8CÖ‚\xB8H\xE2\xFD-\xB3<E\xA54\xFAw;\xFBuQ\x8F\xA3M\xE7Òžsm˹\xB6\xE4l\xEE6\xACh\xD4fi\x9B\x95]\xDBn\xD6j\xFF�e4\x9E\xF0\x88\xD3\xF7g�,\\xD1Pab\xC2\xE4\xB8� \x8F\xA9\x84\x{150231}\xD3 wB!\xA22O0�2\xAB\xD0\xF3
-/JVi:Ʀ6\xA2\x82H\xA2\x8E\xA8\x99\xF7��1\x9F6rBHwUR;\xD5\xE091\xBC\xD9��\xEB�<\xB2J͊'�XѲx\x87@\xAB�\xA8\xC0\xA6 [\xF5\xA8Cɜ\xC7Cɜ-\xA7>\xB8\x9Cz] j񋣄\xBA\xE4ӓ\x86F�\x95\x9C\xA6ʥ\xAC \xB0\xA4%T 8?<Pnz*\xCC\
-4\x97b͵ps\xB4\xF6=�s.\x85\x9D�\x91\xC7�%wn\xCB:Z\xB3hϢE�6-\xB7j=`\xAC\xF3\x85mk �V{E
-\*(\x9B\x85\x8B6.Z\xB9̢\xF2\x93$\x88g\x8C�\xA7\xEF'?|\xCE�\xF1C�\xDA\xC2ϑ�G\xBE\xC7t\xB5LCE\xDDƋ\xF1\xC4�Tֈ�Ƌ\x9A$W1�'\xF3\x93Ǻ\x9CS\xE5ħ
-�6�\xD3#+S!\x93\xDD\xFE�/\xFEi\xE3\xFC4^\\x9F\xE5\xC5U\xEA\x81:/VEg\xCB\xF5\xC7\xFF�j;\xA4C\xA2\xEAUª\xD0\xE5\xCB\xD4\xD5ӕ\xF4\xBFej V\x93\xEA쵪\xF8\xDBu\x96\xAB\xFDw\xF2_�\x919\xBC\x88\x95\xFC\xD4w�\xEC!�v\x91T�3\xF9\x95\xBD�f\xBC(\x80y\x86~\xDBQ\x97\xE8PKƥH\x93 \xE7I�\xDC
-WF1�1\xBDPC;\xAB\x8C@/vW\xB9a\xFB\xAF\xDDw
-w\xED\xC3 \xEA\xDC�\xC5e\xE4bu\x82\x8E�3rewL\xA3\ۣ�4hZ5\xE6A\xFDmU#|\xADJ\x81U\x8D\x99\x9As�\xE1V\x9B"\x90,\xBE\x96\xD5\xE6q\x8B@ݬ~\xADy\x92\x9A1\xB0rT\xB5p\x9C\x95C\xE4%\xE2\xDFj\xBD�\xAB�3\x94I<\xA0R\x8C\x95\x89�\x85\XC\x85\x8DY\xD8B:\xA9\xDDB"h\xEF\xA0P'g��jj.\x8B
-La�46w�\xF8s�\xED\xA7�\xF0\xA3QL�\x81Ó•=\xFAO]vo~æ‚\xED\xE4\xBF^\xBAÝ¿\xC3\xFDn\xD2\xC6Ý¡j\xD4e}\xC6뚌�u�\x9F\x94]D\x91\xC5Ó±\xB6â¡œ\xE2e\xB1D\xE6)\x9E\x91/v\xEFB\xC6�s\xC7 l\x84SCD�2M�\x8E9\xEBu\xB1\x9Ac\xDB~PS:i27\xB3\xF9-L\xE7\xCC\xFB:\xA6\x83 !\xE4\x90=\xFALB\xC8i\xE7\x83 �\xE4I*\xD8!�\xECiz\xE9N A"\xC8\xE9"
-\xEC2\xFD\xE33\x89\xA6Ok\xFF\xFEĊl"�\x9C\xBE\xC3\xE2\xF0�뱙\xB0p\xFA�\xF6\x86\x83#\xCB}\xF7\x96>\x80tG\xA4:Z\x9A\xE3@\xC6\xC0.\xF3\x98]\xF3\x99\xC8�p�\xEB\xE9\xA8\xF9\xE81>�X\xB5\xA2\x89�\xAE\xED\xB5?V\xA9"\xCD \xBB\xB2\xE3I
-\xAA4\xA7^K\xA8V\xD2q\xDE\xDE]H\xA7ÛŠ\xFA\x8C
-\xF5\xF4\x9C�U؛\xC9\xC0.é�G\xE1\xED(\xBE\x99\xF0v\xAF\xC7\xFAN\x8F\xFA<\xC4~\xB5\xA3\xCDe\x84Ӆ\xD9\xC5\xCC-\xF3\xCA\xDC\xE25\x9E-\xFA\xCB\xED-\xB4\xB9\x9C=\xBFx\xBD\xED\xC9
-/r=\xFD"\x86\xA6'�c\x9D�\xDC�\xA3\xD7\xE9P�\xD9\xF0
-T\xC4\xF43SۢJ⦑V\x95��4Q\xE3\xC3\xCD4ѥ|\xDD/\�L�<\xC9\xC0\x90\xB3\xAA\xA0\xAA\x80\x9Eԥ\xA9�(\xF0 (M8\xEB\xF9oRZhD��\xBAE
-\xEC\x8C\xEA\xD7g}\xF1\xAEE\xE4\xB4\xE0\xB5żњ\xD4\xC1\xE0\x8FŅ\xAC8�\x85\xDF�5�Y!8)��Q\xFC\xEDNO\xB8\xF0\xE8\x92\xD2I#\xC9\xEE\xC1\x89\xC7Z1)\xED��\xCB`~W�\xC7�c\xA3<\xFD)\x92\xF1Cm\x94\xA7?M4~�\xCD8}\xC6\xD3i�t\xB8\xB8�?w\x8D\xF0\xD9+�\xAF\xD3ů\xE9\xB3W\xFE\x8E\xEB\xA2.\xE4\xE9\xE2\xD7ϔ�>d/?\xBD\xFA\xE5u:\xFCr\xF1e�\xA8\xCB\xD4\xCFva[\xB8N\xFC\xFC�E\x8A\x9E-\xFDL�\xEC\xEFS\xA6H3\xB1O\x878\xA0gk�}\xCFRE^\xAC\xE8\xF4\xB9jE\x97:&j\x90,UH%\x87\xA3R\xE8\xA5C
-h\xEE�6-I�\xA19_\x96u\xCC��\x82?ÛV�%\xC1E\x9DYg&\xA0\xEDѱ\x94I\x85\xDE\xC6j4\xF4U\xE7��\x8E\xF8\x9Fa,\xD3?\xF9f\x8D\xEF14\xFA\xD1\xF4FT}yY8
-\xF6<Q\xCD\xCA(?I\xF7\xECÏ©\x9E\xFD\xD2
-\xFC�\xA4\xE1I\xD8\xEC\x86͋�\xDA\xC3߯�|�{k5I�$!b\xD0tco8T\xB8\xA6\xB9\xF7\xC1\xC3�+\x94\xAA[fz?o\xF1=!1\x92�u\xBBw\xEF\xB2\xE26M\xB0\xF5G^\xED\xF9\xEB\xF4\xB9?\\xDC\x{11FBDF}\\x9E\xBD\xF2\xB3Wz\xF6\x8A'\xC4\xFF]_\xE1x\x99X\xF13VN�\xA6{z&�\xE0\xC8w\x95\xF3>)\xFC\xBE\x8F\xC6\xED\xE1\xA7[\x94\xB0\xE5O�˽\xC3_\xCB!\x98ɪ\xA5\xDBu\xBE\xAA:�b\xDA1\xA3�\xE4{\x97\x98c\xE6\xAB�e\xCF;F\xF5�h\xF9\xB4\xCEvyf�t\x91wt\xE2\xB6\xD2o\xFB<\xFD\xCE\xDB,o\xBEe�\xE9{N\x89\xF9\x9C
-se9\x84]\xCB�\x8E\xC2\xF61M\x9A\xB3\xF6��b\x93n\xCAx\x99�^\xDC<g"\xFB\xD1C]\x95\xF9\xFA\xC1!Pk\xA4\xD1[\xF9Y©8\xD6e<U\xA0\xC1\x91f@\xFD88�i2M\x95\xCFY�\xD28\xDFE\xC9H�"텤\xD1\xE6Rhҵ }̿<\x85\x9B\xDB\xF5\xEF�\xFF\xFD\xF4\xED\xBAv\x87\xBC\xFC\xE3\xFA\xE5\xFFX?\xFC\xB7�\xFA\xF7\x9Br\xF377\xFF\xF4_\xC3͗r\xEFoN/J\x90\x96\x887\xA5\xC7"L\xABܼ?\xBD�\xC9\xF7\xE5\\xD2\xCE�\xFC\xEA�\xDC\xE6x)z\x94\x809\xC2s\xB0\xC3\xC7?\xE8\xAC\xFEn\xEDM\xC3!{ٜIz\xD5;\x96\xBA\x8Br�\x84\x9BG\xAE1~\xF8\xC7ח\xF3�U*\x9CU\x9Fv\x8D\xA5�\xB8\xA5z\xB3`y\xED\xDD\xD22��[�l\x89`Q`\xE5e\xEF\xF1\xE6|2\xE8�Uf�\xDA�gք^=\xFF\xACW\xA7\xD1\xFB\xD3˅?\xDD\xFEP\xE7�+t�9\xBF\\xEF�m\x98\xA1\xB7\xDB\xCDe\xE9Z��\xC3$\xC0\xF1e\xAD `��o\xEC\xDEں\x8EЗ \xB1\x96π\x9C]9\xA4\x9E\xDC��\xAC\x9F�^\x8B\x96q\xEFZHL!\xC7\xC1�\xAE\xA6{\xC6{\x94%\xA1\xB5iw\x8B^\x87\xF7\xA8K\x82\xCA�`\xD91\xBBw,�\xCA�\x97\xF3\xDA��\xF2%d\xBE�3[\xD0P\xA6ASY\x94À�\xC5\xF1\xAC\xA5ꔛg'\x80\x99\xF5\x85\xD2KE\x94?$y.\xB6y\x81[\xB2I\xE4\x97�＀y\xB4j@њ ,qN�\xE6\xC5~lj��g\xC5 KQm\xB87\x96>\xEDa\xEB\xF0q\x80\xAB�\xEC\xA9]\x8D̩-\xC5.�\xB8,y�\x83\xAC\xB3\x8B\xA9-\xF5$�\xB8ν�\xD7\xEAU\x9FZ\x8D�S\xE3\xAA˨#&�0��(ib\x80\xD2\xD2~\xB7���(K\xE5\xF6{�\xA7�\xD6)\xF8\xCC\xE2軵\xFCr\x8E\xAC\xD8/Skx\xB7�^Tw�X\xCEb\xD1wk\xE9e\xB7\x91׽i}L\x81q\xD1\xEA\xD8
-�r\xEA6\xB5�\xAE\xB6\xF9�T\xA5-\xBC\xC7 =Ù»\xAD;c\x8F \x8A�\xE8\xC6\xEE\xAB\xEBw{\xFER.p\xCE\xEA|9\x84�\xE8\xBDy\x89�ro],*é’¯{×7\xE0B�C��
-�\xDA \xEB\xD0.\xED�\xAF\x90C\xC5 Q\x96D\x81b\x90 0\x87X1\xD7\xC5>} \xD5*l�rH�\xB8\xA8`\xB3\x87\xE5Vu�j[o30\xADl\xC7 \xE0Np\xCBe\xD8ˆ^�\xF4\xF0ŵ�\xCD\xE6P梛6\xB1\xB5\x9Ce(�\x96\xB6N\x80\xED¢\xA6K\xB8\xB6q�\xB8\xE1%\xC4\xD5U*\xEE�\x81Ø€\xB9\xD8YX\xC0\x8E\x8F+>\xD8\xC7\xD7\xF3�?\x96�2_\x8A�H\x91u)pE\xC7�`4<\xCB\xEB\xE3K9�\xAE\xD7I\xE2\xB4�\xF3l\x9DÄ©\xE96\x96\xF8R\x83c\x94�-\xF1\xC6&\xB5�Z\xA9\xB8SO\x81Í \xAC
-\xC9\xCD(\xC3\dX\xEF\xAD\xEB\xA0�a�\xA2\xE4E k\x9F\xA0\x99k\x8F8\xC0�\xCF�\xE8km\\xC1�f\xB3ϯ\x97\xD5#[\xE3\xCB\xD1B�p\xFD\x8E\x9DI\xEB�Uܫdۀa\xE1#&[r�0V\x9B\xAA,A�:ֵ\xA0\x99\xA4\xB8�R\xD8\xD6F\xF1\x93fP\xE8\x85\xD2 K}\xD5ȵ�\xA3c\xBE5\x93G,U\x89@\xE9\xF7kw\xAE\xE5\xE0|\xD7A)�D\xDB\xDFm\xE1s\xB7\xA9\xADU\x92LA�V\xE7\x95M\xFC\xA1\xC0Ѻ�\xE2\x98�\xEB8�>?��\xE3�\x8D\xC0\x90�ٜL\x95�\xD6j\xC4ڤh\xC7S�\xCC�Zi\x81\xAB�C�ט�\xE4�\x96�\xD7\xEC|\xF9��_\xB0uY\xB4�Y]\x88�\xE5\xFC\xE9\x9DJ\xF1߀�,�\xDB
-\x9Cpj\x85v\xCC\xC1{\xD7��\xB8\xC8z9\x8Cz�=Jc\xE0((e6`�a�0
-\x86\xE1\xCE%�\x83'\x8F\x94\x9D\xCE\xF1(�\xC1��\xF7\xE6E\xCFm�
-ȼ\xEE\h˗mm�P\xD6Y\xC1�\xAB�\x92\x88\x90\xD5a|d� \xC87\x8B*\x87Z\xC1fK\xEE�.\xC4\xE2i�d\xB1q�\xA3
-IJ\xA5\xFD4Ü»\x94%\xB0tR\xBAE\xD6\xF9\xA8E\xDCZ\xE6IJ\x84\xB1a\xCF��\xCA��\x9Cå… \xE0\x9B\xF9��\xEA\xFD\xF3�\xE3)S\xF4E\xDB^a^�yg\xB3CÓªu\x986� \xA5�X\x83�\x8FL,�\xB0\x8BQ\xCE/\xAA\x84\xDAaer0\xBCi퀻z>m\x80\x85-\xB1b�\x94c�pa�\x90\xB45\xE3\xDBM$*\x8AE\xA5v\xFF|nv<�6D\xA3tM>5\xB0\xDC\xE4\xFB\xAD;I[41\xFA\xD6t\x97\x81\xD6�R-�@L\xCD �\xDD���\xA6�lL�\xE4 \xA9p\xB2\x99{\xBB�\xB1H#\xC9�X\xF6Z\xE3`\xE2��}[Ç¿\xB6+\xAA\xB1n�\x95\x9F%�]w\xE6H\xA4M\xB9 i\xDB:\xBD=R\xAC�\xAD\xE3Þ’�\xA4\xF1Z\xF8\xF9\x81'\xC9 \xF1\xFD[S�Ff\xF3>\x98\xCD\xCF\xD5\xE2�crI2N\xD0b\xD6΂\x9B\x9C\xBC\x89�\x9A\xF0\xDDW�\xB7
-\x97�\xB1-\x8B,\x98@×¢\xCF4\x9B��\x92\x9E`\xBE�Ä \xA0\x82\x8BIR��\xA7\xA1f��\xC5\xE4\xB3,�uŠ¿M�[\xFC\xB3u
-\x8F9\xE1\xD6\xD0+\xA5\xCCj\x84\xA8K3u
-\xB4B\xFF\xF9\xF1Y(\xE0-�"\xE3\xD6%6w|�\xE8ޗ8\x95:&u\x90%˚\x8C�\x9Fuo4\xE5\xA2�\xAE�<kR�\x94�ն\xFE\xEB3%a�\xFA:`\xA1\xE7\xCBmY at 1r۽\xEB0ب\xEB\x80/\xE5\xD7\xF4b\x81\x97�\x85{\xA3o\x8B\x88ڕ;K\xD4^@\xA5\xD6zo\x9F\x90\xEA\xE7bB�\xE7e\xA3\xEB�K\xF3��\xAB\xAAf�(\xE6\xE9\xA8J5_|^\xCC^g �%�\xF7�0�\xACW�\xF2g\xC0Y(чN�ߧ\x89\xCCz8\xE6\xC2�\xBC\xD9\xF4\x85\')\xD8K�)瞱g\xCA\xEC
-X\x861\x9Fh"\xB9\x8E;\xD6/B m+\xB3\xF1\x99!B\xF0\xC4A
-3*}�\xC5\xC4{�vQqm\x80b\x8F\xD0q��_�<!u\xAD\xB3\x90\xB2
-\xB1�ÔŒ8\xE1JM�(\x84$O\xBEp�\x8D�B\xA0\x88#]\xA4d�w\x91�\xB0�\x91��X\xD5X�Ô©[\x90r\xAD{\xD7<p\xF6\xD57`w�\x88<\xE9 \x87\xCCpØ f��F#xvÊŒ\xFB̵"cr^N��xIE8\x90\xA3�W\x9BÙ„c;\x8E\xD5\xC8\xE1\'�\xD2Q1
-\xC6�\x98r\x86xp\x86\xACM "k�Ûˆ\xF5\xA96
-\xB8\xF6<W\xF0\xA4\xF5\x92:\xC0\x92\xFDÅ®\x91@\x90\x95�
-0�\xD1�O�\x8Cr[\x89\xF0d9\xAA\xF6\xE9u�\xA2\xD9�\x86\xBD\xAA\xC2�ߌu��\xDBc\x92+ߵ�\x86\xE8\xA4J%\xF3�B\x85��+\xA5\xA0%{u�.2\xBDfn\xC0\xA5\x85$� \x9A/�b\xC5+\xB5\xEB\xA8\xC4K\xB6\xEE�\x90\xA4-\xA4\xC8\xF6\xA4.\x92*n\xCC56�*\xA21\x85\xBB��O\xB0A\x97p_;d#\xA5��T\xFAn\xF3j\xB3b�\x86��\xD1T\xBA)\xBD
-n1\xE3��Al\xDC"Ax\�‚�\xB8\xCE�\xEE]�W�LPy\x83M\xEC\x8C�\x88LS\x82+\xB3\x8F�\x8Cދ^U\x9A�\x83\xB8Т`qM�X\xC0$\x9COU\xC3\xC5C\x82\xA9\x9C
-^\xB7B\xB3K\xDDï®\xC4u\x91\x979j\x84
-7`\xC1Ppk
-\xE3\xEA\xF6\xBE�x1y\x8CÛ¸\x90\xAA\xE6Ac\\xB4}��\xDB\xC0\x9D\x8B\xA6s\x83\xC4\xC0Y\xA1\xB5\xA6\x98x/\xD0F\xD4\xD3\xD2*\x80J�L\xC7�\x81x\xB7�ìЛMa\xB2\x87u\xEE\x83#\xA3\x98\xB1\x82\xEFo$\xE2\xE3\xB8\xEA�\x97\x90\xB2�\x94�N\x90h\xD7Ý¢��\xB8\x99%\xC0vBèˆ\xD71\x89�Ø“�\xA8\x87\xB8\xF9&F\xEE\xD0\xF3\xA7Ro\xCAÔÆ«�ÝŠ"\x84\xDEH\xF6�\x83s\xC7Ú)g\x8B|-\x86\xEFG\x81z\xD8�w?\xBC\xB5\xB6\xE6\xD4R\x8DHPÈ\xB8W�a\xD1\xF2g. \xEE\xC3\xF4�1?\x88m\x80\xC4=\x86@�\x86\xA8o$\xED \xF7&\xD3\xEE�\xD6
-l5Jj\xED\xF3b\xFDQ#\x99��\xB1��Pɞ\xEDd4uv$\x9A\x9C\xC4�4\xEBfO5\xD1��C\xE6\xE7c\xA5 h �\xF8|3\x96%�\xC0\xF9\xD2ϧ4�\xEF-\xC6
-\xA3�\xBAh\xD6�㤋�w�P`\xA4\x82aK\x93q\xA1*\x8C@\xBA&f�(\#\xD8\xCE۩mcs\xFE\xD0T���\xA9\xB3C\xA6\xE1ήc\xDF�%\xA5>:�;\x88\xB2b�$\xD2�كn\xFB%�p\xA0 (\xC0*\xA3�l�Pe5\xEA
-\xC3dhYZ\xC1\x9CW\xD0a��ջ\x97\x88�%\xAAł\xC5n0S6=\xC54\xA2U\xB7\xAD=\xB1\xD9\xC1J-n\x91\xCD\xF3&
-\x95e-C\xA2IQ-Q4@\xC4A\xEB\xE1�\xF3\xE2+ܽƥ|�\x8Bt�\x95\xD5tD\x91?\xA3�r\x9E<�FEy $\xF4&/:0�1\x98�P\xD5L>\xAE\x94�\xD6Y\x8E\xB3\xB8�\xE2\x95�,\x87�\xE0�#(B\xD2i\xB0l�\xB1\x96�\xB2\xED\x8Dr\xF4#dJ\x958^=?\xC8+7\xF5\xAE͇\xA469q\xB5ɚj!6|\x97a)\xC8G\x93\xC9L�^\xE2C\x84\xA4\xE7\xA6%�W!�Gc\xFC\xAF\x9E}�f\xB1HGW\xD6\xE9~\x96\xF7�\xB4\xAA)Ya\x8B\x86b1\x92\xA3\xA4\xF7\xC2B&\x82V\xB4�\x84\xEFq�kܬ\x94F\xC0M\xCC<\x90\xD4T\xA4�`0\xFF\xC1\xD3 `g�\xAD\xA4\x8C.Yn\xD1&6\xA5�\x8D\x89Jb\xD4\xEA��\xB4B\xD8�\x9Eb\x88:%B\xC4\xE4\x87`\xAA�%\xC0!'M\xE7\xD0�??D\x86\xD7[)A>y\xBE\xCC\xEB\xEFO\xF3\xE6�\xBF\xBC\xF9\xC7\xFFr\xF1\x93\xFA\xD1�>|y\xE1E\xFB\x93εv\xE5\\xFB\xA1\xEE5\x92\xDCb\x9CD\x97G\xD4\xDFjd�\xE0W�\xE0E\x8E\xD6Y\xC9ͽi6\xC8g\xC0\x87A\xC4\xCF\xF6\x9F\xBE=ś{\xB8\xDB\xE8@\xCB\xCCI\xCC\x{12DE4F}\xB5v\xA4GV\xC6\xF7T\xEBhd\xDE6�\xCAf\x80vߗ\xD8`\xAF�\x87\xAB@\x8B\xABC\x8BK¾�\x80\x95\xFE\xB6nt\xCEر\x9C63��\xC1�\xD6]�B\x97^\xC7lع\xC9b\xA2\xEF0'\xB5>\x92�0B\xA2\xD87\xCC\xF4\x9F\xC5Pk Z\xFF\xB28\x8C(\xC6-�
-f\x94\x85\xAA5<\xF1`3O\xCB�\xA2u9As)\x91\x9E\x83\x83\x90\xAEV\xEBћ;\xBE\xCCBQ\xAA�0n\x903-\xB2\x88\xB0C`v\xB3QY2n˼w\x98y\xB9�\x93UmT[\xC1"Z5'\xA0\xDC\xDE>\x9F\xDC~8ܾQ\x92\xE6\xFA`YM\xF6Y\xB0�\xC4Y\xA8-\xB4\xF5
->O�\xC5�}\xA3\xE2^\x89\x81\xA4B`�Ś \x8D\xA2�\x98\xEB\xC0 ]�o4\xB6N\xD3 \xEB��<`\xBA\x8D\xA5.%h�\x9A��\xFD\x97\xC2\xF5\xBA�\xF3%�Vh`�- b�\xED\xC5C\\x87\xE4\x8Fz\xD8)�Q\xFA \xDB�\xC5�.\xA9bFU�\xC2\xDC�E\xCB\xEB\xC5?M\xF1m\xB1\xAB\x92(<\xD59#\xF9vn�\xB5P\xCAR\xF1ި\xB8��#%MZ)\xF7��\xE3\xA2/̊��r1\xA7\xEC�8y�g\xA5\x85\xA3O�\xCCi ^\xC0:\xDCE�+\xD5�\x92L\xAE\xCF\xF7H\xCBK˰\xD8W1�\xD1h�\xAE ~\xAER\xA0i7\xF7\xF2\x88W\xACP\x81\xD6Fe/\xE0\xFE\x8A\xB0\xA7Ŗ\xE9\xFE\x82�\xEE\xC2\xF6V\xE7\xC1\xBD\x99+\xCD\xE5\xA5\xD0rTa\xEA\xA6\xD9H\xACY4\xF7�\xB8\xD0>C_\x8A qZ\xB3M\x8E\xC0\x80w\x92\x93\x{1867C7}\x83\xB6�92`\xEB\xA6\xFC��\
-L\xDA\xC1mQ]T\x9B7\xB0=\xD3r\xB5\xC0\x95r��IK@\xE8\x9D��}\xC6\xE5\xE0\xEF�c"�\xA0\x88Yu\xE0ެ\xACKK\x80\x8D\xFB?\xDC�\xBD\x84\xDF�h9\x86M\xA6\xF5\xD8 at 5[\xA5IU:\xBB\xBB\xA2\xD4�G�u�z\xB3\xA6\xE8K\xA6�ǒa\x92�\xC1�\xB6\x8BF�\xA0T\x9C\xAA3\xFC\x94BokI\xB8�\xAA\x92\x9Cj
- \xB0�\x9C\\xEA\xE9\xE0 )Eb\xB0\xBAK\xF0\xB0
-+w�\xA5\xFB �\xE4R\xE5\xB77\xD09�L\xDF�`�\xA6\xAE\xB6sl\x8B\xFA\x8A\x8D\xD3o\x8B\xE8:�ͶP��\x9C\x81\xBC\xC5\xFF\xF5\x92\x81.\xEF�\xCDz\xBB\xB8\xE7:�\xB4\x82\xB9D.\xF7Â\xB3\xF4u\xA852*,\xAD\xD1\xF6\xCBf\xD0g\x85T3]/[\xFA\xE6\x9C��i��\xC3�-\xC5ê‘„A!5HwtS*\x98\x86�\x98\xB8hg\xA8\x89\xF6\xB94a&(\xEE�\x90!\xB0a\xC5Ù®�|J\xC3Ç& \xC8lZ\xE2\xBDMy\x89
-\x82KW\xA0�D-�
-\x8C$\xAE\x8B\xAD\x86\xA8\xD0j;\xF6BM\xD0\xEBņ Űe\xAB%\xEEnU8\x9B\xD8\xD3D\xF3{C\xA4jq�\x8E\x83\xFE[\xB3\xF8 ,Lc�\x8BE�\xB5#
-p\xEB\x8B\xC2\xE1U\xDBQ\xF0��bꘕ\xF3\xF8.f\xB2l\xB3\x8Ab\xBC}\x83�\xA2\xFA`\xDA\?e\xF3�.\xE0ҳ\xB3�\xCD8f3h6\xAA\xCA0��n-\xA1\xC6
-)8�1\xA8jg\x99&�;}\xEE\xA0��TI\x9A\xFEHs\xB7�XqQiQ\xD5s\xA8\xF2u5�\xBFX\xE1\xD2ޱ�\xC9
-\xBA�v\x81{3\xBC "\xF2\x86�\xD9��n\x91g� \x91NF\x9D\xABX\xEEq\xEB\x808\xB0\xF8K\x95\xF4[\xFB|\xCD\xD4\xE7R�x\x90:\xDBm�\xC4�B
-\xA3\x96\xCE8\xA0 ofrKjjr�q\xE7b\x96\xA0\xB0\x91>x] \x98m\xC5\xE6�l�\xB3\xD3X!;\xC5D\xFEm-S\xB0\xDA��\x9Cy\xAF\xF0\xD8�y\xAF �[|^\xC0\xA5)\xC0\x9A#&\xBFd;\xB3f�\x8DGʽ\xEA��`�&&(\xC1WA{\x8A\x9A�\xC1d\xC5Ȧ\x82\xA6\xE2\xC10.�\xC5�\xCCElB�e
-\xAA\xFB\xBF\xD5\xE9\x8D5\xC8Ù\xC1Å‚\xAFles� Q\x92F\x81]X\xAF�\xB3~]\xC2�vAì™.�s\xA6\xD5 \x9CS�\xCFe\xA0\xFBaK\x99\x93F�sa�H\xA4t4lÆ»P�\xD6\xC6Pl��\xC7A\xBA+�Us�f�3�\xCA�\x8B1\xB9\xF5\xFA�\\xB2\x99�Sg\x9F$�\xBF7\x92x�`I\3\x92\xF3\xD2s-�c*0*\xA4\xC1\xD8<\xE1m\xB5a\xFD"\\xB1›Rƽ\xEA\xF43`\x9C�an\xA9\x91�\xA8\x91\xDA\xEE\xAD\xEE7S\xFF\xBEG\x87 at Lz\xAA\xED\x88>\xF9�_\xFC\xE5\xED\xA7o\xEEß½\xF9\xE6\xDD\xC7�\xAF?\xFD\xF1\xE6W�\xF4\x8B�\x92\xEE�ˈ\xBF\xBC\xF9\xCB\xDF~\xF3\xE9݇\xDF\xDF\xFC\xE2\xEE\xEE\xF6Í›o\xDF\xFF\xE6\xE37\xAF\xE5\xDE_\xDE\xFC/\xEB\xCE\xFFu\xFD[\xFA\xD8=4\xFC��\xAED�6\xC4
-\xF6.Q\x8F�\xD83ྪ\xC6e�\xA7k\xA4aJ\xD5-Ci�E\xBAØ �xSD\x90\x84HÍ‘D\xC1}.\xA2D5 =\xFEq\xAC\xF5�& �\xCAW\x98\xE6:\x98\xBB\xCAd�jw\xF9�?\xD7
-\xFD\xA7\xBF\x87\x95rI\x8AÓP\xE5\xEF\xF7\xB4�\xAAGFHF\x81\xA8%\xFE\xBDB:R\xAA\x9D\xAC\xBE�dJ\xC0\xF7�QG\xC1KÈ ���\xD4\xE3\x80{i\xC5�\xE04�\xA7N4 \xA1� �H\xB4 2<L\xC3���"
-\x8A9u�\xA2mÜ–\xC8\xC5b<&\x89\xDD9a\x8D\xD30\xAA\x97l9m
-\xBA*qJ\x9D\x84|Ò€\xBB\x90 KS\xE0Ò•=\xC6�$�\x8F P\xE3B\x94\x92-\xAA\xE8
-\x8F*\xCA
-^\x8At\xC2\xC3, at Hg��\x81W\xBB\xF0\xE6g\xDAe;´:E\x93%\xDF\xC34ZTh�;\x872~((*\xE1
-\xD0#\xDE\xC4W\xDB\xD5"2\x8C'P\xA15\x8FuS\xBF\xA2\xB9O\xA59u)\xFA&k\x9E`@IpV\xBBS\xED\xC0F\xA9$\xE6\xA3a \xA5\x80�\xCC<#bn\xCBF@\x93\xB8Lg\xB4�D�\xF7u\x81\x93Z\x95\x93\x81C\xB1`\xC0$&Be\xAD\xF2^\xD98\x98Ü©q\x87�\xD4�z\x83�\xF4�\x99\xAD\xA7\x98\xCC$�3\xD9B\xFC\xB0\xA0\xB5\xA2Д\xA3QȈ\xB5à¤\xB1\xFD\xB6%ؼm�35\xAE\xA1\xAFvM�\xBCJ�„gE\xB8\xC1\xD7\xCE`
-e�\xF4\xFA�\xD95\xD1F\xAC}뼿\xC1\xE6\xF6�1\x83~\xB0\xA6\xAB\xB5X\x80Ô‰�\xA8\x9CI\x8E\x81\xCAA�\xB8\xD0�Pjib�\xF7ZH\x91 5\xB8\xF3\xD9s\xF4s\x91"\x9C\x9B\x96\xF1�Q\xF2�\xCCd\xBDÄ 8\xF0\xD6�l\xB3\xA4\x86wS\x93?\xB8\xB3\x86\xCBÊ¡\xD1U\xA0\xBE\xBF��`H\xC4"\xA3)\xE9\xD7S�3\xCE�\xE7Z\xAB8tʇL_M\xB6\xD7\xFA,sÆ™�E%/\xA5WpM5\xBA\x80UBr\xD7T�?W%X�
-�4w\x8D [\xA8\xD4X\xCDŧD\x8C��\x85V\xCAXԸ\xD7狉\xD9 \xBF\xEB\x81�Um;N\xAB8\xA1\xA90؉\xB6>#\x9E\x9D�\xC2��%x\xB4D<yC\xFF\x84*e\x8A\xB5\xE0qE\xE8\xD3\xC4�\xAD\x91\xDA�\xA4or\x86\xCE\xD8\xD3,FE\x80� \x84��\xE8\x8E"\xE2O\x80#\x93j\xB8\xBDI\xEF\xE5\xA1H\xD9D\xE7,�\xC0\xB4\x9F\xE0\xCA\xE6\xD3\xE3\xF33�\xD0ڀ\xA4\xEA���\xD2{\x9E\x8ER\xE8w\xEC&ѴA\xA7\x9D\xDA\xEE��\x89J/\xF0\x99\xF5B!\xA0g\xC6sD�\xBC�\xE8�\xD2�\xEB#AO\xA6\xB6G
-Æ€\xA0%\xE3V:�S��pZg\x80�Ò I�\xF5T�\xDC[\xC9c~Û M4�\xF7ݶ\xE4>\xEC\xE0�\xF8Z\x83\xB5\xDB\xEA\xE4T� -j\x8D"\xB8\x80\xA7\x9B�
-E\xCD\xC1\xDF C,\x99\xF8s\x85�\x9C\xF1yd�\xC8�`\xBD\x91�T�\x97�x\xF0\xEC&\xFC\x8C;<ĆcDP\xBC\xD9\xEEw\x9A\xA6C)\xB8\xC1b\xB9\xC8\xE0�\xB9�p\xC2\xE6\xDC\xD4"\x9BLw\x96\xF2�\xDB\xFD\xA8Q\xE5ro \xFE#\x94K\x81̈h\xC2\xE1
-��ݘ&;\xF5Ho\xB0�\x97\xD4\�( \xD2O\x80R\x82\xC7mv4
-\xE4\xE3 \xA5��\xCAG\xD20r=�\xDF@%�\xA3;�\xC1\x92�n$\x93�=\tT\x8A\x8C\xAE\xCF�\xB8\x98N\x9C\xCD\c\xB0l$T\xFDٌA%��;j>�\xF8NP7� \x97\xF8\xEE�\x89\xAD\x82\xF1\x8B)\xBCgH\x97۷%\xB1\xCF\xEA\x9000\xB8 at D옊\xA7��P\xE0 q\xD4\xD0X\xDAUԊo\xA4�Y�2jə�\x9F\xB0\xAC\xB1\xDB
-\xCB4\x99 \xEA\x94\xCE[\xA1=\xCB�\xCC�\xE0\x90\xB0�;.\xB4Öˆ\xB3\xC0c\x9C�B\xD2TĦ�\�\x8A\xE4]C\xE9 9(\x96)P�\x82�\x9A\x80 '\x95O\xE1w\\xE78\xE6\\xB11\xC1\xFD\xA7�Ƴj+o W\xB9\xC1,C\x94\x84\x87E�\xDA\xE7a8Ö³g\xEB\x9A-\xEFˬ\x86\xE2q\xEE\xD8[&'Ì\xE0 =\xB1\xD1ceZ3SC1%\xE8
-\x82x\xD4l``Q�`\xE0k\x89��\xCA�\xA0
-lÓ³�N\x99\xDDRQyX$\x92Ðœfbw\x87\xFC\xA8\x8E\xBE\xB5uL\xB2\x93\xB0\xC27\xF4\xFF\x8DA?\xEF4S\xE0\xCE\xC6S\xAA~\xE1=��L\x990\xDCÊ \x99�\xDD)$×€��\xA4\xC0a\xF1;�\xFF\xD0LC�\xAEp\xEAT�$\x89�YYC\xBC\xCCU\xD6t\x81�-\xBF\xE6\xFER\x9A#v�F1A\xB2\x9FŃ�'\x8C\x88�\xA1\xB3\xCED\xEC\xC0\xE1��\x9B\xAA^_�'\xF7�-\xDE�|\xADV\xCB\xFEYB\xFAsQ\xE9\xA3k9Xu\xD9\xED�^\xFF}yj?\x97�\xFAgI\xF0Lt\xCEK\x8C\x88ER \xFA\xEA�*\xFB)u\xD4.\xD3;\x9F\xC2\xF6\xA7?`R?S~g\xA4\xA6n\xE1Ü”\xBC\xA3�\xDF�\xD4Y\xAB\xD1\xDDX\xCDMl΢f\xA6\xC8�lp\xD8�?p
-\xA6�#\x9BG�\xC0@\xDB\xD2�}9j,\x9D>��Jm\x80\xE2A\xF1K\xE8lF7\xC5\xF1\x88�S\xC9\xC43Ë\xDC\xD9+\x80\xDDS\xA2$h'Ó‡\x96#\xE3nd�\xC4 at h\xACowp\x9E\x8C\xE0\xA6\xD9P\xF3\xE4\xDC\xDF��|\xEF\xA88\xF7:\x93\xE3\xC4�\x8A�\x93\xA8\xDD\|\5\xB8Ù¸�6�%\xF8\xBB��\xBDm-Dp\xF7`\xABf;\x95Õ™\x81\xF3\xEA9\xF9\xF2"\xA8Phc7Ç© �\x85#~\xE1\xC8A�c\x97\xA5"
->/v�z(S\xE9\xBCW=Pp/\xC2|\xDC<\x8BBN�-\x9D2 at g\xF8�8\xA0\xC0�7\xA2�s\xE8?=`�f\x89\xC2��\xE3\xFB�"\x89\xE2\xD2y\xD3@\xE4\xF2�\x95\xEB\xB5P\xA2_�\x8C;xD\xC6\xE8\xD7Hkq\xA9\x91;�\xC5CL\xC89s+�\x92�\xC5V\xE9g\x84o\xDC!�\xA8\xF3\xB5\x9B��;l4
-\x9C~\xC8:\xACD\x86�&`Eq\x88\xB9KÖ”\x808L�4\xB3je\xF0u�\xBE:\x82=mp�i\xC0��s$�!j\xB2\x8E\x9DN\xCD\xD8)\xDA\xCB\xE1O\xBE�c\x87\x8Aï¬\xA3\xBB\x9F/V\xDF\xC8\xE2o\xAB\xA9L b�\x8A\xBD<�59I\xA0t!`��\xAF͘{\xA4QN\x81\x88)�`\xA7\xAB\xBCz�\xAB\x80'\xED\xF8*`\xBD�\xB8\xE6A�"Lm�\xD8:\xB1i\xA4H\xE0(�\xC6\xF9\xB1\xF4G�7\x8CÊ\xFB\xC2\xF0V\x9D\xDA@:\x81�\xF3l�y�DS\xC7�w\x88-�\x94\xFAS\q�9-ZK6\xA61?aM\x99�xy\xB8\xF7\xA1\xBFZ\xC4\xF7�o'~5MA1\xCF�\x94\xE1\xBA\xFA<:>\xEFa\xD4
-\xBC\xDEF�\xBEK~j\x91\x8C\xF7�`�\xD9�\xBD.\xC6ËŠ{\xA5h�\x81H\x90�\xB6#&~FH\xE0
-N�}�=\xFEQ��\x90���s\x90j\xA2 fD\xF5
-\xB3\x92q\\xA6U\xF6\x9DE.\x89{� \xD6̉1qOH�\xD5_\xB97�O4,8 ]�\xE0\xED\xA67\xEC\x93P\xD4\xE4\xF1G�`\x92;\xC1\xA2\xC4,è³ÉŒ� �\xD0*\xD1\xE2\x91\xED1%vѡ̽\x9B\xE6\xDD7\xE0\xFA\x89\x91YPp\x9E\xEE\x8Fn\x9C\xE6�0\xD3K\x8E\xA2\xEE\x9BB[J\x88�\xAA\xA31\x81\x82!_�\xF6k\xDC�\x983\x9A<\xD2\xBA[_"\xA6j\xC1\xBD}0\x8C\xCA\xE2�\x9F\x99 O\x94\x84\xEFd\x84,\xAD\x85\xC4a�Õ£W\xE8\xF2\xA1\xB0\xFA\x83\xA4Ve\xCF��\x99\xB6�fЩ\xFB\x95I`W\xE3\xF2\x81\xEA\xE6C\xA0g\x99\xAC�\xB0\x9D\xA2\xF9b\x89#3\xBE�X\x8C\xBC���K\xA6\x90\xBB{v\x92\xA8\x84\xBB\x8C}\x82�b\xED�&0\xCDg\x80\xF1�\xF4q�j�-\x9DA�\xB5n\xE0Å‹\xE1\x85G"w\x8F\x87��\xA8eX\xC7M\xCD�\x88L\x8Ah\x8Bf\xC0\x98'S\xDCse0B2k�\xC0Ff�h\x9EŸ\xAD\x99O&\xC0\xC2�\xCD\xD6O\xF5�\xD5\xDD\xCCh\xD6-\xD5\xC1t�1\xEE1y0"$a\xB8\xB7g�5\x9F\xD6T\xA1\x84x\xAF\xEE\x8A\xDC0\x83\xC1��P\xF7�\xE4\xB8�f\xA1I�$\x80\x9D\xF04M�4Ä\xD2i \x94:�É\xE4\xBCL��\xF7_\xA1\x{163ED6}-�}\x93\xDD�Ò\xD5Q\xB7\x9D\xA9\xAD{be\xB04\x85\xE3\xC44
-�\x9E>\x99�r\xA9\xC3A\x8Cn\xC8 .�AR=\xB1u\xEE\xF8\xE2C\xB6+c�\xD4-A\xEBA\x85\xADd�\xC2ÌŸ\xEE�\x82\x9Fe\xAD�\xE5,\xD9\xCA��'\xE0\xC2(\xB5&\x91\xAB\xAF�\xBC�'Md\xD5!"%\xBE^\xC7ͳ\xE3\x9E\xF7��\xC1\x95\xD5�\xFA'\x9E\xC7\xE4r\xB1$\xD8F\xCB�\xE449¤y\xE1r\xD8M\x93\x9A\x87\xD2.U�\xFA\x8E\x80g$q\x86\xB5{�;D\x90\xE9\xD2\xE1s\xC4绨{�\xC9Ó*�S5nȦ\x80\xB8Û§\xF3\xDA�\xDE�\xFD\xCAÉ–\x9Fe2\x8EÐ’\xDC,Z\x91\xF34\xA45��\xC9P��hF\xB1\x81\xA7\x8F#\xA9\x91^+\xC4t\xF5\\x92Ö€�\x8A\xE9\x82T!p\xF1\xD5\l2\xA1:\x95#\x92\x82\xB6/}Hb>+gL\xE0\x988\xC3\xFB@\xD2U\xEE\xE6zy\x86\xD6`^\x81\xE9U\xD1\xFCȨ\xCC}\x81z%*ug\xE5�\x99V\xF0<\x99}/� \xE2\xB6n
-Ñ”��+�\xA3%\xFB�\xF5SD�\xEB\xF4å–\x91\xE4\xA2>J\xBCSc\xEE\x8D�\xFDp (\xCAb�
-i\xD3\xE5�\xDF@\x82\xD1Q\x96\xDAB\xB3eTw\x83\x8El9\x8F6\x83b\x8A\xB28\xB5M*\x97\xAC\xA6R\xE8\xA8N\x96[\xA2\xA9J\@\x8FvԜ\xB3\xC9�`\xE0\x83T\xA0\x81V\xB03[eU2\x9F/jk\xF1Z3\xFE\xA4T\xE0\xB1P\x8F\xDA�\x84�W\x94\xBAJ\xBE\xFEE2~h″Q\xB2\xAF\xE0X(\xE6\xF1�\xD0$\xF7x\xB44\x8C\xCC*'�\x9A�\xD3p#\xCE`vqbdF\xB7˲$$\x96\xE5CF\x91j(�\x97۽�c\xC1�@\xEC� \xC4S�\xA2&\x8E\xF4;\xDA�6aM�\x8A�ӱ\x87\xE8\xB4�\xCF_\xFB\xC3}E��=Yfe� \xD1t:na\xFA\xBE\x80+\xCB\xF5t\xBF5uf\x95\xF9iO\xE0��D=�I\xCF\xD0W\xE5
-\x90m'Ya\x95\xF726}\xE0!\xA1\xB5�?\xAB\xEFl\xCFa\xFA\xB1\xB4\x9C\xE88}sx.93�\xB3E\x85�0:PI:ciR\xE1\xDB3\x8DAs\xBE-\xA9NJ+�&\x8D\x83\xC7j�$�\xDE\xC1\xA8\Y=D\x9CI\xACJ'\xFE\xB6X�Lc~q]\xFCY\xF7 P\xF3\xA2Y�^\xA8!<\xE5\x8B�\xB1\xDE�!DϦ2\xF8yY6\xE1Q\xC1j\x81�0[\xAC\xB1d�\x93��w�JqҼ\xC7\xDDY\x8D\xCCw\x90h$\x84\xB4J�\\xA3!\xBF\xA4\xEA\x99�}\xFA \xC33�
-�\xBE\xEA\xED�\xE0]��\xBA�o�Ĩ\x80\xEA�g\xA6\xA7\xC3I\xE5�$\xA1
-\xB3�Û\xB4\xA6
-\x8B-f\xFCϬd\xA7.rK<D W\xA0]E\xB6_%B%s�N�\xEAZE?\xE7KZ2\xC0(\xE6\xF5\x92ç\xE1Yz�\xA3\xE4\x85\xFB\x98X-\xCFA\x99\x94��Ţ,\xA9\xFA1\x83QGxO\xF5\xDC\xCD\xC0\xF8u\xF5`\xF2Q*I�\x8C\xE4$\xB0f\x99\xB0\xB4~dI\x97\xAC\x92\xF9m�\xEE
-\xDD\xEC֢ǣ5ԪZ\xE0\x84J��\xCE=Bs\xD0A\x83\xEAO\xEA�\xAD\xBB\xF8C\xAF�ӣ&\xC0\xC4s\xD59\xE6\xD5\xF3)dLO1�\x96\xCEJ�(YC0/�\x81\xCCͥ\xE5\xFF\xF2Θw�io
-\xA7\x9Bn�Y\xF5\xC0�Xj1\xF8\xFCV\\xDE�;\xA3\x8Eʹ\xDE<;}\xBE\x97x\x86X-k.�˥=�غ\x9B\x91D\xB0k
-\xBA1\xE3\xB5D�D\xA4^?\x96\xEB\xC8\xF0\xD7*\x98\xF5+\xA4\xE4�\x85\xAC\x9E:\x81(\xD0&\xC0\xB6\xB1\x93V\xD9\xEE\xE5 �X(\xD2\xCD�\x89\xF3Wo\xB0\xE5Bڦ\x87\xBD�_\xADw\xE6\xC6k ��\xD1-\xCA*\xBB�\xD0pO\x81\x93\xCB\xF0D��\xD8\xE4�
-�\xED~+-%k\xED|\xC5.\xE7E�r\x97\xF3�{BDŽǶ?v3\xBC\xBF\xE2\xDDÈ—\xEA\xEEx�`v\x9BFI7\xCF�\xBBuc\xE6!E\x8B\xC4s\xE58\xB9l\xBAu\xDBb��Q\x8BG\xC5+\x81M\xC2#Ú\x85Z\xA5���Z\xF4\xC7V\xFC\xA73B�\x84w\xD8Bb\xBAt\xB0��p\xCBq�\xF1\x82��a\xC6E\xC9\xCD6ÓŠ\xE6g\xC5\xF9\xDD\xC8F\xFE��k\x8C\xBB\xC1\xC8%\xE1�\xC1��v\xB3/ �\xC8,l\xA4%�\xFD\xCD�\xBA\xB6\x80\xAC\xFA1\xE1\xA6\xFC.:\xC4$\x88\x89���f\x8F\x89\x912\xFB�uR�\xD2\xED\xE5�\xB6
-\x88�\xF0}W�\xDAZ\xB8 �Y\x94&@q VÚ&\xBA\xE0u�Cu:�\xEF\xF4rq\xD3"o}�\xE1ã’ \xAE\xD8}\xBDXU\x81:\x82\xACle\x9D\x84Ø\xB1\xC1^:\xAC \xFAnh\xAA�K| \xD6GX
-j\xF6\xA9\xBC\xD47\xF7@\x85\xA6i\xD1Vv\xBA\x90\x92\xA7\xAF`�^�\x9Aj�\xB0fVTP\xE5\x89Ô\xA9\xBF"\xE4\xC28\xBB�F\x81 DWU\x87-\xBC\xEEs\x90)P\xEE��\xB5��\xC7\xFC�\xA4\xAD\xD2\a\xDE+'\xC7�\xF8;�\xF7h�D\xF6\xBE\xE65U�\xBE�\xF6\xBD\x96\xFB"\xC0Ô‘-�\xB6\xF2]\x9C\xF2^�p(\x96\xB6�\xB8\x9A\x81P�d\xF1\xBE\xB0\xFA\\x9D*R�\x83\xD8{\x80\xA5\xDB�\xA4\\xD9�\xA3\xAAZ\xB6��\xA9n\x85���p"\xEE�D\xFD\xF86\xFFU\xAB{#�`�V\xDE\xC8R^\xA2\xBAf�\xEA\xE8"j:\x94\xCF�\xBB\xB6Y�\xE4\xDE\xE99C\xD4�$\xAF�\xA1\xD7N\xBD5\xAC\xEC@\xD4w\xED\x8B \x9B\xA0�\x94V\xB2Wg@�\xA3Ê’eBp\xDDY!!\x99\x92b@�\x8E\x93 $.{ˬ\xE4Pg\xD9RnkT���"cB��\xBD(z\xF0ia\x89Ï”\xCBf\xA3\xCC��-:\xBBDm>\xC1\x98\\x9D\xF2\x90V\xBD\xD3�\x92\xF6º\x9BZ\x9B%S\xD0e-ϸ�È®fD\xABF\xE6f\x9F\x91!\x96N**\x85\xB8v\xAC\xB2QX\x90'º\xCA�\xA6\xAF6\xD5��h*PC�\x80\xC1+\xCE\xF4\xBAK\x9FA\xA6�\xF0\xB6\\xC1O&\xD3
-�h�#\xD73@
-d\x91\xACs\xE3\xEB2b0m\xE93Q�\xD0,�?Çž\x84\xACR\xB8\x8B�\xC1�\xBCPJLLC�`\xF2B\xBA\xE9\xB0�,l\xAD\xA7\xBEAß\x86
-D\xBAm\BD\x98\xF8\x8D:\x85eMɾ\xB8Qh\xE6\xDC\xD1P���Sڽ�\x96\xF0\xD3\xDE�\xA7\xDB\xCDy\xA6\xA7\xC0\xEB\xAC�\xCB\xEB1\xF0\xB0\xB2*\xF2\xA4^2g\xDA\xE9L\xB0\xA0q\x9D\xE7fq�\xD1T\xBA\xB20\xB7\x88+*\xB0�Km\x95@
-�b\xF9\xA9\x9Bl\xA0\xA8\xAA\xEC\xADà¢\x8AR\x85\xAArt�"X\xD6$�\xCB\xFDqR�\x87q\xA7\xD1]\xE9]2\xD9x7\xB3\xF1\xDBd�\x86\xD8\xE1 �4\xE4\x9F_j]m2\xFDE56�\xA5\xA7\x94s'z\xC0�%\xF9\xBD^\xE4(\xBAL-4\xD6ꬪ%Ѥ;\xA5\xC7\xC5\xD5>\x94+|B\xA4\x85\x88#\xE7\xA7M\xB7\x86\x80&\xBC��\x96\xEA\xA8�\x81,\xF4)\xE5=c\xBD\xA0 at M�\xE6HX\xF1\x97\xBE�V�\x87fѤ]\xEF�\xD4\xE9=\xC1\x81~\xE9T\xEDTH*A\xA5[;\x8D\xE0\xC0\xC4rm\xD9�K\xC0��‰h.��k\xA9\xD8=\x9D�\x84\xE0Z\xE9\xC9 G\xABm\x95T\xE6�\xD7\xD5t\xEBq��\xBF��&C\xE6�\xAAmmZ\xF2t\>0\x80S\x88�B\x8BƲ�\x8E K\xEA\x86�\x91\x95Ep\x82\xDAi\xCC;Q�ο\xD30�
-s?���LÅ\xD8ɪf\xBF'�\xBA\x8D\x80Y-/�j\x8A��\xFA
-�\xB6\xFBdy� "\x89;\x99N}~\xFEq\xAC\xFE�<\xBC"Z \xAB\xA70 at ps\xF3t\x91\xAC3.3\xCB`�Ð\x81z0\xCE\xF8|I\x8C.\x88\xD3Ì«:@\xE3\xA0H\xB5}:\x81\xBD%Ì\x9A\x96>\xF8\x9E\xE08 \xAE\xBE\xF6\xD93-Õ˜
-`�\xBC\xB3y5\x82 :`\xE3Z\\xA9 G\xE2 \xA9\xD5\xCFm޳�\xC3Z\xD6nf�\xF3\xBB\xC9\xF1|O\xB0�S@\xF9\xA4$x\x8C\xF9\xD2G'\xC0Ƭ\xDD]\x8BR�\xF0�3}K\x80\xAA\xFB\xE9 \xA8�\xFBt�\\xCCf\xF5=\x8BE\x95��7�\xC38�w^\x8A\xD4\xC7n\xAC;\xC4\xD8\xE3\xEE\xC5\xFE\xA3�\xF9\xF3\xF3\xE3\xB2\xE2R\xF1\xE4x\xB1�\xD1!'\x85/�5\x87-\xF3\xFA\xBE\xD0\xA0\x9C�\x90\xE5\xE7%S��\xCB'\xE3\x9E}\xF1\x9B�.Uv\xB8\xF8\xB4HF\xE3F \xE2ĩ\x9B�\xA0\xCCL\xFA"�0\x97~�\xC0DZU\xED�:x1\xE4\xD5\xE3\x89\xE8\x81�m\xA9\xCF 6\x95\xF7 ӑ�0\x801f�\x81\xE6\xC1+\xEA�x\xE6 (\x81Q\xCCm\xF3\xEA\xF9\xC7aC⎡8\xD6\xEC�p��Cn\x8D\xF3\xD8
- A\x90R\xBAq�\xE6�<�\xC9F�E$\x9B�^�\xEB\xD5L\x80g\x9F\xCF\xEE�ͫ�YJ\xF2{B�\xFB*0\xDA?�\xC3\xFF�Ԟ�\xD5>\x89\xA3j�\xC4\\xE0`,\xF2P\xABU\x80\x9D\xB5D\xB52\xF7s�\xE0Ω �\x86 \xD5=\xDF��k\xA4(\xBAx\xE5�\xBD\xCA\xE9\xF4�Ӥ\xF5\xF7\xA9\xABw��\xD5�@\xEA\xBF47\xC8\xC3ʤE�\xDC\xE3\xE9�\xF6ԮF\xE6\xD4ضD\xD4\xEDΑ\xB7
-\xDD�[\x94\xA2G\xAFM�\xB3\xE1\xD4XWmz\xEAJ<l1Ͻ\x9Bm\xE7x\x99�\xBF:\xAD \xC3{\x82\xBD\xBAy\x81
-_\x80(�+\xF6�\xD4^\xD8]'$Ó\xF1v�F\xF2\xF2&\x98:@�p\x9DcV\x8A\xB8\x9A\xC1\xD9Q`�SV\xB1\xE3��\x82\xC7�몼\xF8|\x88\xE6�\xB3K\x87\x84\x998\xBCÊ“\xF0\xDC\xC9hJ\xA2mÚ±q\xC3\xDD\xD4\xC9jWr F\xBC%\xA7t�;\xDAA\x9B\xA1%G-\xAA
-r\xA4\xA5�\xF9yZT\xC4���:\x8A^�Rh \x86\x84\xB8
-M\xD1\xDC\xD6�\x80�
-\xA2\x8D
-\xBEAB\xA5�[\xC0�
-Cz\x9A\xF3\xC48XKQ\xEB\x93 x\xF4H(cL\x9C��\xC1`
-^8\xC0D\xD1\xD5h•\xED\x8Ct\xE9�\xA5
-\xA6觀\xEA"\xBAX\x9E��E\xF1\xA10\xCAz\xC0\xB2\xE3>�u'ڣ:B ӡ\x99\x85\xCC \xD6u!��\xBE\xCF\xE8\x85�U\xCAj>\xB1\xC9b\xC9\xD5�r
-&d�ÌJ2\x85È€\xF0\xE1v\xD7xlQ\xE3[>\xDC\xFF$\xDE\xDB\xF1Ý„w�a\xF6\x90r�?�\x9C\x9Ds\xBD:\xF5��X_U|\x89-9:�\xAF�\x96\xBD`st\x97\x86ÞÍ”\xB8:vB\xA0�:NFAh4d\xDF�t\x{1780E8}\xE0]L\xB4j�E�\xA9*f`\xADMQa\xAB\xED\xCC�l\xE5\xA0\xDB\xD1X\xFBt\xDCÍ’�\xF4�-g\xE1�\x99\xC52�J~Z��W]GV`nO\x81�\xA32\xA6L\xC2\xDAh IÒ‚\xF2\xBD\x83i�`\x85��RIN\xBDx]\xAAN;\x83;\x90\x9B\xB7̸\xBAu�\x8F\x83^L\x803\x8Bh
-\xA3r\xA5\xA8\xAE\xEF�<\4\x9D\xEC\xD8S\x90\x9D\xBD\x85\xD8CJ�\x9A\xBE\x9C1 at u�\xB9\xC0\x8D*@\xD4s\x99~6\x9F\xCE\xE0\xB8h4��\xC4\xC7#\xD8�Q\xEC\xA8AƜ<\xF7\xCAO>~\xB8\xD7���\xB2\x95\x9F<\x9ERfd f
-\xB8b\x80\xA0\x80'y,\xCDa5z\xE5\xAFiÞ°\xC0\xBD\xA93�k7\x97Ù·\xC6䟿z�'\x91\x9D\xB5�cX\xEF\x9F�{\x93 D\x8E�\xB74\xF6&@\x94\xD4�\xC4e��\xC6�+�\xA5\xBE\xF4Ì°�\xDCXX,X� %7k\x80`U\x82X\x9E\x91�\xC0\x83-\xC5��d\xCA\xE0�\xC1\xA38\xE5\xDE\xC6j\x9Dt\xEFÉ \xC3\xE3�Yc\xE8\xC9��\xA7\xE7�c\xFC\xF0 \x9BWj\xCA\xC1(\xC3DK\xA72 \xA2`\xB2\xD8\xC0b\xF1\xCCz\x88\x9Fzov\xEC\xF2 \xD5\6\xF0
-eM\xDB\xEE4�I\xDDZ\xF1\\xBC�\xD8*2(��\xF2e\xA7S4GC�"�\xB1YZ\xE6\x99�d\xF6\xF6`\x94\xAC�`\xE7\xA7Y\xB2=\x801�\xE8}W\x9EN\x8C\xF6�4%*\xD6�h@\xADZ`T\xA4c5�\x81 S\xA4I\xD2K$0{\xD3%w\xF5H7*\x88\xA4\xCD,\xB2/\xAC\xB4\x90\xC7\xF5qߋ\xD4m\xAF\\x99Nw\x97\xDC[Y\x97\x87 \x8C\x8Azj\xCD�\xFBҼvl5�\xC6�p\xDCjQ�\xB6�\x8C�\xA9\xEE�X@\xB4ޒ�\xF2\xBB\xF5U{\xE9-\xFFPA\xB33\xCEK�\x9F�?\xBD\xDFTݜ\nn7M�\x85\xB1\xC0:\xD1\xEA�gYS}c��\xCA\xF06�Ւ\xBD_q\xD4H^5\x96\x88\xEE\xE0'{�p\xCB�\xC3\xE3Wv\xBE\x904\xBCq�\xE2w\xDA\xCEA\x92\xADE\xDCA\xDBƜ\xEEBX�}~z\x80\xCE~\xB2\xAEΆ\x9F,�G�ͷ\x96\x82\x91\xC4\�\xFA�\xD0\xDB\xF7D\xFA���\xE8l\x8F\x88\xED\xD5\xC9\xD2-�Q�\xEA\xB9\xC3i3K\xDE\xD0QR4�Kӡn+�\x94�02\x99\x82�6%\xD1�\xAF\xD5`î=ӱm\xDD�c\x94Ċ\xEF:@\xE7\xA8W3ة�
-a\xF6\xF6\xCEL�`\xD8q7\xCAm@\xB8\xD94\xBDa\xD0OG\xE9[\xBAx\x84m\x9C\xBF�Ó•\x91`\xF5\xEDÛ�=r\xAB\xEF\\x95x\xC8\xD0\xD8\xC1�O\xA6\xBB;c2�\xA8Z|\xC0{\x82'\x91\x951\xA1Ò«�cT\x8F \x95n\x99\xB0/V)`L\xA5_\x9C6lzF\xC9C;kv�\xA7�'+\x95\xC0\xEA\xC5\xF0\xB2�M�b\xBB\xD9\xE18-\xDAH\x9E\xBE\xC2>\xD7\xD4�\xAA��\xFCX'\x97��BÄ8EvscÝ\xCFS,\xC4\xE6ɽ=\x91\xBA\xD1\xF6Q]\xE12\x81\xB3/:\x85\x94ff�.:\xFC�R_��MY\x9AÓ°_�K\xFC\xE6\xE8.\xFEv�v\xCARI/'\x82�\xEF\x85\xE9B�@|l\x8E�m\xDE,f\x97�к݌\x82\xE1a^\xE2\x9D\xC7\xF7\xE9+\xF0\xDD$\xE1\x83C\xA8\xE1⽃\xC9>�X\x82�'�\xAA\xA2.\xDD\xE7\xA7F;x\xF3(\xE3\xABQ7\xECb�\x97�zm�E\x8E\xA5\x8A7\xE3\xE1� Ñ·+[�\xE4\x83\xD1\xF0�'y�"\xEF\xCEt\xD8\xFB\x9B�Zy@\xFD~�bc\xB7\xC7S�\xCFZ\x91\xA9\xBE\xB1C\xE8!\xA5>�Ov1#;\xEA\xE9\xB0H�\xF5�%\xC7�\xA6\xAFf~y�P\x877<\xDB\xF7\xC2o\xA5�;\x8C\xEAU\xFB\xE7~1v\xF4\x93\xD6f\x8D\xB7\xB6\xDD,\xB1z���SÚ¡Ï‘\xB8};�Id\xFD\x88\xEC\xBD\xFF$\x93l0\xF6\xE0\xF9`7\xCA\xE4\xFD\xE5<Ô³\xA2,\xEDq:\xCF�g\xE0\xDED\xB9�\xDE�q\xDCWÖ¸\xA6UI\xFD\xEE\xE4c\xFD�\xA2\xBB�\xE9zDO\xF52\x89\xCD\xF1\xBD\xEF\xA4\xF7nr-\xA3ai)�\xA60x2�\%Z\xBE|�\x99�#Ñ®,q7\xBC\xE1�\xABrʳvv]\xA7\x91\xA3�\xA3\xE1<\xA9\xB1\xBB\xB1\xAB\xEDh\xC3\xEE\xFE\xA2~\xB0\x92tm\xFB\x88 \xA8SÑ€L\x9Bo\x90&�\x91V\xCDx�?Þº�\x94\x9C\xEB``YPi\xAF\xFB L\xBF\xD4\xFA��\xC0b/\xA1\xEEedw8\xB6
-��?\xD5�Y\xF3v�h�\xB1H�8\x99\xF9#qY^\xEE\xB2$�)g\xE9\xE25o\x84YK�]:4D\xDC\xFDPBb\xA3\x9A\x84\xC0\x9A��+"\xCB\xCD\xC8\xF7Í¥$ÈŒ\xB2\xE2N\xBF\x90\x87\xF5\xC2\xC0\xC1�\xCA!\x91_B\xA5`\xC6l\xD6\xCC\xCD�5\x927D\x84mE�5��\xBD\xC2F5\xF9`\xE1 \xEE\xBE�\xD9\xEB��\x8F+��eP,&\xB23\xB0kG\x8D\x96\xC3�\xF4]?\x9A-Ó’\xB7+�`b\xA2C�\xAE\xEAV\x92"\xB9\xD7\xC2�$c�E�4\xAD\x83V*\xF2\x97Q<=i�<~\x92�\xD2XY;x5\x84\xB1�Û»%\x87�pzG\xDA4\xD9\xC1gK\x8E\x8B\x8Ase\x9FÄ€2\x864y�Mf��\xD0Û®f8��\xD8)\x9Fi\xAD��\xB7{\x90aw\xDB\xE2h(\xF3kl�\xF92;;\xBF[�\xC2��\xB0\xFBu\xD3�+@�du�6�\xBD\xC9\xEB.w=\xBA\xE73�\xF36\x81tH�s \xEA\xC1\xA2\xAD�y\xBA'\x84\xE5c]\xE9ydk\xB8\xD7Y�kkH\xA9\xD2\xC8S\xDBR\xDB\xFD\x95\x8A+\xBF\x94�gp�\xD9�#\xE5\xE3|�\x9B�J\xA9\xB9H\xD1U�\xDE^�̉u7\xD1\xCEp`K�\xA5f\xB4\xE2!�\x98\xEAÝd \x9C\xF1-\xD7H\xC5\xC3\xEAL��+2\x83\xC6\xFEp;\xE9S\x8A�N\x92\xB52Yu\x9Cme\x84Rv\xBE\xED�_\xA9\x87$\x87\xE9q\x96RM�Ê‚�\xC0^\xAA�\xA1\xD0r\xA5\xEC\xA5:�I\x9DÖ™\xA2$\xCA$+\xA9H\x958Y(\x8EÓ³~T\x88$c\x96rN\xA0H\xCD\xC2F^�<\xBC\xAC.\xAA-e�zE4\xA8�\xD2\xD6��?\xA9\xFD\xB4\xED�\xCD�`\xF7\x80\xEEV\xEB\x99]\x8A\xEC^\xA7\xDE�\x96\xFA�I\x92\x87er\xD1�ߎ\xD4�
-Է4^\x83�\xB0\xBEvs\xB3\xB0TnJ�\x8F\x87\x8BkVo'ڌ\x9F\xDA\xE7ŤCF�#\xE2�L\xA8\x92\xB9\xA6@ 25B\xA7/\xF5\x85v$d\xF3\xC1\xEE\x91;\x93\xD5�M\xB53[\x8B\x98`\xE1ck\x96{uF\xA1\xFD\xDCi)\xB0\�\xAB\xBEH0\xC8�]熓.\xAAO�\x9E\xE4\xEEZ\x8A\a4ltT�S \xF5\xAC~l�\x90\x9C(w+�\xC3�y�0\xD9
-/{\x9B\xDFmXR\xF0\xDEn\xB33*\x90.q��"a\xE8�\xA7\x8D\xCD\xF9i\xAA\xBB\xCDjT�p\xF7\xE8\xD5T)�n\xFD<\x85\x88zWZ�\x88"\x93%u齌,\xE8V\x84Ѐ#\x90�#?�m
-\x9B\x8B�\xEC\xCB ��A\xCC
-~��\x90\x87\xCC\xFA\x86�æ\x9FVn\xE08�w\xB5\xD4 H\xA1y {P\xC1[mSJ\xF6
-`d\xABr\xBB\xAC~¦\xA6�\xE0g\xAA2\xB4J\xED\xC5�<\xAC C$\xE5\xD5`'\xDE\xD9|��&&1á½}�\xFF\xD3~\x97tT\x99u\xE2\xB2UfÚ6)+4\xABM\xF0
-�4wK\xE6h\xFDJ\xEDA\x93\xCD:U@\xE5ÍŒ\xFC\xAF\xB0\xD9Y�\xCELÛ �H \xBD}=\xDC\xCF \xC3.U_f\xFF<L
-Y\xABH*$NZ�b\xCE\xD9?\;c at L\xBE\xB6V\xA1\x816LK\x84V 1\xB0\xBAxj\xE3\xE6\x86�J\xA8^A�]v\x8B\x99S\xD0\xD6\xD3�0k\xA4\x98��\x9C\xE2bft�\x8B\xC666J\xF4
-6X,\xAB\xFA\xFE\xA9\x90eԽ\xEC\xB2�\xC3]f�\xE4ݺ\x85\xA2\xECIy\xE9{(�
-ov1Q\xDDne�L\xDEx\xC1*J�\xFC\xEDO\xDF�-f\xA5Cu=6\x91\xB1(>{\xBA\xB7\x8F�\x88>00\xDC\xDE�l_\xAB\xF6Ñ‚Z\xBC�\x9F2{\xAF9\x8F|Q4La\xBD1\xFF\xC6T�!\\x9D\x8DQ*�Z\xF6\xC8�k\x8D\x82\xAEoÅŒ\xDB\xDE �jGF\xA1�#Y\x83Õ\x8C\xC3+�\x9D\x91\x95�h1\xD3{��\xAC~\xE4\xCEƨYJ�a�\xD1Iqk` �+\xCFd\xC3&v?>\xB4 \x95j4\xECec\xA9}`�\x9DE\x80\xF2`\xFFR\xBA]\x8B\x87w�\xD7A�j\xF6\xE0�i\xA30�m�×™\xF0\xC2\xEC1A\x95\xA5Ü¥ \x86\xD7 at SK\x86}\x9ED\x93\x85Ѭ
-K \xDC\xF1\xE2b\xD6t�)\x9B\xA9\xE2�\xC0�t(#\xB2\xD7Ú—\xA2,�\x92\xBD
-Ⱦ9\xC5\xC4 \x8Eۧ�o\x84r\xCA\xC3&\x91.\xF0]\xC3nqT\xF7\xAC\xA8S��\xC8\xC3� v�(\xCB� n�\x84\x9C'�-vE\x8C\xCAs\x84 \xF3\xB9Ek�\x9B7`\x85�\x9D\x8FRigJ
-\xF7\x8B]Y\xF76h�7 �\x8A\xAA\xF9C6\xAA�=�\x98\xF6\xA8\xD4ܲ\xB7\x90\x98ǚh\x8C{\x9D\xE3\xD0\xF6�\xCER\x8AO�\xD4�\xBD{\x91
-�\x90\xC9�s\xB8�\x93\xE1��-*�\x80\x9F\xA5]�\xA4{cË\xAC"\xEDc�#\x9Cw\x83�)\xD2�x/\xEB#B\xD6+ at 0\xBE\x83\x88\xD3�\x8B\x80\xA9n\xE91Y
-\xBC
-\xAAa�X\x82\xD8\xE8\xEA\x95Ò¼\x99\xA5Ê–\xCCcC�+�\xB2\x81\xDAAT͇<4-\x8C\xEB\xD5Ë\xFE %l;\x81�\xA1iR\xEB�Ö¡\xC8\xDCU\x88\xFC@\xDB\xE8�KD�\xF2\x80�\xE6zH\xC9\xEB\xC2N\x98\xBA36\x80\xE4�&\x80\x99F6\x83S\xB9\xE41�2\xAA%\xF7h\x89Bׯ\x82\x89�\xF6\xB0DU,�\x86M1\xBBiL/�&\xF1:\x8C^\x9F\x9E�\xADA\xED\xDE�\x932p6\xDB
-\xB4\xC9\xEE%�=\x9BPî…o\xD7\xF1�u4\xB00�\xF1V\xEA\xBBO�{\x8FCg`�\xB9�\xD4\xD5d�\xF7\x8B;Ms�\xAA1\xA6\xEA\xC5�\xA6\xD73\x8Cf\xED\xB4�vU\xB8
-[\xD6\xE8V{\xCF\xEE\xF4\xFC$�g\xC6b\xC1\x83\xAF��X\xEE\x8E�
-\xD2V �\x98<\x91\xBD{�0$?Ь1##d\xDDh\xD5_�.5rZ\xBBK@\x89!\xCC\xF6i\x96\xAF\x8C\xD0BԮ\x92�\xB1U\x93\xD5\C\xF1\xA2x\xD3\xF3��\xF3G4>\xAC\xD30C'\x83\xD8\xDC3`)9r{[`\xE9\xC2\xEC��\xBD\xB6G\xF3\xD6fj��\x8Cuߤ\x8A\x84z:\xD9
-(G7Ôªi\xD4�%\xD4��Ê–\x8CÍ\xB3%9\x824^�\\xBD\x88\xA12\xFAk\xBBT\xB2\xBEe/\xAC\x86\x88�b�\xB9\xB0�H\xF3��\xCF\xF0\x93:0\x91\xBD\x9BrꬶA6�w\xBD�\xE1\x9D\xDE\xE36\x96]\x89\xA0\xFA�\x98"e�\xA6~\xD8\xE8Q�\xAB'\xE4\xAA#�J�\xE7A\xB27`E\xD3\xD4W\x86Yz'\x97\x89V_z.' \xA4�\x90�\xE8�Y\xA6o2�P\x81\xCDS\x95��\xD6t\xB2-\x86\xDB\xCE\xC0vUH^\xA8\x91\x97\xA8�݉'�\xE1\xECmz\xBD\x9A\x82$\xDFf\x96Y�\xA8\xC4"\xF7\xCEz\x85�;\xADY\xFB\xC0yv\xA8\xD8{\xAB#W\xE6 ;\x85\xA2\xCD\xE9M\x853�\xD1i�c���\x83M\x99\x99Ô\xD5!\xBD�G\xF7\x8C�L\x8BV}�\xCE\xDDM\xE7�<
-\xB3p\xB4)\x84�)�Å8\xD7\\xB8\x94#5\x98\xCAU\xDD �\xBD\x9BB\xAF��\xD3 P�|Z\xBC\xC3 at 1z&\xD9."+\xBD\xF4\x98iy\xFDlm�\x97�\xC7\xCD>\xEC\xA5t4�\xBC\xB1\xFB cŃ�v\xBEP\xFF�#,\xA3\xA9Wt+\xF1�\x89F\xE7\xF7\xD2\xEF|X\xD5\xE4
-!\xA5)`\xDEi\x83\xAC\x9D�\xDD /\x8Er�\xF6\xEDh{\xFE\xB4\x80�\x9D\xEAe$�\xD6
-\xE5P\xD7oÔ«9\�\x81�d\x9F\xAF\xEBg\xA5\xE8\xED\xC8\xD7][\x90\xA8ܘ\xE8\xF9\xB4\xAE\xDF�MÅ›{��, \xCD��:\xBE\xB5\x9Dj\xAC1�ų=\xF8y\xB4î®UL,�΋\xC2>�\xE1\xA2\xE9\xD5\xDC/@~�, \x82�\x93\xBD\xF2\x9Dg\x95F\xD6` \x81\xD6F\xF1\xD1\xC2 %]>v\xBDÍŠ\xAERÓ‹\xC5u\xE9\xF8�Q\xCBN\xD5\xC4�\x96\xAC\x87\xBE��\xB3\xBB3�#\xFA\xED\x8C\xDDP>"�\xDB:p{>\xA8Å‚\xE8\x9D\xD9�\xA6�\xD6o\xE9f\x87B\x8El\xF54�\xD9p2_\xEF\xE7W�Y\xA9\xD3{:f�\xBD@��b2\xDDÅš*c:\xDB\xC1�kF$�\xE3N�\xA3�\xB3U`HD7�\xABX\xC1\x8F[z\x83�zn\x976%\xB8`�J\xC3\xC5�r�,cÔ½\xB9\x99M�\xBD\xA8]b"\xB6 \x99\xB4\x9D\xDCo\x89S@\xC4GÚºL\xACz)�z�\x82'\xE5��\x9D\xB3c\xB8s\xF5\xE9��\xEC\xC2*%\x88b\xE6!`\xE1\x89\xEA��\xCC\xD8D\xA2�\x802\xC1(\xD0+\x80\xA9\x8EE�\xC3 \x89\xA5\xB6�ܽ&t�\xC5\\x83w\x9E\xEA\xBBs\xC0\xB4\xB0;\x92n\xEB�z1\xB5vX\x99^\xBC\xB8�E\x8B l\x9F�t7\x90J\xA2\xD1dÛ´\x8EÆž*<�f\xE2\x92\xC2\xD2\xD8�av\xD0@\xAC\xBC{\x9FÑ®s\xD2M\xE0k`\xE1\xC2\xFE\xB2\xECy6MS\xE22\x8EA\xD2�и^׶`P\xA7\xA8\xC5
-V\xC7r%\x9E%\xAF\xF7\xB2FT\x85V\x8Dn\x99\xEE\xEBW\xE1\xF6
-\x9B+L\xD4
-F�\xA9lM`\xE2^F\x9E\x81\xBCW)\xB8\xF3\xE0j.\xC7H\xEA]⪢\xEBP\xF7:\xEE\x9A\xE2nI\x89\xFD\x90\xAC\xD1Y\x90N𞹕=;\x91�\x9BJeXa\xAC-CÞ¹\xF71�vkH�t\xD2�\xA9\x94\x87�$o�\x83j\xC7DFÓ•\x8F5\xFF\x8D T\xEB\xB8Ñ|\x81\xA6�\xF6"�\xC4�\x96 \x91q\xB3\xD7��\xA2\xD8*\xC7e\x8E8\xFA\xE3齬2�!\xB7\xEA��\xB3\xDCÕ¤\xA1\x9Fg{\x88�zQ\x8E\xDDE\x9B\xF6\x9E\xE7\x86y�\xD06�{Co\x8B �\xE5>\xDC\xCD+\xD9\xE0\xE8\xED1L�\xE6 l\x91:\\xF7\x92tr�/\x94PCt\x96nÏ“\xC7\xEB�\xA2.\xE9"�\xA3\xC7b�\x88�\xB4<\xD4\xC1�\xF3\x9ASbs�o\x97\x8D\x82\x9D6��V\x97\x8EI^\x936\xA3k^�\x877P\xF9\xD1�`\xB4\xA8.7\xF2]d \xAD\xEA\x832v�'\xCE>?\xA0�\xE9� `\xB5�\xA7\xB8q�\xAF�Û‘\xD6:�\x96;�;\xE6G\x88,\xF2\xB0�\xB7�l\x8FJz�\x8D�\x92g�\x93
-(\xFD+\x80Gb�doH3\xDC3�\xD0\xCE\xC5\xD6�.��\xF68\xEE謊K:%s��b\xA7\xB6.@�\xB0b\xA1S[k
-x\x8Eӈ>\x80s\x80\xE0\xE5�\xE8>��\xC7k\x9B\xAE\x99�o�\xAC\xA7\xC4o\xF5\xFA�TA\xE3! \�\xBB\xD1f\xA3y;\x98��L"\n\xF6\xAA>\xC0�\x9E\xE5 B%\x89^\x80L\x96�F\x80\xE8�\xC8d\xBF��\x8B\xBB\xD7�|Z\xED\x97e}\xDB\xE4\xEE:\x865\xB7\xE4o\xF1B\x9A
-!\xEDP�\xCF�\x82\xD8v\x8F\xCEi
-\xCC+\x807:Ov\x9E\xDBU�\x83ָ7�\x83d¡י\x80�\x85Df\xD3T\xF4\xCA1F\x8E$�\x89�\xE5\x98\xDB\xE6 `\xEF\x83ڼ�_-LufU'�Z5Q�z\x9C\xB7v\xA7*\xE0a�U��Ȭ�
-\xD3�p2-z\xFB\xFAۮw�v1\xE9\xE2\xC5Ѓw9�`%\xBF\xAF\xDEh\xB1U�\xEE\x8B^h\xA2x\xC0Ķ�\xB4\x82�{f\xA2\xA3\xAA\xD7
-\xFAP[�"�\xFB6\xB4\xE3\xB5\xE3\x818>\xB9w\xBAv\x8D�\x95&\xFE�\xD7+\xBD\xFCl\xCB\xDEf%\xC2\xF3\xA6@�\x8A\x95{w'\xED\xE9�
-v\xE7��o\x8D\xAD6�\x89\xE4\xA6a9\xE1&&K\xDEG\xA3\xD2ͺ6M5Zja\x9BHD/\xB1\x87\xD4��f\x97Z\xDA�\xDE\xFB�Id\xE1PB\xB2\xED\xF0\x8C\xB0뉈\xBB\x9C\xB5%\xF4\xB1/\x9EO\x9E�8$�\xB5\xF9y\xF6/\xDC\xE2w\x8B\x87vÞ»\xD2K\xA3�e�\x8E7j\xCB\xD3e�\xC4\xEE\xE8\xACÈ«��D\xEA\xD4~\xA9j\xC8\xC2n\xFD�AM\xB2 \x95tN[�p Ö°�.!\xB5\xA3^\xE2K Y\xB4T v\x81\xA8\xB6#\xC6\xC2.\x80\x9E\xDDR�\xBCMzv�h0\x87\x90\x9F\xAE\x83P��\xA9\x87\x97\xB5��6\xBB\x94\xDD\xDD\xD8//9\xE9\xF1�g\xE5BO\xA2\xE3\xE3\xFA`j�Ãt
-\xB5T��o\xB8\xB4\xBA2IJN\xA9\xBC1\xBF\xA3\x95\xC3\xC36\xF1\xB1\xCAS
-\x83�LP7\xF1�\xE9\xD6_\xA2\xAEw
-\xDB\xF9\x97�0r'\xA5\xCD(\xFA\xA3RC��\xCC&\xC5hJ\xE1X\x96\\x82\xED&(6VuӹAzlRm�2\xCE\xCC\xFB\x84[_p\x93\xBD\x88\x8E�]\xE8\xA4=\xA4e\x98\xB5`�\xF8�\xB8�7\xB5\xE8\x8D %\xC2�d\x95�\x81MV\xEE<\xF6�
-\xAF\xE6\xCBݤ4 \xF7\xDD\xF6�\x85)��\xBCV\xFE�\x92[\xB0l�\xAC!\xD9`\x9D֩\xCF\xEEE[\xF1:!^(\xDA\xC0U%\xA3\x96@%ĻL\xB5\xE0m\x9F\xB62[Y\xE1\xD4\xF6q�\xD8F\xE1\xE1\xA8l�]׺�\xDA/&*J/`A+\xC1nE\xA1_X\xB3\xCCByP�\x8Dm D\xEAo1ϒ
-\xAB� mkP\xA8Y\xEA\xF3�\xB69\xE8\x88 \xAD\xD9\xF5\x82q��\xAE�\xEE2]\xF1\xC1\xE0\xB0
-\xA7\x9E�|xpj>Д\x89"\xE65\xBB�1�\xA2\xA1\xABz\xF3\xA9O6�\xFC\xAE�)\xF2JS\xD0ϰ�\xAB�v\x85c\xB5�\x90\xB4\xB1B\xCC��\x99\x94\xB1\x80��i\xBA7m\xF82\xC0L$`\x87\xA5I\xDC�vd\xAC0\xA1\x98:K\xE9M\xC0\xAE|\xB3\xE0\x99TD\xEA\xB4 0ɿVO \xE8\xE2cP\xEAL\xF0�\xBD\xC2F&\xAD\x89i\x92u\xC1 \x94I\x83Y.q�&{\xC2\xEF\x96^\xD2\xF7�!\xE9a\x97\xD3i\x96\x92l\xAF\x95\x9A\x8F:j{\xB2\xB0\x92�Gy\x9F\xF1\x88r\x8E2��\xEA�I�\xE4B�\xA3na\xFF|\xCE\xCE۲wc\xD5
-^\x8Aa\x9F/\x8Ec`\xAB�g\xFC�\xFB\xD2ak\xD1c\x98*\xDB\xC1Z\x9D)\xD3L\xDA�\xC0\xBA\xCCZ\x91(\xAFJ\xD5�\xD6\xC0\xE4�\x9B\xADI7\xB1�@\x98�\xA1\xDAp\xD4-\xD1\xC5\xC0\xCA3ù\xB0�\xB7\xE6e\xA0\x82ŗ\xF1\xF3,?��<_\xBB�\xE5\xC1\xFD\xF9\xCF�\xAE�x:�\xA5hj\xF7\xEATыx \xD0}@)S�\xAB;\xFBt\xAB�u\xE7�\xC6Mv\xF6 \xC9\xD2\xE28 at J\xAC\xA7 at 7E\xB0Z1\xD7VdcUfj\xA4C%\xFC\xDA\xDC_\xB4\xABb\xC8)vq\x90\xC5L\x9EV1\xF2\x93\xD5)#\xAA�\x96�\xC3\xE8\xFBc\x81\xBF\xA7\xB5\xC5�޺�\xCBF\xD7\xEA\xF9�\xC9\xDCj8\xF3\x83�C\xA4;\xBC\xE3-�\x8E\xE4y\xC0\xF5\xC2I\x99\xBC\xE2Y\xA1\xCFk\x97\x9B�\xB0\x8B\xE0,\xDD&@�Y�6\xE2Iy5\x92N\x86\x97$\xAFA^\xB3\x97\x9A\xD9A�B\xA5�\xBD\x97\xEA\xF9\xE1 ;,A-! \xF4^�\x88\xE9\xBE�l�z y\xEC�\xF4���\xC1N\xAC5Y\xD6j1\x8Ft\xF0�\xB7\x95*\xC0V\xC4�\xDC\xDCKH\xE2�a-\xB2
-#l\xF7=\xD4Bk\xF6\xF9\xE8}r\xA2\xE5\x84\xE0^\xE4\xDDh�\xF2� \xC3{\xD47\xEA\xCF\xDF\xFCz\xC0\xD3-\x93B�\xCB.|,o�\xE9ܪ"�p�\xD0Y@\xE6�\xEB\x81-\xC2R!�1�\x81�\xC6X\xA9\x92\xB3\xB5L-\x87B$4\x9D\xD6ⱥіӹe\xA2��PW\xA7zÉ#I\xD0\xDE�|\xB3R\xF6 \xA5\x91\xD44oRV�*-[m\x80\xCEZ�\x8C5\xF3��5y͡p<\xCB�\xE2ŵ\xAD\xBE`\x99@\x96\xF1\xD4Fǵ^\xCB\xF5\xDAl\x99�ŘI"K[Xo\xA0\xC21.s*\xE1\xC8\xED\xFD\xF9n\x9Bb\xD7�\xEF\xC0l\xDE\xC3\xC0\xB6̻4\x86\xDAZx\x90ؔ�B �
-\xD2\xE3�<F\xA7�T8=\xD6\xE1\xF8|Q;+\xCEM\xA7\xCF�-^\xB8�K c,"U\xF1\xF3\xBA\xB3\xFA\xF92�%\xE6R'M+\xD2�\x8F\xF2\x8DƲ\xBC\xC2\xDDVs\xC3E �\xB2\x93\xF5\xF4\xFA\xB3\xC5j\xDE\xDBr\xC5\xFD0ʎ\xF8\x89\x8B\xB0\xFDZ\xEBҀ\xC5\xED�T\x87\xEB���\xB6\xFB\��z\xEF*�e�\xF6\xBC\xE2\xD8�\xF6iP\x99\xC1\xC9D��\xB9'L\xF6\xFC+�\xB1\xA7t{�Z7\x83E\x8A\xAC\xDEJ'\xFD\x82\xF24$@�\xCDy2\xB3L\xEB\x8EVB:\xAE\xA2\x89^\x95\xAB\x98��\x85.T�\xAE\x88\xD6
-ޖE��v�\xC6\xDBɺT\x9A\xEDvGH)n\x89t\xDE`\x9EDn��E\x82\xB52\xB5s�]J\xD0\xECS\x9Cq\xB7\xE2\xA8�\xC8m`ꨘ\xEE\xD3>\x8C\xA4\xA0\xDA\xE5\xD3Vk\x8B��\xD4\xC3m(\xB3\xD1W�N\xD9Q\xEC\xA2\xF2$��\xB6\x98G\xC6/E�&\xAD\xD5��\xA5�lpW�\xB2�%:Q\xC9\xDE-c��\xB5\xD5ԾW\x80�\x97\xEBQ�\xB0T\xB8\x91��M\xADТ�t\xBE1;@\xC1\xEC\xFC=-wҀ}�q\xE9\x93\xF3\xAA�\xA6A\xD0~\\x8A�\xCCaSx�\xF0bT\xE5�E\xCA\xEEp�<[Kfۼ\xE2Ja�}}\x89\xE8&\xA7\xC0\x89Y\xC0\xBD�z�U\xC8l\xDDm\xC2\xE8h[�\xF7\xB0\xD3\xCC(\xE5��\xE7�\xF6\xEB6\xABWm\xAF;�\xF5'\xB53*\xA9%Xqi\x88\x89=\x9A\x9CJ?lX\xF2b\x88R'\xA3\xD4z\xA0j�\xEC^ӓ\xF9\x9F^\xCC\xC2\xCDH�`d_\x99\xC1b�\x94f\x82\xA1\x8D�\xB3\x8B\xE5�\xFA \x95C:\xE97\xAB#ɻfR\x9E\xE8 \xFB5\xD1+\x99=XH\xD6\xCAyPA\x93�yW\x8F\x9D\xA0\xDBH\xCEv\x9D\x89܊|E\xB0\xC3ыz`�\xEEsN^^ZV%0\xE4-{\xDBY�w\xA2\xA2\xE6\xF6c\xB6\x99R"\xF3\xDAd�\xBA\x97Ϭ\xBB\xA4\xCBt\x86
-\xA2!\x95�\xDC\xE7M�\xBCT/\x98q\xF1�\xF5\xE8\xB5Ϭ\xF6U\xAA+�\xC1\xB31�\x95\x82�D\xF2\x9A\xEA"i\xB0\x96I\xC0\x83\xC00\xA0\x9D\x9C\xBDp\x86�R\xB0,a\x8E˦\xAF\xC1Kӗ\xE2u\x91\x82\x99�
-\x88Vg\xF2n\xAD\xECq\xC3\xDEHÙ\xEC]�\x82ǃ\xCA}\x99r\x80b�?\x9E'\xAD�\x9A<`@FÞ…\xCDX��-v8\xE3�\xC0b?\xDD4E�A\xC7*\xEC~�\xCE(ߦh#\xAA#\xC1\xB1\xD2I\xCFXO�\x82FY\xC6�\x97\x8C\xEA\xF0\x97RN\xC9�J\xA7\xB1\x966n\xF2v\x95Û³W"\xEAh\x98�\xCF,;% \xDFE\xE7\xEB\xFE\xDD��p\xF4\xFE\x97p\x8Cj\xB0\xB6�\xCF��Æ\x9D\xBB>Q�\xA4\xC4C�Kʤ%z�\x9C\xA8\x99�\xF6\xF9\xE8}�v�\xA0�a\xA2Ó…\x81\x83Z\x9E\xE4dB;�r\x80\xE8Q8t7\x96tt�B\xB9(\xAC\xEB`,\xC0\xE9\x94\xC8Ê“r�\�R-\xC6�s\xE6\xA9�\xE9��\xDC�\xE6K v0\xF7WR@)\xAE\xA0�/�"@�3\xDB�u\xCAn��\xBD\xF6\xF5\xF33H\xA8\xA9lqz\xCE\\x93M\xC7\xC0`\xA3\xC9�\x81\xD6n\xC0�V\xD2\xC1\x87\xA8�p~>x\xA9I\xEEw\xF4V�\xD1Bb
-\xC8,\xE6x\xA8[�=f6\xBEt\x8D\xA9x\x97E\x8D\x821\xEF\x82�\xCD\xCA\xE09\x96\x9B-\xC1Km \xA1�\xFBdy�\xDE��{ 윦ί\xE8E\xB0=\xF8q\xFB\x8D\xF2\xF4\xB6�\xC9\xECQ\xAF�\x9E\xDB{՛\x83\x89\xFD\xD1K{\xE5\xE9\xF4/z\xA7\xB3�L\xD7+\x98\xE7Q\x98s\xF9&O\xF6t\xA0*\xE7ςYB\xA4\xB1\xC8g
-\xE8l\xC1\x82c0�\x8F\xD1RíˆcF|p\xD1/O\xF6O�\xC1\x9C\xA4 &\x9A\x87\xB6r\x92\x87\xA7\xFD��\xCFy�0YV0o !
\xC15\x92\x93\x81\xED\xE6a��\x90p\x8B\xA0È’�B\xD7\xF9\x8E\xB5\x96\xCF'\xAA\xF5\x87J\xB5Ý\x9C�\xFA\x94\xA5u¾\xB5\x90<ÜŠ�\xCC\xC8n\xC0m{dlc���\x82\xA4 �\xA0��7\xF4\xCF\xE6~te\xC3\xC9\xF4\xF9
-z;\xAE\x8Ef:\xA9\xA0\xE7\xF6\xB8�\xAF\x89,\x81njjB<_aדe\x89'\x99\xADW \x8FȄ�`d\x95\xFD\x94\xA9\xA7\xCB \xBE�l�\x91�\xBB\xAA\x85\xE8\x86(\xD9\xF2\xEC�\xE4.�\xE4\xC1nU�*#�\xEEv>\x84\xA2\xEA!\xA0qj\xB7Xɻ\x98+Z\xAB�\x90\xA9!\xD1섶X\xDB\xC1ܼM\xBB\x80\x87Wx\x95\xA0\xECW 3�0\x99L\xE9`/!\xAD�d\x82)Nd\xEBYa�\xC1\xEA�\xC9�\xB5\xAE\x88u=T�\xA6\xA7*�6\xD8Ь�\x9C\x8F\xEAv\x98\xA3\xED.�O�J\xB4�di\xE3\xF9!P1s\xF6Ըhii\xFC\xFC\x8E7Wg\xB0\xBDX\xF6�\xB1\xC1;_\xE7\xC2�aa\x97\xF7_w2X9�\x9C\x8B�}L!𢺓T\x9A\xA4�\x8Dl\x8A\x9C\xDD�v\xB4/\xE5dn��\xC3[\x97w�\xCD\xE8rK�\x9E\x81�\xAC�\x84
-�\`�,q\x9E\x83'8F\x8F\xBAL\xD3�\xC0\xE2\xC1\xA6\x99vڡ\xD4n\xF0{Scl�e\xA44<�3�\x9A\x95\xA7\xDD*�!#�\xA00�G\xF7\xD3\xEEdFh<�\xF8\xD38Ȫ�]�S?\xD4w.\xE0\xAEi\x97\xC4�\x870\xC0\xD4<\xBA$\x9A\xF7݀\xBB\xC2t\x80\xA95Ip?ũ\xEAB\xF4��͌��\xD88\xC6\xD8\xFE\xD4�\xDD\xE5�%\xEC\xFB\xC1\xA0\x88b\xF7Z\x82\xC3A& \xCB}\xDEv\x82�\x9E\x86\xA7޸‘\xA4\xA8\x92?\xBC\xEC\xF5\xF7\xEC\x88\xDD\xE3\\xB7\x85�\x9E\xD65�t\x90D
-\xE0\x8B,t\xF6T�\x8Ar
-mt: 9A(3,4\xAE\x98\x86 �\x86\xAE\x89'X>\xEF\xF9\x86\xAC\x8F%/\x90\xB9P\x87=\xA5\Љ?\xA9{4s231_\x9F\xF2FbY\xE2�\xFF\x9E\xA6\xF8\xB4\xB8�@\xEFM\xC9R�
-\xFC
-`҆d\xD6T�O\xE6 \xA9\xA3\xF4��@A\x89\xAD\xEC*~j^�^�ܘZ\xF5b(\xD1�N\xE8\xBD)P\xC6\xF4�\xDF\xD5\xD3N\x83�sIr#�e�7�,p�٢\x97+UoR\xB9{I�0\x92k!6>˒�\xB2\x90{;\xB5^홋;=\xA7J\xEB\xC4\xF2\xF9\xC3E<\xE67\xA4\xED\x8Fʎ�\xD5\xDDl\xC8G\xE6\xE7�϶��uPz+\x98%\x94\xAAk\x81�J�\xF6�\xB0pUrJ\x9C\xAAW�N�\xF2*@\xE7h\x93
-c*f`�7�l"3�\xF7\x96Q\xF3B\x81\xC5\xDD@\xBBB\xDE�3t-\x99
-Ȏ5\xCCI\xCA�F\x9A\x8A\xBB\xC8�2\xF6��\x8D\x89m \xEFD\x90]U;t!\xCA\xEC\xF4\xA8\xF9\xE5\xE6\xAAM\xF9\x90'\xB5k̦\xEC\xA7h\xF7�K\x9BoE\xAF\xD3|x\x83c\xB4f*^\x8B\xE3 at L\x8A\xE5\xFB\xDAـ�v�gt\x95\xA8\xF5\xDDs\x87\xE2p<\xF8\x85S9�U\xD89^\xC7%\xA3\xD7(\xB8�\xCF5�\xE2\x96o\xC5l\x97\xFCK\xE5\xA0\xF3RN\x97\x9Dl\xE4^ \xDE�y\x98GMm�X:j\xF8�u2S\xF1\x92\xF2\xC1
-�\xD8*Fj�\xC3MH�\xF6,2\xA6a\xA5\xE4\x85¢\x93\xE9g\xDA>�\xF8\x90\xF0�\xE5x�Y\xA4C\xAA\xFD\x83\xA1%\x97�\xD2!\xB2>%/t\x9B\xACt��\xE6}�\xF8�\xB2Ɣ\xE2\xB6�S\xDAm4\xE2\xB8F8\xBC�\x98\x81\xC3ɻr\xA7x\xC8�v\xBCӦ�$\x93\xAE\xF1J\xB3
-O)\xA6�)\xC0\xCA$K\xF6\xDAN\xC1��\xA5C\xF6L
-�\xA5\x9CX\xAD;\xC5C\xCF��\xD7\xE4\xF3\x8Di\xDDn�\x97\x8Fw\xFA_\xADP\x88�\x99�[\xBC\xCEn\x9C^\xDA)[\xD1E�@\xC0\xB0{d7\xB7i\x99\xCF\xF8G4\xF3s]^�\xDC 6g\x8F\x98\x8A\xDE\xDBL\x80 =�l,<Q=\xFD&n\xC9*k\xA2*{�P�.^\xD9U&\x8B\x85\xC9\xEE=\x90\xA6�`\xECE\x8E\xDC^ث\xDE:,\xFA\xCF\xC2\xC5cؓ*\xFE\xA8\xB2\xA0�\xCEm�\xA2WuQ�+\xC7\xED�\xD3\xC3k\x90]p:%\xEF\xF7C
-\xB4�ZÝ¥p�T\xFB\xB1�pW\xA6e�\xFD\x93\x9E�\xFEV\xE0\xD6Õœ\xBA|+\x8A\xAC\xF2�f\xE2M^\x82fRZ\x8C~\xD8\xEA�\xBB#bÖ¬\xE6t\xE7\x81g\xE1\xF2ꑱ2\xC0च02b'\xEB�7\xCB\xD45\xE0\x84\x89\xA5\xBA=K\xC8\xFC`\xC9\xE8\xE8�\xD7\xD6�\xAA\xF9\xA5^\x91\xCEC\x9Dj\xB6\x86F\xB5\x98\xE5\xDA\\xD9M\xD5kg\xF4C\xB8\xAA\xB2\xFB\xC4\xCAzn\xF6�\xA2>Y7\xAB\xA0Øœp\xDB\xEA\xD5\xEAP\x96.Uw\xEE\xABi\xBC\xF8\xB8\xD9k1\xE5�Ûª�B\x85�\xAE�F&\xC2�L,\xDDS\xA3Ss\xCAw,+\x9A\x9A\xCBsÃœ&�\x8C(\xAF4<\xABUE\xF9\xE0\x95>\xEBf��\xA5\x93\x87\x97"\x90�\xF3\x9E�i\x8B�yW\xFEr?\x96\xAE#\x8B$2\x93\\xB8\x8FW�<\xC8�tfv\xC3#2�\xEA\xECR@ _\xCB�}7�,\x9E\xC2ܬ�\xA3s��-\x9D5�S>TZG�O\x81M>(o\xC5'�k\x90š#\xE7\xC8Ë”\x85\x8E\xB7\xDAa\xE6Ý„|\xBE@\xF2�\xE8\x94,X�\xAA\xEF\x96 \xD9S#\x86Y\xEE\x89 \xBB\x9A\xB9\x96N�O�\+\xE6>\xA5\xE8�R?T\xEBO\xD1#\xF8/\x8E\xEC\xB1,\xA8\xAFkp\xA6&\x95\xB7�{\x8AQ\xB2\xE8\x87\xDA���×\x92\xE6\x81Btf@\xA4\xE8JN7�!'EO\xCB\xD8\xED�ÅŠhZ\xA5\x97Sb\xF1\xD09�L&\xB3<\xA4\xC6\xE8\xEC\x86f\xAC2\xA6'\x84`v\x89\xD8å¥UN\xF0"\xAC-\xB3�Ò¡ \x9EǧE\xC60�\xCA\xFB\xC6]v\xA0[A
-P\xE3]\xBF\xAE8��gi\xDDr\xDB\xF1�\xB0VHK\xA7DN\xCB䒱\xAB\x9A\xCA{yUS\xAC\xAC|\xBC\xB2\xF73\xDA
-=m\xC7\xE3�\xB5�\x8B\xB7c,�WS4\x89\xA9b�\xF4.\xA2\xA8�\xE4\x8F\xE7;\x80\xD1:?\xAD\xB0�\x80\x81\xBD\xD05\x80�\xE7b\xF0Q\xD9MVi�\x8D\x9C\xDE\xF4I%>\xF6M\xA7e&%/\xEF;\x8F\xF4 ]cm�\xC8\xF8�\xD9\xD0�\xB5nj\xEC\xFD\xB5���\xEDK\xA7g\xA7�\xEF\xC1\x91\x9D\xDE�#%vw\x96Bh\x9E\x80\x91ҡ��\xE3te\xAE&�G�Yr\xA6�\xC0\xE8a�z\xEFD\xB3^6E�9ػ\x9Bg\xB4\xBCH^|K\xDB\xFA\x96-H3\xB8o\xBA\xF1R\x88Fa۹\x81\xEE\xE6�\xECl\xF8V=dP�\xF0\xAD\xF1>\x82\xDB\xE46\xF6\xA8\xD9Ef\xAC\xAC� v\xE0\x89\xE1Ik\x9CM,�"\xA8\x93�ɖ7p�\xA0j
-Ö¸[$\xAC\xB0\x95B�.\xAD\xB2�8.�oo
-�\xA5Ó°\x84�
-�gV\x9E�"\xEF\xBDz�\xE6�\xEC�\xD9\xD5\xCD&\xC5kQ\xEE&\xF52�\xD4 \x99Û”'\x86Sk��\x8Ef\xBF]EFL\xF6\xB9:Wß\xECÆ\xD7[&\xBEN7\xD6m )\x91k`\xAE\x88\xE4\xDE\xEFݪ\x8A�<a�\x98ÅÚ¡\xAD\x95\xDB��}e1\xEED�\x81�\xB6\xF9\x8E\x9Et\x9E�\xF3kd\xD8L�]\xF5\x8EGtB\xA6~he\xBDi\x8F�\xE9l�\xE3\xEE\xEB&\xAF �\xD7#\xD0\xF6\xE7e\xB5\x9C\xF4\xA6\xE1F\xF4\xE9!{i\xB0ð�\x83H\xD3�r c<88�l\xA1\x9FQ9�om\lÙ‚\xC0\x9D�\xED\xD8iF,rF"\xB4):\x8E\xE1d%�yWÏ´H\x9E *��i\xE2�ÌŠS ÍŒ\x88\xEC\x90\xCF{\xBA\xB8\xDCj\xB2F\x8C�$*6\xE5¾\xD9N�&}�R\xD81\xB9\xF26�\xBE�icF\x95
-\xDD�\xC8 \x93\xC9\xEE\xF1\xE8\xABÍ\x9D�\xA3\xE7�f\xF1|\xA7\xC9\xE3\xB3-\xE7\xD6\xC7M\x9E\xED\x95Vr\xF4\xD6\xEB~Pvg�y!�\xC4͉=1eR\x9E/\x9A\xD3\xE1Pe4<\x91~�fÝŠ;\x8C4\xBB\xEE\xCF\xDEL\x9C\x80\x951\xD0 T\xB6\xFE@\xB0\xB6\xBC+\x84\x94\x9Cè„—7\xF5\xA8�i\xE7шlL\xEC\xD7{\xC7$V\x99\xAFW&`�#�Km\xE5��\xD6"�4slK\xBF
-\xAB\xC5�\x83[\x86r$\x93\x8D\xE1\x90Q.�s�\xABf\xDEW \xC7I.\xB9�Ϝ݅2\xADy\x8D\x83a2\x9An�\x93u@$\xD0<.\xEE\xF4\xE6\x99�oGv\x9Dnz\x85\xC0\\�E\xFE\xE0�\xF5#u8\xEDѧ\x93\x8E\xA8iÒµ\x9E\x84H×™\xA5\xC9)\x8D\x84[\\xAD\x93x\xAC\xEC\x93�9\xE0|�nnW\xAF(\xD6 ��\xCF5\xEF|q\xE1P\x9Cn[\x92\xE7wvX`%\xC1\xDCݼ6�E�\xC4:\xC8�\xDC\xF3G{\xD7\xF4�\x8A\xE2\xC9C3\x87ivI\xFBxc3€\xD6\xEB�\xD3w\x80]\x89\xC4\xE7�\xEBÜ°\x9A�|\x81-\xEE1/?�\xF7vx\xAAf\x9E�QEM\xA0t\xA2W�HD�\xD6\xED\xB3\xF7\xB6\xB1\xDBM)f\x98B\xC9�Jq\x9E�\xEC�\xAA\xC9VE\x81I�\x828�\xE8\\xC2A2Q\xE9\xF0�\xC0\x88h\x88\xBB%s\xD1\xC4s\x8C\xEB\xD1\xC0�Ç\x89\xD5I\xAFG\x89�\x99e\xC8\xEB \x81\xE5\x80\xFE7\xF8\xDD"Ve\xFEe�\x89 �B\x82\xA3\xBC\xE1S\xF64�q\x97#~'3+)\xA2J\xDF��a2\xC3>\xC5��\xA0а\xA0�\x84\xC7p\x92u�V\x9D\x90 at K\xD8\xF1\xA6\xA5c\xDB\xE7+]\x9C1\xEC\xE6T\x95!\xBBq� +\x8D%\x9A"B\x8Dl\x80F
-#^ľuڼ\xE2\xCE�\xD7 cr6\x94(\xAE\xF7Ȫ�\x8A\x81e\xD7&\x90\xA0\xE0ɨrZݦ+\xAA�P
-g$
--\xBC9�x\xB7\xF7d$o\xDD%\x8A\x87�+\x9E\xF6:\xD4�Hބ\x8F˶Ț71+Q!pT\x96\xD7�\x87�i��UL\xA7\xB7\xBFЀ{.x\x9A\x99Q\xF84*\xCFC,\xB1�\xDC�."�\xF8\xD4c\x9BM\xCF\xC3J\xEC�#|ix~[bt\xBF\xEC\x82\xE8\x84\xCCdH>\x87\xC9RS5\xB1\xA3\x83\x9Cz&\xAAD\xBA\xE5"R\xEB
-\x88\x98[9t^\xFER\xF2��GY"B\xD6�\x9E\xDEi�
-̫\x93zo�\xB8��H(\xE9ђ\xB4�x\xBF\xA6��$\xEF\xA1�\x9Dv}Zɵ Ե*3
-\xB3\xF9�\xA1Vz:H&\xA1\xD2�\xA4\xFC<;\xA6O3\xE0\xDAʔ\x83\x85J;\xB2\xE3�";a�t\xE3y\xDAo\x92\xFB\xB0- \x9E\xEC��\xCD\xE2:�\xF6\xEA\x9DU\xB5\xE0\xFAN�\xB1,\xBDc\xEB\xA1*�Y\xAA\xE6l\xDEX\xB3�G\xC6e��㙻e\xB1\xFA\x8B\xB9�`\xC2X+\xC0F]Ks\xE4
-\xC8F\xBE\xC3\xF2D\xCE�`\xB7ݬip \xF6U�\xA8×@*\xAC\xE3 eI\xBA\xA7\xB3!�\xDF\xD5]\x91b��$�sr�\xA7;1%3Õ·<\xFB\xB3\xD0[S\xF8uJ\xCC\xEFb\xAE\xE7\xB1Ö“,�Z\xD9nj\xAD\x83R\xF4\xA2k\xB7�6�\xBC\x90\xE7�\xEC\xCDϵE S\xE7\xA2�VO!\xF4\x8E\x90\xCAA23 \xB1�*\xFCϽ2[@\xA9\xF4qWwP�\xEA"\xD4Y\xD2%\x9D\xD0�\xD2�7�m\xFB\x88\x8B7<cm\xA0\xB1J\xB6b\xA6\xA2AÕ¶\xA2�\x9E�\x85
-\xBF\xC1\xE7\x8B�\xFB\x93٢‚\xE4K\x9A~��9\xB7r*9\xC0n�Q'3\xA6\xAC0<\xB3\xC1&+Jhkd\xD0\xC5\xC9\xCD\xD5V\xA4Æ\xEAdÓ¯\x8B\xF5j\x81\xDEh\xD9\xF4>\x98\xC3N%b\xCB\xEB-\xB0\xE1R<\xC4Vj\x99 \x92?\xE8�\xCDkc\x8B\xBE�\xE9\xA0��\xBC\xE5A^\xD4\xC3�\x96\xC89\x82\xB1P�jP\x87É°{\xB4\xC4\xF8\xEF�L\xF2\xB3��c2dgуT\xFB\xFB&\x9E98\xBA\x9Ek\xF0�\xF0\xA0n\xC2\xE8\x97\xE6\xDEFU\x8D���4oC\xBD5\xAE\x86�\xB5Ë–\xD5\xF9Е\x99\x91s�LT\xC2�s\xEDnN\xE9\xBBpOf\xB6æ‰5\x8D-\xA0\xC2\xC9:0\x99\xD1N\xB20\x91�\xEB\xE6 \x941x\xFA|K\x8C\x8FU\xDD&\xB2$�\x82v��i\x92j\x99a=zd�+6\xE4N�"\xBD!\xFF/oo\xBBkÉ’�\x87=\xC1}\x87\xFE#\x804Ü£\xCA\xEFL\xE9�\xD9\xF6��mÈA\x99\x84!�\x83&)\xD1\xC0��\xE3!�\xBD\xBDw\xAC�\xB1\xB2N\xEF\xACK\xC1\xBA4��\x{12CA53}\xBB*++s}DÄ‚\xECD\xD5f�p:\x93\x97YrE\x8A�.�\x93\xFB\xFBT2q\x99\xF0\xFFc\x8B\xEA\xE1\x8EÙ©DU\x93\xAA6(\xE9
- \xD3\xEB\xCAd,q{\xD4�\xBAZ�5q\xA5\x8E\xA4RT#\xBDp\xB9Z\xA8�\xD3v\xD2\xEE��?u��9\x8C\b;\x9Az\x88\xDB\xE2\xA8!o3"\xCFe=xcf8\xE1É·\x85P\xEF\xD8_(\x93\x88�\xA5\xC3K1\xE6\xD8\xDACK\xAEz�\xA1;\kT�_\xA0)t\x8E�\x85\xA5\x90!\xF6+\x95\xA2@\xEDG�\xB8��<X\xF5\x87\xEDM\xFC6�\xBE\xF9\x81 8\xCA\xFC)K\xB2\xF8 =\xE2\xEC-�\xDA\xEF\x99.\xB5\xB5\xEB]\xFDl\xB5Gi\x80�[\x87\xF8+]\xB4 \xBF\xDB%Y\xA8É—\xEET^\xFD=\x93u\xB6IyЈA\x8B\xFE\xDEd�y\xAB\xBC\xAB\xEBV(\xEA�\xDA\xF1È \xF2Z"\x97mCJz\xAC�\xF1\xF1\xA6eB\x97\x8A\xDD�\x96\xD3\xCFB\x97*\xB7\x88dZ\xE8:
-�\xF9L\xAA\xC1�%\xBC\x9D\xC6\xEC=�\ç¾…�)r\xE3hiZ"\x95>\x85s\xE8\xE3\xE6*\x8B\xC6\xD0\xFB-\xE5+$Sïª\xA4ë†\xE9\xE3V�P\xC7O\xFCXl�\xB18\xC7ï´—lU\xAC\xFB\xF1i\xC9\xDD\xEF4Sm8\xED�\xDF&�\xC7\xEFS\xA2A\x93j\x8F\x9EI\x889\xB1\xBA\xA5�Y®\xBB \x9C/_\xC3![4%?\x9C\xB2\xE9�\xEB\xEF_~+/�V�F\x9E\xA8Ù‹Oo\xC6pb\xFAp\x81]s�\xB7\xBE�~-\xA9\xD8'!\xE9\xBEn~\xAB\xB6\xB3\xCFMx\x8B\xD8y7Y\xDE�y\x9E\xB1\x9BVtGd\xBAQ\xFD\xE4\xFA]\xB7n)\xE6\xB6�\xD4�\xEF\xE1�\xDC\xD6\xD5�\xF3\x8An�=\x90\xEF\xE3
- \xEEp.\x8F�\xAD\xBBc\xD9VU�\xF4n\x84d5t�\xA3\xD5ѧ\xF7U\xA2\xA1\x8E��W\x94\xF8\xFB\xFE.VD\xB1\xCDI;\xBA�I7�/3\xD4\xF0j%\x9C@\xA4E\xC8\xE6\xB1}\xF0�=YL
-É\xB6\x85\xB4\xAF\xDB= \xD22R\x94\xD4Ø”X\xAFE.~\xBB \x88A\xAF\x98\xF4\x8E�\xB8 \xCCaUK \xA9\x8A\xC1ÈžJ\xCD\xE9\xBF\xDF8\x80\x80\x8E-�Ñ‘B�\x8Fm/i\x9Cz\xAF\x86\x81\x8E\xF52\xD5\xC2{\xEBP\xBCwh\x96Y\xC0\xCC\xDD5\xCDt\x88\xA3\xF1e\x8E\x9F\xFB\xA9\x83\xAD\xF5\xDE\xF5\xD6>K��ms\xFF\x90\xB9E�`\xF5\xED\x9A\xF7�\xAE��tc\x92\xB1\xB3�\xA1\xAE\xE5��qe\xAC\xA5Û\x9F�\xF7uy\xDB\xDD~\xC5\xE2\x81R�[�\xF7Ý–\xBAF3\x81\x9E\xA3'�\x8E\xEFpqvg\x97
-\xDE6\xA7T=\x9AM\x9B\x93\xBF\x95Ô¼Ky
-�p\xA9\xC9T\x8F\xBE$pÈ¢\x93\xAE\xE1a%\x8C\xB5\xA2�Y\xECÌ›�\xD5\xD5l\xBE\xDF\xFB3[ks\xDDW\xCF\xEA,\xAF\xECP\xBF\xE4(b��\xFF\xEAW\x80�\xEB\xAD\xDD \xA4\xADz\xE1\xB5\xEA\xB4\xD17\xED\xAE�\xF4�O\xCB�"Õ±�ߎ�Ύ߈"\xA2]<hS�\x8CX\x98VVq\xDF/U\xB6\xBB\x87\xCAd\xDBÈ´~S�Bt�}�I�\xE8W\xA03z\xB4W\xED�>�\xFEÅŽ8v\x8BEu\xA9\xB6\x80\xA7jn\x89tz\xBB,2\xF6vn\x9B8Õ½v\xFD�Ñ”�5*\xAFh\x91\x8F�WXl2a�3\x98\xFA·\xF3\xB8\xDFo+{Þš9�W\xEACf\xDA\xE4\xDB\xCC\xE8�\xD9\xD4\xCD\xC3\xF4\\x9B\xF6\xC9\xED$CÑ\xEBRvv4\xE9U�\x85\xB4X~�YО��ߌ\x82~\x8B�M\xC8\xC4\xFA=
-�\xC1?\xDD<\xFBx\xF7�=B\xB9�|\xC8e\xA8\xDAӶ��\xAEfM\xBCG\xE2�~DQ\xCBn\xC9H\xF4�$\x80\xEE%\xCB8\xB3\xAF�\xAF\x88\xAF�\xAD�\xD5y\xBA\x92�\xFA~c\xBA\xE3�{\xC9\xF4\x91?h�\xEF�\x95\xD5.\xFD\xBF� !I3\x96\xE8\xB7\xD6]\xC4A�Č�\x92f�\xC40\xE3y\xA5a`:}9�\xCD\xF0\xB2\x80s�\xFA
-\xB2B�EQ\xF6\xB5\xE8\xEF�v�!$"\xD9�\xB4\xBF\xEE(�>l|nJ�[h�Í—\x83\xA2\x83�HE\xE9\xB1\xEC\xD6\xE6[\xEAPu\x94q\x97E\xAC\xC1̺?\x81N\xA6\xB9\x83\xF9�Y\xE6\xE1\xB1RÄŒ\xFC|fha` \xEA\xFE\xCF\xDF\xC5=\xFD\xF4�o\xDF6\xEA\xE2C\xD3`\xF5\xDF�\x99\xA3\x91\xB9\x92v0\x92�\xB7[\xBB\x82\xBCR\x85Oܳ�\xFE\xC5T\x8F\xDE�\x8C1\x94\xC6Yg\xDA\xFD\xE0o�\x92\xBE\x89:\xEB�\xA74\x8E\xA8\xCAÅ»\x8B\xAAZY\xE4\xDDh\xB1{jÛ\x92\xADAÓ™\x80H,\x87\xA4\xB9Y\xB8\xC7�\xA0\x9E\xBEi
-+\x9A\xA1w\xCFÄ©\xE2}�x\x96Z�x\x82$t\xA0\xEAF\xEFS{;\xB8K
-\x99\xDC橇�\x9A\xF5Y5\xDF�id\xCBD#Y\xFE\x8D]\xB9u�\xBA\xA32\xBF\x92�)�w�b^F\xF4\xA6\xBC�
-\xA8#&�5E#\xDD
-\xFFF\x90\xC6\xFA\xADW\xF2n�\x84K#\xB3\x9C\xA2I\x87Z\xA6Z\xF5H�A\xB5\xED\x98>5\xC1(\xACZ\xA7\xE2\xC2\xF5\xF0�f8\xFD/#\xAF\xDA\xCD\xD8 at 1\xE4\x96=�K\x81 !\xE0|:'Þ\xCCT\xE0\xA6F\xDEw\xAFmÊ\x92\xDFiL\xD1\xF5V�\xCF\xD2(\xC8\xE1\xFD\x9B}�.5�,\xC3\xF1
-\xDF~\x91Y�\xBF+\xEA\xCD5\xCEu)�\x94\xAD\x91\x8C\xF6\xAA\xFA\xF3\xCD�ê¸C�{�tXJ\xBB�\xEB%\xC8\xF3e\xD3ZZ0/\xC0Z\xCCrk%?X\x8A\xF0G\xF6yÇ´\x94`\x8A�\xD7-Uy^t\xD9\xE1\xA9B7\xE6\x95"l[\x829\x8C\xE8ݼ�\xB1 9^\xFB[.\xBA\xB6\xCF%4'\x85�\xF0SL(�\xAF\xCEh\x80�x
-iת\x86\x90oH
-"\xA0\xE6\x8DS�\xF8\x83g`�%\x9Axm�\x82\xAF\xC6\xD7�\xF0\x83\xCA \xABI\x81\xBB\xA4[\xA6\xE2\xF6cWW\xF3z\xB1\xF9p\xE5^\xC5\xF3\x86UY\xE4\x92Í \x8D\x95tk�/\xD7Õ®\xD4�\xA4h_\x83q\xE3\x83U\xA7���Y-N�n+:\xDA[\xDEH�\x88\xE5\xD8o\x92\xA6%\x85\xD6H�\xFAGI!>׃\xBDy\x9B�d\xAE\xB4%�\x93I \xD7\xD5ϼ\x92\x82\xB7\xD5C\xA2
-\x8F;\xB4g\x99\x82\xEB��p]Z\xA2j]\x86Y(\xEA�+-\x8B\xB2�.\xDAMJ�w\xC0�\xAF\x99S\xEE6)�\xB4\xD0v)\xF7\xEE\xB1[}�\xE68�rp\xBCd\x91W\x87E\xC43\xAD�W���\xC2\xCD[\xF4�5\xF3f�XV\xC0W\xAC\xFA\xB95\xAFO\xF1\xE3HqO\xD1"�\xDFW\xD5I`\x8C�}\x8B\xAE\xB2\xEA�D� y\xF2
-lF\xC6\xFB C\x8F\xAE�\xD6�\xE1�>\x91�\x9A\x85\xCAl\xA1\x9E߶\xF0�\x82\xDC*\xBD\xAD\xC2\xDA�_\xB8\xBB\xF3;\xE4귌�\x94\xB1jl\x96\x92�\x9B\xB7\xA4\x87�\x93\xBA\xF9\x9D\xDD\xCBd*\xF3רlJ˱�\xEF\x81b�x \x98
-\xD1S�)\xEFd�\xFC\xD07\xB3�E\xF6A
-Ö>\xB8Ú™CZk\x84\xCF1|)i\ŨsW\xDF\xEAT�\xFB\x9A!\xFF1cO\x99[\xEAi3\xFB\xE7\xCD+\xAC\xF3���\xFE\xAD\xAEÛ·/N=\xF4Í–2o\xE6\xAC~\xE3|ˉ\xDET�\xCCw�UU�\xACb\xAE@:\xA8\x98\x82kW\xE7\xB5��\xDB \xAA\x86_W\xD7#l,R4xÄ¥\�+\xE0\x87x\xAC #�\xF5\x8C+�ί\xCF�\xBB\xC1�\xFD\xB5\x90\xF7\xCC�\x81\x81\xD5q�\xDAs;\x83\xDBBw\xADGau\xB7\xEE\xF0\x85\xA4\xF2�\xABDx\xB9K\xE8��\x97`\x8C
-\xE6\xEE\xB6
-\xB3\x83\xD2?ev\xEB\xD0\xF9\x98nJ`#\xF8�+\xD2-\xB5\x87\xA3\xBAn\xC1\x90\x99/\xE5\xA6��\xEA!\xF1\xB0\xE1[\xF6S\x81j\x8F^zЬb\xE9}'\xDC\xEBn\x85\xB7��ס6�\x9F`\xBF\xF8\xF2ⷬ�\xECF\x81&\x91\x85\xD0l5v\x80_\x9E\x80\xF9\xF1˧I\xBC\xB6\xC2;V\xC7\xD0M\x85\xBC\xCC�\xBA\xC3t\x94\x8Bn`\x97\xC5vO\x93\x9Bj\xD7\xC6�\xD4�\xFB\xC1\xF4z=\x8DY�܎W\x8D+Q\xD0!$-f;\xEBԖ\x9B )\xB0KP\xA0\xDB\xC4\xF4���\xAA\xEB\xD5�=#vR��q\xCC{\x80
-\xB5\xA1S\xEA\xEA�\x82LHk\xA9gÝŒ\x83�Ø,Pdž�\xD6�9B2\xE2\xA5`Õ»\xB2\x9A\xD2\xE9�΋\xBC\xB4�g\xF6M\xFAhD\xBBsÇmg\xA2\x8A��s×£\xD9\xDE!\xB3\xFC\xCDq\xD7\xC6J-B\xB9y \xD8&��Ĥ\xA5\xA6�\x8A[A\xE8\xE1Cľ,Âœ\xDDX\xE5<\x8C(\x9DC\x88+Ò¸!\xB5VnP\xC4\xD8Ô€\x83\xD1�[\x91ή\x9BI0\x82�PK\xE8\xF1L\xA9h×%\x9AÞŒH\xAF�\x88\xC0\xA6p\xF3\xC9���\xD1*˨\xD3qx\xED\xD4?\x91�=�\xBAÇ•~\xAD\xEA$=Z\xE7\xD5�0\xBC~�\x{1D2D96}�\x99\xEA\xA4f�NS\x99*\xBA\xA0 '\x86\xBF�\xF0\xC2M\xC8\xED\xB7�z\xC5fݽo�/\xADJ\xEA\x86L\x9Cun\x89|w\xA91\xC0v\xF9/
-��^yi�\x94\xABJ�\xA9-\xD1>7+\xB9\xAC\xE0�vwwil2\x8A\xD7]�\xF8Ɵ\xCA!\x85\xB3\xC4d\xC0}�\xF0WVH\xC4�
-�p\\xF9\xB9�\xB1 \x8Cj\x95\x87\xA3ͻl\xF1\x92\xEE΃�w\xFA\xC3`y�@B�=\x8A\xE1e\xA7\xFCA\x88l\x82\xC3J\xFD\xA4ݒ\xED7\xE8l\xF3\xB2\x94t\x9Ef\xD4e\xE44\xE0a\xBBx\xBEb\xEE\xD6ݞ\xBD9;RoF\xD2C\xCD׹0\xAE\xA3(\xB1\xAD\xB25TØ\xEFi\xD1A\xBA\xA6 \xCF\xD4\xDFm-\xCB�\x9C\xC1�\xF1�D\xCB\xF8%\xD5\xDFI|4GpSoM\xD0jf\xFB /N(OP\xB7�]\xADS\x80v�I\xDEV?\x98\xC2\xCC"R\xF5�\x8Fm\x91%�t\xB1[!\xEC\xC7�\xBAE\xF4
-\xCD\xC1\xA1\xB9\xD9
-\x91̼\xA2�7\xB4\xAF\xB2\xF2j/x�k+z�\xBA�\xC7\xE7To!\x92\xA2m\x881��\xF6j\xA9�\xB1\xD3}\xE5�\xEA\xDCm\xFDvR\xFD\xBF\xC1\x98oÊ\xFF\x9F�\xB8ßZ4\xA3�\x97$3y\xD1U$\xBDÖB\xF6\xB5\x9B\xE8\x89\xCD\xC1\xBA\xFB\xF6\xD2h\x94HN\x8Bn\x98\xB8\x96)u4X
-\xF1\xC8\xC5�c\xBD\xC1\xD2p\xBF#�\xAE�vhHp\x89\xD5KÏ¥\x8EH\xF5Æ»\xAB\xF5F�G\xF7B>\x82*\x97\xD5Én\xCC\xDC\xE9\xAA;\x9A\xF2��\xA1\xAB7J�\xA6\xB8\xF2+\xFDL\xEA�\xD7�\xCA NRRI*K\xBFs\xC5\xF9\]?\xCA�HK\xB7z�\xF5\x9C!\xDAX\xBC/\x90�\xA5\xDCV\xB7\xEF\xB8B6\xA6\xFA\xF6\xA7\xD0@$\x81�\xD9Ū\xEE}v\xED\xF6\xDD�\x8B\xB7Õµ\xAE�\xE2\xE9[*[;\xF9r��8\xFE\xEA\x8FaZ�\xDA9\x9Av\xA4�\x9C\xB5:\x9BI\xA8\xE2�2�r\xC8Z�Vi
-\xCD\xC6\xF7\xD0U1m\x8D\xB4�\x99\xDE�4\xEFx\x9F4y\xA0.\x99\xE6k\xBB\x85K\xBBE\xE6\xB6"\xFC\x86\x9B �\xDC\xDF\xFA\x97\xA8\x82}72fA\xC6/\xC0\xAF-\xE4(\xDB\xEF\x82Ó\x96�K\xE5n#�r\x84
-y\x90�?ʯ:s\xACQ\xB8\x86\x95\xE8W\xBF\xB5G k\xED\xEA\xD1���\xF2K\x8E \xB1!\x9B\xAD
-Q.C�\x84\xD1բ\xBBr뷪\xD2\xEE/tk\x9F\xD2\XЯU�mD�\xA2\xB5 \ߋ�hh\x91Ű.$\x88�\xB6�\x9E\x9Fh�h\xFE1\xB73\xA5T�\xAE\xBD\xE4 h;\xC2#4e\x97��>B\xA4\xB3\xDF$\xDA�Q
-?U\xFA\x8E\x80\xA8r\x87µ\xEC\x9D1o�\xD8 \xE5� \xBB\xA8\x9A\xFE$\xAD\xC3��\x89\xA0\x9E\xF2�HV\x82\x9A\xC39\xD31@\x96\xF7�\xF3\x85T\xC5TNTKk\xC6\xCBf\xCB�
-ps\x9F\xF5\xE1\xCD j\xC2)'� E��\xEE-\xE0\xFEy\x80\xEE�k7*\x87\xBC\x817mF?\xEA~\x93 h+d�n+nE\x93\xEA\xED:\xB5�\xC78\xEB\xF6� ӛ\xE9!+
-c\xD47\xC5ІQ\xE9\xEA�Mi+\xD2\xD5\xDDo0`\xC2\xF1\\xF2\x91��\xCAΰ i}\xAF[\c\xB9\xBB��@r\x{13BC87}FS�r \xA6\x84\x9EVܤ\xC6-�߬\xCF/#1\xDB\xFEtc;\xB5#\xB2�
-\xE6C\xFC\xFF 4\xACh\x909\xAD9NLWU\xBCsk\xAF#\x85\x91h�{[\xB3\xF3�\xDEm�\x97\xF5S\xB7n�#Zz\xE0���\x82H\xE1\x9D\xC62�x\xD5\xEF\xEFeУ|�J�\xB6E�\x82Oc\xB68\x81\xEFj�Ø\xAA\x8AgJ\xEE\xB7
-\x88\x9D� `\xEB\xA6\xDEĸwҩ\x9Fj\x8DC\xF4\x8D]\x923%�\xBF2]\x91���WP�\x86\x9C\xB9`\xEC\xD4�rH]i\xD1\xCF*T8\xEC\xB4\xD5 5�=a%uq'\xD4读�\x97\xCC-�L\x99m\xB9\xA3Ֆ\x9F�S=M~:\xD6n\xA5\xDB\xDEoM@\x8C\xF1\xF1!sH�\xA4�[\xF4g\x89V\xA3[�v�-v\xE9\xEE\xB4�\xD8\xCB[�\x94\x9B1\xD4Y\xCD\xF8\xED|[@u\xFC�\xA5\xCA'D \x96\xD06\xF6g�4K]\xAB\xDE5\x98\xEA\x94˥ƒP\xB1`�\xAA\xDE\xE20\x98k\xC4�\xAC\xD0@\x85\xE2�r\xFA8\xAB\xEFw@/"\xAD[��\xFFIw\xD6��e\xD2ź\x89BWj1\xBF�}\x8E%�o�\xA5٣]\xF4B\xB6\\xF8ۯ}\x8F\xBBH\x97�BF<\xF2ۘ\xE1J\x8C\x80\xA8C\xFC#�iߊ {[3\xD0\xE77� \xAE\xD9T.+\xCD(\xB9"-\x92\xA5\x92\x95\xB2\xBE\xBD\xD5tf\xA6颡\xD5rt�t1h\x93*J\xAA�M\xA6�\x84\x9By\xAB\x9C\xA7�п\xE18�\xFF\xB1\xAD
-TF�\x9A\x82\xFD\x86jп\x8CȧW$) \x9E�\x9Aa)"-O-ȼS\xB3\xE6(|?\x8F\xCD�\x92w*\x97�\xAB\xC2H�\xA5|\xC5��\xDC\xC3%A\xFFZ�#A\x9E\x8E\xA9\xFC\xF7\xAD�\xAA\x97\xC7V�n\xBC\xC9Qg�/~\xBA�A�\xAF\xC8\xE9x�5G&\xEE\x86C�\x9F\xFDn\xE6��\xAF\xCB\xE1\xE00\xA6[7��\x96N\xC3r\xF6Q\xF4/\xEA\xC0e\xA0\x9F�\x9A\xAF!s\xEE\x97\xCA\xF1\xA3\xA8S\x95 \xA8FÉ–\x92\xE0\xEE\xA8R�l\xDB[B�\xC2\xD4\xEE.q\x9AS�\xB0{\xE4\xBD\xDF\xD8\xF7\xB8c\xC7\xFB\xB9\xACtKq\xC7\xE2\xF6]\xA1\xA4gjÓ‹;\x9F}6n\xBCè |\xAA�\xF1�7\xDE\xE8"\xB3�w�\x9A\xBB� \xE8l\xC6i\xA3&��\xEF7\xA6;�Cr)C?\xB5\xAB\xA3tX\x83\xAF�\x9D\xA5qu� d%�\xDF\xC7\xE0\xE0H \xDD�\xE2\xD4t\xEC\x92�\xBBv��:\xAB\x81\x8F\xF9L\xDFσ\xE8\xD6W\x80\x97.\xFF
-m\xF4g\xF3O\x83\xEC\x89a'p#�\xA5��#&7\xB5{%@\xB0B�$�\x9B\xF1}\x90\xBDP\xF4\x89M\x9F<-\x94\x9D>7W0\xA0"K\xFAR\x8BÌ \xB2[\xEFa�\x90\xED\xA7a\xF9)\xD5|k\xBAa�\xDC�\x9AG\xD6¬!�X
-+\x91\xB5\xB2n\xE6�\xAA\xAF\x96\xD6\xF9~�[�9\xA3\x95\xC4re\xED�e0\xB3\xD8j"\x93\x83\xA7O\xF8\xD4\xEE\x8FS\x96Rz\xE9\xDE|\xF4<\xC0�\xE2\xCFn\xDD\xF9~�\x9A\x8F\x82\xCFD\x99\xF0\xA4[\x839\x82\xDA\xE8qs\x97B\xB3\xF2�\x8D\x81�7\xA7I\x85�\xA9�uI\x84`С\xB0\xB6\xD7K\xFD$~\xBA\x81\xF2\xCER�\x8B\xB7;S\xAB\x8B\xBE\xBB[\xBD%\xF9\xA3&rE\x8E\xB9FE\xC2p7Õ9}\xFD\xFA\xAD\xBD\xFC\x91\xB5�Ù\xA7aÝ¢\xBB\xDD)D\xD1\xFCe\x85\x82�\xF7,\xEB�#\x8F\x98\xE8Wd\xCA"\x84�!\xFA�y \xBE;�[\x95\xC0��gC.MH@\xB2v&\xEB� \xBC%\xE0s<q
-\xB14\xE0\x88Z��r\x9BC\xA1\xA1b0\xFB\xB1�\xD0\xEB66\x81>k\xE8!\xE3i�\xAD�\xEDE\xCC\xFB\x8A\x803\xDAC\xFD4\xB5�=\xA1�4\xD3k#�Lm5\xF6:\x98�-\x86�@V\x97\xBD\x88A�\x91\xB6\xDE&6Z(J\xBD\xF2\xDE)7\xB1\xFB\x80w^epw\xD1È\xCE\xC4Ê\x99\xF87\x9B\x82�5\xBF\xB2�\xE1�\xC4\xE6\xFB�\xE8\xD1\xDEF\xFE\xA0Y\x8Dug0\xD2\xDA\xEE`s\xEBy|\xB1\xAB\xA1�w\xABÔ‹B\xECfV^\xE5",\xC4[G\xB3\xD3\xE9\xE1\xD9\xF4�� f\xC4\xD1Q\xF6\xF6\xD0DD\xB4\x8D'\xCA�\xA1\xB6c\xADç¿Ÿ�\xF9�\xEFt\xB1mͼ}\xE2`\xCF'\xF5\xDC�v\xAFe\xEAK\x981+W\xA9n\xBC\xD6\xF1\x8D\x8F
-\xFD7\xFDyd�
-wPk�M\x94\xE2\xFB\xEF\xFF\x8872CU\xD5�\x81z#\x91\xBF�Õ‹
-"
-!\x8AM�h7(�\xAE�\x81\xAC\xA2\xB7e/Y\xF2\xAB\xC6\xF4>\xFE\xFCN\xB7\xDE\_h9)ݪ8\xFA\xD6+\xB9\x8A~ym>!\x8C\xD1[tw\xFCk\xF7\xAES\x92\xECAÖ¢F\xC3j\xE9\xF3~�\xBA5P4\xA5\xE3\xBA\xC1M)6\x94f�\xF0wZÕ»\xB6y\xC5\xFC\xFBq\x88\xEF\xF16\x98>DzBJZo\x83(\xC0\xADB\xD5R\xB0¯\xDD\xFD\xF5\x8A\xAC\xFC\xF2h\xF6[\xDCEU\xF0\x92\xD9w\xF4�\xA8.\xEDV�\xD8�\x8At�rtt\x89�Ô™\x89U\xBFU�UQ\x83\x91\xF7�Ø“\xF6\xD3\xC0\x9A5\xEF{\xE7zt\xB1)\xA5 \xC1\xA8lo:&\xE2e\xA7\xA0E\xB7\xA4v\xB5)\x9A4��0]!�|z\xB0\xBFgnH\xC0\x94\xE1�\xCB�\xA5\x9C\xBA\xF2n\xD6j\x9BÆ€Ph��\xF3\xC7\xE27\x8DH�\xC0��Ǫ\xEF\xE2\xED�tg\xE5\xF6\xC4�Bh\xCFPR\x95n\xD3w^\xBD\xB7\x9EB)'kN+\xB7\xA9\xEC\xF6\xEC\xDE \xDE5tB\xA6%d\x80St\xFDi\xEAN\xE6B�)\xB4P\xA6Ô¿z `\xDFow�\x97\xDCA\xB2\xBDk\xE89\xFAnV:o\xFDap\xB5a\xC3`6\xA5L\x99\xCBZ\xDCÌ›�E\x9E\x9C\xF5\x96\x85A�\xFA\xE9Ǿ\xC5]\xEC\xE3\xD3.\xF9\xF8\xF5\x9Fk銫\x83�\xA6\x96\xEA3�\xA7\xEF\xE3\xEA\xF5\xB5\xA0\xF1�DZ|\xD0,P\xE0p\x84\xAA�\xE5/\x8E\xE8\xEB\x86\d\x84 \xA6\xC7��\xA3\xC0{�\xEB\x80?\xF6\xB9\x8As\xBC�\xCDE&Y\xDB\xDA&�\x91&R\x9F+\x96x\xBB\xC7,\x9Ak\xE6Í™9*\xE4\xEF\x83\xE8}#UY\xDF\xCE:c\xB3$\xBE\xC1�x\x80N2t2Y\xA9'\xD8\xFB\xEC\xEA9�\x8E\xF3\xFD<\xB6~4ZQ'J\xE7둤w\x99�?Ó“pE\xA6#0h\xF3&z!�\xF2MS��\xA53\xE2�\xFCÚ&\xA1\x8A\xF0\x9B�\x99\xB6R"n \xC5��jp\xEF\xB7\xCB\xE7�\x8B�Ho]U\xB8�\x8DE\xBDbk{\xE7n\xDAX\xB7�Ë’��\x8B\xF9g{+Ñ
-\xE6\xA5�\x81DO\x8C�\x95\xF1�>\xBD\x8C%zwm\xAD\xDF1\xC9�\xB1.\xADKoiL\xF2\xE0-\xC7\xC0*\x99
-1yp6R]Æ’\xBE\xA1\xF5\x85�\xD4cLv3\x{17C313}mƼu\xDFRc\x981\x83\xD3x9\xC8W��:\xB1U)\xC6�\x8E�1\x88n\xF4\x8A\x9EO\x81�F\x8EI\xB0\x88=�\x9B\x9D\x8C\xC1�\x95\xBD\x85.\x9B\xD7w\xCC�)\xB6\x81\xAC\xA8&<S"l�Jбq\xF4\xA2\xD1RW\xBE\xA4\x95̆5<eÏ¥\x8F\xC1�\xFF\xEE�\xC3Ⱦ\xAFÓ“\xCF\xFA\xF3�N\xAERJ0\xE6,\xB7\xB2kЋ\xCD`\xE7M\xFBm�Y\xEAf9(C(P\xDBnGÌŠ\xA7\x82\xFC�\xF6��\xF7oĦ\xF0AcZR\xD7~Í¢\xD3�$�\xC1\xA8h�kh\xE9\xC1LgF�\xB8\x94\x8D\xEF\xEEE\xABÛv\\x9B ��\xEB\xB6'\x98\x97\xAC%\xEFjS\x9A\x84\xEF\xFA\xBE��M\xA3*\x85u\xC4\xE9\xD2c\xC9\xCA+\x9C\xF7\xEFK\xB3}��Xl��g\xC0\xCB8\xEFG\x88$\x97\xE7E<\x9F\xFD|\x9C\x9D3\xB16î•%f \xF3l
-\xAE\xE8\xED\xCED\xC1\xFD{�\x87\xC2�k\xCB`\xAC>n&J\xCE\xCC\xD3}<�Ù‚x�\xBBw\xAA\x85\xA6ßT�\xE7d%_q\x87\xDF× �\x8D\xADdV\xD7\xE7\x88\xFD}7K\x9F\xE3\xB6\xEF\xA4hy3\x87�d쮧0v\xA6\xA0\xA23\xB1�\xAD\xE3\x93\xB5�\xF1\x9A#\x9Al]\xA1\xA22\xC7-�*\x87 \xB7uk\xB8,J \xCC32\x8FT�\xC2 \xD1�Mm#戺\xAE\xF5\x98\xD7 =\xD4 \xA8\xE4\xC6�-\x9F�믳12\xB0MRÊ°\xB0v\xF5\xA4�\xCDb\xB6P�\xD8��\xB3��\xE1\xBAQJf�\xA6:\xDD07\xF5\xD6�9�\xB91ѼI\xCD EÈ\xF5\xD6�n\xEB\xFC\xCC
-\xAEJ.\xB0\xA4q\xD3T\x9F\xA8\xEE\xEE\xE1,\xB7~\xC1\x9D\xA2\xE4\xB3H\xB2�\xB7�\xC8 \x98\xF3\xA7\x86\xC3ߵB\x8B\xF6zA\xDF&��*\xEB\xA8\xE6\x9C3��\xFB\xBA5
-\xC17Ò¢\x8Dp `f
-4-d
-�\x833S\x80\xD8�\xA1&}:\xFB`Q!�\xC6\xE8V�/⊚y
-Q�\xDCÖˆ\x9E}y\xEF�\x8A
-(~\xAF}\xA6F\xAB^\xAD\xFB\xB1\xD8a(:z�\xFD \xFAn\xEF\xE7\xE0\x87\xB6˦\xB4\xAE\x92\8\xC6�\xC4\�H�#J\xC6w\xDDD\xBBV\xED\xF8\x84�\xB1Q\xD3\xFD\xC7�N\xE2\xBF\xE7f\xE1\xD4R?\xB72o\xEDa�\x81�\xAD\xB6\xDCAi\xEF9\xF9�\x9A\x91=\xAFއ\xD5T \xB9\xD0\xE9\x94X\x87,\x9F\x8A~;\xA6\x84\xF8�\x8D=\xA4}\xCBr\xBC\xF0\xCB\xD8\xFB\x8CL\x8B\xF6\x86\xD1ى\xC37HI\xAC\xC2<\xB5\xF9\xB3\xEC=:\x99۞\xCBa\x8C\xEEϑ~{\xBF[\xB9|\x9D�\xCDv\xA8\xD4�O!g|�\x88lt\xAE@\x8F\x99�\xB9\xF2t\xB2??Ū:ո\xD8Ԇ\xD0~\x8B Ƿ\xDB\xFA�\xB7\xAB\x8Dky\xA3-ݯ\xBA\xA3R\xCA7�\x89P8\xCB!\xD3\xFC>\xC8\xF6\xB7v\xA5\xF1b\xE4\xFFJ\xA5b:)\x9E~\xA2\xB0.Զ�x\x8F=\xFE<o\xF7\x97
-v\xD6Y\x83\x9EK�\x93\xA3\x86L2\xEB\xFB\xEF\xEF\xEFn\x84\xC0\xB7m\xA1qc\x9Ez\x87DW\xEC\xC20w\xE9��\xD5\xDF\xC7\xE0S/\xD3+�\xA4\x84\xAAf+�\x81�@�\xF7-W�\xC1\xC6\xFAy:\xD6wm~\xE1\xE5|\xBAo�@I\xA9+\x92v+I\xC8\xCD�X�\xE0\xA7;\xD8�\xF5\xB5T\xEA\xD9\xD2�s1\xB3\xE0'\x9D��\xCDA\x91�;k\x8B\x8EO\xB57\xB7?\x90[\x91�\xDD-\xC7�iO\xF0<\xB9\xB7M/a\x9DK~\x81e~d69q\xDF!YÛž\x93-\xE7\xCC\xD8V�\x97�\xDF+>ȹn�R\xE9�M\xB5͵\xA0\x8A%\x8C\xB9\x88\x9C\xB1\xA7�\xCE\xF0B�B�\xF0n\xAC\xB2.\xEAw\xDB\xFE3G \xB3Õ˜\xDDL"\xED\xBA\xC2M^\xE2\x87\xC0Vu\xBBÌ¡\xC1\H;\xF19S\xBEdUG\xD61hw\x8C\xC0*T�\xF3\x96\xF0\xEEȬz\xAF\xAAf\x85\xB8\xABH\xB9\xCD\xCC~�(\xFB%\xAE\x86E\xF5Õµ\xDBz\\x9E\xA4\xF0\xBFÏž�\xFF�\x81\xADh\xECq]AN]\xF9SOc\x89,c\x91N5j7\xB4\xE8w\x8E\xEB��{=C\xECG\m�\xA8\xBE�\xBC\x96\x82)\x8F\xB5 \xDD\xCEe\xB2Óœ\xB0Ýw]\xB77<\xE7\xD4 m \xBE$\xEE\x8C}��Jl�\xFEJ\xC1:\xBB�\xB8v3\x98+�\xAB\xA7\x8F\x8Aw\x9BTkUao\xAE`\xC4\\xCE*:~|�\x96\x91"\x9C\xEE\xC3Õ€\xDC\xDC�N��\xE0\xBB\xCCC@,\x8F#\xDC�}\x85\xBD\xDB\xE1i\n�\x96M\x90\x9F\xB6+7x�\xACQ^\xA1Fn\xC3�\xDB�xǺ\xDD\xC7\xF9\xF6\xD4?\xEC\xB6X\xF0\x83�Ø“\x80\x86�\x99\xE5\xD0\xD4,\xD0\xF8\xFB\xCDi_\x9D\x84A\xDB�\xC0�\xF2A\xF3\xA2\x87�\xFB\x94\xF9
-\x81\x80!$s\xDD;�o\x9C�\x9E: -\xEA4\x85�.m\xD6ұ\xB4\xA3^�\xD6wB��,u
-7o\x99?F\x9D\x9F+ا\x96\xEDÔ—8\x86�\xBB\xF7�\xD3�\x83L\xAEt\xC6*�5Z\x8D\xB9\xA2\xA1\xB5\xA0\xCDC�\xF6\xEB\x86jz�d\x8F\xFE\xD30�]\xFAZ\xFBu\xBB9\xF0�\xCCI–�9Dq\x94Õ‚Gz\x8FpN7\xED\xB7Ñ™T\xF3\xFB[t\x99^fgEÜ’\\xAB\xB3S\xA7Ç\xFCX;)\xEEf\xAC\xF2\x98Þ‡Ý-\xC2\xCAusyV\xBB\xF9\xDCWt\x90:
-\xE3f�\xA0|Ovw\xE3eT�\xAE+\x94\xA7\xDF\xEE[\xDC\xC7O\xF3\xAC\xFBp\xAA\xA5-�*\xD6\xC08�U(�\\xC6�\xD3>�\xBE\xFFÓƒ�^\xEB\xDF3:"O&y\xA7\x98�\x86r\xBB'\xCB\xF6 avR\x8Ai\xF7\xAA\xD9*ƈ\x82\x8CA\xF8\xBF�\x87\xD6O�\xF5\xDC3\xA1Y\xB9_\xB3\xDE\xE0"\x8D-\x95f\xE89\xDD\xDA) ~\x8Dz\x99\xA5\xAB�\xED\xAAi\x8D 2�\x86\xB0T\x867AXǸ\xBFß<$\x8A*\xBC\xFE\x8F\xE2�\x99�\x9A%Z\x9F\xA3�:\xAB�\xA7f$��\x99\x80\xEC\x96-\xE61\x9B\xE8\xCA�\xD3d\x93\xA3\x97\xB1F+\x9C\xBE\x96\x8CW\xA8Ko�#\x98\xA9Ïœ\xA3���\xF0\xDA�Fe�\x8FVÇ“7P\xA3\xA5\x82\xDDi\xE3\xA5\xD7\xE0!U\xA5\xA9�\xE1Oå´ªZX&S\xC4h1\xC0.�F\xB0]�\x96\x9B\xFAmJ\xBF\xFEj\xA8*\x94\xF6.\x8ByQ���\xBD\xF3.\x9E\x9BB\xBEw\xF6P\x82N�\xD2GÖ†M\xA9\xB2\xA5\xFFdsm\xE8\xE2{\xA9\xFE^\xF7_<�\xCCw\xCD\xE5RB\xF9\xFC}�heT\xD5��\xFB�j\xD1\xF6\xEC\x93PC3
-i�\xB6\x94"EP\xD35i\xB4bQL-\xD7g\xB1\x8F\x84\x83\xB2\x81P\xDD\xEF\xFB\xED�tg+\x8Aۈ�\xEB\xF6\xEA[R[F�\xBA�y3��\x94E\x98\x96\xAA\x90Vk\xB0\xE1\xE7
-�*\xDB{~\xA7y\xB7\xB1�f�\xF7\x90$Z\x96\xD9 \xFA\xFD\xC6\xE2\x8Ey�\x90\xE9\xFC\xF8\xF5\xDFJ\xA1�'\xBA\xED\�\xCBß´\x97OC\xDE&fm
-�!�a\x9Eb\xC8H\xF6y\xAE[\xB7H+\xD0=< \xCD<\xDCGÈ®\x99\xB1u\x8D\xEA\xBB\xFF\xFB�h\xF7'\xFE\xDA�b�\xB1�2G.U褗Q�\xE9�Ib\xE4×™]Y\xDE\xD7\xF7��p�\xA8O\xC7Ǹ�\x9C��\xBDß\xDCÑ®\x96Z\xF0RJ\xA27:n�fc&\xD1\xCDW\xE0\x8F\x8DOh\xC6}��\xB4\xF10*-\xEDv\x90\xE8_\xD4 JN[ur8 \x89F�\x8D�\xA9hn$\xB5jj\x8Aß®�~c6j\xE8�Y6\xE9t�?\xF6\xAD}�Y\xB7\xC6\xD6f\xC8?\xE4�y\xC5\xF2\xF1@\xE4e\xDC�JT\x81\xF2[Cn1\xF2�\xC9a\xB8f\xBEi�\xC0%\x95Y�\x89\xE9\x8D�y�Ì´\x8A0s\x9E\x89\xBF\xFF\xE5\xAF~Y_\xFE\xECÏ¿\xFC\xF5\xFF\xF9\xF0\xAF\xF1�\xFF\xCB\xFC�\xFF\xF3�\xFE\xF6/\xFF\xF8\x8F\xFF\xCF\xFA\xDF\xFF\xA7?\xFD\xDD�\xFF\xE0Æ¿\xFC\xBB\xFF\xF8�\xF8d\xFE\xB3\xBF\xFA\xC3�~\xFF\xF1w\xFB\xA5\xFF\xF9/×—\xBFx\xFD\xF7\xAF\xFF\xCB/\xFF\xF8\xFA\xCF\xF5%}\xB9\xEC?\xFD__\xFF\xE3}\xFD\xE3\xFF~\x99\xFEË—\xFA\xE5\xFB\xF2\xFD\xFB\xEB\xCB\xDF\xE2\xDA\xFB\xCB\xD71_.\x84\x9Dv\xC8GY3\xC5פ\xBE\x9C��J\xBF�\xBE\xB0~\xFFl�\xD9\xE3\xE1x0\xC7�\xB0{\xFB7\xBF@\x86�-\x9E\xCD-\x80�kY\xF6\xF6\xDAÝ\xC58@�\xBC\xFD\xDF\xDB\xEFZ5\xB5\xE1�\xD8\xC8\xE2\x83f;;\xDCl\xAA\xE2c�v\xE9\xB5|\xCCh\xE9#7\xD6:y\xE5\xEB�-\5\xB3\x81\xE6}\x80�\xDE\xF9S\x9E\x95\xB5�ZH\xA9\x98\xB1e\xF7#\xCCl*\xCDf\xEE�\x87\xA8�;rcf4w\xFC\xF8 X
-\xFF\xE2?\xFC˿\xF8\xE3\x9F\xFE\xA7\xF8\xF1\xA7\xF8\xCF\xF8\xFD�\xFF\xEB\x97\xF52\xFD\x99E˯3\xF5Ͽ\xFC\xCB\xFF\xE3O\xFC\x87?\xFC\xC7/\xF6\x97\xF9�?~\xFC\xE3ǿ\xFD\xCF\xFA=.\xFD\xF3/\xFF\xE3\xEB\xC2\xFD\xFA\xAF=\x84u\xC7\xEB|\xB6\xE2\x98)3\xBF>\xA8I3vj\xB7-=\x9C\x89ژ\xED65<\xA1݌\xD7\xE0\xE6
-qy3\xEE\xC7H\xC0-\xD0�\xD7ÊŸÍ£0\xFF\xFB׋\xBB\xB4\xBC\xE2��[Ò ?\xDD\xFFo87\xD0\xF1\xD2
-)\xA3sj\xF2펽\xF8h\xC6\xF2\xF2�y\xA9\x9D\xC4f\xB4R\xAA�]\xBD\xD9\xCD\xFB\x96\xBD\x9A\xE6\xA3B5\x95ƤQ?\xDF\xC0o\xFA\xDE-\x99\xE2\xAB�Q\x80\xDE\xFB\xB8\xF4\x8E=�t#P\x9E~�i\xBFM~\xCD\xF8|\xC0\x9E\xFC\xD9h\xAB\xD7\xDF\xF0\xA8\xEF\xB6\xD3[70(?\xA8\xCC+'\xF8\xF6n3\xC4\xE3\xF3\xC4\xE2ګ\xEB%䮛\xF9\xA3|"\x83\xFD\x9E\x9E\xFE\xFF\x8F\x995W\xD4̣jb\xAD\xB9\xB0\xD9\xE6^\xE58.̶��\xAAoO\xD30�\xEA\xF3\xFC\xCA�\x9Fכ\xA8\xFD3?�\x8A\xD6\xC3\xF6u\xC8\xF6\xE5\xF8 ,3eV�Fi̶\x90\xE6\xE5\xE5e7\x9A�d\xC6\xD2]\xDD�2 \x9E.4\xF3\xCB\xEAs��\xA7\xED�\xF8\xAD^\xFD\x8B\xAA�[\xA1\xD1�
-3\x9B\x96\xB5\x99=\xD1\xF926M\xE4\xBC\xF6\xFE޼�\xA0�_G\x87\xB6\xF2\xAE�1\x89B\x86� \x961}Ե8*\xF6\xB3\xDCi,\xDEM\xCEƵ\xAF\xC5\xCC\xC6߷\xBB2mV\xB3\xB5¿\xCF��\xF8�\xE2\xD1\xFA[ke\xFA
-\x98\x8A�\xCF�\x9AÚµt>\xE4\xD7F\xC3i\xED�R\xBE\xCC\xF3\xE5\xA6\xE4B3\xD2\xD6n\xE4\x96�\xE3J\x95ÆŒ8\xCEg\xA5\xB9@\x86\x99\xF7\xEF\xBF\xFCq�\\xD7j\xB6<\x97\x93{\xFD,B\x85\xCDl6\xE9q�\xFA\xB0\xC0.\xB580.\xBE-\xC8DTM\xC0\xE75\xF4\x9B-O8�s\xE8\xFB\x9F)�z\xE0/'\xF7f\xA4\xB0\xDCf-\xD1^6 \xA5^O\xFE7v)r�]{\xBB5�7\xE3\x98\xFD\xF3g6\x90\xC4A\xE9\xCD�\x9DY\x87:\xF2 \xADq\\xABN\x9B\xD1T\xA1\xCC\xF8\xFAv'\x8D DT3\xD6~\xE9E\x80\xE6\xE0� \xF4 \xE0ò»‘³KX��\xB8\xF4\xB4jXf\xD7f\xEEw(D\xA6\xC1Çp\xBB\xCD\xD8/\xDEV\xF6\xF8ï$S\xC3Ì.�5\x8Bh,Ú©V-\xF5\xCBq\xBE\xD3wi\xCB\xD0\xE7\x81|\3\xBF\xFCcί1R\xDDh\xEA\xBCn\x9Cqs�O\xD7Vá´»Æ�y�á›™1=\xC3w\xD7\xDD\xEC\xD4�\xE5j�\xB0t�\xB9\xC5m\xF9Vq\xF7w\xA7\xF3\xA94\x80\xBE\xAA\x97\xB9 \x92\xE7\xE3�
-`\x8C\xAB\xD3�\xFC\x86[9\x94\x8B.\x8Em\xFB\x80\xEF\xE5X\xA0\x9DO\x97\x97�\x96j*\xC5�1lsC\xEA
-Pe_\x92\x8E`usi\x9D\x8B\xC7\xEB\xD5f\xAC=\xC7\xF4\x8ENc\xEFZ\xA7\xB5\xB6= \xB7}\xFC�\xF2\x8Dn\1\x807O{�\x8B녻\xF1\xCA\xDCI\x91街j2�\xBA\xB6#K\xEDF�͙q\xB5\xCAg�\xBC\xEDe\xAE^.ᵾk%kľ\xF4cW\xA71\xB7\xA2\xDB\xCA\!nna\x9E+\xAE�S\x9F\xF0\xB5\x8D+v\xA1<\xFD0y\x99_n\x90\xE6\xA0f\xDD\xC1+�\xE4ݖ\xB5\xEF`\xC4¥X\x90\xDFm\xD7.\xE4$9\xAE\xAEk\x87{W\x98�\xDE\xD3�\xAF�\xD5\xCF_\xA5\xF2\xCD8\xEAŇ�K;H\xDF�u\xFE\xF9z5mm\xE8\xD2\xE2\xC6\xD6:�\xF0B\xA0�\xC7+
-\xD6*\xF4\xC6\xE2f^S�\xBC\x8E;]\xED\xF6\x8D�?Â\xF6\xBB\\xAF\xF2�\x935�ã¥Y5Y\xFB}ߌ�w\xD0b\xB2L\xD3Uϵ\xC6O\xCB\xF0y�\\xB1�\xD7Ô\xD1S\xBA/\xC3z[\xC7l\x83\xE8\xF7\xA5\xF5\xC2�\xDD\xC1ײb\xF0\xCBØ‘\xF1\xD2�pÉŸJ\xDD�o\x9F�n\xB42%�\xE0K\xE9\xBE�\xEDS\xEC��0�8\xA6\xC4\xFB\x84TM\xE5Ó»*\x87�;\xBF\x8B�€f\xB6\xC6\xDFn\xB6\xD6\xE2f4\xAD�7Z�ÔŒVq\xA7[�\x8For<\xF96.\x8DM\xAE\xBC\xC5\xCE4\xE65n\x9Eq�\xC0#\xDFx\xD90M\xD7(\xE4M\xAD&c\xD3\xC1f\x81\x82\xFF9Ö³fv\\x9C-\xB4\x80*\xF4�LZÖ\xE6\x9C\xD1\xDF\xEE� \xEA0\x9An\xDDk\xDEÙ…\xE9C\xB9\xB1�m\xAF\xA9\xEB�\xB2\x955\xF9c\xB3\x9A\xD3 \xA3\x91\xF6\xFC\xC7P\xB1\xFFw\xBCv\xA1\x9E\xCE�\xEE\x9BKFb\xEA\xD2\xF66=dȆ\xB3\xABo?\x96\xFC\x8A}T\xF9\xA83\xAE�\x8CSq[\xC8јq\xC9m\x819\xAF\x8Bn\xE1\xEB-VNÍŽ\xC7�\xBA\xD9t\xE9s\xB1%\xFBã—‡K\x8Fc>\xFF\xFE\xE1^\x8FO\xF58�\x9AYti\xF7K3�V\xB4Û¥n\xDCN\x8F �\xFB\xDFg?\xAD\xCCldL�:"\xC53<U\xF0|�\x87\xD7u|\xB1o\x8B\xE0W�\xCCO\x8B\xEBo~yZ\x88\xC7%\xFB\xB0\xBC1n\x9B\xFC\x96�Û¼�\xA1\xA6%\xEF\xB9]{�\x87\x92�\xDD�`\xBD\xCC@�\xFAqÖ½�\xD3\xCB�\xD9\xF2\xD4i\x9C\xDDϨj\xBD'i|\xAD�\xA6�*\x95\xE1\xCCl\xC4A�\x91*\xF5m\xBB9s\xF7e\xB4F\xDD\xFE\\xCD\xF7_� *G�\x9D\x8CJ&\xC0\xCB\xCD�-Ë·�\x88\xC6\xF9[�\x97\xF7%\x9F\xC8P\x9A4\x9E
-0\x8A\xB7S4\xF3\xE5^ã´“\xA1\xD1\xF8r#\xCC8\x8D�\xD8\xDC\xC8�;0W\xFFqk_\xFA\xD5R\x9E9|\xAEA\xAB\xD1\xEAth]\xF1\xE24Þ¡\x85V\xD9\xEF\xD8\xDB� �\xE2<\xFD\x81\xE1\xA7�\x819\xC8y/35\xCA<
-Kî’�\xE7\xC6\xF2M�3bE�\xFE�T\xBC\xED\xD9\xD1=2\x99\x93\xE4O�%\xABn�j\xA2!\xAC\xA7\x88L,\xCF\xE3?�\xDB�\xFD�\xA3\xBE\xF9\xDF\xD6po\xAC�\xF6\xA2Q�\x847\xE7G\x8E�"'\xBF\xB5Z\x9C]\xF727\xFFB\xB1v\x86\xA2\xBC\x89\xA2\xA0'�2Ú‡7\x8E\x9A\xE4\xE1\xE5\xA1,-\xAC�-\xBFV\xBE\xCE\xC7izþ\x83�E\xBB\xAF\x87�d�\xF8\x9AN�Í.b\xBE\%ݧ B\xF2\xFE\xF9,\x8F�\xCCX\xE4b!\xF9\xDFe.]\xA7\xF9\xF4\xF5\xA4\xDC7�\x9C\x9A\xF8Sy\x8C�\xC7\xDB\xE5\xB9\xD4 �b\xBA�p";\xDF\xF5H\x97\xEE`z\xF0\xF92\xBE^ _`\xB6\xFE\xAF\xC5\xCD�_��\xB8\x92\x87\xAF\x8A\x9E+�Í«2\x8Ban\xD7>\xA0'\xF3��Ia\xB4f�~\xB3���7e\xF0J�\xDD\xC9I\xA91\x80�\xE1\xECig\xB58�)\x93\xE6/!!\xD0\xD5Z\xB5\xC5��Rܘ\xB7.6\xA3\x89:\xF9wQ\xC2\xC3\xEA\xA3(\x91C\x94\xA1��qc\x83.^\xF6B\xBD\xE7\x87FU\xA8\xF2
-\xF5\x95\xC7(SO\xC0�\xADf\x9E\xD37\\xEBN\xBD\xF8[׎\xA0x\xBAa\xB2(\xC4mf\x9Ee\x93�Z7\x9A\xB8\x86�\xE5\xF9\\x9E�sciʺ &\xD79\x80K\x8C\x9B\x91;\xAB\xCD�\xB3.K;+\xF2KKn\x96+\xBE\xD3,7ǚ\xAC\xFA\xC4^�\xC3\xC1\xD8co�\xB3\xC5 uij.\xE5\xB8 �mʼժl\xDA\xF4\xC8�F\x9C.?~y\xBC\xF6aԇ;8\xDE\xED\xF1\xB9\x8Es at 8\xB2\xBFr\xE5\xF3\xBB#\xBE\xB8��%�\xED�\xCDh\xA7\xE27\xE6\xFE�\x98,\xC7\xC3\xCB\xE8\xFE\xFB\x8A�\xD4$\x9A\xF5�\x95\xED\x97\xED\xC7.\xE6$�\xAA\x91\x8Dw\xB0�D\x91\x9A\xF0ղ\x8F\x9A\x83\xE9 a�\xC0\xD2ݼ1\xEF\x87lF\xF9\xF6D\xA5\xBAQ�\x85\xE5\x8A\xF1�@\xEE\xF6r\xA10\x9F\x98+R}\x91\x81\x9D\x9EJ\xA4\xFF\xD6K�P\x9B�.�\xB3\xF0�\xD6Y\xC7\xCF3\xA4{\xF9\xB0)\xF1\xA7\xAE\xD6{L\xA2!\x81\xF9d\x97&\xBC�e#Fy\xCD\xEC\xBF\xE3\xB5\xE5\x92S#7a\xA7{
-\xE1=~m\xBEw\xE6l)\xC76M\x838\xA6kx\x80{\xEDl�@\xA0c\xEC�\xC2Ws�\xD0SF\xE5o~\xB3lM\xAA.T\xCD؋\x99M\xDB؊R�\xF9\x8A@\xBB\xB2\xDC8\xA3v\x86\xEC�}\xA0O險#\xE7�\xE8��\xA8W��+0S\x8A\x93\xCDcT\xA0\xBD�+V\x94ucN\xE1\xC7\xF4؄z\x84�\xBF\xCD\xF4\xFC\x86\x85\xF0\xF9\xDFQ���\xAD�w\x88,U\x99#؟\xDD�\xE0\xDB��\xF5\xDEU\xE9\x8E?}0\xDB\xDF\xFF\x81w\x84\xF2w\x9A�\xF4:\xE0佶1\xFF��ů;�\xB3�\xBA\xED \xC4%\xC0�\xF0\x8F��\xC3swX\xDE\xCB�p\x8F\xE8C\xD6ai\x94&\x88\x93�Y\x96\x81\xE0F\xF1\xA4q\xA6$\xBF��=2XY>\x80\xD5\xF06/#\x80#\x96\xBEl&D=i\xA4\x8B c\xC9L\x8AB�\xAF\x9B\x97\xD2(\xBE�#bs\xF3]�\xBB�\xBB\x91\x95i��g\xEF\x87n\xE6\xEEs\xDBL\xF8\xD5ov)\x93�)�/`d\x88\xC1�IS\xE5[`�\xC5\xF6\xEBF\xD4\xCE\xCBXp\xA2\xD8\xF9چ\xAB\x9B\xC0\x98Tقq9 \xE0eF�n7:"\xEEe*\x8E\xEAy�)\xEA\xED\xC6\xEE[
-\xB4}\x99T.&u\x85\xA9\xEE\xF0 \x86\xE5\x8FM�\xCFv$Ӫ\x9Dnd]Œ\x82Ĺ\xB9/�\xE0^\x87\xD9\xDCs\xEF׾'@�,\xFE\xEE\xE9\x96\xD5F�\x82i\xF3�\xBA=\xA7\xAA\x90o\xFA2f�\xF6\x86u!\xB0U\xD1\xE1\xFFd�\x80\xCE�\xBE\xD7w\xD4�\x9A\xFD�\xFA^\v`\xBE\x8Cme7fW\x822co�\x97��z.\xF3\xDF{Q\xF49L�\xCBV\x8B\xB5�\xF5j\x88Ib\x99\xEF\x8Bh\x8D\xB4M3\xB3Ћk\xFD\xC8�h\x81R\xCD\xC7èvR\xC0\xC6L$\xEEjLNa�\x99\xD3o\xA0:-ί}\x85\xF8\xD8\xE9;R\x8AV\xD7•\xE6Ľ\x8C&\xE1�o\xB40\xBB\xD4&�F
-c\x99\xB1\xF2�T�\xBB\xE4\x95i\xF0X\x82\xD9do\xEC�,\xCCt#\xD75Zyr
-Uk�\xD7\xDDh.\x8B�x\xADNΖ#\xAA}\x80\xCB\!\xEB\xCBl�\x96\xFDT\xB6X\xE5\xF5f\xFB�{ z2=\xBBι?\x82 �\xD8�\xE7agϵ\xCCu}�k\xEF3\xE6\xA0C9\xC4Ì®�`\xC6RÌ\xE8\xC9O|7\xDA*\xB1\xC59\x96\xE6�\x9A\xEDCK�!�\xCB\xC3�H#\xA7x\x82z\xF9\x8Ec
-\x86z<\x81\xB1\x83\xCD\xFC\x8A\xF14\xDFL\xE6AE٫\xBBf\xF4\xE4�T\x94\x91]\xD2 V\xAD6s\xF3(�w0\x92o�\x93=U\xCC\xC8��"\xCAm?@7<�6�wc\xF0\xAC,\xA0@\xEE\xD8S;\xBE\\xFD\xEB\xEE\xA1
-i\xE6\xEE1x\x83�&�(\xCAFCF\x99\xD57�=\xF12\x9AË¥�\xAC\x9Ei\xE6\xBA8[\xA8\xAAh\x80\xD2|+G×\xAA+#��\xB3 \xEB\x9A\xD9\xD9{fd\xD9\xDB�Q\xD6\xE2罦m:\xF8\xA92[�`\x9F\x8Fo\xDB\xC6b\xF3�\xC6\xE4�\xB8��jq/\xB7\xA2\x82�00\xB5\x99\x8D�\xFEiÛ°\xBD\xB8ż�nʼn\xFCJ3\xDB}\xDB\xEBzy\xAC\x9D\xD7N\x8F\xAB\xB0C�\xC1\xD7^\x97\xF9\xE6\xBE4W|\x89\xC0\xAEW\xAE\xEE\xE1\xC9<\xFF\xB1\xC4\xED4\xBE�45O\xBC2\xB5^\xF6�\xF8)\x87q=\xD1o\xD3Õ–\xF6cG\xA2\xC0h3\xE7F\x95\xE3Ñ„gM\xEE\xF2\xCB\xC3P3N_[\x8B\xBC\7:\xC8 �>\xF6Br\xC3\xDC:\xF8Éi\\xF8��<Ë·\xF3å¿A\x87\xC0i\xE8\xA1S\xAB>D\xEB\xDA\xE9\xE7�\xDF\xE1\xF27\xE4FC4\x9A\xF1�\xB9ÄD\xD0[�\x842��f\xCC�\xFBÞ¸\x91\xCEt\xBB�P\xEC\xF4\xF3\xF8���\xB7\x82R]\xC8—\x96\xF5�\xB2\x93\x97\xFB&\x8CY\xFBy\x818NoZq<\xBA-mo\xA6Z|ZÑ\xD2�Ŷ�u\x9C_N\xED\xF5A=Æ€\x93`\xC5�_\xF0<b\xD0k\xB87\xFA>{3.\x97\x8E.)\xA3qT\x90A\xDD\xCF\xE2WP.En\xBC\x8A\xEE?\xC5\xC7Q�~\xE1\xA1�.C�\x8D\xC7l\x89E�\xE1sl:r*^Þ‡\xCC�ј\xFB\x91}+�\x9A\xC0\xB8\xAA�\xC12\x99>@\xF5\x97\xE4O\xD6�\x8C\x88\x86\xC4Kw\xAB\x89)�'I�I\xEF\xF0�\xF6\xC9-\xF4d\xE8(��\x9A\xB1h�X&\xDB\xDDÒ”n\xAB\x88.\xD0k\xBB\x9CK+\xEE�\xCEv7\xC6mM�{L�+V\xD1P\x9A\xAB\xE5 tX\xAFa\xF3�\x90u\xACWx[\xC9w\xB8챦\xE6\x80��\x84\xFA<;`\xF3u\xF9)S\x88\x8E\xB4\x97\xE0u\xA8\x97\xCD^\xB2Va\xF2\x83�\x97.\xFF\xE8\xD1a5\xE9-2E\x83eЧ{\xB0Ù»W\xFF\xA0cÊ„2$ y\xA4\xE6\xE1j�/cbg`3\xDA\xEA\xF1+\xCBv͇'-\xF0[\xD6\xCDÔŒ\xDAJ\x8AbÄ‘\xDBm\xB2K\x93c\x9B[\xFCV!\xE5\xC6���>p5\xDCWy\x8B->#\x96_\xD1����$ƨ\xC22\xC4?V~\xBDx\x84.˃�Ì£G5\xFC\x87G.o\xDF\xE9\xC7/\x8F\x9F\xF4\xE1\xD3\xD8$\x8E�\xCAq\xEByئ�\xB6\xB4\xC3\xE6\xF7\xB0Q�7\xD5\xE3\x!
F6{ު\x8F\xDB\xFA\xF9 8\x9F�O\xC7\xCA\xE9 :\x9FU\x87c\xEDx >�\x96ǃ\xF5x�?�\xD7ǣ\xFD\xC1 8:�'\xDF\xE2\xC1 ypX\x8E\xCE\xCD\xC1
-zp\x99\x92\xCAt07yW\xD7U\xB94-U\xEE\xEF\xD50\xACf\xF4T\xBE\xAD\x8B\xAE1\x99>\x84\xB1\xC5_\xB7\xAA\x8D\x93\xB0
-غBg\x98\xEB\xE4\xA1\xD43\xCF \xF6\xBD\xF0kKS\xF0yܥ\x8F;\xFAq\xEF8'�Δ\xC3\xE9\xF3pR=\x9Cj\x87\xF3\xEF\xE1\xAC<\x9E\xAB\xC7�\xF8\xE1\xB4~8\xD9\xDF}\x80�\xE1\xE8[�\xBD\x90\x83\xC3\xF2\xF36\x9B\x8D�\xF1�\xA0L\xEC\xB3\xF8\x87'\x81\xB0͎k\xBDv:\xFC#�\xA2�̾\x84\xD4<\xF7ٷ\x97\xFC\xF1\xCB\xE3\x828.\x9D\x87evZ\x91\xA7\xA5{Z\xE3\xE7\x8F\xE1\xFC\xD5<\xC4$\x87\xF8\xE5!\xD2y\x88\x8A��\xD41\xD6z\x8Cˎ1\xDC1\xDA;F\x86\xC7(\xF2�o�#\xD3c�{\x8Cv�#\xE3c�}\x8C\xB7\x8F\xB1\xF91\x8E?F\xFC\xE7\xE4\xC0C�\xE1\x90qx\xC8N�3�ǜ\xC7c~\xE4\x98K9f]\x8E�\x9A)\xF4)\xB29\x8D\xF9\xAC\xE5\xA4/3�\xBD\xDA.\x95\xFD;\xD9\xC2\xF6\xF7Ruvs\xF3\x9D֤\x85}\xB6 \xFEv\xE9%\x9A1\xC5\xDF\xCFe\xEF�\xE9,\xD4�aL\xBE�\x9B\x91\xE0\xE2��\x8D\xDE\\xF1\xCB\xFF\x9Eb6\x9E\xA2\xF2t\xFFhYX\x84\xBE\xB7\xB4\xF0\xF3\xED�ٸ\xF0F[\xF1��L�.]k��\xBF׫\xF8� c\xE8�@\xDB5\xD3\xD1�\x83\xD7Yꅱ }\xDEk8\x81\xF8J \xCF\xF5|\xDE\�`*\x81j\xB2\xA7~T\xC0E\xF0\x90�\xAB\xC8ke�\x99\xD0K\xE9\xCF2\x84\xB5\xEFɑ8f\xBE�\xE90\xB0J\x8A\x95A\xE0\xAD,\xFF\x8E\xF0\x84W\xA6\xB1\xA9\xD25::P.\xBAF3;V�3Ocf\x9F\xA1\x97\xB1�\xD4\xE1\x8C\xF0�z\xA4\xD5q[FN4㨞\x95\xCD*\xB9\xBC\xE6�x\x99N\xA3^A\x9F:\xD5p\xFF\xCEU\x80\x91\xB0,<�\xBF\xE3�R\x80\x9C86l\x80y\xDD�\xB6\xFB\xFB\xEE\xA8:O&Z\x8D\xE4\xF62\x8E`5\xF4짪m\xE6\x80\xCB\xF4\xCE'P^\xFFe\xE4\xB9\xDA�5�'\xF3\xE2 \xCE4n\xC6\xE3\xB5C\xA6\xA9\xCFs6\x9B\xAD\x81\xB4n\xE2\x8F�^8\x80\xE2\x99a��\x8F\x93�\xBF\xBEU\xFD\x98s\xC6\xF8\xAB�\x95\xA1\x9A\x81:\xB5�:\x96\xAE�0\xB5�\x9Bٹ��ݞ\xBA\x96/�\xF5\xD0\xEA \xDC��`/s\x80\xAD\xF0n\xB8\xE2PR
-\xFF6\x8C\xCB1\xD3\xEE�O\xE1\xFC\xE7%g\xBE\x8B\xAB\xFB2&��X\xBC\xA4*\xB8\x80d\xF1+-\xC7\xEE�\xF0\xC9};\xCE\xFE\xDDO�^\x83\xFB9\xEB@@\xE9\xA0$l6�\xB6\xFC\xEF\xD9
-\x93\xEFK�\x84{?\xE5pW\xCB'\xD6\xF8\xFAvx\xF7Ë‹7> Hԅ׺΢�\xAD9\xA3�É•\x98\xC3�"t\xF0\x93\x83�\xC7$\xC5\xC2̓?\x86\xE5\xADy\xC9,�ͽ\xBC\xAF\x8D\xF2\x85\x99>���S,z�!>\xA5�&\xBF\xAF\xB9\xE2\xE8\xB8v\x92�\xDADU\x97\xBE\x8E�\xE7�$\xC7�\xFB\xDFg\xF2'\xF0b|ã„‚\x8Cbk\x88\x835\x85Y\x93\x9F\xEDB\xA2\xE0\xD2�N��P6J\xBC\xD2\xE2!� E\x81\xA6\xF3w\x92.\xD2<61c\xE2\xE7�\xB9�\x86\x9F\xD3U=| \x96\xAB\xEC\xDAv�ɇ\xE1'Ô\xA7/d��\xD2�\xCC47\xF3\x87,�\xF3 \xA6\x88m/ש\xEB-vQ�\x8B\xE3\xB1\x8E(djD\xAF�s\xA0�2\xB8SS\xBE�Q4\xA8\xF0\xF7\xCC_2,\x95\x8A\xF1\x84~\xE2R\xB1\x8C\x82\xD0\xD5>A*^\xB3\xA9 \xBA\x8D
-~\xD8\xE32�d@\x89\xB8Ys\x9C�\xFCP\x9C2\x8C'X\xDC��\xDAқ"h\xE2x.\xE0+�\xD7O\xE2\xDD�\xD8i]sȞ\xA8�\xEF\xF1\xF3\xFFR\x9D�8"�:�k\xB7�Ʈ�\xE8\xE2MB�\xA4\z �\xAB�\xCCgO%"\x86\xF9\x88\xFBI\xF5\xF7V\x9C\xF3\xC5)\xB8}qȬ�\x8DiF\xC8�w\xC3\xCB\xF1\x956�\xA9\x88\xCA�\xCFl
-\x86 Z�mU �\x83\xDB\xF9\x93�x�x\x81\xF8b\xEC��
-A\xBF/2'\xE0�E�X\xDE\xC5\xBF\x83D\xCA\xDBb��F\xDD\xC0%N\x8E\x81\xD8[\xE5\x95MI�ë\xB3P\x99\xA8-g\xC87\xD5T\xD3FWL\xBD�\xBC\x97!\xF8J\xDA\xC7_
-\xF0_6\xD5R\xDF\R�\xF4\xF1\xD0�\x9F\x80ݰ�\xC8Y\x88�\xFB)\xC7 �h<\xF8\xF7\xC2\xE4d\xA4\xE0�g:/\xEE\xE50��1\xA2\xB8\xE6\xBBGA\xA7jf6&\xE76\xA6\xBF\xEE.\xA4\xEAV\xC2\xC8P\xBD\xBF\xB4i{\xA3$3�d�c\x90�\xACo\xDD\\x9A�\x8B\xCE`\x9C]\x9B+1�\x80\xFD&G\xACX\xF9Yh\xFD<=\xB5\xC9\xF9w<d\xB9\xE2�\x92�O\x98\x8D\xE0i̳\xAA\xFF0[%\xD9͞䜈\x93=�ى\xF7r\xA3�5\xCCV1\xB8\x99%\xBE�\xFC\x96\xD7ya\xCC-vr? `\x9C\xB9r .\xBD at X\xF7\xB2p( R
-#�c\\x95\xC0�8\xA8
-\xC6KP`tm\xBB\x{13266F}3c\x8EW莽�[x)i\xEC�\xE6\xB4D7\xFCmw\x81\x81\xA7&1\xAE\xF3Q`lΖ\xA2\xFFw�\x81\x8F|M\xD37\xAC
-\xA7\xB4\xF8�2\xBA\x88f�{Ü–m\xEE\xDF8\x80\x82\x98\xAC \xDC_[
-\xCA\xCE΃v\xA6\xCC\xFDÏÅ¥\xCC\xCD?\xC1bl:Ew<G
-\xF7SwKy\x90\xCDzE�W(\x9A�\xCA\xE9k\x9B\xBEx\xAB\xC2\xF6!\xB58�?\x97\xA4\xDBGn\xD13\xA6\x98W�\x9C\xBCk�c;1~\xACmV\xD7/ T\\xAD�\|o\xBE�T�7,\x88\xD1
-B\x9B�z\xC5\xCD\xEF\xC4�@\x85\x83\x9BX
-\xF0,\xF2aMP�2�\xA7\xA1a�p\xED\x83�)�~\xF1<\xBC\xBE�0{y\xA9�\xA3&?\x9Eo\x91\xCDp\x94\xAB
-\x809j\xA6\xDA\xF02�0�Æ¢lNGS��\xC6 &O*���y#@\x857\xCE,2�N\x83�T<\xD0�\xBE.m2\xDC\xF9\xDD=\xC2\xC0\xB1Õ¡Ý»Ke\xBB\x919�\xBBW\xDF[z\xBF=\xC0\x86rv\xB4ë²”a\xDFt\x89>\xE2\xD3Þ´\x86�\xEE\xC6ਆ\xC7\xF1�\x86ȳx \xEE\x84�`|�È·\xF9w\x8C\xD8(\xE9Q\xA9;\xF1\xD5\xD0\xF2\x939\x8Aá‰\xAF\x98\x9E�z�\xE0�k\xAFm\xA4�{\xC9U�*\x82\x8B% "\x9C>�\xAFp\xA7�\xE3H\xF5\xCDCAd\xE3iL\x96‚\x89Ȇ\xE3N�Ǹ\xF1\xB5\xD7v�\x89\xA75ʘ\xAF\xCDqC\xB3�\x85\xD6w\xDD�J�Â¥\xBA\xB1\x99G �\x82\xDEvÛ‘\x8D\x91�"u!\xEA\x9Ch\xF5>�\xDC �M\xDD�\x8A\xDB\xC3j \xAD8 \xE6l\xC5�\xEC\xB9(ɲ\x9C_ %\xF1\x99\xAB>Df\xE3\xA7\xD8\xFAÜ´|Å‚\xFD�\xB1\xACN�\x80\xEF\xDB\xE2q\xA8\x96\x86v\xADr\x88\xCB]e7*Ó¶\\x9DÝd-\xC0\xD3N"\xE0�\x9E<\xB3V\xB4^\x9B\x81\xEE\xD6a\x95Ö“\xDD��\xE3\xC0{\xFE\x8CTIM\x81\xB5\xA2\xF6�\xE8\xBB\xCC+JMK\xC9V#\x82x2�\x91M\xD2:\xC4�s\xB5\x89\xB6\xF1\xCB�VU\xFD\xA7\x91�k\xBC\xC9FG7\xAFX�\xC3\xFD;\xCF\xCB\xE5\xAA%\xF3\x9AO\xDEA\xA9\xB7Å¥Q-\xC9��\xD13`H\xAE�\xFC\xFB2nD\x9C\xD6�\xA8:u\xB2(c\xBCC�\xA0\xF9=z�\xCDKs0\xD6r�\x917È�\xC13�v/�UH�0\x96\x9D\xE1�!u\xE0᡽�.\xEF�8\xC1y\xA3y\x8C|KX&�)�I\xE3D�\xBC\xAD\xD5\xF9\x85O\x97�@\x88]\x8A\xEE yz\x83>l\xD5n@��|h\xFF<`[\xCALf\x95\xF6`\xBE\x92\xD2R.& 2�ãž\x82LÝ—\x93\x88<`\xAB],�#\x98˃\xA2.�vAO�\xE3\xF8䋱\xBD\x9D\x99\x9A\xBD\x97F^T\xA2/\xB6]G^\xD4%%l3n\x8B\xA9\xBE+X6\xAF\xAFÍ¡\xD4�\xD5I\xBA\x89\xBD\xCBw 4�\xD08\xE7\x80\xF6\xBC\x8B:8d\xEC\xF6\xE6-Q�#\x8B�\x96\xD0iUg\x94\xD7[\xF1Ň
-�\xAE\xF5\x92\xBE� y��\xE7�\xF9\xFC1\xB44\xA7\xAFi\xFE\xB3XRp:\x86\xDCr�&=E\xF6*y\xA6\xC0\x8F\xD9A\xAF~�D�ۜҫ牾\xB4\xB9\xB8�M�\xF9a\x96\xC8�\xFB\xEFs$
-ıi3R\xB0\xD7\xEF�\x94`\xEF\xB8"4\xEF\x8Aj\xB0\x98\xF9
-\xA3\x85\xA4\xFB�#J\x9D\xCB9Yn,}p\xFD\xEF�\xA8u\x81'-\xB2\xF6\x97e\xE5\xF3$\xA0,\x91\xFE\xD6\xC0>\xF1\x97BUę^\x85ۘXf\xDE\xEC\x9E_\xAB�\xF3\xFB\x95\xB3ʈ�\xEA�}"\xEDX\xE3w\x9A\xC0\xA2C\xDEl\xBE\x8B![\xEC/�Fv�7\xB35}1\xB35>t\xA3\x90\xBA\x93\xDF$\xA0�k\xB1\xE4Q"\xB7���K\xEB\xD3\xC5\xD0\xE9\xBE�U\xFC\xBD\x95\xB61\xD5�\x8C\xEB\xB3Ҵ\x87!\x8D^:ǥd\x96\xF5 \xAD�\xD45P\xDDH\x9C\xCA\xDA>i\xB3�\x81\xBBx..\x86Ю[\xC9E\x9FP55`\xA1�\xC0�q\xA7t9\xD1\xF9Sn\xA4B3]I\x88`N\xAE@�L\xCF\xEC\xFB ST~\x98=\xC9�W\x97<Ͻ\xAEjw\xD9
-\xDF\xEE\x83&\x86JLWd>(kU\xE3�nS\xB5Rs\xB5\x8BRt5\x8Bj�\xB0\xEE\xD0\xF9&���\xC8\xDAn)\xA1�c\xEE\x91F\xA9J. �\xDC:\xE7\xF0j\x97~\x8C\xF4E|##k\x80\xD7tje�\xB3�\xE8�w\xAB\xB1`\x92\xEF85\xB8\x9Fm\x84c�|\x83W�l\xB9'=�\xE0<\x99\xD3U\x87�90vy�\x8B�/\x8CS)Y;\xBF}\x80�\xEE\xDB�;)�=\xFB\xEEØŒ\xA1\xE7\xC6�\xC7㌌?B#\x81\xA0\xD4CÉŒ\xB5\xEB%x���\xAD�\xCF\xFC\xBD\x8D\x96%u%[[~\xFF\xB7j\xEE\x8As\xB4`\xC3RΩ\xEE\xE0v\xDEVabh\x85v\xD2�`z\xF6\xC0\xAF$ܺ\x91G\xAB�\xE8~n \xBDÅ‘\x97| �\xD7C\xEAy�\xC6\xD16�|�\xBD\xB4\xAD\x9D\x80\xD84\x8B� \xBEh\xD9IR\xB2��Ú¾^\xBC\xD0\xFD\xCA$\xA0�~q�厕�'\xB6\xF5\xFE\xD4�Ô¨\xF3\xAE\xC8E�\xE0\xC0Ûš\xCE=\xFAjq\xFCê…`\xA5\x8B��\xEFIDm#\xA8\xB9\x96`\xD0l1\xD5
-#12\x98\xAB\xD94�\xD95\xB0|\xC5S\x91\xA1\xE0\U\xE63We-\xAE\xD4\xF9��8\xDD.M\xCA[\x88\xDF^Ò4\xA1\xF3��\x96+)\xEF\xD6�Z!�\x93�\x93)bK\x97+J\xDDK\xF5P�\xAD\x80\xE4w\xB53<\x86Ep#\x9F5#�+T\xDB[^Q\xD5_�~\x80��É–0\x93r��\x9D�\x92Y\xF2\x9A&\xA1F\xEE�\xB9Ü‘\xEAW\xF2:+\xC56\x86\xCE\xD2y\xB9+\x98\x9B\xE8\xEA8\xE9#4\xCDU\x89?\xCB'\xBB/\x89\xB4] Ú¿\xA1\x8C\x98D�zQq\xDD)ÇžI\xB0=7K_\xC0\xEA�\xFERg\xA4�\xAFK\xCB*\xCA5\xC6�\x9E\xDA\xF2V\xA7x\xC9t\xA6�g\x95�\xD4W8\xD8�\xD4X\xA4\xA3�\xA9@\x8B+(\xFFi\xC8\xF73\xE3�\xE3\x97
-:0\xD6�e�\x9E\xB5\xF7\xA7\xE5\x8E�cQ\xA0"\xD9��\x9D\xA4b\xDENޔa\xE3r\xFA\x96A\x8E8tM\x98\xA8\x9F\xC1؇0\x8As9��\xB3\x94hfU�_��!\x90\x94\xEE\xE2\xF3\xE8-�[\xAD�Ba\xD9$�\x80\xEC(��\x94\xB9(~\xB2yL\xC2W\x9B\x8A\xB8\xA20b+\xFE\xC1T;\xA9\xEB0\xD7.-\xA5\x9E\xC3\xC8\xF3д\xC1\xB5iݔU\xAC\xAB.\x9F\xCC\xDA�\xB5\xFA\x81\x89\xE2\xEE\xC7uc�z\xE1%\x9CB\xB4\xA6\xAD:\xA4B\x9Dh�\x95\x86\x8B1\xF9\x95{�R\xF84���7\xB3\xB4\xB3\x82?�\xBDNrh\xA7\x98B\xCDz\xCD\xE9\xEFI\xBB\xF2\xE3\xB0.\xD5k\xC8�m[���\x9F\xAC'��\x84\xA9\xFD]\x8A\xD6.\xAAQVw\xC5\xFC\xA9\\xE0\xCC%�W\xD9ޗ\xEAM\x8D\xCBpx\x94\xEDFb \xE0�'\x8F\xEE\xAF��\xF6��Ep~\xE5p�\xBAwxqc"j\xAA\x87\xA6\x80 g\xC2\xD4<\xE4\xF2?OQN\xB5\xE5h��KY\xA8%&?MS\xAF\xF3B\x93�\xF5\x8A\xDDR \xE0
-k\xBD\xE8\xB8\xC2%k��\xB6\xF6\x8C\x9D\xF7�[ɰNR\x93f!^ =3\x8D�\xD9\xC3&�_\xF7v\x84\xFE\xF7=2!=�ɫ߽\xF2\xD4:\x8D\xED\xB6,n�d�\xFC=\x80y\xAB),ƬJ\x98\xAD\xA9\xC0\x8A[-U*{\xF5\xB5\x839\x96\xC9�o_\xD8*�n\xA8\x98��fj<\xA9\xFDo\x8BJ=f\xA6T�\xCA*W�Y\xC8-�\xB1%`M_\xAE\xA5I\xEDTJ,\x92\xB4\xC0\xCD/N_V.�S2\xEA\xD6c>\xD4\xCC! g2\xDCn\x9C҄#H�\xB6@\xBB\xA2f\xCCre�\xEC\xB6w\xF5\xE1
-�B\xB3\xA2~\x81�\xD8\xEF?\xFBb\xF0\xC5&-\xBF�\xF0\xF5&�\xA15\xF4 Rfm*�\xB3å„›=�
-#\xF3\xCCv\xB3�\xF7\x84\xB8<g\xA0{Y\xCD\xCB\xEE\xC8V�\xBEU!Ù¦5�\xE5]1oƬw\xF8\xA9nßjm\xC0\xBD\xA6\xC2?\xE1�\xFB \xD0\xE2j&>\x95\xBD6\xFF\xFBOXF\xD3`w\x94�\xE32T\x94m]̦\xBC\x8E\xBEj\xFF\xFB\xD0�mLY;tBu\xE8./{X\xD6P/+J\xCE\xC0iÌ•8\xB3\xC2u�\xF6B�K7�\xC6rYT\xD3\xEA\xAE7b\BM�9{6�F\x96\xE1 bu\x88\xA2\xA1<&\xA9
-#\xF4>1,\x99\xAD\x85
-\xB3\xCDH\xD5e`X\x89b2\xE9\x96L�\xAB�r5�Öc:J\x94O\x80X\xEB\xE2\xB5\xF4\xF1�>"`mK{�\xB5 �wsi\xDC��/\x99Û˜\xC4Vg\x97�\xD0�\x90\x8F�L\x9AP�H\xEE\xB9\xC97VX\xE4\xF5\xDD�;6\xD5�c&\x9DW\xF6\xF8mp\xC8X\x96%6\xCB[\xBD�\xD3\xDAÉN"\xCE�І\xE8\xF2$a�\xBCjj3\xB4�]\xE8\xCD\xCCZ�n\xD6k-v-O\xB6\x8D\xBB0i�\x87x\xA4\xAD\xF9 \xFC\x8F\xB6\xC6� �(X\\x83��M \xA8�A\xC4É£V�\xC0d%�\xA7K0\xAE\xB1�\xB0\xEC\x89e\xE1\x9AÄ—\xB1|Ê_�/%\x870���)b\xAF.\xE2�\xBC\x82�\xB8�!1\xF8\xA9E! \x80\xB3\xB4g$\x87K\xBA\x91\x95\xF4�\xB5�iߪ\xD7h\xA9\xC0o�\x80\xFAw/\xB3\xE8\xC1�HdM\x8CN"SY�d\xD1l\xE0?2\xBC^\xF9\xB6 \xF7Of Y\xA5纈tF*\x95\xD3b\xAB\xDD�\xA0�X\x89�uiR!�5��\x8E\x94\xE7\xD0Oש3�\xA0DW.\xC4\xEC\xF1�4Ju\xA9z'�\xFD1�Q�Y'h��+\xB9x\x9B\xFA\x84\x8D}\xEE\xDE]vh\xD1WCB�'wã‚\xF0\x8CÍ—Qu�~\xB9퓃\xD7R\xE3�\xA0K�D\x8C\x9A�w`\xE4'\xCEt\xA3\xB2\xAE}gU4\xA6\x99�gU\x91!yi\xD2�\xA8\x9Bt\x9F\xE3$\xA9\xA1�Ó²\x92\xE6�\x9C\xE5�\xCB\xE3\xD3�\x98\x9E�t\xF3
-Ê´$�\xB2\xB4�
-\xE9\xCClA\xF6$\x8C�\xD0�\xF6jj�d\x98\xE4\xE2\xB1.F\xF5�\x9D1\xC9G\xA5\xF0\x81\xA5\xDD|\x80\xEA\x89M7\xBB\xE3h\x84�B\x9A\xAAJ`\x86\xF5f6\xB5Z\x87�\xFF\xFB�\xAEK
-i_\xE4\x81�m�#?"Ô²\xA9pP\xCD\xEF\xB6%�kÒ–\xEB\xC52\xD8\xC8d\x87\x8DG)p\xEDW c\xD3�\xA6�\xE9ky~
-Fë\xFA\xA1!\x9Cs�t\xA3\x95\x9B\xA0\xAE%\x97\xAA\xCC\xD4�\xAE!x�\xE3
-\xD7\xCFͩܤ�\xEA�\\xA7�z\xB8\xC899\x9C�\xE7\x83\xD7\xFB`4\xC7\xC0\x8D\xA8�\xD9��t\x87\xD7\xF7!\xC4�2I\xC1Z\xF3.\xD2\xCF$\xC1#\xA1\xF0H=<�`~\xE6^\xFCw\x88s\xB4\xEA�S+\xC9\xDA6\xFAA\xB3\xC0\x87�\xA4\xF8\xA1:\x96�Ek\xAF\xED\xC0(h\xC1\xB8�6p^��h�\xEE\xC9M\x81\xDA1�\xD4Ir\xF0\xD2 \xCD\xE0\xDC6\x83\xF2[\xA6\xB5o\xC0\xF7\xD6$\xE8\x82\xFB\xC0\xA8\xB2VwR\x87\xFF\xF4t\xE5o/\xF5{ [Ww\xDA�\x8A\xE7\x89�\xE4+h`\xCD+ȾO�\xDE2\xCCW嵪a5 \xA2ddeŒrWQ�s\xA1\xE1N\xE6\xDFW�lSa
-��\xAEW�\xC0v)\x83\xB7�e�\x98\xF7\xDDf\xE1\x9Dk\x80\x8BD1D�\x9BТ\xEE\xD9zm\xF4\xF4+q[^\xBD\x87\xB1y\xBD���\xD7\xFA\x83\x91\xFE\xB6\xFDM�\xE0\xBCI\xC9ڸ�\xBE<\x81\xA5\xC8b��(0\xEC\xEDf\x82
-vÄ€c* Y\xD2\xC8�@ÑŸH\x83\xAD6Ñ™p\xF8A\xEA�2Î\xD9Ju\xBE\xD6\xFA��\xA9B
-\xE2\xECd\xF6�Ǟ�\x860W�(x\xA6 at W\xD0s\xDD}G\x91}
-�\x89\xF2cP�\x81\xE6H\x82e0<&\xA4d\x84\xF7ة\xDB\xE2\xD0�W#\xE7ߒ\x89�\xE0 \xFC��-\x9C\xEB�z\xEDS.�\xEE\xE2
-\xB8\xFER\xB6\xA1�\xFD\xE9~\xC3$Re ,d\xB0v/"ل\xEB\x90�% �C\xF2`\xF0G�z\xE5F\xF2\x92Q\xC7^\x8B\xC6+k\xFD\x8D\xA6\x8Cd\x8F\xE4�\x8C�\xFB\xF9\xD3z�׌\xC4\xEDNOT\xF9 Ui\xD2>\xB7\xA7\x87\xC3;���\xAEbQ�\xBD\xAF\xAD\xE7t/_�\xFE[ګ\x96��\xEE\xE8 \xEC\xBEv\xEEw\xA8_\x8B\x99\x93ܬ��Lo\x89宦x/\xD3z\xD9\xEB�~\xC5K\x86c�E\xE13P\x88\xF7\x9F\xCA8\xF4[\xCE\xCA|ݤkkf\xB4\xC0��f$\x96 ޶\xF0�\xD3A��\xB05\xCD\xEC\x98\xF4\xF7\x93\xF3e\xED\xB1\xF2\xE5\xCB�\x91�\xE9!\xCBi\xE6
-�x�\xF5�Z~3_Wx�\xA6T\xB98Y\xDBW\xB2\xFEv\x85w\xC0j\x81]K\xDC(?\x91\xAF�\xB8�\xB8\xBA\xE1\xF5\xAB� |D\xE4 On�f,\x9C\xC4Y\x95�\xD6\xF6\xEC�tO\xC2\xF9 \x9A\xC4�\x8F\xDB=\x83\xF4\xD5B\xF1\xE1iR\x9C�A›\xA6\xE0\xC77nt\xBC\xAF\x9E\xA4\xF0��w@:�\xD2!\x9E\x82\xC6B\xDEh\xF7\xA2,!̞$\xA9AT
-\x9Dm\xA4\x8D(z\x8AU\xA4\xCC#\xF2N\xD2UO�\x87\xB4~ \xBE\x8D
-\xB6B5�\xBF\xA3q\x8F�\xF1[˕hs\x88T\xA1\xE3�u\xFAR8\x8B@\xE0/\xA9\xC0�\xACǒd^\xD0G\xE0\xE1\x87\xCEb\xDBs\xB3\xC9[E:\xAF\xB9*v\xBEE\x9D\xD69[7\xB0\xC8\xEAF\xCB(Onj�Tm4\x97\xA2�[\xF6\xD3\xF8\x87r\x87^E0\xB3Cb\x80\xE0\xF7\xCA�\x8C�걦\xB3\xAE\xBDL1�\xCF]\xA2W\xB9\xF7\x91(�k\x9F\xB4\x86F @�\x9A�\xB9N\xD8(�a\xFC\xC1ܩ䟋X\x900��\x82m\x91E\x84+\x8A[\x86\x89\x8B\xCERE\xB4�\x8CKT\xD0U\xE4d\xE0�XD\xB8\xAA\xEBݚѼE�\xA09\xF2\xDC\xEF\x80\xE2\xE8�|\x93\x8BF\xAB]x\xA2\x9A\xC5@\x93\xFDM;MJ\xD1H;\xFD۔U�h\xE6VEbx\xC5 \xBC\xF2&u� \x88\xBE\xFC_\x9C�\x8F\xD1\xC6\xC6\xE0\xA3W
-\xFBR\\xB7�vr\x92\x81o|\x9A\x82\xAA\xBAa\xDF=�6\x8B\xA23\xCE\xD1�\xEA\xF3\xA8\x81�\xB1fB\x93NB\xB4\xC0I\xBA+�\xB8\xB4�X\x8D4�2\x85�/%j \xDB\xF3.>֘\x86�\x98\xB2\xEF \xE6A�0\x857k\x8A�޷(�\x8CM<-+\xD7\xC6�l�Q[*�h\xEBOl\xB3\xE9�\x94Y\x84(+\xB3\xC7"�\x97\xEEu�\x89\x86\x8A9d�`\xAE�Ѵ\xAA3>\xA2\x86\xE1ү\x98,\xA2\x90\xA0�\xCAó\xEA at 3\xB9˱q\x9E\xA1Zj}\x8E\xE5jɳg\x9C\xBD.\xD5\xF8L\xB1s\xF0�\xF6\xDD|.\xB2\x9D�`J\x9B\xB3
-\xF9Ú–ip\xE3\xBA\xE4\x95\xCE YBQ\xD6k�p�\x9D\xB4i\x82\xB4\x84K�\xB1\x89Pq�4\xEC\x93BpQ\xFA�\xCD\xC9
-lI\xAEJ\x93�r���\x99�@�\xBC�V\x94j�\xC9\xD3\xF9> \xF58\xF0�\xF5\xCB�\x928x*\x8D\x81\x97�\xE9\x83\xE8\xD1�Ó\xDA%E\xBD/\xF9\xCA&aL�\xCF\xCBa\xA4>\xC0\x8C}\xEB"\xD7
-URFU\xC2޹\x91u�\xDCiʷ��~\xF4�\xBE\xC7\xEF�\xFC��\x91`\x87$z�]�\x9C\xB51\xCAf\xE0YC�\xCF�\xDF6N\xD4>�\xEC�\x84\xAF\xFAdLe�\xE1\x8BM�\xF5�\x85\xDE]p\xFDڲ\xFDl*\xD6CC9'W`t\xF9N\xC4�?XUf\xD9k\xB0\xD8̪\xF4\x90\xEE\xBE�\x8B\xBC\xAC\xBDu\xC8WH\xA9\x82PR\xB3\xBA9�]�\xD9\xC5�]\xBAV��\xC3^6<)\xD5cK�\xE7sf\x9E\xBDf[\x95\xB6q�k\x83\xFB\xF3,\xDB#1sw�\xEC�E7(\xC2Pֹ8&��\xCDxm\xDA�S}s\x83\xFE\x8B\xA9\xE7\xD0X\x85\xF6(:M\xE6}'*\xC5�\xF3\xB8\x8C6\xC9kP\xA3\xF0\�\xD2\xCFW�\xB0\xC3\xF5ѫO\xB9\xCD\xA9\xAA\x9BZ?`G\xDCC\x93\xC6��&o~\x89\xCA\xC1pmnP
-\xF3\xC2\xE8gMXQ H\x825\xB9&\x8B\xA2+\xD9�c@\xAB\xA0�\xE9Tj\xEB\xD5M\xF8HH\xE6\xC29%F�\xB2�^xnj\xF4\xB9Q-\xD9\xDB�\x986\xB9A \xA2\xB4P\xA6'\xCE¦IJ\xD7C\xD21\xCEeq\xBD\xF0�\x90\xE8M\xA5\x99\xA1'�#\xA9\xC8\xC8{K\x81�\xAC\x9D&\xE1d!D!\xD01u\xA9\xF6\xE6r\x89\xE0
-u\xE0п\xCDK$\xF3�\xE2;0�
-7æ¸\xB4\x9B.\x8C\xD8Cr\xD4Rѱ\x80J\xC0y\x85\x9F\xD9\xE3x\x82쇃\xD5�6\xAE�\xF1\x88\xB8�4Rp\x89L\xC3\xF0\x94\xC6\xCF]�\xF5J
-u\xFE\xEEi.-�\xB5\xDAl\x8A\x85\xF1j\x97\xA7m\x90c\xA7\xC2q!L\xC97\x91\xA0, \xB4\xE5XsxT\xA4\x8D \xD5\xE6\xE5` \xA6՞�\x94\xE0\xC9�\xAE\x9B�Z\xAFh\xA4J�\xF5W\x83\xA71\xDF:B\xB7r֢l\xEB`2\xD4^#\x90{loV\xC4~\x83ƿ\xC7K�\xED��\x95Q[�J'ϯ\xFB
-�\xB7\x86^\xADU\xA5\xBE�\xF2\x90\xC5�4b�\xE8
-\x95\xE7\xA4[�jXTG\xF4\xA8(l\x82m\xD0G\x9E/#\xAB\xC8g\xD0Gj#'W\xB5\xD1 z\xDA\xE4\xE0E\xFF1&\xE3F
-\xACz\xB5T�C\x8B\xA2,\x85\xC1'\xD97\xEE\x8A}\xC4�\xF0\x9EK\xA1
-�\xE3\xF20\xCE\xE2\x95ʷX\xA7視\x97q\xA8-P\xA1�5 \xB4\xD4v\x93\x8E��\x83\xB0\xC2I\xF8M\xFC�U\xA3Q.\xE0Yt\x89׉t*�\xB0\\xEE\xB9\xF8\xDF\xEFC�\x87\xA9]ټY\xAE\x9F\xA5U\xE8\xE1N\xF2\xD9\xF2\xE3\xDF\xFF\xBAKt��E\x84#\xF4y\xC3%n�\xFFN\xF5\xAD07Y@\xF9\xB6\xCF\xC7�,'\xC0^|#\xC1\xFC\xFBgl�^\*\xE5
-\xA8y
-��]�} \x9A\xC4E\xE77 Ί1\x93&\xA7d\xF3?-˴\xE8K\xB0\xEA\x81k_\x93\xCEe%țg\xA1�\xC3�\x90ؾ\x81\xBE\xE4\xE9\x82`@\xEF��\x97#\x8B\x90``O
-��\xFE\xA6\x83{�\xB3�e13Φ7#�\x88Ý \xC6\xD5\xF9i\xE5=@��\xC6\xE6\xD0?yL�\xE7+�\xD2vd�\xE8\xF0\xAE\xA3g\xD6(\xF7\xA9!\x88�\xF1\xAF3\xF8,bt7q �W\xF9m�:��\x85�h&\xFB@\xCEJU\xEA�Q�u\xE1Q�\xA4ç…¢\xBB f`\x97\xAC\xC1ß’\xFF\x8C\xF62#"N\x82\xEC\xAC?\xECR\xC4�@\xDBa\x98PE\xB2\xBC\x90%\xE9\xB1�uX\xF3�E\xDC�\xDB\xD0_�\x95l\x99@\xDE\xFF�\xF6�\x9F[W\x8F\x98\xCB\xDD�\xCCt\xD0�\xC6�a\xD9^E�q\xEAb\xCE�ubw\xC6&\x95
-\xFCc\xCDj܆\xEA/\xA9�Ë«\xFEn�\xA4\x8EQ\x98dZ\xBB\x8A\x8B\x89\xAF\xAD\xE1\x8F3\xB8(\x99T�?Ià½\xE8\x92c=g�c\x8A\xBD\x87\xC03";�\xD2\xE1]\xBC)\xA9-\xB7@\x80�o*hn\xF1�\xE1\x9By\xA7�\x98I:BY~(_\x88\xCFC\xA5\x9FY\xA3v\xEB\xFB�\xF3P]@@a3f\x8E*'w\xC6~e xmc0;s\xABW\xB13\xCC�\xBAh\xCB.\x90gwE!\xA0\xC8�\xDB\xFD\xE7Jf(\xC5�\xBD\xCBO\xDF�\xC0\xD6u\x85\x99\xF0D~\xF0O\xC5lGÓ¨\xA1;\xA7\xE3f\xA4�w$\x9FIkbÈ\x83ri\xF2\x89`3*�\xE7#\xA9M�\xEEr\xBF\xBD�\\xDF�\x84��I=,A\xA0x\xE6\xDD�8z'2\xDF#\xEF\xEF\xC8�<\xB2 O\xCC\xC3#K\xF1\xCCg|\xE0>�y\x92GF\xE5�\xFB\xF2\xC8\xD4<r:�\xF8\x9F�\xAA\xE8\x91S\xFA\xC4?=rU\x8F\xAC\xD6G�\xEC\x81-{\xE4\xD5>rp\x8F|\xDD�\xB3\xF7\x81�|\xE4��x\xC5��\xE4#_\xF9\xC8l~`A\x9F�\xD3Gn\xF5��\xFB\xC8\xD9>\xB2\xBB\xCFL\xF0#k\xFC\xCC/?SÑ\xAC\xF5�~\xFB\x89
-dÍŸ\xF8\xF5g*\xFE\x99\xB5\xFF\xC0\xEF?j��u��\xFA�\x8FJ�GÕ‚\xA3\xBE\xC1Q�ᨛpTXxTc8+7\x9C4�\x8Ez�G툳\xC8\xC4Y\x8E\xE2\xA8\qиx\xD0\xC38jg�U6��9\xDE\xC4;\x8E*�O\x8A G\xF5\x90�\x9D\x91�M\x92\x83~\xC9Q\xE9\xE4,\x8Ar\xD4O9\xE8\xAC<(\xB2�\xD5[N2/�\x8A0\xEF\xDA1G\x8D\x99'=\x9A\xA3v\xCDQ\xE5\xE6A�稞s\xD4\xD9y\xD0\xE4y\xD0\xEF9*\xFD�U\x81N�B'\xA1\xA1GM\xA2\x83~\xD1Q\xE9\xE8Q�\xE9$\xA0tPZzPe:*8\xBD+==hB\x9D\xF5\xA3\x8EJS�\xAATG�\xAB\xA3\xD6Õƒ.\xD6QC먶\xF5\xA0\xCCu�\xF1:\xAA}=(\x83�U\xC4�zc�\xDAd�:fGų�u\xB4\xA3\x92\xDAQs\xEDA\x9F\xED\xA8\xE5vT}{T\x88;\xA8Ét\xE7\xCE�ug5\xBB\xA3\xEEÝ£F\xDEQOï ¼\xF7\xA0\xD2\xF7\xA0\xE8w\xD0\xFE{\xD0 <j
-�\xD5��\x94
-O\xA2\x86G\xF5\xC3�\xA5Ä£\xAA\xE2I\xF1A\xAB\xF1I\xD7\xF1\xA8 yT\x8B|P\x96<jP�\xF5*\x8FÚ–G�\xCC�\xC5Ì£\xBA\xE6Q\x87\xF3A\xB3\xF3A\xDF\xF3\xA0�zV
-=*\x8C\x9E\xB5H�tK�4N\x8Fj\xA8'\xE1Ô£\xC6\xEAQ\x8D\xF5,\xDCz\xD4x=\xAA\xC1>(\xC7�UfOr\xB4g\xE5Ú£\xCA\xEDY�\xF7A;\xF7\xA8\xB3{T\xE4}P\xEF-B\xD0 \x9A\xE7\xA7hm%�/\x95=\xC0\xADq\x96�\xC5\xC3@Ê“\xE6\xE5.�\xEE\x80i;�\x92�@~\xC3Ò¾Cu\xABP\xB8EP\xDD�ItX\xE0\xF1eX\xBA\xAEy-\xE5\xD7�\xF2\xC5|\xCC\xFA:\xCD�\xB2\xFB\xCE�\xF9\xA0\xF9\xC8%9\xB2N��*\xEFT\x96�\xE3\xE5\x81�\xF3\xC0\xA49snN\xEC\x9C#\x8F\xE7\xC8\xF89\xB2\x83\x8EL\xA2#\xE7èŸt\xA62�8O�\xFC\xA8#\x97\xEAȺz`h�\xD9\G\xDE\xD7�G\xECD';\xF2\xCE�8j':Û‘\xF7\xF6\xC0\x91{\xE0\xD3�\x99w'\x96Þ‘\xD1w\xE6\xFE=\xF0�O\x94\xC2#\xF7\xF0\x91\xA7x\xE04>\xB1�OL\xC93\xA9\xF2Ⱦ<25#\x9Dk\xACN"\x9A\x8A\xEB\xDC\xFB]qa<qM\x8F\xBCÔŸÉ«��\xD7#�\xF6Èœ}d\xD9��\xB9�\xEE\xEE�\xCF\xF7D >r\x87�x\xC6�\x9C\xE47\xF6\xF2�\xD3\xF9\x81�}\xA2O�y\xD6GF\xF6\x91\xBB\xFD\xC0\xF3~\xE0\x84�\xD9\xE3'\xA2\xF9\x91\x93~"\xAF?\xF0Ü\x9C\xF8#{\xFE\x81id\xE5\x9F\xE9\xFB'\xA6\xFF\x93*\xC0Q?\xE0\xA45p\xD6%8*�<\xA8�<(#�4��\xF4�\x8E\xDA�G�\x87�Ň\xA3:\xC4QG\xE2As\xE2A\x9F\xE2\xA0d\xF1\xA0z\xF1\xA4\x90q\xD4\xD28\xEBn�5:\x8Ej�Gå£J\xC8IO\xE4A{\xE4\xACSrT4yP?9 \xA5��U�\xD4W\x8EJ-'I\x97�\xF5\x97\x83N\xCCQO\xE6A{\xE6\xA4SsT\xB4yÒ¾9\xA8\xE4�\xF5t�\xB5w\x8E:=�E\x9Fg\xF5\x9F\x83P\xD0AQ\xE8Q}\xE8\xA0Tt\xD44z\xD0?:j%�U\x95��\x98P)\xD1\xD3*y
-c$WT\xDC��\x8E5\xE4;\xC0�E�\xB2�7T\xAC\xB0�\x92\xCFA\xF1\x9D\xA4�͋�ku|
- \xCFeK\x86�\x9AwM\xEE:l+\xF4\xA8B\xF5\xA0XuÔ¶:\xEA`��\xB3�\x94\xB5\x8E*\�\x8A]Gm\xAF\xA3�؃f\xD8Q]\xEC]\x87\xEC\xA8Xv\xD66;Ë =(\xA6�\xB5ÕŽ:lO\x9AmGu\xB7\x93�\xDCQ5\xEE\xA8/\xF7\xA0E\xF7\xA0[wT\xB8{P\xC3;*\xE7�5\xF6�\xF4\xF8�\xDA}G\x95\xBF�E\xC0\x93x\xE0Qe\xF0A\x91\xF0A\xBD\xF0\xA8sx\xD2D<\xEA'\x9E\x95�Ï¢\x8C9\x9C\xFA\xA9~\x98Ó¨\xFDz\x82F\xCBO2\x91\xFE\xD7E=\xD5\xF1�/\x89W^\xA3e\xBDl\xF7\xB3\x9E�-\x8F\xEA\x97\xEF2\x99�\x8A\x9AO\xEA\x9Bg\x9D΃\xA6\xE7Q\xFF\xF3\xA8�\xFA\xA0*zT =I\x95>\xAA\x9A\xBE�\xA0�\x95R�UUO�\xAC\xEFJ\xADGM׳\xFA\xEB\x83N\xECQS\xF6\xA8?\xFB\xA0T\xFB\xA4j\xFB\xAE\x80{\xD4\xCA}\xD0\xD5}\xD0\xE0=\xA8\xF5>(\xFB>\xA8 �\xF5\x82\x96�>\xAA��u\x8AÏš\xC6G\xFD\xE3\xA3P\xF2\xA3\xA6\xF2Q~\xF9\xA8\xD3|\xD2t>\xEA?�\x95\xA2�U\xA5_�\x8ENa\xBE?$\xCD�+\x8E\xD8AA�\xEC
-Ir�y \x98\xC980�r�\xA2Xc\x8A\xC9�\xE0�\xA0r[\xB9\x84\x99�\x81\x84\xB7�\xC0
-\x88\xD1T�\xD3\xCE\xEF\xA7O\xE1_�\xFF'\xAD\x9E�\xE2\xE8\xDDcu�\x95WJ\xA4\xB4\xC18�\xD5Gr�\xE6|)\xAD \xB8xßš�]01\xAC(\xAF6[WÕK\xAD\xA9nj�k+2\xA9�$\xD3�0J\xE0\xA6nB\xB8\xADtj�\xD7\xE0�\xE0SI\xCA!\xBCB\xFD\x8D0\x9A4Z\x90\xB5?\xC0ļ��cÓ¸\xFB\x8B\xC9É–\xAA\x8C7ÉK\xF1��p\x81zˤ�m�\xCA�Ti"\xC0H�\x89wT&\xD0�;��\xA6�g `9[�\xA4�&V\xE2d\xAD�\x85\xD1&\xC4�\x87\x89\x99��Ƭ\xEC\xBCul5c�\xBC\xD7>ÚŒ;\xD0!Ú¼�H#3[\xA1t`\xC6\xC9t\xD7\xCENM\xC3M6.\xA3\x92b�\x94\xC6J\x97�\x87\xCFV\xD2Ú¼��a\xBE\xBA|)�9\xC0�QPf\xEC}\xB4
-Uj\x82˱\x90�\xBF|v\xC5P\xB4\xBB\xE2l\xF3j\xEDTt4=e�n\xC0T)\xC3:G�\xE5\xD5�láž»\x8B\x86L\xEBX�mJ�\xEAgÙ¾\xA5�/c�\xCB\xC0..9\xC1�\xDB\xFE�\x9A\xD7�u\x90^LoF\x96\xDEF\xED\x92-\xE1{\xC1:w:\x89I\x99�\xE4\xBFE*)\xCA\xB8\x96p]�J\xE2I�$k\x94#z\xA0\xEEKxxYu�S\xD7f.\xEA\xDA\xFAÚ¨\xADu\xC9e5ѯ\xACs\xA4\xEF\xA5W \x96[`V[\x94\x86\xCD\xE8\x8D�\xE0\xD5ED\xD1\xEC�\x99n�\xC5�\xD2I^\xFC\x80\xAF\xE8\x8A!\xE6\xCB\xF9\xA9Y�\xBE\xC9�\xEC�\x84\xD7\xE5�N\xBA\x983�\xF0\x823|T.X\xFC\x94\xAA\xDBpg\xAD\xC6ifV\xBF\xCC\xF5u�(\x8Cd\x83�'\xBD\xAE� \xAB\xC6É\x96\x9F\x82\xE5\xEDo\xE6\xF2\x98å«£\xF2� \x8BÞž\xED�\xD6c\xAD�sHHHM\xD1\xE5\xE0r\xEA\xB2�\x8DMf/\xC1\xB2\xDC?�\x95)\xFB\x9E#�\xAE\x97\xFB\x9C6\x800\xD3e\xA3O\xAE]l2\xB2�#\xA0+ �e\x84KyE\xCA\xE7�\xAC*\xF5\x97\xF6\x89�\xB4�#\x82\x{DED4}\xE2\xCC)3�\x83\x8ELyx\xDBum\xA8\+\x9D\x8F\xA5\x90��\x8F\\xF5P|\xAF/#\xC1�\xB8r5%\x87\xB6~PRSU\x83\x9A%\x8DJe)\xA4\x91(\xBAb=S�5\xCA\xF5\xA6"F]�KY\x85\x94\x97\xE5\xF5\xBEZ\xCE\xEB5\x97|Y�\xF2\x80\xD97\x98+N\xE4\x9C#\xF9{mb\x99\xD5\xF8\xF8i�\x84_\xAE\xBC\x9F\xE6*\xA7\x88g\xB6\x9B\x9AC\xAF\xC2*\x88\xC2]\xE7\xEBw\x92\xD0bA\xC4\xD0g\xF1\xF4\x83Ä“\x971\xD7Aɺ�Tfd�\x87\xB4\xBDlY}u\xA4X\x93\xE2\x9B\xD6DÚ±c2\xD5�\xFF\xFB\xAA\xF6\xB5\xB8\xFB+\xE9\xD2׷ĉZ\xD5�\xE9\x971\xAD\xC59\xB91\x91\x8B\xB8\xD4-`\x91@1\x85\x91\\xE9\xE9\xAB'\x8E\x874\xF7v\x99�\xA00G}\xC0Ì“�\xACg\x9E:I\xA8���Û—Ü´\xFC,\xCDM\x97\xE8\xD2\xE7\xFE\xB2\xED\xF7džӖ;\xF7�Be\xF6Ty\xFAV\x9B\xCCu(Oo�>\xB7\xB6\xA5�\x84$\xC0\xD5[ge\x98{\xBE\xB8\x890z��\x9C{6Qun$2\xB7\xB1ÃŒ*
-�e\xD5�x׫\xC5I\x92\xC2\xD1BM\x84\xEF\xF5Ú\x91a\x96~j
-\xDE\xF7\x95\x858nI\xA0�\x934(Y\xE5\xEE*\xD46*8C'L\xE1i
-a\x89\x91\xB92D\xE6\xBER\xD4\xFA\x92+�i \xF2sMJ.\xE4�t\xBE\xE4Ș]\xC1~iđ\xA8\xD8d\x90V?$\xA9\xA4\x86\xCA֌\xFAx
-Q\x82|\xCD\xF0ê’Z#&�\xE14\x85L\x86�E�`5/7\xF6(d��\xA2DÅ\x89\x85\xB2k\xAB\xCD�Z\xF6�ä’š�I�\xA7M\xB9�\x98�\x9AoX\xD7B\xFFh\xAD\x83\xA9�\x9As�}q̱\xEB\x95Vf\xF3\xE5\xB5�\x8DC%\xDC��V'\xA1Z+N\xF9z�-\x9A�\xAE'\x9Aq\xC85\xA9\xD0Ê©\xBAD\xA9\xB7\xD2l\xD5]�_@�[\x8A�a\xD8E\x85\x98\xA4\xEC9\x8E\xE3vI\xAF\x96H\xD2zK1\xC2LMC\K\x85\x95K\xAEy
-\xF8��t]_\xD7j]�7K\xB0Y\*�Ï©B�|\x84<\xA4,K\xF5Ç®\xFA3\xE8\xC7�4\xAAr\xF6 i\\xCA{�6\xD0\xFD\xFB\xB6\xBD\ \xA5�\xE4�\xDBÌ–�y�\xEA\xB2\xDDpJ.\xF6M\x99\xF4g\x80\xCB\xCB+�Q\xE72�\xCB\xE5\xFFX\xF9\xB5b!F\xB7\\x96�\xA9w�\xBF\xF0��l\xB1\x9A\xBA\xF0\xFA\xB6\xAD��`\xF5*K ,\xBDKnJ\xF0\xB4g\x91q�T]6A\xCB\xCA\xEFD\xE5\xE4 \xB1\xACH\x9E�\xAE: �\xF0\xD3\xEF\xBF?^~\xB96�\x90\x9CתĮ�\xEE\xA8\xC9\xE9\xE1\xF1\xC6+4\xBB\xF0\xC8�\x98�\\xF5z\x89` \xF8\xF3\xA1\xFAC|D\xF7)\xB7\xE7Ë»\xC5�^\xA5C\x9C2j\x92U`�\xCA;�\xF5;J\xC9�\xBE\xC3|\xB5Jo_\x906�\xB0��T�\xCA;\xE6\xAD7=ļ\xAB\xF1\xD5E�\xFCn\x89\x89\x83\xB1;\xF6%\xEF�\xA2n\xB5\xAEÜ£\x84\xD6�\xBC\x93\x9B\xFA\xD1#�q\xE41\x8C\xC2#\xF1V}\x80�0\x99N\x94\xBA\xFDToB#\xF8>\xF8>\x83?\xBF\xA1\xAFT\xBD,\xA4j�\xE6\xEC\x83fIg5\xED̦\xBB\xD9D^\xB2\xC3Ï\x8B\\x8C\xEEQ\xE9�� \xA7S�\xA3\x88⥕l0\xC7|u\xEAV6I\xA2\x9A\\xAB4\xC9@�\xEF\xA2��\x9D\x82<v��\xD2\xDB\xF5\xC0F}K$\xB3B\x94\xAF\x8E\xC88nt\x8C��\xD2Td��F\xE6�L\xAC\xEE\xD2\xEF\xCF(H\x8D\xC0\x91\x80sÞ¥\x94�›\x91��\xAEP\xE8�\xFC}�\xA5*&kH\xDF Y\x8EB\xE1\xD1�p\xC8\xE6\xF2\x95z\x82V\xA5\xB7\xD84�C\x95�\xBC.�L@\x8F��\xE8EQ\xD0fkC\xF4\xBA\xCBJ��I \xD0] �SP\xBA\xAE\xBA\xA5SYf2j\x9Fo\xD6�d\xF5*:\x90\x87\x9E\xDEÕ\xE2\x90�\xA7oi f\x9D;\x9Cm_�\xC5a\xED\xBE?e.,�;f\x92\xAF\x8C\xC2\x{1CD2D0} f\x83>�]+�a\xA57yX\xC4?\xDEW\xBAi�'r\xD8\xC1�p\xED\xCE,\xB08\xF0\xAB\xCE\xEB�6\x91~\xC9 \xEDÞ�Y \xF6�82\xCB\xC5d\x92z\xB5\x9F\xC0H(\xEB\xF24\x84�\x95\xEE]θ\xD0 �5G\xD5
-8\xCA\xEA\xC8�\x80e/\xCAF)�9\xBAD��\xCC\xCDq 5ƥ\x89\xEF~J\xBFh\xB4(\xF3w6\xDC\xFBƉ�Ad*\xE1?\xAC3V�\xE3\x92vp
-\xAD\xC6\xC87\x9B\xA4\xB0\xAB6 Q<9\x87�ut\xB3\xA3\x86\xF607�\x96�\xF4\xF7\xAFOI\xB3\xE5�j\xBB\xAB,\xC1�A\xFB\xDF\xDE\xE1aG�F\x88\x82o\xC5W\xB8\xBF\xE8!\xF5\xC7Q\xF6;�7�\xB4\xABW)\xA5J@�JW\xA2
-\xE0Z
-\xD1e\xF5�3E\xD6%\xC5�\xC1\xDC
-\xA4f;\xBC\x89P�6\xB6\x87\x84 \xEA�\xFE\x94\xDD�\xA7\xA4\x9A'\xE9Ao=\xA3\xA8p�\xAB\xEC\xE8\xDAꈎa \xABÂ¥\xAA��\xE9P\x97^Ä\x86Ô¦\xE5^'\x9FVH\xFF\xB6E\xF7\x8A\x84
-�sx\x9A\xE8!\xCD\xEEN|\x93&Z|\x9F(C�\xC5L\x90\x8Ca\xB7;m\x96�\xF0u�\xD8\xD8�\xC5i\xE8|N\xAE\x9C�\x92\x87\xFB{@\xE6/K�\xD4��;z\x90%\xAC\x8D\xE6\x91| +\xE6$\xFE\x98%\xFB\xBF�`;\xAD\xC9En`�� {\x80\xE1\xD7\xF2\xD2"\xB1�\xD8Ȩ\xC0\xB6vI\xEFp�I�/\xCBQ\xA0v[T?\xAD\xC2:bVz(\xD2�)\x85Y\xC1'à¿¿\xEBBs�\xDAÆ¢\xEAsK\x8F\xBFi\xAA\xFA \xEFÒ«'}Ö³\x96\xEBI\xF7\xF5\xA0�\xFB\xA0${T\x9D=\xEB\xD3>h\xD9>\xE8\xDE��r\x8Fj\xBAG\xE5Ý£F\xEF\x83\xF6\xEFQ%\xF8AQ\xF8M{\xF8\xA8Q\xFC\xA0g|\xD4>>\xAA$?(*?\xA8/�u\x9AO\x9A\xCEG\xFD\xE7\xB3R\xF4\x83\xAA\xF4\x83�\xF5Q\xABzKZ\xEBoS\xAC\xE08\x91\xB1\xCFJ"\xD7�\xBB\xE3�tØ¥zD?\xD0?\xC0:\xFD\x90\xD9W�\xFA7x\x89�F\x92Z!\x8C&\xB2Iv\xAC�\x94�\xE2�at?�Z�dx\xE1\xCF)S\xC48Uc\xBA�\xCF\xDCI1{\xC9uP\xAF\xCD �Ü\xBC"� ��J\xB27\xC9h\xFB\xB7�\x90Bhsy�\xC1\x8D\xF4\xB8\xC0^\xBA\xAEÉ—\xBC<�]\x86\xA2X\xDA\xCA\xE6.\xB9vÅ”v\xF6i\xB0��\xAA\xF9}
-�\xF3<\x97\xBE\xDB\xDA�\xA3\xA0x\x94\xD2浹ʧ�\x95\xAB-\xBB�i��*��\x88k�3\x931\xB5��l!\x8B\x95\xC3x znY,7\x86\xBE\xB3\x99\xBDZ\xD0\\xAAQƋF\xD6s\xCD\xE8\x8EP\xA5x\xB2�\xA0h"\x82�1�\x8B32_>\xEEt 83:\xCD\xC5P<C\x9A\xAEɅi^\xE6\xA2ʽI\xED:��F\xEE�\xC6�\xF4<\xE3k�\x8A\x8C\x87\x91\xAE\xFD\x97\xA8#m\xC6ʟ�S\xEA\xFD��\xDE\xD2j\xFA\xDC�\xC1 �Jm%G\xA9\xB1c6\x8D-\xB1,Ք0\xEB\x91ǣޙ\xCFQg\xCF\xD6*\xCC1L\xBB`\xCA�\xFBcj혆;&\xEC�\x92{\x87D\xE01e\xF8\x98^<\xA6"�\x92\x96\xC7�\xE7\xE5λ'N%\xDC+t\xF4&\x84_\x97 \xA0H񪟷\xE1\xEE\xA7rPD\x99�B\x9F}&.\xAA\x8Dؓ\xBA\xBCL\xFB\xC4C\x9D\x81\x85
-13�UÖ»\xA4\xE6k\xD3\xEA9\xC0vm\xB5L{\xB1$^$G\xD6\xF2u\xB1\xDCy\xC5Y\xBA\xBAw]\xF1\xE4d\xD32\xDF�\xDE\xCB\xCB\xCCnd��F "?$7\x8F\x89\xD0c\xCA\xF41\xBD*\xA8eRq\xD9\xD8�#+?\xCB<\xC4\xFBW\xF0\xFE\xA9x\xD5 \xF1k4\xD0\xC9�\xCD\xD3�\xA1\x90\xC0\x93�\xEB�;G \xFD\x92t)\xBF^)\xF3\xA1j\x82\xF6\x8E�\x80J \xFCÝ“\xC4 \x94{\x854l\xD7�DO�\K\x9A!̤�\xA4K<\xABZ\xB7\xB0\xEA\xDB#\x9C\x9Es\xC4O7\xFF\xA2>X6RV\xB5y�\xFB\xAB+\xAD\xD6O\xBB\x9E\xAB�,\xEEEv\xA4Z\xCD-\x85�hfꬮ(�W%�`\\xCE?6c\xC8+Xa×$\xC7\xE7\x90\xC6�Î’\xE5\xFFL\xA9o7\x86\xF4$\x80\xEAL4SwØTB\xC4$�H\x89\xEA O\xA8z�\xEC�RÝ8 @\x9D��#a\v\xADW\xD4s�\xD9�\xEF.\xD4cs�\xAC\xA0f\xBF���\x9D\x9D\xF4\xBA6\xE7*\xF1W\xEE(V,�P\xFC��W�i\xB6|\xA9\xA6\x8F\xEC��!-emm\xF5�\x89L,\xA1-\xAA\xA9r\xF1\xD7J8/n\x80��x\xD7\\x92Ź\x98?\xB82\xA8\xB0\x88\xDAvI"1�\x95_\xC5\xFC\xB3�\xB39\xC7vHݘ�\x84\xD3\xDA1�]\xE8�\�\xBF}_\x81\xEF\xA9\xE4>\x90+�\xBB\xF3\x8B\xC9`xj<�\xA2\xF9\xF5n[\xF9\xFC\x8F\x9E_\xABÉ’É®0l[C\xED&O\xAA%\xCE*|
-�\xA1M\x9A3�`\xACR��\xCE䮷T2\xDE�뺵+$\xB3*\xACk\xBF!3\xE9g\xB3\xD5k\xE9�\xC0g\x95 CN\xA2\x9A!W\xB7�4\xBB\xDD\xC088@\xD0\xE1k\xF7~;ߴʗ\xAE%\xE1�FB�\xECn�\xC0f\xA2\xC1\x96\xE9\xC0\xA8\xC04Eiܣ�<Bɕ\xAB\x9C�ge\xE2\xD8W9a>\xF5\xE6\xE9\xA3�OO�w@�\x8D<E\xE0\xA9=t\xE2`\xF4\x84�F\xF5\xCD\xC8\xCDD\x81\xC2\xCCBl^�\xB6\x84\x91�Hȶ\xBA\xF2p\xA5H\x95\xE0�LJ\xD5\xE1\xCF\xF8\xD5Ef\xBD\x90
-\xE9\xCF.x\xC1u5^�_���.Jh"\xA1W\xC8�9
-ØŒC�\xAF9\x8F\xB4\xC7�t\x84\xAB*\xC0*1#\x90\x95|��QÉ\xF9p\xF9\xDA��r\xF8 \xF6!d\x99I�h\xD2�\x83q7\xAF&\xE2ÒŒ\x9B\xB7P\x9B^\xB7\x84\xE1\xC1qpvjeh\xE9F\xA6\xEAk\xBB!\xBEKW\xFE\xD0\xE4W\x8B\xF0!L!\xC1\x99f\x81�H\x92\xA27PC\xAD\xBDL\xB5y3s\xDE\xD2QIF\xC9�O\xA7\xBF\xD1Ø¥\xE74�\xA1\xD8"\xA2&\xF1\xBA=B\xF5L\xB1q�\xE2J\x83\x9F;\xCA\xE7R\xCE fw^`\xDC_-s\xE5\xC6G\xE0�t?\xE0|\x80$\x95 \xCC\xC1�\xA0\x87LF�\x85-\xA2��\xB5
-�[�\x85\x80�Jeq��\xE9�L\x88\xC9=\xC4>\x9BN at M,s\xD3�&T\\xE7Î1\x8F�} �\x89\xAA\xCARft2ce[\x85o|�\xBAu\x95\xD0=\x9FC�x%\xF8�x].*\xA6d\xBC\xBF\x84\xA1\@-�q�L\xC8u�\xECDz`B\xF4\xBF짂��M5\xEC\xDA�\xCBf\x9C
-\xA3D\xAD\x8A2\x99��E�u�\xA2k \xC6[\xB1\xA2:O�\xE3\xF7\xF8\x87\xBC?\xC7�@\xFEj\xC5qG\xC8b^\xC2\xE8Ö²\xB5\x9E\xA7\xF8\xC40.9V9\xF4\xDE\xEBV\x99Í¡\xC8S\xA3z\xFAx\xE4�݃\xA3#\xF1\xE0t��\x94\xA3+\xF3\xE0\xF6�]\xA4\x933ut\xBB\x9E�\xB4\xA3+\xF7\xE0\xF6\xBD9\x88GG\xF2p\xE4\xA5d\xFFTb �\xEA�ZT\xE1'{\x8D0~>\xD1\xD3\xEA\xF3a\x89}\xFC\xF2\xB8�\x8F�\xF7\xA7%\xFE\x8DK|\xBA��\xFE\�{\xEC\x93\xE2\xCE�\xD1\xFA\xA6F_�$X\x8EX��\xB5W\x8B\xF3�tSZ\xCD�\xC0z\xF8F\xDE\\xFF\xF7�\xF9\xE3\x97Ç\xFE\xB8=\xBCm%ß´\x95\xF0HË\x8F,CH�\xFB<)��\xC7\xEB\xE2 \x9B\x85c\xE6F/5N\x94\xE0Ñ«U\xE3\xF1��\xCF\xD9\xD8\xDE\xC5}V�\xD2�4\xB3gB\xDD0m\xEF\x8FI_6s�3\xE0Y\xC9\xFA.\xC5�iY \xC8��J�\xE0n\xFA2\xF5\xB9"\x83\xE1 \xC8jX]\xFE}\xC0\xA1\x9D\xF75y\xA9N
-\xB6>r\xA3�\xC8\xEA.\x9F�Pn�\xBAWXqS\x94\xE6\x80\xC6;٨\x98�\xA7\xF6\xD5|{Q�}\xCCZ:\xADŵE�\xAE$\x8Dߧ\xF07\xED\xAC�5\xBF!΄\xE1n�\xED\xD1\xE5��\xF3j \xD7 H\xEE\x88�\xE1'\xB0\xC3\xD7�\\xC4 ?\xF1�\xB5��\xBBE\xA2-G\xBF7�ꘗ2b\xF3\x90\x9AA�C\xE5\xD0X�8\x9E\xD8(<,�\xAD#\x9A�\xBF\xCF\xC0 \xAD\xF1\x86\x95p\xB4F|�\xA8\xB4x\xFA\xC1`�]%`M� �Y�+K��X\xA1 \x98\xA1|\xA65o-\xFC\xB1\xCE�\xF9�Z\xE2�Yq\xC0`<\xE05\xCEЎw�\xC8�-\xF2ߜ\xF3/j# U�\x95Ъrl\xD6;\xA3\xAAZGy\xCF \x94}\xDE
-QTB\xB4\xD6r\xAE\xD9�p\x84\x97u\xF1c,x5\xD1/\xA0\xE5\xDD\xE7\xAE�\x92\x83e\xEAd\x9E'5\xAAFfz\xDEhd\xBFRt8\x96'\x8E\x85\x8C2c\xFFvD}\xFC\xF2\xE8\xAF�=\xBB\xC3\xCE\xFBk\xBB\xF4q?\xFF\xBC\xF7\xFF\xE0 �9\xA6-mÚ”]\x85W>\xAE\xDDL\xC51\x86\xC9{\xEA|\xD3#�C\x83\xD5$D�\x8C\x94C0B\xF0?u\xCA�O\xE4\xF3\xD9\xFD\xF9\x94\x9B\xE5w\xFF\x83\xE6嘇\xDAB\xBE�Y:��\xA9\x9B\xFAd\x9Cb\x9DR[A�\xB5���\xB7\xA7\xB7\xD1=8P�Haw`\x9A\xA2z1\xC6�\xE8\xC2�Y"'\x98�\xCD�4qß\xC4�\xD4\xFBV\xB8\xCB\xE5~�W\x93\x8B\xE1\xC8t\xEB�\xE2\xD7n�\xFA)dy�o\x8E\x81\xD0[\xD0\xF4>\xD3`\x88h\xF6,\xDD\xEE\xA7\xFCus\x9F)K�c\xE3�WC\xAD\xF9t\xC6\xFD\xDAyx<9O\xA7\xECNFd�\xE0k\xB4\x9B\x81'\xC7f�\x86_Õ �\xEE\xFE\xA6�+\x8A �p5#3i%\xE0\xDF\xEFS\xF0\xCF"\xAA\xF6~\xD8}\xFC\xF2+�\xE3\xF1�}B6\xBE\xA3 \x8Fx\xC9'h\xA5\xC0\xD8\xF5\xD3\xDFSe\xA7\x86\xA6�\x8C�\x949qo�\xF7K\xB4\xBBT]\xAC/× IV1\x80`�'\x81m�}\x80\xCD�o\xF2\xFDp\xAD�\x91�\xECy\xF0�Þ\xFB\xB7\x8E\xDC�4�\xBBw�\xFA|?\xF4�\xE8�~\xE84\xFEЕ\xFC\xA1\x83\xF9\xA9\xD5\xF9\xB9)\xFA\xA1\xFA\xB1\xD3\xFASS\xF6C\xFF\xF6c\xA7\xF7Ç®\xF0\x87�\xF2\xC7^\xF3�}\xE9\x8F=\xEC\x8F\xDD\xEEg,uJ\x9B\xF9 \xA0\x8F\xA8�EJ3\x8C,\xC9[\xBD\xD1��
-\x91\xAC\xF8;\xBB\xDF,
-r\xDE\xD9\xCD(@\xFE\xBE\xB1\xD3�i�J�\xCF\xF6\xBA\xCCrY ׸R\x8Cx\x86\xB0\xA1\xDF-� �\x8E\<\xC1\x9E+/\x96,W�\xEC`\xF6\xBA8\xB8&Y]\xE2��j\x8A\xD5�\x9E50\xBF�\xECj@\xB9\xEB\x92`\xFB\xB0\x84q�_\x8F�\x80\xB5\xC5�J�\x8E\xDE"\xF1�\xB6\xC3r�\xD7\xD8�.I\xBE\xD8\xDA\xE2\xC6r9\xEAT\xEB\x90(K\x98\x9B>�\xF1FCY��\xD7.C^H\xA9\xDB\xDFC�ÅZ�J\xFA\xE7�!~\xBE-6�\xC2u\xA6Xe\x9FV\xB4:\x85\x99\x8A\xF50{C�\xFC95\x91\x8D\xBE\xB9\xF4q\xFF\xB4�\x9Cv\x8B7\xDF\xFE\x83f\xF6\xD03s\xF8\xF6<\xE7ad3\xD0:\xB5\xFC�H:b\x9D�\xE8\xBF�Ba\xBE��L'G|\xFD5t\xE7��zB\x8C�Ñ¥x5\xEA
-M=�\xBF\x81\xCAx\x83\xEAN\xB8\xD3\xE5\x98�\x8B�\xC4i0*\xD6��iŵt>\x81i[�\x98\xE1Q \x8Ef\xB7e
-\xF0\x8A^e\xAEܙf \xE4\xBBr�\xCFP\xF0#j\xFC\x80/Ģ�"\xB1\x87\x98\xED-\xBE;"\xA1\xBB\xDAZ\xD8F,(4\xA9\xE4@\xF4Q��\xDA'\x8E\xB4�B\xEC믉\xBF�\x85b\x8F\x92\xB2G\xF9\xD9\xEC\xF9EG\xDEQQ\xD2\xF2)\x8B\x88qv\xBB\xC0\x95\x85
-\xD97Wm�aY�?XF\xB7ǥ Iݸ\xB3�}\xA9\xDB.\x99�\xEAx\x89\xF7\xA0\xC6\xF1-\x85\xFAH�L\xE3\xFB$\x9Ef\xBA\xC5"\xA1d\xDC�\xCD�\x8As\xC87Ѱ=\x9A\xC0L\xEDE\x96\xB3�\x8C\xDC\xF0`~\x93\xA8\xF3�a˖Y�\xD9\xEDB\x81\xCF!\xC4\xDD�@\xEE\xEB3\x98\xEE�\xBB\xFB \x9D׽�\xCC8]?M\x8C\x97A2\xFD�o!�=6�\xD3̾;\xAB)
-\x8D�Ãd\xF1\xBDO\xDD)\xD0g
-\xC13)\xF0\xC2=\xD0�\x8A\xA3\x80;&\xF3`+A\xB7�\x84\x98\x9D\xB4\xCCh�\xB9Gڨ�Kv\x8B$\xF9a;\xA5RLb\xDF�\xB4V\x8A\x9F\xA6\x96\xF8\x8Dw\xD0=S\x80tT"�3�\xE4xY\xDC\xF5\xDE�\xE1\xF4\x9C+D
-\x9Bs\x8E>h\x96{W�\xA1e\xB2�R\xAF`\x83��\xFB^K\xCEQ\xB9R\xDC&\x8B &Q�\xF2܌\xEB\xE0p3\x9B\xD4c\xB7\xC1\xDB\xCE1\xC0\xBC9\xF2b\xBE\xD9��\xBA\xF1ڱ\xDF�\xE1\xF0\x9C\xC3�I\xF4\x8A-q\xF7A3\xF3&\x8D՘\xAF&C.\xBFhz\x8F\xB8\xAF&X.�ݱE\xF6G\xF4\xF5 �\x95�\xEC\x93L�)\xC80\xCA_\xA5$\xA7�\x80�KR+\xCA�\xA1GfH\xD5\xF2+�5\x96\xC3pD\xB9\xFF}
-�\xD0\xE5zc_]\xC9Ý»\xEC\x99X\x98o+\xE8�J\x97\x82\xAA\x8E\xE6i\x8C\xFE; \xBEYn\xC3M[\xBCS\xB8B\xF4\xB8\xABR\xB5
-]2\x98\xA5mw\xFB)\xE8\xD3'\xAE\xFDI\xB5d\xA0Q\xBD\x88�\xA1'5U\x87\x99\xB5T\xA0\xF6\xB9 \x8F\xED,\x8E\x80j�~0\xFE\xAE\xB6\xC4\xFE
-\xDFx\xC4Ù€^\xAF\xFE\xE1c\xA7\xA2��\xEC\xACÄM U\xC0\xF2\xB1\x82�><\xE2\xFAj"\xFFl\x9Bl\xEC��\x93/P7\x86�07\x8D<\x84i\xECǨ\xB6\xDAÕ…�\xA3\xCAÛ»\xB5}\x82Yz\xD1�\xD8\xEDa\xDDahÞОs(Z\xAD)\xEE>`7X\xFD�\xC7�S%�cqp�\xCEh\xC0\xD1vGs\xBCA\xF6��\xB9\x83:\xF4/\xA3\x84�k\x9C\xD8\xE8SKo\xBD:\xB5\xFF�W\xD0-�"}\xE5\xB5Ú¬�\x9D�yh\xA0\x93@�\xA7X�\xAF%,\xF1\x98�_:>,/{\xAB\xD7\xD6\xF1#>}\xE9+f.9J\xE8CsLG\x97\xEDW\xF5\x96�\x98\x89
-\x84\xB7\xECe�\x9C\xC45d\xB9Sl\xFD\xBB\xA5��\xE25a3\x95�\xF7\x96\xC64\xEE�j\x86�aNj\x96�9\x8F\xAD\x9B\xA3"\xF8\xF2\xDA.u\x92\xBA\xA5͹,L\x86\x84\xC2\xDEW\xBC\xD3kw͆ys\xF8\x99
-Gj\xD89\x82f�\xB4]�\xA9$\xB5\xF9\xC3\xCC
-\xF6\xB0�P�j\x9F\xCC�\xAA\xE9K\xBB\xBC\xD1(\d!b|QO\x99\xB5\xB1\xCC E\xB7�[\xC0\xEE�\xDF\xE5�\xBC\xC7EeXE\x90\x97\xAD\xD5,!�\xC55h{\x91�P\xB5f�Z\xAB҇�\xC5�\xDF�%ؑ)\xD6m\xABZ\xE1V4\xAE\xB6q\xBDo�V���cK\xEAF/p\xEF\xDCqQO\xC7b\x9A�|�Il��\xD4cg\xA2`\xD5nf\xF1\xBE\x90O\xB0\xEB\x9F!\xB3�\xB4\xB6Xj\xABP \xBD\xAB?\x9E\xF1Ή\xC3}\xC3\xEC\xDA]\x9E\xF1\xBDG$\xF0#jxx]\xD3T�\xDD#Y3ڱ\x84\xEA\xAAᮋ\xA41l\xA3\xFC\xB6\xEF ˼;\xF8\xB8\xBA\xA6 �$\xC1\x8E�\xC4Xwp\xFD𼔛Ӕ*�\xC3Cˈ6A\xC7y\xDE\xE1\xBBR\xB2\xDE:�\xB9\x8C8V\xF65%\xA3.\xC9\xFC+\xC2۷\x97p\xCA!\xBF\xE5\xCA?hfn�y\xF5\xCEl\xFD\xD0^\x85D�51\xC0\xF0\xF5\xE6\x{135A6D}\xC5WS'JĦ\xB4\xD0;A�\xEEY4�\xA9̂�L\x9AJu\xF7\xBCs\xC0ܖ\x80\xB7 n�\xF1j\x80~K�2\xBE\xE5\x80-_|\xCC,\x9F\xB2\xD0\xD3ũ\xBD
-@\x8D\xE6:�\xA1�\xBC\xA6\xA8\x8B\xF7\xB1^\xF0T[8V!~\xAEX\xBC\xA5\xB1\x81\xEF�\x80�%\x84b\xF9l\x95\x9F/$\xB4Qkn\xC8k\xE3\xFFz\xCD%j
-\xD0eBқ \x8FwѪ�\x99\x8F�WG)\xAC\x93l\xD6Qb\xEB(\xC6\xF5 \xDCu�\xF9z\x90�;J\x87\x9DT\xC6�\xE4Ȏ\xD2e�2g�A\xB4g\xF1\xB4w\xA1\xB5\x93$ۃ|\xDBY\xEA\xED \xF7 �\xF7 4w\x94\xA4{\x90\xAF;H\xDD�E\xF1��\xF4\xCEb{GY\xBE� \xBF\xA3\xDC\xDFQ�\xF0,"x��<H�>\xC8�>H��\xC5��\x84�\x8F\xA2\x8BGyƣ\x94\xE3Q\xF6\xF1(�\xF9 &\xF9 <y\x94\xA8<\xA9Y\x9Et/\x8F�\x99\x8Fb\x9Ag\xE1ͣD\xE7A\xCD\xF3$\xFCy\x94�}P�=
-\x8F��J�\xA4L\x8F\xB2\xA7�\x81\xD4�1\xD5�Bwsww\xAE\xE1`̨}�\xBC�\xC5\xF8[\x8D�\xAD\xE4\xCBn\xB21\xD4_\xDE\xC2%\xDF \x9CT�\xE3\xA8
-\xBD#r\xB5\xA6\xF3Y\xA2\xEA\xD1t\xBAG=`\x86Êu\x97\x96\xD2y\x81\xA4\x9B�\xB0�g^f\xF6FF\xDB\xF8\xE8d'\x84;�\xEAPN΢v\xC1,\xF5\xE7\xA50\xCFza'u\x8D\xA0�\x867\x93\x97\xD0wNÒ\x9BWÈ’/\xEF\xE7\xED\xC6\xE1\xE4w\x93\xDFvH�ÂŒ\xABsf#\xFA\xB4&\xDFÑ‘C\xE4\xB6�$L\xBCru4\xA7j\x98\xEF\xDBq�L\x8A\xB4\xF9&=]\xEClZ\x93X\xADX\xA7\xBB\xC2H\xAA9\x8CWÞ\xE7U�\xEA\xE1\xFF\xC08�\xB7H\xF5j�\xE0\x86\xBAKT\xF4\xD7 \x92\xF6k\xD1\xFA{\xB2\xF6f�=\xB5\x82\xD1~\xBD+\xFC\xB5D\x83\xFE^�\xBD"
-8d�\xE8\x97p\x9FЧ\xDDiΈ�\xD2\xED\xEF%v\x9D\x9CQ\xC6�\xA8Ο\xD8\xC0�6\xFBN\xDD\xF5\xACbjXs,\x854B\xE5\xE1YGDu}\xC6�\x86\xE0d�'3 ��\x9F\x82+\xD6 G
-sZ,\x80\xA9
-\xE2T��\xCBLU\xB1I\x97�%\x90\xB4e\xA2A\xFB\xBDT\x82\xB4\x90B�(+Qb�\xC3\xCF\xD3\xF5Pψ\xB9i\x94L\xD6k�\xAA\x95G�\xDFV\xFB\x94\x9E\x9Ae\xD2\xF8]�1A�\xCC�Am\xB5*\xB2��\x83\xDDV\xCC\xC8VU\xF6\xAD-��\xE6\xEE\xE8�4o\xD1�
-\x8F�˴\x84\x90�\x81! ^/\xA1�LJF\x9B \xE930W\xC7p\x8CP%\x80\x91@\xA3\xB1�\xC6\xF5\xBE\x8Bt\xF5\x81\xC6\xFA\xF3Ć\xED8|~\xF5 \xB6\x9Di\xD1M\x8C8�f\xA9\x88f1\xA6aLT\x80\xCF�\xB5\xC2~WE\xE5\xEDᓎ�\xBA~\xD91\xA34&\xE5E(�7-�)]\xC1\xFD�\x8E�=b\x92\xBA\xC3\xC1Hʳi{\xFA�?Zԅ\x93\xF7\xF8\xF5�j\xE4Ps \xE9G
-\xA76\xF9\x9B\xF3C#\x97\x90\xE6\x8C\xC6\xF3#\xABdg\x88�\xC7ጤ\x86\x83B\xEF\xB8Q\xA8\xCFdM\x9C\xFC,\xBC\\xCDezm\x9B'\xC1%\xBC�\x8C\xFEY\xF7\xE0�\x98^\xA8\xDA\xDD\xF6�;\xC3%e��7\xC3U\xFA\xB0\xD0Ш\xAAl�\xA98\xF6\xA8.Z\x8F\x84\xA6\xBFg��a�!\xC4\xC8\xEB\xFB\xE7j)\xA4�\xBE�E��\xF7IC~\xAA)���\xC4P\xF5q\xFB\xFD\xDD\xDEb;C\x8Ew\xEA!qWg`\xB5\xE0ʹ�keVX\xDE\xE8\xE8\xCA*]ކr\x9AF\x9C\xA2\xE2e\xA6\xB5oW\x9Cn�\x83�\x90\xFC#\x{17B5F0}\xFC&\xA8F\xAB\xDE٣\x8F\x88\x85\xB2sG�\xEC\xC2e:\x87|\xFC+6\xB6\xAD\x83kz\xF0���Qn\xB7~�\xCC�\xB3z\xEC\xC6L\x93t1ۼ\x89\xF3\x86(\x86\x99y%\xEB\xFA0I\xD73\x85k`\xED$\xB4)O\xED\xDF\xF2I\xFC\xA3\xD0\xDF�\xC9�r\x9D\xBA\x8Dh3\xFCz\xF4Z6\xF1�)�v\xB2\xC4,ʒ�\xA3�?\x99\xFB\xB8\xF8�M\xB6K��\x83�\xE4"\x86S;\xCC\xD5\xED4*��Ou\x89{\xB6vH�!\xB8K\xD7r\xAA[4\xD8\xC1\x8F]
-T�:\xC1�\xBD\xC2l\xE7m\m\xEA\xED\xDEB\�K\x90�\xE3\x81?�\x82{\x98ب\xC2j\x91/\x90\xCBH\x8C\xC0E�[\x92�<\x8AQ\xFF\xF6(\xB8\x83\xB3\xF5As\xCD)\ެsq\j\xB6\xB2.׼\x9E9�\xEB\xCBC)?,KT:f�\xFAf\x914\x88\xAD$\xFA�%\xF4\x86\xC7\xEE\xA3c\xE0\xE6No\x8Fj\xB37\xF7\xA3K\xFD\xEA\xD1W{\xF0\xEB��\xE0\x83\xB7\xF8\xE0Y�|Ѓ\xBF\xFA\xF3\x9Bj\x98{ds\xAA\xCD>\xFEQ\xF1\xAE\xBEX\xABK'\xF1T\xE9h\xEEk\x9C/\xECx\xC5w`\x88\x97\xE1O \x923\xDC\xE4Q\xF8\xEC(\x92v\x94S{\x90^�\x81pWU�\xDBFY�\x91\x98�\xCF\xD73\xDC\xE0\xEB34\xE1�bx <0Sd\x82\x82B\x91\xB1\xE3� �%�7�"�6C\xB5�\x9BB\xFDԥ־\x97
-\xC80\xB2\xAAl%�\xEFp\xDDv�\xC5a�\xEC\x99êY\xBBmq\x89\xD7J\xD6\xF7�\x9Cs�\xF2�!?o\xF0\xA0\xDF>\xABx@\xCB \x86\xA5\xAF2E\xA9r\xDF|K['\xF0\x9F \xF0\x873ƙ\xCEpk�\xDAl)\x9A\xA1m\xB8�\D\xEF#mb$U\xFAq\xBB7k\x92\x94\xBD)�\xAE\xFC\xD9�tM\xC3"cȼX\xBA3\xCEKB\x96\xDA�\xE3H!\x8De\xFDX%C\xBD\xF5\x87-x\xD4\xD9��\xB2{\xA43\x92\xA7 \xDD8B�ۘ\x84\x82\xBE\!\x9CN?\xDEa2\xE1o�.bg\xB3b\xB3ݤ\xDC�\xAFT\xDBb��\xD2X\xDB3\xECl\xBDl�\xF8\xE8�PIo0y\xBBH�\xAB\xCBr[\x91"\xB8\<fX[\xB0\xC2e�\x92�ü\xA0\x99ng\x9B�C\xFF\x98\x82\xB4p\x8C|V\xE1�T\x89\xD7\xC2�*\xF2\xD8$Q\x85\xD3gJ,\x9Aȡ\x89L\xA4j at yi\xFA\xA2\x9B�\xAA�\xC3k\x93-�1<F\x97�\xB0\xDF\xF7� �~�D�\xE6$/$\xD86\x97\xAAu\xE1D\xC0&�\xE2\x8C[g\x96\xB3:\xB4\x83\xF7\xE3I\xAF\xBA\xD5\xEE\xBCq+\xC9\xFBQ \xB1�\xEA\xA8�\\xCB�\xAC5\x94m\xBC\x96\x84S[PM\xC6P*0\xA9E�K\xD4��+Z\x82\xEF\xF4u\xFC\x93��cz\xB5H\xAB_RX\xD3Y=n\xA4�=^\xC8\xE0\xECW}hB\xC6j\x80
-WM$\x93\xB5\x8D.\x87�3t�+\x84\x83*\x8EF� \xE9g \xE1[\xEDڿj\xB9�\x97\xEB�\xB8q\xCB\xE3_Y\x90_\xC0\xEEf4\xD9`��\xBB��/VH\xA0#\xC6s 9\xC4�\xA1ѳO\xA1\xBAB\xCF�_]\x92*yHP^\xEATi��d7\x8E�,v\xAE@\xEB\xFD�uh\xAAy=\xA1\x8E\x8F�\xE5�(\xF3Ϩ\xE7�\xDF\xE4}\xA6�\xC6<\xBC\x95\xE3\xFB{x\xD7\xC7u񰂞V\xDBie�\xD6\xF0\xC3z/\xB1UM\xB5i1\x88\xA7\xEF\xB5u\xC3��\xD6\xCAú:\xAE\xC0\xB7\xD5\xFA\x8E\xC5|\xDB\xD2>~y\xD8\xFCN\x9B\xE4Æz\xDEz\x8F[\xF4q;O\xB7\x85G\xAA\x99i\x95\xCE\xF6)-hҀMo7b\x9F\xC3\xD6!lW SP\xF8i\xF1\xA4\xBEQ\xA1\xEAR\x94V\xB4&\x94\xFE\xFBU�t|Xt��\xA8\xCB�!2'\\xC9*X\x8B\x85\x95~�] ?\x8B\xD5\q\xDE$8\x85 \x91\xA0>\xE4D\x97&\xD0R\x83>\xC0�sԜ!\xA7m\x8CK`A\x83��\x98\x94\xEFp�\xB5\x906�\xD2
-\xB8
-\xBD�\x948.\x8Dj\x99z�I\x94_\xCEmt\xB0H\x89\xD0�\xB1�х%N\x96�\xBA\xBA�\xB9?\x85\xC0\x96\x84�4\xAA\xC4VE\xC0�l\x94\x8DX\x8E\xE4\xA6q\xE8�6\x88�\xF5\x90<x\xB3\x8C\xEDad\xF3\xDC\xDD)\xE1e{E��a���\x95\x8F֖^
-at]�#>*z\xE6H#z\xC4i\xE7w\xDB\xD80\xCB\xF4\xF8\xC4�\xA0�\xC0N\xEC\xB4U\xD32\x95\xB2\xB7\x9F\xBA!~\xA4\xED\xB3�E Y\x93\xF4 w\xC8\xDB�1tD��pH�\x98\xA5�|\xD3;�\xEA�5\xF5 \xB0:�\xB1�0[\x8D*B+�-\xE7u\xFB}v\xB87$�\xE9\x88ӫA�\xE0�s3i\xC2&\xE0�Ddߗ\xA9\xB4\xBD\x8D\xEAwU\xE7MF�7V\x94\xF6\xA9�c.\x91\xC2`\xA4<\xB5\x95\x9E.\xFE\x94Q\x8Fc
-�yj\xEE\xCD�\xF8H\xAF_B\I\xC0×¥Ò¶ 0z\x89\xEC\x87i"WS/\xB1z\xBFh`hf\xAE\Z\x8B;\xFAM;�I\xF6)\xC1\x9D)\xE9\xE1!\xC09�\xF0\xBE\xCE�\xE5"�g\xEC4\xBF\x81$Ý6s×I\x96s\xF8\xE1\xE0\xC6\xECmZ\xEB\xD82>�\xC9e\x8A\xA9I\�\x90^\xCEK \xDEGh\xB6\x9B�T\x8F\x9DH\xB8\xA7P\x8D�L\x99\x8D6\xEA&\xC1#�\xEDP\x8A\x9B��\xAC\xC6\xCF\xE1\x9EC\x91\xE2\xA5c\xABR\xECÙR��^�\xD4^Z\x9DW`\xCD�\x96ÄŸ'w\xBD�\xE1�"`n\xF1\xC3\xF3\xB2~�\xDCe\xA3D\x9E�\x96«L5\xFA\x80\xE3\xE0iT\xFE�\x9E\xB8\xFF\xC1\xF3\x8CH\xED\xFB\xB5\xD1��\xC6\xED\xF4\xFF\xE4\xE0?\x84�\xE7x\xE1�[�\xE3\x90s\xC4r\x88n\xDE�m\x87\xAA�\xF8\xCE\xF0
-?d\xAE�P^\xCD�d\xBFe\xC7�2\xF7Ԃ\xE6خ\xE6\xD4\xD8\xE6\xA1 α_Ω\xAF\xCEc��V\x9E+\xC1 n\xB4\xE2\xBA?�\xFD\x88\x95\xD4�֛YHg3\x87\xB0\xE1�>
-F�\xF4\xA7\x98\xE7h7\xA4\x8Db\xBA<\x87� \xE4\x89�Ä‚\xE3C\xE9\x93'\xF6t\xCF\xF5\xAB uÖ®\x98\xCF\xFA}\xF9 MM\xE8kP\xCA !Ku\xB7)ɸG\xCC\xE0�_\xF8\x80D|@-��\x8EG,\xE4#nr\xBB\x98b\x8F�\xA4Yt8^T·�l\xBC\x84\xF09 #\x9B\x8A�\x9C\xC2b\xD4�\xAA\x9D\x96\xAC at jWr\xB8\xF6\xE7#�\x8D\xBE\xE4�M�\x8F\xDC\xF8\xFA8\x8A\xBE,\xAF\xA6]H=k[2\xE5�+\xE8\E\xD2\xDF8/\x88'\xBB\xAAz'\x98+4h[\xD4A\x9D\xFB\xC8D\xFF2\xED\x81S\xC5ó«‹‚kcz\xAB\xF4kH\xB6\xC3´x \xEB\xC6\xCEE@�1$S\xA5\xA83\xA5\xE3vM\xA5\xB8p\xFF[\xB0�@K�Ä’a\x9D\x82\xB6\xD4PÞ·No\xCE\xE5\xB1}IÂ\x90l\xF5r\xE2>\x9CM\x86\x95\x87\xCDt�Í\xEB\xD2\xD9�lwt\xABËŠ\x8E�pC�;\xEF^\x8D�\x86\x98\xAF\x94n��\xE9<\xB4\xC5#"��T\x8Amå¹\x88\x8FÛš\xED\xA5(�
-�\xC5Sq\xA1a\xBFÖ“\xA4\xE8\xE1\x97\xC3\xEF�&\xE3e\xECYk%N\x8B\xD7�\xC7'�>\xAE\x89~V9\xBEj�\x9E\xE6\xED�\x86\xC0AiF�\xF6+4�\xF2\xA5u\x89 at i\xAB\x9E\xA6\x8D\xA9\xEF\xD1X\xF1RG
-ccÚ•\xAF \xA0H\xE3\x922\xB8Ij\x86o�‰\xF9\x8AKG\x94\xF4\xA0\xC5\xEA\xF5w\x9CÌ·v\x8B�\xF9N\xD3�\xD5!*\xA1�\xA8\x95\xB1E\xDApD\xA6O\x8A\xD2�\xE3&u\x92\x86zQ\xD5\xDD,>\xF5\x80\xDFv\x81ZR�$\xB5\xDE\xC0a\xA9�"�n�_\xA0á‹«\xDC�/H\xA7\xAA.!8\xEEc\xFE\xB0�\x987�Q\xFELEH��\x9DT\x86u\xA5uݽ\xFD\x80� %\xEE&3\x99\x8A\xDA\xD4Ô \xE1��\x8F\xCD\xE6�[>\xC0N2TC\xDD\xD1V$\xB2&d\x93u\xA1\x9CRZ\x89ZW\x8A\x9E\xA3\xD6lÈ…6_7\xAB�\xB6\x86\xA0\xE5\xBB�\xB2\xBF\x82\x93n\xF2Qa\xF9]\x8D\xF9�\xB7\x914�\x81\xD9�\x91Å–\x95\xA492�\xED\xB8z\xB4\xB8\xAD^\xE1\xF1�\xBAZa\xC2\\xB9\xE7uw9h\xF4\xCA\xF2\xD5CV\xB5n�<\xF6\xD7^$\xA3\xC2~�Øk
-\xA3\x97\x96\xA1q\xEEÐO\xD0rȤ\x8FDsn+��KZ\xF8\xD4u\xB5�\xAEKbÞŽ=�fD�C\xA0\xCFwm�%\xE5\xD7\xFDV|T\xF9\xD7\xFDÞ–0\xD8 uD\xA0�n\xC2%gV\xC5�\xFC�cu$\x81C\xBC|(\xAFU\x87\xE6\xDB�Ç”\x9A\x80h� \x80ä°ºa\x9E\xA6=No\xB6�\xDF�-\xF2B\x8CqlG\xEB\xA9G w�T.\x86��Ô\xB7�\x9D�~\xEAr\xF0\x83On�n\xCBk\xBE\xE6\xE8Q\xDD
-
-\x8B\xBD\xB4\xB2P\xF1i\xF7\x8F޽\xCA�!\xFCf(N �\xA5e�d(�\xF7\x95�\xBDAb\xE5\x96\xDE\xF68'�\xC0h�\xB6\xBF�\xF2h\xE6\xD6n�.B\xF8\x8D\x8E\xF1\x96\xDCU�e�A\x88\xAB\xA3R\xDDFM\xB4J\xE2\xA5\xFE>\xC7\xFB�W\xB8\xD0�r\xB4l\xAC\x97\xB7\xDE�\xF3\xF7n_�͔\xF64A\x97�4ߒP\xEC�\x90\xAB{P!
~>��\x95\xEB-'r�
-%\xB7\x9B3\xA0\xAF�\xDAmIn\x8BU\xC4\xDD\xD8z\xE4Z\xAE\xB55BI\xB91�D4.^U0�\x93\xC0\xF9\xEA"\xA3�m\xB7\x93th \x8B�\xE5\xB8uG\xE2\xE4\xED\x90N\xAF\xB3u\x99\xD3p\xF1f\xF00L\xFDTq\x89\xF6g\xE8\xA42\xC8�\x86*�U\xD9\xD7\xD2rsr\J\xBA\xE5\xFC:\xF6\xBFV\xF3\x85\xE7r\x80BI!\xB05=\xEA\xF0� \xFCT�,\xD3\xCD4!\xE6,Г�\x83\xA3\x8F\x992S�\xA0GhsS\x95\xCDK\xB5\x85N(T\xA97\xE2]\xEF1@
->\xEB�\xFD\x97KsW\x9C%\xBF�\xDAg\x97\xBA�[\x89\xDE�h\xD2T\x85\xEF\xA2\xF9j\xB7\x84�ee`\x9C\x81[\x8A\x83�\xFAʗ\xBCG&\x89MN\xD3\xF1\xBFV�\xE9\x92\xEB\xD56t\xEF)\\x96\xD8l\x96�+\xD2L&y�70�\xBAQ\xAF\xFF\x97\xBDw]\x8E+\xB9\xCED\x9F\x80\xEF\x80?\x8A\xB0\xE7�\xA8\x9D\xF7Lw\x9C��e;<A]\xC2mk41q\xA2�
-\xA2\xD5��D��\xB6\xD4~\xFA\x93\xEBò½«*7Qd5\x89�U\xD6\xC8�/\xEEÊ\x99;/\xEB\xF2\xADo \xE4R\x84\xF4e\xB8\x818k\xA5
-\xB13b�V\x9C!\xBB\xAC&�&O\xB3ie\xE0|bW3<�0\x91L\x9A\x8C\xA8\x81\xA6\xA4rit\xF9\x8A�\xDE�\xCB'\xD1 M\xB0\x8D\x9A\x9Co\x95i\xE9a\xDDj-O&�\xB3
-\xCC3\xA4\x88y\x80
-\xC4J\x95�\xE3\xA2�^\x9C\x99$\xEC\x87�T`�D�1\xAA%\x98w�=Hv\xE85#`_+�?\xAA$?,9\xBFS\x9E^~oi�\xBCEe\xDF\xC6�~�RL\x93\xE5z)\xD84\x96\x99]\x85\xF3\xC2&\xA3�Wu\x8F\xAD\xED�O\R\xD1\xCCh��`\xC9\xD0\xE6\xE4,\xD5T�\xE6Іw\xA9_\xD7Y\x85~\xC2\xFB]\xA8\x98\x80\xB4\xF0\xEFa�\xD2�zD`�\xCCpl\x92ʨ\xAC<9S1A_ÅJ�\xB6\xCD\xF7\xB9\xB6���\xDCd\xA8F\xE6TC\xB4v\xB1\xE2\xC0\xA4WM\x8D\xEF�\xB6He9�l\xB6o`\xBC5\xEC\x9EJF�n\xC6ABn\xDE�\xBC�\xCD�*uÒ®\xF3R/\x8E\xB4k_A\x8D\xDB�\\x94V\xF6~\x87\xFF\�X\xE1J�\xB0\xAA\xAF0\xB0�\xD9Ú‡\xBC\xEE+�\xF0+|\xF1Cf\xF91 \xFD\x90\xAF~\xC8l?d\xC1�2\xE6\xAFp\xEB\x8Fh\xF8\x87\x8C\xFDCn\xFFq�\x80A\xC1\x80ae\x81\xF5*�\x83\x8A�\xC3\xDA�\xABu��5�\x86\xD5�V*1�\xAB6�\xEB;\xECÔ‚x\xA1\xBA�T \xE5hU\x85i\xAAP�5W\x8A\x84�\xEEk#=\xE1\xC2��\x9F\xD6\xEAa\xCCÞ£�\xB2�\xB6\xD2m{\xCE\xF9b~6=\xAB\xF0\xA7\x88�z\xA1\xB9\x94v\xB5\xBBA\xC5�\xB0~\xA7@\xFFC $\xEF�\xE5
-($�J&_�\xC1\xBD"\xB9\xEB4AԙŦ\xF1%\xF0Få_\xE1\xE4&\xD0)�\x8B*x$�\xCE3b%\xC9�\xA0*�\x84h\x84P\x95\x91X\xA8L\xA0��\xCBV\x93x\xD1.\xB5��S\xF2\xF9+V+\xE5\x95��\xE3 H\xA7y\xA6fF*\x92\xA2\xFC\x99\x95#$!�
-\xB3Aj\x8A\x8B
-#\xA6\xACW\xA9ȥD\xEDƉ�Q�\x92s\x9FE\xFDYa\xBE�\x92d�\xE9\xB4W\xA8\xB7 �\xED\xB5Y8\xBA\x92�\xBF\xA9W\x9A!\xC0�Il�\xC6\xCA\xE3\xE2T\xFA\x87\x98Qڊ/\xD9 \xB3\xD5w��\xF8�7o\xB5nU\xB9O\xF5\xE7ٜ\xB2\xFA]\xD7T\x87\xAE\x9CT\xF8\xC44�\xC1\xD3\xE2��\x93�\xA6pk�
-$\xCB{ҩ��\xED�\x96{�\xF6\xBD\xE5\xD6_\xAE\x9Ej\x897\x8CN\xC4i\xDD,\xF7\x8D\xC4f\xC2j\xFC\x90\xB7\x8A\x83\xE3
-P\xF6ս:\xD8\xD7\xC3�`0\xCD"\xE6\xBBS\xBE\x93\xAA\xD43\x9C\x97Q'�=x \xB7~>\x82\xF7ߨx\x90
-0L�XO0�\xE4"�\x92�\xC6\xF9
-+\xA9�\x83\x94\x89ar\xC5
-c\x94\xAE\xB1\x92ڱ\x96�2L�YI.qq\x9E>1\xE7\xA8谤�\xD1Wv\xBAJ�\xE8\xBAqG\xD9\xF8'x\xEE\xA3T0\xA4\xF9�A\xB5\x85��q��f\xEF\xE3\xC3\xEF\xA9�/\xBC�ꆤ\x94_\x8Bszg)�;\xE9�;\x8Bd'�\xE9F\xA5�\xF8S\xD4\xE8.\xD3�|\xCB7\xF99\xA7Oa\x858Ags�I\�V\xC6B.nA\xC0\xA2܈\xBB\xF9W\xF8\xFD Uk\x98Ե\x92 6L��\xA6\x95\xAD\xA4\xA0\xAD\xA4\xAB
-�ۆIpÄ\xB9\xB5Ժq�\xDE0eo\x98ܷ\x92�\xA8p)\xE6\xA3�u\x88\xA8\xC02\xB2>\x83\x94}\xA5DD$T{\xF9p\xD2@�]=+�\xF6\xA82;8�ie\xA1�\xB4\xACZi\x8Eb\xFC\xEE3b\x8D�\xB2}D\xA4\xBAd\xE4\xF6\xC1\xB1ݤ\xCE�\xBE\xA2V\xE5d\xF3Z�\xA5��N\xD0 \xEC&\xA1br\xE8\xAE
-\xC8\xC9/\xDE\xF4߆]\xC5\xC5\xCF#�<�Õ\x94�uu\xB2)\x9CP\xDD86s\xA0\x95i�@g�\xC7h�
-\xB6Z1��)Ut`ݨ8\xCDi\xC8�\x903\x9C8Q\xB3\xA0\xE3 �^S^\xEC�\xA5\x91\xE1\xEBO\xBACB\x87\x84Q=\xA2\x8By\xD8\xE8N\x833\x96\xC4) \x8B��)\xA9\xEC\xBCXN\#��\x87ti/\xAA�\xE6HO.�\xA2z\xF0�\x80Y(Xy\xA3\xDD\xF1\x8F&i'\xAB\xF6F\xC5\xC3�\xDCa\xAE\xEE0\xAFw\x98�\xBC\x92-\xBC\x9BW<\xCC@�\xE7*\xAF\xE45�3\xA0\x87\x99\xD2kYգ�\xECa\xAE\xF6J^\xF7n�\xF80O|%\xA7�\xA9�\xF3\xAD\xC9Le\xE0\x94\xC2)M\x89^j޷\x85\xC9IS%\xDB~&`�\xB6\x82\x86\x8C�u\xA7�\x94N\x94\xA0\xE4ę\x81\xEF�\xC2kB\xA5\xE82kv\xF0\xE8*\x96�\xA0\xA87�&\xF8��O\xE8\x90'\x82\xFC\xC12�Xz\xE1�\xD4%\xE8\xF1 \xE6�f\x999\xBB� �$\xD3=\xB1\xC8\xD5�$\x86\x8A\xEC\xA1"\x815\xC9ݪZ\x8D\x95\xC4ZE\x9C2\xA2\xC2d�\xC0\x9Ai\x96\x854\xE1\xFC=�\xC4�\xB6\xE2!\xAF\xF1j\x9A\xD50%k7yk=\xD1K��\xC2��azj\x92\xD4��3\xE0\xA1
-7�a\x96\xAD�x\x9CK\xCAG1(D\xA8z<�\xC8h|\x89̬��bW\x90;\xC4n\xB8I\xA7�\xC5W8\xEE\xED4U-\xA1\xC6\xCC\xCE7�\xC1\xC9=\xA2\xDC\xC4�C�1\x81\x93�D"\xF3\xCC2\x9B�.\x98
-i\xC1\xF8z\xC1�\xE6\xB6\xC0q�\xA7\xCD$�n�\xC0\xDFĉ#\xC1�\xFE}�k\xEE�A\xEE\xF9:\x99\xEE\x98vwLѫ g� J\xF5/\xEE\x95\xF8^\x89\xF6�X\xFE\x88S!\x97\x99\xEB\xAC\xF0\xFE`-\x8B�Α��\xA0\xFC\xD1\xFAiΫp\x85Gz\xC09=d\xA7^ϊ�eP�s-\x87y\x99�v"\xB1\xA2q\xE9\x82\xF4`X�\xF5\xF1\xCE*�\xB1\xF7\xEE`\xEFoT\
-\xEA`k\xCDH\xAE�dϪ\xD5C\xD0y\x94\xC1\x9A\x84@\x8A{I$\xC3�\xFAMS\xA6I\xBA\x8F\xB3\xC5\xEC\x94\xE4\xD0 \xB4A\xF5icIԊآ\xF6iF�i�
-\xF5ɕ1\xE8=\xC8\xF9\xD9`Ո�#\xE7'\xC4_D\xC1|�\xF0}�\x92�\xA1\xE9G\xC0\xFB vy�4\x8FV%)\xAA\xA9v>\xCA�\x90�Fy�Ì\x84\xB5셕L\x87AN\xC4J\xFE\xC40\xD7b\x98\x951\xC8\xE0إUM\x80}\xB0\x81\x92\xB5b�e�L0\xBD\xB4�% 5p\xC2Y\xC4\xF9\xBD\x84\x9A+\xE4\x9B�\x9A\xCE�J\xCF!\xFD\xE7\x90(t5E`\x98N0\xCA;�\xA6(dC\xA7\xB7\x99.:/\xD2\xF7\xD4\xE3\xF8\x9E$\x89AB\xC50\xF5b5M\xA3\xEB":38�\x99�˃�P\xA7p\xE7#\x8E\xE0\xC9;\xEC\xB37*\x8E¾\x91\x9C\xA1\xF8\xBB�,\xDDNX\xADE\xC8(\xD7j\xF5?�\x86�\xAD|\x85ӓ\xB3\xCE\xE4l\x9A\xA9GB#�a\x9ER\xE4\xC7VZ?U\xD7�6D�*[�i�)�\x8Cc�\x8F^\x83R�Aכ8�i\xA0wLz at b!�\xA0!L�\xC6�R�W�\xA1\x91\xD0i\x9EY\xCA\xD0\xE8\x9F�\xC0Ц\xB9�3\xC0\xA7Ze\x81\xF5\\x8EA\xDE\xC7J\x86\xC80\x9Bd\xC8�<\xE4��p�\xEF\xB2\xCFzD\xCF\xC1\x86z\xA3bP,�\x84A\x99S�\xEA�\x91\xA6/\xA9\x98-,>\xC9�\xB5�\xA8o\xF8\xAA\xC0\x81G\xAB\xDE֌$\xBF%\xE1r\x96\xCDo�dZZp\xE7D\xF1�\x90\xB0�MH\x9A�=~>\xA4n=_gy�\xF2\xC1\xAE\xE0\xC0�\x98\xF1�\xB8|�\x87>Ĭ�\xD1\xED+H\xF8!j~\x88\xAF_\xC1\xE2\xAF\xE0\xF6\x87�\xFF\x95l \x94\xF6kV\xA0\xB2yð6\xA0��\xABh\xB4\xD4vx\x86oT�-G��\x9A\xA9
-'\xF1k\x9C3�1ؚ,F\xA17Mv{8I\xE9�\xA1N��`""\xD2p�t�\xA8\xB7Cd,\xB9�\xE4\xE9�\xFC\xA4N/ů{\xF3\xE5�\xFB7
-\xF7vq��;)\x8C�\x9D\x9E�\xF8\x98\xE8\xE8F\xA7\xC2"g,\x9B\xA9=%#duF9I OM\xEFj\xF2\xABsÆ“\xCEF9�\xB0\xA5\x81\xBA\xC8 \x8D\xCA\xFF2\xCDN\xF7 L/S\xB5+m �\x9A�h\xF58\xE0 �\xA5\xA9-`5U\x9D\xB7S3\x9Ck�097\xE0\x96_F\xD1\xF6]\xA6\x94@\xEC\xBC�\x94\x85\x9B]�\xEAÞ\xDF;\xF1Ũ\xB2)\xCE#\xE7P�p\xD6@��\xAF\x8C\x8DJ\xCC~\xA9
-4%juÒ•s\x86\xFA\x82\xD4\xDF�\xA5\xAB\x9Bs\xA7\x9D8\xF3\xA5��\xFE\xC8䌃\xD0YЛ�Pm4\x82 \x89>\x81\x81\xCE\�\xA8\x97�U\x90\x853�#z\xD7\xE4�\xAC,\x91 Zo��\xBAlK\xC3A]b�y�\xD9��\x98\xFC$kO\x9E4\xA8�\xC1Ð\xBC�\xD9�\x84\x81W?\x9D\xC1\xD5�,C\xD2�\xAAA��\x99\xC8\xEA\xFD�\xE6\xCD{d\x92Q\xFF�\x9C�\xAB\xD0$ih\xF2\xF3e\x92u-�p\xFBb\xBB\xBD\xA1E\x94\xC0XP\x8D3\xBA \x99O\xDF�\x80,\xB3 _X\xDDP\xD8b2\xAAG\xD55\xF9\xFB\xFB\xB2�\xBDVW#\xD8�J\xE9:P\xCD�\xC2\xC35D:\xD8\xC6�\x88\x873o\x95�\xFA\x9C!")\xA0U\x83\xE9�\xAA\x9C\xAC\xCEØ€\xF9\xD3
-\xF2\x8B\xB9"\x84\x8A\x83�1\xA6\x90-W\xDB\xCDT\xACTU\xBB@\xFD\xA3`ߙ�\xD5~\x9CUhF\xFC\xE5�
-\xC9�&\xD38\xC9�7\xDCu\xA1٢\xF2 k'D��\xA6\xE7E\xC5= \xFC\x93\xC5\xDE8\xB0w.\x80=
->LH\x9Ff\xC0\x9E3\xEE\x92d5Gg\xAA\xE3\xC98\xDC(,?;�\x95�o
-.7\x84\xD6
-Ax\xAB\x80\xBD�\xB8o��\\x85��\xE0\x85C \xE2*hq p�B!Wa\x93�\x88\xE5�\x8C9�n�A\x9Ec8\xE8
-tt�3��R\xC7\xD8\xD5�\x98\xEB��\xBB�\x9E� m\x87\x90\xDC�\xF8\xEE�\xEA;��\xAF�\x88\x87`\xE3�,y�¼�w��\xA3G \xEA!\xE0z�\xCD^\x81q�!\xDFCp\xF8
-\x90|�:_\x81\xA7\xAF@ه\xB0\xF7�@~�L?�\xDE�!\xFA�\xC0\xD7\xF9*6l "[�\x9Cq��9\x84JfN�]�L�\xB4\xE7+)d\xC3l\xB3AV\xDAj\xFE\xDAn\xAE\xDB0+n%\x81n\x98k7\xCC\xCA[\xC9\xE0�f\xFB
-\xF3�Wr�\x87\xF9\x86\xC3\xCCÄ•,Æ•\x8CÇ\xCCÈ•�\xCAQ\xBE\xE503s-\x8Bs\x98\xF19N
-]\xC9"\xDDM8�f\xA6\xAEd\xB1�3^G\xA9\xB1+Y\xB4\xA3\x84\xDBaf\xEEJ�\xEF0\xE3w\x98�\xBC\x92G<\xCC9�d'\xAFd2\xAFd=�\xF3\xA3Ws\xA9\x87\xF5j�\x95m�Upvb՜\xA6�\xCA\xFEޜ\x84\xAA\xA7l�\xE8l\xEA\xEB\x9C\xE6GB�,N35|\x922C2O\xC5�@\xD3l\x83�cԋb\xEE\xAA0\xA1\xE6\xB2�(e0�\xABuF\xE2\x88�\x80\xAB3\xDA \xCAK
-å•\xAA\x88Ä \xF0\x9C骧�\x9C;S\xB1�d�"^�\x9F\xA3(É”\xCD+\x99�\x8DDBq\x8C$\xF5�\x8Efp4ˤy\xA0\x90�\xBB�nT\�\x8A\x94@\xBFs\xA49`$�l\xEA&\xECg\x8E"5\xF4\xB2Y\x8D\x91.�\x96\xCF\xE9\xF4H
-pr\x88\xF1�\xE0B\xB3\x90>\xD9\xCFʾ�
-\xF0,\xA7�&\xA4\x9A\xF5\xBC5\x84\xC18]C4\x82\xA9\xE2&\xE4\xA1\xCD\xD42\xF3j\xA0\x84d\xADÒ—\xB0\xED\xBD3\xEE\xFF4\xA3ݽ3n\xC1d'�\x9BrEW�\xAA\xC6н\x95\x8B~\xB5\xE5\xBD��\xBA^,I:jU\x8A\x88\x93\xCC{�X\x985?د'\xF5Y\x87\xE7\x80\xC5;P\xAF\x90L� y@\x93à´0\xFA%\xAE=\xAB\x9AW\xD4o\xE1g�\x9Eh\xD5evgo0\xC5\xDEÂ…\xD4I:l\x90\xEAW\x84â…¾/Ò»)\xF7�eB\xB4\xBE5\xA9,3\x8A\x847�\xD4�\x82Cl�3Y\xC5�+F\xCBB\xB3\xC1�\xF8\xCF\xE8]�_\xA9\x82�)\xD0n4\xFF\x821\xDCbj\xD0�&@\xB5\xAAqÆ“\xD8�t¡x\xA87 \xB2$$\xCD\xEFL\xC1\xA8\xB6\x95\xB7\x87\x92@�o`Д\xA2s��Eô†«ˆ�\xE7\xECB�\xA8�AF\xC2"r\xCA�L\xF3�\xD3'as·G6\x8EV6�K{h\xB9\xBB1\xA0h\xB4\xB4t\xAE\xA8c`w \xA3QF$\xF9Ð\x96\xB1\xE1\xC8\xF2TN\xB4\x99\xC0\x9F+\xBE\xA3\xE4<\xCA��оX-\x9B\xE4\xE6L)Ì»U\x87g\xD3ժǡ<�\x97�\xC38\xB9\xB6+L\xD7$\xF4 \xA8\x91#\xC2,\xE0p\xEAA\xCA0\x88\xB7\x860\xC2�;\xA4\xC1\xD0C\x93\xC6\xAAp\xFF\xEA8\xB9\xB4\xA5�C\xCA
-r\xD1j\xF5�W\x8E8�٣\xC8\xDDd\x97W\xC3Z\x94�앃\xA6і\xBD\xDA\xEDM.V9\x96ͬ\x88
-\xD6%}%uI\x91I×€|\xD3\xF4\x9A\xDD�\x8C\x90\xAC\xD1N\xA0\xBA\x80\xD7Q\x84TC\xD7\xCD\xDC69\xA1\xC0X\xB2p0 \x95C\x8B\xF8\x81 at .\xC85\x80\xEA\xA4
-X!%�<\xA0,�`\x8CT7XX�\xB8Z\x8D\x9F\xAF�\x92b\xFEÔ¬\x89�,\xB4\x92MiA\xC7=W\x94 �J\xAE�
-(\xF1\xB4Ú½U|X\xC3)\xF8�\xC9.�N)\xD4�\xDE\xE5\x9F�2U\xAD\x93Z�$\xC7!BJ\x8D*\xADS�\xA8~Ð\xC18%\xE1\xA0\xFFACÄ€\x8C\xCC\xDD�\xEC*l\xFEѵ\x92\xA4C\xDC%.\xBBQq\xB5|Ç \\xD5X\x98�O�\xF27$\x9E1A,\x82u0�\x8A8 $X\xA7+!�\xD8\xE1\xAB\xF1\xC6alr�\xC5\\x89x\x96E\xFE\xA1\xB2\x96q6=\x92\xEC�\xC5\xF8\x9E\xCC\xFBQ\x92\xFE0\x9B%\xF3?Wd.�9\xC4XX\x90J�c�u p\x84Ù€\xE1��\xD6m�5\xCE&�\x90\x8C\xAC�$\xE4\xD5N\xF1\x98\xE6\xE0�EA\xF5�'\xB1\xB2'Tg\x89\x86Ir\x85ε\xAE\xE7\xA4\xF4�L4�p\x81\xD7\xCC\xD0d$\xD6�#, 7Q|\xCE�uÝ\xE6nH\x887 \xCF\xFB�\xBBy\x97\xE4�K}\x97�pH�\xB8N38\xA4$�\x90�\xAE�\xC7W�éƒ\xFB\xCAv�n\xAD\xE1&�n\xD7\xC1\xBE�� k,\x87k\x8C\x88#\xEE\xC4�\x9E\xC5�\xCB\xDCÖ–��Çxc\x85\xA2cH\xE71\xA4\xFE�\x91\x84\xAC�\x8A\x8C\xC9G\x864%;\x94&h ik\xA6‘�\xFC\xC1 \x99�\xD4-�l�/\x8D\x95&\xA0\x91\xF9\xAC\x9B]\xEDUf\xCFs8�@U\xBAr\xAC\xAC\x9D@\xA3\xB3j\xE7\�\xD5\xF0\xDDd\x8EA
-\xDF�\xC9Ì\x8Ef\x85\xBAfHs3$\xC4Y!\xCF��\xED\xACP\xF2�\xE9{\x8A\xB9\xEB\x92Qݶ\x8C\xB4�j at l\xEE�yή\xC1\xBB\xC3�u\xA3\xC1\xD7�\xABÔj\x85\xABj\xC8k5d\xC0�\x93e\x8Dh\xB5\x86\xFC[+\]C^\xAF��\xD8
-[�\x99\xFC�3
-\\xBC\x9FL\xE7\xB1�IV/\xE2+Y
-̽PW\x82\xCF\xD8҈\xC0[:�ɔ}\xCAU\xC3�R\xAD�\xD5Xi S\xC0\x92(FL\x86œ\x80�!!\xB6C\x92t%x\x9BQA8Yf \xB9\xA0\xD51\xDFuW\x884\xED\x86Ȕ2\xCA\xCA8\xC6\xDA)�\xCAvRL\xDCh\xC1��s\xC9؀\x93\xA4t]\xEA
-\xD0\xF4��kЇ\x96\x85Kz\x95llHL6\xA40�Ð\xED\xFA�v\xF2\xF0o4.3\xC8\xD9�f\xF7
-&\x80\x9Dn\xEERFܨ\xF8\xD1)#\x86\x8F���v`\xD8\xD9\xE1\xB0�\xAC�\xA3\xD2\xDF[�'(\xFD=$C�Ц\xAC$z�S�
-\xFCj\xF4{e\xB1\xA7#B\xED\xE9�\xC3\xCA\xCFj\xFF�R\xA4\x91\xA1ݤ\xD20\xDDL\xC8$� �\xD3 \xB44x\xB2RŬS\xC1\xE9\xCA\xF6\x85\xE5\xA6Y\x8D\xEC\xCD\xF1\xB0J\xB4\xB6\xDBZm\xB0q�\xB1A\xBD\xB1\x95\xDAd+ŭ�\xCFV\xAA\xA3
-SmG9\xB9\xC3\xF4\xDDb\xB9\x8E�\\xE5\x95k\xC5ؕ\xA5\xE9e\x89#Jz�\xE7\xB0ȟFq\xF4,\x84\xD7"��|ֲ�$ôd\xC9l\x97\xDF�tb\x82j\xA7\x91�ʖ\x8E\xD0\xE1\xAC\xC0\x9Fa\xE9Xٱ\x82ד�\xDEg\xF3o\x910\xA3�\xB8_\xA94wF�\x92\xA5ef\xC2r\xE1~\xF1\xEA\xD5ͤ\x97C\xE5@\xA9foy\xD9I0/\xF8}�t͢\x98=\xBD\xAB\x81��\xF7#\xD5\H\xFA\\x98\xE6 \xC0i�\xA5\xB8\xAFL�\x93)\xB3Уj{Eq"\xAE.�\xC0\xA9Q,l�%mH\xBF\xAB�4\xA3e�s\xF5\xF0
-a\xB3E\\xE4Vb\xB1\x829Y8\xA1\xB7\xCAl\xCF)\xF8�BE\xED\xEAz\xD3U\x9C\xAC\x9C"\x97f\x83vƧ\x8A�\x81\xE0H3\xA0\x96\xB7\x8C\xA6Y$\x98!$\xD4\xC0�\xF5@@\xAA\xBC\xE1<\xA86X-A�^\x90c�\xB4\xD1I$\xB2ɪ
-\x80\xA9\x82vw\xC0\xC40C�N�\x94\xE7\x88�\xC5IV\x8C=\xCE1\xA6�^\x905
-\x91!\xD9Ȉ\x98dHb\xB2Bw2bF�\x92\xA8\xAC�\xA9YVh\�\x84/\xAB\x84�#n\x8A!\x89\xC5�\xE1ŧ \xC1\xD9Yk \x9C�\xAE\xCB\xC1
-^Y\xED+;c\xB8\x87\x86\xFB-ۉ�\xC5�\xB6\xD9[\x8D}\xBEw\xB5�w\xC6`�
-\xF6Ûˆ\x99c\xEBj\xB8\xD1qj*v\xB4\xF2"t�i \x8E\xBC \x8A[\\xA3\x96�\xD1P� +\xD6\xC9-�UV\x87\xF5XWj\xB7�\xEB\xBC�+\xC2\xEET\x8F}\xA1\xEE\xFAh5�\xD4Ĭ\W z.o �v\x83H\x95|\xD6\xFA\xA4\x81`<{\xC9�c\xD4-)\xFCFÆ‹^\xF0\xEF\xB9]v.\xA2áµr\xBB\xADÜ„\xC3;s\xE5~ݽ\x8B\x87\xB7\xF6\xDA
-?V�\x86Z\xC3P\xC3�j#C\xBDe\xA0\xE3\xFC\xBC\x8A\xE8\xEEWFTg\xB8"\x86kg\xB8Ά�\x8D\xB7\xCB�\xAFTG�VR�\xD6\�\x97g\xD6j�\xF2\xFBj\xE5\x9D��\x9B\xF7.S&\xA0\x97\x8C\xE6]F\x94��\xA8�\xECH\xAAOm\x85:\x82\xF2R�徑/L��z\xA0I\xBAt\xF5(v/+\xE9\x90�U\xAD\xA1\xAA\xD3
-��g�@\xB9Z6 �(\x82_\xE4\xC4V\xE4\xBE$=�\xB3\xA5\xF3\xB1�_U�ɳ7\xA0�PP\x84\xA8\xF4\x91\x91�D��\xDEA\xAE\xE9h\xDF�ȥ\x8CL3�\x8A)\xDE5��\xE6\xE8\x9C\xF8�\x97\xDF\xEE8o\x9E\xAD\xCE\xC9p\xF6Vg:
-c�\x89Q6\xBC�\xE8)\xA3T\xCC\xDAD
-\xE7te\xF6w\xBEÔž|ACN\x941{\xCA
-\xD3Ê\x95eDß²\xCA\xF4�\xF2\xC1j\xF1y\xFA\xBD\xF9Q\x91 C\xF9\xBD�\xA7+�t\xD0�\x9C��\x99\xE44�-\xE1IB\x85'\xAEl\xA9\xB5\xED7ܨ\xA3M=< ÖŽ\x8A\xF1\xA92\xAC�?\xAC$\xFF0YM�ä \x8A��K�\xC3\xDD��V
-X"�\x88\x89��\xC6\xF9{�3F\xD4�#�\x8E��"3\xD3\xC8~*\xC6\xCD@\xACF\xA0\xD0Ya5�2 \xADp%\xAD\xF0*\x81�\xC6+_?UE\xF3\xD1o
-jg�\xEE\xBBqw/ܨXӿi!D\xF0d\x81R\xB7�,\xA3\xC4E\x9E2\xC7H\xE5v\x89\xE2o\x91\xCD\xEC\xF4sDA�\xCBfv\xF8\xFD\x90\xB6\xC9<7̼\xA63l\xB9\x92�\xF0P\xAC�%UOH�\xA9\xE6$\xA2O\xA4\xE9G\x93\xF1\x93�R\x91\xC0 Æ\xDB\xF9:\xF3\xD4�KՈ\xCEj\xCC|5\O\x83\x95\xB7\xCA�3\xE4\x95�2Ь\xB0ը�\xCA�\x8B�[
-iI\xCE2x8\x9E\x8Crt\x9C/\x88�\xAA%ND9\xF5�\x87�p\xF6\xAA�X\x9A1\xCFR\xBA\xDFL\xB7\xD3
-\x92_\xAC�;\x95�\x85r�.\xC3]\xC2�^Dcr\xA0��\xA1!\xE5�aŬ̞�.\xF9�\x8D\x80\xD3T\x8A\xAAx*�F8S)\x93]\xF3A\xE88\x95\xF7�\x83�WS\xE3)1z���D\x91\xAAGj\Ժo:\x80\xC9\xEA\x93Y\xFF}2\x8B\xDD@\xB8u\x92X\xA8\x88q\xA35\x80\x9B\xF82.\xF8\x82\xC5\xC2=U\x8BU\x92�UD\xB3�\x8C\xB8\x9A�\xE2=U\xA9Hi�\xB5j\xBA0\xF0\xEA%-\xFC��
-;Ĥ\xB3\xD5+a�<t\x80\x95
-\x9C�\xCAB at 7\xA5* D\xE4�\xA1\x8E$Ð\xADÜ©+\xF7\xEF\xE0\xA6\xDE9ɶ�5\xFC,:\xDA\xEEf\xBB\xD1\xC5>\xA0\x91��N\xAD\x90S\xAD�Y
-)\xAFV\xE8\xB1vw\xD6p�\xAEn\xD7\xC1\xCE���\xAB\xA7\xC5\xF0d�\x9EA;\xE7\xD5\xCF{\xAB�\xD0Q\xF0r\xE4�"hÝ\x8AQ\xA7\xB5\xA0\xC80�B��i\xE0\xF8FÑ‘\xF3\xB5H\xCA(\xE4\xB2JûC\xD8;$\xF6]%�����\xA9\x85G4\xC4C\xCA\xE21\xB9\xF1
-�\xB2[D[\xD9M&Bg\xB3\xCDl�"\xE4#\xBBr]\xA5\xBA\xE8A
-p\xEFN\x93\x92\xAFΪD%\xCD\xCAN\xA5\xA8=\xB0\xC2\xEA<2+\xA1�\xC7=M\xA22�G\xC1I\xC9dWW�\xF40\xD7�'\x95U5\xF0�\xBD\xA1\xEF\xD5
-\x84\x9A\xADM� \xA1Ed\xF7\xB05\xA0 �~\x99r>\xD0\xCA\xC0F\x8B\xE2h�a\xD2x\xBBV\xB2\x96�\x92\xE5o\xCEnG\x8A�+AI\xB4<\xA4\xDDu<\xA0\x81Þ�D\xECF\xECot\x92y\x92�"͓$\xE3\x99\xEC\x88y\x99\xFE Ne\xD0\xC0%C)1�k�\xBB�lepTL;\xD1e9%L\xF4\xC2\xDDt\xCE$\�}c\x8A\xAA\xBC \xF7\x9A@�\xA9\xE9}\x853ZL1\xCA&�\xFA\x9D2\xCBU�*D \x9C'ź3�\xEC\x9C+oVg\x8A\x91P\xA8R\x95\xCE\xEA\x93\xC2\xC2]2\xD2*\xB7\xC8���\x89\xACya\x97C,򜩑J\x81�\xD65 \xD4(\xCD\xE4\x92\xD1\xEC�\xCD\xC5 *\xAC�\xFD\x9F\xFFo:�\xE5\x97\xCE%\xAF\xF5Y'8\xC6hH!\x81\xDAjNAg\xE6\x90sf\xE5\xD1�\x88�0\xB6
-\xAA\xC9l3=9eAJ�\xB6\\x9E\xE9\xF31\x85\xCF\xF9*\xDB�hH!4.
-=\xAC�\xBDE\xB8%30\xE2\xE6�\x92x\xED�~\xC9\xEFW\xCAj��p�\x8BuO\x86um�\x82\x92\x8F\xC7\xE4\x97<+\x9A\x941\xE0<\xE3��\xE3]\x912�\x94Ɋ\x88�'\xE4\xA5;\x85z\xAEU<��G�VQ_\xA9\xB8>*\xCE>\xAC\xE2\xBES\xF1\x9D\x9F�ܰ\xBC\xC7u\xFB(\xBF�
-UW?\xB9{\x9B\xA5\xE0nj\x9FW\xA3\x90\x9D\xA4̌lJ\xF5h\xD0\xFD\xAF$bL\xE8
-\xA5\x80]H\xD8\xC0\xBD3\xE0a(\xD6\xC0d\xDC
-j\xEB\xF3 `\x9C%\x8C
-\x92�\xB2 \xB6E[\xD2z‰}S\xFA\xAC\xDAV\xCCP\x98a�)c\x8C\x88g\xCEi\x8D\xC6\xF1yU\x8D?\ap̛�\xC0\xD7L�\x984�\xCC\xE00�\xE7\xC2Ѱ\xAC\x9A�V!�2\xEBy9 \xEF\xD9�=F5\x97\x934;\xD0!:��a\x92,'_\x81.G\xBCʲV�s\x98\x81�KaW$\xD4l\\xEE\x81+gÃ\xFCSp\xEF3;\xA2\x91sp\x91\xEB�\x88EW\xE7�\xE3
-�C\x90\xE4LV%zm\xA6V\x9E�\xB6\xBAÕƒOÂ\xBA\x8B*�\xBC\xEC\xCFP>\xFD \\xF3\xAE\xA3m\x9B�\xFDF\xA5C\xB2\xF4!\xAD\xFA\xCFN\xC1\xFE Pæ»T\xC9\xE2tB�Q%�ZR\xEF(�9!��d\xD6�M\xF1ê—€A
-'�\xF8EU\xC1\x91\xC54\xCD��\xC5B\x9ES\x92|7\xD1\xCB�\xB8n\xA8T\xA6\x85\xEB\xC0\xE8Ñ…zDp\xB8.#/�\xB8R\xD2x\xA2\xB7�\x9A\xFA�2h0%Y\xD6�\x88 \xDCt\x83\xB2\x9Eh\xE0\xC0\xB2\x9E |7\x8C\x82l\xC8�Wr\\xEA\x81\xF6*"-\x8E\xF1\xD7�� W b\xD6M\xB9\xB1\xA7\x99\xDE-\xA1�;\xA5{�\xA9\x95�\xA9\xF5B\xBF"�\xADU\xB0x�%\xA6\x95�t��\x9D\x8CD<*\x8B\xAE4@|E\xF3\xCB��\xDD\xE0�"\xB7\xC4TV\xA1Í»x\xCB�\\xAD\xE0-W*\xF6�j\xFBns8\xB0Cd\x8D\xEEaH�\xB1R\xB5hP\xE1h\xA5�\xD2Jݤa\x8D\xA5a5\xA6\x95\xCAM\xD1\xE6T\xB919'\xD4 2\xF0��_S\x80\xA7\xA8\xAFÕ™�\xA3_Úˆ-+/�\xF1Ee\x98\xE1\xB0F\xE0\xE6]\xC8\xE9N\x99\xB3���J\xA2\x8D\x8A\xA7\xAD�Z��e�\x96o[)\xF56,�7, \xB7RlnX\x98nX\xC2n\xA5\xDCÝ°4Þ°\x88Þª\xC3c\xE0��\xBAQ�\xA6*\x9E\x85���6y�"\xD0<ʺIBå’iAY�\x83a\xBC�\xB2eH\xE8B\xB3Ī U\xF8jC@\x9A\xBD\xAD\xF8
-^\xE9@\xB3 \xF0\xE4\x8Bu�X\xE7 >\x9BÉ€\xBF�\xD1\xF2
-\xB1\x8A\xD3��\xAFL\xDE$\xD4t~v\xBAD0(�홅�\x81��m\x812� \x8DV\xA7=��\xC0\xA8`\xDF\xDE�\xEBa�\xBF\x95R?Y\xC0]|\xD2
-\xFAwXLiXtiX\x9E\xC9�\xF0\xC8#\xAF\xF1�\xAE\xDC �\x94\xAC\x8Bt
-\xFB;\xC4 ��\xC5+\xE8\xE3!Ry\x88i~�1w>\x82\xE5�$\xFD\xF1\xB0\xBC\xF7<\xBBW�\xAA\x9F�}\xB3�iFu\xA0\x8F\x8F4\xBF\xE7\xD1a\xA3Û‘\xEE\xE5 \xFF\xF3\xD9tF\xDA\xF8\xD9\xC4\xFF\xF9\xD3O\xCF\xF8\xFF{\xF5,/�\xD8�\xFC\xE2W\xFFV\xBF\xF9\xE77\xAF~}\xF7\xEE\xED\xF7\xB8\xB8\xBF\xBF\xBA{#\xC2__\xFD\xF9\xFA͆\xF8�\xFE\xF3Í›\x8B\x9B\xABWg,=S\xF1?\xF6F\xD5\xFF\xFB\xA7\xBF\xF6�\xA6\xFFLgnÙƒ\xFF\xD1\xFF\xF8?]\xF4׳x\xF6Û³\xFF\xFD\xFFMg\xAF\xE8\xE9gG?}mJX\xAD3�s\x9AE/\x97"'1Ä—\xF3\xEFv%\xF8\xD9�\xEE\xC6\xEF\xE9\x8372\x94\xE8\x83\xD3\xFF\x90e\x98\xC9\xFE#I\x81\xC1\xE4\xC4Nbg\x85XN\xFA\x87ZNÚ \xD0B\xF4S\xF5 â¦\xC0�\xFA\xAAy\x82\xF4��\x88_�ZxÙ¿\xDA9\xA7/\xABRC\xC1=c�\xEE\x83\xF0\x8D\x83�\xD5K\xB4\xF6\xA5\x8A'Iâ7j)\x84.T\xBEªF\x82\xB4\xCBL\xABd\x96\x89_\xFA\x85\xBE.�\xA6\x84\xFA&\xB8S\xEE\xB0$\x92Q\xAB�\x99e\xA1>I\xFE\x9D�\xC1u\xD7:\xB5\xBFz\xFFq\xAB\x91\x8Dj �\xEB\x81O\xDAWc $q\x9A2\xDA��s��Y\xF5V\xE2\x813\xBBY1\xA0\Ö¸l at 4{�\x87*�7!/\x9C
-�l\xC3s+\xD1>\x8A\x87�U\xED�S\x8EoA�\xB2\xD7\xC9afU|\x8B\xFEP\xD3\xF9u:=\xF4\x81�z\xAC<\xC5\xF4\xE44\xE9\xD8
-\xA8\x83X�\x93\xF6\xA3i\x8E!-\xD3\xC2jk
-\xA0>�\xF4\xE0\x85u-�\xD70\xC3HH\xAE \xB7
-=\xDF*Ҽ�CM\x99\xDD\xE0 O�`\xD9\xFE\x9CY\x8A\x9A\xD1R\x9E\xAA-\xB2\xADwa~H\x95\xF6
-oS\xD6!�['\xA2\xF3H*eRl�\x8A
-\xCA\xC2�\xB1|\xBBv\xA4\x9D0\xFF�\xED\x91
-\xD2\xF3\xAE)\xE2\xF75Ƴa�0=�\x99\x8Cx\xFAF\xC5J\xEBHã‹–\xDA/\xEE\xC2:;\xC0\xDF\xD31){\xC43Ñ\xC6? \xA1�\x8F\xAC\x81\x8E]\xC9�y�\x92\xFD\xDE�\xBF=\xAD�\xF5lÒ£R\xB6\xA5\xAA\xF3\F\xA6\xACq\xB4r\xAAQ\x99\x93A�U,%\x92X&\x86</�\xDD+\xA4\xF5�=/\x8C6\x96\xC49�\xDD��m~\xA9\xFDr�� \xB1f'�\x8FA\xC6b\xF0x\xD9\xCEľxh-0�\x8F\x88\x85\xE6V�W\xB5eKE\xCEB\xFC1�\xD1c\xA5\xB0\xE2^$\x9B��\xDA`[\xBCw1d;;\x99\xCE\xDFz\xD6Ul]P\xEC\xA4} \xB1ܦ\xBC\xB9]0\xF1f�\xD8�Vb\x94V�ÙŠH8\x8F\x8D\xA3\x8B\xFC\xF9�\x92\xA5\x99}^\xCE\xFC\xA9\xE0\xEBkr%mN�2w\xCAX�5\x92\xC4B:Ç�\x9C\x8A
-6\xE0�\xEE\x86og\xE9\xA5$\xAEzHy\xE6�}\xA9R\xE5[\xA0\xF5\xA3\xFE\xEEZ�f!CVW\xED\xEE\xC00\x9B\xA4\xAE8\xBDj�Tr�q\x91m\xE4f\xD2�\xD2Rd\xBD;\xC0\xBCY�#\x84\xD9\xF2\xD3�r\x83H�\x86
-\xD2h\xA2
-s\xD3
-\xB7\xD3�\xED�Ñ·OÒ„\x9FuMÊ’\xCFyÒ\xC1QÊ—*V\x80)-z=\xA6H\xE8\xAAmƈ\x9C~\xC5\xF1\xD3\xD7�z\x85S\xFD[t\xB8c&4\xA0\x8E\xAA\xAAA��j^r\xE5\xBA;ņÜ(\x9Dc\xE7\xE7�x\xBC,\x8A�@B\\x92a\xCE�"\xB1��\xAB�\xE5)�\xA2\xBAUq("Ì®\xE8�X�8\x89\x95\xFD\x81o\x81 j�\xD1\xD3\xE2\xF4\x99g\xAC6\xD4]#<\x92�ܨ\xE5\x8A�+U� \x8B\xB0PU/\x99bx]Õ‹\xCFAk\xE7�\xF4zq\xFD\x9F[\xB6E\xD2\xF4UsÝ“\xAA\xA5G\xA5�\xF0��Ø”\x8B\xBD\x99\x90\xE9\x96T#\xB4" ��=\xB8\xB2\x9C\xD4\xCE \xCA�=\x8F\xBC\xF03��\xD3b\x95E\xECB8\xA3I\x8A�\x9B(\xE9\xFB�_\xE2\xE1\\xB0; 1\xF1r؆�'TD\xA2\xE2P\x9A
-�\xCB.��W�g;T\xB1\xAF\xC9\xE36\x88\xA8w\xA0iд*%ߙ\x85.\xE8i\xD0\xEC>#q\xC8aqˈ\x90y#e\xA9h��\xAAa\xE0\xA0慙-\xC1\xA3\xE4�mE
-\x80w!\xA9\x8B\xDA۬{(\xD8\xD5\xD9\xFBZ\xC1�BU/ld\xE2\xEC\xE3G�\x86\x85\xA0d�`ա7\x81\xBA\x98Ě6Fb\x8DU\x92СWXQ4\xB5�a#\xA1E*\xA8�\x87D i\xF1\x80�\x82\xE8\xF9*\x96$vv�ߙ|3 at NH<_\xDFSSn\x88\xA5V�b\x8E\xDEj\x9B\xA2
-}\xB4!Da\xB3Ñ \xAB\x81\xFA \xA9×´�4:Þ‚\x9C\xDArb\xCC_|k\xD1\xCC+\xB5\x99\xBA\xC3��XMNJ\xD5,\x8F�\x8F��\x9EŲ\x99\xB0l
-*\x8Aѳ\xC9�ȶB\xB4P�\xAB\xF7RQl\xB7�\xE8�Y�YU`Ђ\xB2\xD4y\xDB�I\xA7�:\x93\x97\x92\x9E\xEF\xFD�\xDE5\x9C/-x4\x90E\xF3tf\xA1\xEC\xBC\xEE\xD7�\xB0\xEB�m\x8B\x8EE\x87\xFD\xCA�\xE5\xE5\xB3ͦ\xD5�0\xB1\xC0"\xF1A\xB4eog\xB5\xB7nl\xBDN\xFA\xC1t\x9A\xA1\xEAH8C\xEB�\xE2)\xD8��\xABq\x91\xB1\xB9\xBD\x96�\xEF\xC2~p\xA7\xC5�\xFEB�Т\xBFlC�4е\xEC\xB6X\x81"\xD4�\xAD\xE5\x86%\xB1\xA2>hI\xF8b\xCF
-Dx^Q\xDC\xD7�}\xCC 'B\xF1[����:\xE0)B\xBDR, S\xB4�\xE8\x9A�\xF0fB\xD7\xC94\xC2\xE8\xEC\xD9�as\xCC\xC1(\xCD�\xA4WY�Ĥ1,]\xA9�\xB1\xA4\xC9\xE3\xCA3\x92\xDE\xD4o`(g\xBE�w,Q\xEC�(\xC1\xEA|\xEA”\xAD[\xE0\x8E%hXTMw\xAEGKuQ*\xB4b\x8B\xBDM\x88\x98\xD3Z\x90\xEA[MY\x8C\xE5A_qjR�d\xD2Gq\xA5(
-\x8E\xFC�\xD5w\x94\xC4H��\x89\xD6�\xE7-튵\xA8\xF9\x8B\xF4k\xA5\xA0k\xC4u6\x99i^T6_\xF7�\xF2\xC2\xEF\xB5\xC6�\xEB\xB6Rί�\xA5�_\xA1z\xD0$\x90S\xD1W�\xA1�\xD7$JՎ;�\xDA��c\xC2\xEDPQ\xFE\x88\xFD\x9A\xB2ܑ~\xCA
-\xCC\xFB�\x9B\x8Eh�q\x95hM��\xE2T�\x82o\xC1\xE1\xA1\xE4\x91�\xB3\xB5%\xB1\xD3\xEA\xD22\xA2'\xAD[\xDDDJ\xD6@�\x81n#\x8C \x81\xA1\x89G\x80\x92H\xDEt\x82 ��$֬X\xAE:[\xF4M\xA5\xE0ki\xBA��U_w\xC2Ʉ\xDFs\xAC\x89\xC5�w)\xD5!�\xBARb�\xE3\x92\xE8\xA0#\xF6p� \xA30?\xDB9B\x93%�\xAB\xA1\xFE�\xAD!
-�M\xD3³a�\xBE\x93ܶrh%[\xEDZyG�
-\x98�\xD8yY\x89\x9F\x8B�\xA9
-\xA8z\x8E\x85N�\xACV\xA5�%\x99\xAD\x82\xA8\x99@\x93�\xA3��=HU\x98\xFC\xA2\xB3l0\xBCTq_�PI\xD0�/u,d\xC6��\xF6\xB6f\xFD"\xED\x8CؾMM\xE6u [endstream
-endobj
-952 0 obj
-<<
-/Length 65536
->>
-stream
-~\xF2\xD0~\x8C�< \xA4Ë�$>\x93ÚÚ€rHG{\xD6�=\x87\x9E.�i\xA6\xA9\xF5\x88\xC0\x91\xD8C\xEBl)\xE2$\x8Afä¹¹\xD5\xF9\xC2c\x94 �\xD08�=\xAB\xD9[Ôª\xBA\xA2\xE8\x92@\xA3\x8BɪVH)\xA2l�\x96\x92�5P\xC5w\x8F\x9D\x8F\xB0\xD9�\xFA��\xB1\xB8O\xE6*<�\xACo\xE8lI8\x8B[\x86\x9F0N\xA8"C\x88�\xFB�\x9C\xDD\xF2R\xCF\xF8\xA5\x8B\xCD�;\xB7\xED&\xBB\xE7\xCA\xC2Ö™\x83\xC0|\xCB\xE4�
-C\xF1��\xD9\xEC˙մ7]\xF5\xE0ӡ\x97%3s\x83\xE4;\xD1\xD5\xD3ʦ=˘\x89�T�M\xA8\x9A*t\xE8�
-\xABVh"\xDEs\x87Y0\xDA\xF0*
-\xA2\x8C\xABeg
-\x94 ;��W\xA4,Ĵ\xA9��\xB4
-\xA8!;]\xBB\x81x\xC2آ\xB3\xA1Ŭ
-\x83^\x99\x84\xCE\xEBx��h\xB6o\xB9(�V$GU\x84 at s\x90s�G
-\x87\x8514\xA7�\xC7I$�\xCFºԒ~\xC3\xC9}Hò\xAFY\xA4^\xAF��\x8C\xBB\xB9\xACA���`$\xED\x92.4\x99�C9\x97\xE8\xD9
-\xB3Sɯ\xD7'=\x89�Ç�\xCF\xCE
-\xC4�Nu\xD4FH�[��\xE8\xD5W\xB4\x96$\x91\xF7M\xA5#-\xFCy\xEA^c\xA1\xA4�U\xAD\xBF\xF6bܯ\x97\xDA\xE1hg\xB1�x\xC0\x8D\x8A�\x9B\xC9S\xAFwD4\xF7\x86\x83\xCD\xFA\x9EÓOU\xBD�q6\xE1\xEEuV\xDEh\xB7�\x98JÊ¿\x80k\xA0\x9By\xD5�Uì½\xE6\x82\xD2g'\xB8�\xF2|\xCDÄ€\xE3)\xD9u\x94SзEE\xC3Lzzi_'\r[\xAF\x9F\xF7\x95&\xDCc\xFDb\xF1\xC12s�{} \x95\xB9\xE0\x94\xE7\xD5\xF9r܈~�\x97�\)ʘW: \x97\x90\xCF^)\x8BA\xF6�\xB1\xC0I`\x97\xE2;ÊŽ\xE6\xA2�m\xB3\xB0y(\xDET\xC8m\x82K�\xC5l\x9C\x82\xAC\xE4\xFC\xD54B�A\xF2\xCCq\x8FE\xC97\xA56'\xF7;\xA90<�G\x9Ea\xF8E\xD5\xF3G\x9Cq\xDEc\xB5\xE2fs\xC6v\xCA6\x94�nqH#〗vÌ™\xA2K>bɹ\xA0�\xA2\xC5\xCB�\xE2\x8E�\xFA\xD5�SE��\x8E\x9100&� \xE3&k\xC0K\xABh �\x9F\x97\x94\xA5s\xAD\xA6b\xA11E2\xB9\xA5'oN�s�?\xF6\xBA\xB7H\xA7}\xA9\xD2\xD9�\xCC�'\xFA\xECÍ´r\xB2P<\xC1L\x8F\x86L��\xCE\xDEA\xC51ѯ\xB7\xF4
-c�g\xFD�\xE4�ܤ\xE9b\xB0Ӛy \xBC\xE5�\x91\xB0\x98\xD5m\xD5p\xE6\xDA�pw\x88\xB0z(\xE4S\x9E0'\x93\xE9�\xD1��'\xE4�\xF2\xA3��\x98\xF5
-+[8 t\xA7\x9A_�
-\xB0\xFBJ:@\xA7.&\xB5\x98\xD3ˈ�'\xB1٤ e'\xA3\x8Fb\xCE%\xBE+\xED[e\xD8\xD0\xC6\xDC8Y|J_\xA6ˢ@�\xE3"#X-\xB3Fmn�^\xC666�\xB0t\xEA8\x97\x97\x81\xE9\x93�(\xC4b\x8D\x80\x87J:N��q�\xA0U%�\xA3ɥ\xD3J\xC4\\x9F��*l|\xBF8\xC44u\x85\xB6\xA7&\xFA\xD2,\xA0\xB20\xEF\xDAٗ��ʰ\x88O\x81/\xCA�\xE1�\x9F\xA7�
-0bK�\x98\x92\xF6\x90\xD0AK�g<\x97E\xC2M\xC9�\xE7\x85�A\x99]x/6\xF4 T\x9CG\xC8�\xA5�\x96
-\xD6);\Ѓ\xE81\x8D\xEA\xA8��U��'\xDDs\xC4ui\xB35gJ�\xB9ꄨ\xBC\xA6\xCA�[\xE6\xE4<\xF6M�\xAF\xA6b\xB4h
-l\x87\x92X'\x80\x93r_\xAA0L\x88gۉ\x9A\x88̢,\x96\xA2\x9C\xF3\xB3\xCFBc4\xF2\xEC\xEC\f\xD7:\xDA\xE5�ۺT\x89\xA9\xBCU3w\x8E\xBA=\xA8]�/\xB5\xC9�\xD2)\xEAS\x93�wkB\xE7\xA1"\xCFU-H\xACgD0")\xE205\xB7\x91}\xC0l1\x82\xB0$\xAC\xCDf��\xA3k\xA5\xA0�\xCE=-\xAFͽ\x9AШ�Ը�\xAA\xC2�#\xB4#\xE1\x84PI�\xA4\xE1\xCE\xE5\xA9W\xB6s \xB4\xA1/P\xA1J\xAC\xEFe\xF6\x83\xE9\xB6\xF58�\xF8\xC8�!
-\x8C\x{DD0B}�V\xE4\xF1\xC0\xE7(/l ̳!&Z�=;ٵ\x84*e�5\xAE6\\x80D|k'
-�n\xB5D,}H\x85\xBC\xBB
-(8\xE2\xA3\xF8\xB5\xA6=r`Rwm[\xA0H\x90\xF0숰�jh\xCAPC\xE9Y\x8B�3\x83\x8A�\xA3E\xD8P�\x98�\xC0FH \xB2&\xF1�\xC3F\xB5B\xD7\xC0\xBC\xBB\x98 *\x82�a\xDCΰU\xD7\xC4Γ\x89\xD5b�~2�\xA27bRj@\x9F�\x92R'\xF8^͡\x97%\xAA\xCC�~��hY7ZG\x92\x80\xD3\xF3$\x9A\xD1K\xE2 _\xB9Se\x91�(\x98D0J1@\xD8|\xA0y\xFE}�,9M�
-���\x8B\x85\xFC\xAB\x8D\xA0%\xDCU\xD1C\x95\xF7\x94 �H\x87\xD6\xFAf\x88sE���\x93\xBC\xF9�\xE2쀔\x8AG\xB2\xBC\xB5B\xB9�\xE1k\x8A\x88#s\xF9[\x8DXt\xA1\x9F\x8Fo�\xEC\xE8\xE0G1V\xD4\xFB\xA0\xEAH�>\xDC\xE0\x8C\xD5×™\xAB\x89\x80O at X��\xE5�\xDA�;\xBC\xF1{\xAE\xCA)\xEA%\xB9A_\xEA\xC4�\xD5\xF9\xA2e \xB8��=�\x82U\xD9\xF8\xBF\xA8\x818\xE1ì¨\xE2Bb��\x904�^�z�1H;XY\xA9�]6\x93\xDAU�\x93\xA0YW\xE1Bcg<Úl\x87�\x9C\xAAeq\xE1gP{\x97\x85\xE7\xA2�R\xDD�\xF3\xD1\xCF|�DXm\x9E$\S��\xFF2\xD6\xE1.\x8D\x82A\x9F�.Bb\xDDp\xD9)(\x9B\xC8\xC13\xB4�\xA6XB�Å‚3�\xBB\xE5^I\xB2"+y
-G\x9C椲\xCDf�\xCB\xCE) #\xA8\x80Ò¯Jd\xF1F\xA5s\x84\xA9P\饊'\xF3t\xA7l\xAA\xE2v�s\xDB\xD1a\xF9\xB3\xA5\x83Æ¡\xC0�\xB0\xE2\xF1�3 U;r\xF0�\xE3qeS\xFB�\xB3\xBA\xAF*7 �Ѓ�Z\xE1N�\xF4\xD2\xF0n\x81�á¿\xD5Q]6M\xC1\xE9\xFA\xA1\xCDav�9dL���BÙ´9:�5\xE8\xB3\xFB*\xF4\x81\xB2e\xE5�\x89�,\xB6
-b5k\x9F9\xE6*\xC29D\x83p�e\x86(`2.\xF7<�\x97�B�\x9C;th�\xAE�\x8B\xD5\xFB\xC5Q8\xD3�R}S�H\x94\xB0\x86\xB3M�\x8D\xC8�\xF5ôR�\xDB\xC40\x88<}*;r&\xAB\x80\xD6\xFF\xCA\xD8ï©0D\xA0\xF6\xAA\x83\xC2K\xE2 \xED*;\xE1BFd\x9C\xB2fv'�3Kt\xCB�v\xB5�탧\x84�܈(\xD5ë©”\x82\xD9\xCAzQ\xFB\xBE\xA0sÛ†\x85\xB18`Ǫ\xFDL\xBF7\xB0\x91�\xEEH8\xC3\xD2\xE6\xF2O\xF4\xAC7\xAD=Vp\xAC+k�\xDF\xE9Z�\xAE\x98�i��'1�\xC8y\xC7\xFBbn\x8F\xD9\xC5OO\xA6��j\xE7y5\x95\x95\xBCâo\xF9�\xAAOFˆ\x8C\xDCs@\xBC0��\xBF\xAF\xE6/�F\xDF�Z
-\xFA\x9A�d\xAF��R7\x9A4Ж\x88\xAF\x84r\xEẢ=�6"\xC4\xE2֡\xE2\xF75�"\x84\xE2
-\x9E\xD2\xD2\xDBÖ\xDC\xCC\xF6[:�\xC2d\xA8*�\xE0\xB1\xD0`\x8C\xC89\xA2z\xEE�\x8B`o\x894`É|{j�K\xC7��Y\xA8X\xB3i\xE8�\xD4�\xF1\xC24\xD7�`\x81\xBC0\xF0�a}�'5\x9E\xA5�\xD3�I\xEC�V�\x8C\x9DH�\xEB\x9B\xCD\xC4\xE0%\xC2%�\�\ \x84�\xCEvv\xB2H\xB3~�\xA8\xE2à·´���\xB0\xEE\xFC@��\xDB��\xE4\x90���V\xEC\xA4\xD9d\x9Bt\x81\xC8&�}o1�\xB8\x8A\xA9\xAE\xBD\xBD�\x9AM\xA0\xC4m\xE8@\xE6\xF5 v\xE1\xD8\xE6f3�\xD5\xE2\xE9t�\xA8\xCE�\xB2iVZ\xCF\xF0\x85v\x80qMui\x95\x85$:\xAD|�U@\xA8�\xB9\xAD\xC49[\x94\xEA���\xD0*\x99"\xBD,\x98Y\x8Dae\xA9o$_\xC1j~R�b\xB3\x8BA,\x94\x90�\xFE\x91\x9A\xB4\xCA9\xB11"�\xEA�\x9F�\xC5�\xD5 Q\xE5\x97*�\x96d\xB6_9\xD7�h'\xCD='ah\x88\xE4.�hY\xA0F\xE1J uy\xA9�Ñ€\xE8Up\x94�qp(�\xD8�N�*\xDE\xEE\xB0AP\xB4\xBBn\x84\xE2\xC9w\x89���\xB4.\xC3BA\xF5`\x80\xCC`\xFC\x8F\xC1��\xE9Ëš\xC7%�ɧS-R\xE8\xBAHhX�+\xFE�\xCC3lêˆ\xA7\xF9b\xC3���\x9AtV\xB705Pq\xADm\xF4 Ε �%E8[C\xC59\xB4\xEA
-\xBA5\xE7\xEBQQ\xF9\xB9c\xD8�\xC1l\xE5\xC5\xEA\xF6 a\xA0���\xAF\xC1[\xA4@�t��\x93\xF9uY�\x97\x93r\xB2O�`d\xCCQ\xB5 \xEB���\xC2bd\xEDVu\xC0\xFA\x8C:!5\x98.\xED\x97{�x�\x9F\x96
-\xCC\xC7z\xA2R�ØE]<T\xEA=�\xE2V\xF12>-,�|�\xFA}�Zf\x9EGz6C\xAB�E\x8F\x8FfUB7\x81\xFB2 \xFA\xA0\xBF\x9D`|\xF22z\xA9\xDAI1o\xB1Yo\xC4\xFAa\x98�$\xE3FA \xAAz�g\xEDjÞ¶\xA04\xA4>\x98z\xDE\xE6�\xBA\xA5\x85\xE3pjs\xC7�z3t\xBD�3�0-A\xB7�\xC8V}\x8F\xB3�\x82\xAB��\xE0}\xB6�
-�\x86\xAF]=
-
-VBYq\xDE\xFA(WMb
-rD\xA3T"\xA1f\xC9D\x8B�\xAF\xAF\xA0#\x8E2\xFB*TC\x8D\xE8w=>\xF8V�\xB4k\xBB\x87�\xD2"\xA3\xA9#
-\x8F\xE3C\xCD\xE3 Y\x9Cts\xFE\xCD\c T\x81k뱤�NÝ€^\xE9\xB168VM\xE1\xDF\xD4wo�b[\x94[\x8B\xE7\x8F\xF6l*\x83gKY\xB4\xABB\xF3\xCFm*\xD7\xC3g�/[�\xB7\xB4\xF3\xEFt�\xB3�\xB4\x9A1\x8Ca\xCC:3C\xBC\xB0_\x98DN\xD6�\x9D\xCB/Ç\xA8\xCDH�\xB5
-F-\xAF\xDE��\xCF\xEEb�P\xBC\xC4\xD3�p\xCCJ\x98@\xC2\xD9Z��Y\xBD[\xED\xEAp\x98��
-<\xA3\xC0P\x81\xA7NPJ��\xF2�bS\x80�\xAD\xE1BJa\xBE\x9FA\xFA\xB5ծ\xBE\x90\xE8\xEE'`\xCC+j\xBA1\x85\xBC\x83Z\xD7\xE6\xAA%5\xE1 s\x9A\x91\x9AI�-\xC0\xEB�\xD3h�\xE0�f��>@�\x8B\x8F\xABIfBd
-w�\xAE\xF3��ӣ\xCB�\xEDƚ"\xB6�\\xB7Y#xz\x9F\x89�\x8E\xFA\xE0pqA�\xCD\xF4ŰW\xF5��1B\x97Qȵtr\xA4�A\x9DCy\xC4~d!\xF9j*�1\xE9\xFB M�\xF4\xFC\x84W\xF7H\xE0\xD33\x88\xCA�\xA8��\xC5X\x92�\xE6`T\x94\xDBL\x84s`�\xEC\xB2y\xB2\xA0w\x90\xE8��\x80m\x9F\x8C\x97\x91\xCA ۚ\x84\xADN\x9C\xF9�\xDD\xE2\xBAT\xDC �\xDC
-vbJ\xC5<\xAEÝ >\xFCh�'\x91%��rf\x87M\xC5\xD4X\xADKs\xCET\xFA\xF8\x90\xF3\xD7%b%\xCD�\x8CrGI�y\x89\xC7\xCCV\x8E�q\x98(8x�j=\xFB\xBA�\xAA&c\xEEe�\xA5V\xDF\xD0:*u\xE9n\xE0
-\xEFX\xA0L�\x81�\x94\xAC|\xD9\xC0\xB0U\xB2�\xEC\xD60EZ\x8A;cn50N\x89\xE3�\xCB�z\x95
-Q�\xAC.Cu\x92xR`oTv.\xAE\xDE\xE2-\xB1�Å�È€\xE1{\x96\xDFÓ\x87]\xCA\xF9\x94",\x96\xC4�g?1� Y:\x{D97C}HÓžW\xB2Bz\x92[\xE4i\x81 \x82\x88\x9F\x9A}\x83 [\x84xyL\x8D�\x98-\xBF\xF8^^k=�\xB1O\xB0\xFCKc�e\x96F�\xA7\xFA\xA4u�\xDC"\xBB�!:"\xA1*\xF0\xA5�#\x9Ea�v;\xA8\x9CV\xB0q\x92hW-\xB0 O"c\xCA/�"\xA8�\xDE\xE60d�7\x98\xF7�\xBA�
-\xD6.h\xAE\xC7m
-(,3 \xB3\x94^6\xE3m\x8Bb*))<[\bA\xAA �k\xB0('3\xC8OK�\x97�c\x8E\xCB�+
-TK\xE6\x89(\x94Z\x99\xD7
-\xA0\xB4��v\xB4\xB0\xD4\xE0\xD0 \xE0bA\x8A�É•S\xC4b\xD2s]Y13*\x8B\xB0Ad\xB5Ü”Ñ\xAD,�2L\xA4�qT㉨)\xFCl�\xA3Q\xAEh'+\xC6ÊŒ\xC5,\x97\x9A�LI6\xD2�ßž\xCB\B~\xCEM\xACF��-O\x9A\xF6\x84>9gL(\xF1�Óœ�\xE6\x9Ac\xED\xF2󰸹\x93>8\xBB*`e\xB3p#G�/��/פ%�\xFA\xB6e\xAFĸ0'g8�qs:�\xBC\xBC\xF9\xF4ef�4!\xEE�\x8A�l"\xE6qA\xFF\x93G\xA4\x95�\xF5\xF2Y\xBD9�\xE7\xA3?�-"\x87��\xB7�\xBD\x81\xAB,\xBBYÅšW��\xC1\x8E\xE8,\xCDka\xA86\xC3<D\x80\xE2\x98�\xC7\xE0\xF9�\xF2\xE9\xE2j0#Í\xA1\xDFC\x9B\x|\xDAb
-pn\x8E4\xD0\xDF�\xE1\xD0\xD4\xCC<R\xBF\xE0\xEF1ܺ(u\xE6#D\xF2\xD9{t\xBDb\xF7Ĥ&�\x8D\xD6#��z\xF5H<f\xC1LD0�ѳf\x967\xE5&\xE2鲓/x#\xF2\x99\xE0۱\xBCff\x8B)�\xEE\xC0\xB5����\xA1\xE0\xAA\xD0\xE2\xAC�\xC0\xA2fk0\xA5\xB7U\xFBb\xB9\xD8fP\x9FO\xA4 at Q\xC2\xD9Ym\xB4\xB5�\x83\xE4PK\x97VŒ\xB6\x82Âhp�\xCD\xED$\xB9\xF8\ \x86\xB0I\x9C\xB9uc at U\xAC\xAAp\xA1\x97&\xB6M\xAE\xE6
-\xADr\xEF\xE0\xE7S4wT\x8D`\xFEd\xB6u
-\xD6\xEF�\xDC�g\xFA�\x8F�(\xDAeJ'[\xFD\xA2\xB0�\x97n�\x8E\x97\xF5:�&K%S*��\xB6f\xDB?\xE2V \xB1\x99\xB0\wI�\xAF\xD9@\xB0!,\xE1 s�J\�\xA7\x81\xDC\xE6"M\xF8\x90su\xCDT��\xCBv\xB5\xB3�a\xB1GP/�\x83��5\xBC�\xC1Y�\xBD\x91\xB5\x84�z\xFC\xCF�\x81\xF0�\x83�z\xFE`\xE7c\x8BC\xDBM�FKv\xA9 at 9\xF0\x826TaD�\x9CǛ\x9C\x83\xF7\x93u{4�\xECL\xB7\xCDHN#��\xD8\xFF$\xC2dh\x8E9\x94A\xE2d
-\xA8\xED\xCDd\\xF80�\xE1"\xDB\xCDb\xAAt\x89z`\xC4Q��u4U\xB9\xD0->c\x95\xFD\x82~\x8C\xEEk��-Y\xB4\x8D\xE4�1\xA2
-Õ€m{h� Ï°\xFC>�\xDA\xCA2f\xEF\xE2-\xEC\xE4PÚ‚\xD8Ù\xFE�\x98d\xD2W&\xDCl\xC0�3�hAD�\xD8n.{`\xE1\xE3b\xDAY\xB2\x9C\xD02\x81U\xDBYJ\x82\xB3\xDA#Lp[\xC2\xE6\xFC�
-g\x85y\x9Bթ\xCDܨ\x96\xF7kq�\xA2A5��\xD1\xCE4C\x86\xBD #Uk\x9D\xE0}6p�\xE9qͲP!
�ZGZ\xEF\xECr\xD2\xEDB\xBC\xC7�\x91\x9C\xD1\xEDL�m\x83u\x9A�\xCATFÞ²\x80]\x846>\x83|\x94=\x82\xD5\xF9
-\xFD\x94SH`��?\xE7n%=
-\xA9\xF4\x8A�-݂^\xCA6-\x8E^\xAA\xFCg\xF6\xC0l\xA0�3\xAD0\x88\xD5`I\x85i\x89\xADBF��a|\xB0E�[\x8D#\x94\xD5\xCC�iU\x8B\xD0\xD4`PQ\xAE'8!+�\x96|\xCA`\xA3_Z\xA6\xFD\xDC*8\xCB4\x8FYJ*\xC2PrVȂ\x8C\xD0�u\xDA>�%k ?\xCAnky\xD2�|\xF2\xB9\xD0fY\xA4\xE0"XJ\xF6\xB2\x9E\xC63\xA645\xA1^\x93�0$ =;O�\xAC\xBA
-.\xAF\xA5\xA9\xA6T{"t�\xC1�\x93\xB1\x83\xEE�\xF8�Y\xE1���\x84\xC9\xE8\xC9Vw\\xF3T'ϙ\xC1,\xFEyZ\x92\xA6eRi\xD8�ŢX \x94\xC4�\xD7'O\xC6K\xF5$p\xE8V�9że�\x96B\xF6e$\xF82\xB6\xDCG\xEAW"\x96uWLwT���ϮeFa\xBD\x84\xD8N\x85b\xA8_\xAE\x89\x8C\xB3\xC6\xEAc\xCE\xE8wo\xAE\x9E\xDD\xD7\xCD\xFD\xD8j�\xFD(�\xB7�\xDB.\xBAN'x�\xAB\xF2\xE7\xAD,\xDE�j\xF8\xEA\x8DD\x94\x8Bin\xDC\xFA\xDA�\xBB\xC6\xE6\xF3r0\xE0\xEF\xE0 k\xE6x+\xF08r\xF1G\\xDCMy#s@\x81�jZ\x91\xBFT\x93\xB2\xE1\xE6o \x8C\xE6g\xCD�\xD3Tqi�*/"\x8C\xBB=xa]ӊ\xDF8�\xD05�0p\xB6$�}ʼXÂ\xDCk\xB7
-�w\x89\xA6\xF0�!\x8F�\xBA\xE0\xA5�\x9FѲ/U�\xD5Z\xD0L\xF3s.��\xE7.%u\x8A\x8EI\xE5\x99�t3\xC7�K\xB6$\xF0\xA8\xA4B\\x88I\xA3\xF1єo\xAAA\xA3\x8E\x93\xB4(\xF8Pf�/\x8A�\xE7\x9C+\xC0\xE0\xF0J \xDF\xE1Ji�ЊR\xB5^� \xAA\x8B\xA86�[z2?\xCD�\xB4h\x9A�\x91\xCDi�5
-\xF2\x9C\xCB\xE7�&��g&ß™�\xB8\xABNXC\x9C(WK�H|\xE7\x9DsU\xBC\x92` "\xB8\x9B\x8B\xE1L\xE3�\xE4D↩!]\xF3\xA5J]vn\x96\xAALO/*9\xA1\x8EØ™\*J��Z\x85}I\xBF\xC7�É’�+S�\xB4\xCCh\xB6\x9C\xA9\x85#5[BY\`\xD4󌄎rØŠP�WÕˆtÔ¬Ô™Òh~\xD4l\xDC�Q\xB2&Ϲ,#\xECH\x9Dn�Bu\xD7\xD2\xD8\xD2@\x92\xCA�\xF4&\xF5&\xE49\xCF7�J\x8C\xAA;L \x93\x8D\xFC\xD2L\x89\x98\x93\xFE��I\xA6_M\xBA� M\xCE\xC1\xFA\xB4t \xD2�S\xE4}���i`\x99\x95"`�z2᪱�\x8C��!#h\x92Ô«\xB0\xEDx\xC8ɬ\xAF \x9D\xC6\xF8\xB9\xA2\xDF,~\xA9⤱\xD2\xF8�\xF5�\xA9l\xD3�\xB0\x8B\xE2\x8D\xF8\xBBÂ\xEC\xC0\xBA/\x9F`2\x87R\xB1O\x90\xC1\xEB�d5\xBD)\xA3\xD5Ù¥E�\xB6\x9A\xB1\xA8�\x9CJ\xA36gך�\x8CE\x8C.9-
-\xA4Ob\xCB\xD9d\xA5\xED�Ã�\xC4K\x95(�\x94�\xB0>P\x8D\x8E�w\xFE\xA2�\xE6li�\xF1 èž›C\xB3\x8AÈ W%\x80\x9B\xD9\xE1\x82�\x82\x91s\xD9\xD7)�\xAA\x92\x91\xA9.F„\xF0ÇŒ\x84\xA2\xFA��\xC4%\xD0ts\xB1(c4e\xAC�\xE1ÊŽ\x8B<C:a&\xDC�\x88�\xAE�1\xF3}au=\xA4]\xCB_\x83\xD1ß›
-\xB3�L\xAFT�\x9A\x96\x8A R]\xE4\x93\xF9\xC5q83u)}\xFD\xEA\xEF\xE74\xB5\x99\xB3\xB4\x8B\xAB\xB9Ñ]CUT2P%\x80��1\xBDA�\xE6\x8C*:\xE8m\xE3@'/T\x8E�\xB1\x83X즘\xAFh\xA3J$\xF1\xECi\x8AQ\x8B\x8D\xB9EjF\xC6�\xE6\x84�\xA1Z\xC0Z�p\xC6\xD5�
-\x9DT\xBC\xA5a\xCC�M\xF1\x8BK\xD8�\xECH�4\xAB\xC0\xC1_\xAAt\xBE�s\xD3+\x90L\x8C99C��-'/.�yH�\xAB\xE9\xAEAc\xB1E\xAF\x8D\xF9\xC2�!\xB27\xA39˨jLB\xBB3\xB8\x98\xAEfe�\x8B\xE6\xA2(ђ\xA4\xA2\xC5$vu�\xD5t\xA8\xC2e\xF0\xDA�>AoTi\x98u FͿ\xC4\xD3 Ps\xAB\x9CI\xFB�\xA3\xB3\x82x3\x90rY\xBB\x89\x8A5*|, tO\xB5�E\xB0%\xF8\xB9\xA9�6\xE53~\xBD,\xEFQ\x8Dղ,\xA8\xAC�\xC1\xE0`\:\xE0\xBA\"\xB3\xB6Π\xED ʄ\xFA\xB68q\xDA�\xA1\xEEjN\x9B\x8E\xCA\xDCʖ6\xF7\x8CJJ\xE8!\x98\xC0\x8Fɕ\xDE44\x9C\xA4\xB8\x89�}\x94\xED\x9F�\xCF'C\xAB\xDD�s\xFA\xAC\xED\xB4j4�Q\xA0\xAD"\x8C\xC9.\xD3dsSQ�S5\x9F\x97*E\x84)Z$\xA5\xCF�\x80\x84ɂ>\xA5H$_.\xEE\xBC\xF8d8/\xB56\xB7�\xEB��\x9A�\xBB[\x9E\x97\xA6\xA3\x90\xD4V\xF9B\xAF탘�\xB1f\xEE7\x88q�(
-�\xE2\x9Ap\xC5 PD\xC5\xED\x94�1\x99'\xA74\x94w\xACK�\xF4\xD2̗\xB2\xB1\xA0\xBB�jqADa\xEB$�{c\xC4u\x92(\x86\xECaX\xA5$\xCDе\x90\x99\xCBe#\xED⡳\xE5\x8F\xFA\xEC�\x9DAuq\xAAF\xD8L\x83\xD3ÉK \x9A\xCAnF8\xD5"\x91\xB2;\xF4\xD5�.B
-\x84\x88\x815\xF1\xA9RÙ“X\xCC�\xC0\xE9FY\x93�\xBB�\xE9�\xD5/\xB4k+|\xA8$\xB1:.\x98Vuy<*\x80\x89\xEE|=\x9B\x92\xE5\xED\xD7`_!I(]~�,�9\xB3ѳG�\xE73r\xBCa3m*\x8C\x88\xB2\xCA �\x92\xC4×\xD3/Î �↡ൟ+\x8A\xF2\xFF!\xEF�\xFAC~\xD6;lH\xBD\xBB\x97\xDC\xCC\xF8\xA9S\x9AÚŒyS\xB6\xC1hI\xFA\xBB\xA7\xCB|\xEC\xF4\x9B^w�\xE7F\xE0\xD8AX8\x99�\xCD�(\xD1v\xE7\xE4\xDEw\xECPd\xA2\xD8\xECgt
-9\x86IB\x90"\x84 \x91�X\x8CÝŽ\xBD\xDC\xE2\xE7�\xFD\xB5\xC6\xC0\x9DH\xF8\xCD\xEFn\xDF\xFC\xE1\xEE\xFA\xCD\xFD\xF5\x9B?\x9F\x9F\x8B\x98\x89\xB9\x97\xFF\xF0\xECw?п\xB8I\xFE\xE9\xEB?\xFE\xEB\xBF\\xBF\xEE\xCD<\xFB\xA5\xFDy\xF6O\xCF~\xF9\xA7ß¾\xFC\xDD\xED\xAB+\xFA\xF37×—\xF7×·o.\xEE~z\xDF?|u\xF6�\xBBy\xFD\xA6\xFF\xD3y\xEF\xD6\xDD\xF5\xB7\xEF\xEE\xAF\xDE\xFE\xE3\xD9\xF6\xCB_\xDD\xDD]l=q\xF9\xFD\xF5\xEBWwWo\xE8\xDF\xFD\xD9/\xFF\xED\xCD\xFD\xFCo\xF4\xBF\xEE\xFA\xE1\x8A\xFE\xED�\xA6_\xFC\xE3\xD9/\xBF\xEEͽ\xF9\xF3\xE6�?^\xBC~'\x8F\xFC\xB4\xF2�\xB1\x8F\xD3�\xFD\xB5?q?\x8E\xAE\xE7{\xB8\xE7{\x84\x9E\xFF\xEAß¾\xF9\xD5\xEB�\xBE\xBF\xF8\xC6=8\x82\xEBW��\x81\x9E\xF9\xECcp\xD3�\xF3\xFF\xD7\xEBW\xF7\xDF?< }\xEC8\xC7\xF0\xFD\xD5\x{15FFFF}x�xî³\xE2\xF6\xDB\xFFsuy\xFF\xEB\xDBwo^\xF5\xFE\xFD\xFAvm\xD1\xCFC\xFA\x8E�\xA1\xFF|s}\xFF\xF6\xE1qm<\xFC\xDF\xF7�ñ\x9Cl\xF7\xEF\xEE\xBE}p*\xEE\xAEÞ¾{\xBD\xC7\xD7\xC5s\x9F\xFD\xEB\xD2(Þ½\xBEzsy\xF5\xE0X\xE47�\x8D�-\xE6q\xBC\xB9\xFD\xFA\xFE\xFA\xFEr\xED4\x98G\xF1\x96�\xFB\x8F\xEB\xD7W{,Î\x87?\xFB\x98\xFC\x83\x83y\xF3\xEE\xE6\xF7\x97\xF7�?\xEE3\x96峟\xFF2\xED\xAA\xF9\xF6\xE2\xEDÕ¿\xDC]\xFD\xDFw}9\xEE\xA1�l=\xBE\xCFÙ±\xD2u\xF7\x9E\xAE?x\xD8]\xFD\xC7C[h\xEE\xF3{\xE6\xFD�O\xAF\xEB7kKp\xA9�\xD0C\x9F}A}}\xFB\xEE\xEE\xF2\xEA_\xEF.~\xF8\xFE\xFAr\x8F\x81\xEC3\x8EG�\xC6j\xC7\xE6\xBE\xDF\xFEpuwq{\xF7\xF0�\xE6'�m/\xBC\xB8\xBD\xF9\xE1\xF6\xED\xF5\xFD>[\xE1St\x80\x95\x89�\xDF\xFD\xCB\xDF\}w\xF6\x!
D5\xC9`:�L[�S<�L'\x83\xE9d0\x9D�\xA6\xF5Q|wwѵ\xE8׿\xBB\xBD~{2\x99�\x83y\\x93\xE9\xE1�\xFC \x99L�\xBB\xEFN�Ó‘�_'\x8B\xE9d1}\xD8^8YL\x87\xAE\x88s\xFFtm\xA6\xBD\xFA~\xBCVÓ¯\xAF~\xBCz\xFD\xF5\xF7�\xAFn\xFF\xFA\xA4\x83M\xF1�\xB0\x9D\xF6�Ç\xDBNOǼ\xF8\xF6\xF5\xBB\xB5s\xEC \x99�rK\xB37\xE2\xE9\xDE\xD1�k\xE1o\xEF_\xFD\xE6\xEA\xC7\xEB�\xEA\xC9>6\xC5\xF2\xE9G\xBB\xAA\xFF\xF5\xE2\xDDÛ·\xD7�o~\xBD\xBEÒŽQq\xBD\xFDî»·W\xF7\xEF\xE9\xF4�\xDA�{m\xF2'\xBC/^\x{D867}\xBCz�Ee\x8F\xAE\xBC\xFA\xDB#n\xDF\xDF\xF3>xB�\xF7\xED�W\x97\xBF\xB7\xD6\xE3'\xB4k_\x936A\x98\xB6\xCB\xDB×·w\xFF\xF4\xD7\xEF\xD7Í\xE5�\xF1\xD3\xEB=\x9Cg\xFA\xD8\xE9$\xFA0m\xF1\xE1\xE9\xEF\x8B\xEF\xDDë‹»�\xB7o\xDE\xDE_\xBC\xD9cy\xED\xFE\xE2���{\x8F\xEB\x9F\xFF\xF6\xC3훫��\xD7\xFC\x8B\xCF>\xAE\x87\xB1�o\xDF\xDD}wqy\xF5\xF5\xE5\xC5^\x9Bf\xE3駤埻\xA9\xFFÏ“5\xF7\xD3>\x9D?R{\xFF\xDC\xEF5\xF5\xFF\xF5p\xEF\xFF\xEB�\xB5\x80?\xDC^\xBF\xB9\xB9\x97�\xFCi�nW_\xEBy\xF2RoÅ“Fr\xECf\xF6\xD1\xFA\xF4\xF7\xFD�G\xAB\x87\xFC={\xF3\x8FeS\xBF\xBE\xBE\xFF\xC3\xC5\xF5\xAA&\xF4\x84v\xF5\xFE\xDB\xE1hw\xF4��\xA5{XM\xF8ËšGa\xD1uz\xE6�\xBB\xBEf=-\xBB\xEE\x8EÒª\xFBKØ£\xEB\xE18\xBB\xBEÇž\xFD\xCBclÙ‹\xBB\xEB\xFB\xEFo\xAE\xEE\xF7دw\xD9Ó±,?\xC0M\xBE\xFF\xB1\xFBH\x9F\xEE\xB7Ww\xBE\xA2\xB9\xFB�Õ/j\xF6?]�Nx\x92\x8F\xF5s\xEC�I?Z�\xD3\xC3]?R\xF7Ò¯\xFE\xED\x9B�\xB7\xB7\xAF}wu\xF5_�G�\x8E�K\xE2NX\x92��\xFF\x98�\x9D\x87=^Go\xE8\xEF\xE1\xB4;\xD6\xF3\xE1\x8B \xF8\xB8\xE7�\xE7&\xDF]\xBC\xBA~\xB7\xC7>\xC2s\x9F}�\xAF\xAE__\xEC�\x87~R6\xDBoo\xEF~\xF8\xFE\xF6\xF5\xED\x9F�\xD6O\x8EG\xF3\xFF�\xB2\x82\xF6\xC8�8\xD6�\xE9t�\x9D\x8E\xA1\xD31D{\xF8a�\xE4\xF1\x9FCO�\x85\xBFOvÕ‘�D\xE7?'\xB2\xF3\x91\xF6쓃G~\xBB\xC7\xE1\xF4\xFB\xF5\xE11�\xEF~\xDD\xE3\xAC9\xD6
-{\xCA\xE2~\xFF`�7\x8B\xFBa\xB8\xE3�\xCA\xE2~x\x87\x9F\xB2\xB8?㡵� \xFF\xC2.\x8D\xE3E\xB8\xEC\xF1�NW\xDE'\xE8\xFB\xC3\xD3\xFEvO\xF08P\xE3\x9Fy \xFF\xFEpd\xEB\xC5\xF7�o\xDE\\xBD\xFE\xFA\xEA\xF5\xD5\xE5^\xB6\xF2\xEE/>\xDC\xEB\xE1X\xE3��k\xF7�\x8FvK\xFC\xE6\xFA\xED�\xAF/.\xAFn\xAE\xDE\xDC\xFF\xF6⇧tU<l\xD4�\xFFU\xF1\x84�\xCD\xF6\xB9(\x8E\xF5\xB0\x9D\xCEðŸ³!
?\xDDƟ�\x8E\x91\xFF\xDAC\xCD\xC5s\x9F}\xAC7�\xBD\xA9\x87\x83\xAB�fE=\xD2i\xF5\x82��\xFB\xBE��\xE5I\xF5\xB0\xC1t\xFC'\xD5\xC3c8ޓj\x8FS\xF6XO\xAA=2A?1Wñ좇g⻻ۛ=\x80!\xFC\xD4�:M\xEEo\xF78o�\xA3\xEBk\xD7\xDB\xC2}\xBE�\xE5\x86<\xF4\xF9�\xA8\xAF\xFFz\xF1\xD3\xC3#\xE8'\xEB\xFD\xC5\xDD~G\xB0<\xF8\xF9\xB5\x96\x87G\xF1-՜\xD9\xC3G%\x8F=\x82_w/\xF4\xE0wׯ_\xEF\x85\xF0z\xFD�c\xB8\xBBb\x83\xE9\xC1A\\xBCzu}\xFD\xE3�J\xD5\xFC\xE4#\xB8\xA7\xDF\xEC1\x92\xCB\xCBw7\xEF\xDE��_\x8Ee\xF1\xECg�\xCD\xEB\xEB7W��\xE7�\^\xBC\xBE\xFC\xED\xED�\xF8\xEFœ\x9F},{\\xEB\x8B/\x84\xF7\xFE\x8E\xFB\xFE\xE0G\xDA|\xFC\x91\xD4\xF9\x8B7\xD77\xFB\xAC\xA9O\x84\xC2\xA2tQ\x97_ �b\x8F1�\xAF1\xF1tm\x89\xF3z\x82A|\xFE\xFD\xFA�\xC0 \xF6�\xC3\xD1\xEE\xD7}Κcݰ'�\xC4CΌDŽA\xEC\xC1f\xF5\x84p�\xA7�`\xC7um|�@\x88}\xAE\x8D\xE3�B\xEC\xF1�N\x97\xDE'\xE8\xFB\xC3J\xEA �q�B\xFC\xEC\xB7\xC4\xD3�B\~�@\x88=\xC6p\xBC\x87\xED\x97�\x84p' \xC4 �\xF1\xC9v\xCA� \x84\xD8c�\xC7{R\x9D\x80�� !\x8E:
-\xF1tp�\xFBl\xA0\xBD�\xE1#}\xB5\xA7H\xE0\xB5�\x82\xEB4\xEF?\xFF\xBC\xFF\x9C \xFCO`\xDA?]��\xE9\xE5O\x9F1\xEDW\xFF\xF6\xCDo\x98\xC5\xE0\x9B\x9Fӥ\xF5tn\x9C/\x84\xB4w�\x8F\xF0\x89L\xE3��\xC7�!\xD38�P\xEF?\xA0\xF2\xE9\x80z\xBA�\xD4\xC3�\xEFt@\x9D�\xA8'z@\xFD\xF3]�\x9C�\xA8\xA7|>}�
-\xD4�\xAD\xC2\xD3\xF1t:\x9E\xC6\xC7\xD3I}z\xC2\xC7\xD3�\xA0>\x9D\x8E\xA7\xD3\xF14<\x9E\x96a\x8Eo~\xCEX\xFF\xD39\xA5NU\xD7O;d\xDF�R\xFE.w\xC8ã>í¿\xE3�\xF2\x87\xEB\xBF]\xBD\xFE\xC3ë‹Ÿ\xBEy\xC2\xE9c\x9F\xB7\xEA\xC5\xE7&
-\x98\xCE\xD2\xC3 at 1\xE9\xE3\xBF\xEF\x83�[<\xFA\x94�2w\xE6\xBE\xF2әK\xFDOg\xFD\xBF_\xF5\xBF\xFB\xFF\xFFU\xFF\x87\xB3\xA7�\xA4s{��\x9C�!N\x84�{\x91)\xDCܮR$<�B\x88\xEB7\xAF\xAE\xBE\xBB~\xB3^\x89q\xB9\xA6~\xB8\xBA\xB8\xFF\xCD>{c\xF1\xE8#|\x95�\xC5\xC5{\xC6\xF2\x98��o \x92\x8B�\xC7\xF3$(.�R�\xFEn\xF8-\x8EEo\xF9v\x9F\xEA\xAAG\x8F\xD0\xDEk�Gk |��\xC8N\x96\xFC1m\xEBKT\x8A\xFE\xFD\xBB\x87\xCB\xF7�\xFD\xF6\xFE\xD0h\xCF\xD1&�\xEFwN�\xEB�_\xED\xD8�\x8D\xF3\xFC,\xE5\xD4�qc�\xB4P�v\xF5�\xED\xBE\xFE\xA0\xE3\xF6h\xF7\xF7\xC3~\xBC\xBF\xACE\xB4�]\xA7g\x8E\xB1\xEBk\xBBe\xD9u\xF7�]x�\xFFe
-Å´\xECz8ή\xEF\xB1e\xFF\xF2�;\xF6\xE2\xEE\xFA\xFE\xFB\x9B\xAB\xFB=ô‰¿¿;\xED\xE9\xB8\xDD?\xEC:<e]\xEDÕS\xC4\xF2\xE7\x88X>a�\xBDS\xC4\xF2\xEF b\xC9\xF3 at 1K?}\xB5ßœ\x9C\xA2\x94\xA7(\xE5)J\xB9}L\x9C\xA2\x94\x9F󫜢\x94G�\xA5\xFC\x92\x88\xF8OQʇ,\xC4c\xF4\x9B�\xBD\xB3\xF3�\xA5|t�\xE7)JyL\xDB\xFA\xD5\xF5wß½Ûƒ\xE7\xFC\xE8w\xF6\xBE�9\xDA\xCD\xFD\xB4�\x93�\xD3\\xBD}w\xF7]W�\xBFÞ“Fx\xE3\xE9\xCF>\x9C\x9F\xAE^\xBF\xBE\xFD\xEB\x83cz}\xFD\xE7\xEF\xEF\xFB\xBF\x9F_�3\xE4ã\xDA~\xFE�\xC3�\xB2\x81\xF7\xFCJ���\xE1`\xF4Pxq\xFB\xA6\x9B\xE1o\xF68\xBEv~\xF0\x94\xDCI\xB2h\xBF\xFA\xF3\xDD\xD5Õ›\xAF\xFAqr\xF5U7?\xAF\xFF|\xFBÕ×·\xAF\xAF\xBBz\xF5\xD5\xED\xDDÅ›U\xF7\xF2S\xF23\x9D\xCA#\x9E\xFCL'?\xD3\xC9\xCFt\xF23\x9D\xFCL�\x8De�
-\xEE\xE4l\xFAÜ·{}8�v\xF1_\xD77\xEF\xEE\xD7j[-?��\xFC\xEC\x8B+?<\x8A\xAB\xD7\xFD\xFF\xD8\xCFѱx\xF4Ѽ�\xBF\xB9f\xBD\xF8%\xED\x9A\xC7�H\xFCFt\xF4\x97\xBAs\x9Fв~\xFB\xC3\xD5e?\xB4\xEF\xBE�D\xF8\xD3\xF6W\xECQF�_k\xEBq\xF7�\x8F`�\xED=\xAE\xFE\xDB�]-\xF9\x90qÍ¿8\xCAq=%�S\xB7\xC5?\x83w\xE9\xE9\xF8.\xD4S!\xBE�ud\xB0�\xE3\xE4\xBB8\xF9.N\xBE\x8B\x93\xEF\xE2\xE4\xBB8\xF9.N\xBE\x8B\xAD\xB1\x9C|�\xC7g\xE4\xBD~\x8Fm\xFC�\xC2\xD0'\xD7\xCB`�'׋\xF4\xE1k5�O\xBE\x97S\xCE\xEEg\xFE&G\xEBI:\xA5\xE4?\xFE\xE6~}}\xFF\x87\x8B\xEBUW\xD6�\xDA\xD9{\xC3ØŽwW!\xC4\xF0O8�\x8F\xA4\xF0cM\xC5\xDFcÖ5�\x8F\xAE\x9FR\xF1OwÙ¾w\xD9�@-\xF3a\xFA\xDD\xD1^h{k�\xA7\xBB\xECQ\xBA~\xACwÙ‰V\xE6t\x97�\xD9]\xF6t�\xC2\xFB_\x83'J\x99\xBD:\xF0H/\xFF"(e\xBE\xFE\xFE\xE2\xD5\xED_O�!
0VÇ´\xC5'\xF3t\x8E\x99/#\xAD\xF9\x8BH�~\x98\xAD\xE9\x94�\xFC��\x8C\xEF\xBE{{uO\x9D\xBE\xBBz\xB5\xDF\xCA:\xFAm\xF2\xB4!\xAB�\x97\xB2{\xF5p\xB5D~\xE6�\xBB\xBEv!-\xBB\xFE\xB7G\xDCÆ¿\xE7\xFD\xF0\xF7\xA1{\xC4\xDE\xFF\xA2\x94\xF0c\xF9�\x9F*\x92\xF2�>\xC1\xC9�::;\xE8Ü¥_<\xB8�\xF7\xB8\x81�\xE3�Ú«\xEF{\A{\x84\xBE\xCF\xF6\xE7�\xE63uqz\xF8�\xFC\xF5\xFA\xD5>\xA82}\xEC\xF3\x8F!\xEC1\x86\xEF\xAF\xF6�h\xD9s'O\xC0\x91�o'O\xC0\xBA\xC2\xF0\xB9\xC1\x9B'O\xC0�i\xA1'O\xC0\xB1\xED\x8F\xFAt=�{t\xFD\xE4 8\x9EK\xF1\xE4 8\x8E\xEFp\xF2�|\x82�\x9C<��X\xA4\xF7�\xFB ,\x8E\xD6�=YA\xE3y\xB9|\xD8\xC7p\xF4\xCA\xDD�c8\xDAuy\xF9s\xE2]>7g\xFB\xDD\xC5\xE5\xFD\xC5\xEB\xDF\xDD^\xEF\x91\xC0 \xBFzh�h\xFB\xB3\xE7<}}\xB9\xE6\x8BZÚ¡\xF4\xD8\\xBFÞ‡pb\xE3\xE1\xCF\xEF\xBDz�I\xF9\xE6\xDD\xCD\xEF\xFB�\xFCq\x9F\xC1,\x9F\xFD\xFC\xA0\xD0\xE7�\xD3\xC1|{\xF1\xF6\xEA_\xEE\xAE\xFEﻫ7\x97{XC[\x8F?\xA53{\x9F\xD9\xF8\xEE\xEE\xF6f\x8Fk\x8B\x9Fz\x84\xCF\xF90)\xFC\xFD\xED�\xA7\xC5\xED#t\xFED\xE6r�d.'*\x94\xF5or\xA2B9Q\xA1\xEC\x8C\xE6K\xA2B\xD9\xE7\xB2\xFF\xBBaB\xF9$�\x93\xFFxw\xF7\xED\xBB\xD7}z\x9F\x9E\xDB\xEC\xC9\xF3$\xECc\xD0�\xABQ\xF8\xF7L\x8Fp\xF2��\xB5\xFD_<U�\xD1�=?^�\xD1|\x80\xB3\x96u\xF8�\xFCcn\xFA�pD\xFB\x8C\xE1\x84#z\xA2�\xF4\xFB\xBEÏž\xBE�\xFD\xFE!u\xEF\xE4\xC9}4O\xEE\xC3�\x8A'\xE4È\x8E\xC1\x93{\xB2\x98\xBE0\x8Bi\xAFC\xF8d3\x9Dl\xA6\x93\xCD\xF4\xF8=�6\xD3\xC3\xD7\xD4\xC9fz\xEC1\x9Cl\xA6\x93\xCD\xF4\x886\xD3 \xFFr\xCCV\xD3\xC39\xE8O\xC8jzx0'\xA3\xE9\xF3}\x8F\x93Ñ´\xDD\xFD\x93\xD1t2\x9A�}[\x9E\xBB\xA7k6\xED\xD5\xF7\xE35\x9C\xFE\xE7\xED\xED\xAB?\xDF]\xEC\xB1'\x8F\xD7jJ_\x80Õ´\xCF�NV\xD3�\xB5\x9A\xBE\x8C\x8C\xF5\xFDRq\x8F\xF5\x94\xF8B\x8A�<lO\x9C2\xEE?\xE3\x81\xF7�f\xDCß¾/k\xFA l\xF4\xA7\xCD�p\xE2�|ÚŒ�\x9F�p\xBAWAÉ£?s\xBE{\xDD\xCD�\xA9\x8E\xF9Oß¾\xBE\xB8\xFC\xCBWg"\xBA\xFD\xE1\xE2\xF2\xFA\xFE\xA7\xDAÇ‘\xF6\xF6\xFE\xA7\xBD\xEA\x89\xCBc\x9F��\xBCק\xDA\xFFX}\xA4-\xF2/\xF4]\x9E\xD0�\xF9r\xAF\xE8�$\xFB8Zo\xE6[\xE6\xCC{\xF13o\x8F\xE3\xDC\xDDǪv\xFC=\xFBd\x8F\xE5\xA4Ú·\xA2\xE0\xD1�O{\x97F<\xD6\xCD\xFC\xB4M\x88\x87�0o\xDF\xDD}wqy\xF5\xF5\xE5\xC5^
-\xD3\xC6ÓŸ}8\xFD~\x9F,Û½J\xAC/�\xB5\xFD\xFC\xE7\xF7\xF8\xEE\xB9\xCF\xF7\xFCH���\xE1`\xF4Lxq\xFB\x86\x8Bc\xEFa�n\xFF\xE0)9|yu=ar���>DN\xB5\xE5�A\xAF9\x86\xDAò¿‘y*-\xFF�\xC21Ǫ\xA4<|c\xE0c\xEDe\xEC\xFE\xE2�Я{\x8F\xEB\x9F\xFF\xF6\xC3훫��\xD7\xFC\x8B\x93N\xF94t\xCA'\xA6\xB1\x9C�\x96\x93\xC2\xF2�*,_\xEB\xF9y\xD2X�Wc\xF9Bз�V,\xFDH\xF5\xAF\x93\xC3\xF7\xF17\xF7\xDE\xE5\xEA\x8F~g\xEF\xED\xF1=\xDE]\xFD\x85\xE0\xC3�V \xFE\xB2�I_t\x9D\x9E9B\x93\xF0/k\x8F,\xBB\xEE\x8Es\xD6ר|\x96]�\xC7\xD9\xF5=\xF6\xEC_�c\xCB^\xDC]\xDFs\xB5�\xBD\xFD\xE9.;\xDDe\x9FD\xBD;\xDA\xFBl\xEF�r\xBA\xCA�\xA5\xEB\xC7z\x95\xEDq��\xEBU\xB6G\xD7OW\xD9�\xBCÊž\x8E�\xF5T\x85\xEB8\xBE\xC3'\xB8\xFC\x9E\xC0\xEC\xBA�<\xA1O\xFF /\xC1�RE\xBF\x88�\xB1'\xB2\x95�B\xA1\xA7bC?\xD3XN�\x95\xC7u�\xFFk\xFF\xE9\xDB\xF7\xE0�\x9E\xD0I\xFC�\xB7\xCA\xD1�\xC4\xEEl\xD2\xFF\x8C\xFE2Ƀ�\xE4\xBF\xF68�\xF0\xDCg�\xE8\xCDEo\xEAa\xEE\x81�\xBBk�Í€z}{\xF7\xDB\xF7
-\xE8�w\xFE\x97\x95n\xF5E\xA8a'\xE2\x80c\xDA \xBF\xFF�\xB3�?\x91\xDB\xE3s\xF39=\xACC�m�\xFE\xF9)�\xFF\xF3oerq\xD2\xD2\xFF\x8F/\x82�\xF5#�\xA6#�\x82\xEDo\x81�\xEDyt�j�\xD7�\xFF�ʮЉu\xB4�\xC3\xEDQL\xF9\xA4\xD2~\xDEU\xF5\xA7\xEF\xAE\xEE\xFE\xE5\xFA\xEE�p\xF8|\x8A\x9B\xE3\xE9\xC41\xEF/\xBE\xDDc\xE4G\xED\xAC\xF7g�{\xB6y\x98\xDCÓ\xB5\xF1\xF0\xE3\xD1\xEF\xBC{s\xF9\xEFO\xE8T\xF8�V\xD2\xF3r6\x9D}\xA9k\xE9_Oké³®%\xF7\xE5�K\xBF~,\x88�\x9B�\x94�\xFB�w�o\xDE~\xB7��\xFA\xF1\xACi\xEA\xBB\xF8\x97\xBF�\xBD\xE9C\xD3(\x8E\xD6u\xF0A\xEA\xEC\xD1�I'\xEF\xC1\xE3oqFP\xFD\xEA\xF5\xEBO\xB0\xB9\x9F\x8EE\xF1\x81\xE7\xDC \x97\xF7s\xE1\xF2>\xC5\xCB?\xA8\xE2\xC8/~\xF5on\xFA\xE6\x9Fß¼\xB2\xCA#$J$\xF9\xE6w\xB7o\xFEЛ`Ò„s�\xFF\xFA\xEA\xCF\xD7o\x96\xFF\xF0\xECw?h�\xFCO_\xFFt\xF3\xED\xED\xEBg\xFFð«»‹o\xAF\xDE\xFE\xDFÞ¥g\xD3Ù¯\xFA\xFF\xF4\xD7g\xEF\xFA\xFF\xF7\xFBg\xD3\xF3X\xA6T\xEB\xD9\xF4<\xC545\xFA\xA3\xFA\x90|\xEB�\xFE\x9F\xFEG\x9CB\xF3\x9E$x\xC6\xFB�\x93;\xFB\xD3ų��\xF1\xA7\x9F\xFA\xFF\xF1?\xFA�\xFF\xA7\x8B\xFEz�\xCF~{\xF6\xBF\xFF\xBF\xE9\xEC�\xBD\xEFߟ\x9D\x97\xDArIhg5O\xF4W\xEBM�\xB7\xA9\xB7\xDBZ$q{^\xFB�I\xE6\x9E\xD7X\xB3\xC8|\x88\x9!
1\x85á¹›B"a}\xEEZ\x88g/\xB4Y\xD7R qz^Zig$�\xCFK\x96�\xFA\x88z[g\xFF\x8B\x9F-Ï»$ʳS�^_VR\xA9Ò¯�\xA7\xAA/\xAB.\xF3\x93\xE5y*>\xF0\xCBZ\xFF\x99k\xD2@~�J\xE1G{�|L\xD2h\xCE\xD1i\xA3!'OB\xFF<\xC7)\x9F]jgc\xAA\xFD\xD9\xD4\xDA\xF3\xD4GÆ\xEDO\xF4Þ’\xB0w �\xCFB\xF7<5\xCF\xC2\xF2<'�\xB5\x81\xFE\xA5\xA6\xCA\xE2\xFA<\x86\x92\xB4\x81\xA9\xE6&/S\xD1\xCEd_>\xFB\x8E�\xA8\xFDgn\xF2:\x8B.{\xFE
-Ô®w\x8E\x9Ew\xFE\xB9\xCF)\xA3�\xB1l�\xFD\xF3V�M\x81s2\xC9\xF2�\xDC\xF3\xA6�\xACF\x9E�ns\xAAI\xFA\xE0K\xA1O[k{�\xFD\xC4��\xCF'\x97�?\xAF\x93~\xDC�\xA2\xBC*\xF6/\xCE3\xDB_�bo\xFF\x8F\xFCl\x9Ff\xEAx�O\xCFKi��.ʼn\xD0;ß´\x81)x/=pS\xC3$\xBA>�_H\xEC\xFA\xC7\xF1\xFC\xB2>19\x86,3\xEB\x9A\xF6\xB6\xF4\xCEx�\xA6\x96\x8A4P\xFBx\xBC+"\xEE\x8B×\x8908Y�á¹—^\xED\xCE6>C\xC0Br^\x96ß\x8A}(a!Va\x9Dv\x85\xC1\xF3�\x83\xF0��\xA8\x98\x86)M\xD6@\xE0O6\xC5\xFE\x95\xE6�R\xD0\xEEF\x9F\xE6�j\xF1N\xBEd\x9F�\x99\x9B\xFE!rJ\xFA\xB2\x98\x9D|\x88\x9A\xFAbL\xBA>r\x92\x85Û§!F\x8Cl
-�s\xE3B\xAC\xB2\x9D�}\xDEKm\xA0\xF4)\x94\x85\xDB7-^�\xA3\x8F2\xB9}�\xE5\xB3\xE5|\xB1\xB0�m\xA0/\x9B \xFBi\xF1\xEC\xF4<\xF7ż\xD5j_�\xD4\xF1\xAD�\x94\xBE\\xCB䤷\xADdy\x966os;�\xBE\xF5\xC5\xF4S�\xDFO\xC8\xE6e\x95Ʃ\xEFT\xFE\x94%\xF4\xF6\\x91\x89\xE4㊄幫1˗H>\x8B\xB0\xDA\xC1\xE6\xE5,\xE3/Q\x92�\x82}�M\x89�To5\xB6\xA0/\xABS\xFF\xBE\xFC%J\x94\x81\xEANu\xBC\xFFJ\xC6\xFE\xEBBWB\xD5�\xB42\x95\x8D�)\xD33\xE5�7�\xEF\xF4\xDC\xD1G\xDDX彳-V\xBF\xBD#z\xB3\x85�\xEEr\xF7\xF4�\xF43\xC5m\xEE\xB3>]A\x87\xB5ܓ\xB9=/\xBE%Y\xB8Ag\x8Bn\xA3\xA4�\xBD\xF6#\xEEl8\xDD/\xE4;\xE4\xBE�[�\xF2\x85s\xED\xCB\xF5F\xC5E?{n\x8D\x97(\x89|I",.V�#\xCF, \xA9+\xFC�r\xEA\xDDuz;\xF4s^\xFB\xE5S\xD2\xF3\xB6\xBF2j\xBF\xFA\x94F\xB9rb\xDF$\xFA\xFB>�)\xE8\xF5T\xFB\xB2\xE2w\xF5\xEB\xC9ɕS\xE5�௘\xE9+\xCA \xD2\xFAYR\xB9ݜ\xED\xC0\xECG'OAn\xD2\xD2\xF2p\x97Eлm׀\xD7O\xD0\xE5i\xF3\xBE\xE8�ҩ\xBEy\xB3\xF4\x95\xD5u�\xB7y�\xF575~\xF9\xF2\xBE\xEAS\xD2υ\xBC}\xB7\xE5\xBE\\xA6\xAC\x97+ok�\xF6\xA36\xE1�\x8Ar\x9A\xEC~(\xDAI\xFF\xED]״~C
-\xF5''ZX\xFC\xD2BG9\xC8>U\xBE\xF8$\xAB\xA96\x99�\xE7e\xDB\xF3\xBA\xC5�q\xA9\x9Fw9H�y\x97q�]\xEDÛºzU
-\xE8\xA8\xEEBߟ\xA0c\x92\x85Ss\xDCkׇ\xED\x8A\xCEZ6U\x83\xF6V_\xDB:E\xFD\xDF_\xB2\xB4ß’\xA4Jpw[n\xBC\xF7\\x96�#�7\xC9�\xD2\xFBUJ\xD2%\x92SÕ½\xE7\xFA-5á»…0\xF1>\xA3\xABMwN\x97\xF0ϧ*+\x98\xDB\xE4S\xFER\xA7\xCBWy\xEFUj</\xFD�\xC4\xD6x�\xFD\xC4\xD0\xDFg�j\xAAtI{]6\xB4\xAC\xF8\xEAMt�\x94Ư\xF7\xFDOO]M\xFD�i)\x89\xB0�d\xA5��\xA6\xAE\xEAÈ´x\xDA/\x89.I:\\xB2l'\x9F\xFA\x9F\xA4P\xF4a\xF6\xFEe40\xF5\xFBG^ŧ�\xF7 \xB8~U�n\x80\x8Ec�@슎\x8FÜ\xDA{ŪZ?9\x9F\xD3��!�\xE2Ü\xD4{\xE3�7\xEB\xFA=#\xDAGߤ9pg\xFB\xC9]\xA2\xF7\xBA\xF2cs\xDA at r�\xA7W_q\x95n��XH)\xE9Ö‘M\x9A\xFAÖ˜\xB2\x9E\xD5tWVj\xB5o\xECB\x9A)\xCE\xEA\x96y\x9FЙ\xD5diQ��_N\xD4 mS\xB9[\x9C\xA3\xF3 \xF5\xBEtm�7a\xBFaC\xE0\x97\xF5K\xB5zU>\xBC\x8E6\xCBl\x89R�\xFB\x8A\x91\xC9\xEE�\x89^�\xA4\xA8L,\xA6S\xBBNEoÒ–H\xFB\xA0)\xE0\xDBO\xEE1=\xC0+\xB5\xEA�\xF7>\x9F=&Vad%\xB4�K\x93Ë\xA6\xB3Ò©n\xC2K\WÙ…\xCDg\xFB\xF9\x91\xF9\xF4K\xA4\xB8\xCA
-\xB2\x90\xF5\xB3\xB5ߌzP.\xC5)\xF6\xE3\x83wW\xF8\xDB\xD2Ó™\xED�:?sp\xAA1\xA7,Ó\xFA\xF9\x90\xA7"\xE7Z�M�W\xA2\xAB\xA7\xAA\xE6\xE0\xB5_\xA9_"\xB2:i+M\x8E\xE7;Ñ·�%\xA5/\xC8>oX\Y\xD5\xFBI\x95\xEB\xEC\xB16i\xC7W=�{GY\x9F\xE2c\x95N\xB5�\xB8~&\xD1 \xFBN\xF6\x95\xA7 \xC5\xC5 \xDA
-0Ul\xBB\xB8�Z\xAA�ǜ\xF9�\xF4\xF7Ca\x88MVq?T\xFBm\xAE\xE7�\x9F8\x97:U\xFD\xA2\x8C\xF2*O�\x8Dl\x83º�u\xABV_\xB17X
-\xA1\xF9�\xA4\xEE\xC9*\xEE\xE7j\xCAQ\xC4�\x978\xDD\xD2 \xE3\xD2�\x94\xD6@\xFFF�\xA1\xAC\xE2~^7\xBF\xF5,\xD9b\xA1��N}'\xB2\xB0o.?\xE9Q\x9A\xD34�s}驾\xED\xB3�\xE7}\x92\x9D\x8D+�'�V\xEC\x9F5\xA6\xAD9htq\xEA\xD5�\xFBt\xF3\xCBZ?\xA1\xA7܂\xCCk\xEE?`\xA17\xDB\xC0\xCB -��]SE\xDB\xF5\xFD�\xD1�\xCCV\x97\xA7\xAB\xED\xA95(\xFB\x8B\x96F?Q\xB8c\xFD\xE0\xEE/ԣ\xDB{\xD6(�\xAB\xCDM\xEF\xAEЊ,��\xF7K�_,\xB7\xA4\xCF\xF6SB\x97\xA1�\xAD\x89\x84xU�\x8C+rl4\xD77\xB3\xAB\xB6\x8E\xC5\xF6\xEC\xF7II.a\xC5W1h\xBB�\xE2\xBD\xDB\xDA�d\xE7斃|�^\xA8b\x92O\x8D�#\xFAL0\xB0\xFA\xD9λ\x83\xF7'}\xC6�϶ż\x9B_n\x89\xFB�\xAC.\xA8\xE9�\xFC\xC4G\x84\xEA\xC1zH\xE5\xA2g�\xDDc/\xD4\xC2R�\x80\xEC\x94*wJ_^\xBED=\xE4X\xF1\x90Fsjz\xA4\xF3\xAA��\x8F\xF6\x9D�\xBE]\x9C2:\xA0˖\x84A6C�\xF2y'\xC2 �\x!
B7/\xDBܯq�W\xB5h\xBBҞy}\xF7\x8Bʡ�\xFD\xAA\x8D<\x85]�\xE8�\x95\x99\xED\xCD&>w\xFA\x91ߵ\xAC\xAC\x8B#�\xBE*\xFB\xB0\xD48\xEA�\xB0\xAB\x88rv\xF7s\xC1\xAB\xB6\xD1��\xDC)dR�\x97\xF5\xD9~\xE9\xF0\xBC\xF4^E\xD6\xE9\x9B#u z\x99\xECJ\xB7=\xF7\xC0\xF7\xE5\x93E\x8B\xE9\x8Ae\xE2\xDE6OZl\xD1=\xCE\xFB\xB2��\xADT\xEC\xC6\xC99\xDDL\x81�*\xA9\xE9\xB7\xE5c\xAE\xF5{9\xF7\xB3W\xDE\xD5W\x8A�\xFB\xEF�k�\xF4
-\xFB;\xE4\xF7$nY\xC51\xB3MN\xC2n&\xF3\xB0h\xFB@\xE63\xEB\x9E]�\x9D\xEE\x8E\xD8\xCF�_\xF4IU!��\x9DI&\x80�DY\xF1\xA9\xD1
-_D٘h#\xF2\xFB\xFB\xD9\xDB׽\xAA�]\x85\xE0\xBE\xD2=�\x9D\x93\x9B\xD6GY\xF1]\xA5\xED\x93\xC2�É\xC2'
-Ð\xE0\xF5Z\xEF\xFB\x8C\xF7gf\x8F�}\xEF\xDET
-\xB2\xEB�-�ވ]8A\xE5\xEC\x8AS\xEF-Y0\xA4.\xF80q�\xC9\xC92\xE9\xC2~$\xF7w\x9F\xC9`\xBB\xF5\xE9DXh'\xCB'\xE8#\x9B\xD8�\xD1\xC5\xEAC\xA1\xCF\xD5;TE\xA8\xE7t\xF3\xA1kw\xBC\x8CI3\xA1�d�5,٬\xBE�=MD\xBF\xA5\x97�\xBE)\xF8@\xA4\xA9\xEB\xC2\xFE\xB5Hq\x91#f\x82�\xD1͓~'\xF1�stX\xF0* e\x9E\xF4�9��\xD6|�\xC7$83\xDF5h\xF6GmVϣL\xAA�+,\xAD+\xC8\xFD^\xAB2\x8B\xBE6\xA7\xAB\xBB\x89\xCF,\x93!�\x83
-\xACV>!\xF2\xE2\xE8k\xA2Ø‹Ð…\xA6B\xB1\xECXH'\xB2��\xB7�}\xDC\xE4\xE5\xDB\xF4Óµ\x9F\x89A�B\x9A\xA2n{\xB9*h\xC9,|qA\x9E`q\x95\xE1\x92З\xA0\x8A\xF3\x942Ψ\xCA>N�\xFAnf\xE9�\xA3\xEE �\xE3\xB6\xF3���\xE7�Jk�\xA6l\xF7-O�\xF7 \xA8Ûo\x96 �S\xD9pi\xC4\xC4\xF6H�,\xEB\xF3/T\xED\xCCb\xE2\xF7\xE1\x96X\x9Cê©ÉH\xF7m�\xAD\xAF\xB2\x8F×±\x99�\xFD�\xE8*6\xAF\xFA$\x8BG\xDF�eu&\x99�9\xCF]ÄšW\x9BO\xC4\xDD~\xD2\xEF\xC5bU.\xD8�I\xEF\xF7r'\xB1;%y]\x9D|'\xBD\x80\x97ET\\x88w\x85Å„\xA2\xF7\xB20Ek �>eiy\xC6�\xB3\xB7w\x9E\xD7q_�S\x81\xD9\xEB2O!�\xB5\xD1\xE9M\xD5\xD6\xC4]\xD5Å°p\xC9_"\x9B\xB9\xDB\xE4\xE4+\xFA\xF1�t1^q\xFDG\xBA\x95H\xE9r\x93\xD3�κ\xA0
-�̌)\xEB\x9DBb\x9F\xAA\xEE\x8F)\x8B ܅jT\xF5\xF6\xC3$ߛ\�\xA2�\xF7f'ݥz#\xB2㳫\x8Fی\xFC�\xDFM_E�\x8C|\xB8\xE0\xC9N\xE9\xE6aQm\xB8\xE1\xFE!o\x83:\x9AH\xF3\x9E\xF8\xDB\xD0l\xEA\xB8Ho�I\x97!\xED\xDF�\xAA⦈\x83ֻ\xAAZ>)\xE9Ӕe`Am\xD8~$N�o\xE0I\x80:�\xBD|Q9\xE6<\xDAe\xF1\x94 \xEEw�\xB7�\xBAYշ\x8B\x88\xFB\xFCp�\xA1\xDA-\xDE\xF7B\xDFU\xFCq"\x9C~\xDC\xDF \xEE\x93~\xDB\xE9\x81D�Jv�\xC7�H\\xA2�I.j\xCF\xF4\xB2\xE0+ N��E\xC67�҅4єD\xBDC&\xF1V\xF7\xB9\xE1W\xC8f\xA4�\xFDR\xA7L\xE6\xB6�\xC58\xEFS\xDB\xEDm\xB5L]諗{\x95\x8A��\xB4\xEAĦ\xE9\xCD'޸\x85nV\xEF`?$\xB9֒(�/\xD4\xFD�M\x8A\x9C\xE9ͬ\xB5:�1r\xC8њ\xD2�ы�
-˳N\xF22\xD2\xF4\xC4f\xEF\x8A�\x8C�@\x97\x86�Cp8\x8E\xE8�\xC3fL\x93S\x8B�6d\x89\xEAWb\xE3\xBC\xC8�\xFA\xBFc
-\xFAiE\x9E\x8AK\xDDa\xE2�c\xA5KL\x8D~_'\xE7\xA0�\xE8�\x91\xC8\xEEj\xEAr\xF0\xA6v\xF6\xEF�E�%\xA5O]1\xB1j\x80\x88\x84!\xC9�\x8F�\x9Egrz�\xBD-i�$\xB6\xEC\xD8o�\xC4\xF7L\xEA�\xFB\x9Ei^b\x93SÖ“?n*�!7\xE0\xC9�1\xE5\xADg\xFB\x97u\xB2b\x93y\xF5{�\xD5�\?dz\xBEP/\x97\x97\xAB\x99\xAF
-1`&:ox�\x91\x8Fg�\xDF\xDCD\x86\xBC\xA8\xE3\xFD#\xBB\xAE\xA3\x8B?Hotq�y\xF1gM\xF4e\x82�|Ή>\xBF\xEB\xA8#G\xDE$^\xBC\x96d�Y\xFB\xE4\xAD'\x81\xA6\xBE4\xD5�\x8C\xE6;\xA5H\x91�oU\xBF`\x9B\xB8\xBA�6\xA6
-\xE1i\xF6-\xB4\xCDgK\x90\xF5\xA6\xAD\xEA\x89\xEF$V\xA1=\xF0\xB82\xBC\xE8\xA2]\xEC\x9E\xC3YԿ\xA1\xEC\xC7~\xD3¡@ڸ܃�\xE2\xD2sj2\xCD϶$\xB3\xA2\x8DB\xB65�\xE2\xA9&�\x9A\xB7\x97\xBAJ\x8A88I<E\xB1\x9E\xFB�\xE4�#]\x8F\xE6\xB8\xE8\xD7P7�)\x80\xFD�l\xD2r\xA8\xA6\xF0gs[\xD2u\x9C\xBD\xEA\x85n�\xFFG\x80+\x91L\x83 ]럞}g\xD2\xC0d\x8E\xB4"w\xA4�\x9D�\xE4d\x94\x89�\xE9'ѮX�gÕu2zW\xF3j\xC9d'\xC1\\xB28
-\x9B\x82]XE\x9Dh\xE4JL\xE2\x9DK\xE2\\x93��E\xB5T\x9C\xA7�\xF5\xD9ޖZ\x88\xB0\xA8Äk\xB3f9\xCEE_\xA6\x8F\x83g\xB3\x97\x97\x85I\xDCoܪ\x86\x88\xA9\xD5楯I�!/\xB4�\xBDbI�r\xD1�\xFALk\xB7\x9C\x86x�\x9F\^\x85�FO\x88\xB2CY\xAC�f�\xDD枒>�\xB3\x98\xE4\xB4�*{\x8CH\x88��[X\xB1\xA8\xB8f>Ǘ\xC2~@x�Ά\xEBHBR4\xB6R\xF0q\xFA\xD1w\xA3¬ߡk\x93!\xE9�8(\xC0祆xhu\xF5\x99\xF78DuX\xE4'�!i\xCBj7&(ƕ\xD0�b\x8D�\xB2+y\xB0\xAF\xB3\xC1\x92\xA9\xB2|\xC5F\xD37\xF5o\xD0&\xB5\xF2\xF9�\x96QI \x91\xBA_\x8A\xBAX\xA9Y]ܴ\x8C(�H€\xFB\x99\x9E\x95H�
-\xB4:YÜ‘\xEE�[Z\x85#\xA3$
-\xFD\x9E:\xC3DymT�\xB5=y:\xA7\x91�\xA3I\xEF|v\x8FȦ\x8D8\xBAH�\x98\x92�s\x91\xAE\xF7�\xA1,\xE3�MQ\xECB,X\xBA\\x82S)�\xBC\xE4Ű�\xB5X\xF7�\xDF\xFAA\x8D\xD1\xD0M0515�'\xAEg��i\xA8��\xA0\xABڱRI֬\x93\x83\x9DԆ
-\x90\xFA'\xDE�\xF2\x8E�V\xE9H(\xD1a\xBAE\\xE6K\x97�\xF0AzP\xE4cJ�v\xBD\xD1҈|k\xF7�\xF5\xF76]Y\xB5$\xB5ݵ\xD1*�*\x99�ڈ\xA9\xCA"hU\xAC\xF4\x98h\xB9\xE9g\xD0C\x96\xDC�\xAE\xF8\x86\xAFmۥ�\xBE�ɥ\xA2C%\xB39\x88S\xA9/\xE6�t�NNԫƚ�|�\x93lBr׋\x93\xA5\xAF\xF5~/Dy\xD2\xC9^��\x8Fa\x85\x83"ɤj^\xEA\xAAJ%\xE8^\x99\xE8�"a\xBF\x99�k7\xD5\xC3\xF7D\xC2> \xF3\xF2\xB4\xA0
-\x908��\xAB�\x91\x84��\xF5\xC1\xE1�짯6�\xA3Ñ\xD9\xEF\xC3\xD8t \xAB\xFA\xDF\xE7\xF3y\xACE\xF7\x85�3\x96NgY\xFFA\xCCBy\xBF\x872L\xCE~=m<Y2I\x85\xC5˒\xA03\xBF8�\xA6䋾\xBF\xF3\xEC\xF4C۫HìУ\xC40\xA5\xF7kH\x88\xE2�i\xCA6�j\xB3��\x83\x97>\xE0$\xC7
-\xED \xF5:\xECnA\xBDP]?�\xB3\x98\xB1\x93\xCC\xF2\x8D\x8EM\xFD\xD9�1\x95\xFB\xB4\xCFb\xB7?\xE06P\xF7�]\xB21\xA0aC\xFB\x84 \xD6i\xA1p\x98\xFAY\x92騽\xBBz\x8Ct�w\x82~�\xC9!{ �\x85\xDA\x{1E52DB}x#*b�\xB4\x90\xAA\褴E\x87H
-]q/\xD4I\x92\xC4%C\x9BHϼ)\xC0G\xDEWg\xD4\xD0�\xF9d\xE5\xC4!\x88\x81�\xC0+y1\xA0\xC5\xDEsr\xA1OÕ¼�\xDEn\xB3\xDD)\xE4\xA0\xEC>\xFB\xCFg\xBF\xF8æ—¿\xBA\xBB\xDF@>\xFE\xE2\x9B?\xFD\xBF\xFD\xFD\xB7w\xFD\x9D\x8F\xD0N7\xFC��â¤\x89��OÒ¹C f�\xC5~�3y\xFA \x90\x99t\xF9�\x98\xD9/\xBE\xF9\xAE\xFF\x97b\xE9Ü]�\x93~\x9B\x83 at L\xF84�\x80Ƥ\x89�`c\xD6\xC0^\xC01y\xFA \xE8�^x xL>\xCE\xF9�Є\xCFr�\xA4\x89\x9B8�Ô„\xEE� D\xB3&>�\x8A\x86&\xF6�\xA3\xC9\xD3�\xC1\!
xD1\xD0\xC4�\x804\xFB\xB8\xBB )\xFD\xB8\x87\xC1\xA4\xB8\x89\x83\x80R҉\x83\x90i\xD2ľ\xD84y\xFA t\x9A|\x98C\xF0i\xF3w\xD9�>\xDD؄� }\x92\xAFr�\xF8IZ8 \xA7&
-�\x82T\x93�\xF6Ū\xC9\xD3�\xA0\xD5\xF05>�\xAF&_t\xC2�G\xAE\xF9&!9\xB5En\xE6(\xD9\xFEA<\x92\xBB\x8E\xFC\xFF\xB5xzn\xC6\xDB\xD3u~Z1,;/|\xA1}z\xB7\xBC{GH6\xF9\x87\x83\xB0l\xDC\xC4ah6ib�\xCF&\xF2\x83�m\xD2\xC4�\x986L\xDDǣڤ\x85\x83pm\xDC\xC4a\xC86n\xE2 l�\xB7p�\xBAMv\xDAA\xF86\x9C\xF8� \xDC\xE4�?�\xE3f\xBA\xECǣ\xDCL\xA5\xF8x\x9C\x9B]~�\x8Dt\xC3�\xBE\x83u\x938�\xED&\xCB\xE5�\xBC��\xDCG#\xDE\xEC*\xDB�\xF3&\xAF; \xF5\x86I; \xF7&\x9F\xF4 \xE4\x9B,\xAC\x83\xB0o\xB03�@\xBF\x89\xE5x�\xFEM\x9A\xD8���S\xF5 ��7q�
-N\x9A8��'�9� �\xCB��\xB7\xFD��\x8E\x86\x83\xB1~ �N:q�"N\x9A8��'\xB3|�*N\xBE\xF5A\xB88n\xE20d�7q�6\x8E[8��'
-�\x84\x8F\xE3&�C\xC8I��a三\xC3Pr\xF29�\xC2\xC9ɺ:�)'Mì‹•\x93\xBD\xB0'Z�M�\x80\x97\xC3 �@\xCCI��a\xE6\xEC�\xF9x\xD4�N\xB2\x8F\xC6ͽ\xB0\xDB\xFA \xE4�\xD4Ù\xC6\xCE\xC1}z z�\xD7\xC2�\xF89\xF3�}<\x82�M\xE4"1L\xF2\xF7O\x86\xA1\xAB\xD2g'\xFA\xEB\xAA\xDD,\xFF\xD0\xEF\xF8\xAA\xFF\xA07$�\xE2d2\xA9 /\xB2�h�\xB4\xF2\x83\xC0u\xD0��\x80\xD7\xC1\x85r \xC0N\xF4\xE1C vШw at vf�|<ÌŽ\x9B��\xED\xC4\xD0\xDD�j'\xAD\xEC�\xB6\x93\xA7\xF7\x85\xDB\xC9\xD3� \xEE\xE6 \xDC�r'\x8F��\xBA\x83�\xED Ø\x99/��\xBC\xC3�> z\x87�\xF8\xF1\xE0;\x99̃\xE0wX\x9F� \xF0\xC4\xEBs���ι�@x\xE2\xBE:�\x86\xB7\xE5 �\x81\xF1\xE4��\x82\xE3!\xA6q O\x9A8�\x92\x87\xBB\xF4\xE3Ay\x88��\x81y\xF8\x87�\xA0ybs��Γ&�\x81\xE7I���\x{124243} z\xA2\xAC��\xD2C��\xC0\x{124243}\x80zX��@\xF5l\xD9\xED\xC2\xF5 \xFEX\xC0\x9E�\xF0 Èž4q�hOZ8�\xB6g\xB3\xF3\x91\xC0\xBDyc�\xC0{\xF2�\x87\xC0\x{1E4143} |b\xFF��\xE1�+\xFC �\x9F4q \x8COf\xE2 �\xB6\xD3GC\xF9\xE0\x94\xF9h0�\xD6\xDA�p>i\xE2 @\x9F4q \xA4O�8�\xD4gw\xCD\xC7\xC3\xFA0�� \xFBl\xEF\x8E\xC0}�\xE5\xC7\xC3\xFBp\x8B|<\xC0\xCF|*��\xF1\x83g\xE7 \x90�\xBC\xAA�\xC0\xFCd\xA6 \xE7\xD7\xCE\xFE\xE1�\xCF\xFE\xF4?\xFB_\xFFm�\xF67)��\xB1Ì]�\xC5\xE4\xBB7\xAF\xCE\xDE~\xF1\xC3\xD5\xD9
-s\xFC\xFD\xF7\xFE\xD4W\xFD\xBF\xFD\xFF\xFD\xE9\xFF\xE9\xFF\x8B\x9Fu\xB8\xB8\xBF\xBF\xBA{\xF3\xFBw\xF7\xAF\xAF\xDF\\xFD\xCB\xED\xDD\xD7?\xDC]\xFCtu\xB7x\xDE^n,x\xC2_7`\xB4\xFB\xF5\xEBwWg\xBF\xBD\xBD\xFB\xE1\xFB\xDB
-N;\xE5\x90aj;+\xDBG\xFF\xF90\xA6\xBA~<\xB1AYs\xDF�t\xAEI\xEAJT\xFF�\x8Bs\xDF�g\xF2l
-\xA4cfr*\xCB�BF\x88\x98\xD4$�
- V$\xE60,\x899>+B\xC7\xF1:�f\xD1dH\xE8�\xC3(hˑ\xFD\x80�R\xE0�z_\x90\xBCOH�\xE4\xFC\xE1g\xFB\xD9QT\xC8q\xDE\xF9Ii \x91\xCAZD\xEC\x9D�\xA1\xAF\xB0)\x86\xC5˶\x85\xDC\xEA�M\xD4�\xA1h\xC7R\x9E\x92�y\x85\xED\xE8~뚱گ�q\x92\x92pJ\xE0�\xC9��\xECd\xF1H\x9Ds\x843LtI\x90ЉB\xB8�\x92_nB�^"\xF1,.)\xE1Y9JI\xC8`-}R\xC0D\x8E\xEEnpLP\xBB\x82\x93\xE9\xE2�d�ɋ]\xBC>몘\x8D|\xDB\xF2�8B��\xFB\xBD\\xCC$MU\x8CTr\xED\xCAW$\xECY\x98ڮ0\xB6h#\xC8�7\x90g
-\xD6#@��:\x8D\xFC� (+p\x8AU�\xE3�i�@7]s4\x82\x90�OU��A\xA1c�\xAC�\x9B\x93�BWD��X�f&\xE8�\xBA\xD5'\xEB'\xCDne\xF7\x8C�\xAB\xBC\x89��\xC8T="!�'�g\xE7\xC0\xEAR��$\xD0/\xAF\xF3Z\xE4 �a\xB0hr�\xF4�\xB5J��x\xC18\xA8\xC0\xA02\xA7Q\xABB\xA8Ѫ\xF8\xBD\x85wd�\xBA\xAEc[\xBA\x97\xA7-\xCC\xF0#\x8E^\xA9�\xA9\xC6F\xB3�H�\x91X��\xD6*\x86\xC0z\xAB\xA8\xE1U\xBC\xA2*,�\xCB\xE8BF\x94\x9C\xB3\xEF\x963\x88\xD9>kF�F\xB8\xC4\xC6\xEE�zV\x94\x8A\xCA���\xC4]\xC8\xD1\xD0maL\xE0e\xA1P\x90\x9B ��\x9C\xD5M-\x81* g�&�\xCE\xEC at Y>\x896\xD0\xE4eY\xC0\xAE<\\xB6jD\x98T'i\xE2\xD4F\x9E\xB6 at +YL\xE6\xCBk�\xB3�\x91\xC5Mg\x91d�J\x9F\xC4d\xDB�zK\xBE\xA6\xC0\x97\x8Bn!Va\xF5\xF6\xACb\xFD�\xE5\xD3\xF4J\x95~UX\xF8�\xFE\xF1\xFA\xB2*\xA1v\xE9,A\\xFE\x88g[
-�\xB3Z\x84
-\xFD\xAB\xCDP\x88\x8C\xE6e��-\x84�J��O\xE9\xF2\x88xW׀\xE3b͈\xB0[2ig!-ż\x836\x85\xBD)\xB1\xA66\x85\xD9\xD5E�$t\xC2ˣX_\x936:�k4
-V\x8B\x97\xACe\xFBσ\xAD�\xB8�a\xABQ�U\xD8 5U%\xB2X\xC4u\xF8B3�\xA7\xA9\xE8NH\xE2�'H\x99\x81W��\xAE\xA2\xB2\x98L~\xBD\x94�'\x8A�!\xBA\xF4Й��\xD8x\xFB�\xAC\xDC�3�yZ�X�$\xC8rÎ\xFF\xC9\xC9\xF1PE\xB39\xE7\xC0?;\xD4\xF9\xEAiI3\xF5Y-\x9B�7\xD0�y"\xE7\xC7��?Nzlm\xB0�\xBA\xBA\x9Aä–‹HO�\xA7\x83S\xF1$+\x88\xD4E\x89j2>\xB2%�\xF5\xFA\x9D4\xF4/\xA9.\xE4\xFE\xF7*V[Ƴ���\xB6\xA9\x9E�O�|\xA7`�@\xCB\xEF\xA3%"�\xDC}"�D\xA9�d\x92�=\xEC\xBE!X\xC6\xFC~/\x9F]0|\xB0M\xC8\xF7\xED
-0\x83�>(\xF6\x95�\xAC\x83�J/\x94RF\xD4R�o�\xF9{m�\xA79[\xA8\xEB8E �\xFD\xE0\xAD-\xABv�<c\xE4ZC\x94\x86\x84M@`M\x83�H1
-�02\x93ړ4Z\x89\x8F\xB5"ָ4\x90SЌ��\xC1c�\xBC\xD8\xEB�,\x9C
-^�sQ@\x96�L\xBD[-\xA9\xC7.L\xA9X�\xA2�\xB0c6\xAA9\xE8EIbW\xA3\x9E\xB0\x8BqU\xF5�\xA0\x81I�\x8C\xF9Ì \x89�\x94\xAC��?\xEA|\xF5u�\Cp\xF8b\x8A\xF3\xA3\xED\xA9(�O\xA1�\xB1i\xE9&E:\xAA\x9F\xAC]�\x94H\xFC\xBA-0p�q \xA1\xCBA\xBDu\xA1b\xB4\xAE
-Æ‚\xC5
-�'�\x86:9\xD9\xE7(� 5O|\xD3t\x8D%%\xF6T\x8BC\x9Dr�\xE0:\x97\xB0\xBA�:\xD1�IG\x81�\xAF\xE6\xA3\x89\x95mK6nU\xB7\x82"\xF6(\xF2���B߾\x89\xBA\xC2b\x81/\x92X\xE0,,t
-Ϫ;\x87t\xCAV\xD4\xF0\x9D\x9Aj\x97\xD4[�q^C\x8E�\xC0wI\xBDcY\xC2O$T\xE3\xB6�\xD8\xC9;�\xAD�R$\x8ES@�l.\x88\xCFM\xFD;4]}ኅ\xD7\xC0\xC7\xE5ÈŠÌŠ\xA6)\xB3;\x97\xFD1laç ›\xA6\x9FQf\x92r\xA0�ß›\x9F�K5���\xA7\xA2\xE6!+\xC2"\x94<����\xDCR\xEC\xE1\xF0!8\x80\x9BT\xC6�?\xEA9\x98\x9C\x86@\xD9i\x85t at 9\x90M,\xA3\xD2@%a9\xBC\x82\xC4�ǃ\xA8q\xA3D�\xD0^�IKʆv\xA4�\xBDe\x89\xE9�\xB9�E\xC8\xD9�,\x9C\xF3YI\x81��Y&=66}\xB6\xAF!v�L\x82k\x95\x95\xD5�%!�d\xBCÇ’\xEF\xEBP\xAE\xC9D\xF7\xB0\ \x9C\xC3\xC2\xE7�\xBB\xF1\xE4\xE4\xA3\xFC 9
-R\x92{V\xA8\xBF\xFA\x95:A\�٫X݉ C\xE2\xF8\xE8©\xF2GL\xE4\xB1\xD6��\xA6\x8E\x8D\x91\x94\x82\xDD3\x84\x8D\x93`e
-\x88\x914\xF2v�\xBC(\x80\x8A\xB1U\xB8s�\xED\xF9��\x82(\xE8\xE4�\xE1\xE6\xCF�\xAE\xC0�%\xB9�Jv\xA0U\xEE7p\x9E\xD4\xF7\xC8\xFE`\xD1-u�\xD2*P\xC81鶊,\xF6�\x9C\x84\xC6*f"�$5�N\xBBzʈ)O�@\xDDD\xC1� \xCCfP#U\xB2ǦM?�'�e\xA7\x81\xFB\x864�1~9xm\xAC\x8B\xBC\xA7\x83ƴY�'\xA1G_ \x88Q\xC4v\xE5m\xEE t\xBA\x8CI\xAC\xAA|_\xB1�#?\xE7\x84�\xB1\x89�\xDE\xE3\xC5\xF2\xA3\xB8f�\xD0@\x94�\xAF4\xC0׮B\x81"\xB0$\x93��y\xC5\xEAYXy\xA3\xF3r#�n\x82\xB2W�#\xCC\xE7C�3f;\xA3\xB7\xB4b5\xB9\x8E\x84\x95O\xEEDJ\xB0\xF1\d�{]\xAC\xD9'\xE4�N\xB22�G\xE1,\xE7\xA2\xF1>J\xA4\xA2e\xB0A&\xC1³\x98p0\xFC\xEC$ \xD2.\x8C\x92)(B\x97\xE5M\xEA\xF8}\xF1l[\xAC^\xA9ٞ#!ǧE\xA8\xA8\xFC\xE4\xA9 �\xCC\xD4(wq�\xF7\x99\x97xij\x88ڤ( \xA9sFGLe\xD2}\xC0\xEA\x818+\xB2�6,.\xA2\x98\x90\x90\xD5�\xDE�Q\xA7\x80\xFE\xBD\xB2�\x91�T'
-$UY\xE9Y\xE0\xFF�\xC2Ê \x91)v0Ñ�\x8C\xEC(�\xBE\x8Dh\xB6��Þ…N\xC2C\x943\xA4\x86>A\xB1\x9B%\x99���\xD3�\xE5��\x8D�\xFA \xBE�:\xDF\xD8+y\xCE!uF1 \x96\x8Cn�i`)NM\xF0/\x91\xC2\xF6rsD\x81s\x9Ds\x94\xBD\x89)Fk\xA4\x82\xFE:6\xD9\xEA�N�\xC0�\xC7\xEF\xBDCf\x85l\x83\xE4\x97w\x9C\xF1\xE9\xF8\xBEJE�\x9A \xF9O\xC1\xC2�\xA4܈�6�\xAAï¼™�\x96\xDCM\x8A\x91
-\x92\xA3!\xFD\xE7\xFB\x8E5\x8A\x96Õ‰E\xC8\xC0\xA6:\x8Do\xF8\x82\x84\x91� \x8BzMÝYH\xBD��.�W�z\xD9\xC7PB\xE11SC\xD6MY\xC8�ZRn\xAD�I���=�#P�`\xA5\x98=
-袨\x88��A\x80�"\x8CM\xD0\xCDQRY\xD1 at hU\x93\x81�`\xD9u'\x81ɱ\xD5\xC1\xB8\xD4sv�V\xC2GhV\xF34s�1\x80\x9AňŇ\x86\x9CKr-M\x8C\xFB#\xB8\x8E\xA6\xF38U\x9F\xB8\x81P�\x99\xC0α\xA0\xD9J]Øœ\xF8\x9B2\xE2\xC0\xD4 r>-\xEF_(\x8B\x9C\x90�\xA4'\x95��U�\xA1\xAA#TR\x84\xDC�\xBDC���q\xAD�\x86\xEA\x8DPQ�\xAA@\x92[\xA5\x8E\xFD\xE9BU;\xCD�\x83Qw\xA3b\xC7\xC7$\x89q\xD7\xEE�\x80?=[*�$V\xA7\xBA\xA8�h\xC0\x84A\xBC \xB3�\xAAh\xFF»\xCF\xCEB_\xEB\xAEÐP\x80\xA6O�\xBEU\xBA\xDD)\xFBy�T\xFF,\xBC\xD4\xC1�\x9D\xDEų\x9C%]eΕ\xC1\x8E\xB4(/\x89\xACnA\xF3\xCF\xEA\xA5wq!\xDE~\x96\xD1k"\x94X\x83 Ñ€\x82\xF87\x9F\x9D\x85\x8B�\xCCB\xF6\xD8\xC0�\xF7AF\xB6\xE8�\x9Dß©l\xB5J\x99\xA5^\xBBŧ3�\x92\xBE\xF0\xDBB,�j\xFFÞº\xEE\x9A\xDAd�\xFF\xF6Ó²\xD5\xED�\xE8\xE2Øœ\x83\x8D\x99u\x8Cj�_u1�\x81\x8FbY\xF8�"t\xA4\xFE\xB9\xB2.cc���\xC7\xFAXÌž\xC9M\xE1\xBC02eÊ»Y\xB6\xFD�\xE6'\xE7\x99*\xD0K\x96\xA3\xD7a\xC2>��S\x8D\xD8\xD4lí“© ( \xB6\x89\x9Bx\xF5\x9B��\xB0^�\xF3Db\xC3,\x85��\xFF\xA3�\xEBz$.\xDB%\xE4I\xDE\xEE���}\\xEC\xACË�\xE6
-\xE7\xD9W\xEF7\xBF\x95\xB9 L�w�\xDA\xCD\xCFg\xE7\x8C\xC4<7�M�uk\x8B�ċg\x9B\xCF\xEA\xD7z\xADb\xBEd7>"��%\xB82G1\x96Oj��<9\x98�\xB2d\xC5N[\x8C6�\x837\xFBAH\xC8w��\x86I\xD0\xE8\xC8\xE6g\x88f*/�\xD0h2\xA6���\xA0"\x93P�5�\xF2\xB1\xF4ӳ\xCD&\xBCd\xFCm\xF6@\xA3�K\xF7�\xB9뻾�\xAC\xB7�\x99\x9F\xA3Ʉ�M\xEAڇ\x9DՅ\xEC\xF8\x96\xAC\xF5Zv�p at 8.\xBBe\xB1\x81\xD9\xE9B�\xC5֔\xC6}\xF6�\x99xs\xBE&K\x96XL\xCC$\xB1*\xCC�F6�\x98b~\x96\xAEV\x81
-.\xBA�\xE1\xD6\xC6\xD9|V7Ù¦P\x87 !\x860|v\xD8\xEA\xB0�6�fB\xF1;#\xC89\xED\xFC|\xDB\xEFF2\xD1\xF9��\x90�\xE1\7\xBF�\xB9CA<\xBA)�!\xC3s\xE9ÛŽ�M\xAA\xF0ų\xE5\x93�\xA1\xAD\xC5Ξc@\x8B\xF5K�Ö™\xD7Ζ*Ä›#\xDA�b:4\x88\xB4\xB5Y6_\xF6\x80\x90Ë¥\xED6\xC0\xEC7\xDB=X�ç¾²\xF0\xC5\xE6�D\xBB�\x8BzS(\xE9\xED&D�\xB3\xD8z\xBB�\xF2p\xB1ß± U\xBC\xB9\xFCT\xF8\xE3\xB3\xED>,\x9E\x9D\x856\xB7\xB30�\xF6\xFDrkYg\xC1\xEEnvÌ¢v\xB3\x8FÔ„/\xB6z\xAB\x{DFA7}Ul�R\xA5S\xDA>�\xA6l\xB8\xA35!Z]pn.\xDB\xEDgt\xCD[\xE7ã²y\x81\xEA\x93X�\xB3\xB8\xFFa\xE0�5(�b\x8C\xCBV\xE3\\x9Af\xF9,\xD1wX\xAA\xD3,t\x82\xCC]
- ��\xC3\xF6E9E �n\xEE\xC6 Þ\xE5^�s\xE5\x87\xC5\xF5 \xEE"y\xB2\x94V\xB7>\xE2\xFCd\x95\x88\xDB\xE5æº8K(m�g�\xCE&\xF2X\xE3�\xE6#[~N.~\xEE�\xAE
-�֚�h\xC7
-U)ƪW\0�>�[
-\xFF\xC9\xE2:�\x93x\xEA�*`(\xD3>\xEC%.\x81��\xF4^\xE9\x81^\xF4"�,(\xA9�\xA5�!\xDCJ\xC8�mM~\xDFW<;�\x96j\xD1\xE2\xD9Y\xAF]�U�C�\xF0.�\xBFVq\xB7\xA7�\x8B2�\xC2q~\xD6Op\x85\x91Х\xA4O\xB2o�\xED\xCE\xE2\xA2\xE9\xB9�\xC2�t\xBAf\xA1\x9Bk\xDB,&\xCC;0Bm
-\xA7V!\xECS\xE8�\xAD\xA2�\x84\xE3�/\x9B$\x8FcM\xB8ÕƒY\xBC\xE8�^\xB6!ÜŠ\xFC\xC9\xEA\xB0EC'\x80Ous)\xCEh\x9C\x85b�0Í–\xBE\x87v\xB7\x85܃�w\x9E\xC5\xD4\xCC�\xE8\xA6pw\xB0\xF3\xA6\xDD|r�b\xB0�\xC2\xC5`\xE7VY\x9F}Pd \xA5\x85!\x81%t\xBEap\xCD�î9\xCF\xDC\xC1\x84\x9D\x94�\xA3 \xBE\x82\x85\x8B\xC0\xF5�$\x92\xC5\xD0\xFF\xCA\xEC"\x88\xAE\xEB�\xEC" \x97\xA9p\x81\xB1{\x95\xCC9\xA9\xC4WÅ*�\xB3\x8C\xEC�>%7\xBCpĈ!`\xE0DPQÝ™$\xF6L<\xB0\xE1�\xEDg\x9B\xF8w)5\xAB\x81C�1T&nÐ¥T\xFD\x85�\x87\x91\xA8\x9A\xFA�\xB7e샔\xB7�AFl\xF8 9aBD�2\x96� �\xDAR,\x80\xFE\x92\x9F;%t#q\x9E\xD9C\xAA\xE7809.\xE1�\x9Eݵ*\xDC\xF6\xE2F\x84^H�\x9B\x8C>
-\xFE@\x84!Ä´\xF0
-_>\xDB�\xB3\xEBs\xE82�\xA1\x90\xC6ؓ\xDC \xA1;�\xB0\xB5\xF49�z\xB40\xD0sу
-!�b1�\xB4\xAB\xEE\xE5s\xC6�)0y\xE9\x88\xCE\xC0@'\x85\xFA\x8A#:+�\x9E\x89E\xC89,\xEBBV�\xA4�\x85\xAA\xB1Ø¥f\xCCB\x92�\xB1�F\xC0\xBE7�\x88�\xE9Ñ—Iu\xAC\xA0\x97\xC6F�<�`\xE4j�\xBB\xAAfE,\xCC\xCExi×\xFA�\xDFA\xF8\xF8\xFB\x94K~\xDE\xE2\xF3Pb\xA2\xB8B\xC9�^�\xCBE+=ĸXv\xE2\xB8]\x8A[\xB1$F\xF1dn 9\xEC3�\xD1\xC0\xF0Y\xF8\xF9\xE7\x85\xDFwK\x93\xED
-!\xAF\x9AT\x80\xB6O\xD9H�\xE9O \xC0\xF4֜{r\xDE+b{\xC3y\x9F\x91\x92L/\xC8g\x9BQ\x82\xA5\xE7�?\x96=\xF9l[\x8AH\xD1F\xE0@\x8F\x8C
-\x99)�$\xF6-\xE8I\x94�Dū\xD2\xC8�\x80Q�\xE1V\xE4@�\xEC�o���\xA3\xE5 .v\xC4�.\x9Fm\x8B\x8B�\xCB�\xC2E\xE8a)\xF4V�\xF8\xA1g\x9D\xC0\xD7D\x98S^
-\xD1 b"Þ²\xBCiEKHg�\xD0X�\x83$ë¢\xF9YM\x99_\x86T\xBCD\xD0~\xD2 at E\x95\x80\xE5\xF2\xD9Y\xA8\xB4H\xDBB\xBEd�\xE9\xD0\xF8�\x81+I�x\xB9�\x80\x89\x926\xB9�?A\xC8pSH1U\xE7,�R�bG)Ò®\xCC\xF52�\x8B\xC6'\x96F\x96�\x92�)?[�\xB4\x89\x92&\x9C\xA6\x8E\xA7�,Z"\xA6��\x81P|s\xC2y\x92&I \xD4\xD4\xE8\x86\xDCY\xEF\xBDqBI\xFAm"B\xBEI1\xF5\xA1Y\xC0i)\xE6 ȶ� \xC8Ø„\xD5a�"\xE0\x942\xEF{b�H�FF�\xCA@�K\xA1��.\xB7"Vd\xC8hj\xF1�Ý¢\x98\xA2\xA4\x92Ǧ\x91�α͘\x9AE�\x921!n�3R\x90\x97B\x82\xB2X�td�\xB6\xADy�K�êš\xE9.ExJ/7?�\xA9)B\x92\xC2�\xCC�\xF8$\xD20�\x8F/\x9E\xACr\x90_>\xDB\xF8\xE8�o�\xAD\x81YX��gq7M�\xA8\x82\x96\xDEXtD/\xA6\xF9\xAB\xF3\xFA\xA4\xF4�\x82\xED]>\xDB�\xABsg\xB1�J\xB3\x98Ó†\x90�B.u\xE3̉\xC3N\xF7\x8Dm\xE8
-��\x87\x93D{\xB7��\x887\x85N\xD0\xD0�\x87"1=4 �擊\xB22\x84Hiq؎\x85t\xF1\xA2|\xF3F�M,ҥ\xD0�+\xC6f\xB7T\x88�\xF4X\xAC\xDE8\xB7�S\xA0\xB8\xA7m\xE1\xACx\xCDߋӃJ\xDA\xDC5\x94�\xAAt=\x91\xE0\x9C�\x94:\xA4c\xCANX\x8A-x\xBA�*Ċ\x84QS\xBFT\x88�$݀\xC4j�sHV\xA2\xAF\x84^�Ғe\xF8Va\xB0�\xDF\xCEb�\xC2n�\xA3\xA6�,Z]B\xA7c\x91\x9BR\x98\x97�}\x9D\x85t_\xF8\xBA%Ԥ}4 `w�{�D\xF3A�\xB3�\xEB\x85\xD8KH�\xFA\xB3�\xE4،�\xE3IfS\xA3\x94\x8BKm\xC0[\xB48 J\x89\x84\x92�\xCD\xD4[\xD3f\\x9A\x99\x8F�\xD0�Qu�~\x94\xD9~_j\xB0\xB8\xAAK1��\xD9\xE2Y\xF5�ɓ\xA0�\xD3`\xB4E\x9B�\xA2\xCD굢hs\xD3ȴy\xD8H\x987\xFD\x8C\xD2@|\x9E6<\xB5�\xAB\x96l�\xB8\x84\xCF9AE\xA8\xA4H\xC8�\xB8�\xAB��.eECG\xA7\xB8\xFC\x85q�_c��\x99\x96I�\xE5$\x8E\xAA\xB8Rƪ�\xA0�BJ\xE9\xAE\xE0\xA9f(�7\xB0\xF1,\xFB\x8C^\xAAX\xF9\xBB\xE15�\xA1\xD3H`0\x8CO ��\x89?D\xA1kD\xBB\xF3\xB3\xEC_\x92v\xAB\xF2l,\xE2@\x83(\xFAf\xD5�t\xA9��\xFC��\xD7`�\xE8\xC2�\xA7e\xE8N\x84\xFD��\xB1\xCD�'\x8C�f\xB1\xBAw*\x93VM\x9B>�Nu�\xCC\xC1��\xBDـ:b\xC6=XL"\xD1\xEF\xB4\xDD)\xB7(! �w\xBA%\xC4$\xAAp{n-$L\x93�\x93\x84/-\xA6<\xC4'\x9C3\x96� 5s\xFE�\xA1�\x82\xAF;_�C \x9CJ\x99{0\x8B5\xBEEBI\xEB\xDD�b\[\xEB�\x9F\xD1\xFC\x97\x8B\xAF0\x87\xA7H(\xE9(sp\x86�\xCBbn\xB3\xA3\xF4\xA5J5\x89\xCC\\xAA\x8B�2f
-�\xD7KU�\xF9\xBA@�n\x88y\x87n�m//\x85�\xB4Y\xE4\xA0m\xEE\xFB��o'\xC4|�\xA8�
-H\xF2\xF12ͧ\x9F&\x9A\x816\xC7�HȮ\xE4\xCD\xC8\xC0\xF2Y=\xB7^.\x8F(��,ϲ\x8DS�B\xF5գQA\x95Y� '\xAF&\x8B\xCD\xDE\xFA\xE5\xB3\xE6U_�\xB1\xEAU\xC7\xC9;s:\xF2\x89\xBE\xF9\xEC|#\xCCg\xBC^�\xDB7\xCA$܉ˣ\x9F\xB9A\xBC+[\xC2* f\x9BW\x8A𜇼\xD3\xC0\xE2N�b\xA5\xE6K1�B\xD4\xEE4\xE11\x89\xE8�\x9E\x9C\xE4\xDE\xDEn`q[\xE7�9�\xD3\xFA\x8BP\xC9Y\x9B\x9B�P-nkJ\xFD)�\xB0\x9C\x9F\xDD\xD4�\xF0d\x9E\xE3\xF2\x9B\xCA 24gY\x96t\xD0�\x9Fm\x8B\xA3:\xE66\x84\xA62\xCDB�\xAC\xBD\xD8i\xC04\xA9\x95�V\xC0mC \xDC,\x8CJ޼PĒ\J\x97\xAA\x9F!{)
-�\xF8\xF9\xD2,Z\xA8\x8D\xB3\xF5Q �\x90g�S\xED�h\x9E\xE7K\x8D\x9Ex+\x94�|�\xE0�7\x83\x9A\xE3\x9BZ2\x9EuF\xFF\xBA!dt2�\xD8\xD2\xFFÏ·\x8C\x87Ö’\xDB\xEA\x96
-a\xB8�\x9F\x9DьCa�0`S\xCC\xFC\x8F\xDBB\x82C\xC2\xCB0�N\xCE2�5\xB3\xA5\xA5\x86\xD2\xD6l/\xED'\xB3\xFA!\xFCqˆT\xBB\xEC|\xC3\xDE\Xp\x94\x93 �g�6\xE4l\xB0.lH\xB3\xE4a.\x9EoػjXŽ\x86x\xF8\xECl\xDAn�g3\xD8R\x90\x97&\xF3�\x90\xBA�^\xC5\xF2VSei\xB4ۚg26C\xBF\xE2ɸ<\x92m\xDB0\xBF\xF5֓�\xC9N\xD4)�B6a�\xDFrE,\x9C!\xF3\xA82\x9D\xB2f\x95\xE9\x9Ec�L\x94\xB3\8N\x8Ap,n|/ʣ\x8D
-`\x9E\x85ya\xBDl\x88SɻϚ\x9F\xC868\x84\xDB~\xA2\xA1\xA3)Q�dG擷��)q\xAA\xD4mOW\xBF�\xEB\xB6��\xBE6\xECN\x8E\xD3o\xBB\xE0f\xA11\xE4͞6u�bw\xCE�\xE8\x85co��\xBD�\xA1\xDE:`6\xFD\x98C`\xF6�\x88[���\xBE\x87\xD0\xF01\x8A|\x8C7��\xD3W@\xEC\xB3{{\xE0\xF3^4\xA0\x95Ff\x97\xF9\xA5z\xC25\xB9\xFF�\xE2~j\xCBUu۳ߟ\x84;8\xFCK\x8D&�0\xFB\x94\xF6P4� V\xCD� \x9Eަ!�\xBE�.5J\xD1m\xC1t\xB6�\xC0Av= \x95ꚳ\xE0%Q�1\x95K
-\x9F�\x829\xD1Ñš\x95u [\xF2
-]3B�o\xB9\xE9$l
-'�\xE5-թm\xBD̊�,\x85;\xB9��b
-\xF3�\x92c\xE2\xE3e\xA4f�b\xE9\xC4lG\xC1\xE6\xF9ZD\xB66\x84slmn`C�\xDF\xD30Gc78\x87��\xB9�N\xE1\xD3\xCBo[�2\xB3�3\x94�\x90\x8A\xBF�v\xA4\xC2$\xCDo.$*C�\x9A&i0G�b\xA1y
-K\xF1\xF9F\xDCt� Ur\xD0y)#��\xD9\xD4\|l\xF3\xBE9\xDF
-\xFAZ\\x87r\xEA&\xAFRN\x959_K\x94YI\xAA\xC9\xE0\x93F\x88Y\x84\x9A߷\x88\xF6\x94l\x9C8zlH�\xFAU(�[\x8B �Q\xF0In\xD82\x9Am\xC2Ԅ\xB8\xF5\xC5f���[\xFDI\x9F\xE5k\x93\xC51&\xB4;\x87Λrm\xD0�\x9F\x92�\x88\xD1L{V�8\xFFc�q\xDA�"6\xB5!tf�\x90\xEE!\x8C\xE3\x8B0�\xFB\xA4\xD3\xD6\xF1Mj\x8E\xB0+B\x88�8�n\xE3\xFC_<\xABw\x85�\x83\x97L\xB4 �\xB1s\xCE\xD9b\xD0\xEC\xC6
-D\xAAZ�\xD13Ó\x9E\xBF/��
-\xCCw\xE0\x86�w\xE0.~A0�\xFD�\xA1\xD6&�g\xF4\xF3\x99\xCBi�H\x82\xB2&\xFA9\xD8OQBBL\xAE�$\x82�\xA8���\xF3�\xD4\xD1ߨX\xC3\xD1\xCBIQ\x95PBU\xC1\xA6�B\xEBҦ\x98\xF2�uLN\xB3�HW\xE0O\xB8=S\P \xB3\x9A"\xA2]\x93\x86y\x98j\xD9i\xD2�\xB9]\xB6\x84\xAA\xD9H�N=9\x9C=:i5\x91e�P\x8DH\x83\x97T\xE1\x8D�؆\x98\xE9y\xA5�A\xC4l \xF1*�\xBE\xD8\xEAA��\x9C\xF2�\xBDXj\xE0\xCD\xDD�j\x8E#\x86P\xAC�p\xE9\xCC¢
-\xF8F��J�\x96"\xDF�\x88\xF3�jH\xDD�"\x80��\xDF6\xB1�'\xAD�\xCD#\xC8H\xE1\xFD\xFFI{w�K\x92]I\xF4�\xF2�\xB6|\x80:\x88\xA7G\x84\x9C\x83+\x95:��9\x81+u\x8Bw�\xFD\xF7w\x914#\x8D\xBE2\xBB�0Z\x96\x95/\x86\x87\x87?\xE8|�\xA9Gݹ\xA1;\xDD,X\xA9s`5\xD9\xD7k\xD5]\xA4A\xF6\x83�\x9D=�\xD0\xE7&\xCBD\xBDA\xEB�4\xAD\xA6M[\x9E&\xB4\xEE�Fe\xB6�??f8\xA9J3\xD6\xC1�G\xE1t5\xE7LT\xF3 at b3;\xC0~mV?\xF2_\xBDS\x99\xEE\xDC{*#`\xAA\xE8\x85ß“\xA5\xF5\xCEs\xCExz9\xAE\xD5\xD3\xFE|\xDE\xF4\xB6\xDCL\xEDs\x81Ꙥ\xBB\xF2kuv\xDA]:\xD8�\xAE\xAA\x9Db\x8F\x8F\xD5}Um �\xD4#\xC8¾\xA6\xF1+o\xA9Í«m\x9F\xC1�%7�\xE4�\xE0�\x9CyDx\xA2~\xDC�\x99�\xA3Bq\xF3\x8B�\xEC\xF4�\xF9\xA6T5VxMe\xC5#\xCF�\x8E\xDB\xE0���\xF1\xFC\x83\xFA\x9A�\xB0\xDDÇ\xB6ÌŒ\xCF%@H/\x886\xFA\xA1\x9A[�=\xD4'\xCF4\x8C�\x9DY at G\x86\xEFd�\xAE�Þ¹c)\xE8\xD4�3\xE8\xD7Îœ\xBF\xE8\xFE\x99\x8C^f\xA3Y\xC8Û˜\xAC\xEE�\xD9(�\xF2\xFDGر\x9C=\xFA\xA8\xAC\xEC\xE7\x9Ez\x90\xF4F�\xBF \3�Ò¶P T\xE3�\x98=8\xC1�\x95\xAF��N\xB8l\xDAô-\x9D\xE8V\xA6b\xDD\xF4>\xFE\xF91\xC37xe\x9AT�K\xAA\x83�@xT]ʤ�\xBA.pA*�\xCF|\xBC\xC1 \x99\xA8WA�\xF1\xB6W\xE4U\xC6\xC4\xE2\xC4.p�\x80\xDAh\xA6\xDF\xC1\xA5\xE9 �z\xB9Í �\xB8\xC5i\xD6`\xA44y\xC2}N\xED;\x88d\x85"\xCA\xCE\xF6\x9BN�\x83AO}W�Na\xCEF
-�\xBB\xBD\x88_\x91\xB0�d\x9D\xF3x?�CU \x8CX\x9CF$\xCFJ3V1gY\xED3\xF2�\xD44\x84a\x8A\xF3\xF8<IxH{U��E\xD0@�
-X�\x8C!�v\xB8\xA1\x82\xB0\xB2j\x90b\xA4\xF6\xF45\xD8Nzߗ\xC08H\xE2>{\xADYŮ4�\x8Bl\xBCi\xAD*\xE5M�WD\xA7D\x94\xCC�V\xE4\xCB빌\xBD\xA9(�\xDB\xC1\x83\x9F\xD3\xEF�\xF3\xE5�W�^\x8EPw\x8D\xF0\xEF\xE9\xCE\xC486��Y\xD9=\xA0\x957&D\xA2}\xE2\xE7^=\xAB_X\x8E\xE4\xBD@վ_\xED�5E\xCF�LO\xA0\xE8\xA5k\xEE\xDA\xEFʪ%�\xFF߅�\x9B\xC5?\xC8\xC4h s�؈wℱ\xA8\xAA�%\xA8\xED\xEE\xE4KK�uwD\xAC\xD0\xC9=\xAE\xCB\xDF\xEAYi�\x94�\x84\x95>\xBE�DvI=\xE4�\xDD~\xF4\xF91\xC3Y\xC3D\xC1�\xE4\xF5\xCFJ\x83eK\xED\xB7\xC2\xC7+MP\x8F\xD4ņ!\xB2\xECRƈ~1\xE8\xAEB�\x9F\xD4ӌ��5>\xAC�\xCB�\xF5g\xEAr\xE7\xF5V�\xAE\xA2\xBE�\x86\x80=\xAD\x93K\x98W~\xCC"x�}v\xA6\xD1\xDB,\x80c\xBF\x81kN9#NG\xF0i�\xAD�[{Ԥ\x94\x88\xCA\xE7�\x9DoZ �i\xB6j\xCA�5=\xE2\3\xE0ک\xE0\xFD\x94\xB4X\xD1'\xD9S�y\x8C\xCE+\x9D\xC1V\xC8<vx\xB6
-��\xFD\xB4<P@\xC1Y.\xBC�4�L\xEF\xCDJa\x95\xC9b3�\x83\x9B��\xDE\xE6\xE8[+|\x8B\xB0`5\xB4�\xBB�,vi\xA9\xB1Zf\xB4\xD8�=\xB3\xD5QC\xBC\xF2^n�'\x9BA\xF8nZ\xAB\xBC\x869Lcil\xF2J\xEA\xB1o\xB2%�\xB0-�y\xBF�\xDE\xD2\xE8\xB7\xD1\xDDc\\xB7^W\xB6\x83��� ~~�\xBC\xA7�\xCC�\xF7�\xB0\x87\x8E\xA9!\xCD@\x94\x8A)\x83\x97q\xEB8'\xFB\xFC\xC2Ʈ|\xEF\x93 m\x9B\xB4\xBA'I\xF8�R\x80�\x9C\xF7\xB6��\xA6�H�e� \xDF\xE2-�\xED\xC6yw!\xF8?\x83\xEF\x9DIh\x84\xD5�3!\x86\xE6
-\x8E\xB12\xBE�\xF8\xBA\x84n\x93\x80\xB7Gͯ \xB3\xE6$�\x90\x82\xF5�\x9A\x80\xFA\x90i\xDF\xF3\x8Ao\xC1;T �:k ~~\xCCp\xBE\xC2J2k\x95\xBAfx\xB8D\xFA\xEB\xBCm�
-\xCC�,\xACE\xD1�q\xC9`r�\xF8\xE3
-\xCE>\xA8��Ï»\xF5\xF6��p'ÓŽi[\xE9X�\xD6=\xF0\x9D�P\xF9\xC2KcF\xA9U\xE3r\xCEW\xB5\x9DZ�D�\xAEc\xF7\xE0\x9EP\xB0�\xF8�Ð\xAC\x9F� \xAEM1\xBE\xCA�\xF4�X~\x84�\xD3P+\xA0\xEC\xB6\xF5(\x80\xF3+\xB4\xB6\xE5\x9DÈ�\xECH\xF3\xCE\p�P`n\xED�\xF9\xFC\xF4l\xD0/\x96\xAF\xA0\xF3\xA0��e\x82J^\x84N\xE6Ö–�4\xF7\xFB�\xFA\xA7\xE1�\xAD\x87e\xDBER \xA4[\x9CH2�:\x91r�\xB4m�\x8F:��o{m\xB4hA\x97o �\xFA>\xFA\xF4T\xA9\xFC\xB4\xE9Í’vj+� zK\xBE\x84`\xA2�\xD4\xD1�\x90\xBF/\x98\xAA\xAB\x80\xE5x\xB3\xFA\x9CØ’�~\xE1�\xF6\x92\xC4s\xDBwÏ\x80\xAA\xFB68{\xAB\xE0�\xFC#\xFA(\x80\xD4�<,cn[ -\xF8/U\x82\xB9�\xEA.(]D\x95\xB1T;T\xF3\xB3��\xF7["IiC\xB4\xCB\xFF\xF1\xD1t'\xC23H\xC3~�\xFD\xDE\xF2\xF5&75U�\xDD\xDA\xFF��\xB6\x87WPU\xDDT\xF2\xC4 \xE0\xE5<\x9F~\x85hÊ£\xD8\xF0\xAD\xF4Q\xF2\xAE]\xC1\xE8'*)\xF35\xBE>f8\xAF�;\xAF\x8C4mw]\xF9t\xC2\xEC/\xE8\xDAW,fxÇ»\xFA\xFC=v\xD0�\xD1P\xF8Û›DO�\xE9\x9A~4\xE4é\xE8\x97�\xFF\xD1�\x96\x8C�\x90\xFB�\xCA�\x87 \x8B\xEB<a\xD4Þ¢�\xA6�\xE9��\xB2\m\x9D�\xFA\x84\xF5\xDA/\xC1\x9F�\xFDf\x85\xF8\x88�\xE4}W\xAE[\xC85\xA1 DE\x8D\xB2N\xFC�\xB2[\xA0\xC5\xFE\xFCh�\x93\x87�\xF5q\xF0,\xF6W\xD8c%\xF2zO�\x88\x83#��h;\xFB�\xF41\xF8\xC2M\xD4㦺U\xFBJ�\x91\xD9|\xF7g�a\xA6\x8D\xA8\xE0\xFB\xA2\x91
-�wj+\xBE\x92|q�\xF6\xE6�o\xA4_\xB4 �\x96}[\xB2\xD8$,\xBA\xCDԬ\xF0\xB9\x8F\xF7\x9F��>B\x82�p��\xA6\xB9\xC7Mbp\xF07v�|T35k�XЮ H\xB0\x8Cd\x90:\xDB [[\x82b\xECVp�\xA3h-i$\x93!,Ke%'I�\x96\x88\xBB\xA4\x95\xAD`�\x89\xC4*).\x9F�Ys\xFC?\xCB\xC8I C\xA1\x84��\x8B\xE7\xB2M�\xE1�F\xF4j\xC6�Q f��\xBFbnž3\xAAL\xF9\xBB\xE9$\xBC\x91iq)o$L/\xE6|\O\xB3eX \xEAk\xA3\xD8_X\xEB\xF1\xD0�\xF30\x96\x93\x91^N\xB0�\xBCsuJ�\x95\xAC\xA2f�\xBE\xC9�(Qa\xD2�\xA6\xD26,-\xE1I`�P+N,۷\xD8\xCBer\xD6\xC3�Re\xC8f\xF4�X�j\xE7\xE3\x94\xEB`�\xAB\xB5\x96\x9E\xCC6�\xF8\xB6m\xBDBm\x9C�\xA7MV\x9C�e\xE8R\xA9�\xB6�\xAC\xE9\xCBima\xA7\xD2�\xE4\xE9c\xFE\x85\x87q>
-\xCE1H\xFB\x97,\xD0�\xBA;\x8B=\xA8\x8E\xC9 \xE2\xF8R�50\xBAI \x9C\x9B\xAC\xFC\xBE\xFC\x81uTr\xE7\xA6]\xB0\xE0\xF3\xC0\x85\xAAz�\xE7\xE7_\xFDX\xF5\xB2_\xAF\xA9\xF8\xC7\xF4� �\xB8ElW�9\x93 \xB2�`\x99\xE5\xDE\xD3\xFA g\x9D�\xEC \xA7A\xD0\xF3\xBEt\x8B�elf\x85\xC3C0\xDF\xD5�*,\xDF)1e*\x84�C}\xA7\xE0ce\x85h*['�\x91\xBC+`\xA3\xAC\xA5QQ�.�Ô \xC3�\x9Fpʉ�[q\x80Mi\xBE\xAE\xA5\x94\xDB)�0@\xE6>\xC3\\xFA\xEB;\xB5\x9DZw\xC1\x8C\xF2\xF9g\xD0g�o�QU\xA8\xA9\xF8o\x97\x8C_~!\xAATs\xB9y\xE8\xE5I\xDA~�\xD6\xE5 \xE0|yjm\xEB\xEE\xC3H\xA7\xD6\xD2ow_\xBD�zua\xB9\x89fG.�\xC2#Ƀ
-\xCE{R\xDA�t��\x94A̻\xAA�b\xF6 at o>y-\xE5m\x86=@\x98\xA6^r\xB4-c\xA2\x9AT\xB9}i[y�۶n\xF1Q \xF9�H\x9C.�˯\xA0\xF7\xA9\x9AH�\xFE\xDA\xE0\xBCf)\xC8\xF8!�5 \xB7,\xEFz\xCD:3\x82Wn/i\xCDg�\xF2|y+\xE5D\x96(\x82z斮\xF2\xCC\xCB�\xF1;\xF4S\xD0\xE3W\xCA{\xEDR\xA2\xE1\xC9a�\xBF\xF5\xBC\xD7Wx\xB9l\xBE#\xAA\x88\xFD5�\x8DV$o\xBE\xECH0\xBCl\xFFpD~}\xCC\xF0@\xA1\x9A\xBAB\xA9\xB4\x94\xA9\xE6`\xAD\xAB\x99\xB8BKǪ\x8C\x82�\xE1ूSM\x85T\xBE@\x96%�
-I3\xBAEC\x82\x80\xDFo\xF0\xB7"Ò™\x9B
-iK5�\xDDO�!5Z\x95Z\xB7\xA5�;&��b\xB8\xFE\xF31ã\xEA�\xB1c\x95V!Ýš<\xFD��\xC0\xB6\xA5}\x8A\xD4�\x9F\x88\xF2\x9D5U\xF9\x8Eo�\xFE\xFA\xE8\xA3\xD0:V\xA0O\xB0\xFF\xBC\xB5e\xBEGë€�F\x80\xB3�.�\xF4�\x9A\x9A\xE2\xF2u\xA1\x83MW\xEC"(\x90)\x8E\xB6Ôj\xE9P\xB7\xFF\xA7E\x86\xBB�\xD7��*Q\xF8\x9F\xB0^6�\x96I�\xE9c=\xE2B\xAF2y\xBBP0_\xF7\xED\xD2\xF3�\xD6) ��~\xFC�\xB0�s��k$\xB3:YP\x84l\xA4(WZ\xB6\x85\xC2T|�\xC8
-\\x88\��\xCA.g@\xA6k\xECߜ�\x92�\x81s\xC5?\x8B\xD0\xD9HfF&K\xFC�J\xBA\xC6!g[r\xDCdf\x84x\xB5\xCD璪D\xC5G\xB7\xB6\xAEv\xFC�̄\x89R<�H\xFB\xAEdQ\xA8-،\xF019%t\xDC\xCA\xEBFI
- =�\xEA#u^\xD8#\xD6c\xF2 QS\xD1$\xBD:\x8E\xB2l\x8D\xC9\xCB\xD4ΈU��\xB2d\\xC0\x91\xF6\xAB\x91E)\x8FVk\xEB+8H\xA8\xD6,\xA3R�aBB%\xA4]�\xA3\x94�C\x98�j<\xC6Ô¶\xA8\xAD\x8A\x82\xAA\x81\xE9;Õ¬�\xC9%1v\xBBu}�\x99�"\xEE_\xA5\xE2\x92\xEC\x8C3ÊŒ\xA9\xFFX\x93F\x9A\x80�\xF5<n\xF1a�x\xE3C\xCA+(\xEF\x98�q),m\xA3&\xA2&W\x98��uX�F�\xEE(v\xD3\xDB\xDEV\xC1\xF6\x9C\xA4Þ¨\xE98Ѭ)\x9C_AA\x91ʼ�q\xFF�\xECAÛ·x\xB0 +G\xA6 \xA8�\x99\xD6�\xE5"tviKT>\x9E\xE5\xE6d\xD6�8\xF8\xEF\xB7Þ¦\xDC�^\xE1\xDB×\x94 i[\x9F\�\xB1X\xE5\xDAz,V\xB9J\x87�P^A\xC1
-\xF3�\xB9\xF2q\xEC"\xFE\xCC\xF3\xA0\xF8\xE7\x9A m\xEB�\xFB\xFD1\xB7\xCE>\xD4jh\xA0�=\xDF\xCD\xDB\xDD\xE1\xDCi\xEAa\xE9�\xD7G\xA1\xE5\xBB \xB2�\xCA"�\xF0\x88D\xF1\xBB\xB9˕F\xAFBh\xAC�j��\xD1Ͳ6�\xA5\x8F\xB3C\xE5f
-\xA5�P\x9BZy\xBBe\xFB\xD3\xED\xDA
-\xDD�\x93\x9F\xB5\x83ϼ\xD7\xDE\xFFM:Z\xDD\xC2+\xDCi,,\xE3\xA9\xC7M\xB1\xF2\xE1J=\x9F�\xAD-�\xF1 F\xAE\xF0\x9Da�\xD2VA\xDE\xDF-^p\xA3\xEBQ�\xA6p�\x8E
-\xF2\xFAݤ:\xC8\xDEVDz\xED�`\xBD\x97\x9C\xDA\xC5"\xD8z\x80\xF0M\xB1\xB8ԑ\xCB+u\xF4@\xE1$\xCCS0\x95 \xAB\xC0p(H�\xF0\xC1k\xDB\xEAA�\xE1\xD9o\xB9R?\xB5-0�M�t\xAB\xD3\xE7\xC7ܱl\x9By\x9AbA(n\xC4\xCE\xF9w\x85e\xAC\x99\xB8\xA4\xAD(_�6\xC6=�\xE0\x9A\xDE\xEF\xAE\xFA\xA8V\x98T\x8C\xAAk\xBE6\xBA\x9D\x99\xBDY7\xF3..F\xCD�N=Ks\x8B\xB5\xA5\x9B�??\xE6\xB6tՊ\xA6'�R+\xA4\xBAL\xB5�>w�:;X\xBE�Ql\xE1i\xA4\x80\x82\x93�\xAF4\xE3\xCA �\xD5Z=?\xA5\x86_K�qH�r9V+c\x99-)\xA0`\xBA\x99�H#H�ˋ[̇\xDA6\x89�\xC40]\x9C
-\xB3 \[h�\xFF\xA5\xD9\xE0\xE2���&\xF7�P\xACre\x89�\xB2\x84�\xC0\xE4\xBB��\x85\xB2\xEE\x88\xD0r�\xC8\xEF\xE1á €�\xDE\xC6\xE2��\xA9 \xFF\x83\xB6$f(o\x88\xF0í•\xA5\x81\x95�!��È¡\xF8�\xF0\x95\xE9�L\xADh mQ
-,~B\x91��U\x89�\xF2�pIf\xC7H
-Q/!$�\xE5\xDE�\xBE\x88H\xAF\xFA\x9A~\xFFz*\x98j\xA4\xB32=\x8B~@C\xE5\x85\xD4�\x8B\xE9w\xFF\xBC\xA3Jb�Uf\xA5\xF4\xBD_\xA0\xEDJ\xFEK\xAF\x8F7
-M\xFEٗ\xBF\xE5+\xDD+/\x90\xB0\x9C+\xF9\xC9Ac6Y\xFB>! \xAA\xD6O�`\xB3U�\xB9�u\xA6\x95\xDC�\x85\xAA\xA5Μ\xFB\x88�_\xEDx1\xCF\xF4\xB2_\xF3\xF1B\xB8�h \xCE�\x82\xD3 \xD9\xDB�H\xB6\x99�V a��\x84\xDBά�j`\xCE�ί\x8F>\xE0\xC5w##[\x849\xF2��r�$\xFDb1\xEE��\x8D%\xAB%G�\xC9b\x82�\x88��\xD1\xE23l\xA0\xFC��\x8C\xE0W\xDF\xC0\xB4mn**\xB5\xC8�\xADHQm\x80l�h[\xA4?`\x83 \xFC\xC2\xD6c\x9C\xEB0A\xE4\xBA\xF3\xFA\xDF�\xF7D,\xB0Ʀ(, at E\xC7(�\xAA�z-q\xB3~%[]\x83Ǻ\xBF\xB7}@\xF5V\xA0Y \x97瘷\x9Eo\xDB
-\xEBSm=�\xBD�E\xD5"�j\xEFr\x8F\xE8L\xD4\xE2%\x9D�\x92\%U\xCBc\xBA\xD3:\xA6\xB6[\xF1\xE5U\xCBM�\xCA\xE5a[f\xDD6P��\\x83\xD4i\xEE\xC1\xC6Z�\xC2E\xFBl\xB1\xCCz\xCB=\xB2{\xE6�\xEC\xA9
-\x89\x80\x83\xC5\xDDk�I~ɯ���Re\xF6�6"㧷�1z\xBCA\xF2\xF5�\xEEc\x88\x82\xDF\xEDs\x91\xBFl\xFA\x8A/\x98Z\x87\xBC�\xC0\xBF\xDApIy\xF2j\x9B\xAC\x9C�\#%\x91\xE3��K\xF8\x97p\xFB\xFC�\xFA\xAD\x8C\xBD-8\xB9>U\xAA\x80\xD5��?\xA7W �\xE8/!2\x92\xEA.E\xC4:\xB1z*\x9C\xE4td7ʚ-\xE45�\xB21\xA9ES\xACbR\xE1FA\xB0\xE6}}\xCC\xF0\x8Ah�yX�QuO\xEB\xF1t8)\xFA\xEA�\x84\x83\xB4ZJ\xB9&}\x98��*Hg\x88\xF4�Ֆ\xE6W�\xEABһ*\x9F"i\xE4ȼ�?O\xCEW\x96�\xFB%Lz�:\x91\xCA/%\xFDc \xB3�p\x86\x92\xE0\xF0@^z1�\xB2\xB6\xDA/e�$\xB7i�HBD!\xAF<X,9\xA9I)K\xA4\x95\xD2L\xAA\x95\xC3\xE2ףcY\x8BN\xA8>\xB3̡5\�kZ:uA|\xC3j\x8A*7\xBF�\x93\xE7\xB2Q\x9B\xB2mQu6�Qw\xC3\xBE \x90\xB6%@\xA4\xB2\xE5% \x8D\xC2�\x8B\xFE\xFE
-H\x8AY\x94(\xA1\x80\x82\xBFm\x8B\x9A\x82�\xCC*\x9E�^7\xBE�\xD9]��^\xD4* \xA9T\xA3Ú²0\xA6�70k\x98v"\xDA�\x9D\xB1�<u\xBE�ye\xE3�-\xA2ˬۦ\x9C\x94B\xEBY\x8C\x96X\x9D\x9F�3\x9C\xABS\xC1\\x9D*5K\x99)\x9F\xB1l�'\xB8(�\x85g\x91/\xB7íŒ\x90m\x8BÓ¶\xB9G�(\xE5\xB6T "\xCE\xF4\xDD@\xE8>\xAD\xF0\xE4\xBEN\x9Bw\xB5�^\xCFO\xFC>8\xA8
-\xCD@�Ù\xE5\xA4 Od;\xC0\x92<\x92' \xC5V\xDB\xE5\x9CX-Û±X\x8FZ\x84e\xA3x\xF0\x9E\xD7w�y$\x80\x94\xF2\xA50<k\xDF\xD0'\x95'\xE9\xC1�\xC6\xF0K\x99\xF4\xCC\xF1\xBB\xCED\xFD\xAA\xF6\x96j u\xB6c\xC2-\xAE\xE0`�O\xD1�\xC8\xE0\xF9\xBB+Rzu(\xBD�w\x8F\xA6\xC7\xF0\x962\xAB\xF3G�)\xA9\xFB\x84\xD5\xDB|&o%ï•Ÿ\xAF�\xE7\xFD�\xEB\xBF\xFE�\x9C Q\xA3Ⱦqyt_\xF0\xEA\xAE�\x83=z�`��/Eob\xB11\xE3\xE0$�\xBC\xAA\x9B?¯\xA3\xDE�\xA4>�\xCF{oh\x8B\xAAb\xE5c\xE0\x8C\xA4\x93\x83\xB3$\xF9g\xCD8?\x82\x81xc\x91\xA7r��\xE8\xB1Ó´\xC3{\x80\x91O\xFE�V�s�\xFB=N\xCAÊ•q\xBE\xAF\xB44\xE4Ka\xBB\xF2�4\xA9'\xD2"[a\xBBr%\xE4R\x8D\x87=\xE75\xAD\xF5\xB1#[37\x8BO8�\x97\xE5\x82\xEEto+k\xEC\xC4�\xD75�LÞ‘%ܬeÞ¼-\xC1{\x8FÒ\xE6\xB0�{ÝŠif \xEAÍ•\x87\xB6UH48\xF2*\xA5\x8E^�\xA9$5p?\x97r\xDC�~m\xEFÜ‚\xF2\x8A\xEA=\xA0I\xB3@\x90�\xB5\x8Bo�\xCD/1\xFD\xE9.\x9A\xB6\xC3T*���\x8BB\xEA�\xFE�\xEEI\xAF\xDC�\xEC!
ɤ\xCC\xCF(=\xB0�\xAFm\x9Fz\x80\xC9Ñ\x97:g~�)\xB5 \xB0\x94f\xAFXg\x9B\xF3\xB3\xD1Tz\xE6\xC3X\xC8=o\xE9\xBEj\xAFb\xA2�\x9B\xA6/\xC55\xAF\xF9\xB1\x834P[\xD6=D\xBEM]9\xD2\xD4j\xE0k\xF6>\xD3�\xE0�B��\xF3 i��\xE4\xF7\xD6{H\x83\xA5\xB7\xFF \xDE��2\xBB�v\x83\xA5\xB6Æ—\x82\xEAk\xD1�\x97\x83\x97w\xD8\xFD^7\xCC\xF3\xE2nbf\x8Dp}\xDB}\xB4*\xD1\xC0\xACd\xE0"V\x8D�p]\x972�xRQȽ\xABB\x8E;Ο\x93�De?\xE1e\x96S\xA0à˜Sa\xFF\xE8�_XJØ’ÏŸ\xEEóT\x8F"\xE8RQ`b\xB2\xC0\xA8\x80\xBA\xA6\x8F\xA4\x89\x95\xBB\xFF\x90`H\xE9A�\xAE(s\x8F\xE5�.o\xDDz\xA9t\x99IUF\xA4\xE7\x8E#\xA7\xAF;\xEE
-\xFD�p\xA1\x9F{ \xF6\xF1�$\xF9\x9C\x98�\xF0\xA8\xC9�$�\x93\xD7-�b\xE8@\xCB\xECAP)YǶ4"\xAD\xBB\xDB�\x9F\x8A\xAB\xB3G�\x87b':'\xB3#Ep\xD4yo\xEFA\x85��\xC7犩G\x8B �\xC49\xB6\xBDm{�\xB8}\xDA
-\=\xB0W\xC0\xFA\xC6�\xAC-\xFB\xC1ls\xE6>\xB1\xF3\x91\xC1賈\xD9�\xE6s\xA4m\xEB9\xA0\xBFf\xC5\xD7�\x83�\xBB\xE4\xF3\xA0*\xC7�l.a\x93 at I\xBB\xE3A\x90|�*(\xA0\xE0\xBDj2\xFD�\xE8:@\x8E�\xF4 )e\xF3Dè°ƒT\xC9\xE4�\xF4�`\xE3uP��4�+H\xF6\xB4&\xA0\x8EE�[\xBFw\xFA!~s\xF7/K\x87� �T�Ü\xB8\xA1�ǃ\xCA +l�\xB6n\x96\xE8\xC1����\xBE\xA7\xC6:\x98W!k\xBB\xDDl\xFB$K\xF7\x93R\xA9ÚŸ+\xC2\xE9{\x91�[\xCEب\xCDÒ»p\xFB+p}\xD2��ܩу\xFBN�~@T\xC7��\x92\x8Cx\x85\xF4}�\xB1\xADK\xDDF\xFE\xDE\xEDI\xD14\x870b\xC6�C\x9A\Z\xC4\xE3A\x97<\xFF\xDC.\x81y�_\xFB�\xA8/ ��n\x93W�\xA0�\xF9\xEFz\xE3{\xE5&\x85;\x8D\x83O\xDD�\xAAf\x8DW:\xA5\x87\x89\xC6"[\xB7Ɍϳ�7\xEA<\xD8у'�L\xBAf\xF0\xB4qͪ9\xAE\x83p�
-'\xEC\xF5\x87\xEDY\xF9m\xEC�\xCA\xEE\xB0~\x87\xA8& 9\x8D^ӛ\xBD\xA5~\xB7\xE8,\xA0U剥�cPe\x92�\xF0\xBF\xFA\xFC&
-\xFF�\x9AU�\xCB\xCF�\xB1z.\xE0�\xE5Zp�\x96ùy;\x9Dh\xAC\xA3\xB4�s+\x80í€_\xB0:ĤPmk��7\xD2x\xB2\xFC4o\xB8Ƕ\xDFm�\xBE\xB0(\x9D\xEA\xDD_\x93j\x9E\x9F�O\xE2
-\xF7u_?9,�-\xB4붣��*x\xD9]�\xF3\xF5\x89\xBF��\xAD;ع��rC� \xB2�{\x94GaN\xD5Vn\xDA\xCBl�\xA6S \x82\x9C[�\x99��\xAD\xA0-[�-\x918\xD3b?\x97\xD2K\xAFO5P\xA9�\xB5j\xA6/\xB8\x829;�\x86I\xB8nY\xC6G�%%\xB8夒�Ky(\xFE�\xAE\xC7)纇\x976\xA3\xA7\xB6}\xAA\xC6E\xF5\xC0A\x8E!\x87Flc9\xDE*\xE0\xE2\xEA\xEC�
-��\xEB?\x82N�\x9C\x96\x96-^�0\xE6F(\xFE?\x81n\x92\xA0\x80\xD3C \xFDa8\xD7mn\xA0\xBEё.\xBAZ3\xAB\xF9\xACy$\xD9랔{\xC3)m�\x83\xED\xDAh*\x97{�\x983\xEE\xEE5�clϤd=�P\xDB�x/\xB3f\xC1\x92鵘\xFDN\xB5\x8E\x8C<\xB3�Z\xA6\xE7\xF5b%\xB8\xC8�\xF2\x96Z\xC4%\xA8\xD2
-\xBE\xF7;k\xA8\x84�e\xBDJg\xBB\xA0\xCC6�kCiN\xFDg\xB0l\xAC\xF2q\xA5m}\xDA2\x9E\xE7n\xB2\x9A\x95\xF0z\x9B\x86e \xAE\xAF%�\xE6�D�\x93\x89[Û¦\x85\xBA@\xD9\xCD\xEBI(:\xCF�\xE0\xFC\xADZ\xF4
-\xC2�>\x83b\xFD\xFF\xA1-_\xB6I\xAD�\xB8.\x94\xDB\xE1Í’^4Q\xC9h\x8B\x80×i=ny/Zh\xE3F\x92r�\x8C\x9B\xC3�F�Xz�\xF8
-#\xF6\xDA{\x90.\xA4\xC3CX
-;\xA1\x99\xD51\xB3Z�\xE1\xF5\xA6ޮwR3\xD8}"4\x88*\x85\xAE_�`j\xE8qP\x98�\xA4.\xC6AC\xEC�c\x8Aǂ蔬\xAB\xF6շ\xC3m \x9B\xDB��\x8F\xAA\xC0k\x8A\xE8\xCA"n\xBC\x98\xAE�:\x9E\xC0�\xD8\xE8\xB5\xE5\xCCd\x82\xF3\xA7\xB8�M3
-#\xC0f�\x98�5\xA3\x88�\xEC\xA5\xE1\xCE�q\x869\xB6�^\xE8AÍ\xD38\xCB\xC7>E\x8B\xC2\xF6J\xE7\xEA.\xB2h\x9Eu\x83 \xBA\xF0σ\x96�\xFB\xB6w\xC5\xED,Q\x82̾"\xABo\xECt\xDDZ\xD3J\x93\x89\xD8\xC7>��\xAE\x95\xD0 at .PyW]\xCCf$C�\xBA+\xC2�b\xB8\x9E\xD0.
-\W\xDA\xEE.�\xC1�\xF3\x94\xDA%|\x99k�L\xF3�\x9C\xA8xw_=S\x88\xDB�\x9F\xCFS\xF9\xAAR\xD6{\xEA�\xF2V\xCC\xDD\xE9K\xD9\xE0\\xB5L�\xB7\xD1N\xD7ð�\x86\xF2\xF4\xEA|'L\xB41ZpuX,\x90�x\xBC[#�\xA8\xA0\xBA\x9DK\xE5y`\xF1\xE6\x9E$\xE3\xFB��\xCD�Nt�Ne\xE9V3Y�`\xF6w\x98�yOÚ…e3\x91n\xB510\x92\xFB�{\xCCZ\xF5\xC0\xA1\x8B[\xB7\xB8:N\xB3\x81\xD1\xE98\xB6*\xE22r�<\xA8Ub�\xAC(\x8CyG�9@\xAC9\xF5Zf��=\x9228\x98Ça��\xCB35~o\x87\xFD\x8E3\x95\xA3e7F\xF7l��\x82b\x8F\xC4^!\xD37;\xFE>H\x9E\xBD-\xEF�vN�h\x9B\xE3\xCA\xE81�\xAF\xA7\xFA\xBFB\x91\xBCr\xEB\xB5�+\xCF\xC6t]\x85\xF6ß‘[ Þ”��\xBC\xE7W0�cT\xE2\xF2\xDA\xC1�\xB5\x9B�\x9CH�\xB2~e\x9C(晫0d\xC2\xCD`\xF4\xEER\xB7H\xFE\xB8:���7:�\xC0\xF0\xD7�<3�zM�\x8E!5\xAB#H�1�8g\x8C�s \x83�\x81\xAA]\xFC^\xE1�\xE4s\xFF�\xB0\x94\xCB\xCC6SM6S�T;�\x8F�\xA4\xD2�q\xBF\xE9Ò™�a\xE0\xCDÄ�ä©\x8AÓ—�\x94\x9C\xAA\xE2gy \xBBd\xD0�\x93\xB9�\xBD\xBE\xAB9cN�!\xF3�\xE5\xB6\xEA\xD5Y\xFE�\x9E\xBF O\x8C\xC3�\xA5\xEE\xFC}\xA4\x8A8\x86\xBBo�\xF5\xF10\x90\xE9\xB3�\x90\xB0\xFA% �
-\xCDE\xF5\xB0\xC0\xAD�f\xBE\xE0\x8D\xBA�\x97\xB1\xA5\xF1\xD3\xC0\xFDD\xD1Z&/\x94\x8F\xABU�-\x87\x9AD\x914\x90\xFE+mr\\x887\xA9{^\xA6\xD0i\xA9\xD2�\x8A\x80�\xEF\xF5)�\x91\xB23\xB5-P\xA4\xC2{\xD8{\x90\x9E>\xB9\xAA\x96�\xB2\x83��\xB6&\x80I|\xEDa?\x80\xD4v&��S/1�,6\xF9%v\xF6 y\x85\x8F\x82\xC6t\xABF�\x9F���X\xF1E\x99\xD5G\xEC�?_\xD6�&\x80$\xE5\xDE\xD2W\xBCg�Ï»_\xD99\xB5\xC3\xE9,&&D&\xFC\xF9�\x93\xF5\�GGfo \xB8KQ \xF7\xC8\\xF0\x94\xB1Ä\xE9\x82(Oz\x94\x91˲\xA0\x87\xF6\x99�\xA0\xBC\xBB\\x94T\\xE59\xBF\x9AAs�
-\xA0�\xB3\xB8\xB7\x81\xCB�7v\x96\x99\\xD3�\xBE�Q}ZD�\xBA\xAC\xEBYЄ\x8D\xC1�֕\xF7\xE1\xFB|\x8D-��+<\xAB\xBE\xBB\xFF\xF9�\xB3֖\x8DU�\xCB1p\xC6\xDE� r\xF3\xB1\xB6k\x96\xE1^\xD3I�E`��\xF3\xA5\xF4\xE0\xBCjl��\xE3\xBD)\xB8�\xDE\xDF\xE0�\xAF\xC6;EF\x98\xFCI�\xAE\x8B'\xD5I+|\xE9\xA9}\x8Ee\xEDƒ\x8E\x93\xF2\xD1\xFF\xD44X\xF2\xFDIi\x9CG\x89\xA1�\xB91\x9F\xDF\xF7\xEAw~ \xE8\x9Et&\xFF\xF9�\x93\xF2\xD5\xE6�̅'K#\xFB\xE0.\xC4ڇ\x88\xC3\xC1\xE9\x913\x8Fĵ\x82\xF0<<5\xEF�x.\xEE\xF4ǟ+\x95!kz\xA4\xC1w\xC7Gi\x8B`q{�\x99c\xF0\xF4\x9F\xE1\x8C\xCA9�\xD1x\xEA\xD2XӶhd,Y\xB0\x91�\xD73�\xDB9E2(t\x94\xE9\xDF-&��#\xFD�\xBD�\x9Fȡ0_NJ�\xE4a�\xBE\xC1\xD7\xC8�d\xCBP�猚A\xF78e\xD7\xE2\xD6dm\xAF\x9A\xFE;CAXp\xC9\xD6OUX�Wſ/\xC7
-�g~5\x94k_v\xD6P\x92A\x9F\x9E_p\x8Db\xCC\xDC\xE8S::\xA6�\xF8\xCC\xD5C7\xE9��T\=\xC3g\x89\xC1,Dx&%\xAF\x81[\xAD\xA9\x95-_o8\xEA\xA6�\x99Y�?\xB9\xB7\xEE'ۦfY~\xD6'H\xB6f\xB72๷߂\xA0\xC7\xE4\xBB\xF1\xA3\xADQ
-%w\x86\xB8�.\x9B:\xB3X\x97\xDB*\x97\xAF\xADgIJcq�2\x94W\xED%b\xBB�\\xEF\x8D��\xF7\x83\x96n㤀\xE3É°\xA6t+g\x94\x9D�\xCC\xD4\xFDz\xAF\xA0@\xC9 Ɯ͞\xDD\xEA0\xCCi\xEE7{ n[n\xB0\x9C6�\xC4x\x95\xEBoCL\xF7�\x91W\}�@]\xFA\xBD�\xB5�\xE0\xAAG\xA7"\xBB�\x9C\xBF\x92§\xA7��\xF2ijk\xCFÊ®=u�\xE2\xFAa\xBD\xC8\xE3\xFB\x81\x83\xE4\xCAJS�\xA8r\xD3C\xE2!\xCD\xFC=\xCF\xFF+\xFDÐ\xB3\xE4x|�Y)K�\xBF\xA0\xFE\xE7J �\xE0�fM���C\xBDW\xB9h\xF2%\xB9ß "P\x96\xBC�[\xBCÙš\xA7\xDD9p+�\xE5\xDBp�Ã$\xB7\xFE\xFD\xC1\xC3<\xD5�R7\xF6\x96:uyl\xD7CcHH!\xEEm\xD7t\xBC\xD3^\xBAGT\xE5\xB7c\xF0)\x87\xF0\x8E\xFB\xA5�)86�\xB3
-<\xA4g\xC5�\x9F5M\x9707\xC4\xF5\xF0x\xE4�\x85)\xF6\x8C\x88k\xAC\x9F\xF8\xEE뙞\xB5\xB7�p\xE7/C\xE4�-\x8C=C�\x9Eߜss�\xA6\xCBx\xF6\xDC]<\x9F\xD0A\xBFJ՘\x9D\xB8e\xDB}/\x87gAϮ=\xA38h\xF6U\x97\x82\xF6\xB8ߌ
-pY\xF2\x8AfÖ‡\x8D.3Z\xB6FTq\xABP\x81\xFB\x907S\xB5c�\xA71\xA8\xD5ʹ�\xE6\xB5\\xAC\xCF�\xB3\xC4\xCA\xEBw�ë¼¥5\xF6\x8AX\x81\xD4%\x9CyÄ~[~v\xBE\xEF\x95,w\xD23\xB5\xEFÕ_\xE5*_\xA8�\x98y\xF0\xC9Њ�\xEE�\xD3�+�\x81\xB9�#VAt
-׎uTP\xD9< \xEF�\xB3D\xF1\xC2?'\xB8.t
-L\x87d*\xE2\xDD!\xA9\xF0}Q\xB5xI¥X"�6\x8C\xAC�=r\xDC\xC3�\xB0VBkF�\xAC\xAB\xAAG\x91\xB2\xF9\xF6|\xEE5\xAD\xAF8g\xF4\xAD\x964|�̽&\xE1\xA5v;x\xDA
-<F~\xEFȃY\xD7R\x96`S\x90\xDFZ\xBA\xED\x86k牊\xEA\xEFï\xDBL�\xDDO\xC4hԉ>�\x98\x90\xC1��
-D�\x98i\x9CK\xC4�FK\xB9��*\xE5\xC7\xEB\xF7\xD7z\x95\xB6\xDF:\x80\x9EI>�\\xE0��\xC2G\x83\x9F\xE7\xE26q>\x8CbH
-\xB3\x94\x85G\xF2\x86lcDJÕ“\xA6j�m\xA0g\xFE\xAElg�\xA7\xE6 :� \x8A\xE2\xC3\xCE##&.\x86�\x9C\xB0Ò¾\xBF\x81�|\xB0\xB3n/\xFDm\xAD\x83\xEF>\xC3L\xB8U�\xEF�5\x86
-d\x{DFFA}\xBA\xADV\xDDP�'\xEF\x95v#֤\xB4a\x80\xED\xD0R\x83\xF2\xE2�\x8D\xC9\xC1\xBD�\xC0\xC5cF6j�KzB\xB6��\xD9�\xD5\xF4\xE5\xDB\xED\x92�\xCB�\xC1 \xAE\xF3\xF7*\xD5w���\x9C\xFF\xFA\xDF9{"\xA8\xF0\x88y\xCD\xCD�A\xF7V� [\xE6O8V\xA44fd\xE6 3\x89%?\xDE\xF7^\xB9\xC5\xCE\xE1\xE3\xF0y\xA6}:L\xFC\x9E \xB0>$\xAE \xB9\x81\x81Y�\xD7\xEC\xEEO\xA4̎\xAC\xE5mv\xFF(
-m\xE0H\x{1D3FD4}\x83G�97\x97L%)T|0S�\xAE\xB0Ë«F\x99i\xB8\xFDv\x9F9\xB7\xA1\xA2\xB1\xB7\x920\x9B\xD9\xC9\xCC\xC7` �X�$
-V\xC2@\x970\xD1\xF5\xAF\x80�n\x9E%\xB8]\xACQWU\x8Fd�\xAF\xB2:P*\xF2]\xFB�KS[%:\xB5M]\xF6 \xF9\xAEs�*
-Vn7"U[\x9E\x8FD�Un\xECv\xD6F\x84\xB6\x87n\xC4�Ú—\xCFY�\x94p\x95�\x93\x9A``s\x9F\xFA\xAF�\xAD$\xDCz\xCEv\xE6ÒŸ\x96�T\xB0\xCB,�7B�\xCB\xF6d\xE4�\xE1�\x95��+Y�\xBA\xAC�\xAF\x87J~m\xD4=\xECF\x9B&G\x83\x97\xBA\x93\xA3�\xF8�\xA7H\x80,)o�T@~:\xF0\xE7��f/�Mz\xF6\x90\x8D�){\xA2U\xD1\xF5\x9AÈ\xADU+\xBDqa\xA3\x8A\x91U\xDB{\xE0{\xD6 L\xF8G\xF0H�[�\xA00C\xEF\xE5avKE\xFDeV\x88\xEF�TY#\xDE#\xDF\xEF\x83m\xAF\x8D\xD9Vß‚\xEE\xED\xA4 Ô“\x97\x8Cg#Æ\xE2\x8CV\x81�\xF1\xBAUb\x9E\xF1\xD5!@a:�\xAA\xF2\xBC\xE4\_\xD8~\xA6\xA8\xE9*H\xDF�TÛ›�.\xB3\x9A<\xC1\xBF�\x90\xD5\xE4%\x9C\xBCJ\xD73\xDF,�(L-^�4�\xA5$\xBB\x80,�/\x91\xF6Θ\xBA2\xFE�\xE5Q\xAE�\x87\xA0\x9F'\xDCa\xABr'\xD0_ZK\xFE[,�\xF7\xD7ÇŒ^\x98\xB0�r\xE4\x82\xFF?h\x89Z\xA2v�\x81\xEF\xA8\xCA\xCB?eØ®"\xE4L\xB8\xF3\x8EV\xBDn2��\x88\xE2\xE6\xB2�\xB7\x96�^\xF0��(+,;\xB9<\xEC�Ð�
- \g\x89<\xAC\x81|�\xC0\xAF\x8F\xBFi\xFB\xAD\xD4�\xAF\xE4\xCEn�\x8Ec\xCD\xD2\xDAQ ]N3+c\xEE\xD1�\xFD8\xAC\x8A\xE1]@\xF5\x96N\xFB\x92\xCAC\x96=\x80\\xE1\xA5(\xA9�D�r\x82\x9F�3̸\xBD\xAA$m\xECˈخ\xEA\xDAM%\x90\x87I[\xEDm\xF6@�q\xCD $\x99t2�v\x91\\xAE7�eq\xF9i>\xA7\xA9\x8C�\xFF\xFD\xD1\xE7=Z\xFF\x9EZc2\xFDƺE
-\xD9gKϹm~QX\xD0� \x{1EE0C4}\xE9m\xDD�\xA4j\x945Z\xFBa%\xCD\xE4\xE6;\xED�
-_\xC8;j s8�\xC4v\xF6\xF51\xC3L\xEDȣb�\xE3PI\xB0�@m\xA3\xE6�\xD86\xDF�Q\xEE\xDD\xC2\xDB`\x92w50\xCF��\x8Br\xA3\xC1y e\xD1\xE0�.\x99�SY\xC8 k�r�\xFD\xB8\x8C
-pG\xF5�?Za\x94pή�\x870\xEF\xEE/\xDD\xE0\x89X\xAEe\x8D \xD4/�\xA0�k\x8D\xF0\xBE \xD7��}\x81d�\xCFjʙ@\xF7 ��\xFC�\x95W\x97\xB5\x94\x9BΡ\xA0�\x86\xB3\xC6\xC3K\xB2\xE8f\x95\xC3h�mKx�\xA0\x99\x85\x8B\xF7a�\xAB\xE6|*\x989\x9F
-z\xCE\xE7\xD7$\xE0\xCA\xE0\xA0$S\xD58\xF9$S�#\xECÜ–\x9E\xC9\xF1d�Ç·\xA0&V\\xC9i`f`\\xA9\xAE\x85q�\xD6-\xC4�\xBD+\xAD\x9FÎ\xFD\xBC\xBA\xBD��\xF6y[\x8D!c\xC8F}!\xA3\xC8F�h\x8B\xBB\x86se\xBF\xD4\xF7\x9D�\xD9F�\xE6\xDBC\xEAQ�F\xFC\xC4�f\xADwy\xD5%S;\x8Bx\x96\x8B\xE3+ߊn�\xDE0\xAE\x95D\xD0^\xCC�\xAF\xBA!r\xCF@/\xA3Bm\xF6\xBEv\xEC�\xB4\xC4�\xE9Z\x94\xBB5}\x9E3k\xB0t\xB7\xEDp\xA6hA
-'\x81+��\xCAw'itT+\xA0v\xC1\xBE\xAEr\xB4Z1wd\xEEo\xAC\xC1h\xA5\xCE\xCF
-\xD7!:{\xDE�|\x9Ekr
-[|E\xEC\xFF�\xF9sk\x95\xB0/P�\x85ÛŒ�\xBCh\xC2\xDEn�\xC0\xAE\xB1&7\xD7\xFBy?+�V\xDB��\x82�$ 6\xAE�Nz\xD7$9\x84\xA54\xE6Þj\xEB7\xAA\xE8\xA4�G\xE8[\xD3e�\x90@\xFB^�F\xE0\xEB`�\x86\xA5
-�Y.~\xCB�Å‘\xF1\xDCך |\x83�/enbq}M\xABs\xA4\xC1ͦa\x84\xBB\x98\xB7�\x99\xF9��z=\xDD\xE7\x9E\xD3��;\xAF}�Ú \xF5
-m\xB7t$\xBE68\xBAX\xB1\xC1}\xBD\xED\x90r\xE2~.�%�e\x8B=\xD2ὦ\xCD\xE6Bd[\xAC\xCFs᩺!\xB9\xF3�65c�\xCC\xEB�y\xA8.\x84Q\xC44@�\xC7tV\x93 \xD1NU�\xBE\xB0\xAFx@\x9D\xBCvI\xADdh\xAA\x95\xC2;É–\xE1\xA9L\xF9�A.\xB0\xE5nr\x95\x9Fz\xE3u_\xEE\xDFHa\xE4f\xE2\xF7>\x87ip4.Pg\xEAS&���\xF2�\xAA\xA4\xF7i\xE0m�f\xE6\xD5�\xE3\xC6/\xE1\xB1\xF6]�\xF9\x92�*\x83R\xF2~'Ü·\xD4��\xC5x\x9E3\x9F�\xC0�\xF8JË 30F.\xEA\xC3�\x8BdN'�\xCF�b\xCA%\xD9\xFD(\xB6\xA7;2\x9EC&\xCC\xF4\xFD�*\x98J\x8E?Rv\xB7C\xB5\xDE
-\x87\xEA\xE7\xC7�\xFB\xB1\xDA_\xB6\x81\x8C\xD1j\xA4�7\xF2\xD2m1>KXL\xAC\xAAe\xB8Þ„HA\xBAÕˆ'\xAE$�8\xAB\xB7\xE6�Þ]\x9A$\xD8�d\xD6t\x88a\x89`\xE8\xED�=}\x9C\xC9�22\xCA\xEC\x88(\xA3hh;H\x8C\xE1�!\x96>\x86�,\x92F\xAB\x8F\xD4\xCEL×·\xF8\xC3\xC1Ù’\xF7]#\xCE\xC0�*s\xFC\xC8\xE0}KS;\xF8\xF8`\xEA\x8FT\xC75^�\x94{\x85e\xDEX0OĸGK\xB2\xA6=R\xE2\xC3\xC2*\xCF�\xBDK\xBAp\x86$.1\x99�h~\x8A
-R\xCC`\xBC\x93\x83��\x8ABHn\xA2\xBF\x83\x93\xCC�JU"9H,Üd\xE2EL"\xD4a£�h`A\x92\xFE�\x96%\xAF\xEC\xD7�\x82hn�\x84#\xBF@\xAE�\xD3 7>\x9Dl)O|�
-��\x99\xCB�\x91=�j\xC0;s�7\x8E\\xB7-\x8DP".+\xE5Pb3\xE1b
-�$.sh\xE5�\xF9\xC0�\x86\xB9g\xF4\xC1S\x8C5\xBB�\xE0\x9De�*\xCB\xF8a\x9A\x95\xB1Q\x8F
-a\xA0^?3~�\xBA�\xC6`rÚ\x9CFh\xDAÚ´�\xB0BVÝ¿\xC7�@Þ±5\x89l�\xFCk;\xE7\xE1�J\x9A\x83�\xAE·3J\xC90{\xF9ÐŽ\xD75\x83�Z\xC4n9�j)M\xA3w^\xDF�i\x82�\x85\xCB\xDE3\xD9b-\xB2\x9A\xE4\xE61\xFF\xE4\x93�
-�I\xEE;XA\xCB�\xC0f\xF1�I2'AǬ�\x92`� !\xBF{\xD6k\xE2\xE6\xE9 R\x89)\xE0�=
-��\x9Fg\xA9�+a\x98#\xEAF4v\xF9\xCA�Lb�\x93�AG\xEE\x81\xC3f\xA8R%\xC6z\x8BÚ\xDE1z3\x87\xF9\x96w�\xE0\x{17516E}{\xB7>1\x89\xE9j\xDF2èE\xB4_�\x9B\x92\x80\xF8�g\xBEfR\xDB�� �\x97\x88\xDCE\x9C�\xF8vH\xA8\x9Fq.\xE1�R\x98\x91\xFAYk`�\x99\xB1\xA2\xA9\xB0\x9E\xD8\xF0 \x85 \x99 \xAE\xDC�\x8E\xFF&\xBD<\x89
-_;璮\xEF\x8B�\xDE���\xA6\xFC\xD0\xF7^\x94\x84\x92\xD7�0~?H\x8E\xB9�\x8B\xC39�V\xEB \xAB+ \x88\xAF�\x9B9\x8CT\xF8\xEB\xA3\xC3#\xD95�\xEB\x93z\xF8�4V\xFB,�\xBBS\x81B\xD6\xF6\xE4`\x93A\xC0\xBF+�\xAE\xCCbm\xA9�G�3yˀ\x98\xC1̕\xA8\x89\xD1z\xA0m3٢\xDA�yo\xC8��=�Y\xE0\x96\xAD\xC1\xB0\xA6\xBFK\xE1\xC8Y\x980 \x9B\xAD\x8A\xC5u\xA0�\xBC+g�\x8C\x9E\x8C\xFC\x9EF\xD2\xC1ʣ\xB1bM�\x999\xA3\x80\xF7'�p�\x9F\x99�m`\xB0\xDCY63\xF5HMc\xF1K��\xEC\x95\xE8\xFD\xB0\xE8�S�Q�4@\xA6̜b\x88\xB2:�7\xE1sa\xCA�\x93\xB9p4\xF7e\xA4/p\xDEI�yFT]\x80�g\xF7�\xAB\x93yS\x95\xCCu\x91\xA6\xA5\xA1n\xE6\x89\xC9M�ȫ\xC8\xC4O�\xCDZ\x86\x95)n!\xE0 at 5UϾ#3ϑ[\xAC\xAD\x93\xA5�\xDF1\x9B\x8Cn\xEDB\xB3\xF0\xC1\x86ʚޔoU\x81(-\xF4*i\xAF�\xD2� \xA8\xAC�\xACG\xB5\xBD I\xBE\xB8\xC2\x89_<?\xD7\xFC\xA8\xCAhw\x82��\x95e\xC8\xCD�\x8A at le瓱\x9EH7=\x99�\xF0+�y�;qHx\xFC\xB32\x99+)74\xE8\xD0��\x87\x80,
-\xB2\xEFn\xA9T\xEE\xB1\xD5\xFEj1O\xA0K\xE0�0_eψ\xCE-�\xA4�ˬ\xC8�+\xA4RE�\xD6\xCC[Þ’7\xAB\xCE>3\xD8\xE4' Û‚�É–/z1lJJ\xC0-�\xF3\x8BnFL\xEC\xC28QZE\x96\xCFÐœ\xA1\x9F at f\xA1\xAA^\xD3\xE0|\x98\x82�\xB7yd\x98\{\x85CX/D c�[�*lK\xC2\xC1Py)`�~��Ô·VZ\x8D>J\xC2\xC1�\xDA�L9�\x99�\x8B\xCB\xE7jQ3�s at K\xB5u\xA2\xD2�p&7\xC4R!\xB8y\xCD2\x85\xFD\xBA�\x82\xB1Ú®�\x8B,\xC5(\xE9\xE3�\x988\xBD\xF1Nlm\x9F\x8Cë¯ \xB2\xE39**\xAD�\xD0|\xA5�\x88�J^E~I$H\x82\xD3J\xE8mÝš��MVÆ«�"0\xDDp&\x93E(\xEE\x9Am/\xA8\xC4+a�\xD4\xFB\x91
-\xCCM\xBE\xE7\x8C�Ù¹\x92�?�8\x8F\xEB\xA5j!�2 \x99\xF3{\xA0De\xDE,kf;\x92K \xA2�\xB3U\xB2D\xDB
-y\xEC�9"\x9DQ\xE3�z}\xFBHd\xB70\xB8\xF3d\xB1\x9B\xE3$H\x83e�_H\xEE\xEB/�`h\xFA\x9D\xC1
-\xB5Z\x9D\xCC瘒\xC3\xFB\xC8\xE7\xD6 \xBC\xC1\x95]\xAEDM\xC5�و\x9A\xCA\xF2 m\xB7x\xF3f\x93\x92\xCC,\xB5 \x9D;wW\xB3\x99>g\xA6\xDD\xEF��U\xDB�\xA8J\x8BP�D\x83\xE9W\xCB\xC1\xED*�v<\x93\x88\xD1Q{\x9A|\x8FX09w#[\xD9RMj�\xF6\xFC\xC10\xC3\xF6\xE2�d�\xE6\xD2)\xD6\xD5�T\xB0�\xB15\xC8\xE4z\xE71ʕ\xA3쓊Jt\xD9?\x80\xC2\xFD\xF8�S%WNt5ޞ\xFC\x9BJ\xFD\xA8\x84\x90\xB4�K\xFE\xE0\xA2�Q\\xB8�A#\xA3\xB2(\xA9ٷ ?\xF3$\xA0\xE0\x9C\xC0
-\x9E\xEF\xF9? ) \x82eÜ\xB9\xF0�D\x81E3�\xC3�\xE5'\xF3��hy\x91=[\xE2\xC2\xEF\xC9�[\xE5Y��_\xCC \x92lt]\x84�x\xE9�\xC8\xC3}\x8E\xCCjB\xF5�z\x86\xBF\xDA7\xCCÐ \xAC\x9B\xE3�\x8B\xCB}2ÕŽ,\x8B\x8Da\x90L\x93\xEA\x9DN.@\xF7t\xE5�\xF2\xC5\xEAa9Gf\"J\xE1�\x96\xC9\xE5\xA4Q\xCF]\xF1\x95
-\x83\xCA\xE5/p\x85\xD1I\xDEk\xC4e\xF0kz\x81\xD7z_2n\xCEcbݥ\xE6\xDC��2n�\xA5/\xBE>:\xDC�\xF2�\xF8xZ( \xA3�\xB5\xA4\x86\xF5ࢫ\xCC�\xBC&%9��\xB95\xC5V\xEEb\x8F\xE4w�\xB5\x81Y\xBF\xEE\x84�՟T
-\xD2`m�s\xF5\xC1\xD6k\xBB�»\xB6\x8A}.\xFF�\xC2)ك
-\xA8\xCC(\xCB#n\xA9�\xBCH\x92�pY\xF7\xD8Í‚\xD7J\x8AÜ\x99\xAE\xD5R$\xFC�`W\xF4\x9B �\xF1\xB5\x90\xD2,\x83Cp\x9E\xDEk(v\x94\xCA"*\xBE\xACu\xDF\xEA\xB5]\xAC\xB7�#~�XM\xECÓ€\xABsMwL�\xEF�Ö²nuH\xA2@\xA4��m\xC7<
-\x8C�\xEF\xECX\xAF\x8F\xB33DLCx\xCF\xEC\xEC�\x9F.F{c`\x90�褊��2\x8DR\xBD\xD6�Bm\xBC\xEA�ψH�6\xCC�D~��\xF6X\xB4\xF1\xFD\xAC}\xBE\xD8\xEF�R[\xE0\x98\x98Vn�c\xA2\xF5\xF7\xBCX\xD7Ûª.q�܈\xDBp\x9A\xF5d\xD44\x82�w\xCF�|"d\xDB�\x85n\xE32�\xBCU\xE1O\xF2\xB4\xA7\xCF#\xAAN�S;\xCD��\x88R\xB4\xF2TÕ%\xA7;\xC3�"?K�R]��\xC58\xEEs�� Oc�p-�\xB4u\xAAg\xF6v\x8D\xDC{�5\xBD\x81kV\xA9\xB3p\xD7(\xEBJ\xF8W��<|\xD8�\xFF|E_\xB2(�=\xB3�`\xB3\xC6<\xE9 at D\xED&\xB3]\xC1\xA362\xC0\xDDÌ›W9~\x96Ý£\xA8,\xAEl\xA5\xE1(\xD8
-�\xBB\xE0\xD95[Nl\xFC\xF7�9g_0Z\x84?\xC8\xE0\xD7\xFE\xF1`�\x84\xFAs\xDEk\x84QƶŲf \xB9\x9B
-\x8C\xF7R\xA4$'\xD2��LKB\x96
-\xB3\x90\xB2\xFD,uw\x8F�XH�
-�F\xA6��\xF2K\xE5\xA1UQ\xB1ŕ\xFF\xB4zD�7\x8A\xFD\xF6Y38\xC6-\x84=(\xE3fiu|ٰU*\x96%3\x81\xD1\xFC�^>�\x96\xDC\xF5pfG\xF7qu\xA9\x9AjK\xB9\xCE
-\xBD�\xE5+
-\x9B\xB2\x81\xC76x}D7-:\xD5.Q\\xC7\xD7\xE5\x8B\xC0`V�=�Eg\xA1�̳\xCC�\xE8�h\x93\xF9\xFA�;�P�\xEAKx\xB3
-|"
- w\xD2-\x8A�>\x95\xD0\xF1-\x98�\xE0�\xF28"|W>\xC6\xC1|�{\x85ڟ\xC1\xBB|\xDDa\xCA\xE5^�ɼ��k\xDEmX�\xF3NO\x92\x80\x96ں̖\xAFh\x9B�7q\x9A\W8]\xDBnJ\xF03\x8F\xE4�p۹ya\xDA�
-ÝŽ\xE9Æ•o\x906\x8FP\x8B^\xBFO\xF2\xB2<\x91=\x8E\xE8扌�v�\xB8VSç\xF7*
-V\xD7\xD6�T\x95Lͮʀ\xA2\xD8e\xBF\xF3�\xBC>\x93}$\xCBR\xF6 3\x82\x802\xE7\x91�Ì\xB7^\x81�;I�q\xD7b\x97% \xE0\xD7\xC7�g\xC1ͬ\xFC\xAA\xA59\xB3�!\xCBx\xB2�a�1x}R\xB1\xBA17\xF6\xB2\xE0\xD64\xD8\xCA�)\xDF6P\x9C\xD3Q�\xD6~Nn\xC0\xDArP\x9C4?\xA2_p\xED\xF7\xA9\x97\xD5\xD4\xDA"Ó²\x83k|"neA�\xE3\xA5P\xD72\xE0\x86jy\xADuq\xAA��\xF0\xEBc\x86Gm�\xAB\xF3Vy�\xC8\xD9Q\xE3\x8A�p��\xA6\xF5\xF0D\xF0\x8F7%Kv\xED\xA5kx\xD0\xF2\xF7q\xD4[\xBF\x98V_\x9Fk-6��\xBD\xC2,\xCF#�J\xBFD\x8D�$M\xD0\xE2\xBBU\xFE�\xE0\xD7\xC7�'�cÎŒ�KKÛ¢z\xF9ß‚\xEFr�\x8CX\xC1�f\xB7r�X\xAF\x94c�^\xA6V\xC6\xF4\x84�\xD4�\xE4\x9D<s\xCE\xC6�\xD1\xD9\xFC\x8A[l\xE9\xE3
-G[[�\x8CA\x99A��\x95\xF0Ôµ��x=\xBC\xE4*\x97\xD7\xE0\xD5\xCD�U.5�\xA5\xE3\x9B\xC9<\x8A\x90 \xABÄš\x8E\xBA��\x80\xF3Whm�<+ɯ\xC0#Y\xAA\xA5\xE2\xF3\xA8Â…U�\xBA\x81\xAC#\xDD�(\x9C<BUw\xFB�\xD0�p&� l{Ø\x8AZ\xF1i\xF6\xE2\xD1[\xF0\xBD\xDCaF�H�|\xC1\xE7\x93\xFE ��\xBF2(H@\x8B\x96\xCA-Y\xE1,\xD5pS鵶\xE0\xF7\xAD�\xEE�\xF6d\xF1\xAB\x9F\xF4�\xE3\xCD*)\xC1\x8A\x8Boq\x8A/\xF9^\xA62F�X[\x8DO\x96\xB3\xD9\xE0Q\xF2\xFD\xE4J\xE76�\x90-\xD9�-Fa\xCFm\xAE"���QyU\xE1%\x83x\xA0\q\xEF\xF9%\xE1�}K\xB4\xC0&\xB7{\x9A\x80��;��\xEBLZ;\xA3\xA5��k=\xC8z\xE2\xA67{\xB5%ß”\xC9\xFF\x95\xE9\xA6V\xF5\x9AnE\xC6�e)\xECz\x85�m�8\x9FQ&Z�;YزX\xF2\xE7G\x83\xC7S\xAE\xD5�d6\xFE�\x90�\x95q�}O4x\xE3WpZ\x9C\xF8
-'\xF4\xA3\xA5"E��1\xBDŠ�$\xDF\xE9�!o\xEE\xD28\xAD\xC6U\xF6\xB0'7 \xECxt\x8Dr��\xE9�~\x81\xAC\xA9>\x8A-\x94\xC1� \xD27\xEA\xECb^\x94=\xA9Q\xE9pu\xF0�\x9B\xC7`a��\xB7tm\x92ΰU\x85g\x8C�\x9B\xF6\xE7\xA3(|>߃,\xB4i-�\x91\x99\xC1\xD9?\xFD\xFEȘmy\xBE]\xF1\xC7=u`\x8FL\xFF\xCF\xE9� \xF7w\xAD\xB2\xF6YY*\xBBE\xEFv\xB8\xD2\xFD
-�\xE1\xC7\xE4x�\xC1P\xDD\xD3?o\xD8rW\xACU\xA1\xCF\xCAX�\xE4A\xF3c\xFF\x92P\x84\xDC\xCC>\xB1�x\xCCKl;(Fc\xB1B1\x89GY�m�\x86e\xC3\xF6Í›\xF9\xF6#\x8D;�\xD6�\x9B\xEE \xE7\xC9i\xF2\x91\xFC&C�\x90\xF6\x86 \xAA0\xD8M/\xD1Û—N\xF8�\xC8[\x82E\xEA\xC4\xE5\xD1�\xE4]\xDBÂ\xC2\xCAh\xC1�\xD7\xC3�\xBC#0\xD9�\xF8^)5B}N\x9B\xA2\xC9nk?\xEB0\xDE+\xF6-\x9B#[\x95��\xE3\x92M\xB2,'YcKx�\xC9\xDA\xDB\xC0\xE3\xA4w\xDAB\x88bh\xEC�@M\xA1�\xE8\xD3\xC5~1\xCC2\x9C\xFE)\xF3\x93�\xC9\xEAKÞ¦.#�\x8F0\xD4\xF8�0\xEC\xC0\xE6c$9\xBC@\xF7�\xC7�\x9C\xF0\xEB\x9C�_3��ȵ\xB1\xE5:�#:\xE3\xF3ݹsB\xC0�\xA1�1
-\xF1 �DmS\x8B)\x94\x99g\x92\xBB\xEE�,6�.�Uz\xBE\xAC;\xE3I
-\x94\xCCt\xE9\xF5\xE838;\xE1�\xA4\xB9\xA2\x81{\xA6\xC6\xDA?\xE2\x9Ed\xFA\xE5u\xF5\xBC��\x80\xAC\xB3�\x96\x82ja\xDC\xF7>\xBA2k�<njK\x9A\xF0K A
-\x80\xA9X\xDAfn\x92\x9D�G�\xAC`K\xF8&8\x86�\x9FL\xCE\xFAG\xD0\xF3\xCB8��o\xC2m\xBC�+\xBF\xCC�\x8C<=\xA1�\d\xDA\xF3\x93��9\xED
-�\xBE\xE5F\xA4�\xC0\xB4\x91\xBC?\xBDTå¶Q\x9E&_7\xC0\xF5\xDC\xF6\xB71P\x98\xF3\xA8\x819\xB0 �\xE514%%\xAF$\x9Cs\xF6
-î‹·\x99\xEC�\xB1�Ĉ>\xE9Ó \xC1\xAC\x85\xE6\xE0\xB6R\xC0E�\xFB~\x9C2;) ž\xFD\xF2 boO2X\xB1#3\xDD\xC6f\xBA��\xA4\xDE\xCDy\x84\xAF@�=��\xE2\xBAh\x81\xCBW\x86\xEEÃ’0\x8A[J@\xCB8\xE4Y9P\x9B'\x8EŇ\xE4\xA6gT�7lG�G\xE6�\xE4\xF9\xC9\xDF#\xAFÒ¢F�\x81:hQs\x9D�\xBB?
-\xABÅ‘\xB0\xF0�\x97\xF51
-\xDEFfZ��\xFF9#\xBE��\xB8\x9Aת�I\xCAX�=ƚ\x9A$\xF5\xB85c2m\x9F�EТ\xED�\xFEɀk�\x8F\xA4\xC8�\xF0\x8E\xF9\xA6J\xA3d\xC6V\xFBN\xBB,G�\xCF'\x9C\\xDC~q2�\xFE\xA5\x8A\xB3\x9D 8>
-\xBB,F:5Y�\x96v\x8D�\xAD\x8B:\xBF\xAD\x9EW�|-\xF5�\xBF\xA7"K\xF4�\xE6 \x80q]\xB6>Q\x91e\xC0\xBC\xB5Üž\xEA~\xA1~\xA8\xCD`��yσ\xF2s�\xF0$\x99n\x92�\xB7C5?\xA1\xE9cwj193�Ï H%h\xE9\xD84\xF1ÔŒc\xDBߘ\xB2\xB8+\x9A9\x98d\xD5X\x81\xF1\xBAW�è³·W\xF0\x99~A\xC0�\xB7�\xC2x\x89P%\x9D-�\xC5W\x99\xC2r\x9AA\xBE\x82�M\xC1\xF6\xC9\xED\xF1\xB4�OÖˆ\xE5\xF2os!i*\x8Fбą\x88\xDB \x94�\x83ြҳl �\x95\xD5�X\xF9|=��}\x91^ȧ<L\xB0\xD7B�\xE6 \xAB/\xB6\xF4\x85+y\xA9\xFC\xAA\x95�H\xD3*\x99�\xB9\xD1{8�\x84l\x89\xC1\x91&?\xA2�d\xFC\xF8 �T\xDEE\xCEÙž\xA7\xD7D\xA2A\xC3]\xFC�\xF4\xF9�\xFF\xD2D4?cÆ”\x9Df\xB7É¥\xB2Û°m[\x87yx2�:\xAE\xC9;\xFB\x84D\xF2\xCB#�3i�;\x9EѪ\x9C\x99\xE0�u\x95\xA9k\xBF4\xB9\xBC\xBF@\xC1i\xB9\xBC�0\xF1u�\x99\xE1\xE8\xFE'~\x8D\x93\xC4P\xE6\xCC�r\xA1\xE7\xBAL"\x96\xDE\xFD\x83A�\xEE&�\x93\x84}\x92�\xCAzy\x95on�\x95\xF9\x8D;R\xF3|\xA4*#wP\xD1#�\x92\xCD�(\x85\xAB��\xCA9w%G\xA9\xCD�\\xA5\xB7\xF4jd�y3\xFB^�HF\xFB@\xC1\xB9i9\x86\xA41`�e\xFF9s.O\xCFd\xFF\xD7�P\xBD\xB9\x9A\x8C[Ë\xFA\xCE\xE7\xFC \xBA!\x9Ac_rO8\xCA\xE43\xEFɇW��\xF6i\x92\x84[\xA6É¡\x8C=�\xF0�\xB8�\xB2dÚœ8\xE2C�\x9EG\x9A�\xAB\x85\xED\xC1Z\xCA\xF1�vc\xDB\xFCN9\x9D\xE9U%\xE1�1~;x\xDFZK\xAE\xE6\xFA\x9E\xE4%\x9A\xBF\xFC\xE2�0\xC2:5\xA8nm'5\xE9mÏ™G\xD5п(\xB7L\xEC\xB9.��\xEB"\xD6\xF2��Bјոej&\x9E\xBFf4Í…\x88#X\xBC\xDE\xD4{#\xC2]\x9FT\xA4Q;\xF7\xDA4E�\xBCV\xD6�\xB6W\xB9K\xC8\xF0\x8DG\x86E\xA8�j\xA6-<�x\xEDr\x88[\xFE\xC81\xD9\xC9I\xB5\xD0\xCE`-\xC9S\x91gF\x9F\xBB�\xD3\xF6m\xEE\xE6\xE9\x84Ë /\xBC\x87\xBF\xBF\xE1�\xC3$/�:\xB6\xDD#�?\xEC��\xE4&6\xB3\xE10\xB23'Ș\xE9Ü¢�\x8F\xAC\xE4\xEBL\xA6\xDC�|\x8B�\x8EL\xCC>\xAEx\xB8\xBCr\xE3A\xBF\xAAÒ™\xED\xD6^\xD2\xD3\xDD~\xCB5a×”Y\x9EMÝ‹\x8E��g\x9E\xB9i\xB7\x8B�/B�.\x8B"\xA1\xEB\xF5�â‘¥\xF3\xFD\xBA\xC0d\xEE\x8E\xE61\x981�\x9A%z\x8Fc�\xAEt�\xDE\xE9j0\xFF]0\xB3\xB8\xEB5.\xF4\xD6q\xB8\xE9\xE1=\xFE\x82 ��\xAF;I\xBD\xE9\xDDu0)5^\x9Ad�\x90\x98\xE7\xF3\xC8\xC4\xEE\xC1\xE8�\xEB�Ì«�\xE8\x97\xEFt\xD3FK~-\xF5\xDD68\xF9�\x8E\x88�\xBF\xD5\xEFX�(\xCD\xEFh\xFBZ\x84\xD2\xD8,xxzq\xAF+_\xA4\xEC\xB5 \xF9{\x84\xAC\xD8W\xE2\x82=�\xB6\xF3\xEA�\xC!
9C\x93Z\xAC{NÍ·
-Ee\xD4B:\xC1�\xD9Þ Ô‡\xF6�#�\xBB\x91Y2>%O\xCC9F��\x9BB\xF3�\xDBÇp\xAC\xAB\x9CKE\xACe\x9F�\x97Y\xC5Üž��xr+\xA8\x8A\xCC\xC5�$! \xC5=d�]�\xF3l4�q\x9D&\x8C\x87\xAD\xF4(Ó‰T\xC4^}�\xD4\xC3\xEE\xC8d\xFA\xA5\xECGÚƒd\xA4\xB0\x88�Ë\x8A�\xACQ \xDAapj,\x8C\x81\x94ØŒ\xA2YjA$Fa\xB5D\x94\xD5�Þ_\xCE\xE9\x84PC\x8B�A$\xAD\xF0?\xAD\xC1\x81��v\x92�Ù¯\x9E\xD8Ê…�jM\xBB\xBB\x80\xEAj�\xAE\xA8-\xA3(\x8AY\xEBÞ’\xF6\xAFF\xC0D\xBD\xF4\xD5\xFC�x3�\x90\xDFK\xC0\xFA\xDC�?\xFB,\xB0\xBE`�\$\xC33l]\x9F>�\x8Dw+3b/d-�� \xF4P{[\xEE\xD1\xE9�30g\xE1M\xF5\xF0Þ’3ר\xD4\xC2�z[u\xA0P�d�L\xFB�
--\xB8\xCF \xB7Id�jXp\xCA\xDF{�-�B\xAC\xA3\xDB�^\xAF\x9C\x85\xE3f8�j\x98�\xDDÊx\xD2\HÎ…n0r\xD8ljc�\xF6��\xEFzy \xBAxRj��\xED\xC6\xFE\xAC\x93{$�\xB8P\xF2\xE0\xFC�\x90\x96\x97\xD6�\xCCbȵ\xB8n\xB0\x90Ï kp�C�ב\xA4�2\xB5�\xAC\x8F \x90+i\x8B+\xD6}$9\xBA\xEF
-s\xA8\x9F|�\x80\xEC�\xE1�\xE4\xE7\xD8K�FY\xC1\x86\xBE\xE1ܧ8\xBE\xEDp�É\xC4/\xFA\x89y"T2\xF7\xF2\xA4�4n\xD9'\x99Rn\xE4�\xFB\xC3Q.ȾJ\x9C\xF3�k\x89\xC8\xF1:P\xEF\xA1L)\xB56,7\xF0u\x9C\xFD��\xC6�\xC2\xFD�6\x90� \xC0��`@o\xE0A\x83\xE5 �C\x82<\xA5��f\xAF\xFF.]i?3\xD8r\xE6?\xF1\xD0ԧt-\xB8�\xEE\xF2�\xD9�‚{\xF2\x92(3\xC8\xC8ǯ\xB7yu\xE9:\x8E\xBA@�z\xCDԾ\xE7\xE9\xEFk\xB6Yq\xC4y�"\xB6\xB67\xBC\xE3/~X\xC6\xCB�\x85\xC1\xB2\xE6P\x91\xAE\x96�
-|j�$?SQS\xF8ؓ\xD45\xAAEh\xD4z\xDDsZԺݑN\xB9��\xEB�y&\x85\xD3
-QH\xBCi\xEE Û±"eySr\xD6�\xEF>X\xA9\x93\x84(;0�\xBC\x8D\xE1
-I\x90�\xEB\xA9;HC\xFE�)\xA1wRbR\xC0u\xF0m\xCFR\xAC#�8\xE2柲\x82/\xEFc\xB8$]О\xF9�\xA5\x99�S'm��j\xEA\x80ÛŽ\xD6!0z�\xC16\xCF�\xEA@�pF,�\xF5}\xD6t�\xE9\xFE\x92Þžz\x89#I؈;XZ\xC9‹J\xF8\x97\x9B\xEE\x9C\xD0(�\x8FÈ¿s'e\xA2\xB2�&\xABM\xB2a\xD1\xFE�K\xBAP�&\x95\x87r�&�E\xCFWq\xFF\xF3CzZ\x86Y�2\x99[�Í‘q\xC8\xC1�\xE0\x9C\x83I\xFCk0\xA6\x92im\xFC=\xF6B\xC3Nb\xB8\xDA\xF3\xF9\xFC9,\xE6R\xC0Æž�\xA2\xB4\xE2<4S\xEB \xA9\x9B\x834\xCC—\xFDT\xFDZ\xEB@\\xE5\x9EJA\xAC\x82p-\xE7\xC8`�=[b\xE8\xD1\xDBe ë‰\xB8i�\xCE\xEC\xA4\xEEuФ\xA5\xF6\xB0o\xC1�z\xC0\xA4\x8Aq
-\xF3\xD6J\xF3|2\xB7,\xF0�\xD0<�\xCA�\xE3\xD1C) s:,\xCC\xD1J\x82�\xED\x813\xEE\xD1 at _r\x99\xE4%\xF45E\xAF(\x8C8h\xC9�\x80(FRDŽ\xBF\xA6\xD2ъ\x91Ek� M\xCF\xE6w\xE7\xDF at +\xCB�7j\xFB\xFD\xC3jC܎\x85\x9D� \xFD�(�\xE8%\xE5N\x92\x840\x9Dl-?nr\x97\x90�\x8D~s\xD4w^֌^1g\xF7CV\xEB|\xAD$4\xC1k1\xF2 \x9C*˚\x86"kz1\xCD\xEEd\xAAĎc\xDE�0\xAFG�\xEC�\xAA\xA15\xC3\xE1\xAD�\xF8Z[1\x87%S\xCB�\xE6�F�\x90JJ(.\xB6d}Z3\xFA\xC2ZF\xA5�\xF6\x80�\x98(\x89[Q\x80\xBE\xE9\xBBTFH[\x94��\xA6v-ǹ\xE6\xAAً\xEFhe\xF1�\xAF)v1@\x8D%\xDBPӋ= \xBD\x83\x955D\\xE6\xA8ZI{j�#+0�\xA3g\xD1�<Aht+\x8D\x9E�\x9B\xEC,\xFB\x96\xAC\xFDI\x9E\xF2�=\x8B\x8D�PSuA\x9D\xE3x�\xD8,\x94&,\x8B\xA7Z1\xBA\x93i\x85�\xDAcpFҖT\xE1\x90K\xE2\x8C\xCEt\x96\x85\x83\x9C�\xEE\xE2ö\x8BmY'\\xBA\xD5H\xE8�\xA4\x8B��\xDA:\xDEz\x909�I\x92Qu�g\xF8\xB5\x9F\xBD� \x98\xC1M ~B\xC0 ʽ\xCB�8\xD1t\xCF$\xE0<��t\x973߀##\xBC\xA8?\x80�\xEDK*�
-|\xD7p\xADɿ&�\xBC\xE4D\xE9|uk.\\xE1\xD6S0\xE3��\xD4!pΡ�l\xABd�\xB0\xBD\xF7\x88�\xF1=X\xCE\xF5X\xCC
-\xED\xF3c\x86i\xDAqGnl\xC9G\xC6O�\xF7�\xC1\xEE\x89\xCD]BOV)\xF5\xF6N\xCD\xEAEI\xCD��D\xAE�\xA9]\xF9\x87\xB1\xBC�\xB9\xEBb\xCC\xE9\x8BQ\xC1>\xCBj�\xDA\xD9^\x9F\xCDF\xF5��\x93ה\xFE�\xF0�;HxB7{\xAC\xA2\xD1y\x81\x83�[\xAC\x82`@\xB3W\xEA0\xC2��\xBCA�\x82\xCAU\x8F�O
-\xC6b\x82\x9F�0\x9Ec\xFF\x9B\xB6\xB8\xB9\xF5\x96�\xB2�\xAF�e\xBC\xB5e\xB7�7�m \xF0\xF3c\x86\x91}\xF7\x8F\xE0\xF4
-^\xB2\xA1\xBF\xC2kM\xEF\xCB\xFC^
-^\xA4\x8B\xEDo\x86�y�\x97cz\xABSjw\xB9z\xC1\x9F/
-\xCE]\xFA�D \xEE\xFC\xFE�u8}T�\xAFu�\xE8Ύ�pF�\xB8è\xA5\xF5x\x89\xB5\xB1I\xDB��\xE4P\xEF\xB0<\xAC@\xE4\xEB\xF6G\xC9+\x9Cp\x98\xB7\xD7=\x93_J\xA4�\xA8^\x92 {Pm\xBDc|DkV\xEF1n\x89=^bO\xE6\xAC=88�\\x9EA\xAE�3 G\xC76)\xB2\x87ȇgeڴӔ\xC5>b \xD4\xD0�\x9BK�X\x82-ʙN0\xB4K\x9E\xA8\xEBʪj\x8Fs\x83\x9E \x90\xDBhx\x9C\xC3�u\xAF�6\xB0J\xAA7pϲY"\xE0\xC2]\xD3�M"o\xFB\xB1}5I&Q\x85\xF1q�\xCF�L�\xEE�
-�#�\xAE\xDE,Hn 9%~ =�\xEB\xEBc\x86Q\xEB\xADKM\xB0zp\x85\x95,zp\x92o\xD0ι(+\xAC\xA0\xF4\xE0\x8C\xD0\xFC\x92J���)\x9C\xFE\x8F\x91Ԃ\xB1\xB7\x81�x\x80_G\xD4\xC9\xD9)p\xA6?t�\xF6M\x95:\xAA�xo\x8B\xFC\xE6��A�i \x8B\xB5�\xFC\x82 \xD0Y\xF5\xB6�\x8A\xD4�\xA5�{Ĭt��\x9EQ\xA5:@\xD6)C�\xFE��l\xA8Ps\xB2d\xB6\x81Qo#\xDBΠ;�كh\x9BR7K�T\xF0]\xC0\xB7=\xC0\xE5O\xC1\xA8S�\xBF/\xB1��q\x86\x81\xA7\xACa\xBC:�Y�\xB0\xA3'\xC6O\xB1=�\xD3�d\xD5a\x80ᅲ\xB6�\x82\xBB\xAD\x83��-\x8F�m\xBD\xE2޴\xB3`\x80\x82"\x80\xE9\xF0 R@\xB8�Rno\x9B\xEAS�\xFD\xCA\xF0\xF51\xC3n\xD9
-\xF0\xC8Û\x80 #\xC8��\xDE"ѹ� eA\x80dw\xDEJ�}X*\xA1\xE0 #\xF0\xD2\xD9X`e\xB7\xBA�g\xD610c\x86k\x80F\xAE\xFD\xAC`n\x81\xE3_�,,�e\xE0\x82\xC2OH�\xA0\x80;y\xF4II\xD6@&P\x9A\x99%\xB8\xBFÌ„\x91w�3߀\xCDgI\xE6\xCD�\xD2\xD5\xD1\xC0Öƒo\xDB\xF2\xBD\x9A\xD4\xEA\x81ß»(\x80\xCC\xF0OÖ¹\xF2\xAA\xCA�\xECK\xBCJ�-\xCA~n\xD22�\xDCI\xEF\xFF$)\x93\xB4Ej|\xB4\xBC���\xB92v\xC68X"�\x8Fpo\xFB$�\xABQ\xCF'\xFF\xB9\x83�\x80L}\xEC\xBEMmA\xED\xDD[Þ¡<\xB9"\xEFV\xC0eH\xDB?&\xB9W\x90\xB4G[�\x94�\xC1~\xE8\xF7V\)\xE2$\xED��!\xE8 WQ\xC3H*@�\x98 y9h\xAE0\xEB(HfF\x96m6\xEBhDy=\xA6P\xC5�\xED9��d\xE6Û\xC6\xFA\xE7d�\xC9sDr\xC1�\x93\#\xF2\x8B\x8BSkË”S\x91\xBBG$\xD7'\xE4ÒŠ~\xA4\xA3\xFC'p\x8DT J
-�V\xB4\xE6\xA4i�\xE1�\xD2vO×\x80[\xD8\xE8\xF8f�3\xCCR\xA4n�\xFE�\xE0�W\x94�\xEC�&9?\x99�Gx�Ej\x81Òƒ\x82\xF7\xAC\x9D �k`\xBD\xAC\x83\xECA\xD9\xF7\xA5m=L^�q \xF3+�,m)\xB5\x81\x93T
-\x98\x86f�7T�k\xA0WY\x9D_a\x8D`\xF5\xDE-�w\xC6�v�{R�\xAD�7\xD3�|�\xBAԯ\x8F�f\xEE\x95\xF9@"@\xFCY3W\xFC\xD9\xD3I\xB3�\xA7-{PmYZDz\xFB-\xB8D\xAC\xCD\xD7\xC7�_\xE01\x92\x8750\xAA\x84&\xC8��\x8Cԫ'\xF9_\x9E\x85\xE5\x9B
-\xBB��\xF3\x8A\xC7+\xCAx\xDF�H7oq\xC67p˔\xBCg#\xBB\xD2]QJ\xCFFg\xCC}G\xB8Q�p\x87�\x95��bJx�E@\x81\x95\x92g3"\x9C<\xDAvM\xAA\x99�@T\x8C\x81\xC2��\xF3M\xAA\x80Ճ-\xB3
-�\xFCm[y\xAFi�\xBE\xDE�Q\xDA�(R�l=@\xA0\x95\xBEn\xCE�\xFD\xB69\xDF\xF8m\xA7\xA5h%\xCEN\xAEDl<\x82\xD5.\xBDD\x809wtn\xF4KÆ[u\xC0H�\xD0Y\\x87\x87W)Z\xF3\xACÚƒ\xCB\xC1�\xAE"�Ȫ\xFDd\x81�\xC4��\x8B\xDAE"\xAB\xD7%\x99\xAB\xE85B�s\xE2\xFB\xC3\xC2\xD3\xFE�,\x83\xCA"�/�\xFEs\xDB\xCBV�\\x98\xBA\x90d^\xB8\xD6:�9Ƕ\x9Fsw0}\x84�_�0\xF6�5(,�\xBE�\xC3~\xECN\xB8#\xF7\xF3;\x95+T5|i\xB37z`�"\xDFl�\xB7g\x80\xE2l]q�Y\xB3\xB8\xCB��\x82\xA9O#h\xC5j\xB6\x85 Ü•l\xF46�.\xECJ\x80�\xCE�\xB6(\xDEɨ\x99\x8C\xBC\x93�Q\xD1\xD85�\xF8\��&\xFC\xA0\x9FC\xF5�\xBB��_{\xE8+ÛŠ+t\xB0\xC0;X\x97m\xA4T\x98�s\xE6Ï‘�m\x93!<�\xAF\xA5\xC0GY�\xC5\xF0a}-\xFD\xD7d]�\xA4\xE5o3\xEA\xD6m�8 at p3X\xC0C\xB8\xFC\xCD\xCA\xF9R\xF5�\x85\xE0^\xB1O�?\x8F\xFD��\xAA �\xD7\xE5z&P\xA5:[\xD2\xE7G\x87o\xD6\xEA\xFA�,\xA9\xB2\x8E;\x8C5\xDFA\xEC�]j\xEE\xA6\xD6v\xBB\xB6\xA7m\xC7
->\x88\xF05\xECÙ†��\xF3ϵ%F%���@\xAE\xF7/\xFC\xFC�\xFB\xD6V\xFC\xB3m\xB1\xF9ÔŠ�\xF0\xF5\xE7�0�X\xE6\xC1\xA5g\xDC��\x9C�\xAA\x81\xCFr]o�#\x88\x96\x94[0B,��\xE3Di�\xFA(\xD14:�\xB5\xA6\x83P\x80\xF4\xCDDYÒ‡\xA5b\xA5\xDD�\xF8\xD7\xD4Û\xD1_϶\x93\x86\xA2\xB4n\x95\x8A<\x97\xF9ag$V\xF7\xEF\x90\xD7�\xFDb#\x82�>\xA7�)�꣟\xE1\xC3\xFE\xABOz\x8A\x98\xE5Â\xAA�\xAE\xFFf<\x88ί\xB8\xFC\xFC\xD1g"\xD0�{\x9BÛ[&\xB3\xFF\xF5\xA4 \x92\xD4.\xBD\xD6\xE1\xFEÌ“�W4� \xE1o\xDB\xDE\xE1\xB5\xEEs \xE0\xD7\xF4�Z[~W�\x8DNw\xDE�(\x9CW\xCA.�w\xDD\xDE��\xFF\xFAhK\xBCn\xE6\xF5\xB5ĸP�\xAA;\xB6\xB7u�E/\xCFvoc�\x85\xBC\xDA[o\xF7\x87L\xADi�0\xF8\xDA\xCEuz\xD8�\x9E�\xB1y(\xD8zPrW:Jkl\xD5\xEA\xD2\xC0\x9B\xB1\xFD
-o\xC1\xEA\xA4Ki�c\xC0�\xFC|�@�\xD1f4\x9E�@#\x93\x8C\xD6�F\xF6y�ˢ\x95\x9F\xA6\x81%U\xCD\9\xE0i>\x9BA�\xDA�\x84I\xEE\xEBc\x86\xCFe\x9B\x86k'�SM\xAEn\xE9\x93\xE1*K\x9F\x80"@\xC1Ar<�Z\xE9l}Z\x80\xFF\xFE\xBB\xB6\x93\xDCo{\xF0\xF5w\xBD\xE5\xC3�\xC89\xA7\x96\xD1֖\xA6\xD5֖c\xA8�+Ju�6\xE0&\xB20\xBE\xA8؅\xDB'\xB8\xF7m\xFA,e\x94\x96\x9F\xC3|\xFD5u�m\xFF\x98:\x85\xD6L복\xB6\xA4\xC1s\xEF\xA6\xF1&\x82�\xF7&\xA0\x8C\xF3\xAD�#HB\xBA\x80\x9F_c\x9Er\xAD��J�
-l=\xF8\xA6\xAD�dJ\xAD\x95\x80\x96\xFC�q\x8C\xAB3C\x96\xAD\xBCW\x81#\xF8F\xBE>f�\xCC\xFD\xBA���\xDBw\x82\x9Fo�\xE8�J�W\x9D4\xB2\xA7_Q\xF8\xAD+\x93ꓒ\xED\xE8b\x918}\xD4�d1��nHM@�\xD7?Ju-�P^9�ٛ$\x8B\xFAi\xD4Y(\xD3\xE3\x8Eb�}�\xCB\xDB(RQ\x84\xB2\xEBm \xF7n}�\xAEK\xD0\xEFN\xBB\xAFW\xA2[\xEE\xFEŬX��t\xF6\x80\x9Eѩ�\xE20\xFD \xACG�\xBA%T\xC7\xF2a\xF9\xC5~�\xA5�\xF9q\xAC\x8E\xC6؞\xA9�\xE54\xAE\xAF\xC0\x96\xF9
-\xCB �\xF6 \x9F]\xD7
-\xAF\xF3�\x94=>=\xAF\xC1
-ov\xF1\xE4\xCD��:\xAD [\x846\xB9�+[\x94\x8C
-p��\xDC\xDE�\x9FN�\xC7}�F\xF8d\xF4`�\x84߼\xA6'\xC1~3\x99\xDAr`X\xD6WG[\xFD\xEE
-~\xD3�\xD6\xCC\xCD�p\xD2Cz[Θ�t\xA5\xDApM\xCE�\xD9\xCE\xCA\xED_\xFB\xE9J\x93\x89a\xF7\xCDB(#\xAF�\xB9K\xB7\x96آ\xC0\xC8W\xA1h\x869\xA9Hy\x9F\\xADV�\xE7|ߋ \xCF�" ��\xE0״\x84Z[\x82{\xD4\xF9\x98A\x8F\xAF\x98� �\xA3O\xF6\x9D\xCC-�\xF4�\xD1\xE94 ܥV4\x88|�\xBF\xCC\xF3��%s[\x86\xB4ȣ4\xA8G�V1A" AX3XAE\xF2f�\xC1$\x9FQ\xC0#\x8B\xD6i\Ti��C\xB5Y\xC9Ш{#`\xCD\xC2��\xAD\x9C��#9\xAF\x83^@\xEE\xAFi\xD2]e4\xA99#�j`\xAE\xA8\xB94\x9D\x9E\x94\xDBNDv\xAC\x9D\x9E|�m9c\x8D\xFD\xED"\xA5\x8C\xEE.w\xD0P\xF7\xBD\xE5�\xCA\xC3I�XoV\xA1\xD4y\x80\xB63\xB81Ӣ\xC3\xF9\xB0 \xC18?\x9F]ID\xDF\xC7\xEB[\xF0*s\xD4?\xB4Eo\xFB\xAC�8O\xBA\x8B|{\xFD\xDB
-\xC8y\xD0^\xA1æ—¼n\xED|Ò�\xDB *\x9C�^Ó¾\x81\xEC\xC1]Ì•*\xC0\xAC\xB9\xE3\xEDm\x9F:�9
-�g\xFC\xFB\xFC\x98'�(�\xFB\xD48Ê’\xC1Ó¨\xBD
-�Ó”\xAB\xB6"\xB5Z\xFA\x84\xFB|�p\xCCf\x93I*\x97�@�\xBE\ \xD2V\xC1\x94\x9A\xDAi\x9F�
-\x8B \x822�t\xD19\x98\xC7\xFF��\xBF\xB5%ؤ�\xD8zP�\x8E`\xB7\xEC{^\xFB\xE8�^ +\x9C\xA1\xA5�\x90\xB6M\xC0\xBDp\xD9}�\xD6~\xB4�3\xC0\xB5\xF5
-M\xA4�Vy\xD3�`碀\xF5\xC8b\x81lk\xB9\xB6\xFB!��Я��\xFA \xAE7+G\xF5\xB6�f\xB7
-ģ>?\xBA\xDC\xDAR\xFF�\xF4\x8D\xFA\xEBM \xB7\xDF\xF60�='{:A\xDE\xE5\xCE�#\xE04\xB2_\xF7�\xF8\xC5\xDAW(\xB0}\x85g�\xC7\xD4[\x9F\x94\x88ץ\x8Dh\xBD\x82\xB1&@\xF3\xB1Z\xCC\xF6\xFD�\xEB\xBF\xFEׇ/�3��\xCB\xC5q\xF5\xD0\xED\xF5\xB5�OÎ\xFD\xF5\xD7x\xFD1^\xEA\xC1z#v\xDBzt\x911\xD43\x8C<v\xDB\xCE)PH�\xC6\xCCx,\xF1AvW�b6p\xDD�\x90\xCBeM�\x8F\xA6\x8D<JKW\xDA6�\xA2\x822\xDB(9\xEE0\xF4\xACY\xBDG�n'82\xF3��J\xE1\x85\xD4f�\xB8#\xBB\xD5\xE1\x95t\xBA�6�\x8B?M\x92^\xDA<
-\\xC8ʘ\xA4\x88��\xBB\x82<\xDE"\xE5\xE3jǢ\x80A\xA6
-Ó¹\xA9\xFC\xE0\x85\xBC"\xBD,^A\xE1\xED�\xADP\xC0\xD7�\x81�\xA4\x81�\x93�
-\x8E"\x8DB\xE7\xEAq\xBF\xA0\xC1L\x92^�\xA3\x88|\xD0\xC6^\xF9{\xA2\x99\xA5d\x81\xC7N\xAB��q\xE4J\xC3]\xF6\xCA�\x83�\xDB;\xB5�\x99\xEBI\xD6ֈ;&m\xED\xB6\xD1\xE2i\xF7\x81\x9D$\xBD(�\xE5\xB3 teg$\xB2�xF64\xE9x\xA3��R�\x82\x9B\xAC�\xA2\xD7�.=\xB0\xB6z4\xF2�|k\xC2\xF0j0\xF8h\x8B`\xCF⑑\xF18\x96\x8C*o`E\xA0[�\xBE\x9B\xBC\xA9w\x9402�.n\xA7\xAB�DJ\xC65\xFC\xBF\xF1\xF3\x8B\x8CB\x96\x86Ÿ\xC0+\xA9w7\xB2\xB6��\x86�\xCB&a�\xA4\xC7C\x83\xFF1\xEBF\x9B{\xF5�k\xD7B� włwe\x8D\xB0\xC1�\xB0\xF1�\\x99o\xE8\xC1\xBC\xC9
-\x8Drh�"|\xC4^px\xE5\x99/t r\xF5l�yᶦ7\x89sA\xD4\xE3�ޕ�u_\xCD\xF8\\xA7�\x8C<\xB1g\xC9jON\x9E\xE1\xB5 \xBC\xC8\xD8\xDE
-U\x90\x9Do.\xA3`OL\xC0\x95���\x9A
-\xD6\xDF5\x88\xF7\xF9\xF2p\xEF:|38v�\x8E%\xE7�\x86w[\xC1'\xBD?�3�\xE9\xCC�><\x80\x83t\x94 \xD8up\xDF\xF0\xFD\xF6\xB4[-0s8<*�6\xEA
-;!\xE6y\xD2�\xBF\x80\xFB\xF2��\x82�V\xB0\xCB�\xA9ZX\xCA\xDE Q\xE7\xB9`
-.\xB1\xA1t\xF6N\x97�\xE6_˹9(\x80\xF4\xDD�\xF9a<\x88�L\xF4GeY+�\xFC\xD3\xC0V.\xF8\x9C\x96K\xB0\xC7�\x95��\xED�޹ུ
-\xC0���\x88\xED \xB8fK\xEE\xE4�eOA\xCEb�\x9AA\xCA�\xE0A\xF0Z\xEA\xF1�@\xE3�eOQ\xA5\xC9va\x94Ó±\xF0\xD3`\xB1\xE7~\xCD\xF1�ÉѪ\xE3jm\xC9S�\xD0Br\xAE\x88\xE7\xC0\x93,5\x9E\x9B\x98�\x9F\x90�nK
-W\x8BH\xB9\x93jl\xCB0�r/)\xA7\\x87Q\xF1\xB9\x81~\xD2��\xC9)\xB7\x96 2\xE4\xEC\x91\xF4\xC5\xE8\xD1�d[Nz�\xC13,�\xA3\x94p\xD66Bm\x84�μ\xA4��r�\xCC\xF5\x88H\x9B\xD8n\x94\x94\xAEÌ\xE5\xBBX\xE1\xCE@\x94ҶP\xD6H\70\x99B\xCD\xF9�[\xAEQ\x83\x81\xD8\xCCF�
-\xC5��'3(\xAFp3z\xE4:\x92\xEB\xD4J�\x82^\xFF[�\xACP\xF3W\xA8z:�6�Ճ\xAAfc\x91E1?\x8D\xF5\xE9�\xC6
-s
-GT\x8C\xF1C\x81\xD9O\xBEˆ\xFF\x8E\x89t\x92\xC8\xC1h/\x9F\x8C\x96Ů\xEDD#K�z�\x99\x8CQs-\xAB�\xBB\xC6vhU\x91\xB6\x8B\xF1\x8Cw\xF2/\x91\x83\xD6\xC0\xE2\x8F\xCAT˩m
-`=�\xF3p#F\xF1H"\xBB;\xAA\x9BQ\xC0@\x91\x98;I\x92\xADF$\x98\xB1,;q s�a`\x8F\xBC�\xF8M\xAE\xAA\x84\xFB\xECÉ¥vgQ��Y��s\x82!`�*4\xB2\x93y\x9C\xD5�Z\xA9c\xC1jN2��\x93\xF3\xD7\xE0�\xF0²\xDD"p\xA7�\xA8��\x89bQ\xCAJ\xE5\xA1 \xBEêªØ³"\xED\xCB0\xF0\x95Y\xCC\xC9s\xA1
-\x99\x9F6\xF1\xF3\x85\xFA\xFA\xBDF\xF4Y\xB4=P\x88\xACh\x96D\xA8R:\xC9\xF3\xC1u7�\xF8Vj\xD1Z=\xAC\x85\xEB0\xAA\x8D<\xCC\xDA\xF6Rr\xE3`�N0\xF2\xA0\xBE��\xB0cU\x8B\xCEBa"\xC8A_\xA1@\xA5\xB5\xB2�\xBAP^\x8C+jGt\xF6Nb[�A\x9Em!\xDD^:\xDDAj��\xB8�:Õ\xCC)61\xA3(\x93�]\xB9\xB6\xC0�Lb\xAEO\xACøR:�\xDF\xF6\x88�\xE1\xE0@\xFDÇš\x84d\x95\x8A\x85\x8C�\xEC\x821\xB5\xA3D\x8F\x91:\xDD\xFB\xF1�z \xBF/\xBE\x81\xDBU�\x9E�\xE6\xDCH\x98\xDAQ\xCA\xC6\xEA�\xAE\xAC�[KF��,F\xD0A\xF6\xE0\xF5\xDF\xCB#�1ay]v\xAB\xAA'J\xB7\x8C\xFAb\xBF\xDEz \xF8G�\xC6��\xA4kZ\xEB\xB1\xC1dtm��DD&\xC1Ï\xBFi\xFB
-\xF8\xF6\xA8\xB9��\)�\x94\xBA\xEC�\xB1\xE3\x99@\xFC\x9E\xD3 \xF5\xE8\x84�\xCB\xE2 \xA3\x9E\xDCK\xC0s\xAD\xD3a\xDF;0\x92\xC1id\xE5[�\xB3ÚŸ{z\x83\x9A\xC9hə̶\xE0\xBCj\xA7�\xAB{\xE2\xB0_)\xA08\xA4\xEA\��*i\x9B\xCCL\xD2\xD5˯\x9D\x9F\xD3�\\xB8\x8Cvl\xCBQ-l\xDDj�\x80\xA9�(�\xEFet\x89\xF5\xF2\x81}\xF1\xD7Y�\xF5^\xC6\xC8/}\x83 at j\xB9vn#\xE0\xBA70�j\x9E,\xEEc\x8F\xBFw.\x81\xB1\x9Dx\xD6>2\xE2\x9F�P_\xBEP\xF0R\xF55x\x87�\xB3\xBF\x80�\xB1\xE6ap\xB2h\xEF]Õ L�\xC0V\el-\xA5&*\x98Y\xFC\xF5uWZ\xD0�\xB6�� \xC6�\xFBR\xC1\xEDj�^\xCB2rX]'j5sk\xB2Zy]\xF0\x81\xD7ç·ˆN\x94C\xB6\x98\xB8\x8C\xCAv6SΟJ\xBB`\xB1MS\x94\xA2�Y�QV\xCC�\x90\x91�\xC1�\x84m\x9D6\xCF\xC0'\xDCx\x88\xD1\xDC2\x91,\xC8\xEEY:9^\xE1aY1\xC2�\xE2*`g�
-\xFF���\x82\xD071\xC7\xD6\xF5\xA4\x8A7\xCBe\xCEB\xB0\xB7\x83 \x85(y@�,\xDE1q�\xB4 \xEC�W\xC4=y\xB4N�_4���\xE9\xAAB\xC0\xC1\xCFhє\xB0�Ydul�\xA6Q_a\xFCY\x92\x83\xD4v\x94e\xDB+^:j\xB3\xD9gB�֒\xA5\xE8LGeV\xE6 \x9FN\xD2U\xD1H \xCB��\x84\xCA΂\xE5�b\xD1xL\xFDV\xA9\xDC% t6\xFA\xB0�b\x81�\xE4�\xA0F\xAF\xDDU\x82\xB1=\xEE\xE4\xF1\xB03\xEE�\xB8\xFB!8�\x9F\x86\xB7\
-(\xEE6\x8B\xBA\xDFYE\@\xCE�\x90\xB4q&r\x82�{\x8F\xCCo\x99]\xB5@\xB4�\xB6,&\x99\xF6#‹\xAA-\xD6m\x98E,�h\xBF\xCFZ\xCE\xE3>\xDF\xDAb7\x97*\xE0�j�q\xBF\xE6=HAB\xD1\xD3\xE7\xCA\\x80-\x82$ f�s\xA7M\xC8\xD3 \xCA�Z�\xF3\x8D\xBB\xC8%\xF9�Ǟ\xB7Wn� )\xA0\xE0�\xC3;˫W�N�\xD8\xE9#\xB0m�\xE8ɗ\x91\xAFx\x83\xA9\xA8\xB3\xE2\xB5/NZ>\xD9�\xCC\xF0\x95Ǝ\x95<u\xCFZ\xF6\xA2J\`l\xB6Y\xDB at ev�)\xC2�Vi�~\xDD%s\xC1ן\xA3\xA8f�\xEB\x80Tl\xB2\xBA\xB8b\x84\xF7\xAD`�\x9F=#�#W\xA2g\xE6�\xB0!]\xB0\xD6$\x93��D\x9A\xC4$\x80i�I\xDC\xD6{\xE0�o\xF3R~\xD2D\xDE\xD6\xF7Y\xEFU{\x81,\xE5+\xC8 ]
-�\x95yVH˜\xAEbY\xC09\xC6r\x9Df\xB8/ڛ��\xD7\xCB�\xC1\xFA3HR�\x80\x9F0�\x93#gc"\xB3\xF5
-\xA5\xB6\x9E\x8A\xF4J0\xE9ž`4\x8E\x9C\xE5\x84i\x8Af\xF8\xAFWRP\xB3u#8\xEB\xBD�\x9D\x8F\x81�wP\xBC\xACW�\xF2\xD0Õ´\xB7\xE8\xC8\xECTCT\x80U�8\xF6i`@\xCEE\xBB7I\xE2v2~�X,C9\x88�*Bz\xB84\xBD\x9C/t�\x83\xC3\xC6{\xB6�\xC9�yß’�\xC1\x8CS$-\xF3h\x91\xAF\x8F�>�,\x9A�\xA5.\x85\xA2Mg,Zr�\xC6\xECj3f$�\�\xE2Õ©\x98\x9CH�P\xCB\xEE\xB9G\x9D\xA0\x83�\x86�N\xC5#\xA98\x85�Q\xCF\xE5\xE4@|\xFC{\xAC\xFBt\xA8\xED\xAC�È£\xF2\xF3cn\x8Bz\xA1\x9E[��\xE2y�ÓžNvI�P\xAA\xC5E2M1u\xBB �{T\xE9&ࢢ\xF1\xD3Wk\xC1\xB0\x88\xEE\xC7\xC1Mn#H\x8D�\xE0\xE7t\xAC�-J0[\x89*vfRi\xED\xDCf\xE7N\x83Ñ\xCF:\xC8ae\xF7o$\xA9\xAFI�V�x*\x98\xA9\xE5�\xC6Q� \xAC[
-\xA6\x92\xDD�\xD5׎\xBF3�I�\xE0\xE6\xE7�\x99\x9DWm\�-}\xF6:\xCB\xDA\xC0\xF3�\xF0�\xA6\x8E\xAC\xE0X.1W\xA4\\xE9�\xEE Úƒ\xBC\x94w%[\xE1T,\xEA��\xACG�\xFC\xFC\x98\xC7V�p`DG\xAEAl\xE7\xFA\xC9BU\xA6XÔ€{\xC2C\x80\xCFΫ�n*\xD4 h\xFA,\xF8\xAA\x87\xE1\xAA\xD3A\x94\x8Eol\xB9"@t\x80\xBC\xFE*X��\xF4\xC3\xE9\xAA\xFC�\x95�[*���ÕN)_\xDC`VSo\xE0\x92\xC6_\xCA�,M\xF8\xD0!\xCER\xE3j�]e@/P\x89fm�Û˜\xEE�\xF2Xq\xEDX��wi\xAE\xE4F�Z[Aî’ºm\xB4\x93NA\xDF\xD1S7�\xE9&\xE9\xE8\xDC\xE5\xB7\\xF3Y\xBD'\xD5\xE1�\xE4\x98\xDC
-�F
-\x9B�\xE6A\xA7\xA0�^�\xE0�
-\x9E�\xB1\xD1�ŲF�\x88/ʙ\xC7Y\xDC\xC9\xEBH\xED,r\x83\x85\xD9Q\xDB��\xE3\xF2�\x8Er\xC6�\x94"w�a�\xCB\xC8\xE1��\x93*'\x9D)\xD5\xE3\xCESq��%`hr\xEB@[Py:\xB8�x\x87׉\xE72\x8F\xF0+\xC3\xE0
-�\xF3\xE9�\xC6:(1�{pf�\x92I�\xF9\xAB\xF4@\xC1\xFBXg\xD0.\x90\xD7\xFD\xA6]\x99;\xF08\xF8\xB0s\xC1\xC0\xA4\x8F\x90\xCE\xFB\xECA\xF7\xE9�3\xA3\xEA\x87\xC9X\xA9\xFA\x9D\x90n\xAA\xCA�\xB8k\x8D
-\xA4v\xA5�,~\xFFaF\xC7 YO\xF5 \xB9@\xB5\xAF\xA7d\xB3I\xC7p�\xF5n\x81\xA4\xB4+r g\xFD\xCE�\x82\x8D\xAA�\x{17B8FC}\xF2\xAAß¹\xD27\x8F�Ô¾Yk$(�\xA3
-\xE2J\xFAw�\xA2�=<\xE6@�pQj\x83\xE5C\xF0\x851\xF4\x8BD\xC1�^\xB9��\x8C\x8A\xBE\x9E\xED\xF3,G~\x84\x82\xC1\xD3\xDA�\xE6m\xE7GyK
-\xA8\x87\xA5\x80z\xAD�F\x84\xD0$\x80A+:
-\xA4m\xED��Í”\xE4\xAD�p\x831\xA9\xB6\x8E\x8C\xFAi�\x91�B9\xE7C \xCAb\xDCB\x93j\xF11\xEB\xB5 Y�t\xA6�\xD6�\xAF\xD5l\xB14'\xC9\xE6\x92�R\xC1\xE4<T�Þƒ\xAF\x8F���\x9C\xEA`\x8E\xC1\x8Eb�\xD3��8n\x83�7\x82a<\xE0\xFD\xC4v\xC0\xA8Ø—\x80p>\xBE\xF5\xA0`P\xD6\xEB\xC3^;˵\xDFS\xB7\xCC1 \xCBÖ 06�\xD7��?&\xEB\xC8\xC8bGc�
-\x86/ă\xA7\xF0\xC9\xEF\xB0\xC4\xE1{\xE1�dv�F\x99X" .[V\x998�\xA1,Aadn�\xF6�y\xD4k�\xE7\xAFÃm\xB9:�\xAE$\x96v\xE1\xAE/k\xE8\xBC,\x9C\x86\xB1\xF5\xBE~M\xF2ؘ\xB2\xC1�\xB9\x90\xBE\xD6VG�\xEC
-\xBCx.\xE6�\xF3�\x9F"�\xCC\xCD\xC4�\xE5\x96�Y\xD8\xE3\xD6%\xC3�\xEB\xBEK\x90\xBBQ\xC1ϳ\xCC�\xCCQ\xB8�\xE4\xA3\xCCU)\xDB�;\xB6�\xE7angl;\x83\xC7-F�\xEC\xF4\xEBF缬e\xFB� Ò¨Ek� \xACrb_\x81q\xA6v\x99\x8Bc\xCD&\xC1z\x83\xA4\x93\xC4��Vg\xB9�~\xC3\xE4,Z\x82B\xCE&/'̞ܛG&\xA8\xD5<&È•4\x82\xDFψ]G(h�\x9F\xB92v\xF4�`\xDC5%`E\xE8i\xDA`-\xE8\xF3>\x99\xAC\x81/n�\xBEg\xB0|\x8EL\xEE��BC\x80\xF3j\xACÓ³F\xDCo"\xB1d�\xF8\xFA\xFFs�\xAB\xAA\xAF\xAE�\x80\xB0\xA1\x82�\x8C\xFA���%�\xF3])\xC0k\xA9\xF5!Pp\xDD\xF7�<"\xAA\x82�"\x8A+\xE1�X7\xF8\xCCཛྷכ \xAB\xBD\xF3\xE0Û \x80\x9B\x81Ql\xD0\xD3{\xF6\x8B;2\xB6(\x82\x9CG\x9C�{�\xB4\xB63\xC16\x80㜎\xAA\xD5<\xFC\xC9\xD9[\xB0\x9D\xC6\xC9,{/�Idq\xAA\xE5\xC6ɉ\xFC\x8578\x9Dj\xCE�\x9F\xE2R\xE4,\xB6n�\xF5\xD9
-s\x90|\x84\xA3\xCA\xF5\xF8W,�[\xAE�\xABD at v\xDCe?\xB6i�`\xB0\xBE0\x8F^7\x95\xF9# ʺ��-#\xB4j\x9AGW\x98[�&;\xC2\xEA\xAA-\x88\x8B\x99,*+�\xB3\xF3kZ
-2i \xAF\xE39�d�\xEE\xF5`\xDB�\x81\xAB/\xF0\0\xBD\xAF\x91\x84\xD48'\x8C�\x99\xA9߆\x8E\x81�2\xA2\xB2\xB3Ƿo$i>\xC8[|G�\x8B\x88YgMy\x87\x8F�a\xEF\xFC5���=e�\xBE4\xA3G\xC0O\xFC\xFAu��|F\xC5A�\x84�'�\x90\xE4\xC4\xC2\xE0\xAF \x8Dm\x9CIj\x96y\xF0\xF0\xC3�g\xA67\x83�ֶ\x9D+Iq\xC2g\x90\xBB\x8E\xF7\xBF\xC1\x99TZ`m0
-\xBC\x9E!\xB9*\xB9\xEAQo\xD6\xC0\xE5\xBA��\x9BT \xAE\xA2Ԟ��\xB0\xF4\xD1\xF3\x9A\xB6�\xB3\xF9%'\xF9\x83�v\xB3\xF9\xED:]s��f\x90\xEE\xFA\xA0\xC0\xD3�\xDE B�H�\xC7\xD8I\x94\xBD\x81\xA8\xDB�\x94n,\x83s\xB9ߥ\xAE,�\xEAi\xB1\xCBz\xF5�e\xB3\xF4\x80k\xF4�\xC8\xCBb!~B \xC8;e3ی\x8A4\xA6L\x93J�ص(\xE0\xDC\xE3Dأ\xA6"\xA4\x8E8\xBEPN�R\xB7
-\xA7\x9F\x9F\xBFك\xF3ff%��O\xE1\xBD\xD9v\xBFη�\xF8\xF2\xA6 \xF6\xB6\x8Ep\x9B\x88\xF7\x86\xE4\xD0�ѫ\xDB
-\xD7K\xDFN-!nYO\x81g\x90\xDAB�\x87�\x9B{�\x90�{\xC9Ú®\xD1\xF5\x95\xCDkEß³j\xB2\x99�qMj\x8C\xA5\xC3\xDD\xEB1 \xD8Q\xDBϳ\x80�\xAF\xD4\xE1o\xDB�\xA0\x8EnR[�\xAA\xB7\xD4\xC4dÝi�\x97\x91E\xA6��\xE3rmh\x9B\xE9\x96K&\xC04\x90\xDF��r*gÞ±\xBB\xAD\xB0n\x8E�J\xDF\xEB\\xA6\xB5 ]\x94�\x96\xFDAJ}f\xDB<IE\xBF�\x97\xFF\x83�C׆7\xF2>58\xF3��\\xB2�\x91,|S\xBDsG7g\xD8�\xDD{�n\xC9Q\x94\xDAU|\x9CÔ¹#/\x8F\x87\xBCsC.\xF4\xBB\x96\xDFag\xFE\xF6\xB5Y\xDF\xF3\x93\xB7\xFD\xB9fl\xB9N\xC1x�\xBDÔA\x89\xEDÈ“\xE7*\xB60\xF4\xBANW\xA03\xC6'\xE7\xD9.\xBD>\xB2|Æ•a\xFEV\x8F`�\xB8S\xA0\x94\xB3\x8E,\xEEz\xFC`\x98�b\x93\xAA-Qî…¶Km\xF7--?\xFB \xF0\xBD\x80�@\xB7\x89\xE5 p&=�(:\xEC�\xC2A\xDB@~�\xB5\xF6É›\xC9\xF5\xDE&\xED1\x99\xBFj\xA7n\xF6\xC6\xCD\xD3Chnjʉ�\xAEGR\xAA\x80vÃ’?7\x9A-\xB2\xBC\x8C\xCE\xE52j\xD5�¶s�\xFC@\xCD�`\xA3\x91\x856\x92:r�\x93\x96Z6�\xC2�\xB2�\x93 \x8F\xD1t\x9BTQ\xDE�\xD7�\xFB[\xF2YU�\xA4H\x90'È¢&R\x99\x94jS��\x9E\xA53?$\xA8/CUm\xEB]@\x81\xF9�
-\x96\x9D\xA9� \xB1I\xD5V\xAD`n\xEA?�\xF8\xF6a\xB4\xB5\xC9+\xA8\xB9\xD1^\xF7x\xDE\xC70\xAD\xE9I\xFFR+�\xD6\xC6ܾ\xF7�u\xA5\x92\xC3\xCDlu�\xAC\x8D$\x84\x94\x8F\x88\x8B\xC6\xD74\x8D\xCA\xF6/m\xCB!.-է/�7B�:\xB6\x82�[\xBF6<̟�3Lot�\xE9\xFCh\xA0\xBB\x9D) \xA7\xA5xOd�\x95\x8Bz\x83k\xFC\xEE\xEE\x97�\x8B\x80��\xD8\xD1\xC0
-\xEC\xB0ъ\xE4V\xA3`�φ)\xFA�\x870\xCFռU\xB5\xA0\x84\xBA\xDEk\xFC\x81\x82t\xE04\xB0\xE22j\x97g\xD57=
-ʡ/G\x8ED�4\xF4ۦ߂�� \xE7[}.90\xEB\xC3\xCAf\xA8�,\xD9�e\xB4k3\xACx\x99\x9CY�\xC2\xD2\xF5i
-�H\xED�\xE3Q\xAD(b\x87��Ӻ\xC5�\x88f�0��\xC6?\xAC�o\xA0\xAF\xFB\xB8F/\xE8\xB8\x{110195}%
-͋�\xAE�\xFB\x86\xE7\x8A0\x87\xFDȬiT\xB2\xA5\xBB\xB1�\xCA�\xA7\x80\xCA9y\xD0�\x8F\xFD6a��\xFA\xFA\xE8�[��\xA9\xB97\x90;Y\x82}!k\xA4b�'��ٿ\xCBe\xBBב#\xC87\xA8\xE8 \xF9.\xA32eyY\xEC��"7K\x86*X!\x9C\xB9\x996Or\xEDp��*�\x93q�Q\x99k\Ғ�^G�\xC3يfsۢ�\xC0\x91F\xFF\xDCJZ\xDDU\xD8C~\xFCd\x9By
-\xE2\xC5ȹ\x9B\x94h5ܸ\xEBQ ;V6\xA6\xDC"%vO\xBF\xAD\xB8\xF3\xF5u\xB7\xE2\xED\xA8\xF1\xCA\xE8\xC1Z�]\x80\xC1;#�I{a�_\x92\xA8\x92\xE28w\xC3�\x91P{\x9CDvj\xDB�\xB6\xAC=\xAE�U\x949\xA9\xB5\xA5\xAE\x9E��\xBAq\xB5\xD0g\xBF= \xEAh!\xC3n\xDCh�+\x82Ô”\xBA\x94\xB5\xD0�\xFF\xE2\xCB`\xB4�M\x95\xB7Y\xA6\xC0Ô\xEE�\xDESZ\xF4\xB7\xCCz\x8B�'�R~\x84
-JWPJ0{o\xC7 \xB9\xFB�Õª\xC3N\xF7H\xA6@\x9B\xF2�\xC1�v\x80�\xF1\xFF\xC7ZÆ\xC86\xF5 \xFC|\xBE/\xEB M�N\xD5\xF0b��\x83��\\xF3Ydd\xA9�\xA8�~Y\xB5\xD5\xD5Z\xF5\x99\xFC sP
-h;\x8A\x8A\xEFVk7\xAF\xA4�+\xB5\xAC\x84\x91;I\x95�FZ)�ی\xF7\x80w\xF8\xF2\xEDΰ\xB1\x8279u\xE4�"�4?\xE0\xF6 Y\x82\xEC\xA5
-$?\xB1�\x90�P\x87\x84\xBC+\xAF2:&9\x81%}C=\xCA]P?ÏŒ\x94\xDE2\xB3W\xCA�/)De\xFE\xF6\xD2\xF6, \xC6h\x8AL\xAA \xAFÑ•\xE9/GZt\x97\x9B\xBC\xF4\x96\xC1�3gF>\xE6\xA3\xC2\xF1\x95\xA4�Òƒ\xF4[I�S\xF9\xADZ�O\x87\x91k\xD3\xC1�\xA6\xC7&\xF5I\x8FG\xC6iJ\xB6O\x85n4�\x8C\xF7\xCDGq�84\xD2��_JfR�3\x91\xCB\xC3$\xB1\x88N\xCD@\xD8\xDEk�\xCF7Ä\xA41\x82�\xAB\xD0T�\x99\xC4VkrY�0�\xB4\xC7+|\xD2��%{vH\xDD�Å�\xDF\xCCd\xFB\xFAh\xD1\xE1\xF7��\xB2z[3r^LA\xA9�?�\xD9�\xE4\x850\xC5.^�\xC9\xF8|\xD8/\x8D\xA6d\x86^\x8C\xE0�\xAC`�\x93.e\xA1\x93\xBB\x8C\x9C�"
-g\x8F\xDB��0#rO\xE3ֲ�\xD9\xCC,\x80\xB9]/\xF0؋'\xE1u\xA7\x82\xDC�φ\xB92^�\x9CDN\xB4\xB0<\xF2\xB2�P\xF0`\xD1<�\x91\x90(!\xA9}�2\x80\xB5R"%\xD4UG63cz�\xB4\xAD�@\\xAD\xF6`�\xAE\xE8j��2ZW_\xE1�҆.\xE0$\xFFC�0!8\xBC��\xEA\xC9t\x95{cV\xA7�\xBE�\xE4R�\xB7\x95\xC17\xC3 \xF6 m\xB83
-7@�~ \xC8�\xF1An\xAE%�\xA7s\x80)\xD3G\xEAe��}\xD7R\xE6\x9E\xF0\xE8�\xBC,\xC5cuG\xDE\xFA\x9A!\xCFu$\x99\x80\xF5*\x8B�\xAAw\k\xA4\xEC\xE1D?|Ò'uS\xF3\xD1�;���\xBFc\xFE?�Ë¿\xFE\xD7G\x8B\xCFe>òŸ€¹Ð¤\x9E�\xBDÞž9\xCC\xC4\xDF#\xE2;|$3\ƃf\xCF�9\xD1Ë\xE4̃\�wR|xtl�\xA57\xF0�\x95\xB4\xEAu:�^�\x85\x89\x9A\xD4\xD1\xF6f(/\x93^[\xEA\xF2\x8E\xF0$\x87GV$Úƒ#\xC6\xC1=K\xF4<\xF7A\xF0\xAE\x9C\xC1�\x89|[\x96*6�8r\xE0�\xBC�^\xD8o\xA7\xE4\xE9� \x9Bv\xB7>Ñ”9Â’\xFE]\xE5a\xD6�\xCC/\xFC>
-az[\xD6h{u\xF6\xDC!\xC0\xED =\xBD�R\xF9
-\xB8|I\xE9\xE2\x9F+\x93\xD2�\x9B\xE6\x80M�dX\x829�I\x8B��k\xC3S\xB1\xB0;\x93\x97\xAE\x87\xB1�\xFE\xBD\xC6��\xB9\xFE#\xCBsl�\x90 \xC9؅
-\xDC\xF3ͦ�|~\xFC\xBF�\xFF\xF5\xBFq�/\xCB�\xF5ó�\xFF\xC49ϴ\xCE#9\xEE\xCCAq\xF0DcI\x96\xE2\x82\xD2|k\x839\xC48{~\xC4F�A#rx)X;Y�\x8D\xF4MKv\x92\xDA\xE0�(�
-\xAC}7c�t\xD7\xCB0\x8A&\x80\xD1�}\xD7\xCB\xF8�\xDD!3\xB4 \xA5\xFE\x9F\x8F.\xB7\xB5
-O\xAF\x81\xE3\\xDF\xC1L\xDD\xFFA@\xE9\x91\xF2
-�\xF9\xC3�~\xFD\xFC\xBA�"\xE0g�\xC7)��a�\xAD\xB7�\xC5H\xF0\xDF�3,\xBDe\xC7�Xݪ3M�־.\xA5\xFE\xF0\xC9\xDB\xF4ر\xE1թ*SIz\xA0\xA0\xBCnr\x98i[�d\xEAx�UW?UKŖ�\xF8�\x8D)\xCFj\xC6�O\xE7z)\xC3" s\xCCT\xB3`&S\xD3\xEF$\xF3\xABt\xC1�\x8A\x80�\x93\xAD\xE1\xD0֥\xFE\x9F\x8Fo\xFB0\xF76\xC1z/,\xFD\xF9u\x8F\xBCۮ\xF4p\xA7�i\xC77[\x95mc\xFFW\xA5\xE0ky�c\x9C\xE5N\xFC \xD8\xED��\x9F \xF8\xAEu?\xF6"\x91,p\x8B\xC3\xFE�Ɩ\x88bK\x82\xBA \x9D\xA88H\xB0\xEE\xBB�\xE98�ݹ\xE5E��\xD0�\x9A�\xA0\x99\xB8\xD1\xEB\xE5\xFD\xB3S\xF1\x95 \xC0\xB3\x80oA\xBF�|\xC1\xDA��Rc\x91\xBA\xE0\x80\x90\x87\xDDab\xFC\xA5W\xED�\xE89[\xDD�hp*\x87i.b\xDB_z[�\xC8!\xE5�\x84Q\xDB\xE0\xFDIs�\xA5V\xBEi)\x87㉨\xC8\xC9\xDC\xF3\x82\xBDH\xE9/5w\K�\x8F\xD3&\xEE\xFCt\xF7Y\xF1(\x84_\xDA\xE5\xB9\xDE\xFF\x9A\xC1
-|\xECeXy\x81\xFB-�YXa�\xCFmIe\xD6Z:8�o\x8D\x8Ak]'\x8B͵A%R̈\xB4\xB6u��#\x9C\xDA\xCF\xC9vk\xECZ\xACœ\xF6k\xB6\x9C\xECפ\xC7\xFA\xA5n\x81b\x96\xEA\xA0-\xD1\xD9\xF8{\x9D\xD1\xE0\x8F\x8F\xFE8\xC03x\x9F\xF7�
-\xB7T\x87\xC9i'�k ;�p\xEE\xD8��\x8A\xFBǽ\xD45\xC0\xBB�\xB8\xA5\xA6 n4R\xEB\xE4\xC6p\xBE\xA7c\x9Do4\xA0v\xEA��N\xEDt,uy\xD9\xEF7\x90_�\xE0\xE7Ôƒ\xE4qR\xDB\xD3\xF2\xDFQ\xD0W6��6M�\xDD�Z\x82\xC0\xB0\xEC\xC1\xC0&{\xB2\xB4d\xEC\xACa\xA4\xB9Ë I�\x9F\xE7\S\xB3!\xBC\xF2j!\xFBf�#\xBC\xB2QKU\xE4\xAA0C Û¨j+z|\x8Bn\x95<\xAA\x84\xE7\xF3߯!]*Øž\xBE>f\xD8U\xFE?&�\xA4Ý€\xA9\xD9ä¥\xBFž\xB1?\xA2\xDF\xC9(\x94\x82\x984T\xAA\x8BZ\x90�+h\x89\xE6
-\xB8\x8Fm�9\xB6M@�U\xC9\xFAU\xEE\xD0>]jj,\xE9xM\xF4z\xC2�\xF1G\x9Fo\x84\xDB\xF1\xF3�xf5\xA7:\x93^\xF0\x8AZH�\xDB\xDD\xC0\xF4k�\x9C\xE6lo[\xE0�2\x91�&�\x9ALp]q9\x86
-\xE6\xF4î¯_F_7/�ß‚�Z\xAE\x9Ajz\xA3B\xD3O\xBF\xC7|!\xC8�@\xE3Ѷ��\xFF�\xCCj\x9Fz#\x89~\xFD\xFEh\x8De\xC2|\x8Fqj\x{1F7ABE}\xCA'\xA8a\xCDW\xD5\xEF\xB2,g\xCD�\xCC\xCD뮜\x9AÔ\x8AfO\xB6G\xEEÚ“g\x80{\xFC�\x8E;yÇ¡\xC2�\xA4 \xA8F\xBD\xED\xB7 \xBB�p\xF2.\#\xAE\xEB\xFD\xA8n\x87\xD4t\xF4\xF1D\xAC�\xF8\xDC2�\x9A'G;\xAAy\xCA��\xB3"�K\xD2L\xD5@ \xFE\xE7M\xB1\xC8\xF8\xFAjk�:\xCF\xE4j&8\x9F\x9E\xE0\x9C\xECcpT�z
-"ZΛ\x81\xBCn\xAD\xFB�r\xD1\xEAx\xC9\xFC\xB2d\xB6\xF3\x9C\x96mi�\xB5\xCBv�\xB5\xECZ\xDB�Ej\x81\xCEy9O\xFBA*\xCC�A\xAE\xDAI@\xC1\xF2\xB0�\xB3[\xB5\x98\xDB+\xE4r\xECm\xBF�a\xB6\x9C�\xE0�\xEBm�\xCCn)(\xAF\x90\xD6�}\xDD�@\x98�f�\xECm)\x8D\xB2Ͷy\xC0�Þ¦}M�\x99\xCAy v\x90\x9BO�P\x9BO\xE9\xC8r,\x95\x92-'\xA0�\x8B\x915Zv�(\xEF}\x9F�\xB7n_ \xA1\xFAs\xEB\xC0M\xE9\xD5t9\xB0#\xE7\xB5\xCC�{\x97Éz\xB9WcZ\x9F\x81qy\xD6�\xA3Zrh\x97\x91\xB2\xAB\xFBÅ…\xBF/\xF8Z\xF7\xF9\xE2\xD2@>�\xE0\xAC�\xD7-I\xC0\xB4\x87wл5\xEF\xA7Ò¶F\xBA\xAEN\xA5\xAD\xC4 at M�\xE8\xCBB®\xB7\xE1\x93�\xF8\xA1\xFF�3f\xA5
- /\x94\xEDM�\xE4\xA4\xE0\x{1D7DB5}\xE9\xD5\xEDU6\xBDV�\xA0\xA6%.\xB5\xBF?\xE6֤P\x90\x99\xDD@\xAE�\xBD�\x97�\xD9\xFB\x80E4,\xD0\xEBd z`~\x94\x91+6{@\xB8\xF5 at o\xFB\xDAR.\xF6*\xD7\xE1\xF6��ŴP�l\x96\x9CG]5-\x94!\xA7 \xC8cB\xDB*\x98=P\xD0\xDF\xEB\xF3"\xA0u\x8B#�\x93 �\x91\xBD\xBD#\x8F\xA9m:�\xA4\x85\xA9U{P8\xAB=\x94էY\x888\x88#\�\xF3 \x8E\xAAxQ\x9FQ\xCAE�\xD8zPo�x�\xBD[\xFF\xEE\x87uo\xFB-\xC8/��\xC1\xCF7�\xA4�l`�\xB9�\xF4\xD88~1�)\xDAV\xBF\xD8\xFE\xA43\x816A|\xC6I]`\xDB\xDF] P;Y\xD9%ez\xE4�\xDCWC�\xAC:\xED���8V\xF9\xA8\xC9#\xA2K/\xED\xEB�\xC4͖�\xB5/\xaJ\xBF\x96`P\xA3\xAF�\xAD ��_\x8F\x82Y\xB8\x83 \x8D\xF9ߴU\xA9۶]߱\x82sWR\xF0\xDB7\xF3A\x9C\xBCM\xBD-\xAE\xF2}\xC0k�e\xA3x�򦲨�\xB4\xBE\xEE\xAD\xE1\x9B5�\xDA�\xE3T\xBA*|S'\xA8\x83\xF3V\xF5\xED\xBC\xFDa\xE5\xF8\xD2\xFBz[9\xB9Q\xBC-\xD3\xFFL[{[\xFE�\xD06
-
-�a\xE1\x9Fn\xE8jã®\xAA\x81\xB5+y]\x99yW\x8A\xCA2\xFDm\xA3LC_v\x909\xDDnÙ>\xDC\xF2V%\xE0
-.\xFFI\xA3&\xDCW\xA3�w\xCD�\xECH\x93\xC3N\xBF\x97\x82\xF9\xC1�\xBC5\x95\xB5\xE6\xAC�\xC8%\xAAS.\xD7�\xE7�]`\xAC\xD8#{G\xFAsu-\xAEA\xB0Rk\xF1�\x865\x84\xB4\xB1D\x92\x81d/i\xB6pr\xB5L\xBAO\xC1\xA2\x8E(H\xA9ɎЫ1U\xF0\x99(O儣\x9E\xF4K\x9Dp-.\xA4\xBCR\xA2\xBEUP\x9D\xE8\xA4�B)\x9C�\xA4\xA6Y�m\xA2?�U%�\xCD\xF8y\xF2O\x96\xF6^\xF4\xB2\xA1\xE6\xFF\xF2�\x9E'\xEBgԅ\xA2\x82x\xE4\xF2\xD1~\xEE\xE0\xBFn\x9B\xBC\xBB�D\xBC�\xC1xXF�\xC9\xF5\xC7\xD2n"�Cl E;\xC8\xFBSx 3\xF8\x85\xB7\xFE߀�\xDF$ƀb�\xEE �\xA4h\xE4\xA0\\xD4\xF7�ۇ\x80p'\xF4�\xE0�\xF9���\xA6\x92\xABe�\xE9\xB9h\xA0\xDF7?\xDF�|Ӷ\xF5\xA0\xC0\xBA^ˈ\xD5M\xBA\xF5V\xA4\xB2e{\x85�\x9A\xBAI\xCB\xC8��x\xF2<"΅\xAE\x8FO�@D\x9A\x95\xEBX\xB3-b\xD7\xC4Z&�ԲV\x9C\x90VX�I\xF4?\x81|�\xC0\xE8AFډ\xD1\xD6\xE2�Q-\xA3\x8C\x83E\xE9\xA8n\x8E\x86\xC2n\xDD0s^\xFC\x85\x96�\xF9L\x97\x86\x84@~\x8F\xA5\xD5\xDBRo\x9E{\xB2
-WSq\xE7HK8\x89\xD8QPZ\xEA\xA0\xFC \xA0Z\x96C) \xEB\xD4#U\xEC\x99\xFA�kLaW\xE4P#.\xF3\xB22^�V\x89 ÈŸ\xC0\x91\xE9\x97
-\xCEJS51d\xC2�\xD8VLM�Yr51\x9A\xD4ifS 7\x88\xB6\xBA8\xE1\xCB�\xF4\xBEkp\xBErn\x97aR\xDEK\x96\\xCD\xC1\xF6
-\xF5�\xE4a\xF5��\x88xS�\xEE\xE1 �\x9C\xFB\x96\x82nF\xFD\xEBc\xEE�M\xAE\xF2��\xC8O\xAEf\xD4�熪\xA0o\xD4\xBD
-Mr\xEC\xD6�k \xBF\x98Z\xCA\xDA\xEEMw\xB4l};+
-u0+K鱂\xF3.�\xA0\xE0.TKYR�\xE2\xB0\xE4QU'X\x9E\xA0u\xD2}s\xA8ʳ\xBF9~\xEB\xEC\xD4S\xBA\xB0\xB4\xA7�\xB7|\x99\x93*>]Չ\x8C\xA7\xA1\x9A�\xBF\xCF\xE8�\xAA)\xBF\xDF\xD4�\xD1s�b/�
-�\x96\xD4�%\x85i\xCC��
-,\xEDI\xF8\xBBU@\xB2g\xFF\xA0i}Ûƒ,\x84\xD8�\xF6\x8D\xD4�\xB8j\xB7\xC4�\xF3B\xD8 at Q�\xA9�N=�.\xAEf\xD0JmS\x83G\xC8Ö—\x96+\xAA\xAB�\xE7-Q\xC1\xBC%*(\xB7\xC4T\x98U;O\xF7\xB4�s\xAA\xEEd\xBB4h\x91ͼ\xB6Ô�\xE5\xF1~\xB5K\x83E\xE4\xDF\xD7ÛC\x82\x9B
-ܪ:l\xDD~7-/K\xA2\xB7&\xA0\xBAei
-��\xA8\xE2\xA1Z\xB5/iʤj_\xDD/Xe3 at TZe��\xBD\xF9\xD5\xF6\x9Bg!\xBE\xAB? C0_{\xF6\xACz.\xE0\x96e\xFF\xE4]\x8DI\xF8~\xB76X\xB0u\x92V\xB1-\xEA4\xFEj�/\x80\xFC\x8A\xEC\xAD�\xA8\xDEn,\xA2\xA6sc\x8FpoN\xC4\xFBf8[~\x84\x8C~\xE8 'b��m\xEBc\xF0\xFBcn\x9DCC�\xBA \xE4\xB2�\xC8%\x86k\x9A\xC4\xC3 (\x95"s1\xF23R R\x8CX+r�9=j?\xE1\xF4\x986: \xBEk W\x88\x801�\xE7\xDFG\x9C^\x94b\xD8x\x80}~\xCC-\x8Fy?\xEC�\xC7\xD6;=�\x97\xD42`\xD4\xD6/"\xF3\x94h�×–\xAC\x87\x99;têCU\xD3\xF6}@\xFB\xEFkaIK\x80\xF3\xB7km�\xE4ì‘\xBFK\xF9\xEE\xD6\xD6g{\xDB\xCC \xFE\xE7\xA3�`\xCD\xF6\xBA\xA3k�2H\x953\x8D\xA3Um}e\xF47\xABE(\x9Fz
-c\xFC\xDC\xDB5\x92K\xFA\x9B\xAD\xC1[\xFA\xEF~v
-\x8Fcݧ5\xB4\x98En\xEF�\xB6\xD5�\xAE�{Z\xF6\xEA\xD1iq�,\xA9V�7\xAB\xDD\xD6*&<K\xFD�\xB4�FG\x95~\xC0w8\xADp\xE29
-W\xBD\x81�,\xDE\xF5\xEBc\x86\xAF\xEBb[N\xF85i^�\xE8�K\xD5��\x93U2\xBE\xE6hen\xD1�\xB2\xDE+\xBE"�\xAC�Ø›\xD3+S\x9Et�\xA4�\xD7KÞ¦f\xA8�YêºlR\xB5\xECK,5X+J\xBEfA\xA4{\xDFN9\xEA鵩Y�K3�\xABc�iul`\xB9GJaׇ\xA5\xAD\xA4\x83\xB0>t�?\xB4ŽKâ…¥%\xAC\x8E\xD3\xDD@\x9C_uG�\xEBw�\xCBR.\xAF �SP��X�\x9A&7\x8BO\xFC#\xE8V\xFD\xC9\xD4!z\xA0�x\xF9 \xE4&Õ”\xE9\xBA͉.\\xB79Q\xE7\xEB>\xA9\x86S\xB9{\x96\xE1T�4\xA9� e\xFA]@*\xDEu\xD1�Hs \xCD�\xF2\xB0Ì-3\xAF伶\xE8\xE6J\x9BU#k\x9Af\xF4JS\xE0\xA2�K\xAA�u)\xE9R~Y�\\xC1\xF2\xEFH\xA9\xE8R\xD2\xEB�\xA8\xA4\xFF\xD5{[�TÞ¬\xFC;R\x93I\xA7\x87�:(\xBB\xBA\xB6Mg\xB8T\xEC\xE2+\x84\x80\xCC\xE7\xADוt\xE0\xFAbR\x91N
-\xF3R\xB3\xA4nEZhx\xA9
-\xB3�\x8AY\\xEA]]\x92\x90X\xB5\x92\xB7LÑ«\x9AÄ°�\xE2\xF7,?\x9C�\xF0\xDE+\xDC�%\xA1Y\x9D\x9D�\xCE1\xACq\xC9E\xDE?B:7\xF4#\xA4'\xA5W\xD2\xC6\xE6\xF5Mym~E~\xF1r�U\xD5�\xDDjk´\x9D\xB2\xE6\\xF9\xD3d&7\xA9,\x90\xAE>\xB2�\xD3�&\x93\xB6\x81|�@��a\xE7\xD4\xE3\xA6zP\xFA\xA4\x96xw�\x95\xBF\x87M\xB2�X\xE7\xF3+c\xA5=\xE8Hu.\xF7\x8D\xF6$l1\xFD\xE7�fnLC\xF9\xF44\x886\xAC\xF7r2\xB2ê¡D\xD6\xDDQ@(\x8D\x9F�s\xDB<\xECsÛ¤\x80\xC9:\xA7zg\xB5�
-5\xB7\xE3v\xAB.\xAB\x9F\xDC\xC0E*\xC0\xFF]\xDBIn�\xF5\xF6(�D\xE5\xC9\xC3C{[gZ\xD3\xD3K9im�L\xED\xAA\xC0\xF6\xBA%\xB7n\xDBe\x8CTÝ»\xBA\xB5�\x83\xC0d\x96\xDBv�\xC0k\xB5\xF4 Z\xE3\xFC
-\xD01\xFF\x98Nv\xD1\xE9K�\xF8�\xF4M\x9Cr\xA9rXQ\xA5\x87\xEA�|6/5�\x95\xCC�\x84\x9AM\xFD\xAA\xDAR%/]\x8C\x8A\xFE_\xDDJJ�\xA1c\xC2\xF6y\xDA�zO\xA6S(\xEF_\xD3\xEF\xAF\xFF\xAE\xBEB�m�\x8C\xB4/\xEC0\xEE\xFF\xC9\xEB՚B�d\xD3�\xBC��\xDC�\xE08\xC7TIT{\x9F\x83\xCAןg\x91\xDC>j¼\xB6\xCFc\x9B\xAC\xF2\x9C�T\xC3
-\xCE�[\xCBV\xAE$\xB5�\xACAB5o2"\xA06C\xB9\xA7\xD4^\xA8\xA6\xA4��A�7\xB4�\xF2Qm!T\xC7Z\xDB�\xF3R\xA4\xA0\xAF\x8Ey�d)\xD6+4\x90}ݵ̬\xB6ÍG{+=\x98^\x96\xC7�O�yX\x9Dh\xB2\xFB\xD6\xE9+�E\xE19\xA93EU\xAB<'U)\x90�HU6\xD2�+ÚŽj \xA5�\x89>\xAF\x9AQjÞª�5�%V\xD54-\xB5\xB5*bVʦfl\xAET\xECV\xDF|\x87\xEF\x91�\xBB\xF8\xFB�\xA2\x8A�A
- \xFFJyl\xBA \xC4+K\xC9k
-E\xE80" :(= \x88G}~|۱?\xA67˨�\xEDX\xFA\xEE\xBA\xDCt|\xF57\x93\xB6\xA8\xFAݥ\xF2#L�+\xF8۶߂��1\xDC\xF4\x9C\xA9\xE2\xDC@\xCE�q\xA7\xA9\x96/�˹\xACް\xAC!�Gմ\xC2*\xC8[.u�\xA3R�@\\xD4fOg\xC5s\xB7\xB6߂r�,?6\xDA\xFE\xFE\x98\xFB\xC0\xD0m\xB9�\x96�-5\xE1�_\x8B\xA17\xB9o\x88\xA7N\xB1\xAA\xCCR\x97\xD26~\xD8a\xE8\xFB\x93\xEB\x81z e\xD3\xE1\xDA\xF8\xFDѶ��@H\x96V\xDD\xE6\xDA2\xAC/-\xABH??bl\xA4\xCE0\xE7\xC4|q\x93\xA9\xA2\xA0̵�\xDD!L�ܵd\xB9|;Y\xDF�\xD6\xFBr\xF9F at z\xAA\xB5\xA58\xE6Un\xBA\xC5uq\xA7_]\xB7�\xF1\xAB\xEB\xEE\xD0�\xB0m\xFA\xBF\xFB>"c\x90%�\xF5�\xB2P\xA3J͢\x8E\xEC\xC1'�\xA0 $\xE1Y@\xBE\x82\xB6\xF4\x80\x83\xE8A\x92\xCCT<\x90TƬ
-a\xB3\xD1,3)\x98\xA9m\xB3\f\x97J�\xDDb�
-\x96W@�\xCD\xFE
-+Xg\xDAW\xD0\xD7\xFDF@�Y
-h\xBB^ h'J�I\xCB<�$3EgL�\x9D:��\x9BN8X\xA28\x91yF\x88\xBDD\xC1\xB4a(\xF8\xED\xA1\xDE� \xAE\x84\xF4b�H\x83�ՊR�2\xDEZ\x96h\x99�e9\xABm$7 \x86\x88r\x97\x81ѧ\x8C�\xB2˔\xB1 at -.u3W5\x8A\xFE0շ�\xA3i\xA6\xFF\x9A\xF6�mY\xD8r\x9F�6i{�\x9A\xF6v\xEDQ\xBA
-\xB5\xF3b\xC5\xD7�M\x9C�\x89\xBC}\x8D\xA9\xD8e䳔�^?\x8A\xE8\x9091\xBAmJaX\xB0e�\xAA\xC1JA\xF9\x809\xB3Ԏ\xA5݂\xBDI\xBB%~�Un3\xFF\xA3\x83\xA92\xD7�``\xE6)$:wM\xB7\xFA\x8A:\xDA\xE9 \xE9p~\xC5\xD2\xC3\xD3<#'\xA5\x9Ag􋧧Y\xBFx\xDEEt� u\x8BNؼ9\xF5\xB60!(\xA8^|\xB9\x8D\xC8M\xB3lvr'M=\x87w\xFAɼ\xA6>\xBDT\x95:�\xB5j�\xC0\xB6r\xFFW0o\xD0
-\x8Et
-\x96bw\x9Amv\xEBw\xE5\xD3>ç¿š\xB5\xE54:\xD5\xEB\xC9_\xC3\xDEr^Y
-\xA9\xEC"\xA79Ѯ\xD9 `.\xB4�\x84\xAC\xCB\xFEH\x9A\xDD2\xC1\xF0a]*l�\xB4 at t\xC3B\xB7\x95\x88вt\xA0�\xF4\xC7!\xA4\xF9<\x83~u�YuP\xAC* \xBF\xE0�\x84\xF3\xEF��\xA0\xCA-\x97\xE29\x92\xBF\xB8\x9C\x8F�\xF0 \x9F$b\xC3T@\xFA/O\xE3N\xCD(2\xB8? R@\xC1\xF9
-\xE9\xF2>\x87\x92\xAFÂ\xDA\xC7 =\xFC* C�\xF4�\xCA��\x901�\xF0m\xF7\xB6�\xEE\xA8\xE6\xD4\xC0\xC3
-R͞e\xE9mz\xD7;�\xEF:A\xFA\xB6\xE9\xF2nm\xE9�o=(p\xDD%\x9E\x86�j�\xC4c^�\xC4=\x8FW\xF8\xFC\x98\xDBz�\xFE\xF8\x98['\x8Ft�\x81Io+Їk):\x961P\xA7�4\x8Fg�P6\xB6&\xA0\xD6h�pel�"\xA8�\x86\xE8\xA3X\xF5\x9F�sÇ�I\x88K\xAB( i�\xBBH<9 VļW\x91O\xB29U\xEC�\xC1O�\x88�\xB2\xB9\xBBM̂�\xF4\x90\xD1W�D.\xCC�\xBC\xAA\xE0Q\xE6\xCD0\xC2\xE2\xF7��
-\xD1H\x9E:\x82\xF1\xC2�E'm+/\xECu\xDF<N\x82L�C\x84\xC4'�0{\xA8��i[&\xC6�\x96Q\xBB\xC1�\x83V\x89J
-�M A\xF6\x80m%�\xAD\xA4\x96\xBB@\xDE�\xBA\xD5\xD7G�� E\xACAD�W\xFB\xBA\x9DϬ\xE2\xF0$\xAD\xAA\xDAJf\x9A\x82\x92\xFF\x99\xF9K\x9A\xFFY�w?\x80\xA9[u8S\xB0\xFE�\x84\xCA7��\xF2\xB4ꖤ\xF7\xD5+\xA0%�\x91\xA1\x84\xD2[�\xC4\xCC�MQ\xCEt"Un\}Z \xB1|\xA3\xC5\xFB
-\xA6\xBD\xE76\x9B\x9B1�
-\xAB\xF6h�Z.;T��\xA8\xED4�\xBE\xD7\\xB7\x9B\x94\xD5lr"\x96\xFC\xC3�\xF7n#9\xBFI\xF9k\xFAÄŸ@\xA1\xB8\xBEP\xB0\xA8\xBF\xAEVQ\xA0E�7�#Qv\xA5^�Z\xFC1\xF7=¢pKÞˆ\x81\xFB9\x90z\x91\x99��\x9F\xDBz�LFZ�\x90\xE9�\xFA(\xB4d�\xD0\xD7\xE2\xFD2p�aB\xB2\xD2�\xB8\xE1b\x8E�|\xFE\x9D\x80zX\x{1A0E85}\xE4\x9BÏ\xB9\xB7)\xC0\x923\xF61\xBD\x97\xA5|\xAC\xCAQ�\xAFpE\x81\xB1\xDE\xDB�\xC1\xB7�\xE0\xBE_\x8F\x8C,�\x9CAÊ�\xFE�8\xA2L�\xC1ÏYn~Fm\x8B\xB4\x9A�&\xB9\x91\xC1\xCE:&\xC9:/\xFD�%Þ…\xDB\xC8@\xAF\x82x7z\xA7�#\xAB\xC8\xC0\xA8CT4F\x869/f\xA3D3\x{139DAB}?\xFE }\xE2G\xAC&q\xA2\xFAp�\xB3\xF7
-&\xB7\x94\xC1;,w2|O\xA8�}\xF8��I\xD6|\xDB�\xF7\xF4L\xAB\xFBY\x84\x92X\xC0go3;no
-'\xB1s\x81I\x82\xF4z
- >\x99m����ߑ\x81\xE7}\xC1\x94\x85t\xB5�zK
-\x88"_\x92\xEFf`�\xF8\x95\xFC!�\xA3\xC0oK\x98\xEBp\x9A\xB2\x8Ch\xFB\x86A1m|[\\x86\xEFɯ\xB0\x93�\xBD,Qe\x8B�\x8B\x91\xD9aO\xE5\xC7\xFC\x84}
-\xC4\xCB\xEA^J\xA3\xDB\xF7`\x8B2R8
-�i7\xAC\xF8��\x91\x97M#%lq<Q~4k\x9CZB\xD2"\xAA\xD7\xFD\xB4\xC5u�M\xDA\xD8\xF4j_\xA0\\xD7ËŒ!\xC1\xE9�ζe"k M�\xCD6P\x86\x8CÖ–\x96\x90Tc:\x98>\xCD.\xC0\xDB\xFE\x9E\x8C�é©”\xA8\xA6ru\xAA%CB\x86\xD5æ¾e5/\xA4\x8A(\xD1G\xD4F'\x9B\xC3�>\xCEu
-J\xAA\x90�� \xA5\x9A=(8\x9D\xEE\xE9
-\x91\xD0\xDE\xC2p\x9F\x98\xBC&r\xE3\xFE\xFE\xE7pDé \xA1\xF2t\xB8g:�\xDF�A\xBA\xBB\xE1��\x83E5�\x83A\x99\\x9AÉ¢\xEC \xAD-\xED0b\xC7(�W\xB7\xC9a\xCF\xFB\xDF/u\x81w�\xECj�\x90�"5O�(��ܲ~\xB4\xBC\xAE\xF4\xA0�9"\xB5\xACF\x{DFAE}m\xF3\xBE\x9E1A�\xA4\xDDGo\xCB�bqZe\x96c\x8A\xF4Q\x9BE�n4\xABIYs^\x9B\xCD��\xA6$�\xA4\x81�19\xE2$\xFE\x82݇A*G�W\x97\x8DG\xC02\xE6��\x92\xFD\xF9\xD1\xCD9\xA6+#\x90,s\xF1;\x88\xB4}v\xEB\xF3\xA3\xB7mF"D}\xF7� A\x91=x7=\xA5\x80z]�\xD9zY\x80\xB4}}Û–\xC6/|�&t\xD2\xD0&6\x9E\xFA8b5)\x9B^\x9B\xB5\xF5\xC9e~\xFD Öœq\xFB��\xD4\xFCJ\xB3`\x99� [�\xCA,\x99KDA\x9AG\x9A\xB5R\xD6M\xAD\x86\xB6\xF4\xB9H%Úª\x963\x8C \xܧ\xDA\xDE\xCB\xD8ÏŒ\xF7\xD2\xD0QÉ€\xE802 �\YÞ®\x83�\\xD6
-\xD1~\xAAtCx\xDE\xEF�\x94p#=\x96\xC4>^\xA6\xF8\xCC\xD0ѣNҳ\xBA7\x80�\xFE:\x99\xF3z\xAF\x8E\x8B�iS\x9E�\xD1OJ7h\x9E�*�\x92=\xA0�D񩕯\x92N)tB\xD7.\xFD\xA2�\xA7'[\xC1t\x9A\x97~\xD7�\xECV�g\xC0Y\x99\xCE\xF8\x9D\x85JԹ\\xA0�b\xAA 񋖎)\xFE\xF1-\x86h\xF6\xCC*\x8C�u�\xCFky�QjE\xA9\xBA\xBFi\xFB\xC7GW~3\xA3^ۊ\x9E\xAD\xA0;\x97\xBF&�\xEDV\xE0:\xCD-\xBC�v�aa�\xBDV)
-;@\xFD\xBCa\xB8\xA9 \x9B\xAE�u�\xF3\xBA\x86\xFBt\xAB\x92[\x82\xDE)\xE5B\xF0C[^\x8B\xE5c\xE9\xADV^\xBF\xAEeM\xAA_\xF6\xFE\xFAh�k\xAF\x85\xFBS\xF16�\xE8\xB5�:\xA9\xB6�Arb\xEBXm\xACLn\x83\xEA\x9B]\xF1\s\xACq3,\xFAk�\xB0\xAE\xD7\xD6A\xF9*‰\xADr\x93\xFCZ/\xC6"\xA0\xEE\xD5\xE8�\xEF\xE0�\x83\x95[\xEF\xDB
-,\xA9I\xEB\xFDc\xDBo\xC1\xE9Q\xBC\xC6\xC3
-\xD0\xDB\xEE(D\x96\xC4⽥\xD7�\x99\xED Ys\xA5\x8F,j\x88\xE8 J\x89�\xB9\x88w��٬�\xA2R\xA5\x82G\x87\xA1q\xA8\x80*�'\x8FjE\xE6\xEA\x93g98\x9DH%\xF5\xB13\xCBMgZ\xD6C\x97]V<\xD1\xE9-�r-i��\xB9\xE0\xCB\xEB\xD6\xF5\xBEʻ\xF4\x96Y\xF9F\x96XUr\x91Ũ�r\xE7\xEC=\xC8\xF5\xAC=P�\xD2->
-\xE0d\x8C\xE8\xAF˶R\xBE\xAF\xC6@\x8A
-\xAA \xA9+\xA8\xA0\xDFR\xFF\xF3\xD66\xBF\xD8?\x82Þƒ\xF7\xDEf \xC1�\xBEX}[o\xC99\xC3é‘•,\xB5m\x96k\xD4AD\xB9\xC6\xF9\x93gmH\xDD\xFEPK\xB3K5\x85\xFB\xB8\xF3�\xD8Û¨[\xDA?.\xEB{\xCA�\xFCž3cU3\x90\xCAV\xF0\x89\xF3>C\xB9XK\xB6i!\xDCq'ã¶\xAD\xC2fw]\xC3\x{16DF16}\xE8\xBCWg\xAB):\xDB\xDFT
-\xD4\xEA\xB8 \xEE�~ \x8Fs\xFBN\x80\xC3�̺\xB9:],�#Ë¥\xD5Lnm�\xBC\xAE{\xD2m\xEC0\xBB\xCEc>. \xB7E\xF3�\xE8d\x82_\xBD�\xFE\x8E\xF79=,\xEB�\xCBÔ°\x97Ù\x91\xFA
-Ô˜*t,_\x91mg\xD0+�Q@\xC1\xF2\xB0\x92\xFA
-\x88\xBER�E\x94\x9Eu\x91\xFAxN\xAE\xC7j"A�\xC9`\xB8ǬrK\xC5\xC8\xC1.gq\xD2\xD7ئ\xB6Y\xC8[�
- \xD2Ö†\xF0j\xD6����uU5\A\xD4"\xA7\x80\x82%\x96\xA9@\xD4"×µ�p~\x85&\x80ݺ\x98\x8DÛ¥\xDEu%\xC8\xEB�\xE1���\xB8}X=\xF7q\xBD\x85c\xFD\xD4\xF6[\xB0\xF5 \x97\x9D\xAA\xDD.×¢�\xC2`if\xC3}9\xF3Z�3$\x8B\xCA\xCFRQ=^l\xA3Z~\xBE?ì®@X1;\x88�\xDC\xF3T>\xB0\x84n\x99\x8Dr;\xA6d\x85�\xB2\xAFO��P �\xF6\x94\xED[�\x96Ñ’\xFA(�\xF0\x89\xBBi\C\x87Y �\x9A\xC9�\xAB\x81we�\x87�u\x989o}���f\xE1:\xBA�\xD40Pd\xA6�r\xB8�\xE3\xA8l˸\xDE�\xCF+�\xFC}Dyg[\xB5\xB7f\xCBw�,ÚF<�\x935\x8B�\x86a9\xF2{&\x8C\xD2�\x91p�`�*\xCF}\xA2\xB03\xF8\xDC.Æ™\x85u\xB3\x814\xF7\xBD�\xC2×µ.\x93\xE0i:1Ø‹\x8F\xAA\xD13Ûª\xE1$[\xBE��\xF7`V\\xA4d�x\x9Bû\x83\xE6\x95]\xCA
-��C\x83\xCFu\x8C\xB7\xB6\xA8\x9A\xDC[\xDE\xC7]\x94\x85�K\xDB��\x9B\xC00u%\xD8\xED\x90)\xB7\x83�+\x99\x96�\xCD\xC0=KCe\xFC\x99\xC1,G\x9268�\xC75�\x86\xB5nxu\xBB\xEBN#�\xDB�\xFE�0Ì£ \xCE=hm�\Q�\xA5\x81~=\xA5\x80\x92;\x981\xA1=8\x97\xF3y{��\xD0M\xA9\xC3j\x89"\xE0\x91�pc\xB5\xBB8\xCA\xFA1\xD4m\xAC\xAF\x93\xF5\xBE8\xEB��\x97\xB0Z]�\x87R\xAE�|\xAF\xCF{\xDB�5\x9FÚ£�\xDE�{Ǥm\xC4\xE0\xFD�Þ¼\xCA\xFE(\x80 \xEAU\xCF\xE0\xBE^U\xA19l\xC46^\xF7\x96,\xAA\xC1\x9Fa�KFJ\xDA6\xA7yH\xEBj\xC2}\x81\xCA\xEC\xAEÝ \xAD�\xBA5�v\xF7_\xDFz\xCC\xFE\x94\x8E�\xEErp+r\xF3\xE5Fi\xF9,\xF0\x9C2�w\xB8YyaHyX�s\xF7\xE6\xF6�n\xB4\x84\xFB\x99\xF0�x_W\xFE>„\x89Θ\xFC\xBC\xC0Ó’\x8E\xBEÞž\xEF\x81�z~�\xB8_w\xA7AÈ–\xFD 4x9.\xB6\x8D�\xB4\x9D_<A
-<\x8F\xA7\xBC\x96q\x86'\xDC�\xF6G\x93�B3ȣ\x92z�u�9\xAEK\x93�-"\xEF:Tn\xE8�\xA6\x8E(:Oi\x93?\x80\xAEIQ\x97+\xD8u\xC4\xF9a�\xC2\xCBLprj\xDB\xCB03\xA1�\xE2\x93e\xBA\xBD*\xF2�\xAA\x85\xD5(\xA6�\x94F[+ݜ%\xAF�\xDB\xCE\xED\x99\xC0]}\xD7ya4_\xFE\x99\xF6>\xAA\xF9V%\xF4\xE1Ֆ�=\xC0\xF9N\xB1\xBD\xE4\x9E\xD35X\xD5\xFC\xBA\xBE\x98\xDD~\xAF\xDBy\xC1\xD7�\xD3M^/%y[뗒\xB2�Z\xB2\xF9>۟\xEAj(\xB6\xB2\xB8\x84ҨE�\x98m\x97\x8C$b\xBC
-\x98\x91~il�/\xECa\xD3\xCA@\xA0�\x9C!^�\xF1\xD3A\xC4��\xA4\x80o\xDB~+u\xEA\xC1\xD7G\x87_w\xA5q\xDE\xFF\xFA�\x81\xBE\xD2ك\xC7,\x9A͖!\xE3RF\x8B�\xBA\x81c�Cs\xEE\xED\xD7\xDBþ�\x8F\xF0\xCCͯP&�\xF9
-?\x80n:\xA2q�\xD1Pڶ̘�\xF8\x87(\xB12b\xB6�T\xEC\xD2A\x97a�S\xAA\x82e\xD3jri\x92�K,lZ}\xB4\xA4\xB2xo+f\xCCol\x9Bj\x87-\xBB\x9E\xCCo\xE9A\x8Dl��\xDBpK�\xB4mZWkd\xBF� \xA3\xEF,\xA0L\x932\x95\xC5\xE8[\x93�-c�GVb��u\xC66\xD2"\xDF[fY\xFA\xBEƲ\x9A\xA4\x82Y\xBES\xBB�\xF7ü\x9C\x83k\xBBw\xB6�6U\xE6\xF1\xDCo\xFD\x97'e�&}�\xBF4\xAC\x91`�\xD08\xD0oڊ\xEF\xA1Z�\xFCD�^z\xDA\xE4)�P<%5\xAC\xCDȯp~C� \xBB\xA5\xF6\xE9�\xE7\x84\xF9�\xA4T5/K�\xCA\xC4^�\x9F:\x8Bjd\xFF\xEA\xDEu\xE7\x92\xE5\xB8�{\x82~\x87\xFEc@\x92\xDDT\xDE/6\xFCC\xFAd�4nc�\xCB:V\xC30�r\x8B\xD6\xC88M��\xF2�\xF8\xF6\xAE\x88X+"k\xEF\xFD\x91\xF2i���\x87\xD49\xB1\xEB\xCBʪ\xCAK\xE4\x8A�+\xDEm\x80\x88\xEF\xF1\xBE\x8E8\x85\x93V\xEF\x8Fp\x9A\xBD\xB7A\xDB=\xBA�\xAD\xC2\xF8\xF6\xE1\xF1Z\x9FIN\x9B\xBDw\x8B\xB7:A\xEB\x9B\xD9�\x8E\xB8\xD9͸�#�\xC7r�/\xFCX\xFB\xA2�\xC7z�\xB7•\xECAjZׂK\xFD\xBD\x81cS\x88\x87\x85\x91\xEF\xE0\xE5\xB5a\xF4m\xE9l@\x8D\x8F/1�\xF2?m<vָ\xD98\xD9\xD7|\xDCw\x8C\x81\xBB\xDF�P4\xFB\xFE��\x8C?F\xB29�\x8Fs\xF1\xBC\x92cSh�\x8F\xC3\xD8l\xFC\x82�\xF1\x8E\x99\xDFl\xD1b\xD8\xCE{\xBF\xBA\xF2~\x9F\xFB\x8Au\xDE۩\xD4Ǖ\xB1\xE2\x9D6\xAE\x8C\xA7KuZy\xEF?e\x8B\x9E\xC7��\xCF}\xDE\xFB\x95\xED\xEC9\xAD�\xF4��\xCEa�\xEF Q\x91\xAF�\xDBp \xFD\x87\xF1\xD6 \xF7[D
-\xBE~x4#\xB1\xE64\xDEZ
-\xA3:\xB1\x8F\x8E \xCC\xF7޾cԸ��\xA0p\xBB�\xBD\x8E\x97F\xBC\x83\xC7Op\�\x9B\xFB\xED\xCD\xF2�\xC2\xD1~�?\x87\xFF�\xC3/�F\xC78]A\xFC\xBC\x9B�\xB2:\xC6\xEAa<ou<\xC2\xCBk\xDFi\x95F<\xECc�\x8E�~���;nu\xFB
-O
-\xFC\xF8\xB09\xDD\xDA\xE5\xAB\xD9&\xF0\xFAh\xD4\xE8�;�\xB3�\xB3\xD3~\x9C\xC6\xC7)(^
-\x8C�\xAF\x86
-\xFC\xF8df,*\x9A`,\xEA6\xC7x%?:]\xA7\x88\x86��\xE4Ö±�_\x83�ew\xB3\xBFݳ\x81\x97F\xFDf\xCF\xE3Ö¯=�\xBE\xBF[_�\xF8��\xCE!\xE7\xE3\xBE|1\xFE�oQ\xBE\x9B\xF9\xF88\xF1\xC9\xFD�<}\xDD\xC7=\xE36¢�\x9F\x8Fq\xE5�\xA8\xBC\xCD25?�|\x9F\xBB\xE7�9\xE6\xEEi>\xA6il[�\xAC\xFDÇG\xB3�ÑŸ\xAE\x8D\x8D+\xB6\xC2\xD8(Î46\xA4x,_:\xC2\xC99\xA3\xBA7\xF3\xD1Uz>G\x9F\xCE;\x9D\xF7\xA7\xDF�=}m\xA3�p\xFFk:
-\xE7\x95a\xE3�\x9D6\xED\xD0\xF3\x9F3\xFE}\xF9eÓŠ\xA6\x9E�\xEA:\xA4mÆ´\x8F\x9D\xAA\xFD\xA2Ô§-!\xF2ÐŽ%.ZÅ•l\xA0KDì±\x97\xAD\x86QG\xE5s�|Æ»\xF1\x9C.\xED�i,�\x95
-`
-\\x8Epj\x88�O$�\F\xCD\xDAx4\xB6Ì™\xA9�e6 at sD\x9F/\xA3E\xF1�<:L�\xF9\xB6?.\x96-qÞ�\xD4��\xBC\x82Ø£��qRcß>\xB2d\xA3n\x80b\xCDt0\xC5X\xAC^\xA1\xF0.��\xCC\xEBI\xF6�|7 \xC2Þ¬�\xEA\xDDm\xD7 i�\xFF\xA71\x949\xE48\x9A\x94\x80\xBDE?\xDFb\x80B\xBC\xB3T\xD5�S\xBC�\xBD\xF8\xA7\x98\xDBVV\xF6\xFDZ�#\x9A-�?\xCBt\xA5\xF1\xB1\x81Ûµad\x88\xFBf\x8Cx\xFA\xAD]\xBD\xF63\xCCÙ²\x93��\xF5f$4;�5\x8F\xF0\xB4\xE6�f@\xC0\x8CD\xF32o+.:�]ar\xAE<�nq6\xA8Q\xECG\xA3�\xCDl@�cj\xD6\xE8\xA4�\xAB\xD5�="\xD3Ç _\xB3\x81dI\xB2��\x8BqZ|\xF3\xD1x-y\xE5c`\xE5\xD6\xC0\xF5!4e]\xD0r
-~\x98\xB1\x8E^\xEE`\xBB7 ƙ;N="\x96\xA4\xD56<b \xC6k\xA9\xDD�\x91a] \xCDXT\x9F\xC0\xA3\xBD\xD6 at 7n\xC6��^\xB3�\x8F\xE3\xD18U!A\x8C\x9ATo
-\x9CfFW�#\xC2\xC5\xC0\xB5\xAD\xE4}�\x8C\xC5XQ\xAF\xF3\xD6@\xBD&\xF9�Ǖv\xB3\xB8V\x80\xF7›Y\xB9M�-\xFF\xF0\xE1\xD1|\[\xFA\O\xC6\xE8Vu\xB5\xB0\xDB\xCD�\xB2>\x8D\x92\x86g\xC9u\x97Q\xD3\xDF#�\xCD�Œ \x95�G\xAA\xCFF>.\x8C\xCF
- �~�\xAF\xDD3[R\xD7eԴ\xFE�n[��\xF5X=\xBCmƢ��\x8E0\xF4u\xD1uh^\xEB�-\xDB�?͈މQ\x93:\xCE(\xF2ݸ<\xA3wJ\x90u\xEF3�\xBB\xC6F�\xBA\xC4$s7\xBFiL\xE8QxLR\xFF^\xF2\xFFl\xD8\xE6b�(3�\xCD3\xF2h\xAB�\xAF7g\xD4�F:\xDF\xD0@\xB2\xA0`\x84k\x97j&\xA53Xj\xC6e\x81\xC63 z\x9A=\x82z\xEF\xAD^{7�1\1�\xA3>\x88\xE2E\xB1C\xA6H�\xA8\xAC\xC7C�\xBA\xB1,\xCE0\xB4\ۻ\xBE\xDA\xF3q\xC3x\xED,\x80/E�\xBE\xDA\xD2!\x94nLQI\xD8�„Z\x87\x81a"\xCF\xD5m�nf�_\xB6q�ÿ}x4#\xE2~7"6/\xC6u�\xD8?\x8E\x81kI�\xFB\xFCfd\xAB\x928Q\xF5\xAD\x9CD 1\x9B\xC0\xC0A�\xB8_�z\xC1\xBDU\xA7"\x889=\xD2�^�o\x8F\xE0d\x88�\xED\xDE�8\xE6Atk�i\xC9\xC7#8�\xE3]\xE3�\xB6\xF8\xA2U6\xA0�\xF1\xE3\xCDLd\xE1]\xE3\xAD�a\xF6\xA9|�\xC1(\xB9\xDFJ\x8DoO
-�׆1\xE5\xFAh<H1\xB2D\x98
-\xC9\xED\xDA\xD3\xE8\xADf\x83r\x9FW#\x93\xFBxh\x80\xD7ޖ3͒\xBB\xF3z\xCE�\x8E\xB5\xB3 at i\xE2 �\x9C\x8B$�ԯ�\xEEׂY\xF4�\xE6m\xE4\x8B �ɚ\xAC.u\xD0�\xEE�56\xB6Ǖ\xFEؗ\xC2\xF8rg|؆\xB9\xB1�[vlVN�\x93+\xAD\x925yg\x8F\xDB8\xD9h\xA7�\xF0ڦ\xBE\xC5ۃ��\x97\x86\xC7\xF1\xDAV\xD2t'$\xAC\xEC\xE6\xD9bt=n\xEEr\xA7\xC7_\xDF|\xA0Y\xF6�g\xE2p\x8C\xE0YщJ}\xC0\\x97�
-$\xA7H\x95\x8Cn^\xD80\xAEF\xB0�\xD8@\x98Ý\xA3\xF1\xA4G\xB8\xBF\xE6\xC674\xB0\xF4\xD0\xFA\xE0�\x9As\xF8\xAE#\xE9UH\xEE×’_áº\xF1\x87\x87k��\xF7\xF4ZY\xC2C\xC4�vn\x87\x83Ì›\x85\x99\x94Л\x91d�we\xDD\xF8\x86�$\xDD\xF3\xC1\xEB�g\xFA\xE6\xFA\xD3E\xBF\x9D\x85\xC2|�eN\xA3�eγ\x83\xEB؈yY\x9D\xBCÛ±\xE7\xF5\xBF�!\xF8\xF83t\xE7\xC7�~!<\x95\x9B\x85\xB4\xE5\xDB��F\xF6
-Æ·\xA7\x9B\xF8A/\x8C Y\xEB]\xFC\x90u2\xAF\x8Fs\xDA\xEDZ�\x83\x8E};S�\xF3Z\xB2\xCCL.\xEA\xDE\xC0^\xC6? \xAA\xCBͨ'`\xF6 \xCC\xCF\xC7\xDA\xD3�7J+n\xFF\xEA\xCAW->\xDC\xFC\xEDé¤K%ﮩ\x8A�\xCE\xF4\xF7?7B\xCEc\xD7ß�ܘEQ\xE0$\xE4\xF0\xF6\xBC6(9�\xF7\xED6m\xA5��Ba\xC9�Ua$R0j[O׆\xD1[\xBD\xFC\x87\xA9X\xD1{=�\xA2\xCF\xF3\xCD>=\x80"\xBA�+Q\xE83\xCCw\xE3\xD1\xEAi\x9C#ϧ�\x80\xC1\xDCov3\x8El+�\x8Co��\xAFM\xA6\xF6u\xC2=���\xB7:\xA9FG��\xB2t��[\xFA\xE1\xE9Z�\xA6\xA2]\xA0`\x9Fn\xD8\xD2
-Mwp\xEA�\x82\xAF×¼�\xC2-�\xEE:^v�\x84]_\xAF\xA5rG'�\xAF;\xE2\x99�\xCD\xD1\xF8 Í\xD7F\xA37#\xEF\xFF\xD0 \xA0\xB9\xFB\xB54�\xDB\xEA\xB4�Ï—�bw\x84�_Y\xF8:\xEEI\xEB\xC1ÞŠ\xA7<o�\x8F8ÊŠ\x8E\xC7\xF3x\x88\xD9\xC7�#ÄŸN\xA8\xEFހϕ\xE8j\xACJG\xA7b\xB1F\xA7\xB8! -:\xFE\xDCw\xB7\xF8\x9A\xB1�\x9E\xE1\xD3X\xD4ϧ\xF7\xE5\x8B�\xBD\x8DFF\xC29\xF00�\xCF \xB9O\x93\xF3\x9D\xC8\xEC\xBA\xE5\xC0=\x8E܃N��\xE5f,\xFD\xE9\xCFc8�\xBC\x81\xF8T�\x9D!\xAE�\x9D\xE1\xEBm\xE4���Y]\xEAz\xF8\xF3Ó¨�\xB5\xB7�\xFF\x8Ak�zX<\xE8\x8DJ�\xEF\xEA\xB86^\xF6\xD1j�\xAA[�\xA7\x99\xE9\x917\xA3\x92?�Ö™\x93��7;\x98&qe
-m\x91\xB3݃\xAA\xF2\x8E�\xFB
-\x8D�\xCB\xEA\xC9̉\xA1q�\x86\xE2%\xDE\xF2\x92\xF9\xBD\x8E�ꘂ�\x8B\xE94*\xE3\xE9q\xBAF�\xF9q\xFF\xA0l\xC5[9\xE5\xC9\xFC\xA9N!1߆\xCF,~\x9F\xD6\xCC\xF7\xBBo\xAD\xA7�\xDDitÕºÓ¨n\xE5\x83gt\xE8\x80Å„?\xB4\xEBá\xA6\x9AÃ\xE7z\x88�\x84wrÈ!
“Å·b~?GlN�Y\xFB\xAE\xB0\xE6\xA3\xFB\xD4m\xF3)G\xE3\xC37\xB8_�F\xB3\xA71\xD0�\x8E\x81S\x8D\x8F\xA6C\xB5\xCF�\x91\xBBH\xA1\x8F+*�\xDEF \x95\xD8\xEE�\x8AW\xFDv_\xF2\x8E/�Ó˜Jlx�/\xA1g�\xEB\xEBQ\xF3"\xBCc\xD4\xE1\xA0/�\xFF\xFA(��>35\xFD\xEF�E\x9E\x94\xB0\xEC�\xA2iׇ/�\xE1\x8BB\xE9qܽ\xD5D\x8F�\xEFQ\xCE,\xCE\xEA�F;\xD6\xDF\xE5ÂŽkC�\xCC�\xEFS�\xCC��\xD7�'\xE4>�Ë™Q\xD8Å\x85C�6\xF0�×!d\xB2Q\xF1\xD6\xEB�\x9F\xAD\x86\xB0\x98\xE3�.X\xC3�d\xD4\xD1u\xF1Ú£Õ\xC4
-\xB8\xDBep؃v���|\xE8�\xF6
-$\xE9\xA6+�hV\xE8\x8A�Dv\xE8��r\xE7\xC6;\xFCyH �\xFEz\xC8� |K\xB5\xE2C\x8B\\xCC�\xB2\xE3.\xAB\xF5\x8E\x91H\xAF\xEB&=7p\xF4\x80׺jѽ�W8\xBAw��\b\xD4\xC28\xA7LT\xC0ҮIE�A\x9B�JS\x9F��\xFF\xD0\xE5
-�\xDF_\x8C=BgM\xED\xF3f\xC4\xCB�\x8C�\xB7\xBA\xA3\xF0b�\xCD\xC6\xF1\xF1�7\xA3\x81\xE87a\xAF@{\xCF\xDE:\xA0x(]\x9D\xC3\xF0�̾\x9B\xA1��8\xE3\xF9�n\xC6c q�\xC70\x8CY\xE0\xC2Q\xC7<<J\xDA�\x93\x8B\x82\xD9\xE7\x85\xC7$ \xBEx\x93\xE3?f\xFC9\x8B\xCE��8�Ç\x8E�\xDDÇŒ?\x94 \x8F\x9B\xB9n\xD5y\xAB\xDB,f<\xEFv\xEDi\xF4V\xC3x\xEB\x81/p\xE7#\xF8\xB2yo \x8B\xE6Y\xA7\xFCn\x86\x92\xF7\xDDxt+ZU#�c\xAC\xBB\xF7�Ø\x9B1\x9E\xCB\xCB
-\xDEß—_{\xBE/�
-4�W\xEF\xD6.\xCA=\x9E+�\x85�\xFB \x8C|\x840\xFB\xC2}�}\x89\x8FM�\xDB\xC1\xDBÎ�\xA2b\xD7\xDF}\x93!\x84\xFB\xB0!�Ľ\xEDh\x8E\xAB\x9E["!\xDCCB\xDA\xCC f\xA3"\xEAi�e\xD0 [\xA94F\xF8� j(\x8D\x85\xBB�\x95c\x825p\x94\x9E\xBD[\xA9Wz3^\xE3\xC9\xF4TnV\xEA\x9DƑ\xF3n\x84[Iヷy\xE8\x9F݌\xEE\x9CF\xF5\xFA�\xA0\xC4C�\xED0z\xC5\xEA\xC3-\xBA�K�,\xEF~-\xBC\xE8\xA3b\xF5ͨt�6�f\x96\xBC>nv3\xB2[0\xBE}x4\xB3\xFAП6zQ\xF7{��\x8A\xCC\xCBn\xF1a���\x90\xE2Q3\xFBpCC\x90\xF78u\xA0\xEA\xDC�H\xE1u\xE7N�5~�\xE2`ݷ\xC7S�\xAA"~\xBA\x9D\x9A\xC2�>�8\x8B��'\x91\xA8\x8Cu��\xDF:|\xF6S\xD0\xF8\xF0\xEF\x8FCO\x9CY�\xA7?��\xC9A\x96\xE3 s\x9C\xDA\xE2J?\xB3\x9DG�5�c��v\x9EX\x9C\xA7w�x�\x85\xE1Mr~SE^�\xF1\x9BH\xCE�\xA5\xE5\x9A\xECI\x94\xE5w\xC9]lצW\xAE\xB9*
-\xF5-gj\xCD7a;id\xA7\\xEFF|(�\x9Bo�\x8F\xE4f16\xE8`\x89\xB1W\x8Bj4ɖIh@\xA94\xFAN.\xB3\xA5z]\xE7\x93\xEB\x9B\xD8\xF7k�u"\xFCZ3V�\x99\xE4\xCA\xE9b\x81-\xDB\xF1\xEB2'\xD1\xCA\xFCh6\xAB\x8B1\xF2f\xA2\xF2e\xEB\xD9\xC8�ט\xF6\x90\xD7e֓\xAE\x9A{\xB7�p�\xB3ƀ\xC4XeL\xFF\xF0tm\xC5P\xBF�\xAF}\xE2٘:a\x9Eˬ\x81\xDD0\xDF�\xE04�S\xBD�\xA3\xF5\xD6\xDF\xC1\xFDZ�\xA7\xC9H<�\xA73\xBD\x8Ev\xC5\xC15Q\xF0\xA3�\xC2\xFC(\xE3\xE1}\xC1\xC8G\xA0yضvo\xA0\xBB<\xCCu\xABn�\xCD\xEC}{\xE8?\xCC\xF7>u\xA3\xC5=^\xD9R\x8D\xE12\x9A\xD1M\x9A�\xAF\xB1\xF1Vt \xB9f\xEF/\xECl\xDA.\xD76
-p`\xFA"�\xE4fnR}njM1\x9A�\xA3:�a|\xC3x\xD7]٘-��\xB4\x89\xDCc\xA1\xB0\xB4j\x91\xFB\xB6,\xFC\xA8Ĕ\xC2\xFA!ws\x86\x87p�\xB5L\x9D\xB22&\xE8\xAB7\xA3v\x90
-hhW\xCD%\xAE\xB5L\xED\x87�L*]Y,.\xACu\\x8B\x8Eݦ\xF7i<\xAFÜ®\xE9�f\xA9郘F<\x97\xD4\xE9\x817�\xAD\xF2Å°�\xE8\xD8eV\xED�1^\x9B\x96\xF2\xAA\xE5\xCD\xEA\xC9\xE92\xF6ksQ^\xB8\xBFnk\xE0Ú´vm\xF7k/cQ\xBA\xB5\xB2\x96\x8Aa\xB8×\xAE\xF9~\xDB\xC7G\xB8N�\x99�HJ\xC2>FQ\xF4I\x82U\xA8 v\xF6\xBF\x9AP\xF4\xFDY\xB1Ì›\xB1�\xE3\].\x9Ash\x9B\xF8 \xBA\xE8I��\x84\xF6\x8E�.\xD7�.J|\xED\xCB8+\xBD\xD7Ûµj6\xE3\xD4H\x8BL�e�ܯ\xEC�\xE7\xF4\xF8\ÇŒ\x8D\x9BÝŒ|\xD8\xCB\xF5�#F�\xAF\x85\xF9~\xB3\x9B\x91\xEF\xE0\x9A<\xEEL�\xEF`x\xF0\xFD\x98Ir\xFAm\x8FF\xACDl ̾\x94I\xF1�#\xC4aÙ»\xDF
-W\xB2�v\xECX\xF6\xE2%\xCAA\xBB?�U\xBC\x80/�3\xF4\�\xE3\xC5�\xAD\xC60D��\xA6\xE2\xF9�\xF1ip\xB3\xC7�\xDC�\x81/\xFCxܳ\x81\xE9t\x89\x9Bٷ\x890�\xBB\xD7i\xACN\xEE\xB8\xF5\xC1�\x88\xAFp40 >\xE8W~\xA5\xB3\xA0\x98\xE9m\xF7:\x8D\xDA\xC0���-\xAE\xFD��\xB8\xEA8<6�\x86\xEC\xB9/\x9FF\xDD\xD8\xD9�vm[\xB2\xE9}\x80�
-\xC4\xF0\xB89�\xF1Ê�\xE2\xA3_\xAB�j\x8B�3�Ư�\xEE\xEB\xCC;\xD7N\xD0|nWNWA9V\xA5Ûµ\�\xB7\x9D�\xCD(\xBE\xEEc�ת\x9A4]\xE7t\x8F|\xF5\xBC\xDC(�\xEC\x8C6\x8BP\x87\xF2\xE3_\x87\xC3\xD5ŧ\xCC3\xAE4\xDB\xD2|\xA9\xFB__\xAE\x99&l\x9DW\x9E6\xA8k\xDFl\xAE�Ò³QDÕš\x8CHv\xD9\xF2��\xFD9\xAF;\xEF=\xE0k\xC6_�\xED5\xF5\xDBs_\xB6\xA1j�\xBC\xCE\xFE\xFA\xDA)\xC6\xE3'\xEA\xD7V\xB1\xF9*\xF91/#\xE4on�\xBE_n\xCA,�#\xE72N�\x9F<\xFDO\xA9S\xA8\x8A\xE7\xF7\xB1Û»mB\x8F\xD7\xD2�\xB3R GUc\xBC\xBB\x8F73'\xEB\xCD�\xCE\xEE\xEDf\x9C�\xCF�3c\xE9\xE5i\xA2�\xE6\xE3q\xA3\x81mzJf\xD4D\x92�\xBB\x8F\xBD\x8D!݇ј\xDE7V/O\xFC\xFCdv-\xA4\xD6\xD8[1N\x93�\x8A�\xA3+\x9E\xE0\x9B\xB9\xAD\x87ǽ\x96A-6\xF3\xAE\xF1:\xA9-o\xE0�}\xFD\xE9fa<�\x88��\x9F\xFC\xEC\xEDqm¶q�\xBA\xB8\xF2\xF6�.�\xA3\xF6\xA7\xF1\x9D\x9B͘L�=\x99\xEC]S\xD8\xFC FW+\xCC�\xBA\xED7cÇ¡;\x96%�\xD9 �\x96\xE3,\xE7\xCB\xDDÙª\xEF\x86\xF7�b\\x8B#\xE6\xE7\xBB�r\x9E<}G>\x8DOGW9�\xFF\xFD\x87\xFF\xE2\xDF\xFF\xE5_\xFD\xF6w\xF3/_\xF7/\xBF\xFE\xD5?\xFE\xF6��\xFF\xEB\xCB\xF4�\xFF\xED\xF5?\xF1\xFB\xEB\xE4\xBF\xD7_\xD7먎\xC9<M\xC7\xE2[\xFCP2\xF6Óª2|fk<4��P#7\xFF:t=\xF1�f\xC7\xF6?\x8C�R\xE5 x좚UEV\xA2\x8E\x82\x9C\xB5\xBA�[0HD~\xB8|A}\xB9����tȦ;\x8C\xDBN�lb\x9Bg�?\x98q[&\xC9\xDD8\x8D\x9A\x9B\xB7\xD5>\x8D&vI\x98\xE9�@\��h\x9B\xBC��\xF3t=1�\xE9�\xCAJ\xD7&\xF4\xC4ÎF�$\x9F\xCF�\xF6\xF1\xC3\xF3Õ’(\xE3�\x8F \xFB\xE2\xC0\xBE\xF6\x87\xAC�kE!\x90J\xA3\xD1\xFE\x8B\xB4\x95\xFAÑ‘\\xB8\x9BlP\xA0\xA4]-\x94\xAA\xEDN\x83:\x9F:\xC1�\x94\xA0�\xFB\x98��t\xD3\,\x82��\x9Eq\x93b\x95:�\xAD$\xB95Q�ä´©�\xE6\x90�\x93M\xBB\xEC2�Ä®\x9A\xC4s�'\xD2P\xA0\x81MX�Q\x9DL\xA88q\x9D\x9E\x93\xCF[?xUb�\xBC\x92MT!w�Ûv\xAF�\xC0\xED�\xADF�\xD6\xF5�4`\xCC\xC9�\xD7\xE5\xAE!\xB3\xE0\xFA�\xE5^\xD4�\x83\xB3\xF0\xC7'\xA95\xF1rJ\xBF3\xF9��\x8A7o\x!
E2aa\xF9�?\xAC\x86\x85p#\xFAy�G\xAD\x8F/\xE92\xAE\xC5+-\x93К\x90\xC0\xCA\xC4�X\xE0\_F\xF8\x93j\xEC\xF3ɨ\xEDF�}&��\xAD[�\xD7-\xA9�.\xC62\xE9R]o�\xA3V\xB7L4\xD1�J\xE5\xE8\xF0\xC2\xFB\x90P`Z�\x88PG|\xB1M\xB0 \x89\x93Ò\xA4t\x96�g\x82\xAB\x99\x8B\xCDl\xD9~R\xC1V\xA5\xE2\x83lbZA7\xDB�\x87�\xB8ec[�Ɖ\xA0L\xD7\xFCG41\xF6*G�\xCAg\xB4\xAB!$'ƺa\HRz\xB5㲉\xF8!\xEE7�\xFD�\x9E\xD4Ĉ\x95]8q-Z\xD8R&\x9A.�\xB2Í„ P�\x8Cy\x98\xE7:\xF2q�M={�\xC3�\xD0,*\x99\xF6\xE2\xC65\xD3,\xB5\xEC2z\xA4:\x8C\xDDj�\xB2\x89b\x81k\xFD\x81:y\xA3\xD2-�X�\x84�\xB9R鳊�\xB4\x98~Ò¶%�I\x81Y\xD0Ú„\x971�\xAE\xCE\xCBh\xF3\xC3aX\x814\xD2<Z(\xBD�\xC0 {t�C\xFF\xD5x\xF5x\xC1�a\xDC,ᬣ\x89\xEB\xEAR\x80\xA4M\xC0�Z�Ƕ\xB9\xCB�F\x8A<ܨ0^\xAB\xF78{1u�\xD0&\xECH,\x95t\xF2\xF2�\x82yp\xF5\xB2t6\xD1c`\xC9\xD5�Cű\xFF1\x8C̯Ƅ\xDC� &\x95\xB6h\xF49&\xF1$[\xC2ž\xCC󼌣ef\xFB\xD5\xCC�f\xCFh6[IH61M.T\xAF\xAE\xBCz,�m��\xB2Ý'N3\xD6�a�L\xBE\xA3\x84\xF8Þ˜\x96\x82�c\x87\xADj\x95)\xB5\x99 \xB2\xB50-1\xC7~ \xF0"\xC6^\xBCY\xCF
-l\x85\xBD�\xE7!ZP\x8E\xBD\xFD\x80\xF4\xD7�\xABB1\xD1D\xEB\xED.
-\xF7\x82\x8A&\x9BP\xFDN\xFB� \x96<\xC6�\xBC�؋\xF4"'\xBE\x9E\xD9\xCF&\x8AE�\xB4m\{mo\x9B�\xDB\xCCP|HȌ�z\x9E|C�*^\xC6k\xD2i�\xD7*\xBD�\x8D\x97\x97��RI�؜\x84\xFD�\x94:�\x8E)ew;REK^洛\xA2�\xEF%\xA1\xBELW}Hme�/�a_\xA6̾H\xAF\xB5&$\xD06\x90\xA1\xCB\xE4Pa@\x94
-Uj\x8F%\xCB\xE16!sL\xA5L\xA3\x89\x9E�\xA5l�8�b\xD3�\xEAш,c\xB6\xF02'\xF9E\xF6\xF2\x8BLgkâ¼\xE8\x97�\xD4�\xD9\xD6\xD1D*�\xE9n|\xF5W'\xBA\xA7\xB5-\xA7\x9D\xA8'`\xC6Z\xCEÇ°\xCD8 \xF7\xDD{|MB\xDC�\xA5\xF7\xAC��\xCFv\xF9�\xFB\xE8õ\xCAA\x91\x9C0\x97\xB0�Ì£\x96&H\xB1y\xCAP\x8F&\xFEh>;\x92\xEE~\xF0\xAB_dÊ¿Ì©Ê¿\xE7
-_f\xEB\xBF\xCC\xEB\xA1�`M\xBC\xA3�\xF0R[\xE0I\x87\x80M\xBCP-x\xA9o\xF0B�\xC1\x9AxG9\xE1\xA5\xC6ƒ�Û7\xF1R\xBD\xE1\x8F\xEA<x\xBD�k\xE2}\xF1\x88g\x85 �\xEB\xFD�_*V\xBCֶx\xD0\xC1\x88&�t3>\xBF\xF8\xE1\xA5\xCA\xC6\xFB\xDA�__4\xF1B\xBD\xE3\x8F뇰\x89g\xB5\x91\x97\xBA$\xCF�&h\xE2O)\x9E\xBC\x92F\xB1\x84+6\xF0Rq\xE5\xA56˓\x8E�\x9BxG\xF5\xE5\x85>̃\x92��x\xA99\xF3R\x9B\xE6A\xC7&�x\xA9z\xF3B�\xE7IK\x87M4�\x99�\xEC6Q<H7{5ү�c\xD1R\x96"\xD!
Cs�U%\x89 �\xE5"Ch\xF4��-\x97dz\xD2�\x8A&^*�\xA1\xF2\xCBeD\xA5�Q at 2yyU@\x9A-^fg\xE1G\xB9�n\xD1M\xEC\xA9\xEE\xF9l\x840�\x9B\xD8iSH \x90\x87�\xAB=v0t\xC4\xD8�t\xED��:\x9A\xE8~\xB5�\xA10\xF3Da*�\xAAiqh]Lj\xC6W\x9Af\xA5\xEEVmÖ½M\x91V6�\x8A^\xCE^�.3\xB5}\xC9�\xA3�k�\xA3�p\xA2\x89\x96)�\xE89=\xC3r\xC5\xCCȲ\xF4\x97\xD1\xEA\xB4\xCA׶�"\xDE\xC4�\xC81\x9B�YQ"\xAB\xCE�;\xABË�\xDAn\xC7\xD4�,\xC0*va�>~h\xE7�~5[\xD9\xFE\x80ו0\xAE\xE3\xD0%O\xAE\xE0\x8Dʦu�\xA1\xAF�^\xE2+-6\xEFD\xA9\xE7�f��P\x8C.YfG \x9D9\xE9\x98�\xBAÚ\xA7�\x96�w�#\x98�b�\x9C\xBFy\x8D\x98\xD8⌻^�\xF8\xC0\x92\xB15\xD2\xC0\xACd\xDE\xE2\xB5\xE5\x9669U\xF3\xD1BY\xCB/\x9E\xBC\xF8\xF2\xE6\xA9\xE2\x87\xFA\x8D\xCF\xCA|\xD1DFRl\xBA \x92\xD7\xECF�;V\xD4\xC8^EN\xE7s\xB4A]\xAFZ
-u\xF4V\xEA\xF3\xA9\xDD�q=6\xB1\xC4Ç‚>�\x99\xA2"Ý–�\x86\xEC*.Li\xE8\x8A
-ٱ\x8E&\xF2\xE6 '�'ґVs^\xF4\xF1\xA6k\x95k\xEE\x94-P\x81@\xA9=簻\xED\xB8\xF6\x87\xF3\xDA\xC3\xFE\xF9\xB0\x97�m\x94\xF1l\xAB\xAF\xFB\xB0\xFB\xE2\xE2\xD9x\xB1\xA2,w\xE5\xB5��\xA1l\xE2\x8F*\x8A\xBE\xD4�u\xA1 at 6A\xE9\xCE\xCEQ%\xB8P\xC1\xB5\x9E�,��\x95W\xE6\xF3c\xCCN\xAD>r?\xD4H�\xC2\xCB+\xF0v\x8D\xD1̛}=\xDE$\x95UG\xF5&F\xE1\xABL=\xD4\xDC7\xF5GU\xDD\xFF\xE8E\xA2\xD8?yHr͊\xEAt\xAC
-\x90�\xF5fU�\x90-l;\xBE\xE3�\xF8+b\xDC\xEBٸ\x93�\xB5��\x9B\xC8{a/;*S\xB6\x9C\xB8\x8FA�O�\xB9\x83�\xB5\x92\x9B\x87N\xC8�ˆ\xA2D\xF7N,\xED,S�G\xDA\xE7:�l\xE0\x9D\xAA /\xEB+<\xD4b`�/+7\xBCS\xE3\xE1\xA1�D4\xF1\xA2z\xC4\xCB:�O5)\xD8ğ\xA8`q\x96\xBA\xB8�\xC5`�/+h\xBC\xAC\xB5\xF1T\x97\x83M\xBCS\xC5\xE3e\xBD\x8F\xA7\xDA l\xE2e%\x91\x975G\x9E\xEA\x93X�/\xAB\x99\xBCS\xF7\xE4\xA9F\x8A5\xF1\xB2\xA2\xCA;\xB5W\x9E괰\x89\x97U]^\xD6y\xA8��M\x80\xAF"\x95e\x90U#\x95\xD1\xD4�3c\xF2Jܺب1P�9\xBC�\xAEE\xA7\xE0bs�\xC48X\x82y\xD9\xE7U\xE3�k�M\xD8k\xB6\xFA8\x8D\xF7+-O�\xBDh\xCES\xD1�6\xF1\xA2\xC4ϋb@/
-�Y�\xEF\x94�zY\x90\xE8\xA9x�\x9Bx\xA7\xD4\xD1Ë¢H��\x94Ø„$�{\xB5\xA5\x8C\xEAmr0\xAB O\xEA\xF7B�\xA9F`V\xA9\xB8l\x82>Å\xF0\xA9q4G�Q_k:\xAB\xF4�=\xCA�kN\xB0\xF7\xB0\x81l�\xB2\x9D�\xACal168�\x82\xEEo\xCB~\xD1&\xF2r\xCE\xD2f\x94\xE2Z\xA4L at M\xC0e;V\x89QÂœ\x95\xF1\xB9\xE6k\xF7\xAE�\x8Do\x88\xEFh\xB6\x9D�\x81\x8CI\xDC\xCF\xF6 1\x8E\xC1h\xBD\xAE\x8Fo\xDE\xC4*�QBP.\xC5\xD8�#\xEB/\x8D\x8A8E/\xF8C2\x86\xE7\xFD\x867#o�c\xF4\xE2\xFA�\xF3h\xFB\xD1\xE8\xBD�\x85\xAC\xBE\x8E+\xD9D\xFCp\xDC\xF04Ρ!\x9B\xBBq\xA4Ò&\x86\x9E\x84\x94\xE6`\xFCU1^\xBB�\xAE�\xD7\xF6\xB8\xF2\xFAv#�E\xF9a\xCF:\x8E�>?\xFD\xB0��\xDEU |�3ʲ\xA2\x83Ç•\xD3\xF2Èž\xBA'L\xC1Í‹/o��ghU�/\xEE�
-\x92�j5\\xBA1\xFA+\xA3k\xAC\x86@̶D\xFC]$\xF6f\x9C\xD9jk(\x9A(B(PZ\x93\xC4F,i^\x8C\xA5�\xE0ݬ�W$u\x86d^]\xF7\xD9\xC4\xE02',ߤ\xCCW1*\xCAm4\xE1���\xCD\xE9\xE6J\xCB$�\xB3_\x88\xCAV7U\x8C-\x99\xEAز >\xA6\x93\x85\xA5\xAF \x8B\xA4'6q}Ô‡\x82\x80\x97\xF1:�RQÍ \xEA\xEB\x8F�:.X\xCB\xC6\xF1�Í¢\xF8&s6\xFB\xC2Õ«f,\x9E,\xB6X\x84Z~\xC0\xA5\xD1 ��\xFAC\xAF\xBCÖ¢�j\x9CaL\x8BF?\xE9\xCB�\xB9nh\x80�P\xDCE\xA0\xE3\x8Dmd`y\x93\xE5d\xE80\x96\xADp\x8F\xF8\xA0\xD5\xF0$\xDB<\xCD �\xE3X��g\xB6Ó¸�\xEB\x9E�\xF6*~F\x93�\x88\xE6&\x8Bߘ\xD1\S\xBB:Û›(F\x9E0\xE38\x86Õµ�l\xE2\xA8\xE0\xF2lY\xEDrF�\xB9\xE1e^\xB3w\x95\xE7\xCD^~H\x93�/\�56z H\xEFRcYx�:Ï£\x89\x96& a\xD0M\xB4�Z\xDATqß…v%<\xD5`\xCC\xC7�'�\xD2���\xF95b\xD4u\xC6\xC0`\x93)�\xA3\xE4@\x99Q�\xD8G�׎\xCA�\xCA\xC4\xDB4\xFE\x89\xAA\x8C��\xC3\xDE;\x9D,\x90\xA5\xE2\x83\xF0�%N}\xF6�\xF2\x9E\xEB\xF8�\xC6kP=�\xADX�\x8DoG��~ 2\xFE\xF5c\xBB\Ù°\xF0\xA3>u\xAF\xA7�\xD9\xD7xGsS8\xAC\xF3\x85R�\xCEejlTlh_\x{DF4F}7t\xDD�n2R\xE6\xC48QQ\xBA\xC7\8\x8D\xBD\x97y<F\xC21 b\xE2x\xF3iBB\xAA�<~�qt\x88^\xB0m\xFC`ƾ\xD28\x8C?\xF8\xD5<��/0+\xC6<yl\xB1@\xA1�\xDB\xEE4\x86\xE7\xA3�'t\xA4XÊ®�QT\xA1�\xC7�\xC6Zp\xD2:}�\xE9\xF2\x9C\xD4|Ú><\xE0\xE50\xA04\xE9ͨG\xAB\xF8x\xFC!�1��d� K\xA0\xBB\xD8�O��z?_\xC5\xD5D\xF6\xD7\xDC+�6�\x9F/p0M3?\x9AX\x84\xA1\x94b\xFA9~��\xAD\xBA\xC5c\xAD\xED\xE5W7\xF5a;W\xA2\x86Ù—,\xCD�\xC6\xCAC\xAE/�\xD7\xE8,�\x87}\xAD\xCF�M 8�<D\x96�\x9D\xF9�{\xFC\xE4\x8B!
\xCEu+\x80�\x8A\xC4\xC1\x98iD9c\xE1w\xA5\x8D\xCA8G\x94G\x97\xADL�\xC0G\xD1\xD5B\xE94\xE60n\xD6�P\x97*\x9A(\x9B"U\xB5U_<m\x91\x93\xABQ\x95Y\xBC+\xBF\x99��80\x84\xD5Vж\xE2\xFC0VV\xEEI\xA6 %\xC6\xCBwV$\xE1\x9A\xFF{\xC4Ú’\x84n1\xED�\x9F\xD7INM4\xE6B#\x96�AE�\x87\xA2W\xBD\xBDb\xCE`\xF6\xB5�q\xDCV\xE0xÒ˜�\x95\xA1jD\xFF\xC41\xDFe\xE3\x86\xD54|\xC48\x93\xA1\xE4ÃѼ\xE0}\xA91\x9Cj\xA1\xD9�C�\xCC\xD1Tce'r\xD7�\xB4��%\xBFP\x9BÑš�\xB6\x80 �\x85c'\xFC\xA0D-&HD\xED\xEC
-*";5\xFC\x93^\xBE\x9F\x9DFT%\xCA\xEA\xFD\xCA \xC5$�T\xA0\xA9��\x8Dc\xAD\xA2KV�\xC6Z�\xE6O\x83nR\x9Cqڮ(\xE1\xC7\xD1*\xB4���\x8A1�}\xB8\xFF\xB0Ƌ\xAB\xF7�c\xA0\xB7\xF6C{Մ\x81ob\x9Ca\nl\xF19$�Ϫh S\x8A\xB1\xAD
-\xA3R \xCDH\xB52\xE12\xB4\xE3]\xE6\xC5ji|\x97�\x88H�mؚ ,+�\xABA>*Z�Z\xD2\xF8Е�c3�B*P}\xF1\xABU\xF6\xC6~0\xD525\xE6ͫ\xADD\x8B�5\xA4\xA4FE\xF8x\xC3a\xD2\xCCzC\xA3+\x88m\xE6\x8Ez|*Pj\xC6eB/\xA2\x8Ah\xE9ela �C\x80\x9E\x86�S\x87hU\xB3:j,�W\xEA\xC17FqJ m���㵀l3\xA2^\xF2ek%\xB7\xB0}\xF5� \xA6p\xBB6l&\x91u\xB7�N\xE11\xBF\xE2Z\x81f'\xA4\xA0\x90\xED\xACK\x84mV�Ί�\xA5\xAE\xBA\x8E�̈9\xF7\x9Eq�\x98\xFF՛\x88�\x90\x9F}\xF6�\xE9\xDD\xF7+!��+c\xAA�\x9AN\xE0\x84\xEB\xCAX�\x92\xC6\xD5\xFF\xC2�jҳs\x98\xB2\xFC\xB1\xB8ZEN\xFE\x80&\xEC\xFD\xA8q\xB81\xAB\xC7+\xC6y�\xBC�7WQ 6\xB5�5"\x9F\xBD\xDBj\x8E\x9B\x99\xC7;;\x8B\xE6z/\x92ݰ[d\x95M\xE8\xD2(\xC6\xE4�\xA2R�j\xD4\xC0\xD7\xF1 xB\xE4\xD5~\xF1C\xA6w\x93M\xDBZ\xF3\xF5�O�2L5\xFAÄ\xFF\xE3=\x8F�\xD5 \xD4\xC1܊\xCF(2,F\xF4Y\xCF\xF7�F\xE1j��\xA6w]�\x84\xE5\x84%v\xD3K�ޒQ\x98\xCF!�\x85\x82\xA3�\xFC X�/\x86$G\xA8om\xCD\xC6P\x9F\x89\xEA[\xF1�y\xEE\xBB,\x97�\x8B xe2`\xF5\x81\x9B\xCEЙ-.p\x8E\xB8B�\xAF\xE1\xDBn\x9A\xAAG$\xF2P\xCBG2\x94\x95i|�\xB4\xD9гGc\xB2d\x94Ә\xA8�\xFD\xF8*�9Sǔ� \x89c\xEAP[#\x9A\xC0D�ٱM�\xAF�\xAB\xD1s\x8EłW\x86GВ \xAA,b\xDFg\xBB\xAE\xDB!Wj\xC6i\y,D\xB3BN\xC3]�\xD62W1
-\xA3\x9B\x881'u\xB0Æ´\x9D?�\xD3\xDDM\xBDlÆŽE<F\x8C\x90g\xD4+\x87N�\xE1N\xD62nM\xE8>&?X\x96\xBA�k\x87\xD1�dZdÃŒs\xDFz\xD1
-ڞvN\x93\xFC0\x8BO\xA9\xAD\xD0c*u\xCF\xC3x\xB4\x90M\xB3f\x9CO}\xB9W�r\x81�̱\xAACG&v\xA6a\xCA�\xA1O#\xC6\xCB݃\xEA\x8D\xD2_n\xDB.\xF5q\x9E\xF6c\xE1�\x97\xCCݻV\x8D\xB0
-Ó·L\xEE\xF3\xBA�\xAA\xF1 ]\x8A\xB3\xA0\xEFÖ®n\xD8�O9:U-3\xE3\xE5\xC3\xE0\xCA\xDC\xD28\x9A0N\xA8v\xAF\xC0\xABT\xCAI3cM\x9D\x9E\xC9�\xF66\xB3��\xA2 �\xB2\xF9�nh!\xDD\xF7\x8C\xD3\xC4�\xD8D\xFC\xA0\xD81\xFC\xA3I\xFD9\xA8ÚWB\xDB(zQ!\xF6\xE2JHbD\xEC>\xB4\xEA\xC4K[Е\x81\x91\xBD�\xBFo\xAF\xE7\xAB\xF3f�\xF4y\xC4H\xBD\xBC#L/?\\xDF�\x92w\xAA2�c\xD5�\xAEK9\x8BJ7�\xBEb�\x81$z�wS~\xC8ͯV\xC4X\x8D8\x8E\xA9Q'\x99(MY\xF1�o\xC2XG\xF2\xC3\xC0\xE8t\xFFV\x8C\x9C\xA77c\xA4d\xE9�&H#?�\xA7\xFEs\xB8\xE49\xE3�\xD07w�\xF3K\xB5\xBC\xB2\x95D\xD99\x93)%\xC9�2\xAA\xD9v\x96c-�\xFCʨ\x93W\xBBL�\xD8\xD8jLTIÓ›E�\xD9vw\xC9�Ih"\xC9Alˆϗx\xA8\xA7\xD6�[\x90 \xC5B� \xE3\x8BÑ„�T\xB0�\xA7\x9B\xE4\x82`\xE3�\xD6\xCB\xC5\xCA\xC8vÉ¿\xCF\xFE\x83.\xFF\xA1�hF\xAB0s(�nA\x9AS\x82\xBE\x9F\xA2]\x8C\xEE\x9C?���\xA3\x9D"\xC4hIdj4\xFA\x9D\xDC\xEC\xD8\xFB\xA4\xB8\x8C2\x9C\xB5m \xA8\x89Lo1*�ËŒ\xA8S.]\xEB\xDD\xFD\xEF\xB4È¡�9=K��#�k\xA2\xF2Wm �\xE2\xBD
-\x9E.�w\xB6\xD24f\xAC\x8A\xF7Y�\x8B\xD8Ê \xF4\x9FE놅F\xD4rpo\xE4�P�z\xB3P\x9A�Qf\xB0_\x87B[e\xD3@\xE6\x90\xD8V\xBE\xB5`y)\xFE\xC3'
-\xD6mcuÝ\xA3\xDB+\x87\x91\xCFÐ\xB3\xF3xu\x83
-e%\xE9\xE0~\xA5�Ù‹f~\xA9\xFE0p\xF2�|~\xE86{6Ñ\xEB"\xC6\xEB\xA4t6�\xBA\x98dp\xCB\xF6\xFD\xD9Ñ@\xA8\xF8\xC3'
-^�,8\x8D�\xB9-nd\xDB�\xD9T~\xD3\xCF\xFE�\xFFBt\x8F\xF0\xE8Ù˜[q\xB5�Ó¼=:\xDF^B\xAA\xB4~-T\x8C��\xDBX\x8A\xBDy\x95p��\xBB\xD0cD\x8E-\xA4,\x83\xAB\xCD\xCA�\xB8EÖI&\xA1\xFCZ\xD5y\xBE\xCF\xF6#\xF0Hn^FÍyߨ\x99K\xCFM\x84^d\xB0��\xBDH\x81\x84\xAB\xEE#\xBC2\x98�\xA05\x84f\xA4�E(�K\x9C1\xF2\x83nA!\xC8 gX\xEE\xCE)\xF0�\x8C\x8DC\x84pW\x92F)\x99��\x91\xF8\x814\xA7 \x88�\x92\xAEA<\xB9\xEF\xB4BS\xD1\xF0Mì´Ÿ\xBD\xEDh\x862\xB4\x82��FM\xDD\xC1��fȲ�i\xBC\xC1\xA29\x94��B6\xBAf\xF8���g\x80\x80\xCC&2\xA41\xFC\x87G#%voF(�>7AM\xC3 �I\x82�\xC8Y\xCA-\xCEp\xB64*\xC2&\xE4E\xCErs�\x85\xC0T\x8C\xA6&
-\x84i\x92n�\xDEpH\xFDi�kqY\x964#\x92\xB3\xBCN\xEF\xA1 �\xB5w\xC5a?(\xE6QW\xF8\x90Å‹\xC2ć�`Ծ剆M8CT�\x82Htu\xEE\xF0e\xECH\xEC\xB8�g\xC9\xC1�\xED\xE4\xA4\xC9),\xEAÆ«\x93\xADF\xB2\xD4)Ö \xB2\xCFGR\xC6\xF3�\x9F\xFD�T3�)\xBE1\xA9vn\x82 z�"\xFD\xCCI\xE2\xD7�\xF6\x91N\xF68\xAAv\xC8\xEBh\x89M\xC0\xA1\xB9\x9Ap-<�\xC7�\xF9\xDD\xD5\xCF�4\xDFØ®\x9D.\x81\x8D�\xCB\xC1j\xBA\xC6\xDE\xE5l\xD1xpc\x84C�Q\xE6i\xFAr\x9F\x94\xB3o\x99\xB62\x848Ûƒ\xC8�\x95\xB3\xC1&$K{\xF0\xEA\x8D\xFA\xCB�X\xD0\xF0\x95�\x91\xFB,FC\xF6eh\xA6�\x9C\xE6$\xE7B\xB4\xED\x82\xF8\xC9$o\xCD\xD86\xB3�Zs\xA3\xE9Qy�FÛ»~@Î\xE0^\xAB\xE2~\xB5\x84\xECw\xE7�\xAA\xC4Q@\xC5\xD7W\x86\xC46SN\x97\xF2\xEF+\xA7\x99\xD5P�\xCD\xC7M\xE1P\x8D\xDD\xE2U\xC8�\xE650sÔŒ-W\x9C\x80�\x9D�c\xDAJ\xE3�Å‚\xE5\xD1D\xCE\xFEC\xF7L�\x90~\xC5\xC8\xCC%OI�\x92�\xB1\xCE^h\xB6y\xFC\x80�\xF6�UリP\xB375\xC1u\x8C\xB2\x85\x85dr]\xC9z\xA72\xA8$4\x9BQsS>1\xAB�\x8B\xA1\xA6\x9CE��\xD6�\xA0+\x9A\xB1\xAC\x89\xD3�\xA9_\xD3 \xC6\xC35\xCA\xD8�Ñ€ë‡Z{(�\xADF/\x95\xB7�)ƪÞ4bi{\xF1jÍ\x81Ñ°C\xBD\xE1bBÔž�W�8\xAE\xFE`\xFE\x96\xFCЦ_\xBD\xF9tÇ»@\x88B\xF6\x96�\<�4GC�$\xC0OÑ–*\x85{�\x92\xF5\xA6Q�mÏŠ3\xBBV\xD5J
-[�J3\xCCITSZ\xA0&\xEBt=\xD2d^O\xB4p\xEDIl\xBAdO�3\x8FJv\xD4\xD5\xD9\xEE\xB5CP�x\x9Fo"�\x9E=k\xF2:d\xD9N\x93bD\xD5�\xCD.\xE3�\xBA\x9EÉš�DAmz\xF9\xD5\xD95\xE0\xBDf\xD94\xCD�\xF3�\xC6\xD9Bj~q\x8A�i|k\x85�[b\\xF0 J?\x9F"Y\xECbĶ2\x87\xE4d|9�G\xA71\xE8/\xFA\x83E\xA9\xE5�\x96\xA1\x9C\x90uz46ow̳�\xD7\xCDOP\xE1\x912m*Y\xA0GxN\x99�\x8A\x92�\xE1Ë‘\xA99l\xDD\xC0�P�� \xAF\x98qf7n�kÊ·&\xFC�\x94�Uc\xF1�B\xC3\xD9kÑ¿\xEAE\xCD\xC7�\xCFÆ£ o7\xFC\xF4?ru{\xD5\xEE{\xEFb\xB2� \xA2\xEAf\xAC at .V\xF2\xBA{�\xF8q\xF8\xE9"H\xDB)\x88=\xFC~\xCD\xF0\xBE�*.3<}q\xAA\xDA>\x9EC\xB3P\xEC�\x90R\xA5ƃ\xB1�\xC4�\x86\xEA\x81�\xBB#�y\xE7\xA3 ÍW7\x9BB0�oÈ…\xBE\xF7^\xCC"\x85\xF8\xF5\x83\xA7.?�z\xEA\xBD�\xCAj\x9Bb\x92�\xA3�c\xC6 w\x99W\xC9�\x84\x96]q\xDC�)y\xA5�\x83\x81U\x8F\xA23\xA16 \x8A\xDB\xCB�\xD1q�e\xCCH\xE1\xF7\xE1b
-\x87H\xBC�*\xB0&B\xD1\xFE&\xA8O=\xFC�I\xC0!\xBD?\xBDyEQ\xF9\x81\xE2)Gm\x868 �\x95�\xEA}\xD1<\xC0 \xFCnę\xFAnԕ4\x9AHi\xD6\xE3\x87O\xA8.Kp\xE00r\xCCߛ�\xE2Ad\xFC\x80\x99.\xB5\x93\xD3\xE6\xA9|W�Y\xB5\xA1\xD80`�Q\xB7\xA1\xF8*=&S\xA2\xEEF\x96G\xC8F'`��\xD9JM\xB4S\x9C;\xF3VD�n\xB8L�!���\x88
-D\x9C�\xA3\xB5\x9F7�rH\xE9G\x9F?\xA9X\xC82r\xFD�0X
-B\xCE~q}C\xCF\xEB\xFC\xD02\xAA\xED\xA4ǚ�lB\x88\xCD \x83h ų��Z6x
->\x93Bc\x95\xE3\xFB\xC8Ì’�\xCA \x84\x87\xB3\xAC�\xF3\xF0C}\xA6-\xEDvÌ\xAF\xDEB��1�\xF63\xA3ÈX\x8FŸ�\x9C�\xD1Y\xFB\xA1�\x89l暪\xB1\xBA\xB1M7:f�\xA1U\xFD\xA1�\xB4\xBDKhß\x85\xA9\x9E\x90r\xAE\xF8\xDC �:\xC3\xFB\x97\xD9i\xAE\xA2,�X\xA8\xC5�8*\xAA\xA2\x88J\xDD\xCA0\xA2\xAA
-\x9BP�\xF3\xB6Z�F\xF1\xF8:l&�F�\x83
-4d0x\x9D�3"\xB7\xF3\x80�d\xD0�\x94\xF2p\xFC�@i\xF0\xA4\xCF\xE3\xA7X\x8C�\xD3?\x99\xE0\xA1!\xB5�\xC7\xFF\xFB�å⌦\xDEU\xC6\xC5\xE6\xAE̬\xC9@\x89\xCEl6!ծ̛\x96��/\xF6\xCA?\xF4V/\xA3\xA6'\x841ZX\xC6/�N\xEDP\xE3j�\x87�\xBDr\xA2 \xCD:=\x9A\xC8��\xB1.T�\xF6\xBD\xB9<\xEDÚŽ�\x98\x909?��y%�\xA8\xF2\x83 \xE9A\xCFE*M\xC7Nl\x94\xFA8\x8Cg\x94\xEBn\xAFF\xB5Q\xA1\xCAU`\xF4i\x9E\x8DP\xA4\xC6~\xA8o\xC9�8\xF2v\xD7��UL\x8B\xB6k�\x99\xE9F\xE5>\x8BQ\xA3$l�lz�H\xB2Q\x86\xC48\xDBDÈ
-B\xA2\xDFi+\xD0=\xE0\xA7�̈Qzx\xF0nD\xA6\xC3\xDD؂\x8Br\xFE 飙W�#�\xF0\xF2I5\xAF,a\xE7\xA8[\xA0M\xB8t\xD6YgA\x84�[y\xA8\xDE \x92\xA9\x80\xC1\xB6E\xE5\xD0�\x95\xFA2\xBC\xC3�\xDA*t�\xFE�k��ס\xDCY40j\xC2�\xDC*\xC4\xD8i\xE4./Fc\xA7\x89+��N\xFBA\xDD
-�\xD1�\xF5\xAE,&F\xD7R\�\xAEB\xA0�\x91\xA5\xAE?l\͕[\x8CVShF\x9DC1\x8E�n\xC7\xE9\xAF\xCA�{\x83\xB1\xB1]\x9E\xB8\xB1\xAE�E\x85ڲ��\x8Fl\x94\xE3\xC5�U�\xE2��\xA1EE\xCC�\xF0$\xF5%\x9A\x88�\xAE\xE1\xFF|5K\xAA�Fpmbdb��Ww�\x89n��b F
-=6a\x82qg\xBD7\x91\xAD\xB5uEp�d\xB3\xC7|&\xEF(fi�t�\xE5�d]Q\xDD\7~\xF1%�g,\xA7D\xDDmÉ°*�\xA0\x9D�\xF5��e\x99\x9B\x9De�oF\xDDuzq5\xCFתm\xCB"\x85\xD47\xEC�ycj<d�\xBB\x90\x8E\xF5\xFC\xB7�\x98\x8Emey\xBA\xCEi�=\xDE�K\xE1\xF9\x83\xCA�ܶ+)\x90hQ\x96\xF3\xCAr�\x81\xB4\xCFȪ.\xF1\x92\x8B'\xBF\x96Е\x93\xB0�y\x84G\x8A\x91~'\xF3Ò„�\x98|\xB4hb\x89�A\xBE=\x96Ba�\xCA ã«Y\xACNG\x81K\x9Dzf�\xE4/\x96�\xD6\xDDä°Ÿ�9\x8A�\xC5\xD8Ô™�\xE35Ô©H=\xEF�Q\xA3 \x95\xDFXg\xA5Ô›\x91\x95R�#\xDA\xFD\xFA\xAFm\x82\xB5foF�\xDF|n\xC2+Û¶i\xDC\xE8\xE5\xB5w1\xEA\xDB at 9�\xD7˸_\xBDm\x8CÝ®|H3nr�\xEE \xBF\xB3\x80\xA1�
-5�\xAD�>\xB5\x84\x9A-A!���Mh\xF9OK�\xE6� W\xB3\xC69u\x9DDz�\x92/(!�M0\xB1"j\xCB�\xC6P�\xBA�Qp\xFE\xB1\x89�J\xA2\xB2;'$\xD7*\xE3\x8DF\xAB\xF4\xBDO \xA9y\xB0 at b\x81\xAC\x96!�kgbl*,aa\x88\xB7&\xC6Z%#61�\xC6\xD4tW �b\x9C�\x89\xB1>6;\xE4�4�\xE9�É‘\x9D�y�3^\xBEr3\xE3N\x99]\xABÙ²L\xEFzQ\xAD! \xE3\xCAUv5t�SwÍ–\xE3Ê»jYk�\xDFh�\x97\xA0I\x9F\x9F~�\xF1F\x9B�$\x91(\xB8\xC5\xEF\xC5bA�\xCFi\x8D\x86M\xD3³`\xA3a\xFE�4\xD8>\xA9\xFC)j\xA2�jm"\x94j\xB5^��\xDFBo\x95?Ü\xCB\xC2ÕŸT\xC3uA�kY\xDDR6q\xFE\xF0\xF2\xEA1Ó³qÝ›\x80>\xAC2�Xa�b\xB2is{�)Z\xAD=&\xB61N\x9DÜ…2$\xD70<\xD4zU\xED*��?\xA9 \xAE�\x90\x8E�\xC3Sv\xF8\xAE\xCAW\x856\xD8\xDB\xF1\x83�G\xA7&#h2\xAAG\x9C\xA98�*<\xD2\xF2\xA6\xAC�0\x96\xBA
-ж\xD4G�\x8FD��)\x9C\xE5\xE6d\xD5\xCDt4ъ\x84.\x82��\xAB\xC4 at 4\xBFJ\x88k!���R\xAC�Y
-�r\x8CY\xAAI\x8C\x96\x8E*FS�\xA8(×¢6]\xC3Ø‚\x88\x9C\xB8J'\xB4\xF0\xC4\xD8�SF\xE15?�TK�\xFFg\x9C\x90\xEF\xCA\xE8\xDF^\xFC\xE0:\xEA/�ן\xD4\xD9\xE3\xDC;�3i{\xC5q\xBFK\xBE'\x9B\xC0��c\xA2\x8C\xAC\xBA{\xC7\xE9\xBBP$\xDAÏœ\xDD��3\xA6Mt"\x8D\xCD�\xE9�D\xB4�A.v\x85Î^\xBDh\xC42\xFB\xFC.\xDE\xE2EIth뎦�o\xD7\xDA\xF5-bI\x8D\x8A
-yx�f�u{\xBA\xA9\x86\xA3\xDADҜ\xBA\xC0�ЂM\xEE\xFE\xF9ns\xB0~\xF1\x98,\xF7/�oz\xE8\xD4\xD9\xE3S3M�\xF2o\xEF\xFD\xF0\xAC\xDE\xF6\xAF\xF9�\x{1F925A})^\xFA-~(�Z�\xAE\xA1&gj\xCBv\xAC\xAE�'F\xE3\xA1(\xD3!\xC2B\xD2Dm\xF8!\xE1$)�"\xDA�իHo�\x9C\x8A؇8 \xD1�H\xADru\xF7*\xF3\xD5�6\xD0\xE5\x97\xCFq\xBCL\xD1ohԊ\x90\x98뷰+\x8C\xA3vT\x87�\xA3+@\xAC�\x80\x88�c\xA3\xBC۩!\xB2\xA0\x98\xA5\xC6�R\xC5c�\xA2{\x9A\x8C1s\xE5\xC1a\xA2{\x9A\x8F\xB1�춤l]�\xEC`\xB4\xC9\xF2\x8A�
-\xB1\xC98{\xF3�"y#E.\x9E62\x99\xBCaz\xE5v\xB7\xC9^0�\xE9\xB1k\xF7n+\x91Zo\xAB \xF0\xD1o8zrBBN\xAC\xF0\xA15\xC5]\x8DV\xDFO\x8D�(\x90A�ж\xFD0quÛ™\xB9$\xA6sa\xC6\xC6&@Z\xBE�\xDE�~X\xDD;\xC1\xB2\xE0\xC8\xE0}~\x8C\xE3��\xFE; \x83o\xF1C\xEE\xFCadg\xE1\xE7\x82ì…¾&\xF3�\xF6f\xB9‘\xFB-#nd\x82�\xDD�Mv\xB1g\x94<\xA8ÍŒ8\x90\xD7U�u\x9C90`\xECM?\xA0\xBC\xE8\xF3\x97\xDBGÃ`\xAD\xCD\xF8h׳�9\x82z\xB1�\x8D\xA5&F2f'�P\x8B\xF1È›\x97�d\xAB\x83\xB4\xDD\xFD\xF5&\xB0�:\x8B>i^\xD24��)\xC1G�\xB9\xDC!\xB0\xF3\x86\x9D\xD3\xF4Ń��>p�&�|\xF3�\x90$y\x94:�#\xE2\x9D\xDB\xE8z0\xB6Å¢\xE8\x87J\x9E\xB4mj\x84\x82LM\x88\xFDk\xC8�F?)\x8A\x8A�1\xACq\xC0\xD2*\xFF>pC\xF7Æ·\xA9\x91\xA3]�^��\x84O)�.\xF6\xC7?\xFB\xF3\x8F\xFF\xF0\xBF^\xFF\x94?\xFE\xCD�� 7\xE7e\xFBZ\xF2�\xB1\xF6\xC8\xF4-\xFE\xFB\xE5\xBC\xD6\xEDG\xAC\xF8\x88xyy\xBF\xB8\xF6\xEC\xC3�Ǿ\xF6�|\x8F�\xD6J��\xB9>B�\xE8\xBCzd\xA8\xCE\xFE���Ò£F\xE2\xF4\xD3&\xF2&\x89\xC08\xF4\xEFP \xC2Y@\xCE<k\xFF~{\xF5�Åœ\xC5\xD8`,\xAD\xFE \xB2\xC5\xF5\x83\xE5\xCC*_#{�c\xE0\xEA\x8A*�\x8Cx\x92\xC6�AD�_0\x82x\x90#\xBC\xFB\xF4 o��"#*\xAD#=>DN�!{\xF1\xE5I\x9A\xB6P�\xA8\xEB\xFA\xF8\x9D��E\xED 1\xE4V\xC7\xC7\xDB\xFD\xA4\x85\x9E\xD6Ç—\x9D8z\xF8\x8C[}\xF3�\x9AÅ€\xE4���1�5\\x8C\x96\xFFxD=h\xFC�M�x~\xBF\x9A \x94\x8CY\xBE\xC6θ\xCA<\xA1�\xDF\xE2\x87<\x902\xEFG\xE5\xD38{s\x94\xA3P`\xF5T^\xBD\xFD\xA0\q3*&`\xF9\xF9(\xD1\xFB��a�\xA14�\xF2B\xDF\xFC�hlk\x869�\xA1X\xAE\xB9Ö™\xE8^�\xE5\xDDZ*(\x8E%W\x83R"\xCD*\xD1M\x8B\x9Edo\xF7\xA1�G�\x83\xE7)\xDAv\xE27}\xF3�\xC0L�\xFD\xBA�:~\x99Ú¥(\xCB\xF3$\xA9\xF8�
-\xF4�aG2\x82n\xB7\xF3\x92\xBCO}8:\xA8\xB9W�GCÕ€\xFA\xF6\xE2�\xAD\xF!
De\xC6\xCBG\xC1\xB1\x93\xF1\x90\xF7\x85\xF2E\xE2\xB3\xF3\xEADU}\xD4�\x91\xD3\xF0Zl\xF6\xFD\xA2�{{ӃE��
-k�/\xD7\xF9\xFC�\xE7Wx\xD2\xE8\xFC\xE6?\x98b\x98阂\xF39\xC8\xDB\xDF\xC1\xB5\x{28CA9EB}CB\xD4_\xB9\xAC�}\xD3ب@\xFAB)\x94�֓4\xFD\xB7\xF8\xA1\xBB\x90=\xE0 \xC9\xFD\xCC\xE6o\xBB&Z�\xA6wcPB\xAE5
-?8�\xAF�\x96Pc\xA7\xE6\xFD�\x81|\xE9\xE2_\xBCSs*}\xFCË¿\xFD\xD5\xEF>\xFE\xD9_\xFDmN�\xBF\xFE\xFA\xDBo~\xFD\xFB_\xFD\xD3\xC7\xFF\xF8�\xFE\xF17\xBF\xFC\xF8\xED\xD7\xFF\xF4\xCB?\xFF\xF8_]W\xFD7\xD7\xAF\xFF\xFF�\xFF\xE5\xF5?zm\xFE\x9F\xFE\xF1w\xBF\xFB\xE5o\xF5\xEF~\xFF\xBB�\xFF\xE5W\xBF\xFC\xEF\xFDÛ¿\xFB\xCDo\xFF\xF1�\xBF\xFC\xEDq\xBD\xEF\xFF\xD2\xF6\xBF\xFF\xEF~\xF5O\xF7\x87o\xFFǯĿ\xFF\xF5/\xFF\xF9_~�ËŸ\xBD\xFD\xE3\xB7\xDF\xFC\xF3o\xE5\xD6\xFE!}\xFC\xAB\xEB\xBF\xFF\xF0\x9F>\xFC\xFEC\xFE\xF8W\xBF\xB9\xFE\xF9o\xAE\xFF\xFE\xBB�\x92\xA5\xBBăV\x89\xB01\xA4^\xF4\xE5��\xC0!\xE2mS\xD6#\xA95S\xC4\xF5V\xE5Y+8\x8D\xF8\x87\xBCZ\xC9Rn\xFA\xFA\xCF?\xFC\xE1\xFA\x97{\xFD\xC3\xFFu\x99\xFE\xD3\xC7\xF6\xF1\xFC\xF8\xBF\xFD\xEF\xE9\xE3?É\xFFg\x94\xA77lD�~U\x91\xFE\xF6`N\xCC�Ѓr\xC7a\xC05\xAB�\xCAX\xBA\xD1\xCAho2sh\xD6zb�,�3\xE3hB8\xF8\x85\x9B \xF3�†ni\xB3a�\xD6}\xF3f\xCB!8Y@\xA9\x8E{\x89\xD8$\xC4\xE4\xA3_4\xBE}\xB8=�\xCD\xDAn<\xF1\xD1D\xBC\x9A\xE3f\x87��{{\xFDv?K\x91p\xFB\xDA\xF6\x9F\xAC\xFF\xB1\xFA\xDF\xEA\xE2\xEFb\xE9q\xDF\xF0�q\x9E\x96艴\xAB�:e?\xCB�}xi\x86\Î()\x8F\xC5\xE3=\xF3Ùˆ\x9E0Sy2\x9F}\xFBQK\x9D\xEF0\xFD\xA4\xD4rpxx3{\xEC��,\x95[\x91M\xC7\xFAp\xF9)\x9D\x9A�J\xEC\xF9\xF1u#?\xFE\x89\xDAs/?9\x97Ú§!\xC2�\x92W�\xEA\xF5\xD0{�\xA6�*\x9E\x86\xF5\xE7\xA7�b�\xBC\x9A,\xCF�\xEB\xED\xF1yb\xC6�\xE8\xF68m_\xCE\xEF\xA7\xC1�\x8E\xE4\xC3\xE0\xFE\xFC\xF4\xC31�^M\x9A\xE7\xB7\xCD\xF5\xFA?Û¥\xFA\xDF\xFCV\xEE\xF7\xF6\xE3\xEF\xFF\xE3\xD5\xE8m\xB5\xFE�Y\xB0\xFF\xBFX\xAB\xAB\xC04�\xA2|r\xB0\xFA�sÓ]��\xDB9\x93&\xEB\xB6-�\xE40I��a\xEC|\xFDp�\xBB�Z5U\xAC�GND�\xB7W�\xED�w\xB6Yz\xAD�\xEB~\xA5\xF8<\xACDF\xFA\x9E\xAA\xE9\xAB\xE2^�\xBF\xF0\xC5\<\xBF\x92\xA0�Y\xEB\xA6\xFC0\xAB\xDCU\xA6\x96\xAA�n\xB7�r0\xCA\xFD%\xAB\xCF�\xBF\x8Fk\xB7\xBA�\x80\x9F\xA1M\xE4\xA6f\x88\x97\xFD1\x8D\x995sT:5[4\xC9E\xB6\xE5&\xA6b//\xBDX98Kal�\x95H\xC3\xD4\xFB\xAD�\xE!
A�vSd\xBC\xB7\xDA�\xB2 E\xB3U/4d*o\xD7}\xAF\x83�\x94�\xA9\xFC%iÆ\x8Fè� �6P\xE9;\xAE\xDD\xC7ͨ\xF2y�\xA1�h
-\xD0,\xC07
-\xF3\xA9j\xC34�cQ+ID\xFCf3\xED\xB1f\xB9\xC4\xFA�E\xC2O�rp* \xF5\xC9\xF4Ϫ�\x8D)<\xA2\x8A�#\xF8\x89z6\xB0\xA2\xA3*�ix\xDA:D[�\x85\xF9W\xF74\xE2"\xA99\xBE\xC2�\x94\x8E�A\xCA\xEB.\xBAM4\xC7J\x8Bp\xEC;4\x9C\x88\xFE\x95E=4�\xB5�\xB5
-qlޯ\xAD\xF2\x9D�\xD7\xE2\xF4`�>�
-ǞւZ\xC7\xD7;'\xE5^hT\xC6�RIU at r\xD3ҟ\xB4\xFFǵ\xC3\xC5آQ\xC9�\x82�b�\x85e>\xCA~\xEC\x80\xD0�\xA1\xDC��%ܛ=�^ \x8D\xF6 \xAAP�\xDA\xFD\xDA��G\xAB\x87\xF1\xECA\x98\x8F\xDEj�ʖ\xEF\xCFU\x842Z\xF6\xE3;(\x8D\xAC\x83\xB1\\xC1\xA0Ȓ\xB6\x91\xE06\xAD0ɡ\x80\xA7\xB4\xB3\x86\x89$7kL[�\xEBpk\xA5\xD6�t�\x9B\x90\xEA"�\xB9\x94F[ $\xCDJ�\x87\xE3\xDAkz�\x93\x82\xBAZ\xA5\xAC\xEDa܆\x98s)\x81Y\xD4r�\xF3г�\xB8T\xF2�\xA6QaN\x91\xEA�M\x8C\xE2��C�<�˄\xA7\xE8\x94g_/\xAFՑ\xA9<\xCD,v\xC5 �zGʹ\xBC\xED
-\xA5$\x82\xFF\xA9:\xC6>~a�\xBD<\xD3�t7\xA4�\x9E\xCF$\xA9\x89\xA5>�\xB3Qg�\x9E_N\xD8X3T\xE4{\x80:J^ìµwÏ”CN\xABy:s\xA4z\xBFv)\xF3\xBC\xDDZ=\x8Cg�Ns\xF7\xFC+\xAD\xB5a\xB2D\x8BÚ¦\x92�\xCCï²P"���\xFE�f��NÑ€l&\xE5\x87p\xD8\xDDx\xAC$\xA7yz\x90U\x93\x94\xED+BvT_\xAE�\xF87\x90)\xFCdiÕ™\x82\x92P\xC5�#b�;{\x86\x8B\x94=\x9A\xACu\xA49M~6�
-�s&P�\xD1R4\xEE\x8Ddʂ\xA7+i\xA9\x832\x82\xD5]�q\xBA\xF7��׊\xA2I�GJ\x95\xCC\xCDX\xD6\xC0\x95\x9Aui�\xFA`\xB2\xB8T�Bi\xD2EwBu\xD6RTI\x81�\xC2�\xFC\x8C0\xCBHd\xA1��`�\xF1$�\xE5\xCB\xF7�\xB5�F\xFA2H2=\xAE\x95\xB5\xC2V\xB8\xA3\xCD0\xDE\xEE\x98\x9Bq`n\xAD\xCA{\x8D2c\xE8�\x8D_q`\&`q^\xBBM9L\x8D,ϧ\xBAM\xF8\xFBQP
-]\g\xDBg�\xE2\xEFfL\x8BU\xA1\xBC\xCC٤L\x98\x9C�LZ\xF1\x93\xA5�\xB5\x81f\xB1#\xABhл*]n�\xA5%G6\xED\xC3ho\xA0�l9\xAFU9��\xC1"\xCEt�\x87\xD5Ӱ�hV�e�\xA8\xEC\x8E\xE04'T{�\xDC\xC8ox\x8D\x9C\xC7k�\xBE\x8B\xCA8wb\xFB%�� /
-�\xE2\xBB,J"�LY\xF9*\x89�\xEF\xE2�\xE4\x9E@\xBARn\xA8\xFE\xBD\xE4 \xE7N\xA5n\xD09\x851\xA7 \x90*fO\xA2\x89\xC8�T\xA8\xFD#\xA3H\xCC\xD2\xC1
-\xB6\x93\xAC\xFBVG=# [\xFCl&wJ΂f�k\xEDY\x94&{\xF6\xF1\xDF�1\xF8�\xC0 \xDB\xC4%'DS\xEC \x90]-\x86\xF8,^\xA5�\xB7\xE4�\x86\xB8\xF9\xEC\xB2WU`\xD7z0,PZ\x93Ny}7�/\xEC%\xF1�\xAB×\x9D\xD0
-\xA0F?؆�F߮U
-E��2,\x84\xD2�-[\x89\xD0\xF0~E\xF4\xD7�\x88b\x88\xA8<\xDE\xEB\x8BuAhܚ:\xAE�\x97\xDA�[ɬ\xEBx\xCF*}\xF1� �\x8A\x90\x96Ȥ\x94=cf身O\xA9\xBD��S\xAB!I�k\xE0\x95O7C/\xB6\x9E[�\\xF09�\xB3Y%\x93׆\x8C 9�5�To�\xC2K\x89\xFD\xD02\xEFm\xF1\\xA4\x95_afb\xB5\xEEp�e"YRC+\xE7\xB0>\x85J\xCA\xF2`u\x9D81\x87\xB8�[\xE58\xBC݊�2#aG9u&\xAB`\xE6\xDA3\xC6 K\xDEH\xA8\xC3Nk“\x8B:6\xF7�\xF0\xA6/F�
-�\xB2ÈO}|}3R\xD6$Y\xE9\x85�u:\xB2\x97wEN\xFA�쇦3,�I=\xA1�\xD4wM{
-\xE6j��\x88\xBC=\xDF\xEE�\xFA\xD1\xFDST\xDBT\xBF}0GjÏŒ\x97\xA9;\xE8\xE7�\xE6\x9FY\xD5#\x95\xC8Gq \x95\x9B\xABN\xD9Ôo\xBE\xE4\xD8v\xF6M\xB6�\xBC\xBC�\xFA\xA1�\xDCAWD\x9C\xE7o�H�\xC8 \xCD�'�L\x93\x85\xD3\xD4\xF6\xCC�\K\xF4\xE64\xFBÉœoY\xE4ÍŸ\x9B�\xA6׺�\xF0<\x83\q\xF9\xDF\xF4Fs\xA6繨'\xAC\x87~\x9E kS_L\xD3`�%AwM\xC8FH\xAB\xE3\xCF�\x8BÒˆ\x82\xA4*\xBBRa6\xE9\xF1\x89RL/��㤨R�\x9CD\xADR\xAB\xEF\xA5&\xD0\xCD\xC4\xFD\xC7F\xBE\xABh\xBEvx\xEF\xAA\xFD\xAB�\xA2\x8A~\xA5�A$k�\xEFKDØ\xD7+2
-\xC2H\xFE\xF2\xFAv\x9F�\xFBA]\x84\x87~�\xE7\xCB臖A\xDD\xF5\xB1�V�p\xDE\xFB\xA1\xDEf\xEA\x8F\xFD\xE0\xEDÐ\xB4\x81\xB3endstream
-endobj
-953 0 obj
-<<
-/Length 65536
->>
-stream
-\xA8�\xA5x\xF8�\xAF\xA3�\xCAq
-\xFD@Ç«T\x94\xA9<:%`�B{��\xE2�\x9BËš\xB4\VG\x9A�<\xC9�\xB7\xC3x\xD5\xD1]Q\xC6L\xC3`Ú \xA7\\xB3s\xF1\xC0.9k\xAC\xE9\xA8B�_>p�&\xD0\xEAP\xEAK\x8F:\xE6\x92o\xB0 \xBE\xBC\xBE�\xDF\xC7�\xC5S\xDD$\xE1\xB8\xF0}�;/��7\xE3*�,w\xA3p\x8E�\\x97a�Xk�\xC4�q\xFC\xAD\xE2\xBA\xCC^\xE8}\x83\x80YeeI�ȧ\x9F \xE6jÚ¿Z\xB4\xCAN\xB8R\x93\xC7\xE0�a\xBF\xA3\x9A\x8A\x88T\xA5�\x90$\x9B
-\xBA�\xBA\xAEu�"\xF6<c\xEB~Qq4P�\x82\x97\xEF\xC0&\x8F��swW\xD3\xE6\xBFaS�\x90(�\x92�k�\xD5e\xF8\xC3\xE5!L\x8CY\xAD\xEA4\xA84\xA9ӄ\xE1��\xB7\x94\xAC?\xBA\xECOw\x93\xB1\xF2�\xFF2\x90\xF1\xBCx\xFB\xF0r\xA9\xFF\xFC޶\xF0bM\xFF\xE1\xBD\xF5\xFF\xC5\xED~\x80\x9B\xF0\xE4�|{\xED=|~g\xEBv�~xסx\xBE\xD9�X]\x9Ef\xC8\xFB\xB3\xE9y*\xFC\xF0\xE1\xE5\xC4\xF9\xFC\xEE${\xBE�\xFA\xF1\xBC\xED}{\xBDI~~w\x87{\xDE
-xw\xE7|\xBE�\xFAñ¼‚¾\xBF\xDA>/\x95?|x\xB9\xB0~~w�~\xBE\xDDS?\xB8\xA3\xBC\xBF\xFB<o��\xFD\xE0F\xF3ÐcSz\xBE�F\xE9\xB3\xEB\xFCí•›\xFD\xF9]'\xF9ÉŸ\xFE\xE1]\xD7\xFB\xF9^\x9C*O\xE7\x85?r\xB6x:�\xD8
-�\x8F�\x9F\xDF?q<\xDD
-\xDDx^\x92l\x8C>-`\x9F\xDFY\xEB^,T?\xBC\xBB\xA8=\xDF\xED�\xDF �v\xD1o\xEF\xEE\xB8Ï»\xF3�\xAF\xF7\xF2\xCF\xEFn\xC4Ï·\xFB\xE1OD0\xFF\xE2\xF7N\x99x\x8A \xF1\x87\x9F��\xE2\x9F\xFF\xBC\xB8\x90�#\xBF#2\xC4 \xECwĆ\x94\xC3\xFA\xF3\xA3C\xF6\xE7\xDF��\xB2�\xBE+B\xC4>|G\x8CȘ\xBC\xDF�%rv\xF3Ï�\x91\xA6\xFD\xF3#E\xD6\xC2wÅŠ\xAC\x89\xEF\x8A�i�\xDF�/\xB2�\xBE'bd-|W\xCC\xE8\xA1�?'jd\xEF\xF2\xBB\xE2F�\xC3\xEA\xE7D\x8E8(\xBE#vdM|W\xF4\xC8f\xE9wÅ8\xD1v�\xC9^\xE6\xF7Ä\xAC�\xDF�E\xB2�\xBE+\x8E\xF4\xF0�~N$\x89,\x9D\xEF\x88%\x91l\xF9�\xD1$\xF2y\xBE#\x9E\xC4�\xF9\x8E\x88\x925\xF1]1%'&\xFD\xFC\xA8�\x9D\x81\xEF\x88+\x91\xBB\xFA�\x91%\xA7\xD6\xFE\xDCØ’\xF3[~t\xC9X\xC2\xDF�_\xF2LÉŸ�ar:\xD8Ï1Y�\xDF�e\xB27\xF1]q&k\xE2{"M\xEE;\xFF\xDCX�\xDF\xE5Ï6\xD9C|W\xBCI\x9Bx�qbb\xC0wÄœ"S\xED�\xFA\xFD�\xF6\x9F
-\xFEFR\xDF\xCFE\xBF\xAD�߃\xB3\x85\x9F\x8D\x80\xFB+z\x85R\xDA�߅S\xB2\xED\xEF@*\xAD\x89\xEF\xC2*\xB9\xB5�ZyK2\xB9ǫ\x82s\xFB\xF3#V\xDC-~̊}\xF8\xF9a;n1\xDF�\xB8\xFB\xFFC\xFA¿\xF9\xED/\xF9\xAB\x8F\xF5\x9B\xDF\xFC\xF8\xCB�#V\xA9\xB0\x8F8\xF0\xFF�f\xABh\xB0\x9B�\xA2\xA0R�H\x9C\xBC&\xCBKV\xB4�\xE9\x9C��\xE5\xF5ݹ޾ \xAE\x9B'\xE5FB\x87TE(�\xA5\xB4+6\xDC˨\xA2e\xA6\xE5 Uv\xC9ɟ�\xBA�\x9Ate
-H\xB1\x84�\xA0w[\xDD�16-4\xA5e\xE5\xE9\xDCUK�\x8B+\xBF�v�\xA0�5Ó‘\xAA?\xEC`\xAA\xA8Gi&\x93)2FV\xB5[\xEA\x8C[I8sQ\xF0�r�\x9D\xF5�\xA9NÜ»\xB1\x99\x84\xEF\xD7�ws\xF1\xBC�\xD5z\xB7\xBC\xB6�\xC9 at O_\x81\x91�E\xB6\xF5\xB4\x872�\x84\xF3\xAFu�Ú©\xA!
A\xD6f\xA0\��XV$\xA9\x890MA�\xCDEK\xF6S\xBB\xE4\xF5\xF2\xDA\xE5 æ‚…$\x8A\x88\xA3U-\xB62\xAC��j\x9EEx�\xED\x8Eh at P\xEC\xCAzyÙ´\xE5N\xE3:z�f\xD5IH,p�\xD12\xA9}\x80�\xE2Vk\xC7K\x97��fY\xB6!d'Õœ\xED�v7}`s\xC7\xC3\xE8\x8F \xE3�\xEFV\xF1�\xBC\xAF\xC4\xC7=\x8Cr�\xB8_\xF9�\xD1!<\xC2ym\xF7�\x9A\xF7`5[\x82\xC2\xC8q\xF3|\xADfÙ›q\x84\xB1\xF0\x83\xCB\xCC\xF0�L\x89\xBB\x9D\xBA\xAF\xECm\xF2nI\xD5�\xBC\xC4\xE3+\xACá»\xE2�D\xC7ÕŒ\xA2�\x80V�Z\xB0V5\x99\x8F B\xB0\xF8\xBA\xED\xBC�\xAE\x95\x82�Ô¨\xAD>b\xA6}/Ò¡\x92\x8F/>\xEE\x98\xEC\xED\xF0\xC1!\xAE=\xC7\xEC>\xBE\xC2<\x872\xC7\xC1\x9ClU\xAA\xD1\xF0%z_U\xAB\xB7\xC5W\xE0d*\xFE\xB8\xF1�E\xC0\x94\xC6á¶\xB3�\x9F"\xA2�\xC3O>\xDD8\xA3\x81\xA7Ù¨Ô£_,Y\xC3\xE5MI\xB9T\xF9\xC7z9]]3�\xAE\x91\xBB\x87X$\xBF\xA1X\xF0o�S4�\xAF\xA6�\xEC<\x9BL\x9BN ]\xD2>� o\xF2\xF4\x82�r1/\xAE\xBE%hx�5Lf\x9DU\xB5\x93a\x96�;\x9DM$M\xCB\xCFl.\x8FZs\xDE&\x9A\x80�d畬\x87�\x99� )Õ™\xF5Ö¤,:\xD6\xE2�\xA9B\xED\xAB.\xD5��&\x9A\xA3\x93�;\x87\xE0;\xB5\xE0(\xC3VE \xB5Ú±\xB9Y&\xA35P\xA8\x99\xB2\xB2K�hb\xF9F4E\xAB\xC4Ù€\xA4\xB0E\xB2S\xFAWÄ„P7\xF4�\x90Spq\x93\xAB\xBEF\xFF\xE4\x89�\xCF*\x82פ*Ë›a9\x9Ej\xF5om�\x80�\xF3\x91U\xBEăgn\xFE\xE5�\xE1#\x88K\x95X\x91 at _\xAD-l\x94V\xAF�a\xB3\x90
-ê‰h@\xE9\xBE4\xA3*\x9C\xBCx�킼\xB1\xCES/\xA45)�>\xA1g\xF4\x95\xB1\xAB\xD9%Ò&]\xA5X\x99\xED\2\xDC\xE9�?\x8DC�\xCF�\xAC\xB2\xB8$\xA9#(\xFD\xBC^\xB5d\xEC\xE49DbG\x82\xAD\xF2ͤ\\xC8e\x92�\x9Er
-\xF4\xE4YkM\x8ApB�\xEF\xC8Z\xAB\xCCR��\x9CE<�Bc|`S�\xBE#\xDD\xCBPy\xF2\xA0E=d�\xEA\x80M?X_\x9E\xED0�FÏ…Xr5UÚ\nT\xDA\xE4v\xAD`\x8D\xA2\xD6a\xADV\x88N$\xA8\xA4K�\xB4\xDE2\xD7l\xD3v454&\xE0j�-�\xB7A�\xBE1\x8DY\x85\xE5�×»n\x8D\xA9\xB3�]�I\xCF3\xA1g\x81\x9E 9
-\x91\xAA\x99\xD6-\xAA\x93\xDDÛ\xB6�߬-w�Y\xCE�\xCF{\xF9�\xEE\xDFV\xB2\xAF\x8E\xD4\xCF\xF8Q#\\xA2\x9D\xA7Ec\xE65\xCC\xFCs�p)'v\xC5�\xC8\xE33�f\xF5>\xA3\x98\x91\xA5X\xCA�j�\xD8�!\x95\xBCÑ£C�\xC8\xF9+X�\xAAx\xA6/\xDEu\x8D:\x84\x84\xF5X\x8E\xAF!� u-4�\x96\x97\xFF\xFDØ–\xAF>͇\xB3\xBF\xB7"���k\x9B>qj�q\xB8!\x95\x9D8Y\xDB4\xF1\xB0ej)X\xFB-Ü…\xA0\xBE\xEE�\xD5FM\xB1\xE2w\x9E\xDE�)//N-�\xC843e0\xD4m\xF3_E<�\x8E3\xCB\xF9\xD82�\xA4\xB8\x80y\x9E�U\x94*\x96 at y\xD9\xCC\xF1~\xFE�o\xFF\xAFe\x98NJ\xCDl\xA0\x8F\xB6�\x89_^\xA1ƵXľ\xB2\xB4\x82\xB8\xB6\xC5\xE2m\x92\xA6_m�ZAT\x96\x88\xDBj\x83\xF5\xA4P7YO\xEB��RQ\xC42\x89\xBC�\xEB*\xA86\xEBW�YZ\xA6H\xFDHXH\x9B\x97[+\xE1׋\xE7`\xB5�\xBA\x91+\xDE>\xF0K\xE8\xA2)*Ö†3\x89b-jn\x96\x88Ö‡\xAE\xBFkr\x99\xC3��fY\xB4\xB7 *j)\xA3\xB5x-\xB0Z�}\xA1C_\x9C\xAA}ma\xDDJNuÔ£\xC2dO�\xC6\\xC2\xC34\xF1!9(p\xB5\x93im\xBA<*\x95\xBF\xC8\xCAE\x99\x96\xBE,Pco at k-\x99\xF8\xBB\xE8\x93\xF8^4�\xCA?PExc\[\xED\x86nÒ„2i\xF0^p\xE5W\x90
-P\xFBZ\xE4\xF0�M\xD7R\x86u\xB0x\x90\xBD�\xF9\xB0\xB9\x9A\xF2r2�h\xA6�\x85h\xD5άW\x89\xBF_\xCBԓ
-\x83A\xE5�\xC1\xD7\xF1 \xB2E\xF6\xE9 �\xCA\xCC\xC4SI\xAF\xB1@\x88 \xC6\xDE\xFD0\x92*\xDC�\x9D|\xE2\xDF�Ù·\xD7R\x94+_\xEA\xC3�\xC0\xC1N\xB6\xDBE\xCCHs\x83\x8Dy\xB2$�\xB4\xEE]P\xE8P!i\x81\xA8\xA8\xD9<\x9DÇ‘\xCC{4\xC7{\x9A0\xB0\x85Û ~+~\xB3\x89\x89\xF5}�AVa�\x86\xED\xB3C\xCE�\xA6\xEE\xAB\xEE\xCBp\x94\xDA|"\xF1\x9B\x89\xD7w\x96\x9C\xEB\xDDv�\xCF�19c\xA9.�g\x87=�\x98=T�\x95SF\xB6\x90\xACWN3\xF3\xDC&�\xDD�\xE4�\xCD\xEA�\xE8;@lq\xD1S\x85\xB2\xA4\xF5\xDE \u`\xBB\x97h\xA9\x93\xEE\xAB\xCAý\xFC oN-7\xF2\x94\xDC^+\xDC~\x837_M\xA9M�\xC5\xCE\xE57Y\xF1MÙˆr\xE5L\xDEÛ£\xEB\x9E\xE2"�\x88&U&H^\xF0\xF1\xAB\xC9[\xE9\xB1s\xB0\xF6K\xB3:uZ$\xD1wx\x89\L���{W#V\xD3�̒ΊV�\xE5�\xBEbÝ\xE6\x8F\xD2��O4u
-\x84\x99�\xB6U
-l] $\xE6�\xDB\xCA\xE6\xD8\xD0/\xE3\xE19�\xD2�#\xDD\xF8\xE7\x97H@\xA3Sj\*!\xCA8\xA1\xEC �\xE1ws�q"@a��B\xE6|6u\x9FL\xEB\x8F~\x9D!\x80\xCB�{-\B�\\x8Ee\xC1\xEA�]\x86\xEE\xE9\xD8\xC3��\xBA\xBD\xFA\xE7\x91u\xC4T\x83\xEBYH�\J\xD9\y\xC0\x90!\x9C3D�\xBDx\x9A`\xDE���\x8F-G�\x9AEk\xE9\xC0\xB5\xBD\xFAC!
�*JN\xC8+ \xEDI\xFDR\x80s@\\xBF\x82G\xB6\xC0Y\xB9�Q\x8D\xB9(V\xC7]ul\xDBv.\x92\xB1>3\xCAiq|eE\xA6\x8C\x91D�T7^\xC5\xC0 \x82K\xA3v\x86\x95�w\xA9\xCB]\xE0k\xE3\xDDp\x81QLA�\xED:\xE8ʰ\xD5d\xAA\xA5枕Q\xDC�Np\xE6\xB6ÃR�'u<��;\xE1\xF65\x8A�\x8F2}\xE5Q\x98w\x99\xBA
-\\xD8Be�\x9EH?\x91o\x8Ay\x9B\x9B\xA7o\x849\xAA\xA5 e\xC5NC\x9C\xF8_^�\xE4\xCF>\xC2U\x8E\\xB1<\x8D8\x91G\xB7\x97}\xC9\xF8\xBCB\xEB1<Sk\xC4o�\xABt\xCF�?S[&\xA2:�\xB1OF\x95d\xED*F\xE0-\xA6\xCA~\xFA2*7\xB5xD\xB1\xBD�\xAEj\xE1�\xBA\xAD4\xA5\xE9\xFE2\xBE[\xACj\xBC�\xF8�\xBC\xE5�\x96\xAFr\x87\x8F$\xCC\xD5
-Z#W\xA5\xC5\xDA\xC3*\xC1\xEDn\xF5\x92\xBA\xC0�\x91\xB4�\xA5\xFB\xA5\xC4,�\x92\xAE\xB7\xE75C\x9B\x82\xB7\xCA\xFE\x9DÓ�-\x8F\xAA\xEF\x8Bb\xF2r�\xE9�\xCF\xC5Y.�\xBCb�\xF2�=\xCDOw\xE6
-\xD9a\xCA\xF7J�\xBFY|o\xDBj\xFCI\x91\x90a\xAA_���\xD1k:>VEH��\xF0\x9E\xD4sRj\x80*\x91\xCB\xF6}��\xF5\xB6�am\x8D\xA2S\xDF|Òµ\x97\x9A\x98\xE6%,\x8Ff>\x8F\xA3\xB7%3\xF1\xD95\xA0n\xDC+G\xE2\xA5\xCB\xF1jw\xB4\xC0\xAB\xEE7`\x9Fi!�[\xBA2\xB0\xA4\xA8\xDB"\xC6ʼn\xA7\x87�6\xD1Y\x95J~ȉD\xDA\xD4W\xE6 \xBE;\xBBÖŠG\x881\xCDS�\xF0\xF2\x86\xD9�\x84\xDAt('tm`\xAD\x92\xAA�\xD8\xF3$v\x90\xCE"\x9A\xC6\xD11\xD2\xDD\xE2\xCA6@\xB2�.\xD8\xFBb\xB1\xB1�\xF2;+\xD3\xF3�\xF6j\xBD\xB3N\xBC\�_\xAE\xA3/\xD6\'G�}\x8Ek\x85Nk\xD0+\xB0\xCAQ\xBA\x94cN O`4\xD0\xCAouQ�\xCA\xEE\xC8�\x89E;��l}\x90\xF9.x\xC2OZL\x84-\xA1 64(\xFE\xDEj\xDD\xE9�\xB3}\xBAF\xE90\xF9\xC1H\xAEiy�\xB3 \xDD{k\xB7�6\xF1\xE4�\xB8�g\xEA\xD8,q0\x94�P\xDA�\xB9\xD2A\x8Cj�OGE^Q%J�3\xB3\xE0�\xA08"g\xA2Í&\xAC\xAC\x8A\xA3;\x8E[b\xDCQ�g\xB9d\xA7,,<�,�v\xEB^$B\xE2\xB4V\xC8\xF9a\x86\xC8\xE1\xA2,\xFC0\xEB&\xFEÑ’�/#\xA4\xA7_\x9C/È\xFD\x8ES\xB6E\xE8\xBF\xE7\x9Cm\xA1\xE1\xEF:iÛ«\xF8\x9E\xB3\xB6\xD3nri\xF7ò�Ke;\xD1\\x8F\\xD3H̸O\xB6\xC95\xD1�e��r*&\xC1$U Q'FjR\xF6\x8C\xD3Sk9\xD6\xCD�}}=�\xA3,\xFDtBX\xEF&L\xFE\xE9\xF5\xB9\xCCÖ›W\xA7\xB8\x97\xE7\xBDWgC�r\xBBL\xEE+/\x85?$Hl\xCA\xFA6H�S�o5R\x99_\xAE4\xE1\xD7
-i\xFA\x98D�\xB2\xE7;t\xA8D\x8F\xB0y\x88\xD3Y`u\x92\xF9\x9C\xC8\xA1\xA7\xA0T\x92\xBD\xADN\xA8\xF9��\xBD\x92g-\xEF\xB9*\xF6\xC2_:6\xAF\\xA0W\xEE\x92
-ß—\xCE\!
xD5K7\xEC\x85\xCBfM\xBCp\xF0^\xBB\x82\xCF�\x84\xDF\xEC?wb\x82\xDE\xF6\xED\xD7?\xFD\xF2\xB7\xFF\xF2\xAB\xBE\x91�~(+�\xE2\xF9\x82�6\xC5�\xAF\x8FWŒ\xF8\x93\xA3\xC5\xC3/\xFE9j][\xE5q5X$dPW\xF4+8\xB7I�H\x97\xDB\xCF�8P\x8C\xFA\x98\xBDf\xBD�;�\x90}\xD7j??}\xB09\x8F\xE2\xABB\xECŠ��T\xAD�Y\xEB�\xF2�O\xA4\x90\xCC+\xBFH\xAE\xA8\x89*\xEDb\x93\x85\xE4'\x9C\xDCj\xAB4S�X\x96De\xFE\xC8�]\xDC\xD2/8\xA7\x96I&\xE3.^Ƕ\xF5\x8Ak\xB5.\xCBO\xB8v\xD8z\xAF\xAC\xCEʳ�v3\x8D\xED.�g
-�\xE0kP\xA5\�\xFE\xD2�`\xD3u\xE4'\xBA\xF1\x89,\xC4>m\x934\xA9\xC4a\xFB\xE3�bl\x88ą?\xB6\xBD�\x9C �\x92E\xF5�~\xB5\xD5fQb#ص\xE2�\xA3RB\xF2�\x9A\xBA\x8Ed�\xDDT+\x9AG�-T\x81\xADm\xF1�\xA1�yE\xF9R\x99H\xBE\x94\x80o\xB1�Z\x82ϓޣ\x96n\xB0\xED�\xF8\x8E|�\xDBi\xA4B\x85\x8Bވ\xA3\xB1:\xFDu\x80
-\xF2^\xBBi\xC2N\xC3\xF2\xBF \xAB\x9DV�W\xAE\x85\xAA\xF9\xF2�\x932ٯ\xA1\xFA�\xBE�6\xC1\xBD\xE3��ʶaT`\x8Db VT\xD5J�5.\x90\xA3\x99O[�_e\xBB*īf\x8Di\xDB\xCBm\xB9"\x9C\xD2J\xDAѮ\xA2\xC0C�\xE1\x8B \x9A29\xED\x8C4\x9C\x8D%\xAEe�\xF3G\xD3�~\xC2�[\xC57
-\xBB�\x9Cp\xC8zQ׬\xF8\xCBi g5\xE85�s\xB2\xCAwF�[�t\xDDj\x87�\xE0�潎
-I�\xE3\xFEB\xD6�bi\xC34\xE5?)x5p\xAF\xA1‹?a\xE0�®\xD6\xEA'B8ۚ?\xB9\xA0\xE0!\xFE\\xEDX\xB7Y\xA3]\xB8\xB1؀\xBA\xEDT?\xE1\xA4)\xE9O0�\xD0P at p2\xE4H
-\xCCZ\xBB�3]�!\xF3gd\xF6\x80D\x9A\xA0\xDB\xF8�b\xF9\xA9\xDAi\xB9QtZy\xFA \x84\x90\x9B\x9F\x80\xBA\xE9�\xA0�\xB2�{\xE9\xBEWS�\xB5&Q\xFB\xD6"\x87\xA8q X<"H\xC9�\xCB/�"k\xB2\xEB\xF2\xF2\?\xA2 \xF5\xE5
-OÉ Ùš\xC1\xC5Y]'Z�\x8A�=\xD3k\xD5cÈ™�-\xAA\xABy\xC8\xD9Jq_sJî�\xF3\xC7\xD9T?�\xF3\xEC9\xD1f\xA4\x98m.\xD82\xFB\xE4\xB8\xFD�XF\xF6��\xC90\xD4T�a\xD5\xE6\xD6>\xCCH\xA7\xAF(\x97\xA4n\x8E\xC5\xDDÔ“\xC6`JV�\xE2'\[\xB4*\xE50â’¤#\xA3�\x8E\xF0d*VF\xAB�1\xED\xAF\xF5\x93\xD8\xEB�\xE6�Z\xD83r\xB5�\xA8\xD0�\x8EÇd\xDAX\xA4C\x8D\xE4iHVNo�\xC8"|�ɳ\xBAΙ��\x92\xB4oJ�\xDB\xCAO\xD9\xCDF\xB5$\xA0\xED\xA3V�m7^WM(8\xA0AB�, \x8F\xCF^\xB7\xB1\xD95\x817e|F�\x8E\xC4l`\x8A\x9ER:\x92r\xABx \xFC4vN\x92�+}\xC5Úª\x966\xB0�\xC2Õœ\x94\xFC\x97�\x90\x{172EC5}�\xBE\xE0Z\xC5k쨅\x92 b\xC4*Ú¬\x8A\xFDO\xBC6�o\xA0\xE1t!\xEF\xCB*\xC5iм-3.h\x92\xABÞª\xCB(zÅŠ]PHWR\xA6T*[\xE1\xC2.!7\xEBU�\x96\xAD\xDBV\xF7' \xBE\x91c\xA9\xD3D\xB3B\xA0\xBF\x80\xA7|�5\xC0`\xF9'\xB2\x97[\xBBÞ\xD1\xC2\xF1H(\xAC\xD7KJ�\xD9':\xEC\xAC])\xD5\xEC}0Bs�,\xFD\xA1Äš\x86�\xDA �\xA8�97[\xB5\xED72�\x93xJ\xDAl�fpE\xD8ml\xD3=\xA8\xA0Ê«O\xA0+\xC2�t\xC1&\x88\xF8�\xFAFa\xEC
-�\x84z9\xE9\xDE]&\x9E ꓷ�\xA6\xB5\xEC��\xEB\xBD\xDC,\x8F[]L\xBCE�&52\x9A\x96\xBF\xDC\xECf$w�\xC1\x99̧\xAA\xC6o\xB2)\xB2,�S\xBD=M\x8A\xD1\xC5N\xCA X\xF9\x8D\x85S\xF4g\x98\xE1�J|\xD7\xCA'
-y\xBDO\xAB\xA9\x90m'\xF9 �\x80A#ډb\xAFLj\xCA%=\xF3\xC8k\xE0\xB3�\xAB1\xAB� S\xE3\xCA\xF0\xE1\xC0\xAEU\xA3Nt5ZM�177�\x96�\x92GH\x96�>\x99\xCBb\x89\xA5ƾ\xEF6_߰*ͱ\x90P\xA9\xB4\x87\xCFh\x96l F�tY��\x91;\x9D\xB0?`�\xE7\x83UC[\xCC\xD8׆ϫ\xF8�W[\x94|�\x80�\x8F\xAB\xE0\xCF�\xC9POh܌\xE0\x9Ej\xEA�\xF1 \x941W at ib��\xE4\xAE2S�%\xCFe\x93�\xEC:\x87e\xE8Z\xB3\x8D5\x84\xB3�9\xFEZ_в\xE9\x84\xE7d\xED
-Ö �.
-\xAA�2\xFCQ\x83Z\xAA�\xBB;\\xE0\xC0(%�\xCEö,�\xE5d\xED\xD4Y\x8B\xB2\xD1b\x9CA[\x80\xD3I\xB3\x9D/\x95]\xAF\x8D��N\xC8\xC6h(\x8D \x9A\xC5\xF9\xC1^\xF4cf+\x8E\xFEɲ\xDDlB\xD0H\xC7�t\xD1\xF3Z\x99I�I�\xFAj\xBE .8\xB2!E\xC5F\xEB'0K\xAC\xA8\xB0\x80�
-Y\xAB\xAD\xBCr5>
-�\xDF\xD5\xC3\xD7&rD\x9Dw؆\x9F\xC1j;\xADp\xDEQ\xC0\xB8Z\xF5rꨥ\x95a&d&\xA02\x86y5Ï™g%\x8C]Ee*]\�\x84$P+k\x88=C\xB2o\xBBra�X�\xAB\xF02\xFAÝš\xF0\xC5Ì•\xC5*�R\xB6I\x9B\xD4\xD2c\x93_\xAC\xD2{�ĺ�\xAA\x99?�dE\xF9\xE5%�\xF0g\xFFß\xFCË¿\xFB\x9D�\xC1?\xFE\xD9\xDF �\xF0\xD7?\xFE\xF2W\xFFt\x9D\xF5\xFF\xC3\xFF\xF2\x87\xDF �\xF8\xB3\xBF~\xF7\xA2\xBF\xFD\x9B\xE3\xF8\x9F$ "\x9B\x8D\xAEHr�KR\xDBQhxI\xCEQrP�H\xB0\x8B0\x84\x96\xBF4\xEE^56\x9F\x91Qk9\xF8�\xA8\x8Eff\x96\xBF�\x96\xB5\xFFIs\xAE\xB9\xE35\xE7&Þ\xA3�H\xF7f'Ћ9q'Í¥x\xA6M\xA1\xCD�\x9B\x92\xFA..\xA7\xF9�\x95\x83bW\xE6?\xCA�P\x9B\xEF\xEFV0D<�=\xC7\xD9\xF6>�\xA6\xD4m�\xA2\xFC\xD9�z�\xF1\xDC�\xB6\xFDbÙšf,\xA8\xE0\xA2*\xED�\xDE-\xB3\x82\xB9\xCE\xF5\xB0B]F�\xBB�=\xA8\xD9*D\x9A1\x93�u\xBDC\xAD\xE6\xABf\xC4q\xF4}O\xF2\xE1\xE9+\xAB1#x\xA9\x8E\xC2�\xBF\xCD AS\xE5�lgLF\xC7\xD8T\xA6�\xDB\xF4>\xA5\xE9Þ˜Ö§23Ò®\xD5s\xA3#Q'\xFF\xBAZ\xA5\xB0\x85`\xC8�\xB6`8\xFB\x9A� _H\xDC\xD4M�\xA0\xE1�\xA20,R)\xC9\xF1\xAF\xBEB\x8AÎŽUE\x94\xEF\xCA/\xD0\xEDt
-\xE3䎤U\xAD\xDF0�\xF4#\xC3\xDC]%\xA6%\x90Þ™C\xA7\xD21d7\xA8\xC3\xEB\xAF [Z\x8B\xDE&\xABÑ FT\xC2Rc\xA3\xA2A\xA8\x98\x8B\xB9\xB6E\xB3m�\xB5\x80a\xD85(j�\xC1\x8A\xEDÑœ�9\xD4\xE54\xB0S\xD0*�$\xAAV\x83\xEDh�\x81\x9D�7�\xE7\x8D(MVAV\x98\xCDO^\xC8\xEB\xB1y at W\xECZ\xFF\xC3=Rp�ÆŽ\xAFP\xC6Q9a[MmKN\xA4gS�y\x822\xB0\xD7kyrW\xB1\xCBtŪ\x91>T\xB0\xC2\xF2\xA1W\xF2�5/+1h�\x9D\xFB\xDFy8\xCE-Ek)tV'\xEB\x82\xF3�\x95\x81Ö™\xB1Q�[S\x938:\x9A\x95\xE2Tc\xA3\xB4��dÕˆ\x8C\xFEnS\xF2
-�\\xE5\xB4\xE9W\xF4(\x8B|\xB0N'\xD5ef\xB0>)\xFD\x9644IB\xAA\x89\xAC\xF4<\xE93\xB2\xC2\xE5b\xFD#M\xBB\xB2m\xA4\x85_v�dž\x99\xB5^!\xFD2:\xE9ɸ\xDDfD\xF4A\xDD\xD0\xF0֬X\xA3xkka\(y�\xAE\xF0\x80\xF3s\xCD7\xCB.U\xB8�\x9EZ\xF1\x8D|{iDM\xB14\xD7�'\xFE/h3\xDB\xC0�sd2\xFBX\xBBq\xD82BW
-\xB1�\xF1\xE0va\xDE\xE5j�\x8EGH�\xC!
A\xE9װ�\x896\xCFB\xE8�˓�\xABguOM˗\xA9�\xA0\xA5�{NH \xD0}\xE7�\xAE�\xBB#�UC\xA3\x9F�\x90\xB9N\xC9\xC3\xFC�\xD4\xEDU\x94��/\xE5\xE4\x90\xC9?\xDE\\xF8f\xF5\x84 \x81>\xF7\x80k\xAA\xB0\xF6�"Ev4U�
-h7m\xA7�\^Ά\xC0\x928 \xC8\xF2-\x86�\xFC�\xDF!\xD9\xF1E\xCC \xF6*�b!\x9FW\xD9\xFAv\xB7\xCCY\xAFX4<\x92kã¿\xAB\xB5B�\xA2Õ‘\xE1Z\xCE\xEEz\xAE8i) i�\xCD4�\xB6��fÈ‚\xA75�\xCB\xC5Ÿ\xF88�ì’\x98ÌE\xBC3q\x{35B284D}\xADj\x8DÒd2\xC6xI7\xE9��v^IG�Ç´\xA869>Ý �\x9A\x89h\xDB\xF8�\xF1\x93\xCC\\x96\xCE6\x8BSg�\xE2\xB7g\x9D\x9E�)\xFEoI��\xB0\xA4\xF3B\xE9W3\xB2r\x82IF0\xDC0\xAC̨\x86\xA0\xDA\xE0J\x98\xBA\xD3x�\xA4�\xA3`�o\xF8\xDA� C\xF1\xCCJÝ…,^!\x87\x83Ĩ\x9D��\xCCX�K.5�bHQ\x99I\xCA�b\xB8\x92wG�NF\xAA\x81�}\xD5Z,:hK�\xE1\xD5dk\x93-\xFCĹ�\xCA|\x9BqW/\xFA�\^7 \xB2\xEA\xBA9\xFB�\xA7Y\xAC]i\x88\x98�\xC9�\x92I\x99xt\xF4t$!rM\xACÐŒ\x8E\x8A\xD1c(\xBAa\xBF}\xA0y\x9D\xAB\xB9
-,\xA2
-\x88?\xC8P\xEB\x93��Y\xE1H\xA3\V\x8Du\x81�\xF4\xC9\xE8\xA1\xD8M\xBB\xC5�`\xEC<\xBBo\xBE~1r+\xD9P��6Y_\x88\xD4\xCC>H!\xC2AT3�H\xDD\xEE\x86F\x8A\xEB\xD38z\xEAf\x87\xF8=$\xAB��\x8A�;\xE53�\x9F-\xD8 �7�prj\xA9k\xD1\xEA \x9DF\x8D\xBB\xD3H\xA9\xF9\xED�\xA9\xD7b�\x90<\xD3DÙ¥\xC4]_\x8Cy&\xB0\xE9t\xAB\xE0�`\xB2�\xBA\xC5\xE0\x89�\x8C\x99lϪ\x81b4\xA6 \x8DoX\x83F^\xE0×®Y<\xF1\xAC3\x99\xD3\xD9\xEF\xD9j\xCB\xEBYC\xD7�\x8E\xDFbH\x8D\xAC\xBDk\xF9�\ Ç•\x94\xBD\xA4_5�L\x8D\xEB\xF8\x84k\xD1\�\xA7 bp\x9Am\xBA<\xBD\xC2^\xB7\xE6Û�\xFC\x9F3y�\xF0d0#ucg,\xA34\xD3\xD8&\x8D\x95\xAB\xD8\xF2\xAAN\xCB����\xE6%i\xFCh1\x9C\x92\xF7\x82(F\xA9\xFBà¡Äš\xE8)\xEAg\x9C�\xF0\xAF\xC6'hܧ\x91\xEF`B�#Yf�zP&\xC2�^\xF0\xBC[\xBC�FVMPs\xA3H\xE5\xC2�\xAB\x86E+\x82\xDDj&u\xA0/\xC2\xDA\xD7\xD2W<\xE4g\xBB\xA1fG\xA1\x88\xB0<n3FAw\x9E\x85�\xAB�\xDB\xF4�d�\xBB\xBA\xAF\xBA\x8BX\xA0\xAA}D\xE6\x8E\xC1\xC7j\xAC\x83\x9F�\x9F\xC4�B.r\xA0/\xC9��\xB1\xD1\xC4\xCC!\xB5\xB5\x8D\xA9\x94\x8C`�\xB3\xCD�1\xB6
-\xBC\xBF���
-\x8C\xAB%\xB4\xD5\xC83\x80)+.\xA8ɵY�\x902\xFE\xC8\xC9Ft'C\x8D\xAC\xE0\xA2\xE6\xEA\xCCE�V�v�\x8B�\xA5F\xBDÆ‚�\xE8Ni�v�2\xEC\xAAØ\xE2�!~\x97H(7cs\xA3�PI(\xFC\xABf\x9C\xE5�QDK\xF42p3�\x8ERc\xE2)Ht3�\x97\xF4B\x9F\x82\xB4\xD9 _\xC3��\x9E\xA9�Ùƒ@G\xD5<6\xCDm\xD2\xDBD\x8A\x9D\xE4\xA8vs\xF5$?\xAC\xE3]\xE9Q\xD7z z�\x85e\xD3a\x96-6\x93)�<"\xF9\xBE\xAB�?0\xD7\xCD\xCCX\xF0\x91ÜžW\xC1\xFCfpD\x8DÍcyb' S1�\xC0\xABWo\xD7D\xB67b\x95�z\x9B\xF9c�\xDC\xFD�cd�\xF1\xF9 \x83\xA7\xE1\xD0\xC1\xD4r\x9C\xEED\xA5\xA6\x92\xBA\xA9��\xC3t5w,\xA8�0k\x98\xAE��\xE4\xDC_\xC6\xEB0\xA3\xC4�\xEC�l\x8F|7\xEE\xE8�\xD03�S#\xF2H\xE7\xD9\xC6:\xD5�Uej\x98��WG\xC6$O}Å©LG-u1\xEEz�\xDFp\x9AI\xB32��'\x94\\x8C\�\x8B/\xCE=v�\xDE\xCBN*_\xD1 N>�q��\xC6, *
-\xB4�\xC6\xE2\xC6\xC5\xC3h�=\xD3\xCDv\xC8�ge{�\xA1�\xA7�\xFD8\xDD-iJ{@ D\x8A�7J�\xF3\x84$"\xCBF\x83�cv`\xAB�\xD82m\x94\xE2\xF2\xBB\xB92\x84i��5Î…\xF8\xE9Q�l8ä·d\xB7\xA1h\xA0g'g\x97*\x86\x86}q\xDB\xCAAhm\xEEJ^�Ò™�Èœ�=,\x86\x8A\x94\xE5�\xBDn+��@,JF-Fb\xCD \xB1B\xA9\xF9�\x9C\xFC\xAAi\x8F\x85y\xF5\x8Dy\xC8KaÎ\x9A\x9Em\xFF0\x88\x8DvMZ\x96�\xE5\xB9D\x8E\xC7pϲ\x8CÙ£cYÝ„o0+\x8F\xDDŠ\xD4Üœ��n`;4\xDAP\xACz±w\xEB)9\xDB�y\xD2\xE8 \xECYL\x93ËŒ\xD7S!\xDD_\xA3�|5��?\xDB�f\x9F\xBCÍŽ\xF0!Ò‡��"\xF9.Û°gt��h;\x85`gF\xC4X\xB9@\xD5�\xF9\xC4\xD8\xCCm_�\xAFyC\x84le\xF2\x86\x9A9\xAF2fZ[\xC0H9o\x8Ax\x9C�\xE9\xFEL\xB1\xB1H6ã¨d\x84k\xA5�H@/�\xA52c\xC1\xB9C\xCDFS�s\xF2\x98\xB7\xEDW\x86\x9B\xDA&V6\xA4n\xAC \xF6&\xEC\x97H\xA0=¢׵�^IbQ['BY}\xBF�\xB3N<5Cݤb\x8FQ#N\xAF\x8A\xFA\xB9\xB6\x81v\x9Aȯ\xC2WjÆŽ/_�Ô¥�\xB8T\x94\x9A\x91VE3\xDE�^�g\x8A\xED\xC4\xDEN\x87N �\x8B�\x8C0q!gļ\xA7\x85Z\xE4\xA4dn\xAE|Dc\x90wMe\xE0�\xA1\xA5L\xCD&\xAE5\xD7�\x9Ej�\xAB\x9A\xEB\xE0^��Bu0�\xCC\xCF'�E\xD8�\x99\x9F�\x92��\xBF\xBA\x86V_�\xC0\xA7\xF7*\xC3�Uc\xADÇa\xB3\xFC<1sE+\x9E\xF1\x96]jW\x8CF\xE9�\xE3B\xA2\x95\x9A-4\xA6\xCC>\x83\x9F%Q|�\xA8#h\xA4�\xC6B<\xD6\xCBĨÙ
-\xA5\xAD5\\xBA�\xEB�8eq\xA57v\xAB�o\x8E\xFD
-\xAD�phu,K Jc|\xABg]h\xB4\xE4�5ʪC\xE03`\xF1\xDE7\x91S��:\x89\x90j\xB4 \xA7�麊Y\xBD8��&\xE8{\xB9�\xDA�\xFD\xB2\xA0\xB5*\xBB��@3\xD7\xF7+6;D���h\xDC\xEC�\xE2�É•[\xB3x\xE1\xBAnJ\xD5dq�\xB9\xD9=\x98YHf\xE0\xC0_\x82\\xE4$\xA0�\xC2�\xC3\xD2\xE0tH\xD7 \xBEJJA\xA1È…J\x82|\x81\x8B�\xF4P\xB0�R\xB46\xD9.Z\xB9\xF9 ;\xB1\xE9�\xD104e\xEB`\[�\x94\x9FpmAp�TC\xB8^\xB6\xA0(S1\xB1\x90\x88\xC0\xBC\x8DA{\xCAÚš�\xA1�\xEC[\xAB\x9D���P\���\xB0\xBC1y\2Å° \x88���$\xC2\xE8\xB7ð0K\x8Dï²Ú–\xFE\xA5FO\xA5\xCE^�y\xF8\x9A(\x9C"\xC4Ч\xB17H M\xB50"*!=/-\x94y;Ê l\x97AQc- ;=�aF\x8A\x8ER+7\xE8\xBA\xCE�\xD1t/[\xC2�\xD63J\x86j\x99\xDBbwD\xE7U:\xCBq=};\x9Fq\xC2#\xA9C½@&\x97\xA5m\x9AQP\xC3;\xE7�\xF6\xD7\xCCh\xBB\xD6H\x92\xF6\xC4�\xB7[N \x99\xAE\xB0'id\x96]\xAB\xBC\xDDM\xF6\xE6\xF0o<\x82{\xBF�\xFC_\x81vmbC\xF2)\x93��\xDC�\xF0^�\x97];\x91\xE5Uh\x94}�\x81 \xC9A6\xE8�\xF2?\xD5rÖ´\xC2\xF4G\x82\x90�+#PX\xB1!\xF2\x90\xED\xB4\xF7\x86\x8FK]\xF1�H6 %[Ø\xAA\xA9�\xFD$+&\xEA3�\xD3U3\x85\x98$��\xB1\xB6\xE2�\x9E(���+\x86\xF2\xF2\x9Cm\Y�_l���7\xB1�\x99�\x9F�\x91\xD9b㈙\x93vvTp4\x83\x98;,�Ë‚O�p\x8D(rvD\xA4v \x8E\xC3 at Y3�\xE2*
-\xFB\xD0G\x83d\xCA\xE4v\x95B\xAC\xA1\xDA�Vs.$�\xE4ܱ\xD6\xC7\xF0\xC1y\xCBpC\xD7) �\xA7!. *�YźzW\xEF:7�d#}Eס\xE8$\xFFd+\x94\xE0�\xC9\L\xA1q
-ú\x94\xFA\xC9N-n\xF8jF\xE8+ �\x85 \xADM\x8D՘ \xB1nU\xA2`ֻ\xF8\x9A\x95\xA9\xE8��\xA1y\xCB\xDA@\xE7"0\xEDPl\xC6}\x9C\xF0\xB1\xC4.d\x93\xD9\x{291B461}\xA3^O\x80\xEC\xA5a\xFE+�{F\x80e)\xDBT\xC34V\xE6�\xEE\xB7'M\xA4\xFE\xED�\xC2M�\xBAW3⤲
-!f\xA2\xDA:\x9EtJ\xF1\xAB�\x85z!\x85\x89�\xFF<\~\x8B4�\xC9\xFB\xF61\xA0\x80\x89��\xB4)~\xC3Q�\xB4\xBE@�\xD6"\xF7\xDBn\xE6R\xA6*\xE6iض�{\x9F\xFE
-I\xF6\xACt\xD2U\xB6\xD3\xD0mQ\xFE\xC8P\xB4\xC2#\xAA1\x8AK\xCA�Do\xBB�\xC4ʪ\x980\xFA\xD0*\xF4\xE4\xC4H\x94D\xCD{�\x9A�F\xCCpxW�l�#$)�\xA3\xF9{\xE2\xAEE\xEF�\x9D]\x95\xC3X\xFD�;�B\x93K\x8D\xAB\xD0ȸ\x91\x98A\x9E\x9C\xF4�\xB4��d\x93\x938\x91w"xf\xDC\xCDW\xA1aK\x9E\x98Gg\x90(
-\xA64� \x83&+�W9�|\xC52n�k�\\xAB\x8B/(\xC0e\xE0l1٩\xCD�\xB6�g\xF5�Ԟ\x80T1�kCQ�\xF0\xD5\xE2\xE0TUY3\xBA\xB2\x87\xE4D\xD7M\xA8�\xD2\xD1·16\xA4\xA6\x86%\xE6\xF8!\xF6%F\xC2<�\x93\xB4]K͌S\x90\x80\x9F�/\xED\xE6؛-\xE0\xCEn\x99��p ETI٬\x91\xE1Y&�\xC9
-�\xBB\xFB\xFD7\xA72\xD1\xF8O`\xDF3\xAB\x9D\xD9�\x92`V�\xCA\xE9)\xE5+\xFC�\xA4\xE0i\xCA�\xFC\xA2\xCC5_\xD8x˜锽\xAF\xD3XF�\xBF@�M�\xEDD\xCA2\xF5ڮ\xD7\xD2\xE9\x88b�T\xA3\x8B�)\xE1�p\xCC:ˣ\xE0D\xB3\xB1t\x9A\x91\xA0�I'�\xEE.\xE8�\xF2\x8C�\xD7$E>\x87\xC2\xF0�\xA27m\xB0�j,\xC8�\x9F&\xC0k�\xE4\xD8�\xF8L�\xFFW<S\xA8'�\xE3\xE6\xBD\xC1ۜ\xC6�U3aMŕ\x96eyo"\x8D\x88�\x8B14\xE8\x90�`f�r�\xB2\x8El\x81�\xEC$\x99
-�QR\xBE\xF4\x8C\x93�\x8F\xEA,D"�e�\xCA])\x96\xA5,�P\xBB\xABň\x88tr)n\xCE^\xD32��\x9A\x85\xC4�ոA�S@ёN$�\x97P\xDE<\xA8�
-=9\xA7R�R\x828\xC9O\xDF\xFB \xA7d� \xAB\x971\xC9�^\x80\xD1Y#\x99\xD1\xC7]\xC9_\xD4L_S�\x94\xB7\xBA7\x8Fs@[\xE4\xB3\xD2�Г�>Ì Î‰\xB1v\x99\xDE<\xCAp��d\x9Dl\xD6�\xE1\xC9\xF2\xC3�\xF3=\xF48X\x98ƬDG�
-�Q\xE3"\xE7\xA69V<�H\xCB˃\x8A\x90,\xFCd\xE4k\xCF\xF2\xD0X\xBD�\xDFc\x87\xD8~\xE2)\xD8Dm\xDB@\xB2s\x91\xB0L\xC5 �\x8E؋�\xAB\xDBp!D)\x9FcT�\xE9� \x88k�4\xC7S�u\xC0\xBEt:\xBF�h\xE2xV\x9A\xF1Gld�WU\xCB\xEC�%M\xBEV\xEF\xDD� .!\xC7�BV\xD37\xB3\xE6�\x8E\x9E\xC1H\xC39\xAB\xC0\x9CB\xD9lK9\x96I\x88\x8C9+\xCE\xE9\xCAo\x97;\xB9�\xAFQ)F!|6\xE2\x9C\xC0]\xB5�\x85e\xCB�\x9E\xE1P(\xDCP\xB4\xC3\xC8]/\xFEr\xBAk\xD7��f\xBE\xF1٠\xCA[\xB0��;\xB3 o\x9D!%1\xE6\x85,
-\xFF9+
-)�\x9A\x97e\xDF�\xFC�\xC9#\xB4Ã’\xE6\xD5,\xA2\x99q\x9A\x8D\xB2r\xBA\x96 �'!\xAFN\x97
-\xA2\xA4\xC9\xF4\xFE\xCC(\x83\xEF
-\xA3�z\xF2\xE2\xA152\xF0\xC0\xBBV=\xB5\xCED�hG-\xA0\xF8\xFC\xB6\xE4 F\xD9()\xA0\x84#\xD0
-\xF0\xB8;h\xB6,Q\xC5_\xA0\xE9�\xAC\xE5uu\xCA \xC1FZ-\xFEZ!T%\xC7\xDC\xD5�fm\xB5\xE0\xDAÙœ���^dÕ‡\xC3~J\xEC6\xA3�ÅÙˆ\xBBbF\x92\x87@\xFB8\xDD�T�\x9Cwk\xF2\xAF�]\xBEQaR@\x8F\xB2O�\xE5\xEC\x9E9\x8A87\x8C \xD8z�r\xB6\x97\xD8y-A\xE1\xE1y*\xDD\xD8,0&\xF2!r=@F\xAD�\xA9\xD8�\xE8026�0R�ÖŒ8\x9E\xABq\xC7���By�\x85\xE3`[\x86\x99h\x8B[=�-\xA5\x94H\xCFT\x81
-\xA2\xEDd\x84T\x8A\x87�\xBB\xB2�<\xF5:É›\xB2u*U\xE4�\x99D\xCA&�\x85\xB1Ы��\x89|Ì\x92��Ü®h%8\xAE\x92�\xE0V 8q\xD8\xF9\xD9 Y`="\x9C\xB9\x9C2\xD83\xD7\xE9az+\x80o�\x92s0C\x99d\x8DYr\x96\xB6f�\xD7É\xA69HYC\xAD"1p#_v1\xF1\xA5Xz\xC8–\xE2 g\xE5)\x97\x9BRr\xF6U\xA7\xA6\xBB�33\xA2\x87�\x8A�\xF5\x95\xD4��\x82�-\xE5\xDE \x957s\xEE\xB1Un2>\xABOe\xA9[eN\x94\x82�\xD8Õº\xA7%\xE5ؾ�\xE9\x8D+�Þ’\xBE~Qm�\xF7\x8F\xF8&YNʼn˪q\xEA\x89CB�%\xBE�\x83\x85\xD2\xC0\x9B"\x8FÊž�\xD9\xE1\xCD>�phZ�\xAE\xB5\x94j\xE29\x847\x87\xA9I\x8B�\xC7�,\x8Dw��\xC1�\xD6Lk›\xCD\xF2\x9C\xE7v\xB0?\xB9\x8A\xF7\xC2Ñ—\xF0&�<�\x9F�\x80.\xE2K\xAB\xA2\xEC\x96&�2e\x95R\xE4+RV;\xEB\xD5H�\xD6^�p.#\xEB�\x9Fˈ*\xCA�]d\xF7\x91\xC3/î±¹lj\\xEDp\xB9\x89\xBBn\xFA\xECp\xEA\x8C\xFD*\xEB\xD2�\xF8\xF7\xE0\xFB\x88D\x91$�|&\xEE ho\x9A\x84\x9E\x9D1\x86\xC5\xF8'\xE2�?\xE1\x90�n\xFA\xF4�\x8D6 �-Y(\xE3�\xB05B\xB2Ó–� �\xE6\xA3Je\x95\xE6\xD7v\xAB\xB3iP\xB3|\xC1\xCF8\xD7*/�\xC0\xE7`N�T\xCA\xE7<�\xC9�~\xE8l9�\xB5+<\xC2\xCA[\xABNkMt\xA8�\x83�\xFBS\xC0\x9C\xCE7\xACÓ\xB9F\xC8R`�8m�\x9C$\xE3\x81�O\xE1\xEE*\xC6MBV Z\xAB\xB6�M\xA9�Wcr��\xD7\xC1\xF9ÌŒ�}`[\x82T$q\xB2\EFH'\x93\x95\xBA�y�B\x89\x9Ck\xFBÉ’Ù™\xBE\xAEi"W.�.+\xEA\x88- ���\xE3\xD9\xCBw\xF8b\xAB�\xA0\xEA\xFE\x84|�\xAF\xDFU,\x9F\x97\xAF \x92Fb\xA6:q\xF6\xF4\x8F\xCBh\x99��\x9BL@\xA7\xBA\xF2;B�!\x99\xB5\xBC\xC4\xC1\xCCر\x90\xAAb�O\xC2z]D\x8C\x818\xF3\xB6�\x96U\xCF�\xFDn\xA46\xC11)\xA97- \xBF\xC0�&H\xB5+\x938\xBD\xE4H:\x80\xC6j\x89A\x86\xFDr\xCFn\x85\x9C81ce\xEDÜž
-K!\x87\xB3\x90/,S\x8C\xCC\xF7\x83\x95'gz{�\xA2F��n\xB58\xAB\xC1\x97e\xB2\xE4�\x884*T\x97؃\xCAt>5\xA3\x81\xC2ÕrD3�7�B�\xA9a_\xD1 Rp\xD4�j�n0�=�\xF6\xD6a��\xEB2�\x87:\x97\x93Pu\xE8ْ\xB4*١\xBEVf\xD4nU\xE3*\x9CG\xD3_\xE1�rr\xF5�\xB3�\xAA�j\xD8� \x9AR\xDB\xFE \x91\xF1\x84DmS\xE3.L]\xCE\xE4\xACr\xB1ކ~8и�\x88\xA4^7(\xBB\xDCF\xB6�2\xC0\xF9 \xA1�j1\xBF!2`佣\xE4]$ױ(\x8C�A\xE3�\xA3\x84=\xF8
-\xC9\xE3)\xCE\xEEU\xF4\xB1\xE0\x84\x8F�\x84\xCE8\xAB\xFD&\x89d\xA1�\xEEy�zÛŠ\xA7\xE5Y\xBA\xBA\xBC\xBC�w�Ä \xAE-A2r\xC7jh\x8FK�`�k\x9DËŸ \x89\xC8*A�\xF7'r\xD1mvZ\xA3|\x85\xDD*\x93!
\xC3hQ{5\xAE\xEA�\x88j�\xA4�cF\xDBI�\xA4]1\x9AK\xBF\xC1�\xE5�,8\xCAS\xA8WI\xC3\xC4T)\xF9\xA7(\xE3�F\xA5i\xDD\xEC?\x95\\x96\xB9\xC0\x9C�\x93|W\xD6S\xF4\xBC�E\xAEj\xCCBMq9�-�Ä\xB7_\x81v\x83cjFAD\xBF\xF2�@\x8Ai�L\xD0J�\x85\xB8ÇŠ\x82F&\xBF\xAEF&\xB8\xA9�d\xE4\xC1\xE2\xD8jk\xC0\x9A\x99��\xC1L\x89vr�\xCB?\x9B\xC4Ïž�l\x96(B\xC2�D\xF9q5V\xEA .\x93\x83�\xDF�\xAB\x90\x8A\xF1 ����\x89x@\xBE�qbFtI5\x9A\x9EÃ¥�\xB6\x9D\xE2\xD8Ã…\xDF�\xCBz(�\xE4\xCB��v\xA7\xE4\xDE�R\x967�v\x80 \x97\xA5� Q\xF2�=.\xEC:bF�\x9BÈ x
-\x91J\xC9o\xD1F\xE1\xB3\xEA^b=h<@*L\xE6\xB5.Æ¢\xBEG�\xF0ã¦\xA1aÞ8#\x92\xE6\xCFw8\x8Cqh\x93�9\x9Eb47e\xB7\x83S)fO^E=�\xA5O\xFA\x84\xCD\xC3�\xF5:\xC6{\xD3\xC8�;p\x84lv\xE6\xDF3b\xB8�\xFD\x9C\x94]_\xD0�\x88\xD3�\xEBX&�\xD4<\xE1\xD3kE\xC3\xC1:-�\xD7(v\xB4'\xD4\xD91\xE5\xEA�J"F(3� sb\x84\x96z\xB6yL\xA43Vm\xD2l\xD2f\x8E\xA5Ö¹\xEB$\x85�\xE1XW<
-ު�|Ɔ\x94py*\xA4\xDFH_QYW\x8C \xB1\x81\x84\xC97�:\xDC$\xBC\xE5\xECR\xAB\xA2.e#CtjZ't\xE60\x84\x9C\x8A�\x8E\xEB�\xC9e
-\xCEi�\xC3Y.�,\x83\x91\x89\xAEb�\x94�\x81\xF7"\xA7B\x9C�v\xF3\xA1\xA5\xC65h\xDC\xFC\x88\xD7\xFC\xA8\\x8AU4\xF5\x932\x85\xB0\xC7\xCAb:�k/\x92X+\xE2\xE4\xC5z\xB0�\xE7�Ѭ3��\x99/X�
-c@\xFA\x9Cr\xF6p\x9E�\x96A\xC9N\xD1+�\xD9@*\xB1\xEAF-\xC0\xBB<\xB6G$\xAD\x82\xA9ÛŒ"\x8Dk� \x8FL}\x96*\xF1Å¿\x9Fp\xB0\xD9 \xF7W/b\xA1H\x989\xDA\xE2l\xD5L$\xEC�\x8A�\xCA\xC9J�\xBD\xCA\xFF\xD3z3\xA8@\x93\xA5\x9C\x85\x80\x9B]@N\xF9IY\x9D\xF2�\xA5H\xAD�\xA2\x9C\x99\xBC��D��\xE2�\xCC\\xCDS`d\xD9v!5:L\x98\xBD\xFE at 2\xC5�\xBE\\xA4 \x89�/'{\xE9\xB2\xC4\xC7\xF9A\xB5\x82\xF1Z@\xD4\FM\xB4y%\xDA�ÈžraC\xAD\xDEi\xA7CM\xA9&GV+}re\xC0aT\xC7\xCF&<GHY�U\x87�\x8A\xB10\x83\xBE6\x9D\x98-5Q\x80\x81L�l�\xDE4פ?\xB9cd\x91�8\x8D\xABj\xD7n\xA76f\xB0\xE2ĈG\x98Q\x81C\xCC�\x9A&~�U\xBA�\xD2\xC2&Y�\xFA��JTX\x93/�\xE7y2\xB2�\xB3�\xE2�\x8F\xA1: \x90�\x85ZI|��� ?�T\xD6\xE2\xA9Þ‚\x93��xÛ \xC4\xFB\xF7\xC5U\xC2
-\x99\�\xC6\xCC\xE4mAi\xBC\x9BB\x80�Ù©n\xB9\xD9|�V`FÍ]\xA5\xAE at gR\x90�-�\xB7Ú¡\x82��\x81f�m&o�c0i�\x9ANx\x91\xC9rM�7\xA2\x8B\xD8\xDFÄŠ\xEC\xF1\xBCM[\xC9�'d-H�f\xF3N\xC1&\x96,g\xABM\xA45J�\xA1D\xD3sS\xD4�9�� R\xA0\xD4Hn\x90ml\xC616#y6r��$QZ%I5\xB6H\xBD\x9E\xA5\x82V\xC3b#\xA2\x95c\xFA&\xCBË»)�\xE9oP\x8B�x�
-|\x9B\xC6"=\xD6@"@\xCA^ \x95\xA2\x91��\xF8f9\x98\xB4\xAAÓˆm�\xB9\xF6\xC1\xCF�\x99~?Ī��78ä¼#\xBF!\xB9\@w] 5V2\x84\xBB\xFFy\xDD4"GE0\xCFB\xD6p5B\xC3Vaif,*×’\xFD'\xED8\xA4\xE8r\xA80Tg\xFBË“B\xDCD�MH\xC7ξq\x90mEÕ¸\X\x97=\x81\x87*\x81\xCF\xC1i Õ\x80\x8BP\xB0B6\x82�j�\xA4\x9C\x86Z\x90<�x@\xD5C\xCF\xDB)\xAF\xC5\xE2k\x848��)�ä±\x91�\xA6Y\xFB\x848\x89\xFDf\x9FH\x92\xEF\xDE \xC6h��,Z\x99\xF9\xB4\xE02�\x9E\x9E(\xBFHT\x8Ei\xF0
-\xE8m6L�\xBE�h\xE5\xC5R}\xD8.\x90.M\xF4\xF5�\xA0\xCBib\x96.\xDD\xDD\xEE�Z\xE9\x8C\xEB{\xB4^\xCD\xC8W\xEA\xAE$\x90-�͜{\xF2\xAF\xB3}\x9E\xCF\xF0\xD9W&��`\x97"\xAA3\xBB�Z;Z��\xFDER\xBD�!\xE7\xA6\xD4\xDD\xC9oQP\x8AK\xAFE
-\x8D0`\x90J\xBF
--#\xBDt�\xABI�\xE6&\xBD\xB4\xAE�\xAC�r\x9F\x9Ac\xA3\x83\x9A\xBC9ɥ\xCBVu\xB5."v\x80\x85\x84\x8E;&\xF1\xD4\xC9 \xA2@\x86 at 5&\x83\xB8�\xE56\x9C\xB3j\xC74\x81\xA0�\x88/"\xAF\x9C�\x997\xE8d\xEE\x80˒�s���U9��d\x8B"0\xF2\xB0 %\xEE\xA0\xF7\xA7\xA3\xF4\x83<�$@R C\xC9\xE2p6r\xFDŢ8�\xC3\xED\x92n7Hv\xEF\xAC5�\x99�\x85Ъ\xE6\xE2\x992\xAB\xC4&\xAA\x83R\xF9� \x{1585AB})Z\x93\xA0b\xDFd\xEFMH\xB2\xD4p\xA1՜\x895"X\xAFi\x8B\x93\xB4\xFA\x86lmM[\xF4�\xFA\xE0\xA3�_$k0\xF5$7\x81�\xA7\x89du\xCD\xE5�\xB8R�\xD5�qsK\xC7Y5\xB0\x9F\xEE�j
-N_\xF3�\xDC,\xA2M8!6P\xFD:\xB8Y\xEF\xBE\xD0:\x9C\x80B\x9DJÖ¬\x91\xA5�9�
-E/:\x8F\x92\xEB\xA8h+\xAA\x9F\x8B) \x9B\xF4U�\x91'3\xD4k|#Wж\x84\x96\x9CG\xDD� sÒŠÑ«\x99.\xE0\xE8\xCF$\xC0\xBFn\xA4mJ��\xDB?\xAC�@/God<E\xC6:Ï–r��\x95.ÑŽ\xF4H\x92\xEC\xBBm�\xB6V4\x87O5��Fd\xA6\xC3\xD5"�2&\xBB\xB4c\xF2pGB�T\xCCH \xE0�C|e\x90��J\xCB�j\x9B\xBAkB\x8EfÍ\xED�Ó¨S\xC2!�\xF2\xA4fÌ»p� \xD0\xFBĘV\xDA�c\xF4\xEA\xA9\xC2n\xF43\xC85\x87\xF8\xA9\xC0\xBE\Û¹tN6W,\xDE\xF9\xCF˽\xA2\xED\x82�\xDB}{\x8D\xBET\xAA3\x93ß•,\x9C\xCE7PLTO\xEB\xBA\xFB+\xE8c\x80U\xE1s\xC8K\xDBi\xCE\xE3+\xD8\xCEMI\xAER\xAF\x91\x90 0A\xE3\xC6X\xEA2\xF5,\xC5\xDB\xFC\xEA+x���\xDC�%\xEE\xD5J#\xA5{\xB7q\x95\xCC\xD8Rt\x80\xC7-I�l�\xA1�\x81r#hCU\xD1�\x98\x96\xE9V\xF30
-\xBFL\xA7\xC0,~\x9A\xC5\xDA2I\x83�\xD0v9,<\x9D�[\x83\xB2\xBCX\xB1.N\xB3\xC7j\xAFF\xE6\xCBo�\xB1*_w\x90\xBC\x88s߮13\xB7 :\x9Bq\xB2>\x94p�!gV=YP\xF2\xAE\x8D%\xA0q
-̤\xE4r\xFF\xC52�8\x93\x90\xEB�\xD8\xFAN\x9E \xA4rj\x89\xECG�G\xAAQ?L\xB7��~]�F\xA7m\xA2\x9C\x83\xA7pW\xA7\xFFi�+\xE7/6Tx)\x96\xC7�g\xA2\x92і\xC9\xEF\xAE\xD4{�#K\)\xB0h\xB9*j�U\xB19\xD7ѵ'\xD4\xD8�n\xA5k"W\xA3\xD5�\xAF�\x83 d\xC8\xC0z\xBAxw\x95\xB8bs\x86\x9EV�8\x8D\xE2\xACf$\x83\xB2p\x974\xAA\xE4@\xCC!;\xABA\xCC at P\x8A\xA7 kH}\xE1\xCB@\xD1\=H\xE4�\x97\xA0\xA3\xAB\xBF \xF9\xE4b\x84�s�\xC1L\x91\xF91;\xF3\x90H\xF5��s�6\x91 \xA5\xC6I
-'�\x98|&\x8B\xA3j\xBB�\xE7A\xE1\x84��5\xF3T\xB6��\xA6 \xE14u\x96�\x8D+s�\x84֎�}\xD66\x91G\x9BN\x87\x9D\x9A~\xC9F1qM\xE8RJ\)\xFB\xF1\x82\xC2\xC5ɹ�i{\xD0!YY&�6\x8DC\xB1�%&\xEC$1\xC6S\xAB\xF0s7(\x9A�6\xEB"\x9D\x8D[\xA2\x92PL#9�\xB1$\xB9\xAE6\xFCr\xC7vMEw'\xA6\x9E(\xB3\xD5W\xCEiE\xA4\xD488\xB6�\xA5\xFD\x8A��[\x8F \x97R[\xEC\xF4/,\xBB\xB2�\x8D\xC2#ЬaF�\xC4��\x93\xEC�\xA0\xE4\xD0'\x86\xD9r
-c\xA6\x88\xA2\x96\xC6`�\x88!k�\xADP\xA6L\xF3�uznd\xB7f\x94m3\xA3'�K=\x8D\xE4ff\xFCO*\xF6(d8\xEC%.(\xB4\xFB\x80w�\xAB\xB3ʢ&;\x99�\xA7\x8D](ۮ\xE0�h\x9CGMr�6F\xC5D\x82j\x8E\xC2�\xA8\xEF\x95\xCD�4#\xE2\xF8��ܤX\xA1\xB2\x9C\xEC\xB6\xC3�Z\x94\x8D\xD8\xF9�q�PH \x9C\xAC\xA3- f\x91T\xF4M\\xB3P\xA6\xB3S\xA6\xB3J\x92\xBA\\x9C\xAD\xA0\xBC�\x9C�\x99,R\xA2\x95
-\xA0 g\x9E�ʘ/�0M�4'\xAEEhÎŒ\x85\x8AD\xB9l\xC7g\xC8J[v\xB8G\xAB\xF6\x81\xB5 R%\x9E\x9D�\xA7\xF0\xAF;9\xF5\xC4�Ë\xE8Nv^!#\xD9y8:3\x8D�\xCB\xE1Q\xD6\xC02\x81%9\x87�<�DU>\x96i\x93\xAB\xCA<\xE9��\xC2\xC1#\x86 \xB47\\x8B\x9C13z|\xDFy\xE6\xE3\xC0�\xA9F/Æ–\xE0�g\xF3:C\xF5]\xFDh\xC7\xD7Bsq\x842\xE08\xDC^*��\xE7\x96�{\xB9�\x8F-\xEAo#\xB5\xC5^
-\xB3\x81}\x89��%N\xEBw\xB2�\xAB�i\xE2W~\xFF\xCET\xAE�Ï„ch\x8F\x9CAÓ¨ fDц�4\xD6\xE6\xEC5\x99\xDF���co\xCE}\xF3�\x9A\x87\x8FrgR\xC4jT8\xB2V3\xAE\<s\x88�\x9C\xE3\xD5�\x88VN\xF9"So&bv\x94\xD4j&cE|\x8F)^-4\xB2\x85Z\xCD' \x82\x93=\xADE\xB1\xD0\xC2WШ�\xC5zÞŸ��\xE3\xEBjÄ�3\xABD�U5\x9D\xC1\x9F\xECÊ¡�\xB7r=\xC0HOÒ®NÝ‘��\x92$V�\xA9[\x95\xEF\xCD\xF5\xD8d T�\x8E\xB9�\xD4\xF42"�\x97\xE8\xE5J\x9A\x8E\xD0f\xCF\xD1nNO\xD6\xCCo�F�\x8Eg\xFC,[v\x94\x9EQ\x97C\x91N\xE3\x9D�\xC0K\x93\x95b4\xAD\x9B\xDB\�zÔ\x84\xAB\xC6\xF4\xC28�z�\x8A(\xC1\x9A\xBB]\x9B-t\xA3$�\xDF<\xA9\xE1\xD0\xF5\xB3\xF86\xD9C6t�"
-Z% \xEE�.\x9A ʲl
-ÞŸ��\xCDN�\x9F\x89\xDB\xE2sy!z\xF5kB\x98AF��N\xCE\xE3�\x99\xD8\xDB�\xB7\xDDx�\xAC\x80\xA1\x99m\xF6m\xE8\x9F{\xC4U�AsXm\x93R\xAF\xE3h�9\xAD\x853A\xE7\xF2O\xBC6s\x82\x95\xBD<�� \xA3\xE9Z\xE0\xC8i\xA1 jvn(N�� HÛS+;\xA2h \xAB}�en\xA3U\xC5�ج\xC9<\x9DX\xBB\xF8w\x9E�\xCBT�\xAD*XN�\x87N�\xC1\xFA\xEA\xFB\x89�\xBEQ/\xBCEy \xF5EM\x84\x86\xED~& k�8\xE1iû�\xE4\xD5\xF8\xA9\xAB\x9E \xA7�`\xA0ٌš\xACÍŠ;\x9Aj� \xB9\xBA&\x88\xEA\x9D. \xD3Í«=(\x97\x95z\x88\xBA�}Æ©�\x89\x90\x82Ô’pѬ\xE4^�µ\xA8-x\xBF\x96�8\x9B�E\xA8�슕Y\xF6[\x8C\xD9 ÌŠÓ²\xDD\xEC\xB7\xF3R-\xE7\xCD&Ó¥\�i�\xC7
-\x90\xE7\xD5\xC8�\xA6\xD4|\xB1̑X\xD5\xFC\xDDf\xAB}\xFD\x95\xF7\xCF|��\xF0H\xED\xF15\xE2\xC5 \xF4U�\xBA\xB7\xD4;r\x91\xDB�U\xEA\xD0\xEC҂Kp냻V\x83wd\xBA\xB3\xCC\xDF�\xA0\xBB\x93\xAB\x8D\xAB\xB2Ipa�\xC3T
-��j\x9D\xCE-WYY3*y\xDEfO\xABl\xA0\xF8\xDC\xC9\xF4\xEASñ•¹~\x86
-\x9C\xF1\xD2\xCA�I\xF1\\xEFf\xB5\xC6\xD9�0AdN'\xC7倵ss1c\xB7\xCC(\xDDG[\xF6�>U0#\xAA\xA8\xADzL ß �K\xA0r�\xDF\xFC (\xC1\x8D\x8C^M\x8F\x842\x8A\xC0\x9F\x8D5�4\xE5\xC5\\x91\xE1�C\xB1б\xAD\xA2��\x96}\x90P\xA7�C\xAA\xA6\xDCh\xC6\xC5\xD86�>\x99\x99\xEAÃ…a�\xD9288\x8B\xEF�\xDD\xF05B�8�\x89\xE3�\xA9e\x99H\x89\x8B;\x92d\xD586z\xB0\xE3�\xF4#\x8F\x9F;lj�\x91�.\x8C\x95P\xA2\xF4\xC1\x{153670}6C\xCE<\x9FVO\x94�~\xD6Ð�\x9D\}X\xBE��\xE8�?9 W\x82\xF6\xB2`M\xA7\xD1��\x85\xE6%�\xE0>"\xE1\xF9Λ��\x9D\xE4\xC1Z\xFD\x8C
-\xA3\xCE�\xBE\xC4�\xBC��\xC3� \xE6\xB5 \xC0\xD4\xD8�\xE4\xEA\xF1\xC5Qc�'\xC5�\xAD*\xAD\xE1\x91Ñ\x99<MvY\xED�MVbpV\x9E,M\x98�fh\x94D~0b\x91B=�_
- �1\x83\xFE\xD4X\x81\xE78�I_7s\xB3J\xF5-\xAB\xB9\xF7\xB3\xC8\xC7Ö›\xB9V\x94oÅzp�["{\x80\xAA�bfA\xAC�f/f\x91\xAB\xD1u\xB1T\xF1\x8E
-0:\xBAX\x84Ӿ‚\xB4\x963\xE3\xDAqZ\x8CzT\xFA�x\xB6T\x80\x86\xADv&\xC3-\xC7\xE0\xA8}\xB1LY\xC4{\x80l\x9F\xED\xA7�]g�\xD2}�\xBF\xAD�\xAD.$�\xB0�A=F\xB5\xCEs\x86\xAD�^g\xE9'�\xA9\xFC\xBE+ at Tb\x85Be\xF7}q{\x96\xA1\x88\xEEtf�\xBA|\x87�~\xF0�\x95�\xF7Ѷ|(6*\xDEŲh(u\xA6p�\xAB]\x88\xD9_\xCC\xE2d�\xCE\xD3ر\xD0�\xFF\xDCGf\x83\x98y\xE6ÚŽ'$\xD7�×\xD8\xDC8\x98\xD0�`\x93\x98\xE1\xE2,�x7\xA7\xA5 \xFA\xA0\xC3\xD4�\x9CH\xB9\xD6]\x8F\x80�YD\xDB\xF2r\xE0�!\x8A\xBC\xBC⇆\xB7Û™�\xF9\x86�
-�\xB2uB~\xABT\\x86\xD2wa\xBD \xA56\xD3\xF9\x83\x8E\xB0ÖZ\xCC\xFA\xE6f{\x8C\xE3y(\xD4\xE9\xD7f�\x96\x97\xA1`\xA4t�\xA2\x99�
-VbDB\xE4:\x88\x84)\xC2j\xEB\xE4�\x80R-��\x92B�\xB3l H\x94\x9B\xEB\x90c\xE2*\xE7\xF7\xEFH�X!k\xB2,\xA5\xC4\xC9�H*\xCB\xC2�t\x86E-�5�\xF6_Y\x84o\xF4\xEA!9\xBE,��}\xDA��\xFEU\xB6\xCB\xD6 J\x9A#m\x9D*4\xDBjj\x99\xB1
-\x8A\xF41-W\x8C;�\xB6\xDA�\xF5E\xA54.0fd&\xDA�\xE0~{N\xEA6\xF5m\xF6\x80�\x87�\xA8wԥ\xD8L\xB7P#xh\xFB�=\\xD6οg\xE8A1[*\xBB8])\x88\xB7\xFB�Q\x85+\xB9ӻ
-e\xF9\xA4�\xE4\xC0��\x82\xA9�\xEE\xCDXH�V4\xA0�\x8C΋y\xF3`$K\xAB\xC8Z\x8Fdz\x95\xA1ÙgD\xC6E\x9F\x85\x88�t\xA4\xB5\x86\x93\xC34�\xF7\xADS\x9C3{\xE4A\xDFl\xA5<\xDB\xF6d\xE1
-\xA6\xB5BJ \xA3x\xFA\x8E&\xF0\x91�$\xD6\xF2,C\xC1�\x81i\xC9Ù\xA6;$ \xB4\x93\x95\x83\xBB�\x98\xAA\xB7k\xF8\xA7`\xEFC\xEB�\x99�\xA7\xD0?\xC0\xEB\xCC�{�\xEDt\xF5�E\x95f�\xDA\xE9\xA2�J\\xC30 \xD0�q\xC3?`)\xE8\xC8X.\x86\xF4\xFEHw\xA1\xF3(\xE9\xFBA0\xB9\xD4]a\xEA"j�\x9C\xDEÙ‚<\xB2\xFAF�lmJ\x9C\xAA\xDAw\x99�J ĺP�\x87�w1�<�\xEB"V5\xA3R\xAE��\xF8\xD8\xC3\xE8,fd\xEC\xBC3A\xE5\xC5\xCB\xFA\xFA}\xE5\xA7\xFE\xEA_W~\xEA\xEFQ\xEC9\xB3\xD8\xF3\xF5\xFE\xE9\xC3 at M\xEA\xDF[Ai\xF9\xB2\xBARhY\xE8\xC0\xBD�q\xEFl\xE5\xA5�KGÒª�\x94AÉ–Bo\xF5\xA1\xA7G~\x93
-jc�\xA5S=\xC0\xF6JMIB\xA4Bd�@󡖴N\xA6\xD03\x8A\xC0\x90B�\xC6�j�\x8BS�&2X(\x8D\x91M{\x90\xEC!�5\xB2\xE1\xC7\xD6��\xD7�\xD6 \x93h5\xD3 T\xEA�\xC9?\xF5\xA0\xACkb�ˆ\xC0aP\x82H\xA1\x92?�\xFA\x84̽X\xFAv\xF9\xCE,d�\xA36\xAB,\x9A�7\xDCp\xF3)X\xB7@'\x9FVR\xD2\xDE9\x9Cw�s\xA6\xEC\xDE\xD8\xCE1ovƒk\xB3W\xE5�\xC6\\xF7\xB2\xCD��^\xAC\x8E\xA4\xD5��\xB5\xBE�)3#!\xAAT�\xE1<�g\xCB�A\x872\xBAL\xF8d%\x84K�>FJ\xAAj!\x97ImwK\xCC�\xBD\xF7C\x9B}A\x84}Xv\xEBW�\x86\x9DY\xF1��\x9B\xFAv\xF5\xB4b\xD7\xCE(\xB5bi@\xB7k\xE9\xB5Xm\xE4\xEA"\x83抌\xB4#!\xB3a{\x95K5\x8E\xFB\x85ϫ�\xF8C0\xCB�R\xF6�\xC1�\x92
-\x91\eP\xFC
-qQÄŒs\xAFJ\xF4\x9B8\xBA\xECT9Z�Y\x8DÍ„JM)q#5@*݃%\xA3>\xB7\xD6�\xC8#\x8A1Ê“m\xAD,1$\x95!W\xAFB\xA3\x9C\xAE\x91\x91r\xCCr\x81P\xA8\x97\xD8Þˆb'\xFF7so\xBBk\xC9r�\x89=\xC1}\x87\xFBG\xC0x\x8C\xA6\xAB\xF2;\xF8\x87t`\xC3c\xB4aC��j��\x81sD\x8Fe\xB0ÉL\xB6\xC0\xB7\x9F�\xB1"V\xD6\xE9\xBE2\x8C�g` \xA2\x9Ak\xD7\xC9]\xBB>2WÆŠ�A\xEB\xDA[\x9D
-1l�\xA9�\xE1\x94\xF9\xBB\xE5 \x86\xB3%\xA4iW\xEE`4\xE1\xCC$��_�v\x84\xC4O\xB0\xF14;בe0�5\xC5��\xC9P}\x87\xC0i\xF1k�\xA7�\xEE\x98��V\x99\xCB̪\xC5�\xA7 at d*Æ"{1�Z
-kj\x8A\xE1�gN�\xE3^2\xCD�\xE0�\xC7Úw'\xB6\xA8�f\x93\xF6X\xA1RÇ°\x8C}�\x8CvM\x8C\xEB9h ��3~�� �\x82��\xCFG VN\x8C\xEA\xB5`\xB0r\xCB#�\xD1\xF0Q$\xDB(F5.2�\xFC\xFEN�\xC4N�\xEF$\xC9Q|l\xFA2\x90\xB4\xB3\xA6\x87c\x89>\xC9h;z\xE5FQ\xC7\xEB\xE0V)Þ²�\xD2\xDE4\xEF�F\xCB\xEB\xDFR\x88�\xF6\xB0\x8EÓº\xF2�C\xFFY\xCCJ\xE3�8\xC6�\xAFUÝš\xBE} )`�\xE4\xAC>\xA5\x9F\x8D�X\xE4\xE0\xB8\xDD2\x908v\xAC`\xE0\xF4ã«°\x83\xF0\xFCMdž\x8Fé Œ�\x8F4\xC0\xC8?\xC7{�\xA3�1\xE9\xC7%zX\\xAD*\xA2��\x98\x92\xDCkS�Þƒ\x8A�\xD1q\xDA\xCC��6j\xE5\xF5jB\xD0�\xB6\xE4^+�\xCBsT\xA6:<\x87&s\x9F\xF8\xB2 \xDD�\xF4S\x8B44~W\xB5\xAE\xDA`�c\xEA\xC0\xD0C\xE6\xF5n\xB1b\xB4+\xFE;q\xCCw\xFDi\xD5�\xED\xB1\xE3 at p\x88\xD6\xCD\xDB"?\xA7\xDAUe�4!W\xAF\xE0\xEB2+Y\xE4\xF7H\xFF\xADZ6�\xA3\xB2mä‹Ž
-\x83\xBEq\xE9EUP\x93' dYC3\x9Cb\xF8"]6\x90\xAE\xB7b\xF6(j0\x99)-�\x90.\xD1�^'\xD9x`\xA5�~fÄ\xD9\xD4Úº\\xDDXuJ\xD4 \xBC\xD6C|\x80\xC6Ζ\xCD?\x93\\xB5\xB4/E\xFC\x86~nO\xB3\x87}�\xD1�\xED\xA5\xED\xAE\xE1\xBEix�\xA6��\xB9�1\xEE\xFDp \xD7<�\xA7L)\xC6\xEF@\x969,\x9C\xC3o\xFBMhÓ±\xA0./\x81\xC7�\xE8�\x87-\x87{1S\xFC��Ì©�Æ©\xE0\x8BNA.\xBF\xAF\xB0\\x9C��Ý©��ϧ;\xBBM\xBA\x8B\xFC\x92^\xD7\xF1�V\xBF\xA46\x9E\xEF\xBA�\xE0w\xB1>�\xAFc\xB5|&\x9Fy_^A\x84d7Å«t4\xF2K`\xDD\xF1z\x9C�\xFA�'\xCEy\xAE\xADt\xA2\xB8cw\xF8Ya\xA5\x81K\xAE�x\x9D\xAFl\xBDb�\xF9\xA6\x97\xDFL\xBF;\xB5 z\xB6Ñf\xAC%\xBEo\xB7\xE1o=\xDB
-\xDE�\xA9SÍA\xE9W\xAAÛ„\xAC\xC2Þ³\xCF\xD4$p\xFE�1\x9Eg\xDA�\xF5+\xB5\x8BZÌŽo\x9A\x91\x8Cã´ \xF2Ö°$X\xACho\x8B\xC5
-\xD3j� \xA0��\xBB\x9C_k�?~�\x96\xF1�wÊ¡\xDDQ \xF0l\xBB\xAEn`X\xBFw\xDCi*>"A\xF3B\xA4\xF4\x94ÄŠ\xA2E\xA4d}q\xFB)�\xC5\xE2Ü \x83k\xA6�-\xB5\x92F\xB8\xC3Ũ=\xF5\xBDjd]��\x866\x98\x91zW\xC7Ȫe\x89\xCE��g"\xDEp]t�<\x93\x90\xDE\xECz\x89U\xDFV\xF2\xB7U\xF1\x90��\xA9�\xDDG\x96�a��\xDFf6.\x98?/\xEBMu+\xF80KI\xAFaf�\x9F\xBD-�\xD6\xE5\x99%Ü„ /-\xCC\A'EƬ�\xC7N+\xFEYu\xD8\xE6~\xAE\x91f\xC5q\xB1�4-hc\x81pf\xE3BTJ\xEC",R\xE3�\xA8\xDB% \x8A
-\'8\xEE܅\x8D\xFE!\xFC)2w�\xCCjt^\xC9$=\xCD\xE0\x95\xDBa\xF2Г^"m\xF6v\xE9蓤\x92 \xFA\xB0].\xEA\xEB!~sH\xEB\xA9Gs\xC5{�\xC7\xCEyzS\x89;�m\x80\xB5lo\xEFf\x92\x9D\xD8v\xAA\xC7\xE4\x87\xED\xEC%\x97hn\xB2\xE1�\x8D\xFD\xF7~%�3\xB6\xE2F^\x96\xBD\xA3\xCFV<f\xE9\xA9
-W\x8F+\xFAU\xE1[�\xB9T\xF6\\xF0\xFF\xD5j\x97
-\xF3�\x8CD\xB0�\xB2Ì™\xE8\xBB\xF0\xEDD :E\xB0b\xDB+\xAE\xAA\x80\xC5`\xB1\xEE�\xC2\xF10`!�Ị\xC9?\xA4�\xB8\xBAK�\xA6�u\xD0rqO_D\xAC�w\xEC\xD8\xEEÜ›\xB5\xEE\xAE�J\xFCÄ–\x80\xC1)\x85 \xB2\xCBÞ”\x9D\xA9Y�aÍ„u\xCBÕb\xB8:\x83\x8A\xCE\xDDk\xD9T\xC7D\xFD:-�\xB4wz�\xE2\x82��X\x99%3\xB8\xF5U\xA4\x85\xBF\xF9\xE6\xA8�y\xB9\xE2\x8EE1x%\xFC\xB2�+\xAF]\xD3X\x9CÕµ2�\xEB\xC5\xE6_2\xB4\x89\xCCmiP\xCB�!(}SuE\xBCi�\xB6\xE9\xF7:\xB9P\xB1\xB06v\xFEUgp'\x8Fwƾ\xFE]\x99\x81\xE6\xC7h\xD0\xD2
-W#5�\xDCw�%\xF1\xDBcm~\xD3S\xE0+\xD0\xCD\xF0\xE6\xCF
-ݪ\xAD&Z�\xA7\xD5�\x86]\x94�΅:Ov�\xD7'\xA7_O7\xB8\xA2n[g\xF0\xCD)q0'�\x8E\x97\xBCΘ�\x82\xD9����W\xB7A"\xF7\xF2\xEF~�n�S\xAF�\xE9s\xEB\xE6\xF3Y\xE5A\xC1\xEC\x800\xEF\x8A\xD1n\xB5\xCE�\xCD\xD1x�\x9C\x88]a\xA0`w\xBF\x88�\xEF�\x9En
-)\xEA\xB6\xE8xN\x9C\xD5\xE8\xC6 &×;\x9Ap#\xA9\xB8\xDCp
-\x82\xF4�\x9B\x82vJ ;Ô—p\xE4\xFDpM_\xF6:BVb\x95\xDBb\xB5p&@\xF6\x8D\xF7Þ©g a\xAB\xAD\xF1\xCDi\x95ZSR\xE9\x83A\xE1p\xEDW\xD3�\x8D!\xC3�\xA9\xF0\x9B6\xB5*\xAF\xA1\xF7+h\xAE\xD8?\xB2\xC34\xB2S\xED\xF7\xFBx\xC8�Q�\xDC\xE7o\xC8\xCB
-\xB1\xB8*f\xF9\xCC\xD0>\x8A\\xD1+͈z\x8CÓ²\x9A\x8C�Ö¡\x9D\x969K\x97"]�\xA5 \xC7,4�6\xE4jË’\xC4G\xE7�iYÒ¶\xA3A\x9C\xE9\x97D\xB1\xB5Õ‰Tm\xE6R�\xA5j�)\x81��x\xBFh\xD0�\xCF\xF6\x91\xFBd\xF6�\xB0\xEB�� \xBA\x91>\x9FH\xE0\xA4\xE3>Ò°Ê\xA4S\xB5\xEB�⸵\xA1\xB4\xAEk\x86\xCAn<\xE7j\xC2=A\xFA�h9Fl\xDE#�̬a\x8Cp\x8B\xE4Å•x \xD0�\xBD\xCC\xF0c×®h\xE4Ut\xF0]p\xCEq\xBF\x91C�Q\xCF\xEC=g\xA5\xF7\x8Ba\xA2i\xD6�D,"W\xEB�!OZ\xB1);\xD8k9h\xD4�\xB6!\xB1q8�p[\xE7�4-\xBE\xED(><L9Kr\xA1e8i�M\x86\xD8D\xDE��N\x9B\x84\xAD\x92ba(\xE3<"ß„�\xDE\xE9\xD4ㆪ%U\xF1e\xFA\xE0��\xEA\xE2DU\xA3:u\xBE\xB6E\xE4�>YI04�\x87\x8E\x94J�i.}4Ku\xD1\xDE~\xFA>,'\xC4\xC0\xB3\x87\x929\x95\xAAi\xE02\xB2\xD1\xF1N\xB3\x8EC)�\x8900�v\xEDÏŠ^K(Xl�o\xF9�27\x9F\xAE6lu�\xCF�\xC4\xE83M*�\xC40:�\xD8�\x9A\xE6\xC8Mo\xA37\xD8j\xA8\!K\�\xB5~\xDD\xD1\xC9\xFF&\xC4UU�\x84\xD5.\x8D\x84>8E�`�[\xA8H�\xC4\xDE�\xEF\xBA]bVa\xEF'H�\xB7[j\xE0\xB7\xD5{#hc\x8Bc\xF8�(\xF9ÊŸ\x9B\xE6"\xBA\4bX6\x90�\xF9\xF7\xD8�\xBF;Q\x97\xEEÏo×’|\xA8\xEA%\xD7\xF1\xBB\xC9"
-\xB0\x90\xB7\x9F�\xEE�No�\xB1̱\xAC\xAB\xFA@\xA7\x85\xA2\xF2E"\xFFW\xB4\xA1\xADP8ov��ZSQ��v\xBB\xB5S��v\xE2\xDBk\xB8\x9D\xAF\x94Ý¡]p\xE8>\xB1qY\xF6\xCA\xCD�Q�\xAD�ca\xB1\x8E\x90\xFD�g\x9B\x93\xC55\xACqÕ¢\x83��\xF4JSF\xD8\xE0\xBE =\x96\xAF�~\x91j�óˆ‡h\xD2u\xF0\xEE�\xDAm�vBZ\xE65\xB1\xC4o*J�\xB6\xD7~̳\xB2\xA4\xBDNkÒ²Y\ \\xAE\x85\x80�x+\xE1v\x9F$\x82su�\x9D>YÐ…�\xBB4<8-�\xA7\;\xB4/\xB5\xDBb\xCBQ�
-\x82\xD1&I\xA0r\xCAX\xA5\xAA\xEB,\xAC\x82\x87}\x89 $+\x98\xCE\xC85�-$\xC7�oU\xD4\xE08\xEA^vFVi�]u\xEE��\xA7[(\xE3L\xA3\x8Fe�=�\xAD�\xC0\xE0\xA8�6\xCFb\xA6\xF3GX\xFE\xD6M\x99R�\x8E\x96�,\xAE4�3\x9FK\xD0%�1(-\xAC\x93\xADj�gЖS�\xDE\xF3�\xF4%\x88\xB5?\xC2Y\xA5R\xBD 5\x931l\x90\xDDT\xAD(\xA7i;\xC2}=\xC21�G\xB7,*�\xF2\xB4\xE5\x94M\xA71�\xDD-͡\x87\x92�\x84)\x99\xA2\x9Fۣ
-\xA2F
-�G�\xD3a\xBB)]\x8Bp\xF7c`\xA8\xBD\xA7\x91�֯��\xB1�]=\xEF\xBA�\xD1 \xC5Z\x90V\xE8-q{\xFE\xAC\xEAXd\xF6��\xE5'\xC2-\xC3\xF1\xCE#(H\xBE�\xFA�o\0\xBC�\xB452`�\xED\\xAD8\xA6l\x82\x88�\xE0\xFB~
-T*�\xBA\x87\xF0͙�\x89\xDE�\x8Eg~B\xD6ƿ@\xC2\xC9\xC0\x99�\x8De\xB0\xDB�z\xBA\xF5\x8Fa\xE1\x98H\x89T\xBC\xBBl\x89\xCB`\x8Dkp�K\xDC�7U \xBC\xA5�F�Y\xA9\xD4�7\x8CG!\x98�0\x98\xCD\\x94\xBCs\xF7>f\xEE\xF3w.%�.=\xF2��e8\xCA3;\xE7r\xA4\x9BW\xD1�HĎ5\xAB\xD5u\xB5R\xC6�\xE1\xF0 f\xBD\xA4+�%�.\xAAKM\xC0\xA4W]�-\xA2�\xE1\x9E\xE1\x98\xCCFQ\xCFv\x94Gb{5t\x89�\xB4w�\xC2\xCCU�\x8E\xBET\x9E\xEB\xEDZ\x9C˔,\xBA\xE5\x8E\xFE\xF6~�{\x99\x90&\xE7~:\x8F
-f(�)=\xCF@\xAF2\xF9\x91\xDDW \xA0_\xD3,\xEB\xCA\xF2\xC8:\xE7UO\xB6|E?\xCE \xC65@\xF1sn\x87c=G9o7Ux\x9CO�\xAC\xBC\xAE�\xA6E7\xAB|s\xAB\xBC\xEE\xBA\x9F\xE9\xDB\xDD\xCD\xE1\x8C\xE05�\xB4\xF7�\xC2\xC5\xF5H\xF9\xE6 X\xF5�f,\xBA��\xA6�\xEE��e\xEF�\x80\xDE˪\x89\xC6܉͘'i)N#T\xD7\xED\xA0%a���V\x8D\xD1\xE4m~\x95\xE6"�]N<\x92\xA8\xBD\xA9�n\xB0Oy�\xE6wɿ\xE4\xF6\xA8\x81�I\xF7x�\x91qŎ~�\xDA\xC2lԵ#ݎ5\xF4e&\x904M\xCD�̼\xB6\xD5D\xFD�n\xAE\xA7u\xD1!\xB6\xB9PDѴ(\xAE\xD3\xC1\x83p@\x9F\xA4CH���\xB9\xBDucD_Ñ.\xE8\xF5h'\xF0 \x97V\xE0\x96\xCFa]b\xDD\xF2\x89\x91\xDA\xEF\x8F�e\xF0\xCF.\xE3\x99\xE5\xF5\xFFo\x90\x8D\xB6Zj\xF1Ok
-Ns\xD2\xEE\x80D�\xF5l\xB7z�\xF0�\xB3\x8E\xF5U\xE1>ÿ\xBEF\x9B\xB3.\xCB\xD5�D2\xAFpp(\xAD)ζ�]\x8E\xBA`e\x8D\xCB\xC1>\x8F\x98u\xDA�\xEDcÌ–��\xFA\xAA4=\xF1\xB7[Rq\xB7\xE9%Æ©@}\x9A@\x85b"`�\xBF<*Ê’\x99\x82\x83Y$+mY\xC7��\xA0�9`P\xAE7Ò·}Sa̦\xF6\xF3<�\xD52H{\xA5\xD8n+\xA9JqÈ,^'6HH\xF3Ó£P\xCB�\xA8\xBE\xAA%\xAA1\x88\xDDV+Fx\xD8�\xCB�\xF0JÛ�\xBC\xBA�ÊŸ�\xC1\xEA\\xA9n\xF7�<\xAA\xA1\xEDJ\xC85Y+\x88 @\x9B\x91\xF6\xC7\xF7_z\xE1“,v\xDC5y\xC4T\xE0M\xB0o\xA4/\x9DY\x99,�w�\xDBy\x99ow\xEE"�^Ixz�\xD2!t\xF2fÔº&;Lf\x8C\x{DCB0}\x9A\x85\xBA�� \xAC\x9Df
-\x86\xB7�pj\xDB\xD0?a\xA5
-_�\xF5\xEFGl\xDA �amd\xAB{v\xF8`\xA7(\xED\xAEy[\xD5\xFEF\xF4)\xC1F\xB5\xD1PӶ\xFA \xB4\xA9YM\xD9\xF7\xB6,帕\xCB\xFA \x8Cw\x88a\xE9ȴ\x99\xC1\xDB�\x87�6\xEF\xADK
-\xAB �\xC50r\xF9"U\xEB\xC5v\xCC[�!�\xA7eMjw\x9E\x83\xF0\xB6$G\xD8g�\xD8SU\xE7H\xE6\xF4#\x8Br\xC7\xDE\xE5]Ó»\x94\xF7\x89\x{DDAC}�\x87{�\xA8u�\xD6S%\x82&\xB83\\x8Cc\xE6\xFA\xB4� o韀\xA0\xDE"\x96\xD5\xF3\xEF\xB9Ñ'#\x9E\xC1.�Y^V\xFBÖ¾�B\xEF\xD8\xEBQ\xC4\xC0�\xA7�ᾓX\xD7k\xEA nw�\xE2\xA7Þ·\xFD\xE6Id\xF3�\xF7]\xF8\xB3\xD6ݪ
-\xFE}\x88D&\xFD\xE0d\xB9\xAFu�:x�<5m\xF1�\xC7\xF2\xA0"\xF6\x95,\xC9\xCB\xED�R� \xA11a\xCD\xEFz_\x98�\xD5.b43\x91o:Ғz\xF2�V\x8E%y\xC5�I\xDA�%\x94\xD6U\x98\xBFr2Բ�d\xC4;�ö\x87G\x80dV��\xDA\xEBf!s\xC1\xDC\xE20\xA3 >\xB2_�\x9A\xF6\xC0G"h\xAB\xF5�F�N\xB5\xAF\xEE\xEAfft+\x8B\xE5H\x8C\xA6\xC3N7\xED�xc\x80\x9Al�
-TUK\xE1,\xD9\xFAѣF\xFFM;�W\xB0{\xB0\xB0\xF5\xE7垾 \xE3 \xA8\xB3�S\x86(I͙‘̰\xB3\xBC\xDA�\xBD\xE3\xB5\x{1B1D739}�=\x9AL#8\x87\xBB�\x89\xF1�\xACY�\xE5}5�\xE1X;\xD9K\x8D\xB5i\x8E%՗m\x83�K\x9Fpn\xA8\xF3�ߺ�\xC0��\xF2σi]\x8F\xBE\xB3a�5\x86UԞ��\xBBR xZc\x92'+.Ì�\xCE\xDB\xD9Q\xDD\xEEad\x98`c60�\xAA2G�o$\xC2\xF8\xA6\x9Bk\x97\xCC\xFB \xD6%\xDC3b>\x8B.��%�?\xFCS\xA7�Ƶ�\x82\xF2\xA3Jjw>ps\xA7\x95\xE6���o\xA6\xBD\xF2\xDC\xF1\x8D\xF1\x8BL=\xBC\xD3ك\xBA\x9A)J6\xD2�;\x89�\xC0?\xE5B�\x88|\xDA*\xE2\xD6\xC2Eܼ[�\xE7`\x8A\xAF\xC9\xEC\xB2FT\xA9r\x80nY>+\xE2�\xE2\xE5)\xAE\xC8e\xFB
-�|S\x97F�,m\xA7-:~��_��\xA4\x8Ce\x94G=*\x81�h�\xBA\xA6\x99\x88R͕D\xA2\xDD\xEF:{\xA7�='(�\xD9ǣ\xBA{\xCA8Ε'\xD5�U0*\xE8:\xD7�N@\xE8NK�+\xC8A8s\xDB3\x91]\xA4ﺃj�\xDA\xE3\x89;H/�*\xFD\xB2\xD4\xC5\xDC ꑺ当\xD7�\xBBS{\x84\Y�)\x8E\xA4)!(\x9A\xD2�b\xA4\x91y\x97{g06\xE2w\x99�v\xAA\xFB\xFC\xB1\xDB4\xBFT\x80\x9B;u\xDBwVE_�\x91\x9CdP\xB1\x9F\xB1
-d\xF0֑LɌ\xEBEV\xCC�\,�Rx\xCCZ\xB8\x8D��\xD5/�\x9Ci
-\x82
-\x92H~\x87�<\x95\xB6\xF2X;\xA6L\xCB\xDD
-{\xCA\xF86\x9A\xD4Y2OX\x87꘢\xCB�^ڲ\xB6\xD8w\xF9�\xF8l\x9B\x81\xE0\xA9\xEDs`\xB3~\xB8\xA6�\xB8q\xB5'\xBA<
-\xA0!,r�P\xB1\xC4qկ\xCC\xE7H\x80\xCAxx�O\xD9,3\\xA2m\x8F$\xA7\xC4a\x8Br-�o�Xk\xFA,!\xACk\x98\xE6\x9D<\x83Q\xC4yv\xC9\xE3\x80u�:\xD9C\xB8]\x86�Da\xA3\xABW�\xB8j\xA4k] Z\xEF�\xAE\xE6\xA4-"\xF5�\x8F\xE1�\xD4m�;�\xEA\xA7�\xD6�\xEC\xE7�\x86\xEE\x97\xF4\xBAug\xAF\x918U`$S\x9C\xCD�V\xAB\xC9\xC2\xD0k�\xC2+.1\x98�\xBClW\xC1`�\xD4\xD1\xEBx�Ӛr\xEAPxx \xDF�\xA8hƛ\xDC\xE4n�\xF0\x80\xB3\xDD\xE9\xC6h\x82�\xF2\xC2AI5�\xEElMU\xF6p=\x9E\x81cC\x8D\xB0\xF0\xA0a?"2��\x98\x97\xBB��\xC4�\xFF\xAE\xF4e���aÒ+\x91\xBA\x91�?�\xEAT\xC7\xC3\xE2gȑ#†ĖV�\x80<lD\x8FYK}�\xECW\xF53 f\xE12 d\x9A\xCE�\x89�h\xE6t0��0\xF9\xDE4 at 0\x86�\xF7\xB8��L6\xBC���\xBC�ߩ\x8F׸b\xB8�\xF1z\x8B
-\x8D\x86�\x95�\xBAM�\x98\x9C\xEE\xE0\xE3\xF7�\xD7 aN\xD3�6\x82� �\xDEn\xE9,0\xD8\xD6rP\xEE��ß®\xE8x{�\xB4U&\xBC;-\xE9Ñ\xB0n�\x9F\x8A�\xBA\xB0g1\x95A�Y?kl\xCF{\xAAÝ€s\x90��+B�6=��N\xCFks�\xFB^b/\x82��4\x89\x8C\xF8a�\x9B+\xE6\xAD\xE2\xBEd�[�E\xE2\x9D�3(9\x99\x9Ab>\xBC\xEF&�{k\xCF�|�v-m�\x95K\xC6\xF3�LLp\xA9\xCE\xC8_%\x8Eb_Ifoqr
-f\xF1+=�\xB8 Ò\xE9i�\xDFG\xD6Ôšei��;\xF7 \xDD\xC6\xF7\xA3j\xE9\xFB\xEAJw?\xF4\xF6n\xFD|�\xC7*\x8F\xC7ʨ\xA8q\xE1\x91�\x86�\xECk�i\xBD"\xA5�\xCF:\xFB9\xA82�\xFB\xF6\xB3D\xAC\xE4Ç·). \xD5�U\xDA6\xA4V\xC8`\xA2\xF3�k\x82\xEBY\xEBl]n\xE4<-Q�\xD9wq\xE9ua_w\x9CAS\xFEK�[;\xB4\xD6e�\xC4\xE7J\xA4\xD4Ö•\xAD\xF1n\xE1\xBEy #\xA8\xE5 U%\xE7\xD2�_\xF6\xE9\x97 \xC8\xEFAM\xF5M\xEE k^O\xB7\x94ip\xF3#\xA6 9'?\xBF|�\xBE
-\x90\xF1#Pr)\xC1\x89\xEE&\x9C1\xAF\x8A�e"\xD8\xEC\xE6\xF81\M\xC2\xF7ZvgÙ¨\xC90\x97 �wcI?\xBB]Bv\xE9\xECu_\x83�\xC3FAm\x96\xD0:s/\x81\x97g/�\xB4\xBB\xBB\\xED\x82A\xDBj\x9C\xE3|\xA1\xA6 �\x97\xEB\xED$\xAC\xBF\xE9É’t>ÄŸ\xC3e\x88\xF7u\x98[)\xEFx\xFCV+\x97\xAE V\xF8\xBE\x9A\xEE\xB7r\xBF\xF1
-:W\x9C�,n \x94 \xECx\xFB\xF0`\x84\xB5\x97x\xAB\xA9\x90\xBDS~�A z\xEC�l<㪒\xDA\xDB�;\xE2\xD8\xC0ۻ\xF5\xAB#h\x95\xD3��\xA8a\xBDx\x95\x89W\xAA\x9D�(\xBE\xB67#7|\x80[\x83fE\xBB/�)\x81\x8Cfϩ\x8D�qa\xEE\xF2�R\x85\xA0`\xB5�\x8B\xD1[^D3\xFE\x8C�\xD7lHi1-*\xB8Wn\x85\xAE\x9Dϑ\xB8f 6Ezi\xE3��qG�AK\xA7\xD6\xC0\x86=?H7�\xE1V͹tWM\x95\xF3�b\xB2\xE2\xD8\xD2\xEC3\xB6nއv:\x9Fģ\xEC\x82K]F\xEFWja\xD7xrb\x8Aģ^\x84x\xD2�H\xCF\xECLPL�W<\xB1B\xEB\xEE�\xC6\xC8)\xD2�\xE48}B\x90\x97\xCE\xC9\xDB\xEE^�h\xEDQ\xDDF8\xEC\xA2�֖\xA9ׇ̬w1(P\x89\xE1T\x8E��\xDBH\x84K\xD6\xE8b\x8B\x85[\xBE̴UL\xACR\x8A\xB8\xEDa'\xC9pngo\xD38�\xD8x(�0\xA8\xBDY\x8B]\xAD\xFF^\xFA3\x80
-\xD5m\xD5W2\xBA\x9B�\x98\xB9F^fw\x9E\x96\xE3>\xB2\xBAQ\xB2\x85\xA3\xB7\xEC=\xBA\xCE\xC2Փø�iR\xEF\xC9\xEF\q\x8A�6MgJ�j$�w\x92Y)\xFC``\xF3<0\xDAs!#�\xB7P\x8A\xBDÇ\xB8f\xAB\xC3tÚ¹3{\xB9\xCF\xE9f#Ì�\xC2����4UO\xFE\x9F�8m5\xB1�\xE2g\xAEÕ¬`?gO\x80\xD3z\xA8+\x81\xF3Q\x931)\xE3�w\xA5Z}��*\xAE\xCE�9\xAF\xEBA7\xC0y�bSR\xC0\xFA\x94\xE0\xD9L\xC6>r\xE3+\x8D\xA8\x965\xE83\xE7fX[�t\xF3T\xFB \x90\x93\xFBE ~\xAC\xC0\x94\x9FBJ\xFBÙ¸\xA7\xC0\xBD�E\xCEO\xDCd\xD4\xDB(-O\xEC\x9B6)Bß\xDE���\x88v�\xFF�`k\x86dgz\ \xAF\xE8\xC76Ö¨4vO\xF9\x93I�\xFA\xACm\xAD5r�\xDBÚ¥\xDDG�\xDD+n;eq�\xABw\xF1\xBB\xE6\xA5,\xBE\xECpY\xEE\xFEɦyΣI)\xD907�\xA9'\xC1Cĸu�2\xF7t7s\xDD^rAIt\xA0X`\xA4\xEA�Ï™\x820+&I\xFD\a\xF3-[�\xF0s\xBB\xFD\xD2\-\x98\xD5:C`
-\xB1\xA8�\xF1qx\xBDA\xBFV”\x9E\xD9f�\xC6�\xBB�\xDF!r}\x95K\xDC�\x80g޹\xC0C\xC7n� )\x9A\x83�\xFA\xC4\xF2o.?\xF5\xFF\xFD\xF3\xA5D\xB6��4W6z\xA4^| &惲`\x94\xE0\xC8)\xC3ȣ\x80\x86\xEE֖wS
-\x82-B\xFD:�\xB3\xCD!˳\xFF^\xE6�\xF6\xF3\xFE$\x90\xDCG\xF2\xA10<u
-\xB73xa\x9A\xF9\xCE�\xE5L\x98ץ`\x89\x9C�\xD9p\xF7f˵y\x99U�U\xCBm\xBC\xC5Ʃ\xED\xC1\xBC\xBB\x8Cq\xC3�Ql ��\x8A\xED
-\x8D\xE8\xCFT\xD5B\xF0`\x84\xC3�{�W\xA3(\xCE�z\x9A*C�#lQ\xB6\xBA\xBE\xDE5\x80$\\x99
-u�6\y\xEEV"\xE6#4m
-9
-,\xA4\xD4�Zh\xB3�c\xEB\x8B\xEE\xCE\xFD�[\x88�M�Bg\xC9F\xD9q\xB8\xC7#o\xCAL\xDCt\x8A^�\xA9\xACK\xE1s<\xBA\x9A܊={J؃ֻ�+N\xBB˹}\xEBѽd\x97`\xA0̷Y\x9E\xD7\xDD\xFDP\xF4\xE2N+J+\xFB\xFEE\x8F�\xB1\xD0\xE2Su߿\\xAC"x�޼C\x98·/\xFA���ۋ\x90\xE3Ԏ\xDE��\xBCjw\xD37\x91.fd̼ǚ\x9C\xBF\x9E\xBB\xE7�\x85n��n\xA38\xA5\x81\xA1y\xA8a%r\xE28\xAB\x91{r&\xE8zP�\xB8\xB5\x98`|�\x86*�\xDF\xCC�\xD4J$-x�
-
-\xA7h\xA1\xF1\xE4��1Z\x86\xCD�N\xD9�l^\x85SL\xFB\xE718�\xDD�\xB9\xF7�\xD1y\xAFÙ¶�J\x95\xFCe\x80\x8B\xB7�P\xA9sÅ°DZ\x8E\x8AG\xBE�\x81L9\xA4\xFD\xDC�,\xDB\xDF�\xA5\xC5'\x86\x85gx��\xB5� \xFFYr�3P\xD0wßÚŠQ\xB8nÖ¤ 5\xC3�\xAC�v#\x8E\xB7E��N9�\xBB=18\xC4�s\x8Fg�1�4\xAA3\xED\xAAǨK\xCB\xFB\x81\xA1\xC9�\x93A�\xC1\x9DO\xFB\x9Br�3\x9A\xCE��\x99\x9D\xE9\x9B\xE57sXÕb4\xE9�5\xD6�Ft\xBA\x88\x8D]7\x82\x934Êpel\xACSg\xF1\x93\xDDbn\xF9\xF4($�(��`h\x86c\x90E#\xE7Y\xB1\xDE0<\x92�i\xC0\xB3e�1\x82\x82g%\x80�gеo$.\xE6Y\xB0Ê°\x89L1c\xB6%\x9F\xA1~ljBid\x9B at V\x87qе\xFDf=8\x93Q\xEDb\xF06\x80\x81p\xB6\xADÊž\x94\xF4H\xBD\xB1\xD5
-t�\xEAi\xAF\xF4\xB6\xF4 <\xEA4\xAB\xF8\xEF],\\xB9�C0\xA7Ü•�J?V?J�>}@LÓ³�\x99\xB9\xE53J\xEC\xE8\x8Dm6\xBDp\xE5\x81Bn1\xC8\xEF`}+\x88$RA\xB3F\xB9g\xE8>V\x9C\x9A!B�zuK\xB0\x88P\x8C)\xAF�\xC3AX\x8C\xC5zv\x89;\x8BJ%�\xF1�\x8A\xAC&Qa_\x82+\x99q&\xB6�\xF3,E�\xD6d+H\xD0\xF4\xBC\x89 ?`/\xC4"\\xEA\xC8|\xE2\xBE+�8�@\x8FQ\xB7Uc�\xDD\xCA\xDAEጰ2\x97׆\xB0h.m\xF9z2\xE8\xAA\xD6AP\xFA�`\xC4WI\xD3f\xF7�\xE7\\xAAmW\xBF\x939;��\xB1\xDF*\xCFGQ$\xD5�\x98\xF1\xC5[\xA3\xB9\xA0e\xF9�?\xB6\xBB\xDE�j\x94fC\xE0I<r\x8A D\x84X9v\x9B9�\xB5\xE3\xDAÕ†\x9C\x86\xB8FI$\xA0\xD9Â’�\x81\xE6\x876RX\xAB�\x8FX\x84\xBD\xCAމƷ\x96\xA5\x8B\x92\xE5\xAB�\xA1\xC8\xEF\xD0Í´\x82\xDE\xD2�\xC4?o�f[\xE5\xBD\xC7�\xF0\xE6JÖt�\xBF*\\x93�I�c]\xD4\xE22n\x82\x83+\xD3\xD1}D\xAE#Ü”\xFD\xA8VHy\x90\xC0 \xB6\x98 m\xE5\xC6aSP\xEB\xDD\xDF~g\x83\xB6^,hs\xA89je\xDE\xDE]\xFC\x8A\xA6iY`!\rj\xF0��Ï\xF6�\xC3\xF6O\xF1P5�S!\x9Ba\x91\xD5F6\xE8\xB4\xED�A\x80}J�\x9A\xB5}"\x9F\xDC\xE7\xA12\xDFoØ•�\xC7^Ic\xAC\xE1\xEC\xC1\xA0~ˆ\xBD\x9F\xD1\xD5[\x9A%#\x9D/\xDBÊš\xF9H2�\xAEap�,e\xE6E\xB4\xE3\xFD8\x8CÕ\xBB\xB7\x91\xBBO<�\xD9\xF9ĆY\xFF�9~ \xAC4\xA9\xCDl\xE7Fe\xA2\xFAi��\xD8�-rm\xA69\xD8)\x94\xE1rm7�w\xD3vw\x9E\x95�]_��*\xFB\xE4i t��ྟ\x96N\x87\xBB=\xC4�r� \x88\xA5_Û¯\xD4#\xADɧ\xE8Wv\xC3U\xC2mF�%\x8F\x89\xA8z`�7\xCEe\xA4I\xBAM(\xBEh�W\xA3I\xC9\xCF\xE1\xC8c\x93�Y\xA5\xD6F\xC0\xF4\x80\x8B&=\xD6�MLpQ\xBA\x8C\xF5<\xB3O\x9A̓5i�v\xECpN\x8F\xB5{\xD2J>\x86\x90\xC3Q\x9Bb\xCD~�\xA0\x90;
-\xF9\xEE\xE2\xE9\xB9\xE7\xFBQ\xE5\x86\xC3C\xAFDG}R\xC3Ζf�\xBEk}0o\xB6&2\x80\x95[\xAB\xFCa\xE3\xF6\x9D[\xD8\xFE\xA8�\xF6\xB3�~\xB40\xEC\xD4�\xE8\xD9\xFC\xCF\xE0h�\x9E&w\xB5�\xB6\xD4\xC6 \xE2):r�7\xF3X
-\xCD~j�k\xD5>�I\xADiK\x8B\xB2\xDEmdќ~\xFC\xD4\xCB\xED\xA3\xD3\xFE(�\x8FT.�\xD9ʚp\xE7٪R\xDC�\xC7
-\xADQ3\xFB\xD7J�\xA6&ɖ\x90\xC78\x9B\xFB\xFA\xD0�\xC2O��\xA8d\xC59Q6\xA2#\xFD`\x9BW\xB29\xB5*x��\x8A�\xA0\xC9�\xBDLl󛄖vY�j K��\x8F\xBF\x92Ŕ\xD9^xf\xF6\x92\x9D\xEE]\xB0\xAD\xA4Ԕ\xEF\x89D.\xF3<\x8F+\x8Ck\xAB\xC0\xA2,T/\xEE\xA3{\xAA\xA5F\xD6\xF5,\xE7\xBBHϰr\x95\xD1�j�\xD4bv[\xBD \xD7Wܞ\xCF\xCA\xDBo\x89
-\xED|\x9C\x81\xA5\x96\x95Ak\xE9\x8C\xF1�i\x96y�\xDB\xEA\xABU��\xBFY�\xC9\xDD\xF6\xEA\xFC\xFA\xC4
-\x8D\x9B\xE5w\xEC7L,�V\x85N\xEBf \xD7y\xABQ3\x{12B2C1}9\xBD��\xF6d\x96j�at�\xAE3\xF7Q�\xE2_tl\x93\xE6Ғ\x99�bQ\xBC
-\x9D/\xEB\x8Aa\xAF'�\xFA��\xAC1\xAC\xF9\x9Bۮ\xCC�{\x9Aeܧ\xE7\xFB))\xA3\x88\x9A;v�/\xC1\xAFU\x91�?\xABZ\x84\x963\x90\xB7\x95V\xFA\xB8~u\xD4 �YǓ;|a\xC5P&\x97=\xF7tV\xC9P\xA2\xF0)@\xA4S\xDA\xF0F\xF3$-\xE5\xD1S\xCE=\xA5�\xBF\xA6\x9A�\xDA�\xA7�\xF2\xDE�a\xFB\x9B/\xE4ɥ\xC9�֬\xAAB=\xDA�SЄ\x95\x91�\xAA\x81\x8B�\xF7\xAEM\xF914\xEDO]Φu\xE5R��\x82\xD9#\xC0\xF7\xFAͨ\xF9e2\xFB\xAD\xFD\xE7<f\xA0\xF5�\xFA\xBAm.0y\xA5�2\x80\x95�{a\xC1\x97\xB5\x96\x93mI\xC0Y.\xAB-r�\xE3
-\xBA\xAF\x9A\xFF\xE2�l\xF4\xDAr;3Û£'\x9D \x9EYS\xCE0{\xCE�\xA0L\xCF\�\x94\xCB"\xA8\xAA\xE3s\xB5!\xBD\xDA9K\xA2@\xC5\xF0\xFE\xFE@Ú¶\xB0@\x8F5Ä\xA0=6\xBB�1B\x98\xD4g\xE0\x8D\xE6J�\xC8�\x88\xAD8K\xFE\xEE\xEA\xF9\xA2�B\xED\xD9'=Fj\xE7)\xE12*"-m\xC8�\x9F\xF7'\xA0A\xE6\xA7\xE2\x81Ý\x82>g\xF3wWXÔ4\x93\x9EvY]
-\x9D;\x92\xBA\x98\x97-U�܉\xAB\x95lƘ\xD1\xC8�A\xB3\x9FW0\x9B\xF4Xo\x83\xA0\xC4\xEB\xFD�\xDB)x\xA7\xE5\xF9\xBC\x85\xF6�\xB6:<\xAF\x89l\x8E`\xBE\x82�+3\xDA)\xEB0O\x8A\xBF3\xE5ÄN\x9E*\xAB\xE9\xBE�\xD1:B�\x85\xC8�(y\x88\xB7x\x9Dw\xE8J\xEE\xA6\xF4}\�1-���\xEBTB�ÙºÒ†�\xB3\x9D@\x89\x8B)\xE7{\xCE\xE2C��\xD3Z\xC0\xDB��\xB4:\xEF\xE5>o�S�`:\x93e\xB8\xB5\x8F\xA5��\xF7)\xDA\xD4\xEA\x8D'7Ù¾\x86g?\xEA\xE4�\xAF at q\xB7]"\x8EE\xB6Oć\x939\x88p��ƶ\xA6,s?lhsÂ\xE0\xBA\xCF:\xD0,6\xBA\xDC�~%
-\xA9\x9E7\xF3\x90�5\xBB\xBD\xEB��I\x97\xD5\xEC
-�[i \x89h\xA2j��Q\xBF\xC3Uƶ \xEC\xC1؇\xDBB9\xED\xF2\xFA0EO+φ\xE8\x95lߣ\xFB\x82\xB7V \xED\xA3O{$\xF1/d at 4�\xBC^\x84K}\x8Cl\xD7W>!\xDE[ \xB1�\xE5��:J\xA0h\x89/v\xEBC$I\xB1'\xCB\xF1�L�\xEB`1\x98\xDD\xC0�7?�\x9Cl�\xDCy\xB5\xBA�(�•xe\x9Cl5a\xD4%�g#h\xEE\xE4\x9DK\xE4\x83$yGi\xF3\xCD\xD9Z\xF7\x83ܜ�\x95\xE4�\x97T,G�\xA9\x86\xE2\xFBAEG\xCA)\x8Dd\x89\xAEF\xBEx �\xBF\xC3=I\xC1\xBC l\xFB0\xC2�
-P�^.\xE8�\x84\xB9\x9E]\xE1\xB7d\x9B\xAF\xA8\xF7\xFB�"�\xE5+\xEE\x94\xE2\xD4�\x97\xBD\xB3"g^�N\xEB܀�9M\xB1r\xD7!F\xBDb\x95\xDDϼ\xDD�~2^4\xC4YE�\xBC"\x99\xFC\xA4\xFA>\xE6°\xEB$\x8E\xA9z܎\xF7)\xE1M\xD1'v
-I\x8C+U���J\x80\x9E\xC1QNGz(\xB4\xB2\xC1VK!9(\xF1d_\x87W\xB2�\xB2\xD9w\xAEg}gI\xE6:\xCD\xDF;\xA7\xCD;V`�\xAB\x9Fl�6\xDE5@�r}J]`\xB6H\xD4�\x8B\xC86<�\xE9 at t��Y\x80Y��[w\xBFϬ(\xDC\xD9R\x82\xE0\xB2X"{\x90<\xC0\xE5YW(`\xEF\xDA'S\x97Q\xAD\xAC\xBD\x85,t�\xDBuv\xEFkg\xD8=\xFDE\xA9O\xE0\x85 cI~\xDD\xCFz\xC2Ẍ́Ĕ\x83\xBB\xB5\xD7\xE0iY\xA3\x{DC8C}\xBE\x8F4\x80\xC1\xB6\xFD\xF8]�\xC5\xE9\xAE \xF3�p#%\x95�bٳ;,��\xC3h\xDB~\xDFђ�G>\xF0\x9B\xEFPH!\x9B\xAF�xBe\xF35W\xCCW\xEE�6�\xAF\xF9�\xE8\xC1\xC5\xC6?\xD9`�\xFB�\\xB5+ɂ\xC4�i\xF6\x92\x8F\xF3L쬟\xFC\xFA�\xE2NO&\x82�\x9E\x97\xD9g(\xBA\xE5\xCD\xD8B=\xA6\x9DK\xE3\x9BL\xBA\xCE\xC21\xA2z\xCBf\xF2�zM�`\x98\xDB�]\xBCmJ \xF5O\xFD0\xC8\xE9�\x90\xA4\x90\x98\x93\x9A\x82y%DR)h\x9C\xFF!
-\xA2ΔD7CA=\xDB\xC3�\xCCZ\xFE(�\x8B2�سȌ`w\xD9^\xF4\xC5�pg\xBE\x9C`Ú‘Q<\xEAB\xC0\xB7\x96[\xA6R/\xB0&\x87\xB4\xC7\xDE\xFB`a\x97~@9\xB0\x97{}\xFB\x99�jb6=r�� \xAF_\xC0N\xEA\xAB\xE9Oß\xC7UQ\x8D\xBE=_\x86\xFA�B\xB4�\xC3\xEB\xB2*b\x86Z\xD76%\x82\xAD\xDDy\xFD\xCF_\xBB9\xAE\xDBb\x81ÐŽ�\x8BÎ4mx\xD7_�\xB5�a\x97\x9C\xC1��N^ii\xAC\xF9\xA5\xB8\xA9\xFDJ\x9D�\x84\xA7=SR\xEE\xBA\xDB?�\xF8\xA6\x9B\x8Fݹ�\xA0\xA7_e\x80\x86A-#lz�\xF4;�\xCA�q�\xA6\xBCm\x99\xFE\xB9г\x86\x8F5\x8AE~\xBC\xD5̳\xFD:\xCD\xD8x�\xEB\xE8\x8B\\xC5;Q\xBF+\xD62\xE1E\xBD\\xFF2\x84%Ö€\xE7b�\xAB�\xDF3�\xBB\xF2UoIAfS\xB7w\x9CL!\+;{VK\xEA t\xBC�\x89\F2Íœ\xEA\xD1J\xE1\xE5,\xAA\x88��^\xCE\xFC�\xBE�\x96\xF1�\xE6 \xB77\xA7\x8Fc-]sJ\xE1lu\xEF\xDEJV�'\xB0�6\xAB\xB6:#\xEA\xE9qL\x95\xF9\xE5�B\xF2\x8A\xF70%Zvj�È‘\xF2\xB3!Z\xDD/Ù(uÉ<\x9F-c\x99~\x89\xDBS(\xC7\xCC\xDA�\xB3\xB0\xDD,BZ)\xE0{\xD3?\xAD��Zd\xF2)\xAF\x94-\xAD6\xBA\x8B\xB4\xA4�h\xC7k\xFC\xCD\xC7J\xE6O\xB3\x8F\x92�\xA1�\x95u\x8D\x84H\xB5\xC9?}*w\xCA \xD4xN\x8C\x90\xDAרf\x9B1\x82�\x9Ak\x80��6�\x9B�T\xAFFS\xDD\xFDzZU\xD04?\xD6�\xA9qZwPy\xAF%\xA8r\x87\xAF�\xCE M~\x90o^\xFE\xB9�\xF7\xB3\x91W\xED\xB5K\xF2\xA0 \xB1J\xAF\xF8\xA9
->\x8E�aI\xBD<\xA4⺶\xE5NV\xABQ\xE2\x92P\xCDhI0\xBF�\x87>TU\xCB�r\xE5\xF9\xAC}GU\xB7+TY$\x93ړ\x89uE"\xF5MǶyO\x87[�\xB6\xE8\xE5\xBD�\x840\x9E+c\xB8}=\xB9�+9\xCA�c=\xEEʯKǕ\xF3e\xD8nw36\xBA~�w\xC2\xDE:�F\xB9\xB3?i\xF4\x9C)\xEF\xD32\xD5�Ҏ\x8F\xADSW\xCB\xD4S\x96c\xF4\xEF/\xA3.\x8C
-\\xF7\x83\xD1=\x9A\x85\xE0�t\xC8q$/\xCB)8�\x92Z 1\xBA\xFC \xD2\xE5( ÚŽ\x91�\x92�4\xD8O3H3~�\x9D)\x8C��\xD85\xCB#\x90T\xA8~�ZM\xCE\xCCÌ·\x86\xEB\xFF\xBB�\xF0\xA4VS�#e\xCA\xF82\xD5\xED�\xDCË\xAC\xC3:\xE9�/\xAF\x8CSj% ,\xAB \xACu%\x82\xAD{ \xAA\xC8x�o)\xCBS:\xE4\xA8;W \x9FÕ™\xFC\xB8[\xF0 \xB86Ò²]�Ý\xBA\xAC\xCDN\xE1�\xB4g_G\xEA\xCAa\x80m\xB5\x91m]ß³�\xB6\x83.�9Mu;\x9F�Cp\xBE\x8B"[1\x95\xFB\xCE�.\x9FÍ™+@�\\xCE�\xC2N\x9Eg5�\xA7\xE7\xA3\xD5Sd�A�\x9D$\xEB\xE8\xC7гT\xCFÅ•zÅ™�J\xE2
-z�rH{f|x�n\x83\xA9\xB9��\xD9�\xF3\xFA\xB8O_��\xD2\xFD!\xFB\x83\xF0r\xC1\xFD�\xA9�\x92�C\xF2\xD3�0!vzd\xD9F.!#r-�\x87\x93vs]\xE9\x831\x85\xB3\xB2I\xCD�q�z\x80�\xDC\xE1\xDE a[\xA3\xDBw�\xC1a9�\x84\xAB\xB3\xFB\x95Я˼#z��\xAC�n\xAFCr3#\x90\xFB�\xD7C\xBA�\x8D\x9F\x90™\x9Df\xB4\xA0\xE440Ý‹UÎœ\xB3TÉ›Q\xCFÔ©F;�\xB6L\xC5\xC5S\x84\x95\xF2\xCC\xE4l\xE0\xCBR\xF7)\xD7\xDF\xFE�\xBAg\x93\xA0\xCF`\xE4/\xF3\x9Ec\x9CR\xF5\xB4O*\x83)quv=|4\xBBNl�yl\x8B\xE7�\xB6<\x82\xC3��\xC7L\xEAq�V6b?F]\xA9\xF31\x8E\xAA�\x8E\x9Cg9p'\xCF\xCAm\xCBc\x82\xA5\xA3\x83's\xA9Ò‚\xD8\xEF\x8A\xC28\xDC\xE2�$Ý\xAF\xD6J\xBE\xF6\xB0\xD0)\x836\xB6\xE5j \xAD\x88\xF5,\x91z=\\xD9>�-\x9D\xE6\x86<"\xD6 \xE5M\xFF\xB0:\xB3\xEE��K\xA2X\xD9\xC02�\xC3J,\xB5>.\xCBå—¸& c\x9D \xBE\xE6\xCD~v,\xBC\xC2n�@b~:\xB6C1\xFCy�\xCF��\xBFt\x9D3\xB8Ó…\xE1>\xF6kw\xFA5\xB8\xA8\xF3\xE8\xA2\xC6/\xCD3(\x8F\xAB]g�\x81n\xBBZ\xA7\x9A|J\xD7OiB\x84\xAF<\xF6\xE0x\xB7\xCA%+\xFBÖŽ\x9FÏ–4\x83�\xBE=\x8D�Ö¶\xDD\xC7]\xD2u#\xAFAÉŠ\xA5\xEE\xB6\xCF@\x827<['\x97^eeͪ`\xF1 �\xA2\xE08\xF5\xB2\xF5$ \xD8\xCCjf\xB3'\x91\xC8\xEE\xE0\xB6\xD4+�\xECme\xB8\xCB kKD$\xD5J\xEEL �
-\x8D\xFC\xF5��\xCDg\xF8~\xAA0\xDF\xDB\xE7$q\xF2\xAD\xBD\xE1\x9B3y\x81\xA63\x90.\x9DSR\xCA\xF2\xB6\�\xAD\xBB\x9A\x9Ci\x84U\[�6F\xB0K"keÅ”\xBB\x99\xCB\xEF\xE6II.y\x9D\xE5\xFC�A\xF5\x97\x81\xD4v\xDA\xEBk\xDE�\xE2\x82>\x83\x92Ö \x89g�s\x89\x95\xBD��v_\xC3�`C\xB4Ù˜\xCDE\x85GO\xE0J�\xF0�\xB3v�\x81�\x98s $\xBEd\xD8\xD1W\xB69\xEE'}T\xA6\xDD�\xDE\xC9��\xAAW1|-\xA3�K`�\x88\xDAW\xC2�Z\xE1\xD7Co\xB9\x9F\U;\xF1O\xC4Evv\xFB\xBE\xFE\xDEA\x83BOu\xCDÞ’(\xB7\x8EeX\x93v-o\xCBu� \xB2^ኌ\xCB \x90\x8C\x90\x80,\xAAs�p\xA3*\xB4v%\xFE��Rxf�\xA0 <\x93\xF5y\xC1\x99\xFC\xF7\xC3\xF0Y~CB3\xAD �\xB0\xD14\x9Ay<\xE7^'\xA5\x9Bn(C\x86
-֋/{�\xC8\xC7wy937hf\xCCq\xEF\xA2E!yYLN܀(o�\xA6awr\xAA\xD5E9N\x89\xEA\x92*)+\xC8ͳ�p\x83ۓ\x8FA\x92\x9E��\xA6 sЌG\x8Dgi\xB7\xDF�\xB3\xB8\x99²\x89\xF2\xB8\xE3\xE4Nj\xF5\xFF#3\xE7\xD7\xED\x91Ҁl\xBBu\xFBo\xFC7\xA0\xD9~8\xEE\xB0 \xFF\xD1\xD4y\xA3\x90�\xACR\xD4ڷ\x9D\xBD\xAF�\x9E\x9A�x\xC5^�&\xDA\xCASgvL\xC2y\xFD
-I|�{\xECya\x83-8`\xAAQE\xD6\xED1\xE3P'\xA8��\x8B\xC7Þ¼\xF435�a\xAE\xAD�\xB2)?\x90�W;\xE4u\xC9\xE4`\xB3e\x85\xAB�bx�9(\xD4obÚ…LP\x90\x87\xF0ø\xD8-Úœ\xC9\xD3�#\xD4�\x8A}\xB7\xA1\xC8}I\xBA\x90\xE7:,?\x87\xB0$\xE1汤G\x91Hݨr\xF4\xF9\xA6\xAB+\xAA\xC4:ezj\x8Br\x82\x9C=��\xF3\xB3Û/\xE8�RfA\xF3d\xE5��=>ȼ\xDA�[)\xF7\ǯ\xDA\xD5\\xFC�I\xB2\xC2c`\x85mK\x89n8>\xFF\xDBN\xCF\xF4+)\xDD�n,_\xAE\xB0�\x99B\xAC\xD8QwKZ\xAF/�\xAAz��u\xC5)\xC0\xB41\xB2[\xF9\xF2\xB6��QvhO\xA9\xED\x{D900}\x8D\xD8AÛ±df\xAF\xF0�\xF6O\x92XQ{iM\x95F\xC8\xF4ݶy\xF7~�� \xD1x\xFE\xD1JO>\xEC\xC1\xF8*\x96\xD5\xD7w\x81\xD9\xD5\xD2d9\xC5�\xF7\x955�\$\xF5�\xEF@\xA1\xEC\xD07�\xBAI0\xF8\xB3\xC2\xE32\xC98ÝŒ%%\xB5\x82�\xDAz\xF6\xEE^5y\xA3\xF6�\\xE9�Z�\xBE\xD4h\xC9K\x9A\xF1\x94y'L*Ħ\xA9O\xA5Çž\xB9\xE8\xA3{n�\x9C"\xC7\xCD&\x8A\xF4N\xB1í”´gf\x93\xF26\xDBw\xAFzÌ—]G\xB9b\x8D\x8Ac\xE5��=\xC6Û¤MR1.)n\xBA0<\xE5\xA8�-\xD7w\x8E�\xB2sq\x87\xF7\xE1C\x99\xAC\x88Z²\xD7Ε\xEFjÏ´a$<M?Í„Pw*q\x9EV
-\xF6\x85.\xD9�\x8D\xE3P9,\xE5\xB0\xCA�w\xB8H\x82\xE9b\xDA/�[\xF3\xCE��SKJaIw�\xA2\x91\xAD\x9E\xD3\xD5�\x80\x96\xE2;\xD6J<"Q�C\x8B��\x9B\xFC\xE4h+�\xE2\x95�\x86f\xBE5n\x9F\x9A9f
-\xC0P\xC1d+Þ†R\xE68\x94\x98\xAC\x92\xCD�{\xDB\xF4\xC6�" \xDA7e�F\x89\xAE8Y\xF4.tsu\x97\x816L\xE5*t\x82\xF2�~-\xB3E�\xE0\xCBx_1\xC3�\xD7O\x804�F\xC4>\xC7�\x81Q\xCC\xE9\xB9p��\xAD\xB2釳#2\xD5�9s\xCB;\xE5\xBD\xF6Y9\xB8�c\xB0L]\xB2\x87-Þ´\xF2\x8D�.\xABÞO�(\x85i<\xD4o[�Ïž\xFA:\xDD\xEDi\x98\x89\xE9rds\xE9;\xE0t\x845\x99�\xBDb\xAA\xA6y�\xE9\xC5\xDCu\x9B1(_]DO\xC6J�,�aG\xA7�\x90\xCB$\x9E\xF6lt�\xC06\x9Au\x90\xA33\x88A\xCD�\xE8l\x8A\xD2$P\xA4\xD4m\xC7U\x88\xE4\x98w\xA48E\xE2�\xFA
-\xF6\xE8]\xFC\xA24V)\xFBx\xF8\xB6!�b\xA1\x80t\x9AZҌ[U�l\xD8\xDBtUB\xEA\xBA|3�\xFA\xE7\xEC\xC7/\xCB\xFE�\xAA\x82\xF1\xB1�Dg\xD9(\xE0#4\xEEG\xA9D\x95d\xD0f\xD6\xD1��\xF6)\xDB
-k�`JHbrWz\x99\xC0"\xB1\x8F\xF1\xE16.?\xE3\xE3\xCE
-R_\xC6‡<(\xBF\xE9.\xE8\xF5�W\x8A<\xF2˶\x82\xC4ol\xDC�\x8E\xE6�Õ¾[\x8F\xC74�\x84\xF5\x99\xC3\xEE\xC0�\xFA1\xEAF9 \xF4Bp2\xCBÞ¥xI\xC2/�\x8F\x84\x96ZP\xCCcC\x84\xFC\xB4\xB4Sf\xD0&\x81\xBD�i\xFC1+/#2\xFC#\x88\xBC\xD5)\x88c\x8D\x97\xCC\xCBj���\xCF\xF6\xF4�\xCE��nÙ~s*\xC76�\xAC\xA3\x98W\xA6\xB36\xA8H#\x87\xF4\x8C'*\xB1/p\xCCx5z\x80_G\xEF\xA80}
-\xD5\xD8\xC0n\xE9|\xD7Wj�3[\x8A\xE7\xC1nF\xF6\xE7\xE1\xEB\x83'\xCF+\xBET\xEA"\xECC�\x8AA\xAC\xD9\xC5F\x82�\x8C\xB9\xB2��\x9B Q\xF0ٗ\xC6m\xF7�\xDE!\xA9�\xCC�Rȫnϑ\xF0٩X\xCD\xD2o_i\xF3v\xC5vo\xD4|N\x97\x9B\xDAq�\xDCD\xB2\xAE \x8D\x8D\xD0S�\xA77lm\xDF\xF81⥴q\xAE\x8A\x954��\xFE\xCC>?\xA2>\xE8\xF7\xC8\xFDb+�lJ\xCF)�,!iL�\xC9~\xE1\xE4\xC7\xDE�\xB7\xB5h=%\xB4sk\xDCm\x85\x94}%L4R\xB9�Ayb#\x88e;\xF2\xE2\xEA\xC69\x87#\x87\x96�\x8F\xF9{�\x97\xFA�\xFC:5^"\x8D\xBF.6\xF0\xE2GD\xE9�A\xF6v\xF0H&�\xEF\xDA�\xE8
-"�\xFB:f\x8Ax\xEF\xAEQ\xB5�\xB9\xC2�\x89a\xBC \x9F\xB5=Q�\x93/)'clO\x84\x8D~j\xC1�\xAB\x91\x87�Ù¤\xF6n�\xAC\x86 \xD8P\x83\xC5��\xDB\xF5+\xA6\xC1\x9EW6a+1T\x8C있m�\xF9\xAC�\xA2\xA39\x9A\xA7VJ\xA4%Z\xAB\x98�\xBF\xA6!WD\xA6\x8C\xEFxj�\xA5a\xFEf\xEC0\xA2�u\x97\x9CÍoaa\xFC\x92\xE3\xF2\xBDB�F\xAC\xCD�J�\x8Bt\xEB\xAE�Y)\xEEÖ›\xD5\xCD�\xAF<\xD2\xD5M4��\xA5\xE2\xFB\x9E\xB2�f\xE6sk\xA7�\xAC\xAFk\x97ÃŽ\xDDo:\xF6\x8E�\xC2l\xA6\x9Cb\xAB\xA6Wh\xD6x5\xBFx��\xD3�\xF8\xCEa?\xF6�\x9B\xDB\xD9\xE2\xF9\xD3\xC5e\xB4\xEF\xC7\xFE\xFCo\xFE\xE6\xAF\xDF\xDF\xFF\xF4\xF5o\xFF\xF0\xC7\xDF\xE0X\xED\xE0\xFF\xA2fÐ-|`4 \x9Fe\xFB\xED\x82'J%/\xADbn{\xEE\xE4\xB5DG��\xCB.\xB6\xD8_�V\x89 \x93\x84\x9B]W\xE8\xFF\xC5\xE3\xBA\xFAY\xF6x\xD5�4I�\xE10\x99d\x91{Ûƒ@\xE2AX\xB8\xF78l�&\xD8X\xBA\xAF\xF2 \xB6DO\xD2H�
-\xF1}\xD2\xF6) \xB5\x8D\xEFKa\x9C�\xAB\x99\xE5\x81k\xDF\xCBo\xE12]["\xA5\xA8J\xF4\x94\xAA�6;\xA4kg\xCAz(\xC52\xAC\x8D$O\xA0izx\xEA\xB4Ʀ\x99\x93d}Ȥj΀PI\x96��8c\x96\x9D\x89p\xC98r\xC8\xD4\xDA%\x92\xEB\xDE\xDD\xE1\xA4\xD4�\xA6\xE5\xA8\xD7\xE1ʪ\xD4 \xF0\xBB\x9B�\x86Ü¢\xF9\xCBZK^2Yb\s-(QlЫ\x98\xD1\xF9\xE0F\xB4\xDB\xFDI\xF3�\xFB�w�\xE3i\xC1][\xED|?�\x8BX\xC1N\xB1Wo/8>\x86\xE8R?\x89A\x93\x93��v l.\xBC\xC1�~\xB2È©*\xAE at R\xE2\x88k\xE8C\xAAVB�\x91%u\xE9�݆\xAC\xD1]Ù³!,\x9E,\xC4F{\xB4�\e:\xBCܨ"\�Z\xB3!D\xCB'\x83\xE6G\xB2{jn\x87\xB7U]J\xB4\xAA\x8Ec0\xC2`d\xA5W\xEC.Þ¼c\x8F"Í\xCD\xF2'\xEE\xEEÂ\x8B�Ö§\xB5b\xF2\x8E`*�Εg\xB0\x92t�_\x85@\xAD\xF1h)�c0\x9F\xB7T2\xFC�\xB6\x82�\�\xE2�\xE2!\xEB)aO\xBEH�y\x9B0Lc�'\xE1B\xE05\xB9\xBD
-Y"c0��\xDC�)mgR$!
a(|\xD9?Q����\xE9s\xA8\xA9 at O\x81�x\xBD\x95�\xE0:\xA9\x9Cj\xBB\x98\xE1\xC4&A\xD2\xD6b\xE1챴\xC4/\xE8f\xBC�\xB8�id�\xF5Z2ئQ\xA9+t�\xF1\xC0�׬\xB75\xAE\xF9|\xA3C r\xB9�\xED\x9A1s\xA8օ\xA0\xD2\xD1\xEA�<]d\xBB~\xEDQ\xDDZ\xD9M?\x8E0�\xDB�\xE3\xDEJ*\xCB\xF9\x9D�t\xBC\xD7z\x97\x80�E}\x9AeN\x83];\xA5�\x87p|�
-4\xF1\x95\xB8D\x91\xDCM\xFBË#\xB2�\xB4/賨\xD1^\xAB\xE4\xF2��mÌ·\x82�\xC5\xE5uf&ip�y\xDC\xD8\xCE%M\xA2\xDA\xD9I\x86-\xA6\x81\xCC\xCDÖ‚K�\xB5\xBA\xA36å’\xB8
-]\xDC�\xBB\x89\xCDs\x8DD?\x92\xBB�\xB9&�\xB8b+\xB5\xAF�\xF9y\xAC_\x97S(\xE0� \x8DkN\xA1nk\xA6t\xB2\xA7X\xB0B\xD0Y\x98T\x9A#%\xB9\xA3\x88\xFB\Z\x91\xCDz�ޑ\xB3ѱBn\xC0^\xE2k\x8A,.Z\xA1\x90ܑ\xA1�\x87b\xB6fE�:DXp\xE3̖\xE7%\xEE\xC0\xE2\xDBn`Z[Y�\xEB,qf\xDB\j\xCC{\xC1WD�&\x9D�@C\x97.\xFA\xBD\x8CT\xCD4:\xE3w\xC5B8\xD5\xF6\xF3Mdž\xDA�š@\x90�kw\xC5\xE4P\xD0\xFE\x87`\x95Q�r\\x95\xC8fq\xB7-s\xE7X\x9D؎*\xD4�aM\xCEL$#φ\x98P\xA0\xA13)\x80\xFBJ|�\xC1\xE6\xF6
-�\xA0\xC5Z\x86uB\x92o;]\x9Af\xC9J/\x83\x97R\xC3c\xB8\xB1\xD3[c
-q\xD2^!\xA6\xF1\x99\xEAڛ\xCA\xF4\x91x\xF7��z\xD3\xF3\xA8\x8EE\x84Ã��\x93"D\xAC�*\x87M\x89\x8C\xB2��8\x82\xA7N�
-\x96]\xDAԡ\xD1{�\x98\xACΌ�\xDEI\xF5B-y�Ǟ�\xE1=\xBA�eQKPs yx<\x9C\xEA\xED\x86,%\xA6\xB7w=\x88m�ζe\xA9\x85k-&�\xAD�V�\xAF\xE5\x8A\xCD�Op\xD3�\x98S\xA8\xC3qMD'c\xC5\xE4*
-\xAA̼\xAEc\xF9\xC8���(j9A\x8A\xE4D�l&\xA8R\xAE;g\x9F\xE8\xF8f\xB0\xF8�$\xED\xF6\xE3\xB1\xDA\x{DC54}�k �H\xEE\xAA\xD3:�'\xCAD�\x95\x9D\xD4��\xC6^\xE4\xC9�:S\xA7�\xD9\xF4\xAD?\x82^.\x88\xAD\xC7N\xE4N\xC7k\xA5\x99\xB3ڙn_v\xF6S\xECM\xE5�m�gzء;\xE2\xE2\xEB�h\xD93jO\x8D\x80;j8\xEF\x9A\xFE\xED\xA4�\x8D?\x9D:\xA5!!PO�\x83=\x83N\xFEQ\x91\x8D\xCC�\xB0\xBBzq\xE8\xFCf\xDB&w\xBCB $\xAA\xEAk�\xA3
-\xB4\x8A���\xB89\x96\xE5\xB1\xFB\xC02\xAF>\�\xED:\xB4{�\x96\xDBׇc�\xDE \x861\xF8\xB2R�wD>\xFB.\x94E�\xDCk\xA47\xE2\xEA\xA6�\xA1H\xA4\xC6
-�c\x83\xE8\xE0\xDBO�GA\xB1\xA7\xEF'`\x9A\xC0\xBB\xD7\xCCVt\xAC\xED\xCD�'\xEE\xCFߕ\xB4\x88��ò\xABڶ\xBC��B\xBB2\xD7\xD7�^̰�\x8E\xBCM\xFA5\xAC8\x95;\x83w{�\x9D\xE3I\x8F\xE0\xE3\xB1\xCA\xD4\xF7\x9Dd\xA4uZ\xAF\xEF\x98_#\xCB܆\xA0\xC1\xF9u\xB1h\xA7&\xE6}\xECB\xF6\x832|�i�\xAB\xA1\xFAN\xB8��\x90\xCB\f\xB7\xBAQg\xB0I�\x96\x98\xF3\xBB�e+\xAC_i*�I\xC3��\xB6\x85\xEE\x9CA\xFD?\xC1\xB7\x9F�\xBE\xC7wǦ\xA5��\x92j\xD3\xEE\xAEe\xE0\xD6\xD4,\x9D4\xE72\xB8\x91\xF6D\xEA6U«`\xE1aP�];e0Π\xC7\xDB\xF6\xF1\xD8jz.JcŽ\xFF\xA2|,͡\xDEl\\xBD\xE9\xA9\xDF;u�D\xE7^%\xFA\xAD��Y\x8E\xF2\xF0\xF2C8\x9A�\x9E\xC7ޞ
-ibtg\x9B\xB6f\x83�0ڻQ\xDE o\xD1�i\xA4WԈ\xEA\xEF\xED�\x91Ai\x80(\xF8\xF6\x93\xC3\xD7px\xD8�J\xFB�\x94K��w\xBA W \x8CI\x91�\xBD`\xA7\xDB�\x95�o\xD5\xDB=w!x\x8F\xF5�\xFA�Jt\xB4=\x8FE\xEASEDx\xF4\xCA3\xD5;AWм\xAA\xCF\xE4S\x93>\xE0�B`#\x83\xF1$;\xF8&\x9C[/#r\xC1\x96\x8E>\xF2P\xC5#\xA9]/J\xAC\xB1og0\x85<\xAB[T,!�\xC7NU\xDAL�DH\x98\x99\x82o?9�\xE5\xB3DZ\xC9�\xA4\xE1P\xF5NX잩\xA6>?�\xECW\xE6\xF7\xDBޘ\x99\xE6V
-1%\x92o[\xB6ͧ\xFC\x9E\xB3\xD2�ǒ\xD3�%\xB5�T\x8FO\xDC\xF7\xEF\x98\xF9\xA6r\xEC$�/sO\x9AIx\xC36b\x90�\xB1\xC3\xCC0\x9B\xD8AS\xAC\x9D\xB3>\x8Em <�Mz�{�M\xEF�\xBDC\x9C\x98�b\xBA\x8D|\xF9�\7\xEA&L\xBA\xE2n^X\xCFKc\x8D�\xB4\xB6�\xF6\x81K\xA46m�C\x94
-\xA5\xF1}L^|�W\xCC\xCD\xF1]\xAA�\xB0\x8A\xDEMw{-\xB6:\xB2:\x8F#\xC1I \xFBN{ß¾mD\x8B\x97\xF2X\x9Br\xB7�\xBBSt�'\xC1*\xC8Xؼ\xE8U�Þ¨Èl\xBB\xEF�\xC8\x99�\xF5\xFF�aMd�'\x8BZ\xFA\xC4�\xF0�0:\xCDlëš2\xBD\xC2f8\x80QvI
-m\xD3�\x91|UX4@\xEE\xAE�\xA6\xEC[[\xEE{\x98\x8Bl\x84�"\xB5I\x9F\xAF\xD6TBX3$�F\xABv\x95ÝV\xAA\xF1\x83l\xDDm\\x93§\xC4P\xE5^ÎŽ\x95<Y\xB96�\xADB�\xE1\xF0�iX\xB1�REq{�\x80�
-\xC0\xCDR�\x86[\x8F�F\xF1��'\xB6\x97\x95c�\\x9A\xAC\xFC\xE9��pÏ»\x9DF�\xF1fDZEX\xD2E �r/\xABe\x93\xAF\xA7\xE0C\xD3H\xC2\xF4C\x8BO\xBC\xB1L��\xA4\xF7\xF8\xA7�=�U\xA5\xDE}:y\xB2\xB3\x80\xF2]\x89AFW9�J~姳\xBB!w��\x93Z|�\xBE|�\xC2~\xC0\xEBmÓΠ*W�OPRD��\xB7\xA5&\x90�`�qM\xB1\xAC\xAA"\xFC�\xD5\xE1D&\xA3\x8E\xC2ð¶¡K\x96W\xB4\xE9jM�zA\x97[\x84\x97)i\xA3\x93m;S\xC1(\x98\xAF@�\xD5\xC6r\xB4\x8E�|.�l\x!
98\x8A\xF0\xEA^\x91\xA4#\xE1�T-(\xB1{D�\xA5\xBA\xF7\x9F>,il�\xDD6>pI\xEC\x987#8\x97\xEF\xC2Hi*�\xB9\xB7\xEF\xD8J?>W\xE5\xAEС\x8A\xA0\xF8�\x84\xAA\xEB񅔋%n\x8E1\xC0d\xB5\xE3�V\xD6\xCA`\x82r\x98\xF7\x9C7?\xC2\xEA\xF0\ټM��\xE3\xA55rN�\xB8\xECs��5��\xD4>V7\xB4)\xA3�\xB6[UC\x9B\xDA��\xD9=�\xDA\xF4##b\xB9\x82A\xD2BP\xCF�\x82\xB1\xF6\x8C\xF9@&\xB1?�8{\xB4�V\xDA�\x8D\xA3蹤J\xC8\xE0\xD9\xEBb\xFBrJ\xB9R\xE6Yv\xE2«0\xA4X\xB4\xAC/\x9Ed\x8A\xB7\x9F~1ll\xD45\xE6\x96\xD94\xF2ZQ7d\xC3\xF2k
-q\xCF[%x\xCB!b\xDC\xE0h!IH2�\xB9\x80\xCDh\x9FT\xEDw�Ҳ�\xC5\x{D834}]\xC8ۣy�=\x81�� o\\x96\xAFc\x97\xF14\x94*\xCE:\xDA\xFF\xFA*\x8Fi\xD5\xF5s\xB5\xC3c\xB2\xD4\xF5\xA5ւO\x8CAC\xAC\xDA\xC6=\x8F\xED�\x8Fi�/\x87g\xE9\xA7A\xD2\xF7�\\xD4�\xC8e'\xCD\xEC
-\xAA�\x82\xF6\xD3\xDDPh\x8A\xAE\x90�\xB2\x8C\xBB\xFA\xE2h\x8B\xFCE�\xAD@�f[;\xEE�\x80Sf\xA2qt\x9C/\x82"\xA6\x80"w`\xDEfJ?[\xDAt}_;\xC1m\xDES\x92B\xB6]\xF1x\x8F\xC5|
-T\xCC\xE9�m2\xBF�\xD1
-\xF3\xF1!b\xE7g\xA1\xA9J\x97\xC7�fS�]d\xBE\xE2Ì\xD2\xCAw�\xEC\xBBP\xD4�6f�\xE8
-T\xD9(\xAD^n�\xF8\x9A\xC11I*"SC�\xEEaK\xB4N{��\xA8,6\xEF\xEDfw�\xE3\xBE\xCF�\xB4\xF2}x޺�\xEA\xCF\xE1\xAC~7
-\xA0R#Mj\xBA\xEE\xF0t1�\xBBŸø\x95\xCAU8\xE86\x97\xA2�)lj\xFB\xFF\xA6\xE7Qm\xB4\xF3X\xBCm9\xA5\xCC#_\xC4\xE6\xBC[NE�\xFF\xF9�\xDBQ|UQ�\xC0\xB6y\xA4(\x8F\x9EA�\xE5ϸ \xC5e\xAE\x99\xE6\xF6\xFBJ\xA1Z$\xE1!\xFB��~\xA0p-\xB2*Ã2�Fx\xE9%y�q\xB25g0\x88\xBC\xF4HU]\x94O\xF8\xF2\xAE\xA7\xE9A\xECf\x8F\x81
-y\x8A�\xEAZ\xA2\xBD\xB9\x90�<\x9D\xAC�0,�\xF1}\x9D\x9D\x90���L\x84\x97\xF5\xF2\xC4'�\xC4ax\xE9j\xF9�\xA6W-\xFC\xBD4\x94A\xA9R\xDB�\xFE\\x8Dc\xF34\x8C\xA0\x92�\xEB.�\xE5I\xE9Q\xFE\xE6\xA0\xEF\xE1\xC8\xEB\xF28V@\xDA��`L\xE7&\xB0I\xB3,K\xE9æ¦\xF3-\xA9[N\xB6\xC67\xADKE}Ê»9\xE8\xD2\xF4\xDA\xC6j\xE6\x9D
-%\xC0\xF7\x82=\x87\xF2C\xBF
-\xFA)\xA3q\xF0M3\xBBy!=\x8Fe�\xF8\xE5�\xA3ft\xC0\x96+n\xE2z\xA4á ¤\xEB\xD2�\xB5Rt\xD1�{\x88\x86F\x91\xC0!(~\xA8\x82�iC~�\xF8\x85\x99\x9C\xC0\xD4\xE21\x84\xE9\xFB�\x95É�\xF8\xEE>Û¹\xF9F\xDDU\xD6�+U\xB3ו2w��C\xCDAW�\xDBZBP\xCCE\xC0\xF28\xABp\x99%5p\xD4�\xA3u�\xFEA\xB7wÙ°\xAE\x8F�i\x95,n\xAFl\xBB�\xA8x0\xCE�E\x85%&\x83\xA4Ʀ>�K�\xB8\x80\x96\xE4ر�R-G\x90,\xCC\xC6Ú¶\x8E\xD0?R\xA5 \xF9\xAD\x9A�\x83\xD5Ü°\xEA\xA0\xD3�\xB9">\x8F\xB5\xC3.p4\xBB\xFE\xACⵊ\xC1\xA2\xE9p\xE5\xD6\xCDa�\x83\xF8\xB0\x8EH9.]l\xB3\x99\xDAl×–\xEF\xD0\xE2c\xF8X7]\x89\xEFi2\x88\xA0\x9B(N79\x91\xFB\xBB<v\xEE�\xBD\xEDI�\xA1\xFD\xF5�|}\x9A+`\xF3S\x8D\xCBW\xF9 \xD3\xFBi \x8A4\xFAL\x93\xAA>�l�\xBA\x95\x82\x91\xC31jH�"\xE8�g$\xECQr[B�ß…\xBC
-\xD5 \x90}m�\x8Di\x92��v\xA7+\xB6\xFA�"f\xE0VM_\x8C\xEE4O\x8AV2t\xB2X\xB86\xFB\xB9
-\x8E\xE7F$�\xEB :6\xFF}\x88\xB7���~O0\xC9\xE0"s�s4\x94C;\xFC\xE9\xD9>\xB1\xAE\xA4\x9A�ʉ.sÜ¡$\xEALI21l~�\xE6V\x81\x96+3s�5\xCD+h\xE4X��\xC3\xC3{z\xB1Dh1W\xB3#B�\xD6|P\xBD99\xBA<V\xA4\x9E>{\xC2{r\xE1UPU?�}�\x87\x9F\x9FǶG\x81\xD3S\xFAT*\xAD\xE0}\xAE\xC1H,Ñ’\xACë¶\xE5<\xFC\x82u�\xF7%(\xEC~�\xEE\xA8p\x81\xDD8Ó®\xCEE\xB3�\xAEJ\xBE0\xED�\x9D\xA6\x8D\x82#\x9A\x8F�'\x80(\xB0\xADÛ¶P\xBE3\xF5Q\xF5BX
-�\xF5 \xC7Hq\xA3-\xADenD\xA9\xE3Xh\xDA\xF1\x9EA�[�GK\xB9 &9CY\x90)PX�ã\xD6A\xC3\xF7\xEE\xB8{�{gM\xFDØž O\x8DY�'p\xB8BWÌq�r=\x9D\xD7c N\xAD\xEBË›�\x93\xADt\x85\xCF\xC0\x87c\x91\x83G?\xEE\x946\x91\x83Wy�
-\xED\x88肳\xDDi\xD5�f*\xBC\x86\xD6�A�Î¥\xD3"8oΙ�Ö³&@\x89Ö\xE9dÞ½f\xECI\x9F\xCA\xDA\xD9:�g\x90=\xE9\xC8oÅ™\xBB͇AL\xCF\xE6\xB8=\xC3`7\xD1�M\xF1\xCA�\xC7v\xA9\x9ET>A�+\xCA��\xBC\x83\xB3F\xE2\xB8)c�Ï©\x8D\xBA\xAA\xB7 \xB1o\xEFÒ³{\xE6�\x84\xF2\xBF p\xCA�A\xE0\xA6\xE2\x91N\xB9T\xFF\xAA�?m?\xE0\xA6\xCDO\xF1Pv\xFBUa\xEAJ\xC6VO\xB0�\x9A:\xA224\x8E\x8F\xF8�:�2�~�f�\xB6i=\xD4\xEAu\xA8l#\xD9�\x92\x90_<\x82\xD8�g\xAB\xFE\xB0\xEF%\xB5\x9Ct�\xB7g"^\xC0\xE5\xE0\xD2\xDEq<\xBA\x85\xE7�+&+\xBD)\xB7\xBEy\x9C\xD7R\xED�\xF8\xEA,�Ì–�J�÷xS\x98HŮܪT;\xF7\xB8-zL\xE3\xE4\xB1��\x82�\xB2\x9Es\xB9\x85� \xEANGSuN�Y\xCDÒ¦\xFA\x8A"<\x97\xABj\xEEm�`q[�\\xE5J�\xDDË©\xAA\xA9\xF9\x9F\x98\xD8γ
-\xCD�*T�\xFB\xA5�\xE8U\xD0i�\xC2\xE2\xBD�B�7\xE7\xEE\xAE\xD9eZ\x8Eh\xC7{
-\xE8(\xA1:`�\xE2\xB9ߧ\xFET\xBD���#"\xA8^B�\xAB\xA5�\xE8$75\xAE\xF9\xBC@\xB8C\xEFk\xE4\xC6y\xB9�'�\xD7\xD9.\xBE,Z5\xA9\xD0P\xBC��`\xBE\x93\x86\x88\xE0*\xFE*'j\x88
-T\xBB\xB3\xEB k]\xE8�\x92c{\xDBaP \xC1\xB8�\x9E\xD4i\xF0\xC7\xF3J;N\x99�\x8Cz\xBA)wb\xA85`\xE0,\xB1G \x8F:%\xCAuS,b��/\xF6@\xFB\xC6�\xFF{Wa\x92\xDB\xE8�\x97�\x95b\xE1\x8A5\x9F��݇q\xB4.YU\xBE\x86�d\xF1�\xC5\xD3Z\xD9c�A\xBE)�\xB2a\x964^\xAAb��h\xBA\xB9\xA4\xAF=\x80\xF0RR'�\xD4ݚ\xD1?\x92\xF9\xFEp\xAF�\xC3�`W�\xCF."\x92�
-le\x96Ѥ]\x8C\xB0k\x80d\xA8V�LU\xBF!\xEB\xB4i\xC2:\xC9\xE6jf�\xB0Q.I$҆�\xC5
-\xE1\xDC^�7\xBE\x903\xE6m\xDB\xD5\xFC\xD0\xF3\xE7�/\xD5"\x89Y\xB1&j,�W\x82\xBEE\xDE-\xE0\xB4\xE8�t1\x91\xF0e\xD3$\xDB\xDB-#\xF1e}\xFBl\xB5\xAB\xBF\x92{\xDBc\x9A\xCA\xEE\xF3Ë…\xA52\xBAw\xF5L=�hDE\xE1\x9B\xF6\xDF"Ä‚#\xEA\xFDw\xC9UN\x9D*\xEET\xEF\xC9Ú·\xBD\xC9n�\xB4t\xA7\xE0!T&\xB6\xBB\xAE\xAC\xBE\x82�è † \xA9\xF4O\xB3SSL\xE1\xA2#Íœ\x91z\xDA9\xB3Y\xA9(X��/�|\xA3\xA7n\xF9\xB6 (\xAB\x83n7\xDEI
-Æ“\x80\xD9\xF1\xB3a�qIG\xF4I
-u\xBB\J$\xE7ЄX\xD9x`\xA9
-V�\xBE\x8D��\xB3\x8A\xBC^\x9Bb\xCBnR\x93\x81�\xA1Ö �"\xC5\xDAVM\x80\x84s)\xEA�"A\xFE\xB3QF=7\xDB\xDDz�\xAA\xE3\x98�\x92\xF9\xAC@�C� u\xE2[\xF4Ù‘\xB3\xADv\x92\xA6\xCF\xCA,Þ©\xA6\x82\xB7\xEB×´L\xF4\xB8\xC2\xCE\xE1\xECpo\xFF�\xBDT\\xEAÄl\xD9[|Å…4N\xC7#",\x8E\xEA\x95\xFD\x8D\@\x87�о\x92$Y\x95\xE0 9k\xAFt\xA7��XȱF\xE3\xB4D\x95B0J\xADȬ\x8B\xF5}(\xFB6u�\xB3\xA7n\x98\xD0ß�\xA6\xB08r\xFB�z\xC2�\xD4Jn\xFA B�H\xA4��\xB3\xB8\xFD\x95,\xE8`Ç\xFD\x81\xF9\xC1P\xA1�-�\x8EÔ™\xB0\xE2hn\xB6*�\xA1\xB1~Mg\xF4\xA3�\xAC,n\xE1\x9DY\xD6 =\xFB6\xB2J\xC5 =\xA2Q\xC7GФ&\x86\x9B7[�Ê¢ \xC60\xE7\x81\xEE\xE7�4�SÒš\xEFzD\xD5ĈͯD�\xA1\xAB\xA3]M\xCF�
-*\xF0�\xD4;-�dc\x8E\xE2p7yW\xEDE\xF3\x88\xF0\xEDd7L\xF1\xDD\xFD\xAA\x93��8\xAE\xA6w\xDEƪ\x9D\xCA�@@S\xE7\xDD�\xC1\xBC\x8D\xC3\xFD\xF3\x8Fc\xA5\xD1Ht9\x8AV\xA0^\xAA>Ѓ\xB8\xFD\xAE\xB9J"d$\xDADq\xFB4\x88N\xB5\xC0FP\xE4{�
-\x98\xAAh5\xC5D\xFA\xF4lV\x98Ƿ \xC1\xDB]{\xD7\xE1\x94\xDE\xC9\xC1ng\xBA+.4Ҫ[\x8F\xF2\xE9q\x87@`MJ\xE75.��\xDA�\xED+\xA9\xBE3\xE9,�.\x8B\xBE0h\xC46\xEC; \xB8\xAA\xB6\xBD/���O\x91\x94<\xE4&$\xB8p�\xED8\xCE\xE0r�ۂ1}T�A\xE0\xF5ʽ\x9CT9\xE8\x85\xD7\xE5\x80�Ǿ\xD61A7[\xE6�k&\x88z\x855\x97\xF1R%`\x94wXn\xDDU
-\x9A\ag��\x95J\xBF\xFAP\x8AW\xAA&\xAE\xC3�X\xDDI� \x91t\xB1!�\xB5�\x81\xF5ӆ�%\xE4\x8A0\x80�\xE9�\x8C\xBD*G\xBDO?\xF3A\x96\xF3\x87\xDA]\x99\xC0\xF0T\xEFu\xF5f\xC1\xC17\xE7nr�\xD3v\xDCA\xD3#\xAB\xF1\xEAb)\x80%=\x98we\x8F\xEA\xD3^5M.\x96\xCC5b\x80\x92\xD5z\xB3\x8A\xBF\xAB\xD6K\xCF\xE0y\xEC\xE5\x96>�㇙y\xAD%Z�\x96\x8F�`\xB3AK\xB8\xDFi ]\x83\xDB\xED#���\xE1\xE0\xDBO\xFE\xB2\x92\xC7vc\xAD\xEA
- �,\xD3c\x80\xB5B\xB6\xEF\x87\xEA�\xC1ڡc\x9D\xC3O�\xC3\xF0հO\xFANI\xA5\xF5\xF0�EX|\xB7\x95\x92è�ݩGd s\xDAU�O\xDCl\x87gk�\x9B\xE9\xFD8T\xFA�\xF8\x97\xB2\xC49\xDDk\xEF\xA0\xD1Z\x95\xAE\x9F\xC7Bv\xA2\xEA\xE5N3\xAB\x91�\xC1
-\xDBQ\xE3t\xDAa\x92\xDD+\tژ�\x93ƕ؟V\xA9\x88\xF9\xFB\xA58\xCCh5PYjQEm�\x9311\x8A\xB0�$X\x9C&_\xF3\x83%{X\x9A?\x97#�5\xBD*h\x98ТV�\x8EU\xCF�\x90\xB7\xEA\xDFO\xDEX\xC6|\xFD\xAF\x98\xDDΑx\xB0\xABi\x81K\xA4�\xE0ޱ-r\xD0/\x81K\xF1\xFBPt1\xB5\xDDֈ2\xCC9\xED\x8E\xC8\xE0\xE3�0�\xB1\xE6K\x80{\x99-༿
-J
-\xE6\xD1\xCEC\xB8\xF5\xFEݱ\xC3\xEE\x88\xF3(\x95ϔئtս\xF3��=�\xFF\xB3g\xB9\xB8HՋ\xB1x\xDD�;�q\xA3\x81\xC5\xFD\x88\xDC\xDCW-\x9B\xAD%V>\xB48T3�#\xCCV\x8D\xF8z\xBF\xC4\xC5-\x82H\xB4\xAE\x921_\xC0\xF3 �\x9B\xD5>\x8E\xBC\xAC.5\xCB\xC1�\xAE0]<A\x839�\x97\xE3Tw�\xB7\xC0\xF7�,\x918\x87\x99\xA9N\x8B\xE3\x8B�H\xA9\x99\x8B\x94'�w'Y\xB4h\xFF9�x\xB2\x8C\xF1&�o\x8F �_\xA7\xF9\xB8>\x92\xDC�\xFFm\xB9�ݡ\x9Ckl\xF3
-\x916\xCA*Yx\xD8m�\xE3\xA1Y:\xBC܌'\xB9\xFA\xF0r\xC1�9
-\xB1z\xA5\x89\x98\x8A\x90\xF8��\xF9\x97GG_S\xD6\xEB\xBE\x83G_�\xDED�}+\x83\xFD\xF6\xAF\xC0+\xF5�xt^\xAE\xE2Q\xA4\xFCuS\xBF*\xAC\xAA
-\xCEVb?4\x8E\x9B\xDAMN;\xC4YdFd\xD9x&n\xBB\x9B\x8E\x91~\x98W\xA2\x91#j\xE0q`\x89z�\xD89�8뗕~\xAEf�m\xA8\xDB_��\x9F\x84{V\x81�\xC4=\x8D\x8D\xED$\x8CY\xD7�\xB3\xA6\xF6\xE2"\x8Cy\xF6[\xB7\xBF\xC9$\xB0\x99]\x86\xA3'[��\x86mx׈]\x93\xE3;w\xE8\xB7](XA\xAB"Zq\xD8�\xAA�B
-\xC9\xE2\xA9^\xD2É£=8
-܇,�N\xB9,\xB5\x874 at N\x8B�\xE5\x85hU\xABy $�>\x92\x82™*T\x8E \xE8\xD6<\xADD\xC1\xF8�\xFB'\xD0Z \xC2\xCAN\xB0\xDA\xC4\xDEeHI^\xD7`L�y=[pZ\xDE\xC3�J\xCD1\xD7�\xEF\xAA\xC7\xE7r&B*\xEC\xCD\xF3\xB2x��;\xB7�Þ”=Ø\xAC\xAA\xB9\xBB\xF60\x8Bg\xB6\xEBS\xF38��\xF3\xC1\xEAi\xC8Ø¡'�\xC1\xF6\xA8$\x9B\xA0Us\xAB\x87�\x86\x81nR\x8A\x9C�U\x9F\xD6È©y{\x9F\x84k \xFA)R\xADÈ„\xA8
-5\x9D"\xFA\xAB\xDAC\xA2\xA5\x8F\x86\x9F\x8E�\xEE\xD5te3\xCF~�\xB7aK�\xB8\x9D\xA4�\xA7�\xEC\xEF,\xF9\x8A\xBE\x9Eѓ\xEA\xC1`у\xCC& g\xC9\xEAi�\xAC\xE4l\xB2Z\xFDw\xB4\xA4\xED# �j\xF9(t�M5\xA8\xE4 r5\x97\xBA \xFE�\xD9#\xDF\xC4�^x\xCE\xF3%\xDB\xC7p�BM\xC0]\xE9\x9B\xF7a\xD4��H\xAD\x8E\xF4\xD5\xEC\xF7\xF7\xFB9\xB3\xA3\x91\xE4\xD5\xE5\xEE\xE6\xD4-[͈�y\xEBýwG{ċ\xEE�\xCE\xF0\xA8ѱM\x8A�\x96�\xE5�:\xDCm\x8F\xF6\xBDK%(�\xDF\xC1\xDA�\xAFVrӿֱ\xEA\xBE#\x8B^\xFB\x92\xF1\xE0\xE0r\xF2\xFBb45�\x89(y?\xBD/,\xC9\xC8\xE7,f<U\xEDs\xE3\xC8k\xA1[1\xEF��\xDAߴg\x97\x8C�i\xEC\xC9g�{\x8D\xD4\\xB3Z\xD1
-'V\xEB\xC8\xCE
-h1�\x9F�\xD1\xCCo\xDE\xCA���<\x8E\xAD\xEA\x8D�Q\x94KU\xA8Ô\xB1\xD3+\xEC7\xBA\xC7uG�D"o\x8FJ�\xAEyR\xA2&�\x90\x93\xAC\xAE\xBC\xBA\xF7+�Ö—Õ€ �\xBEÆŠ\xE6z\x80�\xFEm3\x89N\xFB\xCC\xED\xF3\xA8\xA5.Û±G~\xA0�\xFA\x96r�\xEF1!(\xAB�\x98Y;\x8F"\xC2�\xA0.n|\xB5N'\xA0\xD6\xE1\xA6\xFBKg\xB6\xED\xBC��\xB7z\xE0\xB9@\xBC�gg˸�Q]\xE9\xEE\x8E^s=\xBF+`C+�\xF4\xE8\x9Fb\x85L\x83j/\x81\xFA�\x9E�\x8F*\xD2�\xF2\xA9Kʪ\xAF/\xD0˺3Kc\xF0RB\xC6T\xD1\xD8\xD8H\xB9H1\x86 \xAE\x85\xE55�X'x\xFBÈ’\xBB�\x80k*���\xDB-~Q�\x9B
-\xC8\xDA"\xB9\xAB\xCD4\xB8\xAEk%\xAF0F\W\xB7\xC5&\x82\xAA��\xFC\xE1?>�\x89\xD2\xF5 \xD6�\x85�\x82\xB6\xDD_\xBEb7m\xE7o\xE3r\xA6'\xDE\xE9�aO\x8D\xD87\x99\xE0:\x8C\xA9#\x98\xEE_\xC0\xFB\xBB\xC3.=Q\xFF\xA2)o'\x9E\xAD`3i\x85\x9B\x9A8\x83\x91\xA4\xC7b/'<kb�\x94\xB4��\x9D6TX�\xE4\xCEs�J�f5�\xCB�&\xF9)M\xCB�\xAA(\xC3tZ^\xB57�W\x8A\x85\xB7T,\xE0[\xA4^\xBDS[ީ_\x8E\xDDPۉL\x8A\xC6hR\x8A&\x88\xDC
-z?\x8A\xB7P[ܧ\xAF.\xCD\xC6\xEF\xF6ã±—7~\xD6?\xA7\xAF\xF95\xFD[\xED\xA7Ict#\xD4]\xA2\xAB0\xAC�!8Õ˜\xC9��?FA\xE3z][\xCF+\xEC\xAF5�\x9ADn\xADÎŒ\x95\xBB\xC4;\xA8\xFF�W\xBD\xA3/Ak\x8B\x99Ó„(9\xD6\xE9\xB4��\xBEr[\x84�K\xA6\xB2Û‰\xE0b_Ü‚\x98ܧ\x95\xAD\xFD\xED\xC9}\xDAY'\xE8)\xF5 $7X\x9B\x86\xC3c \x8B\x9C\x8D�Q|\xD75\x98Ñ·\xF3\x80\xB8Y�\xDCIt.Y\x95\x94\x94\x83\x84\xECÞ„mV\x95�R\xDFn\xB1\xCBݪ�Ù2\xA3�� J\xBArb�
-&&%W\xBBŘ\x85�\x92\xF8\xE6PT�#dtT\xC2`\xCF\xE3^ٴ\x91\xAC\xB1V� \x81b`\xE118:Rp\xD6"K\xA7/\xFF\xE3 \xE1\xBE\xDB
-\xE3\xE8\xFB��e6z&\xE7i\x9D?2\xBC\xF3A\xA8gj4\xEF�\x8F\xED\xC9\xDDSK!\x98\x94\xCB*�\xA4r9\xE5\xF3\x95[\xA6/\xB2P~�$sI\xBB\xC6t\xA4`\xD6ī\xE5X\xE7\xA3&^R^\xF8\xD1XTd\x8DM\x82tR\xF7\xC8lux��ړ\xCFޥ\xB2\x85`s\xC8n:+u\xD2�\x9E&\xFEIx���\xB9p �\xCDv\xE7ø�\xA0\xDDM=\xB4 6\xC5�.\xA1l\x9EA�̇\x94A'\xFD\xE22\
-\xEB�烣\x93&\x80+q\xB2�n�\xDEv\x98\x8E\xDE]\xAA\xE4
-\xB6T�\xBF\xF2T)�~`a7\x8B��G\xECeVÕ �
-p\xA9�ps\xDB\xF3\xFBou\xA2\xB7$q\x90\xC2{\xB7\x8F\xF3\xC7\xE1\xEA:è—_\xAADZ\xCB>\x83\xB3�\xA4t=\x96\x86\x87l\xF4J\xB4\xB9>\xC1a�6\xD9\xE6Y\x9D_\xC1vpi\xF1��\xD6\xEFRÅ¥d\xFD\x94{\xC7\xEA\xE5q\xB7s
-\V-\xB9�\xAD\x92\xF7\xE0Nz\xCCJQ\xF0)+<?\x87\xAC6E2!\xFA&�-\x8F%9
-\xC0\xC3�\xC1\xC7\xE6\xD3]\xEB\xE5P\x86\xB7)\xEE\xF3�\xB8?f_\x8F\xA0\xAF\x81\xD8\xFF\xCFc\x91.\xBA\x81\x81B\xEF�t6P\xA2\x8B\xC6�p\x93�K�&˔�\xB4�\xA9+\x95xo\xEF\x8F\xE0[\xDE\xC5k}w\xEC\xB0\xEC.\xF5%�\xF0\x96) N �\xAE\xB1a\x8F\x8B+\xBF�\xC7O5\x9B\xA7\xDC]0\xD4�4�d�\xCFDZ)\xBFf���\xB5fޱ?0\x8A"\x9A>a\xDA\xD4)P\xF2M1\x8B˺\x8F\xAB\xE7\xD5�\xCE\xF6.$N=\xC7G
-5\x94\xCEM\xEA\x9C\xC6 .\x93\xAE-\xA7j|vT\xA7\xDFnF�\xEC'83 �A\x8A\x9BÊ�N\x8B;�-×\xA2\xEEd>\xADs�\xF0\xBBR\x8E�\xA7e4\xCF\xED\x85\xF3\x98�nW\x8E\xB03R\xA6\xF8#�\xF9��Ii\x8FM�\x99\xD7\xF4>�%\xBD\xF7\xB8\xD0s\xFF\xCA�\xAFB~)L\xB2 \x92\x92L*\x90\xF4\xB4\x8F\xCEHÆ¿\xBA\xF41L\xF4\xB24�\x89\xFA]A\xEF��܆�\xCEn\x87+t
-�\xEED\xB8\xF4(ӳ\xF0�\xA4$J:\xA2Ȕů\xEEV\xC8)�$�=\xEFO
-p\xCDX3\xB4\x9D\xEE\xA7|w%\xFA9\xCE<\xFB�\xEC\xB3 \xE5��`\xBD\xDDS\x84\x99f\xC0�\xD4*\x91�\xC0\xD8Пf
-�N\xB8=3\xEB\xD9\xCC)maN\xBE1o\x90e\xBB\xB2]D<\xDC�8\x8E�\x90-.=\xF7\xFC\xF7$%Gl]\x9E\xFD\x95(\x92\xCD\xE5=��\xC0\x86\xBE+k\x8D\xDBrr6\xA6Ӣ�\xEDE�\xD5\xCB\\xF7\x88\xB8\xF6S\xAB\x83\x8D\xF1m\xF6\x9B=72��\xE1�\xE0"\xAE\xEC\xC9G\xB6\xFA1��u\xFA\xEF/זMb\xEA\xA1\xFA\x9C�\xB4C\xF35�\x95\xA9\xC5�\xE3S\xE96\x82\xA7k\xE95\xB9Jͱ'~\xB2\xCAC0\xD7JCl\xB7\xDA\xFE\xAD\x87\xCDQ~e>\x9A\xE4\xC9��\xBF\xBA�\xC9,\xEC?\xFD��\xBE8_\xD3~\x85\xCC77\xAD\x9F\xE7\xC2\xD2��#�\xAC\xBF2_\xF4e�)\x94\xC0�\xF7\xAC ,��N\xD7/\xF7\xC9\xCEWM��O\xEDP#\xE5㬾5M�D\xD0\xF6 \xCC\xE5"\xC46\x88v(\xF6\xE7\xD5D0\x92�\xBE\x9A\xEBd\xCC�\x83\xB3\xE8C�\xAB\xBCbpu\xF4\xDFϡ\xA9\x98سSveF�+�\xCB\xFF\xF7A\xE3F\x84\x85\xCE \xB7\x80\x9F$�\xB4 at k\xE2�\xD4\xFC\x87\xA0\xEC�\xD6C⇀l��\xE9�fe\xC1�\xF3\xA3\xE0s\xF0M\xBB\xD5�\xCA\xD9/]!@\x85 \xAE\xE5g\x8Dj\xEE\xFC\x87Q\xE7\xE5刳\x8B�RY\x94\xE1l\x8Dz\xF6,/\x818*̳\xE7\xD25\xCF޲\xBB\xBD\x8B\x8A\xF5\xD7\xC1Ro5\xCCϓI�\x97v\x87\xB4u\xBF\xE9\xD8#\xC6o\xE8�\xC7&.H\xD1q\x8F\xBB\xEF<�\xBF� \xB48h[\xA0SN\xCCcGNF\xA2-\xE4\xB8\xEA+P;U�05�ΤEA�\xEC\xFC\x88T\x89F\xF8\\x9C\xE5\xF3\xB2\xFE\xFB|\xA8�\xAC\x95\xE2\xF63j\x9F
-_\xE8�\x9B\x87\xC1\xBD�\xAD\x8D r\xD1o\x86\x9F\xB3\x8F$ew\x97]kX�(\xA6\xFEnww\xD2\xFF\xA0\xB9�U-aC\x8E<\x86\x89\x9D\xC9\xE8\xB6}�\xB6\xE3J\xD7L\xB1� \xC5 \xFE��3#\xF8uf9\xF20\xE4s^\xD4Te\xA8!\x96�\xC1\x9F�\xB1�0\x9F\xB0o>P\xA7$7r\x9C\xD0.\xE3\xE3\xE3\x85\xE0\xF2\xB5b{\x9E\x81)\xF1\xF3�^\x89l\xEDi\xEE\xB4��\x9Ezޯa\xBA�
-\xA9\x9Dqm)\xD2�\xADj�U\xCD\xDF�\xCAtg\x84�曀-\x9B:\xAC\xF4S\xA7\xA9\xB7'\x94��\xD7C�q\xA7\xE6%�IY\x86\xE3\xBB\xC2�kH�1\x82N\x8C\xB4�\xFB�\xFC\x86\xED\xECH۹zM\xC1\xDF�Fe%{\x9C�ecXW\x96\xF6\xF7!\x8A^\xA95\xC43\xD8�\xE0tc\xED\xDB�>\xA4\xEB\xCE\xE48N\x93\x80)\x95\xAA\xE0p\x8F��\xBB|�je\xA0�\xD6el\xEE\x88(\x98\xC9G2\xA2Bi\x9B\x8E\xA0DR\x8Fm\xFA\xBE�[\x8F\xFBP�o\xB5`\xAA\x95\xE4]�\xA8=\x97\x8E?Y\xC4\xD1�7\x8Ft�޷\xBE\x9B\x83\xF3\xB!
4\xBA��\xB8R��\xC1\xCB\xF6B�1A�IR\xBFw\x881�Ú³\xF2\xE9�Q$\x929u�]m\x89\x98`\x86/6\x83\x86\xF6\xACG{�\xCB*\x82Ƴ\xB5a\x8A\xA0\xBCS�\xF4 G6Ã�&>i>Ü’6\x8E\x89\xCF\xF8*K\x83y�\xC3\xFB?\xEB\xFC\xC0\xFC+\xB1\xFB\xDAow1\xA8\xEB\x83\xC1\xDAs y\x8E�g�\xB21�\xDC�\xC3�\xCC\xFD\xA2Ç\xFD\x9A\x9D/#\xDC\xFF�\xCE\xECh�\xA8�;P/\xB7\xC39�\x83\xFD\x94$m{q[\xE1\x82\xC7Fz\xF8\xA8�\xAC\xE7\xC6\xF8X\xBF\xB3\xD4i�e&:\xB1\x88\xCE\xD4\xEDp\x9B7\x82 R\xA7n�×\xEB"\x8FcI
-\xD0\xEF\xBA܌҅\xE5\x94ǓLbiW\xB8\xD4�IMf\xC2 \xDD\xEA?\x86\xCE�\xF4�H\x89\x9E\xE1\xE9c\x95\xB6�\xB2Ps�\x82\xD9\xE1\xDBʣY_\xA6>�+\xD8,hb\x86\xC3j\xC9\xEE.1M;kr�'�I\x985\xE5\xCFu\x89�\xC1|�F
-�\x920{\xAF�\x8E\xAD\xE5\xF2�\x98_\xD0R]\xB2\xC4r\xE630|VÜ¿\xC0d.!\x9El\xCC:*#\xE5aÚŒ\xF0\xE8\xDF�[ݳ8Kb�\x84\x85�#\xCA^sPj\x85\xEA\xA5<u\xE8ʺ>63t\xB7�=\xF8 5{"R�\xB7\xBAÑ�r\x82\xC5;\xF4\xD4\xF8~\xB5\xC3âµ°ÎRu<\xD68]fL\xE5Q\xAEaЛ�%\xB4�\x8F�ůÝ@7\xF69\xB7g\xBE\x83\xF0 \xC5\xCEW\xB4\xF7\xED\xFDÓ¸
-�\xE5\xFE\xAD\xE4\xB5R\xF0 \xD6\xC3\xCA8\xC7=A\xA9�\xE7\xAEm�Z\x8Cc*\xFB̃X\x9Frd\x96v\xCA�\xFAJ=\x8F\xE2v /5>\x83;�\xC4DZ\xCA\xC8\xE7\xE9%$\xAA9\xEFG\xD0g\xA0|\x98\xE1\xE2-\xE8i\x83\xC9)\xB5$\xB7\xF4zN\xA9(\xDBm\xA1\xA5n\xB4\xE2\xA8>v\xE6u�\xD9O=\x8F\xE8\x85�\x8F\xAE\xF4ֺSx\xFD2�\xFE\xB6\xA6}\x84\xBC\xFD\xB6J\xFD\xE3\xB8\xD7l\xA06�˦\xAC\xDB^\xA4\xEC\x9D\xC9\xFE\xBB\xE3\xF2sE\xD1H\xC1u�\xC4w�\xB5p*h\xFCa\xDF\xFEA\x8Fc[�\xCB\xC2R�
-4_��\xE3:Bޗ\xFB\x89\xA9a\xEB\xFC)\xCB%W2\xB0�\xF4 x\x9D\xBFN\xE7\xEFN\x94�kwKٻ2sA\xCF.\xFD\x9D\xF5\x8E\xEB\xA0P\xD3{m�+yU\x8AA8\xA9b\xF15a0\xE9\xE6\xEDt\x86\x99Y"G\xD1\xDFF\x99i\xE1\x84�K\x8Ct$p\xB9\x92^C\xBE\xF3\xA5\xA0! \xD6�/mNFv\xDFQ\xED\xD5,\xA5*W=
-Þ§Ä5(\xC6S\x9C\xF4\x90xG\xF0\xF1\xB4\xA7,\xE6�\xDB \xE2\xE0�?\x82\x91I\x8C4`\xD0�\x93e�Im\xD34\x83\j[n\xDCt�4�D\x8Aw5{�\xF9Z~\xD5\xF2\xA0r�\xBBק\xB1�w\xE8\xAD
-\xFF\xECԴ\xBA\xFB\x9EnH\xBFS\xC2im\xB9}\xD8n��Tp\xE4�\>�\xCFI\xA0&F\xBA\xE3\xCAi��\xE0!\x92\xB0_�i\x9Cb/qY9F/\xF3c\x8F
-\xD8\xF2ꆴS�\x89\xED
-M\xDBo\xB6cŋ\x8B\xEEsT�~\xBC^\x81\xBB\xF8_Ѯ\xFB\xFF\xE5s\xFD\xBB\xFF\xFE\xF5�\xFF\xFAO\xAF\xFF\x80\x9B\xF7\xEB?\xFFs�)�\xF0\xB0\xF5\xFE\xAB\xBF]\xB3�d\x81\xD3\xF9\x96�\xEBW}\xB0\xD3]x\xA5 w\xAD\xE6iB\xC1�\xBC\xD8/qt\xBDE���\xBD\xBFyp\xD1s\xCAئ\xE7p�\x8C\x96~<\xAB\xF8`\x8A\xFCW\xD1#�V\xED;7͵\x9B@ \x81\xC2\xCAMo�ь$\xA0\xC9OZ��\xB2t\x8Dq\xDD3Pmt\xC0`\xBF\xB0<\xC7�]�\xD9\xF8 \x9E\xAB
-\xFE \xF6\x821DT\xE2*\xC0Ú¡/c\xA1\xFD-\x87\xC03\x88cMI\xAF\xE8�l:�v\xE9!8\xE4\x92\xC7+�IJ�0\x85\xEB\xF0�\xA5ËY\xFB�Ä«NØŒG7\xD4R&ǾC\xDC�\xC1[\x86L\xE3\x92oѯ56}\xCDg|`Õª:\xB4z#\xB8\x95^W\xB4�O\x9EE5\xED+\x86�\xEAc\xC7�V \xAF\x86\xC3�\xB4\xF2we\x9F\x8D\x82\xC1\xDD:W\xA8+\xEE\xBA}m\xB1Ac\xD0\xDB��/Þ§�L\xD3\xF7\xBC\xD5!c9(%�\xB5\x9B:Tx�h\xF6E\xEA\xFD\xE5<�+\xBEp\xD8�2n\xE0Å»:C{\xE6[\xFE\xC0�:\xC4�f\xE2Vi\xBApl\xBA\xA3\xF1\xDAÇL\xC4\xDE\xF3~Ħ\x99ߥ\x8DQž\xFF\xE6\x90\xDBD\x89&\xEB\x92\xD7^�\x92 \x8F\xBF�\xE8�as\xD7[Q\x97�\x82\�}\xF7-\x842`\x8B\xA3\x{137047}ɧ��:7=P\xE3h\x98D\xF0\xEE\xE3\x83)i\xF0�)�\xC7v��\x80g\xD3 \x87]�\x87\xE8N\xEE\xF1A\x97lY\xA7gd\x8D\xA0\xFD\xDE�\\xF1\xF6\xEF �y\x88\xA6<j\+\xB8&\x9F\xF5\xC1�jE\�\xFEp\xD8�\xD7\xD6=\xF2\xCE\xE9���\x8A�\xB4\xB8\xD1O\xC1S�O\xC5\xCA��Ö·m\xB4�\xF2�\xFA<\xA6\xFCc\xF9\xC1�OE�\xA9\xB4\x94�\xBA\xB1�A:X!\xA8j\xA9\x87\xA8\xD7(\xF1\xA8XòŸ¾¼\xF1\xFC�M\xEE>\xD5R\xC4\xE7\x85\xE9|\x8C\x80�o=.\xEA^\x82\3i\xE7<15*\xC1(\x97R.|*�
-J9°I8�\xB8\xBB\xD9�0\xFCiƥ\xF6M=0\xF4 \x8Cc
-�\xD2�p\xEA\xED\xA0^i�Yr\x88\xC3n\x86JE�~
-\xB6Ķ\xAD!\xCE\xF7�\xF7\xFC-\x87�3�~p\xA9?\xA7�\xC4\xC4S\x93e<G(3bR{<#\x94\xEE�\xA6\x8F&\xEA�A!c\xD0�)ES\xC5\xDEwy�\xF1\xCAPt�\xD6h\xC7�3�\xAB�x\x93�\xD44߃\xAA\xF2~FX\xF7\xF6�;\x8F\xDE\xDBC\x88vBY\xF2\xB1�G\x9E\x93�᮸\xCD\xDBW"\x9A\x98c\xA2Y'�s�\x82\xECs9\xF7\xA3\xEF\xC7�:\x8Br\xFB薪\xF4�� \xF8z?\x9Eg�lA\xBE�H\x90\xF4\xE6
-\xB7�\xE0m\xE2\x9C\xEE�\xD0~\xD7W|@\x89\xA2�V
- \xE3=\xF5d�\x8A\x84\xBC\xE4��\xFC\xC2��G\x85{m�=\x87T\xDF\xD1yQt$�\xBE\xB7szlx�\xF4E\xDBn?#\xC5\xF5�<\xD6\\xF82R\xED�l\xB1\xEB\xF5�\xB5ƴ\x8AK\xB6,9� �\xC6u\xEF!\xC8\xDBD\xA9\xF9e\xA1V�C\xAC؋\xC5\xD1W*ճ\xC6�\xC1;\x85\xCF^/\xA2\x8F,g\xE5#�\x9C\x8F\xC1--\xBBO\xA1p\xC4Z\xE5\xA0
-\xDAH\x8A�\x8B%�\xB2\xEA\xA1�\x82\xCDk\xDDK�\xCCb:G�\xA90.!M\xBD\xEE\xD0�\xD0"ӎ\xB2|�G\x96A\xDC?\xBD\xF2Sk\xE9\xEB\x83�󬅫�\xAF\
-\xB1\x918zK\xBCw\xDC#H.J\xEC\x89�0\xB8\x9A\x87\xC6N\x9D2$\x88'\x90z\x8B\x80\x88�!0\xAE\xA1YÓ\x87\xE9<\xD6�\xFC\xE2n\xCDX\xC5=v\xF7"\x81�\x86Ki\x81\xBB"F\xB1��\xBD\xC4\xC4\xC5�\xD6# \x82N\xB5�\x9C\xDD�O\xB98z�W\xE6\xCFi\xEE�\x89\xAAÏ �\xF3:g\xDD�Oμ\xFD��ÜŽ\xD5�\xC6i\xBB\xB8*�l\x88x\x98\xF6\xC8o�\xC2b\xB8�\x97\xEC׿\x95�I\xB4\xF3K\x8E�\xFC=\xBC\x9Fd\xF5\xC6O�\xEE�×\x99kf\xEA��\x8AA�\xAF�\x91<\xD6\xCCy0\xAD!�\x8E\xB9Q�\xD4\xE5Ù\xA6el\xDF�y\xBD\\xEF\xEE\xEA\xEB�b�\irE\xC0\x85\xBE.-VÛ¦\xE0\x80T\xBD\x8A�kz\xDC\xC258c\xF6\x9D/ \xD4/\xA6G6\xD5�Õž\xBB�-V\xBB:�[}\xCC\xC6\xF2v\x8D!\xAA\xD8j\@\xB4Qd\x9F\xC2RVÊ\x82\xAE\xF1\x96\xE2�\x87!\xBF\xFE�\xF9\xFB�_s!��\xAB\x8B\xBCObÒŸ21N5^�\xDA\xDE\xF94\xE2\x83�\xA9w\xB3\xCC$\xBBKv\x9Cw�\x92@\x8C�\xFA\xCFKY/q\xC0\xD0Y\xF1\x96\xA5\xD8Ï”\xC1�\x97\xB4XK#\x86\xB8Õª\xC7�J\xCAM\x87\x8B%\x83G�<p`�\xD1\xDAv\x86\x88�3?\xB0\x96OW\xA9\x869\xBD\x9D�Gp��d�\xF0]C��\xF20\x84X\xFAT\xCD�\x9C_\xAF\xDB\xD4e\xEAkw\xE6\x84\xFC\x9D\xA3\xE5Yt\xB5]\xE2\x83�\xC2&\xFCB\xCA�
-*`_�\x86x+\x87�y�\x9FE\xF4\xCB\xE0�\xF6\xBEi\x88մA\x95H�\xBF\xACVo��i\x931\xC4t\x93#\xF6\xA2\xC8u>\xE7\xD8;\xD8i\xD8B\xDFt\xE5̿\x98\xC4\xEB6Jq\xDBJH\xAF$D�nf\xEC�\xF4\x91\xF7X\x8F/U�\x8B�\xA4l\xBCX,{\xA6S#\xCE"\xE8p{\xB8S/\xCF\xE2"2\x84�\xAEi\xE1\xF8\xD7Ϳ}\xF4\x95\xC1\xF0\xD5䑽\xE7՛\xC8c5\xC4eE&P(\x88Ѣ\xF3f�\x9FD\x94T\xB6�U\xCFI\x94\xCAR\xC9V\xE5I
-T\xD1\xFC\xBE\xD3\xED\x89\xC1hFe\xB0\x8D\xC7�R\xEB\xDDf4)\xE6\xEF�m\x98�\x818Ö¦\xC8\xCA\xE3�F\xD7O&2\xF9\xF1\xFA�\xBB�"(2Ë–Î\xAFò\xF3 ��$Õ´\xDD"\xE9\xD9ã‹Ž\x86\x93@\xEC㧛}��\xB2\xCCg"�d\xD8o\xB2\xC8\xCB\xC7K�]t(��a\xD1��\xF2X^\x9A\xE3\x94\xEBy at i\xCA9u\xB0\xB5\xB0`�\xBB\xC3I�\xCA\xE4\xDDCD\xF6E\x84\xA1e\xC6\xC1�¿�\xAD`Q\x8AG\xF0\xB5\xF9,:3\xDD}\xA4V=O\xF71\xEB\xDC\xF5\xF9\x9A\xDCw�\xCCV[8�A U��5\x8F\\xC1m\xCF!\xF2\xD5\xE6\x81]\xFB!\xFC5I\xBE\xBA·\xBD\x959B\xC9��\xF1]\x8AG\x8E[\x8D\xE4`\xF8\xC5\xE6\xF8�\xBC[�\\xC3l\xE6-\x87\x88\xCExb-1\xB7\xBF\x86\xC4Þ¥h\xE3\xA1\xCBSÔ‘�\xC1\xD2
-0\xBD�\xF4W>ӵM\x91�\xE5.\xF3�\x94qߪ\xDF�\xBC\xAD�\xACrǞ>\x82^a$$\xA7\xA7\xA5^\xAAZ\xF1\xBCc
-.;\x9E\xB2xނ6\x82�\xC5\xDAڡ\xBE\xE7�\xACa\xF0��\x82v\x95ڇ\xA6\x9B8\x89\x9A\x86A\x90\xCEC]\xDBC\xA4\xCE�\xBE0\xB6V�B�\xC1켛^[q\xB4 at z4e\xCA��\xC1\xD0XE\xB3'v\xEC\xDF\xCEх0=\xBAׂ*\x843�\xAD�\xC2~\x91ռ\xE6<\x80\xCD
-\xBE^O\xDFAb\x95\x97\x86\xA6 T�9\xB11ȇ\xCAAV�\xA1"�\xE5\xF8�b\xC5/\xC7J�\xCB�.\
-L\xB2F\xA3�\xAE\xFD\xC2\xEE\xB4DP=�\xBE\xAD\xBD�PY\xD2շ\x80j�2\xF1j\xA8\xF45*\xB6\x9E\xDEwz\xE8\xD6\xEA\xE6\x99-Ƅ\xAF�|\x90I\xF0\xD8w\xAE�\xB8F!�HS\x82\xBD\xF2�\xB2V\xBE\xAF�\xF3r%d\xB0\xF5\x81<w\x81\xB8ɧ\xF3J\xAB\x8E*oA\x86\xAE\xF9|�\xDA\xF4\xB1-\xBCJ��
-4t\xBA\x81̕\x98د`ɼ\xE5�=\x87\x90&\xC1\xAEL%\xF9#\xD4ݸ\xEB\xB4\xD2\xCB�\xD7\xDF\xE7\xB0\\xA2\xC0u\x88��(eT\x9B\xD9x\x97H\xF5nW
-\xDCo7\xBC\xEDv\x{3EB386E}� \xC4�\xD2~%\xAD.\xDE\xF8\xDAcsK9�\xA1\xBE\xE4\x89\xC4\xC4EI\xFE\xD862�\xBCgp&\xC0l\xF9v\x8E\xE6 -�Bj\xD6ӗ�\xA2\xCFˣz"=�\x96o\x8983(\xE0\xE2\xFE\x9F�\xE3\x95d\xAF\xF8 at l\x85\xD7\xD5\xC0�壃�\x83\xC7S<H0~\xCBʥ\xAE\xE0\xFD\xBFS\xF0k\xEE*\xBB[[\xEB
-\xEF\xF0\x92|\xFB%I\x8A\xB7�\x81\xDEwRB\xDBųs\xB9ͬE-�7\xF7|0\xE5`\xBDS,\xF3\xDEV\x83\xB1c\x82�Ì\xE9\x95�<\x8E\xBE2\xA8uf\xC7t�zZ\xA1c\xEE�ħ\xA6RD,�˲\xED\xF4 \x88\xE7�\xEE\xE6\xC1;�\xAD\xBB\xEC|\xF2n \x87\xE9@�\xDD
-XSTa\xC4\xEF\x8B�%\x822J\ž
-1\x84d�\xF8\x81\xB07\xAEU\xC4��\xB4\xD7\xFCHѶ\xF2\xC4 \xF0�\xF1\x8F\xF8`\x8D\xAD\xA3+\xC1�>�A\xCBC\xF0\x95D\xCA�\x96\xC0\xFCY\xEED\x82^ɚ\xC1\xBA\xBB\x86\x95\xDF\xE6\xF6Z\xEC\xAB^C\xE7\xC7'�tm\xE8ḗ\x96W\xE0s~l%\xFD\x86\xA0�<(\xFD6\xCFI �\xB0�m\x9Er3=\x9E\x8Ap\x8E\xBD\xBEZ\xCF\xDC
-�\x9A3\x87\x9D#\xA8\xC9�\xC1�\xEE.,[*/\x82�\x81}t?\xFC\x8Eja "�\xB1�ÞªtDP\xAB�\x82\x9A4\xDA\xC7\xE7
-\xB3x\xD1�\xBD9\x93�\xF7\x91z\xBD\xBA�\x97svH_\xD4z~��?<g8=G0\x88I\xE0N\xED\xDB�T\x96\xAB\xEB\xC1\x85x\xCF!�\xB9\xC3�\xCA�\x88gÑ«\O\x86oR\x8A\x88A\xE3�Û«s�r>\xC7�mdJ\xDA3x/\x8F\xBB\xE4�\xDE�]; \xA5\xE5�\x9B\xF9\xEE\xBC>\xBD\xEB\xF6mI* \xF5,�\xB2(x\x86\xE0$�\x8FK\x8F]�r\xC7R\x86g\x9D\xE1{*k4\xCCY\xA1E\x96\xF9`\xF0A(o\xAD\x89�)T\x97�P\x99:\x8Bm~>\xBA<\x91�\x9D!f\x8AvR�\xF9s>\xF7ÊŽ\xE7\xC9\xF2\xA3�#\xB7�\x9Ab\xFC:\x9F.[c\xBD&\x9FË·\xD0�?\x99^~9\x8FbuÏ:�p9Ü…9\x83\xB7\xFA\xED\xDCp\xF5QOs3\xF0\x84\xF5lp\xA6\x96\xCD'\xEDA\xDCc;\xC3\xE2$\xF7 sZ�U�.�\xC0\xD3z\xA9!\x95\x80�z\x9AVÕ“0\xA1 at sÛµJÎŽ\xD85\xD9\xC9b�\xE0�\xD0\xEBÖ‘\xF4\xC6=Û´UÜ¿K\xBC\xE0\xEC\xA6%\xBE\x84\xBEÜ \x8EPWxg\xF0vhݾ\x85 \xF8\xCE.v�\x8B̪\x85\x8A{\xBD\xED�\xDC\xD2\xCEV\xFARG\xBA\xDAWc\x84fQ%z`\xCE\\xB9\x88\xD1\xD8?Cp�Dm_ø_V\xD9#*\x9E\xD5\xD6fd\xD7\xFA\xEC\xAA�=f\xB5O�\x82f\xA1Õ¨\xD3G\xB0F\xAE\xC9\xF6\xDC3\xEF`\x8F0,\xC9\xC0d\xE5\xF3\xF9@|\xA8\xE4\xC6r\xFF�I�\xADL\xE6\x9D\xCF\xE8L߬f>6\x97)1\xD7j\x88\xF7Ë£MSƯ,+\xB7UV*V{�\xDF\xC2ny\x8B\xE7e\xBD\xD7C_\xA2�\xC3�{\xAD\xA2;k�Y\xC4Ì°U\x96\xEDl\xA5\xA8\xC0\xFE }\xE2�/\xA9PA\xA1(o\xB5j\xBE�\xB7\xCD7�\xB4�\xDB�\xE0\xFF\xB7\xC7\xD8M\xA4?�/\xF9\xD6\xC7&\xDC}\xA1_\xF2\xB7\xB8\xD1`\xC5�\xF6\xF9\\xD5e\xA2\xFE\xB5\x96\xD7� 2\x8Fh\xEB\xFFu\xCEy\xB3\xBA]\xE3\xF6E\xBD\xB3'K]\xDB\xF1�\xB9\xE9e\x99\x8E\xED\xE9\xC0^\x95i'\xC2�68y\xEC\xF7\xDBMA[ �D9Kḇ\x8E\x96\xDE�\xE6�&\xEF+\xFC'3\xAF�\xF6\xBB\xDD
-H{\xA2\xCF9'\x88�O\xBB\x89\xE1\xD3Lu\xB1\x9A�[\xD8�\xCA\x80}!z\xE0I\xDC\xD0�\xDDօ-R�\x94\x8C\xA0Ds0K\xABǵ\xA0\xB0|��Z\xA4\xF2�~\xAD\x8C\xD5-\xD9z^\xE43\xC2�7�\x8A\xA4\xE9uAJ\x92\xD6\xC1U\x96\x82\xC5�\xB8\x83~\x9B\x81\xFD��\xAA\x9C\x89\x90z�#\x82򫢔P\xB3\xC6\xD8y\x99\xA9�$+֚\xFA:\xAF\x87\xEB>��ۢ=\xEEi�E\xD8#\xACt\xA7\x963m�\xFBJ,\xE5\xB1\xF1\x90\xB4W\xE2
-g\x9Cy\x8A\xDE\xFB�\xB4\xA2\xB4\xAAÞŽ\x96\xEDL2s0\xC2M+U_
-\xEB\xC4P�W*n̆\xC5O\xA1\xC3\xC0\xF0
-t\xDF�0W\x9B\xB4f\xD7��`\xD2\xF8\xA3^\xD3)1\xB0\x8D\x84�\xB8Ā�\q\xA3\xEBݫ5U\xC6v?'\xA5\xBA<\xC4z\xF4t\x8E\x91\x9A&v�\xE9\xC13\x8A\xE0\xE8�\x9Bd\xED\xCEC\xA4�&\xDAx\x8E҉<\xB1(\xD5x\xB9\x96d{\xE0i\xA2\xB1�-\xD7\xD5\xDD\xE36\xB6{\xE7\xFArКZ+\xAD\xDD\xD9Pw\xA8�+\xE7\xF2Q\x9F=8\xD2�\xEF+6\xD1_\xF2\xB2I
-\xA5Kw\xF3s\x9E\xC9\xE8L\xB5\xFA\xB2q'%\xD5\xD4|
-ꯋT+6\x98\xB8\xC6\xE3�>\xF0\xC1=4�Դ\xDEx%�\x8A\xB9\xE5r\x8A\xFE׃\xCB{\xFE|t\xF7\xC2*3$!\xD9p\xA1H \xFC\x97\x9C7<D/V\x96{\xB0\xEFY"\x88\xA0[aZ\xE0\x93+t.s�B\xAB\x8Fj\xA5\xCD�\xAF:; \x86UI\xAF޳-\xE0{u;�Qo\xB7�j\xAB�\x8A1[�t\xF6\xBDf\xD0\xED\xAB5�l=\x84=\xA2\xC6\xE1X\xD6l\xA9�\x91\xB8D\xD0�\xC9�D;�Q�W~\x88r\xF2\xF1軟\xE0G\xA1A\x8F@Ǜ\xB8\x9F3ٟR}\xA6\xD1Rj�\xFA\xF5\x90\xF6\xEE9\x89!�\xAC~\x9AH\xAB\x93o\xBC\xB9;\xDB�^\xF9\xAE\xED\xA0\xFB\x99�\xF1\xC1e\xA7��—:\xFFZ�z~\xC9P&\xFF~\xB4\x9C"\xB3q9\xB5�\xE7鑨s\xE8 at J\xF3\x9F3x\x9D\xB9g\xDEc`\xF3z\x8A\xA5Z\x99\x96Կ\xE0�\xEE!Z�:s9\x86\x8Fز\x84ETy\x9C\x99�Q\xC8�i\xCF\xCB at -%~`\xAD��WѺ\xE4W�CD\xA7�\xDF\xD9\xEBy%\xAC-{{3�C\xD8M\xA9\x8E\xDBl\xDE\xD7Z\xAD#Y\xBC\xF2Y\x9C&\xCE;�,�^ٗ\xA0^�8/\xCDD\xC6\xE3,\xD8\xCF\xD3w\xA0�A'�\xBB�G\xA3\xBEm\xF2\xC1\xB4\xE1U\x9F��+\xC8صl\xA1x\xF2z\x95\xFD���\xF9\xBA\xBF\xC6�\xBDYQ\xF55/(X\xEC�\x89\xBD&�\x99.).s/\x90jr�\xC0�9\xEE\xB4ފı\x8F#`}Y\xA0\x92\xC1\x95\x8B'z/#\xEB\xEE#\xD7_j\x8B�}!\xE1Y\xB3\xB5�L\xEFG5�\x8F\xFB=�dG\xB2�[\xCDI�8ov\xBB\xEBnz�\xD5�ݬ�\xBBO\xB7\xEE\xF6CsD0:Z\xF1\xAFÉ\xC4�\xE9�,�Z\xF3G\xE6\xD2\xF8�\x8A\xA6gh�1\x80\x87&\x92>\xBE>\x9F2\xDEJ\x8F
-\xB5Ä®�Z�#��P×OÝ”\xDB�\xE5q[@7~\xF9\x953�\x8A\xC1Ò¶\x86Ns\x93k�\xC1\xA5�\xBAY\xE1\xB6�\xA7\x87\x98{\xE9\xEDp{È\xBDB�kz�\xF6j3\xAC\xC7ÜŒ�\xA2\xBB�/\xDD=|\x8D^\xEF\x8E_O\xB1+i\xF9e\xAF\xB4г\x8B�\xEE\xECÒ®.D\xD0,Ms��\x95\xFCh\x804ai\xD8\xF4\xB0\xCBN\xA0!\xA3\xF8_ç¹½\xF2:\xAD\xA1\xC1I\xC0e\xEF\xB7&F\xEB\xC2\xE0&I\xFE\xA4\x85�\xC5{Þ¤+\xEC(\xF1A\xB0\xE8\xF0P\xB4K)�k\x87�\\xB1w�*Þ˜\xE98\xEC\xB70Z\xC8C!\xD8C\xBEU)x\xAC\xAA\xBD\xDBz�\xE6\x81+\x91�0G-�\xD1B63\x8E&\x9A�\xAB\xD4Nx<8\xACV\xA6\xB8%\xAC\xF1
-z\xA1�ѷ\xFF-\x8F�\xCB
-Þ·H\xC9x\x8F\x96\x85_-\xAF�\x96iʇ\xCE\xC7\xFA\x8E_\xA8.\x92\x95\xADd\xBD<\xA4*-\xF0Ý‹U\x8C\xED\xD0\xF7\x9Ega�\x95;\xF5\xB4{uub\x8A\x91\xE6_x�Q{\xA8hi\x88^�u� 8\xBF��\xE0\x9F�]�Yu\\xD9\xFA5r\xD9\xC6\xF3��1̦e�"�ZÕ¢\xB1\xA9�;KÌŠ\xB6PwS�\x88\x9BW\xB8=\xF4@\xFB�\x97O\xE2\xB63\xB4Y��\x91\xEETO\xA4\x8A\xF2\xF4i.˦\xC3o91\xB6D\xAB�\xDE\xD1�rYg\xCE�\x9A\xC3Fh(\xBAΊ\xC5$\xFC\xF6�]\xEF\xFBH8iD\xC5:\x82\xB4\xB7\xE3�SB߯\xEBt\x97<-{/\xD3�\x99\xBC\xEAjh\xCA\xE6\xBEM\x8Ajj�\xCE\xE5 \xF6;\xB8\xA0b{c\x88\xD9\xE5_a\xFB)\xAC�\x97�\xD5i\xA3\xF0 �J$k<\x8DbU\xB3\x9F\xAA?{\xDDL\xC5�\xF4r\x95T6\xBF\xAA\xFD\xEA\xC9>5!0}�\xF9\x81\x9A\xCBj*m\x8D��\xA0;Æ’@���\xDFr\xD9m\xA9P\xE9\x86CX \xF5fg&M^\xF4�\xEE\xE9�<\xC6c\x88�"\xF7��\xA7yZz{4�{\x8Doz�8�\x9F!z�)\xF0\xC1\xCE\xC5\xDFmz#i\xA5?\x98\x9C�\xDCv>2\xE9Ep[?2\xD7\xFE4�\x9CJ\xC7=DI�sF\xA3LÜ\xA17~\xA6\xF08\x83\xBB<\x82o\xE7\xF6\x85&\xCBÇ£\xE5:N�\xB8bÀ\xD7\xF2\xA6q\x99\xED\xBD\xE5\xF3b\xD1\xC6\xF5`)Bf!\xF6\xE9\xF4�\x9A\x87�\xBC\xB3\xF5y��\xF8\x93\xB8\xB0K\xAED\xE2n0�24\xECj|\x90oi8/\xFF\xA3�\x84�Ú\x8E[A\xA7Ar\xF6]\x97\xD5\xF1\xFC\xF7E\xB6\xEAW$dz\xB3w\xE0\xF7w\xFA�SH\xAB\xA9R'c\xBF\xEEm\xDBk\xC7�b \xAAEAM\x8A\xE78\x892U\xF4z\x90?\xF8#\xA6\xCBV\xF9}Ó€\xD3)e,\x9AQ\xB8\x8AK\xEA\xC4[N�e4UZ,7JI\xB3\xA9j��C��nEp]\xFB1\xC45\x87JT\x{1A59B3}\xAE\xED\x89,d\x8BEO\x9E\xE7E.2\x9E:\x83\xFB��G\xC5I\xE2\xBE]
-�\x85�\x93\xEF\xDC:۾�\xD9�Z\xAA\\x90vW�Wd;\xCF\xF7RL\xF3\xEE!\xAD�<\xE3\xF0\xB6\xC2�y\xA9\xC8\xE5V\xD6A\xF3P\x9F\x85\xC9橄\x85/\xBB\xCF\xE4[\xAC/\x8E\xA1\xF5 \xDEYj�\xB1\xCC{\xA1\\xD1�\xFA\xFA\xC7�M\xC2Ol\xB3\x886\x99N�\x8D\x9AMR\xF8@&P;tO#\xE8\x92\xF6Η\xACo\xDB:\x81\xBE \xF4\xE2-\x87�q\xED(9r\xF9\xE8�\xC2\xFB;\xFB{\xB6\xEFB\xF5ee\x9D
-�\xA0\x83*>pJ\x8B\xA3#�\xD8\xCA=c \xAF\x91X\x81M\xF2\xD8!c�Ô‚\xE4WB`]C\x88=V2��i��\xE9\x9CU�#\xD4xGw5w�\xC1W\xBEEj\x86�\x8EcXy\xD6@��\xA7\xE3\xDFÑ\xEF�\xA1�\xF1a{5:�p\xA7�>l\xBF\x82Þ¬Gk\xE7\xEE\xADm\xB1\xFDqk-7\x8E�\xA3]u\xA3\x96\6:\x96GN\x91\xF8\xD5\xE5\�\xA6g\xF1cJ\xF6\xAE0\xC3\xEB\xA2\xE2\xB0\xE5)\x82\x9AÖ¡b\x8F-\x95\xD33\xC2n!
w|@_�e\xBC5xl\xA7\xF7
-\x89\xB48E5\xB4\x85N"-�\xC4�\xC40}\xB0\x98\x9E5@\xD7�J\x81�\xC1G΀��\xBB\x9C\xC8L\x92\xE4]_\xF9\xC0\x9D\x89\xA8\xA7t;պG{\x9C\x84�,\xF8\xC0\x99\xEA2\x8CD"U\xF1\xF3)\xB7Cڦ\xCE\xF9<\x8B\xE1/d�\xFB\xA7\xE7\xC6�ϋ7~)\x8B\xBE�\x83\x9C�\xD2\xF5|\xD6(SF\xB0\x85\xE7�\x82\xBA�\xC394b\xD7�\x8F\x8C\x9Bl\xD9`X\xA9\xAB\xA0�O\x91�^\xC1\xEE\xEE\xDDV��\xD6�\xB4\xF2\xF9\xBC5\xB6�\xFE؀��\xB5K:�v\x89�\xEAI\xE9\xFD1\xC2k�mz\xAE\xDCÅ\x9C%\xAEpI\xFC\xB67\x8B�\xE1M}\xFE�\xD6�j|\xA0*�\x9E\xEE�j\x9E��i�\xC1\xD7&S�1!m\x9FE\xB5.þ\xCF9\xA3\xA8�\xEF5zq=B�\x85t
-\xA8�b=Z\xFBD�E�E#\xA8(!ҕ~G1t\xC6#۳;P\xD3:m#\xE3g ;�\xFA\xBE\xABh*\xBCm\xE9G'\xC7$\xCF\xE0\x83+r�\xB0Ĥ\xAA\xDD/5�r6Յ\xC0\x94\xD5ER{fY\xAF�^\xA74\xF4\x817Eh}\xCE`\x8B\x89�\xC1P\xBDC�ЫN\xA2-W8\x96\xA8\xB0��^)��g\xF7`\xDE֓e�}R\xBD_��\xA6�?�\xF31\x99�dqz\xBE\xBA\xE4H_\xC3�>\xC0��-/\x{DC94}\xF3�]_\x9D`]l\xF3\x8E\xB8x5lh
-\xE97<�Z�A\x99���</\xFB\xD1\xE9\x9CJ9x�\xB5\xD8V\xD3ac*;
-9\xF5\xB6L\xFC\x96\xBF\xB6\x82Q\xFE\xDDj\xDE\xFDv\x8E\xD6\xFD\xEA&\xA6\xE1�\xA5\x93�\xAA'\xCA\xE1�\xBB,+�\xED\x99�P?\xB6\xA0c\xEC\xFF3\xD1Fn\xE5\xC8\xFD\xE5k\xAF\xFEt\xB6$\xB9?\xFDa&G\xED`\x8EOñH\x8Fk�\x88\xEE\x8F8?\x941‘p?�\xA9\xEE\xD8\xE8��\xFB\xA7_gJ\xDF\xEE!b\xAB\xC5\xFEi����v\x91ӖRk\xDF&\xD7?\xAA#\xDC\xECl}\xE0\xA6\l\xB7\x86\x83\xAE\x9AM\xCA\xF1\x89\x8A\xDFN\x93$\xC4eEje\x96\xFBs\xC4\xEA�b\xF2\xCA6�\xF9~\xE8\xC5ө\xA2?\xFE\xDE|\xCF\xE4\xBBs %&\x92E\x8C\xA00\xBC-)oB\xCF2\xBAR�\x9Bj\x9B\xE3\xF6\xD1\xE3\xF4`\xDDI\x82_.CSC&\xF2k\x94#W}t\x8E\xED\xD0�\xC3;\xE4�/\xE6\xB9�\x8A�\x9F\x88\xB7\xF3\xB8p&٢)�E\xF8\x9A�\xCCa\xFE�\x81\x86OQ!�\xF6o`&\xE3\xDAd\x9E5d\xD1K\xF6�EK�uٕ\x82\xF8\xA5\xE4\xDET\x82\xF7�\xC2;\xFB�l\xF4�\xDE\xF12�S\xE5_8\xE7\xC7�Z\xEE\x9Ed҈K\xF05\xAFU\xD7Rt\x87\x9F\xB0\x8Bx5ib;�\x8E?\xE7P\xD1\xFC˩\xD5\xFA\xB9\xCD\xF6((\xBD\xB6G;�J|K<Y\xAA�}\x9A!\xDAui\xFE\xB3k�\xAB\x92\xC1\x83[�:a\x91\xEFץ\xB9Ո;EA#\xC9_i\x9E5\xDC\xF3\x81&\xB7\xB6\x9Eu\xCD;�
-\xD6CCu\xD9\xC8�\xB2\x98V�Z�'\j\xC2q\xADa[c\x8B\x96\xBF\xCB.!e\xF5\xE1/\xBCm\xDCA\xF4\x99\xC1\xFE\xEC\x84\xDB.j\xAE3\xAB`�Ћ\x83RR \x819\\xA4ٔxv\x94\xB8G\xE1\xE9\x81/t�\x9A�\x99\xE3\x9C%\xA9L[\x94XbV\x88
-<*Õ£\xFA\xBE\x8ETa�\xE6�\xBEÙ‚\xC2?<2\xCF��Û´\xA07\x8EPK\xF9\x9A�\xCCvkC\xA52\xEFn&B\xA0KP\xD5Æ*^l\xC6G\xE8\xFA\xF87�\x89�j\xE8H\xA1�\xB4\xA2\xECKGw\x8F\xAB\x9B�\xC1\xD3oF\x8Fum�\x87\x9D\xC8Ú;6\xDEj3\xF8\x92_\xB8"\x9F[�\xF5\x8C\xD3{=\xF3\xF9|1\x84|iL?\xA0�\xC6G\xE6:\x9A\x8FU\x8F\xEEN[�<�Jb~\xBCl\xCFw\x94\xB6}\x9A\x91(L\xF65\xDF!\xCF\xC2;\x85N@
-W\xCBö*\xEEy]\xFC\x81S��C\x9B:@8\xDB\xFD\xFA\x8C\xDDb?z,9��\x8C\xAA \xF3�,wv\x8FS\x87\xD6\xF8ea<\xF2z\xCE\xF2\xFA\xDA\xF3XBNY \x82\xE9+ZT�\xF8%\xA7��!
-\xC3Ç£\xED\xB7Z\xF2\x8D\xA6\xC4O
-�\x80�\xC9\xEFi\x99\xC2a\x8E\xA3\x8E\xE7\xDD�e\xB4\x86Ob\x8E3�].\x8F\xA2\xA2W\xD35C�\x96%\xB5&AԌ\xB5��}\xBB\xDB\xE3�^ \x8F?\xD0^ W" g��\x9F4\xC2\xDA\xFE\xAE\xBE�C\xBC23�}\xA5\xE7\xA1]\xC5K\xB4l\xFC\xE2\xFDxެ\xE5\x8D1P\xDC\xD7J\xF45\xE3\xC2+褔\x96�*
-\xD4\xE4� +�v\x8Be\xEB\xDDI�^i\x8A\xFD\x95\xB4\xFF\xC0\xD7-\xFB\xE5J\xB6\x98\xA9\xC24\xDB\xEFQ G\xBA0\xED�5J\xCA<]\xAA�ԔB pY\xAA\x8E\x94`\x99�\x8B\x90Y\x88\xB3\xDB\xFE\xC2���~\xDB\xD4
-\xFC\xFEB<.�\xC0"i\x91Ԁ\xBF\xE6�\xC1\x93\xE2�r{B\xB0��
-\xE1�i52\xF8\xA0C�\xB5\xBA=\xF6\xB5\\xFDx\xCD�#\xFA[\xD3k\x97�\xB6\xED\xBE\xD9\xFB\xA9\xEC\xC0\x97\x98]^\xDE5\xA3<\xB9B\xE4\xE2: Ûme\x97�6]9|e�\xD3�\xE8�oI�2h��\xC9$F0�{O\xF11\xA4�\xAE\xB4L\xC1Y\�)r\xCE3R\xF3�\xB3L=\x8C#�D\xC3N 3\x8D\xF4\xEDA6�\x9E\xBFN}\xA9:\x85\x93\xC1q^\x89{\xA8G\xCF
-^\xBCGE?z�\xBB-\xD9\xCB~ź\xF2�\xA2\xFAGÏžJ�궿$\x9F�\xC1\xBEJ\xF4Ñ!,:rgS=\x82\xCD\xC1fÄ›�ÓŽ\xE0<
-�\xFC@\xD1>\xFDmMz!wj\xD3఻�\xDF\xF9\xF1<\x85\x80 \xA9Ӥ,\x89�:+/\xA5P\x84E-�\xFC\xA0\x9C\xD2\xEE:�\x8F\xBDxT\xE5ԥ\xDDV^JBp+d\x9A\x9E?\x81\xB5O6\x9B\xF7\x91e\xBD\xDE\xD4\xEC\xE87\x9A\x97f\xE9\xC8\xD9\xFB\x87_\xC1\xB4����\x99H�\xA8\xF3t\xA7�\xCDw\xEF\xE7yy\xC9\xC6�\xD7\xF2\xDES\xAF.;zwW\x8B\x9F\xDBa\xA0\x82\xB2\x860,�l#\xB8\xB6\x83\xCF\xE6\xE1\x91}\xD9N?\xDD
-\x81-p\xE0\xA3\xFC\xAE(\xF9b\xC3\xDE>\xF4\xF7\xC4~\xDC\xD8\xCAà5]\xFA4D�\x88s+z}\xF0A_\xFA@\xD7\xF9\xD9�-yQ�o�\xE9\xB5\xF4\xF8!\xCDx\x8C\xE42H\x8D\x8F\� M P�\x86\x8A\xEB\xBE?\xB2Ø¡�at\xA3\xB9\xF9�MKCp�5\xDE<n5B\x83Ý\x87`\xEA\xDE\xFDA\xB4\xA2 at 0i�\xF3N\xB2\xFA\x8A2vd\xA8\xED~�!~7\xB6f!i\x8F`\xBD\x8C \xEB\xCDaP\xDB\xD3+X\xD7\xEF9\x847\xBE\xD7i\xDE\xE6\xDAP�\�W\xF8?\x83\xA7\xE5\xE8Z\x89*~`Æ£\x84\xEFG@\xEE\x9C�\x92ABWxj\xE7rz\x87[=\x91\xF16)�\xAF\xC2\xFFcX\x83\xC7\xEB�\x85\xE2N�5\xDDWÉ£\xF7TP^W<\x89r5�ÙŸM\xFE\xAF9IoH\xB7\xD6ôd>\xCD�\x87\x871A\xB8\xA0\xF4\xE7\xEFh\xCD-\xFAIY\xC6sxi\z\xDC\xFC\xC2[\xFAx\x81Ah\x8F\xA4�\xE5?\xF4�\xE9�\xBE\x8B1(�\xE3\x86>\xB8Ú‘\xD4\xDB\xE5>Q6\x9C�w4=� \xB69\xF7KsO�\xE5\xC4D:\xA74�\x90\x9D�\x95\xB3\xCA>\xBD\xE9\x97�E\x91�\x87`�\xBBa\xA2-aU\xA7\xA9�v\xBB\xE9\xE8�\xE5\xD9"#\x8D\xEE%\xC5+q\xE2C��\xD5Å¥n$H/\xDE\xEA
-\g×�j\x8D\x8E\xBF\xDBl,�\xCB\xED�\xE7\xBE<ꦻe\x85\x9A_�U\x8Bu\xC5Ó§!Ft\xB6^\xD6GF\xB0Q�\x8B\xA5\xD7\xC7Õ„@MXÏ\xEBty �\xDF*늟\xF5�\xF7\xF4\x99\x93R\xF7Ct\x87^z\xEE}\xE8\xF0xw\xB0\x8Du\xA9\xE3�\xC1f\xF5×’XK?\xE2\x834}��\xA0Y\xD6Bçn\x81Φ<\xF0\xD1{\xCD�\xC4\xE6h\xA1\xCC�Y\xA6|�\xE6�\xC6Cpoy\xF6�=8C�/\xA3k\x9Fݨ\xEEx\xE4f3g\x93\xBA\xB6\xAD\x9E\xD8\xF9�\xF2:\xF9x\xACL\xFFZ\xEE\xAA\xD9�e{?\xD6f�fx\x98'\xD52\xBA\x94S�\x97D"\x83dIL\xFBc>\xD2$\x90S\xEA6
-\xC7'�B\xF0�nE�\xE2�o\xA6\xEF\xF4\xBF\xFE�\xB4I\xAF\x9F\xFF\xBB\xF3\xFB?\xFE\xFC\xAF\xFE\xFA\xDF\xDC\xD7\xCF\xEF\xF8\xFA�\xFF\xF0\xA7\xDF\xFF\xC3\xCF\xFF��P\xFE\xFA\x87\xF8\xEDC\xFB\xF4\xAF\xFE\xFE\xEF\xFE\xDB\xD7\xF0\xD8\xFB\xFB\xCD�\xFF\xF8\xDB\xFA\xF!
D\xFF\xFA\xA7?\xFE\xEE�\xFF\xDB\xFF\xF1�\xFF\xF4o\xFF\xE3?\xFD\xE6Ͽ\xFD\xA7\xC7\xF1[\xAA\xA8\x85\xB1\xFF\xFE\xF8\xFD?\xFC\xDB?\xFD\xF7\xF8\x9D\xFE\xFB\xDF\xFC\xF6?\xFC\xE3\xEF�\xF9W\xFF\xD3?\xFE\x87\xFF\xEB\x9F\xF3\xE7\xFF\xE6\xA7\xEB\xE7\xBF~\xFD\xDF\xDF\xFD\xF3O\xFA Z\xA9\x97\xC4No\xFE\xEF\xDF\xFD\xE6�\xF8۟.\xFA��\xE8\xA7\xEEp-Cҽ\xA0(\xF2:\xF6W\x94L\xB5\x86\xAA�\xCB\xFE\xFA\xA7�ʩ\xD7\xCF\xFF\xF3\xEB�\xFF\xF7+\xF4\xCF?\xB7\x9F\xFF\x97\x9F\xFF\x8Fw\xFD\xFC�\xF8⿵\x84\xBD\xF61\x92Y\xFA*!]\xA1\xCDhM� �
-\xEB\xA1\xEAN\xC9\xE9+�Q\xA2X\xA1\xDEk\xBB\xF0*\xD5 #߀bK\xAE\xC3\xC8B\xC0.\xD9�\x8C)3Mt/�2\xEF\x92&2\xF4\xE3\xEE*\xFA\xE1�\xFF\xB3-9J$�3\xBAJg\x93\x87\xC0m\xF6q">?w\x8B-\xF7\xC5\xFEUӢ
-\xE9E�\xC0.\x8A��\x{1DB962}\x838\xA4\x93\xF8\x9D]Ȃx\xF28\xDF9m\x92\xED\xDF\xF6MZѾ8\xE7:<\x82(\x8D�X\xBFf-\xDF][l\x8C5%_!��\xC0\x89\xA4\xA6�7\xECǛ\xFB\xF6ӿ\xFFU\xEE\xFD\xCFy\xDE~\x93;b˦\Q\xDE\xFC\x9A�\xBCN\xD2\xF9L\xF5�\xB6‹\x8D>++}\xEB�\xFE\x94_\x95\x94m@\xBC�\xB2\x87Է�\xCBh\xDF{\xE9Y\xB8\xE5q\xCC\xD9j8s\xDE�\x96��d\x97\xAA\xC2\xDCj|~|0\xF3\x83\xD4\xED�]�\xA0"��\xB3Ԗi\x90��\xC1\x9E\xE7s~\xD0۰\xEC\xC8>,%x驖7\xA3�\xDB�lw\x9B\xEF\x91\xC6\xF0\xB8wz\xE4zZ}� H\xB9\xCE�\xD9\xD5hqMv\xC40c\x86]Ѯm\x98
-D\x9E\xCCee\x9E\xC7lK\xAD\xA1߃�\xD7\xE8{\xB7y�\xFE L\xA1\xF3A�\xAF$| �R6�\x95\xDB\xE7\xD1Ý\xF4:\xBA\xFE\xC2Y/\xC3d\x8F߸\x9F\xCA/\xF5�\xFB\x88J\xE3kw j׫?^mV\x8E\xFB\xFC\xF1\xFE �\x8D.�\xDFQ \xAF\x8C\x9E\xF7\xBF\xEC\xC7_,�\xE2\xB4P?>\xB8\xEE\xFA\xF1\xC1#\x91e\x8D\x8F\x8F(\x8B\xE9\xAD\xFC\xF0<c?%e\x98\xF3\xF0\x93#s{\xE3P-@�(B\xAF�xW\xEFy֢ã\xE8`\xDB(\xEAO\xAB\xE5Þ�\xC9
-C\x8A
-|�\xCFI\xF4�\xB6\xA0(\\xBF2\xA6\xD4'T'\xFFO\xEC\xBDi\xD4eWY.\x9Akß•^9\x83\xF6\xA0\x94
-�\x81Jfß WH���\xBF\x84` &FH\x8A/% \xD4W\xC1\xA4�\xC8@�\xA4\xEF2\xE8� \xC2 at Q\xB9\xD2*�\xB94��\xD1\xE3\xE0\xA2`/W�\xA2\xA2"\xD8à ‡\xDC\xFD6\xCF;\xE7\xDA{�\xE5\x92q~Üœ\x83\x909\xF77ךk\xCD5\xE7\xDB<\xEF\xF3\xB0H9\x8C2��\x8F�)\xE4\xBF\7\xAE*\xC7\xC5 \xC4]�\xDDt\xD1\xE4�|ᄹmƸ\xC0�\xEE \xDD
-�A\x9F\xFEb\xE4\x8BV6\x95\xE2\xFB�\xC8"_MKQ�Ø \xDEb\xA9M \xBDw\xED\x8BT�n\x9Ac\xD7/\xBE�\xB4\xCA��\x8B�pR(M\xCF\xCE�.d\xB6h$s\x92\x95骱e\x82\xA4\x892\x97m\xD9�w\xD5F\xF9_\xD6<9k\xEF�W�\xBB\xFA\xEA\xD5}]q\xF5Þš\x91B\xF6\xC8ê·\xD5B�\x94\xEDT1]\x88Ì\xA0\xBA\x9DzV\x8F\x8F\xA09\x94)\xACDgH \xBCB\x86\xDF\xCE4\xE1`BU\xC2,N\xC1\xEE\xA9e\xA0\xC5�]uJu\x91\x8A\xC2�mA5\xA1>SA\xA9@*\xC1\xB4\xC0o#�\xFA\xF8\xB7\x9A\xFD\x88�\xF8�U\x9F,\xB3Ö²
-\xE0C�6�z\x93]\x88\x8Bå·¦\xA0U\xF4\x87QP\xF3�\xC0R\xF9@\xCA\xDA+X\xB6q\xB9\xAC\xC6(!�B91
-\x8Az)�3!6\xCA I\xB3�P\x8E6\xC4\xD5:
-S\xB81Bq\x94 (�\xFE^1�\xBC�\x85\xB0\xD1X\xEC�\x92\xC9\xCERʹ"\xE8�TÛ’���\xDF\xED�l\xBC\xC4\xDD\xED\xEF\xF6\xF8\x81\xABU*X\xAB\xFF\xBBV\x8A\x88\xD2n0 W��\x82hA\xAE2伓Жrã„'�A\xDBj�1\xC0\x9A at S\xC4P�o\xAD*o\xC6|z\xBD\xAA}\x97\xA1\xD8L'\xA5\xE2\xA6\xC8\xCDR\xE8H�)\x83\xAC\xCC7\xA2.\x80\x97\xCE\xF6Ê L븉b\x9C\xA8\xEA5k\xB3>[z�\xB8�\xE1;\xE4�\xA7f�\x88�\xA0v\xE5Ce�\xC5C\x82Jn�\x8C\xCF2\xA4\xA88'�\x9D\x91h\xE8 +�\x8F\xB23\xDE}jl\xB0!T\x9Ab\xD9\\xEC�\xA8\x98P\xA8\xAB\xE8\x98\xD7\xCC^1QB
-\xDBP\xBAY�0\xF1!>9\x8B\x9A\xCEE\xC5ʸٕ\x86X\xBE\xEA�3\xCDYA\xC8�\xB1\xCA(\xE8n�י9�e\xCD\xF0\xB8T�d\xBF�=v\xCE��\xEE�\xA1_\xA6\x89��\x87M\xA6�B�3
-\xB7%{\xBB�\x9C\xE2lHh&\x9Djt\xA4\xB6\x82�\xBA}\xFC}\xC9\xFAh\x94K@\xA0\xA1
-Ä\xC5\xE0p\xB1\xC1£\x99\xC8\xDFg\x81sI8k\xF0\xB5�\xBB) \xE7:0�d�\xD0�\xC4\xE3V<B\xD7\xCC\xFB\x8E>-\xAD%\xE9Z⺣\xBF\x8E\x8ABͲ<\xF0r\xA2\xBE\xB3<r�\xFB5\xEA\x93\xD5/\xF7\xC8\xDA\xDB-\xB2\x9C�iÞ£\xE9\x97[\xA7F�`\xB1\xEC\x82V'\xF3\xB6\xA2\xD5AT\x91+\xF9\x89lÒ¶\x90\xDBf\xAE]
-\xBD\xCA7"65\xB1��\xA1K\xE1 \xE5\xEF/CÙ¾($\x98\xB3cR\xCA"\x87\xF8 o\xE5\x8F\xEC\xF8Z\xB3�;B�\xD2I\xE8�\xF3kd\xA3\xE1\x8F\xCCܸbnk\x97\x87x|\xB3\xB9Z(j4Ú°\x8B\xC6\xECT\x8A\x8B�\x8Ad\xABl�5UlW\xAB\xB6\xECh\xA7\xDA\xD8'3\xE9\xA4\xEB\xF69\xBEQ\xDA}l\xFFU&^6\x83,:\xCB4+Òˆ]"\x83\xC3Q\xF6j\xC0\xFA\xB2\xE0U\x8Eo6'l\xEB\xCDV\xD7\xD66S\x82\xAC \xDF\xE4fl\xC0�\xA2\x8D\xD3w\xC7Ê@\xF9\xF9\xF1n\x83a\xFC\xB2\xC4JuW�Epj\xD4\xEA:\x82\xDAÙ¼�~\x85Õ…M"\x8F3h\xAC\xF9l\xAA|\x9B'��XkÖ“\x90Y\xF9<<G\xDAc!\xA8\xA4:�DQ\xAC\xC8>v�A\xA0o\xEASU\xE9*\x99\xCA;&[\xCD\xFASo\xFC\xC4�h�A�\xE2wB�1\xCB3sS\x97\x8A��4�_z\xB0�49\xEEQ\xF4;T\xF5[�!��\xC4G\x81\xDC�\xAF\x9F\xC6��\xC9\xE8&\x94ÎœD]t �Z)θN\xC6Ë¢9�\xE5JU�#\xB7W\xCD7&<�s#t#U\xA0q\xFE\xED\xFC\xB4mÔW\xB0\xBB\xFD\xCD\xC0xѲ�!\x9B&\xEFd�\xF2f\xBC\x91\xD3f\x83pOU\xA9M\x96\xEEp\xB6+\x81\xFF\xBB \xEB!l��\xAB6\x91\xE5\xDC\xD1oR*P\xB8\xB9\x95h�\x8C\xC0\xE5y�B{�\xD7f�\x84\xA3檒\x8C��\x9CLÓ®Z��h\xB0�\xB8\xBE _0f1\xDD1i'c� \xE1\xA0�P9\xE1\xD9G\xC0\x97&jz|}\xC5V\xDA/\xBB=\x97\xA8U̼<�\xE4�\x99B\xA9\xA8\xACJ�7*\xF1H\xA2\xA4\xB7;J&\x9F\xA3\xBF\xC43\x94\xE2\xC0\xC2L\xC7\xD1�\xCAPk�
-`z\x80\xDD�**>\xB9Q {\xD2<�`\x9F\xFB\xB8\x86\xE8�/~\x82\xF0[�ÿ+&0K\xE8�aN\x8F\xE2\xAC@\x86Ì©r \xD1Ld v\xBA\xAD\xAE \xC6S5i�\x93mâª#\xCDZ\xCFU\xBB\xBD\xD6 \xB1\xB2\xB1bw\xB7/dlJE0\x85r\xC6:?\xC2\xC5\xE2\xF63/\xBF\xA2\xE3�R�L\x9F\xAF\x90\xAA\xA6\xE0\xE5&j!a|\x92z\xBD:Yp-C�\x82\x9AK\xB5�R\xD3k\x99^\xE2<\xC08u\xA8�+\xCBf\xA3\xCB\xF3\xB8:`\xFC\x89\xB3V�^{W\xD6�\x91\xBB\xD0��0d\xACoDTO4,\x93\xA5\xF9\xA6o\xD2UchÒš\xEC\xDE-\xDD\xC3Qf\xB8(�\x96�\xF7\xA7X\x9C*\x9B�I^\x88\x909rc\xC7 ÊŒ\xC8\xF6u\xB3\xBFW\xD5s\xFA_*\xBAJ\xFFS\x83
-\xC5`�\xF4\xF7\xC2tIF\xBBy#\xB0-\xF8f\x95\x9D\x91��\xB5\xAAB\x80r�3\x8BS�mÚ®\xE5\xEF\xC1*\xCB;>\x90\xB1\xB4\xC2X\x90\xC0�;\xD4!��\x8A��\xEF�\xE4_\xE2\xC5pJ\x93\xDFW\xC9Ø»\xA8\xB9\x94\x8C�\xEE\xAB5W\xA6\xF1bu\x86\xAC.���\xC9Z\xAC�\xAD]\x84*LVbj\x90\x8D\xC0\x97W\xC53\x85\xD4=\xBE\xB2"�J\xDA\xE8\xA0$\xA1\x89[�\xB5@Û\xA5\xD71\x8B\xAA;p�B\xBBEcW\xDCX\xEC\x80[\xFBnv\xB7N\xF4\x9Dm���\xACw\xE9\xC3MRr\x947\xC7�4~\x9D�F\xDD\xD3VU\xEC"\xD5!E\xCF\xF4*Yn\xF1-U\x91\x9B\xC0\xB0\|\xCD8\x9B�'\x8E\xE9\xE1\x83\xEEX\�z\\x9B\x83"\x80 �Öµ\x98X6\x91\xE6�\xB1�\xF9WkÄ‚\xC6\xCD
-|O�\x8D&\x84�\xAC\xA2\x8C\xB0\xCC�\x8E0\xB8p\xB8\xFE\xA6a=Å„\x9B\xD5��\xD9�\xF0Q;(��2D��\xAE|Ä©\xE5\xA60\x85S\[\xB3\xA0��IC\xD6A!2\xC9uE\xBAn�<8�\xDF\xE4�O<�H-\xBA\xD7,\x81\x85\xCB'\x95\xBFJ\xB2\xE1\xE0\xA1H\xE2\xD4~\xB9\xA3\xCD\�"\xE8% r/�w�nO\xBC\x98\xF1™\xF5I���\xB0�\x84\xC9\xE5�О\xE2\x95q�/Ö–\x91e\xF2\xAA=n��'4B\xC2\xCBE\x98{\xB4\xB4t\xB9h\x88W�!×\xC9I�u\xFBkv\xFFE\xAE\xBF\x8Be\xDCK\x87\xF1\x84\x9FF]\xAFYD\xFF\xB6\xAD\xF7Ý_\x81�d\xC4\xEF\xC8�\xBFB5\x9D\x98j\x9D\x95s\xBAr\x85\xEA\xC9@\xB0�\x85\xA7\x92R\xB3\x9C\x9C,\xBD!z\xADd\xDE\xE9\x82\xEBθw\xC9&\x9E\xD8\xF8,ß®�\xBDt\hÆ€\x8C\xA0\xAA\xE69\x9F"\xD6\xCC`\xD2\xE3�\xC0\x96��\xADk\xBA�*^Ï.*\xDEÅ¡0\x8E�)�\x8B
-��՜�=\xAE\xBBx.\!A¿\xD5*G\xC0\xC40\x89\xC07]\xC9\xCC\xD69\x94\xAB\x8DT\x85\x9A\xA1r]�`\xAFaֱW~�2\xE5r\x8Ac \xCD�\xC4\xD3P\xDA@\xE5\xEF]\xF1\xBDPEl
-\x90\x93\xAA\x9CV�ɬ\xCE*e\xF4�M"\xA7\xC27 Ad�\xC1h\x98\x81\x90\x87\xCB\xE3Bs�\x88\xF7\x8E6�"�e�\xD8Ñ·\xA34gU\xB1\x87\xC77\x9B�\x93>É\xDA�\xF8y�#\xA2S\x96\x9FM\x83a\xD7\xDD Ht1\xE4\xF9\xD6�"#+\xACE�\xF31I\xB5Ô‹\xD6:�h�\xB3�\x9E\x98�PM1\xDD(\xBF\xF8\xB7B
-��\x8DCJ\x98Z�\x94\xADV7Ó€Jy\xC7x\xBAÌŒ*�@\xBCÉ\x9F\xD3\xEE\xF6\xAFL\xEDH
-^uPgp}\xFE�\x9A�f\x9E\x8D\xA4\x8C\xC5�@�\xE3\xE5\x9B\xE2
-\xB3�\x91\x88�#V�\xC2h�\x87u>7Wl\xB8\xB8R\x92å ƒ
-d\x80>T\xC4\xD1h9U\x90\xA4��\x9F*^��s\xAB0\xF4r\xCDQ˚�S\x97\xA6�\xA9�e\xF1CB\x9C\xA6A\x9B\xBCe34ȧ\xABE�\xD0U͓֫r.\x84\xD9%
-\xC2h\xCD\xCD\xFC\xF5\xEF�\xD8\xF85\xBD_4+j\x81\x8A\xDC\xE4M�\xE2\xE8��Ay=\x9A\xA7\xE0QQ\xCAt-\x88\x97I\x9At\xB1\xAB0\xE5\x88�^x\xE0\xB2\xD8\xF9QJ^?<\xCD&\xAC²j\xAA\xC9f\xD3C In��d}\x88ɶ%�U�\xC8\xE0P<T�\x87�\xBA�\xDE/wtܤ\xFA\xE9Y\xF6\xE1�\xFDu\xD3i\xE4i}�NCم�6R\x91�/i�Y&<.\xC7g�\x9E\xC3 \xC1IC\xE8[dט$�\xCFa\xFC\xB2\xCANo�\xE6\xBA�V\xCB\xD7jS\xAE\xA2\x96+\x8D\xFA\xDA\xE9\x97ń\xA77\x9A\xE5)h\xA0\xA2*\xDA\xE5�\xF5\xEE\�\x9B\x90*]\xD2!&�bt\x87\xA2\xED\xA5\xCD�\xE7\xE1\xE4\xC8nm\xD4j2@\xBF̓\xD5G;\xBE\xB3I0>\xCAƈ\x8Ba1�;y�X\xA3�\xF8E\xA1\x85�\xF7a\xFD5\xB8\xB1�3\xE8ޫ\xC3�S\xB3-Q7/\xA6\xC1 \xE4̮\xA8�\xDF)}
-\x9A"᡼\x92\xD5p\xE0�\xC1<\xAE\xEE�K�1a\x8F\xD96o\xE7!M\xA6C�\xC1\x8E#jV>\xA0!m\xC0\x8DR\xFDL\x8C)\xBE�F䥨\xA5M��\xFB4�\xD0\xD3�\xE8)r`\x8FK\xEA\xA4\xC9}��Qîr/
-\xE6\xB8��T�v\xCB<|+\xB4n�\xF0#\x8AV�_,YÆj\xC3jS\xC0g\x824{\xB3ï‘P�%\xA6\xC07�\xA8\xDA\xCAQ\xAF\x94l�\x8C\xD6XogwCwv\x95\xAF`\x9C\x99}\xFC\xFC\xE5b�_k\x96Æ v\x89\x9E���\xD8Ú¼<F\xF4\xD0\xC2oqjd{g\\x83W\xFC\xD4x-Î’ \xBE\xF7é·£q\xBAXJN\xB7�ga4Âœ\xB1\xE5n\xCDz�5n6\x8E#v��7OÞ\x8D\xD7iD\xB3\xE1|hj�\xEDi\xB3~hĨ4\xB6xeФ7<\xED�\xEC\xED0�c�0A\x83A\xE1\xBFDZ[x�*\x99=\xE9\xB0
-b�i�v�\xE3�\xE6\xDB\xE9`tJ^\x93*,\xDD �s\xE8÷\xB11\xC4\xD3�*õb\xACt٘0*\x9A\xB5\xCC^\x8F\xEA �\xE9I\xF6 \xD9�t\xCF/e:'\xB9\xEEJHh\x9Bmb\x94ʓ\x98\xF5PL`>�\x89n��\xCB"z\xC4G(p\xFC\x96m�%B�).\xA4\xEF�\xA3�a\xB2\x92F�\x93\xCC>S<>U%;f]j\x8E\x84ӳн1\x97I\xE7\x83MT�\x80\xB4c�x\xBB\xF4\xED\xB2^\xB1\xD0-w3\xD5ٗ \xF1\xF3\xF8\xFC\xD8Nk\xCA﫵\xB5cs'\xDA;}\xB0l\xB7\xC8\xF1\xE2\xC4�\xDC\xD5\xC4G*\xA8\xA33\xC0\\xB0\xF3xp40\xF5\x97l
-\x8B�pǻi�.\xDEY.E\xFA\xBB�]\xEFv\xF8j3"\xBB:9�D\x8DQ:g\xD5B\xEC\xB3\xC1R\xF5\x8C\xEAb\x82\xC0\xE2)\xAE\xE9\xCDe;\xA7q\xEEt{\xBBd\x90\xA9mՇ\x83\xC8G\x9F\x9A%\xDD�\xEFf�\xA6\xB3@\xFAƗ\xBB\xBB\xFD\x83�\xE9&X\x9EU\xF6\x90=\xB5r\xD5\xF8%\xB0�@e�\xF3%\xDE3lX�p0:\xE6,B\xDE+\x94\xD4`\x8F�\x92 @���\xBEs� pI\xB6\x85p�|+\xBA\xAF\x86"k^�Rd\x8D\xF8m\x83G\xC0\x95\xD7v\xFDn\xB7U\xC7\x{16D735})\xEC^�\xD5\xDF*Ӳ!8\x8E\x83I^\xE0~\x8C\x8B\x85\xE19W\x94��\xC9[1,t6�s\xE4��$\x94\xDC\xDA:\xEAN\xB8\xB3�\x9Af\x99�b�\x90\xAF\xA4
-\x96B\x92 \x84k\xB8\xAD\x96\xE0\x8FS�rD[\x93-\xDA2\xB6Մ\xA3\xB3\x95A+\x90\xA4\xEEQ�\x8CM�|j\xF3K\xA0�]-\x8Djٗ\xCDU\xB4\xBB}q\xC1��f�d�do{\xB34j\x99YS\xDE\xD4��lm\x96F�!\xBA\xB3\xE1\xB7k\xCD҈j�%\xD7䣚\xC0[2\xBF\xEE�U\xD8u\xABoB\x9F\xC5\xF2\xBA\xBC��J
-Z\xD5C\�B\x85fB\x86":\xA1\xA4s]9\xE9\xCC\xCD\xD7�}�\xED'\xA9@\x82 R7\xC15\x92"*R\xB9Ó¤PW��p\x97\xE8\xA5C\xEF\xC9\xDBb\xCE�h\xF0JwÍ\xAE�\xBB�T;%$#8\xE6\x95L�\xAA*t\x9Do\xB69\x95\x91\x82."\xFD\xB6\x83\x90/AC\xCCM\x9F\xF8\x88\x8F\xD5Óªw\xEA\xB4\xD6�\x89^Æ…\xF0/Ù‘\xBEV\xA3'\xB99\xFDF\xF5l\xE0\xF8\x9A\x84J8\xCA��_\x8Bb\xBD4\xCDL"�7\x9A\xA1�;\xB4\xB141w\xAD\xFE4\xEB\xCD6\xB9\xEA\x97h\xECB�\xD5\xDA�\xAB\xA1\xB8y\xC6\xFB\x82\xBA$)i�pFM�+\xB6\xA3u+\xB7\xB3\xB5Ѻi\x811\x8C\xC5\xE9\xA0\xF65/\x9B\xAD\xC0\xB4 �\xD9�6��u9��\xA0�n\xD4,\xB4\x8C\xF4�4�\xD5\xDA�R\xAA\xB11�\x97�@\xD1 \xA7\ �\xA5\xD8Þ¦;�\xBF--�\xDDÚ¬�Kh\xCC\xF0�/8\xB0\xB5Y�\xB5\x8A�\xDBɵ�\xB66k\xA3\xD8Ƭ;\xB1z\xC6�\xE8�@\x9B\x98\xC1�Ϫ\xBB \xAC\x99MÈ\xB4\xEE2�c�Ô n3\xE1\xBC$�sR\x89��\xBB�n�\xF9�r\x80\xA1\xA6\x98
-\xA9\xEFC\xFC\x87\xF1\x96�\xE8o\x8B\x9EWY\x88D\xA5�\x93P\x91\x93k\xF1\xE5몡#Ͼ\V6\xE4U\x97\xC7\xC3\xE9B(ӄ\x8DQ+?�\xBC\xBAn\x82\xE3\xF4\xE1)\xB9.\xC1\xC9ȫ\xC3A�B\xBA,AN\xD9;\xAB\x91�Z\xCE\xD0�i\xF32\xE8\xC8\xD4<\xE5'#�f\xB4{\xC3�\x88\x88 \xB7<\x9B�s\xB3\xE5\xF07Z\xE5RM"\xC0Mݷk�,/\x96-\xA0B\xBFMI\xCF�[L|\xB7�\xBB\x92�>\xC1\xB0\xE3\xC9@�\x8C\xFD\xEFe:\x891\xDDh\xF7`\x8E�e\xF1\xB6�\xE0UcP/\x85�\xB6�\x82k\x8D�IB\xC3
-\xDEh\xF5\x84\xF7\xB4�e\x85,\x9C\xA0o�t�C\x8C\xD2
-\xB9\x96\xC9\xF5\xA1ж.�æ ¶\xA4\xB4$\xF1X^D4\xB08o \xF6DiS\x84\x8F`\xC5>\xA8Æ”\xE5\x9F<\x84\xCCJ\x83\x88�Wu\x88\xF5\xC3\xD4\xF2a\xFC\xBD<\xDDb*\xCF��\x90#\xBB\xF4�\xF6�X�\xAB\xC6\xC9c\x96\xCC$ݪ\xC5\xE0m�\6jN���\x9B%\x9Am\xD9\xF3 Z\xD0�\x86\x96{\xF2Ö„?\xD5\xEDw\xFE�\xDE\xD2b\xB4\xB5W\xB7\xBB\xFD\x8D�\xDFpÊ»�"Ny\xB4\xD8Q3?\x99\xA9\xE0a\xFAE5\xD5\xC9\xD9R\x9AS7-8\xA2\xEB\x8DV\x93\xAB_xQ\xFA\xF5\x85W\xCF\xCEmQ?=��7OQ�\x98\xA4D~\xAF\xE5ÈL\xB0\xBEK׀ذԋ�\xD6\xC1\x80\x97I!tÕ4j\xF1 \xCCS�!fm]8a\xCB?�\x8Dɦ\xBFh�\x9E`1\xA8�\xAE\xD9\xDA�X\xF7\xAD\xB4Y_X\x89\xA7\x81\xFE]�\x97� \x9Bo\x80\x88/\x8B\xD8|}\xD3\xCD�\x9E
-\xE1\x9B\xD5MW\xAA~y^\xDE\xE0mq0\xD3'\xC8\xEAY-?\xAD\x81&\x9E$�\xACs\xC1\xDF7�%z\xB2\xA9\xF1\xF7\x88\xAAIX\xBD\xD4(\x9E3Y\xBD0\xB0\x98�>CG�\xBC\xF6M\xE2\x9ER�\x81\xE5\xD2\xE0*\!
xF40\x85\xA2h\xBD�y�o\x8B�<�\xE0T
-\x90<f�\xB1.\xD8\xE9\x85�;\xB0\xB2\xA5\xE5\xB14\x9D�@\xB04\xE5\xF9Ck\xB0\x9A\xDD\xCB\xCC\xFE\xF2\xE7�|\xD4dӢ�\x8E\xDD\xF4\xF7\xB3gH\xFA<�* @i�\xE3;]6.�\xC0\xEE\xB6U�G\x9C\xA8}e#N\xB2;\x8B#\xEEE\xABQ$\x80\x80vq
-\x8C\x99\x95~(\ \xB8sV\xEB\xC0l)hP\xF4S<d2Z\xB4\x80�\xC2GA�m\x92W���\xAF
- \xB4o\xE91\xCD w�>\xF1\xFCs0\xBE\xAA<�\xB6\x89YY\xF5
-\xED\x94\xCEV\xBFHm*\xFC@|\xB1v%\xA6[C\xF8 7[͉fE�Q\xCFs�\xC1\xA3\x9C\x89`\xE1K\x9C\xF6�JyH%n\x89#\xA9mJ\x93%! 8\xB49\xD2�\xAE\\xBC�s\xA0\xA3��\x8B\xD0ÓYR|>\xA9\x89\xD8\xF3c\xB6\x86\xA8"#\x86U\x9A�0�z\xE3\xF5o\xDE�7c\xB9P\xC4(\x83p.*̇\x8B\x{19CC82}Wp�VXET~\xA3\xAC\xC4\xE43z\xAB\\xB4x!K\xF9J\x95Õ¨\xE4gU\xA8\xA2�\xA7\x90G\xA0P\x85뀖\x8F8W7\xCE%\xFA\xFA�bb\xAA4\xC6\xC8Y\x85\x8B*O\xA1\xD4\xF6\xF8\x82 at W�\xEDvAV\x83>\xC1^/E\xE8A\xD3VE R�=\xDA@:\xF3=r\xB3\xB7�3\x87/\xF1k\xA7\xF2jup\xBDF+\x9F6�\xA7\xECem:g\xB4�X�vT\x80�-\xF7�\xA7)�z3\xB9\xA5>X\xE5�\xF0Gr-\x8B\x918\x88\xAD\xD2\xEDj-O3��\x9AZÓ \xA73\xB2\x9C(\xEF��\xD4
-\xB2t\xD4c:+\x91Jv\xFE6w�jÝ»\xED�U\x8F�i��{N\xEA%+\xB8\xB1\x98m\xB4\xFBdRt<\x95\xD5\xEE\x8AC\x86""H\xC4�N W\x8Bq\xE4g�\xF5\xAE\xE1\x85\xE3\xD6l\xD5؊ޣƈ\xA2n+\xD1nFDd:\xD0\xFA\xCEs\xD0z\x82j)�\x8D\xEFp\xB1I\xC0\x9B\xD1 3\xC1.�\xA2\xAB\xA2\xE9\xA7\xCB\xDEÒ•Õ–\xB21�1Ug�\xEA{q Ü®~x\xBA\xD1PT,\xA04P94(\xA8�\xF6\xC3.\xCA\xCC\xE2\x97Z\xA6\x80<}\xE15gw\xD5C%\xB2$0u\xA2 a\xE3\xC3\xDFݺ�\xD06\xF1\xA5*\xFE\xEFr\xCD\xEA\xFF\\xC3\xE5\xA7\xF7c�\x80/\xAB\xC0\xF3\xA8\xD5a�eb\x8B��Ú³�\xEF�J'kC\xF1\xB7\xCA\xC22QyE\xF1&"mA\xE4;P\xFC\xCDT\xDB\xFAk\x94uqI\xA6×\x8F�Ö‡�E\xA1A\xF0̃f�\xD5\xDAA\xC0\x9A\xFAB<�d.dÄ«�\xFAU8�\xAC\x86\x9B\x99QG\x91
-t;UP\x9A\xABt
-\xE6\xC1\xC4n\=\xC4 \x90\x89e\xD5E-\xE4 u\xEDQ\xC3�\xCCb\xE0\xAA\xFEў\xA2�\xD6�ءD¹\xD1�0��\x95\x844\x8E\x9B\xEE\x90o\xE1{�4\xBF\xB2\x9B0\xD7�xS\x99\xD9]\xC9�Z\xB8k\xE5�\xE3�P\x84\xD3\xE6�\x9B\xCE�N�7j\xD1\xD4$\xA7\xD7�ǪeS)\xC0u�\xA2"\xAE\x90
-\x8A\xF2\xF3*\xE3E\x8Dl\xE8\x8D{p�\xA4\x82\x8C\xC6ݱ\xA5Q\x9D,\x8Df4\xC0]�\xFB�+\xED\xADVU\x8FÞ®\xF6\xC0x+~\xECx\xAD\xC6\xE9\xF1\x87\x8Am\xAF\x86\x8E[\y\xC7`\xA6P�\xF1\xE6\xE2GÑ·Ü\xABΊ\x8F}\x9D8\x9F]\xB3\xA1TR\x8F\xCB\xFE\xA1s\x81\xA495F\x9Cklb\x8C/\xC3\xEB\xE6�e{\xD5F�\xB5\xE7F\xFB\xB8\x98�C\x87\x98�\xAD�\x90\xB7N\xC8\xD2=ÊŽ4 Ip#\x98\xC4R�\xAAH\xDC\xD1pA8쎎?}&\xCC\xEC\x84_�\x9DrNqy�:A.\xF6�\xEFW\xE59\xA8\x83Σ�\xFB\xA0W\xBB�
-\xAETFi\xAA\xBEn�e\xEA\x94<\xB4@\xCBx\xF0&\xFB�\xF4\xD7&\x82څ\x9B^\xAC \x8A�m}\x85x\xBF\xB4\xCFZ\xA9\xFD%\xFEས\xF5ڵ0\x9A-\x95\xBD\xA9\xC3\xEBGb˞>=�2\xE2\xB8\xFARߣ\xB0\x96J�\x82r"\xFC <\x8FV\xC9\xDDY~\x80�\xCB\xF4\xBE6\xEEnG\xA7s\x8D\xFC s\xF2Z\xCFT\xDEp\xF7F\x87HR\xD1SW\xB4�\xE9\xCAI\xFA\x98j�\xD4P'O!#I\xD2'�\xDC�!
-I�\xA7\xC6,r\xB4\xFA\xF8"8�i̵�Ɉ=\x80\x9C\x8D|0�u\xFE!vmR\xF3(�t\xC5$C*J)r\x99\xF4\xF1:�\x8E<:�T�\x85l\x95- o\xCEe
-Y9\xC9ƲZ�h\x85\xD8\xC3ޙ:P3\xCDf;:\xBC\x91��\xF9j\xA5�r��`\xB2\xBAZ\xF5\x9C\xC8<\x96\xD2�\xE3V5\xFA\x97\xA2D$Tc\x9D@\xD0�\x9C�\x8BD\x82\x9D&.Fh��\xAFLipHK½�\xC6[2�:I{p\xADEK\xB3\x84V\x8F^+l\x94\x{11888A}ݣRL%�)\xFC�\xA2\x96\xAA\xC7AS\xCB\xD5V(\x8E\xC3Y\xCC�n \xE8d\xB4\xA9\xD8v!�\x94[%q�?P \x86"\xE9P dr
-b\xD7o\x8B\x8B�\x87Bk�\xE5\xBC\xD3\xE9\xB1\xEC �|\xB3Ñ6�<\x91\xEA\x8A�\xF52-\x8A4\xAE\xFEU)ag%�b\xFA\x8C\xFAc.\xDA�C\x83\xD2Õ‰\x93\x83\x8E�\xF1�\xAA&"\x88\xC3\xE8\xA8"\xE2E\x90n�\xB7\xA4\xC6\xEC\xF4\xE0\xEB*\xCA�iBn\0\xA0�*�S:\xA0^\x8CO ~`�\x81\xF9C\x82\x9D˨3b&\xC6\xC1\xA7\xD4#(8y1\xF8\x94rE\xE9+;��\xD1R\x88\xF6\x89\xF8\xC5_\x88�(}S(!Ì¢\xD6 �\xF0\xA0[\xE8�_5c#\x8E\x8C5d\x85È
-\xAAj\x9C9\xA2EŻ\x8FV�\x9D\x84\xDEgg\xA3C�\xE6F���\xD2 \x98P\x851\xBC\xAA\xEE�*\x8C!\xB4d\x9B%Ĭ\xB94\xBA\xBE\xF9\xD3\xD5Q\x81G\xAAF\xAF\xC6�\x98\x83\x8F\x9F \x84\xCA�4�4�\xF1F\xD0}\xB6\xEB\xB9N\xE8?�u
-.��\xF7\xB0reQ�6\x8A7\x9B��\xD52\xF4�\x99\xBFH\xF7
-G\xF5h\xBB\xF6$4\x9AM�\xD5᫮�\xCE?�\xFE\xA2X\xF6\xD2V�\x8B2A|]�yT�\xAC>\xD4\xD1�h\x9B\xE2x+$\xED\xE4u$#U\xE3\xC43�X\xC0On
-\xEB\xF4�\x94isY=a%t.\xAA\xA4G@\xD4�\xDE易\x95\xDE2Š�\x92\xC4�!!\xC7.\xADC\x97gǩ˲Y\xD2(4el�\xC7Y\xE3\x91�_\xAEm�W5=\xA4\xE0\x95\x8D�\xC2Ŵ\x84\xA2�nk\x94m\xD7V |\x85,\xDAH\x878\xA2\xD7�H�P\x87D\xF1\xD7\xE4P\xAE�\xE3\xE4��6W.\x90��Az\x9B\xE3^Q\x834&\xBAf\x8A\x92\xF46\xCA\xD87\xA6\x8E\x82
-I&�A\xD1"\xB6A
-\xBD��\xA8,`\x88s2B\x8D\x93\x97x�\x88L\x81t]�\xAACJx\xD2*\x83\x80먗\x8F\xE3\xB0\xF6B\xE2\xD0,
-9\x98\xBF\x8B\x83\x9DϞ\xD28s\xED�{\xE5>�\xD89�ĴS2\xA20\xD2�\xEB\xD0\xC8B\xB48s�Q=\xCCjB\xBE\xAD(\xD3�\xAB\xD0\xC1P \x80\xD6P�I5\xECX�T\xBD\xD2\xD0�\xA3$\xAD\xD3p\x8A\x995\x96=\xE4\xA8\xC9\xE0H'}+W\x94\xC1�\x9Cj\x99\xD8\xDC\xED-\x80\xEBdØ�k\xA6\x83\xB9\xCA0稛>\xD3�\xECM�h.ɾ\xB3o\xCA�b
-!\xA0q"ͧ\xC8u\xEAS�\xBE��\x84\x80\xFE\x85\xF7\x90Ú§\x8B\x8D!\x9AR\xA5h\xC7\xE6^A\xB6\xD3x\xA3,^\x93A@\xD2\xC3Ô®\xBA\xEEÔ®��\xEDD\xA2{O�(xA6�\xC8\xC4)\x9B#HS\xE9,\x98�:\xEAhÈs&d\xC7:\x94=\x95�\xC5\xE3\xAC!\xC16\x91�ᥣ\x843\xF4
-VHש0.\xE9�6\xC4\xC9\xF8\xE3ٵ\xE5�3x\xC6Q\x8F_\xBCI\xFB%\x93\xD4b\xBA��\x85l\x92\x8CO&E\xB03\xA7A\xF0\x9FJ\xD5[K}\xB45k\xEB\xF3
-\xBC5\x8A\x88b2w�P�\xB3\x9D\d[\x82�\xB1�2ou;_5\x8E\x9D�a\xA2\xA9\xB1.
-a<i k\xA8\xBC\xBC�B
-G9\xA7\xA0B\xD72\xC2$�=\xF2Ǩ\x84Fm\xB1l\xB7,)'e\xB9!\xE0\xD0_\xBD�\xB08ĉ\xFB7)\x93�\xEF\xDA`\xFB 5\xD3 \x9A\xFBQ�"\xC2k\xCC��\x8C\xCEZ\xA8\x82\x8B΀C\xE0\xC3\xDA��W�\x8C\xF4\xD9<\x84\xB8\x83\x93\xA3{XS0��'\xFB+\x82\xAB\xAA\x97��3$�;vtj�";
-\xA2H!�FX\xED\xA0�Ñ\xA8\xAE uQ5 ]&[\xC0;\x9D\xE5�\xB8\xFC
-\xDF�\x8B*\x8F\x8FQE\xD8a\x9F\x8C\xDB^}qj�03\xC4\xD4\xD1\xCD^ue~�+\x8B��\x98\x94x\x98�M�jb\xEB�\x91�\x99T�Ùƒj\xC6\xD2#\x98\x{119A23}z�\xDF\xE0\xFD\xD3\xEA\xB4\xD9\xC4 :\x82\xA4Q�\xB7:\xE8\xA6�\xAD8\x81Þ—\xE61\xA3\xB2\xD5\xFE\xE0\x8Dt\xB2\xF7\x93\x9Bí¹#\xEB5X_\�\xB3\x91%)\xB0\x82�\xB3.;\x97'\xB7\xA4H\xA4\x83�\xA7<\xCE:z( \xF5ÈŠ�g^4\x89c\xE6Q��\xA4\\\xBE\xAA<\x9C:r{Q\x8E\xADRB\x85E\xB8\xB4l\xDAT?\xAAU\xF2�\x81LNß´o\xEA�B\xA8\x96\xE0\xE6J\xD6\xD9�\xA4\xAE\x8D�m\xD4��\xA5\x8E\x82\xB8?3qKcl0\x84'í‘žq(\x96YCe\xE5 \xABn_�~_m\xF4\xF0.rH\xA6="\xE0�\xB2ѳ�\xD3n\xC8΀t�qÅ°@X at O\x9D\x94ا�hP*d~\x8A�\xA8Ê«�%\xA7(C\x81\xEB\xC1\xF7\x86�\xA5�둦Y\xD01rni\xE6F[\x9D\xE5z\xAA`+\xA6\xD3\xCA!\xBE\xC2l\xC4#t\xB3zA\xE8���n\xACÈŸ@s\x8D���\x9B\xD9l\x89jtK\x87CV�\xA7U�:I�C\xC1\xC3\xEAm�BX\xF2\xA9\xC3g\xFBu\xB4�jƈ�afq�\xE6\xC8�B)\xAF\x92\xB0u\xE0\xD6 :�\xB3\xF3\xAC\x87!\xB0O\xE4\x8F\xFC1sz9\xAE\xBC7u\x98\xEAb26\xBF\xE2A]�\xD5\xD8\xFD]:�\xED5^\xC9\xCE�K
-X�n)\xA1\xAD6�;Y\xE3\x9Bw\xB7�\xF9\x9B�\x94\x8A\xD0\xF1A+,+\x99\x8FuH\xA3"\x85\x88\xB8@\xB3�S\xA3r%�\xB1!\xA2\xCAK\xEA�0\xB8_%U\xCE\xE45\xE0@\xA6�NS��\xF6{�Ua\xAD⨊W>\xF2�\xE0X\x9DIJgť\x8Ez\xC6vN\x95��z\xE8Y�^lԘC\x99\xB9\xF0Y Q�\xB1�
-[�\xAD%�,\xB8\xC6��&�!*�\xDA�\xC6�=V\xE5HI\x83 \xCE\xCBI\xEF\x83q\xF4W\xB1H\xA4mʕP8\xA9t\xED\x80\xDA�\xE5\xAF\xD9A\x97_�\xCEIY���:\xE2Ä1P�PRu�\xA03\xA9\xC9\xE8}\xD4i\xA3\xDC\xE4\xA0\xDBJ�a\xF3\xE8\x98\xDEk1�\xC4i�l\xAC�DƇsьT\x8C\xED\x9CI 2$PA9\x93{\\xB9*�\x89\x8C\xE0YU\xB7vX>\x83Lx\xE5m\xA9;̒X2\xAE\xC0߄bʔ\xBE�\xF7\xF0�|\xC4
-"\xE4Ln2\xBE�j\xAE\xCA\xD1d��'\xC9diTH�7�eibV\x9B#\xD3�F\x9B\xA2"\x842\x84\xFD\xBAn�\x97\xF0#G\xB6\xDF\xDC\xFA�\xBCq\xE9\xE9\xEE�䙢\x9A\xB8\x94�oMS\x8F q\xD1
-\x8C�\xF6`\xB1:\xBBF\x8AX�\xAA5\xFCÚ…\x8E`G3\xBC�Ì8K\xF3�\xE4Ϋ\xA9^�\xB7
-�LN�r##0)9K\xAC\xB3܄K\xD8�8 8\x99\x93\xA5)-�\x97\xEE\xA9\xF1\xE9���\xA1A\xC6{F\xAC:\xCE\xD6.Q\x94گ!|\xA18�m4_uer\x83:\x86\xDE\xD2\xE4\xAB�\xF1�\x94�oĻJ\xF7JR\xC4ost \x84D\xB4H\xD9 \x90�$6�\xC1&\xF2F\xAA\x92k\xF1B\xC3}�\xEChLy\xA3Sg\xDE�\xDCbv\xE0I\\xD9n�\xBA\x8F~\x8A\xA7�\xB5\xA0\x99\xAAM\xD99\x89\x8E\xA4�\xDDH�%�\xF4b\xAAv\xD6g�\x90�\xA4I۱E�eUd.-`;\xA2T0p#\xA79\xA6hcp\xBA\xB7G\xF5 \xF9I\xBB\x80F\xFD\x9A\x93\xE6zx�\xD7'_C\xDCP�:\xCE�\x81\x9Cpl\xB0l\xE1\xE8\x90\xD0
-�_Ì”w\x99�u|M\xB8H\x92\xF8\xE2�\xDA�\xEA\xA3"�>\xBB\xBC�\xF0$\xE6\xAD�\x9F�ax\x86\x9A@) \xCFY\x99\xC8��/\x94\xEBJ5 \xB7o \xEBA\x9B\xA2\xE4\xA7]\x8A�G\xD0f\xB5�\xA3c\x84h\xB3\xDDRP�\xBD\xEA\xB7É\\xFB8\xD61\xAB\x84˯\x83~
-D\x83oD}\xCDc\xA9\xF6P�.\xB6�\xDBp~S:\xB0*\xA3\xB9�t\xCF%�\xDC:\x91\xED\xDB\xF35\xF3�M&\x84CmB\xA1�\xFF\xDE\xE8È '&\x84ÊŽ\xB5\xFBf\xC2RM\xB3\xEDeN#T@\xDD!\xD2M8\xB8`\xA7"\x85@��E\xE1\xF82gjF\xDA"i�\x9ER\x9EI\xADQED\xCA�Y\x92\xD8M\xB2\xA2�\xBF�\xC5D�\xC3\xD6z\xC5AYY�\xB6+3)�xD\x82\xA6`\xF2\x9A^�
-�3\x85�Aߘ f\xA3!\xB8#\x80\xCC\xCEJ8\xBA\xC5\xC8IaA0�\xCD�\xC1\xA8\xF6e\x84P�V\xD5\xF4�)^\x85\xA2\xA3\x82zزR\xC6X.�\xF0jUq\x92 C8u=ؔ\x8B\xC2H\xC5\xD5I�\x9B�\xC4&*\x86`Q\xB6\xE1 pGկ)j\x8C\x9CAPQw\xC3��\xBAUե\xE1
-\x95�^\x8F\xD8�\x82/\x90\x8E:lR\xB2В\xB2�\xB2=;:p\x82��njT\xE1B\x82IV\t\xE5qyiTra�[w\xF2bx \xBA�x\xC5J\xF7˕\x97\xF2\xCD�iV\x9B\xED\xB3Ұc8\xA0\x99\x8A\xAA|1\x9B���Ŕ>\x8BĬ\x8E\xD8�\xCCn(�q\xA4>�֮\xF0$\xEBTX\xD0C͆\xA442�\x98L\xBA�\xAD
-\xAAÊ‘\xD5A�6\xF0\xF5gX\xD2nQ<\x9AK\xD1�1\xBF\x88\xE1+dW\xF0\xF8\xE9*\x93�I\xF7z
-\xA6)\x9C"\x80p\xBC\xC9I?"+U8\xAFk\x85\x9CSc\xB2sڙ\x96\xF1jf +g\xC4\xEA\x9A*\xD1I\xC7\xE4\xB7d\xCDKq\xBBб\xDA\xDD\xD7Raw�\xEF\x9C:4+\xDC$m9u\xF4\xA8v
-cvv\xEC=\xA5�\xF4\xAC\xE3\x95+\x9F\x89\x88�\xB2�\xA2G�\x8B{Ge\xDFU\xC2A\xF9\xD28\x98\xAD$\x8DY\xB5\xB4X-\xA5\xC2}\xA8�\xF5\xD0\xC2�C�\xE3h%v��\Ò\xA0C\xC1\x91 \xAEY\xA7\xEFT\xE0Ra\xFD\xBC\xE7\xB4��\xA2�_\xBCbN44#�Q\xD7$\xB63N\xB9\xB5\x8D}\xE3\xE4c\xF0\x83�>b\xE5K\xDB\xDE_\xF4\xD82\\xF1\xCE\xD4�RN\xEC��!Xi\xF4`\xCF��T\xF5ÂL��M\xB6\xD6{n\xB9\x93\x8B��\xDDm\xE6Z\xD0�\x92+\x87\xF7F\xC7\xF8\xC4�\xC6A�\xBB\xEE+\xE4\xB6Fl}R\xE0\xC4\xDF]\xF03�qu�\xBA\xB74\xBD�\xDAB|\xD0q\xE7\xADO\xD1wT"9o \x8C\xB1\x94�\xBB\xA1v\xC3��\xA1p \x90\x8B\xD63Ê·n\x9BKVT^\x91\x97}d\xBF\x99\xEF\x8C\xC7Bqg\xF1}\xE9\xB8\xEFuȨ:\xB3[�\xDC9\xAEF�\xA0\xD0UnMn\x9CN6;\x97\xB8\xC39\x847\x81\x98$\xAD\xF1\xAEqp\xB5И\xEA\xB2"\x96܆\xD443\xB3G\xFD\xB1\x8A\xDE�Û›|\x9D
-\x80ÂEeud\xED\xC9\xE9&2\xF0-�\xF3pf\xA47�"n}�\xDBqeK\xCB\xC7�\xF8\x8E\xAF\xCB�f�O\x98\\x83;��R"\x8A\xCF\xFA\xFCØš\x91\xC6>\xB83s�\xB1��4\xC7�\xC8\xE9\xC6�\xB7�\xCA�\xD90\xD5\xF5\xED\x92���#v\x80/�\xC6U�\xDEt\xE0\xD7�\x86\xE4ÐŒ\x99\xD3ɺ\xA2\xA3\xBF %($C\xDC8�4\x82Y\xA6\xA8C�\x83\x9BWE�\xBEÞ€\xBEA\x98D\x91<�\xEC \xF7\xB3�\xE8�\xFE\xA2\x9B\x85P���'�"K�\xAD��Qp\x8D\xC4s\x95-�\xB5\xA2\xFCe\x88 \x90\x916\xA7\xA7\xB8X+k\xDA\xDEyc\xE5\xA9J\x99\x9D\xA4f�C$\xC1 �[NlDh\xB2\xE4Q\x94Y̸ȧM\x89�2\xD9� �\x8C\xAB�{cMN\xFF \x97\x91q\xA2D\x9C�\xA4fYD\xF2\xE18=\xC1\xA8\xA8݃\xF7U2\xB1�U\x91\xB8hUl;[�0 \xAB�!\xF9\xFB@)'\xB3\xFF\xAA1Q& ��\x96\xAA\xEES\xFC\xC6\xC40\xF5�\xD9\xE3Ͳ\x83#$\xB6\xAC\xBF\xCC}`BÈŒ->\xE3.<\xF8<Jo\xB0\xB8\xB2Ñ”rPFf7\xDF�\xA1\x8B\xA3>j\xCE\xE0j\xA3/`��\xB7V\x83Ó¯P�|0\x84 "\xA9\x83\xAB.w\xC6\xEDu\xD0\xEENc�\xE1\x96$Ç¡\xCFB�Ý£\x84;\xC6s\xEE1\xA3øI\xAA�\xC5Q [�\x8D\x97\x92 \xBD
-\xFF\xB0\xAB\x95\xDBD~~�u/7\x8E\xEByg*\xD9dڎ5#\xE2c��\x9A:\x9A\xC4\xEAT�eȱ\x89\xB6!ǔ\\x814\xDA\xEAX\xC5\xF8\x86q_\xDB\xF76B\x8D\xB4q\xE4\xA0\xE6d\x99\x82\xEFk�\xC5�\x80sJ_\xB2q\xE8\xDAsG6O!6۩\xB0k\xB0�=~\xE9\xD0�\xDDr\x88\xC5\xED\xCD\xC7b�js\x9E�s\xE5\xEEM�\xF8\xF4\xF9+�ON\xEAw\xE8!\xAD�\x8F\xF1H\xB3\xF9wT\xC6��\xD37\x8F&1
-6/y��o\xE6z\x80\xC6-\xE7e\xF6\xACC4\xE1\xB9#�\xC0\xA9%�ȼ>f[\x84\x81\xC0\x8F\xCA\xED\xA4R\xBE2#�l"\xDAαi��\xD9Yk\xDCiQ s\xA0&\x83u2K\xAEkJ\xEA\xC9�\xC6\xE8\xF0\xD0�\xAC\x8Bt�S\xF3
-"\xB1�\xEA\x9B�W\xCE8X\xE9\xC4\xC9e�׃5\x91��\x87\x81+;t\x86d\xA4p\x87p\xA1�W\xFC&\xA3\xA7`\xB7JÊ«\x9D\xED1T\xFD�E\x90b\xE3I\xF5\xB05zÇ\xA0m\x87\x99.
-\xCDfx\xF8\xA8a.\xAE\xC6�ה�YW'\xB3�UF!n&\x9AW\xCD\xCA3�c�\xB2\xCB�\xB4?\x95kU\xA5\xA9u\xB0!\xAA\xC0�5f�PW�D��\xF8Z\x94t�L#\xBEh,H\x98x\xB3\xB6\xAD,Fm\xEB#}\xCA�\x92�\xA5�\xD2W\xD9��!\xEAнW{{\x9E�vQK\xEC\x9DT\xA80S\x86\x93\xAAT(q+^\x90J\xDC\xE8\xE1\xE0\xB17�J\x95\xAA\xEC\xD4 p�J\xD3�\xA7E/B�\xE0\x94�\x92\x8BM0�e�\xB3r\xAA\xAE\x8EG}ͩ;\xAD f:I\xE5\x92)(ue�)\x8C@ 6W\xB1d+\x9C)Ř�]]K\xB0}�'E\xD1\xDCf(�\xEA\xD0r>ƥ\xC64-n\x85\xF7\xB0xX\x9C\xDAW\xC7p\x93v\xDD\xD1\xF8� ]\x99"\x98\x86A?(/\xA2\xD4^\xF0=\xE3�TV�\xEEУ\xA4\x83\xFF\xABzѵ\xC67O0-\x90O\xA3�\x94*f�\xAFG r\x93\xE6SQT\x88\xED\xC0\xED\xE9\xD0{gŞ \xA6j\xAC.\xAEx\xF0\xDA( �\xA6\xCF\xF6f\x9DKi_\xD2\xE5�:|\x8A\xDFH�\xB5*_\x944&%\x95�\xA8K\xB6\xA0\x91 \xB29\xEA=\xFC,}\x9AT�\xED\xE0\xD4)d\x97\xDE`
-\xF3]\xC4�\xF4\xD5�\xC1WU5�\xE6�M\xB8 \x8DFÒ—\xDA{\x9AFX\xAD\xF1\x82}�\xE5h
-�\xA6\xB6^�S[Û°\xB7\x9D\x9B+CE��\xC3.q\xF6p\xB0�|\xE3\x9A\xDB\xE9Æ¥Q\xBD�\x9D\x88tM\xAA�\xE9 \xFA)TØW;\x88\xD7�W\xAFw<\xDA�\xB86wD\xB0\x8Ek\xE5\xA74ƶ\xFD\xD7�\xFC\xE1\x8Ebc���\xF4\T'\x96\xF1K!D\xB0!\xA4ܯj�U\xFD=m\x8C\xA0\�\xFE%\xBEH\x8Ef\xCE\xDFR\xD7
-\x95��;v,\xF0\xEF\xF4\xFD5\xF0\xED(\xFE\xB3\x9A\xC5G[ \x83Gy\xC3\xD02p\xEC
-\x9A\xF6gMg\x8FS�\xB7\xC8�\xB5\x83\xCApT at 4XJ\x9E��0\xCF:\xE4\xC1;\x87\xCF"�=z�őJ\xC25U2ć^\xEDl2\x9AN\xE6DI\x83�ToA\xA5:i߬!N[\xA4\xEB9`\xEF\xCC:c嚪�j/�\x93R
-\xB3\x9D:�\xB01(-Kn\xBA\xAB�\xC9c\xF1\x93\\xF9\xF28\xB8s\xEC\xE0\xEF\xA5}sl\x91
-\xED\xA7Ï‘Â\xC3b�g\xC0�\xECGG\xB5\xAF\xBA\xF60\xB5\xAF\x8En|1\xCE\xCF\xA0 K\xEA\x98+�\xABQ\�\x88\xF0
-s\xBCXLj R\x87\xAB\xFA-(\xC7<�?\x9C\xC8Avk\xF5>�Oǩ\xBF��]R6</�R
-G�\x96P�q\x9D\xA9\xAE.4\xA5\xFD\xB6@���p\xE6T\xCD\xFCln�7!x\xC1\xC5�^m\x9C6�\x8D\x83��\xA8\x9Dq�\xC8\xD0i\xD9*\xAF�`C\x98�\xBD\x98\xA9ـЗ\xDC�?\x80<\x832\x9C\x88\xEC\xD0��H��\x93`}��deG�\xA2\xF5 \x93\xA1\xF0H\xDA"R2\xD2\xE4�+�\xF8|\xB2\xFC$\xA2H\xD5%yD\xFC\xE9\xDES�\xFD5ꉈ\x8D%\xC3L�\xCF5\x85%\xC08\xCC\xE9\xD1#v�\xA5\x80m\x9BI'GA\x91\xA4\xCF\xD8vm�\xFE\x93tQ\x8A\x9AE)\x94\xC5_\xE8&\xBB\xD9\xE1�\xE8=\x86 1\x89%W\xA3<da8]\yT\x98�\xDAEÎ�\xB5��\xE1�\xF5\x87V\xBAU\xD6\xEE\xD1o\xBAE\xABl�()\xB3�\xB7\x91Qd\xCDV�\x9AY3\xA51Jp\x8F\xE5V#0\x91\xCA/H\xE8\xCB ]ð)m\xC7\xC1ÍE e' \xA5�\xC0V�\x87\x9B \x94B7@\xCBB\xCBZ\xE9\xCEr\xAE\x8B\x8D\x8C\xE7&,\x8FDQ0\xACE~�RMJ\x8B(V{\x989f4�4*\xB3?�1\x82\xB7tm\xC1\xE2\xD45\x9CA3#\xB0Bs\xD6:Tx\xBBJ]ס*\xC4�v\xB2\xA4�2\x99qܸ�c \x92�\xE1ܨ*\x93;t\xED\x95�\x9C\xA7<�\xF3t\xDA}\xD5�6\xF8m\x87\xAA"7\x82\x96E�\x80\xFC�\xE7�.�\xA0
-\xE1\xC1d\xB1:\xA5\xF5\xE84^g=\x93\xF8\xF3\xEA�"\x80O\xB1j\xEEg�\x89�\xAD\xE0\x93#b\x8A�6\xC5�\xC8V�TØ\xBCج\x8C\xF4\xA6\xF4\xCD<fA\xACY\x8EQ�\x88\x8BÖ§V'0\xC8\xF1�"G5\xB8#\xF7E\x85�k\x88�\x8F\x99\x95\x9CQ\xCEMxe(\;`1\xA0l\xE3O`@�z�C\xCDÍ�\xA5O'\x80\xF1�s\xC2Uw\xDC�\xAC\x86\x83\xDA1\x9F\x99�\xF9\xE2�G52\xF8H�\xC4u\xD5\xE1\x92:<e`\xB7\xB9=[\xBB\x96\x97RPY\x9C\x9E&\x85\xA6 at C\x90\xE1Q\x94�\x8C!�;\xD6Q\x85\x82\x8E�\x84\xC1\xB3\xADxqV\xD7P耣\xDC8\xC8\xF3G\xE5
-\xB9�A\xA8\xFC\xD4=�ljK\xEC\x82P� ��O\x95ȥ\x93a(\x85\xA0\x80H\xEDg@;\x95\xE6 \x9F\x9F\xC2V\xC7ЪL\xDAT7qt\xC4\xC86
-u(�\xDE~\x8D`\xF8\x8D\xB2"\xC6E\x95؆:\xEA�\xFE\xF7\x90fi\x8A\xCE@��a\xC2
-\x92F\xED�gtyN�\xA7\xC5�ӋW\xBA86\xAEǙ\xA5�\xC9\xDC!�6\xEB��g\xA8֚�bġ*\xA9\xD3\xFFJ�\x95IYM
-^\xAC\xDEh\xE9Æ\xE2\xBB\xEAaX.\x8E\xABX\xD4\xF8e�\x80�\xF3_\xADU\xB0\xEA'0H\xFA\xD0Ó´]H\xA3\xB2e\xD1\xC1C\xFE=\xA2n��\x87\xA5�=\xB0
-\xAB\xCF 뱑�T\x84\�A�\xA3\x810D"k�w\xE7F\xED낲\xAD\x83(S\xA6�i\xECm1\xCC! ֥\xAAQ\xA6\x90�\xB2\x88:
-$J8\xA9:\xC2{\xBD!�\xB5\xD6\xC1\xC5{\xB2_\xE6�sb\xBC
-�
-Y\x84�\x8D8\xA9!.ɤ�\x90\\xE0\xAFl\xDCM2%�~k;��i6\x9D\x97�\x9C<\xD4I�\xC49�B\xE6I5\xCDYLÉ�_jm\xD5B\x82nkg\xEA-\xB5\xEE;E\x84/�/\xA3#\xD6È°\x9E\xE9-E\xA8"\xF5ɬa\x8AÛ®f\x99W\xF2 \xA2\xE9\xF4\xA6� @\xA7\xA7\xB2il(e�\xD2\xCC_�\xD6eF\xA3\xEA\xCE+F�\xC9�@\x92c\xDD\xF4\xDDDtQ\xEC�\xA4s�\xC1ܳ\x8E\x90aϘ\x92ê€R4\x8E66\xE8\xBF,\xEAp\xF8\x80\xC7!]\x86\xC1\x8F\x8FP:j3S\xD8�\xE9�\x80\x8D\xCBx\xA3v\xF44\x97\xD2k\xA1"\xEBz\x94\xB9\x94>x\xF8s���S\xBB\xE5-\x8D��37�3\x89\xF4-Gtd\xE3�c�\x8C\xDCI�\xD6'\xB8\xFC\x98�m�\xA2دa\xE9P\xB5P\xC3\xF3\x8E6u\xC1^rc\xA8\xCB!`i\xB2\x99\x83WV\xA0�\xE7Ƹ\xCB\xF7\x88W-�f\xB5\xD6u2\xFC\x81\xEC\x8D�
- �T��\xA3
-\x8F\xD5\xE8)5\xC6S$\xE61V\xA2\xC2�\xB8\xC3H\xB3\xB2\xC3\xCA\xC9Z\xC6W�8l\xAA&\xE0\xC6�Q(�\xF8\xD7e\xB6\\x9A\xE0\xE4ț"\xFB2+UM*Kxj\xFA\x8B\x82\xF5Ɯ�\xDA�\x8A>�\x8DEoy \xF3\xD3\xF2\x92\x92\xE4\x8F&\xF8f\xD9�\xD6\xE8\xE9\xFA\x95\xE6\xB9z\x8A�y\x9Ar\xA8\xDA5\x92y ވR\x87\xF2�
-F�
-�\xD3 \xF2Gg8
-\xFE\xC8d\xF3v�e\xA43\xB24
-\xA1\xB2S?\x8Ce'\xA4�tt\xA3d\xBD\xA3`\x95\xF6�_\xCD\xDCN\xD0$Y\xEC,�\xB0@\xDA*\xE10ubLU�4�\x8AI\xA3\xD6X\xD3\xC63\xDD�\xBD�\xA7{\xB6\x9B|\xEA�\xD6*.\xA15\xE2\xB7X \xB7g\xDBIG=v]\x92aq�\xA7il4*�\x80\xD7U\xD4P\xEE\xEA\xAB\xC0Ç\xED�)Û �\xBD\xCA%\xE9MÑ–k\xEB\x9C\xFE�*\xB3\xA6\xC4\xCCQ\xE6R\xE7"\xF9d�\xF2�",Y\xA9\x96\xA0\x95�\x94b\x87\xEC\xA4�5\xBE\xC0\xDB\xD3��:�Þ¬\xEC\x80�8\xAB\xAC�T\xEA\xBB
-I�N?�\xE4\xF3j[׎�\xA7\xC7l\x85\xD7$\xE20q�Q\x87PCR\xC7d>�\xE2��\x84\xD6��\x92�ec�^g�-_�L\x81\xBC\x88\xBA\xFE\xB2N\xD8h*\xD0�\xF2\xF2(\xAE\xBD�Û 7\xC8i\\xB5�\xA5P\x8C\xAC\xE1\xA9t\x90�\M\xA7\xC30+\x9D|\x82*F\xAE\xDE\xD4\xE4*~\x99\xFD\xA8~Xv\xA8�TUl^�\xC3h\x83\xFE\xC5\xFC\xE7%\xAA[\x90\xA6\xFAj\xEE�\xE8Ȩ\x8B���\xB7�\x96\xFA\xA2\xF1c�\xBD\xAC\x99z\xC2k\x82\x97\xD5\xF5�(7\xB6\xB5\xADmI\xCB\xDD]I;�\xC1ئ#\ ~l'�\xBE�
-\xFD��9\xCA.\x95\xFB\x92-w�*\x8F#\x9COE\xE52O \x8AkÖ•X\xED\x95\xF2\x8A�Z\x84\xEFR\xDA G`\xF2\xE7`\xA2BØ”]�/~v\xC6\xC0\xB86\x8F\xDD1I\xE2\xCD\xEB8ix��)\xE0\x95\xAD\x8E\x83\xAF�9\x86ð�\xB9�\xABF\xF0N\xD8\xDCÂ%LiA\xC2\xD4DǪ\x9C\x87\xEC1x\xC3�\xAD\xDD\xC3\xF6ܵ\x9F\x8C\xAB�\x90\xE6\xCBSÞº*LX;\xE0�Å®DÍœ5\xD4Fa{\xA1ƹ\xE8\xA3J\xFER:\xBCQ\x9CN\x8D\xA0�e\xF8h\x96\xC6D\x9AkG\x{1BBE75}\xAA\x9EÊ„\xD0��\xC8rGz\xF7TS\xAA\xF4\xB5͈"I\xFAI\xAD\x92j\xA7�1W\xC8<i\xA5��E/\x9E\xB3 \xFEd\x83#\xF3\xAF\x83. \x84|s\xD6�"\xD6M \xC1â›™|3\xAF"2\xA8\x82 a+\xE1x!oS\xD3}\xB9\x80懕\xB0\xDB�\xA2\x98\xEC�!\x95\xB52\xB4J\xA9*7Š`\xAA\xAF\xAA\x9F�\xC7\xC70\x91nÒ–�\xD2S�� \x82U(\xE7p\xE0�*u�\xA5̈\xFB��:L®D*\xF4k\xAEQ9$�\x81\x83\xA0 \xB3/\xC3\xE9%^�\x9C\x82\xFC\x93C\xEC";
-[E\xF3\xC0h�m\xF0\xC0�T\x93A\xA0\xA7jj\xDA�\xB9�\x9F?\xA4�\x8C\xE9\xB4:I�u�&�\xEB\xA1\xF8\xA0+*\x88\xAE\xBA\x99�BW\xCAf\xC3t*\xADfY\x83~�IT\xB1Сd\xA6[:4\xECFX\xC9
-#LJ\xA4k<F(:\x8A$<\xDFL\x9F\xEC�\xDE�\xB8٨7Hu�*\\xC8a�\xF2X\s\xD8!H\xC8\xF5a/�\x98�\x82Y\xA0T\xFFR\x9F\xAF@\xBBXu�CP
-��\xB9"[\xA9\xE1�'\\xC9\xC35\xE8�\xEC\xFA�\x9B\xB2\xBB�J^\xD8\xE3A\xD5p\xA8�/N\x8F\x82Q�\xDC>\xD7s\x93
-\xA7L\xF0^8(\xC6×*%\xEE\x98 UL|-\x8AGԑ\xED\xADTHu\xB1\xC2\xEFE\xF6ke\xFF\xE6\xF5\xE5\xE6�i�fM\xEE0a\xBET%\xE3\xE7\x8D4\x99b\xA9\x92\xE2l�N\x9C\x82\xAF�s\x95�\xA5\xB4uME\xC2\xCA\xE4\xF0-\x94\xB1j�hM:ǚ\xBD\x9A\xA6\xA7A\x92\xF2i\xDE\xDCLA\x8E𑀀\xCC\xDB
-��#\xF3�\x90w�\xB2\x8E^*\xAC\xE5�\xAD"�S\xFA\x9Cxd\xF2\xE5\xC0\x868\xC9�8\x8FlSq|k\xC4\xCE�\x8Ai\x84.w\xE9\x8DT{3B\x9C\xAA(\xAD=\xEB\xC8\xC2U\xC8�Z6n\xF1\x94\xD5\xD9CҤq*O\xB3
-i\x8EvG�\x9C\xCC��m\xCEÔ£�É“`'C\xF0\xF5&\xD2Ø»(V\x88lu\x94\xE8(\x87"�\xC0�JoO[\x97�@Q(\xBBLň]\x9C#\xDE at QW\xC0�&>\xD5K��QyX+\x834\xC9/\xB9\xD4Y\x87 >\xF1Bi\xC7Vp'm\xFA�:\x91\x90\xD6\xCD�\xDE-\x9D\q,\x9C\@\xDDÔ†\x84=5fhaÍ1\xDB/�\x8B�u\x84�\x83M\xAD-j4�g�\xDAP\xA3\x90\x9Cq\xAD\xC9D3@雦\xA6OP\xB5\x81 A�\xE2Q\xEC\xF2U\xD0 "\x9CJEo|�GI(\xB6K\x96\xCFV\xBFL\x91�\xA2G��\x89"\xD7�y\xA7dJ�\xAF4��\xCF�\x95�U\xDCg$\xC2c2"\xFB\xB5\xA5y��\xBA�\xE6\xB5\xDDf,\xE7\xCE\xD9X=M\xE0\xBD�e\x96\xC7�\xCC\xF2�\x87&T$\xBFÙ‰h\x92d\xADDR
-�\xD6j�j\xA28
-\xEB\xEC!\xADr�\x83\xB9\xF4\xB6�?\xA7\xA0\xB61\x83\xFC\xA5��\x8B\xA9-\xD1\xF3X\xADJ�\x84\xE3�\xD2�\xFB B\xAC\xAA��\xFD j�L��:\xE4\x8CG\xAAF�Wr\xC5E\x95\xBA\x9C\xAB\x8C��u�\xC9P�
-\xAE��\xB4\xA8\xA4\xA3\xA0\xC2,k\xB1
-7b;\xA6\x87\x9Ct\x88\x99]\xA8Y\xA9")\xFD\x89_\xC1X$\xA7S�{�\xCB\xCA\xC1-\x993֔ݗ`�\xED \x8C\xAE\\xC0�\xF4e3\xEA^\xDE\xF4ȵp(`ז�$ \x83\xC94U\x9C\xEE\
-U �/9\xE9\x9D\xD5)\xD9J�\x82&\xA1G\xA4\xEAÌ„\x8C�\xF1]f\xE4\xEEP\x92l\x82\xA7b|W�\xF9�\xCA6�}\xFA8-�\xA1&�\xBA&\xB5bÒ¦\A\x8C\xFB\x9A\xAA�X\C\x9F<�\xAF\xA5\x91c5\xB2�<*(W\xABW�Q\x99X7F�J+s\xB2\x91\xCB65Ç”L\x9E\x81x\x86Z\x83?��@\xB0\xCB\xCFl�\xC3E\xC6T\xD3E\x99\xA7�\x91Ú¡uÈ”y;S�\xA6\xC0UH;[F�\xCD�?\xE0\x8C9\x94Ѩ\xA8\xA0\xC2ox\xD7F\xA8\x9A8Bm�5 \x8FR\x9BT\xA5\x9A=Zm<2�p\xF0�\x9A�\xF1\xBA\x89\xCF\xD0Õ +E\x8D�kg2\x80 U\xAF\xF6\xD1\xE0e`\x94{�\xD8RFN"\xC2\xC4\xE2 �\xA6a0�Ú™|�\xE4[\xEB\x8B)$Ѐ\xBBSxDS*\xDD�\xB3QC\x9E\xF6\xE7`#\xAC\xECiD\x92\xB4\xAE\x9Ej[\x82\xD7;\xA3\xB2\xE5q�\xAB\xFF(\xC6\xCA\xE4\xC3(r\x99uË„0.\xD5 �9[\xF3\xC2�8\xDE�V{�;\V\x99kPye�\xC1mkh\xBBO=� \xA40\xA9\xBE&YUTÖ³7:�D&'\xE8�\xB5{ÑœJXIÔ¨\xB9�VT\xEBH8\xB0\xAAe-Ú¡��jT¯\x96\xB0/P#\xE4�\x92\x9C� �;�\x8Dd:\xE6\x81\xFA"�\xCC�5\xD2\xE2�\xE8\x88\xC5\xF7bÓ¸�\xA7\x98T\xD2/#\xA8\xA2uq\x9D\xD9 �\xDE|\xB3�9\xEB�
-\xA35g\x83\xA3\xA0Õ¨\x9C\xAF\xEA\xDA)\x8AwKp\xFDi.\xDE
-\xD4�\xE1ݺ\xBA\xCFN\xF5<�\xC9%t\xDD\xCE<\x84 �\x80\xEA�
-\xED1LC(/+\xED\xF3"-\xC1\x8D\xAAR7\xC0\xCA\xC1Td\x9B\xC4Z\x8F\x8C�\xAC\xC3u�G�h\x87\xF3�
-k_\xFC\xB2Z\xFEu\xF9k�\xE8`\xD0\xDA"ÖŽt*^92dM\xB800�eख़˺v\xAC\xD9{9\xD1\xDA\xEC41\xEC^\xA0*$\xD9��\x84D\xB76rò ‰Š\xA7\xD1�061F\xC8{\x8EDWw\xE050)\xB1\xA9#B�L\x99 \xE8\xED�gbf\xBD�m\x8Cb\xC0S\xF9[\x9C\xF0\x89�\x8E\xE7\xDAW?�Xt)\xE5\xCA\xF2�\xCC{4:\x8A�e\xA9\xFCש�g1�='G\x99V�ä®ql�,:\xE7\x85\xE4\xCF
-]L\xAA\xE0lz\x8BZ\xE5N˗\xE3\xF4<�\xFE�fthׇ\xC5 \x80\x9Dm�\xB1a\x98\xB8�9\xBDh\xFCZ\x82\xFF\xCC\xEE\xDF\xE7QL�W\xF5�\xA4Q\xF0 mF\xA4\xAELjm\x9C\x92\xE9,\x96*8Q^\xC7V|\xC5ʈ\x82F\xE0\xB5\xEC\xFD\xD4��U7 \xA6JX\x90��NΦo[\x97,�Ę%\xCB\xD68\xB7\xBB\x94~\xA9\xE2�@\xB7�ł\xACr�\x94ی\xE7�o\x8C:\x82\xC3�\xC2*\xC0\x96\x8Ed^X\x8A5\x9AA\xB3Z|\xD3�\xD0\xF2\xAB"l0��;�zn:\xC8�\xFA��
-n\xDE�\xB4\xC9\xCBǹ\xEA\xA1!\xB2\xCB\xC2ЪJKeuY
-\xBC�UZ\x8A\xE4x\xB529αk\xBB\xA4\xB2QR\xE0W7rg\xF2\xEC\xB4\xF1U�2v\xC0|\x90\x85�򴹯^\x9F��\xBE9ەsU\x9B\x87\x83_ت\x9Bj\xF2đ&c\xF9Ta\xE1n
-S�\xC7 \xA4\xF9\x8A\xB8
-SG\x80ݣ�*\x9F&\xBE\xA9%�\xA4\xB7\xB74%[\xB0\xA3\\x88N+\x91A`\x8D\xAE\x80#��\xE1lA\xC9\xC3\xE8U\xF4�T
-c<\xBA�\xBAJ{)\xF0\x91\x97y�\xE3]\x84\xCC%\xE5\xAB:\x94\x97�\xCB�� \x9BG2\xAEC&q\x87�G\xE9�\xC8�\xDF!\xCD3S\x84�#\xB3\x80nY\xC4F-\xF4\x88��\x96gi˶\xA1�\x8B�С$dÒ¸:\xDF\xF1\xE452H\xD7r0!E_\xDA\xEE!a\xB5\xA8\xB9L\xC1�\xA7\xAB\xB0k\xB6\x8B\xEF\xB5\xE9ꮓ\x96�w�u\xE0\xD9�\xDD\xD9\xD6�\xB5\x8Eh\x86e\x96\x9A\xBF\x8B\xEC\xD7I<m��\x8Fa\x92B\xAC\x94j^��\xCE\xFD�6\x99(ߌ\xD8FqP\x9D\xD1S\xAAUÍ\xA01\xB6\x8A\xB20neq\xEF8\xEEÒ‚x\x95;$�\x9A\xA4�I�\xD5\xE0V\xAEt4JÌ…D\xB2�-8�\xB0�rLFY\x8Ex=.:\xB5\xA6b)�\xBDo\xC2\xE6\xC0\x9A\xE0nV1\x81jU�\xE6\xC3�\xEB�\xD1#\xEE\xA0:\xBAѱr3�\x86JP\xF5\xE1OM.\xAA\xF0p. \x87I\xCAT
-\xB8\xA8\xB7$�%\xCA\xC75=\xF0\xA3M\xE9*\xA7\x8E\x8E\x94�\xDF>�\x91�\xE1�\xE0�\xF6\xEBf;%#\x9A\xC60\x8A\xC4d5h\x8F�\xF5\xB9\xD1ukl\xD6�\xDAt\xEBR\xAB);\xE5TW\xE0Q\xECHK\xBD\xB4\xB9p�Ȥ"\xD8qH\x98ì…¿WE �<ʃ\xFEÙ\xCA8\xF6�DÈ·\x97q\xC4F\xE0�\xA9:\xD8UT\xC6U\xE5�\xCD\xCC\xFE\xBAk�e\xF3\xD0�\x9A*\xF3\x9A\xCFj\x89\xB8\xA2U\x86�\x84\xA6d%�\xCA$*j\xE4\xDF\xC84rï\x95\xF4\x9A�\x93\x98\xC1\xDEC\xA1\x82\x83\xBEe\xDEk!w\x9F\x814\xA0F\xD5\xDA%\xBF\xA5\x8BÙ³\xE9̬\x83\xB4\xB8\xC2%�=\x99\xBFv\xCF:\\x87�\xCE0\x9A\xC9x\xEB8\xC6mS&\xB2ÔŠ\x83!\x9A\xF8\xBA\xD3\xFCZ\x9D\xF4�\xB6\s��\xB3U\x96\xE0!16}Ü0\xAD\x89\xA3\xE5\xE1n\xC4dNt\xCEPb\x8F\xE6\xC7sJf\��K\x95B\x9BiN�\xBB\xF6�z`\x83W=\xDE\xCAei\xA3\x9D31\xDCΖ\xE0\xF4��j\xED\\x997:\xB4B\x98l\xB9\xD6\xE6K\xE4\x94\xD5�\x9Bx\xDFÙ•\xEA]\x8D\xB6\xE6<\x9E\xA9�\xB0\xFCpкl\xBE\�\xB9\x9Ea\xB4 ��w4-\x95\xCA\xC0\xCES\xD9L\xB0\xA36�\xEB?5R\xA8s\x98\x9A\x881\xF4a:Sm\xAF\xDCs73\x85�\x9BÚ»\x81\xA4\xC7\xC7�\x8A %\xE7\xC35X\xF5>5�"� k�~b\x93\x99 \xDC\xD3DD\xED\x90:\xA4�\x91\xA7\xED\xBBN�\xCE4/.\x8C;\xA9\x98\xD0\xE3\x84\xE3\xD6\xC1|\xC1oE \x93\vi>\xAC\x90�P#\x93\xA8\x8E!P\xBD\xDC\xC0b\xC0E\xB0ÕŒt
- P\xA3+\xF8\xFE{�\x93#6<E\x9F�<\xC5\xD5y\xA3V\xBBy�qvK\xFB(j\xE6\x8E��\xBD�\xFB\xB5f\xBD\xEBi\xCDJ\xF04!I\x8B4\xA7\xB9<�1\xEA*D-\xF0�\xBBn\xB0E\xD8\xD1\xF9�\xA7�HG\x9F�\x90\xAArQ
-&4�\xB5\xEE\xA0r\x9C\xC4�Q\xFBW
-G\xF8\xE4\xF6}\x8A)�\xBB$\xD0nr\xB3@\xD8)��\xC3�É‹\xA8Ñ»�R!ݹ\x80�-�$;:bl\x85�pc\xEAz'm\xDD\xEA\xCEv\x90:oVw\xEC\xD8<Å¥ \xE3:\x98\xD2}\xB1d�u \xB8\x96!.!\x86\xB5\xC7N-\xF5\x9CÞ8\xB9i\xF2h�\xA1!\x92\xEF-H\xA3Hg~\xFCu\xB8�=\xE2Rf\xF8qG4�f0\xCA\xCB#\xCAf\xB1�\xF3K��\x9C6\�\xD1�\x8B-\xCE\xF6\xB9w�)0\x98\xEB+E\xF9\xA2)\xD2y\xEB�>\xB06\xFC\xA4k\x85�B\x86\xF2\xDEx\xE7�\xB0\x9DE\xC9b\xB7\xF4\x81\xF2�\xEE\xEC7\xD4L?�\x94\xFD\x98\xDF�9 C\xB1N\xAB\xDF8k:\x80\xC3Ô‘\xF18@�Û\xB2\xB5% \x80\xC8\xD4s�\xAB\x88\xC8�\x8E\xECw\xCD\xE5
-UQ_\xE4\xE5\xDB\xF3tC|�\xEB\xA6*\xBF?\xFD�\xA2Ù¯\xBA\xBF&Q\xF6\x9E\x8CO{⬣3椪2t\xAB\xD3\xFD�\xBB\xFF�\xB35Z\xFC\x94�\xFB\xA6\xB1KP3\x95#\x82H|%\xDC^��\xED[\x9B\xE1\xEEb\xFAQJ\xEE\xC9-*��\xC1P\xA2n\xC0�\xC5�\xC1\x9C\xA8��\x83\xB9q\xCD\xE5Zt(\x94\x95\xC5;\xBD\x86\x81\x8C\x8F(\xA0\xF0\x81�\xE3\x9A�a\xD6s\x879\xE25=dG\xADW.\xDB͉�\x99V\xB7 \x87ÐD%J#x\xDC�\xD6\xC41?Xl\xAB\xD3�\xFB\xBBସ\xD1!\xA0\xC2\xD5�Gl�\xCD{Rq\x83y\xD7�9T\x81\xD6\xE6F\x8D\x9B79ȇ\xD9\xD8#"\x9A�1ki"\xCDz\xDC\xC1\xDA�\xFE\xE3\xA89�\xE7
-�_\\x8E7\xE4r\xB5\x96\x86P�\xAA\xB9\xC3O\xDB�\x9AP�\x9E\xB6� 4Ĥ_Ճ\x89\x8C�E\xEF(\xC8P3\xB84\xF1�i\xB7\xA0t\x92\xD7\xC6\xEC\xECh\xF4\xE0i\x98\xE8�$��4\x97\xAC\xD5?�\xBE\xCAQs\xC9>y�X(\xEDN\x92"\x9D\xA2ba\x94\xA2ء\xD9+JX\xF5p5\xD9�i�\xC1\xCAfE+\xFA\xCB*\xCE\xF6r\xC4Ѹ<vܨ%\xC8�0�AF\xE6�`DsA4\xAB(\xE7rf\xB4�nV+\xAB\xF0\xEApo�<.껉s\xC5\xD9�N\xD6[\xDE\xCB+\xD3�\xC3\xCFz\x8E��\x95#\x9D\xA5
-�i8s�\xA7\xA6�\x9Ff/\x8F\xF5\x89\xB8�\x89H� \x96\xE1\x9B\xD5z\xD2�\x99\xC1\x8F\x81�\xB1\xCD\xFA\xB7\xC2\xE8E\xF3\x81>FW�En�\x84jsÑ®g!\xE9\xE1hr\x81\x80\xF6ݪ�\xD8.�׆�\xEB\xEC\xBD\xFB\xEA�Cg\xD5\xFB\xB4\xABg\x94O\xA6X&c\xB2\xBAQWY\xC0\x83\xA0\x96�Ua:\xE5\x95LÊÆ\xB1\xCEV\xF1j�S\x94\x84y\xB4�C\xB7[\x83\x85\xB91\x91i\xDBr�\xA3-M\x9E�\xBE\xDE.[\xB2\xBC
-Y\x8B\x9C\x98\x93�\xBDUcS
-\xBEΟ\x85�1\xCB[��[\xE3\xFD\x9D~\x{DAE5}\xB7\xA5\xA8\x81�\xE1\xD9l\xDC\xC5M\xC0k0�#\xA8\xB5\xCF鋽\x8D\x8E6\xC4e\x9AA\x8E�\xE3�\x81\xF1
-�)e�21\x88-8\xE4o&&�*\xD3\xF3^\x87\x89Z:C7ÝŠ\xE6\xB7Ti\xBET\xA5�e�\xDC\xC4(I�^vn\xB7(\xE4\xA5�
-\\xB9)\xCBH\xED\xCA\xD5\xC3\xE8;A\xAA\x91\xA6\xA9�\xE7�WuKc�\xA1�B\xF5M:\xA5\x84 52�\xA7\xE4u\xA5\xE0k\xE1F\xA9�.\xA6�DC\x84Q\xA7]\x94\xA9B:�0Q2J\xBD�\xBC\xAD0Õ¬$\xF8B\xB01I\xF0\x99\xEA�A\xA5\xEDz\xAA�M�th~\xE5 \x9C1\x8Bse�4Qz\xBB\xC5!\x88\x97\xA7Ó\xB9\x8F�II at D\xEE\x88\xC3�\xFA\xC6sB�zD^yy\xB8>\xDA\xD7��\xE8C7W\xDD�~\xA1�\xE1^\xD2B�6\xF3\xF7FG2 \xE2\x88\xC2s\x87\x86�\xFD\x82Q\x83:�wE�Z6\xB8l\xD4� �\xA2\xE8�\x9C��\xEF\xDEk\xFA\xCFKD�wb\xBF\x96\xC0�7\x96�H\xE4\xA0m\xA1\x8E u\x84\xD4!D�ܶѢ\xEBW\xDA\xE6\xBFF]\xCA\xF4[\xA9�\xE3K\xA9pZ\x81\xA0\xA3"C\x8E\xD8 \xAD\xC1\xF1�P\xAA\xF4 \xB9�;\x94
-\xDD3Ү̎\x8F!\xE8]�\xA1\xA4\xD1;\xFE\"\xC6m\xE2
-oyy7\xC1�"y(\xE5=\x8F�\xBA޳��M\xD5\\xEB\xAFXLJ\xA2\x86�:7t\x92�\xF9!e\xBA\x87<�\x81M\xE4\xB7A\xEEV�\xB3\x94~S\x88Y\xE5��E \xAAj<r\xD9\xC5\xD8p\xAA�\xB9\xA4`\xD1\xE6RE\xA8\x8B�=\xC6-\xA6��$\xA7\x83\xBB\xA0lK\xD3X\xAB\xDA[\xAC\x8AW%\xB1\xEA\x8Dr\x81\xF40\xD5= \xD8\xF6\xC0�\x91\xCCSJp9\xD5\xF5 })\xA9\xA1m���]�\xA4[u!�_\xA8NL\x8A\x82\xAB�V\xD1X��
--��"\xA0�9N�҄p\xF5N+\xA8M\x84\x8BT݃5�4
-\xFF.\x97&\xB7
-ٕ(1W#\x90^ݿd\xF99$\x92u\xAF\xC9\xDD\xF4\xB3\x9D\xD4Čg\xA1\xF5\x91L4/VMQ\x8E\xCD9\xE1E\xAFI]\xE3\xAE\xE9\x89饪&}�\x88\xEF\x8E-�\xAD\x85\xA6\xC2\xED� \xAC\xBA\xF2\x8D\xBA42\xE3\xCA\xD6E\xBB\xB9\x93UT9\xB1^\xE9 \xB9\xA1\x8E$2\x89Q�I\xC7a\xB5\xDA\xD9\xF1�\xB3fx2\xDD\xE6(\xEC�\xF2\xFE\x99!NV\xB7\xF2\xAE\xD0J\x89EC{m(%\xD2\xE3�\xB9'\xAD\xE2/`
-\xE6#\xC1\x8B\x93\xC1\x8B0\x83\xA6a)u.Z��,R���K\xCFN�-u�.O�\x94\xB6\xA5\xA8Z�\xFD4\xE5�\x97\xB9i�"\xA4\xD5v3}\xB8\x9C`�\xBB\xA1\xC6\xFB\xE8\xE3׊\xBCR\xA5<J�\x8ERu��d\xE1\xC6Y1\xBA4\xFBv\xA3)FS\xA3\xE0k\xA9QE\xD1J\xC3�ߵVcl+\x90W\x8DF\xB1De7&Yk\xE2\x99
-\xB9 j\xA4\xE4\xC2<\x84\x83\x96mTmO\xB2 \xB3\xDEs�H\xD9\xE6"Ú¾\xA3\x8EÝ”\xA8\xDA�X�\xBAQ\xB8q{lh?\x88&\xD4\xC9�
-Q\xEC\xFB\xE9�\xCB�R\x87j2P\xA3�jԨ:F\xD4�\xC1\x9F0E\xEA6\xEFm\xAD\xBA)ӦX\xB5\xF4\x99_ߤ\xA8ZPw�\x95\xBB!�N\xB9\xB7\xE92Ԙ�n#ǰ�\xF4[\xA6W\xCCf&\xA9'k\x86\x9AL;\xCFC\x94\xA96\xA3\xA0\xE8\x90$\x8E)\xE6<\xCC�F\xA52\xD6_UB\xB8�\x82��}\xA3ʗ˕\xA1E=@\xFE؀��B!�}\x92\x99 \x979iGP�Y\xDA
-\x85\\xB3$\xD3vo\xAC ԥqf\xC8 \xE0\x99\xD4(\xF2\xDDU\xFD\xB1b\x91J\xB2\x8A\xB9�ʛ�e\xD41\x80҆\x8A\xB43\xEE!V4�\x9AJw+\x85�\xB4\xFB\xD7�\xA6\xF9\xF1\x99\xC3��s\xC0\xFC\x8CX\xB5�Za\xB2\xD4%�^\x82\xC9\xEFQ\xE1\x80h\xA6�\x95\x98\xC4'\xD3q\xDC\xE5j%\xA6\xB9
-m O\xB0V\xF9f2�zZq\xF4T\xFCJ�Z\xBE\x9E�w\xB7c\xED\x9AW\xA3`\x80�+\x90^r\xC2iW\xB4(vs\x85�w\x90��\x9Bט\xC2\\xD3\xC1�\xA0�\x81\x8C�7\x86\x80\xC6<�\xC7�Å‚9\xD2Q\xA7\x8E\xCD!\xE6\xC6\xF9\x97\xBB\xD3�[\xBDu\xDC\xC5D\xD6ÓŸ\xFC\x93\xEA\xF4;\xE3�;͵z\xEB\xF0��Ö \x8D\x9CÕ¹`\xBA\xA7\xAAO\xDEO\xBA+\xD4!y+\x96aϳ~e\x91=\x84\>\xFD
-ɦ\x93\xE8�\x89u\xE7�V\xAB\x95\xDB�u1N4.\xE4\x9FJn\x86\xF7\xB4`5\x99\xE2�\x92.1���\xBA\x8E\xC5\xC8!\xEB\xE1\x8Di\x8Aqu\xB0\xB2\xB2\x87ÜšV\xA7\x91\xE5\xAA�2\xCF0\xDA�N\xFB\xBD\xD1dO^b\xC1k\x8D\xA5\x81\xF2Í\xED\x84�A�\xA7\x90tn\xC4\xE3O\xFE\xE0Ö—u�\xCCr2 \xCA\xD0\xC7���\xCD8j\x89\x92Y�\xEC)\x95Ð’f\xFE\xF1-\xB3C\xDF\xF5@\xA3\x8Fg"-\xD5�\xC6>\xAA
-X�'h\xA3\xC6_��\xF3\xB3\x9A\xDA�_\xC7�
-\xA5\x9B�\xA3\xD2x\x97Ú¾\xE4]\x82\x90\x94<\xF1\xA0�j^Õˆw\xCD�\xAC\xF0\xB03:
-pg
-\x91!\xA3(\x8Db\xE2\xF3\x9Ck�\xE8<\xFB\xF1\xA9\xD1\xCDU\xD4\xC1\xDA\xFCX\xC4`B\xC9k\x9BVhW94\x8F\xD8�
-\xA8\xA2g\x95�\xA1�\xEB�\x897\xE1P\xB3\xC0y\x83\xA2RU\xF0i9\xD2 �\x93ـ\xA6R?o\xF2\xA1\xA05\xE8XJ]\xD3H\xF2\xA1\xF4�8�#4\xC7I؄,\xA6g\xAB\xA6\xE3\xE3\xB1i\xA3\xCB\xC6�\xA1E\��\xA5_�\xB1\xBB�I�\xB6\xC1\xA7\xA2\xC5ء\xC8\xCA.\xDFT\xAE*\xBE�wX\x8CA32\xDCh,�\xEAbp\xE3`\xA0\xE5
-N\xAFV\xF2�E\x8B\xAE\xE26\x92؎��\x92\xA0'\xB5M\xD4w�\x92\xE9֡\xB11.\x8B�ڈ\x9Ag\xAE (\xBA\xF2\x99R\xE6\xC8\xF8\xAA�lǙ\x91\x8C:\x84[\xB3G1\xBBG\x87\xB2�\xF7Q\x8B特E�[\xD3fq\xAA\x91džt\xAA\xB3R\xA4\xC6�\xBA\xBA\x8C\xBA;\xFA\xA2\xBFƚa�\x95\xA0_\xDB\xEC\xFAqH\x8FSh\xC8\xE3H\xA3&\xC8i&Wd\xB0�UE��I\x85H#^V �Z85�&2\xF8ÙiR\xB0�\xD4�'
-\x9A*\xB4 \xD2Q\xEA\x92\xC0\xA8\xA8\xAD\xCD4\xED\x83UO+\xF8&\xC5c\xB2#��\xD8,\xE8Um1\x90;<W�kx\x88\xF4\x89\xB4\xF0\x9B>#\x81�\xF46*\xB166\xCD
-\xB7\x90\x9Du\xB9\x9D* \xB6\xA1\x84\xAA�\xC8}\xB0R\xB6hb\xE7\xC5(�\xB9\xF0L\x96\xB8~~Glk��\xFAF\xE0R!\xF2\x92\x9ETB\x8E\xC1 r1M\xE1t\xA5;\x9Dv�\xD9D\xFB\xA8:\xAB�Dž
-]rƎ \xAC+\xD8G\xC6\xF9\xEAj\xD7\xED\x88\xBD3=G\x91\xD9+�4\xAD\xCD΂�\xE2o.\xE7\x86$�\xF7N&\xB8�}\x91* 4
-;\xD5
-w\xB9e\xAF^\xFB\xE6c\x9E\xB2\xAA|#]?6\xB6\xDA\xF7\xA6\x8Ef�\xC1\xF8l<\xE2PÌ·\xA9\x8D\xBA\xDB\xC5%=�\xA1\x942\xA2V\xC5Tz\x83\x90�1:4\xA0>=\xBA�?2\xF5y{�\xBB\x871\xC2\xD2N\x8A{\xE6\xFDi\x94nguG�`-\xBC\xD9 �d�\\x86\xCD!F\xC98Ò‰nÃ\xC1\x99]݉�\x98(-�la�xtp\x90S:<v\xDE.\xC7!\xB7uc&\x88�v\xACm\xC7�\xB4\xD0�Û¼\x93\xF0\xABq\xA3m\xF3Ñ\xC7\xE1fv%5ϸ#̵\xEFJ\xFC\xDAUWu\xAC\xC0R\x9C\xDE\xF6�z\xA1
-\xCEvY\xDEog\xB2N<�F\xE1L�\xC2\xE5\xCB�v\x98\x87r�a\xE2�\xA1\xCF\xDCh�h\xE7\x8E43\xF4ru\x91t4\x93\xC3�\xE2;\x99�2\xB34B\xEF=N&m�U�\xFF8.\xAEYpdq
-\xC6\xD4�q\xA0Æ™\xB1\xAB�/\xC4|y\xDEhL\x84<\x9E�\xEB\xE06\xF1NE\xD1\xD9{�w\xA3\xECM}xe\x83Ja6�*\x90V\xB4\x93M\xF0 \xFEu\x82=\xD2\xC2\xCCM\xBCr$;l\x9D\x8A\xADH\xF4[�\xBA:>Ûµ\x8F|\xBB\xD5{�\xFA\xD7\xD3ϸ\xEAä½®\xD8=yÅ•'\x8E^u\xDD\xC1\xBB\xF3\x8E}\xFAY'N�<\x{14CCFC};\xB8{\xE5\xDE#\xAE\xBC\xE6\xC4e�\xAF\xBE\xFC\xE8#\x8E�Ü»\xF2\xB2c\xDFw\xF0n\xAB_}\xFF\xEA?\xAB\xFF\xE1]W\xFF\x87\xEB\xCF;z\xF2䱫N\xDCǯ8q\xEC>W^u\xFE#\xAE:zݱ\xAB\xA6\xDF\xDB\xC5i\xECK\xEE}\xE2\xB2\xF3\xAF\xDB{È•\xC7\xF5\xDF��{\xE8�'\xB4\xE5\xD4s\xAFx\xE8\xE5'�\x9E\xF2\xE8U\xDFw\xC0�<c\xF5\x9F��y\xE0\x9A\xD5\xDDo\xF5�\xF9\x9E\xFFß…G�\x84\x83neJI\xE3\x85×\xFA\xCF^\xFD\x8F\x87\xAD\xFA�y0�<\xE7\xE0\xC5�r�/\xA3�~\xF8\x80X\xECN�9\xB3\x90Q\xEC�8\xA4\xFC�Ist)\xB28\xCD!.n\xAF\xA2`\xC2�u^\x9B\xA7_g\xF9_;\x8B\xB1\xC9�ã¿“\xE6"\xD5\xC9\xCB_�\xB47X\xE9\xCC4\xF6\xF8\xF5|'\x9B\xF7\xBDs\xE0\xC7WS\xF7c\xE2\xBAg�l\x8A\xFC\xD9bv**\xB2\xB8\xD4\xF85�\xE0,\x8D\xB1\x98��\xF4�vN\xC5?P\xA9\x80Å�x��#\x8F�\xE3>Ö‡n\x92�\xDC\xD9~\xD74\xB7\xAD\xAB\xF3\xD4CT%\x9Fco\xDFw\xF0\xF4\xF3O^uʼn\x87�<\xF5\xF0\xE13vw\xAF\xD9\xFB\xE1+O�\xA5\xDFN+\xCE�<\xE3�\xABW\xFF\xC3�V\xC7b?x\xE6\xEA\xBF\xDC\xCAv;\xF8H\xBA*�\xF3\x960?\xFF\xBDesm3\x9B5\xD7��\xAB\x8DJL\x8DÙ q\x97\xE7�eßš+j=\xD5/F\x9D�q�4\xC0\xD4Ì»C@\xC1\x84\x8C\xCA�\xB7\xAA&=���\xF9�\xECn\xE7ߎyM\xA3n>\x83\xDD�\x87�b\x9F\xD8\xE1\xCBWO\xF0\xD4�\x9E8qt\xEF\xD8e��z\xD5\xD1Ë®8\xB6\xDA�\xBC!
\xFB\xBE\xE9�\x94\xFF\xE6\x9F?\xF4 \x89Ѭ,}\xFE\xD7C\xF8�\xBES\xBD�Q{�\xDE;\xF0\x90\xD5\xD2=|\xF8\xC0>{Ѕ\xFF�mP\xD7\xF0n\xB4z\x81\xAB\xFF\xA2\xD7\xF7P\xFE\xF7i\xC1\x93\xDB\xFEH\x8D l|\xA8#\x9B\xC6r$\xDC1S]s\x87W\xE45*\xA4\x97\x8DJ\xD9�\x8D}P\xA3PGϨ\x9E\x83·�l\x94d\xFB]�\xE3�
-\x9B\xF2\x94$\xAD\xCE\xD0\xFDÍ„X\xA9\xB1W\xF5\xE7!\xB9G\x98\x8F�'\xAA\x93厊JM\x96\xB3\x96FT\xBFt\xD3+\xA4FaÔ¥\xD4R�\xD9\xDEU\x87\xAAHP�\xDB\xF8\xA6cMZY\x892|Ö\xC9\xDA\xC8\xD0\xD91�r2\xDE\xD8[�\xD4"\x93\xE3PE6Ú“\xD8\xD4)\x9BS�\x8C\xB5r�\xDEZ\xC2�\x84E\x91\xC6n#\xB4jY\xC8\xD6\xE7'\xA1\x90\xB7�\xCC6ó »€s(\x8DZ\xBF\xC3yÓ‰\x9AÞ‹\xCEp\x9B\xEA5\x84\xAA�\xD1�(\x9F�\x99\x88�Qr"\xA3\xCCC(\xBF�\x99G\xE0z\xF1\x80\xD8P\xEE\xAE\xEA\x96\xE2\x81\xE4\xC3{RK\xF0\xC0Þ°\x89R\x8C\x94\x91\xA5�9E\x87\xF3\x9FÒ°M�9\xB8\x81!\x8Cb\x91\x8C�\xC5n�Ue\x87V7\x82l\xD5\xF0\xADDX�b\x9B\x86(j4g\xC5~ �c\xD6\xC0�+�IcO�p\xA1{\xC4��\x85�$\x99�f)��Ò¢�\x9B\\xB4;+\x82\x93�Cd!s\xEAJ\x8D!\x8DU\xA8\x99\xD8+kPQgZ_q\x86\xC2\xF8\xC2�\xC8,\xBB\xEA5H\xA3×€F�\xBA$i\xE4\xB2-\xF1 \xD3H��\xB3�{\xF4�I"\xFA}M\xDFU;�\x88Tx\xCA\xC9
-N\xD3+%\xE0\xB5d\xE4\xDB\xE0�\xA5\x9A*\xC8\xFF"uF >Q0 \xF7z&\xD9b9`\xED0�\xE4l�F
-\x98sV\xFC�\xE6r\xC2c\x95iU�\x80\xFF\x88d\xC3A\x82"J\xDD:\xEBV5�t\xD07G\xD5�1M#T\x91~\xA2\xE2I_\xA1X\xD1{\xD5!\xAA\xE9\x83(Ò‚\xD8?&\xCAR
-v\x8A\xC1N{'~[�\xAD\xF7\xE2\x9C\xE1U\x8C\x96\x8C�9B8\x9CD\xE1�\xA3�\xC8гW\x9At\x88T\x8Cl,\xF1\xB6M\x8D�\xDEÔ¦\xB5OÔt7�\xFDT\xD3\xD4 ZZ��\xAF\xAA\xDDN\xD6\xD7�\xFD\xD9\xFC5\x8F[1\xAE\x9F\xEE\xA2o\xBD�\xC1^\xACݳК\xC9\xECLTD\xBC�y�}��\x94\xD6\xF4!\xAD\xFC \x90\xD6JQ1IM�\xBBC(\xB0 Mq\x9A���9\xFD\xAD \xD1\xE9н6\xFA�g�\xEF\xC3�Y\xDD\xEC\xCF\xDA\xE5T\xF7\x90�\xBA\x9A\xF4\xC6:\xE6\xB6\xEF\xC3\xDC\xE7\xD7\xF3\xB8F!<\xDF\xC5H\xB1\xD3=�t �γ�!\xF6Õ´\x9D[*hp\xE3x�L\xD1\xDFt\xD6(\xC4e\x9A7\x8C nK\x8AB\xAA\xBA\xAE�\x95`��\x80(\x8B|#�\xE9I\xB7)i#t\xE9\xBD(Vr#\xDB��\x82 �N\xDF�\x82\xE5\xC4H\x8B\xB6\xA6E\x9E\x94R\xF5\xB8V\xAB3\xFD\xA2H\xECQ;\xCB\xEE\x8A\xF9?F\xED\x98�\xE53<�\xEB$\xAE�Us\x80;\xBA%D\xC50b\x93�9Õ¤\xD41\xDC�\xC6\xC2\xE4_\xB7\xB8\xF6k%V\xD6q\xA1\x9D \xF4\x94r�aq�\x84\xDA\xD2�\x83\xE5N(NxT�Þ©Õ®\x8E6��y\xDE� �B\xAE#�g=\xFBi\x8A:|11\xEBq�$�^Ò–{.\x9A?\x9C'X\xE6{Æ“È’�\xDA|nE\x84\xA4\x97\xBFV%\xF6\xE5\xFB(z2n\xBC=Ú¢\xED\xC1%�\xF8sÙ·\xB5UA�\xA2Û²\x84\xA0ȵXod\xF9\xE2&F�Ç¥-k\xB8i&v\xB1\xE2\x9B"\x95�\xDF�\xA5N\xB6~I]C\xEC\x8B\xEF\xAE��\xE0\xFA�J�\xD4\xE6\xC7Lb=\xB1\xAF}\xF9]I=\xE6=\x82\xB2^\xB5\x85\xCD�\x85\xE5\xC4K]\xEE?\xE4Ö²XÒ¼S�Þ¼\xB8-\xFB\xDA~\xBF\x9E\xC7
-\xDB\xEEb\xEC\xAE, �l/\xEEP\x95\xAD\xAAi?\xED\xDA]\xF9\xD4\xD6\xF7x\xBA`(my��\xFA\x8E\x91\xE0\xF3\xC9\xC1\x95�\xBD\xE3\x9C�\xE6\xBD�\xDF�\xA7\x92\x87 14\xB9\xC7\xF9E@\xFD\x90\xB7\x9CvtAW\xCB\xF2l4\xEC\xFD|\x8A\xEE\xFF8\xE9\xD7i\xFD\xD7\xCBq\xA7\xBB([N\xFE\xB5{\x8E\xF8\xF5\x96\xD9m<�\xE4O\x83\xC4Ú‡a\x82\xC6�јFc\xADh\\xD4_\xB1r\xA9�<\xDEj\xA4\xB2f<:6�\xA6�`0\xFCÒŠbxXk�\x8B\xAB+\xCF\xD2\xC24\xE3\x804Ì°Ù\xA3Ð \xF7mi\xF6Ij\xCE/\xECC�\x85\x91
-\xDB5c\x9291�X5\x99\x9Eä°ˆ\x98\xECd\xA4R\x94T
-E\xD7LZ\x8A\x92\x8A\xAE\xC7d \xB3�r\xCDKS\x99b\x9E>m1\xACɓ\xE9\xC8\xE7\xC0�'O\xA6Ը4\xD8ɋ\x91ڶ5\xF3\x9Ee\xA0\x91\xF9\x813й$\xC7/\xDD�J\xCAD\xE4V&�\x83ܛ\x9E\xFA\xD2!!!z�\x8D�ׅ\xF2kR\xA7\xB7\xE6\xE8\xD0orkK\xB7\x88Fs\xF0\xAC\xE0 at QZG)G\x96\xEEV\xE7Ҟ�\xE7,\x80ppe/uxqPFO�4\xCF�\xDAD\x9E\xBF\xB3�U�\xAAj&\x98\x83\x88\xC6`\x8D�jD\xCFV'8 ?$Ů\xB9\x90\xE1\x8D\xF6
-\xE6\xDD5ßµ\xCF\xE9�x\xBA\xF4\xDAE&w\xF2\x89\x99
-1\xF9M�\x9AV\x8E\xB9\xEC\xF0\xB7i\x8D \xFF\xE9\xE4\x993M^\xAE\x9B~|\x9F3&q&\xEC\xC3� g\xA6\xE2\x94lP\x8D\xA1&\xC2\xED%\xA1]Ë\x96\x8D~jD6xÖµo\xBA\xFBg\x94l�\x92"\x9B�,\xCC�>F\xAD�X\x8B\x89Ї\xEC�\xE1�\xE6W\xEC~�g\xE9\xAC~\xD16\xA32\xB4m�?\xEC�\xC3!\xAEHu0G\xB4\x87 $Ó–\xD8�mG\x9AE�\x91$j\xD4\xF8\xB0\x85\x9Cz\x87\xC4\xC8Z|\x8A:�\xC15E\xB3hG�1\x95)\xEEż\x94 \xB4eS\x94\xACs\x8E..cj\xD4��\xA9C\xF4\x8D�Q\xF48E꨹!R\xA7Q=�Ôº�F,\x89\xFFq\xA3�i\xC4�-\x94��\xE15\xB6(\x8D
-\xBF\x96(\xE4\xDA/�\xF2ik\xCA`}\xEC"\x94 s�8
-�\xEC:_\xB4H:wy\xDF3\xBF\xD0<\xC9<\xCAe\xC7\xE3\xC8"\xD56?\xBA,\xA9\xC4\xE9\xD1\xE9c\xCE\xE3p�/$\x89Ù½|}I\xBC\xA61�^v2�\xDAiY$\x83ÄED>H�\xF3JF\xFA"J\xE9\xE4\xB42)\x9F\xE3R_\xAEc\xF2\x9A&b\xFB\xB1\xEA \x9C�\xECr\xE0O����_�Q\x98f?/d\xFD\xF6\x88+�Ô \xFA\x89�>\xCD\xF153\xE2<ΫX?}\x96\x89\xC5&�\xCE7?\x93\xC4\xEA6C0\x9D\xEAf2Ì•�\xA8�\xE4*\xBD,{\x9D�\xC9f\xB0\xEDRwF\xAE K\xF3�\xE0\x91v\x96\xB5�;.{\xE2\xB6]\xEA\xFEL~{^\xEC\xCF�=\xEF\xC2׶\xD8\xF7\x99g?\xAC\x9D�\x94ÛžP\x9Dr\xA6h\x87SI\xD6q\xFA�j\xC0g;\xEE\xE4 cn\xFD\xE1d\xF0\xD9X4у�\xCF
-\xA6/A?\xD4\xE5\x91˺ \xD3\xD6V\xA5\xAAM�@\xE7\xCB�\xF82,\x8A IuT\x98̛\xC8M\xCFCx\xBD �\xA4\xE8\xC1\xAF:\xEFU\xD0j;x\x88\x9E2\xF9\xF6d;�\xFD�k\xE1*#\xF0b\x88hL\xC3\xFBL\xC4,
-\xFE5\xAC�5Ixذf\xC0\xB0\x8Ej\x9F�PkG\xB0\xA3\xB8�\xB5\x8B\xAA\xB2\xEF-\x8C(\xD6>�~\xB2\xC3\xD4\xE4b\xAD)#\xA7U㌅�\x8D\xFFUM9\x8E^\xBA2
-\xA1\x86�K�\xEA\xD9h&"�\x8BG4\xAAA\xC9\xC2]\x93-g\xE6'�\xE9\xC1\xD1m\x86j\xCD\xC6\xEA>\xCCZ\x96g\xED}�B\x8D`\x8A\xF0\x82+\xD8\xCCe�\xF6*\xFAp�\xD7T\xA6]\xE3|�\xCCi\xB7\xFE\xEBոqc\\x95\xE3ټ�\xE8p,\xEEy\xCB\xEC\xB2\xE0\xC66\x9F�=9\xBF\xF9\xE4\xB6>ch-\xEB�9bC\xACu�QBdY\x89A\xB2\xC0\xF6�!��
-\xD3/\x9A|a�e\x94ɇ\x91m\x92`\xEDJ\x94\xCF>L\xD1G\x8A\x95\xBC\xEFc6\x87\xA7\xA6\xF1\x9D\x99kD\xC36c\xBDSG\xAAjM\xD5�B\xDD.��\xF3F'\xA7\xFEY�\xC0\x96\xE1\xCCQ\xFA\xA1\x84\x99gy\xE5Ph�D\xD8G̪\x98\xA2\xC2\\xECP\x82j\x80�m\x93^\xA0\xACÆ‚G\xD2XS\xD4�l�\xC03f!�*c\x9E\xFDs\x88\xC6GU\x86e\x8F�\xBFV"I\xF1Ï“*\xA51\xD3ˆUh\xFD3%\x95\xBA\xD4\xF61�\xAE,\x80`Xm\xC6�C�~v*[1\xEA\x85 j] ^A\xC1�\xF9�&\x93\x87*9\xA3\xA6×£W\xDC�\x82{D\xAF\xF8.\x94\xC8N\xC3W\xDCÔ§?\xDF\xF2\xCB}Æ”\xF0\x99\xDC\xC1\xD0T\xB3`�w\xA8{oa9\x99Y\xB1Hb\xAA\xF6�\xFC\xFC�\x82Ý…\xE9@!8È\xEB\xA1Dn\xA4B\xEF9\x94(\xAF?\x98\xDA�Û€\xA9n\x8C\xAB\xA4x[\xEEB\xDC�\xFEu�â½·\x94\xD0�\xD0X\xED\xC6ZÙˆ\xC1Nx�\xE9H\xE0ee\xB197\x93\xFF;�\x9B\x87$\xD8(\xF1\x99\xEF#\x82\x8Da\xFD\xAE\xA3\x9C�\xCB9R@\xBA\xB4\xB5\xA7\x81\xF0\xF5ƳC\xB0{\xF1\xA4\xA3I\xF1.Æ…q\xB1q��r_\xBCo�\xE7�+�\x91\xFC\x8Du\x84\xB8\xFFbÕ…i\[\x9FH'\xAC\xAD\xE5`j\xB3\xD3o\xF7�u\xBE\x87\xE9k
-B�\xB2\xFC\xF6\x8C-s\xFEJ \xE0\x99\xF1x\xE6oÚƒÕ•\xEE�!L��Ä€\xBD\xA2A��:\xE8q\xA2Q\x94d�\xF6=lC\x9ClsP\xB6\x81\x945R~\xEBÛ›%�\xE7\xCDp�J�\xDB椇\xB4\xDCd-M9\xED\xC8#\x9D9m\xDD#\xF7\xB9\xB6ÑD\xE9t,\x8C\x94\xEAt\x80\x8C�\xEC\xDAq3Òµ\xD3\xE14\xF2\xBA\xD316\xB2\xC0k\x87��\x92\xB6l'$.�k\xD3#�\xBA\xF2lr\xF5\x88\x93\xD7\xCFÚ•�\xB5\x9B\x86\xC8Rè°°Y8\x9D\xDD3Ì“1�\xC6�\xA04�\x89\xFD�=\x85y\x84}\xE7a\xB9\xEF\xE5\xF54K>\xD9H#\xA7\xBEf#\x8D�\xFCd#\x8D\\xFDd#\x8D\xCC\xFE\x9A\x8D4p \x93\x8D4��\x93\x8D4\xF0�kV\xEB@#L6\xEE\xC0-L\xD6\xF0 9\xAC\xD9\xCE��1Y\xDA�<1\xD9\xE4�j\xB14\xE0�.c\xB2\xF6�\x82c\xB8��\xEE\xB1\xE6C�p\xC8\xE4:
-�\xC9\xF0\xB1�\xE4d\xCD!� \x95\xC9}�P\x96\xC9\xD1�\xC0\x975\xB7p\xC0d&'r j&ws\xC0o֜\xD3�֙\\xD9�뙜\xDE��Zs\x91�dhr\xA8�\xB8hr\xBD��i\xCDQ�\xC0\xA5��\xA7\xE1\xFF�8\xD4Z\xB0``\xA7Fda\x80\xAC\xA6 Ād\xAD\x85+�\x80k
-n�\xA8\xD7���\xC0\xB0\xB5\xA0ɀ\x91M!\x96\x817\xB3P\xCC\xC0\xA6\xAD\x85m&$\xDB�\xF2L\x98\xB7��\x9A�r\xCB\xE0ф\xA7�\xA1\xA6 y7\x82R\x86\xD2[�\xB0&D\xDF�vMؿ��\x9B\x90\x82�\x8E\xEE Vh�7mT\xE2u\xABC\x9F�ݰ\xA5\xB6!\x91\xAD\xB0C\xAE\xABqA\x8E9\xEEm\x
-\xCF\xE8\xF1\xEB\xAD\xC8Ç©Ú’'\xDA,�9Õ¦1��\x88\xFB;^\xADr&s�\xD8G{\xAC Fb\x96\xB1\xF9\xC1�?�]\xAA\xE3\xC1\x82\xE7.Ivss\x82\xBBc\xF6k\xE3O\xC2\xF1��Ó+#\x97\x82�]@B\xED\xCC�\xE5Xma�
-T\xB3\xF9=/Ì¢�K(+\xAD\x811C\xB5\x85Y4|\xBD�\xDDt]�\xFD�\xE8\xA9\xC7\xCF�$t9\x91#\x8B\xE9k\xE91�J\xBB<M_\x95M)\xF2\x9E\xECK\xED^ X&\xA4f\x91O\x87\xC2\xFF\x93| \xEF Q\xF1\x97(K\xA1�J\xC1�\xBE\xDA�\x80 \xFF�24V at Fs\xF2\xF6\xFDKBЉ�\xB7u�xÃ\xBCË\xAA\x8A\xDCX7�sh[k\x80\x9Fv \xE9h\xB3�\xCA\xD3\xCArT\xF0PS-1.\xF6[+\xD3K\xBE\xD8��Qjw\xDF\xEAȵ\xB4\xE5\x86� V�\x8CÉ™\xBC\x88�\x81\xB6N�s\xB5r9\xBEÑŠ\x9C�\x91\xA9\xEF��g\x8B�y\xF8\xE9x�\xD1xM\xC0\xAD*[#E\x93\xCA\xE2|�\xDA�J\x8E\x99Z\xB4:\xB8\x8B\xBF�\xB1\xCF�\xC45\x8A\xA4�\xDDA0\xD1k\xD5>f.RW�n\x9D\xC4\xFCÕ®\xEEO�)(\xECC\xD9M\xCC0\xC8”� \xF0\x80A�`$\x87�L\xC0;\x87\xA4\xD9\xCD\xE4\xF3Â\xF0Z\x92k�6��9K8ulHt\xAD\xE5YC\xD0jÞ„n\xC2g\xD3\xE5�\xD1[\xAE\x9A5\xB1\xEE\xB5yÌ“$
-\xB3\xA2w\xC2\xF6ȘdsI\xE7c6{4z\x94"\x89�XlQk\xFFrm~a\xB2y\x83\xD2\xC65\x93m�\xDD�\xAB\x8A+K�{�V/\xB8\x8B�\xA9\xF7"�\x9A=�ֻ\x8D\x89̳\x8C\xC2
-\xADim#_!\xB7\xCAj\xB1\xCD\xE4I\xF6d\xAB\xA1W*S\xFFj#SVMƱx+]\xF9Sa�\xA7\xBE6��ǚǟ�\xC0�\xBC\x89t�PX\x8F�\xD3�zn�Ó˜\xA7H\xC1× \xB9\xA6\xDDݳ�\xE0\xD6\xE9�tpC\x94�\x91A�Þ \xBDB\xB5@\xB9\x95\xDEfOf\xE5�)@ª$\xB3�\x8A7\x830\xB1�"�t
-`\x9C\xE0\xC0s�\xA5\xE3I\xE3\xABVJ\xA8\xAD�\x99gI
-\x9E _\x94\x98\x86Jx\x86\x80�团CQ\x8C\xF2\xDAH�K\x9A\xB22
-uA�L\x8Ek\x8B\x8A=\x8E\xC9\xC0Çš?\xE9�\xEC\x95\xEB\xF0\xE50\x83\xA8Ua\xA67S\x93\xABÙŽ\xAE&\xE9\xC0\xADÓ˜\xE7\xC8\xEE\xB9�m(\x824\x84Ð\x8Bz35\xC3\xF9d2pnS\xF8��׸\xAE\xF7\x97fS\xB5NP\x99\x9A�\xA84\x84k\xAAp�Õ„\xD0[ 0\x8CU\xEB\xA7��k! 2\xA8��\xA2*
-\xC8
-]\xD7g1Í\xBC\x91�\xF4�A\xDAF\xA55\xB3\xF2(\xAA\xAE�\xCD
- ]\x81�0�_\x86\xEC\x9B\xF0Æ„e
- at kB \x93�0\x80\xAB\x8AÕ¬ad\xF3\x8C\x91��q\x81\xECs\xEA\x8B \xB2\xAF�dy1\x8By\x86K\xF4\xEBP�\xA6\xE0�p\xB5M\xF5\xCB�\xA8\x9D�\xBA\xA8\xF5H�\xA5\xF4�\xE8\xC52#p��\xC3C\xA4\x80Zrae�\xFC$J\xD4S\xC2�\xFB�k��b\xFC�D�\xC1 at f\xDE\xE8\xDB6\xA61O��\xEE\xF5)V\xDD����å¶K�
- �m6o\xB0\xCAw\xB5\x98\xCD�\xF4\x89i\x83Ml\xE3!Q\xE1i\xAAk\x8F\xB4\xAA�\xB2endstream
-endobj
-954 0 obj
-<<
-/Length 53114
->>
-stream
-x\xF8\xEBÓ˜\xA7\xB8\x84\xAE�Éžu�\x8C\xB6-)\xAA%�\xC4\xDB�_\x93\x9A\xDAÍ¥\xDA4�\xB3X\xD8�+-\xEB� mT\x86�\x9F`\xB0]\xFC\xCD\xE5\xA2\xECJE\xBDX\xBE�\xF3\x98&\xC9I\x9Bf\xDF\xFA\xE0\x93\x91\xB4O\xC5ÎF\xE6(\xAD\xED!L\xCE\xD6�v\x9C \x9D�\xA7*\x8Bbu\x82�\xDB\xD8�\x8EpdЖ\x98\xC3:2O\xCD\xF6\xA0f\xDC\xE6\xCBY\xCCS\xA4\x9A\xF5\xA2{;\x8B\xFD\xEEY�(Wp at 0R\xABwl\xE2\xADj\xA3jJ\xF5\xB68\xFD)\xE5Y\xBD�\xBD\xF4hC`w-q\x8A\xE3\xD4X\xDE�@t�\xF4\xF5}\xE2wÞ˜\xC6<GK\x92\xE2\xE4ݳ[\}pV\xDA\xE3q7\xAA\xEC\xCA'z\xC6\xD4W΄\xFE\x929 \xA6\x9C\xB3ZÚ£b\x90\x93\xAF�\xC8F�\xE8\xE1t\xAA0gχ\xB7t$\xA5\x8D�G=
-\xD1\xD0�\xA3`s"\xF3,�d0Ԇ�rֽB\xF5���\x99\x8C�V�L3\xBAC#\xA5X\xBCJ\xCB�\xCDC�E\xEF\xCF�"c�Қ�vH1�\xA0\xD10
-^\xC6�\xA4\xA5u\xB71\x8Dy\x8AK\xFC\xE4\xB4X\xB7\xA2-\xE9J\xB0\xC8ac\xF3
-6\xA08'\x8B\\x86\xA8\xB0\xDF
-�\xA2\xB9|f\xA0�ږ̖\xEE3\xF4�u\xD0YH\xE0\xF0\xF7\xBE\xC3F/�`m�\xCB)6E\xF3\xA9S\xB3g�,O\xA9.P�\xC4�P\xE0�\xA9V\xBEA%\x97\xCCb\xC0L\xB8\x9B\x84\xB2@$\xD2dy\xA18\xD1GC\xFFx\xF0A\xF8^gyd\xEF"\x98�\\x8E6DJ�£qm"\xF3,�D\x8C\xE0\x9F�\xC9\xE7\xD5:Q\xE8f͆OJ\xE0\xE8\xE8\xCAN\xC2\xF8$P&1\xA8{w�!{\x8CP\xF0\xEBQ\xC4��� \xBD\x89
-
-\xDE�\x8AÒ\xB3d\xD8P\xAC%׊!L\xD7ym�\xF3$\x97\xC0\xCEIך\xA0`Q]k\xB8\xA2\x8C�˨\xBA\x8F6K\x95\xF9\xA5[\xCCn�\xB49\xF3\xCE�\xDD\xE0\x8D:h\xBC\xC2�T7~X\xBF.\xA1�\xFA3?0;\xB4\xCFÖ¼1\xC4\xDAD\x96\xB3\ÃŽ\x8EY2y9�\xE5\\xC7P)b|S\xC2#\xCC\xDD�a\xA5%l\xAF)\xB4\x95s�\xD2X�\xD4`52F\xC7eh�\x80
-3\xEA\xAEH\xB6\x8B\x98Ö°\xC3w\xC8;\xF3�\xE1\xE0\xD6i,\xE7�\xF5"\x8D�\x8E9Bɦ�\xCD�c�\xA3\xC6�\xEB\x80\xEE\xD6�M\x8Ed�+w\x93_�\xD1]C�y�\xE8\xD6�\x8D0�$n\xED\xD8���\xBFY�\xC9:\xAF\x84\xE6�\x9Cvm\x86c\xFA\x8A.\xD5\xF0\xF5�\xA1Vx\xA9�k�\xEE\xEDƆ9�\x86\xD7n\xB1,\xB1\xB9U%L�t\xE6ƦbV�\x9D\x96kY!?\x85\xB2\x8FLw\xB7 \xDCn\xC2g\xD7ๆÙ\x81\xBC\x8B n\x9F\xBD\xE4�\xF66\x86\xDF�\x88\xBB
-\xB2;\xE5�dN\x90�\xE5z\x89\xE9ŵ\xA6*\xB0 at ML\x8Fj\xF0�/p\xBB�\xE06^B�\xDBz\xF9\xBA\xB2$@\xB6Mo\xB9\xEE\xF1ֲ(\xB1\x8Du�q\x854J7\xC6J^\x9D
-�l\#D>9\xE2<\xEE\xB06\xE8I�[\x84\xFA5%\xF1Η+s�W\xBCZ\xC7I\xEF�\xB5�݄o\xB2غ[\xA7\xB1\x9C\xA3\xD2s5\xAD7�s,�\xDA\xF3\xD3\xDD\xF0�\xAA�4\xFBx\xA2\xDE"%\xE1\xFA\xBC\xB85\xB2Nޢ!\xE5'(2\xA9\x8E.v\x9FM\xE0\xB2\xE6\xDA\xF9&l\xFB\xAAM\xE5ئ\x8D{m�\xCB9\xC6\xDC5�\xC8\xE4\xE1c\x8E\xC1'\xBDs\xD70E\x97\x9A\xEA� \x84\xC8�\x91ה\xE6Z\xB9F\x97\xE3\x96b \xCE\xD0\xDDNhy\xE7!\xBE�2�:�\xF3M(\xC9*';\x93=\xE7\xE54\x96&�\xD8.\xBD at q\x86I\xB1:\xFBU\x85\xA2°#+!j\xA28\xD4 \xF3\x9C
-\xF3\xDC\xD34Iֹ\x94\xB4\xB2\xF2\xF8\xAEa\xA9ͦ\x80:\xE3�\xF2\xBA\xE4�p��\xC7{�\xD6F&B\xAC\x86\xFF^Nd\xABy\x88\xE4\xF90�{+\x86\xC0\xD6B\xB8&\xE6\x8B&\xCFC\xB1Y
-\x90\xB8/\xDFCEV\x94\x870�\xB3
-/:\xA5\xF0\xA3\xD9v\xAB�\xA2\xC0\xE72�^\x92=\x9A�\x82ݢ\xF76\x84\xD7��\xF8~c"[]�`%\x86\x9D/q�\xC6J\xB4�G$% \xA0\x83\xE6I\xD9\xCEw
-j\x9E\xA4\x8Ed\x88\x9C0�\xFC*\xA5\xCF&\xC0F\xE8\xFF!R\xB99\x80A&\3u�\xCC\xC7\xE6<\x96\x9Ewl]\xE1 at 9M~\xB7\x9E �4R"2v\xF6\xBBÂ’ \xADcc,+Ú‰S�#4�\x85r\x9E\xD0N(\xEF#\xC2}\x8F!P\xE48\xA3Z\xE3xFQ\xA8\x96�\xEC�\x81\xCE�\xF5\xFAH\xA0\xACOb\x9E�\xCAI�\xCFÕ†\xD2�G{�\xDC\xEA�W\xED�\xF7�Rr.\xE4�lk&\xEFa|\xACW \x99I\x8Dyp�R2@ \x8E\xF7E\xBCn\xC7\xC7.\x91\xB4i\xE0n��\x99#Ò \x88X\x9F\xA5`\xDC*\x862\x8C\xDB�4\xDC\xFE\xD09�\xC4\xD4\xF9�\xF0T�\xA1c\xE7\x99gpɵ\x84Û®�\x8E \xA7\xC2`\xF4P]\xDD�\xA1\xBA |\xB7\xDF�-^\x8Du2\xC2\xEE*�\xCEk
-\xC1\xED\xE2C\.>\xBAA \xFF\xF3R�'$\x8FP"�vB\xD0\xDCYc\xA8\x9Az*R*+mN\xE6��\xFBҺt}\xCB�\xBA\x827籙\xA6\xB6$
-\xB0b#\x89\xE2J2d\x99\xA6��\x83V�\x9C\x96\x91w\xC8P�\xAFk\xAC<Yr\xE32\x84\xEE2�\xD9˺\xF58�u2\xDCl\xDEz\x8E\xD8\xED\xADu\xECX�\xBB\x9F먵\xEA}\xC7؆o[\x9B\xE1f\xFEÚ²qk\xDBo��\xDF ض��n_\xC0\x9C�.\xE8i\xAB\xE54_\xB1m=j[�7em�\xA7U\x9B\x81v\xC3v\xCF#\xF4\xB5\x83as�\xCB\xEC\xAE\xE6U\x81\x85�\x89OÅ—L\xD57\xF4\xB9Æ®\x8D%\xBB\x81dz3f\xAA\xEA\xA1!Z7\xEC\x9DG"\xB7 \xD9/c\xEC\xB4IS\xFFu�U\xACJ\xA5'\xD0;\xB5\x89x\x80n�D\xE4vצ\xB1\x9C\xA3f\xC8׬�Χ\x8F#\xB9 #\x8F\xBD\xBCY\xB0\x8A\xD3\xF4v\x8Bq�\xB9�0N\xD7>'\xF5\x9Dw\xB0B4B\xCCI\xF6�\x83#\x8D\xFA)\xC6\xF6�\xB5-\xC0+!\xA8mX!\xC1\xA0\x88k�Y\x82��\xEC \x9Bk\xC0-r�j/t\xE0\xFE\x86��F�\xC6�z\xBD�&hÞF\x80\xDE�`^�űD��\x81-_\xE69� \xDB1r0\x82\x81,&�7FX\x9B\xC66�\x8D\xC2W`B��\xCD�.\xC4xÃŽ\xE7��n�D\x90\\x90\xB2;\x8D�=F0Ä¡\xD4'\xB0a\xEE�\xA1)\xF2*\xD8�\xEF\xF3�\xBAÛ°\xC9^\x81\x96\xA9R\x86\xB4 2\xAE\xCDbs�2H�\xFC\xA11Ñ�\xC6,{3c�\xFB\xB8OA�\x86%�\x9B\xE1\xEBU\x87\xF0�\xD2bÅ\x85\xB3Ç°&\xB8j\xB3
-mu\x82\x9DQ�\xCC\xEE"\xD6b\xAE��Dk\xF3\x98\xD7\xED\xC0\x96\xA9g;&\xE9\xF5\xBAiq3\x8AYK\x84|F\x9B\xA8\xBB\x90s\xED�\xEF�p\xB8\xC5�\xAE\x9B\x9Eu��6 \xD9j��Y�\xE4\xA5*\xFA
-\x9F{s�\xD3$'\xF0\xDF�=\x99\x91\x82�\x8B\x981\x85�\xB5X�;�\xE04\xE7\xA3Ҹ"�R\x9Dq\x94\x8E\xB8 _j\xD4W�\x81\x92M\xBC\xE6L/iP\xD0�\xBA�3\x99q\xA0\xF3\xF40\xF5\xFF\xB5�zϻ\xEAʽc'/?v\xCD\xD5�\x86^p\xF4\xFA\x9BH\xC8Kj\xA5Z\x86�Wo\x87 4DúZoP\xF4JV\xD4\xD0\xFDj%f\x91\xCEIR\xF3p\xED�\xD1 f\xD0{#\xC6\xD5V\xB2\xA8�\xB3!\x9C\xA5Q$\xCC=)\xDA\xE0\xB0`��\xE6[\xF5
-�k\xCE1'Qn\xB7F\xE6\xB9\xCE"\xD0�\xEA'N\xE1%6|\xA4\x99\x99\x968\xC6�\xA5�\x82\xEE\xB5%\xA9Y\xAF"\xA4#\xF7�\xE0�7s\xC3H�]\x853آi�\\xC7Y\xEA�JP\xE5s9\xC2I\xCFS\xC0ϫ\xA7&\xE47,\x86\xDA$\xD6AB\xC6\xCAuM@�\xCF\xE6\xAE\xCA\xCE\xF6\xA0\xF0ke\xF4�!iId\xAC\xB6\xDB\xE8\x96w`\xD4A2@\xA1$2%\xC1I\xFC9TDgY\xFF}\xD5��'\xA0\xC0\xA0\x90ܗ�\xA4(V�rU\xBA{\xF5\xDB"A\xC0\xAD�\xF0\xF3\xA2\xE4;W^�R\x8Fo\xAE\xEB\xDD\xCA\xC6\\xBC\xC3\xDE\xC4�);�\xCA \xE3\xBA܂\x96\xD2\xD1\xCB\xCD�A�\xC5g\x91B\x93\x96*R0\xA6\xA2j\x83_�n\xB6iU\x82\xBE��U\xF1c\xA4�\xA8%PR\xBE\xCAo\x868ƪ\xFC}Sc\x92\x95{X\xF5D�W\xC6H\xD1\xC6nJ뚎\xA7R�bGX>-:\x85\xB4\x82\x92B��\x8E�V\xA2�\xB1`E\x94\xE5�\x{3B9D28A}\x96\xECON\x95
-��\xA1�O\xE4�+\xE3Z���\x96\xDE�\xABo�⠄\xB2\x81yb�ϋ[*!\x8B\xD1%\xAF\xC59\xAB\x85�(\x8C\x9B\x967\xB0\xFA\xE6k�\xF4S\x95i\x91\x92r\x8D\xE0\xF9)-[t\xA6C\xC8\xDF�\xC3U�mҫ\x87z-nV\xEF!\x9A�"eU�\x83U|\x94\xC8\xEE!%�cJ<�d\x80]�Tw\xF9\xAD\x97$\xD0!\xC1\xEE$A8\xD5\xD3&\xEA;�b.\xFB4\xE8\xEFS\x81h"d!E
-�0X\xB0\x91\xC5I�\x87#lB\xDD\\x91Q#\xD3�\xF0�g\xCA^+�Q\xD3`S#\xEFor}k�\x9B�\xAB\x8D8(sG%\x9D!_Xe\x9FU'E\xAE\xAFÄ®M\xAA\xAAL�\xA3&T\xEB\xB1gHB�\xA5\xCC�Ù®ryCQ S\xB4h \xBC<R\xBE0\xC83\xF4\xA8(��\xAA.��EKB*\x98\x8C\xF4\x86<2.× w�rXk\xEB�� \xF9\xB5|\x85\xC5��3\xBAo��[�\xAF�R\x82/\xF2uØ›e\xF9L\xF98\x92y\xE9ed�Y\xCBW/\xE5
-\x9CjgDc\xC5\xF5\xACi0\xBC,\xBB\xFE\xF2a\xD1\xD1�\x9Az^\xA8�(\xA3\xEC\xAE\xE24a\xA5V)U#YZ\x89�,�(\xDE.f3ȹXȖփ\x88��aܑ\xBF/"\xD7"\xAAx\xEAZ\xB0<\x98_�&,۬\xE5vzW2@\x95x oD\xBA;N7@\x8APN\xA9\xC6m\x80y�?�\xE7\xCE\xF4S֑Z=\xF7kue\xD4�\xFBb#\xCC�BK\xBC�\xB5\x96\xC5 \xEF \xAFm�ɵH\x8DO\xB4\xC5G\xF9-\xE9\xFB\x89\xA0o\xEEC\xEA؃x)�\xC5�ʰ*疲\xC5�3 \xB8\xF1�\x97\xAAe�\x8AJ0\xAD�\x9D8\xB6\xB2^\x9A\xEE.9tD\x94\xB6\xD8?\xD7\xDD�
-\xF6\xFE}�i\xE8\xD5\xCELR\x8C\xAB\xC7Éš8\xABk\xD2\xE1�\xA1�@\x87'\xAD\x9A\xD5\xC6}\x90\xAB\xC1�?\xF4\xC0!\x92\x87'P�\xC5�(\xE0\x94\xBDh\xCBQ�\xACvT\xE8W\xF6\xDAb�\xA5\xCB\xC3{�~|uO\x87�o7IO\x9F\xFF\xFD\xE0\xE9\xE7^y\xF2\x87\x8F\xED^y\xD5e\xAB[\xBE�{\x9F[o\xE6\xF4�>v\xF4\xF89GO^uÅ£\xD8H=r\xC6Yg\xEA��\xF0\xE3W^\xB5']j\x9E\xAEl\xD8Ë®|ȱK\xCE8\xAB_\xB2\xBA\x81\xF3O^w\xFC\xD8%㲓�K\xC6ç…—\xAD=\xC4\xF0e<D\x90\xDB\xF3\xFC\x8B\x9A\xC8\xFB�租s\xF4\xEA\x87\xF3\xFF\xF2�O?|\xE5\x95\xC7�\x9E\xBAsʼn\x87�\xBBLn\x90\x99\xED\x85Øž\xE8\xECWvu\xBE\xE4>W�?vw\xFC�\xDB\xD8?|\xF4ê•¥\xBEjZ]j5\x973\xC5\xE8\xBF×±k\xAF\xD8=\xB6zB\xD7�\xBC\x90Ü\x8BI\xF7\x82pP<I\xAA'`[\xD0w\xCD�\xAC\xA6 \x95��:\xE8W\x87\x8E_\xB5\x85\x83�^\xFE\x9F\xFBK~ \xFA\xD7\xF8\xEFf�&\xAC�\xFAD\xFF\x9Bn\xFF\x8E|\xEF\xF7:z\xF2\xE8\xDD�\xFA\xD5J\xAE�.<\xEB\x9BN\xF9\xFF\xFF\xA1\xFE\xB7\x9B\xF3Z7\xE7ž\xEAf\xBC\xD6\xD7~\xCD\xCDw\xADo\xBA\xF9V\xEE7\xDD\xEE\xB6\xDFps]\xEB6\xA7\xDE\xF1\xBF\xDDL\x97\xBA\xC5i-\xDE\xFEf\xBA\xD6�\xEFy\xD6=\xEFx\xF3\\xEA;θ\xE0\xE2\xF3\xDA-o\x8EK\xDD\xF6�/\xBA\xE2á—œ\xF9]7ǵN\xBF\xE0\xCAG_w\xFC\xBCSo\x86K}\xC7\xD9\xC7�\xFF\xB4'\x9D\xFC\x91\xBB\xDD�\xD7Ê—>\xF6\xD9\xCF\xE6\xA3.\xBC�\xAE\xF5\x9D\xE7\x9E|\xD6
-7<\xFB\x91�\xBC\xF3W\xFEZi\xF7\x89/\xFC\x85\x97<몳o\xF7�\xBF\xD4\xEDwN>\xE7�^q\xC3S\x8EÕ¯\xF8\xA5N9\xEDA\x8F\xE1+^\xF6\xFCG\xDF�K\xA3?\xEC\xE9/y\xF9\x8B\x9F\xF2\xB0#_\xF9Gx\xBBs\xAEy\xEEK_\xFA\xDCk\xCF\xFD\xEE\xAF\xF8\xA5N9\xF5\xC2\xC7<\xFF\xE7_\xF8\xC4�\xDD\xE5+\xA9\xD5\xEBz\xDCϼ\xE8\xB9\xD7\xDE\xFBf\xB8\xD4)\xA7?\xF8\xB1\xCF{\xC13N|\xFFW\xF4"j8�\xBA\xF8'\xAFÞ“\xAF\xF8\xCA.\xF8\xAF\xFEj\xFE\xAF;?\xF0\x9A\xA7>\xEB\xA7/K_\xD1k}\xED\xD7\xF2\xDD\xF6̇?\xEE)\x8F9�\xBF\xA2\xD7\xFA�\xB5eÒƒ�\xF9\xB8G]\xF2%\xAE\xF5\xFF\x81\x95z\xE0�_\xCF\xFF}\xEAy�\xE4\xD5�\xCE_\xC9k}\xE3\xEDn\xFF\xAD\xFC?ns\xCF�í¸\xE4\x8C[\xEF\xFB˯\xFE\xB2M\xE2[\xDF\xF1{\xD5H;\xF5\xECK/\xBF\xF4\xBEß³\xEF/\xBF\xE6˵\x88\xBF\xF5N\xFEn:\x95[\xB6\xF3/y\xF09\x87\xF6\xFD\xE9W\xFD\x97y\xB1;\xA4\xBB\xFB\xDB\xEA\xFF\xBE\xFD=�p\xF1\xF9\xF7\xF8\xEF\xFB\xFE\xF6\xEB\xBE\xF1˺Ø!
\xC3�g$\xDB\xD8\xEF|\xE6��\x9D\x93\xF65پ替�\xF3\xFB\xD6\xFE\xC8Y\xF7
-\xB6�n\xD5\xCE\xFBы\xCE\xDC\xF7\xFD\x86o\xF9\xBA\xFF\xFA\xA5½\xCF9猻}\x9B5\xDC\xE9̋/\xBD\xE8\xC8�\xF6\xFB\xFD\xD7~۷\xFFWgv\x9Bx\xE6y\xE7\xFFP\x9F\x86\xBE\xF5\xF7_p\xD9C/>|p\xBF\xBF\xF8\x96[\xDF\xEA\x9B\xFFk\x97J\xF7=\xFF\x82\xF3\x8E�\xFA\xF6\xA9\xED.\xE7�{ĕ\x97\xDEw\xBF\xF3\xF2\xEBou\x87;\xDC\xFA[\xFE+\x97:\xEB��\x9E�\xBFX
-\xB79\xFC\x90k�{\xDD\xC3ι\xD3>\xF4\xCDw\xB8\xEB\xDD\xEE\xF4\x9Fv\x9AV\x97z\xE0E�\xBCo\\xDB'\xDCÅzÚ³\x9E|\xF5�\xF7[ \xB7=\xFD\xEE\xDFÚ\xFE+\x97:+\xDDf\xAD\xFD;Ͻ\xE6\xD9/\xF9\xF9\xE7\xFF\xD4ŧo\xFF\xBBo;\xFD\xF0\xD9\xF7\xCE\xFF)\xF3\xE7V\xF1\xBE�\xD8v\xA9SN\xF9\xC1G<\xEFW^\xFFÚ—=\xED\x8A{niw\xBE\xCF��ݯ\xFF'.v�w\x9F}.uJ\xB8\xFC\xF9\xAF{×»\xDF\xF1\xDA�\{\xC1]\xB7\xFD\xE9�Ϻ\xE4\xF2\xCB�з\xFC\xE5>\xFF|\xCF\xE1\xFBÓ¥n\xBB\xA5\xEB\xBB.}Þ›\xDE\xFB�\xF1�oy\xD9O\xFFȶ�\xF2\xDDg�;y\xCD�\xF7\xBF\xC9�\xEBm\xEF~\xBF\x8B.8;o\xBF\xB7\xFB]\xFF\xFD\xD9?|\xEC#\xFE\xCE_|\xCC\xFD\xB7x}\xB7\xB9\xF7\xC3�\xF3\x84G�\xBB\xD7M\x9C\xD8-\xD3\xCEE�\x9ES\xB6\xCDj\xF5\xCF\xD9\xCF|\xDB�\xFF\x{DCDF}\xFE\xD8_\xBC\xFD\x86G\xF4-\xFD?x\xFCI\xD7?\xF5\x9A�\xDCD\x87\xF0\xD4\xFB\xFE\xE8\x83�\xF8�\xFB\xED\xE7g=\xEB�\xF3\x99�o\xFC\xEC?\xBE\xEF5O~\xC0wl\xF6�\xB9\xEAY?\xF7\xBC\xC7]rÓŒ\xA0\xDB\xDE\xF3\xA2\xDDKw\xF6\xDDaϾ\xFE]�\xF9\xFC\x8D7\xDE\xF8\x89�\xBC\xE5yG7_\xCBw>\xF0\xA7^\xF0�7<\xF5ag\xDC\xE2\xA6\\xEB\xB4�\\xB1w\xE9\xBD\xF6y\x82\xA7\x9C\xF2C\xCF\xF9�\xFF\xF0\x85Õµ>\xF5׿\xF5\x82\xDDÍ“\xD3\xED>\xF5\xA5\xAF\xFC\x85g\xEE�\xBE)׺\xFD}/\xE45GÛ¾\xFD\xE7<\xFFw\xFF\xE9\x8B|\xAD\xB7?\xF7\xE2\x83�\xDD\xFD\xC4s\xE9U/\xE6�\xFB�0\xFD��\xFC\xE8'=\xF6K8t\xE7\xFD\xDC{>\xBE\xBAÔ\xFF\xFE\x817=å¾›\xDD\xF7\xBE\xEE\x86W\xFD\xDAËž\xB6{S�\xC9\xDB\xEF\\xFD\x8C\xE7?\xFD\xC4\xDD\xF7\xFD\xC1E/{\xFF\xBFѵ\xFE\xF9\x8F\xFE\xCF\xEB6\xF5\xBD�z\xEA+^\xF3\xEA\x9F\xC2\xC57\xE5�;\xF4\xE0'\xBE\xF8\xE5?\xF7\xA8\xC3\xFB\xF5\xDF\xE5\xE4k>\xF0\xA9Õ¥>\xF7\xF7\xEF~\xD1\xEE\xF7nt\xDF\xE3'~\xF6U\xAF{\xD5��\xB9\xB3e\x85n\xFC\x93�\xFE\xDC_}\xFD+\x9Fz\xEE~\xFD\x87\x9F\xF2\xB6\xBF\xFD�=¿|\xE3�6�\xA4S�\xF4ä—¿\xF6u\xBF\xF8\xCC\xCB\xF7}�\xB3\xC5z\xF7\x93/y\xD3;~\xF3\xA5W\x86}~\xFB\xC0�~\xFFc\xAB\xA5\xF1\xF9\x8F\xBE\xE7�\xAE\xD8\xF8.�\xDE\xEF\xBA�\xFE\xDA�^\xFD\xA2\x9F:\xFF\xE0>\xFEU_=\xFD\xCB=�\xFD\xCAw\xBD\xF7\xF7\xDF\xF8\xDCK\xB7G1�]\xFD\xEA?\xFF\xF7Õ´>\xF9\xC17?\xF5\xAC\x8D\xDE\xEF\xDF{\xF6/\xBF\xE1
-\xAF\xBC\xFEa\xFB\xAEB\xF5D\xE4\x9F3�\xFB\xEA\xF7|\xE0�\xEFy\xCD�7G\x!
A2v\x9E\xF5Nz\x84_\xFC\xF8�\xFC\xE2\xF1\x8D}\xFE\xAE\x97>\xE5�\xAF\xE3kV\xD3\xDA7<\xF6\xF5\xB3\xA5u\xF8 \xAF\xFF\xA3\x8F|\xF4C\xBF\xF7KWo[\xB5w;\xF1\xCA\xF7\xFF\xCBjZ\x9F\xFD\xF0۟\xBEq3\xA7^\xF8\xF8\x97\xBE\xFEͿ\xF1\xCA/\xF1q}\xED\x81\xD9\xD0:\xF2\xC4\xDF\xF8\xF3\x8F\xF2_?\xF8\xDB7<l\xCB\xC5\xCEz\xC6[?\xFC\xE9յ\xFE\xEDO~\xF5\xC4\xFA\x9Eq\xA7�\xF9\xA9\x9F\xFD[\xDF\xF2\xBA��u\xEE\xBEV\xDD7\xDEb\xB6\xB3�?\xE17\xFE\xE2߾\xF0\xF9\xFD\xC0[vs�\xBA\xEB\xDE/\xFD\xE1\xC7W+\xE3\x8B\xFF\xF4{?s\xBF\xB5\xBE\xEF\xBA\xFF\xA3_\xFC\x86w\xBC\xEB-\xBF\xFC\xB4/�+8p\xEB\xFF}\xFA\xB7�\xFC\xA9\xD7\xFD\xD9\xEA[\xFD\xFC?\xFF雞\xF9\xA0\xF5\x83\xE1짿\xF5C4\xAD\xCF\xE4\xED\x8F\xF3k}\xF7\xB8ꅿ\xFE;\xBF\xFF;o|\xD1U?0�\xD7}\xB2o\xFB\x8E\xDBM�\xB1\x9C\xFC\xE5\xF7\xFD3}\xAB�}\xDFk\x9Ep\xE6\xFA\xB4~\xF1�>F\xFB\xEE\xE7\xFE\xE67\xF6֧\xBC\xFB\x9C\xD7\xFF\xEE\xFB\xDF\xF7?^\xFD\xD4���\xE1\xAFZw\xC9n\xF1]\xDF5M\xEC{\x8E\xDE\xF0\xEE\xA03\xE3\xD3�\xF9\x9F\xBF\xF4�\xCBWv\xD6\xD3\xDF\xF2!\xDA3n\xFC\xDC߽\xF9\xB1\xCBy\xDD\xE1�O|ջ\xFF\xEC�\xFC\x8E\x97\x9D\xBC\xC7h\xDDp\xFFny\xC7;\xCD�\xDD}\x9E\xF2\xE6\xBF\xE2�?\xF9\xA1w\xBE\xE0\xE8\xFC\x95\xDD\xE5\xF8+\xDE\xFBO4\xAD�\xBF\xF0\x8F\xBF\xF3\x9C\xE5\xBE[\xAE|\xC9;\xFE\xECo?\xFC\xC7o~\xDE\xF4a~\xF5\x86\x8Ft\xABS\xEF6\x9F\xC1\xABe\xFD>z\xFF7~\xF1_\xFE\xFCן4/\xEC\xFB\xE2.n\xBC\xF1_\xDF\xFF\x8A�-\xA7\xFC\xC4׿\xFF#�\xFB\xC8\xFB_\xF7\xB8#\xA3q\xF1\xE1\xF2?\xB7\xBE[\xB8\xF3\xB7N\xFF~\xDEs\xDF\xF1\xB7\x9F\xE1'\xF5\x8F\xEF\xF9\xC5�\xC3\xE6\xBC\xD3\xE5/\xFD\xFD\x8F~^\xAE\xF5\xE9\xBF~\xCB\xE3gc\xE3{�\xF2s\xEF\xFAп\xFE\xFB?\xAC\xBE\xF0i\x83\xFF\xBA
-�\xE9\x96w\xABa\xFE \xBE\xFF'_\xFB\xA7|j\xDC\xF8\xA9�\xBE\xED\xFA\x8Bm/\xFF\xC1Ǿ\xE1/>!\x97Z\xED�\xEF\xFF\xA5\x9F\x98\xF6\xD7ÕŠ\xFAÃ~\xE6\xB3�}Ï‹/\x9AF\xFA\xC6
-�\xE9\xC0]\xE0\x9Eq2\xB1\xBE\xF7؋\xDF\xFD\x91\xCF\xF2k\xF9\xD8\xFB~\xF5:\x8B@\xDD\xEF\xB9\xEF\xFA\xBB\xCF\xEA\xB5n\xFC\xCC\xDF\xFD\xCE\xCF��+\xE7�\x8F{ß\xFF\xDB�\xBF\xF8\xB1\xF7\xDC\xF0\x80iZ\xDF>?.} \xF78\xFB\xCC<\xD9�\xF7~\xFC\xEB\xFF\xF4_db\xFD\xF6眧\xADw~\xF8/\xF2w\xAC\xFF|\xF2\x83\xEF\xBA\x!
E1\x84\xEDE\xF7z\xF2\x9B?\xB8\xFA\xF0\xFE\xE5�_r\xC1�\xE7\x9Bn\xF7\xDF�\xAC_\xEB\xBB\xCF8\xFF\x82\x9D6L\xF0;]\xFA\x82w\xFD
-\xBF\xB1/|\xFC}\xBF|\xE2.\xF6�\xFF\xF2\xDF\xEDR7~\xF1\xDF\xFE\xEA]/\xBB\xF6l]t\xF7y\xFA\xDB\xFEf5\xE7O\xFC\xE9+/�\xE3~\xC3w\xDC\xE9\xBB\xE7m\x82\xFE\xF9\xCE3~\xE4\xE8%\xF7ocᇫ\xE5}�\xFF\x82\xBC\xB1\xB7\xC0\xA88\xE7Y\xBF\xF5\xE1ÏŽk\xDD\xF8\x85O|\xE8\xF7~\xE5I�\x96\xB5s\xE63\xDF\xF1w\x9F\xA3%\xF3\xA6y\xC9\xDC\xDEå»®\xF9G\xB7\xBC\xFB\x85\x97�\xDF=gZ@;+Û–W\xF7�>\xFA\x9E\x97^\xCEf\xFBw?D\xBF\xF11\xB3O\xFE\xDD{_w\xFD._\xEC\xBE\xCFz\xE7GV\xD7\xFA\xC2?\xBD\xE7e��\xBB\xE1w\xD4#g\x845c\xFB\xB4�<\xFC\xE4UG\xEF;�\x9DC\xC7_\xF1\x9E\xA4\x93\xFE\xC6O\xFC\xC5\xEB�\xCB�A8\xF1\xB2\xF7|\xF4�7.\xFE\xF9\xF4\xDF\xFF\xD1�\x9Fw\x99\xD3kÑ|\xEA\xAF\xDE\xFA\xF4s\xC6�\xFB\x81s\xCF\xFF\xA1\xBA\xF4\x8F\xEEx\xEEî{\xCCÉ£\xF7�\xEB\xE3\xCC'\xADv{�\xEE\xB3\xFB\xCE\xE7\xB0\xEDQ�\xF1\xF2\x8Dk\xDD\xF8\x99\x8F\xFE\xF1\x9B\x9E\xF3\x90\xD5qp\xD6\xF5\xEF\xA4g\xB8z\xC1\xF4k\xD7�\x9B\xD7=�x\xE9\x83\xEF\xDF�\xAE\xE9m\x8E�{\xF4\x93~\xFA\xE4\x85\xC3Ƹ\xF3C~\xEE\xB7\xF9\x83\xFE\xE2\xC7\xDF\xFB\xB2\x87\xD2'\xE6\xAExÉ»\xFF\xFEsk׺\xF1\xB3�\xFD\xE3_\xE6\x8F\xDDñ”³Ÿ\xF5[l\xF1\xDC\xF8\x99\xBF\xFF\xBD\x97\xED\xC1\x96\xFFo\xFD\xC2+N�\xBB\xFFi\x8B\x89\xA5�?\xFA\xA9\xCF|•S<<]\xF3\xAA\xF7\xFF3\xAD\xF0O\xFC髯\xA5\x8F\xF6�?\xF6Ü·}\xE8S\xEB׺\xF13\xFF\xF0\xDEW=\xE6>+G\xE9m�\xFE\x8C~&\xEF|\xE1�Ø—O\xBF\xE0Ä£\xAE}\xE8Y\x8B\xA3\xF3.�<\xF9\xB4\xE7^\xFF\xF8\xCB\xEF5\x9E\xED�=\xF3\xED\xFCן\xFA\xC0o<\xF6\x9E\xD4p\xF81\xBF\xF6\xFE\x8F\xAD?\xC4U\xFF\x87\xDE\xF5\xA2\xAB\xCE;\xFALl\x95_\xA4S\xF62\xDD\xD9\xEE|Þ‰\xC7\xFE\xF4\xA3\x8E�\x9E\xF7\xDBÛy\xFC\x89\xCF\xFB\xD9g]\xF7\xA3Κ\xEE\xFA�\xBF\xFA\xC7\xFFJ\xEF\xFF\x83o~"o\xA7w\xDA}\xC1o}\xF0\xDF7\xAE\xB5\xDA[^\xF3\xD4K\xCE\xFB\xA9W\xFFÉ¿j\xC3?\xFF\xD9o^\xFF\xE0;\xE9\xB8�\xFCÓŸ|\xCD4,\xBD\x8D�{\xCCs^\xF8\xB3O9~\xD6H\xB2\x9E\xF3\x9Cߦe\xFC\x99\xBF~Ë“\xC5\xE6\xBC\xE7\xA3~\xF9\xF7?\xF2é‹}\xE2/\xDF\xF4\xF4sO\xB9\xF0\xE7~�_\xC4\xE7\xFE\xE9\x8F^\xFB\xD3zÊ–\xDD\xC7]\xFF\xEC'\xEE\xDDw^\x8B\xB7\xFF\xA1\x9Fx\xC6�!
_\x{11C7FC}x\x98�\xA7_\xF3Ú¿\xFC$]\xEB\xADO\x91k}\xCFEO{\xFD\xFB?\xFA\xD9\xF5k}\xEACoy\xC6Y\xA7�~\xE2oâ¼¹\xF13�\xF9\x9F/ß“\xA7x\xE8\xE2\xC7<\xE7g\x9F\xFD\x93�-\xAC\xFBt\xE9\xE3\x9F\xFF\xA2�<\xF9\x8A\xC9�\xB8\xE0\xC5\xFF\xF7\xC7y^z\xADSN\xBB\xF4\xFA7\xFE\xC9\xC7\xD6/\xF6\xE9�\xBF\xED�g\x9Er\xD7\xE3+\xF3 \xBB\xE5'\xFF\x9F\xB7^\xFFcl \xDC\xFE\xDCk\x9F\xFD\xA2�<\xE5\xA1�'\xE3;Ϲ\xFA�/\xBC\xE1\xFAk\xCE��\xF1\xDE\xCFx\xC7\xEA\xFB\\xBD\xAF'\xDDK[N\xBB\xEC\xF9o\xFEÓ\xAD-\xFC\xCF|\xF8\xADO\xBB\xCF)\xA7\x9C\xFB\xEC\xB7\xCB�\xBA\xFA\xE7\xF3\xFF\xF4\x87\xBF\xFAh^P\xA7\xFC\xE0\x89g\xBD\xF8%Ϲ\xE6\xDCE�<^\xFA\xF8\x9Fy\xD1\xF3�\xF7c\xE3!�z\xE4�?\xF4\x99�\xFF_\xF6\xDE;Ê«*M�\xFE\xFDug\xEEw?ׄ^=s;\xD8]=\xDD\xDAtO�'�u\x99
-P��\x87 \x88\x81\xB2\xA8�$CQ\xC2EP1\x91d\xA9\xA8\x80\x80\x81\xA5\xA0b \xE3RA\xC1,.��\xC4 \xB2�\x80 \x88\x84\xA5 \xA1\xBE\xFD\xBCa\x9F\xF3��\x85hßžo\xCD\xE9\x99\xEEb\xFF\xCE\xD9g\x9F�ß½\xDF\xE7}\x9E\xEF\xD6?}\xCD�\x9A\xE4\xD5M{\x8B_\xB6\xF7\xD3\xE7\xAE7\xBB\x9A\x93\xAExD{��\x81�\xA6]L\xD3P\xD8o\xE2\x9C{g\]\xBCE:\xFE\xBC\xFA\x9BfN\xBF\xB1_n\xEA\xAC}t\xFDw\x87\xF6|\xB8ht\x96\xE6\xF4\xBDc\xF1\x87;\x8A\xA6\xC5\xEF\xD6?1\xD6TÑ¿]rÇ«\x9B\xB5��\xB6\xBEu\xDF��Ñ.\xBD~\xD6\xDCY7\Vl \x85\xB5\xD7\xDE>c\xEA\x88\xF3\xB2\x8DS\xDF\xC7>\xF9\xEE\xE0\xCE5��\xCC�8~\xDF\xDB�\xF4M\xFEe{>X0�7�#�\xFB\xD0�\x89o\xD6<2\x9A\xCC\xC4\xDFt�;\xFD\xDE\xD9�\xEA\x8A
-\xB2\xDFvj\x98:\xF3\xB6\xAB/\xB1\x95\xE8\x8E{\xFE\x8B\xEF�~\xB3\xF2\xEE\xFC\xB2n\xE6\xAA�/\xAEÛ•\xAD\x99\x8D;W\xDDÕƒ~\xE9<\xFDM\xDB;v\xF8\xF88n\xB03\xEAo\xBDkÖ„\xBA\x92#\x88\xA8\xEF\xC4;gM�`\xAD\x88\xCEw\xBC\xB9\xED\xE0\xA1�\xEF\xCE:\xBFè¶ \xFF\x8Ce�\xBE\xCDÞµ\xE3\x9D�\x9D\xA5l\x8B7\xEA�\xEF\xF9艫\xB8\x95O�|Ó¬�\xD7×–l\xE7~\xD7\xEB\xFA9\xF7M\xB7\xBBW\xB7a\xE1G{\x90\xD5\xCC�\xCB\xDD�x\xF7\x9B_f\xB5\xF8\xF5\xDBw\xC8&\xB4\xEF\xE3\x9F}o\xBFk\xD1X\xB6I\x93�\x93\xA6\xDFvÍ¥Nq�\x85s\xC6\xCF}t\xFEd5Nz\xCC|�3\xC17\xEF\xDEY\xBAK\x88\x87?\xB4vw\xFE\xBB\xE4\x86\xFEÙ»v\xAEY0\x92+(\xEE\xE3mS\xC7\P\xBAs<熇\x97<?\xFFJjS\xBF\xE7\xD4%\xB44\xEF\9\xFB\xFC\x92\xFB
-'Oym\x9Bm\xB1\x9D\xAB\xE6t\xA3T\xFF\x9A�6\xCB\xE7b%\xE2å¼\xF4\xBF\xFE\xE6\x89C\xCF)�\x98t\x9B\xF6\xDC;+_}pBÝ…=k\xAE\x99\xB3\x94{\xC0\x9E5s/(}Wa\xF0s\x9B팿磇\xEA\xF8\xF1Y\xEFì´\x83[_\xBF\xA3�\xDFz\xEA\xC0\xEB\xA7\Û·\xF4p\xE2/C\xE7-ß°\xE9\xD3UK�\xBD\xFF\xBE�\x8B\xDF\xFD|7�}\xEF\xFAGk\xCB\xDF\xF5\xFC\x97\xF6]\xFB7-\x9Bt:>v\xFC\xB3�tf\xFE~ã‹“y\xF6=\xFE\xBC��&_USz�\xD6~\xD2\xF3\xEBv|\xF7\xED\x8E\xCD\xEB?X\xBBn\xE3�\x99p�l~\xE9\x86SKm\xB9~�\xF5\x83'\xAFj\x8B}\xF6\x9A�Z\xB1\xDF}\xF2\xD48\xFE\x94V�]9y\xF2\x95�\x95t
-\xB3\xB9z\xF7+�\xFC�{\xBF\xFDvo6�\xEDZ\xFBHC~\xFF\xFB\x97v�OznCnm9\xF0\xF5\xDAg\xEF�{\xFBS\xAB\xB7هv\xAF}` \x9BSi\xBF\xEBn\x9E<\xAA{\xC9N󜉋7\x94\xAF\xF1\xD8\xF4\xBD=$\xF7\xDF?\x9Fz\xD6y=GN\x9Ek�s\xFE\x8E�;?]\xF9\xFA\x8A
-;\xB2\xF2}\xB3b6\x8F\xEF\xE3;7\xDCt\xDB\xE4��\x8A\xBB�>\xAB\xC2�߈\xE5\xE8\x9DG&\xD4^Ð¥\xEB\x85C\xAF\x9Et\xDB\xDD�\x97\xAD\xFAb\xF7\xA1\xA2;�\xED\xDB\xF5\x{16EF79}\xB4\xAFßš.\xE3\xBB\xC6L|\x93�\x9DR\xFCY\xA6\xB5*\x98.t\xED\xFDj\xED\xB2G\xE6Ι3\xF7\x91g\x96\xBE\xB1jݦo\xF6U\xBE/\xBB\xB6/\xBF\x9D\xC7\xF7�\xC3o\xB9k\xD6\xC4~a\xE9g\xAD\xD8V\xF1\xB3P\x8D\xBB6\xAF[\xB3j\xD5\xEA\x8F6l\xFAj\xE7we\x86[\xF9e\xBE\x8B\xC6\xF7�.\xBA~μ\xBBn\xAC)v�\x9C3\xA1rk\xC9u\xE0\xBB\xDD;w\xEE\xFEv\xDF\xFECMß“\xBBL{\xD1\xF4s\xC6È™��\xBD\xE7\xDA\xEE\xBFÉ¿\xEA\xCF�\xE6\xBE\xD3\xE4g�\xFDe\xF6+\x97"\xD7Ú›�~\xF6\xC9{\xAF,>\x8Fkwó\x9F|{\xE4<\x9A{\xED\xFD\xFC\xD9\xF1f\x9C\x9C{\xDDCK_]<w\xD4\xE9\xF9W\x9DXw\xD7\xF2\xAD�\x8E\x9CGs\xAFC_\xAF\x9AWc\x86\x{1C3BEE}Z\xB5쾑E\xE0\x88S\xC6.\xFAp\xF7\x91\xB3h\xFE\xF5\xFD\x97\xEF\xCC�?\xE3\xC9w?\xF9b\xDDks\x87�u\xC3�S\x97m,3\xFC\x8E\xE9Ú·\xF5\x83\xB7V\xAC\xFFj\xD7Îo\xDE\xDD7\x8F\xEC\xFBC\xBF{\xDE\xD9Þ¼�\xD6\xEC\xEB\xC0\x9E\x9D\xBB\xF6�8\xF4\xFD\xD6峊։\xF8\x8AG\xD6\xEE:\xF2\xE3?\xE4:\xF4\xF5;\xB3\xBA\xE4\xDFu\xFA\xF8\xA7\xD6\xFF\x88\xBD\xB0\xE8Ú¹\xF2\xAEn\xF9w\xB5\xB9\xE1\xF9O\xCB7�?ε\xE7\xFDy�\xE5\xDF\xD5v\xC2\xE2ÏŽ8\xC7\xFD\xC0k\xEF\xFA\xC7\xEB\xF3�\xC3mo\xFC\xE9Þµ\xE3\x8B7\xE4��\xD5\xD7?\xBB᧪\xC3C\xDBÞš\x9E;\xCB\xC1i\xD2\xC7?U\xDFh\xDC\xFD\xC1#\xF5\xB9\x83\!
xE3\xB0~\xC1\x9A\x9F\xA8\xCF\xC3\xCEY6\xB5C\xF6\xAE\xDF\xF7\xBD\xFB\xEDm?\xF2X\xB6ס�\xEF=88\xD7;:N]\xFA\xF9O\xD59�\xF7~\xF6\xC2\xC4sss\xEF\x95�\xD7\xEE\xFC\xA9>\xEC\xE0\xF6�\xF3\x86e\xFB\xAF�k\xEF|u\xE3O\xF6a\xDFnX|\xCBE\x99A_}\xD5c\xAB\xB7\xFF\x88�Xѵ\xCB[\xF3F\x9Fk\xCFSN\xB8dÚ’\xF5?UW<\xB8\xED\xBDE�/\xCEN\xA5\xDC!\xF7\xBE\xBE\xF10\xC6ͱ\\xDFo]\xB9hJm\x92�\xFE\xB6\xB9\xEA\xE1w\xBF\xFCI^vp׆\xD7æ¿\xD0\xCD\xDE\xF5\x87^\x93�_\xF9S\xBC\xEC\xC0\xAE\xCF\xDF^tˀ꼙ݪ\xF7\x94\xC7\xDFÝ´\xE7G\xEE\xF9\x87\xF6n_\xFF\xE6c\xB7�*\x81�\xB5\xAC\x99\xF2\xE8\xF2\xCFv\xFD\xA8\xBD\xF1\xFBo6\xAE^:B\x9FSK\x9D\x8A\xADz]s\xFF\xCB�o\xFF\xF1\xC6\xD9\xF7\xBB6\xAD}u\xE1�W\xF4lU(\xBBNh?b\xD6\xF3\xAB7\xED\xFEQ>\xEDà¾\x9B?x\xFD\xF1\xD9W_vf\xE5�\x89\xA0\xEFÍ\xBD\xF1\xF1\xD6=\xC7\xFA\xB6C\xFB\xF7l\xFF\xFC\xFDמ\x98uu\xDF6Mz�[_|\xCD\xDDϾ\xFDɶo\x8F\xE5m�\xCCFxÝŠe\x8F\xDDyM\x9Fv\x87\xC39\x9FЮ\xDF\xF5s\x9F{gÝ–\x9D{\xC8\xEB��Ø·\xC7\xEC\xB8W\xBE\xFC\xD4\xFDS\xC7\xD4V� Q\xDD\xE2\xEC\x81�\xE7>\xF3\xE6\xDA϶\xEEܳ\xF7\xFB\xFD��6o��:\xF8\xFD\xDE=;\xB7o\xF9\xFC㕯>5o\xDA\xF8�\xE7\x9D\xDA��-\xFD{\xFB˯\x9D\xFDØ’7\xDE\xFB\xE8\x93\xCF7n\xDE\xF2\xD5\xD7\xDF\xEC\xF9\xEE\xFB\xFD���\xAA\xF8\xD6C\x87�\xEE\xDF\xF7\xADy\xCB��>z\xEF\xADW\x97<~\xFF\xADW
-\xE8|z\xB3#�Z\xB4\xEB3fÒŒy�\x9FY\xFC\xE2K\xAF\xBE\xF1\x8E\xD9Q\xE2\x9DÛ¶m/\xBF\xB6mÛºe\xD3g�\xAF~\xEB\xD5�\x9F]4Ö�\xC6^\xDEé´£�+9\xE1䳺^>\xEA\x9A�&N\xB9\xF9\xB6;\xE7-z\xEEÅ—_}\xED\xF57\xDEx\xB3\xF4z\xE3\x8D\xD7_{y\xE9s\x8F\xDF?\xE3\x96I×�нC\x9B\x93\x9BSu\xE5\xEFK\xCEhs\xD6\xD9\xE7\x9C\xD7}\xD0\xD8�&O\xBD\xE5\xD6i\xB7U\xB8\xA6\xDDz\xCB\xD4I×\xEEß\xC3Y\xD5'\xFD�!�-N\xAAn×¾\xFD9\xE7V\xBA\xCE9\xA7\xFD\xD9mÏŒ\xFF
-\x81$\xB3�\xE2I\xDB�\xEE\x83hR\x84͞\xAD\xF1\xB1&\xCDFǶ\xAB�\x82k�o\xCFh\x9FV\xB5�\xF9\xFE\xCF\xE8*�\xE5�\xD1\xE2 zג\xDDX\x92\x9C\xE1\xF5|\x93\xA39\xB4�\xDCP7\xBC^\x83wmr\xF5\xC0\xFEC\x87\xF6�ܷ$\xB9M\xFF�5\x97
-ԻO\xA6�\Z\xF2j�'Fh\xF1\xE1\x99q\x88;\xA7\x8F\x8D6\xAEH\xAC\xD3R\x98\xEC\x88�\xC4G\xC8v\x98�{�\xC2\xE2Y\xBC�\xEC96*=l�G\xC4/\x82\xA8yP\xA9( \x82\xCF!\xF4Q\xC4\\x8FL� \xB4\xB2\xE6\xA9P\x880\xA2 at U\xA0\xC0g\x90gl�~�0\xABɻl�\xE8\xADD\xDA \xA4=\xB1#*\x8E\xC4\xE9\xCB\xCF\xFB\xAD\x92 �B\xB18`Ҍ�L�\xCA�K\xA4�
-\xC2�\xE0$\xAA�l\xF9�,\xAB5\xFE\x8A�\xA5U\x8A\x98\x9F\x82>\xCB\xC9��H~\x8AI T\xDD,`\x96>\xA2AP>�\xA2\xFE#J�P.$\x9E�\xF1{\x96�&l\xE5\xE3�.V\xEC\xC5\xC2G&\xFC�Y�@�\x91ĩ%\x8DPy\x8B8\x93\xB1\x8A\x95�+\xCD��@C�\xD9\xDE$r8�_I�X\xDC.r<K�Q\xFE|\x83\xB2y8\xA1\xA8̑\xA4IQm\xA5Dn\x97\x89�\xFBB\xF6�);C\x96m,\x84\xF4\xF9���g*��I+'\xA2\xAE\xA1M\xA0��s\x886��K,\xA1�J\xDF�\xBF\x9C\xCF,9.˵2\x9FI�\xDD\xE1\x80[KIZAN\xC0<�&1\xCAd\xD4E2\xDB\xF4\xE7\x90\xC5܋��\xE1\xB3D\xD5\xC7Y��L?\x89/|*\xAE\x928\x81g\xCD\xF5\x94~\xC6|c�ƹVd\xF6\x97\xD0\xF7\x84-\xC9I2Yt\xE6w��N\xE4h�\xAE\xE53q\x99\xBA\x90YR|\x91\xD8\xF2\xAD�\xAF-\x96y\x96\x85}\x94\xD3%b�%74/+)A\xE4\xC6Le*D5Pz4\xA3���\xAEg+\x91y�A\x9E\xE2z\xAA^\xC5ʞxW�}\x92�-,QF\x81�%\xF4 8\xDB\xDC�$཈T\xB4\x8E\x891\x99\xAD'\xF0�azQ\x828T\x92\xA7\xE2�AƊ\xA3\xB4F\xF9\xE1��\x80$�\xE2:%٠?\x95�=�-O<\xE6�\xC2\xD9�ZJ�h�%\xCC
-
-\xC6\xC7HIyS\x9EM\xA2Ī\xF5\xE6�e\x8E\xE3�\xB2\xE4l\x86 \xB7\x93ˉN\xA6\xC2b\xA6
-jE\xB0@\xC5\xFAx\xA8\xF4\xEE`\x97��'��yD\xAE\x84q 2\xA8)�μ(7\x95\xF1\xF3\xE8\xD3\xCAVG\xF4\x8A-\x89pI\xA4\xD1󉱰�Ù\xAC|Q\xAE�\x96L0���\xC1\xC3\xD4\xEAI\xDBD\xA2\xBAI\x84 \x8C(\x9BR\x{DC56}�\xB9,W\xA5\xE7�\xC1߬i\x91�\x85\xA9\xA8\xA2\x84L\xF8
-\xCA,\x9F\xC5\xCBM�\xBB\xAENg\xE0yg\xAA\x91\xDCB�\xD2k\x99:\x9D\x8C\x8EÛ– __$>\xC03\x97\xB2_
-���\xEF\x83>\x915HP,aZQÒ®\x92�B\x88?DI\xF1'\x84\xBE\xCCQ\xC8\xD4\xE7\xD9�bÌ \xB2\xE2\xE7=K��V}\xE2\xF2�Éš\xF6�\xBB\xA2\x80\x90M \xBE\xA4T\xB5R\x87\xA4 \xD4:\x8E[\\x80l\xEA\xCDe\x90\x9F\xA3r\xF7\xDA\xD5'\xFF."N�\xA4\xBDL\xEF\xF4�\xB7h>L�(V\xA4B%%�\xF2Hd\xEE6\x8C���\xCFJ\xFE&LHa"$<\xA0\xB0�\x81\xF50�\xCD1\xDC\xE7&Ô»C\x87)\xF7\xF9\xF1XIÖ‚@\xC5a@\xE7�\xB0�C�\xD9\xF2�J\x84�8\xCC\xEF\xACtdb\x97\xF8nF\xD9Xf�\xFD(�:-�\xA8{$\xC2]\xE3\x82�\xC9\xF3R�
-�\xE6c]\xC7E{\x83\xCE\xF6̾\xC7A\xE9�\x9A\xC6&\xC9u@\xD4\xEDci3\xB7\x81q\xD2\xE7b\x82 \x8E\xC93\xFD\x98\xD9Ɏ\x8DU\xA7\xD9\xE5\xFBo\x9E\x9Dc\xE4\xD9\xD1\xF2\xA1\xAF:£�y��\xA4]\�:U\xA9\x9Bq\xEB�\xE1n\xFC\xC8O\xF07\x83M'0\xB3\xD0\xDF \x99\xCE\xFF\xFA\xBB\xA3}\xA2�\xF0z\xA4\xEB\xA8�\xED\x8E?j\xCA
-\xBF\xFAh7\xD6g\\xD8\xEE(\x9F8w\xF8\x80\xA3��\xEFz\xFD\x8D=\x8F|W\xFE\xBA\xF0\xD69c+En5}\xF5\x9A\xFE\xE0\xCD]\x8F|[\xEE\xEA:\xED\xA1\xE9��\xF9\xB6\xDCuҸ{\xA7\xF7>\xAA'
-�\xDFr[\x9F\xA3{\xE2Ô±S\xAF8\xCA\xFA\xBD\xF4\xC6q�B\x99�wu\xBB\xAA\xA1M\xA1\xF0?\x8F\xE2\x89\xCE#\xEA\xFC\xC2Ï�\xE4\x98G\x9C\x9F׿S\xA1\xF0\xBB#\xF0B\xFCs�\x83\xDC꒾Յ‰G\xE8\xC1\xBFÎÊŸYw\xB1S(\xFC\xA5\xA9\xE0!\xB9\x8EÏ\xAA\xCF\xED�']t\xD6aGÖ¯r\x85\xF6\xEB\xFA\xC17zJ\x8F&C\xAF\xCC\xF5\xDB0W\xE8\xF3\x87�\xFC\xED\xD4\xDAK��\xB5�\x9C\x94!y\xDB^q�\xF9\xE6[\xF7�һɸ\xB3Vm3\xE0\xD4\xD9\xE3\xEF\x9C\xC0�\xB3\xF6\xC3Ftlâ°\xDB\xF9\xF6#\xDBNZ\xB8h"\x83\x8E\xDCÞ£.\xAF�\xB1\xE6\xF6�\x9C\x85|\x8Dxv\xD5\xD2+\xE5\xEF\x93�\x8E*�\xF4\xF1u\xCE\xE8\xABí»`\xE1\x86mo\xEB�\x85�\xC3\xEB+\x96낉\x93u&h7\xF3\xC3\xEF�\xBC?ξ\xBDvt\xDF\xD2\xD8�\5\xB7\xDF~\x89\xFC\xD9\xE7\xB9o��?\xBC\xDA\xFEt\xF2\xC0!�殪!w\xCD\xD1!7\xE4\xB5}\x8D\x8D�_\x93\xFD\xD8}X\x97\xF2'
-\xFD\xEE\x9D?T\xFE\xBC\xFCå½\x8D\xEB\xC6g\xBFu�=\xA4\xC2h\xEC;\xFFÉ©�k\xED\xF8\xD8×\x8D\xEB\xAF\xCD~\xEB1\xE1\xBA
-\xA1s\xB5\xF3\x97̽T\xFE\x9E\xB8\xBE\xB1\xF1\xD3�\xB3\xDFjn\x9FVa"\xBAh\xEE\x8B�G\xC8\xDF\xF5\xEF�h\xFC\xF2\xB6\xEC\xB7\xE1\xF3\xEF%(^\xF1�>\xE3\xA6Å‹g\x9E\xC3wz|g\xE3\xB7OY\xCC\xE39\xB3\x97.�\x88?~Y�a0\xE0\xD1מ�"\xDF\xF4yã¡·\x86\xEB/#\x97~\xF0"\xFD\xE3ߪ\x8A\x9Eh\xE7+\xAF\xCD�<\xF5�\xABM\xF5N\x91�:=\xF2\xE9\xF6\xB7\xAE\xC0_'d\xDE�\x9A�F-Yñ¤¼¤\xFB\x8B\xFB�\xBFyB\xEAg슽\xFBW\x8D\xC6_\xCC�\xB7\x86`\xF9>�\xDF_>[\x82z\xE6\xEFn\xDC\xFF\xF60\xFA\xB3\xF3\xC2í\xAB\xE8�-\xB2�\xF7O\x98Cκo\xED\xFA\xE7\xFAÓ¿{\xBC\xBC\xDF�\xEBj~\xC5{��\xF7\xBFA\x91T\xC9y9h)\xBE\xF1\xBD/\xA5\xC7N\xF8\xB8\xB1\xB1q\xD3-\xF8\xB3\xE3\xC2m\x8D\x8D\xDF<F\xAE|?�\x89\xFDo�\xAE׬޵\xFE&\xFCq\xC9\xF3\xF0\xDE\xEE~�\x9D|\xC4r\xBCn�\x92\xFF\xDC>\xEB+\xFC\xBA\xF1��\xDC\xF5TgS9\xF36\x92{\xE7\x8D\xC1&q\xD2'\x8D\x8D\xFB^\xA3\xCAm\xD7\xEBt}\xA0E��\xE17lh<\xF4n\x83y\xD7*F\xB5\xBDw%�\xD3\xF4\xFC\xAD�КA\x9F\x81�\xE3uf�\x82HÞ±\xB9\xB1\xF1\xF3Ù…\xFE/�\x80\xFA\xA3\x89\x85\xC2\xD0\xE5���\xAD\xA0\xAF;\xF40\x9D\xBB\xBC\xCB\xFA\xE3\xE1\xEE\xCF�r\xF1\xD9�+�q\xBD\xF1\x9ES�W}\xD0ظ}!\xC04\xE9\xC8\xEB�\xE9\xD4u\xFE�\xC3��\xBF\xF6C\xBA/�B}1\xFB\x94\xC2-\x9F\x9Bïž„\xBB.\x9A4E\xFBv<\xFC�\xC0\xA9/z\xBEÔ½\xFD\xFE\xF8B\xC7E;�\xF7/G\x9F>yÜœ[z\xC9�]n\x9CRc\xEA}\xDE\xE7%�\xEC}eH\xE1\xF2W\xF66\xEEX\x84\xB9\xAE\xC7m\xF3\xED\xFA\xDE\xE7\xF6i��
-c\xDE.uYny\xE8\xBC°7\xF65~:�w\xF5\xBF\xFB\x81\xEB�Bz\xCA\xF8\xB9w\xF4*\x9C\xFB\xD0֒�\xF6\xBFmz_\xDF�v\xEE]=\xD6\xDCu\xEA
-�\xDD;@^\xD1m\xDA�\xB7u+�zu_\xC9woz\xD0L \xED�|\xF1\xD5+h\xC8\xEEw<<S?\xE3\xA2\xE9\xF7_{ra\xD4{t\xDB'O\xBF'\xDF\xFF\xDD�\xD4��V|\xFC0\xFA\xD4%3�\xB8^#\xEA.\xBAm\x86\xE9\xB0\xE3\xD6â¶w��\xAD\xE2'>\x9BK\xA3v\xCC+\xEFЀ\xEF=cf?m\xF0�\xA7\xDEb\xEA\xF9jj\x8CO͸[H\xCE\xEF\xDD\xCFr\x90\xDB�\xAF\xAC^�lM\x9F�\xB7\xF4\xD0'\xBAO\x9C\xDCK\x9F\xF8dB\xA1\xFBKÔ©>\xB8\x8E\xBDr\xF9\xE6U\x98\xB9\x86\xDF3Ñ‚\xF4;\x8C\x9Fpa\x81z\x83\xE9US
-c\xA9x\xFB\x97]ȿ\x8E_\xBBo\xE7\x8B��\xBD�<s\x83\xED\xE9q\xFDuf\x8A�\xB3�7n\xBB\xA70\x9Bj\xF9\xBB\x87\xE5\xD7[656\xEE|\xF7\xE176\xAC{(\xC3\xC7\rm\xC3I\x85!o��r\xD3�\xDC\xF2\x87\xDE�L\xBF\xF5x�\xBD\xF3\xD0w�M\xDD
-\xB3O\8\xD9,y\xE7?Ͱ?\xC5{\xEE~\xE3\xD6Q\xA6=n\xFAĶ�\x8FC\xAE\xDE[\xEF0\xFD\xEA\x8E-%\xBD\xEA\x8B\xD5\xCF͙\xF7A\x86�\xDD\xF6\x84]�.\xBE\xF3\xFE\x91\xA6\xC0\x9BKzI㡽\xDF\xEC\xCC\xFD\xF3\xC0\xCAz}\xA2\xC7\xEC%\xF3\xFA�\xEE\xD9Q\xFAD\xE9\xF5\x99N\x92\x853g\xAFX\xF7Ƣώ\xF4@㮅v�\x9D\xF0\xC1\xF7\xFB\x9B\xE1\x9D?\xF0\x9A
-�\xBD\xEE\xE3#ߎk\xE5(\xFBĺ\xE6=\xB1f\xAC>q\xE3\xA7\xCD{b\xEDU\xFA\xC4�e�\xDB\xC4�W\xCB�\xDA\xDC\xCD\xC7\xC8�\xCD�h\xBC\xAFOLi\xE6g4\xAE\x96/\xEF\xF2T3\x81;\x87Þ½BF\xD9{\xCD|\xC5w/\xD1�]8k~3k\xAA\xF1\xCB�\xB8\x97\xD4<\xFDu\xF3�Ø¿R,\xAE\x8B�\x96N\x86M\[�\x91P\xCD3o\xBFY@\xD8o_\xB7\xBD\xEA\x82{\xD76�\x9E\xB3o\xF5\xF4\xCCX\xEC~\xCF\xCAo\x8E\xF4\xC0\xF7k\xEF\xB2��\xBA\xC9UO��\xFE\xB6o\xED]��\x8A\xAEK\xEE_\xF9\xF5a\x80�\xFBÞ¿\xBBW\xA1\xE4:\xEF\xAAG\xDF)\x8F�\xE3\xEB\xD0\xCEU\xB3/,}\xC0\\x9D\xAEz\xE4Í6\x96�y\xBE\xDF\xF1\xE9\xEA\xC5\xD3\xCA�7\xE8\xEA8\xF4\xEA\x9B�måšµk?\xE0k\xED\xDA5+_]x\xD3ؾ\x87\xDB\xE4u�4j\xDCUW\xEBu\xD5\xD8Q\x83J\xE3]\xFE�\xD7\xBB\xB6\x8B\\xDB\xDDJ\xD5b*:\xBE\xC5�\xE0\x87\xA2g\x82c\xE2A\xE2 at p\x93X\x84&\x93X}
-n\xEA\x880c\xA4\xEE�藺\xA2\xA7B\xFAk\xEA\x80�H!�\x87\xF2\x89\xB8⠪\xCAb\xE0��\x89E;VW`d%\xBE\xD47\x93\xAA\xF7Y|\xB7P\xC8pYS\xCDm\xE5�\xB3?\xDC�\xC2K\xEF\xB2�\xABZ2�9_x0D\xF3�
-\xA1\xFC\xB28\xA7.�*[~\x94f��$\x8Br�|\x9F\xE2!\x84�\x92\x85�\xC0ѯ\xDA\xC6P\xCB\xF0\xC4�K\x9A\xEEÕš\x81(\x97D,�\xC5\xDE!'%�\x9B(`o"\x9F\xBF\xA7!\xD5v�I''\xB4N\xABо\xCC\xFA\x9C<UWFÍŠ\xEF�\x9E\xB0T\x950EÉ\x93I`\x8B\x9D;\xA2\x91Ar\xA1ÜŒQ\xA6$�/\x8CJ\xCCEq\x98X\xAF]\xCCz=$I+\x9A&�\xF0\xF2E�WU\xBDRhM\xB9*X�A \xAA\x83�\x8D\xE7\x8BvZ"b\x9B\xE6^\xD3\xD1RN�\xD7�\xEE\x94Ú‚\xE6 T\x88j%�\xA2\xEF\xE7\x82%\xEC\xB4Bb\x90\x88\x93R\xB1
-��Ic\xD1%4\xDD\xC0\xB3�\xB8\xD2A#Ö\x95b\xB1\x93/\x86\xC0J\xAC\xFETnE@�\xAC\xE3Ñ”\x90}\x84\xB1oeJ \xAF`\xE5Y]\xFE\xA8$V\xEF�� \xFC\xCCK�\x89\x84\xA8\xA7n0$\xFA.+ݺ\xA0\x89W\xD7o\xE6.\xF2\xA4�\x91\xF7\xCESmX\xD1\xF2#5u_\x90!\x8E@
-�(�s\x9D\xC2a\xA7\xE2�\xA8\xEA\xC8�1o\xEDBP\x92��Ih\xC1� ܽV2>T\xB0�\xB4"<�\xBC\x8Fl\xF9E\x8C�\x8A1 \xF7 \xA8\x85\xB1\xDA�\xF4X -U-\xCF\xFB�i\x90\x914\xACޚ�\x84*@\xED\x8A ^�\xEA�@C\xDA1 \xB90V\xA1\xA2Z\x8FT\xE8'H�qܪ\xC2�I�\xA9\x8F\x9Bt 4\x838\x8ED\x98I�z\xA9 \xEA\xF1S\xCD
-h\xA4\x85\x81\x80k�=\xC0\xCF\xE3kԕ�I� PǓ
-L\xC4\xEF�\xF9\x8CĪګ\xE3ܤ\x8A\xC3��<`q\xDE\xC4cQI\xAE\x94P�\xC0S\x99\xBE�~\xAF0\xCB@&B\xF8\xC0EX\x8F\xDEE:\x85\xA9HI0\xCC@\xB4\xB9 \xEC\xEC\xAA.�I8\xD2І�\x94
-\xBF�\xB1Oh�'Ss\x89�\xEB�\xF4�IKV\x8B\xF2K\xEC\xF9"W\xA5\x9Er\xA9�!g`�)�\x9D0i\xA2\xF7b\xFB~Q\x9FO\xA1\xFD\xEA (\xC3cd�\xF4l\xB4��\x96\xB3\xA3
-�\xACV�%\x87*'/ȜP@<䤗��H�O\xEEi\xC0_U-`�\xD2]\xA5l\x93\xC0UhP̙"Q\xD5{\xA0\x98\xC3\xE8� \xAD\xC2L<H\xCA\xEAٺF�\x84\xA4? �c\xE9�\xB9\xE7�\xD5b׊\xE5\xDE�=�\xEEB\x98\xE4\xE2D\x84\xCC�\xBB �b\xC6�Q�\xD5Y�\xF5�\xB3^\xA4j\xE1\xB0R�M\xB5\xA9U\xA6\x8DD\xC4�\x90\x81HP�\xB1\xD5v�^\xC5\xF7,T\x885x18\G\xD1Z�\xFB\xCB!\xE9��\xE4j\xC9@\xA6e\x943Q!]Q�\xC5\xEC\xA0"\x86\xE6\xC6@ų�+\xCE��\x9C@$zbYpIb\x99'\xA5Ъ\xD0C/Ֆ\x94\xE0
-�Sq\xFA$�v\x99\xB22\xC8\xC34I \x8BhL\x9AԮ\xB6s�\xC9�@\xF25\x90\xE6\xD3�\x9BtE�i>�Z6-ES4�Q\xB3(�\xB4�ЬJ\xA5U�Ur-\xB2\xCB�[Ջ6\xDDֵ �s\x8Fm�\x95�J\xACw=q\xECrA^[m�/\x89D.\xDA�LG3\xF0=\xD2\xD6\xC47:\xA9\xF6�\xCD5\xB4�`X%\x9C@\xD6@\xF3\xD9R�\xAE.\xD80\xDC\xD2T\xDB\xCBsc]odeR\xFDc\xB2yr_\x809\x80\x86��\x9CL2۴�\xDD\xEBۙ
-J\xC3< C\xED\xC7Qs�=\x86\xE7\xAB\xC8\xE1\xDE) �^q\x90\xA8�X\xE6�"Ε\xC0\x8EY7&\xBD:XMA\xE0�\xB6˧\x82<!\xE1A\xCE4b4$T\x98,��\xF8B\x8F\x80�ƔRh��}�\x91��\xE1\x88\xFE½ \xA0&4\xB7֡\x9Ah \xAF\xAF\x9C躱\xE4*S�\xBAK\xCC\xE0<\xE8\xD4\xDBY�\xA2\xAF\xFC]A�\xFA3\xCBg\xAC\x89>\xCB12\x941�\xF5(�\xB9�\xD0@\x88\\x8B\xD6B7�\x80 fTG\xF5eSF\x83\x840\�\xB74\x830\xB6\xFA\x80\xD4\xCF�It\xC3ȎO\xB6:ˆW��\xCB�i �\x90"\xA6�\xB4UY\x8F�\x88�G\xA1\x90b\x88\x85AΒ0U$\x9AN&9\x8EbƓ&:m\x85\xB1
-R"�\x92%\xEC�\xE9\x82Z\x90)K�F�
-d\xA5\xD5(e\xC1p\xAA�Z\xF4\xA4�\xBCO\x80\xEE\x99�
-R\xC1\\xA9\xEEȵ\x80R��\xA1o\xBB\xA2\x95\x95*\xAC\x8A,o\x95\xDDCi�~\x83\xBD\x8A\xF4"h\x80\xB1\x89�l\xAA\x8C. at W#Ov*��
-}\x87\xFB1\xE6
-\x99K \x83��bN\xEAbHx\xCB@$\xC2i\xC8i%\x92�9\xCF%>\xEB\xF6\x9A~"zc\xC6�p\xD0^-IWK\x8CT\xAC�\xAE/\xF3\xB9\xA9�\x9F��Č]i�\x98\xB1\xBC%H\xAC\xF6$F\xB5\xA8C\x87\�բ\xD7�J �\x96d\xF2R\x83�6v̓4�\x94qͰ\xF2\xAD=e\x92u\xF1\x80�1\x83O\x91\xC8
-\x86\xD5\xCBj\x80Qm\xB2�\xAD�n�33-\xB2\xA6G\xE8\xB3�9\xADR
-�\x85ʘ\xE3\x8A\xE9Hf*}@�\xEAV'\xC9v`\xE8щ\xCA/\xEBl�Z\xD19\xA0\xBDR\xFB�Po\xE7&dTW�\xAD\xAFĪ\xA2\x8A\xF2b�\x80�\x89\xFEEq�x�\xC6vS�X\xD0a\xE4ڎ%k\x97\xB4 [\xA9\xA8_\xD8�*\x98&`3\x93\x95#\xC3\xC0�\x94\xD0u�E\xA7{\x82\xC8�-?\x8C8Z\xFC5\x83\x80K`j\x88�M\xEE�^D"\xE8!\xB6\xCB<\x97!1 \xD9\xDF at 6\xEC
-M��^\x900\xAC\x98s\xF5X\x825\x80\xAA�[4�\xBF<\xC1�\xF9M\x9D\xF9\x9E\xC8%\xAB \x84.0w\xC2\xD0긅Y/F\xC7\xE0]\x91IL\\xDD�\x84\x91ZZ\xF8�1`Q\xE12mX\xA5l\xD31R\x87\xB4\xBBMZ�\xA1\xCDji\xC2ȥ\xF1�:v\xF9�#�\xF4a&S\x89�\x90\xF7\xEB\x81�y-\x80(:�\x98c�\xED\xB0!\xBD+0\xBFF\xAE\xF6\x82\x84t2I\xDE\xCE\xCB\xCA/\x8Bo\xE0[\xFB\xC3T\x80�d�\x9E\xB5��T\xE0\xC4�\xEDs\xD9|\xD16\x943\x8B\xC0\xD1m\x99\xE9D2?\xFB\x99F"��\xB6)}SP\xD7\xCF\xE9A\xB2\xB5\xE7\xC7\xDC0-):\xC0\xC9�*\xD2�k\x8C\x96n\x93\x98�/H�k\x8D\xE4 \xB5"\xCF<5\xF8\x91\xDDV\xC5�}@J|�\xE4�u1a\xFCu\xE8�<#\x89
-)_\x80-\x98XÕ‘F�h\xA2\xB5s\xF7b\xF4{\xB4\xD7ð‚«\xC7\xEB�\xBDȪ�\xE3�D\xBA\xA0IV\xE3#\xCD*\xC0\xE7)\xAF%�$\x854_\x98;\xC90V at 0�\xDD89V0\xAB\xA30e?\xA0�\x84 Y\xF9\xC0�er�ŧ�"\xE1\x8Ad\xC1�#Q\x8C�_\xCF% .�\xEBÍ\xB8\xA6J \xA3~\xA4
-\xB8H�\xF4\xB3ILD\xD7׉\xB5�\x9A\xB6\xA6S \xCE QH\xB7\xE9�"\xEB
-qb1\xBF\x90\xA8\xBA\xBC\xD8Xñ¹9\x92\xE5p�z\x8C k9\xFBj@�>ˇrbD\xD0gR\x9D\xD61D\xC9!5\xAC��\xB2�#\x81gÞ˜�\xB1.\x86HLS\x9D[\xEC\xD6�\xCA\xD3n\xE2\xC8\xD8L\xF9\x88�\xB2Ñ®�\xCB\xEC\xA6\xC0cJt\6S\xC8x\xE2� �\x9BX\x8B\xC6\xF1\xE4\xDEP\xA6\x91PO�I\xE4Z2H\xD8J\xE0��\x9D\xF40\xCEØ®�<Q&=LN\xBC\xBD!1\xEA\x94Z\xD6\xCC=6\x92�\xC9.i.\xE3e\x91\xA0\xA4�[\xD8XÅ\xD10\x8A\xFCM�\xBC\xCD�pD\�\xA6\x92\xECÎ\xFCu�\xDA\xF2\x98{\xC5Ê€D\xB6\x9C\x83a5Am\xDB:\xE4\x97a\xB5p\xE2D\xBE\xD6X\xEBrH\xA9xf�{�\x8B\xB6\xCF5\xA2/\xB7\xC6�(\x8E\x88�n\xF0\xC8\xCAw\xA2 \xAA\xAAj�\xD1Q\xEC2t\xA9\xD9�\x84\=K\xDBRb\xAC\x87\xB7b\xEA\xE1\xB3\xCC$(git [-�ȹ�)džaU^Ëš@\xE1\xBC\xC8\xE7�\xCDaa\xA6"\xF7J\xED%\xE7\xBFv.Db$v%L\xAE$\x92�\xE4,�Q_\xAE\xAAa\xA3\xCF2\x84�+c\xA8C&\xE5\xF0/hEG28\xE5\xDC�H\xF9\xC0\xB5\xF3@\xC8\xCB^�\xEB(r`\x93�\xB2᳃ @{
-Ò¢n\xA1
-��l\xBB\xA5f[\xCF\xDD�\xAF\x8Fy\xD7\xECsX\x80t!>\xF8MbƹW\xEB0fLxb\xA5}ir\xE0-'�\xC3x{J}X6\xF3\xA6"RQ\x80E\xBEzD\xE0\xE8\xF64% q2�pHɧ礲\xCEsf\xFE\x88�\xC9�\xBAd\xE6z9\xE5\xC4\xCB\xD4Òµ�#4\xE9\xC5j|\xD9Õ\xF0\xF7n \xF1H\xDA\xDANl\xF5\xEB\xCD\xCB�\xA9Y\xEA\xBAT\x89f\x94%~d'\xD3\xC0e\xDD\xE6$\x8B\xAD�u\xE9\x87U\xAC5�\xAA\xFD\x8C\xE3&5\x89Њ\xB1�\xC0\xA7v�\x87�\x9E\x82 �nD\xA4Y\xB5]R\xD6\xD5�\x90\xB6E(�K\xDD\xD3\xEB\xF9\xE43\xE0\xF1\xA2Ï“=\xA4G\xB7\xF6\xF5|\xF4�\xA3Ø•oE\x8C\x94#'::7\xE0\xBC\xCE\xD1 !G\xCF8�\xBE\xC2K��\x8C�\xF1J\xC03\xE3\xCB1\xAF\xEC\xED\xC8[D\xAD�\xDF��\xED\xEA㊓\xCDh\x94\x882\x84\xB4\xF0\x89\x8Ey\xDEq\xACH|\xCC3&�\xBCu5#7�\xCF\xC48#\xD3\xD5ÌŒg\xDE\xE0C\xAE\xDCOCI\xD4\xD3/Ó–\xF2\xF9\xE8\xE4��\x83��.=\x8E=U\xE0]\x8E�8\xC7PNhr\xCD\xEF\xEAZJBÛ,\xDB23c\\xB1-\x80DY\xDF5~R\x83UT\xCA;\xC9\xD6r/\xB7{\xD0\xE5\xD5׳L\xF8^\xEC:\xE4 \xE4/\x96\xA1m\xE3Z\xAC\x8D�ck\x9DJ\x9E\x81L�f\xDAP\x81t\x8A\xC1\x89\xA9\xA2\xCC\xF3\x8E#\x8E\xB5Ôº "V\x9B\xE7D\xC7�\xB0\xD0Ò ÆŒ�a\xE3�\x92gq$\xFA\xDC\xFE8Y�
-c\xD2}\xE7\xC3L�\xCA\xC3b�\xA6\xB1݂\x9A�K\xCE \xD3H\x9D\x80�“\x9D
-�y�A��\xD6g\xF5\xF7ɪ�?�/Å”+�\x85\x98\xD2j\xD8Z�k\xD8Z,f\xB6\x96 \xB1UK\x8EH邉&\xEAAa\x99dz\xB6�q-\x9E\xF3'\x84\xAE8\xB1\xE9\xF28\xAD\xA2\xF0�\xD3Õ% �\xC0\xAC\xCC.\xACw\x8D�!M\xE6(2�\xDFÃ\xAA�
-�\x8Bo\xDA\xCFtkr�\xB8\x88I���f\xAA]v\xF3\xF0\xE4\xF8\x9EX\xD6�\x82�\x8FQ&\xFAH\xE5\xFA\xBF�\xC8Ҍ\xAA\xFD/�ɒhl
-b\xB586\xC5,\xD5f\xF4U\x8Cd\xA9p7~\xE4'\xF8\xBF\x9B�\xC9�\x9A\xBD\xE4\xDF@$\xCB�\xB9\xCA�\xF0\xC8\xF5\xC3$\xB2\x8A\xAF\xFC1\xC4g\xD1|u\xA4&\xAF\x9FW�\xBB\x96\xF0\xAF\xFEx\xEC�\xF9]TQ�\xEA\xE8\xF28\xB3\x{DC4B}\x8E\xBA�\xDA�\xBB\xC4gt\xDE)G\xDF\xD7J�H\xCF?\xA5\xF0\xF7�|?\x8A\x98\xAD|`\xCAߛ�O\xEDq�\xF7\xD8<
-E\xB2|�\x87�A\x9B\xDAÎ…�\xE0\xEA\xBFnRѤ\xEC\xFA\xA7\xBC`Ò¯M'\xEB8j\xDC\xC5m\xC0R\xF7\xDB\xD6Mk��_\xFFò›œ ܯZ\x9B\x97w\x9Fz\xCFT�"\xFA\xA5W.\xFES\xE9\xFA\xF5 '\xE4?\xBC�\xB4\xD2.\xBD\xFB\xE9�\xAEp�T\xF0\x97#\xC4\xE0pm\x9Ep\x92\x97/\xF1 g�4\xDE\xEF\x91\xD7��-�\xFE\xF5w\x85\xB0\x9C\xFE\xE9�\xF2\xC2v?\x87\xB0B\xAB\xF3\xDA��\xF8\xB4\xEE\x80l\x8FX\xF2\xFE�#�\x85?\x9E\xDB\xF9\x82\xD2X\x95\xE3\x9F\x977\xA1h\xA0\xBF\Ø¿s\xFE\x96\xD65\x83\x814\x9E\xB0r\xCB\xCA \x85B\x8B\x9A\x86a%*E\xBFK\xC3"�\xDD?\xFCδe\xC3uyE\x8D\xC2Yc'�*�\xFA.\xDE~\xF0\xAB�\xFB�
-�\xA7^unq&Q\xFB(\xFF\xCF_y'�
-\x9D'̚\x9C\xA7\xA3\xECz\xEB\xA2Go\x9D\xBE�H\xCB\xED/\xDD6i\xDE\xFD7\x9ES\x94lj\x9D\xBA�E\xB9\xFD16\x99\xF4\x98\xF6МaN\xA1\xA0u\xD5}\xCE\xF2O>\xDD\xC4$\x89\xBB?[\xF3\xE6±E/.\x9Ct\xC9EE\xE2= \xCC\xC7\xF5\x9A\xF1\xE8\xDCQ\xA7�~ق��\xAA:N_\x91\x830\xEFxo\xEE%\xF6\xFE\x9FAi\xB4M\xDF^\xF9\x89\xE6W�z\xC0%3�\xDC\xD1\xD7)\xB4H\xA9;\xFC\xC1+�[\x92\x83\x99nYr\xCD\xE9r\xFB\xEF[\xFD�\xD3e\xB7aE\\x9C\xBFwQ˗͜3֌5\xE7�\xF4\xF1\x96]/jw\xF1\xBD\xEB-Hw\xF7\x9B7+\xF43\xEC\xD2�\xCCd\xA7\x8E\x99T\x93\xCF\xE4�\xF4\xA2h쬛\x81\xC7�\xCE\xC4D\xD6q\xE4Ȏ\x85\x8B\x9E\xF8J\xF2ػ\xF2vAp\xB7\xEE6j�\xFD\xD9\xEE\xC37手[\x9El\xC6H\xA7\xC9w\x8D7\x9D\xEB\xC46\xA7V\x99�GN\x9BԽP�'A�\x8D\xEB\xEFVV\xCA�o}\xE8�\xD3\xE0\x85\x9E\xF3\xDF~\xFB\xFE<�\xD4m\xE7�D\xBC\xDE|Ldz�\xB0r\xFE-�\xDFe
-\xDB\xF9qF\xAC\xEE~\xFE\x92\xC2?\xD1\xC8<uÊ‹k^\xBF\xB1\xD0u\xDC\xD3\xEB\xBE\xF9r\xF1\x80|&�M��>\xF2\xDC\xF5\x856\xFDj\xA9\xFA.\xBDo\xD9" \xDFo\xDDȵ:\xD3\xF4O\x9ANz-X\xBF\xE7\xEBU�,^\xB3\xFDP\xE3\xDE7�\xF2uÒ©\xFBÉ…�\xDEZ\xFF\xEA\xCC{\xA6\x8F\xA0Ȭ~O\xAC^\x8E\x80\xA2)�,\xDF6\xA7P\xF0i\xCE\xEF\xF3\xEC\xB6\xC6\xC6\xFD;\xBF%\xA5\x9C\xF7s1G\x85B\xBB\xC1W\xDE\xF0\xF2\xD7\xFB\xF7lz\xFFi�\xFA�\xF4\xC2\xE6-\xAF\ß½0\x8B\x91\xC1߯\x9A<\xE82\xE2Ýy6\xD7\xEC\x9B�\xC8I��\xD2\xE5\xB7/&\xB0\xF2\xEEw�X<\xF8\xA5]\x8D;?|a\xC1z\xA18޵⡱�~r\xD6�9\xC0\xF17\x8B\xB3\xA8ÈŸ\xFF\xBAp\xE6\xF5˶S\xFA�\xB7\x99\xE5\xBBP\xA8{q7P\xF7\x99\x94Ä–\xE7\xC6\xF1\xE0\xBCyc\x96Éž\x973\x85$\xC4�\x9Ew\xFF�\xDC!Þ¾\xB9\xBEwP8wa &z\xCB\xE3}\xF9\xE6雲\xC4]K\xB3\xE6i\x85.:\xFA]\xEE�\xDF~\xFC\xC2�Óg\x95\xC0\xA4\xD7\xCF\xE6\xCF\xEF\xF1l��\xFE\xE5\xE3�\xFER8\xA1Ý™\xA6\xF5\xCE_$\xEF>\xB0\xE9\xF9\x81\x85N%\x90\xF1o_�V\xF8\x99\xF9\xCC3\xEF\xF8(\x83\xAB\xEF~g\xAA\x95Z:\xA9;I\xBEܤ\xD8\xF4}\xAB\xC6�F\xBCS\x8C"\xFEln\xC7Ÿ\x93\xDF�.{j{\x96\xF1\xFB\xB3\xEDLxb\x97^\x{D82E}{\xAD\x8D�\xD88\xBD0\xB38\xC8f\xDF\xF2Qf\xCA\xED��\x86\xBCjq\xDAß®\xBD'\x8B\xA3Mzv\xA3Y<�(Ø¿\xFE\xA9u\xC5t\xDB;�u.\xB4\xBA\xA8\xCFé…‘ok \xBF\xFB\xE0\x9E�\xC9\xEB\xE9\x97r\xE0\xC7-_\xE4\xDE\\\xAB\x8D\x9Bn7=\xA4\xBE\xE1\x9C\xC2�\x8A\xE0\xFF\xFE\xA3\xB9\xF9\xD9\xE4ì„\xAF\xBEli\xB9\xBE\x88\xBD\xB6\xCE0\xC3w\xE2
-]\xB2L>\x9F\x9F�\x8A�\xBA\?m̨q7\xBD\xF4U\xD3y4~\xB7\xEC\xF2\xC2�\xF7M\xEFUhx\x97\xBB\xF0\xEE\xE7\x8A5\xA4.\xBEk\xF1K\xAF\xAF\xFA\xF4\xF0\xA1 ;ޜ\xB7\xEC\xF5\x87.+�_Έ\xF1
-S\x8B\xF2(\xF4{t\xC5\xFA/\x8FH|\xBBoÇŽÏž\xEAS\xE8+�\xBD\xF6\x9A\xE2LF>\xFDîŠ\x8E\x88\x967\xD7WO\xF7.\x9C\xB3\x80\xBFz\xF5\x95Eyt\x9C\xF1\xE2�7O{a\xFB�r0×–y\xED
-\x85\xC9�\xE8\xEF\xF7\xC6\xE4\xF38\xE5\xDAg\x96N3\xDF\xF4Ú‘Y\x83\xD7Oκ\xE4{E%\xE9yߪ\xB5\xCF\xF4.�\xE6�\xAEq$��\xF9Ü°\x9E\xFE^s]>\x93\xBA\xA76\xEE\xFE\xE2\x91Þ…\xB9G\x8C\xC8i\xDCd:Ka\xE6\x97\xF4\xF7\xBA;\xF2K\xBF\xC5\xE6\xE9Mo<\xB1\xE1\x88y4\xEE\xFD`\xCEÔ»\xD7\xF0x\xF8\xE0\xE6\xFC\xBA\\xF3,\x8Ap\xA0Y\xDC\xC6�\xBEÚ¸\x85\xF3\xD8\xFB\xEA\xB0\xFCç´»\xFF\xCB\xE6<_rm�kj\xC6Opc3\xA3\x81\x8A\xAE\xCFo6O\x9E�\xFC\xE1_\xC5r�\xB5\xE2�\xF0L~fZ;\xECÚ¾\x85\x9A\x9A\xFD\x97�f\xF46u}5\xBBp\xEEÈ‘\x99\x85w\xCE�\x9B\x8E\xFCP\xE9up\xED}��Ý™�=\x85kV\xFF\x80\xEF9\xB8c\xCB\xC7O�\xCE\xF5\x94%?\x8C\xC4w\xC7k\xD7e�\xD5\xED\xE6\x96F>6\xEF\xFA\xE6\xE5\xF1\xB9h\xF1\xFA\x97\x9B3�\x94^�?\xB4.\xD7\xDFΞ\xFE\xDE�h\xA0\xAD\xAFLΩ\xE9\x99\xC5\xEF\xAE\xE6D\xFD�_\x9B^\xB8\xA5C\xA1\xE8\xEA>\xF7\xA3\xA3$!\xDF\xF4\xF4\xE82\x81\xCB\xEEs\xD7��\xB1\xED\xB6�G\x97fa\xAE��\xFE\xB4\xF9� �\xB7\xBE1\xAD\xA2\xEA\xE7\xC0\xC7>i\xE6�\xED\xDB\xF1\xE1\xB37W\xD6_M�?\xB8\xE6\xEB#�\xE6\xE0\x9E\xAD\xEBW/ff\xA5\xF8x\xBE\xBA\xDE\xFE\xCC;�w\xEEkZ\x87\xE2\xFB\xCD\xEF\xBD\xF4\xD0\xC4+\x87\xF7>�=È™}\xAE\x99\xF7\xC2\xF2�\xEF\xAD^\xBDz\x8D\\xEF\xF8\xE9\xB6=\xFB��<x`ß®/W,\xB8nP\x87\xC3<\xAF\xD7Y}\x875\x8C�\xADט1W^=\xE9\xC1ů\xBD\xF5\xF6;o\xBD\xF1\xE2c\x93\x9B\x88\x93jN\xBE}\x86\xD674\x8C�>\xE8\x92ñ7\xFCm\\xFF�:U�:U\xF1S[\x9C\xFB\xA7\xAA\xD6]ꇛ\xB2T\xB5\xE8Ò¯fhÝ™�\xEB�\xF7\xE9\S߯\xEB\xE8\xA1u\xFC\xDE�m\x9A\xBC\xA9}\x9B\xB2\xA2�)8�> \x89�\xF1\x83V\xA9\xEFG�\x9D�\xDFh$\x98\x96\x84\x9Dh\xEA\xE0'\xD7f\xE0\xB1o\xA8A�\xFC1�(�\x91BgS7VL \xF0I�\xBB$76c\x9A”\xE1\xB0\xEA\xA0�^\xC7\xC8�K\xC0\xB9*\xCE) 0qF/\xFE\xE1HI\xE3</\x8A2\xFF\xBA\xC4�\xF9\x8A\xB0\xC4\xCB\xC4;\x958Ö½f^\xE5'�\xCD�9VGK\xA0ÉŽ\xB8\xF7\x90\xA9`\xDBbA\xAF4��Z�\xB8\x9Ex\x81\xD4i�i��\xDCkì„'\xD5�\x88\x81\xC7`Pu\xC5\xC5N \xC1`Q�\xE8\xD7jÔ—\xDF\xCAc\xA83r\xF5bO\xB0�\x84Ù³\xFE|\x86��\xAA\x99\xC1\xF5p\xA5q\xD5"\xEAK\x90\xC6)@+\xAE O\x93$G\'\x81kQbI\xF2 �q\x95`.t\x95\xF8N\x8A�\xC7yg\xB8k=\xAC\x8E\xA9�\xEB4�\6b\xB6b\xA6\xA0L3\xB2H\x9Fc\xB6Ô“&$\xB1p\xF3g\xB1{\xE2\xB6�\xB6�!+
-�\xE7Ç‘0pÛ¥\xBE\xBAN\x838
-K�\xC1U\xA4\x!
8AD�\xAA\xDF7fH.\x90\xC8�\x9F\x800?��A|�s\xFF\xE5\xBE \xB8S\xB4\x81z.�\x9BnƱTه�\xB8)ಬ
-\xB4\xA8\x9A\x81&\xE7"\xFA2\x8AÖˆpX
-�\xD0'\xA8
-\xF2\xA8\xFA�\xD0' d\xF8^\xD5\xC9�*4]?KkV\xB3\x95�R\xD4
-\xC0\xFF+\xD8v\xC4_2�(�\xD6`\x8B,\xF9Z\xE0\xF3\xB5�mu\xE5\xC3�M \x85\xBD7\xC8<\xD5H\xF6�\x8D�\xC8)#u\xA5\xC7�\x9C\xE8"\xF0\x81_�
-x�\x90\x82 #\xE2\x94/�\xBD�7\xE7i\x8CE\x88 9
-3�\x9C0\xC0\x9A\x91\xF5\xF3\x869lw\xACA\x91\xA1⻀\x89u\x84�\xD3r�F\xC0\(\xFE�A\x91�\xAB\x8D,G+\xFC\x99�<\xE82\x98\x9A\xEF\x8C$0TZFc�]\xA6
-Ö_\x94�I\xC0aC\xF1\xBD\xB9\xC0�jq\xD7-�Ìž\xA2\x9D\xCD�\xE1\xE4iO�\x8E\x8A\xCBW\xAD\x85\xCAF^�Õ—(LP+\x86a\x8E\xA6Û‡\x84\xFF�pX@��\xD3�K}Û \xC8\xD8B\xF9\x81<\x8E4|*Ô¨*m\x87\x96�W��\xD2
-
-\xD6M,\xB8F\xFB\x86�P
-\xD9o\xBEq\xB2\x8A\xC9\xFA\\xF6 \xBA(\xD8�<\x87C8�\xCB|
-\x98\x80�\x9B,.0@\\xA2x\xEB\xE3|�\x9F\xC3\xDD3q-k6\x90\x9E\xB1�(I �\x82
-�\xC6�ȸ\x9B\xD8\xE7\x85a�9i\xB4`dc\x90�?\xEC*�\xB2\xC7!xxFg\x88\xAC�Qﮫើ\xEBJ\xBCU(�h`r\x98\xF4;\xF12t�j\xDBgx\x87]\xBF(XO:gd\xE3A\xC0\xD7,T\xE0�\xE38\xF8y\xD7B\xBC\xB2i#+k\xB6�\xA3 A�K\xB5 5
-m�\xC2茸�1\x84.\xE1S\xA2\xC0b\xA8��\xF0�\x98y։li\xF3\x9D(R8X6\xEA\xB37�iq�\xA3@\xF7\x82,^\x91�c\xFA\xDA \xB0\x90� \xC0\xB8\xBF�1�\xFB�>�\x82_\xC2W\xE5{\xBC\xA3\x85%\x80\xBC\xE5{�\x84�\xC2gl�'��\xD2≓08\x8C\xF1Kl\xE0�\xC2\xFD8T)\xF68j[\x83\xF8\xA2@!:�\xE8C�\x9F\xF0\xC1�\x91\xA7\xD17\xA9\xE2zc X-}ޢmQ \x89P\x88%\xF2\xBC\xA1\xE4\xDE��\xA3\xDCj\xAA]\xD0<\x84BV.\xF2H\x82\xB9�K-
-�\�K\xBC\x97�\xD5 �\x8F\xBB\x86.3\x8A\xC3�\x92T\xA2\xE7upP\xAE\x9E�d\x8D2\xC9
-�P\xA7
-\xD0\xC5b*x\xDB�\xA3�\xDB �\xC0�\x85\xB0:��%V\x94FF \xED7\xD8\xE9\xB3\xD80\xE1kVÛ¨%E0y<ki{q�@X*×€\xCE/\x88\xF5aD�\xCAˆ>"\x8Fg\\xAAR�(\x96=\xCEB\xE1d|e\xF7�\xAD�&\xB7\x88\xA3\x98�\xE2�j�\x97D\x93#\xB8Lc\xF9�6\xA9\x98�\xDB�iG\x89B\x9A�_# \xF3X\x82\x80�&d���\xB4��\x93%'\xB9\xE8\x938\xD0@\xB40TR\xFC\xACi@�,\xCC\xCE@\x8DI\xB8\x96\xAC\xD4Z\xDD�x\xA8�\x8C?V\x82\x8C\x83 ��%\xB1\xA3@][j�`gm\xF8\x88\xB2~S\xAE\xBE\x84\x8C)\xF4�\xB5!@hY\xBB8�3.\xE3\xD4-�\xB6\xA15:s\xEB�bJ8\xF25"�\xC5>\xAF0Þ¬\xC3 ^\x8Aa\xB4:ur�\xB2p\xC8,��\x8Feq\x9A�~�Q̈�P��\xE5I\xF0s\xB1\x85\x8C �\x89 \x8F-\xD9?\xB0\xBF\\xDF�\x80\xD5:�GC,a\xBE�\xAC\xD4\xF0� �^�\x81\xC4\\x82\x94\xA9�@G�Ä\xC5�\�\xADo\xD6�\xC6\xF4#,$\x96`sGq\xF6\xA4O\x91ê˜\x8E4\xD8&qtS%\xAC\xDD�/\xC4c�\xD1\xFE\xE0\xA1\xE6;\x99\xBE\x9EB\xF0\xED\xFA�š&\x887"\x83\x85m\x81`\xF0\xA9\xC4�\x87\x8E\xEE�\xB2\xE8&\xAC�\xD2�\xB1fHb.Z'\xCB@\xBE@�[\�\xA2\xC1\xEC
-\x90rK\x8AO\x93=�(\xFEe6\x882n\x84\xFC\x86 a\xA3�\x91�{�\xF2\xE6:\x94�\x92\xDCl�Z�\xBBhB\xCBJkÞ\x8A\x95\x8F�\xCE\xC2\xEF�\xCD\xC0\xAC��F_lqE�)\xE2P*
-^\xAE\xE2.'"�!\xD8�b\xFD�Y\xC2�3\x97$JÞŽ8�\x8E\x90\xCB
-F�\xE1\xA1'+\xA8\xAC?Ye�\xAD\x95Y\xCD"\x94Ë·\xD1t.\xEF\x81�\xD5&|*\xE6\xCF@\xA2\xA3�y\x93\xAB� \xE2\xC8-\xB6\xA1\xDD\xFCh\xAE
-�M\xE7\xB8Q~\xBD\xE6\xDAbm\x83\xFCr\x9F\xE5�`r\x8F\xB3\xDE%\x91Ô\xCBq\x8AEcIc^Z\xB2z
-\x9Bl�/\xCA\xCFGb��^R\xA2:�\x91\xE8Ht\x8C\x86'�J�\xE0\xFB\xB9x:\xF0�p�\x83�+G\xACq�ThÐ\xEB)0S�y\xF2\xCFg\xDB��\xC1/�'-\xBBJ\xDF\xCB\xE8\xEB\xCBNs\x9A\x85<\xF5\x9B \x8Fdpg\xE2\x99bgxSc\xC1\x98�\xEB�\xA0~0\xE3\xC6\xF4&T\x87\xF9�\x9Cʈ)kV:\x8F\xF63T,\xD3n\xC7�8\xAD\\x9C\xFF\xEB0\xD3\xE6\xD6\xE3)\x98) \xF7
-3\x8D\xAB\xCC�tX\x98i\xEEn\x82\x99\xD2�\xFC\xDF\xCD!Lw\xC3\xF8\xBF(̴\xE4\xFA\xFB#\xDFr\x84\xEBg\xFF\xDA\xCC�\x9B��\xFE\xC3?\xFF\xB1\x99\xA8ƿo\xA2\xB4\xFF\xFB\xF8\xC2�\x8BЕM\xE3�\x9B\xA0\xDB\xFEW\xF7\xCF�\xFF\x8C\xBC*c\xD3H\xDA&Z\xFD\x97\xA7$\x85v]2\x82\xE8\xC2?6]1\xFFo�\xE9\xA7_\xD4s@\x9F�h\xEA\xD7E�\xF3\x8Fy\xD0\xDDϛ\xC0ƶ�:v\\xBF�\xA0\xED\xF7\xFE\xF1\xB9_\xAB\xF22\xE8?;\xB1X\xC3^\xAF\xB3G\\xD3pA�\x89\xF6\xEB\xD4\xC9\xE5��\xD1v\xFF9\xAD\xA8\xFAx\xF6\x80\x81=\x8Ah\xB4㳴\x81Z\xA4gU\xB7\xCC\xFF\xD4\xEA\x9C6\xC0\xC8�\xFE%\xFFE>\xE9\xFCn\xD5\xC5\xE0\xC5Sz]\xC8�\x81\xA0\xFBE�\xC2"\xB9\xC4\xDFw\xE8�\x90\xD4\xEF\xA2�3\xD9\xEA\xEC\x9E\xDDN.e�?e\xC0\x95�P\xBD\xDEe\xF55n᷿\xC8\xFFv\xFAE\xE7\x9FX\xF8\xD5i\xE7\xD8�luI\xC3\xC8r\xFE\xBEV\xFDn\xBAel\xFBB\xA1\xEBu\x93z�
-\xBFp\xFE\x92\xABø\xD7EI\xE1\xF8v\xDD,\x8Fk\xDB1\xB7N\xE8V\x96E\xA1\xDB\xCD�?|S\x97B\xFD\xBCy@�\x9CtV\xEE;\xFF\xD8\xFD�S\xC0\x93zu\xD7\xFA?o\xC2=\xB7U \xA6>\xF9\xDAEo\xBE\xF2\xF8\x9C\xE7\xDFy}vׂߣ{\x94�\xCA\xE7\h*\xA3\xC5�\x97\xB5\x91\x9F;aÞœ\xBE\xE5Y�j�X\xB9\xF1\xCBO7n\\xF7\xEA\xAC\xC1\x83.\xEF���\xD4\\xEE\xD6�8\x8A��/\x95\x96\x8F\xC7Ì7\xBE�e\xF9i�_ߺw\xCF�k?\\xF1\xEC\x8CQ\x97\x9En�Я�\x8Ezê… \xCF;w\xF8\xD0\xCE2\xACzN{\xF0\xB6Kʳ(ty\xF0\xE3\xED\x9F,\xB9\xEBÉ¥ON\xEDA\x95\xFF[î¤\xBB\xF7 \xE4[\x87\x91\xF5\xDD\xD1A\xFE\xCE\xD4˵�<p\xED\xA9�\xF2\xB8\xE6\x95\xD5ÏŽ)\xF4\x9B>G\xA8\xB3\xAB\xAA\x90\xC1Y\x97^Ú\xBA@\x97\x91\x83�?\xFD�`\xC1\xEB\xEEzl\xCEe�\xB2�\xF5Ô’;\xCE-\x9C4|\xF2(\xFE\xCE3ÅŽjG�\xBD\x80\xAA\xC0\xEB\xDBPc\xFE\xF8Mkd\xDCuÚ¢\xC7&\xB5-\xCB\xE1Ì©O. \x87\xF9iî\xECC\x9D\xFF\xC4\xDF�\x9C~�\xA6�\xE3\xE1\xD8qä°³M�'%\xA8\xA1\xF4\x8A\xFB\x9E\x9E7\xEE\xB4\xD2,\xFA\xDC\xFF\xCC=\x84t\xEA<f�\xFA\xDEo\xC2�
-\xED\xC7\xDF%\xEC\xC3'�\xBF\xE6rSC-\xAB\x99�\xBA\xCD\xE4ǟ\xBD\xA7\xF4S\xDA޶x\xC9ͧ\xE3\xAFh\xE4\xE4�I\xA1�\x9E||\xA1\xF3M�?@5��\xBBe
-Ú e;\x99ej\xEF]\xFC\xF4M%\x9E\xF2\xA1O\xAD\"�\xF8!w\xDE|i!\xE9b\xF2\xEB0e\xD13w\xC0\x8F\xDC\xF5\x96\x87f\xF66\xFF\xFB\xBBs;\xF3\x90>}“K�\xBD:�\xF5,t\xE0Ã\xAF2\xF3\xEA9\xD3�[p\xFB\xC8q\xA3\xCD\xD7\xC4
-\xF3\x97>u\xCB\xF9\x85B\xFF\x87\x96>D_\xD4\xE6\xE2\xF3x\xFA\xB8d\xCE�K\xEE\xCD\xCA\xD93\xD6\xEC\xFEn%�\xC4v\x9C\xF2\xF8\x92'\xE7\xDD{\xFFt\xA0$\xDAÞ²\xE4\xEDe3.(\\xFF\xDA\xDA\xE7\xE9\x8B\xDA\xD6]Ì\x9F\x93\xAEzd\xD9S�r\x9D\xA3\xE1\xD5]\x8D\x8D�f�
-\x9D\xEA\xEF[\xF2\xDA\xE3w\=c\xD1\xC2\xDBP\xA9\xFD�\xAC\\xFF\xEE\xD3\xF7\xBE\xB9\xF5\x9BU\x93\xE9�\x97_*У\xB3o\\xF4\xC2=�*\xF2\x82\xC7 \xFDٿv\xCE\xED\x8B\xDE\xFC\xF0\xA3�\xA7\x9E_\xE8?\xD9sS\xCF5M=\xF9\xD5/\xB6}\xF9\xE9\x8E\xC6\xC6o^0\xC5N/\xBB\xBC\x8B\xCE5�\xE6,}v\xB2�\xA3ӽ�\x93{\xFF\xC0W\x9Bw\xEC\xDD\xFB\xF9\xC3\xDD\xD1@/\xBF\xF7�M�\xDF\xF7\xC1\xB6\xED\x9B7\xEEml\xDC\xFA̵CG�\xBF0\x9Be\xAF}\xE9
-\x85\xBDVߺ"�\xE4\xF8\x8C�\xD2G\xBE\xB8\xE1\xD3W&\x99V\xB9r\xE9\xDAUO߷\xDA\xDC\xF1\xE5\xAB\xF7O\xACˉ�L]\xF9\xC1S\xC2Y]\xF7̶<\xAA`�QZ_\xF6\xE4\xE6=��7e�\xF4г\xB3/*ܸ\xE6\xFB\xC6o\xD7>2J\x9A\xB1}\xBF\x91WO{wۖ��h3ve�\xDEp\xD7�\xA8Ƕ�ljܻ\xDC4\xF3\x8093L\xDBtyt㾯\x97O�A\xEAI�
-\xBD\xF6\x81�\xDF^\xFB\xC5\xDE\xC6o^f\xD6\xF9\xB6\xF36\xE6sh<\xF0.�\xE9&\xDA\xD8\xF8\xC9\xF4B\xA7\xA9w\x8E;�\xEFy\xED\xF3�\xE6�>\x9C^\xF9\xC0K\xEF\xC9�\xC5[�\xBD[\xFB\ \xBC\xE6\xEB\xE7 S\x9E\xF8�\xD8h\xEF}\xE8\x91�4\xBB\xD4<\xF4\xE6\xF3�j\xEB5\xEF\xFDo�[qp\xDB;�p\xE7�\xF8r)�l\xCB3\xE3/(\xDC
-\x80\xE9\xFE/?Z6\x89F\xE4i7>6\x9FX\x80�(\xD6z\xF7\xFA''\ÓƒBI�\xBD\�\xCF\xF9惥�\xAF\xE3Wm{^\xF0\xB0\x97N\x9FM\x8Dx\x93\xB0/\x876\xBF>\xFB\xC2\xC29<\xE0k\x9E\xDDY\x9AEc\xA3E\xDAn] (\xF7S\xAF\x9D= C\xF3\x8A�\xC8\xFB\xE0\xBAGG\xB7/\xFCA\xD8\xED\xDB>\xB8\xA5<�{m\xBCU\xBB\xC1\x80\xB9�^m:\xE3�\xA2?\xFEt>\xE6\x96\xE0<\x81\xAAO8�&\xED\xCB\xE9\x9A\xC5å¼\xFC\xA0\xA9\x8Dq\xEF\xA3��\xF7F\xD2\xC9Ý¥\x83_\xF1\xEEa�\\xDF.Q\xD0\xE6\xD0%�\xAF\xBC\xB7c\xE1:\xC0��\xAE\xC6�\&L\xBA\xFD^\xA8P�\xF6\xFA\xF4�A\xF5\x8E}w\xE7\x8E�\xD7�\xEEˆ\xDCz'%\xF5\xA8\xAF\xE1U\xF2칇\xE3\xF2>\xB4\xF1\xE9\xAB�\xB9v\xBB\xB9k\xCF\xDA'Ö£\xC8{_\x82vC\x87\xAB'�\x91Um\xC4+\x87\x85 n{o\xD1\xCD\xD7\xDF0k��\xF3\x90 \x88\xB6\xBC|\xDBu7\xCE~`\xC6`�\xB8\xED\xE7o<\�\x8D\xFBw|\xBE\xEE\x93\xCD\xC5P\xA8o\xBF\xF8h\xD5\xDB\xCF\xDDa�\xB2#�\x84\xEC\xD0\xCE�\x9F�gm\xBE�� \xDB\xF1\xE6͹e\xE0\xFC9\xEF7�5\x99\xBF\xF6\xAD\x9D]d.u\xBF\xF7ã\x84\xA0�\xFCbA�T\xD8XJ\xF7|pTy�\xFCr\xF1\xB0B\xC9u\xC1Ü£)\xC7\xDE\xCF�O(\x87[u\xBBgm3\xEB\xE3\xD0Þ¯V?8\xB4�`\xEB\x82{\xD76\xA3]\xBEÛºn\xF5�OO\xAB`5\xE2\xEA:\xFBݯ\xF!
6�\xF6\xF9\xBD_\xADyi\xC1\xC4+\x87]vF\xE5�L\xDBN{n\xF5\xE6]\xFB��<TI\xCC{\xFF\xCEÏ–��1V\xDD\xEF\xEA\xFB\x9F\xF5\xADw\xDE]A\xD7Js\xBD\xB7æ£\xBB\xF6}\xBFw\xD7g+\x96\xDCsES\x8A8EW\xBBÚ¡\xF5
-W\x8C\x92k\xF4\xE81\xE3&/x\xF1\x8D\xE5\xAF?{\xCFÕ—WD\xEF5\xEB:\xBB\xEF\xD0\xE1Cz�\xA5�\xD3_\xFB\xFAo\xA4\xD9�"\xE9�\xB2J\xF8\xCD|!\xCE�$\xDC�B&�X\x86 \xD7
-,� �\x8C]\x81\x81�J\x88�z.Q\xBE$\xB2\x9DDN\xA5�'\xB2\xDC+I '\xC5I\xA4\xC0(\xD7i�z\xE4\x8B \xAD\xC7�\x89\xC4
-\xCD��!. #\x89`�BfxS\x96�\x87y\xCB\xC8\xFD'\xA2\xA6\x89"Gp\xEA\xED\x8Az6qw0\xE9T�LY\xA2|�\xC2'�gQ\xE0+\x8CKx\x8F\xC1\xAB�\xB7\x8D\xA2\xB0R\xA6� \xBC\x8C:"\xE3C�\xAD"\xA6k�棌π\xB0U\xECÚ…\x97 c�\x89Eo\xD6|\xA2T�\xA87\xAC�\xAD\xF5��{�W�\xDD\xEB\xF3\xBD8Nw\x84(\xC6zx\x88\xD2\xC2W\xB2�KÓ(k,x\xC1\x94}�\xF8�rJ\xC2\xD1gÉ´@ß\xFAr`/`�\xA2kg\x86-Й\xA5\x96\xAE]8��8\xE72.+!\xC3\xC2\xD1|$J\xBA\x81R\xA7�\x9Ee\xBC�\xAA\x87\xE1;A\xC8D�z�.\xE0.\xB06\x89\xC7 \xA4\xE4\xE4\xE5�
-mN�^�\xF8�}_ɸ�\xCBb�>\xE7$\x92\xE3va\xFF\xD0\xCA\xE2\xB3j\xA1�\x837 SsN,V\xC8m\xA5Z\xCAp.\xA6
-\xA8Q]v\xE8�\xB3\xBF�\xDDX\xE1y\x8E\xFA\x97L\xB1\x94\xFE�\xAFb
-\x9C��\xC4J�\x9FX\x9A:�$�0\xC1] ޙ\xD0r
-B
-Z8\xF9\x9C�\xA3-|s\xCC=�\xCAL\xE1\x9E�\x91\xAEO��)lKa\xD4&\xF7�\xB1\xB5)W�(\xAFY�8G+�6�\xF6\xC2\xC3\xE9\x9AalDT\x9D\xE4Õ;�r\xD42>c\xC6xH\xA9؛� "\xB4A\x90#\xA6\xE5�\xFCc5\xB9�sI\x82\xE2š\x8E�\x92_[\xBB\xAB\xBE\xCB\xE7 "\xCCX9\x80j\xE0\xC1I\xBEM!_N-\xEF\xAAϜ\xDE
-\xDC�\xC6�P.)\xD5;\xFC‘p\xE0g\x8CΩ\x80�\xC0\xF5\xAAp\xB1\xDC\xF3 s�1f\xC1e_o$4,
-�2Q.,8\xD9CW\xB0�\xCAe�X\xBF0 �"d\x9C\xF2dX[\x9CA\x98#Vwm\xCD\xE4:7X\xA3}\xE9q��
-`*\xBE2\x9A%\xB1\x8A\xC0\x8B�p\x90\xA9\x9Aǖ\x96=�rB\xE1 y\xB0�=�\xD9+ے`�\xE2o��\xC9\xD7R\xF8\xF7\x94\xEC0\xC7U�(/v\xAE\xB0\xD0J\x88��3\xBE#\xF8\x88X\xB1V\xE4�\xD6\xF6�?/\x831rs� �\x82P̺, �<?�S\xA1`\xDF\xDC\xCB\xC07�\xA6
-\x90H�\x8DI\xE4@
-\xC7�g\xE0f\x90\x81D�\xD7>\xCF\xF7FJa�
-V�\xA0`\xE2\xF5Tv\xC1\x97\xBE\x91q\xA1\xC2\xF9\xAFDk\xF0\xD5
-\x9F�<Ô \xF4g\xAF\xAE O@\xCA&n\xE9P \xD1\xC2�\xE1#A\xAC��\xF4�\xE8\xDF�� \x89nV-\xAE�\xA0 at jj%\x9A\xE1&e\xF8k\xAEkE�\xEB�\xD4E�\x84%�\xE4�\xDC1\x892\xEE�\xFE\xE9P\xDE/\xF4w\xF9\xB6r\x94WZ�9uj�<\x82\xC0\x81\x96\xF3S\xA8×€��\xA6\xA8A��L\xA8�\xDEQ\xEE.`\xBC\x94>�1�\xA5\xF8\x94E\xFB;É‘[\xE2�\xB9k�B\xAD\xE0\x86\xD8\xF2\xF4�f\xB5c\xCC�\xBC\xCF�\xA3id\xD6R�\xB6\xA2�\xB31\x8B\xE6�|\xE1X\x85\x9BV\xFD\xD7\xC2!�\x8C\x80�\xB9gt\xB2\xA8L\x81\x93\xC2�\xEE\xE8�G]\x88\xDF\xE5\xABW:\x83\xD2ñ\xAE(WP�z\xCA1��/2\x90i
-\x87 \x95K�S\x81\xE2;\x80q\xF1\x83\xFC\xF0�h�\xD3<�\x98\xC02*O\xA1_\xD3%\x99\x9B@\xE0\x8D\xB9\x89\x80\xF0�\x8C\xF2\x89s\x88 \xE2�\x8C�F\xA0DQ\xA0\x83\xB6J\xE3a�x�\xFA\xE2\x90\xFA\x90\x96?�^i\xC7\xDA�\xB0\xD0\xD8\xE3�$̎\xD9`\xBF5Js%\x90\xE6f\xD4c�1\xAB>\xDF\xE91\xB8=\xC8\xC8\xF2�\x8AB��0x \xB0 =\x96\xE77?\x83\xF1ai�"\xCB(\x8FV3+)+\x87\x80vT\x97\x83زvz61\x9B\x8A}?\x87�\xCE\xD69x\xFBa\x80\xF0\xEAm\x9A#\xE5\]?\xB1�#�\xB8\xF3s\x9C\x930\x81�6+\xB2��1/\xC5\xF2�D^\xC1\xE8o�\ f/w\xE0\x90,xb�\x9A���\x93�\xA0k \x9Dj�.В\xBA\xADy\xC4\xC3��OU\x88Q\x9BTA
-'p�\xF5�Dd™\xA2�\xBB\xE5\xFF/\xD1�ͮ\xC6\xFF�h\x81H\xFD\xFFqj\xD1�Q\x95\xE9f�\xD1��\xEE&\xB4 =\xC1\xFF\xDD�\xB4\x80\xEF\xF9\xFFe\xD1�̴TM\xF9\xBA\x9B}�
-;P\xE5뗕\xFD\xDCG\xBE\xFE�\xFD\xFA\xDF4\x9F\\xA8\xE8\xCA\xCA^\xF5\xBB\xC3\xDD\xD7\xF4\x95\x95\xFD\xDFN<\xDC}M\\x97/\xFB�\xE2\xDF�u�\xFF𳼀\xF8oN;\xF5\xA8\xBF\xE3W\xBF(�N\xCC<\xFE\xF19\xC9an.\xA1\x93\xA2\xFA\xFF\xC5�~^(xm-"!\xE8v~\xCBB\xE9\xA5-U\xCA^��\xC7/\xFE�\x85N{uӀ\xEF�:\xF7>\xCF\xE2�\xD4o~\xDC\xF1\xEC\xBA\xFE\xD5\xF1E��\xFE\xF5\x9FLݷ\x82\xEA\xFA)\xFDG\\xAC0\x86\xD3z\xF7R\xBE\x82\xB6@\x8F�O9 \xA5\xAC*\xC1D\xFCƴ\xE1� \x9A\xE0��_\xAFn\xF9\xEF~\xD1\xC9\xF2\xC5U\xB6]~w~m\x8FV\xA6\x80Q1$\xE6�\xBF/\xFC\xCAg\xC8C\x9FI\xD7\xD8\xC3\xD5\xEA�L�\xFF\x80/n�\xD8~\xD2\xF9\xCA1]\xCD;O9-O \xF5\x9B\xB8E\xE1\xDF�*\xFC\xC9c\xA7\x8Br\xB9\xB9\xCE@�\xD4\xC7Z\x9Cb\xA5\xBF{\xDE<\xFB\x9AS��\xBF\xC3\xD99\x94\x85{\xFA\xBF�~�Q\xC5\xF7\x9Av\xEF�+\xD8ھש\xD2\xC7~Ӧ\xAD\x96\xBAf\xEE\xB3\xF3\xFB�
-\xBFo×£\xA3\xD5o>\xE1l\x90�\xFD�o\xA9\xBE\xEE\xBE\xFB\xAF\xD7�\xDE\xD3\xFAÕb>\x9CJ{Z'E\x8D�|\xF2\xBD7\xA7\xB75\xB5Ô©w7Í‚�\xC3
-\xAD\xDB9\x85\xB6\xE3\xEE^p\xE7p\xE1z8g\xF4\x8D��S\xF9q\x95\xF9G۞
-Shxm˦\xC5\xF0�;�]Þ\xBD\xB3N\xCD\xE5`\x8E9\xF1\x82\xFE�\xA6\xCC]0\xE7*\xFE\x88\xB6C\xEF|l\xEE\xE5\xF8\x803L\xD7L\xFA\xF49]r\xB8\xF1\xC3\xFD\xFB\xD7\xDD
-G\xA7a\xFD\xD8\xE3\xD5i\xF4�\xAA\xFD\xAE7\xDC\xF5\xC8\xC29c\xBB\x93\xEB\xE7\xBCi\x8B\xD7|\xF8� Ҷ\xA9\xE9uɈ+�\x88{\xEC\x82g\xBEnl\xFC\xFAy8\xAE;\x8E�FN\x81\xA0~\xDAD:\xDC\xEFz\xF3cO\xCF�\xC3D6�g\xBE\xBDm߷k'R\xF3\x8D\x9B<\xF5\xA6k.\xE1\xDE~֬u\x87@�\x83\xCF\xE84f$�jw\x9Ar\xFF�\xC4\xC3\xD2\xF1\xA6G�L`2\xAB3\xA6,\x87�\xED\x9Bg\xE05\xBEx\xCA왓\xFAK\xEF\xAC�$)\x87V\x83,\xE4\xE2\xF1
-\xD4\xF9.\xBC\xF3\xF1{z\xE3\x8F\xF8\xCA{g \xF5Î¥\x8B\x98\xE6\xE2\x93�\x97�\xDA\q\xEB\xAD\xD7^.�\xA5\xB6wo\xA0�>\xBE\xD64Ï•S\x87Q�]:w\xF1CLZP{\xFB4\xF1\xD0
-�\xC7\xE8\x81\xCF�]=\x86tQot\xEDs\xCC�\xB2yz\xA10\xE8\xEE\xD9�E\xE9=\xFF\x95'ع|É´[\xC5OX\xFF\xB6\xF86\xF6\xBC\xE0Æ¡\x9D3>�\xA5\xC6\xF9~\xED]ÓŸ{\xED\xB1\xCB)\xF1\xC2y\xCB_\xBA\x9A_0kf-\xDF8j\xA5\xBA46̯5=\xFB\xFD�É�\xC2)\xEB\xAF6o\xDF\xFC�\xC3D\xAAg\xAD\xF8\xE0Q*\xFD\xA8\x85\x8F�\xB9Ó•k\xD4�\xF2�\xC0�?\xB7\xC3j\xC4[9\xC7˾U›r\xE3\x9A\xED�\x9E�Û¹\xD0\xFB\xB1\xD5+\xE6r[\\xF3\x91\xCD\xE1z\xF3\xCF?\xDA14äµ¼\xEFo\xC3dN\x9D\xBA\xE1\xD0\xC1\xED+�\xCFyÓ·_\xBF\xC1\xAA\xAD\xD3,�ŧ\xB7\x9B\x9E\xD2V\xA7\x87>K\xF2\xBE\xD2��\x89\x9E\xA0\xF3\x93\xA8\xDEC\xDF\xED\x80[\xF2\xCB�\xD1={g\x9C�ß¾\W8\xA3oo\x9DsϺ?/k\xBB\xFF�rÂ_\x95\xF3\xE2\xEE{\xE7�S\xA3\x8F\xE6\xF8=\xB6/\xBD\xF5\x8E\xA9#N\xD7\xCF�\xFF~\xDEm\xF4\xF5bS\xF5}\x9E+\xA2yÚ³bÎK7\xE7\xEF\xDA\xF9\xC1\xB2\xFBFX@\xD8\xC0eE\x94�Û–Íœ\xFDr \xE3\xCC\xF7_m-q\xDAm'\xA7\xEE\xDA~n\xB1d\xF0w_m=\xB2\xEE\xCB\xE7\xAE\xCA\xC1C\x86\xBExd~\x9A\x92k\xC7\xEBS\xF2�tm\xA7\xAF>:'\xE9\xA1\xEDoL+b\xC9+t\x9BsT\xBE\xDA=\x9F.\x99R\x9CA\xA1p\xFEÝ«�\xE7@/\xBA\xBE\xFB\xE2\xF5\xFB\x86\x9EU(\xBD\xBAݾ\xF4\xF3\xE6|\xC9\xC1\xDD�_\xBF\xFF\x8AsËžG]\x8C\x9C\xFF\xE6�\xBB\xBE?\xAC\xF2\xF3\xA1=\x9B×¼t\xDF\xC8&]\x8B\xE76\xDC\xFB\xFC\xEB+?ܸ\xAB2%Æ=[V/{`\xFC\xC0\xF2\xF2\xE7\xCB\xD1g\xF8\x98��\\xBA|\xE5{\x96
-�|�\x9Flپm\xE3\x87\xEF.\x9B?~`\xC5\xE2\x97�\xA5nx1�\xC6U�\xEF|\xD1\xDC\xEB�\xFA�\x83_\xB1\xCD\xC5��\x8E\!
xC8\xE3o\xE0\xFAo\xAF\xE4Qx%\x9B\xD8\xDA\xD2\xDE\xF5ϼy\xEDd\xB7\xB0|\xF2\x9A \x80\xBA\x8E�
-�\xFDA\xA4F@//!\x998\xE4\xF7Y�S\xA8\xCE\xE5H\x95cmS\xD6`\xAD\xCEr�)\xC8"\xCD"\xE7\xCB\xDF\xD7\xDD\xDC\xFD\x9F\xB2\xB3v\xAB\xDA\xF0\xB3\xE5\xE2PR\xAC\xCARR�E\xA7*�Tq�\x95Ô¬\x9A\x90\xBD*\x93\xC8\xE2�p\xF4�I0�\xB9E\xF8\xF0Ë\Q\xD9J\xD8�\x87\xB3\\xCBzN.0\xAD�G�X at k \xF2LjA\xF7=\xA1\xAF\x97\x82E"�˱U\xA6\x9Es9\xF8~,\x92�J�A�p�wF\xC1K-+\x87r\xF1gT�\xFC\xAA�"V�N\xA6Y4�|V�\xA8\xD6\xD3\xDE]1\xAC\xADb \i\xAC\x9C\xE6P�XW1�\xAF<\O\xB2 \xD5,O\xA2\xD0�\x9F\xDD[\x91�\xA3qh\xB9\xE3Ú°4\xF6\xBFC'�'\x97\xD56�\xD1LM\xA4Y\xF9L\xD8\xF4 \xB9ÛŠ\xC7U\x88P\xD4,ħ\x9B\x90\x8C\xB4\xDC,\x9C��\xFC\xED\xA9�"�B \xAFG\xACbV\x868UM
-\x8DXƹt艪�\x9Dfs\xA2\xEF\xB1R\x85\xCFl�\x9A�<�\xA9\xE82P\x80)'\xC6n"5a\xA3/�uÛQG\xA7\x8A\x9A�8�\xB4&D\xBE�i\xA9/=\x88\x88p\xBAÛ›\x89Þ…j^\xFD1\x81iF�\x96\xA9\x9Fag�:Τ\x93p\x9DR\x88\xB3\x85:\x90\x99Q\\x99RÂ\xB9�Rv\xC9V\x9Cg\xB4ız\x98\xD1�\xFDH\x8F\xA3E|1 3\x89>\xC2.\xC8\xD0s\xE1\x8D\xCB&6\xF1\x8B X<b\xD6�\xC4��\x8E\x90\x9AP\xCC6\xBB\xBBD\x8E�\xAE1t0\xCD"\xD1~�\x8B\xFC�{Ì‚ �\x9D
-�\x8E\x85�F\xAA\xE4�\xF0�k�\xD0^T\xA5��Â�\xD5O\xA5\xF1l\xB0�\x98r"�\x8E$\xCC#\xB5\x89\xBC]\xF2\xD0A\xA6\xD7�\x95T\xB8�|\x91\xDE%\xC5\xED\x96�\xEC̎\xCB40_\x94\xF5B\xDC�\xAB\xFC\xB1h<ql5K�\xC7,Pɥ��\x8F4�Y�m�\xF6FE8\xC0UU\xB3D\xC2\xE9#'\xB6Z\x96\x9E\x80+"\xD7e�D\xFD\x8CH\xD8E"7\xCC\xCB%3\x98Č[\x9E(d�\xCA\xFD`�l\xA0�6di\xE5\xD0Ư"N\x99\xDD���\x8C\xB2ևs9 p\x81ԙ}\x91\xE7\x8D84\xCF$z\xAC;É,\x83��4%\xCB!�a\x8A\xBCO\xE9=b�\xF8\x86\xBE3yq\xBBۻC\x84H\xF2�\x89u\xA7\x87�+<C`\xC8S\xC7}\x99D\xB4fQAP\xBA\x\xBA\x92D5ePYк \xE9\xEB2\x99l͢\xA2\xA8vE\xF9\xEDR\xA5n\xCD\xC1�\xD4&Б\x9B�\xF8E\xA7+\xDF\xCD\xD8K\xD8H�\xD9\xF5,�\x91\x88L;\xCBۨ*]\xA0>#\x88E'�0\xE1\xF9\xB6c\xB3F)g�\xD9�\xEA\x86\xC0�)S\x84\xE2^\xA8\x8D\Ku\xC1\xCC\�dD��\xC3Y8\xE2�G\x87�\xF1%\x94\x82y�"7\xB6\xC49�\xDA�\xA9k\xBE\x86\x81+\xFA!�{\xB9\xA9�\xBB\xD2�\xBE,\xBBx�1(5؊s�/\xE4\xD1�I�0-�A\xCA=6�ޘ\x84\x86`\xCA}\x828l\xB2\x8A#_5w\x96 at K\xCC~`\xF4*?�XO @�T\x8F�]k!R\xF4\xD3\xFC\x90\xC6dK`��i\x95t\x84̀\x9E`�=\x9E\xC3$\x87T!
-\xF8f\x8D\xFC\x86�9\x91;D\x9Eo\x97A\xE8Þ“�3\xF2\xA2\xA2, T\x94 \xE9`Æ\xF5R����\xAC��\xA6\x87\x9E)SE\xEA\xC8�`jÕŒd\xEE\xE0i(�"\x91\xEFY)R\xF4�)E\xC8tiZ\xE6H\x84\xA7\x8Ce\xD8*CY\x91�פE* \x97Ð H\xA8\xB3$ì’®--\x84\xE3Ú±\x9B*\xA7\x86\xAD\xE5|\xBEj\x87k�Pp\xE4\x81\xEE\xD8\xE5
-\x9F\xC1,I r)\x89W\xC8�\x9A\xB0\xEE\xF8\x816?\xE8\xAAB&-�5�\xCFAi\xAC:\xA3 \xDEQr\xB0Xڃ֔ [\xBA!\xEB\xE3\x842\xB7X�\xAC@\xE66t+Qf\xCA�iEH2\xB3+U\xAC�\xBEZQT\xE5\xF9r\xAF�\xC0.\x8Eh�I\x91\x8D\x88\x86\xB9\xB6�\x9B\xD9+\x8A�d\xE8(\xA1K"A\xF2\xD5Y�L\x8DD_("O\x8E\x9A� QmTU\x96\xED\xD2�L?I\xB8\x96U\x80\xD0qd$P\xA2�%]\x95\xEFKD\x9BN\xCB *�\xB2 a\xC8$�\xBF\x8F\xF0�\xB1̲\x8A�T\x80�\x93\xB4\x9D\xB12\xB1\xBD\x88T\xDF<�V2V "\xA1I\xC7jRQ\?\x86\x9E\x88qj\xE31c�\xBA\xAC\x88Sg�\xC6\xC8\xF3x\xD9\xD4qS\x96
-\xA33Y�\xCC.\xDF�:e\xEA\xC0\x92\xD9�e6C]�ˈÊa\xA7\xB2\xE5\xC9H\xA1\x80\xE4\x94u�X2�GiÅ…<\xA5\xB0\xE6[ \xA4|\xA1\x95RN\x99`\xB0 \xD18Í¢\x82\xC4\E1\xBA
-\xC2u\x9CE�\x991\xE5\xAFs|\xBD[\xD6Y��I\xA0�$�?"�
-\xB3^�+�Y�)\xC1�) :\xB1�\x90b\xA6U`]\xD4\xEA\xC4$\xE2 \xB9�u�ML\MLT�P\xE8cȶ\xF5}-�IY&\xE2v�\xA5ۧ<\xC4�V\xAB\xF6b)Y\x99�!G�\xA2\x85�\xE4
-+H!r�\x90�wd\xEBN`�.\x99i�\xB1\x84#\x91bs�\xD9â©\xC3;\xE8jÛ³B\x87\xF0\x9D\xA4\xC6-�\xA8�)\xA3\xCBf\x8A2kzV�0\xB29\xA0\xB7�\x84;�\x9E\x8F\xFBP97fO{\xB7 \xB3h�\xEA\xAB\xD8f\xCC\xE4\x94XX\xA38\x90Dc�Ⱦ\xC9Am\xEA�\x81GrÅœQ\xB02\xB4Mc\xDDn��\x94 Æ™]�\xF34\xC3�9\x8BH\xAC\x96\x90\xD6F\x960\x84\x94*ó\x800\xC68\xD52'\xD8s\xCBJ"g?\xB9Dl\xF5S�\xFD�\xADÚ›�\xF4\xB1�\xD8�\xC2\xD2b>\xC8@\x95\xEB\xF1\x85a\x94
-�4t\x94�5\xF6�/+"\xD6Y5c�\xCE?�\xCAU\xEA(�\x84\xD8\xD4\xF1B\xAD\xB82\xE9R\xAD\xB8
-B\xA7�%Q\xCB\xD5S\xF53`lU�\x82M'ZXmi*\xA8[\xEAe|g�*k\xA0\xE8\xB1ke:A",.\xA9\xEF\xC4R\xF5A\xEA
-LYXIH\x9DW\x84\xBBI\xB86W�\xF4jR\xF2%\xCDÇŠ\xF0\xA3\x9E\xD9t\x91�\xC2\xC3\xE2g⦎˰&KAŲ\x94\x91$z\x88E\xD0a�\xE8"\xEE\x87j\x97U\xA0Gɦ{\xB1�\x80\x8E�\xEC \x8C\x8E\x84β|P\x98\xF1�\xC5\xD8�\xB1�+���\x80\x9A\x97\xC8"\x90\xBBc6}-Ëš\x9F\xA3\x94\x83z\xBA+\x89\xB1\x97d�\x98=�\xB3\xD7\xF8>\xF3,\xB6$hn\xECP\x93\xF8.w\xB2\x96\x95ifx\x93\x843�O\xA0c\xBA\xFB&av)p*\xD8;\xEC�y\xAEG"\xB6�\xBA\xCD\xF2\xB8!\xA8\x86h{&\x9Bl\xC6%BHZ\xB9\xA4\xC0(�+WNV��\x8BsCMO\x94&˓ψ\xAC\x9DU\x89m\xC7�o\x95q\xF3Td\xF1\xA9\xC4\xF8Çl\xF6\xB4�py9\xC9B\xB4I@\x9D�tc~jA\x9B~\xAAB\xEDi\xB6\xD1�\xF2Ó§\xAE\x85è†\xB1i&�\x9F\xC5\xD2�\xA8\x95\xF3\xADJ�\xF0Z\x8A\x90\xD7,\xE8\xC5\xF3�\xC7\xD8SO\x94\xE5e\xF6Ƈ�s](Z\xB4\x9A�\x91\x9D \x8C\xDBX\x80\x96))UvN\xDA\xF8q\xA2\x99\xD6�\xFCI\xF4\x9EÙ‡��!\x8D^%�
-EƓ�==#
-\xF4H\x87$\xA4su�(\x91b(\xE7a-+q;\xF5\xB4w\xD3!(\xFF \x87�\xC8"�䅱P\xE0!7 \xCB�x\xAB\xAD/D\xC7v�\xE7\xAE[;|�\x8F= |#\x9BX�\x9A-9f\xCFCl+\x82qKq\xBB\xD9\xE1rE\x90o \xB8\xA7\xBD\x9B�\xD6\xF4�\xBD\x84�M\xCF�l\xBF\x86\x98�\xC85\xD4y�e\xCC�;�\xFF\x89"�\x93\xE5\xF3�(e\xB3^:\x9Dp�@9(Y.�7\x90ґ:\xADt�\xCF�B[O\x8ET\x89P\xCCՅ%\xB7\xB5GWe\xCC8\xB8
-eˈ6�Qd\x85\xEF�9\xF1Y!�\xD4\xEE&\xB8^P}\xCA\xEE�\x9D^N\xC8��\xBER\xEE!\xA9�G\x8A#N\x94̺Fa\xB0
-�'
-\xFF@�&~\x88Y\x99\xBD\xF8\xEE$\xCC�t\xB6\xFA\\x8E\xD7\xC9,1\x99p\xCD�\xD6\xC6džȓDbGlY\x99v\\xED\xC1\xD8r at J\xC8�\xA8ӅI۱F�n\xE4\x9D��e:^\xBE�\xAE'\x81&*N�\xB9\xEA\xD8f\xEBZ\xC9\xA8\x95\xDAjYAqvP\xB6\xEBIb!\xF5\xA4\xB5O��G\xACq=\x8E\xC3\xD63\xF5$�:\xA5\xD4-\xAB\xF9!v\x84\xF0<P\xEDc\x93�\xA8\xA0\xB6/\xC7
-ؼFB8\xEB\xE7v\xDE8\xB1�ă\xE4Æ¡�\x9FÑ©�%�\x92\xBDh#l6�\xF6�[j\xF8\x99Ps�\x97;\x85\xAA \xB1hH nNSc. \x95\xECj\x9B�\x9Fx\xB2~q\xACe\x88\xF8\xF08Æœ\x9CE\xC5\xF1f��\x9B(\xCE\xE5 qJ([\xE4hMzI$\x87\xE3\xE4E\xAA\xD4�\xF9v\xF2u4\xC7��M\xDAP\xB0\x9C]\x89U <\xD9\xCC\xD2�W\xC0V\xA1�8z\$r\xF6\xF0N"У\xDA\xE6�\xF1ê¨\x91\xC0\xD1p:z
-OW\x89\xAF\xCC\xD9q\xA4&!\xF1LfY\xA4\x9E/ė\xC4�\xC8v\x90\xB8Q)@*\x954\xA1\xC3FZ6e\x9At\xD9\xF4b\xFEQ\x8Dd\xCC򉧓\x92\xA39�^$[\xD4j\x9B\x85\x88\x82\x93\xBD\xAA9\x98\xD5ӗ\xB4 \xB5\x89\x91}W\x9C\x9D\xE8\x83�<\xF5ej#Z}\xF9f_\xB9�-i}YsTgm�\xC3��\xE5\xD0\xC9\xF1̀�d\x8D\xA4$J\xE4L\x85\xE8\xD69Q\xB8\xF2q�\xA5qhzBI\xBB@,\xAD\x99\x9D%\x81s\xE08NC\xA5\xA4\xA5\xB9\\xF6C<\xD2@\xEF�\xE9\x9D~v\xAA\x82�|�\xC3%;Shq\xCD�\x96x\xE2\xCC$?J\xC5�\xC9}%\xDCƬ\xF7\x8E�]7\xFB\xCAІ!\xC2\xFE��Hh\xE38�\x8A\xA1Kb\xAA,\xAC`h\xCC�\x98\x87\x96\xF7\xCF�\z`\x86x6\xDEe��\xB4Ւ]\xC1\xAE'\x89D\x99\x9E\xF9\x88\x85\x95�y˪J�H\xB4p \x88M]OfW\x98j<I�\xBB\x99 \x95Z\xD5 \xD7R\xA1"|ĥ\xE6
-3\x8Ev,\xF8\xBCi\x87]\x95\xF3Tc�'\xCF�E\x95\xF2\x84 \xBELި\x86Y\xF4*Vk\x87
-%\x97�ƪm5\xBB\xB1+\x81\xD0D\xF2(u\xEF\xA7R\xC5I,H\x80\xB2�\xC9\xCD�!\x85|P\xB1S�\xE3�d뉌b�'\x96`^$\x86\x9E��\xEA1myHU\xAD\xCD\xC2,\xC74l\xE0\x98\xD7\xC8�
-\xB6s-�8��\xE6\xF5v\x8BLf\xBA;\x96�.\xA2N\x95lٽA�\xDC~S\xBC\xBB\xFA}>�-\xDC\xE1Z*\xDA\xC0q$�\x944�*\xD6D~\xE8\xDAu9Mx\xDB4\xC8\xFE\xC0�\xE58\xAD
-}6
-\x8D��G\x91\xCB^ :Oj)!;\x81\xF8\xC8Âœ\xD7�\x87`^\xEC\xC9\xDDN\xA2\xCE,ß¡\x9A\x86^\x85t\x86ØŠ1\xA4I�|�芘j5�T�'\x86\xECØ\xE7\xCAs\x95\xBF\x9B\x8E\xCB(\x91\xDC\xD4Z
-8\xBCh
-\xC7l'\xD1SH\xE4\xF3\x864\xF3�\xC7(�\xB5V\x92r�\\x96\x85D,“\x94\xC6\xCAx\xEE\xB16|\x8A\x98na\x9Dw\x94\x9F��\xF4\xB9\x93}\xFC\xC0\xF1\x8D8wW~\xF3T\xA1�P\xA3�\xD2\xF5\xB2�\xC9:uJ\xBE�\x9EO�v��\xCA\xFD\xA0\xBErW\xA5R�\x98\xA0r\x88#\x8B"%F6\x8B�T"\xCD<\xC7a\x9E;5H}9\xFE\xA2\xF9\x8C\xCD�>݅\xDD�$9\xFB%Q-�\xD0\xC1\xA7jg\xD0x\xA2C\xA3T\\xE5d\x90\xA8\xB7\x9D\xA0+Y�\xA1\xE3\xCB\xDD\xCA'\x8DDf%\xA7f\xB3�"\xB2\xD1J\xA4+\xE6\xB2\xF0B\xF9\xC1\xF5\xE3\xCC�r51\x8Dm)\x8AuT2\xE7S�Օ2\x85\x96\x9E\xF6\x85�Q�t\x87\xF8\xE1a1\xA5\xF6<Q
-�\xAC4Zqq\xCEב\xEAi0j\x99\x8F\xFD\x91\x98\xB8| �l\x82\xB6hÄ\xD9pnE\xB9\xB3R\x87\xD5��\xE8\x90\xEA\xDDA�\xB9\xB9\xA6\xAEØ…t6(\xC6\xC6YtV90f\x90\xFD!dVu\xA8Jȉ�\xA8#dq\xC7\xD0\xD5%\xAB\x84x\xBB\xDA\xE6@\xDAF\xEC\xE4\x8D=�\xF8\x94\xBCOAcn�\xEF\xE6T\xB5n?\xB8�\xB0;ש\xAA�2hè‘\x83\xFBT\x8D\x80\xE2SÕ !}\xEA\x8A�\x80\x8A\xF9kïºk\xEA\xEB\xEB\x86�\xEE4\xB2~`\xFF\xC1u\xED\x86�\xEF2tx\xCD\xE8\xBA\xE1\xB9\xFBm} o\x80�\xBB\x8C�tÙ\x81\xF2o\x8A\xB0\x92\x94�\x9DG��:\xB0\xAE\xAAK\xCD\xF0>&\xB7?�\xE7T\x9D�H\xDF�\xC4�Ò†\xD8C4\xCEÍ¥\xFF\xF4\xA8)�\xF75\x89
-4\xED\xE6#\xC2:�{%�\x85u\xC4\xC7\xD1*O\x858�\xE0�n\xDFa\x9E�\xF6
-:|\xCC\xEE\x99\xD1\xE7D\xE2\xE3&,�qcx \x8B
-\xD0�\xE4�\xEC\xB4R\xBF&\xC37XN\xC2X\xBB\xF6΄\xEF\xACV:�\xC2\xF4\xC0�\xAE\xDA�\x9E\xE8� �Al�&�l�~ \x93hd�\xB2\xFD\x80�\xFD\xE9y�\x87\xCA�\x90\xEC\xA5r\xF8�g�\x8D�\xDFX�|VB3:�l\xBE-��\x99\xF1U(T\x82\x98\A%E\x8C#\xE8 \x84\xFFr\xBE�\x8B�PF\xAA\xD05�\xD6c\xE6\xC1c\x96\xC8\xEE\x888K\xE8cQ1\xA1\xAF\xDAO�\xFB\xB5\xBCÔ–\xC1\x8C�\xA9B\xB4�W\xB7�\xEAYm\xF9\x81\xF5'\xE2Ð…G\xB5\x8F\xED`,n\x91\x80\x8F\xEB} c\xF9�Ú \xF3\xF3\x89r8 .!~N�\xB6u,CZ\xC2\xF4\xCB\xFBK5"C\xCD\xCF8\xACr\xA0&\x80\xFF\xC5@\x99\xED\xBAH4��\xC4`d\x8E\xCD6\xCA�\xDE\xF4Pn\xB88\xF4eÒ¡�\xF0AB'A:�\xE4\xF8���r�\x84ìµ…\xD7:\xC0\xE0U��\x9DG\xC1؆\xAF\xAAC\xE5\x9C;�\xF7\x9F\xC7<\xC6\xF1A ���\xC4�6\xA6\xD4\xD88\xC3�B3Æ–�\xDEL�z �\x90*\x91?\xF8\xA3\xFD@\x9Ch\xD4-\xD1~\xF4Ѿ#m\x8D\xEF\x93\xE1\x82N\xE8I��\xB5�4\xD53\xBDT\xF9e�\xCF
-\xD8\xD0ؤ\x85(\xF5\xB3\�\xCDUGf\xAD\x94 \x94\x82\xB9ٽ\xAE-\xADg\x91Y埀.\xC0\xA3CrF'\xB2\xDF�\xDA��]\x83\xE4�BCA\x9E�:\x90Q��R\xCF\xF2\x85\xC3A\xD0�h|\xA15\x80 \x8A\xAF}\xDE
-\xCC:C.;rT\xBA\xDCQ <A #\xF8�\x83\x8C\xAD\xC8u\x8A\xD7&N\x96#\xDF\\xA7\x87�.֑\xE0\xAB\xEE\x9E+p�\xD6rp\x94 (\xB6\xC9!;leu\x94��\xA9\x8E�a�\x8A�9Pܱ\xBB\xD3\xEC^@-\xF9`
-˚�\xA8\xC5�\x86\x8E\x9Eԩl�N<�g�\x8B/�gz\xA9}\x95\xF6\x9A\xF2\xA6\xA9�ʌ,9T\xEA\x97X\xCF̓L%�"W\x92+�xT\xF7)
-m
-$\1�, }\xAE\xEC^v\x83gw\xDA�ȵ]\x9C\xAF\xB8W\xA5�\xA9\x95ƒ\xDF\xCF&f�\xC0\x99'�?\xB5N)\xF8\xEC\xFCH\xA0�\xC2!@>;\xE6@ \x84�\xBE7\xED�\xC4O\xC3F\xB8�\xA5zoD\x87c\xA9Ý�'\xFA*\x97F\xC9<w\xA6^\xA6}\xE83`\x90p�\xC4� \x9EU\x9F�w�\xC3�\xAA\x85v\x8B��4\xF4bG\x8C\xECP\xA1�f\xE8Y9@\xCF�R/\xA3\x84!+-P�\x962\x9F\xA4\x9E\xB4m~\xEC&\xBE\x9Dg\n\xF0Z\x91�\xF2ʦ\x9FЮ?8\xE7\x91�\x82$\xD7�\xA8�\xD52\xE3jr\xCAV OÄ‘m\xF44닶uqØ¥\xF9:61gF$f\xB5\xD1\xE4(\x9B\x95`\xFA\xBB\xB2\xBDQ]/?\xD6C9�lz:B\xFCH\xA5t`$�\xDC�\xEEK\xDFÓ%\x9B\xE1\xF0G:Q\xBE\xBA\xE8\xC3\xFC\xD8NvÙ´�\xD65\xA9\x99\xDC�\xA4v^ur�3\x96\xB30�L\x96\x98<`�\xC3\xD1�\xC1ؤ\xBDHÄ“\xD7=L\xAB^\xA4\xDDS\xFDRHf\xA1(\xA4\xD1a=\x81\x9B\x84\xC1�\x89Ú´�U\xE2Þ™\xD8.�*Ø\xC4�\xE4c�\x86�\x8B\x8F\xD9\xCE\xEB\x94\xC8�0V\x84�J�\xC4\xE1\x86\xC4�\xF8\x97\xB0\xBD�\xC1\xD1\xD0v\xCE\xD8\xD3Þ.${\xBE\xC5��\xD1�U\xABb\x9A\xDC\xD4\xF6B\x97{K\xAD�GN�\xCA^\x9D\xDC(0C|`\xBA\xA5sz2f|\xACwaR\xD29ɘ\xB5vk�\xB0\xEB\xDB�l\xC0\x89\x9D\xFA�\xE1\xE0\xC5b\xA0�.U\xDB@\x{19FA5E}\xB5\xA3\xB9�\xA0\xA6�\x8B\x92\x82\x9En \xF5$)\xE3\xB23)\x84�âšr\xF4É©|\xA2\xBA\x99l�
-\xAD�\xFBw\xF8\x8C�\xDF"b\x9A\xE4\xADf:\xBF\xA6\x8C:OUS �\x8D<\xB5\xC1\x9D at 569\xF8\x860�\x8E\xF2j\xF1a4\xA7F|\xF2\x91q/Q/\xE3\xD3l\xA0\xB6�\xB6�\xB1\xF1E\x89r .ٺV\x9F\x8B\xB7aH�/}l \x91P+)o� \xE8�p�\xD0v\x99'\x95H\xF0\x92l6ļ\xEF�\x82^Nn�;M
-\x937\xD759\xCC\xCFJ\xD9J\xE2dv\x95]!\xE38\x9BitR\x80\xDB-\x9B\xED\xFC\x90\xBB�\x87\xCD�\xD6;\xD0\xF1G\xE1-\xB2\x96VZw\x8F\xDD�u\xAB\xCE�Z\xBE\xE9\x93ai\xCB`-\xB0|\xB2�\xE6\xA2#\xC0zM\x82"\xEB�}\xAE\xC4\xE4\xE4!�\xB3\xA3\xB5\xE8^k\xB3\xE6s\xCD%F\xB9�\xB2\xE4Գ}9\xCB5\x8D+\x94@�\xB9�\xB6\xB4\xB9{\xB3\xEF\xCA\xE5Z^�\xB5\xC4]\x83*\xFB�,x䟙\xB3\xD4'��ͳ6Y\xE6>/�\x88\x96\xBAC]\xC4*i\xD0�\x99�<W\xA4\x8Cg\xE3S#\xF6\xDA⳵�F\xD96\xDA\xCFm�\xBD\xAC\x8A��\xD2\xE5\xEF\x95`�\xDED
-Fȋ\xF8\x80\x9A\xF1\x84Q�\xDB](Y*�O�\xC9\xF3\xE4D\xA24?\x96\xAEc2\x8DRW�\xF5�\xCC\xE6V=\x8A\xB9=\xBFc\x85\xD8�\xCB)\xEA9\x8CN\xE7\xB3�v\xC6r��\xAC\xD5d\xD92\x87\xAE�ل\xE4\xE5D�\x8A\x91\x99O��.\x81g-zO\x82\x83P[�\xE2�ZSO-\xB2/\x90D~>\xB2�\xC7ܽ��\xA7 h\x91W
-�\xD1�\x91\xE8U\x93\xD1W-�E\x8E\xDAш2\xBD{\xB1Ny\x89\x93\xD5K\xAC\xC0IM\xD4Ŏ"�\x8B\xEF\x85RU"�Y�$\x91O�y\xFB\xC3�dɉ\xC5\xCCe\xB9\xA6\x8E\xD2\xE5J\xA0\x89zr�\xB1\xC6x\xFE^Ŀ\xB8�7V��v\x92|\xA4LQ^\xB2\xE88l\x91$\xAC\xA4ʇ\x83x\x9C;�\xB9-\xB3^(\x91CA&d\x8A6\xF4\xB8i\xB1\xB9\x90[\xED\xEE�;\xA6\xA0\xB4� \xF0\xB0Z&
-\xD9�\xC2�\xEB\xDB>\x900\x90,\x8D\xAC\x845\x9A\x85�g�ò™‰\xEB�r\xE0\xE9\xE6\x86+E�\xA5\xC8�\x8E$\x8D\xC4�)\x8D\xE8\xEE\xB4�$|d�@\xBF@�=Dn\xD1I?\x9D\xC8\xC7j\x82\xC4\xE5;qL�j\xF3\xC6j]b\xD2\xD0�p\xB3\xC4l*�\xAB\xBB\xDA\xCEP\xE4+K#�\xF6Óˆ\x91\x97\xA56�\xCF\xEE\xFF\xF4\xEC\xADt\xB6\xB6K�\xAC\x89̾u\xB2DÇ®\xB0Ù†$;SCh\x8D\xEBh'\x90\xEF\x8A-\xCFh~.�S\xBAV\x8DN>\xB9\x80\xC4e6\xDD;v\x95\xD7�ʧ\xE3�c\x85=\�t\xC53\x94A\xF6\x87c8E\xE1,|Ù±\xE0�u\xF8�f\x88= %\xAA\xCB�GA�-\x86
-h.�®н\xBE\xB5d�\xB1H\xB9J�H\xF9�\xA9f�\x88�\xEFE<6\xB7:d?\x94\x85\xA8!\xD1\xE3\xC0%O\x91@�\xF7S\x9C\xC51\xED\xA8\xD8\xE9u,{*\x852\xFF\xF0]\x95"r\x8Fa_\xC5Y�\xCBΪ�c\xFD\x83\xF6V\x94��\xED8\x91\xB0> {Ǩ�\xF0&\x85a\xC4v�a\xF7�y\xEF,\xB2�&��\xA1#\xB6�Ó\xE0`
-\xBD\xB0\xA9醳�\xE9V\x99\xF2"\xB5��b\x89\x98\xADlΕ\xA8p�Eჵ�\x89j\x8Dc\x86g\x9AT\x9E\xA1S\x9D\xC7B>!\xF4�6�(1\xC8B=|\x97Ñ\xEC\xF2�90\xC4lj
-/\x9C�pc\x83\x80\x8E�t\x85\xA4\xA3�\xCD�\xC7\xE4<�Ë® I\xA9\xABaA\x84�iY\xF1�\x9D\x9FO\xAD+\xC3�3(\x91\xA3M\x90\xC8�y$\x9A�\xAA\xEB1��\xB9,RW�\xB6\xA2Y\x8EÄ„q�Ht\xAC'\xA0l\xB3\xACY\xC4�\x85\x90\x88\xAE&e\xCB\xC1&È5\x91\xA9�\xA1f\x9B\x87\xD4\xC1q\xE0\xBAzÞš\xF20\xF0�k�\xC6\xCCfÚ²\xF2\xCEU\xB3�fp\x98\x82q\xA4\x95\xA9�\xE2\x88u\x8B9\x91�V\xC9
-q-\xE2,\x85T\xA8\x90�\xF8�\xE9Ö’\xCF
-�DF\xFBo\xF6\xCA\xF8\xD6\xFDI\x9E\xF3\\xD7N5\xAA\x93 �\x9EZn\xC6l\xD1uL\xF6Å•\xD61\xCE\xC2\xE3\xF8�\xFA!\x91�\xED!dÕ•\xC0��:�\xEB\x97CE�\xBB\x93\x81R1v \x9ABYD��\x91\xA8\xB0,\xF8N%\x9A\xAA\xC2F^\xA7\xBBc\xD8\xCAk�?|3o\xBD\xDF?|;OYT\xDA\xD0\xF3�Ç´\xA5\xB7K\x9B\xC7\xD5\xEFsH\x8B$J4\xBD\xA9zq\xB7#\x91\xC9\xD5a\x9C\x84A\x9A[yK|3R\xBCc\xF3ΰ\x97\xFAo\xD6A\xFD�\xFD�\xEA\x86W\xB5�2\xB0M\xDFR\xFFt'\xB8��\xB32\xF9\xE4�\xF4\xD9\xFF\x87?\xE1�4Õ‰\xD8F/&\xC6\xD5ؘ\xD0\xC6Ú±\xEEk\xAF�\xEEk"\xDDfX\xA9� F\xC2\xFEk��H\xA8R\xE8Z\x80- \x9C�=�t\xC9\xCDh\xC3��\x9EdL\xD4 \xEF\x8B\xE9\xC0C<\xD5�\x99\xF2\x95\xD5$c\x84�\xED\x87\xE3\xEA\xC2\xE1[\x8Ap\x8F\xC4%\xC8U\xED0^\x920Y�sB\xAC\x98\xA3r\xD6ĦO1\xDE0f�\xDE�1jÒ G\x9C\xB2z\xA5� d\xE2\x94c\xBE3\xC2ct~
-\xEDB`\xA5\xF2�#�\x87
-05\xF1\xE8\x86%\xCAq$6\xB1\xF6\xB8\xE2{�=a\x85\x9D\xA6\xB9r\xA9�\xE4@>\xA5\xF9\xB3\xA8\\xC0H\x87�\x96M1@|�F\xB0J2ÒˆNX\xB9\xB4\xE5\xC3�`.#
-\xED\xC1q\xDD.\xE2\xF6S\x85\xAD\x99\x9E\xE3\xF1\x9D\xF4R\x95ΖJt2\x9F\x95m�:\xD1�0\xB3\xCD ;1\xC1\xF1\xF1\xCB$(\x88X=\xBC\x8C\xB1&�h\x8E����Ǧ�\xF0ԩ\x97\x95\xC0u�\xCFn9\xE5\xB3n�\x9C\x9E[\x92�JPNmq\x97\xCB\xF7N_\x81q\xD8/$\xAE[\xDC\xE5`\x9D�_e\x99\xEAy�\xF2p \xAD��%#\xA1\x81<\xF3f\xF5A\xF8\x8A\xD9\xCBc\xB0\xC9XD�)Ζq\xA7\xE7\x868�\xF3q\xEA\x85�\xCF\xDC\xEE$<�\x81\x9Fφ\xA2n \xBC\x88\xC9�b8'�I\xB7p\x98J\xC2\xCD��� \x92p@\xBF\xA4\xFD7u\xA1\xC0a�!\xF5b_\xF8��Oò\xE1\x95�\xB0�\xC8\xCE��|\xF7\xEC\xA1:\x8D\x82\x94\xDFe��h\xBF�Q锩2\xC08"\xA0@\xC3-\xB4=�h\xB2T\xC8;�\xFB\x87��\xC2|"\xD3�M\xCDd构\xB0\xE4\xDF�
-s\x8AA%\xC6�\x86\xBD#\xFA\x89d!\x98p �\xFFU \xB4B��\x96�\x8B\xCE \x86\x9BB�\xCB+\x96\x8E-[E<[\xD2>
-\x85zL)I\x88\xA9�\xE4\xADt\xDAlI\xD8@�\xA16\xE6\xB7YKRn*쥸R\x9DȲ>D\xAC\xA3@%Jq\xFA\xD9 D\xE8�\xA5�\xEE�|�\xAD\xD8j'G�g9j�\�\x99F�\xEE�\x9E�)>\xDE4Mhq\x9D\xA1\x86\x91F \xE2r\xE7��\xD6Kc\x9D\xA0\xCE*z\x83Ȩ\x98\x865\xF6\x82\xCA�%@Ê”DF\x94w>a\xBE\x86\xC0c\xD2.N\xF4�\xCA×\xB8�\xF0d�2c\x84/� �6�\xDEx\xE2_�i�� \x84 %\xB2�\x81\xC3f\x890\x80|-m\x96\x8Cݘ\xAA\xBE\x84�R\xA6\xBD\x9BÃ[\xC4i�\x8B'\x99�\x83\x95x>�}\x93\xD4ƶ\xE1Ï€`\xB6^`CͲDc�:\x8Ee\xAE/m\xF1\x81?\xC1�\x80�;b5\x89\x80\xEC@)�I\xFD{\xCCR�$\x96N���D0Em�\xBCS\x83L\xC1�\xDD\xE9cc\xA2\x8B+ÇF\xBE \xB8\xB9\xA5�T`�E\xECI\x956R\x9EA|OY\xD2p\x96\xCE�\x80\xEF\xEA\x91�\xD53Å•a\xBD�\xAC��HN\xC8\xD2FK\xCB�\x99\xE8Wb�\xEA\xC6\xC0\x8FU;�\xCB@2\xF2\xC6\\xD3Y�hh% \xB1\xBCk\xA1vU\xDFc\x85�\xBBV�A�F\x8B\xC0\xD8Bi2�,\x84\x93\xE7\xEA�B\x8F T\xAA\xA0\x96�_IK3\xD6S\xDE\c
-\xF5\x89)�ÂW\xAA\xB26a\xA7G�.\x90\xFA@\xF1�\xC1\xF8a|�\xB1\xF5Pc\x82\xAA\x80g#B�J�C\xA4�@\x88\x8F\x8Dt\x96 (\x87Ċ\xE8�%\xC2\xC9F\xAC\xA2\xE5"\x8D7M�\xACN\xA31u�;\xEEd:\xF4\x85\xE2\x86�݈\xAB#ùB̅H\xF7"
-6U\xB5%\xD0t\x85\x9E\xDC\xEB;�\x8C\x90%:|R\xD5P|\xAFo\xF7㹗\xF9\xB1�\xA3��g\xC6��\xC7:
-\xD9)\xFA\xB0X�\xFD q\xB03\x8A*i\x94Wm-\xE3\xA4��\xEE\x92
-\xA5\x93\xD2 \x99,)䤸h\xD9'\xBB�Gj�� \xE6n�\xF8\xEAg\xC0`\x8B\x84\x83�\xDEk1l<^c\xA9g\xD0ɽ"\x87h\xBBM\xA3U\x86��\xFAB\xBA5\x88y
-\xD3\xC1*vX�\xDAI�
-1d�\xE5�@j:tܦ\x8D\xA6\xD6J\xEA�\xC7�\x96\xC3T)\xDB\xFC\x94\xFBRlc\xDA\xCA+F\xD6@��\xEA&!\xA4?�uᙄ % \x87�\xF5]a%DH \x87Jz��ރ\xC4\xC1\xCC&*L.\xE1}"\xA56f\xA4\xF2erg�\xB7P%P@\xF0#Gb\x8E\x8D\x8A\x83 \x9A\xB0_\xE0\xFC\x91\xB9="�\xA7\x8At�\xB58
-J+~��I\xB1n\xA9�\x94\x9EJ\xB5\xA9s/fE1l\xA3\x95\xC8 \x88\xA7HŠ�)I�;W\=\xC29ŧ[!\xC7R\xA7\xAE2\xF2\xA5�\xBC\xEE\x8AWC!\xAA8dI\xF9$\xCD\xE30aÍ€W\xD2|�\xBCDØ©�\x89\x83�o()l\xA4\xF4V\xEC\x83Ql\x85�\xB0\xE1\xCCC\x94R\xE0\xD6\xD5�M\xFE\xC3PW\xEC.qcU\xDE"6-3\x9EF�Ç•(A�D�\xC4g� \x8A\xE1\x88# \xED\xE1�\xE3F��\xA5'G�\x96\x8B\xC76�\xFA��\xFE\xB2\xD6FØ\x97)�\xCA\xE3@\x98\xAA\xAA\x8B+\xB2zN\xC6\xC3\xE3(c\x9F�ç”»�A\x90\xF8�\xF3\x9Fh\xD4'\x9Cw�U\xF3�eU\xA9\xD0_k\xFC\x85�\x95�q\x98$*�\xD3\xDE q\xC0\x851\xB7t\xC4\xC1d\xDCz\xDAU1M\x89��Z\xDAq\xD5Y&n�ê‚Ž#\xDD\xCAzQc&�b�`\xE6k\x8Cc\xDD:\xD3�\x8B{\xA5\xB4���\xE5D�<�\x81#\x87%\xB4fr\xAF\xF4ey\xA6{S�\x80\xE8\xEBL\xF0\xA2\x89\V\x9Ck:~\xF1\xBD\xA6�lJ\xE4K\x80M�+\xB7\xE9W\xA9kUÄP_1\xD3\xD7\xE4j g̾\xFA+Kj\xB6y\xCB1>\xD3\xE5\xD0o\xC4|� ;H>S\xC2\xE2ÒŒA�v�ke\xC2\xCD�\xFC\x9F\xFDL9��\x84W\xC6\xCBX\xFAdv\x91\xB1\xCBZ\x9D\xA9\x845\xAA�\�Hi\xE8I�\x81\xCA�\xE2\xD8]t=1\xA0C\x85d��\x9A\xFAo\x99\xAD�ɉ憎^\xE2\xA9\xE1\xFF\xF4\xC5/΀p)V\xEAk�\x8E,y\x94,'\x8D\xC0H\xF7\x89X:P�9xT\xBFKg�\x89oD�V�\xB4Y�\xBDP\xE6/O \xA1\x9E\xA7\x82c at i\xAA\xDE�\xBEL"\x90\xE1L`�\x8D=�\x89\x9C&�\xDA\xD8\xC3�\x87\x9E0D\xA2Ö•\xAF\xD9P\x9Ddt\x94�)\x92Q\xB1\xC2\xD8S\xC8<\x87�\x95\x9Bk]\x96\xD0LA\xB4�\xF3\xBD!G%\xF3\xA8\x92P\xAC\xF2\xFE\xC26�zL$av>\xFB\xC95\xAE#\xF0"\x81‰8�\xB9{\x99\xF9�3>&n\xEDH�3�\xA5^\xE6F\x8E,:\xC0\xCD\xF0 \xF6@�\xCEi=\xA9A5
-\xBB \xB8\x9BS\xDBk41Pc\x8D\x96�\xD6�K\x85\xDE\xC6f�{¾\xA6�: \x84\x98p\x86f\x828\x96҆\xC2O\x88\x97\xE5\xFC\xDB~\xC4�\xAE\x9E%=\xCA9\x96\xBCL_�\x9F+b`\xC8 \xE1�B\xF5�Hi�\x94S^\xB7<;{f>\xA6)\x96u\xF4\xE4τ\xA7`�QK!`E!O\xCE�̔8\xD1i�\xC4L\xB0\x94�\x89\x81\xCDv7 \xBD\xB9V\xB01ba?
-\xA4\xCD�3\x8D\xFD\xE1\xF1a\xA6\xCA\xFD%ٙ\x9D\x9Cô$x\xB0/\xDB\xF8\x98\xB7˼F�Ҿ�E�K\xF4\xA1+X\xC9�$!�\xDF�\xAB\xDB/"\x85P=\xCC��\x9FO�\xC2\xCCZDd�\xDB\xC7�_E\x8F\xE7\xF3\x85X\q\xB4\xBDO�%1\xE4~�sS\x99�\xE0\x89⽹�\xB1\x8A1o\xE4\xCC�1�\&:\xA8�e\xF5\xE2\xF3\xA54\xD1HPQ\xD55mfg;�f�[R\x9E 9С�!D>\xB1\x9B>v\xE4a\xAF�\xE9i$\x85{Ӣ�\xB5:\xD9\xF3s�\xB8\xC7\xCB7\x89�Wl\\xEE5\x81\x9CWe\xCB{�,\x8D\x96y:;'X\x9A\x80\xD0B\xF6g\x9Ao��\xFC2H,�&\xE3\x86SZ{
-\x9A4R\x80;m\xC5�\xE4�(�Zq\xDFr\xC4`�\xE1\xB5�S\x9BJ\xE7\xFA�\x8DiJ\x9Ep\xD8�w\x95H\xE7\x92 P��\xCC�! BW\x81\xB9\xD6p\Q�P\xB9\xA2\xA0XT0\xCB\xE6�\x8F\xA1'\x91\xAE�H�\xA75�.\xA5V\xCF�|�f\xEF.Ӥ�\xCA�\xE9�\xEF\Auɡ\xF0-\x99ދ\xF7 ��P\x94\xBF\xCB;.\xD7\xE5c/v\xAC1��\xAA\x96�\x9A��ı\x9Bt���Ċ\x8E�*\x8FXY\xCB\xFC�\xA6��\xC3t\x80\x84s\xC5 %g�b\xC0\xC4�|`*ƒ�\x89\xA1�NP7�b\xA9AjċhV\x80�\xADa�\x9E(\xF4\xE2\xB4JM7'ս"E\xFE\xEA~&VVr\xA2\xF6\x882�K_\xDA)\xB6\x84\x90\xA6钜\xD9T+{\xB2X,\xCAXI�`N\x8BN$E\xECz\xD6l\x97\xD0M0\xCA2\xB3�ޯ�\x9DT錈\xE5\x85Y#� \x9E\xE6\xB2
-Q/�\xC2\xC9N\x89\xE8\\xA8\xA5@^\xAB\x94\x88\xA9\x90=p\xD8a\xA8Z቞
-:�\x99\x99\xEB�\xA1=aCb�x\xC3%\x90J\x8Cb\xB6�\xE2\xF8\x98Ic�\xCBXA\x82\xED|<�E\xF7\x90k�\xD0�>Nq\xC5\xE5X{\;]�\x88\xD6'¡�\xE2
-9^\xCEc\xDE\\x9A\x9C\xF5\xD0��_\xFC�\xA1g둎y)09"\xA6-_\xA6[\x8EXǦ\xDFr�\xDB�#\x80ݥg�\x88�Nx\xCD�,\xB3X\xF6* ]\x84\xBE�\xA8L^1pƮ\xC1��]\x92#\xB6Ȫ\x90R\x90���\xE04\x8D\xB9W\xB9�ܼx\x97\xB2\xB4S\xF0;\x9D\xBC\xE3\x90L G�\x99\xAEq\x94\xE1Ǿ}�s�\xE1D\x998(y!c\xCB�\x8BS\x90
-ivY\xBD6\xD3X\xC7Y9O5\xF09$D\xDC!\xFBT\xDA\xFE`�\xB0\xB3J(z�4\xAB\x80�\x88�\xA1\xAF\xAB%\xE6\xA2D\xA2|b\xEB\xCCJ@\xFD\xEA\xEB\xC8"� \xF5l��Æ€\xE1\x8D.\x91F39�Æ‹�0B\x8D\xDEW� \xBC\xA5\x89�\xC3\xF8\xE0�\x9B_&2$\xBAo=\xBE\xE0\xC3Ul\x82\xC3ij#\x80e\xDD\xE1vSF$L\xB6\\x9F.X\xBF-�c \xE6\x86�\xBA\xB0ĆI�\x9B�\xFB\xF84\xB4/`��\xAE�\x8E5\xABP\xAFrp���;^pT\x95F\xA1\x8C \xA5È ��W'\xF6\xFDtÜ€\xA6&|\x96\xBA4�Ñd9�@_\xE3\xD5%\xCA�\xCDÑ‘L Ɖ\xC2k\x93\xC4Î…\xA1+\xE1�\xA4L�RÕ€\xC9$Q\xDF�\x80+\xEC��\x97\x9A�\x8A�\x8D6�\x81\x86�ut\xF5`\xB5\xE4\xBB\xC44`\x8F���\x97\xAD�8\x9AܼQi\xAA�<B\x95\x8C\xC9T�-�?\x89\xA1\xC4Ƥ\xA7;1
-\x8D�Õ\xC0NY\xDA�EzL�\xDF�\x8FW\xCC\xC0rP\x8F \x83I\xBB` \xF8\xD2e]\xCBE*\xB9r\x9B\xBBV\xFC\xC4�O��\xE7x\xC3�\xA2\xDC\xD0b\xAC\x9D@\xED0O\xB5\x80\xD1=\x94\xED5\xE2\xA0H\xEE\x89\xE2\x9B�nØ®g4\x89+}\xBANN$(\xC0\xD3y\xC8#\x81g,Y\xF61�\xA2@\x95ݵf\xC8}#L�\x9Eʼ\xA0\xB0b\xB7���m;\xE1e\x81\xCDW[\xB9\xC2�6s� \xD8"\xA5\x8F\xA7\x95t\x90�\xCFh\xE5y\xCA3\x8E\xC9E\xC9Y�\xC6�\xE8<b\x8A%$��n\x88\xC5TN\xC6Bݵ\xE3\xCC3t�\x89\xA6
-u\x85\xC4v "\xBC�\xA6�u~\xA5\x8E�;�r1�Լ\xF6\xE8p\x8F\xD6R\xEB\xEA�\xB5I\xA0\x95Jѕ<_\xF3A�\xB5 \x96\xD8�9w\xF5�\xAD\xE9\xC8\xD3\xF9͕\xF9\xC5\xE1\x98�\x9E\x8B<\xB11|5\xA6Ģ�R]���O%\xA9\x92\xED\x93|@d\xA3\xBC\x8A\xAB\xF6'9H\xC3\xC2�
-ܙX_�\xC99\x84�\xAF�Y?�/�\xA2!\xC2A"�\xA3
-\xC8^Y\x8C�!\xFB \xB2c\x86\x9F�\xDA&G\xA6\x8E�Q�\xAE#\x84�\xCFϾ�\xBAa\x8Ar"\x8D\xDA�L�\x8C0F\xA6`\xCF\xC4ӳ\xE3\xE8\xD9�\xDF\xEAŞ (\x94H\x86�ޕ�\x9D\xF6�\xDA~\xBA/�u\xD3C+�ӗSL\�Ka�\x89\xB8͎WЪ\xB1\x82�5� �\x9B\xF3$Un9_.\xABX4\xDF�\xE5\xA9ZV\x82\xCAd\xDAO\xE5\xC0\x9AJ�\x9CJ`�f�\xA9�\xED\xA9��\xAA �Rf\xAFP"eB\x85S\x92\xB3\xDCO\x85k.\x95hn8\xA5\x85�\xD8a_\xA8r\x9C\x80z%�\xCAcG\xB2 t_$\x887:ْ\xE3��$!\x8B\x8C\x92�\xBEM&\xF9ʼn\x92\x95\xFFp\xD2P\xE9\x99\xE2̓\xE5\xE8xu3\xB4)\xADf\x89'\x96\x8A0\xAC\xF3�\xCB6M\xC0'\xF6-E�\x83A� \xC7GdY�\xCF�9XCY�#\xD9䑃6a>\x8C\x8An{K\xA0V\xE6\xE4\xAF��(\x83�dl\xB5\xE5@\x83rPBF4Z\x86`\xA8�u\xA8�\x8B\xE0\xAAwe�\x86u\xABr
-\xE0�g\xE9�?\xE4 \x8E\x87+S\xA3*\x9C\x9C\xFA�\xA2�á \x8AÓŽ\xCC\xE4 �\xCEÐŽU\xE9\xF0\x84�\x99�\x8FZ*�Ê”�\xE0\xE8\x87T:\xEE)?�RÝœ\x88\xB9\xD5\xC9\xD0Qi)tU\x86é„Š\xE6'|C\xCAfZL+\x84\xBE.�n \xA4\x87\xBE\xF5\xDC\xC7�\x9BOr\xCAÉi\xCA\xF6\xCC(\xAEZ[o".��\xD6 U
- \xD9O\x87\xB4\xEDk\xEA\x84L\xABM\xCCE8Dž\xE4�\xB3.Ghx\xA1%\xE8M\xC8U\xE6\xCA\xDE(\xC9H\x85\x89p\xC2\xF1y\x8C�fTj\xDEg�?\xE5\xDEɉt�M6� \x92dL\x91\xCAd\x93i�\x91\xF9�\x8AŦ\x8C\xFE\xD8:\xF0\x80t\xE48*��\xE0\xD3c\x9C�\xB8\xBC\x83/?\xBF\xC8\xF8\xDC\xCBO;*\x9F\x8A\x94\x9D\x9Fp��O[*\x9E\xCBT8\xC3\xE1,�
-\xC5�\x9F\x9B\xAB[\xFEÔµzCrX\xEED\xAA\xDB�C\xE8ǹO&S\x8A\xBD�\xBEx�c2�x=SY\x822+S�g-A^j\x8D"\x92�p�9\xEA\xF6\xF4#B\xE1|�\xEE*ERc\xAEI\xE4LYE,Ê\x9BZ\xED\x95\\xA1\xE5nS\xD1+\xA9\xECd\xAD\xE8\x8E-s\xDD\xD6\xDA8\x88rGo\xB9SX\x8AWÙ…\\xC9\xD9\\xC91]\xFA\x85\x99�\xBB\xA2\xBB\xBB\x82k\kT@\xEBi\xB6\x8B\xC6~\xD3�\xD5}\xE1\x88\xF9�X\xBC
-)Ê…\xD1(
-r\xA0�\xAF–D>�\x81\x87"y\x91\xB26\x97�\x9B �\x85=Z5\xB4\xAB\xB8\x82c\xA7�\xD2\/dE\x808QO0\xF9\xAC\xD9\xEB�\xCEaqEV��(\xF1q�\xE8AE\x90B�\xA0!\xA3\xA3+\x83?Tp=+�]EGu�\x97vE\xF77\x97\xB9\xA2\xB3\xBC\x82S\xBD\xDC\xFB\xCE\xCFW\xF2\xD47\xE1\xD2/q\xFF\xD7f3\x9E� Ùž\xFAs��G\xD3p� \x8Fq\xA0V�\xA9�G\xE2\xD9 �\xA8 \xA4\x91r�\xC5\xF6\xC0\xC5s\xC5&\xCF\xD5{ÙžXI\xF5\xC4=\x80hVvE�\x87_\xA2\xE6s\x9C\xD1!i\xB8\x93x\xE62\x8A\xDE\xC8r\xD2Æ\xAF4\xC1\xC2\xCE�\x89[\xA3â¼\xB6~\xC5\xE3\xFB\xB2\xA3\xFE\x9E\xF6\x85���M\xB8�J\xDC
-\xB5\xB6�9\xAA\xA5("V!s1\xD2\xE7\x85a\xA4TI\xAA�\xEB\xB3Ѭ\xDF\xEC\xE5�\xB7d7C\xB1\xA8I^~\x84\xD7L\xD9�\xA6)�-3\x9BI\xF6\x88p\x9F *\xAD�4\xA9\xC6J�ƲC\xE9�9DfE\xECf%\x9C'�$\x943BB�\xE8I*\xE2\x9DC\x99Õ©\xFFÊ\x91'Ô¨t�\xA1ߢ\\xFC\xB4a�\x8D�X\xD3r\xFE\x9E\xB9T�G\xB7ViR\xB4\x87 �\xA6\x88}�\x99\xF3*Q�d\xF4N\x81\xE3\xC5v=E\xCB�&\x89Ä‹\xCE<\xA0b"\xDA{\xE5�!\x99l\xA2p\xE3{\xA2u\xA55J\x93�
-��e\x94(ci\x89\xC3L\xB3\xA9\xE8^\xAB䈫\xE4\xB4\xE3ݓ\xD2 \x82:X�� \x9Eȴq\xD09\xC8�\x85\x93\x80�\x82\xBD4\xB7�36J,\xE3GQ\xA0e |)sE\xC4~�\xB8?\xBB\xB9B(@Š\x81
-��\x9CE\xC5p\x84J\x81�\x95\x82�t[U1$\xA2<x\xA2R\xA0�\x97\xA2bXF\xC5 \x8E
-\xC1�\x96o\xB9,4\xA4b�I\xA5\x80�>�\xA8�\x9ER1\x90\xA5,\xE6Er\xA8� S�Lӳ\xEC\xEE,\xF4\xA6b\x90N\xA5\x80�K\xA1\~L9\xC8\xFE�\xC4�\xB6�\xF0 �'\x92]Ɖ*\xA4��>\x85�#//\xC5\xC8��:�M<=\xD93vM\xCC\xF5�\xA4\xAEB\xA8\x8D��sU�\xDE'\x9B\xD2Dk\x95\xC6�'z\xA1'�h\xA5\x89O�B,>
-\xDA9dYH|�\xA2\xB7=\xAB at i\xFE\xA9�8\x96\xE7\xAAxd\x9BqM\x97B!2\x96\xF8\xC0Ou\xF4\x8B\xBF��\x9BL;�\xB8\xEA\xF6Ć5a\xA1_\xDF\xCB\xEB#Çe4\xC71\x85N4QDL\xB4 .[\x89�\xD5sH\x8A��c\xEA#Br(\xA1"�Ý-\xA3\xB7p�\x97}\x83~\xDF\xDF�9m\x88^zÞ\xC1\x9D\x87\xF7�\\xDFpß–-9\x99"�\xF3?�w\xDEP\xFC\x92\xF0/\x9D�\x8E4\xFF\xDD\xE9\xB2\xCB\xEBj\xEB\x8FkqF\x9F!\x97\xD5U\x9D9|\xE4\x88~U�k�\xD7\xF4\xAD�^\xD5ix�S\x88\xC3\xFFV\xC5?V\xD7��Ø¿\xEF\xF0\x9A\xA1\xFD\xFA\xD7Ê]\x87��غʯ�Z_\xF5�\xA8\x88\xD6�n\xFDSUK\x93E\xFE\xFE�\xF7\xB7�XS_U\xE9\xFE\xA2[M%\x9B{)\x8B&_P\xFC@\x88�:5\xD4�,\xBE\x95\xB2\xA8p\xBF\xE7ha\x8E\x985e\xE1;\xA5\xF9\x9B>\xD2i\xB0i\xDE~E7W\xF7\xAB�8\xA0\xAAK\xED\xF0\xFE\x97]6\xB0N\xEF\xA5,*?\xD0\xC6t\xB0\xF6\x83��>WS�\x94E\xDF~x\xC1\xF0\xDA!G*FW\xF3��\xAA:\xD7
-\xAE\xED\x9F\xDD\xC9uQ\xE9\xF6�jL'\xAD�2p\xC8\xF0\xAA.\xF5Ç�\xA8k*wÊ‚\x9Fi7\xB2O]\xEB?U\xB5\xE2ng\xFAiQ\xA7\xFB\x91;o�\x8Dc:)\xF7�\xEA$\xF8�z�\xFD�\xFF?\xBB\x82\xE8�W\xD4�\xF6f\xDB\xE5\xF8\xC5!\xFE/r\xB2\xFFc/Ô\xFF\xE2\xAC\xEFÒ‹\xCD?=\xFERc3�\xB4\xC9\xFDI\xBE\xD7/\xA9\xE8\xAA\xD0Vsb\xFE\xC7c�\xCDO\xF2f\xA7\xA8\xA6\xCD?}\xFA\xE6Ø‘Zw\xA2O\xCEf,z\xB1Y/\xA4\xB5\xC4\xE7\xB6l\xE67\xFF\x98�\xA1\xD2p7e+\x9Ev\xD0G\xCC�\xDBm\xF0\xE0\x9AAu}\xAA\xFC\xD6U\xFA�\xF4\x8D\xD6U\xE2�=Ö¡\xD1DYdF+)\x84�\xE5K\x81å—œ?ua0K\x95\x94$\xFA\xEBV\x87�1\xB9i\xBB\xB4V\xFE\xCAm\x93_�J\x8A\xC2\xF7\x89\xBD\xF2\xD7-U\xD9\xF2SR\xB4\xA4\xB8\xEB�\x8C\xF6=\xBAR�\xF5 L\xF9�S\xE4.\xF5\xA3�Ö8\xAE\x{1790C7}\1\x98\xFEaL\xC2�m\x86\x8C\xBC�B�:\xE6\xAAZ\x9Fg
-k̺\xD6g�˱\xA1Nol]-\xD6b\xBB\xFE�\xCDg\xE2Q\xD3�\xFA�\xAE\xE2�8\xF5O\xF4�\xAD喿Tz\xA8K}\x8Di\xBA\xC3>tf͈\xFE\xB5\xF9'P\x97\x87}ģ\xBF�v�.\xF7\x9AL\xF2\x86\xAF\xF9\xA6!\xF5\xFFQW;\xC4X\x84}\xF0#\xDF&\x9FV\xD5\\xDD�\xBA\xA3\x8Fɺ\xEE?\xABN\xAE:\xAE\xAAE.��\xC2'W\xD1[\xABN>\xAE\xAAu\xE7\x9A\xE1\xF5�\xBE\xA5z\xC8\xE0>#\xFB\xD77\xF1�\xF9�Pu\x97\xBC
-ur\xF8��WK\xE6\xC63MǮj\xD1mD]ۆ\xBA\xC1\x9D\xFA\xF4\xC1WRMgUG\�U\xFC\xFF\x8E ! @\xD6𺌱\x83QHG\xA13\x81\xFB\x8A\xEA۾\xB9\x99\xB5ͣ\xB5\xEB\xF0\x9A\xC1#\xFEs\xC8\xF0A\xA2\xF7f_\xDF\xC2\xFEҪ\xA6\xFFP\xD3\xF3y\xB0\x99\xDF\xEBd�\xB4\xC8=ۺk\xFF\xFA\x81G\xECZ\xB6\xD2\xEA\xF5I\x99\x8AF\xFC)\xFF\xEB\xF0\xBA\xFF�hFt\xCFJ\x89=\x90�s\xA4\xF5\xD4՘\xE4�\xB55�\xEB\xBA_\xDA\xD9\xCC-u\x83\xEB\xE9ǒ\x9F\xDA\xD5\xD4\xD6��^\x94�\xFD\xD2\xC1\xEC\xD5FT\xCA\xED\xEC\xA6s;\xBB87\xFEe\xF8\x90z3\xB7]\xFA\xFF\xB5\xF7\xDD\xFD\x89\xE3\xDC\xC2\xEF�\xE0; ��.\x98\x92�j
-\xA9\xA4N\x92ILI„ \xB1a\xF7\x99\xFD\xE3~\xF6W\x92\x9BlK\xB6�d\xCA\xEE\xEC\xFD\xDDy\x82-\xAB�\x9D\xAEst\xCE\xE5NO6Wb{U\xE9\xBE(Ý®c\x91\xF2\xA03|\xEF\xFD\x83\xB6+\xAB[\x9E#\xC0R\x87=md\xC3��L\xDE\xCB\xC3QO\xFB\xBC`\xF4\xFC>\xFC�.{\x8C\x9E\xAE\xDA�\xEF�\x8F\x99\x91\xC0\xE0o\x90�\xFA.D0\xDER\xF1 c\x8FLh\xC0\x8B&\x80v�/�\xC2JÆ“\xE6Hn��m�c\xB5\xF3\xD2=\xF9\xAB\xAB\xF4\xE5Ñ•\xAC\xF4d\xD83j\x90v~\xE6xÍ™\xDBg\xCC\xD1\xD9 at r4\x80H\xA1\xD2�\x87\xCF�lL\xC4\xE1\xAE{\x9D\xF1+�Ü¿+Ï’\xF4\x94`3XK\x8B\x9AÔ¹�bXx\xD5�^\xE5Í«D2\xAF�\xFF\xF0\xAA_\x9EW\xFD$\xB63\xEBU\xE2\x9FÆ<`S\xEAw�\x9Dé“A\xDF�U\xB6\xAD\x99[\x9FS\xA7�\xCAT\xFF\xD7mO\xE0�\xD0�\xF4\xAD\xCB\xD2Q\x86\xA3�\x98Q󵫴\xBA\xE3\xF0\xC5\xF7ѯh\xEEx\x98\x98NV �\xA1\xB7\xF0%\x95�\x80FZ��?�j/Õ�z�`\xBA�v\xFA�ž\xF3\xCD\xE0\xE6+\xD8͸>�\x8C\x917�#w2�;\xD3\xD1(\xEB�\xEC\xDEPAS\xEC\xE3\xFC\xF8r\xA4\xF6:\xDD
-\xD8h\xFCi�\xEC�4\xC6\xFB\xC3\xF6\xDB\xDF=\xB5\xAB�\xA9\x9D}t\xBEM\xD4\xF1\xBB%Q\xF4/\x80\xDD\xDE\xFB\xC7dF\xAE\x85B\xA3�L*�\xAF\xF4\xD4Q_\xFE\xAE\xFDL\x90\xCCI@~i@Ô°\xB0!\xA4o�\xDE\xF2
-\xEF"\xD6s2%�\xFE�\xB6R\xB1?P\xBEf\xF8f\x97L\xE8\x90ú(\x85\xFF\xDD\xCCR\x87\x94�\x927|\xF1wW~s\xEB<\xF0)]\xDFѾa�r��\xF5�\x9A\x92a\xE0\xDA\xEBP\xF9�=1\xE5��.�fh\x9Fȃ\xF6\xAB\xED\xC1p2\xB6 I\xF9U\xD3A\xF2\x960\x92\xFF\xEA\xDA\xD5�\xB9\xA5�\xFB\x93q\xD7�h�\xBB\xF2\x83dR0\x89Rj�\xEE�7\Z/
-P\xB3�%Y\xF9*\xD6aE\xE9�|U*Í �\x9F6w;\xF2�\xFCx�\xA1\xFD\xAC\xB7\xFA\xE7.<\xA9\xCB�U�\xDA^\xB8ÔŸ(T|\xB1\xB5
-\x8C7/C�\xBDR\xCFh\xB7\xDB,\xEF\xEF�\xA4
-hÛ\xDD\xC4"\xE0\xBF\xE8\xFA\xFE\xB7×·v�\xED˨tQj\xC5\xE1\xC3\xC8\xFFm\x81\xB5\xC6;\xF2XF*\x8B\xA1^\xC2�M]\xE5d\x80Åœ\xC50\xE4%s�\xC4\xFF!ubO\xEE)\xE1\x92�5\xF4_N\x87\xF8o\xBAL\x92J\x9FE\xA2�\xA9\xF4\xFA\x9D\xC4f\x9E\xA5\x94\xE5aP�*ÐŽ\xB21\xE1\xDDn\xDA}�\xBCY\xD4\xF4g\xA8\xF4?\xC5\xD0�s.;S$\xA8|\xBC\xAF\xA1\xC9{\x9B\x99N#\xD2ie�62yv�\x93�hhz \xBBC\xEE�\xFFv\x81�\xBE\xD3^Q�m\xFB\x9C
-ւS\xBF��\xEA
-\x92B\xAD\xFE\xA0ck\xD0B\xE2�\xA87&8:\xB2\xF2\xA6\x81.o\xC2n�@oS\x8AF\x80�R(ĸt\xD6LD\xCE�$S4\xB3\x94!\xFA\xCF@�j\xBB\xAF\xE0\xABj\xABJ\xFB\xE7\xC8՟%\x8F\xF6\xDB\xDD_Ƥ\x9D\x9F\x95\x80\xAC\xB0\xEE\xC0E5\xFAs*ɘ\xDF1\xBBB
-�!\x98\xB6\xC1�\xE05�\xA2ɢ:c\xCD\xF24�\x80\xF9\xFEcwJ\xEA\xCA\xDC,J\xFF/n\xFE\xA3@\x84\xAFѯ-/\xA0\xA9/�i\x9F\xD7.�\xC5N at s\xBA\xEF\xAE`\xD8\xFFE\xED$\x94fۋ\x9Fb\xD9\xFF9V\xF8
-\x8F�L=\xC9~\xAC`{�\xE4Xa\xEE\x96cNÒ\xFC\xCF0��\xE7\xD4��;<Q\xEC�\x9CS\xE4\xF0\x9F*r~Ø‘\xABq?\x86\xC5%\xAD\xFB\x979T\xF5!�\xB5\xC3"R�\xFF�\xBE\xFEá’ž\r\x95\xCC&
-.\xC9\xB2\xED\xDF\xE2\x887\xEDI\xD3�o"\xCC\xF4~x\xAB\x8F\xDF\xC8
-\x9F.`\x9C�W$�\xFD�{x}\x84\x94\x83\xA7DE\xED\xA4\xF8�\xF9\x8E\xFE\xFD\xA6\xF3\x91\xFC}4\xFC5b_\xE7A\xD6?\xC0\xFB{\x8E\xA294/'DH=\xDA3l\x89ox1�\x92\xE74{\x87\xB0\xB3s\xB3w\xF4<5#�\xDB\xC9\xCEN\x9E\x9F\xD5\xEE��\xAET\x9E\xE6ì\xB9��\xF1\xF9�<7\xEBb\xBA\x82\xEB\xF0\x93\xF3c\xBAY�\xD7�\\x87\x9F\xFC�\w\xFE\xA7]\xBF\xBC8\xFE1t�)\xD4�0\xE2t\xDFDX\x93><\xF4cd\xB1\xCB\xC6)\xA4\x9B\xFBC\xBA?\x89t�Ñ¥/��\x93\xAEÕ‰\xA90�~i\xD2\xCD}&\xE5\xFETo\xC3��\xD5V\x8C3\xBC\x85\xD5\xFC\xD38\x9D,hQG\xE6\xAD\xF2D\xF6�\xBA\xFF�\xE8>\xFF\xA9"\xFB'\x98yS�M�0\xD6\xFE\xA5�\xDAq�\xBC\xFDUN7\x92\xB9eD\x8EpPg�\x91\x8F \x9E\xA7k�\x98^"\xDB4\xBE(\x87M<\xD84\xFE\xD38\xF9\x8F\x86�\xAF/�\xB7D\xF5�\x9E\x82V\xDF�^\x89\x87�\xEEi\x80�~k@�\x98 �g\x8C�h\xD0\xC2
-\xB7��\x80`\x9DD\xD2@\xF19�\x90?�'DC\xA9\x81\x8B浲8\xE6U\xDDy�`�Ċ\xBCv�A�E\xF6\xB7�\x85\xA9͙X\xA1\xE3 \xA2�\xEDT:g\xC0+\xAF\xA7\x96P \xF19\xF1\xE6?���
-X96�lP\x90�\xAA\x81 �\xA0t\xEC\xC8\xE95\xB1)\xA0\xF8�\xAB\xF7\xB7�E\xFE\xF7�\x85\xCE5Í„+\xDC
-b8೺p5keP at Q\xF8\xBDA\xA1\xB3\x8A\x82d\x88R\x8Bk\x9Ar\xC3<\x80\x80\x80�\xE8\\xB3\xF8[\x83\xC2H\xC11U)�(x\xE36�\x8A\x87\xCCԯ\xB8\x9F\x9C\xA7\xF3\x9F0nL\xCF�\xF8Y\xEFO�[\x8B\xCD�Zk�\x9C5\xDD\xDEF\xE0,)L\x96p\xDE\xC7��\xE8y3~L\xBF�f�\x81\xB0\xFF\x9D\xC0Wк\xFD\xAAE\xF6\xFD|\xDB\xF0_�\x82ě\xD1\xE0F�\x92 \xB4hg��\xFEl~\xB1\xAF?\xD7\xD1\xC6�7\xEF\xE3fs�\x8C\xFD\x8E\xD1�\xA6j\xC0�6S\xD1\xF2��Mϱab�\xD2O
-\xDA\xDA��f\xE0\xFE\xF8׌\xF8"9\xD8?,6F\x90 E� `*\xA09�\xD8\xE6\xAD \xD6e �\xA8\x9D\xB7�\xCC�\xEA�G\xB6\xC4\xCB\xF8\xFB\xE8g9y5�\xD6|\xE5\xC6\xCFT&\xBDĸ\xBF
- D\x86<n\xBF\xB6\x86\xB2\xD2\xF9�\xB4\x80?X7'U\xE8�I;�xX\xB5\xC5�*\xC3~\xD1�,%p\xFA�L1H\xBB\xF1Gp40\x931\xAD�ߦ\xCF\xC6\xFC\x83\x8E\xBF�:2b\xA38;2\xE6\xA7GF�)\xFC7\x90\xF1׽\xB2\x8A\x8C\xBD\xB5\xC9?\xFF|��ɪ\xDBlD\xAF\xAA\xCF\xCF\xDD\x{1982BD}\xB5\xAE<~\xED2\xDF�b\xA2�Ly\x98Ќ\xB8\xFF\x9626\xFA\xAE�\xCD\xEA ?_�\x9B\x9FK\xE6t2xC^\x89R(\x8F]\xE8�_S\xF1\xEAt\xD2~�͖\x8Co\xD9\xD0��V\xE5\x80\xF5m8c�\x9F͜\x9B_\xC7u^4/\xB62n\xB9\xE0\xA0͊\x82wҼ\x91\xB4`\x9EF\xEAi�?\xFA\x8E\xAB?9^3\xE6x\xA5%X䒚\xE8eyAf\xC9\xF4≩^\xE6\x84m\x99^\xB6\xA7\xC1\xAF\xD9\xFC\x83
-Ó£�\xAC}LG\x85\xAC�M\xE6\x97\xF47#&|N�\xDD�\xB9\xF0\x99QÇŸ�\xA2\xF5\x87�\xFCg\xC5\xC1\xEFz\xC0\xFE#=�\xFF~3墧\xAA�\xC0\xBB\xE5�\x98sy\xD8\xEF\xCB/\xFF\xD1\xE8\xE2?\xBE\xE3�\xFD#zx�g\xDD\xF4\xA3\xE5\xD1AÙ¦\x87Y\xE6\xD0Mg0>\xF5\xF3s\xB7}/Q-\xF7\x95=\x97\xC0Cw!\x85\xF7\xE4\xFE\xF3x8覵\xA6D\xC1go\xC9*\xFD�\xAFN-\xF76Etkj"\xB7\xD0\xD8虿\xA3�\xF8\xFB\x9B\xF5{ [\xED\xA3K\xF0w\xDF\xFA\xFE\xD8~\xEBja\xCA[W\xDD\xC0ST\xB7\x8AWV\xBE\xABcX\xED�o\xC8Y\xCD>\xEB�\xDA\xDC\xED\xF0~ß‚�\xEF\xB8{\x96\xFBE\xEE\x9E�\xE6\xCF\xF5K\xEE�\x8C�\x90/_��\xD2�\xBB\xF9�\xEB\xF8\xC3:~2\xEB\xC8\xFEa�z\x88\x96\x91\xE3d^5\xA8Gq\xDB\xE2ØK\x89�\xDD\xCA\xFE\xA3x\xFC\xE1�?\x80{\xAC\xFD\xA2\xDC\xE33\xEF�\xF8\x91\xEB(\xFC,\xB3�\xFA\xAEÞ‡/J﹇\x8EI\xFF\x83�3\xCA�12fD\xA3\xD0K\xC1:\xF4*��]\xE7\x8D�1Q\xAB\xF9B\xCA�1.\x95\xB8Ù\x9C\xBFÑ�E=\xEB!-�95X>\xB3�},�\xD0Í“o\x932 \x98\x9F� \xEB;�'g\xE6\xCF\xCA�\xFAM=\xFEY�\x8F\xDA\xF5\xD6\xD7\xE9_\xC8\xD3}\xFE\x90}Q\xDD\xFE\xB94\x97�\xF3�n\xFFla�~\xFFl \xBF\xFF\xAFq\xE1\xE7\xCFsdß\xA7\xF2\xA4?~\xC0\x84q\xB3\xF7>\xEA\x9B˜rtp>spW\x90{\x824[\xE2�H\xA31\xB6�T\xA1\xBC:\xE8\xEC\x9A\xF5\xC9}\x8B\x9C\x9F�\x94�D\x84Vt\xDAb//�\xBF;�\x9F\xAB\x80�!<����7\xFF\x84\x9C\xCFC\xA7m7\xB4\xE2ׯ\xBDqW{7sD�\xD8z\xA0\xD5è±^\xA3�>\xBB\xED\xF6a\xA6\x8A\xF6]\xD0\xD3U\xF0}\xA3\xF7n,aʘ�\xD0\xC9q\xEF\xE5u�kh\x99]�\xF76[\xF7rhyÂœ\xA6p\x9B7q\x84\xE3\xFB\xCDr\xB8?|�\x86[\xF0sm�\xDEB\x8E\xC7:\x8C\x8D|\\xB3Z\x9Ed$" F�\xB7h���\x8D)\x88��\xB2\xE1\xF8\xE9\xEE\xF1\xC5\xC9q5\x9C�\xA4\xF0\xA55\x90\xFD1�\xE8\xB4d"\x9C\x81W�\xA6\xE1(�:�iÈŠ\xDE�\xE8\xDA x\x83S \xE5XÉ¥6\xE3Y\x8B\x8E\x889\xEB:R\xAC\xA6�\xA5z%~1\x8E#��|1\x9C\xC0 ^3��/Y\xE5\xA2;\xB4�_\xD2# \x84\xE7\xB4W\xCD\xEF\xEF\xADa�v\xF3\xFF`\xD1 \xB9\xD5U?\xE0f\xC6!\xA6\x84\x8F\x86\xCA\xE8u�~\x95\xE5\xF7\xD1�J5�?\xEA`\xC9\xDDp\xB9?Q\xC7�&u (�\xE1\xDD\xD1�Ͷ\x8E\x9A��\xFE\xD5E\xE5�\xC0\xFC�\xEA\xFD-\x87\x80y�)]U�\xF4\xDAS\xDF��R�c�\x81V�\xBEwǯ݉
-L\x94�\x84�\x80 �~\xE0\xC19\xB0R\x94pm\xD8ï¡Ñ– �\x8D/\x80��}\xFF+\xC3\xF6�n^�X\xB3\xA1\xD8c\xC6\xF8
-\x98-\xFC\x85I
-\xF0;~w\xD4\xED\xF4&\xEF\xE1\xF3.J\xF7Ó¸\x8FYd�L\x80�\x9B�4\xBB\xE3\xC9(\\xEBC=�æ¦\x82u\x82톌�\x8A w\xEF\x86\xF8l�\xB5\x9C\xAEأș\xC6\xF6\xA8\x97Öž\x99\xA2W\xEE\xF7T\xC7#u4�;�\xBD\xA3\xF0YÔ™)^G\xB2\xA6\xC8\xC5�\xD7\xE1\xA4û\x93\xF10|.ý\xD3%9\xD6�\x80Tx\x84h@\xED\xBDO\xFAf\x90u\xECѬ\xC8�Z 9\x87\xB05܆\x9E�}}7G\x8Dc\xE8X \x81�\x8C\xFC\xBF\xF7\xFE \xBC^� �\x88=�w\xF5\xE5dv�E\xD6Z}v�s\xE8�k\xD5~\xED\xF5;JW�\x8F\x91]n\xBC\x85\xFF\x8C\xD1\xC5W\xF0m|i\xA0>\xFE%+\xEA:\x86 at xÓ¿d\xC4YQ[\xF8\\xA5\xB4�\x98\xF8\xA4\xCFD\xB5\xFD\xFAM\xA13\xD0Ü‚~\x80\x81�b\xBA��\xC8�-焘Ӯ\xAB\xD5� \xEE\xF5\xC23\xAC
- �`!�\xBB\xF0_�\xDEzN\xDB?#$xOH0\xAD\xBF'�qǂ\xF8\xBE\xBB\xFA\x93 \xBD
-�\xE3\xF0\xFD\xB3H\xFDw\xE2bk1/�6eG\xE5\xCF\xC3\xC35U\x866�\xD4� \x89\xB1\xA2\xE3\xA7\xD3�\x98\xCB/4\x95�\x95\xAA\xCF\xFF\xC2\xD2\xF8'\x93\x81\xDA\xEF\xB5w^,\xE6\xF2i)g�\xBC\xD3\xD6\xFA\x9Dew\xBF\xFFl\xE6+d\xF3i\xAE\x90+\xFA\xAD\xE6L\xB8\xFA\xB3W\xC3\xF3\xF9t\xB1軘\xBF\xB5\xBCL\xFF�\xFDm$p\xFE\xCCEe\xA54�\xBD8>\x8Bz\xEDB\xAB\x97eUF˟\xBCW\x86qH[Pk8�\xFAN\xA3\xFB<>Qz\xDAQ\xB6\xEF\xD2\xDC\xDF\xFC�\xC2�q\xBD\xE6p\xA2\xB4\xBB%\xE8\xC4\xF8\xE9\xD2�Ȩ\x9F=\x85\xF7\xEEX֢�f\x9BGq\xC6y,ttW��va\x8D�\xEE
-\x9E��\xEF\xC2o�`&�'\xE30\xF4l\x8D̦\xBA\x9B\xC3\xED\xDDiȃ\x97\x89\xFC\xD2
-\x9F�GF\xFB\x9C$\x89�\xD55�\xE6Êa\x87JBV(\xD0[
-ax\xDE2\xF0\x9CpO�\xF6\xE5q7Ü‚G�z~=F\x9F\xA81r<)u\xC3�\xDD\xFF\x8D\xC3\xD5No,\xB7z\xFD\xDE\xF8;\xE3|[&\xC8}'l5å¢Ó°\xE5QW}5]Lȇ\x84\xF9\xD0\xEC,�6G\xA7l#�\xA0J\xFB;\x80B\xAF�VMÏ”\xEF$L\xF8\xFA\xAE�\x83\xAF\xC8\xD9\xE6{2�\x8F �x\xCFØ¥\xD8\xD8�R\xB3\xDBß“\xC7 a\xF6a-\xDB\xFD\x8A\x8AÞ’X\x97Ù²1l\xCB}h\xC3\xE3m\xF1��PÛ†\xA3\xDAA\xF6\xB6\xBB*+\xE0;0\x90z\xFD\xDAk\xBF\x9E*\xC3\xE7^\xBF{\xD8\xFDn\xA7y[\xCB\xEA{\xAB\xDBq\xB5\xB4 akÜœ\xB4\xD4\xEE\xB86�\x8C\xD5s��\xBCk
-\xD9l\xCDa\xFC\x82\xEE\xD8\xF5jvZ\xA9\xC1\x96\xA0C�%\xB3ئ\xE9�TH\xDDg��\xB6 7\xBAu\xFBnL\xE7\xC2Ϧ\xB3ud\xE0<\xF49\x8F\xA0\xE3W\xF5\xFE\xA0\xDD\xEF\x8D ^@C\xEF \x83^\xC0\xBC}\xBE�\xEAU*T�\x8B\xE0t\xC5R�\x8F� j-\xF3�f\xDAZ*�\xE5V\xFF\xEAƒ\xDApK\xEE˃\xB6\xC9\xC62ة\xA5�\xFF\x9C\x87\x9AN\x96Q=m\x9A\xA59.\xCCY\xF08sCM<\xE0%\x84w\xF7�\xE5=T�%�g\x82F\xC9X"<\xF3m\xD8J\xB7\xE1\xA9\xCA\xD8\xC5\xF0\x9D\xCDF\x80\xC3�\x86\xF0\xD2Mx\xF6\xA6 \xB4P\xD4.�V\xB1\xAF\xCE\xD9R}\xEB\x8DZ \xB0o&\x85\xE9\x8C��i��[\xFB\x83\xE7a\xD8"3\x8E��"�\xB5�N0\xE2\xECPkR7\x82\xBEa\xBE\xA9\xC6��\xFC�G�\xF4\x89Ǝ2W�n\x94p\xDCਜ਼m\xDB(w\xB32D\xFC\xB2\x8E\xF8\xE74\xC4G\xC3ӛ\xB2�\x8C\xC0\xC1<NC\xFC\xBB at s\xF0\xE8��\x976\x9C�\xBCl\xFC^o�\x83*`)t\xED\xBEJ(,\x9D;b\xFF
-M\xC8\xFF#�\xE2 !\xE9\xFFFiÈ\xE8\xF8���G\xED\xA1O�ÕƒbP\x83΄ \xF8\x8E\xEF,ÅŠÔ±\xD2Q\xD4\xF4\xF3d\xD0\xF6"k\xD4H��\x8C\xF3*\x8FV\x9A\xEFÔ˜'�"A\xFA�r\x94.\x82\xB6\x85�$ \xAB\xE3~\xBA\xA3u\x85\xC8\xD4\xE0�\xE4^ak\xBD\x99\xB5v\x8F\xA6\xA3\xCE;\xD0?\xFB�\xE6)\x8C:~}jP0�Z\xF5~\xF0\x86\xA3\x91\x92\xEE\xBD�n\x99\xEE�3JW\x97\xB0\xA0"r\xDB\xF1PG4\xA9\xE8\xD3R\xB1\x8CϼT\xC0\xEE\x8C%7\xD7,:�S\xDCMÛ°\xED\xDFCT�ʯ٫\xA3�\x91\xB1w\xBAj\xEFe\x80\x9DQ\xD2�\xA2\xDDl\xE9�\x9DoC\xA4!1\xB4\x93\xD5Vo\xFC.{\xD0-l\xAA\xB5Q�\\x82Ôº\xDDW\x80\x8C�\xC0�k\xE1Ñ®\xC7TaKS\xD5i\xA1\xA0�z[\xA5\x93�*P\xF4\xF8
-6|�lȸA�?\x90v\xB0�\x85e9#5
-v�\xAA:\xC6m\\x94
-�\xBD\xBC\xBF\xA5\x81\xA6\xDB\xED\x80M\xB7ð“¡\x85\xF7\xC4 \xC0\xB6H\xF9oÉŠ�4Q;�\x8B%„8i\xF5/\x8C\xABo;\x95b\x86�a4'Q\xF6h4T{>c\xC3.\x81A�z\xF5\xE44\xA8�\xC0\xD11\x8C\x89\xF4\x94�:Z\x8E]��\xB9\x9D\xAA\x97r\xF3�Z\xE3r\xDEÔ†\x84\x82m-\xF0\xD2b* �\x8B\x85j�\xE6�\xA4��\xEA\x99=\xA0\xFA\x99�rw\xA9 7]� \x80\xC38+\xCCQ\x9B\xBF\xCBÊ›jGc\x86\xC6&}0\xB4Å°\x89�\x86\xE7\xC18\xDDé”ç¡©\xB92t\xEA\xE0\xF3n\xE0�\xF6\x8DKq�\xAA\xC06\xBA4\xD4ǵ.\xADt\xB6\xC3\xF62_\xA4\xB6\xC2]\xA5�\x94�\xADl\xBA�MB\xD9p\x87&\x9F\xBAÞ E\x8D\x90_\xC3\xCF\xDC\xF1V\xAF \xA7\x87Ú…\xD7|�\x83I{\xCEYo\xF3\x97\xCB\xEAw\xB6B\x91\xC3F_\xBE\xED\xFE\xF2�'j{\xD4o\xA7\xA3\x81Ö¦=P\xBD ÚŒ{}\xD3\xDBE\xA5g\xD5�\xC9\xF5h\x83(\xD4Ob(�\x85\x91\xA6\xACÑŒmK\x88m\xD4I\xCBX\x95H��}\x9B_\x83Ô¢\x85R\xB7<eÌ \xFB"\xC3\xFC��A4\xD0�\xEF<\xDA\xF4\xF96\xF2̸,�\xA7H\x95\x81\xC1\x8D�\x98\xC4Vv\xA9\x9F'\x892 -�\xEE�\xDC,\xDF5�b\x86\xB9ݪ֌8\xB3\x9A\xC7C\xDB�C\xCBE�\xEE
-\x90��\x8ASR\x8C\x9E\xDBv\xA3@\x85ك\x88-\xC0\xF9=\x83ǔ�Evw� ǂx\xC5\xFC>&:\xC8(\xDF \xA7\x95\xDA#\xCA
--#\x85�\xAAH\xA7\xC3~ϋW�\x9F\xE9�\xCC\xFDA\xBB?q~��v\xE2\xE5\xA0�\xF3�I\xEC\xD6\xE8B\xDB,\xE8\xA8�\x8C\xF5\xEE0\xCFD\x90>`\xAA�R\xC6\xF6;\xA0/=\xB5\xCEo�\x94\xE1� \xC0k М\x9D\xBB\x80Q\xB5\xE4qC\xFE\xDEU\xBC�3\xDE\xCBA\x9DZ~W\xCD\xD1b\xC1\x83\xA8��\x9Fi\xE5}k\xCA\xF0}W�\xFF=T\xDE.<\xB5�\xEAg\xE7\x964
-\xF6a\xC9OӢ~\xD90\x95\xAE\xAC�\xB0\x8F\x86\x83a\xFB��&c.\xEE\xC3\xDE@�"Y\xA2\x8D\x80\�\xFE=\xD0"\x8A\x{1A157C}\xDB�\xFE\x85\xFB\xA4��\xB6z \xB0\xB6@\xDF[\xF3\xF6\xFA�\xB0\xD4\xEF\xD8bu7\xBC\xF6\x9D P\x98\x90\xF9%}\xBDd{\x8A\xFCm\x90\x95\xEA|\x84<\xE1\\x80�-\xF0x/�}7\xED:��;��\xBF\xDB\xEFøz`\x88��\x8E\xB9\xBF<h\x98\xD5�\xE6d \xD8H\xF0\x98�\xF4[\x96G\xDAaa\xCF`\xE0\xF1\x8BW\xD08,+\xDD\xF0\xF8\xB5�\xD6u\xF60 %\xD8^
-\xFF\xFD\xDA�\x84U\xF9/8)y�\xC6'�\xF9ZXV\xE1c\xFD\xBA\xC5J\xCD<\xCAL\x87/U\xD4%\xF8\xD7\xDE\xD9\xF7\xE1$<�r+�D`W\x9B��Z\xEB\xEE�f\xC5\xF6l�\xA5\xC2`0\xF3\xD3�P\xF0\xC2\xE3!\xEC\xA2\xDD
-\x{1D0517}\xC3}\xF9;<\xE7\x95G#\xC0c5\xF1\xAANÚ¯pz\xFB\x83
-r#Y\xDDh\xA3
- '\x99\x80\xD9
-\x9F\xAD\xE1{jx2x\x83Y\i6)�\xBAn+\xBD\x91\xB7\xB9n4\xBEPd\x98*�H�\xE9)P\xDFg\x95_\x81\xBE�\xAB�\xDB"\xDB1\xCE�\xE9u\xE9r\x81\x9D\xF3z~\xE4}\x96\xE6\x85\xDB\xE6I�f\xC0P�[\x87\x9C\xE8\x8CÓ¿\xF7�4��\xBD\x81\xE5n\xA3��Ô¶\xE4\xE7�\xB5\xB5\xBE\xF0t}Ùš\x9E\xDB\xCCO\x9FÆ–\xA8\xA3\xF9N\x8C\xE6�J\xEF\xFD��\xFA\xD7>\xE6\xAD\xC5J\x90\x9B�~ra\xC6rx~ x\xE5\xBE\xE9t\xF1e\x94%OÇ\xD1���\x9C�CKc}\xDE\xEA\xA9>\xBE&�v�\xE3\xF8]\xF2�&P~] �\xD14#�\xFCZ�%\x8F\x97Þˆ\x91�\xAB\xAEh\x97\xAA\x98\x80\xF3\��\xBD}1\xBE�\x984\x8A'K \x96\xCAu\xB7u\xD5\xEB\xFEÍ°�\xC8 \xE4q\xF7\xE2u\xF2\xDE�Ƚ\xBEJ\xB7\xAC\xF1\xFDs��x�\xB79��$*C\xE4Ǧ\x81\xE0Bh\x819%\x80\xF1
-^i\xAAs\xD9�\xC7LF%iR\x80\xC3\xF4\xD5q�\xFCO6\x8Dq3Ò¬\xF0\xA6\xBA\xF7\x95\xAE\xD5â\xD8+\x92\xAEck \xE4�v\xCC\xEE7�\xD8\xDC�<\xE8f7xs`8\xA9\x96\xBAFdfx\xF3g\xA5\xFB1\xB1�H\x96\xC8\xCE\xF0�d\xA38\x89?\xA8{j\xFB\xFD\xBB�o\xB7\xF5\xDB�\xB7\xFB
-�\xA8\xB5�\xA8\xB5h\xF0\xEC|\x9E탬.\xC5�Y\xB4D\xD7#\xFE\xB5\xDF)'\xDE�\x9ELYǽ\xDE�\x95ؑW
-\x82\xBC�\x86\xBC$>fk��y\xA5`\xC8+�C^)(\xF2J\xEC\xC8+ّ7Mv\x94ۺ�\x80\xBF\x92�Ӽ\xFF\xCC\xED(\xCC1~\xE0D\xE1\x9C(0\xA0\xB0� \x85%�
-{ P{8a\xC3^\x8E�\xD19;\xA2\xFB5\xB6\xE1\xA2w\xCB \x88\xCE9��\x96K\xF7\xDE .�\xAEsAq\x9D\xC3q\xDDo\xF2��5��ѹ@\x8C\x9As`9[k�ŕa�\xA8\xE1\xF2wy\xE0\x8B\xE1\ �\xE7��\xEE
-M\x9E�wy;\xEEzc$\x8F\xE1\xAE\xE0\xD72�\xEE\xF2.\xDC\xCD�=\xF8�\x81p\x97�\x8A\xBB<;\xEE\xF2Ap\x97�\x84\xBB| \xDC\xE5�\xE1.O\xC1\xDD#`\xCE
-l\xB9�\xB4\xEF\xD9Ñ—�\x84\xBE�;\xFA
-v\xF4\xF5FJ�C_\x92\x99ak��}��\xFA\xF2>\xE8+�C_!(\xFA
-\xEC\xE8+�A_!�\xFA
-\x81\xD0W�\x84\xBE��}\xF5\x8By\xFC0R�\x80\xBDB \xEC�Ù±W\xB4c\xAF7N\x8A�\xF6z\xEB\xD2b0\xEC�\x9D�r\xDA\xC76�\x83!\xAF��yEv\xE4�\x83 \xAF��y\xC5@\xC8+�B^\x91\x82\xBC\xDAeT~\xF8(�\xC0]Ñ\xBBÆ‘\xFC\xFE\xE0-�/\xD8\xC1\xCE\xE2}\xAE\x95]nJ\xE3h,�\xB9\xDD\xDA�+\x99\x93\xBD\xE2zM\x8E)\x9B\xA5\xE6\xF3\xD1Bcc\xB7�\x89l\x88\x8B\xFFì¬ìŒ¥\xC9Z\xE9\xE4\x9FÊZ\x8D\xFF�\xFE\x8BD�O\x95Hde9�\x89\xC4�\xA2\xA1�\xEA\xE8�\xEB?xImrG9\xDB\xE7\xC1��*\xFC\xD9\xDC\xCD?\xBC\xF4\xC1�\x8B\xE7\xF0F\xDB|\xBD\xB4Ó\xA3y\xC4z\xF0\xBD\xB4s\xF5\xF0\x91 ,\xA1+n\xA5\xEA\xD3\xD6�\xFCki�\xFEÌ”\x84×–�6\xD0Ï\x8B\x9C\xF4�Þ£\x9FÕ§\xF6\xFE�\xFC\xD9Gß–\xC4\xC2\xFA6\a�\xFD�\xC5v.\xBE\xB4\xD7\xE0\x83m\xF4\xA0V~~\xD8\xFC'\xF7%7z\xAD\xB6.\xB8hm\xA3\xBA6�K�\xF1`\xB7\xD0�\xBD$K+g)\xD0f\x83O\xEE.\xEE\xDDW\x9E/\x9E�UY^^\xDCM\xF5/8\xB4�\xB4B!�\xAD
-Ê¡\xD8\xEE\xE1M'\x97Û¿�\xC4Rq\xE9\xE0�\xE7\xA1�\xF8�\xC1�B\xEE\xF2Y\x87\xDC\xCA\xDB�\xED!\xF8oGM\xBC�P\xA7\xD1\xC8\xC3\xF2\xF3�\xF6�\xC0\xC8\xF1�\xFD6\xFA[:�\x8B\x~�/\xB8\xA8\xF10\xFA\xAD \xDE|)\x83\x87'#\xF3\xE1\xF6�\xF8}\xF6�\xC0 /\xFFß–\x89;\x82\x95B\xA7\x9Ft\x87+\xFA\xCD±G)g\xD0+\xB9\xA5\xE5}\w\xBBͬ+\xE8\xECw:A\x84\xD5\xEEz\x82\xD1\xF9Æ»�r�\xE2O\x88\x98\x9BÜ’\x9E\xF2\xC9\xED\xABV\x86\xCB$\x8FV\x92Û¯c�\xFE%d7\xCE\xD6D\xF3Å™\xF9�z\xB1.n_\x8CK\x95\xE7b\xFDmo\xE1|S\xAE<s\xB7[\xE6[!\xB9y\x9E{\x8D,\x8F.>"\xA9\xD7o{ \xE6\xC9v:�I=v\xEE")\xA1ÖŒ\xC4\xF7\xD4�\xFCy\x9B��\xC5Hrks�˪\xE2\xE2��>\xBB}\xF2\xB4\xC5\xED=�l\xC3\xC9�\x92[\xB9\x95\x85JW)M\xAAÉ£\xC6u\xE5p?\xD24\xDEV\xDE\xD2�U\xDA+>]\xD47C\xB1\xEAu\xA9{\xBE\x93Q_62{\xBB_�+_jWÍ̘�\x82\x96�\xEF\xE0\x9B\xD32�@\x8A\x94�#}\xA5\x9B\xB7YmÊ¥\xA1z\xAC\xFD\xA5\xAF\xB4\xA1*J\xB6\xD2\xE327oy\xABI(f\xADP\xB9\x97\xEF\xB2`�\x85Ir\xAB�Yʪ\x82zdL\xAAP�&\xB7O-\xF0\xB3\xDE\xE7:K\xB7�\xBC\xDBu\xF5FyHT\x8E\xB8L\xB6�\xC7\xD7\xFC\xD8-\x83/\x93_\xC0(Qam�|\xC8�\xE0lO\xB0A�.s�\xEA\xA0Ò™\xF8\xA6\xD0�}R�>Æ—Ö `�|\xD8r+w.\xAF
-\xC4A\xD5\xC25O�t/[\x8C\x{DF91}�݈.\x85b\xEA\xF2\xE2pDZ\xAB2yJ/\xC6[\x8B\xE7\xF7\xA4A\x93�B\x83\xB6\xD2\xDC\xC2\xC2Õ—c\xC9��`2\xBEo\xB7_\xB8Z)wB�p\xB4\xF6\xAD\xB08�\xD7OI\x83r\xB5\xE7\xF6�u\xD0PlI\xC8\xDEV\xC9k\xCD\xDEv\xB8z]\xB9%\xEFj\xED\xE3R(_\xB4b\xE0\xB3\xECе\xA7\xCB\xEFk\xFA\xA0\xA7\xCB\xCB`_\xEC\xBB**W\x99W4(\xBF\xB2Ûª\xDAw\xF5Ny\xA8\\x9D\xC2A�nT\xCA>d\xC7\xE9\xCBUÒ \xA1\x98\xF20\xDA;\xB0\x86u�\x9A;\xE6\xD6�h\x83\xB6\x95\xAF�\xFE\x86<\xE8que\xE1#79B\x83�if�V]�\x95j\xB4A\xF7\xB6\x85�\xFF\x85<h6q\x9B\\xEF_�\x93��k\x99<m&Vv\xAEWd\xD2Z\xB9Z\xB1\xBAE�4\xB7\xB0ؼR\xD6)\x83\xDE>p\xB5\x87\xBDs4(\xC41'*\xA9ë±·\xCCU\x938h=59\xA6�\xBA\xDC}\xD99!
-Ö¢lD2\x8A::]\x84î\xB8 |V[\xD9\xCE\xEFD \x80\xF3#ç |\xE9V�\xF4v5\xEE�4\xD7l\xBC]\xA1AC1\xBEz\xFFV\xB3\xAD\xF5\xCB�׸\xABJ\xC4A\xA3{�j\xFEm\xE1,G�\xF4hE\xE9\x91�
-\xC5а;o\x8F\xE5]m\xAD\xAEA\xEF�\s\xAD\xAB\x92�=\\xBD?\xECtSc\xE2\xA0\xCD\xC7\xEDu4(\x94b\xEE\xB5�\xDF\xEF�\x94h\x83\x96\xB9\xAB\xE5\x9B�y\xD0\xC6¤\xF9\xD2\xEA��\x83\x82QаW
-~H�\xF0e=S\xEF\xD3�=\xE4\xAEF\xE2�e\xD0\xED\xC4\xD5\xD7\xEB\xA7\xDDP\x8C\xB8\xD6\xEB\xED\xD6
-u\xD0\xC7\xC7\xDD\xF15e\xD0\xFB,\xF7pr\x91p�
-Fц=>y\xF9vS\xD9X!�\xFA0N\x9FQ�}?M.\xDD\xD0�\xADq\x8Fg��`�\xE2ZOv�\xCAݮZ&�Z\xFD\xB6\x9A\xA3�Z؋\�s
-mP9:\xAE\xA3A\xE1(\x9A\xAC\x89l+\x93\xEB\xBB,�4\xE9"\x9A\x93\x85\xF5\xC4\xD7\xC9\xFB#�tSq�\xFA\xB4r\xBE\xA8�\xFAV\\xB1
-*\xBD.qG\xC7�Ҕ\xEA}ay+\xBEg�p\x91\xB4\xA2\xBE�,\xC0AW\xDD졑\x8E\xDC/\xE4j`\xD0�\xD5%S\xEF\x87Em\xD0\xEDx5\x85�E\xA3\xE8 \x8E\xEC\xD6N\x96\xB5A�\xC6k�vVx\x99\\xDF\xDB<\x80\x83f\xDC2\xF5\x92_\xCD7\x96\xBE\x81Ak�\xE7\xA0Jo�\xF01}ص\xB3\xB4}\xAD{\x97\xA5\xD8\xD2��Tܾl4l+]\xB8S\xA5\xD6�\x924\x9C\x9B\xE9�\x97\xA27\xE3\xB3}0\xA8\x90pi�\x8A\xB2\xDB�\&c\xE2\x86\xF5�[*,\xDF^6\xEE�\x88o'rd\x83ۿO\x8EIo!痗\xB7xY=] \xBD�{PKEb\xA5\xC5
-|K`k\xADA._[\xE4\xE1[�\xD2D\xF7^G\xB9\xC1rNDTIz?P\xF2'�{�\xE5\xEDx\à·¾\xE4\xC9o\xF7\x97";'\xD7\xD53\xEB\xADM�\x8B\xEE\x8F\xD7�\xF7��T\xF2ׇ\xDCC#\x99\x94&\x94\xB7\xB9\xC7ã\xC92\xE9-\xD0Ç¢\x87\x87ϧk\xF9\xABU\xE2×…\xE3/|"\xBE}\xF7 ߦܜ\x8A[4wÒ\xF1\x8D\xDCÒ¥|W\xDD\xD2 Fx\xBF�\xBF*o\\xEFPÞ–V\xAE�\x95^\x89\xF2v/\xF5X\xCE]\xDC[o\xED�;Ú}\xDBL\x88 \xF2\xD7\xC7\xE7\xAF\xDF\xD4\xC7j\x92\xF2\xF6\xE6Û»\xA8f�\xD2[�\xB1\xE3\xF7\x8F\xE1\xEA[\xB7@\xFE\xFA\xF6\xE1\xD4Ð o�V\xEEL\xECv\xBF}\xFC\xB8BÜ�1\xF9FØŒ\xA6\xF25\xF2\xDB\xEE\xCDqm�=\xE9\x92\xDF>s�\xAF\xCB\xDF\xF6\xA3�\x88Å®\xCF:W\xF1\xC8\xF16\xE9kE\xD9|<�w\xCE\xE2q\xF86\xED~+\x94\xF6O\xCEJ\xEF\xF0\xAD\x93 A�f\xF7\xF1]�\xB6u\xC5z\xBF5Jl\x8C0��\xB2\x99\xAD\xE2\xDE\xE27\xC44\xFB\xAC\xBC\xBAr�xR#O3=u\xE3r\xE5p\x9D�ve\xAAr~�I]}mBk\xF2"�\xBFKL\xE0_\xA7\xC0\xA6|+GV��%\xCC~\xDB\xDA�\xBE\x81\xD94w\xD0x\xD6È™\xA3\xC2`�\x98\x827�\xC8\xCF\xE3\x809>o\x98\x83�\x9D?\xD3\xDBl%\x80\x96�\xAD\xAA\x85ÓŒ\x9D\xF7)Qay\xF3tUSm\xA1\x9D\x831Ü�q�\x99\x9EH\x8C@;\xE7\xCDb\xB7\xF8\xA0\xD9\xC4=\xE2\xC9\xF8\xB0Ø \xD1\xDA\xD7U\xEA\xA0\xC8Ρ�
-T[`\xE7<\xE2\xFA\x98m\xD8ۯ�\x83\xD6#�}Ph瘃\x8A\xB6A�\xC0އ\xFA\xFF\xBD1l\xBDo�\xF0�>h\xB6\xB9\x88\x83\xF7l\xE7��\xB4\xB3\xB4\xB4`
-\x8A\xB4kP(+m \x86\xDA\xFF\x88<h\xF6\xF6\x96>h\xB4\xF6\xC2Q��T \xF5\xCAZs�P\xFBo\xD1�\x95=�\xADsk6}\xCC>,\xD2)\xA8\x83B\x9D\xE2\x92�\xDE�uP\xC8\xC7j\xFBK\x8E]\xE5S at _@ã\xBF\xF4\x8D8\x9Et\x98Ú,t�\xED\x80eAj�=ÙŒ0\xF4\xA8L�\xDFb�\xB7\x80k\xB69\x84t\xC2\xD55%\xF0u*\x8E\xF9n\xC0_e\xA8\xC3\xED#\xC0��jR|\xFD\xE4�\xC0\xF8(\xA5\xFF\xB3\xCD\xED[\xC6:\x84\xF6YVͦ\xCEm:\xFF\xD6\xE9�`q\xCBwe}�\xF2y Ltm\xB85\x8Aw.\x9C\xAC �_ʼv+1\xF8Ï‚9\xC0
->\x80A\x8B`6w�~\xA5\xF4\xAD\xA6\xE9ɢ\xCD\xFB�\xD8\xDE\xD6V5\x86\xFD�8\xA3\xA51\x9F\xE9\xEE2\xAB\xF1\xE9҇\xD1D_\xAE5a\xEE@\x8A\xC5\xC0(\xF0 :،�}f'\xE6
-*É\x96\xB8\x87��\x83|\xFD\xF2�\xFC\\x82\xE6\xC3d\x854%\xCB�\xA3MJ\xF5\x9ET\xA6\xB7\xB0\x96B\xFFh\xF0\xD4|.�O\xA0�\xF2\xC6\xC4�9\xD2\xF9\x89 at G\xFF\x9C\xE3v5a}\xDB\xFCa\xC3o}\xE0�h%\xC97�\xEF��\xB7\xAF.\x8E\xFC\xF6/u\xA4\xE3\x8Bf\xD3\xD8Ö‡FA+\_\xF1��\xFB\xFEÕ›��~�~K*\xB0<:\xBBbFv\xDC\xE2#�\x8B{^\xFE\xB8\x99�\xB3,\xC8jT9\xE4\xE5\xC5\xE5\xBDY o\xC2=C\x82\xBB\xBE/A!\xDFR�q�ݧDb>`Ê©\x81\x93\xF5T\xEF\xCB#| s\xF5\x9E\xACG\xF3\xC2\xD9w\xE3k\x95\xAF>\xA8u\xB3�\x91�\xC0\xFAá’®\x94�`W\xBD?�Û©\xD25�\xC4\xDBS\xF0\x9F;\xDCm\xEA\x82]�Z\xC1\x87�\xB6M\xA1\xCA��ѾV\xC5\xC5\xF5\xC3\xC6,KC\xFE\xB1\xFB�P/i4D\x9B�ו�/\xA9\xAB
-Ōu%\x96Ъȼ\xFD65B\x82b\xCA���\xA6z_I\xDB0\xDD$C�\x9Es\xDD\xD3\xF4\x92]WǷi\xAB~\xFFA��\xC0\xE4@\x80y^\x8B\xA1I\xE93�i,)\x9D\xF4\xC0d\xBE�\xDE�\x99\xEAZ\xC2�\xEAcv\xBA\x93\xA3
-⪃\x8A|\xB9f6�5\x9E\xEC\xDE\xCBT5\xA5\xFD\xA3\xEF\x95vH\xE1F\x8B\x96�e\xD8N]\xEE\xEB\�9\xA2 \x94,G\x8Fxjg\x99\xD7ar\xD3=\xAF\xB5�\x9A\xDCo �B\xE9Kñ€Œ°\xA9R\x9C\xA0\x85ym\xC9[a\x846Ä´^\xC1\xA4\xC0×—\x8A'\xAFee=u�\x96\x9A\xB5fD\x95\x96`\xF2\xD7�\xB1\xFD\xED\xD4\xED\\xD5-\x96�(\x86b~\xFB\xFBV\x98̬=\xE9\xB4�&ߊx��\xAE/\xE3;\xA5b\xD4CVZ\xF3aP\xE9\xC0x\xAF�\xB4)\xEDX4k\xED�\xB2\x92(;\xE8\xA3\xD2=N\x96Y\xF7/�\xF3S\xE9X\xE9ó ˜\xA2\xCA\xD9U(6Eg\x9De\xB9�h^&\xB7twf�(3-�\xCAJ6\x9Cg茪\xD5M�1\x8B\xD7\xCE�bv\x8E�p\x91\xBA_\xCB\xF4\xC3�\xA5\x9B\xDBU\xBB\xE1\xBA�I\xA5:\xB3v\x9C\xDC�oi|�Ñ‹\xAF)A\xA6\x83\x97=V\xF5:�\xA3\xE9
-{NK|j\xAA|\xD9��{\x98\x94���\xCA\xDAy,�:\xDB1*W\xD5e%�t\xD8\xCD>7l4M n\xF7\xE9;\xAB\xB1@\xDBi\x95\xCA�B1\x86\xA9��a7\xF1��\xD1,qm*~\\x80e"v\xDDÒ˜\x88S\xB7\xF4\x81\x89�\xD9;,Ö\x980u�\xBB\x88*\xDD<f\x83\xD9\xE4Ú±\xA4-\xC8\xC8\xC0\xFD5t\xC8}nÓ”\xB6\xE3\x95q\xB0�(N\x8D}h\xE0Ö©:�\x89}P��\x98aD�O\x9A\x92~*\xEA1\xA9y0 \xC0a\x8A\xF5o\xFBsb `}KA\xED}\xEA\xFA\xB6\xD7ÎŽ�pl#�\x860\xA9ʘ\xAA+\x90\xB1\x96\xA2\xC9��\xEA+�\xA2\xB3\xB8\x80HU\xBF�Q9C(F0|h6\xF9\xB7}î™\xDE���\xEA%�#�+ \x89{ K
- +\xDD\xC0\xB2\x93\xF8\xE6�\x918>W\xFE S\xE2uz\x99ίw\xE0 q\x8A\x87$\xB1\xA4{HȈ\xC6�.z�\x8D\xAC\xFA;Г�× \xA3\xC0\xCF(fp\xC9�8\xF5wsi\x88\xF6\xF1\xC5y.->\xA5{�\xF3\x8E�\xB8\xC4\xF2�~\x9F\xF7�\xAE\xAB\xBE];�\xA4\x9FY�X\xD0\xC1$\xB8\x8F\xCE%\xC5\xC4\xC5\xE2GvJ\xC0\xD8\xC0\xF2\xA8\xF8\xF8\xFA�\xAC I\x87\x8E\x87\xBF�g���\xC3}
-�e�\xC6"svU\xFAЩJ\xD3�\xB0h\x9F\xA2L��\xBF0+\xEC�\x91�\xB4Ѿs>̚\xF0\xE8\xD0.�\x9D��
- �\xD7\xCE\xE6@/\x87N�H\xE3J�x\xBEv�\xB1�?Ñ®[\xB2\xB9l\xC5\xED˘�|A\xB6�U�wn�|\xEC\x9E�`t\xE8\x90v\xB8| ��\xBB\xA0\xA30 C\xD0\xC1\xDD7\xB4Y�t\xF2�\xD0a\xD0e\x91n\x99\x88'\xED\xF1�`U7\xCD at t\xE7a\xC2��\xEC\xF4*L\xE1ć\xCE\xF7U\xEF5\x87\x98\xE5�\xEC,Â^�o\xAB\x8B'\xC3θY\xF9J�\xC0sg\xC2“=q�\xED�\xBBȳ\x9FX9\xFB\xB1�\x92\xD3\xCE\xE6v�\x8AÍ£�\xF2I\x85\xD5K\x88\xB1\x9FG%\x88\xEF\xDF)\xF7,\xB9\x8F:\xB3\x9F��\xEA\xCC\xE1�\xAF7�\x96\xBEirK\xF0Ôi\xB0\xBA\xD0`Wvqc\xF7\xF3�r\xBC\xC0\xD9z�\xFAP\xCE\xF8hJ\xC4\xCD�#(q\xF5\xD3\xCE\xD1\xECT\xF9\x94X!p\xB4Ë™9\x9A\xB5/W\xC39p4\xF5\x8DÈ„pë•\xA3\xA9o\xF4C��GC'\xEFdS
-v&\xCC\xCCÑ€\x81ÐŒ\xCEN\xFB\x97��\x8D\x85\xF6/g\xE6h\xC8~A\xFD̬S\xA0^\xE6p\xF6\x8A\xFAy\xA4�\x9D\xEDp\xDD\xF1eF\xC7!\x9B.\x80q~\xFB\x96\xADsTw\x83\xED\xE8\xD0\xE5q\xC3\xC3B\xF5\x89,\xA3\x93\xF7\xAD�GP×”\x81�\x84\xD5_!3\xDAS�g8\x92�\xDB\xC9\xC0dC166�:\xF3\xD4ê½™\xAC\x9D'\x83\xCEf\x8E~\x80q:N\x93�?{e&\xE7\xEA}%�\x88)Pp�\xF4\xE3\xA3\xC81\xCE&\xED\xF0\xF6L\xDB�\x8B&�b\xE8\x87N9\xFE*9~\x9A\x80:\xE3g\xE8\xCC\xEE\xC8J\xA4�\xB2P\xE3c\xD7s\xD3\xEF\xEF?H\xB20\xA0\xC5�m,��F\x92\x85!w\xB2\xB1\xDE�\x93\xF9\xE8�M�\xBB\xCA:|\xB0S!\x9A�\xED.\xCE.Å®gviY\xBB?\xBB~M\x95\x85\xC1\xA4\xD85\x83~O\xEA�Ï®5\xFA\x99F�R6\xECH\xF0\xF0'�\x97\x860$<å…V\xE4\x8B\xC9\xF9\xA7\x96\x867^Ne=tJ\x8B\xE8\xC6�1\xA8\xEB�3\xFB:\xA1m\x89
-\x94�AROß \xB1\xE0\xA3Q2k\xBA\xA0\xAB,�\xE7g\xA1\xE4\xE7U``\xDC�\xC4��\xEA.\xD1�tb\xF2
-#\x9D{\x9D\x9E�Rp\xB8\xAE�\x9E+\xFFp:\xE7\x94\xE8D\x8AaD\x88U0\xA5 F\xDA-\xABX
-\xF9\x86\xD1�\x93\xD2\xC3Hc\x88\\xB3\xDB\xFB\xB7\xCEXz�(Y\x88\xABt\xF3�\x9DS\xB4-\xEC\xEC\xC3G\xB4`\xF2\xC5\xFB\xF4�v6\x9E�\x89\xDD�c\xF1'c*\x86\xEDd\xC0\xBE\x93\x8E\xE0[\x9A�Vb\x94\xD3�\x8F\xE0[�#2�\x87\xF1\x9A\x94\xE3�t\xAAXU\Oւ\xC2 \xE3\xE1\xF9r\xF1\xF3\xC5<\xBC\x8C\xA5 3\xE3�\x91\xD5\xC2\xEA#ʡ\xF3Π�\xC5\xE6\x93C\xE7\x9DA�\x8A\xCD'\x87\xCE;\x83\xCEq{\xC3\xD49t\xDE�t\xB6l\xC1�r\xE8\xBC3\xE8\xECق\xD3\xE7\xD0yg\xD09\xB3�\xA7͡\xF3Π�\xC5\xE6\x93C\xE7\x9DA\xE7\xC8�\x9C:\x87\xCE;\x83N\xCF}\x9B9\x87\xCE;\x83\xCE\xCA\xE1\x9D-\x87.\xE9\x99AG\xF5\x90�̡\xF3Π\xC3|�\x9E�\xC9\xF4\xB4\xB7�\x83\xD1k\x8F\x81\xA7g�\xED�\xA3\xCFX\xA7dZ\xAF\xA7K\x8A_\xE0\xF6f+�H\x8Ar\xB1\xDBȬ\x9E\xFC\xD3%\x9FXrvO/\x80\xD3i\x90Xr\xEA\xD6-G\xFD\xE2\x94X\xE1\xE4̲\xB1\x87�\x85t�ϖ�\x96��'\xAB+\x97\xFD�;K\xCDi}fޜI\xFB\xAEH:\xD6\xF5\xA5�\xA6�%2ä\xEC\x879\x81\xA7\x84e>\xFA\xB8\xC1<\xE0\xE4\x9B2\x87\xFC\xC9>\xBEc6\x84\xBDM)T\xB3�\x8F�\xF6K\xA0\xA2\xA7'\xFB\x85\x828,\xBE\xAF\xD5Y\xDCƶ\xA5\xADb1\x9F�Qj>K��
-B\x8B\xB4\xBFM\x8DH\xC1 A��u\xF1L\x9E\xDE*ë±a%\x91I�\xE6\xA7\xD1u~\xC6�� �\x8C*Y���3�tF\xCD\xCFBg�\xBE\x9D\xD9C\xB0\x80\xCDZOÚ•\x88\x9A\xB7M�\x80'\xCB\xD1�\xAAO\xC9\xC7\xE8u\xC6\xF6\xD4X\x93L}SL\xE5\x9A\xC5\xFE�\x9E<\xBDm_\xF3<\xCB\xD6\xDC$\x84H��\xC7a\xD2\xED&\xE9\xD4��\x88�O\xAC\xDE
-\xF4\xC4~\x86,0G�\xDF\xDD\xD8[\x9D`\xCF\xE3\xB39[�1\xF0�\xF2\xC0|s\x87\x8E\x86x�\xBCǤ\xC6\xDB��1ɞZ\x88<\xF0`R\xF4�xS�dڿ\xE2"i\xFF\xA6\x89"py0}\xF7\xCF+\x8F\xCF7'\x86��ྸ\xEFA\x98�\xB3()2ؙE\x90\xCE<\xA2\xEA\x83C\x8C\x9C33%\xC4\xE8G!\x81�I\xBE
-\x81�bv\xC7o^q\x86\xD6\xC3L�\xBFL.6�\xFBe\xCF7\x81Q'v\xAA\xDF\xD2?_\x8EÒ…\xD5�\x95\xE1X\x99\x8F�\xBC\xF6\x8F�u\x8F\xB7\x89\xD4\xED}\xD4A>�u\xB9v=\x8C=\xA2*&\x94n\xA3Kv\xAFu\xF0.n�Y\xAC�\xEBXÃ3\xE2\x99*ǺC\xEE\x93�\xBA\xCDCOq\xF3\xA3}�0\x88YiB p0\xE4\xC8�\xE2\xFALpxi.{\xFEW\x9E,x\xF9\xC6\xEDz\xA4\xF0\xA0\xB6\xD2v=r\xDF/+Ö¡E\xD21\xF9A��q[\xF8\xA5\xC7yd�Ù¹�=#\x8A!=\x99M��\x93b\xC9\xF8\xA2�n\xDA\xF4\xB1\x87q|i.pZvL\xC9�A\xC4
-'o\xF7\x8E��<<W(7.\x88\xA7\x81>%\xB0\xFB>w�\xB9\xF1\x926%1\x98�\xF3ʰ�䑡F\xA7[iq\xD3\xC0\xC9\xEE\x91\xD9\xE6�T\xD7\xDD�\xE2bq\xE4cӱxd\xB6\xF9C\xE7
-(SD\xA9��\xF7\xC8Pc\xE0\xDF�\xE6\xE4\x91�K[\x9E=\x82\xE8\x80\xC1#�bIC\x9B\xD9#�\xB3�\x8B�3���x{d\xB0\x8CT\xBF\xFC\xBC�<2\x86���&Pz�=9�\xC0&DŽ\xC9lQ�;�W�\xEA\xDAY\xC4?n\x9CEY��\xCE#'q\xFB\x92\xF7\x8E�`54�-\x97�\xC9��ȩ3:d\x88\x9C
-\xF9\xA7\xA1m&fN�\x83\xB1\xA3^7\x87\xB1\xA6\x8Fy\xDF��b!]\x9896S\xFE\xA8f\xF1�N�\xAF\xE7ʫ\xA3\xA4\x90\xD83\x85\xFD�DPr�\xFD\x92*
-\xF5⺥#T�\x8C\xBC\xB0\xEC8I�\xCF\xE2\xDE�YDAG\xB0_\xEA\xA7\xEF\xF3·#\xFB\xF9\xE7\x9D�\xC7t\xFF\xD8\xCC\xF9pz�\xB4##n\xDE\xF9p\xC1"T\xA7͇s\xC6\xF55\xE7\x92=\xE2̇\x9B%[\x90=�N�\x85��8\xA7|8#�Ùž�7\xEF|8Ý£8\xAF37J>�é–€\xA5\xB9\xE7\xC3�7\xB7x\x85ZN\x95�\xE7\xB2\xC5(\xC7:З2\x87\x94\x8E\x95Ýš\xEA\x93/\xC6��\xE9\xB8d\x98\xAE[\xB2\xC4D\xBA\xA2$\xA6\xA3\xFD\xCB\xD9\xD3\xEB!�b\x8C\x84d\xE8\xC7}\xADE\xE0�^Ø\xC3x\x9Er6P\x89\x9F9\x93�\xF6\xE3{�\xA9��\xEF�\xF1|\xE9\xE9�\xF3I'\xD0 \xE6 C\xC2Q�Lb�@\x86�"\xB4Y�`#f\xBE�\xB6\xEC\xB8��!\xBB\xF3\xC6iv2\xAC\xDE_1P\x8E\x9D\x8FQÉ°z�\x9DUt^A\xFBev2\xBC�\xCD\xE56`\xD4O 2\xA4E\xA9\xC1~\xE6@\x86\xB0�\xB7-�\xF4\xAE�\xAD�\x86\xECp\x9BbO\xE50\xB03\xFB�3~\xB7Myx\xA5\xA1\xAF\x8F\x8F&�qE\xF0\x99\x8F c3\xA8a�\xD2<2R\xEF?昑
-:\x9B_F\xEA\xFD\xC7�2R\xF9\xA83\xE9f\xAA\x8CT9z\x94
-\xC4\xEF(�\xA9\xA0\x9F9\xF0M\xD0�v22S?,\xE6\x93oF*\xFB5\xD0�.-ç� \xC4\xE3\xD2Ô AF\x90=\xA4,"4GY\x8B\xFBl�#��S\xE1,>�4['H*\x9C\xA1\xC1\xD2\xFC\x83\xF3I\x85\xC3 \xC6\xE4Ï™.�.\x98\xDFr\xDAT8�\xBBrN\xA9p\x90^\xE8\x92v^\xA9p\x9AW\x81!\xD3t\xA6T8\xD3?\xC6�v�\xE5\xE7�7\xC2S%rK\xB5�HL\x91Wg-�R\xE5\xF4Q\xB4\x8EΨ1\x81\x8E\xBB���È°3\xCAE\x86\xC1u\x98\x96j\xBFdx\xDA\xC3�\x94†ݨ\xE3\xDB�E8\xC0\xB8�\xBA\x90A��\x8A1\x88�,\xAF\x8E
-#\x9C\xC2\xC1\xF0\x8Ej\xE2A\xF7�\x9DiU\xE3\x88\xE8l+�\x9E\xBE{\xCE�\xB5\xC1K\x8D\xAA\xF2u\xF3q\xF3\xA2\xF2Æ—K\x99\x83\xEB\xCAB\xF7\xA0Y\xD9N6/B\xB1\xCD\xE1S2�\xFE\xAE\x9F\x82\x96\xCB\xE5\xDA\xCD}\xAD#,oE+\x9A8B\xEE^ÌŸ|\xE5\xCE;+�o\xE3\xB9X\x8Erq�W\xB7\xA7\xB6�U{
-\xD8\xD6Z\xF9î––\xECvCMvS&Ok\xBCcP<ÃŽ\xABq+G\x94As�\x8B\xF9\xF3\xC4�-\xD9\xCD3\xC3n$ze\xD8\xD5�\xBE\R�]\xDEo\xA5_h\xB9X G.\x96\xA3�\x9F$`\x83\xDAS\xC0\xD4\xE5\xFC\x92U\xEAÕ™\xEC�K\\xF6)Yg \xCF�\xBBhMNS�\xE5j\x87�\xA7\x94As�\xB1\xECq剞a\xF7\xE8\x95춘\xA3�Z?[\xF8B��\xD6ã‹\xF4\x8EdZ\x86ݹG.\xE1\xF1\xE1�}\xD0j\xF5\xB2f\xF3\xC0\x83a�\xB5��\x8C\xBF\xF4\\xBC\xC9\xCAfƾ\xFB\x94vb\x99\xF3ngTa~ZY\xDBe\xE81\xB96�W-\xD1 \xD6|\x9Bu*\xA2\xE6�\x8E%N\xB1|\xE4\xB2W̽oÈ#L~eWJX'D\x9Aܯ��p\xA2\xA7\xF6l��Ëœg�lE\xBFìš°\xFF\x94\xC81W`Re\x9FxR\xC6,?\xD5?\xE6j\xAAJr\x84)\xC5B\xACN^\xDFJr\xAC^8t\xED\xD9\\xE04\xB4\x8By\xFF\xB8\xBE E\xE4|\xBDp\xD3�\x91cY\x9FQ\xF7\x8D5V\xD7oJ\xBE\xB5�\x98\x81Κ+`M\x89\xE8U`\xA8�\xC7>%\xE8\xBE\xF1\xAC,I
-w\x9D\xAA \x9D\xCB\xD3;s6�\xB3�f\xA6l:R.��\xB19eÓ‘\x96�\x9A{6�\x8D^\xE6\x9BM7k\xE6\xE3\xF4\xC7Ø–D\x9EW6�I\xAE\x9B\xBE\xF1\xB9eÓ±\xDD�2k6] \x89<C6\x9D};\xB5\:�\xAFu\xC0l:\x92\x9F�\xBB\x81jN\xD9t\xA4\:zlÏ´\xD9t$Å�\xDB3c6��\xB8k\xE6\xD2yÜ«0e6�)\x97�Ù•sͦ#M \x93/sʦ#\xE5\xD2\xD95\xA5ydÓ‘\x94S\xD3\xD3;\xB7l:\xD2\xFEi:\xCC<\xB3\xE9H\xEA\xE0\xB4'\xBC\xF4l:RW\xFE\xF9\x95A\xB3\xE9\xBC!6\xAFl:R.\xDD,�\xF3S�} 6S6�\xE9�\x85��?u6�Ö\xE9�4 �\xB8�_\x86\x83\xE7\xD2!\x89<\xD7l:r�\xFC\xBC\xB3\xE9H�h<y\x9E\xD9t\xA4\xF41T!w\xAE\xD9t$\xE39\xE4í’ž"\x9B\x8E �\x81\xFD��*8�\xC4�\xFD\x86\xC3i\xB3\xE9H*)^\x8Fϯ`\x9A\xBF�\xB8�\xAF(��PxP_\xC6!V$\xF6N�\x8Bx\xC3=Äœ\xF8Äœ{K\xF0\xE6`<yN\xF5\xEA\xB6�\xD5ꦯ\x9B@\xABWG\xC2O\xCDz\xA5\xC3É·\xB2\xAD�\x9C,(\xA18X?Å‚
-�*cj�Z+\xEB\x99iRAX�6%ru\xB9Y\xF0\xC96\xA5G\xC5O�g\x85\x93o\xF5Y�\x87\xF1\x98T\xD7\xE7\xBA
-�Ë´\xEC!\x8D\xC3�Ξ\xDF�\xEC"\x81�\xC4\xE2\x99;\x98G4�c\x99;\xFDN�o\x95|\xE62w\xB6\xEAr,\xE7\xC3S\x95\xB9sÕ¯\xF4M\xA4\x9B\xE6NpG|2\xB9\xD0]\xD0�\xB9\xCA\xDCѸ\xA5g\x9AR\xE02wD\x8F\xA2\xB3\xD0]\xC0\x8C�w\x99;Lf\x8BB\xF4.sG\xCB}c;<�\xB7/\x93��\xC8\xE0}\xCF\xD5\xE8pny�\xDBkg\xCB,{\xE9\xAFt\x83\xA5\xAD\xC5g\xCE\xE5��2\xC5b\xB8\xF1Ó–\xF5\xBC}�c\xAA\xB7\xE3SLÐT\xE4\xB4+\xD9�\xE9\x82\xC6\xFE�d%\xCC0\xA4�q\xB0\xD7\xEDÃ’_\xD9j\xA4R�\xE8C\xD6|"\xEC.5\xCF
-[\xA7\xEF\xEE|\xA2\xD3wVA\xE7s.�\xD3\xD5Ò³�L\x9Bg4Ts\x9E\xD1P\xCD\xE0ÒŽ\x9C\xF98%\xF1\xD9\xF3��\xD6A\x88F/\xD3\xF6\xE3\x9DSk\xF5\xA2Ù•�\xFD\xCC#\x9F3�\x8A\xCDL\x81\xA8�oÞk\xE3>\x91]\xA8\xB3\xC0\x89\xB5x\x9E\xB83\xB1\x96pE1x\xB6\xE9-\xA5\xD9o�\x84\x9D\x95\x9D\xE9+\x814<[W�c\x8D!LvQA\xF9\xAD\xBB\xE2
-JR\xBDW\xAF�j\xA0\xAD%\x9C\x89�\xE0\x99O\x91&\xA7%N\x8D\xA1\xBEd\xADQí™r5\x9C\x8F&\xA1u5\xBF
-\x86WC\xD6D�O\xDAWߦ\xA8S\xEB�\xD5_\xD9]_ Í¡Æ\xEB\x96\xE2\xA9N\xABQ?3\xE5s�u\xAC\W�O\xBB*{r\xBA\xFD\x86C\xD6T�\x8B@�%2\xF8\x9D\xF0B\xDDkÅ•O\xB4\xFC\xE1\xB3�\xAC�x\xBD\xC6\xDDlG\xE4F\x85;ψ�f2\xF4\xABp�\xA0n\xF5��\x8F3\x97E'V\xB8\x9B\xB6R^0\xF2\xA1WÊ›K>ge.yI\x8C�\xEEX|\xE3\xB3W\xB8s\xD6{uÖ¸\xDBb\xA9p\xC7z\xAB9�Ra*�í—E�ט\xE2\xDEQ\xD8\xD9#C.,\xA6\xE6 Ý’\x9AX+G[,.�O\xD3\xE5�\xC58\xCD!\xF3\x91\xE1\xB2�\xDF{\xAE\xB4~f\xF4f!\xDF8\xE8g�\x89\xB5\xB0�J\xA0\x93\xC3�\xF3\xEF\x87~/\x9CG�\x93\x99\x99\xE2,\x977u~\xBB\xFB :\xB1\xAAï¾�of&C3?\x8D\xF3\xE0c\xD44&
-(��\xEF\x94�3�\x86)\x8D\xE9fJ\xB3\x9D\xB8/7s\xBB\xDA�v�\xCC\xF6\xE9\xFD\x96v\x88y\xDB\xEE�\xECJ\x98\xE89e��\xE6�\x83i\x86Wt\xC6�L1\x84Sr\xC6*�\xBC\x95ß©�\x96Ó«.Å°\x9C\xC6&L\xBB\xB5\x89\xC9>\xBBe(\xF7\x88\xDDw\xE1_\x91\xEE\x95zS\x83O\xB9G\x82>VN\xFB\x98E\xCCWS\x81\xAE$?\x88\xB1縖\xD3λ\xF9\xA6\xD6a\\xF1�A��\xEC\xB5�g\xCFq\x85E\xF2\xDC"\x8F\x9C\xF5Ì\x98\xE9yÇ›S8x\xDCAd\xD1/\x97\xA9=\xAE\x92\xC63\xD2̺eE\xD9\xE6cZ\x8A\xDE\xC5v\xFE\xB6\xF2\xA5v{Q\xF9RUvv\xF7r��\xA1X\xB9\x94n\x97Ë¥\xCC!�\xE3l\x8E�\xD1�\xEBÛ§\xA7{\x97�u\xD8.G\xFD;r>\xDCF\xE4\xCEÊœ\xD2|�\xB6Ü¿\xB3\xB5S�\x95l\xF9p\xC9\xF5\xF6 - Oz]\x89mD\x86\xA4AC1\x98\xB0E\xCF\xFDS\xA3\xB5N\x86:(W\xBB(\x9DQ�\xCD-X9b\xFA\xEE۳Ğ<�\xAD\xAF�\xB1A\x9Du\xD8Ö’\xAA9(\x96\x9A�\x8A! go^�\xEB\x94Ü¿h\x9C\x9A\x9A\xA6L\x9Exz�^rc\xFD�\xBF�Ì™\x86\xE7Q]/{{\xE7\x95\xF9\xF7NL74\xB2\xD2jË�\xD2ZÑ K\x8D\xEEk\x876h\xD7+ \xEF\xEC\xC6\xC6-\x9Dix\xC7wuÊ \x85=[\xF1B\xE7\xA0g\xAE=Eg\xE2\xFA�\xC0\xDF&\xA6\xAF\x91Z�Ú3\xB5\xCB\xDE7\xEC\xF9\x95\xF4\x96\x89S\xAD\x9D.&�9\x82\xD2i�nm\xD2w\xD5~\xF2\xF4�ï¢Ê½\xC2&\x93\xEE\xDB\xE5N\x97\x86\xF3\xAAbF
-\x85\xA1zH\xE8\xF9?�SN\xC9q\xBE�&�(�\x86\x9Eme\xD3tg\xA9\xCCrW\xF1\x8Bk\xC3nj\xF5\xF1$\x9D.\xFB\x84\xA01l�\xB2\xC5\xEE*\xC1B\xAB<\xB2\xD2ÈU\xD3d\xA5\xF9Eh\xBA\xB1\x89v��̺\xF3D\xCE \xEB\xBB��\x8A�\xF4X\x9F7j\x86\x82Lʯ\xEA uJ\xF6\xD3�\x98w\xE7�\xA7\xC56%<J\xCBY5cG\x9B\x8F\xDBÒ±\xB3\xAB\xF4\xD0Å®nS#\xAA.�\xA8f\xCA\xD7\xEA\x94Ç—\xB6\xBCW½q\xAC\xA7xv\x88U�\xE6/\xF5\x86C��\xF8ku�\xA7<`i\xF7\xB3\xFAǾV\x91_kV\xFF�\xD8s\x86#k\xBF{\xAD\xE7\xE2Y\xAE\xEA\xFE\xB1\xD9�Ãœ/\xE6k\xB5\xC0\xCE\xECw\xC51^\xF2crKG\xD0HK�:\xB3f\xE5h\xC3{ͬ�\xA6%L\xE6c#;\x9C\xC1\xF4Û€�N\xBDk\x9E1s\x98\xD9g\x8F\xB7\xA4xU\xE0%d\xF4Ë®�\v&U\x9Aee\xD0\xCD�\xB6 \x82\xBA\xFF\xAD�>\xFA\x88e#w\xEA�\xC21X"Ya\xEC\xD0G�5S\x98S�\xBFz\xDFs�(\xC7\xCA/.\xDEæ¥L yG\xBB\xD4{��\xB4q|J�w\xA79%\xA4\x8F�L�\xB4\xF3{\x96TN\x9A\xA6\xF4V\xF45�\x98\xF7\xEFj\xD5ß²`\xF3c\xCA}\xF6Έg\xEB\xDE\xF3\xA2Te�\x9D\xF9�\xFFe\x9F�?O\x88Ñ‹lM�1z\x91\x9F) \x96\xA5v\xE6J�\xA6k\x87z�\xA0]\xBE�\xCD�\xA4\x90\x94+�\xD0\xEB��!
j�\x81+\xEA9\xAC׀Y\x80\xAC9\x80:\xE7\x9Fҟ̚�\xE8\xA1[2d�\xB2\xE6 2U1\xA3\xC0\x84\xBD\xA2\x9EG\xAE(C� k� K\x96
-=�\x90=ÇŠ
-\x8E`\xD7\xC0x\xE6 �\xB2\x91i\xA7o\xDE9\x80fÆk\x93�\xDAÓ¬E\xF9\xBC+\xB2Í«(_0/Ü´E\xF9BDm\x806\xA9i\x8B\xF2�*\xB2}BQ>2�\x9BwQ\xBE\x90�?\x9CKQ>\xA4\xF5\xC1
-x\x9FZ\x94\x8F^-k\x9EE\xF9\xA8\xF5+g(\xCA\xE7\x98R#{o?�\xC5#B.\x99R\x83\x8D\xBA~\xD6�HU\xFD\xA6\xBA�\x8AP\xD7o\x8AX\xB8)\xEA\xFAQ \xA6W\xF5\x9B\xC7\xDDP\xB0\xAE\xDF\xECѶ,u\xFD|\xE3\x94\xE6R\xD7ϻ\xAA�\xF3\xDDP>u\xFDX\xAD\xAE\x9F\x95\x8E\xE8y7Ԍu\xFD\xBCC�a6\xC7<\xEA\xFAy+\xEC\xA4�\xA2i\xEA\xFA9\x97k\xAF\xEAG\xF4)MQ\xD7\xCF;\x9E)\xE4\xEF\xD0e\xAA\xEB罴Pl>u\xFD\xE6Q�Ŀ\xAE\x9F\xF7\x82t)6s]?#\xE1\xCE\xEBV\xF3\xD9\xEB\xFAyG\x9C\x91s�\xA7L?\xC2CO\xCC\xE4#xͳ\xB6\x96\xD9\xEB\xFA\x91r\xDB,\xAA\x9B)+ͷ� \xEB
-T\xACu\xFD\xBCM]CS\x9A\xB5\xAE\x9F�mrU\xBF\xE0\xF5\xF8\xE6\x90\xF3>u]?\xEF\xAA~\xB3\xD4\xE3c?P\xA1\xE7\x8C�\xAB\xEB\xE7��\x862R\xE7Q\xD7O?P\xA1T\xF5\xC3rxgMO\xF1\xA8\xEAg\x8B\xBB\x98\xA1\xAE\x9F\xE7Qd\x92\xBE/\xC1\xEA\xFA�\�#;UΣ\xAE\x9FwU\xBF\xF9d\xA5Õ¼×¼\x80\x9D\xF1\xCDT\xD7\xCF\xFB\xA0Ë•+:e]?\xEF\xAA~3\xD4\xE3�P$Ø«�\xDFÌ·x\x98U\xFD\xE6R\x8F\xCFW\x89g\xC8\xE6p\xD7\xF5c\xCC{ F\xDB\xCET×\x90\xF7\x80])\x8A\x8D2S]?<f\xD9]\xD5oʬ\xB4\x80\xF1��\x93\xE7P\xD7\xCF\xF3\xBC\xB9�h.u\xFD\xBC\xCD\xE8 \xF5\xF8\xA6\xAF\xD5m\xAB\xC77�2$W\xF5\x9B\xAE�_P[\x9At{\x83\xBB\xAE_\xA0R|ή\x9C7\xEA\xCCP\xD7Ï»\xAA\x9FG\xE6c\xA0\xBA~3\xF31\xA6\xBA~\xDEj\x8E\x85c\xB3\xD5\xF5s\xCC\xCBaUOsk�\xA9\xAE\xDF�\xBE\xBE)\xEA\xFA\xD1za\xBC\xBD\x81\xB1\xAE\x9F_\xCE\xC8|\xEA\xFAy\xF7\x82|JGt�{\xC0\x9C'JU\xBF w\xA7;\xC9\xD0V\xD7\xCFʬ"-\x9C\xEE\x81�V×\xA4�\xE0Rl>u\xFD\xBCA \xEB\x8AΣ\xAE\x9F 1\xA27\xC7}/�KΓ\xBB\xAE_0\xBF\xE5\xB4u\xFD\xBC�& 7ON\x91\xF3\xF4\xA8xW\xF5��=\xE8Q\xD7\xCF[1\xC4\xF8\xD8Lu\xFD\xBC�C\xD7I\xE2\x94u\xFD(\xA0Ô«\xFA\xD1NF\x82\xD6\xF5\xF3>\xB1 \xC5\xE6S\xD7\xCF;�\x98\x98];E]?*\xC4P\xA6\x80\xFFY�[ =\xEF��{v\xED\xF4u\xFD\xBC\x85\x833\x8BsÚº~d\xE1\xD0Ȧ\x91p\xB0\x8F\xD2\xC8zLY\x93�^\x97\x98"×®\xB8X|\xCB8�\xBB\xA1�\xE9�\x935\xF0Þž\xB6\xE8tiY>,MV.\xD9\xC8>\xFE\x8E\xBB\xBC�c6�\x82\xA04�#�\xAA\x80;\xBB\xED\x96(\xCC�\x8B\xC4\xEF�\x93\xC8jf\xF9�\xE5X��\x8DF
-UQ�u7\xB2\xF2\xA2\x9CeVckK\xE2\xF5\x91\xB4+\xE5\x92\xEA\xEB~f8\x91\x97\xF7\xBA\x85\xE2\xCA\xF6\xDD\xE2\x97hd\x9C\x88\xEC\xD6\xCE3\xD1Û¯\xB9\xB5\xC5\xE6\xF5B%\xF66h6\x96\xBB\!
xAF\xA3\xD5\\xB3\xF1\xF1\x98\xEB4^vޞ\x8E_C\xB1\xC3n\xB3X<\xBE\xDF\xFB\xB8j\xF2\xA3\xC3\xE7\xE6\xEBY\xAFY\xCF�M\xAE�\xEB\x89\xF8\xE3c9\x99\xF8v+};y?M\xAE?\x8F\x92_v\xC6J\xAC�_V�q1��v\x87\x99�\xB7\xF8\xBA\x9E\xF8\xD2h_%\x8Bɣ\xF8\xD6\xC7\xE2{\x83\xEB\xC4��E\xD9^;\x8D\xAC<\xD4\xC1Z"B餟\ogw\xB8�\xB7\xBD\xC5\xD5.\xAEk\}ax\xCC\xD5O\x8E_�\xA5\xB7\xBD\xAAL^\xB7\x96\xD5\xE5\xD4q�.<\xA2gZn}T\x93\x9B\x85\xE3;\xB8%�\x94\xF6\xC6U\xAF\xF2\x8F\x8A\xFAr\xB0\xC0eN\xBA\xD86\xE1\x9E^}_P~\xE9\x96:\xAE|\xA9\xED6j\x9B\xBB\x9Bm\xAB�\xA4VGp\xB9\xF4qN�V\x9F\xCF6_/�?\x94\x9DA\xEE8r}|\x98D+
-ňk\x9D<\xA5�W\x96b7\xA7\x8B\x85\xF5~)vڬ�,?5\xF77\xB3ť\xA3\\xD2L��\xDBt_]\xCD7\x96\xBE�\xB4H\xD6\xD4hm5\xA2\xF4�20\x81\xF3�\x88\x96�\xC5f\x8BiTbiWO\xB1\xBEͷ
-\xD5 \xDD\xDFZ\xB2\x96fI���\xDB\xF9嵥\xA1\x90\xAD^\x97>\xAEv2\xE3\x95
-\xE00\xC5l+S\xAA
-{;\xE0\xE9\xD1\xC1\xCE\xF3\xE5\xC5\xF1\xEE^\xEE\xE98Y\x946\xB7k\xC5\xC5\xF3N\xF9\xE1`a�\xADT(\xDD&\xAB�a\xA3Kݶ\xEA\xD7qx\xC2�OVR\xB1I-\xBE\xB7\xBF\xCFW\xBF\xAEm\x94{r\x86\x87\x9B3\xA8\xB6\xDF>\x8A\x90^n\xDEV\x85ǽN\x8A\xCB\xC8�\xABP\xC6/ˆ\x88U\xF85�\x98\x9B\xC37q\xFB2\x9AF\xC75�o_XF\xC6�\x97\x91\xB2 \xF4�@lg�~\xAE%\xD1O@\xCC\xE7�\xE0\xE7Ϊ~\xCA�z\xEC\xA6\xD0\xDF\xE2\xE2\xC6\xC6S\xED1qw\xC8=\xDDy\xD9YoD�0\xEFC|\xA2)n\xF0d\xBEX\xC1_\x94c-\xF3E
-q\xC9wB1\xF3U�\xF5\xB2\xF9l\xBE\xE0\xB0�\xAB\x8B\xFB\xAFƋ\xE3�Z)_oDe\xF3Y�k\\xFF\x9An\xA3�\xC8F>^\xC5_\x8D\xD68\xF8,\xA3\x8B�阃 K\xEF\xFC^\xAE!\xC0\x9F\x82\xD6w\xEBk\xCC\xEC\xFB,\xA95i\x8D\xF8U\xF8s\xD5d8\x8B U\xE2{h\x94\xB3\xB4֨\x9D+\xC3~\xCE8tm<\xDF\xDE;A?\xF5n\xDB_\xEExd\xA6p\x99\xDBZ2s\xD4|�\xC1ۋ�z+$rk�cЋ\xB46
-\x97X,pB\xBF \xA4X5UL|\xDDY\xE7\xAE�q\x94�,Sc\xA9\xC8\xC2t[\xAF:\xE7�=f�=\x92\xFAC\x968s\x8F�\xD6#\x9FYP7\x92\x97\xEBJn\xEB2{\xBC\x9B\xE8\xC45jJ|iF�\xFE\x825\xDF \xBB\xEFÆ�\x8A\xED�^_?Y\xE8%$&\x9D7c\xE9\xD7�\xB2�\x95\xBDM\xA8 ^k\xD8-T\xBE\xEC\xF3�\xDAW\xDA'\x92\xFEW\xFFR\xD0\xFF\x9A\xDC}E\xA4.T�\xF2\xA3+vT\x93gX\xAE\xEC\xE6(\x86\x91\xBDI\x95\xACd�h;\xBB�\x82I\xF7��;�u\xB4\x8Dh\xBF2\x91OO\x88d祥\xABc\xE0\xC1\xBBfJ Ɯ@\xCB \xDC\xEB Qj\xD2hr\xF5\x81,\xF1T�n \xE0�ҽ
-\xDFg\x92ի\x9B=�\xCA{=\x92Y\xE2㨼&\xAA\x83 ~\xE6W4\x8A\x97\xA3\xCD,\xEA�\xDA4�\xFAn \x8AG \xD6P\x8F\xF8�\xA4\xF9\x95\xA2[\xE2\xE0\x9F\xFC\x86\xC62\x9F/\xD7\xEE\x88.�\xC0�\xEEu�1\xFF\x81/\xF8\xD4\xF2k�Ro�'\xEB\xE2�zz�5"
-\xC5\xF4\xA7\x8D$\xA4\xA7\xC3U\x8D6R_\xF3]\x93\xF6A�\xF9\xAB\xBD\xF2\xD3\xDBn�*(\xFDR?:\xA89\xB9 D>\xB4u\x90�\xA4\x85\xCA\xEA]\x92\xCB\xD4w\x92p׎\xF0\xF81M7\xB1\xDB� 0\xA7e�:\xBB\x9Ci\x96\xAC\xB0�\xBCi*\xC4�\x90\xAE\x85\x89\x9E\xF3�Y\x92\x86X�X\xEDY\xB4\xBC���\x9E\x8Fa\xF3+[\xA6\xB7\xD6E�u\xA1w\x90\xEAU��$ˋ\xDBUݮDE\x9B\x85x\xF1V\xB4d3z�\x8Dnm\xD7u5as\xB8\x82+S k\x81\\xACi~BԘ\xEBF\xA5\x8C\xA3\x83\x9B\x9B\xD3]\xAD�x\xAF\xC2f/\x8E\xE9p\xE8@ &\xB4C\xD5\xFB\xF5Uqi\xFD\x8E�\xF8TIA6\xABi\xB0\xE8�P\xA0\xAF\xD2ڳ�\xF5QDHZ\xAB
-G�\xF0\xD7\xE3Ø‚{H\x93I\xFA
-�\xC2Ë™Un�\xEA+Q\xEBf�(\xF9\xA2\xF0Å=K~\xD9\\xD0\xEBÊ"\xB6\x8C\xAB�v\xE0\xA0G�\xF4�h�\xF1\xED\xBB�0\xD1l\xDDyK\x82\x9E\xC1�\xF7%{\xFB\xC5R\x92\xECE\x8B\x8D 0Ú…�Vu\xE8\xF3w\xE1+~2\xA2\x95\xAA\xD3�TQ\x9B\xE6\x82�\x95\xA2\x93\x94y\xDB�Uk� hr\x89\xAFhr:\x8E!`᱇\xA8,\x89\xA63\x81.\xAC{3v\xAEWd\xA4�Ae
-R\xD8\xE9\xD0]\xEB\xB9\xF2\xA6)\xFE次v\xA1\xCF\xFB+\xBE�\xFD\xCBc\xDAFd�6±
-\xCE\xDB\xE7V\xB0.b�\x91'\xA3\x8BM\xC1\xEA"\xDEZ<\xBF\xA7\xECd\x82�T\x80Éž\xB3\xB0w\x91\x9Ar�\xA6-\xF6\x94X\x9Du�i*(�\x8E\xB1,\x83\xA3t\xB1)\xD8Ú¥\xE8�s b*\xC5Ø£9y\xADr\xFA\xB1qM\xC8�goLJb\xF4�\x99�\x99�\xAC\xA14<\xD7\xEF^9,;\xCE\xF73+ؤ�\xE2\xFA\xA9\xE3\xEE�\xA4� \x99\xBA\xA3j�de\xF7~7\x90J�\xF41M\x8C~\xAAJ\xAEs\xCBOV\xC95__\xE7\x93UrK\xE7\xFFL\x95�\xC6\xC3 \xA5\xFC\x93Ur\xB0/4�z\x8E*\xB9\xC5a>S%�\xDA8T\xCA?Y%�\xFB�\x95rÓ\x937\xB7lI\xD334%x\xF36\xAE)\xC1\xD5\xFB]D\x81+�Z4Gz�@f\xE0\xE7\xAD�v-�\xE72\xE3x�\xA9�H\xD9@�fo�f\xFD|\xC0\x8B\xC3!\xB3\xDBK <\x80�\xC2\xE8'\xF8\xE7v\x98\xD6 m'\xF2\xA0SS�i3\xA7@}\x99l\xECgz7\xE3\xB4vv\xDEK\xAD%�\xB7��׫�\xB6\xE8t\xF3�Aܾ:>4tg\xFD�\xF8\xE2R\x97\xE7[\xF9\x84 \xE3�\xC0k\xF2\x80\xF6\xB76\x93\xD839\xBA��\xF6\xAD2\xE2�q\xA1\xF4\xE5r;�Ó¹\xCD\xD6~\x86\x93Z\x87\xDB��Z\x8A\xF1\xF6Õ¨\xA47\xA9\xAF%\x90Ö‹ �\x98KA\xDB�\xBE~�/ u\xE1\xE5D׃w\xFFo+\x94/�\xA4pA*\xE4Ù\xF3I\xBF\xAB\x9C(\xBD\x97\xDE \x9C
-\xAD\x872\xBB\xFB<9\xE8�kJ\xB7{\xD1\xFD߸2lOÞ»\x83qx-\x9C\xD9m\x96\xF7\xF7�R\xA5\xDB�v\xBA\xA09�\x{153D4D}+\xBA\xCBO\xF7É4�\xDD:\xAC\xE1R\xAA<�\xEBo{�\xE7\x9Brå™»\xDDr\xBA\xEF�\xE2\xDE&tß\x87b\x91\xE4\xD6\xDBF$\xD6\xE5�#\xA9\xD7oM\xF8\xB3\xA6)m\x9A\xFD\xE6\xF0 k\xCA\xFB�P;s+�\x95\xAER\x9AT\x93G\x8D\xEB\xCA\xE1~\xA4i\xA9\xF6H\xF5\x95\xFA\xAD\xEAG\xE5KM�&\xFCîž´�\xABl'_\xEFJO\xC7B3\xB8\xB3\x9D�?Û«\x9A\x85\x86\x8C�\xBB\x9B�r\xFE\xBC\xE9�=\xB6\xE5I!\xFD~\xBC�Il�g\xE12\xAEà¬\x82�Y\xAC�2\x91Tbg�>=\x88$ϢǑd;}�_lGVw\xC5N$ut\xB3�Y\xF9XP \xA6��Ku��\x93\x90\xD4v�\x98Y\xEB\xFA\xC6\xD7��
-"=�Z$\xD0��\xC6\xFD\xB2\x85lG\x9D\xBB\xBDE�B/�\xBD\xEF}\xCCq\xF1tF\xB3�\xBB\xF2c\\xFF\xEB[wE\xA7�8�F/\xE8\xE7Z��cO3\xD7\xE0\xB1]#\xABw�\xACıaT\xEEs�Vs{\xF2\xB8h \xB1\x9D�\xAC�8\xE8`\xB1\xBCi\xBC(\xAFb\xAC\xE9�фE�\xD6�@\x97/\xBBƋ�\xDE|\xF1U7\xDD\xEA\x9B+\xD63|\xE4z9\x85\xB9#\xBE\xE2c\xD7\xF7\xD3P�X�V\xCD=\x92\xC9 \x82\xBFM\xC0\x8Bs�\xFD�B=�~\x9E\xEEX}?\xA28�\xF0\xAC\x86D\xF5
-`a\xDD�\xC26hf�\x90[\xB5Q@\xBEI\xD0\xE8$�-\xF5��\xE0c�\xFC\xBCDݮh\x9B\x939\xBD�MI�\xC0\xBF\xB0\xB1\x80\xFC�`\x804��\xB7\x8DU\x8Bc�\xA3 \x8C\xFF� V\xC9\xC8�Kk/\x83\xE5\xCB\xDAF5\xFB\xCD$\xBE\xB8n \xD7o\xCE\xF0c�R�\x8C\xD0(\x82i�\xCAV\xB7\x8EN\xB1 \x87`\xDD�>�\xD4m\xE2\xA0pV,\xD4k;\xCB݋\xCA~g3\xA2\xD3\xD5\xED
-oa򅀉\x9ED\xFFq\xC1�\r\xD6�\x82\x8C#Z\xEB�\xF1Д\xCEf[\x97�\x9D Z7�\xDFj\xEC'\xC0_@\xE4k\xB2\xA4\xF5U\x80Is\xFB�ط\x96,\xA2\xBF\xEC\xC70$\xB7\xB1\xC1 L\xFA\xF4g ��\xAB@:߀�\xC0\xB65.\x90\xFA�\x9D\x90�\x80\xC9at�\x90Y\xD2\xCDqM$�
-\xF4e\x9CtW�%\xA2\xCB%\x9A\xC8\xE9\x93BW\xC1!U�"�\xA7\xAB\xA2\xD7UY\x93w\x80\xEC\xA1\xDC܋k±\xAB\xBEAuoE'v>\x9A\xD1�*\xD2fʰ\xE3!\xED\xA3dF𴜆\xC7\xC47\xA6\xFB\xC7(\xE4"\xD52\xE4\xA3E\xC0��,\x81ha\xE0�\xA0\xD9,\x90w7\xB7\x80\xE0\xE2\xF15\x83\x8E\xD7V4\xD57\x8E\xAB\xDD[;)M<j\xFA\xF1V-\x8D\xB1\x87�\xB5\x{166E49}R\xA32W9\xD8�rn~ ؿ\xB6u\x80)\xF0{\x8B߶4�q\xD2\xF4%\x9D1\xBA��:KΣ'\xBB\x8B�wz \x81\x93\xDClV;\x86\xB3\xA6\xBD\xE4p\xD6(\xCA\xC6\xE1\xB5\xE5\xAC�\xCA�\xAD\xAC\xC3Y�\xAFl<2:x\x8A9:\x80F\\xEB\xF4�\xF7*}��\x9Cn\xA9\xC8\xE6\xED\xBB閺t\xB9\xA5\xB2\xB7\xA7x�n\xBF�\xC0dq\xFF\xCE\xEA\xA2i\xBF\x9BP\xD2\xD4j\x8D\xF8j\x8F\xCBB⽔\x87���F\xC0��q:\xA1?\x93?V\xF4go\xD1$\xDC?\xC9thvl\xC9&�\xF6O\xEF\xEA\xD0l:\xB7\x83\xE6\xABv8\xC8\xE0ꈳ\x99\xB8\xE8\xAE1\x97c `\xB2ӵ\x84nG\xD2�\x84\xFC�\xE4;O\xB5+{|�K)\xCCI\xE8\xE9ZZSM\xD7\xD2=v8�\xEF 5\xCE��\xF0^\xD5\xE2\x82��G\xB6+tD�\xE6\x8D�\xD57\x82O\xD3}N\xA8|�a#�\xDB�\x8AQ\x9Dȿ=\x8B\xF7�LskE\xDF�\xEFYл\xC0�~\xBEs@\xD7պ\xBA\xC0\xB7v\xAAe@\x96\xB9:\x93\xFBn\xD9\xE1�\xB4\xCD�\xC7}�\xE4N\x88\xDD;[\x9A\xB0\xF5\xEE\xD1Z=W+\xE5N�\xB7\xCE\xE2څ\xD7�\x99�\xD7B9n\xAF\xD2l\x99C
-\x9C\x97\xAF&,\xBF4\xBA#\xD8l\xF9`2\xB82T\x913\xBA�ټ\xCD2(\xE7\x96\xD3CW\xCF?E9ׂ\xE80\xF5\xFCS\x94sTd
-W\xCF?E97\xCD^C=\xFF�\xE5��\xCF\xE3\xEA\xF9\xA7(\xE7\xD6(d=z>\xCA\xF9\xBCt~o\xE5\w\xDD[\xEA\xF9\xA7(ç\xD9\xD4s\x82r^\xB2\xB6.\xF8I*:GÕ®y\xFCÄ“T\xB4*t\x9C\xFA\x99'\xA9\xA6\xF3\xF6SOR
-\x8DX\xFD\xBF\xAD�\xA0N\xE8"z\xAC�:\xB8{(�\x8B\x81'\xCD\xEEx2\x82
-\xA4\xC7R\xF!
7\xA57h\xC8ß»J\x88�k\xFFÇ\xFF\x83\xFF\xE6\x8Ba^(\x84�I�?$\xF8\xB4\xD1
-\xC5Q\xDB0\x9F�7 c~\xCC\xEC*\xE3J\xAF=\xEE
-�\xB2\xF2=\xBC��\xDD�5.\xF7+ᵰ\xD6\xF6�\xB4]�\xC7\xC1l\xB8G\xD0�\xBCJ@\x9F\xD4#\x98\xE1c\x88�\xEF\x82\xFF\xBF\xF9�\xFCs�\xE2\xD29A\x94\x84b\x98KK"\xFC�\xFE\xC1��\�\xFC!\x88\xBC\x98\x87Oļ e\x8B\xE8\x8F\6\xCF\xC3?
-Y\x91φ㧻\xC7�'\xC7\xD5pV\x90— \xB4\x8A\x9B\xB7�\xA7/ �\xF3�\xFC8 |�\x8F\xFE�g\xC3G\xE1\xBB�.Ü38� \xB9<�_
-\x8B\xE0\xA5\x9C\x94
-\xBF\x87D\x9EK�\xF9\xBC\xF5\xA8��\xB9|:+�\xC3b\x81G\xFF+\xE4\x8B\xDAW\xF9|\x9A\xCB\xF2aW/\xE5\xD03\x{A185B2}9\xF0U^�\xAD\xC0�\xA0o\x8E\xD7��\xE1�9\xD0��^ \xE1,'\xA6\x8B\xB0\xE3,\xE8\xB0 \xBF)Hi tc=\xB0f#䤴\xC0�$۳� V� F�S�\xF0̆\xE1Py\xD4
-\xBC\x82}\xBB\xE7\x83f V[�\xB3\xE8!\xFC_8\xC7�\x9A\x93X\x84�\x809�\xC1b�y)\x9C\xE5y0�\x98\xBD &\xC7\xE7\xF2\xE8�\�\x98\xA6\xE3 \x98�\x98�o|\x95\xE7� \xA5\xF2\xD94�\xBE΂\xFE�\xF0�!W\xD4�\x9F�\xEB)\x86\xDB`e\x85\xB4\x98ˊ��RQ\xCA#\xC8
-\xF0k\xD8H*\x8A\xA0�\xD0F\xEBFJg\xC5<��\x80"z�\xBBF�\xCC\xE7\xD2"j��\x87�\xE6\xB4ox!-�D�\xAE葔CS\xB6\x80\x9FO\x8B"�k^\xD0\xD6��\x83\x8B�\xC1\xBCx\xB4|�\xFE\x8F�x�@\x85\xB4P\xE4\xD13�>\x88P\x92\xB6�E\xD0-\xECD(\xA0\xF5f�Q\xFB-r\xE9<\xF8"\xCB\xF1�\x9B\xCA!\xF8�\xF6\x97\xE58к\x88&\xE3\xF8[�<\xEC�~\x93� �\x81U\x88\xBC\x8E\xA9\xC5,\8 �\xD4P�\xB0\x87\x93\x82�@ĂC\xC1!�\xA2hC�8\xA1I�\xD4�8�\xBF/\xA2\xFE\xC0�\xC6#�R }\xC1\xA8�\xFEL\xE4��{\xB8�\xBC\x94��\xBE!\xE0�u 9 �\x81�\x96a\xD03�\xF0C\x82\xF0\xB9BN\xC8kԛ\xCEI\x85\x82 9A!�\xDFo\x96\xC3\xFD\xE1\xCB0\xDC\xEAO\xBA&\xA5\xC3%\xF2�
-� 9�mDc=+\xE4 :�\xBA \xCFD>]\x90\xB8�\xF9�\xF6\xAD�\xD0 \xB0!\xDB# �\xB8p�\xA0c\xBE \x97%�P\xE6\xB2�\xD6`\xDAE\xC0\x9A\xE0\x93BQ\x82lBH\xA3\xC5\xC1\x9D�d\xC1��7\x9F5\xF0g`\x9D|�~ \x88\x98\xE3
-��\xE1\x8B�\x98Y\x80\xE2|!g=i\x87Ĭ\x90.f�t\xB0Vb:\x97\xE5\xB59\xF0|A\xC0\x9F \xD6U\xC8kߙ\xCF \xD5
-�\x9C;\xF8#�\xF1�<�\xDD�\xB0'\x80\xE5\x89��\xED�\xF6�\xD0"W\x80\xAD \xDC$ID�\xC3 \xD9,\x9Ag\xBE\x98/ZO\xE0x \xFF9{\xAB<\x989z�\xBA\xCC�\xF2\xE8 \xC2_Ȭ�ÚIJR\xDE|\xD2\xC0\x9F�i\xC0\xBE\xF2hq\x805\xE7Є8�\xC8�8|\x8E�$\xEB ��\xCA�\x88\x80f+ Þ¬ \xC0I\x8A\x80\x8C�\xDB�\xB8\xFDY -\xD7x\x96�4&\xE4\xF4i#\xB8A6%\x88\xD8�!\xCD\xC1Ý\xA3\xE9\x8F\xC0\x9E�\xD0\xDC\xC0�A\xD01%+\xE4\xE1\xB4s`\xBB\xE0\x84,q�$`ZÈ¢�\xB7pL�T\xC1ç´¾\xB2Y\xB8\xBF艘G���E\xDB�\xB0�\x9C\xB6O\xE63\xB0�\xC0�%\xAC\x95\xB9�R�\x90�\x97\xB7\xEDS�0\x81<�\x94\xD1*�$�\x87�_�\xA0�\xDC\xFA\x9C \x88\xB9X@\xDB"B\\x85s�$\xC0\x89\xBC\xF5\xAC\x81?�3\x85d���B�\xDB�l
-\xD6^IY\x8D\xEFc\xAD \xE7B\xF4��\x93\xCFs�\xF6�_\xB2\xF9�\xA0\xB9(\xE4\xC2VO&q\x98\xE3a$�fUD{b\xB5�\xD2)�d \xEC)\xCF\xF3\xDA\xCC�Å‚\xC6\xE5\x81 \xC8#\xA6� \xA3i \xFA\xB3�\xFE\x8CKg\xF3B���l[�m=\xE0dpw�5\x89\x90â°7y.\xB6\xF5��\xCE#Y�!*\x99\xAC�\xB1n\x81\xD7EQ^\x93.N>�\xF9+QW\xE3™\xFD\xC1XS\xCE\xC2\xED\xE1\xFBh8�t\xC2\xEA\xAB<\xEA\x86߇\x9D.\xA6\xA95J\x9A\xC2�\xD4G\xA4Ö�k&v*\xBFt/�\xB9\xD7�\xEA\xE3\x8B*\xFF\xD5
-˃\xC1p,\x8F\xBB#\xF0&\xFC\xA2t\xD5\xF1P\xE9\x82�\x87\xC3'\xE0�\xA39PDOj\xA1\xFF�IHȔendstream
-endobj
-934 0 obj <<
-/D [930 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-935 0 obj <<
-/D [930 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-932 0 obj <<
-/Font << /F21 938 0 R >>
-/XObject << /Im1 931 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-957 0 obj <<
-/Length 1075
-/Filter /FlateDecode
->>
-stream
-xÚ¥V]\x8F\xAAH�}\x9F_\xC1\xE3\x98h\xDB�\xD0\xC0\xBE1\x88\xCA�\xC1�\xBC\x93\xCD\xDE}`�G\x92�1\xC2\3\xFF~\xAB\xE9�D'\x93\xCDn|\xE8\xD3tYu\xEAT\xF5�\xD10\xFC\x88fp\xC4mjk\xA6\xAD#��CÛ¾?`\xED�\xD6��D\xD9\xE8�C\x86\xCE�L\xBEX\x9D\xE8�F\x96\x85�1�Y\xE0\xED\xDA\xEA\xCEÚ°�38 ��g\x94 \xEB\xA7\xF4a:\xA7T\xB3\x91\xCD)\xD7Ò½\xC6uĘ\xA9k\x9DU\xBA\xFB\xEB\xD1-O\x9F\xE7\xE2\xF5P\x8F\xFEN\xD7 \xAC\x89!�F�ci\xB0��\xD39ѯ<M(2\xB9͵ɕ\xDDO\xC8T\x9A�\x82�\x8A W\x91\xA70\xA2�\xEB\xE3Ñ„�X@\xA3\x87\xBC\x87f�\xAD�\xDA�$\xB8\x87\xA4\x87\xB4\x87L"\xFFX\xE7\xE7c^\xCBY\xF2Y\xD5\xF9{%'ny\xAC\xCAs]|\xBC\x8F\x9B\xBC c�3li�B\x90m�\xB4a\xEB�\xB7h4a�Cr�\xFEI\xA9\xEE'\xAE�`J\xC4\xFF�\xBC\xB4\xAB�a��\x9Csͤ62u]\xFF\xB6d\x9D\xF5\xE4\xDA\xFC\xBEf\x84\x99\xD0'\xA6\xDD{\xFD\x9FE3\xFFS\xD1z\xC9q/9\xEE%\xC7_K^\xEE\xEBKv��\xEB1\xBF\xD5�\xDD\xEA��\x82R\xA8\x80 �\xB0�\xE1\xDFw\xBC2\x9E\[ß«gX\x88bJz\x9F"\x9Du~~/\xAA\xAA(\x8F\x92S]\xCA\xF1\xA3\xCAU>[\x90wD�yT\xF3\xF7rW\xEC�_\xB2\xE3nZ\x9E%\xDE�U}.^>j\x95c}(T\x97Uw\xF9\xEF\xDB?e\xC7O N�\xE7SY\xA9\xE5KQ�$j\xEDÄ—\xF2C\xE9\xB9Ï•��h\xBA\x96 Ê 7�M{\xC8e\xC0��\xE0\xF5\x9CAQv\x8A\xF8\xA9Y,�\xBB|\xD7\xD2\xCD\xEA�)\xF7\xD9K\xF9+ï¥\x9D\xD6L\x8Fe]l\xF3N\x83Û„O7\xD2�\xCCO\xA7<SY�j={{\x93\x89\xD8�\xB217\xDAL\x88l\xE2\xF2T\xE4U\xD3(м��9\x9D\x89�j"\x9BQ\xAB1I\x97\x9Ej\xB5h\x9E>\x8Fl\xFA\xE8\xC4ê‹Ÿ\xC8q�G?\xFC\x997\x933\xB1{\x9D\xA4\xB5�3\x89\x9Dp\xD6~t%\x98�
-�\xA5\x8C\x9D \x90 at E\x89\x9D0\xF5=\xB5\xF8\xEC\xA7K\x89bo\xE1\xC43\xB9-\xE1\xE0ftX\x9CT\xA8�I\xD3t\xD9R\xFC\x82|\xE8�\x9B\x99�.n\x82\xFB\xABu෹|\xC5$\x9A\xCBq\xE5\xC5\xEE��F\xA6\xFE\xE8<\xF9\x81\x9F\xFE\xD9'*\xD8qd\xEB\x969�|\x97$\xA8\xE5 \xC7P\xF1\xF5~x\xE0O�^\xF6\x8CZ\xBD\x9E�\xF5\xC0w\x9E�\x85\xE7Q\xDCFUᓵ\xE7\xFAN0n5\x8E=\xB7\xE18nc\xDE}��M��\x8C\xF8PL7
-�\xEF\x8F
-\xB0�\x8FÊ¡\xB3r�\x9D�\xB7\xC1�\xAB\xCFKGDI\x93��\x8B\xDB\xEA%\x9B\xA0\xF9\xDAI?\x8F\xA3\x95J,Jz\x91�%\x8C\xE0`\xBC)\xF0&\xF1\xDAܤ\xFB\xA6 C>Б\xA0t2nyx\xD0\xC5\xF1Ps\xA7�\xDDÔ\xC2ai!\xED4v��\x85\xDE"\xF0�^\xE8z\xC3HQ\xE3Yp\x85g�\xB5Ȱܲ�\xE3�3!\xDFh\x93\\x87T\x8E\x9D\xD8O:)\xA2M:d�Ý°�f\xA1wŸ\xDF�\xDD>�}�e��\xDFfd(\xE2Ú‹\xA1sVN\x9F\xCF\xFC\xBB-sw\x95P\xC2�\xB1M��\xA4�^É·WIg<\xB9\xB2\xBE\xBFJ(%\x88\x98\x96\xDD\xF9\x94�\x84\xFB�\xC6\xEDEפI)l7Ƈ\xFA\xDB�VƇ\xEC�\x8E\x94\x97Z\x9E\xDFy\xAD\xFA\x9E#\x93\x987
-\xC5\xF9\xEER\x96\xEA\xFCu\x8Bzp9\xB9\xD9[��ͱ\xC8��\xBA�\xCFQvק\x8Etτ{:$v\xA8\xEB\xD3o\xD3\xE9\xE5r�
-\xA3\xA2Ú¢\xB2!\xF5:\xBD\xBB\xB5\xD5[\x97�H\xBCf\xFF\xF5K\xF7�\xF9\xF5\x9Fkendstream
-endobj
-956 0 obj <<
-/Type /Page
-/Contents 957 0 R
-/Resources 955 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 939 0 R
->> endobj
-958 0 obj <<
-/D [956 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-955 0 obj <<
-/Font << /F22 961 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-967 0 obj <<
-/Length 2886
-/Filter /FlateDecode
->>
-stream
-x\xDA\xED\x9D]w۸�\x86\xEF\xF3+tW\xFBB(\xBE ^:\x8E\x93u\xB7\xC9\xE6\xC4\xCE\xE9\xD7\xF6\x82Gfl\xF5X\xA4KQ\xBE \x80#�\x9C�\xCDn\xB2\xB1t\xF6´\xA5\xE1\xCC\xCE\xFB�� C\x86ͨ\xFD\x8F͌"T\xE4r\x96\xE5\x92(\xCA\xD4l\xB1zAg\xD7\xF6\xB37/\x98\xFB\x8ET\x82()\x84\xFD%\xF2\xE9\ C\x94\xE1\xD9l�O\xF2\xF2\xF2\xC5�_s6\xE3\x92d&c\xB3\xCBO\xA3/\xC5 \xE7"\x9F]^\xFD\xE3贮ڲj\xD7\xC7\xFF\xBC\xFCSo\x90\x93\s\xDD}\x9F\xCE\xE6\x9A�i\x84\xE9\xBFɎ\xE7\x8CRzt^\xB5M}\xB5Y\xB4˺\xEA\xAC^\x9C]\x86`\x94�DS&g\xDA\xE4$\x93\x94u\xA1��6׳\xE1\xE0\xC3V\xEC\xEE\xFBsh\xE0c�C\xD9=\xEF�ю{\x97
-x6$a\xBBN9p\x9A\xDBCcӮ\xB3\x8Ch\xC9\�H\x9F�E\x8F.�\xF5]y<\xE7\xF6\xB0\xFE4\xFC|U/6+\x9B\xCD\xE3\xB92\xF9�\xB1?l\xBE\x9E\xE5�\x99\xC9\xFF\xDF$5>\xD3;\xB2}\x8E�`\xB8+\xE4\xEE\xF9?CO$�\x8C"\xD4y\xA0H\xAB\xEE*֎"\xEE(\xFA\xA99f\xE6躨\x96\xFF-\xFA+j�\xA8˛\xE5\xFA1ZRd\xFB�\xCC$)>\x9Bɤ C\x8C\x94-\xB5\xA6I\x89\x84\x81\x91\x82:�\xA4\xD8\xF1^\xDAAߑ"�)v\xA4\xBE\xB7 XF���\xD7\xE5\xD5p\xB4\xAC\xA6q�J?K@&\xC9\xF0\xD9K&��bdl\xA93MF$�\x8C�\xD4y CZ�d\xE6\xEE~D:2.oJ\xAF\xFA\xAA\xF0,\xBC+V\xEE\xAF��\xEB\xB6\
-\xC7?\xDB\xEF\xBFzwa\xD8\xDB�\xD7f\x9Fo6>\x99É C��(�\x9F�%���
-\xEA\x9CqNL\x9EY\xE7<'\�_\xB3Ⱦj\xE16�V\xFC\x81\x84×›\xEA\xAA膈\xE2\xB6�3\x8CØ»*䉘\xF8L&c��1L\xA0R�&\x9100LP\xE7#&,#LQ�0\xE1�\x93~$q7\x93\xA2\xBA\x8A\x8F/\xF6s\xA1峤b��\x9F\xB1d�\x80!\x86�T�\xC1!��\x86�\xEA|Ä\xDA)\xA2\xE2"\xE0 ��\xAF\xAB^lÊŸ\xF5\xAC\xE6�\x8C.>\xE3\xC98�C�'\xA8(\x82S$��'\xD4y\xC0I\xE5\x9C\xE4J\x86r\xA5/X:\x9CN6\xEDM\xDD,[;\xE3\xB9/wÊ•\xB2\xB9/\x9B\xFE\x9E\x94\xEDc]�\xB2\x96\x8A�4D\x90\xD8REL"���A�wΔ$Y\x96\xE53e(1J\x8Du\xC9P\x99�Xžo\x96\xAB\xA2y�~y[\xD8âµ±9�|\xAF�\x86\x90\xA8d
-\x80!F���\xA1 ��F�\xEA|\xA4@�\x92\xA9L�
-\xB8\xA3\xE0ⶸ<�(n\xF6\xE7N\xF19.|ê’¹ \x86��P�\x84\x8BH���\xA8\xF3\x91�\xA5\x89V\xB9 \�\xCFE[�\xB7\xED\xCD#24\xCD�5D\xC8Z2�\xC0�C�\xAA\x82 � �C�u>\xD6�R�\xA5\xD9XC(WC\x9C�\x8B\x9Beu=Y=�\xC3\xF6\xAEØœ$\xC4'1\x99�`\x88��E\x92Ó„D\xC2\xC0�A\x9D\x8F\x83\x86\xE0Dj>\x96�*\x94�\xAF\xEB\xE6?E\xBF\xC0~Õ£"\xBF\x93\xF9\xCB×¼\x9F\xF8\xEC%\xA3��14\xA0:��\x91004P\xE7\xE3\xE0\xC1)�Z\x8Eu\x86v\x83Gl\xB6�\xD6\xD1\xDFnn\xDB\xE5Ý\xFBʇ\xFA\xB6\x9B\xFC\xE6B?\xF7\x99\x87OW2�\xC0�c�Ê\xB0� �ca\xC79\xDC9\xF6\x9B\xDE2\xCFH&l�\xC3Dx\xD8\xCA~y\xFE\xEE\x95Ó¸\×›f\xE1�/\xFF\xBDY6\xE5\xCAo\x8CG\xB3�\xCE\xF8\xD4-nh\x80lqoE\xAA&\xB3�φdg\xD7ilcA\xDA4i!\xDCZu\xD8\xE2\xFE\xC1
-\x9En�u\xD9�\x8E\xBB�\xF5�C\x96\xE6F��~Ы+\xE48\xF5ꂆ\xC8յ\xA5!\xC2M$�\x8C�\xD4y\xE0'�D \x99;~\xFC\xE6\xF6\xE9\xFB\x8F\xF0\x82\x82\xB8d\xD4���\xD3�\xF2yNf��b�A��\x86"a`�\xA1\xCE�C\xDAޡ\x85v+\xDFa\xDB\xFBm\xB9\xAA\xFDb\xD0.F2\x97�p\x9E�\x8EOn28\xC0���\x8A\x87\x80� ���u�\xC0\x919�¸[{\xD8�\\xE3
-\xC7\xE7]\xBB\xDB:,;\x9FU\xF7�Pu5\xB4K\xF4\xDFY\xAF7]\xC5\xF7{j\xE2\xFA\xB5\xDA#B\xB2\x92A \x86��P��\x84H���\xA8\xF3 \x82\xC8�\xF7Í\xBC_)\xE8�\xF56wwu\xD3\xFAf\x99\x9F\xEEʦh\xC3\xD2\xC1\xD0�\xD1/��\x86\x8B\xA0\xA2\xCFd2%\xC0�\xA3�*\xA5\xA7)\x89\x84\x81Q\xB2\xE3<:�`v�Huî–³\x86\x99@|\xB08\xAD\xAB\x9F)\xE5×›\xA6@\xBB]\xC3)\x9F<� �\xD8T \x86\x9AM\xA7 \x9C
-Kώ\xD3\xE8ED\xED\x95CM6\xA4g\xECv-VaB\xFC(-\xDDHI\xF5\xE16\xFC\x94\xEB\xCA'7\xF9\xBA�\x86\xD8u�\xC5C\x80\x89\x84\x81\x81\x83:�\xAB-"\xA7D2*=9\xA1\xE7\xE8\xC4a3\xAC\xD8\xCE\xEB\xEA\xF6!\xBElkӮ\xF3\xBD�"\xE4,��h\x88 \xB1\xA5\xC94�\xB10� p\xE7#�\x99!\xC2\xFE�\x80\xF0\xDDE'n\x9Dm\xAB� \xE5BI\xF1\xECz\x98Cz\x92\xB5�\x86\x98\xF60\xFD\x88\xF6\x9100\xEDQ\xE7\xFE.b\x8Bv™{\xC6D\x84�\x81?ׅ\xAB\xC2^�\xB7E\xB5\xE8\xAB0\xC3ա\x9D\xE8KY\xF2\xF9Nf �b,A=\xCD4K\x9100\x96P\xE7\x81%% c\xCAW$�\x9D߹꾯J\xE4\xF3y�\xE77\xBA\xFB\xF8\xCC&S��1j\xA0r\xF945\x9100jP\xE7\xE3\xDDGrBY\xE6\xCB��ʑ\xCB\xE3\x9C�\xD5\xF5\xAD\xDB\xF4\xF9T7\xE1y\x8A\xE1\xE0/\xC7J�-}\xB3A{SNݕ\xFA\x9Eآ\u\x8F툜}g\xB7�\x9F\x9Fd\xF1\x81!&>\xCC?"~$�L|\xD4y\xD8��\xDC\xFE\x!
91\xE5|�?l
-\xBFZ�\xD7U\xBDn\x97�\xF7\xD0̈\x832f\x8F\xFBHBΒ\x81 \x86��P��\x88H���\xA8\xF3��\x96�\xC3i�\x80\xF0-g'W\xABe\xB5\\xB7
-hG�P\xFC.6\xB6\xBE\x8A\xFE>E\xC9\xFA�CL(�\xA2$�L\xD4\xF9x7\xA0\x8Ad\x9C\x87""\xCCE.\x96\xD7U1\\xFC\xECP\x86~�I\xDC�\xCD)�\x93\xFDD\x92\xBC\xDD��FH\xDA9\xDF\xD71ݒ�\x8B�Ci\xC7{l\xFD\x90�A\xA8ɥ\xEBb�\xD6�O\xAE\xEE\xEDt\xC6/1\x8F�Y\x95E\xBBi\xCA\xF5d\xA6\xC2\xC9>\xB3r�2�
-"+\x87;\xE7\xED34\xBD��O\x87df\xD7k\xACP\xE7�%yΆ�^\x86\xA5\xC3wu\xBB\xFCdg\xF6\xF6Jݣ\xA7G\xBEՌ0�\xE0\xC5H\xBD�\xA1!r
-n\x89\x8D��\x89�#
-\xF5�HS\xC6�\xEBÂ\xE6W�^=T\xC5Ê—u�ﮊ\xD6\xDE\xCDM\xA6��\xFD\xDF�\xB9<'34\xDAa���1\x82v\x83\xC0 \xC2\\x87r\x80KM\xB2\f\x9E\xA0qr\xE8g{\xFF\xAA7\x8D-�\xFCcÓ”w\xBB�\xE6\xC0\xCDÓ¸\xF1\xE9M���b\xE4@\xF9\xD8\xF4�b,�\x8C�\xD4{�|\x84$:×® �\xEBQ\xE7\xD5blM\xF1\xE0t�N\x86��=j\x8Aj\xFD)\xB4\x9Bv�\xE3\x9F\xFF\xF5\xF5\x87\xE1i|\x9Dg\xCF�\x9CIT|6\x93Q�\x86�*P-�\x95H��*\xA8\xF7\x80\x8A�oTn|E\xE4[S.\xEEn\x97-,�\x8D>\xD4B\xBF\xE5p\xE4eHf��b\x8CA\x991\xC6"q`\x8C\xA1\xDE\xC7{�\xA3Ħ/\xF7\x90\x85{\xD9\xD9/`\xD3~\xFD\x98\xB9\xEEoe\xBB\xB9\xEBJ$\xB1\xCFp\xF8\xF4%\xC3��18\xA0<lz�.����\xEA\xDD�@,7DR\xE6\xEB�\xDF�uyq\xFE\xE6xn\xBF|\x98\x89}\xB5E\x91 E*g\xD0�\xE1lKj6\xBD\xBE�\x8B�\xE1�\xF7��!f4�T(�Z�\x84Þ”U\xB7#\xE7wNnÜ£�n\xA5\xE4\xC7\xF2\xE1\xF16\xCCY\xB1p;/\xEF\x8Be\xB3\xFD>\xB4�\xEAu\xDB?\x{1A9FCF}\xAEË \x8D\xCFN\xB2\xF6\xC0�\xD3�f\x9F\xD3i\xED#q`Ú£\xDE\xC3\xDA:\xCB\xEC�\x8A*>j�6[N6m\xBD*\xC2^\x8B\x83axÏÞ—�ߧ'Y|`\x88\x89�Ó\x89�\x89���\xF5>\x8A\xAF\xED\xE4\x99f@{\xBF\xAF\xF2\xB6\xA86~��\x85όگ\x81\xDFe(Y\xFE\xD1�S�\xE4��7�L{\xCC\xF58\xE6+J\xA8\xEF6\xEC\xB4\xF7{*\xA7\xF5\xDDCh\xB0�\xFB\xE7\x8F\xC7\xFE\x8B\xD2M\x98]Y\xDAÖ®5\xA8\xF6[\xEFo\xFB\x8E\xC1\xAE�_�\xF1\x9D\x8D\xF8>7ɪ�CLv\x98{L\xF7H�\x98\xF0\xA8\xF7Qy\x91\x91\xDCV\x92Ay\xFF\xA2\xA8\xF3\xCA\xDE\xC7W�\xED\xE1c\xB6\xFEn�>\xB5U\xC0�\xDCgg\xBF,\xD7mYuObfL}g\x9A\xFB\xAC$k��1\xCDa\xD61\xCD#q`\x9A\xA3\xDEG͹"Æ·�v\x9AË \xF9\xBAm\x8E\xCDQ\xF7J\xE8 \xE1\xB7/\xF0\xD0h��\xE8\xA6#\xFA\xF9,k\x85l%\xB3 �1�\xA0�|\xFA=\xA4\xB180�P\xEF#�L\x90\x8CÉ€\x82)\xC70!
\xAF�\x8A�\x8D\x9E\xE15\xB5'\x8BE\xB9^\x87g�\xDA\xE1\xC1\xAB\xBEB\xD0Ï»\xE1.\xA8\xE6\xF2\x96�\xC5h\x871�T\xC1\x90\xD8
-�#�s=�A�Ѿӯ#¿i\xE1\xAC�T�\xC6\xFE\xC3\xEB�e\x9E|Ú“\x81�\x86�QPV�\xA9H��S\xA8w\xBFver\xA2X\xE6k�í—®~<\xFB[׬#�KW_m\x89\xD4+\x91J�\xB0C \x83:#\x8CE\x82@�C]{²\x8CHßh\xA7\xB3~w\xE6\xFCM\xB73G\x87m9I\xF3�b_m@󊤒�\xEC�Ò \xDE|\xFAm\xA8\x91 \xB0u�s=\xBEÓŸ�\xEEÞE\x8C\xEFWywqqvj':\xFB\xF1 \xCC7\x83\xCA%?\x95\xA9\xD1�A
-�\x8B�\xB5�\xC1�P\xE1_\xF9\x99\xF3\x9C\x98\xD8\xFBƻ�\xD5\xF5 ΅\x9D~\x89\x89&�\xC1\xBA�"15s_\xEAb["�_\xF83yo\xFF�>�\xAA�endstream
-endobj
-966 0 obj <<
-/Type /Page
-/Contents 967 0 R
-/Resources 965 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 939 0 R
-/Annots [ 970 0 R 971 0 R 972 0 R 973 0 R 974 0 R 975 0 R 976 0 R 977 0 R 978 0 R 979 0 R 980 0 R 981 0 R 982 0 R 983 0 R 984 0 R 985 0 R 986 0 R 987 0 R 988 0 R 989 0 R 990 0 R 991 0 R 992 0 R 993 0 R 994 0 R 995 0 R 996 0 R 997 0 R 998 0 R 999 0 R 1000 0 R 1001 0 R 1002 0 R 1003 0 R 1004 0 R 1005 0 R 1006 0 R 1007 0 R 1008 0 R 1009 0 R 1010 0 R 1011 0 R 1012 0 R 1013 0 R 1014 0 R 1015 0 R 1016 0 R 1017 0 R 1018 0 R 1019 0 R ]
->> endobj
-970 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 688.709 539.579 697.4212]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.1) >>
->> endobj
-971 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 676.5858 539.579 685.5919]
-/Subtype /Link
-/A << /S /GoTo /D (section.1.1) >>
->> endobj
-972 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 664.4876 539.579 673.4937]
-/Subtype /Link
-/A << /S /GoTo /D (section.1.2) >>
->> endobj
-973 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 652.3894 539.579 661.3954]
-/Subtype /Link
-/A << /S /GoTo /D (section.1.3) >>
->> endobj
-974 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 640.2911 539.579 649.1477]
-/Subtype /Link
-/A << /S /GoTo /D (section.1.4) >>
->> endobj
-975 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 628.1929 539.579 637.0495]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.1.4.1) >>
->> endobj
-976 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 616.0946 539.579 624.9512]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.1.4.2) >>
->> endobj
-977 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 603.9964 539.579 612.853]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.1.4.3) >>
->> endobj
-978 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 591.7985 539.579 600.7547]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.1.4.4) >>
->> endobj
-979 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 579.7002 539.579 588.6565]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.1.4.4.1) >>
->> endobj
-980 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 567.6019 539.579 576.5582]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.1.4.4.2) >>
->> endobj
-981 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 555.5037 539.579 564.46]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.1.4.4.3) >>
->> endobj
-982 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 543.5051 539.579 552.5112]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.1.4.5) >>
->> endobj
-983 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 531.4069 539.579 540.413]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.1.4.5.1) >>
->> endobj
-984 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 519.3086 539.579 528.3147]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.1.4.6) >>
->> endobj
-985 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 496.5559 539.579 505.288]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.2) >>
->> endobj
-986 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 484.4775 539.579 493.4338]
-/Subtype /Link
-/A << /S /GoTo /D (section.2.1) >>
->> endobj
-987 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 472.3792 539.579 481.3355]
-/Subtype /Link
-/A << /S /GoTo /D (section.2.2) >>
->> endobj
-988 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 460.281 539.579 469.2373]
-/Subtype /Link
-/A << /S /GoTo /D (section.2.3) >>
->> endobj
-989 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 448.1827 539.579 457.139]
-/Subtype /Link
-/A << /S /GoTo /D (section.2.4) >>
->> endobj
-990 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 436.0845 539.579 445.0408]
-/Subtype /Link
-/A << /S /GoTo /D (section.2.5) >>
->> endobj
-991 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 413.5759 539.579 422.1635]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.3) >>
->> endobj
-992 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 401.4527 539.579 410.3093]
-/Subtype /Link
-/A << /S /GoTo /D (section.3.1) >>
->> endobj
-993 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 389.3544 539.579 398.2111]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.3.1.1) >>
->> endobj
-994 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 377.2562 539.579 386.1128]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.3.1.2) >>
->> endobj
-995 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 365.0583 539.579 374.0146]
-/Subtype /Link
-/A << /S /GoTo /D (section.3.2) >>
->> endobj
-996 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 352.96 539.579 361.9163]
-/Subtype /Link
-/A << /S /GoTo /D (section.3.3) >>
->> endobj
-997 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 340.8618 539.579 349.818]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.3.3.1) >>
->> endobj
-998 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 328.7635 539.579 337.7198]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.3.3.1.1) >>
->> endobj
-999 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [532.6051 316.6653 539.579 325.6216]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.3.3.1.2) >>
->> endobj
-1000 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 304.567 539.579 313.6728]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.3.3.2) >>
->> endobj
-1001 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 281.9139 539.579 290.7706]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.4) >>
->> endobj
-1002 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 269.8356 539.579 278.9413]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.1) >>
->> endobj
-1003 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 257.7373 539.579 266.8431]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.2) >>
->> endobj
-1004 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 245.6391 539.579 254.7448]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.2.1) >>
->> endobj
-1005 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 233.5408 539.579 242.6465]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.3) >>
->> endobj
-1006 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 221.4426 539.579 230.5483]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.4) >>
->> endobj
-1007 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 209.444 539.579 218.4501]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.4.1) >>
->> endobj
-1008 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 197.2461 539.579 206.3518]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.5) >>
->> endobj
-1009 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 185.1478 539.579 194.1041]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.5.1) >>
->> endobj
-1010 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 173.0496 539.579 182.0058]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.5.1.1) >>
->> endobj
-1011 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 160.9513 539.579 169.9076]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.5.1.2) >>
->> endobj
-1012 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 148.8531 539.579 157.8094]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.5.2) >>
->> endobj
-1013 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 136.7548 539.579 145.7111]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.5.3) >>
->> endobj
-1014 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 124.7562 539.579 133.7623]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.5.4) >>
->> endobj
-1015 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 112.658 539.579 121.6641]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.5.5) >>
->> endobj
-1016 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 100.5597 539.579 109.5658]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.5.6) >>
->> endobj
-1017 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 88.4615 539.579 97.4676]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.6) >>
->> endobj
-1018 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 76.3632 539.579 85.2199]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.7) >>
->> endobj
-1019 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 64.265 539.579 73.1216]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.8) >>
->> endobj
-968 0 obj <<
-/D [966 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-969 0 obj <<
-/D [966 0 R /XYZ 85.0394 711.9273 null]
->> endobj
-965 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1022 0 obj <<
-/Length 3272
-/Filter /FlateDecode
->>
-stream
-x\xDA\xED\x9Dms\xDB6�\xC7\xDF\xFBSh\xE6\xDE\xD83'�\xF1�\xBCt�\xA7\xD76q|\x91r3wm_\xA86\xE3h\xAA�W\x96\x92\xBA\x9F\xFE@\x91�\xAE$pm\xE4\x924\xB6\xD5\xCED\xB4\xC4ծ\xF6\xFF#vA\x82�\xEF�\xE1\xDEӆ�/|\xCFz\xC5t\xC1u\xEFbzP\xF4\xAE\xC2k\xDF�\xF0f\x9F>\xEC\xD4\xC7{=��\xFCㅴ=ϼ�\xA67|\xD7SZ3\xA1\xD7o\xE6X\xE1�\xEF
-/:<y}6<=��\x8E~�\xFEpp:\x8C\xEF\x8A=\xF3BVo\xF9\xFB\xC1O\xBF�\xBD\xCB�\xC0���\x93\xDE\xE9\xDE\xC7\xF0G\xC1\xB8\xF7\xA27=PZ2\xAD\xA4\x84g&�\x83\x83\xC57D\xAF\xAEM\x93\x9F\x84�LH#��E�\xF4Q\xAA�5\xEFY홑B\xAE?\x88b\x8E\xF1\xA3>�Eq\xF8]9+�\xA3\xE5xvu\xD4�\xBA8\xFC\xB1\xBC\xBD9\xEA;#�\xD9Q_\x87��Þƒ\xF2\xFE\xB3\xBDÙ¶\xD4EȺ\x95\xA6\xCD\xE7\x8E6\x8B\xAB^\xBD\xF1�\xAB�v}l\xB8\xAB\xD6\xEE\xFBWz \xB1��\xA8\x9F\x8A\x83b\x85\xF4�\xAC(\xCBLQ\x98ÈŠhX�\x8C\xAFf�\x94\xE5\xFB\xB2\xDE\xF8\xEF|�\xB6la\xF6Ä\xC4 at V\xB3\x89A\x86�1X5!\xBB\x89I\xC4A�Cz�b\xA4f\xDA8�\x89\x91
-1'\xF3\xD9\xCFE!\xAEV\x8B\xC8Í \|(�\xD5�\xC3\xE5SE\xA5\x93�\xC8c6#Èb�\xEBD1\x92\x88\x83b\x84\xF4ny�rL(\x8F"T5iE�\x89�\x88�\x81\x87\xE7g\x83\xC1\xE9\xC9\xDFk8\x9E\xDF\xCEF\xD3\xF1E;\xB0\xDC4/\x8Cf\x97\xF5\xC6\xF1j9\x9F\x86z\xD5\xEC�\x87$e\xD57
-@\xA7ä•lÉ‘!%9κ\xD0Ý’'\xE2\xA0$'\xBDð\xC0y\xE8L4���\x9B\x8E0,\x841\xA0m:\xDE-\x8E\xB8;\x9CO\xEB\xBFƳ\x9B\xF2b\xB5~\xAA)1\xCBy\xFD\x88\x9F\xF7V>\xD8Ñ ��HX6�È\x82��B\xC1\x90\x88\x83\x82\x81\xF4\xDE\xC0`\xBCg\xCAJ�a\x80\xAEb\xE3\x98�\xA3A\xBD\xB1\xBA\xBE�-�\xF9\xA7\xE5\xF2\xFD<�\xFF\xD6˧Q�b\xAEr9\xC0\x86���Z�\xD3\xC9A*�\x82�\xDA;p\xE0,SJ\xC42�{\x85�\xAB\xC9\xE4\xB6�\xED7�\xF9?\xD7�\xE6z \x80\xE1\xDE(\xFD(�\x84N" k\xD9D C\x8A�\xAC
-ED"�\x8A�\xD2;�a5S\xA1�\x88D\xA8\x86\x88\xF3\xC5\xF8C��\xFA\xCB\xDB\xEBF\xFFz𿘯�/C�i\x9D\xDD7\x91[\xA8@:\xB3QA\x86�*X.
-\x95D��*\xA4w@\xC5H&\xADk\x8B\x88\x86"r6\xF8\xF1\xF4?�\x92\xF9d2\xAF\xE7�\xB6�\xFB)i\x9A�\xC8f6)È"�\xAB%l7)\x898(RH\xEF@\x8A\xE6L\xAAv\xB6\xC1̾\xDD\xE8\xE4 r\x95\xCD�2\xA48\xC0ZP�$\xE2\xA08 \xBD��2t�\\xB7\xC5\xC56�lM$+o\x93\xA3\x87Vn_Rb�\xB3�A\x86� X$
-\x90D�� \xA4w DX&\x9Ct��\xD7 r68=\x91\xE7G^��\xBF9~\x95\x84\xA3z\xEA\xC3xTo\xBC=~|d\xD5\xE1\xF04\xFC\xED\xDC#\xEA=!C\xD9\xEA#CJ}\xAC\x80p\xDD\xEA'\xE2\xA0\xD4'\xBD\x83\xFA|}\xA5\x87G\xF5\xFD\xBDNQTll\x9E\x9AX\xD3r\xD4w\xDA<\xDA)�\xA4*��dHa\x80\xA5\xA00H\xC4Aa at z��
-É„@S�^T\x8D\xE3}0\x90\xBB�<n� U\xD9� C
-�,�\x85A"�
-�\xD2{\x83\x81\xF6\x9Cq\xE7\xDAZ\xC0\xF9}0\xE8:]\xB9y"\xF31\x9E\xB0\x8C Ë…���0l�B\xC0\x90\x8A\x83\x80\x81\xF6�0Ø \xBF\xB6miࢆ\xE1\xBC\\x8C\xE7\x97\xD08\xD6\xF2\xF6\xDB3S\xDC=\xF1�\xA1\x9D\xB0 at B\xB3aA\x86�,X0
-\x96D��,\xA4w\x80\xC5\xD8\xC0\x87V-,\xB2\x86�\x95\x88x
-\xEB\xF5\xF9\xB0\x82\xE6\xF5\xDBa��\x8Cߟ\x8F �!\x89ـ C
-�,��H"�
-�\xD2;\\xFE\xD4Z\xB3\xC2\xC7yF\xD5`\xE8\xED+\x9E\xC3#_
-(\xEEpu\xB3l.w\xCE.\xDE\xCF�\xF5\xF6\xAB\xD1ltUN\xCBٲ\x92\xC3>J^:р\xECe\xA3\x81�)4\xB0:��\x898(4H\xEF0v(\xC9
-�\xE7 \xC1\xB8\xE9:\xFE]M>G\x93\xF1%Z\x9F\x{166F19}OB/rÔ—B\xEF\xCFk\xA6a\x81\x84fÂ�)X\xB0`�,\x898(XH\xEF \x8Bä¬\x85jai\xBA\x92\xE3\xD52\x8C�\xE3e`\xE5C\x89\x97Ú„\x96D\xAB}/\xB2\x85�\xA41��dH!\x82e�\xBE�\x91D��"\xA4\xF7Xj\xB8c\xDE;�\x8C\xF0\xBAÔœ\xFFxÒœ\xED\xFE[\xF5T\xB5\xF1s\xA1\x8B\x93\xC5\xED\xF5r\xFE\xDB8l7\xCFÞ¬\xAE\xAF\xE7\x8BPe\xACzz\xE0t��I\xCD&��R\xC4`\xD1(b�qPÄ\xDEaP)Lx*Nu8\x87
-t^\xCFn\xEA_\x8Do\xC6˲:\xEF\xE9�\xF0bϿ\xAE,A\x96\xB3 B\x86�AXEYt�\x94\x88\x83"\x88\xF4΅aJr\xD5S\x81%/\xE3�\xA8b\xA8\xA2ȅ\xF1\xE4\xD9j<\xB9\x8C�\xCC\xEB\xEBr6�\xBClN\xA4 at s�\x97��\x9F\x9EǕ\xE8\xD7e\xF3\xEA|V?\xBE�\xCFV\x847\x95\xEA\xAFiC\xE3\x87̕����n$Q\xF2N Sq��\xD2\xDE[ \x9D`\xBE\x90�K(>A\xC2\xC1\xC9q\xBDa\x8A\xA2\xD8�p0\x9F\x8C�\xE30\x84x)\xFE\xD2\xE1<~\xD6l%\x91!\xA5$\xCE%\xA5d"�JI\xD2{\xAB\xA4-\x98\x8B�\xBF\xD7B\xCA\xFB�9\x98\xBF[\xFEs\xF0\xAAZe\xE5�r\x93�YȖ\xB8\xB5\xA3�F9\x96\xDDwh$\x82\xA0\xF4\xA5\7\xD5Ziǜ*d\xABn3�\xD8\xD4\xF6\xD9\xF7g\xCF\xEB-_?|�/\xDF\xD7[U'X\xF7\x80F=\x8D~?\xE6,\x9B�dH\xC1\x805\xA1hH\xC4A\xE1 at zo�we\x98+P\xC3\xCF�\xD4\xDE\xC4��;`\xC4�\xBF)\xAF\x9B\xB0tWf\xA3\xCCW+\xBC\xF0 \xB3\xF5C\x86\x94~8\x83\x94~\x898(\xFDH\xEF\xAD~R1k7\xE4�\x9F _,\xAE��n\xD5\xE5{\xCC\xEE>\xB7\x8A\xCD\xE7\xCC�\xB1\xB5\xA34DY\x94\xDD7\xB7$\x82\xA0�\xA4\\xB7�
-\xC1\xAC\xD2xH\x86\x82\x9B\xA9 T^\xAE�\xE68�\x89Ȗ��R�\xE3DS"'\xE2\xA0T&\xBDC\xDD
-\xBB[.M+rs\x8D'qbeX\x9D\xBA\x9D\xCF'\xE1`4\x85\xDBO\x8F\xEF\x83�\xA47��dH\xA1\x83\xE5\xA3\xD0I\xC4A\xA1CzoБ\xDE1\xE3\xB8o\xD1Q5:oovo\xA8\xAD� \xEB\xF7\xD4܃\x9A\x98\xD9\j\xB0!A͆r�5\xA98�jh\xEF@\x8D3\xCCh\xDC\xE8뚚\xC1uy1~w\xBB\x8BN9\xBB�ý20\xE5\x8E/^̧\xD3x
-z\xB2\xDEO~-\xCA>s#�3\x93\xAD:2\xA4TÇ™\x97\xDD7Ê¥\xE2\xA0T'\xBD\x83\xEAV1\xC3�*3\xA6V\xFD\xCDj\xD6\xDE~?�M\xCB\xCB\xEDN\xAF\xF3\xBE\xA9\xEDE*\xC1\xCF7/1\xA4![bdHI\x8C\xD3LI\x9C\x88\x83\x92\x98\xF4�Wh®L;�ë¨\xAF\xD0|\xFE\xC14\x8D \\x82\xA9ב%\xFAF/\xF8\xBE@\x90 A\x8E\xB3�B\x86�@XC\xD9}�T*�
- \xD2;\x8C�\xBA�\x8F:\x9E\xE0�p\xC1\xE6\xF8\xF2\xB2>\xD6o\x9Ai\xE0\xCB\xF9\xFC\xB7\xD5u\xF3�\xEA6\x8E\xC3\xB0\xA2 \xDDO\xE7\x8C}\xC8\xCBDb^\xB25G\x86\x94\xE68\xEF\x94\xE6\x898(\xCDIï ¹tL\x8Bv\xFA!\xE2\x95\xFFm\xCD\xE3Z\xE4P#h
-\xCEÆ¿\xFE:i\xF6y1_\x84\xDAQm\xFBo^fHE\xB6\xCCÈ\x92�\xA7\x9A\x929��%\xF3\x8Ew\x8E\xBD7_#%\xB9aBÈš\xB1\xEA\xFE\xC6"\xE4b�M\xDCι\x83\x97\xE3\xAB\xF7Ëe\xF5\xEF\xD6
-\xA1\xCE�\xC6\xFD\xB2\x86��q\xEF\xBC\xEF:k\xDDw\xF1෣\xB2\xB5\xE35YI\x8Bp(x^/�\xD7\xEBo\x98\xA8\xBEU$\xE6\xAB;=\xCD˿.F\x8B\xDBPN�\xC8R\x87\xCF}$A\xFA\xB2\x8F$dH�IX�\x8A\x89D���\xA4w`C\xF8P�\xB5w
-�\xA2ac\xA3\x8F�\xA5\xA8x>*\xA7\xD5\xF4\xC9[\xBD_\xFF\xD2(�\x93\x99K
-6$H\xD9�\x8B %��AÊ®\xF7Ô˜+\x8CgN\xFB�SÓŒ\xB9;Cm{*7̱`z\xFD\xA6|W.\xCA\xD9EÙ9x\xF3\xFB\x8E\xB7Ø€�o7\x82\x96\xDD+\x86\xF0\xDBQ\x99\xDA\xF1\x9A<\xA6\xB4eN\xD8Z&�\xC7\xDBdj^\x8C\xA1\xB78\x9D\xAC\xD7-W\xF7\xD3r\xFBT\xE7+\x9D|@J\xB3\x8F,dH�YX2\x8A\x93D��/\xA4\xF7\xA6i�J3\xEB
-�\\xE2W@\xED4\xAD\xAFFË‹\xF7P\x94o*T\x8C�\xFB9\xED�*\x90\xCElT\x90!\x85
-\x96Ku\xAFZI\xC5A\xA1Bz\x8FWф\x94\xCC�\xA5[Xָ\xC8\xEA|\xC8\xEDl9\xFA\xE3\xA8/\xBDޟ�\xBF�(\x90\xCAlP\x90!�
-\x96\x8A�%���
-\xE9\xBD�Epf\xA5p��р\xF2\xBC\xAC\xEA\xD0l\xDCV\xA1x\xCA\xFB\xED\xCD\xE8\xAA\xFCF�5\x8DK#1K\xD9� C\x8A�\xAC�\xC5@"�\x8A�\xD2;ԕ\xC23[𶮈x\xDF\xFE\xB4\xBECJ\xA0QC;\xBB�5HT \x9D٨ C
-�,�\x85J"�
-�\xD2{�.\xB8\xB7\xCC�\xAFZX\xF6u\xE5�A\x89\xA9\xCC����\xA0lH\xA5\xBA\xD7a\xA5\xE2 @\xA1\xBD\xB7\xA08�f9\xCD�\xA2�\x94}]\xD9e \xB2\x94\xCD 2\xA4�\xC0*P�$\xE2\xA0� \xBD\xC3\xFC\x96[\xC9L�',\xE2~\xF3\xDB\xEF�\xA3\xE9tT\x9D=\xB2r?\xBD\xDD\xC2�2\x9A\x8D�2\xA4p\xC1\x8AQ\xB8$\xE2\xA0p!\xBD7m�7\x9C\xE9p\xE0�-l]ڶN\xD8HΜ+TpP\xED5\xBA\x984\xFBl�A\x9A �z\x9Ez\x9F\xC1r\xB4,\xDB6&\xD2e\xC5\xFE\xCB\xC8ڜg\xF3\x84�)\x9E\xB0\xA6\xAA{\xC5O*�\x8A'\xD2;\xF0\xA4<\xD3J\xD8ȓ\xF8�<\xDD]˜\xE7\x8Fo�\x82\xDCfs\x83�)n\xB0v�7\x898(nH\xEF\xC0\x8D\xB4L\xC7\xD9P\xB5\xF6\xF8.l.\xE6\xB3\xE5\xA2Z\x9F\xBAˎ\xF4\xAC\xE0R\xDC1�i\xF78\xBF\xB8\xA4�\x9F&\xC5\xD9\xF4\xB4v�<H@\xA5\xBA\xD9\xD9
-\x82B\x87r
-\xE4�͔\xF5m�S_�\x9D{\xB4\xD0Z<�R:�\x81\f3\x82�)H\xB0V�%\x898(LH\xEF\xC0 \x97L)\xDBV&}''\xE3\xD9\xC5duY\xA601\xCCz~W\xB7\xE3\xB8xZ\x8D2\xA48��dH\xE1\x83%T\xDD+�SqP\xF8\x90\xDE�\x9F\x823\xC5M\xA4\xC7|)z\xEE�d\xBE\xF6E\xFDϼb�2\x99
-IkG1\x82t\xA2�\xD9
-\x82"\x84r\xDD \xE2<\x93N\xC9�\x88\xBD�\x90\xEA�\x9B�\x8Do\xA8@\xDE\xC9;\x86�)\xDD\xFE\xA4/\xA4<\x97$dG\x90\x84�%HJ�A\x90D\xBA\x86_�\xB2Lj\xD1�5\xEEK\x90t\xF70\xA3\x8B\xC77\x85\x82\xD4f\xFF<QkG\xFD:��\x8E &��\xF5\xDBD\x94\xEB\xF8[�L\x8Av\xF2\xE4\xEF�f2\xBF\xBA\xAAV\x90%jSpg\xBC\xBE\xEB<η\xFE\x85\\x9F\xB9f5 \xCE\xFFy�0#\ \x8AG@\xB3�\xC1�3\xF1WW\xFB³\xE4w\xDAV\xFFr\xCE|\xB3R\xFB\xFF\xFB\x91\xD7\xF6\xB7hU`ƹ\x8Eu\xAE\xC2�L�\xAD{24\xE9\xB2�N\xC7cb\xE1\xF9z/�\xFA\xFF \xDB�ҕendstream
-endobj
-1021 0 obj <<
-/Type /Page
-/Contents 1022 0 R
-/Resources 1020 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 939 0 R
-/Annots [ 1027 0 R 1028 0 R 1029 0 R 1030 0 R 1031 0 R 1032 0 R 1033 0 R 1034 0 R 1035 0 R 1036 0 R 1037 0 R 1038 0 R 1039 0 R 1040 0 R 1041 0 R 1042 0 R 1043 0 R 1044 0 R 1045 0 R 1046 0 R 1047 0 R 1048 0 R 1049 0 R 1050 0 R 1051 0 R 1052 0 R 1053 0 R 1054 0 R 1055 0 R 1056 0 R 1057 0 R 1058 0 R 1059 0 R 1060 0 R 1061 0 R 1062 0 R 1063 0 R 1064 0 R 1065 0 R 1066 0 R 1067 0 R 1068 0 R 1069 0 R 1070 0 R 1071 0 R 1072 0 R 1073 0 R 1074 0 R 1075 0 R 1076 0 R 1077 0 R 1078 0 R 1079 0 R 1080 0 R 1081 0 R 1082 0 R 1083 0 R ]
->> endobj
-1027 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 758.5763 511.2325 767.4329]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.8.1) >>
->> endobj
-1028 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 746.445 511.2325 755.4012]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.8.2) >>
->> endobj
-1029 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 734.4133 511.2325 743.3696]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.8.3) >>
->> endobj
-1030 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 722.3816 511.2325 731.3379]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.9) >>
->> endobj
-1031 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 710.3499 511.2325 719.3062]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.1) >>
->> endobj
-1032 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 698.3182 511.2325 707.2745]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.2) >>
->> endobj
-1033 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 686.2866 511.2325 695.2428]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.3) >>
->> endobj
-1034 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 674.2549 511.2325 683.2112]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.4) >>
->> endobj
-1035 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 662.3229 511.2325 671.1795]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.5) >>
->> endobj
-1036 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 650.2912 511.2325 659.1478]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.6) >>
->> endobj
-1037 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 638.2595 511.2325 647.1161]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.7) >>
->> endobj
-1038 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 626.1282 511.2325 635.0845]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.8) >>
->> endobj
-1039 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 614.0965 511.2325 623.0528]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.9) >>
->> endobj
-1040 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 602.0648 511.2325 611.0211]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.10) >>
->> endobj
-1041 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 590.0331 511.2325 598.9894]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.11) >>
->> endobj
-1042 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 578.0015 511.2325 586.9578]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.12) >>
->> endobj
-1043 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 565.9698 511.2325 574.9261]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.9.13) >>
->> endobj
-1044 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 553.9381 511.2325 562.8944]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.10) >>
->> endobj
-1045 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 541.9064 511.2325 550.8627]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.10.1) >>
->> endobj
-1046 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 529.8748 511.2325 538.831]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.10.2) >>
->> endobj
-1047 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 517.8431 511.2325 526.7994]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.11) >>
->> endobj
-1048 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 505.8114 511.2325 514.7677]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.11.1) >>
->> endobj
-1049 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 493.7797 511.2325 502.8855]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.11.1.1) >>
->> endobj
-1050 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 481.7481 511.2325 490.8538]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.11.1.2) >>
->> endobj
-1051 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 469.7164 511.2325 478.6727]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.11.1.3) >>
->> endobj
-1052 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 457.6847 511.2325 466.641]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.11.2) >>
->> endobj
-1053 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 445.653 511.2325 454.6093]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.11.2.1) >>
->> endobj
-1054 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 433.6213 511.2325 442.5776]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.11.2.2) >>
->> endobj
-1055 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 421.5897 511.2325 430.5459]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.4.11.2.3) >>
->> endobj
-1056 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 409.558 511.2325 418.5143]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.11.3) >>
->> endobj
-1057 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 397.5263 511.2325 406.4826]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.11.4) >>
->> endobj
-1058 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 385.4946 511.2325 394.4509]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.11.5) >>
->> endobj
-1059 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 373.4629 511.2325 382.4192]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.11.6) >>
->> endobj
-1060 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 361.4313 511.2325 370.3876]
-/Subtype /Link
-/A << /S /GoTo /D (section.4.12) >>
->> endobj
-1061 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 349.3996 511.2325 358.3559]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.12.1) >>
->> endobj
-1062 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 337.3679 511.2325 346.3242]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.4.12.2) >>
->> endobj
-1063 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 315.0477 511.2325 323.7798]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.5) >>
->> endobj
-1064 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 303.0359 511.2325 311.9922]
-/Subtype /Link
-/A << /S /GoTo /D (section.5.1) >>
->> endobj
-1065 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 291.0042 511.2325 299.9605]
-/Subtype /Link
-/A << /S /GoTo /D (section.5.2) >>
->> endobj
-1066 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 268.684 511.2325 277.4161]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.6) >>
->> endobj
-1067 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 256.6722 511.2325 265.6285]
-/Subtype /Link
-/A << /S /GoTo /D (section.6.1) >>
->> endobj
-1068 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 244.7402 511.2325 253.7462]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.1.1) >>
->> endobj
-1069 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 232.7085 511.2325 241.7146]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.1.1.1) >>
->> endobj
-1070 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 220.6768 511.2325 229.6829]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.1.1.2) >>
->> endobj
-1071 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 208.6451 511.2325 217.6512]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.1.2) >>
->> endobj
-1072 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 196.6134 511.2325 205.6195]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.1.2.1) >>
->> endobj
-1073 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 184.5818 511.2325 193.5878]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.1.2.2) >>
->> endobj
-1074 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 172.5501 511.2325 181.5562]
-/Subtype /Link
-/A << /S /GoTo /D (section.6.2) >>
->> endobj
-1075 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 160.4187 511.2325 169.5245]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.1) >>
->> endobj
-1076 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 148.3871 511.2325 157.4928]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.2) >>
->> endobj
-1077 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 136.4551 511.2325 145.4611]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.3) >>
->> endobj
-1078 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 124.4234 511.2325 133.4295]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.4) >>
->> endobj
-1079 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 112.292 511.2325 121.3978]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.5) >>
->> endobj
-1080 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 100.2604 511.2325 109.3661]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.6) >>
->> endobj
-1081 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 88.2287 511.2325 97.3344]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.7) >>
->> endobj
-1082 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 76.197 511.2325 85.3027]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.8) >>
->> endobj
-1083 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 64.1653 511.2325 73.2711]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.9) >>
->> endobj
-1023 0 obj <<
-/D [1021 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1020 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1086 0 obj <<
-/Length 3431
-/Filter /FlateDecode
->>
-stream
-x\xDA\xED\x9DKs�7�\xC7\xEF\xFA�<\xE4 �\x88\xC5\xFB\xB1\xA7\xB5-٥T";\xB2\\xBB\xE5$��5\x96X\xA1H\x85\xA4\xFCȧ_�g \xF4H\x98\xA6\xB0k)�\xA5JUL\xCB\xD3\xECf\xFF�\xD0
-Ì
-\xA8\xFF\x8F
-\xAC"T890N�E\x99�\x8C/v\xE8\xE0\xCC\xFFۛ�\xD6^3��
-\xE1U/Ov\xFE\xF1Z\x98\x81#Ns=8\xF9�\xDE\xCB�j-�\x9C\x9C\xFE\xBA\xFB\xEA\xED\xD1\xC9\xC1\xD1\xC9\xFB\xBD\xDFO~\xDC98\x89o
-�3*\xEAw\xFCs\xE7\xD7\xDF\xE9\xE0\xD4\xFB\xFFq\x87�\xE1\xAC�|\xF1\xA1\x849\xC7��;R \xA2\xA4�\xE1'Ó\xF7;\xBF\xC47�\xFF\xBA6\xCD}�%,Q\x96\x9B\xCC'\xE1�|�\xC69\xB1\xCE\xF8\xE8\x94#Zp\xB1\xFE(\x9Ap�j\xFDA\xFC\xE5�\.�\xB1\x96Jl:?;\x9B\xCC\xCE\xDA\xEB\xE0\xDB
-C\x84v\xBA\xBD\xEE\xFDj\xB4\xAA.\xAA\xD9jo\xC8�\xDDݯ~\xA3\x94\xCF&\xAB\xC9|\xD6\xFCd4;m^|X\x8EΪ\xBD\xA1cf\x97\xEC
-�\xA5\xF7\xF3\x87t\xEE\xB1\xBB&\xB4\xE2\x96hNY\xCA\xE5
-e�g\x83\xE6\xC51\xD4*\xD8
-\xA1\xE1M\xADn\xBE\x9D\\xA9o\xC4�\xB4\xCFÅ\x91\x82zgJ�c\x8C��i\x88\xD6L�R�\xDB\xF3\xBF:t\xF7\xE4\xBC\xCA@\xA3)\xA1L\x9A�\x86\xF1\xF9h6\xAB\xA69h,\x91J\x85\xEBÞ/FKÏ‚\x8F\xE8^Y\xB8�N\xCA\xE0 \xE9-\x86��b\xF0@\xF90x2q`\xF0\xA0\xDE�<B�\x{DA02}\xF0\xF0�x\xFC at r6_|\xCB\xD0#)\xD1\xF6:<\x92\xDA��Ͻ\x8C<!\xBD\xC5\xF0 C��(\x9F\xB4\xFD\xF0d\xE2\xC0\xE0A\xBD'x\xB8 \x86\xF9i�\xC0#n�ÏŸW\xD5\xE2Û°Z,\xE6\x8Be� e\x89\x93V\xB4�\xBF
-\xA4y\x89\x{8E5997}\x93\x90\xC9bN\x80!\xC6 TJ\xD1~N2q`\x9C\xA0\xDE\xD3Z\x861b\xA4��"'l\xF3Z\xE6ˢ\xCAQ\xC1\xFDJ\xC6�\x96_ɼY\x8C..F\x8B\xFA/\xFAa\x8F3\xDFe�\xEB\xA5)付&`\x88\xD1�\xF5T\xAC\x9F\xA6L��M\xA8\xF7H\x93v\xAE�~"M\xFCnhڼ.\x96\xCCm\xCF\�\xF3ZJ
-4D\xA8\xE9\xE8\xA6x/5\xB98�jp\xEF\x89�k\x88\xA5`���\xA1\xB9�-WUvj\xAA\xCB)\xD9WN\xC5A\xC8<\xF4A\xE8{�Ԧ\xB8\x98\x9Fd\x87\xE1��\xC4\xE8\xB9����\xE6:\xB1c�\xB1B\xB3�\x8F\xBC+xnS\x8B\xBB\xC7\xC0J/$!\x97Ŕ C��\xA8�\xC6I&���\xD4{"E�b\xB5\xE2\x89�\xB5\x91\x94\xF9e-v\x96�\xED\xE1df\xC30c�{Z\xC3L\xC8q1A\xC0�#�j\x88�\x94\x89�#�\xF5\x9E�R��'A\xDFO\xDF�A\xB7�k\x8C|\xD4cM\xC8e1)\xC0�#�j\xA5\xFA[7\xB980RP\xEF\xB1\xFA\xD6\xC2\xFF\x90�\xD0\xF7ӡ\xEF\xF7r>\x9FV\xA3VԷ-�ރ\xDB\xCA2\xE8\x960\x84t�\xC3 �1�:r\xF4\x97ع80�P\xEF �_\xC98\xC55\x84\xA1\xED㽞/\xBE\xF8y\x82\xD9\xDD\xD3zs`()�\xB5q��!{\xC5l C\x8C\x8D\x8E:\xC8@\x91\x89�c�\xF5\x9E\xD8`\x8A8\xCB�d\xA3m\xD3\xED_\x8D\xA6\xC3\xE5j4\xFE\xA3�+\xDEW\x8B\xCF\xF5\xAAu\xE8\xAB\xE2'9H\x84T�\x83 �1�:R d\xE2\xC0@@\xBD'�\xA8$\x94Q�A\x90
-�/\xC6\xE3j\xB9l x5\x9F\xAD\xD6\xE3\xC5|ZO�Oh\x98\xE8\xC5"$\xAE��`\x88a\xD1��\xC1"��\x86�\xEA=b\xA1�\xAFw\xC4�\xC4B5X�\xCE|�\xFBi\xE4\xD9\xD8\xF3\xEF\xC6�żq\xFF\xD3GL`)�\xD0�\xC1\xA3+P\xFF.O.���\xDC{\xC2\xC3RBu\x87�\xDD\xD0\xF1K\xBD\x81ӌ�/NO\xD7C\xC6z��\xC6<\x8F�!m\xC5L$;� (\x8A\xEB'\xE2f���\x98\xEBă\xB6\x84:\xCB �\xA6�\xE2\xE3|V5<\x9C\xEC9\xBA\xBB�͖\x9F\xD6\xCB e\xD83�1q\xC5H C\x8C (\x8C\xE9\xAF at rq`T\xA0\xDE��ʗ\x9F\xDCp\x88\x85m\xB0\xF8\xB0\xFF\xAE\xA1\xE2\xDD|\xD1\xF6�~\x9A,W5�\xF2y\xA4H\x99+\xE6��b\@eLC+��\xC6�\xEA=q!%aJÆ�q
-�o/\xAB\xC5h\xB5.J\xD7\xC5Ƿ媺h^�W\xCB\xF9\xD5zF�W\x81\x98\x8BI\x8D\x8C\x95\xEAq\xED\xC6\xC6��\xCB��1ya\x82\x8D\xE8\x977��&/\xEA=\xC9+\xBC\xA2V\xA9N�\x8A\xFA5@\xAC&7 j\x98ޒ\xDF\xF3^�B\x8E\x8A \x86��P�\x8C\x80L���\xA8\xF7D \xA7\x843\xD9i=1\xD6�\xF0\xAEZL槓q\�\xF0\xDDѲ\xED5\xACk\x8Bϣi\xFD;-ܶ\x8F\xF1!I\xC5� C��(\x82\x91\xFD�d\xE2\xC0�@\xBD'�\xA8%\\x8AN\x87\x89\xF1�\x81\xB5\xE8\xF3\xCB\xF9t~\xE6k�#\xCCs�\x99'$䰘�`\x88��52\xAA\x9F\x90L��!\xA8\xF7H\x88t��\xC3;\xA!
D'&ZBnqVp\xE9W\x8ES\xBFf\xCC\xEDqIB\xFD�nlq \xAB\xB6�\xAE>rbnKÉ\x86�9�\xED�rrq \xE4\xE0\xDE�9V�AY\xA7\xFF\xC0dC\xCE\xF1\xF1\xB2j�\x8A\xB7\xCD�\x87\x9Fo\x9A\xE5\xA4}\xAE+b抹 \x86��P�\xD3ßµ\xCCÅq\x81zO\�N\x84\xE8t!\x98\x8AS�ݽ\x9A5$h\xF1\x98&\x9C\xBFm\xFA \xE9,f%\xD9a\xA8 \xB1\x8C\xE9'\xE5f��(\x98\xEBĉ\x9FH\x84\xA6\x9D\xBE�\xD3
-(/\xAF&\xD3\xD5p\xD2n\x94/A\xB92\x99}\x9A/.F\xE9h\xC4_\xF3Y\xDD�\xF7\xEF\xF8(\x8F�\xC7,�\xEB��1\x81a\x96MC2��&1\xEA=i,-�\xD6uz�\xCC\xE44>\xB8\xB8\\xB5-ë\xA2\xFA!\xB4\xA0\xEEe:�I*F �b�@�l\xFB1��\x86 \xEA=! 4\x91\xCCvO\xC3\xD8�\x81�\xA7\xA7\xEBCN\xA3i\xD8\xE5�\xA7_\xECW\xA3\xF1\xF9z\xA6pZoO\xCB!\xA6\xA3Xl`\x88\x89
-\xD3m\xFB[�\xB980\xB1Q\xEFIl.\x89\x94\xA6\xDBtr\x8D\xD8\xF5\xEEu<\xE2\xF6\xDA\xFF\xEE\xB7KB!\xC4S^�\x86\x8C�\xF3 �1�\xA0"\xB6\xBF\xFF\x90\x8B�\xE3�\xF5\x9Ex`\x9CH\xA3\xBB\xA7\x9F\xDA&\xE4q\xB5\xBC\x9CÏ–UØ\x98N\xC6`�h^\xFDF�=~\xF7\xD1\xFF\xC1B\xB7\xF2\xCBb\xD2t\xA6%\x93�~r��\xBFX\`\x88\x89�\xD3k\x91�0��&.\xEA=\x9E\x88\x95\x94�E�h.\x99\x8D'bÛ¥\\xA6Y@=�z\xE3\x9D�\xDCls}\xD0\xCBQ\xC8t1G\xC0�\xE3�*i\x912 ��\xC6�\xEA=r$\xAC7��\xB4\xA0\xEC�q\xB4\xF9`\xB5u\xDB\xD0x\x8A�-\xE5��"\xBCt�\xB3\xFD\xE7^rq \xBC\xE0\xDE�/F�\xA5\xC1\x82\xD2m\xC6\xC5s0Y\xAE&\xE3\xE5\xB0}\xACB\xEEP\xBEUD*\xEB6\x8CA\x92\x9B-\xB8\xB19$\xB1\x98\x90d\x87��$\xB2\xFDEg&���\xCCu\xA2CK\xA2�\xE8?qz�xl�Z\x94\xFB�i\xE8\xC5 d\xAB\x98�`\x88\x81 \xD5\xC0H\xC8Ä\xA1\x80zO,(\xEE\xC3\xE0\xA9\xC5\xC47\xDFß¾Z\-W\xD5\xE9\xF0\x8F\xEA[\xDF\xC3�\xB8Ý´N\xB1rk\xD7"1\xA7\xC5\xC4 C\x8C�\xA8�FL&�\x8C�\xD4{"\xA6~:\x8Ab\xA9a\xC5\xF9\x9D�\xB3y\xD8\xE0J<\xB2\xC5GHa1 \xC0���J\x84�\x92\x89���\xF5\x9E \xA9è\xB5\x8F\x80\xDC\xE6~\x{1595F2}��m\x89PBl�R\xB4\x94\xDB7\x96\x84d�\xA3��1T\xA0X\xAE\xBF\xF3\x99\x8B�C�\xF5\x9EP\xA9\xCF\xDFR\x97\x9Aa\\xDE)*\xB7\xA8n\xA8y\xF0\xA3GHZ1�\xC0�C�\x8A\x82!\x91\x89�C�\x{15E420}\x92���\xB8\xC37߆\xFEyR}\xC9=!E\xFA�dÔ†QC \xF1�vR{a
-\xE9.\x86 �b0A9]\xFF\xF3vrq`0\xA1\xDE#L\xDCqb\xB4I}�\xAE\xEF�\xA6\xCD\xE3\x8Avz{�\xD2�\xD3Z
-
-4D\xA0\xE9Ȇ@\x93\x8B�\x81�\x{1DE831}\x94��\xEE�â››\xB6\xF5�{��jܦ\xA7`(k\x9F\xF0\xF6NLw1L\xC0�\x83 \xCA\xE9\xFAo!\xC8Å\xC1\x84zO0\xF9\xF5\x88�\xF7\xB6s{',m�\x80\x8Cb\xDB3k\x85\xAC�#\x93\xEC0b\x80f\xAE\xCB(��\xC6�\xE6:\xEE�r\xA5\x89U
-\xB4\xE6lx0Ƶ�Ô¾]Vë›\xC4S=�\xD6\xCBFHa1�\xC0�\xA3�J\x84ᑉ�\xE3�\xF5\x9E \x91Ò�\x92C@Ú‡e\xBC\x9A\x8E\xD6w\xB0>\x92gd<\x90Ã1\xA1Ÿ C��(\x98\xEB\xDF8\xCCÅ\xE1\x82zO\xB8�N���\xE2"\xAE\x8F'\xF1);\x82?�#Q\xB7\x90\xB9b.\x80!\xC6�T�\xE3"��\xC6�\xEA=q\xC1)q\x92+\xC8E\xFB8\x8D\xFDo\xB3\xD1E\xB8\xED\xE9\xC3\xE5\xA9_g\x80\xF3'\x93zÖ‘Jm\x9D\xEC\x82躞\x8C\x89\xB9\xAD\xEC\xAD\xDD��\xE6d\xBF\xFE\xFEu\xE2�Ej\x9BL \x98\xEE\xA8{\xE7_Z��\xA7\x968\xC3\xC2rÔ�\x8Cv\x86\x82דi\xBD�\xA7Ü£\x9FB�\xE4\xF25@�d(\x86��b\x90A\x99�\xED?Ò–��\x83�u�k�\xE6�\xA14>\xB0V\xD4+X\xC6ig\xE1Z\xC36\xFF\xD4w\xEDq5\x9E77\xC5,\xAFU3\xFF>\xAF\xDA�g5�\xF5MX�\x9F\xD7w`�#�P˶�$f\xA4Tph\x88�\xDE\xC98&x.�Dp\xDC}\x9CMX\xFD\xBD4\xDC\xD9$\xF8Zr\xB1Y[+Ø“Z\�\xBDBŠy \x86��P�\x94\x87L ��\xA8\xFBă�\x84\xD6\xE7@��\xBC\xE5a}Km\xF5uu��\xB4W_/\xC3\xD3wb\xEF"��\xC7\xEBzFo\xEB<�\xF3T\x8C�0\xC40\x80:0\xDA\x9B[.���\xD4}\x9A�4\xAB\xBF\xD2*R\xC0\xDBi`\xB2�_e\xE4\xFE\xF9?\x99�B\xD2'\xF9u�A\xC16\x85Å€$;\x8C� �\xA3\xFD5H&
-\x8C�\xCCw\x82C:\xC2X|\xE6\x8EX/Fk:\xDEW\xAB\xF4\\x95\x93\x93\x9F\xD6�\xC8\xE7\xE5e9;!\xC3\xC5\xF0 C\x8C�\xA8 \x8AO&�\x8C�\xD4}�H�\xC2d|8\x8F\xA8\xEB\xD75@\x87\xB3\xFA9\xA0\xEDj\xE3\xE7\xD1\xE5e\xA4)\xDCIw\xF8\x98[\xF1\\x8A\xC4,�C��1H\xA0J\x8C\xF6�\x84\xCE�\x82A\x82\xBAO\x90pE\x98Q2B\xA2ZHޮ\xCE\xC3\xFD\xB2׫\xDF\xF5~ʤY\x94\x8CW\x93\xCFu\xB9"${ʳP\xC8b1$\xC0�\x83�\xAA\x84B\x92 �\x83�u\x9F\x96\xAB̯M\xA8T \x92X\xBE\xDC\xE6\xF9�\xFF\xCAl\xD6\xF9W\x82\x87�\xEA[\xB4F\xAB\xE1rr6kn\xD3R\x8A=OO1\xEB\xC5P�C�*\xA8*
-U&��*\xD4}\x82\x8A\xFA\xA2G�
-\xA0\xE2�P\xFD\xF0\xF6\xF8\xF0\xCD\xE1Q\xEE\xCB
-�,>4\xA63P\xED
-\xDD�"\xEB{\x9D\x84�z\x86\x84�\xF3��1^\xA0`(/\x99 at 0^P\xF7\x91�\xEB�\xD7\xDC \D .\x87G\xAF~\xFA\xB0\x90;\\xEDKv-\xFAx\xE1b\xEBf\xAB\x90\xC9RN\x80�\x82 ԉ\xD1\xFE\xB3ՙ(�HP\xDF\xE9K+
-\xE1\x8E9\xC0\x88,a\xC4�S\xB9s%\x9AX\xE9z\xF80J=\xA9\xE5p\xC8p);\xC0�a�ꇱ\x93\x89�\xFB\xEEA\xCC7\xF8r�"8\x8B\xE8\xE8v�\xFC\xF2\xF0h?TJ\xF5\xB7~]_��|]U\xB3\xBAU\xF3O\xBF�ftw\x95�\x8D�\xED U\xE1t\xE4�o�\x8E�\x8E_Ô\xBE\x93Ü\xA4�\xA1T\xC8<r\xFA\x9E�>}�\xB4\x89*% \x99! �0\xFDo\x86pC\xFE\xF8\xC5\xEDC\xEE\x88\xCDu\x88\xEA\xFF3F\x9Cj\xBE\xB7\xE9\xFF\xFB\x9E\xF8\xF4m\xF6\xF5\xF2\xC3Úž\xE2\PC\xA4\xE6j \xFC\xD0\xD4\xEEmO&�\xE4�\xA5\xF5e \xF6\xFF��Éœ\x9Eendstream
-endobj
-1085 0 obj <<
-/Type /Page
-/Contents 1086 0 R
-/Resources 1084 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 939 0 R
-/Annots [ 1088 0 R 1089 0 R 1090 0 R 1091 0 R 1092 0 R 1093 0 R 1094 0 R 1095 0 R 1096 0 R 1097 0 R 1098 0 R 1099 0 R 1100 0 R 1101 0 R 1102 0 R 1103 0 R 1104 0 R 1105 0 R 1106 0 R 1107 0 R 1108 0 R 1109 0 R 1110 0 R 1111 0 R 1112 0 R 1113 0 R 1114 0 R 1115 0 R 1116 0 R 1117 0 R 1118 0 R 1119 0 R 1120 0 R 1121 0 R 1122 0 R 1123 0 R 1124 0 R 1125 0 R 1126 0 R 1127 0 R 1128 0 R 1129 0 R 1130 0 R 1131 0 R 1132 0 R 1133 0 R 1134 0 R 1135 0 R 1136 0 R 1137 0 R 1138 0 R 1139 0 R 1140 0 R 1141 0 R 1142 0 R 1143 0 R 1144 0 R 1145 0 R 1146 0 R ]
->> endobj
-1088 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 758.4766 539.579 767.5824]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.10) >>
->> endobj
-1089 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 746.5057 539.579 755.6115]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.10.1) >>
->> endobj
-1090 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 734.5349 539.579 743.6406]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.10.2) >>
->> endobj
-1091 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 722.564 539.579 731.5203]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.10.3) >>
->> endobj
-1092 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 710.5931 539.579 719.6988]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.11) >>
->> endobj
-1093 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 698.6222 539.579 707.5785]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.12) >>
->> endobj
-1094 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 686.6513 539.579 695.6076]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.13) >>
->> endobj
-1095 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 674.6804 539.579 683.6367]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.14) >>
->> endobj
-1096 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 662.7096 539.579 671.6658]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.15) >>
->> endobj
-1097 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 650.7387 539.579 659.695]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.16) >>
->> endobj
-1098 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 638.7678 539.579 647.7241]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.1) >>
->> endobj
-1099 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 626.7969 539.579 635.7532]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.2) >>
->> endobj
-1100 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 614.826 539.579 623.7823]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.3) >>
->> endobj
-1101 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 602.8551 539.579 611.8114]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.4) >>
->> endobj
-1102 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 590.8843 539.579 599.8405]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.5) >>
->> endobj
-1103 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 578.9134 539.579 587.8696]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.6) >>
->> endobj
-1104 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 566.9425 539.579 575.8988]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.7) >>
->> endobj
-1105 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 555.0713 539.579 563.9279]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.8) >>
->> endobj
-1106 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 543.0007 539.579 551.957]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.9) >>
->> endobj
-1107 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 531.0298 539.579 539.9861]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.10) >>
->> endobj
-1108 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 519.1586 539.579 528.1647]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.11) >>
->> endobj
-1109 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 507.0881 539.579 516.0443]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.12) >>
->> endobj
-1110 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 495.1172 539.579 504.0735]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.13) >>
->> endobj
-1111 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 483.1463 539.579 492.1026]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.14) >>
->> endobj
-1112 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 471.2751 539.579 480.1317]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.15) >>
->> endobj
-1113 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 459.2045 539.579 468.1608]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.16) >>
->> endobj
-1114 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 447.2336 539.579 456.1899]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.17) >>
->> endobj
-1115 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 435.2628 539.579 444.219]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.18) >>
->> endobj
-1116 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 423.2919 539.579 432.3976]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.19) >>
->> endobj
-1117 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 411.321 539.579 420.2773]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.16.20) >>
->> endobj
-1118 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 399.3501 539.579 408.3064]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.17) >>
->> endobj
-1119 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 387.3792 539.579 396.3355]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.18) >>
->> endobj
-1120 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 375.4083 539.579 384.3646]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.19) >>
->> endobj
-1121 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 363.4374 539.579 372.3937]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.20) >>
->> endobj
-1122 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 351.4666 539.579 360.4228]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.21) >>
->> endobj
-1123 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 339.4957 539.579 348.452]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.22) >>
->> endobj
-1124 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 327.5248 539.579 336.4811]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.23) >>
->> endobj
-1125 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 315.5539 539.579 324.5102]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.24) >>
->> endobj
-1126 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 303.583 539.579 312.6888]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.25) >>
->> endobj
-1127 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 291.6121 539.579 300.7179]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.26) >>
->> endobj
-1128 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 279.6413 539.579 288.5975]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.27) >>
->> endobj
-1129 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 267.6704 539.579 276.6267]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.2.28) >>
->> endobj
-1130 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 255.6995 539.579 264.6558]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.28.1) >>
->> endobj
-1131 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 243.7286 539.579 252.6849]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.28.2) >>
->> endobj
-1132 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 231.7577 539.579 240.714]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.28.3) >>
->> endobj
-1133 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 219.7868 539.579 228.8926]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.2.28.4) >>
->> endobj
-1134 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 207.8159 539.579 216.9217]
-/Subtype /Link
-/A << /S /GoTo /D (section.6.3) >>
->> endobj
-1135 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 195.845 539.579 204.9508]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.1) >>
->> endobj
-1136 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 183.8742 539.579 192.9799]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.3.1.1) >>
->> endobj
-1137 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 171.9033 539.579 181.009]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.3.1.2) >>
->> endobj
-1138 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 159.9324 539.579 169.0381]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.2) >>
->> endobj
-1139 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 147.9615 539.579 157.0673]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.3) >>
->> endobj
-1140 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 135.9906 539.579 145.0964]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.4) >>
->> endobj
-1141 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 124.0197 539.579 133.1255]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.5) >>
->> endobj
-1142 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 112.0489 539.579 121.1546]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.3.5.1) >>
->> endobj
-1143 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 100.078 539.579 109.1837]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.3.5.2) >>
->> endobj
-1144 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 88.1071 539.579 97.2128]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.3.5.3) >>
->> endobj
-1145 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 76.1362 539.579 85.242]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.3.5.4) >>
->> endobj
-1146 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 64.1653 539.579 73.2711]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.6) >>
->> endobj
-1087 0 obj <<
-/D [1085 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1084 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1149 0 obj <<
-/Length 3424
-/Filter /FlateDecode
->>
-stream
-x\xDA\xED\x9D[s\xDB6�\xC7\xDF\xFD)\xF4\xB6\xF6\xCC
-\xC1\x95 v�vl\xA7馗\xB4k\xBB\xB33\xDB\xED�-\xD12'�\xE9\x8AR<\xD9O\xBF\xA0�@G�xj$i�\xC7j\xA6c\xD9\xE2\xE19:\xFF��q#\xC5F\xD4\xFEc#\x95\x91\xCCp3\xD2F�E\x99�M�Gt4\xB3\xEF}}\xC4\xDC1c\xD0��uvu\xF4\xE2\x95\xD0#CLƳ\xD1\xD5\xCDH*E\xB8ڜ,'4\xCF\xD9\xE8j\xFA\xF3\xF1\xF9�o\xAE\xBEzsuy\xF2\xCB\xD57G_]\x85\xB3Bό\x8A�\xFD\xFC��Mm \xDF�Q"L\xAEF\xF7\xF6�J\x981|\xB48\x92J�%\x85\xF0\x99�]�\xFD+\x9C�\xBC\xBB1\x8D~�F ��\x8F|�\xCE\xC1G\xE9\xDETl\xA4\x95!\x99\xE0b\xF3A2"\x88>�3N\xE9\xF1\xE9tZ\xAD\xAA\xA6.\xE6'c\xAE\xE8\xF1\xABj^\xBAW\xCDrQ\xACړq\xA6\xB3cr2V\xF6\xE8\xCF\xFA\x874\xE6\xE3\xCF\xF2@[i, \xC6\xE6-$pO\x8C\xE5lԿ\xB8 \xF2�\xBB14ܗg\xFF\xFC\x9D@\x8C\xB1=ȼޱ@0:P\xF7\x9A\xD973\x8B\xAE\xD4��\xCA��\xD2\xC2A-�g\xAF߼4=
-\x97\xABbU\xB5\xABjb\x81P\x9C> >k\x9E|Æ“y�\x86�OPQ\x94\xA7H �O\xA8{\xC6-<\x82É‘�\x8A\xC8,�@�[\xE8,TÂ’tu[\xEE#\xB5-=&\xE7Ï’�\x9F\xB0d�\x80!\xC6��\x841>\xCCC$�\x8C�Ô½\xBF\xFApAD\x9E\xB1@�sW\x9F\x87�\x9C7\xEBzU.\xEDo95\x87\xCA�'\xC5'3\x99�`\x88\x91�\xC5BI\x89�\x82\x91\x82\xBA\xDFV�ƈ\xA0�\xB0�*Ç›b\xE1KG\xB9|W.\xE3edË\xE4\xF9S\xD0{Ph\x9F\x89d\xA1\x81!&4\xCC4*t$�Lh\xD4}�:3\x86pÎ\xCE\xDC\xE9\xFC\x9F\xA6v:_TV˺\xA8'\xE5o\x89m\xB4\xFC\t��\xD4\xE2T=\x81�"'\xCC'cbP\xCDH�\x88\x98\xA8ï–\xB9&\xF6\xC7VJ᤼(\xDBf\xFE\x88\xA6\x9Ag\xFC\xE9�\xEAA\x9D\xFBl$\xCB�\xCC0\x95\xB7\x99fL�\x8B\xBC��\xA61\xE2x+\xB1V\x84*m\x80\xC8Ò‰|\xD9LÞ–\xAB^\xD2\xD7/~\xF8-\xAD3*\xBF�\x91}>\x92e�\x86\x98\xD00ߌ\xA9a\xA9#\x81`b\xA3\xEE\xB7rg\x9C�;x�r+'\xF7y\xB3\xB8\xB3\xDA^W\xF3j\xF5\xBE�\xF7\xBEZ\xDDv�\xBEx%\xCC\xCE\xD94\x91\x86f6\x86\xEE4\xDDp\xB2?jǧ=H�\xED\x8E\xC9\xF7h�\x9F[Gp\x90�\x9F\xB2d"\x80!F�\x94�%"��FÄž{�\xDC\xFBÙLR"\xB9\xD0�\xEF\xDD\xEC�\xA5\xFD�A/\x98\x9F&('\xEBe\xC0⼩\xDBjZ.\x8Bn\x86\xA9�N\x9C?\xB5
-\xE0q ��\xFB�O\x98�N�8�\x96\xA8=\xB7\xB1\xB9\x94\x8C\xE7DH\x96\xF5\x89\xDAt^\xBB\xB9\x94\xD3ɤlC-\xACW\xCB�\x96�7n\xD6\xED;[)7\xEF\xC9ÌJz\xBB\xF3 Onw\xC0�kwPP�\xA3H �N\xA8\xFB\x80�\xCB�W\xC6\xE3\xC4]�\x85\xC0s\xDB~\x99d\xAE\x82\x9E\xDF.\x9Bf�\xA9\xB3B�*\xB9;\xAA\xA8\xA7\x9131C\x84\xD2\xD2�sY\xAE\xD6\xD54v\xA6܆$}\xC9~!
�S\x81\x9F\x9AX\xAFi2\xB1\xC0�#�2\xC3X>Ll$�\x8CXÔ½\x9B\xEC\xB1\xDD;´V�\xD80\xD9\xD3M\xFC\xED#\xA7\x98\xA52�\x8E\xA5\xC9 \xBCvx\xA8\xB9?\xEC\xAB\xFA]\xD5�\xD0zQÖ¶\xEB)2\xF1|\xAA\xE3 V>\xF3\xC9X�C�+\xA8,\x8AU$��+Ô½\xC3J�N\xA8Q[\xAC\xB8\xC3꧶\xAAg\xFDet�%Lg$7\xBE:\xB6\x835\x8D�MCM{\xB5\xAE']\xA7Ū\xA2\x9F3R!\xEB\xA9HAC�\xA9�U1\xA4b\x81 H\xE1\xEE\xFD\xB5U\xE5\x94P&\xA4cJ\xB8\xAE\xDA\xCB\xF7u\xB1\xA8&=S?\xDDM\x8BU\xF9\xB0w\xABUv\xE8\x8Dʼn\xF19M&��b\xC4@\xCDPb"\x81`\xC4ì¹\x8D\x82\x94\xB2#ÚŒq?VÝŒ\x82\xAEN�c\xC7\xCBf}=/\xDB[{\xFD\xEA
-\xD2`~\xFC��;Ø�\xC8`g'2Ƈ�\xFC\xE0\xF9\xB0|ì¹\xB6 \xA9\x88\xD0\xC6\xE5#�vΛŢ+\x9E]\xA3\xF9\xB1\xBFP\xDB\xDC,\xBAá¼”\x87\xB1Mz\xA3\xF2iNnT\xC0�kTPF�\x9EH �D\xA8{e�\xC2F\xA1\x99g(t�_\xAF\xFE\xE2�\xCCu\xE3\xA6�\xEF\x9B\xE5[Ûº\xFE\xDE\xFFv\xDB\xDC\xF7/&\x85\x83\xEDu\xFFã¿”\xF2\xD9z�\x9E+\xDD\xCDÚŸ\xE1\xB6�\xA7\xBDw}\xC8\xD9?lEg\xF9\x9F@\xC1\xA0\xE0>'É‚�CLp\x98sT\xF0H \x98\xE0\xA8\xFBP5\xB8\xED\xCD3\xE5�\xE7\xAEj\xBC\xAE'\xBDd]\x9F>t꺑j?kr[Ô³\x9D\xBE\x9E_�\xAC\xFC\xEE\xA57\xEB\xC5u\xB7\xD8`\x9D<\xA1R0�\x81OS2�\xC0�\x83 Ê€B� �\x83 u� \xA0\x860!��\xBE\xEF\xF5\xEF\xDB�6\xDB\xF3�
-\xFBk\xBF\xCE\xF0\xCFr~g[\xAD\x94\x87\xEBÈ£Pr\xC9N&ik\x87\x81�\xA4D9Ú�\xC3\xE8\xA1\xEFX\x87L\xE6�\xB1]\xB7|\xE3\xFBÔ–qÎO\xEF\xEE\xCAzZM\xCA\xE1)\xE7`\xF6\xD8^�4 at za;\xE10>\xBC
-�χ\xE4`\xDFm\xAC)I-\x894y?\xD1}\xDA]?\xB5\xB6i\x98\xBC\xAD\x9B\xFBy9\x9Du\xF5\xB4[d\xE5\xE6\xD0\xF7Jn:!\xB9\xA9m��"\x8DgG<�\x99H �:\xA8{\xD7\xF7\x92�'\x92e\x81\x9C\x8E�\xD35\xA1\xBEʞ-\xAB\xF2\xC6�ܪ]5K\xB7\xB0\xD3\xDC<\xB8�\xBF|s\xF9\xE0j\xDD/
-e\x94}9E4$+\x99�`\x88\x91 \xC5 at I\x88�\x82\x91\x80\xBA�EDQ"\x84\xCC�
-\xBC/"_\x97u\xB9\xF4ݫ\xA0\xF2Ey\xE3.\xD3ag\xCE\xEB\xFAf\xB3a|3i\x96\x99/\xB3b�\x92\xE1s\x97L�0\xC4Ȁ\xDA0>\xBC\xEF#��F�\xEA\xDE׈\xCDr��`\xF8�\xF1\xFA\xC7w\x99k\xF4\xD3iOCۖ\xAD�\x81)zj\xFF\xB3?Y\xB7\x88\xAF��\x92\x90\xC7dH\x80!� \xD4 \x85$��� \xEA>\x94�\x9E�\xA6\xA9\xA7D\xF4\xE5㬺\x9EW\xCDlY\xDCݾ߂�.�\x97\xEB٬lW\xE5ԗ\x95bj�x=3\x82\xF3\xE7\xD17�\x99K\xE6��b\@eP."\x81`\\xA0\xEE}\xF1`\xB2\xBB\x83Jy,|\xF1\xB8(][\xE5{\xDD\xED\x95\xC3o\x8CX\xB8\xBE\xAAG\xE5\xE2\xD5y\xDB\xF3\x90\x8B\xE7ƒOY2�\xC0�\xE3�J\x82\xF2� �\xE3�u\xEFy\xA0\x9CP\x9Amy\xE0\xEEb\xD2m\xF7\xAA\xFD\xE8\xFE岸\xE9(0\x86��'\x8FA\xC6g5��`\x88!�Uc|x\xD1%��\x86�\xEA\xDE!#r\xFB'.e at F\xF4\xC8\xFC\xB0\xBA\xF5�\x8B_6\x935(�\xA7\xD7a\xBA\xB7�\x86(ƟG�#\xE4*��h\x88\x80\xB0\xA3��B,���ܽ\xEFc�\xADI.\xB9'A\xBA>\xC6\xC3M\x88a\x98\xF2]u\xBD,\xFC\x98\xF5r}w\xD7,-��3\x87\xC9
-\xAF\xA7\xCFh2/\xC0�\xE3�*\x86\xF2� �\xE3�u\xEF�G\xA6\x88Ψ\xF0\xB8\xF8\xBEG\xBF"\xE9�\xB0\xBF\xAE\xAB\xB6\xEA�\xF85;L\x8B} @>\xC7\xC9 �C� \xA8!\xE3f�\xA0H �@\xA8{�\x90�$\xD3\xF9� \xD7Y\xE9v\xC0Ws7\xD7!\x85<p\x93ÎOm27\xC0�\xE3�J\x87r� �\xE3�u﹑\x8C(\xFB\xB7\xC0\x8D\xF0\x9D\xDCvU\xCC=8_\xECn\xEF?\x84�\x9F\xE2d~\x80!\xC6�\x94�\xE5'��\xC6�\xEA\xDE\xF3\xC3
-QLn\xF9\x91=?\xDF\xD6ͽ[�}Yޔ\x93U\xFB\xE2\xC2�\xA2\x97դ\xBF\xC1bl>ۮ\xCD\xEF3T�\x89J\xA6 �b�@!P
-"\x81`�\xA0\xEE=�L�)8��\xA8\x9E\x82\xF0 \x85iÝ’IS\xDF\xC0\xC7'd\xB9>����\x9F\xD5dd\x80!\x86�T\x8D :\x8CL$���Ô½G\x86*"�\xDD"\x93\xF5\xC8\�\x8B;\xFF\\x9FÓ»\xBBy5q\xB7d\x8D\x95\xCC��\xBE��\xF1IL&��b\x84@\x91PB"\x81`\x84\xA0\xEEÃ\x9D\xDC�³|\x8BH\xBFk\xD3�\xA4\xDB
-%;\xB1\xAC\xD1㢧\xA5\xAD\xB6ä´«\xF5u\xFFÊ\xF6\x80[\xBB\xD7+w;\xA8\x92\xFA\x89,\xDA\xF9D\xA4\xCA�\xEC�\x95a\x9A1\x91#Q �\xA3\xBE\xB7�猰<��\xF3�\x89\xC7E\xFB\xBE\x9E$�\xAD\xE5\xF1_w\xB6a\xBAÕ¿\xEEd\xB7n+e\xB3n\xE7\xEF\xBB}Y\xFC#\xC5q�!Y\x9C\xAD�&�H��\xC3�\x96"Q`\xE2`\xBE\xB7\xE2d\xA6{L\x9C�\xEA\x88]u\xFCÄ„\xED\xDA
-k�&\xB9Vˢn\x8B\x89�S\xD0\xE3ɼ\xDA\xDC�e\xA8\xF8\x93�\x96\xFF\x84\xC9\xE2�CL=\x98AT\xBEH \x98~\xA8\xFB\xAD\x80J�\xCA��P\xEE
-8+*'ܬ\u\x8B\xE3U}\xD3t\xABY\xFDJ\xD6\xCE>�{D],\xCA\xFD#Vayl\xD2L\xAD\xE8J\xA8\xDF_9\xFFÑ’\x95�\x86\x98r0u\xA8r\x91 at 0\xE5P\xF7[\xE5\xA4$F�x\xEDS\xBBÊ7w\xFB�\xB7\xBA)\xBC5h
-n
-\xF2\x8D\xAE{}\xD7\xD7\xC2ٲX\x9C\x8C\xF5β\xE5\xA7\xDA��>I\xB2P\xC0��
-f\x8A\x89\xE1g�\xC5�\xC1\x84B\xDDo\x85�\x9C\xE4JC\xA12'Tݺ\xF4^{\x99\xA6Í¢\xA8\xEA�ux:T�\x9E�5\xB9-'o\xFD/U\xED\x9B\xD6r\xD1\xEE\xEEd\xBBxuÞ¿\x90T\xCB\xF4\xFB\xBB�u\xF2�$Y'`\x88\xE9��\xC5\xC4\xF0\x96\xB1X \x98N\xA8{7\xDA\xE0\x9C�\xAD\x95�*\xE9~\xB4\xB1\xB3ì²³U\xCC&]Su\xD8h�gŧ3\x99�`\x88\xB1�\xE5BY\x89�\x82\xB1\xB2\xE7>\xB6Q\x9B\x99\x9Cp.\xFA%\xE4\xB3n;\x878\xFE\xBE\xA8\xD7~o\xE1]1C\xF6k�\xEB\xC7\xEE׆�\xC8~í¨\x98�~\xA6
-<�\x92\x8B}\xB7\xB1uL\xDBI$L\xBA\xC78\x9Dm\x96\xA5\x849\x9EV\xB3/c\xC7Ó\x9B�
-z\xA4\xB6<h\x88\xB4\xBC�\xBDQ\xCA"\x81`\xB4\xA1\xEE�mZ�\xAA\x8C\xA7\x8D\xF7\xB4\xDD6]\xF7R\xE9�n<n^\x90dÜ€!\x86��\x9C\xC9ṇX �n\xA8\xFB\x80[ƈ\xD1Z8Ü„+nuÛ–\x93\xF1\xB4\xBD\xE9{o\x8B\xB7\xA5\xED \x88<?\xD0\xF4\xC1�\xF9D'c��1\x8C\xA0\x90L�\x8F�b\x81`�\xA1\xEE�FÒ\xDC(\x8F\x91\xDC\xC1\xC8\xC2\xE39\x9A�\xD7\xE5\xFC\x89?/\xF8O`\xC7g7\x99�`\x88\xB1�\xD5crx\x8Fi,�\x8C�\xD4}`Gh\x92\xFB��\xCF6\xEBf;\xEC\xCC\xCAn߆T\x87\xEB\xDA'\xA2\xC9\xE7;\x99&`\x88\xD1�\xF5d2�\xA6)��F�\xEA>\xD0\xC4�\xD1\xC2=Y\xE3l\xB3\xA4\xB6\xA5\xA9�Ú¾k\xDEvk\xAF\x8A�\x88\xFADD\xF9\x9C'���1\xA2\xA0\xA6L!]\xA4H �Q\xA8\xFB@��$\x93\xC6�\xA5w\x88j\xCBժꦲ��\xEA\xD3\xE1\xE4�\x9E\x8C�0\xC4p\x82\x8225<\xAF���\xC3 u�p\xA2\x8C\xA8\xCC=\xCC\xE3\x8C\xE4\xBB8U\xB3\xFA\x9B�\xAAK)� },H>\xD5\xC9 �C�$(%S\xC3st\xB1 at 0\x90P\xF7�\xA4\xDC�\x99+Ï‘\xE99\xEA\xE6Õ§\xE3\xCD<z\xBF\xD9(S\xFC Ї�\xE4S\x9C\xCA�\xB0C\xF0\x81�25\xFC\xA4\xDAH��<\xA8\xEF\xF0�R\x9AH\xEA{ÜŒv\xFB\xA2w\xD8q5H�\x8Aχ!H\x9F\xE2\xE4\xAF� fØ—\x81l\xE5cj\xF86\x8D\xFD�\xB0/�A�\x87\xC7�+\xE27\xCBYl�\xC0ÆŽ\xE9\x8D:LG\xFE\xFEÓ‘N\x82\xE4\x87\xC6�3쑱[yY6\xDC-\xDA�a�\xAB\xF0\xA5\x88cnH\x9EG�\x9Cc\xFFg\xC4(\xC5?\xFE;�\xB7_�)5�\xF9\xD0�\qm�\xA7T\x8F\xBA\xAF\xC1r�\xD4\xEA�r\xB3\xC1\xE6(�\xFA\xFF�xb\xE4cendstream
-endobj
-1148 0 obj <<
-/Type /Page
-/Contents 1149 0 R
-/Resources 1147 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 939 0 R
-/Annots [ 1151 0 R 1152 0 R 1153 0 R 1154 0 R 1155 0 R 1156 0 R 1157 0 R 1158 0 R 1162 0 R 1163 0 R 1164 0 R 1165 0 R 1166 0 R 1167 0 R 1168 0 R 1169 0 R 1170 0 R 1171 0 R 1172 0 R 1173 0 R 1174 0 R 1175 0 R 1176 0 R 1177 0 R 1178 0 R 1179 0 R 1180 0 R 1181 0 R 1182 0 R 1183 0 R 1184 0 R 1185 0 R 1186 0 R 1187 0 R 1188 0 R 1189 0 R 1190 0 R 1191 0 R 1192 0 R 1193 0 R 1194 0 R 1195 0 R 1196 0 R 1197 0 R 1198 0 R 1199 0 R 1200 0 R 1201 0 R 1202 0 R 1203 0 R 1204 0 R 1205 0 R 1206 0 R 1207 0 R 1208 0 R ]
->> endobj
-1151 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 758.5763 511.2325 767.5824]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.3.7) >>
->> endobj
-1152 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 746.4943 511.2325 755.5003]
-/Subtype /Link
-/A << /S /GoTo /D (section.6.4) >>
->> endobj
-1153 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 734.4122 511.2325 743.4183]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.0.1) >>
->> endobj
-1154 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 722.3302 511.2325 731.3362]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.6.4.1) >>
->> endobj
-1155 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 710.2481 511.2325 719.2542]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.1.1) >>
->> endobj
-1156 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 698.0664 511.2325 707.1721]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.1.2) >>
->> endobj
-1157 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 686.084 511.2325 695.0901]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.1.3) >>
->> endobj
-1158 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 673.9023 511.2325 683.008]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.1.4) >>
->> endobj
-1162 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 661.8203 511.2325 670.926]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.6.4.1.5) >>
->> endobj
-1163 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 639.3926 511.2325 648.1048]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.7) >>
->> endobj
-1164 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 627.2856 511.2325 636.2917]
-/Subtype /Link
-/A << /S /GoTo /D (section.7.1) >>
->> endobj
-1165 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 615.1039 511.2325 624.2097]
-/Subtype /Link
-/A << /S /GoTo /D (section.7.2) >>
->> endobj
-1166 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 603.0219 511.2325 612.1276]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.7.2.1) >>
->> endobj
-1167 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 590.9398 511.2325 600.0456]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.7.2.2) >>
->> endobj
-1168 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 578.8578 511.2325 587.9635]
-/Subtype /Link
-/A << /S /GoTo /D (section.7.3) >>
->> endobj
-1169 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 556.4302 511.2325 565.1423]
-/Subtype /Link
-/A << /S /GoTo /D (chapter.8) >>
->> endobj
-1170 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 544.3232 511.2325 553.3293]
-/Subtype /Link
-/A << /S /GoTo /D (section.8.1) >>
->> endobj
-1171 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 532.2411 511.2325 541.2472]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.8.1.1) >>
->> endobj
-1172 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 520.1591 511.2325 529.1652]
-/Subtype /Link
-/A << /S /GoTo /D (section.8.2) >>
->> endobj
-1173 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 508.077 511.2325 517.0831]
-/Subtype /Link
-/A << /S /GoTo /D (section.8.3) >>
->> endobj
-1174 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 485.4053 511.2325 494.2619]
-/Subtype /Link
-/A << /S /GoTo /D (appendix.A) >>
->> endobj
-1175 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 473.3431 511.2325 482.4488]
-/Subtype /Link
-/A << /S /GoTo /D (section.A.1) >>
->> endobj
-1176 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 461.2611 511.2325 470.3668]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.1.1) >>
->> endobj
-1177 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 449.2787 511.2325 458.2847]
-/Subtype /Link
-/A << /S /GoTo /D (section.A.2) >>
->> endobj
-1178 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 437.1966 511.2325 446.2027]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.2.1) >>
->> endobj
-1179 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 425.1146 511.2325 434.1207]
-/Subtype /Link
-/A << /S /GoTo /D (section.A.3) >>
->> endobj
-1180 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 413.0325 511.2325 422.0386]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.3.1) >>
->> endobj
-1181 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 400.8508 511.2325 409.9566]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.3.2) >>
->> endobj
-1182 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 388.7688 511.2325 397.8745]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.3.3) >>
->> endobj
-1183 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 376.6867 511.2325 385.7925]
-/Subtype /Link
-/A << /S /GoTo /D (section.A.4) >>
->> endobj
-1184 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 364.6047 511.2325 373.7104]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.4.1) >>
->> endobj
-1185 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 352.5226 511.2325 361.6284]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.4.2) >>
->> endobj
-1186 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 340.4406 511.2325 349.5463]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.4.3) >>
->> endobj
-1187 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 328.3585 511.2325 337.4643]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.4.4) >>
->> endobj
-1188 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 316.2765 511.2325 325.3822]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.4.5) >>
->> endobj
-1189 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 304.1944 511.2325 313.3002]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.4.6) >>
->> endobj
-1190 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 292.1124 511.2325 301.2181]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.A.4.6.1) >>
->> endobj
-1191 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 280.0303 511.2325 289.1361]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.A.4.6.2) >>
->> endobj
-1192 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 267.9483 511.2325 277.054]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.A.4.6.3) >>
->> endobj
-1193 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 255.8662 511.2325 264.972]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.A.4.6.4) >>
->> endobj
-1194 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 243.7842 511.2325 252.8899]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.A.4.6.5) >>
->> endobj
-1195 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 231.7021 511.2325 240.8079]
-/Subtype /Link
-/A << /S /GoTo /D (subsubsection.A.4.6.6) >>
->> endobj
-1196 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 219.6201 511.2325 228.7258]
-/Subtype /Link
-/A << /S /GoTo /D (subsection.A.4.7) >>
->> endobj
-1197 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 197.048 511.2325 205.9046]
-/Subtype /Link
-/A << /S /GoTo /D (appendix.B) >>
->> endobj
-1198 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 184.9858 511.2325 194.0916]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.1) >>
->> endobj
-1199 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 172.9038 511.2325 182.0095]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.2) >>
->> endobj
-1200 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 160.9214 511.2325 169.9275]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.3) >>
->> endobj
-1201 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 148.8393 511.2325 157.8454]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.4) >>
->> endobj
-1202 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 136.6576 511.2325 145.7634]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.5) >>
->> endobj
-1203 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 124.5756 511.2325 133.6813]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.6) >>
->> endobj
-1204 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 112.4935 511.2325 121.5993]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.7) >>
->> endobj
-1205 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 100.4115 511.2325 109.5172]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.8) >>
->> endobj
-1206 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 88.3294 511.2325 97.4352]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.9) >>
->> endobj
-1207 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 76.2474 511.2325 85.3531]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.10) >>
->> endobj
-1208 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 64.1653 511.2325 73.2711]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.11) >>
->> endobj
-1150 0 obj <<
-/D [1148 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1147 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F39 1161 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1211 0 obj <<
-/Length 764
-/Filter /FlateDecode
->>
-stream
-x\xDA\xED\xD9\xCDO\xDB0� \xF0{\xFE\x8A�\xE9!\xC6\xCFß¾2\xC1$�L�\xB91�QS>&\x9Av-\xDD\xF6\xE7\xCF!\xB5kV硈\xF6\xC2"\x84�\xAD\x9Fß³\xDFOi\x92BN\xDD�\xE4F�Êȵ�DR\x90\xF9t\x9E\xD1\xFCÞ½\xF79\x83\xED\x98\xC2�*\xE2Qgevz\xC1un\x89UL\xE5\xE5]4\x97!\xD4�\xC8\xCB\xFA\xE6\xE4Ó—\xAB\xF2\xFC\xAA\xBC\x9EÜ–\x97\xD9y�&\x8D��\xE5\xED\x8C?\xB3\x9B[\x9A\xD7.\xFFeF \xB7F\xE6\xBF\xDD?\x94\x80\xB5,\x9FgBr"�\xE7\xFE\x95\xA7\xEC:\xFB�&\x8C\xDE} M-DrC\xA4a:\xB1�Æ¢\x95Xwh\xDCTZZ\xA28\xE3/+9#\xC0&\x85\xE0\xF6\xA4\xA9泺\xF8\xB1ج\x9A\xEAi\xB9zl\x9E\xDD\xEBJ\x9D\x90I!)\xFD\x98\x84\xB5\xEF�\xFF\xA7\xF9\x92q\xB7\xAFF\xEF6x\xAF[\xAB\xFB\xBC;\xF8�\xF7\xCF\xC7�q\xE0~\xFF\xF6\xE7o��J\xEC�\xE2A\xA4
-\xC1\xF8\xA0\xE9��\xA1\x89\xD2�<�\xBE\xE5\xB3\xDE,\xEB\xEAy\xE66G\x8B�\x8D\xE6\xE8\xAE\xDE\xE2\xE5�0\x98W�\x88\xF1\x8A��J\xF6\xF3J�\x82\xF1B\xD3�^\�\xCD\xC0z^\xA2\xE3\xB5j\xEA\xA9;�\xF3\xBF\xD3:�\xB4\xB7\xBC\xF9\x8E�\xF6��b\xDE⎃\xB2\xFD\xDE�\x85`\xDE\xD0\xF4\xC1\x9B+C+e\xBC\xB7�\xEE\xA7��\xA2\xB1\x8C��\xA2M\xD1�j)\x92颹\xEBF\xBE\x9AUA;\x99ގ�\x8D�ԡ\xEF\xD4`\x87Q \xE60\x96 \x9A\xF6;L�\x829D\xD3�\x87 \xC4 (\xEFP\xED\xCE{E\x8B\xED~\xD6L
-�|<\xC7��\x95\xDF\xF6\xC1\xA8\xA2@�U\xDCVЬ�U\xA2���\x9AޣR\xEE\xC0H%<*ݡ\xAA\xEBf\xBDCe\x94�5�FS\xD8\xE2 at Dӫ~\x82\xEE\xBF\xF2O�\x82h\xC2\xD3�MF�K!\xDC8\x9ANS\xB5ZV\xED\xCD\xE3\xA4`j\xBC�;\xE6'`h\xC0`^Q \xC6+n0\xE8\xFE+\xFFT!�/4}\xE0\xA5%\xB1B\x85�K\xDB\xF1r\xE7\xA8U\xD5ԋy\xFB\xF1\xA7F_G\x81\xE5\xB7~0\xAC(�\x83�\xB7�\xB4ꇕ(�\x83\x85\xA6�\xB0�'\xD6RK\xC9h�\xEBq=-�\xE6մ\xF8N)\xFB\xB3Y:_�FQ��\xE5\xF7|\xB0\xA8(���\xF7��\x95(��\x85\xA6�\xA2$#\x94K\xD3\xC8\xC0?�\x9BM\xF9C\xB5~\x98�\x96\xF3\xF1Tu�X~\xEB�Ê�1XqkA\xEB~X\x89B\xF6`\x85\xE7\xF7\x85�E�uq\x89G\xF8\xEE�\x88\x95�\xDE\xFF\x85\xC1\xEEk
-\xA1 7\x86\xA5\x97˩q̕ι$\xED\\xEDb\xF5.u;(\xAA\xFC/\xD0i\xEC\x97endstream
-endobj
-1210 0 obj <<
-/Type /Page
-/Contents 1211 0 R
-/Resources 1209 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1226 0 R
-/Annots [ 1213 0 R 1214 0 R 1215 0 R 1219 0 R 1220 0 R 1221 0 R 1222 0 R 1223 0 R 1224 0 R 1225 0 R ]
->> endobj
-1213 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 758.4766 539.579 767.5824]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.12) >>
->> endobj
-1214 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 746.5215 539.579 755.6272]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.13) >>
->> endobj
-1215 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 734.5663 539.579 743.672]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.14) >>
->> endobj
-1219 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 722.6111 539.579 731.7169]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.15) >>
->> endobj
-1220 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 710.7556 539.579 719.7617]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.16) >>
->> endobj
-1221 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 698.8005 539.579 707.8065]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.17) >>
->> endobj
-1222 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 686.7456 539.579 695.8514]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.18) >>
->> endobj
-1223 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 674.7905 539.579 683.8962]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.19) >>
->> endobj
-1224 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 662.8353 539.579 671.941]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.20) >>
->> endobj
-1225 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 650.9798 539.579 659.9859]
-/Subtype /Link
-/A << /S /GoTo /D (section.B.21) >>
->> endobj
-1212 0 obj <<
-/D [1210 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1209 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1229 0 obj <<
-/Length 2174
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDDY\xDDo\xE36�\xF7_\xE1G�X\xEB\xF8%\x91\xEC\xE3\xEE\xB6\xC5�\xC5��\xBD>(�c�kK\xAE>\x92\xBA\xFD
-9C[\x8A\xE5\xCD\xF66\xC0�E\x80\x88\xA4\x86\xE4p\xE67\xBF�\xCA|\xC9\xE0\x8F/M\x962i\xD5R[\x95f\x8Cg\xCB\xF5~\xC1\x96�x\xF7\xFD\x82\x93\x8C\xCAd\x9A))\xA13\xF3v\x95I\x93fF\xE8\xE5j\xBC\xC8Û»\xC5?\xBE�|)X\x9A\xE7"[\xDE=\x9C\xF6ʵI\xADTvyW\xFE\x92\xBC\xDB�\x87Þµ7+\x91\xB1\x84\xDF\xFCz\xF7�NS\xA96\x9A\xFBi�\xB6\xC8Rm\x99 �>\xD4}۔ú\xAF\x9A\x9A\xC4\xC5Ò¦6�y\x94\xD60�\xD4\xF5\xD2w[�K\x9B\xDCOsm\xEDz\xEC\xBDo\xF6EUc\xFBc\xB1'\x99\xDBc×»=\xB6\xFF\xC32\xF6\xFE\xE3-<\xB8�\xD0ɺ\xA9\xBB\xAA\xEB;|\xDD<à³\xEBwǺ/~\xA7\xC1\x86\xC6�n]=�\x9FIÖ°ß³U\\xDDW}\x85\xA3:\xA9nxRc\xD3O\x823\xFASq\x9E\xDA,�\xD1�t�)X\xE2�"�O
-\xECn+\xD7�\xED
-7\xC9z[\xAD\x8B�\x8E�3k\x95\xBC\x81�iP�\xFF\xA6\xBD1ɰ\xF3\x9B\xFBE\x86Ε8\xFEд\xD8(\xDD\xCEm\x8A\xBE\xAA7\xB4\xCF\xD0o\x9B\xB6\xEAA\xCD#\x8E4\x8F\x8Ed\xC3\xE1h\x87\xA2\xA6\x95h+�F
-�\x9E\x9C\x88\x87�U\xFB\xC3\xCE\xED\xC1�E\xF0\xEBJ\x80\xA2\xFD\xB6\xF0\xEE\xD2YR\xAC\xFB\xA1\xD8\xED\x8E8\xBE/��\xB6\xA2)A$\xD8�\x86F~\xF6�\xCB2X\xC2u\x9D\xEBRP\xC2\xC8�\xBC\x8A\xA2e\xD1�(Vuq\xE5
-4\xA8jo�\xDF��\xF1\xCB`w�\xD6j\x86�\x8E\x82\xF7f|S�H\xDA\xEA~\xE8\xC3"ٜ?\xFC\xA8\xDF\xFC\xBE�ZE\xCCs\x95J\x95�B\xB1b\xA9\xC8%b\x9E\xA7 B\xCE�Kn\xD7\xCD\xC1\xE1
-�<\xF0|߬�o\xB9\xF9`�&͵\x9D��K޺\xF6�85\xD8\xD3NB\x83\xC5p\x80\xF1s\x90\xB0��o?||O\xF1 oO�\xEBP\xA2\xC0G�'\x81HM\x91Œε�"~4\xE0*\xCE\xF0R\xC3\xFE\xDE\xD1���<�.Xl5ga\x82\xA2\xC8$�*x\x96[8_p$\x8C\x97\xD1&\xA1w@\xBF=V\xA5\xA3\xF7`\xF9j\x8Dͪ�\x85\xF6�v0P\xDC7�MĘ
-B]� �K\xD5%6\xD6\xE8\xDB \xA8\xC8)\xA3\x99'\xE3\xCE��\xF9\xA6C7\xBE�~iÚ¾�\xF6\xD8\xF7�\xFFp\xFB\x8E���\xDE\xFC\xD8�Sv\xA4�K,>\xBA\xE6\xA1�\xA9Â’C\xB1\xFETl\xA8\x83F\xF7r\x91\xE3\xA0]\x94\xFB\xAA\xF6p-\xFA\xA6E ��5\xD03\xF09B\xA6\xEAf6\x8DØ£c�z�"\xB4\xD7MKAwhê’¦\x87\xF8\xFC\xCC)R\xF3e\x81 (�\xFE\xD9n\x8A\xBA\xFA\xE3䑳Ng\x95\xBF<2>\x9C(\xA7">\x89�z\x83\x93\xA5�M6\x90\xD32\x9E\xC3"\xD3���𙽔\x80\xF4i�\x89�\xC3 �!\x87\xB9.n\xEBp׈K�#\x9A\xCA�i0B\xA6\x83!\xC8Ekw\xE8#wL\x94�L\xA7,�jN;\xF1\xA2v�!k`\xAF\xA8�\xF9\xB1�\x90\xBF0�\xAD\xA4�\xA9\xE1\xB0\xC5�\xCD(\xFB\xDBPa#R\x83\x96�>h\x84TS\xD7�\xBEÐ'�Ä´2y,Úª�h\x9E\xAB�q\xB1\xA6�\xAB\xF90�|5\x8EX\x9C|i� %D\x9E+}i�\x99\xC8+v\xE0:\x8A��.\x97�\x90*�%\xFA\xA2\xFB\xB4\x824�\x8A�\xD3_\xAE\x97A�#E~\xF2:\xEE\\xF5�\xDAPI\x9E\xEA,\xD7S��\xC8\xE0\xA3Dh�! RW '�4A,�\x80\xA3W�C�J\xA2\x90&9\xE7>\xCD�Kq�Ĺ\xC8è‘¡`\x80\xD8�\xC0\xD8\xE1�$a�I�\xBD5\x9EAn\x83!\x8B�c\xF2�')fB\xAE\x99\xC9\xF3S\xAB\x81I\xA0(p\xEB\xE8JF\x99\x98�dv\xBB\xE6 EXr\x9C\xF1�\xCF\xC0�\xDA\xCE8\x98'j\xC6!Ò¦Z\xE7QÜ›G\xE7\xC9�\xA4\xE4-n�A\xE5s?)\xB0oN\
-\xBD\xA2|, \xE4ʓd�?|�˔ȆzR笸\xB5\xC0�\xF9\xB3`\x99P\xAF7\xA2�
-
-\x95"$D\x87N=\xA5JsN\xB6\xE4��\xB1�\xFA%=%h��\xD3�q\x9E�r\x99r\xA3ͅ\xA1`Z6� F\xD8|\x86�\x8C\x89 \xB0'�X�\x81Iv\xD5f\xDB?9\xFF\x9Fh\x82\xE5)\xE3z\x96&\xBAf\xF7\x88\xE5\xA8�j\xA9\xA96\xC9lp�Q�\xF4\xB0\xC6z\xEEy\xEE/�L\��&\xE4\xF3��\x8Aq��%I{�I0T\xD0\xD6\xC1\xB2\xBE\x8F�\x9C\xF5\x80u\x89� \xE0\xF09\xF1Y\xCAq\x86bm\xB4D��\xD7ԛ\x86\x8A�\x8Bզ[�L2\x91Z\xC6\xE44\\xEA�7R�\xA3R\xD9s�\xDD�[\xD9T ~i$XC\xCF�\x89\xA9\xDCF#\x8D�g\x9C�q:@\xD5\xC4^\xB8�\x95P\xD9�ؽ\xA1\x82\xA2.\xE7ܥy\x9A˜\xCFib^\xD4d�\x96\xFE\xF4T\x82\xDFÅe\xDB4=YO\xC2
-\x91g\x9CO\xA1F\xC1�%\xB8\xDB��/\xB1s
-�k[\x9E\xDC7\xE5qZ~\xF6QhTG�"'\xC3\xC6\xE4d�9Q\x8D�\x88�(\xCC�\xA01)pq\xA4\x9E\xE2ppuY\xF9\xEC?s\xF8<\xE5J\xC7\xEC�\xE9ɜ\xE8 ;pK{�v؞ 3\xDAC\xAATI\xF3\xCC�\x84Z\x91\x8F\x8B^\xEF: \x945\x84\x8D\xE0]\xC0\xBFЀ\xFB�W\xC2u^\xE7Q\xBB\xFB\xEA~W5\x9B\xB68l\x8Fs�P\x80�*\xF2�&1X�J,\xE0\xBCP\xE6L5\xC1m\xF18Pj;\x92�Q�O"�\xAFa\
-\xFD�\x93NW�A\xF7y\x8C)
-\xC4gM>\x8D)\xAC\xBA\xBF\xACÚ”TmBq\xFE\xE8Ù·\xA9\xA9\xB4\xFC\xA9\x8B×»\xAA\xFEʲ3\x94\xD1q\xEE\xB9\xEC�\xDD'\x8Au\xF0\xF7\xB3\x82�1H\Â’\x8D\xAB�\xF8P\xE8x@\xAF\xE0�'`'\xAA\xFF\x8D\xD7j\xF1\xED\xDD\xE9\xFB\x8DÍ¡��\xA4\xF0\xCC@\xDD(\x85\xFFx\xF3\xDB\xE2\x97_Ù²\\xB0\xE5��\x96Jk\xB2\xE5�t�X�*\xC5\xFDBIh\xB2\xCCÄ‘\xDD\xE2v\xF1\xAF\xFFqV\xD4cT(\\xD5 \xE71X\x8B\x9A�\xDDÓ¥V\xF1L+\xEEÉ�~\xFA"5E3�|H�\xCB(\xC8\xD1VÑ•'\x94Ot]\x89\xD9\xEF\xC2lR \xE3pn\x96\xE3-\xBEN\xEBÓ’/\xA8-\xA1tTP\xF9L\xD5\xFE\xF9F\xB0\xE4*\\xBA\xFE\xB8\xBB<D&\xF2T\xE5Y\xF6\x8A\x87P�\xCA,\xE6\x93>\xCD\xFD\xFF\xC1I\xC8Ô‚\x8B\xFFę⌫p�P\xB4[+\xCF�8\xC5,\x9C\xA4�JA\xB6)|\xDAQp�\xEF\xB7\xFEs�ĵR�.\xF7L\xEC\xDCi@$?\xFD\xFB\xC77(\xB9m\xBA~$ \xBC�*\xF0\x99\xCF�; R\xF4.ɇ[0\xDD\xF3k\xF7D�p\xED~\xFA\x8A\xCA\xD7\xEB\x88�\x9D\xF2\xEB�7B\xF4sËy\xE6�=\xB2\xDCw\xD5\xEF\x9Ecs\xA0ߧ\xAA\xEC\xB7\xD7\xC1\xFBj\xFA\xFE\x85\xC0��\xFD\x8A\È TY\xFE�x\xB9L\x99��b\xFD9\xAD \xAB\xB41\xE7�\x86\xCF\xE0g\xB4Ñ«1\xE2så•™\xC5\xCFX\xF9�\x80~�
-Í·Í®\xBC�\xA5WS\xFDo
-%\xABSf\xB9} I�\xAEi�\xB68\xD9\xF0eId\xA3\xA1\xFF�\x88F[\xBC�\x86\x9Ek}\x85\x82\xC6Z_@\xE8�p^MÝ¿
-n�ܱ\x99\xE6P;\x83a\xA4�j\xFC\xDB\xDF\xC5o\x80"P\xB0\xBF\xBD\x82\xFAƘ\xD9�
-\xE3\xEFp[K\xFDω\xB3\xE8\x91�\x81R0\xB5$\xA1P\x87_\x98=\xFE\xE4x^)\xEE\xF6_�\xF3�]endstream
-endobj
-1228 0 obj <<
-/Type /Page
-/Contents 1229 0 R
-/Resources 1227 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1226 0 R
->> endobj
-6 0 obj <<
-/D [1228 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1230 0 obj <<
-/D [1228 0 R /XYZ 85.0394 582.8476 null]
->> endobj
-10 0 obj <<
-/D [1228 0 R /XYZ 85.0394 512.9824 null]
->> endobj
-1231 0 obj <<
-/D [1228 0 R /XYZ 85.0394 474.7837 null]
->> endobj
-14 0 obj <<
-/D [1228 0 R /XYZ 85.0394 399.5462 null]
->> endobj
-1232 0 obj <<
-/D [1228 0 R /XYZ 85.0394 363.8828 null]
->> endobj
-18 0 obj <<
-/D [1228 0 R /XYZ 85.0394 223.0066 null]
->> endobj
-1233 0 obj <<
-/D [1228 0 R /XYZ 85.0394 190.9009 null]
->> endobj
-1234 0 obj <<
-/D [1228 0 R /XYZ 85.0394 170.4169 null]
->> endobj
-1235 0 obj <<
-/D [1228 0 R /XYZ 85.0394 158.4617 null]
->> endobj
-1227 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1241 0 obj <<
-/Length 3187
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�\xDBr\xE3\xB6\xF5\xDD_\xA1Gyf\x85\xE0B\xF0\xD27g/\x8D3�o\xBAv'\xD3&y\xA0E\xC8\xE6,E2"e\xAD\xF7\xEB{�\xCE�EJtvۦӌ����\xC0\xB9\xDF`\xB5\x90\xF0\xA7�6�q\xA6\xB3E\x92E\xC2Je�\xEB\xED\x85\<\xC0\xDA_/�ì�\xD0j�\xF5\xED\xDD\xC57\xEFL\xB2\xC8D�\xEBxq\xB7�\x9D\x95
-\x99\xA6jqW\xFC\xBCT"�\x97p\x82\\xDE}\xF7\xF6r\xA5\xAD\\xBEy\xFF\xC3\xD5\xF5
-\x8Do\xAE~\xE0\xD9\xDB\xDCÞ½\xFD\x81Æ¿H+\xDF\xDC\xDC\xC2G]\xAE\x94\x8A�\xB9|\xFD\xDDÕwo?к\xE2#\xAFo\xEE>\xBC\xF3\xF7\xD7w\xD7\xEFo.\xBD\xFB\xFE\xE2\xEDÝ€\xF5\x982%
-\xA2\xFC\xDB\xC5Ͽ\xCAE��~!\x85\xC9R\xBB8\xC0�)T\x96\xE9\xC5\xF6"\xB2F\xD8Ș0S]\xDC^\xFCm8p\xB4\xEA\xB7\xCErJI\xA1M\xACgX\xA5\xF5�\xABl&b\xA3\x8Dg\xD5ݣ#\xF26MU5\x87\xB2~\xA0\x9F\xEB\xA6~ru_6uG�\xF9\xEER\xA5K�\xDEw\xAE\xA0QYӷp\xDDzW\xB6\xA3
-͆\xBE}\xB8\xE1\xDB\xEB\x9B7\xC3\xE1\xBFH\xA9�\xF6\xBB�7�\xFEK]\xB9\xBF\x9C\xB24NE\xAC$`�E"�\xFC\xBF\x8A\xA7:�\x89LNx\xFA\x9F\xED
-x\xC8�(\x85Ȭ\xFD��h\x9F\x84\xB3x�vL\x8FZ�\x9AV\x89\xD1ª\xE8\xA8\xDA\xD9H^I$\xB24Y$&�]\x921\x89\xEBR)\xB5l\xC6<\xBF�\x9E\xADT\xAA\x8DY\xFEt\xA9\xE5HD'\xFC\xEF\xFA\xE7�\xFEFY"2\x95\xE1=�.\xFF�u\xC8G�\xB6\xF8?a\x98\x96\xC2Z8{V\xC3�\xC74X_d#ϱ\x8F\xEE\xF9\xD0x\xDD-:\xA4\xFD\x9Bw\x91�m\xD1:\xA1�\xA5\x87~W~B͎\xA5\\xFET�\xFD\xE3\xCB\xDC"D\xB2?9\xBB$\x8C$8\xCC\xDFe\x97\xD2p\x9A$\xF0\x94\xEF\xCA\xFC\xBEr(\xAFFX\xFCyy�g\xE0�\xA3\xD4\xFE>\xAF$\xFAZKa\xE6\xBDwwy�<a\xBB\xEF\xC1�c#\xED\xF2\xE7\xBB\xCBL/ݧ\x9E\xD7\xD8'\xBAz]5g\xBE\xB3\xFBm?\xF1\xAE\xF7\xBB|\xFD\xD1\xF5ݯ/rt\x8C\xEB�\xC5\xD1c\x84\xF9\xB8W-3\x91&�\x94V\xA8dƘq\xA8;�y:IE\x94��y1\xC8\xCF@\xB0>JM-T$L�\xF1p�\xF3b8Uf\xC09N�@N�\xF4v\x88~o\x9Am�\xC4q\x93oy\xF6\xF6\xB9\xEB\xDD\xF6<=\xF0\xA61Q�\x88�@\x9E̒l�US\xB3l\xF7\xBB\xB6\xE9\xF8\x87\x8F\x88\xF0\xED�\xBD>\xA4zY4\xEB\xFD�\xC2,\xCD\xD3,\xAC7\xF4u\x9Fڊ\xB0\xF2\x9B\xF8\x94\xB2\xEE\xFA\xBC\xAAB䄙\xBC.\xE8\xB8}\xFBѹ\xF6\xF42\xDE\xC7\xE1�FHʷn\xF7\xD1U\xEE\x99f\xAE\xEB\xDE\xEDj\xD7#e\xE3H\x87\xB40;\xB2\x98\x99D \x92\xCE\xEC\xB2k6\xFDᨹ т\xE2\xE6�\xEE\xD5\xE5\xCAȄ\xF1\x82\xE9�/߻�O��\x9F\xE9�\xDA\xFDT:N=`\x890\x86\xC1f_�9\xB2'\xAF:\x82\xF6D\x8DA�\xB9\xC1\xD8#:!\x80\xCC\xF4%)RZ\xD3
-Q\xF2\x99F\x84�\xF07\xC4\xCF显��\xBD�̉d�!Z\xC6&�\x92O\xC5\xFA�W\xD1\xE6wcR\xE6\xD5\xC7
-�\x8F\x94'\x8E\x8E\xC4\xC56H�f�r`vJ�,z�\x82oNë¥Û‘\x80Ö\xE5:\xAF^\xE14D²\xEB!q\xD8\xF7\xDE��x\x91\xF7\xF9}\xDE9Hq\x8D�u\xE8i\xBA\xEB)r\xBA\x8E\x8E+\xEBM\xB3\xDB�\xCD� \xF8I+Û¼]\xCD\xF1\xBE%\xA9b\xDA�T�~\xA9\xE5c\xD3\xF54_�a�
-=\xA7�\xF4G�ʋ\x82\xAF\xEF��\xA9��\x9Eʵ#\xA8'\xB7\xEBrO\x98�4ʊf\xFD\xC6f\xDF�\xF7\x8Fp\xF7\xC0\xE6xV�\xC2\xDF\xD1��A�\xF8�w\xC6�\xEEYMF\xF4\xA0�\xB5m��\xF6\xE9\xAF�\xB6\xA5B\xAB\x84|\xCE\xEB\xAA�\xE9{e\xB3˪i>\xD2h\xDF\xD2w\xCAY?A_\xCE\xDElP%\xB0\x9CK\xB5|\xA6!H\xB4\xE2\x8C݂Ƚ^MRH\x8D\xDE=\x8D#\x8E\xD8\xCCͦ�\x9E\xCDh\xA11�]\x8Cb઄8\xB4{\xF6 \xE7+\xBA\xEF J\xF4H\xB7u\xAE.\x98\x9A\xDF\xF6nWz���Y�Xj\xCDx{
-\x81\xEF\x96Ui�K\x94\x86\xD0Yf\xA7\x9C\xAE\xBD\xCA�\xD9�\xA5<\x832\xF8\xF7�\xBC:a\xEC�j<\xF3 at 6-݇<7\x81\x918`&\xB4 )�\xB2Z\xC5ڒ\xC9\xE1"9I�e|\xF5\xC4\xC7\xE1\xCC`<^V8�\xE5L�\x86\xCA�\xE5\xF4 \xD8nj\xFDe���\x83\xFB��\xCF$L\xCC�7�s�\x92"\xCB\xC0M�\xBD\xAF\xC66a3o\xF46\x9DJ\xD9\xCFLEy\x8E�\x94\xAA"\x812\xF3(\xF9\xEA\xB0ss\xFC6 dKi@ ݅\xB1!\x8A\x82\xBDUŠX\xE3\xF3\xAD�I\xAAG\x8Au_ֳ\xE4�+\x92H\xCFi\xEB\x84�\xFF\x83r*\xA0\xBA\xEA�\x9Aɟ\xC0\xFC1y\xA5\x9F�\xF2�[\xFAu}\xFB\x9A\xE1=]\xA8tRH\xADө\xD2園\xB96\xDF
-!\xA0h�u\xD5\xE4\xC5׺�Ü¿wà¡€\xAE\x8B\xF9\\xE3\xEB��$9ìŒJ\x8E\x9E\xB9\xA0�<�\xBF} \xF5\xEE�!\x91M�\xA2\xC0r�\x8B\xEC\xB0�<Ù¹-*\xC8,\x8D\xCDX��\xA3\x8A\xE0\xF5�\xA8\xC6J\xC4v�Z\xFF\x98\xF7�4�\xC0\x82\xB0}\xC8\xEB\xF2s\xB8>gĘ\xA2\x9E\xC0�\xFD|\xBD\xE6\xA2\xCD\xFB7OZC_\x9A_\xB1�m*\xA4\xC2Dpl>\xFE\x9E|H\xCE1�\xDAq\xAATl\xCB�
-�V\x9F81\xBAo08\xA3��}\x8Ed\xB6|\x9B{/�KuS\xB8�ҩ\x80/�a\xA6\xBC+\xF6\xD1�/\x99\xE1\xAB\xD1)\x98�\xE4\xD9�ƞs��v\x9A&vd\xE1pxH�� \xE7\x90\xF3\xD1�\xD4\xDDU\x8C6\xAA\x89g\x8A�\xA6\xC4Ql\xA6\x9A�d\xA9\x95f\xE7\xA4�\xD3�3D\x97�H\x86)\xEBx \xFC�\x848W\x870�k\xB4�Щ\xAA�\xE0
-\xC2�"\xD7\xF1=\xF5\xC9z\x9B\xF7\x8F45\xB2S��\x8C8�\x88\xF8\x98\xC2K�8\xC5$Sc\xAF\xD14\xFD�o�T�I�\x9C�\x9EO\xA1�\x8A\xA0�\xF9\x94L�vGiz\xC4Y�|I\xE4�X �R\xFE\x84 5}�\xBB\xB2\xEF�\xFF\xC0\x88N\xA3\x9C\xF7\xE7\xF4\xC1\xF8\xE1\xA36\x8C=�\xE1[�^\xE1��4\x9C<b�"P><\xF64\xF4LA`\xB7\xE1�r0x>;/\xFE\xE93�\xF8�M\x8F��\xD5\xDE\xF2j.W\xF3(\x90[\xAA]\xA8Q\x9B\xBA\xE2\x84\xE7>4\x96\xEA�">\x8D�%\xD42\xEC\xCAʞ�]˖_\xF7\xC1{\xA2\xE2\xCDfE\xEF\xBC]�B\xEES\xBEm+oL\xE4�pr\xD0X�\xB3\xC6BU\xB1 {�\x8ASI\x9C\xE8 \x82T�&\xD6Ͷ\xCD\xEB97\xA7#(QM�\xCC\xF1\xED\xE4\xFA\xEBz-\xE6r\x8DD\xA4\xB1 \xAEq\xDD쫂\xAE\xB9w3\xCD�\x93 \x9D$\xE1\x82f\xBFC<�\xD3) \xB39�UF\xD8$R\x83\xF5\x93vZ%\xA4�\x88\x89v�0g=&T\xD3F
-f}:�0\x9D\xBD�\x862
-\x8E�5\e)\xB1�\xCAsP\xAF\x96f*\xF7\x84Z\x81\xC3 ��\xD8��\xA5\x84\xE7((\xCF`\xF3\xEF\xD2o\x85\x8D\xB2\xB0 Ա\xA9�\xBAWs\xDCEo*�\x85|\xEẢ\x91�\xA9J\xB3�*s½\xDB\xDF�\xFD0\xB8\xCD4�I�\x9Dd\xA1`\xA03\xD4)\xA1\xA3A\xB8/�\x83}\x8CA�\xAF\x8EI\xC0\x8C\xBC"\xE0U\x9ALy5G
-™dDͤ\xC1[�\x8D\x8B\xB3޻g>\x91\x99\x81�[|X93D\x83\xC9\xE4I\x80\xC49nbtX֧l^&�\xF7ᨃŸ\x87>߈\xBD�\xE8K��>\xDE\xFB�\xCCG\xF0xxJ\xC8�\x92C\xE7Ľ�\xA1M�\xAA\x97\xCFp\xD6\�\xA2\xB5P&�%ň\xA4\xF31\xDC\xE3\xD6#&>\x8B\xC0\xBB{\xFE\xB2\xCCc0\x95Ğd\xDF�y\xAC
-9\x9B\xC2N��<\k)\x9F�҈\xEA��8\xAD\xC0^\xF2
-\x8D𘎆T��\xA1GKG;&H\xAEEaH\xF4\xFA\xA1\xA7�}7DAζ5f\x83�c\xE9\xC7&\A\x84\x87\xFDs�lЛq�9nGΥ/\x90Q\xE8L�;:*�\xD763\xAA\x9A\x8A\xC8L\xF2���\xA1~DC\xE8�X\xD2\xF9�\xA3
-�V �\xEBO\xD4\xF73\x97\x93\xF8\xAC1<Qͧ��\xD4:\x8D�\xCF>t`(j7}\xB3n\xAA9\xE7nE\xAC�\x87"\x82GPBe\xF6\xC4VH I�\x9A�0ʻ\xAEY\x97�r\xE17\xC6E�\xB18\x92Q4K\x86h\x96p��߉0p\x9E!\xFBp�g�0
-�ij+P\xC2\xE9(;\xAD\x9D\xF6\xD4\xFC\xE13h�2\xEBb6\x91O \xF3\x8FC�\x88\xAD\xA5��:l-\xA1\xE2e\xD1\xF2\xB6 H{\xF7\xC2\xC8�\xA3�)biO\g\xB7o\xDBf\xD7�\xFD\x9A\xC1i\x98
-\xD9>K\xF6\xB9usώ\xE1\xC1먰'
-r\x9D\x80\xBF\x87\xF2T��P\x80\xF9g"Z\xDB=,h\xF0a\xD2F&\xF0\xD5�\xFE\xBC\xF7v\xAA\xEF*\xBA\xF5\xF1\xED�j&\xA1N\x91\xC1\x94_)(�ǧ\x9F\xB5\xB2�\xA8/ q~\xDAHQu�e\xA7\xCA\xF4\x9CS\x87\x84f\xE8\xBD\xF8J\xABp\xDEo\x94�Ubɴ\xF9\xE4\xAB/2\xC1IA \xBC/�j\xAE\xE66\xF3\xD5f\xCC-�\x95\xCC,\x8D
-�\x9D\xB4\x81� \x9Ce\xC7p\x84\xE1\xC6\xED\xC6\xD5^2\xA8؉��\x87\x885�?\xEBq\x9AI\xBDt\xFE9$ѳ\x8A\xA22\xA8Z\xA1l]\xA8T
-H\x95\xB2/h\xCA \xBF�o8\x97\xD2\xF9\xB9g\xBAr5\xA7+�\xFCe�+5\xC1\xE7\xFC\xD9#@}�\x8B\xF3\xD3�]9\xED^xʲ8\xD5\xE7]�\xC3]\x8C\xBE�w\xB9Ga3~\xF3\xC0�/\x94\x9A�\x9Cm\xEBvX=\xE0�\x8E}?\xC5hߨ\xC29\xCE�\x8C\x9C\xB4È |\xC5b\x82�|6�;\xCA-z\x92\xBC\xE6\xE9\x9E\xEF\x81\xC2�\x82HOZg8`\xE0\xA0(7\x88\xC1\x86ck\xBD\xE6\x9B\xEF]pX\xA0!\xD0\\xA0\x8Bd�Y\xBE6\xA3\x9Cc.\xE5P\x90\xA7&j\xD2w|\xE1 at _\By�\xCDV\xE3_j �\xFB\xE6ɉy_qW \xE8\xEFC\xEB\xA1
-\xEF);\xAB\x8E\xBDی\xF2\x844
-\x91t\xF4\xDAÄ\x84\xB6)\xC3;T\xE8u�\xAEr�\xA3w\xA6\xB3\xA7(
-\xAE\xA3f�w"\xAEh\xF6x׺\xA9;\xB0\xC7n|>\x94\xB0\x8F\xC3\xD3�\xB6Pˇ\xFDj\xCE�z\xFD\xC1\x94r\xFE!\xC8�\xA3+\x8C\x8F\xAD$\xFCE\x99��B\xF6\x91Q\x81\x99\x85�\xAD\xCA"�\xF4\xE3ǜ/\xC1\xF2\xB1r=?5M[\xF4\xB0\xCC\xCF[\x80̰u\xB8\xC2z
-\xC6m\x8F\xDCo<)\xB6\xF3=P\xBF+{\x92\x91O\xEDRzw\x81d\xEE\xD8P\xD66\xF4V`0\xD0h\xF5\xF0l�\xD3\xE3>\xA7\xA6|��\xEAv=�\xA3l\xC1\xE1\x93x\xFD1\x87\x9A[\xDA�Í„C9ßš\xDE4\xE2\xA6\xC57ɵk\xF9 \x92\xDF�\xFF�e\xAC\x88\xA6\xAF\xB8\xC7\xFF\xA4\xF9\xE2\xE3\xFD\xD7\xFE{\xD4\xF1\xBFÄ T0i\xAA_\xF0\x87)\xB6\x88Ì€�
-@\x9F!�\xFE\x8D\xEA�\xF3�4Ï©\xCAendstream
-endobj
-1240 0 obj <<
-/Type /Page
-/Contents 1241 0 R
-/Resources 1239 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1226 0 R
-/Annots [ 1247 0 R 1248 0 R ]
->> endobj
-1247 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [272.8897 207.1951 329.1084 219.2548]
-/Subtype /Link
-/A << /S /GoTo /D (types_of_resource_records_and_when_to_use_them) >>
->> endobj
-1248 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [190.6691 179.6723 249.6573 189.0819]
-/Subtype /Link
-/A << /S /GoTo /D (rfcs) >>
->> endobj
-1242 0 obj <<
-/D [1240 0 R /XYZ 56.6929 756.8229 null]
->> endobj
-1243 0 obj <<
-/D [1240 0 R /XYZ 56.6929 744.8677 null]
->> endobj
-22 0 obj <<
-/D [1240 0 R /XYZ 56.6929 651.295 null]
->> endobj
-1244 0 obj <<
-/D [1240 0 R /XYZ 56.6929 612.4036 null]
->> endobj
-26 0 obj <<
-/D [1240 0 R /XYZ 56.6929 555.4285 null]
->> endobj
-1245 0 obj <<
-/D [1240 0 R /XYZ 56.6929 530.6703 null]
->> endobj
-30 0 obj <<
-/D [1240 0 R /XYZ 56.6929 416.0112 null]
->> endobj
-1246 0 obj <<
-/D [1240 0 R /XYZ 56.6929 391.253 null]
->> endobj
-34 0 obj <<
-/D [1240 0 R /XYZ 56.6929 164.815 null]
->> endobj
-1249 0 obj <<
-/D [1240 0 R /XYZ 56.6929 137.4068 null]
->> endobj
-1239 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1254 0 obj <<
-/Length 3415
-/Filter /FlateDecode
->>
-stream
-xÚ¥ZKs\xE36�\xBE\xFBW\xE8�\xB9j\xCD\xE0A \xE4\xD1\xC9\xCClf\xAB\xC6ÉŽ\x95\xDAJ%9P�m\xB1L\x89\x8AH\xD9q~\xFDv\xA3� %\xC13\x9B\xDAÒ`���\x8D\xEE\xAF�\x90\x9C \xF8\xC9Ya2\xA1\xCB|\xE6\xCA<3B\x9A\xD9j{%f\x8F\xD0\xF7\xCF+\xC9cn \x9B\xE9\xA8\xEF�W\xDF~\xD0nVf\xA5Uv\xB6x\x98\xCCUd\xA2(\xE4l\xB1\xFEu\xFE\xFD�\xB7?-\xDE\xBE\xBEQF\xCCev}c\xAC\x98\xBC[|\xFE\xF1\xDD\xCF\xDF/>\xFExw}#\xA5uØ—s\xEF\xE2\x87\xF74\xFCÝ\x9Fn?\xDEQ\xFB\xEE\xF6�S\xEF\xB9_\xBC\xFFD\xEDß„�\xEF\xEE\xEE\xE1!\xAF_\xFC\xEB\xEA\xFD"r=Ý™��Y\xFE\xE3\xEA\xD7\xDF\xC5l
-�\xFCו\xC8tY\x98\xD9�\xBC\x88L\x96\xA5\x9Am\xAFr\xA33\x93k�(\xED\xD5\xFDտㄓ^\xFFiJRF�\x99)\x94K\x88J\xA9\x94\xA8L\x99Y\xAD\xB4�\xD5˦Ym\xAEo\xB4\x95\xF3\xEAp-\x8By\x8D/b\xBE\xAE\xDB\xFA\xB1�\xEA5\xF5
-�=\xBBaS�h\xC4_ݮ\xEEAz6\xD7\xF3ۓ\x8F\x9AnG\xA3\xF7]\xB3�\xA8\xAB鉴\xAD�Oa\xD2\xE5+O\xBA\xE3E\xBB��\xEA\x98��/\x9Cw9لvE&\x9D-a\xEB\xC8\xFE\xDD=}A\xE3W\xDDa\xDD\xD3G';\xCF\xCBL�\xE7\x{6C6E43}\xAD\xE0\xD8\xD9M\xAE\\x96\xEB\xDC\xCE at +\xB2\xD2�\xE5\x87\xEDY�\xB8�<v\xDC\xEF?\xA8\xC9B\xC3f\xBF\xE9\x8E\xED\x9A\xDA˚\x9E\xDBjXm\xEA@|\xA5g\xFDDZy\xAE\xDA8�r\x8E\xCF\xC89>\x81{O\xACx�\xB28\x8E\xEA:&w�gݓ\xD3
-\xACf~o�\xF6Tf\xB9й\xDF\xD3�\x94\xB0R9È �\xAA\xDD\xCAoH\x8B\xF9\xAA\xDB\xF5ͺ\xF6\x9D&�\xE6\xDB�\xB9\x9C�QJ\x9D\x95 *\x96b\xFDg\xB5Ý·u\xB6\xEA\xB6 \x89[\x97\x95\xA5P<v\xDDm+\x94:\xAE�d�\xEB4\xBBU{\\xD7=u\xEC\xAA-5ͼ?Ò|^\xF5)N,\xB4KPs\x9A}\xD3\xF5CVUU�X\xA2S\xD5��S\xE5\xF9驦\xD9U"S\xB6\xD0<a\xB5[\xA7V�%�JM�].\x97Ù—\xE5 \x95ÌŠÂ…\xAF\xEA\xE7�Å s\x90qw|\xC4M\xEA\xB7\xE4\xEDtfAk\xFF7q#\xF8�\x9B\xF8\xCB\xDB�.2�0,\xD3\xED\xDAW\xA2\x8Fv\xCA]�\xA0�$4\xA13\xE1Ô™\xD0\xDEP�\x93�\xA5
-\xA70=\x804\x93\xA5\xCC\\xAE\xBE"\xE4�t\xCC�q}]\xBE\xA7s�HR\xA5EHR\xA2�\xC2�\xC5|U툴\xAD\xF6Ô€\xA9W\x83\x97 t#\xC2!\xB1\xA2G\xDF\xEC�[\xFE\x92\xD4�ME\xBA\xF9\xF28\x90\xA8�\xF0\xAA\x95\xD5AT\x92\xF5\xCBÃ\x96\x80\xA7m\xDFQ\x8B\xCF�_���\x92�a�j\xA1A\xFBO\xE8��\x84\xF9\xC9\xC8\xF1CB\x8A\xFE\xEC\x93 \xE0Ðœ\xAC\xBD\xE4o\xA60.�\xC6\xE5�\xE3\xD0D\xB3\xA3V_�\x9E\xEBC?�\xC7D�\xDEC\x8F�\x94\xE1�\x94\xB0�H\x91B0�\x8Dw�Ô g ^\x99\x8CØ\xCF*\x81\xE7R\x97\x99\xB0Öž"E\xC2BK\xB4\xA3\xA0l\xFE,\xF2`N\xC8\xCA�/5\xC4%/\xD7�_\xAA\xAC\xCBy\x8E\xA1>l\x9B]\xD5&�\xD39\x9C\xAC\xB0\xA7\x8B
-�\x8FʸXϤM\xC5;\xDBu\x89\xE5\xAC̈́
-F\xD9�\x97\xB4\xB7\xA4r\x99��\xBD\xFA\x9A\xA9\xC0\xE3\xA7l\xA2�b�+\xE5\xE9�y�k\xE7\xD5W\xDB�q\x91\xB4[S\xA3\xE69\xA19\xF6[0\x83U\xBD�\x88NG \x8D\x89\xC3\xD1v\x9CÝ«t\Ç\xBC�\xDB�x]\x84\xEFI\xBA]\xDB=\xF2\x8A4\x85�Q\xF1R���\x9B\xA1y\xAEG.O�\x8F\xEC\xE9�\x95�l\xB0?>>\x92\xEE\x83q\xD2Q \xF9\xB5;�\x89�\xAEZ�\xF9\xF3\x87\xEF{jA�\xA6\xBD!\xE5\xD8̉\xE8%½\x86\xA7\xEC\x88\xF2\xE8Å¢ �\x90 \xB8�\xF030�\xC7�xIt\x9Dk\xC0��\xE7
-��d\xE3c�\xA0\xACA�\x81\x9Bß„P\xABc;\xA4\xEC\x89\xCE�\xE3\x87\xE3rhÙ‹�ݾY%\xFD\x{182F45}�b\xFE\xDDÇ»wÔ¢\xF5\xC0{Wm\xEB-\�\x82 \xE97p\x9E\xE1\x8C\xF1\x9D\xAD�Zd\xE5Øb\x91Ú›�v\xACk8]j\xEE�
-\xC4i\x8D\xC7)\\x87'\xC13\xEDi�\xDA\xF4��\xE6�Box\x89m\xD5��^\x90\x9F\xF3c\xA5\xFD\xF7m\xF5\xECG\x83\xAA֫\xB6:�o\xA4\x85\xE3\xF5\xEC\x9Bq\x88 \xBF.
-\xB6�\xDC\xD9�\xBC\xC3\xEE!\xE5�UVD�\xC4\xF3hy\xD1~_\xAF\x9A\x87WZ\xCFo\xC2+\x89 \xF5D"[+\xEE͕\xF3\xFFl\xEA�\xD1Y\xE3,\x84&OD\xE9\xBB-\xCF�`��h�\x8E.%8r\x97\x97ř\xBD\xA2 5�\x96FW\xDD\xD3\xFBKӶ\xA4Z�$tD\xF4h�\xEF�\xBD�\xE1�\x85N\x93\xC8�>|�"\xB0xHA-d�� \xF0oC\xAD6\x96\xB7\x8D<\xC4,�\x96�\xFFy�\xE5{\xE5\xAE\xFE\x89Y\x9F0�\x995\x9E\xD9fŜ\xF3 C\xE2#\x8F\xAA\xF2\xCC\xCA\\x9D{T\xD0\xEE�%�\xD3\xE0\x97U\x8F\xF8\x97\xB3(\xDC�Ե\@\xAE\xE3?\xC7��\xCC^
-P\xCC\xDB#\x84]\x87f\xA8�v0�'o\x86)�\xB9\xBF\x84@`>\xC8�\xA4\x90�\xF9\xC2\xCA;\\xA59\xB8\xC0\x96?>\xA5\xE8<\xD6D\xF3\xE9
-<=V\xC1\xB3\xAD\xAB\x9E\x9B\xF8]\xE2\x80�\xB6u\x88~\xAASn\xF1;6ch\xF1\xC1'"N�Ϋ\xD4rr|\xF9�%\xC0\x97`*\x83\xF7C\xFE\x8D\xA2�\xE0|\x82s@^WCE-:'�I\xC7da�s�\xF8P\xCEq\xA3�7_\\x97j\x8E~\xC2�\xC0\x82'\x94\xAF\xE38�I�% \xA5k\xEBC\xE5�" \xFBs�jPi\xA4�L�qW�/\xDDቨ�U\xD3�9�BO\(\xC8�\xFB\x81Fz\xB5\xA0q�\xAFy~\xA5\x97\x8E��O�3LOeIߤ\x90j\xAA,�!q���\x92\xE1\xFE\xA1>\xCD�\x99\xE5> \xE8\x9F\xEB~�xG \x8F\x9B?\x90\xBB\xDD\xE2[q~\xF08\x80W\xA6~ޗ
-\xEE��\x88\xE7�\x9F\xA1\xA3\xEB_�\xECy\x980\xE2\xF6\xD6W.|\xFF\xD2\xC7K~~nP\x9AV\x8C3\xB3\x9C=\xB7Ե\xAFVOIQ\xD5�¥\xD1%\xB8�2�\xE7Ͽ\x8F\x81얈`�\xAFL\xEB\x88�\xC9\xE7n @�\xEA�\xA1-\xD0\xD7\xF5��?\xA1
-tx\xD5\xC1�(1\xC2\xF9\xE3qt�0\xFA\xD8Ç‘C×µLm\x9B\xA7:\xC2\xC4$\xE8\x92y\xA6
-�s\xD4\xE61eME&\xC1$\xA3�1\xE2\xBC\xE4c w,\xB0\xAC\x92C\xBCWJ\x88\xE3V[\xEE<<Ψ\xF1yZ\xAD \xE3o\xA6�\Vk.\xE7E�\xEE\xEB\xD5
-�-4\xA4_g\xAA�1Rg:\x93\xD9EyJj\x95A\xA4_\xCCr\x93\xE3B.YO\x8A\xA3n\xA6\xC3.9\xBC\x9C\x8De$\xB3\x84\xB8\xC1\x8Df\xCAg\x96�\x92U
-\xFE%\xA230J\xF8\xBC�\xF5\x8C\x9F| •\x93O�N|�\x97)\xFEp\xEE�8'\xA0\x82\xDD/\x9B:\xFA\xB0\x80KH\x8Fa�\xB4W\xDD\xFE\x95\xBA}\xA4\xE3\�f�\xE8�\x89A\xD2Qp\x8B}\xE8Q�\\xBD�\x98\xD0c\x84\xC6�]b\x8E\xC7]DM۳ \xB8>\xC5}'\x80\xBB}K,\xE0\xBFK\x88\xB4C\xE2A;w\xB9\xCFcJ*\xB2\xA9�ҽ� \xFF\x95\xE03\xCDS\xA9\xB3\xC2\xCA�K\xE7\xE9\x92\xCAl,T`\xC0\x84\x89\xC05,\xF5
-\xF1,\x85�\xB8Hs
- (5Û®\xF2\xA5.^\xDA\xF3Ùz\xA1\xBC\x87�8\xE0��lD\xAE}\xB0Es\xC0\xDCD�\x91�\x92\xEBuCu0h/Y\x80\xD2\xD8,\xCFeyj.\x9B\xE3\xB6\xF2��\xA3I(\xF0Ü“jl\xAA=w<\xD6;\xF0Q\Y\xD3\xF3m\xBD\xDAT\xBB\xB8+\xA0L؃7f�g\xA4X�\x9B\x81ShFN\xA1�\xAB\x88�>\xE032o4��5\xB3\x99Qx\xEA\x815�\xBD㼂'�Ó‚P)\xBC<`\xC8$\xAD\xCDO\xCBF\xBE\xC0\xED'K�\xB4\xC9d\xEE\x82fu\xC9 S\x82Θ0g0\xA9/Κ\xCB\xCCHm\xA2\xFEð‘•€\xBCÂœ\xBAÍ\x88o\xD2�1C
-\xBE\xAAz
-� \x84\xD9t/\xF5Dוd\xE5\x92fd�>\x89\xB2\xF2\xF4W"RZ*)\xD6\xF6\xB5\x85p�H\xE3AQc\x80\xE6\x8B�@�!\xF3\xF2X�:\x9D�\xAB\xAC>'\x9DN�yb\xCF\xFAF\x86\xD8=\xA4\xA5\xAB\xF2X\xC8^\xBFB<جH\xBC\xC7=\xC0QJ\xBC\xE0>LY\xC6C\xDB\xD7\xEC2\x93 \xED\V\xE4N�\x90\xCE' \xAD�\xA4\xEF)\xA0\xFF[!3A\xB3\x8AV\x81�g"\xBC�\xE3+\x9D\xBF\xA5\xB3\xD2\xCAL\x88<\xA4\x94^$@�� Ä¢' \xC8!/zq\xAE\xCD��O\xBB\xEEeÇz\xAAh$\x85\xC9T\xE9Æ™ \x9D\xD6i�\xCC5\x9CN�\xDFyM
-\xB6|\xFC\xDF\xF9\xF2\x84R!\xE8���\x8Fy\xEC\xD85\xC2iq^\xB7f@\xD4\xDAN�G\xFB\xBAI\x90\xA9\x9E\xB89=�C@\xAE\x88B
-\xB7o�\xBE�\xC0b\xBA\xA6�\xFA\x9E&\\xD5=\xAF�d\x82\xD3\xF7a\x8AKѨ�\xF0\xC0�\xE6�@p\xF0 Q}\xFF\x90tN�\xCE\xC5\xE6rt�Ɩ\xE7\xCEB\x87B�\xCE\xC5N�Y�/\x85 at J9V_\x95=\xF5\x89aa�\xE9s�p\xD3
-ß±P\xAD×\x84\xDB.\x84\xBA\xCEE�\xE7_�1�K\x8A\x9C\xCD�\xC6\xFB\x98\x99\x9D;>\xB9(\x86�t}\xDF,=\xB68\xAE(\xA3\xC3�Ò \xAF\x86��\xF1�\xB1\xCB\xEB4�>\xA4Q�wIp�\xCEE\xCC_\xC2\xCD�g%�\xA7*\xA3\x95Æ„\xCA_MqP\xD5�}\xDDr&
-Y<7\xFA\x939\xA6\xE8\xED73\x99\xFE\xB8\xE4u\x9B�\xC2\xCE�k\x82\xF4R0#R\xF8\xA2�\xBE d\xB6\xC3\xE6o"\xCC\xCF}(D\x98�1��\x8E\x827\xC3G\x8C�\xD4\xD1oz�u�@f\x92f\xF9\xFE�%�L"z\xAA\xA2C\x87\xAFO\xC1\xD3'#\xC6]^áƒ\x82"\x9B\xE2\xE4>1\xB0\x82קZ#<\xF6u\x9C3qÞ—\x97\x84\xCA\xF9K\xBB\xA1�\x8E�gj)�-\fT�\xAB\xEB\xE3\xFDl�\xBDd\xBCz\xF1\xD9\xF84\xC3\xE4\xF0@Ù“du2`ÜŸ\xAF�+\x8E\xE6\x95\xFBJ>kGA\xFB\xC1dMj�\x{1616EB1}�!\xB5Èœ�\xABjr�\xC3X5:yh\x93\xAE\xA3}X\xF6\xDB\xF6�!\xAFu2T�\x87nO\x83[\x88+\x92���e\x96% *��\xDCU\xB5\xAF\xFFL\xDF?�\x98�MdoCh�\x8DP[\xC9\xED\xFC�_[9�\x9D\xAE\xB4\xAC\xF6\xA2"\xD2(X\xDC\xF8.1\xD17\xDC \x9B\xBB\xA1}\xF9W_\x94\x81繪\x91\xB4\xAD\xCA\n\xCC\xF9\xB5 \xDDSOL�_(\x94b�P\xA6�\xD7\xD4S�\xF0L\xB0 \xE1s\xD4LL\x82\xD1\xD6p\x85��\xB0Y\x9E\xB9�\xFB�\xEA\xB8߸`\xF1\xA5�\xA7Q\xA0\xA1�\xCF9u/g\xE6\xB7��\xEF{\x8E\xD9b\x91\xE7\xE2\xA2>J\x98\xEA\xF9\xD4\xF0bNÖn\xD3�\xA3\x9D\x8C�G\x80Cm}\xB9��\xF73 %0\x8A\xFFzH8\xD8��\xAC
-�\x96\xFEvA\x95c\xAB\xC7\xF8\xC0\x86\xFB,\xA4\xC6Ag\x80hC\xF5o\x9C\x80}\xBCew8\xFD\x9A*\xE7\xD0\xF0\x87#\xE7\xF4/\x8F\x9C\xFFn1]/\x820P\xE9��\xFA\\xED8�\xB0ef\xB4>+s\x8C�BO\x81D\x87+^\xA0.\xF9R\xE9\xD8{ \x81.\xBF�$=\xD5\xF5\xDE�F\xF1�\xAB\x88 \x9A�\x89?�\xBD�\x8E7]\xE1V\x9D\xFD:.\xBD\xAFk\xBEY;ZQ�\xE5o\xC0:��\xAEĢj\xE8\x84\xCB\xF0+�R7`\xC1\xF3r%\xD5;\xDF\xD1\xDCD\xD4\xE03%<\xCD�\xAB\xE7\xAAi\xABeH�\xF9\xE2��\x84�\xA0m\xCF&\xC1\xAAa7^d5U\xCBuı�J/$\xDA\xF4\xFAՔS��\xBC|0D\xCA\xDE\xFA\xEB�\xE4\x98\xF8\xA7DaJ\xC4�\xFF\xFF\xFD\xB7\xAA\xF1\xDFe\xB9\xCBtQ\xA8t\x85K\x8B�/\x82#Sx�\xFA\xA2 �\xFE~u\xC9\xF9�\x9C\x94'Cendstream
-endobj
-1253 0 obj <<
-/Type /Page
-/Contents 1254 0 R
-/Resources 1252 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1226 0 R
-/Annots [ 1257 0 R 1258 0 R ]
->> endobj
-1257 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [519.8432 463.1122 539.579 475.1718]
-/Subtype /Link
-/A << /S /GoTo /D (diagnostic_tools) >>
->> endobj
-1258 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [84.0431 451.8246 133.308 463.2167]
-/Subtype /Link
-/A << /S /GoTo /D (diagnostic_tools) >>
->> endobj
-1255 0 obj <<
-/D [1253 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-38 0 obj <<
-/D [1253 0 R /XYZ 85.0394 570.5252 null]
->> endobj
-1256 0 obj <<
-/D [1253 0 R /XYZ 85.0394 541.3751 null]
->> endobj
-42 0 obj <<
-/D [1253 0 R /XYZ 85.0394 434.1868 null]
->> endobj
-1259 0 obj <<
-/D [1253 0 R /XYZ 85.0394 406.5769 null]
->> endobj
-46 0 obj <<
-/D [1253 0 R /XYZ 85.0394 301.1559 null]
->> endobj
-1260 0 obj <<
-/D [1253 0 R /XYZ 85.0394 276.6843 null]
->> endobj
-50 0 obj <<
-/D [1253 0 R /XYZ 85.0394 200.1512 null]
->> endobj
-1261 0 obj <<
-/D [1253 0 R /XYZ 85.0394 175.6796 null]
->> endobj
-1252 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1265 0 obj <<
-/Length 2457
-/Filter /FlateDecode
->>
-stream
-xڥ�˒\xE3\xB6\xF1>_\xA1[4U�\x9A \xF8\xAC\x9C\xD6\xDEuv\\xDE\xD9dG9\xA4\xBC>@$4b-�\xB2�\x8E\xA2|}\xBA\xD1
-\x92\x928\x8E\xABR:\xB0\xD1h \x8D~7$V!\xFC\xC4*N\x82$\x97\xF9*ͣ �E\xBC*\x9A\xBBp\xF5�s\xBB�L\xF3\xE0\x89�\xE6T?l\xEE\xBE\xFFI\xA5\xAB<\xC8�\x99\xAC6\xBB\xD9^Y�f\x99Xm\xCA_\xD7"\x88\x82{\xD8!\o>~\xB8\x90q\xB8~\xFF\xF9ӻ\xC7'\x82\x9F\xDE}b\xEC\xF3\xBF\x9E7�>�\xFC5\x8C\xC3\xF7O\xCF\xF0�\xF7�B$i\xB8\xFE\xF1㻿o>|\xA1y\xC1[>>m\xBE|~\xFF\xCF�7\x8F\x9F\x9F\xEE\xDB\xFC|\xF7a3r=\xBF\x99��\xB2\xFC\xFBݯ\xBF\x85\xAB�.\xF8\xF3]�\xA8<\x8BW'�\x84\x81\xC8s\xB9j\xEE\xA2X�q\xA4\x94\xC7\xD4w\xCFw\xFF�7\x9Cͺ\xA5\x8B\x92�a U"�D%咨\xE2<H\x94TNT\xEF\xE0r"\�]\xFB5�\xE5\xCBpԶ\xEAZB\x9E\xF6\xE6x/\xB2\xB5\xA1\xA1\xDD3p8V\x8D>\x9Ei\xD0\xE8\xDE�\x99\x83{s|\xF5pe{S\xEF�\xEE髙\xCC�]\xDB\xFD\xC2�\xA6\xEBv\xD60�\xC4\xC0\xCE� (\x99\x95\x8E7t�\x84\xDF\xF8\xAB\x94Ѿ*KX�\x8A�\xE9\x80�\x83<\x8E\xA5\xBB*\xB3\x8DD@\x9EDח�\xFD\xAA8Zn
-M�=�\xBB�\xF9Kb\x90\x80\xE3\xF0v)!i2F\xB91\x86D�\xA8Id\x80�E6[\xB35\xFB\xAA- \xA7 \x85�ÐO\xBA\xAE\x97n\xA4ÝŠØ©\x86�Õ��\xF4\xD0\xEAmÍ°�Y\x8C\x9An\x9A\xA1\xAD
-my\xA2\xAChIa\xEB3aN\x95SN\xECU�@7ؾ*yp\xEA\x8Eu� C`ab5r\xB4C\xFET���&\xA3�\xC6\xE0La�\xBE\xA4�\xB8\xE1�{\xA0nx\xAFg\xA7\xFE\x9E7\x9B\x9B+\xEC%\xA3 \x8FD\xE4\xF6\xDA8V\xB2\x88-\xA2\xEFj2�\xC0\xD4\xD5\x{1A83D5}\xE9ixp�\xDD+\xF0[�f{\xA6o\xD3\xF5\x96\xA0\xEE`Ps\x8E��\xF6g\xD0H\xE3\xD6\xC7k\xCD"t,\xA9|ƒL\xB3 at d\xC0e\xE8X\xEA\x{DC3D}\xE5i\xE9.q�DR
-^\xF7�,\xCAպ1\xBA�9\xB0{m=d\x98]=\xEA��mg\x9D <(\xA5\x82$\x8Cԥ)�\xFA\xC0\xBA��\xEAv\xF4\x85K\x82A4t\xC8d\x8E`\xD1��\x94\x83 \xE2�0^a\x98�\x9A%Y\x98\x9E\xCD~{�7j\xC0\xBD_\xCD5^\xD7\xDF\xC6Ӯ��\xA7\xBB+>\xF4`\xF7ݱz\xB84n
-\xE2�\xF4\xF3\x8AtiLA\xE2^\xAC\x8F=:)H\xE3\xB1\xC5 R\xA2$3\xE1E\x96\xFA[\xB8\xF3`\x99\xBB�|5M\xD6]\xA1k´d\x80\x80�\xE3�`�\xE9(7F\xEE\xCD|\xC6�Ü*\xDE�<Y\xD7;\xE6\xF3y(\xF6\x8B\x9EK\xD6?��s\xF0C��g7\xEC\xD7z\xC1�3�dI\xA6Ø–X\xC4ñGa\xDDZ\x9EʃPA\xD0'\xEAv\xF4;:\xF9\xAF|\xB4\xA5/ß»_8�|:H\xA4\xCA�\x8Fu\x8B\xEB\xAE\xFB6�\x96\xAC?Å‹\xFB\x95�L�=i�\xAF\W\xA6\xB5}\xC0��FA\x94E\x90\xD9D�\xE4J\xA6\xE4\xFF\xF7\xB9\\x83~T\x92\xAD\xAB\xC6\xFB\xB8AD\xEE�\xD7ma\xC0$ S^3\x88\xABz�5nE�\xE1\x88\xF1vÏ»\xB0\x82\x87\xDA\xF64\x83~\x84�Ö“\xFA;\xFAu\xE7\x8B\xE3A\xE7 \xC4\xED\xE7
-ؘ�.f\xA2ѯ\x9C�\xA9\x9C\6
-\xE7|;Û‚)\x8A\xF2Q\xE8x&\xEFB\xEC��`P\xB5�\xF2\x8B%Ã\:o\xC1\xEF\x8Cs\x90H\xB0
-\xC3�\xE4\x9DE\xF5*`/L\xD5�Ú…�\xD8Ro\x95\x9B\xC4�\x94J^\xBB\xC8\xEB\x82\xF1äŒ\x85\xA7\xB9\xB8Æ›\xFB\x82�\xE3 \xCF\xE3\xEC\xCAq\xE6\xF9\xCD\xD7 \x98\xEAz\xEF3\xFD\xB9\xED\xDAs\xD3
-=HC at q�\x8C*\x98\x9B��3\xE9\xBA6\xED�\xD5"))�\xB6�a\xF2,Y+ \xA7}U0\x95\xA6��\x89�nI\xB8F\x9Fi\x87\xAD\x99�Y]\xB5\x86I\xAA\x96\xBE\xD63\xC0\x96\x88\xAB\xE8\xFC\xF1\x84IP0`\xD7�h\xAA\x98R\xAE\x982T\xB8%\xA3r\xC1c\xC1\xE6\xB6竔\xBE\xB9\x8F\xE3uՌ#r/\x84�}�k\xE2\xCD\xE6�\xAA\x89 �JS\xFB\xE8\xD4\xF7]Q\x81ٕ\xD7u\x83\xD1�C>h��(\xCC�\xEBe7\x95��\xD9�\xF2\x9C�\xB3\x8A�
-�\xAE%~\xEA\x8E'},Q6\xFF\xB3n\xF8\xF0J&\x92P\xCCMfR\x85\x81�\x88\xC9,�\xA7\xEB\xB2sn\x89\xF3\x9De\xC0\xA0\xB7B\x95AER2\xCB�0`\xA1&X]�jcyt�%�\x8E �S\x89\x8C\x99B\xE6SF[\xD0�\xC6g\xA5@|\xBA]\xAAJ\xB0\xF3I\xA3)\xBE\xA2l\x96R�HE\x84c\xF1\xD2\xE1\xCDqW4q\xFCb\x91I��{ʇ=@\xFC>�*\xAFp@\x95
-B3\xB6\x9C\x9C�\xEE!k\xF7\xBB3
-vd\x92
-m�\xE4b\xDD�\xEC\xC3/\xEE\xD7\xF1\xF1\xB0�\x96\xB1\xBC%+ �NI.5$�BB\x9A\�
-\xAC9\xC8\xC2\xDFM%n\xD7\xFAjv\xA1\x83\x98\x95ú;ӊ(�\x84\xCAեd�\xA3�\xA4Y\x99\x8F�\x8E�\x99Ȳ RB\xFAȓ\xF9\xC8\xE3c\x98�#p!�\x81-#\xBA\xD6�1\xE9�)\xBA9=q\xE1\xFC�\x92�f\xBBLR\x8APd\x88\xBC\x9D\x9E/"�2
-F G;��� }\xD4t(\xE9�
-\xB5\xC2Z\xD9\xD1\xF7\xF45\xFF\xDEë¡·~�Ïžn\x97\xAA7\xDD\xF6'\xA7̈*�T\xFA\xAE�\xDA�\xBB\xE84g�\xF6\xD7 \xBA\x89e4\xBE\xF3\xA1\xC2R\xE8Ls�\xDFq\x82\xBA+Ä\xBB\x81PeG�\xB2\xC2�#Q\xBF\xA7)2\xEA(\xF4Æœ\xCF\xCA <\xD22�
-_\xAAW\xBFy_\xD9\xC5\xDC\xED\xCC5\x91\x98r\xA1\x85(,\x8D.k]\xC4P0T\x89\xF2Ճ\x{131417}Pq!\xA7\xE9Gܱ5<\xCDlbM�\xA5ئ;Z�
-S�\xA6\x85\x80\xC4\xFC\x9C\xBA�\xE32\xB1\xF6\x8A\x9D�
-41\xD1�Í–,\xF7\xFAB\xE4\xED�]\xA8u\x9B\xAB\x98\xFA�DO\xE2\x82�\xD9�L\xEB\x96�3\x9EatÙ±\xBA\xF7�5vxn\x9D\xEFH\x91\x9A��\xAAm\xDD\xF3\xECA�ߌ\xE5\xB3잢\xC7\xF0\xB2\xF7�Cd\xD4�\x93\xF5\xB10\xA4RsA\x84$\xCFW\xAC�D\x8C\x91\xDF!]���\xC6Z7]2}e1\xBC\xA8\x84\xEB1\xDCi$\x9Eo1\x9E-\x9DÛ\xAFN\x9B$\x86hj\xBFF&z\xC2R\xE5\xA7\xDE*�'M\xCD{�\x88\xE1`\xE6[\x90?ס'\x9CUo\x9Brj�\xB8\xC2\xFA�uqu\xF0\xCF _\xBA\xDA\xFC\xE9\xAE=
-\xD7?<>\xBD'È·^\xB3\xEE'
-Y܈\xAC�8H\xB7\x86
-8h�\xC1;\xD1\xCDp\xD2E\xEB\x94�\x92\xD2\xD9\xDB�\xC0T\xA9\xE1�\x9D\xDF\xFF?�J1B\x8E- L\xD6\xFA\xD5\-\xE0\xB4s\xB3\xA2]\xAC\xA3\xA6\x84\xC1\xDD\xDA\xECY�˥\x8B\x9C?�N\xF3Nol\x81\xC6.\xD0\xFAz\xF6\x8F[\xA3\xAB�\xF6cw2S\xE6\x8B$\xF4\xC9\xDCz\xE4\\xF2\xAB�N�\xDA��֞\x86\xCE\xDDa\x9E[o\xDFe\xE3�i�!\xE4\xB6*x at N�K\xF8\xAE\xDF_\xF7Vo-�\xF3\xA7\x94k9\xD6\xDD\xCB�\xDF3\v\xD0G(%\xF1"BRi\x91q\xEAHs_\xE9#J\x97\xAF\xBA\xB5\xFA�
-\x840.\x90\xA4Ø¿e�`�\xB77
-A]{y�\xD1z}\xE0L\xE3\xEEe\\xAC\xCDs�k\xB3\xF0\x82\xC2y\xFAR\xECl\xFDS\xC3\xEC\xD1\xC9\xD9hr-\xE0\xF9\xABC2I \xD1h6Ë•](�!\x957\xBA\xD8\xF1\xC1\x9D\xBD\xD0l\xC7A\x9A婯\xF2\xDC%\xD8�\xE1(v\xB3d\x94�"\xB9nO\x93\x9B\xEE�&˪ÇÍ…)RA�)\xB3\xCBx;5\xE4T\xB4\x81)\xF2KL\xA5\xB7U]\xD93!É”\xD0P\xF1�DS\x83\xF6�CXG\xB9\xCB\xE9A�ɸ\xD6�\xC8��|)\xC5\xE3VW\xF6�(\xE7Wt�\x9F\xE7\xFC\xF9\xEAh\xD2�B�:[\xD0\xEEu\xF9\x9EG3\xBD\xE5\x8A2I>\xBD+�\x8AÝ•\xF0N\xAFKue�ÍŒ\x80\xCE\xF6\xA2�~K\xA1@\x9C&\xA1ZR(\x9C\xC1\xAD
-�M\xAD
-\xA0Z\xE3\x8A\xDC�\x83[\xE6\x9E.�\xC7\xF1S!\x90L%:�P\x96�\xF4\x98\xA5H\xE9!\x94\xB7i"\xAE"!G\xAD\x9A\xBC\xFC\x853\xC3\xF8(M\xB6\xE6\xD2�?/Õº\xF0\xF5w\xD5N\xEF\xC9z\xEA-\xE7\xD5\xC3�\xFF\xAD@\xFA\xC2?D�\xFE \xC7D\xF7\xFF\xEF2\xFD\xFD�\xA5\x81\xCA2\xB9\xFC\x97\x8A\xCC\xC2 O\xD5\xC8�\x8A%\xBAa\xDC\xFF?s\xCB\xF9�y;:\xBBendstream
-endobj
-1264 0 obj <<
-/Type /Page
-/Contents 1265 0 R
-/Resources 1263 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1226 0 R
->> endobj
-1266 0 obj <<
-/D [1264 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-54 0 obj <<
-/D [1264 0 R /XYZ 56.6929 717.7272 null]
->> endobj
-1267 0 obj <<
-/D [1264 0 R /XYZ 56.6929 690.4227 null]
->> endobj
-58 0 obj <<
-/D [1264 0 R /XYZ 56.6929 550.0786 null]
->> endobj
-1268 0 obj <<
-/D [1264 0 R /XYZ 56.6929 525.2967 null]
->> endobj
-62 0 obj <<
-/D [1264 0 R /XYZ 56.6929 393.0502 null]
->> endobj
-1269 0 obj <<
-/D [1264 0 R /XYZ 56.6929 363.1913 null]
->> endobj
-1263 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1272 0 obj <<
-/Length 2097
-/Filter /FlateDecode
->>
-stream
-xڕXK\x93\xDB6�\xBE\xFBW\xE8ȩ�q\xF9~��\xC7\xD9\xF5V\xADk+\x9E=\xC59`DHD
-�
-�J\x96}\xBA\xD1
-\x90\x9C\x91S\xDEÒ\x8D�\xD0h\xF4\xF3\x83\xE2]�\xBFxW\xE5a\x94\xD6Ù®\xAC\xB30\x8F\xE2|w\xE8\xDFE\xBB�\xCC\xFD\xF3]\xCCk\xB2<
-\xF3,Mapgv\x9F\xA7U\x98WI\xB9Û¯\x85\xFC\xFC\xF4\xEE�\xBF&\xF1.\x89¢H\xF2\xDD\xD3ÑŸU\x94eX\xE4e\xB5{j~�Þ·\xE2l\xE4\xF4\xB0O\xF2(H�\xFEx\xFA7m\xCB²*c\xDC�\xC1�e��em7\xFC\xFC\xF1\xD3/\xB4\xFA7\xA9\xC7y:H7\xFAsV\x93\xEC\xE5`\xB4��ga\x9A� \x8B)P�:6 \xE3\x87}�EQ\xF0/15W1\xB1\x94é”dW\x87u\x91�,$\x8D\xC2<\xCFS+\xE5\x97O\x9Fa[\x91�\xAD\x98�\xE2*@A\xF8EaE��\x8D�-\x81B�\xE2@\xD3d+.\x926\x9BI4ʨq�]w#Ö³\x94�Q\xB0Û°\xB8~l\xA46\xE1\xC3>\xCD\xCA\xE0\xD7q\xA2�\xBD�x\x93�\xB4���E\xE9G\xE4å–\xD3EN|\xA4i\x85\xC1K\xE15\xE28\xAC\xF3<\xB1\xD7`U\xE0\xFA|.Pg9h\x90#��\x8EG\xBC‘�G{\x9F\xB1\xA7\x918�\xE5\xF67\xB3\xB9�\xB5\xC8<\xCB\xE98N\xBD\x93$\x9A^M\xE2\xB9\xE3uBÓ—L �k�zE\xEB0\x89j\xF2\xDAS�2\xD3(\xC5ÕŸ?\xBC'\xFA(\x85\x99\xC9š8\xA0\xAC\xFDR\xA8 UÓ§�7"\xCEt\x83�\x8B3#}\x9Fy\xCCFG\xF2\xFD\xFFG\x84��\x9A\xC4miÇ«�=�\xCA, S\xA7q�h�2Z\xD9'1\xA8o\xE4
->\xE3;\xC6\xEFÅ‹5T�\xB4R\nDΚy㑾\xA6\x85È‘\x8E\xBB\xBD2r\xECÍ\xB8*\xDDò–‘¾�PA5\x94bE\xD0Q\x84\x9E\xDCXß´\x91\xBD\x95\x92�\xC7qr\xC7\xF9\xB3\xC4\xF9Ü©�\xDD�c/\xA9|
-�hW\xFC(\xBD\xBDYlov\x9C;\xE7\xE5~\xEE\x8C2-\xA9,�\xD9<\xB2\xF7\xBBn\xBC\xAA\xE1\xC4q��\x88\x9A\x8D\xEA\xD8|>\xFE�A콃\xD4z\xE4ʱ\xBAF\xE4\xAE�m3\x82X\xD6
-\x96�\xA4�Ie\xC2\xEFT\x8C�
-Z\x9A�\2�.�6&\xBESs\xEEV\x8B\x8CJ�n\x8B\xEB\xE8^]\xD04c5G\x82L\x8CT\xCD{\xC4p\x92\xBCȧ�\x8ETV�\xFBC'4\x8B\xE8šU\x83|-�\xD3\xCA���hM\xCB4`\x9A�\xD1\xDFF\xBF\xE9
-\xAE�gC\x83\x83\x95wz\xBC\xE7a�b�\�rc:OJK\xA7 r�M\x92\xA8�Ô‘\xB8\xB7q&\xC2&TC\xB4�\xB4\xF2\xAC\x93a\xAB�\xECon\x83\xE8QYd\xCF\xE7F�\xC9k\x84\x93\xE2\xAA�\xD2Z\x9D\xA8x�m\xAF\xF6x/\xF9\xBCUll\xD1Y6H\xC6Y\x83X\xBD
-\xBE?g9)\xA9}Ys��2\xAC\xF9\xB1�J9\x82\xFE#\xFBq\xBA\xFDA\x94.%0\xA9\xB3\xA0w"j*x\xC83n\x92\x8A(Ñ-\xB15U9d<\xF3"_
-hZ�\xE3|jY�/\xFD�E\x89\xE1\xDDN6��\x93dy 8xp]7b~�{\xE9�0h\x94~\x81�\x92e\xB1\xBD\x843\xD7r\xD3,\x8D\xC3,*r\xB82�Ư{ë³½\x9F\xD8\xF8\xCE\xEA\xB1\xD7꛼c\xB5\xAC�\xCB"-X\xD4x\xA6J\x92VP���\xB6\xD8W\xB6\xD66D\xD96 \xDFN\xF5\xCA0\xAB\xE5U\xA2�ç™\xB6\xBF\xC0×¹`+\xE5\xF9\xF6j\xABU�
-^\x96@\xC1\xB3"\xCA \x81 ͗\x81\xFC\x8A\xCDVz\xD9tg\xBE\xC0\xE6\xCAT/\x9A\xF9 at 1[\xD4\xDE�%t\\xD4�y�\xA7�\xF0\xC8Avݬi�p\xFBqA)\xB5�15\xE2�\xEB/t\xFA�K=\xF0~jV\xD0$\x8Eclv \xF4<\x9B\xCD0/\xFC<\x89\x86d\xE0\xA2\xCD\xCA\xF9C\xBFDy\x84W{\xF7\xE1\xC9c\xC7�\xD0a\x85\x900)\xE1\x96qU!r\xA4\xC9\xE9\xB4#\xE2\xB75\xD4t\xEB\xF7\xEB
-�5\xD7\xDE+�\xAD\xF7Y�|@\xE5a\xB55-k]\x96A��8,¸z\xADm\x9C%\x90\xCB E\x92�\x8F�\xE7܃\xC3~\xD5~\xBDìŽo\xA5\xA1�`\xA5\x98\xD4PÖ…�\xA4%\x80%j\x98�e\xF8\xDB\xCC)� \xD4p\xCB%q\xC4\xDFfG\x99\x87e�\x97\xAF\xB2�O\xB5Ù\xC7\xDA"��\x8Ak\xE4Øš �\xCE�$\xA9&\x94Kv \xD3�#\xF8\xFA�UrvX\xD3'Q�F\x8F\xEA\xAD\xF5\x9F-\x84\x8DY \xA2Zyh�A\xE9\xDE\xC2\xDD,\xF8hh\x81\xB5
-\xCCk ��\xB1N\xE3\xD8�\xF3<!�\xB5��\x945\xD2w�Ú¾\xC2�\xD7k\x87 \x9CWb\xE9"\x8Ep±\xB0�Å©\x94\xF8\x94��4!\xE1\xB07�\xB9\x87\xEE\\x89\x88\x92\xE0K\x92\x94H\xC5\xC1<@_6\xF3 \x89\xBA\xA4U�\xE7\3"| hCk\xAF\x82\xB7�HM\x82FB\xB3\xED\xD5 iÞ´JÓ„\xED\xF5H�\x9A9�X�\x88\xB3�B\xCC\xD1k\xA9x\x8C9\xB4\xCCrJ@Õ\xF7Ú¾\xEB.i\x8A]�\xBF\xE0u\xE8\x87V<8,\x87�\xF1��\xB8\xA3q\xAB�}\x8E\xF2J\xC4U\xCA�M�\xE94à¥np \xAE\xD2Б\xBB\x86&�EZu�\xD9\xC4\xC5+^d�\x87\xDFX\xAA\xC1\xF4a�\xB3\x81\xCEo%\x97\xC0;>\x83F\xBC\xB4\xF9\xE5A��\xA8\xD4jZ\xE0\xEA\xE6�D\xA1\x9BG>>V\x8F\x9B\xA3\xD0fËÕ·;�<K/�\&'#�Xd�,>\xA1\xCB\xEC\xFE\xCF�� \xFDqy\xBB\xE0\xF0\xC3pQ\xD38\xD8\xF7(\xCDk=\xCB� �\xF6Ñ™\x96�E�P\xF5âµ²\xDA<\x91JD\x85�B\xB8t�>I\xB3\xD8渻2\xAE�\xCB Z\xD0udn�\xB13�\xE3\x85�\xC6¾t\x9A'\xFF\xA8\xC2\xF5�\xCD\xE3<=\xED\x80xfQXr\xC2{\xEE%�UR\x9F\x9B\xACcPwM\xDF%2\xA8�v\x8A\xD09\xCEQ \xB0Ä�\xC2~\xFBNbÌ‘\x9C\xC1*\xCE#\xB2�\xAD\x9C.\xF8\x84\x9BX�bI�"\xE8\xD3�5\xDC\xDB\xE5�\x99I\x95\x83z
-\xE2\xFE\xEE�^�̲E�\xD1\xC5k\x98\xE8P�<sg\xD51B��\xDA\xD6P\x90!\x9E\xC5j�\x98K\xB1dx \x92;m\xEA\xE16\xA8B\xD0�\xBEI\xBD\x81\x9Fp X\xEA\xAA�\xC3:p�\xC1 \xD6D~e+ݩ.�[�\xCC\xDD8\xBE\xCCg|ufy\xED\x90o\xCDF\xA7%\x9B8\xC1I\xAAk�\xD75�$\x86&\xE6\xB3c\xAC]\x86��\xD6\xF2^CƢ\xC1\xF2\xF7 Hp"\xE9Ŏ\x94{�\xDC\xF1\x87�� \xB0\xAE\x81\xE8\xE1�\x8F׈S\xC8E\xF2$\xD5m\xEC\xE9\xAFB\xFB\x91L4P\xE7\xA92j\xA8�7�d\x80luQ\xCDl\xA3�&V�-\x98\xC5w\xAD\xE6�#\xB1\xB8��G\xF0\xA2~\xB6>\xC4\xCD� w\xAE@\xED\xC4\xFF��\xFDu\xBCJ\xD7b\xB4\xFBWd\xD33\xD2%\xA9p \xB0�{�\xD9��\xC8b6\xEE��ׄZ\xE1\xFF$\xE1\xD6�\x8F�\xD1\\xC4`\xC4I\xAE\xFF\xD4\xC1\xFF\xBB^l\x8D\xA4\xFFs�n\x8E�\xA4E\xFE߅�\xFB\xECq[\x8F\xD9ګǞ\xAF\xE7\x83/\xA9K4\xE0\xA0\xDDTnX\xAE\xA6U�\xE0\xBF��!\x84\xAF\x81\xA4\xFB#�P(\xFE\xADz�E\xBA%\xFBe\xCD[�\x99Fu\x98&\x91�\x84\xD7\xCB\xDF`l\xF7\xF7\xEC\xDB\xD3\xFE��s\xE8\xEAendstream
-endobj
-1271 0 obj <<
-/Type /Page
-/Contents 1272 0 R
-/Resources 1270 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1226 0 R
-/Annots [ 1278 0 R 1279 0 R ]
->> endobj
-1278 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [519.8432 268.1131 539.579 280.1727]
-/Subtype /Link
-/A << /S /GoTo /D (acache) >>
->> endobj
-1279 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [84.0431 256.1579 143.5361 268.2175]
-/Subtype /Link
-/A << /S /GoTo /D (acache) >>
->> endobj
-1273 0 obj <<
-/D [1271 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-66 0 obj <<
-/D [1271 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1274 0 obj <<
-/D [1271 0 R /XYZ 85.0394 574.3444 null]
->> endobj
-70 0 obj <<
-/D [1271 0 R /XYZ 85.0394 574.3444 null]
->> endobj
-1275 0 obj <<
-/D [1271 0 R /XYZ 85.0394 540.5052 null]
->> endobj
-74 0 obj <<
-/D [1271 0 R /XYZ 85.0394 447.7637 null]
->> endobj
-1276 0 obj <<
-/D [1271 0 R /XYZ 85.0394 410.3389 null]
->> endobj
-78 0 obj <<
-/D [1271 0 R /XYZ 85.0394 348.7624 null]
->> endobj
-1277 0 obj <<
-/D [1271 0 R /XYZ 85.0394 311.223 null]
->> endobj
-82 0 obj <<
-/D [1271 0 R /XYZ 85.0394 189.9853 null]
->> endobj
-1280 0 obj <<
-/D [1271 0 R /XYZ 85.0394 156.0037 null]
->> endobj
-1270 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1284 0 obj <<
-/Length 591
-/Filter /FlateDecode
->>
-stream
-xÚ¥TKs\x9B0�\xBE\xF3+t�3A\xD5�\x81tt�\x92:3N�\x83\xFB\x984�\xC7()S\x8C\\xC0I\xF3\xEF+!\xB0I\xE2\x9E:�\xB3\xAB}|\xEC~Ú… l��x\x84"I%\x88e\x888&�\xAC7��O\xC6w\xE9\x91>&�\x82\x82q\xD4i\xE6}\xBA`1\x90HF4�\xD9\xE3�K ,��Y~�)\xE2\xC87��\xA6\xCB\xF9\xFCf\xE1\xB3�fɹ�P\x8E\xE1\xCD<YL\xFC8\x84\xD9\xF4\xFAÒ™\xD2\xEFi\x96\xCCR?`2$\xF0\xEC\xF3d\x9E%�\xE7\xA2=\xD0\xE9\xF4\xBA\xCF_$\xE9\xCDrq\x96�\xA7\xDB\xE5t\x91Ì’\xEB,\xF5\xEF\xB3+/\xC9\xF6=\x8C\xFB$\x98\xD9�~{w\xF7�\xE4\xA6\xDD+�#&��/\xE6\x80�\x91\x92\x82\x8D�r\x86x\xC8\xD8`)\xBDÔ»\xDD�\x8E\xBC]\xEAQ\xDE�F\x94E\xF4�q\x94 �"��\xE7\x989.��1�\x98\xF3�\x82\xB1\xE1d\xB7\xDD\xEA\xBAUy\xCF\xDAVÕ«\xB6\xA8\x9Ez\xC6^\x9BVm�Û±\xC1\xA5\xA3�\xC1 \xA0�E\xB1d�\xE04=3\xB4\x8A\x81@\xABI+�\\xEBͶ(U㌫*wJ\xED�\xB8\xAB��\xA3\xAB\xDE\xEBD\xB9\xAA}"\xE0\x93r\xDEj\xB7yP\xB5s\xE9G'\x97U\xF1'(\x8B_\xAA7�ʶ�M_\xF6\xDBO\xBA\xAF�8+\xD6�\xBEn\xF4ck[\xB3\xCD�\x82$çŽ\xAF>ç°¨r\xFDb (�a\xAA\xEAg[\x81\xD5)\xC6\xCCi�po�'F%\xEC`\xFB\x80\xF1m\xFE.\xEBK�Ñ´+3zT\x86\xF0B\xD7C\x84\x93\xBBm\xD0\xEA _\xB5ÊK�\xEC4Ë‚\x95\xCD\xE8\xF2\xECѵ}\xF2\xB6'\xB7+\x8DR\xEEJÛŸj�\xE9\xC9\xF9\xAC�\xEF��Ó²\xB7�Õ»\xC0Vo\x9DR\xAAgU:5/:
-Õº\xD5\xF5\xAB3uE\x8D\xF3�\xBB$\x9Dh\xF4\xAE\xCBZ\xAB�\xA4i\xEB\xE2a\xD7�\xBAB\xFF\xDA*Æ‘]\x85#;`\xDE\xFE\xD2\xFE{\xE3�\xBF\xA10FL�zX\xA6\xF1\xD0S\x81\x91\x8CÙ¾(Kl\xF4\xA1\xF0a3?V\xFE�P%6�endstream
-endobj
-1283 0 obj <<
-/Type /Page
-/Contents 1284 0 R
-/Resources 1282 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1287 0 R
->> endobj
-1285 0 obj <<
-/D [1283 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-86 0 obj <<
-/D [1283 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1286 0 obj <<
-/D [1283 0 R /XYZ 56.6929 744.7247 null]
->> endobj
-1282 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1290 0 obj <<
-/Length 1159
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDWÉŽ\xE36�\xBD\xF7W�}\x92\x81\x88\xE6\xA2�}\xEAt�$\x87 @�\xCC!\x93�-Ó–0\xB2\xE8H\x94\x9DN\x90O\x91EÊ›2s\xC8%\xF0A\\x8AU\xAF^-\xA4Ù‚Â-\x8A\x94PQ&\x8B\xBCLHJY\xBA\xA8�Ot\xB1\x87\xBD\x97IRA\xD2D�\x98\xCC\xECÆ©(HZ\xF0|�_+\xF9z\xFD\xB4\xFA\x8E\xB3�\xA7$\xCBx\xBAX\xEF&[Y����Xo\x8D\xDEjy4\xAA_\xC6<\xA5\x91X\xFE\xB6\xFE�\x8F%$/rf\x8FQ0\x91�V
-'\xFF\x93<(�\xFEE\xF5\xA7p\xF0Mw�)\xE5\xFB\xB1\x97\xA6ÑW\xC3�%)3\x9Ey-�#4\xCF�\xA7\xE6\x87��\xE6,2u3\xD8�\x8D\xAA �,\x9F�~\x8F\xFD\x92�\x91>5[\x85R\x83>\xF8\xADa\xDC\xEF\xD5`\xD4�\xA7\xD5-�\xAFT\xB6\xBA\xDB{\x95\x8D\xA9q\xB4�A]\xDBt\xCA�\xEDt�\xC0\xA8\xC6�\xC7A\x91e,r�}X\x96<\xBAØŒ\xADo\xD6�\xC6H\x99\xA6\xDCyc\x81 ��\xAF\x92\x83\xEE\xE4\xA6\xF5D\x9Dd;:[i\xB0�\x83J\xF5F6�N\xF4ѱ\xE6ƃ2\xA6\xE9\xF6�\x99b\xC1�"\x92\x8C{��F2Z2gW�\xB6\x8C�\xA5��y8�{o\xF7TL\x8A�d\xA7H0\xC23\x9F�\xA0hR\xF5\xEA\xB5Ȫ��\xB1\xEE\xDAw\y�\xFDl\x94yj\x93�yY\xD7p at d)\xB8ݶ\xFA\xDC\xD8X\xD8\xE9 h\x97,j\xFD\xEE]\xECp\xD1\xE6\x85\xFDÊ£O\x82c\xDFH�\xF4\xC1iˤ�\xF0Jn\xF0Ú•\xCE\xE1u\xF6|\xAA\x8A,\xC1�\xD8E�1�6^\xBEj�Õ™a.\xC0M�\xA9\xD9\xC9��\xD342\xDA~�g9\xB5\xF0\xFB\xA3F\xE8\x903�O\xA2\xD7\xD6K\xFE>\xAA\xBE\xB1\xB1\xB7\x93�\xFAq\xC0\x99�\xCD\xE0\xD2\xDAj
-\xA6ݎ\xC4$\xC2 \x8Ew v\x8B\xA2\xE3\x804Z�@o\x88\xED%�"���-\xC1��]Z\xE6c�\xE4}&`iA\x8A<�^�\xF3\xD0e�$�\xE7\x84'\x8C�&0\xE5^[DŽiN
-xf\x8CE_aNX0\x98\xC0S\x9A\xA8\x9D�\xBFS\x95/\x8EJ\x8F\xED�\x87�/b\x83\xA6Nʯzߜ\x96\xB11\x97�\xB2\xE9\x81L\x9C\xA5\xE5�K\xAD\x88\xC6V\x85BI\xD8m�
-JxI1|\xAB�\xC4�R{}\xD68�!S8�\xC6M\xA7,\xFDvr\xF6\x8B\xE7f\xA8qd\xFC)G%�\xA7\xC0\xDAÉ®\xD7�r\x9B6H\x96\xACÚ‹\xBD\x8B\x85\xBF\xF0\xC3JNXV\x90\x84\xD0�O^n�\xF3\xEBÅ¿_\xE6\x92�\xA35\xE9\xB4�\xBC$E\x91\x97\xB7r\xC1\xFB�\xBA\xFF\xE4\xF8\xB5\x93m\xD3C\4&\xC5=\xEE˦\x93}^)S\xADl9m7\xCF��.H\xC9h\xF2\x90d\xD7.�\xBFo\xFD\x88\xEF`\xA2\xD1y'�\xF8\x9F{�\xB8@ে\xCC\xE9�\xBFv\x80F1y\xE7\x8AÜ…\xAE\xF6Û\xD6Ç\xAC>}Ά\xDCn{5xB�\x87�\xC0\x8F\xCD�\xF4\xA7\xEE\xBC\xDEg'�\xB2M�\xDB\xF3D\xF6G\xF9\xFCŘ\x98\xF7\xE3\x84�.\xB1~\xD6\xF7]\xD3�+\xAD\xAEd[\xEB\xC1�p\xFA\xF9e�S\xA7M\xB3\xF3\xF4wz\x9Ei~\xC5\xF4Ì•\x90 at 2BIOW��W\x82\xBF\x9B^GS\xEB�
-Ó–\xFF\xBC�\g\xA5\xBB�\xDCE \xD5\xFDx�\x80
-�\xBEqÂ\xF4�r�\x8D�\x9C\xBA=ȘZ�\
-\xF6\F\xD8��\xFFxd\xB2\xF3\x91\xF3d\xA6\xB7$4%9\x87\x8B�{\xA6\xFA\xC39�\x9Afؼ!\xBC\x82\xA6\xFFH \xCBI)x\xE1\xF58k\xD8�;\xDF�\xA5o\x85\xAD<\xA9\xBB\xE7åێ\x9B\xAD>L/\x89\xC1\xCC \xB2\x94\x8A,`\xEE\xF6$\xE0\x9E\xC7V\x94\xF0l�\xD7\xD8\xE6\xDA,\x98L\xE15�]ַ[\xF6hLs&\xBEѡ0\xCCC/\x97U5U}h\xF5\xF65\xA1\xE6�^u\xBA�\x85\xAE\xFB]�}\xE1\xA6\xD7=}\xBB\x9E^\xEA\xE1\xFD-Rb_\xF3so\xF9 �_d\xF0!��AK"8\x9D�YX\xF9\xBD\xB1\xE9_\xC1\xA3\xB5 a,Dqendstream
-endobj
-1289 0 obj <<
-/Type /Page
-/Contents 1290 0 R
-/Resources 1288 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1287 0 R
->> endobj
-1291 0 obj <<
-/D [1289 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-90 0 obj <<
-/D [1289 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1292 0 obj <<
-/D [1289 0 R /XYZ 85.0394 575.896 null]
->> endobj
-94 0 obj <<
-/D [1289 0 R /XYZ 85.0394 529.2011 null]
->> endobj
-1293 0 obj <<
-/D [1289 0 R /XYZ 85.0394 492.9468 null]
->> endobj
-98 0 obj <<
-/D [1289 0 R /XYZ 85.0394 492.9468 null]
->> endobj
-1294 0 obj <<
-/D [1289 0 R /XYZ 85.0394 466.0581 null]
->> endobj
-102 0 obj <<
-/D [1289 0 R /XYZ 85.0394 201.2466 null]
->> endobj
-1295 0 obj <<
-/D [1289 0 R /XYZ 85.0394 170.5419 null]
->> endobj
-1288 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1298 0 obj <<
-/Length 1768
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDXYS\xE3F�~\xF7\xAFP\xF1$W\xE1a�\x9D\xE1\xC9�ˆ�k\x88qB\xA56\xFB \xA41V\xAD,y%�\xC7I忧\xE7\x92d#�\x9B\x90JJ�s\xF5\xF4\xF1MOw\x8F\x88\x85\xE1#\x96\xEB!/\xA4\xA1\xE5\x87�r1q\xADx9\xC0\xD6�\xAC}��M32D\xA3.Õ»\xD9\xE0\xE4\x82\xF9V\x88B\x8Fz\xD6l\xDE\xE1� ��Äš%\x9Fl\x86(���l_]\x8Fχ#\xEAb\xFB\xDD\xF8j<9\xBB\x9C|�\x8E�q\xA9o\x9F}?\xBE\x99\xBD\x9F\xAAU\xA6\xE9'\xE3\x8F\xEF\xD5\xCC-,\xB9\xAE\xFD\xB3\xA18\xBB\x9E\\~\xF8i:�\xFA\x8E=\xBB\xBC\x9E�?\xCF~�\xBC\x9F5�w\xAD"\x98 u\xBF�>}\xC6V�\xC6\xFD0\xC0\x88\x85\x81km`\x80� Cj-�\x8EË\xEB0ff\xB2\xC1\xED\xE0džagUn\xEDE\x89`D\x99G{`rH�\xA6\xC0Cn\x80�\xCBwC\xE41\xCA$L''Ñ\x87\xB1=[\xA4\x95ꙶ^p\xD5I\xF8<Zg\xB5\xB0���r(t]*wGYVlF_×¼\xDC*\xDA?T�\xE5\xDBS\xD5\xFB\xF3\xB4o\x9F\x91z^\xA86/j\xD5Y\x95\xC5c\x9Ah\xC1%\x8F\xD7e\x95>\xEAa\xC5\xCB\xC74\xE6\xBB\xFC\xD4ak\xCA"7\xEC\x94\xD4�
-Q�\xF8\xE1\xAE\xF0V%\xCAP(\x8E\xA9\xAB\xD2MW\x83\xC8(\xF2\xC8\xCBJ\xCF-\xA3\xD5*\xCD�\xD4`^\x94{heE\xB1\xBA\x8F\xE2/ϙ�%I\xC9+\x8D3\xA1>\xC2\xF0\x91\xBE�\xBF�\xB9\xE6{$i\x806\xCDGb?\x8A\xCAUtdP�[\xF7\x8CU\xC8\xD4\xDBU\xA3wU\xF3\xB2\xF78\xE6if\xA4dE�e\x8B\xA2\xAA��}\xD4K
-\x87\x95η\xCF#M\xF6\x90\xEEC\xE1΀\\xF2=�\x95\xAA\x{DA5B}~\x836\xFF-Z\xAE2\x8E\xE2b\xF9�j�ʷ�\xAB\xC3�%\xF7G\xCFZ{y\xB3s\xF6\\x9F~1\xD7ffQ\xD7\xCF\xC1\xDD4\xB9\xB8a<\xD1 �}\xCEo$\xD4e\x94Ws\xFE:\x88\xD4\xCD\xDD\xDDҋ\x8C"'!E\xC4��\x845\xE7\xB4O C\xE0"\x97\xBD\xE2\xF2\xBDt3\xFB\xEC{\xE2/\xD1�\xE8\xF6\x9D%@\xDF\xE00\xBB\xD4G/B\xD3:\x8DT\xA4ׄ\xAE\xCF\xEC\xF2G\xF7_\xBE\xC9ov\xBDfߴC\xB7\xA7\x87\xBF\xA2\xAAv\xC2v\xE7\x94\xE9n\xFC~\xEE~\x9F\Pb��1�r�\xE4��\xE4RDIh\xF20d[�\xAC\xAE\x8A(\xD1y8ʢ<�ATm\xA7\x9D,%\xC2r\x80<?Tay<�\xB1\xC0\x85\xBC\x90.\xD3Z\xA6�1\x84\xB3]\xAA\x9E at B\xB4\x99d.z\xF7
-s9\x8C\xA3\\xCF\xEB\xBDQ\xBCH!\x9Ek\xEAT\xAF\xCA\xD8#:\xE7\x93[M\xBFU\xED\xBAjx-!
-\xA6\xABLS\x96C�\xD8<.d\x9BTj\xF2W\xEC\xE2j�/\xB4\xAC\xAA�\xFA\x86\x8D c\xAC\x9A=n\xC0\x87\xA8�\xE9Ç¢#}Tt\xF2h\xC9Q\xC3\xD8G!\xA3\xBEd|!I�f.\xFF1\x8CBj\xA7s1\xEB\xD8\xDBbH\xEC\xB5\xEA/\xE4\x9D�\xB4\xF5B\x89\xE6j\xE1\xEE\xEEN\xCD7aH�6i\xBDP\xEB9\xAF7E\xF9EM�\xA7\!
x94\x9BU@�\xEB\xC5\-�\xAC\xB2\x9A\xD6A�\xA9ޗ'\x8AZO\xB3\xE3\xDE�� b��\xA9UG\x9E5\xB4O\x81�T
-t\xE8Er\xC6�)L\xCC��\xEC\xD4)\xC2p\xC9!\xE8\xA9n\xBD\x884\xEF8Ky^\xEB\xE9M\x9Aez\xBA\xC8s�k��\xBF\xB2\xE5\x91�\xB5�Δk1\x85\xE9ԋT\xA9\xA6\xF40j�}z\xAC\xAC\xD3%\xFFn\xBF\x90\xF4\xA1\x90\xF41\xB5(\xD4\xBE\xE7{\xAF\xAA$ ԊA�\xECV\x92o\x97ѣ\xA3\xEBA
-\xD4>�\xBCt\xD7\xEC\xD8e526\x8D\xA8CP@\xA8Ó”\xA9;� `�;�\xB3\xA8\xE3\x82��D&\xE0\xF1Ñ�0b\xCFfW£|\xCF>\xBB�ߊ\xBB\xEA\xF8Ôž\xFDr�5\xBBC\xA8gOyU\xAC%\xFE\xB1\xBE/\xD3\xC6W\xD4X\xDC\xD1é´½a\xE7Q�\xED�\x80�@\xC0\xF3\xB0kie\xDDn\xBF@\x9A\x84Pn\xFE�\x90\x8A\xF8\xEC\xFA\xEC@\xE5o e�9�S\x98n6�x\xEF\xF8Ô±!\xCE��%̾\x9C\xC0\x94CeP\xF20%\xCD->�OG\xF0\xFF���%\xC1\x9E~x\x88�\xEFFL�0\x86 �Òœ\xC4Ç \xE2죂\xDB`v�\x95\x8E\xBC\xB7E\x85\xBC%*\xD8E\xA1\xE3\xBF�
-�\xA1\xA6c\xDE+Aa\x87AiŽ�&\xED\xAB\xF8\xBF�\x8E�\x8B\xD0\xC0\x88\xACw\xC2 d\xDD\xE7\xF9\x93g:\xF5\xA1\xB0
-\x988I wÝ\xF6\xC7?\xF3��b�
-|�H\xDC\xEF�\�*�\x93I��\x9Dv\x8BLֻbF\xBC\xC2S\x91\x85\xC5@�
-\xA2�IG<\\xDB-Mڄ\xC4\xCC<\xCF~w99W\xEB:\xEB�ʢ\x8Ej\xDE0Yj\xE9"qw\xE4\xAF
-3!\x93\xA3\xA2m\xF5\xD9�΢z0\xAB=9\xF0IF\xA7~(K3\xD1F\xAAI\xA0\x8C\x81U\xF1Z�\xC4y-*�\xA8\x8A\xD4��\xA5M)~\xCB ���\xF6\xA5\xDE,\xD5��]�i\x96\xF7ţ\xAC\x8E�\xBF\xCD\xFCbAa z\xF02J\x8Ae\xB6\xD5#\xA5 \x97�hg\xA2_\xE3F\xA8Q\xAET\xBA\x92\xE3\xBE\xC7�=\xD6\xFF\x9FNUیuK\xF4\xBC*\x9A\xBA�\xBA�?\xBA�\xC1\xF6Gx\xB6\xAB\x99\xD6&�h\x9B\xA0\xB7\xAEtFT
-\xCAT\x88iiv\xED\xDAÔ\xAB\xD7eΓ=5\x92\xB4\x8A\xA3.m\xC3U;G\xDD�\xA9\xD4E^\xE09\x9D"��\x96J\x90\xD8C\xE0xy�\xA5\x99Z�\xFFqdk\xE0\x93\xB5\x9B\xA0j\xDD�
-Na>\xA4\xAFx\xC1\xE3/jY\xBB\x97|\x91\xB47\x8A\xC2-�\xDD �M\xA4\xB3\x95PQ\x8E\x8A2Q�\xA3\xFD\xEB�q\x80:\x8E\xA6\xAD\xD6\xF7\xA3J\\x84\xA5r8\x90.�\xF9\xA0\xAC\x90 "~A\xAA\xEDŪNA\xD5�1̃`\xE0\xF9F\x8C�!Mr\xA1\xE4\xE5\x87~-zP�\xA9Ä¢V\xCA�Ku\xA6}?N[\xEAÃF\xD3�=\xA6SYl\x8B3\xBC\xEEb\xBF\xA7�\x94C\x88\xB9�\xCA[\xF6O\xC2]C\xF3\xAC�\xFB\x9C\x84�\xE8\x90\xE9\xCCE�c\xBD\xE2\xB0\xF5bz|\xED/\xD7�<\xC7G,��\x84i\xB8\xCF(\xF4Y\xAB\x95P=x\xA2\xBA\xF97Û£\xFB_`#~\x9Bendstream
-endobj
-1297 0 obj <<
-/Type /Page
-/Contents 1298 0 R
-/Resources 1296 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1287 0 R
-/Annots [ 1303 0 R ]
->> endobj
-1303 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 61.5153 126.3509 73.5749]
-/Subtype /Link
-/A << /S /GoTo /D (rrset_ordering) >>
->> endobj
-1299 0 obj <<
-/D [1297 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-106 0 obj <<
-/D [1297 0 R /XYZ 56.6929 372.6686 null]
->> endobj
-1300 0 obj <<
-/D [1297 0 R /XYZ 56.6929 334.1957 null]
->> endobj
-1301 0 obj <<
-/D [1297 0 R /XYZ 56.6929 266.1213 null]
->> endobj
-1302 0 obj <<
-/D [1297 0 R /XYZ 56.6929 254.1661 null]
->> endobj
-1296 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1307 0 obj <<
-/Length 2693
-/Filter /FlateDecode
->>
-stream
-x\xDA\xD5ZK\x93Û¸�\xBEϯ\xD0%�N\xC5D\x88��9\xAD×\x8D\xB7*\xF6Æ–\xB3�\xC7UáˆÄ¬DjEjÆ“ÊO�
-@$�\x8E\xEC\xF2)5�\x81`\xB3\xBB\xD1\xCF�\xC0\xD0E�t\x91K\x92\xF0B,\xB2B�\x99P\xB9X\xEDo\x92\xC5�\xDE\xFDtC-M\xEC\x88\xE2!ÕË›?\xBF\xE6Ù¢ E\xCA\xD2\xC5r=\xE0\x95\x93$\xCF\xE9bY}\x8A^\xFC\xF5\xF9/\xCBW\xEFoc&\x93\x88\x93\xDBX\xA6I\xF4\xF6\xF9\xDF^\xE1\xCC�x%e\xF4�G\xF1\xE2\xDD\xDB\xD7o~\xFA\xF8\xFE\xF9m&\xA2\xE5\x9Bwoo\xE3,)�|y\xFD\xDBw\xBF\xBC:\xF7\xE1\xF6\xF3\xF2\xE7\x9BWK\xBF\x8A\xE1Ji\xC2\xF5�~\xBF\xF9\xF49YT\xB0\xE0\x9Fo�‹\.�\xE0!!\xB4(\xD8b#$'Rp\xEEfv7�n\xFE\xEE��ÞšOC\x96\x93<'2gY\xC0t\x8C.\xA8 \\xA4ld;Y S)\x8D\xED`Ñ·1M�Xt\xB9Wv\xD1\xEAx\xAF\x8Ev\xC1�u,\xFB\xBAm:\xBDXdII!\xA5a\x99,bN \xE5\x99gF\xA8e\xB7\xBC\xA5\x94Fm\xBB\xEB\x90Ѻ\xB5�?vV̯\xB7<\x8B\xEA~\x8BO\xFD\xD6N\x87\xF5xY\xAA}\xDBX�\xD8 "@�&\x89H\xD2¨\xB0\xDC\xD6 \x90'EÔ©\x95\xD6��*Õ\x8E\xF5\x9D2\xEFrx�\x8C\xCB�\xBE\xAB\x9B\xAA\xEE�\xAA\xE9Ê»\x9D\xB2\xE4u\xB9iÚ®\xAFW\xCF`\x82\xF1\xA8\xAC\xF6uSw\xBD\xB6Ž%*\x9B
-�\xA0XݷǺ\xD9\xE0s\x8F\xAB64\xF7e\xBD3|As\xAD\xAB7�\xE8ڷ\x93\xA5w\x8F]\xAF\xF68�Ht\x96\xF3&\\xB5M\xBC\xA5y\xD4\xEEvF\xAA\xF9@\xAB\xA3�\x95\xBA;m6~\xDEso\xBCa\xBB\x81a+cX\xE2\xBD;\xB2,\x878\xCEr~v\xAEw\xEFKo!d3p\xF7\xBC\x8F2\xEB"�\x90F�\x92H\xAA\xA3Z\xD3T\xF5&\xC0�\x82\xB9�<\xB74\xCF�\�\xC9\xF3\xAC\xB0�[\xD0/ĥ <͘\xE7�3A\x8D\xF5.\xD91X?˅%m\xBA]\xDB\xFEv:�x
- )E3Kx@\xE7l\x8E\xE5^G?ϣ\xD2\xCCh\xF3s�\x8A\xDD�gW\xED~\x8Fn\x83�\xF0\xA4‘\x8D�M\x8A.\x879\xA0;\xC1w\x8F\xF8\xF4\xFBI��\xD1\xC3\xF0d�\xCB�\xEB\xD8\xCEx�b\x8De\xA4` �G�\x98\xFFѺ\xBE^k\xAD\xD6.�\xEAƆG\xFF\xB8S\x93\xA0jO\xFD\xE1\xD4\xFB8ܗ=\xB9\xA8~ x�J\xB2\xCC\xC1\xC0I\x92\x86\xEB\xBC%\x8A\x87T\xAEX]\xD6yO5�\x8A\xA1\xCC�>\xC99{Z\xA6#
-\xC8�\xC5E�\xE1\x95
-9�\xBA4\xE9\x93dQ\xD5\xEEKc!\xA8�u\x8360\xF5E\xBFÜ \xC7�Æ”\xF0\xFC\xCFD&\xA1 �\x82@\xB4\xF1o\x88r\xE0D\x91\xA7.lZx\xEF4\xDA\xEB\xF86#\xEDt\xD0\xC6x
-(\xD0k0��vØ©\xDEÒ·kÏ \xB3S6\xA0\xCDØ„�t at V\xA4\xD1�\xCBx[v6\x96$h\x9E\xF0tR\xC1�Z]\xE7(\xA8��\xF6/\xB7\xB1\xA0,\xEAj-�\xE7릇B\xBBrE� qdB�\xCC�\x95\xF8\xDCA<\xBB\xCFL|\x9B\x8A\xA2\xEB/�\xAE\xD6\xD2\xE8\xAE\xECW\xDB)\xAB\x87m\xED&\xD5�\xB5:\xF5X\xE7\xA9c\x8D\xEC��\xD8WTU\xAE\xB6\xE3$(\xF1gWw6\xEA\x8D\xF5L\xF1\xB4\xBDC? gK\xD9(m>N\x93\xE8\xF9\xEE\xF2}{\xC06\x8A\xDC}=\xD0�\xAB\x95\xEA\xBA\xFA\xCE%\xDD�\x83i?\xA9\xDF\xE7ja\xA5]f \x80"\x96C6\x88\x8CP\x91�\xF1�MI\xC1S \xE3P\xAA\xD8� 01\xE4q\x99\x9F4\x81\xB1HÏ’\xB45?v\xE5F\xCD\xEA\xC4%\xA1\xB9�ߥӀ\x87\xD1I�urT.\xC5\xE2�\xA2\xEC\xD3�\x98j\x92�>�\xCA<\x95Ò¦\x9Am\x8B\x86lÄ™\xA7\x84A\xDAZ\xB2\xCF�F.\xA8l^c\xA9\xB8d$(\xC9�w\x8C>��IRdYj L\xF4\xC4\xFD\xE3A�x�\x8A\xCB2\x99{\xA5p\x95!Ý �p\x96\x8Fx\xAEve\xD7�\x98\xA6\x92d\x92\x8B \xD3?�\xB82N
-\x8Dq\x87\1\xC4�l3J2>\xB2\x9F\xC6�\xA6\xE3\x8F�\xF2S|ݸ\xF5f^P\xD8(\xB8\xAA\xBF\xCE-\xD5\xF4W]\xF69P\xAF\xA16� n`.\xA69\x94\xF7"�4�H\xD5Swr\xE5•F\x9CV\xBE\xB0�:E\x92�\xAAϋ\xA7;EF��.|�jWu\xFA\xF275)�\xBA_�\xC4 F�\x90\x9F\xE0\xF1\x91\xEE&k\xF4g?\x8C\xA0\xA2뀮\xB0ah�\x9E�a5�\x80C\xF6\xAF]\xD9ݷ\xC3:8\xEE\xAAC\xF41[\x8C\xCF\xF8zX"\xBB)x\xC1\xD2\xFB\xCC�\xF0\x81q.M\xC2�\xF4ʔ~\x8B\xE5A&r<@�\x9C\xC5E\xD0\xD3 \xCB`/\xF6$.�R\xCD\xE3"O5ĹC\xA1\xBAh¦(}Z\xAA\xA7
-\x88e\x93\xD2\xCA5\xB0��\xF2T\xB0\xA718\x83\x82\x90\xF8\x8Az�\xE8R\xF7�\xDB\xCAH\xED�\x80:\xEA[�\xFDGu8eҦ^y�\x8B\x99�\xB4m\x93D0e��f \xABt�Nd\xF4\xA3%\xAEԺ<\xEDz\xED|\xB3\xDF\xC4Y\xD8BA\\xF7�~u\xA7\xFA�\xA5�|\xB5EX�\xD3�X[\xFC#`\x9E&l\\xAD|\x80\xBD\xD10\xA7Q\xBDۺU�\xD6]\xA7\\xD0\xDD9\xF0\\xF7nC|j\xCC�\xB5\xB4K\xD7\xE1\xEB\xE2\xE8\xCEF\xA8\xFAҫ\xA6RV\xCA\xC3\xE5fyXD\x86\xA1>�
-D�\x83\x8C~W��\xF2\x98\x87�\x9E\xEA*4\xE0EJ(
-\x87\xE8\xD7\xEA4\xE41�
-<\x95�Ml�q\xF9\xA2\xDA5\xC7n\xF9p\xEFzF\xBC
-u"�y\x9F�\xD7�\xE7\xBA(+`�:mB\xF1Û« \xA4\xA9\xDA~\x96\x9F\xDF\xD6z\x86\xFDU\x863\xD0a\xDC\xFB<\xBF_\xAF\xF3\xAB\xF7
-v\x82_\xD1&-\xCB\xF7�\x96\xD0\xF9s\x92�L\x8C\x93\xE9\xA8\xFAc\xAD\xBA\xAF罿\xAA\xEEzWnBˇ\xA2\x97\xE5l\xCAO\xF8Q�\x82x#�\xA3c\xC7l\xBB��\x84\x93\xAC\xF0ܯb\xBCo�\x9Dc\xE0\xC1
-\xB0�\x87\xE5\xFE\xDFv\xD7\xF9\xF6\x90K�\xF0_\xD7^9\xF8>KR\xF1t{�RͷWO5=\xF6�\xB5X�FO2\xF6\xB4dOuE4\xE5�v-\xB9\x9C\x97}y\xE4�\xF8\xD0�9\xE9\x8Dz\xCC2\x8E[r=p[r.\xB3\xF16\\xBFD\xE7\xC1\xA0i\x9Bx\xF0V\xF7\xCE\xDC\xF6\xB3!=\xEE\xB5͗\xBB]\xFB\xE0dm\xED$\xB4\xA1#\xF6ɴ \x943\xDF'\xE9\xF9\xA03\xCB4H\x84\xB6n6\xC4\xF0d\x8F\xAD`ds\x80F�>\xE3\xB6<\xCB\xCE1�\xEFL\xD8\xC2\yך^
-\xC3{\x98.\x8Fu{\xB2\xDF\xE9h\xB2C\xBB\xC0Ô‚V;\x8B|S\xAF\xD0\xE1�kÇ©�gl�\xC0\x84I�\xCF4px\x80P\x98a\xFAp+\xC8� d\xD1Û±Y\x91\xD0��h\xCDQ�Ì€\xDD*�\xE1Y0\xF7�\xC1Ô¿O\x9D�\xD9v\xCF\xFD�.s\xD9\xC7#Lq\xB0,�\xD3H\xD9\xD9I\xB23w\xD2�\xFE�-\xC5B�\x9D\xCC#\xAC?�#XN\x89,\xE8w\xB5\xEC!\x8Fy�á©®\xC2��\xB1\x97\xF2\x94~\x97N��\xF30\xC2S\x8DR\xD46�,\x87\x84�h'\x94\xCD\xED\xC9�'\xFAZ\xE6\�ã¾×µ;\x85�\xEF\x9EsB�\x97\xE8\xFFE9\xB1�\x87\xA9\xF39\xDC�\xA0\x8CÊ´�w\x87qjç…‹J�\x99\xA8\x84_\xA5ILXU8\xF1\xB05ظH\xA0\\xE0�\x9E_mNz\xD3\xDC
-\xA7,\xAB
-\xB0op\xA8\x8FB1\x80\xF3Âq|\xB0Ñœ�\xE7� -�\xB7\xB102(\xB80 \xB72Ç \x81\xC8\xC5x\xF5*\xA6��k\xC1 ;b\\x8F�F:\xCC\xC1¤/<n��\xC8B\xA2\xCA\xFF\x8A\xFFh\x8F^\xA5\xBD\xEA�1\xEF�\xEC \xAAk\xBC\x91\so\x9D".\x85�T=�l��\xCB�l%&\xADy\xE6N'��\xF1\x8C�n\xBF(H\x9CIw\x82
-#si�\xBFX\x90\xF4�
-\xAAGf�\x9C\xA5V\x98\x9E2G\xB7\xF0{\xDE\xF7觑\xB2\x86l=\xE2\xE0\xB6Vf\xAA\xC5\xDF;\xFBF\xE7\x90�\xADsI˫'e�\xF3ͅ\x96 \x81�\xFE\xA2\x99apv\xB9~;p�\xC1{\xBF\xA5#\xC4$5\xC72\xF0\xE4\x9D9\xF9ʾ=\xA8U\xAD9\xAB\xA98\xEBU�Y?�4
-�\xE9\xC4s\xC2\xEEP\xB5\x80\x90\x9F\xBFÚ/O\xDA`��\x86\xFE5\xFBI=@\xC5a�i�lOF�\xED\xA5u\xB9\xB2_\xE2Y:�Ö¾w4\xBD\xBEYBZ0E�M\xD0,_\xCFÜ©my_\xB7F%s�\x9AG�\x96SeuhZK\x8B�\xF10\xADB5,�\x9C.\xF8\xE9\xD3/\xC0L\x99\xF0 \xF1)��\xA0)\xCD\xDCVËž\xBE\xEB�\xE6\xE0]^�\xB4\xDFp\xAC�\xB0\xA1WeE\x82\xE7f\xBC I
-(>pG\xCA\xEC�\xE9\xF3É¥\xF17Þ“\x86>\xEF\xCF�\xEA\x87]\xF9è¸C\xF8\xBD\xDA\xF8\xAB\x89Cy\xEC\xC7W�\xFE\xD4 5\xF4Q�\xE1\x97Ee�\x82!\xB0\x9DJ\xC2�}�j\x9Fiæ¶\xA5q)PÅ«\xADZ\xFD�!\xB8\xBE@\xDB@
-p\xACxJ\xB4\xA7\xB9\x90=vrB\xA0\xFE\xB2\xA1\xF0٣,\x88��\x86\x97
-N8\xE7\x8Cd\xAC`\x97\xB7\xC0v\xFF\xA4?\xED.\xEE\xFC\x9B\xBE\xFC2\xF5\xC3%�0�'\xFC\xB5\xB5Q\x86\xCC\xE8\x912\xC2\xD2T\xFA�Ä„\xED�\xFB&\xB7×\x88\xE3<d\xCFÄŸ\xBC\xF7?\xB2\x9C\xFF\xBFGd\x84\xE7\xF9\xCC9#\xD7\xE7\x8C,\xF1Ji\xF5\x8B\xA9\xE2\xFE�^.5\xFF��+�Lendstream
-endobj
-1306 0 obj <<
-/Type /Page
-/Contents 1307 0 R
-/Resources 1305 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1287 0 R
->> endobj
-1308 0 obj <<
-/D [1306 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-110 0 obj <<
-/D [1306 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1309 0 obj <<
-/D [1306 0 R /XYZ 85.0394 744.949 null]
->> endobj
-114 0 obj <<
-/D [1306 0 R /XYZ 85.0394 744.949 null]
->> endobj
-1310 0 obj <<
-/D [1306 0 R /XYZ 85.0394 721.0357 null]
->> endobj
-118 0 obj <<
-/D [1306 0 R /XYZ 85.0394 672.3079 null]
->> endobj
-1262 0 obj <<
-/D [1306 0 R /XYZ 85.0394 647.0603 null]
->> endobj
-122 0 obj <<
-/D [1306 0 R /XYZ 85.0394 136.5325 null]
->> endobj
-1314 0 obj <<
-/D [1306 0 R /XYZ 85.0394 113.5963 null]
->> endobj
-1305 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1317 0 obj <<
-/Length 3508
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDD[\xDDsܶ�\xD7_qo=\xCD\xF8�\xE2\x8B \xFA\xE6$v\xEAtꤖ\xD2N\xC7\xF1�uGI\xB4\xEF\xC8ˑ'E\xFE\xEB\xBB\xF8$q�yJ=\x9Dv<z8 \.�\x8B\xC5\xEEo��^d\xF0\x87�<G\xB9"j!�C<\xC3|\xB1\xDE]d\x8B;x\xF6\xC3�v4+O\xB4�R}{}\xF1\xCDk*�
-\xA9\x9C\xE4\x8B\xEB\xDB�/\x892)\xF1\xE2z\xF3~I�E\x97\xC0![\xBE}\xF9\xB7W\x97+³\xE5իw\x97\x9C/\xFF�?\xA6\xFF\xD3ϯ޽\xBC�ly\xFD槷W\x97+\x91)\xB6\xFC\xEE//\xBE\xF6�\xE7y|\xF7\xD3\xDB\xD7o~\xF8\xA5\xE7s\xF9\xE1\xFANjW\xD7a�Õ\xE2\x8C\xEA%\xFCv\xF1\xFEC\xB6\xD8\xC0\x82\xBC\xC8�U\x92/�\xA1\x93!\xAC�Y\xEC.�\xA7\x883J\xFD\xC8\xF6\xE2\xEA\xE2\xEF\x81\xE1\xE0\xA9y5\xA59\xC63\xC49\xE3\x8B�eH\xC2\xFC)*\x9C#Es�\xED���rcI\xA0\xC1�\xCA)\xA1A\xF9��\x94/1\xE2J\xF1E\xA0\xD2\xCA\xFF\xA5-\xEEʑ"\x80 at b\xB1�L\xA0\�\xFC%"
-X�\x91XR$O\xA5E\xAA\x8B]\xB9Y\xAD\xEF\xCB\xF5\xA7uS\xDF^\xAE\xF2,[\xBE_}|\xF8\xFC\xC1\xB7;-\xF17\xAF9�\xF0\xC29�-3 �h.\x9B\xEAP\xAE\xBB\xE6\xF0dI\xA3i9C9\xE1\xD8Qz\xAE)\x9E��I<\xCB\xDBj[j\xE1��A~I\xB2<p<U(F�\xE3|!\x80\xA1\xA0\x84\xA4Ï#Z
-\xA9\xC6\xDB�\xAC\xD4S\x9D\xE8\xECsS\x8F6�S \x8A\xE6l^\x80@\x95\x90\x80�\xB5\xC2\xC0\xACE.b�\xAE\xEF\x9Db"i\xB1B8�\xCA)&!\xE6 o\xC9`�\xA9ߚ\xFD\xE1�\xCBesw(v\xF6�\x9BW[\xDB.\xECϮh\xBB\xF2`ۿf�ٖ\xB6}۸\xC1\xF6\xA9\xEE\x8A\xDF\xDD;\xF5\xC61j궂�\xEB\xF5\xD3%\xC6x\x89\xA6\xCE@\xAE��\x8C\xF0/8�C�\xD3\xC72P\x9D=\x96\xB9�\xB5KA\xBFD\xA4�\x8B\xE9c�\xA8R{\xE7\x8E\xE2\xE6\xE3o�߇\x83\xB9N�"\xF0\xF0\xDC\xED\xE8z[\xB4m\xE2 �\x85\xA4�v�\xF85 ~\x94\x83\x9F\xE4\x9Eas\xEC\xF6\xC7.\xC11&\x9Bu�1\xE9�\xF7�\xAB\xC7�S\xF0\xE7\xDA\xFB\xC3~\xAD0F\x8As\xF2\x9Fr\xFFtV\xE4_3\x9EUwuspG
-\xB3\xA1o\xC2H\xB2p\xA4>&\x98��\xA7\x999\x82\xC7\xE2P'\xB8�\x8A\x94�\x8A\xCF\xE4r[T[\x90
-Om\xB5<]d\xFD�.rl\xCF\xFFL�
-\x91Hd\x92yC\xC1\xFF\x95\xE5>S\xD0\xC4\xF9u\xD6k)z\xBF=\xC3&�K9RB\xE4\xCF
-\xA5\xE2\(\xCD)ձ�χ\xD2!\xD5t(
-T�?\xD7\xEC\xF6 c2\x982\x88i\x98\x8By��UB\x86(\x98¡\xCF�@\x9FH\x88\xABjWm��\xC0(_vM"\xB02\x8E\xB2�O�\xD6�\xA9Èš\x83E�\xBDÞ€\xCF4\xCC+\xF3Ë–\xC5\xF6\xB1xj\xED\xD8\xE6\xB8Û·v\xB8\xBB/\xED\x98\xF5\xF9z�B'\xC4\xCD.\xC8f_\xB7\xDDv_\xAE+�\x85Ë�a\xB1"�C$\xCFp\xEC�\x87qZ\xDBy\xF7\xB4\xAF\xD6\xC5v\xFBd\x87\xAA:\x8A\xF0\x9B\xEAVÀ\xDBÒ �;\xB5
-\xF0\xBB\xA2\xD3f\x8D\xA6\x8C\x84+\x822z�n
-\x88\xA6M\xC4�i\xE9�\xF5f}:\xA3�\x80s\xB8\x9A\x9D\xD1ӌg\x8C\xF6\x89 \xCC \xE6�g\xBC6\xBB \xC9\xD2j`\xD7t\xAEo\xCE�\xB4\xF0rS\xC0pmG\xF5�Y䴵�Z\xC7)p�\xAB\xCBX8\xDA~]'�\x91�iy\x82�Ɩg\x8C\xCD` \xF6\xAFyl\xAD4\x9D�\xB8}�\x90\xE5 6\xBB\xAA�\xD0u(:\x83\xCD`ȘOJ\xE2΢I0�\xD0Zf\xB46t\x8E;�.\x95^0\xCDز\xB9\xB5\xBF\x85\xFD\xB1Z\xA1�]\xB6\xE5\xE1�\xCC��>H�\x99 p\xB0\xEAui\xA9\xBE}\xF3\xF6{\xDBR\x88\xBCHbW8\xC2\xFADΫ�\xA2|�bF{\xDC\xEF\x9BC\xD7:y\xB6[\xDB0\xFA\xD0
-\xF0+; \xA1\xAD�\xCF\xCB��\xF72ɔ@R!\x96\xE5މ\xA6\xE5Y1\xAC
-G\xC5'\xEE\xD8U۪\xD3\xE7�tQ\xFE\xBE.\xF7]b\x82�rQJՀ\xBF\xA1o\xBB\xE2\xD0%\xA6\x82(\xA4r\xE6\xE3\xB3\xC6\xD6\xC9� ,9?ey('\x99J\xF0\x87\xDC\xEB\xF3\x856\x87l\xF9x_]b@\xFF\xF6\xE5G\xE7 l\xAFضڊ�]\xD6M\xE7�\xB6\xBBPn\xECxUO�\xBF\xD4pzN\x99 \xA7\xB9
-Q\xEBO\xADe\xBF\xBE/\xEA\xBA\xDCZ\xE6\xBBfS\x82qQ\xB0\xFA7\xB7\xD6f5\xF2\xCBs\x9E\xC7[\xF0\xD4�\xAD\xE3:\\xCA\xE51%�\x85,\x98H~\xC6\xDE�4\xA9�\xFB\xB1\xEA\xEE\x9Bc\xE7\xB3�\xE7@\x9B\xBD>�.O\xAA\xDC\xD3\xC7J[\xA3u\xA8\xED~[<EN\xF6h2�\x9BQ\x95m\xDF)Z\xEFm\xCD\xF1\xFE\xF3TR\xC2!y\xC4"\x97_\x90\x94�YL\xE7I\x81\xEAl\x9E\xC4I\x8E���\xFF�"
-XL\xE7I\x81*l\xDBL:\xC4)�Jz\xFB\xD6�\x8E\xEA.\x95\xBE\xE4\x88QJO�d{�&;\x97\x97\xE4H�#\xA7�\xF7g9꣔\x82|�X�\xFC\x9E\xCE\xF2\xFBT\xA6\x92�� \x98\xAB\xFC\xD9@\xD4y\xD2�\x82\x94\x88`\x85\x9F\x8BEg��\x94\xED\xC8�B�R\xEE\x96J�@Bh\x84#\x90\x92J<\xBB��M�\xFB@\x81(!~\xA5\x95;\x82�\x81\xE9Æ\xFD\xB5Q6�Ϊ\xBE��Oo\xC9L\x80R\xA4\x98\xB7\xF6�\x915v\x990vOdl\xBD\xDC6\xC5f�\x90A�,\x87H=7i �\xCD�;`pw\x8C\xE5,\x9A\xF6\x9D\x9D\xD6�r4\x9A\xBC;z<pZ�
-%�\x8D`[4\xA9 \xB0�\xCA&\xC0|\xAF\xA1�Ռ\x8A<U\xAC#0B>\x99\xC3
-\xF2*9\x95,\xBFOp1\xA6\x9C\xAA\xAE\xC8\xC9\xF37\xC9Ɵ\x88\x87\xAA|L\xC9��\xF8QjF ~e`\xDF\xF3\xBA�Tce\xC6qN\xA3�%q\xAC\xCD\xE1\xD6�\xF3\xBF\xAB�ʺ\xDF\xE4\xE9=��C\x95 g\xF6x at 5\xB3Ǟ\xCA\xEE\xF1- \x9A\xFB\xD4&G\xD9\xEC\xDC&\x8F\x92\xE7\xC9\xED\xF9�\xEF2� \xA2\xC0-\xCEj3P\x8D\xD5y\xB2\xCB\xE04�@\xA5H\x9FW\x90\xC9n\x8E\xFE��\x8EoWT:\xF7,�\x86\x8F\x8A\xBC\xD8�\xA8\x94�R�:o�C\xAAi[�T\xD6� \xC1\xA9\xDB[�\x83\xA3
-\xC89�\xB9P�\xFD*\xCC�r�E \xFC\xCD*4P\x8D5�\x9B�(H\xE9RX\xA4\xD2w\xBDJg7\xDBلM$w'\xB4\xEE\x9E\xC0\xA4\x82S6\xC1%\xE4r\x82\x9D\xB1\x89�ՌMx*\x83ɪ\xBB:\xA1\xFFȹ�\xC6 at 8$\xEB \x84g5�\xA8ƪ<ɬ3\x941\xA2b]\xBE.;\x9D�B\x8E\xE5\xD2kh|\xFF\xF6\xEA\xEA\xD5w\xB6
-貵-\xE3�tæ\xD7\xD0p\xF6\xA2\x9B\xD6^�Y\xB0\x97\x88V\xA3T\xD3\xD8T6\xDB\\xAF\E�\xD0>'\xA0\xBB\xA8"aJ\xFA\x90\xB9\xDBbK[\xA6\xE0�D4\xA2K���\xAFNn�\xA2\xE5\xE7�I\x95\xF9�\xAE\xCDaceg\x88\xCA�N��\x81ܑ\xB2��w�\xDBx�\xA9\xDDѯ\x86/$\xD4>\xE2k\2\xC8\xE9\xEA-d \x99� ّ@2C8\xCBi$\xD0x\xF7=\xD591F\xDC|\xFDI\x97r\xF2\g\xDBF�\xD81\xA7\xF9—�tGg\xC6U�H\xAA\x83m\xEE\x8F7\xDBj]\xF4kٗ\x87\xAAټ\x80�\xE6\x90\xFA��w\xA1\xF8�SKyRK�n\xDAX\x84\x84M\xD1�,*\x843��\xD2v\xA5\xEB�\xBA
-f\xF9\xD7W\xFF\xB2�\xEF޵e�\x92\xE7\x8AZ\xC9\xE1\xB9{I��\xA5%\xB4Õ\xE3\xA3\xEB
-w\xA5\x96\x91a\xE3\xD1\xEAĤN"s\xF8Aӑ\xC4űkv\xB0\xE6A\x8Dժj\xA5=S\xB9\xF1�\x82\xEE\xFE\xC4i\xD6\xE0�LÜ�s\x9B\xAAWᧈ��\x9B\xA6\x84�\x97\xEEP7\xCDoGw\x86�Iw_t\xF6y\x97Γ =H�R/-\xFEjS\xB7m\x99*\x88\xF0�a�\xDFO\x98Il�\xC4Ns\xE3ƌjͼM"\xDFS�\xE5,$\x8E\xA6\x9E\x99\x98\x8FBF\x82\xC3w�M*\xD5ֺ�\x8C\xEBH�j)B�\x8AL~7\xA0\x8B]\x9C\xFBB\x9AM-%\xE1'7\x88\xAE\xDE%\xB3\x94r\xFB\xDAk�\x89zȽp\xE3\xFA}\xD2d^\xDCا\x9E\xCA.\xDCV\x95\x9F\xEAbW\xAD\xED8X)\xB2\xC3W\xE5\xA8\xE8\xC22\x82H&s�X�\xE5J\x9CqF\x81|5\xA0�;\x81�\xD7\xC8�i\xA1\xB4+"\x80�F\xF2\xE4\x90k+̆\xF2\x8C?\xBE\xF1Dg\xA4�\xA0~ �(\x85\x85\x9E \xC1\xAEqn\xC7\xEEY�\xC2\xE4�\xC7\xD1aS\x82�l\xA7\xB3O8YH\xA83\xE9\xF9\x80h�wx"=\xABN\x95L8LD\xFB\xA8
-\xF5u\xE4%�\xB8`5\xAB\xCB at 4Rf�{@=\x8AS�i\xD3��\x85�\xF0\x80F �*\xF3\xC0�F-\xF0P\xEE(\xEAg�x\xC0\x98\xF3Õš\xAC��=-\xF6\xE510 \x98\x9CQ\xAEF��X8\xE2�G\xCEg�G\xCEt\x91\xE5Ùˆ\x83�\xB0 n+\x818�\xF8#�\xB4\x84Jh`y�qx\xFA\xD5\xF0\x85T�x\xCA7F�\xB0\xC44\xE2\xA0�G$\x92f\xB4\xE3\x96\xE4\x8C '|�@#\xE7�h \xE0p@�\xA4\xE9\x81�t�а$�h\xC0p�4\xE0\x99��\xEE^�\xA3\\x92�\xD7\xDE\xC3�\xB0�î†b�h\xD81;�\x80���\xFC \xE3�h�Æ–\xBF\xD4\xDB\xEAS\xCA.�\xA3�\xE2at\xF3g8\xF5\x99J\xEC�\xC1]�<\x88S\x8C\xE2\xE5}\xF3X\xBA\xDB53\x92y\xE1x0rn1�\x88\xA5\xEFf\xECÊ¥@�\xE12v\x90\xD5nWn\xAA\xA2+g\xF0\xC9\xCD\xD3�:i_8"�⫦&\x9Ay�&Ä™�æµ»J-!4\xA7@\x91\xAB\xB4>\x84\x9C\xB3Ú•3\xC0\x87�\xDA��\xDD�\xC7f=j\x81�%l�\xF8\xE4\x88fR<�\xF8\x9C\xA4\x8Ff�\x8F{t\xFBÆYH\xA9\xA7M\xE2�\x810\xA6\xEC\xB9pE\xF4f@�^\xBA%\xFB\x8B\xB8~\xF1+�&�\x86EŦ�\xA1�\x9Fw\x81#\xF0\xA8\x85Q\xBBY0r\xE3\xFA \xD4˜\xA3\xA2�\xB5\xC0\xD0\xE6\xE9�/=p\x81\xBE�.@\x94 .�0 \xD1Q��\xDAR2\xCF\xCF8\xB5@\xBF�\xBE\x90\xF0)#\xBE1v�i&\xB1�\xD5U�\xE06\x9Ca�^<\xD5�A�\xB85J \xBCF\x82X\xF8\xC2h�_\xAC\xEA\xCE �\xCC!w\xD7�\xB5\xCD"\x95!\xD54T TF\x9ECY~.\xE3Oq\xBF\xAEB\xEA4b\x99Uj�YFZMc\x96H\xADW\xC7v_\x9A�J\xD9\xF2\xB8߀\x87mm\xC7��\xFB\xE5\x8E\xFE H_wl\xE5t\xC5sb\x83�\xD5\xFE\xBBd[\x95cd\xBE\xF9Y\xCDA�\xFBA\x90vЊ\xBA\xF4\x95HnQ�\x91\x96g\xEBÆ‚1B\xA7\xB5—�\x9D\xF1c\xE6sL\xC9�ßš@\xCE^\xD4\xC7\xC2q\x82�Ò¹a\x9B\xCDp\x97\xF30 Û”\xC3'\xF6\x9B%�\xBEl\x82V\xAD\xBF(\xD2\xC1 J\xA1m\x80\xB2\xBAÓŠ\xCCl$\xA2\x99I\x8F\xC0\xD38\xBDA\xDF�\x99\xFA�^\xBE\xE9,\xB1s\x8B\xD0Z�\xC7Ö¨_\xB7MN\xDF\xDA\xF7l\x9D\xC2\xC7Oh|l\x8E\x87\xBA\xD8ÚŽ\xBF\xCDÒ”\x9Dcu\xE3�Û§z\xED\xA5r !\xC3\xE1뙓2@\xF8T\x9A\xF8k1\xE2\xD3E2\x98Sw\xC2
-�qA�(o\\xDF\x84\xF4`6F\xCF\xFCr\xEB^\xEB\xF3E\xE8Xm\xD8w\x8B\xAE+w{\xB37$|\x8A@\xB2�\x9E\xB7\xA0�'\xD6\xE3}\xB5M."D\xFF\xBE\xE2\xEBC\xBD�ԟ\xCBz\xD2 \x81\xC0�\x9E\xB9\xE5��M{/Ode*�\xA7]W\xECN\xBE\xE8\xA2\xEF\xFF\xC5s\xF9;\xBC9u\xF6�}\xA7\xFAL\xDF\xF3
-�\xFA\xAA.n\x8C\xF9\xE5\xB2\xF7Z$W\xD6�a\xB0\xB0\xDD~\xC7\xEDpo\xF0\xD0y1\xEAj\x85\xFAy\xDD\xF4\x8F\xECH\xE5�k/\xE6\x9D��L&3q\x82P�^L�/&\xBC��\xB1,\xD0!
�^M�\xBD\x9A\xFE\x80Q\xAF\xCD\xF84\xB0s\xEF\xD3d\xF0�\xFA�W\xC3�\xFEk�;\xD8XB\xCB\xCC݃�\x89\xBD'�\xC3;�xaS\xB5\x9F^L\xFD\xB7�\x98\x8C\xFE�\xA5\xC4�fዋ/\xFEO\xA8\xFE�\xC4\xF4\xA7
-RN\xDD�
-\xADy`\xE2\x84\xD2z\xC7\xD9\xF8\xEB\xCE��\x9A\x93\x84\xE8\xFF�|\xD9�\xF2endstream
-endobj
-1316 0 obj <<
-/Type /Page
-/Contents 1317 0 R
-/Resources 1315 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1287 0 R
-/Annots [ 1322 0 R 1323 0 R 1324 0 R 1325 0 R ]
->> endobj
-1322 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [219.3839 342.7466 281.1025 354.8062]
-/Subtype /Link
-/A << /S /GoTo /D (options) >>
->> endobj
-1323 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [401.2123 288.8914 470.1877 300.951]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
->> endobj
-1324 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [243.8464 235.0361 306.1963 247.0958]
-/Subtype /Link
-/A << /S /GoTo /D (options) >>
->> endobj
-1325 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [368.2917 181.1809 436.8984 193.2405]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
->> endobj
-1318 0 obj <<
-/D [1316 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1315 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F53 1313 0 R /F22 961 0 R /F14 964 0 R /F48 1238 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1330 0 obj <<
-/Length 2924
-/Filter /FlateDecode
->>
-stream
-xÚZ\xDBr\xDB8�}\xF7W\xE8m\xE8\xAA�\x83+/\xB5O\xD9Äž\xF1T\xAD3�{o\x95\xC9�-Q�w)\xD2#Rv\xBC\x95\x8F\xDFn4 \xF1&*[\xD9J\xA5�\x82\x87\xE8F\xA3\xFB\xA0\xD1�_0\xF8\xC7�\x89�\x99L\xD5"NU\xA8�׋\xD5\xEE\x82-�\xE1\xDDO�\xDCb\x96�\xB4\xEC\xA2\xFE|\xF1\xE6ZÆ‹4L#�-\xEE7\x9D\xB1\x92\x90% _ܯ?�\xEF~~\xFB\xEB\xFD\xD5\xC7Ë¥\xD0,\x90\xE1\xE5RG,\xB8}\xFB\x97+깃WZ�s\x88w�n\xAFo~\xFA\xEBÇ·\x97\xB1
-\xEEo>\xDC^.c\x96*\xF8\xF2\xFC\xB7�~\xBD:~ww\xF9\xF9\xFE\x97\x8B\xAB{?\x8B\xEEL9\x938\x85?.>}f\x8B5L\xF8\x97��\xCA4ы�x`!OS\xB1\xD8](-C\xAD\xA4t=\xE5\xC5\xDD\xC5o~\xC0\xCE[\xF3\xE9\x94\xE5\xB4LB\x9D\x88x\xC2tBtL\xC7%�\x93H&\x8BX\xA7a$\x854\xB6˪\xF5\xE5R
-�\xEC/y�\xE4˼\xCA�ʼ\xC1>�\xAC_\xABlW\xAC�pxZg-\xBD�A\xB6i\xF3=\x81\xDAmN}e\x9Dٱ\xB6\x99�`U\xEF\x9Eʼ\xCD\xD7hX\xA1\x83\xB7\xEE3�\x81\xFE\xFC\xA7\xAEr\xC2�v\xE8v\x9B\xBD\xE4\xEB�\xE1A1\xD0`\x89F\x86\x99.9�S\xAD\x85\xD1ڪ\x85+\xE2\xD5‡\x97\xA2,\xA9U\xD5\x{137B2B}G�\x89퇜\xFE\xD2T7\x87�\xF5�,!g
-,\xA6\xE2ẸP\xC88\x99\xB4\xB9G-\xBB0cs\x95tmΠ\xAD\xA2\xE3`F\xF9\xBA-6\xAF(\xF8͵\xD6�\xB4\x82�R�\x85 \xCCXƀzC\x8A4L\x928\xB5\xA0O�\xC3\xE80\x8D\xE3\xC8�Ve\xD64�\xC3H
-\xCE \x9F}\xE30\xCFE\xFE2\xA5\x8C�Stt�}\xFE<\xB4\xA6\x88t(\xC1\xD7\xE6\xAD\xE9Qck\xF6<X\xC4��J\xE9\xBE9?\xE6M\x8EN\x8C+{\xFB\xE1\xFE\xE6\xFA\x9F\xD4\xDE\xE5M\x93=:\xCF\xD8\xD4\xD6 \x8C\xBBb�\xED{z\xF9\xA3D\x85\xF1\xA9\x90;.�vz\xF9=
-\xF5\xDD竺\xDA�\x8F#\xD1:�\xE3(:'ڡƢ\xFB\xD1�\x890�ez\xA2?\xE6�\xA3BF\xD6�\xD0 m~gL<�\xF6Y[\xD4�ubOi�\x86"\xB0q\xFC\xB8�o0
-4b\xF3#\xB6\xD3\xE0\xE1\xD0R纶\xA8\xDAvP\xC0�?Ͽ�M[T\x8F\xC71\xBAR\x8D\xBB.\x96\x92\x81\xA3+\xD1�\xFC\xFC9G
-\xD34(6\xF87\xC1y\xBCR\xCF6{Ωo\xB5\xCD \xEA\x91t\x94\x8E\x82\xFB-R\x8B\xF9\xA6\xA1\xF7\x9B\xAC1<\x84}@7�\xF5fԱ9 \x87�W�\xBC\xE7\xEA"T\xD8fv�\xCDt�\xD75<\xB0l\xAC#�{\xD9:}AO2� s*e\xF4Xf\xE6\xE5cN\xBD\xD5a\xF7@
-&A\xBD!{\x88H\x85\x82\xA7\xDE ܳD\xE3\xE8m\x95�\xA7\xD1C\xD1\xD2\xDF\xEC\xB9.\xD6\xCD\xC0\xF5\xAB<\xB7�\xD3Z\x9AÌ¿ \xA3V\xF9 \xB7\xAB\xD7�\xAE\xC9\xCAy�\xBE,vN`\xBD\x99�)\xFB\xCE.\xE5L\x80�\x91)\x95\xA4\xE7�\xAC�\x9B 0\x87B\x934m\xD66#\xB9�xS\xCA\xF4\x8C\\x87�\xCB\xEDG\x97Ra\xC2\xC1'{\x82\xFF\x8E\x89\xC1\xBEh\xAD5\x9A|\xFF\xEC\xB6�\xD4 }~\xD5\xF4\xED\xEEM7�\x90\xFDN\x9BOc�\xC4\xD2\xE8\x8C\xF9\xBA\xB0\xD3\xE6\xF3(\x9C\xC5�\x87|\xFFZÖ§\xF9i^\xB4科\xE8I~ꉾ\xBFLEP?>"\xF3H�\x93*Ø„ \x81n`�\xCC#\xB8�~�\xBD\xA0�V�\xCBØ›\x95MM]�9\xF5Pb\xB3\xB6\x9D\xF6\xE3\xFC\xCBSY\xAC\x8A\xB6|\xA5\xFEuA1\xBAjí†_&\xD8`\x9A\x9DP\xDF\xC2D\x80T\xA0K\x9B?\xD6\xFB\xD7 \x8E\x88\xA30�~\xDB4\xBE �d�rx�\x82;:$\xF2Z\x95\x97S\xAC�8\xE6G,*�qZw�\x87<\xD1.\x83p\xF6\x9B�3�\xBE\x81)�\xAEA\xA3\xD4v`\xE2$\xF0\xA6\xEE\xB8���,f\xF1\x90\xA2��\xE3V714,>\xE7\xDC
-m\xB6f��WEH�4O\xF9
-2\xA4\xA3V])\xB1��\x91\xB8O\x8D\x87,\xED\x86�fM$��$z\xB2\x89\xA8׼\xF9\xD3\xD4,\xE1#\xCE\xE3\xAE\xE5l\NZN\xA5\x91K\x9A\xEA'4HsbLƣ\x91\xE5\x883'-\xA7\x95P\xDFb9\xC8\xDD\xE3X;#\xCF\xF0\x83�at\x96�<h\x86��\x83\xD2և\xDD\xD3\xFA\xE1r�1�|Zfe\xF9u\xB9\xCAV\xDB\xFC\xEB�\x89\xFF\xB3}1\x91J\xF2(�e\xEC'h\x92I��\xC3p"\xABT1,1s\xE6�%\x95�\xB6XΣhn\x8E�3\x9Cc\x9D`\xA1X
-\xC9tg\x92\xEFa\x92\x97K\x9EZnƆ#r`\xF7��\xEA2\xF3\xB6\xEDߙf\xEB|\x93�\xCA�\x9A\x9C:!iz\x83~\x8Dm\xDA�i�g�$\x8A\xF7yc\xB4�\xAC\x8D�\xC7}\xE0T�k"�!n?G\xD3¦�\xCCł\x9BM\xFF(Df7\xC9A3\xFA\xFCG\x9B.\xB8\xF3\x93�\xC8\xF6\xF9\xBC\xC5j6wlRi�
-<X\xCC{^�v\xDA\xF7<ʆѾ\xAEag?\xE9f\xFD\xD8\xF86/\x8BOy\x99\x80\xB3\x8D�\x8C\xCF\xCFȣ\xC63\xEA�]D\x82Gs՟�\xF9\x9AT\x89=D\xABt\xE8k\xF8�&~\x80\xAC╞\xCCb\x90��\x8F\xAE\xD3�\xC0\xA0��\xE7B\xF8ָP_`Dž\x8C\x8B\xA6\xB09�\x95\xF6=\xF4{\xFD\xEA8� '�{~\xFD\xFDާ\xE1X�s~\xCE\xFB:\xB0�\xEFs(J*\xEB'\xC7|O#gᑄlF\xC93
-8\xD4X\x81An\x94\x84\xB1\xD0�
-\xEE\x8C�\x92\xB9\xB5c\x89s�\xF0�,\x97��\xEC\xB2�\x97<0\xB9�\x83\xB5=8\xE3!:\xAB^\xA9as\x9C\xBCj陎K
-=\xEC\xB2u\xEE\xC4\xD0:��\xB7\xD4q,�\xC1�\xD5]\xA8
-\xEBG;0\xEC{�d =×¹\xF9\xC7\xF5G\xE4\xC1\xF8\xB8\x94\xF8\x80\xEE\xB1oZ|\x88\x82�\x8Enk\xEAG\x876\xB7�\xB8\xB3\x875\xF7QI\xBC�\x9B\xE3�~쑤\x92�Çn\x88G(\x81�;\xDEtE�t\x91\xA4\x8E \x96O�\xBB-\xC7\xFAF\xE4\xD3*+x�2\x83$A3\xACM\xA4\xDD\xCD|*E`a\x9AJ'\xFC�;\xF2�Y|\x957\xEE��\x87\xBEt�\x8D�\xA6\xB1\x91\xA2\x92Y\xA4킶\x87}e�\xBD\x91\x96\xF6Ћ/!\xA8ê—†>0\xE91\xF4\xE5_\xC0\xA4UVRoW\xAA\xE90\xA4�\xB0u�0:�b\xB79ÌŽ',\x99�y\xCCÕ¹�+Hz\x95\xDBÕ·\x99\x9D\x83/�\xDA \xC3 ,N\xA3~�\x87\xC1\xF7d\xB2\xFFS\x81/�\xE0\xD7(\x92g�\xBF�;�\xF8�E\x8A\x96\xED7�\xFE\xBC�>\xF0G
-L�~O�
-|\xD8i\xEC\xBE/\xC4\xF1h \x9D\xC5�\xEC]\x80\xE3\xC3!�\x92\xEA Y\x9A\xF1\xE0\xA3
-p\x84P\x80�14\xF4L1N#vb�;|\x8C�_\xF2\xA5�\xB5�g\xC2\xF9t\xB4\xFB�\x97\S���6\xBE\xB1i|\x8B+Kb\xD0\xE1\xE2�\xDB6\xBE\x91\xCD$\xA7\x82�vSY�[�\xF6#Һ,ݨ\xB0\x85\xBC\x90\xE85
-\xBF!\xC4\xCE
-u\xC2\xFEU�\xAC\xDF�\xA5Y�\xA6R\xE3\xC0�5go\xF3\xD8�\x92bǤpv\xDFS\x8D[��M\x92M\xAA\xC2D\xB3y\xAEQaì‹¿$ =G5XÑ\xE57QMÔ¡��\xB9�\xF48�$\x95\xF1\xDC<\xA9\xE0\xD4l%
-@\x8ET�\x98�w��\xB5=\xB1��\xE1\xA9�\x95�\x83h\xEEK\xEE�C:tc\x8A\xF9\xD3t\xC3�\xC7�\xFAܤe\xA8�%\xBBl\x83c�\xD9\xC6<bp\xCF\xF3
-
-\x8B\xF8\xB9t\xB6�\x9B\xE1�\x8729\xFF>[\xE5'\xABT\xF3r}\x95j$w\xBAJ\xD5�|SQ\x82\x98\xEF\x88�z\xE7 \xE3\xE3\x8D[\x8E\x87\x83\xAD\xAD\x98\x9B\x94\xFC9\xB7\xE9ك\xCD\xE3f+\xE8"�-\x81EΘ\xAE�;m:\x8F\xEA\x99n\x90\xFF\xF7\xEF4Hߡv\xB1�\xA34Ug\xB4s\xA8\xB1v}�',\x8C�\x96\xF4ջ\xCB\xDBfҮ>\xAB\x9F\xB7\xAE�\x87\xACr\xB5Y*R\xD9\xD48+�sV\xD7I(�q\xAE\xACڅ\xCDXݡ\xEC\xB5դ\xCB� A�\xC5\xCFHv\xA8\xB1\xE4\xBEEu�g8\xA6\xFA\xA2\xFF_�e3v��LY\x9E\xAB\x98ta3vs(T~S�\x9A\xED\xC9@\x9F\x97\xEB�}$w:\xD0{\x82\xAFQp\xFE
-\x863ŌӦᩆ\xB3\xAB:\x97[ua\xA7M\xE3Q\xDE4\xC8\xE0S\x87\xF9(�I\xD2M\xA3G
-\xA6,\xE4J\xCB3
-:\xD4X\xC1\xBE
-\xE1-�\xD1@\xC3i�>�t
-\x85\x87`T\x8CN\xB1>\xE3\xF8^{C\xCEϢs[N�5cm�r\xD7"\x87\xF1\xBD\x88\xD2X\xFF\xD4\xF3R�h$u�\xBC�rw\x91\xF4ľ/\x9A\xA72\xC3
-\x83 \xA7\x83i\x9B\xDB#\xE6\x92Z&:\xA7YslS\xC1m\xDD\xDAW\xED6k]\xCBv\xF9+2�\x82\x86�\xFE\xFE \x9AE\xB5*�k\xF7\xE4\xBF*\xAAc~2<ƨ�\xA9\xC7U\x96�\x8Aj\xFD\xE6\xDD\xCF�\xA9�$\xBE�n��7q\x8E\xB8\xD7\xC3z�\x95�'\xA4B\x86\x94j\xE6\xF6\xAC\xF0\xCD\xCD\xED\x84D�.̔Ky\xB6\x85۷\x8F"\x8B\xE3U\\xB7^\xE2
-2t�{rOq\xF5\x98\xE1\xA8ǫa3\xE6Lᅃ\x8AQ\xCC\xCE\xD1g�6\xE3\xB5�e\xAF\xCB�\xFB\xC6\xDE�L�\xBD\xE6e\xFB\xA3\xD7H\xF6\xF4ѫ'\xFC\xBD\xAF\xC3\xFA\xA5,\x8B\xA6\xED_\xBA[\x9F\x89T\x95%a\x9A\xA4\xC9\xFF\x94\xAB\xBA5\x83i\x93\xD9+s=u\xFCኳ\x87M\xC1N/
-$%B\xF2s\xBC\xDDA\x9D^��2\xB5\xC0\xAC,\xD6\xF6FØœ\x8B\xEB\xEAk\xBD\xD9\xCC\xD5\xFF�P\xAA\xF0\xD7X\xDFY\xFF\xC7dK\xC4R\xCF\xCEσF\xF3\xEBG��Ì„Vio\x82Wæªj\x{1EE1BF}.\x9Ac\xE7\xFBÛ»\xBB\xABw\xD4>Zð�#Öš\xF0\x85��kҹºj\x9A|em5\xC91���\xE9ࢀ\xAE5\xDD�\xFE\xE0\xF8\xF4\xE0w\x9CÖ¿���\xEF[\x95\xBFz{Í›i\xBEQ\xC7#\xD6p\xFC|\x83n\xB8\xC1[\xAD\xE7\xDCÕ„\xDB�\xD1
-4\xB3w\xAF\xE1\xA9\xDF\xCBA\xE2\x8E?r\x9BXG\xF8o\xA7\xFFÝ¿\xA5;\xFE\xC4�\xFCK&ɉ\x9C^\xB2�\xBC/\x8D\x9DRh�·\x9A\xFB�ÝU\xFF/\x9D�Ý—endstream
-endobj
-1329 0 obj <<
-/Type /Page
-/Contents 1330 0 R
-/Resources 1328 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1287 0 R
->> endobj
-1331 0 obj <<
-/D [1329 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1328 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F48 1238 0 R /F55 1321 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1334 0 obj <<
-/Length 4157
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDD[[\x93㶕~\x9F_\xD1\xE5Úª\xA8\xABF4\xAE�\x98y�;\xE3\xD9N\xB2\xE3\xECL\xC7.\xC7vmQ�[b\x8DDvDjÚT\xFE\xFB\x9E\x83�\x80�Aݽ\xBBo[\xFD �8\xC4\xE5\\xBFs\xC0\xE6W�\xFE\xF8\x95γ\xBC�Å•)T\xA6�\xD7W\xEB\xC3+v\xB5\x85\xB1\x{1EFE27}Y�\xA2\xE5\x98\xEA\x9B\xDBW_'\xCDU\x91�\xB9ȯn\xEFFsÙŒY˯n7?/d&\xB3k\x98\x81->\xBC\xFD\x8Fw\xD7K\xA1\xD9\xE2Ó»\x8F\xD7Z/~\x80�\xF7\xFC\xFD_\xDE}|{m\xD4\xE2\xF6\xE6\xFB�\x9F\xAE\x97\x86�j\xF1\x{DFFF}\xFD\xCBm\xA0x~\x8Eo\xBF\xFF\xF0\xDD\xCD\xFB\xBF�\xF3\\xFFz\xFB\xC7W\xEFn\xE3)\xC6'\xE5L\xE2�\xFE\xFE\xEA\xE7_\xD9\xD5��\xFC\xC7W,\x93\x85\xD5W�\xF0\xC02^�\xE2\xEA\xF0Ji\x99i%e\xE8Ù¿\xFA\xF4\xEA?ã„£Q\xF7j\x8As0\x9C\xE5\xDC^-\xA5\xCA,,\x9F$29\xD2�h\xE8"Ë¥\x90\x91\xBDÊŽ\xD8ky\xA6\x8BB_E*do\xDF\xD5\xDB\xE5\xBE\xEE\xFA\xF9q\xB9Ô°-c\xAFÆ“\x9E-�\xA9\xCE\xD7�b\xB46WpHS\xF0\xE9\xE2\xC6u\x97"\x97\x8B~WQ\xA3)�UG\xCD\xF6�Å¢\xDC\xEF\xA9\xE3\xF6\xD3\xCD{j}\xAE�=\xD1\xFAt<^s\xBB\xA8\x9A~\xFF\xE8\xBB\xDA\xE6�\xC6\xC4\xF6D��\xEA\xBDk\x8F4Ý©\xF3K\xAD�\xF1Ì°Q>Ú¨0EƵPp<\xDC!ng\xE3\xC9\xC6\xE7qb\x89TuC3V\xE5zG\xAD/u\xF5p]\x88E\x86\xEF\xA2\xF4\xE0\xD4"\xD7\xC00\x9E�Z�\xF7Ú;4\xE8Þž\xF8 \xADU\xDB\xEF\xA8\xD5\xF5e_\xAF\xE1\xEC\x8F\xF4\x9C8�\xF4zF@\xABl|\xD7\xE6�6]\xAF\xE9\xE1\xF6O\xEF~\xC2},\x9Bj\xDB\xF6uÙ_\xCC\xE62�\x8Ad\xB8ÉŒP\xFC�m�Q=\xA1m\x81*jÛ¦\xDAW}EL\xD5z\xF4Jn3\xA1�\xF7L\x85�"\xF7�2R*\x93RZO\xF7sb&p�\xDChO\xE0d\x91\x90\xB4\xCC
-\xB4c"\xFAu\xCE�!�\xEC[\x98\xA7\x99�\xA9ι1\xD1�!\x8A\xCC0�\x9D\xB0\xE3�\xC4 \xD0�\xBD(\xF1G-\xB6\x{157AA1}\x9E\xB4\xEC\x80�8C�wN�\xDA�=y�R\x8B\xAE:~\xA9\x8E\xE8\xC7\xC0\xEBI\xAD�\xBF0\xCDnwuGt\x9B�,Ì©%�y\xC6mn\xA6jÙ´^�\xCB\xFB\xFB\xA0}}\xFB?\xD1Jo\xA8A\xCD`y~I\xD5r\xA33\xCBuñ´ª\xA9.\xABZ\xA4\xC2S\x94\x9B\xCD?\xDA&\xA5f\xCAdV0\xE3�?�M\xE6�yYk\x8A'tLg\x851\xB9'X\xEFË®KL�\xEE\xD1\xE6Z\xBFt\x9AAU\xA7\x9B\x99\xAAꯉi@\xAD
-)\x82M\x80X\xEEj�
-�\xABm欗 \xF5\xDC2\xFD4\xEF#\xD59\xF3g\x9E\x90g9\x86\xA8 \xF7\xDFn@�$g\xA8\xD6\xF8㸼\x94\xACX<\xEC\xEA}E\x9DNa\xB1\xE1�ֵQK\xF1\xF7xm�\xA7\xA6\xA9\xAF\xF9\xA2\xD9z7*\x84͸Rj\xEEFI\xB3
-�\xFBp ?\x98\xE7�\xD2È¿\x9Fjjx�\\xF3\xDC�p\xE0\xB0\xD6\xD1c\x80~\xB7�`v�K\xDCw\x97\xF0\xFF�"\xBAPAl\xED\xBD\xE33-\xD0\xD2ò«Šž\xBB\xAA\xA7��8\x97,\xA8namP\xB3\xC7\xE4Z$Ú \xAFh\xD2 dn\xC39\xB4�+\x8A\xCE�\xCB\xF3KZ0\x9B�d\d��k\xC2Ï®?\xD6\xCD�6m at 2\xF7ÕºF�w\xA6m\xF8\xC2�\xD3x\xD9a\xC7\xC0s\x83\x81\xAC\xF1\xDDN$c:\xD2 \xEC�|F\xE9\xD9�\xC3}\xF5[�\xDE({\xEA{hO{?q넸\xA9\x9B\xF2X;\xDF�\xC3+\xC7�8\xAB\xDF=\xF9\xD4\xFB}\xB9�~\xA8\xF6\xA7V\x93\xE8!\xC0\xFC#\xCB]\x80ÏS ��V1F\xDB\xC8yr\x9ALd9S\xE84A0\x85)\x86X.U<�\xA8\xEDp@\xECwz
-\xBF]\xF9\xA5\x82\xC1\x8D\xEF\xF5\xA3h&\xB2X\xE0\x9B\xFB0�ha\xC0��!s[dZ�\xC1�\xEC\xCAn\x978\xE6\xD4gd\xCD?R�$\xA2 c^\xA3j \xB0ЊL&\xB1\xB6\xCC\xC1-F\x8E�KOg5\x99@\xA4\xEC\xC1Q79\xE2\xFA\xF8x߷\xDBcy\xBFC\x90\x82#a�PH�\xAE\\xD8Y@\xDAVMu\xF4ᯰ\xE3\xA8�O\xA4`\xD0p`\xC1\xB5�p��
-hl \xA0{\xF1\xE3\xAEjR\x80\x80\xB1\xCC\xE4\xD6>�\xFD\x8A\x9C\x8FO\x87Kx'ӗG\xD8\xE7\xEB\x91\xC3\xC1 Vl?\xD4�\xCEB\xCBy\x88\xC2,\xF6m\xB9 g\xAB�r�\xE0\xEB \xF1�\xC9\xCCT\xBB\xFB �ݑf!\xD8i\xDBk�\xA8}\xC0\xF6֤\xC9�w\xF3· j
-\xF8\x9BM0\x9Du\xD9P\xE3\xBE:v�\x9E\x96w=\xFAiפ\x9Fѹ\xB3h\x8E�\xBB\xA8\xFD\xA2]y\xB8ߧ\x9C\xAF\xD6YnXpZ\x93\xB8=a\xBCâ™\xA0�\xC1\xB9�\xBF\x83\xC7\xF0\x9E\x82\xCE��Y
-�O��\x97&SV�\xE5\xAF~s\xFB�WpH\xAC=\x85\xA6};[bSݕ\xA7}?\x88\xE6\xF7\x89�A\xBB\xC1s r\x9Dr\xE8\xDF�aa�
-\x8E\xCD��%g,\xF2\xC6=\x8C7\xEC:~\xF7O\xFA\xED�\xEF=ɡ\xEC@^o\xE8\xE1\xCE\xC5]l}5z5۬\xBE\xF2�\xFFz\xF3\xBBT\x90\xF0{\xF1{\xB6nK�(?\xB4}5c\xC3\xEAX\xAE?W\xFD<#\xE9\xAAC\xBD\\xB7\xFB֫TI�|j\x92\x92J)\xB5\xA7\x83�\xF1$\x98\xD4\e�l\xE5i09\xA6\xBA�&#�\x9E�R\x96\xFF\xD7`r\x92\xF8@\x80,
-%\x9F\xE6f\xA4:g\xE74� \x83
-\xA3\xF3)?C\xE2#\x99uq�pa@\x886"D\xE8\xEC!R\xEE|;\x82D q1�\xFA�HD\x84\xB8TV/\xBEo�� \x89wwn�tw�\xBB!uT\xDAʩS\x9D:\xC1\xF6Xo�g\xC4�g\xE4�\xBF\xD4e
-<r`\xBB\x88Î\xCCÕ¿y\xC1\x95\xE5*\xE3E\xC4 \xD1×®\xA2;A\xF6� \xC6[I𤇲\xEFC~G\xB1���S\xCCN�\xCB[8\xBDM\x98\x92\xB4|\xE1!\x8A\xE3\xB3%\xB4\x86\xB43ÌŒ\x81Lq\xB9\xE8\xEAf]�\x85+\xC6\xE0+\xE8O
-\xE4\x82aR\xF0\xC25�/\xB0E\xC8�\xA8\xA2\xD0,\x8B\x8B\x94'�n0\x8DtgD2\xF7\xE6�\xCCQ\xE4߀(\xFA�\xE3\xA5�\xB0\x8BmS\xF6\xA7�\xCEK�"�\x8CR\xB7��\xF4;\x97�\xBD%=v\xBBrHPq\xAAjM\xCF=\x86K\x99{_\xE5&�\x94���\xCB\xE1\xB7ii\xF8\xA1|\xA4\x8E\xDEwܓ/\xFBRo\xFC�aGr\xB4�\x8D\xB4n\xEE\xB0\xED&�^\x89\x83�\xFAi\xE3z\xB1\xBEF\xC8=s\x85\xD0O\x88�s�\xA6|� z\x870�3\xEC\xDBu|A\xF9\xF2�4\xD2 �\xEC�0\xDBT\x87�\xC0�\xA03\xCBGI\xE6|cj\x80:Ю\xBBD�\xB4&\x93:h\xFE\xD7U\xBF\xFE��\xBB\x84\xC0\xAD\x84$4��\xA0:uWX\xB6P\xF9TUV'<\xB7*�\xC1\x98\xCA=� (LE\xDD#vDx�\xDD\xC1䦉��xQ\xA8b\xE0\xD8�_�\x96)�a\xCB2\xC5/pyJEWKYbF\xD8\xF0\xE6n\x98\xFCB\xC4SC>\x80\xED`\xFDT\x9E\x81\x8E;\x8C\xA0\xAF�\xC2t\xD8\xD1欘r\xE8\x92Pe\xA6\x8C�\x9B$x
-8�\xF8\x87��[\xFB\xB6\xFDL\xADdBeT\xA6s\xAE\xCFD\x8Ae\xAAd\xE6lX\x8C\x85�$\xDA#M\xFE \x96S\xA1\xB78_"\x87t[\xAA\xF0R\xF7ء\xBAl\xEAcʵ
-\xCCق"?\x94�M\xBE\xA9\x90\x97\x8Ds8n-\xAC\xB2a\x8B\�4\xBE\xB9\xF9\xF0\x87!�\xC95\x9FA\xEFթv��\xDD�\xCE*\xECy\xF9�\xC1 F"&\x86�]\xCD�
-\xB9Rrdg�\xF8\xA4�\xC0\x95\xDCD>yE\xF0\xCE���\xA7Eнz\xA4\xDF!&&����`\xC4+\xB8\xFE�y\xB9uEGx{Y&\xF6���\�+\xA4\xC3#K\xBB\xF5\xB1^Q\x92�\3 ,\x84\x9E)]}V~*@@\xD6(\x80\xF3"S\x9C\xEE\x82h츽\xA2\xC6\xC7�\xD0�\xE4\xCB1\xFD9\xCE8\x9B��\xFFT\xAD�\x93\xCF3�9\xBB\xE5 x¸\xCC'\xBB9\xBF\xE5�T\xCFl\xE2|\xB6Q\xDD �\xCEs\xC5Se\x83\xDC\xF9\xE7���\xE9/>\xB0\xAF�\x83\xE7!�\xA8b\xAD W�Z\xB1\xF2[�\xEA}y\xF4\xAF\xB7DH� {Ú»\x94#\xD3`\xBF\xB0Ù—�D\x8AQ\xBD \xB2j\xE7yq\xFA=\xACN!�W\xC7\xC8\xE5\x97%P\xE6Ny:zm�\xDF(\xE7&\x86\xD5\xE5\xEA Ø {\xFDT\xB5�\x92\xB1\x82\xF1\x89WM\xD5\xCD$\xAE\xC0Ç¡c\x9ExB�\x895\xBF\xB4�rH�\x981/\x9D\xC4Ã\xC4^�\x84\xD7"\xD6�\x9BM\xCA6\x8BL�1Z \xE4ÚŸ6)\xF0(s\x84\x9B!
-�<s\xC5~W��7\\xC3�]�\x94�\xDA\xC0\xE0���hA\xB6Ñ®\xF1~\xC1\xA3I8\xB4\xC5\xFA\xD2Ä)P\xD9|
-k\xAC WP6'L\x84\xBFDj<;\xFC\xA8�\xA8\xD8\xDA\xD5\xEE\x9E\xCC:�?R\xE7\xB07x8Te\xE3\xA7�\x93\xAE\xC2\xF2�ʡ\xA3\xE5\x85G?@\xE9k\x84�c�\xA1\xAB�\xE1�c& �\xA1\x929Ҍ\x97�\x882�� \x880/i\xD8h\xB3I\xE9\xE9"\xD7\xCFk\xA5Ʉ\x8CR\x8E\x9B\xC3\xF2\x8F\xC4J�5\xFA��\xB2\xA2G\xC8�O]\xD5\xFD>\xE9\xD1M\xC6\xF3X\xF9\xF7�pyQ�s�@\xECi\x8D\x86\xD8\xC7g\xF3]�R"\xD3F\xE8\x91? 8\x9A\xD6n�<ñì\xF7\xED\xB1OM\xAB\xC0\x99G0\x9A\xA5\ \xE0\x9B\x88�\xC2l޳@(\xC8
-Þ™O\x8AÚ—\xF8\x81�sE,\x99\xF7\xE5g\x97Z@\xD2S\xD2Ï®u\xC5/.C\x81\x91\x8B\x85\xC3\xD2H\xB2\xD9\xF8l$\xBC\xE3�\xB7'/Q\xECq\x89�4\x88\xF0\xDE\xD3{u\xE4\xE1\xE6�\x93,\x9F*\xE1�>\x89\x80^_.\x84\xD6\xCAÓk\xEE\xCB5\x85}x\xAC\xEF\xFC\xEE\xDAT\xC9)\x9Cn‹ew�\xAB�\xCC\xCEo4\xB4\xF2\xC0S\x8FS\x9D
-\x8D�E\xB8y\xD4j\\x94\xD3\xEE2 %;�\xA0�\x9C\xBBx\x99\x86\x81eV\xCCģUXS�\xB1@\xCBY\xBC\xA6\xDC �\xE9\x9A�\x9F\xFD�\xEA޿;�\x93\xCF)�\xA8\xB2\xCD!Ә�$\xF7\xA6\xD1c\xF4\x88\x8F�j�\xBC\xB3Mh&p\ƈq!\xAA�\x99T\xE6\xCC�\xA4\x98\xA5 (pi_h7&\xD3B\x86\xB5\x87\x94Ɵ\xC2\xDFŀ$\xF1u\xEAj\xE9\x97\r\xAA\xB6�[5\xF1\x86\xE0r
-�Z�\xD7݅{�\x8D\xCA\xDA �\xA3�\xA7\xAA\xF0\xDB\xF8�\xB7\x94�\xA2\xAB\x9Ei\xA7ߜf1\xE3 w\xE2X\x9Cif%\xC3I�\xD8_?\xB9"δx\x92\xAC\xDBX\x95\xB1\xA1\\xF6T\xEC\xE6y\xF4\xECSia\xB4TT�>\xC3u�"|\xFE\x9Cj at z\xAB�\xE1\xC1ʨ\x86�=\x96\xF4Cz�
-\x95\xDES\xC0/\x84�\x97�\x88\xF4\xA7.�TUh\xFB�\xD9�<( \xE5Mn\xF1\xA1\x8AC\xB7\x85V\xC62Ι��,�\xD1&.^\xAC0\xE0\x9F�\xDDs*V,nz\xD8\xEE�\xDC\xDEo!\xD5 at Fή\x81\xC3\xC51\xB8'\xB7-Lc9'�\xEC/cη�\xD9(c9N$\x86\xB1\x84H\xDCj\xA9\x8CXcÍ“\xE9\xFF\xCD�\xE3R�\xDCg�\xB0y\xD8Ѓ\x875\x89J.\xC8/\xB7\xC5Ó®Fp`}\xAC���ݵx\xC3\xED\xA0:\xA7\xCC1\xDE\xD5s\xD2'|Æ\xBF�)\xB1�#\xB0\xB3j\x95\xC7q\xC2.�'�%\x85/\xA8�W\xD6ÅŸ/\xE5\xBE\xDEPs\xD3�Jg\x8F at ES\xFB\x82Y{\xDA\xA9*\xFF�\xE12\x9CoÝŸ|Qv\xB4Ê®\x86�\xD81h\xBDC\x99\xBF\xA1BX\xBF;\xB9�BÊ°\x8Fx\xA9
-/\xEF\xEB\xCFU
-�\xFE"\x84J\xB0Ye\x85\xE5rf%\x93$�&ax\x8B/\xC0\xA1\xB9 \xF2\x82o��^\xFC\xDB\xF4\x97\x81\xCB8\xE3r<\xE5\xF9e�\xE7΅\xD9a\xE5'\xD4x\xF2�\x81;뤮T\xD2c�\x98"!\xF9rUڟ�迟\xF5g\xAC�<\xE1\xCF`�\x82\xBB\xE8\xCE�Z\xEAy
-\xE8\xC2T\xB9\x8AP\xA0\xDCo\xDB#\xF8\x9B\xD4m�\xA4\xE1\x92G\xA3\xBA\x98mI�\xD3CLj\xAATH�98�!F�_ 7~\xA4�\x8AQq\xF0
-+\xDB\xE4\xB9'*\x95\xA8\xEA\xE5\x8B\xFB\xF2\xD89\xA4\xA7\xF2\x80\xEF\xA0U\xAE\xD7\xD5}\xEF\xDB\xCD#5\xA2\xDA*M`D\x85\xF4J\xE5s\xB4\xA9|�\x86#\x819h�ʜ}% $\x94\x94O\xE6\xF3\x8B%\xEA\xD2/\xB1\x8Cݡ\/��\x9D\x96\xC7\xE8\x92̫\x9Ef\x83\xFC\xE9\xBCx\xB5�\x89�\xDD\xE6�\xAD\xF37\x88\xA3\x9Cs\x84�\xFC%\xF4\xAA\xEC\xAAe\xEE'\xAD\x9Au�ol"\xFF\x90\xB8K\x95zG \xE1\xE3w\xDF\x{2BC5D72}>\xBC#,d\xE2E\xC1\xDDBsH˟\xC87\x8A\\xEA\x84AH6d\xE2�y\xAA\x92\xBA)\xC2\xC3\xF3�\x87B\xFF\xA9\xA3\xC3\xC9K\xE1\x8D� \x9FM\xFCT䂉\x82\xEB(\xB4L\xEF\xC8g\xED\xC3^\xA6��2�n�\xD83\xC1
-+
-hJ\xC5�\xF32 \x8E#\x8Fei�\xB8���.\xE1��\xFCb\xE0�̧j\xD8A9�\xB6\q�I\x86T
-?��\xF2"D\xB3X\xFC0/ \x85\xD6�\x90w�
-`1\xA7\xD7\xD8p~
-�O&\xF0\x80\xB0X̼.\xBAQ\xCB\xD4\xD3\xF5\xA3\xA5�ÆšYI\xEDB\xA6\x802\xE7\xC5È\xE5\x96_\xE0�(l>d �P�D8�\xA7\xA3\xC3\xC2\xC1AI\x9C\xB1]Ó…\xA3\xBB\x8F5\xA1\xAE
-/&\xE3K\x9EÃ�\xB5\xAE\xA7\xA5\x8E\x95\x87 at -\xF6\xF8�\xBEQ\xE3\xBBH\xB4�7Hw\x91nJ_\xF1\x813¡m\xBA0 \x84\xAFg\x9F-\(>�\xB0\xA8\x98\xBB]`/\xA0.ÉŠbÆ\xC9w5\xE1\xE2Ƀ\xF4\xF17\xB6Ȳ\xBB\xC7Y\xA23Zi
-\xE2!@Y\xFD\xEC\xBD�\xF8\x9C\xB3\xFC\x8Cn\x9D|~6\xDA\xC0Y\x925\xB6yJz�d\x9A\xD2\xD5\xFAG\x85\xB1\xB7\x93�}ÈŸ\xD7M}p�\xB8\x97>\xEA\x887�c\xB7\xEE\xC9Ú»\xD4\xC74\xCC\xD56\xC0m\xF1\xA8\x96\xEE#�\xE4\xC0ŧ\xBA\xED\x86\xCF/&r�\xF0�}��\xC2\xD7WoR�p\xC0�Wa\x92\xC9l_\xAD\xE5\xC7Ç•\xD0\xCD\xCD\xFB�N+\xF9CS~\xFB\xCDa%o\xB6?}\xFA\xA6\xFF\xE9G\xB5\xFD\xA9\xF9\x81ݼ绿\xBD\xFF\xEB\xF6o\x87\xE2\xF1\xE6\xFD\xBB\xEDF�8\xF6'\xBF$\xD8of\x95\xE4Ó™\xFF\xF5\xE6\xD2?\xA2H\x9D\xE1\x8F$.,X\xDC\xE4\xFF\xF9\x9FT\x86\xFF\xDDAPe\xAD\xB8𙇱\xF81\x95�\x9BÂsq\xB6s\xCE2!�\xA5\x9Eo\xFD\xBF�\xDB0:|endstream
-endobj
-1333 0 obj <<
-/Type /Page
-/Contents 1334 0 R
-/Resources 1332 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1337 0 R
-/Annots [ 1336 0 R ]
->> endobj
-1336 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [91.7912 411.2559 148.0099 420.4713]
-/Subtype /Link
-/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
->> endobj
-1335 0 obj <<
-/D [1333 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1332 0 obj <<
-/Font << /F37 1026 0 R /F48 1238 0 R /F22 961 0 R /F21 938 0 R /F55 1321 0 R /F53 1313 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1341 0 obj <<
-/Length 1558
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDDXKo\xDBF�\xBE\xEBW\xF0Ѓ�\x84\xEB}?\x9A\x93�8\x89�\xD4Im\xA5(\x90��#\xD2��\x8AtE:\xAEQ\xE4\xBFw\x96\xB3\xA4(\x8An\xDC\xD4(\x82B�\xEDcfvv\xE6\x9BǒE�~,\xB2\x8AP\xE1dd\x9C$\x8A2�\xAD63�]\xC1ދ��4qG��\xA9~XΎ\x9E��9\xE24\xD7\xD1\xF2r \xCB�j-\x8B\x96\xE9\xBB\xF9\xB3\x97\xC7o\x96'狘+:�d�+M\xE7g\xC7?\x9E\xE0\xCA�l)5\xFF\xB9\xA3x\xF6\xFA\xEC\xF9鋷\xE7\xC7�#\xE7\xCB\xD3\xD7g\x8B\xD8P'\x81\xF3˼\xAFߜ\xEC\xF8.�f'\xCB\xFE�Û2*\xFC�~\x9F\xBD{O\xA3�.\xFCjF\x89pVE\xB70\xA1\x849ǣ\xCDL*A\x94�\xA2[)f�\xB3\x9Fz\x81\x83ݖu\xCArJX\xA2,7�\xA6\x93l`:Fa,ud\x94#Zpњ\xAE\xBAn\xF2\xAA\xAC�\xB1\xA6t\xFE\xA7\xBFO\xC4�\xB1ָ(f\x8C8\xA5xK\x97f\x97\xC9M\xD1\xC4u\xB6\xFD\x94m\x91\x9CqC(\xFC\xD8Ӗ\x8FNs|\xCC\xEE\xC0t�\xE8\xB7e\xBA\xFA
-\xA6H�\x8F\xCEAW~n7\x8F\x9Es>М�bے,\xD7y\x8D\xCE\xF8\x95R^dOp\x92_\x86\xFF\xB2n\x92\xA2\xC8R\x9C&5
-�\x99\x82�G\xC1A\xB4\x95x\x945\xAB#\xAF�YU\xE5\xE5\x84�V�m5�\xE4\xE1\xC0\xDB\xEA\xA6\xE8�)\x8A\xEA�\x87\xCD:\xC3\xC1\xAA\xDAl\x922\xFD~\xE2\xF8\x98Yp\x94\xD5
-F\x868�\xBE\xF3r\xBF�\xA4v@\xAA\x883F\x87\x83\xBD\x8Ah\xFAmVTI:\xA1i��\x82`\xB4XS\x81JF\x81Je\x99\xAD�\x9Ct\x8B\xBD�qz]m�\x81S��p\x8B\xC0\x9F\xDC\xD4Y\xE0^\x87A\x99l¨\x83\xC6P\xF8v\xC1\xEC\xBC\xD5\xD5�\xCD2\xF4\x92\x97\xF9w\xDCU9:\xA4\xA8VI\xB1�2\x84\xCB&Y\xAD\xF32X\xFC6\xC3\xE3p\xB6]\xD8\xF9MY\xE6\xE5U\xD8͛5\x8E.+\xEF\xAE~�\xACҴ\x8CU�p� j\xB2MV6\xF5\x94\xF7\xE8�\xBA^\x85\x96\xBDe݅\x904\xC4rj\xF6��\xF4lF\x81\x83\xF1&\x88\xF3\xC9b\x8F8
-E\xB6\xAD
-\xD6U\xDD<\xC5\xF9g\xFC\x83x\xAA\xF7\xE8vQ\x86d!\xDA�#F\xB0�l\xE8{�V
-\xFE\xAF\x93�\xF3e\xD8H\xC1P\xB9\xF7O;\xC5p��\xB13\xFAv*�-%\x9Cs6�\xF8(\xA7
-&\x896�|JQ"\x99\xB6�ɪ\x9C8\x83ɜ�\xF7�\xE3\xA1\xC8Ä) \x864�iO\xE5U\xF4\xF7;4Z�mx
-���WD+f\xF7\xA3\xFC\xBC�\xA53-\xC2Q\xDA\xF0`e\xC1(B
-\x8C�\xFB\xC4t\x95\x95�GkA\xB8\xB12�_#\x92\xAF\xB6\xC9�O\xB8\xCD�\xEF�\xA7=P?ee��)\xEEpo\x85\xF1�~B\x8Ad\xCAC\xA0�\xD3Z�\x94\xB9/K*M\x8C��%&g<\xC8;\xBF=ᮺ\x81D \xA8\xF3\xF0a\xF3�\xB7\x93\xA2\xAE\xD0dBh"9�EN\x9A\xD7\xD7E\xE2\x95f<$�&\xE0>[Կ\xBE\xAE\xCAԛ\xF4В\x8Ci\x80rg\xC9>T�u\x87�\xAA\x85\xEB�\x87\xD8m\x8FL�<�\xF4ǥ2k��,\xB5\xA9�V\x92t\xB70aF f��\xA0|\x9F\xF6\xD2{\xCD�\xDDc\xA95\xD1q\xD1d\xDB2i\xF2O�x\x8F1�U�-�\xFE\x97\xDC\xC8}\x8B\xA1\x9E>\xB9ua\x8A\xE9p
-l\x8A�Χ\xB0\xD6\xF2\xC5Ʉ\x8A�\xEA!\xED=\xDDZ\xC0G|�b\xFD\xE6:\xA4\x88 C\xF8Ԩ\x9D�\xC2i:\xA4 \xE8�cb\x8C\xA66\xF3\x84�TV\xE1\xC0M\x95\xE6\x97w�\xA7YH\xB4\x8E\xAB\x87\x98]s\xC2}\xB4#i\xD2\xF4\x95\x9D\xF4F\xEB-�uVRF\x84� \xB1P\x841\xAA[6\xDFB\xF2E�\xFD�\xB4\x8E\xF9U\x99L\x82ͧX \xBD�\x93ؾf\xDB&\xC9[{\xB3\xF9۳\xD3_pT�~\x98\xF0\xBE\xF4\xC2z\xE80XW<=iW<\xFDv\x85�M\xF2\xB1۽\xCEV\xB97\xE0
-\xE7ɪ\xED\xF9\x9E ]R\xE3j\x9Aիm\xFE�\xFB&(\xD4\xE5贽\xAA\xE9\xC5(22\xD5\xF8-\xD7Y�<5\xB8\xC2 \x8A�\xBAݾ8\xDC\xD4}5\x9EΈ�P*\xFB8\xFE\xE8s\xDAD�\x86>XP\xD9�{\xDB\x91q=a\x90\xFD\x8D\x82\x97�\xE4�"\xA9P�\xA9'\xA2m\xE8ը\xA2|�W\xA7\xC8\xC0l\xF7j\x80|�d\x85a\xC71*i\xFD\xA5 \x97\x8EHiE_\xD2\xF6\xED�wfB\xF2H2�O�\x89-\xCC\xC5鋗oߌ
-\xC5)\xA4,�\xE5k(\xF2ß©Ù‹\x9CPs\xE8I�ב\xBE\xC1\xDASó™z\xD4f\xEF\xA0O\xFBD�\xCAZ:\x95\x87\xBD@'\xCDWd\x84.\xEB\xECzÚ‘*i�A\x91\xD4\xD9�\xE4�\[j%�Ñ’\xC2 b\xA8\x81\xAEq\xF72\xFC\xFF\x80X8\x9F\xB7\xE1\xAD\xFA��\xC33N[\xC6;�/O\xCE\xBC�\xC5C\x99\x8F\x85\xE2C=\xA7Q<\xD4\xF3\xC1(^�Y\x971\xFB\x82\xDAa0\xFB#o\xEE\x87\xD9\xE3]\xF5\x9B\x83�{T\x98\xC13\xDCH\xF6�\x94 k\xA1C2\xBAC\xD9\xE9\xD9\xF2~\x90\xED$>�\xC6\xC6JNBlO\xC9\xFF�b\x8Fu\xD1o�a\xCCqB
-\xD3`z��\xB3\xFF\xAD\xED\xE0\x9B�<Y\x89q\xFE\xD1.`d\xE1A3\xF5i\x8EF_�\xFD�\xB8\xFB>
-
-48\xFB\x9E\xC2)(\xBCw\xE0\xBD�AS
-\xB2\xF0\x99\xCF�\xBBO\x86�\xD9@\xF9\xBF \Q�bendstream
-endobj
-1340 0 obj <<
-/Type /Page
-/Contents 1341 0 R
-/Resources 1339 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1337 0 R
->> endobj
-1342 0 obj <<
-/D [1340 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-126 0 obj <<
-/D [1340 0 R /XYZ 85.0394 490.579 null]
->> endobj
-1343 0 obj <<
-/D [1340 0 R /XYZ 85.0394 463.2745 null]
->> endobj
-1344 0 obj <<
-/D [1340 0 R /XYZ 85.0394 433.7571 null]
->> endobj
-1345 0 obj <<
-/D [1340 0 R /XYZ 85.0394 421.802 null]
->> endobj
-1339 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F48 1238 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1348 0 obj <<
-/Length 69
-/Filter /FlateDecode
->>
-stream
-x\xDA3T0 BC�S3=3K#K�sK�=S�CS\x85\xE4\.�\x85t\xA0\x9C;\x97!T\x8D\x89\xA9\xB1\x9E\xA9\x89\xB11\x90\x83EV�.\xADknj\xA9g`fA\x82! \xC2V�\x8Cendstream
-endobj
-1347 0 obj <<
-/Type /Page
-/Contents 1348 0 R
-/Resources 1346 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1337 0 R
->> endobj
-1349 0 obj <<
-/D [1347 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1346 0 obj <<
-/ProcSet [ /PDF ]
->> endobj
-1353 0 obj <<
-/Length 2407
-/Filter /FlateDecode
->>
-stream
-xڥYK\x8F\xDB8�\xBE\xF7\xAF\xF0me Rķ\xB8{\xDA\xCD�\x99�:\xD8t\xEFa03�Z\x92\xBB\x85\xB1%ǒ\x93\xE9\xFC\xFA\xADb\x91\xB2d\xAB\xD3���\xC4�Y,֋U_\xB1\xD9*\x87lU\xA8,�V\xAE\x8C\x95\x99ʙZ\x95\xFB\x9B|\xF5 k�nX\xA0\x91JdJ
-���\xAB\xA9�E\xA6
-nV\xE9\x94\xC9\xEEo^\xBF\xE7l\xC5\xF3Lk\xAEV\xF7\xDB\xF1,mT\xA6�)V\xF7կɛGw�\xEA\xE3:\xE5*O\xE4\xFA\xF7\xFB\x9Fh\x9B\xCCLa�n\xCB\xE1�\x9B\xE5\x92I\xBF\xE1\xDF\xD5WזuE;\xDE\xDE\xDE\xD1\xE0}\xED\x86ӱ\xEEG�LfBj�8h\x93\xE5�$C�2c\xEB\x94\xE5y\x9E\xDCvC\xB3}
-[\xF8\xCAfVs�v�\x91I%\xE9L\x8A�:\xB9\xFDt\xFF\xF1\xFD/4nz\xFC5\x89\xA3\xCF}]>\xBA\xB6\xE9\xF7\xF49<\xBA!\xAC\xEFvݷ>�\xB9\xDE+\x8B\xE3\xBE>~\xAD\x8Faa舸%\x89�\x8B\xBA\x89\xB4;\xF7\xB5\xBE\xDAf\x92nK\x93x\xF4C}\xC1ˡb\xA8
-c\x99U\x8A{U\xBEwm\xFD� \xE4B%\x95�\�\xB4\xB9J>\xB64u\\xB3"\xA9\xFBC\xD7\xF65\xCD 7\xFCu\xA3e\xCFfb\g\x82\x99��A\xDE\xC1:\xD7\xE6\x94,\xD3R\x98@\xB6\xF5\x87t\xFB\xC8\xD7\xFFD\xCB\xE0\x98T\�\x99\xBC‰�-�V\xC8�8\xFC\xD6\xECv4*�\xEBò¹°}�\xA5\xF7n\xC0Q3�\xAD\xD1zM�\xF4��\xA2\x91R��b5�H0�\xF3\x92Ò¹�]h5�\xA1\xD7\xF1w\*OG2Z;\xD0Ä™?|\xB8\xB6z�6n\xE9�<�g\xDAfh\xDC�\xF8\xB8Ë“\x86\xA3k\xFB-\xD9!\x8B\xAE\xE4,c\x85\xA0\xA8|\xDFat\xE4&\xD9w$�}5\xED\xB6;\xEE\xDD\xE0e\xC0 \xB7\xE9N�
-1\x90�ܨ@g.\xCDKn�6�9\xCC�\xD9+b\xE9M\x8D�o��Tu_�\x9B\xC3Y �\xA5\x81b)\x88\xF2\xCC0�Oo\x9F\xBB\x93�\xC8\xC4�D݄\xD3"\xF9ͻ\xFBs\xCA2,\x83\xAB@\x83\xBC\x80\xDC�)\x89�\x8F�+�|\x9E䰑>\x9Dn\xA0�6�\xE4+\xBE(\xCB]]\x9E\x85\xD1�Ϙ\x86�s!Ҙ&\xA7'\xFC \x99\xFEX\x90\x98K%\xA4F\xC6�
-W�6��\xA9Bp\xC2 ]\xB1f\xC9\xE8
-\x9CCöB\xC8I�\x8D\xBA\xE0#m\xB3BB6$\xE3\xBB]ߥ\xCF:
-\xA2I[�\xC3\xE4\xDA9\x901\xC0\xE1h\x89(\xFC\x8F\x9D3Ò§\xD3
-\xD76\xB9\xE6;s�\xAA�\x9Cc\xAED*\xB0Z\xCC�\xBArM\xA0yI\x88�N(\x82ϱEr\xBF�\xFEP\xE9\xB41\xF2/\xA4P#s�\xC8�\x94B\x87\xAE\xECv\xA4\x99\xCFK\xE0\xC2\xFEP\x97\xCDoyΡB\xFA\xCC&\xB4�\xAB�z^�\x9A\x90\x9F>\xBFC�f\xAD\xCE.\xCD2F�\xE3\x99�Ö \xCA_n~\xFD=_U`\x9F\x9Fn\xF2L\xD8B\xAD\xBE\xC1G\x9E��\xBE\xDA\xDF \xAD\xB5JÆ™\xDD\xCD\xDD\xCDG\x8E\x90\xC2
-\x91\xE9\x9C\xE9\xE7yѾ�x\x85!\xEDP�\xAC\xD2(]*8\xE0�1\xF7Ȩ\xECve1\xBF\xC0\xAA\xB06\x93\xB9\xA5;{;\xB1\xB1\xD2\xD2#
-\x96gJ\xF0\xE8\x8AO\xEBT\xB3\xE4�\xFE\xE7É»K\xCB O\xC9 at 4\xA1TÆ\xF2\xB7t\xF5e�WVZ+\x88h2\xF6\xBA\x9Em\xE0'^\xDC\xF3\xD5\xDB�4ZM\x94\x8A\x8C\xD3)g\xAF\x94泤 \x80\xC6H�\xC0ÈŒ�i �a��\x85\xAF%\xF0�\xD5rÍ¡ \xAD\xB9\xC2\xE2\xC0�\x93|_3\xC8 \xFE\xBE�A\xE9Ú°�.4\x8D6\xF5\x84\x859\x97e\x98��I�\x99\xE3\xB8pB\x8F\xBC_\x91]\xB5\x98\x868$5
- fx\xB7\xA7\xE0\xBC\xD0I\xC0\xDDÌ8\x97�n\xF3d\x83\xFC\x9Fè´ªÞ®�T\xCA\xD3n�\xAB}\xDDV\xFD‰)7\xE0t#.\xA2\xFE\xF6\xD3Z\xE6\xC9\xF9\x86\xE9\x8B\xEA�\xB7\x96\x85\xE3\xF7uß» \xA9d\xE2\xCF\xF5\xE5�>j\xFC \x95}�N<^��\xDB"U3\xD0\xEF\xAEs\x95\xB7�d�\xC5Xr\x87�t\xFBÔ´�K\x96\xCA�\xF7\xE6\xFC\xA2�z>\xC1�`\x8D\xB4kw\xC8\xF0\xE9_�ZX\x80\xAD\x85P\x81\x81�I\x94�\x84���\xD7r�pJw\xEA\xEB%9\xA0\xD2Kk^r\x98\xCC
-SD\xF4\xE7\xC3\xC3 at x\xB4\xBB'�\xA1w�\x98+
-"�1f\xBC�\xF9\xA4\xC8,\xDC\xEC��\xA3�\x90\xF9�\x990\x8E\x96\xEF\xE93\x80>�5\xE1w\xE2\x84K\xA4`\xC1.�\xE4\x9B&\x91\xBF\x97\x970�*\xAB\xED*
-{\xFFvÖœ\xA6\xBA�3\xB1\x9E\xB6X\x93N'\xD2q�\xE5�Z\xB1\xD0\xEF\xF0\xD0\xEF\xBC}�W6%e\xFC\xFF�*�\x9F/7?\xE3&m\xE3&?\xF6%�~�\xFD\xEC\xEB\xE1\xB1C b\xF2d뽄kU�\x91\x8E\xB7�P,\xA1\xD4\xC3Ε�\xFD~=\xD2U\xF5\xAE�\xC6Y", \xD6V\xE1�_\xB2&\xC7E\xFF\xC384�~\xBCy"� \xAEY\xD2V\xC4�\xBE!�f\xEDP\x80Ld�_5ÝŽ>�>Ó¨\xDB^t\x991+`Eg\xB9\xAF\xE8\xE3�7\x8C\x90?�C?èŸ\xB0\x82\xDC\xD9\xD7sf\xF3\xC6bZ\xC0C\x9BpQ\xAA9�z\xB1!\x98\xB8\x97%'P?:�>\x89=\x836\xC5m`eG\xDC�\x99�\xD7\xDB�\x92Jr
-�\x83�\xB7��\xA1\xC5/\xF8x#}o\x9B\x9E\x9E\x8B$ͳ"\xB7\xB1\xA0z_?ǘ\xAB\x8C\xC9�o\x88az\xE8vM\xB9\x840�\xD2(S\xD8@]\xEE|�\x9B�\x8B=\xD3j(�\xEDj\xD8\xE5Q\xEF5k\x80cy!\xA3~\xFD\x80rP�\x95\x90 \x8C\xE2v^R\xF6\xD0\xF7]8\x83 \xC6Gp8\xB3\xA1Q\xC4A\xE8\xBC�\xA4\x92pW\xB5\xFC\xAB\xBA\xCB\xCC��uG\xB72_�\x87p\G{@\x85I��\xD8:E\xCDw]\xE9vK\xAA�\xC6/\x8C\x9D\xD4ßœ�q\xFA\x91\xF9\xB5N4\xA2v�G\x9B0s\xA8\x8F\xFBf�0\xD0\xF0Ó§\x84\xD9\xE6?ê Ÿ\x9C��S\x99�\xE81�6\xAD\xAA\xB6_\xEA4\xC0#F�\xA3\xC4\xE4'U\x80=M1\xF7ӷǦ|\xA4� /�\x8AD\xC5߇\xBA\xAD\x8Fn\x887n\xF3\xB4ئb\x93\xCC\xF8uM\x9C\xE3\xAC\xBF#Ô‰9�\xE2\xE88\x9C�!m\xDC\xD5\xF5U�\x92+\xCA\xEB\xF8�!\xB5P/\xF5D\x91>\x9DnXhG\xAE\xF8\xCE{"\x90
-{"\xA8*\xF2J$\xC3\xE1\xB6Ø™D\xD7MQ zI�@\xA9\x90 \xCC\�\xAA�\x98 \xC7��\xFC\xAA\xEA\xC15\xBB\x9En� ?tr.\xE6\xB7kLuBLb�b<9\xF5>\x83\xE1\xFC\xCF\xF5qSS\xA7��\xFB\xE6\xA1E/\xE3*�\xF9\xE5T\xF7CO3��#Ù¦\xA6\x89\xBD\xAB\xC2h\xE4\xCA\xC2;�\xCC\xDD\xFF\xFC\xEE\x97\xD7�\xEE\xEEhzÞ’\xE1\xFA\xE6\x89~\xE1n\xA6KOqT\xEF\x84�I\xDD�\xA4\xC6\xF1r\xE6�\xB3qhb"Ô‚\xAB\x93>@\xF584)��H\xE9בX`Ëž\xDB\xD9{ \xBE\xD9�\xAA\xBABqH\xDFPB[74_k\xC4lx\xFC&\xFC\x82\xD0g\xF96 \xF9$�\xB3\xD0cr\xBB ]y\xAC+È\xCDb\xC2A�@Ff\xE6vq�5^\x9C\x91)\xA6\xA7GT\xDD\xDE5\xEDR\x8A�\xEC\xAF\xD9Lq_\xB1U\x91|jK\x8F^\xB4/\x84P�_�:\x98\x87
-\xD7j��\xA4\x9D\x87
-΄��\xA3M\xE0�\xF5\xBF|\x8C�\xDC�H\xD6�\xF4A�-08\xD7I at t98\xD4\xCC\xC1\x88\xCF\xF9M��\xE3혽B\x86\xB7\xC3�\x8F\xB3\xE5��`\xE6p\x84\xB2\xDE�"\xB0q\x97o\x97^\xC7\xE3s\xC7M\xB4^\x84����|U�\xC01\xF8�X\x9E\xC6ÛŒ\xD8<\xE2r\x93\xFC\x96\xAB\xFC\xFB�\xA6G�\x8C\x97\xBC{\xF7�\xD6�-m\xBB\xF0h\x8E��|\x80J\xE4\xB9\xF9\xE7�_4\x92ÏŸ\xEF>~xEë·°\x95��z\x85)A\xC3K,\xB9p�\xDD�׶\x90�\xBD\xFF\xAC&Td\xCD9\xB3\xE0\xA4�Õ‚�w�:|d\x85\xEA\xE4\xDB��\xA3dZK&\x9CȪV\x9F\xB1*\x8C\xA3�\x90_KS\xD0=5m8#<\xCC\xC1,\x96J�\xCD#D\xB1\x94��\xEE�I\x97\x80-`\xF1c\xF3Ý\xD3|Ä—�\xD7\xC7:�\x97\xFCK\xB3\x9B\x94�\x8C�\xFCs
-\xFD1\xE0�ֺ@T\xFFy\xC0p\x8D�.\xAA\x85aG؅�~\xE6II\xA8L>\xF3�znvF\x9A\xA5¦�\x88BE D\xA83S\xCF>\xBA^�\xF7�\xB5\xB5^endstream
-endobj
-1352 0 obj <<
-/Type /Page
-/Contents 1353 0 R
-/Resources 1351 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1337 0 R
-/Annots [ 1357 0 R 1358 0 R 1366 0 R ]
->> endobj
-1350 0 obj <<
-/Type /XObject
-/Subtype /Form
-/FormType 1
-/PTEX.FileName (/usr/local/share/db2latex/xsl/figures/note.pdf)
-/PTEX.PageNumber 1
-/PTEX.InfoDict 1367 0 R
-/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000]
-/BBox [0.00000000 0.00000000 27.00000000 27.00000000]
-/Resources <<
-/ProcSet [ /PDF ]
-/ExtGState <<
-/R4 1368 0 R
->>>>
-/Length 1369 0 R
-/Filter /FlateDecode
->>
-stream
-x\x9CeU9\xB2,G�\xF4\xFB�e\xCB@@Q�\x87\x90!\xE9��\xA1%bd(d\xE8\xFAʤ\x97\xF7\xFF(\x9E\xD1�\xAF
-\x92$\xA1T\xAC)\xFF\xAE\xEF\xEB\xAF\xE3\xEF\xE3\xC7_\xA2\xFD\xFE\xCFa\xED\xCFc\x8B\xAE\xBDڿG\x97=\xFB\xCC\xF6\xD31\xC4F\xACl\xD6]t\xF6\xF6\xD7\xE3qu\x89ݦ\x8B\xF75\x9A\x8F\x94\x81�<8Ǘ\xFD:\;\xE2\xFA\xE3\xF1\x89\xFC<q�\xB8\xCD;�.\\x9Ei2c\xB6\xFB~\xF0\xB6e\xB8\xED\xD7qc\xB8=7\xC4+\xC0g
-\xAF\xE3\x8F\xE3\xD7ct\xE9a\xB3\xD9L1ca\xB7cu\x99\x9Am�QO\x83\xBD\xA5�\xEC-\xA1�{w\xF1\xA8\xBC&k\xF1\xC4\xDE \xD0\xDBD&\xF0g\xA9\xB2�\xD4l\x99=\xC6iwÃ…\xA5\xB2\x81\xE2\xF1,T\xA2�\xF6N\xD9�v\x88Z\x8F
-\xA89xcH \xF9\x9E\xD2\xFBhk\x8A\xFB��;\xC4\xFC�\xD3$\xEA\xF4\xEDX�\xF7�.\xFA\xA0\x89<�\x8D\xE9#��\xC8tLV\xB0��Pmv\xF4"�>\xE9\xC6�&\xDEЇ h\x97\xF5:\xC0\xC0X\x8F=&0\x8F2\xB2o\xD2�C\xF3�eD3PMt\xF01CrZ\xFBb\x9C7\xB3}t\x80mA\xA3d\xAB\xB7\xED\xE4'\xD0�W\x8A!\xE8�\xAE\xBB\xBDKO(\xB0\x81\x83Ԥ�\x87t \xD9Kb\x95^\xA6\xCC\xEC
-�\xBB\xE5*�\x92\xCE\xD5�B\xEAF\xE5mY\xB8\x99`U\xF5\xB4\x99Õ�-\xBFnÜž
-\x{DF4F}\xB3�`*T��\xFBÞ£jg\x93�\xBE=\xC5s\x96�A\xBDR?\xD4�=�}\xB3�Ú\xA7l
-\xA4ϒ\xC3ig٥\x97\xC7\xE1C6u�\xE9\xED�\xDB&\x94\\xCA�G�T\x9C\x84M\xE9\xEA\xF6\x96K\xF2l\xDC�\x92Fyu|?\xE9%\xE5iȥ�K\x94\xEAN\xCAq{v\x88\x81*\xEA\xE8�JE\xA2]8�h\xCD\xF2\xA4p�0R\xB1\x88$\xC1(+\xC1�n\xD6�N\xAC
-q\x8D\xAA\x84Ñ«\xF2\x9D^\xFF\xEF>\x8B\xAB>\xF7\x97
-.13ׅӃ!\xB63\xA2S\xCBAՔih\xA5Ũ\x8A^\x85(��\x80<\xCE�m䦽\xAA\x9A\xDB\xC6lL\xCA\xE2\xB3\xF27\xD9 aƴ\xCBd\xF4 6\x90(W\xF0�ںK
-г2"\xEFE9�~\xA0
-n*\x8C1�\xBD\xF7\xA8\xBEx\xA5ƈp\xEE��\xE2�\x8B�&Xî��Ãœ\xA7\xB3\xB1\xE8\\xED�D\xA4\xDF�\x9D\xE40}�#X\x8C\xFB\x9E\x98�\x8B\xB8\xC0>#�^�V�\xB0\xA1|2\xCEi\x899\xCA�Îr��)�`\x98\xA2Xh\xA1\xD2�&\xA0\x84hb\x97H\xB0\x8Ce"��\xC3\xEA ʱ\x84\xA3~Ï“a\xB3�t�\x8C\xBA\xECZD\xDF!#Z\xB6\xDA\xC2k�\x81!\xA0e'j\xDD=\xA7\xA0_ts�Ù¬\xFB\xCD&\xADN\xE5@\x82i\xAC\x883 �t%kÐE\x84\H\x96YZx\xFF/U\xA5\xC7�\x99\xE5\xEB\x97\xCE�\xA6@\xB1\xAF�i�W�H
-\xFEr\xD3G\xE7X��5\xBE�\xFB�\xFB8\x87�\xB4Õª�O\xAA\xABt\x96\xD4��\xB3$�\xC2�y\xB0\x89\x97B�Ò›\xC0\xC45�\xA9/\xA8\x8Fvp\x8F�\xF7�o`kA�\x93\xF4r�\xB1\xF1\x9C\xD34�N.4\x8E\xE6 &�F�\xB0\xD1�T\xC6G%V\xBD\xA0\xCE'\xCC\xD8R5\xACBÔ‹�`�\x81qU\x9Ev-U\xCD=\xEB\xC6\xE5Qv2\xEB�_ \x94\xBF�\xADq�q\x82~\xE8r\xAF\xDA5\xCCJ\xBC\xF0\x98�\xB0h\xBBP\xA1\xF5\x8Bk�\xDC\xE0\xE9Ú\xFD\xAA\xE5>\xD2��\xB8D�\xB0�o�\xBB\xCEi\xB8CrT]\xBFMJ\xA5\xA0\xC6�Ö¹�\x92\xB0\x9D;\xBF\xF6\x8B\xFB\xF3Z\xBC�\xAC�\xE5[\xC7-\x9C\xC1\xA4\x9FBx�\xBF\xFDp\xFC|\xFC�\xC8�\xC2�endstream
-endobj
-1367 0 obj
-<<
-/Producer (AFPL Ghostscript 6.50)
->>
-endobj
-1368 0 obj
-<<
-/Type /ExtGState
-/Name /R4
-/TR /Identity
-/OPM 1
-/SM 0.02
-/SA true
->>
-endobj
-1369 0 obj
-1049
-endobj
-1357 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [470.3398 467.2776 539.579 479.3373]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1358 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [316.7164 455.3224 385.3363 467.3821]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1366 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [304.6433 163.6578 373.3153 175.7175]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
->> endobj
-1354 0 obj <<
-/D [1352 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-130 0 obj <<
-/D [1352 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1355 0 obj <<
-/D [1352 0 R /XYZ 85.0394 576.3463 null]
->> endobj
-134 0 obj <<
-/D [1352 0 R /XYZ 85.0394 576.3463 null]
->> endobj
-1356 0 obj <<
-/D [1352 0 R /XYZ 85.0394 533.5444 null]
->> endobj
-138 0 obj <<
-/D [1352 0 R /XYZ 85.0394 299.6823 null]
->> endobj
-1365 0 obj <<
-/D [1352 0 R /XYZ 85.0394 263.0631 null]
->> endobj
-1351 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F62 1361 0 R /F63 1364 0 R /F48 1238 0 R /F41 1218 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1374 0 obj <<
-/Length 3442
-/Filter /FlateDecode
->>
-stream
-xڥ�\xCBr\xE3\xC6\xF1\xAE\xAF\xE0-P\xD5��f0\x98Ar\x92w\xA5X\xAEDv$\xE5Q\xB6\xF70�@�^�\xA0 P\\xEDק{\xBA��
-\xF6V%\xC5ü{z\xFA\xDD
-ƫ�~\xF1J\xA5a\x9A\x89l\xA5\xB3$TQ\xACV\xF9\xEE"Z=\xC3\xDA_/b޳\xF6\x9B\xD6\xD3]\xDF>^|s#\xF5*�\xB3T\xA4\xAB\xC7\xCD�\x96 #c\xE2\xD5c\xF1s\x90\x842\xBC��Qp{\xF7\xFE\xFE\xFA\xEF\xD7w\x8F\x97: \xAE\xFEv\xB9�*
-~\xFA\xE1\xEE\x9Az\x8F\xF7Ww�7\xD7\xF7�4\xFC%R\xD1\xEDnî¡/\xD7R'"x\xFF\xDDÕ\x8F\xD7\xF7\xB4\x9E0Ô«�\xFF\xBA\x8C\xE38\xB8\xBA{\xFD\x81\x96>\xDC1\x8C\x9B\xEB+\xBC\xEB\xF1\x9F\xF7\xD7�\x97��\xBF\xBF\xB8~��5}x�I|\xD1o�?\x8CV�\xBC\xFF\xFB\x8B(\x94\x99Q\xAB��\xA20\xCE2\xB1\xDA]$J\x86*\x91\xD2\xCF\xD4���\xFF� NV\xDD\xD1EB\xC6Q(d*�()\xE2U�\x87\x99RbFJ\x95\x85\xA9�\x92I)B\xA0E�E@\xADmIo\xFC\xB5=��[{\xA2E\xA2.\xF1\xA9 PLX�\xAD\xD6B\x87"\x8A��\xE9\xAAv�\xD2 \xDF\xDA\xE6\xB9\xECp\xA0\x82\x9D-J\x9A\xEE[j-5_Ú¦\xA4-Ç®j\x9Ei\xB2xm\xEC\xAE\xCAip\xDC�\xB6\xE7\xC3\xF6p�\x9B\x80�t}KÂ�\xAB\x86oØ–#\xEC?1�\x93\xB7\xA4\xFC�\xE0\xB2��\x9E[u\xD3i�\xC6s\xF6Ø·k|5\xBE\x93\xA8H·\xB3}\x95Ûº~\x85}\xB1�rB�0-h\xE2\x89���\xE8t\xE5\xE1\xA5<P\xFF\xB4-\x9B\xB3e\xBC\xFC\xD0\xF54 �\\xC6AN\xE3\x81�x\xC2~rT\x859>Cd\x86\xB9�\x93p\x92{\xED\xE6쎑�|a\xCD�\xF0\xDA\xD9�\x85{\xE2\xA6=\xEC\xDCs\x92\x8C\x9E�b`\xF7\xFB\xB2)\x88S0M\xA0\xA1S~\xEE˦\xABÚ†$$\x89'��\x83\xA4)\x9D\xA2\xA8"\xD8\xF0צ^\x90#\x91\x82p'\x92791�.\x80\x8B\xF9Y0\xE5\x9E5]\xCA\xDB�Q\xBFÛ·�\xDCX\xB4\xA0726
-\x8E@զ.\xBB\x8E\x86ݾ\xCC+\'^"�ֱQa\xA6A\x9Eg\xD4h\x81{\x87\xAA(\xCA��'\xFE\x8A\x9E\xB8~ŗ\x90dF$\xF3Q\xF0T5\xF6\xC0\xF4D�۞\x97\x9B\x82\x91ڶǚ\xFBM˫O�\xB4,*�2\xE8\xEFlstx\xA3\x99
-��fa\xA2#\xE5\xB0&$S=\x8A�\xF4O\x95SR\xE8ٺk\xA9\xD7\xE6\xB9E\xFE\xB1H\xE3\xAEC\xD5\xF3a\xB4\x98\xBF�\x91�\xC7\xDD�[\xB2\x9C\xB8\xD2{\xF8y\xBB\xDB\xD7e?\x8C�\x90\x87\xBEc؛\xB3\xCD$\xCF�
-\x98O\xA9!\xA6\xC3L\xE5�\xBA\xA5�\xC9��8\x91\xCA+p&�\xDF�Í S�h\Ú(Wp\xA9{]��v\xD3;r\xC0Zi\xF3-\xEF�����\xC9w\xC0\xECH \xF5s{\xEC�X\xBF\xB5|\xC1\x89�� \x9F\xFCb\xDBR\xA7\xAB\xDB�\xEF"u\x87\x9E]2%5\x99\xB5g� �\xB9\x85\x9E{�\xB4#\xB9`\xB0!Y\xFF\xED�\xF4�8\xEFp\xBCm\xBA\xBE\xB4�`,d\xC2\xC4�&@\xA6\xCD\xE1�em_=<\xA7\xD9\xEE�j��\xA0\x8D�\xB5\xBB\xAA9\xF6e\xE7\xA0J��x�\xA9�\xAC\xD9�\x84\xD1 \xCD�\x97�펰 \xB0Æ™/\xEC\xE9\xC1z\xC9H��\x8E��j<\xE2z@\xDC�{\xF7\xE66�\xB5ux \x95��\xCC
-\x90\x806\x90@\xF0U,\xDE\xD0{b�\x8C\xD6�\xB4\xBF\xF0\xBB\xFA\xED\xECB3�\xB1n\xC1\x8A%�\xFD\xA5�\x8D\xD8i\xC1\x88\xAD\xFD\xAE�!P\xB1�\xCCb�j-\xCD \xF0\xE9ӒU\x94a\x861�m\xFA�Z�p�MA\xB2��\xE4��oQ@\xC4\xF2\xCAM\xE5\xC7]\xD7\xDB&w\x9CC\xE9\x80Wz\xF9e�eb�Z\xA2\xCF�l\1�٘\xA9\x83\xCAA\xEC\x98\xE8\x99\xD7y\xBE\x81\xEC�\xCEۆ,i"\xC3\xD4\xC0\xA3g\xE2\xEE
-Yg7\xA4\x8Dh!\x9F�\xEF\xCC�\xCDØ¿ �\xA1\x9C
-�\xE9h\xCE`\x8A\xC4Z\xF1#\xE0\xD5�V\x96\xD4i9\xB0\xFC\xC0#\xDA\xD7m\x8F}ў�`ˋ\xF9\xC1v[']\x80NOk^\x92R\x86
-"\xFBJ+,3\xD3\xC0��\x83\xF1��\xE8 v
-\xF8\xA7}{ �\xEE&h\x89"\x95�\xBD\xF11�z�\xA6ϨJ0`󃽶\xFDD=\xA7L|\x88-\x9B\xDB\xC9s\xB5\xED\xF8\xC8��\xF9\xB9H\xEC\xF7c\xE46\xBD\x8C\xC9{\xACyL\x86\xA8\xDDy��\xD2\xC0�\x9C�\xB1H\x81\x8Az\xD78^\xED\xB4wS�\xF8\x8EIX�y\x974\xFA\xD5\xDA{\xBB37\xDAU\xBB
-M\xA7�\x9C\xECW\x9D\xA0\x92��bb0��Jjj\xFEyoG\xF3 \xCF\xEC\x86!\xBCB\x87M>R\xB1\xFE\xC0\xEC\xE8\x94�\x87J2ز?\x9F:�\xE5\xA21><y\xB6\xF4~^�\xCFG�\xD4\xE9K�'Q\x8E�d��\xACu�\xC9|Ä›\xE9`\xD7:6g^^s2\x90\xD94\xA4\x86mch�+\xE0\xCF5M\xF7Û–,\xC44ІAÛ\xD3\xD4\xC1\x9B�G\xE9\xCF&au�1�\xD1|v\xFA\xE4\x94'cÕ€ 0\xB6G\xBEh\xE1\x89�1\xF7b<J\xD04\xCC"\xF6
-r1\xE1\xE2\xF4\x84�Æœ\x9Fs\xBA\xC3\xDB9\xBB�w\xF8\x95Ã¥�S\xCBFyj\xB9\x85JB\x88g\xBD\xE9>4�\xDF�)\xC9~\xC1\x88'"\x942ʼ\xA5'\xDB���\xA3L蹨\xDE\xE2[\x8C�^\xDB#u\xB6\xF6�\xD13\xECAafG�\xD4L\xF9��\xBFli\xF7H�3\x84X\xEE\xF0$b|7\xE5&\x9CÙ´\xA3w\x87\xBD\x83\xD7-\x8E\x838\x98!z\xC4^{\xF8\xF4g\xB0\xFDF��\xAA\xCE>Õ‹|�0��\x8C\x86�#hD�'��\xD8!<q\x89\xB2\xC1\xB7\xA4\x8FSHs\x8D\xD13\xD2\xE3\xD1Í¡,\xBFp~\xAAÔ´t\x90\x84\xE03��\xF0�\xE5�\xBAY�ac8\xB0D\xE0\xF4dÄ‹\xAC�Î.s\xFA\x888\xF2i\xE7R��\xA8dq\xFA\xD5<(\xCBD›\xBC\x9C\xE3
-�F\x80[�\x891�\xE6\xFAS\xBF:$\x89Bx\xF7$\x80\xDF�y�!&i/d\xF9\xD7�9\xB9\xC9^�x\xCEv\xC6\xC1\xFD\xB2�D\xC0\x88L\xA7s�p\xE0\xECi\x81
-\x89�\x95\x89\xF4WØ\x86\xB1�\xF4\x8Aܤ�N\xEA\xD6�g�\x93\xFC�\xE7Ø“\xDD��\xAE\xCBf�͵\xD0I�EQ\xFC;":\xF1\xB5\xE1\xF0\xE8�Ø–\xA4\x82\x8B�\x89
-\x93�\xDE\xCD�(.\x9A܂Û9\xBB\x9F�\xC3\xF3\xE8tm\xEE\xF1f%\xA8Åš\x8A\x8C\xC2L�9\xF1_fÉ\x9A\xC1Ä™xp\xAB4?/s\xE1�+t\xDF\xE6-\x9Fu&�NZ�\x92\x856.-\xA5NW\xB3\xFD\x898\xE4\xE2�dm\xA2\xB3+\xD9\xD6Cod
-l�z\xDAwK\xA6\xA1\xA2\x8C\x85J4d\xC6S\xB4x�G\xA8\xA1Z4\xB9F\xA9\xB1\xC2�T\xA8\xA6%!$\xC5P\xD6\xE19$�\xF5Ξ?Ty\xD4X�\x98גTp\xF3\x9E&\xE2,S�r�<\x94\xE5y\xC5/IU�g*]I
-\xB6<R�\xD6\xDEh\xF1\xF0\xBC\xA2\xCE\xFD\xA4X7\xEC_O�P\xB1n\xE68\xDE\xC0E\xAA\xFD\xFC#=d�\xEE\xDA[\x84È„*r\xCEdB\xDE�H
-r\xE5E\xF7\xF1�\xE98J \xA6\xD4+\x99\xEA0Q\xA0\x9BKu\xC5a\xD7z\xBA\xED-\xAAo\xA1M|�(\xBF\x8E#\xB3�\xD3\xCB$ l\xDE;\x8E\xBB~\xC7-5l\xBFt\x82\xCEJ\xA6&\xF8\xF6\xF6\xEE�-e\xD4t\xC7=D\xD7=�#ncω0v8\xAC\xC1.\xC7tØ…�\xC7K�m\xE2NSb\x96\xE9\xB2)\x99(\x96cZ�wз\x87\xD7eA\xA6B��\xC0\xC0 $N\xB2d�\xE9Ê‹\x85 \xF5\xC9�S�\x89\xEE#eanK\x93\xD7Ç‚�\xDENc\xDFc�cÝ´rq�\xCA%.al\x89\xED\xE8Sa\x937\xFC\xB8\xE0l�vXqq\x9D\xE0-��N�\xF0 ��Yê¬K\xA7 \xB5|\xF27\xE34\x95 "G\xE0\x90\xBA7\x94:M\xCAP<�qF8\xA3�"[\xE5Rx\xCC\xC6��\xBD\xF1p\xBC\xB1\xF1�\xCF\xF0X\xA0\xBB\xC3J&\xC1\xBE< �\xC8nH\xCA�azst\xA1\x8AL\xBC\x91\x84\xA5\x89)\x81y4\x92Wl$\xB9p\xC2�C��\xF1�\x8B\x98{�L\xB3\x95\xC3
-�\x86\xE9\x8C
-.\xED\xFB\xA1�:s\x9721\xA1\x8E\x86\xF2f\x{159CA7}\xF5\xE6\xD0\xEE\xD6�\xC0\x81� Ub¾\xE0�2T \xE5#H.\xD7B\x9C\x9D\x86\x89\x88Ĝ&]9d\x87�\x84\x98Y\xEC
-\x91\x8EP�\xE9u\xF1\xB6X\x83\xEF�z�\xAFB.o�%�\xF3\xF2T�:\xEC\xFA�\xB7\xD4t5\xA4\xE0\xC0\xD9wT\xD4#
-�\xA9@
-\xC6u_\x8E\x84�}_\xEE\xF6=
-\xA8�(�ʜ\xA0Ì\xC1)_\xC1� �o\xAF\xF8\xD2\xF2\xF3\xBE\xAE\xF2\xAA\xA72\xA6�
-\x8AL��\xBDT\x8C�\xE7\xDEglJb\xA0\xA8�CT\x83e\xB6\xAE_\xFB\xB0\x8B�çª\xAC\\xA0a�j3\x842,�`\xEE\xA9\xE0 \xB579Z\xD1�q�<\xE0[\x942\xB0\xABB\xE9\xFFUpT(M< lS\x93\x90\xE2â…»v\xB0\x81Z\x9D�1\x98\xB0O\x{DC67}\x9DDE\xB2Òš\x9C\xEA;Z\xE9J>\xEE\xAB�k�e�\xEB�376E\xD9凊\xE90MÛ–9��O\xABÌœ1\xE2w\x88\xADT\x98\xC6C\x82\x95\xD7>\xDB\xFE\xDA%J\x87R%>7\xE0\x9A\xD2[\xF0�\x8B\xC5i\xEAu\xA6\xEB\xC1\xDAb \xB6�!b\xE0 \xC1y\x9C\x9CG\x8A G\x8A� \x9E\xFD\xF85\xF1\xAB\xC1\xDFCÙ³w�\xA9K^\xB1��\xEF\xF8\x87Y>N\xBFT\xE5\xC9\xD5\xFB��37\xD7UO�\xDC9\xE4|nuC\xAB$\x84\xD0q_6\xB1\xD3\xED]%Ir �[\xB0\xE7%\xA5\xF9\xD2\xDBm�\xB1\xCA\xCF=(\xF6\xB0\xA2}\x85\xA8\xAD)NtG\xB9=v\xC7\xE1�Ë™
-\xA7S\xF0\x94\xF1k\x9EH8\xF8g["�\xAA\x9Cs#\xB3 \xA5RH\x95\x94\xF0\xEC\xF3\x84\x85\xCD˄M\x92\xD0ha�n\xF7\xC7=\xA78\x8Fc0\xE0\xEE��\xF8\xDD�^C�\xBE\x84q\xB5�\x96\x88 \xBD\x86�H\x91\x9EmS}a�\xC2Y\xFFy 6\x9El\xD3\xCF_Fv�&\xA8\xF2\x9E\xF0g�Xa\xF4\x91Lqh\xC0X\xCF�\xA9\xDF\xFAB\xC5��\xBD~p�OK\xAC\xD2\xEE�Bz\x8A?\xAD\x91\xEBuZ\xCCR\x86\xB3�!\xEDb0�\xD2Go\xDC\xF4
-\x9E|G\x93\x8C\x85\x96\x9C4hv\x97\x9A
-\xB7\xC6x\xA9`�\xF0\x9B\x91�"\xEC\xD3:ÕsÃ+Ciq\xE9\xDB�\x9C\xC7B\xFD�KjH�늾7I
-�CC\x93la\xF1\xCB�\xEE/{\xB4ZMÙ\xABNF\xA1\xED\xDA�\xCF�\xE5�ET \xCC\xF2\xAAS�\xED*\xE3\xFDÖ…j0h\xB9u\xD5;\xDCMd\x99B�\xC7\xC8\xC1�\x8E\xC00AP�.=\xECvÔ²T\xB1>\xA6\xE7V�&\xEA\xD2~\xEA\xA8K\xE6\xD9m\xA2v\xE7*\xC6\xD8�\xAE\xF0&�q\x9C\xDB\xC3A \xD1�ß°\x85\xCC�\xF4�
-B\xE6\xC3e\xDC\xF1\xD9bU\x9F\xFF���\xA4\xEF�\xDCU�\xB1\xD7Ù—\x97×¥\x88���N\xDC\xE6\x9F 2sGe\xEE\x83 �\xA4\xB2\x9D�\xA7|\xC1�:\xF3�\xD2\xCA+\xEDo\��\xE7\xF8\xEF�\xD8m\x99\xFE\xB0\xBE+!\x98C\xAEJ�|מPU}\xAE`t Gr\xBE\xA3\x86Ø \xC0)[�l\xAA\xBAr\xF1Ë·\xF3�FN��\x8E& pâ«“F�^�i4�\xA2�\xF8\xC21�\x80l
-�1\xE5\xC7\xD2+\xA2\xFB\xF0H�\xA7\xF3\d7 %\xA2\xB8\xA1m 3a
-\x81\xB1\xFB\x84Ç·P
-\x9B\x890�\xEFA4^\xFD\xC7 \xA1S2[:^2[�#\xF6W\xEA\xE4Û–2�\xCD�?\xB4G?a\xA9\xF1f�\xBA\xAC\xD0\xE3\xDE=?\x87\xCA\xD0\xFE�~8j:`�~\x9A\xA1�\xE1\�ã´¡�\xCCaYo\xE6 \xDF|1!\xB1�=\xE8\xC8Ø Ul�5}EZ\xFAS\x8E�\xA7,\xE5R\xAA�
-\xFF\x92\xF9\xBF\xFF\xB03\xFE\xAD 2_i\x8CXΙ\x856ab �#\x85O\x89\xD37\x98\xFB\xF6\xBCE\xFD\xBF<\xAC\xE0
-endstream
-endobj
-1373 0 obj <<
-/Type /Page
-/Contents 1374 0 R
-/Resources 1372 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1337 0 R
-/Annots [ 1378 0 R 1379 0 R ]
->> endobj
-1378 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [464.1993 375.6003 511.2325 387.6599]
-/Subtype /Link
-/A << /S /GoTo /D (proposed_standards) >>
->> endobj
-1379 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 364.6613 105.4 375.7047]
-/Subtype /Link
-/A << /S /GoTo /D (proposed_standards) >>
->> endobj
-1375 0 obj <<
-/D [1373 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-142 0 obj <<
-/D [1373 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1376 0 obj <<
-/D [1373 0 R /XYZ 56.6929 748.7225 null]
->> endobj
-146 0 obj <<
-/D [1373 0 R /XYZ 56.6929 444.9381 null]
->> endobj
-1377 0 obj <<
-/D [1373 0 R /XYZ 56.6929 409.3397 null]
->> endobj
-150 0 obj <<
-/D [1373 0 R /XYZ 56.6929 234.0098 null]
->> endobj
-1380 0 obj <<
-/D [1373 0 R /XYZ 56.6929 196.2021 null]
->> endobj
-1372 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F55 1321 0 R /F48 1238 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1384 0 obj <<
-/Length 3163
-/Filter /FlateDecode
->>
-stream
-x\xDA\xE5Zݓ۶�\xBF\xBFBo\xE1e,�\x9F$\x9877\xBE4\xCE8\x8E�_\xDBL\xE3̔'\xF1,\x8E%R�\xA9\x93/}w\xB1 R\x94t7n\x9F:z \x82�`\xF7\xB7\x9F�\x9F1\xF8\xF1\x99\xD11\x93\x99\x9A\xA5\x99\x8A5\xE3z\xB6\xD8\\xB1\xD9Gx\xF7\xB7+\xEE\xE6\xCC\xFD\xA4y8믷W\xF9N\xA6\xB3,\xCE�\x91\xCCn\xEF�Z&f\xC6\xF0\xD9\xED\xF2\xB7\xE8\xDB\xEF_\xBE\xBB\xBD\xF9\xE5z.4\x8BT|=\xD7 \x8B^\xBE\xFA\xC75\xE7<z\xF9\xF6ۛW\xF4\xEA\xD5\xDB\xF7\xD4\xF8\xEE\xE6\xE5u\xAA\xA2ۿ\xFFr�#\xDC(m\xE0;\xFF\xE5\xFBwo^\xDF\xF6_\xFC~\xFB\xC3\xD5\xCDm\xB7\xD3\xF04\x9CI\xDC\xE6�W\xBF\xFD\xCEfK8\xD4�W,\x96\x99ѳ�tX̳L\xCC6WJ\xCBX+)\xFD\xC8\xFA\xEA\xFD\xD5\xCF�\xC1\xE0\xAD\xFDt\x8A;Z\x9AX�\x91N\xB0G\x88)\xF6\xE8,N\xA4\x90\x96=/\xAB\xBA]�;8\x91\xD4Ѣ\xDEl\xEA
-\xDBI\xB4\xBB\xE6&*\xF2\x86\xFA:\xBA\xAFw\xF4\xA2)ڶ\xAC>\xD2\xE8~KϜ޽߮˖F\x88\x9F8\xFF\xF1\x9AGM[l\xA8[6\x{13EB69}\x9F\xAF\xD7\xF5\x81\x86ʪ-vU\xBE\xA6^U\xB4\x87z\xF7\xA9\xA1i\xED*w\x84s\xDA�
-\xDF�\xAB\xB2Z\xA2�\x80�s\xCE\xE3Lka�\xF6\x811\xB1�z\xF0\xBDLE\x84\xBB\xC7gY\xD1\xF3\x97\xEF\xBE\xC5�\x8Fx\xC6
-
-5\xDB|QP\xF3�ÓŒ\x96i\x8A\xDDC\xB1\xA4\xD1\xD7/\xAE犉(w\xF4\x97\xF5b\xBF)\xE0 \xCB3\xEB YN\xC3xz|\xBAE\xEA\xF5\x83[Ù²\xCDn\xD8� \xE9L�\xEF\xB5\xE5U\xD1�,%g�\xE3C /\xF2\x8A�\xF9\xBA\xA9\xA9uW\xD0s\xDF\xE0>\xB1\xD5\xD6~�\x89�\x9A\x9B\xBC\S\xEB\xDEn\xAF\xDEP\xAFÞ·M\xB9t�\xEE\xF2\xC5'j\x95Õ�nؽ\xE8\xC4 ='\xCE���\xC0\xE4\xB3\xEE4\xF7x6\x99!\xC0\xED\xD1PÙ€M\x9C1�\xDD|\xCE7Ûµ#\xD8L��\xD0��$\x9A!Ø\xA4Hb#�\xB1\xEBM\xD1~\x85\x92\xCA \x8F\xF9#6R\xC4,> \xF4 \xD0m^\xB9\xE1*\xDF�K\xA2(\xB3\x80"\x97\xB0\xE14\xD3@�)\xBA\x9D!�\xA4�q,\xE2\x89]$\xA0\x8FJq\xF7 \xA2\x8A&\xC1P?IÆ’\xA7\x9ElAdc\xDC\xD5�=�\xA7Z\xAA\x9E�\xA7=\xAFr\xB8\xE2\xA1\xD8!˱\xB3\xA8w\xDBz\x97\xB7�Mjʶp\xD3H\x9B\xE8K\x8B<��\xB4 ΀m:Ö™\xD2C\xBC�\xC2L;ݤΡlW\xD4�\xAA�\x8Ex\x98b/\x89\xDE�\x9E\xDAzQ;BÈ’\xD7\xEF\xE8 \xD8w:\x88ͼZ\xFA�=\x8B\xCF\xE1�\x96Ŧ�8\xE4\xBB\xF2O\xBFØŸuU\xD0BH\xF6Õ\xFFB\xBA/\xA6\xB4\xC7\xDA2@\xCF�!\x94\x8356=\xA4�mY;T\xD7\xF7N?�(~á¡ž;<Z\xAB\x86\xD3�@y\xF2;\x8F\xD8#\x9D\xD8\xEE\xEFÖ¥\x87\xCA ^\xB8\xC3,�\\xA9�\xBC\xA42'\xE1\xC5\xE3$U�:\x87\xBCjQ\xBE"\x8BJj\x98 at l8\xBCX\x97E7Çš x\xA2M\xC0\xA9\xB4\xEB\xF0\xCD\xD08\xC1\x94^�\xF8zU7-*\x8B\xA3g\xE5\xD5\x8E\xB3�\xAB\xBC\xFA\xE8\x88Z\xABb�\xE6w=\x90�\x81H&i\xB4-j\xAB\xF1ضF�\x9E\x96v\x80\x84�V/IDt\xEB\x87A[\x9C�C\x87\xCC�\xB6<G\xA0Yv\x8D\x9E#\xD0�\x8E\xB8s�Z\xF7\xB1\xD3�$\xB8X�\x8D}k\xBA\xB7\x8Bb\xD7\xE6e5�.\xBF¼\xAEÖ$vDf3\xC6L\xEF\xC8�Xu;\x89\xA0n\xF2z=a\x85=:\x9F`s{\x80i\xE7@\xC8s\xD4v�K��$sƒa83\xF0t]6+7\xBE*��\xA3\xD0N�0\xD6s�>8\x94\xB8C�nP\xDDq�\x83�\xFB\xED\xC1�\x857
-
-\xE1\xC6q�\xF1\xE3\xBFڡ�@\xB2\xCAd\xD1OU1"\xE6\xE8srb\x96\x86;\xC1\x91\x87\xE4N�\x8EO\x86\x85\xF6*\xB3\xC6\xC1:-\xE3��\x8D\xB1\xE9ʬ\xB7\xC77\xD6$9��]g\x96\xB2\xFES�@�F\xBBŗ\xB4[�\xBA\xF3\xB3*zs\x977κ\xC0 \x!
AA�\xB2U� \xEB\xAA\\xAC\xDC��2�Ù¨-�\xCEÏ\xD6JM`\xCE���\xAC� \xDA|\xFDih\x90\xEEjk\xB3\xD1\xDA�\x93\x9A!\x9AJOjh\xED:G\xEF\xC1��v�Z\xA4\x96z\xA0k\xD0s�ÆŽ\xF1\xE2\x84\xE1;7yQW�\xB3}\xDC\xD3\xE1\x974j\xF1�O�?�Ä–%�\xC8\xFD\xF7\xEC\x8B]YXp�\x85F\xA7ض\x837�\x81)ß›\xA4\xB1L�oB\xD1E\xF2\xB8\xDB\xF6\xB1\xC552NL"\xDC\xF4���\xE7J\xF3\x98i�\xC7C�!e\xF1e\x94Ó˜\xA7\�vz>Z\xE0�,-7YGs\xAER�\xF01qab [\xC8�\xF1$\xEA#\xE2(.%�ˆ�c\xD1 �G�A\xC1Û¤G����K\xC8L\x86:�Hj`*\xCFBˆ\xBD\x8E,v�K\xD8"\x9B\x8D-k\xBD\x8A\xB6\xF0\xD3[7�1N\xE4 �\x9B\x9CT��\xA6\xF1���+n\x92/\xE1\xFA1U\xCCÒ¤\x98\xE4\xB5\xE3�\xE4jZ\xB1�\x86N\xAC\x97\xC6�\xB8Û³\xCBef�\x9Cg \x91\xDC\xCF4hT,\xE5\x809Ï€\xB8;*X\x8D8� \xEF\xA1 \xB9\xCE �B;\x9FD\xCE\xF8\xB5�\x96Ñ€3\xF8\xA3\xCD@\xAC\xAD\x92$}\xF21\x938\x95]\xEC4}>\xD8Q\xC6\xF5\x93\x8Fg)zn,k\x88x*\xF2\x99\xCC\xFB\xCC$4\x89\xD0\xF3\xEE/ \x8C#t6\xFB\xC6�\xF5\xAEp\\xD2il43c@\x8CM\xA6p\xF1�>\x97e\xE3\xB3:�ϬC\x82Fg�\xBB\xB9\xD2\xEE��\xCD~F�\xA7N\x90�\xDA�\xEF\x91�A(\xEE�A\xEB\xC5 �*\xAB\xC5z\xBF\xA4\xFA\x80\xF0NR\xB2\xC0\xED\xF9�θ\x8EQ\xA8i<wl4\xDCyJ�\xB4zO\x89���\xC0\xB3\xF5D\xBAE\xB1\xE3wi)\x90\xF7\xC1)n\xEA\x84\xF7�\xA6�e\xED\xFA#\xE2\xD6/\xDBp\x9ER��\xC3M\xE2\x82�\xE1\x88u\xAE\x86\x9F /\x98_n:cj\xC1;\x810)\xE2$\xE3\xEA�f\x93\x94\xF1g�r\xD0�8\x82\xFB\xC4ƪ�\x861�â°‰\x8D�\xC0\x9F\xFDzI' ��\xFE8 k7\xA7\xD9S \xC3mU\xC4�Ö¾B\xE6\xD3�\xF1w\xE1\xC2N\xF7\xA53\xBE3,\xB7\xC1\xBE\xF4�\xE7\xC4f�R\xA7(\xD89\x91Q\x83S\xE7\x82yM<���8\x90\xE1ZIv\x89\xAF\g\xDE\xCCÞ·\xDB�4
-\xC8!\x91&HÕ\x86(�@Ê®\xCE�\xAD>S�\x92\xDBC\xFD\xF8\xAB\x8B8%\x9B\xE0\xD8\xE9\x93s\x8D��\xE5\x8D}�o>;;\xAB�X_\xADÕ\xB3�\xCA
-��\xF4勓|\x81\xF0\xCA/x\x87�^`\xB6\x8E�\xC5\xC3�F\xECe/a9a&\xF2��\x90Z.KTf\xD4`٩\xA1Ϩ\xA76\xC6d\xAC\x9F\xA0S2fF\x88\xB3g�,f\xC9sU
-\\xAE�U\x8A\x8EѬH\x91p\xEB.\xC3\xC4\xD1m\xB1(\xC9ر\xE8\xC7_i\xF0H\xEE8h\xA3{W\xA7᱖F�\xCD�\xD81\x9B\x97Z\xA8\x81\x99[.\xBA\xA8�\xCD3\xC2\xE6\xDF_\xE5\xC1\xA5\xA6\xC0\xA5\xA2m
-n\xCA\xD5x\xA5\xF3�\xCA\xDBr�\xD8rx\xEBl9x+\xED\xCD�\xBA�G\xA9*\x8A\xA5\xF5K\xF8Y\xB1\xC8\xF7\xD6\xCB\xC0\x84\xC0\x83\xC0+\xAF
-\xAAS\xEF\x89�gis�\xE1Se\xE1\xF8\x87-rL\xD0\xF0\xB9�4�\xB9�\xB3i\x8D\x8C\xD6u\xFD\x89��\x83\xB6p\x8D4\xA8\xEA)\f$ �^\x97�\x9E\x86/\x85\xF6\xAF[8\xAF[4̵E\xCF�\x9ED\xFF\xBC\xD6:\xA2\xAA�\xAC\xEB\xF2%1�\xC7\xC4�G\xB2x1J\xB7\xFA\xBA\xAC\xCB.\x83\x82\xAEßµ��\xA6jO\xBD\xD84e\x9En�\x9Fx�2\xC6U\xE1Z\x83Ä‹\xB2C\x97-\x8E\xEA\xBE\xC3\xD2\xC3i�\xFF\xBD\xDB\xE6W\xBEd\xE6\xE8�a\xA9wTv��Y\x93\x92\xE0sȳo&\x94�+\xC1�\x98\x9Cfv\xF9\xAF\xED\x9E\xC0�fxA\xC3\xE3TI\xAA\xB8\xBD~{=O�Q\xC6'g\xF4\xF4H�\xC4\xFDSÕ¸\xB9':(\xE4\xBDE\x80I\xBCð š«m�\x8F\xD4\xC2\xCA\xD2Ö\x92x\xB1e#�\xAB0\xAB|}\xEF\xC6\xDC�\x90n].\xF5\xEC-\x83\xF4%\x99\xC1�\x8A\xEC\xAFP\xD0dꤟԇE\xD0q\x95�l\xBA\xA8\xC8~XL"\xD4\xC6C,\x8B>U\xF6T,#\xFD\xE9
-G\xCC\xF4\xFA\x83\x83\xEEL\xDD\xEBl�\xFFv\x81\xE0\\x99\x84�=\x96u\x86�){\xEF\xE4+PCZT\xD2\xC1\x96K�\xB6\xC5n}ͣG{\xB7g#o\xD5W\xABƥ>_Ab٩;\x96#\x85i\xC6\xEAg\xF94,\xAC8 O\x84\xE6\xC1,k`\x9Fvmb3�*K\xFB\xC0\x87\xB4rt�\xD2�o\x8F{\x9EԼ\x9F\xBB\xC8\xDFHG\xC1�̘\x91aQ�_\xFA:\x96tu,4\xB5\xCD!04\xF8摞]\xB07\xA4\xD8\xC7\xEE"\xF3\xE53�\xEE\xD3��\xFF\xD9\xD1\xC0-\xB8\xCḐ\x82i\xBF\xC3I[�X,\xCF\xF7\xFE\xB6\xAAޟ\xE2{p\xA5�0\xBA\xAE.Y\xD1\xE6dyU\x80+�Ќ]:(\xD7.�㉃\xB5m\xD5\xF4t\x95Jhm\xAFm�\x90B&\xCC#�w\x87l!d\xC8f\x98\xDB\xD5\xF6- b
-\xD7�\xA1�y\xCB&\xFC\xE0�\xA1\xDD,m\xC5\xF38qM��G,M\x97�\xDB�\xF7D\xFC\x93\xC5&\x91>($\xDE\xF1 \xF9\xA5\x88\x94a\xBC\xA7F\xB1\xFE\x93�\xEF \xE4.@]\xE8a5\x8F2\x95ɋ\xCF�\xCB>xޅ\x87\xC6C\x99\xFB\xE5\xD6x\xF1\xF3\xE0f\xFA\xFBc�1L \xE1lu\xDD\xF9/\xBC\x8E\xF3�\xDB�&o\x{6F0395A}1�\x85ވy9O\xDCB\xEA4\x86�6;\xBA\x85D
-'\xAE\x89 '\x80\xF0\xC3�\xA3\xDE\xEF�\xEDL�\x9F\xA1\x81\xF3\x97ž\x81\xE1\xDD\xD67\xA7\xFE\xFE\xC0
-\x8B��\x9B<\xFBg\x8Ep\x96\xFD\xB7�$�A\x9A M#�Z\x94-\xF0t\xBC(\xC6\xDAY\xA2\xD2\xF3\xABv\xB3\x8E\x97�E\xEE\xD0V\xC9p\xD97�9\xBA\x8B\xF3\xAD�Z�{��X\xA3\xB0F>\x91\x92H�\xEB\x84\xC9\xCBi\xBEL\x8D~BÚ¥\x9E\x99\x93\xC0\xE9\x92a\x9AJ\x82\x90\\xC8�\xD8^\x82\xC1\xAC3�\xF4\xB3.K\xF0ܪ\x81�\xC7\xCBNK0\\xF6)\xC1�5A\x9E&\xE6��\xF4SÊŒ@2�\x96�O�R \x98n.\xA9b0\xEB\x8C \xFD\xACË‚<\xB7j \xC8\xF1\xB2Ó‚�\x97}\xBA \x8F\xECu\xFF\x97\x99S\xBC��7v \xF4\xC1\xAC3\xBC\xF2\xB3.\xF3\xEAܪ�\xAF\xC6\xCBN\xF3*\\xF6\xA6/+\x8D\xD2G\xF9\xD7_��\xBD�Ei\x9A\x85\xF1�z({5\xEF�\xF7\xB03\x96$\xA3ä®\x92O\xF2\xFFT\xDC\xF6$\xD7bT\xAC\xA5\xBE \xA2`\xD2i \xF9I��tn\xC9^>\xE35'\xC5�\xAE\xF9\xFF\xE7T��K\xC1.\x98\xA2`\xD2i\xD9\xF9I�ewn\xC9^v\xE35'e�\xAEyY\xB3@\x96\xF4o\xA4\xCB\xF2\xD3`\xDEt\x9A>I~ɳ=\xC9Q~ 4\xFC+\xEA�/Y\xF7o\xBE/\xFE\xC7k\x8F��\x91\xAE1bZ*\x92\xE1\xBF\xFB\xB2\xD4o
-w\x8C\x83\xC7[\xFF�\xE2=l\x86endstream
-endobj
-1383 0 obj <<
-/Type /Page
-/Contents 1384 0 R
-/Resources 1382 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1337 0 R
->> endobj
-1385 0 obj <<
-/D [1383 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-154 0 obj <<
-/D [1383 0 R /XYZ 85.0394 714.7215 null]
->> endobj
-1386 0 obj <<
-/D [1383 0 R /XYZ 85.0394 685.6298 null]
->> endobj
-1382 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F39 1161 0 R /F41 1218 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1389 0 obj <<
-/Length 974
-/Filter /FlateDecode
->>
-stream
-xÚ½WKS\xDB0�\xBE\xFBWx893\xB5\xA2\x87\x9F͉B\xE8c:LK\xD2^\xA0�\xE3�HDZR\xCB!\xA5�\xFF\xBD\x92e�;\x96C\xA7\x94Nf"i\xB5\xDA\xFDv\xF7[\xD9F6�?d\xFB��b�\xDBa\xEC��"\xDFNW�\xB4\xAF\xC5\xDE[�\xD5:\xAEVr\xDBZo\xE6\xD6\xF8\x84\x84v�\xE2 �\xF6\xFC\xAAe+�0\x8A\x90=_\x9C;�\xF0\xC0HX\x80\xCE\xEC\xD3\xC7\xF7\xF3\x91\x8B}\xE8�\x9F\xCEF.\x8A<?r\x8E\xDE�~\x9AOÏ”\\xAB���!\x84\x9C\xC3Ó£\xE9q눜\x9CL�G\xA1\xE7Ì¿\x9CMg\xA3o\xF3�\xD6t\xDE mG\x83 \x910X\xE7ß \xBD�A}\xB0 q\xE4\xDB[\xB1\x80 \xC51\xB6W\x96\xE7�\xE0{\x84hIfͬÏ\xC1\xD6nuÔ˜���&�6\xA4�cSz\xFC���\x93*=\xEFh1B\x91CEl"\xA8%Wc\x92\xAB\x91\xFELV\xEB\xAC\xDELY~�!\xBEÞŒ\x90S$\xE5\x92\xD5JW\xACP\x93\xF2\xA6\xD6\xE4\xB4ܬ\xD5t[\x8B\xBEox\xA9f�\xCA\xD3byI�\xB5\xABKvKE\xDAI\x84\x9CSVRm*)\xF5L\x83\xD2#˳\xBB�D\xAE,\x84Ȇ\x8B�\x88}�W\xA15�EÑ–\xB9@\xB9\xAA��%Q\xA8\xBB[J\xA0\xC7�\xB6U\x93\x92\xA9\xB1qפL�\xEFئ6\xF4\x8B\xE5\xB5Lje\x94\xBFR+N\xE9.OH�\x81�\x87\x9E�z!�\xC2�ÉŠ\xA9\xCD\xE2\xDAV\x93\xB3V\x89�}\xB7}\xA0_\xE2\xBE]\x99\x88�M�\xA3# \xED\xA2\xF1H�\xB0\x8F\x82�\x9A�\xCD�\xAD'0\xF4\xADI�\xA0\xAA\x90\xA82�\xBE�\x85\xA2R� \x91`\xB4\xDC|\x9F\x97\xB4È“l\xA7\xD38-ni\xD1\xCD\xFDkig|â¡–GQw���Gqe-I\x85\xA1 \xCA\xCA*\xB3\-\xEFÕ€B�P \xC4?�coR�c)\x8C j��&\x9AV\x98\x80X\xF6s\xC7<\xFDi2\x99p\x99lw\xB9\xE6\xEE5sohA�\xCCy\x959\xB6\x96\xEA\x8D
-\xA9\xA1\xB7k6\xD7 �\xC0D\xF2�\xB1\xA0\xF46)�ʪl\x98IWK\xD9�\x8F\x95BG[\xB2\xBD�\x9EZ\xA9Z\xF0=\xBE\xE4n/�\xD2U5&\xA7"Ǝ\xBA\xC2\xF701\xF9Өy}7\xC9y\x92el\xEB\x96E\x92\xF3+I�)\xBB\x80>̙N��Kd2g:Z\xD72�\xC7z\xC53%\xB0\xA0\xBC,\x96i\xA9V?6\xB4\xB8\xABq\xA5)\xE5|\xD8mK\xF5~\x87\xB4\x93�\x96
- \xC1{\x80�4\xDD�\\xB6\xBE�\xBB�\xF0\xA8\xB2�\x84\xD9\xE9�\x94t\x8D<6w\x81\xA9\xA6+A�]\x90\xEAn5�\xA1\xEE\\xA9q\xC0\x97%E\xA0~b\x81\x94\xAD�\xDAt\xD4 ;H˻uǗ1ʫ\xA5�t\xB0�\xF7\x9D\xEC\xE5łi"\x89'\x8C\xBE\x95\x84#񴹥M\xC5X\xB6)\x9B
-H\xD6>�+;
-:D\xE1~�\xEE\xA9ڿ"�z\xAA{�H\xE4�Ka\xBEkM\xB4\xE0Y\xA2s\xD7g�6\xB1�\xFF-+*Wư[\xA4\xE0\xE3\xBE�c\xE2�dž�Fdo\xAB\xFDa\x85\xD1�\-/[\xE1^�k\x9B\xCF\xEE^4Խ\x8D\x87\xC9\xEB\xA5\xE7\xF7\xCEs�\x8B\xFF*\xB1\xA6�\xC0C
-\xD0ͫ鳈\xF8@~\xCB�\xDE.a\x83\xE4ٟL\x8F_\x8B\xE2\xFDS\xBCbb\xF3k*�#\xE0E\xC2H
-J�\x85\xA2�r\xFDmÕ‡\xFE�\xFE\xCF\xC4\xD4endstream
-endobj
-1388 0 obj <<
-/Type /Page
-/Contents 1389 0 R
-/Resources 1387 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1392 0 R
-/Annots [ 1391 0 R ]
->> endobj
-1391 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [389.5011 743.8714 438.2478 755.9311]
-/Subtype /Link
-/A << /S /GoTo /D (sample_configuration) >>
->> endobj
-1390 0 obj <<
-/D [1388 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1387 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1395 0 obj <<
-/Length 1076
-/Filter /FlateDecode
->>
-stream
-xÚ¥W\xDDs\xA36�\xF7_\xC1\xE4 \xCF�Y�\x88\x8F\xE6)wq\xAE\xB9\x87\xCC\xF5B\xFBrw\x93Q@\xD8L18�â¸\xFEï•\xB0\xC1\x96}I3\x9E1\xCBj?\xBB\xD2
-dA\xF1CVH t#\xCF
-"��\x88\x88\x95\xAC&\xD0Z\x88\xB5O�\xA4e\x9C^\xC8�J}\x88'\xB3�7\xB0"�\xF9Ø·\xE2l`+�0�\x91�\xA7\xDFì¿]}\x89\xE7_\xA7�&\xD0\xF6\xC0\xD4!>\xB4\xAF\xAE\xFF\x9C"\x84ì«»\x8F\xF3k\xB5t}w\xAF\x88\x9B\xF9\xD54\xF0\xEC\xF8\x8F\xAFs\xC9A8\x92zDk\xC6\x{1F77E6}?\xE2Ï“y\xBC\x8Bo\x98�\x82\xAE�\xEEi\xF2\xED�\xB4R\x91\xCA\xE7 �n��k#^ @Q\x84\xAD\xD5\xC4#. \x9E\xEB\xF6\x9Cbr?\xF9}gp\xB0Ú©\x9A0!n�H\x88��(��\x80�\xF9 \x8A<b�$�\xBE\x8B\xDD�\x94�\xE5
-\xAB\xF9\xD4\xF1!\xB4\xFFQ��`\x80| \xFE\xDDK\xC5\xF9\xF7Rf*\xDC9�\x81\x88�\xDC\xE9fU\xBD\xA1uz\xA8n�\xA6EQm\x9C\xA7\x96\xD5ۑt^
-\xFF%-\xB8Y�
-\x94\x9B\x9A\x96<c\xB5Y\xBF�\xB5\xD3\xDFi\x8FbP\xC6g7��`�\xAE\�|\xDF\xEBD\xE6/ʜ\xEA\x80\xEF\x90\xC0G\x81P^\x95\x8A\xB1\xACx#\x98\xE8\xA0S8\xAB\x9Fe\\x92N\xAA\xF2;\x84x\xF1\xAB\xF25*\xC1ΗN+)\x8C �\xD5�ΰ\xA7\xF3C\x91d\x86
-\x99{Ô°�"\xD9y#\xF3\xEC\xC5d^'\xE6\xE4k\xEE,*g\xC9jv\xD6\\xB5\x96\xE2;�R\xA2�w\x842 \xC0\xD4 Gl\x85\xC1l\xA6�r\xBAZ�LѦr\xCBR\x94\x95\xA2\xAB\x92uE8\xD9f\xC6N)\x85\xDA\xD9~\xEECIYFÛ¢Q/\x83\x8E\xA5I\xC28?ÝŸ\xC7\xCDM\xCB\xED\xAB<ÖŒ7u\x9Eh\x97 M\x96\xEC\xB4Ë£\xFD\xE4��N\xEC\x8A]�\\x9E\xDBf\xE6pj\x96\xB45\x97[\xE0d�{\x91\xF7�q\xB6Oz\xB6c\xEC9sÇšz\x8B�\xF4Y\x93\x8B\x860E\xD0\xF1;\x89�\x9E7��\xF6\xD2� I\xB5\xBA\xF8i\xFB7Ûµ\xD6Vg\xAB�\xE9,\xEF\xE3\xB9XÍ”\x93\xAC\xAA:�\x97ol\xEBW\xA2\xFC�\xDC� \xC0\xFF�\x80�\xEB\x9F\xE5\xCFg\xCA\xC7\xD9\xFCMc\x8A\x96U#�\xAD�}\x8E=ȳ\xF9aE\xB7\x8F\xE7w\xF9{\xA04"\x89^1[\x94Ì\x9E""l\xC3p\xC0\x81\xB0\xE6EBIÊŠ=X�\xCF�\x9123��� {�Ò²\xF2l\xAC\xF4\xF8aOm\xFEL�V�\xE6T5\xF0\xDB�\xA6\x99�\xB9T0M-G\xDC�\xC4\xDDd4'9\xA3u\xB2T\xB0\x9C8\xF0K\xBAb\xFD`�\x8F3lj\x89\xD3\xE2\xEEÛ¬{�/d!�\xB8\x9E\x8Fu%\x88�\x9A~\xA7+nIS�A\xB8\xBF\xC4�\xEB\x86\xC3P%�/s\xD1z\xD8\xF7\xED\xFEIÕƒ/\xAB\xBA\x91$\xB1�m\x9E2\xC5m*\xBDÊš&/�\xEA\xA5]\xABg<�\xB7H\xD9|4\xD1%�L�EI\x9B\xB6\x9E\xA2\xD0fÚ…,\x89�O\x97Q\xB8�Uc\xA9vqh\x81\xCB�8o\xB6:L\xCD\xFDp{w
-�yۘPL�O\xEA\xFCQ\xFAt�\xB1\x93%-�\xFD\x8BL\xA3{ʮ\xE9V\xF5ͦ\xAD\xA9r,\x99\x92Sh�\xAA57\xAC(�8K\xDA�\P\x95\xB1zQ\xB4h_E\xA4\x8A\x9B\xC9ƖD\x9Ag\x92/\xF7\xAC\.\xB5\xBD\x8C\xED\x81\xFBŔb^&E\x9B\xAA:�\xF7\xC0\xBAS\xAA\xBA\xF9\xAAvI\xA6/p\xCA�m\xF6:#\xB4�\xE3/\xB6\xD5J\xB4L�\xD1\xF2\xD3\xE2<_\x8C\xCB+x\x9B\xBCY*J�\xE9ė\x84K\x80\xBC\xFE�\xEE\xFDpw\xFA\xBE\xFB+c\xFFY\xE5�\xC0
-C\xBC\xFB\x80�\xED
-�\xFA \xC4Q\xD0�%\xD1E\xD1a\xE4\xBBÏ‘\xE3\xD0\xFF�\x8DÔ”fendstream
-endobj
-1394 0 obj <<
-/Type /Page
-/Contents 1395 0 R
-/Resources 1393 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1392 0 R
->> endobj
-1396 0 obj <<
-/D [1394 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-158 0 obj <<
-/D [1394 0 R /XYZ 85.0394 146.2062 null]
->> endobj
-1397 0 obj <<
-/D [1394 0 R /XYZ 85.0394 108.682 null]
->> endobj
-1393 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1400 0 obj <<
-/Length 2431
-/Filter /FlateDecode
->>
-stream
-xڥ�\xCBv\xDB6v\xEF\xAF\xD0\xE9\xA6\xD4I\x88� \x9F\xE9\xE9Bq\x9C\xD8m\x93fb\xCDl\x9A.
-\xB2\x98\xF0\xA1�\x94�͜\xF9\xF7\xB9��\xA4(\x99y̌\xBD p�\xDE\xF7\x93\xE2\xB3 \xFE\xF9,\x8AY\x9C\x89l\x96d!\x8B��\xCD\xF2\xEA"\x98\xDD\xC1٫�\xEE\xEE\xF8\xFD%|\xEB\xF9\xF2⧗2\x99e,\x8BE<[nF\xB8R�\xA4)\x9F-\xD7z\xF0�\x9B�\x86\xC0[\xDE޼\x9A\xFB\x82\x8B,\xF0.\xAF�o\x97W\xEF`��p\x85.,^\xFCc\xCE9\xF7�o.\xAF^\xD0ы7\xB7\xB4xy\xB5\x98'\xA1\xB7\xFC\xFB\xBB\xAB\xDB\xF9_\xCB_/\xAE\x96�c�x \x91\xB9O�\xFE�\xCC\xD6 ʯ��\x93Y�\xCD�`�0\x9EebV]\x84\x91dQ(e�)/n/\xFE6 �\x9D\xDAW'u\xC2�&d,&\x94"ĔR\xA2\x8C\xC5RH\xAB\x94\xE77oP\xC0$\xF2vmQ\xA9\xB6(�\xB45\xFBݮi;\x83\xBB\xB8\xD7�\xC07M\xEB.\xE8\xF6^\xBBu\xD7\xD05\x84͹G\xE0\xD8˛\xAA\xDA\xD7E\xAE\xBA\xA2\xA9A\xB52\x8D\xBC\xE5\xB6p8\x8B:/\xF7km�\xC5?\x9BZ;d\xAD\xAA\xCD�p\x80\x96\x9F�(�^\xDDt\xC5\xE6`M\xF2�u�\x82\xFB\x9C\xB3,\x8A\x84\x95B\xD5k\xBC�x휧\x9E\xCE\xF7\xAD)\xEE5\x81>\xEDu{\xA0e\xA5\x8DQw\xDA +a\xC0\xBDw\xDA4%\xC8`\xE8t\xA5\x8Cvh\x9A\x9A\x9E\xB5~\xB0\xB2\xC0�\xEF\x81�\xEEn\xB3\xA1\xA7S�\xACRzlUO\xB7,\xAA\xA2#\x84\x9C\xB4 \x9Ai;ڣ�'\xE4 at 5\xB3\xE1 e!\x8F\xF8p o\x8A\xD4\xCB�\xF2&2O\x95\xA6!\xD0J\xD3so\xF4f_\xD2)\x99 \x80\xEBC\xAD\xAA"w7vk\xD5i\xB4D \xBD�\xC1\xC8\xEE�\xDA�F�\xA3P\x8F0e\xBD\xB9\xF0\x95m\xB3/׎\xB9\xA6\xEE\xAC �dž\xCAs\xD0\xF9\x94\xA8\xE822I\xBDn\xABq\x91�\xD1#\x94�\xA5�\xE4\xA9\xC85\xB8B\xC8\xC1J\xFB\x8E\xC07o}g1|\xC1�\xB2''\\xE0aaܳ6\xFB
-�\xBC��\x91�\xBA\xEE@�q�\xEEML\x80 \xEDa\xD75w\xAD\xDAm\x89\x95\xAF\x89pF'�U\xDA\xDD}\xB1&\xB62ou\xA0'\xD9�W\x96�p\x8F\x8Dj\x9Dx\xFB\x9Dn\x8Bƺ\xBBe'\xB1\xEC =\x88_>\x8A_\xC1%\x93)\xE6�K�d!%\xD1\xCDq\xA4\x87�KE\x96\xB8\x8B\x8E+�\xAA�(\xBA\xD0>e\xED\xBEP\xB4\xE8z\xFA\xE1\x98>�\xB4Y\x96
-\x87\xD6\xFF8A\x99G,\x91\xA2\xA7\x8Ca\xF9�\x8F�X�\x86�\x9A\xC3��?�9\x8B0q;\x85s\xA7\xF0\xAA\xA2P\x8F0\xBE\xAC�ª\xD9u.2q\xD3ҳ\xA8\x8F�\xD0
-\xF8\x84 q\x976\xF4\xEC&�
-y\x98 �D\x8EÃz\x8AE�\xD94Hbw\x87
-h���)�\xA8#\xE5(\x85\x8CY"B9\xD4!>\xF7y��\xDE+]\xEB\xD6z:\xB2s\xBBU\xADv\xE2\xFD\xA6�N\xA2M/ҕʷ\xB4z\xAB\x8A\xF6T\x92\xEB\xC6tf\x82MpY�\xB1�\xAA\x82\xA5
-1/e�1\xAB(S\xAE\xDD^\xE7\xB4\xC7Ø’�9)\xC0\xEF�{îšYxb\xC2\xC1k\xE7hV\xBA{к&6d6\xB6\xB9Ș\x94Ao\xF4-p\xCB'\xB8�!Ë‚\xEC\xDC{N1a\x9D\x8C\xD3�"1\x85�\xDC'I\xB3\xC1:P\xD5!\xE1\xD5ĦjW���\xCCy\xB8E\xFB\xDA�\xE4�}*�\xF8u\xFD\xCC�\xBF/\xB2\x98�<\xCCN}\xF2\xBD�\xA1�Ç·\xBC0\xDCc\x82\x85Te\xB3
-�\xC7R\xC0�Q\xC0U\xB57\x9DsN}\xF4E\xBB0\xC3%[\x86\xF0J\xD39\xC3#
-\xC3&|�\xEC,C\x88=\x9E�}l\xF0\xB2žk*(\xC29!qN�1\xF3�\x87\xA1\xB2\x83<\x85R\x80�\x96e\xF3P\xD4w\xB4���7�EY\xD2\xEAn\xF0fhY\xB0l \x90\x8B\xD4�}\xD3\xE6} \x9E�\xD3zu\xE84\xEC9\xED\xAE_/.\xFD\xDB녈ܱU�.\x94!|\xD0*\xE4XB\x8B\x95^;
-\xAB\xE6^\xB3\xA9\xD4\xFC{S\xDFa�\x93\x84\xC8\xD0\xCAy+m\xC0Y\xBB\xA1É\x91t\x95�N\xA0\xA2\xB5\xDD7\xDE\xD6\xCA�\xFD�
-�\xE9\x9A�\xB5Fw\x8Bb\xEFMÓ¹\xCB\xDDVu\xFDÊ*\xF5\xB9\xA8\xF6\xD5@\x83�\xA5\xAE\xEF\xD0Ôˆ\xAD Y
--]\x9A:�r]@/㼈\xDE|\xEA\xBCD\xF7\xAC\xE2\xCEjԺQ1\xF8N\x98\x9E\x9A|\xDCk\xACk�\xF9\xC0�\xA6\xC0\x9EP\x90\xC0\x81|E\xCFm\xA5r�\xA2ޢ\xB4�+z\x82\x91�\xC0\xBDq\xFD\xC7\xEDҽ3
-\x8Ei#\xE2\xE2\xE8qؗS\xCC\xC0¶\x8B�\x87\x84N\xFB\xAE\xBF\x81E\xBC\x9C*T\x99\x84\xF4�r�\xFC\xBF\x8D�x\xC2c\xF9$\xC0?�}\xCF\xFDt\xF9\xE4i\xC4$8\xE61{\x84\x92\xA39\xB76 \x90\xF6\xBAp\x9DfW:6\xA1\xB6\x98\x9E\xC1\x9Ee\xE2�\xDD+p\x8DK/ %\x94$e�\x87\x9E\xFFĪ\xD8\xD4\xF8qH&\xD3uެ\xFB\x92`\xBA\x96�\xB0Ea�H\xDCb֙*\xD90>\x88D\xF6U
-jʳ\xA9d)Y\x86\xD3J0$4BJ\xAD\xE6(E\xE9Ï6\xF3\xAE\xE7gC\x8DEu\x96\xBF\x9C]\xECz\xA8\xD6{Ó¿\xA5\YSN\xA8Q
-\xB1\xFB\xA1�=\x9B�\xC8\xE7I\xC2x*\xB3S\x97\xB5\x82Yo\xFB]\xFDt�]~x\x95\xFD\xF1\xA41\xFCç@\x89�\xEB\xC5/\xBF|\xAFç©\xF9�z\x8D��\xC7Nì¿ \xC9C\xC9\xC2X|[Õ\xF5u\xAC�_\xD4\xD8Ta\xF0y�=�Ì‘S�B\xB8�\xF1Z\xD5{U\xFEO\xD5A\xC8\xE4\x94#�\x9F\xB4�xn\xE3�\xE1E\xB5\xB3\xF1�0E�\x98\xF5\xD6Öƒ\xECk0\xABÕ¹Cj;�\x80b\xD6¼�\x8E\xA3AÆ”�\xE0\x9E\x8B�;\xD4D\xDE\xEB\xC68\xA2\x8B\xDBË›�\x87\xD8Z\xD48\xC2Cn\x84ͽ*\x8B\xF5Tn=F\xA1LO\xDF\xC7�\xA6\x8C\xD9W\xE4$Ò0xÔ§o��f$g
-\xF5\xBE\xEC\x8A]y"[\xEA9\xFC�%�\xAFI=\xA9c\xCC�s\xD0.F\x9D\x9DS\xF1\xF6X \xF4�,\xA2NCv$<\xB2\x94\x8EMs"%\xC5͉\xA1\xA6ܰ\xB2\x8EQ\xBA\xF6eh�\xCFfTR\xD9��Rd#\xE1V\xE88\xF1>\xD6\xCDCM\xCB!\xA8`MT`a\xA9\xC0\xB3\x9D\xC3\xC4\xE7`ݖ\xB2\xCA\xFEn;՚\xA7\x82\xC98\xEBۿ\xAA"\x97\x98\xF0T�\xD10�BԶ\xD0q\xD23�\x8EX\x94\xCA\xC1N\xE6#\xCBBC\xCFc;c\x99�<�6\xBD'R�\x87\xC0J\xA1D\x9CUgթɱ x<�\xF4qx\xD9\xEC�C\xEE��~<�܂\xC5zkY>\xE1\xF9|h�_Ä S\x8F\xF9v\xE4Z\xF7Lcr\xD34�S��\xFA\x88�;\xC2 4y\xB3\xD3�\xA3��1~�ct\xB8 \x80\xC1\xAF-\xBDC\xE2\xCBآ\xA9\xDA\xE0\x84I\x90J\x83�ׅ\xA9\xDC�\xFD\xF7�K\x95`\xE8\xC5Xfy2\xB0�A\x93\xE9\xEE\xC5ý�\xB1\x89\x98}\xB9|;\xE7"\xF3\�dL\xDF�u\xBAԻmSk\xB7\xD7]\xFE\xBD\x96\x91\xCE275\x8CaՄm\xEC��\xF3x\xAC쇸�\xE7Q\xE4\xB9\xF3\xABυ\xE9l\x86\xFB\x86}n*u\x87\xD3\xEB\xE3\xF1G\xA6,\x96a\xFA\xED9*\x88\xB3諃�\x87\x89,J\xE4�\x93k�\xA7\xF0\xC5,\x8A\x87\xE9M\x8D\xBB\xCB\xE3lBߎ\xCC\xF9\xF0s֩�}\xF9_�}M\xEF\xC7z\x98o\xFB\xCFPМ\xFFh\xA6>!D\x9C�Aԫ�Ǫ5˛z3\xC1{�\xB5:\x8E{]Ps2\xD9Z\x8404\xA6Y\x88\xD3z\xC0d�\xC8a\xFA\xDC\xC7Zȿ\xAC�\xF6\xFEs\xFAA\xB2\xBCkڢ\xDBV\x8F\xFA柧<׸\xA8ƻ?|\xA9\x9D\xF8\x81^\xF5\xCF�R&\xFF\xF7\xCF\xD3>E\xA2\x84\xE3�'<K\xFB\xA1\xB3\x89\xEC\xFD6\xF4\xE8\xE3^t\xF2� \xB7n\xE0\xF2\xA5\xE0\xDEmA\xA5�\xC0\xAE\xE3��\xF4�\xA9\xB9��\xB2\x91�\x83\xF5�E\xD7E7\x98\xC8\xD7=��\x97p\xA5A\x85\xBA\x9D0\x96\x84�?\x89\x93\xE8{�\xC0�.\x9Fh\xCC~\xC4\xE0\x91W7\xB5\xFFд\x98j$\x8F\x87!N\xAD\xA8s\x87\xA9�\x8B�ޤ\xE1
-\xEEм�\x90\xE3�`?7\xE3Y\x8F\xD6\xF97\x82\xEC|\x88 ڞ�\x8CN�҅\xBE\x81&\x9Avt䔩�\xE2>\x9B;ܫÄvμ\xEB\xABډ2\x96$C$\xB1/\xFD\xA2!#\x86?CL\xFC\xFE���\xF0\xFF\xDAq\xFCy'L\x98LS1\xFDC�\xCEM!\xB6ߎ)d\�\x8F8\xEF�y\xCC\xFA \x97\x9B\xCBmendstream
-endobj
-1399 0 obj <<
-/Type /Page
-/Contents 1400 0 R
-/Resources 1398 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1392 0 R
->> endobj
-1401 0 obj <<
-/D [1399 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-162 0 obj <<
-/D [1399 0 R /XYZ 56.6929 662.3153 null]
->> endobj
-1402 0 obj <<
-/D [1399 0 R /XYZ 56.6929 634.3021 null]
->> endobj
-166 0 obj <<
-/D [1399 0 R /XYZ 56.6929 587.9857 null]
->> endobj
-1403 0 obj <<
-/D [1399 0 R /XYZ 56.6929 564.9659 null]
->> endobj
-170 0 obj <<
-/D [1399 0 R /XYZ 56.6929 418.0778 null]
->> endobj
-1404 0 obj <<
-/D [1399 0 R /XYZ 56.6929 395.0579 null]
->> endobj
-174 0 obj <<
-/D [1399 0 R /XYZ 56.6929 306.0653 null]
->> endobj
-1405 0 obj <<
-/D [1399 0 R /XYZ 56.6929 275.4022 null]
->> endobj
-178 0 obj <<
-/D [1399 0 R /XYZ 56.6929 229.0858 null]
->> endobj
-1406 0 obj <<
-/D [1399 0 R /XYZ 56.6929 201.0727 null]
->> endobj
-1398 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R /F39 1161 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1409 0 obj <<
-/Length 2729
-/Filter /FlateDecode
->>
-stream
-xڥYYs\xDBF�~ׯ\xE0[\xA8*s2\x83�\\x9B'ٖ�%k'\x91\xE8\xAD\xDA\xCA\xE6�$@ (�hZ\xBB\xB5\xFF=}
-��\xB2*\x95\xE2�\xE6\xEC\xE9\xF9\xBA\xA7/\x9A\x99\x86\x9F\x99%\xA1\xD26u\xB38u*\xD4&\x9C\xADw�zv�s\xDF^�Y\xB3\xF0\x8B�\xC3U\xAF\x97�_\xBF\xB3\xF1,Ui�D\xB3\xE5f at +Q:I\xCCl\x99\xFF2\xF3\xDD\xD5O\xCB\xEB\xDB\xCBE�\xEA\xB9S\x97\x8B0\xD2\xF3\xAB\xB7\xFF\xBA4\xC6̯>\xBC\xB9~\xCBSo?\xDCq\xE3\xDD\xF5\xD5e\xEC\xE6Ë\xB7\xD78\xA2SX\xE7T$;\x97?\\xFF\xFB\xF2\xD7\xE5\xF7�\xD7ËŽ\xBF\xE1�\x8C\xB6\xC8\xDC��\xBF\xFC\xAAg9\\xE5\xFB�\xADl\x9A\x84\xB3#t\xB42i�\xCCv�.\xB4*t\xD6\xFA\x91\xED\xC5\xDD\xC5\xCF�\xC1\xC1,m\x9D\xC2$\xB4\x89
-\x93 \x9E %�\xA6@ S�\xD9\xC0�(W-\xDE5\x9A\xB7�e\x83\xADx\xFEX\x97U\xFB
-\xDB \x8C�<\xFD{\xF1\xC4
-\xBFji\x92y\xB1\xAE\xEF\xAB\xF2\xBFE�\x90\xD8 \x9D/\x85H4\xDF�Y%+Û‡L\xCE(7~D\xA86\xC5\xFES\xB1\xE7\xB6�,\xCAO\x85l\xCC<\xA9\xA6\xC9\xEE\xFD\x8E\xF2\xBE*r\x9E_=\x9D\xB2\x8E\\xA20_\xA1\ \x9C\x851*
-ÀnZ��V\xBB\xF9:\xAB\xB8�G\x97\x9B'n�K\xD8\xC0�\xB2\xF6\xC0\xDC\xC0\xB5\l\xE67\x9B/-\xE2!d\x81\xA6�\xEB50\xBC9l\xB7O\xFD1\xFF\xD1:(r Õš\xB8'\xC3\xFB\x9BǺjN\xA9\xC85\xB1\xBD:c1\xDB�S�\xF4\xB7W8 \xB27\xB3nv\x83k\xADS\xD6Ú”Ö‚\x9E(w\xB90Z\xEB\xF9MÕ´\xFBú-\xAB{\xD6{\x91\x8F\x9E\xDFu\xF2\x81\xC1\x9A\xBF�\x9B\xE2d\xD5�p.\x9F8\xD4680p*u\xC6Ñwe\xB5&\xFE�\xE4\xB3\xE1V\xD6#\x98Λ�\xE9\xE6<\xB9*\xDAcQT\xDCi\x8F57�ꦕ\xDDu\xB5\xF5\xE2�\xED\xB3�\xA0\xA4S+l\xEF�M\xCB\xF4W2\xDB\xD6[9\xE1\xF8\xE0\xC9?\xC3R[{V\xF8{hH\xD5]�\x82\xAAO\xCA`So\xB7\xF5\xB1C\x92�Sϳ<g\xAD\xEDql\x99\xC0\xD7\xEF\x9C�\xA0fL o3\x82\xF7N\xE4*�u\xAE\xD6u\xB5\x99 at 8
-T�E\xA1,E�ۊD6\xF5\x9E׃\xB4\xFB\xF5\xD6(�\x9BT\xD6#\x90f\x82j`T�'~\xD5+\xB9\xC7\xE6D\xE67?u��-\x96\x9B֛\x89\x93\x93T\xC56H�'�S';\xA5\xA3\xD4\xDF\xC7Cg\xC0.\xAA@\xD9L\xA0�*mT�\x86)\xE8Z\xAA\x92$f\xE5\xF6\xF2\x8Ft\xBF\x9D{\xFF#\x99y\x81\x9D\xBE\x9E\xC6/\xA2��\xB4 f�\x8F|\xF3\xFFoh\xFF\xE2\x84 \xBB�\x9E\x9Cx�\xC8YBK\xDE�\xB6m\xF9HR\x8AS91\x88AI\xB3'�Z\xC9ԣ\x80Z\xB0%�}[�Z\x9E"\xAD\xA7���\xB6\xA3\xE8\xF7\x8D\xCC�n\xF0�]\xB5i\xE4\xCD2\xAC\xCCK1\xB3-\x98Y^\x97ׅ\xEC\xA8\xEA\x96W\x81\xBE\xB5YY\xF1hV\xC9qM\xB1\xE6\xCDmC<\x811\xAE\xC7O\xC0tv��Ǘ\x82\xC6Jt\x86(\xA2\xCE\xF0\xE7X\xEF\xB7\xF9\x82Ify\xB6\xF2\xCAˊ\xAC:ұJQw\x90\xF4͔r\xA5\xCA\xD9ľ\xA4\xD5`\xFB�\x8ChQ\x90*\xA7K\xB3\x93A tN&\xEE<�\xB4<n�w\x99\xD9?�E#H\xD1c�\xED�<�B\xC9\xF5b�\x9Dq,\xB7[n\xADd\xBAsm4\xDB>\xC8 �\xB2\xA1y,\xD6\xE2GX \xADUq\xA2\xC31\xF8'>`�T 1D`\xA3\x97\x91�\xBCBa�\xC4R|��D\xB4\xAC�\xD0�z\xB0fl\xDFzO\xAD\xFD\xCDOVx\xBD�\xAE\x94\x8B�M
-\xB9;j\x8D.7[8\x90ij\xCDXE\xAE\xF8\xB94\xE5\xAE\xDCf{\xE9\xB4Y[\xEC\xE0-q\x97]�=\xAA\x82\xBF\x83\xE7\xC6�\xA0\xAA\xE7\xF8\x998T&r/\x9A\xB1\x91�\xFD\xAAa\x8A\xF0\xA6Px\xF7\x87}֖uŃ\x9Dͦv\xA8\xE9\xF6���88\xFCk\x86۟;\xD0G8\xC1\xF0\xE0\xB4\x88B\xB4\xA5\xE6e+\xEDLw�ɒ\xF0\xBE\xAFD*�D\xACa�\x8D\xAD\xEB\xF8\xE5L\xA9\xC4\xC4\xC3\xD6
-8\xB6\xE9Ú“\xB1�p�n\xC2\xEA\xE0<�
-%�Z\xDE\xDD|\xDBG3\xD4x\x9D5^+\xAF(\xA6\xE3\xF6�0\x8E\xFBz\xFBr\xC4\xF3\xFA\xE6�&�\x89\x99g��\x90<�v\x9C8\xD6˅@\xC0\xA1*\xE7\xC6>\xAB��X\xCF �QU32�\xB4\x80\xAC*L\\xBD\xF9'7\xF2�\xA7\xAB�\xD5L\x88 e\x8F\xCB � \xE7\xA9�;\x81\x8E\xB8\\xF0:\xB8\xC2 \xE1D\xC5}ܰ\x99\xA0�\x83%r2�2\xDE?MQI!\xFA\xE8b\x80\xDF&\xA8\x804b\xAFV A\xB3)\xF6�t \xD9 L\xEA\xBE at g\xE1B
-�cT0T\xC1\xC3c�f`\x8A"\xE4j\xB17\x8B\xF7�\x82\x8DUd:\xD6F.\xB4A��Z\xEFa\xA3p\xFE\x90Q�\xC2v\x8A]\xB1U|n\xC1ß\xBC`� �F n��\xE5\x83A h\xBA\xA9\x89\xB8\xA3P\x93\xC7V5ym\xD8\xC2\xF9�\x8C�\xEB\xC36\xF7'\xF2\^\x80'/\xF2Id\x8C\x8AS�\x9F\xFB�R\xEDQ\xC43\xA9\xDF#K[yÇ\xED�\xBD\xF3\xAE7\xDECL�\x9F`��\xC7#}�J\xE54\xBAM\xB43S\xA8\xFB\xF8\x81oN\x9Ed2:4Ϊ@\x9Bd��\x8E\xCE��|\x84\xC3�#\xBFg\x82;!\xEC\xB3_\xDD?xh\xE7O�Ä—k\xEE𩧞�SFoj$\xBC\x9B\x8A\xB9\xCFl\xE81k\xCE=\xE8\xEAi�euÂ¥TB"\xAC pS\xF6 E{\xD0=\xAD�\xB4!\xC4RC\xE8#*$Ù¹exÈ‘\x8B\xC6\xDArW�\xA7\xC5�\xA3!.\xD7.\x9CY\xABU\xE0\xE2 \xCB�<\xB9\xBF\x9Fq\xE3vP\xE7\xE8\xD6/\x86�\xCE\xEB�\xE7t\x99\x81\xB58^@ \x82\x94 Ìš;c)JT\x9A\x80�\x9EpVp\xE9V\xBD\xC4Hl\x94\x8B�\x89�#\xE8|\x87�\xCA\xCBf}h\x9A\x8E\xB7\xFAT\xEE\xBB\xDA\xE7\xA4��\xDB\xE2s\x89\xE1\xF2\xB9�M�\xB6:�\xBC\xADfu[<\xD6\xDBr=\x95\xA3Ghr\xAD\x90]\x984\xEDD-\xA4R\xB1\xC5\xD7DN\xD4u>4��z\xBD\xDF\xD7\xFB\xE6e\xC7\xC8\xF6\xCC\xC4�v\xD5\xE8[9c\x861\xBA\xBD\x89\xBCM\x84\x91N\xB9\xA1=\x88�\xA0G\x95�\,\x9E�\xB2+\x9E \x9F\x88[�\xC8�\xB3-w\x8A=�\xB7G\xA3�\xA4 \x95up"{\xF6�\xA1\xD6\xF0)��b�\xA7�\xED\xAC\xEAj1\x95 \xC9��\xB0\xDCÇ®\xAE\x80]IPcG\xF9u\x90�!�\xF7\xE3\xED\xFB\xEB\xDB[\xEE`@�\xBA\xB2\xA3\xCC�\xFA�\xFF�\xC7\xC1\x90D\xE7\x81\xD8\xFE\xC0\x97\x94\xDAþ\xA2r�\xD2n\xB8ò‚³¬R=�'D8�\x84\xC6�\xDC�$\x94�\x90Ⱦ\x89b\x87\xAF�Ò—\x92M�x+�\x84s\xFF͆\xAC\x89\x90`\x98$
-\xDF�\xE8\xFF88FÆ\xEE��=\xE3\xE1\x80\xF1.\x8E�$\x8E\x87/\xE4(\xA0\xE9eK&4��ݾ\xB0D\xC4jO\xAB\xCA��\x8A�\x9E\xB8\xE7D*3\xB6\xE0\xF2\x92\xBB\xD8L\xAC}/\xE6\x93l6\xF6\xD9\xEC�\xCC#\xEE\xC6�k�L�\xB5�'\xBAr�\xB4\xC7U\xD2n\xF7 at ci\x87/�B\x9Bʇ\xB8\xAE\xE2\xEF\xA1\xFA\xBD\xAA\x8F�\xEF\xEA�\xA6\xF0\xA8%\xD9\xC4\xF1\x93\xCA$!
lc-!\x82\x85'$\xC7L \xC6i\x9C\xB5FHBC\xAEg\xF5 �\xC2\xF1N\xAD\xB9\xBB\xAE\xF3\x82\x975E+$j\xFE\xBE\xBEz\x8B%w\xCE i\x84�\x84o\xC6;\xFC�f\x84 t;�\xA1}\x82\xA0Õ¼\xDB��\x84N\x81\xEC9\x8D��\x80#)�X�KE�\xC7\xE8A\xE1Чl[\xA2)\xA6J\xA5\xF6\x95\xCA3\x9Ca\x8B\xE0\xACc):F=\xCE4*\x8CÑBD\xAE
-C�du<B�&�Y��\xB2�\xE6\x8Apv!\xE2���w�b��H·\xAA\xD8�B\xEC\xFA\x87\x89\xED�\x88\xFB\xDD=\xC4Б\x9B\xB8\x90g\xE1B\xE5N\xA6\xEACÛ”\xB9\xEFl\xF8\xCB\xF7\xC5\xE5�]\xD1%a�\xE5J�k\x94~\xD9Lu �\xEDA6\\x83\xC0o�\xB1\xF15�l\xF1\x91\xA6\xD3,\x9D�!\x86\xF1!\xC4\xD0�\x88\x8DW^\xC3&�\xBF \xEA\xF2\xE6\xFD\xF5+\xEE\x91e�\x9D \x97\x87�\xE8Êp\xF3\x8CN\\x89C}\xC05\xFF
-\x8C \xA7�T\x8F\xE3�\x83\xABQ\x91\xE8�6\xC6�\xE0�;OhxZ\xE3.\x90N\xFF\xCF�e"\xE01e�\xD7\xA0A6\x9CN,z\xBA\x90�\x8Fu\xBC�\x9E\x8A�\x9E��kB
-\xD1ï°�2\xB4\xE2\xF8�uu\x82yh\x89?\xFC\xB8D{{\xF5q\xF9\x9D�\x97B\xCD~
-\xED\xF4�8\xAA\xDAr
-O1Gj\x83H��\x84Q\xF7WI\xAA\�� q|\x80\xE3\xFF\xF1; \xBA0\xBCIT�\xA7�\xDE\x{12B093}\xFC7t鰺\x8D\x81�~,\xE0\xB3~Ȫ\xB2\xD9\xF1(\x87\x880��\xD7� \xC3,�\x98\xBB/\xAA�\xDD$�L\xB8D<\xFA\xE0\xDF��>@\x90Sp\x92\xFEM\xC1Q\xFA7\x85�\xB7\xC1\xB0l�\xA3���\xDB�R�\xE0\xFB\x9B\x8C\xA5�{v \xA3\x86\x92�X\x93v�\x8C\x93|\xA7\xB46>\xC7x�+�\x97\x8D\xEE*
-\xA2\xCE@\x91�,\xFEe\x87\x9D�L\x9F\xAD\xF6Z\x96\xA6\x92\xEB\xA4R�\x87\xAF`E\x98 C{Þ5\xF4\xDC/
-�-��[j5\xB0&�
-\x98\xD2b,\xDC\xF0�IËHU�\xAF7\xF5\xEF\xAF
-�\xFEe;\x91:\xE8.\xA2\xFE\xDB\xFF�\xF7\x85\xBBX\xD9$y&��˯\x92 \x8D=S�h`N9\xEF\xFEB>g\xFDO�J�|endstream
-endobj
-1408 0 obj <<
-/Type /Page
-/Contents 1409 0 R
-/Resources 1407 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1392 0 R
-/Annots [ 1413 0 R ]
->> endobj
-1413 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [101.3082 326.601 169.9802 338.5012]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
->> endobj
-1410 0 obj <<
-/D [1408 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-182 0 obj <<
-/D [1408 0 R /XYZ 85.0394 718.5038 null]
->> endobj
-1411 0 obj <<
-/D [1408 0 R /XYZ 85.0394 691.1994 null]
->> endobj
-186 0 obj <<
-/D [1408 0 R /XYZ 85.0394 491.8561 null]
->> endobj
-1412 0 obj <<
-/D [1408 0 R /XYZ 85.0394 464.5517 null]
->> endobj
-190 0 obj <<
-/D [1408 0 R /XYZ 85.0394 313.1885 null]
->> endobj
-1414 0 obj <<
-/D [1408 0 R /XYZ 85.0394 288.6895 null]
->> endobj
-194 0 obj <<
-/D [1408 0 R /XYZ 85.0394 127.0564 null]
->> endobj
-1415 0 obj <<
-/D [1408 0 R /XYZ 85.0394 94.9508 null]
->> endobj
-1407 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R /F39 1161 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1418 0 obj <<
-/Length 3319
-/Filter /FlateDecode
->>
-stream
-xڥZ\xDDs\xDC6�\xF7_\xE1\xB7[O\xB3*\xC5�Il\x9E\xDC\xC4i\xD3\xCE\xE4z\xB1\xEFn\xAE��\xDA]ګ\xA9VRWZ;\xEE_ �R\xD2Zin\xE6\xC63��\x82$ \x82\xC0�Ԧ\x97�\xFE\xD2K\x93%\x99\x95\xF62\xB7:1"5\x97\xDBÅ\xB8|\x80\xBE\xEF.R\xE6Y�\xA6\xF5\x94\xEBۻ\x8B\xAFߩ\xFC\xD2&6\x93\xD9\xE5\xDD\xFDd\xAE"�E\x91^\xDE\xED~Y\xE9$O\xAE`�\xB1\xBA}\xFFݯ\xC2��\xFFҫ\xB5�\xB9\xCAWo\xBE\xBF\xFE\xE9\xEE\xE6#\xBC��\xAC\xC4x\xFD\xF6_Wi\x9A\xAE\xAE?\xBC\xB9yK]o?\xDCR\xE3\xDD\xCD\xF5U\xAEWw\xFF\xFCxs{\xF5\xDB\xDD��7wQΩ.\xA9P(\xE4��\xBF\xFC&.w\xA0\xD2��"Q\xB60\x97O\xF0"\x92\xD4Zyy\xB8\xD0F%F+�(\xF5\xC5\xED\xC5?ℓ^?t\xD16\xA9H\xA4\xCA\xE4\x82q\xA4\2\x8E\xB1I\xA6\xA4\xF2\xC6�\xF6\xAEw\xA0\x98\xB5\xABC\xBBs\xFD\xAB\xAB\xB5J%\x92\xA1!@\xED\xEA\xFE*-V\xBF
-!\xDD\xFA{Wׇ\xB2!\xF6\xDF\xDD3\xB1\xB8O\xDB}\xD9<8\xB0\x9D6\xC5\xEA\xDBv\xD8�Ǿ퇞x\xCA#\xCE\xC2�Q\xFB\x8FSE\x8D�\xB1�-\x8F*�y\xED\x92�\xCB" Ã7\xFF\xC1� 3\xAC\xD34\xB1\xC6H\xAF�M\xBBm\xFD�f\x97
-G�Q\xD6þ==\xA0tʂ\x8AUO}K\xFC\xA1\xAFi�b)4v{\xA1\xE1\xB9q\xF4쨷w
-�\xAB�\xEA(\xE9\xF1g\xDB8\xF4\xBE��\xC8Vw`fP 6*\x9Dl\x94J\xF3D[U\x80^\xA8\xCE�\xABy\xB6\x9D\xD2\xE2^�&Z\xB8ݺ\x9E�?\x9Cz�\xE1Ô³p}\xF5Ѐ\xE0h\xB1\xB5\xD2Yb\xAD\xC9\xE6\x96;\xC0\xF0\xF2\xC1{\x81T*�XKiW\xAE�\x9F8R{\xF3\x8C\xCFbu��\x8A(-\xF7LO\x98\xD7Qy�}�\x9B\xE6T�<\xE6~Aw\xA9M\x92�\x99~Qw-r\xC3L~\xAF`Â’�\xFD\xBE�\xF7�\xA4\xECÝ–\xDEy\xDDa_rk\xEB}��b�\xC1T\xAC\xAE\xDFXI6#\x8B\xC9\xDC\xC0\x99\xB6\xD1b\xE9\xCCb��\x9E*\xEF\xFB\xD0B\xD3$�\xFA\xC1 �:\xD3_T/K\x8B\x9C\x99HJ\x98\xB3\xAC\xFB\x96Z^^x\xB2\xBC\x86O�<w\xAEv�\xF7\xCE�\x81\xEF\xD1�,.[�Z�?\xF7%\xF3\xB2#?V\x{DA6F}\x9F\x89\xF6\xE0�w,�\xB7K\xC8"\xA9TI\x96\x81!\xD6\xE0\xB0V\x93�-\xBB\xB4\x84�e\xC0\xDB\xFERm%`\xEB\x8D^\xF2he\xAC\xDFf\xFFl\xAA\xA1B1\xE8�\x9DQe>Z\xE0붮\xFC\xE1\xC36z%>{w|t\xC7 \xBB\xA75\xBB\xAAy\x98\x8D��ȹ\xF89\x9C�!\xFE'\xF9�3\xFDqrG^�\x8FD\xD5l\xEB�\xAF�\xA4\xB2y\xE6\x83h\x8A\xC4d\x99\x9D\xBBUÙ±\xFA\xDD�UÅ \x9Cc\xB8\xEB)u\xE1�\xEE8>Kzx\x99\xAC\\xAD˧�l\x91κC\xC6\xC2\xDC�9ÍŸ\xC7I\x8Fo\xF3\xD9\xECÚ«t\xD5\xF4�\xB3\x80\xD2+�\xBC\xBE�\xBD\xC3?\xC1d[�\xA7\xE7 N[\xDC�f~\xAA\xEA\x9A\xE8Û¶�J�|$\xDEKs\x9E\xC5\xEBÏŸ\x82�\xDAl\xCE�AZ at Pm|#\xF7\xD6$ʹݰ�2U\x9F`.\xC9V\xD7\xF7\x83�b\xC0\xCA\xF1�Z!\x81a\xD4K\xB3Õ†���\xEC\xCA\xE3Pm\xAB\xAEl�f\xA5\xE4\x84}\xAE\xE1T�Ôª\xB9o\x8F\x87r\xA8\xDA�+X\xF4\x99\x9A!\xC1\xED\xE0\x80��U\xC3\xD9ЧZlÌŽ+\xBE\xC7\xE3\xFA�L)\xD5\xC8\xE9>\x95Û\x9A\xF3\xB8\xEFg\xEF\xC0\xB3\xF9\xA5\xF5\xB9\xBA\xF0#�\xBC\xBA\xB0IQ\x98/:u*L`B\x8C\xE0\xF3|\xBE\xFA\xF7\xDE1�8\xF5Þ'\xCA�\xF3\xA4Íž\x9E¬V\x98\xB9\xA7\x87\x84\xFER<-\x93��Æ—\xC4+L\xA1&\xE2\xC1.jH\xAD\x9FA
-p�\xD0�\xB0eFT\x82\xE4\xE0�;\x9E\xC0;�v���\xF6\xE9�\xF9\xF7IbAÆŠ\xA7ݹc\xF5\xE8x\xB4\x8F7@\xF4^\xE5í«DHs\xE6�SW�\xF3F\xAA�HÔ’ÏŒ\x86 j\xB5 \xA0\xF6j\x9D
-q�j_��\xC6\xC9�\x81_\xE1\xC7}\xFB\xFE\xC3[�([Yz\xF8\x85˺\xF6b\xE2\x99\xEE �t\xED\xD1#7 yC\xBCs\xFC\x8C\x94\xE1X6=8#z\xBE'`�-\x87�\xC7�\xA2\x95<U߹m\xE57dG���\xFA\xF8\x8E�\x90F��C\xD6\xCF}\xDF�ƓV!\xC0\xC8r\xFBB*\x85i\xB1\xA7Vw\xDA\xD4\xD5\xF6k\x88�\x8F�F\x81�\xF6_Q�\x85gy\x82=n��ۈ�\xD2:/q\xBD\xE54�]�\xDD\xE8\xD0ռ\xED`\xB0\x9E\x9A\x9D;b$ \xFD�\xEB\xA7\xC2\xF1�u \xD7\xEF\xCB�gj\xF0\xCD\xC6\xC7%\xCC\xF2\xFD\x88 \xA8\x85�\xBF�i\xB9z\xACj��G\xC4���<\xC0\x86�!\xE1\xB7\xC7
-\x9A*\xD06e\xC4�m�`\x80\x8B�Q\xA3�ɒ(\xF2\x98\xDC\xF9\xCC+CxV\x9FWT\xD0�1#\xF4\xB2�\xA9\x83�\xB5�\x81\xDC\xE1�y\xC5`{ �J!\xC8\xD46�t \x8D\x90\xB5^A\xAA\x8A\xBE㧻\xA7' \xAF4�?Y\xE8\xF7\xA6}
-\xD26,�\xEC\�\xEE1\x84Y6\xCF\xE3,K;\xE4S\xE4\xEB33\x85\xC4I\x88ϋ\x8C6k�C\x95\xC3\xE0�\xDD0\xC7euK\xCE\xE5�\x9A\xDD\xD7ak�˺\xDAŞ\xD9N`�\xBA\xB4 g6G\x81\xC0\xE6�\x82qW\xEF٧ hW]\xED\xD6\xE3.\xA0W\xBD\xF9\x89�\xBB\xF2\xC0\xAET\xF5gz@(\xC08�\xE0^�"\xB5�\xE7\xB1��|8\xB4m�\x90g\xD5u\xC1\xCDFPL\xC1�[\xF6�\x80�l\xC9B,\xEB�f\x9C\x83n�|\xA1\x86Ry"\x8B4 \xB6�\x94\xF1f~� !\xCD���\x8E\xC5\xD8�\x87\xD8&
-\xA6<\x8F\xC1�\xC7`�\x92_\x8C\xBEo\x8E\xCF\xDD\xD0\xC2�\xED\xF6Õ–�\xC9$\xF6T\x94\xAE3\xDABk\xF8\xCE\xC1f3\x80A\x84\x9E\x9E]\xDB\xF7Õ¦v\xF46@$\xDASl"l\x82\xB4=w\xC6\xC9n\xDD\xF6t\xAC\x86gzC3\x93\xE0\xCAN\xEDg3\xD08\xD6 \xA4\xE0z�m=\xBBXP #\xF2`\xC1\x90\x87\xC0V�\x8C%M1\x8F\xDC\xEE\xD3\xE0\x9A�4\xA1*3\x83\xE8\x84皃\x86\xE4\x8AYRR\xC0*T�\xA5\x98\x95i�i\x9Ai|\xB6\xE5\xAC\xD3\xF8\xE2S\x83\x97R4P\x98\xAC\xD9|\xC0\xB1s\xFD\xF6Xm\xBC�)�b�\xC4v>�#g\x9C\x9D\xABh\xC5e\xEBy\xA4�i\xF2\xDCU\xB1\xE0\xEF\x97N\xF1\xFB\x86\xAE �\xD0z .�\xA5$ \xF7�T �\xF2\xB1'\x94\xF4�Ó±\xE7Ùž"\x82\x81>\�\xC1\xB8\xF4\x81d\xDA3�\x9Dq&\x88b\x95O\x93\x82�\xCE\xD3�\xD71\xE9 <tOT\xBAJ@\xE2\x86\xE7\xBBo\xEB\xBA}\xC2È°Ö\xA3�T���KQ�\xA2A\x98\xD5\xC7���bh\x89)T\xE4>r0�\x85�/\xE7Th\xAAt\x91\xB7j�c\xC5C&�\x98Õ\xC2\xE7\xF3Yܧ\xAE\x86Ê„\xA6\xCA\xE2T\x87v\xCA�\xF8\xBC\xACX\xB0\x8D�=\xB1\xAC\xF2\x9A�\xBCk0+D\xFD�T\xB2\x85\xE4\xEA\xDD:\xB3#\xE6\xD63P\xAB�\xA9m(j\xD6\xFB\x85\xE3�\x81\xC7X� mÛ±3f�\xB3?U"�%`xÜŸ|\xFE\x81V]\xF9�\x9FLS\xF8@\xF6\xF2�y�\x8A
-\x841ʘՇ\xD6'\x9Ā\xC0\x9B\x85\xFC\x99\x8D\x9E剴�\xD8<\xBB\xF7\xA2�\xE2 \x84&\x8Eg\xC2S\\xBB\x9E\xCE>T\xB5\x85V\xE6e�\xA4$ݖ)\xC9[)�F\xD8 at xj\x8F\xBFS\x89�\xD4�/\xB9�Z_HC\xBF/\xE8\xA7�^\xF0�g(�x6\xCF㠗�"�\x93�mC\x81\xB3\xDE-\xED\x88IdZ\xC8َ\xA0\xA7\xE9\x9Cq*\xAC\xC2~;�.x5
-\xC5 \x91
-!!\x92<\xCB\xF3\xF9)YL\x93\x89L>E\xD0@
-W�\xEB*\x82Ÿ+\xD3̽m��\xC40\xCA�\xB3����D��\xDA�!\x8D\x9FÇ©1Ñ\x8Bd\xE1^�\xBC)\Ge�>3\\xF7pj\xC6TfL\:$"�\xB7\x83\xE2�\x9C�\xD2}{ì©“@Ë„\xA9+\xA7\xE2e�\xCC�\xCB\xEC\xABzGl�\xF2x$\xCB\xE2+\x92� Ê…\xE3\xC9��Z\x8B\xD55f?\xED\xC7\xFF\xCD\xE7RE\xE1\x94\xF3\xA2\x86P�e�\xF7\xB0\xCE@\xF5\x9AZ�oBvL~&2'[5�\x9Fס\x9E{\xAF�\x90Jz\x8F\xC7�HÛ²+9\x99\xABp%\xD3Ö„5\xA1�T\P*@\xDAp\x91Ǩ�\xD0N\x89\xC7>�! N0ގ͆�1\xC5�S��\xAF\xB2\xB7n^N\x94\x9B)\x91\xE1f\xB9t\xB6 6\xE9\xAC�w\xD4oo\x97\xA3\x9DÖ¦\xF8\xDC-\x8F\xC7\xD3g\x92\xE1�\xE7C\xF41\x90\xB4\x85\xB0\x98\x84\x9B�\x95\xD8Tgs�~\xE7�\x87\x96\xAB\x96.\xB1\x95N�\xC5\xF7D\xF7\x91 \x9FјȂ6$\xBA\x8FT@\xE1\xA4�\x94\x90l)\x84>S7gJ\xE8�\xD7\xE5\xD8\xDE ,s\xD4D\xAF�Ç¡r�Þ¡\x98\xC4P\xF5p�/�`�Î’(\xCFl\xBD\xBF\xF5K�\xF0g\xDC\xCCX\xBF\x85\x9D\x8A&[\xE2 �×°Q\xE6|\xE5\xA6}\x8C>�\xFC&\xF6V\xE7\xA5c\xFC<\xC6e\x85\x9B \xE9 \xAB\x87\xC3 \xCDR\x9D\xAA \xA0\x93\x94!\xF4wT \xC42\xE6G\xACÒ—�\xB5\x86\xF9\xB4\xFD\x8B\xDB\xE6\xD4&)\x94\xED\xECS\xBB\xA6\x87\xA3\xBD�Å¡\xC8X\x982�'\xD56\x9D_;�F?\xCC\xCF\xCCË»\xF6P\xB3\x8CU:;a�\x90?\xCD\xE7.\x88�G\x8A�f\xC3w6\xB8�!\xC8H1ÞŸ\xE2K\xEC\xA7O,b�V\xE6\xE39\xB8\xE1w1\xFE\xE4r\xDEK-\xAEX%\xE1Tj\x95\x81�\�\x9A\xF3\xA3\xE8�\xA7\xAB \xD50]\xE1Õ’W\xFAk\x8C��\x9F\xF3s\xA7Y\xA4\xD0Xh\xB0t\xA9 Ò¥\x9C�\x90\xD9\xDF\xE8\xA6s\x90\x8B\xEF|\xF8\xFD^\xF0�t\xB9kW?/\xCC\xC7V\x85�_\xDDN�\xE0��h5\xB1\xB5(岆\xD0_\xA80�Z\xC3sÇ\xC5O[Y\x91X�+\xAA\x9F\xFF\xFE\xE1f\xF9\xD2[I�\xC2\xE1+\x9A\x8Er���\xB46\xBCÒ©\xE7\x8CQ\x84\xD4R\xA8\xB3\x9A�3\x9E \xE8\xCA#\xBD?�*\xEE\xEF\xE1\xE0\x9A\x9D\xE3���B\x8B7\xA7�\xF7e\xB4�\x93J\xF2s[$R�g�\xBAÛ³�\xB7\x80"\xAA~h!\xB3\xEE�\xF4
-՗\xBF%\xA4ES29\xD0\x95R�@ג\xC0�\x92\xFCQ\x83gu\xE8j�\x82�\xC8C\xA4M`\xC1\xA2\xD7Q\xFB\xFD\xCDݻ\xD7Ԝ \x9C:p�6\xBE\xB2\xF0-\xB7\xB4\xB5\xE1\xCC\xBC\xBD\xBE\xFD\xFE:\xFD\xEB��*\x86b\xE0B\x8BF\xB06^�̓EI\x8F<+\xA0\xA6�f\x8B\x9D\x85\xE9\xFBi,\x99b\x95\xF0^�\xB0\xA9\x87F\x89\xFBT\xA2\xBD�ܫ\xF0\xBF2�\xB5�\xEE\xF17<i1\xE1Z\xAB�"(~`\x9Di<�\xA4\xEB�"ͺ\xA4g\x94\xDD�7\xF4�\xED\x98\xC0\xDC\xDE\xE7}k&g\xB2�\xE7\xA7��\xAF,\xD8�s\xB4\xB2\x80U\x86\xEE\xE4Ӭ\x885\x87\xEF\xE0/P\x8A\xBE\xE7Ⓝ\xF9\xEE\xB4u\xBBo�\xAC\x97f"\xB1P\x8F\xB1=~\x9C\x8B\xF5\x95�\xE6\xABT*m�܎�\xEC\x92gI\xAED0>\xEE\xFA���P\xF1e\x9F["|��]\xC5\xD9'\x81q\xF5p}\xBD \x81\xC0\x8F\xD2\xF1\x9A�/s\x9E&\xA5?\xB8\x8D\x9F�\x8D�>\xA0bƧ\xF7\xE0&\x9E\xE8\xAF \xB4\xA5O\xA1\xEC\xD8�\xCA�\xFE\x98\x9FA�\xA1\x8F\x87\xB1_[\xDE��\x82<\xFB\xF8\xF5O\xF3\xF7\xA0\xC0\xFF\x99�\xCB "\xC0_\xB8,\xFC\xB4ED\xEC\xF0\xFF\x90f\xFC�\x91\xCE�U�r\xF9722/�]\xC0$,\x94\xFF\xD4 _H�~q\xF3R\xF4\xFF�K\xAB\x9A endstream
-endobj
-1417 0 obj <<
-/Type /Page
-/Contents 1418 0 R
-/Resources 1416 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1392 0 R
->> endobj
-1419 0 obj <<
-/D [1417 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-198 0 obj <<
-/D [1417 0 R /XYZ 56.6929 626.8646 null]
->> endobj
-1420 0 obj <<
-/D [1417 0 R /XYZ 56.6929 593.5117 null]
->> endobj
-202 0 obj <<
-/D [1417 0 R /XYZ 56.6929 468.186 null]
->> endobj
-1421 0 obj <<
-/D [1417 0 R /XYZ 56.6929 436.0669 null]
->> endobj
-206 0 obj <<
-/D [1417 0 R /XYZ 56.6929 238.9445 null]
->> endobj
-1422 0 obj <<
-/D [1417 0 R /XYZ 56.6929 211.6265 null]
->> endobj
-1416 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F39 1161 0 R /F41 1218 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1425 0 obj <<
-/Length 3360
-/Filter /FlateDecode
->>
-stream
-xÚ¥Z\xDDs\xE3\xB6�\xF7_\xE1\x87\xCED\x9E\xB1��\xE0�\xD07\xE7\xECK.m\xAF\xAD\xED\xEBL\x9B\xE6\x81�i\x8Bs\x94\xA8\x90\x94�\xDF_\xDF]\xEC�")\xF8Ι\x8E��/\xC0\xC5b\xB1�\xBF]J\x9C\xC7\xF0'\xCEu�\xC5\xCA$\xE7\xB9I\xA24�\xE9\xF9z{�\x9F?\xC2Üg\x82\xD7,Ý¢\xE5x\xD5�\xF7gß¿W\xF9\xB9\x89L&\xB3\xF3\xFB\x87�/�\xC5Z\x8B\xF3\xFB\xF2\x97Å»\x9F\xAE\xFEqs{\xB1\x94i\xBCH\xA2\x8Be\x9AÅ‹\xAB\xEB]�!�W�\xDF\xDD\\xD3\xD4\xF5\xC7;�\xBC\xBF\xB9\xBAÈ“\xC5\xFD\xA7\xDB�\xA0�\x93\xA6
-\xDE\xD3\xFC&,\xBB\xBByw\xF1\xEB\xFD\xCFg7\xF7^\xC2\xF1)D\xACP\xBC\xDF\xCE~\xF95>/\xE10?\x9Fő2:=\x86\xE2H�#ϷgI\xAA\xA24Q\xCAQ\x9A\xB3\xBB\xB3z\x86\xA3Y\xFBjH+\xA9\xD2Q\xAAe�P\x8B\x94!\xB5\xA4&ʔTV-\xBBb[],U\xA2�\xFF\x8D\xD3�\xCF\xF3\xFD\xFBD\x8C\xDER"�RK\xD8
-\x97\xAF7uSF\xD5\xEF\xC5v\xDFT�-\x9Fn\xA2\xA2Lg\x82\x97�Oq \xECs\xB9(\x9AǶ\xAB\x87\xCD�w\xCB\xEDn\x8A6\xAE{"]\xDF]]�E�\x81&\xF4\xE2\xF6\xEE\xEAo\xD7)\xF3IO\xE6\xEE~\xBAr\x9BT\xC3:�\xEF\xB9+i\xF5\xB0\xE1C~\xAE^\x98R<\xA2\xF4\xE7K!\xE0RE\xA2p�\xC1%K'x,\xA4J`7)Å¢\xDE\xE1S��\xDC�)뢯p'0��Ç‹{\xDC \xE9\xFB\xAE~*\x86\x8A\x96\xDBÝ\x8A숇\xB0\xB2\x9C\xAAY\xE8<Ê“8a\xC5E\x8EÏ©\x86\xD38\x8Ae*\xBD\x86c\xD9XIXÒž\xB6>\xF4U\xC9\xFB\xB5\xF4|\xACvUÇ¢\x89E_?\xEE\x8A\xE1\xD0]�\xBD\xA8\xFAK$\xE6\xA4/:\xA7;\xCEa\xD5\xD4kÒ”T b\x96fSM\xD1�\xC1_\xFC�a�>cb"\x91\xA6\xEE\x84\xF8\xE2\xE9\xE9d�%\xB1���\xD8\xDA\xC3\xC1\x93��\xA3\x87\xB6\xA3\xC1\xE4<Dz\xAA\xBA�9\xAC\x8B\xA1nw��"O\xA3\xD4�AGY�\xC2\xE06\xF7�F.PK\xB9�k)7\xA0\x90�\x8E\xD2\xD1�\x9D�\xA8\xCF`\xC6D"=�\xA9\xB7n\x84\xA4\xBD�\xA1\xDDW\xDDPW=Í¢jV\x87�\xB8\x8B9\x83\x82�e\xFD\x80o=T$\xFFn\x98\xED�\xD6\xCAf-u\xBA\xA0E\xFB\xAA`v,�p[\xB5O,к\xDD.\xED\x89cw]��\xB7pÇ‘\x9F�+\xC1]\x99\x9C\x98\xA5\x89�\x95i\xBE\x8Fr\xD7\xF7\xD5z b=t\xED\xB6)VU�\xB8B\x93G&�\xEE�\xD6\xC7cWlQ2\xF2\|\xF2%\xC2\xC8Z(<�\xAB\x81��=\xF8\xF8\xF9b_\xD4�\x8D�\x88\xDBv\xB2nݽ\xEC�\x8FMaW\x94Ï…7\x85\xDC�6�V�\x88_\xBC\xEB\xA6:ná \x8FT\xAE\xB3y(@#\xEC\xD1\xD1E\xBC\xF80x�,�\xAB\xA9Y\xF6\xF5\xB6n
-6H�(\xA0N\xD0x\x9E*y\xA2O0\xBB\x80&\xB3�\xC4\xD0\xDEcXJ\x88\xE39\x88zz}K\xA5c\xE7\xB1v�\x8C1Ljp\xF7M{\xC0\x83#u\xC5+\xEB]�FZ\x95\xEE?T!\xAE��\xAB/\xED\x8EG\xA4�~\xFDŽ\xB0n�e\xBD{<\xBE�\xC8�RE*N\xD57\x9C>\x8F2�z�{}O\xBB�z\xDC\xE1T\x93 �3ï\xFC\xE9\xC3\xC7w\xFDt}�\xE0\xBDL\xE282y\xAC\xA7~\xD0�\xE0\xE4[\xF0\xB4>\xF2\xDC\xFD\xAD?\xA0s@\xB4K
-\xAFƼ/��\xC4�\xEA\xEF \xD2\xD8S\xBB at g�\xFFA]\x9D\xEE�| \xA2\xC5J&_w2\x91\xE5fj��о\x84\x99\xE69@\x85\xA0{�c\xA4u
-�\x914*\xE8\x81\xEC٨L�\xA9�D\x98\xD8\xD4\xD5\xEE%p\xA5R�\xA8\x92\xCE(\xD1\xC4\xC0mO\x85�P\xA2ScN\xEE4\x86\xDC\xD9v\x9Cw\xF6\x{DBAC}!.Z#\x8A)W\xE1��\xE0C9\xA6\xD7\xFE\xB0Ba\xF9}o\xCC1�s,X�U�7
-\x9E\x9Ad\x82=�\xA6ØŒc\xD2 Fs\xA4>\xD7MC#�\xF9 FÈ‚\x97�\x98O�\xF77
-��\xFC\xCD
-YE�q��\xFA2\xC0.\x8D\x94V.6"��Ò\x8Cr\xED\x92 Æ® ^0�H\x8Cct{{\xF7\xE1\xC7\xD7�\xC5αHE\xA0}�!\xD1N\x8CË \x86\xDD�)\xA8\xAFKRM\xC1\x8B\x9E+T�\x8E\x80��&�Lb\xA4�k\xD7w�Q�f%\xB9�\x98wu��\xDB[dy�\xA0'*\xE4\xC5\xD3\xED�\xE5"b#V\xDF-�\xBF�� �+\x87\xA7j>H\xBF\xAF\xD6��T%\x9A\x89\x92\x8B�\xA1�\x96\xCAÄ‘\xCE!PO\x82\xC6\xEB[�1\x8B\xF3?@�\xECv\xC7-/}\xD0`G\xBC\xE6Z\xE3\xF6�\x9C\xA8\x9FA��[\xC6Þ€\xFF;U\xA5GU\xE1\x86\xD5\xDC\xE1W\xBC\xBE(K7�\xE9\xFFP4Í‹\xADz\xD8\xF7Y\xFC@:1�H\xD34\xED3Ey\xF8�`Å–P5\xFC\x83\xEE\xD4Ór\x86É\xF1\xA0f\x8B\xBE?l\xFD\x9B\xF5\xC0Ïž�"T\xC4\xFF�z\xF8�\x83\x9B\x80\x84U�\xCC& $h\xE5\xEC\xD9ƯIE�\xB2\xBB�\xE3xvL\xA2\xCB�\xEA\x80�8\xE5'P\xDE at r�S\xEF.\xAB\x87\xE2\xD0�|]\x85\xB5\xFD\xD4\xE5C�Qb\xC5\xD1\xF3\xA6^oh\xB8)\x9E\x9C\xC2]\x9C}* �\xAC�&�k�b\xC1\x8B\xC6W{�\xB5G\x80t�s]\xEAJ\xF44\xE3\x8C/r\x9EM \x9CÅ‹eKÏ©\xEE,\xE9M:\x9D\xED\xF1w\xE4+\xC0\xBB\xDAð?�4v�\x8Ac\xBCs|r\xB2*�\xEB\xAA\xFCs(\x8E\xC0\xFD\xA6\xB9P\xAF\xDEod#x��/\x88TMv\xBCft\xF7\xFB\x8D\xDBz,\x8E\xCB�8^1\x8D4\xEA�\xF8\xBAr\xF3/\xC1x\x97GI\x9E\xBA\xE0\x8254\x83\xEAe"E\x94\xE8LM�Ǻ\xDD=|+p�\xFD\xCC\xED\xEB\x9DU&\xD5V$}8>\xF8<>\xC3�A\xCF~�\xBCHS\x93\xB3X\x94'\xA5��\xDD\xF4-\x8DF\xF7\xC8S\xF4`0@$�\xB95&�O\xF3(`\xB4 \x87Z \xEB3�\x95\xC6\xCC\xCA\xE6i\xF6"Fli�{\xEF\xF6\xF5\xBE��Yß¡"\x8FO0qj\x8B-D\xEA\x84\xAAK�7"\xE1Ø…3ű\xFC\xC2 ��0S\x94�\xC8\xEA~ Gl\xBB\x9Ef\xA9\x88\xC3\xD90\xF4\x95*\x8E\x92D;#\xB9\xFEx\xF7\x97\x9B\xF7�}' \x84\xA0\xFC\xD81\x89\xF1\x82\x99o\xDD\xD1f3\xC8\xE4 \xF1\xD4*cHyI\xFA\xD5$\x9CbC,
-\xE3�\xAA\xB3i\xE3b MB\xA4�`\xA8\xCDÔœ'!\xEB\xD54�z\xEC8\xC6\xED\xDBz7L\xE3\xDA+\xD6\xFBu�\xAE�\x83\xBFkwh�\x8F\x87\xCE#ñ»ªƒ\x82\xBF��wÕ¾T \xA2\x8DÎ\xF2BE\xB9\xF1�\xCC:x�^\xA9H
-_\xE9�\xCCttQ\xD4M)\xF6\xAE)\xD0\xD5�É\x9D\xC3:Z/\xB9\xE3\xE8_\xFC\xEDP\xF5�� eT\xEE\xD2B\x84\x9Dv\xA6��\xB8\xF0ﺩ\xB1\x96\xB9��E W\x98$\xD3\xF2br\xF2I\xBD\xA4\xB4\x89T6o\x88m�\xFD0E�䜣�}\xF1E2�1\x85\xDEqE\xE2o\x9CÓ«g3\xC0%Ú¶]\xB0/\xE1\x9B3_\xBB\xAE�\xAE˼\xE1\xBAr!\xD5\xF8\xBA\x80\xE9S\xD1\xD4%w|@\xAF\xBB\xFE�\xCD\xC8\xFE3\xEE6\x80�\xAE�\xA4 at hkl\x97\xC7\xFEK\xA8\xAA�\x91�y\xF6F\xBDC\xAD\xAF\x8D_M1\x916c\xD5\xC3hU\xB9\xED��\xC95�&�\xC0\xA4\xC0I\xB9cÂ\x84�A��%\xF3q\xA1�\xB9+�Q\x9C\xCAY\xFF\x83\xE2\xF4\xB8\xA975\xAF4ʲtV\xBC\xB2N\xF1�\x81�1�%\xC2\xC8\xC9I\xD9D\xBEne\x81\xA3j�\x9D\xE9W\x8F*!�K_�@\xB0;e�\xC7Õ™O\xE7\xC5\xC1\xF7n^\xAF\xED�v\xCEU\x94f\xF3f\x8C\xAB)\xA6\xF6\x80rd\xD9�Q�\xEC\xA8c9*,T\x9E\x93FT\x9E\x855\xA2\xC0yc\xA3\xFE\xC8Q�\xAEÇš\xAB�Em5\xE4\xEF\xDD�iCw\x81�\x96\xB7.v\xEB\x8D\xCDRØ’s�Ê£0k��R\xC8}Z~\x89\xD3)й\xF6�ÚŠ)\x98\xBB]+\xCD#\x903\x99\xA6�P\xE9R%\x8Aʈ$\xE1\xFE?\xBB��\x82\xDA V&O\xB37\xB8\x82>*Ce\xF9b\xD3>W\xE0\xE1\xF8�\xC8R2\xA7�Ø©`�\x9A\xAA\xE8ys:�JqT�\xAEtj\x82\xD5[O]\xF1ÚµOb6\x90\x97DeX�o�!o\x8B5@:\xE9Lu\xE8\x80kU.m=�\xF8T`"\x9D\xFA\x9AÛ™\xFE�#&�;E6ozB\x91W<\xBE\xCE8�cO<\x8E\xF0\xBD4\xC4a\x88[C}�\xC4�\xBE\x91L\x88\xF9�T�R\x83O\x8F.Ä‚ÄŽ\x98\xFB��qw\xE4<v\x8E\xA1*\xCCP\xF1
-\xA4v\x8D\x98�n�3\x931\xFC\x9DF\x8Fs�v\xEF)�\xB1\xF8}\xC0\x90\xA8\xEB\xAAŬP|\x8BE�\x91\xB9[\xC2a#y\xD3m\xE2\xD5\xFB\xB8\xEEӿ\x80bz\xDD\xEE\xED\xC7�a\xC0\xDF�\x88F\x80\x93Ʒ\xB7=
-\xAC\xB3\xE2*n� ͢=;\x9A\xF0\xA4R�\xD7b\xA6䗷\xEE�^\x84�\xDC\xF5�\xADk\xEA\xDDg"cq?YG-\xFAǮ\xD8o\xDC\xE7$w\x9C\x89Bכ\xC2~C2ž\xC3\xF6\xA5إl\xBFF-\xAE\xA8�%\
-�\xA3\xA6\xEEm�\xDB6\x8Cv\xA1\xD0�pNk\xFDf\xA7Q*3#<N�Ј
-\xB7d\xABK\xFEJ�\xFF�\x81�\xFCSV\xD5\xD6\xC9f��<\xAB\xDFk\x9B\xE6p\xADc\xDD\xEE�nI\xC8�P\xA5L̬zq\xE0\xC9�vچ\xA8]\x93b\xF5j'\xC1�\x9Dr�ǜ\xA1\xF8F\x94\x9B/\xFC(ثp\xE8(d\xE03�\xF7\xADp\x82�?\xB7k�\xB8\xCFݽ
-\x8EF\xBA��F\xB9\xBE��'o`\xC6\xDBBLXS=I/\xED���\xF6̶%&�\xFB\x90\xF2T�4\xB8}\xFF\x8E�i,\xC4T�ހb\xBA\xBD*\x92{\xF6}
-*� y\xBBu\xF5�\xBD|\xDB\xE3\x8D\xF4\xDFE|#x\xFE\xF1@\xA5\xB9\x8B
-ߎ\xDB*=
-!�\xCA\xFBuW\xAF\x9Cu\xB8/\xB9\xDBv\xBAh(j6\xB4�\x94\xD7M���\xF3\x97\xED\xFA\xB0\xB5\xBDx\xCA\xE9I�e\xA0\xBD\xE9\xE9?\xED\x9A\xFA3C\xDA�>|\xC4�`@\xA4֌\xAA�E-�M\x94mŸ\x9C\xC2;\x90\xF0�\xEF\xC3�\x83\xE2Ik\x8Ch�\xA1!U\xB7E\xC9l{\x86\xFD\xDC̃I\xF6"\xC4\xFB-\xE3{\xB0\xA2
-\xFEZ��\xE9\x89W\xB9N+̖-\x91P\x8C\xC9'Vr\xD5\xD7�\xB1\xA3V\xF0\q\xAE\xB5\xEB1\x81\xCBk\xBE\xFB3\xFBjK)\xE3\xEA\x81.Af\xA3\xEA0\xC3/\xA9=\x8D\xA0\x96\x84\x82\xA3\xEE7\xD4}V¶W$\x84\xE6�\xB1x٣\x9F\xD0\xFF\xE3\xD7O\xA5 "\x87��5m\xFB\x99F}\xBB\xAD\xE0\xD2m \xC4 \xBAN\x99\xB9��\xE4\xC7\xFEq�R\xD5�t*\x95-6\xD8\xFC\xC2��)�t\xF4<ڟR\xE9\xF1\xE3&\xCCp,P�#P\xE5\xBA\xD00p\xC0\xD3\xFEXGs����(
-\xBF\xE6K=\xCB×zv\xF7\xC3\xD0Sh̕Dy,v\xF5�֋\x9Dn鹪B'\xF4A��\x882\xF6\xC42\xF3�;\x8B][-5\xAE\x81\x9Ca\xD5�\x96]\xF0�\xB6\xCF̷\xFE�v\xAA�\xA6\xD94\x99y�2�[\xF5\xFBb]\x8D\xE9\xB8\xF0Dz\xA4\xC2U�t\xF4\xA6g�]-;\xC6\xFB\xC0� 6\xD5\xF1b�)!\xC1\x9EO\x98й\x934�Z�\xE0\x8FH\xE4\xB7\xEAu\xEC\xF6'\xF9\xB8\xFE�\x96\xF5v{ \xB8�\xB3\xEE\xED\xAF�\xB8Ų\xAD\xFB\xCA-\xDC\xF1\xA2
-�\xE3Lܽ�ƶ�zZ\x84j$\x81y\xB1\xEDf\xD5Ë\x9F\xA6@&e$\xB5\x9E%\xE7q\xE3\xD0\x95\x89^\xFBq�T\xCC\xF8\x8B\xAE\xC0O\xB9b\xDF\xFE\xFA\xBF8v\xFC\xAD\�\xC8[k�\xFEM\x98ž\xA14\xB9�
-O#\xD5\r\xFF�\xB3S\xD1\xFF�\xCE)B�endstream
-endobj
-1424 0 obj <<
-/Type /Page
-/Contents 1425 0 R
-/Resources 1423 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1392 0 R
->> endobj
-1426 0 obj <<
-/D [1424 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-210 0 obj <<
-/D [1424 0 R /XYZ 85.0394 626.7436 null]
->> endobj
-1427 0 obj <<
-/D [1424 0 R /XYZ 85.0394 595.698 null]
->> endobj
-214 0 obj <<
-/D [1424 0 R /XYZ 85.0394 395.3576 null]
->> endobj
-1428 0 obj <<
-/D [1424 0 R /XYZ 85.0394 366.9621 null]
->> endobj
-1423 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1431 0 obj <<
-/Length 1600
-/Filter /FlateDecode
->>
-stream
-xÚ¥WI\x93\xAA\xC8�\xDEׯ0\xEE\xE6U\xB5!\x90\x99\x8Cq\xE3-�(�\x9C\x98T\xE8\xE8���Ê \xA8�t\xBC\xFF\xDEVQU]\xD5M\xBF\x9EÂ…i\x9E\xE9;'\xF3;'��\xE2\xFE��\x8A\xC6h�r�\x86#1\x8A \xD4`\x9B=�\x83\xE8.\x93�\xC0\x9B\xCE\xE8]i\xF4Ykl=\xE0ψ�p�GCz`\xED>\xF9b1\x82e\xC1\xC0
-~|$1�{\xBA{ �ŹiJ\xC2\xD3�p�\x85��\x85_Z\x92\xF14\x82�qW\xEATxq\xF5� x\xE4\xE7\x82$v\xA2\xBBU\xB7x\x96\xF8'\x86|\xB4lC2\x9F~\xB2\xD4�\xC9\xFA@\xF89�@\xA0�x\xA7\x87�"�\xC1=�\xF5\x81\xC0�\xC7R\x83\xDB\xFD�\x81�\x8E\x83\x83ì¤�F\x91�\xBD\xEF\xA4�\xE6\x83\xFE\xE1\xF0\x93\xF4Õ´\xB7*\x80\xC0 \xA2aOYH\xD0W�\x92\xC1h\x86\xE9Ê’y\xB9�\x85\xC1\xE8�6\xE7\xA7�M�\x8F?\xBF$5\xB8ë°`�# \xB0{\x9D\xE0\xAB2\xFE*\xA20\x8Ea\xE8\xBB�cHD\xBE
-~x�\xBC\xAB~��Eq\xE9\xDCja\xD3Y#\xEC~.\xB0\xC7\xFC\xCD\xEF\xA7\xFD.Þˆa0\x86`\xE9w,�\xF0oØ·\xCEq\x92'\x97\xC4K_2\xE86 \xC5t�\xF4\xE5\xEB\xDBxî·r=�\xB9\xB0S\x87\xC2& \xCAÕ¦q\xB2¿0gI\xDAih\x9B�\xBE\xECY7\xB3K\x87\xE40�q\xF4\xD7�\xA8u)�ju]\xB8Wz\xC2,[\xF5\x8AK\T\x93\xB6 Z\x99WÒ�Hd\xEBL\x8EF\xFC\xEA\x85\xF8jîµ\xBC\xDA
-\xD0\xE627>�\xF61 \xABs\x81+|\xB0\x9F\x87\xEC4\x9B\xA5yë ¶\x81\x9B\xE6\xAB\xF9\xDB->\xA4\xEB�/Z\xCBÖ¬\xB8\xD0\xCB\xF6\xEC
-\xB0KEÞ\xA7\xDE\xEA\xE2T�<\xCD)\x97?î¨/z\xBC�\xD2;)-\xB3\xE9!\xF0Ú®.3�.\x84\x9C���0\xE239�{\x8Cm\xE0~(*ͱ\xCF�\x95\xAC\xAD\xCD\xDAL\xE8MV\xA8S_\xE6\xCC\xEDiˤ�\xA1\x89\xA7\xB4\xDA�h\x86\xA7\xB6\xBD2\xFCCØ—A�&K\xD5L\x82LCn#\xA4iLnL\xCD߇8I\x99\xDAu\xABD\xF9ͦ\xF6\xE1nv9\xF5E\xA7\xE9H+�}?\x9C%<�\xFC\xCE^\x85Ì•\xE3Ö5\xBD\xD7\xED\x94\xD6b\;\xBA�\x89g\xBDÏœc\xCC\xE1T\xB3\xAD\xA3\xBE=A\xC6`x�\xE1+*6\xF4\xDA\xDCN\xE6\xA7Û¶%\xF7\xCE\xC9�\xE1N\xEF��D\xB5\xBF�-!\xB5 \xC1��I�6\xD3Ù¼\xDD\xC8\xE8\xDB\xF7\xEE\xAE�\x8E\xC1 }\xA7\xFE\x97\xB0\xFF\xFB\xFE\xEE
-"\x8C{\xE9�/\xBB\x97\xF2z\xBE\xFC�\xEEQĽN\xA0\xBD�bW\x94ݢ\xB8\xBE/\xCA\xC8˓ֻ$E\xFE\x9F\xF3\x87\xD6\xCD+\x83\xEEG[\xE4\xDD\xE9AĽt2\xD4�\xF23_\xA9\xCF|\x854\xC2�\x80~\x93 at X{\xD91
-\xB1m\x91a\xFDD\xA5ވ\xCA\xDF$\x9E\xF7\xEA\xE5lk\xC0\x9AP|}E\xAECwL�\x92\xB8�\x96\x84>\xA3\xBB\x94�\xB8w;\x9A\xFDzD\x94\xE6\xC7־\�\xD7\xE3\x8Dl�K\xAE�"\x87Kv\x91t=1\x95\x8B\xB7}\xF7Bv\xED@\x92\xE7\xEBf\xA8\xBA\xED\xF5L\xA4\xF6\xF1r\x8B\xF6\xF2-\xB6M at Q\xAC\xE2\xF7Y\x91\xAAf\xFB\xFE\xC2\xDA\xCE\xD8\xE3m\x93\xEE )٠B|^e{eA\x92d4\xED\xBBD\x87\xF1\xC2\xD6\xEC�\x9E \x8CR\xEDn\x8E\x82\x8FC�\xE5\H\xCB$\xD7\xD4#X\xF4Ŋ\xC8\xE6\xD6.\xB8u\x94\xCE�\xCC\xDE�\x8Al\xADJJK)!%O�\xB3\xCF\xCA\xD2\xEDv\xECS\x{1B9FB0}i\x947\x96\xAD\x9C\xC1�\xA97\xC1\xA1bͥ\x85S�\xC2\xE7:\xE3W\xEE��Id%u\x92\xE3`\xBA-\xA3
-\xAE\xCD$9\xC0\xFD\xE4Z\xF5\xC5z&O\xAA\xD0�\xD7$T\xAE\x87\xAB\x83�r3\xE3\xB7ưN<\x98O\xECe\x95\xF5Y\xE1E\xB36\xD8\xF1�\x8F\xD7A\xBB\xA8rS\xB0\xE2T١:q\xD2P\xF4/xч�,,\x9D\xE0x\xE2\xBF�\xBC\xFB\xB8��\xC3\xC88\xB0\xFE�iʰ
-\xCBs\xF8+A\xB0\xCE Ea$\xB8\x8Fӿ1\xD1 \xC3a�2\xD4פ \xF6\xF2�\x80\xD8d>\xE2E\xD1X\xF2\xD8\\xB2\xFE\x8C+\xFA"7\xC9:\xC7'\xD1\xC2>\x8E\x97*򋨽m;h,\x85!\x82�_+^/\x82\xB9W��\x98�V?\xB9\xB9\xAE\xEB\xFCjU�\x93\xBE\xE3\x99Ʋ\x95\xCF\xE5#R\x8A\xB5>\xB5'\xADV\xAA+�\xB5Qooo\xD0\xFA6\xB7\xE8\x83[\xD0[\xE2rn\x9D\x93\xA9\xB6q\xEF\xC1G\xBA\xC0
-\xADV\xECg\xF8�\xD0 =\x93\xF1\xD0\xDB\xC96\xEAS>'\xDE"0\x89f1\xA1\xC7\xD1\xF2|�:nЦ\xCE\xCC\xEB\x831Q\xE5�9#\x83\xA6\xD0&q�\xB8\x8D�}G/\xF7M\x9Fg\x9D\x9C\x8E\x89T`\xBCE~\x9E5\x8E\xA6(NhT\xCBzߧ<\xD17Yp\x8A�\xAA|�V簒 \xBA]�A\xDD[
-G\x8D\xB9R\x98\xEC\xF2�\xC8/܉\xEA\xE9R\x86\xD5\xC6\xEA\xF3,\xE2F>\xDD�Ed!{\xCA(\xAA\xA3\xA81\xEF\x8AÔ´w�s\xABjo.Ï®\xAA\x84\xA2`7k\xA7\xAC\x96nxv\xFB`\x88�\xA3\x8AE\x91\x82\xA6V\xF9q�Z\xAA\x9D\xD1R|\xE8\xED\x83\xCDe>\x87朣u\xE3\xC0\xEE\xF1d\xC2&\xFE;\xC5 B�\x80�\xFBWF[q|�->\xD50�ë³\xF9\xF9�nGa\xEE\xF9\xE9�\xE1\x9A\xF0\xFC\xBD�\xF1\x9Bj\xE5\xA5I\xF0:\xCF~\xA3>\xEA\x8DÛ¡\xEE{\xBA\xA3;\x9B�\xEA{h��\xFD\xE2_?\xEB\xFD'sG\x87X�~\xBC\xD8!\xFC\xF4b\x87�\x8B\x91\xEC\xDD\xC9�\xA8\xD7&A\xFE�\xF9\xFB\xFB\xFF\xF7\xD0�\xCF�~\x8Fendstream
-endobj
-1430 0 obj <<
-/Type /Page
-/Contents 1431 0 R
-/Resources 1429 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1433 0 R
->> endobj
-1432 0 obj <<
-/D [1430 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1429 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1436 0 obj <<
-/Length 2638
-/Filter /FlateDecode
->>
-stream
-xÚµY\xDDs\xDB6�\xF7_\xA1\xE9�uS! A\xF0\xA3yr�'usuz\xB1Ú›\xB4\xE9�-A�/4\xA9\x8A\x94]\xE5\xE6\xFE\xF7\xDB\xC5.(H\xA1\xAFw\x93\xDCd&\x84�\x8B\xC5\xEE\xE2\x87\xFD\x80\xD5D\xC2?5É\x90\xBAH&Y\x91�#\x95\x99,\xEE\xCF\xE4\xE4�\xE6^\x9D)\xE6\x99y\xA6Y\xC8\xF5\xED\xFC\xEC\xD9K\x9DM
-Q\xA4q:\x99\xAF�Y\xB9\x90y\xAE&\xF3\xE5\xAF\xD1\xC5w\xE7?\xCE/\xDFNg\xB1\x91Q"\xA63\x93\xCA\xE8\xFC\xC5\xCFS\xA5Tt~}q\xF9\x82\xA6^\\xDF\xD0\xE0\xE5\xE5\xF94K\xA2\xF9Oo/o\xA6:\xCD�\xAC*x�0\xDD\^|\xCD+\xDE]\x9F\xFFpuA?~ys}y\xC3�\xE7\xD7,\xF3\xFC\xA7\xF9T\xE5ћ�H\xA2罹zu}u\xFDj\xFA\xDB\xFC\xFB\xB3\xCB\xF9`f\xE8
-%5\xDA\xF8\xFBٯ\xBF\xC9\xC9�<\xF2\xFD\x99�\xBA\xC8\xCD\xE4�~H\xA1\x8A"\x9Eܟ%F�\x93h\xED)\xF5\xD9\xCD\xD9\xDF�\x81\xC1\xAC[:\xE6�4�Z�\xF5_m\xABbQ�&�\xDFV\xC29\xA5"Md\xFC\xB4,Z'A��\xFD\x8AcQ\x87\x93O\x8BX�\x93\xC6\xC3\xC9\xC7\xF1D)Q��\xE3\xD1�Rd
-N<3�\xE0\x90\xD2\xD1_\xA3\x87�g!L\x9A(dTR��\x83\xE6\x8E\xE3\xCDt\x96\xAAh�\xFF\xC7\xD1\xE5\xE9y\x80\xCCD\xA1j\xB0O\xAE\xDDΓ\xDF'JȤ(4\xF1�cg\xEA\xC1�\x8E\xF0\xEC\xEA>\x9E\xBCh\xC1\xA0I`\x93\x97;��;\x93\xD28 \xB3\x8A3!\xB3�\xB6\x8F5p\x81k\x9CImc�DY�\xB5+\xFC\xE6Q\xBFf‡i,#\x8B\xFF\xED;\x9A\xAA\xAB\xAE\xB7K\x9A\xAD�\xCF^uD\xB1S-\xA3?\xCA\xFBMmi\xAAܲ\xA4\x87il\xA2\xB2\xAE\x96\x80z\x9D\x98\xE8\xAA!\xFA\xA6\xDCNg\x89\x8C\xFAj\xB1\xABa�P\xFE\xFAD\x89m\xDB\xF6D
-\xD4a
-X\xAB�8\xC0\xD3��:@:\xAC`ӓsH\x8AL\xA4:Փ��\x9F�+�\xB0)\xD2b2;\\x8D\xCF�\xFD1R\x95ɲ�\xA9\x9Fƨ4\x8BE"e\xE6l\xFF\xFBڢ\x8B\xE3\x9C��\x8D�\xD0�e_\xB5<\xE7��_۔\xB7\xB5;W\xF8Q6n \x87\xB3\xC5P\xD3n춞*\xE7s .\xDA潔\xF1\xDD\xCEM\xDA%�\x97\x8E\xF9\xB8`5\x91\xBB\xB6~\xB0[\xA2<Vu�\xCE\xFD\xC3.z\xBF\xD3\xDE�\xBAG\xBB\xEDh\x87�m{|\xA4�֮\xBAkhO at Jg�\xAC�\xFD\xFE�H\xEEh\xF8\xB8\xAE�k�\xAEʪ\xA6Q\xDFҗ\xBD`Y�ً\x8BHQ�\x91\xD4~\xB7m8\xBCB\xB47&\xFA\xF9%�\xDD\xF3\xAB\xBF�\xCB#\xDBa\xB0\xA8+\xDB\xF4bP<�I�\x88@\xC5\xDF\xDAn\xD36\x9D\xD3/O\xA2\xFBrO�\xD6.7$
-(^;\x9Eo\xB74 _\xC1\xC0\xDDR\xE0\xEF,x\xB8\xAC\x89H
-\x97�l\x81V��n\xE7\xA2\xDE-\xAB\xE6\x8E7\xAC\xBA�~\xB8\xC98\xB2l\xAA\xE0\xFC\x80\xDDoS5n\xDE�\xBC]\xCEƮVώw\xBB%iT\xE2\xC7D�\xEC\x9E�\xDE\xFF0\\xB6\xCE\xE8$q\xD7ԑ\xEE\xCB\xDEϒ\xEF`\xF0↾o\xDFv\x96\xD9\\x80 y0Z\xE0\xAEMO�\xF1\xC0Y�\xA7?\xB0\x94\x8D_{\x84�\xA0\xB0\xC2\xEE�\x882 \x8DV\xD2�e\x8E!\xCFY\xE4�\xB3X\xB4n-\xFB7\xC0B\xD53��\xBAz\xB4\xAE\xDB]\xCDH[\x97��\x99[k\x9BS4\x8B\xA7Ҹ\xC9S�ke\xBEHBU�f\x83,\xF9�B߰\xE4\xA9@\x95\xC8��U\xA2\xFE$\xA5\x9AL�)\xD5�M\xA9I\xAE\x85ʓ\xF4\xCB\xE7\xD4P\xF2H\xAA&�\xA2\xCEL�~\xB5�\xAFN�٨\xEC�Xank�\xB6rtwE4\x81\xD0M�8\x85\x95\xAB\xADèft\xC3w\xD7P \xA4\xF9\x8FSe"\xCA\xE2nò\xA7Ѻ�\xA5&�<\xC7\xC0
-`%\xA0&\xA0K�\xCBu�\xB7t\xAAd\xB4\xEBܯ\xD4\xC7}\xD4�\xA7�\xC7cÕ¯i\xD6Y\x89$\x92\xE4\x89%\x8B�\xA6�\xAA"\xC3#\xFEB%q\xAAjzX \xA9\xA9\xAC\xEB=\xCD\xD7v\xC5�v\xCD\xEC\xE9t\x805\x85N\xA3+4\xDB��Ǥ\xBE2�Ú\xAF�`L��C`\xF3j\xB5\xE7\xA8�\xA5\xF8CU�\xC7\xE0\c|v0\xE1\xF9\xF9\xB9kH\xAC\xCF\xF0?M\xBF\xE1<\xDB\xED\xB2C\xAB\xBE�\x8D\x9At4\x87\xEA&�\xFC\x85\xE3\xE0�\xE1�8\xBC/!\x8C\xF9�\x87\xBE.L\xC2\xD7o\xE5~\xAC\xB0\xEEr\xA0
-E/\xD6U\xBD<$\xA3�\xD0�\xE7N\x8F+L!\xCAcS\x99�l\xBA\xFB\x98\x9A \xE4\xA9�\xB1Jc\xBE\x8F�\x80!\xF1�]\x84\\xC4R3\xCBf\xDBN\xBD\\xEB7sƇ\xDB��\xAB4\xAA\xA0\xC8\xE8xH\xD1ے'\xA1*\xC8pQs\xB4<
-o �eG_�\xCEv\xD3[\xB6|\x96+\xBE\xC6!n\xBEs\xDA="\xC0]\xCD\xEA!\xE1\xCBO(-W\xFC\xED\xE9�6C\xFA\xE2I\xD6%\x98>\xDC�\xFCUv\xDD\xEE\x9E\xCB\xD7\xD2sz\x93\xA8\xA8=\xA8\x8E\xF2Z\xFA\xDE\xFA5\xF4\xE1c\xBDC\xAC\xC2h\xFF|�SU\xEF�\x81uUw\x82\x81p�_\xD9a�\xDF\xDEu\x9ED_\xBBݶ\xCE\xFEQ\xC0̽<Xxg\x97\xE1�6\xA7\xF4X|�ljO\xBE\xEE\x86\xF5{F:�\xF2\xAB \xAFP\xF8\xD8%r�\xE9V8�w\xBE\xE4�\xBDv\xB0\xE6\xF9pwF\x8B�
- at 2\x83\xD5\xCBj�\xD7�#\x8C\xCC)\xB0�\xD9gb�\xA3\xCBq\x8E\xB6\xC1\xBD!\x9A$Pо\x97F\xFE\x88&@M\xD4n\x89 \xCF �}{\x85\xED8\x8E
-\x91�&\xB4G%\x92\xBC\x8Bp�\xBB�ɇX�?p\x9FO\x9A�\x82\xA6\xB7\x98U\xD1P\xE6\xCC×¾\xD1\xD9Z\xE7:�\xEB�\xA1oON|\xB8S|u\xB8=z��\xC0$\xC0R\xF5d\x83�f\xF4Ϭ�\xFE\x9F�R"s�\x8D\xFA!G\xC7j\xA2�\xA1\x934�[$\x9D\xE6B\xAB\x82`\x92\x88�\x8EW\xCA\xD37\x98}S\xDEW�~\x83\xC1\x96\xE2\xB4O8\xDF\xF5-\x94\xB0\x9E\xE7�\xB2�Ö\x872ƇD8Ú¸\x80� \xA7\x9Eì¼£D\x85\xD7@\xEB�F@�� ID�R U̼i\xA1p\xBFņ�g��\x81\xBAX\x97\xCD�\xD3J"-\xBD\xDE\xF8\xE3#\xE5X\x98=�\xB9N\xEAQY�J\xF49�\xC7\xCER\x9C\xBC-��\x98t�\xB9�\x9F\xAC2\xB04�\x8F4c\xDC�\x95\\xE1\xEE:\xA6X\xA8�\w�\xE3kjN
-'0\xA6h^\xBA\xC6�(ص*\xAC%a{\x9DB\x84\x92\xB9?L\xA1\xF88/\xDA�Z\xA3~\xA8͹~\xC2\xEA\xFC�N\x82\x9A\x9Di\xE3\xE7gD\x96pO}\x81N'\xA9ZSQ�{;\x81�\xB4�Z\x9F6 @q\xDB\xC1\x8AS:\xF9��.\xFC�\xC3r�Y\xF1L\xFF\xD8\xD2\xE0\xB1\xDCw\xDF`�Q\xE0\xCDSU�� \x8D��a\xB0\xDB\xF8^Ws\x9B\x84�\xD7vpꑽᑖ\x80\xF3ٲ\xE9@\xE1�\xE7\x98��C\xC1\xF9\xFEp\xDA\xED�k8N\xBE\xCCs\xD4 \xBFt:@)?\xA0 \xC6\xF7\xB6_\xB7\xAE�MM\xB4ow8PQc]\x98\x83y\xE7;\xF8\x9E\xBC>\x8C\xD8 \x95\xBAPq\x91\xB2b\xE0�*yO\xB4\xD7Z\xA4�\xB2�qu,\x9Ek��U\xFC\xA5\xC3I\xF1\xD4,)5\xB8. \xB7-\x940q\xE1+\xA4\xD7\xCE|#\x8A,K\xC1z\x80\x90N\xDC\xC4_FT\xC9�\xF4u\xD9$\xE0B�kW\xC4\xC2ƾ\x95&\xEB\xB1$\xF4\xBA\xB2B\x9B\xDDm]-\xC8\xE1�_\xF6b\xE7\xF2 !R\xE4\x82
-w\xB3\xAD�\xE8i\xC1\xB8\xB77W/ \xDD%fSx\x99��\xF9Γ\xC8%\xC3\xF3H* \xA80��\x9A�\xD3U*\�aÊš\x99��\xAEB/\xB0\x8C\xE8x\x83\x83\x89\xC0r\x90\xEC�\xE3\xC27\xC6@\xBB\xB3\x8D\xDDrÑ\x9B\xEF\xFF�\xB9�\xDA�X�\x8BG\\x9EB\xE40\x90k\xE8\xB4P;(\xDF\xDEM\x8B8r\xD0�\x83\xD6rx䩸\xB3\xBF\xDDs\x87_\x97\x8BC\xFF\xBF\xB6C\x8C9y��-fK~nY@}\xBDw'\xF0I\x85\x85v�\xBB\xA8\xD0)v9\x88\xF9�eZ&"\xC1V4 \xB7 T\xAC\xC6\xEE'$\x95\xCCx\x843"m\xA6\xA1\xB3\x85\x9C�ű\x86fW\xC7*\xB8\xCB)�RKo\xB9\xA2\xC1��$\xFCÓ¡,\xC9 c2=vy\xBF\xDF\xF0\xAA\xFB\xB2\xEB\xEDv\xB4X\xA5X4Û´ \xD8=q\xD7\x{D8AC}\x9F\x8Fe\x94UU\xB3į8\xB2=��
-\xC7_\x8D\xAEg\xBF\xB3ϟ�ċg'V\x91\xC2\xFFz>\xE2Yf͎\xDDv岺\xE6\xEE�\xDA\xED\xD77\xAF\x89\xC2\xE94\xF1S:\xFA\x85\xA6�\x8Cү\xA1\xED\xB9|G?\xDD\xFB�2\xD0=@�\xDD�\xA4
-\xF7 +N\x930"\x91\xE7��\xF9m�\xD9\xE9R\xB9\xE9\xD2e^\xA7\x8A\xA71�\xF9�\xAB�\xAFDé±\x80\�\xA9\xAEPtÝr\xCB3C\xC3�cz�p\~!\x98\xCB�\x8F�\x89�B\x95\xF3 \x9A\x8FD\xFF\xF6W\xC4';\xA8\xD1��Õœ\xAF\x91\xCF\xDD'\xE4\xB1u\xED*\xF94:oÆ x\xA8;\\x91q\xFA�|Ë—7�>\xC1u\xC5\xD8\xC9\xF9nurÝ«\xA6ê«’\xC5t\�\xD2"*��\xB6\xEB\x9E|\xE2\xD3��\xA5\xD5\xD8�\xD6\xE4\xC4\xEB\xFF\xD9\xC6�
-\xE7L\xE8<\x8F\xC7\xFF\xB2\xA0e
-@/\xB2A+t\lNu7�SX\x9C\x8D)\xFFob�d\x94endstream
-endobj
-1435 0 obj <<
-/Type /Page
-/Contents 1436 0 R
-/Resources 1434 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1433 0 R
->> endobj
-1437 0 obj <<
-/D [1435 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-218 0 obj <<
-/D [1435 0 R /XYZ 85.0394 386.1448 null]
->> endobj
-1441 0 obj <<
-/D [1435 0 R /XYZ 85.0394 353.5014 null]
->> endobj
-222 0 obj <<
-/D [1435 0 R /XYZ 85.0394 310.2645 null]
->> endobj
-1442 0 obj <<
-/D [1435 0 R /XYZ 85.0394 279.5106 null]
->> endobj
-1434 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F62 1361 0 R /F65 1440 0 R /F21 938 0 R /F41 1218 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1445 0 obj <<
-/Length 2874
-/Filter /FlateDecode
->>
-stream
-x\xDA\xED�]s\xDBF\xEEÝ¿B/7\x91\xA6�\xCD\xFD \x97\xBC\xBBvFu�\xD7M\xE28\xB6\x9C8i\xFB@\x89k\x8B�\x8A\x94MÊŽ\xFD\xEB�X\xECR\xA4DÇ™\xEB=\xDC\xC3MfB�\x8B\xC5� \xBE�2�\xF8\xF0\x8F
-\x82\xD0�c��T,\xBD\xC0g\xC1`\xBE\xDC\xF3�װv\xB4\xC7,\xCD\xD8�\x8D\xDBT\xBFL\xF7\xF6_ 5\x88\xBD8\xE4\xE1`z\xD5\xE2�y~�\xB1\xC14\xFD}(\xBD\xD8���\xF8\xF2\xE4\xFC\xFC\xF0\xE0\xC7ј�\xF0\xF2\xE9d\xF2\xF6\xF8\x80^>\xBF;9<\xB7�\x93\x93\x97�\xB8\x98\x8EX4|\xF7v2Rr8u\xB4\xE7\xC7G'\xC7'G#�\xAA`x\xF0\xEB\xE4tzxF+Ҟ3y\xF9a\xC4��N�\x87\x96��M\xC0\xABC\xE2vqvx>\xFAs\xFA\xDB\xDE\xE1\xB4Q\xB3m
-\xE6�\xD4\xF1f\xEF\xF7?\xFDA
-�\xF9m\xCF\xF7D��\x83{x\xF1=�\xC7|\xB0ܓ\x81\xF0�)\x84\xC3\xE4{\xE7{\xEF�\x86\xADU\xB3\xB5״\xCC\xF7\xB8�y\x8Fm9�0\xE6\xC5A\xC0;\xC6
-b/�\4\xC6\xE5\xA31\xF3}\xD0\xF1\xA1H\x96\xD9|K\xE1\xF5*MjM\xF0R׋2E\xB5\x819o}8 \xEB\x9E\xE0\xA0�r\x9D\x8Eb>,iOVT\xFA\xB6&\xB8^XF_\xF4CE\xD0]\x96�\x90\xB6O\xA7C\xFFN'I\xD6:I*/\xE2\xBE�\x8C�X,\xA0\xE3\xFE6�\x87 QYYa�JD\xBA\x93�\xFDL$u\x9D� \xE0\xBF.�o\xD39\xA5�NҔ \xFD5Y\xAEr\xED�\xBA&�\xD8\xE8\xF5\xE1'\x82y�Z\xCE\xF4P\xF4\x98\xDC�N&\x9F�\xA6V�\xAF\xFC׫\xD9\xE9\x84\xCF\xD5ѣ
-?\xCCXt\xE7\xD7\xFA\xF5T�>L\x8E\xAE~\xB9z�\xE9\xF7Q\x92\x8B\xE0\xF1QX\xA6\xC7l\xB9>y\xFF\xCB\xD7ã›·Wo\xEA\xE3\xFB\x9B\x8F\xA7\xE9u\xBD\xA8\xD6"L�\x8F\xDEO.\xA3\x9F\xFE\xCBZ\xA8'\xB5H\xF7U\x99^쇲\xE4o\x8E\xAA\xECj\xF6\xA6~\xBF\xAC\xDFEé«—\xF5t\xF2\xF9\xF2\xFC\x92\xFFp)\xF4\xFE\xC5I~��\xFFz#>\xF9\xB4\xFB\xB2>\xF0\x8F\xD7\xC9}\xBE\xF3%y\xFD\xE1\xEB\xA5\xE6y��\xD4?\xA4o\xC3�\xBDx8\xB8\xF9\xF2\xD37\xBEY\xA5\x8B>\x97�w=\x81\xC5f\xCF\xC7E\x96\xA3\x8F\xF9\xC2:� \x8D��|\x8B�A߬uU�\xE2>\xCBs\x84\xF8p^\xA2]�a\x92/KG\x93-\x97:Í€G\xFE`\xF2�&�\xC67�<\x96\x85\xEEr�â\xB4\x9Bgvɱ��\xE6\xBDÊ®�\x9DZ \x8B:Ë\x8E\xAC�V\xED\xCF
-�\xA2\xFBL!\x84�F!P#\xD1"\xC1\xC8R> )�u\xB6D���\xD6%a\xEE\x93\xFC\x8B]3: `u \xA2\xA4\xB0\xFB\xAEu\xA1o\xC9rm\xCA�\xC8\xC1[\x94gg\x90T $�\xCFK\xF3L+Ȩ�(\xA7ۛ\xB7 \x97\xD4\xC6�\xC6V\xA1\x8E\xF2M\xEEHV\xFA+A\xD6\xDA \xCD\xDCZ\x9A�\x9B�\x98'Um+BmS�\x9A<\xC9]*J6I\x89d\xB1\xF9\xCA&&\x9B\x96Z^�4\xE2#~\x91d\x85׸m�\xE9;TF\xD0\xE3+\xD0�\xAA\xC8C\xB9F\x80\x81\x98ՂP(�bP�¬\xAB\xAC\xB8&�y�Z\x87\x9CYk\xFC|\x88/\xAF�yB\xB5\xAF\xC5�4Z\x94\xEB<\xA5u�\xE1\x88L\x8A\xCD�q\x8A\xA9xr6yKk\xDBVoK\x85�\xEEI&Y\x91ՙ1[�ob\xA9\xF9\x82&\x96\xF03\x87\x91Q�\xA9\x8C|�\x90\xEA�\xF7�\x94U�qƆ\x845\x9F�\x9E\x8B\xE4NomxwJe�\xAA\xB9y\x9Fe5QT\xDA|`\xA8\xC6�\xE62\sK
-[\xC7\xE4�\xDF�ɵ\x8D�x\xE1:O\xFB\x94Ecw*Õ¶��\xD75\xA2\xF7l\x95\xB2\xB9\xE9\x9Be\x8Ag\x99b\xFF/S\xFF3e\xEA?Ђ܉\ \xDFY\xF7\xE1[Y��2�U�\xFB\xB90\x92\x90\x93k�5\x8C�\x89Aar\x9ClE3\xC0\xDD\xCA(c\x97]e\xD4Î\x80o*#\xC0\xAD\xCA\xF8�\xC2,\xCA{}� �\xA2\xB29\xAEsB+\xE3\xE3!e\xF1\xC2\xF2\x82\v\xEFIJ\xCF\xE7\xCA"\xFBvY\x94\x9E\xCFYÔ®\x8B—T��H\xE8�Y\xA8\x98k\x82M*\x84\xE7l\x9D\xE5\xE9> \xBC,\xEF\xDC\xEA\xC2�\xB4\x90\xEB\xBB��\xC1\xBA\xE1\x83��\xCC�\xB9\x82P\xAB\xDB\xEC\xCE�\xD8\xEC~Xu\xB6\xB7\x920\xE0\xC8\xDA\xE6lK5'2ØŸ6\xC2Qu\xB4zu\xBCp\x97\xA7p\xF2\xF2aU[)�U\x93\xF6Z\xB9\xC2"\x9F\x95�\xE1\xFF\xF0�\xBFÒ–x\xA6s\xFC&Hv�\x9C
-nY\xBAj\x89o\xA9\xAE\x93,\xAF`�\xC3\xDA\xC4Bj
-p\x87\xD3HX\x8D\\xF3\x85\xF6\xB4$\xA55|#\x8Eh\x89\xD3�j\xCE�\xAB\xDE\xC2\xEBz\xBFإ\xEF\xD8o�\xAF\x98\xEA\xBF)\xB7\xF8B\xCDKD�i\xDFU\xA5xS\x95\xE2\xA6�2\xC61\xDC*z.\x92\xD5J#+\xD4�"\xB14=\x84Y\xA2\x90\xB2tI\xD3X\xC0˪\xAC\xAAl\x96\xF7\xE6\xFD\xC46�\xF7:Ͻ\xC6\xE3[\x977\xA0�\x81�\xC7B5\xD76a\xAFm\xAFֹ\xE9)\xB1gY\xD7\xE5�䵷(\xDB\xD3��Ϳ\xFF\xE6�\xF1\xA1.\x92\x991h$:\x9Ca\xC9\xF2\xC3�\x8Fm\xE7\x81h\xDBAl\x85+�C/`"\xB6\x81\x88\xAC\xC6iQUz\xDE#�\xDCRe\xC4]3[\xAE\xAC\xF1\x91yI\xA2з�\x84U�Pƿ\x97�#��\xB2\xA2\xA7$3\xE9{\xB1\x8A\xA4\xE5l\x92\x867/\x8B\xAB>!bO\xC15ْz=:\x81F2\xEEhD\xB1)!\xE7\x82G\xA8\xEE\xE7}R[\xC1\xBD\x98\x85\xB2Ӻc\xF7qo;\xD6\xC6g\xE8\xF3�w\xBA^\xA3\xA6U\xDF\xE5\x98q���1'W\x8E\xE1\xDB{\xAAPͅ�⹇�\xF3\xA20p\x82-!"\xEAę\xB5\xC3\xCB�\x9B\x96\xA9У\x84\xC7\xFC\x98\xB9\xF8\x8C(>GA �ڢǜ\\x82\x87\xB0\xB0\xC7C(\xA7<\xA1H\xC4=h\xFF\xDC\xE1?\xF60�\xBC\xC8Wq\xFB\x9B\xF7�
-�\xE5\xD6R\xCDM\xFF�\xA7V\x9A�>\xC7\xEE\x9D)\x9B\xA3`\xE1\x8B~ \xCDlÚ\xCB\xDB�"\xA2<ID�\xA1 n\xE6�j\xF3�\xDFpA\xF7\xC5\xFC!D3#\xB1\xA7,ÉŠL\x86\x9E�qÔv\xF0%L\x91r\xF2 \xE08q沯\x82\x8B\x85n\xA8\x96�\xB2\xFB\xEC\xEDc\x9B�\x96\xAE\x88
-\x8FkB\xB9\x{12D1A9}\xDBg\x9Fe\x81\xF9\xC6\xD0,\xB4\xE5\x94\xD9]\xD6�:\xBB\xD3�a\x92\xA2\xE7\xB3���L\xF8\xEE\xC3\xDC�\xE9\xBC%\x9B\xA1g\x9D~�r_\xA0\xB8%\xFFg�G\xE5)�9O at u\@BH\x84p7Ù½I\xF7��n�\xFBM8\xFE\xDC\xE3*f\xD8�Ë\xD0\xE1O\x87�\xA9f.\xA4e\x92�\xA7\xD8=��\xA4d~\xF0\x9CzQK\xBD'4 \x97\x91q\xF0\xFD�@E]\x82\xCF\xF4\xA5\xB81S
-\xCC�\x88n�w\x83S\xA9o%�\xE6s\x8F\x89Æ Y1\xCFשq�\xE5\x9COE\xC3dF��\xE0\xAE\xD6\xC5�3~\x92gu3k�\xD3 at CV�\x85uKÜ–�\x87�\S\x9C�S \xCDb\xFA\xAFuUo�\x84v{Q\xD9\xE0"Ñ‚np\xB9K\x86�\xDB\xEDjEH,F\xF8\xAC\xE6�\x9D\xAE11K�\xA7\xCD�\x99 s$\xC0`3Ï…& ?\xFD�\x8BË–
-\xDD��(\xE8��\x88\xBE�d\xC5\xF6\xEB\\xEB\xEDɲd\xDC�\x94�p\xF0\xE6\x80×\x98/\xED\xDA\xED\x{140033}\xD6Lؑ\x8F\xDB\xF44�\xEE\xE4\xEEm\xAE\x9BZ5�q\xA1\xFBAq"l\xEEv�\x8A"\xE8F°#\xD1\xCEl\xBA\xA1zN\x90Xx"\x8Cî$ ]o\xFA&\xEC\x9CA�VL=c\x87\xE6g\x876\xFD\xEE\xF1;\[v\xA8t\x8D\xF3\xB3'
-\xC1�\x94:��\xD7>b\xC7�
-\xD53\x920l\xF2\xB0\x80wD15��\x9BM\xEF\x8D]OV\xC0\xC2Ò´\xA7\x9E�m,!\x83\x9A��\xD0\xDA�;@I{ÓŠ^\xAAv\xB3\xD4\xF4nn#\x91nU\xB7��\x8EPn\xCD-�;2�0\xB6\xD7Mof�MÅo \xEDvgJf�\xA3LN\xD4)\xB6\x91\x91\xB4\xC3��\xE2�\x99\xB1\x9E
-7\xB3R\xC0\xF5
-c#\xBC?Ջr\xED8$\xD0\xF5\x9BF_ي\x8C at o%\xE2\xD8CDM3dӵjW\xA2\xAE\xABB\xB3�4\x99\xB8\xBF `f\x91;�\xBB\xF9\xBF\xC3�\xF2,Uԓ\x93!\x86|\xE8�\xB0=\xEF��\xFDq\xBA(+\xDDL)q\x8Bm�M�c\xDA\xFEzgB
-}\x81�\x90R\xF1&\xED\x97u\xE1R]\xDA\xFCt\xD3L@\x8Bk]\xD9�k\xEB\xDE\xEF\xB98پ\xA0]T\xF6\xA3DO\xDC�\xC0\xB8\x90\x8F\xBE\xFF\xA2 l\xFB\xA2 \xBC\xDD$ú\xAFq57\x86\xB0U\xC0
-Q\xD2\xD2�\xAE\xF1\x9A@\xB8�\xA0k_\xAFio\xDA&\x8Cl�j�7?W�\xDE^\xFA\x8C+�\xC3\xD9�\x91\xC0\xB5\xC8Þ¹\xA8\xDC\xF8,d[×¾>\x8Fd��B\xDE\xEE\xE1Ç›\x89\xE1\xB6\xE7�\xA8\xF7>\xC6�\xA1\xBC9$N\xE3U\x99g\xF3\x87~W\xE4A\xEC�\xA9\xD6\xC5J0*j\xE6I=llm)\xB0In�G i4��%#ÚU�\xD1��6\x98�H�3Ó¦\x89�(u�q\xD8Ì¢\xC7,@\x81T\xB0=�蜶\xFDs\xC0U\x92}\xF75Z\xDAk\xF4)\xCDj\xC64\xA61c^,\xFEi\xF5�\x97f��K7g\x81\xEB\x8F�$K7H\x96\xAD\xE1C m�.纪\x88\x9C~u\x90\xF6'
-\x8A5I\x9E�4s\xA4F6\xB1ۜ �&�̃\xF4\x96\xD0#\xD5W\xC9:\xAFi\x9Bc \x87wI\xBE\xB6\xA0�5��!1v\xBD\xBE�\xC5GJ�* �!^\x9C2\xF0N\xC9<�\xCE�m�4&�\xCC/
-&C\xC1\xE2\xAE\xC0J6\x99>h\xE6\xFE$6 \x8A\xB2x\xA4\xACT�\xDE �k6\xA3;\xE3��\x9D\x81~\xDA�l9\xAF\xCD\xEF���\xF8-\xEA\xF2)iz\x86\xAC\xF7\x8Bl\xBE\xB0\xB9\x8D\x84\xDB\xFC(\xD4�.h\x8F\x99\xE0Ŝ\xDFر\xAF}��\xC4_\xF5{:�\xBF\xF1ֿ\xFC\xC7�\x9B\xEE�\xEE\xE8"\x8Ax\xCB�\xF9˓�0\xB1B\xA1\xEE<ܑ\xDC\xFD\x95\xC1\xAE\xE8\xFF�\xEC#\xC1 endstream
-endobj
-1444 0 obj <<
-/Type /Page
-/Contents 1445 0 R
-/Resources 1443 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1433 0 R
-/Annots [ 1452 0 R 1453 0 R ]
->> endobj
-1452 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [411.5778 224.7212 489.9929 236.7808]
-/Subtype /Link
-/A << /S /GoTo /D (man.dnssec-keygen) >>
->> endobj
-1453 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 212.766 134.1116 224.8256]
-/Subtype /Link
-/A << /S /GoTo /D (man.dnssec-settime) >>
->> endobj
-1446 0 obj <<
-/D [1444 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-226 0 obj <<
-/D [1444 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1447 0 obj <<
-/D [1444 0 R /XYZ 56.6929 749.3199 null]
->> endobj
-230 0 obj <<
-/D [1444 0 R /XYZ 56.6929 358.1001 null]
->> endobj
-1448 0 obj <<
-/D [1444 0 R /XYZ 56.6929 327.7578 null]
->> endobj
-234 0 obj <<
-/D [1444 0 R /XYZ 56.6929 131.9404 null]
->> endobj
-1454 0 obj <<
-/D [1444 0 R /XYZ 56.6929 104.2481 null]
->> endobj
-1443 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F11 1451 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1459 0 obj <<
-/Length 2589
-/Filter /FlateDecode
->>
-stream
-xڥY_\x93\xDB6�\xDFOᷓob\x95")\x89\xBA77q\xD24\xCDnn\xD7\xE9M\xAE\xED\x83֖ךȒk\xC9\xFB\xA7\x9F\xFE �\xA4,\xAF6\x97\x9B�?\x90�A �A\xE0G:\x9A�\xF8E��\x87Bez\x92f:\x8CE�OV\xBB�1\xB9\x83\xB1w��\xF3\xCC�\xD3\xEC\x94\xEB\xC7\xE5\xC5�oU:\xC9\xC2,\x91\xC9d\xB99\x91eBaL4Y\xAE�^\xFF4\xFF\xB4\\Og2�\x81�\xA7\xB38�\xC1\xFCͯ\xD3(\x8A\x82\xF9\xE5\xEB\xC5��zsyC\x9D\xB7\x8B\xF94\xD5\xC1\xF2\xF3\xF5\xE2f\xAA\x924\x86Y�\xCF�\xA6\x9B\xC5\xEBW<\xE3\xCB\xE5\xFC\xE3\xFB\xD7\xF4\xF1\xEF\xAB\xCB\xC5
-�\xCC/Y\xE6\xFC\xF3r�\x99\xE0\xEA#It\xBC7\xEF\xDF]\xBE\xBF|7\xFDc\xF9\xF3\xC5b\xE9\x97y\xEA\x8AH(\\xE3\x9F�\xBF\xFD!&k\xF0\xC8\xCF�"T\x99\x89'�\xF0!\xC2(\xCB\xE4dw\xA1c�\xC6Z)G\xA9.n.\xFE\xE9�\x9E\x8CÚ©c\xAE\x8D\x95 c#\xD3�\xDFJ9\xE6\xDB8��%\x95\xF5\xEDr[\xC0\x8Ad�\xEC�\xE5}\xDEÙ8\xE8\x9E\xF6L>\xE0\xEA\x8BUc\xDB5\xD16\xCDa\x97w\xFF\x80\x8F\xCC�\xEF7D\xEC\xB6<\xF7w!\xE4\xA1\xED\x88Ú¬\xBA\x82\xBBeKm\xDDÔ³\xBF
-+\xAFamÛ¢���W[\xD6\xEBr�&\xB6nVÞ\xCD\xFA\xAB\xA9\xB9W�ź\xC5\xDD��Í¢(\xCC\xE2X\xDA\xF5v\xA0S\xC9,\xB8-\xB05A[\xDE\xD5Åšh�e\xB7%\xAA\x95\x88\xA4\xAF\xC5�Q`\xC1\xABmY\xDF�\x99\xC7Í™\x9D�<Jg�|\xB1�\xB4�\xF9\xF3\xAA\xEA\xD5\xE5Ý‘\xA6\xB5N�\xB1\xB1\x92\x81\x86\x8C5L\xA3\xA0w�\x92\xDBms\xAC\xD6~-#+\xA5\x89\xBB\xE6\xBEX\x878\xFE\xC3[�\x9DD\x83c\x9Di�&FQ4\xE4\xD5]s /즳D�\xD8\xCAX\xF0�\xE2g�\xDFј*\xEB%\xE4(\xD7\xDC\xD6\xD4\xD6E\xF7\xD0�\xBE\xD2GsXö\x8F \x96\xD4\xE45OW\xCF�Q&8\xE0z\xF2\x8A\xB86U~7*N\xBFd\xE7\xAA\xD9\xED\xAB�\x83\xFC\x9B\xF3c7\xFF\xEC yY3%\xC2Trv\xBA\xAA+\x8C�-΂�wWGx�T~wgc�x\xF2\x96\xDAߥ\xD4\xCE�\xEC�\xF3*\xAFi؆\xA7�i7\x918\xEEËœF\xD6Ou\xBE+WD=\xEE\xD7�CQP`\x9232\x98w]\xB1\xDBw\xAC\xCB\xC6\xFC@�\xCDj \xC8�c~\xEAs�\xA4:\xCE�\xF1\xC8\xFA\x90\xF8Pblc\xEF\x96\xD9Ú²*\xEA�\x9D\x82_�\xF04\x81\xC3\xD0\xEA2a\x9A\xCA\xCC\xEA\xC2\xFC\xA1\xB4;r\xD0\xF1\xF9C\xE9\xD4\xE5�\xA4\x97-\xB5}\xEE \xEEXt[7\xE6Úœf\xF31+�\xEC>s�\xE0\xF8Y�w\xB7�\x93d@Κ\xFC\xD9��uq\xEF�\xF2\xFD\xBEȹ_\xD6'\x8A��\x95�\x8B//\x9FB\xE73�Xpf�\xCEy\xCAe/5\x92\xF3�$\xB9\x93\x9C\x87,\xABm^ß¹�Je'�.\xA1\xB0)\xCFX\xD6Ì—s
-\xB1�\xD6p�\xBC''ޱ\x8BZ��e\xA8�\xF4\xC6\xD8m\xC04\xBE\xF9\xB6\xAD\xA3g\xAD\xEE\xC8�\x8C�\x8Ckl\xAD\x89\x9F\xA6�\x84\xE8\xF5\xFC\xE3XX\x81!*�\\x97b\xC1\xE7\xC7\xF7e\x81;c㲨*�\x83T
-\xA0\xD7\xEC\x8BCÞ•
-\xABC�a�T,Z�\xA7y[\xB0�\xCF7\xA6\xED\xB6\xEC\xDA\xEFΜ\xE2QD\x94=\xAE>-\xAF 4\x8C\xB8D<�A<\xAF\xAF�\xF3\xE5b,ÉG\xCD<׋\x8FW\xBF.\xC6\xE5H湼B\x87r\xAA\x8A\xBCe\x83\\xA5\xB3Ф Y\x890(\x9E\xCE"!\x84\x8BYڂ\xA6\xAA -�ڑ\xAC�\xCAe�Fi\x9CX�s\xF0y�u\x9F\x8A%@��\xA9\xB6XqI\x9Buͬ\xFF"N\x88��
-\x9B\xD2"\xBA�\\xD3@\xA5\xAD\xA7\xC8B\xA0\x8C\xC4A1a�6�"\xE9\x96%\xADm}'\x9DD\x81\xF2B\x84\x87\xFC\xA9EDbtpl\xBDܜ�]\xAE�\xF1\xA5nj6\x85��\xFF\xB0\x82\xBB\xB8p\xCE=�Ri\x98\xE9�0�\xD5\xCC#\xACy]\xB7\xB0\xEC�\xEF\xC5\xE0\xBA8cV\xC6'6N1H\xC3\xF1\x9D\xD3��\x8D\x822�\x8Ad�\xF9\xADK\xDCֹ\xDC?@\xBD\xB4�\xEA\xEF\x8An۬\xBF\xB5\x9B)\xC1?<\x8A
-\xA5:H\xF0\x83\x80\x8FË¡><,\x89kPzZ\x83\xD2Þ*\x8D\x82\xA7\xE6\xE8\xF2g\xC1\x99\xB4c5\xF9\xDA�\x9Cs�\xA7K\x894�I\xAC\xD9e�\xEC\xA6\xC5a\x96\xA6 \xB8&L\xB5\xD2v\xE0\xEF#\x8B\xCBB�Õ“�.\xCC�U\xC1vo,0c\xCDl݃_.3\xB5\x8Dãœ\xF2|\xEF!\xFB\xC9P\xA7\xA9�\x86�\xF8\xA1�s\xB7R\xA1\x89Ò”�c�Z�e\xCDB\xB0\x83\xE1
-\xC6\xEC \xE9iHz_\xECn�\x89\xEE\x99���ɺ\x8EID\xB1�@\x8A?\xCDп\xBEni\xD4n�R\xFCF\xD9\xF3a7*�Y\x9C\xD2I\xA8\x93È°\xB9ß·(� \xCEP\xDC.X\x8C�E\x96\xCAan[\xE5\xC7\xD6\xDAm\xDC�Rw$\x90\xD4P{\xCB#�\x99#\x8D\x92\xCD`"\xAF\xDCØC\xFFI�\xFC\x8B=\xE5\xD9�p\xDBt\x80s\xEC�Ę��8�\xD9\xC3�\xA4�\xEC1\xE6�\xEC�\xC9"\xCFA�9\x99\xCBLÛ¸t\xE2\xEA\x94/8UÞº\xD2\xC5W%\xC4L\\xD7jW\x9F�\xE6�"(\xE5��\x89t\xD3\\xBBqi,\xA7\xE6\xC3\xCD�\xEA\xD8\xD3i��\xCEDW)˺/\x94\xDE\xC8=C\x88\xBAs\xD5|\xED:\x8C\xF2\xBA\xC3\xD4@\xE2\xF5ã«\xD3M3\xF7M[v\x80\xBC
-6\xADٜ\xA9\xA0\xED$#Gqb6T\x8FФ\xCA\xDC\xF1 \xEAC^vԣ\x95+\xBEF!e\x97?\x96\xBB\xE3\x8E>\x96\xCB_h\xB8䙞\x8D\xC3Qa\xCD\xD94\xAE\x8A\xE1\x88�\xCF�M\xFD$\xB8\xEF\x91)��\xE2\xB3DH�\xBB9\xA8\x88
-\xB3[\xA3laB2\xEE\xC8\xD8%\x95\xE2\x84�\xAD\xD4h
-\xA9��G\xD6+�\xA0\xAD\xB4\xC8\xD6F�\x90xS5�)\x9D9\xC7h\xE7�\xED�\x83\xD0\xF5\x86ZH�6\xFC4{\xC5Ar$�\xF6\xDF\xCB\xE5\xA3
-\xE3}\xB0\xA3!68PL\xD7�\x85ÜJ\x9B\xB1\xD5�\x8F\xFB\x92\xE4#\xF6� `?rS��\xDB\xFE\xAE,\xB5?A\x8A\xAF\xD4\xD8YU%�\xC6�\xF8 *\xC2�\x96\xEF\xB6âžµ�Z(d\xE5\xE6\x89\xE49iUA\xE7�w\xD3E\xC0\xE0\xAE\xCE\xE29Öœ\xDFU6\xB8T\xF5��\xA21*F \xDE F\x9E\x9Ff½&\xE6\xA02\xC9If\x8F]MH8I\xC6\xC3\xFB!�8\xE5'\xC1\xE7Oo\xE8\xC9j�Òˆ-\xF5\xF9ׂ\x86W\xFEV\x80c\x94{\xE3\xA0\xDD�+\xF2\x8Dq\xCF*\xA8\xB59p�\xECh�\xC1\x81_\xC0y
-I\x93032\xFB\x8E��@ᬆ\x80.\xD8 _DDh\xE40V\x9Acw\x96y\xCE_T\x90vW\xD4x
-p\xB9\xED\xF6\xE9,\xD94\xEE�aQ\x8E�\xB7\xE9\x8A\xC3�\xD7)\x9Er�\xA3�\x85l\xE29TK�\xAA\xCD��\xEE\xE0F\xB2:S\xF8? n\xAAjJ\xC5\xF6\xB6
-\xA1�\xE8�HS.�\xF2\xD5\xD6B� س\xA7�@\x86U\x87E\xCDވp\x80\x96\x84=\xBC9\xE7\xCCn\x8F>v\xC0UϷT� \x95\x99\x87�\x84ug\xA0\xFC\x8E\xEA\xFD\x99\xF9\xA9 \xEE\xD8mms�\x91�\xC90\x8D"=��Ft\xE5\xAE�\x91\x98 at H)\xE3\xD8\xF1�\x8D03\x86\xDB\xEC\x86\xCC�\xC7\xE9*�$\xA9Oa:�\x96�\xA1�"�\x86֋�^\x81\xB1�\xD0\xE7 \xC3ˌ1<\xF5\xE9q3#Gb\x87R\xDD�\xB65Y(\x93D\xB2\xA4�\\x8F\xF1\x8A<\xA2R\xA7�\xF9\xC2!\xACW#k\xD3 \xC1\xB4\xFA\xEF\x87L\xA6q<<d\xF8�\xE9\x82�\x92\xE8�\x91 ��\xB8Kg̽AJ\xF7
-*e6\xB8�`r\xB1 [\xF1�\xF0p\xC2\xDF�(\xC1}�\xD6b\xC0Ô\xB3O\xDEa\xA4\x92\xC16o\xA9S7�u\xE8}\xA2\xB8/\x9BckmT
-\x92�e_ HÞm\xE8QR\x976
-0\x85ʲ\xB4;\x85UR%�#\x9C\x8D\x92XW3$\xD7��l\x8E\xE4�\x96\xEBt9#\xFF<\x96\xAB\xAFΨ\xBC�\xCB\xF2\x80w\xDA�*�\xBFf\xFC\xD4<�\xEC2\xAE\xDB�\xB9'u8\xEB��9[g\xBE\xF63\x82\xAA\xF2�c\x80\xCC?\xA7�\x8Fe\xDBy\xAA\x9Fٜ�o!@8\xD19ǿ\xF2,\xF5�sK\xB5\x9E�\xA9ط\x83\xD7\xEF\xD9\xE9�zY\xAF\xB8&AQ\xB6ᅅ\xE2�=\x93\xF5�\xEC\xCF\xDF\xC1�\x9BPt\xEDΞ\xD8�z\xE66\xEE-ރ\xA1\xDE�\xF4\xCD\xF3G\xFC\xEF\xD31\xB2<\xBEZ\xF0%��\x9E\xDDyc/\x8E塿\x9E\x9C\xA2� \xDD\xE7U\xB9.;\x9E�\xD7\xE9\xB2Y\xF3\xC4�\xC6\xD1R�?>\xD1\xC0\xBA\xD8\xE4Ǫ\xC3\xDD\xC8�\x87\xE1\xCD\xF0\xDA\xCD�ە \xBE\xCB\xD4\xD4*\xC1\x82򧖥P1�\x89ʇm\x89\xFF/X\x9C߽\xF8|\x9Bo\x8A\xE1\x9D` q\xBE]G{\xFF��Oߚ,\xD0�_\xFA\xE7L\xC5!\xFE\xDD5\xF2?\x97\xF0�\xF7\xFF\xFEW\xAD\xFF7��\xAD2F\x8E\xFFa�X�\xD2p\x96:\xA3Ѕ2=\xB7\xDC\xFF\xFD\xF6\xDC\xF4\xFF \xF1�\x8A\xA8endstream
-endobj
-1458 0 obj <<
-/Type /Page
-/Contents 1459 0 R
-/Resources 1457 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1433 0 R
->> endobj
-1460 0 obj <<
-/D [1458 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-238 0 obj <<
-/D [1458 0 R /XYZ 85.0394 464.1469 null]
->> endobj
-1461 0 obj <<
-/D [1458 0 R /XYZ 85.0394 435.7636 null]
->> endobj
-242 0 obj <<
-/D [1458 0 R /XYZ 85.0394 385.2856 null]
->> endobj
-1462 0 obj <<
-/D [1458 0 R /XYZ 85.0394 356.7468 null]
->> endobj
-246 0 obj <<
-/D [1458 0 R /XYZ 85.0394 181.1837 null]
->> endobj
-1463 0 obj <<
-/D [1458 0 R /XYZ 85.0394 152.645 null]
->> endobj
-1457 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1466 0 obj <<
-/Length 2407
-/Filter /FlateDecode
->>
-stream
-xÚYKs\xE3F�\xBE\xFBW\xE8HW\x8Dz\xFB\xC1\xE7Q\xB15\xC9d\xCB�\xAF-o*\x95\xE4@\x8B\x94\xC4�\x89Ôˆ\xD48ί_\xA0\x81\xE6C\xA2=\xAEJJ�5\xD1h \x8D\xFE\x80�H5\x91\xF0S\x93 �a\xA2\x93I\x94\xF8"\x90*\x98,w�r\xB2\x86\xB9�/�\xF3L�Ó´\xCF\xF5\xC3\xE2\xE2_�M4ID�\xEAp\xB2X\xF5d\xC5BƱ\x9A,\xB2\xDF<_().A\x84\xF4\xAE\xBD\x9D\xDD|\xBA\xBA\x9C\xEA at z\x8B\xFBLJ�
-g\xB7W?}\xBE\xA7\xF1\xCD\xECv\xF6\xE3\xFCf~�s*ґw\xF5\xD3\xECn1\xE7Y\x9F%ͮ\xFF{\xA9\x94•\xF3k\x9A\xBA\xBE}\xA0\xC1\xC7\xF9\xEC2\xF2\xBD\xC5\xE3\xFD\xFC\xE1\xF2\x8F\xC5\xCF�\xF3E\xBB\x93\xFEn\x954\xB8\x8D\xAF�\xBF\xFD!'�l\xFA\xE7�)L��\x93gx\x90B%\x89\x9E\xEC.\xFC\xC0\x88\xC07\xC6Q\xB6���\xFFi�\xF6f\xED\xD2Q\xEF\x81�\xB4 \xF5\x88\xFB\xB4\x9A(%\x92 \xD0�\xFF�\x89�\x8D6\xEC\xBFD\xC4\xE0�)\xA5w\xFB0\xBF2w\xB8\xBB\xD9\xFD솶{\xA8\xB6\xDB\xEA[~\xA8\xE9\xF1[\x91\xD2\xE0\xF1\xEEzv\x99ho1G'\x80*\xDD;)9\x99j��+\xDF\xEA\x98e�,
-}\xAF\xD9\xE48�\xBC2&
-\xAB�A\xAC�h\x87K�{\xF9\xB2\xB2\xFF\xBC\x92\xF4\xC2\xCA\xEC\xA5LwÅ’\xA8\xC7}\x9669�\x9A \x8C\xF7\xCB&/�j|\xA7& 5D[nÒ‚\xF96iM\x83\xA7\x9C\x96�\xDE:/s\xABw\x8A\xDBÂ\xB4�\x84\x8D\x80\xB2\xEC�h3\x8At��\x9C\xED i\xBFKi\xD2u;\xD6\xF96\xA3\x87\xE7b\xBB\xA5\xD1�/\xFF\x8B\xD4U\x88<�x\xB3\x86\xC8ͦ\xA8i\xB4\xAF\x8A\x92\x89/\xD5��\xA1\xB7LK\xA2\x90\xABvp at n��*\xA7\xF1ļ\xC1\xA6(\x82\x86\xEEFg*��\xEBB8g+��\xCEo0\xA4]\xE0艹:;\x98;]5\xB01;l\x9C(:\xAD\xFE\x82\xAFǼnX|\xB5\xDBo\xF3&\xAF�\xE3i ]0\xD9�BK�\xB5\xA0M�\xB4WU \xF0l\x8ArM\x82V\x87jG#\xDC:\x9BPu�\xF3�^)&�\xE8.\xBB�\xF0\xC6\xFFx �p�\xD21 \xEDG\xB2�\xF1L��XU\xE0\xA5�\xF3\x81\xEF\xA5%�Î��#\xAE×\xC3q�8\xCF�\xE0�\xDCc]T<QÔŽNNc\xC3Z~\xBB\xF3�\xFC\xF2��\xE3\xCE�G\x9BÔ¢\xC7H��D\xF7\xE0<q*-y@�3\xF2�\xF7F\x9EE\xEEk\x8AR\xD2\xE2\xB0O\xC46hh\x8CA\x83A�0�qA{~\xAFll�\x9C6\xA61t�yE�\xE6'\xF8\xEC\xF0\xD2�Wp\xE2\xCB \xA9d\xEDK\x9E\xBD\x8DѰŨ\x92\xEF�\xA99G\xE9\xF7\x93j�\xD2$"\x90\xC2?\x83\xD4\xC8\xC4;\xD6ykd'#\x8CD�%!\xC8B�e\xCD!y\xAE\xCC�\x84T\xDA16,\xBF\x9Fn\xF09\xB5\xAE\x86\xC1�\xB8\x93\xF8��51>�͆\xD7\xD2_\x87�|r�\xE01c\xC0�4'$VE#:%D�`A\x8B(\x81��2\xDB߃\x82y��\xBD\xE8xo\xB6R\xEA\xBBH\xA8\xF3\xE5\xF1\x90�\xA1P\x94L}?�\xC04J�
-=\xA4\xF4W�\xEB\xD2n[%\xDE_U\x99�\xB5\xE1�Dz\x9B\x87\xA7\x9A\xCC\xC3sk\xAF[x\x80�\xE8�I\xC8rL;\xAC\xC0:�\x85m\xF2\x96\xEF\xDF\xF3_i|\x8E�\xF8_Ñ™\xEF�\xEBØ®\x91�*\xDD\xE7bn\xD4l\xD99\xAE��\xB86\xFE;p\xAD\x85�\xB4bF\xCC/P�\xCEl\x86\xD2\xC6:)m\x8Ed\xB3\x8D$ߥ�\xD4�\x9B\xB0l\x8C�$Yt�\xA7\xE2$ Ô´\xAE\xABeA8k�px\BYyC\xE4S\xDFX('FÄÇ\xF9\xED=7viS,\xE1<^l\xF5\xDA^\xE5�\xB7\x9D\x94&\xFD\xC2r\xF6\xDBt\x99\xFF#w\xB6=\xB5�lN�B\xE4f�/_\x8F�;\xB6\xD3q~\x92Q�\xB5=\x94\xFDt at YYC L)�\xA6M5}# \x94\x8AE�9�T\xFB\x86\xAF\xCB.\x9A\x9C\xEF\xEA\xBCi'\xAC�?\xEEɉ\x95P\xA1\xEF\xE4\xBC\xE4\xF5\x88.-\x85\xAF[\xBCQ��1j`\x8EPq\x948H\xA6;H��\x98\xAB�iP\x8FGQ�\xB7\xA0\xB480\x90\xAB!\x91kr*\xDD)\x9F\xEC\xF5l\xB0\xB8(p{�\xA8\xF2-VHÖ¯x4\xD6"\x80\x96\x89\xA5#L\xA6\xE4V\x92\xB5� 7\xA9\xDB\xC2УR \xED+w�\x946pM\xDD (v\xB9\xADKA\xAF-U\x81�wN\xE6Lj\x98sS�m)
-lO\xBC\xFA\xA4\xB8ข �\xA6r\xED\x88\xEEl�{\x99\xAA�\xC3C\x9D\x84�@\xBEz�;&\xF0\x9C�\xB4\xA7T7y\xCA\xD1\xF2\xBB�d\xC5`/\x9A\xD3\xF0 �\xA7\x98�\x80Q\x8D&\xF9)�?\xBF\xF45\xA7\xFA\xBB\xFCPT\x99M\x9E(\x93\xE4u\xF9\xEB\x8Ddn\xCF9
-!\xA1\xBC\xD0\xC0\x82\x9E/*|检\xD1\xF3\xA6Xn\x98\xE9\xB8\xDFW\x87\xA6\xA6\xA76s\xE3�\x851\xE6)_F�F^N\xD5�\x8C\xF6l\xADM�\x96\xD2\xF3��\xEE\xEF!r\xEA\xBEÞ‘R\x8C\xAA<\xED\x87^Y\xA1c\xFDȵW\xFE@\xA4\xCD[@\xB2=�\xFE�/\xA7\x88\xE3\xB6!r\xB5\xA2\xFF\xBA\xDA\xE5\xC4Ѧ$\\xB4\xC40�T\xF2P\x89\x80\xBC\xFD4N\xA4m\xB1Ê›b\x97\xB32>jk�KÊ°\x9AwF\xD5�ͦ\xF5\xD8}\xE4\xF2I\xBD'��Tm\xD6�x� \xDB\xCA\xF1`/\xCD\xDC\xC5α\xA7\xB0\xB2ͼ)\xAFI��S\xC6gU.\xF3w\xD7�\xA6\xDFÓ³\x9C\x92m\xF8|\xB7\xF8\xFC\xB8� \xAF\x93>\x88pr\x8EV\xE3�ß—\xAE8\xACJ�� @xZ\xB2s\xA8\xD6A\x8Am\xC7q\xE0.P\xE4\xB2�(\x8D\x9F7y�r<��M\x9F\xFB\x9A\x93ugu��ms\xD3_\xC0q�#n>x\x922,oc \xDF:\xB5\xA7��\xF4�\xCAFO\xD9g\x9B\xF4ĈגP$*\xEE'\xFA1\x9FA\xDER\xC6\xF9\xAC\xF3�J\xB6\xEFR\xF0\x9D\xD2\xFC\x81��`\xF0\x8F\xE63O\xCF7\x96c\xC3�w\xBE\xB1�)\xB5\x80hk\xD7\xFE�W\xCF\xC2\xD0\xFA\x84\xEAg#EdÔ‰/vÅŸT\xC1È3\x8CV\xAF;CI#" \x92߃\x90\x8A\x9D7\xB2
-w\x89jlʰ\xF2\xC9AD\xB5\xF7�\xA1H\xBB7/g6I\xB2\x89x0k ɾ'\x81\xE7\xA2̊oEvL\xB7D\xEF�I\xD8z$\xE282o\xBD�\xC1KMi\xD6�A�7_\xD1"Uv=B\x92\xD87�5Q\xF1�\xF1\xFF\xA9\xE3\xA2\xEB
-\xF9\xEC\x9D-e's 7`p\xBB\x81\xA9\x8Ay\xEDn\xA4�\xEC�Y]X\xC0Ը\xFA\xF1\x8E�\x8D\xE9\xE5�_ at t\xB8|\xE2Ka�(\x8B\xDC+V\xCE&\xD7m;\x80m\xB9\xAD2�GW�\xCE\xCA\xE5\xC6ݩ7i\x99\xAE\xA9D�\xBF\xEDb�\xA9\x84\xD2\xCC�\x9Fn\xAF\xC1\xD4PzP� \x89��\xF8\xA7\xE4v;;.-:`\xBA��<\xACl\xD5 \x9C\xF7�\xAF\x88�H\xA5\xF0\xA4\xE2\xA8w\xF9���aO\xD3�{\xCAV\xE2̮\xB5�\xAE\x90\xD0$\xDE#u>v�\xBD\x81CMyw\x99\x8C\xBD�\xC4\xE2\xA3� ��L\xDA��Du\x9D\xB6�M_\xF2|\x8F\xA3�\xACO\x97_\x88hq\x80\xFD\x9D=\xBB\x9A\xE7y\xC5\xF2P\xD8⟞\xA0�\xA3\xB6�8\xBE\xE4/5Q\xB1\xFB\xAE\x8E
-=Pq\xA1�~y\x85$\xF2\xA9k\xC9p\xAE\xDAc\xBFܒ+\x8A\x99�\x8B\xF48�\x86̮\xED)Z\xFB\xFA\xC57Ծ\xD8ѯ\x8F \xAF\xAD̑\xB2}\xEF;?%\x85\xEB\xA2\xE9\xF5|\xBA-\xB2\xB4k\xA5\xEF\xF3\xBA\xDA\xE2\xF5\xFA\xFE�|~g�\xF4e\xBD\x8AAR="\xBDo\xA4\xE4�sȚH\\xA2\x90\xAE\xA96t�8\x83/],\xC1b�)\x88I�Y�\x98j\xEB\xEDV�
-h!j\x89�Q\xB8�\xB0݆Ʋ\xF3]\xCF@\xCA\xE8\xAF-��\xAAk\xEB\xB1��\x83+\\x87F:\xB8RhdS�\x9Es\x87\x861\xE4�\xE3\xB2|\xDB�p\xCB\xF9\xA9�$\xEDz\xE7\x9C>Y\xD8Q\x81\xE3\xDA¥\xABt\_\xB6\xAA\x8E\xAED\xA1~\xA4\xFFm\xC5\xC4pEE\xBE\x9E\x84\x81\x80�\x9E\xE0G�\x9A;\xAC'4\xB8\xEF}�i٧=~\xFA(2\x88\xBES\xA9\xB8\x9D\x87|ٙ�
-
-MЩ5\xBEI�NQߚ\xB3/3-\xD3\xDB6\x9C\xC9j\xBB\xC0\xB1oK��\xF8AhD\x9Fl\xA3\xE7ow\xEA>\xC9\xF9ЅƱ�\xB7\G\xB1\xF0c�\xC2F\xA1\xE1:>\xB3\xDC}\xA0:7\xFD\xFF:\xAC*\xEDendstream
-endobj
-1465 0 obj <<
-/Type /Page
-/Contents 1466 0 R
-/Resources 1464 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1433 0 R
-/Annots [ 1476 0 R ]
->> endobj
-1476 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [379.778 61.5153 440.978 73.5749]
-/Subtype /Link
-/A << /S /GoTo /D (managed-keys) >>
->> endobj
-1467 0 obj <<
-/D [1465 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-250 0 obj <<
-/D [1465 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1468 0 obj <<
-/D [1465 0 R /XYZ 56.6929 752.3958 null]
->> endobj
-254 0 obj <<
-/D [1465 0 R /XYZ 56.6929 692.682 null]
->> endobj
-1469 0 obj <<
-/D [1465 0 R /XYZ 56.6929 665.3376 null]
->> endobj
-258 0 obj <<
-/D [1465 0 R /XYZ 56.6929 608.5887 null]
->> endobj
-1470 0 obj <<
-/D [1465 0 R /XYZ 56.6929 581.2442 null]
->> endobj
-262 0 obj <<
-/D [1465 0 R /XYZ 56.6929 536.4505 null]
->> endobj
-1471 0 obj <<
-/D [1465 0 R /XYZ 56.6929 509.106 null]
->> endobj
-266 0 obj <<
-/D [1465 0 R /XYZ 56.6929 404.482 null]
->> endobj
-1472 0 obj <<
-/D [1465 0 R /XYZ 56.6929 377.1376 null]
->> endobj
-270 0 obj <<
-/D [1465 0 R /XYZ 56.6929 320.3887 null]
->> endobj
-1473 0 obj <<
-/D [1465 0 R /XYZ 56.6929 296.0091 null]
->> endobj
-274 0 obj <<
-/D [1465 0 R /XYZ 56.6929 211.2169 null]
->> endobj
-1474 0 obj <<
-/D [1465 0 R /XYZ 56.6929 175.5135 null]
->> endobj
-278 0 obj <<
-/D [1465 0 R /XYZ 56.6929 119.4006 null]
->> endobj
-1475 0 obj <<
-/D [1465 0 R /XYZ 56.6929 92.0561 null]
->> endobj
-1464 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1480 0 obj <<
-/Length 3064
-/Filter /FlateDecode
->>
-stream
-xڥ�ko\xDB\xC8\xF1\xBB\x85\x80��\xD5D,\x97\xE4\x92\xCB\xEB'_\xEC\rn�\xD7\xF2\xDD\xE1p\xB9�4I[D(R�\xA9(\xEA\xAF6�\x99F�-�x\x87\xB3\xBB\xB33\xB3\xF3\E-<\xF8\xA7�F\xBB^\x90\x84\x8B8 ]\xED)\xBDȶ�\xDE\xE2 \xE6~\xB8P\xB2fe�\xADƫ\xBE\xBF\xBF\xF8\xEB\xBB ^$n�\xF9\xD1\xE2\xFEqD˸\x9E1jq\x9F\xFF\xE6\xBC}y{}\xB7\\xF9\xDAsBw\xB9ґ\xE7\^\xFD\xBCTJ9\x97�\xDF^_\xF1\xD4\xD5\xC75�\xEF\xAE/\x97q\xE8\xDC\xFFtw
-\x988\xD1>lSJv\xDEÞ¼\x95uR\x8A\x81Ïž\xF6\xDE\xDE-\x83\xD8\xF9\xF5\xF6~\xA9\x8C\xF3\xE9\xE6�\xE0dv\xFD\xD3\xED\xED'\x9A\xBD_\xFE~\xFF\xE3\xC5\xF5}/\xD7Xv\xE5�(Ô¿.~\xFB\xDD[ä ‚�/<7H\x8C^�\xE1\xC3sU\x92\xF8\x8B\xEDE\xA8�W\x87A`1\xD5\xC5\xFA\xE2\x9F=\xC1\xD1,m\x9DÓ¥�\x8C\xAB\x8D�\xCF(\xD3W�\x903\xD1ÚŸhS'n�\xF8�i��u\xFD\xE5Jy�h\xF1\xD0m\x9A}Ù¥]\xF9\xB5�i\x8B\xFD\xD7b\x8F\x82�9t7\xDEb\xE5×6�ѹ_&\xBE\xD3,WA�;m\xD11p\xD8\xF1\x98\xD62N\xE9#\xEA\xDFM-\xD0c\xB3g\xE0\xEE\xDD[�@�\xC5P\xB7_�\xE7\xD0v\x96\\xB6\xB1\x8B\xB7iYwE
-\xA8\xE2
-`\x92\xC8y*\xEAb\x9FvB\xB5;
-Sx\xA9\xFD& \xE0Z�\xBET\xC4|)N(#J\xD5k�\xA4j˧\xBA\xAC\x9F`\x8DgpM\xCB�ÒºYß´\xB2�0\xCC< \xDD��\xF6���L,4\xA1\xB3�*\x93Yc\xC5�\xE8Xv�\x86�\x958\xCDc\xBFz\xFB7 \xC1ÔºM)gÛ±'\xF5\xD9\xF7\xC34C\x8D"\xC48`\xCEe貪\x98(\xA0^\xB5s2�7e\xB6\xE1\xCB\xCE��\xEB\xA6c\xA0%\xCE�\xA2\xE3�`\xCE�JY\x89\xE23pvÛ¥u\xBEz81�\x88E\x95\xB9\xF6P_\xB9Ah\xF8\xD0\xCB\xFA�+\x94v\xBE\xA6U\x99\x83=\xA0\x92\xF1\x9Bi\xB6M\x85V�\x98\xA8\xE7�&Qv�\xB3\xA6\xFE\xECy\xFEÓW\xE7\x8C\xED�\xDEph�Al�`\xF50�z�d\xCB\xCB\xD18\xF1\x9B\xCC��4\xBB\xD56\xADÓ§\x9Ero~\xBC\x81\xCCo\xA2J�M\xC7�\xB5\xED'p_é—‚!\xD0%A\x86\xAE\x95\xE662e\xF5\xC5_hP\xBC\xB0\xAC\xCF�\xA2\xCE_\xB5�CX\xBB\xB9\xFE\x95\xE1\xBB;p\xB57|\xBF@\x8Aw\xB7]\xD3_��\xD92D6J\xC0\xA1;�K\x8C\xE8\xFC\xB1\xE0�<É\xB3\x93{\xE6\xC6;\xBF\xA2D\xF5rÛ¹lSd_�!2(k7\x80\xDA�\xFB\xB2\xC9\xCB,\xAD\xAA��m\x92\xC0\xB3�('}옲\xE7��\x8Fyzji\x99r\xCA\xC73\xCAuqd�:1�d'0\xD3v=c\xB0\x9Ay\x93\xC3\xE0\xBB\xE6EHgF\"�\x84\x89�\x87\xD0�z��~\x96�K\xE5\xEC:\xB4�D<\xC8R\xF6I \xA6*B�Z�\x8D\xBC\x83\xCC^6
-\xB1
-\xE7ml�\xF8\xD1�=] *�:vm�-\xB72+z\xE3��'4jp�ʛ\xB3V�c\xD7a䄕* B{�7Į\xF2\xC1Ӷ\xBB\xAA AQm\xBE\xE5�VX\x97\xC2E\xE4R\x88\xCC(\xD0�\xF0 \xABX�_\x9B/B\xC0\xF0%\xD3i\x96\x92\x84B<\xEC|;��"\xD1TU!\xFB�P\xA9�:\xA4\xD2\xCC\xDD]�\xAC\xC04\xAA\x93D+\x92\x96<\x9A��\x99\xDElpbKW\x9ES\xA4mY\x90ۃ\x83�\xD3�c9΀�W)\xAA�\xE7Rƌ�ZYs\x84Y\xF2g@\xC8*\xF1�\x9Ch\xA7�9ry\x89\x8D\�V\xB7龓�8�I\x80\x85\x85\x8FEj}YhA\x94\xE1d\xADF\xC9:0�\xD4�\xA1�IQ\xC0\xBCn\xDB"[�\x83\x90,gr\xFB\xAA_?Q+\xDE\xDDs\xDA*q\xC3HES\xD2\xC8(\xC9\xF9\x9Cx�\xBAQ�e�\xAF\xC74�*\xE7�:u\xA4HE\x91U]\xA4$;"*e\xC4\xEE\xF0PA\xE8\xE8ʦf|N\xA9�\xA7J\xC1\xB0\xF2 إ-FG?�\x8B:tr\x80,"\xFB\xEDɨ\x9E\x8C\xD7\xE7�\xA4\xD82\xEAPcI\x83\x96\xB2\xC2\xCA.RSG\xE2\xDC\xCF�Hla\xC4�h\xDF��=\xA3B\xA3\�E\xE1�*$R\xAB\xF5\x8C*M\xECz �-\xEF\xB3\xE9\xDF\xC6cd\xA5\xAC\xB3\xEA\x90�
-\xE1\xCB\xEBs�"%bs\xCE\xC8\x{DBB3}
-ȇ\x88@\x9A\x9C�B\xE5�\xA2\xA8\ 5\xA9ȸ QtVj\xF0m\x82\xFF\x95\xDDw,O\xA8\xA65e�\xB8\x81�\x84\xB4\xFC\xCF�\xE9\xBC3k%\xD4\xEA\x86G.\xC9�\xF3\xC8#\xC5"B\xDC\xF2X7GA\\xF6\x88\xD7\xFE\x89\xE1!
\xE2[\x8A\xF1Í\xE5z\xCF"ä”\xE1B\x88\xDC\xFA%VΈ>\xAF\x9B\xC72Úº�\x8Dt\x88\x96\xFCM&�\xF6\xB1\x8AL9\xB2\xE6�HÞƒ��\xA4\xB7/\xF8\xA66`\xAE:\x98ZÖž\xCFx\xCE[�\xBBA\x94X{\xA2$@\xCESP\xAED\x8E\xF2\xBC\xC8]N,\xF7\x9B\xB2\xED\xB1-s\xD2\xF3vw\xFD\xF3\xA7�\xEA\xC4p\xD91Љ\xA06\xE5\xAE|_\xBB:�\xF5T\xED\xEC\xFDÔˆyA\xFA\xD4J \xAF%v\xB3\x9AV\xB6\xCEo\x87�\xF5\xB9E)\xD0u�\xC7Öµn\xE8X\xED&q\x8C\xA6\xE9\xC6a\xA0i\xE2/\xE3\x89�Þ•\xC6\xE0LQ~䆞�\xA2\xBD\xEAó\xB0�\xE88\xF8\x9F�\xDE\xED1>\xCDÝ’\x86fP)K��áª*�4�\xF2j\x90wZm��Uoc\qK\xFDCS}\x95�È‘\xCD\xF5�mZ\xC5m\xB9��\xE8A\xE6\xD0?(\xBF�N<�\xB0�
-C#"\xA3\xAA\x80g\xB8&OF%`ϔ�w\xCAr7\x93\xED\xB9ٱ\x8D\xFBZ\xB2\xA5\xF6\x86\xEE\x8D\xEC�*r1\x95lҹPYN�TZK;t\xCD�r\xC3P\xA1\xBA\xD4\xE9͔
-\x9F\xB8z
-(s\xE1\xC0ec\xE0I ��\xF6�\x84&r\xD3�*\x86�J\xFC\x82B�\xC1\x91;/\xC2P��FQ�\x90T\xF93X\xCA:\xC9[\xB8\xB2\x94\xA9t\xB7+\xD2=�\xCE� \xA5݄I\x89\xE13\x81\xAF.\xB8\xB6\x8F\xA0MzJ9\xB1\x86|ш�J)\xC0r\x94\xD0�\xAD\xB4\xADl)��m�\xCEKeK\x94N\x8C\x93xq\xD6\xF6\xC5!\x95�:t\xDE7\xC7B0�\xFDL\xDF/6\xC2S\xC6 ];;.�\xB3\x82\xF9\xD2p0\xDE\xFD\xA9�mm8<x\x8C\x82\x8F\xF6F\xBD\xF1&\x95\xF0#\xD1\xF0YI\xF9p:\xEB\x94\xCF\xFA$\x8D\xA5\x85\xDDZ\x8A\x89�Sksb\xB2C�ɼ\xA0\xE1\xCD�\xA9\xEBB\x8E\xE1\xBE� ~.A\x88;= \xB6\xCD\xD8\xD2\xF3\xA2K\xCBJ�l\xEA3ym\xA1\xDD\xF4\xEC\xB6YQ\xA7Ыͷ\xF0\xBF\xB00>W\xBF\x81\xA5�ߜ8\xFCĪ*\xF0\xCE��?�@�\xEDٶ�W<f\x9B\xB4~*ZZ�b�ÛӖ}�\xE9\x9Ex\xAB\xF2\x8DP\xE3\xC0�S\xC7=�=/�\xEC�Es\xB0\xB3\xE8 8FZ�\x9A^HBgݼ\x99\xB3\x92^\x87\x92\xCEߜ\xDD\xEE`'}M7\x89\xFFI\xEC\xAA0\xB4e\xF1\x8D-
- W\xBB\xAF=O\xBF\xC6�7o&\xBA\xAB vC�\x86\x93\xA2\x8E\xED�\xF6\xDA�\xF6¡\xDAw\x8D\xE9S\xC3ܡ\xA0\xB2?v\xA8$\x94� \xA8\xD6c{\xF7��\xA8\7\x8A_\xD7|c\xAB�DmR\xF2$\x80>\\xBD��\xF0\x91uԈ�\xBA4Ʀ;\x88ԨV#m!"9\xBF�\xA9\xBD\x8D:\xB7�cl\xEBnl\x96 \x9A‡D\xB6\xE9\xE1\xF28�\xAB2\xB0\xEE2\xA7\x9B4`f\xE9\x8B�\xA2Š\x93\xE2\xAE(\xB6\x81\xE5\xA1*\xB6-\x9A�\xF4�C\xD1f\xA7aC\xDD1�\xF3ț\xD9Z\xCCw#\xF0\xE6?؃E\x89�]U,\xABE\x88(\x96\xB79 \x86wN\xAC
-S\x99\xE5\x9A0\xB6�T\xCC\xCF%\xF4h\xDA\xD0��\xAD�fۉ�-J!\x95\x99\xEF\xFA\xBE2\xF3o\x85\x90�\xB7\xB6��\xAD\xBA\xFC\xB6$U!,\xA0G y\xD7\xEBo��Ԛ,�pM\x96�\xF6��\x97ʺ\x97\xB2\x8F:JY\xCBR\xE3\xF7F\xA4\xB7/\xBB\x8E\xEC@)\xE9\x9F\xD5\xD06\xB7\xE9V\xD6\xE5\xA548]\xB3\x97cY\x88\x99\xAC\xB7i\xAA܆c\xE2�ä(M\xF76\xAE\xB9?‘\xFB\xF5q\xC0\xE5�k\xDFIg\xE3\xE6\xA7*'\x8A!\xE4\xCAb\xDFB&k\xF9\x8B
-��\xBF\xFF\xF0񊡄\x87\x9C�j�\xCA\xDD�F\x9C,Զj m�,\xC0\xAC1;\xCA\xF3\xEF\xF57~\xF6\xCA\xCAV6\xC8<\x94r\xE4Ab+\x80l�\xA1\xEE�\xAFo\xB6\x91ź_\xD4ΧV�\xDFDα\xE8o\xCB�o\xF29R\xFC6=\xCB_\xCB\xE6\xD0\xF2�#*�\xF6\x9C �M\xDD5N�\xAF&\xEAy5Q�u\xA2\xE1\xD13g\xCAtC\x80\xDF�\xAA\xAE\x84�\xC8_cc(�\xD9j\xE97\xE7[f\xE4ۦ٦\xAC\x8B\xF3\x84(A\x91\xAA+~\xA5Ʊ\x{D834F8}\xB0\xD3}\xF5\xA5\xB9RԓWX\xFC�\x89\xCE�\xFA� \xB0\xF6\x80Pƒt\xDEH*\xCF\xC5q[{\x8A=}�\xB6\x84\xADzt|�\xBAx\xC4�\xFD\xAB\xAF0\x87\xAF\\xB6\xF0\xD71\xBFl��\xF5\xFBB\xB0\x9CV\xF3�?�\xFA}\xF0\xA2R\��=\x95u*\xFEu\xA8\xE7\xF63\x801\xDC\xED#\xA9
-AՑ/=4TE\x911\xFDoXJ~\xC1z\xE9׼\xFDi\xD7A\xCF3\xFC\x8A\xD7�v\xBBf\xFFr\x83�%�\xFF\xB0%�C_(�\x80�o\xE9�\x8A\xBFo\xD8e|\x87\x8Fy\x82�dC\x98\xC0Yc=\x97ڷ�\xA1"\\xC0G^`\xFBV\x93)\xC2g\xCAîJ;\x88(\xDB�\x96u^\xEC
-\xF8C���\x97\xB7��\xE0\xB0� �>8/k\xEAN
-\xB9\xB9\xBB\xB2\xBD\xCEFX:N:!\xC8G��\xAB'[;懪\xAF7@\xE4\xF7\xEB\xB4\x83�\xFBv|�!\xB3A~\xD2\xCDH\xCFR\x80~-\xB3b\xBE\x9C\x94\xA8�\xB9(\xE1�eSÓ—\xBA9\xD6\xF2\xF4!9\xF7\xD8\xEC\xBF0ƾ�\xCA�}\x88B6\xBF\xC3W\xC5P�r�\xB7>Ô¼j\xFD\xF6\x921�V_\x84:g�\x93)�\xF6��,i3\xC0��\xD1��\xA5�2MÑ¢g\xCF$�\xA85I�\x81\x81ʲ\x82\xF2\x99\xCA\xDC\xC4\xF9f"\xDC�Jׇ\xF3|k0w\xB9T\xCE\xF5-\xC3`L;K\xA0.:�u\x95v���\xF2�X\xC1\xFE�\xF0/=\xE9\x93\xD0`\xDD\xD2�\x9Ee\x8F&DE\xB0\xFE\xAAx(\xA9]�\xEC\xDF\xCB\xFA\xF0m\xB6\xF0�\xB8\x86��\xAEÏ®\xFB\x97\xA5\xC6X\x927\xC7v\xF2�1\xC1\xBE\xE7�\xEEK\xBF\x8ACÅ?e\xCF\xFC\x86\xED\xF5?S\xFFß¿\x98�\xFF\xB5 \x8C\xDD\xC0�\xF81|\xEC\xE4\x81�\xB9�\xEA�\xCB�
-\xEE'\xE7\x9C\xF7?\xAD?g\xFD?\x9D\xFB\x94\x83endstream
-endobj
-1479 0 obj <<
-/Type /Page
-/Contents 1480 0 R
-/Resources 1478 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1433 0 R
->> endobj
-1481 0 obj <<
-/D [1479 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-282 0 obj <<
-/D [1479 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1482 0 obj <<
-/D [1479 0 R /XYZ 85.0394 750.8067 null]
->> endobj
-286 0 obj <<
-/D [1479 0 R /XYZ 85.0394 180.7476 null]
->> endobj
-1483 0 obj <<
-/D [1479 0 R /XYZ 85.0394 140.0669 null]
->> endobj
-1478 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1486 0 obj <<
-/Length 2644
-/Filter /FlateDecode
->>
-stream
-xÚ¥�]o\xDB8\xF2=\xBF\xC2\xC0�P�\x88�Q\xDF\xEA\xDDK\x9Af\xAF\xD9Þµ\xB9&=\xE0\xB0\xDD�Z\xA2m]eÉ•\xE4\xB8�\xCEP\xA2�\xA5[\� ��\x87Ù\xE1|\x91�3�\xFE\xC4,\x8A\xDD8\xF3\xB3Y\x92\x85n\xE4\x89h\x96oϼ\xD9�\xE6\xFE~&\x98fa\x88�6Õ«\xFB\xB3\x8B_\x83d\x96\xB9Y\xECdz\xFB\x95\xC5+u\xBD4�\xB3\xFB\xE2w't\x85p\xE7\xC0\xC2sn\xDF^\xDD\xCD�~\xE49\xBF�A\xC0'/\xF2\xAE>̃\xC4\xF9\xCF\xED\xFD\\xA4\xCE\xFB\xB77\x80\xE3Ù»\x8F\xB7\xB7\xEF\xF5\xEC\xFD�\xF6\x8E|\xE7\xEA\xCD\xE5\xED\xFD\xF5�\x9A�\x99\xEF\xE5\xEBÏ…�\xCE廫\xEB\xD74\xF5\xFA�\xEF\xF4\xEB\xF5\xE5< \x9D\xFB\x8F�\xAE\xEF\xE6\xDC\xFFvv}?\xE8e\xEB.\xBC \x95\xFAr\xF6\xFB�Þ¬ �\xFCv\xE6\xB9A\x96F\xB3��<Wd\x99?Ûž\x85Q\xE0Fa��Luvw\x{1AF061}5\xAB\x97N\xDARx\xAE�\xC4\xFE\x841}1�[eQ\xE4\x9FX3\xCA\xDC8\xF0\x83Ñš`�\xE1y`\xCFV\xB5\xEA˾\xEC\xCA^u\xA8�\xB0\xF0\xAD\xF3\xF0f�?vE\x92\xD2\xDA;\xA5\xE6\x8BP$N\xBFa\xE0\xCD\xDD? xPuÑ´�\xA7N\xD1\xE4\xFB\xAD\xAA{Ù—MM\xD3+\x9AK\x9C\xB2�pk\xCD\xC8e\xB3\xEF\xCD\\xD7˪*\xEB\xF59 \xA2��e_ʪ\xFC6\xA2@\xCE�F\xBC\xB6.hǾœo\xF6�\xD4�\xA5�\xAC R/+\xD5m\x9A\x86\x96\xE1\x89j\xE9� \xE9\xDDaE\xEA&I\x98\xE8�\xAFnÞ¡��\xC2\xC9\xE8\xB3\xEF\xC0<�z\xBFS\xF5\xDD\xDD?h\xA0\xB5\xF2�\xCF\xC9\xDB\xE3\xAEoÖ\xDCm\x8EÚ‘\xCE��9KT
-)\xBB\xBE\xC9?Op(�ønz\xE2uT\xBCf\xB5\xAF\xAA#/\xDF\xEFvM\xCBx��\x80~�x\xA1\xF3\xA69L\xEA\xAE�T\x8B\xDE�\xF2�A\xEAH\xF8\xF8&\x8C�\xD2a\x84\x80\xAA\xD7e\xAD�\xD6j!0\x88\x8A\x83\xB2\xA3\xAF|\x90e%\xC1\xA8LL\xA6\xDF\xD2H\x9BvX\xDAT\xB25\xCBvD\xF7_\x95\xF7�t\x80\xB9\xE9if#5\x89p\x96JՄ\xDA6E\xF9\xC9\xF3|U\x9C*E a V �0\xB8\xBB"\xA0o\xF0+\x9CC\xD3~&̡\xEC7\x8F!:U\xA4\xCB\xD0�~D\xFE32�\x84|(�E\x94\xB5:\xD0\xCCJ\xC9~\xAFg\xF1\xC0�\xD3\xEDsf\xAC\xE5�\xE2ۛw\x84\xD8\xCAZ\xAE�\x86 �\x98}>\xAB#\x91\x82
-�\xA7E\xFCW\x8A\xBEu\xAE&\xBD\xF3^\xBBo\x9A9;\xD9\xE7�0\x91�\x8Cn�\x83B\xC1\xA8\xE8h\x80\x91\x86_8|?\x83\x84\xE9\xFB!\xBB� )\x8F"\xB3Q\xF5�I\xE0\x90B�\xD2\xE6\xA6d6\xE6+\xE9\xD3m$\x89Y�Ûª\\xB6\xB2=\xF2\x96K<g�\x82�8Ï…30\xA7 �z9e\x80
-ܸ�\x9F\xADЫ\x8D\xA7�\x9E\xCF~
-\xA8\xB2\xEEU\xBB\x92\xB9"\xBC>8@\x93\xDF�B'$Ä°xÅ\xC5D}âœ�\xE8\xB4[�Yq\xAC\xE5\xB6Ì¥�5\x9C\xA8�Y\xA0N8\xB9d\xDC��\x80\x94Ì¡\x9D\xA7ξ\xEEËuJ\x96*\xF7&\xC9L\xD4,\xDBÖ„É›\xADN�\x91�P\x8Fs��\x9Ci)\xA8�\xA1\xBD�\x81\x929t;\x95\xEB\xF0É™G\xF3�/3\xB3TF\x8C\x9ASiU\xA9\xE29\xEF#\x83\xC2
-\xB0\xA7\xB4�\xFD\xA1! ����\xE4C\xD3v8 t\xB3\xA2/\x9B$\x8E\xD8$\x80�3��,\xFB�\x84\xC1\x93\xD0;lx\xAB\xD1\xF7a\xC0\xE7sλ\xD4\xEAt\xBBæ\xC4P\xC5\xFD\xB6\xFB\x8E\xF7 \x95'N-\xDF4�&!m\xD7~0
-�s\xBDo\xB9li\xCB\xE9s\xD7A=\x9Ct޴d\x8Dܬ\xDC4eΓcH\xC2`\xE0\xF2\xE4D�\xBB\xED\xCB\xE7Z\x8E( \xDD8N\xB3\xEF\xB7[6\x95\xEE�Dh\x95\xF7D at _�[\xBC\xD0�\x9F<\x91<\xDE4�~"\x{17FFE9}!z\xBA\xE9IO\x91
-7ʲ\xE8t��\xE2�\x95҅\xCCsU\xA1\xA7a\xBE\x81\xF8� \xAB�x\xFD�"\xA4\xBCζC\xB3\x86\xD0�l̙m\xE4\x83"\xDCc\x83\xF2Ɍ�\xBB̉\x90w\xB4\xCE\xD8\xCE\xF9�k:\xE9O\xF8\x8D\xD4�\x98�
-\x85swuI\x98�\xFA,B-��E\xD7\xEC!\xB5�M.\xB9\xC1�\xAD\x9A\x8BKt|�\x92r
-\xE1 U�\x92CF�A8\xA1�Xl\xC7\xFA0\xEF\x92Y\xA0\x94�J\x98vh\xD2\xDD� L\x83\xF4O\xDCÍ¢\xFA\x8E\xBB�\xAA?u\xB7\xEFm:\xBA\xDB\xE3M\xA7\xDD\xCDÞ”\xDC-I\x9C�]\xB9\xAE�M]�Ñ\x92ظU\x92�\xB7��\xBB�\xE0F��t\xA1p\xB16?L\xE9\xA3�\xECj_\xE7\xECB\x80ݵ\xE5�z \xDD\xC7\xC1\xA4v�@w*ß\xAC�\xEA�\x90 \xFA\xC4�Z�\xC2�\xEA�\xD2�\xB8\xDETS\xAB;\xCBH8\x95Ôe$\x9E\xF1tÛu\xC2
-0auCV\xD2[��k�p+\xD7�-6\xC0\xA3\xB8\xE7\x84�v?يZ\xD8�\xBB&\xE0\xD9�\xBD\x91\xACf`%;\xA8\xDFSM\x9D6q蟶Ҁ \xD0\xFC5\xCDqt\xF9Nw�6[\x9A\xBE\xBA\xFDHH\xA83 AͪW5\x8A�\xEA\x8A\xC1|FY\x91�\xB4�\xD4�s4\xDE\xF4DE1\xA9\xF7\xE2v\xAC�\xD7�Йv,\xA8Z!Z\x97\xD9RwzzUCd�\xCFS\xA7�L\xB7,b\xADm�\x9AK\x84ޱ\xE98{<\x89e\xF0\xABA<2�\xB7Vx\x89\xB3\xD5\xC3S\xEF:;\x89\xD8\xD6�\x8E\xB3
-\xF0\xD2�\xD9\xF3,\xFA\xA2\xB9€&\xD4\xE6j\x9EݔJߨܦ@ \xD1@�5?�ܕ\xA4l\x92\x94L\xA2�\x92#\xB5N15\xA7� \x99� \xCAs@\xD6\xE8\xA3\xD08h\x93v{\xBAWbǶ\xC0n\xB0\xEE\xCA�f8\xE6;\xEC\xF6\xBCL\x97\xE6 _\xBB\xBC\xBE%\x8F}\xAB\x8E;ӂ\x99\xEEIr\xF6W_\xE5vW\xB1k\xEBV\xC2\xE4"\xB3�\x88:%\xB0\x92\x9Byql�\xA6\xD4j�\x93Ծ\xD4\xE8\xF1\x98\xE9!\xD6\xF3\xA6`2-�~\xEB\xBC\xDA�\x86X\xA7n\xF8\xF6\x86�\xDFQaiF�:\xD1J\xC9NGi�=]\x83WoZ\xA3\xF5I\xF4\x85�?\xD8\xF7\xA9\xAF=
-\x8AR{\xB6\xA1XK\xBC\x97\x8F\x9C\xA6\xDAv\x89\xD7r4H�\xEDi\xCB^
-�2[lTuq\x94X\x8AÔ\xE7fnJ 7\xB2\xB1#\\xCF\xF5�7&\x98�*(\xD5\xFCd\xAC}\xC5q6F\xEBĪN\xEDdK\xEE
-#\xA3�KH\xEE��\x95|\\xD9\xC9W@\x9F\x8ERg�Õ�/\xA8\x9E\xB9\xE7z\x83\x97t\x8Cn軂\xFE\xB99\xCC3__\xBC!\xE5�\x98\���֕\xC2#�hJ\x9FR\xEB\xC9�\x9D\xDC*\xBAz\xC0�\x8BwS\xF0\xE5\x85\xEF\xBB\xDEp˵�O�\x936\xEB\xB3�>H#7�\xEC
-K\xF8.\xD4\xD4p\xFA
-�v̈́�$\xD4 N\xF3\xA2u�\xF0bЬ8e5v�~�\xBA^�
-\xBB\xC8[O]\xB1�\xCBE<��\xDF\xF5\x85OW\x95wÖ‹V\x84k\x81Pxn�\xF8 \xB9\xA6x?_\xC4�\x9F�cß¹~l�\xE0\xE9%\xC0*\xF0#\xD7�A[\xD8z\xF6e�V�\xB3, "�Öº\x8E6Ј\x8B\x9B\xAD?{Ý€F3K)\xC3xas\xD6J\xC5v\xE7\x92A�\x81X\x9D�a\xE6zih]+C\xA8W&\xE6��\x9C ��s?r\xC8i;\xC2H&\xEB\xCDZ\xBC\xBC�\x84�z2Ei%\xF4b\xA7\xA5\\xC2,Z�\xB4\xAB�\xBEuñ¬›æ‡\xA55
-"~\xA7\x81:s(1\xA7�PKvm3�\x91\xC3�-\xD8\xD5\xD64\xB1\xDF�R\xB7\xB4\x88ԗ<\xC2\xEB7�\xF8B\xB1\xF1\xC1\xDDi\xFET\xD5 at W~\x9A�\xC3�׶\xBCI\xAB&�ɴ\x9Eؕ\xC7�\xDF\xE6�\xE8�,\xE6\x88�\x9Cz�\x97\xBD\xFDv\x89�� J\xC6\xF7f\x85\xD6�#�U;\xE8\x97�\x9CW\x88�\xD3�\xAE\xEC\xEC�\xB8\xAD\x93\xC60\xA3��\xCC\xE4\xD0\xF3@��|\x9E\xC4k�g\xAE\x9Ff\xE9\xCC�\x89\x9F\x8B2\x8C\xE7(\x83\xCE|1>;\xFF\�\xB0�7\x80k^�Ow\xE7\x86\xCCO\x80JxT1_\xD9=W\xE6AJ,+\xF3p$L\xE1�|F�nٳ\xE1\xA9%�\xFC\xAE\x90
-\x97\xA4s~=\xEA K\x8E\x88\x84K\xDEô\xACG�\xEA\xA6�\xA7qkB\x8DU\xEBdϞnq\x99\xF1\xD6 \xFF*\xB9\xA3\xD8UҼ�\x8Co65�e\x84\xFB\xD3fcx� Λ\xE7\x9Fr�\x8F\xDF{~\xE8\xC5ɼ\xD7a\xAB7\xF9\xD0\xF3~\xD9K#\xB9U\xB1\xB9Zu/)\xB9\x82\xFB\x9D\xFC\�x\x90\xB42\xBA\xD4\xFF�"
-k\xD3�_\xB4�\xDA\xF4\xFD\xEE\xE5\xC5\xC5\xE1pp\xA1U\xAB\xBB\xAEr\x9Bv}\xD15\xFB6W�\x8CZ�\xB7\x97\xAD\xBB\xFE6\xFD\xA3\x84\xBD\xCB\xF5׾\x95\xE6\xC5e\xB0�\xAC^B\x8B\xF8�)�[F '\xE0\xDB\xD7��\xFF\xA74\x97\xBB�]zN\x8F\xCFt\x8D\xCF<\xEE\xB1OG\xE4ӑg7s?nh\xDE�\xC1\xC5N0PL\xA9C\xB8O"�\xF5\xC9\xC3\xC5< ĩ\xD3\xFE\x8Dh\x96e]d�\xF0\xFFb\xF79\xEF\x84xtJ\x8B\xC1\xE9'[
-\xE8(\x82`\xEA\xF6\xEE
-\xC5\xFB\xA72�SM\x98\xB8A\x9A\xFAә�\xDAW7L\x81 �\x85:�\xDE�\xC9\xCDokOE\xFF�IuQ�endstream
-endobj
-1485 0 obj <<
-/Type /Page
-/Contents 1486 0 R
-/Resources 1484 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1489 0 R
->> endobj
-1487 0 obj <<
-/D [1485 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-290 0 obj <<
-/D [1485 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1488 0 obj <<
-/D [1485 0 R /XYZ 56.6929 749.1444 null]
->> endobj
-1484 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F14 964 0 R /F62 1361 0 R /F41 1218 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1492 0 obj <<
-/Length 2124
-/Filter /FlateDecode
->>
-stream
-xÚ½�ko\xE36\xF2{~\x85\x81;`e b\xF8\xD2\xEB\x80~H\x93\xEC^\xBAm6\xDDx[�\xDD\xE2 \xCBr,D\x96\xBC\x96\x9C\xAC\xFF\xFD\xCDpHYr\x946w\x8B;��\x87\x9C\xE1p8oJL8\xFC\xC4$��W\x89\x9ED\x89f��\xC1$[\x9F\xF0\xC9=\xE0Þ�K\xE3;"\xBFO\xF5\xFD\xEC\xE4ìŠ& KB�Nf\xCB�\xAF\x98\xF18�\x93\xD9\xE2w\xEF\xE2\x9Fç·³\xAB\x8FS_�\xDC\xD3l\xEA�!\xF7\xCE/\x99
-!\xBCó›‹«KB]\xDE\xDC�\xF0\xF6\xEA|�io\xF6\xE9\xE3�\xACDI a\x9B�v\xE7\xED\xFB�K\xF77!�\xF8\xCC�~\xF1q\xAA"\xEF\xB7\xDB\xD9T\xC4Þ‡\xF7×°f\xB1w\x9Fno?�\xECl\xFA\xC7쇓\xABYw\xAF\xFE\xDD�Wx\xA9/'\xBF\xFF\xC1'�P\xC1�'\x9C\xA9$�&O0\xE1L$\x89\x9C\xACOt\xA0X\xA0\x95r+\xE5\xC9\xDD\xC9\xCF�\xC3�\xD6l�\xD3eG\xE3\xEB\x98I�<^s\xAC\x90,I�=~,�\xC3D,�\xC3?\xB9�\xED\xE3\xC0Ë‚nÇ\xD5\xC1\xD4a�\xB3P\x84\x9D\xA5\xA5\x9C\x80�\x92 \x90hꄳH\x80\x85#\xA5�\xC7%\xB0\xF4
-\xEA\xD7�&,�\xB5@:\xC1Y\xA0$\xC8m(>L\xFDP\x80�\xFCPzW\xC7\xD6 \x96�\xD5�\xC61KD\x8C�O\xBEL�\xE3:I�\xD1\xF4`sу�\xCC\xC2\xD9\xF5ZN.k\xB8Τw#\xC7\xD7\xEF167
-e\xCFw\x85\x8C�\x8F4\xE8\x85\xC3-5\x88\x8C�\xA3k\xDD\xD4m>\xF5\xB5V^\xBBJ[\x844 at vi\x93\xB6ÙŠ\xC0Ïœ\xCB2'\xFC:\x9D*\xEE\xED Q\xD5-�s\xBB)\xAB×°\xAF\x98O%\xF7ÜŽ\xA7\xA2]\xB9S,\xD9g)\xB5\xE1\x8F Q\xEDÚ¢,ZË·\xAEhL\xCB�u\x89n\xD0Y�d\xAF7\xF9v*\xB8�'U\xF7��Q\xEC5\xFB\xA6\xCD\xD7\xCDT��\x84\x93�\x86\xBFM\x85\xE6^\xBD#|'6N\xAA<_�\xD4\xD64�U\xD3\xE2af\xF2\xEE\xE6��FDf�\xEEÈ¢:��S\xE0c=_\xFA6\xEF\xC48�\x920\x99\xF8\x87�\xFB\xB6\xD8�:\xBC�Q\xD0\xF7\xF8\xE7\xB9-\xD4�\x8Bb\xF0"T\xF1\xAF\xAB�l \x92\xC0\x9B\xF0Ê…Q5.|\xD8\xE4\xD5\xDDÝ\xA74Û”\x80M\xB3\x9CfEkG\xB3Y{)M\xAB\xBA\xF2A\xC1\xD5"\xDDb�[�\xB2\xAC3\xB0`m\xCFijZ%W<0\xD3Þ¢\xCE�\xC7\xC7.�U\x9Bo\x97\xB9\xE1f\x8F&7C\xA4�\x90\x96\xCB\xC2�\xBA�\xE5\xEE\xF96\xDD�Ä–{y\xD9\xE4O\xAB�7\xEE\x91T\x9C\��r0\xF0- \x93\xEBc\xEC\xB2.\xCB\xFAɪ��~M×›2o at G\x92K\xEF\xC9Re\xAB\xBAn,\xDC\xD64v\x9EG�\xB7\x8C\x81qVoÚ³\xCDC\xD6�q\xB6k\xB6\xB8\xC4\xC6\xC2\xE1\xD7i"Qn\xAC O\x85\xF1b\x80v\x8D]jWEC\xD0A\xE1\x86Ô˜\xD8@\x962\xAB+�\xF5\xFB\x9D\xD3�.~}c\xEBX\xC2l��=\xEF�YT\xC4$\x8F\x95\x91\xC5\xD43\xF8\xC1-8\x87Í»\xC2z�2\xE8�\x83\x93e\xBDu\xF2ٓίn x\x9F\xEF1\xC2
-\xEC\xA4\xFD\xB1\xA8v_{i\xB8w\xBE�Y\xA4\xA2М?CfJJb\xA6\xA4\xE8\x98\xE1"*�ǔ\x86Uq\xBF*\xF7D\xD6\xE4Ywm\xC4=\xE4{�\x9A\xB6ަ\xF79Q-\xF2\xC7"\xCBO1\xC3p\x88\x8C\x96H\xC8A�o��\x976\x86W\xFDX,,\xBF\x95u\xFD\xA7\xB4J\xB6\xDDo\xDA\xFA~\x9BnVE6f\xDB4\xCB\xF22\xDF�\xB31\xAC1\x91w\x8DG@��\x90t\xD3\xEDvOk\xF5\xCE!�\x8C
-�fM\xE0�\xE1ZW\xE8\x99
-2�]�\x90\x85\xDDg4�t\xF2\xCFӹQ�P4\xE0\xE0F\x8F\x80\x85�\xAD�\xDA׻\xADś yӌE\xDB\xC5\xED'Ff\x9C\xB90C\xF3\xE3xz\xE4\x826D�\x8E\xF1\xA6)\xEE+\xBF\xAE\xCA\xFD�\xD7�q\x95>:�:8\xF2|\xCC\xDD�1\x930��=?\x91ЌY\xF7 Q\xFCf\x93g��@\x86(\xE5�2 \xA2\x86�\x96zf\xDD�\xAA,0\x95\xECib�
-\xC8�yY<Ú‹.�E\xE9 \x91\xED\xD1\xD1�n\xEAe\xEB\��XLI�Q6~�\xB2i\xE5tL\xC5N\x81\x9B\xD2$c�Ѧ8�\xE5\x913�\xF9��I\xFA8\x92!r�\x8F�ÿ\x83\xB7A�g��i?{wq\xA1�g\x9255� \xE4\xC8 \xF8\xB7{ \xB3\x8F\xC6m\xFF\xB4\x99\xBD\xA4\xE8+Txn�mOP\xFA\x98�%x\xA5Ñ¡\xB4Y�\xD6)?�\x89Ý”Ò \xA4?7\xAA x^T\xC8��t\xD42\xE8\xF4zI�\xA3?\xDC\xD4\xE5>\x98`;�m 5�\x82rÑq\xA8�\x8C\xBB\xE3\xA5
-\x84Ó±hv�q \xB9ʳ\xBCi\xE8\xB6�\xD5�\x97�A�gÇ”\x86\xEE�\xCE\xD1m\xE8\xCC\xEDn\xE3\xBE\xCB}\xE7\xFE\xFEZI{\u�Pf\xBBͯ�L-\xCDQ\x90�FÜ·\xA0\xAD\xB2$u\x9D�\xB1\xE8\xE7\xE8\x83\xC9`B\xFA\xFB\xB2+�h\xDC>\x9A\xA6\x8B\xC6rj\xEAa\xE4\xAFwM;\xB8\x88\xBD\xC5æ°•\xBD\xDEk�4BΫ\x9A\xA6\x84\x9E*aq3f�\xBB\x81\x9D]\xD4Õ²\x80Ò—\xD3B\x89�\xF5\xEF\xF3*\xDF��*��I\xA5�B\xB1@$\x9A}�J�æ‘€R$\x86'\xF8\xFE\xE6A��\x94T\xA5\xEB\xFC\xBB\xBF\x8C\x95!Ç£0\xB7Ì–%\xA6\xBFﺼ\xF8Ò¦N\x82m\xBE,\xBE�\x9F=�\x96\xBE\xBBA_\xA9\xE7\xCBÖ˜Z�\xBD��\xFC\xEC\x94Ö¶\xD3\xD8\xDBU�\x9B\x86\xFEy\x97 \xB8fq�D\xF6\xB5\xB4N�\xF2\x91á\xBFIx�X"z� Sh��\xD0/q�Y#\xAEe\x9F\xB9\xD9\xD7\xE6\xE0RÏÑŠ\xA9X\xF5\x8F\xC1\\xC0c\xCA�/_�\xE8L\xCF\xFF���>\xBB\xCD��XC\xF7\xB1E\xC1�\xD9\xF3\xF4g\xEF
-\x9D0.B=Q\xF0\x86��ׯy�\xC0\xE3 \x8E\xE3����G\xBF\xCF\xF2\xF9\xEB@�\x92q|�wd\xA6-i!G=\xE0�\xD2~\x8Eж9\xC7[-\xEB]\xB5\xC0�Q�\xF4U��\xBB �:\xE5\xDE<\xCD�\xD9\xEE\xBEn\x87Y0],\x8ErN?�X\x9Ay\xFD\x98\xBF\xBE-\x95\xFFM[zwqN \x84��6\xA5wu ψ\xE6\x95m\xA9䆙o\xF9\xF0\xEE\x93�w\x9F|\xB0\xCE�;�n\x8B�\xEF^
-\xA6\xA1\xE0\xB6\xCAq\xAA�ܽO�v\xF9\xD8\xE5ma\x96l\x86\xC1�\x8C2Md\x9F\xB9\xE5ҚX\xCE\xE9�\xEA!-\xDE\xF5\xA1\xA0�\xA8\x9A\xA3\xD5m\xB7��P\xDBi\xB1vU`\x996m\xDE\xE97\xB5ZL+\x9B\xEB\xA1M<*�\x9D�\x86�_\xB3J\xDD3g\xEEzD\x92\xD6\xEF�ꃤoF+\xDBuu\xFC6\xEAz\xABAQJ\xFB/\xA1awy\xEC�f\xF25�\x87Xw\xC7\xF3\x9F.C\xAB�\xF7\x92\xFC\xFFղ\x86D\x84~�\xE4\xFB��Y\xF6\xA7uK\x8C\xD6-W\xACB\xFD\xAAz%G\xEA՘\x8D\xFE\x97\x85��\xD4[\xE74\xD1Fu\xEFe\xCC\Vc\xA8/P\x96\xCD\xDDƜ6\xF1\x8C\x96\xEE\xEESѱ\xBB\xB9�:xc\xDB�jZ&S@\xC7\xCA&\x87�\xBB+U/\x95\xCD�\x92$,�\x8A8\xC2)a*\x88\xF4\xB0va \xBCX\xBB\xB4
-cK\xCE^\xFA\xBC\xAC�\x86\xDF{G>�\xF3\xEE\x93\xEA7z>|\xC7\xD2p\xD18\x96\xE3\x85J\xF1\x90\xC52\x89\x9CP(\xB8z\xF6\xE1.P1�b�\x8D\x88\xFEo\xBD\xD2�\x90endstream
-endobj
-1491 0 obj <<
-/Type /Page
-/Contents 1492 0 R
-/Resources 1490 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1489 0 R
->> endobj
-1493 0 obj <<
-/D [1491 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-294 0 obj <<
-/D [1491 0 R /XYZ 85.0394 603.0093 null]
->> endobj
-1494 0 obj <<
-/D [1491 0 R /XYZ 85.0394 576.4312 null]
->> endobj
-298 0 obj <<
-/D [1491 0 R /XYZ 85.0394 268.713 null]
->> endobj
-1495 0 obj <<
-/D [1491 0 R /XYZ 85.0394 242.1348 null]
->> endobj
-1490 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F62 1361 0 R /F21 938 0 R /F41 1218 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1498 0 obj <<
-/Length 2224
-/Filter /FlateDecode
->>
-stream
-xڽXmo\xE3\xB8�\xFE\xEE_a\xDC�p2�\xD1"\xA9\xD7�\xAE@֛\xED\xED\xED6\xC9m\xBC-\x8A\xBD\xC5A\xB6\xE9X\x8D,\xA9\x92�'\xFD\xF57\xC3!eّ\xD3��
-\xC3�9C�\x87Ùg\x86\xE4c�~|�\x84,LD2\x8E�\x9F���\xC6\xCB\xED\xC8�\xDF�\xEF\xCF#nƸv\x90\xDB�\xF5v>\x9A\xBE\x97\xD18aI(\xC2\xF1|Ý“�3/\x8E\xF9x\xBE\xFA\xEA\xF8\x8Cs6��\x9Es\xFBqv7qE\xE09\xDFsN\x8Dß¼\xC0\x9B}\x9E\xC8\xC8\xF9\xFB\xED|\xC2c\xE7\xE6\xE3�\xA0�\xEEÝ—\xDB\xDB�ÍO`\xED at 8\xB3\x9F/o\xE7W\x9F\x89\xED�\xB9\x97\xEF\xFE:\xE1\x9C;\x97׳\xABw\xC4zwmVzu9\x89|g\xFE\xE5\xF3\xD5\xDD\xE4\xDB\xFC\x97\xD1Õ¼\xDBW\xEFÜ“\xB8\xA9\x8E\xBE~\xF3\xC6+0\xC1/#\x8F\xC9$�\xC6{\xE8x\x8C'\x89�oG~ Y\xE0Ki)\xF9\xE8n\xF4k'\xB0\xC7\xD5S�m\xC9=&d(�\x8C)\xF8\x901\x83\x84\x85Rȃ19\x93�\x97{\x9E\xE7\xBC\xDDe\xF9*+\xEEi\xAB7\x95*\xEE\xEE>Qg]\xD6Ɔ\xE5\xBA\xFD\xF9\xEE/\xB8wXA\xF4V\xF0\xC60\x80\xF9"�\xB5l;Е\x89\xEFd
-~�'\xA5O�\xBC}Z\xE3�)�\x90g\x8B:\xAD\x9F\x89]iN\xF9\x98\xADԊ\xD8�\xC3i7\x8A�\xA8��\xCA\xDDՌ�\x98)\xFFP˖�\xA0'lڶz3\x9D\xEE\xF7\xFBI"�VœU\xD14j\xC9J=\xFC^\xBB�\xEC�u�K$A \xB4\xEE\xFBM\xB6܀�\xCF\xEF\xEB\x82{\xF0h�\xC0@\xEF\xD3~\x87\x9D\xAChU\xBDN\x97\x8A\x86\xB4%\x91\xCD\xD0ǬnwiN<\xB0Ʌ\x99\xB4\xADr\xB5U0ue\xA5\x98\xE9z\x97@ \xABo\x89T\xAE\x89\xA2\x8Ae\xFD\u3Vi\x9B\x9A�\xC5\xF1F(Z\xB4$�s'/\x97\xA8\x80\x88�X\xC6�\xB9j\x9E\x9BVm\xC1\xE3}�\xF3\xA1%֮\xC1M\xE2\xF8n\xE2۲M�\xE2vg\x84tr�\xA0�\x8D\xB2\xB2 FZ\xAC\x88q\xF7맬U\xF2h87�#\xBFi\xCB:\xBDWF\x85\xF9\xA6\xDC\xDDo\xCCB\xAAi\x86\x8E�Nng\x9DF\xF8>(\xA9U󵡅/\x9D\xB6\x9E\xC4\xCE\xCEp\xC9\xD0\xD8\xCAZ\xFA.\xED\xF0ޡ\xD2\xC4mٗ{\xBA΃z6�R\xF9xu\6]eh�m\xE2\xFE�ck\xADG`L\xD3W$\xCD\xF3r?\xB4\xD5\xE7rG񆮄_\xF5T\xA9:Co\xA1\xFE>k7\xD4\xEA�Q\x937\xAA\xA0Vj\xBE:�\xB1\x811\x88ߢ4"\xD2\xC74\xCB\xD3E�G`5\x88\x99� �\xE6\xE4\x83Q/\x8E\xBD\xD0\xD1G]\xDE\xD7i��B|\xB4\x89
-d\xE8nwMK\xAD\x85\xA1d�P8n\x95\xBC6";��̖\xE6ٿ,g\xA1\xD6G\xD2v\x8D\x86#\:3bi\xE3\xD82 uq�:`Hrd�\xAE\x9B\xF7s�\}\xD0\xE6\x823`\x8Bq��\xC9\xC30\xFEO`[\xB0$\x8E\xE3a\xD0v;\x89n_$!r�/\xB9\xF0�\xB9�~X�\xF5\x9D\xDD\\xBF7'^ nh?-�\xC7\xFE\x98\xD6���\xF5\xC8\xD8\xFA,\xF3}\xFAl�\xB8*3;\xDCz\xCF\xC1
-\xF64\xB1\xB3,�t\xD0\xFB]\x9D\x9A\xF8\xD5)�]\xF6
-�\xBC\xDFO!n�A:\xC2T#!\xE7\xF0\x98�\xFC�$��\xC9c G�\xC2�\xB1}\xD3l]H+\xCC�:\x91nBY\xAC3X[\xD1<×j\xB5Ξ~\x9A\x96U;\xAD�\x96
-\xE7\xD3]S�\xC1\x9A�\xB1M�\xD4kKh\xBE\x96\x8EN��\xF8\xDA`\x88\xB0\xB2ni\xB8q\x96\xDF\xF14\x8E�2\xBBc\xA8\xFCk\x9A\xA9\xE5\xA6$Q\xDFyo\x86�\xAC�\xDF�\xFFO\xF4\xF9\xA1\xBF\xE4kj\x9E\x98g\xBA\xC8
-+\xD4��\xC3\xCAm\xCB�\x84�\xA4x\x96\xD1\xE4e{B� P\xF9\xD1\xC9
-\xA7\xF6\xFE\x91� !��\xCBd�:\x80O&_A�mM\xEC�\xC4 �\xE4ar8\xC4E x\xBFص4�\xA2]\xA7\xD0\xC0\x84{\x80y-&
-%'\xA4�8\xD6D\xA3,F\xD4\xD9\xED\x97�\xA2\x82\xB7w \x82\xA2�\x93I\x819�\xAA\xBCBi\xF0\xE1�,H\x81\x85\x88\xA0u\xE0&ya#-\x9E\xDB
-!�\xB0Im 7\xD9}�T\xCCd G\xE4\xA4\xD5-\x94\xA1V"t\xF6\x8AF\x83g\x94v�\xCA\xF4@\xFC�e\xB8\xB8\xD9�\x89�a(\xD3G\xBB0\xC1:\xB6�\xB6F�p>�\x88l v\xBD�A�\xF6b�+\xA3\xA6\xC9]\x8F%,n\xCEx��d\xD3\xD9q\xD4\xE6Y\xB1{r\x9F\xE2\xF0\xF7\xD07.U\xB5\x9BZ\xA5F\xF2o\\xFAZ^\xC4Y$\xF9\xB1P�\xF9�\xCE]\xA8+\x8At\xABN�
-t\xFC�\x855\xE5\x89Ä“\xCD�a\xEB�\xAD\xF6Sg\xCEs\x93:
-΂\xCEI�\xB8v�};^\xAE\xA1\xEE;�S8\x9D�\xA2\xE9r\xC4\xE2\xAA�\xBE�\xDB?�\xEE�̓>$�-\xD0"\xDA\xC9\xE2\x90*�/�\xCC -\xCA$\xF9ի\xD2%g1\xF7¾p\xCA�
-�\xC7\xCBe|\xC9|�&\xBDe\xA84p�h\xC91\xE5\xF5K\x84�
-V\x91P\xB5\x82\x8DM\xFAhH\xE8\xA7-5{y�z\xD6&R\xC4gm��L\xC4p�$=Ҫj\xA6\xC6EI\x86*\xEE\xB3\xC2,D\x876\xB0�."\x96\xF0\x98��
-g\xE88\x87\xAF91
-YHޤFa\xBAX\xA2\x82T\xE0�\xA9\xD9U:;\x905�Ʉ\xC7\xE3\x93KC\x8A\xF0$\xA1\xBA+\xB7UFŎ�\xA8\xA8\xD7Ԛ\xE0`قW\xE2\xFDR_7}Si\xC1\x88r\xD7V�R`V�\xE5p\xBE"\xBA.\xA4$B\xA1�\xB8&Bkg\xAEK\xAC# \x98\x80�A\xA9kNDŕ\xC2[O\xC7*\x8D6fjp\xC0\x99\xC1z;�m\xD5j\xA8�\xF0#��/:��\xBCt\xD1yХ�C\x8F\x8C\x89-mLl\xD8\xE3\xD3I\xC7�\x96\xC2�\xE6c\xE4�T\x82\xF0\xB57\xB4\xD3`�\\xFE\xA6\xFE\xBFjJ\xA9\x8D\xFA\xE9r Ƃ\xB4V\xD6\xFF\x95\xCA\xD7\xEA\xA9E\xB0\x88\xE3�X\xC4g\xC39\x80\x99"
-�\xE3�\xA7Yu\xB1m\xE2B\xB7ݡ`\xE72d�\xEC\xC7\xD1�w1�<R\xDF�b\xBCe\xE4Ft\xDAB\xA2\xADZ\xEA\xE8\xB22\xF6z\xF5\xBB\xA1oL\xC3<\xCD\xC4\xF6i�.~\xA0�\xDC�@=\xBD�w>\xAC\x8D�#\xD3di \x98\x90�I��\xBB\xE2\xA1\xE6\xB5%\xED\xCA|�\xFB\xDD\xC1�4\xCDz\x97\x9B\xF02�\x9Cu�&\xBD�\x8D\xCA�\x86t\x96�;\xE5\x80\xDF\xF0�\xCAݘ[�\xFAj�\xDA^\x9A\xA8\xFBm\xC0\xB00/\xF2\xE2p E�\xC0\xB5ēG(\x8Av\x90\xA1
-fht0�\x9Aw�\xA0\xF5\xC0\xE3\x82�<:��\xEE9�\x95\x82EQ\xE4�\xA1?\x8E\xEF�\xC3'\xAA��\x93\xA0\xDF�b\xC2�\xFB�\x82MmF\xAD\x9B\x91r\xAC\xFD\xB6\e\x88\xAA�\xFE\xC2\xE0\xF0\x8A\x84\x9Df\x97\xB5\x8Af\xC31\xBE4\xB9\x90\x92�\x91Ms:'\x93\xE5|!Y��\xFE\xB1S\xBC\x9A\xAF\x83�6�ؼ\xCA:\xFBt� $\xED�\xD0�B�\xC4w\x8Fbb\xF0I\xEC\xED\x87k\xF3 \x98\x9C\xBB\x85\xFF\xDBw\xB1\xBF\xE9R\x8E'\xF2P\xCA\xE9�\xC9\xC6V\x82\x9Ek\x9F\x81\x90\x80\x8F7tA\xC3�\xA2?~
-�2�\xDC�Ëk2.\xB2:\xA3\xEB\xD9\xF6\xD9�;tcÔ«�\xE1M\xA5\x96݉!\xE11K\x8DÜ®\xA2Ñ®\xC7�\�\xCBJ\xB8\xC5
-\x91\xF4LǸ1ެ_�\x9D\xB1`\xF7\xB0\xF8 +\xC9S\xABv\xF7\xD6˫[j|T\xCFp}x\xCD\xCC�\xBD_\xE0\x93\x9F\x81�ȇ�g%�\xBC"\xF7\x9E\x87j|\x{DF70}S\xC8�\xE9\xAA9\xBD~/\x94\xBD\xB3#4\x98\x9A,+N\x96z\xB1y\xED�\xEC\xDC;\xB2\x84\xEDH9\xF4\xEA\xEBu^\xFC?\xBF1��\xE3!?\xC98��"\x8A\x99�\x83�\xA3�\x9AX\x8A�\x9A\xDB\xC7藪\xFF�::,\xB1endstream
-endobj
-1497 0 obj <<
-/Type /Page
-/Contents 1498 0 R
-/Resources 1496 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1489 0 R
->> endobj
-1499 0 obj <<
-/D [1497 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-302 0 obj <<
-/D [1497 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1500 0 obj <<
-/D [1497 0 R /XYZ 56.6929 749.8188 null]
->> endobj
-306 0 obj <<
-/D [1497 0 R /XYZ 56.6929 169.0885 null]
->> endobj
-1501 0 obj <<
-/D [1497 0 R /XYZ 56.6929 140.0535 null]
->> endobj
-310 0 obj <<
-/D [1497 0 R /XYZ 56.6929 106.2012 null]
->> endobj
-1502 0 obj <<
-/D [1497 0 R /XYZ 56.6929 80.934 null]
->> endobj
-1496 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1505 0 obj <<
-/Length 1981
-/Filter /FlateDecode
->>
-stream
-x\xDA\xD5XKs\xE36�\xBE\xFBW\xA8\x92�\xA8\xAA!\x84�_H\xD5��\x8D\x9D8\x93\xB5\xBD\xB6\x9C\xCAV&�\x8A\x82,\xC6|hE\xCA�\xFD\xFBm\xA0�\x8A\xA29\x93\xCC&\x97\x8Ck
-P�\xE8n\xF4\xE3\xEB�Ù„\xC2�\x9B$!\xA1B�\x93X�$\xA4,\x9Cd\xE5�\x9D<\xC2\xDA\xF7g\xCC\xEE\xF1\xDD&\xBF\xBF\xEB\xBB\xC5\xD9\xECR\xC4�IdÄ£\xC9b\xDD\xE3\x95�\x9A$l\xB2X\xFD\xEA\xCD8\xBF]\\xDCM}�R/ S?\x8C\xA8w\xFE\xEE\xE7)c\xCC;\xBF\x9E_\xBCÃ¥w\xD7\xF78\xB9\xBC8\x9FÆ\xB7x\xB8\xBB J,C�\xC7�\xB3'o\xDF\xCF\x{DFAF}�\xC3\xC9��\xD2\xF9\xDDT\xC4\xDEn�S\x96x7﯀fW\xEF�noo\xCC\xEAb\xFA\xDB\xE2dz\x8BEw\xAF\xFE\xDD��\xFAR\xFF=\xFB\xF57:Y\x81 ~<\xA3D\xC8$\x9C\xBC\xC0�J\x98\x94|R\x9E�\xA1 a \x84\xA3�g\xF7g\xFF\xEE�\xF6V\xCD\xD11[\x86"!a\xC2\xE3�cr>f\xCCP\x92Hpa\x8C\xB9\xD8(\xB8��\x9C�\x98\xB0f R\x91/w\xE9\xEE\x80\xD4u\xBDCj\xEBN\x9C_\xDC\xE2\xD2{u\xD8*\xBB\x9A7H\xCB\x{1BB776}\x9C\xAA\xDA\xE2\x80Ku\xE5f\xE9s\x9A�鲘2\xCF\xF2J�;\xE2i\xC1\xFDe\xDE"i\x99WZ \xED\\xF0�\x97\x89w\xB5\xC6]/\xEE0J\xB2\xDB\xF7y\xB1Ê«G\xED�\xB0\x8F�~\x96a\xC8\xCDe\xEBj\xEA��j)\x82E^�\xA0�M\xDA\xD4M\xFB�\xA6\x82�\xB6z\xB9\xDC7vQ\xDF�$d\xEA\xE4\xB8SR\x93\x8CT$/�v\xD7ʨah�8�\xFCRp=\xE2j[\xE3J�6\xD8X\x81\xF39\xAE\xD5\xDB6\xAF\xAB�\x89N\xE7\xD6\xED\xD2<\xB2\xBA\xFA@)\xDC\xE3\xCD
-Û‘\xFBfuY\xA6\xD5
-ö\xC8+E\xF4\xAE\xD9e\xC0za�g�#,\xA6\x919\xF3\xCDÔ(\xF5\xB2�\x8E\x84\xCC\xC0�+9\xC6\xDEn%3Pg\x9D\x832
- \xF3\xF9Û¯�\xB3�\xE8ke\xA7\xBE\xAA\xC0\xEB\xCAo7;\x95\xAE�\xA4~`�\x95\x8FB�\x87"8\x95\xE1\xFB/y\xBB\xF1ëª\x9A\xA6x;�\xDB̶OY\xC3\xD8l\xDF\xEC��:\xFDX\xFF,n��\x9DAt\xEB\xFFH!M\x8D\xA6\xE1}\xD3\xF8\x9DJ\x81$"
-\x90\xAD\xC1�N\xF8\xD4gT߶\xF3\x85q\xB76\xF5wW\xD7�\x83$�\x98<�;\xEA"Ý™�\x81�Z;\x9CaN\xE9\xF5\xF99N\xE0^\xD4j\xC4O\x9D\xC5#\x92\xF00\xC6\xEC\x9DJ\xEEÕ\x9F>\xC9w�\xE4\xB6&v\xEA\xE7|�\xB9�\xF0\xF8\xC6�\xC1\x982\xFE\xD1�L�=[Zf\xE8E�Vy5�\xF5\xEA\xF2&7>�y\xF1\xDF�y]\xE0}Lw\xD9\xE6mZ\xAE\xA2\xE0\xCF�`\xCCH,\xD8h�}a\xFC\xF1\xB1\xF8sA��cq\xD7\xF7\xB2\xEF4\xE9\x9BG�\xA5K�G)��N:3['Ö¥\xA3\x82E�`d\xF8S�\xC5@\x995\x8C^#\xA6\xB49\xFD%\xE1,�\x8DD\x83\xB3�`�\xB4q\xC4r[\xA4\xB9\x86).\x85\x97.\xEB}\x8B+7`\xAB\xFB\xFB\x9F\xF0GU[\xEAK\xBD{\x82�\xD1�K\x85w\xA8\xF7H.\xD3�2ؤϖs\x8A\x83\xE03�Іj\xF5\xCE[\x95\xB5=M\x84W\xE6M\x99\xB6Ù†\x8C\xF9ঋ\xED8\xB2Rc'5fN*\xCC\xF2*\xABm\xC9Ê°d�\xB1Ùª,\xD7w7\xD1��\x8Cr\x98lS\x93c\x9AT\xE3x\xBC6�\xD0\xCE2\x9Ak&\x9Bz_\xD8\xF3K5\xE0Ó¤\xA5\x9D\x99�\xD8_�\xDFD[�\xF0\xA0\xC2G\xE4\x8Cvx\xDC\xFBc\x88WB\xB9\xB5\xE9X�\xD2\xF2\xA8^\xD8\xC7,\xCB>dd�\xFFt\x82\xC6$\xA0\x89\xEC�\x9F\xF8\xFF\x80o\xDD\xFEp\xFF\xAFO\xA0 at B\xE2\x84Ê¿��\xFE�u\x86\x8FÖ™~Ÿ\xAF[e\xAD\x97\xF5Mms|7M\xBC\xBD�_\xD7 �\xFCǨn\xF9\x82��6Ñ‘>\xA9�\xE9\x80 \x92F\xA1ݤY\xBD\xF9<W\xD8��}\x9E�i
-\xEA\xC4k\xEE\x81 \x81\x88\x92�w\x8B`\xAE/\xF9\x84�\xB0D '�\x8A�\xC4iÓ¢�\x91�F\x84\x85\x92\xF5$!"\xE8\xD4'\\xB2\xE4�\xDDt\x8A^×\xFA�\xF8&Ô€�\x93\xA8�JÓ¿\xF4\xA5Pg\xFDk
-mk\x83S]\xF6̆\x8D:\x9EC��\xF77\x87\xA6U呓\xB6+\xE5�C\x9Af`HO�\x86\x8C�l5�\xEB\xB6UNDm\xB9\xA9v \xF3\xFE\xE6ra\x93\xAA\xFF
- �'q\xC4؄'\x90X�.\xFE'\xDE!\x9C\xC8$I\xC6_!~\xC7\xD1\xEF\xB3|\xFD\xC4���r \xE5Q\xB2y\xB0\xDD\_\xA2'�AI�Qy\x9A{\xAAzα�\xA9\x8E \xF6�}\x92N\xE2\xAE:\x99\xF8\xE8\x8E!nH '��\xC1\xC9A\xD3H\xBB\xB30/\x88\xBA��\xFEa[eaLH�c"\xD1šدT\x83\xC4�\x89e^\xE5eZ \xCD8GS\xEB5�Z#\xCAN\xED�\xBC\x92\xD2VY\xA2�f\xA0\x82�\xDF \xA5ط\xCB0�\xA8\x8En\x97u�h\xFE\x93:<B\x94\xBC\xBEO$I"\xF5\xAB\xD1\xECF\xF9҃\xBD\x9D� \xDEBz\x95zA\xDF�\xC8��\xC4\xE2\xD47 BWlh�\xD3\\x83\x91\x94\xA6\xBD\xD4ᯩx� \x9A[\x8C`�\x8BH�\xFFN\xF5.\xF2Q\xA8\x80"�E\xAC\xAF\xB5�a6��\xF5\xF2w\xA8\xCD
-\x92\x87�LXw\xCFJ\xA5\x9B�\xC6
-Č\xA8�i�\x80�?Q \x9C\xDB\xEE\xEAÈVЋ\xD1 �Z\xA1\xEC\xB2~V6\xB2)�<\x8D\xA2\xC1\x83�5&\xA3ݕ\xC6\xEE(\xF1�\xAE\xAF~\x99\xFD\x94W\xFB\x8F\xF8\xDB\xF4q\x8D\xE9X\x84\xB6o\xA3\x90\xEE�
-\xA6\xC7�\xAF\xDD\xDF\xE2Ô¾\xB0#�\xA55Rl$\xC3L\xE2\x90[�\x83\x9En\x85T\xFBr\xD0ÒŒc\x81\x93\xEEBLy\x83\x87*\xDA
-\xE9\xF8H%c\xF5\xD0 \xEB\xCD\xE2B#+4_\xA6\x8D\x84\xB1\xE3Ա\x89\xED\xF7��1`\x82\xEDTh\xF0\xF4\xA0?�4\xAE"%̃\xE8ݘ\x9A\xA87nҪ\xC4}\x99\x80\x89k\xCE�\xCC\xC6\xFE\x92E�\x98}\xEDT�{�%&\xB4+T\xA5;\xDC:\xF8�v"/9T$hc\xB0\xC13#z�\xA7v\x82Ox\x98\x9CH4�ǀw�
-\xB5\xB6\xC7\xF6\xD5\xCA4\x80\x95\x82W\x94�C\xF7\xFCШ�G\xBF\xC4�\xBDb\xE7;\xE4\xD8m\xD2wglX- \xB6 M\xE2 \xEA\xBA !�\xE2/W\x8B\x8E\xA3\xDFg\xF9\xBAZ�ILh�\xF1\xA3dm\xCBۻ\x9B\x9F\xAF\xDE]ܹ\xBC\xE2\xD0\xC2D\xC9�T\x8C\xD3�ش\xF0\xEBà �\xB6�2\xD6(�\xC3\xE1\x8B
-P`�\xD0C\xD3\xF5\xC4�\xE3\xAE\xFD\xFD\\xE9\xB9\xCCw\xD8'\xE8w\xBC�\xBE\xC01K`\xB2\xDF�\x98c7\xD8\xE6e\xF7F�\xB1P\xF3\xD9GAב\x8DTO\xFC�\x98+\xFBM K\xAB\xD3O�E\x9D\xAE\xD4\xEA\xDBO}��! 0
-\x86_/igѿ\xFC\xAD\xF4\xF8Q9\x88\x89H�>�u\xBA\x92&\\xC6N)mu!^\xF5P\xEE\xA3\xEAk\xD5\xFF�y\x94\xBC\xDCendstream
-endobj
-1504 0 obj <<
-/Type /Page
-/Contents 1505 0 R
-/Resources 1503 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1489 0 R
->> endobj
-1506 0 obj <<
-/D [1504 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-314 0 obj <<
-/D [1504 0 R /XYZ 85.0394 638.5372 null]
->> endobj
-1507 0 obj <<
-/D [1504 0 R /XYZ 85.0394 609.0615 null]
->> endobj
-318 0 obj <<
-/D [1504 0 R /XYZ 85.0394 430.1605 null]
->> endobj
-1508 0 obj <<
-/D [1504 0 R /XYZ 85.0394 403.4942 null]
->> endobj
-322 0 obj <<
-/D [1504 0 R /XYZ 85.0394 256.4314 null]
->> endobj
-1509 0 obj <<
-/D [1504 0 R /XYZ 85.0394 229.5399 null]
->> endobj
-326 0 obj <<
-/D [1504 0 R /XYZ 85.0394 110.5453 null]
->> endobj
-1510 0 obj <<
-/D [1504 0 R /XYZ 85.0394 81.3565 null]
->> endobj
-1503 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1513 0 obj <<
-/Length 2308
-/Filter /FlateDecode
->>
-stream
-xÚYmo\xE3F�\xFE\xEE_a\xE0
-T.֊f\xF4�\xE0>d7\xD9\xDB4\xBD\xD4M\xBC=,v�\x85l\x8Fc5\xB2\xE4zdg\xB3\x87\xFB\xEFG�9\xB2l+m}W�\x818�j\x86\xE4\x90�9\xB2\xE8{\xF0'\xFAa\xE4F\xA9L\xFBq�\xB8\xA1'\xC2\xFEt\xD9\xF3\xFA�0\xF7\x8F\x9E`\x99\xA1��\xB6\xA5^\x8F{go\xFD\xB8\x9F\xBAi$\xA3\xFEx\xDEZ+q\xBD$�\xFD\xF1\xEC\xA3�\xB8B\xB8�X\xC2sF7o\xEE�C�z\xCE߄ \xE2\x93�zo\xEE�~\xEC|�\x8D�"q~\xBC\xB9��\xCF޿�\x8D~4\xB3\xE3�\xEC�J\xE7ͻ\x8B\xD1\xF8ꎦ�^\xF7\xE2\xF2\xE7\x81�¹\xB8}suIS\x97\xB7\xBC\xD3۫\x8BA�8\xE3\xF7wW\xF7\x83\xCF\xE3\xEF{W\xE3Ʈ\xB6\xED\xC2\xF3Ѩ\xDFz�?{\xFD�\xB8\xE0\xFB\x9E\xE7\xFAi�\xF6\x9F`\xE0\xB9"Me\xD9�B\xDF
-�߷\x9C\xA2w\xDF\xFB\xA9Y\xB05k^\xED\xF4\xA5\xF0\\xE9G\xB2Ù\x81\xE8rf�\xBBQ�\x933\xBF��#\xCFsԗU\xB5\xAE\x89\xFE\xE1\xF2\x97�\xAE_\xDF]\xDC}\xF8et1~\xF7\xF7\xB3jU\x9F\xAD�\xA7Z\x88\xB3\x8D^\x9F�\xF9\xE4\xFC\x9B�H\xFD�]q\xF6V\xCAֆ^(a��\xA9\xD9\xEA_�U\x82�#\xE1T+\xB5\xCE\xEA\xBC|\xA0a\xC6싫��7\xEA�$\xD0˯\x90�8yM�\xB9Ƨt\xB2BW\xC4)\xD5Ti\x9D\xAD\x9FiX3[\xAF\xD44\x9F[\xE6B�QTSض\xB2Z\xCC\xF7\xA6\xA5\xF3I\xCA`\x99M�y\xA9\x90\xA4\xD9O\x9E'�\xC5z<-\xF2\xE9�-E\xDB
-\xD30\x94\xC66]Wk�6�
-\xFA\xBEt\xF2r^\xAD\x97\xBC�2\xB2I\xB5\xA9\x91\xF4i?ä±™\x86�q"6\x9Ag'\xCF\xF4\xA4�\xC7�M\x8C#ke\xF6\xAA\xB6\xF9̾�g\xB2F'`\xD0b�\x87\x91s=?ØŽM\xA3�\x99\xC5\xCA6J\xD3!\xEEEM \xD1�Fa��\xA3\xA1g\xC6\xFAa\xC3e/P0a\xA0\x90Qg\xA8\xB5�\xA35)yf\xF7>��\x91Æ®\x8C Wh\xFDW\x94d\xE0\x85\xF3�e\x86\x8D\xF4^du�\xF1\xCDÕ‡\xD1\xD5]G w\xEA\xF7\xC7\xC1;^(s0i\xEA\xA8r\x9B\xD3�\x94KU⡦\x89\xB3\xCD\xD6y6)\xCC\xF9\x83\xCCr\xA3yb\xC2oiU�\xF1�i\xA0\xB6\xE6\xE0`z=H\x9CMY\x9A\\xC0Ù¬|&\xA2\xAE\xAA\x82D\xEAEƯ\x82W\xB4\xE5\xF1\xB2\xEF\xEE\xFF\x{12A8F1C}�\x9B�.Dƈ}c\xDA\xD1J\xC9<|T\xCF�\xAA\xEC\xB0=\x82\xC3�Q\xD8�\xC9\xF1\x82\x883\xBE`�^\xAE\xC8\xC1\xE6\xE3Å‚\x84\xD0\xE6\xB4\xC5fJ\xD7\xEB\xEA\xB9K9(�Q \xFFh=+0+\xB5VS\xB4u\xBE\xAE\x96E6QEÇ¢i\xE8\x8AD\x9E\xBA\xA8\xCE�ʯUgX\xC7�\x80m꟮\xE5�'�\xC1\xE9%\xF6D\xB0\xC6\xED\xA0�\x92\xD1w#\xE1G\xFB\xC9\xF8\x94�E\x93LD�\xD2��QC\x84\x81�$\xD6Y9\xAB\x96D\x97\x9B\xE5D1�\xD41X]\x95XD9;A\xB6\xC3 j\x84i\xC0:\x96\xD9R\xCD:,\xF1=�\xFC�\xB1\x94K�HpW\x98\xC4hA\xEC\xA6I\x9AP\xC1�\xA4\xD2\xC18\x87|\x9E\x9A"�a^VO\xCC!\xC0\xCDj\x96@\xA5\x8C�!(p\xC0\x9B\x9A\xA8\x9C_\xA6\xB4\xF1\x8C�\\xA2\xAE\x9B\xA9\Û4\xE2\xBD/\xA4\xF3\xC4\xE2\xECK�;Ú•�\xD2���\x98`\xAD\xE2\xDD��{È·\xFC\x96\x95A}\xF6\xAA ��E)\xB53P\x88t\xB6\�j\xF8\xA8�qÔ…\x8B^'�a
-'\xF4$}
-\xA7\xA0\xE7n\x93?�\x86x0�)8\xC5\xC8\xF0\xE4ziC�\xC1j/ØŒ#\x90P_ !\xF4\xC9\xFA[\9D\xB1\xAB\xB2\xC6(E\xC9\xD1\xF5\xEDy\x97#\xABɯjZ\xF4>\x9F\x93\xDC�\xCE�\xAB\x9Eq\x81�\xE2 \xF1\xA1\x88\xD1xZdZ�\xE9\xD3\xC3�\xC3\xC7\xE43\x8D\xBE\xDDy\xE8[\xE2\xE43X\xB9K3\xDEV\xFC\xEE\xB6\xF1Ѷ\xF2\xC4m\xFF\x90^\xAB9\xF7$�(\x9B\x88�\xA6\xC8 I\xB1\x8E\x949�êè‰FTF�\xC47L{\x8F\xB2�YTÜjgC\xEB\x9DU��\xD2P\xD8c\xE1\xF3\xF5\xF5\xED%Q\xE9\xC1\xC6Ôˆh�S\xC4\xC32\xCBl\x88\xF46t\x9BzK\xF0mz\xB3�\xAFo\xEA\xBC\xC8kL:�8\xB3Ê”J\xE9�c\xB1%\xF2\x85\xC9u\x9C\xE4\\x87I\x9B\xEB�\xE7:LR\xAE#eJ7�\xB1\xE7\xE8M\xE6��E�\xA59�Ç™J\x92\x99>x�\xDE0\x95\xA3Y\xB4Y��\xAC#\x8Aq-\xF5\xC5,í–ª>
-�\xBA\xEA\xDFK\x89O\xFC9wP\xF77\xB6\xADj\xB6\xFES}�\xD8�E�\xB7Û\x82\xFA|�x\xE7\xE6;\x97L\x85i�\x8AH s\xB5η�\xA8 \xC4\xF1@\x!
93�\xF5\x91 ԇ\xE9 /� \xCF�`\xE4\xE2�E\xAE\xE1X�0v\xE1\xE8!ל\xF7e\x91?\xF2�%\xB6\xE6\x85ݞ\x9E\xBC\x{DAEE}\xC0\xA2R;\x942A\xB4\xAB3SM`0\xA9jf\xAF6\x93"\x9F�Mp\x8FLk����\x81\x98eu\x86\xF9�\xFDvM=%r�\xABq\xC0\xD5\xE6p\xBB\xAA,x
-\x82V�\xEF\xED{\xBC\x83﬊\x8D\xB6ZuE�\xF4\xBEe\x9D\xE3\xE6T\xEF\xA5m�\xA4\x85o\xD92��\x8C\xE5\xB2\xF1I(\x{917827}\xA6\xB9\xE624c\xD9��\xAE<X\x96*0R\xE3�\x8B�\xC2K\xBB\x9AM�\xBB\xD4n\xA1\x8E\xB3jiK C7"+i\xBA\x8B\xD8H\x9A\xFB�x\xE6\xB9\xDA�\xF1\x94\xEB�R)\x85�p\xB8\xF9Q4\xCA\xE8�\xD9T\x99\xE0\xB5>\xC77\xF2\x92�\x9C\xE4\x89Ň\x84/v at P[�\xB2��\xCDz�\xA4m<H�\xB5
-0\xE1
-Ea¿\xBD>d-/Ǘ\xC1a\x977\xA6j\xB6\xB15\xC0\xC7\xC6mRm
-\xDE\xC5a\x83j!51\xF0\x98\xE5s\x94\x9D+z\xC5\mÈ‹�6\xCC{\x91�ÖB\x85\xB9\xC5\xD8�o\xB8\xF9W\xBB>e8\xF0\xAAe^\xD7\xCD^\x88^�1H�\xC40Nb+\xCA�\x8F#\xB8\x94�\x84cl�\x9A!\xAC+\x80�k�\xF7\xA7\x86\xF5\xB0\xC1\xEB\x99\xFEK\xFA%á¡š�\xB0\xF9\x95\xFA\xA5CÇŸ�\xBE_-\xF8\x9E\x84\xB5��4@%4\xE7[U4�\x83\xF6\x9B\x90Fb\x99q\xEBEA\xA2æ¶\xAF\xAB\xBD\xF6\x9E\xF3%kZ\xBA-\xE2BUf\xECЪ�\xCErÔ±\x9DU\xCDU\x9D\xB3\xD3Û¿\xC5\xFC/%\xAA\xF1\xFB\x895\x87\xBE`\xA4\xED�#�?\xCC�$a
-v٬\xA9E\xF0ͽ\xBA$>=m\xD2�\xA3\x9D\x81\x91\xE7L\xE8\xD3
-, \x97l\xD5\xC8\xF2\xAAS\xFB\xBA\xA9M(E\xE9
-�\xFA\xA8�"\xE6F\xA5\xAB%K�\x80\xF1-& \xE3\x85Ê¿SX\xA6\xB6\xA4f\xBA*5*\xE6\xC5\xF4]�fèœ@�d�:˦\xF5C\xAE2y\x8D0?\xCDMZ#Ó„@\xB3\xAAV\xEB-\xBFK0�3tB\x8A\xAAB�\xF1U��\xBAQ\x85\x8C\xE7\xC0 /�aZ\xF1\xB7M\xB3U\xBB\xE3\xE9j\x97W|\xC5\xC4+Y�pA\x88�\xA1�9T\x80\xA0\xFB`�\x93\xC5QBf R\x9A\xA2�\xE3\x96�`\xD4Ö©\x95+\xB1\xEF\xE4s\x92\xA0\x9C\x81�\xB1�\xF0�}M\xC42\xBC\\xA9RS\x9ED\x8C\xE9Hd\xAD\xBD�j\xA7\x9D \xCC_�C\xBE\x86\xB6oD\xCD\xF9\xBEX\xA5n1\x94\xF6r\x9A,�m\xABÞºj \xDB\xF0\xF8\x82\xBE\x83\xDFV\xB5:\xA7!V;s\xB7\xAFꃴ�\xBB\x9BÚ?qW\xAB\x9D\xCE\xE0\x83\x8E\xAB~\x9C\xBA \x89቟C\x82\xFD\x8F|9\xAB\xB2\xFBR1aE\xDA_uC\xC1:\xF4\xA1�\xF8n\xE2\x89tß¿\xD9lvp\xE3Ķ \xA1\x9F\xADa\xD3M\xBBv\x8CI\xC2�[ \x94Y\xB7�\xB3U覱\xF9�\xE1Æ�\x98\x89\xEF\xDA�-\xBE\xE9i\x8F-\x96\x91�x\xA2\xF9`cÛ»�\xF66\xEA�\x9F1^\xEB\xDAB\xB4\xFDBK~\xD9\xDD\xE5\xEC\xD17\xA8\x9B×®\xF9\x81\xE3\x85\xDF"\xFC\xD0\xC5��:~9\x80v\xE3\xFF\xFD;\xC5\xEE�\x9D v\xFD$\x91\xCDO�\xFBN\x89��.\xBF\xBEU
-}\xE3�G\x9A\xDB�4\x8EU\xFF/\xACT\xDC�endstream
-endobj
-1512 0 obj <<
-/Type /Page
-/Contents 1513 0 R
-/Resources 1511 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1489 0 R
->> endobj
-1514 0 obj <<
-/D [1512 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1511 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1518 0 obj <<
-/Length 2186
-/Filter /FlateDecode
->>
-stream
-xÚ¥�ko\xDBF\xF2\xBB~�\x81; T�R\xFB\xE03\xE8�\xE0\xD8J\xE3\xA6g\xEB,\xB5\x87k���\xB5\xB2\x89P\xA4"\x92r\xD5_ß™\x9D%EILS 0\xE0�\xCE\xCE\xCEk\xE7\xB5\xE2�\x83?nE\xBE\xCBd\xECYa\xEC\xB9>㾕nF\xCCz\x84\xBD�F\xDC\xD08-\x91Ó§z\xBD�M\xDE\xC8Њ\xDD8�\x81\xB5X\xF7xE.\x8B"n-V\xEF\xED\xEB\xB7W\xB3\xC5\xF4a\xEC�\x9FÙž;v\xFC\x80\xD9W7\xBF\x8C9\xE7\xF6\xD5\xDD\xF5\xF4\x86\xB6n\xEE\xE6�\xBC\x99^\x8DC\xCF^\xFC\xFC0�L�\xFB�\x8EqnN\xCE\xDE]�\xBApN\xC0�\xE6\xB3뇱�\xED\xFF\xCF�c�\xD9\xF7\xEFn�gv\xE7?\xCFf\xF7zw1\xFE\xB8\xF8q4]tv\xF5m\xE7L\xA2Q\x9FG\xEF?2k�.\xF8q\xC4\�G\xBE\xF5��\xCC\xE5q,\xAC\xCD\xC8\xF3\xA5\xEB{R\xB6\x98|4�\xFD\xB7c\xD8\xDB\xD5G\x87|\xE9\xCB\xC8\xF5#��8\xD3\xE3C\xCE\xF4B7�Cr\xE6?\xC7N\xC0\x98\xBD*\xAAJ\xA5N\x95=�\x94\x85"\xA43\xA7U\xFD\x9El\xB6\xB9r�U\xA3\xC1 \xD5�\xEFž/4\x8BiQ\xAB�Q\xCEn\xEF^\x9D\x92\x90\x94_\xD4.[�\xB2\xE2\x91\xC8\xEA'#\xE1(\xAB\xA9.w\xD7e\x9E\x97\xCF�>\xC9�\xCB]V?m\xAAWCj\xDCͧ\xD7\xF2a~5{�W;@\xF0k'�\xCD\xECئ%�W\xABAůZ\x99\xAF\x88\xB8/Ä ~\x9D\xBF\xAB�\xC8_\xD2\xFA\xAE\x872\xBA\xA7u\xB6Wf\x9BѲS\xFB\xF2\x93Z\x9D"\xAB:)V\xCE\xF20d@\xEF�\4A\xAD\x90j\xF2Fp\xAB#[\xE3!�\xA2%\x80\x80\xC0C:\xD2\xFD\xB1\xC3�p\x9FoU\xDA^�\x86\xB2v5�\xAAx\xCC
-�\x97\xC5\xD9&xh�Z\xD1G\x8Et$V\xF4\x82�\xA4\x8A\xC0\x95Q,\xB5\xD4�\x9E\x95\x90h\xF7[U\xCC\xE7?\xE1\x87\xEC\xA4\xE0F\x9A��,�mV\xA8\xDB�\xC6�\x98\xA57\xB2\xA23\xEF(\x87C�s\x8Fa\xF0\xA3\x9C"\xD9t^\xE8\xAB#1�<\xCFPi\xE5\x91e\x92\xE7$\xAC\�\xA2~2\xD2_\xDF\xDE\xDD�\x88\x8B\xA5+X$
-�\x93%\xDF
-�\xF48\xE6TKX\x97e^�\xF3�$\xC0�xO\xA8\xB0?�\xE19S\xE2\xC6\xFBba��\x90`\xE6I4~? 8tC/
-\x8D\\xE3\xE0K\x86"v\xFD\xB0#\xFB\xF7\xD7\xF8\xA0bp\xDDP4\x8Fw�\xFAt\xF7�]n\xEB\xAC,\xA0\x82\xCAHÚ·kBj�j(&\xFA\xAC\xA2\xCFe\x93\xE55\x81ÏL\xB4I\xE1�(�� \xDA\xD9~J+]\x82;�\x90�"\xE2@\x9A\x8D\xB9]\xD19\xDA!\xAA\x95Z'M^W:[��
-\�\xF0Ó¤\xA9K\xE4�j\x93H B\xA0\xB9'\xE4i> �\xE9�E\xC7| \xE4s\x86Q\x83У*\xD4�b\xE8 at DEY�~iN�*UU\x95\xEC�\x84n\x8A�> ^\x97;\xA2\xA9Ê\xE1\xBB\xC3΢\x92J��;\x87\xB2i�VO\x84�\xE5�\xEA at S\x99\xC4LhYekd\xB5Vı\xA8 Ý¥\xDE1\xC1\x8Fu1rc�Q\xAE\xEA\xEB�<#?\xF0Z\xF9 i\xE7�>H\xA8\x92e�w\xA0\xE8\x9B4 \x82Òœ%\xC7�Þ™\x9B \xD79\x93\xF6C\x82\xC8#\xC0\xAC\xD6j\x97
- \xA8\x9Eʲ\xA6�\x81\xBDm\xB3Û–\x95\xAA0�\x82Ц#�P*M:�\x8Cl\xDF~;\xFFÏ\xBBt�\x82�\x9A"\xD9'Y�\x86�\xF7�] \xAAT\xFD��Q{\xE1ds\xB3\xAD�\xE6d\xBD�e1�8��Z?\xBF똯(\xCFN\xBA0('\x99�\x85\xD2\xFFz\xFF\x9D\xD2\xFA\xE2\xC5_\xF6\xE3\xCBJL��S\x89[\xFB\xB5˪\x81"\xE7�7\xF0\xC4i\x8D\xEB4�\xA8�!L*]\xA1#Þ»q�\xFE5Qi\xE4ek\xB3�\xDF>\x9B\xF8\xEC\x9A\xCA6Ë•\xE9*\x98\xFFes~ \x97\x95�Û“)=�\xAD\xCF\xE1P\xE7")\xC0�\x91\xEB\xB1\xD0?v\xC0\xC0t\xC0\x87\xA6(\xBA\xF6GÝ£S\xC0\xA8\xDF\xD4\xE5&\xA9\xB3\x94>\xE9:\xB4\x8D\xCAi�\x87\xAF\xF6?\xCC)�3\xCA)�\x9E\x93\xA2�r=h\x86\xA3\xDBW\xBA\x99p\xA3(\xEA\xFB�Y\xAE�@\x9F\xA5T\x8F�A\xEE\xD5J"\x82k\xDD+\xDA3\xED�AL�
-|R�\x9DXL`\x87\x9C`\xF0⩖\xBB\xB6\xFC\xC0_\xEA\xB9/)-\xF5\xBA\xAA\xE8\VTjW\x93�0\xE1C��yp\x9A\x8A\xFB,\xA1\x8A^T\xCDv\x95\xD4ꥩsO\xAA0�\xE6J \xDC4UM\xD0S\xB2W�%ijJ*7\x95\x9D\xB7E\x9B\x93a"\xD2c\xA8K(�\xFD \xE9y�\x81\xE5\x91�N~P\xEBZ\x81\xCB�\xAD\xDB<IMK \xEE�\x83!\x880\xD1]\\x94\x87�
-oU\xE5nZ\xAC\xDB\xF7��]Ñ\xB7Ev>a%\xCBr\xAFNJ�\\xCCe\xED�\x90\xD8~(Ú±f�\xA90\xA1Ô˜4\xD5n�2'}Ù—\x81\x84Ó“\x84\x87L\xDB\xE6�tM\xEF\xE4>\xD4�\xC8�\xD3�\xBC\xE3��R\xED\xBCL�\xD3v%\xA7\xAA/[\xFD\xE5\xB9\xC5@\xD1Y,\x99\xF1< \xDA\xF3x|\xAFv\xBBl\xB5R-\xFE at +TaS\xF9%?\xF2\xBE\x9FMï°\x9D=\xB5<hâ‘€"'� oC\xE1\xFF\x9DÇ–pcH\xA4᧖\xD3qt\xFA,\xF5;\xEAt\xD4�\xA1�q\xB8\x85\x8EL\xBFJ\xEF\xEFÞª\xD8g\xD4ÒŠ
-5c0g\x9F\xEC2\x87\-=\xE1\xE2\xA8x\x92�Ç®\xB4T\xEB\xB2_(\xA9\xB4\x9E�\xAD\xC1F>בs�\x83C]�\x9E\x80\x91`\xE1i\xAB0g~KK\xBCF\xEC4\xFF\xA2\xA5Ý€qk\xA8\xC1\xBE\xBF\xA4Òˆ\x8FC\x89C\x8D\xB5:\xE1O\xB8ß \xEF\xE8�\xFB\xB2\x883\xC2!)D\xDF6\x8C\x9E�B
-�\xE1}!g\x84_�\xA2k at O\xC2\x{1F37EE}\xAE\xA7\xDDK\x98\x80\xB7Ӈ\xE9м\xED\x9C]\x81\xDF\xEF\xD6a\xD4N\x9D %yU\xB6�\xBC\x87 4\xD3st|\x93�\x9A���\x9ACm\xC9쟢R\xA9Ŵ\x8D�>\xA8\xA8\x85z\x86\x84!�O\xC1\xC9&\xF6u\xD5Z\xB4\x87\xC9A�"\x8D\xA8�Wu\x95\x8E�\xEB\xA1\xD54\x91:'I/Mx\x97f
-\xA0^q\x9Cc\xCD~U\x9E̾]�6\xFE\xD2#Y�.\xBB�BQ\x9F�#su:\xD7u\xF34h\xB9q\xF5�=_\xF8]\x87㳌\x85\xDE\xDF\xFAa\x87C\xB5\x89}o\xB8Ú€"\xE9F,�\xBEÌ‹\xCE1\xE0e\xC0\xF6\xC4Y\xE1:\xFE\x98\xC6Ü\xB1\xA8_\xB6z\xD3Q�\xBB<\x82\x81 Þª\x9CI\xFAy\xE0\xBD\xD0\xF4�\xA8�\xD8%8v\x99\xC04\x89+\x88ca?\xE8\xFF�\xD3ܾ\xED`a\xFFp\xEE*\x90\xE2q\xD05�\xDC8d\xDAS\xD6g\xF0A\xCC=Oj\x9A>\xACm?\xFAD#&\xB7�iÝ”`\xA1\xD53\xB2\xE5\xEB\xF4�k#\x83\x93��\xB5�\xEE�\xED\x86~�\x87T\xD8fmC\x97\xC2\xE4 ��\x8A/\xC6�/\xF4\xA9# �\xECθ&\x86^\x8D\xA1\xA8\xFF^\xD3W\xDB\xD8\xFA\x84\xB5NZ\x84\xE0\xA9\\xE0oa�\xE3\xB9�}\xECÔªIÕ™�\x90\xB7
-\xCE\\xF0P\xAE
-]\xB2r\x86\xD2g?�>\xCChu\xF2\xA8\xCCChM\xAB�\xEB�\xD4]�V0\xCB%\xE8\xB5&�9 \xC5<\xDDZeq\xBB]\x9F\x9F\x92\x9A\xA0\xC3X@�o�z̵L\xFA\xA2\x97`h\xAF\xCC
-]
-\xCD+wF!\xE8�\xE8\x9A\xC7\xD6 �\x92\xCF\xED8>ICr��\xA5\xAE\xE6i\x91\xE46\x98\xD6m\xF7\xA2\xE9Ç¡�@Ûµz\x91\xFEm\xB9\x83Y\xEA\xC7Al9\xC7_X\xBF9\xB3%���l�\xFCZˬ\xB6\xE3|\xF3o\xC3Ǽ\x87V"\xA3H�\x8F+\x92�\xD0h\xE2Ð’\xBE�\xBC\xA8\xD5I\xFFܵݯ\xC8-YO\xF9?�Ø\xF9wendstream
-endobj
-1517 0 obj <<
-/Type /Page
-/Contents 1518 0 R
-/Resources 1516 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1489 0 R
->> endobj
-1515 0 obj <<
-/Type /XObject
-/Subtype /Form
-/FormType 1
-/PTEX.FileName (/usr/local/share/db2latex/xsl/figures/warning.pdf)
-/PTEX.PageNumber 1
-/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000]
-/BBox [0.00000000 0.00000000 31.00000000 31.00000000]
-/Resources <<
-/ProcSet [ /PDF ]
->>
-/Length 557
-/Filter [/FlateDecode]
->>
-stream
-x\xDAm\x94In�1�EOPw\xA8u\x80�$\xC5Ig0\xB2\xCA����ľ\xFF6\xA4\xA4\xEAV5�oʯ\xC5\xE9s\xC0�\xF3\x8F\xCE�\xAE\xAF\x8F\x83\xD6\xD7O\xB2\xCE \x8E\xA2\x91\xFF\xA8#h8\xC7\xF9\xF8:�\x845?�\xF9Æ [\xC4I\xDA�L\x92~�\x94F\xA0\xD8��P\xC8\xF9Y\xCC\xC0\xB9\x9Dd\x88\xD0zZ8\xE5�\xB1\xDD�\x83\xB2\xD9\xCBò‘–Œ\x80f\xBE\xC5(\xCC\xC0\x81E#@x\x98oL �Û¹[�\x83\xB1\xF1\xF0\xF9
-\xE4
-�6\>�Rg\xC8b\xCFW\xD6�\xB9j[\x86\x8F\x9B
-W\x8CϢ�\xAE�{6;\xBB\xB2\xFEF\xC3\xC7\xF1\xF7\xF8]\x9A�\xA8)\xD5/�ԬMu;pk;�̩\xCBdh<\xE5E\x96\xF1\xACA\xCFw\xB3𬱱N\xEA\xA6\xF3\xA1\xC4�\xBD\x81t\x95\x8B\xF9D\x84\x99²]\xB0\xC4(\x9D\x87;\x8D�\x84\xA0\xB7厰\x8A\xADr\xB2\xC2\xD9\xC4L�\xFB\x88�
-T\xA5Í¡�誋\x8A\x8Et\x92\xB9w_�=\xCE]\x88\x8B=\xA6uS\xE4\xF7\x97\xE4"\xEF�\xB1yl\xB1\x87\xB5\xC3-\xCBkHs\x8A\xF6r�eOÚ³\xEAvg\x9B<7\xBAt,\x87\xDDe\x97;\xE3\xD2\xE8Ð/I\x85B\xF7�&\xEA(\xFD\xEA\xB3\xF6󻉨YÙ¹\xC7,\xE7kRÔš\xDA'�^
-m" ^\x81\x98h\xB1\x90\xCEW9AV\xAAy���\xAD©/f\x81\xFD\xC6"\x95\x9C\xE3\xFBF�y-Sng ��\\xC7d\xAA�\xBC\x98\xA9ƥ\x86�\xCD}B\xA9\x95�\xB5\x8C\xCE$\xE2w1.\xB6&\x8D\xD8\xED\xFE\xB2C\xB6O\x96\xC3V\xE7\xA0X\xD79g�\xB9E{\xEE\xC7<�\x95\xE3\xF3P)!\xCDZ\xDCşLު~\xD1\xD4'�\xAFU\xE2XL\xB5\xFC�c\x93\xC5XsЖ\xF5\xDA�\xAF\xBD\x98Ӓ~\xF2BL\x96\xA7\xE8\xAAƹO\xA6\xBANZ\x9D�_�[\xC8�\xFC.\xF8\x9A\x8A\xFB*]3Q�\xF4\xE7\xC7\xF1�!\xD6-\x9Eendstream
-endobj
-1519 0 obj <<
-/D [1517 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-330 0 obj <<
-/D [1517 0 R /XYZ 85.0394 646.4943 null]
->> endobj
-1520 0 obj <<
-/D [1517 0 R /XYZ 85.0394 614.9326 null]
->> endobj
-334 0 obj <<
-/D [1517 0 R /XYZ 85.0394 450.402 null]
->> endobj
-1521 0 obj <<
-/D [1517 0 R /XYZ 85.0394 421.6496 null]
->> endobj
-1516 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F11 1451 0 R /F62 1361 0 R >>
-/XObject << /Im3 1515 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1524 0 obj <<
-/Length 2039
-/Filter /FlateDecode
->>
-stream
-xڥXIw\xDB6�\xBE\xEBW\xE8\xD0�\xF5\x9E\x85b\xE3曛8\xA9\xFBZǵ\x95\xF6\xD0\xE4@\x8BP̆"U.V\xD3_\xDF��H\x91�\xED�*�0 �\x83\xC1,���K�\xB1\xF4��\xC42^\x86\xB1f>�\xFEr\xBB_\xF0\xE5�\x98{\xBF�\x8Eg\xDD1\xAD\x87\?l�߿S\xE12fq \x83\xE5f7\x90�1�Eb\xB9I\xFF\xF04�\x92\xAD@�\xF7n\xEE~�Vk\xE9s\xEF\xE1\xE3\xDD݇\xFB\x95
-\xBD
-
-\xDC\xDCR\xFB\xC3\xCD\xED[\xA2\xE2\xD5Z�\xC1\x95\xF7\xE6Ç«\xBB\xCD\xF5=\x8Dj'\xEA\xEA\xEDo+\x98\xF6\xAEn\xDF\\xBB�oo�\x88xw}\xB5
-\xB5\xB7\xF9x\xFD\xB0\xFA\xBC\xF9iq\xBD\xE9\x8F2<.�\xC7s\xFC\xB5\xF8\xE33_\xA6p\xEA\x9F�\x9C\xA98\xF2\x97G\xE8p&\xE2X.\xF7�\xED+\xE6k\xA5\xBA\x91|\xF1\xB0\xF8\xB5�8\x98\xB5Kg\xCD'8\x93*\x903\xF6\x93b)4S�&\x87�\xF4c�\xEA\xFB\xBD�\xC1�\x9C\xA3�\x9F;�\xB6\x87CY5\xD4ÉŠs\xE3\xC1\xB9A\xBA�x\x87/\xD72bA�++\xD61\xF3�-\x8DÍ®\xCD\xF3oH�^M\xD2k\x9AH\xF2\x9C\x88m[U+�y\xA6h\x883\xF4R\xF3\x89sY\x98\xD4\xC9(\xAB}M2\xCA�
-9\x9D\x81*\x92\xBD!\xAA)\x9D\xE44%\x81\xB5[\x94�\xE9\xEC\xCCi\xC9IH^\x96_\xDBC\xCD\xF0\xA8x8!X\xEC\xFB\xD2�\xEE\xC6Y\xE6\x98YÝJ\xF2\xBA$\xAA\xAD\x8D\x8B\xB9Þš\x83\xDDLMC\x8D\xE3\xDE'_�\xFB_\xAD\xA9\xB2n\xFA\xF8d\x9CÑ«U\xE4\xB5E\x91�_\xA8_\xBA\xF1\xA4\x98\xEE\xB2M�\xC9c\xEE\xA4\xD5\xDF\xEA\xC6\xECOʇ,V2\xB2Ê¿++\xE0\x91
-\xADyL\xACb)
-\xB8#_`/\xEA<�\xE315\xCEm+\xE1\xD54P�\xD6O@]\xC1\x8F(:\xE8\xB6$\xB9`\xBE\xB5\xE2»\x{1C6995}
-�Q\xA99\x80$Çž4\xC6\xE9\xD0<�"ÈŽ\xB8\xCB\xCE\xED�\xCC\xEEp1v�\xA1�9:\x88\xBDm\x9EA8\xAD\xEB,54P\xF7\x91
-\x9D\x9D5��V6\xB4�\xD94xL�\x91l\xBB�p\x87=z\xBFd_>�\xB7\xE5Ύ\x94{\xE8\x85}\xD2\xC0x\x8C\xB6�B\xEF\xC7\xF2h\x9EM\x85�\x82\x96\x86&i\x9B\xA7\xB2ʚ\xA4ɞ\xCD\\xBCu\xAE\x88\xC8�Q�\xA6@զ�a\xB5\xEB4�\x90@\xE6e\x92�\xF5OY8^̥\xDC8\xDEmY4I\xE6��\xFAdި7�9'$+H\xC8\xCE\xD2e\xE7�\xB3�\xC1�\xB5W
-l]�ME\x8BOA��\xB2\xEE\x8C\xE8y\xCFÉ\xE70\xC0\xB7[spy掀yS\xC1v;\xBB�\xF4h�d\x9E\xF2\x8DN�\xFD\xAB\xA0K\xA7Ix\x8E�$�$H \xBA\xDC
-\xBAehhCS\x83T T\xEFd{\xAD\xE0\xF4 \xE1`\x90b�\x86A\xFB4k\xB2\xB2Hr\x9A\xF9$\xA5.\xB2GH[\xA4\x88 A.ih�\x92 \xA5Q�\xC2(\xE2\xC9�\xF8\xAAx \xBE*�̗p?p{\x82\xEC�\xB0\xA4:$30\xAD|`\x94\x8E/-\xF7`$\xF2\xC3Z\x83
-\xB8\xCF\xFD\x89?\xF0�\xA1\xF4\x8E\xC6FV\xA8\xFA�:��e\x9E�\xC29\xC2\xCC�\xA6\xF5\xB9\xB6B�&\x85��\xB4͊fFY \xF7T \xF5H[̢0\xF4>\xD8M\xED\xFE\xE8�\xB0iM\xEAY\xB8\x80Q\xE7�\xA0b\x9Ap>\xB1��\xAA\x8F\x96̊\xA4\xFAF|y\xF2hr\xEB�k��r�\x86\x91��\xCC'\xB0\x94\xC3\xFC\xC0\xF7\xBE�\xE5\xB1 \x92\xB0"pR\x9B\xBA\xA9 �\xB1�+�\xB1\x90\x83/���ۆF�\xC0\xE4\xD3!\xA0\xED\xF5�\x899d$\xAA\xE66x\xA2\x9D\x80\xC7�\xB7\xF7\xB6\xDC�r\xD3�\x82&
-M\xBEw\xB0&\x83ň\xC73ɇ\xE8\x8C\xF6Õ\xF7KRX)\xD2K�\x87<�W:�\xC3�\xC5bo\xE2 at va\x9F\x96\xD4-ʆ\x88\xB6 /Õ\x83\xE3\xCE\xE8@\x9C�&\xC9\xE0D\x9Eb�\xF6\xED\xDA\xDCM\xF6�\xED)}Í…3y'\xDD^\xC73\xC7"î¦
-<[l\xEFNl
-!�\xA6;v\xB3�\xB5_ \x851\xCC�,/�\xEB!\xA9\x9Al\xDB\xE6I�\xE8
-3\xA1\x937\xC2o;D\xA6A*\xA6\x86��)Bl\xA2\xA9\x80\xB0\xF3h2$�\xB8\xADXj�Ô"\xFC\x9E\xBB\xEF\xA6p×›�hk\xDE\xFA\x95R`PM@\xA8TÏ™9\xBA\xDEÎ\xEE\x93\xE9\xF1\x96\xDCc\x978\xA0\x86�\xC7�e�\xF6\xB5v�\xAF}\xA1
-\xBApk\x8D\x99\x96\xD0\xCA\xE7LG\x91\x84j5f:��\x8BY\x9A\xAC\xBE,\x89\xB8�T\xBF=\xFFz\xB8\x80\xAA\xDF1\xF0M\xE5\xA2��\xE0:˺\x9A\xEA\x8AI&\xA6\xFAh�\xC2:\xC0\xAF\xA1\xF8\xB3�\xBC\xE7\xFA�-Υ\xA1�\xCCa�T\xEB]\xD8\xEE\xE8dal\x8F\xC8\xE0\xA9�\x9C\xDE;\xC2�\xECW`R*aA\xFB\x9F\xE9J\xA2\xCE\xC7\xFAt\xF5Qm�\xD4=^|p\x9F\xCF�\xEF\x9A\xC5\xDA鳡"\xCC\xEF\xBC��\xC8���y\xFE\xE4�\xA5\xB1\xAC\xA66\xA1怕%\xE6\xAEMm�\xB0�/\xB6�\xD9x\xE3I\xED\xCDJ\xB5Յ
-3G\xB5E\x9E}5#!zz×\xAA\xC1+\xF2\xEA\x83\xD9f\x98H\xA6\x9E\x83\x8A>Ô¡j̆\xF1<�\xC7\xE3\xF7\x91+B\xD0\xF2]�>V�\xA1U\xF0SÖ™\xBF��\xEC�r\x88��\x87\xC4,\x8A\xC2ت\xF5݇\xFB\x9B\xF7\xF8\x88
-x\xBF\x8C�\xDCϾN\x9E\xCA�r4\x94\xC0\xAA\x80�\xF6Òœ\x9E\xC0\xD8\xED\xE2�Ç€E\\xA6\x8F\xD1\xE5\xA5x!(�:|\xC4\xDAG)mS[)r\xE0:+\xD6d�\x9C\xD9\xC3]\x81^@z\xF2\xE8\xC1\xA1\xAC\xA6\x85\x84u0Йg\xBF7pQ\xA4\xF6ñ¼›\x9D\x93@
-��\xD7\xD9+\xCF\xCE�\xD4R�\xE1\xD4`7�gߧ\xF7É�\xC2\xE2\xE5\xABa�#\xE0�\xBA\xBEN�E\x8B]t/\xBE\xE6i\xC6]B�\xF0>\xEF+\x95\xCB\xCB�\xFC.E�\xA9�DL;X\x99\xD8��\xF1 at GnQRO\xD0vp\xA6y\x80\x90J2\xED\x87r�!\xE4�Bt\x8F\xCE[z=\xBC\x82�\xB7\xB6&u\xDF;�\xF4\xFF�4~\xB7oV\xC5\xE9�iEa\xA7=P\x9B\xB8\xC9Q\xFA\xE0@\xE6&
-\xB7'\xD2}\x89\xA4\xE0�b
-2\xBB���\xB8�\x8B\xC6\xF5\x93.c\xB1Sg\x90%߈�\xD4ï©•�x\xB66\xAC\xB8\xB6\x86w\x8A̽\xF5!Æœ"x\xE5\x9D\xFB^CE-b5)\xBDÙŒ\xC1|�\x85Ht\x8C\x9DÎ2�\xFC\xA4�\xBA�G\xFB3\xBB�\xB7y\xE3,\xAAm)�\xA9\xA2C�%\xC8\xD6C\xC9\xD8b\xBB2\xCF\xCBc\xEF\x8Bc\xD9\xE6n#\x82\xCD\xF2��\xC6T\xE7r\xCD b&u\xEE\xF8ჹ\xD1\xC7�=\x81\xE6�b\x94\xB3}Âœ\xE1\xE6L�\xC5�\xBC t\xE8\xAC\xF3:2�>�}\xD5e�\x9B�\x87\xCF2耵_\xC6Q\xCE\xC6\xFF\x88=\xB2�Za{\x92\x8D\9
-�\xC1\xF8kH?\xC4_\xA15�\xB0\x88� [Ô½\xDB\xDC;
-_�V8\xBC\x86�\xC6\xD0�\x8E\xB3�\xD8[\xB5\xEDC\xE2\x85�\xF8\xB1p\xA6B\xE1=r\xFC\xEFo\x92\xA7\xEF\xB5:d
-K\xAA\xD9R�\x9E\x82X\xEA\xA8N)\xFB\xC0�\xCE4\xEF>^\x9E\xAB\xFE/\xBB�\x9Cdendstream
-endobj
-1523 0 obj <<
-/Type /Page
-/Contents 1524 0 R
-/Resources 1522 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1530 0 R
-/Annots [ 1527 0 R ]
->> endobj
-1527 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [349.4919 566.941 408.4801 577.7254]
-/Subtype /Link
-/A << /S /GoTo /D (ipv6addresses) >>
->> endobj
-1525 0 obj <<
-/D [1523 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-338 0 obj <<
-/D [1523 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1526 0 obj <<
-/D [1523 0 R /XYZ 56.6929 745.0977 null]
->> endobj
-342 0 obj <<
-/D [1523 0 R /XYZ 56.6929 552.7519 null]
->> endobj
-1528 0 obj <<
-/D [1523 0 R /XYZ 56.6929 524.1722 null]
->> endobj
-346 0 obj <<
-/D [1523 0 R /XYZ 56.6929 397.0585 null]
->> endobj
-1529 0 obj <<
-/D [1523 0 R /XYZ 56.6929 368.4788 null]
->> endobj
-1522 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1534 0 obj <<
-/Length 1913
-/Filter /FlateDecode
->>
-stream
-xÚXQ\x8F\xDB8�~\xEF\xAFÈ£�h\K\xB2-\xFB\xB1\xBD\xD9[tqW,\xBA\xB3O\xD7{Ple"Ô¶\xB2\x91=\xB9\xF9\xF7G\x8A\x92�g\x9Cn� \xA6)\x8A\xA2H\xEA#e\xB6\xC9\xE0\xC76U\x91f\xA2\xCE7\xB2\xCE\xD3"cŦ\xE9\xDFe\x9Bg�\xFB\xF5��2y!\xD2"��^VF\xB7\x85\xA8Ò¢\xE2r\xB3\xBDV\xF2\xE9\xE9݇r\xB6\xE1YZ\x96\xBC\xD8<\xED\xE7\xB5JY\xA5\xB5\xC8\xEB\xCDS\xFB\x9F\xE4��u�\xF5\xE9aË‹,)�\xFE\xFB\xF4�M\xCBSYI\x86\xD32X\xA2He\x9DU~\xC2\xD3A\x93\xF0\xA7\xCF_�\x89\xAA\xE9\xF1/\xF3|�\xCF�\xFF\x89\xF1U;Û½\x80\xF2\xA8\x95\xE5\xA9\xC8K�\xB4\x96"\x95eFf�){ز,\xCB.\xFA\xEF\xAB�û\x93:\xBD�\xDD|S\xA7u\xC9Ë \x9AWi)kA�?\xD4YrR\xAD�\x8D�T×½\xC2Bu\x99\xA8\xE3\xB13\x8DB\xA6#\xCEA\xBDh\xA4d\xB2\xD3z ^g\x86\xEF\xBA%\xFAl\xC6�\x8D+b\xB8q\xDA�uz`U2\x9BG�\xC9</?�\xD4�\xA6\xE8\xA1u\xD7s\x9A\xE9\xE4�\xAD[&\x8F_\xFE\xA0 M\xFAd\xB4\xC3\xCD\xE1v�K\xEB\xA2\xE0~;\xA3\xA5\xFD+zt\xB6Q�\x91\x8Dj�fx\xA6\x97A\xF5\xC1\x8FN\x9F\xD0*\x99'\xE9\xACOB�@Æ \xBEÏ¿\xBF\x94�[�\xABÛ¡\xD1H\xC9\xC4�\xA3\xB7ζS\x83\xBB\xC7\xD1A\x9Fi\xB0\xB1\xFD\xB1\xD3\xFF3\xE3+
-\x80\xB0\xA5\x91\xF1\xA0\x895\xBBcB\xF7�\xEFH��\xED\xDC\xFB\x87-\xA4s\xE2\xA6\xE6@�\x95#\x99\xBD\xED:{\xF6{@\xF6\xC7`XsPfpAth×¼\xF2\xF8\xE5\xE3\xBF\x81\xFD\xF2*\xFA\xD5\xFAg\x8B\x8Bq\xC1\xFD<�\x96\x893\xFDÔj\xD0vr4\xA1\xB3\xF6\xFBt\xA4Q\xBB'�x%'j\x9EH\x8E\xF2\xAC\xB6
-;tڥ`W\xC6!m\xED\xF4|\xA0\xF1޺q\xA9\xCE{�\x89+\xE7\xAD\xEC⌎\xC0\x98\x81\xFC@�-\xD4\xDB�ݾ\x9F\xC7\�\xAD\xA2Qz9\xD0[Ko6��\xD3�\xADsf\xD7�\xA9\x98>�\xED\xE8\xF5�Ζ��Y5^\xCEKH"\x9F\xEA�\x83B\xAA\xDFK*\xC2�V{l\xC0��M�\xF76ڌ\xECF
-D\xA8\xCEY\xA2B\x9E\xBC\x986\xC8\xDC&�\xF20\xA7
-\xA4RP�\xA6\x86\xB3\xE0�w�\xF6�\xC6'\xE7Sʯ�\x86m\xBF3\x83\xBA(\xC4@]\x8DwWس�\xA7\xE5q\xE75\xBF�w^\x8B\x902\xC0U\xF4\xFEV\xBCU�Ò諃�Å«d��:\xCA ��)\x89@ \x9Ey\xE0� \xD5R<N�\x81\xD3��\xD8^?
-\x88n\x9A�\xBCq\xCB
-1\xBF!\xE7\xD3�39K\xFE|\xFC}\xBBSN\xFB=\xD4Ѽ\xD16\xB6\x83��LDC\xEA\xE4�\xE7\xF9\xB5\xAB\xFC\xFC\xE5n\x91s\xAD�\xA7\xD0d�E�7\x8E\x9E\xADq\xA3�\x9A\x91\xC6\xF74\xAB\xA71\xEFS$\xC8Ô �t�\xAB �\x8B\xC8~\xEAB�{lE\xE2Úš\xF4Niʳ\x94\x97\xA2
-\xA5\x89\x87\xD2\xF4u\x8E\xCA\xE5\xA4,\x8B\xD2#\xC5\xF5gj�\xC4�\xF6 r\x88\x8D&\x82\xE0�\x80q\xE9R�\xB9q)p t\xF5i\xAF�\x8D!)\x8A\xCB\\xF7\xEAFݓP?\xB9Y�\xA6\xD4b\x99\xB7ZEL\xCB蓋\xF9BJ\xE81\xF2�\xF6\x81\xE6w\xE7\x93v\xED\xCA6�x1\xABy�\xB3\xC1XE�J[\x8C\xD66\x87`U\xB5\x90˨\xBD\xA9YT\xD6\xEC\xF0-\xCB\xF8\xF3D\xF6�|\xA3bL\x81xk/�2e\xD03]ۻb.\x97\xA9\xA8d�r#��DDB\xB4-+\xA1\x9Bʙ\xB8A6<\xE3\xA2LZ\xBDWPG|u\xA9n\x9A �\x8F'�HJFQ,\xE3\x8A#7\xC0 \xAE\xDA�|9�\x9F\xBC0\xB3W\xDF5\xF1\xE0t^υF\xC1\x8D\x8E\x84<\xB4_\xD6+c�C\xB5\xD6�\xB7k�e\xA7\x9A\xEF�y\xF5uQ#Ʒ�zI\xF0P�?�/\x8C؄\x98\x80�\xF64�Us\x96�\xB6\xF8\xDEmUY \xFA�Z\xAB\xA0�\xB6|2m\xAB#\xFFu-\xED2\x99\xF2J\\xC2�\xF2\xE2m$s\x96r\x99\x97Q\xD0�:,lB:\xE7�\xBD"\xE5E\x9E�\xE9�zl>\x9C|�B\xE8E�\xE9ɸX\xFA
-�q\xBF\x96D"\xADY�\x95�
-\x91\xB9\xC8�jm\xCB\xEA�\xFF at C�H\xAE�FlM\x91e\x87Hak\xE2\x884A~\x8CJ \xD0\xDE�\xB5\x9B\xC6;2\xFBi\x9C\xE6���\x82`\xAF\xC2��|\xFC\x9A\xBEB{\xD2Y\x9A\xE3\xEB\xABg\xF8F
-)\xE5V\xBC\x99\xC3fË¢X\xB83�\xF38\xB2\xF0#Ö¬\xD5\xD3X\xA7U%\xEB\xA0&t;_>\xFF�(P�\x9D��\xDF8w��\xE0n$3\xF6\xB7\xB8\xC5\xD3J\x96�\xDEbx\xB0�0\xA1\x87\xC0^o�M\xBC?\: j\xBA\xB7�3\xE4�\x8A\xC5.\x85\xEE�\xD9|�\x98\xEB\xE3ц\x9B\xC0\xA5Y�\xE9\x9B\xCEe<\xE8\xF5\xDEd[\xB04\xCF\xCB\xF2\xC7-\x8A\\xD4=\xE4 \x84\xA8�t\xBA\xA2�\x91\xD2DPż\xB4\xEE\xA1bn\xF3\x82%\x9Ft\xA3(w\xF0�0Ò„A\xEB\xD6�%\x96\x9E\xB1\xF0p\xBF \x9EV>\x9D\x80\xC2L\xC0�\x96U\xB3���\xB4Ú™çš�\xAF\xEEn�\xF6\xD7db\x8A��\xEE\xF7e\x95\x85\xE2\x93%\xBD�L\x8F\xED�2/\xB5\xC4c5l�:\xA0\xE4Ï¡\xF3@\x85\xE2o\xAB\x8DW\x86\x8E:�G\xE56\xF3\xD6"�\�æ…ª�Ã\x83�\xFE0\xDEAo3k[+\xB17��\xAA\xB9\x8BvE u\xAB\x90K\xB4��\xBF\x83v%\xD4\xDAR\xAC\xA0\xDD�D\xABkH\xA8�LU\xD0
-\x9D\xFB9\1`Wx\x87c9A\x8F_9HQ#\x8FT\xA3\x8E\xCA_; M}\x8D\xCC\xD6\xD2\xED\xAE
-\xED,�7
->�ßš\xA7\x92\xDF&\xB5\x9AF;\xD8�nn� 1�\xFBpݵ\xC3Ú\xC8�uc0\x9E\xBA\xBD\xB9\xA7T?
-\x9EA\xB3\xC3\xF2\x9Fhv \x86\xE4
-h�\xE8\xEC<\xBC"�\xBC�\xD4\xCE_\x8D\xD9Z~\xC1(u3~\xC6J Y%\xD2\\xF0\x88b\x98�\xED\xBDؕ\x80\xB8\xD5\xDCѼz\xFF\x83ڛ\xC4'&r:L\xE9\x9C\xCB\xF5\xD4aP\xDA3\x99\xF3\xBF\x87vv嫻\xB6A�,\xA2\xBFv�\xC1\xAA\x8E\x8D�\xE2
-\xAF\x93\x8F\xC4�\x9D`\xC4\xD0�\x96\x9C\xE8\x95
-�H\x90g\x91\x85\x9EE\xCEJ\x9F�\xB0\xD5\xCB\xFBk��\x8E��\xBD.{\xB2\xFA\xF6\xFA\xE2-T\x9Az\xA7m\xD8\xC0"'\xA9\x90�3V\x87+\xFAJZ\x95\xF8�\x8D�?Փ\xB2ۦt\xBE\xA6\xBF
-�\xA0\x81,\xE7\xF3\xFD\xC3\xEC(\xEATʢ\xBA\xEEU\xDE\xFD\xF24K\x8C_�E\x91\xE2\xF7Ƶ\xAF\x8DQd{\x91\xA1O\x8D\x8B\x93\x91�\xE4 nGE\xB8\x98\x90\xB7\xAB\xCD�.\xDF.\xF7`\xAE\x9Dlendstream
-endobj
-1533 0 obj <<
-/Type /Page
-/Contents 1534 0 R
-/Resources 1532 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1530 0 R
->> endobj
-1535 0 obj <<
-/D [1533 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-350 0 obj <<
-/D [1533 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1536 0 obj <<
-/D [1533 0 R /XYZ 85.0394 576.7004 null]
->> endobj
-354 0 obj <<
-/D [1533 0 R /XYZ 85.0394 576.7004 null]
->> endobj
-1537 0 obj <<
-/D [1533 0 R /XYZ 85.0394 544.8207 null]
->> endobj
-358 0 obj <<
-/D [1533 0 R /XYZ 85.0394 403.9445 null]
->> endobj
-1538 0 obj <<
-/D [1533 0 R /XYZ 85.0394 368.2811 null]
->> endobj
-1532 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1541 0 obj <<
-/Length 69
-/Filter /FlateDecode
->>
-stream
-x\xDA3T0 BC�S3=3K#K�sK�=S�CS\x85\xE4\.�\x85t\xA0\x9C;\x97!T\x8D\x89\xA9\xB1\x9E\xA9\x89\xB11\x90\x83EV�.\xADknj\xA9g`fA\x82! \xC2V�\x8Cendstream
-endobj
-1540 0 obj <<
-/Type /Page
-/Contents 1541 0 R
-/Resources 1539 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1530 0 R
->> endobj
-1542 0 obj <<
-/D [1540 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1539 0 obj <<
-/ProcSet [ /PDF ]
->> endobj
-1545 0 obj <<
-/Length 3198
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�Ë’\xE3\xB6\xF1>_\xA1K*\x9A\xAA�\x8C7\x81\xCDi\xFD\xD8d}p�{o\xB6\xAB‘8#\xD6J\xA4,R;\x9E|}\xBA\xD1 EI\x90\xB4\xC9\xC8U)� \x82\xCDFw\xA3\x9F $&�~b\xE2�\xE3\xCA\xEBI\xE153\\x98\xC9|}\xC7'O\xF0\xEE\xAFw"\xC2h\xA3\x98\xD1J\xC1C\xE6\xED\xCC(ÇŒ\x93\xC5d6F\xF2\xF5Ç»\xAF\xDEK1\x91\x9CY+\xCD\xE4\xE3\xE30\x97-�\xF3J\xFB\xC9\xC7\xC5\xCF\xD3o\x96妯\xB6\xF73i\xF8\xD4\xDE\xFF\xFA\xF1{\xFAL\xB3\xC2��?\xE30\x85a\x85\xE7.|\xF0\xF5\x87�\xBE%hO\xCD7m\xF3�\xE7\xF2i\xB7-\xFB\xBAmh\xF0\xC7\xEA\xB1\xDAVͼ\x8A�\xE5\xC43o\xA5\x8D�-PU�9F\xA8l@�\xCD\xFC ὘64^w\xD4>lï…›\xB6\xE5b\xF5B�]\xBD\xAEW\xE5\x96�\xFA�[3B\xEB\xFE�\xAD�\xD3e\xFB\}�V�=}\x83oÜ´_V�WE\x80\xE5\xC1�5\x8F\xD53\xE1k\xA83@\x95\x91\x9A\xF61Gu\xF3��GV\x85`\xDEDV\xBB\xDD| \xD0\xCEL\xC3\xD7\xD0~\xAE\xAB\xE7\x8E\xDDÏ´\xB0\x89b�uØŒQ\x82�\x80�1\xED\xA1C2\x86\xD7\xF8nUEDݲÝ�\xD4n\xB7\x9Fb\xAF\xEE\x97�L|\xE0\xCC+X\xEE at b\xFC\xB2n\xA8\xDDO\xEFQ<^#(`}\x8A�\xD6m�O\x86\xB1y\xBBÞ¬\xAA\xDF�\xD0\xF2cI\xE04V\xEC �\x88\x87\x8AZB\x882\xA8���V�q,\xAB\xF9'\xEAÖ\xF1Õ²z\x89/\xCBf\x8CG\xECI�\xA3\xD5#> \xF3\xBAj\xFAU\xFC\xAAF�\xD70\x90\xE6\xDAuu\xF3tÈ�\xDC\xC0L\xA4Å´\xE6\xD0y\xAC\xCA~Gstq\xA4\xDD5�\xEA\xD6Q\xE7G\x96\xC1�\xB4�\x98\x9A<\xB4�9\xD5ب$(XÓ±\xF1\xA8\xD1\xC2�,1�\x9D\xC0,�\xB4
-h1q�\xC0Ab0�\x89\x96\x89h $n\xD7eOP\xC4\xEB!`\xB7\xACV\xABØo\xEBMO\xB6\xAA\xC5\xC8V\x95\xF5Ì™�\x9D
-\xADs\xD3o뇯\x9Ar]-f\x81\xC9\xD9 r Ç\xB6\xED�\xFA1\x82\xA6G\xD6-3�A\x80\x83Ñ¢\x90q�6\xB8!\xA1\x99\xD2V"\xCCl \x9AiΤU$T\xCB���\xE7g\xFC\xD0\xFBz�\xD7\xF2;Z\xFC.ï¤�\x87\xE4U@\xF9\xBE]\xAD\xDA\xE7(/Nn�Ú’\x9AU\xDD\xF5\xD4�\x96�m\x950\x87\xA7]WE\xBD\xE8\x97\xE4\xA8\xC0\x82\xDA]\x9Fƪce\x99\xE7\xE8&�\xA0\xFE\xA2\x9D\xEFp\x82\xF0\xFA-\xD2\xF7\xDD\xC7\xC1\xFF{�B/\xF4D�\xC9,\xF7�\x9D\xFFow?\xFF\xCA'�\x88�\xDF\xDFq\xA6\xBC3\x93gx\xE0Lx X\xDFi\xE9Y\xC1�\x95FVw?\xDD\xFD\xF3\xFC*ÑBT\xCC�\xAE\xCES@\xDFq\xC0�\xBB\xE9\x8BCT\xB3\xC4\xD3L9X�\xEF\xFC�\xD1�\x94�\xBEdJ)3\xD1\3\xA9y�\x96\xAF\x9C\xAF\x8Ee$\xA4`\xCE*\xBF�\xFC�!I\xE6\x9Dsyfg�\xC6\xD9�e\x86D�\xA4΀�8 �m"g�(�\xB0\xA0h��QW�\xF7��z\xA8rJ\x80.6�[-$sN\xB!
B\xF8u\xB9Xl\xAB\xAE;�\x85\xB2\x9A T\x97[I"!\xBC"�e�&\xEC\xB1 \xC0?͗'$\xFA\x82Y\xEDnIc\xC2x\x85H\xCD!/Q\xA0\xE1�D�\x8B?]- J\xEA\xB9O\xE2\xEEh\x85��\x9An\x83> ��^h\xC1\xD0\xEE\x93S�\xAD�t\x95Kn/*\xEE\xD14\xE0��+\x84�G\xA9�\xB8\x83\xE0vر\xF8��&!盌\x8D\xE7u\x{1885AF}8\x88\xF7\x8F0q\x8B\xA9\xA6\xB3WL\9\x98CquI\xB7\x85\x86<\xB5\xD0j�\xFCj3O�gc\x94�25\xAC\x91U\xE2\x90̬v�Xt\xA9a\xC6\xDB�\x990^#\xD2I&Ua�\x89<\xA3\xDD\xD62+\xC0 H5\xDF\xDDC
-\xE0b\xEC\xC3�:\xA2\xD06U\xECl\xA9�g\x89\xC7\xF3\x83\xFEJ\xC7S.QoN��<\x98u\xE2\x86\xEB7`\xBC"�U�\x88\xFF\\x9C\xAAY\xCE\xF0\x83F\xEB\xC8ƛ�\xA7\x8E\xB9}6sʧ\x86\xA2\xCC�no\xC7\xE7\x80\xF1
-\x9F�i\xC7�\xF0\x80\xCFͶz\xAC\xCFp\xAA��\xB9!�\x9D\xE5TE\x80O\x90\xA0�\xB3\xEA\xC0\xED�(No\xC7j\xC2x\x8DU�\xDFkq\xE49\xEAE.\xEEF\xBF\x9AØœY\xA8\xF7\xDAm\x86]Ì¥\xD1\xD6\xF4\xA13Τ��\xE2\x9D*\xD0Ì\x83\x8E\x91\xAFf|\xC08�\xA3<e\�\x80Ú¢\x99'\xB0�)�\xC4
-=XdJd\xDFP\xDE\xD9UՉ\x85\x9A\x82I�zc�\xE8\xE5\xF6iB\x9D�G{��\xFC)\xCDG\x8Av\x8C�\xE9\xF9\xA9\x9A\xEF3bH\xF4!\xD5?V/X�#
-q@\xCF\xC9�\xC9 u\x85\x8ASlC5\x92�\xB0\xA3\xD0u\xAB \x9BL\xEE\xCBQ\xA6/\xCE�X\xA8m\xBC\x84\xD8t%\xC0�P��\xE3V\xD7W\xDB�\xE1\x95 at o�\�\x84\x97B\xEB\x9E\xC031�\xCA@\xC6\xDD`\xC8�\xB4\x80\xB3\xA0\xF9\x98\x8D)�\xE3��\x86D�[\x8C_\xA1\xB3%\x90K\xF1K \xA8\xB0\xECy\xBF\xAE\xBCb\x9C\x83\xCCo$\xA0�\xDFE�)o �\xB5j,\xA0s\x91�\xACL%k\xA7\xBD\xA1\xC0\xFB�ͬ\ex\xB6\x8A�g\xFDy�o\xB8\x81�]\xDB[\xF1<\xE0\xBBȳ\xE1�\xB5V\x8Fyκvp�\x9Eig\x8E\xB2\xE7\xB2Y|\x95u\xF0\xCA1-\xC0\xA2\xCF-\xB1\xF4�"\x9E�\xB7\xAE5\xD3PS\xBCÞ'\x8C\xB31\xCA\xCC2s(\xEF8\x906\x80\x85\xD0\xDDn\xFB\xAB)
-\xBB�[\x83b\xE4]\x8Ea��\xAB\x94ç±|�4\x9A�\x9DÄ\xB8�0^\xE1Z�\xD7\xC6J}\xC8\xF5�\xFB�^\xB8\xE1r\xE0�j/+\xEC\xB4n\xE6\xABݢ‡bÚ†=\xDFLd�N\x81\x9FAo4V\x943�\x91�SY�\x92Q@�\xF7\xC5
-\xD4 b\x9C\x8DQf\xA2\xBB\x87ʴp\xFB\x89\x93<r�[�U\x9C+\xFCx[-�\xC8F!\xE2uQ\xE7\xB8RԷ\xAC�\xC15p!\x8Bk\x81�rac\xB4 </\xDAuY7'\x91LyVx[\xECa_�\xCB�\xC6\xD9�e.\x9AIH�\xCC�\x95\xE7\xF6\x83\xB8e�\xF7L\x86x&\xB5\x9D\xFE\xB6\xBB�\xA0\xC6a\x97��\xBB~K[\x95\xDAL\x9F\x97u8`\x80\xE1\xE7:\xEC\xED\xC2`\xD87\x86\x91\xB81\xA9\xE3ღ#�h\xBE\xFD\xE1'�G2\xDE\xD0\xD8#\xC6C\xECT\xBF\x97\xEBYn\xCB\x93\xB6'\x91Rg�JB\xBA�+\x96\x8C\xF1\x85\xF5U׳\xFDz�\xF1
-\xD6g\x9DM\xB1 q^Pב"\xDC*\xEFJ\xAC}9\xCA\xF4\xC59u\x95�\xBDMa\xAE\xA8\xAB\x84�\xAC\xD6bP\x84s\xC9
-dKF\xE8\xB12dw\xA3CF�:\xF1P\xEFBF\xE3!\xA4�C\x91\x9F\xB7�(9\x98p@\xCA@\xE8\xEB\x8B\xF2\x88q6F\x99\x89x�T\xA8�\xE2TD_ZÈœW\xA1\xB88\xF6\xF5\xEB\xFDGz<i=Ô°\x85\xBC\xA6BN\x83\xF1\xF8\xB8\x88=\xBA\x86s�/\x81\xDE\xCEß0^pw�$V\xF3z]\xAE\xAE;\xBC\xBF\x87\xE4�\x826\x9Eq)\x81^i\xB7\xA5\x91\xBA\xE9\xAB'�\xCCa\xFCs\xB9Ú…��\xDE\xF0\xF8\xC9\xFE\xF0\x85`\xA41\xF4\xA6\xAB6\xE5\xB6\xEC \xDE\xC6�\xDA��\xD7\xE5\xFC\xDC/\x90R\xFC\x8B\xFD��\x91\xEAb:\xC5\xC5#\xA1.\xB3\xA9k @;\x93\x82\xAE\x90*k\xCC\xCCk\xE5�7V�\xB0 \xEE[�\x80\xC6Ý©\x9C\xD2��\xB7)[M \xAD<\xDCt\xC38\x9D2A�\xFA�Jw�\x9F\x91\xA0\xCA\xEAz\xBE0\xD6\xCB\xFFße�iP\xEE\xD8k\x87G\xD2r(C!\xB1\xA6\x8C_\x9F=<� owx4Fy\xE1\xF0\xE8\x80\xC43\xB5\xDD\xD1\xE1Ñ»�\x92~H\xE9\xA6�\xFE\xF1Y\xC7n\xF82\x9Cawq\x84j@\xE8r�\xF4\xF3pV�^\x90\xA5\x85\xEE\xFEx3<Ö¹\xA3\xA7\xA3�\xF4\xBC��\xAB`J��j똓\xEA\xF5Y×€q6F\x99I\x9A�\x94\x8B�\\xF3 v\xD9�A\xAD�\xAA\x91\xE2b\xD3\xD2\xD1\xEB�{�i\xDA\xCD�\x92t\xDC\xFD_D\xA8\xF4\xC99\x8Bp\xA1Ô¼\x96@�'\xA0\x9E.n\x98n\xECy\x83H\x8074\x88�\xCAK�1&\xF1\xCB
-B+\x8D\xF6`\xB1g\xC6\xE6 \x9E]\xBB\xE4\xD9û\x9CgG2=\xD0�1J\xCE\xC5\xDBŃ{\xFB�\xA6ҹ3�(Y�'\xF6U8\xF08\x9A\xBF\x9B\xB7�\x8CBHU\x99nS�gAz\x907��\xA1\x81P\xBC�\xA2
-\x867\xBCÙ\xBDe\xF9\xB9ž\x9B\x96\xEB\x87\xFAiW\xF7/\xF4�7N \xB4\xAA\xB7\xD4
-3�\xF0\xBF1O�ÓŽ\x9EÖ».\xA2{\xA8r7b�uG\xD8)nj\xC1C\xDC\xD4B\xE0Q4\xB5\x9B
-E\xDCͶ.\xF1\x9ERE\xE3a\xA2\xD0\xFB\xF0-}ING\xC7S\xD1\xF0jC\xF7\xB0\xE6\xE0g\xB2׋\x96�\xB1\xE7ᚚ�\x8AB\xF2\x9FBH\xA6�,h\xB0]@\xF2\xBC\xAE{\xBA\xE3\x85\xF2\xE6|\xFA\xA1\xA7wu\x84\x81z)\x90\xD9<\xAD^h\x84d;o\xD7\xE0\xE6�\xC4^\xB8V\x93!�j(\xC8�\xA4�\xAA.�\x9E\x938\xC4Q\xCCM;�\x84��7�\xC20,VC\xA3\xCDn]m\xEB9
-\xD7�`\xB7\xC6\xE3bHd@�\x95\xF6\xE1.��R\xCE>Ë®E\xB8\xAD\xE7\xE2M7hC\x81�-\xF1\xF5�\x96�\x9F\xCB'H\xE7\xE9�\x94\xED\xA5\xEB\xAB\xF5\xF1\xBD\xB2t\xE3��\x81ȧ\x8A\xE9\xDF\xDA\xE7l\xD57\xBA@\xA7P\x985^\xF1\x83Êœ\x8F\xEF\xD2\xE1c\xDDQÛ´\xD4v}\xD9,\xE8\xEAÜ‚FÖ 1$CΩ\xDE�p\xC1�×Q\x98�\xAF;,rÄŒ�H\x80!!
��\xB2�r:\xDFm\x89\xA2x�\xCC{Xu\xEC�\xFA \x81\xDC>\x96\x89\xFA\xF1d�\xC1\xAE\xEA\xE6S\x84\x85y\xB2K1\xAC^\xBC/7\xDCB\xF3 \x9A\xDD�7\xE7\xAA�R\xC3ѣt\xBB5U\xEA
-*3\xEB\xDB��k =��_>T\xFDsU5Y\x96�\xD9aJ\x92L\xE8 \xB5a\xF1 at yއ\xD2χ\x98\x8E\x97\xDE\xDED\xC6\xF6\x90\xB3U;/W�\xC5(+8\xF5y�2xk\\xF2y\x8F\x95\xE3\xE0\xEF\xB2;\xAD \xF2\x80`T/U�2uU\xD8$V�*\xFB\xBE\x9C/C�\x8E \xED�\xE0~\x852\x9E\xD8Zf\x8CJ[}M\xC5s�\xC0\xD3\xE9L\xBC\xBAVFJ�"\xFEn�\xF1?\xAC_\xA4 \xEB\xF3\xC9!\x83I�\xAE|\x94ß\xF23�\xDC\xCCpf\xEF\xF8
-\xF8\xB8�\xDA>\x953\xC1y\xAB\xE0\x85hd݆\x83 \xACN\x82\x9Dv\xF40^*|�-UE\xC5\xCA,Mu\xB8\xBD\xBDz._\xE2}4\x8A��w\xCF\xF6\x81B ]\xB1\xAA)\xD3uƦ�.\xB0\xB5\xD4>\xA4\x8Bh\xE3(p>��e�\xAFL\\xFE\xC8홢\x80�B_Ûq�\x8A%!Îœ��a�h\x98�\xC0^\x9D�%\x84\xB3�\xC6�y�\xD2X<\x9F�\x93w6
-\x82~1\x9C\xFA\xBC˥\xEF\xC2\xE2\xCD\xF0b8\xF5Ч\xA9\xBB\xC2s�s3F�\x84\x97�\x85\xC0\xC44^9\xFC�F�v\x80\xB2\x87;\x87\xB5p&\xB3UZ1ɵ\xBC�\x9B�\xC2\xCBl*m\xE1\xF3/\xE32\xD6
-\xD7J\xF4\x91z\xBFrK�&\xA5uh\x8DL\xAB\xFC_�f\xE9\xBF�x~\x8DUÈŸ\xF2s\xC8\xDA%\xE8Y�B�\x94?a!\xFD\x9Fa\x8F*M\xF7�Q�O\xA2endstream
-endobj
-1544 0 obj <<
-/Type /Page
-/Contents 1545 0 R
-/Resources 1543 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1530 0 R
-/Annots [ 1551 0 R ]
->> endobj
-1551 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [356.2946 363.7923 412.5133 376.6291]
-/Subtype /Link
-/A << /S /GoTo /D (address_match_lists) >>
->> endobj
-1546 0 obj <<
-/D [1544 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-362 0 obj <<
-/D [1544 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1547 0 obj <<
-/D [1544 0 R /XYZ 85.0394 576.7004 null]
->> endobj
-366 0 obj <<
-/D [1544 0 R /XYZ 85.0394 479.565 null]
->> endobj
-1548 0 obj <<
-/D [1544 0 R /XYZ 85.0394 441.8891 null]
->> endobj
-1549 0 obj <<
-/D [1544 0 R /XYZ 85.0394 424.9629 null]
->> endobj
-1550 0 obj <<
-/D [1544 0 R /XYZ 85.0394 413.0077 null]
->> endobj
-1543 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1555 0 obj <<
-/Length 4323
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD;\xD9r\xE38\x92\xEF\xF5�~[\xB9\xA3\x84\xC2}\xEC\xF1\xD0\xD3뚩ٙ\xEA\xD9no\xEC\xC3\xF4D,-\xD16\xA3t\xB8E\xAA\\x9E\xAF\xDFL$@\x91�$\xB9ך\x88
-G�A J$�y'(\xAE8\xFC\x89+c\x99
-2\\xB9\xA0\x99\xE1\xC2\Í–\xEF\xF8\xD5�\x8C\xFD\xFE\x9DHs\xA6y\xD2t8\xEBw\xB7\xEF>|T\xEE*\xB0`\xA5\xBD\xBA\xBD�\xC0\xF2\x8C{/\xAEn\xE7\x9DX&\xD85@\xE0\x93�~\xFC\xFC\xF1\xD3\xEF\xFF\xEB\xA7ï¯\x9E\xDC~\xFA\xF1\xF3\xF5T�>\xF9\xF8\xE9O7Ôº\xF9\xD3ÍŸo>\xDF\xFE�o\\x85\xC9�\xF8\xFE/\xB77?јM@~\xF7\xE9\xF3\xBFSO\xA0\xC7�\xA8?\xDD|\xBC\xF9\xE9\xE6\xF3�7\xD7\xBB\xFDã»›\xDB~3\xC3
-�\xAEp'\xBF\xBE\xFB\xEB\xDF\xF8\xD5�\xF6\xFD\xC7w\x9C\xA9\xE0\xCD\xD53\xBCp&B\x90W\xCBw\xDA(f\xB4R\xB9g\xF1\xEE\xE7w\xFF\xD9��\x8CÆŸ\x96�\xA8\xB5`V�u5\xF5\x96Ig\xCD\xF1ei �˦\xA6 \xCC9\xE3\xF7V\x9DZϬ\xE0x&\xDC3)wG\xA2\xC5\xE0H\x9Cf\xC1\xBB+�@\xAC\x92*\x9EH\xF3\xB4O�\xEF\x98Q!즽\x82(� {_&\xC94�\x9C�!�b�83r�\xBD\xA7\xF5\xA6C�?|\x94r0WHh;\x85K\xE0\xAC\xEFW\xC8%~\xF2\xE9/\xF8t\x83_\x8DVÐŽ9\xE5m\xFA\xD1j\xBB\xBC\xAB7�\xE0\xCA0o\x8DIÓ€\xD5d\xB0\x93\xDBǺ Q�\xDBx}�\xA0cA\xA9\x90\xA65-!\xBBh\x96MW\xCF \xE3nM\x9D<\xBD>n\xAE\x85\x9F\xAC\xB7�\x8F\xD4�\xF8(\xF3�a_M\x856\xCC\xC1�S!X0FF\xA8\xCFM\x87S\x85\x9B|\xAD�Ûº\xA5\xF6]\xBDX?c\xD3O�\x97\x9A:\xBB\x97\xA7fV-�/\xF4�W\xAA\xDBn\xD3\xCC��\x91Ð\xEE\x{DD58}\xB45\xB5\xEF\xD2\xFC'BmV\xB7-,\x83�\xF11*\x9Bk\xF8\xE1jÕ¬�\xAE\xA7\x8A\xDBI\xD5\xE2\xD3\xD0B\xEBu��\xD5��kE\xC3\xEDzYÓ„Y��\xDFC[\xF2I\xB5\xCA?\xEE\xEAM\xD3~\xA1�\xBFp\xC3\xFF\xE7\xBB\x82\x87\xA0\xE1\xD9c\xB5\xA9 \xEFMz\x85\x9F\x8D0"\xB5s\x87��7Ù¶\xB8AlE\x9C�\x80\xA7קE5\xAB�׋y�d\x88 \xF8l\xEBE=\xEBFs7\xD5j\xBE^R\xFB\xB1yx\x9C\xA6sG*\xCEK\xF4 at nd\xFBR\xA6�0\x85�\xC0\xEE;\x89}\x9B�\xD0 �
-4\xED\xD54�f\xB5P\xBF�d\xFE\xC51\xB5b\x85dƃ~?\xA5Wl�\xCC�\xAB\xCF\xE8\x95~\xDA\xC5\xF4\xCA�\xE2q\xBD2B\xEFiS\xDF7\xDF^\xA7Y\x94\xE2Q\xB3(�&\xAB\xBA{^o\xBEPg\xFBTϚ_8\x97\x91\xAB`4r\x95\x8A\xCC{\xA8+\x84\xF2\xCCk\x9D\xF5\xCA!\x81\x94�\xCC\xE3>/F\xA1�\xE2��)8A\x8F6zD\xA3j>/i3\xA9\x80q\xC1V\xD26P\\xC1\xC2ޯ�\x8B5(\x8B\xE7H
- �j\x8BH
-\xA2L\xBB\xA8\xDAǤ\xBE�0|\xB0v,\xA2Q\xB2?$\xC9\xD6H\xCB�@\xD2 \xA1{\xACW\xD4�-j$\x89\x8B\xC3\xEB{\xEA\xBBk\xBA\x96Zͪ\xFFa\x9A^w˪\xFD�z\xC7k?\xB9\xBD��\x84\xB8Y\xA0\x82*\x88\xEB\xDFI\x96\xD7x\x96NDh\xF8\xAC\xCA�%\xA8\xA0\x8F\x9E\xA8\xF4\x9C\x85 ?\xB1ΰ\xA0\xADx\xF3\x89\xF6�\xA7C\x90\x87'*=\x9C\x92�Ϧ\x9Fv\xEAD�\xB3\xDC\xE6�]V/\xB4\xE35\xD8'\xB0�@6\xEB\xD4\xE4\xE3zC\xDD\xF5\xB7j\xF9\xB4\xA8\xDF'@bOx\xC0:\xF9�IH\xF7\xC1\x97Ö³\xCC8.�\xF6�\xE1vdaa\x8F\xDA2\xCFÕž\x81Ë’w\xB8\xAA��5i\xBF(\xE3\xF8W2\xC4\xD0T>�\xE2d2M\xCF �\xD8V\x82\xAE�\xF9\x84\xA51\xA7ag\xD0ȼ�\xF2��\xF2\xDF#\xCA$S\x8C\x90%�i �\xE9F.�\xE19\xCD4\xD2pfÒ\x85\xE8�\x81$\xF8�B\xE9\xF1\xBA\xA5s \xC3E3y\xF8i\xF2�\xE0\xAE�y\xFA\xBA\xB4\x82u0\xE0|\xEFZ\x91B\xF0�\xE8\xA2\xDC\xF8\xBC\xFF;\x8A=\xB8ɤf\xEF_\xA2?\x81\xEF�>d\xF2CjÔ¿\xDFh\xA0Y}]/\xBE\x8E\xE7)P\xDD_-\x{6276D7E2}\x87\x83\x83(
-\xD1\xF1i\xA9#\xB3ßž6\x88\xBF\x81�Z\x92``\xE3.u\xEC�Dq\xF2g\xB0\xB7{\xAC:j\xA1?\x93\xFBRc�i\xE8yn�\x8B�\xBF\x9B=\xA6i\xD5\xECË´\xE4\xC9\xD4]KgrOJjIo\xD5\xEA\x85��\xDD\xE3\xCE\xC6ÐŽ\xBF\xCD5\xD8y�d�\xF4o \x99-\xC81o\xC3xh9\xA5N{�\3)�Y\xBE\xD4/\xFB{��\x88 gv\xF3Þªz3\xC0\xE9�b\xC1\xDD \xE5\x86\xCAt\x84_3/\xBA�@\x87\xD0��ß—|�δ\x93Yc\x80\xDBY5\xAB�#�B�\xD2\xE3.\xB7\xD3�â™J�\xE8Ik\xC6{]U˺\xAC\xF4!\xAA\xCBJ\x88\xC4 IC[\xAF:\x92Z\xA7\x92\xA8@#Â\x96\x8E&�{*z\xB4\xE0\xF3'o;\xBE\xE3\xE1�!\xD0�\x91.P\xEC�\xDDwÉœ88�\xE3\xC4X\xAC)�\x88\x82\x84v
-��8\xF6-\xC4�\xCDz\x95d\xA9\x9Em7MG\xC0\x8F\xCBÔ[\xDF& \xFB2\xA5.)SV3gO\x8B\x94�\xE7Bq\xEDωT?\xEFb"5\x84x\\xA4F\xF8-\x9A\xB6{\x8DP\x81�\xAAirl!/)e&\xEBU\x9D:6\xF4\\xAE\x89\xA9
-R\x88'\xCDU\xB6r�\xC2(e\xC1\xF8\x9Bp9\xCA\xF4�ÏF\xA1\xDB�&uL\x9B\xB2\xBAI\xECO\xBB\x88q\xB61\xC0\xE4O�Aw\xE4\xB6\xEB\xE4\xB6c\x{1F266D}�\xEBUK\xFDÉ¡�!R\x82)\xB0\xE0#i\xAAW\xF3du\xF9\xC0m\xA8\xB2�%P'DhÇœ\x97\x92\xA0\x9C\xC4y=\xC8\xFC\x8B\xA3�$!~�\xEEtn\xCD��+h}:!\x84��#t�0)zw\xEB\xD5tU?T]\xF3�y\xD3\xF2\x89\x92S�kh\xB4Yu\xF5CLO\xC0 FK
-\xAB��\xA2w\x94\x99؅E8\xE3�\xDC\xE5�=(�\xE0ԗ�q\xCF\xC5�\xA2\xE9`\x9D��\xC1i�K\xCD�\xDB�\xB0\xC0h�S\xAD*L>\xA1\xE3\xA1$\xAC5\x9B\xD5O]u\xB7@�\xA5\xA5t�
--\x9B\x87ǎz\xEF\xB7�P\xE4�꿫K\xAE\xCC.\xFFe(\\x8CJ8jh\xCCְ\xDFo�\xBD4I#??6\xB3\xC4\M�J\xFE�*\xF4��68\xBB\xB7\xB1\xC3?TG\xF3\xC8D\xF24\x87ɘ\xCF�\x94ƨ\xBA\xC7�-
-QF �\xF7�߬\xA5�\xC0\xE9�\xE2!~\x82K\xA6=\x84@#�\x8Fx�Bxƅ��\x80\xF5\x93_\xB7kRD\xD0\xC6|dL Z\x97\x8F�\xBB\xC9[\xC6V\xCC\xE9\xC13\xE5\xF4\xA0�\xB3/\xF8\xA4�\xD2�WG\xA6�n\xD2n3\x8C\xAA-\xE8\xF8\xFD$ ؇\xF6\xC32f�?,_XW\xB7�\xDB\xF9_\xFB\xBB\xB1�\xA5\xDE
-\xE3\x9A2��N\xF8R\x9A\x8E�t}\xC1l\x9F\xE6 �\xC3\xF8S|�*�\xA6{;JÓ—\xF8\xB0\x9Fx1>�B<\xC1\x87#�\x8F\xB9�\xFB|�\xDA)y�\xC6Pr {\x8A =�~yoP�\xD9�\xA0\xB3\xB1\x97\xDB\x82wf\xFB2xf4 )�\xD0a\xC4�H\xE4L�\xBABq\xB7ôˆ¿‰d \xCF\xF8�\xA2Ê©\x90B�\x91x?*h\x94\x9AM\x9B\xBC�\xEE0Õ±�J�Ó¥\x9AkJ\xD4\xC1\x93�u\xD0 _|I- <�Ü�K2\xEE\xFA��\xAD[\xC8Ä \xC4\xC8l\cf\xF29/\x89v&.\xF9\xBC.\x9C\xA8�Lz�\x8E\x9E(\xC8�S\xD2\xCB+\xED5\xB3V\xBD=C\xDBC\x9C�A�\x9E\xAAF
-#\xDCn\xE1S\x87\x9A�\xF2\xDE\xD1;\xDC(\x84x\xE0qIc�+��\�\xBE
-\xE7�\xC4\xC9I渗o\xE7\xE3�q:�Y\xE0dL\xAFFU\x93\xA7EA^?\x97\xF6�\x9C\xA1\xFB<]\x9F~�\xC3\xE3�\\x80\x9C\xE6,\xEDU \x900 Խ\xD8^{\x88g\xF6\xAA@���[�\xED�\xCBKg��\xEC\x9B6*�I-\xE4ap\x8D\x89q\x90\�Y\x9CA\x9Eb�V , \xB9�\xBBg}\x82\xA9 at Hp\x8D\xA43'�\x89\x99�\xAF��\xD2r�4\xBF at N"C\x9C�A\x96r�
-\x90\xB3r\xB7\xF2I\xA6цg�>\xAC\xB9�R\xFD�/�\xD8S\xCC��\xC6"\xCA\xC5\xF6\xDCC<\xB3gea\xCFΆ\xF1\x9EO2Ï |c\xA2&N�?+l�T\x94\x93'\xE5F;\xC1\xB8\xE4\xF6r[\xEF!\x9EÙº�o�t\x89~\xCDqc\x9A�,\xB6\xDBSz\xCB-Z{\xADA*Ö©\x81\xBE\xA5\xD6j\xB2\xA0DS�\xBB4\xA5v\x8B\x95=�\xCA\xD4yy\x8A9\xB0h�\x99C�5\x83{\xBBW\xDEC\x9C�A\x96\x98�K�\xC8�yÚ«5��\xCC \xBA\x8C\x95�\xDC\xFE\xB8\xF232\xCD\xCE0emط̨\xEC��J\xEB1\xCD\xE92\x82\xE5\x9C.6\x94*�
-\x9C�i\x8F\xA5�\xD1\xD5\xF7&\x92:5w q|\xA3�\xB05\xBAJ\x81�qEؚ��s\xF6�KZ\xCD\xEC\xE5\xDA�
-ae�9\x95�B\xBA\x98\xC0���\xB0wt1!\xFE`w1�_c\x98��\xB1X�\x93\xBD�\x82\x95:\xE9�!u3?�\xA3�<Np}88W\xA0\xE3Y\xC0l\xEB\x9B\xD5n\x868�\x82,\xA8]e\xC1 \x83~ì§uP\xD4\xD9hi�\x87\\xACZa@\xB1�\xFF[2�\xFDO\x8E\xC5K�4\xA4\xF4\xEEtrUst?\r\x85\x9B\xBF\xD7G\xE3\xA5<\xF1r\xF1\xD2 \xE2\xA9xi\x84!8믉\x97\xB4\x92�\xAB)M\x85\xED\xED\xAAm�V\xD1݆\xB7\x9C\xB4r:\xBA)\xCE\xC5��G\xC8\xE7\x87Æ—\xFA\xE5\x99R\xAF\xF3\xB6\xA0X$�f\xB1*\x87\xD6\xDBUN��\xE2�\xA7 v\xB8\xAD7�h\xE0\x{1C28C8}i\x9D\x91\xA4\xCF\xEB\xFBj\xBB(\xB1*h/\xAFÕ¸^I}{�\x85O\xB4S�da\x85\xA6Z!\xB4@\xFFT_\xEAÔ™ofÅ—T��\xA3\xA3\xF0�6\xED*\xB5\xFFZ@\xC81\xA7}\xA6Æ¿
-��\xE0\xC1fu\x90\xF2\xF5\xE0He[\xC34\x88\xE7Xc{\xAD\xADӚ;\xE58��\xF6�G
-\xFC\x8FgI\xDA5H=\x99Õ›�\x93$\xF0��'\xE8\xC0e\xDDE\xB2\xE0 R\xA5\x90 Ü¢n\xD5T\xE0\xC1G\x9F\x8A\x8Fo}\x9E�_R\xAC\x89ML4\xC7�\x92\x8AF�C\x83\x91\xEA\xE8\xD7˺�-��/Vf .\xE5 \xF6�i\xBEwf$f\xAB;\xAAEik">\xB6Oqb�\x8BK8\xC2\xE9u\xBE\xC6\xF3\xC4�\xF9�0\xB2 d7t\xBB�\xFB\x975���\xC8\xF7J\xFE���<\x9B"*8\xBD\xA5\xAA\xD7/R\xEA\xEDj�k\xC5 P\xF8\x9A\xCAa\x9BÝ„*M\xBEkR\xF9,w<\xB5붹[\xD48 �c\x9E�\x97?\xF5\x89z�\xB3\xA2\xE7A\xE1\x9B�%%`\xD1� C\xF9s\x8D��\xF9��\xD2\xF7\xDBS\xB5\xA8VX.ki(\xDEÄ'\x9Cz\xD7̶\xE8<Å™C. �Uq\xEF\xC8��\xE7
-D"\xE8\xBElQP\x9C2&b\xE0G\x8A\x83�\x82E\x93\xB7�@�\xC4\xE9�d\xC1ꡤ\xE0\xFD\xE1~\xDA \xD5)-H\x95\xE8\xB3�\xA9\xEA8\xAFA\�)\x89\x9D+\x8F\x8F\xF1\xD2&\xA5\xC3_r
-��\x98�\xA0\x9C\xFA\xEEv\xB9駱�\xE6!\xE5\x9Ej\xFA\xBC]\x82\xA72\xC3Û›vt;�oK\xC6\xCE\xF5��\xE3\xEEJh\xBC\xE0 \xFD\xBB\xDCI\xEC}\xA1ÞŠ^\xDB�\xB8)\xABk1y\xA0\xF7{pwÖ›.h\xDD=\xCE\xFA\x8F�q��\xAEÏŸ�U7\xDE\p\xBDC\xF8\xE5�\x8C\xBE\xF0� \xAC\xA4\x98|i�ë»—\xAEnKn\xAB�U.uÖ·>\x86\x98=b\xCBc\x88\xE9}Ä–\xF5C\x95�\x9B*��I\x8B!t�\x98\xE4"S\xE6\xF7�\xC0\xF0\xE1\xD5�>4\xFDm#�\xA1\xC3~>o\x88~\x9FP\xC0 \xC8�55c=�\x9E\xE8\x8Flj26\xBF\xEB\xDF�]\xF4\xCBs\xBE\xEB\xFF+\xDF,\x8E\xFE?\xC8�\xD6\xC8�\x83\xCA\xFC1OY\x9C\xF7��\xDB\xF9\xA2�\xF5*+oD5ic\xA5D\xAFl\xB1;*[lTi\xF0i\xDD�\x95\xAD\x8A׉RÄ¡\xE2�\xC2HƸ�~912>\xD9`\xCA \xB2Ò4\xE5\x92\xCA|�\x9A\xCF\xD3]\xC5}\xDD�\x9E4�Tq\xEF\xDBtV\xCD�\xEBiÖ’{[\xF5�\xE5x\x9BU)\xC6*i\x9DXL\x83\xE5\xE9\x86�X\xF4%\x88u\x9D\xEER\xE3\x85t\x88\xB1\xDD\xDE}<\xAA\xD4I\xB3�\x921\x8C��\xF4Ô \xE1\\xC3\xC4\xF6\xCE9\xC4y}E�\x87p\xAB\xFC\xDB=B:\xF3�\xE2
-6�"�\xC0!\xC6U\xF0\xF3y\xD3�\xEFK\x81-\xCF7:\xA4I
-��w \xB9f\x89!
-X1z}\xA6;g�\xAF\xAE�d)\xB1\x9BJ\xDAý&\xACݢ�\xEC�t5\xCE\xC6k'\xB9\xD0b}\xD2�\xAFD�ko\xDBmbFA\xF7#c\xE3.R�[\xCFU�[ӳ\xAD\xEEk\x9A/ѓ\xA1Ί�_\xEBM\x9A\xDD\xEF"\xB1eZ{|ݒj\xC9\xE0�\xBCB\xBEN\xF8\xCF�\xD3\xDBY\xB3l\xDBhzt\xD8\xD5y#Ir_\x95,\xDBs\x95\xA6\xE5\xC2\xEF=y\x84\xB3\x9A\xBA\xD39\xF5\xF5b\xE8j\xEB\xCD\xD7x*8\\xA5\xCCf^}\\x86\xE8\xC0?9U,�\x86so��\xFF\x91\xB7\xE4 N`
-�;\xA7\xA2N\xA1\xA1�Š\xB8\xF3�\xFA^\xA3t\xA5\xA7\x9Fw\xB1+=C\x88ǯ\xF4\x8C\xF0#\xE35D�6
-t\x85U.\x86_�\xF1�\x82\xB1\xD6�Vt\x84\xE0j]
-\x89\xB9gÚ¨l\x81o(kth\x85�g\xDA\xCAli\xD2Y\xEC\xFB\x88\x82Apz\xDA�R\x8C\xEF4E�\xA3\xD1M�\xBC\xBF\xEDE\xFC\x80i\xAA@\x9EOE\xDB\xE0�I\xD1\xA2\xD0m\xB6\xF5\x91\xEB\xE2J\xA9\x83Z\xCB8lgƇ\x8C\xE5}\xB5h\x8FTꀗ3\xE5\xAA�\xF5!\x96\xF0�\xD4i�\xD1̲��@\xA5\xF0�\xF6\xF3 \xA4\xF9}\xBAr\x94<\xE2�\xD4\xE8NÉ \xEAqPY�\xCC\xF3\xFE&\xBF(�O8\xBD>\xC5[\xDE4 Q\xC6e”\xEE?�L\xB0س\x89\xAF\xA1h\xFF\xFF\xBD�\x85\x85f!\xF4i\xFD�Q�\xE7\x9EÒ\xF3�\x82\x8F\x83\xA4%\xF8pT\x86\xE9\xE7\xBEY\xC63\xC4\xE9�dI\xC65\xD3*\x8C\x91\xA4X\xA8(\xE70\xCB\xCAÌ?\xE2�B�\x9E^\xB1T\x8D\xE5"k\xC2Ia�\xF8\xF5H�\xAF�\x9E at +\xF4\xF7\xF1_!ꯀ\xD15\xF7/g\xBFy|%\x9C\xE9S\xD5b\xD1謫y�Þ¦\xBE\xDF\xD4\xEDc\xB1h��l¾\xF7YV\x8D\x9A\xBE\x8DIe\x98\xA3\xC8\xE5�^\xAF��~�@���\xABÓ•"l5\xA9\xA7\xA2�\xDE
-z_�\xB0<^\x84V\x97\xA3\xCET\x82\x98�P�{�\xD0Q:\x8D\xF7\xF4\x9EB\xF2#\xBA�Lt\xE8\xF9\xEE�\x99P\xA5�\xB3\xAF\x9D\xF1sԃoFy\xE8?am�\xD5ך\xBAbh�\xFB\xBA\xED�\xB5\xE2Ū\xE3\x9Ao\xA0S.uOo\xF7%\xF6\xD9O\xBB\xE17\x8E\xBB\xBDO\xBB\xFFo\xBF\xEA\x93S\xE0ox�f�"j\x88\xA1E�~�~\xF0i\xB8��\xC0�̽\xC6oq|\xE9\xFBq\xDE�\xFD\x9B\xBFV\xDF}˯�S~p9a\xCF\xE0{\xAC�DZ#\xACxi\x94�|K/\xC0<+\xDB\xCF�\xA0\xFE\xBFx\xAF�\xF5endstream
-endobj
-1554 0 obj <<
-/Type /Page
-/Contents 1555 0 R
-/Resources 1553 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1530 0 R
->> endobj
-1556 0 obj <<
-/D [1554 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1553 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F11 1451 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1559 0 obj <<
-/Length 3057
-/Filter /FlateDecode
->>
-stream
-xÚ¥Z_s\xDB6�\xF7\xA7p\x9F*_-\x84 \xC0\x97\xB9\x874uZw\xD2$\x978s�M'\xA5%\xD8\xE2\x98"�\x92\xB2ã¹»\xEF~\xBB\xD8�HJ\x94\xDC\xF6F���\x8B]\xECb\xB1\xF8-(y�\xC0O\x9E\xA6\x91�T\xA6O\x93L\x8B(\x90\xD1\xE9b}�\x9C\xDEBß'\x92y\xE6\x8Ei>\xE4\xFA\xFE\xEA\xE4\xD9+\x95\x9Cf"\x8B\xC3\xF8\xF4\xEAf +�A\x9A\xCAӫ寳\x97?\xBDxwu\xF1\xFEl�F\xC1,�g\xF3(�f\xDF_\xBE\xF9\x81(�=^\xBE}\xF3\xEA\xF2Ç\xEF_\x9C%zvu\xF9\xF6
-\x91\xDF_\xBC\xBAx\xF1\xE6\xE5�\xBC\x82h�/Y�\xAF.__P\xEB\xE2\xF5\xC5/�o\xAE>\x9C\xFDv\xF5\xF3\xC9ŕ7fh\xB0��Z\xF2\xE5\xE4\xD7߂\xD3%\xD8\xFD\xF3I T\x96F\xA7�\xF0��\x99e\xE1\xE9\xFADGJDZ)G)O>\x9C\xFC\xD3��\xF4ڡS�\x8CT*\xA24L&<�\xCAS)E�E\xE1ȅQ&b�*\xEBB\xB4Z\x9E\xCDe��\xB3�\xCBecږl\xFC%\xEF�+j\xBE.ڮE[\xAD\xC4~M\x82\xD3y�\x8B I�\xA2\xBC\xB0�\x8FU\x97\xA5Q\xFAȨ\x9C\x94~^\xA3\xBE\xCF%\xA8:\x9B\xC70\xFE�\xF4\xD8\xEF\xFElJ\xB36�\xB3=G
-\xDEʹ7�$\xFF\xFA\x94\x84\xE7\xC4 \x84\xA0\xC6oV\xD6|G\x98<0\xCD\xF1<x\xBA\xAC\xF3�'\xD0>>�QPl>\xE7ν\x96\xF1Yi\xAA\xDBn\xC5,\xFF!3�\x91\xA90�\x9Bqg�\x89��\x9F\x8B\xA5\xE3'\xDB�\xE5\xE7*_\x9B�\xF1߇\xEC&\xFA\xFD\xA4\xE4Ě\xCE\xFD�t"\xE2(K�K�\xF2\xD2\xFE`>�AX�]QW�!y\xB5\xA4\xC6\xC76\xBF5,6<\xBC\xE8�ig2\x9DQ\xB4%j\xB6\xE6h\x83fi\xA3
-\x9A\xE1,'&\xA2o\x9Ab\x9D7E\xF9H\xAF\xDB\xD6,\xA9\xD5\xD5\xF4\\x9A\xCE4\xEB\xA22<x\xB1\xF0\xE2�u\xD5YYuI\x84\x9B\xBA\xA1\xC6=\x88\xAC\xB7\xAC\xAF5ͽ\xE1\x8Ezc\x9A�-l!:T\x92ͮV\xB0�\xB8J\xC1x}�\x93�\xA5e[Sk{&g<\xC5pVT\xF4\xECVf\xC2\xE7i
-{?\x86Mn\xE5\xA1\xFD\xA6\x9A\x83k\xF7ݨ\x95�\xB2(aN\xF4\xFA\xBE4\x99\x89(ђyں\xE9\xEC\xDA\xEF�SZ\x84*u\xC2\xDA.\xEFl<\x93\xBD�\xDAK\x93\xE68g�=\xAC
-Z)\x89^m\xBB\xA2\xDBv\xCEx\xB62�\xAFnÈ«K\x9B�\xB2\x90�t:\xDE]�\x9D�@\x8B\x9CC\xEAÚ¸\xD0z\xA4F}C\xCFn\xC5=7uY\xD6�Eu\xFB\xF7Cy8\x8A"�Fiz\xFC\xE0�rÙ´)\xF5\xC0K�4S5\x90\x85\xF3\xFD�\xC8dW)X�\x83tr\\xAB\xE7\xDAW;Z��@[\xC7c\xB5\xCE7\x97\xEF\xD87#GG\x94i.\xDF\xDDk\xF6X\xE3\xD8\xEFc\xB7\xDD'ݤb�\xD1\xFC\x94\x9B�\G\xDC丞v\xD31\xAD�7\x{DA9D}v\xD3P\x{DB9B}6\xE4$LZ_{?�\xCC\xF5\xFB\xB3o\xA9QÕ\xDD\xF0G]�\xE91\xD5\xF1S\xAE�p�q\x95\xE3z\xDAUÇ´�\\xB5\xABv\xDAUC\xB59\x99n\xCF�\xEB\xB2�\xCE9\xB48\xA2\x96\x94\xEB
-\xE7\xF7\xEB\xC7~�N\xA4�\xC8=ZK\x97{\xEE(a\xEE\xCE#\x83�\x96\xAAݴs\xC8\xE3�\xDC%u\xF0\x84LJ\\x87=\xF4\xF8Q\xAD\xBD\xC7\xF7\xD4Nz|\xA4֧/:\xB7\x87\x99\xCD\xC5\xED޶^\xF7X\xACϔ;+\xF3Pt\xABck�\x86Z\xA4\x89\x8E\xDCٱ(\xA7\xD6�\x92\x8D\x84]\xF4G\xD7&
-\x84V\xFA\xA9\xB5�p�Y�\xC7\xF5\xF4\xDA�\xD3:X\x9B]\xB5\xD3k3T˻\xA12p�/\xFF\xCCZ\x98jQ�\xE32\xCBu\x93��\xA1s�\xBC\x9F�q\x8C�\xA0H\x82ت\xBB\xE8�V\xA5\xF8䃆=\xF9T�Ӹ\xCDi�@\xE4\xE5\x85VN\x8F\xD2\xE4K8\xFB\xE8\xC5|]\x94\xF9:g@\xA6\xF0\xC4m\xEE\xA8�S\xDD\xEF\xDF|\x8BI
-\xB7\xB6\x8A�\xACA�\x85\xA2\xEAÑ—R\xCE&ha|\xB6$\xED���\x9C\xC3\xF8\xB02�K\xA9\xEA\xCA�i��aGY/\xF2rU\xB7��\xD4!+W\x99\xEC�*Óµ\xF8Bd\x8F\xA6\xF0\x85�\xB7\x8Ft@& \xCCì—ºgBo�\x98s\xB6\xE3(\xF7\xEC at 5�b[\xB0iÝŒ\x8Dk\xB7nN\x85�i\xC66�JY\x9Av\xD1�\x9B�\xF6\xEEA�\xDCU\xB6á·Ž\xF0\x82\xFAu'd�\xC5�\�D\xC7,-r\xD2b\x97\x95\xE3�,\xEE\xB6e\xE2:_\x9A�>\x97I\x9C\x88�\xBA\x8A\x96Z-\x96a\x8B\xAEX\xD0�_\xB3ؾzm\x80\xD3�\xD1`pN\xACë¢\x80\xA1\xC1"\xD8�
-\xE9\xAC-\xAA\x85\x99Z\xED\xD6,\xB6M\xD114\x87y[\xE0\xA79\xA6�\x8E\xE9�j\xD7�\xB5\xDF\xE7e\xB1\xCC B\xEA�hÇ\xAF\xB7�\xBDЊ\xDFRx\xEC\x88\xC8é‘F��\xDCCh=\xD4v#\xA0h\xB7\x93�\x98[\x90\x9B\xCA\xD9�\x88a\xF0c J'\xC3د,\x96�\x8C�p3<\x91�(\x9Em.h]@�%\xC7\xC6\xD6'\x8AnEE\xC9\xF6\x96
-�\xC6Ò²^lq\xADldO\x85Ñ¿V�\xBD\x9B\x92�\xE0q[\x80i\xF7\x8Eh\xD1�v\x8E\xE6
-�\xEB\x9D4܅E\xD0S0Ǣ^ox#.\x89b]\x9D2ğ�\xEA�\x90R
-\xC1\x80\xE1\x8DdǑĢ\xADy|\x97\xDF��\xB9)!K\xB2\xFEj\xB2\xC0\xDA\xD0L\xEB\xAFP v��@�\xCA\xD9[\xCCl҂5\xFB\xDE�k\x83�8a8\xFB\xA9~0\xF7>r\x95\xCAh+\xA90�L\xA4\xA5adƗm\xE1s
-\xCAZ\xE5\x9Dk1\x89�#\xB6p\x9F\xA0(
-s\xA4\\xBBaM�j\xED\xF2\xE2붂E\xA7f>\x95O\xAC\xCFx\xFB
-0\x98��\x9B\x98\xCEw
-l\x98�M\xF4\xC6'A\x8A\xBF\xC7qÙ„{\xFB\xC1Zaß P"�\xCCGÊ–\xA9�D\x90i82:\x97T\xA1\xCB�\x8D\xB5�>\xA4[n\xA4,\xCD\xC6TË–\xE8\x8E\xFDae\xECL-\xB1s\xF2Ù‡@*Z\xA2\�k?\x92h[ \xD1�\xE7Hr\xD9 \x89\x83��\x8F\x92 t ��L\xDEM
-c\xE8hQ��0J�\xE8\xD9@\xC1ܞ\x8F�(w\xA0\xE7�\x8A\xA2T(
-\x8E|\xBAÜ–"R\xD2\xE1\xDE\xDDu\xF5��\xE5\x80A\xBA��\x87\xC9���\xAE\xA8U(\x92(H\xA7r�\xA4q\x97m"\x86\xF4�\xC3\xCCA\xAE�\xDA\xF8\x82��n�\xF7\xE7��\xF7\xF3�\x92\xE0�\xE1r�\x88\xC4J܉\xF7b\xB53/\xF22�\x8C_\x9A\xAA0~\xFC|*�\xA0PL\xDA�\x8A�<\xA8t\xD6\xEF�zu\xFB\xA6\xAA\xE9\xDD\xCA?\xA7\xB6\x9FÔ€\xCF*EL\xA1\x82Ì\xC9�\x9F\xB5S×\xA1\x96"\x88\xB5�\xD0h\xF2�j\xC6\xE2f\xAAʉb\xA8\x84\x92į\xF6\xBE8 \x84I�\x8D\xA45x\x8C\xB6\xC5d\x94&R\xC0\x81�?%PO�$\x97\xC2FJ\xA1\xF6\xD3;w\x9B\x93\xFA\x80�Z\xFA\x88\xBE�\xB7M2\xD2\xF7ek\x9AIoD\xB0IB\xF9\x94\xB0t_\xD8\xF4\x96M��\xA6Q\xFAW\xE4-\xF2\xC5j\xEA\x862U"\x8A\xE2\xBF,qz\x9EY*\xA0\xF8\xCB\xFE\x9CT8E\xAA\xF6�B{_^\xAC\x85L\xD3?9KZz
-�H\x92\xC8h\xBC\xAB\xB6�\x8B\xBD\xA6\xB3\x95>�n\x91H\xD5x\xF5I\xD8�\xD2\xF7C\xDE,\xFB\xBC<�+\xBC\xFFK\xFA\xB8\x82\xE39>p\x93�Fh\x8C\xF3\xDE5\xE0\x84\xBBU]N\xCDV'"\xCB⬟
-&\x8AlfA\xB3\x82�1\x82+\xD8\xE3\xCE/h\xDA\xFBf��2\x9E}(\xD6E\x997 1\xA4\x94nr�\xEE:\xD2X$\x99\xFA#\xB7\xB6s-\x95\x90\xB8\xDBF\xBE\xAF]%�\xF5\xD4�\xA1Ch-�\xEAC\x93본\xBF\x97FbMOF�\x9E�c\x91r(\xBC8\xB1ty\x8A\x84\x9B�\x91\xEB�\xA1\x87\xF9\x96���\xE4d\xB8\x8B^h.Y'd;j\xF8\x8219T+\xA1?\xA6\xB0\xC6[�\xF0�
-�\x86� \x9C\xB0`\xA3C�)�
-\x8EÛª\xC0S�
-\x89�\xBF\xD2 \xA6\xBC\xE4!\xEB\xBE
-\x84�\x80\xD8*�Y�j\xF8Ó�\xD0\xD3q\xBDx\xF9z\xACʕ\x81 \xB9\xD8jp '!ؓ ¶\xF0�\xC7�\xBC\x9Eª\xA3@�\x90R\x9F!Ĵ\xCD!\xDE\xC6Вڑn\xF8�\xC3\xEAʲR8\xA8\x80\xA1%P\x9Cf \xD9\xE9�!ê@\xB2Ŗbak\x80UVe\xC3�\x95j�\xC7>i\xE3T\x9AI\xB0"3\xA1�P\x88\xAFp\x9AW\xAC\x88\xBC�\x94\xE5\xE0S�\xAC\x8F\x8E\xA3\xD9\xF7\x86C\xD8N\xED\x86�\x9E@\x8B �\xB2\xDD\xEA\xCAz_i7\x93\xB9s9\x90\xAE\xCD*\xBF/j\x8F\xE2�\xB9`W\xBF\xB2\xF0\xC2F+\xE5o\xC4XfN\x8Fv{\xDD�\xE6\xB5\xE1\x86]�\xC9�Ow\xA5�\x95\x93j\xA8\xC1\x98��A\x91V.\xA9
-e\xC4d\xD8_�qy\xE2\xAEX�\xE8�\xBAʗ\xEE\xFB�kE|�\xD14.oK_�\xDB}\x8B\xB5\xB0\x87\x87\xF8A\xA6pm.\xD9l\xA9˘\xD0�\xE7\xABڱ~\xCDכ\xD2X-�\xD7W;\x89L%Jd\xA9G\xB0R\x84B=�\xF5s,\xC94~\xC9D\x81\x96*\xA4z>\x95޼\x84\x89\xD2Y\x86~,\xBD\xF5\x90VR�\x80D\xAC\xCAJC\xB5�\xBEC\xFC\xB0�$\xD6�.'J\xD9K\xCD\xCBۺ�G\xAC\xE9\x95�\xA8�}nB�\x9B\xFE`TY\xD7w\xDB
-�\xE9\xD3\xDF޼l^\x95\xE1~>�GnA&\x9FZ�V\xB9\xD9\xECc;]\x83\xC8 \x86c\xC9_\xB9~Cܽ+\xE7a\x98\xF6\x82'PN"\xD2L\xE9\xC1f\xFDj\x93\xB3L8\xE8C��\xAE\x8D\xAFaF\xD4e\xAF\xE8ቻ\xC7֖\xD0�\x9A\x9A\xC2IZ/\xEE,
-�\xB0\xB3c�\x8A$\xD8\xCE\xE7îƒ�i\x9Ad;q\xEE\xAE+rw\xABQ\xF7\xE5�i\xFB�\xBDàŒ+h=\xF3\xE0\xE2Cx\xC7
-\xFE\xAA�`P\x898KB\xFF\xF9\xD9}|~Y\xAF\xFB\x92h\xF8'\x83cß›\xF9[\xA6v�\x81
-\x93\xF1
-\x95��/-\x89\xA3K%W\xD2 \xDD-f\xEEvx\xFF\xA4\xF1\x82\xC2\xE4\xCC�!\xF70(K�\x97\x9F\xB0�'jg\xDA
-]wØÞ\xBB�\xF4\xDE�\x88\xF47\xD3q\xE2\xA6�\xAD�~\xA7
-\xC2\xDBm\xE3n}\xE3ԆH\x89\x97 *\x96\xB3\xAB\xB3�\x8F�\xDBa�\x944\xD2\xCE�\x9E�8\xB7M�65-�m\xBE\xC1�%s\xDF�P۟\xD3\xF7\xDEne\xAF(\xA0\x9B\xEE\xF5\xA0\xDB^7\xC0\xF3�\xB6bg\x98X\xF0t(\xA4\x80\xF0\xF2\x9C\x9F\xDF}wNy\xA9n&\xAF�W\xA6,\x9FmL\xE3oQ�ќ�_�T$\xF0\xAF1�_���K\xFF\xF7?p�\x9F1�(\xC0\xD2p\xFAs\x82\x82\xAD\x9E\x86Y\xE2&\x85\xD6软\x88\xFE\xAF:\xFBS\xFF�+/y\xD1endstream
-endobj
-1558 0 obj <<
-/Type /Page
-/Contents 1559 0 R
-/Resources 1557 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1530 0 R
->> endobj
-1560 0 obj <<
-/D [1558 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-370 0 obj <<
-/D [1558 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1552 0 obj <<
-/D [1558 0 R /XYZ 85.0394 752.0459 null]
->> endobj
-374 0 obj <<
-/D [1558 0 R /XYZ 85.0394 752.0459 null]
->> endobj
-1561 0 obj <<
-/D [1558 0 R /XYZ 85.0394 723.5337 null]
->> endobj
-378 0 obj <<
-/D [1558 0 R /XYZ 85.0394 642.6584 null]
->> endobj
-1562 0 obj <<
-/D [1558 0 R /XYZ 85.0394 613.9312 null]
->> endobj
-382 0 obj <<
-/D [1558 0 R /XYZ 85.0394 133.1977 null]
->> endobj
-1563 0 obj <<
-/D [1558 0 R /XYZ 85.0394 104.7573 null]
->> endobj
-1557 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F14 964 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1566 0 obj <<
-/Length 1991
-/Filter /FlateDecode
->>
-stream
-x\xDA\xC5Xms\xE3\xB6�\xFE\xAE_\xC1\x99\xFBP\xE9b\xC1 �\xF0%\xF9\xE4\xF3َ3='\xF5\xE9\xA6\xED$\x99)-\xE3,N)R�\xA9\xF3\xB9\xBF>\xBBX\x80\x84d\xEAz\xAD3\xEDhF\ \x8Bg\xB1\x8B}� "�?�\xE9\x84%\xB9̣4WLs\xA1\xA3\xE5z£��\xBB\x9A�\xC73\xF7L\xF3\x90\xEB\xCDbrz�\xA7Q\xCE\xF2D&\xD1\xE2c\x80\x951\x9Ee"Z\xDC\xFF<M\x98d3@\xE0\xD3\xF3�o.\xAF\xAF>ܞ\xCDR5]\\xFFx3\x9BKͧ\x97\xD7\xBE \xEA\xEA\xF6\xECݻ\xB3\xDB\xD9\dZLϿ?\xFBiqqKC\x89\xC3xs}\xF3\x96zr\xFA��\xBD\xBD\xB8\xBC\xB8\xBD\xB89\xBF\x98\xFD\xBA\xF8ar\xB1\xE8u \xF5�<FE~\x9B\xFC\xFC+\x8F\xEEA\xED�&\x9C\xC5y\xA6\xA3Ghp&\xF2\F\xEB\x89\xD21\xD3*\x8E}O5y?\xF9K��\x8Cک\xA3\xF6�\x9C\xC98\x91#�\x94b̀:gI,cg@�&�`�\xCE\xF9\xF4\xFDS\xDD�\x9FQ\xAB\xD3K�\xCE\xE5\xD1\*\x96+\xA1\xEC\xACSd\x894\xCB\xD34\x89悥*\xD6v\xE0\xB5��\x82\xE5Z\xCB(�X\xAC\xCAv6O@\x86\xFF�\xF4!\x9B#\xB5l\xD6kSwn\xD4s\xD7\xF4='\xE0L\xB3\x98k1"\xD3-&\xE8\xA7E\xCE%ϙ�ZÜ\x94\xE5\xB1\xCCh\xF0\x94p_\xBC\xAEo\xBE\xB1b\xB8\x87O-\xFC\xAB?����G\xB8\xB9\xFE�Q\xED\xCATUۋu\xC6�\xC4�\xF5=��\xB3\xADh7\xE5\xC1n\xC61�\xA2�"\xF4�\xE9|\xE0\xAD\xF9\x85sY\x97]\x89\x92\xD1\xDD-���\xDA\xE2\xC18<y\xDC;\xCEI\xA5\x96&\xAD\x8B'�\xB3٘b\xEB!\x9F�Wf;�\xD9\xD4PO\xB7*:\xA2�Weg\xDAM\xB14_ (\xFD\xDA\xE83Dq\xFD�\xBBm1h\x80=\x95ac;u>o\xBB\xA7
-Dű\xF4\x9B\xD1b+\x9E\xB6]\xB1\xEDh\xE0\xB1\xECV\xD4�o\xF7\xD8P\xCFrUl\x8Beg\xB6-
-\x9C\xBE\xA6\xFE_\xB8\xE6mU\xB4\xAB�hk\x82\x83>A\Ö¨\xC8f\x88�e\xBC>\xA5�\x8B \xB30\xFBx��D�LY:\x9B\xBE1\xCBbך1g\x80\x95\x82\xE1b\x9EN�ohl\x80\x8E\x9B\xCAt\xA6r\x83\xF7\xA6*\xD7`\xF1{j\xBAU\xF0�\xE7\xB7~N\xAF".C\x82\xF231\xED\xE1\x97EMÄc\x87�9\xB4\xAEé…’\x97c\xA3\xA9\xBD\xEC\x82>\x9BfK{eG?\xFA\xB1�\x9D\xAA\xB2v^\xD18G@ \xF8�\x87q\x9B\xBD\xDEU]\xB9\xA9��\xCEh\xBF\xBC\xF3ro\xE7e,P\xA3\xBA\xE9h\xE4\xCEq ��\x89\xE1\xE2\xE2\xE9\xA5��\xBD\xE6s\x81\xE6<\xC1\x96&\xE7\xC0\xEE\x8FMU5\x8Fe\xFD@\xCD\xD2\xE1\x{1A07CA}\xAA\xBC\xF7\x{D035A1}�\x80\xB5\x94}x�\xEB�\xB3 8\x90�5\xDA;\x8A&3x\xFE\xB6u\x91\xF5\xFA\xF4\xDB\xF1\xDC�\x9A\xE5\x8F\xC8\xEDV\xBCMU�BH\xE2\xBE��\xD0)\xC4\xC64z�\xD8veU\xB9\x9C\xF6�\xB1\x97\xB6\x87Ù§\xFB=\xE8�\xED\xD41\xEDÔ±\xCAU\xFB,\xBDl\xB6[\xB3\xF4É»\xEB\xCCz\xD37\xE8\x8B^c\xDD\xE0\x98\xEA1W,\xD3I6\xB2\x98\xB0\xA4\x85uw�C\xC5\xCFb\xA5\xBCj\xE2\xC8B놾US?@\xB2\xDD+-\x90\x81GV#y�g\x894\xFB\xFA�{P
-\xE6R\xA6L\xA8�N#2gYF\xD5�\xAAd�l*�\x83
-Z\xCEG\x90t���90�\x98f\xED\xA4 \xCDb�+8~\xC34k\xE1|\x86\xA4&�/+�B\xAA\xDEy\xD8\xE6@\x8E\xF1|\xE8U{#\x9B\xD5S;\xDFwS2x\xB9,*L\x87\x89M2\x98\x90\xE3�v\xC1\xA6E\xE8\xF4I�i\x9B�\xB1\xCF-âžš\xC5\xD2\xC6xÓ¶\xD4�R�\xB6P\xF0\xBE\x8C\xF6;\xA0�Ei�\xFAV\xC5'\xC7\xDBÔŽ\xA8\x9A\x87aÎv\xA1a3\xE4H\xB4\x8D\xE4\xCB�\xA2M\xB1\
-\xBD>\xBB\xFAlBI+L6vK4\x86hik�&K\xC1]\xB2D<J\x96_\x93\x84\x8E�\xCF\xFE\x93\xD42�\xD2b��\x8B\x9F\xDD�\xABΈ)\xBC؃\xD3Zm�\xF7\x90O\xA8e>\x99\xDA/\xAA\xD9=\xAC\xDC\xDCn�\xC3m�\x94\xBC/�\xFCBR\xDBlͧ\xB2ٵϣu\xE4�\x86!\x97\xE6�\xFA=\x9E�è\xC3@\xF1;\x81�C�sQS:\xAFjv\x8E\x83\xAA\xCFG\xB3�b\xE9\xDF\xC5m\xEF�a\xB8\x8El6\x9C \x98J \xA7qwj}\xAEL��p\x91!�\y\xBD[\xDFa�\xB3\x92ˇÚ\xAA?\x9E\x86�NI2\xE6,\x87\xEE\x83CQs\xE0\xB3\xC6�nm܇#C\xF8\xF9�paQ\xB4\xFBgP\xBC�\xB8\xB3'\xD9\xE7\xBF\xF7\xFBW\xFF�\xB7\xF5?\xF6\xFAW/p\xFA\xB1\xEB\xB6\xCC8KE"\xBE\xEA\xBE-$\xCBs\xAD\xC6\xEFÛ°\xD0L\xB24\xE7\xEA8�\xCD\xE3\x80\xE5H?c�jx\xD7�9\xEC\xB0\xD4\xE9p-\x97\xFDA�\ \x91,\x86\xD5G2IY,$U\xFA\xBF�1\xA1�p�`\x849:�\xB7\xA1\xA08�\xDB\xC8\xE9\xAD\xFD\xBF\x811\xBD\xEEi9\xBD:\xB4�H\xE1)x\x99\x94p\xF3Ksk\xAB\xE87\xB0B.\x94\x8A-SH[\xED�\xABØŽ\xD3\xEBu�\xBDm@\xC7(P\xD3�\xCFCd\xABf��t\x9E1\xE0�\xF9J0\xA1�娿τ\x82݇\x94\xA3\xF8P0\x91\xB6\xC5E\xD1-\x84\x88Ö¬\xCBeS\xE15�\x9B\x98�\xFE\xF1ÝŸ(
-\xA8\x94ۄ3\x83\xA8\xA3\xA4Cs�7�\xEFP at M�x\xE1\xE4\xF9\xEAhyvX\xEB\xEChKߧ\x99\xB4k�q\xE0G�\xD4\xEC*,\xE3Z\xD9D\x80\x97\xB3\x82\x9A\xFF\x9A \xED
-2\xB4\xE8\xEE\x89]xBH��&\x8E��\xE1첾\x87\x90\x81\xAB/\x8Dv\x9E\x8D.\x88\xC0`oF\xD0\xE1\xC4�7]\xAB\xB6\xBBA\xD1E\xB33\xF3\xD1R?�E*ə\xCC\xF2,
-\xFD\xF4e\xAE\x8FA\xA6\xF3�|x\xB7zY`\xEEG\x93\x96\xA9��\xB9\x84b\xB1Jd\xF8\xCA%t�\xEE\xCCs\xFFL\xE8^7\xCEǞ�.K\xFA\xB9\xDA�\xEBu\xB1=R]3\x96\xA4y\xEC\xA3OB\x98\xB9w�\xA0r\xFA<~Hb\xECl\xCB\xD6\xD6M`\xB1\x85�\xBEv\x9B|=M܋ a�eD\xA5\xD3\xF7�|\xC6󹪋S�\xA2w\xA8p\xE6QG\xB0e\\xFB\xF2\xA9\xF7\xAA\xBB�\xDE�\xB0᪺vWw\xA4Le�n\xF7z\x83(\xF6�\x8E \xFE\xB5�h\i\xB3\xB3�\xE8\xCF˪i\xE9n�cwpL0VW\x9EO\xDF\xD9k v�\xD6�Y?\x96\xFA\xE2\xE0
-\xE8\xAEj\x96\xFFܯ\xE5\xED\xEEn> \x9D\xF4\xEFK\xFEX[\x84/PE\xD5\xFAÃٮ˺\xB0o"\xFB\xF7j'*0\xF4\xC8\xC3\xC2Ÿ \xC2W \xCD\xF77\xFCPz\xBB\xDB\xE03\x88\xB9\xFF\xF60>\xB3\x94q\x9EF)\xDC̤V_�Jq�\xA1$\xC0T\xE3\xA1��\xA3X($R\x88^\xA9\xC6^\x95y_\xA1^\xFC\x86=\x84\xAE\x82�\x97e2\xAC\x83C\x80\xC9�\xCE|�\x80Äš!�ZR\xC9g%\xDF?v;\xAE`\xE9\xBF�\xB9�%\xBDendstream
-endobj
-1565 0 obj <<
-/Type /Page
-/Contents 1566 0 R
-/Resources 1564 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1573 0 R
->> endobj
-1567 0 obj <<
-/D [1565 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-386 0 obj <<
-/D [1565 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1568 0 obj <<
-/D [1565 0 R /XYZ 56.6929 749.9737 null]
->> endobj
-390 0 obj <<
-/D [1565 0 R /XYZ 56.6929 670.1208 null]
->> endobj
-1569 0 obj <<
-/D [1565 0 R /XYZ 56.6929 644.0935 null]
->> endobj
-394 0 obj <<
-/D [1565 0 R /XYZ 56.6929 176.1924 null]
->> endobj
-1570 0 obj <<
-/D [1565 0 R /XYZ 56.6929 144.3484 null]
->> endobj
-1571 0 obj <<
-/D [1565 0 R /XYZ 56.6929 85.5791 null]
->> endobj
-1572 0 obj <<
-/D [1565 0 R /XYZ 56.6929 73.6239 null]
->> endobj
-1564 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F62 1361 0 R >>
-/XObject << /Im3 1515 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1576 0 obj <<
-/Length 2519
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZMs\xE36�\xBD\xFBW\xE8\xB6rU\x84\xC57\x81\xE4\xE4x<\xB3N\xCD8\xB3\xB6sJR)Z\xA2-n(\xD2+R\xE3u\xB6\xF6\xBFo7�\xA4(\x9B\x92\xECX\xA9\x9A\xF2A`�h\x82\xAF\x81\xEE\xD7
-\x8B�\x87?1r\x86q\xE5\xF5(\xF1\x9A�.\xCCh\xBA8\xE2\xA3;\xE8\xFBp$\xE2\x98I;h\xD2�\xF5\xFD\xF5\xD1\xDF߫d䙷Ҏ\xAEo{\xBA�\xE3Ή\xD1\xF5\xEC\xE7\xF1\xE9?N>_\x9F]�O\xA4\xE1cˎ'\xC6\xF2\xF1\xF7\xE7�\xEFH\xE2\xE9\xE7\xF4Nj\xF7\xE7�~\xBA<9N\xF4\xF8\xFA\xFC\xC7��_\x9E\xBD?\xBB<\xBB8=;\x9E�g�̗QÖ \xEF\xCF?\x9EQ\xEB\xC3\xE5ɧO'\x97ǿ^\xFFptv\xDD}K\xFF{�W\xF8!\xFF>\xFA\xF9W>\x9A\xC1g\xFFpę\xF2Ό�\xE0\x813\xE1\xBD�-\x8E\xB4Q\xCCh\xA5ZIqtu\xF4\xCFNa\xAF7L�\xC2OKŤ\xF4j4Q\x9A9�:^\xF0Z\xE5%\xF3\xC2\xC8\xE1\xD7\xF2\xD1�\x94z\xC1\xF5v]4\x8F\x83\xAEؤ�ꉪ\x89�\x86)\xA3оʰD
-\xDF\xD9W\x8A\x9E}\x85�\xD0\xEB\xCD(1\x82I�\xB6G�\xA7\xD3�A\x86\xB1\xB2?\x96;&t\x82\xEF\xC0A\xB3\xEC�\xCEe\x99\xD5\xC7�e\xFD8\x85\x9F\x84\x8F\xCBt\x91\xCDHr\xFE\x99D\xE9l\xB6<�n\x9C\xD5q\xE8"m\xA6󼼣\xEE"\xAF\x9Bo\xA0\xE9\xFD\xF8\xB6ZFe\xD3)\x8D\x86\xFEiU6a~��\x850 \xC1\xBC��\xC3Z\xCB�펪\x99gKj\xAE\xEA\xACfO\xB7\x89\xE1 s �\xA3>"oC�\xEDi\x84M\xDA�\x89W\xA8l\xBFa\xBB\xE1ॉ\xB5n\x9F\xE1dB��\x8C\x80UU\xD4/\xB1޴H\xA3Y�\xB4>\xCE$\x98\xA7e\x99�\xB1\xBB\xA9\xE8\xF7&\xEB0\x8E\xC0\xDF<\xC6�\xF3,\xBEwc\xA1\x9E3m\x95\x89\xEF]\x96\xB3\xE9\xC0\xEA$��\xDC}4h\xD5\xE4E\xDE<��!\xC6;\xEC\xD8�\xE8m\xA0?\xB5\xA3<\xA8�a\x84�\xC2\xEE\xB3#N\xF0\x8E6u^N\x8B\xD5,\xDBo\xC680\xDA(\xA5�<\x97E\xB6�\xB8ފ��\{B�蹬K\x98\xE7B\xED�\x8E+\xA6\xB5
-p\xFC\x9E=\xEEǬ\xBEϦ9b�`\x83\xC0\x83\xB3 8�h\x82��\xEF\x94W%\xF5�\x87\x84=\xB0\xDBI\x92Ǟt�۽l\xF2i;��\x91+\x8A\x9D\xD5d\xC8[-\xF3?\xBA x\x86\x82�\xC4\xE6\xF5\xD5\xF9\x87\xED�\xEBCq(\x97\xF5�\xC4�ka\x84\xE7\xFBb\x8DM<3JR\xAC)\xAA\xBB;D\xE1\x95fS\xC9\xF8a\x9E6\xD4B\xCF�
-7\xAE\xB3\xE5\x97��@�\x8Ak\x88+R\xF3h\x980%#\x9F\xB71/\x8C%�\x8B\xECX\x8C\xEB:\xBD\xA3\x97\xB8q\xF4\x91C\xB6\xAC\xC1\xFE;L\xD6\xC3\xE2\xB0&;\xEC!\xD3�\x88�\xDFç¬1\xCCJI\xA7\xACxXf/�1�P\xD0\w\xAB6\xCC<��\xDA3k\xAD\x8E�\x88;<\xD7��\xCB&*�\xC28�(BQW\x91_L\x9B(Ú¤"E~7o&��\xFEPG\HU\x84M\x82\x92Y\x9A\xD19\x9D8\xCDT \xC4m(Ç—-Ú“\xFA�7|`\xFD\xD20\xA7\xA5\x8FK�\xB8�~ g\xDEu!�t\x89�\xFB\xA6g\x90\xAFy\xDF�\xCBD\xC2\xF79g\xAB\xA0!\xE8\xBC,Һɖ\xF5\xEB\x98ebÈœ\xBAc\x96 i5\x85�\xE4\x8F4\x82\xE8#\x88BT\xAC\x83\x9B\xA5Gꯛ\xD5MTYFMu\x91~�<\xDCTe$:\xDD\xCB�'*\xD2\xDDä²\xCBW\xEC\xA9
-(\x87\x90\xB5\xD7S\xE3gqA\x9E\xBA\xBA\xC7\xC8\xF5\xB2\x83\xDF2I\x84ͻ\xF1]QݤH+\x81\xE4w>�\xE4k�\xD1FE�о'\x8C \xD7\xEDѵ75\xF5ϲ\xDBtU4\xF5\x90\xD9b\xC0\xDE\xC8�\xEA&m\xB2�8\xEB�f\xEB\xE3q؜\xE0\xA0\\xD28\x98\xCDu\xB2\xC7l\xC6)\xE6\xBCP1L�\xBC\xF7\xC7W��7y\xB6lҼ\xEC҂'&Bt;�\xE1C\xB9\xC1>\xEF)\xC4N:;c\x8A\x90\xD6\xF9.\xF4\xE9\xB3\xDC\xE1 \xE9a�\x8D\xB10[\xEB}\xE8'\xB06e#I\x80\xCD��*\x9F֓.\x9Fzerf\xAC�+,�\xAB\xB2c\x9BAԥg\xF8\x84a�ﲆ�m
-ml\x82\x9D�\xB1K�\xC61\xA4\xEF�\xBE\x93n\xDC&\xF9\xE9\xBEk\x87Y{x}͇Jk\xA6�Upv\x99U;\xC0\xC18b!\xCB�D\x85\xD9�R\x87\xD7�\xB4\x90(/\x8F\xDD8̧\xE7w�WWg\xA7\xD4F\x85;�\xED-\xF5+\xCE܌\xE4\xCCH\xB7/\xBA�e�Ox�\xD9A \xAC\xFB\xA5\x88b\xD0G4\x93�z\x89�\xE8\x914\x94+@�\xCA� \xE2z\xDFPkuO=4\x82��l2\x92\xB4\xE9��/ߟR\xC3p!\xE2\xF8h\xB5\xE1"\xD4t\xDEF\x9E�\xB8\xCE&+A\xB4#�\xEF#\xF45�
-@\xDD$jo\xBC�\x92 \xCB)\xDE|ɳ\x87W�\x89�;\xC2\/w�}\xFA+:l\xD1\xE7\xA0\xC5;\xED-\xB3\xC2\xEDK\xAB�\xE7L\xF2>\xE5\xFC\x93\xC0\xE1\xDC\xED\xA0\xF5Ws(\xD0ֵ\xF1?W\xF5~[\xAD\x\xC1tb!(\xC9�|\xC8f\x91\xFEY\xB1^q˜\xF4\xB0jm=\x80\xD9/\xC6\xC9g\xB7�j\xA4\xB1�\xCE�\xB9\xFA\xEB-eM\xD8\xF1I\x97\xF9m-b\xA8\x84A\x9E٦~\xC8f�u)\xD3%\xB8\xDBi6\xB8\xCB@\xC6y�\x81\x89ֶ~\xE7\xB1\xE5cEۚNW-��w\xB4\xE6gC̎u+\xEB<\xDB-niɬ\x87�}\xA2���\xF2R|7^ڀ[�\x9C\xF3pY�\xF4]\xB5�\x8A\xB75\xCBt\xB1H#\xF1\xD4\xFD\xEFŋ�ͼ�\xBA\xBBm\x98X\xD24A�BO\xFF
-\x8E\xB6\xF5z\x9B\xEEv6\x83L\xBB\xFE-\$\xFC��\xC0\x90\xC3?�L9\xFC\xFF\xBE�\xFA0X\x83\x86\x9Dcc<\xC7�\x92{>\xE8�\x9D\xBC|M\x83\xBB\xBB\x87\x9F\xB0b4`\xB1'_\xBA}+ \xD7n\xA5-w/ \xBEU\xFE\xA9é±¼�\xD9l]\xE7w\x81\x8D\xEB\x90-\xE3O\xFD\xB8\xB8\xA9\x8A|JO\x84*\xB6B\xD4\xC3ae\xFC\xED_\xCEHm\xE9r\x86\xFA�X�y2w\xE3\xF3\xF8\xAA;J�\xA0\x95\xB7\x8D\xB5\xEE[J\xFA���\xB9_\xE6\xB0��\xE9�˨\xC1RJ3\xE9\xA4\xDB4ku�a\xDDXS\xD8Ú´&C\xB7E\xF5\xB7\xB0(\xC1\xC7'\x91\xE2\x86\xDBƧ\xB7��#C\x88Å›\x93ÓuWx \xE1;�\x92�k\x90��R \xA5 \x9EPST\xCA�\x80P\xB2y{\xA5:\x80\xB0��\xF3\xB7(&�P\xBAX\xD5Q\xC7M\x94\xB4>{F⇼\x99��\xF2\xC41\xCF;G\xBFe# e\xB2\xBA\xF5�7�&\xBCT\xD0\xC4�\xE5\xF1\xC5\xD3v\xF5\xB4��okP��CÖ•A\xBF\xC3*\x88�\x97U<?�6k"ܳ\x9C\x{2072478}\xDBi\xEEm\xD4�\x8E\xA5\x8DE]m��\x8A\xA2z\xC8f\x83x_\xCF\xE3\xA0\xDB
-GuEp4Ò€\xAA\x9BU^4\x93\xBC\xFC\xF6i\x80�B\xB3$I\x80�IL we{\xFD\xC0\xA2�\xC2$ym8�\x9AÕ»\xBA= \xFB\x8A�5\x81�Ä”6;��a\x94�IT\xA4\x84\x8B�f\xE8�\xC4+\xA6\x84i\xA3\xD0'\xDC\xC1\x9DÑŠx`\xE6U=X!qLk\xF0\xFF\xFDż\x95C(f\xF1\xC6\xFC\xAF\xC0Lx\xCC9\xF7 �\xAA`\x9F[\x8Ae\xE50\xED\xDA�YY\xBD�\xB1\xF5R�\x85\xD7�S\xB5�\xAFD�\x91\xF2\xC9>\xC4�&\xBF1\x8C�\xD54-\xF0\xE3_�[\xA2\xE2mK"\xC7矿h�Q %\x91\x8D\xA2\xB5\xBFm'\x86\xB8 \x83h\xAB\x82\xA0Ìš\x87j\xF9;=`\xB6\xB5\xBCM\xA7\xE1\xE6&N(7\x934"�M\xEBu\xEAGȽ�;�\xD7\xC3\xE4\xAD\xC9Yk: �N\xF2רlgl7�P�k\xF6\xEEu\xAB\x81^�\xB1\xB6\\x995\xF5\xCB-'\xBC�N��*\xECx�!�\xA2.\xEA!\x9B\x86\x9E%\xFD\x92I\xB1\xAF3�\x8Ao\xDB\xFE\x87y\x8Eq���Ë \x8C,3\x94a\xCF\xF1rG
-E\xC4Eȵ\xD9�Շ\xAF\xAA at C`�)\xA9iج"aY5Ը'\x96\xF0�vK>\x8B3R\xFAy����
-t\xC6y\xB3�^\xB3\xC8\xCBl\xFB\x8E\x92:*
-Q\xFE?$)\xB2�\x94\xDC5\xF3\x9A\x9E\xC3�F9Z\x80\x9Aq\xCFCkc\xCF�\xC6%\xC6\xE7%\xF5ի@}$\xAD��Ӵξ�\xAC\xE7%\x90\xE4A�\xE0{M=\xE9\xC6n\xF2\xAF.qX\xF4\xDD]wnڵC3\xAE}\x93\xACe\xE1\xBE�d\xFF
-�\x88\xE8\xDA\xEFC\x94Wbf*\x9D\xEA\xAFu\x8BC\xD1�\xF8\xB3mIÑŽC\xBB>
-o;`\xEB3\xFB\x9A�\xF7\xF0\x9CB@�Ì4X\xF5\x87\xF8\xEEw\xA7\xB8�K
-�s�\xE9\x99s\x89�\xFA\xAF5>\xDA[\xEAx\xE9\xFFÈ\xFF\x81�`T\xCE\xC9ጺ˼!{�]tl\xB4zfE\xE5\x98qr=\xAC\xB7\xF8\xFF�>6r\xFFendstream
-endobj
-1575 0 obj <<
-/Type /Page
-/Contents 1576 0 R
-/Resources 1574 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1573 0 R
->> endobj
-1577 0 obj <<
-/D [1575 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-398 0 obj <<
-/D [1575 0 R /XYZ 85.0394 433.214 null]
->> endobj
-1578 0 obj <<
-/D [1575 0 R /XYZ 85.0394 408.8744 null]
->> endobj
-402 0 obj <<
-/D [1575 0 R /XYZ 85.0394 340.1059 null]
->> endobj
-1579 0 obj <<
-/D [1575 0 R /XYZ 85.0394 309.992 null]
->> endobj
-1580 0 obj <<
-/D [1575 0 R /XYZ 85.0394 232.654 null]
->> endobj
-1581 0 obj <<
-/D [1575 0 R /XYZ 85.0394 220.6988 null]
->> endobj
-1574 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1584 0 obj <<
-/Length 4374
-/Filter /FlateDecode
->>
-stream
-xÚ[\xDDs\xE3\xB6�\xF7_\xA1\xB7\xEA:�C|�\xC0\xE5\xE9z\xB9K\x9Di/\xE9\x9D3\xD3N\x92\xC9\xD0�mqN"]\x91\x8A\xE3~\xFC\xEF\xDD\xC5� )A\x96;\xBE\xF1\x83H \,�\xFB\xF1\xDB�\xCCf9\xFC\xB1\x99*\xB2\xC2r;\xD3Vf*gj\xB6\xDC^\xE4\xB3;\xE8\xFB\xF6\x82\xF91\x8B0h1�\xF5\xA7닯\xDE�=\xB3\x99-x1\xBB\xBE�\xD12Yn�\x9B]\xAF~\x9A��\xCF^�\x85|\xFE\xF6\xFB�ﯾ\xFD\xF1\xE3\x9BWZί\xAF\xBE\xFF\xF0j\xC1U>\xF5\x97w\xF4\xF4\xED\xC77\xFDë›\xAF�\xCC(6\xFB\xE77?\\xBF\xFBH]\x85\xA7\xF1\xA7\xAB�\xDFP\x8B\xA5\x9F�D?\xBE{\xFF\xEE\xE3\xBB�oß½\xFA\xE5\xFA\xBB\x8Bw\xD7q-\xE3\xF5\xB2\\xE0B\xFEy\xF1\xD3/\xF9l�\xCB\xFE\xEE"Ï„5j\xF6 /yƬ\xE5\xB3\xED\x85T"SR\x88в\xB9\xF8t\xF1\xB7Hp\xD4\xEB>MÊ\xE5���O�\x90\xB3�c\x99U\x8AO$\xA8lV�.\xA2���%\xCF\xF3\xF9\xB2m\xFA]\xBB\xE9h\x95\x9F\xFA\xB2\xAF\xB6U\xD3{\xF9\xED\xCA\xED\xB6\xDCá’¿z/\xD9hg\xF2��Ȥ\xD6\xD6Q�\xA8�@\xF3\xDF\xF8\xC1\x8C\xE9\xCC
-nf\x8B\xC8��\xFC\x89F\xD4M\xD5\xD3\xD3Ϲ\xCA}\xDB\xFD\xAF\xE5j\xB5\xA3\x97\xFF� �\xA2\xD00\xF1\x82eZ
-\xE5H\xFC\xD1w!QX\xEB\xD0�\xA4�}\xEDg\xB9ow}\xA4=\xBC\xFC\xE2�,\xA4\xCE�ϋ)\xE5f\xD3>\x84U,�\x87_d\xAA\xEA\xBA_\xB7e\xBF\\xFF\xBA\xA9\xBB\xDEw\xFC\xD7\xD1\xC9��\xD2\xCE\xCF\xD5c\x94\x82\xFB\x81�\xFF�\xBE\xFD\xF7\xEB �Zg:7\xC5��eY6\xF9,O\x8E\xDF7\xF5\xEF~\xDDe\xBF\xF6O\xD5nKO\xCD~{Sy\xE1\xB6�Mx�7\xDF\xED\xDA\xFD\xFD\xA4y�4\xC9*�H\x9C\xE0\xFAp\x95\x8B\xA4��i\xA7\x8DS5�\x89H\x93q\xA3UTp\xF9��\xFF\xA6\xFA9\xCFyS\xF7u\xDBPK٬\xE8\xE1Ǯ\xBC\xAB\xFC\\xFC\xB4\xE6_\xAF\xAB\xC8\xD00\x88\x83\xED*\xADa\xF0\xC4:\x8E\xA9I\xB0cp�4\xAE�\x98�\x85\x9D\xAF\xAA\xE5�\x8C\x8F\x99y�\xDC�\xEDׂ
-톆,\xD7e\xD3T�\xDFݷ\xD4zS\xD1ᆱV\xD4s\xF3H-\xDDc�3P[\xB9\xDA\xD6
-lٮ\xEC\xDB]G\xFD\x81\xC2t"$M˜\xC1\xFEd\xE06\xF5tSZг\xD2˰\xD0\xF3\xF6�\x8D\xFB\xC854嶢\xA6\xAE\xDA\xFD�\x8A�\xAE5Ù8ʯ\xF3}\x93I\xF1\xB3au\xD8\xEDEA]\xB44|¥\x85Ɏ7B\xE4\xA0�\xB9d^»f\xB5L\xEC����q\xBB\xF6}\xBD\xA9\xFBG"\x8F�!\xC6�?\xE1\xB2�\x9Fج<W\xD0\xEF\xE4"\xB8̈́dfj'Q\x9B\x88\xF7~WW\xBFU\xD4Ҵ\xCD\xE2\x9B�\x9F\xC6\xDD\xDD~\xD3{=\xBD%Al\xBDR\xFAOH\x8C\xF04�c\xF0�\xA0\xFFָY\xDF4 I0�\xEE\xAE0~\x8Dι��\x82\xC1\xA3a|\xAC\xB7qCxT7|1\xF3\xBA\xA3ƒ^\xAF\xDF\xFE@\xEF]\xBB\xFC\x8C\x9E�\x9F\xD1%TM\xDD\xDCј\xD27\x93b at Cw_-k4A\xD8̈́�\xC9�b\x9B
-,\xDF�\x86^!m\x96\xE7F\xCC�\xE7\x99��I\x9F�|9\xACИt\xE8]D\x8A\x8B1\xC9�WGj\xA5`\x93\xADf\xC3\xCCÈ¡�1 \xEDbYn\x83r9�y\xBE�4|k\x988)�\xA9 uhm\xBE\x9C�"\xC53"\x90Jg\xAC(\xF4T�.\x82\xA7E \x82�^\xC2Â…\x98?\xAC\xEB\xE5Ú‡b\xE8W\xB9<0\x9Ee\x89\xB22\xC6\xF93n@\xD3\xFC\xFB\xD5�\xBFIjiw\xB1\xA5\xA0'Ç€3\xA6�<\x8C\xE4\xEA\x845\x80�c\Ë“\x82\xE5\xBC {\xE1\xB0<\x80ZÊ€�y\xA9`#\xC5Ř\xE4\xB1`A;2\xC3 \xD1\xC5aO Vdvpo\xE0x\x8F\xA1�\x88\xB4�9?\xC6P�\xA4Lf�8\xF6)\xA0\xCAK0\xE0]\xDD}&p\x85�vv�\xB2\xAF�\xE8\xB9\xF7\x8E\xCDyc�G\xBF\xA4\xDE0*ì•™?Ô›Õ’\x9C\xF8\xCA\xEF\xE7\xB0W_\x93"p\x88\xF9*��\x80�\xFCPS-1\xBE\xB8@\xA7\x90\x94\x8BK\x92B�\xB4\x94\xCBeu\xDFS\xB8S\xCEÈ°\xB7l�}\xC3-\xFD:\xB6\xF0\x81�\xE1�:�GL::�K�*Pa xe\xF9\xBC\xA5~rh\xF4�\xCD2"JZ\xE8��Öš@\x89\xA3i\xC0��\xE3�\xD0\xE0�\xE1f\x93v�\xD2(}R[\x990�\x83\xFCH�\xC0\xFBZ\x98�+k \xB8�S<\xD6U&�8��;q\xD8S\xBA*\xB3\x9C�ꌮj\xB0Y?\xE4\xF5\xEBT\x88\xF2\x8AAC\xD0\xC6�h\xD9- \xEF\xB1݃jY�4�\xC1n\xB3y\xA4'�\xF1\xB1h\xAD΄\xD0\xFC,@\x90ʨ\x91�G\x82\xA4\xE40Û¦]\x96~\xBAu\xDB\xF5qK]\xE0;�\xD9\xDEß”\xCB\xCF~\xAF�5\xF0\xFA\xAFpW\x8A�\xCC\xEBr\xA4ca\x89L0�x�g\x96\xE5\xF0\xC7�\xDCC���h�\xF7\xBB\xB4\xE0M\xA1d�|\x8AL\xC0\xE3\xF9(\xDBB0Rwc�\x83\xF0�\xB0R\xE5\x81Ïs\xD1\xF0\xB0-\xAF\xB7\xFBm\xC0/\xCB\xFD�1�c\xCCC\x98\x85\xB1\x99\xCCe1A2\xB8\xAF�\x96è—’\xB8\xF1\xA4\xA3\xF0yy8\xC6*1�\x8C\xA8�q'\xCB�n'l\xE5��\xBD\xFD̹L\x88�\xE2U\x96�B\x9Eu\xA2*\xB3Z��'\x8A��m\x88gM\xEBY\xBB\xA9�\x8E�A%\xB4�\xEC\xCBhv��\xD9"\xB3��\x93\xB0\xC9�\xD3\xD9�C\xA0 at q1&\x99\x80@�\x9E�,>�{��\xC1\x96�f�\xA3%\xC8\p@�\xC0\xDCxǯ\x833-o<
-GW\xDB{\xF7[w\xDD\xDE\xF7�0\xDC9x\x84\xC34t��Lr�5\xA0WG\xE9�\x9B\xFBo\xBD �8_\xC6�r\xF38\xF8\xF6DV!%<G\x8B\xA2\xA2A\xC2kXܼ`0\x98�$3EHy\xC3�\xBB\xBC:\xE99u!\x83\xA9CV\xB8wщ\xB0�`v\xC5�"N\\xC6\xDBq\xC8\xE4JP�\xA3\xB8\xF7D\xD00�\xF7\xD8�\xC1=��\x92-\xE8\xC1*B\xDDS\x8C\x87כ\xD2+-'4\x8B\xD4\xD3Y\xB0�s\x90a\xD7}�\xE5H\x83��\xF0\x98\xE9\x99�|\xC4
-\x80d/\xD6\xE0 at q1&\x99\xD0`�\xAE!\xBF\x88ÃMW\xE6963\xCC\xEE\xA4\xF8\x82L�\x8Ag\x98\x949\x87\xF8�\xD8y¤+\xB5$\xCCLf\xA0\xB4v\x88\x8D�6\xF1z]{�\xA0_�|\xB2\x98w\xF5\xF6~\xE37\xF9\xEA\x87`\x959\x86iv�\xB0x�VFÏ…\xDEw\x83NÔ¥y\x8AB\xEEס\x9C\xF2\x98B\xDFR\x81B\xF3A\xE9\x8F\xD07(uQ\xE4 oX�g\\xBC�}�\x8A\x8B1\xC9�\xFA\xE6Y!-�fv\x8Ew\x95F"�B\x8C_E\xB5q\xA5�/\x9E\xD6�\xAE\xB4a�\xB0\xF7ܲ3\x86!`��\xF7/&\x83H\xF1\x8C�\x84�\x9Dc\x872H�\x86\xC6��@\xC1\x97c2P<Ǥ\xC6\xDA0\xFA\x8D1\x93\xA7��R\xAF"BÏ‘s�lp×´\xF4\xBE
-q \x82\xBD\x96JLk*)5�K\xC9\xE36\xBAJf\xC2w\xF3L�V\xA4K*z\R)|IESIE\xCF\xFCp\xF5w\xEAX\xB5۲n\xA8u\xA8\xAF\xE8i}\xA5\xF0\xF5��\x8A�zR\p#\xA84\x8C]\x81\x9C�[\x90�\x87\xEF\z\x84�$\xE7\xF37\x90[�\x80*`5\xF2\xB0\xFC\xE7b\x8B)B\xD2W�,�\xE5\xD3\xC5\xE2\x80�hp\x85;\xFFU\xCAE\xB0\x8C�"l\x99+d'q\xB9\xC9c\x85\xE82AG�6\x89\xB5�W\xF7>\xA6" C\xE6\xF6\xC90
-\xDEC3�\xC6P\xA5<�ðŽ¹I\x8CÓ \xC9z\xFE\xA1\xED\xBDt\\xD0tR\xDA\xFA\x96\xFBMÙƒS\xDEv$2\xC4\xFB\x9F\xF6\xCD\xF7\x9F\xA8\xD7s\x84\xD9�x�T\xB8\x89\xF4?\xB5\x9B� \xAC\xC7\xE3,\xEC(<\xB8\xB8\xDDu��@ÃH�\xE81\xACN\xE5\xE6\xFF\x91\xF50\xDD`M\xF8r\xBF\xA9\xDD�3_;��2\xA0}4Ö•ß¡cU\xFB\x9C\xA1ow\x8F\x9E at wn�N|\xE3�Q\xDB\xE0\xB9\xEE\xBBjs\xEB\xCF�\xC0\x8E!~\x89\x83H\xF6\xA4\xF1\xE7\xC7`\x94�v~\xBF\xAB\xB7\xA5c�^\xCA}\xBFnw\xF5\xBFb\xC5\xDBη�\xDAq\xDDm\xA9(L�\xF0P\xE4s\xF5t�V\xFDK4yxq\xE6\xE1\x87&\x80&rn#\xF2KDJ\xC0\xCF�\x85\xC0]
-0�\xB7\x89/v\xC0\x81\xE2bL2\xE1\x80
-\x80z�\x9E-�{62\xC1L
-\xA0:U c\xED�<\x9C�FI?t\xA0\x84O\xA1X0a \xF8+2UȃjQBH�*\x8C5b\x86Ezm\xD5˓\xA4 at p1\xA6x,"
-a�\xB3\xB78\xEA$\x96p\xB9o\xF0S\xCEeH3WR\xC0=*>c\xBEeO\xEB��o,Vo\xBE\xD8z#\xC53�F\xAFm\xF3\xC2>c\xC5�0\x86\x92E<\x8F\xC0\xFAȩ`\xC0M&\xD9�F ,\xA3*\xDA/\xB8\xE0@\xF1̂9\xC0s\xA3! N�|\xCA�4\xC0>�\x8F`:Zrp'\xCEk\xA2�Z\xFA\xAD~\xAF\x96{�3\xE0et\xE8�o\x94\xED�y\xC1\x83> �\xF8�y�\xAFJ\x9F\xAA\xEA\xD4\xC5��l�\xD0>\ \xF5\xED\xEEf\xF4\xF01uec<\x9E�\xC2�W6\xE2(w\xD6\xFB\xB1\xDAR\xF8\xD3|\xFE\x81N\xB1\xB4\x98SBsC\xADo'\xFCC\xA7\x8B$K\xE7c9J�\x94\xCA\xC0M\x89 \xEFG\x97$\xE2\xA83,Öd�s\xF0 \xCFus4+\xC0v\xC58{\xAE\xC4\xE2\xF8s\xF3�\xD1ua\x9D\xD2w\x92\x8E\xC8D�x\xE88E`\x99�\xF2\x8C�\xE2\xA83|�S��z�\xD2Fؚ\xBAA\xB0R�\xEC\x957\x{DFA7}>\xD0C�yw{\x9F�Bo(j\xCC\xD0\xE9�|dr�\x91\xEB\xE4�\x8D+|\xD93e\xD9<\x93Z�T\x95�\xE6y\xF6\xB8\x8C\xC8�\x96��΅\x83�\x88U\x9A'\xCE\xEA\xC1�B�\xC1\x8E�둴\xB3f\xF8\xF5�"�t\\xA6\xEByZ�\x81e<\xD0M\xF9F\x81\xE7\xD11?\xA6Z6�\xEF*?�\xDE\xD3\xC0ߒ~V\xD5m\xB9\xDF\xF8\xBE\xA9'`\xA3\xBA�\xBE\x8C3�\xA6<\x98R�L\xA9\xA1 at M�
-\xB0\x80VJ�\\x92���\x84\x91\xA3\xE23\xBC
-:\xF5\xC6\xF6\xBA\xF7�\xFCɈA\xFDػs\xA3�\x8B\xB4\xD8\xF5\xFA5��\xA5�\x9B_54\xA4w��\xEC[\x96]uI\xF09\xD2,7]K\xE3�\xD6\xEE$\xC6\xC8S\xE0Iٌ�\xCA<\xEB�\x86\x901�\x8D\xAFa\xE0"B\xEAc\xD1L\xF3�\xE5�\xED7\xA6Nr~\xB3\xF7�\xAB\xB6r\xE9�\xAA\x9DoZ\x97\xEE\xF4�\x9Eʔ\xCAs,(�{\xA6�( /\x8AP\x81r\x8C\x94\xA6A\xA6\x86�\xD9g�
-\xD2=1U4d\xAF� \xDC{\xAE]@\xE2\xA8�\xE5ʷ\xAC\xFD2�\\x8B/C*+]\x94v_\x8Dn2p9\xDC#\xE1\x90<K,\xA1�\x9Ct\xB8�4q>Q\x80+7\xE3k�\x99\xC7�\x87\xF1'\xC7MR�\xACH\x9Eu���\xF8U\xD5'=K1.\xCBb\xDED\xCE/�\xAD�\xED\xF8\xADJ�\xA2(T\x90\xA8o\x90C\x83\xCA\xDDb\x8EsL\xBF\xE0\xB0z�4\xEE\xC1e=:?H\x92\xF1\x92N�f\xAD�z\xF2��\xB1-t\xDE\xEC\xEBM\x8F~:\xA3\xCB:\xE1\xC0�\xFB\x96\xA4\x9F%E\xDF<(ބo:\x9A.\xF4Ab\xF9\xB4\x94!5�Q<\xB8k\x97\xE1�\xC8\xCC\xF7A\xECf\xACk0\x87\x88(�\x89/P>w\xB80\xBC\xF5\xB5(S\x87\xD2X\xB5�z\xEA\xE2�\xE2\xEA\xBC8>8H\xEC5l \x9Ej?Go\x8A\xA1V}��\xDB\xC7D��\xAFK\xEA=\xC8ӟxS\xF1\xC3BSWMξ\xE1aW6]\xB8[f,\xA5\x85\xD0N\xD5�Opd�\xD0\xE5w�\x9E̥?\xC9\\xE3Q\x85˓`\xF4\xAA\xF6ӒO\x81�\xE7S\xE82a\x9Eq)\xED\xD4?\xAD껺\xA7\xC3I\x98�\xF2ݸ0\xF4\xB1\xB9\xF6\x87\x99\xC6\xFB\xEA\�6\x8D\xADÙ \xBCl\xC1\xE1\x97w\xE1\xC38\xA6_\xEF}\x93\xE3�\x9B�w\xF8@�\xCF
-O\x9E\xA3è¬\xF2\xFC\xE9Gn�7\xEE<�\xC2Z��W=�ß–\x9F\x89-\\x87w\xD7�B-\xF8\xEC\xA9Nß·]W߸2\x97\xF0P[h:|\xC7�w\xC3D \xF6\x860IA�\xBA\xFD\xA6@\xBB\xA1\x9F�\xE4��$\xF4P?\x83�\xB5\xA7�\xBE\xD4\xEEv14\xEC�\x94\xE8��V
-\xEB/\x88A�L\xE7\x9C/�
-;zt\xE0�~\x8B\xE7\xF2�$\x82|\x84Ç«l�\xED\xEE\xB3_jp\xBCX.e\xD2�\xD8zG\xA0\\x82\xBE\x95\xA9\x8A\xBDË´Y؃\xF4\xD4`k\xB9.\xC6S;�\x91\x96\xC4�\xBF^�\xD2k7�\xDF\xE2 \xC4#\xB5\xB9\x82 \x8C\xA2ć\xA4/C�E�E\x94c\xD7\xC2!\x803\x88\xE0\xFF\x9Fo\xB1 \xFCd<\xCF.o{\x97T\x8DØ´\xB0k>\xF4kH\x95>\xC0\xAD\xBE\xD6_7\x80�6\x9Bt \xE9S\xDD,+\xAA\xA3\xF6I�%!�U\x92?\xCBC\x99\xE1\xC6\xD2\xC4C!u\x87\x99r�\xEF;0wA\x87�\xE2\xDD\xEC-\xFD\xFA�Î!7��߃\xBF\xAE�\x82\xDBÞƒZ;#\xC1Q{w�\x96h\xDF\xD2/ �\xBF4\xD4 \xC2^\x90\xA8\xAC\xC84�\x85\x8E\xC2\xFA\xD8X\xAC7�\xBC\xFC�{\xE7��\xB6O�/4x�%\x82\xC7�6\xA0(Au"\xE8Y\xD7wk?\xBA\xBA\xA3\x8F+\xEAq�Wر\xC1\xFAce\xBAx \xCC�\xF3\xB8p\xB9\xF7#\xC3!\xBD@/\xDF\xD5N9��\xED\xEE\xFC\xB4\xC1\x96\xF2\xE3\xC2�&\x9Dñž¦¢\xFBi*\xC0kx\xE8 \xCF\xF7]\xB7\x93.\x89w"\xFCe*g�Xפ�t\xA9�G\xAC\xDB\xFDfE\x8D\xE8\xF1\xE8)�\xD1Aw\xC1\xF9ED\xEB\xB4
-
-"}9D\x88\x88\xAC�jw>@\xB3z\xE6ۇ\x86�\xE2�\xEB\xDB gxߩ[�\x8F\xF1>l^\x807\xE0�&�\xA5\xE8�\xDEv\xF1�\xAC�\xAB^� \xE3\x89@\xCE\xFC9\xE8s\xEC�r'6\xC1&^R\x9B ҵ�縒\xDE?L\xCB\xCC*\xE4Z\xF8\xB0w\xC1W\xA1�-}��\xD9dg\xFD\xA5\xFA\xC4֪�\xAC�q \xF4+\xEC\xE1mxD\x98\xF1h�\xC2\xD1\xCEK�gL\x9C�\xE6\x99\xE51l>�\xEE�\x8B at 7���>\xF3� LQ\x86\x93�\xBC�\xE0\xE2�6ґ�\x9D�\xF7nc\x98\xBF\x8C#®�\xB0\xB6\xAE�\xAA\xE9r~�\xB1\x91?_\x86u��\xA5\xE1&�\x8E\xA9\xFD\x8D�\xE7\x86<�b\xDE\xC2\xDA\xFD\x92q\xF1>\xE3\xB22\x93\xF2\xF0� \xA8<f�\x8B\x89P\x85� k\xCE_\xE8\x92�߇\xEA\xDA%\xDD
-\xEA l\xC3$\xFE>\x99\x9E7�\x95\xE7L\x9C�\xAC\x91\x9Fd\xD6�\xF0SOxy\xC2�\xF5p�+j-�n\xFC\xCC\xDE\xE4-\x9ErP� \xDC\xFD\xD7�\xBEz\x8EV\xE5M\xF8Ö…\xD4\xC0�\xE0|\x80��mqb\x94c*\xEEȺ\xF4\x97\x94FEy�\xEE\xB0Ñ\xA5\x9Do{X\xFB\x8BY\x83kʃ\xC6\xD3\xB7GÉ“\x95\x90\xA2\xC0\xA8U\xDDy\x8Edz�\xA9%\xBE��\xBD\x8C�\x84\xDB�\xF4\x8B\xB9j
-\xB5p\xAC"\xA9\xE2�\xA5�\x80.L\xF0\xC3�\xC0\xEB\x94za�\xA8\xB0I\x9AL\x9E\xA4\xE9\xEF�\xDC%\xF3~\xD8��\xB6\xFE딶f\xD2\xE6\xC58 J�rU\x86\xFF6\x96(�\xE6\xF1\xD6\xE4\x8B\xFF;m\xA8��v\x87\x94\x9C\x9F\xA8ij\x93�@�\x81)d\\xCA#\xCEÿ\xB1�\xB3\xFE?�t\xE2bendstream
-endobj
-1583 0 obj <<
-/Type /Page
-/Contents 1584 0 R
-/Resources 1582 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1573 0 R
-/Annots [ 1587 0 R 1588 0 R ]
->> endobj
-1587 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 314.0348 256.3816 326.0944]
-/Subtype /Link
-/A << /S /GoTo /D (rndc) >>
->> endobj
-1588 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [268.5158 314.0348 332.4306 326.0944]
-/Subtype /Link
-/A << /S /GoTo /D (admin_tools) >>
->> endobj
-1585 0 obj <<
-/D [1583 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-406 0 obj <<
-/D [1583 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1586 0 obj <<
-/D [1583 0 R /XYZ 56.6929 752.2372 null]
->> endobj
-410 0 obj <<
-/D [1583 0 R /XYZ 56.6929 610.516 null]
->> endobj
-1338 0 obj <<
-/D [1583 0 R /XYZ 56.6929 579.8656 null]
->> endobj
-1582 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F48 1238 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1592 0 obj <<
-/Length 2364
-/Filter /FlateDecode
->>
-stream
-xڵ�]s\xE3\xB6\xF1ݿB\x8F\xF2L\x88\xC3�A\x80sO\x97\x8B}u\xDA8\xA9Oy\xBA\xDC\xDC\xD0$,q\xC2�E\xA4\xEC\xAAm\xFE{�X\x90"E\xCAv\xEB\xE9\xE8\x81�`\xB1\xD8]\xEC�VlA\xE1\xC7�Z�*\xE2p\xA1\xE2\x90H\xCA\xE4"-/\xE8b
-k\x9F.\x98\xC7 :\xA4`\x88\xF5\xFD\xEA\xE2ݵP\x8B\x98\xC4�\x8F�\xAB\x87�-M\xA8\xD6l\xB1ʾ,?\xFE\xE5\xC3/\xAB\xAB\xBBˀK\xBA\x8C\xC8e #\xBA\xFC\xFE\xE6\xF6�\x9C\x89\xF1\xF3\xF1\xE7\xDB\xEB\x9BO\xBF\xDE}\xB8T\xE1ru\xF3\xF3-N\xDF]]_\xDD]\xDD~\xBC\xBA�\x98\x96�\xF6sO\xE1̆뛿]!\xF4\xE9\xEE\xC3O?}\xB8\xBB\xFC\xBA\xFA\xF1\xE2j\xD5\xCB2\x94\x97Qa�\xF9\xE3\xE2\xCBW\xBA\xC8@\xEC�/(�\xB1\x96\x8B'�P\xC2\xE2\x98/ʋP
-"C!\xBA\x99\xE2\xE2\xF3\xC5\xDF{\x82\x83U\xB7uNRh"5W3
-\xE4l\xC1�\x89\xA5\xE4#
-ʘD\x82�\xA7A+\xB4��PJ\x97y\x95�\xFBÌ \x88\x9FÛ¤5\xA5\xA9Z/\xF1.)\xCBdg%~w�\xB2\xC1\xC5\xD0� �.\xA4r�{"�P|\xC8�S%\xA5y\x8F\xFB\xC6\xFC\xC0F!\x89\xD2T\xF7\x9CD\xAF\xE0\xE4�\xF3�\xA5\xBC\xCAÛ¼\xAEp&\xA92�~m\x92\xB5\xF1G\xF1\xF3,\xAE6\xA6\xE7\xE7\x88\xC4bB9
-�y(Ɣ\x98\x88H�\x86�^3`NH\xD8֘]\xDB\xE0\xA0\xDD��\x9A\xADIs˵\xB1\x8C\x8Ahi\xE1\xC2/&\xED \xF6\xB6\xCE;rO�\xB3\xBBdzip[;\xCB8�5\x89�\xC0o\xE3\xDC3m\xAA\xB4\xDEW\xAD?7#\x96�\T\xC8�\xD7L/\x82\xFE�\x9FS\xA4�\xAFaG�ÎVˇ$͋\xDC\xCEY\xBEt\xE4\xD5�+IV\xE6U޴\xBB\xC4[ ,\xD6�\xB8\x96֕U\xEDz?\De7\x88q\xC0\xEF\xD6\xECʼm\xF3j}B�\xE5N\xB2~\xA5ޡ
-$hO\xC7b\xAC\x81\xA7]\x8E4�E.�\x85\xEB\xAEK\x833\xED���\x9C\xBDß·8Y\xD5-\xCE\xD4pè®\x98�*\xB5\xBC\x86sܬ\xF9GRn�\xF3�\x8C8E\xBE�Ñ£~,�\xB8\xA4"Õ\xDEY\xEC\xFCv\x97?�"�~7\x87K\xB6l:^�\xBF7\xF16eÅ¢\x9D<�P;\xE9\x93\xFB\xC2{_]��\x84\xEE\xFD�U�\x80\xF5l\x84\xC0\xE8�\xC1b Z\x92Wz\xBA\xF2\x9EnY|S\xBCq�"\xA4\xF4-\xCF�\xFE\x97\x93\x8D��\xDB0<\xBA\xB1\xA4X\xD7pi\x9B�1\xC1\x8E\xE0\x8AÞu\x81\x98\x8DIw\xA6\x9D\xA2�'tQs\x9E\x8Bq\xA1"JD\xBD\xE0\xFA�\xC1\xFF_\xE1\x8DSp~�{o\xB3\xA7O �\x8ETb&@@\xF2YfȘu$;L\xF0\xD3l\xBC5e~�Jsc\xBFˉi\x81�g\xDF \xEC�\x83\xC0�\xDC�B\xAB\xCF7\x9F�\xFA\x8DJ\xDA�s\x9AXC\xAAHÄ\xC90� �;\x82�\x87\x8B\xBB\xF5�\x81\xBBAN\xEC\xF1\x83\xE1�̉C\x81\xA7t\xAD\xE0\x9FM\x8AÚ·�AJ\x9Dp#%\x81\x82!�q3\xC9\xCB=\xD6K<L\xA8Y�@���\xE8\xF4\x86\x91 \x80\xB4�\xCF \x9B\xC0\xC0\xAC(ь˱馛\xA4\xAAL\x81fsF\xA7�B\xBAT�-�\x8A\x82\xF1<\xAF\xD3�?�n\x98\xCA3\xA5;\xD2)Vj\x9C\x84�~b\xD0����\x92\x9Fh\xB5\xC7z\x89\x8B \xB5N\xAB>\xA31F\x89\x8A\x84U\x9C&L�\xF6\F\xD3D1\xB8\x98\xE7|�p\xA2\x90\x89\x99lF\xC3e\x9AT�\xD4i\xBA\xDF!\x98\xF85�\xA7�\xC7\xDBz\x8B3\x85ytwg\xF1�FH\xE1L\x86\x83ɾ\x9C\xB0;<y\xA8D\xF2\xCC\xCF%32A\xE6 \x92\xABN\xA8\xC7\xDC<\xCDE�(dA{\xA7RA\xCE\xE2\xB1\\xFE\xD5��<!3\x81\xB7G0b\xB0\xB7pl\x8F�9\\xF1c9\xC3/\xC8�\xA0\xA8S\xEE\x94""\xE4\xEA%\x8D\xC7!\x9Dh\xBCA\xEA\xA8r \xEE
-~!\xEE\x8C�\x80Ê«(p\xC2
-o\xF3\xB0 I\xBCL�\xAD5U\x86\x9B$\xC6/Og,Çœv\xB9\x92D0Õ…R\xB8\xB5vW�\xCD\�\xA4\xC1\xFB%\x9BØ\xD3f�F
-�,O\xB59\xEF\xD04$��K�3\x84@�\xA7\xBC\xE0\xD0�~0\xDC0\xE3J�\xBA\xAFth \xA2\x856\xB0
-\xC8O�\xBA\xC3z\x89\x8B \xB5c\x98\xB4,\x94\xFB\xC6g\xD0{_\x94t \xCBgϤ=)_\xD0\xDF pF\xE8Â�6l\x9C\x8B
-R\x9C؟\x88Nlt\xA4 �o+�E��[_\x8B\xD9k�\x84\x9C\xC4Z\xEB\xF9\xE7`\xD0S�\x86$\x9D\xB2ƬA=�\xC62<\x9E\xECJ\xF1l΋\xBCa\xA1�\xDFY\x93f\xE0�M
-�W\xCBß«\xFA\xA9B0i\xF0\x8B
-\xB4k\xAE\x84\xE1\x91+�\xDDN\x8E\xCF�\x8B\x8C+Y]&\xB9\xDF\xEF\xCBE\x80\xF6U\xFE\xC7Þ¸\xBA�F�\xA6\xAA68`\xC5Í£\xF1�\x8C\xB1\xA5sM\xBE\xBCiq�]�\x80\xFB\x8E\x9Eum,\xD2\xC1��\xE3cy\xCEQ\xE1�\x85\xA4]Y\xE4\xEB\xD8�/\xA5\x842>\xF7r\xB2q�#D\x9A\xF4\xA1�K \x90\xB1\xE9Þ‚\xCD��\xEBq;\xE3O\xC5\xD9z�\xB5`_\xBE\xEE�'�L\xB87\xF7A\xAAS\x91S?��\xA3�\x97e\xC8K\xE3\xF1ˤM7>\xB8\x80\xE8\x91ͤ\xC32\xB6È‘ex 9V\xB4^�op;~�\x99��^�u\xE9�I\xFAT`X\xDF$\x8F�\xD7î©p\xAE��`/\x8Cv\x95\xA4\x9D at k�\xC0\xB1\xD8S\xF6\xA2j\xD5[Y\xAC\x8EE|7\xF6\xE5\xD0L�\x8F\xC5(\xE9\x97_tk[(+ѹ\xF5\xF1\xB9p\xEA\xDC�\xB8(�\x8E}�KH\xA6o\xF7mO0�R\x9Cq\xEDH��\xAB\xC1\xC1\xE7][\x82*X\xFF��5\x86\x94Yu\xDB�\xBEh�\xC6[
-\xC1\xC5\\xA7�ÞŒ\xAEY\xD1\xE0\\xB7\xC1@é’·\x87w\xC9���<6\xF5�\x88#Ú© \�\xAA\xAA\xE5-\xDCU\xE6\xF7\xED\xB7\xDB\xDA\xF6D\xA6O\xB9 �\xC1\xAD(�\xDFÚ¦LÒ \xCC\xE4\x8CD\xF0\x96Òœ\xAA>XMIB\xB1'\xFB\xBA\xC1Q\x82�
-\x9B!%�Q\xB1�/\x91\xD2'\xA48�g\x88E�\xB78\xBD\x9A/.\xA3\xB3\xC4\xE4KL\xE8Y\xCE kF}Y\xEA\xFD\xE4\x84��P\x85\xF2\x84\x9Ed\xFC,\xBD.�\xFA\x87��#\xD9�]\xC9��T�=�+C\x8B!\xD8\xD9X]\xC6�\xE2�<�+\x98\xC7,�B\xD8h6\xAEW#Eߧp�ތ�O\xF8f�\xC4\xF4\xED�\x8A4\x8C�0퓻X\xDA�Q\xB9/�\xA9ڗ\xF7.\xC0‚\xAB\xA8\xE51D\xE7\xFD\xF3Ց\xCD]\xFC\x82\xF5-\xCE�sq%5X�ƾ)�;\xAF\xB2\xC3�ط\x9D�\xB0{C\xD6dF\xD91\xD4\xC7L\xF0S�
-4\x9DѶbD\x89\xAE6\xB4\x8D"\xC8\xCDg\xA2V�y,\xEA3�\xB6.NB\x96`�\x89\xA0`\xB6\xA5�\xBD=bu\xF4\x82�\xC1i\xC0�\xB6��3\xDD�\x8B)\xD4E\x9F\xD9rXI-�1˪�\xAF5f\xA3\xF6\x82[\xA8\xFD5\xF8u_\xE4�.\xC6o\xA5Ü\x81]�(\xF5\x84�\xB8\xA3\xF6P\xD7lqG\xDB*ѷ\xC4ھ\x8E\xF4�\x89\xAF6\x93\xC6�Q\x88�\xDB<\xCD:D\x94\xF1\xB5
-\xB1\xD8\xF7\x85\x8Az\xBD\xF6\xE6\xFC\xBF7\xC5z"\xC7f�SP\xAD\xDA \x86\xD2~A\x8C\xBE]0�|\xC3rm@\xC0\xEF�\xF9\xB5}\x8A�[\xFD�m\x93v\x83\xBB\xCF6\xE1\xFC\xB9PY4�����iu\xFEj\xE1\xE3g_�y\x99\xBBK\xF0\xB8�\xA1\xAFs�\xEA\xE97\xF9?\xCD�\xFAf\x93\xDBpS0+\x92?\xB094\xA0\xC5!\xFC\xCD\xF7\xA4�s'v\xBB\xDA\xCC\xECv\xCF T\xFB\xA28\x8A\xF0~\xC8��\xF3\xD1\xC9`l\xFD\xD5�\x8E:Jm\xCF9M\x8A\x91~\xE0\xD4z\xAC\xB1\xA7dW\xF56Ð^\xC3N\xD3MÙ³}\x849\xA9\x97�\xEAѶ\xCC\xDC\xEF=!Ï•oQ\xA0.G\xA8�\xB8\xF9<�\x8A8\xD4\xF8\xDCq\x9E\xE4�\xBC\xA5
-l* ?\xF5\xE2�\x8C\xB7\x8DN\xB6\xAA~?{\xEDlJi\xAC\xB8WS\x9A\xE1\xA9\xCD;Ox\x89ʩE\xF1\xAE5\xFC"\xCFc\xB9\xBBѩ�\xCE\xFD\xD9�\x81\xC4\xFEC8󶦽Ͼ\xF9\x8F\xC8㿴P\x82 \xAD\xCF<\xD2�\x8D\xA0@\x8BUǔ�0\x9C\xF4O\xFB,\xA7\xAC\xFF�\x99\x9B\x81Dendstream
-endobj
-1591 0 obj <<
-/Type /Page
-/Contents 1592 0 R
-/Resources 1590 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1573 0 R
-/Annots [ 1598 0 R 1599 0 R 1600 0 R ]
->> endobj
-1598 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [406.6264 463.8552 456.8481 475.9148]
-/Subtype /Link
-/A << /S /GoTo /D (tsig) >>
->> endobj
-1599 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [140.5805 452.5676 196.7992 463.9596]
-/Subtype /Link
-/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
->> endobj
-1600 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [103.6195 409.8565 159.8382 421.9162]
-/Subtype /Link
-/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
->> endobj
-1593 0 obj <<
-/D [1591 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-414 0 obj <<
-/D [1591 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1594 0 obj <<
-/D [1591 0 R /XYZ 85.0394 752.3146 null]
->> endobj
-418 0 obj <<
-/D [1591 0 R /XYZ 85.0394 717.6455 null]
->> endobj
-1595 0 obj <<
-/D [1591 0 R /XYZ 85.0394 688.3332 null]
->> endobj
-422 0 obj <<
-/D [1591 0 R /XYZ 85.0394 619.0499 null]
->> endobj
-1596 0 obj <<
-/D [1591 0 R /XYZ 85.0394 591.4512 null]
->> endobj
-426 0 obj <<
-/D [1591 0 R /XYZ 85.0394 513.0222 null]
->> endobj
-1597 0 obj <<
-/D [1591 0 R /XYZ 85.0394 482.614 null]
->> endobj
-430 0 obj <<
-/D [1591 0 R /XYZ 85.0394 275.2452 null]
->> endobj
-1601 0 obj <<
-/D [1591 0 R /XYZ 85.0394 247.6465 null]
->> endobj
-1590 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F22 961 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1604 0 obj <<
-/Length 3170
-/Filter /FlateDecode
->>
-stream
-x�]sܶ\xF1]\xBF\xE2&O\xA7�\x8B\xC1��\x92Փ\x93ȩ2\x8D\x9D:\xCAt:q\xC6û\xC3\xE9X�I\xF5ȳ\xACv\xFA߻\x8B]\x80\xE4\x89g{\xA6�=p\xB1 �\x8B\xFD^\x9C\xE4B\xC0\x9F\�\x9B\xD8B�\x8B\xACH�#\xA4Y\xAC\xEB�\xB1\xB8\x87\xB9�/$\xAF\xB9
-\x8B\xAEƫ\xBE\xBB\xBB\xF8\xF6\x95\xCE�ERXe�w\xDB�\xAD<�y.�w\x9Bߗ6Q\xC9%P�\xCB\xEF߼~u\xFB\xE3oo_^f\xE9\xF2\xEE\xF6\xCD\xEB\xCB+e\xC4\xF2\xD5\xED_n�\xFA\xF1\xED˟~\xF9\xF6\xF2J\xE6F.\xBF\xFF\xF3\xCB_\xEEn\xDEҔe�\xDFݾ\xFE\x810�}\xCE�}{\xF3\xEA\xE6\xED\xCD\xEB\xEFo.\xFF\xB8\xFB\xE9\xE2\xE6.\xDEe|_)4^\xE4\x9F�\xBF\xFF!��\xB8\xF6O�"\xD1En�\x8F0�\x89,
-\xB5\xA8/R\xA3�\x93j�0\xFB\x8B_/\xFE� \x8Ef\xFD\xD6Y\xF9I\x91(mՌ S9�`n�\x93\x8B|\x91\x99"\xB1Zi/\xC0\xF5\xAEl�\xB7ߔ\xB5\xBB\xBC\xB2B,\xAF\xE9\xF3;}\xCE\xCE'IB\xC0�(\x84ŕ\x94Ia\x8C�\x80\xF2\xD4\xFFs=^#\xA6\x93H\x81\xB6fI\xA1U>\xD0\xE0\xAD0\xF9\xED+%�q\xD3�I\xA4Y\x92Zk\xA3\xFA\xA5 \x95
-8d\xDF\xDE\xDFW\xCD=\xA9\xE8׾\xEC]횞\x86?\xB8wB\xA8\xA6꫶!L\xD9l�\xF8\xAD+\xEF�\x9F\xA5F₣\x94I\xA4\xCCR\xD4\xDD\xCEE\x86\x86EJ$Bg��\xE3\x9A\xC0\xC1sb:���\x92\xD7u�sZg\xCBu\xDB w\xF7\xC7å̗\xAECl\xBE,i\xF2\xB1\xDA8\x82>\x96\x87\xCA\xF5O4h\xB7\xB4*^\xDA#�\xF0~�
-\xB6í€~\xE7h-\xE9�Q\x9D;|t�4j\xB4\xFCL-o\xFBn\xE6v�,E�\x991\xDBl�3×»JA\x87&\xCB\xF5T\xC3�\xBBC\xD9\xC1\x91J\x83\xBC\xBB\xAE]Wp\xEF�\xC7r\xD9�\xFB\x87cOs\xB5\xEBw\xED\xA6{\x81\xA3��\xAFK\x9E\x897\xC2-\xA42\xC0v�\xB8\xAFP�8\xDA\xC3h\xCFK�\xABK �\xE6\xF54O\xD7F\xA8\xDF�]\xB9\\x97M at 9\x86V\x8E\xA6\x8E\x9D\xDBLÍ•�\xF2\xB1\xF2t\x8D\xDF3'\xAC"�F�Q\xC1E\xEF\xDB\xC3ÓŒ\xACR\x91\xD8<\x884J�ɶ\xF4\xED\xDCÞ\xD9nw\xED#�\xA8\xFC\xF6\xD8\xD1`\xBD�i:�\xA0%\xE0\xB7v�Z2cK\xB2%�\xA0\x91\xB8
-{[V$`\xD2��\x81]En\xF4\xA6٣,\xD3t\xD96sWKUR\xA4\x91\xE7\xCFXy\x96h\x99\xE6�IW\xC8YjH\xBE�\xE3/�\x98
-9\xA7#l\xC9\xEB\xEA\xB2a\xA6\xD8\xEE�OV\x80h\x92q\xE5\xC2D\xC7�\xE2\xD5�\xF9X6=^\xFDJ\x8B|y\xBB%$(pX\xE39\xF3\x92\xC9!\x8EZm\xA66ܴ3�\x91:\xC9T\x9E~\x95 at laN�\xF2b\xB0\xA3\xA8\x9F�\xB9\x86hP�\xD1\xEA\xB1\xDA\xEF Z\xB9?\xD1A\x93\xD8�I �EV�\xBD\x9A c>�\xFF\xDB_R�I\x9E\xFBu\xA3;Fk\xF5�7n[�\xF7}\xD85ƽ\xEF\x9E: z=En\xDC\xEA�p�\xB6OC\xFD\xF4\x80c�\xFE\xBDޡ�\x8C\x8Eh\x8E\xFB\xFD\x94\xC8\xD5 \xB3'\x89\xE1$Xk�\xC5"\xCB\xFD\x9A[���\x9E�:B�\xC8�2(�C@�\x81��\xCFd\x8EH4X\xFC\xB6\xDE;�r\xA0\xC1վ\xEA<\xEB\x88x\xF4\xD1�\xA1H�\xD4[�\xE3:K�1{^\xB0+\xF9\x9C\x95�b3\xC2{(�\x9D7a#2\xBA\x994\xE1f\xD2.s\xBC\x99V˪\xA7\x99GO�&\xA6\xDC�\x82&̲k=�#\xCC|DSh\xBEXu|Ev�J\xCF$78\xE21\x9C1\xB9\xC6\xDFHp0\xDFC\xC0\xF6\xB2�\x98\xD3�\xE9>3I\xAA\xA4\x99*\xDF\xEB�r��r\xE89\xEF\xA5\xCB\xE3�\xCA\xC0@�@/\xD1Z\x8F\xD3b:\x8A\x8C8"\xE5\xDCS\x94\xD8\xC4E\xDDSӗ\x9F�v�?\xD9�xK\xD5З3\xA9\x9EQ*\xCCF\xA5�|\xDF\xF2\x8Ev\xB23\x8D\xCE5\xE7$�\xE68:`\xFA\x9E\xA4\x85�"�sM\x98\xC8&
-\xAB\xEDIXy\xA7T:�+\xA4UP\xA5\xE6A_Ws�
-|\xD1�O\x88\x98z�Ť\x92sM\xF7\xE0\xD6�ޞs̉�A}\x97&\xD6``\xD5P\xCDʼ�\xD5n\x89\xE4\xEA\xED.p�\xAA�?\xF8\x85\xF2\xE3�\xAB\xB3\x97!<\x82\xE2\x99\xD3P_ |߆\xB4�\x84\xD96n*\xE5\xBAe\xA7\xF5G\xE9b,�\x83ż\x90!
\xD3*\xA8\x9B\xF3��\xB17\xA4\xBFk"\xFC\xD4�\xF9^%Ë.?\xF0\xE1A\x80\x9C\xEAF\xC9�tXO\xD7D:\x98\xD1B\xE1\x9C�\x894\xB9\x9CF\xFD�\xF0!$g\xB3\x91,\xAD
-i6\xD4\xC00]�\xBB\x9E\xE6\xAAf\xBD?b\xA1\x89\xE82\xAC\xEF\xC0\xC5\xCAa9\x94�G_\xAC\xC0$\x97R\x80\xEDʧ\x8Ep�
-}f%\xDAC9\x82\x8B|M\xE3\xC0\xD77\x84\xF0\xD5)��z\xCE8�\xACÉ\xF7&\xFC\xF6\xFCE�s\xCB�\x87\xEER\xA4\xD39�m\xFAj}Ü—��S\xE2"x[\xAE\xAB=\x96\x8FR\xCA\xE5\xC9vr�\xDC0u78n\xECn~�YLY3\x8901\xD4�0\xD8TÝš\xA9\xF8\xE0\x97B$\xBC\xED\x89 Z\xC4\xCC\xD5\xC9\xC7 \x94\xF9\xFA�Ô±\xEF\x909,\xF6\xAB\xBA\xEA I|�\x8E\xE5L\xD8qa\x9CSa�\x96S囇J�p+\xDET\xAE\xD7\xEE\xA1\xF7E�̯\x9EN��4�\xD8wˆ8���\x9C\xA9\xBA\xD9\xC21O
-i
-v\x89\xAAٶs\xC1&OrY\xC4`#\x8C|A\xF6\x9DB\xAF\x97顩\xA4�\xE0�@-\xB3\xC1\xDEp\xE0#-|\xA3%㠜\xABݤI\xF24$5l�6s\xAE,\x92\xA2\xD06\xC6H\xD78\x88\xF5\x8EOO 3\xA9}\xF6\x89A�\x90C\xB9\x83#n\xBB\x90\x9Df\xF3m\xCB\xFC�\xAA\xC2�\xAB
-\xC1 b\xF2\xF0\xD4&\xB9\xCE\xED\xD4B�\xC1c\xD8\xE7 Ñ´\xFD4\xC6
->\xED\xDB\xDD'�l�
-nT\xFEÏ·\xB6�_ DP�Vg3bR2\xC9l\xC8$Ó€Q\xD8!`�(\x93#\xB5,\x80\xF7i�\x91\xA3 Q`\xFA\xF7\xBDBA\xCAD�\x99Z1�d\x88m \xE9
-�\xC6��\x83\xB0\xAB\x95\xF0)\x9B(\x94}`\xA0\xC3X\x81}@\xEB͆LLB\x89\xA3\x8B9�d\xB9nc"\x9E\xCDP\x93F\xABve��\xC5�\xAEu"i\xF3\xF9G\x84T\xDA<Ú¿/#f\xDDD*cç„3�\x85\xAD3\x94�q\xB5\xEE;\x9A$\xD3\xC4U\x81w\\xE6}&\xF31�? \xC7�4A<\xE0��\x84)�W~k\xD9\xD0\xEC\xE0b\x80\xF51\xA9�\xEF�\x80X\xB5\xD8'\xE3\xBA\xC0�6\xB1^\xD8P'\x9AT\xA5Sa\xEFI\x82>\x84Y\xC9R� \x94S�{�\x87/�N\xFB\xE8#�\xAEl\xE9\xBBr\xEB\xB6\xF6i\xC0\xA6\xDC��\x96:g 8\xB9���×±^a\xE4S\xED\xB9�9Jz\xEA\xF4\xEDÊ\xE1`W\xAEw\xBC\xD7\xC7�e\xD5Y\xB6g��\xDA��&\x9BYO\xC4�U\xA7�%{
-�E�M\x8B3�\xBA\xB5I*t\xB0\x9Cx\xBF\x99G�\x99XkG�<Q\x8D%k,\xED\xD0C\xB2\x94\x9EE\x9E\x9FW@\xE5h\xB5\xFAR\xECL\x934\xD3!r\x90(\xF14\xB2ɾ\xF4\xE5\xB4 \xCF18C:BhU\xAE?��h~\xD0�δ\xDBA�~zp�\xA8�\xA1\xF4R";\x89\x93\x98\xCBt\xA6\xF8``\x97\xAA\xFDLq}\x85�\xB7p \xA1^`�Z}\x96-_\xF9@
-h\xF7 "\xBC/3@Ô¾\xC8F,i�\x80\xF5\xAEm\xC9\xED�\xFB\x93Z~p\xEE!\x9CCg\xF3\x82v\xBF!`t5Do#W�\xE8I�\x98\xD4\xEE'\xA6\xB4�
-�\xBA�\xF5\xF9\
-\xA6H\xB2,\x96\xA3\xA8\xD84\xE3\xF7.\xAD\xF2\xE5?|\xF1\x87\xD0\xCAm\xDBز¸b\xBCo\xB6\xE0K�;\xD7I\x80\xA6m&\xE2;H\xE4�\xAA\xFA\xE7\xFC@�P�Y\xB0\xC1@<\xEA\xC6\xE7V@\xF4\xED\xCCI6ML6s\x8E\x9A;�r\x92\x96\xF1\xDAω��\xA0\xD4Sb!�\xC0^\x90\xFDI\x84\x82\x83Ĝ\x9D+ c\x8D\xE0/$\x8A\x93�\x89\xF3�\x82\x96B}\xA5\xE4\xA67�1i�螓\x85\x9EȢq\x88/\x9B�t\x81\xB9\x91\xFFg\xEEŗ\xB8\xC7��r\xCA\xDF/�0\xFB#\x9DI\x89� h%\xE6\xFAG
-a\xA7 \xE3\x9Dje�\xCD!\xCF��\x9F\x88f\xE3�tIiZ�G�\xB5�\xD5K \x84\xAA\xBA�\xD5?N�\xEB\x95\xEFd \xF6\x89�\xBE\xE1@\xBC�x\xD2-\xA3gk\xCC�R\xBA\xC8\xE3Kh\x{16FE44}�yßš\xE8=\xB1\xB5�\x9AU(\x94£\xF9\x86\xF8\xE37\xE8\xA12\xB2\xDC\xF0�C7\xC4/g"1\xE2\xE4\xE5\x8Cߺ\x8D= \x88\xCA�\xAE"-?v!\xB4\xE1�\xD9p\x88D�\x97 at v\xC8r0\xBDrLņH\xE1\xD1\xEE\xD3Ú¹Mw\xB2\xB1j6Õš/�\x8BP2\xF88\xAB\xB2\xE5\xEB\x96V\x84�\x80\xF08\xA3\x9D\xB6I\x93\xC2\xEB�t0\xFC>Ê4\xD7\xC8×±\xFC\xE57\x93OU\xD7Ç·\xD6\xF8Z0\xDCg(\xA8!
\xBB
-\xE2>o+�\xE0f\x9B3Y\xFBl\xFD\x9C\xC7$x\xDE�rkN- \xBB \xFA\xF5�.H\x9Cu\xDC\xDC\xF0\x97\xDE\xD0q:\xB4=l\xC4�\xF4\xD9�K*\xEAW�\xFB�\xBE\xBAIE\xE5\x85�\xBF�E\xE2\x84\xC4~\x84\xA1\xA09@hj\xF0
-C\xA33W�h�UF\x96\xD9/\x97�\xD2\xC4K\xFB򀂯\xB6\x89\xD1\xD9Iy\xD8\xF5-�\x83�3\x84v\x894\xA7\xF9) \xF4\\x88\x88���\x82�T\xE0�S\xC3l\xE8\x99�\x81Y\xC5`\x98*\xF5�\x85�\xF8\x95\xB2\xA7.\x8BdǮ\xAA\xA3\xAB\xE2\xEBa\xEF~0�1`*Z8\xC0\xA3(\xA6\xC7O�0@\x9B~14\xE3\xE4\xD7B'\xDA\xE6j\xEA\xD8#�Q�
--%9z\xBBߓ\xB9(~\xF0U\xD8=\xAC�\xD5*\xA2W\xEDG\xDE\xC1ݵ\xF2M�|�\xF7H \T�Y�.l0��\x86\x8DJ\x8DT\xC1a\xC5'\xCD\xFE~\xA2\xB1\x97\xC9\xE2\xCB\xF2\xE7�WU(9�\xF8�
-�MK'\xD4\xED\xF8\xDCMÙ—\xDCm@�\x94f\xE2\xA4&\xE4rTPe\x8F_\xB4\xAB\xDEWE\x82\x9A
-\xFF\xDD\xF1,y� Ǧ\xAFxg\xD7\xD6<\xDB�\xFB\xABv{\xB5"\xA9�\xA2v\xD8aU]MC\xE2\xAC�\xE9v\xBC\xE1\xC0\xF4�\x979\x90\\xD3�\xA2\xF3'�^Și\xCD\xFC\x93QlM\xEB\xF2SU�\xEB�\xC0(\xB8\xCA\xD1\xEB\xEA\xE4\xE9`\xE5v\xE5\xC7*\xBE�\x9F{H� r\xDC�\xFB\x80v\xFAd9\x8E\xA5\xB3\xFD\xEF
-\xD5Ò´\xEE\xC8\xEFV'4f\xBA�\x9Bd\xD0c}1\x94\xCA"
-\x8Bbut�\x92\xB5\xC9\xF4Wy9�\xB2\xA9\xD5u\xB3\xBF\xBB\xC9̂�\xD2|\x9A�b\x97\x8D\xBFf\x95\xCD{\xEE!\xDEO\xF0\xFC\x83\x9CN
-\xFCW\x91\x89>\xB7՞\xFF\xDB\xE2�ފ\xD5\xD57\x84�B�\x8E4}H��)Q_ϵ\x9D�\x87\xAA鯨c\xC5uO\xAE\xBB>\xF7\xFF+\xD0M\xE1?\x9D\xCC\xFC\xB7\x89\x88?
-\xFC\xCF\xFF\xDB2\xFC\xE3O\x9A%:\xCFU\xFC\xB7\x95\xA9b\xB3<Is \xC2L\xE1]R\xFB\x8C\xF3\xF0O0\xCFY\xFF/\x81.\x88\xC5endstream
-endobj
-1603 0 obj <<
-/Type /Page
-/Contents 1604 0 R
-/Resources 1602 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1573 0 R
->> endobj
-1605 0 obj <<
-/D [1603 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-434 0 obj <<
-/D [1603 0 R /XYZ 56.6929 696.3453 null]
->> endobj
-1606 0 obj <<
-/D [1603 0 R /XYZ 56.6929 666.0554 null]
->> endobj
-438 0 obj <<
-/D [1603 0 R /XYZ 56.6929 459.1977 null]
->> endobj
-1607 0 obj <<
-/D [1603 0 R /XYZ 56.6929 436.7104 null]
->> endobj
-1602 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1610 0 obj <<
-/Length 3640
-/Filter /FlateDecode
->>
-stream
-xÚZ[\x93Û¶�~\xDF_\xB1\x93�kg,�W�t\x9E�\xD7N\x9C6N\xEBl\x9F\x92L\x86+Q�'�\xA9\x92\x94\x95m\xA7\xFF\xBD\xE7\xE0 �\xA9\x85\xD6\xEBƳ\xB3#� \x81\x83s\xF9\xCE��\xD7�\xFEĵ5\x8C\xABB_\xE7\x85f\x86�s\xBD\xD8]\xF1\xEB5\x8C}{%\xFC\x9Cy\x984�\xCF\xFA\xE6\xF6\xEA\xC5[\x95_�\xAC\xC8dv}\xBB�\xADe�\xB7V\\xDF.\x9E\xBD\xFE\xEE\xD5\xDFo\xDF|\xB8\x99K\xC3g�\xBB\x99\x9B\x8CϾy\xF7\xFE/\xD4S\xD0\xCF\xEB�ß¿}\xF7\xED??\xBC\xBA\xC9\xF5\xEC\xF6Ý\xEF\xA9\xFBÛ\xB7o>\xBCy\xFF\xFA\xCD\xCD\X#\xE0}\xE9W\xB8\xF0\xC2\xDBw{C\xADo?\xBC\xFA\xE1\x87W�n~\xBD\xFD\xFE\xEA\xCDm<\xCB\xF8\xBC\x82+<È¿\xAE~\xFE\x95_/\xE1\xD8\xDF_q\xA6
-k\xAE\x8F\xF0\xC0\x99(
-y\xBD\xBB\xD2F1\xA3\x95
-=۫\x9F\xAE\xFE���\x8D\xBAWS\xFC3\xCA2ce\x9E`\xA0�#�
-nY\xA1\x8B\xFC:7�˔T\x8E\x83\xFB\xAEn\x86\xF9\xA2�\xAAu\xDB\xDD\xDF\xCC3\xCEg\xF7U\xFF5�\xEDz.�+\xF0 s!Xa\x8Ct\xAF\xFC\xD7
-\xBEx+\xE5hu~=W\x9C�\xA1i\xCE\xED\xA6\xF2\x93&$�@ifa2\xCE\xE9\xEF\xFBm\xBBN\xAC\xA5�\xCB
-\xA1\xFC\xB4e\xD5�uS�u\xDB \xF3�9[l\xCBC_Q{Yw7\xC2Ϊ\xC5\xD0Sǰ\xF1#\x8BM\xD94\xD5\xD6\xF7\xB6g\xA3\xB0\xF7P\xED\xA8
-D\x80ܵ\xCAf\xEF\xC2*\xA5[u}\xD8U\xCD@=u�\x89\xEF#\xED\xD0V\xB3U\xB9\xA8\xB7\xF5\x8D\x98
-\xF7\xD4Q\xF6\xC4=#\x98\xCCAS'܃\xE3,\xBA\xFA\xAEZ\xDE̕.fuC\xBFC\x92a\xB9a\x99�\x85\xFA�\xC3$\x93&\xCB\xFD\xB4]\xE9\xD7ܗ늡H\xB3\xD9_\x9B\xF6\xE8{\x89ܡ\xAEzz\xA6\xB3&ť
-+T��\xF1{\xD55\x89Í¥ \xA5�~\xCE\xF3\xC42`WB�\xE2 at r]b�\xD0�\x95\xE5\xF2\xA9\xAB\xEC\xCAz\x9B"\x853�ɽ\xB8HпeY\xED\xDAÔ‰TÆŒ\x92\xF6\xA9Ä”\x87as\x91\x98'�\xE9\xA2p\xA5e\xA0D\xF9S\xD7\xD9\xEE\x93\xFCU\xEC\xD1�\xCD5(+7\xF0\xE0\x95\x95𵩎}\x8A$\xC5\xF2\x82?F\x92aBè ·\x87\xC3b\x9FZE\xB2\xCCj\xFB\xA9U\x8C\x9F\xB0\xE8\x92\xC2�\xCD)\xA4y*)(+\x80\xBC\x8F)\xA9��,[?u\xA5Õ°\xBF\xC4g.\x9E\xBAȶ]\x94[\x9E\xE2
-\xA8`\xC6\xE5g\xAD#\xFE\xFFu\xCCx�\xF9\x85\xE8Q_h�\xFD\x85\xCEe\xBE�=Yj\x9D\x82 \x93G-k\x96i\xEF\xA73e\xC7K\xE5O i.35Û´\xC7\xEA#!'\xD8*/X\x9E\xEB3\xB7Ü´\xCEU\x89Y\xB9\xDDRc\x8C\xF4n\xC0#\xBD{\xE8�\xFB}\xDB
-\xE8\x87\xF0\x91\x9Ck|\x99\xCF\xDA}Õ\xD3m\xD6~\xBAs\x98\xBDs\x94j\xF6]{L�P\x82\xBB2\xF0\xF0�\xFFn\xE3 \x8Fu\xA0�<\xF6r\xEB\xC9\xDBU}�\xEE\xCBS\xDE{?,\xBC'\x87\xDFM\x{DF6C}\xE29\xB8\xD9LO\xB9\xE1ÏŽ�\xD9(\xF2\xDEF\x8F\x9D\xAF\xEBn\xE87\xED|\x85 \xD9\xE7FM\x8E\xC3�m\xB3J\x9C �\xB5\\x8A\x89�Æ•\xBD�V\x92\xCFÞ\x88\x86\xFB\xF6 at c\x9B\xF2cE]%uÄ �\xDA\xC7M\xBD\xD8\xD0(\xB8Ìž:\xFD<P\x84{�j\xB7\xCB\xD8\xD5S\x80��\xED*\x85\xF0"\xB3\xCCB\xF87�\xF8\xC7d$\xF3\x88\x86æ�(\xF2m\x9B\xED=\xB5�Y|6�[j\x8Cæ0\xE6\x87.\xB08\xE3L\xAA\xE8\xF7A\xE7� \xE7�n8\xFC\xA7\xF0L\xA3\xAFË‚HV\x87f\x81q\xE1\xF3\xB8G�Z\xB5\xDF?�\x8B\xD0�}}\xBD��\xC39\xEAuÓ’a,Y\x88zs�\xA6)\x80U�Z\x9BB<�\xD2J\xA1�\xCE\xF4h\xA4\xA8u \x86\xC2R"8\x86�Ufvl\xBBß½zn\xEBß“Q\xA0\x85HB\x8A\xCF��\x9E\xF5\xB4\xFC/Rj\xF0xm\xE7\x80 \x9F\x9E\xD3@\xF5Ç¢\xDA�\xD4�\xF2\xD5\xC8\xC3{\xEA[\x90�\x83vn\xFB\x96\xBA\xEE<\xC9@\xFB\x92\xC6\xEA�\xF5x\xA5\xD6#\x8C\xC1\xA3\xE1\xA6Íš\xB8*2͊ܪ3��\xBA\xB2^opwY\x90\xB6\xC0/*\xBA\xE2\xB3_8\x97��\xA0�\xC0h� H\xD36\x8E6h�z\xBF\xFE\x83\xD0\xD52a\xF3\xCF�\xAE\xD0R\xB9\x9A\xFDp!
\xC2�\xD8"X\xA2,F\x87�\xE2�o\xB1\xD7\xFFn\xAB\xB2\xF7\xCDvEs(߀\x8E\xA8�~\xE6G\x97\x99 at s]\xAC\xFCY���\xAB\xF2�(,t
-\xE0Ac\xEF\xBC>\xF7\xD5�����\x9F\xAD\xDA\xEEdj\xA4\xFB\x94�}MO#DE;^\xD1\xEF�\x98_ua\xBDH$<9"\xFDl\x8Fѣ\xBD\xCB�jO0�>5�\x84:-
-\xD2
-lD\xC6\xE1\xC3�R\xA5�b�MW\x80\xEE\x9F��\xCFu&\xBC\xF5\xE3�i\xAC�\x8D\xB0\xD9\xC9R�Gs\xC3T�=\xD4\xC9|h}\xE2\x86;\x973
-
-g[VC\xD5\xED\xEAÆŸ\xF1\xE8�
-[\xC0\xC5f8\x80[\xBD\xA7\xE7}\xD9#p�Ѐx\x95\x86(eb�\xC3\xC6q\xAB=\xAC7\x98\xBDY1{\x8B\xA2U\xB9�\x9B-w\xFBm\x85'\xE6�\xF6D�i\x9C\x8F\x864
-\xAD�'\xC5\xCC��N~�\x9F00qSO\xA2v\xDD}\x82_\x8A�&\xB8\x95\x9FÊ–4\xC7\xE4\xF3\xF1\xD0�r!S\xF0SFw\xB8\x90\xC6�n2?\xEB\xEE0�u\xE4r\x90j\x90\xD8\xDC;\xFDBC0\xC5\xCD\xD4B\xD6i\xAD\x82D#\xB7E19�;\x96]s\x9A>&\xC3Â\xA4�\xC4~\xACˤ\xE3bF*\xFD4e\xD2\xE3\xFC\x8C\x94�afA>@q9\xB2M�@\xDB\xC4\xDE3o2\xC57�)\x98�\x8B\xD6ͪM\xA7\xE6VE\x95\xBF�\x95b5\x8D�\x88\xA9�UJ4�C\xB6\xC0�\x84i$\xF4Γ\xBF$\x85\xDD\xEF\xA3�U6g\x85\xB2v*\x9Fw\xEE`\x86�
-�}
-\xA6A\x95�|<V�'�\xCFf\xD4\xC6ȦZ\x82\xC6+x:\xD61՞\x9C\xC1@[\x98pЦ\xDCU\xCB\xD4!4\xE3*�\xE0\xC19\xB9\x9D\xC7�0^ \x864/��j\x96���\xF5\xB2&\x81\x90\xA4\x8Cu�gİ\xAA\x87\\xD0lw\xAA\x82\x90+\x91\xD6�\xCAi5\xAD\x96\xA5\x8E\x85\xF8ò\\xEB)\x8C�\xDB\xC3ֻ�W\xE4\xF3\xB8�\x80|\xEA�j?\xEC\xABi�x\xA5\xE0VH\xB6\xBB\xB4oI\xC2\xFF\xE5H\xC9�\xF18ò\xEA\xBA�\x99\x94\x96y\xB2\xF8g\x8AQ\xE4T\x9C�\xFF\xB2H]1*\xFE��T\x98\xE24\xDAW�\xE6Rs\x90\xC03\xFFf?\x80u\x90\x97Z\xD2$\xA4��\xDE\xF9w�ګ\xDCa\x90\xA0,�\x92\xC2\xC9b�\x9B\xA1j\x96\xA4y ��ڸ<\x83v\xF2\xD1V\xCE\xE8� \xEDG\x8AYm\xA8MZ�\xC9ö[�\xA6u7vvh�걿\xEC\xFD/\xFD\xAC|�\xBB\xF6\x9E�a�_\xDB\xD3\xF3�d\xFD\x9CҺH\x81w%\xE7T8l^\x9F\xF6\xA1�@6t5\xEBCWΣ\xC4G\x86\x8D\xF29S\x85\xA8 >\x81\xF3g��(\xB0\xF4)\xA8\x8B¡\xB3\xFA�\x98\xD7\xD7�\xFD\xFC1�\xF0\x88\xF8\xD6\xEDb
-\x98�\x82q\xC8'\x86T\xA0\xE5\x94Ó\xAF \xEA\xDE.+\x97\xBCJJ\xC4\
-yF�\xE9C\xE2x\xEBm{W\xA26\xD9\xCC;/h\xE61\x8C\x83^\x92S6[{-�H\x80y�Ua\xE8\xDF�n\xAD�\x84 \xC9
-L\x99\xB0<s\x94\xD2\xC0�\x8B\xCA\xCE^\xE1\xC1�^0\B\xC6\xF3\xD1��\x90\x83\xF8�\xA3I
-\xB3�\x85\xF9\xACN\x9E\xAC\xAF�B֪\xA6\xF0Z \xD8\xEA\x9E\xFA\xC0(:�\x91\xF0t)I\x96\x90\xC1\xA9\xEC\xD3\xD0� �\xB3$\xE2wDt\xB7k\rk\x91spa&�!\xF3\xD4ژ\xA6K�\xC0�\xF4T\x95\x9E\xE4U\xBBݶGWj��\xAB\xA4\x9F}�\xDE\xC7)�>\xA1\xF1�\xB7\xD7'`V\x86���Û#+L$\xD8�\xE2�\xA5\xCF�\x9C\xAEY.<\xFEteҷj\xCD2ЈQ�\xA22/Yx+J��\xCFK\xD6\xD8(Y�\xBB\xD2c#\xC5斄:F\xBE\xB1\xEAA\xA4\xEC\xA2@\x9C8\xD6<\x98\xE65�_<tM\xE5\x81�\x9C!\xB2\xF29�\xE5\xDD=\xF5>\xCA
-p\xFCLk�\xB0ޱ\x80 at Q)\xC6s\xFE\xB0ru\x8150�$+O\xAC\xD1\xD2\xCC^\x91I�Sñc\x8Ff-\xE1\x80
-\xA8o\xED�V\x8BPz\xB1\x96 Ξl\xC6'g\xCEH\xAD\xE7�\x8C\xC74)1\xD7o\xB8&\xF0\xB2\xC8\xC7ӕ
-\x84B\xFE�g\xB7 at CYo\x83\x8Fm�\xC3\xFE0\xA0\xE4�\x9F\xBD&\xDF�\xEA'\xB1\xF2\xD2\xEF\xABE\xBD\xF2\xC9Y9\xEACd^\xD0sT\x90Q2'\x84\x98=?K�=\xF8\xBFL�\xDC�\xC0\xA3#\xC5{A\xA2\xA0^\xFC\xE6\xB6\xF9Í« \x8E\xFC\xC7�5y[\xB8\xAA\xD1\xC9यVm\xFB\xD5\xD7S��Ó²\x89\x9B\xE7�\x81M\xF5g\xEF!}\xB4mв�j\x8C\xB4FE\xDEÓ\x8B\xFB\xE0ן�\x9BÊt4{�:F=esO\x8D\xA1\xDEU\xBE\xB5\xF1\x8D�p\xBE\xE8\x84}\xEE\xA2\xEF|{\xE1l�\xD1&�\xF1\xEE\xDAG!\xA7\x9D\xA8\x9C\xF7\xC0\xE5\xBAͬ\x8A \xA1\xAC\x9E,�C\xEE�\xA0V9\xA8\xC0I\xADp\xE4B -9g\x9C\xE7�\x8B\x96\xF7\x80\xE7\xF5"\x85Y\x8A\x89xC;J&aiJj\xAC>Qx�o\xE1؉h�\xE4\x8DÝ\xF1\xD0;\xB4^\xF4\xB8\x95\xE4g\x81\xD4(\xDDv\xF5\x89h%Ó°6T�] |\xA9T\xF1\x90
-�\x80T\xBCҤ�r'\xE5��,\xB3y\xCC�7.,\xD3�\x90\xD89w\xCDOH\xAA\xB1Ǝv\xA8U\xF0\xFD:D\xAC0\xB6\x84\x90\x81Z\x8498\xE6��\xBB|\xF9\xC5-L\xBF\x90
-\xAC}\xB2u.Bc�\xD71�\xFA�\xEAw\xE5\xFDx\x93�\xBA\x84� ~�\xA6e\x9A\xD9̜e�\xA9D�\xD2\xC0L\x98'\xDC�\xE4\xF1\xDE\xC0c\x8EK\x8E\x84/�p_\xBD-\xB0\xE4\xE7\xAB)\xF8\xB0o\xE1xd*\xF8\xD8\xD7\xCD"�\xA5\xE4\x82q\x91?\x8D��\xE2�_\xF8\x84ua\xB6\xDF\xC1�\x8D\x85���F�\xC31\xE02\xFA(\x93\xA7\xD5J\xA8\x8C\xE5\xCANE�?\xBDxHM\x963\x91\xDB\xE0E\xC3}\x87\xD6�Ӓ\x9F9��\x8F� _r\xD92F\xF5^\xCD Z\x88\xEA�\x8B\xBA\xE1C�|rE\xC0ܜ\x86\xBD\xF5\xD0K^\xEBr_\xF7\x85_\xD2:j;U\xCF1g\xDF"\xC4(\x886\xDFB\xA6\x86\x92 ��\xF3\x97��\x94\x96̊XM ><R:�e\xCBŘ�D|\xF3<&NM\xB8�˙\xC1\xFAa�)\x85�\xE3�<�\xAC\x81\xA6\xC3}!N3#�\xF0\xC1\xFB�h\xDD\xF9\x9E`}s]d�\xB2]\xA9
-\xA6d,\x8B\xD1�/\xA4\xBB<�\xED�S\x9C\xDE�Q\xDEO\xB7\xA5\xB2;\xB6\x9C3�\xC1 L\xD0vw>O~\xEEq3\x83�L\xB9K\x8C\xB1\x89:]\x85\xD0\xD6��"\xCDr{,\xEF{\xEAu\x82\x86>Gn姺HJ�-\x81Q
-\xAB)\xEE\xA2(\xD9�@\xBB\x97T�B3@\xD1@\x92�\xD5-\xA8\x84\xB2\xD3\xC0\x84Q\xA9\xE7\xBB\xEATY7$a\xF8uq-\xECwJU\x91\xF0\xCDhn\xE6\xEA�I\xEFH\x93\x92\xA2�\xECR\x99\xF9\xA4d\x80\x85,\xCE%s\xBA\xE7\xAAÂX*\x8C\x9A�\x85\xA5l=\xF56\xD2\xCE\xDFVwsp\xB3\x9C��a^r\xF3���\x9B)\xEAYWMÕ•[\xE0%x=\xEE+rá©›\x84\xDC\xF2b\xD8v;bR\xA6F\xF4fX+8tÔ½\xF7\xD7^TFv\xE2\x86\xDE\xC5)\xFE\xCCd\x88?\xA7\x8B\xA8p��-\xEF��\xA8?\xA4\x85�/>\x95�rV�1y\xA4b���\xAB\xF2\xB0�\x88 \xB45R\xB5L�\xE8\xB8MQ�\xF16��.w�\xED\xBA\xFD\xE5U&\xC7�5\xA1)\xE0W�\xFA\xACX�.\xB1N\xF7\x82\x93\xDBaWI8\xFB\xBEO䘪I}-
-\xC1t\x9E\xB9/\xEDh\xB0[_S\xE3\xC3\xE8Ó¼8>~\xC1}\x9A7\xCD`�\xAC\x8B�\xFET-BÝ‹\xBB\x8F��g\xF2\x9C$p\xCBLqa'$=\xF8F0\xCE\xFA�!�W\xA3\xBC+\xA1\xDF\xC2 I\x99Ô—\xD3�/\xC6\xDF·r\x9FH�^\xBC\xF0YF\x85�\x85-\x8C\xDE\\x8F[ \xB5\xC3-K��\xAE�o7R\xA5\x8DѶ\xF4N2\xF7�\xDB\xD2-Ô \xF1\xE3\xFB]\x91ݵ\xCA0\xC1\xA7\x85\xC9\xC2\xCA8\xA5\xC1W\xCFS\x99иȷQ�\xF4�\xB6a9\xBB\x9A\xF2\xCDY��\xCC�D\xF8áŸ\x877\xCFδܮu�\xFA\xE6�\x91\xF3Ó„MÞ·�b\x91\xE3��pie/�2)\xDA�\xE2\x90\xD2?\xA0{u `$\xE8+?k\xF5\x98D"\x9D!�o\xE5jSa7*"M\xDEy6_=\xF3\xBB\xEFcu2\xF5\xAD\xAE2�?\xB0MX
-\xFC{�\xFC\xE9\xEFxO�9\xEB\x9C)ke\xDA\xFC\xC0�2+\x8B<�\x85\xDC\xD0\xF99\xE5\xF1\x83߇\xA4\xFF�qݺ,endstream
-endobj
-1609 0 obj <<
-/Type /Page
-/Contents 1610 0 R
-/Resources 1608 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1573 0 R
-/Annots [ 1612 0 R ]
->> endobj
-1612 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [173.6261 190.3209 242.2981 199.7305]
-/Subtype /Link
-/A << /S /GoTo /D (the_category_phrase) >>
->> endobj
-1611 0 obj <<
-/D [1609 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1608 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1616 0 obj <<
-/Length 2058
-/Filter /FlateDecode
->>
-stream
-xڥX_\x93\xDB6�\xDFO\xE1\xE9K䙘!\xA9\xD4\xF5i\x9B\xEE\xE6\xB6sIz{\xEE\xC3M\xDB\xC9hm\xDA\xD6T\x96|\x92\x9C\xAD\xEF\xE6\xBE\xFB��(K\xB6\xB2\xCDM\xC7�\xA6@� �\xFC@\x90j&\xE1\xA7fq"\x92Lg\xB34\x8BD,U<[\xEDo\xE4l�s\xEFn�\xF3,<\xD3b\xC8\xF5\xDD\xF2\xE6\xCD}\x98\xCE2\x91%:\x99-7�YFHc\xD4l\xB9\xFE9H\x84�s\x90 \x83\xB7�?\xDC?\xBC\xFB\xE9\xF1v\x9EF\xC1\xF2\xE1\xE3\x87\xF9B\xC72\xB8\xF8\xDB�\x8D\xDE=޾\xFB8_(�\xAB\xE0\xED_o\\xDE=\xD2T\xC22\xBE{\xF8\xF0=Q2\xFA\xFB\x82\xD0ǻ\xFB\xBBǻ�o\xEF\xE6\xBF.\xB8\xB9[\xF6{�\xEEW\xC9�7򯛟\x95\xB35l\xFB\x87�)\xC2\xCCijg\xF8\x90Be\x99\x9E\xEDo\xA28�q�\x86\x9ER\xDE\xFC\xE3\xE6\xEF\xBD\xC0\xC1\xAC[:\xE9?%\x85��=\xE1\xC0H
-�h\xA4H$\x88J\xE3L$\xA1�\x9D�7Ei\xE7\x8BD\xCA\xE0\x9B*\xDF۵h\x8E\xD57\xDF\xE2\xBE@\xF8B)\x91űv\x9Co\xDE�_Yoi\x90w\xF4\xDF\xEDXBk\x9B϶y\xD5\xD2\xD7\xEA\xD84\xB6b\x9E\xB5}:\xF2\xB2\xD2~\xB6唂�&\x9A\xA2;\xF1\x8A�\xD8S\xACȔ\x85�E\xA6d\xE4�P\xF0\xFF\xDB\xDB駑\xBA\xDA\xE5U��X\xEF&?\x96ݧ\xB6[ۦ!\xDAܪI\x89~\x8F\xCF`\x87\xE5}t5\xEF\x8EDL�\xEEf^tZ]\x95'\xEF\xA4jM\xA3CS\xD4\xE7\xFD�Ն�\xE5\x9EaWlw\xF6B\xA3\x9Ap�.\x9D\xF6\x93\x9E\xF4Sx\xED\xA7\xEAX\x96C\xEF\xA8Td\xA16ӛ\xE9\xEA\xB6\x{1667BA}]Qm\xFB\xADuc\x9F\xC1\xA4\xCF�\xD66\xE1#\xD4\xCD\xE6_\xA8�\x86\xF9ͽփd\xC6\xCDd\xC2�\xE3X\x96\x90\x82\xC43Lx-E�#\xE9X8�.�\xAB <a�\xCD\xE2�\x98Ub\xBE�\xB2Zd\xA8x�\xB0�/p1\x94\xE8\xC08\xB2M\xA9P\x841l\xB5g##�&׻
-\xB5\x88C\x99\xF2V\xFAȅi�\xEC\xF2��)\xC1�)\xED\xC1\xAE\x8A\x9C\xA7�\xCD\\x99\xA0>\xD8�\xB3�)\xDD�\x81\x8B+\x8A\x8E(\x94\x9C�\xEE\xF5qe[\x9E;v\x87#\xF3?\xEFl\xE5ex]�\xF2\xF3�\x94G\xC0\xBD\x8B\xA1\xC9\xC0/2�ǘ\xF1\x8Fœ\xF0�\xF8_\xD5տ-\xA9\x86J�*�<t~\xA6\xD9\xE7%\x9A\x87_�\x968\xC6�\xC3\xFF\x9C\xFE~\x91Rc%\xC3\xF1
-V\xD85\xB9qT�aR(c\xBC�\xFB\x827\xE1q\xA8\xE4Ú˜\x8C9\x8B\x8A\x95\xEEX\xC5x\xDFd\\xDD\xFCæ €�\xEB\xC2mÇ®\xBA\xBA9Í•R\x81 \xEF\x842�Q\x9A&>\xD7S'\xFF\xBE�Y:\x8B at .\x94M�l\xFC"�y[W\xED\xEB9.\xE5�\xE0�\x99�\x83_\xB4\x8E&\xF6\xAA\xA2P\x98L)\xDE\xC1\xE28\xB1I�!bq\x82\x9C\xC8U\xBDß»*\x84�eQ9M1dQWÔ¬Þ…�\xFE\x8F\xAD];\xDBbgÑ„�\xEE\xB4I\xE2\xAF\xF3y\xAA3�\xD8>\xA2�m+\xF6Hg\xD7l�\xA6.96\xD5B+}Q\xFA\xF2MG�\xF4\xB24ha\x94\xD1C\xA3\xA6`�\x87ol\xBC��\xD2t\x9C:\xFCm\x9D�\xB1\xE1<L}j\x98\xA0\xB2\xCFD\xF9\xE9\xE1\xFB\xD74"_\xC2�\xD4K\xA2\xF4x0=Â\xBC\xB5\x95mxw1��O\xE7k\xEB\xC1\xDB"2Y\xFA\x99_\xB0\xF5m\x977�'\xAA \x8E�v_�"u\xA4Æ¥\x97�\x87$o\xBB����6sXUU$�\xBE\x9DWRNÖºÆ\xA4!i�\xEA\xBAhW\xB9\x9BZC\xDC!Q\x8C��64w\xAA\x8F4\xA8\xACe=Λ\xF0\xBF\xCA�Ý‘\x82M\xF2\xE8$\xC1)\xF2�z\xD6ȳ\x88\xFD\xB1\xED\x86\xF6\xB18��\xB4\x9F\xF1\x8A\xE3\xE7\xA2\xDBM\x9DC=\xB8\xBF\x80(\xAD\xA0$d\xBE$,\xB6_�(\x90\xD8#'\x96>�$\xA3\xFB\)\xB8\xB2t\xC0\xC0�#
-v�\xE8\xDA\xE6\x85\xC2\xE7\xABK(t�\xAB\xF3A\x8Af|\xACV�`\\x92%\xE7\xF3�i�\xAD�ƒ\x92*F3��H_�o\xCD\xE3'K�\xD8r\xBF�\xC2�E �\xC2G\x96EQ�-N\x82\xBC\xEC\xEC\�
-}q\xF9�\x99Ç¢\xEC�\xAE\xC0\xE2�2\xAD%\xA6\xB3oJ*\xA2\xAF\xA7\x9A\xA1\xA7#\xBB\x8EÔº�\x80}\xBD\xAF\xD7\xC5\xE6tQ\xBB}'@\xA7Q\xBD\xDD\xF6U\xFB\x89Y�uQu=u�\x80\xDCB\xA7\xE6O\x9E\x9C\x97�l�*\xDF\xE5\x9F{E\xBD\x83\xAE1,]\xB4\x94�\d\xB0\x8F\x87뉄vi\xB9\xB3#\xE5lØ\xBB&o\xED�Ú¡Hd\x91\x8A|?\xE4\xC1�fP\xCE�&Ø»"\x84\xE4\xF3\xC6 \xE6Q��mM�n/\xC8\xEB�\x89�\xEAZ\x91DG?\x90\xC0s-\x91\x98�\xEAU\x8E
- \x8E\xBA\x9A\xA6Z\xCB\xDC\xCF\xDE"�ëUl B�\xF0=};\xB0��\xC8�R\xAD\xBD\xA5.U\xEA\xEAUG4\x94\xE7R2\xA3J�\xB3Ì–\x9EÙ¸MrÉ�b\xC1E\xCBB\xEA\xCD�+\x9C\x90�:\xA7{\xFE>:\x94\x9C �ç Š\x98\xDCM \xD9\xF6\xB6m\xF3\xADe\x9B\x8Bj*\x8B\xB9-\xD3f�\xF2Pg\xE0�,\xBCHG\xF4!\x85\xDAl\xA48/�\xA5\x9BlU�C��\x87\xD7
-\xF0\xE59�\x8B\xCC׬\xA1r�\xA6\xB6\x9D\xCD�\xE01 �\xBD\x89T\x8A�\xE8eo"\xAD\xF7&\xD2s\xA2\xF5 at Cڕ\xAB"\xE3\xED�G��\xE71\x98:
-\xF9\xA6.\xCB\xFA\xB9\xC7!\x96\xD3�v\xF9\xE3\f}?\x89M\xC9_&*\xB8��\xC6\xF3^�WE��_�O-�\xF3\xDB1Ñ\xE1L{\xF1\x8E\x92fN\xDD-\xC2EC�FL\xE9$\xB0\xBF\xE7\xFBCi\x9D/\xA0Ͳݫ\x96&\xDA\xFCD\x9C\xEC\xE8\xC4��H�\xF2\x98r\xCB1\xF7�#\x92�^U\xC7b<kN\x9FtP\xB06W3G*\xF2\xB2e~\xAF, ~\xB3\xF6\xC0j�\xEA\x814È¢K\x84\x8EK\xA9\x85:�\xF7[|8\xE1\x9E\xFE\x9F\xF3L\xC3\xE9\xFD\x8A\x8F\xB53\xFE\x86Ź\x8F\xF9\x8B\xF1K\xAFo\xB0\xFB\xD3'\xEF\x8AO\xA3\x89\xC9ë¾¾|\xFC�.G\xF2\xE5�ÈŸ\xBBw�\xA9\xE3\xAC;\x87\xEF�\x9E&&\xF67)\xFE2e_`\xE1�\xFE\xA3�\x96\xEB\xAC�\x82h\xE9\xA2\xEAo=}\xB3\xC7Ge\xC97\xBDA�D\x9CV\xA3�\xE6\xB24Lf\xC7D�\xAFb\x91\x86\xE7\xDB�>a\\x9B�][8\xBE7Oe�\xEC?��\x85\x8D3l�\xAB\xDF7\xB6Y\xE0\xF14,�\xF4z1(�/\xC7�\xDA!\xB7\xAD\x97$\xBC\F\xEE�UQF\xE7\xB3�?�FH\xFD\x9C�e\xFETB\xC3Å”Q�\x83�\xAE
-\x85\xC1�\xD064\\xDBv\xD5�\xAEWe\xAEz3��}\xF8\xE9`/\xE6蘃�\xE2�\xAE\xEB\xDC\xEAҪ�k\xAF\xAB./*1\xE5\xA0\xF7u\xBF\x85\x89nk\x9F\x9F|E\xE1\xA4Y\xAF\xEDz\x9CG\x9B\xE3\xE0\xB2��\xDFq\x89Z\xC2�ڶ\xE2\xEA\xEDGfЀ\xC9lf\xB4H\xD20\xFD\x9A\xB7�8\xB6D*\xD3/<\xD7.b-"ef\x8B(\x85F\\xA6Sﵲ\xBF%\xFC\xE9\xD7\xE1\xF3\xD39\xE8�\x8D\xD1緦��R�\xD7\xC5P\xE3A\x8F\xB2\xD0鑹z\xBB\xF6\xCF\xC8\xCC50\xFD\xBE%+�endstream
-endobj
-1615 0 obj <<
-/Type /Page
-/Contents 1616 0 R
-/Resources 1614 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1620 0 R
->> endobj
-1617 0 obj <<
-/D [1615 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-442 0 obj <<
-/D [1615 0 R /XYZ 56.6929 436.7807 null]
->> endobj
-1613 0 obj <<
-/D [1615 0 R /XYZ 56.6929 411.9988 null]
->> endobj
-1618 0 obj <<
-/D [1615 0 R /XYZ 56.6929 95.0274 null]
->> endobj
-1619 0 obj <<
-/D [1615 0 R /XYZ 56.6929 83.0722 null]
->> endobj
-1614 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1623 0 obj <<
-/Length 2752
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�\xCBr\xE36\xF2\xEE\xAFP\xD5�BW"���$\xE7\xE6\xF81\xEBÔŒ=kk\xABv7É\x96h\x895�\xA9\x88\x94�\xE5\xEB\xB7�
-R\x94L\x89vٮ\xB2} �\xA0�@\xBF\xBB�1\xE0\xF0/�\xA1f\E\xFE \x88|\xA6\xB9Ѓ\xF1\xFC\x88�\xA60\xF6\xF9H\xB89\xC3zҰ=\xEB\x97\xD1\xD1\xCF�*�D,2\xD2�F\xF7-\!\xE3a(�\xA3\xC9o\xDE\xE9?O\xBE\x8D\xCEo\x8E\x87Rsϰ\xE3\xA16\xDC\xFB\xE5\xF2\xEA\x8Cz"\xFA\x9C^_]\~\xFE\xF7\xCD\xC9q\xE0{\xA3\xCB\xEB+\xEA\xBE9\xBF8\xBF9\xBF:=?�\x8AP�\x80\x97�\xC3�\x80\x8B\xCB/\xE7\xD4\xFA|s\xF2\xF5\xEB\xC9\xCD\xF1�\xA3_\x8F\xCEG\xCDY\xDA\xE7�\\xE1A\xFE<\xFA\xED�>\x98\xC0\xB1=\xE2LE\xA1�<\xC2�\xCED�\xC9\xC1\xFC\xC8׊i_\xA9\xBA';\xBA=\xFAW\x83\xB05jA\xBB\xE8\xE7s\xC1\x84\xD4j0T>�
-\xE0xƲ\xCA�Y\xC0\x83=\xCBr\xC0\xA5�\x97\xD6\xFBq���\\xAEYCl\xA3�
-�0_�\xC8_\xA9X`L\xD8\xF0W\x8A�\x85\xAFX\xA8\x94��Z0i\x80\xF7\xC8\xE0Ir�\xAF\xB2
-
-\xF3ek>\x908\xD0~ \x8B\xE0\xBC\xD1,9�\xFA*h \xE0\x87\xF1\xC6q\x95L\x8B\xE5\xBA�\xFA\x9Ds\x99'%\xFD\xAC�\xC4xY1\x9D\xA6\xF9\x94z\x8BE\x95�\xB9\x9Br_,qe\xA4\x87�,\xD2Z\xDAŪYQ"\xAC�\xF5
-\xA9E
-\xBF�g\xC9\xF2X\x84\x9E�\xE6^^Pw\xB9H\xC6)\xAE>v`E\x8E\xBF\xA6\xABe\x8C\xCBQ\xE7,.\xB7W#�\xBFK\x92\x9C\xA4\xAE>\xC0\x84\xED
-\x9E�\x92�\xA4\x95\x836\x8D_\xC77\x94��\x8A6��\xCAHp\xFF�( B\xED���E,\xD4\xC6\xEF��\xA1q�\xA2\xFA4ɓe\x9C=O�D\xE4#oƳa\x9Ce\xA0\xD52�\xDE\xD78_\xD3H5�~\x97\xD4.\xAB4˨��\xEB\xF2�*\x87 \x8B\xCBҲ-\x99PO\x9AWE\x83|\xD8%�N�~"\x8E\xC5\xF9\x84� lkׅ\xABa#\xA9\xC7V�\xFA֢\xB3\x9F\xBBm\xB2\xBD\x8E�\xBB\xDCUo\xCA\xDD@\xB3�$\xBA\x87\xBB&�\xCC�\x83\x88�=\xAE\xE2\xBB�Ԫ\x8F\xBD_\x93\xB2\x8C\xA7\xA8oJk\x8F(\x96\x81����u�;\x91G\x{18B4A0}\xB4\xDF w@\xAB�\xF9\x89�\xC0\xCFd\x99�K\xD64r\xB7\xEE\xD6\xF7\x848\x94\xC7s\xD7*\x93\xE5�\xB0\x8Bx[\xB8\xBE\xAA\xA8u�\xFE]\xE4Ɏ�\x8C\xE3q\x8D
-\xB7t\x80\xD1-
-\xBE�\xA3\xEB�=�e
-\xB1\x9F\xD1��\x8Dx\xD4\xC7h�0��\xDA�\xB3LƫeZ\xAD{�}\xB2XXr��q\xB6C\xC7I\x92\xA7ugqO_"\xFD\x9F\xAB\xA4\xAC\xCA�\x84m\xED\xF8uTx_\xC2j \x91\x84�\xFA�\xAB53R*K\xAFڧ\xF4�\xF6t\xD7\xF9 \xF9\xB0's\xB2\xB9\x88\x97\xA5u\x88[Dw\xDC�\x83\xFE\xC1\xE0��\xB7\xF6\xFEV$~�#%C�\x9B\xFA\\x90\x81�\xC8/�\x82eR��\xEA}�\x89Ϯn!\x92\xE4\xCAI%@\xAD\x90\xD4?ax�x\xE5j<\xC3a\xF08%M\xB3��;h>hH\x99>$4\x96�\xC5\xF7բ\xA4\xF1�\xF9\x88N\xD7�\xD1\xCA<q̪\xD9z\x97\xCC\xE2\xEC~[S\xC6Y\x9A\xE4U\xE9&\xD4nic\xA1�\xD6?1w�
-�\xE0{\x8B\xA0�\xD9f \xC3D\xC0e�\xDFE��\x85@
-)\xFB׽#{\x9A\xF7\xB2\xFE\x8Dٯ\x96q^�dل O}GZ\xB6\xAD\xD78I��\xEBVk\xF3ok\xBEěҘ\xFBL
-\xDD� \xF0\x80\x85\�\xDB4.V\xD5;�\xB9\x84\x90\xEB0y[\xFB\xFE\xC0\xDEAG\x92I�\xF5\xB9]�Ad\xEF�r\xBByQ\xA5\xF7\xEB\xE7�\xCFH\xAB\xAB\xEB\xD1\xE5\xC5\xB7,U\x8C\x8Bl?\xF1ڻ\xFA\xC8\xC4��\x9A\xFB}\xAEU\x87Ј\x84s\xAD\xD6b\xF6�\xEFۖ\x87\xEC2\xBA/ U\xDCF÷\xA4\xA7�\xA3�藰\x88 \xC2�\xF4\x94\x9Ci�\xF6
-c {S\x86<\xD5*\x9Fcn�\xCE\xEA\xF9Ѿ��\xB4;\xAE\xB9\xD0^\xC4D\xCC(\xD8�\x81\xA0\xD7\xEAB\xAC�\xE3\x91/ݬ\xC7\xD8\xE1\\xE5\xF1��>�A\xDFI�i\xC1<\xCD\xEB\xEE\x99MK\xE0\xD4�x\xA3\x84\xD9\xF6\xBB6M\xC4\xFC\x81\xB8m\xBF`y\x94�\xD9�\x82\xEDx\x9C\xA5\xE8\xF3�\x99\xA8:M\xB0#\xB1\x83\xC5Z�\xC2XÒ \xFC<=\xA8\xE4�\x88Ã;\xC3C\x9A<v�TJ&\x94\x89\xDC$H~
-\x8F\xBC�:\x81\x94>�C�Å·N@\xD64\x90^\x96Ör5\x9F\xC7X9\xC1�Ö€\xC27\xCE\xCA\xC2M,\xA6S�k�D5\xFB\x9D%�{�\x81bA\xD8\xD0}\xAF*a\xF4\xA0k�6\x85�!�\x85�\xB0u\x8E��\xCA\xED\xEA\xC8hf7\xA7t\xAB\xD8#\x95\xF1\xEA\xDE;P2\xEA)I\xFF�\xE5\x87\xF8\x8Di\xA0 }\xA1�\xF9e'W\x93di��\xCC\xE4UHq�Lh\xEAKv\x91\xAA+�k\xB9\x9Bj;Cì¦�@|\x95\xA8\xC5w\x95u\xD58\xA4`\xAA&\xCE,\xCE\xF3\xE4\x90%n\xA9\xE4\xEB\xD4\xFC}-1�!-T\xBD\x96X\x80<�N\x968O\xAA\xC7b\xF9\xBD\xD7n\\xB9yd\x83!j\xB6\xA9\xCE!k\xDB\xDA\xCC�\x8E\xAC\xFC\xC80#B\xD3G3Ι\xE4N�W\x8B \xA8Fβ�Ë™\x8E\xEB\x9A�\xC2�\xA0W{#�\xD8\xDB\xFB\xA1�\xE9\x9B\xEA\xCB\xF2\xFC0\x84Ø¥E\xAD\xE1{\x95)�3^��\xB4\x8F\xF0f\x94\x8E�\x93\xA1|\x91\xB4\xD7 {i-#\xC5T\xC8\xFB\xF4\xD9��\x93\x91O\x99��\xDE�\xCF\xFB\xA8|\x8B�\xF4{\x97\xAB\xB6\x8A\xEC\xF8\xB3\xC6AFwV\xAC\xB2I\x9D\xFCÒ·qV\xD6�\xB3.\x9B}bo��\xD8\xFDxY\xAD�`\xF4\xFD\x90S\xD9\xFE~\xED.�T}e\xA06\xBE\xA6\xC3\xDF�\xC8!\x8C\xA8\x8D\xF5\xFE�\xAA\x90\xF1 at 4\xF1\x88\xADB#n\xEBd\x9DÇ“L)\xA9\xB7=^\xE2���D\x88\xFDXx䦣\xCDE�\xFEX\xE5�\xC4N]�\x94�\x93\xBE�[�\�d\xC7�\x81c\x81_\xFB%\xBA�!\xDCxS�\x8D\x90\xEE&(4
-8\x8BB�n\x93\xB5\xB9\xF7pw�\xBBd\xA7t��\xD9]P�\xF7b�\xE0>\xEB>b\xF7\xA2XVn\xE1\xAA�\xA4x\xE2�\xD7}\xF9\x8D6�O&\xAE\xF2\xE2�P';\xEEV�#\xBAr nw~\x97l�\xBEvZ\xAC\xA4[J\x89f\x8F8�bL7\xCFEػ�Y/�\x88\xBB z�G\xF4Ww\x90PaԷs2\xEC \xE1\xB6�\xA2\xFD\xE1*ءwC5!d \xFE<Kʔ '\xD4�4V\xF1\xD4a\x88�\xAA2\xE9\\xFAw\xAE\xF9\x8F\xB0Q\xA3\xBD�\xAD\x92\xC1ب\xC2\xE3\x98\xC8�R�
-hL�\x9B� 'ܬz\x98h�\xC35m\xA0\xCF.oA\xD2in\xD5�:q\xCD\xDB�\x81\xF1αB\xD6\xC1��\xE6�r\xE6\xF4]\xE1M�6�\xC3y\x8D\x81+\xDA�\xF4\x8FN\xBFQ\xA3�\xA5\xF2~
-3j`d�sv\xBD�\x87\x8Dܞ\x9F�\xCE\xEB\xEF8\xB9\x8BfDS\x88\xA3\x91\xA6\xD0� \xD6\xE1\xC6��\xE9C?\xAE\x81\xBFO\xCF6\xF3Ng\xC9\xF8\xBB\xD5L�9KK\xD4\xE0\x89]\xCB\xCE\xD9\xC5���N\xE8\xB6V\xF7\x95\xADmX\xE9\xA4HW\xD4r\x8A\xD9KY\xA5y]ۅ\x91mm؈\xB4܈\xB4p䃾:N\xB6\x81}�\x8B\xB6KV(\xB9N\xB9\xBE\xF0\xDBv\x86\xEFfI\x94 �\xCE=4A�\xFE\xC5?\x8C\xD4\xCA|:�
-\xC9É\xAF?u\x92\xFF\xF1\x91%\xC5\xF3E\x96\xB0q1',\x97W\xF4=\x81?j\xFDx{Þµ\xE3\xF6ÒŸ>Ñ¢\xC1\xCB�Í“jߢCZ\xB4\xD3w\xB7]\xE2+\xFD컆I2�Ì—Z\xF7\xB8n\x89��\x84��\xC71\x84,\xA9X\xF6\xFB\xEF\xCB�\xABÓµLBR�\xDFa\x9D\xCF67\xFE[�J\xF1mˉ,$[V\x9D\xA1\xC7\xDA�\xC8\xC7\xCB\xC2Ö¥\xA1\xE7>N\xB3Ußi\xFBp�\xF8BBB�\xA8\x85\xEE+LKȧ\xB9v\xAF#\xD2r\x81Õ‚\xFE\xD8\xDEM\xA4\xE8 TÛ†\xA3
-\xCD,\xA8\x93\xEB�\xDE"�O\xAA\xB2\xD1\xFEmcєT\xA1=/&\xAB,);\xD5f;:k\xDD|ou�\xDB1Z\xEBv\xE9\xD0\xFB\x866\x91>\xF0%\x83\xF45\xD3}I\x9A\xF4#&|c\x88\x959�|\xFC\x9C\x8B%\xF2V\xED<ct{\xF9\xF9i\xA5\xF6e\xB7v\x9B�\xBF\x95\x8A\xBC\xC3�"\xC9#f"\xBF\xD7L� \x98Q\xDFR,\x83PmH\xA2\xDBo\xA6\xBE\xD8�/\xA5#'\xEC%V\xCFT\x80qj\xE9�\xE2M\xF1.\xF2\xE6i\xB9\xF3\x94��\xB9\xE1\xD6T\xE1�\x9A</(\xFF\xDEuLn�\xCC6\xA4Am���\xC9&\xAE\x8B\x84-;\xE1\x97޴a+\xA2�hYN-�\x92)\xB4\xC0vA_\xF2\xEB\xFB\x9F.mnH\x9C3\x9F@\xB2[\x97\xAC\xB7\xEF,�\x88L\x8B�o\xF5\xD6\xE8�\x84��\x90\xA1\xEC\xABOcu�R-\xF7�%ɒ\xA9e\xE7\xB0ȳ\xFE�\xC0Y3�\xB3
-\xE5Y *]��\xA4#_\x8AiI#�_�\xA8\xDA\xD7Ak�?$\xD4r\xAF\xBD\xA0uO\xAFI\xC6TfUO\xA21b\xE8\xD5ή\xBF\x9E\\xDA�\x8A\x81\xBDO\x96\xDA\xD4\xD7`Aˉ\xD2o*C�t\xDDk\x9E�Ԏ\xD5�W�o\xF7\xF9�ImܑT�\xB1\x83:\x95\xED\xA7^\xE03\xDF\xE7u\x8A\x9C\xE6[W\xD0\xE0\xA4\ٴX\xD6�kVw\xBBoj& $^\xA4r\xFB%\xB4\xC5\xFA\xD7I\x93\xCF9�\xA4Ag�i\xBB\x8AL\xD7KL>\xE8\xF5$\xCF}\xF7\xB9y�\xEB��@\x86\xAD\xA0`\xAB\x84\xC0
-\x9E/\xC0m#.\xA4\xA6�\xED\x92CÖ5F\x94nVk\xEB\xFF�k;I\x93endstream
-endobj
-1622 0 obj <<
-/Type /Page
-/Contents 1623 0 R
-/Resources 1621 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1620 0 R
->> endobj
-1624 0 obj <<
-/D [1622 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1621 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1627 0 obj <<
-/Length 2959
-/Filter /FlateDecode
->>
-stream
-xڥ�\xCBr\xDB8\xF2\xEE\xAFP\xD5�\x96\xAE\xB2�\x82 I\xD0{r2v\xD6S\x893\xEBx簙�(�\xB2X\xA1HE$\xA3x\xBE~\xFB�\xF0\xA1Г\x99IR �\x8DF�h\xF4[b�\xC0_\xB1\x88b?N\xC3t\x91\xA4��-ֻ\xB3`\xF1�s\xAFτ\xA5Y:\xA2\xE5\x98\xEA\xE5\xC3ً�\x99,R?\x8D\xC3x\xF1\xB0�\xF1\xD2~\xA0\xB5X<\xE4�\xBC\xD8�\xFDs\xE0�x\xAF\xDE\xDD\xDDܾ\xFE\xEF\xFD\xD5y\xA2\xBC\x87\xDBww\xE7\xCB0
-\xBC\x9B\xDB7\xD7�\xBD\xBE\xBFz\xFB\xF6\xEA\xFE|)t$\xBCW\xFF\xBE\xFA\xE5\xE1\xFA\x9E\xA7b\xCB\xE3\xE5\xED\xDDO\x8CI\xF9\xF3�\xD3\xFB\xEB\x9B\xEB\xFB\xEB\xBBW\xD7\xE7��~>\xBB~\xE8\xEF2\xBE\xAF�$^\xE4\xF3Ù‡\x8F\xC1"\x87k\xFF|�\xF82\xD5\xD1\xE2�\x83\xC0�i�.vg*\x92~\xA4\xA4t\x98\xF2\xEC\xFD\xD9z\x86\xA3YZ:'?��_\x84\x91\,C%`\x90Ú³\xFB\xF2��\xECk\xC1PD È“m\x97"H}�\xFF\xC1\xEBD\xA1\xAF\x83D\xF7\x8F�\x8AÑ£�X\xAEt\xB2H\xA2Ôe(\xE9QL^5˼h\xB2Uir��,
-G\x8B at 8I\xA4�\xD8 \xA9\xDFÔ \xD5 \xF6>w\xE6P\x98\x86�\xED6k�\x8A\xBCm\xF6\xC50neL\xC5Ц>\x9C�\x{DB41}=S\xD7L\xDB5\x96t_f\x85\xA5\xFD\xE9\xEE=�yg\xF00\xB0\xEDR�?\x85\x8B\xD1\xFE\xB46J\xBD\xB6Ø™\xBAk�\xD0�)#\xEFa[4<\xC1_\xEDÕ›\x96\xF6��\xB2"\\xBFxk�\xA0s\x99]\xDDZ\x82\xC6�\xBE\x98\x83\xE5T\xD5\xED\xDC V\xA6\xA8P�I\xE4\xDDß¼b \xB4G!�{\xEBz\xB7/\x8B\xACjy\xE2\xB7
-\x90�
-\xB2\xF2\x98=5�\xF3\xCEmw\xA8,\xB7ػyw\xBF\x9Cn\xC8V\xF3\xF6\xFA�5?\x94�\xC8�\xBE\xCAk\x8A]Qf�Fҥ y͢�\xCC\xF04\x80Ϊ\xDC.\x86[\xDB\xF5\xE6+Ȧ)\xEA\xAAyN\xC42�,%�\x88\xB1L�\xEF\xB8E\x91ڹ'\x862\xBE �\xE8\xAAH\xD9U9ȱ\xAD\xEB�$ \xE0\x91\xE2Dz\xB7v1\x9Fdf\xE7#+J\xDE\\xA0DB؅^3N<\xF7my\xBBGӒ2�\x86��\xBE\xC3\xD3\xC5\xDA\xE9#\xA07YQڥ5\xF9\xBC;&\xC1Ĥ�3Rgi\x82\xFB�\xA4 �˘ \x94 By]\xFD\xD3"\xED\xB5A\xE6\xFE\xDC\xFD\xEE@\xD1.ϗJ\xC7V\xB8R{%���;\xD34٣Ů\xB3\x8A\x81\xAClj\x86Vv\x8A\xB4YJ\xD0\xE2s�%\x83\xFBl\xFDɴ\x8Ea\xD3\xCC\xEE\xFE\xD2XCDeO\xA5�ľ>\xB4\xAC\x82\xA9� �\xE67\xA4n\x80\xAD\xEAjɪ�X\xAB\xEA\x80v\xAA\xBE6s\xF2\xB3\xF2�]h\xB6uW\x92\xACS\xBA�\xE2x\xEFek�~H@\xD1\xFB\xC07\x87\xB7=\xEC\x8A\xCA\xF0
-\xB6U\xC0W�X\x8B;>\x8C\xEB\x8D]\xB7\x9Du�x\xE8\xE1\x84\xE8&\x84\xE8\xDD�\xAC\x82\x9D\xF9\xDA�^\xFA�\xC2Äž\xF7\xF8b*\xFB\xA6$� b|Þ\xE7\xFD�\xBB�8f\xB7[\x91\x9DE\xF6\x88\xF0\xDD\xC0+\x9A\xE5\xBEn\x8A\xB6\xF8b\xE9�韾\x96�\xEB\x8AV �\xA6\xCB\xCA\xF2ɺ\xE7\xB1O\xD7Ê— �1v\xCFU\xB6\x9Bu\xE22\xF6E�a\x81\xA9\x8EE F�\xC1�\xD8]G"%\xF1#�\x8Cv\xCFP\xCBG\xCCHNxÂ¥��?\x92A2\xBDzÓ\xB7\xF8Vq\xEF\x94y\x94\xD9/\xBB\xDF\xD8\xFA}\xF8\xB2.�`u x-�FJ\xC5L\xAA|N\xDC`c�\xD4\xF74\x98��0\xC2+\xC00Z�\xF1�Hd#�\x81\xCEV`\x9Ame\x99HH=\xF0\x8D\xCA'Ưˬi\x8A\xCDÓ¬?f\xB5Q\x83\xD5!\x8C\x9C�\xCAì—¯\xADX\xB2\xF8\xE5k�`\xAF\x8D\xCAR\xC3Q+\x86'7�\xAAb\xB7\x9C\xBB9lJ�Ö¡G2\xD3\xE4\x9F\xDF_\xBFbÜ—\xAC,r\x90�Ï…\xE0\xB2�z�\xED�\xF8sWX�\xC8�6l \x84\xF6\xFEG\x9A\xDDo\xD3k\xEF\xDA\xF9kkS5W��\xC7�g\xD8�\x8E\x93/�%\xBE�i\xB2�\xA7,?\x96�I\xA5} \xC9&@\x91\xAF\xE3(\xFA�,ÝŠ\xE73+�\xFB\xA9
-\xE5�gV\x91R\xBE\x92)K\xEE\xFE\x97\xFF}7\x9F\xBA\xAD@\xEC;\xF7`)ij�\xBA\xF5\xAE\xE5\x919\x90�k\xF6\xC9��\x89*��1ʡ`f_\x97\xC5\xFA\x89g\xAF+\x8B\xFD-�\xC2\xD2@<\x9D\xD1c\xE6q<�-eJR\xAB [�\xC2
-\x86\x94@\xE0$F>\xFCr\xE8�`[<n\xC1\x8D\xCE8%\xA1�?
-b\xE7or\xB3\xEA�\xE7\xBCR\xE8Ç#*\xC1Í•\xF6\xA4\xCBP@&-\x94\x9E\xAA\xE2\xCE\xF4�\xA0W/<\xBFu\xE4��\xB15\xBB\xBD\xF5\xA8\xF3\xDA6z\xC6�S\x8DAÛ†l\xFF{\xE5�\xAEI\x82\xE4\xA4|\xF8{\xAB\xDCAD\x9Cb�\xC0\x82"\xF1\xC1\x8E&e\xC77\xE5G\x98hPT�B!\xA2S_\xC5\xD13
-\xEDj#�\x80TI\xD8\xD7o�N�UY���MÍ"=-AWYO\xB1�\xCBZ\xF3X�\x9Ef�=\xC0\xCA�\xDE@(\xE2\xF9\xC0\xE1\xFBT\x81R_\x87\xBD\x91L\xF8\xCB�\xAB\x99 \xB2\xB4k\xB73�\xFC\x98\xF2F\xFC6{\xB3.\xD0�\xD6�Fy\xAE�\xBD\xCF1\xFD\xC0�e;RD\xAC\xAC\x8F�L \xBF\xEF��\xB8M\x83y\x9B
-\xBD\x87\xF34\xA4\xAC��\xE4�\x97!J\xF0踵 �� \xDB\xFA\xC8ڜ\x80\xA4\xC1�OBX$\xF4\xF7\xD1(\xCFT\xBD}we˓d\xF7jj\xF7
-O9�\xAF\xF0Fy\x81\xF7\xE7\x89Ì®1\xE0P\x9C�\xC1\xCA�s\xA1 \xF5\xDEr\xBEi\xB9P\xAA\xA2b\x97r�f�$\xE2\xFB4�\xA7(\xC7\xE1(\xA1�\x9A\xBA\xE2�\xE5\xD4\xD1@\x8A\xFBhlzu,\xDA\xED\xCC{G�\x98\xBB�\xBF\xE7/\x84�eA<q�\x9C<-u\xEC'Z\xA2\xBFH\xFCT\x86\x9A(\xAE\x86\ݦ\xEAĘ@^=\xCD\xD3\xC48\xE3�Ø¿\x91\xC8.�a2\x92t\xEF{z\xFF\xEB.6Ý\xAB\xDE:7\xD3]\xDE_ߟG\x91\xF7\xEB
-r\xBE\xBA}\xC3X\x97\x98\x8E\x85\x95Yܦ.\xCB\xFA�*H"QbjM|ㄵ\xBF,(q\x8D\xC1<�\xFA�\xF8+\xFE�\x8B(�A\x81!\xB3\xC6\xCA�X�\xE1^�c\xA5
-'\xFB\xF5�N\x845\x9B\xA5 at Y p<�}\xF35\x83�\xC5\x{429F38}\xBD{q�\xE6�\x86\xCC\xEEO�\xF9\xEBK\xA9u0\xEF�\xC6'\xE7\xD4�\x9C�x\xF9\xAC\xB2 UA\xE30\xC8\xE8\xC1:lΧ=\xCE\xEE\xF4\x8Cpq\xFD1\xB3�\xB1\xB8XS\xC9A\xEC[\x9E.\xA9\xDA@�\x9D\x95 |-\xFC6ug\xBB�<\xA6\x88
-�ef��\x82\xA2�K=q[\xFEz\xE6\xEEJ\xF8ZIa\xE90�\x8D$\xB5VH\x97U�\x83\x8F�\xC9i\xF0\xEB\xEDu\xA4Lm_ÑB;],-\xB4\x874\xB9Xwev(m\xB5\xBA5\xE5\xDEj\\xEF\xBE&Z\xBBκ\xE6Oi\xEC\xC6\xD9If3جk\xB75\x84\xE3l\xA8r\xB8\xA0d\xAF\xE3T\xE5\xD4 at ci7\x8FUo\xA0\x80\xEB
-�\xD0t�\xC0\x85\xFC\xA1\x8Dcub\xA0P\xDB\xC3\xF3Z\x95F\xB2u
-�\xFE\xABÝ¢\x98$Z#\x9E6\x95\xED�
-\x9F\xBAG5uٵ\xD4$!z\xD7S\x90#\xF5\xE3\x9D�jߌ\xDF\xFB3\x86N\x85\xE9(\x94R; \x81\xBE�0}в\xAE?Y\xA8\xF8d\xFE\x8A\x9B�!\xA4\xEA$\xA5\x93mL\x8B\x9E�\xAD\x94\xCA�n\xA7\xE0\xD0�\xEF�\xAF�O�\xF6�\x91+\xF8\x8E7\x98\xF5�h\x92H,\xC1 �\x81\xD0\xF2\x92\xC7X%\xDA\xDD \xCF}�\xE5\xE3\xDA`\xF1\x84\x88�y\xBD\x83J\xEDr\xC4\xFCb\x8E\xF7\xC1l\xC0'd\xE5ex�'\xC5b\xF02\xB9\xF8|xj@\xA5/\xF5\x85-D/\xA3\x8B�
-\xE2\xCB\xE0\xA2¦\xC2�\x80\xB9wZe90\xD9_\x8A\x8B,_1\xD9�B)zG \xA1\xA2b\xE8\xE33\xC9�\xCAU\xF7\xB9�5/\xD1I��j\x89&d\x83\xAE%:
-\x98\x81m�!ɺ.k\xDB m k8\xE9\xAABQ\xC0\x88SU\xEDQNU\x87~+-#�=^9\xAA\xD7 I� d\xF0\x9A\x98Ռ_tNL#M�@\x8E\xCF+\xA0V\xD1
-\xECR\xE1�8\xA0T�\x89覈A\xC9TY\xC9\xD8q\x96\x83\x93|a\x84J\xE3�\xD6n\xCA2\xF8Ö¨\x90\x8C�<N\xF7\xDD#\xBB\xBEgH.�!R\xE7�\x95r\xCEn\xEC\xF0q\xCC%ÔŒMEÚT\xEA\x9C\xFD`0\xF3�j\x92D\xBA\xF7\xF7\xDCM�P@\x84Q|��q_)\xAD5si#\x95\xD3"\x98p�"\x9Dß”j�\xD7�\xDD���\x93TR\xBA\x86\xF0\xB0�<m\x86\xDD0\x9E\x9DRK\x96
-\xE0\xFB\xE2�pC\x8F\x81RI\xE5ά\x90S;\xDFڥ\xE0.\x83\xBE�.\xA5\xF0z\xCB\xC7 \xDB[\x96\xD4�\xA1\xE9q+\x83\x96rq\xC7�\xC7o\x97\xE5\xD8\xDC��\xE5\xF6\xB2�6$\xE2\xA4Uh��\xB2�\x95HaS $\x99\xFAr\xE2l\xD98EC=\x9B\xEDČR\x8C \xB2}\xC3z\x95\xAD\xA8\xBE \xCC\xCA\xD8P\x8A\x83��8\xCA
-;t\x8Cê›4ß·\xD1a\x90\xD7ÇŠ!\xCAx\xF0\xA7\x92\xCAv\xB9\xD6[\xFC\x9D�o�\xC3\xD2d9g@@Bm{\xE4d\x87\xEC�yPXv2p[\x93\x91\xFA\xCF4\xBE\xFB6Ϥ\x9B\x84qÈ…\x9A\xE9m\xB9\x95\xD5Njp\x93\xCFF|V�\x8DJG*�\x90\xD5l\xAD<S\xADK\xA8\xB5r\xC6S\xCD�\xDF\xE6s7T�0^�\xA8\xEF\xD6\xD8Yk
-\xB0\xBC\xC1̣\x81|\xA7q�\xC6!_cBP\x96\xCEL\xB4kpk\xE9\x92({�Η\x98\xA5s\xAF\xB3
-\xD0\xFB\\x95\xB8[\x93A表\x9D8�\x9D\xF8\x89\xEC\xFB��\xE9\xE6\xAA�t�\xA1\xABgі
-5\xA7a�wY\xE5b\x87œ\xC7\xEC\xD9|U\xDF\xF9�\xB4
-��\x99I\xF1Hn\x8A\xA7z\xA52\xF9\xBF��y\xB4e\xC4U\xE0h\xF1\xC0\xF9\xE8\xAA?\xD7�\x8E\xFD \x92\xF2\x9B\x{1BFB59}\x86\xD4}\xA2A\xD6G9\xF5q�\xEC4�\xC2b\xA0o\xEF�I\xAFKP\xEDoZ\x96�È©\x99&YM\xB7\xDBe\x87\xE2wWQ�\xD5 \x87\xB1\x97E<Z\xD77Ý£\xBE��\xA7\xE0\xF2C\xFD\xF7[=\xC3\xCF衯�v*\xF1\xA7\xE7T\xCF\xFDT�\xFF\xAC\xB2\xFD\xF0�\xD3ï\xF6*\xF1\xA1\xC6 \x87\xA6\xCFX\xF3\xFAæŒ|\xE4\x85���\xDF\xFCl.�?\x94qO5:\xFA\xFF�<{aEendstream
-endobj
-1626 0 obj <<
-/Type /Page
-/Contents 1627 0 R
-/Resources 1625 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1620 0 R
->> endobj
-1628 0 obj <<
-/D [1626 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-446 0 obj <<
-/D [1626 0 R /XYZ 56.6929 474.28 null]
->> endobj
-1629 0 obj <<
-/D [1626 0 R /XYZ 56.6929 446.6886 null]
->> endobj
-1630 0 obj <<
-/D [1626 0 R /XYZ 56.6929 81.8965 null]
->> endobj
-1631 0 obj <<
-/D [1626 0 R /XYZ 56.6929 69.9414 null]
->> endobj
-1625 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1634 0 obj <<
-/Length 2586
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�]sÛ¸\xF1Ý¿Bo\x95g"�\xBEI\xF6\x9E\x9C\xC4N}sq\xAE\x8E\xEF\xA63n&CK\x94͉D*"e\x9F\xDB\xE9\xEF.�\xA0H\x89\xB2\x94\xD8\xE9t\xF4\x80\xC5b\xB1�\xB0߀Ā\xC3O�bøJ\xF4 J43\\x98\xC1x~\xC4�\xB70\xF6\xEEHx\x9AQ �\xB5\xA9^_�\xFDt\xA6\xA2A\xC2�+\xED\xE0j\xDA\xE2�3�\xC7bp5\xB9�\xBE\xF9\xDB\xC9oW\xA7\x97\xC7#i\xF8в㑱|\xF8\xFA\xFC\xE2-a�j\xDE|\xB88;\xF7\xFB\xE5\xC9q\xA4\x87W\xE7�.�}yzvzyz\xF1\xE6\xF4x$b#`\xBE\xF4�vL8;\xFF\xF5\x94\xA0w\x97'\xEFߟ\�\xBA\xFA\xE5\xE8\xF4\xAA\xD9K{\xBF\x82+\xDC\xC8×£\xEBO|0\x81m\xFFrÄ™Jb3x\x80�g"I\xE4`~\xA4\x8DbF+�0\xB3\xA3\x8FGo�\xB6F\xDDÔ¾\xF3\xD3\0!\x8D�\x8C\x94f\xB1���|V\xE9\x98E<\xDA\xF1Y�\xBC�\xF02f7/\x9AÇ\x97�ÃŒ.\xAB\x91P�\xD3&B\xF9J\xC5"k\xE3F\xBEZ\xB4\xE4+\xB4b\xB1Rf��\xC1\xA4�Ù£\x80\x97\xD94[.\xD3�\x9E\xF4OgR\xB6&\xC0�GFG\xF0�$\xBC\xBA\xCB at 4 \xAEb5\xBFÉ–�\x97Sl\xD5py,\xE2\xA1\xE7T\xD1P�\xE8i\xAC*g\xF7a�a\xC6Y~\x9FM�\xB1Õ\xABÛ»�\xAE��H�\x96�#\xDD\xC7\xCBU
-\x84:\xF1\�h\xB8\xAE\xEA\xBC,�\xB7 &㬪@ϔ\xE0\xC3\xF3bcZzS\xDE{0\xFB3\x9D/fY \xC8+\xD2<h;� ;\x90\xAFh\xF4\xE1.�\xDF�\x98\xD2�\xA83/\xAB\x9A\xA0Y\xFE%\x9B=�<.瞶\x98�\xE0?\xCA`\x84m*\xB7�\xED�\xF1\xC9A[\x8E\xCF\xD3
-\xD4B�\xC6<�\x99\x84E\x91I\xBE\x81%͈w\xAB\x9B\xB5\x8A% O\xF6\xA9\x9B0\xF8�\xE9Õ\xAA\xD3e}\x98\xB6\xC1g�mC�\xB5
-\xDB\xF1\xE3x\x96U�\xD7wi� ?\xA5\xABpnh\x99\xA3\xA6\xAD�\xE7e\x9D\xF5\xE9Y\x95-a�\xB06\xA0<\xC8\xD8pR�\xB7\xDE\xCE\xFE,طM\xAC_卵\xA7yѳ-\xCDY\xA2\xA5\xF1d\xFF*\x8B�TS\xF08q\xBA\x89\xEC\xB3�5
-?\xE8\xF6E\xA0\xDB�\x8E\xD2z\xC9(`�\xC8DH\xD1\xD5\xCDÆ´\xAC\x80
-��Td\xF0\xB1\xF0)\xC2}]e\xCBG�\xFF\xC9
-_\x94U\x95\xDF\xCC<\xC6��Lˋ[\x9A\x98ר\xECV�'\xD9�\xF0\xBD�\xD9�;۳~\xC1\xD24\x86\xB9(\x8B*\x83\xCF ?\RK\x9BE\xE8KQ>�4\xA5H\xE7�!\xE9\xFC=\xE7\xE9\x9A\xF3\xF6\xF1o\xACg\xE7\xF9+0 ce\xE7\xFCw\xD9][\xA1\x9Fg$k\xBB�SN\x9E\x8CT[,Ì\xDDv�:\xC5cn\xF7\xD8�\xB8�f\xA5Tn\xE3_\x97\x8F \xE3�\xED�\x82\xC3\xDA\xCB[\xE9%\xA1\x9C"\xE5YE\x9D:Pn\xF8w\xA0w_rci\xBD&ޖ\xA1\xE4\xE0�\x94N\xF6\xD9Ш!\xEC\xE8\xFD�a\xB6N\xE9y'\xFFc\x85),��\xF1|J\x98J\xA0\xE5\xBB}\xD7\xF9<Àx\x98,!\xEFjd \xB0\x93\xA5\x91\x81IE\xD8*/ƞ\xB8�\xB36\xE4\xDA`\x9A\xB8\x8D\\xEEz\xDD\xE8,
-Ñ°\xED
-\x9E\x90U\xEB�^JV? \xE0�ca\xB6\xD6\xFBd\xC5#�s�\xF9\xA3\x98g�F;a\xD7\xD1N�\x8Av\x80s��\xA6\x89N\x88\xA6p�Øp�C\x93\xAC\xCEƵ\x8Bx\xD0K\xEB>�\xF5[\xA4\x88�\xA4sr\x9FA\xAA\x84)É£nP\xB3\x9C�O \xED\xD2Q\xE3\xC6�Ƽ
-\xDB\x{162C07}\xF1 at i;\xBCɨO\x9BD(\xCB}\xB0\x83\xC36\x89J\xB6\x96\x8D|\x85�\xDE<R\x9B�\xD8*\x88H\xF7\xE9,\x9F�\xB2\xADv\x84)\xFD\xB4\xB4"\xF2\xB4C\xB8\x9A՞lJ\xED\xAC,\xBF\xAC�\x81s_F\x88EP\xF2�䦀\xEBd\xE29y\xC4$\xADӛ\xD4}�z�vO޾\xC6p\xF8\x8A0�\xB8�J�\x95Ra\xFBJ62\xEE�Y'\xE1�C \xCD&\xBBM\xAA\xAD\xAB/�\xCB�\xC1�\x9A\x94N,\xB3"\xDE�\xCB�\xAC\x81K`\x84\xE7P\x80&-\x97\x87�\x95Ҳ1*\x84\x9D|\xA1E�X+�\xE0�+B\xADU\xC1#(\xB5$ȱڌu\x8EQ1\xEAӎq\xB9*j/b\xE7+-\xAA\x91kA)\xC0%\xFBt�\xFA\xEB\xA8j,�Lcw\x99\xA7\x89\x98\xD5�\xD8g\xCC4\x9Cq\xD7>\x95\x8C\x86�\x8A\xCCg\x92p\xEE\xDC\xD8
-낪d\x8E \x9D\xD2��\xCCi/@d\xC1:\x9C\x82n\xE7Ю\xBF6\xF7 at l\x86\xAB\x82\xA8 at MÓ›\x99'\xC42h\x87/�å·›\xC7\xDB`\\xC8q\x96e\xC8\xDEa\xE4\xFC\xCD\xFB\xDF�\xDA\xFE� \x83\x80=\x9FyV\xF5Ê©Jo\x9F\x88Km\xED|)#\xFA�u\xBF\xB6��_\x89=F\xA4\xE3\x98A%\x82Û¾I'P\x89-�\xB3!�\xAD��\xC2hCØ®\x8A\xECÏ…\xF7\xE9\xD8o;ÝŠP\xE8\xF8J\xF2\xD9\xD8�\x8B*\xF6\xE7\xF2;Bf\x88\xF8\xB42*-\xB4�.\x94`\xDB\xD8�v(�E�\xE3\x84#\xA3x)\xB6\xE2\xA5pF�Hz\x8C.�LKmH\x96\xDA�\xDDK\x95\xFA�\xD2�\x8C·\xB3�3vk\x98\x90,Qr_æ£d*Ö¤c\xE9\xE4\xE6�7}\x96法\x97 \x94\xBC\x89q\x8E\xD2$\xA8<\z?\x89\xE8\xB6\xD7\xC1~\xF0:HÚŠ\xBF\x81�j)�=\xBB|\x8C\xE3$nyR\xF0'\\xBB5*\xEE\xAB D at xg\x84\xFA�h�o
-H\xEFM9]\x99\xD1L\xE7*\xB9�7N\xA3\xF0\xAD\x8E\xFA\xF8 d\xFD����\xF7�\xFDp�\x91�\xBA|Ć\x8A�\xA1I\x99�\\xE9�ݥ\xF7~0-�=\xD0_巒\x9Au2?.];\xA9\x9E\xD0ꖺ<O�\xA8\xDFTQĸ\xB5\xFB.\xB04\xD7\xCCXE\xC9\xC74/&SP\xD9o\xD4k\xBCj\xA12\xBA\xED\x80\xFC-\x8A舴{�"\xBA\xBA\xCD(�\xB9\xA2\xEBJ�
-m\xDA�X\xCB:\x9DQB\xB1\xAE�\xAD\xAF�\xA3ᴻD\x97v4\xF7\xB0t\xE5\xEAS��l]\xB9��\xE5ڟ�\xB9{\xD8]:\xD2>\xFC\xFFcϧd\xC2\xC0\xF9\xCB=:\xA2l\xCCl�\xD3e��"ߣ"qL\x92\x89\xA3\xE1ۋ\x8F�O\xDF�Ε5)�9�_K9\xFC\xE38\x81\x8A# \x89h\xBA\xC5*T�=jA\xC9)\x96\x87\x91\xDA�\xB9�w\xF7:R["\xC7\xC1\xD6-;�a\x90w\xCE�Gg\xF9\xBCW�r*\xFD\x8C\xA1\xD2�\xDB^\xC7l at 0\xA0\xCF�T\xA0\x9A\xAB\xA4\xE5\x97Cq�C\xC8\xC7}(L\xB5aK3\xFFٲ\xC0+O\x84\xEE\xD2\xC5"+�\xCE\xFB\xF2\x91Q\x9C0|\xEE9,Bx\xA5\xA4\x95<\xA1\xEF-Ez)\x9F\xB8~\xB4\xFA\xBE\xE7\xA8\xE7=b \x9B0�I|��\xB05.ۯg[\xAFh\x8A[\xD8M�A\x9E\x94@�ã\xF53d\xE7<\xC3�\x9F\x8C [\x8D#\xCA%N\xDC=b\xF0E\xD6�'\xD9\xCD\xEA\x96p\xB3\xEC>s\x8FN\xD6x�k\x87\x8A\x9ArI\xE8\xBB\xFC�sPPO\xBCَ\xF8\x9AO寞]\x85\x80\xC5 at E\xBD\xD43\xAC\xEF\xCA\xCA�\xD0]\xA6 sm{
-\x82\x86\xDCR<uS\xAC#\xBE\xBC\xBDue �LiQ\xB08\x97�\xF7\x98JS\xBA\xF8\x8A\xC7e\xCD�\xFAxzy�J\xFB\xC7�n\xE5\xE4\xFCWF\xC5\xCD�\xA5�DZ�Td\xB7\xE0�\xEE=~#5GT\xB5›xWQU\x9E\xCD?\xDE~xr~\xE1\xB1\xEB\xFB \xE3s\x87\x86\xD1-
-N\x9CI\xB78\xB4V\xDE\xE3v•�k�\xF1�\xE9\xBB\xE4\xAB\xFF\xC7\xF2\x95/#_\xB9-_\xDD\xC8W\xF7\xCB�п�\xF8\xA8�\x88=\xE0_2��\xA5\xBA\xF1\xD7�\xCDB�T\xAF(\xC5[\xEF\xDF\xCDn\xA4\xAB\xD7\xCB\xC7�9\xB7|D\xB6�Ho(�\xEB\xD3ګ\xF6�\xAAko\xB2q\xBA\xAA\xB2\xF0�\xEA\xDFD\xDBUc놘\xAE]\xE8f\xAB�\xF3\xA9\x9D\xE4S\xA4\xC1r`\xEC.\xEA�\xE9�\x94p\xD0� \xBF\xEB\xE7\xF9\x84\xA5\xC9WW\xCB\xCA\xE7+\xDC��\xF3^�<X\x90\x8A+� \xA6D\x86'n7\xF8W�!\xF0\xA5\x8E\xF3\xE1\xECa\x99\xF9\xC5}\xAC\xD3:\x9B\xD3\xFB�\xFEMa\x99\xCE\xE7i_\x91�\xFC\xA4eI\x94\xC8�\xA7Ӭ\xF2\xD6\xF3p�J\xCDZ\x8F^\xB2\x93n\x88�\xD2��\x82
-\xAD\xAB\xA7R\x8E\xA0
-�IF\xD5]q\xFB\x90\xB6#_\xA4�:f\x9A\x89EÄ„\x8D\xCBb\xDA\xF3
-+�(\xB9i\xAAq.g\xD9_\xFBb\xA9\x84\xF2YĪm\xED\xFE<\xF1\xC2\xF8\xDFN\x95Bi\xDF1\x93k\xA2\x98\xE5U\x9D�#� MpM\xBE\xF8\xEC\xF2b׹^\x94˺\xC1c\xE7�\xF5~v\xDC#\xC1"\xB5\xF1fz\xFDml\Ø\xBF\xE5\xF6\xE8\xFF\xFC�\xBA\xAE|\xEB~\xA6\xB3\x87\xFB<{XC\x9F\xF1`;sy\xEF\xAC*K\x97\xE8\xA3[ۦ,\xE43\x95w\xAD\xA5]?=\xFC\xF4\xCAy\xEF\xD1�\x93\xB2\xF6B\xA2ڡ=\xA7\xEF?9\x90�\xE1�iz\xFEA\xC3�C{\xF6\xFFu\xD6fҨ\xE4\xB1\xECO"\x9Ad\xC3/
-\xF7e\xC4\xE6\xCA
-T\xDC&\x96Q\xCF\xD2\xFF�Z\x86�Tendstream
-endobj
-1633 0 obj <<
-/Type /Page
-/Contents 1634 0 R
-/Resources 1632 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1620 0 R
->> endobj
-1635 0 obj <<
-/D [1633 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-450 0 obj <<
-/D [1633 0 R /XYZ 85.0394 189.8991 null]
->> endobj
-1636 0 obj <<
-/D [1633 0 R /XYZ 85.0394 163.5217 null]
->> endobj
-1632 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1639 0 obj <<
-/Length 1989
-/Filter /FlateDecode
->>
-stream
-xڥXKs\xE36�\xBE\xEBW\xE8HW\xAD0 �\xBE6\xA7Ɍ=\xEB\xD4\xC6ٵ\x9D\x93\xE3r\xC1$$\xB1‡BRv&\xBB\xFB߷�
-R\xA4D;v\xA6\e5�\xCD~~\xDD (\x96�\xFE\xC42�Y\x98\xC8d�%\x8A�\�Ë´\\xF0\xE5�Ö¾,\x84\x93Y\xF5B\xAB\xB1\xD4\xF7\xB7\x8B��~\xB4LX�\xCApy\xBB�\xE9\x8A�\x8Fc\xB1\xBC\xCDî¼Iv��\xB8\xF7駫\x8B\xCB/?_<\x8B\x94w{\xF9\xD3\xD5\xD9J�Ü»\xB8\xFC\xE79Q_\xAE?\xFE\xF8\xE3\xC7볕\x88�\xE1}\xFA\xC7\xC7Ýž_\xD3R\xE8t|y\xF5\x998 \xFD\xBC\xA0\xF4\xFA\xFC\xE2\xFC\xFA\xFC\xEA\xD3\xF9\xD9\xFD\xED�\x8B\xF3\xDB!\x96q\xBC\x82\xFB�\xC8o\x8B\xBB{\xBE\xCC \xEC��\x9C\xF9I�,\x9F\xE1\x813\x91$rY.T\xE0\xB3@\xF9~\xCF)�7\x8B�
-G\xAB\xF6\xD5\xD9\xFC Τ�ʙ�*1\x97\xC0 a\xA1/}\x9B\xC0\xFF}\x871|\xB8\x90b)�K\x82@\xA2(_\xAET\xC4\xE2\xD0�\x86,� \x99\xE3\x9C{\xC5scZ\xCA\xC3M\xA7;S\x9A\xAA\xA3\xC7\xCF\xE6�\xCEe\x95wy]�GW��?\xB7zc\x9C%9\xF2 �ɀ\xC9DD\xD6\xD0\xED\xD6�\xEE�\x84D\xC2\xE2Ha\xBC(C\xF6OUI\x80E\x82\x99\xB2R\xED\xC15_
-/\xAD+\xF4m\xB3o\xCED\xEC\xA1\xFF\xC8\xED\xC0\x9C%*]Z\x8A{\xADi\x9EL\xE3\x96k\xFA\xD5E\xDBS\xA9ӧ\x9D�M?E\xBE\xD9v\xCF�\xFF�Ù\xA9�\xA7lP�8B\xB0I\xDF\xFB\x85�\xFCƘc�\xA9D2\x95\xF8\xCB0�\x99\x8A"\x81\xB5\xA4\xB5f\xB3$\xE2zT\xFC^|5\x96\xB7\xB5\x9F$\xE7D+\xE6\xE8Ƥ+4�Z\xFC\x80Ŝ\x83\xBE��\xB0Nu�\x89\xF2\xA0D\xC7~\xC61S!\x8F\x97a�\x98\x93"\x99\x85f/\xB4�K\x9Dzw\xA2�\xAD3H\x90 \xF4$�aA %oJ\xFD\x95\x88G\xCB\xF0\xBDr_t\xF9\xAE\x98\xC5�\x8FY\xA4\xA4\xFA3\xF0\x84,\x96\xA1:�OKv�\xE8ɫ
-\x99\x9CT�e\xA6�G�U\xBC%\xF9\xE7\xBC\xDB�;\xCB\xD7(\xBAv!�Bm D�1\xDF�\xA3i vV\xA8ޙ\xA6\xCBMˬ(􌈙\x88\x84|\xA5g$g��\xE9\xA2\xCE\xDB\xCET+\xA8\xE6i\xE4\xCAg\xD1\\xD3\xF8\x81\xD7\xEEL\x9Ac\xE0\xB6_\xFCТ�\xF8\xA8\x8E�\xF5\x9A8:\xCB\\xFC-\xC9��޶\xFDQnW7]K\xF5ĵn\xAB\x9D\x82n\x9B;\xF9\xBC�\xEBUj\x8E�\xF7�\xC7\xFD�\xEBd͡7\x84�T2M\xDC\xD0zBx\x996%"�\xE9v[h\x9D\xA6f\x87
-�w
-ۛ�\x8B\x8E\xABu�\x8D
-=\xE3]\xAE\x89Q\xD5\xF4\x8B\xC1�\x95;\xD1C\xA2\xB2\xBFa\xB7\x87#\x99D
-\xB2\xD0�\xEF[\x93�ivY at M\xA3
-\x90\x81\xBE\xE266\xEAۺ̻Κ\xC2\xD1:\xF5�9\xCFyQ�\x85
-bç°Ô¸a\xDCOg!#�0a\xC2i"\xA7\xED\xF6'\xC5�\xD6\xFC\xD7\xE7\xB3JB\x87\xA1\xA7\xDC<\xCF5\x98B\xFF\xA3S\xA0\xC9\xD8\xF7�\xF3*k\x89\xA4T u �>! \xF0W\xD3O\x91\x9F o\x84 \xE4M;�9}\xE1\xAD\xE2z\xA2\xC0\xBA\xE9\xEC\x{116769}\xCFW7D\xE0\xAE\xD0\xF6�R1�\x88hZ\x88\x9DN
-\xE6Î=\xDC!\xA4�4B[Z\x90�"\x9C_\xBB\xBAj
- A\x81\xC0\xFD\x82��\x9D��\x99\xB6k\xCEbo\x9FR\xA5lS\xF4Z\x9DPk7*\xA4J]U6N\xECË–x\x9A~\xAA\xBA)\xB5\xD3N\xC1 � \xD2|\xED_\xEDÒ\x9Dd\xB2o\xC1 \xCAä¡\x89\xB4\xDB���\xABj\xC0\xAA\x9Ab\xD5\xF7z\xF6�\x9D\xBE\xCF\xDD��Ë™Yk�\xD3$C\xD9G\xAA�\xBB\xC2\xF6NB\x87�\xBB6\x98�\xC6\xFF\xD8�\xF5\xA3:\xD2�\x89u\x8E;�tE+\xA6\xA1Y\xDA�\x86g\x82\xEE\x9A|\xB3qÖ²w\x8C[h�\xA1\x92�\xDEF7\xE9v\xA6�|\xC1\xA4Rj\xA6�Tl\xE3\xC2_\xE8\xE5\xFCI��\xDF"W%6\x953\x96Ag�\xFA\xE2\xDBL\xBB\x9D\xE1\xF8\xBC8\xEC��L\x97~hls1 \xEAz\xC6@�\xB0P\x89\xFE�@\x8D\xCF�\xEF\xB2#\xDF\xDD>\xF6\x94g\xC6E\xA9\xE9\x87\xF6�\xA4\xEA5u\x9A�\x82\xA2H�\xCD\xF3\xAC.5L�7\xE0\xB69\xC4H\x93\xADG\x86}\xD8\xEDL\x95\xF5c\xCE\xE6m�\x90\x85\xEE\xF2''g�\x9B\xC8\xDC\xCDBl\x8F\xF7\xED\xB0Pr ��n\x95\xD5\xDD\xEC\xB9"bI\x9C\x88\x99\xAC�\x84}��Ó‚�\x9F��^)x�\xA9\xF0M\x96\xE5�\x96_\xA8w��z\xFFR\xC5\xE1Xk+�\xE0\xE8\xCA\xF2�\x8C\xB6.&;\xC1\x80_\x82mṩ\xEA\xE3U\xC4��ǵ\xCE\xCB} \xCAT\xE8U\xFB\xF2\xD1\xEE\xE2*\xA2#�\xF0l\xBC\x96\x83\xB5C\x8E\xA6\xC7i\x9DI�AC\xAB\xFA�\x8D\xD4p��\xDEni\x90\xC0Z\xFF\x9EvF\xCC\xEFt\xF8�\x96\x9D\x9F\xC4-\xEA\xFA\xD7\xFD\x8EØf];4\xCEl\xDAؘ\xB8\xD8�w\xA7;G\x99\xA2?k\xBE�h\xF6\xC2%
-\x8E\xED \x8F\xD5\xE1\x92\xE6\xBBKZ\xA9\xE1\xC4\xD7\xCC_Ӿ4\xBA,\xC1\xCC)�Pc�c"\x8C\xAD\xC6AIȹ\xCB�RwtN at 2\xDF=\xE0\xC3==\xFD\x87~\xF0\xE4G\x94S\xF0 at M\x8E\x9C\xFF\xDA\xD4\xE0m#�\x82\xA3\xAA\xEF�\xEC1\xF2u�w\xBF\x9A\xAFD�q?��D}\xE7\x84�cnm\xFE~\xBB�<8\xB9\xE6\xAA7d\xF0\x8D�]\xF1\xF2E\xB7\xD7>3\xA7\xE1�p8Ma\xE6z`�E\xFDL$\xE2\x8Cx\xF4\x93\xD6e\xD9{\xD2�\xE7\xA4=1�G\x81\xF43\xB1?��\xDD\xE6\xC5W\xA2q�v\xAB\x8E3ܫHs\xB7<\x8A\xB6-t?S\xFF\xA8+7>O\x93\xEDBrp\xF5�\xC9�\\xB2\xEB�\xA6\xF2
-p}\xFD\xE3A\xDE�\xF5>Úsn\xE3tL�\xF3\xC2x\x!
85ɯ��\xB8�\xF4\x9E\xCD�
-\xC6%�s'\xDAѶ2ؘ\xF4Y\xE43\x8E7�7\xC1\xA1\xB3\xB2\x97fl(\x99�\xC3\xDE�\x84]a\xFE>\xA3�\xEEɜ�I�N\xB7\xAE!\xB1ԟ\xD8|\xD2g ~\x9B\x9A4\xDF�I\xE8\xAE\xD3\xE9v\x95\xC2?\xD7\xEC\x96|@�]o\xDD\xCF�\x9B\xDC\xEBxݵ-1zx\x80C-\x9C5\xE7\xDF�㷷u\xDB�\xA6L\xFF\xF4\xEA\xFB�\xEBt\xDF^\xE5\xD9\xF8\xF1!\xCFޮ!\xCB�\x93vu\xE3&�\x8E\xE8WB\x9F8�\xD3h\xF5\xBE\xD7'\x96\xE14�s#[\x81\x9A\xF6[\xF4X,\xAD~�\xEF�\xA1\xC3�6m\xABw9\xFA\xD1\xE9\xC7\xF7\xDB�\xEBH�\x93AC\xE4x�\xB1z\xA0
-i\xBE\xD3\xC5[\xF5\xF4۷-\x8D\xA5\xDF�I\xB6�o���d\xE1S\xA7߂��\xFE\xD5:/\xCC\xFB3\x91\xED\xCB\xDD\xDB_\x9D\xB8\x8F\xD7a�\x84\xBFf\xB95iS\xC3!\xE9\xCF^\x9F\xFBp
-��\xBF6\xCF|\xCB\xE3\xC3H\xFF\xE6\x8Fڇ/\xFE\xB0\xFB\xFAq,\xE7\xBF
-\xCA�&q�J\x9CS�bp\xF2�r\xF8\xFA}\xEA\xFA\xFF�\xF5\x92\Fendstream
-endobj
-1638 0 obj <<
-/Type /Page
-/Contents 1639 0 R
-/Resources 1637 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1620 0 R
-/Annots [ 1642 0 R 1643 0 R ]
->> endobj
-1642 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [491.4967 682.6714 511.2325 694.731]
-/Subtype /Link
-/A << /S /GoTo /D (lwresd) >>
->> endobj
-1643 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 670.7162 89.457 682.7759]
-/Subtype /Link
-/A << /S /GoTo /D (lwresd) >>
->> endobj
-1640 0 obj <<
-/D [1638 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-454 0 obj <<
-/D [1638 0 R /XYZ 56.6929 731.9325 null]
->> endobj
-1641 0 obj <<
-/D [1638 0 R /XYZ 56.6929 701.4683 null]
->> endobj
-458 0 obj <<
-/D [1638 0 R /XYZ 56.6929 475.6865 null]
->> endobj
-1644 0 obj <<
-/D [1638 0 R /XYZ 56.6929 450.9966 null]
->> endobj
-462 0 obj <<
-/D [1638 0 R /XYZ 56.6929 381.4304 null]
->> endobj
-1645 0 obj <<
-/D [1638 0 R /XYZ 56.6929 350.9662 null]
->> endobj
-466 0 obj <<
-/D [1638 0 R /XYZ 56.6929 317.4209 null]
->> endobj
-1646 0 obj <<
-/D [1638 0 R /XYZ 56.6929 289.8617 null]
->> endobj
-1637 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1649 0 obj <<
-/Length 1111
-/Filter /FlateDecode
->>
-stream
-xڽX\xDFs\xA36�~\xF7_\xC1c\xFC \xCA�c\xC3\xF4)\x97:inz\xB9\xD6u\x9FҌG�ak"$N�\xB1}\xD7\xFB\xDF+,\xC0\xE0\xE0�\x8Cs�\x8F�\xB4\xB0\xDF\xEE~\xDA] ن\xA5~\xB6\xE1{\xA6\xE5�#c�\x8CLϲ=#L�\x96\xB1R\xCF\xEE�v\xF1�(_�\xF5\xB7>\xCC�\xBFܺ�#0\x83\xB136\xE6q
-\xCB7-߷\x8Dy\xF4xu\xF3\xFB\xF5\x9F\xF3\xE9l��Ϻ�\x9BC\xE0\x8D\xAD\xAB�\xF7�\xBFiI\xA0/7\x9F�n\xEF\xEF\xFE\x99]�'\xA3\xAB\xF9\xFD\xE7�-\x9EMo\xA7\xB3\xE9\xC3\xCDt�l߳\x95\xBES \x9CP\xB8\xBD\xFFc\xAA\xEF\xEEfן>]φO\xF3\x8F\x83鼊\xA5�\xAFm\xB9y _�\x8FO\x96�\xA9\xB0?�,\xD3
-|\xCFب\x81e\xDAA\xE0�\xC9`书7r\xDDRB��\xFE\xAA kO\xF7\xAAm\xFCy\xAEoz\xBE3i!pd\xD7�\xB4-\xDF�F\xC1Ęx\x819v�w\xCF\xE0\xE3�\x8C-\xEBJ !0\xA3\xE0�\xEDbL\x90�\xA6P\xAE��&\xE8W=~\xCA\xE3UF\x81m\x9B\x81\xE79' r
--T\x83�\xFA\x90\xAC\xB4L\xDD0\x8E\xE5:Y\xE0\xA8�®C$(��J,$�\x85�\xED\x90X0\xBE\xA0\xAC\x83�
-uÐ\x85�G\xDD5�\xCEs�f\`\xBA\xEAi\xF9b׿2\x8A\xC0\x99\xFC5"\x80\x99\�\xBA\x8DX�1=\x9F\xFE�ABX�%�*
-\xD0�\xCB���\x92,\xAD\xDF/X*UZup?\x86\xCF�\xE0/�\xE2\xBB\xF3
-\xC7H\x86k\xB0"�\xEA\xA1K2\xB1�9\xFD"\x8F\\xAC3�\xB1
-=�\xD6P�\x90�\x84�#*{T\xC0\x9A .)\xA1# \x90\xC0\xAD~@\xB3d\x89x\x97�\xC6�'\x90 \x8EDʨj
-=\xEA8#�\xA7�\x810\xCF\xFC� \x94I��'\x81�\xFE\xA7/h\x9B��\x96�Z��($\xE2j
-ɮ{\xBD\xB3�\x95‘\xCARE4�8\xEA\xA1�\x87\x8Ek\xF9@\xEERd\x9F\x9Fd\x99PU�\x81\x941\xD2cjTg\x90\xEA�\xF06\xE6` E\x8Fr٫Ɯ% \xC2q\x8C8\xA2a9\xC9\xFFZ\x9E\xD5>azn�"A\xE0�R�v\x87\xA0#*�
-�\xA2pIz\xB8\\xA8\xBF@\x82#(\xAB9?\xED\xAEj\xA5\xEC\xB4kmØ„\xB1g\xA8\xF2��\xA0�P%v\x8EbÛ\xA9\xA2\x9B4ã¤w\x8E,\xD5;\xBA\xE4\x99\xCA<H\xC35+\xE8\xAC?}\xE5386\xD7\xE6{\x92C.\xD5â“—�z\x8DzNz�\x900�Q*\xD5*\x92b\x8Ez�I\xCC\xF8�\xF2\xE8\x98̼\xB6���c.\xE4\x89\xD8\x88\x8Cx\x91\xB3\xDF\xF4\xA5L\xEEt�\xA3\xA8`\xF61e\V\xF2|\xF0\xA4G\x85�\xD34K{\xFB\xCB\xF7.\xFCd\xAA\xB9\xAA��>+\xBA\xF9K\xE5\xC6I[\xDF\xF6`\x8Ek�\xF9\x86\xB6�Ñ�=[\x8B\xC3\xC6\xEF$\\x99\x84�\xA5�\xD7-\xF6\x9Cæ’…"\xC3�X:ÚŠ\x9A&'\xA05\x8E\x82\x9Ap\x8D�+\xB55\xE3�ß©\xF6Ñ\x94KV\xCD\xCF�Ô©d\xA0Í”\x82\x984�xE�G\xA7
-\xEC�\xDE~�Q\x94\xA5j9
-�\x8F^\xC5u\xA1q\xEB�<&\xDBw4\xB6\xC1$
-\xABz=\xA7_h}\xB5*\xA1\x95\xFA\xD2\xE8\xB1\xF3+\xA3ջ\x8Dw\x8CY\xF0\x97\x9Fk\xB3\x85'\x81\x97D}\xA2\xF4eI\xA4\xF1\xBB�\x94Hl E�\xBD\xABn4ڣ�\xB7K\xCF,\xE0j\xBB\xC2�+oW\xEA\xB3u\x91@\xB5\xFB_�\.�\xDF;\xFBX\xFB\xDCx[LPn2\xFA\xC1ڧ`C\xA8\xA6\xF2\xA78\xBCG\xBE\xD0\xED�p\xC9!�qټߌ\x8D\xA3\xED\xFB\x9B\xB9[\xE1\xF6b\xA2\xED,\xCA\xF5\xCC\xFC \xA9\xE5\xE4Ȫ\xD6\xE1\x8Bϩ�\x87x\xA3\x89\xE9\xFA\xBES�A9N\xED�ʵƦ\xEF�\x93ҩ<|\xCF=\xF6\xBC:\xD0z\xED\xFA\xFF\xA1\xB6g\xE5endstream
-endobj
-1648 0 obj <<
-/Type /Page
-/Contents 1649 0 R
-/Resources 1647 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1620 0 R
->> endobj
-1650 0 obj <<
-/D [1648 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1647 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1653 0 obj <<
-/Length 1184
-/Filter /FlateDecode
->>
-stream
-xڽX\xD1r\xE26�}\xE7+\xFC�\x9D\x91*ɖeM\x9E\xB2)I\xB3\xD3Ͷ\x94>\xA5�ƱEp16k\x99d\xD9n\xFF\xBD22\xD8��6\xB0�\x86\xB1%Y\xE7\x9E{t%] �H\xFD\xB0Amhs\xC2
-\xC6-H�\xA6\x867\xEB \xE3E\xB5\xDDup\xFE
-X�\xCA_}�v~\xBE5\x99\xC1!\xB7\x89m�\xC7%,�"\xC7\xC1\xC6\xD0\xECÚ\xC0\x9EB@Ý›\xCF�\xB7\xF7w
-\xAE{\xCC\xEA�\xEF??\xF4 \xA1\xA8{{\xFF[_\xBF\xDD
-\xAE?}\xBA�\xF4 v(\xEE\xDE\xFCz\xFD\xFB\xB0?\xD0Mv\x8E\xF1\xE1\xFE\xE1�]\xC3\xF5c�\xE8\xA0\xDB�\xF4�n\xFA\xBD\xA7\xE1\xC7N\xB8\xF1\xA5\xEC/Ff\xE6È—\xCE\xE3�2|\xE5\xF6\xC7�\x82&w\xA8\xF1\xA6
-�bΉ1\xEBXÔ„\xD42\xCDuM\xD8\xF9\xB3\xF3\xC7�\xB0Ôº\xEAZ\xAB�F\x90\x986\xA9�\xD0\xC2%���m\xA4\xA0�\xE5\xD06\x89\xB9�\xF0\xB1�l\x84\xBAn�\xC6o`1\xF7\xDDT\xE8\x9A\xF3�\xDFO\x84\x94\xA3\x99\x9Bz\x93Q�\xC8T\xD7\xFFw\xA5\x9FO\x99�\x8A�\xC0�rJ\xC9>P0\x8E\x9377\xF1\x83\xE8\xE5b\xF89\xB27�\xDE�L\xE5T\xD7.\x85�\xC5\xC9(\x8A\xEB�p�\xC1\x8F\xA4��P\x8F\xA9Xf�q�.�\xC1\x90��\xF5_$�\xA41�"\xFD\xBE�\xA5\x8BW\x87\xA0\xD2d Ro��1V\xBALÚ»\xA4E\xB5\x81\F\xE9D\xC8@^L\xEF\xE7\xD0\xF5\xA6\x938\xBC\\x84,\xA4 \xAF�X\xF8s0\x8F\x93\xB4J5\xAB9\x8EWu\xFE5�\xFCs�w�Ú—\xC3\xCB�Ú—\xF39\xFBZD \x8Et\xF1\xB1 \xD2o\xC1|T�\x9E.6t�\xB3Ê™\xF7\xB5\xFCe!\xD4$\x91\xF1"\xF1\xF2H\xFC�Q\xB4\xFD�ÌQfE\x97\xBE\xAF\xF00\xE3\xD0$\x8C*X\xC8,\xD3Z\xA1\xFE\xA4\x9Br;\xA5�\x85\x85Wm \xDB�\x9A\x8CX\xB5\xFA�.\x96\x8D\x97<\xCFmc\xB5\x923\xB5 k\xDBt\x9FmZ\xD8.\xEB\xF6=gB(\xA4\x84\x9B\xF5\xB1\xA5Em\xA4\x84É \xE5XV{6\x9A\x86Å¡er\xBB\x96\xC6i\x824�\x8C\xB2 E\xC5\xD5Ajx_\xE8l\xE2\xB6>z\xEC]\xCD8\x83\xC4F\xA4\x85f\x9A\x91C\xA1\xA9J��\xEB]\xA3\xC7>�=-\x86\xEE\xF8�\xBD\x8F M\xA3gg/XEPFF-\xDEq\xD8>U\xA8\xF6/\xEF \xD1b\xF6,\x92��\xFE�\x84΂\x82(�É«��ǪЙ\xB9_A\x9A\xB8\x91�\x8B�\xA4\xC1L\xA8\xD4\xE5l\x88x\x91\xB6t\xA9\x82�\xF8\xE1\xB94V�\x8DhT\x93/\x95xya \xA2\xD6c\xA2f\x8E\x92_\xF8jm\xF1\xA6\xA2IwR\x{DBB2}E�\xBC\x8A\xE6\xE6+\xFD\x95\xF1\xC0
-up\x82d\x93\xC37\xA6_\xEA��y\x82jy6\xA0 �\xA2m\xF7\xF5\xA0\xA9�\x82J�\xB6\xE7~� \xA0>x�\x9B�(�\xEEh\x99\xD7�K�n\xE0\xEAڜ\\x85�&\xA7P\x95\xA7\xC4֦\xEF\\xF9�\xB5
-\xB0\x8DJ\xDByO\x83<\xA7\xBC8R\xC8�\xB3\xEB\xD7\xC6Ç\xD4\xED\xA9v\x8D<\xB4\x9Fm\xF1\xACl\xB2�6U\xF3\xC7P%\xC8TGc\xC6\xF7�OS\xD0J\xD6�\xDA\xF6\xB6W\xE6j\x9DÊ•C\x82)\xDDs\xAA\xDB\xE1zTZB0\xC4�\xD9Í¥]\xF1`�2\xE4l\xEF\x80
-C\xE3\xD8\xF6\xB9W\xF36G\xDC(N\x83\xF1�\xF8"t\x97\xEB\xF5ˋ#_\xD6P\xAA\x9F\x8C9B\xA3\xB9T\xE4\xFE\xB5*\xD2\xF3\xE6�3\xA1iq~\x9C\xE5\xF1\x99TL\xCB��\x9D\x98cH�\xC2�
-H�+\xAEn\xFD\x9DG\x93\xDB"��\x8DT9**V\x85\xAB�\xD8fȎ m'\xBB \xAB\xC1o\x8A\xB3z@�+\xF9b\xF5\
-\xB6\xEC\xEC\xE42\xC1\xD7q�\xC2\xF8�\xC8\xE0\x9B8!\x91\xF9G
-y\xA46\xE4\xA2{\xF66\x92s\xE15@\xF0b\x95\x8E\xEC\xF6<4�\xD5[17u[\xF6\xAF\xD8��\xE1:\x89h\xDFY\xA6\xAE7=\x87\xBD�
-7
-\xA2�pbJ<�n\x92>�7=
-Pw\xF3kR\x98]\xD7\xD6\xDCÓ¢\xCD\xC1\xE4\xEC[\xE1\xE2\xCA\xDCR\x8B\x93\xE3\x90Í…/!\xA5�_\xC2�uLS 9\xA9\xCCIj\xED0__�\xEFR\xFF�\x8C\xBF$<endstream
-endobj
-1652 0 obj <<
-/Type /Page
-/Contents 1653 0 R
-/Resources 1651 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1655 0 R
->> endobj
-1654 0 obj <<
-/D [1652 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1651 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1658 0 obj <<
-/Length 1094
-/Filter /FlateDecode
->>
-stream
-xÚXÝ“\xA28�\xF7\xAF\xE0Q�\xC2\xF1!
-5O\xEE\xAC3\xE7Ö\xB3\xE7yO\xB3\x96\x95\x81\xA8\xA9�\xC2&\xC1\xD5\xD9\xDD\xFF\xFD\x9A/�e�\xD0\xC1\xB2 !\xFDKw\xA7\xFB\x97&\xBA\xA2\xC1OWlK\xD5L\xA7\xAF�\x9D\xBEji\xBA\xA5\xB8AGS\xD6\xF0î±£\xE7cP1�\x95G}\x98w\xFEx0\x87\x8A\xA3:�c\xA0\xCCW%,[\xD5l[W\xE6\xDEs\xF7\xFE\xCFÑ—\xF9x\xD6C\x86\xA5u�j�Y�\xAD\xFBa2\xFD\x98\xF58\xD9\xED\xFEi\xFA0y\xFCw6\xEA
-\xFB\xDD\xF9\xE4i\x9Au\xCF\xC6�\xE3\xD9xz?\xEE!ݶt\x907r\x84\xDF�<L\xFE�gO\x8F\xB3\xD1\xE7ϣYo1\xFF\xD4�\xCF�\xB6\x94\xED\xD5531\xE4[\xE7y\xA1)�\x98\xFD\xA9\xA3\xA9\xA6c[\xCAwhh\xAA\xEE8\x86�t\xFA\x96\xA9Z}\xD3,z\xFC\xCE?\x9D\xBF�\x80\xA5\xB7\xA9h\x9D\xFF,\xD3V-\xDB�\xD68\xB0\xAF\x97�\xA8k\xB6\xEA\xF4\x9D\xA12\xB4�u`�f\xEA\xC1\xE7��hZ\x97\x86\x92\xF0�v J\x9F\xB6\xD8\xCF\xFA\xC38x!\xFC.k,�{aR\xA4\xEB\xAAcYF�@H,\xA9\x90\xD4�\xD7"H�1\x9F\xAD\xF7Y\xEBGvÞlj�\xCB Kw\xB3\xF4a\x86\xAC\xFF\xD7\xE2\xAE
-\xA5W\x94a\�Ƕ\x85\xAAhŹ �1\xEE�^AK{\x96""n\xD6\xCE
-|\xBE\xF8VU\xD5\xC2�\xE5Û¯K
-\xF88 H\xCA�Þ¬\xB8 \xC0;�\xBA\xD8\xDD4�6N\x85\xAF\x95�t\x8D`\xF1\xA9G\xE5\xBE6�rGe\x8DE\xC5?\x97�Jp\xE1�\xD2p\x8DB\xE6�q\x8E\xD9P\xBB�%\xB9c�\xF3w\x80\x92\xFB\x884�\xA9.�
-�gL\x8A\x96^\x8E�d\xEAn\x95O\xB4'b\xC9\xF82d\x8D\x95\x8F8\xDBR\xAF�\xA3\x81֜|\x8B\x89\x90ͥ\xAB\x89\xCE \x96\xC8\xE5��$"\xE0\x9Ck\x8DH\x9DGV\xB0\x80�$ip\xE5
-@\xAC_�R\xA3\x89\xE4\xFB� R=\xDABTL\x89\x80\xF6r:\x8F\x96I\xA3\xC1\xB4\xC0\x8ATR�b�\xAD8��\x8E\xE5\xE6\xDA\xF58\xC5J)\xA4�X5\xC6p\xE8�\x86G\xB6\xB4\x88\x90�\xCB\xCD2ąwZ�\x99\xA0\xAF\xA4\xC8\xDBWrN͗Q`\xC7@�\x8E"\xE2\xA1|�)H\xA3Mڬ\xA8�t\x880\\x88\x85h\xDBϺ\xBFj\x96V륟\xD9\xED�\xF2\xE5?\xE4\x850\xA9{\x90\xD0�\xE8]\x9A\xAF\xD9N\xD8 �\xD4�\xE4zO\xBEl�(\x82ܡ\xBB�>\x913L\xD5I\x8A\x9F:�\xB8>%aAv\xEF\xA0M\xB6&\xEF�Gv\xAE�{\xE4�\xBC\xEA\x9E�\xAF�\xCEI\xBD\x95\x835P\x85�7\xE6\x82n D\x8A\xBFoO\xB2\xE7AS/\x8Dj\x97\xEB`\xDC\xDD[\xA1\x80�l\xF0�G�s\xF3\xCD�B.�%v\xE5�\x82U~\x83X#\x9CC�\xAE\xFD\x98\x9C&Ϩ\x924#\xB8*�ӧ\xE9\xB8U\xF6�\xD0�\xC5^T\xA2\x8EV�Ts\xD1*\xEFA5 \xAC\xE7\x935N\xB8\xB4\xB4\xFC�\x824\xF1_)4+\xD5e�ua7\xE7{\xA8\xBD\xAF%~\x8F
-\xFC\xE2�\x84\xFD5\xE3Tn\x82<Ã\xC01
-\xAB\xE9T�\xC9"K��Ush\xF4k]Q�{R.\x97�\xF8�\xA2\xBA%e\xECO\xC2D\xBF\xAB\xF7\xB5�\xC4\xF5 N\xAB\xBD\xE6�8g\x95�\xBE}7\xCA9�E@\xED\xE9\xC2]]n\\x8Dtb\x96H\xBE�)\xAC\xFF\x8Aq\xA0\xC9cbJ\xB2\x93?9\xFE\x9Ed\c\xCDH�\xC1\x97C=\xAD4�\xFF
-\xBB40'\x93e!�7\x86M\x91�GĬ?yjWƼ�\xCE\xE0\xA3� \x86\x8F_d\xEDK\xAA�\x98\xD6\xF5\xD9\xC9�%\x98\xBF-"'-ZY,/GP\xDDY\x89i\xA9\xC9�G\xCD\xC9�\xFC\xF3io>G9�2\xF5\x81,l\xDB8�\x91�F\xE9\x88\xC4\xD4�\xAAm8\xC3B\xA9\xC4\\xCB:\xD5\xFCp\xE0r\xAE\xFA\xFFn\xB3\xFC8endstream
-endobj
-1657 0 obj <<
-/Type /Page
-/Contents 1658 0 R
-/Resources 1656 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1655 0 R
->> endobj
-1659 0 obj <<
-/D [1657 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1656 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1662 0 obj <<
-/Length 2714
-/Filter /FlateDecode
->>
-stream
-xڽ�ks\xDB8\xEE{~\x85g\xBFT\x99\xA9T\xEAA=\xB6\x9F\x92n\xD2\xEB\xCEn{\x97\xCD\xDE}\xE8v:\xB4Eǚʒ+\xCAIӻ\xFB\xEF��$-\xC9J\xD2\xDEk:�A��\x80 \x9Et\xC3�\x83ႧAZD\xC5"+\x92\x80\xB3\x90/V\xDB�\xB6\xB8\x81o\xAFOBC\xE3["Hu~}\xF2\xE22\xCE�EP\xA4Q\xBA\xB8^�x\xE5�\xCB\xF3pq]\xBE\xF7\xD2
-N\x81�\xF3^\xBD{{\xF9\xE6\xF5\xEFWg\xA7Y\xE2]\xBFy\xF7\xF6Ô8\xF3.\xDF\xFCrA\xD0뫳_=\xBB:\xF5Ãœ\x87Þ«?\x9D\xFD\xF9\xFA\xE2\x8A>\xA5\x86\xC7\xF9\x9B\xB7?�\xA6\xA0\xC7�L\xAF../\xAE.Þ¾\xBA8\xFDp\xFD\xF3\xC9ŵ\xDB\xCBp\xBF!\x8Bq#\x9FO\xDE`\x8B�\xB6\xFD\xF3 �\xE2"\xE7\x8B;xaAX�\xD1b{\x92\xF08\xE0I�[L}\xF2\xDB\xC9_�\xC3\xC1W\xBDt\xD6~!�\xA28\x8Df�\x98\x84��\xE6,H�\xB0\xCAx�\xA4q�k�\xBE?\xF5SƼR6\xF7\xBEhÔ\xEC|Q\x96\x9DTJ*\xFA\xF4wz�\xECÇ\xE8W\x9B\x8Fu\xA5z\xC2\xFF\x93�\x86\x8F\xFC\xB2\x92\xBB\xDE_w\xEDv\xB4\xBA�[y\xB4\xE6\xC3\xCB�h@Ø…�\x86A\xC1y\xF4\xA0Ju%\xA6
-Ͳ\xFC\xEF\xAB�\x9BÞµ\x8D\x92\xFE\xAE\xAD\xAB\xD5\xFD\x88\xDD׶\x91�\x91\xA7^�\xC5A\x81\x87n\xB8\x84C.\xC3\xC57Õl�\xFC\x87\xD9j\xA5IJ\x96\xE5�\xB9�J\xF5\x9Bn?B6_\xCAv+\xAA\xF1\xF2\xA6-E/F\xA8\x95ÖŠ\x98��<\xBE\xD1Õ¾S\xA0\x9B\xDF6\xB5Q\xF5^\xAA\x8Fm\xF7\xB1i\xEDò¡‘·\xE2\x8B1\x8A\xDF\xF7\xB5Qe\xBF]\xCAnD\xFDR\xCB\xF4'\xD6!\xD1\xE3S\xFB�h\xF0Ô¹,;)>\xF9e�\xEE\xBE\xFA�\x81U\xE37\xCA/\xDB^=\xB2ßl?É‚<b\xD9d\xDB\xDA&/.\xA3p\xE1\xD0k<�\xA0\x8E\xE20s\xA9-L!]1\xE0\xD6\xEE\xFA
-\xBC\x90\xD2\xCFo\xBD\xE8\xE5V6=\xBD\xFE$\xFF`,j*\xA4 \x8ChJ�~W\xE2F�Y\xD1 �\x80\xA8\x88�,LH\x9F\xEB\x8Dt
-�\x88\xC2<(\x8A"�b\xA4\xB1��3\x8B!\xE9\xC5qb\xE8\xD4@\xB98\xF6\x94DS!\xB4\xDF\xD1\xF3\xA6n\x97\xA2&\xF8\xB0-x\xE9[|&\xDER\x9A�
-#�\xA1\xE5==1?��^o*\xB3l"p+�\xB1\xD8\xED\xA4\xE8\x8C�\xEDO�\xAD(Z}\xCEQ\xEDp|2�(q\x9Az��\x99\xB7j�\xB4\xED;�d]\xFC\x86\x98Z\x82�)/\xBC7kB\xF6�p\x830\xF7$-D\xE5�
-n4c\xD84�\xF2\xA2�\x9F\xB6l� ˧\x96}�\xBC��\xA7L\xB2\x9C�Q\xE0\xB2nW\x9F�\xBC\xAB\xFA
-QH\xB1\xDA�\x8Eh \x86\xA3\xA1\xCFhxDT\xBD2\xB1\xCA\xD2 \xE7E1�\x99R\xAEž6NwW\xD55A\xFA\xB8\xE0\x89\xC7���\xC40\xC8\xC20]\xF0\xA4 \x8EQ\xFC@�#"H\xA5\xEB\xD7\xC8l\xB6\xB8:*TJ\xF4=l\xCE_\xC1�9��\x86�\xF88h\xFF\xA8tG5#~x�\xA0!\xC4C\x9A\x8C\xE5\x9F\xD5u{\x87\xB6\xCFSo�֩v\xB5\xA4\xB7\xDBJ\xDA�\xDA\xC0\xF0T�\xE1\x9C$''Cl\xD5\xDC\xD8E\xB4�
-bN_B\xD5�G\xCB`\xCD�\x9D\xA1aL\xD0Fh�\x99>9\x8Di\xEF\x9A!#}\x9A1\x87\xDE!\x9D�\xA6\xE1�\xD4!��>\xCD�\xA3\x83E\x85\xB7\xDC\xF7\x84\xAE\xD6\xF4�l�\xDE\xEC��܈[\x83\xEC7�P\xBA !\xD4\xEE$\x85�F="l1Dx\xDDv�4\x8E\x9EL\xA4\xDAz\xAF}u\xA6bQ~c\xB4K\xB0�\xE8�\x85�\x83-n�?�݈�\xB3"ˆ\xD6G\xBC0X\xB4\xFEiH\xD8\xCC� �\xE8|\x84�zs\x88\xD9\xCAm\xDBݛ\xE5\xA4C�\xBBQ\xAAZ\xD6�]mwZH{k�>\xBD�\xB9F�\xCC*\xABJ6h��V\xF76\xAC at A�{\xCAyܖ\x83\xC0q\x83<\x91�\x87| \x97C˗2\x9B\xA3\xA7A3\xF1t\x9E�1\xE3\xC9(=\x81ܢ\xA0\xE4�c7X\xAB\x96P�\xFE\x88Q;\xB9\xAAp�:iÇ\xAA\x99\xD3#\x81XO \x88\x89\xB7v\xE5c�\xA06\x85\xD14\xEB)\xF4\xCA0\xD2)�\xF9\xDFm*��\xD8\xEDhG\xD6B{z\x82\xF9\xBB\xAE*\xB1eD\x82\xDE\xC6B\x94$P\x8F\xF3t|�\xA6$�\xAB��AƳ\xE2�\xCD�\xA5>t[��\x91\x9Fg�\xCF \x91ϟ�\x8F\xC7U�\xDAx\x9B\xF3\xE7\xF3Ẑ<g0�\xA4i\xC0\xD2\xEC[ƌ�\xE4\xE6\xF9\xFC\x90\xE1;\x86\xFE\x80\xA3΀c\xD5\xE28\xC8ӼprQC\xDB\xFEN\x8F�("W\xB9\x9Co\xA0\xFF\xDA,�\xC1a\xDAp�M\xF9�\xD4Ҽ\xBBp-\xB1\xE4�\x99\xF7\xB7
-\xB6\xCDv\xF9\\xBF�\xD3�L8F(*V\xCE�\xD58�\xC3\xD0R)\xD9\xDDb�\x87l�՞b\x96\xF4\xB1\xA9��\xC8\xE5ȑ
-��\x92\xAA\xC9K.\xBFp\xD0\xBF\x83Ô \xA3\x81\x9B\xDD\xF1x\x94\x84x\xA4\x93�`\xB5�0\x8B\xF1\x84\�qD�Þ¯\x8Ei \xA4
-\xAF\xD9[\xD48�\xB9ͫ\xB8^\xA7\xDA�1\xD2u\xCAȣ\xB2\x82P\xBBvtJ\x8E3���܄\xCBJ\xDA>�\xC6&\xD3.\xAD\x91Ƃ\xA6Y \x86\xCC
-fΦ\xA3FBA\xEE\xAC\xEF\x87\xEB\xD7\xFAdpa;a jc\x9D\xD2,8X˴\xBE\xDAL\x93�\x99h\xED\xDF5:e\xE1yo\xB7\xBA�b\xF1L\xA7\xC7\xE8\xD0\xF09\xAC\xDB\xF0\x8Au\x9B%\xAEV�\xE6\xAE\xDD\xD7%\x81K9^+\xB0Ap �\xB6r>)bP\x9C\x9C\xC4`\xAE\x86\\xBB\xD2@\xE5nЗ\x95m#\xC7%E\xFB\xC8\xFA~PWfÉ'P�\x8A\xE4\xDFI~\xC2(#\xE8\xE1Z~W\xBA\xECٓ\xFF2\xCF*-\xBAe\xD5w\xA23\x9A\xA2\xF3\x9A�
-\xA1�E!\x8A\xC79\xF4\xACiu\xE7
-\xFD\x8A\xAB\xC4h\xAC(=\xB4�\xF4Qw\xE4\x91\xE9\xC5\xE0ݞKD}�`\xD4~I-1\xC0\xE8\xB1\xFA\x93>2@\xD8#�p���2\xA4\xAF\xD6+ �\xE9\xC2*\xD3[\x9CVW�ܷsGI<{=\xB3\xC7�ǥUG uw h!�tiν\xCB\xD6|\x96_�D�\xE6\x91�;\x91\xB5[\xEFԄW1|\xE97\xF4f^\xED&�<{N\xCFs\xF3\xD4\xED��\xAF\xA6�\x9A\xAD\xF4\x9Aɗ\xF3\xF9\xDCA\xB1�\x81\xE6\xC3dH\xFD0b]2,�\xEB\xAA\xF4\xE1�?M\xD0�\xBE\xA3\xB7 \xD3$\x9D\xF66\xC0]\xFB\xECA�\x93�s\xBD-|\xFC\xC18\xD3��h\xCE\xE1%|\xA6\xE8�11
-\xBB\xC4e�$\xAA\xDDҢC��\xE3U\x98\xF0\xF1\xB1�?\xB6\xD9\xF1\xE0\xFF?\xD2.FWyv!\x88�
-0\xF5\xA1\x99\xD2w�?\x9C\xFD`\xEF\xA9P\xA05\xFFHÞ‹�DBM%B\x87\xF5z\xAE@\xA0\xB2\xF7�\xDA\xF3\xF4Å’\x9B+&\xE7��&Pg\xA5Ñ\xC7\xD4\xD5��\x9F?\xA6q\xF8\xA4\xC6�\x9A\xDC`{sus\xF6L=\xA8st\xEC+\xD6r/\xBFc�\xE1t�\xAF\xFE\x9F\x86\x8F�5|8\xBEj��\x81?\xEB?=\xE5ܳ3]�\xFA\x89\x9E\xA0a\xA2\x83WA�\x97\xE8�Ì…Ê\xDAA\xB0\xB0\x83`\xE1�\xC1b0\xF7A\x83\xDE�.\x87\xBAK\x99�\xE9D�kzÊ“#Mh\xFE \x89B\xCFLk\xB9\xEA\xE7Lb\xC6BÌqJMI\xCCso\xB5\xEFh�xW�\xF3�\x87\xB5Z\xCF�\xB6N �Q|\xDEW\xAE D\xCA\xDE\xF2X\xB7X7tl#\xFEH}\xC0a>\x80\x9AMW2\xDCLHD\xAB*Õ£\xF49_\x84V�\x99F\xA1\xE9\xBB 4\xCD\xE7\x8F3Y\xAF\x88�\x98\xE7l�\x83\x93X}\xF21[\xA8\xF9\x9C\x97&\xEE"\xEF\xF9�7�}\xBD\xAB\xF4\xABZ\x8A�v\xE8W
-\x9C\xC1\xAD�\x8C\x86,\xB3,Hp�x\x82%7�t\xC1ꋕ\xBE\x96\x97_vU7ۛ�E\xC0s\xFE\xBDlAŪ�v\xBC\x9E\xB0\xCCY�A�~\x84\xA5\x9FD\x98\x8F\xD3q\xE0\xE0ݲvq}\xB5|\xCC7\x85)\x8B\xB9[\xCF9\xBE \x94%7g \xBB\xE6Q~)Lm,\xFD�~\xC4NU_\xE7
-]\x9A�0\xC3�\xF4s�\xC33S.4zqnE\x95]\xEB7\xAD\xAFZ\xF1\x90\xAA�\xEF\xBF,kÛŸ�\xA0�\x8BÆ\xF6Û¶×EbcxÚ$&\xA4�\xBF4�\xDB\xD0�j\x94�FL\xCC*l\x89\xF7\xCA,\x84\xF8Z\xEF��2\x90P\xFF\x83\x8B\xE4\xFDQ\xEB�cV3\x88G\xFD�磙\xC0,+\x93k�\xB9�zq\xD7\xC3;\xB5\xB0_�v\xF1 u\xF1\xFCp\xC1wh\xE1\xFD$\x8BL\xE3�\xC8C\xE3�\xC3b\xAD\xB8fKi`,\xAC\xA4\xDB~\xF3\xE1�\xE5\xE8\xD6�!\xDD\xC82\xDA�P\xF8s\xF5뎔.\xC9\xCE�\xB3�*B\x9A&�e\xBA\xD2}g\xDE\xE7��\xE8`\xF8{\x9D\xA2\xC5t\xB7W\x98\xB1
-�S� \xFA\xBC\x87\xE9\x90\xDA&�\xBF\xC3D9"'nF`+
-[h\xF9\xE7\xCEi+>\xE9>�\xA4\xC8F�\x90�6\xA8\x9E\xB6\xE9d\x9EÔ¿\xBE!\xB44D {\xBB\xDE\xD7x*Ph\xDF\xF4\x84\xD5�U�z\xA2\xDCV
-\xF8 ��\xC8-\x8B\xBDg择�\xF8\xF3`\xB5\xACjL\xFA\xFD=}\xA2\x9E�\x845jhq\xD9ј\xF9
-\xFE\xB6\x92f\x98\xAAÌŒ4c\xFA\xC9L]\x9Aq�-e\x86B�%\xB4Zu\xA7\xB9\xB7\x9F�\xC3Ì€\xE8\xAE^\xA6\xB3\xF4Ü\xDD1�\xF0�ê™»u\xE6�\xD5\xFF\xF8\x87\xF0\xC3\xFF�\x80v?\xCE\xF3h\xFE\x92>\xCA\xF2 É\x89Q
-
-\xCA\xD3\xE3_%\xCC/\xE6Ǫ\xFF�h\x99~\xD5endstream
-endobj
-1661 0 obj <<
-/Type /Page
-/Contents 1662 0 R
-/Resources 1660 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1655 0 R
->> endobj
-1663 0 obj <<
-/D [1661 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-470 0 obj <<
-/D [1661 0 R /XYZ 56.6929 648.6893 null]
->> endobj
-1326 0 obj <<
-/D [1661 0 R /XYZ 56.6929 618.5026 null]
->> endobj
-1660 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1666 0 obj <<
-/Length 3727
-/Filter /FlateDecode
->>
-stream
-xÚ¥�ks\xE3\xB6\xF1\xBB\x85\xBF\x85\x9E\x9Epx\x92\xC0\xF4\xD3=|�7Í¥\xBDS\xA7\xD3I2SJ\xA2-\xCEI\xA4#R\xE7s}w\xB1 _\xA2\xECK2\xFA p\xB1\xC4.�\xFB�\xC5%\x87\x9F\xB8\xB4\x86q\xE5\xF4e\xE643\\x98\xCB\xF5\xFE\x82_\xDE\xC1\xDC\xFB��p��i1\xC4z\xBD\xBCx\xF9Ne\x97\x8E\xB9T\xA6\x97\xCB\xDB\xC1Z\x96qk\xC5\xE5r\xF3s\xF2\xE6\xFBW\xFFX^\xBCZHÓ\x94]-LÊ“\xD77�\xDE�\xC4\xD1ß›\x9F>\xBC\xBBy\xFF\xAF\x8F\xAF\xAE2\x9D,o~\xFA@\xE0\x8F\xD7\xEF\xAE?^xs}\xB5�\xD6�x_\x86�μ\xF0\xEE\xE6\xEF\xD74z\xFF\xF1Õ?\xBE\xFAx\xF5\xEB\xF2o�\xD7\xCBn/\xC3\xFD
-\xAEp#\xBF]\xFC\xFC+\xBF\xDC\xC0\xB6\xFFv\xC1\x99r\xD6\>\xC0�g\xC29y\xB9\xBF\xD0F1\xA3\x95\x8A\x90\xDDŧ\x8Bv��f\xFD\xABs\xF2\xD3\xC62#uz\xB90\x92\xD9\xCC\xCE�\x993n at h\x8BL�\x96J\xD5�Y\x8A9!G,�\xF2\xA6<�\xEB\xB6><N\xB7+\xA4a\xCE�u9\\xF4\x84t\x875C[�h�ř\xCB\xD2tL|\xB9-\xAE�J\x9A\xE4\xA1>|.\xAB;z \x96\xAE\x84M\x80\xAD+\x91 g�Z\xDF\xD2�\xDFi\x8A× \x88�\xABt\xF2\xAA
-\xA8U]-\xF2US\xEF\x8Em\xC0\xBD\xCF\xDBm\x95\xEF\x8B��uRV\x93\xB5\xD6u\xF5�\xE7\xF2\xEEx\xC8Û²�\xB3�\xD9�(\x97Ë…� ;�\xC7 �sÆ\x82>\x94\xBB�\xA0j\x9D\xACp�\xAD\x926\xFF\T�\xCA�\xFA\xA7\xBD\xEC`\xDD/�A\xFC\xB6\xC2p[�\xB4~Ó¸c!\x84ß•�AF\x88Q\xDC\xE6\xC7]K\x84v\xF5:r
-S\xB7\xF5\x81�\xFB\xBAii�\xA4\xE3\x91\xEBc{�p\xDAT���/\xD8�\xC3=\xBE|\xA7\x87\xCA\xC2\xE3V\xA5\xDF*
-o\xC3�NJPGg�j�v�j\xEC1aM�v�ǂ[\xC3\xDA$\x8Ef7\xA9\xACLnn !\x9F\xC3�-V\xD5-
-\x9A\xFBb]\xE2n\x8A\xCD�\x80XN\xA7\x89S\x9D6ͮ�
-V\xC0 xa6�hk\xC2\xFD\xEF\x8C T\xAAX\xCAy�\xB6\xC7\xE6� \xAA\x9D\xA5�\xE1\xBB�\xA41Z*\xA6P\xE3Gr$\x8D\xD3bʖ\xD22\xB9\xF5\x90zO��\xDBr\xBD\xA5axI���\xE6I\xC1DҴ\xF9\xA1\x85\xC3�u\xB1&\xAA\xCB��1�YXo[�w�\x9A\\x85\xF7\xF2\x8A\xE6:�\xC2\xDD\xF0\xB1\xE2\xA39\xB1�\xFF�\xBCP
-�\xB3\xCA=\xED\xA9�H\xE7�UDB\x92\x9F\x8B\xC7\xC5y_\xA5\xE1�$\xD7O\xD2\xEE\x90N\x89\x8F<\x95�OŅ�Q\xFF\xF7֛\xB5\xE0\xC9}q kۓ\xB3\xE2.\xD9<\x82i\x94k\x9A<\xDEor\xEFr`\xEC\xFD� 4\xC5\xFAH'A\xF0\xFF\xD5UѼ ?D��\xC0\xE9a�\xE8a[t\xAF\xC12�\xEA\xFDq\xB5\x8B\xF4\xF2j�\x94\x8D\xE3\xE1ر\xAE\xDD�\xCA/\x9E�4\x8E\xB7�>}\xBA~Cc\x90%
-:g\x80�Q�\xA4%e@\xD8m}\xACȼ\xB2\xA4\xBC\xA5\xB9
-�\x80\xAF\xDB\xC0^\xD5F\xEBC\xCD\xE9\xED��\xB0\xF11No\x98\x96\xCF;�ͅ\xF7J�\xEAy\xCD�*\xE8Ȅ\x89\xAES褾�\x9E�\xA0[o��c M�\x81\xD9ux-"�yj\xAF\xCB\xE1�r\xA3\xC2�\x9C$ @lh\xF3\xB2\xA2���]\xA24\xF1�\xA4�0\x9B\xA3\xB7X\x80��3\x9E�\x92\x9BL[��Ū\xAC6\x8C\x8E\xAF\x9B�\x9D\x9F_\xF8\xD4ۀ_q�ԘVy1CH3gE\xF4LJj\xB3fx\xE23~���\xD1!\xC2\xE6O\x97�~lj"\xB1\xA6h��\xF5\x99\xE5R\xC32\x88\xC3\xD1Q\xFA at p\xC6G�\xCC\xF3\xB8K\x9Fv�C\xAC\xF3^\xA2\xC3B\xAA\xFB\xBC\xCA\xEF\x8A\xCD�e\xF7\x84\xBFp\x86\x89\xCC\xE8\xA7\xF9\xE8\xB0f����\x87\xF4Τv\xCCɧ\xCE٢})�\xCCBe'� \xE60!\xC1\xFF\xE0\xF4=zM\xD8
-`�?0X\xC5�l�\x90\xC8,\xFC\xFC!_\xA6a\x90�=�\x8D\xF5\xEA\xE68\x93\x82\xCFh�#\xB7\xF2\xFA\x91�\xE1\x90q\xBC\xA0\xA7�\xC6a�\xFF\x89�3\xB4k3o\xD7Ñ’Q>6\xF3\xF4 \xE4\x93
-\x8D\xD4-�=�ES�#k\x8CȔAq\xCA�\x94r\x83d\xCE\xF3\xB1\xA1i\x94'\xCE�\x9B\x82 _\xCA\xE2\xC1;\xE2T\xE2N*\x9A(\xC1\xB4��2,�c1\xEFc1\xCC\xC6D\x90S��\x88?\x86\xB8L�\xD6΃\xB3\xD6L+=��\xF2\xDB\xE1\xCBi��O?^\xE7\xBB]�\xC2\xC82\xB3�,S\xCB \x84\xA1\xDE3\xF4,3b��Roa]\x97\xC9@ �\xC9O\xB0\xA3\xC3C\xD9�(
-\x97
-� ԃ `�\xB6�\xA3U\xE0\xAC\xDF"<\xF8-\xC2S\xDC\xE7\x87<\xF8\xEE\x85\xC8,\xD3V\x89\xB1��\x9A\xEB\xD5
-\xF2\x9D\xCA+Q\xDA\xED�\xC7\xF7(Y�\xE0!\xFD�\x87.)ro��L\xD4���\x878Z�H\xD0\xCF4\xF9\xF4\xFD+\xF8\xA31D\x88\xB0�F\xE8���\xEBW
-\xFC\xDDÖ»]\xFD\xE0\xCD�\x97~\xEC\xDF�\x85':\xC5\xE2k[T\xE8"\xE7\xBC2�\xC0V\xC6�c\xFB3\xEE]�\xF4\xB8f\x98n\xCEzP.\xC1\x88S\xF5\x8C��`=\xE1A#Vgt\x8B\xAF�Þ§^Se\x8C\xA7\x90�=I\xBB\xC3:%�\xC0\x816jɸ�\xB9\x8D\xA8/)\xAA\x83\xC3\xEA\xA2:\xB8\xB7�\x869i\xD1�sI\xB8sLBi�\xE4v\xD3\xD2�\x94%\xC3�`\xF6��\x915\xDA\xD0I\xC09K \xF2�\x96\xD2\xE4\xDB\xC7 \xF4\xF6�H\xB1\x84�\xE3�=\x98�VB\xAA)\x95J\x87~\xAC�\xE9\x84\xEF�\xB820K\x80\x8DSl*�\xEE�\xF9�\xBD2\x94\xB77�)d\xEC\x80\xD8Ä¡\x8A\x82 c\xAE\x83\xCFC\xE3\x9B:V\x9D1\xA5\x8C\xF8�\x8E�(\xAA3\xD1M��!*\xE4\xFDmR�Å¦Ø q\x82�-\xDB \xBD=Vk<\xB8|W\xB6\x8F\xC3�\\xB2:\x96X\xBEzP\xD5�\x9E\xA3!-$x'×»\x8A\xBE줨2\xAC\xF6Ϙ\x84Ö–A\xE5"\x9E6\x89!\xD6y\x93\xE8\xB0|Ò‰\xC5\xC7]\xD3\xE4\xF7%:\xD86_\x9D\x98F&\x98J\xCD3<tX3L\x8C�5h\x84\xD2\xE9\x84�\xAA\xECD\x9A\xFC\xF0\xF1\xB5\xA1Q`Æ\xBB\xA0�c\xAF\x9D\xF0O\xB1Nd1\xB3M\x93\xF7\x9F>-\x96\x9FnÞ‡y_\xAF`\xD87\xDC\xFA"Ü¿�2\xEBt\x90Y\xA7I\x845EKkb\xF1A\xF8(�:\xC44e\x9Ac\x895<\xC4 \xB9u�\xC7P
-\x949zj(2\xBDjh�\xAAz�4X\x9A\xFB\x8CCc\x8E���\x98q&\xF0J�\xC1\xD7\xC3
-\xDE\xD7�$\xEF\xBC4 �\xCAv�\xC0\xD8�B�\xD5< \xD9\xE7\xEDzK\xC9
-V\xB9�\x84R\xA9Z\x97\xF7�[\x81扗\xA7\x93�\xD5Ѩ\x9Ct�g���\x8A\xE94{\xA6$�b\x9DW\xCC�k\xAA\x98\xEBC'کr»\x99~\x86\x8D\x884\xC3\xC6H5!w̤Tc>\xBCj\xC2��\xBB\xDE\xF0\xF1iz\xE2�\xA3\xA3\xF1#\xCAuq\xD8\xF6\xEFSR\xE5ǡ�\xC5q~\xC4�\xAD-׾\x9EE�e&8""\xBF�\x8B\xA6-B9�2\xCD2\x88(#5\xF4\xA1[\x84JZ\xC2;\xBD- 8\xF8\xB9\xB6^\xD7;0�\xE9\\xF2\xA6\xAF_w\xE1庢\x91M~(�+*\x81\xEB\x86\xE6�\xFD
-x\xF5ƃ\xC8e@ɿ\xE4\xE5._\xED��ބ�<\xB9\xA9\xC8f\x94/&\xDF^sݔ
-\x98�\xE9\xB2\xEBJ\x8A._׮�3�׾l\xC7�׿�ˮ\xD4\xD0\xC8�\xAD{\xBC\x9B\xBEߵ"\xBDg~�\xC1\xEFi\x82\xAC\xCC\xC4\xCEB\xA8�\xAA\xFA\xB0�\xFB||\xBE\xCD\xF8\xB2h\xD7/?�V\x86\xF5~v�\xE7
-K\xB5Ѓ$\xD6\xC4&i\xAA\x87}Qx\xEA\xFCc\xAA�I\xB5\xA6=\xABT\x85\V'5\x88\xE3Pn6Ex\xF1\xD8P\xB9\x9F\xC6�
-�f\xA3 TS\x81\xA1\xD1F\xC8sbC�\xFC؇\xB8Ъ\xE8^\xA53\xA3\x93\x82\xC7�\xF6y\xA9�-
-�`É\xDE\xFDEJ�\xA4h\x87\xF9�\x90�\xBF�\x93F\xA8\xF5^\xCEȚ��\xAA\xAB\xE5Q�ئ\xDE\xE7\xE5\W7\xCBX\xC6mLa\x90\xB0\xDFM\x9A,\xAF\x9C\xC4\xFE5r\xE6���\xA2-\xBD\x98\xC9=\x9CdFɸ\xD2 Zhn\x98\xBF��\xEA\xF7Y\x86 \xAFT\xC6\xC5e\xF6\xC7&\xE8_\xBEkj�\xAD\xBA\!L\xF9\x96U\xB0�\x84G\xBF\xBD�\xBA\xEDqMK\x91h\xB8H�&\xA8\xFF'�p\xDE\xE5s
-~\xD2\xCAg\\xFE \xEB \x97�\xB1:\xF1\xF52�wA��\xE6�\xDA�i\x86\xF6\xC8\xCFC\xE6!\x94\x9C�'3\x83\xAC-0\xE0\xC7\xF9\xFD\xBD�\xD3�\x9F`\x9B\x90�\x9B\x98:c\xA6�n^\xB0\xDA\xC3�\xC3d�\xAE \xD0l\xF3\xBEL\x87\xE7Pq\xC2讨
-\xCCf7\xF4\x86?\x86S\xE5RR\x82�\xF1\xA8�\xCB�\xAE\xFF3\xD73˘\x80\xEA\xA0w�H 4uq�\xA1
-gQ\xE7\xB5�\x9B\xF2zW\xFA�\xA6 \xFB�\xC4��}�\xBD:\xE1 \xD2<
- \xD53,9Ƴ4"�_\xD7Û¼\xBA\xF3�\x93C\xB2�\xE8\xED\xF3G�\xD4�"\xD7�\xBC\x9Eâ «VDt��\xDD�M\xD9\xC9\xD5\xE3\xFBLZ\xB8\xD0\xE5�.\xED\x91\xD1k\x87\xFE\xABt\xC2\xE7\x81�\xA6\x88X4\xB0\xFBp\xA7!8gFf\xB3w�.�4p\xE4\x8F\xD9e\xFD\xD4è˜\xA5@\x81�\xA1\xAF\xE0|_a\xA6\xFF\x98�&\xB4\x8BuK<\x8B\x94�k\xBE-qE|\x84Ò§\x9Dkz\x80\x9C\xB55\xB1Y\xF4\x97��0r*�\xBA\xA7\xB3>h\xD2\xE2\xBCZdf\xD4A!5\xCA8SV\xB8i\xE7Ú—\x8E\xF1$\xB0\xA4\xF4RRi?5\x92\x92Ê‚\x94T\xECm\xE0茔\x80"\xEF\\xEC�\xF2
-\xBCFB\xB1l\x8B\xAF4ؔwX\xA4͵\x854\x8C\x9DyRB`�\xEE\x8FIȤΗ\xAE\xC8|\xB8\x9ET\xD8\xD6j\xE8�\xC4dgjh\xEC\x9C1-\xD4$\xB0�a/\xC3�\xE2\x92A6�w\xD2_h\xB8p\xA1�ۧ\xB6O\x81\xA0\xA0\xFC\xAE!Ptj\x88��@\x90�\xA2\xB9 \x88\xAE7\xE09�7=\xE2u@\xF1\xB5\x84�\x88n9\xC0\xA5�W\xFDR.ٕ\x9FC\x89�\xD9�m(\x86\xF4\x91'��\xEC��Gj8�#\xBF\xE9c�ɜ\xC5˅\xB9O
-�ÝŠ\x8B\xE1\x923~_Xf\x84r=\xE5x\xE4}'w\x9AV\xC01Y�\xB5\xE3\xC9\xF31�\xF2rc\xC79\x85�\xDB\xF7\xF7\xBF\xDC%\x8F\xF5�\xF3`\x88\xD8]"\xCA]\xCC\xC6�\xDE\xE7�~&\xE4R0\xF1%?\x941\xB1\xE61;\xE0\xE1\xE0\xF1\x86\xAD\xC0\xC0_\xD1e1T\xAF\xC7jW4\xE1ÝŽj\xF4\xA5TDXfe:\xB9\xF2\xFF\x86L"r\xFB\xFB��\xC9�D{\xF5L?o\x88u>a\xE8\xB0zs݆+\x9B\xD3~\x9E~\x9AtD\x9A!-O\xBByjL{I�l\x96\xBC\xA5;C_3/\xBE/v\xBB\xBD\xB7\xA6���\x85�t�Z�H�\xDF\xEE\xCA��\xAEE �\xB3�\x82��'\xCER�!]�\xB37\xC0\xA1\xD8\xD1DjtHnÐR\xB0�\x88�c\xF3<ù�\xE0\xCC6\xDE�H\xF4\xE3sW�`I\xA9\xB6ß\x98\xD8\xDE[\xE2\xC2$5\xDB_\xF7{j\xA4\xD16t< �\xB4�F^&0\xB3\xAB\xF3p\xDB\xC6%\xE2m\xB1\xC1W\x9B�\xEC/\x86E��\x8C\xBA\xEF�(\xD6+\xA8k\x9C\xB4\xB3\xBD\xFB\x903W\xBF\xF7�\xC8_/Ý„\xD7(�P
-Ú„\xFB\x80\xC1b\xC0Ø \xFD�}\xF9 \xCD\xEF0\xA7\xBE�@\xDBnm\\xE3\xAC\xD5Aj�Ù°{\xA6e8\xC4:ou�\x96OT\xF2\xF5\xB6X\xF4_�\x8D\xBF\xAC\xCAX:zc\xFE˪\x805C~\xFCe�D�ɳ1\xFD\xE5\xC9e\x9DO\xFB\xBC\xD8 y\xED�\xC9\xF73�g󶞔A`\x96\xE7\xA5'\x80"�\x89g\xA47\xC0zBz�\xCB�\x91\xE3\xFE\xFE\xAC\xF0�\xB3\xE93\xB4#\xD2�\xED\xB1\xE84\xB3ZN\x88/c66\xEC\xF8\xA7\xA7\xC9Z\xD7P\xE8\x81\xD9\xE0V0\xF5\xBBh&/mr��y�_\xABCz�\xAE�!\xF1\xAF\x9A\xF6pe\x93\xE3\x9A
-\x9F�\xD2&\xFC75\x91:S�A\x80g֥\x93\xB4 \xBF��f \mV\xF3ɓ4\xA9�\xD4Hh\xAB\xB7Ӳx\xFC\xD9\xD5\xD0�G]\xA1r\xEE��\xEFS\x84˦\xF7\xBB\xC3�V\xCAB.�5\x86\xE0�\x83\xB3\xF9\xB3\x99O\xB7ޢ_Ы\xC2\xF8\xDB�-\x98D\xA9�\xA4\xA8\x85lVT\x80l\xB5�\xCF\xDD\xD1e\xB0T\x96>\xE3\�HO|\xB2�\x90|\xE7\xA3\xD87m\xDEB\xC6Y\xAE\x9BsV\x92jp\xDE\xCE=\xC9B\x87t\xCA\xC3\xC8JR\xC7R+䈉e\xFCƧ7�|\xF2\xAD\xAB\xE1'@\xDDUm��\x83\xB8�!\xE3P\xB6\xF1�$\xD8�}�a\xD1\xEF\xE4w\xE1\xBD~\xB7a\x9D:��\xDF�A\xF6݆O\x87n�}TW�\xC50\xE3TF\x9E\xED\xDF\xFF��\x86�\xC7:7Ta�\x8Ed\xAE\xBA\xB2
-\x847\xB0\xAA3��\x83a\xE8\xF9�\x8C_F;\xFE\xD3��\xF7_c\xE3m\xA0=\xD7\xFBQ<\x85\xCC�\xAC40\x85\x8C\x9Blʹ�\xBB2Vf3\xAC\xFF�\xE3u\x82\xC0endstream
-endobj
-1665 0 obj <<
-/Type /Page
-/Contents 1666 0 R
-/Resources 1664 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1655 0 R
->> endobj
-1667 0 obj <<
-/D [1665 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1664 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F39 1161 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1670 0 obj <<
-/Length 3701
-/Filter /FlateDecode
->>
-stream
-xÚ½�]sÛ¸\xF1Ý¿\xC2o'\xCFD0��$8}\xF2%N\xEA\xEB\xC5Ic_\xA7\x9D\xBB{\xA0D\xDA\xE6\x9CD\xEAHÊŽ\xFB뻋� \xF0Crg:\xD3d�\x81\x8B%\xB0\xD8\xEF]\x90\x9FGð—Ÿ«\x84%\x99\xC8\xCE\xD3,f*\xE2\xEA|\xBD=\x8B\xCE�a\xEE\xD3�\xB78K\x87\xB4�\xB1~\xBC?\xBB\xFC(\xD3\xF3\x8Ce\x89H\xCE\xEF�\x82\xB54\x8B\xB4\xE6\xE7\xF7ů\x8B\x84 v�+D\x8B\xF7_n?\xDE|\xFA\xE5\xDB\xD5E�/\xEEo\xBE\xDC^,\x85\x8A��o~\xBE\xA6ѧoW\x9F?_}\xBBXr\xAD\xF8\xE2\xFD_\xAF\xBE\xDE_\xA3\xA9Ä®\xF1\xE3\xCD\xED�\x82d\xF4sd\xD1o\xD7�\xAF\xBF]ß¾\xBF\xBE\xF8\xFD\xFE\xA7\xB3\xEB{\x96\xF0\xBC<\x92x\x90?\xCF~\xFD=:/\xE0\xD8?\x9DELfZ\x9D\xBF\xC0C\xC4x\x96\x89\xF3\xEDY\xAC$S\xB1\x94�\xB29\xBB;\xFB\xBB_0\x985\xAF\xCE\xF1/V\x9A)�'\xC0Iɤ\xE4\xD9<\x979K9�\xA44\xE6\x8C'Y\xE2\xB9,\xF8�\x97��ryW�\xCBߢHl\xCA\xF1\x81uÆ´\xD6\xF2<\t\xB2\xB5C\x9A\xD9Z�[�\xCF4N�\xB6\xBE*/\x96R\xA6\x8B]\xDE?\xD5\xF9\xD6<\xE9E\xF3@\xD0\xDEM[\xF2̤�ve\xFB\\xB64~i\xAB\xBE\xEC�\xA1\xEA;\xBBh{\xC1a\xB1u\xD9Y\xC0\xCD�\x8BQ\xA3J\xA4bqc7\xAA\x9BÞ®\xB9+\xD7�\xEEV�\xEF �Z\xE3\xB7+ʇ|\xBF\xB1xU\x87\xBC\xBA\xFC�\x87Ü\xA3\x8CI\x9D!g\xF0p\x97\x88���\x82%
-\xA0K\xCEY\xA6\x940\x93\xCFy{\xD9\xEE\xEBK<tA\xFF3��\xAD:`�\x97)\x8Bu�\xDBU\x81\xF2$\xC9,\xE7`\xF0\xD5�*\x8D�<�`\xD5�lߕ�\x8DV\xAF4cy\xF2\xD8\xE6[\x8B\xD3?\xE5=ͽ\xE4uoa
-A\xBA\xB2\xB6\xEFw\xD5c\x9Do:?m\x8E\xE6I\xB3G#\xAB5��Z-\xDA�\xBD\xD8\xD7uU?\xE2s\xBC �\xE3\x8C��\x98��'\xE6\xF1\xE2�\xF9\xFE\xF0\x8A\xA8Ä\x90\xAF<\x89Y\x8A\x8C\x8B\xC6\xFAj�\xAB\x9B\xBA\x9C\xE1[™J\xB8\xB6/�U\x97\xAF6\xA8"\xF8\x8A%1F���U�s\x82�\xAE\xE2\xF3a\xA3x\xF1\x9B�\xA9\xDBr:\xFBRm6�]\x95\xC4�!�&y:\x92<\xAAj_Ö€\x9A\x89E\x8E\xFC\xA5\xC1+�\xF8\xA2\xFC^u=\xB1�\xC0x43\xB0\xAB\xC3he!F\x90\xE5\xB6y�\xCD�&J\xB5\xB8mz;gd:e\xA4P1\x8BS\xE9�y\x84qB\xB1$�\xD2"\xA1*��\xE9\xE7\x8F\xF2\xF5\xA51[��\x89�\xD9N\x80A<AY[�<#\xF1CG,�A�\xF9�\xB2\xA0\xA3<к%ya\xB3/\xFC\xD2\xF20(\xEB\xF5\xA61\xFAl\xA6k\xFA-\x9A\xFDjc_\xF9s��\xE8\xD8\xC4m[ߘ$\x82e\x92\xF3\xD3�4\xC4:\xEE@=�\x9E\xA0-\xD7\xFB\xB6�\x99�q\xA3\x9C\xA7,\x8A�q\x9A�\x8F5C\xC2\xC0��`\x9ENÕ�\xE3�\x84R\x81'\xC5'\xA3\xD6
-�\xFE\x82/,\xCC+\xADr\x86\xA0\xBCE\x9Aq\xB1\xDF\xEE\xBA\xD1\xFC\x9F\xFB�Vh\xAB\xD2O\xE4=\x8D\xF2\x83\xD4\xD4��A\x8Fu\xBFy%�=[��\xE8\xE5 \xF4\x9F\x9C#D>\x9DfC\x8D\xA8\xEA\xAE7\xBEc\xDD;q\xA3C"q\xD3og_*8ٌLjR\xC6\xE3$\xB3:\xDC\xD6Ś\xF0\xBD\xA8\xE6�\x86b*\x95\x81\x9F\x95<2�b\xA0\x86\xC3�ah{\xB2\xFA\xE7#\x84\xD5\xDFi\x84\xE0�l\x8Bg\xA93@\xE3\xF6O\xD1�\xC15I\xA4\xF64�Sm�1\xA5\xF4�\x9A}@:\xA1\xD8� \xB7\xEB\xFA\xBCGg\xB4\xEE\x8E*\xB6\x84Цӓ\xFB{\xA4)��\xB5\xE6\x9A%q\xC4��P\x94\x8B\xE20?\x80'\x93�DV;�\xE0c�\x8C=\xD0\xE7�\x80\x99\xEFv�\xCA:;\xE1\xCFe\xDFh\xE8ר\xA5A�i`\x88T\xD8߮!\xD4}7�\xB4 P\xB2(\x8E\xD406\x92&ʄ\x88\xE8f$�C\x96\xAC\xB2,\x88\xF6\x90Ϛ<�^\xA2<�\xDF�\xE6)\xC6\xE5\x974u\xC8S�yD�\xE3�\xF2W\x9E
-\xB4\xF0�= \xE44i\xEAB�\xBA]\xDC\xC4\xEE&=\x93!\x94\xFF\xD0\xD1\\xE0�,E\x95\xF5�}Ӿ^p\xCEݱP\xBC���\x88�r\xE4� �lskM\xCD\xC3\xC8\xD6�N\xEC�*\x8A\xB2[\xB7\xD5*��#}��\xF2m\xF8s\xAE2P\xF78MQ�i\xB2}<\xA7\xC1\xB7 at u=\xFE2|a\xAA\xBB\xD3u\x91\xFE;8p\xD5Ԯ�\x89�\xD4 �\x8A\xB4bB\xC9d@\xD1Ą<\xD6[tLV;\xE95T��\x96\xC8\xDEp�!\xD6q\xBF\xE1\xB1p\xC7UU�\x90(t\xA7\xE3a|\x9A \x8F5C\xC1L<L\x87$P<Le��S\xF2��\xCD\xE9\xD1k�\x80L\x88\x81_H\xA8ڶ*\xEC�\xBD[g\xB5\xAF6\xFDҤ�\x88l\xBCCG\xF1 \xD0\xF0\xB4v?J\xB0\x9Fa�;�\xA9\xF7\xD4=@!�\x9E=\xE2\xA1
-\xCEX\x9F\x8CX\x96\x81@�1IG\xA0X�q\xC6~d\xC6\xC1\xD9@\xB2;p6\x90\xF3\xAE\xF7]gu\x90\xE3ᧄ(�f\x91\xCB\xF6\x8A\xBA\xEB\xCA\xF5r\xD34\xE4�2a&$\x81{�\xE0\xD7\xE8�\x9BÜ\xE3/:\x8D\xF1\xA2\xCF\xF9\xA6*rc�3\xAB
-�\x89\xA9s3\x98
-�\x92\x8B\xB2ϫMg\x82ql\x831w\xC1XL\x821w�B\x84\xC1\x98�q\x83\x98\x8EBy\xFDߔke\xBF\xBED\xADfF\xD0S\xF2Ӕ\xA5\x91Nފ\xD3
-׌x\xFA\x86\xC5�X',\xCEa\x99P]\xAEۦ\xE9\x8F[�\xE8�\xCFN\xEF\xEF\x90f\xF6��j�\xB3 \xDC��doq�\xDA[L\x95<BI, \xF0���}\xF2 @\x97|�0\x84\x92\xAA\xA5 \xB2\xAB\xA6\xB7\x93\xC6\�LA�!\xE3\xB4�w\xB0H&m\xC4�\xDDK\xF3i\xE3R\xC6LF\x91�\xCA\xFE\x90=:.\xCF( \x98Q\xAC�\xF9O�O\x90\xA4!\xEF҉xK'!M�\x83\xD6\xC9i\x9D�\xB1\x8E\xEB\xA4\xC7"\x9D4\xBEg &sD+E\x8C]1y\x9A�\x8F5C\xC30�d�L:��A�$�a� O&\x83\xE4.k\xE2\xE2\x90A¸\xAAM\xB2�\xA3\x97\xA7j\xFDd1��;M4\xCC\xE9\xE7\xFE\xEE\xE6�\x8D\xEC\x89\xE9�\x8EM\x83Dz.ۜ�Ix\x9C��
-|\x91\x97ձh ~>\x85\xB8.\xF9\xD0\xCF�o)\xC1\xE7\x99n��f\xF7\x883&�\xEDէ\xDB\xEF\xC0�\xDB�\x96\x9B9\x9D�\xC0x�6\x9ExB\xA9\xA8\x926�\x9D\xF8`\xC8�-SC�\x8C/TP?\xCEg\xA3
-r?\x9F\x8D^�;c\x96\xA5\xE8w\xE7zcJ\xB1\x98\xA7bH\xE2o\x91\x8A0F\x8E\xBB\x99\x9CAb\xAD \xC3F;\xD2\xF2\x8D\xE4ϡ/C\xFC\xA9\xDAMV�\xA4~Rp\xD3\xC5�\x9A\xC5�\xF5\x8F5\x84^.��M\xD5\xDFa\xBDA\xC7t5$�%"3j3Ax\xA5\xFC�h\xDA\xE5-\xD4?\xFBM\xDE�\x9CD��a΀�\xC6P�w\xA9\xC68Χ�\x83\xE2\xC0\xF1\x9F4j\xB9k6\xD5zN\\x98\xA0\xF9 \x89�G\xB9\x85"\xE1�\xA7�:\xD4= \xA8\xBE\xE9\xB9i\xD6\xF9\x9C\x86Jɢ,r\xAA\xD3\xEC\r\x81\x96\x921
-y\xC0\xA4\xA4 �\xBB�\xF6\x9Aj\xAA5|\xB6\x9E\xAF\x9A}\xEF�\xB4+/�ʼ\xDF\xD3k�T\x8C�u\xA8�\xD0�+\xF9\x86C
-\xB0N8T\x875r\xA8Æ“\x8D\xF5 \xA2W\xCA!\xFF=I\x80Çš\xA1`\xD8v�\xD1F\x9C�I\xA00\x9FI\xF2n8\xB0\xB1>\xA3
-�!\xD4S\x85�q���\xE4 \x85\%\x82\xBC\xABt\x8Bٲ0\x8Em\xD8̤\xEB,ʱ\x8BqE>N�\xC2f&m\xAF\xD24jc\xA32KR�\xA5\xB1\xDE�\xF5��HK�\xF1h`\x94P\x94\xEAT\xBC!\xC7�\xEB\xB8�=\xD6H\x8E\xF9\xE6q��\xB1_�\x86|r\x8F5C\xC00*j\x96H\x91�)0b\x8C9\xD4A\x9B\xC7��\xDAӖ\xDA\xF0(B���"\xC0\x88�!\xBD{\x83D\x88s^\x84��D\xA8\xA3h\xF1\x8F�l�C\xBEO\xA8\x90\xFA\xEF\xB1sh\xB6t\x96\x87�O\xDB|\xBD\xEC\x9Er�r\x8D\x95\xA2g\x9B\x88C\xF9'\xE5(��T�\xD9;\xBA\xC6q/�\x95\xBC\xA3k��\x91z\x8C\xA3\xB8 at G�9W\xC8if[(\xBC
-�\xA4t8Oq
-\xE6GJ篣D\x90\xAB!�\xE5j \x95�\xA1�m\xC7�,J\x98\x8A\xE37�\xD2!\xD6 �sX憤i\xFB\xF1\xA6\xA9b\xC0�~zS\x874\xB3\xE9\xA8�\x8C3��7\xB5\xBD:\xBD\xF8\xE5\xC3\xD7\xCB\xFB\xF7_\xE9\xC1\x90�\xA3tQ\xEF\xB7+jǹ;\xBCH�=:,\xA7\xCD
-�\xA0RB� \xDB7*\xABg\xD3;F�\xC9ϼZ��\xFA\xE1\xF6\x8E^\xB5\xE5w߬\x9B\x8Dݫ\xCD��\x86\xA2\\xA3\x87ѱo<q\xF0�\xC9HłD<\xB5\xAD%\xBD\x80p\x84: ɞ
-�\xA9\x8B6f\xDA\xC1\xB6yUS\xDF�Ë‘�(\xA4fT\xEA"O�4Ú\xB4\xD2\\xF5\xFC�\x9E�nz�#\x84\xBD뙧n\x96\xF8\x89s\x8D\xB981\xC0\xFE)\xAF�\x9Ds\xCAh/\x8F\xC2JdU\xBAH\xE7\xBAh\xAEžn\xB6\xDB}]\xADMn\xE8{\xEC\xC3b\xE5qÓ¬r\xBB$\xB0\xFE\xA8\x86C f\x82\xAB7\xEE\xACC\xAC\xE3�\xEE\xB1LM�j\xD0l\x97E\xF9\\xADg\xEB\x8A4I\xF9\xE9\xED=\xD6\xCC\xFE\xE3\xBA"�\xA5��`\xB4\x9Dgx�A9\xC1\xDA>c„\xBF\x90Ø*\xEE^ \x80\xFC\xC5ß•E\xA4\xBBY�q�~\xCD\xF0zT \xE0z\xBC�*�\xFE\xEE\xDAj\x9B\xB7\xD5Æ‚\xEB\xB2,ܪF\xE3p �\xBA\xBB~o\x9D*D\xC2X\x8F�\xAD\xCD�\xEB�P\xE6îc\xF6\xA6\xEA�?\x9Ew\xF4{\xFF\xB7\xEB\xD1�Ì©\xEEr\x93Þšh\xEB\x92K\x98*0-\xA9\xD6\xF4à«‹(\xB2\xFDz\xBAD.-\xF2\xBF\x9B�\xEF\xEA\xC0\xEBgÖ¨�\xE6\xCE.l\xD0\xD1�/\xE7�ڸ厚B\xB6\x84\xC3Æ·Q��KS��'\xC2]\x93\xCFdl\xE6\xF9\x81X\xB9\xA5'_\xE2I[\xE2\xC5\xD6\xEB\xE4�=\x85\x82\xB4�NE\xB6%o\xB6\xAF,!\xEE7w$\xE0\xB6&tD�\x8B\xC3-\xFE\xDCW-\xB9\xB0\xD1>\x83#\xF3ІS�l^Ù‘\xED}\xA4\xAE\xED�|�\x80㧼\xA3\xD9�^\xFE9\xD4\xF2\xFBSn:\x97\xE8\xD1R:�b\x93kH'M\x8A\xD4\xDD�\xA6<\xF0\x8D\x80g\x82:
-g\xFB��"x\x8C\x9F\xB5\xD8\xC2�\xE4sIv;W�@\x81�\xBB\xD2\xC0J\x8F4�\xDBMPӌ\xFAq\xC0:\xD8�xFr
-;A\xEE#\x87�"D\xFF\x8E t\xCF�\x83\x9An\xD4ad\xFC\xE7KՕȇ(s1a|e�\xF9\x93\xC6\xFC)\x9A\xF7;\xE3> \xDE]\xC5\xC3z\x84:Q\xF9�\xE6\xEA�\x86\xA5 G�P"\xBA\x8E�)\x81k\x89ÑH\x86ß’$\xC9\xF8f\xB4\xEA+\xE7x\xD7M\x8DRzÜ·A\xE5\xB2ir{\xFD\xE1\xAEN�\xF1$š\xAB\xED\xF7;\xEBÍ«\xAD��u1\xBCI�;\xB5�\x92\x9Dp\xCBw\xFBU�\xBC7W;\xE6>\xD5 \xE1\xA6\xC7\xEF\xDDy"X$\x80M'\x83@\x88u<�x,\x93\xE6\xB4\xE5CÙ¶e\xB1|DM\x9CD�\x81\x972\xF2\xF4\xFE�k\x86\x80a�H\x99\x92I2\xA4\xC0ØŽ\x9E\xF4\xA13g\x90Z.6\x95\xBD% \xB4\xFEuW\xD2�5\xFC\x8A�Lb \xA0+\xF8c\x95�\xA0\xEEk�\xFB\xBD�@\xCA-~7R8`\xF0\xB5�.b\x9!
3�\x98z$\xAB�\xA0\xB9\xAC\xD0\xE2 at K^�\x95Ë®\xC1\xAA\xE4\xF8\xD3�T#\xA7]]x{\xE5\xAE\xDFr\xF7\xA1EÙ¾\x86
-\xD0\xED\xC0\xB3\x95\xB6\xEBy\xAC\xA59\xCC@\\xBEa\x8D\xF5\xC1\xE9(} \x83�\xC4-sÙ§\xA2\xDB/\xB7\xD7Èž\xE3j\x867*q\xF6\x96\x9A�X'\xD4\xCCa�\x9Bo\x9A�,~S>�;[6\x98â•MEL\x80\xD7?M\x85Çš!c\xDC\xD6�\$C:\xEE/0khk\xBA�2
-�\x8D�u\xF0Em\x95am\xFA)�71W\xA3�\x86\x84�`e�\xB9\xFF\xF9CG\xE8\xC8\xE2\xBE\xD9�xS>\x97�\xFBz\x839mg\xA3\xA7v\xF5�\xBC\xE1\xFA\xF1\xA4O)\x94\xA3|\\xAD\x99�?N"s\xA7S\xBBP\xDD\xCA\xEF\xEB;\xB0\xF2F\x9Ba>�BdH�\xDD2|\xB8\xA3\xF2��\xB0*\xED\xF5\xBD/(\xF1\xA1\xFC�\xA68\xB9\xB4_\xD9\xD9m^\x94\xC3�\x9B\xBC�P \xBBy)\xBD\xEF33\xAF\xF6\xE6\xDFs\xD2~\x85@ì„‘\xCFeR\xB9\xB8\xB3\xB9ÓÈ™\xFC\x85�n\x9A
-̧#\xD0\xE1{�x\xE8m.b/�\xB3E\xEE\xB0L4\xD7ȷ҅\x99\xD4^x\xC0\xEFD\xEA��\xBE\x87\xA4\x80\x93f�J�\xDB\xDA\ \xC3��\xC1\xC3\xEFn?\xFC�\xA5&\xB7\xFF\xFC\xF0\xE5\xF3\xD5\xCD\xED\xD4#t\xA1\x89\xFB;у#y{\xF5\xF9\xFA\x88\xC0N$\xDEņa(\xEFG\x85H\xE0\x89\xB0�Ŏ}\xB2+�\xC3\xEFlg\x8C�\xFEY\xC1\xFCϟ\xF3�\xBEu\x86\xCCGj}ĺAl,ְ\x88%
-Y\xA8\xF4Ô\xA1\xAFH\xC4�\xE9\xFF��\xF3B�endstream
-endobj
-1669 0 obj <<
-/Type /Page
-/Contents 1670 0 R
-/Resources 1668 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1655 0 R
-/Annots [ 1672 0 R 1673 0 R ]
->> endobj
-1672 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [222.5592 595.4921 286.2499 604.9017]
-/Subtype /Link
-/A << /S /GoTo /D (statsfile) >>
->> endobj
-1673 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [80.6033 441.8126 149.9876 453.8723]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
->> endobj
-1671 0 obj <<
-/D [1669 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1668 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1677 0 obj <<
-/Length 3642
-/Filter /FlateDecode
->>
-stream
-xڥ�]sܶ\xF1]\xBFB\xD3'j\xC6G\x83�A\x80I\xA73�Kv\x95IJ+\xC9m3I�\xA8;JǚG^\x8E<\xC9J\xA7\xFF\xBD\xBB\xD8� \x9Ex\xB2\xD2\xDA3\xBA%\xB0X,�\xFBMF\xC7�\xFEG\xC7F\x85BfɱΒP\x89H�/\xD6G\xE2\xF8�\xE6\xDE�E\x8C3sH3�\xEB\xBB\xEB\xA3\xD7o\xA5>\xCE\xC2,\x8D\xD3\xE3\xEB[\x8F\x96 \x851\xD1\xF1\xF5\xF2\xE7\xE0\xCD_\xE7�\xAF\xCF.Of\xB1�A�\x9E\xCCT*\x82\xEF\xCE/Ni$\xA3\x9F7�.ޞ\xBF\xFBt9?\xD1Ip}\xFEႆ/\xCFޞ]\x9E]\xBC9;\x99EFE\xB0>f
-��\xBC=\xFF\xF1\x8C\xA0w\x97\xF3\xF7\xEF\xE7\x97'\xBF^tvݟ\xC5?o$$�䷣\x9F�\xC7K8\xF6\xF7G"\x94\x99Q\xC7�\xF0 \xC2(\xCB\xE2\xE3\xF5Q\xA2d\xA8�)\xDDHutu\x{1377A0}7k\x97N\xC9OI�*�\xEB �Ʊ'\xC0H \x9C\xA4\xC7Zea*ci�x~{2\x93p\xE2�\xA2`YT\xC5]ޕMM\xC3M]=�\xF4{S��\xB5\xC5\xF6\xBE\xD8�~^\xB5\x8D7\xDAz\xC4D\xB0X\x95Ւ\xF0\x86\xD5eǿ-\xCD\xD4
-�\xE4\xD5C\xFE\xC8�6MÛ–7�/\xE9�\xC7\Wl\xD7%P�\xB1\xC3\xD9gQ�fJ\xC5\xF6 �\xAB\xA2[![\xB1TA^\xBB\xDF\xF6\xC1\x8D-\x9A5\xF2\x87\xE0\xED\xF6$2A\xB3\xA6'XF\x80x|\xA6\xC3#D\xECÛ±\xED\xDE">\xA4\xC3��\x92B�W�\xE64vq\x85\xBF)p\xC2H\xA7�W?\x9C\xFD4u�\xCBT\xB1h\xEC\xEF\xB2\xE5u4\x8A�:\xC87\xC5��v\xAC\xE9�\xABh7\x8D7\x81\xCF\xEB\xBC�>\xEB;z\xA2%\x{D9A9}[&Ü\xF2\x8E\xE6�M\xDD\xE5eݺ\xF1\x82P\xD2\xE9}H�:8\xE5S\x96n�a\xE7]\xB1�\x9F\x94\xAC6G4\xA5\xF1J\x88)\x80\xBD;Q\xC47"\xB0p�t•qpyyu\xFE\x8EF\x9Fr\x85\x8B{\x99\xE1\x83\xD5P\x84\x8A/9*�\xD3\xEBx\xB4-�\xB1\xBC\xE5\x89U\xF18A\xA7-\xEF\xFA\xB57\x8F�\x97\x86\xB9\x9C\xB8Q\xD6z\x91YA\xC9H\xA0\xB6\xC3!�c\x82kT �\xCAwݪٖ\xDD#a\xB6Å‚\xCD��\xAC\x91 �\x99�\x8C�\x87\xC0\xF1\xAEq\x8B\x98����\xAC)�\xF3>\x9D\xE2\xBE\�\xF5\xA2pHx\xEB\x96Ί\x87\x9C\xC1XZ\xEDÔ™\x86{\x92q\xC6�c\xD3\xDB:\x8C\xF1M\xA9D�sK\xAEu\xB8v;@\xEE�\x8BýU\xF3r{&@\xBA\xE1yCc]��\xF6\xDB�'d��\x91%\xBF\x82\x9C55\xB8\xAB\xCE#?\xA1\x91�\xFF<\xFD\xF0~~\xCE~\xDE7\x906$Éœ\xC2s\xD9�\x84\x90W� I\xD6�\x88BoW,>\xB7\xFD\xF0\xA0;\xE4\xEBp\xB8\xEDJ\xBBP R�\xE7\xE8ʪ<\x89\x82\xEE\x91Æš[\xFA\xBD\x85[/ham\xFD\x92\xF5\xAF8�\xBE\xAE\x9E\xBA\x9B\xDCq\xC2V\xE3\xBCv\xCF�\xFC\xDE�lrì²—aOÉ„��\x8D\xA5tU\xAE\xCB*\xDFZ\xE7\x9F$\x8E��\x81cp\xE1Q@\xDC\xE0\xC8�\xBD-�\xF9\xB6tXÞ¥\xC1S\xB1\xDEX\xF5N$\\xCBÒ\xFBE(Q7�?\xB1cK\xAF\xA3_R2\\x9C\xAF�X�\xD1pY\x8F\xA6�\xDFO�\x87]\xE6H(V\x90�"�\xC0o\xBBb\xCBx\xDD\xE3fOxV\xA9�\x98_\xFCt�EQ0)\xBC\x8B\xC6\xEAI�N�b�A\xD7?\x9EZ%\xF0=:��A F\xB1�\x9E\x99[\x80PLEx\xC7j\xF8K�'\xA7g\xF8\xF7�O�\xF8\xE3I��\xEF�\x8D�\xFCt\x85yO���\xFB\xFD\xA7\xAB\xB3O\xEF�BY2\xDD\xEB�)\xA9�\xAA\xB2e\x9E\xDC�29!\xD0\xE2\xCB*ßµ\xA8\x96V
-\xAF\xDF&\x91\x97m \xB2�\xA1�iF\xD2\xDF\xE0ـ`*D\xF0oK.ѡ\x89\x85\xDE�\x82M\xD3\xCD�a\xCCH�\xB8\xA8\xF8\xB2\xA8v\xCB\xC2Q\xB0?Z�\xFA\x96\xC1\xEA\xBE�wm�\xAEwm\xB1[\xBB\xC7\xFF|kw\x9EMnM\x93\xA3tN\x84BA\xA6\xA9\xA2�n�2\xAC\xC9\xF4\x95\x91f>�e_\xD1D\xFA\xDAc\xE1\x96˲\xCD!͙\xE5\xD5�\x86\x80պ\xDDg!\xD2(D\xFD<��i\x82\x85Q�\xA8U\xA8\x8D\x91c�N\x89�\xB8\xEA\x94m)Ne\xD0n\x8AE\xF9\x8B�\xB1\x8Dy0�y\xCB\xD5\xD9�\x9A\xF4صs6y\xC0_\xABf\x80pST\xCD\xC3\xD7(\xA25\xA3\xF6A\xE6\xFD~Wu\xE5\x8C\xEE&U\xA1I ;�\xDDͦ*H\xC7F2\x85cDI\x86b8,\xCC=���BȖ\xBC\xA4\xED EY�u\xC7\xF6\x9D\xFB^�\x9C|\xF3\x80\xFE\xD1F\xC3�\xBD\xFB\xE8]źi\xD9�\xF4g[\xB0_\xE9\xFD\xFC\x8D#\xB6\xD9T%;\xDB)�Kt�\x8AL\xA4ϫ\x98\x8FuX\xC5z,+\x95\xBA\x85\x94bV5\xCD缅\xE8\xFFD\xC1R \xC4S\xF9<�=\xD6��#�K\xA18\x93:�\xF3\xF0�r\xB3I�!\xA7{5q\x91\x89
-3�\x84\xC4A\x96\xF7\xAFQ\x84I\xACÝ‚
-E�LnZÚ‡\xEE�\x80\xFB\xBC*\x97yg�Ux| \xBD (g\x8E\xF2
-Ò:'\x8F��k\xA8"\x9A%�i��\xAC\x9C\x91I`\xE3h\xAC\x9CKZ\xAD\xA4K\xEE-<\x91\x9A\xB2\xA5\xC0$\xEB� ͆ \x8A\xFA\x92b\xB8\xEC\xD3\xDDX8\xE9
-s\xFE.\xE5�a{P5X\xE0\xB0jÙ¬\xF3\x92 \x8Dm�\x96CF;\xE1\xE1\xD9v1G+6E\xDBM\xDC�Ô§"\xE9\xED\xE9�7\xA7AA"�
-\xB4 \xE3\x95v\x8EC\x8BaǺٮ\xF3\x8A\xE0\xDE\xF5 �\xDF'\xC5I\x98[\xD9Z�&\xAAⶣ\xA1\x9E\xC6g\x9B\xC8\xC3ܮ\x86\x82\xC4��\xAC\x8A%\xEF\x88Ht\xA32
-E
-��\xE5\x83�\x96׋�\xC94\xEE\xAD:f\xAB\x96h\xD5E\xBD$!\xB2\xBE(\xA7| ��\x8A���\xA2\x93"@?\xA7�\xBB\xA7Tfz\xD38@\xE9\xBA-w�\xA7F\xF4\xCC\xD5L\xCC\xD5Ll\xCBmD\xC0$m\xE2\x86Y\x9C6\xFB׮�H-\xE3\x94\xDE@\xAD�Q\x93 \x86y^�\\xE3\xC3>׈\xE9趄\x92\xF32V\\x841\xADi\xBD,�\xC97#6t\xF0\x90\xF3\x8C[uhGH\xA0\x9A\xA2\xB5\xB9\xE1A=�/<X\x8E\x80*�\x9C\xD18\xBD�5_�\x9C9\x93D��>h\xD0d\xCE�"\x9A\x88O"L#\xF9�\x8C\xC30Ӵ\xC0Vm\x99
-,\x9F2K\xB9v\x81D\xCBxkd�\x9A4s\x9B at 5\xD9L�\x8Ee\x98aC\xAA\xB7\xBADZ=\xADi\x87\x9B]Yu\xB3\x92\x9F\x96\xC5m��\x99�\xE0&w\xF6�a\xFF[[\xC6f\xDC\xFD@`P�\\xC7��Q\xAD\x9E[T\x96�[\x9BJC\x99\x98=�:�\xD9T\xE8\x84�\xCEZ\xAD
-É+^Ø“�\xA5\xD4p�|b\xD3�\xC43�\x83\xE7x\xF9�fa\x94\xAA\xF4�\x85%%\xB4\xF2\xEE\x8Fꬮש\x89\xFBS\xA1\x82\xFC\x88\xD7\xD4S\xB7�\x8D\xD4\xE2U\x9F\x86\xF0Y\x9F06]\xB3\xA0�C\xE7\xF4t�\xA9$�\x8B\xC0\xB6$b\xB4%\xA7 1\xD8\xDE\xE0\xA1`\x86\xC4*\xB86\x80߶#+\xB4f�\xD8V\xFEΆck\xE7"v\xC9Û¨@\x88\xB4�%\xA4o|\xAA\x9B\xB2^\x86@~*i\x83 \xA3\xB3>\xC8|;\x95@\x84)$>,\xC2|Mm\xA7=*�S�\xE9\xB0Xπêəyn\x83\xF9\xE7t�\x90)n;\xEBm\xF1\x90\x93\xC6�åŽq6\xD6�\x927de\xA1ɤ�\xAB\xFDs\x9A��\x8A�\xE2j\xC9-�\xF2�\xB1�4\xC9\xE7 .\xD5h\xF3"O\xE0\xA4`\xFB4i0\xE7\xAEJ\xB3y$\xFA\x98\x8Dx\xFD\x9D\xCC]\xA3\x9DtÜ”5H\xA5\xAA\g\x85\x8D�1\xC88q\x90z\xF1�e\xAF\xB0J7\xEC�bnJa\x83f\xB7%�\xAA;&\xC4\xF4\x9B[\xD6V\x91\x85R\xEA\xBD�m9\x83(Ok\xAB"oy \xE3�\x9C+M
-w\xB7\xB3�y\xF0W.?@\xA0\xF8\xB2)\xB9\xE7\x83Lf�u\xB0\xB1\xEF\xF2@ K&uL\xEDI>V:L\xE4\xCBt�0\xB5ÒŒI\xBD� {\xE3\x98o�jTH+\xD4\xD4\xEB~YJ\x91\xBF)\x94% \xDEe:Öª??\xC9\xF0#\x8D\xD6a\x8E%\xBE \x90\x863|\x9A\xFE|\xEC\xA0�\xBClß\x98\xF9Kl\xB6?6\xE1'\x94\x91\x81U\xD7m\xDAo^\xBF~xx�\xCBv�6Û»\xD7mS\xEDl�\xE0\xF5\xB2\xBA\xBD\xCF!d\xB9\xB0�h\x8E9Ü«Az\xAC\xA7\\x8D\xE4\xF2\x94�r\xF5\x97\xA9\4ԉѽ)Xe\x8B\xC1#j\xA9\xE4\xD85b\xB6r\x8D\xAA\x83)J$\xB9\xE2(\xEEIg\xA3Ä• P\xAE[B)\xA7�%�\x90\xFE
-\xA9^\xA2(i\x98Å‘�K\x90*\xB55a\xC3\xDBfWcX�\xAC��Ǧ�\xE8\xA4\xE20\xE3\xD6s'�q\x9B\xF5\xA6$\xE3Enk�\xED}\xC6H\xBD\xC1\xB5Å5\xCD\xC1\x82\xDC3\x99\x8E\xE5\x99\xC4X\xA4\xEF\xE9\xE8eQ=R�R\xE3\xBB�\xFA\xED\xA8�\xA5����\xA1Ð¥\x87\x97�\xEB\xB5M\xB71�\x9A8XAy\x8Eo\xA2 \x9Dç‘œ�\x96\xA3u\xBF\xED\x9CuO\x9D
-*V(\xFC\xE2\xAF��\x9DDN�69�\xFA6E\xF1\xF9c\x89\xE2!8A\xD16{\xB5\xA7�gB\xD1@\x80(L\x9C\x8E�Z\x9F\xB1L4%\xBD*\xC1Km<\xB7�\x8ER_\xBF�\xF9\xE1\xFA웉c\xC3yT\xAA^p\xE84q\x87æ–¤66b\xB6�.\x8AmGe%<\x8C\xDA \xF0l5\xDBBc766\x894 \xA3\xB8O`_\x9E�|\x83��Õ¦\xB1mr\xDC\xC5\xE6z \x90\xE0 @\xC1EVpÚ½)@\x88\xEBMZAfoT�^\xFCp\xDD\xE0\xBD�h\F\xE5\x8A\xF4Hp\xEE�c.P\xDAF|^\xF7Ù—\x9FÍŽ+\x8C>\x85꯷\xDDK]�~\xB3\xC9[\xB6�\xBBH\xB1\x80d�\x85\xF5l�\xC9\xC7:\xDCEê±¼lf\x8D%\xF1M1�x\xB7}\xDAJ2:Ì’X?\xCFF\x8F5\xC1\xC7(\xE9\xCDbp\x80{|\\xA1\x86Ý¢�\xC6:X\x95Å–:v� [�|X\x95\x8B�\x81\xC8-AV\xF8\xF0k�\x8A39\x93\xA0\xEB\xF10\xEC\xC9\xDCmÄ®L\xE5W\xF0L\x9A�\x80\xABp\x97\xD4D\xB7Jd\x80cm\xC6:\xE4\xEA\x8AQΟ\x85I�;=~,\xA6t�B+�1\xE3\xE5\xFCFS\xCE?\xE1\xC3 \x90)e^`\xCD&�\xA7\xBFƽ\xE2G(_,\x8A\x8D\xF5\x9C\xEEE`K�\xB6\x99`\x84{5j\xFCF\xA9\xCE<\x99a\xBF@\x88\xE93\xC7B\x82\xA3\x8D\xA3\xAF�:\xD1Ä¡\xED\xAE}SȈ\xA1)d\xA8\xB4;\x89�\x97l�\xEBP\x9E6\xE9\xF8\xE5J\xCA\xCDX\xDB*T\xD4\xE6\xA5`\x94p\x89\x8B $\xB7\xBE*$\xCA�I\x92ro\x90# \x92\xB4\xB2\xA3n\xB1à·»8>\xEE\xB4%C\x91\x8C\x93\xAC\xA0��\x88\xE9\xC5v\xF2\x95\xF9ĵc&\xE9\xE2V\xB7\xB5\xBD\x89\xD9!\xCFi\xC0\x96\x8C\xF3\xF7\xE4\xF4\xF6\xEB\x97(4\xA9r\xCE~\x9D\xD7\xF9\xDDaz�4!Gz\xD2F\xE7\xD2t\x92\xBE\xC2d,Q\xFFk1Ͳ\xF2[\xEA\x8B\xFE\xDDÓ”/\x8C$\x84\xC1LD\xCF\xFBB�\xEB\xB0/챘\xF54y\x9AdG\xA1\xCA2\xFD\xFC\xB6=\xD6ľc;H\xC3\xD1�\xA8<\xA7$�t\x88\xC3\xFE\x82_\xC4\xD2(\x96c\xB6Ù²\xE8\xDA\xC9f�Ô I$\xBF\xE6%\xD0x\xB4\xF4��\xA4M\xFBuh�AMCkl~. >\xFFx\x9FP\xFE\x98/\x97\x9C\x92\xB4�s\xDBq\xC29\x874\x82\xEFXK\x9AN8ݱ\x88\xFD[s*\xFB��\xA6B\x83\xE7\xB1��\xE1\xAF`\xD28\xB2\xD7uGsL\xE2༣Y\x9BX\xE2\xC7Gu\xE7\xFA\xB60\xDA1\x95�\xA6\xCA!�\xF1k\x9AY4\xF5\xBFv\xF5µ\x9D#\x97\xDC\xE1�P\x84qA\x9F\x8AA.C;\x9E\xE5�\x85&Ò®Tc
-\xA3�+ U\xDA/Ò³0R\xBA\xB1U\xA0�\xA9)L`3!Eq\x98\xFD\xD7\xDBC\xAE\x92&\xFCu�I�W\xE1<ži\xDBT\xCF\xE3\xBA\xEF�luꛜ\xE3d\xBA�\xFA�\xF2_\xF0\xB27\x8E:hEz\x98\xF8*\xBFg\xBC\xAA\xA8\xEF\xBAU;\xFE\xFAA\xC6\xECL�\xE1 ÀJ�p\xBCsS]��\xEF\x973\xB1\x8DK\x9B.ß¾\xE1%BÅ“\xCCÏ—\xCB�\xEF�\xC2\xC1#\xB7!\xA8=\xE1*\xBDmË\x90\xF3\x8Fi8\xBF\xFC\x88�\xF9|\xFF��
-\xAB�ݸ�c\xBCO\xA1\xE8{�\xDBD\xF5\xBF\x9D\xF1\xA5\xE3�\x93\xF9/\xB6F\x9F\xBF\xA0\xED\x95\xD4l�\xB7�&;\xDF��\xF7\x99�\xF4\xFA\xB5%\x90�\xEFj\xC0�\xFB�\xBE\x81Y\xD2NH\xE4b6?=\xBD<Lh\xD7\xF6\xB8\xEDc\x8D�ǔ\xBF\xDBs�\xF17�\xF3\xF7g�\xA9+\xBBX\xA9B\xFC\xCEq\xC2k\x8A\xBE\xFF\xF9N9|k\x9A\xE8P��O\xBB_)\xD2\xD0\xC4ঙ)\x94\xA4\xCA\xF69|\xCA\xFA�\x97\\xE5\xF0endstream
-endobj
-1676 0 obj <<
-/Type /Page
-/Contents 1677 0 R
-/Resources 1675 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1655 0 R
-/Annots [ 1679 0 R ]
->> endobj
-1679 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [116.6985 307.3783 321.9289 317.5401]
-/Subtype/Link/A<</Type/Action/S/URI/URI(https://www.isc.org/solutions/dlv/)>>
->> endobj
-1678 0 obj <<
-/D [1676 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1675 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F48 1238 0 R /F11 1451 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1682 0 obj <<
-/Length 3355
-/Filter /FlateDecode
->>
-stream
-xÚ¥Z\xDDs\xDB6�\xF7_\xE1{\x8A<S!\xC4'A\xFB\xC9I\x9C\x9C;\xAD\xD3s|s7\xD3\x{1819A8}\x88�\x8AtEÊŽz\xD3\xFF\xFDv\xB1 EÒ”\x9C\xDC93!\xBEw\xB1\xBB\xD8\xFDa!~�\xC1?~\xAA
-3\x89HN\xE3D1�q}\x9A\xADO\xA2\xD3\xCF\xD0\xF7\xE1\x84\xFB1\xF30h\xDE�\xF5\xE6\xEE\xE4\xF5{�\x9F&,1Âœ\xDE-{kY�Y\xCBO\xEF�\xBF\xCE��\xEC�V\x88fo?Þ¼\xBF\xFE\xF0\xCF\xDB˳X\xCD\xEE\xAE?ޜͅ\x8Ef\xEF\xAF\xBA\xA2Ò‡\xDBËŸ\xBE\xBC=\x9Bs\xAB\xF9\xEC\xED\xDF/\xB9\xBB\xBA\xA5.\xE3\xD7xs}\xF3\x8EZ�\xFA�X\xF4\xF6\xEA\xFD\xD5\xED\xD5\xCDÛ«\xB3\xDF\xEF~<\xB9\xBA\xEB\xF6\xD2\xDF/\x8F$nä“_\x8FN�\xB0\xED�O"&�\xABO\x9F\xA0�1\x9E$\xE2t}\xA2\xB4dZI�ZÊ“O'\xFF\xE8�\xEC\x{17AA53}\xF2\xE3��Òˆ �
-\xDE�\xA0\xE5L'\x89>\x8DuÂŒ�\xD2 pQ5FÍ›|\xF3\x98op70G\xF4\xE6�\Z� \x84\x83\xD3j\xE1\xC7\xF4\xD7\xE5 \xB0h\xB4�C�fuÕ¦Y;\xB5\xA2bF\xC5Ü\xCE\xD2
-Dj\x92\xD9}N\xDFm\x93/\xA8\xD4\xD6\xF4m�\xF2\xACX\xEE|\xE3Ê\xABÒµ/\xD5\xCBQ\x97ߌ+#Ç®��r\x95e\xBD\xD9\xCF��O\xE7\)\xA6D�2\xE4\x9C%Z�\xC7ÝŸu\x957`�\x92G\xB3\xBBU\xDE\xE4\xA4\xFEts\xC6\xED\xCCW\x9A\xBCm\xD3\xFB2t\xB5\xF4%f\xA0\xF0X\xE4OTzM\x9F\xFA\xA1-ꪡJ\x99?\xE6\xE5��\xAA\xBA\x9D\xA2TW~,}�r7g\xFE at S\x8B"\xF1\x95z\xEEÓ¦\x80M\xE06#\xD8��\x9E\xC4\xED\xEE*\xCDV�\xEA�`C\xB1\x88\xFB\xEA\x9CP\xA3H\x98U\xD2�j\xB6��\xF5\xA6\x85MI\x812\x87\xAF�;M\xCB �\x89a2\x86\xF5\xBC�\x94E^\xC1\xEC\xE7T\xA4d\GÊ\xBB|\xFB�QhW(g\xA4\xB1\xC8\xDB|\xB3. at M\xD4\xF3\xB4*`S\xAE+\xACJ<�\x89bO\xBA\xC4\xCA2\xCFZ\xB45\xEC\xBE\xDFQO\xBB*�o�V\xB2DZ94\x88EA\xEBdm\xF1\x98{\xBD]/GzZ8\xE9W\xF9\xE2�\xAA�]\xFB2Ý–\xADW=\x98\xB7Û¯\xB2\xFD\xA3d��_\x8A\xEE\xBC\xED.\xA6d�\xAC\xF1N*\xCC3\x9CDLY8\xAAߢbɤ\x8E\xF5K*\xB6̈\xD8>Ó±\x88b\xA7c�Ù£:�,�&L_\xA7��\xF9bJ\xC5 \xE3ÊŠ\xBE\x8A\x91 \xA9�I4y \xF2\xF6t\xBD~\xB1\xFD\xFA\x97G\xE5\x99Y,H-M\x937Ô¹?APq\x9E�\xC6\xDD\xFB\xFA\x9E�Ò³5\xD1H\xCFE5:\xC6Y\xBD\xF1$�\xEAjQT\x9F\xA9\xF9\xD2ǃ[8\x9B/\x9A\xC3w[\x83К\xA9\xD8\xDA\xFF\xC1�D\x9C0i��\xAC\x81\xA2\xE5M\xBDY\xA7e\xB9;\xE3\x9C\xCF\xC0:%\xB8\xC0w7\x9F@\xFBs\xA9\xCCì©®^\xB5T� \x95x&\x94v\xD2sMT]\xD4\xEB�ŃM䄱\xE4O$\xF4\xD7O\xE8Ü°
-\x9C\xA7o\xDAPú\xEEN!\xD4.\xE1\x8F\xFA\xFD\x99\xA2\xDEEs�\xAD\x89B\xD97y綜rh�\xA3\xE1(v={*\xCA�Kj\xD6�k\xE2�ZQ\xE3\xF8\xA5)\xEDv�j\xC0X�)t\xB7\xD4wÄ„\xC1X�7:\xB8\xB9\xFCkVn�\xF9\x94�\xC7�#k\xDFM\xC1\xCA \xEA\xFA\xA9\xF1\a�CC\xC8R$\xE7I/\xFD@\xFA\x94E\xD3\xD2\xE8\xD0�6n\xBCB\x95�V\xC6v:\xB6|-\xC3\xC1\xD1Ê‹�Ûœ\xE1CK\xF1\xB9\xF2*XPG\xB1\xA4�\xB4s>\xDBQ�OG\xBA\xF1�*\xDFFÕ |lB\xE5\xBF\xF2DI\x97X�)ǹ@\xED\xC30t{k\xEB\xD8�\xA8\x97\xF6t�\x82 \x98`�N\x8D;\xC2\xD8X\xED�'\xEF\x99-�N\xED\x9E\xDD( �\x8C\x9C`\xA1\xDF\xE0\xBB'\xCC!\x89Y\xCC#\xFB-\xE6 U�\xC6=;\xE9\x9Ed\x95\xFB\xC3*\xA5f\x91\x89\x86\xAE�φ1ǬSs�+\xA1;\xFF\xEC\xA2��\xFEIg\x9E�m\xFA\xB0�\x97O\xCB�\x8F\xB7!\xE7\x88-=w\x85\xCD\xEE\xF4C388*8\xE1\xBA \x85�\xAEØ´I\x8B\xD2\xF9D7c\xE5W\xF2nÖ•\xC9Ycw\xCFd\xA9�\xD7�u�\x9D\xCC\xDE\xECH 6b\xC6 \xC2�\xC6^�#*.\xF1\xCE\xC1�=�\xA2�\x9B\xB0\x99�\xE6É@�!
^S\xCB(�\xEF\xFC|Bd\x81xp\xAC \xB4mp��Y(\xAD\xD36[\xD1\x{1B91E1}\xC8\xCD�\x89a\x97;�4\xC3K�\xCA^2\xC8\xFE at 28l\xDB\xF8=\xDC�\x98
-\x96\xA2\xAC\x8E\x87�\xF1O\xC2~\xF5�\xE4Q'\x98\xF8�d\x8FX�\xC7!fl\xF2l\xBBi \xD1\xCC\xEB\xAA\xDCMav\xCB\xE2\xC8$~x\xE1\xFC\xBB\xF0�V\xBC\x93\xF0\x80\x84\xB4L��`\xE4.\x9F\x82w\xC0'D\x82\xE0^Ir\xB0p�\x92\xF8\xAC\xD9U\xA8\xEA@\xD2{y\xE8p\x9C\xBA\xB6���\x9CW^QuI\xD1F�\xD7\xE0v\x86\xFD\xD4\xFA\xC76\xDF��\xD4k\xAB\x9D6;\xC1\xCAD\xC8�&\xE7�w3\xB1K%\x99�\xD0\xE6wP\xD5\xD3f�%9\x8C\xCF�\xD9#\x85w\xDEÞ‰\x9F\xD4�HÞ˜\xA0\xA8\xFBM\x9E~\x99�^k\xF2lJM�0y\xDCÓ’\xE0�i �\xD3ZRL\x8A�a�\xD0R\xCC"\xA9�Z\xC2\xF5\x82+G�{-a\xD5��(\xA1nP1X\x86\xAB\x8E�\x8D E��\xED\x97\xF2f�\xA2\xC6x�\xE50\xE21-\x8BE\xDA�\x94\x86\xF6\xA7z[�\xE0&@Q1\x80ØƲt\xEB\xFC\x82\x88]P��\xD9\xFCt\xF5\x96\x9A\xFCr�\xA1\xBE�\xBF\xB5%\xE2h�`���\xB0\xC7]�\xDC|r\xC0\xD4Jm\xB1\xB7|a\xA7e*\x8C\xC0,@|\xD4(�\xB36�2\xFD-Ò‘\xF7�q0:h\xE3�\xD1T\xF0\xA8\xD0\xF5\xEEc\x9F��\xF8\x88g\x81\xC1\xEE>+\xE2\x98i;t�E\x95\xD5\xEB�\xBA\xE2A\xE8\x80 \x85\xD6E�>\xFB\xF7\xCF\xC1e\xF4\xF6\xF6\xD3\xF5\x87fx�\xEDÂ\x8B\xD8\xD9\xFE\x8A:\x85�\xDCp?\xB1o6\xBA3\x9B~8&\xFBaÞ��^̬\xC0\x90)\xC1\x95)EÉŒ4\x83�L�\x94\x97�O\xB8\xA5\xCA\xE8ã\xD7\xF6\xC2�\xE1nÂ}\xCDMh\x88\xB1\xE15�\xBE\xFE\xD7Ep\xA5\x84\xAE{\xB9��`\xD4\xF9\xFB\xF7É›\xF3\xF3׉ Tp�\xB1�\x8F\x8C2\xDCD{\xDC80?\xA2\xD5WV��\xBD)\xF3\xBB\xBAxi�1\x80'\xFD%\xFAl\xFB\xC9\xE7\xE7K\xF8;\x8F\xE0\xCF\xFD\xB7\xEF\x99^�pƲ\xF8�\xE6Ò\xF9hÛ´\x85\xBF.&�\xC7<\xC6k!X\xFE\i\xA6�\xB3O\xE3q \xB8gs�,\xCC\xDE\xD4u\x99\xA7\xDEJ>\xFA\x84\xC98\xD5�\xE8\x87ss*AC\�L\x8DÑ y\xD4\xF3\xCCXH\xDBu\xA3\x9C1!z\x9FW\xF9\xD3Ü¥\x81\xC6\xF49\xB8Nnxr\x9C\x81n\xD4���\xE0\xAE\xC1R�Y��a�]"&\xB8\x94/\xB9\xECDv��݈\xE5\xFE\xE0Im(\xAF\x85Eí‘ \xF6W%\x84ê‹…\x83&Xl\xE9\xBB9\xB3\xB3m\xD5�\xEE\xB2�\xD3�\x8Bt2
-\x88'Qv\xA0\xA2Zd݊Hp*`\x81\xDE��f\xB8\xC0
-\xE3�p\xE1o��Ó´`"\x97\x86\xF7I\x91�\xBA�\x9BK\x82�\xC2xy\x80�\x88\xFAI\xAC\x92=\xC4\xF3\x89\xB8\xC1�}�\xFE�\xBA0\x8E\x9C~!\xFC�P\xE4�3�\x96Ö \xB3�5\xE3\xFE\xA8\xC3fÜrf\xBCmW\xF3ê«¿
-\x8D\x8DX�\xA6�\xE7\xC7\xC9w\xA3&\xE8�\x8D\x983� 5d`҈��\xCBN\xEE\xC7l\xD8\xF6lXt6\x8CI\x9DU>\x85\xC74�\xFB\xEC2\J'A\xA76<�\xB9\xC7|\x8C\x8C|L\xC5dR\xF9\x94\xEE|\x99\xE2+\xA6\xB9*j\xB8\xF9\xF7\xBB\x8F?_^\xDFPm\x9F�\x82۷g\x90P\x8E[pI_\x8A\xDE.\x91EyiO\xCD\xE7\x9D9�\xB1�yN\x8A�n�Y\xBBu �\xAA\x81*\xEB
-0\xCC\xE1hR�RA\xD0'{\x85\xFE\xBD\xBDZ;m\xAFÜ‚\xF7\xB5\xDA|\xBB\xC1^�i\xBB(
-D\xC27\xA5O\xB6J\xAB\xCF9\x91\\xD25dM=\xFE1�J\xD61j\xE8\xB6
-\xF5]\xBD\xF5kt\xD0\xC2b柰 ,\xF4\x88\xD0\xC4g5�\r#;<\xD0u\xE9\xA1
-\x80;�%\xEAe\xFB\xE4\x97\xF38\x83\xA8 at a\x9D\xFA\x9CA\x95\x8F\xD3 �\x8E{Y\xB9\xE9\xCB">\xABX+\xBF\xC3\�\x9Fs�3n\x95y\xE1\x9C\xF7F�9\xE7a�99�X�\x80e\xB8\xC5\xCD\xF3\xAFE\xFB<b\xC5Lʼn:\xCEC7j\x82\x89!\x82�L�\xD0Ì€\x8B\xBBU at s�7;d\x97\xBAF�^wP\xE0\xBEk\xFF\xE4fi�ZwMż\xDAc\xC9l\x95g_:\xF0J�8\xA8\xDB|]ov4� ×�4E18\xAFΉ\x90\xB3)�1k\xF8\xE8\xA9\xC7?\xF8\xED3d\xE3\R?�T�\xCE¿\xC0 [\xEB\xF1<\xC7xs\xD0�\xB8\xD5 =`\xE2\xA8=\xF4G�\xB6\x87n\x94�\x90\xF9\xBAi\xC1M4m\x91=�/\xE0�\x8DJ\x92\xE3\xE4\xBBQ�\xF4\xC5(\x99b$Ht\xC0\xC0\xBF\xF0\xCD�\xBC�\xCA!\xD1\xC8�j\xD6)�\xAA=\xDE\=\xA8�\x8B+?�S'N\xFFI/\xEA��:\xEFw��\xB66\xE9\xEE\xCB��\xCC\xFDrÏ.8E\x9D\xA8.\xCD\xDE��w\x848\x82�\xA5|\xBA�\x9B\xF7N�\xB8\x9At\xB2s)%\xD3B\x8C\x9CÖ¡{\xA0R:\x90\xDEV\xA5K\xFE\xA0ݼ\x9A\xAF\xA7nQ\xAF:4B�l \x96\xA9K�\xDC\xF9Ö\xBD\x96E\x95�\xCF_xP\xC1\x91ix,\x8Ea���LB\x98\xFF� z\xD8\xFA\x95D\x83\xB1/Xo\xD4�\xEB�\xA3\xE8\xA1.-\xB7�c\xB2�_\xD7\xE0\x9Ar\x94l�4A\xB6\xBFÄ3\xD0,�\x92\x9D\xC4:p\x88\xB0\xF4]xݧG at I< O\xDBQ\xD4A�\xD7H\x86\x91\xD2\xD3�\xFA\xA2\x92:<\xBAwm
-5\xB9|J\xE4\x96\xDCQK\xEF\x81�\xF3\xE4γ\x86\xC9~\xEC&\xAD\x9Ae\xBE\xF1K\xA4�E\xF7&,M\xCD(h�8\x8B|\xED� \xF6��\x84�2\xC44^#�Ôƒ�~q\x97�\xD1=\xD8>\xBF\x8A\x98\xD9=Q\xDC~^\xF9\x8BH\x98\xEF\x9Ek\xE1�,vI\xEF\x8C\xE6 >\xFA\Tp\xE6]>�\xC6\xECA\x89\x9BAy�(yQ\x82\x8F\xC2\xE43\xA0\x93\xBB\xAEk\x956\xB4Ø¢\xF0/\xC5$\xAC\xAA\x9D\xBCgw\xAF\xC9\xFE\xA9'\xCD\xC2a\xF5IaEYt\xF8\x92t]\xCB\xEE\xC1\x97|VX\xE3O�2\xA0\xB1\x81�\xEEW"\xE88\x98\x87(\xBE\x85\xC0�C\xFD\xC3R�Ʀ\xFE\xF1\xA8\xF0\xDF4\xBC\x88Q�ůYT\xE1\xCDi\xEAr�\xF8Ò}1C2\x9BÇ´\xFC\x81\xAA\xB5#\x88\xA5<\xA0\xB3\xF1\xFD�}\x99\xE8\x8Cx\x95\xA7\x9B\xF6�\xCCs�V\x9A\xF2\xBC\x92Y\xAD\xFA?/q$V\xF5C\xBE\xDC�\xEE\x85\xEAb\xBB\xF1\x91_�\xBF&\xE8u���\xEC\xD3\xC5x \x98\x9Ewz\xD5 at L\x80\xAFÖ½�2\x8F)-`\xEEX�\x{DCE9}\xBB\xF7\xA1\xE5È…V\xEEÙ”\xCA\xFE|8X\xD9Ó„�ß·\xC6\xEF\xBFK
-#Y\xDC=\xB7\xEB]�S}�.Sr\xF4\xD4{7y=\xE2 �t�\xEE]{'9\xBE��fU\xF7\x9E\xD9!\x9F\xC4z,\x8D\xEE\x80D�M\xEE\xBD�\xBE\xA3�m)\xC4$É\x9B�\xD7�\xF0cwwv\xBF\x93\x99x\xB6�@�Y\xFD\xD2ï¬\xEC\xD0\xF9\x81\x9B>\xFE\xAA\xC5D\xC18��\xE4kL\xCA\xFD at z
-\xBC\x86p�\xEC\xFBp\x88�i\xE9[?\xFA�\xD9x\xC1\xDB�v\x80H\xB9\x846\xC5\xE2�v\xFC\\xD6\xF7\x93Ox1\xAC�w)\xFBc\xFA\x90\xC6�\xF5\xC1�\xFD\xF6�\x9F\x88\xA4\x9C
-mQg@\xFF\xF7\xEF\xD2\xF6?\xDAS1\x93\xD6�@\x86p\xB5\xC5�\xA5\xC8\xC0\x94\xCB\xF5E\xCFÑ€\xFF�\xDBs\xD6\xFF�\x83\xD7�\x83endstream
-endobj
-1681 0 obj <<
-/Type /Page
-/Contents 1682 0 R
-/Resources 1680 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1684 0 R
->> endobj
-1683 0 obj <<
-/D [1681 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-474 0 obj <<
-/D [1681 0 R /XYZ 56.6929 378.3537 null]
->> endobj
-1370 0 obj <<
-/D [1681 0 R /XYZ 56.6929 350.6124 null]
->> endobj
-1680 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1687 0 obj <<
-/Length 3312
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�]s\xE3\xB6\xF1ݿ\xC2o\x95g\x8E���$\xF0x\xB9\xD8Wgz\xBE\xC6q\xA6\x93&y\xA0%\xCAb#\x91\x8AH\xD9\xE7\xFE\xFA\xEEb��(Q\xD25\xBD\x99\xDEx<\\x81K`w\xB1߀\xB8L\xE0O\��'ʦ\x97\xB9Mc\x9D�}9]]$\x97O\xF0\xEE\xFD\x85`\x9C\xC8#E!ַ��\xDFܨ\xFC\xD2\xC66\x93\xD9\xE5\xC3<\x98\xCBĉ1\xE2\xF2a\xF6\xCB\xE4\xDD_\xDF\xFE\xFD\xE1\xFA\xFE*\x92:\x99d\xF1U\xA4\xB3d\xF2\xED\xED\xDDw4b\xE9\xF1\xEE\xE3\xDD\xCD\xED\xFB\x9F\xEE\xDF^\xE5\xE9\xE4\xE1\xF6\xE3�
-\xDF_\xDF\\xDF_ß½\xBB\xBE\x8A\x84\xD1�\xBE\x97<Ñ�nn\xFFvM\xD0\xFB\xFB\xB7�>\xBC\xBD\xBF\xFA\xED\xE1\xFB\x8B뇞\x97\x90_\x91(dä‹_~K.g\xC0\xF6\xF7�I\xAC\xACÑ—/\xF0#\x89\x85\xB5\xF2ru\x91j�\xEBT)?\xB2\xBC\xF8\xF1\xE2\x87~\xC2\xE0\xAD\xFBtL~Z\x99X�\x99\x8F�P\xCA@\x80"�8\xCD.sm\xE3LI\xE5�x;\xBF\x8A\x94Ñ“nQ�\xF0\xEF\xA6f\xA8j\xE9Y\xD0cU\xB4]\xB9\xD9!\xBD\xB9\x8ARa\xF1\xC3zo\x8A\xB6\xDC<{Ì—j\xB9\xF4\xA3\xF5\x8C\xA0f\xDB
-f\xBE\xFB\xF8p{\xF33\xC1\x9B+a&\xE5�Û²e\x9C\xAEa\?\xCFn\x99e\xF1\\xB6\xB8� \x87H\x88\xD8j-�S\xBF&:\x99\x95\xF3b\xBB\xEC �\xB0\xA9Y\x9AL��\x8E#m'\xED\xA2\xD9.\x91�\xD8\xEAnS==9j\xF1\x87\x9B� \x96�@\xC0LU, \xAE\xB7\xABG\x8F:]\x94\xD3\xDFi\xBA\xAA\xDE\xFB\xDAQF \x92\xB2vL5\xCFÕ¬\xAA\x9Fh\xB8\xEA�s\xBB^7\x9Bn\x94���2@:��h^\xDC�\xF8\xCB-\x86 /\xE6\xC6�z\x82\xF4\xAB\xF9+\xC0\xA9\xDD\xE1�K�\xBD,\xAAe\xB97Ë´\xA9\xEBr\xDAUMM\xBFQTnQ�{.A\x82J\xA0�\xFD\x9AeG at 3\xF7�\xB8\xE5mOÆ€�2UXu\xBA �\xBF\xE1\xE1B\xA0�<\xE7\xB4`��w\xB4u$\xC2岜\xF1\xBBW\�4\\x84�nE\xAC\xF2D\xC2Ò¸b\xDDt(�\xC2�-A\x81\xADe\x99f\xB4�\xF4rl\xAEX\xE9<\xF58˶\x89\x8EΗ\xDAX\xEA4g\xDC\xD8q�I�\xAB\xA4Æ€�\xF2\xD8*iz{\x93\x99d\xC1�\xC0\xDB�\x90\x93�<�|\x88~_a\xA4\xD9г\x{DD8F}\xBB\xAF\xDE \xA8\xD9 �sz�D\x98�\xD0M�\xBAF\xE6Õ¶{�\xD0\xF0\xD3vY\xF0W\xBFJ\x99\xEE(Û®�\xBF\xA1\xE7\xAC\xE8J\xC4`\Pq\x9A �S\xE39\xAF\xB9`M\xCE\xF2 \x98\xF7\xA6*[\xFA\x81\xE2w at S/_ Z\x97\x9By\xB3Y\xD1� \x92\xA1�\xE6Ô\x8Dl\x99�2N\xE1�\xEFâ,6\xDDcYtQU\x83\xE7z�+>\xDC:\x93\xC6I\xE25\xA1\xFC\xB4\xAE\x98ZZ\xA7\xE2\xF5\x8AÙ¬b\xDB\xC0\xD5�z\xA2GC{\xE4\xED\xCE\xD0\xF7Ê¡Ò‡\x9A�\xB8\xB66\xEE%�\xE8\xC6MU;\xEF"m\xA8\xF2<\x80F\x81 �\x85Rh\x98\x8B\xAA|!
Fsp\xA3\xAF\xF4ܶL\xD077\xA9 \xB59\xCFc\x99\xA5\xE7-Â\xCE—Ih\xB281m�B\xC8uK`\xEF\xB8�^\x81V�Oe\xFBftu�_�BO\xB8:)�x\xF2,Îʆr[�m�~g\xCC\xD6t,\x95�{�\xA6IOW*vt\xC1\xB0\xA7\x8B\xDE8esØ1\xF8\x97\xE4\xBF\xE1e
-\xCA\xE7|>��R\xAFĄ\xC0
-<\xC6+|�km\xBCJm\xE0S\xFC�\xCEeȑ\xB0\x874\xE2\x98'
-\xE1�\xD2p\x90\x83\xCD�\xBEq\xB1�\xC7�\xD7nF\x92\xD1Ñ{\xC3\xC4�dn�\x8D\x9B\x9BJ1\xEF\xB0\xFA\xBF1\xB7\xA8\xFFh\xC0t`xo8\xEEx\xA7<�\xAEÖ±1\xD6\xF2\x8A'\x94$\x8D\x95R\xF9PIp\xDAm[\x8E2\xB3\xAA-�\x97%G�/Ö\x9D�\x92\xC1\xC1\xA1X\xE3\xFD\xC4OH\xE0&Q\xE22���T|V\xEA\xA7r��\xA1\xED0\xF5\xFBs_yB\x82\xA0{\x94�\xFA.\x81\xB9�\xF4[1\x9C*Ꙋ\xB2D\x80\x9B\xCC\xE5\x91\xC4R\x9AX\xE60O\x96@\xFEi�y\xB3�\xA4M.p\x80\xF4V\xCD\xCC%m\xA9>-i\x95�E\x8A�\xA1&�\xC1�\xB9\xCA�\xB0v.-\xDC�\xF0ȱ\x92\xE0\xE0C�\xFE7\xA9\xA0\xFCS�\x99A\xAF\xC1_P\xD0`�q\xA2�9\x8B19k+!\x837�{\xD3���P�\xAF\xFF{\xE90\xE4\xED�\xD2\xE7W\xD4}�\x8B\xE1�\x91QF\xF1T\xA3\xF2��\xFB\x9A\xC5�a.\xB1\x999'?\x93Ä™Q\xA9\x93\xCE+\xD5�{�\x84J*ߥt\xBD\x84vB\xE3\xCFÆ…�\x90\xF1e\xA5\xF5E\xADZg�\xA2=\xA8\xC9�ie&Î¥Q\xA73\x87\xA1\xC0F\x94\xEB\xA4\xC0�J\xBEf\xF5\x82j\\x98L\x9F�\x98\x86\xC0\x9E+q&�8\xABb\xA7\xCC1\xA0\xE4k��$CR uN`�\xAF\x8D\xC8홨~D`\x9F\xE5\xBE�B\xBEf\x8B\x94PI\xE6\xD9Y\xFF\xAFdl2\xAE�8\x9B\xFE\xF3b;i\x98�A_Jn\xBBV\xD6\xFF#A�6\x8F�\xC3�E 8i@�zj�\xBD5%\x80p}Qj\xC1 �aN\xB7\xD6R\:UÜ¿i\xBA\xBE˲\xCBRv\xD9OX�\xEEg\xEDag�6\x98s\xE29"\xCD\xCBiw\xB2�"\xA1D\x822\xD8o8\xE7a\x87z�[k\xF2Ü„]\x8BA/�Ä£\x8D\x80\\xDA o\xF6Hï–‘\xA2�\xEBPs}_\xB4\xC7r\x8D\x81\xE2\xF72\xAA\xB0\xE48HÛ„2\xB1\xC8l~z\xF1�kd\xF5a2�\xCER\x8B\xE1\xEA\xB7X\xCCC�\xC4\xCDb\x93N�\x96�6\x85\xDDr\x92\xC7Fåš‹~x[\xD6X.\xCC\xE8E[\xAD\xB6Ë¢\xA3\xAD\xF2=I\xC4j�\xDBfY\xBA}\x87\xE1\xEF\xEE~$\x80\x98t�\xDD\xEB\x9A\xDF\xDE\xFE\xF0\xD3\xF5\xFD�\xA4\xB2?_ !`��\xF4\xE8\x89\xE5�Y\xC5h\x89\x83z\xA9.\xA9\xBF\x83uL\xE3k\x98`>\xEA\xA81\x91M}|o\x93,�I\x92\x9D\xD9\xDB \xEB\xC4\xDEz,\xB7\xB7e7]DO\xCBmy\xB8\xB5 |
-\xB9\xD1ɵ{\xAC\x91\xC5�[\xAB4li\xC8 \xAEN\x9D^\x99\x99\xDD�b3Ç\xF1�aS3S\xA4�0Ì‚�ÈŒ\xF60\xA0\xF6L\x8D\xF2=\x8C\x80A\xA8\x8E\x92#Y$T\xF8Jc\xF7\xDE}3-\xB6\xAD\xD3 X\x83[oyЫ3\xDCX2\x93\xA2\xEB\xCAÕº�\xBBM\x86V\xE4^S\x96\xC7FÙ¡N�-\xD2�.\x98\xDAf\xEB\x80\xE9`tÚ¸'v�p�\xFB\xD0\xF8\x9CU\xB3\xFA/�/\xA8\xEF��7\xDC \x9A6u\xDBm\xAE\xCCd;e\xAD\xB7\x9E� |{\xCCy6\x9C\xAD\xE8
-\x82Ú¾\xA7�?\\xB3\xD8\xDAI1 s
-S\x97\xF1Xç·q\xE0
-_\xFA\x96p[\xCDJ\x9A\x82\x9Da\xC1>\xB1\xE0\xDF\xF0\xBE\xD85��pp24jHUw\xD4`\x94\x86<\xC2fg\x9Ca\x88u\xDC`z,\xAA\xD1�\xB5m��6]Û¨\xA9\xA3v\xB1\xEDf\xCDK\xBDO\x89\x84\xD0,SiO\x93\xD2c\x8D\xD02\x88�`6��\x87\xC4\xFC\x83\xCEt\x94â–˜\x82\\xB4X\x95\xFD\xB9�\xBC(?U]K\xAFfÛ’\xC6X\xC3\xCA\xEA\x99\xCE9\xE0Ý\xB7\xEF�\xAE\xEF?\xBC!�f\x92^5<Ó¬\xE1�0Ì…XN\xD5-З�9T\x8C\xA2~\xE5\xB0\xC9�\xD8\xFD�\x8EMÕ•\xED\xFE\xA1�\x97\xC0\xBDF\x8D\xF4\xFC\xB1K*T\xDA\xD7\xCD'\xF6d\xDF=��g6�\xBB,k\xA4(g�\xCE�\\x95\x988M\xF33N9\xC4:\xA1c�\xCBu\xE8
-\xE0b9\x8B\xA6˪\xAC\xBB\x83\xA4�Bdl1!8I@\x8F5B\xC1\x80Y(\x82 \xBB�C�\xF8�.\xCFzό\xF0K\xC1\x83Օ\x98\xD4\xE0\xA2X\x93:\xD7s\xC6\xF1\xD5zY\xAE\x80h\xD7\xEF\xC6�\xFE\x92��!\x8C\xDEi\xC2\xC7 �\xC5\xCF\xF9T7\xBD\x9F\xC0\x81GX\xE4u\xFFs\x8B\x87\x84\xC6L�\xAE,\xA8&\xE9^
-U\xBC\xC0\xB4|\xA0{\xD4w\xDF5F�\x80-\xCFzVr\x9B\xB5\xEC�5\xFA
-\x8EoD\xD9$Ê¥O\xD3F6gOÅ �7J\xA4A\x85=\xA2b\xEE8\xC1ω M"'\x{DE9C}\xBA\xF3\xC0�\xC9\xDDK\xE3\x9B\xC2\xEBbSt<L\xFB2j�)v_\x85\xD7\xDFb\xDB-\xA2\xFAÓ¬Y�Õ˜E at p�\x90`\xEF�\x88\x8C\x93-\x938\x95\xBDÝ:\x90\xF3\xB1t3\x9FJЬ�\xD3)1&,\xA8\x90zY�k\x91\xA5\xA9\xF6\xBD\xE4
-\xE2[YÌŽ�\xA5\x84\x82;K\xD5�\xC7�b�7\xCA�\xCB\xED{\xD3vQ\xDBA\x9E\xD6v\xD5\xF4\xD0(S0#\x93\xA5\xA7 \xE8\xB1F(��%lE\x96\xE7C�\�\xA4E��]*\xAC\x85O\x85�\xA2\xF4\x97�\xE4\xEFe\xB9f\xB7+\xF8�XL���\xD2ÜZ\xE2\xA7Ï”\xFC�\x88\xCC�K"\xB1;\x82\xC6�\xC3S\xF9\x9C�`w\x98PL\xF9\x88<Je\x9CH\x91ï™TÝ‚\xBD\xFD\x9D/\x96�.\xC3
-\xD4�9\xC0\xF1\xDD�I\x9CcAwz\xB7�\xAC�\xBB\x{DC50}R\xB4\x95�\xFE\xA3\xEA�5\xB4\xA3Ǣ=̑\xC1\xD4m\x96\x9E&\xC3#�\x92�\x99a\xE8��d\xC8z\x8F�\x9FZ\xA5\xBB��`�S\xBB*f$\xA35\xB1\xCE�\xDBǰHI1\xB9\xED\xE8{\xE7\xC7�\xE0<�\xA7䩽ԡ̢5\xE8\xAEB
-Q�\xF6wUQ\xE8N1\xE5�\x85\xD8Ð\x82�ݦ\xA8[P�\xF0\xDB=\xA9ˆ\xCF]\x85\x96H\x91\xDA\xD3�GI*@U]�
-�\xE9# \xB7\xF5\x94\xE2�j\x87KYa\xF0\x9F\x94<\xE05\x91+<�\x83�\xE7 at F\x9E:�!\xAE0�\x80j\xE9᷒�*\xE8\xE1i%Ba u &Ӝm¯u�\x95>X�\xCF~;�\xBB2\xF1\xDAl}\x9A\xEA\xB5\xD8_\xF1\xE0\xE3+\xBE\x85\xB1힚]\xDF\xE0\x80\xBFAr\xD41o\xFE\xA4mێ\x9E\xA5g6�\x87\xE2\xBB�\xEB
-^_)ImG\xCE\xE5 o
-\xCFw\x8F&?\xE2\\xF2\x83e\x96\xB5\xC9�?�b�\xB7\xBC�\xCBY^UW\xABb�m\xB8\xE28\xF4\xB49P�A\xF94 =\xD6�
-\xC3@\x9C\xC5�\xF3\xC1��\xB7\xF3�\xE1Y\xC89M\xF6�a\xDD�a]\xE7\xFE\xE2\x87Ö¾N�\xE8 tl\xE3��:�\xD4X-\xA1\xB0\xBFÕ\x97\xF5×´\xF0�\xBE\x85�cP\xD5�pX9��)b0]\xB1\xE5�}\x9BB\xD8ß\xF0\x92*w\x8B�\x92r\x9C�R}\xAAÇ”��\x8EJ\xFA\xC2Q _8\xB64\xCE�*�-\xFC$D�
-\xFB\xBB�ծ"Tt3\xA5\x8C\x9F\x9C\x8D\xA1\xA7Y\x96O\xAE�\xE2T_i0+\xFC\xED\xAA]%\x87\xB2\xA2{c'\x8B\xD2U\xF1ڇ�\xBE\xE1\xB5\xAB\x8A/\xB2�\xF5\xB4�ޗ\xDA\xDDޢM`?s\xB6\�(\x8E�{P\x89N\xBF@\xCD!\xA0^\xF4\xE7 '\xCC.\xC0:av�˙�\xB0PA$\x8E\xA6\xAE\x82<\x8Ct"VV\xEA\xD3�\xF4X#��\x98ͲX\xE5\xCA�I\xE0�\xB3A?�`\x8A�6\xF3\xB1
-\x86*~Å®� C(N×\xA6�x�Òƒ\xB3_\x87\xC5\xF9\x8B\xD5=\xBE\xEF\xA4\xE8^�\x84\xF9\xEE\xEE\xED\x87k2�\xA8\x92R\x89\xD5T\xA8c\x87�'�Q'\xE5\xE4\xB9j\xA8\xABG\xC3N\xA3\xA4\xBF\xCB��\xD4t\x94x[�\xEC\xAC\xE09\x9C
-\xF4)�\xBC�\xAF\xC3�\xD4/\xC5`\xA1b\xF9R\xBC\xB6~\x8EMEe�\xBE)\xEBy\xC3=\xA5vo\xD5�K\xC9>/f\xB2\xED3\xC7Ǧ[�\xD31\xAD�a(\xB8e\x8F\xDA7mf\xAF \xD9j\xCA\xD1j\x8D\x97\xCF\xDA\xF8\xD8\xCD[\xA5c\xBC.;\xA2E\xC9\xE5\xD9�\xAEϽ\x95\xBB\xBB\xB2�%\xA22\xE6Ƚ�\x95@�\x906\xF7D\xA182qp\xD6\xE2\xAF\xEF�\x92\xFE�\x90\xED\xFF\xB5endstream
-endobj
-1686 0 obj <<
-/Type /Page
-/Contents 1687 0 R
-/Resources 1685 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1684 0 R
->> endobj
-1688 0 obj <<
-/D [1686 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1689 0 obj <<
-/D [1686 0 R /XYZ 85.0394 625.316 null]
->> endobj
-1690 0 obj <<
-/D [1686 0 R /XYZ 85.0394 613.3608 null]
->> endobj
-1685 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1693 0 obj <<
-/Length 3723
-/Filter /FlateDecode
->>
-stream
-xÚ�]sÛ¸\xF1Ý¿Bo'Ïœx\xF8�8}\xCA%N\xEA\x9B\xC6imw\xA6\x9D\xBB{`$\xDA\xE6D��\x91\xB2\xCF\xFD\xF5\xDD\xC5��)Rt\xD2\xEBd&�\xC1\xC5\xEEb\xB1ß\xF9\x8C\xC1?>\xD3&3\xB9\xC8g6W\x99f\Ï–\x8Fglv�\xDF>\x9C\xF1 \xB3\x88@\x8B.\xD4Ï·g?\xBD\x97v\x96g\xB9�fv{\xD7\xC1\xE52\xE6�\x9FÝ®~\x9D\x9BLdç€\xCD\xDF~\xBAz\xF9\xE1\x9F\xD7oÎ\x9A\xDF^~\xBA:_�\xCD\xE6\xEF/\xFFvA\xA3�\xD7o>~|s}\xBE\xE0N\xF3\xF9Û¿\xBE\xF9\xFB\xED\xC55}2�\xC7Ï—W\xEFh&\xA7\xC7 \xA4\xD7�\xEF/\xAE/\xAE\xDE^\x9C\xFF~\xFB\xCB\xD9\xC5m\xDAKw\xBF\x9CI\xDC\xC8׳_g\xB3�l\xFB\x973\x96\xC9\xDC\xE9\xD93\xBC\xB0\x8C繘=\x9E)-3\xAD\xA4\x8C3ë³›\xB3$\x84\x9D\xAF~\xE9\x98\xFC\x94v\x99�\xCA\xCC�Re�\xE8\x8FK\x99g\x96s \xB2:ÏŒ�2IY\xF01)G(\x94\xF2\xA6n\xAB\xBB\x97\xE3\xCD:\x95I\xE3ܬ\x8Bp at 6�\x8D\x90��\xB2.\xCF$�}\x9F\xEC\xE5�\x92\xFC\xE9\xBDr�H\xCE2\xA1m�\xD8�\xE4\xA5l�\xA6\x87M\xF0Ls\xED�\xCCoL\xB3\xF6\xA1<_H8\xE2UyW\xEC\xD7-\xCC\xF1�a\xC6\xD9\xF9\xBB\xAB��\xE8|~\xF5\xE9\xF6\xF2\xFD\xBF \xEC\xB1l\x9A\xE2�\x90\xFB/\xC5y\xC0Д\x9B\x96F\xCF�\xE5& \xD0\xC4\xEAM "z\xF0\xA5)wO\xE5\x8E&\xAB\x88n\xDF>Ô»\xAA-\xDA\xEA\xA9D\xF6\xE1\xE4r<B9[p\x9E\xE5Z�\xCF\xF8]\x8D�\x99\x9C/�\x8A
-0\x83�s
-(\xCB\xE3\xA3\xE0Zg\xC2(5\xB3\xCAf\xC6Z\x8ER\xA6\x8F\xBB\xFB�
-\xAE;\xA7\x92\xE0�\xDD�\xC3c�\xE2E\xBEn\xCAe[\xD5�\xE2
-�\xFD\x98�\xC1�)m�\xF9 at 3�\xD4+<�\xB1!�`\xB1ʸ\xF9\xAD\x973\xB0\xD190&:��\x9FÂ\xC1\xA8\xAD\xE9s\xFB\x90>\xE1\xE94\x{132B9A}\xB6\�D�v\x97 \xF1h�ؽ\xC2\xC0��Y\xD6\xFE\xB9j\xE8$\xB9`Y\xAE\xA4\xEB�%\xEA`\xF9Dz\xDC"'R�\xBC0x,\x80\xE8\x8E\xC6IW`\\xAD\x80\xEB\xEA7Æ„g g6GKo>\xBD\xA1\xC1Ç«7�/h\xE8�\xACWQ\xBD\xB5\x9E�\x9B\xB0\xDEo�\x9E\xC5\xE6\xA5K\xAE\xA1\x97\xB4\xF9#Jd\]�\xC1\xE2\xCE\xE8 \x8AuS/��\xE2\xE8\xF0\xD0\xEB(\xAD\x83%\xD6[Ô›\x8C��?-8ؾQ\xFC\xB4\xC9癳\xD6��$\xB0E\xBDY\x8F\xD13:\xB3Z\xAA \x8B"\x90\xB9w_^0\xB8W\xD1\xD5�\xC1\xE7�\x91\x9F�z�sdx0\x95N�&Q����B\x9D\xF0L\xE8\xF4�x}"^\xFE\xB1]W˪�\xE1��\xD9 f\xBF\x83\xCBÈ›H\xFCr<P\xF2�Ü¢\xCF\xEC+\:\\x8CW\x91�\\x89\xEF\xF1\xB0q\xBCo\xAA\xCD\xFD\xC81s\xC9@\x946\x8Ar\xFA\x98U�NYE\x87\x9B\xA1\x9Fb'\x84\xA4\xE0\xD4!V\xB1�XF\x90\xC5m$\xE9 !
\x9B �\x9E�)\xE1{\x92�\xBE\xA0\x94\x82v f Þ‰\xA8]�\xD5\xED\xA8>\x83\xBD�\xC1U\xE2\xE8\xC4�%�0\xC6{\x9A�\xFB\xCC
-(\xC9�
-PF4\xFA\ҳٖ˃�\xE7\x9AL�>\x8C\x9B��\xF5�6\xF1\xE2\xC3\xC9Htә\x962ʧ\x810R>\xC2\xC6APJ\x8AD\xE1\xF9\xA1Z>\xD0pY4\x81\x9F\xAA\xA5g
-\xBA\xB1��\xD3Lq\xB3\x80\x80\x941ex_\xB3h\xEB(~\x97\x9F�\x97\xB1YÒ\xC4":ma\xE6\x97--~\xAE\xF7\xEB�
-I\xAB\x85s^t�s\xB9D\x97\xBE{\xA1W\xF4^\xF8\xB9\xDD\xEF6a\xC9�\x9E\xFC]\xF8\xFCP�\x8E\xE2\xC9 p�\xBEV\x81\xE0\xB2\xD87^\xEF\xE1[\xB3.\x9E\xCA&!\xF7JCL\xF7\xDC\xDBrW4�\xD9 \xCF�ɔ�\xD3sZM'\�\xA0\xD3\xF9V�:\xE8�M]�B=X\x90c\x90*L\xD1N at C\xE2}K\xCB3\xEB\xB4\xEDQ�5[�\x82\xC9\xF9t\xD2\xC52\xC6LL\xCCVx^\xCC\xE1^h\xB0|(\x97_p\x98S�\xF3���\xDB\xC9Q\xC1�*/>��\x86Z|^_7eK\xAB\x8B\xFB\xA2\xDA4\xED�\xA0�\x868\xF0\xC10�\xAB\xEB\xDDc\xB1\xA6@�\xA20�\x98ő\x9F\x84\xCCM\x80W\x8D\xB9�\x8EC*A/^\xAD\xE0I\xFBHQB�\xCA&p\x86x\x80�\xF1 \x83�\x90q\x88\x81?\xCD\xBA\xBE\xFCpy\x85\xC1\x99ދ\x80\xBCj\xFBĚ\xFDv[\x93\xA6"\xFE\x9A\xE8-k\xA0\xCC\xE7\x85�\x92\x90\xD1j��\x99v\x84B� i\xD0B\xFC\x93�\x94v�\x89o\xF5�\xB6H\xD3!\xB8Ae\x83�\x9B\xE9\xF9M\xFDX�\x80O4�D\xA4\x87\xFA\xB9|"\x880S\xD0Jo;4\xF4,�\xEAu�\xAC\x85\xA8�\xAF~g�\xD2&\xC8��Q6\xB8vC\xC0�\xD5
-\xB2\x9D\xFE^x'\xD8�\x94u\xB8}\xF4\xA4\xF7\xFB]��\x90\xB5\x94\xDE\xE0g\x8F̢F�-}"\xB7\x87s/\xF5\x9E�\xCF5pIN�\xDF
-\x946\xAA\x91\xEDI�\xA6\xBB\xE4\xFD) D\xD3V\xEB5M\x81*�LA}FNã—b\x80jC�+<
-�\xEA��\xD7z\xA6p�\xA3\xFD޺\xD0\xDE,\xB0�E\xB38�\xB3\xE5\x8AO\xBB\xA7.\xD4i\xFF\x94\xA0pS\xBBr\xB9\xDF5\xE8f\x8F(\xE7�l\x99\xB0Ӕ#\xD0�\xE5\x9Esb*�N\xF5)\x9F\xC8�\xB5cz\xD29\x81˥p\x9D\x8C�\xAB�|\xB9\xF0j\x9Ds\xAA�\xF1\xFD\xEB\xBE\xF4q�\x86\x94^\xC0D\xD36��\xB2~�\xC0\x8F\xA9\xA0\xD8�<�Q.R2\x8FK\x9EIe\x90R�\x91�\x8B \x9C\xF6\xDA \x93\xAB\xF0$\xAD\xC0��\xC9s\xBD\xFB�\xB2el�أ\xAA"2W\xD1 w\xC3(\xD1�P\x9E�\x9B\xE6\xD9s\xC0T\xF4\x93*l\x8Ds\x8EF/r\x9F\xCA\xFA�\xBDm��o\xDB\xF0\xE9�i\x99
-B\x8B\xA5�Τ\x9D\xC2xU{U\x87\xCF\xC1\xF1Â5\xA1.V/\xF4\xE5˦~>\xE2*\xB0��
-\x97sJ\x9B\x8F\x8D)\xC8Q\xB8\xC0mH�\xE0\xBD\xE8N\xDFArS\xF4 \x9B-8\x8C2\xA3ú%\xEDb/\x80^\xAAf4\xA5\xB7\x99Ԗ\x83n\xD9N\xF2�\x9B\xBC\xAA\xDB@%8$�\xAE\xA3l\xDB\xF1d\xDB\xF1\x8Ci�\xF3\xA5]\xE7�\x84�O\x925�\x85M\x8C�\xB1\x8B�oa\xB0\xA5\x9D?a\xB8\xA22�jy.\xB4<\xCAo\xD6�@xg\xAA\xE7w~M\xFDHo\xF7\x81]x1\xF3U\xD1�c@\xC1s\xEA\xA4�p\x86?4\xB4fY@\xD0\xFFKH\xC5Z��\x89�\x8C:��\xF2\x9B\xF2y\x9A\xD8\xE72\xF0\xA3 \xF7\x8A\xC0\x8BfLY
-�]4\xA8\x83\xD7\xDEr\xD9v\xA3\xA2�;\xA7\xB9\xAF{\x88�\xE5\xAE\xF2�\x9Edf\xFE�\xD0�-\x80\xF4 >�\xA2\xEFG,K8#\x9A\xA5X\xA7�AsDP�bై$\xD6��`6^Y\xE1\xADÞ–�\xDCB\xB8m\xF6\x90Âm-Ĉ\x94\xB5`HY\xAD\x82\xAE\xC7 R\xD7_\xF6\xDB&�c7e�COS\x8F\x96�\x90�9�U\xF0\xAEl\x97�\x8B\xFB\xF5~\xAC Q.S<\xFA\xD2\xE23��'C\x90ž
-ϧ#P�\xE8t \x8A at d \xDE!/6M\xB5�\xE6\xC723ֹI\xD2 hH\xBB\x9F�\xBB\xCC�(\xFA\xBA\xC4Ou%\xB5\xCA\xF3\xEF\xF0�X\xAE �"\x87\x84"\xA4�O\x8C�XP\x82\xD1\@D\xC2�\x92Qʈ_\xAFn.\xDF\xD1�?\\xF9\�\xDFnb\xEF�Ɨ\x87\xDE\xD1\xEE\xB02\x95\xACX�5\xF4�m�\xACŪ\xF6!\xF0�*N\xF9\xB2ƾ\xDBQ\xBE\x8C\xF1\xA3Bg\xC3sʉ\xF0\xD9oh\xFA)\xCABq\x94\xB2�|Y\xEDwެx\x8EU\x99\xD7\xF6'4=\x9A
-\\xAF\xF7\xD4'\xF21��\x94'\xF6P\x9E\xA0v\xE8\xB2\xE2\xE7Chh\xC6RJo\xA5\x96�A\xE2(U\x8C6dZ\xF8$\x9F\xC4z\xF1\xE3\xC7\xE4\xF2\x8E\xA105\x8F~\xACÛ“\xB0h\x86\xF7\xF7\xE4\xA8�\xD8\xC7\xEBm\xD8,\xB0i�Q �\x81\xBB�\xE9E\xE4���1\xE3YB\xBEz_\xFB\x84�\x89\xB7\x81.x\xD6\xF5���Q at E%\xAC6w\xA3��\x979\x9E\x8B�Ѽ:@\xE5�+M_�ncFz\x88\xA5\x9A\x8D\xC7R# MS\xEA\xDB;?'\x9D\x8At,SR\xC9i\xAFÒ…:\xEDV�\x94�\xF9\xDDRH\xE6�\xED˶\xE4C\xC7b3Æ\x9C&\x9F\xA0F\xE8\xF7\xB6*`\xAF\xB95}�nbȕ̆\x9E\x86�\xD5c\xF2T\x995\xAF\xA4\xBDØ‹vy\x949\xA5O\x88\xD07B"\x95\x92B^\xEA>�A\xFF\xA4
-�G\xD4󶃞\xB7_Z\xAC\xEB\xC8t\xF0#�\xC46\xF4\xA9�\xAC\xBF6\xB6\xCBQ\xABl>r\xF3\xE1ˢ\xF2>\x98\xB9\x8F]>M\x8C!\xED;t\x8F\xEB�\xB4"50\xFE�\xE5\x83�M繞I\xA9A\xEE\x9A\xCB\xDD�\xF8p\xBC\xAAt\xE3w{\xE0\x98,\xCF�3\xFA4.Z\xC7 W�\xC6�}T\x8B\xC8\xDDB\x80Zp\xEDLW\xEB\x92d!Ѵ�ԫb&�X\xA3��\xE1^\xAF:\xD2о�O�M\xA6t\xE0\xD3\xF9\xC2\xF0\xF9-\xFC/\xE6\x83KO�\x99\x83�%�ęb\xCC!\xE9\xD9\xD7�\xA4\xB4��%�u\xC6~\xAF��\xF8\x89\x9F.�\xC5\xEC]
-;\x9Au7��/\xBA\x98\xFD\xA6Lß” \x98\xA3� \xA73\xA5\x82\x9F\xBF\xAACm\xFFr.ؼ�/\xD5\xE3v\xED[\x91\xE5Q\xDB \\xFD\xC2(��\xBD2\xE0o]\xEEf]\xE1\xFE\xB9\xF3\x92p�&g\xE0&��\xBBN\x9B VfΡ! \x9DI\xC5Í´w�\xD2'qz\xDA;&(\x94(\xB8\x8CE\xB5Zl\xEBz=\xF0\x8D�\xCA�f\xF5\xAC\x8Bv\xE8�#Ô\xBA\xCC{\x96��\x8A�í‘¿\xA5�\xAF\xEE�l2w\x9A\xFB�Ѳl\xC7\xD2U�\x9B\xD2\xE6\xE8rbp\xD5_\xAC\x9F\x8B\x97&\xB5gj\x8C\xAA\xE15\xB6�`x\xF9.\xCCu
-�\@��\xCDɨ%�D�4\x82\xE9s\xE9 at M\x9CK\x84\x8A\xD7��\xEC\xB1WP\x9F,\x9B\xC1\xD9@�p\x86\xDBi��\xD4��}cÓ™C[\xEBrp\xA2+c\xC02\xBF\xB7+�[\x86\xB9\xEEtPt\xEA\xA0(H\xB5\xD6k*\xAD�$\xEE\xDAWP0�*\xC7��Mz\x86\xA6\x8A\xA6\xFB;Â\xA9\xF3~\xB3\xA6R \xD1\xC4k\x9A\xA5\xEF�\xFB9L \xBD\x93@\\xA1�\xE2#�X4T�Gy\x90O\xAC\x8D\xA0��\x889\xD4q\xB8b�� 柋\xC6Gs#\xE7\x9F_h\xCAS\xBD{9q\xFD\xA6�8?+:WA\xDD3\xF6�FØ\x93\x90\xA4+\xA4*\xF0u*\xE3̬\xE4\xFA\xD5\xEB&\x9E\xA7NC\xBA\xCB\xC1\xC2�l\xC9(�.\xE1ag)�#\xC9\xF1@�i\x8F\xB0\xD2~g N\xD9'�\xA4\x9F>\x8F\xE1j\xDE��W\xE1V��\xFE.\x8E\x83",\xF1B\xC9_\xC4\xC1\xEC\xC9kO\xAB V\xA5�\xEB\xDDf\xB5<\xE0�\xD3a�\xF0\xC6\xF0\xEE].K\x97o\xB0.$]\xC0\xC0
-\x9B�\x8F[z\x81�y$ \x9Fk\xF1x\xAF\xCF\xE9��\xC6\xE9Z\x9E\x87kyZ:z[�Y;\xF7>\xA4[\xEE�IJ�xGzI�g\x8D\xCE\xFB�r\xD00\xE8\xF9�\xC87\x94R\x90Z\x805�)\xDDk\xBF7\x89\xF0\x8B\xEE\x82�\xEF2\xC0\xDB\xFB\xBD \xFDV��>\xF2\x9B�%A?\xC0\xDFt �s�\xA1^\xE1c\x88m\xB2 \xE1P\x90\xE5X�M\xBA\xF6.\xD4iמ\xA0R\xC8\xFD\xE3n7\xE8\xB3C\xBA\xA7\xB9\x9B&�\x81\x86\x84{\xD167x\x9D\xCC\xFB\x84)\xD8J\xDBi�\xD8\xD06\xC0\xB9\xD3\xC1�jXɻ\xC1\xD6\xE4֗\xF0P\xE7\xD0=�"ؔ^\xA9-\xDD\xEB\xE2sU5\xC5g\xAF\xF5\xF0r\xF9\xAF\xF7\xD7\xFD\xCF�=\xB6\xC5�Ty\xBF.v\x84�\x8C\x9F\xCFc\xE3�\x92\x80�\x81\x85\x96�\xB6X8\xF7\xBF\x97"d\xE1\xC2���H\x835S}g\x82\xC5\xF0\xEE\xB18\xA8Zݹv�\xE9\xD9j\xC8\xC6\xC2>\xB7\xBB\xFA\xA9Z�\xCE\xEA\xD8\xC0,\xDEd\xE8\xA3\xDF�\x84\x9B\x9DcE6\xA0\xE1Z\x81\xA7\x84\xE0\xA8s\xF5\x8AeE\xF0E�~D\xA1\x8F\xB1\x8Eؕȸ;\xE6F\x82\xF7�\xEF\xA6{\xEC�4-A\xBD\xC2\xC5�۷:�i\\xA6�\xFBf\xB1$\xF8\xD78�\xE0��FerP�p\x9DA�\xF1\x8AT�\xD4+<�\xB1M:�\xB0W\xA3\xD8+?\xF2\xEC \x9Dv5�hL\x83\xFB\x9D�\xF0\xCA�\x8Cz\x8At��\xD2\xEE�wPD��h\x97x:\xFA\xF6P\xD27\xCB]\xD51\x94\xFAn\xC4�s\xC8A\x85\xFA.#4\x87\xC4\xE8\xD8\xF0 \xF6@�\xD4\xDD]N�^�\x9F\xDE\xEF \xEB\xB7�\x9E\xE2�\xB7\x9DC�\xB5\xBB�4\xCD\xC3 פ~�(�\xC5+w\xC6�\x98\x89_\xB4�L\xB7_?\xAA\�\xEAV.\xC5�\xDD�3 \xDCW-\x95Y\xB4\xA3�\xE5\xFF\x8Ff�\xF3\xACY\xE0Հ\xC5Ӛe� 8\xDE\xD9\xE2\x94bE\xE8\xC9\xCD�\xE3\xFCV\xB5\x92\xF8\xD3C=y\xCA f\x92\x81cL\xE3:�\xBB\xAC:\xC3_\xF0\x8EPc)\xDD\xFFӿ\x95?\xFC!\x81\xB2\x99tN\x9C\x96\x9Cr\x80$0\xE5\xFF\x8C@�\xAD\x81A\xE2g\xC4�\xEB\xFF�\xBDk\xC9lendstream
-endobj
-1692 0 obj <<
-/Type /Page
-/Contents 1693 0 R
-/Resources 1691 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1684 0 R
-/Annots [ 1695 0 R 1696 0 R 1697 0 R 1698 0 R 1699 0 R 1700 0 R ]
->> endobj
-1695 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [154.2681 743.8714 203.5396 755.9311]
-/Subtype /Link
-/A << /S /GoTo /D (notify) >>
->> endobj
-1696 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [180.4479 170.0583 244.1386 179.4877]
-/Subtype /Link
-/A << /S /GoTo /D (statsfile) >>
->> endobj
-1697 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [265.4578 124.1537 326.6578 136.2134]
-/Subtype /Link
-/A << /S /GoTo /D (server_statement_definition_and_usage) >>
->> endobj
-1698 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [367.5441 124.1537 416.2908 136.2134]
-/Subtype /Link
-/A << /S /GoTo /D (incremental_zone_transfers) >>
->> endobj
-1699 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [280.9692 92.8345 342.1692 104.8941]
-/Subtype /Link
-/A << /S /GoTo /D (server_statement_definition_and_usage) >>
->> endobj
-1700 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [277.6219 61.5153 338.8219 73.5749]
-/Subtype /Link
-/A << /S /GoTo /D (server_statement_definition_and_usage) >>
->> endobj
-1694 0 obj <<
-/D [1692 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1691 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F62 1361 0 R /F39 1161 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1704 0 obj <<
-/Length 3924
-/Filter /FlateDecode
->>
-stream
-xÚZKs\xE36�\xBE\xFBW\xF8\xA8\xA9�1�\xC0\xE7Ñ™\xF1$\xDE\xDA8Ù±S\x9B\xAA$�Z\x82,\x96)R!)+\xDE_\xBF\xFD�HJ\x947[\xBB\xF6\x81`���\x8D\xEE\xAF�\x90\xBA�\xE1_]gq�\x9A<\xBAN\xF3(\x88C�_\xAFvW\xE1\xF53\xF4}w\xA5d\xCC\xD2
-Z\x8EG}\xFBx\xF5\xCD�\x93^\xE7A\x9E\xE8\xE4\xFAq3\x9A+�\xC2,S×\xEB_�\x9F\xBE\xBF\xF9\xE9\xF1\xF6뇥\x8E\xC3E�|X\xC6I\xB8\xF8\xF6\xEE\xFE3Sr~|\xFA\xF1\xFE\xCB\xDDw?\xBD\xF9\x90F\x8BÇ»�\xEF\x99\xFC\xF5\xF6\xCB\xED\xD7\xDB\xFBO\xB7�\x96*\x8B�|\xAFe\x86��|\xB9\xFB\xFB-\xB7\xBE\xFBz\xF3\xC3�7_?\xFC\xFE\xF8\xB7\xAB\xDBG\xBF\x97\xF1~Uhp#\\xFD\xFA{x\xBD\x86m\xFF\xED*�L\x9E\xC5\xD7Gx �\x95\xE7\xFAzw�\xC5&\x88#c�\xA5\xBAz\xB8\xFA\x87\x9Fp\xD4K\x9F\xCE\xC9/\x8A\xB3 \xD6Qr\xBD\x84\xC1Y�\xE9y)\x87A�\x83Ô–i��\x89N\x8D\x97\xB2VsRv\xA3P\xCA}k\x8B~\xB9j?\xA8l\xB1,\xBAe\xB7/V\xF6t\xEF*N\x83,\x8B\x93\xEB\xF1�gl\xF8Q3|\xE8��*\xD1A\x96$\xF9\x94\x91\xC7m\xD9\xC1�Dj\xD1\xEC\xFB\xB2\xA9\xB9},\x84x\xE8\xEC�[ᢔ.Q�he\xFC\xE8�~\xEE\x8A�+\x94\xAD\xE5o:Û¾\xDAV\x88\xB4W\xD85\xBF\xAE\x8A\xB6-\x8Bg\xF9\x82\xFB\xFAC+\x8B\xFC�\xC6\xE1oZG(\x91o\xBE\xA8h\xB4
-\xA3\xA3\xC0\x84a�\x9BG\xFEk�2\x91x�\xE4\x99r�Z�0���jld \xAE�\xEB)\xE1k[\xB4\xC5j\x89�]/M\x96�a\x9A\x81\x8CU\x90DZ棳-
-'Md\x9Fi\xBAèŠeÒ±x\xE3� �\xBA
-~\xE5\xF3\xA5f\xD3rO_<1\x81\x97\x84i\xD14>�-3,T\xE8\xDB�\xAB\xB2*\x{38973EB}\xA6X\x97\xF53\xCF\xD0l\x98\xF8\xAF\xA6\x96\xEE\xDF\xC2PWV\x96\xA6\xC3DV\xF8\xF1\xF3\xFD\xDD/\xC2\xEE[\xD7\xDB�m1t{c\xE3\xEF\xB7|>\xB0�\xCBg\xC2o϶\xB6-0A\xBA�\xF3\xCC at .\xE4y\xFF\xC8O\xDA�<?\xFF\xF8\xC0\x8D]\xB1ږ\xB5��0a\xB6\xB8\x93\xE1N\x85\x92E\xFE\x91\x9FOM\xBF\xE5\x96p \xADK\xE7\xAF\xD2 at gy\xF6\x9F\xCEߜ��\x9F?\x9Cj\x96\xEA\xD1\xF9\xBB\xED\xAC\xDD~\xBE\x91-ė\xD8H\xE3\xC0\xA4*\xFF\xAB\\xB4s;A-\x8C\xFE\xBF\xFB \xB5\x8D\xB4 \x92�\xA6\x9E\xE8mm\x8F�\x9CE\xC7p[\xF8\xE3ŗ
-\xF4\xD6u\xACVv�'\xFDQ^I&\xD0`e\x87\x86\xC7 h\x97\xF2Q\xF9\7<\xE1:8Cp\x81\xC9$\x85
-\x87*y�KÇ£.c\xA9�\x85�+\xD6\xEB�Y*\xAA\xE5\xA6mv\xCB\xE2\xD0o�\xF7']+\xD0\xC73\x98\xD5Y�\x84:\xD4\xEFs\xE8GÍ°8>�\x9D\xEB \xC4\xDE \x8F\x8F[Û\xFC\x80w\x91_\xC7/\xAB\xA6f`l*$��3\xF6<\xD9m\xF1Z\xA2E\xD1G�~\xA2\xC5\xD1�\xF6Ø´��\xE5\xAB\xE5SW�,�\xA3��[\xB4\x83\xE0H\x87\x8B\xE3\xD6\xD6\xD8R0M��N@\x82��\xE0�5\x83G\x95\xAB-7\x81�+�xArϺ\xE8�\x90q\x94�2\xFA\xF1\xEC\xE1b\xD3TUs\xF4\xB3\xBA\xBF\xF9\xE1Ö\xBB\x9E\xC2�\xAB\xE6g�\x81'�`X\xD6]\xE0G\xE5 ̘�\xFD\x93\xE67J�Z`\x8B\xC4�\xCF^Ä«\xD4H\xBC@\xF7Z\x8E/\x9D\xEDetö�ec\x{1D8181}6\xA1�kz�q\x9C�\x9CV\xA8\xCE\xEA\xD1K\xF1y\xC1\xA4k\xBB)�UÏž\x84\xD6FË¡�3\x86B~cJ)\xEC=Y��\x8F\xEE�\xE4\xCAg�Ö‹\x9D\xF4�\xC4'\xA9\�:=qI#] \xD0\xCA\xE9xX\x9E\xC8c\xC1Dq�(\xE4\xA6FO\xF1|\xF0�bY\x93\xD7\xF1\xB6�$\xD6�\xDC\xD3Ç“\x9E\xB1B`\x87\xACH߬�\x80 ��D\x8F�\xBC\xE2\xBEzc\xFA\xB1\xACd\x82';\xE7\x90È¡U\xC4a\x9Es�\x92g�\x95\xB0�\xCC\xFDN\x818\xC8�\xE9\xA0"�y@\xC7\xD4V\xA8�E\xD1Io-\x93\x8F\xBFÏ„a �d\x80�\x8B\xE2\x98��кf'\xBD]\xD9�
-Q8\xFE\x8C �y\xED\xE64\xFDP\xAFmW\xB6\xC5Se?\xA2S4\x8B\xEE\x80\xD6�\xA8\xC1!�@ ��Rh��\xD3\xD0\xC1Sk<\xBE\x95meL\xC3�\x96\x83�\xEEo\xF9\xB3U�۔Y\xE9$xN�\x85��&�\x99\xA2\x94I\xF9\xDC�~\x84\x8B\x99
-u�a\x84N�\xA1&�\xF8\xFD7\xA6=I�\xA8��b\xE2��\xB4]\xB3.\xF1|\xAD\xBC?\xBD\xF1\x80�B"�r\xEFz@\xAAÄÌ°/\xDA�\xE0
-\xA3\x8A$Y\xDCT]\x83\xDA \xC1S\xF1ڔ��%\xEE��\xD4H\xC6��4\xBCo\x9Av>\xF8!�gz\xAAܙrJ�=\xA2\xAF@\xEB\xF6\x96\xD8�\xE2a\xCFO�\xEEf�C�0\x89b\xE0\x94=?\x99)�\xB0o\xBA\xAE�5`\xB2\xFDso\xEBN\xBA\xE8\xA8\xCE\xD8\xD0�\xA6g\x8E\xC1Y.�T\xD7T\xAFboG\x8E\xE8\xB0\xD5�*\xF1\xE5d�Dz\xB3\xDE\xF4\xE8\xB9g�x-\xF9\xACb \xFA\xC7\xCE\xFF\xD4\xEC\xC5\xD8\xE7\xF0\xFA�*�$`\xB0\xB7b\xB7'}\xD7!\xD8\xC5�\xA9�\xA2"v
-*b\xB3\xE8^:nm\x9A�\x98�0\xB5\xE6\xE7�\xBF\xF0S4\xBBq
-\x81sm\xDCRÛ¦\xEB�\xDB\xC7a\x836&H\xB3<�\xDC\xDE4M L�\xABf7\x83\xF3Y�$\x89q1\xA6pN\x8A\x8B\xAB\x904p\xDDs^\x90\xF7\x83�'�\xB04�\x8FA\xDA�\x9F@\x9B�,\xA3\x8B\xC9�n: Ã…
-\xF9\xB9+\xCAʳ^\xDB~\x86ue�\xA4\xFCI6\x8A
-\x89\xBD\x80�mWT�I;t\x9B\xA0#�\xAD\xE9\x980Ý•�Ñ\xDC\xC8�\xBC\xBFpq�\xEC\xEF\xF0M\xAC\xEAT\xF4�\xDCj\xEA\xBC\xEA\x84�N\x9C�i�i\xFAI\xB0:\xB77\x98+�\x8EElQE\xAC\xC0\xF0<Q`\xA0�\xA6\xC2\xF3h\xAB
-\xC5 1�* \x92^\xEA\xE6X�;�\xE4��\\xC5\xE1�qB�\xA0\xBE\xC94�\x86\xE1\xA5nzn\x94\xFE�\xE9�+�����\xF6��\xB6\xEF�\x9Ah\xD3n#'^\x9C\x82�\x9D\xE8!\x88щ\xF1\xE1\xCA$�Nu`2퓃fN�\xA2 2\xDAX\x86\xAC\xCB�\xBDN\xC7��\xD6\xC1\xECC\x9C\x89t�gCټ�k\x99\xE6\xF1
-9\xACɅ�u\x8C\xAE\x9A\x8D�;&X��\x82\xA2 \xB9���\xA4׉�\xC4\xE0`X\xB0f\x88W\xCA\xDE%#�$I\xCE\xE1\xFC\xF5�\xF6\xB8pۘQ<�/C<h\x90\x8B\xDE֤)\xF8Flc\xE3\xD0\xF9~|Ncm\xC0%\xBB\xE4\xBDc\x97\xF8I\xF4\xA21{Q\xA4\xF2\x87f�x\xF8\xAF\xCC⵴\xC7Q\x88;R\x81\x9B��\xF3}\x8F;\xD41\x83\xBAN8p%\xC2\xD6\xEE|׹N\xA80
-Rc\xDEW
-\xCC:=\xBE�K\xD4w\x99\xBD G*�\xEE\xED\xAAܼ\x89\xBAά�M�\xA6\xAD]�ÚŽ�>\x98dv\xD18�R8\xF7\xA9\xDD\xC2\xE0UA\xC2\xC6%\xF9Ô\xE6\x95l$\x80!\xBD\xF4r�;\xCAPxi:Õ \xC1z\xC6 l\xD5<�E\xFCa\xD1\xD6�+\xC0\xCB�Яx\xB6s\xBA\xF4\xF0\x9E0\xA2,\xC8T\xE2�\x82\xF9t��]}\xE10T�\xA8D9t,V�LV��\xEB\xB1\xC1F\xCE�\xA1\xC1�\x8B\xB4\x84Ö£\x9E\xC9j\xBD�\xAA\xDDtl\x96\x91\x98%\xE81[&\xE7�I�\xE4\xA7u.6W\x93\xA0äš—\xC3�M(\x86(
-\xD5�\xA9\xAC.\xD8\xE2\x80�;q$\xA74@Æ°�\x89\x9C"%\xCE|\xB1\xCA�\x98\x98\x98\\x8A\x8F\xD8U\xCA\xEC\x87N$\x80D\xFF!\xC5\xCC>7B&\x86\xE48\xE1(\x85\xE7\x9F�\xEBæ¬C�Q4\x8A\x92\xEC\xB8�\xE2!\xE8<\x92v9\xCDd�
-~=ɃF\xB5\x91\xC2\xD7J\xBA\x83\xBD\x9Cؒ\x9Ba\xBFSs9QE�\x8FJ\xA2r?\xF5R\x98B\xC3{\xB5\xB4!�\xC0\xE1\xA18>>n\xA0�\xF2\x95\xCCi\\x8D�\xFDW'\xEB9\x87\xF6d!o\xF7\xBEOx\xDA\xDB?\xB9E\xFB\xC6�\xEB\xB7�w\xB3 =B7\x82\xA2\xC9�\xBB\x8D�G\xD1�\xBEy$\xC7�D!G\xE6'F-\x87\xFD\xB1\xF0!��y\xD3�۶E\xC5E;\xA3\xB9\xFC\x8C\xBD\xAC,nX\xD3Ȳ>\x93\xC1�R\x98\xF1\xD8i\xEF\x86g\xA4\xECnF\x91$\xA54\xE0\xCA(v\xE0\xE6^|J\xDD\xF3;\xCD\xE2\xBC&6\\xDE�M<�T\xFD(]<\x94\xF5ʞ\x8Ct�\xA7E\xA35\xCB#\xC1�c,� \x8Ce\xC1�\x889\xACt\x8E*�\x89\xF1`yrD>\xFDKb\xE1 �2�l3L�\x87&&R�g!\xA1\xA0\xBC�[$}x\x8E"/&L9\x8E\xA6��\x89p\xE3�S\x8D\xD2A\x96C\xFB]P5\x97 at u鿟\xECwK\xA1`\x9C\xC1&\xC8\xDC E\xC8\xCDq�\x8A\xB9\xA4\xC1��\x92΂j\x9F\x89\x92\xB0#\xF3E
-\x97|t\xFB\x86\x9DJ&yW\xEE\xB2x\xA0\xF8Z�Ium�\xF0\xF5\xF6\xCB\xCF�\xB7\x9F�\xA6�~\xB8uiY&v�\xE7\xE2�簬~\x9B\xA4jp�;\x81\x99\x8E�
-\x9B�\xD9�Y\xA1\x97\xFDY\xFDW�v�\xFF8�hK\x91VӞ \x9EO3�C\xA9GXZ�N^\xAC�\xEB�\x83}h\xBC[��\x8F\xBA\�\xF6\xA38\xB1\xE8W\xDB\xE5\xAE\xD8\xEF\xEDz\x89�
-p\xC1\x99\xF2\xA4\xD2�\x86A\x92E\xF9\xFB|\xF8Q3\x8CL\xB3\x91�\xB2D�k&\x9C\xDCmf\x8A\x8B�%\xC4\xFE\xCAj\xBE\xB4�\xA1 at n\xF48\xE5\xE4@\x87\C\xC6^�\x9Ew?\xBDF\xB2O$\xE4HHd\xC88\x91C\x82K\x90r�\x8F\x9B\xE8\x8Dig\xC3G\x83\xAA\x92\xF3h\xD0>\xAD!\x9D�rW6&@;\xA7\xE4\xA1s(�E\xC9�\xB3.\x94\xAC\xC6�\\xB8�_Rp|̇\xF2\xCET\x86\x8B\x87L.(c*Z\xB2Þ�+\xD6\xD7\xDC�\xE5\xB1i_x8k;g\xE6\xD8S\xF0\xE3Ŷ\xB5\xAD\x9CÝ–<ZÊŒ\xB1/\xF3\xD1\xD2�+�E/\xFC\xE7r\x87&L8 \x88\xE5\xCEVhx\xC3�È\x9F~r\x90]\xD7\?\xA1�"W�#\x84\xFC��\xE6$\x88\xDCD�Ns#\xD9F.\x8E\x8F�8\xF9B.n\x98\xDAL<\x88�5\xC1V׬^0\x8D\xE9\xF9Uj\xA9\x86r>R\xAB9\xDC�Έ\xEAnQ�\xBB\xE0-\xCCx\xD3knO\xB4Ê„^\xF5\xB0�\xB5J>\xC1\x88\xEE\xB9\xE6\x8F\xF2\xC5�\xF8!\xDF�\xE6NN!c+>7EYq\x9F\xA3Ðœ\xC2\xC6\xF7\xCDѾ\xBA\xBB\xD3�g\x92\xA7A���b\xA3�^\xCF:
-7nZ\x86\xA0p�\xD1�+j^\xDF]h7BaW/\xEBA\xA5(\xCCQJa\x98kT\x88Ù¨ \xB3\xAB\xB8
-!\xA4\x9Bj\xEEV
-2\x80Ush!/\xB9|\xAB\xA6\xF2�Bwm\xDEG\xD4\xF1\xA8ˈ\xEAG\xF9\xCA{o\xE5�
-\xF0�\xA1\xF3\xF25:\xFF\x8DB�D\x89I\xDEgÄ\x9A\xE1d\xFA���D�@\xEF\x84�\x81 \xA3�)�\xBED\xD1F\xB9��(\xC5+h
-\xC7&\xF8*uthɅ3\xB4r\xFE\xC6\xCD�AӾ\xE4\xEB�\xFC\x80\xBD\xB5\xD1.f:Aq\x9D\xE6A\x94'�ǗK[\xE3j\xCBM\x89\x82r\xBF�0:\xC8\xF3\xD8L� �8W\xD0J\x82\xCC\xF8\xBBl\xBF;\xBC𓧔\xEB#
-\x89O\xEEm\xE4暮�w;\xB9Ȉ��߸G� \xDD\xF5L⛃hT\xF2\xA0\xB9�~nm\xB5?Y\x8D\xC0\xA6�\xD8�_\x8ED�\xBCsW\x87 O)�9\x85<tMa¥\xFD0\x95@��\xCF\xE5+C)\xB4ݰt
-3\xDCI<\xC2\xF3\xF3\xFD�\x8FYU%x�\xE9=\xD4�\xBB/\xE8\xC0\x9C\x96�v\xF0\xC27\x978d�\xB22Nf\xE4\xBDNֿ#\xF3\xB5}0\x87\x81\x82w\xB1\\xDF\xC5..\x8E\xB5\xAF\x98\xEEv\xAE\xA0�D\xC7�\xB6\x8B'\x8A\x95(U\xA3/-\x86IE\xEBa"Q \xC3�\xF6\xCAU\xA2_\xEC\�\x8D\x8A\xC0N\x92w�=r�<d\xB4\xC49Fj,b(\xFF;\x82ˆ�\x9Aq�h\xA5O~h0\x862\xBE�\x8A]\xB5`|\xDB0\x8A\xBE\xFDe\xC3L\xB5\xC9dA\x9A\xA5\xCED\xB0t6gGX\x92J]\xA9\xB3\xC3\xDF\xCB\xECDK�eee\xBC*k)C\x99D(\xCFU\xF3ĕ\x90ӵ\xA3�\xC2�_\xE9\xFA\xEB\x82I\xE3 WQ>1\xEB`\xF8I\x911I>\x89qfc\xC6�/�\xD4�3\xA2\xC2p2� F&\x83
-6�n\x93\xEE�\xBE\x8F2Fq| \xEF\xE2v\x8D��\xA1\xCC80\xB0\x91(5\xD1%\xE1Ì°�\xC1)E:\x9A\xB2\xCB\xD7\xE4\xC8Ù†\x9F\x9E\xFF!l섲n\xAC\xB0Ϧ\x87H^\xAF\xAA\xC3Ú•�c\x90\xA9\xCE\xD3\xD3_�<<\xDC~\xC2+\xB4t\x81QG\xD1�~\xE2\xFE vwQ6t�|\xBB\x97\xD2\xD5�\xB7\xCEnCh\x9CÏž\xE0em+\xCBW\x95\xF02�Jx\x93Û¾t\xB2�\xC4f\xAD\x9DW\x83N';FD\x9C~\xBF\xAF\xCE.\xFA\xD4䢯p\xF7\xE6\xE3\x99OK\x9E>\xAF�\xAA^\xA7\x97\xE1\xA73Ì…\xE0�\xD43\xCD\xFD\x8F\x93\x9EZ[\xBC,\xD75\xE0\xF6j\xCE�T\x90\xFA��\xCF]sUP-\xE8��FÄ\xAD3q#q\xF43�3\x88��\xC1�7H\x96"$�`6\xA8]\xCA�\xEC\xA91Í\xF2lq#\xD4\xEE\xF0\xFCléš™\xAF#T�k}\xE2\xB9\xF9V\xDA\xFD\xA8Q\x8A8T \x88\xFC-\x8A�\xAEK\xFC at u\xA2\xBF\xF4)\x9D�t��\x95��\x99\xEAɺb\xF8x-\xAF\xBA@\x94`\xB3oVM%\xF5 Yq�\xA6\xE9\x9A�\xA4\xB3\xEA\xE7t\x87$\x87\x8E0\xB8\xF4+[��\xF8\xD3Ø™�.\xF4�\xE5\xFE�\xEE\xF0\xF3d\xC0W\x93ez>�4!\xC4�h\xCC\xC2�\xEE 1\xA7\x9C\xC7\xE0�\xE2L\xA73\xAC\xFF�\xD8M\xC9\xDCendstream
-endobj
-1703 0 obj <<
-/Type /Page
-/Contents 1704 0 R
-/Resources 1702 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1684 0 R
->> endobj
-1705 0 obj <<
-/D [1703 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1702 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F14 964 0 R /F48 1238 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1708 0 obj <<
-/Length 3746
-/Filter /FlateDecode
->>
-stream
-xÚ�]s\xE3\xB6\xF1Ý¿\xC2o\x95gN����\xF1\xE8\xDC\xF9Rg�\xE7j;mf\x92<\xD0�e\xB1G\x91\x8EH\xD9\xE7\xFC\xFA\xEEb��IAr\xAE\xE9y\xE6�,\x96\xC0b\xB1߀8\x8F\xE1O\x9C\xEB4J\xAD\xB4\xE7\xC6&\x91\x8E\x85>_l\xCE\xE2\xF3G�\xFB\xEEL0\xCE\xDC#͇X\xDFÞŸ}\xF3Q\x99s�\xD9T\xA6\xE7\xF7\xAB\xC1\Y�g\x998\xBF_\xFE2K#�]\xC0�\xF1\xEC\xFD\x8F7�\xAF\xBF\xFB\xE9\xF6\xF2\xC2$\xB3\xFB\xEB�o.\xE6Rdz\x8F\xD7\xFF\xB8\xA2\xD6w\xB7\x97?\xFCpy{1�\x99�\xB3\xF7\xBF\xFCtuKC)\xCF\xF1\xED\xF5\xCD�\x82X\xFA92\xE9\xED\xD5Ç«Û«\x9B\xF7W�\xBF\xDDvu\xDF\xEFe\xB8_�+\xDC\xC8\xEFg\xBF\xFC�\x9F/a\xDBߟő\xB2\x99>\x81N� k\xE5\xF9\xE6,\xD1*Ò‰R�R\x9DÝ\xFD\xB3\x9Fp0\xEA>
-\xF2OÄ‘T\xA9�0P\xCA��3�ik\xF5\xB9\xD16J\x95T\x8E\x81\xF7\xEB\xB2\xC5M\xA5\xB3M\xB1X\xE7u\xD9n\xB0\xABg\x8B\xBC&x\xB1\xDD^\x88l\xD6\xD4E\xB3k\xABW�.\xF2][�bÓ\x8B-A\xDBb\xFB\ly\xBE\xAE\xA1\xF1\xBA\xE9�\xF0X>�Ôº\x844\xE8\xA6.�\x8D\xFB]\x8E\xBE\x84\xDFuQ\xF2Ì‹\xAA,\xEA\xEEB\xCCZ8*%\xB3\xD9%\xB2�\xF6?�"\xB2ZK\xB7�\x9Em\xB7m\xCB\xFA�>\x94 \x93Dí—²[S\xEB\xA1\xF1\xAD\xEBO\xCF)\xB6\xF4,\xAF\x97=(\xA1V]t/\xCD\xF63u�M]�\x8B\xAEl\xEA\x96 \xDD:\xEF\xA8\xF5\xFB\xAEØ–�\x83�\xDFp\xBE]\xB7n\xB6%�\x9D\x83\xD0Í°A�\x80A&+\xB0\x87�\xD3�b\xD6\xF1\xD9\xC4㳉g\xCFeN
-&�Z/eUQë¡ \xDFeQ\x97Å’Úž\xE1q\x88\xE1\xF1\xACx.jj\x95+\xFE\xEDx\x88�O@\x86
-HD\xF6E\xFD6l\xA4\xB2\x91\\xA9D�iW\x89\x98yp\xFE\xF4T9\xFA\xB0\x83'\x8E\x83\x9Egy\xE78\xE5\xF0�\xFF\xA5\xA8\x80\x81\xD5�X7\xF5\xFC\xE0�1\xDD$jw\xA6Ad\xDC7~Gئ\x9D�N\x81�k\xB5?eh\xB9\xED[/\xD0�N\xBA\xAA\x9A�\xC7b\xAB\x87\xB2\xD7\xD4�"�\x82ơ
-��\xFC\xA2Z\xD44!�\x93
-\xE9\x85\xFB«\x9D\xA3\x8B�\xBD\x84�\x89\xA3Í\x91d
-\x8C��\xA3t5|\xC2\xEBb񙚫f\xCB\xF2��\x96\xE0A\xDF5�$D�O=\xA0�R�\xC39A \xC3o�\xE0\x8E� 1\xCB�B'\xD4�\xB8d\xB4\xC7jW�g\x8Fp\xEB\xF6\xD8\xE7||\xD3\xF5\xF7\x96
-?p\xE7ä\xA8\x804�L 0\xB3n_\x8A\xED\x90Q`�Z\xAF7{V\x9EV=��\xC0\x8Fe@\xB9\xA3��#"#Dz\x9EJ��\xF0�G<�!͇X\xE4�D\xC0\xA3\xF6X\xB8\xD7\xF2\xCB\xCA\xD14_m\x9B\xCD| ��:\xABb[Ô‹\xA2\x9DR#\xB4\x8Cb�_\x9E$\xA7\xC7
-\xD03tPB\x9B(\xD6:��\xF4o>\x94o>&\xD9 �P2�\x9F\xC7�\xE9\x95h\x9BL(E\x94Ø„Q\x9C}WÚ\xE6(\x9D\xF5\x9A\x83\xC0\xAA\xC9\xF1H�\x9C�\xA4.^\xA8\x8F\x82\xE2t�\xA1\xCDj\x84\xB4\xC9\xDB\xCEO\xF1�\xC8�
-��\x9B
-\xC1\x9D-E\xB0C@\xF1\x9A�\x99FY�\xB4\x8E\xC4\xEC\xD78\x96�N\xA1\xC0\xAB\xE2\xA4*�\xCAGK#9
-�y\xD0ß“�PG\x9EG�\xDBP\xE5\xCE&\xC2\xC8p\xF2\x87W\x821�ZѲ^\xD0R�Ð\xBC\xA2q\xDE�\xA0t[�w\x90�\x8C\x83\xDE\xF9m\xD1�y�D_4\x9B'\xAFe�3D|W\x99'\xDD�I\xCF\xC8� \xB0G{\xA2\xA9\x9EKP:�br2>K\x80,\xF2j\xB1\xAB\xF2\xCE\xC3 \xDA��\xF5\x89�v\xB6�c7%\x8A2:�\xA3\xC1O�GQxNo7\x98\xB8\xA0\x85\xA8\x9A\xC7G\xA7\xC0IB�+I\xD8B'Ú±\xF1o-�\xFF\xD3\xEC\xB65\xF2�;\xFEL\xB0\xDD\xEE�kBg\x93\xB5\x9F�b�\xF0\xA0\x8F�OA\xE6
-��<\xBF;\x9CM\xD9u\x9E�gR\xE1wÙ¼\xD4mG\xF4\xE7�^�E\xA2\xA5�\xF36\xB4\x97\xDC\xC7�S\x91@ \x89\x84\xF3��\x91�z\x86o\xD1P\xA2,\xA2ס\x88�z\x87\xB3\xF6\x82&�\x82\xD6r\xB7\xA1\xDF���\xF7\xB7\xA4��XT�\x90\xDE\xE5k\x9Do\xCA�\x8D\xE0d\xED;lg>\x84B\x85z\xEA\xC81\xA3Z0�\xE0\xEB��\xA5y\x88�/\xE5�cD�\xAB���\xFE\x92dB\xA3\xF8\xF2TÔ\xEB$$c \xEC7\x96;��\xF4\xFE\xD3O<CÍM\xB1i\xB6\xAFÔ†\x80\xB2\xDDm\x98\xAC\xC0:\x89\xB7.\x8E\xC1\xF3$�'ǘ\xA0f]\x89\x82\xDF+$\xB81�\xE0cZ'\xB5$\xAD\xC3F\xAFu\xD8iV\xF4\x9BÓ?^\xC9\xC1\x9EtJ]�]AnO\xED\xF5\xE4\xC2\xC7Y��\xAA\x81\xD5\xC3\xEF\xFAu\xC7j\xECÖ¬\x8Bw�$\xA7\xB1{zTX��\xC1\x99\x9B\xC0yQ\xD8ky�K��SP\xFE\xE1�2\xB6N\xF9Cň�\xFFXO\x83E\x84\x87\xB2&7\xBC\xFFp?##\xC2�+Æ¡\x94��\xCC[\xDB\xF3\xAF\xB7m\xB8\xD1T\xEC1\xFB\xD5\xFA\xB0
-\xDA\xC7\xF6T�\xD3`\xAD+6O\xCD6ߖ}��ʵp\xF6\x8F\xF2��\xAF\xE1'k&w\x98O\xF8C\xE5L\xE1\x80\xD7�\x87C\x89ث�Æ\x89\x9A\xBF�0L\x9C2\xA4\xEF�z\xF7^\xB9j\x91N�\xF1\xD9bQ<um`A\xAD#
-I \xC1Jq8\xB1R\x90#\xA7\xE9\xC0\xDD�N�\x84g\xD2d\x8CC\xEE1�7\xA4\x91\x8C\x95Ç¢\xF8\xDF\xF8\x88\xDB@\x84\xE6\x8EÛ²�B�Y\x97\x96:�\xE4S�\xB7_Ö¥\xB3\xEB\xD6P\xCE�\xDA��"�I\x9BNÂ\xAFf\xAC\x892\xE3�"\xFA>�,j\x94\xFC\xE5$8\xCDI\xEE&\xF4d�}\x89\xFE\x84\x8E\xF3[FV\xA6~\xC1f�b\xB7\x88\xB2T'o\xB1[GFa\x8D\xC3a9\xF3=�\x8E\xDB'L\xBB\x9F\xD1� !\xD0�*�\xD1\xF1$)m\x88=\xBC\xEBW\x9F�\xAF\xF2]\xD5�\x8D\xA2�\x8CL\xB56\xA7\xA3\xE8!\xD6\xF1(\xBA\xC7rL\x83U\xCB\xF9\x9Eu\xA3\xA0YhÒ€\x93\xAB\xF7X\x81\xE5GA\xB3\x8C#%\x95�\xAF\xCFe�\xB0<\xED\xBA\xD99�\x90J��\x849k�\x8D\x97\xB5\xCB \xF5\xDA\xEC�g\xED"F�\xB9=<U\xBE\xE7\xF6\xD2�� P\xEA*�\xF8\xC3f\xAF7t\xA97\xED�Y.\xF9�Û‚i\xA2\xFEÊ™\xBF\xD4e\xFF.*VYdd"\xC6Z05NH\xB9\xC1\xC0{\xB1�c\xED\xCAAVÌ®W\x81���\x85:MN\xA6�\xC2DVI\xC38\xEFB\xD6'R\xA2\x9F�ÂŒb�\xB6=FK/\xC2\\x8C�2)\xF56\x98_<R\x83Yn\xBC=1\xAElV\xE6\xFE\x83\xDD\xE6\xC1\xF1�\xDA\xCD�q\x9Fm`Û/N�|\xF5hy\xCD\xE9�X\xCCX\x83\x99�E�/�W�\xEEO&`�S\xF3\xF6�\x93,\xF1�\\xEC\xB6\xFE8\xBC#Z\xE7-k\xE6\xFD\xBA�i_\xAF\xA7\x87'\x84yP�\xA9\x91_\xBC \x9D�o\x81P\x8E\xAA2\x98\xFE(\x8B\x8D=\xAD\xCAC\xAC\xE3\xAA\xDCc9�\xACAp�s2\xA0�\xBA�Ú—�a!
O/\xDFc�\xD6�벎2\xAD䘀\xAB\x9A\x83\x96L\xCE>\xDC\xDC\xDD]\xBD\xA7v\xBB{\x82X\xA0\xA3NY\x87\xCC/\x9Cm�[\xF9\xD6\xD9Ƒ\xB5\xCA\xF4�\x9E'q:\xFB\xA9f\xC9\xCA|t\x96yM\x9D�b
-\xEEY[\xF5\xD7\xD5�\xF6\xFB\xA6�fq\xEF\x98�\x8A5\xC7\xF1�U���V\xFC\xCB�/�\x8F\x81\xAAHfF\xCA�\xBC\xCD\xC8\xCA\xECy \xA2JL\x8E\xA8\xF35Ҝ \xBB\xB3>�9ʼn\xECMq\xC6¿ \xEAN\x8B\xF3 \xEB\x848{\xAC\x818?\xE7U\xB9\xCC]\xEE1�i\x95\x82_�\xFA4 =V\x80\x86\xD1v�\xE0r�\xFB��\xE1EZ)Ӌ4\xB6�T\xB9~X\xAAa\xE9\xF4O�\xCBT\xAA\xB5�\xB3\x9B\xA6+�Sb\xFCe\x8C�\xAC�\x8D\x9F̜\x9AH\xF7�S \x8B\xC4b\xB4\xDER\xB3c\xD0�\xEF\x91��&\xAC at x\xA1�\x99\xC4N\xE2\xBF#5\xAD�b\xD3t�\xE5Ɍ�\xBBD\x9FJ\xBE\xD2\xC5K�\xE5\x8A\xD7+�#%\x96Y\x98��\xC7Q"2\xF1\xB6%\x96\xBD�cܺ\xB7H0\xF3\xF0\xF8\xB0\xEF|�\xFC.\xCB\xD6E\x9F_GQ�Gi\x9Cx\x8A\xF2]�\xA2I\xAA\xC8\xE2M۟\xA1\x89\xB4_\x99(F\xB9�\xF9Fw+a\xAD�\x93a\x9E�\xEBc.m\xB7TW\x82\xD1\xDE�`\xA7\xDB^d\xB3]\xDB\xCD\xF3z\xB1v\xE5:@\Q\xC3W\xB1\xA0�\xB4\xD0�e\xC7
-Í¥5h\xD1Ò™+m \x83\x8C6\x8EA�"\xB1\xB16\xCC \x95&\x91L\xBF\xD2\xF0\xBA}18\xE8\x92 P�\xD1�\xE9a\x9A�\x8D\xF0\xBBg\x8F\xB2j\xF6\xB0\xEB�\x9CÓ\xE7��=[\xA0\xBD\xE9\xA1N#�\x92\xD7;\xC8>^\xA9\xB7hj\xAC\x85=\xEE(\xAAX�\x94\xEF\x99h\x85\x80\xD2j� \xDBG.\xDD��)\x96\xF3\xCF\xC5k\x88�i�Å©>\x99\xAD\xCC�H�!>\xB5cf \xA9\xF9㉉!\x9F\xD5}\xF6\xD2v\x90\x8Cci\xEB�\x86`Q\xA9\xC5ל\xE7Q\xF7!M�T�q\xDA}�\xB1\x8E\xBB\x8F�k`�)Y\x9F�_\x9E\xCA-Y\xDF\xF1\xB5 $\xD0&\xCBN\x93\xD1c�\xE8�m9�\xBE\xA4\xB1��r\xE9(@\xAB*f\x8E\x8C^rT<k\xCB\xC7:\xEFX\x9AZB\xA2\xC0�G\x9F!\xDE^\xBD\x92l\xC1\xC0\xDE�\x89ɇ\xE84\xB4\xF05b1\xD0%\xC2g876JS\xB0\xCF\xE3:\xCE\xDBÖ”\xC5\xE5\xAE\xE8\xBA\xC0\xFDo_\xBC\xA4\xBAN Õf\xD2\xFB\xA4\xA3\x9E#\x91\xCA;\xB9\xAAp\xC1S �\x80\xEC?;*�x\xDEUuÑ—\xD6\xF6\xA5'b\xE3S\x95\xFBbU\xD7\xE5\x8B\xCF\xEDq\xA9U�\x944IÞ\xDA�\xD6 \xA9\xF5XH ^пb
-6YØš(Õ™=\xBD\xB0G
-,<:\xCFXFi�\x96t\xB4\xF2\xDDS\xB1 a\xC3z{\x8C"È%\x94%\x9A�\x8E\xB7�\ \xB7\xFB\x84=\xE1\xEA
-º|\xCB\xD5\xFD\x98�9\x94\xC7a�)�o\x9F\x9C\xCA\xE2do\xAE\xB6\x9DK\xDC \xE4\xF7I\xF4\xD8\xCAfQ\x92\xF6U\x9E!#'�\xC3\xF2J\x{1C1B53}\ \x96�`\xDC�0b\xCE.�\x94D\xAB\xA9\xCF)\xD1�8\xDFB\xB2\xEF\x9F$tނz\x86\xE9!\xC3��\xA0e�\xC9\xF1\xC6Wp\xF7E\xA0~�\xAED\xB7\xFB
-g\xB3\x9A\xA0\x8C&ƺ\xEA#\xD6S�\\x81\xA4'S\xBD2\xF9� G
-�J\xBEe\xAFEf"cDvZ\xF2\x87X\xC7%\xBF\xC7r\x99:\xDE\xEE\xCFQ�\xDA#u\xA87�\xEF\xB1�\xAB�\xEAP\x93\xE5\xFD3�Û›0\xC5'\x860\xBA\xCDQl1�\xC2'\xD4m\xCBE\xC7#\xCE\xF8\xC2\xD0b\x9Do\xF3�߶\xC6��%\\x84\xC7F\xFBZw\xF9��u\x972\xF8Q\xB1\xED\xF2\x92\x97]6�j\xC3 q\x84\xA8\xA9\x87\xE5\xA7d\xEA\xFC\xF9\x82\xB7\xBFBm\xF9\xEE\xB4^~\xE3/i)\xC6\xEBokÛ§\xA6n=\xDE\xF8\x82�!\x83\xDBa\x95\xFA\xEB\xCE\xD4?6rO\xD12\xEFsÒ¡\xCFI!.\xA3wF\x8E\x80\x85J\xC0\x9E,\x{145D03}�E�\xBE`\x89(\xF6w\x999*\xBC\x91\xB3\x8F\xC10\xC8Ä‘\x86P\xE9O\x94Û…\xB4fR\xB55^\x99\xCC\xC0]"\xB4�\xF9\x9A,\x8Bd\xD2\xD7vVyY\x85�\xA5\x8E�+�\x89\x9C\x82\xB9äC6`\xAC1o×›\xAD\xEA]\xDC\xFF\x83\xF2\x97|[\x87\x93�\x99\xC8 \xE5n�z@Ò²\xF0A�\xA9\xAD\x96\xE3\xB4\xE4\xF0u\xC8\xF0\x92m`\xB7\xF6/Õ \xF3k\xAC\xE3`5HF���\x91\xB3e9
-\x99r\xF7\xDA\xD0�-\x98NL\x96��\xB3\xA3Ű(\xB4\xB7\x8F�U5\xDB\xE0Q\xD8H);
-g\xC1\xCFj�\xC65V\xD3�e�\x95\x8B]\x96QQ-Y\xF9R\xB4\x84\x80\xE6\xD1�Q�\xB6nڎ��G\xB8&\xAD@\x96ˊ@d
-x\x8A\xFD\xCB ��KN\xDC\xC6:\xF7\x9EÛ€w\xFB\xF1=\x81\xE1\x9C\xF8K_\xED\xE6!5ˤ\xE0Ey\xF2M\xB3,\x83�\xCC\xE4\xEEÆ®\x8A\xA6\x81\x86� ;oß½M\xAC\xFB43\x91\x91ª#'\xD0\xEE\xC1���C/�\x94\xF1W\xCD h^jg\xE6 \xE6M\xA3\xE1\xBBm\xF8\xBD|GC\xF4\x98 !du�\xF4\xC3\xCF�8|\x95\x95f\xC2\xDD\xD2 �WI\xF0\xC3=�\x8AÉ \x87�\xEE\xE8=\xC9\xE3+ \xB6\xDB\xD2hO�6=\x88\xB5V\xCFn?\xD0;]\xFC\xEF\x92@\xCE\xC1\xC3\xEF\xCD\xDD;j\xDC\xFDxÉ�~\xE6��"\x8E\xDD^h=\xFB�u�\xF7\xA32M\xB7N\xF8
-][\x9A�\xF7\x83\xEF�\xE9\xF9\xA7\xE1ǫoS��\x88O\xF7\xB7\xF4,\xE3\xF0\xA1� _\xD6E/\xA6\x89\xDE?.\xE1\x83\xC3&\xF2\x86Ze\xBD,1zY\x8E_\x94h*\x8B&\xFC\x961q\xEF\x84\xF6+\xE2\x955OP5\xCD\xE7\xDD�\xAF\xB0�\xE1z\xE5\xA2�ښ -\xA1�\x88\x84\xEF\xEE!\xFD˷\x92\xE3\xBB\xEB\x9B\xF9\xE5\x87�\xB7\xD1\xE5\xED\xA7�+\x9D\xA8\xD1\xEB\xB7t
-\xF2\xB7\x968t}s\x8Fv):\xF6�[\x81\xD3P\xC1\xE7hq\x9Fy\xFD\xE5\xD7\xD9\xFB\xA7\xEB\x89�\xA5̎\xD4@!Ʌl &a\xA2\xDC\xC3\xF5\xE40�\xE4g܇\xA4\xFF�=\xB5 2endstream
-endobj
-1707 0 obj <<
-/Type /Page
-/Contents 1708 0 R
-/Resources 1706 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1684 0 R
->> endobj
-1709 0 obj <<
-/D [1707 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1706 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1712 0 obj <<
-/Length 3292
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZAw\xE36�\xBE\xE7W\xF8\xB6\xCE{c\xAD(\x92�\xB5\xFB\xF6\x90\xA6\xC94m'3\x9Bd\xB7\xDDv{Pl9\xD6�Y\xF2X\xF2\xA4\xE9\xAF_\x80 %ʖ\x9D\xCEk�\x9B��\x81 ���\x90\xB2\x98\x84\xF0/&F�\xA1L\xD5$IU\xA0C\xA1'\xF3\xF5Y8y\x82\xB6\xB7g\x82efNh\xE6K}\xF5p\xF6\xD7k\x99L\xD2 \x8D\xA3x\xF2\xB0\xF4\xC62Ah\x8C\x98<,~\x9E^~s\xF1\xE1\xE1\xEA\xEE|�\xE9p��\xE73�\x87ӯnn\xBF&NJ\x8F\xCB\xF7\xB7\xD77o\xFFuwq\x9E\xA8\xE9\xC3\xCD\xFB[b\xDF]]_\xDD]\xDD^^\x9Dτ\xD1�\xFAG<‘�\xD77\xDF_�\xF5\xF6\xEE\xE2ݻ\x8B\xBB\xF3_�\xBE=\xBBz\xE8\xD6\xE2\xAFW\x84��\xF2\xE9\xEC\xE7_\xC2\xC9�\x96\xFD\xEDY�\xC8\xD4\xE8\xC93\xBC\x84\x81H\xD3h\xB2>SZ�ZI\xE98\xE5\xD9\xFD\xD9?\xBB�\xBDV\xDBu\xCC~J\x9B at G*\x9E\xCC4\xD8/9b\xE40�5�m\x96H0i�\xF7F\x8EĘ\x91\x9D��y\xBE\xCA\xE7�g\x8B\xDDf\xB6\xCD\xE7\xF5v\xD1\xEC/[\xC4i PK\xF0��:\xA9��"O�\x91\x80\xF1p=�%.Q\x89\xF3\x99L\xCCt\x9D5m\xBE%\xFA\xB7\xBA\xCA�"\x97\xB5\xE5\xA5\xD3\xED\xB90S\xD4�\x9F�nmWYKTF\xED̦\x97\xAC\xCD�\xDC\xCA\xF2\x8Bb\x89-˜�*\xEE\xFC\xF8Bϯo\xEF\xEF\xAF.i\xBE\xC7s1ݵD\xBB\xC1\xC1B\x93Y��I�8F\x88 \xD5:\xB2�i\xF2uV\xB5\xC5<+K�+\x8A\xF44\xFF\xB4\xCBJ$\xE3iQ�kSf\x8E\x84\x99�j|X\xE5\xC4Z\xE4\xCBlW\xB6\xF4R4\xD4\xDA\xD68\xE9\x9E?#a\x8281\xE0 \x9C\xFA9\xDBV,\xE4�<\x92A\xA4\x80$!\x98L\x86\xD1\xF4}\xBBB�[e\xEA\xA6)�K\x9E\xFCsV\xEEr\x9E\xD3[\xED\xDE\xC4�&�e\xA2x\xD0eV\x94#3\x8B$Hd\x9C\xB0PV-\xC6F�\xD4�\xE1d\x8A\xA7\xAA\xDE\xE6c\x8BH�)Ӥ[\xC4\xFE\xCEd\xFC\xC7i�H�\xAAӛė:\xBEI:\xA9~\x93\xAC=\xD8�\x91\x81\x8D\x9DD\xA7g\xEE\xA4F\xA6��LJ\x82\xD4`n\xDE�\x91\x96\xD3\xE7UΎ\x83\x97\xD6��\x88w?\xD2s\xB83\x88\x97m6y\xB6m\xB8G\xED�.\xBB\x81\x98\x9D\xD1\xE3\xE6�\xBF.�$\xD84\x88�\x912D\xA1\xA9\x87(\xBC�\xFD\xE8\x87\xFE\x95:�\xD2�"\xDF\xEF\xC0h\xE2a�f#\x8C�\xAE�\xA4Q\xDA\xED5J��r!hw\xC8�\xFA8r\xC1\xBBJA\xA8}
-\xB8\xA9\x89\xD4k\xC0\x95:\x91�pu�ĩ\x92\xAF ד:�\'\xD5�\xF7\xB9(�\xF3l\xBB8\x80/\xE4\x94DAR99'5\xA2\xC0\xC0l:
-\x92Ș\xA1��+��\xA9\xA6\xF5\xA6-\xEA\x8Ah\xC7\xDB59\xC4\xD7�\xBDX \xC2sΈ�҆}$\xAA\xBA\x9AA^X�\x95\x8D\xA6\xC0\xE1EQ�\xB0qM1By\\x9Aty\xAA\xFF\x8C\xF0\xA5 at q�\x99!\xBC\xBA\xB11�2\xCCᙕ뺱\xD1Y!
�
-\xCA?g/
-\xBF:�z\xF0\xEE\xE1X.I�׬,\xF8v.[!\xDF.�\x9E\xBBj\x91o\x9B�qG\xFC��\xF8+&\xCE:k竢zr\xAA=\xD5ۢ]\xADi\x82\xFF\x86:\xBC\xBB\xBE\xB4K�\x87i
-\xCA��\xCD�\xCC���\xFBH\x86!\xF8�VDn\xC2׌\xD3\xE4\xBCť\xA5i\x9F\x9D\xA1\xD1f\xE7n\x84\x9C�\xFA\xD0 /\xA8\xC1Xޒ \xE4-��^\xF2fl�\xAA �\xE4r�\xEAJC:E\xAD\xB1\xE0\xDDa�H*�\xA0m\xCF\xD7\xD04\xC0
-\xF9<B\x90
-m\x86\x86!\xA3C�)\x9AfÇ‘%\xA3�\xC6.0\xF5\xD1=\xACa�\x8A8IO\xEFa_\xEA\xF8�\xEE\xA4\xFA=\Tm\xFE�\xDE}9\xDC\xC42\x885�\xD6'�\xE8\xA4F4�nb\xA8)$ì…
-�\xF2-X\xD7\xE2*ĸk�-\xA6e\x9D-\x88\x87X \xAA\xD7ÓŠX\xE5�j\xB2\x9B�\x9E�D\xD8\xEE@\x84~\xE3P��}/\xC1\xB5�rm\xA2\x83'\xEF�1\xBD\xBF;\xD7z\xFAo\xDEÄ \xB8\x89\xF76\xF1a\xB5(\x85\x9F\xFF\xA4\x8C\xA6-@\xBE&\xD2\xCBy$\x8A�\xBE Ò¢�\x9E�\xF0Gx\xC4�\xA3�X�\x91\xE0\xBA�\xA8\xA7�\xE14:\xC7\xE8�\xF9\xAFE\xC3] \xD7\xD0s\x91\x97\xF9\x93-fG\xB6t\xB7�\xC1@\xD76j\x9A\x98,f�\xB6�0\x9C\xC5,\xF7`b\x94\xA8+[\xB9BsQ\xCDØ\xC0^\x81Ó«lm3,�\xD8�.h\xB3\xDE\xCA�Ô‚�[\xBA\xF9\xEB];\xAB\x97\xDD0\x897\xCC\xC8�0h\x8Fd\xDA$�\x85p\xD9�;/fvF;\xEAa\xE400b�i/r`\x85\x9D*\xB6J(\xA6\xB7\xF7\xF8�\xF1�6\xF2\xFA\xA1\xD9-�\x98\x8FyY?�\xB7\x85�I\x82Kb\xF0\xE2\x80\xEA\x8D�
-\xCF(\xD0\xD2��;zF\xB1ȅ3o*d:D\xAE\x9B]\x87}P"�!5\xAF\xAB� \x92W\xF3�f\xB8��\xF41;\xE2�R\xEA?fH(K]��\xFAu F̑I��(#\xBE \xD2�\\xF1\xA9�&�q7Cn\x86\xD09(\x85\xC3.*X\x8A\xCD\xDF>\xD7\xC4\xC1P\xD5\xF8N\x82H\x91cR%\xFAC]�s\xF6\xF1\xF5�\xCC\xF0\oy\xD4QD\xA0\xF3�~|8!�\xC9z\xDBR�\x86\xB7gH\xC1\xECvHß\xFF\xD1l\x96�\xA91ȓkQ\xC1�ל\xE4 �\xE6�\x97\xF9@?\xD64Z��\xEC\xB2\xCEQ�\x82f׾\xA8\xAB\xBF\xB4< \x8A2\xEC8O�\x9A\x98\xBB�j�\xE04_�mK8��\xF66}!N7\xA8p\xBA\x82Jܵ\xD9m6.\x94\xED�%�\xB15\xC5H��AA\xA9ܖ\xA6\xFC�V��\x87\x92\xE4\xFDW\xEAg�GA\x98\x84\xAF\xD4Ͼ\xD4\xF1\xDC\xDBI\xF9�\xBF\xD9�\xF7\xCB\xE1\xD5H��\xA5\xE2\xD3\xF3wR#
-�6B\xAC��\xE9t\xA8\xC1\xCDrÄ€i\xA0\xA30�\xD8oP�ìŒ\xBBPw���G\xFA&G\xC7�\x8DÞ®\x88\x855\xE9�\x82\x8D=\xAAQ�\xE7`n�9]\xD8ל\\xE2\xF14\xC2\xFB�\xC4\xFCÓ¦\x89\xA9p�\xF6\xE5\xEDÅ»\xAB{\xDE\xEEBÆ\xD1F�7\xC7\xD18c\x9F\xA3\xE7\xCD�\xF0�wG\xB7\xDFy\xDC<�*a\xC0l*z�T\x9E\xD4 P9)�\xF0\xDB\xCF'Q\xA5O+\xD0I\x8Dh0\x82*3T\xE1�\xAA\xA4\x82\x82\xEF�P�\x8E�>\xAAbè\x8AS\x87*`9T%Ò¡
-\x98�U\xF0�\xA0
-\xBA\xF5�
-4�B+v\x97}}3A�g\xAC\x89} --"\xF3�- \xB9\xD8H NB˗:�\xADNʃV\xF1Xb:\xDA�\x96\x8A\xF1\xF6#>=}'52\xFF\xF0\xA4 Q��WC�~ \xAF\xABx\xBA\xA13�\xA5E\x95���\x8A\x8B\xC6\xE6
-\xB5eeS�\xE5\xCEs\xAA�!\xC0t\xEB\xB1l.\x82\x80m\xB3���\xDC �\xB8\xBDGAx\xB4(\x911\xD4�\xC2\xC8/-KF=\xA9\xF0\xCE.y%H\xF8R'<\xE9\xA4�\xB2\xE2\xFE\x9Dc\xA2\xF4+SwR#s\xEF\xDF9&Q\xBC79yQ�3\xF0"\xBE{^\xC4\xD7΋*\x92\xCEw\xC8çƒI\xA9<\xB3,,Ï\xE0\xF2�I,\xCF\xF0\xE9\xCA3\xA4]y\x86\x9D\xB1<\xB3\xD5��\xD9AU�\xAA\xE1N�9=ɾd×Q [\xB2A�E�\x93\x92\xAB6\xDByX\xB5Y�\x9F\xE8d_\xA7\xE1�\xD5^Huǵ\x88ω~#\xD7P�9oH\xBEj\xB0\xBC\xD1"\x8A\x8A7�QKzV5Ǭu\xDE~yY.t�(\xA1ÄŸ�\xCC\xE0\�\xC4P\x8D\x9C\xDC�\x9E\xD0\xF1
-\xE0\x84\xECy6\xDFÖ³\xAA\x9E5u6k\xDB\xF2\xF0\xD6�\xD2_*\xCC\xC9\xD9;\xA1\xC3金�Rd"\xC5`~�d•\xFC\xED�\xBC \x80\xB1\x8E n\xB6kWxÛ–\xB5\xC5g\xB4;8\xA0\xC2\xD39\xBF\xB9n\xCD�Nj\xF6 �,\x9B\xA0@\xF0\xFE\xFD�1>\xED\xF2mA\xAD!gN\xE1N4\xE8ч\xEF\x89c\x8F1\xC0\xE0�aG\xA0[��\xA4Q"N\xED \xC2A\xBF\x8A\xDC]qU\x9C\xED�nÜ’\xF8H\xD9\xE4s\xBE\xB0\xD5|\xDF�\xCF\xDF\xE8\x93Y\xFD嘋 MD\xFA\xCB�\x83\xA3\x90\x83`\x95\x9A\xF4\x95\xBB6_\xEA�\xE8\x9C\xD4�\xEAf\xF3�\x82\xDA�\xF6\x924�x*9\xA9F'5\xA2\xC7`\xC9F�\xA1I\xC4P�\x82\x9F\x80B�U\xB0\xDB_\xA4\xF6\xEE�y=\xD2\xF0\xCDG�\x89\xA1\xB7\xB0\x85\xC5-Þ\x8Fx{!\x9EE��\xD6\xFD\xD8h\xD1f9\xDC\xDB\xF3u\x94
-\xF25\xF2\x9D\xAF- \xF1{\xAE�{ ��@�ĢsmU\x8Fy_�@\xC9W\xBD�\x86\x81L`\xA8\xD3\xDE\xF7\xA4Nx\xDFI\xD9�\xA8\xCD"ks\xBA�\x99}l>�V\xE6�(D\xFC\x8A�\x9DԈ
-\xC3\xCFLa\x90\xA4Éž�\x9Cz%{HJm\xFD\x81�J\xA5\xB2w\x80m\xB5�\xBE\x88_sU\xAF�\xB1^A%\xA0\xE3W\xF6]�\xA4\xB2�\xF5\x90\xCF%�\xE1.\x9FK\xDDO\xFD\xDD\xFDwD<�<\xC1\xEA\xE6\x80S\xA2>\xE2å¯\xF8"\xA7\xEBx\xBE$\xD0*\x8C\x86\x98Y\xD9�6?�\xD9ql$ZÕ»\x92\xA3\xD6c\xDE]r1\xE7\x99"5Þ\xE5U\xBE\xCD\xDA.Y\xDE\xDD\xDD߼嚞\xAE\xDF\xFA\xEB|\x88n\xFD\xD7�M7\xD8A\x97~\xED\xA5Sb\xF5zOQ\xB4\xA8\xB2mQ\xBE\x9C�\x88\xBEo\xE8\xE7 \xD8�j\xED'\xCA\xCERKÔ¸!
-+�.\x82\xEC7\xD27\xF4˂^ \xEB\x8Dz\xC7\xEDd^ ȼ@\x90y\x81 �p\xC1\x81\xDFd\xBB_7\xC0�Y@\xF2�\+�\xBA\xEC
-\x98Wm\xE1\xFDja\xE4\xD2Ø–\xE0)X\xB1\xB0\x9FR\x81�%\xFBe1\xA3!
-\x97տ\xF1M\x97\xE2*� \xBB $\xEC�\x90\xE8�\x80/\xFD\xD5�\xBC\xF0U+P\xECL\x95vy�\xE6\xC7d\xEB#�Z\xBF\xBE\xBD\xFF\xEE\xEA?D\xDF\xDD\xE1��\xA9\x97\xE8\xD4\xD0\xF5�\xEE\x86�X\xD9&\xFF՞�\x92\xE97\xF5s\xFE��\\xA2\xA6\xD6�\x92J+\xDBϞ�U\xD8\xB1\x84A�\x8F\xB2\xB4�\xDD!Q
-\x92\xA1�\x9Dv\x85Õ±(gu\xED\xF6��Yî´¬\\xF6\x87\x99ؔ™\x92ϧ\xA8Kwf^\xFC\x9Dt�Yn\xF3,��~ \xE3m\xBDto\xEB\xD9�\x972!�\xC8\xD8]\xFF�\xE79\xEF\x86�\xFEO4\x8Bt��d\xECM�\v#P\xF4)7fDZΊ�\xF1�i�h\xE3\x81Ot\xF7\xAD8\xE1\xEF\xC3\xD8]\x94\xD9v8h\xBB�\xBB\xDF\xC6�L�q\x97\x{DEA8}�\xD8\xE2�\xC7\xEC�a\xF6Ûˆ?f]ÏQ\xE6\xF5z\xDDݼ\x97E\xC5q\x8201�)8tk\xCD�\x92\xBA\xFF\xE8\x8D\\xE2i�\xECZ\x8DCHDa\xA0c\xADG\xBC6^\xBC6�9}|P\xD3\xF5\xCE�5`\xC2Çœ\x9E�\xCF[\xE6\x99k\xA2S�\xB6Í©\xA0\xC0v�\xA54{��\xF7\xCA�\xB5z\x9F\x99\xB1\x85\xA6\xDC\xCC\xDCu\x8B T\xBA\x93\xC7�
-\xB8ކ,\xA3(k�\x97Ӏp[�i\xBB\xB5\xFFv>\xD3\xF8\x93\xAD\x96xNg \xAD;\x91\xA0h �\x9D\xA5\xFC\xA6\x9F\ӆΕ\x9E\xDA \xB6DDx�\xE64\xE8\xACf\xE8\x97 4\xE4\xCB腽\xF7\x8D\xDD\xCF*�>1\xFDQ\xB4r\xF7H4\xEE\xA7�\xE3}mh\xE6_4\xF9\xA7\xB87\xFB\xBD\xBB\xE8\x83\xC3�e9\xCC^�\xD8S\x85\xEFM0\xD5\xF5K>\xF2[F\xA9�\xFC\xD1\xDEH��Nܲ\xFF\xF0\xEF�\xFB�\x81*\xFC�\x8F9r�!\xC380Q\x9A8\xA5\xD0ܱ\xDE\xD7\�\xC0\xB4\x89\x92�\xD5\xFF�\x80I\x8Dtendstream
-endobj
-1711 0 obj <<
-/Type /Page
-/Contents 1712 0 R
-/Resources 1710 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1684 0 R
->> endobj
-1713 0 obj <<
-/D [1711 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1710 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1716 0 obj <<
-/Length 3468
-/Filter /FlateDecode
->>
-stream
-xÚ¥ZYs\xE36�~\xF7\xAF\xD0\xDB\xCAU�B�\xBCj\x9F\x9C�Ϭs8\xB3\xB6S[\xD9$��EY,S\xA4"R\xF6x\xFDv\xA3��IQv\xB6\xB6R�A\x8DF\xA3\xD1\xE8\xE3k\xC8r�\xC0r�F"JU:\x8BS#\xC2@\x86\xB3|{�\xCC�a\xEE\xF3\x85d\x9E\x85cZ\xF4\xB9\xBE{\xB8\xF8\xF6\x93\x8Eg\xA9H#�\xCD�\xD6=Y\x89�\x92D\xCE�V\xBF\xCD#\xA1\xC4%H�\xE6�~\xBE\xFDt\xF3\xF9\x97\xBB\xAB\xCB\xD8\xCC�n~\xBE\xBD\\xA80\x98\xBA\xF9\xF1\x9AF\x9F\xEF\xAE~\xFA\xE9\xEA\xEEr!\x93P\xCE?\xFC\xE3\xEA\xCB\xC3\xF5�ME,ã»›ÛDI\xE9\xE3\x8Cл\xEBO\xD7w×·�\xAE/\xFFx\xF8\xFE\xE2\xFA\xC1\x9F\xA5^�h<ÈŸ�\xBF\xFD�\xCCVp\xEC\xEF/�\xA1\xD3$\x9C\xBD\xC0\x97@\xC84U\xB3\xED\x85 \xB5�\x8DÖŽR]\xDC_\xFC\xD3�\xEC\xCDÚ¥S\xF63a"Be\xA2\xD9B�\x91\xC0\xFE\xD3V\x96"\x96�\x98\xE20�\x91V\xDA[Y\xC9)+;.\xB4\xF2\xAAn\xDB"_\xC0\xC7S\xF1\xBAxj\x9F\x9A\xBAz�\x9F]FF�:\x8Df\xFD
-N\xD4\xF0\�z\xA8\x9E�2JE \x9A
-\xF4\xF8צ\xA8\xE1�t4\xEF6e\x8B\xA3p\xDE캲ajV\xAFP\xABё\xD2X\x84\xB1\x82\xEDQ\xC4a\xB7ʺb\x91o\x8A\xFC O\xC2\xFC\xFD\xAD�-\xA4
-%/\xC8\xF6\x972\x99�\xB4\xC1\xB2\xE96\xB4m[t\xACIC"L\xCBH\x8BD%1\x8Bx-Ú‰md,R\xAD�\xE6\xF9�\xA5\xA5skX\xBB�Z\xBA-�\xEB\xB2~\xC4\xC5x\xB9\xA9H�\xB0\xA0�i�*\xBB
-\x98\xD0�q8\xFF=�\x83n\x93\xA1R\xE0\xAAe\x8B\xF2�\xD9cx)\xAD\xEA0\xEA6�
-~\xB8\xFF\x81ؗeG�8��\x92nEU\xF1</8\xB4Ŋe4\xBC 4$�/\xF5\xE3\xED\xFD�׿\xD2\xF8\xEE\x8E\xEC�\xF3Y7\xDA\xFD?MͣlW|�\xF6\x90\xC1\xF0x\xFF��o\x84\x85J\xB5;�\x8C\xF0\xC0\xC7ox\xBA\xE6\xD0\xD1�\xDA��t@�\xD0�ap<\xA0]d�\x88\xF3\xBC\x80�\x882�^@�\xECK%\x87\xD8fe\xBD*\xF6Dj\xD6#�<\xDC7\xC3#Q\xC2ZZ%!\x87\xD4
-�h
-�\xBC\xE10à \xE1 +i�\xCC�\xC8×\xEA>\xDBr[VÙž\xD77G9\xA7ί\xC0Í‚T;o\xE6H\xC6S\xB1\xFDa\xE5\xE2\xEBT�\x80{\xC6i\xC8\xEB\xF2f\xBB\xC5\xE8\xB2\xFCU\xE9VR\xF0 v\xD0 �A�\xAB�Öµ#\x8A\xD9�w\xBCU\xB1\xCE�U\xE7Or\xAAk\xA4D\x98�\xC3[\xD6\xCDT\xD0H�#\xC7\xC2�\xBAYO�\x93F\xC4�\x92\xE2\xFF�\xF6*\x8A5/\xF0\xA6.:o\xE6\xD38\xD7!d\xDEH\xBF\xA3\xB1\xF5\xE7c\x98Û»r\xF2}\xFA\xEA]/\NCN\xB6�'�\x86\xD3x�\x87`\xE3\xF4\xEDT\xDFc:\x9F\xE9��\xAA\xD7\xED_�]\xBE[\xEC\x8B\xF5\xBEh7')^\xC1a�È¥o\xED\xEE\x99N\xB7�\xD8EE0N\xA2\xC1\xFE�\x97i0\xDFC�\xD4P\xA2ѱ5\x98\x83L\xB1\xA6�P\x8A&Ñp at n\x8C|\x87Ö¦ $>|\xF8B\x83rMs\xBF|dŸ\x87b_B>\xB6_\xD6YY\x81�ER\xCD?\x81\xC5-\x8D0 \xAEI\x88 \xAE\xBF˺rYVe\xF7z)\xA5\xC4K\xD4q\xE4���\xB0\xD0Q:L]\xEF{\xBB\xD1\xC2\xC8(z\xBBF�\x91�\x9Dxw?\xE7�P\xF8\x83T\x99w\xBC\xA1\xC7\xF5\x86;8\xAE~\xBA(\xF2þXtÍ¢\xACi|\xE2�\xB1�I�\x91\xF0\xA6*\x9EkB\x97ai\x8CE�\xC6\xD1P\x99\xAB\xAAj^0\xE2\xD3y��
-R\xCAk\x9Dm˜h\xEC�0\xB2\x8E�\xD3\xDD>\xABے\xE2�\xE9\xE4B͖f\xEDA\xB8\xB6\xFBU\xF0\xC9Gt3\xC0\x89\xA5\xA6�\x85\xC0{\x87\x8A\x8F\xC9�˄ݢ!�H�\x88\x86\xA3\xE2|\xA8\x89\x93
-\x8EN\xE2\xF9�=;I\xC09\xAA\xA2#g�j\x86U��XEp\x9A|��\xAE"\xE0\x98�\xCA)1\xACZp\xDBX)ʮ$�\xFD\xED��\x83\xBEO\xBA\x9C�$@\x88\xE4/dX}̰\xB8\xCD͚\x94\xB0\xD9Ъ\xD8Lyt�\xF0\xD3#\xAD\xBF\xE2\xD1`Q�\xE2meA\xF9%\xEF\xE3CK\x83'\xE8�\xCB\xFAJ\xA9\xB4\x87�0\xB4��\xC4QEU\xDAA�\x9C�\x88A#\x9Bd\xE1\xD3\xDEA\xB1„\xAC�\xBA��w\xF3\x99\xD7\xD8z�\x83\xDB\xFB\xEB�$yt 4\xCD0B1\x8CP�!4\xCF�K8z�~s\xA7�A\x83cAθ�\xBC�Uu�F\xBD\xA2\x8A\xF7�\x88\x9FO
-�^k,Fk\x89\x86jk<\x9F\xB1�\xAD\x89j\x91�~\xB6ÄŸUmC\x94\xBAÈ‹\xB6\xCD0\xFDZ\xD9L&C
-\xF6�I\xF6\x97\xCBTͯ\xA0\xAD\xA2Iw�0\xEC\x9D\xF7D\xCB \x9C\x87\xB7\xF3wt�W�\xE1\x9ClV�\xE5��\x8A\x86��Q\xCF\xC4�3\xD9\xE0\x81\xCF̯j\xF6\2vM\xBD\xA2h\x8B\xE82u_F?\xA4"\x93\xDAh\xBF鈃t1\xF3\xE2뮀\xD8\xCA;�\xF7�\xA2ݬs�Q\xA8\x8Do\x93\x84\xFFy(YӢ\xE6b\xC0\xEE�\xA3%_wQ�\x9E\xAB3+ܖ�\xC6��}\xAC�\x9DOG\xCA\xD7ê\xC8\xDAB\xD8\xDC2\xE1 \xB7
-^� 2\xA7i�Qp�%\xA3\xAF\x9C/\x81\xB0ACҲ@/AR\xDEԿ�\x81z\xE4\x8DW4o{\x88 \x8C� p3\xA9\xCB�\xD9�
-�U��\x86P\xB9\x83\xFF\xA7\xD2A�\x888�\>\xA0D�p\x97\x80[\xEE\xF6\xE5s\xE6\xCEBx�\xC9G�\xEE\xB0'\xA0\xB70\x90#\xBF\xCAѣ\xCBe\x85\xEBMj
-\xAB�\xE4F��\xA4�\xC9\xDB5P.\x9A}\xAF\xCA�\x8E\x9C\xC1*\xB6�\x8C\xD8G\xF9.\x91\x82\x87\xDF�\\xC8\xC1�Y\xB6\xAF�x\xA5\x8F\x99U�\xC8^\]|\xEDx\x87r;\x85\xE1G\xD1�5\xAFXM\xD8R�\xA0H\xCC \x80\xED\xB2}\xC7 at r$w�&B\xA7� �\x8D-o\x9A\xFA'� \xFF\.\xE0r��F/\xD9~\xC5m\xE8hK\xD0LaB��\xE3\xB1>^\xCF\xDA.\xB2aE\x81�\x97\xB7\xCEr\x82P\x96#\xCF\xD8Ӗ\xBC\x84Z/{\xF7
-\xB3Х\xF0\xEDG\xE4\xB7\xE1\xBC"\xC1\x8FL\x85�+�/\xE5\x8A]$\xCFr\xA7DS�\xFC}]\xBC\xF0\x8Ab\xFF\\xEC\xB1C\xC6r\xCF�~\xC8Y\xD1�a\xC3�\x89� \xF9T\xBA\x82\xBC\x8E`\xD1\xD8N詥\xA1\xD5�:x\xB8\xCCb_۬�T\xBC+�\xF1\xAE\xF8\xD2�\xA7s\x9B`\x80Jf\x80�\xA5a�-y�\xE6<9_\xF5\xA4[6\xC2 at 0<"Y\\xF4J\xBB\xF3.\xBC\x88B�F+^n\x9BN�l\xB2\xE7\xC9�\xB4\xE2t\x95#\x9F\x8A9\x82hL\xB0\xCA\xC1� \xDC\xD4xԢCKBv\xB7\xAD-2\xBC\x94�\xA5\xFB%\xF1\xBCj\x9A'��v\xC4c\xCDTZ\xD0
-T4�\xEF\x92կ/�E \xDA\xCA(\xF6\xC0\x9E3�W\x93�D\xE3�\xF4f\x82B\x9Bz꺺M\xD3r\xEA\xF46\xB3y\xB5\xE1�\xFAeS\xE6\x9BQ3N\x86�\xF6e\xBEe\x87 \xDF4\xFB\xB2\x838v%\xDB5ǫ\xA6�\xB3[c�\xC5�0}\xF1\xE2]\xFB\xD7\xF1B\xEB\xC3g\xC1>D,\xA6L\xF96\xD8\xEFs\x9D�\xFB\x9E�\xEDDA\xBB�\xEF\x9BBfUa\xF8\xF6\xBE\x8Eib\xDF~\xBEH�\xA1\x82(�\xEEK\xEF��\xB0\x84k\x86u*\xE7\x9EF\xB7�\x94m\x91\xE1C\xD0\xFAPь\xADg\xA9k�\x81\xD0\xCB:��@\xABʶ�
-\xA4� B\xB1\xDDu\xDE\xD1b�ί\x88�\x90\xE2\xC0�\x9B\xF5T\xD3�I�1\xCCyv]\xEEa\x87\xD3Ô¨\xF0\xB5\xCEsY\xA0\xDBõ&HD��9\xD94"f�\x8Caa�\xBAD\xC4gÄ\xF7ˈ�d\xFCD\xAF~�\xF1\x8Dm\x814Lh\xA8,}Q*\xA6�\xB9nD\xCD2 ɘ \x9D\xB9\xFE[\xE7\xF8\xD8g\xFB\xFB\xC0\xDE-^\xDA\xE4c�q%\xE1Q\xEB\xC48\xFC\x93\x84�\x94ˆ\xF2�\xCERP&\xE1q\xAD\xDD�2!\xD3!J\x8Aj
-7f\xA4\xF1/?f\xF8\xE4�\x8AXyÓ»\xB7\xEA\xF1\xFDD"6Ñ Z\xA2\xA2\xBB"/\xD1N\xD4�\xF8'\xBD\xB3g\xE0�[�\xE1-\x80\x9A\xAFG\xF5\xEDM+\xA3\x84\x89\x8D�\xDE\xF4\xF0z\xCEǺ\xAD\xAE\xFA\xBDX\xEFq\xBD�뎫�\xEB\xE8�\xE3N>\x88D�`\xBC\xBF\xB5\xB7\xE7\x9A\xD8|\xD8MJ %�\xF1\xFD\xDDu\xED\xF3\xADs'�\xB8\x9B/D\xC8V+�\xEF\xAD\xE7i\x88\x85\xDEj\xA5\xAB\x95\xEC3\xA9�\xC1�\xF4�m\xF8����\x9Fd8��v\xA6l`i\x943p\x84\xBD@\xCD\xFB\xAE\xA9OX\xF0\xB5\xDA\xF0\xD6C\xEFm\x8E\xC0\8��i�\x8D\x9EE\xC7E
-\xB2'\x81��pO\xA6B\xEE(\xA7\xF08R�\xC7O�\xBB\x824\5��\x93\x80\xAC\xA5��4\x83�\xBF�YM\xB9H\x83\xC1c\xD5,\xB3\xCAÏž\xE8G\xE9\xB9\xE5U\xCDT\xAD\xB5\xFAb7�\xA1\xB2/W+�\xE0\x90ˬ:Ø\xD1\xC7s�eØš�\xE6\xEC\xE396|\xD9+\xC2#�¿bg\xD9�\x88Nf�Fj/\x81\xB2�H[\xE6�z�\x87\xEFt\xE0\x96\xB8(+Ú·|\x9E--\x9C[\x93u\xA8�\x8B\xCC(�m\xCE�̸\xA7\xC9S|\xC4���\xF9�\x91�\xAF!\xB1\x88!D\\x99\xE0\xE2J\x8F\xBE\x904\xBEu\xD9x\xE2%Z hDÝ“\xFD\xB2 e�)A3\xC2\xCF\xC7�\xB8x\x84\xD1;�\xE3�\x87T\xAA\xEA��hN�\xED �
-\x99Bp\xAAX
-i\xA4\xFD)\x8E&\xF7\x8F3�\xDC\xF5\x82\xDE\xF3/\xFA�N\x83\xFET\xAE
-z \x95\xFE\xA9�\x9B�\xA8?c\x85\xD2T\x98 re_\xFEI\xEE\xF1\\xEF\xA9q"\xCD?\xA2\x8E�!
-I�r\xA9\x9E\xEC\x844wB��Y\xB5\x80v*\xA23\xDC3\xD6~\xB7-\xEA/\xB4�\x88\xB8�+ZK\xDF\xFDO\x8C\xF8\x85\xFB \x80#Y\xDBc'Þ\x9E9\x80Xe�\xD7 \x85\xF3d\xB3\xEFh\x86�\x91p\xFE\xD2\xEC\x9F\xFA\xF2\x9B\x83m\xAE\xE1\xFB\xCEVS$Ag\xBC\xE5]l[\xAA]g
-�4[\xBAv
-\x84\xAD�\xAC\xDE\xC9\xDB�\xC5E\xE5\xADb\xA3�\xFD\xED\xB0\xDBY\x9D�P\xBB(A \x8Fo\xBE<\x9B\xA1?�%r�2�̀\xE1Y\xD6�t+\xEB\xF3\xF8X\xC2m+\x99\xBC\xF3+x\x9F\xEB|\xCD\xF4\�\x9D\xF9k\\xB4ǫ�\xD4N\x9D
-\xA9\xF5\xDB*8\xA6 �\x86�\xA5FH\xF8g\xA8à rj�\xB2]\xB0\xFDr=��m[\x85o{\xC3*\x8A\\xD6L\xE8\xAC\xC8�\xE8\xC7a\x9C\xF7
-\x9F\xE1Fܸ_\xBD\x91BWfE[g\x82I{g\xB6\xCE\xE1\xCFwÒŒ\x9Ej\xED�<:\x82}^K#zJ\x8E�Û•C#\x8C\xFAs\x93�'\x84Ñ\x8AA\x80\x90Y:t�s�\xE1\xFC\xF6`O
-T\xDB-�%\xA3G\x9E8!\xAD\xE3\xD4\xC7E\xF5\xEC&6\xCC\xEB\xF6\xC3}J\x88�\xDBT\xC6\xEE\xC7w�\x9D\xF1r�\xC4x\x8A\x9ER\xE1s\x93\xE1\xE1L�ӻl\xE2^\xA0a\xC0ff\xFE\x96>ёp\xA4\xE7֛�j���\xABs\xBF\xE5\x86� \x88\xC4=\xB0O\xFB㸖\x84B\x85\xD2-\xE1N4\xC1.\x88>�.d9\x9F\xE5PWx\xFF\xF4\xA8\xA6#!\x93\xD4�A\x8E\xF3\x90\xFEo\xCF\�\xFB\xF6\xB1}o\xEB�:\x8B\xDA�\xCE�oju&\xCA\xCF\xFČ0\xAC�\x8FS\xA9[%\xA9\x88\xE2\xC0\xFD\x8CFoc\x{12BD99}0\x87\x81\xF8O\xB43\x87�i'\xF5 �\x80\x8E\x82\x90\xEA\x81\xEEW�\xC3\xD5\xE0\xAAg\x86�M\xDD\xED\x9B\xEA\xFDJ\xE0��\xC5\xEF\xEB�\x81�\xC17�0&\xCC�\xB3K\x9Edo\xEE\xF6%=B#
-\xB0�
-%YҨ\xA30�\xA4\xCD Hӄ\xCD\xCFGN\xE9�\xAA\xB1\x8F\xB3H�Uym\xBBb\x8B`�\x9C\xFA\xFE�9�\xB0O`\xFFL(\x862�\xC9w\x80\x83g_\xF4\xF8OSމ\xD4!l \xBD\xC0�\x85<M\xFC\x81P:R}e&�?3\xBD\xAD\x82\xFF�4�Z\xF9V\xC9\xFD�C\x97\x95U;t\xDD
->\xC7\xF5C\xC1v\x90\xEBWW\xD08>�\xB7`}\xBB\xED&\xDA>ת\x85�\xFF\xE6k\xE2�\x81\xFF{\x82\xFF\xFBOˎw�HU'\xE7�\xE8\xE0@�+eC!:{�\xA7\xAA\xFF�B\x8D� endstream
-endobj
-1715 0 obj <<
-/Type /Page
-/Contents 1716 0 R
-/Resources 1714 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1723 0 R
-/Annots [ 1719 0 R 1722 0 R ]
->> endobj
-1719 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [339.2005 267.4951 400.4005 279.3953]
-/Subtype /Link
-/A << /S /GoTo /D (zone_statement_grammar) >>
->> endobj
-1722 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [455.0966 73.4705 511.2325 85.5301]
-/Subtype /Link
-/A << /S /GoTo /D (address_match_lists) >>
->> endobj
-1717 0 obj <<
-/D [1715 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-478 0 obj <<
-/D [1715 0 R /XYZ 56.6929 499.1607 null]
->> endobj
-1718 0 obj <<
-/D [1715 0 R /XYZ 56.6929 471.7434 null]
->> endobj
-482 0 obj <<
-/D [1715 0 R /XYZ 56.6929 253.2977 null]
->> endobj
-1720 0 obj <<
-/D [1715 0 R /XYZ 56.6929 230.8219 null]
->> endobj
-486 0 obj <<
-/D [1715 0 R /XYZ 56.6929 117.3496 null]
->> endobj
-1721 0 obj <<
-/D [1715 0 R /XYZ 56.6929 95.0332 null]
->> endobj
-1714 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1727 0 obj <<
-/Length 2817
-/Filter /FlateDecode
->>
-stream
-x\xDA\xD5ZKs\xE36�\xBE\xFBW\xE8�\xB9j\xC4\xE0
-\xB0rrf<\xB3N%\x9E\xAC\xC7{Jr\xA0%\xCAf\x8DD:"5^\xEF\xAF\xDFn4\xC0\x97(Ù»\x93\xA9\xDA-W\x99`\xA3\x81n \xFD\xF8\xD0�\x9F1\xF8\xE33\xA7�&S5\xB3\xA9J4\xE3z\xB6Üž\xB1\xD9=\xF4}8\xE3\x81g�\x99�}\xAE�oϾ/\xED,MR#\xCC\xECvÝ›\xCB%\xCC9>\xBB]\xFD6\xFB\xB7\x8B_o/o\xCE�B\xB3\xB9I\xCE�Ú°\xF9\x8FW\xD7\xD2\xE3\xED\xC7\xEB\xF7W�\xFEqsqn\xD5\xFC\xF6\xEA\xE35\x91o.\xDF_\xDE\^\xBF\xBD<_p\xA79\x8C�a\x86#�\xDE_\xFD|I\xAD�7�\xBF\xFCrqs\xFE\xC7\xEDOg\x97\xB7\xEDZ\xFA\xEB\xE5L\xE2B\xFE<\xFB\xED�6[\xC1\xB2:c\x89L\x9D\x9E=\xC1�Kx\x9A\x8A\xD9\xF6Li\x99h%e\xA4l\xCE>\x9D\xFD\xBD\x9D\xB0\xD7\xEB\x87N\xED\x9F\xD2.\xD1B\x99\xD9�\x98\x99I\xF9\xF4.\xB3\x84iص\x85U<QR\xA8v\x97�\x9F\xDA\xE5È…\xBB\x9Cm6\xD5Ó¢\xAC\x9Ab\xFD<^2GFg\xF9\xAC?\xEF\x81\xF4\x96kB\xBC\xE8\x89\xE7\xCA$ʸ\x91\xFCO\x8F\xF9\xB2\xF8\x9D1\x91×°\xFD\x82ÏŸ�\x8A\xE5�6\xC5\xFC\xA1\xAA\x9B@\xCDv\xE7\xDC\xCDs\xA2{\x9D\xF3�\xF54�=\xC3�<C\xF3P\x84qu\xBE\xFB\x92\xEF\xF0\xA8\xDF \xC1\xCE3\xE2\xA87Ù—<\x90\xAA5\xF1\xFE\xAB*\x83\x80\xE5CV\xDEG\x85\x8A2H]\xAD\x8A\xA6\xA8JÜ¥\xD9B�8�XÂ\xF3$ÕšL�u\x91Î\xFC\x9C�4%\xB6\xB6Y\xDD\xE4\xBB:\xC1Ñ£s�\xA3Om
-\x9B9u�\xA3M4`,\\xEA\xC0\xBC͞i\xF6lS�\xD1wA^\xDD\xEE\xEB\x8A�\xB8\x8C\xA8ۡ�\\x8A\x84)04\x9A\xD8\xEB}(]\xE8D閩n\xB2&\xDF\xE6e�\xFB\xA8`\x83\xA2\x84p\x82\xD8\fu�\xF6\x8B\x9BĦ\xDC\xC6
-�~\x8A\xA2�>+\xE6��Ò®X\xE1\x96\xE3ks\xCE\xE7\x93jZ\x91X\x93\xC6\xE5W\x8Fx�a\xCC���\x9BÌ\xB1c\xD5!(�\xAB\xE7WA\x8F"LV\x95\x9Bgjm\xF3\xAC,\xCA\xFB\xF5~\x83\xEF|\xBE\xAEvA�=\xBC!Q�7-η&�\xA8C\xCB\xE7\x96%\xA94b\xB8\xFC\xDE!\xBD\xA1\xE0\xE3-��\xAB|\x9D\xED7
-\xBDxk\xC6ފ\x9E\x8F\xDE�\xAAe^\x87\x8E\xD6\xF8\xA1\xBD�jF\xD6�o\xB4�l\xADiЖ\xDE2z\xA0\xCE\xDF�V2Q\xF4\x95\xE4 \xF8\x85��kK��\xA7\xA3P\x8F\xE9x�\x8AL\x9D\xCD\xFF\xB9\xCFw�!��\xDEquRr\xCBt(z�\x80t�G`�\xB2\x87\xF1\xA7\xB3^\xE1\xD26\xFE\xA0\x83\xB5\xF1�\xE8]\xFCA\xAA�\xB1\xFEL\x84ʳ\xAE\x8A2\xDB=S׻\xEBO\xD4�K\xAC\xBD\xC9N\x85�\x91\xEAD�'�\x81\xA0ݔ\xD1Z /�nD?�\x88��\xC8\xDF�D�\xC6\xF9\xD0\xE00:�8\xE0At@\x82�r\xF0\x9C\x8E�N\xC0\*}!8(�Mm�\xEB��\xE1X+ n/4}p \xE9
-=+\xF0\xFB.��ׇ\x83\xADY\xA1\xD48�\xE0\x88\xD3\xFB�{\xCC9?\x8C�a\xCF$\x9A\xF0\xC8Iї\x83\x8FQ\xE3\xBF\xF5Z\xAF�5Q\xBD"\xBA\xE8\xC817�jx\xEB;\xF0D\xCE`1�\x82
-\x87\xA7\xE6\xE9kp�\xDA�\xC0*7\x8DC�$n\x9E�e\xD4\xF1\xB9h�\x83\xB9B3\x8E�N\xB5\x88\xDA-\xB4r\x89dZ\xF7=\xB1\xDDT8@\xAE�#�\xB8"\x83\xB4 �\xE2N_\xF7�L�\xC5='K4b�:\xB1\x8F�^\xF9\xFC�\xFE\x8B\xF9\xE5\xC1\xD6\xC0\xA4Rh7\xD3F$\xDAY/|\xF6\xE7\x8CCfKSI\\xBD\xB6_m\xB7�\x9E\xF0\xFD\xD5V\xCC\xDEU\xB0\xA6YYq\xE6Ej\xBF.#\xFBv\xA9a\x89\x8E\xA1�\xB0\x82�N'z\xF29\xD7s\xB2J \xA4l\xFE\xBCXf\xCBshD\xF36}#u)�\xC3\xE8\xDCތ\xAC�\xFB\xF3\x93\xD0˾&\xCF
-\xF1dž\x84\xEFs \xBCdË�z�d\xA4�\x93\xF2�\x9A0×q\xA9\xD4&FÂ’\xFA\xC7\xF7u�!�L\x99�^^t0\xF7\xEB\xECu!\xD2�;��p\xB8\xB5\xEAD2\x82\xF3��\xEC+5\xA7\x93Q\xCB5
-\xBC�B{�#\xD3\xDE�Ĭ?\xF3aF\x8A\�
-�R�\xE29f\xCCP\x83aN\x92]N\x82\xE6\xA6Zf� \xA4E at JY\xA9\xAE#\xE32+\xA9\x81�\xF0\xD8P{\x94\x90\x80B \xA6\xE8%\xA4�\xE81\xBF%\xE0,�\xAF~\x8E\x93�a\x9EǪ^P\xA0Ô 5x\xEE�\xCC�w�\x84\xD4�\x820\xA1$\x85\xA8�\x82l\xB9\x8Ct�\x90U�C!6\xDBP\x88/UIO\xC8�\x80\xEC\xF3]\x99m�\xEBl ,Ò�\x84\xC8\xB7o\xA8\xB1*\xEAÞœ`\xEA\xDB\xE1\x84\xF9?\xC3l~�l�Û£�\xC2Ky�\xA2\xFAS\xD1<T\xFB�\xCC\xCB�=*\xDB��N}.\xAB\xA7vT\x9B \xBC\x82e\xB6\x89\x83\x9A\xA7j\xF79�\xAC\xC1\x81%\xAD&�\xAD\xDCQ�\xAC�\x9CHi\x981k&2\x9F\x92\x98\xD5\xCD!F�\xA6:\xB2/\xC4Ë’\xF1~$\x81\xB9�&T�.:\xF9\xF2\xB3\x8F$@\x{18718D}.;�\x8BWÄ“;��/\x8F\xF9n[4
-\x8D5\xF3\xBB\xE7)D�a\x93Y\xAE_\x87h\xC0c\x94\x88\xAAz{t\xF3�\x9A\xBD�C\xF1\x84\xC1\xD5yh{\xDB}�\xCE\xE9.\xEF%[\xAF��Ù\xDDU\xCD�\xB5.\xDE\xFE�\x8Fٯ�\x8F\xAE\x89\xC7�3p\x9C\x8BֽƘ;�\xDCFg\xF8\x9ACQ\xDC�\xA0�W\xE1
-\x87-/\x96\x8FA�� \x8D\xCBc\xA0H@�\x86+\xCA�(
-\xE3\xCC�F\x8B7]\xDEa4\xDEb4�0�<{W5|=\xA2\x8B\x85\xEB\xB1n\xED4�4:\xC1Tal�\xDD�_e\xCA\xD6\xE8#\xD0-\xF6�N\xE2\x9B#7\x8C.�\xCCv\xE8\xE1S\xD8MB\x82\xB7:\xB5\xFF\xA3\xD8M\xE2�r)_\xC2n��Y\xA4\xEA/\xC5nR
-\xD0\\xCBo\x80\xDD\xFAS\x9F\xC0nR\xA6\xC0\xD6s\xE6\xBF \xBB}c\xB8\xD6?\xB1\xFFk\xB8&R &c_(`\xB6\\xE3\xC0A[56-\xE3 \x8B\xEBÞ°I\xC4�\xB9&t� 6�\xBD\xD6Ø¡��\xC4&e[\xC5\xC4f\xA8"`\xB3Í \xFE%f())\xD2 \xF1>oBoY?\xE5\xBB0\xAE\xBB!\xE2�U�\xA1á—‹em-1\xD6�\x86a\x80t\x90T\xCDD�^\xC4*&0[;\xBA\xF1\xB6\xDB8\xCE�.QL\xB9\x9EmKM5.ߨ\xF3\xD0 �\xCB m\x8C\xC5O \xC3B\xE7._\xEEwu1�\xF1��N\x9A\x8EÄ‘+a\xABX\xB7r=\xBC\x84��É»\xA7\xA2\x9ELI�\x8D\xA4\xB6\xEA\xB5\xE5�\xA7\x99z\x8Dhl\xC8\xF9\xBEÜ ��\x8A�\xF4 \xB6\xCDÔ¨RÜ��4\xEC\xE1�S\xC5^�~5 at o\xC8K2\xA1\xE1ë€\x8E\xA2\xAD�)\xD6[\xC7�f\x96\xB8\xB8\x8F%\xE0\x82)aঌ\xA2k_�.�7פ\xBD\xCD\xF5=d\x85 \xBEÍœH\xFD\x9Di6Y^\x86\xB6\x93qv\x89�p\\xFF \xA3RI\xEF\xE8'S\x8A\x81\xF2B\xB45_�\xC0iP�\xF0\x84\xE2*�N\x8Cl\xB8�kSeL!\xC0�\xB9IO\xD71\xFB\'\x82Q\xE4\x9A�FS7H\x87\x81�v\xFA\xA4�-ׄ�\x83x\xE4\xF0��\xDC\xC5�z�o\x90̶\x90�\xEEx\xF1�\xC9�o\x90\xD0K7H\xE8\xBB/\xB0\xAE\x8D\xA46�!\xB9W\xACb&$) \xC7P�WX\x82]\xD0I\xB0�:�\xB0\x8B\xE0�(m\xD5\xE8�\xF9�c1\x8AS'`Y\xF9| \xCB\xDEL\xDDS$O\xB8bnl\x9D�ƨD\xE2l\xEBKY\xB9\x9A2\xF6��\xCD\xC0\xD6Ѷ\xA7fc\x88\xB8\xBA;\xCF�s\xE5`k\x8A�w\xDA\\xFB\\xC7͵\xE5:�\x83\x87\xB5�\x93\xE0\x95\xEC\xA4\xFC\xC84!X\xE9\xE0\xD0+\xE4P\x81a\xDE4Ý·#hƼiz\xD5w\xFF\xD2\xE6MCh \x9FX\xAE\xA0�\xB1\xFA�} \xA4\xAEÄ€#�È‚\xF7\xF7�\x91P\x84\xAE\xEEc!~\xC61z:\xA9. (*m\xE4\xD4\xFD\xE5\x85tÆœ\xB2�dȃ\x93ØJ\x90r,{b\x94\xE3�\x99\xFCX\xB6v&�:\xE5#y�\x89R�C
-\xA5Oa\xED\xE9\xF4 P\x82K\xF6\xEA\xAF�pG?)\xBA\xFDH\xE1��}\xA4�
-\xA1#w)\xE7\xF8e\xEDX\xCA\xE1p;\x81\xDC0\x91rp\xD4ɔ\xE3\xD5j\xBF\xAEP\xCA\xE9Ǣ\x93ɅC4\x91\xEA\xD8�"Zo\xEDq\x9D\xF0\xD6\xC85abS\xA9�P\xBD4\x80\xD0N\xEA\xD0rM(!F\x97x\x89\xE1i\xA0\xC5\xD0eE\x9BZ\xA4hS�RG\xA9�{}j\xF1}\xA18\x89ı\xBB
-�\xDD�\x81\xADb\xF4)U\x84l\x82\xDD\xC3K\xBCT&\xD6 f\xE0\xB3�Z\xC6\xE6\xF4\xDAl2\xD2\xE4k/\xFB\xF1\xA4\xE1B�\xF9E\x9E\xB6\x86�\xD3qc\x88L\x9D-\xEC�WYsx\xE1\xC1\xEF\x9Cp1?)\xBAe:\x94=\xB0�,\xF5J%�\xC2G被OC\xAE\x8F\xDFLY\xFF\x9B)\xEBEmd\xF2\xBB�\xC4z\xB7\xF5u%h\xBF{.\xB3m\xB1$�*P�\x95V�\xB1\x87/ձ\xF8c
-jc\x9D\xAB�\xC8\xE36�\x82\xFF <\xFE\x90\xD7��\xA0Y
-J\xC1�\xE0}\x95{\xB0 \x94N$\x90{p\xC7ƣ7i\xFC6\xE7qq\xA8ٚ4\x96Jm0+\xAA��\xBD\x9B�\xBA\xEE2
-\x83\x86\x8A\xD3^\x87\x870�m\x98/\xCA\xE3R!�}�F]\xFD:U\xB8\xEEY\xE0м\x8B\xB2FK\xF6}!\xE0\xD5\xF9\x81\xA1�@\xCE\xCC*=3X"\xF1\xBF-\xA2\xAE\xDD}\xA8\xAA\xDC\xF4,\xA6\xE5^t\xEC\x87�3\x9E\xD3\xDBK\xBE\xF4?\x9C\xF1z\xD8D�\xE8a\xE0~"\x9C\xED\xE9q`\xAF-\xCFi\xE9F&\x92\xE3\xCF�:\xE9\xEBX\xE0]\xE5MVl&<5\xF8\x97�`"'\xBD\x85\xB5\xF5\xAF\xAF\xFE\xD5W\xF7\x938e\xC9F'�\x827w'R�\x95…�;\xD6\K\xC0\xD1N\xD8 \xD5\xFF
-\x97\x91\xB9vendstream
-endobj
-1726 0 obj <<
-/Type /Page
-/Contents 1727 0 R
-/Resources 1725 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1723 0 R
-/Annots [ 1729 0 R ]
->> endobj
-1729 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [213.0783 62.7905 261.825 73.5749]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_security) >>
->> endobj
-1728 0 obj <<
-/D [1726 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1725 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F63 1364 0 R /F62 1361 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1733 0 obj <<
-/Length 3353
-/Filter /FlateDecode
->>
-stream
-x�\xCBr\xE36\xF2\xEE\xAF\xD0\xDE\xE4*�!��\xC0\xCAə\xD8ɤ6\x93\x89\xC7[{Hr\xA0$\xCAbE"�\x91\xB2\xA3\xDD\xDA\xDF�\xBA�\x92�e\xCFTb��6�\x8DF\xA3\xDF�\x9F$\xF0\xCF'\xA9f:�\xD9\xC4d\x8A\xA5 O'\x8B\xEDU2y\x82o\xDF]q™�\xA4Y�\xEB\x9Bǫ\xAFd,\xD3BO�W=Z\x96%\xD6\xF2\xC9\xE3\xF2\x97\xA9f\x82]�\x85d\xFA\xEE\xA7�\xF7\xEF\xBF\xFB\xD7\xC3\xED\xB5Q\xD3\xC7\xF7?}\xB8\x9E\x894\x99޿\xFF\xE7�\x8E\xBE{\xB8\xFD\xF1\xC7ۇ\xEB�\xB7)\x9F\xBE\xFB\xFE\xF6\xE3\xE3\xDD�~\xD2D\xE3\x9B\xF7�\xBEEH\x86\x8F�D�\xEE\xEE\xEF�\xEE>\xBC\xBB\xBB\xFE\xED񇫻Ǹ\x97\xFE~y"\xDDF\xFE\xB8\xFA\xE5\xB7d\xB2\x84m\xFFp\x950\x99\xD9t\xF2�/ \xE3Y&&\xDB+\x95J\x96*)�ds\xF5\xE9\xEA\xE7H\xB0\xF7\xD5O�\x93\x9FJ-K\x85\xD2 I\xC12aŸ\x9493\x9C�\x92Q\x9C\xA5F\xCA(e\xC1Ǥ�\xB0\x9C\x94\xF3ͦ~\x99�v˼-f\xABz\xFF\x92\xEF\x97e\xF5t\xBA{n8\xB3 l\xBB\xBF\xC4�#�k\x84�\xD1\xE3\x84�͌�\x8E�\xAC|\xDA�\x8B\xF2\xD7$�E�g\xA1\xE5\xF4e].\xD68\\xD7MK\xD0|\xCD\x{DD20}�\xC7~\xB1ė\xB6\xC6gs\x98o\xCB�\xC7\xDF�\xAB|[.\xE8\xE5\xC3'�\xE0~\x9B\x93i\x9B\xFC\xB9p�\x9F̲\x94q+܎8\xCB\xD2Tx\xFE\xFESW~JJSR1\x9D�\xF8\x8E\x82s|-=3\xF0 Q uM8ۼi\x8B\xBD\xD36PI\xC9\xCD\xF41|Y�\xAB\xFC\xB0i\xF1\xA5l��_\xDD+\xDB�\x98�\x9A%\\x81\xAExN\xFE{=\xD3I2\xAD\x80\xA1\xAFq\xF8?\x9C4\x902\xE8��T\x98s\x83\xE4\x83L�CE^5\xC4\xEC:\xA7\xE5+b�%\x84_awnk3\x94\x8D0�\xB3\\xA4C\xE1\x84\xED;ݙ e\xA6/\xE5f\xE3F�\x85�\x90]\xB1�J\xDBb\xE9\xF6\x9Fd\xD3\xC7\xEBLLk\xC4)\xAA|\xBE!\xBC\xB84\x8C{\x82�\xCA7\x88\xDC8EY�\xC7\xE4\x94q\xC6S\x90B\xF2\x96r\xC3>�W\x86}\xF0\xBEh\xF3\xEA�$\xFB\xF5\x9B\xA2u.�\xFC\xCE'd\xCBK@\xCAd\xFA\x9Co�Naܸ�5\xD8\xE3�d]\x8D\xB0\xCEe\xC6�#\xEC\x97�\xB1q\xFE2l�\x8Ei\x84\xAE`Z+3$\xDB\xDB\xDE�U��O4M)i�\x87\xE6 \xF2<\xE2ˢ>T\xA0\xCD;4\xF5\xF2\xB0 \xE5\x90�$#\x9D\xC3\xEA+G[>�7\xEE\xD0\xC1\xC8\xCAj\xE1\xCE6�\x96�:\x80�\xDD\xEC\xEA\xAA)\xE7\xE5\xA6l\x8F\x88\xE0\xF4\xCE#D\x8D `\xBEX�M\x83\xE3E]]\xF3i\x8BLl�֬\xEB\xC3f\x89c"\xDC"\x95\x97\xB2]\x9F\xACL6\x89�\x8B\xFD3\xDA'\xB1Z\xD5m\x87\xEEv\x97�w\xE5\xFDE\xC3\xE2'\x88]i\xE6\xBF|\xA8�\xB7�T�
-K�
-G\xDD \xBD\xF6�8pؚ��\x95\x9D`E\xDE�\x82\xC7s ز\xE6H�\x9D!
\x96\x87\xD0�\xFCx\x9B�i\xD9?wuS� \xEE\xB6Cn\xC6\xF6\x85\xABmP\x91]LtK\xBAgY5\xC5"2\xE3 \xEF?\xE23_.I\xD6
-�\xE6y\x83\x8E0\xE9�,ujS\xF5N� \xE8%�\xA9m\xF3\xC5\xEF\xCD\xD7\xF8\xD6�\xC5i \x92&q^g\xA2]\xB0\xB3\xD2�B\xFC\xB6\x9A\xE0\xE0\xA1�\x89�\xFA\xAC\x8F�\x88Ψ\xFA8T,\xDA2\xEC\xD90yʊ↥Z�y9�\xDD�\xEB
-�\x94H at ot6\xE4�U�\xD6\xDF\xD6}y/\x8B6/7\xA8s\x83\xE4\x842 -`\xA03\xFEz\x9A\xD0Ǻ\x9C&D\xACΓ>\xEBYs\xAC at w�\x8CR\x83��By\x96�\xF3:��k\x84\x89A\x86\xA04\xB3V
-\x99x\;_$L:\xADwtB0~\xC9=P\x83z\xB6\xD1�yåƒ(G�\xA0\xC9à \xD9Öµ\xF7��\xB8\x87�X�Rz\xBA\xC2\xF9[\xFCz�\x84W�D\xE33\xAF\x96'�\xBC\xF3\xD3)�V\xA9\xA15\xFD*\x84\xAA\xCA9F7\x98\xB2\xC9\xE7ŦqP|G\xDAf:/\xAB|\xEC\xE3\xB80i\xB3\xE9\xF7\x90\xE0t\x8EI\xD8·�\xE6\x9C\xF6\xA2\x897�x�#\x88\xE3\x97"j\x94[~]T\x88\xBF,Л��pHË›1\xCF\xD0\xE2�8\x97\xB0\xEBL��\xC0�ñ¦©ƒ\x9E\xF6i\xF9|�\x9CEKn\x84Ы\xFA\x85 O�i9\xB9�\xF2\xD4\xCE�\xD4\xDB"\xAC\xB2\xAF\xA2GÚ‚GÉŸ\x8Aˆ\x90j\xC3\xE0(\xF4\xEB\x86\xD0Ǻl��\xAB3�\xAF8\xABbf�`\xCCP\xBF\xA4\xAF\xAF�\xB1F���\x81H\x99Õ§��\xD2d%ÒÒ¹!\xA5\xC9J\xE8.Mv\xF0\x98&\xBB�\xA7q\xEEI'T\x94Ï„\xE5�\B\xA1\xFD�\xAD\xCE.\xFC\xC75au�\x93Q�\xD1�\x9FLS\xA6]\xC9\xD7\xCF\xC5(K\xC8 \x85Ô\xA6�\xB5\xAB'\xD43?\xED\xF2\xAD\x8CH\xF9\xE0&d���F>Ç„g�\x85\xB3D at Y\xE1\x93b\xF8 \x8F\H�i5'\xC2^ \xE7\xAB�R�
-CHM�:\xBD-\xAA\xD6g\xA3<\xAE�2k�.\xF2\xC6ç¯ \xDA-Bj�Ô¾\\xFA\xFA\xE127\xC62\x91\xDA 1\xB4\xB1&l\xB5'>
-\�\xAE\xBFD|Yb\xD4\xE9�\x82]\xAE\x82=\x92\x81\xF6\x84xCaz��P,U:C\x8EA\xDC\xF1H\xA0N\x81N0p\xE0�\xF5\xB2\xF5B�\x99\xBDQ\xEBv8\xAFX.\xE2\xB8M\xCF7\x90_\xAC\xEB\xCDYb\xC1�(A!ܼ\xB6h\xC49[u`\xAE\x89f*K�\xCB�\x8CU
-\xE1\xD36xlJ\x97\x95\xBAQ\xBD\xA2�]
-�p)y\xF4\xA3��1\xC7�\x82*,7\xF2'\xE7\x89@\xAE\xB5\xA3\xF1�\x87b_�R\x9D�\xFB5\x89\xC2\xC1g\x86�\xEBY� �\xEA\xCDs�\xD8\xC5ZI1\x9Bi5,\x95\xDC�\xC7k\xCE\xF9\x94�\xE9ç°¢;\xE1^,E�j\x8A\xB3\1\xE0R\xAD\xD8\xD7\xC19aw\xB5\xC12D\x87\xB6\xA6\xF5�/i\xE5y�$\xC1�\x94IB�T]6t\xD7\xDB e\xDD�\xF5T\xC6I�\x88\xBD\xAA\xA0}\xAC\xCB*�\xB1|\xAE \x8A\xB2i1>\xCFr\xF8�SV)S\xF9:��k\x84\x87S\x85\x95\\xEB!�\xC36\x8C;0|\xA0\xCA\xFA࿺x\x92\xC1\xD0\xD1�\x8E\xB88Í™�1(\x9CmxVW\xB3g5r4&\x85\xA3QY\xAF&\xF5�\xECv\x9B\xB2h\xBE\�x\x92\xB1�\xB2\x9E�\x9C\xAA\xE3Èš\x90\xC1g2V\xE4\x97\xD5\xC1\xE5\xB4R\xA7o\xA8C�\xEB�u�X\xBE�CKD\xE9xk\x9B\xB5嶨�\xED\x99^\x80X\xB5\xB6\xF2u^"\xD6�3\x83}k\xE0FezÈ\x97\xAE\xEB\xDB\xE4[W\xFC\xE3\xD8{/x:\xBEh�\xD0z\xBEd\x8F�rX\x89�\xD3.M\xF5\xD4Z�F�\xE9|\xC1\xEB\xE6\xD7x\x98CW\xE4�\xFBd\xA1�m\xCAÐ\xB3)TP\xC9I\xB7�\xBD\xD3Lh\x97�\xAC\xBA*Ê€k\x82�
-\xD6sZ\xA3C�\xCE\xF4\xB5�\xE6`�
-\x83mY\x95\xDB\xC3�Q\xA2.\xF1AsN\x80\xB8d\xD0�\x9E\x8C\xA9\x92bZ\xC6FM$Þ†\xB5\xB7\xF9\x9F\xB4
- at GW\xC9\xC07\xA5Y\xF0Mrt�\xDA~\xECJIm\xA1\x9AmQ\xB8\x9Er\x8B˵\xD7|Z\x8F,\x92f\xCC��\xACbl
-���[C\xFE@\xFD�(X[\xCB\xC4�#�\x9Dag\x8A\xD5k\xE9ļ\x88\xF9=�\xA6\xE5XN\xE9�Q\x96\x80ÇšI\xD7<O\xD2xS\xC05K\xAF\xC1\xF3%\x90ϸ\xCE\xD4*_�\xCD�\xFFP\xD1 at VÍ…\xB6\x9DR\x8B\xCCeqq\x92\xEF�\xE1�\xC1\x87]\xBD\xF7\x9Dg�R\x974�\xA1\x81\xC4c<vc\x8Ab~r\xF3�\xA01�\xBB\x97^P\xF4ݧ#\x82\xE7ÔŽ�f\xAF\xF0\xE1Ð H\xFC\xE2c)\xA3\x82T\x83;q\xE3\x818�]T\xE0DGv>\x8B\xB8�;\xC1,s4\x817\x90\x8D\xAA\xF43H+\xC9,��\xC2l\xF3\xDF}Ú¡\1\x8AO\$wÖ¯R/\xD2\xF0}��ϵ\x91��\Ë m.ܸN\xD2ig�Ü´\xB4\xA9\x9AH�1>\x91\xE6s\xAEf�ˬ\xB5\xE3�3\xB3Hq\xD6'\xE9\xFD\xE4\x80? u\x9C4Jt+cu\xD2b\xE8�0\x99BÉ—f\xD9\xDF\xC8d\xA0\xF8�\x93)�\x8E\xB2fȤ�\xE6o'@\xB34#�\xE9�\xA9k0\xEA\xE0\xCBa\x84\x8AA\xE7\\xE1 \xE7\xC1/H\xC1�\xD8\xEB\x89\xCE
-\x8C-��!\xBD\x9B�O\x9C\xC4Ys�%�\x93\x92\x932\x86\xD2�T\xB2a\xBF\xE1b}\xD3!\xA7\xF24%
-\x99h\xF4I'\xCD\xDE�\xC1\x81\x95\xBBͨu&�F\xD9\xE7X\x90`\xD6\xC4�7VhA>\xFD� \x8Bv}��\x85ÅŸ\xF9�\xB8\xB8�\xB1\xA3\x99�g\x99\xA4v\xC0vÇ\xBF�\xA0\x8B�(Ù™avp\xF7q\xDA�:\x99\x89\xB2s#\xA8\xA6Õ€\xDA?8xf\xC9�\x91\x83\xB7\xAF\xB8~\xED^�V\x92\x89\xBB\xE9\xE2]|\x81\x80\xA5\xBA\xFB!�\xBA\xF7 \xAC\xF2-\x81\xA2��(6\xF3d8S\x80\xF835\xE1>� \x91\x82\xEF_×\xA1\x8A\xB9)(�\xA7�&$�\xA3\xB4q\xCF�\xE6\xB3b\x80\xE4\xD5�\x9A8Y]\xBAN\xD8\xE6\x8BuY�\xC3HY�\xA4\x97 \xBB`�\xF9%\xBD&i\x8F)iWã¨)\xE4/6S_\xAC\xA5a\xFDW\xDA�\xF1\���<F\xFFn\xE1\xDC�×\xD83x\xFF\xF1Y�\xE9�\xFF\xC1b\xE7\xD5�\xF7;\x83Þ–�\xC7{,�\xF8#u\xB6\xD9Ù³�\xBB�\x83<\x98K5\xE8\xC7P_\x87\xDA2�\xBC\xE6PT\xF9\x84�\xD4\xEAH\xC0u\xE8�\xF5=\x9E���1 �\xF2�E;W\xBE\x88\x82<Í»\xBA>\xAD(T\x99\xC5[ÖžP�\xBA›\xC0\xC9�\xAA&m\x8C=\xF5\xBE\x8Bz�S\xAD?\xFAE{STm\xF0v��\xE4\xAE\xC7t\xEAß®u|\xEEm\x86H\x9Fu\xE18\x9C\xE2e\x9B\x98\x93l(\xB1Óœ>\xC4Th\xB0\xAE1L'\xB1B\xBC\x90,\xF8_�H\xAB!!\xF7É\xFD\xCBq8R\x9C\xF5I\x9E\xC7an \xB7�\xF3\xEFV\xBE\x98,�\x9E0\xC1%\xFF\xFB\x98\x8C�\xDF`�p\x98Hx6d\xF2R\xB2 %\xB9Ñ¡\xECA\xE7\xDA?\x9Da2\x99\xB8�\x89\xB6\xDDA:l�v\xE7\�\xD7d�N;\x82�\x80b,\xEB\x82T�}!\x80\xE6\xD7.\xA7�\x8A�\xA6\xEC\xF2\xBD\xBBmÅž\x96Θ�\x!
A7]Ô¦^\xFC\xEE}\xAE\xB4d\xD2\xE0\xC1sl\xECZo
-8\x8A�\x8D\xAFCg/IW\xA5\xA1�pdQZ���SDlE�\xAE\x89\\xBD+\x80Q\xB4 at xm\x8E \xAE-\x8E\xD79\xD1)\xAA\xFA\xF0D|\xDD~|O\x98\x87\x9D\xF7\xA4\x83\xF8\xC2{��ь6a\x93\xE9\xAFP6G+[\xE0\xED\xBE\xC3\xF0\xFC�*�\xAD\xBF\xB6u\xBF\xDCh�\xEA\xC5�Ї\xFBw�\x90*\x93\xFD at 9\xF8\x96*�\xCBp\x97\xAEd\xB0\xE7
-v\x92\xFB8aI8\x80\x84\xEA\xD0\xE0T�\x93\xB16\xEE\xF3�\xDEn\xB9\xA0�\xF2\xB1�\xDA;�\xBF^\x86q/���Q\x94 \xAC+\xBFa\x80\xA2PÝŽ\x9Do\x844\xAA%t�,|�\x82\xF5Ð(i/\xEB\x93k:Ó9/\xD6\xF9\xB3s\xE5~\x9A\xA5\xE8a\x93n\x8B
-f2 Ê›\xF1\x8B\xB7�\xF4\xE3Å°Óž1\xAF|\xEB\xF2\xC2\xD8`\xE6�[4 �\xDDo\xCB\xC5a\x93\xEF\xF1�\xC5\xEA0N[\xCF\xF0q\xE1+7�\xE0�\x8B\xC3ry\xB0\x83�ý�\xC6'+\xEE�Ý€\xE0|\xDFZ\xE6\x9C\xFAA\xBC׺&\xEE\xFC\x81{�\xC3R�\xAFg\xA5\xC9�\xEB\xECK\x82\xCCs\x98\x89\x9C\x95�7\xFD~\xF2�)\xD1&\xD6�\xA1\xA7\xF9\xB2.\xF0\xA7:'}\x8A\xA6�\xDCP\xA2^\xF4\x920Ò\x8BE�\xEA�\xBB\xF4\xABB\x9925\xFE\xA3\xBA$\xB6u\xFE\xF2/�\xBB\x9Fc*W\xE0\xDA�\xF7�\xC2X\xA6\xA0\x9E�L\xF9�\x8B=\xEF~BH\x91Z\x8C\xB0\xFE{\xED\x8DPendstream
-endobj
-1732 0 obj <<
-/Type /Page
-/Contents 1733 0 R
-/Resources 1731 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1723 0 R
-/Annots [ 1735 0 R ]
->> endobj
-1735 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [369.8158 647.9776 418.5625 660.0372]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_security) >>
->> endobj
-1734 0 obj <<
-/D [1732 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-490 0 obj <<
-/D [1732 0 R /XYZ 56.6929 399.7353 null]
->> endobj
-1736 0 obj <<
-/D [1732 0 R /XYZ 56.6929 377.2387 null]
->> endobj
-1731 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F48 1238 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1739 0 obj <<
-/Length 3037
-/Filter /FlateDecode
->>
-stream
-xڵZKs\xE3\xC6�\xBE\xEBW0'S\xA9�\x8Cy�\x83ݓlk�\xB9b\xD9\xDE\xC8UI\xD9>@\xC4HD- \xD0�(y\x93\xCAO\xF7t��P\xA3]\xD9I\x8A��z^==\xFD\xF8\xBAA\xB1\xC8\xE0'�֤\x99*\xF5\xA2(uj2a�\xAB\xEDY\xB6\xB8\x87\xBE\xAF\xCF�\x8FI d:ꋛ\xB3\xCFߪbQ\xA6e.\xF3\xC5\xCD\xDDd-\x9Bf֊\xC5M\xFD\xD3\xF2˿\|s\xF9\xEE<\x91&[\xE6\xE9yb\xF2l\xF9\xC5\xD5\xF5WD)\xE9\xF1\xE5w\xD7o\xAF\xBE\xFE\xF1\xDD\xC5y\xA1\x977W\xDF]�\xF9\xDD\xE5\xDB\xCBw\x97\xD7_^\x9E'\xC2��\xF3%\xAF\xF0̄\xB7W\xBD\xA4\xD6\xD7\xEF.\xBE\xFD\xF6\xE2\xDD\xF9/7ߜ]ތg\x99\x9EWd
-�\xF2\xEB\xD9O\xBFd\x8B�\x8E\xFD\xCDY\x96\xAAÒš\xC5#\xBCd\xA9(K\xB9Øži\xA3R\xA3\x95
-\x94\xCD\xD9\xDF\xCE~��\x9C\xF4\xFA\xA91\xF9�eSce��\xA0\x941�\x9A2͕T^\x80\xDF�6C\xB3\xDB8< \x8C�\x93\xF1:K\xA1U\xC2&8p\xD3\xF4\x83k\x93\xAEM�r�<]\xDC\xE4i!\xC6\xC1\xDDnh\xBA\xB6'Y\xAD\xAA\x96�\xB7\x8E\x9E\x87\xDE\xD5 h%@\xA2ݞh\xEE\xB7j�l\xBC\xA2\xA5\x{1543E4},R\xA5\x95]\xC0-\xA5EV\x94O\xF9I\xF2,[\xFE\x8B�U\xFB\xE1
-\xB5\xFE\xFD�W�\x96�!\xD2\xD2�\xF9\xCC\xC4]\xB7�\xA8%\xA4ҳ\xC5\xFE$\xB3L\xBC\xAEo\xED\xEBן+\xF9&\xBEÉ(`?�\xA2\xCBI\xC0\x8F\xCDf�g\xCD\xCCҵ\xD5-��\xDAz9\xAC��\xDBjˤ\xDE\xED�ܞ\xA8]K4\xE2�)F�\xE5\xAE\xE3!\xC0�5\xAE\xBE\xC7s`_U\xD7\xFBsa\x97\xAE\xEF]O\x9D?g&{l\x865� bߴ\xF7\x81�`\xAF^U~Zͽ\xDD\xEA\xBD�`\xA2x\x85wda\xA7z\xE4*"O\xE2Q\x94\x86\xA5'J\xBD\xEC\xEE\x88B\xBCa\xEB\x847�4\xAC+\x9E\xD80\xA5\xED�\xA1\xA5\xA7��\xF6\xECh\xF2\xCFY&\xA3\xAE\xD9\xC5�\xE9xX\x9Cһ]\xB5\xAF�G}t*\xDE\xC7��\xA9\xAEZ\xAD\xA9\xB5\xAD\x86\xD5\xDA\xD5\xF3�\x92\x8F\x99\xB0\x9E\xA2X\xC61�m\xBC9/\xE5\xB2#U\xDEV\xEFY\xD1=\xFB\xD8�w\x8BmHl\x90"R\xBB㧿Ul\x90\xE4<\xE9\xB8\xFD\xAB\xD1~"f\x92\xBD\xD0>ڮu/W\xDF+\xB8I\xA9�̊x�)a?\xF3r�\x91Kig�\x82\xD6\xC6\xEB\x97�\xA4\xB4s\xAB�\xAF\xD8\xD5xR-Y\x800d� \xB4ɢp�\x89�H\xA3(5\x8B�h$J=\x8A�IGQRס\xDD`\xFB\xE9ɔЩ\xCD
-f6\x89\x9DG\x80\x90J\xA3y�\x9DAL\xCF\xE0\xF5$\xD1�\xAC\xA4\x84\x98�\xCD\xE3ڵ1\x81�i\xA9 �К\xE8�\xEA\xC8\xCEJ\xA7Ҙb\xB2\xB3\x92�\xD8\xCCC\xF7\xDE;V��xoO\x97\xCFu\xAA\x8A\xF2\xA3\x87�)Ŀ\xF2d\xE9顀`\xF1^b\xEC��\x82 at a_\xC4~Σ\xD8?\xC2.\xE1�q�\xEF \x81\xC6��(\xDE��%\xF4T4\xCD�\xFF\xE7%0\xB8\xFD]\xB5\xF2\xCE�zn?\xD0�Hm!�[9\xBF\x82\xDA\xDDU�\xFC\xD2\xC89\xD0�\xF0(\x99\xF5#���\xD0^\xF0��X\xCD��\xB7g+\xBD \x85:*Љ�\xC9<\xE5�ЈT\xF0�j\xE2��\xA0\x8E\xBAs}\xFB\xD9@�\xEF\xDB\xEE\xF1dl\xD5\xF6\x8F4�\x88�ͩ\xE8\xF5׃\xEBь\xD0Q�\xE05y��)
- at VqJ��\xF2*�sF>\xFA\x98� )\xA4J\x8E\xC6\xEDWJ\xFA\xEE\xB0_\xB9\xC8q\x93q\xF8L\xC6G\xC5\xC1+\xC9s>Un榈=�e\xA0\xC1W�c�'�\x8D\xA2�4\xFA�:l\xECD\x86��\xAC'\xB9)�G\xE0 &\xF3h\xD7\xF2R�\x89�h\xA8.(/\x8A.\xC4�\x8Di�'a2Ç\xA8~LO9\x95M\xDC\xF7\x81a\xE4E1\xF7})]A\xD4P\xB5�\xD5Q<\xBCzV\xC9T\x91j+&.\xE8\xE9JeZhcxÄŸc\xAC\xA5\x996\x813\x8C\xA0�X\xE1\xBE\xE9\xDF\xFBP�J\xAC\x96�\xA3\xC1\xD3\xFB\xB8�\xA2\xFB\xB6��\xF2\xD1$.\xEC\x9C� �v\xF5=\xF5̽.�p\x97\x98\xF3\xCBr\x80\xC0\xA3G\xBD\xBA\xBE\xF8\xEA\xAB'�\xDBd%\x80]Q,t\x99c\xF01/\xC1\xD82-\xAD\xB5q\x84\x9D\x8C+&\xD3% >O\xD93B\xA6�\xBA\x8F;#\x97�\xD7\xFF\x88���c^\xEA\xE2(U\xC1\xC1\xC0d\xA9\x94Æž��
-hO�\xF2�g\x8C\x9E$vǹ\xB6\xC1\x9Fz\xF3\x89p$ҢT�\xD3�\x88gY9"\x{E2AA32}�A\x89Q)JKJQ\x96�\xA5\x80`\xE7\x95�:\xF7`\xD5ݖ�\xEC\xCE\xC1 \xA1i\xE3K{\xD8\xDE:^\xE1\xCEkG�\xC63�\xF0%\xAB\xAEE\xFFq\xA0\xF7\x9A�\xC1\xBA\xF7n\xBE\xFF\xAE�\x80W�\xED\xB0\xE3\xB5Z&\xB0\x84\x81t\xEB\xF8&,DZ�B\xB3\x8B \x87\xE3y\xA2\xE3�\x8C�\x91D\xBET\xC0\xE1\xC0r!/[ެ\x99\x85��\xAB \xBEP\xBD{\xB6\x9E\x91\xC1\x82\xE1.Rf\xE1\xD4�i\xC3����&U6�v�L&�:9Ի�7\x8E\xF9�\x9B\xA5�2\xA6\x89Q߅\xEB�\xF7\xA7�o\x85�P�&@\xA2X�5\xDD/OXl2Kmy*\xB6\x8F\xB0�rΤ6\xA7\xAC()\xBC'&V\x94\x94!eD\xFDQ%\xA4\x83\xAB͡\x86<\x85:)l\xC0�/\xE0\x9E\x88'\xA8Dx1\x86\xD1�1�\x88\xE2V��\xAF�\xBA\xA6\xFE\x94 K\xC0xZ�\xC9ǥ��\xC9\xF2\xB2\x98/;\xCA�\xAC\xAA\x94\xCA\xCC3\x8A\x8F
-�\xACLH9O\xA4�\xF8\xB3�\x85s�̓\xDB�m\xA4\x9Dx\xDE<- �\x83�\xCE\xC81=�\xF9\xC9\xD3�Y\x9D�F\x88\x97�\xFE�\xFCJf?* Q\xA6\xCA�:\xB2Þ³\xC1\xD2\xE8<VI\xA0\xF0\xE2^ÇŠ� \xBES\x95K3�\xC0\x8C{JÞ\xD1t!$l%\xC1-&p
-\xB0\x98\xA3\xE7[�\xFD\x9Et�Ϻ\x90ejmQFf\x99\xB4,\x8A|:\x89J�\x89(TzÔ‚8lxÊžV\xA9\xCE\xE5\xFF\x9B\xBBS('J\x91J_O\x9Aç±\xC0c\x84�\xBF\xCB/\x81\x8EN"HDYd*Ř\xA3\xB0\xEFy\xF9\x9A\xDE\xD9Z\x80\x8E\xED,\x99\x8C\xF8\xB8|\xEAS\x9FMU�\xE4n\xB9\x9D\xA5*\xB8\xFCj\xEDVï±™/\x9B;"Q\xAA
-\x8Dn\xE7 6z×…\xFD\xFD�\xC0S[ê¢ Ö±o ��\xF08ÕŠ\x87\xA6\xF6�N��DU\xA8}t\xF7\xFBj\xBB%\x8F\xA8\x8C\xCFu \xA0\xFAt\x87(>7\x80'\xD9È°o\xA0\xDB=\x84\xCE57<;г\xFD\x8C7a\xCF\xC0s\xC1\xBD\xE24z#O
-
-\xB7[\xBB-beȺ\x88\xE2o\xC3�K5e7\xC0'csd\xBC\x8D\xD5Q\xC6\xF4�\x84Qh\xBA*\xC8Z\xAA\x87\xAA\xD9`e,vM%�h\x91\x9BO_S!\xAD\x9E_�l\x81\x85�\xBF�]�PV\xDD>8Ѯ\xA5\xF8\x82\xFD\xE3%\xC1\x90Q \xD8\xE1\xE3\xCD�\xBC\xBD\x822\xA8Ǧw\xE8\x8Dm\xE6\xD3-��ٯ!U\x85\xF3\x835\xAAL\x9F\xA4E\xDDc;w˯?]\xCFyb^Ӛ�\xE3!_„pK\xAD\xDC�e\x9E)\x85\x8A\xB8y\xFD\x815\x9F\xAB�\xD1�\xD7\xDD \xEE�`C\xCEe1\x95�\xA0(cڕ\xD9P
-\xB5\xC7\xD8�\xED[\xA6\xF5\x87;�\x8Av\xBCj \x9B\xDB| \xFA\x86B\xC1=\xAF\xC8UQ�\xEFV\x87}3�q\x9A\xD5\xCB�\xEA�\xB3B\x93؇",�n\xFE\xE9B\xDFε5\xEFM\xC5W\xBB|\xA8\xF6Mw`\xE2\xAEJb\xC5O\xB0I�Z\xED�\xB4�\xCB\xDB�\xEA�\xE0\x97GT�\x85�\xB6\xE0
-6\xC86\x92\xE9ܫn\xBBu�\x9Aˆ\x86g \xD0�*��\xE1\xC5#E\xE8\xDC8\xC8ƈ$re55\xF9\xAEp �*\xC1\xE4ۆ\xA8%\xC5w\xE8�\x81\x91\xEF\xD8}@\xA0\x85�g\x96\xFB;\xE1m6}G-�N#�B\x86#\x82�C\xA7�\xEEyb#\xD0�\xC08\xD0}Y\xCB��J�\xBC\xF7�\xD4y\xCBK
-]G\x84~\xEB\x8B8H#|*��{\xBF \xA4\xDDa\xBF\xEB\xC8ؤb(/F�-\xF2#o��x\xB3�=_;n�\xB9\xB8\xD5�'\xF955\xB0\xDDD\xBF\x80`\x90\xD0J|\xDA\xFB�9\xAD\xC6\xE1\x92\xFBsHC\xDA�<�z�9r\xAB\x97\xAD{\xE4!\x81m\xEFB at 57\xF4R�\x86n��d\xC5z�Coyn\xB5\xDBm\x9A#\xD7\xCF\xD4��\xFDg\xE6\x8F1\x8D\xEA\xB9\xE9\xAA:\xA4\x9F\x89\xCET
-\xC6wR\xBE\xBC��q\xF7\xF4t\xED
-`Lu�\x90\xB8\x8FE\xF0<\xC9\xDEb\xF1^\xC1\xB2\xB2\x90\xBF�D\xE4y\x91�\x93\x9Ff0/_\xD4\xFD�b^5\xE4m\xE0�=�\x87t\x8FZO���\xE0) N @|\xB2(\xE6\xF6�\xF3g\xFE[\xC0џ\xD1g\x80z\x86x\xA7\xF0\xBF\xEA;\xFC\x90\xC4�\x9B\x96|\x97\xAFt!a\x92MO\xBF@�>Cu\x81\xEB
-\xBC
-��\xFD\x8E\xA8b\xABʣ\xEE4\xF6\xA9\x83]\xFA\x88y�&\xFF\x84y\x80\xB1
-�\x8E�_Q\x9D�\x89\x8Fc\xBD-\xA2�6O�\x84\x89O\xA9\xADD��\xE0!�YO\xAB{\xD3\xC7�\xE3\xA5us\xDB�D!)d\xF4\xE5\x84�\xBE\xA3g\xDFm\x99��
-\xA4�TMD\xE2\xF4\xAB$ 6\xC8d\x84\xCCN Û\xD7WG�\x97\xEC#{zaT -\xFAJ�
-\xB0\xE7\xEE1\x8Ay-\x9C}\xCC\xD7?b\xB22ˋ\xD9\xD9[\x820~\xBFa\xDD�\xC2N\xF4 A\x84\xEDw\xFB\xE6�\xFC\x9C\xD71\xF0\xA8h\xA3H&Ђ\xFD�V\xA0\xB9\xA1Z\x9Dϥ\xFD\xD7[h!�\xF0�D\xD0G!<0">\xC29\x90�*#\xE6\xCA\xCE�*i\x8Ez\xAC$ \xBF�\x93{\xF2�\x86\xB3\xF6\xF0I��'y\xBD\xF6A\x8E\x8A��W�\xC8~]�
-�\xF8\x9Do\xA0.\xBCS$\x84\xA2\xB7d\x98\x8A%�\xAD\x8E\xEBG0\xE0É´j\x80{\xDC1\x86\xCBb\xC5:�: \xB7\xBE\xA2\x8A�\xAF\x87\xDF\xD2\xFDrYA\xC7BTC]\xDD\xE6@\x86�f\xB2K\xEC\x89�\xF0K\xED6\xD5�\xBCH\xF2\xB4\xB8���k\xD6�1\x8F \xAA\xD9\xE2Q\xAB\x96G{\xFF�\xCFS\xFF;�\�K�w\xBFc\x90�\xBC\xE3\xE9\xA19\xE8\xC6>\xE6\xF7Õ�\xCE\xE8\xE8X\x9A\xF6\xC4\xFF\x80K\xF5\xF7\xC6\xFEf\xEA/|w\xFBÐ\xB6\xB6 \x8D\x86h\xED\xF3P\xCCxQ\xD1\xC7BS\xC9\xDFQ\xD2�k>/^\xF5\xE5U
-\xAB\xC0\xE1\x9DV5"\xC7 \xE4�\xFF\xC7C\x84\xBF\xE9\xF0\xD8�X\x94I\xF1_'\x91\xBF\x9Bdc\xF1\xE1\xBF\xFEs\xCB\xF1\x9F?X\xBC\xB2V\xC6\xFF\xB7�\x985\xB5\xB2,�S\xFE\x93\\xF9\xE4\xC3@\xF8�\xCCS\xD6\xFF�\x9D4rUendstream
-endobj
-1738 0 obj <<
-/Type /Page
-/Contents 1739 0 R
-/Resources 1737 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1723 0 R
->> endobj
-1740 0 obj <<
-/D [1738 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-494 0 obj <<
-/D [1738 0 R /XYZ 85.0394 565.2444 null]
->> endobj
-1741 0 obj <<
-/D [1738 0 R /XYZ 85.0394 536.6737 null]
->> endobj
-1737 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1744 0 obj <<
-/Length 2614
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�]s\xE3\xB6\xF1Ý¿Bo\xA5gN�\xBE \xB6O\x97;\xFB\xEAL\xE3\xBB\xFA\x94\xE9\xB4I�h \xB28\x91H\x9DH\xD9\xF5\xFD\xFA\xEEbA\x9A\x94(;\xA9\xAF3�Ϙ�`\xB1\xBBX\xEC'$&�\xFE\xC4\xC4Xf3\x99M\xD2L3Ã…\x99\xCC7g|r�k�\xCEDÄ™\xB6H\xD3>\xD6\xF7\xB3\xB3\xEF.U:\xC9Xf\xA5\x9DÌ–=Z\x8Eq\xE7\xC4d\xB6\xF89\xB1L\xB2s\xA0\xC0\x93w�\xAF/\xAF>\xFCt\xF3\xF6<\xD5\xC9\xEC\xEA\xE3\xF5\xF9T�\x9E\^\xFDí‚ �7o\xFC\xF1\xED\xCD\xF9T8#\x92w}\xFBivqCK6\xD2\xF8\xFE\xEA\xFA=\xCDd\xF49A\xF4\xE6\xE2\xF2\xE2\xE6\xE2\xFA\xDD\xC5\xF9\xAF\xB3�\xCE.f\xDDY\xFA\xE7�\\xE1A\xBE\x9C\xFD\xFC+\x9F,\xE0\xD8?\x9Cq\xA62g&�0\xE0Ld\x99\x9ClδQ\xCCh\xA5Ú™\xF5\xD9糿w�{\xABa\xEB\xA8\xFE�gRY9\xA2@)\xC7�h2f\x95TA\x81\xD7U\xE3\xFF�\xA7ʺ\xD3\xF3,ɘa�@\xC1\x93\xA2lv\xE7\xC2%\xD5b?\xF7�\x9AkV���\xE4E\x8F\xBCЊ k,�\x85\x84\xF7\xB5\x9F~\xD9\xFB\xDD\xE3\xB6\xDA5\xD3mU\xADãž¾H�\x87\xABL]\xDCRm\x9B\xA2*#\x8F\x8AD\xA9\xF7[$@\x939\xCD�ba\xA2ZÒ·\xDE\xCFW\xB4\xB6\xCB\xCBE\xB5\xA1Y\xDCX\xBFA\xD8%\xB7\xFB�\xF9O\xA6R)&\x8DÒ“\xA9�,3F�\xD6ͪ\xA8\x91\x80}�\x82\x9B\xA4\x9D+\xAB\x87\xB8x[Wk\xDFxZ\xBE\xF5\xF3�\x8EIKAK~_�\xE5�M\xA0\x96�Z\x9Do"N�\x88\xC0"\xB2\x88X\xB6=�@\x9B\xFC\x91\xD6ʪ\xA1\x99ÛˆS\xEF\x97\xC8\xE5�\xCE\xE5\xBC\xF0e\xB3\x8E\x88\xB5\x9F\xEF\x89?ë\xB4\xC9e\xB5�\xA7凧DBZ\xB4"�D\xDB\xF2\xBA*QQZ&EC�\xE1\xEC\xF0\xBD\xF3\xA5\xDF\xE5\xEB\xC0
-wFs(\xEFh\x86'\x8B\xA2\x9EW\xFB]~�\xCC�P\xC2\xD5!\xEA\xD6ϋeܗ\xD3g\x9B\xEF\x9Ab\xBE_\xE7;\xDA�\xEF�V\x96\xD5.n�\xB5.\xE5$\xC3c\x90\xA5�Ú\xD6\xC0v\xEEG\xCC\xCA
-f\x85m-\x91tq at o\xAA5\xB8\xA8u\xB6Õ8"<\xBD\xB7#\xB4S��i��[\xFF\x85\xC2BP�~7\xDBu1/\xE8zL\xD0P~\xBB\xF65\x8D\xE8� \xD31ÑŠ\xE1K\xB6[|
-\x8A4\x9Dr *\xF7\x9B[\xBF\xAB\xD9Q\xBC�,�\xC2N\xC0\xAF\xC1\xB7mz">�Ò´\x8FE\xE1A\x8C\x84\x87�\xEB\xB4�\xF7E�\xA0G\xD8"\x9E\x97\xA1\xC3��B�\x82�ĦT\x99\xA1�3\xF2NTUë¨\xE6v.:\xE5i\xED\xA0=H\xB0\x87\xE7\xB5\xD3\xC3zF;-Vg-\x9Df\xA6\xE4Þ‡\xFA1\x92i\xDD\xDF9\xAA\x9F�kD\x8C\x81~L\xCA4\xB8\xE9P\x8E\xD7\xEAGq\xF0-k^\xD0O�\xEB�\xFD\xB4X#\xFA\xD9o�y\xE3!\xA3\xF8\xDD}~lH\x99e\xC28\xF7\xBC8�Öˆ<}EI.\x98\xD0\��\xFAo���g\xB0\xF4È„\xFD]y]H\x96eF\x8F\xE7u�\xCCN1\xABUv\x9A�\xED\xE3 at +\x82\xED\x8E!\xA9\xA7\xFA\xC9�
-F\x94�\\xAB�\xFF��%S)�o\x9CfΊ\x98\xFF{!\xCEX-\x82\x91\x81Ɣ\xD41\xC6}<\x9FZ\x91\xCC\xE0\xBFL\x8E
-�\xA0\xC9S\x99N\x8C\xE6�\xBE\xA1\xE2\x99|\x99�\xC6u\x96)B\xEA\xC1\xE1\xACO:��\xDF]m\xE4\xE4}�'\x9A\xF4�\xD5�\x9E\xF6)\x87C\xD9A�\xE1p�\xF8CM\x93\xCAL\xC6[\x86\xC0
-^\x92\xE4\x8B\xC5\xCE\xD75��\xA5#L\x9D�^q�S0~\xBB\x84cU\xDF\xD3�D,P{/\xE3@\xE9\xC8�\xCA�\xE7\x92'm\xEA��dS\xA8Å´9\xA8h�\xBB(�\x84\xD4(\xC0\xF2\q\xCCNap[5+\x82~z\xFF\x890!�Äš�\x8C\xD9�\xAD\x87\xB9j\xF6�\xF0\xA4ÓlP\xAF@\x8E\x81�fr�U�
-\xB9\xC7�\xE2\xDA:�\x90\xB7\x81!\xA4!\x9AÏ·\x90\xABBj\x82\xB5\xAA�)�\xD1+\x9A \xB2\xE0\xC4!�(4\x94U'd \xCA\xEB�D\xCCñ‘�\xA6\xBC\x91\xBA�\x8B\x83\xD4a-“\xB6~\x83\xF1\xBE\xDCF\x9A\xF7\xC5\xDAS}�\xD3\xDD \x8E\xFCTÛŒI\x97\xB9I\xDF�^\xE7\\xE8\xC6&\xB3\xE0]O�\xF8\xAB]_Z\xA6]\xAA\xBE \xAD�\xBC?\x95\xE6�\x9C\x94vØ“aD\x83\xFF;\x97\xE9�ˆN5SJ\xD8o�F\xB4B�S\xFB\xED\xC3H\x9F\xF2\xE90�)�\x8ABh�P\xE2\xCFU(S�\xF5�\xCA\xF1�L\x81 �\xD17�\xE0#�xÑŽf�\x95\x8F\xF8\xA1\x80G\x80\xBA\x98\xD6\xEFÂŒo\x9A\xD0*\xA84#\xE7�\xB3T\xD1�\x876x\xE1\xA0��8@\xA7�ñ¢ºš\xA3\xC7\xFF\x86\xFF|�\xBD\xF4\x94\x87\xF4/\xF9uv\xF3\xFF\xEF!P)a\xBA\xFB�'
-;\xF4I�Q\xC0RA\x84~\xC1CT
-\xA9+U\xDF4\xD1*ЌU\xD9\xFF \xD1\xF6)\x9F\xF6��\xED\xB3\xC9 N��\xF1\x9EBr\xBE\xAE\xAB\x91�\xAA�\x9CO\xA5\xF1|
-\xF47\xF5�c\xBC�\xF9\xF3\xF9D
-}\x96\xD2]��S\xE1a\x8EΘr-yp6\xE86_\xC8\xCE`*\\xB5\xD9\xF9\xB4w\xF4/\xF8u6\xF3\x{DF63}o\x86`sZ\xB9\xE7+r\xA8\x9D \xE0\xAE{/�\x96\xA5X\xCAp\x9E\xFC\xAB*c�:;�B$ᆠ\xD1�\xE9{\xC9)m\x9A\xD2\xD5\xD3c\x91\xB26Y\xE55��?_\xE5eQo\xE2�\xEB+\xFCn\xD7y\x88i bY\xA1l\x9A,\xF3yq. f6y\xE3i\xEAk�% uR\x84!EZ d�\xB0.6E�W\xABȄB(\xA2o\xAA}��\xB1\xB1��\xAA|A\\x9AUތ\xBE\x8C<\xF1�\x9D7\x89�\x9A\x82\xF2\xA0m\xAF�\xEB\xC6o\xB0\xFE�K\x9E\xB5\xB3\xCBj\xBD\xAE�\xE8\xF1\xA7k/"5\xAC\xB1\xE2S@\xA8\xAB\xE0\xFB\xB5S|\xC7\xF9d{&\xB9b\x99K_h_\xFBX\xCF�C\x8B�\x9C
-\xBCvJnsԌq�\xA6�\xFE\xFE,\xF3�k\x84\xFB\xA0k\x85 at w\xC4\xFD\xBD\xC7b\xBC�\xB9R:\xAC�\x95L\x93\xBBuu�\xBDa\x98Z�uCP\xB8HX\xBD\xFA�\x91!7\x86\x87\xAB\xBA\xA6\xFDiDqI�\x9E\xB6�\xAA\xA1\xCD$+\x92\xF1\xE2i/\xED\x8C��\�\xA1\xF6eD\xB8\xFE8\xBB\xBA\xFC'\xC1�\xE0\x90\xDF\xF9:\xD6\xE1�odv\xF0t\xF8\xB0\xF2\xA5\xBF�\xC9߆'J�Q|�\xC5[\xD1\xEC\xBC\xDA>�D&)Z{\xE5\x9D\xDDS�\x8AKh\xAD~\xF1�s\xBD\x8BN�\xAA\x81\x82z �\x91�\xF5\xA8<\x9D��\xA87\xBF \x8Cv\xFF\x80ߟ"\xA7\xEB\xCFC_\xA0\xBE\x82D\x9FW\xE1\xBB \xBB\x84�ab묌IV~\xBD\x8D`\x90�\xBE\xBE\xAC\xF7\x9DZq\x9E\xB4
-�\x9C<t��\x87\xB3\x9B؋ \x80\xB2ĵ\x87b\xBD&\xE8˾\x98\xFF\x86\xFEB\xDBKT-P\xBE\x8B{\x82
-\xE0�G\xCC\xD7\xD82\x85��\x9F\x8D\xB9\xF6\xC7\xE0\x8A\xE1��C\x\xE64\xF4�\xA9\xBB\xF7G�_]��\x8F\xAD\xF0�\xF4\x8B8\xF1P ;\x84|>_\x8D\xBC)J�f\x9Ej\xD5次{�\xBE\xC6C\xBEp\xA6\xCD\xFD=\x83&�\xF4\x88\xAA\xD1,#\xFB\xF8x\xABc\xA2\x8BR\xB7\xF69ؔGs5\x92Y\x93\xA5C}\xB4G�\x97�\x92\xE1\xD1\xD5ᅕ4�\xD9\xC0\xCD\xFBe\xBE_\xB7\xA8K\x9A4
-��ϒ\xAB%-\xC0\xB6\x91\x9F�\xACcRv?�\xBC\xA8\x88��܈K>\x8F\x94\xE9��.\xBE\xB8\xF7Q\xB6\xF0h\xAE�\x9D\xEF\x80'\xE4_\xC8\xECmj�^u\xCCKj\xC6MwA5f\x9F
-\xF8\xFD�"[D\xCEd\x8B8S\x81U\xED\x8A�5\xAD�\xF0
-\xF28x2>\xF1kHʤ\xE0\xE9\xF0\x9D�T\x87O\xE1\x9D: �>\x8E\xFF*\xA2\x8C8\x92�\xA4r2\xF9\xC7
-Õ¡4�U\x83˘Ny\xD6WC`zZ\xFD�TÂ\x98\xD1.L\xD2Qjʾ\xF4\xBC?\xC2VC�R]%6\xC2G\x84\xF7\xCA\xD6\xDE\xDF\xD0\xF3�E� ��\xBB\xE6�\x81\x9D\xB4\xAE\xE1HRÚ¡�\x87\xB8&Z
- \xC4\xC4q,\x9Aɘ\x80Z\xEE\xF7\xD9"V\xEErh\x8BH<F'\x80\xA8\xA5�\xE06\xF0\x95mހ\x99.o \xFC\xE4\x978
-\xBFm\x90\xB4yDƛ\x81�ՙ\xA3��\xE7:\x8F\xC3AQ?�0\xE8�\x82�3�\xEA�\xFCf\xDB\xC4\xDA"\xBA�@\xBF\xC0\x8D\x96\xB1\xD2h�j\xF8��\xCE�~<ʟ�?q�\xE0\x8B\x93\xE5�X\x94T\xD4>\x9D\xAE>zH\xA7\x8B\x8F� \xE5\xDE\xE4\xFF\x9E\xB6\xA5�^\xF8\xB4)6~Z\x94\xC7\xCF\xE7\xD0#\xB9g\x85\x88(\xC72��\xCE
-\xB4]\xB0\xDA�⪼\x85b14\xF2\xBA\xF5�\x80\xFA�\xA8S\x90�\xF1)\xAA\xA4n�\x96\xD7UyG\xBD\xBE\x8Eq\x93 z%\xC0LR>\xD2\xCEMQ\xEE��\xA7\xA3
-9\xCA0a\x8B\xDFm\x8A)\xDD.�\xE9\x99��\xA1\xBA�g\�V\x9AOq\xB9\xF7t-$'\xA0c\xD9Ú$p�mQM\xF7<$��Ql\xF6��\xDC\xE7\xEB\xBD�R\x96.\xB2\xCD�{T5W��\xC7m(Þ¼2�\xC4�\xB9=\xDE5ί\xFE\xAD\xBC\xF7\x82\x95B_\xE8\xE4\x89_�RÇ´�"Q(TtÊ\xAD?\xFE\xA8~,\xFA 8\xA7\xED\x9Aendstream
-endobj
-1743 0 obj <<
-/Type /Page
-/Contents 1744 0 R
-/Resources 1742 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1723 0 R
->> endobj
-1745 0 obj <<
-/D [1743 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-498 0 obj <<
-/D [1743 0 R /XYZ 56.6929 289.0049 null]
->> endobj
-1371 0 obj <<
-/D [1743 0 R /XYZ 56.6929 265.9485 null]
->> endobj
-1742 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F62 1361 0 R /F63 1364 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1748 0 obj <<
-/Length 3618
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDD�]\x93۶\xF1\xFD~ŽE7c\xA1\xF8$\x89G\xC79\xA7\xCE4\xB6k_\xA6\xD3&y\xA0$މc\x89TD\xCA\xE7\xEB\xAF\xEF.vA\x91�\xA5\xB3\xDB\xCEt\xA6\xA3�.\x80�\xB0X\xEC7\xA4\xAE%\xFC\xD4u\xE6\x844\xDE^\xA7\xDE
-'\x95\xBB^n\xAF\xE4\xF5�\x8C\xFDx\xA5�g�\x91\xE6}\xAC\xEF\xEF\xAE\xFE\xF4Ú¤\xD7^\xF8D'\xD7w\xF7\xBD\xB52!\xB3L]ß~\x9D\xBD\xFA\xF3\xCB\xF7w\xB7�n\xE6\xDA\xC9Y"n\xE6.\x91\xB3\xEFß¼\xFD\x81z<}^\xBD{\xFB\xFAÍ\xBF|xy\x93\xDA\xD9Ý›wo\xA9\xFB\xC3\xED\xEB\xDB�\xB7o_\xDD\xDE\xCCU\xE6�\xCC׼™ \xAF\xDF\xFCå– �?\xBC\xFC\xF9\xE7\x97�n~\xBF\xFB\xE9\xEA\xF6\xAE;K\xFF\xBCJ�<\xC8�W\xBF\xFE.\xAFWp쟮\xA40>s×ÐBy\xAF\xAF\xB7W\xD6�\xE1\xAC1\xB1gs\xF5\xF1\xEA\xAFÝ‚\xBD\xD10u\x8A\xD6e\xC2i\x9B\Ï�Y�kLrY
-\xE9\x80k\xF3\xD4y\x91�m:.k5\xC5刅\\xDE\xE6_\xE6\xED>\xAF\x9A\xFBb\xA3\xB2ټ\m\x8AyY\x8D\x8F\xAF\xD2D(\x97\xF8\xEB\xFE�'\x94tX�\xA4\xE8�)*SB\x99L�iyS-\xEAC\xB5\xBA\x99�eg\xFF\xAC\xAB\x82\xA0H^C\xCDm\xFE\xA9\xAC��\xAEj\xFA\xEE�\xED\xF5C\xF8�
-c\xC2)h\x81u\xD9Í\x9E�r\xB3mY�nÔ¬-�j?\x96\x9B
-\xE1,\xE2\xB6\xC5~[Α�p� \xD7\xC3 \xE6J \xEF\x9C�\xE4Vy[\xAC�"\xCB\xD9ݺ \xE9Y�\xF7\xF9a\xD3R�\xB7
-\xD2+鋛\x86�\xB1\xF1\x9B�\x85 p]�\xF6\xD0T\xE3\xC5\xE0r\xCA\xEDaK\x8D\xCF\xF9\xE6P�\xD7\xD5�o\x9A?\xF5�\xB5\xD2\xE8ᆴ\xF6X\xA0YjR\x95
-\x95h\xFF\x8Ch\xF5\xB0.\x88VĚ�\xAD\xB6\xDC�\xF3\xFAО\xC8Vf\x85M\r\x99\x94�k\x82\x96\xA1lya-Jj\x9F\x98w\x87\x96\x85K'\x8A\x85�\xA1\x9Epas\x93\xCD�U���ۛ�\x84\xA4z\x80��\xF6:\xAF"T\xF2�\x92\xA9 u\xD7�
-�(\x84�q\xAB\xBE at y0\x87\xD2\xFF\xBB�\xA5\xF49\x89\xD2G\x89j\xFEg"\x95\xA4V$Þ¸\xCB"\xD5\xC7:/R�\xD6yk5)R
-f%Ï\xD2aM\xD02�\xA9D$i:"\xE6(RFF\x912R�\xEC\x95TG{�p\xB0W\xF0\x9D\xB0W01\xD8+�e\x8B\xE6�{%\xD5\xD0^\xC9(^��{%\x83x�\x96\xB0\x80%"�+��\x8C\*,\xF2\xFFa\xB3\xC0e�\xAD\xADzF\xC0zX��,b!\x87\x9Ab_\xE6\x9B\xF9�\x87b\xFF4\xDF�\xB3N�+\x91B\xFB\xC4]&\xA1Ú\xA0a X\x89�:M\xB3!��7\xF9g\xE4\x9A\xD1H\xCFg2N\xA63)н�2\xEBU\xB9\xCC7\x9B'���\xD3\xE06o\xDA`\xB0\xA0\xBB7_\xCFÚš\xBE\xBFI\xA9\x83%��Ô\xD0Y\xDES�\x9BF\xDA�xApu\xD8.p\x9D [\xCE cT6\x94\xAD5Ñœ\xF9\xD9�\x8C\xE4C\x902\xAB\x93\xD9m\xBE\Ss\x88P$�\xC0C�d�\xA0\x9C>t\xFDܵ�\xFDB\xFA2P\x96{\xEAk\xD7<\xD8l\xBA�\xE9\x947s\x88\xE8\xBE\xE3Õª\xA2}\xAC\x{1DFA31}È«\xD5c\xB9j\xD7A\xA0\xE0\x8A�f\xF7\xEE\xC6\xEB�\xB2�\x9C\xFE\xA6Ü–\xB8!D�\xB4�\xF4uT �\xA8\xC0 !\xAEH\xB8p\x8A\xD5� \xB5\x8A�*\xE0\xF8Þ’\xCDh\xCD Z\xB4:o\xF7\xB8.A\xBF\x97\xBC r\xA8�\x9CA�2�\xD4h\x8A\xAA�\xD6j\x9F\xB1\xCE�6\xA9\xD9\xC4\xD1�\xB9R\x87}ax\xA4�:�΃�\x92\xE7E$\xAFi*t\xE2�ϨwmYWxn\xA5f\xC11\xC2Ve\xD5�\xE8/\xE1.x$h~0k�\xA1�M\x84\x8C\x92E�\x91\xDC\xE3\xE9\xA5
-�\xA6\xEE]\xC4k\x8Ae]\xAD��l\xE0B�K\x88\xCAE\x86\xF1A_,'m\x9B\x96GA\x80 \xDBy\xC5\xF1'
-{:\xCBW\xAB�OF-Қl�[\xB6d\xB67�\x8A�p0\x9C \xBEP\x80>\xBE{\xC9]\xE1\xD6\xEE\xD9Ư\xA9\xF3x4X\xF2x\xB10R6͡X1�\xED\xD4uy' 9J\xBF\xED\xBE�
-\xC9
-\xCD\xC87MM\xEB\xF7\xCE\xC2:mR\xC8F\xA4�2\xAF\x8DF\x9DO�P�q
-\xB2
-\xE0\xDBwwo^\xFF\x9D\x8D78\xB3\xFC!\xBA\x8B\xE3\xF9\xA0\xC1\xF7��\xB1\xA4f�\xB1\xA8\xDBut�l\xB8pj0P8\x8D\xD5�@4M\xCDY\x9F\xE0\xB4�&u\xCF\xF8\x84>\xD6y\x9F\xD0a\x8D�\x8D77v�6�R\x82\xA9\xBF\xB8\x875A\xC0\xC0!\x80\xD3\xF3�8\x84��A0\xB5\x8F\xB6Eg\xB3�u˘3\x8A\x9D\xE01\xC0@\xCB3\xF4\x8F6M\xAC\xD0\xD6ÚVÓ†M\xD1\xD2~$ \xD0s\xD4]\xE8\xEDt��\x82\xEE\xEA\xA0&\xCBÞ.>\xX\x86= \xCD\xE1�EAV\xD5s#d\xB1\xC2z�t\xA3S�c\xC0�l6\xF5#*�\x8E\xA0B\xE27�>\xF0��Ö´ /�e!vK��<�\xF0P~.*�\xC3��+�\xA9cn⸧Ϫ\xA6\xFD\x80Ⱥ%t\xF6�a\xDB5\xEF�O\x8D\xE3p\xEA)\xB3Û§\x88\x8C63\xE0Ä´�1\xC7\\xF5\xA1\xAA\xD9R�]\xC5\xE9\xCD*\x94P\xEF\xCC7\\xAD\x92 \x{1AF5BD}Ç›
-\xB4-'\xB7�f\xBB�{+�\xBD\x95;\xF1V\x96\xD5?\\xA3\xB6�\x92\xE3ԟ1�\xC7\xE3\x9E7�y��\xD1�\x9A�\xAC\xFA\x87\x86��\xE0�n\xA4`\xBD\x81%\xDFf�S\x9Bf#\x86\x9C1)\xD6%\xC2{g/\x9B\x94>\xD6y\x93\xD2a�\xEE\xF4s\x98\xFBz\xBF\xCDO3�gqbv\x99\x88�k\x82\x8A\xA1]\xF1B\x823�\x92\xF1\x8F�\xEB)\xEF\xFA9�6\x97\xE8\xCD�X\xF08\xDD�B|)a\xD2cM\xC0
-\x82G8 �\xA8C\xA5\x835/\xA6|\x99IE\xE6;\x93S�s\xD8\xFF�\xE6\x9F\xDE�\x9CЩ.\xE6@\x85\x99R�\x91I�\xB5�\xB3&^oR'\xC0\x8D:�\x85\x86"��U\x85\xB2\xC9(2\x9C\x96:�\xE6�0䥫�\x8B\x9D�.\xC9\xCC\xD8ĺ\x8Cc\x924\x84\x90\xD4�GX\x85\xB2\x9E_L\xBBP7 \xD4\xF4]�\xA1\xB4P1z\xE7\x9AS\xBE�Þˆ\xBFp\x95+\xF2\xA2\xA3s�\x85w\x92\xF5\xEE\x84Y#3\x91*冼9{_&�Zu1�\xC5\xF7&��\xED'�\xF5\xC3Û\xD4\xC3\xC1�\xF5\x86\xE0�{\xD9
-Bz\x89\xC0\xB2\xE8\xF7.\xC9F\xAEhJd=\x8D\xAD\xA6ΤAÜ~\xFB\x95\x92\xE1\x85U.J\xC6._~b\xDA\xF3\x86v�\xF98\xC5K\x89�ų\xA3\x80\xE9\x94v\xAD\xD2�\xED
-u\xE6\xFC\xDD\xD5MS.6\x8C
-\xD1s\xCD\xE3\xF4a�\x89I9\xD4��~\xAD\xD4gB*�\x83\xFD\x92w\xDF\xD6\xC7\xDC"\x85`��h\x83\x97%hqp
-f\xB6�)"�Ç“\xEA*d\x9D 5\x87ݮ޷Ŋ]�\xA4\xBD\x99w\xA3:\xE9\xE2\x89J�\xB4\xD3&o\xC1�oBY�Ó´G�\xE40/\x80\x94\xB3\xC2\xEEF[\xCE�\xB1?\\x82\x8CQ�\xF6\xF8\x80\xD3yr�\xCB\xC4�F\xA6:\xB2\xEC\x8DYᅣκz\xCC\xF960M\x85�qZÕ\xF7`+\xACﳘ\xEF?\x8EL(\xC5�\xFB
-\xD8߬�\xADN/1aj\xE8\xCBѹ4=\xAE\x86�\xE4�~Y\x8C\xBAt\xE8\xE7rI\x81tS\xDFs\xD7\xDFn\x9C��ZÕ
--U\xE5 @\xC4\xCF^\xBA�p\x8F\x99��1qz\xB8\xCE4\xF1\xF6\xF9Ó«\xE7N�\xD1o*Ó¾\xC9�\xED\xE5\x84K\xBD\xFAV\x9Bj\xBB)\xDB\xFC\x89\xD3 \x8E.j8\xF3\xBE\\xAD\x8A\x8A\xDB\xFC\xCD\xE9\xB3\xE3Õ\xF6�\xA6\xE6M\xCC��O_�\x82h0w\xA6\xF3N\xBC\xDA��\xA4PI\xD2�*-�'ÛÈŸ\x89<�x\xBD\xD4\xC9g\x92\x99>\xD6\xF9È£\xC3곶\x99z\xE3\x81kJ$$\x98�w\xEF\xB0&\xB6�\x84�V��.o\xB0}\x90>T\xEB.\x8F\xC0F�Qk\xAA\xB0\xE0\xB7\xEC�\x83t\xF7�\xA4\x87\x8FA\xD8\\x87`�\xA0�\xB2 \xB0`\xCC~)? ���0 at J\xA9�\xA6�F�k�F\x8BĤgJ�F\xC6RK \xA3\xCEX5�\xCA\xCC\xD8(\xE9JN\xC8B4�Q�\xE66\xB5�\x8D\x932�y\x90\xB8 �\x81\xA8E\x9Ad\xA4!\xF1�\xC71�\xA8�\xBE8\xF6t�)nvEH\xA2 <\xEC\xF0\xCB1>v {>\x93N<�Õ’;\xC3e\xE0D\xB6\xCE \x86$�\xED.`�\xCF�X\xD1rJ\xE7�>\x94\xA5#\xABH\x96-d\xF8\xACW\xE5\xF1\xB8\xC5Q\xBD�\xB0\xA9\xF3\xD5Pe{CËEa\xF2\xF0�1\xD1\xF6\xBC\xFEH)\xC03$\xCF\xE8O�\xEB\x82\xFED\xAC!\xE3\xA7^�\xAC\x81 Rf\x97\xB7\xEF\xB0&\xF6�*P&�\xE4fC�\x82�Y\xD5\xCBı�5\xC8j�.
-\xFB\xEA\xEE}�[\xA4B�\xF5T�\xD1I\x85p \xA8���\xC6\xEC\xAB�\xA2\x9EQ!\xD2� 6MF\xAE\x9F�\x8Cp\x87ѤS=),�\x89Z\xD36Q \xE8[|Y\x86\xF7\x90p\xFF\xF7\xE3\xFB\xE7\xEA,֟\xA8�\xDE3\xF8\n\xC38\xFA\xE2�\xC7\xF0M\xE2T\x83\x8D3\x90b+\xFD-*|F
-!�NJ\xE43\xAF\xF6}\xAC\xF3R\xD8a
-\xA50\xFA\xB1\xEA\xB40�\xA1o\x9A\xF9\xE42��\xD6��×
-%\xD2T\xFA!�\\x81\xEE\xBF\xFA@\xE3X\xD2å²\x92Gs\x8E
-~cP\x83\xB7\xB2\xD0\STIJ\x88]�\xC6<\x91\xBD\xC1\xFC=�\xCD\xEB\xB9��\xAC\xC7qY\xAF\xE2\xE8)�\x80�W\x85�\xA4e\xB7u(s@�\xC3&\x82أ\x83\x85�\xEF�\x9E\x8F\xEC\xFBB\xE5\x8FB\xE5\xCF�\x95\xB6\xE0�\x93\xAEv\xAB\xA7l\xB6\xF0i\x9A\x{13C091}_\xE5�\x80[\xFE\xC4+�\xC5b�8YprY:\x88\x9C\xF0\xA8\xC1;\xB02K\xF0\xDD\xE3\x9AN\xF0�\x8A�\xF9F\xE9 \x9F\xA1\xA8\x88\x8F\x83]D\xAF\x8E>C\xA7\xEC3\xF0Y\xA0%<\xF2�\xD8C~J\xE9\x91w\xE8m\xA9\xD8; R]\x8D\xA8\xE9_"�\xD0%�Rz\x97x\xCA\xC3Q\xF1\xEEk\x99\xE8\xF0\xE1\xC0�\l\xA6)\xFA\xC8\xCC \xFC\xC4\xFE\x9A\xBF9
-\x8F\xC3\xCF0\x95\xC2\xCF >��\x87\x9F\xD8u&\xFC\xB4\x90ӘČ�`\x82`\xF0:\x89\xEDj$\xBB\x{15E60B}\xB4\xDD\xD3n\xD3[@\xAA�\xF9\xBF�\xA5\xFF\xFF\xB5HW\xE1_!\xB42\x97md�ë¼\xEC\xB0N\x92�LÉ—\xA7\x8F\xB9N�\x8F\xAF\xAE�\x89è°ž\xA1B\x81e\xF4\xD2}��ci�\xAE\xA5Y\xAC\xBDt�\x9D\xF0Nt|l1\xC7�\xC8(|\xA6:\xFE \xA0\xF1\xFB0�M\xFC\xB2\xCD�lz\xC6�\x93\xF2\xFE\xB3%\xE8\xEE\xD5{�@\x8D\xABb\x89%)~�R*\xA3\xBFg
-տ\xABP\xC5\xC2\xD3}\xD1R\xA5)#�\xE7\xD1aY\x86\xABO\x9D\xFDw\x9E\xB3\xAB^\x85k`e\x8D\x81p\x98\x8BU1t̆<�\xCC\xEDW[\xA0\xCD�\x84mz�z1U\xA6\xE77\xA6\x84\xEBq\xFC\x98�m^;\x9D\xFD\xF2\xC3{\xEA\xC1|\xFCŰP�\xAAk�\xFCd\xE2\xC9�:{�\xF0\xE4\xB8'L\x8E5\x88\xB8\xDE\xEA LV\xB9\xA4\xF1\xC3n�\xAA\x83Y\xBB\xD1p\xA8{B\xC1\x87\x89\x89\x934��k\xB8ʧ\xBB쾡V\xB80�\xAC�~(x&\xB8\xFF\xAC��\x81\xBE\xE8\xCD \x8C\xA2\x87 \x89�@\x87\xE6\xC0\xCC\xD2d\xF1\xC2�k�\x86r\xA95?
-\x81}\xB9Q3B2\xE1\x99x\x9F/y\xCEoZ\xDB\xE5\xA6n\xE6\xC3Ó‘\xE0A\x94\x88\\x80�j\xC4C\x98\xB7\xC3ÎÙ‡\x81"\xBC�;\x8D\xEF\xE3\xC1\x9E�΀$D\xDA�\xE2\x9A\xF9nW\xE4{\xEA
-\xC0\xD1&\xAE=r)0 k7Y)Q\x89p*\xF1\xDDC\xEB\xA6~<\xFEQi\xA2�\x97
-+\xF5\xB8�\x8C;\xA0L\xB1�6\xC2C.5rN\xF4\xDEl@\xDF\xF0\x8Fi\xDCX�\xFC \xAD\xC7\xCA�\x9E �\xFEs\x87\x99u\xFF\xED�u�\xE8 \x9F\xBF,\xB1\xE0GA\xB3\xB4̴0�mw\xFC;H\xDB\zt4�r箬\xFE\xD5fO\xCB.\xD4&}\x82
-\xF2\xF8?���\xF8\x85ZCd7\xCE08\x9C\xE0'�\xB8�\xFE\xFF\xA6�z`l\xF3xN\xCD\xE8\x81?\x97T\x82�\x84=!Ä‘\xF8�T\xD7yf�\x9F� B\x94Í\x9F�\xA1;\x9F�
-�n\xE0[9\xA2\x84Ô‰�\xBB\xCF(��t\xD8l�\x96=\x96\x{DEAC}.�\xA9l\x8A�\x98\xC8\xE6p\xE2Ó5D\x85:\x8D\xD4\xD6\xFB\xA9\x8A3\xC4Ö‰\x8B\xC4�\xFEL\xAE#S��\xD9�8\xACO\xC3�\xAFK\xE7\xC0\xF4\xA0\xE8=�\xF6y|�\x91\xA1\xFA\xBC)Ĺ\xBF_�'\xF0?\xD3�~ZvY\xD9\xFC\xD7\xEC\xE3\xFFÖs&\xCB\xCE\xE4DF& \x91>\x8DD\xE1yS5\xA6\xDCAf\xEC2\x9DN\x90\xFE/Y� \xC8endstream
-endobj
-1747 0 obj <<
-/Type /Page
-/Contents 1748 0 R
-/Resources 1746 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1723 0 R
->> endobj
-1749 0 obj <<
-/D [1747 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1746 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1752 0 obj <<
-/Length 2482
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDDZKo\xDBH�\xBE\xFBW\xF0\xB6�0\xEA\xE9w7\x91\x93'\xB1\xB3�d\x9C\x8C\xA3��3s\xA0%\xCA&"\x89\x8AH\xD9\xE3]\xECߪ~P\xA4D\xC9��`����\xBB\x8B\xD5\xD5\xD5_\xBDZf \x85,Q\x9A\xE8\x8Cg\x89\xC9$Q\x94\xA9d\xBA<\xA3\xC9�̽=c\x81g�\x99\xC6]\xAE\x9F&g?^
-\x93d$\xD3\'\x93yG\x96%\xD4Z\x96Lf\xBF\xA7\x9Ap2� 4}\xFD\xFE\xFA\xF2\xEA\x{D9DB}\xF3\x91\x91\xE9\xE4\xEA\xFD\xF5h\xCC�M/\xAF\xDE]x\xEA\xED\xCD\xF9/\xBF\x9Cߌ\xC6\xCC*\x96\xBE\xFE\xFB\xF9\x87\xC9Å\x9F\xD2A\xC6OW\xD7o\xFCH\xE6�G\x84\xDE\\^\xDC\\\xBF\xBE�\xFD9\xF9\xF9\xECb\xD2_F�n\xE4\xCB\xD9\xEF\xD2d�\xDB\xFE\xF9\x8C�\x91Y\x95<\xC2�%,\xCBx\xB2<\x93J�%\x85\x88#\x8B\xB3\x8Fg\xBF\xB6�;\xB3\xEE\xD3!\xFBIn\x89�\xDA$\xA0��T\xB1\x97,+\xAC\xB3\xA2�^\x96\xC2a\xC0V�X\xFE\xA8,\xFF��Y\x81\x8C_\xF4E\x8D-#*\xCBT2�\xCB�Å…m\x8F\x97\xF3\x841\x92)\xC5\xF1|\xAD!\xDCX�\xA3�\x9C\xB9\xF6\xE7{\x8D�v\x9C�QZ2dd\x94(\xC1%HG\x8E\xF7\xA3\xB1f\xE9�\xFE\xE7\xE9\xC1yXM28\x8B\xC4\xC0:Vp\9\xF9\x920Be\x96 \xCFÓ¡\xDDVw&p�?^-y\xF2\xA6\x82
-%\xDD=�\xB9\xE3\x8E`\xB7%\xCD;\x88e\\xC0\xC1H\x91� Lf\xACS\xF8c\xB5\xC87\x80B\x95\x96\xF5h,t\x96\x82Y�\xF3d\xBE\x9Ay\xA2�<\x8B\xB2\xD8\xF8\x91YU�\xFEU\xD5x\xA2Þ®\xD7�LK\x9AÆ‘\xA2i\xCAÕi\xEE\x8B0Zm7\xD3@\xE7\xB3Ù¦\xA8\x83\xA4\xF9H\xD0�$\x80\xD9\xF0\xCC\xDB\xD3 5'\xAF? Ø\x85\x8F\xA7#N\xD3\xCF\xF8_\xD1\xD4#P\x8A\xEC\xDBY\xEA\x8Cp\x9BÙ¤{\xC6\xDF���x\xD0�\xF8\xD0x�\xFDo�\xF5\x98g\xC4Z\x939?Q�\xDCt0�1�\x87\xAA�\xAE��\xA3\x80\xB3�\xAEl �\xB5\h\xB3f\x93\xAF\xEA9��\xB3\xE9\xD8�}\xFC\xA0\xF7\x8DÅ„%\x92)\x9DtW8У\xE5�P\xA4�2)\xC0�\xA6\xAF\xC8�O�#U\x9D/�\x95\xD7\xC1\x95\xF6v\xC1`�\xF4\x98\xF6�ï‹Ÿh�F\x94&|\xF3\x83�^\xFC5-Ö\xA7\xFFQ\xADÂ’Q`�4p\x92\xC3ܺ\xD8̫Ͳ\x98\xF9\xD7m\xEDP\x8B\xE4Õ‡�} \xB0x*Z\x80\xABP\xF6\xDC\xD1u\xB8N�]\xE4Â\xE4\x8Bf|\xC4 \xFD\xB3\x838\xC4 E\x9DT\xA4\xE5�Фv\x92Ȍ۾*\xE7+pNcP\xA5b\xB3\xCA�t\\xA3w\xC7\xE3&Q=\xD4Ó¹5\xBC\x97s\xFF\xF4>�\xEC\xEE�pdQ\xD6
-\x9A\xD9q\xAD�@\xC0�x\x9A\x86\xE8\xF4500�B[\xFCd\x9E\x97\x8B:(
-�\xECp \xC9\xC1\xE42\x86\xECm]\x8C\xD1\xDE.\xEC\x8C�\xE4J\x9B \xD9�?/\xD4�\xA2\x80Q"\xC8-�\xD0 �� (f!\x95Q\xC2�\x93\xDF%GZ\x88\xEFRd_�\xEC\xE2�\xC7r\xA4\xA2\xE8\xC5F=\x93#\x951\x84r\xF6]s$\xF0cxd\xDF?Iv%\x9FȒ
-\xFC\xD7Z\xEF�W�gJ\xD3'\xCC:\xD5ֿ\xCC*|\xB2\x90\xFF`౬\xEF=\xE5a�\x84s�\x84A�<�'�E0�x\xC2t\xE7<�\xA4\xB4I�9*\xFF\xBC
-\xEF\x80\xD0\xD9�H\xEA\xBE�\xF5}\xB5]\xCC�]4\xDE\xF0Ztv\xB3\x97E#\xD4=\x9CQ
-X��:H#�a\xDD7 \xE3 R�\x83l\xBE^o\xAAu\xA8�`W\x8B'H\xF9\xDC\xFB��\xA8#\xCB\xD2j\xC4Ò\x9F\x88j"팅ĬX�\xAB0\xB8]W+\xEF}\xEDRAm�\xA9\xBBXF`�\x90\xAF\xE2\xB3F\xFB=\x86]\xB8\xB1\xDB<��\xEE
-\xCD\xE8\x9E.\xFD \xF1�\xA5|S7\xFEeS̡\xF2\xB8\xF7/_\xB6\xFE�Pw0\xE6\xF1\x8A\xA2\xEB�\xDF\xE6d\xFF\xF1\x8ABZJ\xB4\xD5\xECtZj\xB9N\xA4\xA5\xA1\xAA�:�!!\x86tW9\xCCL\x91k@\x99��\x95%BP\xDB\xD7\xE6\xDC!\x81v3�\xBE\xEE2�\xBEu3�7\xCCe&\xC7u�\xD8}} D\xCCLH�g&j �\x84�\xCFL\xC1�{\xDA[H\xABL\xF2~vr\x8A�g'�\x96\x86\x9ANv\xF2\xBE!)�/7\xA2\xEF\xD2'*\x85}5\xB0�\xCB\xF8�\xB2S\x84\x88��\xE0�\x95\xCF\xE0\xA8\xC3u�G\x91\xEB0�\x9D.q\xF0\xE89�\xFD)eZ\xAE�mz@\xD2 8
-C=u>\xD5���#\x85\xCDz\x90\xC2\xF1�\xA4lÖT\x{D9EB}0�\xC1\x8D`DS.a\xE0\xCCCY<\xD6Ad[o\xC2x\xBD.\xA6%\x86#�8\x8B\xCDQ�\x84ÍŠy\xBE]4\xE1+\x88a\x87�\xC1�m(\xD0=$\xAC\xAA\x81Cg\xD0\xF93�k\xEA
-6\xB8\x814�\xAA\xDE2\xD4È%��^\x92Q\xE8�y\xA6\x83\xA0\xA7\xA2�Z\xCC�)\xA4
-<PE\xE7\xCE4\xAA{\x97a\xFDcZ-\xD7ySÞ–\x8B\xB2y�Vv�\x85"\x83\xA5
-\xD4\xF8'Q\xD8\xE5:\x8E–\xCB�\xAC)\xE7O\xC7p�\x9B\xA1�\x99\x9EY\x9Dq8\xA6�<\xF7\xF4\xF2\xFB\xAD
- at Ui�\xAC9+ \x91\xCBr\xE5\xBAn*\xD3\xC7\xFBr\xEA\xAA
-hʫi\xBE\xF0\xA3\xBD:�\xA6\xB0\xBDv\xB0\xABk, \x98
--=\xB0V리V\xF9�\xD37\xBEz\xF3\xC1�=|�\x98�\xCBE�|[\x84�\x8D8P\x90\xCD\xF6\xEB
-wQ\xE0s.>\xEB\xC2_�\x98\xF4\xFA\xFD\xE4\xEA\xF27?\xBA�=\xF2\xBB\xA2�/\xD1Z at _\xE8\xEF�lW\xCF\xC0\xB9\xAD\x9B0\xB5^\xBB\xDB�\xA4Ë•\x97�\xAE�`\x99E\xFE�\xC9b\xF3\x80�jd\xFA\xB7\xA1\xE6R@
-g\xBC-B\x979D\xFB\xCD�\x8A\xA1\xD3U\\xC48\xE9\xFA\xC7�!aK\xB5\xE7u\xD3E\xBEE�B\xBA8\x80O\xA7\xA6�X\xAA�\xEA�jHÍ¢#\x81\xFD\xABDZ\x87€.*�\xBC\x88\xE8Q~-w;È¢\xF1`\xB9\xBA\x81@\xB5,VMx\xC5k�G\xA1\x99�\YB�\x9D\xE9(\xF4�0\xD4Ò¶\xBDU\xDCc\xEE\x90���ÈK�J\xB6A\x87i�
-:0�\xC9,\x95\xFD\x82\xEE6�d�\x9Cئ\x9C͊P\xD3U\xEE \xA5\xA4]\x87\xCC�zx�"mg�\xE3\xAB\xFF\xE46\xAF]�\xC5*\xF0\xC9?\xCB\xD5t\xB1\x9D\xED
-ǡ\x94n >*\xA9_n�\x9A\xD1\xC8ݱ;\xCA,!\x88\x87
-�[�\xAC�YG�rz�\x8A�\xDB[\x8CKBM�q\xFD\xB5\xD8\xFEQB\x8B\xA2U\x84\xB43Æ �\xCDM<\xEE[\x88�\x9FC\xF8_\x85\x80�\xAFg\xA6\xD5
-s\xD2\xDDv\x93cl\xF0\x838\xB2(\x8Ev\xB0\x82\x81M\x945\xFF\xA5\xB7\xBC\h"\xF6\xEAÊ�\x96gX[Y\xF9=;X\xE8c\xF0\x9AA|\xFF�\xB6+\xF9D�\xCB5Þ¤P\xF6\xFF\xCF\xDB=\xE5\xFF\xF1{^�H\x93\xFA\xB9:\xA6\xE5:\x88Z\x837\xBC\x94X\x88�]\xD1�\x97\x84\x9Ei@\x81�\xB8\x84"V(\xD1\xD7\xE0]\xF9\xB9�\xBC\xCA#��{ap�\xDBr\xC1\xFAW\xB9.\xA3\xB8\xEB\xDA\xF5�@\xB9+Q\xDD3\xE4MG\xC7\xDA"\xB65\xAB\xA6Ï‹�\xB9AÔ®\xD8\xC0Rd N3\xCD�W��;(�\xC0\xA1\xDA_\xF7\x98&P\xC02J\xA9/\x98P\xDE�(\x98<\xF5�Z\xC8:š�"�\xDD]\xBC<\xC8\xF1v\xB6�cy5Tv�(\x9E\xB5\xCD\xDA\xED�4\x86�\xECm\xACKò‡ªœ='�\xC0,\xA1\xF5|\xA9L\xA7\xA5\xFE*-!\xC0fG\xFAX\xCC_V\xEE\xE9{Z\xBA\x85r\xA7\x93_\xB1Ir\xC7+\xB4+ \xE0\x81M:R*\xAD\xE6~�\xCEU\x86ZC+(\xB3\xE9\xDEÕ\x8Bm\x9C\xDB� \x9E\x85\x93\x83!\xAF\x87#\x9B\xFB\xBC\xF1\x94/z\x91Ï•)0\xE2\xCB[\xA4\\xFD�O��\x91e7\x95�A\xBD��\xE0\xE8\xAC1\x8F\x9F\xB7
-t
-bAE\xFA\xB18\xE8C\xA4ĖA\xA0�s\xA2}\x9E\xF5s\x9B\xBB\x900n\xBA\xBF\xBEF\xF6q\x87\xFF�\xA4\xBA�QLC\xDA�\xCD�\xD8\xF5aWF\xA1q\x86\x84ӑ?�\xCD�\xD3i-b4c\x9C�P\xC6\xFF \x99\xDFV\xD1\xE7\xEF\xABǽ
-%\xC8\xCBE~\xBB\x88?\xDB�\xDB\xEE\xFF\x9C\xD36K34,\xA3\xE9e\xECC\x8B\xBF\xF2\xE5zQ\x84\xE8\x82%\xDB\xDE
-\xF3
-+\xF2\xF6\xE7\x9F\xFD\x92\xC8aV\xB2\xFE�\xAB\x80j\x83R5\xECCc
-\xB1\xE2\x9F\xFE\xB1\xC9Ww\x85'�7\xDAzR+%\xD4+O\xFF\xEB\xD5PV�p\x9E\xAEX ሾ:XB\xE1pX\xA2\xC3\xE1\x97�\xFA;�\x88\xED\xF8\xE3\xFE\xC0\x89Ҷh\xFA\xE6\xBF!\xD8\xFD\x81\x85\x84 i-�\xC6�\xD4 DZ��\x94B3�~�\x8D\x87\xAA\xFF�x\x89�\xDBendstream
-endobj
-1751 0 obj <<
-/Type /Page
-/Contents 1752 0 R
-/Resources 1750 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1756 0 R
-/Annots [ 1755 0 R ]
->> endobj
-1755 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [442.7768 128.8813 511.2325 140.941]
-/Subtype /Link
-/A << /S /GoTo /D (query_address) >>
->> endobj
-1753 0 obj <<
-/D [1751 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-502 0 obj <<
-/D [1751 0 R /XYZ 56.6929 188.6884 null]
->> endobj
-1754 0 obj <<
-/D [1751 0 R /XYZ 56.6929 164.0083 null]
->> endobj
-1750 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F62 1361 0 R /F21 938 0 R /F63 1364 0 R /F41 1218 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1759 0 obj <<
-/Length 3547
-/Filter /FlateDecode
->>
-stream
-xÚ¥Z_\x93\xDB6�\xDFO\xE1\xB7zgj�\xFF\x88�u}J\xDB$\x97N\x9B\xF4\xB2Û¹\x87^�d[\xBB\xAB\x8B-\xB9\x96\xBC\x9Bͧ?\x80 %Ê–\xBD\xCD4;�S$D\x80 �\xFC J\xCE�\xFCÉ™3\x89\xD0y:\xCB\xF241B\x9A\xD9j{%f\xF70\xF6\xF6J2\xCD"�-b\xAA\xEFo\xAF\xFE\xF1Fg\xB3<É\xB2\xB3Û»h.\x97�\xE7\xE4\xECv\xFD\xFB\xFC\x87\xBD\xFA\xF5\xF6\xF5\xC7\xEB\x852bn\x93ë…±b\xFE\xFD\xBB\xF7?RON??|x\xFF\xE6\xDD\xDB\xDF>\xBE\xBA\xCE\xD2\xF9\xED\xBB�\xEF\xA9\xFB\xE3\xEB7\xAF?\xBE~\xFF\xC3\xEB\xEB\x85tF\xC2\xFB\x8Ag8\xF3›w?\xBF\xA6\xD6Û\xAF~\xF9\xE5\xD5\xC7\xEB?n\xBAz}Û¯%^\xAF���\xF2\xE7\xD5\xEF\x88\xD9�\x96\xFDÓ•Ht\xEE\xCC\xEC �D"\xF3\ͶW\xA9щI\xB5�=\x9B\xAB\x9B\xAB\xF7�F\xA3\xFE\xD5)\xFD�\xED�\xE3T6\xA1@\xA5\xA6�h\xF2\xC4j\xA5\xBD�\xFB\xF1\xD7\xEB\x85Vb\xBEk\xF6]\x8BM9o\xEE\xA8\xEBݯ\x8F\x96z\xB6e\xDB�\xF7eK\xFDmYw\xD4\xB7\xBF\x96n\xDElQ�\xC0MF\xDCd�\xEAt9H\xEE\xF9\xD4Ŷ\3Y,\x94�E9�\xA8\x9E\xAA͆x,K\xE2P\xD5\xF4\xDC\xD4\xE5X\xB8\xEE\x81;\xEE\x9Aͦy\xAA\xEA{\xEA\xDF�5�\xFA\xCF\xEBE
-;\xAAUf�\x91u
-\x8D\xEB�\xFE}\x8B\x92\xCC�J\x8A$͌\x9D-\xA4Lrc\x94�"�BH\xDAf| Szɷ\x8Bz\xCD\xC7\xED\x94\xCE�\xA3M2\xA1
-�,\"MJǶxl\xAA\xF5\xE21]�Ö»�i\xFET5.O\xD2\xD4�\xD5 \xDB -\xBB\xC4e\xDA��\x9A\xD6\xFE\x85iS~eU\x80\x82\x95\x90^\xE1J\xA8\xF9\xA1-\xD7\xD4\xE3��=;\xBF\xC9\xE5#\xEE\xFA\xA9�y\x9E(\xE3\xDCKÛ¬�\xD0V\x90\xB3?6\x9E\xCF\xEA\xA1iZ\xBFÈh\xA9\xB7\xEAZ\xEA\x80
-]\xD3 \x9B-\xB4�\x89Py6ް\xB69\xF8 W\xB8\x844\xF7G\x99Z�\xFE\xB8\xA8\xA3{(\xB8U\xB5\xF4\xBB\xDC4\xABO~\xC9@\xB8|\xA6\xCEg\x9Cѷ\xFE+\x84\xA2\xF5?�x6\xB1\xAF\xD9�uq\xCC\xEEtv\xD6f4u��\x97\xE7.v\xBBM\xB5*\xBA\xAA\xA9\xDB\xEF\xF8\xBD\xBBH\xF0|\xFE\xE7\xA1\xDC?\xFB\xA5\x8B\xB0d:@Od\x82\xA9\x997�߰`;\xDD�u�\xF4�\xAB� HN�\xE9\xD7\xEC�\x9E\xA3\xB7\xECт\xE1\xCCk\x9B\xB3\xB1!Q\xDD>\xA1\xF8\xD8~j�\x9B5\xBDT7<\xF3}\xD9ų\xDA\xE1\xCDcE\xD2l\xEB\x81j\xB4J՟& Cn\xCB\xFD\xA3\xE7kT\xCF�\xBA�\x8AG&\xF0\xE6
-\xBF\xA41OW\xDC�U
-�\xDD\xCAt\xFE\xBE\xE9J\xF0 F*\x96�\xC6\xD7e[\x91D<\x9Bw�\xD4\xF4f\x81\x8Db\xD36D\xBE\xE4!z\x85\x8D�]ax\xBD\xA97\xCC\xD9oÅ´�\x88V�g\xE3E� ��N\xF4\xA2�Ph�6c�?\xE9e�\x90eIj\xFBIq\x87u\xCA[!\xB3\xB0�GLR\x958\xA5\xC6~f\xCA\xCCay\xA9�S7;\xB4iÞ‚�F�\xAC\xF6C\xBD.\xFC9\x86.\xEFè¡—l�{@\xB7m\xF9�o\xEFC\xF9<\x9E\x87�\xB8�\xB9`)#Û \xADi�\xABuÉž\xFA\xCE[,4\x96\xC5\xEA\xD3�\xCD\xC0C\xABf\xBB��\V\x9B\xAA{>r\xF0\xC1\xAB\xAD\x96��n\xAB-\x98\xED�?\xF9\xD3DD\xDE� \xC1\xAE\Ux\xDCÉ´Ï„�\xF0\x88\xCE at DG\x89�xH\x9B Z\x91\xE0%\xE7�v\xE5�^\xF5��\xE6\xBByn\xBBrË\xA5D\xAB^1ÏŸ\xABm5\xB9\xC5�U\x93(ki\xFE[/\xA4r\xBD��\xAA\xF9\xA6\xA5\xAE��vjbhU*\x9Fo\x8B\xFA\x99\xE9�kh\xF3\x81\xEF\x9D
-\xBFO���K\x9Ee\x83B\x95k0<-\xF4\xFCfUl\xFC6\xC0\xC8c\xB19\x84\xD7\xFA\xE3\xE0�0\x82�U>z(yF\xAFȻgTĄs8\x96�\xF9)\xE2\xDE�\xF3\xD4\xDA\xF9�\xDCw
-\xC1\xA4\xFC\\xC0\xA6\x95\xDFNEP\xD8�iT\x88\x87\xF2\xED\x84:%B\x99L\xC7!�y-\x99'9ylU5\xE8\xAB\xE0�P\xE7�;\xA1�\x9D\xE5\xC1\x92\xA4\xC8t\x96J\xA7\xD2 \xB6x\xB8\x95�\xD6\xE4=�L\xCBZ\xA1\x87"Z5-\xD5\xE3#\xE4^\xB3t\xF7\xD5}\xB1|\xEEʩs��ibS\xA1\xC6�t\xA8y�'\x84J\xB3$�\xA9Y(\xDA�p\xBA\xAD�\xD7\xDAD\xEF\xD2c["nҎ\xA2&\xF4\x90\xC5 at c[|\xAE\xB6\x87-=�\x8FE\xB5)\x96��+\xB6͡\xEE\xA6DVV&Φ\x86�X\x97w\xC5a\xD3M#\xCB\xDC93\xF8\xC5\xF6\x88?+\x8D\xFA
-n=�L�\xFE\x88 G
-\x98\xDA\xEA#�% �0D>\xB3\xB1?�\xA6\xE6\x87\xFD\xA4\xD8\xD9�{\xB6
- \x86]\x96G/AHZ\xED+\xEF6\xA9c\xF2�\xC1 at bt�\x96\xD6V_\xCA\xE3DDC\xDE\xE02\xA7f&K�@\xB8\xD9_IE�*\xCCM'"\x8B~\xC6E<%e�\xB1p\xDAXØŸl`\xECE\x843;\xB1EJ%\xA90�;\x92\xC6G\xAB\xC8�\x9F[\x91\x8DVA\x83\xFB\xFB�5>F\x99PO?!\xE3\xE8h\x9CÌ‹\xFCo\xCAÕ x\x9B\xC8ciR\x9D%J\xA6\xF9H\x9A\x93l\xAC\xA7zA\x86\xD3\xD9P\x86\x84��\x98\xBEÌŒ�g
-\xE4Ƶ\x8ES�|\xEC㬂@Þ–]\xE8�\xA2�<\xF6\xAE�Ú§\xAE�\xDF$\xD7�8\xEC\xA9\xD1�\x9E\x84ň�\x9Fl\xE8\xE5X�Ñ \xF5�?\x9D\xDF4\x81n�`\xC2{\x938\x88
-� \xB1\xA6\xFE�Ý—�\xA0w\xD81N\x85\xFE\xD6Ï…-\xEF\xC8\xE1\xD7G&\xA4\xF3n\xCE�4\xE7"ÇŸ 3\xFFP\xF3�\x87\xD5�\xB7\x88�\xF8\xA2�\xE0`A\x9D �jJ�\xF1\x81rOG\xA9�\xF6Tm{\xF0\x9E�\xDB�\xBF <~\xA8Y\xF0 9\x82s\x81f\xC5Æa"9\xA9� z3N\xCE�\xC4�\xE3\xF4t\x81\x84i��Ñ©\xE1\x85\xF4>�\xF9P\xD5\xEC\xCB)\xF7 \x95�\xA7\xA6.\xB3\xED\x89N\x{13828F2}X\xA2�3\xBE
-�mp\xF2�:}){\xBFFX+\xA0\xB0��\xA0�<lw\xEC"o�\xCFH~>h\xD4;\x93t\xE4�A\\xE1\x9C}10\xA4�@R-\x99\xEE쎤�x\xA7L\xBB\xCB[�S\x9Dߓ\x9E\xCAKVt\xC5\xF4\xA6\x80\xD1�>\xB8̹\xA7\x9A`=ޖ,�\xB94cޤ\xCF\F\xFB���m\xA9\xEDw&�^J&-\xB7
-\xE6T\xD8\xEE\xC2\xFB\xBD�\xF0s\xF1(\x9CpD^Z
-|\x86}\x83\x87\xC9}\xD3 \xC0\xB2<\xFB\xFA}�F��y\xF3\xEA'\xC7 \xA0\x92\xCCY5\xF67~-��\xC6�\xFC\xE7��\x80\xA6\xF7\xFB\xF0;\xAC+\x8D�n�&#OH[\xDF\xDDQ�+#~ \x90K�~fw
-\xAAj\x99\xAA\xE1�\xF0Ù�\xF0+\xF1\xDC�\xF3.?\xA3�eyz�\xBC\xAE#\xFF\xE9E\xC7\xDCMdA��XP�\xCB-\xBB4l\xDD�\xBA\xF2\xD4�\xB0J\x85N�{y\xE3,K y\xF8aÏM\xE9Sk\xDF�\xA6�\x96i\xC1\xE11XC\x82\x86~\xC1\xDFC\xDC\xD8\xD2Ã\xEFo\x86\xB7\xAA�\xC1\xCFc\xB7y\x8B\xB5�4|\xC6S\x88�!8Óª�\xDA*\x8Em\xD4�}{N�|\xBAm=\xFE\xBE;\xA0\xEF\xB6Ú—\x8F\xB0\xAF\xA0\x9F\xA7\x82i|\xBC\xB0�&\xC8\xE7\xDB�=\x90\x9C- &
-[\xC4,\xD6\xC4` [\xFBL\xCD3U�V�\xE4X�\xF9\xE6\xF3\xE5�\x8F�\xB6A\xD3\xFCKi�\xE0L\x9F6A�W\x8A4\xAB�F\xF6E\xD5\xF2 �\xDBqL7QL\xB7\xC1^\xA1\xC5^6F\xB8\xB6G\xB8\x96\xC2�bÞ¦a\xFA-U\xB6\xA0\xE9\x8BT0\xC6F\xE8C\xBA\xC5\xF3>\xB1\xCC\xE7\xE6\x80�:Hت�\xCF��-\xAA�\xE6=_\xEC\xF2\x87�\xFAz�#8Ñ„\xBE\xDE�\x84\xEB\xEB\x8E9 �\xBF:V\xA8Ìv \x99\xC0\xC79 *\x9D�O�\xAEn\xB1!
*V�\xE5"x\xDD\xE3\x82� ^-\xF3\x97
-\xADy\x9A\x86�p_\xAE�\xFB\xB6z,�\xECs�\x80ci\xF4\xF8t\xAF6UYO\xE6\xE7�\x92@\xD3\xD7`�\xFC\x86\xB1\x8DRȳaI\x83\xB4Vks9,\xC5T\xE7\xC3RO\x85R`\xC5bS\xB6'QI\xC0\xD2R\x97]f\xDCSMp�E%\xE1�\x80�#\xC6�k\xB38!\xCC\xE6\xF5a\xBB$\x94\x99\xD1y\x81\xDF \xA2\xE8\xC2k��\xCDØ£A\xB6I\x95A\xFF\xF2\xCE\xE7f\xD0Z55l�\xF9\x8E\xBA�\xEF!\xA5\x9C\xFB3n�!\x86\x80�\xB3T`\xB8\x931+Ó@è¹\Ê—
-F7H\x9B^@�:\x85\x9CN\xA5/ \xC0\x98\xEA¶�*ïºb\xF5i�n\x98$\xC7Ë\x8B\xAC{\xAA Þ£\x8D\xD5��\xBE\xCD\xC7̧a`\xEF
-" \xE8\xC5d\xDA\xE0�ΥӴɄ\xA8\xBF�'\xE2�\x82�\xB2ί‰\xC7\xE5\x93�܂\xB16\x9D,\xE7I\xC1\xF5\xBC\x9BH\xF6\xBFQ\xC0\xD3*�_v\xB9\xA8ªr\xCA\xFC\xB0��9OQS_�f8*�bWH�\xE1\xB0G\xC54� \x83i�\x8Bs�V\xE1\x82�[C9W\xA15\xF5\xF5\x905
-WuW\xEEk\x88+\xCF\xF4\xBC|\x9E
-!\x93\xBB��\xEE!\xB4\x81\xDFq]\xA5��G)�\x9E5+�\xBF\x89Öe_4\xAB\x98\xEA\xBCY\xF5T!\xA8T\x9F\xE9"k\xB1i\xEE�\x93&f%@Q\x91_�\xA3\xA7\x9A\x90c\\x85\xB4If\xA1k$��`\x9D\xEB�*\xE5�\x95\xB0o\xD96\x9B\xB2\xC32zjS\x8F>\xE2\xE1b\xB5*wt\x81\x81O\xFE� \x87\xEF\xEBf\xB8�ɹ�\x80
-\xBAZG�G�\xE3\xFA9;T\xC86\xFC\x91\xF5\xB1�\xEBA\xF2�\x8E\xB3\xAC\xA7&\xA5e\xA2\x85\x8AC\xF7\xFF\xC0^\xE0$\x9D
-\xDE�P\x8C�\xF5H\x86\xA0\xED(\xBBl\xC1�6��\xA9\xBBC�\x95y*\xFE\x8D>�8{\x96d\x9E%*�/DÞ˜\xEA\xFCY\xEA\xA9Î\xF2\xF8�\xA5B\xA5\x97%\xE8\xA9&D8>F\x80W\xDCX\x86\x9B\xD2{\x8CT\xD0=`\xE4\xB1\xF1\x81 %\xB6\xE8$@\xA3,|i�Z,:=P\x88�m#\xDA\xF2\xB46\x99Y\xBC\x80\xB2\xA3\xE5\\xAA\xEA�\xFA��v:飯\x87�\xA5\xE8\x99O\xEBz219à¿‹\xEA\xED\xA9^\x90\xE2t6�WF\xE2\xB7%N\xCC\xFF\xE3k\xC5(
-ßNk\x90p\xA5\x92\x89MM~\x94\xCB\xEE\xB8ì† �\x8Fz�\xD0�4\xFA\xDB'�\xA7\xB1�\xF6�q\xB3\xD3\O\xC3N�v\xE3ךͺl;\xEE\xDC�u[\xAC�(\xCD\xE8rnD\xDEK\x8C�\x9CfBk\xC9\xC3Å¡k\xB6\xE0�V>�\x9C\xBD\xBC\xD96\x8F}1\xFC+"\xB8�Y\x92J\x93\xFFe\x{1251DA}�\xB1
-%\xB9�I\xD05\xAF\xBF"\xECCR@(\xF5ș\xEC(c]|\xF1�,t\xA9\xD8V\xEDy\xAF\x91\xEA�\xA8^\x88 at 1\xD5�\xAF�\xA8p1�M\xDB- 6uU�\x8An�`\xB0\xA7\x8E#O\xA4\xD2\xEA\xB2�=Մ�#Ǒ\xE1GM\xA9�\x8B\xF1�\xD5c]\xF0\xA06\x9B;<m\x99\x8ANbK$tz\xA01\xA0A��}ˉ!\xFC\xE2\xDAhtX \x8D p\xDFW4aF\xF9\xA6\xE5\xABG\xF8\xFD�\xC1,\xA1\xDC\xFC}ӑ Y�ڸ\xA3O|\xF0
-\xB7\xDC\xF2\xDD\xFDW\xC7�!񛥗\xE2 at DuaG�\xD58\xAB\x8C2\xC7\xD1~\x9A<\xC9�\xA0̋"\xF4T�2\x8C��\xA4\xC9"\xCF\xC7BLAv9lR�\xD9ax\xD3�u\xD9�Z\xA2"\xAB\xE6Ep�\xBCi>�v\xED�\xC4\xC9\xF1\xE5�y�2-\xAE�\xF9\xAF)�>\x80\x90V�y\xC0e\xF9PlP�\xBE P\xE0WYgX\xA3�\x9A\x97\xE1bw\xE2\xCE� %\xC0)\x87\x95\xD2p%+\xC4\xD4]\x95Nr\xFC\xA4o\xA8>
-5\xFF\xBE\�T\x8C\x80\xC9)"b+҃ǩ\xBDt4\xCCw\x91\xD0*h\xF0\xAE\xA8\xF6Ա\xAC\xBAxU}\xF1�\x81\x95w\xE2\xAEW\x8C\xB4\x90r�\xE9& 5~GA n\xED?\x9A\x91\xE4\xF0\xB1[ z\xFETm�\xBC�n\xFD\xF7�&\xBC\x97\xD1%=Oqw\xE9\x93�\xE9�x\xE1\xFE\x9B\xAE\xC9\xC3{\xFA\xE5\x893j\xFCy�\xB1\xF2\x8E�y\xF1�=\x92\x8AIس\xE4\xE7u\xB9"\xBD�T\x8B\xC3E\xB1* O\x82\I\x9Bq\xF9�\x9DH�\xCE�~�\xD5\xDF\xCB�\xAB\x8F\x94\x9B\x9C\xFB\x94S\x9B�\xBF\xBF\x9C04\xF8ϊ\xFF۟y�\xDF\xC0\xA6�\x803\xA7\xCE ��X�?c\xA1p\x95\x99>\x96\xBC\xFF�\xF4T\xF4\xFF���\xF1\xF3endstream
-endobj
-1758 0 obj <<
-/Type /Page
-/Contents 1759 0 R
-/Resources 1757 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1756 0 R
-/Annots [ 1762 0 R 1764 0 R ]
->> endobj
-1762 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [389.4645 570.951 438.2112 583.0107]
-/Subtype /Link
-/A << /S /GoTo /D (configuration_file_elements) >>
->> endobj
-1764 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [375.4723 193.4648 432.5882 205.5244]
-/Subtype /Link
-/A << /S /GoTo /D (journal) >>
->> endobj
-1760 0 obj <<
-/D [1758 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-506 0 obj <<
-/D [1758 0 R /XYZ 85.0394 651.2334 null]
->> endobj
-1761 0 obj <<
-/D [1758 0 R /XYZ 85.0394 626.1263 null]
->> endobj
-510 0 obj <<
-/D [1758 0 R /XYZ 85.0394 322.0105 null]
->> endobj
-1763 0 obj <<
-/D [1758 0 R /XYZ 85.0394 299.3741 null]
->> endobj
-1757 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1767 0 obj <<
-/Length 3322
-/Filter /FlateDecode
->>
-stream
-xڥ�\xCBr\xE36\xF2\xEE\xAF\xD0m\xE5\xAA�\x82' �\x9D\xC9L\xD6[\xC9d\xD6q6\x87$�J\x82l\xD6P\xA4"R\xA3Q\xBE~\xBB\xD1 ��\xA5IU\xCAUF�h4�\x8D~\x82�3�bf�\x96d2\x9B\xA5\x99f\x86�3[m\xEF\xF8\xEC�澿��g�\x91�C\xACo\x9F\xEF\xBEy\xAF\xD2YƲD&\xB3\xE7̀\x96e\xDCZ1{^\xFF6O\x98d\xF7@\x81\xCF\xDF\xFE\xF4\xE1\xFD\xE3\xF7\xBF<=ܧz\xFE\xFC\xF8Ӈ\xFB\x854|\xFE\xFE\xF1\x87w�}\xFF\xF4\xF0\xE3\x8F�O\xF7�a\x8D\x98\xBF\xFD\xF7\xC3\xC7\xE7wO4\x95��\xDF>~\xF8\x8EF2j\xAE�}z\xF7\xFE\xDDӻ�o\xDF\xDD\xFF\xF1\xFC\x9F\xBBw\xCF\xDDY\x86\xE7�\\xE1A\xFE\xBC\xFB\xED�>[ñ\xFFsǙʬ\x99�\xA1Ù\xC829\xDB\xDEi\xA3\x98\xD1Jő\xF2\xEE\xE7\xBB\xFFv��\xB3~\xE9\x94\xFC\xB4\xB1\xCCH\x9D\x80$%\xB3\N�Y\xB0T�\xC0I\xB5 �\xB3^\xC8RL 9b\xA1\x90\xDB\xD5n\xB1*�W\xB5\xCD\xF9\x81\xE1\x90,剜
-\xC9^l\xDEaM\xEC.�\xBB�nYbS3\xDE\xFE\xF9Õسd\xBEÍ¿�\xDBÖ:\xD5a\xBBt{\x82\xEB
-\xB5
-L\x97m^\xB9\xFA\xD0\xD0�\xB1M\xF0\xF3Ûa\xB0\xAE*\xB7j\x8B\xBA
-X\xEDk\xDEF\xC8\xEF\x95\xCE�\xB7\xFF�\xC9�\x8B\xB2$(_\xADܮe(\x85\xD9B\xA6\xA8\x87p:\xC12c\xE4\x80WP\x91\xB5\xDB\xE4\xC0�u
-/\xB7o\xDE롨�Ɍ\xD5�$\x84��\xE7\x843�H\xCA2%m\xC0a�\xEA�.�DŬI\xF4\xED\x9B�b]\xBF\xF9��w\xDC;/\x87\xF5\xA2\xA9W\x9F\xDC\xC4\xF5+<\xFB\xED\xFD�\xCE\xC4\x{1A34EA}�\x8E*\xD4x/N-Lw\xDBZ\xD0m\xE3\xD8\xEF\x9C\xCB2̯]\xB3\xDA�\xBB\xB6\xDE74\xB0\xBF�v�\xB8\xA7e\x9BzOS\xA8�Bf\xF37\xD4m\xDAuQ#lҹkW\xE0
-,�ey-�\xA5ʹu ۚڥ#\x92\xCB\xE2\x85T\xC1�\xA6\x948\xD3�WՇ\x97W\xD0 \xAD\xFDJ\xA9�\xA8�i��yU�\xA0\xD3d\x98\xF7\x9A�cEպ\xFD&_\xB9\xA09\xA3\xAB�V\xB2,K\xB3\xA0�U\xBE\x853^*\x8FRLK!�VY4\xAD\xF3
-�\xE4\xEB\xEA\xCD�]
-*\x90p��\x9CY\xFD�q\x9D1\xADy\xD4\xCC<\xD0=:o)p\x908B�\xD7ó¿\xFAs\xB1v\x84@\xFDzK�T�\xACAr�%H\xDE\xDD_\x99Tp\xE5\x87\xF6\xA5.\xAA�\xEA\x91!�\xF0\xE7\xC1\xED�\xD7P'\xAF\xD6��Õª\xDEv\xC8Õ•#\xA8\xDD\xE7U\xB3q\xFB�\xAEX\xF9+��\xBD\xAD\xE2\xEA)[�tÆ•\x88\xA21B^5Ö´3V\xD8\xC4\xF4\x9B G\xC1yA\xE7s^�\xFCx:\xBD\xDFBI��-\xC6�%\xA4\x9D\xD8WBl\xB0RÅ«\xF0b\xD0Ñ•\xE9\xA1\xDB\xD4\xFD\xCE\xDAL\xEF,D\xC6\xD2D\xC9\xE8\x96\xFEÆŽ\xA5k\x9A\xB8e^u{F\x97\xE1\xFB\xBFs\xC3�?\xC3\xC1hs\xB2/\x9C\xAAw\xE8\x89\xE3\xB2��\xCB\xC0;\x99\xF1\xB6\xF6V\x8C�EÕŸ\xCEk\x8EH8hNzf{\x9BC{\xA0\xB5\xE4\xAC9L\x87\xEB!\xBF\xE2w�\xD7\xDC\xED�\xF0k��Ë¢m\xCB\xE0\xC8\xDD�\xC9l ^\x84��\xF9\xD7{�"\xAC\xD6\xF5\xB1\xB9î—¹fR\x802\xDF\xF6\xCB�\xAC�~9b!\xFF \xDE\xC5*_\xBD\xBAES\xFC\xE5.\xBC\xB2\xD4,Õ©\xBA\xBD\x875\xC1\xC0H\xAD%h\x84\xB4ɘ�\xAF\xD7J\xDB^\xBB\x94\xCE\xE6\xF9\xB6>`\xB8\xC5 te��\xAEo\xA2y\xF4�8vh\xC2jo\xE1~&Ò‹\x81��\xAE54\xE4O
-�Z\xA5\xCA\xDF?\x8E-O\xADCCN\xC0\xC6~}uUO\xC5k\x85\xB6�\xF8>3\x9FÈL$9Zh\xD7y\x9B�\xE45�Z\xB2� \xFC\xB6�\x92*a�5$�\x80\xE4��\xA6\xCAb[\xB4o�6\xFD\xD2.{ 8d�\x9E\xA0?wOpU\xFBv�Hy_ \xAD\xFB\xB2+�\x81\xFA\xBB`�y\xD4\xE9\xF2\xD4)\xF5\xC0[.\xF3\xC6[ \xE8%)\xA9\x9E{s\x84\xFE�O\xBF�\xD0\xE1h\x88{\xFB\xBCu/'\x9Ahjj\xDB{1\xA7l\xC8\xC4\xF3 \xE0�I\xCB\xC8p ,\xD6�\xC9}YA\x84tktxR\xCF��-\xFA�dfC-��hvnU\xE4%\x8A΀廼B\x9F=:�]�egJ\x8BK\xA9\xE1`�E\xA54\x88\xEAp�\xD0^\xF0\x9C8\xB4\xA1H\xB3%\xEC\xA0g"\xDE.\x82uU\x9E�:�M\xF2xÅž�<?\xFF�\xB6\xEA/���\xAB\xE6� \x85W\xB7\xA7\xD9p Z\xF4É\x8E\x81\xCF\xE0e\xED\xC0\xA6\xCENx\xA8\xBC\x80'\xA3\xB8I1�\x8E\x81�Å„\xCCdAOU&���\xA3A\xEE8\xEE
-�\x86\x94\,\xF1\xF6�>TM\xF1Ry\xD1 �f�/n��\xA2\x8F\xE6_\xC8\xDD\xDD\xFE\x87~�3&\x99\x82Ċ\xD5k\xE4\xE3D\x84P5(-
-\xBC\x8F\xD4\xF45\xFF\x8C�Z�N @���ACo\x8B}\xF4\xC8\xD8rjP\xAF\xB1\xDD\xC2\xE5�pӕk"\xA9<\xACh�\xBB]\xBD�\x9Dm\xDD)�!\x85\xF5JR�r �\xBC\xB0pE\xF4VHj� �\xDCt\xCA9\xDC\xF4iJ7wuS\xB4\x85?\x90P$|$(t\x88\x8A�\x85ma^\xFE\xF8-
-\x81O \xEEK\xEA,�\xB5p1\x81\xDD5\xA1\xC7�\xB6
-t\xEA\x8E
-\xA3\x91\xC7 at 7\xA7n\xF4:8t,\xDAW�Œ\xA8ؕ\x91\xC5\xC2��\xF4\xA5\x8Aw\xDE\xF2\xECL\x9D\xB1\x83\xF8w\xBB\x92�,\xE84n\x97\xA3\xCB(O\xD4\xF7\xEE\xCA\xF0\xE8%x\xE70
-�6Ͻ\xCF$�7\xBE�\xE5\xF0\xAC\xF3ë…’o\xF9Õ\xAA3\xCE0/\xBA�Q�H\xD7�jD\x8A\xB9.%\xC8�\xC8)�\x97�Uqf!m\xB9\xB9}\x87t\xB9\xFF\xB8\xD21P\xA5�;b \x84\xD3,\xA4\xE9��+�奴k_}\xB8\xB3=n':�z\xAB5�]\xA2\xA9\x82 at qP\x85\xB5\x8F\x9BQ\xB8\xCD\xC0O\xED+W��L\xA7\xA1\xA5],5�\xF6}\xF1>\x8A\xA5\xBE�F;I\xA9�k\xBD\xE6aOJ\x8DQ5\xC4\xCC\xF5 �h\x8A\xA2&By\x89��!(\xC6[\xF2\xD0e\x98{\xAD\x8F�l\xF3\xEAD\x90\xCF\xF8�v_\xBA�\xC9<pAq�!oPÖ’\xFC\xD64�\xD1}"d\xC6\xD3C\x99D\xD6N\xE01�\xA3\xF6��t\xA8�A\x84z�\xE6C\xD2 $l\xB5\xE9\�\xCE,]\xB7n\x977�k�\xF6\xA6�m|?\xF0O�\xFFCs���'C�\x8D\xE8\x94G�\xA4�C\x94C\xF8
-�3E \x95Y9\xE9\x94\xF6y\xD1`<\xBE\xAC\xF0 uf�OR(0�\xE3\x8374\x910!\xEE�\x82\x83\xAB\xFB�EU\xBD.Vd\x8A\xCF\xF7��o>Q\xF7��S\xF0s\xCD5�U�\xD2J\xF0\xF97
-t\x80t\xDD@#�\xF2\xB8*)?X�a\xFFK�\xD5p�(\xC1o\xED\xDF!]20\xB6ÐŒ \xADĈ\x83ç »rÞ±@\xBD0\xDAG.��>\x9F\x80\xC1z\xD9ԥÜ\x8A\xE2H2\xFFH\xDA\xF2\xB9\xA8�
-`\xA1l\xC3;D\x88\x86}\xF2\x88\xF0\xB1>\x94k�\xFBR(l\xD8%#\xEB.\xDA�\xAD\x923]\xA0�RS\xE6\xB8\xF2\xEE$\x9BH\xA4`p\x90(\x99\xE8! \x88\x89�\x80�\xF8:M=H\xA4\x86A\x91��$&/\xEBL\xC6V0\xAE\x93\xF88�>\xEB�\xF2y(\x89\xE9��7̨\xA9\xBCG <B\xFE\xE2\x9A!c\xF4��:s\x91\xEEw\xA1�p}\xB2@`�H\x{169041}\xAA\xA3\xDE\xC1\xFD\xB6\xC5*o\xBDÇ \xBD*
-0M\xCE��\xD75\xEDn)\xFF\xEDe\xE9o�\x86\xEBj$>;\xDFu\xD6\xE4y�\xA2\x89dOcfؔ\x93\xFA�\xF3\xCA͉�\x8Bw\xCCSū\xCFC\x91\xC6\xC0!
-kڪ\xBE]\xCFvQ\xFC\xAC á\xA5\x83\xA4\xAD \xBA0v52+\x91\xC1\x95j\xF3�\xCB�`\xDD0\xFD\x88\xE5�F\x97\xEFۥ\xCB\xDB�\xC6o�\x87\xEA\xF06��\xD6��#\xF3\xD7\xE0�\x85M\xC6\\xD0S$\xEF�T\xCDc\xCC\xC1Q\xB8f�\xFC\x96\x86\xE9\xCD \x87\xB79\xF2\\xE5\xD5\xCA\xD1T�\x9E\xB4\xA19z\x90\xE4����\\xD7\xD0\xD86\xDF\xF2/\x970\x9CO=�*\x952\xA5\xBA\xC2`
-\x95\xC7a7ah\x90\x91[\x96�\x9B\x8D\x95
-+�Gn&\xB510\xA7\xD9й\xC1x\xEFc\xBCmf\xE1=�\xA7\xFA\xE4�:qu©?\xB0gX\xF3\xE4\xF2\xA6\xAE\xF2e�\x96vi2\xC0}\xF5�\xCB\xE1 \xC4NM\xAD\xA0\xE1u>�\xE6\xB0^�ZcY\x99\x9A\xB8exb\xF2I\x83\xD7h\x9C\xEA�\xC0\xD2\xFE�,5\x94mÂ\xB4Ô‡}\xC2�\x92\xD6\\xC9+\xB4�\x9FG!\xA2O\xCE�\xC5Gx�\xE0X\xCFZI\xE6�\xE3\xE1\xF91MF\xAA0q�J3\xC8�\x9B`\x8AA���� �\xECju\xB8m\x89\xD2(\xF4\x86_I\x92\x87X\xD7-\xB1\xC3B�\xBBW\xE9�\x96�\x91 I\xCDm�:\xAC &Æ–\xC8!\xAEX;\xE6"\x94�\xD9\xE0\x95\xA5\x97�\x8C\xAE\xE8\xD5#\x8B.
-\xE2\x87k\xA1�\xFFD\x98\xDD!h��n\x82\xAEE7 y\xBD\xD1Y|Ø�\xC2ex�\xC6^D7\xA5(}\xA77\xEF\x943eÒ±�tf%2\xFF�\xED[4+l{B�RG/�1\xFC.& \xAB�\xFA=\\x8E\xFA\x8D-\xE97B�\xFD�Ðϳ@�\xF5�g\xBC~#\x80\xFA\x8D\xE4\xBD~\x83\xF2�\xB5�$Î \xDC/\x9Fp\x82\xB7\xA1Û±Yxk\x91Y\xD4c?H\xCF.�Ñ•� \x89>\x96�/�\xA88)\xC6\xC1\x92\xF8\xC5��\xBC\xF1B[\xD69=>ii\xE7��_\x86\x8C(!_X\xF0r>�\x8B\x9A\x83\x9Bw\xBC-\xDDK�v
-\xC5\xE0\x94\xA1R\xF4V&\xBC]�\xD0}\x86PJS� \x83�\xDB�~?:\x96�\�
-} \x8AE\xBE2\xC3/=\xBE\x8FW3\xF8X\xB2&\xAA\xC0y\xA0\xD1;L\xEC\x94e}\x8C\x94\x96�#�n\xE7\xF1\xC2Z\xB4%3\xFA�\xB4\xA8\xABÉ�qG�?\xBB\x92\xF0�\xE4\x9F \xFC7\x87\x91\x97j\xDAz��\xD3q\xA7.{\x89\xF9\xC6\xF0\xDC\xE4\xF6\xF26\xA6,\x9F\x83\xFF{!\xE7\x89;�sJ\x96\xAF:=\xCCA\x8D\x95_I?\x86X×^\x87\x85\xC7nZ8.\xA6\x86\xCD\xCD\xE2#\xB1\xD9W\x98\xE8\xB0&\xB88/?\x92\x94\x9F\xB1\xF1\x81\xDE\xC8� \x88\x87;\xE6\xB0\xDF�\xC10\xB3�\xD8e\xFDBO\xA1\xDC^\xCF\xDF3\xC3T\xD6}g\xBEr\xE2\x89�>Q\xE6\xC2\xC7i\xABB\x96\xC0\xFB,\x81���\xC0\xC8\xF4\xCC\xE3\xC5d6\xE1\xE7OC}\xDC\xC6\xF7\xA3\xF8\xA0Ü¿�\xF9\xB8\x8D\x8F#�\xB7
-�\xC5m$0\x8E\xDB@\xFBq�\x93\xDCv\xFC\x88\xC5ߌ\xD3\xE4\xA1`ǚ\xBD�\\x90`/\xF4�\xC4b\xF0\x97�BI\xA6\xB4N\xFF\xCEo@\xD0޸\x8587\xF9��\xF0?\xA9` O\x92\xEB\xB4h��Z�\xA4�\xE6\x8C\xD4"r\xB7 i\xA7ʎ\xE2nw)p\xB7)\x93\xA9\x95\xFEk\xA0\x80|\x984p\xA0�\xC6?\\xE1/6\x98Q2~�\xFD \xF2=1\x86\xFFr~\xF1\xDB�\x9B\xB0,\xCD\xF4,\xD5,\xB3\xF4ٟۘ3,�\xB3L�\xCE \xF6'\xED%\xE0�\xBEy\xDC\xCA\xD9w5\x9Cg6<R\xA0\xBB��\xF6GJ\xC6_\xB1�K�\x9C\xC4J\xC6\xF1\xC72\xFED\xFE��$\x9A\xA7{ \x95Q\xE8�\xDB]鶮\xF2\x95\xA0�\xA8\xA8
-?��(\xBB\xB8v\x9Dd�b\x88\x9D
-�\xFBÏ®
-RX\xF0Fp\x9EE\xFFÛŸ\xA6H\xE1\xF5'\xE9\x81 7\xC5;=\xF8\xC7?^\xEAÙ¥\xA1V\xB1VN\xFB;�(�\xA7!g\x90�"-\xBC\x99T_\xFAy\xC8�U\xD2a
-X\xFF?d\x91\xA3|endstream
-endobj
-1766 0 obj <<
-/Type /Page
-/Contents 1767 0 R
-/Resources 1765 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1756 0 R
->> endobj
-1768 0 obj <<
-/D [1766 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-514 0 obj <<
-/D [1766 0 R /XYZ 56.6929 439.4679 null]
->> endobj
-1769 0 obj <<
-/D [1766 0 R /XYZ 56.6929 414.5066 null]
->> endobj
-1765 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R /F62 1361 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1772 0 obj <<
-/Length 3429
-/Filter /FlateDecode
->>
-stream
-x�]o\xDC6\xF2ݿb\xEF\xE9d \xAB\xF0S"\x91'7uZ�Z\xA7u|\xB8\x87\xB6�\xF2\xAEl�\xD1J\xCEJ�\xC7(\xEE\xBF\xDF�\x87\xD4RZ\xAD\x9DC�\xC3�?\x86\xC3\xE1p8\x9F\xCB��\xFE\xF8\xC2\xE8\x94I\xAB�\xB9U\xA9f\/V\x9B�\xB6\xB8\x83\xB9\x9FN\xB8\x87Y�\xA0e�\xF5\xC3\xF5\xC9\xEBw2_\xD8\xD4f"[\\xDFF\xB8Lʌ\xE1\x8B\xEB\xF5�\xC9۟\xCF~\xBB>\xBF:]
-Í’,=]\xEA\x8C%?\\\xFEH#\x96>o\xDF_\xBE\xBB\xF8\xE9\xDFWg\xA7\xB9J\xAE/\xDE_\xD2\xF0\xD5\xF9\xBB\xF3\xAB\xF3Ë·\xE7\xA7Kn4\x87\xF5\xC2c8\xB2\xE0\xDD\xC5/\xE7\xD4\xFA\xE9\xEA\xEC\xD7_Ï®N\xFF\xBA\xFE\xD7\xC9\xF9\xF5p\x96\xF8\xBC\x9CI<ȧ\x93?\xFEb\x8B5�\xFB_',\x95\xD6\xE8\xC5#tXÊ�\x8B͉\xD22\xD5J\xCA0R\x9F|8\xF9}@�ͺ\xA5s\xFC\xD3Ò¤Úˆ|\x86\x81\x82\xCF1P\xDB4\x93B:�\xE2\x99y\x96r�<`\x8C%ק\x9C\xF3\xA4}h\xEB\xF6\xEE \x8F�HD\x84\x84-\x96"K\x99b\x99[~VקK\x85+\xFA\xFBr\x8BM\x91\xF4\xF7Us\xD7\xD1\xF0M m�.?\xED\x8A\xFA�\xB4\x81Ó\xF7e�\x80K\x82\xEC\xCA\xED\xE7\x80au߶]\xE9Q�\xF4i\x8AMI\xB3{H\x9E\xF4-\x8D}Ú•\xDB'�\xBAÝžr\x93\xB4\x9Bh\xB5H\xEA\xAA\xEB=\xA1\xB74\xE2\xF0\xC1\xF9\xF0D\x9C\xA7Vk\xE1ND\xD8; TZ\x9ET\xB0Jf"ypH\xCB[\x98\xC1�It\xE3LÛ”a\xA4\xF0\xC0U\x80!6V\xAB\xA2\xAE\x9FhjU\xE3\xC1\xFA0\xEF\xE1\xFB\xAE\xACoA\xF42e\x92\xEB\xFBÒ³=\xBE;\xC9\xF24\xD3\xD6�\xB5Hd\xFC\x82\x94\x82[\xF6`]_\xF4\xE5\xA6l\xC2~\xA7\xC0\x8F\x8F\xA5\xA7\xAEhf\xF61y\xAA\xB2\\xF9\xF5\xC5z\xE9X\xB4TÒ¦\\xE7r̪\xF5\xB6\xEC\xBA\xE9�\xE0̦J\xE4\xF9"\x87Ff\xF8W=�\x91Zc\xCC\xFC�X��\x971\xCAC\xF9\xE6\\xA4\x8Agz\xBF3�\xB9)\xFA\xD5\xFD�\x91\x8A���ß‘È€\xF1%"\x95L\xB3\xCC\xF21\x91N<�\xEF\x92\xE7i.��\xB7Ѭ\xE1\xE6d\x9ETM_n\xBDD\xF6\x9D�\xEB\xC3�~3\x94{\xECv�\xE5\xAA*j\xEA<�O\xEEu\xA3\x92\xCByr^ c\xDC�\x88Ó².?\x975\xAD\xA5Ç‚�e�\xC4�Q\x{3B4ABAB}\xEE\x9A\xD2�\xE37ZÚ\xA2Y\x95) L\x9E\xA52\xE3f,/\x97m\xB3l\xCA;\x90I\+x@\x8Fx�K\xEEÊž\x86�\xEA�\x944xStaY\xDB� \xBC\xC1jKC�mW\xF5U\x98pL\x80Qz\xA40\x80'\xC2�--\xAA�\xE2Ü€\x83`\xDD\xCB\xDCN�Ix\\xB3\xEA\xC6Ú‚\xFB\x87\x88X\x8D_�\xE8\x81\xE4mOc\xA8ip\xC8Ï™\x81\x8A\x8CE\xF0\xF7\xED\xB6w\xFB\xC6X\xA2\xA3\xC301Þ€2\xED�˲!\x90\xCA\xEF\xE2\xA5"\xDA\xC6\xEBG\xB0\\xEE\xA2urF\xE3{\xD6�t8�\x8C?VuM\x837\xB3�1\xBAo1l\xC3 ×j\xB3\xDB\xD0h|W6R\xC1\xA3�c\xC2@\xD7]\xDC��\xFB;\xB1\xFE\xBC,iZ\xEA;Z\x91q* \x83\xC1b\xBD\xA65\x9D\x87\xF6Ç€)/H\x96d3�\xA4\x99\xC3=\xDEW\xC8�\xB4\xE9\xB8-~ow[2f\xD8�\xAD\xDEP\xABh\x9E\xA8\xD1\xC4b\x8C�\xF4^\xB0\xE5�\xFAUX\xE1�\x82l�C�#\xF3(\x80C\x92\x83\xC7\xD1\xFAe\xE5\x97b\xF3P\x97\xAFHK(>6\xC9Ü .�\x9B\x86e!
�\xE6\xFCowf!S\x8B\xEE\xC8\xE8䜽6o\xE6d\xFA��|�\xF9Z\xA87s�\xFB\x9B��\xCCk\x9E\xBD\xA1\x8EDL\xAE\xF5_Z\xB3\x9Cݑ&��\x8A\x88z\xBADaxdq\xA9\xEF\xED2v\x84\xD3 8\xD8\xC0\x8Bh\xB7�\xA9\xC3�}\x9D\x88 Ԧu\xEFM�\x90ȶ\xAE\xDBG\xC7c\x80\xB8y\xA2\xEF= <\x8B��\xC1R\x8F\xF6O\xA6�\xCCn\x8A\xEE#-�Z\xA7\xF8��0\xC7g\x9F\x8E\x93 \xA5"\xB4J&�\x89R��\xDB\xDF\xD34\x91�\x8D\xF2˪| E\x86\x90\xA8Bp8�
-\xCD0�aT\x8EPI\xCD1\x99 �\xC8t\xA4"\xA1aw/\xF9\xB0\xA6\xF2\xB8\xF7<\xA7\xC6zN<\xEA\xB2�\xE2\xEE\xC8CI\xAE\xEBt u\x97I\xA0\xD7\xEEX \xB0.o\x8B]\xEDW\xED%Ô¿\xBAC\x91Þ‹\xCFq\xC1v\x9F\xBA�\xE7
-\xB9\xF3&\xEA\xC3\xF1\xBB\x91<ι\xE8*\xE7\xE0-د\xF3\xD1\xC1\xB3\xB0V\xABy\xDB�\x87�\\x99 \xBF{��\xADc\x80\xCB7Ê\x89�1\xC4B\xD2\xDA4\xB7\xB9\xD9{�b1H\xD6\xED²4\xE7�\xE3�\x93rcɼF\xAFKg\xC0O\xF4 X\xAA\xA5�\xFE\xDC{`
-�� N\xE7\xF9\x941\x80�\xF8!�\x8A\x83�\xA9\xDDY�\x9F��|}k%\xC1Dmw\xD2=�\xDC\xC0ë‹X\xFC\xD8\xC2y�Ñ‘�\xDEe\x84Ø(�\xB9:"OY\xAE`{\xC1SΕ��\xC8�*\x931,4\xA5\x9Eu\x85\xB3\x89+l$�\x80mxW9YT\xFC6m\xEF�P\xB9\xA2\xDEu*��<\xA4\x8F%\xA1e\xD3)Ç”�\xA7�\\xE9E|Y\xDFv\xFF(i\xDAfv\xB1\xDC�|\xDF&\x9Dc\x91\x92\xD6\xCA\xE7\xA3C�H\x80�\xF0\xB6\xE3\xE8P\x86\xE80<\xE8�\xBC\x96\xBD\xD9\xFB0\xC4�/�\x8C\x84A\xAA\xC4�\xE9\xDC�\x85C8SP\xF7\xC7\xCB�\xD4\xF7\xB1�67\xC5�M\xAE`�m�\xA3N
-\xC1\xE0�TL�\xF78Ú Ý¹\xC6j4\xBAj\xDDw\xDD\xD1BÔ™WW\x9D\xD3\xE2�\xEA\xB6\xDDn\\xE0\x8A\xB3\xC5\xFF\x83o6\xA2D:\xAD
-۔=n��^\x81v&~\xC0$ŷ\xD8
-\xF1-\xB6\xBD=\xC4y \x89\xE2H\xECy\xE7\xB7m\xA8O�\xC4\xEA�\xF0\x87\x95�\x87\x8FfU\xE2v\xA7f\x98s\xDE�,\xAC 8l\xD6%\xF8\xA2pr\xB8N�\xF5\xE7�rf,�\x9E\xE7f\x87\xF8�D�eI\x8D~6\x80\x85��\xADC`\xBA\xDD��\xCBv\xEB�ODF\xB3Tp>�\xC4"\xFA\xAA\x99>C0r)\xE3\xD9B\xC2;\xC8T\xE6^!\xCDm\xEF\xBCr\xBA\x8A\xD2%�|�\xC3���\x99\xA0)V\xA4\xE5C\xB9\xF2J�( \x8FCM \x92\xA0\xE8\x842c\x8A�\xD26�\xD4�\x84�b\xF3\xBCG��6\xF3"��\xAD\xEAj`S\x90֚D g۵\x87\x83\x98cW\xAFc\xB8b\xBB-\x9A\xBB\xE8�]�e\x89\xBC9aS\xC1P\x87\x8F\xE3�T\x8C�\xAE=\x90\xDF\xD0>l+\xB8*t/\xF2̧Cp\xBE\xEA\xDCP\x9E\xEC:zS\xB8\xC6\xF9\xBE\xD8ػ\xF1\xA5\xC7GJ:\xF8q\xD0pF\x9D\x9AM�\x90z\xA0\xC8Mį�A\xDC\xE2\xD6#\xF3\xAE\xFCt+\xF4\xAF!�\xF9�\x9CB�\x93\xBC\x9A{\xBBd T)\xDC;\x84F\xCC؎\x86V\xEE
-Ac\x8D\x9B\xBA \xA5\xF2S\xCE}\xC7\xE5!\xBEq\xF0\xAD\xF7\xAFV\xBD{\xCFn\xA8\xF9\x931q\xB7\xF3\x8E�\x92\xC7l\xF2�\x97's��\xF3p\xC5\xCA�1\xF8�\xB6�(30L\xC5\xC1\xE0\xAB@\x9B\xA7�U8.\x9Cy\xD8t \x93c@\xE8\xBE�\xE5�U"\xF9Ï”d�&�\x9Ev>\xD9�d\xD2G\xEB8\xD7z\�0\x9D\xE1\x9F�\xF5\xA2[A\x95(\xD0\xC8T]X\xEA\xF8c\x82\x98~\xDAU�\xD6c�\xB8F�\x88wy9\xBFG\xB1\?\xB8\xB0!>+CІdv�\xC7vì–ŒS;6\xCD2�|\xAD\xC1B�\xEA7\xA9RÍ\x9EIÒ\x89E\xA5\xEAt)vnJ\x88Z\xBCY\xB2pw>{\xC7\xD8|\xF6\x8EK\x93�k\xB3!}7\x9B\xA1\x93\\xA6:79\xA88\xD4^p\xE7ßš\xFC�0.c\x94\x87>\x86�u\xA9\xB3\\xEFw>\x9A\xA1\x93伉\xEFHd\xC0\xF8�\x91*O\x8D`|L\xE4\xF1��8\x80\xE3��c\x87�:�\xEB\xE9�A\xDF44\xB2i\x87\xAC�\xF4\\xAA�Å™\xD2Ťx
-\x9CE\xC9I�ͧ�2~\xC4Ö¢�\x80o\xFA�\xB9b0q\x82\x8B�C�\xB8×{f�*\xA0H��]i\xC1\xA9S D \xCD�\x81Ø—\xACn\x80_\xC6�f\xCC\xEE�Þ±\xDD\xCDxT\xB28�l\x96�nF$͘]�z\x81\x8E�\\x91\xD1�I\xF2\xC9Sw�\xED�5|��96ae\xF5\xECuq�8i\x878\xE5y\xC5\xC1\xE5\xA0a6\xBB.\xE0w��\x9F\xAAg\x80\x8D)=��T\xE42�\xCEÛ“`�\xCB/�u\xB5\xAA\xFA�r2\x95* }^\x87p\xA3 �\x93r!\x84H\x81G\xF9\xB7'\xD0�\xC6e\x8Cr&\x81n\xF2\xD4�\xC8~\xE7\xA3:D\xA0\x94�m\xBF�\x91�\xC6�\x88�`�x\x8ER��yL\x87�\x88|Mx\xAE\x94�»\xA2\xCA�\xFA0[�\xE8�[j\x84\xBC9\x96\x8CrM� �\xA2\xF6غ\xDC\xFD�(\xCCh\xE6�>8\xE7\xE2(l\xDC\xF8\x95$�"\xB9\xF8\x8D\xA4\x88k\xA0\x9B\xAB\xB1[�\x99j\xCCÆ‚�\xE0\x96i\x8B\xCB\xD!
C׫<\xA4\xE3\xCB�\xE4\xEC\xED/Ô @�[\xEE\\x9AÒ´�\xF3\xD3]O)\xA7)7�f1\xB4~\xC1\xAC)��,�\x9E\xC3\xD3�9X\xC1o\xB7��\xE32F9g1�\xE8Q\xA6\xF7;�7k9\xF0\xD5(\xF9�\x89��_"2\xD70+\xF9\x98\xC8c"\xA9R\x80�\xD5Fr@Ü\xDDÒ·\xA4\xD2�\xB4\x9C\xF6\xC3F\xA8�a�cI'\x86\xDA'\xF3Ỻ/W�}F�\xEC\x9DJ3�4\x8C�\x8A\xBB\xA2jBN\xA1ߧ�\xA2\x88�=\xB58\xF1�g!\x87�!a \xCD]\xD3WÞ±+\xE8\xE3��\xA3\x84\xBBk\xD6s~\xDE{\xAAh\xA8PI\x82FL\x8DTbR\x86PT_�\xAD\xF0\xD4 \xF0}\xE1\x81n\xA8\x8C\xA3|\x85\xA9\\xBB\xB2��\xE5\xE3\xC5³W
-\xC6ő�9\x8C\xD0�'\xB8G\xBE\xF9\xED\x9DˌKQ}\xCC\xF8\xBF\xFB�\x85�ރ\xC7BC\xB1\xEAw\xAEN\xC81\xA6\xAA6U_}.\xA9\xBBW$\x9C\x85*7�(\xA7΀g\xC4�\xCE'\xFC\xE1\x9C\xE4� wݰ\xB6\xA5/\xD800\xF3a\x9B\xA3뛹S\xD1\xDD�;M+aq\xA9\xA5\xEF\xA6\xFD<���ݔwU\xD3P�!H\xCAG\xF31R�\x99IW\xBA�\xC1\xC4&\xDFװ�\x95\xA0\xF0\xE3se1\xF2GOEP\xE6\xAF(\xA1\xD4S\xC8\xE7Q\xCF�g] 7\xEEXg\xE2\xAB\xF1eB\xF8\xF6>\xA6\xA7Z�\xCF�3!\xE4#\xD5�\xAD"\xC0\xCE{$Ƥ\xB9�~FpL\xE12�\xB6-S\xAE\xA6\x9D\xE7ϥ?\xBFV\x97�\x8C\xCB�\xE5\��:O\xC0\xD5�`\xCF\xC4�,U\xC6~G�=—H\x84Y\x85\xB3#�\x8FG�Z \xE3\xD9\xED\xAA\xD7xGs\xA6\x90\xA5\x8C�\xF9U\xAE\xBD\x86 `\xEA\xDAc\xE1\x95�\xEF\xD5ɆS0\xB0�)�\xD2\xCE\xE0\x83C87\xB1\xFE\x83\xAC\x89̫N\xF0<\xF7\xB5a�-\xE8\xB3/�\xBBAW�\xCBB>'\x9Bj\xF0\x8Cy\xFF8hp \x9D\xBC⌅ZY�\xB4\xA9�*@�\xEEYy\xC4\xF8\xE6\xC3\xEE\xEDq\xBD\xA1\xD9H�\xCCٔ\xB1
-84��xi&\x94\xF0\xA1A�G\x87P\x9A|_\xBF]*!)\xFD\x85Ph�*�\xD3�I\x8EUY9\xA2�\x92}!ݘ\xFD*gc\xE2\xCD&Y4Dv \x83U2j\xF9p\xC1\xB5}\xD5�ZX5\x9F\xE1P|\xF0\x8E\x92\xC2Q\x99\x90�\x86i\xE4I��s\xC7C\x86\xF9\xC9�\xDC\xD2wHG\xBB<U\xEDgA\xAB5\xA0\xFF\xDD}١b\xEA\x92B�o]\x96_z\x82۸s \xC8a\xB9\xD2�\xECsm\xD8\xF1?abӟ.\xC5\xC42\x93\x84\xA4\xAEO~\x9A\x84[\x8C2M\xCA_�ES\x9E"\xD4\xD3<\xF3b
-\x80\xC5mO)V�r\x9E [V>\xEF\xC8\xCC>\x9F�P
-\x8FÒ§�\xA3�9\xCC\xECË»Ì\xF0Ϙ�\xF7� 9\x9F�\xC5\xF1\xEE\xBE}l\xA8�\xFDv\xC4\xFD\xE8\xAE\xF3 �SH�\xF3[k\x99\xFC>�&\xC0O�S\xC6?\xB2\xC3^A�/a\xD2\xFFBG�\xB7 0\x8C\xB8y\xA4"+u\x8A\xBFt\x9C \xDA\xD9P\xFA\xFC\xE6�T\xEE\xCBa�u�#\x8E\x84\xFF,K\x8D\xB0y
-\xB9\x9D\xEB)\xE5\xC3//�I\xFF�\x85Ì\xDDendstream
-endobj
-1771 0 obj <<
-/Type /Page
-/Contents 1772 0 R
-/Resources 1770 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1756 0 R
-/Annots [ 1776 0 R 1777 0 R ]
->> endobj
-1776 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [242.0197 308.8411 315.2448 320.9007]
-/Subtype /Link
-/A << /S /GoTo /D (rrset_ordering) >>
->> endobj
-1777 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [238.0484 230.3842 311.8142 242.4439]
-/Subtype /Link
-/A << /S /GoTo /D (topology) >>
->> endobj
-1773 0 obj <<
-/D [1771 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-518 0 obj <<
-/D [1771 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1774 0 obj <<
-/D [1771 0 R /XYZ 85.0394 749.6227 null]
->> endobj
-522 0 obj <<
-/D [1771 0 R /XYZ 85.0394 377.478 null]
->> endobj
-1775 0 obj <<
-/D [1771 0 R /XYZ 85.0394 355.0589 null]
->> endobj
-1770 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F62 1361 0 R /F63 1364 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1780 0 obj <<
-/Length 2109
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDYOsÛ¶�\xBF\xEBShz\xA2;�\x8C\xFF$\x9B\x93\x9BÚ©;\xAD\xD3*z\xF3\xA6\x93\xE6\xC0X\x94\xCD)E*"�ǯ\xF3\xBE{�X\x80�)Jv\xE2�:\x9E1\x81\xC5b\xB1\xFB\xC3bw�\xB1)\x85?6U\x9A蔧\xD38\x95DQ\xA6\xA6\xD7\xEB \x9D\xDE\xC0Ø« s<3\xCF4�\xB9~XLN/D<MI\xAA\xB9\x9E.V\x81\xAC\x84\xD0$a\xD3\xC5\xF2m\xA4 '' \x81F/__]\\xBE\xFA\xCF\xFC\xEC$\x96\xD1\xE2\xF2\xF5\xD5ÉŒ+�]\\xFEr\x8E\xADW\xF3\xB3_=\x9B\x9F\xCCX\xA2X\xF4\xF2\xA7\xB3\xDF�\xE7s�\xD2N\xC6�\x97W?"%\xC5\xCF�\xA1\xF3\xF3\x8B\xF3\xF9\xF9\xD5\xCB\xF3\x93w\x8B\x9F'\xE7\x8BΖ\xD0^F\x851\xE4\xC3\xE4\xED;:]\x82\xD9?O(�i\xA2\xA6\xF7С\x84\xA5)\x9F\xAE'R \xA2\xA4�\x9ERN\xDEL~\xEF��\xA3v\xEA(~\x8C�.4��\x90\xF31 UJ\xB4\xE0\xC2�X\xE5\xED}\xBD\xFD\xEBd&T�\xDD�e\x89\xAD\xCD\xF6\x84%Q\xBEʷد\xDB[\xDFÌ–K�l\x9A\xBC1\xA4$\xAA+�jo\xB3�[=\xB1m\xED\x87sl\xB0\x94�\xA6�\xC2O\xB9tB\xABeH\xB8\xA1Ä‹j\x88��,\x9E1FR\xA5\xB8U\xFF\xF7\xBB|[\xA0�i\x84j]\xE7\xC5\xC7|\x89sW\x96T\xAFq<C\xE2mÝ´H@\xBD�\xAFXÚ.\xDD\xEA\xC0\xB2=\xC0\xA2\x86
-ⰇЀR> \xAD�f\xEA\xC0�\xB1f \xADq5\xA3\xA2\xF9”b\x8B\xCDe\xE1�m\xCD�\x86r]W�t\x8Dզ\xDBC\xEC\xF4B\xB2\xC0 ̊1I�\x8F\xED\x8AM\xBDm\xCB\xC2\xE0\xA1)\x8D\xFE\xB6JqARFe_\xB5\xD3Sd\xB9\xBC\xC0\xAF\xC5\xC34\xCA\xFA:+\xB1i\x81�1\xCB\xCF]\xFCt~\x85\xADU\xB1\xF5k\xAE
-\xD70\x96\xF6$\xAF견\xEF\x8B\xEA�\xBB`Uӗ\x8E!\xE0\xEF@�\xA3\xC1\x8B\xC0�\xD1W$d5⎰\xFAmf\xB0\xCD/\x8E,�\xBA\xF2\x8B>I\xECH\xFF\xDF\xFF�\x913�\x93\x84S}�j�\xCCu\x995
-6_\xF6WbC|\xEF�\x87!a\xDF9![G\xE0\x83\xBE�۱\x81q;��X\xB1\xCF\xE2\xE6\xFF:\xE0\xF8a\xE0\xF8�8v�\xB8#^\xF1yP<\x95\x9B}
-\xE0\xD8��'��'��\x8E?\xC1\xE3\xC4gA!\xBE\xC0?�9\xE1\xB3<\x8EÈ\xADj\x88\xD3f\x8By #]\xD6v\xB1\xED�(�\xFD\xE5\xBE\xFE\xAA\xA7\xFF\x88_z+Fc;��\xAA\x85A\xA2X\x98\xA8̵�\xA3\xB2\xE9柲\xF5\xA6tc\x98\xFCL\xEB�r0\xB60WeM]e\xEF=\xDF\xFB\xFC6\xFBX�\x90P\xA2k\xB4~
-\x97SL�\x93\xB5i\xD9�\xC1\x93�l\xDA\xEC�\xDFAJ�\xCA.%\x8E\xE0\xBAK\x903\xC1\x93\xE8Ҭ\xA0tT؜�GM\xB1.\xCAl\x8BDS\xBCدUN\xF5\x94\x87^\xBD���9� &ŢܢB\x8A/3u$IJ>9-\xE6y\xB3\xA9+\x97\xF8aZ^\xB5\xA1�q\xF4\xE1\xEE\x84E\xAE\xDC1\xFD\xAE\xB8�\xB1�\xCB�\x91z(M\xD3\xD5=\xA2+R��H\xD9G[\xE1 1\xAB�\xB0aL2\xDFNF�]C
-�\xD3
-\xF0T\xB1�-1\xA3h\x89\x95X\xE3\xF7CW\xB5A'\xA8Ñœ�#\xFE\xEB\xEAO\x9E\x88n\xFB�\x8E\xDB�\xA4�?�/ \x86\xB00�\x86\xAER3�\xE7\xAC\xC0�\xD6gVÜ ��\x92_\xA9\x85-\xB0\xA7\xD6t\x9Al\x9D\xF7�\x83\xFD\x92\xF6w\xD2Ì©\xC7v\xC8[�\xF5Z�\x87\xE98\xB5L�W\xB7\xD8x\x9F\xE3\xD7xR\xBE<Z\xD5%�\xAB:\xADH\xAC\x84z\xACv��H\xA31\xE5P5\xD5�\x98\x83��\xA1f\xA0\xBDT\x84Æ‚ww:\xA6 \x83X\xCA(�\x9CÏ›\xDC!\xF1z\xBB�\xA8 \xF6\x8C\xC6+�\xC7I2i\x85\xFC\xF76\xB7\xB1AE뻲-\xBA�\xE5<\xA4\xB6\xDFe\x83,�RC\x8E\xF6n[Y\xB7\x81\xE1\xA2\xF2�ȱWͽ\xDD;3\xE6\xA2\xD3:{@\xC2{'��\xE2\xEA\xAED\x9A=\xC1&(\x81\xF7\xD4ÕŸ\x94\xF2\x9B\xBBpI�\xF8T\xE4\xD4\xCA]@\xB4\xC1\xC5Ì¿=\xA0\xFDÈ®l\xCA\xEC\xDA*.�(nW\x96\xD2I \x92sl\xEB\x9F&\xF0\x80\xBB\x9Aо\xBF)L0�\xD1'�\xF9F\xECv�\x9B0\xAB
-\xFE#\xE0+JT�WK\xE4mÚ¬\xCD\xD7�\xBF`\xC9M\xBE]�\xF6È‚"×\xFDY[\xD8S��\xD6N\xF8vZv8`\x9E\x81y{,cP\xC0ÕžA\x96Nã¾—�\xEE�\x95\xE1'p�\xE8\xF5å„´�H\x8CForÇŸ\x95M\xDD]\xC9\xC6pKb\xB8\xB1K\xE5\xB1\xF0Gq�4! �\xC2 \xB3\xEF\x86o
-\x82k��[M\xB9\x84�I\x93\xC4\xDC\xEEqp{3\xC5\xC6<x�\xE8\xF8g\xE1\x84\xFD\xE7\x80}\xB9F\x8F7�.�\xE9\xF4'Q\xEC\xE9\x94B\xB4IR\xD1\xD3i\xEFa\xA2\xE3zL\x93=iF�\xBC\xEFÏ„\xA5iÙpg\xD5�\xF4\x9AP\x90\xE5�\xED|5T�V\xD2I�O9�BBk\xF6\x94���ÊN\xA3\xEF33/p�JD�{\xAAQJt�\xAB\xDD\xC2v\xD37\xF9\xF5\x88cpN$U\xFE4�.1,ssp*\xC9\xCF��\xEB\xB1\xE6{�taOS\xAA\xFA`\xBD\xC5:\xDE.\xA4D\xB8\x90&JS\xE6�\xEA\xB8B\xC0��$��1\xAA\x88�B<�\xB1N\xE2,�i!\xEB)\xC7`;cn \xF3l\xB6t39w�2W×¢%\xEF�\x9A\xB7\xED\xC3&�1�"�\xD3\xDC\xFB\x89g\xEAY\x9D�\x8E4\xD1_\xD1j/\xF11\xAB\xD3�\xDC=\x96Ï°z\xC7Ü·ZAS\xFAx\xFEͲ^gE\xB5w\xB0)#\x9A \xF5\xF5�\xEF$>b\xB8\xA0\x92h\xCAž\xE1ߌY\x9E�8ui\xDF\xF2]\xF6�\xB1\x9E�n\xCEi��\xC6\xEB��\xED\x89ݨ\xF0�]\xAE\xF0鮪\xF1q\xCFÝŒ
-\xA9\x80\xA4\xEE\x9A\xE6<�\xE6\x94\xE6K\xB8�\x8BD\xFBgC\xA3\xD5*\x83\xBC\xE3\xA64\xA3\xD1�\xEEq:\xF6�tv\xF5\xC7xhЩ\xF4f��\x87\xCA%N9(\xB3�@\xA5MÞe��ê–†\xBA%�t\x8B�\x91\xBCKj\xC7t\xD3\xC7u\xB3\xCE�,�xC\xC2� �<I\xF4\xD5\xF5\xE9\xD6�B\xA7\xAE\xE9\xF8\xE8\xF8'\xE7rLq\x9A\x80\xA3P\xE1\x94\xFAvDm \x96 \x86\xAC��H�Íš�ܤ\xF9�\xDAÌ¥#�\xBD��q\xDF=�^\xB72\xBF\xC9\\xF9\xFE1+\xEF\xF2.HoG\x94K�\x90\xA0\xC4\xE3> )0N\xBB\xF2\xCAU\xAB\xDF\xEF�-\x9A��\xFF\xA6LB�\x91\xA9z\xCA\xD9�2!1\x94\xDE\xFD\xD3\xFBe\xB3\xBC"Ô¿3�\x89�8\x8F\x82,\xD7\xF43\x86q\xD3��\xC8\xC3\xF9�\xC09\x9E`�D
-8\xDF\xCCTU\xEE\xC7!\xE3>\x9F\xF0�` (\xDCMl\xC1\x8C\x80\xCE{\xF7�I\x83\xFB\x80d\xC3\xFB �\xDBzRz\x8F�\x96\xB0lG\xFAÞ\xA0~�\x87I�)4\xFA_]\xE5c�\xBD\x99U\xE6d\xB8\xDDR\xC5D2(wB`\x9E�\xB6\xD9VHR\xC9n\xFD\xA7\x8B\xF43�\xEF�\x85j#\x91\x8Fl��_�S\x8Dw\x8E\xACZ\xE2\xF3\xC6gl\x9F
-Q\xEFj\xF9n\xFB�\xED\xAE�M\xBD\xF6<\xB8\xD0 \x89\xC42:�\xFAΚ\xE7�$\xA12\x8C9ܳf1\x94%\x8A\x8DU\xD2t\xFA\xE8~<\xF5�\xC5ݯ\xAD݄҄\x8F\x97\xE4<N`?@\x88\xB0\xC9\xD8\xE2�뽟;\xFD/\x8F\x8E+P\xFD�\xB7n)Mendstream
-endobj
-1779 0 obj <<
-/Type /Page
-/Contents 1780 0 R
-/Resources 1778 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1756 0 R
-/Annots [ 1782 0 R ]
->> endobj
-1782 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [325.3322 237.4931 398.9856 249.5528]
-/Subtype /Link
-/A << /S /GoTo /D (the_sortlist_statement) >>
->> endobj
-1781 0 obj <<
-/D [1779 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-526 0 obj <<
-/D [1779 0 R /XYZ 56.6929 308.0833 null]
->> endobj
-1304 0 obj <<
-/D [1779 0 R /XYZ 56.6929 280.4919 null]
->> endobj
-1783 0 obj <<
-/D [1779 0 R /XYZ 56.6929 154.8032 null]
->> endobj
-1784 0 obj <<
-/D [1779 0 R /XYZ 56.6929 142.848 null]
->> endobj
-1778 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1787 0 obj <<
-/Length 2725
-/Filter /FlateDecode
->>
-stream
-xÚY\xDDs\xDB6�\xF7_\xA1\xB9'j\xA6D\xF1I�\xD7'7\xB5{\xEE\xB4Î\xA3\xBB\x97\xB6�\xB4�ÛœR\xA4"RqÜ›\xFB\xDFo\x81�H\x8A\xA2\x9C\xA6i2 !p\x81],v\xFBA\xB6\xA0\xF0\x97-rE\xA80r\xA1\x8D$\x8A2\xB5Xo/\xE8\xE2�\xDE}\xC1�M�\x89\xD21Õ·\xAB\x8B\xAF\xAF\x85^�b2\x9E-V�\xA3\xBDrB\xF3\x9C-V\x9B\x9F\x937\xFF\xB8\xFC\xE7\xEA\xEAn\x99rE\x93\x8C,S\x95\xD1\xE4Û›\xDB\xEFp\xC6\xE0\xE3\xCD\xDB\xDB\xEB\x9B\xEF\xFF}w\xB9\xD42Yݼ\xBD\xC5黫뫻\xAB\xDB7WË”\xE5\x8A\xC1z�v8\xB3\xE0\xFA\xE6\xC7+�}w\xF9\xD3O\x97w\xCB_W?\\\xAD\xFA\xB3\x8C\xCF˨p�y\xF1\xF3\xAFt\xB1\x81c\xFFpA\x890\xB9Z<\xC3�J\x981|\xB1\xBD\x90J�%\x85\x883\xD5Å»\x8B\xF5�\x8E\xDE\xFA\xA5s\xFA\x93\x94�Æ• �J"8{\x85-\xB2\xA0\xC06�\xA5&9\xA7z\xC25eB�\xA9\xB4\xBB��\x949\xE5\xFD\x9Dp6\xBA�&�É…P�\xAD�\xC9��\xFER\xD6/\xEB\xAA\;\xDD 9�\x91g\x8A�\xA5��Gvg\xD7\xCD~\xC9\xF2dÓ¢R�\xFF\xCB\xE2��w\x87}m78SÖ��\x81\xCB@\xDC�\xEAM\x8A\xA3\xFBH��ؽ\xBBH\xE2D�\xE6)cN�y J)\xA2\xD1\xC0\xA8t\xE2H\x9E\xAC\x9B\xFA�J\xF9\xE3�E\xD9\xE0\xDB\xE7\xB2{\xC2Q\xF7dq\xF0�\xE7�\xFEe\xB6.\xEE+\x9B\xBAE�-\x88\xB2om\xE7\xDE!U\xB3\xEBʦÆ\x8BnN\x94u\xB3Ý•\x95\xDBTФ+\x97,\xD9Ú¯\xDC/\xE9x\xD5a\xDEs\xE5�\xD4QveQ\xE1lβ~\xC4\xD7\xCDÄ\xFE\xEE�\xC4\xC1\xB9粪pr[t\xEB\xA7cYбp\x99\xD3`��\xEDήKw\xB6\xE9}\xF4\xA4\xBF\x{1F43AC}\xB2d\xEA��\xFCCg�_\x8C\xAD\xEA\xCB,UÈœ�\x80\x83E:xȧ\Î\xD1TO\\xEEÏ\x8A\x82\xB0\xCC�\xA1\xC1�@\xC1$\x87?cW=qYA38\x8DÑ‹43\x8A䆛\xC1\xBF\xF8�\xE6eZ\xC3�Å«\xB9\x86\xCB\xF6Z\xB6�\x8B\x{DBB2}GO\x93c\xC7t\xB7 K�\xD7~\x897Å´\xD9;GH3J\x93\xFF\xFA;\x8F$\xC7VX�m\x8BT7\xB7\xF8\xEC^v�G\x97\xF8\xA8\x8Bm\x98\xF8\xDBS\xD3v$HB\xC0\x82\xFF\x86\xF3#^\xFB\xA2\xDE4\xDBo\xE6,~D\x85\xEE\x8CT\xE9D0<\xF7\xFF\xBE\x99\x81�Ø�P\xB86\x9E&Xv\x96%\xEB\xE2\xD0Z��\xF5��Б\xDB]S\xB7\xD69y\xA6\x93�\xAFLx\x87gt\xA3\xCB1\xF1�\xA2`\xD2Û¼\xDB�\x95\xE4\x86NIn\xA7\xEE\xA9\xE8p\xE6\xA9\xF8�\xB6\xF2\xDEz;\xDCp0� j�©
-g\x8E V\x92\xC9~A �w\xB4 D\x81\x8F\xF6\xF0\xE0\xA4\xF5�\xE4\x90C\xB3\xA4kP\xA5"\x87\xB0\xC9`\xB7\xA3�(\xAA\xE7\xE2%\xC0\xEF\xFD'\x91�or�YS\xC1\xC0:\xBC\xF2\xDDK\xC0\x84\xFDx\xB7?\x87\xF4c\x88?\x83\xE4\xDEP\xF2�Ér{\xA8\xBA�T�\xD48V\xBC4\x84e2�j�{Å©\xCA�\x85\x88�\xBE\x87\xB4mWtvk\xEB.\x9E`\xB7\xB3\x85\x97\xE5\xAB��_f�W7]8K\xB3\x85\xA8�O�7\xA8'\xE8 �\xD5M �\x98T\xA5mɹ4C \xE1\xD2�\xF9\x87\xF2�Ɖ1J\xCE\xC3�\xA82�`b\xF23�\xD9/�f\x8A\xC8}:'A\xDBR�9\x86\xB6\xDE\xF6\xC0\xA4)\xD1�\xD28\xC5\xC05f�\xB7\xA3{P`\xF0>Ç D �\xEF\xE1-\xA0�KV\xF0?O\xAE\xA6z\x81-%\xF3\xB1�\xE2\x8C\xF0\x98\xBAx\xBF`\x84Jc�ÒŒ\xC6\xFE\xA4\x83�\xFC\xC4\xD77[\xBE\xF8\xAE\x81\xF3,FG\x8A\xFB\xA6\xA3\x8D\xFD\x89\xB2\xB1\xC10\xAE \xD5�\xD8C\xF6\xA7%ED\xBA�[\x96L\xC1=\xBB\xBCÂ\x{1B6C85}\xC3&\xF7Ã…i\xF7\xC4\xF4Ã���\xA8\xCE�\x86\xD7F&\x8E2.J(\xCFLo\xC2KX\x82f\xBC\xE44\xE9M\xF9H2�\xF20\x99MM�\xF9m���\xF3\xB6\xEA�\xEDa\xB7s\xB8(\xC1<qƧ8�U\x96\x90>\xD8M\xC45p@V\xC8Ù\xA0:\xE0:,\xC4|$3ɽ�\xEF�\xC7�\xFB\xE0\xF6)\xC0Q�rH\x96\\x97ag$\x98Y\xBF.갑ŧ˶ܞU\\x84\xF0kFi�\xFC\xE8Ê=�\xC0\xE72�/n\xF3\x99\xA84\xCE\xE7\x90C::\xFBQ^\xA7!Ù¬\xF1\x89\x8E��\xF7j\xC8�\xED@ \x82m�A\xF1G�`\xE0\xEE\xEE4I2�\x80�.}\xEC?_\xE6\x92\xCE\xF7\x95�\xA3\xF9\x8C$\xE9u\xBC8\xF6r\x9AQ3_ D2\xB0�\x92\xE5&\xF3\xFAuu�\xCB�Sp\xC3�B\xFFj\xC9 �=\xD4\xE1:\x8E\x90�\xAC]�H�
-É—�\xF3\xF5c\xA0IGD\xE7%\x89DN\x90
-Ҙ\xB4\xEB\xAA)W�驔p�\xAF\xB1\xED\x89N\xF9�\xA3\x82"\x92\xEB\xEC\x88\xF1;ۅ"\xA3/"\xEA\xC3\xF6\xDE\xC7L\x98\xF4\xB9;<[\x88\x9B\xB5\x8F\x99\xAE\xDChBYR\xACq
-\xF7Q�\xDET>�\xC3�\xFB�q\x93\xB2Þ”\xEB\xC2\xD5�\xCE\xC7h\x9EP\x9Cß”\xAD+S®n7�\xB7,y�T\xBFPEWO\xB1�\x82\xE7i��9\x8CY�É·oW3\xE1�\xC0C�o!c׊\xD9\xC0�\xF0gc7�\xB81\xCC�V1��88`�\x99@;\x93>1!\x89\xC9{\xFE\x90=\xCE\xF0w\xB7�\x95S̘\xE0T\x8C\x86\xFC\xA0\xAC�\x9Dm\x91\xB5�\xB3\xF5f�\x8B\xB7\xC5\xC7r{�\x99·\xA2:\xD8\xD7Ä\xE4\x9CC��XA]3+OF\xA0P�\x89#N\xC5!!U\x83b\x9A�'\xF0?FK\x85[\x91\x90\xB5\xB5
-\x8E\xC0>:,y+c*���m\xA1 \xEEp\x8C�%#�\xC2\xE8\xBB\xDBw\xEF\xAE\xDE\xE0��Xn\x8AX\x9D\xAA\xE4\xA1(\xABP\xF4\xB6a\xAF>\xA5q<\x9D�n\x82\xB9\xAC\\xA27\xBC+\xE3�\xDC \xCEV\xA6s�\xDB+\xB7 I[\xD4\xC6`\xF2}\xFE�/\xA7 ij�&\xA2#\xB8J�\xB4Pڰ\xAA|8ɬz\xE5\xE1��N\xDD\xF1\xC6\xE0�m\YԳb\x91\xB3\xF8D!\xF6g\xFC�\xF84�\xBD\x82O\x81\xC8k\xA9\xF8\x98\xD6\xFE\x98\xB3(��#\xB91\xAF2\xEF\x89N\xB9�\xA1\x94�\xF3dP`\x8Cٯ\x96�\xB0\xC85
-Tp\xDC\xCDa\xED\xBB 2\xA9m\xF7\xDC\xEC×ݾ\xE8\xEB\x8E5\xBEG\x9F\xE2.\x80\xAFq\xADOy\xDC\xCC\xCE\xEE\xA1\xEA\x82H\xB8\xF6\xDD
-nb\x8FB
-\xF8�;\xB4]3\xD8 \xBC\xAB\xED#\xD8\xE8\x87 at Y\xD4\xED\xB3\xDD\xE3\x85L4\x99J8K\xE6\xFAaG�w\xA2\xCBis*'�\xEB�\xC3[ � �\x91��y3\x81'\xDA
-�
-\x94s\xC0
-\x98�\xB5�\xD8#z\x93[\x87>�#\xAC5\xB9\xEF�\xB5a.\x9C�\x94u\xFF>\xF2\x8A\xFA\x88/%\x9A" v\xB0\xC6E��?\xCA\xC0�\x9C\xEA�NO\xF5\xA4\xA0x�P\xFC\x8F\xE8\xC7(\xCE�\xFD\x9C"\xA1\x81�/u\xC4A:�\x84\x82C\xD84*&\xA3\x83\xBFk\x84E�>5\x87\xFD\x80\x89S_\x81Ô„J\xFEy\x92G\xEC\x85D2�e:\xB1�\xD7�\xF1E':\xE8+\xD4\xC3Ú›0\xE21$+\xD4)\xF6È B\xABaT8\xB7\x90u\xD6]�\xCA@\xC0\xE5�\x92��\xC1S��\x95ߦ\xAF\xBC#b\x9D at Rhu>��\xEAbQ\xEDC\xD2Y0â’¹\x9EX\xF6:�\x8D\xA9\xCE\xC3QO�5}�\x8E$\xC4{ \xB5\xF8\xAB\xEC{\xAA�\xFEÇ€�I)\x90���\xF2&\x95Ep\xCFÆ¡ZE_\x83i\xF45�<?\x95맣5#\x98q\xEF\xC35fC<\xC9b\xB3\xA1\xAC\x8B\xFD�\xCE8\xD3\xDC5m\xE9Û²�lL�\xB2�\x88R\xC1}8D\x9B\x812
-�\xBE\x89\xC9�\xA9M�B%<\xB1\xDA\xCFU\xF2l\xEDo8\xE5\x98i�:#A7\x80,^\xF8\xDET.\xFB\x94$�\xA1�V\xFF\x8Eq\xB8\xC1\xD9m\xF1\x82\x83\xD8�\xCB]\xD6P!\xE9\xFB\x83
-\xD1�f\xBB\xB0b\xE8\xC2\xE0\xEFwWwKP\xD5\xAE]\x8F\xE3\xF2\xE6ǯp\xED\xBD\xC5�\xE7\x9Ay \x89�P\xD94\xAE\x91!\x84A\x8D\xB68\x8Bo]\xDB�\xACxk7%X3\xBE\xF1\x8D\xE9@\xE5N\xDE�܅9\xDA"\xCC޾ç�*\xEEţ?\xBE\x9B\xBA\x84?__\xE2x\xD2j
-\xB9\xA5\xE7\x89�\xDE \xDCD�,Mu\xF08=\xD3\xFFޡ6�\x9C\xF53\xA6�Q\xEE\xF4\xAF\xFA٘꼟\xF5T\xDE\xCF\xCA:\xDD7Mמ�&\x86��\xDE\xF3*\xEB\x9Ej\x867\x9F\xE4\xD1\xDCHv\xCC<D\x8E\xDC'o\xC1\xB3\xCCP\x9E\xA8<\xE4lA\xDF
-b\xA9 N\xD5\xE2\xAB\xD0�\x85�\xA6[Q\xE5\xEF�\xE5\xF05�\xDE�7\xCD�\xE9�*\xDBv�\x82\xE0\xBC\xE6\x88k>\xE1\xDA \xC9}pB.�k\xA6NX\xAC\xD7v\xD7a�\xFB\xE9\xBA#�\xEB\xCBu핎\xBD�>\xD74$F\xEB\xD8h91�F\x81Rf\xA0x��\xA4\xFF\xD0\xF7A߷u\xDF�\xCE\xF5\xED4# \xD3\xE7|J\x89+\xA6�\xFD\x82tiF\x89�\xA0\xB6\xF9\xBE�s\xA5<\x870\xCF�T\xFE\xB9\xFE+�wnO�7\xB8\xD0P\xD9)\xF1\x975\xEE\xFA}\xD3a\xE3\x99\xC6�\xC0\xAB\xC9i\xBE\xC8\xE1\x99�\xEC\xDB\xDDz�\xD3`\xC0\xAE-\xEF\xDAe6tn\xCA\xD0\xF0 _�ad\xCE7qF\xBA\xFC\xB2\xDB�9\xECh\xA8\xF8\xAC�]\xAFڎs�C\xB3l�̀ \xED\xAF\xFE\x8B\xBFe\x8FzF\x9A\x80hgP\xA9\xFF6&�q{\xB9\xCB\xD0z\xAA`%r\xA2r\xDES\x8DD\xFF?\xFD\xE0\xCF\xD5endstream
-endobj
-1786 0 obj <<
-/Type /Page
-/Contents 1787 0 R
-/Resources 1785 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1756 0 R
->> endobj
-1788 0 obj <<
-/D [1786 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-530 0 obj <<
-/D [1786 0 R /XYZ 85.0394 429.6422 null]
->> endobj
-1789 0 obj <<
-/D [1786 0 R /XYZ 85.0394 406.031 null]
->> endobj
-1785 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F62 1361 0 R /F63 1364 0 R /F48 1238 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1792 0 obj <<
-/Length 3654
-/Filter /FlateDecode
->>
-stream
-xÚ½ZYs#\xB7�~ׯ\xD0[\xA8*s�\xD7\\x8F\xEB]\xAD\xB3N\xBC\xEBHr\xAAR\xB6�F$(M\x96\x9C\xA193:\xFC\xEBÓn`��\xA9T\xA5*\xA5*M�h
-\xE0C_\xA0\xBC�\xF0'/\xE3$Jr\x95_\xA6\xB9\x89b!\xE3\xCB\xD5\xEEB\>@\xDB��\x92y\x96\x9Ei9\xE4\xFA\xFE\xEE\xE2\xDD'\x9D^\xE6Q\x9E\xA8\xE4\xF2n3�+\x8BD\x96\xC9˻\xF5\xAF\x8B$R\xD1�\x8C ��\xBE~\xF9\xF4\xF9\x87_n\xDE_\xA5fq\xF7\xF9뗫\xA5\x8A\xC5\xE2\xD3\xE7\xBF_�\xF5\xC3\xCD\xFB\x9F~zs\xB5\x94Y,��\xFE\xFA\xFE\xE7\xBB\xEB�jJx\x8C\xEF?\xF9H59}N�zs\xFD\xE9\xFA\xE6\xFAˇ\xEB\xAB\xDF\xEF~\xBC\xB8\xBE�k�\xAEW
-\x8D�\xF9\xE3\xE2\xD7\xDF\xC5\xE5�\x96\xFDã…ˆt\x9EÅ—\xCFP�\x91\xCCsu\xB9\xBB0\xB1\x8Eb\xA3\xB5\xAF\xD9^\xDC^\xFC#�8hu]\xE7\xF6\xCF\xC4Y�+\x93\xC0N\xEAH%R\xCFﲌR)\x81)52RF\xA8\xB0\xCBJ\xCE\xED\xB2\xE7\xC2]nʇ\xE5S\xB1-\xD7e\xFB\xBA,\xAB\xD6�\xA04]\xBB4id\x8CL/\x87��\x89�\xB8f\xE4P�9d\xAC"\xA3\xF4X\x8EÛ½]\x95\xBF \xA1l��\x91&\x8B\xF6\xD1"\x91.\xAAnwo�TYo\xA8n]\xBC2�\x88\S�wH�\x9B\xAE\xED�W2[p\xF9\xF9\xD1V\xC4\xF2\xF1\xCB\xED\xED\xF5�\xAA\x85\x85W\x85gl\xA8\xBD\xE8\xDAzW\xB4\xE5�7 \x96!\xA2L\xE9�V&\xA3<\x8E \x96\xABb\xBB}�v\x91-�le�Ek\xD7T,�\xFEÒ‡G\xEE\xB6-\x95\x9D\xEC\xF0]\xBFVÅ®\Q\xA1Û¯a \xEE\xF8\x9B\x88\xC5t\xEBU\x96\x82��l\xBD\xCA#�\xF0\xC6=\xA5\xC6\xC3\xC3%�7\x83C�\xFC\xCBa\x87\xE3C8�×\x82]\xB5e]\x918&RSi\xB4�\xF0'\xF1H\x98#�x\xA67$8���\x80-\x904\xFBs\xB9\xDD�e_\xF6%m&\xDCe\x95'\x8B\xBBG�\xCE�\xDAK\xBF\xEF,w\xBD\xC75�Ü»\xB1\xAB\xBAZÓ*@^\x9C\xC4\xE1D�\xCF \xA8\xDB\xC2!j!�,\xE5\xEA\x91\xC8f�I\xACx\xAC\x9F\x89\xD8\xD6\xD5�Q\xF7vS{Y\xB0\xECd}%\xBA},ZOq\xF3�tnF\xB7P�\x8C\xBE\xD4�\xD0�\xAB6\x89^|\xDEPkU\xB7\xBD|\x84T1^� \xBD\xFE�\xD8b\xBE�Z�#^\xEB\xD8O�\xAD\xF7\xCC5\x99\x9C\xD8\xDCB\xA0Q\xBE3D \x98]\xAF\xA2\xB1\xC4\xE2u\x87Ó·)\x9E�\xCFJ\xFB\xEF\xE8~\xA7\xB1C\xC3�a\x9B\x99\xAB\xACÆ‹"d\xF8+��7\xF4\xE5��\xB3�\xAE\xC9+0*q\x87�Z�,\xE7\xE0u\x8B\xC3
-4\xA5\xF4\xE9�\xAFa\xD4\xC3s��l\xC7C\x8D\x84\xA5�\xE9\xFBXw\x87�֮\xB3\x98֎\xF3\xAC\x{D9A0}\xFB樂;\xAD^\xE6�x\xDE}2C\xCD
-\x8AU\xC94\x83\x9E\xD8A�b�+U�\xE5J\xE6\xCC\xC2\xEB\x81\xF1�ʧ�\xC1\x8A4*\xA6<\xE5�^"�B\xD3X�\xA7\xAA\xE0\x9BR�\xF9NQ�\x87E4ƚ\xD7�u\xBB\xE2\xA5\xDCu;*\xC0�\x9D噋pG\xA1 �
-\xF5j\x8BCC\x971Q\x91\xD4y2\xBD\x8B\xB1\xD0I"\xC8�\xE3|\xA8�\xA2\xB0o�\xD8J\xE2$�\x94�Ú\xAA\xCAje\xF7\xACÈ Ø–;\xDF\xD0з\xAB�\x94%\xE9 \xA7Ε�\xA4\xB6\xCC_Ó·\xAE\xB8��.Q\xC3\xFB\xEEX\xBD�\xAB\xEE@\xF5U;\x9D\xD4��3\xA1�\xC1\xA9p\x90�(�\xB4\xECm\xB9+ɪ@\xA1\xD8Õ��hw.\xF0]m\xEB\xD57"\x9Bo\xF6\xF9*W\x8BS[DH�\x82I\x82\xBA\x8D5�\xE5\xA4\xF9\x9F\xC0+בF?\x84{\xC1\x86l\x9D|9\xEC�\xE8���V\xD1R\xC5\xD6�M\xCBu\x8D}�5\xB2\xA5\x86�\\x85r\xBFu\xF8\x88�dPM[��\xB7_\xDFSM\xAF\xF0\xA9Lr]É…�\xC9\xED(|iG�\x9A\xA4�Õž\xA6\xE9xCq\x9F\xDD6\xB1�h\xE0\xBC\x{FDD6}\xEAÜ°\x857xPqo\xDBgk\xB9\xC0b \xC0\x{121B3B}\x86k\xE1TyÈ¢\xE2�\xF2:\x9F��\xD6<:\xF2�\xD9A\x8B\xD3,2I\x9A\x9C\xF7\xE2\x86\\xA7\xBD\xB8\xC0å‘\xEF\xF3\xB2\xAA׶9\xF2\xE04x\xD6:U\xE7E�\32\x8C\x95\x8D\x8E�\xF8\xDAc!\x9C�\xB7\xC1\x8D\x90\xDE�\x93C\xFD �\xBE�\xD0\xEE\xFC\x81\x81\xE4\xA5N5}﹯}�O\xA9r7�j\x9D\xAAuLj��k\xFE芪\xF5c\xB3\x9B��\xB8�\xEC\xC2%222\xCBǦ\x84\xB4��!}\xFE\xA4\x8B�\xD4s\xD9>\x8E\x9A*\xFBL�\xB8\x8E\xBB\xFEו\x94r�QÍ�H\xAF\xE5�Ts\xFA[\x89$Ê¥\xE2\xDB#Ŭ�O\xA3\+\xAF\xE3OCH'\xE85\xBD���\xB9\xCE@\xC8sM!\xE4U\xEA�\x8Eb�3�\xC1\xCF\xCA�\xB8f��\xAD�l@�&,I\x8F#�\xBBsPh\xEB\xD9my\xAC\x9Dâª\x80%\xA0�\x96\x949v\xEA]W\xA7\x99\x94wv\\x9D= \xB0\xE0\xAERq\xEF:\xD4+\xDB4\x84\x8D~b\x84�c)\x93�\xF8\xACc�C\xE8C\xE4<z\xC5\xD1\xDB\xD5\xFF'\xC2R\xB8\x91\x99\x96�bs�c\xB9\xDF@\x98�]\x9F% \x8F\xB3��r\x9DFX\xE0\x9A"\xAC}\xDD\xDBc��\xF1\x961\xEA\xBC�\x81kF\x84\xD1ju���\xF8\xFA#�zl\xE5\x86\xFC!�\xA7_>��\xA0p\xF3\x91��\xF8\xEF=U9Y\x89B\xFD\x94Ǥ\x9F\xA0\xDC5N7�\xC5\xC7��{\xCE\xECY\x99\xC57˳
-\xFC-\xC3\xF6hE\xBE\xC4\xDA9UF{\x83
-\xDB�\xB1��\xB81\xD6\xDEF�\xA8e#�o\xA5!\xD0\xD1f���oeY\x9A�q \xB1��xa\xE2\x91\xFF\xF0�璆\xBC&�\xA3\xA1\x83\xF8\x90Ա\xF1\xF7\xCAQ\x9Ec_�\x8A\x9D%?��v\xC5+�\xA4\x!
D0\xFD\xB2w\xF5�
-\xC2\xA3\x80\xCF(t\x87f\xF0��2\xCF\xD0X\x83W\xE7'\xB4C.\x9A=�Ҵ`\x9A\xC9\xFB\xE4Y\xF0�O\xE3]k\xD0='�0=\xDE�\g\xF0\xEE\xB9p\xFB@\xC3,�v�Z\xF4q\x89~\xC3wtr`�g\xAB�w{x=\xE6\xF5\x95G\xD18X\xB7D$\xE6\xFC��\xD7\xCC�F\xF1x\x92Dq��\xD4h� I\x8C\x85d.8\xAEn\xA8 \xFEsKZsK�\xCE\xE0#р\xAF\x86 \x80�\xF4�v\xF5U�\xD1 \xE6\xF5Fx\xBE\xB7\x8F\xC5S\xE9<4\xAD�\xEE\x94\xE1K�\xBB\xF1\xEA\x9En�\xD4�\xF4aM\xAA
-eK$(h{xe.\xC3��\xF0\x913 \xC4
-b\xBD�\xDBpb�':�'jCg\xF0ʋr\xEB\x80 t{(\xAAfc)\xA6�\xF1◦s�\xA8��\xB4\x83\xE0\\x94J\xD3\xE6\xF9 �\xCAY(\x88\x82\xC8)\x82�^�P\x83()w\xFA�\xA3v0�\xF7]Ku-�\xC0t\xCCQtE\x91�\xD4޿\x86ND\xEC\xC0�\x87À\xB3\xE0q\xFBx0_4\xDB\xE2\x89\xF9\xFC\xA1\xB9\xA1׳Y� h\xD9\xC0\xB6\xB4\xF5\xA1\xF1qJ\xDBzgz\x84��\xAB<yG�\x84)�=�DH͉h\xC5\xE5��\xDD#M'ƇMXO\xA9�\xAC[�\xA4ᶚ\xBEn/��\x95\x91\xD1\xF9\x9F\xAE\xCEe"\xB0\xD6{\xA5X\x98 at n\xC2�pB\xF5\xFE"N\xB7ǖN+-�\xE8\xF1=\xA9\xA7%�3\xDEdcB\xD5SI񚫎 \x8CF-�\xB6\xF5\xBD��\x9B-2\xBF!8`\xD8�,\xF4G���\xBC�I0�Ÿ+\xF2\xBA �&h\xDAP\xA8\x86\xA7\xE7f\xB8%\xDBb\xB7\x9F�t�\x838:�ǻ5
-\x86�\xBB\xE5\xE3%�:Õ“\xC0j\x9CKq\x91�\xE2{\x82
-\xD9G\xFBZ\xA4\xB0H\x84CI\xF9\xB7\x90ai\xA8\xB1\xD8\xEF\xC3�\xCE�\xBE\xE0�\x98Lz�{\xAA\x9Eg,e&0\xFB.C\xDEE\xD04\x94Ò‚=<\x9E#\xCE"0\xBB\xC6O1Q\xF5sSH\xF0Û”\x9F�&\xCB\xD5d�R\xA1:\x8E\xA3\xD4\xF4\xEEgH\x97
-Î\xA5\xB5ߜ\x96\x9B�\xCB$Q*\x8C�\xAD|hU&B%ydL\xE67*�\x9C\x8E \xEB�G~<S
-3\x99\x90\x87:\xB6_\x93\x99R� \x91\xA4\xDEmU"O&\xB3Q��\xAA&�=i\xD1\xC1\xC1�g&y#F�r\x9D\xB6\xE8\x81\xCB\xDD\xF1u\xD5,\xBB\xF5�\xDC\xD8?\x8F\xDDW�\x8Ei*\xF3\xF3\xD3�\xAE\x99\xF9G\xEE\xAB�\xF75\xD6j,\xC0\xADm]\xB2\xDB'\x9E\x80(Ö hÛ’<Q(_C�A\xD4/�&\xE2\xBE\xDB\xE0\xAD\xDC8\xF5$@?\xA0\xF4\xAEŹ_\xC8\xF1Ê�\x9C\xAD\x82\xEFX\xA1�g\xEC\xBBÓ“�\xE8\xBBb\xF5-HÆ®\xAD-\x9F0u\xED\xC0k�\xA6\x9C&\xB9\x99\xA2�d\xED\xA5�\xC6͈\x81\x86\x83\x86X*"\x9Cd\xD0j $T\x83\xA8�\xFD\xA0\wmS\xAE-\xB1\xB1W
-\xD5�\xF4 \xA8\xF2\xB9�+\xEE\xA2@#\xC8+\x85\xF6�\xCC~\xD5:ËŽ\x93\xAF\xFF\xDD5-\xB0\xD95\xA1\xCC]F\x8AÅ€\xB9\xF7\xC2
-k\xAC٤.N\x9DI'+:\xF7\xC2gL\xA1\xAEk:\x97\xC8\xCA\xE4 -EeR\xE1@\x80�s!Č�\x83\x9896ڇqG\x90\x9C^\xE5$ʃ\xAF\xEFv�F/\xE8S\xD5ղ_�T\xD0r�\xE9�\xE0\xBB<X\xE6!T\xE1 U\xF3l}2WAP��\xBF\x9C��\xB4\xC9Z >\x9A\x86(\x8E\xE3\xEB\xEE\xE1\x91*\xEE\xA9\xFC
-\xC3',\xA3=\xA0]y�{�z\xD1��\xB0S\xE6�\xC9͡x\xD8\xC1\xB9ѳ\x81\xE8A\x88�PN\xEF\x9Cg0\xEE\xE3\x84?bv\xC3ϥc\xFB$\xA4\x98<"8;Vp\xC4O�\xC5�\xE2\xAB\xCF\xFEM�m\xEC\xE9T�#\xADg\xCE
-\xFC\xEET\x874?g+\xD2�\xFC\xD2\xED\xF6\xBEp�_|\xBC\xA8\xA9\xB6\xE3\�T\x91 \xF8\xC6\xC0\xF7��F7\xE3��:@h(\xF8%\xC3�J\xCF[\xFB��P\xD2u\xE7\xF9\xDA\xD13�\xBEË”mé³°PvhqO�A\x82\xA4\x97 \xE6��\xDF�iY\xA3\xBDu\xAFX\x94?\xE6dI\x8Eb\xB0\x9AÂ^\x8Fs\xBD\xB6Z\xD5��9ç„›\x92\xE6�p t^BN\x99\\xCE|
-(\x94W\xA7\x8B\xDB]\xB1\xE5d2+L\xA0�\xDAn\xF0?\xFD\xE0|
-@\x8D\xDEs]V\xBA\xCF_\xCF\xF9\x83/.\x9D\xF4\xC4\xF0\xE9�;\xCE\xE1\xDF}\xF8\xF9J\xAA\xFCt�FBH\x9E\xE97r\xC5�\xA6\xD36\xCC3y\x8B|Ò‚�F\xA5T\xFA\xECÔ\xE9x\xEE\xB1\xFDÒ‘\xC8u2\x9A\x9CÌ—\xCE\xD8 Ô E\xD0��L\x91/�e:
-d\xA1\xBB
-�x\x90\x8D;w,�\xD4\xDC4ê\x84\xF4\xCF�'o\x98\x89\xD2L\xA9\xD1
-s\xA3Z\xE7\xED\xA3\xDE�a*"\xF96/S!\x87\xC6
-\xF9\xD9\xE8pp\xAB"\x93\xA6\xF1 Ý1\x83\xBB�:\x899H1lÂ�\x9A0,��\xE6Ø \xC3j6aH\xB2\xD4 eU\x90\xAD\xB7_��\xA1\xFD
-\xC6+\xF1\x8Fu\xD8�\xB4=�X\xDB#I\xD3\xC4l\xAEf\xC2 �A\xC6\xDEx!94^Xv\xC6�\x893\xC6K\xA5\xE0\xFDd\xE9\xC0=<g\xBBL�ǰ\xB1\xBD\xF1\xC2\xD1�\xFA\x8C\x8C�V\xF8\xE5pB�\xBF\xBE\x8B\xD3}H�\xA6p�6^#6g\xA6\xE85)\x873Չ\x9A${\x87\xC6�\xFD\x9E\xA1\xF1R\xC2��/d\xE2<�\xB2\xF3\xB3�\x90C\xE3\x85=��\x94�\xC6k\xD4\xC7xN\x8F\x99\xFB\xE1{s�\xCCCs5\xA3\x9DN�/\xD8 \xCC<\x97M\xC83\xF2c\xD9\xDA\xEE\xE1\x96\xD8\xE9[d�\xE7F\x8Eh\x88�\x9D�\xC8��\xDDP\xF6\xE9g0�aV\x94Å\xFAo���\xC9\xE0\xE0\xF4\x8F\xC5�\xE7H\xAA$�Y\xDE[F&K^NBS\xFF\xFEZ?��R\x9F\xB7\xDFrbcd\x88p\xD9\xFE�\xB9\xD7\xEB4\xE8\xA1p\xEBEP\xACN\x84\xC0\xA8\xA78\xF5\x92\x9AӦ M#\xB0\xAD\xF2\x8D�\xF5Lg~\xFB\xC5Lt\xFB07\x84\xE2m\xED�.\xA0qJ>�\xFEԜ\x95 0�\x8B0~4���\xE0/\x8E�2\x8C~\xF6\xA5%\xA7\xC84oۖi�\xCE\xD1\xEE\x97'\xF0\xA5�Z\xCF\xD9\xF8B,�{\x9C*\x85p
-֟��r\xE6WT\x81\xFD\xFC\x92\x8EF�\xFD\x86
-\xC5I"p~\x8E\x84\xC9 �\xD4Z\x9F\xDD\xD5\xC0\xF4\x86�Ó±\xFAk \xD00^qg�\xD5/\xB3^W\x9E\xF8\xC1\x89�`\xBD\x85\xB7\x93\xAD}i\xE7\xDE�t\x94\xE3/!\x89\xE9;�\xF5T�I\x93\x8C\xAD\x87\xFFQ\x95\xA1\xB8�\xBFt\xCE.15\xCCÖ»&\x98\x8E\x8C\x8C\xF1�Òž\x9D/\xD0>�n...3\x8BO%\x9D;\x8E[Ñ·\xA6,�\x92\x84\x9A\x86\xA6q
-\xEFx\xA1�\xE2�\x9D\xAAä•\xA6QxZ\xEB
-;\x8A\xFA\xBA/\xF9�\x81X\xB4/\xCBS?�\xC5ܓ\x9EM \x88\xF00\xF7?\xFF\xA4\xB4\xFF\xBD\xAD�\x89\xB3\xEC\xC4�0�\xBE\xDA�h\xBCP\xB8\xAC4;V>p_\xD1��\x8B\xFE�&\xED#\xBEendstream
-endobj
-1791 0 obj <<
-/Type /Page
-/Contents 1792 0 R
-/Resources 1790 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1796 0 R
-/Annots [ 1794 0 R 1795 0 R ]
->> endobj
-1794 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [286.8324 725.4794 335.1613 737.539]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update) >>
->> endobj
-1795 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [324.9335 73.4705 381.8296 85.5301]
-/Subtype /Link
-/A << /S /GoTo /D (zonefile_format) >>
->> endobj
-1793 0 obj <<
-/D [1791 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1790 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1800 0 obj <<
-/Length 3893
-/Filter /FlateDecode
->>
-stream
-xÚZms\xE3\xB6�\xFE\xEE_\xE1\x8F\xF2̉\xC5+�6\x9D\xCE\.\xBEÄ™\xC6i}n\xA7\x9D$�( \xB68\xA1H\x9DH\xD9q~}w\xB1 DJ\x94}\x99v\xCEs�� \xB0X\xEC>\xFBB\xF2K�\xFF\xF8\xA5\xD5�\x93\x85\xBA4\x85\xCA4\xE3\xFAr\xB9\xB9`\x97\x8F0\xF6\xED��s\xE6q\xD2|8\xEB\xEB\xFB\x8B?}\x94\xE6\xB2ÈŠ\\xE4\x97\xF7�\x83\xB5lƬ\xE5\x97\xF7\xAB\x9Ff�\xBE{\xFF\xF7\xFB뻫\xB9\xD0l\x96gWs\x9D\xB3\xD9\xD77\xB7\xDF�\xA5\xA0\x9F�?\xDE~\xBC\xF9\xF6\x9Fw﯌\x9A\xDD\xDF\xFCxK\xE4\xBB\xEB\x8F\xD7w×·�\xAE\xAF\xE6\xDCj�Ï‹\xB0™�>\xDE\xFC\xED\x9AZ\xDFÞ½\xFF\xE1\x87\xF7wW\xBF\xDCq}\x9F\xCE2</g��\xF2\xF9\xE2\xA7_\xD8\xE5
-\x8E\xFD\xFD�\xCBda\xF5\xE53tXÆ‹B\n.\x94\x96\x99VRFJ}\xF1\xE9\xE2�i\xC1\xC1\xA8tJ~Z\xDAL[a&�(\xC4@\x80\x9CA[\xE5\x97F�Y.\x85\xF4�ܺe\xEFVp(8h\xDF⯞-�\xF5�]\xE3ve��\xF2K\x98\xB6vxnX\x9D�W\x972S\xD2(\xE0 \xD7mÊ[Í—\xEDf[\xD5\xEE\x{1F624F}��*tƵ\xD1ቾmk�\xBF\xB4rv\xDB\xF6\x8E\xF6\xEC\xD7eO\xBB>\xAF]C\xB4\x92�~QO\xF8\x991Q�\x9E\xAB\xF1\xA4U\xF5p\xC5\xED\xEC\xC1\xED\xF0\xC75=\xB2q9��DV\xA8\xE2r\xCEyVh-<��\xEDnC\xDBIܸ!\x96\xD5\xF0\x94ZeE\xC1Ld\xD9\xFD\xD6O\x9CK\xE4 _iä\xAA\xA3�\xEB\xB6\\xB9Õ» \xD1)\x9DI\xAB\xE5Pr�\xAB\x82|
-7"\xCCڔ/\xB4l\xBB\xA9\x82\x84\xBAv\xE3�\xED!�"He\xB9v\xCB_��\xCF\xEBj\xB9�2m\xF7W|V\x87\xEB_\x84\xA7\xB7n\x87\x92\x88Z�m��\xCFYfP͆2C9+~\xB8�%\xE8
-\x80\x96\xF4d,A\x96Y\xCE\xED\x9B�\x94�T\x95
-\xEE�u\x83\x99\xD9MX}[\xEE\xFAj\xB9\xAF\xCB�\xDA\xE8\x94X\xC1�$\xB0��\xF1"\x98\xA3p\xBB\x89
-s\x9E1-\x8B\xE1܎\xF6Y\xB5t\xAA\xA6\xED\x89Pn\xB7\xF5�5Q4~p\xFA\xA8\\xF0L��MbW>O��,[\x9A\xA9\x93ޯ\xAB\x8E$�f�\x93\x8A\xA4\xAE\x84}�W6Ȥ\x96\xFE�\xB4\x88&�\x84t�\xD0\xF6\xF7\xA1\xE59&\x99\xCEl\xAE\x8A\xB7\x98T\x9A\xE9�\x97\xB4\xE8f\xDF\xF5\xB4\xF9"l7D
-\xE8>W\xFD\x9A&\x906�\xA9+7\xA1\xE5�M\xCD\xDA=\xB9\x9A&\x96]d8\xEE\xD2�LUx&\xB2�\x90\x83\xD7�\xAD\xC6\xCAH\x9A'\xCF \x940\x99\xD4E\xFE\xB6\x99)\xAE\x93&\xB4
-n\xFB\xB8\x87�UmX\x9E\x84\xEBo\xC9\xD2-yr\xD7é7\x881\xD4u}\xF7�;\xDCJ\xD0\xCF��\x9B\xB2\xEBݎ\x96\x9E� \x9FrgAOY>P�ڡ\xACkj\xA0�t\xEF\xB0
-x\xBD�\x9C,\xCB\xC0\xF8\xC2�}�\xE0\xA7l>�^\xFB\xE4v\xBBj\xB5\xF20+\xCD̟VZ\xAF[\xF0\xB3%�\x9D��\xC3 \xBB\xF1\xC8S\xE5\x9EidQv^(0\xE8\x9D�\x90\xAAfY\xEFWU\xF3��\x9D\xB8�m2�\x9D?&��'`\xF1\xBA\x86W \x9B\xA2\xEEU\xE1�ӗ0�\x9CΘ2|lZg�\x96P�3I\x83��\x8Fo\x95\x835\xE9h\xF2^$\x93\xEB\xE4"9\xBEEݒ�\xB0`\xAA,\x9A
-\x9B\xD0? F\xFD;�>�`�\xC4E9\xCA�l|2\xD6
-s\xE6\x83I�)\xF0\x89P+N\xF2\x96PW \xD7n�o\xFB\xF3\xDE\xED^\xDE�C\x9B\xF2\xB7\xF9\xE4\xF81\x8B"7\x99�\xED{\x95\xC74\xE9\x94ɑ�\x8D O�\x98=\xE4\xF2~\xED:��\xCB\xD1\xFE\xB0\xA1\x830\x81R5U_\x955Q\x9F\xCAz�\xE8?3\xCD60\xB8\xD9o\xA0\xC9i\xBClV4
-\x87\xC3�\xEA4\xFB\xCD\xC2%��\xE4\xE6(\x88\xF0\xBEW�3
-8\x96\xFB]W=9"u\xB0Nݗ\x8Dk\xF7\xC1:\x82\xD0h\x98\xAC��e\xF3B\x8DGx\xB4\xA1&\x89\xD37\x91]R*>2���
-\x8F\xAA\xF7\x97 \xBD3\x99Q6�\xCEgD\xC0w\x9F\xFB\x97-\xFC\xBF\xACˮ\x9BX\xD4�\xCC\xE6)4\xF9\xEB\xB95# �\xF1�\x93�\xBB}+�\xDF\xED b\xE8\xE0\xCF� �a\x91�\xDF"\x95��`\xB9\\xBA\xAD�\x80�\x87\x92Aib\xBF\x98\xAD|\xA7\xDDn M`F\xB9ZUh�\xFEnu�k6\x89\xBA�\x9C�P\xF7�/\xA0s�\x8F幥\x9Dz\xC0�b\xAC\xA0x�\x88\x9D\xAB�\xA8\xD5\xEF\x9B\xC0dOn�hQ\xD1\xF0i\xAFS0\xBA\x84\xE8\xF2\xD1u1�\x85\xD0\xDF@\xD4>ң\xB8'�\x8E\x95A \xF9\xF8\xE8V\xE8v8CE'\xEA\xCA=\x94\xA0U\xD4\xF1{u\xD4.�2c3\xCE�\x918@�\xF3\xE2\x81�B\xF2\x93�LG�\xF2|\xF3<\xF1
-\xCDn\xDD\xEE}\x94�mZ� HB\xE6@\xA4u\xFBL\x8D
-i.\xB4P]+\xCF \xD7 b\x9B\xB0\x90\xC77\xF8%U\x87FI?QѡٔǓI\x81\xB0Q\xA5\xA1\xB0s_\xFE\xEA�\xBB\xFE2�][?\xB9t\xBE\x81bŘ\x82\xFB\x8D\xBC0\xC5\xEC\xE6\x81H�vy4s/\xA96��\x8E��\xF7\xDB\xD2Q\x84\xC3\xD3U�\xF1O\x85\xA2h\x9B\xD6&\xC4-\xF6(�?\xD2:�9\xBBn\xBFqq\xB72\v��R�\x9EV\xAE\xAC\x83I\xF0�v1r\xB5\xA0e \x97�\x9D\xD7H˚\xB6\x99�\x89m\xDB&BU>;xy\xD2� �v\x80�
-\x90\xE8#\xE3\x93\xE9\xEA}x\x94\x93he\xB81x\xF6\x91\xA2"IW/\xD3}\xE1\xEEqLJ\x9E`"?6u��\xAB\xBF�\xDFm�\xFF`�\x88\x92�\xA7\x8A1\x88f+\�\x89\xFEn\x91\xE6:\xD0#��\x80A\xA3-�Ò>\#<\xD8ÐŒE�\xAB\xDB\xE7\x90O\xAEh 5���\xA3>8\x93}\x8F\xAA\x82D\xC8 at iR\xE0n\x8D\xE1\xADg\xCE/\xB1)\xAB&D\xB5G\xAA\xBAo�&V\x93\x86
-\x82\x9DHy2\xC1DĶ\xB3�\xF94\x84�`<i\x93
-\xEE�\xA3\xF0\x96�\xBF\xD32\xAD\xF7\xF9:\x88��\xA0u\x80�\x99�h\xC2suE�*�\xB5\x87'œdg*ؙ�\xF8D n\xE3h\xF4\x98\xEC�\x86\xF9�\xBCj\xDB�\xC0\xDA\xF2\xB12�̕M\x80iҬ�\xF1\x9E\x97.\x87X�$\x95\xE2\xD3W\x82\x9E\x93ҋ\xCA@\x9F�"V’\x88\x950^\xC4H�\x88X��5Oء\x88\xB1��hZz~\xBF\xF5rBҢݣx\xB0\xD9\xFA\xA7\xC2\xF3eCS\xABͶ\xED\\x98\xB1x\x99
-\x899\xD7\xE0\x8FÄ‘?\xDA\xC5X&�z*�\x80\xB8\xD6�1\x80?�\xA0\xAA�\x83\xE4\xE2\x8D�u8\xEB|\x88\x9Af�\x9A\xF5\xD5\xC3\xCB|\xE5\xEA\xF2$\xF4\xE4
-o\xAF\x90\xAF\xEF\x9EfMl?\xBAP\xA5\xB3��\xC2\xF1\xFE\xE4\x94
- \xA4\xE7\x80s>Ck\xB1!�7�\x94BD\xBF\xF2�\x9AŊK\xFF\xEC\�jB~��\x84\xE4�ZT\xCB\xC9\xC3و\xB6q]W>z\xE56љ�\xB9\xA4�\xC4n_H+\x86�\xC5(�:\xA9\xAC g0\xEA\xC8#`r\xF1\xE4b\xA2�I\x88\xE9\xA0�\x98\x9F\xB2\x97�\x8E`�YFc\xDBy8\xA5\x84&z\xAD\xDB�\xEFo>\xFE'\xE4
-\x87s��,�%qТ\xE3\xE1x\\xD6'\xB9\xC1�v)O\xEA\xC9v\xEAÚ…�gR\xBB1\xDF3F\xC7\xC8�bR\xC8�\xC8n\xE7\x9E\xDD \xAD\xD6�\xA4\xA6|\xA8\xD5\xC7&\xA3`\xD5\xC2×°%�\xCC&��\xEB\xC9<\x87\xBF\xAB9\x84[l\xF6\xF5\xBE\xAA\xFBy\xCC\xF1R8\xEC\xF3>JpS\x8AGG<\xE5\x85az�p]\x98\x83Ø¥=,&-\x9FmI�O\xD5Ê» �\xF5��\xB6Ö®\xDE>\xECk\x9A\xB8\xAA\xCAǦ�\xB7\xB7\xA4\xC1��H\xE8×´\xD4\xFEqMO\x94D\x8F\xB0\x8D$\xD4O\xA4-\xD2\xE1\xB0�\xAE�' �\x85\x8C\xE9\xC8]{/ \xC1\xA7o;\xB7_\xB5\xF3\xBE\xDD\xCE}�h\xBEj\xD1+N�\xAB\xA4\xC8 Ý‹�nQ5Sa\x940\x990<Âg v9S��\x97)\xD3\xE5~\xF8\xEE\xFD\x8F\x9F&VDT\xB0)\xCB\xF1\xC9�\xBE) \x8C� 'n�ÏŒå¨\xCA\xFEx宧\x96\x97�\x95T\xB0;��\xF4\xA8|\x82\xC3hv\x9Ds\xE7^.H\xA52\xA9\xAD\xBB at c\xBB\xC7Kj\xDCM\xBDV�\xCE?E\xB2\x93U\xF1\x84\x9F \xB6'-�\xF4ZD\xE8S<Up\x95 \xE5\xE1\xF2�x�f\xBD\xC1\xC5\xE9j\x87t�y\xF0\x92�l6\xC8S\xC7%t\x91)\xCE\xCD\xDB\xD7hE�tB��WG�\xC1\xD5;�wE! P�H\xF97\xD4#m�\x83\x84�\xA9\xE1Ò¾\x80C\xC1
-D)\xA9\xCEzs;�& ^�u\xF0\x9F~\xE1�ڮ\xA7\xA5�\xEBv\x81Q6R�\xF0\xE6\xB18, \xB7\xD0�0~\xA8�I�\xC1\xD7�\xDB\xFE\xA4bPC�G\xE9~\xAESy� \xB7}>�\xD3h\x9D\xC9\xC4+84\xA9 -\xEA\x97\xF1\xCED�\xA1a\xEBP2\xC7&\x86:8HI�R\xBC���\x97\xF0UK\x9C�@��O\xD6$\xF05\xCA�\xF8z\xA19\x87\x9A埧Dn9\x80\xB1\x8D\xC6�<\xE8$^\xE4&\x95|\xDFM�\xBC\xC6��\x87\x97�|��\xB5͔\xAEA�\xC5X\xACƔ \xA8FpV\x80\xAE�9�w\xE3\x9E\xE7\xE7\xD0\xDF at S�\xE9z\x86\xFE\xB2\xAC\x9F˗.z\x96\xE0:\xFB6`\xA8�\xBB3)\xF3T i\xA7\xF40(\xD2\xC0\xE3\x81ߑ<3��\xE5(
-\xF1\xF9\xE6K\xBB�\xA9\xB3\x8B\xFE\x97��t3]\xB9\xA8S\xFAJ�:h\xA6Z5\xB4\xF7\x9D�\xA5\xE0ì ®H]8�MP�\xECSH\xC0gk\xF0qG\xA9\xFB\xE2
-V�\xB8:\xED\xFE\xADJ\xD7\xF2
-PpaFU\Z\xFC%\xA6\xDAh_
-\x86k\xC1�A$9\xF8\xA5\xF1\xBB\xB1\xE0\xCC\xDDoۺZV\xB1F�V\x8B\x95\x85\xF3\x90\xC1�\x98#\xB7_\x80j\x9C�Q\x8B�\x91�x\xF2\xE5:�W1x�\xD6Ʀ\x82s\xA1-\xBE\xE5ӯ�\xE7\xC3Y\xE7\x83\xF34\xCBK\xD1%S�\xF9�\xD0&˄z}\xE34kb\xE71\x82\xCA\xCCXi\xC6[\x870\xD8&�|\xA7\x8F\xD4�\x89a;\x96\xBA\xA0M\xF6\xB5mw}x\xBA*\xA9�~bN
-M\x8A\xD2�k\xFA2\xD6i \x83U�}x\xDF�\xF8\xC9\xCE�2�_\xE7\xA7\xD7n\xA1\xA4\x83\xBB\xBClݙ\xF7Ȳ\x88pw\xFF\xEF\xFB)ӆ\xA6\xD4C\xA8�p\x83\x90\x92�\xE7�g\xFD\x98\xC2�L\xBC\xA1\x93� U$\xCDEOV\x88�\xADB\xE3\xE0B\xA1\xE3\xFD@�^�b\x83\xC4\xEE��\xF4ҕa'�\x9E\xD0\xF6�\xB7H\x9E�Z\xE1�\x8D\xC2
-\x8D\xCCg\x9F\xF0\xB5\xE1\xC3K0\xD3c(`\x90\xFEXst�a\x9F\xE9\xF7?�\xDD[�-e>v��\xE0\x82\xA5\x85\xF0{ \xB9M\xA8\xC6�,=\xA1[*\x92\x9D\xB3B&a}\xF3\x86��&\xBDb\x83a�2\xBA\x86P"*\xE6\xC8�!
-\x96\\xBE\xBAk\x9Cs\xBA\xEBH\xBD\xA4\xCAD\xA1\xC6ے\xF9\xE5\xF9a\xDF\xEB#9\xD9_>(5\xE7fl0F\xF6\x97S\xE90ϓ\xFDA\xD3�x\xB8\xE69\xFB\x83\x90@\x99<\xFA\xFA\xC8\xD09�\x{125C71}\xF9\xE1&\xD3\xE6�\xD9�\xD8�~\xC812\xA4/\xB2CxV\x9F59ɰ\xD6 \xFF\xB0\xC9\xC1\x92T\xCE�Ƣ\xCDuD\xF7a\x98
-\xEF\xC6p\xF8p5H\xA6\xA4.
-k\xF0%\xCBu\xD5�\xE6z\xD5�M\x89O\xE7\x83dT\xE3\xBB|\xAA\xD1\xD9LYu\xFC\xBD\x8D\xAFU eȱ\xAA\x88\x9F\xCA׉#K�\xAB\x86"�\xCCx\xD87>7\xF1\xF5\xE5X\xE1\x80�\xB6\xBBjSzu\xC0\xCE~\x87e.z\xC2\xEB��\xBB\xBD\xFF\xEEE\xD9AmP�*!(*\xC2\xE1 \x84�M(\xB5 5~-C\xEBLTiQ�\x81\x8FÇ)o\xA9\xEB\xF7d\xFEUÞ²\xF4_H\xB0\xF8��\xB7cT\xC3\xF33\x96\xFD\x9E�Z\x9A\xDF=�o�7\xA0�QÕŽZ\x87\xAA\xBA(\xDE�6\xD0-a\x85>\xD2qZ�\x91\xED\xAB)W�~S\xA7P9!�E7\x85̘bG�\xE2\xFF\x82s\h \xD4\xFCu\x9C�L:\x8FsqR\xA8\xEA<\x85\x8Al\xB5:�;\xAC\xE7X\xF1\xEA\xDEi\xD2\xE9\xE6c\xB8c\x99\x90\x85�\xEDN*i\xCD\xEC\xE6�\xFA\xED#!��\xB6#\xD0\xD9#\xA0\xB3&~\xEB\x96F\x96\xAEz"�[\xAA\xF2\xC1\xCF-])\xB4>
-V\xBD\xF1\xCA뿔 �\xB4\x9E\xDBO7\xDF��\xB2&\xC0f,N�\xE1C�\xBF2�\xFAp&Ħ\x91\x9A�\xAC\xE5�e\xBA\xBC�\x97\x8C\x843X\x8B\xE0\xA9yTÛo\xB2O\xD7w\xFF\xBA\xBE\x9BN%\xF3"�\xC79\xB8\xF0\xB98Gf\x90�\x99?�\xE7\xF8\xE5Ά4\xF8\xFD\xC0�\xE2k~\xC0W\\xF2\x9Ed\xC0�\xF0\x83\xD4�?8B\xE2\xE2�~\x90�ᇤ\x9D\x83\xC7T\xC7\xEF\xE5<j3A8
-\xBF�P\xC2^,]\xB0��\xC1oI?���\x8DF�\xC2N\x82!\xBFp\xF8=\xC0�\xCDO0\x84]\x82!l�`H\xE5o\xC0\xD0Q\xB5ol\x93\x80)\xE6<�)0|v\x82E\xFE\x99c\xD4A�E\x82&F\x90f\xC0\xA5\xD1\xE2u.��e\xB2\x83r\xF01\x93�>\xBF\x9A\xFE\x805�\xC5\xE8u->\xB2,1\x9D\x9D��d��\xC4\xD1\xC7Fg\xDF�\xAB\xAC\xE0\xEA\xF0y,.\xAE(S�D\x8E\xA7UC\xD7
-\xE4\xB2#jp\xAEHB犤\xF0\x84\x9Cv\xAE\xFE\xA1\x83s5\x8Aŀ]\xA5\x80}\xC2\xD9`\xE5M�jR\x80�\xB9\xAAʸ,�/¦j-\xF8\xD9$\x97\xFA\xE4M\xF5\xE4'Y�\xA0Cٳ\xAF\x9CbuSg\xF8�\xF5�ԳT\xED\xF8\x9F?\xD6>\x94\\x95ɤ\xB5b\xDAiHH\xEB-\xE0nd
-�7\xC51\xE7\xE9\xAB\xEES\xD6\xFF�\x96\x82�\xFEendstream
-endobj
-1799 0 obj <<
-/Type /Page
-/Contents 1800 0 R
-/Resources 1798 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1796 0 R
-/Annots [ 1803 0 R ]
->> endobj
-1803 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [84.0431 340.5527 145.9475 352.6123]
-/Subtype /Link
-/A << /S /GoTo /D (view_statement_grammar) >>
->> endobj
-1801 0 obj <<
-/D [1799 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-534 0 obj <<
-/D [1799 0 R /XYZ 85.0394 410.734 null]
->> endobj
-1802 0 obj <<
-/D [1799 0 R /XYZ 85.0394 386.9945 null]
->> endobj
-1798 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R /F11 1451 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1807 0 obj <<
-/Length 1892
-/Filter /FlateDecode
->>
-stream
-xÚ¥\x9AÑ’\xDB&�\x86\xEF\xFD�\xBE\xAB<�S��A\xEF\x9Cd7\xDDN㤎;\xD3i\x92�\xC5\xD6f5\xF1J�K\x9Bm\xFA\xF4�!\xA4c�C4\x9DLF\x80~\xCE\xCF��X\xC9\xF1�\xAB\xF1\x9Cq\xC4%\x91\xF3T&\x88\xE1\x98\xCDw\xF73<\xFF\xACÅfiEK\xA8z\xBE\x9D\xFD|MÓ¹D\x92�>\xDFÞ‚X�a!\xE2\xF9v\xFF>∠\x85\x8A\x80\xA3�o\xD6\xD77\xAF\xFEܬ�i�moÞ¬�K\xC2pt}\xF3\xFB\x95I\xBDÚ¬^\xBF^m�\xCBX\xB08z\xF1\xEB\xEA\xED\xF6jcn\xF1.\xC6\xF3\x9B\xF5KS"\xCD\xE5B\xD0\xCD\xD5\xF5\xD5\xE6j\xFD\xE2j\xF1q\xFB\xDB\xECjÛ³@\xDE�S
-\xF2u\xF6\xFE#\x9E\xEF�\xF6o3\x8C\xA8�l\xFE\xA42�\xC5R\x92\xF9\xFD,a�\xB1\x84R[r\x98\xBD\x9B\xFD\xD1��wÛª\xCE\xFE\x8B1"\x94�G�\x92\xD8ÕL"N \xED;0\xE6(NU\xBF`\xAC\xBA\xE0\xB184Ë¢4\xA0W\xF7�\xCDw\x93\xFC\xBB*\xF3Z\xF3\xAA\xA8�D\xC5su[5=6�\xB2\xCE\xEE\xF3\xFDbI�\x8D\xEE\xB2Z'\x92\xA8\xAE\xEEsS\x{1293EE}s\xB9\x89\xAE%\xFF\xB6\xD1\xDB\xD2�\x98\xE1woV\xA6<+\xBB`\xEBw\xE6z\\xC4"\xCAwU{\xDDw�Uy\xF8\xAE\xAA\xC5j�9\xC1\xD1\xF6.\xAF;\xC3\xCC\xE8M\xE6V\xD5�\xBB5wYÓµ\xF2\xAEz<\xEC5\xA1f\x8Ac$�#-SY�\xEF\xB3\xC3Aw\x84\xE4ѧ\xDC\\xB3\xB2~\xCAM\xF8\xBD)9T;+c\xA6\xE5\xBA\xF4\xE9\xAE\xD8Ý™\xE4\xD7\xC7\xFCXhg\x9D\xE9\xFC\xDAtY5\xA7\xC1\xEB\xBC\xECJ\x9A\xCA\xC4k\xEE\xBA[7e\x93�˼\xF9\xA9\x8B\xD36\xA1\xB2�\xEA\xFC\xF8-?Öª'\x92D\xE8\x9E8�2\x83T\xDD\xEA:�0&\xBB";(|,lE\x93\xE9\xDAL\xB1\x8CvÕ·|�GG\x93k\xBA\xAEU\x9AR\x8Dt\xFD\x90\xED\xF2\xAE\x8E\xE9\x8A\xE6\xF1X\x9A\xFC\xFA\xAF\x97o^\xAFn\xD6\xF0n\xFDP\x95\xB5\xAD\xA0\xC9F1\xBB�Ò�\x89"5\x82�3\x8AK\xD7\xD84\xC5\xEE\xF1\xA0\xEE\xAB\xE7\xF3\x99\xEA�\xCEm8\xC2I\xDB\xF6\xA3NÒ®\xFB\xB8\x9D@�\xB5�A�-hg\x89Nd\xFB}\xD7\xEA\xDA\xDC#Ñ\xE9\xEC{#\xD8\\xBF0\xC5j\xF6\x8Bν+\xA3Q�KzZF"\x96Ò´\x8B\xDDÎŽ.\x86�\x8B3\xB5\xCA)zA\xF5�\xEA)\xA5 \xB3C]\x99TQ\xEE�\x8F\xFB\xDCd�\x9AJ\x9C\xA2\xA5l at 3\xF7
-\x99Jܼ\xFD\xC6M\xAA\x9D\xB2F�p\xCD=\xFD �SZ\xFB\xD7u\xF1\xB9\xCC\xF7\xFAQ\xD3h�\xC3HE\xF9\xC5�21�\xD3\xEE\xA4C\x9F\x99e\xC54\x9E\xF5\x91T\xEAPU�\x9F\xB2\xDD�\x93;m\x96.h\xBB\xCE]\xF5\xB1\xFCRVO\xE5YM\xD47G\xA8u\x99\xA4p\xA9"\x84FO\xC5\xE1`RY\xD3\xE8e\xC9d\xDAgO]\xF7\xB9z\xE4\xEE\x8B27\xD9\xE2V_U\x98차\xE9\x9C^[\xBAP�c\x9F\x{DFDB}\x82\!
xFC\x9F\xA2nj\x93n\x87B\xC7\xEA\xF2ٮ)\xBEu�uǛ\xA9k��\xED\xF2\xFD\xC4T\x8D\xE5\x93y,\xF6K\xBD\xFC\xB9&�\xD0�\xE5g\xD3)\xFB|\xA7�\x97\xAC)\xAAR�\xE3\xA8K\xBB~P)\xB3"\xA9Į\x83hr\xAB5\xD7|\xD8�:d\x95\xB2\xFB\x86YU\xDB\xEAY\x9D;{kGo\xF7x4�eW\xE5\xA0zɤ\xAA[\xA7W7�\x8A\xFA\x97K\xFB/\xC7�%X\xED~\xDE\xF3�T\xB5\xDBe\x9C\x80\x8D-\x8D\xD5.\xC9A,\xDD\xEA�X\xED\x94#\xD3Tŋ�\xF1\x9BZѹ\xE9\xC9n*bĤd\xA7\xA6j\xBFY/W/_n\xD0j\xF3v!I\xB4\xBA�Τ:�H\x99\xF8\xC1\xA1\xEA2x\xAF
-\x81{M{\xF03S'\xF8\x89i{0!?�\xAF\xB4\xB1\xE4i �\xA8<\xF0V�\x84\xF7\x99�\xF0cS7<4\x8D\xD3i\xF0,A88\xF0\x83ȃމ\x82\xE4�\xC7�|\xE4\xE8\xE6�\x8Ez\x8D\x98\x82M�\x922\xA6�n\xA0\xF2\x80[U\x90\xDCg:\xA0\x8FM\xDD\xEC\xD04\x96\xD3\xE0\xD5��B\xF0 <Py\xE0\xAD*�\xEF3�\xE0ǦnxhJ\xF0$\xF8DJ\x94
-&\xFD\xF0Pu�\xBEW\x85ས=\xFC\x99\xA9�\xFEÄ”\xC4\xD3\xE0U�.( \xC0�\x95�Þª\x82\xF0>\xD3�~lꆇ\xA6\x84L\x83\xE7\xEA\x8Fb\x81�o�\xA0\xCA�oUAx\x9F\xE9 ?6u\xC3CSB\xA7\xC1'�%i*�\xF0@å·\xAA \xBC\xCFt\x80�\x9B\xBA\xE1\xA1)I\xA6\xC1\x93�Ñ”�\xCEuPå·\xAA \xBC\xCFt\x80�\x9B\xBAá¡©~o2��KDR�\xD8\xE2\xA1\xCA�oUAx\x9F\xE9 ?6u\xC3CS2\xEDlG\xA5Z \xB9�luPu�\xBEW\x85ས=\xFC\x99\xA9�\xFEÄ”L;\xDBÑ”"\xCCy`\xAB\x83*�\xBCU�\xE1}\xA6�\xFC\xD8\xD4
-�Mɴ��U\x87Cɓ\xC0V�U�x\xAB
-\xC2\xFBL�\xF8\xB1\xA9��\x9A\x92i'<J9�<\xF4\xE2�\xAA<\xF0V�\x84\xF7\x99�\xF0cS7<4\xA5\xD3NxT\xFD-\x902�\xD8\xEA\xA0\xCA�oUAx\x9F\xE9 ?6u\xC3CS:\xED\x84G1F\x9C\xF1\xC0V�U�x\xAB
-\xC2\xFBL�\xF8\xB1\xA9��\x9A\xC6\=\xF4\xF2\xC7\xE9\x89 \x881�\xD8\xEB\xA0\xEA2}\xAF
-\xD1{M{\xFA3S'\xFD\x89)\xD7_\x83~\xFC%�Q\xFA\x84\xE1\xC0{�\xA8\xF2\xC0[U�\xDEg:\xC0\x8FM\xDD\xF0Д\xB3i\xF0 G4 <\xF3@\xE4A\xEFDAr\x8F\xE3 >rts�GΧa\xAB]\x91$,\xF0��\xAA<\xE0V�$\xF7\x99�\xE8cS7;4\xE5\xE94\xF8Xm� �\xEE\xA0\xCA�oUAx\x9F\xE9 ?6u\xC3CS\xBD\xD4M\x80\xD7\xCB"\xA62p\xB8\x83\xAA\xCB\xF0\xBD*�\xEF5\xED\xE1\xCFL\x9D\xF0'\xA6\N\x83W�CI\xD3\xC0\xE1�\xAA<\xF0V�\x84\xF7\x99�\xF0cS7<4M\xF14xÆ\xA0I\xE0p�U�x\xAB
-\xC2\xFBL�\xF8\xB1\xA9��\x9A\xAA\x96L\x82\xA7)J\xD5�) �T�x\xAB
-\xC2\xFBL�\xF8\xB1\xA9��\x9A\xEA�\xF7S\xE0c\x898\x91\x81\xC3�Ty\xE0\xAD*�\xEF3�\xE0Ǧnxh\xAA�\x81I\xF0X�QG\x84 <Py\xE0\xAD*�\xEF3�\xE0Ǧnxh\x9AN;\xDB \x8A�B�G; \xBA\x8CnE!r\x9Fc�>vtrC\xC7tکN��i\xF0sl\xAF\xF1|\x8C5\x9A\xE0\xA7\xD8\xCBvÇ\xD8S;\xF7g\xD8\xC1.\x9Dv\x9E\xA3�\xE9\x9Fm9Z\xA0\xFEw\xDF\xE8\xFF\xF7\xAF\xC3\xC0[\xBF�Q!.\xECU$�(�*H\xD7(\x8D#\xF0Y\xCB\xED\xCF\xC8Λ\xFE��\x92\x9C\xE8endstream
-endobj
-1806 0 obj <<
-/Type /Page
-/Contents 1807 0 R
-/Resources 1805 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1796 0 R
->> endobj
-1808 0 obj <<
-/D [1806 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-538 0 obj <<
-/D [1806 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1809 0 obj <<
-/D [1806 0 R /XYZ 56.6929 749.894 null]
->> endobj
-1805 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1812 0 obj <<
-/Length 1323
-/Filter /FlateDecode
->>
-stream
-xÚ¥\x9AÍ’�7�F\xF7<E/a\x81\xA2\xAB-\xF1�3\xC1�c\x87\x90\x95\xE3U\\xC9&^d\x95×0\xA3\xE6C\xA8\xEF\x8D*\xE5\x9A2f�}\xFAt\xC9\xF4\xA5�\x9At\xF9CS\xF2J\xDB즘\x9D\xF2\x9A\xFC\xF4\xFB\xB7\x95\x9E\xFE,\xBF{]\xD1�\xB3\xAD\xD0�\xA9w\xE7\xD5�/6NY\xE5`\xC2t\xFE�\xB6\x95\x94N\x89\xA6\xF3\xD7\xCF\xEB\xA7�w\x9F\xCE\xFB\xD3fk\xBC^�\xB5\xD9\xFA\xA0\xD7\xEF�\xC7\xE7\xEB3\xF9\xFA\xD7\xD3\xC7\xE3\xCB\xE1\xF5\xD7\xD3n�\xDD\xFA|\xF8x\xBC>}Ú¿\xECO\xFB\xE3\xD3~\xB3\xA5䩼޼ma\xE1�/\x87\x9F\xF6\xD7G\xAF\xA7݇�\xBB\xD3\xE6\xCB\xF9\xFDj\x9E[\xB0\x97\xB4\xBD\x84\xFC\xBD\xFA\xFCEO_K\xF6\xFB\x95V6'?\xFDS\xFE\xA1�\xE5l\xA6o+\xE7\xAD\xF2\xCE\xDA\xFA\xCC_\xAB_V?\xCF�\x84\xDF~i\xEF\xF8\xCD\xCC\xD6:\x95B\xD9�\x94}V\xC1�;�erp\x94sy\x98l)\xA8\xD4\xE5(\xFF\xA6)\xB6\xA9\xA4]y\x91\x8B�n\xEF\xC1:S\x8FZc at K\xBA<v\xE1^�c9\x88Z�\x8E\xDB\xDD\xF3\xF3I\xEDN\x9F6Ù¬w\x8B�Ý‘\xB2Ag!�(&\xBFRr>g\x85\xFCV\xDB\xCFGmLc\xF9Æ–\xFF�9�\xF9 at 1\xF9\x95\x92\xF39+\xE4\xB7\xDA~>jc�\xCB/\xAEDIZ\xFC at 1\xF9\x95\x92\xF39+\xE4\xB7\xDA~>j\x93�\xCA�)\x947\x81 ,~\xA4\x96\xF3gJ\xCCg\xAD\xB7\xFC�m7\xFFN\x9Bh,?$e\xA2�N0H1\xF9\x95\x92\xF39+\xE4\xB7\xDA~>j\x93�\xCB\xF7Zi\xED\x84Å�\x93_)9\x9F\xB3B~\xAB\xED\xE7\xA36Ù±|K*Z\x93\x84|\xA0\x98\xFCJ\xC9\xF9\x9C�\xF2[m?�\xB5É\xE5\x93U.H\xD3�RL~\xA5\xE4|\xCE
-\x{1B767CF}Ú²\xCB#\xF9>�>k\xE2\xF3\x91ZΟ)1\x9F\xB5\xDE\xF2�\xB4\xDD\xFC;my��ÊAeJ\xC2\xE2G\x8Aɯ\x94\x9C\xCFY!\xBF\xD5\xF6\xF3Q\x9BƦ>\xEF\x93**'\xE4�\xC5\xE4WJ\xCEç¬\xDFj\xFB\xF9\xA8McS\x9Fw\xE5\x93A�\xD2\xE2�\x8Aɯ\x94\x9C\xCFY!\xBF\xD5\xF6\xF3Q\x9BƦ>o.'\xCA\xE2\xE2\xF3\x81b\xF2+%\xE7sV\xC8o\xB5\xFD|\xD4汩\xCFk\xAB\x92\xB5\xD2\xE2�\x8Aɯ\x94\x9C\xCFY!\xBF\xD5\xF6\xF3Q\x9BǦ>W�\xF8 L= -\xC7WHlç”·\xF4\xD6\xD9-Gg�\x9B\xF7\\x88\xCAd-,{\xA4\x98\xF4J\xC9\xED\x9C�\xE2[m\xBF�\xB5yl\xDEs.+M\xD9
-\xF9 at 1\xF9\x95\x92\xF39+\xE4\xB7\xDA~>j\xF3ؼ\xE7\xACV\xD1 '|\x80\x98\xF87Hng\x94\x90\xDE8\xFB\xE5\xE0\xCCc\x93\x9E#\xA3\�\xC2%�\xA4\x98\xF4J\xC9\xED\x9C�\xE2[m\xBF�\xB5yl\xD2+?\xCAh/,{\xA4\x96\xF3gJ\xCCg\xAD\xB7\xFC�m7\xFFN\x9B\xC7&=�\xBD\xCA\xD6
-\x978\x90b\xF2+%\xE7sV\xC8o\xB5\xFD|\xD4\xE6\xB1I\xCF\xFA\xA8\xC2e{|>PL~\xA5\xE4|\xCE
-\x{1B767CF}\xDA<6é•£\xA6l&\xE1d\x8F�\x93_)9\x9F\xB3B~\xAB\xED\xE7\xA3\xF6\xD2>\xD4o\xCAlDYZ\xFD at 1\xFD\x95\x92\xFB9+\xF4\xB7\xDA~?jI\x8F\xCDzV�\x95\�.r \xC5\xF4WJ\xEE\xE7\xAC\xD0\xDFj\xFB\xFD\xA8%=6\xF2\x99ä”QX\xFFH-\xF7Ï”\xD8\xCFZo\xFD�\xDAn\xFF\x9D\x96\xF4\xD8\xCCgBPV{a\xEAA\x8A鯔\xDC\xCFY\xA1\xBF\xD5\xF6\xFBQ{y\xF1P\xBFK\xE5\x81�\xD6?RL\xA5\xE4~\xCE
-\xFD\xAD\xB6ßZ\xD2c\xB3\x9F1Y\xC5`\x85��H1\xFD\x95\x92\xFB9+\xF4\xB7\xDA~?jI\x8F
-\x86H\xB9L\xD2\xFA�\x8A鯔\xDC\xCFY\xA1\xBF\xD5\xF6\xFBQKzl\xFA+\x9F\x95\x941Z\xB8Ô\xD4r\xFFL\x89\xFD\xAC\xF5\xD6\xFF\xA0\xED\xF6\xDFiI\x8F\x8D�\x8B\xAC�=\xA1�(\xA6\xBFRr?g\x85\xFEV\xDB\xEFG\xED\xE5É¡~�T\x88Q\xB8\xE4\x81�\xD3_)\xB9\x9F\xB3B\xAB\xED\xF7\xA3\x96hl\xFE#\x9B\x94\xD3AZ\xFF at 1\xFD\x95\x92\xFB9+\xF4\xB7\xDA~?j\x89\xC6\xE6?2\xE5xY\xE1\xF4��S\xFF�\xC9\xF1\x8C�\xDA�g?�\x9CDc\x93\xDFeRN\xC1J+�(\xA6\xBDRr<g\x85\xFAV\xDB\xCFG-\xD1\xD8ä—¬\xF2\xD9�W= Z\xAE\xAF\x90�\xCF)o\x{DB73}\x9B\x8EN\xA2\xC1�\xBB^\x95\xCFL\xD2M\xFD\xCAp\xB7\xF4\xBF3\xFF\xE1\x86\xFE\xA2�o\xE7\xDF �n\xE6\xCFB"?x\x99C]\xBE\xCB\xD6Ù‡\xF2C*{o\xFE\xFF\xD7\xEA\xE0baT6-}1Ç–�-\x99�\xEBN]\xBF\x98\xD2\xEE\xB9/ok>\x99\xD8\xD9\xF5�r\xECdyendstream
-endobj
-1811 0 obj <<
-/Type /Page
-/Contents 1812 0 R
-/Resources 1810 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1796 0 R
->> endobj
-1813 0 obj <<
-/D [1811 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1810 0 obj <<
-/Font << /F37 1026 0 R /F14 964 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1816 0 obj <<
-/Length 1730
-/Filter /FlateDecode
->>
-stream
-xڽ\x9A]s\xDA8�\x86\xEF\xF9�L\xAF\xCCLQ-\xC9\xF2\xC7\xEE�mH\x97\xCE6\xEDR\xF6\xAA\xED\x85�\xA6\xF1�1�\x93d\xB3\xBF~\x8F,\xC9>8B\x82\xE9\xCCN&\x83>^\xE9\xD5s|$D��\x86\xF0C\x87"&qƲa\x92ED\x84T�\x97\xF7\x83p\xF8�\xFA\xDE�\xA8֌\x8Dh\x8CUo�\x837\xD7<�f$\x8BY<\\xAC\xD1\) Ӕ��\xAB\xAFAL��\xC1�a\xF0\xEE\xD3\xCD\xF5\xEC\xFD\xDF\xF3\xC9(\x89\x82\xC5\xEC\xD3\xCDh\xCCD�\\xCF\xFE\x9C\xAA\xD2\xFB\xF9\xE4\xE3\xC7\xC9|4\xA6\xA9\xA0\xC1\xBB?&\x9F�ӹ\xEA\x8A\xF5�og7W\xAA%S/'&\x9DO\xAF\xA7\xF3\xE9ͻ\xE9\xE8\xFB\xE2\xC3`\xBAhY0/
-\xB9�\xF99\xF8\xFA=�\xAE \xFB\xC3 $<K\xC5\xF0 *!\xA1YƆ\xF7\x83Hp""\xCEM\xCBf\xF0e\xF0W;!\xEAm\x86\xDA\xE2\xD7j\xC6<")\xF8{\xA2,2�s\xC6\xDB(\xD3�E9\xA1\xD0��\x81Q\xC9(�i\xD2GM`>\x9A\xB2!\x9Eî…©�\xBD4e�\x99\xA6\x94\x88,�Ǧ\x94\xC6�Ã\xCCnÆ“\xAB\xAB9\x99\xCC?\x8F2�LNÆœ\xC3\xE0$\x8E=\xF4H\xE5\xA07*/\xBDË´\xA3\xEF\x9B\xDA\xE9\xB1)\xA5\xC9e\xF44# �3�=R9\xE8\x8D\xCAK\xEF2\xED\xE8\xFB\xA6vzlJiz�}\x9C\xC1\xE0Xp7=V\x9D\xA6oU>z\xA7iK\xFF\xC2\xD4JdJ!��\xD1'�I\xC3Ì“\xF9X\xE5\xA07*/\xBDË´\xA3\xEF\x9B\xDA\xE9\xB1)e\xE1e\xF4ph\xA4\x82{2�\xAB�\xF4F\xE5\xA5w\x99v\xF4}S;=6\xA5\x8C^F�\x87F\x9A\xA5\xBE\xCCG*�\xBDQy\xE9]\xA6�}\xDF\xD4N\x8FM)c\x97\xD1\xC3N\xC9"\xE6\xCB|\xA4r\xD0�\x95\x97\xDEe\xDA\xD1\xF7M\xED\xF4Ø”2~�=\xCC@\xB24q\xC3#\xD1iv#\xF2\xA1\xBB�[\xF2\xBE\xA3��;R�]Æ\x86$\xE4Ô“\xF3X\xE5 7*/\xBAË´c\xEF\x9B\xDA\xE1\xB1)e\xE22\xFA��'“\xF3X\xE5\xA07*/\xBDË´\xA3\xEF\x9B\xDA\xE9\xB1)e\x97\xDD\xF2D�\xEF�\x9E�n\xA7q\x90+\x8D\x97\xFB\xB4]G}lgg\xEE\xEC(\xBB\xECf'\xE4\xFBa�\xF9\xB2�\xA9�\xD4F\xE5\xE5v\x99v\xE4}S;;6\xBD\x80�b\xC4\xC2Ô—\xE7H\xE5\xE06*/\xB7Ë´\xE3\xEE\x9BÚ¹\xB1\xA9|\xEA\xE7\x92Gp<0\xDFe�\x89Ns�\x91�\xDB\xE5\xD8R\xF7�\xAD\xD0Ø‘ 8\xD7\xE3\xEC|n8�X\x96\xF8\xC0\x91\xCAAnT^t\x97i\xC7\xDE7\xB5\xC3cSF\xE4'zv>=��<\xA2\x9E|\xC7*�\xBDQy\xE9]\xA6�}\xDF\xD4N\x8FM\xE5 '\xE0*\x9B\xA5\xE7� \xCE \xEE\xDB\xEFH\xE4\xC0\xD7"/\xBDñ\x83\xEF9\xDAÙ‘#\xA5\x9CÈ\xCF\xCF'\x87`E<\xF4%>R9Ø\xCA�\xEF2\xED\xE8\xFB\xA6v|lÊ„ \xF8\xF7\xDC(p8:\xA2$\xF2$ V\x9D\x8EB\xAB\xF2E\xC1i\xDAFá…©5
-G\xA6p\xC7\xF9\xA5\x9F\xD9\xE7\xD8�\xB1Xn2\xCF'_$r\xC4K\x8B\xBC\xE1r8v\xD1\xEA9Úƒ\x85�\xE9\xFF�+8\x9DD\xCC={�\xAB�\xD12*o\xB8\\xA6]\xBC\xFA\xA6\xF6\x80aÓ”\xBC%W\xF2
-\xA6\xE1g\xE7E Ψ8L|\xFB�\xA9��0*o�\\xA6]�\xFA\xA6\xF6�`\xD3+r-i\xCF#\x87\xE3)�\x9EO
-H\xE4\xE0\xD6"/\xB6ñ\xA3\xEE9Ú¡\x91cJ\xA6�P38\x8E\xE2,\xF6d<V\x9D\xE6nU>p\xA7iK\xFE\xC2ÔŠ~d\x9A]\xC6�\xA7K�\x85\x9E\\xC7*�\xBBQy\xD9]\xA6�{\xDF\xD4ÎŽM'\x97\xB1\xC3A\x91\xA4\x9E\xEFÚ\xC8A\xAEE^p\x87c\xC7\xDDs\xB4c#Ç·'\xA9\xE5d$�\xE3x8\x96?�B\xFD�iz\xBF;<\x8FÆŒ\x8A\xE0\xDFmUÔ²��\xF9~DÓ P\xEDuq8\xE4\xB7�]\xCB�Jr\xB8\xD3
-\x8Fe\xF1\xA4J\x9B\xE2\xB1\xD8\xE8 \xAA\x95j\xDBV�=}\xBE۩"\x8C\xDDvCk\xAD[\xAB\xAE\xE5&\xAFu\xD3솨\xC2UYK\xFF\x95R�\x96�\x8BvŒ4�D*�\xD5 \xA0\x97\xC0EPVwž<43\xF18X7c\xB6\xF7\xAAs\xBB;\x94۪V]\xE5Z5�e�
-h\xEE\xE2�}\xD5V5\xAE\xBA\xE5A\xABY�t\x98\xE5Ak\xBD+\x96\xE5\xB70dÆ» \xA32P
-:\x8C\\x87�\xD0y(\x82\x85|~\xDAg\xFBX\xEC\xF7\xE5\xAAǨ\xBE\xD3UÓˆ�Q at eS\xD6�ݼV\xAFh\xADPk�\xF8Z\x95\x9F\xB7�\xAA\xB0Ì«#\xAD\xAA\xB4�*f\xDBC7\x83*凞P�\xC9eH m\xB3\xDE\xEEU\xA1\xF8'\xBF\xDFm\x8A\xDF$Í›\xEB\x88�o\xA5\x84\xC36\xE0 H\xF5\xB7[z1\xE3&\xBCce�\x87a\xF0\x8A\xBC\xFA]Mq\xB47\xC6\xC7s\xA4\xCD�3�\x84,Ö¨�~\x9CPy�Ñ .\xAB�\xAA\xA60\xA4f\xB5R\xAA&-\xA1a\x9FW?
-]^\xCAg\xD2\xF4\xAET\x83I\x97\xD7\xF2\xF1%\x9DS}\xB7}\xD8hM\xBEQ\x9A|%\xF3$�\xC1]\xFE\xA8\xCDT�\xCCY\xEB�\x93B\xC6\xEBh}\x96\G\xAB\x95㸈\xD4�d\xE1\xA1. \xABbƃY\xA5Zv\xFB|y(\x97\x85\xAA�\xEEJ=�\xB6j\x91\xEFuEnV\xF9Z\xC9g.�\xB7\x8D^\xA7\xAElX\xE6\xB5.=\x95\x87;U\xBAϫgU\xFA\xF9 \xCB6\x8B\xB9-��\xA5X�\xD8A\xBCdR\xB9]V\xEB}^�\xF6\xA34xX��\xDAg\x96\xC0\xF3*\xF62X\xAA\xA2R�
-U~_趲R\xAF0um\xC6\xEC\xE0A\xE7Ë¢\x96[,\xE1\xC1\x97\xADjW+ƃ\xD6��3<×¥:_î›\xBC,\xF3\x8De�O�^_U�\xAB&5\xE4�[\xDB�\xBBÕ»eU\xEC6\xDBg\xB31\x9B�R\xEEÅ»\xBC\xAA\x9A3�\xEF,�\xD1g\xBD\xB5\xB6\xB9�\x92?\xE5\xBA
-�kxÔ©0B\x97& 'ï‚‚D\xF6�9\xFCj\x98_\xFE\xB7
-\xF4\xA1=!<MO\xDC\xF1X\x92\x92(\xE5\xCC,\xAA\xB9\xE3\xB1�+\xA7p\xC3\xE71\xB3,\xFD?\xA6\xEA\xAAIendstream
-endobj
-1815 0 obj <<
-/Type /Page
-/Contents 1816 0 R
-/Resources 1814 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1796 0 R
->> endobj
-1817 0 obj <<
-/D [1815 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1814 0 obj <<
-/Font << /F37 1026 0 R /F14 964 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1820 0 obj <<
-/Length 3220
-/Filter /FlateDecode
->>
-stream
-xڥZKs\xE36�\xBE\xFBW\xE8\xB6R��\x80$\x8E\x93\x8C'q*\xEB\xD9\xF58\x95C\x92�EQ�k%R�I{\x9C_\xBF\xDD\xE8��2e\xCFL�h \x8D\xEE\xAF_\xA0\xE4B\xC0\x9F\\xA4&�\xCA\xEAEbuh\x844\x8B\xFCp%��0\xF6\xE3\x95d\x9A\xC0��c\xAA\xEFﯾ\xFB\xA8\x92\x85
-m�ŋ\xFB\xEDh\xAD4�i*�\xF7\x9Bߗ?\xFC\xF4\xFE_\xF7\xD7w\xAB 2b�\x87\xAB\xC0\xC4b\xF9\xFD\xCD\xED�\xEA\xB1\xF4\xF8\xE1\xD3\xEDǛ�\xBD{\xBFJ\xF4\xF2\xFE\xE6\xD3-u\xDF]\xBC\xBE\xBB\xBE\xFD\xE1z�\xC8\xD4H\x98�\xF1
-�&|\xBC\xF9\xE5\x9AZ?Þ½\xFF\xE7?\xDFß\xFE\xBC\xFF\xF9\xEA\xFA\xBE?\xCB\xF8\xBCR(<\xC8_W\xBF\xFF)��8\xF6\xCFW"T65\x8B'x�\xA1\xB46Z�\xAE\xB4Q\xA1\xD1J\xF9\x9E\xFD\xD5\xE7\xAB\xF7�\x8EF\xDD\xD49\xF9\xF54\xC0Y\xA8\x84\x91_\xB5\xAD\x8CBk\x8D\x9E\xDFV\x80V`\xD1DG\x97×¢y�\xD6⦟1]jPo�\xAD8\x8A\xA2^\xBDД2\xB4\xC6D\xA8_+\xC2D\x82Z�c@\xE71\xE9\xF7�%\xEC(mhb-\x91P\x8AШ�8w�\x9FVA,\x97\xF7\xF0?Z^\x9F\xEB�\xD6\xD4�XK`\x9FT\xB9\x9D�-d(\xB4\xB5\x8AhFmw\xD4A�\xAEã»›C\xB4\xF8PÃ�\xA33\xF9u\x83\xD1\xC2\xEEHq4B\xAC\x8C\x92P\xA0D��g\x8B\xB5r�\xDF\xEF
-\xC0P\x92.OE\xB6Ç–]�\xB3SQ\xB5\xD4\xDB�\xA7U\xA0\xC4\xF2q�\x99eqj\xA8w\xBB\x82\xAE\xFAD\xE4\xED\xAEhx\x8D\xBFW\xD2,\xEB\xAA`\xB2fWw\xFB
-Qm\xCA&[\xAF"\xB1\xDC3m\xB6\xDFS\xA38�\xDBg"\xF2\xF3i\xA0\xAB6ʼn\x9A\xB0�
-�\x91\xD0\xEB�\x98\xEF9M\xCDx.\xBC\xE1�\xD8\xEC\x99ަ\xA7 at B\xB0,�\xEB\xE5\xC7\xFE <\xC75X�ت\xEBvn ��,\xF2�\x87�\x98W6D\xE4\x9Ft\xB6T/݉\xBBr\xDF�eEC\xFE\xB4#\x8E�bh\xE6|\xF7\xB42�\xE0\xA9\xEC\xC5UM\xE5�\�\xB8U{M\xB6��\xC9,+\xDF\xE1�V\x9CN+)\x80\xB9fJ\xBF)\x8A\xA3�tY
-�\xA7Æ©(z\xFE\xC6`\xD66 c�\xAB\xC5Ø\xBE\xCD6\xD1���\xDBE0\xF8\x97o\xF3�\x81�m*\xC9�9�\x99\xF5\xF8"��L=\x88\x8D
-S\xA1�\x8F�\xC9�\x8F\xDFS\xA1\x86\x9C:� \xC7#H\xF0LBR\xEB0\x95:^\x8C\xD7}\xB1{O5\xB3\xFD\xC4|\xB5
-�k\xECt\xFF\xCF\xC7"/\xB7 (\xA5\xEC\xF2i\x97\xB5\xD4b\x86\\xBB\xCA��\x8F;�a+;�\x8B\x8C\xC7Q\xE5\xF8t*\xC7�\xA0�`��\xAA\x8A
-\xF5|\xFE\xF4~<\x94\xD7\xEEɃۚ�bhc\xF3o\x845F/@\xD0\xCD\xD6A;P\xC068\xB7)\xC2+\xB2X\x88a�\xE9\xF0l\xF0D���\x9Bw\xD4�\x8CU}\x8B�\xB8\xFE?x�\x9D�[l$\xD0ZsO\xD7�\x9B�\xC8\xF5\xFA\x8Ee�j�\xD2}��#\xAAW@\xE1\xA9�P\xE4u\xD5fy\xFB��6\x8C\xA2\xB7\xB6\xEF\xA9f\xF6\x9F\xA0\xC2\xE80�\xE7�\xF4\xA8@�D\xA8@\x87\xE39r\xDD,6\xE8f\xB1A\x9F\x87�\xB6\xBD\xC3b\xAF\xA8\xCF`\x81C��\xC3\xD0 ��\xDCּP\xEF\xF1t��-u��\x80�+\xFD-\xB0\xF8#\x8At\x88\xFF\xFE/�\x98DAv$\x92\xD7a0\xA6\xBA�\x83\x9Ej\x80\x81;s\x80^{_\xBC\xC0B�\x87Vh\xFD:�=\xD5���,\xA4�\xFDS\x93L\xB9\xB8\xA6\x9D\x9D�\x9CJ\xE0邱\xEF̼\xB4\xBC\xA2ؾPQ
-\xE2\xC5\xF7ܷ)\xB6Y\xB7o�\xE9sF\xDA\xE75\xDCn\xAF�[\xCB0�Q\xBD!\xEC�\xD5+\xC2\xF6TxL>R0�\xFD\xA5\xB0M�i�\xBF\xCECO5\xC3\xC4T\xD8��T\xDA)��z\xC1* �\xB4)�\xCBM\xE7\x92 x\xF7\xF2\x85f/_\xA1I\xBE\xD07\x92\xAF2\xDE�\xA0\x90/�\xD1��7W\xF9�AE\xCB\xFAخ`˺\xA2\xD7<\xABhš�\xA7 �v�\xD3{_\xCAgGFE\xEA; �\xE5\xD1#\xA3-�\xC8%\xE5\xBCc
-�`oV\xC4 $\x95\x862f\xA3ł�\xBC\x90L\xA1\x80�B,\xDFo6e��e\x8C\xAF\xCFE\xDE�\x83X�e\xF9\xAE\xAC�F \xB5_�r \xC8T%\x84\x8E!AU�\x92\xAA\xD1rJk\x88q\xBC��\xE6\xB0\\xF1�\x93:\xCC,\x9B\x9AHr\xC06�\xED\xE5�d
-�Q\x94*\xCE\xDA37}\x86\x97�bV\x92X&\xE3\xF5Q䎡\x8Av)\xAB\xB681[\xCC
-\xB45u\x95\x87\xA3\xD3a\xFD\xC8Gi=�\xA9\xB69\xD6U\xC3C\x90\x89m�\xA4\xB8H\xEAP�\xC8\xE4'�\xF2\x90UyAIs\xBDE\xE7\xDAי\xD0c��6]\xFEF��\xC6Pv \x8F^�\xD0Ջ�g\xE4\xAC
-7\x82\x94
-5Ùœ9\xD1�\xED@��9\x84?5vf\xBC\xE6 �\xB7Ý®>\xB5AÞµ\xD3<\x97p\xE82\xD1(\xE1X�\x8D\xB1\xAE!�\x8E\x98\x85A�c\x94\xF6\xC3�\x85�h�\xC0��gU\xF3Tp\xEF\xDD]H\x8DÛº-\xFC&Y;� \xB0\x8E��ļ� � \xD72e2g~\xC80\xF36:4p2\x88�\x86�E\xBE˪\xB29p:$�\xB0!\xCCM\xC7zu\xCA4\x93K�v\xB8Y\xB5\x99F\xC4Ê•&\xD0 �\xED\xB3\xD6[\xB1�\xE78]\xFAp\xFB\x99��C�R9I\xC4\x{1B6ADC}\x84\x872ĆZKJ'Ɔ\xAC�;\xB2\xBC1t�hySc\xED\x87ÝŽ;7�\x87~(\xA8M\xB8O\xEC9\xEE�@\xB0� \xD4\xE9�\xDF\xFF�F�_\xF2\xE2ØžM\xBD\xBBk\x8A\x967á„£8��l�8\xFDB\xC18\xC1\x95\xEA}\x88󹈲\x82\xBA\xD7ž~��\xA4�H\x96뮥�v\xABg&\x8D#$kun\xD2\xD8C&\xED-�&7ha�\x95\xF3\xBC\xB0b\xBB^I)]M*\xCC\xF2\x86\xF7"\xCFn\xB0\xC8m˼\xDBg'\xA0\x9B1�(\xEE`\xC7-\x9E\xE4\xB1\xF0)_\xC1\xD9�\xE3�\xFA,\x97\xA6y\xDBp\xB2\xE7\x8BÕŠß»�l\xB4l3\xBF\x8E���\xC3}>\x97q\xF5ʵ\xB6&\x83r}\xBB\x8C׆\xC3r\x91\xBB)\xF6\xC5C\x86B桧\xB2\xDDÑ#\x9AQ\xD2þcÜ‚\xAEg�yã°§�\xFDÓ«\xF3\xB7ؽn\xB3\x92I�7\xC8Ò—\xF2\xD0�\xE8e\xA2�\xEC�\xE9\xF3@�\x84\xCE-u\xF1\x9CI\xFCI�a��I\x86`\xBC! d\xB4\xC0Ѷ�⛜ƷyH�\xDBS}�.\xF9�)t�k\xE5c�\x9Cu&\xACEa,\xAD\xF7MU=\xB7\x8C \x8DI\xC7\xEEKY\xD3'\xF0�8\xFC\xC6\xF9{
-\xB9CS\x92|\xAC�#P\xE6݉\x88\x9D\x90\xAC\xB3\x84\xBD\x93Y\xC6>�\xA8\xEB휃\xD5\xE0\xF0b\x9B\xBC\xE9`�\xD4\xC3‡f\xF6(\xD68\x8FB��D\xC4XD\xE6,\x97\xE9��\xA5\xBA\xECH\xB3\xB3$\xA4�'!e\xE5P0t��\xBF\xEC?\xB9o\x93\xB5\xD9,8?Q\xE2����˺k\xE8��\xB7\xCD#�{\xF6\xE0\x87\xE7\x84$\x95�\xAD\x8E\xD4WD\xA1H\x89h�\x85`I\xB6Dh\x95\xFC$]\xFDÕ•ì–¨\xF7йX\x89\xADz\xC8.1D\xC1\xFB3\x8D\x90\xBD\xBBE\x99\xE1Ql\x837\xC7Ù†�\xD7\xCB"\x901\xD4�É �\x91\xD55\x98=A�Q\xA2\x87\x8EY\xB8ʼ\x88�04\xB5θ�+Ƈ�\xE8�\xAD\xB5\xCE\xEEc�\x8D8\xEA\xF9\xC7N�(M��7\x812\xA6\xB8\xE9\x88\xDC\xE1\xDD�\xFD\xE1\xDD�\xF0}%d\x8C\xEF\xE6|R\xDBka\xA2\xAD84VF_\xA1\xAC\xD8H\xA6�\xD2 w\xBF\x96\xFBti\xCD�n>ç\xB75ߌ^v'�2\xFBT\xDB)�\xA3z\xF3\x8C\x978�\!
xB5\xD0\xEAU/"C��\xF3\xAA�\x91!\xB4\xFC*!�\xE8
-\xDF�Ó\xA5\xE5<�{\x8EuÓ”\xEB\xFEƲ\xE63\xF5\xB7�\xA3�^�\x8164\xE9\xB9uwÇ£OU\xF6\xE5\xA1<3\xF2�\xB7\xE6L\xEFΦ}Õ›\x8D\xACw\xFD\xECo�\xE6\xA5����\xA5b\xAF\xB4\xECK\xC0\x92mÊ¿\xE7\xE4
-%\xB7P&\xE9%Bg\x81:\xC9\xC4V]N\xA7FI�E\xFB!C\x83�\x96\xA0\xF2\x91UQ\xF4\x85\xF7CY\x91}\xEAQ\xFC\xA7!Z\xA9\xCFH�eL\xD47M\x98\\x96\xC1\xFB\xF6\xF9\xCB4E2\x9E;NN~[�p\xF9\xED.\x983\x92\xBAkg��&\x89J\xBF\xAE\xD4J\xFBR\xEB\xE5B\x90\x9F\xCB\xD8ǿ\xFC9ߗ\xF9\xDC:ih\xE0�L6\xCE�\x84%� ϳ\x9C \xBB\xE8�S\xF8L��\x93\x80/\xC6i/�\xF2JO\xC5~?\xED\xA1\xF9x\xD1\xCEu\x88�t.
-�\x9Ce=\xF7kr\x9D\x87\x977V\x9E�\xE8.oB\xD1Gj\xF9S\xFDT`6�\xA9\x88+ \xE2\xB3\xD86�\x92�� F0\xD3\xFC⼿\xF1\xC0 \x9234\x98>qt:�f\x9E\x9AvX\xB3\xE0\xEA\xD0p\xE6�4�`\xC6\xDF\xFA\x8D7A&g\xD1\xD2sn\xC7y8\x82\x8CJ�\x9FuDV-�\xBA\xAC\xB4/�l\xB5/B\xAD&�
-\xCF\xFF\xB8\xAA�[�ݸ~\x97\xE7E\xE1j`?m�v�ޘ\xFA�\xE8\xC6e\xB3/\x9A\x867\xDDN\xF8ѽ;\xF6\xA3ofy\xA7�L \xEAӆ>�\x9CaV\xA7PS\xF6I�ޛ�4\xE8\xE2C\xC6��W2\xA1�G\xC6\xFC\xDD {\xFC\x876\xEC]\xF3,\xF2���\xA5\xD4r7\x81�\xF6\xF8\xF4NR\xF9\x8A\x93X\x93\xD8t \xB4L<\x9C\xA7h\xC3\xF7\xC1�\x90\xEA\xF9\xC88\xF6g\x99\xE0�\xE3\xEA\xDEA�د|\xCB\xDDG\x97UCo�=\x9ACF�\x95,\xAB\xEE\xB0&�\xE2C�,\xE8\x99��D\xB6\xAA\x84\x98\x85'\xD5�n\xED\xAC)\x98�\xA1\xFC5�\x83B\xF7\x85߅\xAB\xBF\xF1\xE2O\xBB�2\x87�$\xE3^g�\xE3\xB9i\xF9�fR\xB8\xFB�\x86n\xDE\xF2\xDDl:y\xEF\x97\xDC\xD6{\xA8J\xFB\xF5\xFC5@\xC6ymw8d>�\xFA\xB8X�}\xE1u\xE1\x9A`&\xF0\x81\xBB�R%\xFF\x9B\xBB\xBEx\xDF+!\xF71\xFCI\xFA\xF2}\xEF\x98\xEA\xF2}oO5\x9B\xE7L\xBF\xB1\xA4a\x9C@
-\xF3\xEA\xF6=\xD5\xCC\xFEӒIa\xFE\x96N�\xB8\x99\xB3z\x8B\xB7\xA1>ix�\x85ϤN��|5Ĺ\xB7\xAB\x94ɥ\x8DW{\xD1\xEEBM��\xBED\xA6\x97Ǭ\xAF\xA4\xCBfNױ\xC4O\x8F\xF6\xEDLO\xBF\xA9g!C\x99\xC6\xE6
-=\x8F\xA8^ѳ\xA7�\xE99\xDF�\x904W�\x81+B\xE0`/Tn
-^\xC3ǯs\xD2SÍ°2A\xB7�a�Y\xF5\x94�\x92r4|^\xC56\x87\x9F\xC8�2�\xBA�B\xAA6\xA3O�C\xDD�\xBDP)\x9FJ�q"\xF0\xC1kp���\xA0\xEBM\xBE?\x85\xE7/w\xBF\xD2\xE4�M\xB6\xC0\xE4aw\xA0"�\xF9�\xA9\xD5\xD97Ut\xF3ϳ\xEA\xA6\xEF\xC6\xE2M\xC1\xBE\xC0@�\xA6\x91\xF43!\xB2t\xAD\xFB|�Y�S�ă�z���L\xA13�\xF4>\x9Ds\xB3\xA5QJ�0|\xD4\xD4!P,\x91F(\xBAwH\xFA\xCBz�y\x9E\xA3\xF2\xBCr\xA5\xA9,Bsz\xF6\xE1\xDB_\x9Dç‹vᥟE)�\xE2\xEF\x94fp"\xFA_�}\xF3O\xA6\x86��\xE9$Tiz\xC1\xC7(�ʉl\xE2\x99³\xA4\xEA\x9Cs\xA3R\xAC\x8D\x92�\xD6\xFF�\x95$\xDE/endstream
-endobj
-1819 0 obj <<
-/Type /Page
-/Contents 1820 0 R
-/Resources 1818 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1796 0 R
->> endobj
-1821 0 obj <<
-/D [1819 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-542 0 obj <<
-/D [1819 0 R /XYZ 85.0394 508.2158 null]
->> endobj
-1281 0 obj <<
-/D [1819 0 R /XYZ 85.0394 481.2174 null]
->> endobj
-1818 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F62 1361 0 R /F21 938 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1824 0 obj <<
-/Length 3716
-/Filter /FlateDecode
->>
-stream
-x�ks\xE3\xB6\xF1\xBB\x85\xA6_"\xCFX<\xE2\xC1W\xAE\x8Fq.v\xEA4wI}n\xFB!\xC9�J\x82e\xD6�\xA9\x88\xD4\xC9N\xA7\xFF\xBD\xBB\xD8��R\xD4\xF9\x9A\x9C5�\x82�`\xB1X\xEC��\x93�~b�\xC5A\x9C\xC9l\x92d:\x88B�M�\xEB\xB3p\xB2\x82\xBEo\xCE�\x8F\x99\xB9A3\xD4Wwg\xAF\xAEU2ɂ,\x96\xF1\xE4\xEE\xDEÕ�a\x9A\x8A\xC9\xDD\xF2\xC7i�\xC8\xE0�0\x84\xD37߿\xBB\xBE\xF9\xE6�\xB7\x97牞\xDE\xDD|\xFF\xEE|&\xA3pz}\xF3\xDD�\xB5\xBE\xB9\xBD|\xFB\xF6\xF2\xF6|&\xD2HL\xDF\xFC\xF5򇻫[\xEA\x8A�\xC7W7\xEF\xBE&HF\x8F�Ho\xAF\xAE\xAFn\xAF޽\xB9:\xFF\xF9\xEE۳\xAB\xBBn/\xFE~E\xA8p#\xBF\x9C\xFD\xF8s8Y¶\xBF=��\x95\xA5\xD1d�/a \xB2LN\xD6g:RA\xA4\x95r\x90\xF2\xEC\xFD\xD9\xDF;\x84^\xAF\x9D:\xC6?�\xA5A$u<\x99)�\xA4\xB0\xFE8\x97E\x90��\x83\x92(�b%U\xC7e)Ƹ\xECF!\x97\xD7\xF9\xD3,_\xE4\x8B�3k\x8A_\xCDp\xD7BfA"\xD3x\xE2\xA3>"\xA0�5B\x81\xF4(�\xB0\x8B$\xCC�$\xDC=\x98\xF3\x99
-�\xD2R\xACwkz\xC9\xD7\xF5\xAEj\xA9]\xDF\xF3 \xB3\xAE\xB7\xCF\xD4.*zΟ[\xD3P\xB3\xAD\xE9\xB9k�\xE1}\xBD\xE5�\xB7Dc\xB6�� \xE1Ì¿\xE0Y\xB4{���g\xD3=\x98\xEA0�\x98�\xDCU\x81�\xA1\x86]\x8A \x8B"iiv\xD4\xC9H[\xEA\xF0\xB9\xCCÛœZH�>\xED\xB2Ø 5\xA8\xBD=�\xE9\xD4\xE0{\xE3F�\xDC*\x8Bu\xD1^`;:\xCCu$c{_\x94%\xB5�\xA5\xC9y�\xE0\x89E\xC9K\xADV\xF4\xDA4\xC5�S>3\x92Ú\x95\xB7�\xDApac\x96��!\xA6D\x95\x9CV5�\xCC\xD3˜\xA5Y�\xAF\x94\xD0Ó›\x8A\xC09=�tJ\xA0\xB3} \xE8zW\xB6Ŧ4\xF4\xF6\xA10\xFB\xE6\x82\xC6\xF0�\x85\xBFd\xBEÙ”�\xF1��n\xF2m\xDE\xF2�\xA4=^\x84w��\\x95x�\xBDÝ
-A6\x93^\xE3\xCA癜Z\xDAC\x929\x84/\xCD}�$\xD2�\xEC�\x90\xBC\xBA־\xDA�@\xA8\xA4\x90\x80�Q\x8A\xF8-
-\xEAKv�dJ\xA6<&\xE0�>\x9A\x99\x88\xC0p\xC4!\xEA2(~�\xE9\xCEʉ�\xEC��\xAF0�\xB3TW\xAD\xA9\x98\x9E\xEB\xA2lͶ\xA8V#+\xC2Ne���G��\xD97%�\xB4o\xF8\xD8X)\xA8?�K\xAB�\xD0&%\x80\xAE|^\x94E\xFBL/Vi\xE0\xF9S�J\\x8D\xC6ֻ\x96\xC0_\xBF{O
-�\xAAM]5\x840\x99\xDE\xD3�k\x9Ab\x9E`v\x95\x97\x83y$�<c�\xBBË‹
-wd\xE7,\xCC�\xDF\xC7�\xB1}\xDEXAHbR\xB0$q
-��\xAB`\xF0$Q\x80\xAE\xBCj\xF6V\xF8 ؘE[\xD4�\x9Et\x9AM\xDFoÌ¢\xC0\xCD-\xF2�$ Ns\x8A�\x98\x82�ii\xFC"gl\xB4\xC5\xC3tF\xBA\:U\xA2�?\x85Qx\xC94\xF1b\x97\xF0�`A3h\xF8\x82�rɳ\x8A\xFB�\xB1\xD0O�gc�G�/-\x87d(\xA77?|\xD0Ô²+�$\xA6\x96G\x9Fe�\x80\xD6yk%>t\xFA�\x8D�ØjD\xB0%\xC8]�\x81C \xA1El\xB8Ó�P�\xA4,\x8D\xE3I\xACE \xA4\x8E>\xC5\xF3\xC9 K\xD3t\xDC\xEF\xCD:\x8C3�\xA5\xF5�=\xFA@@�\x91D\xD1aerX\xB8\xC3!\x91:
-\xE2X\x88\xCFH\xA4\xC3\xF8�\x91\xE0|c
-.\xADGdY4\xED\x88΂\xC2fRE\xCCp+\xD6|P\xC7\xF6B\x82\xB7�;\xAB\xB34\xD5\xF3\x8C\x85�N|Ƈe\x9A\x91U\x80\xF6$ЩH\xFA\xB6\xB0ްVh037(\xE2iȲ\x9F\x82--\xAD\x8B PO�\xE0\xFDͻ˷WԴ"�ϯ�\xA0c\x89�\xA0\x95xx\x92�B\xE3')u^�y\x83
-�U\xF9\xDA\xD0ҨUE`�\xAB\x96\xC9a\x92\xB7\xB0\x9D\xEB\xD3 N\xF9\xAFf7oڢݵf \xE3 \xF0\xFBeg0d\xC0&/�\x8B\xE9rg�d}J\xCC;b=\x86W+dV\xA7b\xB7�\x98uR\x91\xE2(H\xC3,\xE1\xB3\xC2eN�@��Z(\xE1� /0" I aRvJ \x90#\xA3\xC7�\xF1i*\xE2n\x8D
-�\x99\x99Vi \xF1u:\xB0\xB2 �\xC0w�\xA5\xD3\xFD\x83qq\x84R\xB1=2\xCB�:2�\xAD!\xE4h\xA8I\xBE��|2\xD8$\xF6*\x95\xD8\xC8\xC1v\xD2�\xCEdY\xAFs�\xB1)2\xE7\xF6Y��\x90�\xF8\xD0\xD70`D�\xA6\xCA\xE3\xEEP\xFDu\x98b\\xA9&q��2\xCA~\xB7\xF6w�g�\xC6c\xE5\xD7\xC0\xCA8\x83|Å\xFA\x98\xEE'8\xC2\xE9\xBE)\xCD�\xDC|c\xB3\x93tz\xD3\xE7 \xA8p*��\xEB\xA4Z\xA4\xC2\xE0bG\xB8\x94\xC1\xA9C�\xFE)"\x98\xE9\xC4\xD1aO
-b\xB9\xC6yIT��\xD8�\xEEX(�\xB0`\xBA\x93t��7\xED\xEC~�1\xC0\xC8J:\x90\xAA�D\x9425b/\xECb�\xB5
-مr\xEA\x8AP\x96'hu\xEA\x88/�\xC6hb4�[\x964}\xCE\xFC\x93�\xB6�\x89\xACo�\xF3�\xD2k-\x83\x96L\xCA*'RJ\xF2\xF2Z\x92ZjN��p�\x8D\xF0\xAD1m�\xEE�Ë0\x9D~W<\x9A}ј�\x9AS�\xE7:\xCB�M6?в\x915\x8C\xCA�\xE3A?�\xEB;��úx\xA1�
-F�߯\xA0NHD\xACO\xD8�-\x83H\xC5\xFA7\xD9�\x99\xB8\xD0\xD6\xE3�XD\xCEGb\x97$\xC4�\xC2?\xBF\xC6vB\xF9�\xF6\x9A\xA7|
-I \xD3gÐŒ\xDA\xC1\x96]Ð6ÆŽ9\x87t\xC0�\x8BzÍŽ"ff\xC1Øž\x88b�b�\x8B\xB3U�\xC0>e\x9F=\xFF\xC7~A\xF3 at n;\xB1=Öµ\x99�2\x83�%L$E\xF2\xFB\xFD>\xE0}\xE2�@>\xE2\xB0sb\xD8|zz\xEA��
-\xEA}\x94t\xEA\xEDn[\xD9=CF0\xA6'\xE5~\xE1\x81q=\xAEA\xC7!��\xBB\xAC1D\xF5\xA0\xE9\xAC�A'Iު6\xAF\xD3\xD1 s�v,\x8DU\xFA\xF1\xA0Q@\xF4\x92e`e\xA2P�\xAB \x8C\xFA\xBD�\xB9\xC38\xF3Q�\x9Bd,Ed@\xE0a\xE5\x93A#$c\x81N\xE4g\xA4\x91�\xBEDb\xAC��\x87i\x9F\xC4Sn#�T�\xF5BF\xFFh\x86��\xA4\x83\xBF%d�\xE0\xEF\xA20N\xBA\xA0\x81\xE3�\xA9\xD1MC\xDAt,��\xC4<I\xE2\xCCI\xB19
-\xC9\xC1nH\x91~F�\xE80\xBE\xC0_\x95\x81\xAB
-\x81\xB4�m\xB2\xF4�\xF3j9V�\xC8�%Dzr\xAB�x\xA1\xE5\xE7\x94\xF6�\xE3�[\xC5\xFA\xA0�\xF1`\xAB\x9B\xAD\xB9/\x9EF6�!\xA0�\xA13m9\x87{��\xEA0�\x95�}\xAB\x89��\xF8\x9B\xFB]\xF9\xDAÙ1YHt \x91\xAAc\xE2\xA3y>R5
-ቄTSg�\xE2\x9A\xCF�\xA1u�g>\xCA�e\x8B$�F\x90�u\xC3\xEC�.ǔ@���ʻ86\x9AMQB\xC8V\xB2�.V�\xD7\xDD؊�\xE3\xC2 \x8A\xF5\xC0-\xD8\xD0.\xB5U2|\xF8e�\x82\xACA)\xF3�\xBF\xD8x\xAC�\x86I\x98
-\xC8RNY\xB0a�6\x9C Ù†s\xC9pP\xA0\xB2\xBA�\x91\xA0�\xE8-\xBA\xA0\xFE\xD4ZË¢Yp�\xE4�\xC3\xE8\x8FJ@\xF027'B�[~[^8\xC9`�\x95\xD3\xE3\xFD\xD5\xEDy�M\xFFy\x8D\xF5\xF5Ë›\xEF�j(\x92\xA9Oz\xA6c\x97Ge?\x97\x86AcQ�\xB0\xAFQ\xD7ugK\xA9�t\xFAL! u at 8\x81\xF55\xDAh\xCCÌ„'U\xCB00iy>xR\xAAa\xC5.R\x9C�\\x97\xC1\xFE\xBCm\xF3\xC5cs\xC1\xD9�.P\xD1s\xFFP` �\xE7\xE5\x95?�\xEC0\xB0\xE2\x82\xCARn\xF4@�:\x92`\xF2�\xCB]x�\x91'�\xB73+Y\xF0Þ¥X \xE2\xD09tE?�Õ¶\xE7X2}4<
-kqt�%\x96d\x95T�\xF3�\x9A\x9D3\xBE\x9B�\xF8ݯ\x88a�
-
--\x9AN\x9F\xEBݖZ\xF5\xDE\xD1a\xDA}\xBD}d\xA8\xA3\xB7�+պ@9r\x81?�\xC1�z\x84�z\x84Z\xF4\xB6\xE2n\xB7\x8C\x91\xB8��s\x93!K\xE7\xD9fN\xB09\xEDs߸:z͘\x9AŶ\xD8pA|Q\xEF\xCAeW{\xAF\xBC\xE2;��u�zE\xD3]Չ\xD2\xC8Aq\xF9\xF5\xE9Pq�\xBD\xCC˲\xDEsi\xCF\xDD�\x84\xD1A<웕wx\xAELK\xE30X\xB3\xB9\x89\xD7i\x89�\xB5\x95f*\xBA"\xB4\xAA\x97\x8C\x92jK�\xD3 R֋n\x98;�\x8B\x91n�Bf@\xF5EK\xF09c\xB2e]�@\x8Cm\xB3\xB2Eՙ\xC8B&���\xDFj\xD8\xDD��#8� \xEF�\xBBkll\xF2
-n\xD9N\xFD\x90�e>/\xB9� \xC2\xE7C\xDBn\xBE|\xF5jSoۼ�\xF2\xC5: \x8B\xBBz\xB5(\xDA\xDCV\xB3�\xF7\xEB\xBF�\xCB? �v^G\x81}f)�w!�\x91\xB5'm�z\xA8�\x8D?\xB8 \x95*pEt\xCBE}\x8F�\xD7\xFA\xDB\xC1\xFD\xB8\xE1\xB3\xC3\xF8c\xDF3\xC0\x89\xEB\x8Em银\xD3�\xADRpe\x90\xCB\xF5\x88�\\xC9uc\x86�\xF6\xB82Ą$\xFEy\xCC5°T8�O\x96�T\xE0p\xF3\xA4P�M�\xC7\xD8PW>'\xFF\xE1\xDD4A\xFE�1\xA3\x96r\xA0\xF8dI�\xF6\x9C\xEA\xA8\xD7VQU\xE6'\x90\x98?\xDF��\xA4\x9B�d�49�x\xEF\xD2iE\xB6pIM?[�%\xE0lI;\xE7E�yEO\xB3\x94g\xC8p\xF4\x8E\xCA\xED*#5T\x99\xAB\xD2C�;�t?Oc
-# w��\xF8%5{N\xDA�4\xD6\xC5\xEA\x81o~l\xB2{\xFF<\xF0|\xF7\xF5\xC1\x80X_\x99Nw\xA5i\xBE� \xC9�\x8E\xD1K�\xBCD\xC0\xA6\xA5\xFF\xA1\x87O\xD8k�\xFD\x97�~\x95ǟ\xF1�\x8F\x95pS^\x8Fm\xBA\xB7:'ޟ\x86\xE98?V�\xA7bd\xECb+k0*z�\xAE\xA0Ȍ8\xB3\x8Ao\xA5i�\x86\xD3\xC3z�l\xF4\xBC��
-FG\xC2`'\x93\xF1\xC4f' �\xAF\xB9\xB5\xDB\xF4I!\x89\xB0�\xDFgZ\xD3\xC8TÛ¢\xB8���\x83D\xFEb\xF4Z\xCC\xC9\xC2aw|\x97\x8D@�\xB1�\xA5\xFFα\xF9\xD1U/V\xEB�!�)\x8BGㄯ\xF8��s䌔@.\xFB�&>V\xF7\xA0s\xB5�\x85\xBB1Æ\xBB\xDES\xBD\xEB\xBD8M\xA7\xEF\x8Bja�\xA3)\x96\xB5\x97\x85\x8A\xAF�\xA9\xDFÆ€\xDDE\x9F+B��o!:�tzv\xE5\xC3\xE9\xD1\xF5\x80J�\xAF�\xE9/Û¯\xA1�\xE0\xB4-�\xA7l\x81\xFB�`\xECL\x8E\x83\xE5\xA3�d\xC0\xC7\xEFñ˜¥»R\x81\x86\xF5\xCAØŒ\xA7�`\xF3pQ\xC5\xE6\xD4�Ö\x97`0\xCAyC}(\xE8\xF8\xCC\xE9Q\x9AU\xD1�\xC0�\x9E\xEA\x99M\x98G�\x98L�\xF2�m\x94\xED\xFD\x9Enã1\xA2\xB6\xD6X&\xC7w<\x82\xFD\xCF\xC0��9\xD5\xE7\xE1G\x93\x89\xA3Ò�|tT\xEE�\xEA\xC7e]\xBE\ã³·\xD0�{\xF3\xE9JE\xA7+\x95_\xAD\x96�\xB2O+\xE8\xD8\xC1\xE7\xA4\xD0\xED�S\x95\x8B\x99\xA1\xF5�{\x95w\xB9%Õ‰J\x92\x92Q \x93\xAE\xCA\xF7B\x9D?�t�\xC7\xFD\x9B
-�-\x99v�w\xE6\xAE5D\x90\xA8\xE1\xC74�\x85\xA3Yݻ\xBA팑
-Vu\xE6)
-�\xD33\xF7\x99\x8A;u
-L\xB1\xC3\xD5J\xC9DQ\xBB\xAE��\xE3[N\x80l\x9Cٴ\xA1+~+r\xC3c\xEF\xF3E۩\xA99|s\xD3#\xE1\xA1�\xCB=)\x91}\xC5\xD9.\xE7\xED\x97nI[\xECጆ\xD76\x8F��o\xB3„\xC2r|_\xE7\x9B
-Ù™\x88\xFB\\xB0\x8F-\xC4\xE74\x913T�g\xB38\xE8\xEDgq \xA5C8\xA0K!\x93\xEE\xF6�\xA0\xDEg�\x89\xAB-@\x83\xB2c\xE8\xDFÔ…Íš�ͦV\xFB_\xDBÄ©\xC6\xDB\xE6�5v\xE1N�y\xE5\xA2\xDD\xF1\x81\xC5�) @\xBDOX\x96�\xE1��\x9B\xF3\xE2{\xCF\xFA\xE0\x8C\xDDvS\xD3eL\xA2\xA6\xCD\xCE~�\x81\xF8�\x9A\xC6\xF3\xB1\xD21ßV|\x8D�G\xD3ˆ�\xD2y\xE1
-�\xE1\xDB\xDF\xD4r\xBCp\xBD\xF4\xA5Љ\xA4\xCF�\x9C(\xAA\xD7;\xAEa\xA3\xBBˡ\x8FL\x9C�Sa@&�\x95\xA2I\xA6\xA0\x9F\xC4� \xB0\xB1\xA6\xB09\x92\x9D\xB6%貦\xAFd\xB4�\x88\xFA\xFDȋ5\x86LbB\xDF\xC6\xD9\xF1\xA6\xED\x96\xDE?�\xF6��
-��Hx\xCD\xE1WU^�\xA2\xC2\xE4\xC0�L\xEF\xADs
-\xFB��\xDFk.
-X\xFA�\xE0\xD7�:T M�\xB5\xF8s@\xB2�\xBD\xCA�K2\x8Cq\xAA\x8C\xC3Ö»\x86�o\xB6\xB0\xEC\xB6(\x9F\xE9u\xCEx\xF8TZ*\xA6\x8D\x95�\xECn\x9DSH\xF83\xB4\x85M\xC9\\x8F�ñ\xBF?\x9AHG�\xA5+ \xC5U\xD0SRYme�\xDA�-\x89f4}\xA8\xF7\xE6\x83w\xEE1\x9F;~z\xF0L\x8D9\xA3_\x82{�$\xF6�\xA6�Þ\xB5�\xA7�
-\xFD\xED\xF1\xE2Ö‘\xC0\x88NbN|\xCA
-\xE9�~:\x92>\x86�wÞ¿\xFB3\xD7\xC37\xC0: T\x9A\xCA\xF1OCe\x92�:�$L�\x9EK\xAA\x8F(�!\xDE)\xCB�\xD2\xFF�\xFC\xFA`\x8Bendstream
-endobj
-1823 0 obj <<
-/Type /Page
-/Contents 1824 0 R
-/Resources 1822 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1828 0 R
-/Annots [ 1827 0 R ]
->> endobj
-1827 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [63.4454 380.8297 382.2499 391.644]
-/Subtype/Link/A<</Type/Action/S/URI/URI(http://portal.acm.org/citation.cfm?id=1315245.1315298)>>
->> endobj
-1825 0 obj <<
-/D [1823 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-546 0 obj <<
-/D [1823 0 R /XYZ 56.6929 708.0945 null]
->> endobj
-1826 0 obj <<
-/D [1823 0 R /XYZ 56.6929 680.4573 null]
->> endobj
-1822 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F11 1451 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1831 0 obj <<
-/Length 3786
-/Filter /FlateDecode
->>
-stream
-xڥ�]s\xDB8\xEE=\xBF"\x8F\xCAL\xC2%E}\xEE>9M\xBA\x97\x9Dm\x9AMr\x93\x9B\xDD\xEE\x83l+\xB6\xA6\xB2\xE4\xB5\xE4\xA4\xED\xAF?\x80 %J\x96\x93\x99\xBBvZ\x82 �\x92 �\x80\x90թ\x84\xBF\xEA4 \x85\xD4ip�\xA7\x81�\xA5
-O�\x9B�y\xBA\x82\xB1_O�\xD3\X\xA2�\x97\xEA\xF2\xF1ä§:>ME�\xF9\xD1\xE9\xE3\xB3\xC3+�2I\xD4\xE9\xE3\xF2/\xEFÿfw\x8F\xD7\xF7g�~(\xBDH\x9C]\x84\x91\xF4.on\xAF�\x93R\xF3\xE1\xF3\xEDÇ›_\xFF}?;\x8B�\xEF\xF1\xE6\xF3-\xA1\xEF\xAF?^\xDF_\xDF~\xB8>\xBBPI\xA8`\xBE\xCF�\x8EL\xF8x\xF3\xFB5A\xBF\xDE\xCF>}\x9AÝŸ\xFD\xFD\xF8\xDB\xC9\xF5cw�\xF7\xBCJj<\xC8?'\xFD-O\x97p\xEC\xDFN\xA4\xD0i�\x9E\xBEBG
-\x95\xA6\xFE\xE9\xE6$�\xB5��\xAD-\xA6<y8\xF9\xA3c茚\xA9S\xF2�u"\xC2Ä'�\xE8\xFBS��S�i_��f\xDBmY,\xB2\xB6\xA8\xAB�\x8E�%^\xD6R[W\x8B�Ä¡#\xED=\xAE��\xFC"\xA5_\xB6\xF9\xAE\xA8V\x84xγv\xBF;S\x89\x97#"\xF6,\xE5\xD6 \xEB\x97b\x99/-\xC3\xF2;AmM\xED:/\xB7�5\xFBÅ™\xF2Ö¼\x83\x8A'l\xF3\x9D\xD9YV�"\xAF^
-b[m\xF2\xAA\xFD�\xB01\xACآ�@��J\x894�}s0\xB3\x8FXy\xAB\xBC�.\xA5Y�\xBAˢY\xD4\xFB]\xB62\xBB�\x84\xD9�\xB6\xFB]EP\xD1R[\x9B\xBE\xEF\xED\xAB2o\x98\xDB\xF7zO@�:/\xF9\x8E\xD97{�\xDFQ\xAF\xB3�FU\xBC\ݮ\xF3�\x81\x8Bu],x8\xAB\x96\xB4(�3\xA6m\xB3\xC5ף'�[̨\xA1\x85\x8D\xA8\xA0׮\xB9\xDFR\xFF\xB9\xDE� {b\xC8U\xBD\xE8�HDB7\xAB?!\\x8Df]\xEF\xCB%\xC1s\xC6m\xB3][,\xF6e\xB63\xC2�L\x9B}\xCD+�\x8BgjI� \xBCfU\xCBT5\xB5\xFB\x86�\xB5d^ \xD5[\xDC
-\xC1\xBCc\x90\xC0rI[i\x9A\x9C\xE9^�\x98\xC3tÊ\x85Ä¿?%h\xAE
-.\xEC:�\xD6���s
-�G\x8FЩ\xE7/E\xBDo\xCCq\xA0\xFB\xC5\xF7\x83\xA2�k��D\xF8�ѡ7߷4\xBE\xC9*\xA6�\xDD"\xC0,\xEA\xEA�L\xD4�\xAF\xE5GKٞ9'\xCE%\xAEW\xB7�\x96\xEBvK\xD7�:\xCFd\xD34\xF5\xC6�0\xF5\xAA\xCCB$\xDB�\xEFӚ s\x99\xB0\xEDώbґ\xF7\xB1\xE8o2�\xD4\xE6X \xD0N \xFAEm\xDAeCH8X\x9B�U7\xCD*o\xB0�ob\xBB\xDFu\xF2ĩv/s\xB6͑Y\x93K\xB7[\x9F0Pph\xCAqh0QGB\xAA\x94\�\xBAo�\xFFIp\xE7R\x82{ϛ-\xCC̉\xD9]
-\xBC\xBE�\xFCg]1\xF6\x8B�\xE5\xFDÝŸ\xD0(\x8E \xF9\xEB\xAEh\xF1t\xB4\x9E?\\xCF�\xFE*�\xCDz�f\xB4\x8C1\xCC`ST\x8Br\xBFD\xCB\xC2^FMYl\x8A�\x9D\x8D\x96\x89\xB7\xC9�\xEB\xAC*\x9A
-\x8D\xA1\xB6\xB0\xDD\xD4\xCB\xE2\xF9;\xC1F\xFA�\xB0,\xCD�\x98\xA5\xB9�\xFD\xD8?\xFB\xBCi\xEDj`g\xF5
-\x84\xEDr�\x9AMV\x80c-\xA9�W\xB0\xB8\x98\x94\xF96\xDB\xE0\xF9\xAD�\x86\x817/\xC1\xED\x94�,\x80\xE6â‡8��ge\x86\xEC�B�OF^�F\xC9�Co\x99\x9B+��94 \xF2o\xC0�\xF6\x94W�\xC6\xD4\xCFL\\xC3n\xAB�ur\xFB\x9F\xABÏŸf7\xB7\xA8\x98s\x87\xD5\xC45`Æ’�[\xAE\x92\xB9J\xEFæŽi\xECF�\xA7\xC8+\xF76q\xFB\xF9\x8Ab?\xFE7\xEBv�\y�_�F\xB23{\xB5n\xB1\xAC\xCD�\xFEVJ\xD2Bo\xB0Z\xFAÞ–
-�\xE1�`\xB0F\xB3\xBAwX\x88Nj\xBF$�\xF7\x82-\x8A\xE3\xF0\xAA\xA8D\x89D\xE9 \x96ĕv\xBC\xD2�/rh\xEBq �\x961\xD3[\xBF\x8C�\xB0�r\x88\xC2-\xBD�\xF9+\xA1\xECP\xB6\xA9\xD1?�\xA8Ve=\xCFJ\xA6ے�\x82<"�G\x81�\xA9\x94\xFD\xA8\x8E)\x8E\xE8\xC43�fO\xAD9ˀքS=\xBC,\xF6Pf^�Q4_��\xC8d 0;O}�M\F�x�\xE6ۇ�\xE4A�\xB0\xA82�\xE65_R�X1���#̺\xBFor\xB8\x9D�\xB7\xAD]\x9B\xA8\x9CJ\xBED)\xC7T@\xC0\x95\xDE�\xE6�A\xA7\xAAw�\x8E�\xD03\x92 R\xC0ԯ\xF9�\xB6�h\xE5\xDD0'#�h\xF7\xCD\xDENA\xAE
-�\x9B\xFB\x98\xDA$\xA1iw\xC5Ž\xACk\xE3"\x81\x9C�gF�b \xC28\x83\xE1vETe\xF15\x9FvƃP\x8B\xBB\xBC@\x8El]*p\x88\xC3X$ڷ\xD6\xF5<\xC1.�A\xEC\xF3xY/\xB2�\xB6 \xDF!\xAB �\xA9�[\xC3^M\xB0�K�\xD3g\x82_&l\xDD�Aڙ:\xDDL8K"bi�ӹ\xA1�M\xF2\xA4ä\xBF\x9D!\x98ӮX\xAD\xF2]C#\xFD�\x85!pG\xB5I\x80q\xC4\Qh\xC1\xCCht�`\xC1\xC5\xE8$\xF4\xFE\xB8\x9D}\xBA>'
-p'\xCAO\xBDs\x9Ax\xFB0\xEC\x9Bl�\xC9n�\xAEp\x92 \xB4a\xD0/5a\x81�\x91]\xCB\xC0�\xC3�-\xE9\xCEο\xD3�\xE9р\xE8rx�zX\xA4�G\xA3\x807\x86<I�\xAB\xBCe\xF7Es�\xEF�\xEFQ�ӛaC\xADKH\x9C!kgn5\xB5\x94ӷ9cדɞ\xEB�Lb(11dW\xFCZY\x87ms\xA7>`p>\xCDR4I�*\xACϱ\xEDV g\xD3\xF0.�\xB1\xB0\x86\xCC9\xF7\x83d\xE6\xA5\xF8\x91\xF3T\x8A\x92\xCETXh22\x98\x8D\xEB \xDEI\xB0\xB8\x91-\xC0_�\x82b�j`
-� \xABJ\xD3\xC1
-"�\xFA�\xECc\x88\xC2v\x90\xAF�B& \xC2Ø›\xD9./8\x83?�\x8D\xE5\x80\xD4vvk\xF7:\xBB}x§9\xEF\xDB\xF8\xE1 =�\xB1\xA7\x91�;4#\xB5�AL1�)� & \xFA\x8B秡\xE3\xB3a\xA8\xBBx\xD81q\xBA\xE3\xED&\xB4È„\xBDqd_i\xC0\xCA\xDA� \xD9Þ‡\x94\x83\xA5\x9A\xFD\xDC\xE6��W\xADf\xEF�$n8\xF6\x85�\xE2\xD4F\xE3í‹b;\xE1\x98t*T�Y\xD7u`BZ\x93 i\xADX\xEA\x9Am�\x81�\x84ct\xA2\xAD�"�)�P$ \x82\x8D\xC21\x98\xDCq`�\x9AR\x97\x89�\x880\xE0\x9B\xBFb\xD1$\xC4\xD9/�o
-\x96\xE6 �*H\xC8�\xA8\xF2� 78ȒR\xF7A\x96Zϲe�xO\x91F\x81\xAA\x99\x92j�\x89(Jm\xD8\xD8\xEE\xF2\xE7\xE2[\x99W\xABv-.�q\xA9ť/.\x958*o\x95\x84BC\xAEׅ�0?\xC5^��\xE5}`
-\xE4�a\x889\xC1\x9B=�\xDB \x83\xB99;�H\xA4q\xA0\x87\x87\x9F\xE7\xEDk\x8E\xCFd\xADROQCZ�@\x9B
-�\xAC2+K\xC2<S\xC8�h\xFE\xBD\xCDM\x8C\x80d\xE328\xA7Gܥ\xB6�\x9F1�\xAFK\xC5C\xB43\xC3"\xA7֑(\xAFw�Јq�*e{�`\x99/\x8AMƛy\xC9\xCA=\xE3\x8D\xCF\xF1\xE5\xA1\xF7%\xB3/\xF3\xCC,\xAAC\xAF)VU\x81B[\x98� \xA2\xF0(��6:\xB4\xF6�vV�\x8C\x8D-D\xA5\x9B\x96\xAC�Ho/fWW\xF7bv\x87I\xDCLt�"\x9E04/\x83\xEA\xA23t\xFA\xE8\xECpͨy&/q1\xE5\xB26T#\x83\xD4��we\xB6s\xDE\xDEQ\xE7\xCD\xE1\xFDۂ.\xB2.VD\x92\xB7f\x88\xF3o\xCC\xE3\xC0\xC6̓\xF7|¾}\xB0��wi\xD3\xC0\xBE\x9F�\xF1�\x8B\xA7H<\x85\xE2)�OZ<\xF9\xE2Iq6\xD3\xCD�Fȣ~'�I�\xAF\xDC\xFE�D\xBEw\x9D\xE1\xBB\K\xC51\zOɹ�\xE2\xFCI�ژ�\xB4�\x8D\x9A76\xF6)j+k\xC90\xB4�\xCF\xD4�r\x9D\xCBz��D\xB5\xDF\xCCs\xA6;�MA\xAF
-婈\xDAyA\x89\x85\xE4MYG(�Éš\xEE!�g`\xA0#\xEB\xD2l]\x9A\xED@[\x8B�Fj4CFy�M+\x8F\xC6È´ug\x8Fzh\x8F&\x87�\xA8\x9AÔ³z\x81p\x96/\xA7v�L\xD8\xFB\x84m�Ç\xEFå„šW\xB7|\xD3y)\xE7\xDD\xEEl\xDE>\xD0�\xF9\x96\xE1\xD75�\xF4LA�\x82\xF8�\x82�\xCF\xFBA\xA9b=\xB1\x8C�\x8B\xA1\xC3B*\xB3�%>!=.�
-\G)h*\xE8R\xF1�?\xC4T\xBA���Ø \xE8\xD4=L\x95\xA1f\x95\xA7\xB1\x902��\xFC\xB2\xDE\xCF\xCB\xDC>\xE0\xCB\xDA}\xF1\xFF\xFC3�\x810O\xB4\xEF\xFA\xD1��\xFB�,\xED��9\x92\x82e6\xE3,s�/ \xD3\xC5�\x80\xAD&$kB\xF6\x91�;\\x8F\xA2\x820\xF6\xFD\xE4\xB0H\xCBy?\xE6X\xA9\xFB�\x81�\xF8(s_\x83\xB4K\xD9�\xF6\xDA\xC8v�\xEF\xBE]\x81\xE6z\x86\xF5k\xC26\xF9\xEE\xA5c@\xEF\xFC\xC0\x86� \xEC+\x80Y\xA2�Ǧ~\x89\x98-\xABܸx\xBBR7\xBBK\x8B',\x96y\xF9`Ò˜�&\xDD\xE3 Az\xB3'\xDD��Ag\x82�\xE5\x89\xEE&\xB0or\xCB~�\xF8\xC2i\xCD; \xBB\xA0(\xE6Ø›+t\xFA\xD411\x89\x86i\x9D$\xCFr>\xB4\xDF\xC0\xC7/+\xDAI\xEB\xC8�-~\xE0\x80\xAA\x86�NXx\x90b\xB1F�\xCB\xFB|\xC9O�i\x83\x8D\xB4o�\xD9\xE7}�\xA3\xA4�\xA5R\xE6\xEDHS\xFA\xAC�zl'�Z\x82qV&\xF9F@;c\x8A\x8A\xB7AO�\xB3~_\xFB�\xA8\x995�9Ŷ$\xB695\xA0\xA9��(s��\xB1\xCE�_I�\xF0xY\xE1�&\xED\xCC�G\xBAjOr\x90\xE0c\xE4\x82T\x85\x8F\x9E\xB8/u\xA4v\xB4�\xBBZ\x8F\xA8\xC6a\xD00s\xAA\xE6\xD8\xF3\xF1\x83\xDEa\xFAl/\xFE\xC8^|}\xE4��\x84"T\xB1c/U3�\x90\x83X$\xBES\xA20�\xAE\x97\x82\xCF/n�\xF8\xB0~0\xDAdX\xE8\xF4\xA2Å\xD1w9\xDF^6\xDF>\xF2\xA9�\x92j�Id<4^\xAE�\xA1'i\xADkÄ\xEF\xB0\xFA�FBv/\x9DMQ\xC1�/\x96u\xDBL\x9C2\x8C\x85\xDF{$�{\xD4e\xFE\x9C\xEDK^\x91\x93Q~\xBAO\xD4<�H7�\xFD\xFFam\xFB\xA6W\xC3w:(��\xFC�\xB9\xB5'\xC9\xCBA�\xD9f]I$T\xA2\xA3\xA9\xB7\xBC\xEE\x8B*:�<z Sp\xBE\xDAi\xCAd\xC4\xF6�\x98\x8Ey! \x80UK\x93L@\xAA]�\xAA}e\x80�n\xA1\xB7\xA9\xFB\xBC7\xE8\x8BWz\xAA\x{28B9E0F}\xC0\x9Cg\x8CkC8\xF4\xDD\xE6\xCB\xEF�_\xA2Dz\x97\xF9"3\x9F\xFC0h\xD0W\x8EX�|\xE5 �-�\xF3\xE2�
-~\x97is�\xCA�\x8B\xAE*\xBB"*\x93fB\x8B�\x89$\x9B\xDAH*֜\x89\xC6ι;\xA6\x96�\xC8/\x90�ˀ\xAE�\xA6e\xFE~\xE1\x8C2#�\xFF9\xF3\xE1|)[\xD8O\x99\xA1\xC9/\xBAo�X\xB0ʪ){\x8D�\xA1\xA4o\xED\xF5\xEA\xE6av\xF9\xFB\xF5Ք\xB1\x86\xF0\xCE
-쥢\x95�\xFB
-\xEB0\xC7\xC3\xFB^C~g>\xE4h\xEF\xF1��\xC1\x!
9Do\xC0�0\xDD\xC6��\xDBb\x98:�WM\x86\xEDk�G\xF1\xC8\xC1ۊ�W\xB46\xEC�\xFALP\xF2>\xB8nV\x8D\x8A_\xCF5֌Y\x90\xD2V\xDD\xF3\xDD\xCF\xC7~e���2A\xFF\xED�\x958D\xE6'�\x83\xE2q
-`\xA2{Nx\x8C/R\xC5\xE3�\x95�`�\xB8\x87\xB7\x96\xEC\x88�\xD6���$\xC0A4X\xF3ú\xAE\x9B|$\x8FÑ;Z�\xCB\xF1G\xF7u\x93\x83+}Jͳ]\x97\xEEJg\x93σ\xE9ÓŸRP!\xE6S\x8A8\xA6
-\x95$BC\xB8}[�.\xD5q}tT\xEF*\xE4\xCDU{\x8D�,;\xA9\x92\xC1\xB2w$\x88g[(v\xEA\xC16�Ø}\xB6\xDFG\xE4�\xB2#s.]/x.7\xB3\xCF\xE94x\\xCE\xF0H
-�\x95\xBC#g\x87\xEA
-9[\xAA\xF7\xE5\xFCÖª\x8E\x9C\xC7\xCBN\xCB\xD9]vF\xDF
-}\xE5\xE6u*\xEC\xA4uNY\xCA\xD6U\x87\xB2ß“U\xD4׺ k,�\xD0&\xAF5\xE9+\xD2�1�H\xFC\xA0F_\xC5Td\xCB\xF3\x80\xDFWKb�\xF5\x8C!F=\\x98\xAC\xE9Z\xD7�:;\xAE'\x9D\x888\x89\xA2w\xF4\xE4P\xBD\xA1'K\xF5\xBE\x9E\xDEZ\xD5\xD1\xD3x\xD9i=\xB9\xCBZ=9vo\xBFh�\x9A\xF8\xF9\xE0�\xDCÝ¡�\xDFf:}2Ù\xC3\xDB|\x95[�å¾£\x8F\x8B[\xA1\xAC\xA2w~b\xE8R\xBD!nK\xF5\xBE\xB8\xDFZ\xD5�\xF7x\xD9iq\xBB˲\xB8!\xFDv\xFC�\xF6 at Z\xF4S93\x84�C\xA01\xA6\x8CP'\xF3oÔ§\x9A�*D��\x858\xF3}\xA3RD\xD4<@*uV'2\xBA_\x88\xEE\xEE\xD7p�\xF6~MÜš\x89\x9FF\xD8D�\xE4$\xA3Q\x9E\xFCdJO:\xE2\xCF\xF5\xBA\xFFM\xE1�fR\xDA�\xF1\xB7/\xFC\xD1 uG\x99tÄŸ\xBF\xFA\x916\xDB\xD1\xCFq"\xFE\x95L\x94�>6\x9A�[U\x89�Ê �e?XF\xF1D\xCA�Ù¯d�\xFD\xEE'\xEA>��Í\x9D �\xA5�\xBC\x9D Xg\xFC\xFBɪfÌœJBQ:L�P\xA11\xBF�\x90\x9E\xBB d}Æ…\x9D�\xFDJ%2\xBF\xDCj\xE0\xF1\x94\xF3\x92\xF4\xD8C\xB6k\xFC5�\xC1\xD6\xFF�h\x87?\xF4(\xFB-,\xA2/��:�\x94�\x8E\xDEU�
-\xFCM\xEBÄ\x81,\xA9\xFF\xFB\xA7\xB3\xFD\xA5\x87׳N\x92#阖�\xBC\xAD\xD3\xD8n
-O\x91\x84\xE3\x9Dw\xBF\xB1=\xDC\xFA�\x96N\x8C\xB8endstream
-endobj
-1830 0 obj <<
-/Type /Page
-/Contents 1831 0 R
-/Resources 1829 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1828 0 R
->> endobj
-1832 0 obj <<
-/D [1830 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-550 0 obj <<
-/D [1830 0 R /XYZ 85.0394 661.0278 null]
->> endobj
-1833 0 obj <<
-/D [1830 0 R /XYZ 85.0394 634.9717 null]
->> endobj
-1829 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F14 964 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1836 0 obj <<
-/Length 3512
-/Filter /FlateDecode
->>
-stream
-xÚ¥�ko\xDB8\xF2{~E\xB08\xE0\x9C\xC5Z+Ro��\x9C\x9B\xA4m�m\xD2M\xDC\xC3a\xB7\xFBA\x91\xE5X\xA8,\xB9\x96�7{\xD8\xFF~3\x9C!%Ù´\xBD\x8BCÑ��9\xE4\xCCp^\xB48w\xE1\x9F8�B'Ldr�%\xBE�\xB8"8Ï–g\xEE\xF9�\x8C\xBD=�\x8C3\xD6H\xE3>\xD6\xEB\xE9Ùo\xBC\xE8<q\x92P\x86\xE7\xD3yo\xAD\xD8q\xE3X\x9COg\xBF\x8DBG:�\xB0\x82;\xBA\xBC\xBB}s\xF3\xF6\xD3\xFD\xE4"\xF2GÓ›\xBBÛ‹\xB1�\xDCÑ›\x9B\xF7\xD7\xD4{{?\xF9\xF0ar1�q F\x97\xEF&�\xA7\xD7\xF74�\xF2�\xAFon\xAF�\x92Ps`\xD1\xFB\xEB7\xD7\xF7×·\x97\xD7�\xBFO>\xBB\x9E\x9A\xB3\xF4\xCF+\��\xF2\xF5\xEC\xB7\xDF\xDD\xF3��\xFB\xE73\xD7\xF1\x9288\xDF‡\xEB\x88$\x91\xE7\xCB3?\xF0\x9C\xC0\xF7<
-)\xCF�\xCE~1�\xF6F\xD5T+\xFF\x84\xEBH/\x94��Jic`\x908\xA1'=\xC5\xC0\xFB\x8F\xBF™B9Z_\x88x\x94g\xB5jg�k\xF2\xB6\xA1^J\xC3\xF8!z\xE0z\xCE\xC3\xD5�uÚ—U\xBE3vu\xFBp\x98B\xFE-\xCBW--{u;\xF9p\xCDs\xD7f\xEE\xC3\xF5%/\xBDH[\x9ETe\xF5,g\xCAY[\xD4Uc\xA6\x81@\x80+c!\x9C$�\xA4:"\xD1mV\x80\xA6\xF6��lkj\xBFn\xF2u\x917\xCEA9J`U�\xC7'\x{1361E5}\xD8.\xFC�\xDB#�\xDC�{k\xE1\x9E>\xBB"\xDA%�\xC1z"\x96ljj\xA4}\xA2�Y\xC7\xC2 \x92$��\x9D.r\xA4 \xA8\xA2\x87*�G\x84Q�\xCB#\xCE\xED\xAE\xEE>Lnn�\xB1\xBFf\xE89\x89HbF\xECs\x95\x98Y0sI<3\xFAx|\xA16\xE5�\xC52\x86\xEEvQ\xEB\x99-\xA9\xD7S\xDE�Wj�\x8C\xA0\x86뚇g\xF52-*\xEAv�×?\xE2\xA0�A�"\xE9\x9E2==\xAC#"\xD4X'Ex\x8Ch'\xC2]\xA2v�\xF6\x89N\xE0\xD4n\xC7FW�6\xBA;l\x84!\xC5FW\xB3�:Û¢\x9Ce\xA9\xB9\x80\xD2Ö«q\x99?\xE7%!�\xCE\xC2�r\xF6{b\xEDX&Þ¨Y\xE5Y\xF1\xD9ue\xDE[v_\x9D<)\x9DXFR\xEB\xD3\xDD\xD5\xE4"\x91\xA3)\xFE\x99X\xB4Ê�\xE9\x86�\xA3\xD3u\xFE���Ô"[\xA8�=\xF6"\xD7q=\xF0�\x96\x9B\xBD]�mnÕ˜\x81z\xEA;\xAFv\x84\xE6�\xFFL�\xA6\xEC
-\xB4\x93\xDB˻O\xB7ӟ\xC4A\x8B�\x82X\xA2�t\xE1\xA8:\xF5\xB1�\xAB\x93\xC1:\xA5NG\x89�u\xDA#jU\xA7�\xD1��!�T7d\x91\xBC\xAF\xB3�\xD4C\x80\xFC\xAE\xD26\xB5\x890q\xA2\xC0\x97��\xD2�\xD4 at lI�+�J^\xB5h�p \xCD�\xB6)5
-\xAA.v\xD8I�U\xBAf�\xE5F\xBA\xB5\xB4�a�\xE4�\xD4J\xDAS\xE1ǦфP\xFAj\xB8j\xB6\xF9\x9A\xFA}\xEB\x8F\xECs<ß\xB5\x86Q|\xF1�\xA1\\x8C=P\xF89\xAA vv=�\xC2\xD8\xF3a\xB7BC\xE5鋇�u.\x99$\xDD\xEE�\xCA{A /\xB2-\xDA�\xF5\x86Z\xEA�p«\xE1MD\x99\xF0\xA6\x96\xD4C\x87\x8!
BmI�\xC3\xEE��\xA6z \x8Bk\xC4A?\xD2\xE6�\xBBlN\xB0\xDB7'\x9E�+a"\x9C'
-\x8D B\x9AM\xB6`\x94\x86\xA6|\xEF\xE4\xDF\xD2\xE5\xAAÌ\xAC^\xC2!B\xB0+7-\xE1�\x8CC2\xEAf\xC1Èœ)\xE4\x86[8Z�\xFE at 5,gÒ¶1��\xCF[\x945v\xC90 \xACi\xD7E\xF3\x85>\x94\x8Dc��\x9F�\xDC�v�\xF3\xBC\xA2�kn\x99fÊ£EZF\x835Q\x91^\xA8[\xA5\xCB�\xA5�\xDD)
-\x8B\xD1j\xB3^\xD5��7ѷ\xD2#Z\xA0`\x82Z\xA4\x83\xF3\x90
-\x92\x80\xFBnQ\x93�P\xD6OOE\xF5\xC4\xE3ÕŽ�ܦe\xA9�\xF1�\x8B*\xAF\xFE\xC9ˤ\x9BvQ\x83\xED\xE4\xA5(N�PY\xD7\xCF\xC06л\xC3VP�N�G\xA7\xAC`�\xEB\x88�\xD4X'\xAD\xE01\xA2\x9D�\xDC%j\xB7\x82}\xA2v+(]@\x8Du\\xF4Q\xDDÇ\x87\xE9\xBB\xFBO���!\xB5�K\x8D\xBC\xAA\xCB"�\xB6z\x89Oj>p\x9F3�x|\xA1\x81\x94>\xF5�\x84\xAE\xBE\x8308\xB8\x83\xB4\x9Ae\xA7\xD2wBßtd\xB6\xFAc\xBCJ\x9B\xA6]\xAC7\x8E-\x8E\x8B�_�Ú¼\xDF\xF0\xCAY\xBAQá±¢J�A\xB7�\xCE\xC2Û±\x89C\xD7깉2\xAEز\xE1K\xE0\xFEP\xDB9\xE8�/�\x82\xD2jF�\xC5�h\x97uó\xEA\xB9\xC1b\xA3\xD0[\xFB3\x9CrU\xE1\x85�u\x997�\x82OA\x9A\x8F`\xC5x\xB6׉\xB6\xD7\xC9\xE8\xF2\xE6\xEA\x9E7�\xC6\xF1�[\xFC�\xBB\x81\xB6 Ã(\xE8LH`\xC2+\x90\xFE \xBC\x82!\xBA\xBB\x816�\xC1\xE89]�\xE9c\xC9_\xABt\xDD\xD2D\x95 á„–g\xD4ÛŠ\xECR\xA0\xECE9_\xD99\x85\xF4\xD8\xC0![�5ê“¥\xE4^�ʼÛ\xE5D�U\xCC\xC5:\xAB\xAE6+\xA6�bd\x82\xE6\xF31\xA8�\xB8{\x8C\xAD"'\x89b\xCF\
-pY\xFD�+�C-\xC6Qes\x94_\xA5\x96\xF2I\xC0\xCC4\xE4\x91ש\xC1\xA8\xAC\x8B\xD9,g8\xDBQ at Mm:�D�\xF5\xCA`x\xA3\xF6\x95\xD9�\x8E\xF0\\x8D\x96\x95\xA8\xC5\xFD\x9D\x89�aj 1\x8E/\x85\xBE2\xAC\xCE\xE3\x83t"߉\xFDP\xE3\xD7+\xE4 ��>D\xBC\xD2�r\xC8\xFC\x89\x92\x91\x8Ed\x9EҪ\xF8\xC3HN\x80~\x93Վ\x98s "\xCE�\x80¤\xFA\xB9\xA0$*\xA2( QR\xB8`�\xD2�\xFB\xC2r\xB4,\x9E�\xAD\xA6\x91�L\xBB�1Z\xE6\xD9�&4K�\xA8\xA9\xE5�\xA4ฦ\xB5\xB9!J
-v\xF2g\xD2h�\xA0\xB7\xD51\x97sБ�`ee�\xF8\xC7�I�\xEB\xB0#1X\xA7�\xC9Q\xA2Ƒ\xEC��\xE8\x8Fv$�\xA2oo\xFE}m˜\xBDЉa?\xAC<M\xFA\xC2\C�6cVV:\xBB\xE5{\xC2.\xFCq\xC3\xE0U\xBE\xEE"�\xE3\xE1u\xB0\xAD\xFC\xF6\xE0n\xDA\xE2\x81?\xEA*w\x94\xD5<$��T9\x8A\xC4 q\x{130388}Cc\x9D�\xC71\xA2\x9D8v\x89\xDA\xC5\xD1'zu\xF30y\xFD\xFE\xFA\xCA\xE6\xAF�NjB]\xCBо�\xEC\x8D\xF1\xDDR\x86\xFB\xA9�"(݇A%8\xF8\xC6;I\x97�\x80$.\x80B`F\x90-\x95\xAD\xA4\xB2Ҽ\xAE\xBE\xA4 \\xA4Ϲ^\xAFR\x91\xA3+\xD9\xF6\xC2\xE8\xC0\xD5*cC�\xDFɃՖ\xE2\x88��\xC7�\xCB�D\x87\x8A \x83x\xBD$\xA0\xB2\xC8\xD0�\xBF\x8C\xC3i\x96\x99\xC8\xFA\x89\x97\xAByHU\xF7�\xB0.\x9E\x9E\xBA\x8C�ǀ]�\xD9�\xC7\xE0s\x9Fcj[\x8A�\xB8\x92)#�\x984>F\x8A
-\xBAÍ™c\xB3;W<\x88�\xECwÒ>jsC\xDDfQoJFIW\xAB<]S�oúi\xA0\xAF\xC7<c\xF7 �,
-\xE81c�_� \xD8\xE5\xEB\xE8�\xB3\xA0\xC5H[\xEF���E\x8A\x9A�\x883g\x8A\x9C\xE3f\xF9\xD8\xE6\x91\xC1�f\xBA�\xC1\xBC�D\xF6\xF3zS\xCDtaKm\xFD\xA0\xE5\x84T\xD5\xF1=\xCF;~U\xFBX\x87\xAF\xAA\xC1:uU\x8F�5Wu\x8F\xA8\xF5\xAA�\x88\x9E
-\xAF1��\xA3\xDD\xEB�@VH\xB2\x8B{\x9A�Y\xB40`m�P\xD1[\x9E\xCA�$\xCD\xD8hD?\xF1D\xB8\xA9Y�X\x98��\\xC1D\x88\x9A&Y\xDEH\x85\x86c\xBE\xC1|\x96a"Na#\xDAy
-��\xCA\xE7\xD9|�k\xE3f\xB5\xCA\xE8DS\xA8D\x93s8��\xDA<kO\xD6\xC3\xE6\x84\xCB�\xE517i$\x86�O|�\xAD\x9A'@pIr\xA2(\xDE\xC7:\xA2y�\xEB\xA4\xE6�#\xDAi\xDE.Q\xBB\xE6\xF5\x89\x9E,x'{Z\xE7j\xADs9h�\\x9Bfta\x92\xF2\xCCs\x96\x91!\xD8E\xE4Çž |�\xF2Py\xEAé¬u\x84\xDB�\xEB$\xB7\x8F�\x{DE3D}K\xD4\xCE\xED>Ñ¿R�\x8E\W\xF3\\xC7B\xCCO}\xD3zzm\xAB\xE6vA\xBC\x8D\xA1^,\xF1I\xEDD\x8C\xD3\xC7:\xCCP\x83u\x8A\xA1G\x89�\x86\xEE�\xB52t@\xB4\xF7\xA0\xC2\xC5{K\xEE\x928—\xF1_\xD2\xE3ÎŒ\x9E\xD0\xE9T\x9B\x98\x94�\x8A\xCE\\xF1\xFC\xBE�\xA5`7\xE3t\xD7\xEC\x96Rx�1Î\x84\xEB;\xAE\x9F\xF8\xC3\xDC\xF4\xF5�\x95�g\xF9<Ý”\xE8Þ½Hp\xB5\xD5�\xBB\x8C�q\xCCk\x94\xAA,V\x8CQÑ·:\xB6*.v\x95\xC6�#\x88\xB2\xD0S\xEA\xAAdj\xAA��\xC3_MM\xD8×±
-U/\xBF\xD08\x95�|\xE3-6\xEBF\xC5\xE8�\xC2"\xC3\xFD\xD5O�\x93ok�b\xCA\xE1b\xAC�\x87��g\xD3 U\xE1�\xB4l\xA4i\x94
-\x8A M\xA9\xC1\xE4\xB2d\xC4{�ϔpe<2hJ\xEC8\xF8\xF1׆\x96(\xAA\xC1
-\xCFE\xBE\xA5�\xBEsj\xC8\xF6Úƒo\xCF~b\xF2hu\xDA\xE7|Ll\xC3iUmQI\xD0e?\x8C\xE2AÚ®\x82_�8\xC0\xB5j\xB0/�\x8C\x81\x8Cv\xEA\xA1y\xDAn\xBA2:�\x92\xDD�\xF3\xDD\xF9\xA6$�\x97~BU\xCCT\x9E
-\xA1\\x8F�\xA8RC�a�I0�\xB8J*�A\x88\S!>�\xC64*�C(×®\xC2Q\xBDi\xFBP�Þ¿\xB9$\x80HDL\xBD\xAC\xAC7<\x85\xE7F\x9C\xFA[D\xCF\xCAè²¢\xC1�É©\xFE\x83}z+h�\x81\x95N\x8C\xB6�\xF7"P\x95�\xB6E\xC3�\xB2\xBAjS\xD2w\x97\xB7��\xDE�\xF4\x9E\xD3r\x93\xF3zu\xA5\xD7\xE5\xC9\xF9\xB76_W\xA0&/D\xE6\xB9\xC0\xF2u\xA1\x82�\xFCV\xD7\xD8r�.��\xDEÔ”*\x81\xB5\xEFÔ½w\x93'e�\x87��\xC1\xE5Фw\xA7}/f\x9E\xE0É\xBEÓˆkn\xAB\xFA0\xB7�\xD0H\xED�\xDC\xF2\xBA*�\xC2!\x9A�\x97\xB7iy�b#\xF6\xF2\x82\xEA*j�<Qe \xBEy\xEDQ�Í’\xF8\xAB�\xCB\xF9\x97y\x9BÒ›�V\xF2\xF0\xB2_\xDD\xFD\xE4\xEA�\x86\x80x�a\x857\xE7�^U�\xC4\xFC\xD2�\xFA\xFBv��\xBB\xD4 k\x84\xCFiQv\xA5ƹ^w\xB0\xD5~yѧ��\xF9]\xB5\xB2\x86�\xA4\xA8\xF0\xA5�\xC1t��\x8E\xBBƳ[r1Ò\xC8\xDB-��Ä”\xBC\xA1\x8Fk\x91\x81�\x87\xB1K�Z
-�\x93\x86�ʤa瑗0&
-?\xE8�\xE3Q\xD1V!\x84l�\xF6
-\x9E\x98RC\xB6
-{\xFC|\xA6\x86,\xB6*\xF1\x9C(6F\xE7q\x9D\xA7_Ƴ\xAAi\xF2\x8C\xAB\xDD�a Ó—\xBC\xB1�0\x81Q\xBCy#\xED�X�\x8En�\xA7�\x9D\xF6B/K\x9B�s\xD08\xD0U\xBE\x9EB\xAB\x8FN\xB8I\xA7\xD02\xD2 \xB5\xAE\xA4\x81}\xE2�T\xFAMXo�B\xE6�\xA7Ĉ\xBD\xC3c\xB1\xC7]\x89��U�\x93=-�\xC8\xF2\xC0�\x96у\x8Cb\xF7\x89}\x9EvYF\xDA�\xD2��r\xD3�t\x95\x86\xDEOBL\xCCѱ�\xB3\x8F\xB42\xA50\xB0%�6\xABr\xB5\xCDzp\x9D�\xC2\xC9\xE9{\xEC�:\xAE\x94\xE4\xC6\xC4\xFEO\x8E`hYϺ*�\xE0\xA8\xEDH]\xB9�@\xF7\x88\x80\xE0\x82[zÂ…\xE1^\xDE$%s�\xC0\xBC�\xFEÝ“�zDWW\xCB\xFC9\xAD\xDA\xC3\xDB"�,{\xF5'A\xF5:\xF4�\xEA\xD5\xD4bo\xD4\xE6BUZ\xAA\xA8W�\xCBB\xBD\xAE+pMmJ\xCD2\xFDV,7K\xFAP\xF6���\x82\x83?�\x90N\xE2B\xDCK:�\xB3\xB9<>n\xDBÒ–.\x85\x8E\x8C\xDCx\xB7��\xB4\xE8f\x9B\xBD\xD2\xEF\xB8v\xF6\xD3ck\xA8\x9FJ\xA0\xA3M�?T@$�I9\xB4J:O�vt\x84j\xB2o\xB4�\xE2\x97\xE8�\xE8\xEB\xA5\xDEPG\xD7â »1?�Y\xE8\x82�\xDF�\xCA\xE2Ú´Í—y\xD5\xD2\xD9\xFD\xC1s�\xA6\x8A\xAE7T\xCF\xDDW\x85q�\xCE\xE3\xBFÔ\xBD\xC5\xDEw\x8F\xE9\xAC,\x9A\xF6\xBBW\xF4\xFD\xE7+�o\xC7V�\xA9.�u�f;\xFE\xF7\xB6K\x9C\xB2l\x89\xB7\x8C\xBFm\xA0\xEE2m 2\xE0\x9D΋RO \xF8\x8F;G�\xDB]o\xC7\\x83T+U@\xE3ÕŸ\xFF\xA4\xFD\xCCo\xFF\xA8�\xBAYιc/\xFE\xA1.)\x92�\xEFl\xD7\xE9_�c\xE1\xC50\xFCp7!\xBC\xF7w\x97\x93\xF7\xEF\xEE�\xA6�}\xA3a\x9D\x8D\x97O\xEB\xFE��h�\xFD\xA6\xE0\xD5�\xDC�<\xE6\xB93\xEAÈ…yv�\xBE�1\xF0Ϋ\x91\xFA\x91\x8B��>\x94\xC7�X>\xB3%\x94\xF0\x9F\x97\xFC\xBFÚ«0D\x8E�\xC7\xD2\xFE\xAC�\x8E\xC5\xF1cX\x847\x85G\x89ý\x9D\xEB�\xAA\xEEo\xFDSs�\xD6endstream
-endobj
-1835 0 obj <<
-/Type /Page
-/Contents 1836 0 R
-/Resources 1834 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1828 0 R
->> endobj
-1837 0 obj <<
-/D [1835 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1834 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F14 964 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1840 0 obj <<
-/Length 1919
-/Filter /FlateDecode
->>
-stream
-xڵXYo\xDB8�~\xF7\xAF\xF0\xCB�\xCE"bERg\xFB\xE4&N\x9A\xEE\xE6\xA8\xE3�\x8BM\x83B\xB6hG\x88uT\x92s\xED\xF6\xBF\xEF�Iɒ-\xA7\xC9�\x8D\x81\x88�r\x863\xDF�<h߄�\xED{61\xB9o\xF5]\xDF"\xB6I\xED\xFE,\xEE\x99\xFD�\x8C�\xF7\xA8\x9EcT\x93\x8C\xE6\xAC\xF7\x93ޛ#\xEE\xF6}\xE2;\xCC\xE9O\xE6
-Y�1=\x8F\xF6'\xE1\xD5\xE0\xE0\xC3\xF0b2�\xEF�\xCC6��\xD93l\xC7�\xBC?9;T�_}�\xCEώN\x8E?\x8F\x87{\xAE5\x98\x9C\x9C\x9F)\xF2xt4�\x8F\xCE�F{�\xF5l
-\xFCLK\xD8\xC1pt\xF2\xE7H\xB5\x8E\xC7\xC3\xD3\xD3\xE1x\xEFz\xF2\xB17\x9AÔ¶4\xED\xA5&GC\xBE\xF5\xAE\xAE\xCD~�f완\xFB\x9EÝ¿\x87\x8EI\xA8\xEF\xB3~ܳlNl\x8B\xF3\x8A\xB2\xEC]\xF6>\xD5��\xA3\x92\xB5�?\x9B{\xC4\xF6\x98\xDB�\xA0E\xBB \xB4}\xE2p\xC6%\x80\xEF\xF6�\xC74�\x9FΆ\xA7#\xD5\xCC\xD2e4{T\xED\\xCC\xD2<, �Ê ;\xB9�\xB9P#A\xD5HR\xCD&\xF2(
-�\xD5\xF9b\xDA&\x81TO\x9E\x97"W\xCD\xF2F\xF3\xA5\xF7IEK\x82X\xC0�\x80%�dPJ|\xDBfR\xBB\xE4!L\xE3 J\x88\xFE\xCC\xD2x\xCF\xE0&\xF0�(\x85\xA9�mP\xCFG\x9A\xB6\xE5\xEC\xAF\xC3\xF3\xD3\xE1\xC9YËœ.\xE1i�\x94AK\xB4\xC5j\xD1\xC8@}J\x98D\x96�\xD7\xE2\x96d\xFB]�\xD9\xC4w]\xA7ß \x83�\x9E\xD5\xD0\xE2\xFCp8�n\xE9`P\xDF%Ì\xD8к\xA88\x9E�aK��\xED�j\x85\xA8I\xF0�`Z\xDEz\x81\\x84�\xF8\xA7Ô¸j7�\xEAs�,\x97"T\xEDE\x90\x87"Q�Y\x9CX�k\xE30\x84?\x88j\xD4�V\xA3o\xD9Û·T\xEBZMg\x9C\xF8�Ï\x88 \xD3\xCA\xFFe\xA5\xCF}�\x95b� �\xC3\xCB\xCBɇ\xF1\xE7u�\x9C\xFFA\x94k\xC8\xC1\xF9i\x97K\xD2\xDB6
-Ά\xA7\xF3\xEC\xC9Ȃ\xA2(o\xF2U�0M\xE5\xA6Oi"\xDA.\xF56d(8\x88x�\xE2l)p҆$\xABif�\xE5�\xB2\xBD@�\xFD\xEDq\xB2\xBD\m8'\x8E\xEF9;\x82\xCAVA\xB5\xBD�w\xDA1
-i\xCD�a�\xA3\xF6\xF3\xE2v�\xDF�Kn�ϱ\xED&�'�;KC\x95\xD5AW�@�\xEAFR܋\O\x9E\xA7:\xEF)s\xDFx\xAA)�f"+k\xB2\x8E\xF7\x8E�\xF1\x88N�\x98\x84\xD1�e-D\xAA\x82\xD0\xC1\xC9�\xA1۬\xE6k#\xACJ\xEF\xCB\xC3u\xC9�\x92\xB0\xA2>�UW
-*\x9A\xB1\x82\x8B'E\x88\xF5P\xAB\xF3\x8CU\xAApX�yz\x82}�3W\xF3\xA3]\x8DB\xD6`~s\xC4XcC@Ë \xE7Q\xA5\xCB\xF8\xE2o(�\xD4�Ì‚D5\x82\xF9�\xFC\x9F\xCB\xF0\xC7~!\xF2;,\xDA؆z�\x8E\x8C\x83d&\xA0\xF21\xDF�\x8C\x82Ù�\x90&_L\x93-V9\xF2c�B\xAA\xEA�Y\x9A�B\xCB\xD0 a�\xE3\xBC9\xEF\xDB*\xD2�\x8A*7\x8EM%0\xEF�\xCAt\x96��Ë™\xCAQ\xCE(\x84�\xA8%)A�Fe\x94&\xC1R\xF5q;\x98�\x85\x9E\xBFL\xD3\xDBUV(\xA6\xA9\xC0\xA8Eu4\xAB\xFA|[\x89\xFCQÍ\xA0!mZM\x911\xAF \xC0c�\xCC9J\xF5\xCA:\xFF\xF6\xA1ǽJ\xD8\xE1Ù¥�\xA5-\xEC\xF0\xF6}T"\xC4&\xD7V0\x93\xADA�*\x82X\xEC#&l \x94;`ÆšK&$\x92*v>\xB8\x8D�\xCCb$\xA6sE\xDAp�\x8C\x94y\xB4X@�k\xD1ò´°¯&C\xC0S\xE6�\xF6\xD5D\x99 u\x9F\xAB\xCC\xC0\x86Η\xFD.�u8\xDC\xE3\x88
-~ʴD\xFF\xC06\xAC\xF4��u\xF5P�ד\xF5�\xE2\xF1Q\xB5\xD6\xCED\xD6ڙ\xCD\xC9z\x85"\x8A\xA3e\x90\xAB\x8Et�r\xD4a�D
- \xB4\xF0\xB4\x83\xDF
-\x88\x80\xB2\xFB\x9C!\x9DB\xB0\xD6X\xB8\xA53N\xE5 �Ϧ\xBC\xB1�\x90\xF5:\xD0
-B\xC0#\xC0:\x8Asb�\xA7�grD"
-D\x95/@\xD9\xD0�(uH\xC0\xB4\xA7z\xDEZ\xBA>\xED\xE1\xB0�Ge\x8DG�\xBA\xDA芽\x85,\xE0�M�-n\xB0"x\xA0\xCD\xEC&�w�\xE4@���Q\xBC\x8AU�3$�\x85\x91\xA9T0
-\xA8\x85rI`Ε\x81\xC89MW\xA5j2\xF3\xB7\xCAe\x98>p\xFE�\xE8,Ӗ\xD0y\xB4\xE1\x97:\xB0\xBD:\x9E\xA1\xD5B\xA3\xC3�56p\x8A\x97\x9EQM-ʮ\x8F\xC2\xD8T\xE0\xD8j�\xC4o\x95�\xAAW\xE1 ͛@\x82`\xCB\xCA \xC7j�P\xE4ťjh\x8Bq\x9A\xB6�\x9A\xB6\xB4\xD86\x9B�W\x8A\xC3v\xC7\xD4 a\xACm\xD2k+3q\xAF-E\xA2HSm\x95\xAA\xE3\xB8FU\xB1\xB03KWI)\xB4=\x91f\xC1\xA2\xAA\xF6\x85\xE6E\x81\x99�\xF1\x99�
-\xE8ma\xAC6\xF5\xA2c�q�\xF1\xCCjjQ�eT\x94Ѭ \xB5\xD8�\xFB9\xEC6.\x9CE\x98'\xCF��cêŒ\xB7.\xCCh\x8A[q\xED]P\xEE�\xA4\x89X$�\xA6\xE3<\x88\xE3 W\x82[��\xDC\xC7\xE0n\xE3z\xEA\xE4V\xC9\xC0\xAD7ʾB\x95ϯ\xDEd\xB9\x98G�K\x91\\xAB\x81$\xC4\xD5\xC6ÞŠ\x90+5c\x9A.V\xFA\xC4\xF2(\x8A\xAFi\xFE\xB5\xBA\xEA\xE8#\xC0uW\x96h\xE6,O\xEF\xA2P�\xD1\xC3<\x85\x8C\x96�9\x94 Q\x94?%C\x84\xC9\xFF\xB6�y\x8DU\x98�E\xF4T]\xF6V\xF1\xB4\x82\xF6�\xABC�\xFC\x9C\x802\x87]t^\x9F�\xCCM\xBB\xB8
-yP)\xD77�}�M\x84\xA17i\xD9\xFF\xB7R:y4Z�\xD6\xF5�\xA6Z\xF49\x9Do\xC5cQŘ\xFC�P5\x92EK\xC0\xD5\xEE�Bȵ\x8E\xD1\xEF\xAF\xC6\xC9(\xA0�\xCE�w\xB0(\xB3d�T�\xCA�\x83\xEB�\xCE\xE0b\xB0\xE3Vk7o\xB5kÛ¯\xB24/\xEB\xAC\xC2\xCEu\x87~F\xE3>\xF2\x8CG\x94\x9EÆ\xD3T\xD5\xD9Vu}Y\xFE\xF1\xE5\xE6ժ¹\x840\xEE\xFA\x9D\x90½6\x9A?\xBE�P\xC7%Ü…\x82\xF9K\xB4\xA4.'\xC0\xFBC��f\xFB\xA6\xF8\xFCk\xC6\xEB\xD5\\xBF\x95l\xFB]\x9E\x93[X\xEA�\xD4Q�\xC5fj\xEA\xB2\xDDÔž1
-ۄ\xE9t\x80\!Ӊr\xA5\x9E\xE5�\x8B\xFBN'\x8Ek�[*\xAC\xC9�@\xB8\xB1ۮEw\xAA at w\xA8\xB0�v>aԶ:Ui"U{\xF4\xF5`q�\xDF�\xAD�W\xB74\xB5^��\xFD�`\xB1\x97\x81�\x97ujy\xAC�\xACU!� �.ndi\xBA\xDC\xD8\xEB^P:\xDB\xFC�\xB6Z\xBB\xCD�\xF6\x99
-�\xAB�\xEE�"\x82\xD3V~�,wʪ_\x9BZZ}\xB7\xEBM�\xCFL\x9Cw\xBD \x9B5\xA2?\xFD޼~\x8C\xB7\xA0\xA6y�\xAB\x9F\x92[\xA7>n:\xC4c\xBE[)%_f\xDCM\xCD\xEB\x87\xE9m\xD5\xFF�e\xA80endstream
-endobj
-1839 0 obj <<
-/Type /Page
-/Contents 1840 0 R
-/Resources 1838 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1828 0 R
->> endobj
-1841 0 obj <<
-/D [1839 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-554 0 obj <<
-/D [1839 0 R /XYZ 85.0394 370.6221 null]
->> endobj
-1842 0 obj <<
-/D [1839 0 R /XYZ 85.0394 346.1456 null]
->> endobj
-1838 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1845 0 obj <<
-/Length 4205
-/Filter /FlateDecode
->>
-stream
-xڥ;]w۸\xB1\xEF\xF9�~\x94ωX\xE2\x8B N\x9F\xD2\xDDd\xAF{\xDA\xEC6\xF1\xF6\xDE{\xDA>\xD0�%\xB3\xA1HU\xA4츿\xBE3\x98�\xBFD\xC7\xCE\xF6\xF8A\xE0 ���\xF3
-X\\xA5\xF0'\xAEL\x96d^\xFA+\xEBubRa\xAE6\x877\xE9\xD5�\xFA~z#x\xCC:�Z\x8FG\xFD\xE1\xF6\xCD\xEF>({\xE5�\x9F\xC9\xEC\xEAv7\xC2\xE5\x92\xD49qu\xBB\xFD\xDB*Kdr
-�\xD2\xD5�?\xFCp\xF3ӯ\x9F\xDE][\xBD\xBA\xBD\xF9\xF9\xE3\xF5Z\x9At\xF5\xE1\xE6O\xEF\xA9\xF5ӧw\xFE\xF3\xBBO\xD7k\xE1\x8CX\xFD\xF0?\xEF~\xB9}\xFF\x89\xBA2\xC6��\xC4\xD3\xCF3H?\xBD\xFF\xF0\xFE\xD3\xFB\x8F?\xBC\xBF\xFE\xC7\xED�߼\xBF\xED\xF72ޯH�n\xE4_o\xFE\xF6\x8F\xF4j�\xDB\xFE\xE3\x9B4Qޙ\xABG\xF8H�ὼ:\xBC\xD1F%F+�!՛\xCFo\xFE\xD2#�\x{146A4B}\xFC�i"U&��(ŕ�\x897FN8h|\x92)\xA9z�
-�\I\xD3t\xD5�\xA7\x87\xE2D\x9B\xFC\xDC\xE5]q(\xEA\x8E>,\xFE\x9E\xA6\xB2.\xBB\xB2\xA9 \x92\xD7[j\xFC\xDA\xE6\xFB�Y��\xCAщ\xA5Wk\x99%V{�V\xBA\xBD\x8F\x83\xC4h\x90pI\xE6\xD2��\xE3�&\xE0�\x97�\x92-\xB0\x87\x87\x8DhK\xC5jK\xB4�-}n\xEE\xF3S\xBE\xE9\x8AS\xD9vå†]C\xBFw�\xFD\xE6m\xDBlJ@\xB3\xA5\xEFDz\xBB\xE7�\xFA9]�\xB7*�M�&\xC8U\x9D�x*� "�r#\xBDZ\xDD\xEC&3\x8F4�i\xFAJs\xAB\xE2Z\xAC\xEA=\xAC ;\xBBZk\x97(\xE3\xDDÕº?�\xD8S\x89\x84*\xC0~,6%\xCE-\xB6o�bV\xDD}\x81,W2, CNy\xBD/\xA8\xD9\xECxV\xA0\xA9\xA5a�Õ¦A:\x91\x96-P\xAAR\xBD\x{2E6E7A8}�\x90R\xE3д\xDDl\xE5
-\xA1\xE9\xA5�QU\xF9\xB9\xE5�\xF9\xF1X\x95�\xAFA\xF8\xF7y\xF8\xDDVE\xCB4 a\xB8\xD7t\xBAIZ�d\xA6\xA1\xF1Q\xD8ʚ\xCE\\x8FE�d\xDF[\xCBG\x8E\xEC\xDF&\x9B\xA6\xDE-H��\xB4\xB5\xC6\xF1Є\xB8,\x84J\xAC\x91\xC8f\x9F\x88L}S
-=\xEA\x97~I
-�\xAA\xA1��Rh\xD5j\x93\xD7\xD4h6\x9B\xF3\x89\x9A9\xF7ѾAb\xBA\xE6H\x90\xAAx(*�\xBF\x9B��LM\x8Dǰ?\x9FrV7 "\xA4\xE2�
-\xA3/\xEB\xB6\xDC2\xE6|a[J\x98D���\xF3P�\x8FK\xBA\xA5�g\xDCŮPd\xAC'\xE1~�\xFFZ9\x9F\xB8\xD4\xEAx\xCA\xE2\x85ul
-f\xE7\x92{\xC6➻�\xF6\x83_n\xD5\xD4�\x81\xC3N�p \x81Y<;\x9D&Κ\xD7�\x9E\xD4\xE2b\xF9�\xB5\xCCxX2\xA8�\xAC\xD5\xDD7-/\x8F\xA2�\xA1
-\x81X\x84�\xED\x92F\x91%t\xD0x\xE2A\xCDqM'L\xA2\xE8Mâ„Ÿ\xEAB��\x96JAJxoAE\xCB}\xDD�J\xABm�N �\xA3��%��\�?�\xB6ሺYâµ`;\xC1y\xBCÌŸ\xCC;\xB9\xC4�%,\xED
-�\x99\xECm\xBE\x96ЉtZ\xFEÖµ�\xF8�fg\xCB\xE0\x96\xB8\xA9\xC00\x80\xFD�Svn\x8B]~\xAE\xBA6\xE9\xEDN\xD0z�:��\xB5Y=5gjlË–\xACc\xF8\xEA\xEEQQ\x95\xCE�\x8F�06\xFE\xF8�M!\xB6Ѻ\xE2\xEF\xBE|(\xEB=\xB5\x9B3Ï¿Ë·\xBC@\xDE\xE5ȹ̯�\xF9\xE9K?\xB2\xEC\xE87g,w\xCD\xFE\xCC\xCDDz\xAA\xA8\xC5�\xE4!h�\xA2ÝO w\xA7%\x93\xFA\xAF38\xBA`\x8D\xC1\x8E\x92\x90\x82=
-\xDA+\xD2`\xEE�\x84\xD9C��yu\x8E\x86x\xB7\xA8R.1\xA0\xD7|>D\xE3\xE2)\x8A,\x8B\xA3\xCAv��\xB8m\xD1۟^<\xE5Dd�h\xA9\x99\xED\xF60 \x94\xFA5\xB6[\xA6\x89ֽx�O\xCD�\xD8\xC4u\xF9u\xB7$x�6\x96\x99\xB8Z\xF4jh\xE7\xB6E\x87\xCEru(I/�\xF4x_�\xAE\x87\x8F\xA0\xF7ʺU\xD5l\xF2\x8A`C$ G\xAD\x81\xDD�v\xD0ICg8a�\xC8\xDBn4H\xC4s\x86!t\xCC\xED�\x96mІ\x84EC ��\xD4\xC4�\xEB\x93�\x998
-�\xEA
-�)�I\xA0'\xCDV\xFF�v�[�\xC4�\xED.О�\xDCH\xCD\xF0{� \xD2�a�a\x87\xEFɮ\x94\xF0dx ^\xE5��\x82d\xCAs@\xF6ZRڌDN[\xCB\xE6
-\xD1t\xBC\xE6\x92UR.�\x9F\xED\xF9 \x9E\x8A%\xF9�cⵊcx\xE5\xF9\xC6\xC9$\x80\x81\xB5R\xFA\xA9��\x98\x80Î’\xD8.\xAD\xA4�� \xA4fA^\xB6<��U<\xC4�ǦmË»\xAAH\xE8 o\xD8O\x87\x8D!\x9EÅIe!�O\xF5\xEBe���\xA0\xCF+\x8E�"\xD9-6\x93\xF0 at N#\xD3@\xCF\xE9a\xBEIÅ›\x84\xB8\xB5\xA9\xD7\xC4$\xA9A\x97$\xE8\xEB\xB7� �Q
-Ú«\xB30\xBB\xA3�l�\xE9\xF4,B�\x8AV�\x9A
-�+k�#\x8C\xA5\x8A\x82\xBB2*\xEAss\xE4��\xB0\x97\xF5\xB0
-Q at .\xD8q\x9C \xBF\xFB\xAA\xB9Cm�\xB00\xB5\xA5\x8F;P\xDB/\x8C\x86A\xC1\xB3�g\x94�+\xE3\xF5\x9439�\xD5|bA�\xFD˳Q\xA5v*z\xB9�\xA9˳\xDB6\x89�d\xA2\x8F\xB7\x9D$\xCB\xC4fI:1\x98%\xECd^\x88h\x96�6Q`\xE9�\xB3\x84\xE3®�\xE5�8\x96\x95Z:�\x85\xC7ɱzӬE\xAD\x83cթ7S\xAE\x91
-\x926\x9BʱY\xEDH\xDB�\xDCI\xD2l\xA2!B\xD8T\xB0\xCDl�L3\x8C�,*j\xA6\xCBX33\x96\xD60\xB3{;\xE6�\xF4Ei\x85\xDEf7а`\x99@ \xB5\xEC\x9D\xD6\xCB\xC7\xE62s!\xAD\x80\xBDd\xF3
-1'\xC4D^=\x93 \xC502\xE5X7�d�a\xBD�\xC3G\x94at\xF0�\xA2\xE8(H\xE9k\xA4\x95\xFC\xE8\xCD\xFF}\xC0ʇ\xD233�j@\xD6�zF \xA5\xE6\xF8�\xBB\xB7\xDCM\x9C\xC6q\xE7\xE3\xB19qE `\xF9\xB9k�\x90ǀtR\xEE\xA9W;2uк\xCBÆF\xEB\xBE�� 5o\xEF9{\xDDq@�\xF2\xE1\xA0\xFEC20\x84Cb\x94F{\xB4\xBB\xF0\xEBVu����Z�ñ\xFA�i�o^R\xFA\x8B޾\xDC\xDCSs\xB4y7ޡ\xEFw\xE89\xE8\x87\xFE\xD1<
-é±µ\x8D\xCB7\xDDï¡¥\xA3\xF9\x86\xAE\xFEx\x95�Ee8{)�\xD3
-"�\xEF\xCD7�\xE5\xBA�5\x91\xB1\xF6\xBE9WH%�\xA1y\xF5\x98?\xB5\xD4~lN_Ps\xB2\x8C\xE3C\x80�ϧ#\xA5=\x99'�\xC9\xFCs\xE6\xDC\xC9D+e^mε\x951HD\xAE-�J\xA3{%zY\xE3\xAC\xF7�;\xC9\xFB*\xF97\x9Ct�\xBC\xBF\x84
-\xB9�u\x87]\xB2G\xEF\xC7Q\xF4 i2\xE8\xCC\xCC1B\x8A\x90\xD3P�O��\xBDU&\x97\xD7\xCB<\xB4
-2dNq\xBC\x85\xA3\xEE\x9APV���\xAD\xD0&ÙF\xB0\xBE4�vR�x\xB1\x86{{Ƀ\x8F\x92\xFC\xAFX\xED�\xC6R|\xCD��:F�K\xA6\x88�\xB0S=\x89|\x8CsU�\xA4|dP\xEE\xCE\xFB\xFDÓ¬\xC0\xB79\xE5\xED}L1\xA2\x95\xDA4\xA7Óµ[\x9D\x8F�w`\xC6C-\xDE>\xB4\x9893\x83\xB5h\x94\x9Eu\xA1N\x8Bh\x8B\x8Bm\xDD>SXн<\xF6A}(0
-\xAE�\x93\xD8!\xA2�\x8Eca\x80ƈ�`}\xA2�m\x8E\xD31\xF7\xED ?=v<\xAD\xA1_^Ä®\xDE\xFF\xF8\xF13Ï 8[`9\xE3p8\xD7`\xF4\x82\xE3%?\xA0!\xA7237\xC0eGLÝ¢C\x98xA\x93NË\xCF\xE7t\x8B\xE9\x97\xC8l\x92J\xA1\xBF#ÌŽ�\x98�*\xB3@\xEE\xAB20Ù«$�\xD2\xFA\xBC=\xAE\xDB\xF2\xDFKea \xC9�\x8Bf�S\xD9�c\x86\x9C)\xA6)\xB6\xE7-\x80~\xFD\xF1��\x85hC\x8B\xD3v\xF4\xB5-A\xF2-\xB0\xAA+\xA9d \xDFwOK\xE4\xC2I\xA8\xAC/�\x86\xCA\xE2Rv\x8BR\xD5�d|\xB4\x80��\xEE'\xCE\xF2\xFA��\x8CH\x86\x86NÙ©\x8EMr+ᧇi \xF0\xD7k�qMUn\xA9?D)-e:C��:\x8C\x90�%\xF1\xF3+\x88\xBC2\x82\xDC=u$\xDF~\xF5\xF7Ô¤c�͹\xA3
-!vv\xF7%\x83\xB9\x80\x8C@�rD�I,+\x88\xF1\xD0?�"\xB6\xFF<\x83\xE1\xDA�f\x91,\xD5�n \xABN\x87\xA3T~�a\xA0$\xBBsE0f!@\xB9��\x96\xA2l\xEF\xA93lK\xA7\xC3 \xB6�\xCF \xBC�\xE3�\xCCر秺��O`\xFE(\xAEï\x88\x837\xDA;\xF2�Í™8\x92.\xDD\xD7A"I�\xBB\xEB\xC9�\x87f\xC0��y\xFC[\x82\xED\xA2E�\xF6\xB8*\xDEÎ\xE0�\xAFL,!�K\xAC\xEBR\xF7#\x85E\xD8Õ½d�\xCA\xD8\xE2\xD0ll\xC11J\xA4p�\xBE*\x92\xA2\xFD�Q\xA8\xDF_"c\x8D\x8FV\xE4\x90\xFD\xA6~\xF3%\xD4L\xBFS�\xF5[\xA4\xB1�\x81.\xFAky8�\xE8#�Ò”\x95�\xFB\x8B6\xDC.\xD1\xFCa\xC1i\xC6-�\xA1\x8D}Y\x9F\xD3á’€\xE5>PU\x87J\xABsSeL\xA32r\xD1�\x8C\x9C\x93\xF3�\xB1?X)IE\xA5\xE4\xBB& \x90\x8A"\x84U�\x81c�Å®^E\xB1\x93$�\xC1\xF1\x8E�\x80�KK\xBE\xBC�È \xA2�\x9D\xAA(\xECI\xB0R�\xF41#\x91|/�\xBFQ)\xB1\x9F\xC5�\xA0\xCFh\xC0\x97\xBAy\x9C\x8B\xDA\xF7K\xF4o�SV\xB2\x98<.�?\xA4\xA1\xCA\xF45\xE7g\x8F?M\xBCW\xD9\xD4Ë©4K\x94\xB6�wD\x90W�\x95�5�c(\xC0�2\xA2dž\xC0\rsj\r\xC3p��\x8Df�J\xB6\xB6\xD1e#8\xF0\xA6\x85Pni�)\xC4\xF0}!�\xF0\xAE�\xE1\xE3b\xFD\xDC\xC8\xC4Xi\x86�\x92�\xA1\x9E\xD1\xD2*=M\xA4P\x81\x9C\xA8G\xF0q\xE4J2�x\x95�+\x96\VÛœCc�b\xE5xÏ·\xE1{;\x84\xA5\xFD\x8E\xFB\xEB\x8A�\xCB!\xE1pR\xD3[\x8E\xFA\x897\xB5�\x88d.\xD1}V�\x99aKK\x87\xCC�\x96;\xD0\xF5JOÌ·I\x9CM�G\xFEXÎ �\x81\xEEl�7\xF1gi� �x\x918Ë^\xDE
-d�Ce<\xA4\x80\xFD%�|IHk\xF1#ܷ\x96\xA0\xCD\xE864d\xC4x\x93\x80\x83i\x92\x8C\xF7R AM\xAC �\xA8\xD7\\xE4\x83\xEFs\xBD�:\xBA\xA6\xD92\xFC\x89\xE0\xFC\xA2� \x9E\xF1��\x97|e��\xFA0\xFC\x98w\x9B\xFBX�\xE3-Lv\x8D\xF9�\xD5#\xB0 \x8A\xF9�\xFE�NlA$\x99�\x90\xF9\xCC\xEB\xD5\xFF\xA31
-\x8E�:\xC2\xE5(6\xC2%\xF3\xEE\x89>8u�U\xF2\xA0/\xD4�~\xDC\xC6���\xC1\xC5b#g$Q/��\xD7\xCB\xDDs\xE5��\xFE�\xC2S>\x8B^K\x81\xF7k\xC0{ \xBB\xB4\x90P\xF7\xB3&\xAAAÆ”\x9D\xC5\xCDb\xBA\x8EU\xBC\xF4\xFB�\xB32I]/�B\x97\xD4S\x85�\xBD\xD0\xF4A\x80\x92\xFA\x99\x8D:\x8F\xF9\xC5\xB1\xF2h!"�\xA5(z\xEB\xCB\xF5\xAC�\xCD\xD6z\xE2\xE7�o\x89l\xA2|\xCF\xFFѵ/.�|�\x97\xF0S\x88\xCA\xED\xEC\x9A㮘\xA5\x8D3"fI\xE4Pr\xBC\xA4C\x83\xCDTÒu\xD2\xF6�4\xCB^� Uy�\xE5��\xE3/h\xD4\xE7\xC3�\x95\xD8\xF9É…\xC5�\xB8ÞœOC<\x8A\xB0\xB2\xBEk\xCEA\x9B\xE0#VBÅ´�\x9AN*\xA1\xA3E&\xFC\xC7i\xD3Ìn\x82)\x95\xE4\xADL\x84s\xF9\xF2�L\x97\xEC�6\xBC\xC0�\xA5R7\xAF?\x8F<\xF6\xECe\xCA8>\x8D<�\x8F.�\x90o\xA2I\xEE\xBD}\xBC\xA6\�, \xF9\xE4P\xE1\xE9i^�Y\x9C�\xA5\xCC\xEAD\xEA^\xF1\xA2\xA2r\xE8&\x92Ô‡\xFB\xE2פ\xB2\xC2\xC8ȯ/\xC5\xD33\xF5�\x93fr^oÐ\xF6lA�\x88G-A\x96\x9EM8\x95\xE8\x81VXd\xFE\x8EL\xA6p\xAE�tA8P�@\xF3\x9A\x97d2\xF1ι\xE5wd\xEB�\xE3z\x8C2>��\xEF�L\xB8˲a\xE5\xA0,K�\x95\x90\x89�\x8E)\xBE\xC1\xDAÒ¶\x83\xE9\xD0\xCFU�\xC1\xB58ef�\x9839E\xDBta6\xD0�\xF2\xA5XX\x87�ϯ�\xA0E\xBE�\x97F\xC1\xC1\x9B\x8F\x90~h�\xF4A_\xF1\xF1D\xF7\xC4\xD7>�Ó§~�\xD3c\x80~\xFB\xF9槷\xF3Sq.\xC9 \xB3 \xD7Y\xCAz\x8B�\xA4\xBE\xD3\xFE\x8A�\x9FF\xEF\xF2\xE2\xF0\xF5x<q|\xBC\xCF�\xACH\xC3\xE7"\xD2\xED,8U3'E\xA8,\xB1Yf&\xB4\\xBC�\xECG\xBD@\xC2%6\xE6\x83 �8qwÙª\xCB+~Ê€\xD7p
-\xFFRpk\xA7\xC5�\x97Mí—•\xE9\xEA�\x91
-\x8E\xBC\x9F\xC1\xF7L\x8A\xEF\xE6hj\xDD}{�\xBC3\xEF�4\xBE(
-'\xEB\xE0`-�\xFB��\x89k�?[\xD3`Z\xB9\xAF\xF3\xEE\xDCW[L_\xFA3,`\xF0\xBB/\xEA\xE2D\xCF�\xF1\xF3\xDC��L\xAC&\xC0$\x94cB8q\xA4 �\xD2%\xFC
-\xE1Vh�\x8F\x90{\xC6A�\xEEh\x82\xD2�a\xE9:Sv\xF5n)?\x9B^Յ�m\xB9/\xEB\xBC\xEB\xAD\xED\xC8ݼ\xA2\xCE81\xE2t\xCDc\x86\xFB\xFE\x92c\xFD\xA9�\xBF\xEB\xCB�\xFB:\xF6\xDD=\xC5\xF5"2\xE4�\xD6M�˿\xEF*\x88\xFF\xCE{�\xE5t\xCADbc\xCA��\xC8
-\xC3�z\xDEØ»\xE4\xEA<H\xB1\xC9^\xB0\xDD&I\xC5\xC55+b\x85\\xB5yl\xA9�\x8C�6�\xE7\xAA+\x8F��A\x9C\x98l)|\xA1V\xC1y=!<$�Ø21�J
-\xF4Z\xD4\xCB\xFC\xC5v\xC9U�\x91\xE9\xC4^\xBC��\x85��s\x91\xB3ϋ\xDA\xF9�U��\x89\xFDRD\x88\xA9\xD3f\xA9x�9\xA8\x92޽t[\xA3D_\xC0]\xC0\xBB~\xC8�PCD-\xB2\xFE=\xE7pq\x83ϫbR u\xBC��\xE8\xCD/�\x9A@\x9C\xA0�P\xC6S\xC6\xC9��\xD9n9+d\x9C\x94"e\x9C"\x99\xD1m\xBF\xF0�+\xD03\xB3O~#\xD5\xFD#�3yD\xA3c\xA2\x91\x9AX\xBDҳ\x973f\xFEr\xC6\xF5�|М?�U\x94\xFF\xB5��\xF6\xA1\xE1\xD79!5�l\xB4_\x84L\xF1\xEAK\xBC!)\\xCAu�8�\x97}ב\xAF\xFBYS!�\xCFY%3�~GV-T\x99\xE4\xEA3D}U~�\x95CU\xBC\x9E\x92ي\xE6\xDBxfrv\xBF/g�\x8D\xC2k\xE6\xE5mI�A\x89\x91\xE6\xBB%���Gf\xBCb?�\x88t;ym
-\xFCQ�\x92:g\xA6\xDEd[tyY\xB5o\xA3\xF1,f\xE6u[\xB4\x9BSy�\xDE\xCB/\xBF\xB4\xC37t\xF8\xAF�߫\xA4Ã\xD7\xE7\x95\xD4X\xF5�\x94T
-�Q\xD3�\x86q\xE0\xA1,\xB0 at Yy\x95A\xA4 �~;�\xEAG\xAF\x87\xE1\x97\xE1\xC7�\xE7$ \xA2\xFFÏ`:�;'�o\xBD3\xB0)#b.b\xA0~\xCC7I\x98c\xEAK\x84K\xFFÝ¡�^/\xAD\x96\xF6\xFFn\xF1_\xFF\xE7\xC7\xF0o1��q\xE7\xE42\xE1\xD2:|c\xA4"QH\xB8s�\x94\xC7�\xB9$\xFD?\xC9Ch\xD5endstream
-endobj
-1844 0 obj <<
-/Type /Page
-/Contents 1845 0 R
-/Resources 1843 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1828 0 R
-/Annots [ 1847 0 R 1848 0 R ]
->> endobj
-1847 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [87.6538 171.5741 137.7628 183.6337]
-/Subtype /Link
-/A << /S /GoTo /D (tsig) >>
->> endobj
-1848 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [370.941 61.5153 439.613 73.5749]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1846 0 obj <<
-/D [1844 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-558 0 obj <<
-/D [1844 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1701 0 obj <<
-/D [1844 0 R /XYZ 56.6929 748.8663 null]
->> endobj
-1843 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1851 0 obj <<
-/Length 3040
-/Filter /FlateDecode
->>
-stream
-x\xDA\xC5�˒۸\xF1>_\xA1[4)�\xC1\x9B\xC0\xFA\xE4\xB5\xC7^oe\xBD\xCEX{Z\xBB\\x94\xC4�\xB1,\x912I\xD9;I\xF6\xDF\xD3@�|\x88\xD4x�;\x95\x9A�\xF1h4\xBA�\xFDְ�\x85?63\x8APa\xE5,\xB1\x92(\xCA\xD4l\xBD\xBF\xA0\xB3[\xD8{q\xC1�\xCC"�-\xFAP?./\xFE\xF6\$3K\xAC\xE6z\xB6\xBC\xE9\xE12\x84�\xC3f\xCB\xCD\xEF\xF3\xA7?=y\xBD\xBC\xBA\xBE\pE\xE7\x9A\.\x94\xA6\xF3�_\xBEz\x86+�?O}\xF5\xFC\xE5\x8B߮\x9F\&r\xBE|\xF9\xEB+\\xBE\xBEz~u}\xF5\xEA\xE9\xD5\xE5\x82�\xC5\xE0<��\xCE�x\xFE\xF2\xEFW8zq\xFD\xE4\x97_\x9E\_\xBE[\xFE|q\xB5ly\xE9\xF3˨p\x8C|\xBC\xF8\xFD�\x9Dm\x80\xED\x9F/(�֨\xD9g\x98P¬\xE5\xB3\xFD\x85T\x82()D\\xD9]\xBC\xB9\xF8G\x8B\xB0\xB7\xEB\x8FN\xC9O C\x94\xE1Ʉ 9\x9F�\xA0\xB2D�.\xBC \x97\xDB\xCC1�\xA0\xAC�\xCA,a\x9C\xC1\xAD�\xA6(\x9B\xFC\xE6nQ\x97\xC7j�\xA1\xFB\x885'\x89Nx\x80N\x8B\xCD4F\xC1\xA8\x99¸\xF8\xA4'\x90&\x9Ah\xAA"\xD2\xF5.=\xD6Y
-—j^�\xB25�w�=o\x80�\xBF\xFA\xF2\xF5'\x89#G\x81߃%�\x8E\xC0M\x97\xCC\xCC\xD7�8\xDDl\xFC<\xAB�Φ\xC4#\xAB \xB7mptSV\x8E\xBCÙ‚% 1T*�1b�\xD0Ö±�\xA0\x89\x98\xEF�]z\xEBÉ„Y\x9D�\x8D�ID�+x\xE5\xBEl\xB2�Q}ʪ\xFA\x91\x9BÙ°\xEB\x98k\xF2O\xD9\xEE\xEE\x9216�\x85�\xB0\xF7�\x88\xF0\xA8\xD2�\x8F�n\xCF"u\x8A�\xF0\x96�\xE0�\xBF\x88H�\xE1\xC0\xC6C�Y�\xC7{x� \xC3\xCBD\x82\xEE IOd\xE2\x85�V\xE2�\xEA-\xA5<\xDB8>�\x9D\xBF\xC9\xF7\xF9.\xAD�s\x8F�\xEC\xC63��\xCF�|û\xC1h\xC0\x9C\xC38`��\xCE0\xC7�\xE8[b\xD5\xD7\xE9\x9BbI\x8FA\x8F\x92�Ϻ`�\xEC\x89q`\xDD�\x930s\x8F=q0_Me@\xFE\xF1\x98U\x{1DB4E5}T\xDFkN\x80PIk'�\x9E\xE5.�F\x9FZ\x93HhgMB[\xB4&\xB7\x8A\xFA\xE5FÞš\xDC�\xBE\x8A?Ò³&�Ò·&\x8F\xA6ÄU \xF0Ö„Fd<\xE5'
-\xE35@�\xED9\xC9=e" �\xE4\x96=>\xF8\xF6\xD5\xC1\xCD;��ʜ5 \xA5\x83�\xB9#\xEEa\xDD70�\xD7L#
-:\xE6\xF0\x9E3 x(&[/\xF9\xE5WU:\xD1}\xFDr\x97\xAD\xB2`H\\x92\x84��\xE5\x82\xE1\xED\xFFh@\xDC\xF9\xDFD=\\xC3�\xBC\xABf�\xB5�]\xAB�7`N�\xA4\xA9\x84\x86\x91!\1\xEB\xF1\xB8\x90\xCC \x8A3J�G\x936y\xDD\xE4\xEBz\xB1ަE\x91\xEDjD\xFE�6\xB2=\xBA[�\x9C\xABt\xBFO+\xBCF\x{1B98B3}�\xF0%8Ec\x9DD\xA8\xE1\xA6\xF9Ga \xB1\x82\x9B\xA1\xAA\xFE\x8E�y\x9158zK�
-k\x87\xF7\xDE�\xFC\xE4߈\x82A\xFCN\x80\x86�#\x89�ʣ\xF8k\xD8\xC2w\xEEm *\x86\xA7\xC3-\x87\xB2jZ\xDC\xDD\xE4]\xB0%�2\xE7VL�\x98\xEEv\xE5\xE7\xC8
-\x80R4S0\xD1\xF7\xFB\xB4Yo\xDF\xEF\x80\xF3\xB0\xF1g@\xFB\xB8\x8F\x9E�Uq\xC47!\xE4\xF1\x90�/\xAEdH͟\x8F\xA7^�p+J8M\xDAG\xE6\xF4+�\xF9Y洩ț\xBC,\xA2\xF2op\xF0\x9B�\xC2�*ھ\xBE\xBD?\xF5I\x8C\x88v:E\xCD�\xB1\x81H\x90Ȥw&�
-\xE1a\xBE\xC9\xC0\xDD�ׄ+\xEBr\xBF?�\xF9:E\xDA��rǪ�\xF0\xEE�\xBE\xDE}\xC2�\x93��\xB7\xBAÕ\xFA\xAE\x86;p\x9Cn\xF6y�DV\xE9"<�U\xC4(s\xA2�MY�I\xFAt�\xBE\xB7Y\x90e\xBA^c"\xD4\xDB\xEC8\xC7y^\x80\x97Ù§\x9D\xB8Ë›p`�L\xBCH\xF7#'CZU�\xC4\xC8\xDC!e\xBA/*7Í‹&+6a\xCF�\xC2�\xF4 0\x87\xE7�\xD9�\xF9j\x97\xF5\xF7�\xC7\xF1\x80\x96\xE1&\xFB\xE3\xAE\xC9��\xE4D\xD0n\xE9\xE0_\xA2l\xCAu\xB9\xAB\xE3\xAD�\xA1g�n\xBC96�\xDF2\xE7#9\xBCñ\xC1\x9D5\xAE/\x86�\x82\xF2\xC5�E\xB3\xF3É B\xC7\xEAG?-\x97\xAFq\xD4
-�\xC6y\xF8�\xFA\xD1\xC3�\xC8c}\xD2�c\xDD\xC7c\xDEꎃn\xB6i\x83\xA3P\xE5\xC0\xC8\xE2\xC7�
-\xBE\xC0\xF5!\xDF\xF9\xF4�f\x9F\xF3f\x8B\xA3]\xBE\xFAc\xBF\xE3`\xB4\xDC�\xCF\xEDX\xFB%\xA30�j\xAC\xFE!L\xC5\xFD\x81o\xB8\xC74\xA4 \r66
-n4\x8A\xC0@\xA0o\xF2\xDD�\x97\x9C\x84�\x8D'�6\xB2OY�@o·\xC1�<
-\xF1\xF3\x98\xEFÂ’\xE3\xB4<�\xD4\xF8\x98\xB0
-\WiՅK\xAB\xC2s\xC2^Z\xDC!tx\xA1p]G\x84\x91\xAA\x9B4\xDFń�\xF9�<}\x90q/ g�\xEA\xD9y#xRL9�0\\xAEc\x95\xE4}\xEDX\xA4࡬ameT�
-\xDE\xE5h\xE56>\x86\x9B���,\xA68]>}\x8D\xF3\xBA\\xF0\xD6�c��\xB2"/n�&
-\xCB(AX\xE8\x85\xEE\xA9DAj\xA89\xA3\xC2\xE4\x87ӒX@\xD5$\x944\xA0Z\x86H%\xF9C\x8AbȀ\x8D1\xD3%\xF1\xA2Ÿ\xE8\xA3\xC4zw\x90\x9FA\xAA)$\xB8\xF2�\xCCQ\xE8}\xC5X\xA8\x9C�juL\xA8\xBD\xB7x\xB8��8l\x98<+�i \xF9\xE3R|?�\xB4�\xBF � E\xBFb\x82
-eà³”i�\x88h\xAA\xCEV\x84\x98\xDE\xE6\xEBmLQ�\xBC\xB4< \xF0\x98\xE9\x81C\xF1\xEE\xC7\xD8y\x9C\x87
-�V|v\x8A+�G\xBD\x82�\xBC\x9E\xE4\xEA\x8C9h\xE0�jÚ³\x82\xE5J�\xA6-\xB0G5q\xF5зʵE\xB8\xE8a�\x8B\x95+�\xC9jb\xDB{\x80rNFs\x85\xA89NKA\x9E�\xF2ß$\xCA.I<\xCD3 \xACC\xCEÔƒr\xC9g
-\xE6[\xE5\xF5�\xCC�\x9Dx\xD19Z�O+\x8CxY\xF0\xA9 \xFB\xBA� �*>\x94q�o\xB3\xC6\e��\xB3{\xA8Ǩ���A�\\x9E>\x88 %\xF8\x9C\xB5�\xB3\xBE\xAAT\xC1w
-\xF0~X�\xAA\x9Eg�>:\xE2\xAEw\xC1~\xE1�\xBF\xA1�U!\xC5\xF9K\x8Dp\xB1��\xB4n2\xA7=\xDA\xC8\xF9\xF2\xD2\xF2y\x89\xFB\xE8\xCE\xF0�\xDE\xD2C�kX5\xE4u"\x9C\xF7\xAE \x95�da\xAD\x93�몶\xE0ۓ\xF3~\x90iI,\x83d]8\xD35&\xF9f]m1.\xFA(\xC7\xCA\xCA4$\xE6\xE0\x9F\xBA\x9B\xEF\xD7V\xC5\xDB6\xC89m\xE52\x89 ?\xFC0�\xA2\x82 �\x84\xC4r\xC5�e\x85�\xC6\xC1\x97!\x8D,B\xDE�r9\x97q֣\xD2\xF1\xD1)\x8C\xA1C\xD8ж\xEB\xD7\xC4!\xB6\xC3(\xA6)\xA1\x94^\xC6\xC45��\xCE\xDEr.'\xB8�P\xC9IM\x{DE12};\xE1]�\x9B@\x9D\xDF/\xEB�F\xA4 �(\x9Bae<$y\xACX\x96��\xD2:\xABX�|\x89։\x9C -H�\xCE\xEB\x9B�\xABŸ\xE8\xA3�+\x96\xA2\x86h\xA5yw\xF3=�ֽ9\xB3'*!%'\xD2\xFB\x92\x93�\x9A\x8F=i��\xE0\xD0\xE0ė��\xAC\xFC�s��\x81\x9FA\xAD�\xF3.�\x82�yX�\xD6\xDCT\xF9�}!\xAC\xB9r\xCA}\xD1�z\xEC·\xA5\xBB\xA9v�\xA4\xBEƊ\x98\x9Ca}=a@ I\x926\x81\xC6N\x9BS8*\xE7O\xFBN\xD2_[v\xD7cOQ�'\xF9\x93\xCAm\xC0\x9E5\x81\xBDK6\xDF\xE1<T\x9789d\xD5>o\x90C�\xD5S\x8A\xEAe
-&5\xB0ÔœiQR\x92p�\xF5,\xF4
-F\xD9�\xE4 \x9CC\xA8�\x82�c\xBEC\xC4m1.\xFA('\xB29. Tّ\xE9[�#"�hU\xC2\xCDw$2b\xFC�\x91\x90>H
-\xEEs@\xA4\xEF\xB4LX\x84$�\x88lk��\xA9�\xBACx$p\x87�*��(9\xFF\x92�B\xA6ÇŒ�h j\x807�@�R�\xD7_}4\x95\xCE��Û¦\xF4\xAE\xAC\xDFL\�i�w\xADÜ“|�ü\xBF\x88\xF5\xD2�\x9C�\x8B�\xBB7X\xB7\xECÞ/\xC6Ü \x9Fs`\xB7#/\xFC�7\xB0\x89\x96
-\x83\xA1Q0Є\xBB\xF6\xCE&\xCDÃ…\xC0b\x9D\xBBn\xB0\x9BrL\x88\x9Cy\xFBM\xDF\xD28[\xCFc\xAF#D\x9C\xFC$&m\xF3Û/\xEF\xDB�\xAB\xEB5d\xC5&\xFA\xF2\xD8F\xE9{\x9D\x93~\xC9\xE07\xA9^Ce \xB4�\xC5\xC7#` \xB7\xA7\x87\xD0\xC68T9�\xD4m\xA7{\xA2\xCC\xEC\x85ש&/x4\xF9u\xAD.Pp\xD5*W=\xEC\xC9E\xE9|A\xBF,'I[g\x9CS/�\xE1\xD6Ș\xFA\x87R\xDC3�.s\x81 \xE6cwQr\xC3~\xCF \xE6O5\x9D\xB9\x90Di\xC3b\xD3\xD9t\xFDH�\xFA\x91Mu\x84\xF4`\xB3\xF8\x90\xDD\xFD\xD7\xDDft�CL]\x9B\xD9��\xEE\xC7\xE2�\x9F_\xF9(\xE7\xC0\x8A\xE3~\x95U\xF7\x8F\xFB\xF0\x8F\xEF\xE9\xDF~�^\xECM�BÞ…\x9E\xEF$\xED�\xEE\xF9\xF2\x87\xCA\xF8\xD8\xEC\x95:\x89\xDA< c"\xB1\xB3@\xB1QS\xAD,:\xDF \x85\xBEM�\xD3g\xAFÞ¼\xB9z\x8A\xE3:[�\xAB\xBC\xB9\xC3��n\xD9\xF8—\xB2�d^Gd\xF5\xBA\xCAWX\xB1\xB9\xD6먡\xE0~z\xB2\xD2\xF8\xDF�\x98dÚ…#ܬng8\xB8\xEE\xFD\x8B@�\xBF\xE8��\xFF\x8B\xC0�\xAFc\xF5Më€�I\xCC8��\xC9H; f\xFC_
-�\xE8��\x8Cp\xC5\xD8�j\xF2$\xCAs\xD1\xFDf�\xEF{Z\x8AFa�\xD6
-�g\x98 \xB2\xF6\xAD|�H矷ޑ\x88�\`p8\xAEv\xF9�Ç
-8\xC0\x8A��)~\x8A\xB2X\xA4\xC7f[\xC2}i\x881\xB0\xFCϲ\xC8�q\xBC\xEFCQ~\xF6\x81D\xC4\xDE#,\xB6\xA5 \x8CW\xE1\xA8\xD7�\xEF:\xF17\xB9ÓT\xAE\d\xC3\xDF�\\x8B�\xD9;\xDEnq�T\xE9�\x8E\xB2�X\xA9p\xBC\xCAÖ˜�\xB8I\xEE\x94\xC0泈=\xEFp��\x9D\xC8\xDC�\x99q\xA3r�]\xC0sHc\xFB\xFB\xF4\\xBC\xE9�\x81\x{D88FDE}\x9F0\xF6\xAB\x8F\xEF\xC2Ùµ\xFB�\xA1\xBB\xF9Öµ+\xDC\xCA*\xF3E=\xC6G\xF7~\xB7AT\x9Bp0\xC0\xA58m\xAAK3\xF7\xE6\x8Cs\x870\xB4\x80E�\xE4�"\x96;\x85-\xD4,m\x86\xE8\xA8\xEF;;\x80x`\x9Bn"=\x90\x80#Il\xFE)\xDD\xE5\x9B\xDE\xE1" \x850\xED\xBA\xD8�.\xB9{\xEEÓŠ4\xC4\xCFr\xE7~FA\xD7eN\xAA\xE7^`�\xEE\xEE~\x97\x89�2FL\xFF\xB4n Pi\xFC1'\xA4 \xC7զ܃N\xD5\xC3�$\x8D\xBF\xE3\xB4Ƥ:\xCFE\xCE\xFDד\x80\xDC@\x88)\xEB\xA7m \xF8\xE6\xFF\x88\xEA\xFE]L&D�ç\xFD\x88\xA0\x9A�\xC8u#QN\xDEÆŽ<W\xFCש1\xE9\xFF�\xEF\xFD\xCC\xE7endstream
-endobj
-1850 0 obj <<
-/Type /Page
-/Contents 1851 0 R
-/Resources 1849 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1828 0 R
-/Annots [ 1857 0 R ]
->> endobj
-1857 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [461.1985 109.336 510.2452 121.3956]
-/Subtype /Link
-/A << /S /GoTo /D (DNSSEC) >>
->> endobj
-1852 0 obj <<
-/D [1850 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-562 0 obj <<
-/D [1850 0 R /XYZ 85.0394 672.7429 null]
->> endobj
-1853 0 obj <<
-/D [1850 0 R /XYZ 85.0394 647.0238 null]
->> endobj
-566 0 obj <<
-/D [1850 0 R /XYZ 85.0394 551.2038 null]
->> endobj
-1854 0 obj <<
-/D [1850 0 R /XYZ 85.0394 519.7104 null]
->> endobj
-570 0 obj <<
-/D [1850 0 R /XYZ 85.0394 269.9108 null]
->> endobj
-1855 0 obj <<
-/D [1850 0 R /XYZ 85.0394 241.2269 null]
->> endobj
-574 0 obj <<
-/D [1850 0 R /XYZ 85.0394 160.3269 null]
->> endobj
-1856 0 obj <<
-/D [1850 0 R /XYZ 85.0394 128.8335 null]
->> endobj
-1849 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1860 0 obj <<
-/Length 3525
-/Filter /FlateDecode
->>
-stream
-xڽZ\xDDs\xE3\xB6�\xF7_\xA1\xB7\xD23'\x86 H�\xC8=9�;u\x9A\Z\xDB\xE9L\xE7r�\x94DY\x9C\xA3HE\xA4\xACs:\xF9߻\x8B]\x90�M\xF7\x94t\xA6\xA3�.A|,�\xFB\xF1ۅ\xC4,\x82\x9F\x98%:\xD4V\xDAYj\xE30\x89D2[n/\xA2\xD9#|\xFB\xEEBp\x9F\xB9\xEF4�\xF6\xFA\xE6\xE1\xE2\xAB�\x95\xCElh\xB5Գ\x87\xF5`.�Fƈ\xD9\xC3\xEAC\xA0C�^\xC2�Q\xF0\xEE\xA7\xF77\xB7\xDF\xFD|wu\x99\xC6\xC1\xC3\xEDO\xEF/\xE72\x89\x82\x9B\xDB�\xAE\x89\xFA\xEE\xEE\xEA\xC7�\xAF\xEE.\xE7\xC2$"x\xF7׫\xBF?\\xDF\xD1'\xCDs|s\xFB\xFE[j\xB1\xF4xeһ\xEB\x9B\xEB\xBB\xEB\xF7\xEF\xAE/?>|q\xFD\xD0\xEDe\xB8_�)\xDCȯ��>F\xB3�l\xFB\xFB\x8B(T\xD6$\xB3#\xBCD\xA1\xB0Vζ�q\xA2\xC2$Vʷ\x94�\xF7�\xFF\xE8&�|uC'\xE5'\xA2P*-'�(\xE5\x94 ��j%\x95�\xE0UYžT�|ʟ�\xA2~\x89\x92(\xABV\xF4\xB2\xAC\xF7\xFBKa\x82\xBC\xD9\xD5ժ\xA8�\xA9\xF9\xB7\xBA\xCA�\xE8(\xE8\xB5,\x9A6\xE7�E\x85R\x81\xB5\xC5`ma\x930\xB5\xA9�\x8Eq\xD5v\xC0�s\xB7(\xF5>\xE1\xD4 at g\x9Br\xE7\x8C�\xA0\xD9Wy\xBE\xF5+\xB55=\xF3ϰ<\x91\xD4\x{1511AC}ʼ\xE1=\xD5kz�7�\xF7\xDC\xF1\xB4U\x8B�\xCC\xE0\Av6U\xB3\xB9�\xA1M�\xE9\xD6v\xFB\x84�\xB1�\x9A\xEC\xF9R��\x80\xAE\xA8\xC8�\xF7Ŷ(\xB3}\xF9L_\xD7\xF5\x9E\x88\xCC ���(P\x9Dt\x80\x9E\x96N
-*-\xCD\xD9\xC21\xC6X\xEE\W\x9E\x83vS7\xF9x\xE9^v\xF0rh<�Nr\xF0|\xCA\xCAb\x95\xB5\xB9\x9F\x81\x89o\xDF\xDF\xFF\xED\xFA_,�\xA5C+\xB4=\x95\xCB\xDD]\x93\xB7( ���n�\x98E/ҿ4\xD4\xF2\xED=��v'\xF2X8��U\xD5ܴ\xE0\xF1\xC8_\xE8V\x8D`5�\xCBƩ[
-W\x98Ò©0J�{\xBEÔ„\xF6\xFA×´\xB0\xE9-\x9E=\xEC\xCF�ˬB€\xB6WmVTÔº=\x94m\xB1+sz\x83y\x89\x80Q\xFB"oÞ \xA8D\x90g\xCBM7\xB6\x81\x83f�\xB1\xACr\x96\xA5J38\xB9@\xDFU\xBDí–©\xB2m\xFE\x86d\x9D\xA6\xA1Ier*\xEA_\xA2He\x8F\xB8\x9E\x8A\x93`\xE7D\\xB7\xF5\xB2.\xB9)+�\xEB}\xD1n\xB6\xEE=�\x9C\xED*\xC9\xE7\x89\xC47Y\x93\xCFuL/tF;\xB6j\xD8M\xD6�uEßç“‘n\xD7J&�hI\x86^�\x98\xBF\xDFe\xCB\xDC\xF3\xD3f�OV\xF9\xB1,\x9C\xB9\xE0H\xE4\xC2�\xA5\xDB
-9\xECe\xB6\xDF�\xD9#\x9F81\xD1�\xF6�+L\xAF\xAF\xF0R<V5\xBD\xAF\xB8\xA1\xA2g\xEB5\x8E���d\xEF
-\x91M=\xEA���2\x94\x8F\x87=\xEF��\xB7\xD9\xF3\xA9\xF25\xBB\xB2`}<\xEC\xFCr-\xCF5P�xs\xBB�'4r\xA4\xB6_VI+"\xC9*I�ņ�\x82'Y��\xCEc\xC5^\x91\xA0\xA1\xADwD\x94\xF9S^� '\xE7V\x88O,D\x82_I#\xAF\xF5\xA8i\xAB�ı\x9E\xE0F\xCB�\xE6�Þ\xECi\xDA#è•“:\xF2A\x8F\xA7"?^Z�\xB0\xF5ß®\xA9\xB9`n\x8Bf\xC4>
-\xB7\xC1\xA2n7Բ+Y\x81\xDCf6p\x86\xE4ib�JiF\x9Ef\xE0\xC1d\x90\xADVE[<\xE5_\xA3�\xEE\xFD\x9C\x84\xB0\x80G\\x91S,2\xE9E&\xBD\xC8d/2y:sQmr0"\x9A@�\x8Bg\x9E\xA8\xE4θkbY�\x8BCK\xC4+\xEBK޳$\x91\xD1\xE0�k*\xF2\xDD'6B[f?\xED\x9C%\x8B\xDF\xE9s\xC6\xFAٟ\x80W\xC1n\xB4\xD3Ae ,\xF0\�\x90\xA4�\xD0�E\xA8\xF4�\x98�+\xA4\x9B\xEA~\xE0��#\xED\xB3\xED�x|\xA9J0\xADԡ2ʲ\xB6�g\xD20\xF7\xBF\xDDN\xA4B\x9D��Q\xD4;\xEE\xF4\x8BP\xF1S\xBE_\xD0kQ\xC1if%\xCE\xF2;\xB5\xACKpuD\xEE\xF6\xE4\xE5\xE8\xADsr\xF4
-#\xE6h\xF3\xF4\xF6vJ\x8A�\xE8\xDB\xFFaq\xF7\xF8�\x86\xE1Ç>f\x9EH\x81<\xDF\xEFo_9\xAE�\xB0]�%\xFDq\xC5\xE7�×·\xA4uE\xEF\xD6�\xB7�\xF1s\x83N\xF6\xA5\x99w\xE7h\xFE{d\x8D\x93\xA4sL�.&\xFC\x86 u�\xC5\xE3\xC0\x8A\xA6b�\xFA|\x9AZ@\xA7\xA1�\x8983t\xEB0V\xA9\x8F\xF3<\xB178�Lj�\xB1\xDC_\xBF#\xBAÉ—�8-\xB4\xE0\xD4P\x88\xA9\xEB\xB6AeSF+\xD0mU\xAC\xF1\xD3:gв\xCCi@\xC1S:{{\xC9\xFA\\xC2\xE9\x99\xD8ħ\xDA\xF6e)\xA9�a<�\xC1\xEA4\xF8|\xCAw\xA3\xD8\xE3#�\xA33<\xDAC�\xA8\xA1-\x96\xE0\x93�\x89\xBE\xE9\x9DD}h\xBB\x98\x95\xEF\x9F\xE0 :\x95X\x93�\xB6\xA3\xA8\xC8\xF1\xBF.\xC1"\xA8\xA5\xDE\xE5�!\xC1\xF3C\xAEC0l\xEE\xD9> k\xF7\x87\xDD�\xA0&\xAC�G �_�C\xF2\xCF\xD9�B$7\x93\xB7\xC2\xF6\x8C�\x88\xA4/E\x80��_ц��\xF0�.q��ÇŒ\xBB,\xEB-\xA3\x9Dm��\x91'&t�\x9F \xA3\xF8\x99�U�\xAB\x9C\xB9\xD9d\xBE[=\xE5�h\xF7O\xF5'�\x89~\xDE\xCD
-�\xA3#\x8CP\xD4@Ë\xB3\xF7\xF8?16\xB8\xC2V9�#\xF6;n
-\x84\x84H��\xC3I\xEAr\xD5\xCF\xE6�t ]SQ�\xA6q\x9C\x9Ci'64I<�q�W\xF5\xC1/\xBD\xC8\xE9p\x95ƌNJS7u\xA8\xB2���\xA5\x84SB|\xF6i\x82kÝ \x89 Å’�*\xAB\x9E\x89(\xEB\xEA1ß¿E\xD9K\x87 \xB0\xD1/�\xA4\x97/wG\xDD\xE5�\xE8q�9y\x92�\xFF\xBCA-\xBC\xBA\xFDa8
-SІ�\֫�O"\x81\xBC\xBC\xE3\x87֙8n\xC4\xF5Eu\xF0y�\xBC\x94盃{sGI�\x8A\x92X\xF5\xC3_�\x9BT\xE0\xFF\xADUgg&�<\xDADf¶=\xE2\xB4rX\x82\xC1/)$��+a\xA2Ԟ�\xEB\xED�\xBD\x84\x94\xC1\xA6>\xE6\xB87�+\xB7Ќ"\xE1cD\xEA\x98w\xF8�޺\xBC�h\x87B\xE09\xA5\xA6B�\x80\x99J\x9F�0\xA2\xA8\xD3\xE9\xE1~\xDD2\xB0d\xB6\xEA9\xE4e'xecGrI\xFA\xE5\xF8[\xAD�\x8C\x82T$d\x89\xA9�\xA3\x9CJ\xCA�V\xAEV\xF3\xC53ң�\x8F
-�\xA6O\xDDxU\xA0|Ö–\xAD\x9E2��\xE1d6\xAFBa\xD3t\x88\xBA'\xE4 J\xA20Ù£^l"8u\xD3\xD6}Å£\xCB�M\xE0�\xEE\x99\xF5A ��\xF8\xA1\xFDH2���\xEC\xF2XTY\xD9�$\xD1D:LRH at N\xECß¹_\xA9ã‹\\xBD\x99
-\xE1"\x94\xD6\xE8/oR\xCBD\x8F6 \xB3\xBB\xC8�Or6H9\xA1k8\xEA}�\x894\xC7/ho\xB6�\xBD7\xAE\xCA\xD1\xF5b\xEF\x8F�\x99\x83\x8E\x87\xFE�bVp\xDBR\xF3`ͬl\xEA\xE1ޖ5ğ\xDFr^\x96\xC3\xFDlnc\xB0\xA3X\x9EjL\x97�\x93�\x97\xA9O\x8D5{yhY\xE4y5̱Yv\xE0tu\x9F\x94/\xF3\xAC\xE1\xA9�
-E?�\xCA\xE1\xB2ϸ\xA9\xBA\x85
-�\xE7\xEB\xD2\xEA�\x8C\xB4\xE1Y\xB7 b\xB7\xC5o<M\x97\xB7\xA7 �\xB6\x8C\xFFƮ\xB0O#� \xF2I\xA0�\xA5\xD6޸�\x8Cԓ噫)#�\xA1R]q\xE6K.�\xF0fܕ\xB4\x86\x91KG\xBE&\xD3\xD0[F\x8F\xD2U\xFC\x90r%�ͻA\x82вk\xAA\xE9\xB9\xE0/\xCC�\xCAΤ\xA0
-\xB5�\x9B\xF6^�\xA9\xA2�<\xB3\xF5��\o\x81\xD0\xCA酉\xC2�\x80ߩ8\xC1\xAD"\\xF4
-\x99vI!"\x9FÎŒ\xA1\xD9)nÊŠ�ON?@\xFFVÔ*\x88Ù�\xE1\xEE]e�[\x8B-�<e\x84\x87\xB0\xCA�\xFF\x86\xB3\xF9��|\xDD\xE6\x80�W\xF4��\xB1\xAF\xCD\xF9!
-¸}\x9BO\x96i\
-�\xC5��\x92pd\xB9:\x8E-6LÈ\xAA\xBF\xF8\xA1h&�F\x88F\x80\|��$[S矄i\xA2|��\xBB\x8CM\xE2\xC3:̿ͳ\x8Ay\x99�\xB8i
-d�\x9F�\xACJ\xD2 e\x83\xF9\xB7�\xA7W\xB0hW
-\xC4\xE6̷\xED\x9E;\x99�\x86\x8A\x920\xB2\xC6L8�\x99�\x8E\x85\xAA\x82ɩ\x97\x82�\x87r\xBE9\xB4\x87\xBE\xEC\xE5\x9DS\x89~\xA2\xA1�.V\xA1�+\x9D\xBE\xD1D\xFC\x95R�֬d\xACY\xF8\xC1\x8D\x86\x88 |\xEDyF\xA7�\xAE\xA0��\xF2�\xBCH\x95\xB5�\x97�\xE2\xBD
-\x9B=�D\xA0\xDCB\xA7��^\xE1�\x82\xB5_�\xA4q�\xA9T\x9CN"\x884�\xA5\x92g;�!\xCD\xD4\xF9I8\xA8\xDD.\xCF\xF6
-\xBD4T\xA2�\xBAS3
-`\x94�$ܕ\xE2\xFEh>\x8A\xBB\xEA\xB3Iv\xC6T\xF8\xC2';e�\xF45ץ\x87\xE0X\xAA1c\xF5!\x83\xF3�\xA3�3\xDA\xDA\xC5�hD\xA7\x90\x97Ή\x81\xFE\xB0\x96Қ\xFD�\x83\xEAq$�\xB1\x9A*�\xDA4\x94\xE8\xCB\xFE\xA4u*\xF2A\xB8\xD0T�\x8D\xEDE\xC3,�7\xFC)kF\xDBbO
-M\x8C4 \x96h�Fʌ`\x89\xC3]VN��\x84�\xAB\xD4\xD9Y\x92\xEA\xFD\xD2 1\xB0\x92, \x9EΒ,d:\xFBK����C\xBBO�\xAC\xA4\xB2%q\xD4ٮ\xF5\xE9\xE0\xB6~\xA2!\xA2Ͼ_��BS\xC4�g�g\x81\xE94M\xCC@\xE5"X\x98E2r2\xD0\xD2A<\xA5S\xC8 \xF5\xA8V\xD1\xE1\xFA\x84\xF1,<\xA7\xE4�'!\xE4W\xE7\xBB\xD58\x8E\xEDT�c\xA9\xA6�O�X�\x9B\x9Dh/E\xE0�\xFE\xAB�eO\xF0\x83�u\xD2]�\xD6l2\xA3E�l\xCFJ\xDF\xE9k23
-\xA4�\xBByU
-\xF4n\x97\xDCR0_m\xF6)\xE7&�\x96\x80,\xEA\x8CE\xC3^\xDC\xFA\x9D\xD3K�\x9Fc\xBC\x9A\xB5\xA3\xDB�\xAC�.�\xC2;)Ç<\xF6c\xD8uw\xF3\x8E\x88$�b�\xBA\xF0z\xA8Í«\x8C\xAARx\xB7Fz\xB4Ì›\xE6\xD5+\xB2\xB9\xB0\xB2�
-\xF8\x82\xA0a\xE2`A\x9D�\xADÕ—\xB0;\xE4\x93Qwe\xE6\xCE�\xC30\xCEK\x80I8{t\x8FND\x82\xD5\xCF�\xFDÍ‹\xBF\xC5�N_\xA7<R*B\xA3\x93?g
-2\x8Aݑ\xE2\xEC\xEB\xBC]nr\xE6\xB3\xF5R\xE1�MG\xD3e$ه\x8CC!\x94=\xF55+�oK\xC2J\xDA�khڧ\x85 at pZ\xA81\xEE\xE4\x9F\xDF�\xEC\xA23\x876�\xDC�zu:\xA7\x8DG\xFD'�ѹ�\xD1\xEC\xF2e\xE1\<O\xE2\xECS\xBF�|\x94\xC4`\x98\x9A\xB3M4Q\xEAE\xA9�\xA1�\xE4D\xB7�\xD2 at l\xD0Z\xC8IH�u\x92�]\xEB�\\xA1v\x9B.Y\x8B\xB1\xC0\xE7\xF06\xEB=W$\x8Bј\xFE\xBE#kF6�\xA6\xE4{\xAD})&�\xD5A�\xE6��}\xAD\xDC[⤹\xDCt�\xAAd\xD4e_`fuQ1YW\xE8g!}ƌڕN\xA6\x80�8 \xD1�3^\xB5$\xD02\xD3\xE1�\xB6$\x9E\xBD\xE0嚜nN_+*\xA5*\x8445=�#E\x89\x94�Ey\�\xECc\xF9\xC9/V\xD3s\x9B\xB9R(2\xE2\xC1(i\x83\x88\xB1T\xAFG\xD7\xFF躰\x96H\xAE��\xA1]A\xF3\xC4uQ�\xB4\xA1.Y\xC9@`\xF5\xEC+\x91.a\x8E\xE5)f\xC5OTV\xEEK\xA7\xF2\xD44\xF0�]\xA2㞴ϯq\xA65}mj\xFERp��\xD0\xE0n\xFA\xBE
-\xC35\xB2(0\xA3B|c-\xE3�\xE1�\xB5@\x9C\xAE/\xB8r+\xD4+\xE7%t�&\x91\xFA�I\x89\xE9.j�\xE6\xC6\xFDC� \xB2�\xB7XM\xCFAU@(_�xK (x� ^tr\xC6M�v\x84\xC6\xE6}ylp\x97A\xFE��\xF3\xE6\xB4x~\xED\xC6\xDD[cop]\xDD\xEA\xB5\xDB\xFA?c\xA8\x94\xEBj\xFCw\xC1\xE7\x96+5\xD3AM\xA3\x81�uFAJ\xC9�A
-\xE7\xCDÖK\x8F\x90\xE45\xDD\xDD!R�_�s\xA2\x9C\x80+R\x84\xA2\x87+C�8\xC1\x83�\xA5\xECx�Æ–\xE4�e\x8A\xA30\x8E\xCE6~\x83�\xD3S7r\xDA\xF6\x85\xB3\xEE\x9F]s\x8F��x\xA9\xF1\xBD\xD6\xE0o_i�\xF0R\xE3\xFFÆ“\xF2\xFF�\xFCE[�}S;\xDCX\xEAc��\xBD�\xA4\xA6+\x96\x98N�\xDC\xFD�_\xF3`;\xA1$ �%\xA5>Z\xA6\x96]
-\x80H�\x94\xA0\xCD16a\xE4�_\xA8\xD1�\xC5\xCB?�\x8D\x82L_�\xBE\xF6W?\x95\x84\xF8\xFF\xBC\x89?\xE6E\xDD=\xEF\xFF\xFC7\xC0\xFE?\x92q\x8A \xA3\x9C\xFE\x87���\xAC�&a\xA6p\xDF6z\xC1\xB9\xFF\xBF\xE0K\xD6\xFF�\x94\x86\xFA}endstream
-endobj
-1859 0 obj <<
-/Type /Page
-/Contents 1860 0 R
-/Resources 1858 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1863 0 R
->> endobj
-1861 0 obj <<
-/D [1859 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-578 0 obj <<
-/D [1859 0 R /XYZ 56.6929 632.4244 null]
->> endobj
-1862 0 obj <<
-/D [1859 0 R /XYZ 56.6929 601.0274 null]
->> endobj
-582 0 obj <<
-/D [1859 0 R /XYZ 56.6929 519.984 null]
->> endobj
-1477 0 obj <<
-/D [1859 0 R /XYZ 56.6929 488.4276 null]
->> endobj
-1858 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1866 0 obj <<
-/Length 3826
-/Filter /FlateDecode
->>
-stream
-x�ko\xE3\xC6\xF1\xBB\x85\xBFU�N\xEC>\xF9@>]\x92\xBB\xD4E\xE3\xA4wn�4 �\xB4D\x9F\xD9H\xA4"Rvܢ\xFF\xBD\xF3\xDA�)\xAF\xCF�40�-\x87\xCB\xD9\xD9y\xCF\xEC\xEAs�\xFA\xBC\x{119C95};/*\x97y\xA5\xFD\xF9j{\xA6\xCE?»oδ\xCCY\x86I\xCB\xE9\xAC/\xAF\xCF\xFE\xF8\xD6�\xE7UV\xE5&?\xBF\xBE\x9D\xE0*3U\x96\xFA\xFCz\xFD\xC3\xE2\xAB?\xBD\xFE\xFE\xFAͻ\x8B\xA5\xF1j\x91g�K\x9F\xABŗ\x97W_3\xA4⟯\xBE\xBBz{\xF9\xCD\xDF޽\xBE(\xDC\xE2\xFA\xF2\xBB+�\xBF{\xF3\xF6ͻ7W_\xBD\xB9X\xEA\xD2k\xF8\xDE�\x86g>x{\xF9\x977<\xFA\xE6\xDD\xEBo\xBF}\xFD\xEE\xE2\xA7\xEB?\x9F\xBD\xB9\x8E{\x99\xEEW+\x8B�\xF9\xE5쇟\xD4\xF9�\xB6\xFD\xE73\x95٪\xF4\xE7�\xF0\xA02]U\xE6|{\xE6\xBCͼ\xB36 at 6g\xEF\xCF\xFE��N\xDEҧ)\xFEy[f\xBE4E\x82\x81F\xA7�\xE8\xAB,\xB7\xC6��\xBBz۬q�0\xD9L&[\x97)_\xC0�8\xA9\xEF6\x8F�K\xAB\x8AŶn\xBB�\xFE�|,�5C\x87\xB6\xFB\xB8i�\xB4\xAD\xBB\xFA#\xA0\xA4�?7\x8F2s]\x8F\xF5M=4_\xC0\xA3\xCD�\xAB\xBE�\x9A_�M7�f\xAD\xF5\xE2�\xC0\x8DY�\xBAM\xFBs#\xF4L\x89\xB7\xDAd^W\xB9P4\xEE�\xC3ج\x97\xB4\xC0S\xEA}\x9E9[T2\xF9U�\x9F\xCF\xF2\xAA02Ah^\xE2\xBC\xF3\xA5SeVh
-\xFC\xD4:\xAB\xBC74癕�\xC8\xC7\xE8""zd\xFD`\x8E\xE1\xE8\xA6\xE1ß¡�yP\xCB\xEFx'o\xC6~ǃMs\xDFl\xE4\xFB[^\xCBMi\xD6�\xB4\xA0t\xB2�I.�FÞ¦�PeE\xE1\xCB\xC8 B\xDA\xF5\xB2\xF4C;Þµ\x9D\x90\xC3?\xF7m\xF3pQ\x99E\xC6<0\xD6fy \x9A�\x96\x91YmK\xC2s\x89\xDFä¹�\x83\xD5a\xBF\xBF\xD0\xE5�\xE4È€v\xBB\xDB4\xDB�\x8D\x90zl\xFB�\x97.\xD4\xF1\x8B\xA8�\xF8\xC0ê£\xA0�\x82E\xA0\xC3\xD83z\x9A\xEF�\xB5\xC0\xEB\x80�t\x80&,o\xFB\xFD\xB6��\xFE\xDDw\x82\xE7G\xA5\xCC&\x90Zo6A\xD3g\Us9�]@Ú²\x9B\xB6K�\x87V:\xCBu�\xF4�\x9CF�*\xFC\x8F\xBB�\xF8c\x83h-x�@Â\xE3\xFE\xF0 \x{1C7FEB}\xBB\xBA\x83\xB5P\xF7\x8B<|\xA5d�ljzq\xD8��\x906/\xF4Z>G1\xF2\xA8\xEE�yb�H\xF6,\xC2H\xE4l{\xEBGЛv\x85F\xA9i!\\[!e`\xF8C\xBB\xD9\xF0\xE8\xA6�Ⱦ�G\xDA�<\x80�\xE8yT\xF3Ï¿\xFAþ\xAB\xE5�f\xFA\xAB�\xA7\x8D/2\xA3\xA3V>\xE1t\xF6\xAFn\x93\xE2\xB6\xF1`c\x959r\xDB\xE5vq}G\xBCE"XG\xF0�X\xDAoÅŒmi\xB2\xC2\xF9\xB0}\x8E�[\xDC�:'S.h�\xF8K|7U\xD0'��\xD5\xC11\xAA�\xFE�}\xDF\xF1\xCC \xD9\xF5\xC3\xD0\xDE\xC4y\xB7\xF0\xF9�\x93\xB3FG\x97�\x8BV\xBE\x90EJ\xD0\xC3AF`\xE3\xD3!
\xF5\xA7\xAE�>`\xD51Gω\x82r8\xBB%?t\xAA\xB7,3S\x96\x8B\xC3p ]\xE4\x87~�6\xCA\xC3h\xF50\xB6\x8A\x87��\xC8z@\x9E�\xBFxߣ\xB9V\xC5\xE2�T�\x9C\xD1>\xE18\x8D\xD5 \x8D|\xEA\x84R\xE1\xC3fe\xEE\xB4\xCC"{&\xCA P\xF0\xB0>\x8C=X,j">\xD2nq@�\xA6\xE9\xEAn\xD5�-\xB8\xE1~h\xC4+\xE5� \xD2\xF3\x9D\x8F�=:\x99 3\\xAB\xA8\x80\xCF�C\xC9��\xA0\xF9u׬H\xF8��\xFB m\x87\x91AěBD\x85\x80\x87~\xFF3���\xEB\x96\xD5l�>\x89C�0\xCDV\xE8d\xBCz\xDB\xEF�\xED]+\xEB\xF3\xECz腌z\xDB3\xAA\x8A\x8Dt\xC0\xED\x95>\xACV\xC5\xD5f\xB2e\xAD\x9D\xAF\xCD\xE1\xE4\xAE?l\xD6\xF3�So�jr\xA8���nM�J\xD0DŽDuY at B\x95\xEB\x97D\xAA\xB2\xAA\xB2!\xD2e\xB0m-R\x81�\xA1 +�\xB1\xA2\xE2X�\xDA
-\x81\x91\xF6\x97\xD0"\x97\x95�\x8C\x93\x91\xAD\xBB��qy_o\xDA5E\x8D\xC4\xF2`Ͷ\xACB\xF0\xEBw4\x8DV \x8E\xC3/GX\\xB2�\xE7SN\xBE�\xD5\xF1*xlÔ¾t0\xAF\xB4r\x9FH��d�\x85{Y\xF9\xB5wa\x96�&\xD0�u^\xCC�i\xEFÚ±\x85m\xFF\xBB\x91)\xF83\x8D\x92\xBA�Û€\xC1-iÙ‘\xA7�\xA6]\xE6*b�\xA4,=�\xFBÊ‘\x93G\xFBvn\xF1\xBEݶ\x9Bz?I\xB9\x94_\xB4(\xA8\xCA?#(\xAD\xABL\x9B\xBC\x98Kj\xD3\xF7?\xD7C\xBBnR\x82�=\xF1*?��PB\x82\x82\x95XP H�\xAA\xCCr\xA5?GP\xF6\x93\xF9\x9D\xB7Þ¾,\xA8\xCA�'\x82�\xBAN��4O�\xC5\xD1\xC5�H\x90\xB5\x9D�*\xC6\xC3\xC2L�y�r \x80\x92\xF8�\xC2�� �\xE8�y�\xBAX�y\xB0\xDE\xDCg\xED\xB0\xCA\xFA\xFD\xC7\xC4�@\xAF�o\xDD$�)<%j\xB8\xD2MO��,\x85a�]\x8ES&\xAC?!m\xBC\xC3\xE4 A\x94q \xE400\xFD\x86\xC3$\xBE\x99\xA8*3\xC1\xC2�G�\xF1�\xD8~\x9APE\x8F\xCENh\xC7\xFA\xB9j�\xF1Um\xF0Y\x87v#�*\xA5� mt9\xE64\xE6\xB3\U>\xCF~\xEBN\xDC%G\x86\x89\x8F\xEC!\xD2\xED\xDB\xF5\xBA�\xF8-�\xB8M� \xA8\x9D\xAB\x829`Ö‚\xE9\xCBRÒ…\x84x�\xBAD�\xC5�PF�Ý‚.\x81\xCA\xDB\xC2\xE3 |\x9Cw4�\x8BQ\xE3\xA12UJ\xB2s\xA2\xED=\xA4\xD5Í–\xF3m\xACC\xF7\xF5v[\xEF\xD3i-\xE6MJ\xB3��C.\xB8> \xE7Hh\xD6C\xA0\xF6'"\xFBa\xB5\xA9\x87\xE1'\x9E\xFF\x9FTD�\xEBX\xDD-W\x9B�(�\xC2<\xFA\xA9\xD7\xEB=H\xF6�\xCD\xF8\xB0\xA1\xE8\x8A\xF0\xFF~\x91\xCAZ�Ϻ�ƶ#\xCF\xFF\xFF#\xDB7\x90\xF1�\xED}\xB3\xE4"�\xE7?6Ç~\xFF\xA1\xEB\xF9\xF1\x8BÔ–~\x98\xB0\x87\xBD\xD6��ɲ\xEC\xA7\xD4r\xF2��\xF1\x87!\x88\xE5\xF4\x9Be\x92\xC1L\xFF\xA9" ~�\x9A\xE0\x94?j@\xFE\x92�|Ý \xEE\xA1m\xF6݉\xA2\xFFm /\!
x94\xD0\xC9�Õ¸N;\xFE*3\xA6
->\x88\x96O\xF8a�Ub��\xFAaJ\x99Tq\x9E\xAB5\xF8\xD9\xF5�\xCD\xFE\xF6@�.IJ�<��6!wG�&\xC483\xF4or\xEE\xDF\xE4\xE2\x9Ep\xB4i\xC69VRd\xFAzh\xF6\x98\xB1\xF2\xCBnx\x88c\xFE\xF9\xFA\xEA=�~94\x9CDA\xD5 \xB1�\x96\xBF\x95"R\xCA\x8C-\xC5I\xD9Ä
-N�\x9B]Óc^�\xF2\xBB\x87;\xC9B9�Ī�\xD39J�\xED\xE2r\x9C\xBF\xDC\xD5{�/��\xC6��\x87\xCBÌ\xF1mH'\xB9\x9C\x86\xC5\xE3r\xC3n\xD3
-.\xDE�š\xF1\xB0�Ę\xE4\xF7\x871\xA5\xE0w\xF5=\xA3\xA1\x9E�\xFF\xEE/`eћ\xEDa3\xB6\xBBM\xECW ;\x87,b\x9A\xE4vo\xEA\xD5]:\xA9\xB3\x95Ac|f\x9C\xAE\x9Ej\x8C\xD5�XK\xBALe\xA8\xE6\xEA�\xA0\xAC\xFA8\xA2\x8AI\x87
- b�BP
-\x86]\xBD�\xB8\xC43�I)\xAB\xA5\x94�\xC8\xD0P��\xA3\x9B\xC7\xD9:\xC3\xE1\x862\x93\xE9J\xE2\xE10\x82$\xE0\xB5h�\xF6\xCF\xF2�
-ᙘ\xD3�숨�)9\xA5\x83\xC2\xE6�\xB4\x9Dm��(\xE7\x82w\xED(\x93\x86\x9E-\x81b$<_~/�\x83�$��\x86P�MPǔ\xEDI\x99\xADML ć\x9E\xB6*m \xB6\xAB HB\xB1\x99\x95\xBE\xFA\x9C^\xA5\xC9*\xB2\xF6T\xA7r��.'�\xA9�9\xA3\xCEB\xB5\xE1+\xE3\xE2\xBA\xD1s\x9FR訮(\xF5\xEFFaD\xF8i
-\x9DÑ™\xCAA\xBES
-)\xF6$\xD49ÏŠB�\x9D\xEFo\x8Fr\xA1�\xAA\xEE�\x86TzZeE\xAE\x8E\x9D��\\xA2\\xC6d\xDES5\xF5D\xBB\x86t��L��@\xE0>P�t\x86\xE2 �H\xCBp0\x89\xB3�@5\xA3\xA9S5C at T3|xFÍ€\xD0\xD2Ç•\x9FU3�\xB9\x8D5\xE7V�Y\xA5\xEC\xEF\xA1g\x82q9E\x99R4Ȧ\xF2\xC9ŸP\xB4<+]Q\xFC~4F\x8C/\xD0�\x9E0+Qz3"\x9FÓµ�\xCBl=ѵ ��<\xABk\x90\x82\xE6ĕ_ÖµY6\x96l-\xEB*v\xA1Y\xE1\xF0\xD8\xC4WT\xF3[k\xB9ÑŒ\x83a׬Z\xF4\xE9\xDC\xE4\xF4\x8E+\x92T^\xAD1\x93\xD03"\x9FW\xFA\xDCe:\x8FYx�\x9B\xB43\xFD�Ñ”~\x8E\xF1\x85\xADU\xF8I�N\xEB\xE6\xB6>ld'T�\xC1/\xE1 m�H\xD8}\xE6�\xEAâ”5Õ‘\xC0\x8F\x89Y5�C\xF0\xE4\x83z\xE8\xFC.\xE6l\x95\xC4\xE3j�F\xB7\x92\x9E�\xF2\xF3\xFB�\x9E\xD4V!\xF2�e\xAC\x87_\xE4\x9EÍœU\xE6\x93\xDC�\xC5t\xCE\xFB\xDF½�?1\xD1�\xD5a\xA3\x9BA67\xD6É£�H\x90@\xB3\xD1\xC0f\xE9\xCAs�.�e&Í•\xBBv\x85�n\xEEBYy\x8F] \xD8��\x80/\xB6
-6\xB7\xDBaË\\x86\xC3{\xB6�\x80\x84Ðc\x923\xBC�\x9AM\xB3
-\xB00\xF1xH\xB2̽\x86t\x80\xA6J~\x82\x88’\xBCg�\xDD�1�K\x90))A.\xC3\xEE^\xAEk�\xDA��C9=\xF2)\xF2\xC0��e\x{2DA9EC1}\x87\x92O�\xF1\x9C
-`\xD2a\xE4%\xA6 È—\x87Q>\x8C\x951c�\xB6@\xA8b1\x88\xAF\xA4\x97�&M\x96%\xBB�Rg\xBB\x9C0�\xDBR\xD7�C\xAD_\xF0�К\xD2y|\xBC\xE5\xDFt\xBB\xAA*\xB3\xD2X\xFFbÕ‚\xBE\xF9$���o+\xBFC\xFB\xB1#\x81\x81PG�\xFDhL\x81#G9� b\xCE�\xE3 \xB3� ,\x80\xD1M3\x9D2\xF4\x9B{j\xED\xE1b\xDDq3\x84x\xD5wc\xF3\xEB�\xB7\xCA}���O\xA9�\xFB\x88\xE7\x87H\xE4>F\x8CY��6\xDB\xE8\xF9?QÙ"\xB0,\x94Zj\xD1ʯ\xA4�r0�\xC1\xA4̵\x9E\xD7�\xFF\xEC)g7\xCA\xC5��7\xA8\xEC\xF1\xCCA!\xD3�nF�\x90\x85}\xB9\xCC\xD4y\xEE�e&\xA0�>\xC3b\xA2ÌŠ\xAD\x8E\x96\a\x97\x89Ohp�\xB9Y\xE5&\xBA\xAA\ز\xB2QW\x95{\xB6m]B\xDE\xE6\x8A�\xC85\x99\xC6\xFA \xB6ä°\xF8\xE5#\xAF!�:\x86�p~\xDE\xE9\x93�.\x96$\xB9�'\x81\xB9\xE2p\x9F\x87\xD2����\xBE\xF8\xAA\x93\x91\xE6æ|Z\xC9!�\xA9\xC4ÖŸ-Ë“\x8AW\xBC\xDEq�M\xA7M\x8CD\x9C\x99�N \xF8�\x8EA@\xEC%u�]t�\xB4fE�7Q\x8E6\xBF\xD6X\xDDJw�l\xCBa\x9F�\xCF�q|\xD2\xCA@�\xD8\xC5\xC9\xEB\xA3�\xA9e8;\xD0�\x852\xB6H\xB8\xF4W\('+\xDAo\xE9�\xD5x+M��\xCC\xCBJ�{\xE0�\xE1��\xDB\xEE81Ý©\xD4\xDE\xCD\xDB\xE0\xC9\xFC�2EkL\xAA\x85bC�\xB51\x88ZiZZi\xD0\xE2\xE8x\x9Ao\xD36\xE6Ai\xCBx\xD9\xE1�n\xC0\xC7�,\xD2A\xE2qA�\xB4\xDB.\xE4>x\xC9\xC2\xE8\x93�\xF8n\xC7-\xF3*\x98#\x8C�\xE8d�GG�\xC8q�@Øi\xC9}\xE0L:\xD2\xE6c?\xB2J\x80M�\x83\xF3\x85�\xB3\xE3�l\xE7\x85 \xCB�`W�\xAC7\x87\x86\x87\xAD '὚\xB4�N\xE7u\xA96\xDF3\xF2\x85\xC2\xCFE�\xFF\x84x\x8B̤�W<�qA\x92\x95\xE3\xFB
-�\x87\x97Ê…�\x94�o\xCC\xE25\xA8\x80�\xD9\xC8
-�\x98rT\xCEJ\xD2��\xDC\xD5\xF7\xCD��?\xD0Ve\xEE,�!j\xE4\xDB\xF4v\x97\xDEB\xBDs\xDA\xF3\xF8\xAC\x882m\x8Dʽ\x97\xA19^:\x99��\xAFJ0\xC9bՔ3N\x8E
-\x9AU\xB3n\xE2QB/�?%\xA7\xC43G\x90Þ‰5X\xCD9\xF3Y\x86\xA9\xF4\x934!�\xB7�4f�n~A\xE6\xEF�\xDEc\x97\x87"\x8B?\xDEL\xC0�\xEA\xA9\xF3\xF0\xB8e �tX
-/H\xA3\xE7s[\xF9
-\xCAk\xB4\x9B\xBE\xBE\xBC\x9AO\x83�\x87-\xDD�A\xBCW\xFD(\xAB\x87 \x97KuB\x8Bu\xCB\xF0\xF9\xFD\x91\xE8\xED\x812�\xA4\xA2\xA7\xBB^)\xA3�'�~G|\xAC\%!/\xDB�\xE5�\xAFA\xC5l\xE5\xF2*\xF8\xEE:\x9C\xFF\xDC\xD52X\xF5\xDB]\xBBi\xD6\xCB £\xFA\xCAb\xA7\xFD\xC8\xF2x\xD6\xEC\xE9H\xEA\xD8O\x9E\�\xC1w]\xEA< *\xA1R\xA9\xCF\xF0\x8C\xCEU\xA9|�\xF02\xA9\xC1\xA1 \xB8\x86\xA2\xFD\xC8O\xE16�=\xD4\xFC3Ù•\x89\x8D\xFD\x98\x95{3i\xF2\xE1G�\x99\xF41\xDB\xC4U\xC3\xCB\xD9I%ifYb\xE5v\x92O\xAC\xE4:�\xDD\xD0�\x93\xAD+�Ä€\xA0Ë«\x8C�\xAF\xBB\xE45�\xE5\xF0t/0\xEBxvyz2몧'�\xB2\xC4\xCC\xEB\xE0\xF2}\xC7/\x88{4\xC0\xCBp\xF8F.\xC3!�C\xF2d\x92\x8E,>쥗\x85oÃ��G\xC9\xCBl<\xAA�7\xC9$\xA5.\xB2Ÿ\xD4\xED\x94�\x96r.�\xBFؤ\xE7�7\xF6T\xB8\xDEQN5\xB38F\xA8Wr\xB7\x85\x82e\xF9\x9C�Ò…��T}V\xECPU\x95:])U\xBC\xEF\xA3b\xC8-UÜ4 �\x99�\xA0\\xFC<\x8D\xA5J\xB1\xE1\x94r��ͯ\x906\xAD\xDA1Y\x9B*(𫪘�\xFC\xDF��\xC4\xD0'\x96��\xFB�\xB2
-E.*u���\xB5}A��v\xC9\xF2g��熮I.FQ\xC0\x98\exr\xDA\xEB?\xE7�,\xB5\xD5\xEC\xB9\xDB\xC1\xD6gx\xA57q\x97W\xC5\xE3\xC0\xFF\xFB\xE6\xF0\xF1Z\xB5+2H\xFD\xCD\xF1R\xF0\xFC\xA8�œ�\xA1
-Q\xB8\x85J\x9FR�\xAF�?%\xFD\xB7�\xEBpendstream
-endobj
-1865 0 obj <<
-/Type /Page
-/Contents 1866 0 R
-/Resources 1864 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1863 0 R
->> endobj
-1867 0 obj <<
-/D [1865 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-586 0 obj <<
-/D [1865 0 R /XYZ 85.0394 584.5645 null]
->> endobj
-1804 0 obj <<
-/D [1865 0 R /XYZ 85.0394 559.6651 null]
->> endobj
-590 0 obj <<
-/D [1865 0 R /XYZ 85.0394 429.8459 null]
->> endobj
-1868 0 obj <<
-/D [1865 0 R /XYZ 85.0394 399.1723 null]
->> endobj
-1864 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1871 0 obj <<
-/Length 1188
-/Filter /FlateDecode
->>
-stream
-xÚWKW\xDB8�\xDE\xE7W\xF8\xB0J��\xB2�\xBF\x86�\xA5\x81\xD23\xD0NȬ�N\x8E\xB1e\xD0Ô±\\xC9&\xA4\xA5\xFF}$K\xF2#�H:�/\xAC\xE7\xA7\xEF^\xDDOW\xB2�\xC8?\xCBp=\xE0\x85vh\xF8\xE1�\xB8\xD0r\x8Dx5\x82\xC6�\xEF;�Yj\x8C\xA9�\x99\xDDQ��\xA3\xC3S\xC77B�z\xB6g,\xD2�V `�X\xC6"\xB9�{\xC0��\x8E \xC7'_.O\xCF\xCF\xFE\x9E�O\xFC\xE9xq\xFE\xE5rb\xDA.�\x9F\x9E\xFF9\x93\xA5\xB3\xF9\xF1\xC5\xC5\xF1|bZ\x81k\x8DO>�]\xCC\xE6\xB2\xCBS��\xCE/?Ê–P\xFE^ \x9D\xCFNg\xF3\xD9\xE5\xC9lr\xB3\xF8<\x9A-�[\xBA\xF6Z\xD0�\x86|�]\xDF@#\xE1f�A\xE0\x84\x81k\xACy��+�mc5\x9A\xBA�p\xA7\x8E\xA3[\xB2\xD1\xD5\xE8\xAF�\xB0\xD3[O�\xF4\x9F�\x81\xEDx\xF6\x80�m{Èn�<\xC7vj�~Btb�c$
-\xC3L\xFE\xA3\\xFE\xD1c\xB4*2\xD5IR\xD5)\xE5\xA6\xC0q\x94\xC9
-+2\\xCA\xE2\xC7\xCB+ՆʪP\xB8�e\x85\xF2�%\xB2\xA1b8\xBF�\xDE\xE3�\xAD�G\x9Bo\xEE\xD4\xF5\x85m\x82\xDD�Fk5\xAAk\x89=�\x9E\xED\xBBj�+\xA3\xB2�gȱ\xD3.\xA2\xC9-\xE5\xF12\xF5�\xD3
-�\xF4\xA1\xDD"\x9B�\x84\xE3�\xCCi\xD1<\xCA�d\xFD\xA7 1���\x9E\xEB\xF2I��]WN:<\x94C�\xF7\xC2Q\xA2\xC4\xEEI\x95%\xB2\xBC\x8A\xCA\xF8^�IEeAc\xCBZ\x8E\xCA5\xA1\xDF�\xA8\x97\x80�\\x86r=݌3,,\xD1T\xEA�\xDF\xDF\xFA;�\x8Edï#
-\xC0m�-8\xED\xB1\xFBJ\xC9�N\x90\xACP�W\x94\xE1�Ue\x88>\xE0XUJ\xB2Er\x80\x95�\xED\xF1"y\xB6Ù²A:H\xADFr9n\x83\xD8�S\xE7e\xA6\x91Z\x88\x88X)Uc\xBBM"\xFAj\xD2\xF7\xAAK\xC5&\xE0�\x86\xA8\xE85~\x90�i3\xE3\xACJD\xDC\xC9\xF5\x92\x84"\xC6�\xEB\xE3\xF7wìž°\x92
-\x9A\xDA\xE2�t\x98\xBC�CÒ¡\6H\xC7�\xE3K�
-\x81\xA78\xDB�75/\x90\xDC�\xC89\xE6`\x8C\xFE�î´º\x9D[\x81\xD3\xD1�z|[�\xFD\xC0\xB8h\xA3>ʲ\x81`\xC9I\xD9\xD1�Rb\xB9Ý´\xDB\xF9\xCA\xEE��=`R\xB16��7\xE3e\xEDD\xF9\xE6�\xD1\xF4Cq\x8EÒŠ\xED\xA1�\x{DA1E}\xC1\xBBh"'{K\x82\x87iIq\jß½\xA7(b\x92\x97�\xCE�U�i+\xD7W\xB7�\x8Eu-\x8Ac.�|\xAB\xE3rH�֮°C��~\xD8\xE7\xF6\xBB\xC2\xD0;\xD1�\xC6�\xBE\xF5\x9A0\xBA\xAA\xA9\x93QÓœ\x8A\xC5]���\xBA\xCDe\xC3\xF6\xF9��6.�\xB9\xECJ\xE7�uÏ \xD1j�ÑT$\xB6\x9C\xE7`\xCB\xDE>ADi\x99G+U\xBD\x8E\xB3\x88\xB1\x9B\x9E\xC7T\xA8\xEC\xEF\xB1\xEBF\x9Bdm~\xAF�\xDD\xF4\xF5!O\xC1e\xAD\xA0e\x86YÙ¨\xA5\xFE\xDF�m\xF1sLS\x87\xF7\xEF\xC1�P-i\x94\xB3�\xD1w\x86\xAD\x8A$\xD2\xC9\xE5�\ \xE1Ì‚p\xA9(\xC7f$\xD6\xC7\xC2So�9v)\xC7.i\xA5#\xF9� p\xB3\x8F�\x8C\x98\xFCP\xC5i'q\xB1�\x96(̂вi��\xB5\x82\x8C\x91\xC0�^ n\x8C�\xF8\xBB\xE2\xD4?N]3�0\xC0\xDCZ\xA7\xE7:\x9E�\xE2o\xA6\x88zub\xFF�]\xB8\x8Eh\xFE\x94F8{\xC2w9\xA1\x88\xB7Y\xBD�_\xF3\x8CD\=\xBE+\xDC�gI�Ѥ\xB9\xD1, ]\x8AC\xFC\xCDØ\xF3Y\x91\xB6|dI\xB0\xEA�\x88`\xD8k\x90l\x9By\xD6\xCEl\xC5-\xE1\x8E\xE2r\xB3Ewg\xA3��e\xE2\xD6Þ–\x97\xA4(\x9B쵃\xD9\xED�-\xB2\x96\xCE+;,-�11\xDDL \xE5jl\xFDV\xF2C\xFE\x89F\xEB\xBD\xF6\xEF_~�o2\xF4\xDB\\xAC>\x97GS\xCD7�\xFE\xA1
-\xE2\xA5%+P\xBC\xC3\xEAÜ„u�6\xC2�\x91Y\x9FRLY\xB9\x97�
-�\xD1\xFE\xBD\xE6\xDD\xC5:\xF4\x8C\xE5\xA9R\xBC=��\x9D\xB0I\x93\xFF\xFB\x89۾\xFF\xA7>p\x82\xC0�~\xBD\xDA>���D\x91�.
-\xEDg\xCC\xF5[\xF89\xF5\xFF \x90,M\x88endstream
-endobj
-1870 0 obj <<
-/Type /Page
-/Contents 1871 0 R
-/Resources 1869 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1863 0 R
->> endobj
-1872 0 obj <<
-/D [1870 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-594 0 obj <<
-/D [1870 0 R /XYZ 56.6929 352.0993 null]
->> endobj
-1724 0 obj <<
-/D [1870 0 R /XYZ 56.6929 323.2794 null]
->> endobj
-1869 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1875 0 obj <<
-/Length 1168
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDX[S\xE36�~ϯ\xF0#\xE9\x8CT\xCBw�O,
-[v\xBA\xEC6M\x9FR&#l�T|[I��\xD9\xFF\xDE\xE3[\xE2$\x86\xB5\x81v:\x99\x8Ce\xD9\xFA\xF4\x9D\xE3s\xBE#\x89h:\xFC\x88\xE6\xD9X7}Ks}�\xDB:\xB1\xB5 �\xE9\xDA5<\xFB8"\xF5;\xA8y \xB5\xDF\xFA0�\xFD|f\xBA\x9A\x8F}\xC7p\xB4Y\xD4\xC2\xF2\xB0\xEEyD\x9B\x85\xF3\xA3\xD3_O\xBE\xCE&\xD312l\xFD\xC8\xC1cd;\xFAч\xF3\x8B_\xAA�\xBF\xBA\x9C~\xB98;\xFF\xF8\xE7\xF4d\xECZG\xB3\xF3/�U\xF7tr6\x99N.N'cD<\x9B\xC0x\xA3Fxf\xC0\xD9\xF9o\x93\xAA\xF5qz\xF2\xF9\xF3\xC9t|9\xFB4\x9A\xCC6\xB6\xB4\xED%\xBAY�\xF2m4\xBFԵ�\xCC\xFE4ұ\xE9{\xB6v�7:&\xBEoh\xC9ȲMl[\xA6\xD9\xF4ģ?F\xBFo [Oˡ]\xFE\xB3M�۞\xE1v8\xD0"-��\xDDþ廚k\xFB\xD81
-\xB3\xF4\xE0|\x8C�]?\xE2�\x91 at WT\xB2\xEAV*\xC1\xD3\xEB\xAA}\].�caFD�\xF6m\xDB8��\x89,A!\x8F"&X�0Y=Z1\xB9\xC8\xC4"\xCD\xFA¨$G�\x8F{�!m\x84\x84\xF2T\xC1�\xEDٳa\xD1ۤ\x84>T qv\x8D$\xAC\x81\xD2er\xC5\xC4 �%h*\xC1)\x88\x871C\xD9R\xF5E"\xCF")\x9E�B\xDA\xE1\x94f\x8AG\xABN\xBF\xAC\xAB�{\xC8c�p\xB5әP\xA9`\xEA,\x8DW�\xA7B!\x8Bi=H\xB2 KC\xD9\xDB\xEC�AeHftxD\xE5˫[\xB6:t\xD3s\xED\x81q_\xB3\x93\xD9R�u\x80\xFC\xA5\xDB:�
-C\xD1\xF8\xAF \x8E\x8BM\xD7 \x99#صL\xAB\x84\xF9\xA9|dc\xDFum\xAD\xD5� \xA4�<\xCF3Q�\x9E/\x8A\x9B\xCB�v\x88\xB8&6-\xDFɇ�Kt紉:\x87DA\xC4L\x98\xBF&j\xEF�u\xB4V\xFFp\xA2>\xC1F)V�\xEE|\xCCR\x86\xA4\xA2\x8AK\xC5�\xF9\xDAԕ\xFC�\xDDј\x87\\xAD�\xE8��pw\xF8\xAD\xE7\xD5\xCDe\xEFX,p\xE1\x9FB\x84\xA04��\x85�\x98~m\x94\xE2J\xD5R\xBC�\x94Z\xE5\xECU\xC2�RE_-\xFC H\xAD`��pS\x8AҫE\xF25 �\xAB\xB7\xF2x��\x88
-\x94@\xC1�\x95\x89Zvr\xAAn�)MX�#\xE8�\x84.L%\xA8d\xDD�\xC7\xD9\xFD\xBA\xA9j\xEB,\x8Az\x90xd"\x83 -��)�\xFF8\x8D\x90ab\xBFX\xAF\xEC\xA0}?n\xE6h��\xBDE\x8En\xB3\xB54\xACN\xA7 \xA6R\xD6\xD9\xF4T�\xED\x84\xDD�\xAA\x8C\xE9�;~\xC9�\x85\xF5\xA8]\xAF\x9E\xEA�\xA0YL\xCAEBUp\xB3\x88A.\xAA\xFE\xEF=\xBCS\x81~[2\xF1\xAF`B\x81|�l\x87\xFDM\xD5g\xB6\xCB�2\x9F\xA1(�\xF7T\x84\x9B\xA4�\xFC�9\xB8a\xC1-\xBA\x95\xB7\xBD\xCA\xF6\xAE&\x95)\xD0PL at k\xB75kw\xA1\xB7\xB3D\x81\x98�\xD2 \x88\x9B\xB7I�\xBA\xF5dp)\xB2�\xF8n\x978C\x96�5�\xFCAϋ��O\xAB\xF6\x802\xB6\xE3\x84R\x88\x82\xBC\x91\xC6\xE1!
\x8Ch,\xB3\xAE\xEC\x81\xFA\xBC-\xFA/\xD4\xED�\xD93\xB1\xE39F\xF7r\xBD'Ny\xC1�7\x8C;� \xEDͳ\xE3\x88*\x90
-\xA5\x91\xDB0\x80\xA0M\xD7�\xE5\xF1�\xBEw&\xD8v%\xD2\xE7[q�/\xF3v{\x91\xE5\x8A7\xA9\xDB�\xE1
-;\x94b�]�/R�\xD2kk\x92b�j-\xE8\xFD S\xFE\x86U]\xDA,o\x86Vo(x\xF5\xF8\xD6�\xA7h-d΂�\xD6\xD4ê±µ\xA1ÈuÄ…T\x83\xAC\xA8q\x98\x90;\x91\xFA\xFE\x81\xF6\xC2\xC6s\xC8"\x88\xFC_v\xBFÆ»\xED~;\xA2T\xFE\xC0\xE3O\x87\xAA\�kÕ‹\xF5\xEE�,7�\xB6\x8D-\xE2\xEEkJ\xC7$]\x96n\xB6sи\xDC\xEA\xFC\x8Ees\x88\x81n\x99ÙŸ\x9B\xFC�[\xFE\xA6J=�\xD4u\x82d�O\xD3\xEC:\xEF\x81=\xE9\x9BO\x97\xB6Go�lN=\xCF\xD8���F\xEB\xE0\xC8\xD4�\xEC�\xBEÛ*\x8C\xF5\xCD}\xE6\x9Bc\xA8C\xEA\xFF \xE8/F�endstream
-endobj
-1874 0 obj <<
-/Type /Page
-/Contents 1875 0 R
-/Resources 1873 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1863 0 R
->> endobj
-1876 0 obj <<
-/D [1874 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1873 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1879 0 obj <<
-/Length 1087
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDX]o\xE28�}\xE7W\xE4�V\xB2\xEB\x8F8\x8EէN\x97v;\xDAavY\xE6\x89A(�\xD3F��&6\xD32C\xFF\xFB:�@hM \xD0\xD1H\xAB�Bq\xEC\xF8\xF8\xDC\xE3{m_c�\x99�v\x98�=A\x84Å��\xC2\xCC�M�ȹ3m\xD7
-\~�V�\x81\xEAW\xEFz\x8D\xB3+\xCA��\x85G<\xA77\xA9`\xF9�\xF9>vz\xE3~Óƒ�\xB6��j^~\xEC\\xDD\\xEA^\xB4\xB8\xDB\xEC\xDD|\xEC\xB4 a\xA8yu\xF3g\xBB(]w/>|\xB8\xE8\xB6 \xF6�n^\xFEq\xF1W\xAF\xDD-\x9A\xBC�\xE3\xDDM\xE7\xF7\xA2F�\x8F�\xA0\xDD\xF6U\xBB\xDB\xEE\\xB6[\x83\xDE\xFBF\xBB\xB7\xB6\xA5j/F43\xE4k\xA3?@\xCEؘ\xFD\xBE\x81 �>s�\xCC�\x82X�\xE2L�.\xA3\x90\xB9\x94\xAEj\xA2\xC6?\x8D\xBF×€\x95Ö¼\xABU?\x8C \xA1�\xB1�\xE8⊀>\x82�2P\x9C \xE8QBs�\xFB-\xE0!Ôœ�\x8F@\xA7A\xAC&2�\xE18\x92 \x99\xEB\xA2)\x9EOoeZ\x94Ï‹\xC7 \xB3\xDB��0\x86\x821\xB2�I\x87S \xC2\xF8\x8D\x80�\xA0\x84\xABHq\xA2\xC3É¢(/\xA4�&\xE90N\x8A\xD7eñ³(�\x85z\xABr�(m\x86N\xE2hQ\x9Bt1��\xCB((;)9J\xE2\xB1:�A'@%\xC13\xCE5l\x9D\xCDo\xBF\xC8\xC5K\x99v\x95\x95N\xC3\xF8\xAE6\xBB\xF5\x84\xA8d\x9E\x8EdQ\xF9�1�\xCE\xDCa0�\xA7+�3�\xCC�\xA4\x843\x83�\xB9KY�\xF4[\xDEÄ \xE0\xDCs*\xF5���\x9D\xFB\xB3$-g"\x9C
-\xB3\x97\x81\x85_�Æ\x9ANux\x82o^\x95\xAA\xF7\x92\xAA\xE0\x90\x98\xE8(\xA9\xBA;\xA8\xBA\xC7Q%\x88\x9A�\xE5\xC2:cA\xA4\xC1A\xB2V\xD0~\x82\xAC� H0cVY-\\xF7JK�\x86\x98#\xAF>Ýœ�\xE7\x90#\xDF{F\xA3\xA6k\xB8�\xBATxV\xBD\xE7J\x82\x9D\x9A\xEF 5[\xA4ÖŠ�\x8FCʉ\xBBK�vZ$p
-\xA9+\xC4~\x96\xFB\xE3`�T?!�\xB0\xC0\x90\xF8\x84[\xE7\xE5{�K\xA0t\xA0C\xA5Ñ\xB2.\xD75fe�\xE8\xE06P\xF2\xA8\xE5m�\xC6 \x95\x93T\xAA\xFB|\xCB9j\xBB\xC96\xAEc@,Lt\xBA8�"\xE7q(Ķ)\xF3H\x87\xA0\xD8�\x8F\x9D\x90\xEF2M@\x9Cog@\xEBh?� �
-\x9C\xAF\xC5�\xB4\xA7\xF3\xD5�\xAB\xE6\xAC6s\x9A\x8D\xFB�\xE3`eh��J\x95^\xF8\xA3X\x88l\xB0z1+{܇\xB1>\xB7i1 #\xAB7\xBD\xE2\x832\x92wƑ\x93\xB8rz8\\xB9ѽ�}�\x99Mj�\xB5�A�/'A�-û8I\xE5&�׈\xF9\xE3\xEC\xACxv\x9220o\xA6\xB3HNe\xAC\xE5�Zu\xC6V\x9D\xDDSu\xC6\xCFtVz~\xFB\x9AxA�%�\xE0\xEB\\xA6\x8B�jQo\x96*\xA9\xD4p�\xE8\xD1\xFD02\xABDQ\xFFTC\xC9
-\xA6\x99\x91S`\xF1[L\xD0+\x9E��\xD1|V-�\x93Y\xE6H\xF5�\x8E\xF6\xBD-\xD3v9}\x8DU'[,\xB2\xEE`\x92\xA4FÕ2Z>\xEAe�<�\xA4\x88�1\x8A\x8E7(\x99U\xCBI\x98*\xBD��[pd\xAA\xB6\xA6\xBF\xBFÞµ6[\xE1\xBE\xDD�B\xB8�jO\xB5eQ{�\xF8\xB11s\xAB[\xC5/\x97Û„\xF3M\x9B1\xE8bN\xF6\x9F\x95l\xF2\xAC\xD3�S�\xAC\xC7\xDF�\xB6oL\xB6��v\x8C\xBD+\xAB|\xB3\\xB0>\xD0\xFF\xE9ѯH\x8Flgx|\xD0�\x9E0Ȉ\xA0u\xF3\x90\xFFr\xCETWo\x9FB\xCF\xF7\xC8qz\xBB�\xBA\x9E=\x8E\xDF,e:\xFE\x8C\x8F\xD1�\xDFv\xBBGÍ’G\xA9\xED.\xCE\xFC\xCB�O\xBE\xF9\xDB\\x8B\xBA&w\xF4}\xB2\xBE\xD4#\xA4r\xA9G\xB8�]߀\x94\xA42C\x85\xFB\x82\xF9\xEA\x8A\xF0%\xF5�\xB8\xB0\x94\xD9endstream
-endobj
-1878 0 obj <<
-/Type /Page
-/Contents 1879 0 R
-/Resources 1877 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1863 0 R
->> endobj
-1880 0 obj <<
-/D [1878 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1877 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1883 0 obj <<
-/Length 1994
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�\xCBr\xDB8\xF2\xAE\xAFБ\xAA
-�<\xF8,\x9F\x9C\x8C\x9D\xF1\xD4Ä™u\x94\xCB:.�%\x82�w)RCRV4\xBB\xF3\xEFÛ�(É¡3\xC9\xF8\xB2\xA5��\x8DFw\xA3ß\x98r\xF8\x89i�2\xAE\xD2`�\xA7��\xB9�\xA7\xCB\xF5\x84O�`\xEF\xDDDX�\xDF�\xF9\xC7To\xE6\x93×—*\x9E\xA6,\x8Dd4\x9D�G\xBC�Æ“DL\xE7\xF9\xAD\xF7\xF6\xE7\xF3\xDF\xE6�73_\x86Ü‹\xD8\xCC�#î½¹\xBA\xFE\x890)}\xDE~\xB8\xBE\xBCz\xF7\xE9\xE6|��\xDE\xFC\xEA\xC35\xA1o../n.\xAE\xDF^\xCC|\x91\x84�\xCEK\xCB\xE1\x99�\x97W\xBF^�\xF4\xEE\xE6\xFC\xFD\xFB\xF3\x9B\xD9\xDD\xFC\x97\xC9\xC5|\xB8\xCB\xF1}�Wx\x91\xDF'\xB7w|\x9Aõ\x99p\xA6\xD2$\x9C\xEE`\xC1\x99HS9]O\x82P\xB10P\xCAa\xAA\xC9\xC7\xC9?�\x86G\xBB\xE6\xE8\x98\xFDB\x95\xB00\x91\xF1\x88��qd@\xC1�\x96�i<\x8DÔEJ*c\xC1Û™�qî³/~\xAB\x8BVw+\xBF/ך\xB0\xF5v\xBD\xD0-\xC1g\xF4\xB9\xC3;\x83`_�\x96\x86\xA1<aR\xD6\xC0\xA4o\xF7/`a\xF4\xF8Q�\xE2\x84Ŷ\xEAK\x9Du\xBD;\xB4\xD7\xDD}\xD3\xDE\xD7\xCD��_*\x96\xA2\xAFN\xB4\xF9\xF3\xCC pÛˆ\xFD\xA3\xA9\xADJ�\xDD×™\xD3\xF0vYe]wG\x8B\xFF\x98\xA3\xA3l\xFB\xFDÆž\xE8\xFA\xAC/\x97~\xD7o�g\xDF0GVU\xCD\xCE\xFF}\xABÛ½cN\xF8<�Wu\xF7\xEB\xAC_\xAE\xEB \xFF\xE7wا\xD3\xED\xA3n}\xCBBw'\x8C-M\xB9\xB9\xC7\xFD�{1\xC6�\xF3oÉ’#\xB2\xD0R\xA3rp\xE3\xA0\xFD�0F�\xF8ƈ�ر\xFBq?\x8BQ?�/\xF5\xB3x\xE2\xE7\xA2iwY\x9B\xCBÇ–\x84�\x9FyÈ›\xBA\xDA\xFF\xB7(Û®\x87\x95\xF8\xEEÔ±|t\xFB\xD7�\xBD\xDD4m?\xE0qq\xF7w\}�V\xB9\xAE\xF4�\xF8\xA3\xA9}\xBC\xC0\xFFm\xE6=\xD1\xF3\xEC/uy})\xC5t@�\xA8��P.\xE9\xF6\xD84d��\x84[\xE5\xA8A|\x84\xD0\xD4k]\xF7\xB4\xFCI\xE6\\xD6%\x8A%LV\xE7�|\xEA\xB2�=\xC89\x94k\xB4@ �[\xA8#9LXI\xFF�$\xCDg)\xD8y�\xF9\xF5\xA4� \xC1��*\x9A\xAA8aQ\x92$\xDFÕŽ84\x9C4<\xEDF\xEB\x90S\xE3(\xB7\x9E\x95O\xE78\xB0\xB2\xA0s\xC7)+\xB8\x92\xAF€\xC5q�<\xD3\xEA��Æ‚�\xAB�\x84HN\xEE\xB4-\x81L-\x8F\xC8c\xE0%\xD2�d \xD9|\x85\x96M]\xF1"x\x95AV\xC9$\xF52Z\xBB\xF6\x82\xF0\xB2\xD9\xEC j
-"\xEA�\x8B<\xEB\xED�\xC8N�\x86=�,\xC8\xD3\xC4�\xA0veU�\xB4\xD0c\x99\x9E-*\xEB\xF5\xBE\xA1ï¦\x89\xC4k�\xCB\xDCnd\xDB~Õ´%V\xC6G\x87\xAA\xBB\x9D\xA9
-\xB8 = ({\xF64bB�f�\xD3c۾\xCC_��"\x8D`\xB6\x93"�H\xFD�K{\xE2\xD9��*\x85\xB9'|6� c\xE2�\xA2�\x80\x80\xA7\xA91`We\x8Fz,��\x8B\x95\xB0�p\x8E^\x89-\xAD�\x9D\xAB�\xAF\xEC�\x93\xD1\xC7X_o\xAAr\x99\xD1>E\xC0\xB0?\x84\x89e�e5\x90҄\xD8\xD7�/y\xCA\xE2 �\xAC�t\xB6�\xD1V\xC5,\x96N[j\x9FF\xE1\x8D^\x96\xBE\xADgÂ�|x�?X\x84\xB4 \x84س��Tn \xB1n\xE86\xB4\xBA\xFA\x8DvM\xD3 at 4\x8D
-\xE6da�\xB8\xCB��\xE5\x8A%\xE8WY\xEF +\xC4��pK\xA8\xBCc\xC1\xDDg\xCB\xDE10\xD1�y\xDB
-$\x90=V\xD2f\xE4\xD2mP$rR��+Ž\xF7\xD6z\x86\xC0\xDA�(\xA0\xF8cUv\xAC\xB2\x9A\xD0Y\xD55c\xBD
-\xD2\xD0W`Z;\xC0 \x88B\xCD�\xA4\xB6�&\x83\xA7��eu\xA0�x\xC8{\xB3'\\xAE\x8B�\xA6\xD2W\xE4\xFD\xBE\x85\x8C,\x86�\x993\xBB2�\x93\x8Ff~Ay\xBE�uc\xE1Q\xFB\x96\xB1\xF4BE�\xD3V\xE0K\xA6 \xC0:\xE4�C�D\xAEL\xE0�\x9E\xAE�'�\x96p\xB9\xCA\xEA�\x9Dӂ\xAA� \x99)D at vp,`�\xFB1\xDDL\xDC�\xFB\xB2~\x80;��ƾ
-B\xAB$"\xDC \x8F؅.\x868\xC3=\xA30n\x90\x8F�e,���A\xC3\xEF8�\xC1\x86*\xA2\xA05\xB45\xD1fc\xDE\xDBhs\xCE�
-y�x\x8B\xAC3\xA6 0+z\x87\xB5��ذ?\x91\x89��\xBE<\x87\xC2
-\x91�\x99\xEE\x9Ax`\xE3\xF4\xE8\xF8\xA1\xC5<5\x92\xB1\xBB��\x85\x9A\x81Lp \x88�\x93\x8A\x88ٕ\xFD\x8A\xA0\xA7\xAA#n\xFE\xF1\xEA�A\xFF\xD6{T+\xE4\xA9wUX\xB6\xC4�3\xBC\xB2\xDC\xF0\x9E\xF85\xFE1\xA9\x9F\xBF�M<\xB8\xD7�;\xAAu� 'uM\x85\xCAv&\xDCZX\x92�4\x99~8\xD88�F(@\x83"x��h\xBAƱ�\xAA\xAA�\x95ݘ\xFBld\xA2\xC7EHMRqiu\xAB�\xC8�\x8B9$�\xAE\xAC�
-: l��\xBE�}�\xBB��\xE11\xD1\xF6X\x9F\xA3�f2w\xAAp\xA7F\xEC\xE6\xD8K.\xA8/�\xBC\x96\xCD�\xAALnt\x97�\x92\xB1\xAC\x97\x8E\xB0\xA7oS�\xE3\xE1�\xF0\x8F\xCE;B�\xA1\x8A0j\xB4\xDD��\xCD�\x80\x85\xF7Һ�-\xA05\xD4J\xDB\xE5\xB1\xFD�\xA9W�\xE3
-B\x98\x90;�N�M\xE5�\x82�\xB0ݕy\xBF\xC2 �ܻn�\x85\xAB\xE1nb \xE2\x8A*Ճ\xA5\xA0\xAC�\xF5�\xBEbJ4\xB8\xABH0\x87ypߎP&y�\xB3\xDA\xD66\xCBr\xB7SX\xDAU\xB3\xED@\xB7\x8E^@\x87-a\xA2\xA6#\xAA\x8D\xF1\xE0P\xEC\xF0\xCF�,\xB1\xF8\xAA\xE9i\xE3i`I[թ�(\x9B\xC0\xD2\xDBv\x9A��\xAD\xFB]\xE3W�\xB2�a\xA1\xFC\x9B\xEA\x86[\xDDr\xA5ז\xDA�Sr�\xFC\x95
-\xD3/�\xA5\xE4%�)O�u[\xB6\xDET\xFA\xD5a\xBA\x84r=\x8C�G��h�\x97\xB8*\x9FX\xB9f at 8�~B\xC1�x:\xD8�A12�\x84\xE5\xC84�%,��馎\xF2aÕ“\x94M\x95-\xB5\xEB�\xDA\xCE�\x92\xB3 \x94OÞ»6\x93\xA1.Cs奔⪬Ma (\xA3Ï\x91H
-=�2xD\xFB at 2�\xCBp\xD0\xFE\xF5\xB7/\x90\xC4�\xAALd\xC9w+m\xFB\xCBל\x95 \xC6Ap`<\xC2M
-�\xCFDg��@h���\xAF\xF8\xD4u\xFFښ@\x82\xEAD�� o\xD8�\xD8]C at 5\x83\xC4\xED\xED@�k\x93\xC7\xC7l �\x84\xA1\xC3\xF0�\x90\x984z\xDF8f
-\x84;\xF4��\x87\xB0\xEC\xF6\x90\xCD\xEBg\xE2{\x95\xB9\xE1\xFF\xD1\xFCu\x84PW5\xBB\xCA\xC2eA\xDF}\xB3\xB5ïˆ\xCDv|]rN0y\xCBV�\xF2\xA5+.\xC8�TqÏ‘\xBC\xB4\x85\xAFo@\x9C\x80\x92\xC7L\xE6\x8E?0\x8E'\xF7\x97\xBD��|�\xC7�_�<`"\x94\xC1\xD8_\xA4|x\xBE\xBF\xF8�\xD9ÿ\xD50`\xC3\xEC'\x87\xD7\xC7\xE9\x84\xCE#\x96\xC84\x86\xB7�C^\xE8\x954\xFC\xCA�\xEE\x9F[Ku\xA4\xFA\xFF v\xF6\xE2\xA7endstream
-endobj
-1882 0 obj <<
-/Type /Page
-/Contents 1883 0 R
-/Resources 1881 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1863 0 R
->> endobj
-1884 0 obj <<
-/D [1882 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-598 0 obj <<
-/D [1882 0 R /XYZ 85.0394 445.5677 null]
->> endobj
-1885 0 obj <<
-/D [1882 0 R /XYZ 85.0394 415.4538 null]
->> endobj
-602 0 obj <<
-/D [1882 0 R /XYZ 85.0394 415.4538 null]
->> endobj
-1886 0 obj <<
-/D [1882 0 R /XYZ 85.0394 391.0424 null]
->> endobj
-1887 0 obj <<
-/D [1882 0 R /XYZ 85.0394 391.0424 null]
->> endobj
-1888 0 obj <<
-/D [1882 0 R /XYZ 85.0394 379.0873 null]
->> endobj
-1881 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F21 938 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1891 0 obj <<
-/Length 3279
-/Filter /FlateDecode
->>
-stream
-xÚ¥�\xCBr\xDBF\xF2\xAE\xAF\xE0�\xAA2\xE1\xC1`0 vO\x8A-%Nm\x94]Y\xB9l\x92\xC3��ElH\x80!@\xC9Ú¯\xDF~\xCD�$AW\xB6l\x95�\x8D\x9E\x9EW\xBF\xBB\xC1d\xA6\xE0/\x99e6\xB6\xA5.gyi\xE2L%Ù¬\xDA\\xA9\xD93\x8C}\x95�\xCD\xDC�\xCD\xC7T\xDF=^\xBD\xBFK\xF3Y�\x97V\xDB\xD9\xE3r\xB4V�\xAB\xA2Hf\x8F\x8B_#�\xEB\xF8�VPч\x9F\xEF\xEF>}\xFF\xCB\xC3\xCDun\xA2\xC7O?\xDF_\xCFu\xA6\xA2\xBBO\xFF\xB8e\xE8\xFB\x87\x9B\x9F~\xBAy\xB8\x9E'E\x96D�~\xB8\xF9\xE7\xE3\xED��YY\xE3\xBBO\xF7��S\xF2\xE3¢�\xB7w\xB7�\xB7\xF7�n\xAF\xFC\xF1\xEA\xF61\xDCe|\xDFD\xA5x\x91?\xAF~\xFD]\xCD�p\xED�\xAFT\x9C\x96E6{\x85��'e\xA9g\x9B+\x93\xA5qf\xD2\xD4c\xD6W\x9F\xAF\xFE���\x8D\xD2\xD4)\xFE�]Ä™-�\xD2E�g\x891\x97\xF7\xE5=�\xEC+\xA0\xB6i\xAC�`\xF4\xF1\xBE\xF3"\x89\xAD\xCDQ:\xCA\xC4e�\x90�\x8AIFBI\xB4\x8AKXh\x96gelS\x9D\x92T\xFAa\xFF\x84\xACy\xA7\xF5\x88\xD8�qn4n\x8FD7\xC0\xCB4gZ\x80l\xF4ß®\xAD�\xD7\xF42\xD6l\x9A\xB5\xDB\xF1\xF0\xD01\xD2\xC9\xD8Ú½Ô‡\x89\xEF�,\xA3\xFAKUo�\xA6�VN\xA0f`\xC2\xDDuRD\xF5v\xDDTn\xA8e\x8F\xAE]\xBF\xE1Y\xE1T\xF3$\x89\xCB,\xD3t\xBCa�\xAB\xA7\xBA\x8C\xEE?ã³\xC9UG\xCFEσݒ��\xBFn\?\xD4;F\xF1u�Û´\x80u\x8B\xE3�a\xFD\xBA��^\xFB0�\xF5\xD1\xD8\xE8\xB3\xF0\xF1\xF4lH\x82\xC7WI\xE4\xFCT\xADT\xD4v\x83`\xF9\xBD�\\xBB`\x8A��l\xDDn\xE01<�b\xE8�\x88\xF8x\xFF\xF9\xEF�\xF5Ƹ\xD1\xEAa\xD1e\xED\x86\xFD�\xDFo\xEB\xAA\xF9M)]�\x9F\x95-\x94\xC4�6\xC3\xFBdc#k6\xDBu\xBD\x81\xFB\xBB\xA1\xE9\xDAx\xEA\xA6\xC4�`\x8B\xF1wNu�U\xAEe\xDCS͈}_/�\x83\xBB!\xA6^\x83\xEA\xB4 eA\xAF�hk\xA6Ì¢e\xB7c\xD4\xF3z/Ë°\xA4͉\xA4\xA7\x8E\xD5\xE0��\xD2\xC54\xB1\xC8U\x9A\xD2�\x8C�\xD1È��� \x80\xFA˶\xBEN\xA2\xB6\x97wR�xn\�|hÚ¦}\x96\x99\x8Cg\xF3@\x84_4\xC7}voS\xBC�i#gI�u�\x93\xEB\x81\xDFI\xD8\xF0lݦ\xF6C\xBB�\xD4T\xA2^,\xF8\xFC}Oj�(\xB8 \xD9ï±±[��\xBA\xC8Å€q\xB1E\u\xEDr\xC2\xD6\xC1�\xE4\xE0�\x84�\xF49M\xD3\xE8q\xD5\xC8\xFA\xFB\xDE=\xCBI \x85W\x99k
-\xCES�{\xCCiR\xE9�\xEC\xD4�e�
-\xB3 !�\x92\x85�@[\xBF2 \xC7AU|\xDE\xEFH\xA9z\xF0�iV2gp\x9C\xB5�\xA1\x92�\xFD~\xBB\xEDvC?)fÜ»\xB0\xEC#�"\xC1�,\x9D"\x8BP\xCB�:�\xE0^\xDD\xDBu\x92$x\xD9�\xCE\xFAIHeG\x80\xCC\xFB�\x8Ec\x92\xD2\xCB�p\xC3ε\xFD\xB2\xDE\xF5\xB2\xD3r\xB4~P\xAC\xF9\x94\xB0IÛ´\xF5\x8EF[t4\xD5zO\xCCA<[� \xA8\xD78|\xE6\xC1ppIo݆I\xC4��\xBEZ5kQ\x8B\x961\xA4D@#~\xD5zW5\xC18�t\x9A\xABhS;\xB2\x8A\\xD1<\xBC?\xB8�b#\xA0\xFA�\xF5�\xA1Ê\xEEѨBs\xDE\xC9\xF4\xAAÛ¯��>×´�\xF8!d4\xA1^\x9Ba\xE5\xE9\xDA\xF9\xD4AD�Ȫtn\xF9V�ftÕž\xB1,_\x84\xF0`8ȼ�\x84\xF7\xE84\xC3\xDB�\xE0I\xF3��\xCA\xEC\xC8 \xE0\xC0�sXp\xAC��4)\xCB@\xB7]Ó²\x88\xD94_\xD0���:\xB8\xF1\x8A\xF6���2\xE2�n\xF0\x9E8\x88\x8E\xF0\xCD�_A\x97\xC21��b\x85\xA2\xCB\xD1Ê«fR\xDDG
-\x9C*\xB4VYj\xC9�\xC31VG
-\xEA�\xC7<|\x88?�\xA8\xE4G`\x99f7\xC3\xCC?L8bT�\x94�\xAD\\xCF \x8Bi∢\x9F\xCA�î•l\x9E\xD6]\xE09\x934r\xEB5\x8FK\x883!gP^\x96=\xE3Y\x98cÊ£3€\x9C�Fܺ捻ʑ\x85"\x9DD\xBC�o6\x8E}\xBD\xF8_���\x91|\xA7L\x85;e\xEA\xECN_\x8B\x8E\xAA�\xD1�@\x8E\x8E \xD0I \xA28\xA9
-�'qL\x88�?Ø¢�\xDB8>E\xE4�\x87#\xE5\xD3�\xE5Ó \xBE[\xEFÑ¿\x86Y�\xA7s\xE8\xEB\xF2\xE8\xB9yA�\x82\xE0\xA2\xC30\x87pA\B\xDC�#\xA1\xE1X\x8A�\xCCP\x9AjOi�\xBES�\xC3 x4\xA2\xDB�\xABn\xD7`\xD2\xF0R{��椵\xDDq\x9C\xB7�y�\xE6���L\xE63����DA\xB7��\x8E\x8F��\xFD\xC0�\xBA\xA7f\xAF�S\xB6\xBB\xE6ER�\x98R�\xAF\xDD\xEE�~\xD9\xF7\xF3\xE9t�×·6z\xB8\xFB\x90\x94I\xC1/\xA3\xB0+�\x98�\xBC\xF1 \x89�\x9E\xA7z\xC0Xq|6\xE4�\xD6��\xB0\xEC\x9C\xCE\xC3\xF7É¡��7\xED���\xBB\xDD\xD6M\xC4\xF02\x8D!j'�\xC3)\xB5\xB2��,\x858\xE0\xF8\x9D�\x94J|\xC0'$2\xF5\xAEuk\xA6�\x96�\xA1g\xA9��\xA4`Rs\xF8\xF7\x9B�'4Dz&k \x86�/l\xB8\x99\xF21 Ö±\xF8\xB423\x85\x89�\x9B\xDAÙ¸\x9E\xF9\xC6�ɨ��l�\xB9K\x96\xC4*\xE3\xFA\xEC\xAF.\xEA\xA7\*\xBC4\x94~\xA5.\xECt\xE1U�X�ffJÈš�\xA0b\xEF�\x8C\xAA\xE6�\xCA/(�\xADM\xF3Q\xF9U\x98\xA3)\x80H\xBD\xA7\x83!\xCA\xD5 s\xA8\xC2
-N\xB0�\xE9\xFCt\x9Eg¼T\x94\x93\x88W\x82Zv\xEBu\xF7Ê \xF0\xF5\x97I3\xC1\xD2
-s\xB6\xBFa\xF2S\xFA\xD9eX:ľR\xC9\xE1J9?\xB8\xFA7~\x9F\x8A��\xF2 �\xE4PZ\x92\xAE\xB4LL\xC9\xD7\xE4Q \x8A�\x833X-\x84Pk\xA0 at p\x8C\xF4\x81�aVK(\xA0\xB2DG\xAF+\xF2x\x87Rb\xBF\xEB\xC9Y"%\x9E�\x9Fm]\x81\xE5;\xC8䉒T�\xF1nʋ\xFD\xB9\xAFwrCQ\xF5�\xAB͡ZQ\xC0\x80[\xB91?\x82<\xCBP�\x97\x9E\xA1@\xBB\xEE\x80cP\x85�\xD3J5\xE1d�\xB3's\xAAL\xA1U\x87t�b-\xBDKإ"� .\xAC�5.0`z\xC2h\x92a\x82!�\xE2\x8F\xCC\xE6�\x85PMa\x83\xE8\x96\xFC\x84�環�\xC1�\\xC0\x84\xD7hZ\xE0\xEF\xC6q\xC8"\x84\x8F\xB3\xE0\xFEϢ+\xF3\xFCߤvY\xAAD\xED2,\xE5{Ɯs�G_�\xC7\xC3\xE2\xD5\xC0 \x8F\xEA\xA7,\x8B\xCBD{\x87*\xFC\xC3\xFC��\xC4\xD5ׄق�Ɍ\x91I\xC8\xDD󕵎�\xEA�\x9D.,\xA5UV\xC4F\x95\xC5IiE2;\xDF0M\xA0\xCAS\x99,&\xC6�\xAC\xEA\xD8:\x99WsOu\x92\xF7ל;J\x81��\xF3�!* \xE0\xE9K]\xCEER.�\xE09\x80F\xFA\xF9(-\x868#I\xB98W\xA2^�\xA0�62�l\x89\x94kB\x96\xBE\xC87\xE8\xF7\xB0\xD6\xF7\xD5\xFF
-\xFCc\xCC\xC3C\xCF(�\xBF֜
-S\xC2 ^m\xD5T\xAB�\xFD\x87\xBE\xAE=\xE6\x8D1\x8B\xFDf\x8B\xEE\xEEB\xF3\x863�d͓\xA3\x9A�_\x9F\xDE&$[\xE4q�\x95\xA6�c\xD7.*\x99��,\x9E�\x9Ec\xA6;\xA18�\xB5\xB4\xCD�%x�\xB6F�\xC2I\xE7�\x8CXb�eY\xD2\xE1!Y'\xB9\x8A3{"kX\xA0o�\xF5\xC1e\xC0,v,�\x9E�⌄\xE4�\x94n\xE0\xF8
-\xF3\x82[\xA6�\x89\xF3T\xFB\xA7uS1\x8C<\x9A\xB4\xCE{JÊ ��\xB9X\xB4v\xC8!\xC8[6\x94�\xC18\xE9I\\xC7\xD4 аM\xD7�\x99dQ\xA9\x96l�P���\xF1D\xA5? :.\xAA\xD8i�i\xC7�\x8E_\xC5\xDF~\xA5V\xD1!6b\xE4�\x8D3\xEEJ��X\x8C\xDEr\xACY5O\xDC[\xA0y\xAD \xAF
-U5\xA2|:\x84\x98~\xDBq[\x84\x89(��\xF4p;y\xB4\xBB_>\xDF~\x9Cd\xEBç¦\xA8\xAD\x9AJ\xB8\x80;J\xD4M\xC5c\x87[K\xD4�\xFCT\xD4M!7\xEEx\xD8wv5\xDB~ݺ\xB0\x89\xABH;\xA6�\xB0\xEE�
-)ZE۵#z\x9DHƧ9\xDE\xC1\xFBq\xBC\xD3ʷOS\xA8w\xEF\x986\x89\xB0\xE3�\xB2,K�\xE7y�]�\xE8輸�\xA8O\xB7h\xAA\xA9c\x89Ą\xEB\xA8?
-R\xE1a\xA87[\xECn\xA4:\xB8(Hr[��\x9Ev�)\xA5Jli5K\xA9\xB76趞k�`\xD9�
-6߱\xF9O]\xA1"LHK�\x8D1O\xE2�\x97m\xDD\xC2\xFB\xEC%?\xEF~\xC4O�7\xBF<\xFE0YI\xDE:vn' \xC4I�[\x9A\xDE�5\x89.\xBD5Q\xBF�]\xB9\xF7\xA1\x84z\xAE\xDB�\x8C\xDDӂ3\x9F*�[\xA9\x88\xBDkG\xF8ص�J��\x80n\xE4\x96R�\xB03\xA7/4�\xFD\xC5
-`\x9CXc\xB2~\xA8 �\x88\x87\x99\xB2\xC5\xFF\xB1h\x98r\xA9�H \xAC�p\x93�>\xBD�\xEB\xD2l\xA6M�ޙ3\xA1n\xF7\xEAv\x8B\x89`\x90\xE7q\xAE\xE0\xCE!\xF97\xA6\x8C~��\xC1S\xE4��"Q\xDE8\xC0o\x94\xAD�*\xF6\x8C\x91F�\xBES\xF9n\xCEt\x81\x91\xA35I\xEB�G\xE9\xAF_\xA8D�\xBB\xD8\xD9\xF4m�\x9Dd�\xC4\xC7�R�\xCA_o&\xE2c�e\xA3\xB1\xE3\\xE5\xFC\xEE:\x8D\xF3��*8}u\xE0
-\xC8B��
-oÛ©\x9C
-\xF8V@�#s/\xF37-b\x9B�\xFE\xDBV\xE5\xE4\xF8\xC0\x9EA\xEEb#7\xB1~V\xC6\xFA � �>m\xCBu\x9C\x97Y~ڥ\x9B< vϋ\xA28\xA4\x89\xEF}�\xE0h\xBF4\x8Bsm\x8A\xE3\xFB`<\x9Eh\xE1\xA71$\x8Egl{'\xBDWɇ\x8C\xF5~� \xB7ݒ\xC5c\x83\xA5c\x94\x8FŜH$�\xB0 v9\xBE�x�\xE2\x91\xCA}�\xAE8(\x81
--$�\x9F\xDExX\xE8\xF2Й\xCB)\x9F%M\xB1ѧ\xA5\xA0\xBA\xA9d9I\xE3�\xF7\xFE+<\x80,7�\xE2'�x\xE1\xD8,\x86\x94;;VÝ|�\x92l�\x9E[\x89�2\xA09\xF3\xA4:\x89\x9F�8\xDE�\7\xBD�-'\x85\x97Xp
-!�\xFC\xFA\xC15\xFA8\xFF\xFD\xC5�\x86�\xF9.|\x80\x94�0\x97fX\x8B\xC56IË“\xEA\xEAĘS\x93\x8F$N\x91\xCA`k\x8F\xA2\x84\x91\xCE8\xA28\xA92\xD2\xF6Ã^ï¸_a\xF8_\x87Å„\xCEBT\xE5�v5\xF4<r\xA1\xAFؾɧ\x8B\xC3\xC98\xA3\xA4O \x87\x8F�\xE7�,\x8B��\xBF\xAF\xA5\xA4\xA0\x99\xB2f�\x97\x81\xCFA\xF31\xAD\xB0�\xA4\xD0{\xBFÙ’7{\xEB\xF6�\xBC:\xFE(\xC3\xFEQK\xB7\x8CU�,O\xE7\x899\xF9:\xBA\xF2\x85(\xF9\x9F\xB96e\x88Ù‡\xCA\xCBw\x94+H\x91\x9F\x8Fz\xCA@\xFET\xAF\xDCK\xE3C\xA0\x9F�Z\xCE\xCFX\xE8wOn=e p&\x93\x9D*\xD4�?J(%T�\xF8��\x94\x89M^\x9A\x93Ä\xD3}é\xB7\xB4+L�J\x88Ù—1\xE7a�G1\x8A\xEC\xFA\x81#�N�:"OEQi\xBD\xA9\x89\xF8\xF1��dqb�\xA0_�J�a�\xB6�Ý»)Mz\xDA�\xFCm\x95\xE5\x86�\xB9\xAD\xC4J\x973\xB1\xFEË\x95\xDE=A\xA1\x91\x89N\xBD\xF7HY\xE1y\x8D\xDC^K\xBE\x82�R��\xE4\xEB\xF3h�v�\x93Q\x90>\xABc\x9Ex"N\x92\xA5\xEF~\x8E\xF4\xFFr\xCBs\x9CG|cn\x82\xBF5\x81j�BR\x81&R�S\xBFH\x81\xFF\xC2\xE4o\xFE\xFD\xCB\xE1\xC7A&\x8FÓ¢\xD0!�:�~y�\x9B��I\xC9)�\xFFJ{\xF6\xEB\x9CD\xC5P\x96hO5:\xFA\xFF _\xF1}\x8Cendstream
-endobj
-1890 0 obj <<
-/Type /Page
-/Contents 1891 0 R
-/Resources 1889 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1893 0 R
->> endobj
-1892 0 obj <<
-/D [1890 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1889 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1896 0 obj <<
-/Length 3218
-/Filter /FlateDecode
->>
-stream
-xÚµZYs\xE36�~\xF7\xAF\xD0[\xE4\xAA�\x83\x93$�\x9D\x89g\xE2TÆžx\x9C\xDA#\xC9�-Q��\x89THÊŽ\xF7\xD7o7�\xA0x\x89\x9A\xECd\xCB\xE5"�4\xD0ׇF\xE3\xE03�|�\xEB\x80I\xA3f\x91Q\x81f\Ï–\xBB�6{\x82\xB6\xF7�\xDC\xD1,<Ñ¢M\xF5\xCD\xC3\xC5\xD7\xEFd43\x81 E8{X\xB7ÆŠ��\xC7|\xF6\xB0\xFAy\xFE\x{1BBACF}�\xD7\xF7\x97�\xA1\xD9<�.�:d\xF3onn\xBF\xA5�C\x9F\xB7w\xB7\xEFn\xDE\xFFtu�\xA9\xF9\xC3\xCD\xDD-U\xDF_\xBF\xBB\xBE\xBF\xBE}{}\xB9\xE0\xB1\xE6\xD0_\xB8�Ntxw\xF3\xC35\x95\xDE\xDF_}\xF8pu\xF9\xEB\xC3\xF7�\xD7�\x8D.m}9\x93\xA8\xC8��?\xFF\xCAf+P\xFB\xFB��H�\xEB\xD9�\xFC`�7F\xCCv�J\xCB at +)}\xCD\xF6\xE2\xD3ÅÍ€\xADV\xDBu\xCC~JÄ�
-\x94\xC02B\xF2\xE84[b\xC1\x80\xAD+F<\x88$\xEF1]p\xCE�\xC6e8[\x84�\x8C�\x9A\xB8q\x89\xE2-\x97pe\xA05�}\xB5 B)\xA4\xF5\xC9&\xCBk4\xCC\xD7\xEF\x84h�\x87q�)\x81Ü‘\xE8a\x93\x82%9\x9FgyVgÉ–~TiM\x85b\x8D_1//y</
-W\x9B'\xBB\xD4�\x96\xCFiY\xB9!ܷڧ\xCB\xEC�\xC6D\xBA\xA2\x8AC\x95\xE5O4PB5\xBF�\xA1\xAC|\xF6\xD7\x8A<Ś \xC5�\xC1@\xF1\xC0h-\xAC\x84\xFFؤ9\x92\x99yM\xB2�\xC7Օ뤬+*�\xF6o\xA0 \xF4<\xAB]E\x95V\xBD\xBEmM\x8C\xB5\x91\xA7(苂\xE7+*'c}\xAC\xF6#\x826R\x85\xE1<\xB1#@\xE1\xC9Z2\xD4N \xA8\xD9�UM%;l\xBALs\xF7{\x9B\xF9�kv\xE8\xD4b�\xB5\xCE\xECPrf\x87Y"u4\xBFY\xBB\xF6\x82\xBE\xDE\xF1G�i\x92\xA2\x99\xD1>\x92<�߮\xA7\x84\x98\xAF\x8B\x92Z\x96ۤrD7\xB7o\xA8@*`7\xAF)\x94\x9D\x89�\xB9�{�\xBB}\xB6MW\x8B,\xA7\x8AU\xBAN�\xDBz\xDCd\xA0\x9A� g\xF8=*\x8C\xBF�tI\x88�\xD6U\xA0q\xA8\xE4\xFC-J\x97V\xAE/\xC8UR\xB1\xDE$9\x95nn]\xAF\xE49\xA5�\xB4�~��ٶF\xE1F\xE4q\xA2V�\�\xC7^l\xD1\�\x82\xCF\xDA3\xF2\x8B&\xB9b�\x9Aa\xF2.\x8C�B\xC5\xE5_�\xD1\xF78�7��B�\xEB�q\x83\x87\x81\x8CM�1!
-�\xF4pFئOI\x9D�\xF9\xA2ȷ\xAF#!\x843�\x84\xDC4!\xC4\xC2I\x8B\xB9\xFF�&VT\xB2\x93
-\xBEi\x8E\xC8�\xDF.�B\xDAc Z\xFA\xDCl%L\xEA\xFA\xE0�\xB3s��\xCF\xD7eR\xD5\xE5e<?,\xEB�M\x9E1'"̱/\x830\xC34K/\xF9<x�\xE0�\xA3`A\xF9\xF0\x86\x9An\xAF�pQ\xB1\xBF\xD8\xFC\xEE\xFE=\xD0\xF2\x80ڮ\xF2W\xAAN\xF2\xEA\xC5�\x9DYl\xD5T\x9B\xB9\xD1\xFD\xFC͞\x81\x85\xD5�*_\xB2zS�F\xD1n\xB1\xA9\xA2y\xFA\xE7~\x9B-1FI�h/\xA96۵k\x8Ffq\xAD\xEEk\xED\x86�\xC9�\xF8\x94Y\xFDJ\xF5U\xBA\xF4\xC41Ȱ\xDDR\xF5c:��j\x92<\xA9Qhn`\xEAV\xF8\x95\xF3\xDB~{\xF7\xE1\xEA\xE66\xA0j\xF2,\x96VE\xEAHr\x9C\x9C\xB6\xCF~\x8F\xEE\xC2"z�۬pXA\x91\x86\xA8\xD2?\xAD\xED9\x8D6��\xC0^\xDB�M9;:��S\xFA"\x97,u\xAD\x84&6ߦɚJ\xD6\xD7�A\xB4�\xED\xC1\xC4>\x87i�\xB3PK\xBF,n\xD0"\xD2
-D\xDFt\x8D&[\x83\x95\xF17�\x9D\x9C\xEA !\x8E\xF8��\x94�k\xD6�\xD0v\xD4\xC9Í\x85\xB5\xC2\xC2s\xEC\xB8\xE6%\xB1$+�\xDDG\x8C\xF5)u\x86YB`K|\xA4\xA2hÖŽR"\xE6�\xA5X<�\x99\x82�\x8C��\x80�˧��\xEE[\xC9KC\xBFhw\xB0!C\xB4\xED:��\xA5*!d/FlÜ–HF
-���Zm�\x83$\xAA\xA1�\x91\xA3\xED\xAE\xE1h(\xC7\xC9`\xDD
-\x83_�Z\x8F\xD1\xFA\x98 \x9EM-\xA1\x8F6\xBA\x9BY\xFEO\x9D\xBC� A�\xF3�\xFD\xA6A\xBFH\xB4m9\xB4)�ja\xA2\xD9BG\x90�s�\x8F\xFB\xD6g\xCDZ\x89@\x86 �\x9A�\x93qHl�Lg�\xB1Ï®\xBC#\xD3�`
-\xF9\x9BQ\�\xD3Jnh\x82~UQ\x99\xF2�,\xED\x92W*�{\xC4K\xB2ݺß\x8E`]l\xB7\xC5�\x85'\xA8u\xAD }lnb\x83
-\xB3\xB9O\xBF\x89\x8A\x99\xE7J�\x8B\xB5\x93��\xF5\x85\xA3��� +\xB5�<t\xC1 r\x89\x915P�\xB1\x8A\xB4#\xC1\x85�g\xF7p,\x8E+\xAB\x88\xFCPy\x9D\x96y:\x96\x97\xAB�\x9CĢ\xE3\x80\xFC
-\xC5 �\xEB� ]w�E\xE6\xA6>hpØ¥+L�9k\xD6bÖ´/\x8BÒ…%�Y)\xC5\xC3h\xBAq\xA1\xE49\xA9\\xDB.\xF9Í)\xF8\xABX\xFBPS\xA5\xADh�
-I\x80\x90w\xF3\x88\xCAPdÚ›f\x93VY\xB1�QX\x9A\x80�\xE9\xB3�\xE79)\x94��\xBF\x88\x97��\xAD\xD0X\xB0k(\xD2`B\xB1\xF3�$T`\xAE\x98avaÉa�~}\xB8y\xF8\xCA
-\xF9\x91�~\xA38��W`\x85<\xC1\xED\xA6�\xF3\x9B\xBA+ \xE51X•G\xC2Ƣ\xDA$\xAD\xC4c\xA1\xE3\xC0�\xDC2w<\xD3�
-1\x9A<bB`\xD7\xC0\xE7\xA4\xCC
-\x9B\xD9 _\xAB:\xDDUÔ²J\xEA\xE4�
-
-ؔ\x90GT\x87\xE5\xC6uw� MI\xADl\xFEDz�\xF6\x9E|_f�-72m?\xA0OUз\xC8AE%\xB9\xDB\xEFA\xCD\xEF\xE9\xEB�-G\xAB\xF3\xCB\xE7w\x9F\xC6f\x80
-\x94Ò±\xF3_\x83G\xFAT\xAFy\x91\xBF\xEEz\x90#,�\x94�\xBE�QW\xB9K\xE7!Z\xA3ã° `9|N\xB7\xC5~G[%h\xB1\xDC\xE0\xFBv\x93��\xCC'\x9CÐ\x80$T\xFB\xC3\xD5-\xF5Û“\x99\xEAbYl\xA9i\xD9N}\xECH9\x91\xD2l\x80\x8A]\xB6\x82p�1\x8C0�\xCE\xE6\xFF\xA6]�\xB4\xA0\x8B\x88\x98�\x8A\xDDF�\x87M\xF2\xB1D\xCBg1\xDD}�T`\x96x\x9C\x85C\xFBCn\xA0\x997\xED\xDB\xEF\xAE\xEE\xC6� !LGqØž@.�\xEA\x84\xF5�\x87E"\x8EC\xD8�@\x8FP)\xD9�\xEC\xD2�v\xA7&Htgcr58S\x81=�xK\x86\xB0Þ‚&\xE3GHD\xB3h�\x9D^g�*\x9B�c\xC0_\x80\xF7\xB3\xF5 u\xE0
-"`�\xF1i\xE6
-\xD5�\xFB.n\xC3@\x85q\x8F\x93X5aq\x95V\xCB2ۻyL\xF1ph]��L(�\xC5\xFAZ\xF4Xc\xBC\x90\xC0\xD9M\x99A\xD6&aU\x81\x8DU\xD8Qt"kk\xE8Ϩ<�\x97T^�\x95C8\xC0vP
-D�\x9F
-c\xCEؾ\xA1:'\xC8`\xB4Ñ´\x8Dp�TR�\x92\x8B)\xB0!\xCB�\xD5�\xDA<\xD5\xD1O�\xD2r�l\x90\x8E\xC5\M3o\xA8F\xB8w\xC1\xA6!\x97\x82\xF5\xBF\xC3\xFE\xEF�[\xA3D�k\x90O\xC8&\xF1�\xC3�L�\xD63\xF2$\xD6�\xFD�\x8D\x87\xE3~>\xD6"<R\x8E\xC2i\xD37T\xE7��\x8C6\x8D5\xD8H(\xA1\xE4�\xAC\xB5\xA8&\xB0\xE6\xA9zn\x82\x8D\xD1 n� "`\x9D\x9D\xE4\xDFP\x8D�Ð[�\xB0d�\xEA;�|�\xDC\xE2!Üœ�=\xE6\x91�\xA2(Ô§���Z�\CZ:L!\xCEÓŸQz8\xEEg#N1\xC8="-\xA7\xAD\xDFP\x9D�d8\xDA$\xE2�\xECa5�\xC2iĵ\xA9N#\xAE\xA1:z\xAA.\x93\xBCZ\xA7\xE50\xC0\x99@@\xBA5\xC9\xDE�\x8D\xB0\xEF\xE0Mc�7\xB2\xCB\xFF\xEF\xC4[[\x8B\xFEMF�\x84�\xF0>\x897a�\x8E\xA7\x9Am�\xA6\xF0\xE6\xE9\xCF(=�\xF7\xF3#\x9C\xD1A�\xB33\xC6o\xA8\xCE 2�m�oJA\xFAw\xE2\xF6ꈷ�\xD5�\xDE<\xD5\xD1S\x87=$\xC8\xE9�m�\xB9\xB40\xD3\xDC�\xAA�\xF6]\xBCA|\x93Jt\xF9\xFF\x9Dx;j\xD1G\x9B�b\xA6\xC4�\xDA8\xA8\xC0\xBBf\x9ED\x9B\xA3?\xA3\xF2pÜ¿\x90\xBB\xC1
-�\xCB\xC1\xB4\xED�\xAAs\x82�F\x9BF�\xEC\xEF\xA2�ȧ\xD1֢\x9A@\x9B\xA7B\x8E\xE4\xA1ž\xD8fˑ\xEC-�`\xA9W\xD3\xEC�\xAA�\xFE]\xB8I\xBC?\x8E\xBA�|jvs\xDD=/^a~\xC2c|�B𑿦\xB0\xBF\xB2\x82#�\xFDv�p\xCE\xE7\xEE\xF8�\x81\xDC\xF7!\xAC\xE8\B\xCEזt
-V\x9E\xFE\x8Cj\xC3qGa�;\xC4\xE1\xA2)\xF0\xF4�V\xB7I�7Tg��\x8E6 +�\xAB \x8E\xC4�X\xB5\xA9Nê\xA1\xEAO\xFF�l\xF0_\x92r\x85\xD7\xD6\xFD\x83u�v\x83\xED\xE3\xB4
-Ո$m\xE5�\xD3 ĶZ\xFF\x9Fx\xD6S\xA8�s��\xDA\xC4\xFCdlS\x92\xE1\xC6\xD5t\x94\x9E aCF\xFDḟ\x9F\xB9\x81\xB2!t\x9B\xF6CCuN\x90\xC1h\xD3 \x84\xB4\xC7\xC4*:�\xC2�\xD5��=�\xF9\xAC*N�\x82\xC0.F�u\x86yC5½{|
-\xF9]\xA4{\xEC\xEF\xE8�V\x98\xF9.Mr \xCB\xFA\xB0\xA5\xDF\xD9�\xDE@�\xF0\x9EO\xF8O\x9Ez@\xBAdtd\xDA�\x850b�N~N\xA9\xEC\x9E�\xE03
-ߌ����\x99tg\x96¸g)P\xB0'\xD3(e\xB2\xDCdt\xDBk;'\xAE\x9D.@\xB1Ôº\x92slGN\xDBD\xA8��\xC5~m\xFF\xF6\xF6\x93;y\xE7,\x88\x98êž…\xDE\xDE=ܼ\xFB\xD7\xD8q\\x8C\xF7�\xFE8n\x97VU\xF2\x84\xE7\xD1\xCC\xE9\x87�\xD2O\xB2\xD8]\x91b�Õ 2+Ws\xD8\xD3×¾\x8A \xDA\xC4^\xE72\xF7\x8A��\xF8TÄžM3\xF7�Å–\x8E\xEF%\xA0�^I\xF8\xA7�\xB6\xAB=:o�\xB2/\xB3]Bg�\x98�\x90\xF4\x9D\xF3\xCB]�lJ\xBC\x8B\xC0\xEBd\xF7<��\xEE�Zz5\xA0j\xBF\xC5sm,%\xF9+�n>\xBA\x8AÕŠ\xFC\xE0�m\xA8\xDE\xCB�\xA4\xB1'\xA2C\x88 H\xBB\x84�\x8F1\xAD3?�\xB3�h\x95?\xF2\xC0C\xFD8\x9A_9ñŠ²¦\x92\xBD|\xC2\xC2cÚ“\x85\xAE\xF1\xC9�`�H\xBAt\xD7\xF7tl\x8B\xD6M�y#\xE2\xAA0\x90\x91П%\xAD�\xB0\xA5�\xBD\xB4-���{\xE5`\x9D\x9A\xAF\
-9.\xF63\x8DPC8\xEBt\x8A1#\xB1�&\xA5Y\xDC<\x92\xB1\xC3\xF4\x90�7Ot\x88tM\xAD\x90\xFB\x8C\x9D&\x9B8�\xF1F\xB2\xFB\xB4aZS�DJ\xAB\xDEMAs\xD7߉5\xED낪><v\xEE\xF9\xDD�W\xB3(:\xA9\xDB\xF7]͒\x99\xEE\xF6\xFE"�g\xCB\xC9X�E��C>�\xCA[D\xA7#\xB9'\xB2\xA7\xF1\x9Bt\xF9\xFB�\xA7f5LQe�\xC6f\x9AsC4d\xDD=^�o`\x88j\xF3\xA6K@\xC8\xED\xDC\xF5*=E\xF0u\xEER\xCB=\xA7\xC0�\x87\xBB\xBA\xCC\xE8u�\xF3\xD3ۀ�I \x81\xDAB��\x82\x8Fij\xFF\xF2aE4\xD5k^'R\xA5\xC5�\xF6K\xCB:\xC9�\xE7U\xB1\xA3\xB2\xA2`\xE5^K\xB8'X�y"\xD8R\x8CE� \x94\xA1}\x91\xB7\xB5\xBD\xA4}Y\xF7u\xE1�0Pۂ\xD3`_䕧\xEB\xBDŀ\x9A֥ \xFC"�\xA1\x90\xA7\xF5KQ\xFEn_\x9C\xC6�.\xAC>N \xF8\x81\xD7v\x8D ˥\xBB7\xB3\x8F�\xEDXũ�\xA8���9z\xA8�\xFFn\xFE|\xF1\xE3\xD4\xE3\xCB]��\xB0K;u�\xEA\x9F�8\xA1\xD0\xCC&�\xBC\x98 w\xE8XD#\xA2\xFF�갊\xBDendstream
-endobj
-1895 0 obj <<
-/Type /Page
-/Contents 1896 0 R
-/Resources 1894 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1893 0 R
-/Annots [ 1898 0 R 1901 0 R 1902 0 R 1903 0 R 1904 0 R 1905 0 R 1906 0 R 1907 0 R ]
->> endobj
-1898 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [280.2146 599.6322 375.7455 612.3694]
-/Subtype /Link
-/A << /S /GoTo /D (root_delegation_only) >>
->> endobj
-1901 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [312.6233 360.3945 381.2953 372.4541]
-/Subtype /Link
-/A << /S /GoTo /D (access_control) >>
->> endobj
-1902 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [310.4119 330.5066 379.0839 342.5662]
-/Subtype /Link
-/A << /S /GoTo /D (access_control) >>
->> endobj
-1903 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [340.2996 300.6187 408.9716 312.6783]
-/Subtype /Link
-/A << /S /GoTo /D (access_control) >>
->> endobj
-1904 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [328.1051 270.7307 396.7771 282.7904]
-/Subtype /Link
-/A << /S /GoTo /D (access_control) >>
->> endobj
-1905 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [320.3548 240.8428 389.0268 252.9024]
-/Subtype /Link
-/A << /S /GoTo /D (access_control) >>
->> endobj
-1906 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [359.1386 210.9549 427.8106 223.0145]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
->> endobj
-1907 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [429.9426 181.067 498.6146 193.1266]
-/Subtype /Link
-/A << /S /GoTo /D (access_control) >>
->> endobj
-1897 0 obj <<
-/D [1895 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-606 0 obj <<
-/D [1895 0 R /XYZ 85.0394 560.3013 null]
->> endobj
-1899 0 obj <<
-/D [1895 0 R /XYZ 85.0394 535.1807 null]
->> endobj
-610 0 obj <<
-/D [1895 0 R /XYZ 85.0394 416.2201 null]
->> endobj
-1900 0 obj <<
-/D [1895 0 R /XYZ 85.0394 391.5178 null]
->> endobj
-1894 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1911 0 obj <<
-/Length 3073
-/Filter /FlateDecode
->>
-stream
-xÚ[[o\xE36�~ϯ0\xFA\xB2�PqER\xBC=N\xBB\x99n\x8A\xED\xCCn&\xC5.\xD0\xF6A\xB1\xE5D\x8D,\xB9\x96\xDC4\xFD\xF5{x\x93EI\xA6fÐ �\x84&?\x9D�\xF9\xF1\xF0\xF0R\xBCJ\xE1?\xBCb�qE\xD4J\xA8�\xB1�\xB3\xD5f\x95\xAE�\xA1\xED\xBB+\xEC0\x89�%C\xD47\xF7WO\xC5J!\xC5 _\xDD\xEF�\xB2$J\xA5Ä«\xFB\xEDOk\x8E�\xBA� \xE9\xFAÛ�\xDE\xDF~\xF7\xE3Ý»k\x91\xAD\xEFo?~\xB8N�K\xD7\xEFo\xFFucK\xDFݽ\xFB\xE1\x87ww\xD7 \x96�\xAF\xBF\xFD\xE7\xBB\xDF\xDF\xDC\xD9&\xEEd|s\xFB\xE1�\xB6F\xD9?�\x84\xDEݼ\xBF\xB9\xBB\xF9\xF0\xED\xCD\xF5/\xF7\xDF_\xDD\xDC\xF7\xBE�\xFD\xC5)ÕŽ\xFCv\xF5\xD3/\xE9j�n\x95"\xAA$[\xBD\xC0\x8F�a\xA5\xC8j\x951\x8AXF\xA9\xAF\xA9\xAE>]\xFD\xA7�8h5\x9F\xCE\xF6�N�\xA1\x9C\xCCt !\x83�\x94�1\xA5\xD8J0\x858%\xD4t\xE0\x9FM]\'T\xA4\xEB\xEE\xF5P@?p\xAE\xD6\xF6�\xBEǃ\xEF�FJ\x90�\x94\xEA�\xF7y\xDB��6TC\xC1u,\xA9\x83i\xF9\xADS\xF0\xA45\x81\xF8m\xB1\xCBOUgk\xCBvF\x95"\xBA3\x84\x93\xB1\xCB\xCBjF�f(S؃\xA2\xA6�\x81�#\xD8A\xDB*\xFF\xBD\x98�H8R\x84\xB17\xB0\x9C;�/\xF9\xB1\x9ESD�\xC9\xC8\xC8\xF2Û³X\xA3\xABn:\xFD\xE9*\xA1\x92"\x95b\x98 �F\x801b\xBE*\xF7\x87\xAA\xD8�uWl-)w\xF3\x83Æ�\xBD\xE7Oe\xDD\xCDÙƒQ0^h\xC2k\x8C�\xC6�(\xC0\x91P"\xBB\xC0C�J\x86(KC<7\x8F=J\xAB\xDD<�\x9B\xE7d\xFF\xC7X\xB1RH\xB2T\xC6�{ÐŒ\xE2\x80/i\x86$�[�ÍŸ\x8A\xC2\xF6\x9F�d]\xD8�\xED\xE6X�\xBA\xB2\xA9mE\xB3\x9B�h\x81R\x92I\xD7mC\xFBGj3\x86x&=#\xCAz\xEC"a�:\x84f\x81\x8F\xB6\xF1\x{E3217B}\x81\xB7=~\xC1Ý©\\xEB\xEE\xE6옎\x9EЈ\xC7&Q\xC2��d\xA1\xDB{Ô‚!Si\x96\xF5�8\xC6%C0\xADE\x9CcC\xD4e\x8E\xF5\xA8\xF3�\xB5\x87\xDDX3NMt�q\xD5=jFwH3pW\x86\xAAß’dÎ1\xCB`��\xCF",SHH\x85��\xA3,s\xF8�o\xA7r\xBF\x80e�e\.\x8Cx\x8FZ0d*-\xCE2\xC6PJ\x85Z`\xD9 �a\x99G\x9D�饬\xB6\x9B\xFC\xB8\x9DPM[\x99\xE2\xB8z�\x9AQ��\x8DBØ–\xB0\x8E�\xFA\xFF�\xD5T@\xB5\xA1�#\xE5B\xAFsR\\xE4�\x85\xB5J(=��>D\xF8\xD6\xE3�\x9C\x9E\xCA\xFD|\xBE \x892Ai\xBC\xF3{Ô’!�iq\xBE�H\x8B\x98$�|�\xA0"|\xF3\xA8\xF3H\xC1\xBA^<�\xCB\xEEuJ8\x88F)\x8B\xEB\xF7\xA0�\xFD!\xE1 Ñ”\x9C\x86�\xBC%\xE1�7ÆŒÃR\x93�\xE3RHkS,�Wc\x8C\xF3\xF8�\xAF\xA7r\xBF\x80q\xD0"1\x8D\xF7~\x8FZ2d"-\xCA8\xA6 \xCB��\xF7�\x8EqC\xD4e\xC6\xF5\xA8\xC12T>Te\xFD8\xE1�\x9!
6z\x98H\}\x8F\x9A\xD1�0�2\xE5TR��\xF0\xA6\xAB\xE9Ù\x91nN\x91TJ]^Q�\xD3K.�<\x8D\xAD\xA8�\xBF\xE0\xF3T\xEE\xE7\xF3\x8Dc$�[�\xFB�\xB5`\xC8TZ\x9Co\x9C\xE8\xFCH.\xF0m\x80\x8A\xF0̖ͣ\xA486I\xDD$m\x93']WM#�\x81-2\xA3q�zÔŒ�!\xE3�b\x84\x8BЄ\xB7aÜŒ#c\xCEID3\x8A#1.\x83\xF9 at X\xE0k4\xC69\xFC\x82\xD7S\xB9_�\xE3R$8V\xF1\xEE\xEFQK\x86L\xA4\xC59�)�\xC3�I\xDC �a\x9C�iu\xA7\xC36\xEF\x8A\xC4�\x88\xE7\xF6y\xC28* \xD5Tq\xF5=h\xAA?\xE0[FP\xC6\xD2Ѐ\xB7YR\xE7\xDC�� \xC1\xC4\xE6\x82^\xE6�\xA5H���.\xC4\xD8\xE6\xD0q\x8F\xC72?\x9Bi�l\xC08쮢\xDDÞƒ\xE2FLd\xC5i\xA6\xD1T\xD1�\x9E
-P�\xA2y\x94ָ\xAD۶\xD8$\xF0\xE7\xB9x\xD5c\xD4\xD4\xD54\x85\xE309\xA9Z0\xA3G\xCD\xD8��\x8E+\xA4�\x84�;\xDE&\xBE]\xF4f\xB2CVHRqy\xB3J%ȅN
-<\x8E�\xCF\xE3�|\x9F\xCA\xFD|\xF21\x8A�Ó„\x89
-B\x8FZ0d*-\xCA?\x88# \x87\xB1\x8D\xF2o\x88\xBA̿�\xA55v\xC7פ\xDB�\x92c\xB1;�\xED\xD3ti\xC5�6y$n@\x8F\x9A\xB1 \Z9\x94%�Mx�\xEA\xCD82^Z�\xD2)\xCC啕 �\xF66C�\xA2+\xAB\xC3/8=\x95\xFB�\xD9�l<2&\xE3\xBDߣ\x96�\x99H\x8BS\x8EJH\xFE\xD4\xC2\xD2:DE(\xE7Q&H\xE4]\xFE\x90\xB7\xC5䤗#Fi�W\xECA3\x8A\xC3 \xA3\x83z&B͟�Ŧܽ^'4\xF3G\xFAT\x99k�[�43{�m{ck��\xEA\xD4\xEA�w]\xD2�\xEE�\xD2v\xCDQ\xEF!�\x82\xA1\xE0nV\xA0]�\xD47L2]\xDF{\xB5mw\xFEd\xD7TU\xF3�H\x98\xF2=\xC1Pƌ\x84\xB7 \xC3\xDE�\xC7�
-[\xAC\xD4O�\x88\xC8/`/\x96km=�\xF6\x9AA\xFF\x85-\xF7\xF1`Z
-s\x97@\x89\\xE7\xAE1\xB7\xAA\xB2\xEDl\xC9\xF4� ^\x9Eʮh�\xF9\xA6H\xB6EU\xEEK\xF7\xA9X{-\xAD\xF68#\xCEch\xF89M\xC9\xD1\xCB�ٲ-\xEA\xAEL\xECu\x87\xB7;\xF0S\xACoc\x88�.P@\xE1<P\xA6��\xF2\xEBk\xBD\xAD_\xE7\xF5\xD6\xD6\xE5\xF5\xAB-\xB4\xA7\x87\xB6\xF8\xED�j\xEC\xEF\xDEJ\x87\xB3\xFE\xDB�\x87\xBC5cl��\xC0\xE3I_\xB8x3\x9A\xB89\xAE\xF9\xC1\x8C
-\x8C\x82\xF3�\xBB 4\xEAu��J��r\xFB\xE7%\xB5\x85V�W\xF7\xC0\xC6E\xCAf�1Ϛ\x99\xBF\xC8\xF3J%R$\xB3\x93\xDD��\xC9\xF0\xF9�K\xFF\xF0\xD7X�K�\xD1�\xB2o\x9C\xFAÖ\xAF\x8E�\xDDWs\xF7F\xB0\x8E\xC3\xF4r\xA8\xAF\xB5<\xEA/QA\xB2\xFA\xDB5^\xB7\xB6\\xE7]\xF9\xBBS_\xD6ɾ\xD87\xC7W\xFB\xD3\xF6\xC26y\xA8rHT;\xFB\xD3[\xEA<Cz`�xP�y\x81\xCB�\xD6�^\x8F\xBF53�q\xFA\xD8xH\xA3.v\x9D��訷\xECF\xF7#t\xAF\x99\xE0\xD9\xFA\xF7\xBC:\x99\xBB at J\xCFT\xD1
-\x87\xA6\xD5��\x85m*w\xB66\xDFnK�\xDE\xF3\xCA\xD6��J\xB6\xDE�\xA1#\x8ENÚ“\xBE\x894\xD5�EQÛº\xAA\xAC\x9F\xCDl\x82Z\xE0Ick]\xC0\xCA\xD6mq\x84\xEF\x{145D39}\xB5\xC6\xEBO\xCD~\xC41\xEBl\x9B\xEB+B\xC7�\xAF\xF4\xEC{\xE1I\xB7\xA9N[O\xC1\x97\xB2{�\x93\xABÔ±\xEA\xE1t^\xB0\xA0l�\xB5 q�\x91Þ!\xA7�^\xFD\xE2n\xA8wq\xDD�\xD6!*\xD8\xC29\xE9�uy\xDD\xE9Q&R\x960\x88\x87\xB1Z �\x8A \x9EG\xD5zÐŒ\xDA\xE1lP\xB0\xE8\xE8K\xE6@\xED�eÖ½\xF1\x93[�Dy$\xAD! \xC0@\x9F\xC0\xC1\xD8!\x95\xC7/\xF8:\x95\xFB\xD9i
-Q\xB0&c"\xE3}ޣ\x96�\x99H\x8B\xA65D(\x94)\xB6p\x81=D]\xA6W\x8F2#TT\xC5c\xAE\xBDOf\xF7pDB\xF6E��\xE8Q3�\x84�\xF1�qBG&\xD8\xF0\xAE\xB8^,i\xFE\xA8\xCBlm\x8C1\xB5\xF9\xE1P\x95v
-\xE5nu\xE2\xF6A\x80�\xBA5\x93Cfrz\xB0%\xF7� \xC92\xB1\xBEݹ\xD6\xC2\xE1A\xC2t\xD9 \x9B�ΰ\xBF\xEC~-ڹퟀ\xFD?\x91\xE7UCGv\x98�\xB53Í»a�(\xAD륬*\xE7D\xD5:\xCBݺj\x8E\xF1S}P�\xAC\xAFn�\xC9\xFB\xB55w\xB1O\xC7h\xF3×…\xB0\xD2\xC7D+\xF8\xBC\xFA\x8E�\xB4_ZmI�7\xBB\xC8\xF6�~�\xA1=\xEF\xDA>�\x8E�\x91eH\xEAk�\x98\xE5\x88c\xB6t!\xDB\xE3\x93\xE1�SvN\xE5j\xAB\x8EM\xD3%��%T\x9F>\xA6$\xB0h:1=jÆŽ0B\x8C\xA5\xC5'&\xB0BÐ…�\xEE �\x99\x96�d^�5Ç—\x99[X}\x9E\xAD�\xFAÄ”z\xCCTi�\xF3%")\x97\x81Ò\x86.\x94\xB2\xF5\xBE\xC8kH\xEBw\xA7Ê\xE6;[\xEF\xD6r\xD6\xEF�2H�Z[\x95\xDB?\xD6r\x93\xA3\xBAd!3i\xB8Y\xF333\xD7g\x9E9\xB1�\x89\x94\x!
FB\xB4\xED\xC2\xF1�\xA1�1\x85?d6\xB9\x8Dչ\xC9as\xE3t\xF5&VM\xF3�K\x8F\xB5\xBB\xB1\x8D\xFEA\x96�\xD3�\xD6�\x8C\xC3\xCC#\xDF\xE9\xA7a�\xC4R\xBD17��"\xB0\x9B\xD9"\x9D8\xA7�m\xFC\x81\xC6Ǣ\xEB\xFAO\xEA\xC6V\xE6u\xFBb\x93�\x9De
-\xAE7 \xD5|�`\xC4e\xFF\xFC\xCCo:fz\xC1\xBC\xE6\xF0\xBD\xF0Ҝ*\xA7?כ1g\x93\xAD\xA9\x9B\xE3^\xE7r\xBA\xCAw\x87\xF1\xAD\xB1u>��AP*y6\xCA9\x8Fe\xB1\xBD\xC8{�\x99\xB6\xCA\xD8\xC2>{\x88\xBA\xCC\xFC�5\xA0\xBE\xEE\xDF\xC9s�\xFD&�\xA8�\xD5ݣf\x94�\xD1�|\xCD$L\x81@\xFB\x8Fv�\x85\xDD>�F\xBA\x81\xFC\xF3��=W\xFB\xE4
-vk\xA9Kzk\xA9\x81\x8FU\xF3`z�\xEAB\xA2 �\xF9\x95]\x8A\xA0\xB1t�\x9A���\x9D\xFA\x9B\x8A~\xBF\xE4m0I( r\xFB\xD3-,\xBDN\xBBw\x9C!�Õ[�'\xFE�\xE29\x9AL�W�\xA3\x84\xF7K\x9A\xDD\xC8�\xC8~\xB2\xD1�\xA4n\xFA\xD7z\xDE3K\xF6\xC1Z\xB4\xED\xD3js\xC4�d\x8F\x9ES\xEEz;j\xEB{N'\x95&\xC1\x9CK\xF8m71{\x92q\x99\x970?`h�hy�EX\xE9@&A\xFDcgLI.\x9C QFUT\xB5\xC7LU\x8F\xCF ^\x91@\xF7\xAF�1i \x86\x8Cž\xE2`\x95�n\xE8�\xBBm\xD5%i�4q\xF5\xCF\xD6��\xE9�\xA6\xAFuk\x9D\xEF�[\xA594h\x82\xC2�\xA2U\xEE2a\x8D\xAD\x9AG\xDB\xF2s\xCA\xD2_\x9B\xD3�v\x86Pľ2%\x95\x93j\xC6[Wn_AA\xB9qÆš\x8B�K*�\x8C\xA4\xB0\x98�ÙŽ\xA5�l�o\xFF\xF7\xFE�Ù¢Û†s\xFB\x96�*\xCA\xC7\xDA�z\x98�\x90\xFBp\xCC=Wle/j�\xEC\x81,J\xAEO\x9Bn\xFC\x81u^W\x99 tn\xC2k\xE7\x9E\xC5y\xD7t\x83\xD9 j�\x87CQ;\xCE\xC3ÏŸ \xC9\"9$OF�\xE2L\x91\xFE\x89\xAC\x9BQ\xAE6\x98R\xBF\xD6\xD5b\x96i\xD4\xCC�\x9E8g\xECF\xEC\xD2d\xB3\x9ED^\x93!\xFD\xB0t\xE1-\x99\xC7\xC4^\x92�L0U\xBA\xFD!q�9yk\x81\x91\xCCXT}\x8F\x99\xE8�\x838G\x92\xF0\xC0\x80~\xBE\xD8`\xE3bF\xBDm6\xA7\xE1\xB3\xE3f\xB0\x93\xF5\x9B\xFD\xF3;z\xA9�np\xBA\xBE\xEDÉ·\xBD�U\xE8\xD2kzÊ~�?\xE3�\xFCsD\xF8\xCB/\xED\xCF\xFF�B&�\x95\x97�\xE1�\xFD\xECKê¯5J\xF7\x94\x92S^\xB8'\xF9S\xD3\xFF�iEn\x8Fendstream
-endobj
-1910 0 obj <<
-/Type /Page
-/Contents 1911 0 R
-/Resources 1909 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1893 0 R
-/Annots [ 1913 0 R 1914 0 R 1915 0 R 1916 0 R 1917 0 R 1918 0 R 1919 0 R 1920 0 R 1921 0 R 1922 0 R 1923 0 R ]
->> endobj
-1913 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [257.6971 712.9917 326.3691 725.0513]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1914 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [258.7928 682.112 327.4648 694.1716]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1915 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [310.7975 651.2323 379.4695 663.2919]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1916 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [308.6055 620.3525 377.2775 632.4122]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1917 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [294.1999 589.4728 362.8719 601.5324]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1918 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [303.0862 558.5931 371.7582 570.6527]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1919 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [332.9347 527.7134 401.6067 539.773]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1920 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [386.0748 496.8336 454.7468 508.8933]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1921 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [301.97 465.9539 370.642 478.0135]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1922 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [231.137 306.5695 299.809 318.6291]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1923 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [143.8055 244.9695 239.3365 256.7701]
-/Subtype /Link
-/A << /S /GoTo /D (root_delegation_only) >>
->> endobj
-1912 0 obj <<
-/D [1910 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1909 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1926 0 obj <<
-/Length 3034
-/Filter /FlateDecode
->>
-stream
-xÚ½ZKs\xDC6�\xBE\xEBW\xCCmGU��o�\xB9)\x8E\x9C\xD5\xD6\xC6\xC9\xCA\xDAS\x92�5\xA4$\xC63\xA42\x9C\xB1\xA2\xFC\xFA\xEDƃ\xC37\x9D\x8A\xB3V\xB9 ��\x80\xEE\xC6×&8lEá\x8C"TX\xB9J\xAC$\x8A2\xB5\xDA\xEE/\xE8\xEA�\xFA\xBE\xBB`�\xB3\x89\xA0M�\xF5\xCD\xDD\xC5W\xEFD\xB2\xB2\xC4j\xAEWw�\xAD\xB9�\xA1Æ°\xD5]\xF6\xD3\xFA\xED?\xAF~\xBC\xBB\xBE\xBD\xDCpEך\n\x94\xA6\xEBon\xDE\xEB[\xAC/\xDE\xFE\xF0\xFE\xDD\xCDw\xFF\xBD\xBD\xBAL\xE4\xFA\xEE\xE6\x87\xF7\xBE\xF9\xF6\xFA\xDD\xF5\xED\xF5\xFB\xB7×—�f�\x83\xF1<\xCC01\xE0\xDDÍ¿\xAF}\xED\xBBÛ«\x{FFFF}\xBA\xBD\xFC\xE5\xEE_�\xD7w\x8D.m}��\xA8\xC8o�?\xFDBW�\xA8\xFD\xAF�J\x845j\xF5��\x940k\xF9j!\x95 J
-�[v��.\xFE\xD3L\xD8\xEAuC\xC7\xEC'\x95!\x8AK\xBD\xDA \xD82:aeJ\xA8�\xABm�I\x89\xB2\xAC12gcF� \xB4\xF1\xAF\xD5\xE9P\xA6\xBB\xBE\xAE\x8C�\xC2%,ۚp\xB0j��.\xCB[\xCB2.�\xE7\xCAvֽ\xDA\xED\xAA�0\xB7a\xEB\xE3S\x8E�\xBE\xCE\xF2\x87\xF4\xB4;\xFA\xD6 \xD8?j\xFF\xF83\xA5|\x97\x97\xE9>`\x8F\x95o\xBF\xCF}Y}\xCA�\x87"\xCB\xF2�vYR\xB5\xBE{
-=\x9DY\x8B:�\x8F\xBDTe>\xB5\xC6Kq|BÀ\xA6\xA0Ab-\xAAL\xACRܩ\xF03\xE7�\xBB\xBFz'\xDBV\x96\xC4��{\xEA0\xE4\xD7r\xE71�\x93p\xB7\x972\x80\xDCD\x8Ey\xE9\xF3s^fy�:�FA�'/t\xC4� \xBBb\x9B\xDE\xEFr\xFF�f\xF0\xB3\xB7%`2!Z\xCB8\xFD>\xAD\x8F\xF9aD
-\xC1\x89\xE5\x9A�XZfcsY"T�Õ©w\xE9\xA7|L�E�!"
-mZ\x93\x81\xFB�\x8Ej�\xD2!
-g\x89\xDCFM3\xB9Ay=\xDF�\xD6l\xEA\xE2\x8F|\xC0i͈\xA4\\xCEKРFD\xE8\xB0Zk"\x8C0]�>\xE4qc\x9EB%\xCB\xEB\xED\xA1x>�U\xE9�\xAA\x87�3\xC3�\xB0\xA6ivl\xA8Io\xF9\xC4�\xA3 \x84\xFA�E\xD9WV@\xB8\x90\x8A򎲾\xF3\xF0\xB8\xF2\x95ۖ\xDA
-~A\xED\xE1\xBC^\xED\xEDYA\x8C\xB4LC\x88\xEC\xCB$\x81&\x8C-0 \x82�\xE4�\xCC\xE5\xBCm\x92s\xB0YZ\x8A�ÊA3\x8C�\xA0\xB8M\xC7CZ\xD6�\xE0^̬7\xC7b\x9Fo\x86{\xC1`\xB3\xC0\xD1\xE4\xAC�
-h(G\x87v�B�MLG\x90/Ǻ)uzRX\xE0~\x92Ì°\xCF�"\xAD\xE1m\x8D\xE7\xC8�\xE1\xF3\xBA�f\x9D\xA2^2`\x9E�\xB6\xA0\xC0s;Ѐ\xE6\xA5�\xCC5\xCF<\xA1 \xA4\xF5�\xF5Z\xA8�\xEEE\xD4\xE8n�\xD9n\x9C|\xE0\x8AJ\xDByI�Ôˆ(]\xFA1\xC2�nA[\x96\xBF\xC6?;Å¿\x96F}\xFE \xA2\xA9\xE13\xFC\x83\xA3MY\xDEQz\x96\x80�\xBF\xA0\xFEp\xDEϧ\xA0\xB4�\xA8\x8C\x9E߇�\xB5 \xC8p\xB6y�RI4F\xEDy�\xB6P3,\x8C\xA8\xE9\x98Q\x9D\x8E���I\xA4Vz^\x94�5"K\x97\x86\x96@\xE2i\xBB\xC2\xFCM4l\xABÔ—\x83B>È´\x9D&\xA2\xB5D%ZuÔž#b\xC4/�`8\xEF\xE7��\xC2�_Úˆ�Z�c0\xD7,�!\x8F��\xA4L\xB3,l\xA3\xA6YØ \xA6#\xC7(��\xD1V/\x88Ò Fd\xE9\xB2��\x80$\xE9 \xF37�\xC6m\x95\xFA\xD1\xD0�H\xF9\xE5� %�-Q�\xADgI�\xF0�\xFA�\xE7\xFD�$\xA4$a\xC9\xFC>DЂ�\x83\xB9\xE6I(9\xA0\x92\x85×6j\x86\x84�\x85+\x96Õ±xx�\xBEHs�N\x89\xF9u�\xD4\xC8\xC2�Ʊ�\x99\xA9\xBB+�Æ\xE5\xEFo3\x85-\x845\xA7\xE8��\x80\xD0D\x99\x8E\x8A3\xF4j\xF0�\xCA�\xE7\x9D|\xD5�0\x9E\x83=Õ’\xD5�Ô‚ \xC3\xD9\xE6�\xC6 |h\xB6@\xB03h\x86_�tÞžM\x96\xEF\xD2!\xC9$%VX1\xBBt��\xAEÝ¡\x98T\xF0�Bug\xF1/É°\xB3
-\xBD\x95\x95!\xC2R5�\xC6\xC0I��\xFFn\xC9?�\xC5"|^\xDF\xC1\xAC\x93$S\xC3,S�\xC8X\xF4\xAC\xD9�Ђ�\xFD\xB9f)&\xA1\xA2!\xED\x9B\xE7X�5M\xB2�\xD5ڢc\xB5\xA9\xABtH3�V\xA0f~\xF9�5\xB2~\x97h�^%8\xEB
-\xF0er\xB8\x81�\xBD\xB5\xE1\xC4Д\xB3�\xAAib1\xBFl\xAB0˵\x80_\xD0y8\xEF\xE7\x874x\xF1\xD7x?0k\xFC�\xB5$\xC8`\xB6y\xBE\xE1\xEB\x866�\xEF�m\xD4�\xDF"
-W|>\xDD\xCCG�M�F\x8D\x9A_\xB7A\x8D,ܽ\x96\xC4�k\xBA+ß \xBD��\xBF'@ͼ\x89\xF7\xD1\xEE\xB6�Z\xAA\xC8:\xA8\xBF\xA4\xA1\xB1(\x8F\xEE\x8E�\x9F\xD4\xFA\xA1:\xF8\xE6\xFA9\xDF�\xE7\x8A\xF2\xD1?\xA7\xBE �w\xC5\xD6\xD7\xF1^ÔB\x9D]S3\xFCS~(\xF0\xFEy\x9B\x9E\x97�\xA2;t]<\x96\xE9&\xDCDK ��\xB5\xF6M\xF4\xF1\xE4r\xC4�%\xE4(\xA1/\xBF}\xFF\xE1\xC3\xF5[_\xC79\x9C\xCC\xDC\xCB�\xA0/Oy \x83\xBF\xBD\xFAZ\xEA'\xF3�\xBB*\xCD\xE2\xB8�\xD7Q\xED\xFDSV\xD4�ñžš²hCh\xB4\xA1\xAF\x8A�\x80'\xFA
-*\xF8\xF0z�&=�\x8D\x8AѮF\xD1�p\xF9p\xF3]\x86
-\x8C\xAD\xCE\xEA\xB6#\x85߮I�c\xBA\x9Ah\xB6\x90\xF9\xB5Q\xD3$nP\xF1\xBE{S�a\xE7\xEAc\xB1\xAD\x87a\xD3�\x8E\xB7�\xB3�4\xA8� :lVxPX\xD5�\xE1&\xC4D8k[1�\\\xC4\xC3\xF7\xD5�\xBA?[�9�\x8F\x987\xB8\x9DI0\xA8\xD5\xEB:?\xC0\xB6\xF9\xFAK\xB1\xDB\xF9\xDA\xC7<�\xFDQ\xE74t�%�z�)�
-\x9E\xDFP N�5\xB4\x96[\xC8 \xFB\x8A\xED\x93oݦa\xC4}X;;\xED\x9F\xF3Ì“>a\xC4P\xCA"E\xFC\xE1\xE8\xBE \x85\xED�\x9E�<!\xD2\xE8\x98L\x9C7g\xE3?\xF2\x8C\xA5�\x96HÕŒ\xC8r�z\x97AÒ•=\xAE5\xA6ix7\xFD\xC5C(\x94\xDF\xDA�\xE2\xB5P3Ä‹(\xA7\x96��_�\xD3,;\xE4u\x9D�\xD9�g�\xBC6\xF0y)�Ôˆ�ݯ� �~\xAB\xEC\xC8\xF1C\xB9C\xCF6j\xBD\xCF\xD3�B\xE0\xC3 a\xE2\xFEC\x87Û-x\xC9\xE9\xDE\xF7\x84\x8FD�\xC9t\xFC\xCE�0_j�=\xE1q�\x9B\xE6�\,\x84\x96\x9B�}\x89\xFA\xFA P\xE7a\x8C\xFF$\xA8�VA\xD3o'\x88:!\xC2l\xF0\xDEVq\xD5
-4\xF5Su\xDA\xE1&\xCB\xC4S�\xCA:/qU\xA9\xFD\xB6C\x8B_j{:\xD4ŧ\xBC\xDDTW\xBBS`;\xB4yme\xF4 \xE9\xB5tAҮ\xAF|W�\xC1\xF9\xFE\xF9\xF8\xEA\xABAM\xA9\xDB38S@\xAD9\x84\xA0�\x9C�jx
-\xE1\xF7\xA1\xDD\xEBX\xF8\xDCV%\xD2\xF7\xF1Ԅ\xF26w\xD3\xE7\xFCw_{\xFF!|,��\xD9\xDD�O\x8F\xA9\xEBj[\xA4\xC7\xE8 \x8F\xBBS�}�H�\xC8�\xFF\xE2$\xDE�\x9C0\x96Pɼ0\xEF�ʬZ翧\xFB\xE7�:?\xBC_\xAC\x8B�l\x95\xEE\xEBg\xE8!\xDBj\xEF?\x86"�
-\x80eO\x99Ì·\xA6\xA17\xF5�\xF2ë’�\x8Aa\x9B?o\xB1\xE6\xF5\xC2�\xB3\x9CPL\xB1\xC2\xE82L\xC7!\xBE|\x9DÝ›\xAF\xBFf\\xC81\x9B\xC6�\x90\x8E}%5\xF0^hc\xF69\xE5\x96\xFDOx Q\xDAÄ€\xE3\xB7\xF9Mo\xAB�*\xFCN\xEE\x93
-o\xE2\xB8Q\x8E�P\xBB\xCFc\x84j�\xE1\x9E\xFBV##\x9F\xAA7�\xB2Mndw\xBFZ\x9B�\xD4\xD5\xD4\xD3�\xCBNψ\x89\x86#\xAF|q\xB6\xFA\xE7\x8Dr\x9C\xC2\xDAp[zF\xECq\xED\xEE)\xAF\xC1 "�\xD1g}\xAE\x90Õ¾\xB1\xC9m\xF0\xA1m2|>\xD5H.\xACa(9\xCF�N\xFE)�\xC1��\x84\xA9N\x90���\xFC\xC9u\xCB��E\xC8\xFAP\xAF\xC4zO\xF0+�\xB2Ü¢+H*\xD1�F\xEC\xE2g\x95\xAC9k\xB0�\xB4\xCA!�Õ¾%\xF5�\x86\xBAW_uA�+\xE8K///\x97\x96\xAF\xC9\xC0\xC5�\xE0\xFDBHz^\xEC\xF6[_\xDE�G_q\xA4�Z\x8E\xCB㉈\xB5\xA2,\x8E�0\xBA\xAA\xF8\xB3\xBA�?\x81\x9F\x83\xF8\xD9\xCE\xF1 �\x87Z\x8C\xE0\xF1\xD7�\xAEl9q�\xF6U�G]\xC2L�\xC9�+T,\xFC\x9A\xA6\x8D\x9A>\x92�T\xCF\xF7=W�\xC9 \x9CBF\x88y �Ôˆ�\xDDd�\xEF\xE6dÒ•\xC1�\xC7B\xD3\xCEq,td�tt\x8Ec\xEC\x89DZ\x86\x9D\xF4\xC71\xB6�@\xE6PM\xFD@Ta�\x9E\xC8Ø’U\xFB�c#\xB6E\xF7\xD04t\x87&g\x94p�K\xD89f\x92^2\xF7\x94:\xBA\x99u\xBA\x8D�\xC7\xEFd\x9D\x9E\x8EOÕ¡@\x81\x9D�BW\x9C\xCF=\xB8\x85\xA0�\xF4Lz\xBAAO\xF4@*\x9A\xF8 \xADQV\xA8F���ME\xFBt\xFF\xE4B�N_\xF9���'^\xB6�s\xDAnVµ\xC3�\x9E�\x9A�.\x9A/\x98(K6v\xF5*\xF0�V\xF1f\xBF\xCC\xF3,\xCC\xEA<\x81\xEB\xE8(\\xB7�\xA5Õ6A\x8D`g6\x97\x8F\xF0\xF5�\x86\x85\x80Û§�\xF38\xA2�sÔ§g\x88�{È…\v�-=\x97u\xBB /!Ò€\xB0ݤ\xEA\xB4Ý‚ \x80v.\xD1w\xD1\xC5 ai4;V\xF7'\x97\xF6`c�*\xF7�\x95\xFA\xA2>\xDDGz\xE1\xA3K�m<�\xB1\xE1P<\xC6\xCE\xF0\xBB\xAD�\xAC\x9BsBC \x82�\xF8Óª4,Y\xD4o\xC6B\x963�\xB4\x9B\xA0\x94\xF91DO�\xDBH�\xAA�\xF3\xA0!\x8A\xE3\xEA�\xBEL}\xD1%%
-\xC9 s\xAF\`U\x9C�\xDE \xC22\xE7%\DD86\x85�r\xC1\x992\x88\xE6c9\xA0{\xA3\xD2\xD6\xDBT�C\x819\x81\xCB\xE9\xA0\xC3YN\x9B\x897(F)Q �ä\xA6 l\xFD[5N�\xA7l\x90\xD0\xC0\x81w:\xFA5\xBB\x8A\x9E\xED\x89r\x80\xC4@\x847\xE1\xFE\xC4�[G\xE7l+\xE2y\xF8k\xBE=FM\xEE_\xC3\xED\x88�DX\xFC\xF1\xD6\xE0 \xED\xE6D\xE9\xF9\xD0yN�u\xB0\xEAX\xF6\x8A\xC9-\xB3!m\xE7\xB4I\xDBy\x8C\x85\xD8\xEB\xD3vN\xA3\xFB at S\x93\xB6\xF3&[c\xB6\x9B\xA5q:\x92\xA8�\xC8\xCBË›D�\x9A\\xA2\xCEC\xA2�\xCF!Q\xE7\xD1�\xA0\xA9\xBB\xBD<x\xDAh\x9E�\xF2�\xD3\xCA\xC8%\xA3.#�I2\x9E\x91#\xDC��\xCAaF\x8E\xADi\xE8M\xFD,]\xC6'&\xA4\xE3X�iG�yφ|p�\xF9_$\xF6=Ó\xE1#�j\xBD\xA8\x8Ff\xE9\x94�\xAE\x95\xFAS\x8C\xD6B\xEA\xFFg\x8A>\xF6\x8B!
c\xA1�\xFELx$S\x80\xFFa_\xFF\xF2\xAF\x91\xCF?Õ– �f\xEA6UP
-^n\x93(��\xC6ھ\xE4J�\xA2�OFD\xFF�\xDCD!8endstream
-endobj
-1925 0 obj <<
-/Type /Page
-/Contents 1926 0 R
-/Resources 1924 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1893 0 R
-/Annots [ 1928 0 R 1929 0 R 1930 0 R 1931 0 R 1932 0 R 1933 0 R 1934 0 R 1935 0 R ]
->> endobj
-1928 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [352.4539 693.8338 426.1073 705.8934]
-/Subtype /Link
-/A << /S /GoTo /D (server_resource_limits) >>
->> endobj
-1929 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [387.5019 662.8374 456.1739 674.897]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1930 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [381.9629 631.841 450.6349 643.9006]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1931 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [398.5803 600.8446 467.2523 612.9042]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1932 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [393.0412 569.8481 461.7132 581.9078]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1933 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [255.0796 538.8517 323.7516 550.9114]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1934 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [311.5276 507.8553 385.1809 519.915]
-/Subtype /Link
-/A << /S /GoTo /D (tuning) >>
->> endobj
-1935 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [315.9507 476.8589 384.6227 488.9186]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1927 0 obj <<
-/D [1925 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1924 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1938 0 obj <<
-/Length 3196
-/Filter /FlateDecode
->>
-stream
-xÚµ[Ks\xE36�\xBE\xFBW\xE8�\xB9j\x85\xE0I�\xC9i2ã™\xD4\xC6\xC9z\xBC\x97Mr\xA0%\xCA\xE2F"'"e\x8F\xF3\xEB\xB7A<L��\xE8T\x9Cr\xB9�\x82��\xDD\xE8�\x8Dn
-"��d!2\x94)\xAA�\xB9\xE2H`"�\xEB\xC3�^\xDCý��\xC4bV�\xB4�\xA2\xBE\xBB\xBD\xF8\xFA=\xCB�
-\xA9\x8Cf\x8B\xDB\xED@\x96DXJ\xB2\xB8\xDD\xFC\xBC\xCC�E\x97 �/\xDF\xFEx\xFD\xFE\xE3\x87\xFFܼ\xB9\xCC\xF9\xF2\xF6\xE3\x8F×—+*\xF0\xF2\xFD\xC7]\x99Ö‡\x9B7?\xFC\xF0\xE6\xE6rE\xA4 Ë·\xFF|\xF3\xD3\xEDÕ\xB9\x95Y�\xDF}\xBC~gz\x94\xF98#\xF4\xE6\xEA\xFD\xD5\xCD\xD5\xF5Û«\xCB_o\xBF\xBF\xB8\xBA\xF5\xB6�\xED%\x98iC~\xBF\xF8\xF9W\xBCØ€\xD9\xDF_`Ä”�\x8BG\xB8\xC0\x88(E�\x87�.��\x9C1׳\xBF\xF8t\xF1o/pp\xB7tr\xFE�F\x94etb�9�L\xA0$H(%�\xB9P(c\x94\xF5�X~)�\x9F\xF7%Z7�\x98\x84�\xE3\xE5\xF5'\xF3Y\xB7�\xB9\xBBu\xD9!m+�\xB8"�)!\xE8\xEC\xD34z\xFA\xEB\xF7\x94�\xF4�Y�\xA3�Ó¼\x97u\xBB+\xDB�\xE67'\xCB\xE3%\x91\xCBr\xDD\xF4\x9F\x9B\xD6t�\xA6\xD7\TuW�\xEBb\xBF2ק\xB6ܘV\xD7�e\xB4\xCD\xFE\xC1>R�\x87ÒŠ:Õ›\xF2h\xE1;{\xBB튮Z\xAF\xDA\xEEtg:\xFEh\xEA�\x8Cb9[\xBEo\x8EnX\x80\xD5\xEB\xF2�\xFA2_V\xDBg!�\xB3ӖLJ~�\x95;\x93\xCA\xEA\xA1WB\xC9ean\xFC~*\x8FO\xA6\xB9m,\xF8�J\xF9\xE3\xE3㥢K4\x98b\xDDm\x9E}\xAC\xBA\x9D\x81�\xFD\xA1q\xF3\xCE|\xDEU\x9D\xC145hÉ°z\x86�\xF5\xA9ꪫ\x8A\xAE4X\xAB\xDD\xE9Ø‚~S\xA6\xF8\xD9<u\x95�\x9Ce\xE1�3\xCEz\xBDG\xB41:\xEB\x9BE\xBD\xF9Z�\xC88\xB5@:
-\xD4�ԟ�\xB2�n6v\xA4\xB6l\xED\xD0 ̂wemZm }\x81\xEA&D\xE8 \xAE\xFAI\x87\x95۳�>\xC1�\x83\xCDE?\xED\xF0yh<\xC5t\xEF�@\xC4>f\xB9 \xCD@��� \x82rB\xB2E&4\xB33rf\xC1�\xD0j\x88\xEA\xD7+%��ϣzNU\xF7\xAB\x87b_m\xAA\xEEiկ�\xB8�kAx\x8E8'yZ
-\x8F\x9A\xD0c\xB8N\x89\xA0\x88C\xB8�\xF4\xF8T\x96~jLcS\xB6\xEBc\xF5Y\xF3\xC3M\xA0]\xF4C\xA3T\x8E0\xE5
-4HZ3RA1\x88p\x8Aۧ\xAAzl0\x830)s\xE0\xEA\xD0�s\xF3x\xBF0\x8D\x9B\x81\xE9�?cz,\xD7ؾ~\xB6R\xEF@$CD\x8Cu\xE2T \xC1f\xA8\xE0 at 3zD\xB2\xB4�\xE7\xC9G1˜\xF1�\xF2
-P \xF29\x94s�\xFC\xD7U}\xBF\xAA�pxD<�{3\xCBiZ�\x8F\x9A\xD0! �g�\xC3n�*\xF1ט'�̋L�\x8D/\xC1\xF9\xCCsu\x82uL \x9C\x817\x86f\xA4X\xE7\xF03v\xC7r\xFF�\xEBp\x86r\x9A\xA9\xB4�<jF\x93XZ\x92xB*\xC41\xCE\xD2\xC4�\xA2\xCE�ϣ\xC6\xDEҟEw:N\xB0O\xE4�\xF6\xC1\x80\xA4��5\xA1H\xC0\xBE\x8C"\xC5X�j\xF2\xFA\xEC�\xED�+\x81�\xCA\xC5y�\xE6�I\x95\xB1\xC0\xE2���~\xC6\xF6X\xEE\x9F` �9I{\xC1\xA3f4\x89\xA5\xA5�($\xCAU\xAEf�8@%�\xE8Pc\x8FuO\x9F\xCB8\xF2a$9\xA7i
-<jB\x85\xC0\xED��$�"\xD4\xE1\xF5\xB9\xE7,�
-\x9F\xC3�p\x92�|�
-2\x89I`l\x8Av�?cv,\xF7\xE5\xB4c\x8A"ƱJ;\xC0\xA3\xE64\x89\xA4\xA5iG%To\x90'\xA4i7@%h\xE7Pz\xC4\xEEX\xD4\xED\xB6\xEC3\xCEUۜ\x8E\xEB\x98y�\x8A\xBE<\x9FQ£&\xB4�\x98G�\xAC\xB7\x91�\xAFC\xBC3\xB6\x8C\xB9�\x95n.�\xA9��Ÿ���;R\xDCs\xF8�\xC3c\xB9縗OFa\x9A\x89\xB4�<jN\x91HZ\x92z�&Y(:\x93\xEC
-Q\xE7\xA9\xE7QgܵzȦ2>NČ��5\xA1\xC88\xE3c*��\xF9\xDB\xD8g\xCD�g}�Q\xC2x2듔\x91\xC0♬\xAF\xC7\xCF\xD8�\xCB}1�9\xA6H`*\xD2N\xF0\xA8�Ebii�f�R�\x9C\x96&\xE0 \x95 \xA0C\xE9�\x8B}\xB7zI\xFCc�\xB1��iE<jB\x93\x90\x81�qEe\xA8\xCA\xEBT\xBB \x83\xC6��\x88aE��\x84
-\x8Ap�Øœ\xE4\xA0\xC5\xCFX�\xCB\xFD��\xE4\xE0C\xCE\xD2n\xF0\xA8�Ebii�\xB2�19G\xC1gP\x82\x81�\x94\xF0\xD7T���\xB7\xB8�IE<(\xD6$|\xDD"�\x83\xDD(P\xE5o%\xE0t�TJ\xEF\x87 �f�\xA6l\xA0\xE7���<m}$\xF5\xE5�d\x90\xB2\xE5\x98%}\xE0Ai-"Yi\xF6a\x81r\xC9g\xB2\xBF!*\xC1?\x87\xD2#\x9E\xDAr\xF5\xD2(\xA8YC\x{17C954}\xF1\xA8 m\xC2\xDA�\xA8\x8A\xA1+P\xE7u6\xE2�\xA3\xA2�\x98#Bd\x96(\x81\x810\xB0w�\x86'K`\x8B\x9F\x99\x82X\xEEË™È=\x84\xA5]\xE1 at 3jD\xB2\x92L\xD4J�y\xEE{6\xC7\xC4!\xEA<�=J\x8FX7]\xB5}:\xC7=��\x9E�Ý&F�\xEB�\x82\x94\xCAY8\xFC넿Ȉ\xD1\xD8�E\x92\xB0\xFC,Õ¨b \x8E\xC9\xC0\xD0�\xD5<~\xC6\xE6X\xEE\xCBK�\xA1�\xC4)\x96\x9E{\x8F\x9AQ$\x96\x96f�\xD75\xE5ܶ;D%\xD8\xE6P\x91\xA3&\x8B�\x8C$ÔˆI��hB\x81\xE8U��,\xD4\xE0o \xDC\xF4.\xAB_\xB5�\x92\xA7_\xB5(%�[\xE7^\xB5h\xFC\x8CٱܗsN\xE6\xB09*\x96\x9E~\x8F\x9AS$\x92\x96\xE6�aH\xE53o\x98�\xA0�\xE3,H�w\xA8\xEAÕ±\xDC�\xCBv\xB7\xEA\xAAC\xFF\xFD\xAE\xFEB\xB0\xF82\xD9Ý£\xBB\xE3S\x8Cu\x9Dq\xB2D\xF4�7<\xA9\xBF�\xC5�\x84)R\x86\x84\xCC\xF3\xC0\x82\x9E\xB0DY\xC2\xEAF at X\xDD�\x93\x8BÀ$#r\xA8U\x82[�\x9E\xD6/\x92�0Kkr\xF6%\x9E\x80\xBC\x8B\xEAT!\xE9f�J\xAB�\xC9J\xF2\x8AJ\xC8xr\xC6\xD2\xC4�\xA2\xCE3Ë£\xFA%\xFDekR\x9C\xED\xB19\xAC6\xD5V_@\xDAS\xD6\xEB\xA9o0(\xC29\x94=Iu<jB\x9F\xB0\x92\x80h$D�*\xD43�\xD2l\xC3�\x96\xF1\x90)\xFA\xCEdh#X\x9F�\xF1\xEFE\xE6ÌŠ\xAB (,Y\xA2\x9A \xAC\xE2$\xB0<YNX\xFC\xCC�\xC4r�6jk��\xE3\x82"\x87|@È´3<jF\x91X\x9A\xE1\xE3*�\xBC?\x8Ep\xDDt\xDE1Eg<c�\x96\x8C<�\xFB9\xE8L\xF4\xD78\xC33�/p \xAC\x86`\xAF\x92\xBE\xBE;�m�\xB9x\xEC8��\x83\xC8�\xAC0g,F\x92\x88�L\xEE\x9C\xDB\xA9\x{12ABE9}|&\xBF\xDE5\xD5\xDA�\xCB(\x86�/`×´\xBD�E\xB5/\xEE\xF6\xEE\xE4E7Ú’\xFF\xF0'8\xF6\xE5C\xB9G\xFDy\x8Ds\xEB\x9Bc=\xFD3\xAFI\x87\xA8\xC4\xFAv(m\xC7o\xE5�\xCC\xF5��\xD5�\x9F\xA62c\x91\xF3\xF4\xE8�41z\x98�S$�$*\xC1\xF0\xAFS\x93EF\x8C3cMY"�\x991Ti�\xB2\x89\xA1 \xC9\xCC\xD8\xE2gl\x8E\xE5\x9E\xC9R\xA6�\x840\x9E\xB3\xF4\xCC{ÔŒ�\xB1\xB4\xF4^\xA2�\xE4�:\x93\xA4�Q \xAE9T\xBF\xFAN]\xB3\xDA\xD4m[\xAEc\xA6a�\xF9�K�\xEEQ�\xA3�\#��\xA6Y8\xFCa\xBD\xC1\x82e�\xB0\xD6M\xFD�\xC6\xF4\xFEd�\xEE\xC6\xF4\xF6�\xD8tc\xF3T�\x87jm.!
\xDE\xE93\x81L�\x881O\xA6\xA7Ø·\x8Di\x9D\xF4\xB1*\xDD\xE8v\x95�ݸ\x8DH\xF76\xEE\x81}\xF3h\x9A�\xC5\xF1\xA9\xAA\xEF\x8D\xC4\xFD%Y\xEA\xA5ßšK\xC3t\xFD\xBA�\xC1\xF6H\xC2\xF0\xA8'\xEF\xA0\xCF\xF8�Þ€V\x9F\xAEÞš6\xD0\xDF%quq_�ʺ\xD3'\xFF�Ö‡�\x87\xA1)\x88S\xDD\xCE\\xD9\xCB\xCFM\xDBV>X\xB5e×\x9A\xED7�kO�P\x93(㹈\xBC
-\xAA3c\xED\xB7S\xAF\x85\xE1\xA9L\xB9\xE3 \x9F\xCB\xE3\xA1\xEAZ\xF3�\x98з\xEC\x9CA\xCF]i>O\x9F7E\xD7{\x881{n\x8Eq\xBB\xF9C\x8F \xA2\xBA\xB5=\xF5\xC7)\xF5]cX\xFF5\xB1{\xF2qW\xD6e|P_\xF9\xC7\xC1\x81G3\xE9N\xB9pOjÛ“?{\xE7"Ôº9�\xFCF�F%x4\xF3Y±\xDEXgiE�\\x88\xE0\xE5�\x92\x94\xB8\xF9Ж\xE8C\x9E��\xC7a\xAB\xA3\xD8UYhjO%\x92\xEB\xE4[8\xDF\xC4+nE)�\x86Tu�\xFF\xDFN\xBE\xAB\xD2\xF9;yNr\xD6\xFBÓ¦\xB7\x9E\xBA\x83\xA6�8t\xD7<\xF4E�Í—w\xA7\xCE\xDC5+\xA2o9\x9A\xDAÃ\xFA\x89\xCD\xFFNm�\xCA1\xE7S\xBF\xB2\x9D\x9E\xCC��&\xF4�\xF1\xFA�\xE7!\xFB\xC0I\xE9\xB2]\xEF\xCA\xCDi\xEFT)\xD6\xEE\xBCm\xBF\xBA4\xA2k\x82!i/\xFA+\xDBW�<\xEEPv�p\xAC0W:\x97i˸�\x82r\x9Cê‚“0\x9D\x95ξ\xA6s\xF0\xD5 ?\xF5\x85\xC5H\xAA\xB6\xD0\xF8k�\xDAÞ—\xB5VGNe�\xE6l�\xE5C\x85\xCE�\x94�PZ
-\x8E%R��6T\xC3R<<�(�Æ\x91\xBFl�<|f\xF4\xB1\xD4\xC1$\xF4q\xE8P\x9E\x9D�\x819\x82\xE7Ir�<(\xADG$K\xEB\xA1�5g\xC7\xC1�
-\xCBP\x8EBÄ9\x81M�a�
-^Nd�\x86�x\xE2\X�\x88
-I\xE7Â\xC0HP\xE5\xE4\xAE��f\xED\xC4\xF0\x8C\xC0fH\\xE5\xA3em\xA6\xD2[\xD8t0u\xE9\xAD9\x86N\x97\xFB\xA6ؘ\x96\x89кe\xD2\xF4\xE6`\xAE:g\xBFم\xFC\xD1u\xD8O\xAA>�\xEBo\xF6\x81{h\xF3B\xAFZ\xB0�H�L\xA7�\x97\xB9\xEC�Z\xF6\xB48\xB4 \xA6\x98\x93\xEBN\x99\xCC��\xFD\xCD\xE7�\xF6p�)\xD6C9�)I&�(\xC2G\xDE\xC8zS]\xF0�yD\x89\xC7H\xF62\x8F\xE4\xFE\xE4Q\xD2#\x92\x89�x\x84\xFB\x97q\xC6#\x99\xF7H6\x98�\xEF�\x93>\x80�
-\xF3Q\xDC4[\x9E\xB0~Ò\xB1\x9Ft\x9F\xD9`\xC5sx�=\xD3\xEF�`=\xD4d\xA6�\xF6Ôº\xDF\xC4�\xB5\xE9�]6\xEB\xF5\xE9h\x9AUmo\xB9Ñ·\xA7\xCE&]\xFA(|.\xCD�\xD2C\xED\xE7\xA6)\xAD<]IM\xFD.ASh\xB8\x8D\xD3~\xEF�\xF3�\x90w\x80iÕ¿�\x80}\x88�\xA2kU!\xE4Rש\xDF\\xAE {\x81\xADdm\xB1.\xFD`\xCB]\xF1P\xBA�\xA4?\x9A\xCF\xCC"py\x84\xC9�\xA1\xB3�\x8F\xE7s
-\x9DY�\xDB\xCE\xF6\x9AWl&GL\xFC6a\xB0\ ax\xACz\xA6C\xEB\xCE'd\x86\xDF\xDA-\xA6g\xEB\xCE\xFD\xAFwE}\xEF\xB2�Ȫ\xAAfc\xB7_m\xB6}\xBFgF\xB97B6\xFB\xB2m}ueFܕ\xDD\xCEW\xD0�Y\xA9\x82ZK\x91(\xAB �LXp\xE9\x88\xF7\pٱ\xF4\xAF\l,eJ \xDE�d�r\xF4֥X\xF6��\xBBr\xFD\x9B\xE9\xF0\x87\xEB͕�\xB8\xB3\xE6\xAC\xD6\xCD\xC6M\x8B\xFB\x89\x84/\xAEw
-�.\xE7�\xF5\x8E{\x93
-\xAAL\xBF�\x81먿\xFCK\xA8矉A2Ǥ<\xB3�\xD1\ x8sJ\xE9Y!�ǥ\x9A\xFD\xCDT\xAC\xFB\xFF�\x8B\x9C\xD0Gendstream
-endobj
-1937 0 obj <<
-/Type /Page
-/Contents 1938 0 R
-/Resources 1936 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1893 0 R
-/Annots [ 1940 0 R 1941 0 R 1942 0 R 1943 0 R 1944 0 R 1945 0 R 1946 0 R 1947 0 R 1948 0 R 1949 0 R 1950 0 R 1951 0 R 1952 0 R 1953 0 R 1954 0 R 1955 0 R ]
->> endobj
-1940 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [352.879 646.8005 426.5323 658.8601]
-/Subtype /Link
-/A << /S /GoTo /D (tuning) >>
->> endobj
-1941 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [334.0699 616.1977 407.7232 628.2573]
-/Subtype /Link
-/A << /S /GoTo /D (tuning) >>
->> endobj
-1942 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [373.9 585.595 447.5533 597.6546]
-/Subtype /Link
-/A << /S /GoTo /D (tuning) >>
->> endobj
-1943 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [319.6839 554.9922 393.3372 567.0519]
-/Subtype /Link
-/A << /S /GoTo /D (tuning) >>
->> endobj
-1944 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [307.1508 524.3895 375.8228 536.4491]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1945 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [334.8268 493.7868 403.4988 505.8464]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1946 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [337.0185 463.184 405.6905 475.2437]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1947 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [364.6945 432.5813 433.3665 444.6409]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1948 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [374.6372 401.9785 443.3092 414.0382]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1949 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [292.0276 371.3758 360.6996 383.4354]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1950 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [319.7036 340.7731 388.3756 352.8327]
-/Subtype /Link
-/A << /S /GoTo /D (zone_transfers) >>
->> endobj
-1951 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [460.1655 310.1703 533.2211 322.23]
-/Subtype /Link
-/A << /S /GoTo /D (tuning) >>
->> endobj
-1952 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [368.9978 279.5676 438.8121 291.6272]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1953 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [293.1435 237.0097 354.3435 249.0693]
-/Subtype /Link
-/A << /S /GoTo /D (options) >>
->> endobj
-1954 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [329.3035 133.2463 407.7186 145.3059]
-/Subtype /Link
-/A << /S /GoTo /D (man.dnssec-keygen) >>
->> endobj
-1955 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [427.0093 133.2463 505.4243 145.3059]
-/Subtype /Link
-/A << /S /GoTo /D (man.dnssec-settime) >>
->> endobj
-1939 0 obj <<
-/D [1937 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1936 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1958 0 obj <<
-/Length 3401
-/Filter /FlateDecode
->>
-stream
-xÚ�]s\xE36\xEE=\xBF\xC2o\xA7\xCC\xC4
-\xA9O\xAA\xFB\x94n\xB3\xDB\xED]\xB3\xBD$\x9D\x9B\x9B\xB6�\x8A\xC5Äš\x95%×’\x93u\xEF\xEE\xBF�@\x80\x94d\xCBNnz\x93Ɉ�A� ��\x80,g�\xFE\xE4Lž�\xB3h\x96f\x91���\xCF�\xAB31{\x82\xB9\x8Fg\x92q\xE6�i>\xC4\xFA\xF6\xFE\xEC\xF2C\x98\xCE2?K\x82dv\xFF8\xA0\xA5|\xA1\x94\x9C\xDD�\xBFx\x{FFFF}\xFA\xE9\xFE\xFA\xF6|�\xC4\xC2K\xFC\xF3y\x9C�\xEF\xDBO7\xDF�$\xA3\xC7\xFB\xCF7�>}\xFC\xF9\xF6\xEA<\x8D\xBC\xFBO\x9Fo�|{\xFD\xE1\xFA\xF6\xFA\xE6\xFD\xF5\xF9\\xAAX\xC2\xFA\x80)�Y\xF0\xE1\xD3ß®i\xF4\xF1\xF6\xEA\xC7�\xAFn\xCF\xBB\xFF\xE1\xEC\xFA\xDE\xC92\x94W\x8A��\xF9\xFD\xEC\x97\xDFĬ \xB18�~\x98\xA9x\xF6�/—Y�\xCCVgQ�\xFAq�\x86�R\x9DÝ\xFD\xDD��Ìš\xA5S\xFA\x8BC\xE5\xC7*H'��È�\xA5\x80q\x94\xCC\xD28\xF3\x930�\x8D�\xF3m\xD7Ì‹\xBAm\xF5�$\x93\x89\xB7\xD8\xE8\xBC\xD3\xEFP2X��� \xF5e$q[\XÖ‹j[\xE8\x96VuK\x8D\x83\xD4\xCB�\x9Ag}�\xE3 \xF4�\xB6�\xCD\xE6U\xDB\xD8QÕ¼\xB4L|\xC4��\xAAD\xCA\xC4\xEB|\xA5\x8B �\xC2�XP cu\x8De\xF9\*�\xD9&�j\xFDB�_\xF4\x8E\xF9+\xEB=>a\x8A \xB4vÝ´s\xDCo6�\xD2\xC8�Y�Ú”\xD2\xCF\xE28 i\xBBf\x83�\x94\xF2^\x96�\x89\xA9�\xF6Ñ….\xC0d\xA2 \xF6~�\xB1\xB8\xF9|\xFD
-a\xDD/˖\xB0\x9AuW65A \xA6\xBC\xBA\xE9hr\xA7;\x9EY\xAD+\xBD\xD2u\xA7\x8Bw\xE7\xF3P(f�\xA6\xDA]\xDD\xE5_\x87�2\xEFA\x97\xF5�\x81H\x80Vo\x9EAef\xF2\xB1\xD9�Y\xC4X\x86\xC7m\xB7%d\xB2\xE1m\xAB}\xE0Z:\\xF0\xAB83\xA8\xF7K\xC6)\xF4c\xBE\xAD:ziu\xD7Ѷ\xF0RN\x9D"؟�\xA15\x91\xB1m\xC1\x9A\xE6�\xB7\x9C8\xD8$\xF3\x83$S\xBC\xD0?\xF0+�\xAC\x81\xCB'`\x83I\xA4\xD2\xE98\xC2H\xF3!֡�X�uX\xB8\xE3
-\x84,竼\xED\xF4fs�\x85~\xA2\x94:\xBD\xBBÚ\xD8~()د\x9F\xA4B\x8E\xF7\xBFӬ\xF0\xAE\xD7|\xBBؔ\xD6vHy�
-O}�D�\xEBm_\x8A}%K\xF0�\xD1;\xF0\xBE\xA0!Z ą\xA1 4\xB7y\x9A\xD1\xE0v \xB1EE\xE0�\xAA$�\xE3\xAEL|y\xC0\x8F\x8A\xFCT�\xF1i\xC5;\xAC\xD7\xF88\xA0v\xDA\xD4b\xC0
-!\\x9E6\xB5�\xD6 S\xB3X\xE6\x90\xCC\xF1\xFC*DP\xE99\xB8\xEA*\xEF�,.�[
-Bu\x9A \x875\xC1\xC5\xC8\xE2�\xB08�A`\xC4ÆŸ\xB38\xEB\xA9G\x84Ù¿9\xA4/\xD2\xF8\x84\xE1�c*�G\xE2\x9E2<FE\xEE�\xAAG
-/\xDEg(
-2?\x8E_; \x87\xF5
-#\x87\xD4N[^ X\x81\x88^\xB1\xBC�\xD6 ˳X\xB8#\x85\xE29\xFCo7z�\xB1\xB9\xACi\xBC\xCFI \xA4��\x90Q\x9Cd\xC5aM\xF02�?�\xA0g\xB1\xC7\xCB\xFF'\xE0\x9D\x94h\xDF
-$�\xDE\xE8\xA8�B\x96��\xBFP#\xA1OX\xA1\xC3E\xFCC\xBAo�\x80Q\x96\xF9)Ĭ\xD3\xE7\xE0\xB0^c䀚3\xC3=%\xCF# \xB12D\xD9B\xCC?��\xD9�\x94�A\xBA,\x84\xF0\xBE\xDBA\x9AV\xF2\xD5\xFE\xF3\xBA\xA0\xFC�\xC6?5U\xB9(u;q�\x90f�\xB1/\xE1\xAE7�9S\x8F�\x93\xA9ãݮ\xD7ͦ\xC3,'\x8A\xBD\xEE\xA5!p^A\x94\xA9\xF3\xAE|\xD6�X\xE9n\xD9�-\xBD\x80\xA1\x98\xE7\xD3&\xAF\xBB\xF2\z&G�\xC0\xA2*!\xA3b,24�lʧeǰ\x866Z\xEB
-�/��N.x\xD9�\xB9\xDA!:\xB03\x95^\xFD\xD1\xD4&\xF1��,\x9A�C\xE2�\xA7[�A�v\xBD\xC5O$\xC0\xE0%2�6\xB0\x9ADyN\xBBO]\xE5�$Z\x91K\xB4\xEAb\x8Ab\xE6C���\x87H\xCD\xD7x6\xBB)\x8A\xB1�\xC86�\xA7\xA4\x95\xC5\xE1�s\x8D&\xFB\xAC\xABݹ\x94\x92\xEC�O�\xF2\xF6,9\xC8�'\xD9ICw \xBC&_臩\xB4\xBC/\xAA�\x92UL\x8BS\xEF\xA5\xD9|iihN��-\x94�<\x9B\xEFh\x903�&\xFE\xA1H\xBC5 \xF1\6[\x9Ey֛�d\xE47\xB4!|\xA2E\xFA4\xFC\xD4\xD1Ә�\xA3=\x81�j�Z\xE32jPP\x98\x88$�[\x84�m`^\xAB\xB2m\x9D\xBF�;\xC2�|\xE04y\xBD�j{јg\xE1B\xE1�\xA96�\x9B<\xBCދ\xA3h\x87\xFE\x91\x9C~\xE2T (\xE2\xF0\xCDF"�\xB5,P\xB7\xDA\xC2�.�\xE1\xAD�[f\xE0�zB\xAD\xE7\xA0ŲFW@�8Hgp\x9A\x8A P4nh\xF1\xCB�R��s\xAEg\xE8�I\x9A\xCDL\xE5�d\xA1wE�[\xCD\xEBPY\xF8ܜ+o[\xE9\xFE\x84(\xA2\xD1 Q\xFB\xC0\x94SY\xEC\xB5k\x88�zQ"\xAF\xBA\xB8 \x93\x81BϕK\x80\xA3\xF3\xC5�G\x91%\xCC\xE0\xB2[�\xDEa\xC2Z
-\xC2�\x86�\xBA.5\xC3z;hi\xF2\x91\xB0 \xBB\xD6�\xB1\x80^\x87�\xC5\xE3f�\xC6v \xF4\xC0\x{34D62A9}\x88d�N\x9A2q� \xF1T
-\x89�\xB4��\xBB\xB2�.\xD1\xF0\xB3\xC0\xFB\xF4H�dR0\xE8#"\xBC8\xA3Mm\xED\xF9\xFBV\xB7�M�\x9Bm\xFEd \xB7\xF4l\xCB's\xF2\xB8�\xCB\xE4\xCE�1a`\x88Q�\xD4\xD7�\xE8\xBB
-\xF0\xE6t��'c\xEE\xFDݧ\x8F\xEC!�z� \xB7�\xA6\xB0\x9D\xF0'\x84_\xECy�+`7\xF657m\xD8g\xF2\x8B\x9C\xDD\xED\xC1e-��j\x8D\xD6x\xE8s\xB7\xC6\xFE\xE6A\x92\xF6�\x8C/�K\xD9\xD8�\xC0\xFD\x89$=v7HH!\x92(}\xBB\x97\xA6}\xA3\xE6�:~ \xDE�\xF5T\x9A;c\x9F1\xB8J\xEBjG\xE0\x95\xCEk(\xF6�\xB7�\xBD\x93\xA9\xE2�\x95\x97��i�\xABI\xA4\xF7�\xEC\x8B�W\x93\xA9\x82\xDB)V\x87\xD1pB\xB4�\xAB\xE1\xE8\xED\x92eal\xA3U\xDB�2\xF6LІ�î¤6Ô·0qA>R\xEEa\xE4\xF4\xDA_Ó¹m\xD1$\x9E\xDEP`\xDA\xD0+\x89\xAD\x8E\x9DL�A>.\xB2\xECÍ·\x9AL\x8Epo\xFC�\xF6yФ\xC4�R\xF8T\xC9l�\xB0�\xB2\xA1\xDA\xC1G\xA6\xC3z\xAC \xE5\x96\xFF\xC3ÝŸfi6\xC1X�X\x93HCO\xCD\xD1\xD2[\x82st�{\xFF@\xE4G\x82\xE5\xF4\xCA\xE1\xE0�9y\xBF\xA2\xA1\xCCh\xA1 -/
-\x96\xAB%\x84\x92\xF7\xC0>�\x99T�\xFA�\xB6GG&E\x8B*\xFD\x9C\xA3:&\xAF<g\xDCJ\xF0\xF1�:~au9/4]QS9�\xA4\xCC*ry\xD6�\xF4\xA8\xD2\xC0�sM(\xBC\xD6Js}(�C�\xC7�x\xB6/e\xB7XR\xF7�\xE2�\xCF�\x90�p'�\xF3\xCA\xD5j:\xD7��HأP�c�\xEC)�~\x94\x88p\xAC\xC1\xAAY\xE4\xD5T\xB3�\xE8\x89$\x8B]C�\xFC(\xF3\xEE�\xA3\xD4�D�1M\xD5�\xF83\x9A\x95j 2\xBCP\xCFU�uÃ\xE3��;\xA6
-\x93M\xE04\xF6\x83\xC8Uw\xA7\xBA\xC0I\x92\x8E\xBA\xC0\xCA{\xD2`\x85\xDC�v\x9B\xF2��#Ø‘�0\xE0\x98\xBB\xBF\x8A\xA3 �\xD6U\xBE\xB0|w\x93\xFCS\x93\xE3\x82\xD3\xDE0\xF0#%\xE5\xD8;\x89Z,9\xC1\x93���D\x97�\x8Ch\xF38pX}�(\xED\xAD#9\x8D\x9B\x8724w\xE6\xB7;�sC\xF6\x82)Xlb\x8Eƶ3�\x8D�$\x85j@�\xD6 at .\x9F\xF3\xCD\xE5f[_��_\xB2r|dm\xA2r\x8Ec?\x92i\xC0k/zN\x8D.\xA2�\x8Bű]��Ci�\xD5P�\xB6�\xE4W\xB0Ucv\xF3�\xCAw|#\xB8Q��(\xAD\x97\xB2'\x92WO\xCD�\xDCaE\xAF\x96\xD2\xF7?^\xBD\x9F\xDF}�\xC4 \xA6lAB_�\x98\x86)�`\xF8\x9CW[\xCD+\xDC]\x87\xE4�\xE1\xFF\xA1\xD2S\xE9�\xBB\xE0Ñš-\xCC \xD4\xD8 \xCB:\x9C�\xD7|���"\xF5c,�\xAC"�IF~\xA6\xE4�I\xA3ljΚ\xF0c\xF0\x9A7Ô\xD1!MP\xEBt+\xBEwAJ�\xDA#\x85 &S\xB6��NT�\x8D�A\xCC\xCCÓ˜+%�\x9B�Q\xD7�CÒ˜b�<\xF9n\x88)"Ñ°\xDDA\xA6\xB12�\xA2\xCDW ʇ�\xA3|M!\xBCYoJNIG9\xB6Y \x97P\xBE\xB3{\x9B\xCFD\x85\xDD1g\x9E\x9C\xF3 M\xBB\x8D\xA9l,g�\xB6A^�Å®\x87\x80\xD7 \x8D\x9C?G\xF6\xF3�T�&I6\xB9\x92\xC8\xF8\xFB
-\xA0\xA2\x97\xFF\xA5\xDD_�RP\xE46㗲\xAAh\xF4\xC0DM\xA93\xDC\xDBƙȉ�\xA3���˼~\xE2
-\xA8\x92t�\xBArs$\xA9t^p\xA4\xCA4NuÕ¶Û•\xFB.\xE408ÌjÕ–\x9E\x87!\xC0\xA5\xE4�\xC5)`\xB0�
-\x8D�\xBC\x99lÉ”\xD1\xDFLD\xBAq
-0\xBE \xE7 �\x8A\xFF\xA2\x87)\xD6h\xD8\xF3B\xEF&\xAD\xDD>\xD0�h\xEA�\x8D\xFE\xF3n\xBA\xA3�B�(\xA3`\xFC\xE5\xEC\xF8]\x8DI\xAC\xB2\xC1\xB4n\x87M\x80y5\xB1C�B\x89\xAEb\xE7\xBFu\xD1�\xB6��\x95X;n2�\xE1\x96M\xDB]\xD8�B\xD1\xD75\xAD;\xB4\x95\xFD(xx\x92\xFD\xD5\xC9\xC7:\xE8\xFFH\x88.I,\xE2\x91\xD2?s\xD9f\xF8\xB2�\x81)\x96L\xA6Uv\��\xEE\x9A/<*\xBF\xE8\xDE
-\x8E\x9C\xECP\xD5x-��\xE5\xBF\xE9���\x9F6�\x828\xEA\xCB<|C\xAB\xECvkMo\xBF\xF4@�\xFD6\x82#bk'^\xB5\x81k\xEA�$\xC9@\xFA$\xE9\xBB�Xgq1\xE5\xBA� \xB6\xA8\xCA\xE7\xB2\xD2OTQ\xC5\xCA\xFB\/xiN\x8F\xBE\xBA\x86\xA5˜׵\xDB\xC5�&\xA0R\xA3\xDA
-\xF0r\x9BO\xF6k\x99�S\xFDٳEF\xD6\xDAU?Iʹ\xC3~\xAC+W\x90$`\x885�\xA8\x8CD\xA1\x84ՖJ�\xC9Ÿ\xA0\xC9\xC8\xF0�y\xC3ߤ\xB7�6
-\xA5\xFA\xCE�\xE1\xF69zfk�\xFA\xAA\x9E\x98�De\xC3T:s�\xD1{)�\xD8\x95\xE7l9\xB3u\xC9DD\xA3\x95&\xEC\xDA.G\xA4\x86m \x9B\xEA\xBC\xC2^�\xCE9$�fQ:$\xE2\xE6S7\xAF,��\x9B\xF8 \xC0|a#mN\x87�s|\xA1\xEDS!\xE3�PbV8\xA8쟑\xF3V^�\xA3\x9Eá7\xB3-�\xC7�\xB5!\xA6\x9A\x89=1fb\xAA̺i\xD0^\xA5+�C\xC8LM\x8E�0�\x97J\xD7
-\xC7Y\xFE\x85\xC2\xE5�Ȟ\x86m�\xA8\x9FB�\xE8\xBA\xC5z\xDE\xEAj\xEA\xD7�\x90u\x84\x81t\xBD\xEAIZ�\x94b\xB1EI\xBA&:J,\xF5�\xAC, sټ\xE8g�\x82\x93q\xE4�J\xE2\xBA\xC8mG\xB6\x97�{Ȍ\xB2\x82lĄN\x9C\xBD\xA4�W\x98\xA8\xBA\xAF\xB6nH\xFD0\x94\xC9\xF8\xEC �\xE5n4�ܶ\xED�Gx\xB2]u\xE2\\xEE\xA7,;��\xA6�\x98 [rNH\xBD��\xF7�HN\xAF\x90\x8D��\xA7
-\xEB�\x9C
-\xDC\xE0�\xE0\x8A\xBF�\\xD0:\xBE\xD3#\xFE\xF1Jo\xE6\xA3M�\xF7\xA6\xB8p�\xEC?\xEA\xEC�K\xC80\xB9\x82Ì\xA0�^\x81\xC8�\xA5f�B\x9F�2ww\xE2xpwbØ\xD0bzYf.\xE7\x84\xED\xAF\xD7\xFF\xA4\x91\xFEj\xD3(|3A�\xB7x\xC0�\xCF,\x92b\x9F�x�\xA24 \xDB.\xF3\xDE/\x90Q͈\xDD\xC5T\xDC" \xE0\x9B\xF9v�\x89~zD6�\x92\xE5\xE5-/ \x9E\xDD�*\xD4`\x94\xB7{\xE4^Ù��9\xB1#\xCA=�\xA9-`\xC1\xDA� >\e4:q\x8CV\xBFÆ¢�V|\xC0�%\x88C\xFBc\xB2\xBE\xFA
-\xBCZ?5]i\xAF1tF\xF3y\x90\xC6\xC4�\x8E�\xB8\xEE\xFExw7G\xFB\xE2"ڶf`�� \xB5`\xD9r\xD4�\xBC\x9C �}.$\xBDQ9�\xF2\x959\xF5+\xC0�\xCA\xE60\x9C\xFAf�\xFF,\xF2\x9F\xFE\x85`\xFF\xF3\xC9�B\x8BR\xC1\x91�C\x88��O&-S\xA8j)�\xBE8\xBB\xDF��\xF2\xFE_\xA6ѹ\xEBendstream
-endobj
-1957 0 obj <<
-/Type /Page
-/Contents 1958 0 R
-/Resources 1956 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1893 0 R
-/Annots [ 1960 0 R 1961 0 R 1962 0 R ]
->> endobj
-1960 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [317.0267 683.8431 385.6987 695.9027]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1961 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [356.8967 653.8289 430.5501 665.8885]
-/Subtype /Link
-/A << /S /GoTo /D (tuning) >>
->> endobj
-1962 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [432.0945 623.8147 500.7665 635.8744]
-/Subtype /Link
-/A << /S /GoTo /D (boolean_options) >>
->> endobj
-1959 0 obj <<
-/D [1957 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-614 0 obj <<
-/D [1957 0 R /XYZ 85.0394 609.3296 null]
->> endobj
-1327 0 obj <<
-/D [1957 0 R /XYZ 85.0394 584.3621 null]
->> endobj
-1956 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1965 0 obj <<
-/Length 2924
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZ[s�\xB7�~ׯ\xE0d\xFA at uD�w`\xFB�'\x91S\xA7\x89\xD3*\xEA\xE4!\xCDÊ\Y[\x93\F\Zv}\xCF\xC1e�KbEڒیG\xC6e\x81�\xE0\xE0;W\x90M(\xFCc�\xA5\x89.x11\x85$\x8A25\x99\xAF\xCE\xE8\xE4
-|\xFB1\xB38h\x96\x8E\xFA\xFA\xFA\xEC˗\xC2L
-Rh\xAE'׷ -K\xA8\xB5lr\xBD\xF8u\xAA '\xE7@\x81N\xBF\xF9\xE9\xF5\xCBW\xDF\xFD\xF3\xEAŹ\x91\xD3\xEBW?\xBD>\x9FqE\xA7/_\xFDp\xE9k\xDF]\xBD\xF8\xF1\xC7�W\xE73f�\x9B~\xF3\xD7�\xBF\xBE\xBC\xF2\x9Ft\xA0\xF1\xF5\xAB\xD7\xDF\xFA\x9E\xC2�#D\xAF._^^]\xBE\xFE\xE6\xF2\xFC\xB7\xEB\xEF\xCF.\xAF\xBB\xB3\xA4\xE7eT\xE0A~?\xFB\xF57:Y\xC0\xB1\xBF?\xA3D�VM�\xA0A +
->Y\x9DI%\x88\x92BÄž\xE5\xD9\xCFg\xFF\xE8�&_\xDD\xD4,\xFF�%\h\x9Ea \xE79�\xAA\x82h\xC1\x85c`{W�G
-5\xFD[uSݟ3;m\xB6\xBEgs_\xAF\xE7\xF5\xA6\\xFAfs\xEB\xCBn\xC6|YW\xEB\xF6�XB\xF5t\xBB\x9B\xDF\xF9\xEEr\x8B\\xF9\xF2\xA5\xB4\xC9\xDA\xCC�X\x9C�\xB0c\\xF5\x8Bݶ\xBA\xFF\xEA\xAEٶdѬ\xCAz\xFD\x85\x9F3\xD8/\xA3\x86\xA8B\xAB0�\xEE\x88�|\xFA\xCB]\xB5\xEE7\xE2f)\x91̒�q\xFCrs\xEA�\xEC\xB0n?d\xA8\xC38\xA3e�\xF8/Jy\xB5\x\xC2\xDBM5\xAF]\x8F;\xCAd&\x80\xAF\xD2J3\x991F
-\xA5\xB8\x9BS†\xAC\x9E>\xD4\xCBżt\x9C[`\x8F\x99\xAE\xCBU\x85l�Ru\xEB�\xD5[_nw7\xFF\xAE\xE6\xAD�\xD76\xBE\xF3\xDB\xD7?\xE7I\xE9i\xF5~S\xAE\xB7u\xB3v\xF4`~\x98\xE2.�+\xF7\xE7v\xBA[V\x9E \xCC_\xFA\xEEr\xB3Y~�CÔ\xD5n\xD9Ö›84p\xA6\xAE\xB6Ä\x91�\xCFv\x9D\xE5-+�Ó¦8\xCE\�pe쀹(;\xABݶ\xF5\xB5y\xB3n\xE1\xEA}\xA3\xF4\xC5\xEDn\xB9\xFC0\xFB}W.\xFD�\x84I�$\xBE\x8E\xDC\xF5{\x9Ei\xB8k�23c\x86�\x82�\xB7\xDA\xCB\xE6\xFE|&\xB4v�\xDB�\x9B*\xE2\x91%�4\xB0A\xAEu\xD8\xE0\xDB\xFB�5\xDBV\xCB\xDB\xDCQ��\x8D�\x8Fr\x91\xA1\xA5\x89\xECI\xAD\xB6c\x84$#V
-v*!\xBF\xA7\xDDM8\xFA!=+\x88\xB6 \xF5\x91�\xA0�\x84o\xBD\xC8�\xE6\x9A�\x92\xB2d\x8B\x8F\xD05\x8A�\xD3]r^Ȁ\xDFR\x83\x80���\x83\x81F\xEF�\xC1]�H)1\xCA\xD8!\xF0R\xD9s\xD7\xED\x91�\x95_\xCE�\xC8\xD3z\xD1<\x84/x\xCFX�5�\xF6\xB8FU.Wa\xE0\xED�\xA9U9\xBF\xABסqS-\x9B\xF5\x9B\xB8ZӋC\x82\xA9�q\xB0D\x99\x8E\xAD�n#\xBA\x86 }\xA8k\xE8\xF4\xAE\xDC\xFA
-�\xBE|W.w\xD5\xF6/\x99[\xB4\x92p.T\xB2\f).H\x81\x96g�eh":�>�\x84\xE3\xC8�\x90
-\xCAk\x91;\xBF!\x96Ss\xF2\xA6\xF2�\xE4\x8F&?\x86
-�\xEF\x93$\xF1\x80��\xEE\xE9�{\x9A\x9E\x99I\xC3AC\x804
-$\xE6)�G\x92\xC2vj\xFA\xA35\xCE�z\xC7\xF4�#\xE6\xF4͵\xF3\xCD\xE81O\xB8\x84\x84\x92n�\xF9\xE9\x970 \xF5\x9Ff]\x9D�1o\xE3\xF2\xCAY�!l\xDC~\xF5\xBE\xAD\xEE\xD7\xE0s\x8D\x9DSw\xEEО\xEF\xC9(Xg\xF8o\xA25'\x94ۓ\xBCO!-1\xD4\xECy\x9F\x9F6+n�tg\xD4B\xA3;\xF0\xF3(\xD0
-\xD58cHj\xD6�j\xA6\x85\x85\x9A\xED\\xDB���Sà ™\x89\x86�Ôª\xB0\x8FiH0\xFD���Å—\xEF\xCBy;[\x95-\xBA\xAF\xC2�\x90\xF6U \xD6l�~\xD1L[
-\xAA�}7\xFCҹZ\xD8p3\xAA\xF0\xE5\xC1\xF9\xA4�b�gb\xB0+.\xBE\xEFX\xDDT\xF5\xFA\x8D\x87\xC3n\xB3(\xDB\xE8\xE1\xD4\xC1 y[:G\xA7\xDBۣ=ӅN�\x8C\xD8�Z\xB6C\xFB\xC4aaޛ\xE91\x8B�nGgĂm: \x97T`\xF1Y��\xEE\xAF\xE1i7\x8B���\xC7}�\xB00\xB0\x95Ԙ#h\xE1`\x97e!\x8FZ\xC2!d<"8�\x91\xBD\xF3
-\x8D��\xD8\xF0\x88\xC0Z\xB89\xE6\xD9\xEFj��X\x8A�6\x8DdK_\xB8�͆ \xF2Qo\xEF�7\xB7�Cg\xE8 ?�O �\xB3�jK\xAE\x9E�@\xC9\xD5<�\x82\xA2a:\x9Dd\x9C1\x8A %(Q< \xA5\xF3�\xA2\x8AXQ\xB0#\xD6 \x87�\xA9i\x8F�l\xC4\xCEm\xBD\xAA\x97��B\x839\xF9w\x9D�\x9Dp\x9D\x8Aq0�\xF3j\xD3\xFAo\xED]\xD9\xFA\xD1u\xE8\x89P\xCCèŸ \xAA��\xAA
-*�\x98B �\xE69 \xF5\x8Dou\xD8\xC4AN BY\xFA\xA2\x97�\xD7D�ᔎ&\xF2"\x87\7\xC1\xA2Ƭ\x9Dµ\xBC\x87��\xC4B\x8C0ˣ\xEA\xF2[\x99m\x9Ae=υ�Z�[\xE8h\x96\xB7-�^�\xC8\xFDZ��W\xE5=\xEAsCm\xD4\xE7\xD0\xDFܼ\xAB\xBDx\xCD��\xA0\x9B\x82\xED�\xF8\xADS\xF0<�\xB1\xE0\xC0\xAB\xCA1\x84\xFB\x9Bq%\xBA\xFC\xC3A\xEE\xF0\xAE+\xB0�?>\xD4sL
-�Q8?\xC0uV\xEB\xF2f\xE9\xD7\xE8\xF8\xB0a\xBB-
-\xAE\xF4\xF9�,K_\xC0!׋\x98+8\xE4\x9F1D\x9BNr\x8F\xF2O�\xD8eq\xC8?\\xC9\xE9�(\x93��\xB4�\xDA�\xF7\xA4 \xA92rx\xD5�u{\xD7\xECB\xAC\xBFj�.\xAA\x9B\x97mݬ\xB3)\x87_\x82\xCAD@\xD7] \xD7)\xD8\xDED�G��\x8F\xAA-V\x80\xD7M?Am
-�jVu��0\xAE\xCBR%\xF14\xC5\xD3\xEB2��E\xAB\x8F!�g\x8C\xEA20q\xE0�\xE9\xC7U\x99\xE2\x9C0Å‹c\xB1ܾ.\xCB:�\xB0[ÉŽ\xF9��\xA2\xE7�s\xDD��m\xBD\xB2\x81\xB2Ë– \xED\xB3e\xD8\xE9\xB2eX�fË°'Í–\x89\xC2D\x87�#'\xB0 z/\xE7a&$O<;\x99zv\xF0%\xA8K�Õ¥\xECÔ¥�ÑŽcg\xAF+\x93�Ak\xC2\xC82\xA7�!Ò¯�âº\x8F$,Ò£\x8E\xC31\xB9\xE7\xA7A\xE7\xB3ZV\xC9 A\xBA8\xE2\xC9K\xAB \xB7F>\x96�È™U\xE0C\x9D\xAC\xD0\xFDuâ—‡\x90<61\x8B\xAD\xC3eaW\xB8N\xEC\xEC\xAE�\xFB��F\xB4t\xEFU .\xBD9\xE4rD=é‚€gnNJ\x9EQY\x88}\xCF
-|�>"x\x80si\xBB\xA4\xF6\xB8\xE01q(w\xB0\xDF:\xEC\xBF~\xB3n|�mq�T<@\xCB"\xE5�\x82ovN6\xC1�\x81\xA6\xF7«\x80\x8DX\xC6P�?zq\xD0\xEEi\xC0\x95#j[\x826UV\x9D\x96UD\xCE\xEF3F+\xD93f�\xB6�\xFAh\x97\xD4�\xC1�\xD85\xF0:8\xDBK\xB0t\x89=\x90�6\x8D:c\xD5`��{\xC0�\xDD\xEE\x96C}�N\xFCr\xD9<�\xFD\x80c:U\xE1\x9D�\xE8{[}\xF0=\x9B\xEA>\x87\xA9\xA0F\xAC\xF4\xAA\xCFF\x8F�\x94\x9Bd�\xCB\xFE\x8E˜\xBBP\xF1da\xB4K-�>\x85\x9B\xB0"\xA1\x9D�\xCA(\xA9�\xB5�=m\xC15l|\xF5&t\xED6\xD0\xE7$�\x98/\xA8�Ë“2N\xA8\xA5\xF6\xA4w�T\xD3!\xA1\xE81\xE5�\x84uš}\x82\xD8}KÞ›\xD2\xFB.\xC0!\xA4�/�"<\xA1�\xBD?g\xAF\�\x84*\x89\xBE�\xF5b\xE9!\xA5h�_&\xB6mu_o\xDFB��\xFE\xC1\x81\x9F2/\xB7\xD5#z9\xD1x\xCF\xE5&|\x86\xA0YX�\xAC(\x8E\x84<\x92r\xA2)\xE3Gr\xACÙY�<\xBAb�;\xBB\x90�;�\xEC\x99\xFBT\xA4\x80`\xE1H\x82�<\xBA\xFE\xBD0\x86H\xBC�\x91\x90z�\xB8\x84\xA5\x9B\xDB\xCCj\x8CYd\xFFǪ�/1\xF3�8\xCBm�\x9F���\x9Fq\xA4\xA4W\xF0\xBC\xE9�\xF9\xACH\xD1\xE0\xF0K�\x97�E\x8A0Ö¿\xF9�I\xA2\xE7\xA0"h\xEA\x95\xD1\xE0IA\xD9A��y\xA8@(\xA7\x94<
-\x95�κ��G\xD3A�k\xCD�\x9FPݢ hܗ�h \x88\x94\xA40J\xEC=h\x8Dc\xB5\x8B>:Ȝ�\x94\xE4�\x9E�(\xA0 \x8DQ�\xA3\xA5\xE2\x8Cq\xA0PA\x84�\xE2�P\x94$�\xD4\xF5\x91\xE7\x8C�Nl\x9A\x97\xB5�\xAE\xAF|[\x85\xFE\xD2�\x83wC�ҽ\xFE\xE1\xD7\xE4G�\xD8Dſ*gY��'\xFD髫\xCB�?\xFC\xE8m\x81�(\xDCb\xE2MS\xD1SņK\xA3\xF8\xAA�\xEFǺ\xB8�\xFB\xBA
-\xB8\x8DÙµ\xDEU\xF7Ηd\xD2\xE5t�\xEB\xE8\x93\xE4m�?'n�\x8B\xF9�\xE8\xEEv\x83\x8D`\xB9\xB1\xEA\x81�\xC7d\x93\x8B{Ë \xBFi\x98\xB3\xEC3!l<\x8F�!"�\xC6{|":\xCA�\xDFp��\xE5\xC0^#�\x97��f\xC4 \xDCc\xC4\xC7\xFE\xC6\xE0�\x89I\xA0\xF84xV\x89\xE1R��Z\xE4q\x89\xE1`�)\x95\xE6\xA4w\xB6?\x9A\xD8`\xE6ˉ\x8D\xE0\xC9S<\xF6:h@�1�Õ+sy\xEB(�\xDCg:C�.\x9B�?\x90�\xAE\x8BDV\xB0\xE5\x83k\xA8\xF4\xBF�Ð…p\x812
-
-\xD6�\xF5\x9F9\xA0�\xD6\xED\xE1\xA2\xE8�\x87H\xCD
-�\xA7ª\xD61A\xDF\xDB^r\xB0\xD3;\x95v\xCF\xD3UNr2\xEB\x8F�S�1\xAA?\xF1\xA7:\xE3b\x94\xE2\xF3yŨxN1b\xE0@[t\xCD��#\xA1�\xE7\xB68\xFA8\x9F\xCD4\xC8\xD4Gq\xAD E\xAE^\x86r\xEFwu\xD8\xD5�εzQ\xCA\.
-�\xFEL\xEE\xCB0'\x95#Ë…\x97#\xAC\xF4Ò‰\xF1\xBB7?X
-\xA0\xC3!1�\xB6\xB7\x84\x970\xD8_"a\xD0\xF2v\xE7�\xD6 at z忤\xA6\xC7F\xD3cS\xD3ãŽ\xE5n\x93\xB55Q\xC6L^zt\xB0;8 JO\xC8�by\xD3ÍÒ£\x83\xF4\xE8\xA1\xDDÉœ\xBA\x8F\xE1\xB2 L\x93F�\xCF'=),\xFF\xC0F�=Y*Õ‘��3P*q\xDAoG\xFE��\xC4\xFEW�\xD4��\x87A\xEE'\x9F\x9C{\x94\xF2\xAC㆟�că\xE3\xC6\xD3]\xA4$\x821\xCA,=\x88L\xB8 \x99G\x9D�'%ip\xE3`@gb\x83�\xC7}V�\xDBQ\x9Cr\xCFw!ß±g\x9A\xE8�q\x82@\xD0�B>\xBF8%8}�\xF6%\xA5\xC4p\x8D�o�Z�\xB7\xB9_Z\xC3_`\xFD\x93\xD7\xDD\xFF\xE8]�"\xAC\xE5\xF9\x9Fls�1\x98\xAC1Q\x8F\xB4\x90+\x8CòƒŸ\xC7_\x80\x87a\xC9\xDE\xFF���\xA3\x89endstream
-endobj
-1964 0 obj <<
-/Type /Page
-/Contents 1965 0 R
-/Resources 1963 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1969 0 R
->> endobj
-1966 0 obj <<
-/D [1964 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1967 0 obj <<
-/D [1964 0 R /XYZ 56.6929 674.382 null]
->> endobj
-1968 0 obj <<
-/D [1964 0 R /XYZ 56.6929 662.4268 null]
->> endobj
-1963 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F48 1238 0 R /F53 1313 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1972 0 obj <<
-/Length 2380
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDYYs\xDBF�~ׯ\xC0#Xe\x8E\xE7đ}bd\xCA\xCB$\xA6\xB5�S\xB5\xA9$��1\x94P&�\x9A u\xFC\xFB\xED\x9E�\x80\xA0�\xC5v\xAC\xADJ\xA9J\xE8\xE9\xB9\xFA\xFC\xA6g(��"H�\xE3*\xD5A\x9Cjf\xB80\xC1j{ƃ�\xE8{&\xFC\x98q;h\xDC�\xF5\xE3\xF2\xEC텊\x83\x94\xA5\x91\x8C\x82康V\xC2x\x92\x88`\x99\xFF�\x9E\xFF{r\xB9\x9C.Fcix�\xB1\xD1\xD8D<\xFCq6G\x9C\x94>\xE7�\xE7�\xB3\xF7\xBF.&\xA3X\x87\xCB\xD9\xC79\xB1�Ӌ\xE9b:?\x9F\x8E\xC6"1�\xE6K\xBF\xC2��.f\xBFL\x89z\xBF\x98|\xF80Y\x8C\xFE\\xFEt6]v\xBA\xF4\xF5�\\xA1"\x9F\xCF~\xFF\x93�9\xA8\xFD\xD3�g*MLp�
-\xCED\x9A\xCA`{\xA6\x8DbF+\xD5r6gWg\xFF\xE9�\xEC\xF5\xBA\xA9C\xF6\xD3\0!\x8D
-\xC6"2,\xE6\x91|y_ڃþ\x9E�*e\x92�\xF3d߱P1\xD3&�\xAFD2aqjT\xE7�-z^�Z\xB1D)�\xC4&e\x91\x92ʹ\xA5Y\xEDƵݬ\xD1>o/\xA4\xECM\x889K\xA5B�p\xE0d\xB3\xA9\xEE\xC1\xFCi��vy\xD6\xD8��I\xD8\xDCf
-\xB1o\xB3;KԵ\xB5%\xF5ֶ\xF4\xBDwEF\xC4\xF2\xFC\x92\x88\xAC\xCCiк\xDA�\xE7\xFE\xB6X\xDD�\xD9\xDCZ� 6��\xC1Rc\xA4\x93\xA2n`V\xB6�\x89$\x84\xC9R\xA9p\x9B\xEDvEyC\x8D\xB5멶\xD4\xC25\x80\x90aQ�M\x915ݰ\xD9%}\xB3<w�l]�\xA3(\x9B\xEAd.\x8C\x9D\x8F\x87�\x99\xBC{\xB7`\x93\xC5\xE5(\x95\xE1\x84"\xCD\xE9\x83\xC4\xEC2\xEAw\xE94,\xB3\xAD\xADw\xD9
-\x8D\x86#\xB6Y\x83\x8A"I��\x81c<\xAB:ݑ�\xE8\xDA\xF7\x92\xF5s\xF64\xA2\xA5\xD0,6Q�Ă3-\xA2\xE4kbZJ\xCDt�q2�\xD3 A�\xB1H\xF3o\x89\xD3vƓ0\xED\xC4�GJ\xB18�\xAA
-S\x88\xBAδ\xEB at J�_A�Gi\xCCD��\xA7\xFD\xBC�\xA0&�\x811\xA293Jj�\xA0�G\xE3H\x84K\xF8/\xC3\xE93\xE3\xC0\xA2B\xC1Z�\xA4)7\xD2\xE5g\xF09�\x8C\xEB4U4\xAAG;u\x8Ffp\x8C\xB7\xB3\xAD�\xDEU\xA0T\xD0׫]y\xDC_\xDA\xE9�\xF5\xB3I\x9A�\x92S\xE8 \x82\xD4\xE7\x86\xC7N\xE8Y\x830�\x81W\xE3Wc4T{\xDB�\xABl\xB3y\xA4\xAE]U\xD7\xC5\xF5H\xF2pc\x89\x831\x8A\xDFzWU\xEB\xA1\xE0\x84Uj\x8C\x968\xA1lC\xA2\x86 /\xAA\xB2� �>\x8B�\xAD�\x96h0\xAE\xF7M\xFC
-\xFE\x86\xC8\xE2\x89���\xF1\xFB\xA2Q\xC6\xE0!\x9EŠp\xF8$2}�\xECT:a
-\x8E(DQ?\xE25�Y'�\xACI\x9A|�\x90#\x8Cx�QDDM\xA5\xBF \x91�\x9C\x87�D��\xAC0\x9BX;B\xB6?8\x97�~PEc\xAE-\xB5 H\x88\xBE~\xA4\xBE\xAC|$\x86\x8B�$VUY\xDAU�\xA13�JG\xC0�Sz1 \xEF\xBC�\xC0*ms_\xED?��q�\x99/\xCCZU{�ǻ\xAA\xCC�Zc\xFF\xEC\xF2NӀ,�\xC4\xE2�ę\x97\xFD�\xD3IB:\xD1\xD7\xE1\xBA-s\x9B�\xD7a<|32 �\x98_��%\xC4\xEF\xBB\xF9\xE4Ô\xBA�\x8B\xDA6\xF5\xE9\xCC\xEB\xC1\xC3 \x8E�\x9Bw�~\x8A\xEE$\xE2\x9D\xDD\xD7-\xC8�Ǿ\x8C\xE3�\xE2]
-\xA1\xFE\xA98\xAE\xB1�\x8C\x85\xF8�\x8E��\xB3\xD4W\x81\xAF�\xE3F@\xEE\xE8\xF8\xFF\x80⽕\xFF�\xC4�\xE6a\x94O\x82\xD7�q\xF1\x9D \xDEw\xCC?�ēW�qHW\xC6�~\xBFa\xD1nʋ .e�֌\xC4�@\'\x90\xADR��؇\xC6\xEE\xCBl\xF3E�'\xA8R2�\x80H\xC2��\x87\x92)!S\xEDg\xF7\xB7\x8B
-\ R?�+\xC6|`�\xA5\x99\x8CL\xBB\x85\x83}\xD8 \xB7k\xBB\xA7\xE5 q�oU`@Q�\xE2\xD0u\xDF\xDFZ�\xB1'\xA6/FÇ‚\xA7`E-\x9F@\x9E\x87P<:\xE8sS\xDCa\xF1\xACTO�1\xF3}\x9D\x85\+\xCF\xEC\xB6*\xD9P�,QVm\xD2p�BU \xAF�n}()\xF2V\xD5v{(!Ѩ\xB6G\xD6}\xD1\xDCÒ \xA6\x9DI\xAB�\x8D\xE6\xC6\xCEzgW\x83\x87I\x81'&\xC2x,\xF1Ü \xAF\xBF\x8D\xBC\xBD 8;\xDA�B'�\xB0\xF1v.r\xB8\xEB�\xCD\xE3\x80C�T|��~\xA0\xDB`\x93\xBF�\x8D!KHJ\xDC�nA[\xBCJ!\x8D\xFA\xE1\xD7_\x88b)Qp\xF2\x83H \x80\xE2S\xA1\xFF\x80\xA4\xA3}O\x82S#\xEE*\xBF\xED\xA6�<\xFAa@
-�P�AZÑ°]�\xF6{\xAE\x82�]\xF1\x9EÌ»\xFD@~\x93
-��:\xC9�Vֆ\xA5q7饕S&�\x9C'ފ\x88\xA1\xDE\xE2 at H'\xB6\xAB>��
-\x83܌\x9A\xBF\xCEg\xFF�{\xBB :$Z\x9F�O^m3\xF4\xA1\x862\xA2\xAEV\x9Fl�%B\xCA�\xF8\xC0\xF0\xF3\x83/7\xCA�`Z��\x82J:\x8D\x9Dv\xCEZάn\xB2�\x9B\xB6VA\xA2*�\xDAݺ\x87ݮ\xDA7\x94\x89O\xA3ikW\xB7YY\xD4[�;\x8A\xA1��\xFB\xF9`k,0\xB4\xA0�\xC3}\xDD>@�\xF3�[]$�\x9Dy\xB3\xBB�ݳ5��\xD5�f\xEE\xC9�G+\xF1a\xF3`
-\x92y|\x92\xD6mZ6\xD9\xCD>\xDB\xFA&\xA5\xD6IY\xB3\xAE� \xE8b\xED\x9A�\xC3?�\x84"FB�\x9D\xAA~\xB9\xAF\x9AjU\x81n�\xE7!\xD6F\xCE\xCF\xD8(�\xDBk\xD4�i\xF4\x95&\xF2\xFA\xB1\xB1\xF5�r\xF8Њ]\xB5\xD9�&\xAA\xDA\xE7v\xFF\x86\xE8�x\x9D<\xEE\x9A\xC2\xF9ő\xDE�C\x86\xDA\xD8\xF2�u��\x87$\xFE\x8B\xAD_\xF2\xFDUqS\xF6\xB5,�\x9B\xCD�\xFC\xBD-J\xBC\xE2SG\xDD\xEC\xC1\xBEG1\xE7\xF8N0\xB0\xD8W/\xE0\xAA \xD7Q�\xF6+;\xA4/>\x8C\xB8G\x91o\x92l\x81\xF12x�}\xDC\xD9o\\xEBg\xFB\xF8}J\xFE<\xFD\x8D\xA8\xA6\xFAd}Ty7�(\xFCw\x9D:\xB8\xD7�r\xEF-f[\xDE:�\xA1�\xBF\xBB��\xAF
-\x91'\xE0(\x94\x84\xF2\x84\xEB\xAE\@ \xE0\x8A\xD3�A\xD4]-v\x9B�_\x97\xB0\x93\xF24rg\xB2\xC7F\xBFʉLkp?N�\x93bҨ\xF0.\xDB�<I\xB8\xA0\x8E&\xC0F;R\xE2E \xDF\xE0@\x99X#nJ\xA3\xF1\xAA؀\x86�
-Th�*#\x90\xE6\xF4\x81i�\xD6�\xFF\x82\xDED\xBAA\xB1\x80\xADs<\xD2\xDDcY,\xFC�#Q\x96�<\xBD\xBB\x83��]\xA9\x81\xD3\xFD\xBC\xB2\xF2\xD3v�+
-\x84
-\xCA�\xC7\xEE\xA1n\xC0G\x820\xAC\xBF\xBB\x83\xBAÌ£b\xD1~\xEB\xE7\xA5wbX�\xC1U\xA1_,~g�z,k\xBF\xBE\xF6\xC691\x8F\x9F<Q\xFF\xBDY\xAD "\x82\xC2�\x8A\x91`�i\x96`\xBD\xD3{\xDA~\xF6Äx\xC4�\x99b}� \x9C�\xF7\xAF\x87\xCF#�
-\xCA\xE6�\xEE�\xEE"\xE5\xCF"\xA8*\x89Xe\xB5\xCB\xC5\xF6\xCC�\xA8\xC1\xE0Σ\x84\xECU\xC4C%F\xC44R~\xF9\x87\xD8C\xED\xBD\xEABj\xFDxRˮ�i�ǟ�\xD9\xE6�lx,\xF6\x8EMܑ\xEA\xD6qj��\xF6�m\xC0x\xAA\xFC\xDD�\xB2\r�F\xFA"�bdqy<\xC0\x91o� \x81W\x85;\x97\xB0݋p\xD4_`\xF0\xBB\xC0\x86\xBE
-\xF7\x94l}��\xEEt�\x{3C32EC6}Ø‹\xC5\xD5\xEC\xFD�\xA2\xE7W\x9E\xB8\xFA8\xE9X\xD3s\xBF\x90{ˆ\xD9\xC8Rl(]\x96\xA3\x94\x87~\x9B�\xCA\xF3�%O\xE9y �\xA79\x8A�\x8FÔ&\x83
-�\xC7\[m�\xF4Òƒ=XoM\xE6\xBFQ\xD9\xE5� \x9B\xC0\xA0\xF9GM\x93\xD4k
-\xDC\xE6(B\xA7)\xB0\xBD*\x89\xFF\x99\xA1e\xA97C\xF8\xE3\xCBl\xA9�\x888t\xAC�)\xAD+\xA4\x90\xE74R\xED\xEF�9B5\xBE4\xF1(\x9CW\x8D\xEF\xF30�\xA3\xA1 \xF6K\xD0RI\x98�\xF6l\x9D`\x8A. \xC8\xDCfy;\xB5"Nn7\xB6]\x8E\xD4S\x89�\xF7\x95\x87\xDB\xDA\xF7\xD6P\xAD�t\xF8\xB9-\xA90Þ!Oy\x83?y\x8Fr1\xE4A\xEE�\x8A\x98t\xB7�N\xA4\xBC\xAB\xE8\xFC\x85-k\xB1\xB0�E\xDDt%ߩ\x80~�\xF0 {\xE9�7\xB8nh\xA5\xC4\xD0�d<h\xBD\xF2\xDD?\xC7�\xAB\xD41SI"\x87aHq͔JE'\x95;�\xB8z*\xBCQ >W\xC4C\xD2\xFF�\xCB\xF7�/endstream
-endobj
-1971 0 obj <<
-/Type /Page
-/Contents 1972 0 R
-/Resources 1970 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1969 0 R
->> endobj
-1973 0 obj <<
-/D [1971 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1970 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F62 1361 0 R /F21 938 0 R /F53 1313 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1976 0 obj <<
-/Length 3031
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZYs\xDB8�~\xF7\xAF\xD0#]�qq\xF1\xDA7\xC7v&\x9E\xCD8YYS[\xBB3\xF3 at Q\x90\xCD�\x8AÔŠ\x94�ϯ\xDFn4@\x81\xB2\x8E\xCCÆ©IRe\x82\x8D��|}\xA0\xBB!>bðŸ¢8\x8C3\x91\x8D\x92L\x85�\xE3ѨX\x9E\xB1\xD1=\xF4\xFDp\xC6-\xCF\xD81\x8D}\xAE\xB7Ó³\xBF\xBD\x93\xC9(�\xB3XÄ£\xE9›+
-Y\x9A\xF2\xD1t\xFEK�\x872<\x87�XðŸ·\xD7\xE7c�\xB1\xE0\xDD\xCD�hq\xA9"�\\xBE\xBF\xF84\xBD\x9EPGlY\xDF\xDE\xDC^�%\xA3\xC7\xE5\xC7\xDBw7?\xFC<\xB98OT0\xBD\xF9xK\xE4\xC9\xF5\xBB\xEB\xC9\xF5\xED\xE5\xF5\xF9o\xD3�Ï®\xA7\xFD\x92\xFDmq&q\xBD\xFF=\xFB\xE576\x9A\xC3\xEE~<c\xA1\xCC\xD2h\xF4�/,\xE4Y&F\xCB3�\xC90RR:Juvw\xF6\xCF~B\xAF\xD7�\xDD��g\xA1\x90\xB1؃\x93\xE0#\xAEB\xA9\xA0\xD3�*\xCAB\x91&\xC2��\x980�@5\xB5\xB6@\x95\x95Æ\xD1�<Ì¢\xC8L\xC0Fc\xC9\xC28\xE1i\x8F1\xB7\x83\xA7\xE7��\x9EW\xBA\xA5�\x9A\x85EJ\xB7\xCDf]h\xF7V4\xEB\xB9e\xC9\xEB95\xFE\xF5\xA0kju
-=n\xED\x80\xE9\x83^څ�O\xE2\xB0�\xA1\xC2Lqe\xD61}(aN�e�\x8C\xE3AѕM\xFD��i�T\xF9\xFA\x9C\xA7\xC1\xBD\xAE\x9E\x89c֬
-\xA5y\xD2s\xA4\xA4\xC1\x82Þ—\xD4?ywId�\x9F\xB2\x93\xCCu[\xACË™n\xA9\xA7{\xD0\xC4[4u\xA1W�Qq\xC7H\xCC\xE9\x956\x8E3�\x96\xDBl� \x{1BBFF2}\x88M&\xF0\x97Û\x80�l�7\xD7C�\x9BÓŸWU^\xD6\xF8m.\x82'\x83\x95\xE42\xD0y\xF1@\xB4\xD2\xF6mZ=�EVY�Ü•\xB5\xF9,Pi\xB50`\xB5\x99Ue\x91#8\xD4cV�O\xDA24Ü–E
-@>\xEAu^�\xBD\xD6O4\xC5db?\xF5\x90?\xDA\xE9g\xDA-\xA8\x9C\xEB\xBA+eLè\x90E\xF6\xF2.\x97\xABJ/\x81Y;\x82�\xFF\x83�\xFB\xD5\xED]\xD8+\x80\xD3�\x92\xA4{\xA9\xDA\xC6
-.\xAA\xCD�w\xEE�v\xA0'�T\x94{>\x81\xF7�\xBB_5O*\xDB��\x9Be\x8E\xEB\xC6v\x9D/�
-\x96\xF8�\xB4Ô—[\x96f\xAEQ6\xA9�\xAEIp\x96H\xAD\x87|\xC8\xDE\xEA\x8E&42��\xED}\xA0R at -\xEBE\xB3^\xE6N\xDF�\xEAG\xE9f_\xE6\xCFÔ˜Yn\xBD\u\xCF\xE7\x9C\xF3 ܧhS\xA3(\x8AÛC\xC3|�\x9E{>\xAE\x98\xFFqb\xCBÛ¶)\xCA܈�ߟ\xCA\xEE\xC1\xF6\xD0c\x95\xAF\xBB\xB2Ø M\x9Aw\x8B�\xB4\x8C
-ÃœE\xB3\5\xAD\x9B\xC0}\xBF\xD50�\xE6\xA57PBt×€$\xAEx\xCFF\xAC\x95i\xFC
-\xCB,\x84\x99U^h\x90\xD8\xC8R9sXg\xB4�xÖ%\xB4\xE5}m\x84Y\xE4\xB5%�%6LZ\xCFw\xD8 \xE7,XY\xBC\xF4\xFA\xD1\xF0\xC07fÏ–\xD7j
-z*\xE8]\xB7Fl\xAAG\xB8\xF2h\x8D[?\x98\xC5z\x9FA!\x9C\xE8K�9��\xBCdA@\xB0��\xA4\xF7\xE0\xE9`V<\xC0`b\xC1\x93\xA0m@�\xF5\xFDp\xE4rSu%\xD8%Q
-V\xC2b\x82\x84\x95^/ˎ,�^�\xB88\xECoV]\xB9,\xFF\xB0Z`87k�ak?\xD6s\xEA\xCF9\xDA\xFD\x9B}�s~\xBF]\xE9\xA2\<;o\x90w\xD6\xD8\xE9\xE1\xAB�\xBE\xD7:_\xCF,3\xC1I\xED\x995\xE9n]:�\x83B\\xB7]HҸ\xD3z\xF7\xE0���\xA6�\x96�%\xD0H\xA59B\xA9s}?\xA2\xC6\xC4;s{\xFE\xB1?\x80\xCE\\xDFy\xBC\x9C�\xF7{\xA7��\x98 >D\xC8\xE3\x90\xCB�kJ\xA3P%\xF1`I/�\xC7tj�i�\xED8�\xAE\xC3�9\xFEG�KBо/\xC5\xC1\xB1\x9F\xF8\xFC\x8BY�\xA2\xA0^,(I\xC3,U\xE9q�z\xAES�y1�\xAE\x84\xFC\xE1X �\x8A\x8CC\xC0\xC9�-8�\xB7~�\x97h\x9CS
-�~'\xC6\xC9\xFDP\xC7y\xC8\xFEL\xB1'\xBEw\x82\xFD}w\x8B\x9CepH\xB1l�)�&i\x92|I\xDC(U�&,ى�\xFF\xBFQn!\x9EY�\�\x8Dc0\x97m\xBA�é\xC6\xFD\xA6ƑH\xC3T\x8A��\xE1��8MF\x91�\xA1\xE2�\xB9\xB6\xE6\xA9v\xD6L.S\xA4�\xD5\xF4\x92p\x87\xAF\xD7�\xAD'\xF4\x93\xDB�\xA1\x8F&&6\xCA/\xAD\xDC�ͦ\xA6pa\xA0gQ\x82߇\x85x\xCB\xFD:��l8xA)\x85�\xB3\xA3\xF9\xC0\x8B)݈è2�J\x84�'P�,T\xB1\xCC\xC8\xCDB|~>\x8EU���\x88^��\xBA. �A\xFD̢\x80\xC7\xE3Y\xD9Q\xC7c^m45\xAD#��\xE3\x9F]tC]\x8E\xC7L\x8D<\xC6*\xFC.\x92\xC9ؘX* \xA8\xC19\xB6k64\xC0\x99\xCE�Ay�|�\xAA[A\xA9$L�K\xFEĔn\xC4AA\xE1z\xF9 )\xDB'(\x95\xC5a�ɘ\\xCE\xF4�\xC8)ʘU\xF9�\xE0,\x97z�\xE7$�\xC6U\xF9h\x89�\xEB\xC4a\x9DD\xA0\xEA!Q(%B\x92�W5'\xB2#\xE6\xF4*\x85�8\x90J\x88\xC7\xEF\x8D\xD1!_\xBDO\tXo\xEA\xD2x at I\xD1)>[\x90V=7G\xBEr\x89�\x90K˶Z\x97\xCB|]b
-\x86\xAF��\xE0akf)\x83\xF0\x87H&\xD1\xD9�\xF4\xC0VqP�i�\xC4њ\x9A��J%,^@2�b\xC3K\xDE\xF0\xF5\xA1y\xC2��\xAAƄ@\xB1\x89Ni�7oM\x8D\xD9\xDE\xE8\xD2|v\xEE"\x8DE㻜\xD2�,\xEDC\xB3\xA9\xE6\xC3hd^\xB6En#\xD3#J\xEDk\xCB\xD7i\xE07\xF5>
-󪌟\xF0>
-O�)\xC8\xFB��$�\xA0\xD6R)\xEB~2\xDF\xFD\xA4\x9E\xFBɶ\xEE'\xED\xDDO\xB6\x93]a_N��q7]S4�Q�\xF9�\xF5\xED\xA0\xCFi\xD6.{l\xBB\xBCv\x9Eg\xE7D\xF7\xA7="1�\x8A\xD7rCÄ ^Ub�\x8B>,=!1HuS!\xC8
-M\xAE\xA8\xEE\x85.\xB0\xB0�+\x9B%\xA6b_R�\xD4y\xDE\xE5`\x8A \x8B\xB6\x9C\x94&R\xDB$c)\xB7U ;\x80Z&\xFD\x82'�%\xD8\xC2
-\x89\xAB\x8A\xECuEm\xB3\xD4\xE8�\xED\xC1n4\x8C
-*}6aҷ#\xC2\xF3Py-\xE1mKuE�\xC7\xE3,\x94\x89\x90\xA0DIȒa\xCD\xF0E\xDC, �V�\xED`"\xC1Ô\xC9�\xFA\xE1J\x872\x86\xB09\xE1|��/\x9A\xAAj\x9E(\xA7\xF4*5\xA6\x96�\xB1\xC7v\x9A�\x97\x9C\xC2\xCA\xFBxd_\xC5��\x8E�\x8F-\x973Jp \xE5\xDCEt\xED\xE1 \x9A\xE0I\xFF\xC2�\xFA�\xF8[H\x9E\xC2$\xA3\xCC\xE0\xB0\xF5J\xC8�\xA4\xCC\xFABU\x9C\xA8\xD8�\xAC\x84\x84\x83\xAF\x{DA15}\xCF\xE7\xD6xM!Ed\xC1MM=d\x95и\xB9\xA5\xA7\xB1\xA87Tw\xE9\xA8\xCA
-Tz*S@\x81W�E\x98\x81\x9F\xF6|�\xED7Q{\xEC\xF7ʞ\xCD;u at S\x90\xC4�@��\xB6]�\x93ײ\xDDo\x90\xFEH.\xC2T\x9DJ$$\xBFJ\xD8\xF4\xE7�\xFE\x81\xBFU\ \xA0\x8F\xB1\xB5\xAA\x81ذ\x8Eq�\xBE4\x8D\x8F\xC0\xE7\xAD\xEB\xB5\xF2��W�GfJ7\xE2 |�\x8E\x86\xA7��R�\x95\xD84\xE7� \x8B�h\xFEa\xEC\xB8�\x90\xF1\xD4\xC8k?R\xE3\x83r�\x96\xC0w& &s6\xD9sf\xB3\xC0.<i>oO�[\xEE\x86\xE9\xEA\xC3�P\xD6\xF3Ҧ;\xB6\x8E� S
-3O\xBAg�\xAEj� ?ŕ�\xDFrصu\xF4FW�\xDE�\x83\xD5#�W\xDF\xEDVOmU\x918\xFD\xDD \x94��4�H\xF0\xB4I\xB4\xA9P^^i�\xF1!8\xCB+K\xF2USŤ\x9A\xF0$Մ\x86H�\x8F\x83\xAA\xE9\xC9\xFC\xEB\xD4\xE8\x9B\xC6\xC0"\x92!\x8B\xE3�\xAA)\xE24\x8CYj}򻻫\xB7`\xD9�r���w���\xD9SN!��00\x9A\xE5t\xF9\xA1\\xB9�\xD1�\xFC�\xE0@\xDA�~D\xD9v\xFD�\x87\xA8\xEA\xB0�\xBC\xED}\xC7\xEEU(�\xADS\xE9\xB5P
-��{�t\xF1 rCH\xB6yp14k6\xD0~\xA2Te_7Þ…}\xEB\x82!-?\xE8\x85\xC1\xCF�C\xD9[\xFEky\xE1o\x81\xB2\x80V�\xCB�(K�&\xCA\xE6{\x97דsH\xE4\xA7&q`\xC1\xFB\xA6\xEAo~]F|_v\xCE\xC1�z\xDDÙ»\x96N\x9F8\xDF m�.(iz�\o\xD5\xDFq)O\xB0(�\xA7x�[ak\xC3�\xDBÛ‹\x9F\xAE�\xA4XA\xF06ÌŠ!W\xEB\xCBA൛\xBA,�\xC6@\xB7\xA5\xD2\xC4�\xE9\x80b\xBC:Öƒ\xAA27\xCE%U�Ô\xA5\xB4,\xA8\xCF{\�Y\xD4\xF1@\xCD\xDB\xDFw\x9C sH\x80\xA4\x8CN\x88\x81g1$@ \xB9\xF3\xAB\xF7\x977W\xE7\x98Z\xA7\xC1
-\x80��\xB2\xD5-\xC8r\xE8\xEA\x8B\xF7u\x8BųI\x90\x90`oi\xB1 S|\xA2VQ\x95�\xAF�\xCD�;\x99\xA5j�\xE2\x95\xEAA�\xDF\xF51
-J\xFA�\x83D\x950~Xt>(\xAF[c\x8D_\xB3\xC6\xCA%\xA4\x8C\xA7\xCE \x9E�\xA0%\xA4\xB1WÖ‚"\xD0\xF8\x89^UyA5\xA5$\xE8\xC0\xBDP\xED:\xD9^4@\xDBZ�\xB4\xB6e\xF09�\xE8\xA6�[`p\xE6\xBAvg�\x84t�\xA5f\xAE\x8D3�TM\xF3\xBB\xB9/\xCEd\xB0Y\xBD1QB\xA0Mh\xB9\xC0\xF0\xF0\x91~\xC3�\x9C\xC6Z\x8D2\x99\xB7\x9AÆ \x8E\xF5\xC1!\xD0\xDBͬ\xA3wM�&,\xCC(,\xDCS\xD8\xEC\xF7ʤ[9\x83\xC0c\x95\x9B\xEA��×¹\xDD�C�\x93[\xD6\xDC\xF2\xC1z*\xC78(\xE0S\xDER�}\xC1\xF9( ��\xE3\xEC\x89C]\xDA\xDF_\xE3X\x9FG\xF9\xBF\xFDy\xC8)\xE5�1\xC8\xFC\xB0ro\xB5\xE6uK\xAD\xAFë— �\xB3S\xC7��Q\xC8Ul\xFD\xD2\xED\xDD?\xAE\xFF
-Ò–��\xEE:[\xA3F (\xF3\xB3�|\xD0Ï\xA8\xFD\xBB\xB6\xD7辿\xC1�\xAB\xD8\xDBQ\xF8\x93�\x876|\x85\x884\xF5\xD6ÛŒ�k\xFA G\xC4ä‘”\xC0G\xE1u�\x91W=\xCA\xD3�\xC2Lu"L\xE2\xE0q\x85\x8C\xAD#\xBA\xC3lUD�9\xF1\xCCZ�\xCF"\xFCq\xD0�\xB5\xD0&\xF0\x99�\x87�!\x92\x8C�M\xDF\xE0\xC8PV\x84\xFD\xA8\xA8�!\xB6Q\x84�\xC55�\xEB\xD7\xC8\xCE�\xE5;N$��&2\xE3\xC7E\x97\xE0\xEF�"
-\xC2~\xF8\xF4\xF1�\xD2�\xE9\xEC\xDD\xE0b\xD4\xF7Z\xF7U3s1\xEE\xAAiK\xCC\xF8\xDC\xCFP6+\xFC\xB9\xE2��\x86\xFEB\xC9\xDAá‡\x97\x87\xE1\xF4�\xFAu{W�BJ\xC8O\xB1\xF8�\xB8\xC6|\xDFO+\xD8\xE8$\xD6_\xFAc\xD6\xED�z\xC1\x8F\xCA4=p{�\xD1f�\x83cL\xEAq.
-0_\xFC0\xA4\xFFÙ«e\xF3\xD6\xFE?\xD6\xD6Rpendstream
-endobj
-1975 0 obj <<
-/Type /Page
-/Contents 1976 0 R
-/Resources 1974 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1969 0 R
-/Annots [ 1980 0 R 1981 0 R ]
->> endobj
-1980 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [312.8189 570.0778 386.4723 582.1375]
-/Subtype /Link
-/A << /S /GoTo /D (the_sortlist_statement) >>
->> endobj
-1981 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [406.3277 570.0778 479.981 582.1375]
-/Subtype /Link
-/A << /S /GoTo /D (rrset_ordering) >>
->> endobj
-1977 0 obj <<
-/D [1975 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-618 0 obj <<
-/D [1975 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1978 0 obj <<
-/D [1975 0 R /XYZ 56.6929 748.2826 null]
->> endobj
-622 0 obj <<
-/D [1975 0 R /XYZ 56.6929 748.2826 null]
->> endobj
-1250 0 obj <<
-/D [1975 0 R /XYZ 56.6929 718.4268 null]
->> endobj
-626 0 obj <<
-/D [1975 0 R /XYZ 56.6929 661.7689 null]
->> endobj
-1979 0 obj <<
-/D [1975 0 R /XYZ 56.6929 639.4577 null]
->> endobj
-1982 0 obj <<
-/D [1975 0 R /XYZ 56.6929 553.1414 null]
->> endobj
-1983 0 obj <<
-/D [1975 0 R /XYZ 56.6929 541.1862 null]
->> endobj
-1984 0 obj <<
-/D [1975 0 R /XYZ 56.6929 361.0617 null]
->> endobj
-1985 0 obj <<
-/D [1975 0 R /XYZ 56.6929 349.1065 null]
->> endobj
-1974 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1988 0 obj <<
-/Length 2817
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDZ\xDDS#\xB9�\xE7\xAF\xF0[\xC6UgE\xDF\xD2T\x9E8�\xF6\xB8� 6\x9Blrw�\x83=\xE0\xA95�\xC73\xC0\x92\xBF>\xDDj\x8D=\xF6a�[@\x8A\xAA\xA4\xA8B\xAD�I\x96\xFA\xE3\xA7VK\xA2\xC7\xE1O\xF4\xBCa\\xA5\xBA\xE7R\xCD��\xA67\xBE=\xE0\xBD�\xF8\xF6\xF1@\xC46\x83\xA6Ñ \xDD\xEA\xFB˃?\x9F(\xD7KYj\xA5\xED]^\xB7\xC6\xF2\x8C{/z\x97\x93_\x93\xA3��/.\x8F\x87\xFD\x814<\xB1\xAC?0\x96'ߟ\x9E} NJ\xC5\xD1\xF9\xD9\xC9\xE9\xC7O\xC3þ\xD3\xC9\xE5\xE9\xF9�\xB1\x87\xC7'\xC7\xC3ã³£\xE3\xFE@(m$�\xA0\xE2�\xFF<?;\xA6F'\xA7?�\xF7\xBF\xFC\xF1\xE0\xF8r5\xE5\xF6\xB2�W8\xDF�\xFC\xFA;\xEFM`u?�p\xA6Roz�P\xE1L\xA4\xA9\xEC\xDD�h\xA3\x98\xD1J5\x9C\xD9\xC1\xE8௫�[_CקĤ\xB9`B�\xD5��δ�\xBB\x95~\x81ïFR*\x96\xE2<7��\xED\x986�%\xAF5\xE3)_K^Ê–\xE4\x85V\xCC+ezΤ\xCC*\xA9\x82\xE88=;9\xEF�\xB4\xF029\x9D\xE4\xF3\xBA\xF8\x8Ds\x99W 6\xE1\x92z\x9A�qt\xF1\x89\x88l>A\xC2'\xE7#b\xDCU\xF9\x84\xA8\xABG\xFA\x92QuZV5\xE8A\xA6i\xF2!\xAF\xC6\xCB\xE2\xAAiXÌ©\xE1\xF0\xE4�u\xD2s\x9A\xA5\xC6\xE0R��2L�Vjض\xCA4\xE8\xCCY+{\x{D97E}L|J{\xA6\xC0�{\x83\xA6\xC1kjDBK\xCFe\x97F`\xA9N\x8A4,\xFC\xF4bt|\xF4\xD3\xF1?@FN\xE9\xE4b\xD9�Q\x95\xF7\xC5�\x95"R\x83\xF2�\xA9Nn\xF3zZN\x88u].\x89\xA8\xEArY\xCCo\xA8rzQ\xE5c"\xBF\xE4\x8F+\xF6mV\xE7\xCB"\x9BQ
-\x95\x81凳�{J�\xE4\xA1m
-\x82;�
-\xA2\xEF\x81��\xA1\xB9ܧ\xAD\x96�^W[\xFA5\xB5eSˤM}\x97\xB6 at 0^�K\xDA�} �2ܸd\x98/\x82\xAE\xF2
-\xDC(\xAB\x8B�\x84d\xA4L\xCAk,U\xD3�8\xD9d�[Vy�>"\x84\xF4\xC9\xF1\xD7�\xA8\xE5�\xFB\xCE�އ|\xB0\xDBC\xF6kD�\xAFvk\xA4\xBD\xD4\xD7\xD2��\xB1\xB7\xE6[\\xB2\xE9\xB1[#�@\x92kա�\xEB�K\xB9 D�\xAE�2\xE2\xC9�\x9C\x81\xC4\xDC�@3t�,�wW\xB3bL4\xF8E\xFCVU\xE5\xB8 ϘP\xFD\xA1\xA8\xA7�\xBD\xC0?\x88\x98g\xB7y\xD8_L\xF2\xA9j\x9A\x83\xF8w\xEA <򦘣\xBFI��\xFC\xFB/T\xA1\xE9-f\xD98\xE8�8�D\xA9�a
-\xDE\xEAzUT\xDFa\xDD'Wwu\xF8U\xBEe�u1\x9B\x91�Dp�\x8Aփ\xD4\xE8\xF4\xE3o\xDCp�\xFF�\xACC \xBEǻ+\xA2`\xC32D�\xFE#+Ub\x8F}\xB5�\xF72cxS|\xB6\xCA2\x9D\xEA.\xF32�"�\xE3ɼ>\xF7�V(\xB1\xBD[� \xE0\xC6g<\xD9��\xF9\xD7\xF14\x9B\xDF\xE4K\xAA�\x90F\xA2\x9E��Q\xC1\xA8\xB0k4*�\x80\xBF\xA1�\xBFײV\xCE.\xA5\xE2{\x94\xB1^\xE5k\xF9z3\x8B\xE7�\xD9\xF4� q\xA3\xF2]\xE8k\xA5\xC7 J��\xFC|��0�\xBC$'A\xB8 \x99\xAB�P\xCA4\xF9x1"n1\xBF.Q\xBE\m\xC8�\x9A�c\x97>\xCA��\xC2;�\x9BnB\xF2N\xF1\xB6&\xFE2a\xBC)\x96�\xEF\x99u\xAA�K\x85e\xC2q2\xB0_\xC0\xD8M*\xFE`츇a\xA1 \x98(fD5\xD6N52v (\x84\x84�\x93�\xDAΉ�\xD1�\xA88\x8C\xB0\x83\xAB\xA2&:\xEE\xA2׃\xDD\xE1HNM\xE6c�ۋ\xE4>\x9B\xDDE�\xB1mV>�\xA7\xF3\x80e�\xB1\xAF\xF2�\xA2�\xC4<\xAA_\x973l5\x89_�\xA9\xA4\xC9B7�^\x89\x85\x9EI�\xEC\xE3O\xA0-u��\x8C\x92 \xAA\x91D'\xBA\xC6\xE3\x8D\xD3\xDFmo\xDE{\x83߶&_�\\xDF\xC0\xA1
-\xF8\x91�^t�\x9C\xF1\xF0#\\xBB \xCD38�\xC29Psœ3\x92<n:w�\xEA.\x8B\x{246A2F2}\x98\x832\xF1�\xD8!\xE2\xBEHV�\x99\x8A}"\xA5\xB9\xCA\xD7\xF4\xE1\xB7�\xA9\xD50\xDF.�6�\xA6\xA0S
-P\xCFF\x87� P\xE7mrH\x92\x98\xE7\xF5C\xB9\xFCB\x95*_\xDE�\xE3F\xCE\xE31\x84\xA4-!o\x89�Ĺ3\xDCt\xDC\xEE�\xEFzÞ¯%\xDD7\x88�\x8C\xE6\xCC�\xE9\xBA\xC4k,\xFC\x88\xD6Q\xBC��X\x9F\��Pne\xACp�\xB8\x8F\xAC\x88!@\xA1\xB8�4�M�\xA9|\x84�\xE0�D\x86\xCD\xC7lØ´zf�Ð�\xAD\xF5\xBDV \xA0�\xF3\x92ËM\x8F\x9DjЩ\x82p\xAB\xEB\xCCl\x94d\xDAk�\xB5p��\x80\xAAobr�$�\xCAU\xD8LÕº\xA4�\xCE\xC6w\xB4\x8D\xCC�\x9B�\x93b�G\x80\xD8n\x9A\xD5D
-\x87\xB1k<� \x95\xED\x8B\xF7�\xE6\xA8b-\x9B\xCDC\xC3ANF\xC58_\xD6�\xF1䪕H�\xAE\xDD\xE3QA\x87�3\x8ER\xD6D\xE4_\x8B\xAA\xDE�\xEF\x89=\xE9\xDF\xE5��a,\x85\xEBH\xB4\xD6�\xB5�Z�P\xC3!\x95\xF5\xE3"�\x930\x8C%\xA9�\xBFu\xA4%F\xB0Z�\x9A\xCA0\xA9\xC1\xE64H+�\x86!\xE2\xC4\xE8\xF6�\x9B! \xBF\xDEm\xC1-\xD3x\x99\xB5\xAD
-�N\xC9\xD6\xDBo�\xB2\xE9\xB1Û€y
-\xF8k\xBA"Y0Wf\xAD\xD2+�V\xA0R\xF5?o\xC2\xE2}\x98\xB0\\x9B\xB0\x96+��[Z\xA9
-\xC8Iq\x8Dc_\xE7ˊ�ה\xAD\xBB\xA5\xDA�l\x98\x84L\x92\xC7\xE5\xF2\xA8\x94\xC0\x89e\x9C\xE0=L\xB0\xDA\xE3\xCE�\xEE\xE4\xF3\xBB\xDB| \xFDAΘ^B�f���\xAC\xC3AH^\xAEV�\xDCqy\xBB\xB8\xA3tT6�f\xE20V_\xE4\xF3
-\xF7\xA7'D���\xBD\\x95\xC1T”sb5\xDB�Ҥ�)\x9A\xAF<�\xCF
-\x92q`fq���\xA3�-\xE7W\xC1T\x9EZ\xED
-
-\x8C0{6\xB3\xB6\x93\xBD\xCCq\xDF4\xA6P0_\xADLWN^s\xCER\xE7\xE4��.\xFA\xA9L�\x87\x87\xBF@|am\x83 6b\x82\xDD\xC4��1�\xCB�\x93?\x81
-z�b+"A\xD6J\x91@?L\x8B\xF1t\xF7Y+\x9A;j�\x8E5\xC5<Ƈ+��\x95{8\xFCdW\xB3XŹ\xC4\xF4\xD33a\xBF\xAE\xDBB|\xAD\xC0Ť\xCC9\x93~Ã\xD4\xC3\xEFѵ4\xCC�\x88\xBB\xF7\xEBZ9Ǹ\xB5\x94\xED?\xFB|�2�*jX{JIh\xDFh\x98x(R,7!\x9FZ7\xB0�\xDA�\xBA � � \x82|\xA4\xFE�\xF9Ï…|\x99\xEA�\xF2\xB5\x96Q7\xC8�\x96\x9B\xAAvR�\xB8\xEB\xA4.T\xB6\x92\xBA\xC0 \xE9�()L\x8D\xC3<\xF1\xD3+\x97~\xA6\xD7`Zv\x8F×´\xCC\xF1e&\xFE\xB6�\xC9�s�\xD8uy\x8Dp�\xCE\xF0d*!I`\xACJ\xF1L\xAB\xB4^\xA5�B\x85\xC2#
-\xBA\x86�\xACa.\xB2eM�\xDEDŽf��\x81h2SH\x93U#U-@\x81\x98\xE8OՋ\xEEa\xF6�\xC9ڋ\xC7\xF7\x98� ˫\xB4CE\xE0�LyN\x99\x9C�̓\x83\x81n]`J\xEF\x92\xDBl\xB1 /\x8B\xB5\xAB\xBC~\xC8\xF39UHl at x)\x89\xA0�� >3\xD8$#o\xF3\xFEl\xA7f:\xFDG\xD8=wd\xADE\xBF\xE3KK�1K\xA5\xEF\xDAt\xA4M\x99v\x9C��Ë\xA0�\x99\x9C\xCE��o\xE3]\xA5t2i\xCA�D\xB4e\xD8\xEA\xA1�e\xBD FA{<0){\xE1\x9A�\xAF\x93\xAD\xEC\x85s\x94:\xC7~{�g}\xD9\xF9�\xB0\xDB\xA1\xD9�\xC3{v$\xC5�\x87\x85tiK�f(7�\x8EN?\xC2.�h\x97�\x95\xF3\x9A"0\xEDE; \xD4^&Uq3\xCF\xEA\xBBf�D\xD6$\xAB3\xBCJ\xE6\x9B\xE9$\xFCD1\x86\xDC\xF5�\x83`v\xFFa\xBC\xBD\x96w|\x87,\xF0y\x8F\x91]\xA7q)�\xB3:%\xF0�\xF6\x95K.\xD1I<X`yW\xE7\x83zJ8vw3\x8D7\xB5�\x9C\x84XA\xD9&\x97g\xC3\xC5AE$\x85bHaH\x84e�\x89B\xAB\x8CR\x83\xD8(/bW\x88\xC0v\xFBʤ Ŏ1\x92R�\xD4Mr\xA2b\xE0\x83!\x9An%wç\xADw�\xBEq̵\xE7y\xB7~e\xB0�\x8F\xBD\xC4�\xDBB\xAD+\x8A\xB7\xB0
-\xE3�l(]\xEE(pY^\x93&\x82;�\x9F\xA6-wtx\xB8\x8D\xD1:\xD2[\xBE\x88\xAC\xC6�\x91\xA6p\xD2Ť\x80\x83\x80x�N\xEE\xDE˚�S\x89\xEDw�JP\x88\x89_"\ +\x844b\xF3ـR"&�\xA0A|(\x80m\xC2C\x81'l \xDEY\xFF\x97^
-\xB4\xD5\xF1\x8E_
-�@E\xD8㺌F�Sx�\x94\xD1\xF9!�\xF3 6\xB6nR\x9DXo\xA0U�b԰�_S\x99Q�:�m|X]\x89 !\xC25\x98ۼ2p\x84\xF1X\xBE\xE0\x9D]k\xA9\xEF8��\x823mmW�$\xA4e\x9C{\x8A\x81F�'\xE8ƪ\xEDƚ\xFB�sk\xA8�\xA4G\xF9|��\xC5 at _\x94\xB3b\xFCH\xF4\xC9�N �f9=.XEQ\xC8�^\x83D\xB6[\xEE7\xC5}�=&__�\xAFc\xA8\xE7\xE4\xCA\xE1'\xF6\xA8\xAE%\x94w��yˌ\xE9\xBC\xD2�\2\x9E\xD2�\x9CѰoL\xF27< Z\xBD�\xC2*�\x87\x83\xAB2 �f\xB6V\xB9\xB0/s\xDC]�\xB9\xDA!\x9B<X1\xCEc�
-�\xAE�\xAD\xD5n\xED\xFD\xFD\xA7QDBTD\xE79\xC3y\xB9[Q- \xBC\xE7Ǒ�\xC2#\xD3u�t\x!
9E�\xE4E\xCC�\xFDp\x82W\xCF�fn��ó:�ד\x87\xEC\x91\xEA!g�\x8C\xCD��~ \xEF\xF5\xAA)}Έ\xB7n�{M\x83\xAA\xF1ӗ\xFC\xF1O�q�e\xE7{� 7\xF9r\xB1\xFC\xE35\xF7N\x93\xFB\x92\x94-�\xBDL\xE6\x98�vҢ��\x93B\xA6O=$\xE7\xBD\xCE\xE7�\xCF}\xB6\xBE~\xBA\xAF�\x9C\xDF\xFD\x8E\x9BW\xC5a+P\xA9\xC0-�Ǣ\xCD\xC3l\xCB\xC3(ό\x97\xAEi֚\xFB �[0\x9Dendstream
-endobj
-1987 0 obj <<
-/Type /Page
-/Contents 1988 0 R
-/Resources 1986 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1969 0 R
->> endobj
-1989 0 obj <<
-/D [1987 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-1986 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-1992 0 obj <<
-/Length 3344
-/Filter /FlateDecode
->>
-stream
-x\xDA\xD5Z\xDDs\xDB6�\xF7_\xA1\xB7\xD231\x8E H\x90\xB8{J�\xA7q?Òž\xA3^3\xD7\xF6\x81\x92h\x89
-E\xAA\xFC\xB0\xE3\xFE\xF5\xB7\x8B]P\x94L\xC5\xEDÅ\xEBMfB`�,�\xBB\x8B\xDD\xDFB\x96\xB3�\xFE\xC9Yl\x84\xB1\xCA\xCE��\x898\x94\xF1l\xB9=�gk�\xFB\xE2L\xF2\x9C�?\xE9b<\xEB\xF3\xF9\xD9\xDF^\xE9df\x855\xCA\xCC\xE67#^\xA9�\xD3T\xCE\xE6\xAB��#\xB48��a\xF0\xEFo\xDF\\x9E_\xA88�^]}
--\xA9\xA3X�/^?\xFFn~yM�\x86\xA7~~\xF5\xE6%Q,}^|\xFB\xE6\xD5\xD5�\xDF_??O\xA2`~\xF5\xED�"__\xBE\xBA\xBC\xBE|\xF3\xE2\xF2\xFC\xE7\xF9\x97g\x97\xF3A\xE4\xF1\xB1d\xA8Q\xDE_\xCF~\xFC9\x9C\xAD\xE0t_\x9E\x85B\xDB4\x9E\xDDA'�\xD2Z5ÛžE\xB1�q\xA4\xB5\xA7\x94go\xCF\xFE90�\x8D\xBA\xA5Sj\x8AB)\xA4\x8A\xF5\xECB\xA7"\x8A\xE3\xF4\xF4\xB6\xB4E�\xDBrSJa\xE3\xF8x\xD7��Z!\xE1?P=�)\x8C\xE2dP\xBDR#\xD5K�\x8B(MfIl\x85\xD1J;\xD5\xCF\xDF\xCDQ\x9DZ�\xF3s\xAB\x82\xFCCGZk\xCEe�\xE4\xCB\xDA}W-\xE8\\xCB0x\x99\xB7˦X\xE4+\x9ATT\xAC\xE2W/\xA8�j\x8Cű\x9EA �I\x8B�\xEF\xC5\xFB\xB4#\xEB(��\xDCgv\xA1\xB4\xB0�5\xDE�\x96~\xC5i-j%\xA4\x8E\xA3G\xB4�%\xC2$ 9\xF0�_\xBD�-\xAAD�W\xD5M\xDDl\xB3\xAE\xA8+\xA4\xC4A\xB6\xA8\xFB\x8E\x9Aw\x9Bb\xB9\xC1\xA6 \xEE\xF2\xB2$\xE2\xFB\xAA\xBE\xE3\xA9U\xDE\xDD\xD5\xCD{\x9A\xD1\xE6\xCDm\xB1\xCC\xDBg\xA8NØ\xF4p\xE1�\x82\xBB\xB6=\xB2C\xBDg-}\xDF~3\xFF\xEE\*�<\xA3~\xB7\xC9Øž�}V\xF56\xF3Vk\xFBÝ®n:o\xDB\xD7E\xDB\xD5M\xB1\xCCÊXp\xA4\x9AOS\xF7\xB1�\xA3'\xB5`\x98
-\xA5\xE2G��l�cR\xA7\xCAw*�\xB5\xA7q�\\xE7;\xF2\xFD6\xAF:\xB6\xA3NuP\xDF\xD0\xF7\x9D\xC0\xA9\xD8�̅\x9Dl\xB5\xE2em\x8E�MB�\~\xD8\xE5M\xB1E>\xA4\xD3i3>z\xA9d\xAA?b\x92\xFDY\x9F\xCA"\xFB\xF0\xF5X<\xC45I\x98�\xC5\xC3\xFFn\x95�D�+4��<#�ar�G�\xC4S\x95@�M5\xA8Ԥ\xA1H\xA2t\xDA\xE8>\xD6�\xA3D*c\x8E}\x9B\x9C4|S\x97e}WTk\xD42$,;Zi 9\xD84\x82\xDDpɲ\xCC\xD0\xC04\xEF`�e\x85\xD2`�\x9A\x87޲�\xA3mݻ\xC62\x9F�\xAE|C\x89J\x9De\xDFP\xB7\xEA\xCA{"\xDDfeq\xE4"\x9D?\xC0\xCB7o\xFF~\xEC!\xC3u0�\xA9b�\xF6d\xD0p\xEF\xEEO\x98\xEB�d�c�IuF\x83URm\x9CM\xAE �\xC0*\xB3\xB7\xFBU\xD5\xE5
-\\xE3Ó·k\xB4\xCBSe,\xE0\x98\x9A\xF8\x8F\X\xBF\xE2\xA4.bkE\xAA\xE5#�\xCF\xC0}\xD2
-\�\x95\xF1\xE25\xC4;�\x81\xEB\xC5&\xAB[\xD0�f\x8CD\xB9<a\x92\xE0\xEB爞L�P0\xAC\xBBzY\x97DY\x92cf\x9D�X0ץ��\xF8\xE6jN�\xE7\x9E@ \xF7\x84ƶX]\x806\xC3\xF6#Q\xF0\x9A\xFD߹\xBB\xD4A\xDF:\xFER\xC1\xEDl\x88Tt-56C\xAA\xA2\xFE\xAEovu\x9B\xE3�T�,0\xDF"\x99�N0B\xE8\xF8\x99\xBB\xC4{\xE7\xA4D\xBE苲\xBB�2$\xE4\xE0\xBC\xF1wn\x94ؑ\xF0[]avv\xED\\xAC\xC53
-
-\x91�\xAB>�\xB3B8\xA1\xA0 \xBCZX.�E\xB5\x9A\x88 \x89�\x89\x96<\xF7\xB4K\x8E\x8D\xFDi�\xF4\xE7\xFA\xA4\x814c\xCC\xC7]2\xB6RD�\xE22�\xF95`(#\xC1^ç ¦�\xAA6\x8D\x82�Õ\xA4G\xFA���$\xEA\xAC\xF2Û¼\xACw\xCE\xD2\xD0]\xDC\xD3�\ò³–šß‘#\xFF\x92/\xBB\xD3N\xF8�\\xB6Ê°\xC0Pip�n\xA4\x95
-\x8A�\xBF\xDE#\x91\xD2\xD5Di7C\xD0v�\xC7"\xE28c?�\xBB͚\xA2\xEE\x99S{\xDF^Ly_\x97o9�\xAC\xB2.[d\xED\xE0`�\xA1�H\xD3\xF8\xD15\x9D\xAD\xDFy®)0\xB4\xF9\xCCRq\xDEhk\xFA\x82�\x9Ev\xAF\xBDݞʻ\xFE?\xF1D\xAC
-\xB4\xEC\xC7\xF1D,S�\xC7F\xED\xF1\x84\x86��\x88�\xC3�6\xABl\xCBDr#�\xBC\xE9\xF2\x8AI\xDB]Y,�\x8C\xBDZ\xA7A\x93\x81\xFB\xF1:@\xEE< }
-\xA1\x89\xEBx"\x9Aw\xDD`\xFC\xC3\xDE.k:\xCF\xDC/\xE7]\xAF\xAF�5^\xD5\xCC9\xFF\x90\xC1\xB69\xEF\xB9ͪ\xFB)W$\xB9\xF1�R�DWJc\xB7oSe\xA5\x8B\xD20\x88\xC2Q\xAB\xA3\x9B\x90\xD3<�i\x81\xBA\xC9\xDA
-QZ\x98\x90�\xFD\xB2\xEB��
-�x\xFD\x86\x97\x8Ev\xDEeK�Ôf��\xE2rC��̼\xBEf&pj`yC\x9D\xAA^9��\xC9\xC8Y\xE4\xE0pd(\x92 +!\xA7X�I\xE0\x85_\xE5T\xD9�i�È C\xE2\xC1\x84\x9F\xC2P\x9D\xCB\xE0\x83�5\xD0\xDF\xE4\xD9\xCA\xE5�\x98\xF4S�\x87\xDD\xFD\xCE\xC9�i�\x8BܞϿ\x86QI\xF3\xB8�\xC4\xE5�o\xB6\xAC\xAB�\xB2�\xE0=\xEA\x93^`B\x86\x85"I\xE8y\x91.PB\x9A\x82\xB1%[\x94\x93G%\xD7\xC0K\x8F\xC2]\xBF\xA4\xC7�\xFC\xEF9\xCBsP&\xE2\xE9\xBA\xF6�]Vy\xEEA\xAAǵ\xC3\xD84\xC0]\xE4\xA4X\x8Cd\xBE\xBA�\x83x\x89\xB0Z%\xA3+�\xD2l󌌡\x93\x98\xBC8a\x9F@�h\x8F((_^\xAE\xA8\xE3n�\x8Cf<\xBB\xD8\xF2\xF4\xB2\xD8���](\x86料㱚v\xA1Ì‚�4=\xF6\x97�\xCF]0\x9B\xF7\xF9\x8E\xB9�\xD5\xC1N\xCBl\xB9\xC9\xC1\xC5�\xE0\xA7\xF9Æ‹A\xBBN\xD8`U\xE7n\x8A�\xDFt�\xE1�\xEFvx\x85\x90\xE6\x92 \x92\xFAn�\xA0�k\xCEÛœ\x860�P\x8B�`\xD0\xF1�pn
-\xB4\x8EǘyV\xB6\xCC
-5\xB1""$ \xF0\x9A(\x94�\x8Bpt\xE17&\xEDz�ް)7l��\xECj\x8CN^v\xF4ȉ\xC3���9Ѱ\xF0�\xBF\x9C{�\xD9Ͳ\xA9\xF0�\xB7m\xB1\xAE\x9Cp at u\x92\xD8h\xCF#[A\xA8\x83k \x91Ѕ+\xCB��\x97�lD\xAD;�\x97\x9C\xF7l\xB4\xD7�\x90@\xA1\xEB\xA2�\xAC\xEAjr\xB8+?l\x8A\xE3\x8BB�\xAF�\xE5\xE3%H%J\xDDR˹�6�9}�L\xA6d6\xFC\xA2\xC0\xDB\xE2\xB7\xDC/X\xA2\xFE�v\xB1>h\xD1E\x85\xCFo$n=lC
-\xC6Ø›bA�\xF7��\x8E\x8D\x92-�\x85`W\xE4<\xD3\xDDH\xF8\xFAZf2�\xE4\x8DC&Õ’\x91JÛ¯\xD7y\xCBЄn?\xB5\xF2\x96g\xA0�\xB5<yS\xF7%#\x9F���\xC2Q>Ϩ\x80kYJ_\x8A\xF3\x90�K\xDC3�\xB2\xE3x DJ\x82\xF0\xD8\xD9\xD4m'\xE8\xE5\xEB\x8A\xD7f\xF4\x81\x80_\xAD'c�]XeY*\xD4w��\xBB\xC3\xD2�\xD3[\x94\xFA\xCD,{"4�,"\x9D\xAE\xFA%\xA1;\x8B\xE0\x89d\xB5�\xF4FlX\x98Ñ �y \xF6\x8Aj�\xE5\xCB{"\xAD\xFA\x86�8\x99r\xC2\xFB\x88\xEF\xB3#\xBC\x86h\xD4W�\xBE\xECj\xFD;\xD1"[\xBE\xE7i�\xEB
-�\xB9\xD1ؾn\xB9\xCD\xCA\xFE\xC13\xC7a�\xA7Í\xE2s:z"1!_)lQu\xE73"��\x92
-\x91Z@\xD9�\xD4
-\xE7�\x9C\xE7Òµ\xA1\x80\x85\x84e\xD64�U\x91\x8Ck
-=T\xE2X\xBD]\xE0\xC5e.r\xE0\x82\xD4枷\xE9P\xB1~aŜ\x867NX\x85`\xA2�S����\xC6O\xA2n\xFA\xC4s�\xC7\xC6_\xFB\xD1{L?X\xC2C򟔊v5!ol�Z\xA7&p\xE7\xD1\xFD\xE9\x97�\xC1\xB5�ᵆ\xCAj\xF4\x83\x89�\xEA�\xEA\xAD0�\xCDK)\xF1\xE9\xBEw�1֣�vM޶C\xAD\xEA\xD36\x9A\xE0a\xE1 \xCC�TC \x98\xA8�wv\xB2j\xA4�\xE8P{\xF46\xEANo)5\xE1\x84\xC10VyXh�\x8Fzo\xB1�\xB0\x96\xEF\xF3\x8EwprY\xB5�\x85\xE3\xD3\xFC\xF1\xBB�\xDE\xE5\xD0\xC3�+�\xE5\xEA۞\xE1\xE8i!\x9D���dS\xAC7n\xA9\xB1�\W \x8E+\xEA\xB0\xFC\x90�\xEF\xE8
-�
-\x9F�(TP\xBF`zF�\x86\xAD\xC9\xE8\xD5 \xA85=L*q�\xEE \x82r\xA8t\xAF*Z\xC2w\xC9zp\xDER\x8F\x95p[\xAC\x8E7\xA5\xC7\xE1\xC4\xFD\xE2�=\x9B:�F\xCF�\x82ww_\xE6Ü„(Uf
-u\\xF0
-\x87\xE0�\xFAÔ†4�6\xE0\xBB\xCD \x8A\xF1|�^N.\xEC\xDCe\xDC\xC8A\xD8\xFA\xFEx\xDD8��[I\xCC#w~S� B%B^\xE6\xE6\x92�|\xC1��\xBF�\xE3\xF4C�\x8A\xC9\xE7�\xAA\xB7Ý»O�l\xEB\xD6=\xFC\xA4\xEC\xC1ÒŽ<�>\xB8EMw/$\xD9�G \x8A\x949\x91Ê¢\xA2\x87$@#% \xB2~\xBD\xA1�\x94\xB5\xA8z�\x92`�Nm\xA99\xDA�\xCCV\xC3\xD5[\x94\xBCm\xDFR\xC4Å\xCC?\xEAb\xA2m?�q5X\x8E\xA0\xBB\xD1�\xFB\xB4w�\xEDvÆ–
-\xD6 �ۣQ.?'W\xBAz��W<\x92��\xCFQC^�\xC4\xC4,\xEF\x8An3\x9A�\x83eV\xBDG\xF5\x80q8;\x9Dع`�\x80\xF8zD\xA3S\xCF�\xB5\xAF�\x8E\x82`Kwi�Z\xF7�ʃ
-\x84o\xFB-=\xAFP\x94�\xD4\xF8�\xA5\xA5\xA6\xB7\xD5qd\xE7j\x9CslÙ¯|P\xA7�l\xA8p\xB2U\xB6( wÝ»X;i\xB9W\xFB\xF4\x8Aw\x9B\x9C��\xA4�\xB8\xF4�\xC7,\xFE\xF6G\xF4\xB2p�l<�P\xCA3&Q�\x89\xF3]\xDCC\x9A\xAB'\x99\xE7\xCD\xD1J\xAA\xF3\xA1\xF1b?iX\x88̨շ\xF9\xD1\xC2m\x95o\xEB\xAAX\xB6\x93\x95K\x8E\xF7\xBE�r\xF4\xA2\xBEu\x97\xC3\xF8hl<\x8C5\xE1\x90\xD63νî‚\xDC�m|S�z�\xA3�\x92
-[\\xDB\xE19"I\xA1�\xF3\xFE>\x98\xB8\xE95\x91\xB3Ûº\xF0R�RX\xF7h\x9A�|�\x97\xADe�\x8D.\x8A\xDBL\xF8 �CG^\xB9\xD8Ü«\xC4u\xF7\xFE�\x9DU\xD1\xFE\x82)�\xD9\xEAÔ—
-dz\xF8\xE8\xAE`\xD7\xC9~�:56\xE8ԣͰ�\x93�\x91[y\xE7\x903\xB6A0\x84\xC6:\x8C88\xC0<\xFC-c/\xF5T\xF8\xF7�\x92\xCC\xE3\x81\xE0#W\xA0\x86
-\xB6�n e\x9F\xAD\x87�Cf\x9A\xC2-�\xF5P\x92\xEB\x8E\xDE
-@\xC6\xE6\xC4\xC5I\xC6!/\x9AzL \xAA\x87\x9E�g\xD3\xE8!\xE2\x8Cƈ3\xE2\xA8\xE7Õ�\xAE\xE9\xBB?7t0t\xF2��\xA3\xA1\x89\xBFÇ—\xF9j\x9D\x9F`5T-{\x81�\xFC`<a\x8F!\x9C��\xC3c\x9D\x88#Íʹ*\xB8\xE3u[ -��)\xA3�p\xA5\xD4�\x8F\xC1\xF5\xC8\\x8C:�\xE4\xB6\xD9z�\xB1�?��\xBC\xD4ZϤR"\x8E"\xF9\xBB\xDEnM(\x8CQ\xF1�|\xBB\x9D\\xF5\xE7\xFCtȇ�\x96\xA1\x88\xD3\xD1\xD3\xEE\xE1o6\xA1�qh#\xE0� \x99\xC41\xFDx\xF8\xF6J\\xBE\xFC��}t��ß¼;\xBFHt\xA2 ��0\xF8\xBF.\xDF\^?�ô\xE3\xE7u\xA3A\xE0�4\xEA\xF6\xB6O\xF0\x83"(�\\xF0OQ\x90M\x85\xD1:\x9DÖR\xA1H\xAD\x81\xA3\x84J@\x87\x8A\x86\x87
-y\xFEnP\xC7Im\x8C6\xFA\xEBj#5\xC2$\xA9y\xC4[,
-\xC0\x97\xFD\xD0�\xDC\xEFO!�\xAAÄ¢\x82T*\xAC \x81\xD4I\xB5\x8Cv\xFC\xEB\xAA%\x89D�)\xE8�'IR\xA1)\xD3�\xE7\x87
-\xE0\xF8\xF1\xE9\xE3\x8F8?\xE9\xF1\xE5S�\xDF(\x91\x98T?\xE2��*\xF58\xA2\xDF7�n� \xBB\xB1O\x80\x9C\xA0�\x95\x9C\xD4\xC9h\xBBO;A��\x91\x84Q\xE4~�\xD3:\xD6S\xA6�\xCE�u\x98\xDF\xFBG\x91\xFB?�\x8D`\xBF4U\xD3?\xA8\xA9$�\xB0\xD8௉\xC8��&C\xF3\xE0o6QS\xDA(?m$\xFB !9lmendstream
-endobj
-1991 0 obj <<
-/Type /Page
-/Contents 1992 0 R
-/Resources 1990 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1969 0 R
->> endobj
-1993 0 obj <<
-/D [1991 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-1994 0 obj <<
-/D [1991 0 R /XYZ 56.6929 660.0058 null]
->> endobj
-1995 0 obj <<
-/D [1991 0 R /XYZ 56.6929 648.0507 null]
->> endobj
-630 0 obj <<
-/D [1991 0 R /XYZ 56.6929 345.1443 null]
->> endobj
-1996 0 obj <<
-/D [1991 0 R /XYZ 56.6929 320.442 null]
->> endobj
-1997 0 obj <<
-/D [1991 0 R /XYZ 56.6929 134.8978 null]
->> endobj
-1998 0 obj <<
-/D [1991 0 R /XYZ 56.6929 122.9426 null]
->> endobj
-1990 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2001 0 obj <<
-/Length 2992
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�]s\xDB6\xF2ݿB\x8F\xF2L\x85\xC37\xC9{s�\xA7\xE7N\xE3\xF4�w&sM�h\x89\xB68\xA5H\x9DH\xC5\xF1\xFD\xFA\xDB\xC5.HJ\x96�'qg�\xCF� \xB0\xC0�\xFB\xBD�\xA9\x89\x84?5I\x9D\x90&\xB3\x93$\xB3\xC2I\xE5&\xF3Չ\x9C\xDC\xC1\xDCO'\x8Aaf�h6\x86\xFA\xF1\xFA\xE4�oL2\xC9D浟\ߎ\xF6J\x85LS5\xB9^\xFC>}\xF5\xAF\xB3_\xAFϯNg\xDAɩ�\xA73\xE7\xE5\xF4Nj\xCB\xD74\x92Q\xF3\xEA\xDD囋\x9F~\xBB:;M\xEC\xF4\xFA\xE2\xDD%
-_\x9D\xBF9\xBF:\xBF|u~:S\xC6:
-��\xDE\xE2?\xEF.\xCF \xE8\xCD\xC5/\xE7\xA7\\xFF|r~\xDD�y|-%
-\x9E\xF7\xBF'\xBF\xFF!'�\xB8\xDD\xCF'R\x98,u\x93{\xF8\x90Be\x99\x9E\xACN\xAC3\xC2Yc\xE2Hu\xF2\xFE\xE4\xDF\xFD\x86\xA3Ù°\xF4�\x99\xACL \x99\xCE&3\x93
-\xEB\z�-\xA1\x90\x80\x96\xBBJ\x89̹}\xACpk%,\xD0�Hï¼\xD6%=\xE9\xAD�\x91^\xDBLh\xAB\xD3I\xE22\xE1\x8D6\x81\xF6g\xA7\xC0\xB1DO\x95NE& \xBBÙ§\x93Í”H\xAC\xC1u\xC3\xF6\xDFwd\xE3\xA5\xD0�\x84e\xA0Ô—H\x8FK\xBC\xD7n\x97\xF4߶*\x9EC%N�\x9B�3t"d\xB2˲G\xAC3Ò‹Tg \xD0�h\xE5|:\xD0Y\xEBC"\xAE \xB7qY \xF3\xF5\xB28\x9D�ͧo?`k\xA7WW-
-,\xF3O<\x95\xD7<\xF5\x9AD�\xFF;\xA3\xA9\xB6\x98weS\xD3\xC7\xFD\xB2\x9C/ t\xDE\xD4m\xD9v\xBCUs\xCB�Ѥ򳛲\xA3\xA1z\xBB\xBA)6Կm\xAA\xAA\xB9/��u\xF30Zd\xA6\x8Bf\x95\x97|\x90:_��\xC5��0#V\xAA\xE16\xA8W\xF9b\xB19U\xE9\xB4h[\xD6\xC6+\xEEl\xDB�BM\xDB\xE5\xF5"�\xC0��\xB9\xF8\xF5\xC8�\xB7\xCDf\x95w\xD4\xEF�j\xE1\xA2]8\xD7hK\xA3\xE9~\xD8/\xEB\xAE\xD8\xD4E\xF7h\xCB\xE1\xFC\x89\xC8�H\xFF\xEE\xF9o\x9AO\xDC->\xE7\xABu\xC5�\x{DCB9}\xE7Ӵ\xE5\xE7\xFEj?P\xEF\xBE\xEC\x96|\xBC\xFBf\xEF\xDE\xF1\xE0E>g�\xE4J\x80]ҙ�E$4\xF6\x91\xD0\xFB'M\xC2Iߗ\xAB\xB2\xCA7\xD5�c\xE6ū\xF2nɈڢ\xF8\xE7\xBE\xCA*\xEDE\x86&\xC1\xDBDx�\xE2\xF9,
-˾Iò'4\xAC\x97�\xFD�v.^j�Z%|v\xC4\xCC)c\x84q\xA0vÞ€\xBDK\x8D�t\xFC\xF0A\xFC\xF2\xEA\xBDx{q-\xCE_\xFF�\xFE��\xD9M/\xC0\x87x)Q˼S`�\xA5\xC0?k�\xDB@�\xB6�l\xE0�\xF5\xF7\x9A\xC0\x8CL\xE0_A�m\xC0b\xAB\xF4\x88�p�9���\xAB��a\xD9�\x8FI\xA1\xA6�\xA5p�\xFC\x86<N\x93�\xBA�"\xCA\xD7\xF8\x85\x97\x97Z\x95d"\xFD�\xBF\xE0\x90"Þ¦O\xFB�\x97\xA4\xE0eu\xB4\xA4e\xFB\xB4\xFD\xE9M\xCCȨ�\x83\xA5D\xAE\xECk@\xA2\x852\xC0`y@\xF4 ~\xF7`F\xF8\xD4+�\xFF\xE1\x98\xFDb\xAB\xBB(o\xF1�\xB7��\xA6f34\xAFr6\xB6\xB0\xBB\xEA��\xDBô�\xA9Â\xC7 \xA5$�6\x8C\xD24\x84l�\xA4\xEBu\xD9ηm��\xDC�#\xFA\xCA`\\x8By\xB3Y\xB4�\x8E�\xF6E[\x91YEB|\x86\x8E\xD0\xEB\xE9\xA2h\xE7\x9B\xF2&\xB88o\xC8\xCAýL6\x98]�o\x8Bͧb\xC3kÚ®\xA1�\xD1\Y\x93�"\xAF�\xF39\xC3\xE5\xFDÚ²\xE0\xA1\xE0wa\x8C\xD9\xD3lCg^\xD0,\x8D\xCEi\xF7E�Ρ\x98\xBE\xE3\xD5\xE4\xD6�x[\xF6}\xC8s\xA3��\xA0Yç›®\x9Co\xC17\xF0wY B\xEC�\xF2A\xBBs\x85\xB0\xF4\xA6\xD9"\xBB\x8C\x8C\xBBÜ•\x9F
-\x9E\xEC\xFD�\xF4\xD1�Q\xEF\xA3t\x92ã°%�b\xDBn\xF3
-\x9C\x92�K\x81�c\xDC􆶆\xC5
-w\xF2\xEA>\x80\xFB\xEE\I\x87+!��\xC4>M\xDB���V\xC6f �I0ޖ\xA8
--\xC6.`\x95a��\xC6` �\xBAeY\xFFIC\x81xJ\xC7
-\xAF\xAE\xE8�ω\xDFyly\xE1\xC3:\xC8�\x8C\xAC\xF3rC\x83\xB4�D>y\x97#st�\xC1{Y\x81Y" \xF6\x80\xA2@�\xE0 \xEFD\xD1 a9pUbU|ʃ\xAAX\x8B\x88\xB6+\xA4\x9Au�\xF3-h\xB0�?\xFE\xE6��g\x9A\xC0�\xE8\x81�(\x91\x9By\x85\xDF&\\x87fvY
-�!n\x82vYTk\xDE\xE6\xA1\xED\x8AU\xCBG( \Z\x955/\xBF_�q�\xB0\xE0\x80�^qr�\x8D\xD5\xF8R�#\xAC�\xE6\x82�\xEC ?
-潢�Q
-\x84\x84^`\xAF\xA1X/@4�M,\x8A
-\xE4t\xF3 at _\x81_\xD0�\xC0\x9C
-3=gXr��\x98H\xBDv\x8D<\x9A\x97�\xA5\xD4�C`&b\x8A\xE0\xBB\xC7c\xA0xJjÖ›\xB2Ù”�#�\xFC\xA2\xD9�\xBC\xEE�\xC6&�<�\xEFI\xA7\x83\xB1\xD1^Ö\xEF\xD9\xD2|��\xF9@!b\x87O\xDA\xD3\xF7\x91?�\x85\xDBSwD�\x84m 6\xEF\x80\xDD\xEB\xAEX\xA0L'*\x8A\xE9��f�\xA0d�\xF8�\xD3�m\xD2)�p\xD3�\x9B\xD1\xD3M/\x82q\xC9\xD8-\xC14\xDF)�C\xFC���\x82\xB7\xA8>d+,Û°\x94\xED/�\x94\xBC|�6\x81LR:\xDD \xB5\x9B�\x9B\x99�\xFC)X�\xDE8\xDA\xF0\x80\xBBã–šÞºe�\xE5��\xA3\xFE\xC4io\xC3\xD7M\xBD(\xEB;<o\xA6\xF9�\xA9\x9D�\xD1�\xAE\x83\xC3�Ô¦\xA3\xCF\xFC\x8E<a\x8A\x9A[1\xCCmN=H\xB2\xF2\xF9\x9F\xBC\xAE\xE16nY�\x9Fy\x8F\x8A�r���N\xF5\x87\xE6\xFB[%\xA7\xBF\xF6"\x84K\x88O-\x81/\x9AC\xB7#s�F\x8D�M\xAD3�\xE2��\xCAoÚ¦\xDAv�}\xAD\x8A\xBC\x86;�\xCCG\xAD��\x86\x93F\xF0\x9EP \xB0g\xD7`\xBA\xA9+�\x8CDĬ5"
-�G(\xD8oC\xDD\xE0\xDF\xFB\xADFF�'1\xB6a\xFC\x81\xAD \xC7\xEAuH^YٴfesvPFg\xA3\xF5\x86�\xCB�v\x83\xA68\xCB\xFA\xE0\x90\xBB\xF3e\xB0\x89a\xB4\xA16\xEA\xDC.`\xD0=�\x99\x8D\xBD\x9B\x88\x96\xB4\x91l9\x9F颣\xD8\xC5d\xA3\xD8�bA!m�\xE3\xAEն\xED�D8�\xDEH\x99y�\xE2b�\xA0ɉ� �\xA9\x90\xCE'{"ݶͼ̻bq$\xC7\xDE7|8\x86\xBE\xFE\x8C#\xB0
-\xB5g\xF0��4�\x90L`-\xEE\xF2\xEC\xED\xF9\xAEK 9\xC3\xD8u��D4�\xF3\xB2x\xE4�(\xFC{�0xRU?\xA8*t\x89o\xA8y 8\xF2[��B\xC3\xC2�\x9F�)\xB47M\xF0\x92>\x89\xFBă\xF9\xF4\xF1��[\xDDw\xA8
-"\xF8�\x98\x91\x93\x8E�\x85��\x85l4~��\xB2\xE9�,߄\x8DL@{@5\xD9R at T\x8AƒmyW7\x83\xE8X\x90\xF9\x8B�\xDCv�\x8C\xB8\x94\xD1jd\xD1�e\xF2\xC0&;�HCdu2^\x9F\xC9\xC1\xF4b=r\x93\xE1�5\xAF
-a�\xF5� \xB2�\x82�c\xEB�\xCB/�\xAA�W\xBDy\x88E\x90b$A\x82\xAB\xB3Q\xDC8�zT\xCF\xC8
-\x83\xB4ub0\xD3L!\x87zN\xADVg\xC2%*\xF9\xBA\xC4\xF0\xF0\xAAG\xE5�\xF5\xFD\xB9n\xBC�D\x8EJ\xA4ƚ#\xE5�i\x84\x95\xCAL\x8Cr�\xB2p*'2\xA1ļY\xA1\x891�\xB9a-\xC3h \xC2
-Y\xD5\xF4�(y:K$\x9B,\xB1\xB3l\x8F\xC6N{8oj'\xE3\xF3|\xDF�\x91\x98*1\xFA�\x8B�=\xD5t�9z\x92\xA9#5�\x8396\xE4\x9C�\xC9\xE7���&Q\xC6EX\xE80yL \x8F~�}Ƙ\xFF\xC6\xF4I\xC1\xDAB\xE4\xF3�\xFA\xE8L \xA7\xA4;B�=\xA6\x8F\xC0(f\xBB�\xCD\xE6\xEE \xEA\x8C\xF0\xBE,u^R\xE7t\xE2\x80�i\xFA�\x9D\xD3 X�稸\xF0X\x83 ��+�\xD6\xEA\xD3 T\xA1\x8A\xA8\x8E\xD3h\x84\xFDo,A�B�e\xFC\x97h\xE4��I\x8E\xEEi\xB4\xA7F@\xEB'\x88\xA4\x8F�i\x84\xFE\xA5\x88\xF4\xFC\xB2\xE2_\xE1=@\xA1D*\xAD\xFBڲ\xA26^8\xE3\xFD\xD3eE
-\x81\xA0\x87�\xA5\xDF��h=J�\xB5V1X\x80\xF1�,@ۧ\x89\xF4I\xDE{\x9F\xD7N %\xBD\x8D\x91\xEA\x9E"�\x88ZA\x88R'c\xD4\xCA\xE1\xCF\xFE\xAE��\xC1e\xA3M\xF5�vE\x99Ku\xAAy ƫ!T\xC1k\xD4|\xC3>sư\xF5�\xCE[8\xFC\xC2<X\xA4^\xA9\xDDؤ\xE4rc]\x94\x9C\x9B\xEC\xBC\xDA4\xF1%\xAB\xDD\xCE\xE7EȧC�t \xAC\x93G\xE8\xE6A�\xD0ʎ\xE86\xD8\xD0Cd\xD3B9�\xE9\xCC\xCCr�م\xC7%f֑B\xABWX\xC95\xB1\xD2\xEA\xFBJ\xAB\xE1J\xEB\xFB\xA2\xEB(Ńݮ\xAFyFM\x95\xDF\xCA\xFC\xB4+WŬkf�\xA5t0B4JbP\xE7\xB9L\xE4C\xEC_T�\xFA\xA0�\x81"t\xF8�^\xED|x\xB5\xBB#\x8A{\x8E,ל\xA7��Q�(\xDA`[\x97];\xC6\xEC\xF1]��uz\x97\x8B\xD1}\x8F\xD2c�\xBD\xCA7%\xBD\x9E%Tj:�\x9C\x8E\xEA\xB7�W�BQ\x96\xD2��\xD3`\xE8\xCD!M,\xA8{uբ�\xB0)\x93 \x86\x80\xAAԉEh\xDEi\xD9\xDCS\xA7j��\xBC\xA1\x9C\x85\x8A\x96\xB4/\xA3\xBA)F\x88�q\xEC\xB6�2 3
-$\xC4:\xF4\xB2\xD9V=Ì¡\xDCxQ\xB6s~x
-Y\x85Qrx \xA5\xB7\xE0^$\xF6\xDE(\xB1\xC0\xD8\xEE\xEA�]�e\xB1?
-V\xFF\xB7\x9B\xF8��\x9F*\xA9\xAEGo\xB3;��\xFFk\xEA"&\x9CRWţXB)�?\x97X\xD0\xF7D8m\x9E\xF7z\x99Aj �\xF3\x95\xEF@�W\x8D\xC2}�\x86L˯qB\xB4"y\xF4:�/5s�\xA0\xD4G\xAC\xB9\xD2
-�3\xE3&�d\x82)\xE0G\xE0w\xE05-X\x92\xC87;\xAD\xF2P$\x82\xC8l\xA4k\x86Im\xA3F�Z\xAA\xB9�]ܡ.\xEEr\xAE\xCE8�5\x96\x82 ‚\x80\xE2\xF3\x94\xD9+V\xE2�
-4\x8A\x9Bw$k;*\xC5B\xEE\_\xEF\x81\xEEP\xAB�݌\xD6\xCD\xF5\xFA�ݺ\x99\x81\x95]Ά\xC7q�\xCC\xFC\xE5\x87\xD7\xEFޞ]\\xC6Z\x84�\xD5\xE9\xF05\xEC\x80R\xDF\xD2iW$j�\xCD\xF6\xE9_2\xAC\xF2\xCF\xE5j\xCB\xD0h\xEA\x86�6v��\xB9\xE4\x98\C�\xC4P�
-\xB9i\x87\x8A\x8AY\xD2�\xC7~\x9C#S\xA1\xBDד\x918|\x9F\x84YH\x8E\xB5\xF6i0\xDF\xDAg\xFE\xD0�\x90\xE4ä‹\xE2s\xEE4\xFC\xE4��d\xD2T�\x96h#-H4\xA4K\xE0\x93p/\xA4:(\xF6#z at F\xE2R\x9DD\xB0\xD1\xD9\xFF���>\xCEendstream
-endobj
-2000 0 obj <<
-/Type /Page
-/Contents 2001 0 R
-/Resources 1999 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1969 0 R
->> endobj
-2002 0 obj <<
-/D [2000 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2003 0 obj <<
-/D [2000 0 R /XYZ 85.0394 660.0058 null]
->> endobj
-2004 0 obj <<
-/D [2000 0 R /XYZ 85.0394 648.0507 null]
->> endobj
-634 0 obj <<
-/D [2000 0 R /XYZ 85.0394 560.3373 null]
->> endobj
-2005 0 obj <<
-/D [2000 0 R /XYZ 85.0394 535.9977 null]
->> endobj
-2006 0 obj <<
-/D [2000 0 R /XYZ 85.0394 336.1431 null]
->> endobj
-2007 0 obj <<
-/D [2000 0 R /XYZ 85.0394 324.188 null]
->> endobj
-638 0 obj <<
-/D [2000 0 R /XYZ 85.0394 188.6539 null]
->> endobj
-2008 0 obj <<
-/D [2000 0 R /XYZ 85.0394 161.3494 null]
->> endobj
-2009 0 obj <<
-/D [2000 0 R /XYZ 85.0394 119.8769 null]
->> endobj
-2010 0 obj <<
-/D [2000 0 R /XYZ 85.0394 107.9217 null]
->> endobj
-1999 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2013 0 obj <<
-/Length 2796
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZ\xDDo\xDC6�\xF7_\xB1�\xF7 �Y\x86�\xA2(�\x87C\xD3\xC4\xEE\xB9\xC8\xD99g\x8B�M\xF3 \xEFj\xBD�\xB4\xD2f\xA5\x8D\xE3\xFE\xF57\xC3!\xB5\x92,\xDB\xE9%\xC0�
-T\xE3\xE1pH�\xE7\xE37܈�\x87\xFF\xC4L',\xB1\xD2Ό\x8D\x99\xE6Bϖ\xDB�>\xBB\x85\xB1\x9FO\x84\x97\x99�\xA1y_\xEA\xA7\xC5\xC9\xCBsef\x96\xD9D&\xB3ź\xA7+e<M\xC5l\xB1\xFA�%L\xB1S\xD0\xC0\xA3߯.\xCFN\xE7R\xF3\xE8\xFC\xE2-PB\xC5ZF\xAF\xFF\xF9\xEA\xDD\xE2\xEC\x9A��/\xFA\xD3\xC5\xE5�\xE2X\xFA\xBC\xBE\xBA<\xBF\xF8\xF9\xD7\xEBW\xA7&\x8E��W\x97ľ>;?\xBB>\xBB|}v\xFAq\xF1\xCB\xC9٢\xDBr\xFFX\x82+\xDC陸��\xF9l�\xA7\xFB\xE5\x843eS=\xBB\x83?8�\xD6\xCA\xD9\xF6$֊\xE9X\xA9\xC0)Oޟ\xFC\xBBS\xD8�uS\xA7\xCC�K\xC5�\xA9��\x8C\xB3X\x88\xC7W\xA5�8\xAC\xEAI\x98iq\x9F\xC3E\xE7)�Cp4|�3n\xF9\xD1\xF0R\xF6�o%\xB3\xA9\x99�mY\xA2\xA4rv\xFF\xDBb\xF1\xF6�\xB6\x94\xAAh\xB1\xC9O\xE7J\xA6\x9E\xA7\xA4\x89V\xC5\xFET\xA4Q\xBEl\x8B\xCF~0k\xE9ے\xB4\x89\xDAzG\x9Cz\xED�Aϟu\xE5\xA9?8\x97\xA5\x97\xFF\x83k~\x93\xAFk\xD2<R\xF6\xFE\xEA�\x8C�\xE2\xDE¢\x8D_�on\x96hf\xB5\x96\xB3\xB9�D\xE0 V\xF9:;\x94-ݴ\xDB9�\xA8\xDF�\xF9\xE7|\xEF\xDD\xC0\xBB\xCF]\xD1nꃟ\x91ѧ\xD9\xE5\xCB�\xB7\xB9�)j\xF2\x96\x8D\xDD&6`Ta\xC1\x94={\xDB�*\xAB\x98\x82h\x98̓\xC0w\xF4
- \x82)\x97O{\x85\xD2\xCCHa\x9DM\x83\xA5\xC0
-p�\xD2��\x9De\xCB
-\x90R\xD3 |\x97YE\xC4&C\xE7@*\xA3���\xFFn\xE8\xEB\xEE�\x89&_\xD6ÕŠh\xB4v^\xFA?\x8Aj$y}\xFD�\x89$\xBA\xDB�a廢,\xFD\xDAu\xD5:�\xAA\xCB)Ï \x9C\xB2\xA9\xEF\xE8�e]\xDD�U\x83\xFE}\xB8\xD8=\xB8FC\xD0Y�\xB1t; \xB2
-D\xF1\x94�\xF4l\xFB\xBD<\xE0\x98;\x9EKF8\xC7p3JF\xFFݬ\xB0�a�K
-\xA4�\xB8w\xC6\xCD0\x89=HfҤ,N�X��)hU\x8FxYȴ\x89\x89\x991<v�\xF4
-\xAFSYA\xA9\xC3J4y\x93�\x8B\�\x99\xAB\xFCTD>ÆPM�\x87\xAAh\xBD�\xCD�Þ½\x9A�\x98\xD10�Õ‡\xDB\xCDHX\xD0]\xE3\xAC�\xBFT\xFEeW�Ë¢-\xEF\x89\xDF\xE5\x82|\xE54%\x94Mp(\xFF\x92mwe\xFE�\xFD\xE1\xE5y,z'\xE4C\xE7��Å·$60\x84\xB4,M\x8D�q\x94b^�\xCC�R\xDA�\x8C\xEAe\xE6�\x93Bp\xD3U\xC8�\xCA!\xE7<\xBA\xA8\xD0u\xBD{\xFE+\xDB\xED\x8A\xE0\xE0\x85\xF7\xE3\x8Bw\x9F\xE3\x89\xD5a\x932f6�t�×¹×£,\x8F\xAAl\x8BTj#J\xCDM]�Ú¢\xAEh�\xD3v\xBBq\xD9�$
-\xB21\xC4\xEB>\xAB\x9A2\xF3r0\xB2\xA6\xB0\xDCҬ\x8Bw\xC4\xCDV+\xAF\xB4\xA1�w\x890\x80\x8B\xFA\x8C�ܢ\xF1\xE2\xCBM�[[�\xF7枸\xDB�\xD6"�]8Ũ;\xA5\xB2\x8F_EQ\xCD\xDD\xFA\x80 X\xB6\xDFe�v\x81\xB2-\xAC\x96\xFEVV\xF56+\xDCyL\x94a\xBARi�\xBD[\�\xE1K"�\xB0U�X�\x92 at t� \xA9p\xE5
-&\xD1\xE4\xC4\xD75\xC7�m\xC1
-�\xD6\xE9\xEA!�l\xB3U>\xD4T\xE6Y\xD3\xCE\xDBz\xBE\xAD\x9BÖ¥\xBCy\xD8\xF3\xA0�6\xC5mEu,\xAB\xB0Â¥��\xB4\xD1Ü\x8EI�\\x9E�\xCBV$Q\xE6k'\xABܵ g_\xDCn \xEB\xCDcn �\xE0\xB5 \x97\xBE\xCAgFT\xBD\xDB\xD5M\xD1\xE6\xC4>.\xE4�\x83./\xAD\xA2\xBB\xEC\x9E8\xE8�\xF8\xEDyE\xEEUwf\xC0\xF1Cs\xC8\xCA\xF2\xDE\xCF\xDE�\xEDÜ\x9C�\x8F\xDC\xE6�s��vz@\xBFT\x9C\xCA:\xBA�z�\xA2�i\xA9\xEE�\xDBe{\xEF\x9Er\xEC\x9E\xD2\xFB���H\x91L2\xE5�\xD4�W\xAF`\xC0\xD7<Û�\xFE\xE0U\xEC �Q<\xA2G?\xB8xé½¾[hp$\xF2X�k
-@\xA4l<��\xAA\x94�W\xA2Ó I\x9B\xA8\xD9\xF8\xDD�\xD7\xEF�\xB8�1\x9C\xF3\xE2\xDF!\xB4�\x8EX\xE64<ti\x92\xBC\xDBÔ�^emF\xCCc\xCD�6\xED\xC1\x84B\xD9ߌ\xB3\x9FNC|\x8E\xAF\xACw-\xCE?\xC91�G\x8F\xC2T\xE2n]�A\�m!\xF9�\xBB\xD2O\xA0\xC3 1\x8ADb�k\xFAÒ®\x80p\x8BA \xEBm2/\xB9\xED0(É“W\xC0�\x82$\x9E�]K%ѹÓ\xFD
-\xE06�\xE19\xE5\x91�9|\xF0\xD2lYo?�\x8Bb\xFE\x871\xA0�`M�\xCDR\xA8\x94\xFF\xAB\xEA\xDF;\xC9\xD7#\x9A0\xE31 \xAA9B\x9E\xB8C�\x83\xBA\xE9\xF1\xA7\xE6�zF\x9EPWru}\xF1\xF3�toZ(�
-c\xA1K\xE1\x93x\xAC\xB7Էm\xFE�Ǿ\xBF=b\x8B�\xA0\xFB)\x83\xC4VC+\xA9\xA9PC�J
-\x98�m\x92 at zs!\x80ĺ\xAEY\xCF\xC9��\xAA\xFD5\xBF\x97e\xFE_\x80\xAA\x82>\xDA(\xF34P\x95\x82�\xCBQZB\xD7�\xC7_\xD5\xEC�\xB8��w\xF0X\xAC\xA4
-\xA25\xFD+-|\x9812j\xF7v\xA2\xA0\xA5Ly,\xFA0\xBA\x87
-�(FF$\xB3�\xF2D�\x8B\xD4y\xC7e�\xD1\xE8�\xE6\x82 �\x8CV2\xF6\x88\xE6
-\xBC�05\xFC_F�^A@'7\xD2\xCC at 1\\xACq.2\xFB4�\x8C\xC7\xD6*�\xEA\xD1\xEE\xACG�8\xC6Ë‹\xAD\x9C\xBD\xA9\xE1D\xB3Þ¡\x82\xE2y_\xB3;T2\xE8 at S\xE8<
-\xACo9㩦�\xB0�\xC8.Q}\xF4��\xD1"\x9C*\xA4 \x92\xEB\xABD#jH&$WB\xAD\xF1\xC0\xB1\xA8\x8E\xC0\xD1�\xF9)\x84��\x90�\xC9\xF6~h\x8DC\x84\xFCy\xB4\xDBקBG\x9F�\xAA\xED\xC8\xC2&\x94\xA6\xB7=P\xFB\xA8r�ڰQ\xE5#\xCCVW\xAE\xF3� \xB2\xA54D\xA1
-@\x95\x9E\xBF\xAA\xE9[Õ'\xF2%`� Ks\xD8S�\xA6C#\x90#OA\xE5t��a/8\xB8l�M�}h\xB2\xDB�\x8F\x83\xD5-\xE6\xCE\xD8\xC7\xD5\xC8 @�7vh \x8CO �覱ԙ\x94\xD0�|� ?ˬ
-\\xD71�\xE5Y=\x9B\xF8�
-}\xF79\xF6�\x9FO\xA1\xAB�\xE9\xEC\xE6\x96E\xD3bW\x80t\xED�[T�\xB3^b�\xE0\xACtÖ\xA6o�PL�\xDA&\xF6\xAFd\xBD\xA7\xD3\xC70\xE6c�\x8E\xDF\xC5\xFC\xA0��r\x8A\xC3aR{l�\xB5o�\xAF\x8E\xAF�\xBF�x\xC1\xD7Ó¢\xF4Ô›bO/x\xCD#�!\xE8\xE7\xCAva��5\x85\xAE�L\xBD'Ú«�\xE0
-0h\xEBn�\xB8w�G\xA5x\xE5E[�\xA0\x8E
- \xA2\xC4\xCAݓ�\xA5\xA9\xD7築!\xB8\xD2D\xB9\xDE
- \x82d \xD4�n\x9A\xFC\xD3!\xAFÚ \xED&\xCF+\xA2\xF2/\x80\xF4W\xF9\x8AQ\xE7\xF9\xDB�w5\xE1\x93�\xFA\xEA\x8E0\xB0Fw�\xF7\xB2\xD3\xE4\xE5\xDA\xD3\xE1)\xA8Ìš&4Ó«|\x87kV\xE1\xB1н?�\xF1�y\xF6z\xEF\xEC\xA9å·‡\xC6+\xBB\xF1\x9Cz=zoj<\x8C\xF6{a\xDD!-\xE3I\xAC\xDD!\xA7\x95\xBF\xE9\xBF\xD7v\xBBZ\x96\x87U\xDE=4�\xAF^(pu\x93\x88\xA9l*\xC7\xD9T
-\xED\xE5^L\xA8\x8A�\xB2���]\\xBE~\xFB뛳\xA9>�\x82\xC8È£&\xB2W\xB5\x9AP)c\xA6\xA0��:�\x8B\xB7d�pW(m\x96#�I \x99\xAA^<0\xE1#b�l\xF9#}\xF0\xF5"k\xE7\xD8�\xBB׆g\xE3à·s;%)\xF5�\xA5\xE8~U\xE8,\x80(\xB3\x9B\xBC\xA41\\xC0\xB5�J\xF6\xDE4hĵLxV�\xDE7\x81\x9D5\xBB|O�\xA0\�D\xDC���\xB7Í£\xDA�\x83.�5\xF7Û›Ú¯H7\xBD\xF3
-�\xB8h3\xDA\xDD\xF2\xE0;R\xE7\xBD
-\xFB\xF3.Y\x8E;\x96W\xED\xD8�\xDBl\xDF>\xE2\x9Fv9\x86\xDE\xF5_\x84`��R\xF76#�N�\xD9Lr�\x9C\xEE\xEF�/i\x86\x99\xB8\xBBx\xB7\xD8(\xBD\xCB�nZ�\xF8�\x80+R\xAE\xBE
-\xCB!\xAA�\xD0:\x9D\x8A;\x8D\xF3\xBEʇ\xD8\\xC6)�1 \x8BN�\xF7\xE8\xFAÞ‡G\xA5\x87\xDE V\xFE1\xE1t Ò¤\xB2A�/{]\x97e}\xE7<N\xD3Ë—3\xE5>+\xCA\xEE\x8DoU\xB7\xE8�l"h\xF0q�\x82\xC3\xE8\xA9\xE0\x90\xE3\xE0\xE8Ú¬A\x95x>8\xDE\xDFWm\xF6凉\xF5�\xAC.�=\x95Qt�\xC7ņ)!\x87\xEFm\xF3\xA3��\x8B')\x93 u\xBD\xEC\x87 mÐ���\x85.h\x8B.?\x91\xC6\xE0\xCAb��}\x9C2\x9F\xB0\xE0\x9DJ\xA9a\xB2}"3\xC29d�|\xB5\xC9]�j�bEtO|R\xCB\xEEyD�X�\x94\xFFI�(*�Ò8,s^\xB2\xA6oV\xDD�q\xA8>�\x8C\xF3\xCF\xD34\xE3ფ�*d0\xD4H3C\xD8
-�\xA1…\xEF><'\x86\xA3�\xF2B\xEF\x9DP\xFB�i\xB4Kb\xDD\xCB \xB2�\xFA\xD2o(ITl\xE9=}\xAA\xE4��w�\xAB)��\xC4�\xEE&Q򛲄\x8E!\xA6\xA1{4\x86I,sߜ$\x82\xC2yO\xE3D\x8E\xD0�r�\x8C�\xA9gS\x84�\xA5\x88�\xC7LG?��J*3\xF8c\xEEt
-\xD1>\x85\xE8A
-\xD1\xC7��\xDDp��\x82�\x94\x8C\x89\xCB3�\xF0\x82\x91\xCF\xE2\x85y̱\xA5�\xE9\xE8�\xDE�\x86\xBE\x87s\xEF\xE1\xBD\xF2r��\xDE\xFF)f\x88\xB1\xBA\xE22\xDCaj\xC1�\x89z�\xD1�\xF2�=:\xDF�\xB6�\xD0+\xD6\xD35\xCD5`\xEE�7\xEE瑜=\xF6O
- �\xE2\xBF�\x98\xF8� |\xF6\xEC\x8B\xD2\xD7\xFEs\x83c�\x81�J\xD3G~|\x93�\xBAN�\xB4ߔ\xFB}\x8A\xA7�\xB6\xEE\xCA�\xF4\xD1�\xF7\xFE���"\xF8endstream
-endobj
-2012 0 obj <<
-/Type /Page
-/Contents 2013 0 R
-/Resources 2011 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2021 0 R
->> endobj
-2014 0 obj <<
-/D [2012 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-642 0 obj <<
-/D [2012 0 R /XYZ 56.6929 647.5054 null]
->> endobj
-2015 0 obj <<
-/D [2012 0 R /XYZ 56.6929 617.516 null]
->> endobj
-2016 0 obj <<
-/D [2012 0 R /XYZ 56.6929 528.2228 null]
->> endobj
-2017 0 obj <<
-/D [2012 0 R /XYZ 56.6929 516.2676 null]
->> endobj
-646 0 obj <<
-/D [2012 0 R /XYZ 56.6929 321.585 null]
->> endobj
-2018 0 obj <<
-/D [2012 0 R /XYZ 56.6929 297.1352 null]
->> endobj
-650 0 obj <<
-/D [2012 0 R /XYZ 56.6929 227.8928 null]
->> endobj
-2019 0 obj <<
-/D [2012 0 R /XYZ 56.6929 200.1731 null]
->> endobj
-654 0 obj <<
-/D [2012 0 R /XYZ 56.6929 151.1547 null]
->> endobj
-2020 0 obj <<
-/D [2012 0 R /XYZ 56.6929 126.2246 null]
->> endobj
-2011 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F39 1161 0 R /F62 1361 0 R /F63 1364 0 R /F11 1451 0 R /F53 1313 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2024 0 obj <<
-/Length 2015
-/Filter /FlateDecode
->>
-stream
-xÚµ�]s\xE26\xF0\x9D_\xC1C�\xCCL\xADÓ·\xED>\x95&\xE4J'!WB{\x9D^\xEF\xC1��<�8\x87\xCD\xE5\xF2\xEF\xBB\xD2J`�\xDF5\x99k\x87�\xB4^\xADV\xBB\xAB\xFD\x92X\x9FÂ\xF5SE\xA8\xC8d?\xC9$Q\x94\xA9\xFE|Ó£\xFD{\x98{\xDBc\x9E&�Dq\x93\xEA\xE7Y\xEFÍ¥H\xFA�\xC94\xD7\xFDÙ²\xC1+%4MY\xB6\xF8�\x9D\xFF2|7�M�1W4\xD2d�+M\xA3\x9FÇ“�\xC4d8\x9C\xDFL.\xC7o\x9F��\x89\x8Cf\xE3\x9B \xA2\xA7\xA3\xCB\xD1t49�
-b&\xA4\xE2\xC0 at x�\xDDLFHt9\xBE�
->\xCE~\xED\x8Df�\x91\x9Bj1*\xAC\xBC\x9Fz�>\xD2\xFE�\xB4\xFB\xB5G\x89\xC8R\xD5\x84�JX\x96\xF1\xFE\xA6'\x95 J
-�0\xEB\xDEm\xEF\xB7�\xC3Ƭ[\xDAe&%R\xA2R\x9Et\xD8I\xB2.;É„\xE8$A;\x9D\xDDL\xC7oÇ \xB7\xA642_\xF2\xCD\xC3Úy\xB9!V5\xE0�3F2\xA5\xB8#~\xFF\xFE\xFD ��(\xCF'\xC3kk\x9D�\xE0\xEB\xE1x�ߎ\xA6\x80\xB9aÑ›K\xCE�\xBB��AI"\xA8v,\x8A
-\xADg>\xED\x8B\xCF\xF9\xDAlk\xFC\xAEK\Û’\xF8\xB06 Û“ÑŸ\xC3\xEBwW#r~sMPh/\x8AnK\xD2&D\xB1\x9E\xB1�3\xA4��\x8E\xB5=`E�hd\xB5\x9B\xAD�Ju6\x9E\x9C_\xFD~\xE1O\xFC\xA2Ø™y]|6\xDDjrM�\x9C\x80\xE3w\xFB\xB4\xAD\xF3/?vl,�QLKX\xE0\xCC�6p\x84J4���\x97�\xDC�.�\xB0U\xBE\xE9\xDAZ\x81o0&<\xE1\x87�V���\xE5 \xCA]q_l;\xF8\x80d\xA9V\x81\xEC#\xEA\xDC\xC5.#\x8C\xAB\xC4Ó\xAFl\xEC)\x9Eò“Œ¤R\xB0�?\xEBP1�\x8CPi\x9D\x95\xA5$I`;;95\xF9�\xF6�i\x94o�\x90D�\xBB�K\xA3rn\xAA
-gjw( \xFCM)_\x9B�wa\xE0\xABJ\xCA\xF4E&ci�T\xC8\xFD�\xC5�\xB7.j\xFC~4N�\xBFm\xB1\x9D\xAF\xF7�\xE3\xC5+\xB6à±r\xB9\xE9\xBC�\x93\x85g\xFEP\xC2�b\xC3GG\xE3e\x87cp& }q\xF1\xAF\xC7D\xC1\x80"\xF3d\x81}\xF5`æ…• �t\x86\x96T\x92TeI;\x82\xEB\xE0\xD9�a��1\xD90\xB9S�P\x8FE\xBD\xEA\x90\xD5Z\x9A
-�\x9C3$\x91��H\xC0\xF5�t\x959F;\x8E\xAB\xDCc �\xEC\xCD��\x97 \xE5L \xF2\xC0|\xBF\xC3�9\xB8[K\xA6�N?\x91\xAF\x95)(\xBF�\x9D1\xE9\xC5"I��4m\xFB(&�\x99\x86\x93q0\xBA\xAB�^ \xB3\x96\x90nfQn\xF2@\xEE\xDC\xD1AH\xF3\xD9\xEC<\x95\xB3È‘O\x8A�\xA9\x90' \x9F�\xBB\xCA\xFD~�\xBB\xA2Ü.\xED\xC87\x9AY�:\xF3M;& \xDFH�\xFC\xAA\xDC\xCEM\x8B-x�\xD3$\x85�\xD5\xF6\xA8\xA6#\xADro\xCC;c\xB6�\xA1\x9E9\x9A\xB6\xABT*\xAA\x89\xA6\xFCE\xA5\x92q\x92eJv\x97J\xC8\xC0\x99 \x9C\xEB\xEC\xEB\xBCp��^��+Ú¬\x8E\x9D\x87\x84\xA0�\x89b\x87\x8A
-&;h�\x99�\xAA�\x83\x8ECf\x96\x8Ca\x99j\xFA\x9CÒ\xA1\xACsR\xA2��Y\xFF�\xCA�\x8Bf\xF0Ï£\x93��xJ�\xA2I\xA9\x88L\xA9\xB4[\xF7?\xF5m\xDA\xCC2\x81D
-\xD8\xE9z\xB4\x81C\xBC�ox\xFF\xA2�\x8D\xFA
-\xA5�\xE3\xB8\xC9\xD9)\xA5\x9B~\xC0xB\xA8\x8D#\xA93\xCC .C_\x9E�\xA0bf�\xB45
-\xA0\x946RN\x85S�\xCD��\xA4\xB1\xD1\xE0"\xC1b\xAD\xC32�a\xF4XD\xB5*\xF7\xEB�R\xDE�\xC4\xEDLU\x97;\xE3\xB1\xF9\xB2\x86$\xEC&r\x9F�u\xAB\xB2 N\xB4:�=\xD4�\xC3a\xA2\xE5\xAC
-\xDFo\xE9,\xA4-\xA1\xA1TA���Ew��i\xC1\xCA.\xB5\xAB �iÓ…�\xAB�{��\x97[\xA4y\�\x9B\xB9�\x89& \xE0h�\xF8�\xC9\xC0\x92c2pÌ‚� \xCE\xD7U\xE9\xF7\xF7q�\x84ki�\xCCd\x9B \xA1|g�\x9Ej;[�ͬ\x9F\xAF�y�)�\xA1r\x89#\x88\xB7\xF1kg\xAEFY\xE4�\xC5p+L at m\xAB�\xCFmo�\xC8;\xF7\xE49��3�\x90\xC0\x8B<n\xF7\x8C\xD8`Ö…5�O\xD2h\xB9+7�9g\xB2\x80u\xA6��\xCC=\x91\xE5e\xF2z\xBF3�\xD8\xD3O\xBAT�\xA3\xD5\xE3$\x93\xC8�\xFAY�nვ\xFC\xDBL\xA32\xC0\xC7Ǿ\xFB\xFB\xB2S3\xA5 ]\xA2\x93cJ\xE9j\xD2A��|\x8D\xE6T\x9E4\xA7\xB3\xD9\xD5\xFFטZæ§�\xB0Je�\xC2ma\x96\xF9~]\xC7u\xBD\xEE\xD8Y\xA7\x84K\xC9^Ú—\xBE\xB2\x91\x84\x85P\xD7\xE0\x8E\xD5*Ò·\xAE\xC3\xC8B\xD3 \x80\x97�?f��!\xBC1\xE1+\xE3Q\x89𕵞\x83\xFE\xA6\x8A\x82\xF200D,\x9D\xF7�P\xED\xEF*\xB8\xB7`e\xCFBm\x9B\x97n\T\x88t�\x93\x83\xF6Û…\xB1\xE9q\xEB\x9A)\xBB\xDF쪂\x98\x93\xE0\xE1Ø\xF3uј\xB1�\x8B\xF2C\xCB h�\xACA\x99\x8E\xEB\xD8.\xDF\xDE{_\xA01g2\x91\xA9\xD02AL�\x82m�\xD5W\xEE>M\x9B�\x8F\xBAeu<j\xF6\xACMj\xAAd[G_\xE61\xA2�\xB0}\xD3q\xCFF\xA9\x8C�?\xC8�$㾬X\xD7\xD6Þ±\x8F\xB7\xF3\xEB\xBCri\xDF]\xB3\x8B\xD0]\x8C\xBE\xD4f[A:\xF9�\xF2�k\xF4\x85goG\x93�\xDC\xE1\xC1\xA4\xB3\xFF\xFE\xAAvh\x9DZ\xBB\x9C:\xB3\x86\xF6\x9D\x8A�?\x8D\xB3Y\xAF\xAA\xAEv\x8B\x93\x94\xF2\x97�Gw\x841\xB0\xA4\xE0\xE9kol\xEB\xBCê’ˆC\xB9O\x93\xAC�fϯ\xA4 r�d\xAE\x9F�\xBC\x82\xBBN�%\x9C7\xC4\xFF\xFF�\xFE\xCF�
-.U�d\xFE\xEC\x99_\x9F�X;?q\x92(-\x9A�Ε\xBB� \xE4\xFAj\xAE\xA3\xB9\xEFak\x83\xF8�\x87\xCA\xEC
-\xE3�\xB9@\x85�)\xABr\xEF \xD7A�\x83\xD3<a\xB9\xE3\xD5\xC7.Þ®\x9F�Z\xC0
-�H\x96\xCE\xF7\xE1{\x89�\xB2
-\xB21\xF9|\xE5W`\x9Ba\xC1;\xBF4\xDF\xE2X@\xE0\xE4P\xF9\xED\x83VW\xEC\xC7A\xEBV&\xF9WSI\xC2\xF4\xA1?\x9A\xDB̈́\xD6\xD8$\xE8\xC4\xDB\xCCb\xAC\xCD\xEChrh\x90\x9E�\xBE7[+\x93\xA7uQk\xD1p�\xAC�r= L\x9D\xD8\xC9N"\xF2Ӿ@\xA0\xB5O�)\xF9ᡴw(\xC7q\x87\xC0�.\x9B\x8B\xE1\x96U\xF9^*(\xD2jQ�fm\xEEsۨ�\x92\5\xDF�w\xDFHr,\xF1I\xE8\xDC�\xD3��)`�\xFA\xCF\xE1\xC5Ŕ�\xA7\xEF\xAC1\x87\x81_؀t\xBFr\xB5ܶ\xF9"�w}\xE8&8i\xF0�v>\xCD\xF9�\x9C\xF9\x970�s�~\xC2ar\x8B#>\x8E\x9D�^\xC7^\xC4
-n��\x9E\x9D\xBC\xB8\x9D�Úa\x9B�\xBD\xF6ͯ\xB9\xD6�\xA0\xCB��Z\xB1oj\xF5
-F\xFC+\x8C\xD0[Ø·�5L\x83t/<>\xFEB\xA6\xFC5L \xF9\xEA\xAD�J\x9B}U\xEExN\xA6\x87\xA2\xFDÝ×\x9E7!"My\xF3�\xDD|Ђ�\x8E\x80\xCE\xC0�\xE5\x8CL\xB3\xE7\xA2�\x9E\xB9Oe\xFF�\xB0\x9E\xD61endstream
-endobj
-2023 0 obj <<
-/Type /Page
-/Contents 2024 0 R
-/Resources 2022 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2021 0 R
->> endobj
-2025 0 obj <<
-/D [2023 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-658 0 obj <<
-/D [2023 0 R /XYZ 85.0394 645.1438 null]
->> endobj
-2026 0 obj <<
-/D [2023 0 R /XYZ 85.0394 617.8288 null]
->> endobj
-662 0 obj <<
-/D [2023 0 R /XYZ 85.0394 390.8337 null]
->> endobj
-2027 0 obj <<
-/D [2023 0 R /XYZ 85.0394 367.3195 null]
->> endobj
-666 0 obj <<
-/D [2023 0 R /XYZ 85.0394 281.8762 null]
->> endobj
-2028 0 obj <<
-/D [2023 0 R /XYZ 85.0394 253.4771 null]
->> endobj
-2022 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F53 1313 0 R /F62 1361 0 R /F63 1364 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2031 0 obj <<
-/Length 2817
-/Filter /FlateDecode
->>
-stream
-x\xDA\xE5ZÝ\xDB6�ß¿\xC2(�\x9C�X\xB3\xFC\x90D\xF1\xDE\xDC\xD4I\xB7H6\xBD\x8D�(.̓lѶp\xB2\xE4Zr\xB6\x9B\xBF\xBEC�)K^\xDA\xD9kr\xB8\x87\x83�D\xF1c8\x9C/\xFEfd6\xA2\xF0c\xA38!\x89\xE2j$UDb\xCA\xE2\xD1r{EGk�{}\xC5Üœ\x89\x9F4\xE9\xCF\xFAa~\xF5\xFD+!G\x8A\xA8\x84'\xA3\xF9\xAAG+%4M\xD9h\x9E�'D\x90k\xA0@\xC7\xFFzw7\xBB\x9E\xF0\x98\x8E_ݾ\x81��Q\xCC\xC7/\x9A\xFE2\x9F\xDD\xE3@\xE2\xA6\xFEp{\xF7#\xF6(|\xBC|w\xF7\xEA\xF6\xF5?\xEF\xA7\xD72�\xCFo\xDF\xDDa\xF7\xFD\xEC\xD5\xEC~v\xF7rv\xFDq\xFE\xF3\xD5lÞ±\xDC?�\xA3\xC2\xF0\xFB\xFBÕ‡\x8Ft\x94\xC3\xE9~\xBE\xA2D\xA84�=\xC0�%L)>\xDA^E\xB1 q$\x84\xEF)\xAF\xDE_\xFD\xA3#\xD8�\xB5K\x83bb\x94p\x91\xF0\x80\x9C"�\x92S\xACH"\xB8\xB0rb\�J\xCCÞœ\xDC\xDEM\xA6?\xFExO\xA6\xF7\xBFLA" ��\xDCM\xDFΰ\xE9g\x86\xE6\x82�\xBE\xC5yo3:\x9ApE\xD24\xB5\xBB\xBCÖ•\xDEg\xAD�\xF1\xC9x\x9C\xE1\xA3Ñi$\xE3z\x85�S7\\xE5\xD8x\xFB+>\xF7\xD7,�\xEBem\x9Fy�\xAC\x894�\xDFÕž^\xBB\xD1~\xC1\xDF�$ S\xC7\xC5z\xE36\xD8t$\x9B"ws\x8Bf\xC0\xCC\xEF� \x97\xE3\xF4\xA6\xDD�\xD5\xDAn�\x8F瞸\x9D\xE1\xC8?�ei�m\x8E\xC9�Qq\x8CV\xB7\xD0h \x86\xC2ng\xE9\xC1\xDB\xC3FW\xD8BN\xA1\xB1w\xCCA\xD31gV!sв\xCC\xC1sg\x8F\/u\xD3\xE8܉y\xA0S/f\xA9\xEC\xFE/\xDE\xDDß¾\xBE\xBDC\x85\xCD~\x9D\xBE\xFD\xE5ÍŒ��\xE58\xF1\xF5\xECnv?\x9D{\xDDN@\xBB\xD8\xFC\xE9\xDD\xFB\xF9\xE4�\xB6\xA7n\x94p\xF0\xA6�\x9D\x8EQ\xA4y~G\xF1I\xBE�[�\x93D .-e/�\xFD\xFB\xA1\xF8\x94\x95\xBAr\xE2j\xEB\xB0�p-\x9A\x9BÝ›\x91N �\x96\xE2i�\xEF\x8E\xC3B\xFA�/\xF4\xEC{\xEEC\x82\xB0+\xF9\xE5-\xF9\xF3�^޲Ǭ\xB8\xBC\xA58\xBB\xA5\xF8+\xA7$\xE4<'&>�I&O��\x96q\x8E\x99\xA7kC\xDC\xF4#m
-\xC1\x8CQ5\x8AiJ\x98�Z\xCF�\xB5B "\xA9< \xB5m\x95\xE7�N#b\x92&q|\x9E�\G\x81\x96k\xFA�CR�\xA6I$A`T\xC9.\x8E\xF3\xBE\xB1C\xF4U\xA9�E
-�\x9F&\x89\x95\xE2>\xAB\xD6:\xE0T2BIS;k\xBE\xB1^\x95\xA4\xE3eVa\xC3F,x֕mH�\xC6\xD0\xD1>\xD4\xD8X\xD5\xFBm\xF3w�\x86\x91\x89\x8Cپ\x9D4m\xBDs\xAB\xF6\xF8<\xF6ߴzgBg"Ʒ\x9E\xD4\xC6m\xF2�\xA5|ߴ!�2\xBB\xC0$\xA5\xD0\xF1\xE1y\x80\x90w�\x84�3��\xBB\xCAl\xA4w\xC3ix\x8B@\xA3\xAD\xF1\xC9`\xF7(N\xC6S�ѶÞ\xC8\xCC4L:\x8A\xEE�@�\xA3\xAF�\x{1A4DC7}\xC6\xD1\\xE8\x90\xC9\xEE\xEA\xA6h\x8BO\xFA\x89QF�$\xCF at o}�~\x9DM�\xEB�\x80j \xCES\x88 ��\xFD\xF3ivK\xCE��O�\xA1\x92\xA9ˆ\x96�\xA2"\x86g/7\xCD3\xCDL0:\xCEu\xB3\xDC��\xDDtz\xC4\xFE\xFA�\xF0 \xF6U\xD9\xD6w\xAENf\xE1\xBD\xDF\xD4�\xDBXj�>A�8\xD5(\xDF<�n\xD2�g�\xE4ȃ\x81lZ=\x9A\x89�ܹպ\xF4\x9E3 at K\x8CD2Jܑ^��
-\x81\xC7(�'\xFCFc\x9A\xD7e\x99\xED=\xDDu�}̽=n�u\xD9\xE0\xCBC\xD1n\x8A
-\xDB\xE6\xACO\xF7f�\xC0W\xD9\xC93,s\x96\x98\xE3\xC4n�b�$\x9A\xE1\xE1\xF1�ۻ2[��1\x92\x98p�zep�\xA1ˣ\x816\xDEY\xA5��\xAD\x81l\xD6á�\xAE\xE0\x836~\xAD\xC4x~\xAD\xF8\xB8\xC6\xFE5\x82\xB8�q\x94�A\xD97s\xBE�\xB5\xFA\xD0\xEE�\xC6\xFB8`\xAA\xC7\xFA\x80ÕF\xCC%\xD1{\xA5Q\xF72\xDB\xE9\xE3\xE2\xA7\xC29E A\xCD\xF0�\xD07J\xE6Р`\xB82<\x9A\xC7"[\xFE\xBB)\xB3f\x83KY\xD4_\xCA\xC0
-�/\xF9*@�L=e\x9E\xB8 '\x91�k\xB2&�b<!\x92\xF1\xF4\x84�;%�]0\xB2\xC1n&M\x89\xA4\x85\xA4OI\xC1�\xAA(\x8D.�,\x88\xC5O\xD8f\x8F(\x8Dz\xD7�u\x95\x95\xA5{\xB7.�\xCF�Xs\xFD`\xF4c{�\xD1xX�\xDBDG\xE3A%l\xEB\xBC0\xC1]\xEF��\xC8æXnL�\xFCvc\xEF&Û\xAE�Ù˜�f\xB9\xB2\xC1Û¼\xAF�\xE8nqI7\xAD\xB3AH\xBF\x8C\xA8\xA5\xB0w\x88.s\xB7M\x91\xB7�l\x9A8�B\xE4Yc\xCCV�r|�LBZp\xE4SÉž\xAB\xA8�\x8C\xB6E6\xF2\xC3Òž�&�\xB70cY@\xBDLB6\x940o,\xAB\xA0È•`I/F\x94z\xD5"\xC5\xC5�\Ò…�ب\xD8nu^@\xC0*ÝŽ \xFF\x89\x93\xB9�2
-\xECh sP\x8E5l�\xF13\x9E�)�\xB3\xF8\x92EH"LŒ�\xB2&�\x8A�\�\�i�\xA40\xB0\xD0\xD59�\xF7�\x8E\x8A\xFFpc\xB5\xF7\xE1ƨ\xE8\xE3\xC7 e�{'\xB1t+\xD7\xCF\xF0�A\xE5\xF8\x95
-Y �\xFDG\xB6Ý•\xFA&\xC0R��&\xBA\xD8y\xF6T\xD1sO�\x97\xF3\x8D\xB8\xC9C!@�!.\x9C`\xA0\x81\xE6\xB0p*\xE7pEÃ+\x87*o\xC1dZc\xB9i:\xE6�\x9F=\xCFI\xBD\xE7 at cyØ£i\x9B\xBC\xC9t\xD8 �>�q�i%\x98zs\xB2\xC2ݶ\x87\xD2-\xC8Ü„��\xB9^�Û¬\xC4�{}Ù±\x80\xCB}\xD6\xC8\xD2d\x97å¹\xEF =\xBA-O\x98ØԻ\xAFi\x9Aj\x8D\x88�\xE4�p\xB7|ÊŠ2[\x94\xDAͶW�N\xB3`�\x9B\x9D\xEB\x9A9�w\xB8WLC�\xD2�e\xBA+=�h#!4\x95\xFC\xE8\xAE\xEC�\xD5!\xA8AT\xEC\xC4�\xEBek�"\xE4\xD9-%X\xB0\xF2fT�v\x8CI,\xD4pGH(\xD4x�\xD6{�\xB9H\xCF\xED \x8D&\xDE\xC2\xFE�\x86 �u��\xBE�\xF0qN\xA4\xE8\xFC\xEC\xD7�Ö€@�\xBCyw0�fN}\xD8\xEDP\xD7Kpa�Ê„\x83\xD4f\xBC*�V\x8B�$\xC48�\xF4\xB8y\xE8\xC2U$\x8A:�y\xC6�\xEEB\xD7:�\xAC\xAF\x9E{\xAB\xAFp�S[1\xE8[\x9E\xB8\xE1\x93c\xDBÈ£\\xA9�Ò¤\\xAF2\xEBG\xE6\xE5x7\x9Awi�\x97\xC0 Lq.�\xEA\xAB㬷5zC\xC3\xF1\x88�
- \xF9?\x8A\xA9
-398K\xF8\x9E��\x9AJ| \xAD\xF2\x94{�\xD9\xE4
-\xE8Uu\x8BB\xC9�M]�Z\xED\xFC\x8D�\x93H\x9D Ô®xÖm�\xE0N\xC1�:A\xBA\x82X\xE0\x98�y�\xE7}\x86\x80t�\xAA\xADr_\xB8\xB3\xA0\xB4_\xB63\xC9
-\xE6��Sl\x8E\xE1\xEE�X\xC6muj\xF8\xA9ѿs��\xB5\xC2\xC5b쳕D\xDBZ\xB8\xC1\xF6\x98\xBA\xE0\x80
-\xC40P\xAC\xF0\xBDh\xF1\xFD��\xA4\x8D\xD0\xF0\xC0u\x9F \xDB\xE0\xCA\xD4�\x91I(\xFB\xE9E�\x9B�\xFBÔ\xDA\xDC�{uf��\xF4
-C��\xE5\xC5\xDA\xF2 c\x99\xCB\xEC2GJ\xEF2\xAC\xF3\x9AA\x88\xE1\xBA4\xD98\x84t\x87YO\xEF
-�\xC4\xFD�\xC2�@\xABey\xC8us"K\xD1�Kq+Ć\xC1�\xCF��\xC1\xE3\xF1\xB2\xDEX�e\xD1Z\x90�\xF9s \xCE\xF6ea\x93Q\xE86\xC2�0܄0�\x93\x92\xA4\xAA�\xE6/Bx\x8A b\xD2\xFF\xA3M\x99�\x9A�ụ.w]W\xC5gD\xD61\x8A�\x9EE\x95��\xF0�\xF2\xA1*\x89\x86\xE7Y\xC2�,\xE03v\xEA\xE4a�\xB2\x93\xC8�/\xBA�\xA1\xE1\xFDy\xBEX\xD1/�|ea\xE1X\xAD\xF8\xF6E1.`O
-B\xB9T\xAB\x80\xEB\x9FH*\xF0\xDBFÛ–_\xACU\xBCße[Ó³!\xC9U�l\xA3\xD8\xEAI[O\xCA\xE2\x93ë±°%\xA2\xC7)k\xF7Y#\xC7\xD7\xC0w
-\xC0\xA3�;\x99\x8Fu\xE0$ݖ\xB9\xDF�\xEF\x84S�\xC6\xD8`T\xE8\xBF+�\xD5F\xEF\x8B\xD6\xC7'\x97\xDA�C� $o�\xF3\xF9\x9B\xC1\xBA\xACZ\xFA\xEF�\xD7\xE9\xF8P\xEA\x86\J\xB0\xD1E\x97\x90)\x87":\x8F *\x8F\xA1]\xFAu\xEA3\x80~c\xE9]&\xAC�\xB8\xBC\xA3Hx}`a\xB2wd�\xF2x\xD9\xEA|h\xDF�\\xD8ީ\xC6\xC4Q\xE4\xFA��–\xDE3\xA1oU\x96\xFB\xF6\x86�\x9C�d\xA3\x97\x8Br�ğ
-\x99^T\xD1%S\x8F\xB9\xB7�\xE1\xD6\xDB>k\xE3\xFD\xB1\xBE\x8DC\xC0Æ™\xF4\x85e\x98\xEEj\xA70s\x9B\xB5\xCB
-v\xB6\x90v{z\x9FM\xA59`\xEC��\xD4^t\xF6\xD9�\xBF\x86\xF5�\xE7\xFF\xCBn\xFB�\xF1\xAD\xEC\xD6\xCB\xFE\xF9$\xFD\x8A\xB3v\x9BÆ\xCCÆ—\xBFZ\xB04%J\xBA\x8F\xCF\xED\xE3\xEE\xCB�-l\xA9\xD6��PS\xE1\x81�,\xBC \xAE�#_w\xB6\xFF\xAA\xB8\xA4 \x91\xA0\xF1eq�\xE8\xA0L\xA2E\xEF�YO�\x9AR\xDB
-dz`\xB5�;V&\xAD\x85�\xAB{� \x9A\xEB\xED\xBEv\xBBo\xD5\xD5\xFA\x824{|~+i�\xFF\xCD\xF0\xBF\xF8fg\xE0�\xA4\xF9 \xAF\xE2\x98Є�\xFEV\xF1\xE4\xEF�\\xA6$J�R\x80
-H\x93\xE8\xF44\xC6�\xAF0U\xAB(�\xEEK\x88�G�\x96\xC8.E\xC1O\xE8\xA6\xEE1\x9F\x85j��ro\xE1cQ^\xB8�\xDC",\xE9\x85G\x87 \x8Fb\xD1\xB4\xBA2xÖ\xFB\xFF� �1/\xC8\xF6\xAEU\xAFN`D�`!\xC7�\x8B[\xF5�?�:\xA4^\xBA\xB6)\xC8d\xADˉRN\xC0V\x85\xF9\xAED \xEE\xA2�\x8E\xFC\xA4\xF8\xC8k\x8F\xEB;F�H\xA9k\xCF\xCB�\xB8:\xDB=�3\xDD9^\xBE\x99\xBE?H��r\xEE�9��\xCD\xDFh�\xFF\x9F\xA1\xA3/\xFA\xF6s\xFF\xADs\xFC\xC7Rd\xEBz<l)\Ʀ\x9E\x9Bx\xA6\xEC\xFFp�}º\xFF_\xCFS\xDE\xFF�\xF42\xED�endstream
-endobj
-2030 0 obj <<
-/Type /Page
-/Contents 2031 0 R
-/Resources 2029 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2021 0 R
->> endobj
-2032 0 obj <<
-/D [2030 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2033 0 obj <<
-/D [2030 0 R /XYZ 56.6929 520.5289 null]
->> endobj
-2034 0 obj <<
-/D [2030 0 R /XYZ 56.6929 508.5737 null]
->> endobj
-2029 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2037 0 obj <<
-/Length 3180
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDDZKs\xE36�\xBE\xFBWhO+WE�^�\xC9\xE3<<Y\xA7j\xED\xC4\xF6Vmm6�J\x82,\xD6P\xA4"R\xF6(\xBF>\xDDh "%Z\x9E\xC9\xE805\xA5R\xB1\xD1x5�_7��>b\xF0\xE3\xA34\x8E\x98\xCC\xD4(\xC9T�3�\x8Ff\xAB�6z\x84\xBC\x9F.\xB8+3\xF1\x85&\xDDRo�.~\xFC \x93Q�eZ\xE8\xD1â\xD3V�\xB14壇\xF9o\xE3w\xFFz\xF3\xCB\xC3\xD5\xDD\xE5D\xC4l\xAC\xA3\xCBI\xAC\xD9\xF8\xED\xF5\xCD{\xE2d\xF4yw{\xF3\xE1\xFA\xA7\xFFܽ\xB9L\xD4\xF8\xE1\xFA\xF6\x86\xD8wW�\xAE\xEE\xAEn\xDE]]N\xB2,�P_uZpu\xEF�\xB0\x92\xABy\xFFp\xFD\xEE\xFE\xF2\xF7\x87\x9F/\xAE�\xC2 \xBA\x83\xE4L\xA2\xF4\\xFC\xF6;�\xCDa\xAC?_\xB0Hfi<z\x86�\x8Bx\x96\x89\xD1\xEAB\xC52\x8A\x95\x94\x9ES^\xDC_\xFC��\xEC\xE4ڪCJ\x8Be�ũH�\xB4&\xF8\x88\xF3(\x8Bc\xD1S[\x9CEZ
-iզ#�%\x97�\xCE��\xBF\x99ϋ\xB6\xA8\xAB\xBC\xA4�(J\xE3\xA8z\xB3\xCA\xDB�\xC7�\xAD\x8A\xCE\\xB0\xD1D\xA8(S\\xD9殫ˉ\x94l\x9C\xBB\xA6(\xD5\xD6\xEE\xBB4D4m^\xCD\xF3\xCD%O\xC7s\x97e>\xB5[\xEC���\xDB\xDD�\x90\x88\xFD�";s\x95\xB7\xEBu\xBD�i\xFAm\xE6Ӣ,\xDA]\xBFGۅ\xC9]'\xF5\x86\xBE\xF3\xEDj\xDD/\xF7g]\xB9f\xFEϘ(\x8D�*�.\xE8��W\xE0pD<\xAE\xA1\xCF
-\x91$i\x83`\x91\xF1\xF8�d\xB1*R\xBC\xA3"\xD0mĔ�\xD0�\xB6\xB2ɟ�\xF4(x\xC4�\xEE\x8AP\xAB\xD4C\xD1\xD0w\xB6\xDD\xD0`\xAA\xB6\xDC�+ʋ2\x9F\xE2$٤+\x99;1\xF3\xCEt\xEEeu\xA2^�4\x9F\xD3gZT\xF9f\xD7-o�1\xE1 \x9F\xE0\x89\xF0
-!\x9B#\x81\xD6\xF4i@\xB2\xA2z$\xC0t�\xEF\x9F
-�EÕšM\xC0\xD6<os\xA2\x9Avs\x99\x8E\xB7\xB3vK\xED\xB8\xFC\x82R3�-\xE7|\xFC�\xF1\xAD\xEA1c\xBA#�\xA5V\xF9\xE6#h\xC2\xF1\x8A�\xC9T?�\x81,L\x90(\xEB|\xBE\xE7�+�\x85\xA9N\xA2L\x8AÔŽ\xEC�BEd�\xF5\x82\x9F\xF5\xA6XYň\x8C\x8F�\xB3y�)\xC0� DY(D B\x8A at D4\xA2�\xBF\xED08��)Å“\xD3\xE0`Q*3}\x80�\xDBxC_\xF3im.\xF9xÖš\xB9ë¦\xEF\xD4I\xF1h*\xB3\xC9C\xF6\x82\xF4\xB3\xA2�9\xF9\x83
-��\x86p .F\xA4\\xF6
-\xC3\xCE� &�Qt\x87(\xB2H\xAA8v\xD2W\xF9\xCA\xCC'\xB3z\xB5�\xEFb;9�/t\xA2\xB5P\xAE�\x94]\x81\xBB\x88H\xD743BY\xA1\xA1\xCF\xC6\xCCj\xF4%;\x9F\xB4sc\xE9\xDA}��U\xE6;�\xA2\x98Q�E at l\x81\xE9�-\xB1\xACR\xB1\xF8\xB6\xADA\xD3\xC5,/�Y\xCE�T\xC4X\x92\xF5\x{D823}\\xA9�(,fł\xE8�fei\x8D��\xC1\xAE\x81\xF6\xBCfmf�\xAA\xD8\xD7FeJ-_P&,�\xE8\xE3=^Vy�VE34\xD9�\xEC\x81>S� \x96\xFA:\xF5�\xBD��ɩ\xC3祩�z\xD20\xD2X\xE9\xEE\xB4
-4-a\xAAx\x92\xBAR\xE8Xݸ\xC8/�\xE1\xE7x4\x91),c)XX�<0}-\xB8�\xE7%\xF2Ek\xA7/\xF6>ٚ\xE9&\xAF\x9A\x85\xE7\xD7\xEEk\xE5\xA6J\xEBu\xB9�F
-\xB6\xEA\x8Bl\xD7\xE0gLs`\xE2 -U0C\x82�(\x98\xF2\xBD1\xB57^\xA0\xAD\xF1\xEE�y\xF7\x88t0C\xA0+c\xE6
-\x91 U\xB2!\xA4ë¹\xDAY\x8E�G\x94qI(s\xDDl�\x97Xm=e
-\x96Ũ\x96'\xC0\x8EÙ\xCD��\xA1T�\xE9\xC4\xD9�\xAC\x93\xC75\xB1�Z\xBD^\xC0�� \x89\xFEB\xE3\xCC\xD0���'XЛҺ\xF7��23MC\xBA\x82d_�\xC4k\x96\xF5\xB6\x9C�\xFD\x88\xE3\x8A5y-H;o\x9D\xD8��E\xB3bW\x81�\xA6\xBE\x98-{Íu\xC2xe\x9C\xA4G�w8\x99:<\xA1n\xBDbc\xE6z\xED\xAC�a\x9Ac\xE6ÕŠ\xDCݾØaJ�\x83\x98\xF8BMr�\xF75\xE9�\xFD\x98��\xC1v"\xD24Jc\x88\x80{\xF0}S\xB60\xF2\xC7%*\x9E\xBF\xB0\xB8h�\xA5\x99\xE4\xAF��\xE0\xFB\xE4a\xE4�mn�\xD3\xEC[\xB7De\xDA\xE7z\xF3\x91�\xD3]\xEB\xD85Er6(\x82\xA4�\x85%\x9E\xEAb\xEEÚ ho\xB6,Z�\x96\xFA\xC9ܬM5�\xEB\xA72��\xD8\xD2e\xF1XMh\xFC)�\xD3B\xAA\xFE\xA4\xAEl%\xA1ĸ\xA9\xE9\xDB.s\xC7)\xFC�MRI��az\xB5\xB5\xA0�
-\xE3G
-\x9C0\xE5\xF3\xD7u\xD3�S�\x99R�\xCD\xF8�\xA0\xB0A\x86\xA2%×\xB7Ê\xB7Ê\xB7\xF0�幜\xA2j\x8A\xB9\xF12��\xA9�x8\xF1\xC1o\xB9\xD5\xF5\xC0`\x9B�\xF8\xF6�X\x96Öš�k\x9D\xF6T\xAD3\x8A_\x81
-\xC2\xC0\x90\x88\x97�˅\xB4\xC0\xF0�
-\xB96\x86ÅŠ\x83\x80�\xDF�\xC5`E\xAF!F3u\x84�h\xD4\xC6\xD7\xD0\xC9*\xFFhz\xB2\xEC\xF5\x8D\xCCi>\xFB\xB8]\xBB\xF1,\xF6\xF2XF\xB0s\xD8\xF0\xD8)\xC0Ü¢q\xA6 \x92\x88\xF3X
-\x85\xA1h?�\xA6�\xA3v\xB6~`\xE1\xC1\xC7�\x99wb\xB3\x82\xA3
-�g'\xEA\xB5N-
->\x81+\x88w\xB4p\xBB#\xC5"\xA1e\xEA6[\xCAm\xB5\xBA\xDBJ\xAC\xDF@\x94\xF1\xD2\xF6*\x8Dt\x92\xD1nÍ…Õš\xDB\xFD\xAC�H\x83\x9Bh\xE1\xDF�\xB7\xAC\xED:
-�\xA8W\xE44\xFB\xD6-\xBF\xA8h\xC2\xC8
-kg\xAC\x98�B\xE6\xB9q\xAD5�4gGm+\xC2¼\xC8g>\x93\x82*m\x91\xBEq<\xABI\x8D\xC1f\xEB�\x9F\xE12 at L\xC8|aU\x82\xE0+\xEB�j�=m7S\x90\x93v\xB79\xFD\x82\x94.\xAAY\xB9\x9D\xFB\xB2v��(5\xAB\xB7�\xAC\x9F-\xC9*3\xEF.\x80z6a\xE3qܛ
- \xE0\xEB4��Rb\x90Þp\xB5��\xB72y�\xE6\xBDØ–~�t\xB4;rÛš\xE0\xF8\xDDÞ’Jw\xA7\xCA�4w8.\x9A nt.$\x81k�\xE6�:��y�:�\xDFkg\xA8\xAB\xD0�\x84O\x8F\xF5\xA6\xF8Ó·�084\x97E]\x96\xF5s�\xBF \xC7v(\xE8:8�\xC9\xE2t\xA4d�ÉŒ\xEB\xCF;�\xE1Q\xC2t\xFFp\xE4oU\xF2B\xA0A\xC1B}\xF2t\x86\xEA1hÊ‘\xBEF\xBF\xA9\x89�\xD0D\xC1\x9C+�\x89¹Ko\x95�\x91\x94\xE0e�\xF8.&$w\xE7$ஂ\xCA\xEE\xCC�[\xD3\xD0\xF9JWc�T\x95q\x9E\x8D\xBA=|\x9DÌ¡\xC9W\xA4\x96
-\xF6�iÚ—\x9A\xF0\x93d\xE3j\xBB\x9AZ\x98&\xE4\xC1\x91W\xEC\x87�\xA9\xF77\xF7\x94M\xD8t\xE3\xB3Y\xE89�\x8C\xC5\xE4�Ò±\xF1\xED/\xEFn\xDF_�\xE1�B p\xA5\xB1>\xA36�*\x92%z4\xD9�\xB0}�\x98\x94)\xAC\x94\x89\x88_\xC1$�Q•�\xC0\xE4\xAF[\xB3)\xCCË\xECvp.H\x9E�:@\xB2+\xB4\x85\xA4Ld\x80$\xD26\xA8\x80\xEF�\x92\x98\xFAÃ\xC8&\xECò…„…]�\x8E\x84\xF5;w\x94\xDC\xEE\xD6\xE6e(\x9EO�\xDF��a6R�Ɉ|\x8D\x97\xA0�\xB3(c\xE9+P\x94I�)�\xD31\xF2\xED\xB6}\xAC?�\x8A\x9D�\xBEN\xE4��O
-\xED\xA1\xD8�\xDABQ1�\xA0\x884B\xD1~È \xBE{(b\x96\x85"�\xC7P��\x8A\xB1\xD0�\x8AD5v\xF7�\x8B\xA4s\x90gK,
-\xB1\xF7\x87\xAD\xC8v\xA1j]\xBAc\xCBh�\xF0\xFFv\xA1\xA4_\xE9\xD7>�y*\xCC\xF3e&\xC6'\xAC\xE0l�\xF0�;d\xA1\xA38Ë’W\xAC \x80\xC5\xFDe\xCA
-m�q\x8F\xE0O5\x8F\xF6�\xC3�\xD1\xE9\xEBl\xBE\xF9\xA4\xFC\xC1 \xBA\xF2w$\x85\x86\xB4\x8D\xC1) \xC7T>�\x9B \xB2㧥\xEEF�C\xD6\xE0\xF6)\xB8\xB1\x80*'@y6%|c\xA0Tg�%,\xA5�,\xF7�P\xC2�"\x95\xC8�\xF5\xFF/\x9C\xCAZ\x87a\xAA\xBC\x9A\x99\xCFGf\xA7ó!\xF3\xE4 �2\xBB\x83\xE8!S\xF7\x90\xA9= �\xDD \xE1R'\xE1 at EӮ\xDBL\x86\xD0\xD9QG\xBD\xC6K�\xDC
-\xB9\x8D\xD1\xD6�\xB8y\xF3\xD2 ws�\xCFgS\xDD\xF7�j�\xADa\xB7\xA2_\xC1\xB3\xC8d��I{\xE2;\xBF.~.\x84\xBB}\x9C+\xDA8-\xB7\x87pO\xEE.\x84\x95V��+�{\xE7\x8A�\x95]E\x90�€\xAD\xDD\xE8�\xC4 \x80X<�\xB0WQ \xA7\xC3\xC2\xC4�[�Ç�\x98:�+&�>\xE8��m\xE3oF�\xE7S\xF87�\xFCTF:\xD5\xE2�F\xE4k\xBC |\x9E\x82\x9E\x95\xE0\xAF ?�\x95\xC6��\xE8�D\x9B\xCE\xFB\xBC\xEB\xCE!\xEE�s\xE2�\xA2\xDB\xC9׉\xBDG\xFEi\xC1�\xF2\xBB\x82S\x9C\x9D\xC5\xFB8;\xD3�g�\xCF
-\xC1\xF2֔�\xDB �\xBF�@c�\x9E\xB7
-yopÈŸ\xC0\xAAlx\x9D0f\x8D�Z\xD3�\x9E(\xD6\xE1\x9C
-\xB3\xD08\x90o\x8D��3\xAB\xD0�\xAB\xC2k\x8Di\xDE\xC06�\xE6\x8BًG\xE5_\xAE a>\xCD\xCAܟ\xBE!�_3�\x85W\xC9\xFF\xA0\xABڔ\x8E\xE5�#"\xB4K4\xACԟ˦t\xA9��\xBB\x8F\x85/\x8E���S:UG��O6.\x97\x8E�\x81Z\xE7�p*\x83\xF6\xBB-s\xBBiN\x9C"\xA5;\xFDA\x8E\xD5;\x91\xF6f�\xB2>V\xF5s\xE5\xCA\xD7Ě�J[=O\x86t\xE5\x95/�
-\xBE\xA5\xCBs\xC1\xC6\xFE\x9B\x97x\xE3#����\xE6Þ¾@�!\xD4\xCD\xEF\xEE\xEE\xAF�\x90D\xCDECC\xF9\x8A\xCD\xCE\xF9\xAC\xE0\xFB\xDD\xECp\xB0W-\xE5+'\xA2\xF8\xF6\x85'1-g\xF5\xEC\xA3q\xA7\xDB\xD7?\xDE~\xF6j\xDC\xED\xE9\�\xE5i\xE9\xBDOr\xD2\xF3\xE3\xD58\xEB�\x94*K\xC2j��\xE1��\xF9\xE4OJ\xFBrd\xE8D\xF4 \xDFE\x9C@\xE2\xD9\xC6\xFEm Q\xE0;\xA7\x84'�\xD2G�O\xF8:\xEF�\x8F\xDE=J\xA6\xA3Tdx-\x8E\xB7\x82\x82\xE9\xE1\xF9\xF2\xCF�9Kq\xBE2\xBA=Ç—��B\xF2\xA9u[H\xDBsl\xC6\xFD\xAE�8a×t\xF7Æ„\xB9Ka\xF8\xCE\xEA\xB2\xF4\xD7\xC0\xCCߦa\xCBKë›\\xFB6\xFC��\xE1\x9C4�\xFE!�s\x97\xEC\xB6j\xA7\xDBe\xEE\xFA \xB9\xF9\xB6]\xD6�|\xE88\xE0=_xʃ\xFAI\x94h\x80bL\x9AS\xB7\x8E�pi\xED_\xFE\xD0U�\xDE�\xB6á¾”n\x8EÓ®U\xC4\xD1\xFE\xB1\xD0\xCE�\xB5\xEA\xDF\xD7Q�\xBC\xE5\xE3��\xF3Ƹ��.\xA5\xF66\x84\xB9\xF9\xFEu �\xDA\xC5W at E\xBB$&\xA8\xA88x:\xE4'��\xEB\xD8m\xA6]\xD3\xDD\xDB
-\xAE\x92H\xF2\xEC\xE0=۵k\xBB\xA9\xFD�\xCC,\xB7\x8F!z\xF7^�-\xBA\xAD]\xF7�c\xBD*\xDA\xF0\xCAd\xE1�%\x85�\xE6f\x91o\xCBv`\xE1\xB1\xF3\x9A\xC22\xA3\xB4�y|\xBBRwt\x81\x89Ç\xA1�zx\xAE)�\xEFf\x89\xEA^\xDFJwU\x8BE\xEDU\xAD\xEC\\xD5\xEE3\xFD\xBB\x8F\xDE-2\xC6\xF8J\x8Co+\x97S4\xBE}׵\xAF\xB2.s\xE2q\xF7\x88Gҥ\xB1{\xA16\xF4l�0\xA4ț��;�\xFAI\xF5\xFE\x919N}\x9A\x8A�\xBC<S\xB0He\xDC�\x85\xB3\xC09?\xF6\xC5\xEE\xF1\xF5\xB1\xEC�\x876naendstream
-endobj
-2036 0 obj <<
-/Type /Page
-/Contents 2037 0 R
-/Resources 2035 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2021 0 R
->> endobj
-2038 0 obj <<
-/D [2036 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-670 0 obj <<
-/D [2036 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1797 0 obj <<
-/D [2036 0 R /XYZ 85.0394 752.4085 null]
->> endobj
-674 0 obj <<
-/D [2036 0 R /XYZ 85.0394 542.1781 null]
->> endobj
-2039 0 obj <<
-/D [2036 0 R /XYZ 85.0394 510.0725 null]
->> endobj
-2040 0 obj <<
-/D [2036 0 R /XYZ 85.0394 447.7453 null]
->> endobj
-2041 0 obj <<
-/D [2036 0 R /XYZ 85.0394 435.7902 null]
->> endobj
-2035 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2044 0 obj <<
-/Length 2603
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZMs\xDB8�\xBD\xFBW\xE8HU",>H\x80\x98=%\x8E\x9Dq�\x9EDVv\xA7v2�J\xA2m\xCEJ\xA4F\xA4\xE4x~\xFDv\xA3A\x8A\xB2eQ\xB1=[\xAAT\x85`\xA3\xD1h\xBCn<4h\x89�\x87\xA2�i\xA6\xAD\xB4=cC�q�\xF5&\xF3�Þ»\x81\xBE\x8F'\xC2\xEB�j\xA5A[\xEB\xFD\xE8\xE4�\xE7\xCA\xF4,\xB3Z\xEA\xDE\xE8\xBAe+f<\x8EEo4\xFD-\xD0,d}\xB0\xC0\x83\xF7�\x97�l #�\\x8D\xFA&�\xDE\xE1\xA3\x8B\xAB\xD1\xC5\xE9U`m,\x83ÓŸ\xDF}�\x9D
-IK\xB7�\x92\xC4�?\xFD\xE5\xF2\xFC\xE2\xE3ס7\xF0\xCB%\x89\x87g\xE7gó\xCBӳ\xFE\xEF\xA3O'g\xA3f�\xEDE
-\xAE\xD0\xFB?O~\xFB\x9D\xF7\xA6\xB0\xD6O'\x9C)�G\xBD;x\xE1LX+{\xF3\x930R,
-\x95\xAA%\xB3\x93\xAB\x93/\x8D\xC1V\xAF�\xBA�4\xC1\x99TZ\xEE at M\xCA]\xA8E\x96i%\x95Cm\xBA\x9A/\xD2),K\xC7AU\xE0\xD3�\xD5mJ\x82o\x9C˙o\x97\x8Bt\x92\xA1\x80\xB4m0\xBE\xF7\xA3@�`\x80\xC9Dk2�\xB3�\xA1#p�\xA7)\xAB\xA4\xCA\xCA*\x9B\x94�o\x94\x86l\xF9\x87nY\xEDGL\x8A�5oVK�Y\xE44W\xB1\xC06DK\xE9(�\x91\x9B6(\xC0\x85%)d%=\x97}��鼨\xD2\xD9=)%\x93IZ\x96٘\xA6\xEE
-\xA4\xD0LE�\xF0�\x82\xD9(\x92n\xD6u\x96\x80z,�\xF7\x90-\xBFI<\xB9M\xF2<\x9DQ\xE7\xDDm\x9A\x93\xF8 �ˆY\xCE\xEDc�\xBC\x99r�
-qÄŒ\x91\xA65&\x9D\xA7yE\xF3\xB8\xE5\xA1[[\xC1\xC0\x8E\x9C:(t\xE8\xE8#\xF8\xA0\xB7\x89'(|\xE3�/\xD3\xF4\xC9�V\xE0\x87��S\x89\xFA\x967=j�wnØ–\xFE\x9EÔ«\xB5pmW\xE9Ä»æ¶ \x84\xFC\xE8\x8D��\xC1pËG�\xA0\xD1\xEA\xF0\xE2\xB15t\x83��bG\xF4�\x90\x8F\x92\x9B\xA87P\x8A \xD1b�Ø©\xFD\x81\xE0\x9C\xFB�D\x9Ei\xE7 \xBC\x9Fg;S\x9CCޅ̆"tÆš\xE1U\xFA\xBD\xA2\xD6u\xB1\x9C'\xBE]>0\x8A{\x95Z\xE3\xF4&˽\xF4.\xABn\xA9\x95\xD0c\x96\xE5\xE9Ûº\xF9\xDF\xF4\xA7�k�?\x84aVA\x9E\xA1�oÞ¼Ù½\x8C�ÍŒ\x8D
-\xE6\x8D5
-\xA8׆\xB6�\x9D\xDCe>\xDE,Sq�\xE4\xAB\xF9�w*\xB61c�\x8F\x83EB{5\x87\xD4-\xD3\xD2w\xFAgB� "\x9F\x92Þ”F}ͳ\xBA\x9Fy\xCBU6OAk\xBE\x80\x85+)\x82y\x9A\x94+2\xECG$\xDEd\x99\xC2Ö˜\xD6/Y>\xF1�>%\xF9*YÞ“\xB2x\xEBH\x82o\x93\x83\xB0\x86#\xF7p�\x9C�\xB3Yq\x97\xE57 J�\xF1\xBBu1SÖO-\xB7Wá™J\x99z\x8Dâšž[\xD1�\x85,\x87\xD8\xF7\xC1u\xB7a1\x80!RL6\xB9ݶ7�F\xB8)\x96\xD9_n\xEF\xC3\xC0\xC4wL\xD3r\xB2\xCC\xC6N\x8C\xF3\x8E\x8Bu\xCAhqg X\xD9Z�es\xD9Þ‚\xAF\x96T\xB1O*R\xBFL\xE6\xF5&I\x97kG\xD4;2
-\xB4\xF7\xE4�\xA5\xA9[��\xB7i\xF9-4R] \xA6J\xEAr\xF0\xC2��.\xD1c\xA9\x82\xB4��\xBAU\x92\xE5�8x'\xBE�f;�\xCE\xE8*\xAF\x9C\xB3йNf+\xAFw\xED�\xEF0�-w�\x824\xABgÇ\xBCJf\xF4B�Y�v\xE5Rs\x8E!,\xEE��k)\x98\xC6&N\xB3$Y\xB2N\xB2Y2\x9Ey�\xEFV釞\xD7jc\xCA\xF5uV\xDD\xF7\x85��.܈F\x9D\x8C\xFA,�\xF5\xDBd\x9D\x92,!A\xBDB\xED���\xF7
-d\x99dyQ\x91\xB4\xBC-\xEEr\x92\xB9\xA3G\x9B\xFA�|\xB8Ї$Fg�kT[\xF1%\x9E\x90\xF1\xD6�\xE8\xF4ć=)m]\x90Q\x86\xA2\xAC\xA2a\xC6\xEF=�\xDDaA at noi4�$\xA9T at Y6�\xEE\xC9&�4\xA7[\x90\xB8\xAA\x9D\xD9��\xFB3߲�Ӷq�\xB5c\xF5\xE8\xD2?�f\xA7F\xFA�xjv�/\x93\xD2t�\xF3F\xE7)f\xC6c\xD4{\xE4f\x80\xC3O�n\x9A\xE3\xAC>\xCC�\xCEqZ'\xCFa\xE7\x98R�w� T3#J*\xCC]DZ\x89\xA0\\xCD\xE7 ��umEY\xB5\x93\xD5
-tɊr\xAA\xCAQfI\xB0p\xB1-\xD6�9\xDC�Q�\xD1F@�\xDA\xEA\xA8EJw$ƤFaU{J~\xBD\xDDE\x8A\xA4#\x80\xE8\xD2\xEBj^\x94\xE8\x86@\xF7f\xAByN=.w�\xAFU\xA1\�7;�\xE8�0\x98\x92\xBC\xBC\x9F\x8F\x8B�)\xE7\x8E�\xB1\xE5\xBC�\xA2^#Hj\xBA\x81k�\xAC(\xB4�1-\xBD:�)\xFDLMbc�mC\xE7R^\xDB<`�Z:m\xE6Mi\xCD}}\xEC\x88
-\xBA\xA9�\x86F\xE2\xBB�\x8D>\x93d\xCB�\xF4\xF8Z��I\xC5uIc\x83evs\xEB\xD1sZ.3�\x80\xF8z\x93\xADSm\xF0N\xBA$Js\xF4d\xEAJw\xC3q�\x9Dc=\xD3�\x9A\xC6�Ì \x9D\xCCÊ‚$5s�_4\xB7Mm-͈M\xBDl\xA4\xDB]\xE3U\xE5\xA6Ð\xA1\x99×�\x93��\xEAÞ‡E\xE1.�\xF7\xD4\xE9\x8FS�P\xCE�\x97]i7/\xA6\xAE\xA4\x9F\xF8\xA0\xA8H�g`c\x9CV\xEE4\xC26%@2M\xC6\xD9�\xF8�w:\x80\xAF\x85
-\xDEM\xA7��v\�\x9A@\xD7n\xEFAs\x9E\xDCS\x83\x90 \x9B\xF4lm\xA7)I2?=\xAD�[\x94\xFC8\x8D\xE4\xC1\xBFݽ\xC7�\xDB�\xABy6\x9D:Ԥi6
-\xB6\xD3\xEF\xFE\x94\x866\xAC\xE7.u\xB7'\xA9\x83\x8AR�\xE5\xD5]\xD1�\xE8�pØYE\xD2:mhP\xAD\xB9$D\xCA��vt\xB2;q}\x80#\xEFS
-"\xFD\xE9V\xD3;6�\xBB\xECXE\xFC\xB0�\xF7\xD5Ov\xED\xEB\xA2\xC5b�\xA7\xC6ØŸe\x8F\x89\xFC\xE1\xADA4D{XEÔ¦\xDF\xF6\x9DH�f\x94\xD2=%#�\x87&<\xE8#C\xA8X\xA8\xE5\xF67\x86g
-\xAA\xBDh\xA1\xF5\xE4\xFC4\x8E\x83)߬Gl\x9B�\xD4+�\xFER,\xB6Rn\xBE\xFA\xD8�\xA6:f��\xB8\x9E\x82#241U\x99W\x9E`uh\xA5\x8B\xA5\x8F[-WXE fq\xFB\xEA\xE1}\x97\x87\xCCX#z\xED\xB9_\xB6�Äk��G\xA9\x98\xDD\xFB�\xE8\x91\xC9z\xC4S�\xC9�\xF0\x88\xDB�\\xB1�!�\xB1H\x82>"4L\xFF\\xC1\xDDh�¹bT��\xBF\xEC8\xD0�Ø…\xEA!\xF4\x9F�.>\x93z\xE8\xC9\xC6Y(\x9D�/\x99\xA4\xB0�\xA7@�\xE0Mp <\xF3S`\xA2\xD8S�\xEA�Ñ
-\xB7�Kj\xE7�\x82\x87\xE4��\xE0\xDD�#מ\x91=�\xAE6�/\xC3\xF6o
-\x97ÖŒ�\xA1\xF7\x87KÆ‚i\xA1\xD4V\xB8\xF4\x8F\x85K\xFF\x9F\xC2%\x9F�\xAE��\xAF�\xAE\xD7\xE7���M��v\x84+2\xCC\xF0&ZgÓ¼\xE4\xDD1�6QÙ¾_\x9F}\xB8\xBC\xC2Ú!
‚\xBB\x8A\xBD�i�\xB2'!m9\xFBZ\x84\xF57@�J&\xB4\x90�\x90\x86�3\xC0\xE95R\xEF\x93)\xE2\xF2/w\x97\x85�\xF2\xD9\xE8\xAE\xF2r\xB5X�ËŠ
-[\x82\x9BZp\xF0\x96ͷ\x8F�!o-\xE6\x88!W\x9CI\xDE\xC59P\x9E�+\x9B#btu\xF1\xF1\xF90\xBB\xD1?�\xE4\xC6\xC5\xD7\xC5Q\xBC&\x8E"f\xB0\xA4\x8E\xB3VJ\xC1be\xA2��@\xE2�l \xA3\x9FG�-_\x8F83\xB9f\xD2F\xA6�QnY�K\xD5"\x83�%g\x96\xAF\x93Y6\xDD|$\xD9dk\xFDI\xA6
-\xFB�\xFA2\xBBɓ\xCAFރ}kUNj\xBD\xB0!S!\x8F\xF6c/\xACa�n\xAC
--\x9C~\xC6?\x8D\x9A8�\xF6\xA3(\xC0\xD7\xCE8\xB81�K\x83�I涫\xC7K�"\x96L\xC5QG\xB1 \xE2\x88YCUӻUu\xFBey?L\xFF\x80{I�F\xC1\xF0\xEB�\xC5�\x8E*\x96�\xDE�\xD7\xE9&\x89\xF3�G\xD7
-N\xB3u\xBAI^,Ѳt�\xF7?\xD2I\xB5�\xF7֊\x8E8\x91
-g\xA1\xE2��\x850!\xE3B\xD7�Ť\xC6=\x8C\x84�\xDC�\xA9\xAA\x875\xA8\xCF�\xB4\xE5\xEA���\xC5p\x9F\xEE"�-\xC1�A\xF5¯\xD7K�\xA6\x8E\xA0<�~\xFD\xF5|Ø\xE6\x8A\xBC\xFEc\xE72\xC9\xCB\xEB\xFA\xB3\xC7S$щ\xED\xC6\xEB#\xE6\x88P\xB3�4;\xB0\x8D\xC0�\xD7TB|]L\x93*\xA5\\xD5R�\xBC \xE9\x86\xF7\xC3}\x9E̳\x89\xAFz\x9D\x8D�\xE2\xDBr\xFD\x88sW\x85,\xD2aGE!�4"QW�\xF8\xA1�?8��\xA8\xE0\xEA]^�\xC2�4\xC8CX\xA6y\xB5�\xBA\x96SG�\x9D\x94LsÛµ\xEF\xA5�sZ4(\x8CÜl\xB9\xCA\xF1\xEF\xD0�$\xE6\xA8o1\xE5\xE2\xA0�\xD1\xCA\xC1�\xC1\xB4\xE5\xED�\xEFw\xC1\x99\x8E®\x9A@\x84L\x86�H\xF1N\xCA8�\xF7~B\xE8 \xB3\xE5\xE6\xF1&\xA8\x8D\x99F\xBD\xFDXr\xC9d�Å›\xFC<\xF0\xAE\xF0�\x96\x9B\xBB\xC1~�[\xCE�/\x82\xB1f\xA6+�-\xD8W\7\xA8�z}�\xBF\xC7�\xD8\xFD8n\|)\x8C\xB8\x9EP\xE2\xCF!\x99�b\xD7�\xC5x\xAF�\xE2C\x97\xB9\xF9\xE1[h\xA0f\x8E\xE5\xEE_\x9CI�\xD5?~eQ��\xFD�^!\xE4#4\xEA_pz\xB5\x96\xEF\xFF�\xE2\xD5O\xF8endstream
-endobj
-2043 0 obj <<
-/Type /Page
-/Contents 2044 0 R
-/Resources 2042 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2021 0 R
-/Annots [ 2046 0 R ]
->> endobj
-2046 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 732.5838 116.8967 743.9759]
-/Subtype /Link
-/A << /S /GoTo /D (statschannels) >>
->> endobj
-2045 0 obj <<
-/D [2043 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-678 0 obj <<
-/D [2043 0 R /XYZ 56.6929 718.3947 null]
->> endobj
-1674 0 obj <<
-/D [2043 0 R /XYZ 56.6929 695.4159 null]
->> endobj
-682 0 obj <<
-/D [2043 0 R /XYZ 56.6929 492.5344 null]
->> endobj
-2047 0 obj <<
-/D [2043 0 R /XYZ 56.6929 467.9557 null]
->> endobj
-686 0 obj <<
-/D [2043 0 R /XYZ 56.6929 360.5123 null]
->> endobj
-2048 0 obj <<
-/D [2043 0 R /XYZ 56.6929 338.2011 null]
->> endobj
-2049 0 obj <<
-/D [2043 0 R /XYZ 56.6929 338.2011 null]
->> endobj
-2050 0 obj <<
-/D [2043 0 R /XYZ 56.6929 326.2459 null]
->> endobj
-2042 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2053 0 obj <<
-/Length 2944
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD[Is\xE36�\xBE\xFBW\xE8HWE�\xEC\xCB\xDC:m;\xE3\xD4\xC4\xEE\xC8\xCET*Ë\x96\xE8nf$QMRv{~\xFD<l�$Q\x92\xDDV\xA7\: \xC4\xF2\xF0\xF0\xE1\xAD E��~d\xA0�\xC2\xCC\xF0\x812� L\xC4`<;\xC1\x83\x8F\xD0\xF7\xC3 c\x86q\xD00�\xF5\xFD\xED\xC9?.\x98��d$\x95\x83\xDB\xFB\x84\x96FXk2\xB8\x9D\xFC\x9E\xBD\xFF×»�\xB7\xE7\xA3\xD3!�8\x93\xE8t($ξ\xBF\xBC:\xF3-\xC6�ﯯ..\xF8e\xF4\xEET\xF1\xEC\xF6\xF2\xFA\xCA7\x8F\xCE/\xCEG\xE7W\xEF\xCFO\x87\xC6h
-\xF3yB!̽\xB9\xB5\x93\xC2̛\xDB\xCB\xF77\xA7\xDE\xFExr~\xDBm \xDD$\xC1\xCCr\xFF\xF9\xE4\xF7?\xF1`�{\xFD\xF1�#f\xB4�<\xC2�F\xC4�:\x98\x9Dp\xC1\x90\xE0\x8CŖ\xE9\xC9\xCD\xC9\xCF�\xC1\xA4\xD7M\xED�\x8Ds
-XQ�\xA8q\xC4(ٳ\xAC_�ò\xA1\xCA�\xD2�\xAB\x8DU\x87��\xAE@\x8F\xC20\x8Diw
-\x94$\xA7` $!\xC9@ \x83$\xA3Ì\xC2\xCF\xF5\xD3\xCDr<.\x9A\xC6b�3h2\x83h�\x9C�>Ø]�uY4\xA7CfLV\x9F�\x9D�\xCDr\xDA�\x93\xD3!\xC78+\xE7\xBE'\xF7E\xE3\xC9\xDE/\xA7\xA1y\xDE<�\xB5=�8)%tv\xFB\xA9l\xFC\xCCY�\x9Dv}XhH�2BP\xB7b\xFB\xA9\xB0Gɲϰ\xF4\x93\xAF>~*ÇŸl\x95��\xDAe
-\xB3]_î‹«\xEB\xF3\xD1\xE8z\xE4��\xA3\x8Bj\xDE�b\x8Fe\xFB)\x8Co\xFBV\x9D�y\xD3�\xD3BeÕ¼\xF0\x95\xC0=\xD4e6�!\xDF\xE8w`k\xE3\xAA^\xAD3 \x8Dm�JØ…�7=�\x8AA�\x88\xA0�\xDCf\xE7)�\xBB\x91\x81K\xAF?\xE3j9o-KVÔ«{_.<��e\xB5l|\xCBCQ7e5o\xD6\xC7%z\x866\x95B0\x86�gb\x90\x8A\xD3\xEB\xE4\x93s\x86\xB0�\x92�\xCE\xCF'�g\xEC�y\xC0\x86Rq@â†&DF\x89\xB7l?\xBD\x9B\xBFD\xE2-R\xEB�o[\xAC\xC4\xDB2�zU]\xB6y[>�\xA1)\x91\xF6\x9D\xF8\xAEx��\xDF�^ �Ri\xF4~|\xA51H�\xC9#\xBEWU���R�\x90\xDD\\xE5Ç„{^\xBD�\xF7tS\xC7�\x9E2d\xF6z\x90-\x92q\xC6�\xE0�EL\x98�\x82-\xB5B�\x93Δ\x8F\x8A\xFB\xA2\xAE\xF3\xE9Kl9\xE7�P\xDB�gË»\x9E@Ôµ\xAC\x99qaX4\x82еi�\xFB�z\xE5\x8Fi\x87IT\x88k)�\x8B\xF5\xEE\xCD08@\xC1d�\xF8\xED-az�\xAF;Þ•\xC40\x81`\xAF/!�g\xEC\x90� \x85\xC3\xF9\xEE�� l�l:M\xFDR\xD7MѾD5\xA9\xDATMhq\xAA \xE5\xCA\xF3\xAE\x869\xCF�f�\xD7�\xB5y\xE5\xCBI\xDE\xE6\xA8OT\xBC\�\xB3-W\xAE\xD1J\x92+{% \x90\x87�\xEB\x9C\xEB|\xE76ᄹ�dS\x92,e+!\xB6\\x97$\xDB�\x92d\x9B\x86\x8E\xED!�\xE05\x83\xA3^s\xCF_-j\xABc|\x9DX|C\xA7@!\xD8g\xFA\x90S\xA0��*:\xA7p�\xB1>X\x8D\xFF\\x9C
-\x91\xBD\xBB\xFC7 \xA11\xF8\x86\x8B\xBC\x9C�\xCD5\xD8E\x80<,b#\xFF\xCB\xEF\xC19\xD9\xC4q\xBD/9�Є"\xA1!\x95\xDA�4\x91\x88(\xDC9\x81\x8B\xEB\xD1O\xA0\x85��\xA9 \xDFsОc\xE1�h\xEF\x815a\xF9\xB8\xBE\x95�ͷ
-\xAD\x91T\x8C�\x80�sDI\xD0fk*=\xBB\xFE\xE9\xDD%$\xA0\xC4\xE1
-\xCF/q\xB3\x84m\xBAY�\xDC,\xF4D\xDA\xC8?�\x97
-\xB5\x{DF02}8ӷ#W\xEA1\x84�1\xACeg�'\xD5,\x87U\xB7�\x87\xA4\x94SM\xFE6\x97\x9A�\xC2[u\xA9 -\xD2X�0tB\xC3�\x98\xEBU�6^:X\xECiQ\x96\x8D.�'?\xBFPTB\x92\xEBD _6^^\x98χm\xA5)\xEA�\x97\x8E\xDA\xC6ʗ\x8B\xA2\xBE\xAF\xEAY*k\x91\x91�qq\xA2\xC7LV\xB9\x91�G\x8CcO�\x9A\xFF\xC0\x98\xCE'\xA1��} \x887�A�\xF3y;n[j=寔\xDA:\xDDǦ\xD8
-D0\xE6\x9F\xD8&"q,\xFF,�RJ\xBC\x84d\x9C\xD1/\xB6\xDC ev\xE0�Hp\x8E834J\xED\xD9r1-\xC7yk\x8F\x9A2\x91\x8D\xA0\xE1%R� Uw5�Us�\x95(\xA9\xB6\x9E\xB7m1[x\xA7b\xC7T\xBE\\xC9j\x98s\xB7l}eR6\xC3u\xA9\x89w�!�\xF3wO�\x84їŗ\xB2i\xCB\xF9G\xFFdo\x8DNI\xF6\xE4\x9F|\xECik\x8E9[i\xF2Y\xA8]~�\x84&\x93 \xBA\xCDw}\xF2\xBA\xA8\xEA\xF6;`\x8E\xF1\xEEN\x8A\x9A\xEC\xF2̵Aj
-�Cw\xFB\xB4(|on�\xC9\xF6\x8E\xA7yӄ\xB6\xA9_&\x9F<\xF9\xBE\xBB±m\xAB^`\xABa\xDF\xFA\x{18EA18}\x80\xC6I\xD3\xDD?\xA9>\x8DS�_W\xF6\xEB�X|)\xA5
-�9\xE9οG\xC9@�U7\xB2S2K�\x94\xC7�\xC1F \xCC�_?\xA7\xA3\xAA^"֯S\x93\x95\xE6�Ӓ\xBF\xE8�6\xCE\xE8\xD7<f�L\xC5��6\xAE9 Ϻ\xC8\xF8\xAC\xAE��\x90\xE4\x83\xCA�<\x8B\xBD\xEB`
-;�\xF4���\xC0\xF4\xDB
-\xE9\\x87\x8A\x86�*\x9D\xBB\x80:\xE8Ôš\xFA\xD89y\xAF\x8B(\xBEXi\xF3\xCB1\x9AÍ—\xB3;G\x84�wp\xB6m\xA5o\xF6)q:~�Ix\x84~\xCF#T\x82Dn\xAA\xB5WGAe\xD4#H\xB9\x83�\xD9F\xA7G\xB6�\xF4h\xAD\xED1\xEC\xC8?5Ë»\xA6\x80\xB5\xE7\xED\xF4\xA9ok^\xC9�\xEC\xA0K\x84��^\x99� �K�\x9F\xADÄۺݹ-�
-\xB6a\xB5Ó¾Õ–\xE1\xE6\xD9_\xD0Õ½v0�\x8D\xBFѲx.\xA6�\x9F\xF9\xB0{uSMw\xFAIHs%5Q3\xA7%\xEC\xB8�.B~\xEA-TÏr7o
-~\x8Beϥ�A\x9A\x92\xE8\x8Bg\xF9\x97\xE1s\x97\x81\x98��jb�^-Z\xAF\xF9�L\xD7�Xর\xC6\xD7\xE8`\x8F\xA1uR4\xE3\xBA\\xC4ĚJ\xA4\x84ի\xB5\x88\xC1EV�\xA6\xE5wղ\xDD4�\x8C\x81_S\x94
-8d"\x86Q\x976\xF8\xCE\xFA\xE3\xC0WF\xC9ۘn\xFC0\x9D\xB0\xAD\xBC\xDBt\xF7"\x9E\xB2dg0l\xF4�Kۯ\x85\xE2\xA8�F֌\xF1�5\xCB��@ \x80(x�d�ЖW\xB0\x8DN��\xE8ۧ\xED at g`!7\xF5e\x97\x89\xE2�A\xB8\xF0\xF7\xE5
-\xC1\xC4\xCA\xD7\xDB\xECo\xE8�0A
-\xDC\xD5~7\xC0\xC0\xB8cJ\xBB�\xD3^\x84,\xEB\xE2\xB0�\xB8\x86\xA3\xB3\x86T\x8A�\x830)\xB3{7\xDD�\xB7\x8D�\x84\x8C\xF1�\x8Cێ�`\x86\x8B�\xA0s\xC7e,\xC1HI�m\xCB\xFDN\xEE\x86\xDD\xC8\xF5H%\x8A�g\xCC�1�ÿ.
-\xB6g%
-\xB6ßcA�l�\x88\xC2P�\x9D]Um\xF1OØ–\xB2\xFC\x96\xBDf6 LH\xE6#\xA3\xB8b\xF5PN\xA2\xB3\xB3 \xF0\xF4\xC9\xF7v^\xF3.�\xFF\xF71\xF7\xB9\x90\xEF�W\xB3EÞ–w\xE5\xB47�-\xDB'\x9F\x8D{�\xED\xF2r\x9F\x9Dm\xDE�\xDAt,\xEEÒ¦J\x98\xC2f\xEAY>\x9D�
-\xB9/fU\xF4`\xF6\xC9\xE5ZEo�\xF8\xB1\x8E.B\xA9\xB8\xE9\xC6?5K�\x80C-o\xFA\xFC\x85\xBD\x9D\x91$
-\x92}�\xE6�ֿz\x8E�\x82'\x8Au�\xFA\xFA}�1HR%V\xE1\xC9Nj� �P'%7ӿ܆\xFABd\x8F\xD5r\xEA\xBC�\xE01m*\xDFx� \xF9\xB6rކ\xB6֛7!Rc�\x93"x\xB6'=\xF4\xEF\xDCEX\xDC\xC0V\xC8au G\xAA\xB6\xB6\x92"\xDCqe\xAB\xF3\xAA\xF5\x95\xBB—.�\x82r\xE60g\x90<\x94\x90l\xB8\xB9N\xD3\xDA\xD08\xF7\xC3�u>\xEE=ζ��{\xEC]bK\x8Ee\xEF\x8E}!L\xC1>)\xC3\xC9~{G!~g\x90;\xBBM\xFFz_\x8F\x8A\xCFg\xF6\xFD\xFA3\xC2^0sMw�\xF9?\xF7R޽E\xAA\xF3ys\xEF\x85��\xAD\xC6N\x8Bֆt\xBB\xD0L9}\xAB\xB7\xBE\xA0\xBDH3s LM��\xB9v \xFD\xB2\x98@\xE2�0]<>#\x8B\xF0\xA3ӛ^�o �,b\xB4\x83{\x81\1\xF9V\xDF]S)\x90\xD6\xEC\xC0\xED�\x95�\xE2:\xCC׀l�_\x89\xE4\xEAe\xD7�\xA0L\xF8|\xB3X
-�\xA1\xBC\x96�\xB0�
- �̚��p|\xDE�\x9E\xB3'\xC8\xF9ʱGn\x99 \x9B\xA0��\x80\xDE^<�^\xDF,\x9E�6�\xC5�\xBC\xAD\xA5\\xA05�\x9E\xBD\xEC\x81\xF2��\xD2s\xF6\xA6\xBFJ\xA1�J\xA2�\xC4\xD7�\xB6$17\xA94~\xAD(6\xCF�\xBD\x84\xB17��і\xF2!g
-i?\x84\xF4*�\xEF\xFB|\xF2\xA1.\xEA\xE2\xF3k�\xF4f\xF2\xAFbܹ\xF3p9\x82\xBBoCB\xF4�]SÙ”\x9D)X\xA58{\xCE \xD9ß›=�,�\xC1ê\xC7�^�.|�\xF4\xE1\xB7Q\xF1X\x97m\xD1<'bZ}\xEF�\x80V\xD3r\xFC\xB4�<y�=\xC5=h:N\x8F\xEA\x9BV\x9F\xC6�\xFC\xD6�\xE6pI\xD7?\xB5\xFD\xAAI\x91
-J\xA4\x8D\xA6����\x826\xBDI\xAEb\xB6\xAEd |G\x9A\xDA\xD1DI\x841\xDE�K\xC4ψ \xA7\xE0É©W�\xFBI2A\xF4tH`b\xF6[\x87\xFBO\x90\xBC\xB5\xC5<\x9F\x8FCÃ\xFD~\xAD\x81, \xA8\xC8\xFB\x98\xD1m\x9C a
-\xE4B\xC12��iN\xC8s d\\xC3>�{�\x86\xFD\xB3"#\xF8\x881o\xB7) b�a at p\x99\xBE\xAC`�n\x82\xF4�\xC2\xC1=Q\xEF�o\x9Efw�$\x88`\xA8hv\xE6\xEF�\xDB\xF0\x9Ep\xED���HIi\x99\xE8\xD6x�\xDB� \x86\xB5>\xA2iX!a "e\xBBdm\x85��\x85"\xCA�\xAEWU[\xDE?]/\xDB�\xDEc��GJ\xF0\x98\xCA_~\x80A\xE1Cʶ\xB4\xF7�\xD187żE;\xC1K\xD8z\xC3\xE0ie?\xE8\x92�\xC03�\x8C�\xA5�\xD8\xC9\xE7`'\xBF�\xBB\x84\xAB7\x8C\x9D\x82p\x93b~ ;e\xAC\xEFJ\xA0\xBB\x9C\xBFJ\xEA\xC2[\xA3\xA2|\xE8 \xAD:��ގ\x8B\xE0Q\x8D\x98d�\xB0�v A\xA9��ĬC\xF8�\xE1{�\x84 s\xAF\xF4\xE5�#\xB0\xC1\xEE\xE6��\xFBW\x92\x9E��xpPB\x9F\xFB\xAF\x9A\xD5\xFF\x8C\xB8�\xFB\xADi\xFF\x9B�\x869b\xCC�\xFBŅ\xA5e1#\x84m\xC76� \xEB\xA5ð\x84\xF7\xFF�e\xBEl\xC9endstream
-endobj
-2052 0 obj <<
-/Type /Page
-/Contents 2053 0 R
-/Resources 2051 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2021 0 R
-/Annots [ 2055 0 R ]
->> endobj
-2055 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [333.4761 409.1267 413.3061 421.1864]
-/Subtype /Link
-/A << /S /GoTo /D (clients-per-query) >>
->> endobj
-2054 0 obj <<
-/D [2052 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-690 0 obj <<
-/D [2052 0 R /XYZ 85.0394 160.8154 null]
->> endobj
-2056 0 obj <<
-/D [2052 0 R /XYZ 85.0394 135.6948 null]
->> endobj
-2057 0 obj <<
-/D [2052 0 R /XYZ 85.0394 135.6948 null]
->> endobj
-2058 0 obj <<
-/D [2052 0 R /XYZ 85.0394 123.7396 null]
->> endobj
-2051 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2062 0 obj <<
-/Length 3122
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD\[s\xE2\xC6�~\xF7\xAF\xE0\xED\xC8u\xC2d\xEE\x97Gg\xD7\xCEq*kg\x81\x93J\x9D$�2\xC8keAr�\xD8\xF1\xBF?\xDD�
- �Ĥ\x8A\xDA*\xA3\xCBtO\xF77=}\x99�-\xEBQ\xF8\xC7zJ�\xED\xB8\xEB�'\x89\xA2L\xF5Ƴ�\xDA\xFB�﾿`U\x9B~ݨ�\xB6\xFAnt\xF1\xED\x8D0=G\x9C\xE6\xBA7z�xYB\xADe\xBD\xD1\xE4\xD7H�I.\x81�\x8D\xBE\xBB\xBD\xFB\xE8.\xFB\\xD1h8\xBA42\xBA\xC2?\xA3\xDB\xE1\xE8\xF6\xC3\xF0\xB2\xEF\x9C\xE5ч\xFF\\xFD4\xBA�\xF8V: \xF4O*\xF2�\xF7w7\xB7\xDF\xFFwP1\xB8\xBF\xF3\x8F�\xD77׃\xEB\xBB�ח\xBF\x8F~\xB8\xB8�\xAD��\x95dT\xA0\xF4^\xFC\xFA;\xEDM@\xD7�.(�Ϊ\xDE+\xDCPœ\xE3\xBDمT\x82()D\xFDdz1\xBC\xF8\xBCb�\xBC-I\xDB@\x93\x94�ƕ\xE8\xF5\x85%R)\xBB\xBB[\xDF�\x85n\xABKƈSj\xB3\xD7>\xA3\x8E0\xF8���*Q\xA9\xCCj 8��\x821E\xA45=\xA3�т\x8Br \xEE\xF2E\xFA\xF86H\xFE at t\x80\x80��\x80\x8BQ\xD2@/\xD8\xF26�\xE7\xB34\xFB\xE2Q̀\xEE7JyR\xF8\xFB\xF9%\xB3Q\xF2G2^$�\xB2\x894\x88D$s\xD8u#\xE0\xFB\x94�\xD2��\xE6�\xEAW
-N\x89\xA3\x94\x84:\xAA:p\x94\x86hc\xBCA�\xEF\xAF�\xD9
-\xE3O\xD0ț\xFB\xFD\x95\xBF\xF8s\x99\xCC\xD3�\xC8"\xC9�{ �$;g �'L(\xD1�\xA0P\xC4p\xE6B \xF5! \xEAw \xE8%\x93\xE7� \x87\x96\x96\xF2� \xB9 Fk[\xE2r\xF5\xCB\xCD`\x90\xFCy\x94 "M8�\xC8b\xFF��\xE4:g\xF8\xA8%\x9Cw\xCD_`c�\xD3k\xE8�cǣ׈u\xC6\xE0i\xA7 \xD7\xCE\xEEGO;G\xAC\xD2\xD2c\xF27l\xEF\xF6X\xF4B\xB9N��;)|V�\xC1dG�\xD6\xD6�G\x99X\x83\xEF�\xE3;�\xBE@\xAEs\xB6>ÉP\xAEc\xEEj\xA3\x88\x93\xDA\xC7\xDE_�\xE7\xC3\xE5x\x9C�E'~\xFF˳ģ\xB6\x98\xC7Y\xF1\x98̷0\xAC\xC3�rL&{�
-D=gD5%\x92ʎ`\xAC\xB5 \xCEQW#z�\xA7\xD3�\xC2\xF9�\xEC\xF6b��y*,\x9B4\xBC+\xAFG�C\xCDF^\xFF\xF7\xA8jA\x98vD@\x84\xEE\xF5\xB9\x83fV\x87\xF5\xC0V]\xC0
-\x94�Vp�.A wfG诋�\xE5�a\xC65\xD5�#\xE2��\x9DB\xC1\x93�\xF9\xF4\xA5�\x8A\xE1"^\xA4\xC5"�W�\xF1!_f\x8Bd^l\x8E\x84f\xC4�\xA1{\xCA at V+\xCCA\xB0I)\x88\xD4\xFC8\xD4Z\x89j)\xE8 g@\xAD�T\x8B\x8Ah˛ \\x80\xA8\xB6P\xFD\x81�*�/\xAEm\x95\x8D\xBE\xCD�\xF2\xE9e_K\xC7\xCBJ\xD3VhV\xCF�\x97<\xFA\x98�\xE3y\xFA\xBCH\xF3l\xAB\xB6\xA40O\x9C\xC1"\xB3\xE9\xFB}\xEA nT�u \xD5 �\x95\xAB\xE1\xBBln\x85�LV\xC1\x84O7?C\xCE\xFD\x86\xB1\)\xAD\xA3\xE1\xCD\xEB\xE4s\x8B\xBB`\xD6�E\x9D܊\xFE\xDD){�a!
\xDCi!<\xA9\x91I\xB8\xEADP*\x88�V��\xEA\xA3�\xD4\xC7#\xD8\xC8v\xC6 \x82\x9B\xB4L\xDB���x�*|\xDA \x9E\xEE9ϊ�\x8DJRm\xA2\xC1\xE0��\xF4QʳX[\xC6�'\xE9KK\xB0j\xF0�D=\xE3I\xCD�\xB1\x9A\x99�@9#�"\xCF:\xA0\xFA8@\xF5{�
-D=c�\xA5\x90tR\xAD: \x85\xC4K:\xE1#\xF3\xDD/�\xEF?]\xDD\xDEA\xC4�RE�\xB8\xEF�\xB4!:�\xC1@\xB6\xF3E�p\x81�L\xECGPBn\xA3\x84\xA9"\xF1\xF5 \xD7s\xBE\xB9T*\xBA\xBA\xFD��SY�
-v\xE4\xA7�P"5\xD0�5\xAE,#\xF5á†Âž\xEF,\x97��\x80\xF6�\x90ZE\x94\xE5>t\xDF\xDC�>]\xC3\xCC\xEE\xCB\xD2&o\xAE\xE7\xF3n$WDG �\x88v\xC66i(\xA1\x92u\xE0g�\xD1\xDC\xF8\xC0}\xBFxJ\xE6 Z>Gcd,��\x84`I\xE6\xF1K\xE6%\x82\xF9\xFC(/�Hz\xC6p*\xDC\xE6Q�a�Jw�\xE5\xB3�\xE3\xD7�\xEF\x86\xF4\xB0\xF9\x8CM\xA3\x8AR\xF8Ú<\xE8\xAD)2\x97U�\xDA�c \xE1\xA9pTP♣X\xD6�\xBBp�BH\xB6;P\x94\xC0\x84Ab\x87\xD0|J\x8BY\xBC�?\x81M:�\x91\xFB\xE3\xF2\xF9\x80\xE0\xDDPqö�\xB8\xD94\xCD>T\xB4\xD1\xE8)\xF1\xEF`0<\xDD\xED\xC7o\xB6�\xFC\xAB\xAC1\x9B\x92\xCEG\xC4"\xF7#4F�\x82E\xF1dR��\xC8C\xA8(\xCE&\xDF^\xB2�g�6X<U-7x\x97\xCF6\xB9=\xE7ó…¿š\xE4\xC9F\xFF�\xA6,\xC7�\x90p\xD7j\xC3\xE5\xEBS\=|\x8D�\x91\xFC\xF5\\xEDe\xF5!a\x8F\xD0\xE6\xBC\xDA\xF0\xAE\xEA�y,\x8B\xEA\xEA\xA1|g"%\xFC}>o\xEB\xBC\xE4\xEEh4Ip\xEF,K&xË¢\x877\xFF�U\xF5#�\x8E\xB6q\x84ᾩ�\xB0\xB2\xF3\xEDa\x85,\xCE0(3}\xA3\xBC,J\x89\x9F$�\xD0�=\xA5\x85\xEFk�W\x9D\x95�\xC3o\x9C\xF9�i6I\xC7q\xBF���� \x9D\xA0r}\xEC\xCAJ\xB7\x9Ci\xF9\xA3\xFF\x8D\xFD\xCF8�?U�A\xCFyZ\xE4\xD9j\x9F0^,\x92\xD9\xF3\x9EÚ¤\xB1\xF3\xF7M\x9CÒ§ \xAB\xA1l\x93�>M\xC0\xCCr\x92y\x9F6\xBAd��\xE6\xCBl�\x83�u\xCF\xC3ѥùf\xA3\x9A\xE2} u(\xF1\xF9\xC6
-a$�;Ý\xAB1\xC4Y\xEDgÐ\xF1��\xCDP\x8C\xBA\xE5u'\xB2\x9E�\xA1\x9B$\xD3\xE4K\x8CF|�\x96^\xCA3/N\x84\xE6P\xC7ÉŽ\xE2DhM\xA8`\xAC\xAA\xF6��9K0\x87�.�X~\xF8\xDC�[�Þ¢Y\x83xN\xE6\x8F\xF9|\xB6�\xCA@\xC83\x86RQ"\xAD\xEB\xA8R`z�j\x94kp\xB9zh\xF7\xCD-�\xAE@\x8B\x91\xA6\x9E\xEE\x93e\xBD\x9A\x9E×¹M\xBE\xA8]l\x9E-|\xD28݃o \xF9\xA9\xF0�
-JsuÌ\xD5�;\xF1e�\x92i\xD1\xE5N%'\x8CS\xD3\xE0;\xCC\xC7_�K�o\x82D�\xE0\xA3�\xDD\xFCo\xFE\x9CT\xC1\x896\xA9#\xC5Db\xFC5Y@\xD6�\xB1PF\xF7\xE5\xB6�<�\xE7\xB3Y^\x91z~q\xE1W{7\xF3\x9AG\xCCW\x98�\xB8q\xF4\x84W|-�\xF5\xEF\xD2¿\x89\xFDm\xD0\xC0?Ç°\x8A/VR�\x8D\xB3\xE4\xD5\xDF{Q\xFDC\xB4\x98\x96<\xA3\xB6\x9F\xCAv\xA6\xE9,]\xC4A\xF4\xAE~1 \x99\xAE\x9C\xA3_̆\x9Ad\x8F}�#\xF7>c\xF8G\xE7/\xE5Dk\xDB�V\xA8&\xBC�\xAC\xB4\xAF�.�\xA4\xB3$_.\x8E\xF2\x84�O\xB3�\xB7@\xA2\xF3]J\x80l�\x92H\xD1�B`~�A\xA9\xB7\xFA\xEF\xA7\xCB\xE4&\x81D�\xD7T\x85�2��ߊ\xA3v�\xCA��m\xB5)�\xAAj�\xF9\xD6~2\xCD^\xF2\xAF\xFBBK(\xFC\xF9\x86�\xDC\xE6\x83\xE4\xB5#\xB4pˉ\x80\xE2n�b}4\xC4\xFA\xB4��Ÿ1Ä\xE2X\xDAU:C\xF9J a7\x9BV|X|9\xD4z\xF7\xEE}7\xB8��\x9F\xB1w\x80|\xC7v\xD5@\Y"\x85Ô›\x96{0\xAC\xFA\x84\xB06�\x9F\xB1\xB5B\x96c�\xEF\x82Uj"\x8D\xF3\xA5\xE5\xCFei�O\xAF|i\xDD
-\xEBǻ\xE1\xF0\xFA\x83�\xED%\x9E\xA6\x93 �\xA8\xEA\xF3\xBD8�"\x9E1\x90\x82�'LG\xD0\xE7B��
-\xAD�y\xFF\xF5}�\xEE>*\xD4`�Hw*�\xB9 n\xEF\xB9\xF5-\x965\xC5N�\xA9!\x94\x9B\xAE\xE8\xC49Q\xBA:zRcx\x97|9�F#\xDD�\x8C\xA6\xCAJ\xF1yV�\xE9/\x89\x9AfXT�\xCD \xED~[\xCE\xDB9�\x81r\xEF\xC3\xEB\x9F4c\xE6�T\x95\xBC#z1g\x89VÖ¬
-\xC1a>v\x9F!wy\xD4P\xB8\x93y���\xE5\x8E۸\xACIv\x81h
-xK\xD5\xE1
-\x98\xD5\xC4P�\xA1\xCC\xE6\xE7o\xE5F\xE1h\x94e�\x94\x97\xAB\xF3mٸ\M�\xD1"~(+),\xDE2_D\xFAj}\x99M\xAA�P]UWP/�\xFE�ו�\x97\xC2@Ǹ XT\xDB�\xC8\xE5\xD1s\xA9\x8Ey\x90\xB6\x9A\xF3:\x86X\xB8\xBD`\xCC%�\xB0\xAAׂ\xDB�R\x90`j]5)\x9E\x93\xF1\xEAk��R\x97k\xEE\x829\xA8\xE7\xCD�\xE4\xA4,I\xF1\xFD\xE3� h~\xF8Q�S\xD1m\xE6骕l\xDCƀ\xD4ƺ\xF5\xA9ZxJ\xECC�\xD4t[�\xFCP\x841\xB5\xA6Ch\x93\x82CD\xA4Жi�\xC6)\xF8!\xE7\xD58q\xD6\xDA\xF6\x93g\xFD�\xC7~\xC8r\xDB~�w\xC0\x9Aɦg\x94\x90\xB5\x80,\xA1;V�\xC37-Jj¬\x94\xBBuT\x82 at o\xFC\x84:\xD6�\xBBt�\xF8a\x9C\xD7U\xE4\xDD*B}�\xA6 at H\x9B\xB2�,AR\xBB[[\xDCng\x9C\x9DPۚc\x97\xB6N\xE3f\x87[Ww֢\xAE\xC5#\xEFf]]?W\xA4Fo\xBA\xDCg\xD2�O.�\xBE�\x80r\xBB\hw: V�; \x90�Ƒ+\xB3�@\xDA� \xB8LCk\xB7\x91\xFA
-\xB6>&U�ϗ\xAD\xAFAy�£l9{\xC0\x8Do�n�\xBD�>[�^Ûק\xBCH\xFC\xFB\xD0�\xFA\x97q\xBD>\x867�\xC9\xE25I\xB26\x9FW�c\xDE
-\xAE"\xD6X\x98K\x8A�\xBBo�\xEB`l+\x86\xFD\x80c�\xB4`3`2u#\x94�\x9D~گ\xB1c\x84Cj\xBF\xEE\xD8Y��Z\xDC6\x85\xC0\xC7k\xFCK>\xD9x\xBA, [\xAA"\x87\xC0
-\xBDI\x9B\xF5�\xA2%e\xBB\xA7\x9F\xB4~i\x8F \x90\xD8r\xF7\xFE\xE9Ws\xEC\x87,ۜ
-#\x9A\xA1+\xAF\x9B\xED\xB2>�\xED��\xB4O\xFE\xDA\xD2~\x96N\xA7i\x91\x8C!\\xE1j\xAE\xA02\xBA\xF1[ɴ\x89J\xCE�M\xA5وJ\xF1W43\xEDw7\xF1�\x98\xBC$YZ\x85*x\xF0Z\xFD\xD6\xFB\xB7mnN€j\xA3w["\xF4 \xB9�
-�\xC7qc\xDEo\x8A5\xC7~Ȳ\xC5�q\xF5V\x82h\xABf(!m\xF5s\xAAQ��\x93Q\xE9\x87JyJ\xF0\4\xF5\xC7 \xF0\xC14.�ն\xB1V\x98\x99\xB1u`\x93\xAC\xDCg�VD\xC5S\xBE\x9CN\xF0Zz~\xF0\xCCO\xF0\xE7*π\xC6I\xD5 .Z\xF1\x95\x8471\xA7
-_\x89GK�\xA4\x9E\xE0\xD5�W'\xC0\xB7\xE2\xD8�Y\xB6\xE1�sL\x83h\xABfe�\xF9w\xDBD\x96PR\xCB&\x90 )\xB8\xC1�\x976�\x92Y�g\x95seF\xA2�\xE7�;\xF1~\xBBݮ\x9C+x\xEFjSކ'\x83M\xED\\xF1\xF9\xBAsŗ+犯!)\x8B\xA7\xFE\xB9\xDF?\xB0\xFE��\xFE\xE2\xE7�\xDBc\xB1y\xB4bk,\xCAU6ǀ\x86A\xBA\xCF\xDF�\xD1V�\xFB�\xC7푀2\x8F\x80\xE3\xA9\xDB\xEC
-\xE7 <D\xEBڔ\xD6=Ǯ�(\xA8-\xDEY\xAE45\xD0\xE1�\xAA\x9C\xFE\x8B\x8B>\x94t\x90\x96\xE0qap�\xFEt\xD9\xE6\xD7)\xB4\xD7Y\xE8�\xFA\x8D|\xF3\xBF�H�Cd\x83�\;΂\xDFwa\xA4��օ?\x9C�\xB3jkT r\x9C�U\xB3@\xF6\xFF�\xCB\xEBgfendstream
-endobj
-2061 0 obj <<
-/Type /Page
-/Contents 2062 0 R
-/Resources 2060 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2067 0 R
->> endobj
-2063 0 obj <<
-/D [2061 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-694 0 obj <<
-/D [2061 0 R /XYZ 56.6929 615.1118 null]
->> endobj
-2064 0 obj <<
-/D [2061 0 R /XYZ 56.6929 589.9912 null]
->> endobj
-2065 0 obj <<
-/D [2061 0 R /XYZ 56.6929 589.9912 null]
->> endobj
-2066 0 obj <<
-/D [2061 0 R /XYZ 56.6929 578.036 null]
->> endobj
-2060 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2070 0 obj <<
-/Length 2407
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZmo\xDB8�\xFE\x9E_\xE1\x8F�P\xB3|\xC1��h\xDDd\xD7�l\x92&.p\x87\xDD\xFD\xA0\xC8J#\x9Ccy-;\xD9\xFE\xFB�\xBEH\xA2l\xD9JZ'{��\x8B\xD4p\x86\x9Cyf8\xE4\x88�0\xFC\x91\x81��3\xC3�\xCAp$0�\x83\xF4\xE1��\xBE»\x9FNH\xA0�UD\xA3\x98\xEA\xE3\xF4\xE4\xFD9S�\x83\x8C\xA4r0\xBD\x8Bxi\x84\xB5&\x83\xE9\xEC\xB7\xE1\xF8\xE7�Wӳ\xEB\xD3��x(\xD1\xE9HH<\xFC8\xB9\xF8\xE4{\x8C\xFF�_^\x9CO~\xFAr\xFD\xE1T\xF1\xE1tryữ\xCF\xCEϮ\xCF.\xC6g\xA7#c4\x85\xF1<\xE2�\xC6\xDEL\xED\xA00\xF2f:�ߜ\xFE1\xFD\xE5\xE4lZ/ ^$\xC1\xCC\xCE\xFEϓ\xDF\xFE\xC0\x83�\xAC\xF5\x97�\x8C\x98\xD1b\xF0�
-\x8C\x881t\xF0p\xC2�C\x823V\xF5\xCCOnN>\xD7�\xA3\xB7nh\x97\xD2(#H 6�1\x8E\xB4���\xD1�1\xC3�ij�\xA8X�$�e\xB5\x8A)\xE9R1\x95H�N\x9D\x8A\xADV�\xE2\xA7#\x821\xA8\xA3H\xFF\x9B\xAD\xBDj&\xEF/\x83\x8E\xD6\xC9:/\xD7yZ�}�\x9B\xC5:[\x95VS \x82F"0L\x9D#\xC3 w\xCC+v\xC4�v\xF6\xA1\x8C\xD8\xD9vZ\xB1s\xADduJ\xF40\xF3\x8DY\xF6;\xC6t\x91\xCD|s\x99\xAD�\x8B\x88\xEF\xFA\xDB2+\xDF\xC1\xCC0�>\xDD\xE7\xE9}\x9B\x8F\x9Fc\xAC�
-�\x93JZ\xF5\xD99~\xF9t\xC5;VB
-„TD\xBFc\x81\x81\xF0\xFD\xE4\xEA\x91\xC33y\xD7\xC1W [fD\xC3V\xBE\x84\xAD\xDC\xC7vĉ@\x8C)=��\x82\x8C�\xDEn\xD3q\xF7\xB4�RL\xA9\x88?��\x9E\xB6B�x⊫| W\xF9,\xAE_�\xF9_]\�)RǪ\xB0t#\xAA\xF9\xF0S\xF1\x90\xE4�\xCF|D
-�&\x8BY\x87��^\xA2e\xE0p\xFE\xE9)Y\x83\xF9w�q\x86\x94R<\x92\xE4�Tza\xC52s�sϛu\x99\xCF2\xDFX\xDF;\xFC\x80\x871��\x83k�\xF8\xE8T\xD6\xCE"\x86�\xC5l3\xCF\xEC\x84!\xC60*\x87\x93\x85}!��GqW\xCC\xE7\xC5S\xBE\xF8�\xFA\x93\xDBy@'\x89\x97D�\x84��\x93a\xB2\xFF\xECX5�\x83\xEBJo\xD3\xFF\\x9Du\xB0\xA1�q\xC9Y \xFAW\x87R�F\xA0\xD8J\x8E\xF7\x96\xA5\xFF)\xB3\x85\xD3
-\xCC:ñ³—j�.,\xF2\xA2X\xFB\xF7\xC9|\xEE_6\xCE\xECFW\xCE\xECh�\x93|^\xAD�\xE2�aH�\xC9Ú°\xBE+V>\xC8�\x8E8��|\xFD�\xFE9\xFB+Í–\xEB\xBCX\x84\xA8�\xC9\xC2\xC3E\xB1v�\x85\xC7|�\xC6Þ‡w\xB3\xACLW\xB9�\xEA;l\x8C\xC9\xE63\xB4�\xF9 S\x88�\xC0\x8D�`~\xCE\xE9sb?\xE3�)\xAC\xB6b\xFF\xF7\x8D\xAA&\x82��í�\x87\x81Wx\xACF\xB4Y\x8D\xEAE\x8D$\xD3Hh\xD3l\xC7&F�\xF8\x8CfL�$\xA7\x88(!}<\xFF\xF6p[\x80]$7t\xF8)\xD2\xE3\x96\xE68l5JJ:\x88d\xFCØ´\xAD\x82�\xE4�vkD\xE6\xE0>\xBCò�\xB1_�\x84ÃŽ\xA0U\xAD\x8A\xB6GÖª\x80(@)\xE6\x87�S}\x8Fc\xEEu\xEFK\x88M�\xCE�)\x842\xD4�\xA2\x9B&\x9A\x91(\x9A\x81\xEFl\xD24+Ë»\xCD|\xFE\xED�\xB6\x9D!\xF8-\xC7l8\xBD\xCFKO�\xFC\xD5�\xCD�\x8B\x85skxH\x96\xCBy>r\xFE\x8AÛ±/u\x8E\xEC�\xABh�\xACc#\xA0HHJ\x9E�\xA39\x93ÕŠ|\x8CÙ‹\xAA\xC8^?\x86\x81W\x85\x950�\xE6\xABy�\xAC }c�\x93\xB7\x86\xD59\x84\xE3^hY\xA2M\xD8� \xE6c3,\xEE\xE0\x97`\x873\xB7\x9B\xD9ΰ\x9FZxi�\xE0e\x89jxY\xA2<pp\xF0\xB2o\xBB\xE0E\xFF~x\xC5v;�\xBC^!~�\xA5\x91&\x8C\xF6\xC0Kh
-B\x8C~Kx\x8D\xE7E\x99\xBD l\x81yS;dv\xC0(\xD1j\x8F\xB5\x95\xBC\x86Q$\x9Cń\xEE\xB3 $y\x9Cs\xF9\x966\xF9\x98/f\xDF\xE1\xF2\xD66\xD6\xE5\xED\xEF-\xB0� ,n\~\xAF\xC5�U\xFC?�L\xC0)�\xD3^\x8B\xC1\xE9\x8Ek\xF3\xA6{\xFF\xB8X,~\xD0b)\xB0\xC8\xD2\xF5�\x8C�\xA9\xE3\xB8V#G\xB5�d\xA5\x86\xAB\xBE\x8CMp\x89��\x8D\xBF\xB1\xD5z-6�v\xA9O/Yi�\x84yy_�[:R\xB7\xBD6\x8B\x94q,\x9B1\x81\xB4�\xE2�,\xAB�\xFBm\x86�š\xF6\xEEW\x8C#\xA1̛\xA6C�R{\x96\xFC�_\x83\xC9:_�\x8C
-�\xC7Ĺ\x9A\xED\xCE�i\xF1P\xB7\xD2\xDA\xE0\xBE\xED9\xFC\xB9�\xBB{o\xDC΀B\x8AN\xB8ˡN\xC9\xD0g\xE9Ю\xFA}\x96N\x98O\xA3\xAA\x8C ^\xB8\x8C \xFA\xBB3&"$2F\xF2枪\xFBj\x86\xC2\xD9-\xD0t_\xBE�
-|x\xEA5\xA2�\xCEM\x82\xB3\xF6 Â\xE5�\x80:BË!\xF0UA\xCD�A\x94Ⱦ@\xC4
-\x9C\xEF \x93o�\xEA^@Oj\x9CJ\xA6"\x9C\x96\xB6C\xD7q��\xE8B\x91\xEB\xF4P\xB7\xE9ڈpE=X\xBB\xD2\xF8*\xFD\xE7ʧ\xFF\xF6\xD7\xE1\xD6>ĸ\xB5m\x8B[\xF7\xBB�\xB7�)\xAC\xCDa\xDC�\xB6\xB1\x94�qK \x825\xE8W\xC2m�\x88c\xE1֟.\xF81Ϧ\x9C+`.Y�n%E\x9A\xEB7
-\xC67\xD9bv\xB6Z\xF5�\xD7\xD2@�-\xECe#S\xCC]\xF41\xC5\xEB�C\xDBW�/\xFF�\xC7\xD5U\xE2p
-\xA0\x95�W\x87Tx\xD5�R\x95\x8D\xB6\x9Em\xD6y.-\x97\xC5bV\xD6�\xD3Ý•pX+5\xD5\xC5\xF7M\xF7:(E\x9C\x88Jk\xCD�\x8CO\xDC:\x98\x82\xAD$\xA9�y[\xFF\xEA\xAC,H\\x9BB�@hd\xFAc�o_#\xB2\x82\xDE9\xC7}\x899g\xB0
-\xD9\xDA\xC4�"\xF4:K�_\x8AP\x8A=Bm\x99\xAA\xBEÒ†>�\xB64\xCB�3\xFF\xB2�Tjx\x95 \xB8\xF1\xE9|3\xCBB+k\xB8w\\xD0\xF9�\x80
-�`\xEF\xDF�\xC6\xFE\x8D\xBF\xFEV\xFE\x8A\xBF\x8E\xFCY\xA0\xB6\xF1\xD53\xA8\xEFß•
-ݹ\xBB-\x9Fu9\xC7\xED\xB7p��\xEE\xD5'\xE3_\xAFBv[M\xD57�`CI\xBE�\xB8\x81\x89m\xAC \xDAT[\xFF\x8E+|"
-b\x8A\xC2^B!\xAFQ\xED\xB2ïŠ.\xD3\xE0z6�;X\xD1e�C\x98�*\xAA\xE8\x8AP\xD1���K\xB0\xFAm>\xCF\xD7\xC1>O\xF9:\xECw2\xAE\xC0�\x98\x99E\xCFN\x94iy\x8AF\x82\xD0j\x83Õ½�\xE1\x91M7!\xD8\xC8va\xF8×¢\xB4�\x9A\xD2V5\x98Q��\x90\xEC\xDB\xF5}�èž²\xAA\xBEc\xA9\x9AZ\x92{\x99/\xBA\xA6\x8AmØ”\xE2p\xD8d`KJ\x9B\xF5XvIKÔ¼,\xC2T7\xCBe\xB1r�\xB2W(�\xCBq\xCE\xE8�\x84\x9A 4(\xA0\xBC/\x9E�\xB5\x84\xA0\x85\xAA�\xA98DG\xB6U
-Nn\x8B\xC7\xEA\xB2\xD4\xEA\xC4��{\xBD\xFAs�\x97\xC4v\xEAcU\xDD\xEC\xB6؄\xF2Z�\x82V\xD5\xC5AS\xC7\xC3\xC1�\xAExV\xD4�\xC2\xF0\xE52KV;\xA5\xB6rkB\xDB�U`\x84�\xA4�Ts@�\xA1\xDD_\x8E�\xA2QL\xB5\xDF j*�\xA2ϟf\xD7\xEFn\xEC\xFF\x9D\xB2\x9E\x80��pqPxM\xD5!\xBDUF\x950K\xAAt[\xFC\xD4k\x80q���Z
-\xB4\xB8��\xE1\xD0�#�\x9A\xB7Y\x9Al\xCA\xCE$ظ\xFBn\xD9�/ \x8A\xE0�<gE�\xA6�\xA4\x8Aa2+\x96a�\xAE8�^\xBA3\xAA}\xAEr\x91\xAD\xC2 �\xBD\xF0ʫO\x94`\xBF\x863\xA3\xC0\xA6\x8Dͧd\xE5\xAE�;&)\x81\x9CU�sRv\xAD�2u#É‹\xF2\x9E \xD3|\xB6�s\x9CB\x86\xAEI�\xE6"\xAA�\x98\xAB\xA8�\xE6>\xFC\xFB|�m��\xBF\xC4\xFC\xB0Øš\xAACn�m�D�'\xAA-8d��\xB7sɪ3q'\xB8\xBC\xAE\xA8\xECTÄ›#\xA0m}\xDEd\xAB\xBC\x8A�\xA5?�\xEEW&\xA1\x881\xDC\xE7\xC0�\xD5�eVTN\x99\x93\xCF;\xAA\xC4�\xFD\xEC\xE9\xEE\xA0К\xAACj\xFB\xFB�P\xB9V\xA6-\x{1B8ABC}�7<\xCF\xD3%\xD1p.\xE0\xFE\xEB\xAD\xFD\xBA\x8C\xA9\xF6벦r\xBA\xBC\\xAE\xCB]`�\x94\x84\xBD�<$\xB6\xA6\xEA\x90\xDBÒ¦�0\xA8\xBD-\xB8G\x9B\xF5&�\xC5?Wg\xD8�\xFF \x8D�-\xA8\x97\x84�S\xED\ٶش\xB5'F�\xE1$\xE4\xADE\xFC\x81ÉŽ\xADm&\xBC*Ã\xE5<Iw3\xDA&AC\xF6\x8B\xBF�
-\xE3AoQ\xE3\xB9��6\x9FZ\xDA�\x9E\xD6{\x80\xCF\xC0A�3\xA4\x9A\x94\xD5�!b{\xEA\xC2}\xBAAU\xC7\xDC\xFF�\xA5\xC9͋endstream
-endobj
-2069 0 obj <<
-/Type /Page
-/Contents 2070 0 R
-/Resources 2068 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2067 0 R
->> endobj
-2071 0 obj <<
-/D [2069 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-698 0 obj <<
-/D [2069 0 R /XYZ 85.0394 744.4469 null]
->> endobj
-2072 0 obj <<
-/D [2069 0 R /XYZ 85.0394 719.3263 null]
->> endobj
-2073 0 obj <<
-/D [2069 0 R /XYZ 85.0394 662.8979 null]
->> endobj
-2074 0 obj <<
-/D [2069 0 R /XYZ 85.0394 650.9427 null]
->> endobj
-702 0 obj <<
-/D [2069 0 R /XYZ 85.0394 368.7785 null]
->> endobj
-2078 0 obj <<
-/D [2069 0 R /XYZ 85.0394 341.1871 null]
->> endobj
-2068 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F11 1451 0 R /F39 1161 0 R /F67 2077 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2081 0 obj <<
-/Length 69
-/Filter /FlateDecode
->>
-stream
-x\xDA3T0 BC�S3=3K#K�sK�=S�CS\x85\xE4\.�\x85t\xA0\x9C;\x97!T\x8D\x89\xA9\xB1\x9E\xA9\x89\xB11\x90\x83EV�.\xADknj\xA9g`fA\x82! \xC2V�\x8Cendstream
-endobj
-2080 0 obj <<
-/Type /Page
-/Contents 2081 0 R
-/Resources 2079 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2067 0 R
->> endobj
-2082 0 obj <<
-/D [2080 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2079 0 obj <<
-/ProcSet [ /PDF ]
->> endobj
-2085 0 obj <<
-/Length 1242
-/Filter /FlateDecode
->>
-stream
-xÚ•W\xDDo\xDB6�\xCF_a\xE4\xC9�*Z\xA4\xA8\xAF\xE5\xA9M\xD7-C1�k\xF6\xB4î‘iK\x88,j�\x95\xD4�\xFA\xBF\x8F\xC7#e)V\xB3�\x86\xC1\xD3\xE9\xF8\xBB\xEF#EW\xA1\xF9\xD1U�\x930\xCA\xF9*\xCD9\x89C�\xAF\x8A\xC3E\xB8Ú›w?]P'\xC3\xE3\x88\xC4<\x8A\xCC\xC3\xC2\xDB \x8E2�g,]�S\x90ww�\x9B�\x8C\xAEXH\x92\x84Å«\xBBݨ+I�\xC2(g\xAB\xBB\xED\x9F\xEB\x9BR\xB4ZvW�\x8B\xC3uz\xF5\xD7\xDD/\xB8\x8D\x934K)l�\x8D
-\xA3\x81�\\xD8\xF0\xEE\xF6\xD7\xF7(\x9D\xE3\xF2I�CW\xE9#>ݨ\xA6\xAF\xB6\xB2�\xBA2ԈG9\x89x\xC2�^\x92�\x9E\xD1\xC4⥄^�4�\xC3\xF5ۢ\x90}?\xC2\xE8N\xD5\xF8\xF0\xB1굇b\xAB\x9C\xE4 K�RĈq\xC7�\xF9\xEDQ\x94\xE0\xF6+\x9A\xAD����a\xC8x\xFD9\x8C÷7�{\xB3R|)\xAC\xA8t�\xDB->z\xAC\x83\xD0E\x89d}Bѥ\xD0\xC8<\xAA�\x89B4H\xF4ҽ�Z��\xCD��MU<4\xE2\xE0T\xEDT\xE7\x88A�S�\x86^\x82\xBB\xE0 \xA5$\x8Fc\xCCUՌ\xF1<�\xC1�\x84�eF�DD]\xAB\xA7\xA0Q\xBA\xDA��"�\x9B\xC0\xF34u\xC2o�\xE08\xC9\xE2d�\xF6\xF7 \xBBE\xACؤ\x94\xBD�*P\xCD�Z��\x96\xC5\xF9\xC0\x8D�\x88\xD7A\xE9\xF5\xD52 %�\xD4\xD8k\xEC�\xF1\x96m\xCC��\xB1\x98\xFFO\xC8\xFBZ��\xA5\xAA\xE5��7\x82\x8C\xBE.�\xB6"��\x9D\x99\x9A^\x9CU\x86\xEED\xD3\xEFL�\x9F\xAB\x8Ab\xC2irRe;J\xEA\x82 \x9E�\xC0\xA0\x88#n\xA5\xFE\xE8\xABfo$�Ӕ\xA6S\x90\xB2V8\xDA\xD6<�Z\xE1Z\x8AG\x89\xD4\xE70d\x8D�( ]�&\x8Et}jE\xE0\xA9G|�\xAE\x9FJ\xB7\xDBv\x8E\xD5\xE1G \xEApr\xD81@\xF5\xB2\x83\xDD)\xB7\x8E$\xD1\xFA\xA9ҥ�\xB4\x83\xA9�mf�ؾ\xD0=Ќ\xE0\xBB\xC35\x94\xB1�\xAC\xDD\xE3�\x90\xB5t\xF3�p\x91*\x87\xBDD\xCAu?\x90j\x87\xEB\xEDo\xB8N\x86\x86\xEC\x89׎!űy�#!\x8E\xD6U\x8F\xAB\xC0TE\xF9$U,'l\xCC\xD4^\xA9\xAD۲\x95b\xA9\x86(\xC9\xF2\x94:qH��\xC3\xE8\xB0�$\xCE�)Js7~b>
-�\xB3\xF1�\xD6\xF8\xD9ih�\xE2.N\xC09E\x9D\� \xCD\xCD4=TÚ–��\x9Eo\x8E\xCE7[\xFA\xFE\x88Egz\x93&\x9C\xFA\xFCP\xEB\x81I#\x9C��\xD0Vt\xBA\xF2\xC9\xC0\xF2\x80\\xC8\xDA%\xB1\xC5p?\xCAF#\xA3o\x95\xB2\xA5\xE7\xB2i}�b+\x9BJ\xD4\xF3\xB4\x81MU!}\xDE\xE3\xF0\xBD\xFA\x84Çݪ\xB5\xE9\\xA7[\xECE\xD5\xF4\xFAy\xE9LC\xB2\x90ퟥ�\xE7 \y,\xE7\x86\xFC"�m-\xE76\x95\xEA \xDBR\xA3\x8B\xAA\x95]\xED\xCEVѶ\x9E\x84\xEC\xFE\x80E\xC1\xE9\xF9\x91�fx&n6&a!\x9C\xD1� h�X\xC1�X
-��\xD0c[$/\xEF\xD5~\xE8�\xA9\xFBKd\xE0Y�\xD4SU\xD7H\xDDתxXj3\xAF\xF2\xF7�74\xA7�>\xF4\xAD\x80p\xA3f\xA7\xA6W�\xC7\xEA\xA4
-\xE7v"\xFB\xC6\xE9++8{\x81\xAC\xFA\x97\xB4�\xEApP
-D\xC7z\xD9{\xB0\xAA\xF1\xA0J\xEDl\xC5Z�0\xC3d\x8E\x88e(
-ï¡�>\xFEc\x85yj�w\x98Î�\x89\xFDm\xB2ks\x93aF\x96\xE6\xCC0\xCC\xC3\xF85ngfn\xA3Tt\xBD\xE4�\x9D\x82\xC0�\x9A2\xD3$\x96E\x99\xE7\xE5\xC0Ë\x99\\xBB�an�z\xF1mT\xC2"\x92Ó\xBF\xB2�
-3\xED}�M\xD1���\xE2�+\xDBz̦.\xABޗ\x86.=O.�\xD6+\xEF\xA4p�\x86\xE9iko8\xDC\xCB\xEEy:\xD8<�\xDE
-\x9F
-\xBB|!\xF6w
-\xF3È \x8E\xF1m1Úª\xC5\xEB\xE9$\xB3\xFE\xF5\xCCfB�\x8D\xFA�{z_\x9AZ\xE9M\xFF\x8EIt\xF1F\xF3
-\x80�\x8D:]C\xA6\x88cq\xBFh\x93\x87�\x9E�\x87-\xD6Xd\xB9_U\xE3T]\xBA9GLs^\xBE�jw\x859\xB6n\xDFA\xF4\xE6�_\xF4qWy?.�\x9B)\xFC�!=χh\x8Es\xB7_\xF2\xEF\xE2ǻ\xF1[\xCBA\xC1\xA5\xC9|\x8F-}\x8Dy\x91\xE0$\x83\x9Fb\xB3;Yh>\x87\xA2\x9Cz ; h\xFA\\xDD\xF8ew\xAE\xEF_\xD1�\x9FAendstream
-endobj
-2084 0 obj <<
-/Type /Page
-/Contents 2085 0 R
-/Resources 2083 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2067 0 R
->> endobj
-2086 0 obj <<
-/D [2084 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-706 0 obj <<
-/D [2084 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-2087 0 obj <<
-/D [2084 0 R /XYZ 85.0394 571.259 null]
->> endobj
-710 0 obj <<
-/D [2084 0 R /XYZ 85.0394 571.259 null]
->> endobj
-2088 0 obj <<
-/D [2084 0 R /XYZ 85.0394 538.9404 null]
->> endobj
-2083 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2091 0 obj <<
-/Length 3286
-/Filter /FlateDecode
->>
-stream
-xڥZ\xDDs\xDB6�\xF7_\xA1\xB7\xA3f,\x9A\xF8 ޛ\xDB8\xAD\xFB\x90\xE4�y\xEE:m�(\x8A\x96x\xA1H\x85\xA4\xEC\xAA\xFD\xEDb��%\xD3\xE7\xCCt:\xA9\xC0\xE5r�,\xF6\xE3\xB7�\x8BY�\xFF\x89Y\x9C\x84I&\xB3Y\x9A\xE90\x8ED<+vW\xD1l�\xEF~\xBA�̳pL\x8B1\xD7�˫\x9B\xF7*\x9Dea\x96\xC8d\xB6|�\xC92ad\x8C\x98-׿�i(\xC3\xF9�\xCB_n\xDE'وWFa,�\x88G\x9E�\xFE\xFC\xF1㒸\xCE$j�ja$\xB3\xDD~x7%) \xA5�\x9Ay\xBE\xDC-�\xEE\xDFM\x88���\xA5U⧼\xFD\xB4\xBC\xFB<_\xC88\x825\xCEa\x8FQ\xF0\xC3=\xCC`)�\xFD|\xB9\xFB\xF1\xE1\xF3\xFD\xF2Wz\xFA\xF1\xE3\x87/\xF7\xEF\xEE>\xDF\xCES�,\xEF\xE1 繺[zM\x8D\xB5)"\x85j\xFAv\xF5\xDB�\xD1l
-J\xFD\xE5*
-Uf\xE2\xD93<D\xA1\xC829\xDB]\xE9X\x85\xB1V\xCAQ\xEA\xAB/W\xFF\xF2�Go\x{D9D3}\xA7#"\xD0@"'\x8EGʩ㉳0Q\xA0|\xD4\xC3r[\xF5\xF3\x85�*\xC8\xEB\xBA}\xE6q7�&(\x8BC\xD7WO%\x91\xBE�ʮ*\xF9}\xFB\x88\xBF:�\xB6\xFC\xB6/\xBB\xA7\xB2\xA3\xF1\xA3\xFD\xBA\xDDѓgi�C_\xAD\xF9\xE1\xD0\xD4e\xFFr\xB2\xB6!\xD26\xE7w\xAB\xB2lh\xAA=\xB1=U\xEDa.\x82\xBE>�y]\xF5�<�P\xC5B\x880\x8Bci\xF7\x95\xAF\xEAr͆'\xC5L\xE8PiP�\xA8��\xB5�\x8DJ\xBD}\xCE�"\x8A\xE0x\xB7]\xDB�t\xD4y\xB3f�(\x87C\xB5f9cm\x82�\x99\x85*\x8Dh\xBE\x8F\xB0Li\xE2\xE0\xE1\xC3\xFDp\x94\xB0J\xFAkx\xCAtP
-DEm#ß¾\xED\xFB
-\xD6Hԡ%j77\xA0�\xA2\xB11�\xB5b\xD99\x9B\xF5\x99\xF5\x8B4\xC45\x90U�[\xD2};\x94SkVI�g\xA9c.\x9B\xA7\x8A؛]\xD9�4\xC7\xEFQ��\xFA\xAA\xD9\xF0\xC2\xE0\xF4\x9C�G\xBE�%\xA1\xD1\xDE}�\xAB8\xFC�\xFE\x89\xA9yM(\x93(c\xF6\xC7CS�pԖ\xD9N\xBA:\xDA#\\xA8,�u$\xF5\xF9Q\xF6\xFB\xB2\xA8�\x8FvMJ\xA7lQ\xDA�\xBFK\xA9i6=^]*B!#\xC1\xB3-\x86\x89�9\xF1\xC4b\xE5X\xD1\xED~ ��\xE9\x8Fm7\xB1up"\x93\xA4\x86\xBFl\xF2ݴ\xA2\xA30\xCB|\xAC\x81\xE8\x92Dҹ�\x88.\xF2\x86\xE6ۖ\xF5\x9EFՎ�\xBC}\xE2\xCD\xF5\xC7~(w\xF4\xB2G暴#=\xAD\x8Eı\xAF\xF3\xC2+\x85\xAC\xC5J\xE2\xF5\xE7\xA4S\x91\xC2ZT\x92:\x9D
-\xBF\xE5�\x8C|\xD5\xFE\x89\xC3k2\xF6\xE7mUlyX\xD55\x8D\xEAjW\xB1WX\xCD\xE3`\x9D\xEF\xF2\x8D�\xB7
-\x8F\xAAGv�\xFAq1\xC1\xBE\xEA\xE9\xB7h\xDD>wU\xCF�j]��}\xA4hm\xB7M��\xE1\x87:
-�}\xF9x\xC0\x95h�<\x96\xF9p\xA00@/\xADc\xC0�Z��\xD8\xFB\x80\x843C\x98\xB0\xA7\x89\xCF�\xB1\x90\x83\xBD
-(vI\xDAm
-�\x{1AAAB52}-\xB5\xA5_\xEF\x91\xE3i\xD6y\xB9s\x82s�\x93\xF3\xF3\xA1\xD9w\xD5SU\x97�\xB2\x8C\xCB\xC0��b\x9D\xA0\xC3L\x98\xAF\x84\x88\xA4\xD2Ø™\xEF\x81Xb56_�j�;\xB2�_\xDA \xE4E\xED\xBD }-Ĉ��\xFF\x9Eg2\xE0�\xEB�\x9BM\xD9\xF3\xE9\xD2V�\xF2}<\xC6\xDE\xC5B\xFA=\xDB�Q\xFC^\x9E\xB7\xA5\xE3ê½€\xE9\xE0!\xD38ÌŒ0g\xC1cʇD(S\xE9\xF2\xFA\xE8\xECC�� G)\x93\x9C�\xCFÏ¥3�%\xB2\x80r[f\xB7\x80\xBF\xE5\x9F\xF9n_\xF3K\xB0Å\x8D\xF3\xF8PW
-\x93\xF1\xE4-\xA5\xCD\xF9�\xFB�\x88\xADXN>\xB5/�i5\xD3\xEA;\xF6\x95Å™;_v\xC2\xEB \x81Z\x85\x91\x8C\x9C\xBC\x9B\xA7\xBC\xBBy-\xDE\xC0\xE1J\x93:V\xF0f\xA5\x92\xC0\xEF\xCD\xED\x88my2\xA8\xC5Æ¨Ë �\x89RJ\x80�Yz�\x90_ˉ�\xF6\xD2H\xA7,ǺЙ\x95\xC8H\xFE\x93-ÞŒ>[\xB8\xEF\xF8$i\xBF\x87\xBE\xBB\xA9\xDB"\xAFo\xFAU\xD5\xF0\xD6!\x90F\xE8�\xF6�\xC41a\xA0\xDF�:�>\xD2SƆ�\x98�\xEDq\xA9\xE0Ì¿tq\xAD�A\x80;L\x8F\x9C�\xA7\xD3|\x82Q\xF7`�ZB�\xB1Ö·\xC6
-k\x99\xD8�b\xE9S�\x93\xA4\xA1\x91B\xBCi/`�\xCA\xE7\xDA�I�\xA5\xA3\xA6q\xBA\xE7\xB6\xFBJ��\xB2\xFB\xB2C\xA0\x84\xEF\xAAÆ\x84�\xF2n\xA8\x8AC\x9D\xF3J\xD7�ð\xA1\xED\x8EÄ‚\xF1\xC9o\x80=\xE7z"`)0�\xE3!\x88=�g=*L\xE2X\x9F\xA7\x9E\xD7l�Д1i6
-XhÇ©�\x8E\x80\xF8lF\xA3\x9C\x84\xA3\xA6D[\xC0\x91\xB5mL\x97\xE5@\x83�'Ôœ\xD3\xE0�\x85Ù¯\xB69\x8F\xAA\xA6\xA8�\xEB\x92�s i\xE38l9\xAB\x9AQV\xC5�\xFB\xF3)Élr\xD7\xC1{�z\xED\xCE\xDD^\xCE\xDC�\x85\xFD�cj\x96�\xFC\xAB\xECZ\xC0\xF8lf�\xD2SU>ch\x9ER1\xE0\xA2\xD4d\xE2{BA"\xC34N]جx>\xC2LQ�8|Hd77e6�\xFC�E�\x90\xB9\xC5�\xB03�\x9B\xE0W\���\xBE\xE7# At�\xF6\xE3\x96~\xF3\xF5�\xFDp1\xDFS^�\xCA\xDE\xCFF\x90$\xC1\xA8\x92\xC4\xE7\xEA!\xEC\xD5;\xD0\xF1\xB5�\x8D^:O
-Û”\x89\xD3�X/[\xEEK\x85@�\xD58�qbP\x9C \xB4\x80\xE4OJ\xDBW\xEB�)b\xCA�\xC1\xEBMr�\xE2\xF2\xA2h�
-��\xEB3\x94\xFF\xAA>t(�"\xB4H\xCE"\xDCCû�\xD4\xF0\
-[\xC2�e\xDE\xD5�\xA1�\x8BbzV\x8AfK�*�\xD25
-\xADoX\xBCr\xDCW�+룓�\xE74Q-hX}&\xDC\xF2\x9Bɀ#\x80'\xF5Ʉ\xCF�\xE1�C"\xC4pU\xFDʡ\xC42~��+\xA8e}5\xD0�\xF90^y\xD3v�\xDC\xC1+\xDA��n\x88\xD7&N.�\xD16\xA7\xA8\x85+L1\x89\xAF\xBA\x9C\xAATi�\xB0\xD8@\x8Co\xC8\xC0
-\x9A\xED3Q\x9C# *\xCAL\xF0s\xFB\x8CÎ\x95=\xAAÖ¤�\xC4\xF7e\xB3&0�\xFC�\xEF\x81 \xD08\xCB\xC4\xE8
-k\xA7R)b\xC0~Mu�\x9D�Pw\xF9\x91\xB8Y\x8F\xC6B\xCB \h�\x98M\x97{o=ͦ\xBFt\x82\xF3J�2\x88p\xE9\xF6f]>\xDD\xFCUv\xED�>Pa\x9A\xF9>\xCAT\x84ш\xC9\xF4XT�\xAEB\xF1\xEC2\xC2\xC4�a\x94~K\x98��\xAB\xDB͔kb�\x8C\xD2�lq\xA5\xF7�*\xD6�\xF6Xf9���\x86j7\xE5\xA5F\xA1\x97J_\x80M\xC0�\xB0)�\x8A41��\xC0Q�.p�\x81\x87s,\xCBU\x8D�?v\xFC\x9E+ٷ\xF1\xC1\xA7\xAEj\xBB\xB1�\xC9s\xB8\xCD\xD5\xC5K\x97ʢ�2a\xF2=.\x959ǣ\xF2\xC4F�\x85\xE8\x8B曖\x9FB)!\xE5)\x9E�\xA0 \x9C\xC8\xCDpPI\xE4b\xE8a\xF0\x85\x92\xB0(\xC1m\xA9\xD8\xE6ͦtt�@-�£\xED\xF6\xD8z\xC9vV\x80\xB8k\xD7�2�\xF9\xE0\xAB4<\xCD\xDE5�@\x83\xA0\xC2T\xE9\xCBD\xD1\xFD\xDF\xF2\xC2\xC0\xA1j�\xAA\xDA\xE7\xA9\xD3Q2\xCCd\xA2^쇫2�ֽO\xFA\xD3?aYg�\xB0\x9F�\xB7\xA2
-��\xE7\xC1՚[�0n�'\xDE&X�۾\xA8\xBB)p -w\xF9\xE4ԕ\xF4\xFC]5P�4\xD5|TP\xF9e\xF2;\xBB\x8F�4\x91�D\x9B\xEC>\x82�C\x88\x89\xB3$y]�}�\x81,�\xBA/\xCEE\x9Dz\xC8RC\xB2\x85
-wܤ�\xB9%`�\x95\x82\xC1+�.L.\xF9at\x82q�a\xC1\xB6\xA0\xC2X\xF9\xEA\xF0#\x800�,\xE1\xFF2\xB8\xBB\xD4�H\x8CR\x99BA�\x9F\xC7v+\xB3o3�F:\xCB�\xF1\x8C\xC6v\xA3'�X\xC2\xCD\xFDN\xCEÞµ\xB0\x9D\xD9hGN\xEEb$\xD8n(�\x9BZf \xA8\xA40\xBB\x81\xE4(\xA2\x84v\xD4���i\x87Da\x84\xDD�\xA2\xB0Y'\xE3\x92?1\xA4\xD5�q \xB9 '�{=\xE38\xC0\xD2{\xFA�K�\xB1\x8F;H\xB1\xAD\xD6H�`\x86g,\xF3-Ó©Ö·d\xB4|\xB0\xBDk\xEA"T\xBCj��\xB5��v\xB0*�\xF3D\x90u\x94R\x97\x8DÙ¹\x84\x84\x86\xFE\x94�\x96\xC6_\xA8\xF0\xD6\xE7�(Ç\xEF\x99�\xBA\xB2�xQ\xC5P2\xE7\xDE\xD6&\xE0�==\xDB\xF6�Jزp\xEB\xAB
-0\xE8\\xC6�!�C\x88ØŠ\xC4�\x9F[Pcs\xD1p\x9A\xD2 at 0��\xEAß³}\xF42\xA0\x83\xF1\x9F\xDA\xF8\xCF3\xC7\xEEd\xC0\xDBA\xB9ÞκݎOF`\x87*N8\xC7)\xCEp\xEF\x8E`JUAa\xE5a\xBF·\xD2\xF5\xBD\xB9\xE5\xF8f\xE7\xFB\x96\x83\xBBm\xF6\xB7gM�\xAC\x9D|\xDB\xF4g\xF9\xF6\x92 /8\xE8\xDA\xEB\x83m{\xA8×®\xE5O\x9F‰\xC3a\xD7\xCCa\xBB\x90xZ�\xF0T[n#Õƒe\xFC\xE0�\x96OW�Ê\xE5󫈦>Na\xB0g�\xD62\xC5%\x8D�\xD6-?o\xA9\x90�{\xB7]1 \xAD\xF2\x9E
- E\xB1=Ӯ\x8AR\xC1\xFD'"\xE4\xEB5\xE1Ӟ?\xA2zK9N�l[\xAA\x98\xDC-\xC87(\x96�R\x8E\xD9Hs\xD7\xEC_\xBCȺ򬚚t\xAFL}\xB6S1ʡ\xE8e�5
-d�E\xE9\\xE02\xA0؟S\xFE\xFE\x93\xE8\xB6\xCD�\x9BW/�\xD2P\xA7\x99\xC3Z\xF6�i\xC1G=Y\x9E�\xE3\xE3\xD8_\xDC;6\\xFD!�W1wʑ\xBC+\x87m\xBB\xE6e0
-�4N\xD7��
-\xC0\xB4\xA2<\xAD\xD1r\xF7-\xB1\xB8�\xE7g\x813>\x9E�\xE4*\x81\xAA\xE5\xCC�X\x8E\xF1F\x8B\xE3\x87w\xA8\xDD�\xBB'\xC5W\xC2�\xC6/\xAB\xCC\xFB\xCA�11\xDD�\xC0\�k\xB0��\x83ۺoY\xE3\xED\xE0\x97\x9A;�\x8Fg\x8BO\xE9�\xCF�]\xF24V\xBFԀ5d
-\xAF\x9E\x8C\xCAT(\xA5\x87\x85o\x9C\xCC³O\x94\xE50\x8D\xED!\xD9f =\xD0bap\xAEY X+\xC7�\xF4\xD3\xD7\xF9�\xB3\xFA+�lV1\xE8\xC1f�\xD8[Ù\xD2v=�`\xF8L\xA5��`#\xA9>\xA4\xE0�\xED\xC6^\xB2)qZ\xD2.\x87Z\xAC\x9B2\xFC\x82\xBA\xD9�fd�N\x8B=m.?\x81\x9C��\x9E\xED\x9A^\xAE\x98\xDA\xFBJ0vn�\xAB\x91ih\x86f\xCEe\x81`w}Mc\x8FW\xD1\xE3=\xD2+\xBAe\x99�Å»\xE1\xEFm\xA3 \xC6�\xC5~*\x86!\xE0%\xF0z\xE6 �\xDBTt\xE9�P\xCF燉:\xE74\xE9 w\xE6\xFB\xD1%\x95E\xB8\x83\xBB-�7=\xF0�\xC50t\xE6\x89Ë\xF7\xAD\xCD\xC9\xD6|z\x8B\x81R�}y�\xB1�C�\xA6\xFD\x92\x980\xEB\xDB\xD6\xDD\xC6\xE6�Ï‹\xAD\xFBÒ¶\xB7\xAD$\x82P\xDE�\xE8a\xC5Ò‹\xEE\xB8�\xDAM\x97\x{FDEE}Ï€\xAF\xF3�\xAC\xA0\xC1\xD6\xC3P\xB2\xA0�ϱ+\xF3fZ\xB7h\x82 1�\xA8\x8D\xFB\xBC`\xC7H\xF0\x9Ei\xD3\xF8\x{325E630}\x90X~\xB9\xFF\x89\xAF^\x90mI��/+k\xB2\x89~-\xA6fI\xA8\xB5/\xCBÞŽ\xA9\x99\xF0n\xEE��\xA6qy�'\xC7tAT\x9B\xFEhA\xB0>\xA2}-\x8F4h\xC0�\xC1qE\xB0C\xA7\xA4eÆ®S\x84E-\xA4\xFED^\xF4t'l\xCB\xD58\xAE6�e\x9A\xC8]\xE6\xDB�S\xF6|1u[\x83\xC1\x81�\xAB\xA7�\xD6'\x84p��o\x93ؼ\x99\xA8\xF8 \xA7E\x89r\xBD at R\xD3b\xDF\xD6Uq\x9Cn_Ä©\xBF\x9B\xF5Ú²\x8E\xC0\x83Õ©\xDA[\xBF^f\xC5!\xFEa\xC6\xC4_dD\xBE\x9E\xF9\xDB\xFFq\xC2y�@\x9B1r\xFAO;\xEC\x9D�T\xB4nQ\xB83!Ì‹\xA5\xBB\xBF�y\xB9\xF6\xFF�3\xDF2]endstream
-endobj
-2090 0 obj <<
-/Type /Page
-/Contents 2091 0 R
-/Resources 2089 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2067 0 R
->> endobj
-2092 0 obj <<
-/D [2090 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-714 0 obj <<
-/D [2090 0 R /XYZ 56.6929 730.0613 null]
->> endobj
-2096 0 obj <<
-/D [2090 0 R /XYZ 56.6929 694.6148 null]
->> endobj
-718 0 obj <<
-/D [2090 0 R /XYZ 56.6929 556.3845 null]
->> endobj
-2097 0 obj <<
-/D [2090 0 R /XYZ 56.6929 529.3116 null]
->> endobj
-722 0 obj <<
-/D [2090 0 R /XYZ 56.6929 413.847 null]
->> endobj
-2098 0 obj <<
-/D [2090 0 R /XYZ 56.6929 385.8516 null]
->> endobj
-726 0 obj <<
-/D [2090 0 R /XYZ 56.6929 226.4875 null]
->> endobj
-1730 0 obj <<
-/D [2090 0 R /XYZ 56.6929 193.9525 null]
->> endobj
-2089 0 obj <<
-/Font << /F37 1026 0 R /F69 2095 0 R /F22 961 0 R /F21 938 0 R /F39 1161 0 R /F41 1218 0 R /F53 1313 0 R /F48 1238 0 R /F62 1361 0 R /F63 1364 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2101 0 obj <<
-/Length 533
-/Filter /FlateDecode
->>
-stream
-xڥTM\x8F\x9B0�\xBD\xF3+|�\xA9\xB86\xC6\xC4>f�mY\xA9i\x9A\xB0\x87\xD5j��\xBC *\xC1i �e}M\xC6\xF9Ж=\xAD\xA2\x88y\xE37o><@�1?\x8A�DŽ\xC9�\x8Dd\x889\xA1���\x87\xA0\x959\xFB\xEEP\xCB\xF1\xCF$\xFF\x96u\x979_\xBF\xB1�\x92XFA\x84\xB2\x97�-\x81\x89��e\xE5\x93;\xF91\x9Ee\xC9\xDC\xF3�N\xDC�\xF6|��\xF7.\x9D\xC6\xE0\x91\xF0X$\x93\x87y\x9A=�\x9A\xFC\x9A.\xD28\x99\x8F\xBDQ\xE8f\xA9A\x9E�
-"L<\xB3
-\xF1\xE3t\xFC3\x9D \xFFa��5y\xA7\xF6\x9C\xDD;Ivi\xE4\xB6YJX\xDF\xC5_\xE7é™ \xD2\xF4|\xEF�̤\xE0\xE8` \xC1T\xCA m\x9C\x903\xCCC\xC6Ξ\xDAY8\xBF/\x827\xA7\xA7С\xE1q&0�\xC1h`zA04=.q\xC4�v\x9A\xDEBoT\xDFS\xE4\xB6U\xA7Z0\x8B\xB5Öuw\xBAr\xF7\x8FR[\xF0\xE4u
-Fyl\xF2MU�|\xF4\xF7\xDB2\xEFT �q?\xCF�#\xEFr\xB0\xAA�d,l\xF7\xCBRor\xF0�\xC9\xC6F\x96\xAAV+#ds\xAF\xF3\xEE\x86\xEF\xF7\xE36=\xFB\x94b\xC9ypj\xC0\x8A0�\x952yJa`\xAB\xB6\xF9�\xA4�zÓ27\xCBH\xE4f\xEB\xAA�\xE6!?z\x94R\xF7\x8B\x81!1\xE9�\xF8;\xBD\xF5k\xF5\xAA\xEAk,X\x85n:\x93\xAFjV�类� \x84\xD9n\xFB\xDC\xFBb
-VnSYm\xE1\xA63{P\x96;\x8F
-W\xB5\xAD\xB2�\xFD2\xD4\xE0v\xBF\xAC\xAB�\xF6î –`Ø\x91\xBE\xFD�\xACV\xED^Õ®�\xD0(e \x8D\xEElH]\xEB�\x98\xF6\xE2 \xC0\xCDYΕ\x8B?\xDAm\xC6q\xBF\x90�\x9Bh\xFE\xB6\xEEO\xEF\xFD\xF5\x8B�\x9AWR\x88`x\xA5� 1c\x92\x9E\x8B\xEA\xE7E\xA9|_\xFA\xE5
-\xF9\xBF\xF6\xE6\xF9�\xEDendstream
-endobj
-2100 0 obj <<
-/Type /Page
-/Contents 2101 0 R
-/Resources 2099 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2067 0 R
->> endobj
-2102 0 obj <<
-/D [2100 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2099 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2105 0 obj <<
-/Length 69
-/Filter /FlateDecode
->>
-stream
-x\xDA3T0 BC�S3=3K#K�sK�=S�CS\x85\xE4\.�\x85t\xA0\x9C;\x97!T\x8D\x89\xA9\xB1\x9E\xA9\x89\xB11\x90\x83EV�.\xADknj\xA9g`fA\x82! \xC2V�\x8Cendstream
-endobj
-2104 0 obj <<
-/Type /Page
-/Contents 2105 0 R
-/Resources 2103 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2107 0 R
->> endobj
-2106 0 obj <<
-/D [2104 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2103 0 obj <<
-/ProcSet [ /PDF ]
->> endobj
-2110 0 obj <<
-/Length 1965
-/Filter /FlateDecode
->>
-stream
-xÚ¥X[\x8F\xEB\xB6�~?\xBF\xC2o\xD1�\xB1V\x94D]Ò¢i\xB3\xA7I\xB6E\xD2 g\x81\xA2\xED\xE9�-im\xF5H\xA2#Rv7\xBF\xBE3\x9C\xA1,\xDBJS\xA0\xBB�&\xE7\xCE\xE17\xE4\x88b�\xC1\xBF\xD8�2\x8C\x922\xDD\xE4e�\xCAH\xC8MÕ¿\x8B6{\xE0}\xF3N\xB0L*\x93P\xA6I�\x93�\xEEV&E(\x8B8\xDFl\x97F\xBEzy\xF7\xF8u,6q�fY,7/\xAF\xB3\xAF,/\xC22I\xCB\xCDK\xFD\x8F\xE0é Ž\xB6��\xB6\xB1\x8C\x82\xE2\xE1\x9F/"\xB54Ì‹\\xA0Z�.d\x98\x97Q\xE1�^�\x84�\xC1\xA8\xA7]ט\x83Ö¶�\xF6\xB3\x9AH\xC3$\xCDbVË’0\xCF"\xF2S\x84\xE2a+\xA2(
-\x9Et\xDF\xEB\x81�\xFE0j0Ó›\x8B��\x96Rz� �\x9F\x8B\xC2�\x98M<\xDB\xCF�\xA4����\xB4\xA5\xC1Y\x8F\x9F \x9A\xDF\xD0\xEC\xA0\xCF4\xA8�{{\xA6\x9F\x8FQ�隣\xA1\x99\x9E\xBC\xF6A]\x99=\x8Fz\xD8É‘Å›2,\xB38\xE3\xC0 =e*RJ\xC8�,%\xA9�v\x8D\xB142\xBA\x9Bl\x8B\x8BÄ™\xD53\xF5\x84\xC9r\x93v a�\xA8\xAES�I5\xD44\xA8\xF4\xC0Q.\xB8\xAD1Sc\xFC\xF8Ú¶U\x9F8\x8A\xE3\xF8 \x8A\xA095\x83�\xDD�S\xFBF\x99\x898\xAC\xB9{Ã¥\xE1b\xE6\x9C\xC3bLc݆n\xE3<�\xA6#\xFEfA\xA7\xF7\xFB\x99\x88quh�9\xBB\xE6U\x93\xD5�\xC4�\x82\xE52\xA2\x84\xB0ÞN\xCE�\xEAS[\xB3\x98"\xBA\xD1�`\xC5d\xFDJ\xF4C;Xv\xE7\xF2\x83\xB4v \xBF=\xE7�9�6\x8FX\xB4\xDB0\xD85\xD7��n\x81\x93ij\xDA_L\xDD��n�+\x90\xE0�\xA4\xD3\xC3Â…\xEF\xD2�S
-i \xB7\xA5\xDD3\xE9\xC0\x96y\xED\x88\xF9\xF0�\x8A&\x8D\xC28K<\xE6c\x8F\xF8\xA1�\x9B�\x82h\xEF�C��\xFB\x99<\xBB\xFAÐŒ\xAD\xEAh\xFC\xFD\xD4\xEF\xA0\xC6ס\@\x8D\x95\x89\xF3\xF7w=\xA0vV �X�ƃ\xD3\xC6-\xC8\xCA@͉�ο&D\xFC\x8DL�|\x8C㜤!\x9A7\xA2\xB1\xDE\xF0�+\xD4ʲ�b@�4�@\x99�\xFE@\x8CN\xB3\xACC�X;6\xFA\xD8\xCD�2�\\xF4<\xD2스\x87yÑ· g\xB0È”}sɘ\x86\x80�G\x80"6�\xF99�3\xC0\xCD�\xB5\xFAFt��\xFCr\xB2e\x80h$\xD2\xDF\xE0\xEF\xBB\xEFÞ¿\xFF\xF1Ç�\xA9*e \xA7^[\xFA\xA4 \xEF\xDCv�\x8DzW\xBF�\xD7}k\xEC\x85�{\xBD^\xAC\x900\x91p��\x91\xD2y �E?\xB0�)e�\x99\xED0\x8B\xD3\xE0u\xB2�|�d�\x87Æ‹\x8Do<\xD0Ī\xF4H\xD2Õ\xDF�O�'2\x9F�\xEBaÍž\xD1_5\xB1\xB9\xC1\x92�F\x8A�Èœ\x8C\xF0�i\xCDZ W
-\x8A\xD8mT\xB9,(�\xBE�\xCA\xDE\xF1\x89}\x81q\xB4\x80\xA8\\xC2�&|&d\xBEvK\xC8T\xDDV\x8C\xD0h\xC6KI\x9BS�?s\x9D@\xD5+6\xB8k0mH\x9A\x8E\xB5\xC7rR�ϯ\xC4'\xA8 \x9BCZ\xD9N�,H\xC9\xC0\x9Dk\x99\xF4jY`:uj\x88��N^\xAE5\xF4\xDB\xE9\xB3'A\xB4�鰲\\xA4A\xAExY�\xF6\xCA`3\x90\xA7\xC1\xE7s�\xB3\x89u\xFF\x8C`\xB0\xA1\xACm\xFA\xA3]\xAD7>�)34n-_\xB3\x95>\xBE\xF1\xB1\xFBzs\x84a\x9A\xC3\xD9`�M�t9h\xF0\xC3|K�>x�̫,�\xABD�M\xBF\x8A~|\xAA`x\x91\xE2\,\xCDq.\xBC\xE9\xD3l\x8E\xF2{�\xBD$\xE7F�.\xDD\xC1\xCCJ\xF6\xA2\xB4V\xCBl�o�>��\x9Dͱ�\xFD�\xE3\xD3h\xAEo\x9B\xFF+\x9Ftc\x8BlѸ\xC4"'\xDB�Cv0�
-\xFDf3G\xD551b\x91\xE6i\x91diN\x8C\x8F\x91\x8Câ±\x88�\xB1�0�\xB7��"\xF0�0\xE0\xE2\xC4\xDF�Z\xD57\x92\s\xC2w�"\xF3\x87&0\xCD\xE5\xFEF�\x97?$cR\xCDZ\xBA�\x94\xED(\xF5\xE5\x8A�:\xE9\x90H^\x8104g\xA2\xB0\xFB(\xBD\xC0�\xD9W\xE1\xD3�7\x90\x98\xBFS,[>\xB0\xFA\x8C\xB9\x85;\xEE3`\xF4\xA6'b\x9D\xD5\xC0\xA4\xD6^�\xEF�\xF6Ey\x98]\xB9\x9C\xAD\xDEv\x8B\xED\xE7\xDEa\xAF\xDA\xE1k@�n@\xFEzh|\xC7\xFCt\xD3O\xD30J\xBFm\xBAã—¿\xDEe�\xDA\xE2�\x9A�(\xB0\xC1i\xC7E\xF0\xE1
-\xEAÍ\xE2\xC0z҃ѣm\xA7\x9E戧\xE7�O\x8C$ \xB8aѯt\xA0\xC7t\xE9�\xF9L]%\x8CF\xE8\x8A�\xE2\xB9B\x88�%\xC7#�\xA5 e/v\xADΩ\xADXK\xED)\x99\xAE\xD7\xE2X\xB0\xC5u\x92_=\xFF~-\xC3Ô¶GY\xF0\xFEÛ§�p\xE4\xCFH�\x97@
-\xAD\xE8\xD7\xD8\xDA:\x89��\xF3\xCE\xD0�\xC3BYn?z\xB7Xd\xCCq\xE2d\xBE\xA9\xDC\xE4\xA4\xDAN\xED:\xF8r\xF0�\xEF\xBBQ\xD5a\xE1\x83L\xB7C\xD5MucV\xEC\xE2\xAAV.W\xAA\x9D4� \xDB8H\xFC�\xBB�Uo�y)\x94@\xBB�Z\xECo+B)\x88×\xA9\xF4D9\x83\xA9;B.\xCA\xF5Ty�\xE5��v��\xC2)\xCE6\x99\xEEZ�ds\xA7\xA1\xC1\xD3\xCFM\x{DB75}\xB0r=\xB6\xF6\x8D�\xE4&�vÓž�\xAE\xE9^/yr\x80\x8D\xA1�\xB6\xAF\xD3P;\xABy� \xC2�1{9B\x80F\xE3\x9F\xE0{\xCB�ו\xC2M>p�\\xD7-\x9E\x91�7�>\xE5 \xE8W\x88̨W K\xD0\xC6
-5m"\xFB\xBF\xC0�\xA5\x96\x80\xE36WU\x9FÔž�9�Z\xD8ו\xE5,\xB6VH�b\x9E\x8D\xFE\x8B '\xAF\xB4�=\xCD\\xA6p\xC0\x9F'8T\xC3 [Wy\xCC#\x89�6\xC9y\xE85\xB5\x90\xD2\xC7\xEE:4 \xDF\xE1l\xA03,�\x95\xDFb\xCF[�\x9C+\xAA\xEB/�WF".\x83\x9B\xCB\xCA?@\x94\x80/j\x8C�u\x931Ô¢+l'�,{_\xBC2\xE3\xE2\x95sä®\xCF\xF1�Ûª\xCA��\xBF&�\x96B\xFA\x96\xE5\xE7�!�G�\x98
-\xA5\xCCr��c\xF8-\x8A\xBC\xFB\xE3\xCB\xFC
-\x93\xA4%\x9C\xA1i\xB1�I�æ² \x97�\xE2~\xDA\xF8ÑŸ/\xAF6\xB3\xC2v\xA1\xE1�mÒ¥\xDF;\xBB轇C\xC0\xEA/�a\xEFo\xE3\x81\xE3<,EQ^\xC7s\xF3r4�\xDD\xC5p\xB5\xF6;[�\xC3\xEFV\xCEy�7G)JΑO\xFC\xA95\xAD\x9D\xBF|hW\xB0hpk\xB7IQ\x84"�\xE95\xB6\xCFÍŽ\xFB�\xAA��\x87]\xD9�)C\x99\x8B_\xDA�\x91\xC2\xF5%K�\xC4QXD\xF1\xAFoʬ\xB1]\xAA\xDC\xEFʽe\xD7SX{\xFC\xE2\xF1\xF1|>\x87\xBC+\x8F\xBE,��}\x8Fw\xB8\xC9�\xC0�d\xF1:Æ›\x8D\x9A\xA5\xEE\xE3\xBA\xCAǽ\xB5\xFF\xB6U\xF8��]5\xE8T\xED\x8AË°ç§\xF06h\xFF\x90\x98\xC8�\x9F%\xD7"\xF6"Û‹�\xBDH.\x83H"h<�H#�a("�\xB7\xEE\xE6�\xCE{\xFF�\xF9\x8D\x8C\xFEendstream
-endobj
-2109 0 obj <<
-/Type /Page
-/Contents 2110 0 R
-/Resources 2108 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2107 0 R
-/Annots [ 2117 0 R 2118 0 R ]
->> endobj
-2117 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [348.3486 128.9523 463.9152 141.0119]
-/Subtype/Link/A<</Type/Action/S/URI/URI(mailto:info at isc.org)>>
->> endobj
-2118 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [147.3629 116.9971 364.5484 129.0567]
-/Subtype/Link/A<</Type/Action/S/URI/URI(http://www.isc.org/services/support/)>>
->> endobj
-2111 0 obj <<
-/D [2109 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-730 0 obj <<
-/D [2109 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-2112 0 obj <<
-/D [2109 0 R /XYZ 85.0394 576.7004 null]
->> endobj
-734 0 obj <<
-/D [2109 0 R /XYZ 85.0394 576.7004 null]
->> endobj
-2113 0 obj <<
-/D [2109 0 R /XYZ 85.0394 548.3785 null]
->> endobj
-738 0 obj <<
-/D [2109 0 R /XYZ 85.0394 548.3785 null]
->> endobj
-2114 0 obj <<
-/D [2109 0 R /XYZ 85.0394 518.5228 null]
->> endobj
-742 0 obj <<
-/D [2109 0 R /XYZ 85.0394 460.6968 null]
->> endobj
-2115 0 obj <<
-/D [2109 0 R /XYZ 85.0394 425.0333 null]
->> endobj
-746 0 obj <<
-/D [2109 0 R /XYZ 85.0394 260.2468 null]
->> endobj
-2116 0 obj <<
-/D [2109 0 R /XYZ 85.0394 224.698 null]
->> endobj
-2108 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F11 1451 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2121 0 obj <<
-/Length 69
-/Filter /FlateDecode
->>
-stream
-x\xDA3T0 BC�S3=3K#K�sK�=S�CS\x85\xE4\.�\x85t\xA0\x9C;\x97!T\x8D\x89\xA9\xB1\x9E\xA9\x89\xB11\x90\x83EV�.\xADknj\xA9g`fA\x82! \xC2V�\x8Cendstream
-endobj
-2120 0 obj <<
-/Type /Page
-/Contents 2121 0 R
-/Resources 2119 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2107 0 R
->> endobj
-2122 0 obj <<
-/D [2120 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2119 0 obj <<
-/ProcSet [ /PDF ]
->> endobj
-2125 0 obj <<
-/Length 2544
-/Filter /FlateDecode
->>
-stream
-x\xDAuY[sÛ¸�~\xEF\xAF\xC8[\x95\x99\xB5\xAB\xABe\x9D\xB7\xC4\xE9%\xED&\x93\x89Ó³3\xE7\xF4<\xD0�m\xF3D�UQ\x8A\xEB\xFD\xF5��\xA0\xA4d\xB5\xD3\xE9\x98���\xC4\xE5�\xA8��>\xFC�.\xD6\xC9Ò\xB2\xF8"\xCD\xE2e\xE2�\xC9E^\xBD\xF3/�\xB0\xF6\xF9]\xC0<q�-\x938\x8A`2\xB3\xBAH\xA2\xF52Y\x87\xE9\xC5b\xBA\xC9\xF5Ó»�\x9F\xC2\xE0"\xF4\x97\xABU\x98\<퇳Vi\xBA�\x93\xF5\xC5S\xF1_\xEF\xAAid]\xA8_\x97\x8B0\xF1\xBD\xAB\xCB\xFF=}%\xB1x\x99\xAE\xD3 \xC5|8"]Æ«t5\x95È¥�\x98\x83x�Å«\x90\x99W\xC92\x8EÒ”\x98\x97\xC1\xE5"\xF0}\xD8:\xAE\xF5\xA9\x94Å¡\x92u7\x91
-\x96Y\x928\xD9(Z�Q�8\xD9Q\x9A\xF4\xBBn\x95\xDC\xD3\xF0\x8B2\x9Dn\xCF4\xD1L쎒�7\xF7[�\x88\xBA`\xD1\xDB\xFB�>4\xBCÈ–\xD9*\\xF1\x99!\ÎYß²;\xEA\xFEp�\x99(\xE3\xED`\xF0#�c8#X{?|?Ì•(\x91Bk\xBB\xCB\xC0\x93�Uת>�\xC5j3�\xBFÑ•P5\x8D\xEFE\xC5\xD4\xED\xD9t\xB2b\x91<\xEF\xDB��\x90\xA8o\xB4\xF6�\x90\xAD\xF9\xA0\x93\xEA\xDE\xEA\xD5\xF4\xBBR\xE5\xA2S\xBA�\x8E\x86;\xE2\xADÈ®d\xC9\xC7O�4B\xECe\xA1\xFF�\x8D\xD8R\xB1\x97k:�g��rX\x8E\xBCZ\x9E\x88b\x9C\xB6@< C\xC4B\x9A\xBCU;\xAB3Ð\xCE@�\x9D#��%B
-Xd\xBD�\x89ÄžAJ\xB4\xBC\D\xA1\xEF}\xB2\xAA\xE8j\xD8%fm4\x89 %\xB5\xFA'V\xC1W7
-\xC9\x8F�\x97Y\xE8]ղ\x83\xC8\xC9b\xF0W\xE2\xDB\xCBड\xAB\x82\xA9
-\xDCÚ’pk\xFA-\xC4\xF9\xBD\xC1I\xE2\xDDÖla���hy's\xEB7��\x96\x90\xA6\xB37\xC7 \xDA
-\xE5\xAFF\xB6
-#\x9C\x9D\x82Ľ;\xAC\x90/\xB2Ô
-�\xBB�)\x96X+\xCFܦ��\xF0~�EA\x8A�C1�\xF8\x9EÉ\xD2��\x8C\xAD\x91\xE1W\xD0O+�U\x94g\x9A\x80B`h�C\xBB�� \xA0\x9FUM\x94\xC4 \xD7<\xE9\xF6\x99\xB9\xEB�E>\xA8\xF1�\xE0\x960[y\xF76�`\x99\xBD��\xDEIr\xD4\xCCDÛ©U]'\xADN+\xF6r\x90R\xA8\x9A\xA3
-�\xA0\x93Ωu)Q\xBA\xA3\xE8\x88V\xE9Ba\x9E9^
-FXÐ\x82d\x83\#\xE5S\xAF\xD0yOpB\x8C\x9AȪ\x86\xA8n4\T\xF2i�\xB9^\xBFÈ=\xF5v\xC2\xC0�3v\xB7Ù”\xB9<\x83�Z\x88L��PO\x96`\x9A8I9\xB3\x80�\xF8Q�&\x8E\xC06�
-C\xC6g\x94\xF1f\xB1\xD1u.�{4\xD0\xC8,0\xF8$rU\xAANI\x83b\xBCð:\xDD>\xB1\x8B\xE1t\xFB�\xD5\xE9\xB0۪)\xE5$
-\xA3\x90\x8F\xC4\xC1\xB6\x91\xB9\xB5/��!�.�N\x85\xD9z\xEA\xB0W\xE2.�pl
-\x84�\xD3\xC1\xBA\xB0\xE2\x85!R߸\x93OG\x95�y\x97\xB2\x9C�\x99�\xAE\xD5+\xC5
-c\xF8\x88P\xBE\xB7\xEBU \x81\xE96ɖ+?\xA3\xC2\xF4D\x98\x95Z\x8CnMG\x93\xD1u \xC6�\xBB�\xC65�1\x8C\x8Cl_\xE0\xEAi\xECYpɼ�\xD4$LK\xAD\xB9\xBFJH\\xE7 d` L'\xB1\x9E\xA4\x9E\xDB�\xE1oA\xD8�Av\xA6\xDF�\xD1c\xD0&k\xEFN\xE7Ϣ\x91\x9D
-fC4\x84\x88\xB9 at t\xD9J\\xF4�\xF5\xE4\xE3\x86�O�v\xBA1\x8B\xD0'B%ò£ª¥!\xBER\x83\x8B\xE9"k\xCFfW\xE2\x82��\xDFk�\xD76\xAA;\xF3\xEE{b\xD8\xEA�xZ>s#J�\xDA\xD5J\xBCg]ok\x98W\x83Z \x90\xABÅœ\xF6\xB2Î&q�2\xA6S]ß±��\x95\xBFo7\x8B\xDB\xED-a,\xF2P\xD4\xC3`\xFBxKl\x84à x\xE0Y\xC4z\xCF�q?`\x96\xDDz\xAA��6�\xC5ƃ`\xBB\xC5\xFD\xED��Z�\xC7�\xFD�Q\xC7�0�\x98�\xBA\xA3\xC0�\xEB�\x8D\x9C\x891�\xA3\x84S \xE8ײ}\x96\xA5<\xD3Ì•�\x9AQ\xD1Ç‘�\x86\xC8\xF6�\x89\x8Fm \x99 )\x8D\x80\xD08H\xDE\xDAF�\x92\x87(ÉњGbo\xEF��\xAC\xEF\xF8X1\xE7\x87�a_\xDF\xC0m\xFD\x80\xFC�\xBF\x87V�=A\xA4�B�\xF7�C#\xAC\xD9`\x81_
-��\xBC
-\x96a\x93p��\xAF�Gkଯ�\xEB���\xC3\xE15\xB3\xEEǪ\xFF\xEA\xC4- \xDCȽ\xAC\xCD|\xB5/^�\xC4�wx\x8F\xD2H\x82
-D�\xA4<\xD0\xCE\xFF\x97yÇ‘sU at E\x85\xCEq\xCC*\x8A\x91�\xD78P\x94Ì Ë¿/�@f4�\xE1R\xCA}^\xBA\xA6\xD6\xD2R\xBA#\x9B\xDAv\x90\xB0�/\xD7ˈ\xD6Ft\xC5�\x8C\x82�\xFE[\xE5Sr \xD2\xE9\xFA@\xD8\xE8\xAA\xE9)\x8E\x81L\xBD"\x9F\xFB\xE6\xA2@\xF9<\xF1pJ\x81\xB5\xD9>~\xE6\xDC��p\xCBLtG�Y\xADFg\xE1�\xB1�[A�
-\x97(-\xCC�\x83\xC5�Ù¶Ä \x98�Þ\xB0)�\xCB�x\x99�Aa\xEDF\xBC\xA8\x82��\xD5\xE1P\xE2\xA5V)\xA78�\xB7\xBA>@\xCC\xD44\xFB�\xF4\xDC\xC4P\x89B�\xCD\xDE�(d\x90�v�P&m\xE1�\xAA\xEB\xE6\xDFFD3z\x9C`\xB7\x93\xA2\xC2�E\xE0\xDB=\xC3Bj{
-\x86rh\xAE\xD4\xD0�q\xBD\xA0\x91\xAE�\xB3\xAB�zß&\xC5(u\xF9J\xB88�\x85B\xD7\xF25\xF8?\x8A\xB29\xD2p#\xAAf'Ë’\x95\xFA&_\xE6�\xF9M_\x97\xA2\xB1J�6i\xF0U\xA3�\xAA#E}\xEF\xE3\xCF^5X*\x89e\xC3�\xCF�\xD6�J\xA9>KF\\xA2�P��\xAFSS�\x8Co&\x8C�>\xCF�!\xA0\xB7�LÝ–�\xE8@\xB1\xB8\x88\xA4\x90\xE6g�H@\xC49��\xB3�ZI(\x8D \x8E�:\x9E()6Sq
-�U\x9FiQc�\xA2\xF5F\xEAƆ�\x90EiX*\xD75\xD4\xCF]O\xD5-\xE3\xD6�XXE\xA0p\xB3\xCD�\x82\xA5\xA2o\xB9\x87�\x9AM\xD4�\xBA\xF5\xC1\xF9\x884�\xF2s\xAE\xF8�b\xF0ج�\x96\xD7 y\xADP\xB0M\x94`෠FA\x88\xBD\x8E\xBCm\xA5uGK�і\x8B;\xD5A\x9F^\x96,y\xA7\x9E%\xAD\xDE\xF5\xBD1,\xF4UUD\xBC.\xB5\xE6!u[\xC88\x88l\xF3#�_\xF7'�k�\xAE\xFF1�,\xB0\xC8�q\x91<\xC4a U\xAE\xDF�\xF9\xB3�{\x94\xFCl>\xC21\xA5\x83\xCF��\xE9D�}\xE3X/͛\xB7\xF4\x8F(\xF2�\xC4-O\xBF\xF5\xC47\x8B\x9B.f2\xEFe�O\x98\xC5ˌ�\x90\xB6\xB1�|\xEF\xDB\xFEj\xC4J\x98\xB1�Ҷ\xEB\x96B\xBAfӄ\xC8^'D\xF66!2\x8B\x8A\xB5>\xB9ժ�?DZ\x85ڙ\xF0\x9D\xEC\xC2
-D�\xF0F\xCD\�\xA5P�\xE01\xAA~)��\x89\xC5\xEF\x9AV�\xFD\xD8^
-�.�-ã¤\x8E�Í°\xB7\xC1q�\xCFG\x81\xDF5p\x92\xB3�:\xF1L\xF0\xCA\xE7aA\xEA�\xF00x�\x9An\xFE5c\x8D\xB5N\xBC\x87\xA3*itUV`+c!�\x9E\xA1\x8Fz'[\xB4\xDAz\xE5},\xFFd\xEAUi\x91�د�\x9A\xE8\x9C�7\xB3v\xAB\x9D\xEA\x9C\xC8u{�d\xA4ÌcI\xC0\xFDj~ÅžX��fQ\x8F\x8BgR`sd\xDF׳=\xA5\xB1i\x88%\x86zߊ\xEA\xC1\xEF\xAA\xC2\xF7UY*\xBB�bI뎺,h\xF9AØ7{p\xE4\x91\xC5?\xF5��\xB0\x96\x88V\xB8M\xAFjjK\x80\xFC\xAD�?�%
-\xCAG\xCB�_�\xBE(X\xE0�\xEB\xFF\x9AV@%\x9F\xA3�J4\xCB\xDDh^\xFD]\x9E\xD4<Fn\x8E-~\xCDj��\xFFa\xAFV\xEE\x8F\xFDA\x96\xBF\xBDI>\x8B\x8Df6\xD7n\xED\x83+�L\xCD\xECS2v\x90\x8DDN?\x9A`\xAE\x858\xE4\x8F9H3\xF0`3z\xF8�\x85$\xDBV\xC2\xEF�\xE54\xFD\x88\xD5��\xD5H\x83��\xAE\B\xFC\x9Du|-Fc\x98��\xA4\xEB\5\xA2\x9Cs\xB2knT�u\xFC�\xD7t\xE8�\xAB\xCAe\xC1?�M\xE4'�\xA0\xC1\xD9X\x80p\x86�\x8Fh\xA8k.\xE6�Í\xE2��\xF5\xF1k\x8FMb\xA0q�\x91\xCCB\xB0�\x83i\xFB\x86sk(ß½�\xFCd\xDA\xFF\xC3lh\xDFp\xB2\xD1oC;\xE0\xD0n;Õ£\x9E�\xBB�\xBF�\xA8\xCE�\x85?^���U\xE8&\x8A\xCC(\\xB9'H\xF0\xEA\xD1\xE1C\x8F5mWp}c�\x8C\x87XÉ„?)\xE2\x92\xE9�\xC09\x96\xDCI[(\x91î¾›\xA8\xC2^5\xF0\xF9\xA9�\x87m7\xEF\xCDl\x8AR�͇蕽M��|1x�:
-t\xB4y\xE3iza\xC1SB\xEFH\xE6�>\xCB\xED鱳O\xE2"�H\xD3ȃ\x85\xD7U��\xD8N\xC9\xF8\x81 \xA9|h\xD1\xE7�\xF2���řX]\xD6\xCC=\xCE\xF7\xAF\xBB"L1\x9C\xAC\xF9\x8B�O\xEF�\xD7WH\xCEԚ\xE6\xDDǧ\xE1#\xBE\xFB4�\xE1\xB7\xF3h\xF63\xBFcY\x8C<\xF4\x8D\xFA9�\xA2w�EY\xE06B=\x830z{\xDC\xF0'\x83\xBF\x9F\xF7�\xF0I\xA2pend!
stream
-endobj
-2124 0 obj <<
-/Type /Page
-/Contents 2125 0 R
-/Resources 2123 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2107 0 R
->> endobj
-2126 0 obj <<
-/D [2124 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-750 0 obj <<
-/D [2124 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-2127 0 obj <<
-/D [2124 0 R /XYZ 85.0394 573.5449 null]
->> endobj
-754 0 obj <<
-/D [2124 0 R /XYZ 85.0394 573.5449 null]
->> endobj
-2128 0 obj <<
-/D [2124 0 R /XYZ 85.0394 539.0037 null]
->> endobj
-758 0 obj <<
-/D [2124 0 R /XYZ 85.0394 539.0037 null]
->> endobj
-2129 0 obj <<
-/D [2124 0 R /XYZ 85.0394 510.2426 null]
->> endobj
-2123 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2132 0 obj <<
-/Length 2812
-/Filter /FlateDecode
->>
-stream
-x�ko\xE3\xB8\xF1{~\x85\xBF\xD5�bE�\xF5\xCC��\xB2\xBB\xC96w\xBD\\x9A\xB8h\x81\xDB�*K\xB4\xAD\xAE,\xF9D9\xD9ܯ\xEF�g\xA8\x87\xAD\xEC-\xD0&�L�\x87\xC3yq�\x94\x98\xB9\xF0/fA脉\x97̢\xC4w�W�\xB3lw\xE6\xCE6\xB0\xF6\xE9L0\xCE\xC2"-\x86X\xEF\x97g\x97\xB72\x9A%N�z\xE1l\xB9�Њ�7\x8E\xC5l\x99\xFF2\xBFv<\xE7�(\xB8\xF3O7\xF77\x8F\xD7;_x\x81;\xFFx\xFFD\x83ǛۛǛ\xFB�74\xBD\xBB\xBF\xFD\xF9\xF1\xA7\xEB\xF3ȟ/\xEF~\xBE?_\xC4Q�̯��n\xEE?\xDE\xFD\x8Bp\xAE\x91\xA0\xEBZ臛\xA7\xF3_\x97?\x9C\xDD,;\x8E\x87R W"\xBB\xBF\x9D\xFD\xF2\xAB;\xCBA\xB8�\xCE\G&q0{\x81\x89\xEB\x88$\xF1f\xBB3?\x90N\xE0Ki!\xE5\xD9\xD3\xD9\xDF;\x82\x83U\xB3uRK\xC2u<�z�j\xF2\xBC)5�\x89�JO�5\xBD\xBF\xBB\xFF�\xD2y\xF1\xFCY5\xBA\xA8+\x9C$\xF3\x84`/\xA9\xA6As.\xE2\xB9*U\xAAUN�EE+Ojߪ\xDDJ54\xF5\\xD7%\x84\xB4\xCA T0\x8D\x94\xE0\xBB\xF4?u3\xA4\xFA\xD2�\xAD\xA2\xB5zM�\x95J\x9B򕷕%�\xD4{\x95\xB5L\xCCb\xB6[\xDEz\xA8re\xE8-\xD0(\xA0\x99\x85�N��\x9E�\xB3|-\xAA
-Y\x91%\x86Qj\xF0\xB3-�\x9F\xB5�bƱ\xBB=\xD7q\xA3h\xA8#\xD8\xC1:\xD24\xF3\xE1Ç·\x82\xC2<�\x92U4�>a\xF2\xD9u\xBD\xAC I^iK\xAE\x{184525}\xAD\xCA\xC1\xAD\xA4p\xE7\xF75\xEF\xCF\xF3\xA2\x85SÒ’\xE6\xB9zVe\xBDß©\xAA%\x80Q(R\xA9+{Ju,[oM\xC3\xE8\x84J\x8C�\xDE\xDE�C�R�1%\xFD\xF9K\xDD|\xA1%\xC3�\xFC\xEE\xD2\\xD1Ú¾ÖºX\x95\x8A\xE0m\x9D\xA7\xAF4\\xBD��Y� z�Ú�\xBD-\xF6\xB4b\xEC\x8C�p^c4�\x93\xACn\xF6u\x93\xA2\x92\xF4�\x82"6\xC2�\xC9 \xA9\xDBº\xB2f+2\xE30R\xC6V\xEB\xBAiug<\xF3[�v\xE4[\xF5\x81W\x8A*/\x9E\x8B\xFC\x90\x96\xDA\xE8 \xAE\x9A\x98 ß‘>\xDCC\xB8kp\xAA�9>\xDEJ�F\xE7��Wc\xFEIU,\xC7(�\xA9\xB5jT\x95\xB19\xEF*`bg\xE4\xEB\x89[!�q)\x9D\xD8�q�\xE9�\x93\xBF{x�;/j at F\xC5�v�\xF7�\xFE\xE0W0\xCDal at 3C\xF0L�E�&�G\x86\x8CQ�\x93\x8A\xE3\x81ú\xF0\xE2Ūhi\xA5\xC8\xC1�\x8Asa\xFC�\x9C\x89\xA0k\xE3i\x80[T\xADj\xD6i\xD6�26\x83�\xAD\x8C\xC6ad4\x8E\x94F\xA8\xD1\xFCe[d[�\xAA\xFE|\x83H\x96\xC9�\x99\xCA\xED9\xB4v\xE2�\x94�H\xEBQ�\x8EH\xBFpNQ�mj\xA2�\xCCu\x96\x96)\xB9+\xCCî•J\xB54c7h!\x9C\xE0\xB5M\xA2\xF9r\xDB3��\xE9p\xD2nif\xA7\xAF{#PÄ‘�ч\xFA\xBD"\xCB\xC8d`� ~�\x96
-@
-d\xFE�U\x91\xA5\xBA\x9D0\xA1�N$;<\xBC�q�*\xA6c\xC82d���\xAC\x82\xCAY\xC8(\x86\x8Db|M VK_\xCC5\x88\x89z\x90\xBEۛ\xE4\xDD�\x97\xB1\xE7\xC8Xz|\xF8u\xF5\xFA�\x93�\xF0\xFC�\x932\x94\x86I<m\xCC$B\x8C\xEB\xE0\xE1\x96�4��P}#\xA6\xF4; �\x81\xF3 \xF6D�8Rz�\x9F\xFBӡl\xDFTc\xE2\xF8�\\x83\xFF�\x87\xA4^\xDFu\x82HDc\xFD\xF6|\x83�\xF9\xA1?\xFFk\xE7D\xD2\xF5\xC0\xC7\xF1W@\x94\xD5YS\xACxf\xA2$.o\xCAz\x851�\x81\xD6!\xCCd\xE0M\x84\xA9\xB3\xAD\xDA)>\xE3\xD6\xF0
-h\xBBzxX\xD1G��W\xF8 �\x9F\xF8x\xFB\x81pd�G�S\x97\xE9\xB3\xE7\xF9\x9F\x98�\x8C3�;\xA6`�\xB2\x83\x80[s\x90\x83\x9B&\xB2K�\xBC�C*\xC7!�@��\xFE®\xDB(\x9DN��\xEA'\xA8u|6\xE7f\xC0\xE9\xE0&�\x80S2Z\xF7\xEB\x84c\x80\x8B\xBB\xDE\xD01\xDE<\xD3s\xA0l\xB3\x88\xFA\xB0\xA2\xE0\x81Yc\xE8>\xA7'\x84\x81��)\x8EN\xB0\xD5EZME\x87\xC8 \xA1\xE4\xE5-\x9DW}\xD7q\x91t\xBC@Ú½\x94\xEE�\xBE\xE7;~�7eh\x98%\xA5\xE7\xA4ן\x8C\x8F\xF4�\x8B#\xFD��U�1\xAFÔ0M\x88\x86�\xCAÒ‰M\xFC\xF1\xFC\xB0\xD7�\xC8U\xBA�\x923\x9B�\x82\x98<�\xB8wO�\xE7�J\xBE��s\xEAOL\x8Ec\xAE6\xDB\xF2Õ¤:\xB3�\xEA�\xF6 (/r\xCDG\xD7=��\x85�8\xA3?\xA1p�rm��R�XÖ”��a\xC4w\xE2 \xB4�QC\x81ɵ\xB5Ç¥\xAB\xB0\xA5\xAB7\xBE\xB5�h\xD2j\x83\x97VBF_Z\xACΑ`|�\xCE�\xA2\x89(%[ \x94uf,\xD5\xEDDC\xA1Ƽh\xBE;\x98d
-K\xCC�Ätg\xB9\xD1\xE4 �\xE4�h&\xC6Z\xE9I�\xA5\x94\xBB \xA3-�\xB9�!
-\xACn\xCC�<\xB3&\xCCK\x8F�\x89\x94v(\xC0\xB0\x98\xF1ȇq㑤�K�Y\xD6\xE3c\xF5q�1`\xAE/Ö¦"\xD8Ñ¥\xB1\xF5oJ?\x9B\xE2Y1\x84�zg+@\xAE\xD5 h]\xBC�\xA8VP$\xDB\xF8\xD2\xD6vç ¶\xC1@\x94\xB6[\xC5\xC5x\xBBM\xAB1\xF6.\x85�\xA5Rz\xAA�'\xA5�\xD1\xD8,0\xCF\xD2}\xBAš�\xAFY�r\x88\x8C\xBA�\xCBZ�:W\xC0Q\xDD\xF7-!VpR}\xE5\xA2=\x88:\xC6̨\xA5Ñ€\xAA�f\xF4\xE4�#\xBCk\xA5,\xA0i
-��\x90\xC0\xA1\x9D\xECLL\xD1\xE2ϩ\xAE\xC4A
-\xDD]
-\xFBL\xB5�\xB3\xF2a\x81\xB9\x8Fl��I\xEB\xC8 z1]��L��\xBF�\xCATk.\xFCaj
-\xBB\x8F\xF5.\xB5\xD4�\xBBh���&�\xEE>>b�\xB9`:&\xD0\xF4\x87\xF9\xB6\x94\xF4\xE7�\xCB\xC7)IH\xA3��5xr\xDAv
-��\x80\x89\xB0*V\xA0e\x93�
-\x9C\x921�/\xE3 _\xAC\xA7\xE8^\xB5\x90#\xF7\x83<\x86ݑf�\xFE�\xDAB\xDE \xFDz�\xAE��\xBE\xE9>2
-I�t�d�\xF6�W9\x80\xB0;\x98
-#";"�2\xF4o�\xC6G\x89�F\xF5 8\xF6 \xAC,\xAA/\xA0>\xDF\xE5r�\x97\xD1\xF7�
-}\xA0\x96�\x81�\xD3�\xB5*\xA7\xB5\xF4\xD0\xD6X\x93d=�䌩\x86\xCE\xD8"I\xACoè\xD8\xEDK\xB5\xB3\xDA65
-\x94Fe\xBBż\xC0(-\xFFj\xFA\xEDX\xC1É ]M8O\xC0o
-*n\x8A\xDCB\x{DC79}Z\xA7PNÒ¤7�\xD2^\xD3o\xA5\xE0\xAA\xEB\xB4y=�\xC0�\xD6bA<\xBF\x9E
-E\xD0��\x99\xADOÆܨ\x8C\xDA�\x9B-\x97�e]s\xF7Z�_\xD4U\xD7.�Ê‘�zE)m\xEDë¹®\xB8\xCAW\xF1\x95�\xBF\xC9U\xEA\xBA0\xA2\xC6\xF7j\xADbqå¤7\x91\xD0��\x9D\x89\x92-9\x8E\xC2\xD0�\xE1k\x8Dq\xA2\x8C�uB\xAB×\x89\xA7 fe\xB0\x90\xB9{ \xBA�\xA9-\x9EC� *d"&\xC4 \xF0w\xEE\xBF\xF5�\xBD\x95\xE8\x9A\xD6\xD9�\xF1\xF8-\x87\xCFڦϊЊ*+�T|$\xF4�\x85�m\xA1ÓŸ|-\xDAv\x9Di×»�i\xD6\xFC\x8A�\x9B\x83whJH\x9D�\x85�\x96\xD7�\xF2��gui.:�\xF1\xA2\xFF\xFB\xEA\xEAOt\xA5\xA1\xFD1 _~tG\x8B�\xA8�e\xCAZ\x98�\xBC�\xCF7Z�7ÉR,\x99\x94\xB7fT+�\x8B\x85\xC6h\x8F\xCB\xCA\xCC&\x9C�\x87\x8F�=\xF1\x99Thn\x84�u5e\xD5U\xA3Ǿ\xF9}�!\x92_*ÞƒlE\xBDi\xD2\xFD\xF6\xB5�\x88�[O\x87
-\xAA²\xF2\xA8\xD2�\xE4�\xBC^|\xFBEDv/"\x8F
-\xE2\x94m�\xD6\xF6\xD1\xEBC\xBD\xC3 1x�\x81VG\xDF\xE3\xC8\xD3ر\x81�t\x88y\x9D�,Eh\xB5\xE8 \x80\x93mC\xF8\x8C `.n\xDB�\xFC\x84 \xFA \xAE\x8B\xC6 \xAD\xBB\x92\xBDC\x9Bn �\xD2\xCD�\x8D\xFAW�X߃\xDB�zkt\x85k\xCC\xC3>m\xF84\xE30\xA1\xFFփH\xA7"\xE9�\xDC\xD0 W�\xCEF*2�\xAD0!\xD3ش\xE3\xF0�\x97o[Q�\xC3iU\xB7\xA6\xC1
-d\xC0\xC9�\xF7\xB5)&s\xE4?\xE7\xEDx\x99\xB4*\x9F-\xB9N:\x9C䦣\xA8Lb\x80)v�\xBCg\xB2l\xEF\xD5�W\xFC\xA6\xDA@\x{D91A}.&/\xCF�\xACp\xBF\xD0\xEC\x96J\x9E\x8Cc�\xCAxw\xB3\xBC\xE5ܛ\xD8\xD6"\x89�Y\xE6\xDB\xF4\x9F\xDA~�\xCF?q7\xB2\xA7E\xA2\xFF\xF4 \xE9;\x84\x81*\xA5\xC57\x95\xF5
-c\xE5\xE0f�\xF6\xED\xF7\xB9\xE0R\xF5v\xF9\xC0w\xB2\xBD\x9A\xC8\xF6\xEBvuy\xF9\xF2\xF2\x82*p
-]8*?\�\xD5\xC2X\xE9�[}\xE3\xFA\x81�&�?\x81k�\xDA\xFE\xF9+\xFCM\�O:\x89p-\x92\xD3~\xE5\x87�1\xCECN("\xDB�\xFF\xF9\xF8Ó‰�\xF8N\x94�\xB1i\xD9E\x98\xF8\x{12D0D6}\xBF\xCC\xEC\xE8\xC7\xFE\xBBG\xB7c1\xDCb\xBE{\xF8ÃO)\x8F\xD41T�~\xDF!\xAF\xBD<\xE6\xCFG\xFE\xE38:\xE2\xEF\xE8[L\x87u\xCA\xD3H�\xA7Ô\xA7\xBFL\xE5]�\xC0Ĉ90&\xBA\xD2K\xF7\xF0xj7\x88\x86\x9E�\xC4�\x98-t|\xD7\xE2�\xDAv \xAA{\xF4^Ù¶\xC4>\xB1t\x8B\xE0-Ö‹i\xA6'\xBE}\xA4\xA5\xB6\x9F4\x9E\xD3\xC2>\xA9�]\xB6\xA3\xF7OtJ\xB5�\xF9\xEF\x91\xCA�\xF8\xD9J\x84b\xA4\x87�7
-}\xC7\xF7�\xE8UH\xC7�\xC1�{\x91ݰ�\xEE8u\xA2�\xBA\xA6Nh{'R\xEDک\x9B\xCDe\xB3\xCEN|\xC7s#'q\xE51WG\xBE\xD3a\x9D\xB22R\xC4)\xB5\xB7|'r"?\x8E\x86�<\xC7\xE9�\xDC4\x86`\x93�6MK\xCE�\xFC=B\xBF\xF5\x85S��~\x96\x9C\x90\xC3\xED�\xF3\xFF\xFC\xF5\xB3\xFF �\xCC\xC98\xF6\xA6?lzQ 7�\xC6\xCC�J \xE8\x85qĺ\xFDNz\xCA\xFB�\x93\xB7\xF08endstream
-endobj
-2131 0 obj <<
-/Type /Page
-/Contents 2132 0 R
-/Resources 2130 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2107 0 R
-/Annots [ 2136 0 R 2137 0 R ]
->> endobj
-2136 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [253.7995 149.3637 417.685 161.4234]
-/Subtype/Link/A<</Type/Action/S/URI/URI(ftp://www.isi.edu/in-notes/)>>
->> endobj
-2137 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [63.4454 110.455 208.8999 120.6168]
-/Subtype/Link/A<</Type/Action/S/URI/URI(http://www.ietf.org/rfc/)>>
->> endobj
-2133 0 obj <<
-/D [2131 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-762 0 obj <<
-/D [2131 0 R /XYZ 56.6929 662.0717 null]
->> endobj
-2134 0 obj <<
-/D [2131 0 R /XYZ 56.6929 624.1661 null]
->> endobj
-766 0 obj <<
-/D [2131 0 R /XYZ 56.6929 624.1661 null]
->> endobj
-1531 0 obj <<
-/D [2131 0 R /XYZ 56.6929 593.0972 null]
->> endobj
-770 0 obj <<
-/D [2131 0 R /XYZ 56.6929 294.2701 null]
->> endobj
-2135 0 obj <<
-/D [2131 0 R /XYZ 56.6929 255.4568 null]
->> endobj
-774 0 obj <<
-/D [2131 0 R /XYZ 56.6929 255.4568 null]
->> endobj
-1251 0 obj <<
-/D [2131 0 R /XYZ 56.6929 226.1045 null]
->> endobj
-2138 0 obj <<
-/D [2131 0 R /XYZ 56.6929 53.5688 null]
->> endobj
-2139 0 obj <<
-/D [2131 0 R /XYZ 56.6929 53.5688 null]
->> endobj
-2130 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F39 1161 0 R /F53 1313 0 R /F11 1451 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2142 0 obj <<
-/Length 2825
-/Filter /FlateDecode
->>
-stream
-xÚµZ]{\xA36�\xBEϯȥ\xFD<�-\x92�\xA0K\xC7\xF6\xA4\xC94\x994v\xB7Û\xCE�\xB1�\x9BglH
-\xCEL\xFA\xEB\xF7�} 0\x92;\xDB\x80tЋ\xCF{>%\xF0e \xF82a(\xA0<\xBC\x8Cy\x88X\x80\xD9\xE5j�\n`\xEE\xE6�+\x99+-teK]//\xFE\xF9\x8EƗ�\xF1\x88D\x97\xCB\xCF\xD6Z
-\x92�_.\xD7�G\x93\xC7\xC7\xF9\xC3\xEC\xF6\xDF\xE3+‚\xD1�\x8D\xAFX�\xE8\xD1\xE9|1\xBE\x8A#.&\xA8\x98\x8A\x82\xD1\xF5\xED\xF5\x8F\xB7�n\x9E&\x8F?\xFC*�\xFA-`\xC1\xE4a&o�?\xDF\xDC\xCC�˹\xBA}\x9AOf\xB7�7 \x82ǟ\x96w�\xF3\xA5ym\xFB\xA7ညw\xFE\xFD\xE2\xE3\xA7\xE0r
-\xBF\xF0\xEE"@\x94'\xEC\xF2+\xDC��sN.\xF7�!\xA3\x88\x85\x94\xEA\x91\xDD\xC5\xE2\xE2'\xB3\xA05\xDB<:\xA4*F�\xC4���\xE8\x8A\xE0K\x8C�g\x8Ct\x94\xC58\x8A(\xA1\x8D\xB2�uZ\xAC\xD3úr\xFE��"\xCA\xD89\x9A,) M\x86h\xD2R�\xF9\xE3Ó»)()\xFC\xD4G\xC6,@ \x87w\xF7B�\xA9Sl\xCA-l\xCC�Jbʺ\xE0\xB3r\x9F\xE6\x85$\xF4!\xDDg\x95âX^M\xCBb\x95\xBD\xD4j�t$/Þ¥\xAB|\x97\xD7y\xD6\xE8\xAB\xF73q� �\xC5 \xBC\xA0\xC0\xF8\x87|\xE4q\x8C �\xA1\xC9r\xEC\xBE\}I_\xB2\xFA\x90WJ\xEA\xA1|\xCD\xF6\xCF\xD9A\xDEa\x9E\xC4\xC8\xC9�\x8E\xC0V\xC2s\x8CXR�F\xB4\x94\xC5�\xF30⃶�\xE9c;�\xB1\xC1\xCF2r\xBB\xD9e\xFB\xAC\xA8\xD3:/\x8B�/\x8B\x97l\x95\xFF��d%gO\xC9!\x98 \xFDA<H\x8E\xBC\xF9\xFB(\x8AD<\xA2\xF4�E\xB6\x94\x9B"#\xA5)\xE2\xB1\xC7g\xBC\xC8-C'\xD0\xC3�u\xB0\xEF\xD3|\xA7B`y\xAC\xF3b\xD3\xE3\xA0\xDEf\xF2¦r\xF1V\xD5\xD9~\xC8Y�\xC4È\xF3.�S\xA5\xFD\xC7\xF4 \x9A_o25~\x97�\xC7\xF4\xF0fT�!\xB5d'\xC2]��"\x9E\x80j\xA9\xF8�!i\x96~<\x94/e\x95iK9�\xF0"�\xA1$!縳\xA4<\xDCi)\xE3^\x9C{\xDC\xCB�m\x91\xD7\xC7v\x90g\x83\xDF�\xAB\xC3�'#\xE9A\x8A\xC7\xFF\x94\x85\xA2l9\xC6�\x8F�iQ}\xD6�\xAE�\x9C=,\x86\xE8�1\xC2�\xA8\xBACß½\xA2\xEFöN\xD5\xD0\xE4\xB89V\xB5&\x8EGn\x9F\xC1 \x8Aɹz\xC0\x96\xF2\xE8]KYz\x8F<z\xF7A[z\xEFc;\xF4n\x83O\x94b\xB2\xD56-\xF2j/o?\x97JÉ
-)\xE5\xFE\xA5\xD61\xA6\xB6\xC3X3V~\xEE\xB35\x85\xB56\x83)\x88�\x82\xA2\x98x\x83�c\xA3\xFC[\x9E}7?\x81\xC8n\xC19~,)�?ZJ\xF3C0\xF5\xF1ヶ\xF8\xE9c;\xF8\xB1\xC1goE\xBA\xCFW\xE3+�ţ\x9F_\xD6i-2�\x8D\x92\xC6\xFE\xC5`�\xD6ą�k\xE2Zd()\xE6�p�;c\x8C\xA3\x96�\xCA\xE3\x96�\xB1\x8Aͅ\x98\\xA8\xF1\xE5\xB6\xDCWe\xA1Fm|SM=e_\xB65\xB8h�\xEA�\x9B\xF8+\xA6\xEE�\xEA@!�\xF8ʄF\xC0\xBF.\x8F\xC5Zs\xFErС�(w\xA71��M�\x86\xD4O\xB9-\xE5\xA6\xDCH\xB5\x94'\xD8M\xB9�\xBA\xA5\xFC�{\x98\xF2�\xF8t\x97�,'S\x85F]\xF6\xB3�Ľ?Y[`�\xA1 \x86\x8A\xBA\xE3vO\xC8\\xC8\xFF\xD7\xC7j+\xAF\xE6\xB!
B?tb;\xEE\xDE\xFE��\x8C \x92Pr\x86 K\xCAÄ\x962L\xD0 \xF10ჶ\x98\xE8c;\x98\xB0\xC1�\xB2
-\xA8\xF4UG\xB5t\xB55U\x85�z\x86\x85\x9F\x8E\xD9\xC1QvS\x8E0\x89\xC8p*\x9A�k\x99\xF8\xBE\xEA:\xEE>m�V[\xA3\xF7Äwh�0�\xD53z\xB7\xA4<z\xD7RF\xEFQ\xEC\xF3 �\xB4\xA5\xF7>\xB6C\xEF6\xF8\xFC[\x9D�\x95I0&9U\xBD\xECd\x94/\xFA\xE19\xDC�\xBA\xEB=\xE9|0\x8A�\xCC\xFF\x9Cw<\xA6\x8F�\xE0\xE0s�XR�
-\xB4\x94E�\xF1P\xE0\x83\xB6(\xE8c;(\xB0\xC1�\xCA\xE2J�]\xD9a\x9F�\xBA"3�\x97 \xA6\x89�\xD9:\x97�\xBCr\x86�\x86H\xCC\xE8\xB0�L�\xE9W\xC1(\xAC\xB0�\xD6=w\xEA>�^�\x88|~\xDD\xDBRn\xDD�)\xA3\xFB$\xF4\xD4\xC2^\xE8V\xF7'\xD8ú\xEF\x80/2U���P6z\x9F\xBDɋ\xB6
-NW\xAA\xFE\xA2�h�rBQ\xE7\xA6&�I\xE9"p! \x83�\xE1"\xCB\xC5\xED\x8D\xC3C�\xA1(H�\xB68\x82\x87Z�\x81�\xF0\x90p\x94\x8F\xF1H9 \xE5\xA3�j\xEA\xE6\xB8\xDEC\xFA\xAEdQ at h2\x9A\xA9\x99yZ\xD5W2\xEF�\x88N\xDEߥ_\xB4\xCBю�\x98\xBE\xEDZ�\xCA/cNF\xD9n�1\xB8\x968M\xB0T\xE9\x89�P69\xED$\x8AQ\x94\x80\xEA\xFDvbIy\xECDK�;\xE14\xF0؉�ڲ\x93>\xB6\xC3Nl\xF0\x8E\x9D\x80
-\xA4\x9D\x88\xF4]\xD5\xE9\xF3.\xAF\xB6\xA2\x99\xF2\xC5\xCC\xE5\xFB\xB9\xDAQ|zr\x85΄\xA3\x90G\xBDM\xA3\x99\xE2D\xD0\xEBdp\x91\xBD\xD4ÖŽ\x84\x9F\xA1\x90#F\xC89\x86,)�CZ\xCAbȓȼ\xD0�C}l�C6\xB8Q\xF6S\xF6\xFB1\xD3!\xCDX\xF6\x80?�\xB5\xE5\x9B"\xAD\x8F\x92Úª%K:o\xD0\xE4\xB8\xCA\xE5\xC6�\xD4�\x94\xF0\xFF7[�#�\xE1slYR�\xB6\xB4\x94f\x8B�A\xECa\xCB�m\xB1\xD5\xC7v\xB0e\x83\x83?)\xAD\x9F\xEE�\xB5\xF9N5T\x86�\xE0\xB8!C>\xA2\xDB5q#Ûµ\xC1`\x8B�\xE3Q\x97$o\x98\xEB\xEE\xED\xF9\xB9\xC1�\x81 at r\x86�K\xCAÃ\x962\xDCDޜ胶\xB8\xE9c;\xB8\xB1\xC1o\xB2�\xEAk\xA1\xD88\x96D嵈vq�w\x87\xD7|\x95É©\xC9nS\xC2\xD4v/\xE7dØ“\x8F\xB4\xB1�\xEEe\xAC�\x89���\xCB\xF4s\xAA\xBD\x96\xF4j\xB8�\xF4\xDF,�2\xBF�:\xAF\xC9S�_\xAEe(da\xAF�Z(\xFA\xDFM\x8B\xA1\xFA\xF4Fv��Ý—\xE9\xE1|'\xB7hÞšß¡f\xD4�_\xE5\xCF\xE5\xAB=s×±\xB2
-~ez\x92pu?\xF8C\xBA۩\xB9�\xAB\xBA\xB4�\xEFo\xF2�\x9A\xA7\xFE\xFEfۨ\xB6\xB45[Kߵ\xEDI\xC3 �<\x8C\xFDfmK\xB9\xCD\xDAH�\xB3&\xC4c\xD6^\xE8֬O\xB0\x87ͺ�~[\xAC��\xD3m\xE5SV\x95\xBBW\xAD\xE8\xC5\xF1\xE5\xA5<\xD4'�\xE7b>�\xCA\xD4�\x83؟\xB0\xE1\xD8?-\x8B\x83\xA1z\x96\xAD\xBA\xE1�;\xC3 \x85X\xC5)=\xA7wKʣw-e\xF4\x9EP\xEAѻ�\xDA\xD2{�ۡw�|\xB9\x95\xD1 �\xE5\xC2K@�\x9E\xEEު\xBC\x92wB\xD5\xE2\xBF\xDCZ\x83�\xB3\xB5�\xD7jk
-\xAEt&�\xD7v&��\xF8T8I\xBB\xD7&VE
-\xBC\xFE\x92�
-Z\xEE\x96\xC1œ\x9E\x84N(\xCBEH�q\xA4;#UO\xABE;\xF54\x90�:\xC9$�\xA3�\xC7g\xF6Hm)7\x99FJ\x93��>2\xBD\xD0-\x99'\xD8\xC3dv\xC0\x9B \x83\xB9\x9D�0O\xC0\xB7j \x99\x8F\xCA\xF5QEv1\xDA(X�\x8B\x92,o\xCF��wn\x92�:�\xBB\x98
-\x92\x86�\xF1\xFCD>�]O\xC20&F\xEF\xD5\xE8\x8F\xE9AuG\x81\xEC\x8E\xC4\xCBܧU\x95\xE9\xC8-7G�d\x87\xD3\xF6��\xE9�\xAE*�\xDE-�\xFA\x99\x9B\xFE�\xA38\xC0g\xF6Km)�\xFDZÊ¢\xDFs\xEEç…¶\xE8\xEFc;\xE8\xB7\xC1EÌ”u\x9B(�\xC0\xC3adU\x8AT\xD2\xDC4i\x9BBK*\xBD\x99\xAA\xFC-.Z{�wf\xD7i\xF0\xE0�\x8BO�B\xAB?\xA6\x8CK'\xA5=[h'�\xCB�\xC4\xE8\xBD�7\xB6 �gj[\xDC t\xA8\xEFXH\xEFL\xF9/��\x94\xBEL\xB4\xE3~c\xB0\xA4<Æ \xA5,c\xF0$T/\xB4e�}l\x871\xD8\xE0\xEA\xC0\xAA.W\xA5ز\x82 z_\xAE{\xBB\xE9 Q\xB5\x9C�\xF1bDV)"\xAA\xB7U
-\xDCI\xA3�\xE3\x91\xCB.H\x8C\x92\x90\xDB\xC5�Dz\x82\x82E\xBB1\xC2L\xD8Q]\x8C\xDE+qm�*\xBC\xAB\x95;\xF6\xA0\xD3\xF9\xDFc�'�\�\xBA\xA7\xC2�\xED�\xEE�(\xE9`>r\x80\x82$ջ
-\xC0\xB4jP'\xCF\xE5\xB1\xEE\xED0\xF4\xBE\x88p\xD8!f
-\xE33\xAD\xA4%\xE4\xB6B-d�U\x99\xCF�}\xB8\xAD
-\xF6\x81\x87M\xD0F\x9E\x8C\xAF� -3�w\xCA,\x9Fw\xA2^��
-[֌*\x85\xC5ȴ<\xD8\xFB\xA9\xCD\xD8/c�\x8C\xA0\xAD\xB1\xEF\xD6\xD9N\xAD>\xCB^v\xE5\x9B~\xBE\xD1\xF3
-\xE5\xE7\xFA\xABd>C�\xB6K\xA1`\x8Cid\xE57\xC6\xC1\xE2U<2\xB3�\xFB\xBBI_\xE5��C\x9D�\xE6\x9C:��& \xF4\xDA\xE4LcjKy\xA8\xD6R�מ�Z/\xB4Ev�\xDB\xC1\xB6
->-\xF7{\xB9\xEB\x8A\xF5f\xEB\xC0\xB7 at 09\x97\xAC\x96\x87J\xCAH\x85\x89\xC5q\xB3\x81N\xAC\xE9\x84`\xFC]\xFEm\xF8\xE8\x9C\xC6(\xE6\xD8>F\xA2a\xF3\xF9\xA0X\xE4\xFDq\x9F\xEASW\xB1\xEF\xDA\xF4y\xB0\xDAc +\xEF\xD4\xE0T
->d m\xE2\x8C^\xB7\xC3s\xA7\xF7\x9C\xA5\xC5�\xF9\xC6�g\xEE\xF3\xDDΜ\xF8~\x9FI\xF0�\x910\x8A\xFC�a \xB9
-B�\xB5�T$\x9E\x83��nk�}\xE0ak\xB0\x91�\xD9!\xD7G%�ǶÚ4[�Y\x9D\xAF\x86\xAAL�\xC6,<=\x9D5G\xB1\x8E\xF6\�\xD7~\xEFG�I \xB6\xE0\xCF\xD4\xFF\x96\x90[\xE1Z\xA8\xCD\xF8\xBEϾ|\xB8\xAD\xC2\xFB\xC0\xC3
-\xB7\x91\x8D\xF7A\x9D\x9FW\xCF\xD96}\xCDE5�#P}m\xA0kk\xF4�\xD3\xD29\xE1B\x9F\xD46"\xB2�\x80\xD1\xDB\xC7\xD7H^M\xD6\xEAD�2\xEC\xA0#F�E\xD0|X|�\xD6~�ѼJyȫm^\xA7�DR�\xE3K\xE1%J\xE6./\xF6Y\xAE\x9DP\xAF\xD9\xD9C\xB2�7܅�\xA4j\xF1 \xEE\x80j�\x93\xDB\xFF\xF2\x97\xBE\xD6\xCEa\x8Ch\x928�\xD3(4\x9F\x94r\xAC_J\xFC
-LX\xFF\xD5\xCD7\xC1\xA7\xEF\xFE_$\x9Fb\x94endstream
-endobj
-2141 0 obj <<
-/Type /Page
-/Contents 2142 0 R
-/Resources 2140 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2107 0 R
->> endobj
-2143 0 obj <<
-/D [2141 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2144 0 obj <<
-/D [2141 0 R /XYZ 85.0394 752.3015 null]
->> endobj
-2145 0 obj <<
-/D [2141 0 R /XYZ 85.0394 752.3015 null]
->> endobj
-2146 0 obj <<
-/D [2141 0 R /XYZ 85.0394 752.3015 null]
->> endobj
-2147 0 obj <<
-/D [2141 0 R /XYZ 85.0394 746.3107 null]
->> endobj
-2148 0 obj <<
-/D [2141 0 R /XYZ 85.0394 731.5461 null]
->> endobj
-2149 0 obj <<
-/D [2141 0 R /XYZ 85.0394 728.1497 null]
->> endobj
-2150 0 obj <<
-/D [2141 0 R /XYZ 85.0394 713.3851 null]
->> endobj
-2151 0 obj <<
-/D [2141 0 R /XYZ 85.0394 709.9887 null]
->> endobj
-2152 0 obj <<
-/D [2141 0 R /XYZ 85.0394 651.9592 null]
->> endobj
-1381 0 obj <<
-/D [2141 0 R /XYZ 85.0394 651.9592 null]
->> endobj
-2153 0 obj <<
-/D [2141 0 R /XYZ 85.0394 651.9592 null]
->> endobj
-2154 0 obj <<
-/D [2141 0 R /XYZ 85.0394 648.8377 null]
->> endobj
-2155 0 obj <<
-/D [2141 0 R /XYZ 85.0394 634.0731 null]
->> endobj
-2156 0 obj <<
-/D [2141 0 R /XYZ 85.0394 630.6767 null]
->> endobj
-2157 0 obj <<
-/D [2141 0 R /XYZ 85.0394 615.9121 null]
->> endobj
-2158 0 obj <<
-/D [2141 0 R /XYZ 85.0394 612.5156 null]
->> endobj
-2159 0 obj <<
-/D [2141 0 R /XYZ 85.0394 585.7959 null]
->> endobj
-2160 0 obj <<
-/D [2141 0 R /XYZ 85.0394 582.3994 null]
->> endobj
-2161 0 obj <<
-/D [2141 0 R /XYZ 85.0394 567.6349 null]
->> endobj
-2162 0 obj <<
-/D [2141 0 R /XYZ 85.0394 564.2384 null]
->> endobj
-2163 0 obj <<
-/D [2141 0 R /XYZ 85.0394 549.5337 null]
->> endobj
-2164 0 obj <<
-/D [2141 0 R /XYZ 85.0394 546.0774 null]
->> endobj
-2165 0 obj <<
-/D [2141 0 R /XYZ 85.0394 531.3128 null]
->> endobj
-2166 0 obj <<
-/D [2141 0 R /XYZ 85.0394 527.9163 null]
->> endobj
-2167 0 obj <<
-/D [2141 0 R /XYZ 85.0394 513.1518 null]
->> endobj
-2168 0 obj <<
-/D [2141 0 R /XYZ 85.0394 509.7553 null]
->> endobj
-2169 0 obj <<
-/D [2141 0 R /XYZ 85.0394 483.0356 null]
->> endobj
-2170 0 obj <<
-/D [2141 0 R /XYZ 85.0394 479.6391 null]
->> endobj
-2171 0 obj <<
-/D [2141 0 R /XYZ 85.0394 464.8745 null]
->> endobj
-2172 0 obj <<
-/D [2141 0 R /XYZ 85.0394 461.4781 null]
->> endobj
-2173 0 obj <<
-/D [2141 0 R /XYZ 85.0394 446.7135 null]
->> endobj
-2174 0 obj <<
-/D [2141 0 R /XYZ 85.0394 443.3171 null]
->> endobj
-2175 0 obj <<
-/D [2141 0 R /XYZ 85.0394 428.5525 null]
->> endobj
-2176 0 obj <<
-/D [2141 0 R /XYZ 85.0394 425.156 null]
->> endobj
-2177 0 obj <<
-/D [2141 0 R /XYZ 85.0394 355.0758 null]
->> endobj
-2178 0 obj <<
-/D [2141 0 R /XYZ 85.0394 355.0758 null]
->> endobj
-2179 0 obj <<
-/D [2141 0 R /XYZ 85.0394 355.0758 null]
->> endobj
-2180 0 obj <<
-/D [2141 0 R /XYZ 85.0394 352.0499 null]
->> endobj
-2181 0 obj <<
-/D [2141 0 R /XYZ 85.0394 337.3452 null]
->> endobj
-2182 0 obj <<
-/D [2141 0 R /XYZ 85.0394 333.8889 null]
->> endobj
-2183 0 obj <<
-/D [2141 0 R /XYZ 85.0394 309.8192 null]
->> endobj
-2184 0 obj <<
-/D [2141 0 R /XYZ 85.0394 303.7727 null]
->> endobj
-2185 0 obj <<
-/D [2141 0 R /XYZ 85.0394 278.3282 null]
->> endobj
-2186 0 obj <<
-/D [2141 0 R /XYZ 85.0394 273.6565 null]
->> endobj
-2187 0 obj <<
-/D [2141 0 R /XYZ 85.0394 246.9367 null]
->> endobj
-2188 0 obj <<
-/D [2141 0 R /XYZ 85.0394 243.5403 null]
->> endobj
-2189 0 obj <<
-/D [2141 0 R /XYZ 85.0394 173.5556 null]
->> endobj
-2190 0 obj <<
-/D [2141 0 R /XYZ 85.0394 173.5556 null]
->> endobj
-2191 0 obj <<
-/D [2141 0 R /XYZ 85.0394 173.5556 null]
->> endobj
-2192 0 obj <<
-/D [2141 0 R /XYZ 85.0394 170.4341 null]
->> endobj
-2193 0 obj <<
-/D [2141 0 R /XYZ 85.0394 144.9896 null]
->> endobj
-2194 0 obj <<
-/D [2141 0 R /XYZ 85.0394 140.3179 null]
->> endobj
-2195 0 obj <<
-/D [2141 0 R /XYZ 85.0394 113.5982 null]
->> endobj
-2196 0 obj <<
-/D [2141 0 R /XYZ 85.0394 110.2017 null]
->> endobj
-2197 0 obj <<
-/D [2141 0 R /XYZ 85.0394 95.4372 null]
->> endobj
-2198 0 obj <<
-/D [2141 0 R /XYZ 85.0394 92.0407 null]
->> endobj
-2140 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2201 0 obj <<
-/Length 2889
-/Filter /FlateDecode
->>
-stream
-xÚµ\x9AMs\xDB8�\x86\xEF\xFE�:JU1\x86 \xF8y\xA4-\xC5Vb+^\xC9\xCE\xCET&�Z\x82c\x96)\xD2�\xA9$\xFE\xF7\xDB >�R$\x98Ù-�L�M\xBC��t�\xDD$\x9E8\xF0\x87'\x9E\x8F\xFC\x88D\x93 r\x91\xE7`o\xB2ÝŸ9\x93o\xD0wu\x86\xA5͹2:7\xAD.\xEE\xCF\xFExO\x83I\x84"\x9F\xF8\x93\xFB'c\xAC�9a\x88'\xF7\xBB/\xD3�Q4\x83�\x9C\xE9\xC5\xF2\xE2f\xF9\xE9j�\xDF]\xFF5;'\x9E3\xFD\xDB\xF1\x9Cx5��6�WW\x8B\xCD\xFDB~\/\xE2\xF9ru�&xv�\xF8\x913\x8D\xEF\xEE�\xAB\xF9\xF2O\xD1�\xF3Q�\xDDz\xB9\xD8̾\xDE8[\xDC\xEB\xAFm\xFE4\xECP\xFE\x9D\xBF\x9F}\xF9\xEALv\xF0�?\x9C9\x88F\xA17\xF9 ��\x84\xA3\x88L\xF6g\xAEG\x91\xE7R\xAAZ\xB2\xB3\xCDÙ¿\xF4\x80Fo}k\xEFTa��ê“ž\xB9"x\x821\x8A<\x8F\xB4&Ë‹\x90O \xAD'k\xCD\xCA\xE2x\xD829�l[�v\xE2\xFA~�3\xF0\xF6\xCA\xCA\xC1_I1
-< a�hX\x89/E\xFA *+\xFE\x9D\xBE\xAC\xDF_b�Ò¯]eL�L\x87�Ø¥\xB5Õ©6\x8D�mL�ä‘ \xAD\xBDb?\xE1\xE7c:\x9D\xAF6\xE2b\xBD\x96
-\xECo\xC7!yZ\xA5E^\xCFI\xE7\xA7`Ç…i\xA5>| >\xD0;\xB8\x8B8\xD3K\xF4~�\x91)�c,~\xB0\xC3�\x87\xD3\xE7\xE4P\xD5�xz#\xBB\xE2\xFA?\x99\xDE&\xFB\xE4\xA5(e\xEFZ\xF6>d\xD9>\xC9s9h\x92\xEFD\xF3\xDD�\x93H
-~[l_\x92WV�R\xB8�\xBE�̄\xFAJ\xE7b��\xFF\xF8\xB4\xAD\x8AG\xF8�5eXt��"\xECG�
-}w\x84\xB0i5LX[iÂ\xE3��\xB6J7\x84O\xB4{ \xB7\xB4�X\xF8\xE9\xABM|\xA7\x96=w��\xA6\xED�\xBD\x98A;\x88\x82\xC8\xC0�\xF6�H\xFC\xBF�Hi\xFEM|�\x98\xF8h\xB2\xF7\xB2\xC8X\x96%\xF2\x9E.�w\x98C \xFA��#��+��e\xA59\x84\x81\x8D\x83M\xDA\xE0\xD0\xD5\xEE\xE7`j\xC7|-�\xD3[\x96\x80;\xC1\xA5?}*�\xA2m\xF1뵦\xC1\xCARL&t\xDE�Û„\xBB\x9E\xB0X\xE6`\xBC\xD7
-\xFE4\x95�\xD53��\xF3b\x9F\xA4\xB2s\x95\xECe\xEBæ¬Ø¾�+u0\xF2x�m\xB0R�\xDE+�K~\xA4\xA5lk|�:>\xCF<o\x9A\xFEJ\x99\xF48=̹�\xBC0\xDA\xFD,p\xA7\xE8]gU,媘\xA7Û—4/\x8B\�|H\xF2crx\xD3\xEB\xC2�^�.l{.�\xF3O\xC3ʲ.\x94\x95Z�\xC4\xF1\x88e]ؤ\x8Du\xD1\xD5\xEE_�\xA66\xAC�\x8A=\xE1\xA6�\xBBu\xFC\xE5
-\xF5\xEA\xE0�\x9BW\xB6M\x9F\xDE\xEA\x95\xC1?\xD7ȹe\xB3Dxs\xF1$\xCD\xD9\xE1G\xBAe%\xEA\xA1N\x9C�aJ�\xEA��\xF3P\xCC\xEF\xBC:f\x8F�\xC0U\xB2\�\xD4\xE8x\x8F^�\xFC\x83\xB1�\xEAە_\xD7�B+\xB4�\x84\x9D*\xF6�\x{1BC443}\x91ie\xA1\xAA\xAC4U\xEC[\xF6U\xAB\xB4A\xB5\xAB\xDDO\xD5\xD4~�\x9E�3!y\xC1\xC52\xAF\xD8!g\x95\xF8$\x80\xF3\xFEB6\xA4%\xECe\x8F\xC7J\x9A\xDF.\xFF\\xAC\xC5\xE5e!\xFC?\x97\xF7^e\xC5c\x92\x89\xEBx\xB7S\xC1Cޗ\xBC\xBEr\xF1�\xA7w#\xE4b\x97�\xF8]qΫ�\xCAΥS+\xB3�ì\xD8n\x9F\xD3b\xC0i\xC3A\xBC^\xE8"\xE2�\xAE�\xAFi5\x8CW[�x\xC3a\xBCV\xE9�\xEF\x89v/ޖ6\xDFA\xB3\xA3�\xC7ԯ\x9D\x8F\xD0`\xFA\x90\xA7�\x94h\xECl\xB3вܱ\xBCJ\xF9\xB9\x8A�J\xD1t\x94!\x9F\xAAX�m:\x96S�˩5\x96S�\x84�5cy$6a>X\x92\xA7,�C\x88X�\x8D\xB7H\xC5oyk�5\xECQY�_K\xB1>\xE6L\x83�\x86A{�\xD1 \xA2#\xA0
-+�he\xA5A�\xEAX@Û¤
-\xD0]\xED~Ц\xF6G&\xD7\xF8\xE2\xD7\xF69ɿɉ\x98\xB3\x8C}S\xDBq'\x91�\xDB:\�\x9E\xDCz\xB5\xE9;Y\x85�$2\xB4}\xB0RG\xA7\xB8j\xED\x91ݳ\x93\x85�%\xC8u\xFD1
-\x86\x95\x85\x82\xB2\xD2�`\xAF\xB7P\xB0I��\xBA\xDA\xFD�L\xED\xF9&�?\xFD\xE3⯲s\xAC\xD8,\xAFdS\x9Aw\xE7]\xF9�?\xFD
-?\xE27�?\xD2\xF91Щs\xE0\x9E풺(
-\xFC6\xA1\xB9$\xB4H\xCA*K^\x98l\xA6\xB5\xA3\xEFÞ©s\xB1\xF0\xFBgM,�&\x86af0��\x90\x86\x95\x85\x98\xB22\x88��b6i\x83XW\xBB\x9F\x98\xA9\xBD\xDE\xC4\xDC\xCE=\xD8Y�E\x8D�X\x9E(�E\x8D_q@\xFC\xBF\xD8&\xC1FQã‚Z}\x83\xA4ƯG\xA8\xF9�
-\'4v\xB9@`\xE3\xA3�\xD8\\xC7\xC4\xC6?5\xD8\xC4aF\x8D\xD4\xCA'\xAD0\xDD\xD0A>L\xBA�\xA6i5�S[�0-\xBB\x9DU\xBA\x81y\xA2\xDD�\xB3\xA5\xBD\xA9\x8AC\xBDK\xE1\x88N/\xD9Alap\xF8d%osk\x86\xBC\xAFf\xC8��C\xDE(�\xF2+Å[\x8C0$�aH;�\x86\xFC~Î\xDFk\xBA\x9E\xE3)\x86¦^a\xFC\xE2\x934\xBE:\xEE\xF6G8\xD4\xCAÃ�\xB9Å´\x89\xB4\xFF\xC4s]8\xC7�4 #\xB0
-+�lee\xC0\x8E,\xB0m\xD2�\xEC\xAEv?lS\x9B\xC3N\xC4>�\x8As\x8D�\xC1\xD9\xF4\xA9>\xB5\x9C_\xB3\xBA2#zas,E*[d\xE8
-\x8D\xD0�\xE9\xD0��\xA17�[ \x81\x8B�8K�\xA17\x94\xA17j\xF1\xF7[\xA1\xD7\xC7'>,�\xFA�.�\xE7\xF8Ðƨ�V�\xAAʪ\xA1\xEAZ\xCE1Vi\x83jW\xBB\x9F\xAA\xA9=gU\xB2}f\xBB\xFFfc�Ù»Q\x81\xE8\xC1�\xB3K\xA9\xEB\xFD\x9F\xB7J
-id\x84\xFD�4\xA6\xD50�m\xA5\xD1�\xA1\xA5 `\x95nÐœh\xF7\xA2ii\xD7G\x9B@\xD5\xE9BQ\x80\x85�y\x8E�\xA7\xA5Q \xE0�\xD2\xC9�\x9E\x92\xE93\xA8\xF2\xD5`Z\xCA�\x80h\x95 E\xD7f\xCD+3\x9F\x87|\xCE
-\x90� \xBC 1�\x85Z�Ȩ�4%!\xCF( \xDDH\xC3E\x99\xAAX\xAB�le�\x8F�\xC6X-\x92\xF7\xEC\xF10�\xA7M6I�g\xB8DK}�9$\xC4#+\xC0\xB0\xB2\xAC e\xA5W@\x84=\xCB
-\xB0I�+\xA0\xABݿ�L\xED{�\xD4u]\xEE\x8B5eץ\xD3\xF8X=ö[\xBD\x89\xAE\xBB"\xE5\xE5�\xD1ǡ\xAE\xE2\xBB\xFB\xB5\xF0O\xDE_3\xE6}\x{DB13}w\xC9\xE4\xA4?\xC8\xFA\x9E\xDB\xF0\x86h\xC1S\xC3\xFA.\x95�\xAE\x91�W\xE4\x91\xCA\xEFlE\xD5
-{\x85\xF8\xA1\xD3�;G
-\xDB\xF0È‘\xB7\xB1\xB10�6\x8A \xC5\xD8�^-\xA2�\xBF\xB6j?\xBDF\x95�t7\xD7\xF19��0d6B\xE4Q\x97�\xC2-D\x8BL^\xE0J�j\xB1\xAA\xDE�\xA3z\x8Bu\xF5�7��\xAEG\xB6\xCB�x8�\x9B�c\xB0\x88\xBF\xA4u\xE6\xE5E\#\xFE\xF2\x82t\xF2&\x99\xAA1ZP\x81"�\xA6�}\xC4��Ç\x91\x85\xA34j@�K\xDDΦk\x90\xEC�\xF7\xA34\x84\xE3&]�\xC9\xF8Z?�$\xFC\xD1`'\xBF\xBFI\xCBJ\xA6\x9E"\xF6:\xEDb�o\xB8��\xF9\xE1\xE9�+\x8D\x87\xB2w7Jc\xF0�\xEC���\xB7\xB7T#\xF4B^Ul\x9FOj4V`�q�Å‘�\x98a4�L�i`^d)
-\xD8t�`]\xE1^`\xA6\xB0\xA8\xA1\x86p"\xFCU\xB1\xBC\xAC\x9FT\xC2�숚*\xFC/\x8F\xAF\xAFš�F\xCB;\xD1\xF8\x83�JQ6\x87F\xBF\xAF2�`\xE4\xF8\x91\xB1�\xBAěn\x90\xB8\xE3\xFE\xB9؋|\x81\xB7^\xCA\xD6\xEBc
-\xBE\x9A\xC8\xD6Ϻ`�]�\xCB4O\xF2Jv\x89��\x9AU
-N\xAB\xB5\x83iqL\xCB2\xED\xAB\xFF a:L\x98�o\xA93\x86Ø°\xB20VV�dK5\xC1*mP\xEEj\xF7c6\xB5\xAFa\xD22\xFD\x9CQ9\xDBC\xFE\x92�?\xF3\xAE\xD3�<\xDCl|O\xBA\˵\xCB\xDE\xF2�Fn�u<0\x96\xCEwu,\xAB\xE4\xA9l2\xC7\xD3íªg0\xAD\xF7� .�X\xC1\x94\xF0\x83<
-�\x8C\xDB\xCFiueKױ\xF4\x83\x83�\xE6\x90\xCFB\x8E\xE3\x8C\xC4a\xD3j\x98\xB9\xB6j\xDELp\xF00s\xABt\xC3\xFCD\xBB\x97yK[\xCF\xC7"\xDF�\xBB�\xF8+V\xFD,�/M��~\x82\xE9;\xFC�d'D\xC4\xF1CK\x98\xFDl~h\xBDu �\xC4\xEB!\xCDT\xF2��'/؋P\x88Ǫ�\xA6\x95\x85\x92\xB2j(\xD9\xF6K\xAB\xB4A\xA9\xAB\xDDO\xC9\xD4^\xB3\xEF\xC7T\xECq{\x96\xAB\xEDPo\x91\xCD#/\xFE\xE9\xBA\xD0�湚\xBB\xD7,\xDD�\x85\xF4\xA6\xAC+#w\x9F[�\x90<\xB9\x9D\xC2\xF9\xC5!ٱ\x81r\xB9
-\x85��\xBA#\xF5:\xD3\xCA�EYi(^ds�\x9B\xB4�\xA5\xAB\xDD�\xC5\xD4�O\xEF7\xD5á¸D\x98d\x9D\x997\x9Em\xF4l\x8D\x91\x87\xFC\x80\xBA\xED\xC9\xFF \x9D\xE3� \xF3�a \xB1�~\xE3�c\x90\xF0\xC6��\xD3Ê‚AYé´ŽbË®e\x9560t\xB5\xFB1\x98Ú—YR\x96\x99>
-.W\xE7\xF1|\xBEF\xF1ZD\x97\xF8w\xA6�~TЙ\xECkUUIw9SA\xE8J6\xEE$ͫz꾅щlͣ\xFC~d\xC3\xCFu1dw��G�ۛV�d\xCAJ#�\x89\xE54i\x956\x90u\xB5\xFB\x91\x99\xDA\xCB\xF8Bm�\xBCD\xC1\xB6\xCF9\x84\xA7L\xBDδ\xE71N\xEEC݇M�y\xFA\xFDȺ\x87� л\xE9��z~\xD0�\xDB�\x96\xB1D�\xC7ʎ\xA7^�I\xA7\x82\xF6;\x95\x93�~f8\xF6\x96\x85a4LK�5e�b\xA9T\xDBt�V]\xE1^T\xA6\xB0\x8Eqn\xA8b\x9C�\xF1�7\x83\xB4\xBA�snԩb\x82\xE52^\xC5\xE2\xEA�r\x85t\xC7�\xC9\xD0\xFB\x8D\xBC\xA4\xE9\x93\xD6\xD3?�\xB1N\xA9\xE1v3\xA5\x86f#\xA5\xE6\x9D\xD2\xE8\xA2.l\xE5\xB9x \xF2\xFCߵ\xB7eY\x9A\xEC\xD5�\x8BZ\xA4u\xF6\xD7\xCE\xDAy\xCDn\xF0\xA0i\xA9\xB3x\x88\xBFO\xDB3\xF9\x8E>\x93\xFEϯ\xED�U\xF1 \xD10�8\xBC\x90 2\xDA�\xAE嗪+\xF1\xC4?\xF9\xEA\xEA�\xDF\xD3\xEF\xFE�q\xBDO0endstream
-endobj
-2200 0 obj <<
-/Type /Page
-/Contents 2201 0 R
-/Resources 2199 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2255 0 R
->> endobj
-2202 0 obj <<
-/D [2200 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2203 0 obj <<
-/D [2200 0 R /XYZ 56.6929 748.5056 null]
->> endobj
-2204 0 obj <<
-/D [2200 0 R /XYZ 56.6929 748.5056 null]
->> endobj
-2205 0 obj <<
-/D [2200 0 R /XYZ 56.6929 748.5056 null]
->> endobj
-2206 0 obj <<
-/D [2200 0 R /XYZ 56.6929 743.7078 null]
->> endobj
-2207 0 obj <<
-/D [2200 0 R /XYZ 56.6929 719.6381 null]
->> endobj
-2208 0 obj <<
-/D [2200 0 R /XYZ 56.6929 711.8197 null]
->> endobj
-2209 0 obj <<
-/D [2200 0 R /XYZ 56.6929 697.0552 null]
->> endobj
-2210 0 obj <<
-/D [2200 0 R /XYZ 56.6929 691.8868 null]
->> endobj
-2211 0 obj <<
-/D [2200 0 R /XYZ 56.6929 665.1671 null]
->> endobj
-2212 0 obj <<
-/D [2200 0 R /XYZ 56.6929 659.9987 null]
->> endobj
-2213 0 obj <<
-/D [2200 0 R /XYZ 56.6929 635.929 null]
->> endobj
-2214 0 obj <<
-/D [2200 0 R /XYZ 56.6929 628.1106 null]
->> endobj
-2215 0 obj <<
-/D [2200 0 R /XYZ 56.6929 601.3909 null]
->> endobj
-2216 0 obj <<
-/D [2200 0 R /XYZ 56.6929 596.2225 null]
->> endobj
-2217 0 obj <<
-/D [2200 0 R /XYZ 56.6929 569.5028 null]
->> endobj
-2218 0 obj <<
-/D [2200 0 R /XYZ 56.6929 564.3344 null]
->> endobj
-2219 0 obj <<
-/D [2200 0 R /XYZ 56.6929 549.6297 null]
->> endobj
-2220 0 obj <<
-/D [2200 0 R /XYZ 56.6929 544.4015 null]
->> endobj
-2221 0 obj <<
-/D [2200 0 R /XYZ 56.6929 529.6968 null]
->> endobj
-2222 0 obj <<
-/D [2200 0 R /XYZ 56.6929 524.4686 null]
->> endobj
-2223 0 obj <<
-/D [2200 0 R /XYZ 56.6929 500.3989 null]
->> endobj
-2224 0 obj <<
-/D [2200 0 R /XYZ 56.6929 492.5805 null]
->> endobj
-2225 0 obj <<
-/D [2200 0 R /XYZ 56.6929 467.136 null]
->> endobj
-2226 0 obj <<
-/D [2200 0 R /XYZ 56.6929 460.6924 null]
->> endobj
-2227 0 obj <<
-/D [2200 0 R /XYZ 56.6929 436.6227 null]
->> endobj
-2228 0 obj <<
-/D [2200 0 R /XYZ 56.6929 428.8043 null]
->> endobj
-2229 0 obj <<
-/D [2200 0 R /XYZ 56.6929 414.0996 null]
->> endobj
-2230 0 obj <<
-/D [2200 0 R /XYZ 56.6929 408.8714 null]
->> endobj
-2231 0 obj <<
-/D [2200 0 R /XYZ 56.6929 382.1516 null]
->> endobj
-2232 0 obj <<
-/D [2200 0 R /XYZ 56.6929 376.9833 null]
->> endobj
-2233 0 obj <<
-/D [2200 0 R /XYZ 56.6929 350.2636 null]
->> endobj
-2234 0 obj <<
-/D [2200 0 R /XYZ 56.6929 345.0952 null]
->> endobj
-2235 0 obj <<
-/D [2200 0 R /XYZ 56.6929 321.0255 null]
->> endobj
-2236 0 obj <<
-/D [2200 0 R /XYZ 56.6929 313.2071 null]
->> endobj
-2237 0 obj <<
-/D [2200 0 R /XYZ 56.6929 298.5024 null]
->> endobj
-2238 0 obj <<
-/D [2200 0 R /XYZ 56.6929 293.2742 null]
->> endobj
-2239 0 obj <<
-/D [2200 0 R /XYZ 56.6929 267.8297 null]
->> endobj
-2240 0 obj <<
-/D [2200 0 R /XYZ 56.6929 261.3861 null]
->> endobj
-2241 0 obj <<
-/D [2200 0 R /XYZ 56.6929 199.468 null]
->> endobj
-2242 0 obj <<
-/D [2200 0 R /XYZ 56.6929 199.468 null]
->> endobj
-2243 0 obj <<
-/D [2200 0 R /XYZ 56.6929 199.468 null]
->> endobj
-2244 0 obj <<
-/D [2200 0 R /XYZ 56.6929 191.7053 null]
->> endobj
-2245 0 obj <<
-/D [2200 0 R /XYZ 56.6929 176.9408 null]
->> endobj
-2246 0 obj <<
-/D [2200 0 R /XYZ 56.6929 171.7724 null]
->> endobj
-2247 0 obj <<
-/D [2200 0 R /XYZ 56.6929 157.0677 null]
->> endobj
-2248 0 obj <<
-/D [2200 0 R /XYZ 56.6929 151.8395 null]
->> endobj
-2249 0 obj <<
-/D [2200 0 R /XYZ 56.6929 137.1348 null]
->> endobj
-2250 0 obj <<
-/D [2200 0 R /XYZ 56.6929 131.9066 null]
->> endobj
-2251 0 obj <<
-/D [2200 0 R /XYZ 56.6929 117.2018 null]
->> endobj
-2252 0 obj <<
-/D [2200 0 R /XYZ 56.6929 111.9736 null]
->> endobj
-2253 0 obj <<
-/D [2200 0 R /XYZ 56.6929 97.2091 null]
->> endobj
-2254 0 obj <<
-/D [2200 0 R /XYZ 56.6929 92.0407 null]
->> endobj
-2199 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2258 0 obj <<
-/Length 2542
-/Filter /FlateDecode
->>
-stream
-xڥZ[w\xA3\xBA�~ϯ\xF0\xA3\xBD֘J�q\xE9\x9B�'�Og\x92\xD4\xCE\xF4\xB4k\xCEy \xB6Ⰺ\xC1�\x9C9s~}\xB7\xD0�\x81\x91<=]y�H�>\xD8߾c<A\xF0\x87'1\xF5�I\x82I\x94��E\x98N\xB6\x87+4\xD9\xC3\xDE\xFD�\x962s%47\xA5\xAE\x9F\xAF\xFErG\xA2I\xE2%\xA1�N\x9E_\x8D{\xC5�\x8Ac<y\xDE}\x9B.\x9E\x9En�\x96\xAB\xCE\xE6>EӅ7\x9BS\x84\xD4\xEA\xCD\xEDf6\x8F„o�\xBE�\xA2\xE9\xF5\xEA\xFA\xF3\xEA\xF1~\xBDx\xFA\xF8/qѯ\x88\xA2\xC5\xC3R\x9Cl\xBE\xDE\xDF\xDFn\x9Eo\xE5\xE9\xFAv\xB1\=܃�\x9E\xFD\xF6\xFC\xE9\xEA\xF6Y?\xB6\xF9j��\xFE\xCC\xFF\xB9\xFA\xF6�\x9A\xEC\xE0
-?]!\x8F$1\x9D|\x87�\xE4\xE1$\xF1'\x87\xAB\x80�\x8F�\x84\xA8\x95\xFCjs\xF5w}Cc\xB7\xBDtLU\x94\xC4�\x8D\xFDhDW>\x9E`\xEC%\x94\xFA=e\xD1\xC4�\x89OZe-�6\xE2\xB5�\x8F\xACJ\x9B\xAC,j\xEB[��Oq\x81.-#�\xC0�#K\xC8p\xF4o\xEB\xBB�P�\xF9m\x88\x89)\xF2\xE2�\x9E\xDF�\xAAe\x86\xA8pءbJ\xBD8"Ԅ]\x96\x874+\xC4{\xA7\xBBCVdu�/_V\xB5X+;]\xB4\xE7\xFBS\xB6c�\xC6\xC1+\xE1\x90zA�\xC6\xF0@\xFC\xBE�\x84\xF8�O\xFC\xFF\6p\xCFY�\xA8\x8D\x87\xF2\x9D�^X%\xCEp�G\x9EU\xD9@\x9C/mȡnCʡp%\xA5UNI\xE4P\xB9�\xDAP\xFA�ۢv�\xFC\xA6<�J\xA9xmy˴I\xC5\xD1]\x963qtS�\xBF"\xE4\xEFO\x82�\xB1x[U3�O9M#T\x802\x830 }*\x9Ef\xD8O\xA6\x92\x8Fkƪ\x86�R\xB9\xF7\xB8mJ\x83\x8C\x84X\xC9����\xE8B\xA82\xA5\xECdh)MF\x82};�N莌3\xECq2z\xE0\xA3d\xE80\x90\xE6\xD2?\x8Aݟ\xA5\xC4\xC7\xD4�\xE3\xD8\xEFS\xB2Tl\xA4\x95\xE9�w쥚\xC5\xD3SZ\xFDЌ\x84vF"xs\x8A\xE2�\x8C�R�F\x94\x94b\xC4G�9�qA�\x8C�\xB1-\x8C\x98\xE0gʿ\xA9\xB2\x86U\x99t\x8F\xD7R�\xEB\xBA,��Q҃\xF4\x98
-\xAB\xDEYU\x8FF\xA9(��\x8C\xC3>�ג\x87/iQd\xC5~\xC0v\xCFq\xFE1\xA3t\x9A\xFD\x9E1\x8B\xE78x�}\x84�\xBE at S'\xE4`I
-i\x92|\x9C8Hr\xE0��
-\x80-��\xC8_k\xA9\xEE\xF2u\xE08\x8B<KkV�\x98z`\xCD\xF7\xB2\xFAwGQ\xB6e\xE3�\x85\xB1�\xF9A0\x9EI>\xA6\x87,o\x94\xD3i\x92\xD6r\xFB�\xEEGU\xB6k,�E
-\xB2W�\xCC}\x92x\x94B]1�|��DX\xE1\xAA \x9B+\xA4�f0 f&Mnv\xD6:\x81F\x89�#|\xA1R0\xA5\xEC\xACk)M{\xECS;\xEDN\xE8\x8E\xF73\xECq\xE2{\xE0�x\xF30\x9C>\xCF0\xC6\xC0\xC0>o\xF5�F\xA0|�M\xD9\xCB_gs�\xF8\xD3U]\x9FZ+\x80\x9D\xD6F\xE0\x9A�\x8E�>\x88C\xADD\xD8n\x95\xC8\xD7#E)�4oL\xEC>\xC2Q%\xAFo a\x8D8;\x8A\x88Û”\xDB2�\x8B\xBA\xC4O<\x84�3��\xC0jq-î«‘ÖML\xE6Z~.LC�\xFA2\xCD\xE0�\x95�\xA62&\xFB�!\xAB\xAF\xD3 \xF2\xC20\xBA@{'\xE4`]
-)\xD2I\x908�\xB2�\xD7\xE0| l\xA1\xDC@�\xF8\x81\x88\x91\x84v�\x92@:B\xBB,\x96\xE8tq<\xE6\xD9V\x97\x8F\xB0»\x89\xD5\xF2a\xA1Z\x86a\x9A$\x80\x99Pl���u��N\xEEҼ\x81�\xB5%\xFE\xD0
-D}\x81\x8F`k\xB0\xF9zH\x8Bv;\x96<\xF3\xE7\x91<k\x98\xB9��m�P7,\xCFK\xCDt�\xB2}\xD3|۫"
-\xE9\x9D�\xFFBp7\xA5�\x8C+)\x83r\xEC\xA0\xDC�mp>Ķ\x90n\x82sF\x85\x8B\xB1#\xF84\xA5 w}��v\xD3T`�j\x8F\xAF�K\x82�^�\xF1ҕ\x8B\xB5\xB1\x9F\xEF\x8D\xC4Q\xBE\xAḞ\x8B\xE88:4\x898\x81\x8Cm\xFAp\x80Žq~�\x83qq\xAF\x96p\xBE\xF3E�\xAEn\xD2#\xFC:O\x8B\xED�k\xFE�\xE1AL\xA0\x83\xBA\x94\xCDM);\xE1Z\xCA \xDCQ�;\xA1;\xC2ϰ\xC7 \xEF\x81?\x9D\x8A�\xDBr\xC7x \xA7Q�\xE7#2\xBD\x86�\xABn \xE7\xE7\xC1\x94� #ψ\x88\xEC\xB0\xFA\xB5\xC8\xF8\xA5bQ$}X�K\xA0\xB0\xAF\xE3F\xD4\xC5
-XVK2n\xCC[\xF2P?��\xBD\xE8\x85`�\xAF\x88B?\xEA\x97��O\x95\xF0?\xE5\xECgu�\xF6Aq \x94�\xB2N��Qe(Q�\xCD+\x96\xA7\x8D*�\x80Pk}�@�\xA1\x91\xA1>0\xA5�f\xA4\xA4t7�=\xA0Ì\І�
-\xB1-fd\x82\xAD[\xEB (�9�\xBA\xAC\xCE\xD5Q +u\xBE\xBA\xF9�,�Ī('J\xB9\xC1\xA7�<\xB8\x88\xBDE\xF5\x925U\xDB�\x89\xDDJ#,�8y95\x96\xE0�y\xC8\xEC\xBA�ܓ\x97\x8A\xFC.\xEB\xB2f\xC5Kz:\xC8u\x9E\xDAe\xB4�W\x{142173}+&P\xB2�\xE4B�f�\xD9YTB\x9A\xC4�;FB.܎\xC3!\xF08\x85&\xB2\xE4\x82WU\xFD"\xBE\x9BT\xB0\x97\xD3~\xCFY�)\xE0�\xBCL<,\xE0\x95\xE7\xAD\xC1�J\xCB�( \xEC*�\xA0s\xA3\xC0\x8A[dž\x94C\xC9J\xAA\xD3r\xE2p�'\xB4\xA1\xE6!\xB6E\xCF&\xB8\xD6\xE7\xE6t<\x96U3P\xF7\xE72ݩ��OV�}\x93\xC0�c2\x98\xF7<\xF3NH
-�\xAA\xAC\xDE*\xA5/\x8EU\x96k\x8DS\xBB\xC6\xFD\xD8CQ|a\xD4cJ94\xAE\xA4\xBA\x9E5pԱNhC\xE3Cl\x8B\xC6M\xF0\x85\xD4,۫\xC9\xC2uZggv>\xE8\xF0Tc\x9B\x97\xA2\x9C��-�8\xA6}��\xF5\xD8 \xF1\xA7\xE9i\xFF&\x8A\xD21ӷ�@ \x8A\xE0\x85\xE3�\xED\x84)\xE5 BIi"H\xE0\xE8"\x9D\xD0��Cl��&\xB8\xCE�\xA1\xAE�\xF8\xA1\xA8\xDD\xE0\xE0\xA6<�\xD3\xE2G' \x8E\xD6�\xE2={�\xF2F(H|/\x88\xCD\xE9�I\xC8\xF4\x93'\xAE\xFC[\xCE
-\xC8L\x{DAAF}݃\xEF\xFC\xC2\xD9)\xF3Wy\x81~\x84{\xB9\xFF�\xFD_\xFD\xF2\xA3
-\x8A\xF2r\x9D,4\xE60[\xC4V>\xFD\x88zQx)]\x98Rv>\xB5T\xC7'u�\x8FN\xE8\x8E\xCF3\xECq>{\xE0�=�}gE7�\xBDS.%\xAB\x82\x81\xF3\xA9\xEA\x8F\xCFrj\xC7t\xE5\xACQ\x84G\xF51\xFEYo\xD3m\xBB\x9B�x1���x\xE9\x84�\xB4H!]ң\xC8\xD1ùp
-R�\xC0�N�\xE45\x83n\x8C\xB0\xADQ3+Z\xC4pEd\xF4�\xBAP\x95:\xA2 \xFE0�yCA\xBB/\xC1\xF3\xEA\xC1Я%k\x94"J\xBC8��\xF5\xF7'IQ猣�o(\xC0\xB1\x9D&B\xBD ��J�S\xCAA\x94\x92\xD2LAnv0\xE5\x826\xA8�b[\xB82\xC1\x97\xFC\xCB�\xAFd[7 H8]\x9C\x9A7Py��ç‰%��\xF9\x91�r\xF3\x93h\xFA\xCE\xE7\xE2\xED\xEA\x9Bhdx\xF3\xC1\xCFyW\x96Ö\xBC\xDFn'6\xEBzÔ©�\xE8��3R�t\x87:P\xF2;|�wßµ\xE3o\xBE)j 1<SW\xF7�!�\xE9Û‰\x84.�Z\xA8�_\xF6L)�\x91JJ�\x99 \x97˹\xA0
-"\x87\xD8�"Mp]Ó\x9E\xDECU\x8B\xF1\xD4Q\xA5E\xDD�yg_8\xEE\xF9\xA7\xD5<+\xD8\xF87=\xE4%<u\x8E\xD6\xD4\xCBS\xA5=U�(W[\xBD Ö•\xB3mر1J�`(\xB0\xCC\xC4)\xF6b(\x9E\xFA3\xF1Ç—\xBA\xCCY\xC3�h`i\x87c\xCE��\xFBU\xE7{\xFB;\xBCb\xC6W\xD4+\xF2�c\xB1�L \x8F\x82\xB1\xB8m\xC1\x94\xB2Û‚\x962\xBA(GRtBw\xB6p\x86=n�=pa�~8\xBD\xED\x86&p\xD6FO\xF8\xCF\xCA}\x95�\xDF\xC0Is\xB1\xF2\xD9Q`\x86\xBE�S\x9A\x98\xC3Q<\xBD\xF1Ä…w\xA9\xF8\xFE\xC8\xF2\\xEE\xB4_L|è–·o\xA7\xFC�&W7R\xFE)gYS0\xFDÝ‘`\xC9%\xEC-\xA5�4�\xBB\xB2\xC8>\xC8JG\xE1\xF7\xE61\xFFC�\x87��/\xA1�\xDCÝ”rP\xAC\xA4t\xDD�F\x8EF\xD9 mP<ĶPl\x82_g\x85N[\x9F\xD3�\xA6z\xE6\xEC,ÓŽ\xF6�r�b\xE9'\x92 �\xFF�vS\xA5\xDF_ÅŒd\xA7\x82\xC1i\xAA�\xCDCb\xE5�B �"\xDD4�Bv�\x94P\xF7I*r\xF4\xD1.ÜŽ\x83!\xF08�&\xB2p\xB2�C\xC0ixU!\x8A�8oJ\xFE\xDFl\xAEaQFe82\xF2\xA1\\xD8\xEF\xC5\xC2^}×\x95W\xC0]Ö¬8qK�o\xC2 \xD8�\x8A"s\xE8�'\x82\xAE\xB8OWw[\x997\xE5\x85=\xB7\xBAQ\x9F;O\x99\xF1;\x8DO\xA7\xFCg>?ñ²‚Œ\xDA:\xD2�\xFE\xFF\xFEA\x961\x9F\x8C<�\xDBf.�\xB2�! V�\xD5vG~4|t\xFDÓ\xF3g\xFF/bT\xF7\xCDendstream
-endobj
-2257 0 obj <<
-/Type /Page
-/Contents 2258 0 R
-/Resources 2256 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2255 0 R
->> endobj
-2259 0 obj <<
-/D [2257 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2260 0 obj <<
-/D [2257 0 R /XYZ 85.0394 748.4854 null]
->> endobj
-2261 0 obj <<
-/D [2257 0 R /XYZ 85.0394 748.4854 null]
->> endobj
-2262 0 obj <<
-/D [2257 0 R /XYZ 85.0394 748.4854 null]
->> endobj
-2263 0 obj <<
-/D [2257 0 R /XYZ 85.0394 743.3452 null]
->> endobj
-2264 0 obj <<
-/D [2257 0 R /XYZ 85.0394 728.6405 null]
->> endobj
-2265 0 obj <<
-/D [2257 0 R /XYZ 85.0394 723.1655 null]
->> endobj
-2266 0 obj <<
-/D [2257 0 R /XYZ 85.0394 708.4607 null]
->> endobj
-2267 0 obj <<
-/D [2257 0 R /XYZ 85.0394 702.9857 null]
->> endobj
-2268 0 obj <<
-/D [2257 0 R /XYZ 85.0394 688.2211 null]
->> endobj
-2269 0 obj <<
-/D [2257 0 R /XYZ 85.0394 682.8059 null]
->> endobj
-2270 0 obj <<
-/D [2257 0 R /XYZ 85.0394 668.0414 null]
->> endobj
-2271 0 obj <<
-/D [2257 0 R /XYZ 85.0394 662.6262 null]
->> endobj
-2272 0 obj <<
-/D [2257 0 R /XYZ 85.0394 599.7666 null]
->> endobj
-2273 0 obj <<
-/D [2257 0 R /XYZ 85.0394 599.7666 null]
->> endobj
-2274 0 obj <<
-/D [2257 0 R /XYZ 85.0394 599.7666 null]
->> endobj
-2275 0 obj <<
-/D [2257 0 R /XYZ 85.0394 591.7571 null]
->> endobj
-2276 0 obj <<
-/D [2257 0 R /XYZ 85.0394 565.0374 null]
->> endobj
-2277 0 obj <<
-/D [2257 0 R /XYZ 85.0394 559.6222 null]
->> endobj
-2278 0 obj <<
-/D [2257 0 R /XYZ 85.0394 534.1777 null]
->> endobj
-2279 0 obj <<
-/D [2257 0 R /XYZ 85.0394 527.4872 null]
->> endobj
-2280 0 obj <<
-/D [2257 0 R /XYZ 85.0394 502.0427 null]
->> endobj
-2281 0 obj <<
-/D [2257 0 R /XYZ 85.0394 495.3523 null]
->> endobj
-2282 0 obj <<
-/D [2257 0 R /XYZ 85.0394 420.5376 null]
->> endobj
-2283 0 obj <<
-/D [2257 0 R /XYZ 85.0394 420.5376 null]
->> endobj
-2284 0 obj <<
-/D [2257 0 R /XYZ 85.0394 420.5376 null]
->> endobj
-2285 0 obj <<
-/D [2257 0 R /XYZ 85.0394 412.5281 null]
->> endobj
-2286 0 obj <<
-/D [2257 0 R /XYZ 85.0394 388.4584 null]
->> endobj
-2287 0 obj <<
-/D [2257 0 R /XYZ 85.0394 380.3932 null]
->> endobj
-2288 0 obj <<
-/D [2257 0 R /XYZ 85.0394 365.6884 null]
->> endobj
-2289 0 obj <<
-/D [2257 0 R /XYZ 85.0394 360.2134 null]
->> endobj
-2290 0 obj <<
-/D [2257 0 R /XYZ 85.0394 345.4488 null]
->> endobj
-2291 0 obj <<
-/D [2257 0 R /XYZ 85.0394 340.0336 null]
->> endobj
-2292 0 obj <<
-/D [2257 0 R /XYZ 85.0394 325.269 null]
->> endobj
-2293 0 obj <<
-/D [2257 0 R /XYZ 85.0394 319.8539 null]
->> endobj
-2294 0 obj <<
-/D [2257 0 R /XYZ 85.0394 295.7842 null]
->> endobj
-2295 0 obj <<
-/D [2257 0 R /XYZ 85.0394 287.7189 null]
->> endobj
-2296 0 obj <<
-/D [2257 0 R /XYZ 85.0394 272.9543 null]
->> endobj
-2297 0 obj <<
-/D [2257 0 R /XYZ 85.0394 267.5392 null]
->> endobj
-2298 0 obj <<
-/D [2257 0 R /XYZ 85.0394 252.7746 null]
->> endobj
-2299 0 obj <<
-/D [2257 0 R /XYZ 85.0394 247.3594 null]
->> endobj
-2300 0 obj <<
-/D [2257 0 R /XYZ 85.0394 223.2897 null]
->> endobj
-2301 0 obj <<
-/D [2257 0 R /XYZ 85.0394 215.2245 null]
->> endobj
-2302 0 obj <<
-/D [2257 0 R /XYZ 85.0394 149.4956 null]
->> endobj
-2303 0 obj <<
-/D [2257 0 R /XYZ 85.0394 149.4956 null]
->> endobj
-2304 0 obj <<
-/D [2257 0 R /XYZ 85.0394 149.4956 null]
->> endobj
-2305 0 obj <<
-/D [2257 0 R /XYZ 85.0394 144.3554 null]
->> endobj
-2306 0 obj <<
-/D [2257 0 R /XYZ 85.0394 120.2857 null]
->> endobj
-2307 0 obj <<
-/D [2257 0 R /XYZ 85.0394 112.2205 null]
->> endobj
-2308 0 obj <<
-/D [2257 0 R /XYZ 85.0394 97.4559 null]
->> endobj
-2309 0 obj <<
-/D [2257 0 R /XYZ 85.0394 92.0407 null]
->> endobj
-2256 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2312 0 obj <<
-/Length 2928
-/Filter /FlateDecode
->>
-stream
-xڥZKs\xE3\xB8�\xBE\xFBW\xE8�\xBAj\xC5 �\x9F{\xD3؞-\xCF\xCCڎ\xE5\xADd33�\x98\xA2%\xC6�\xA9%){\xB4\xBF>\xDDh\x80�%\x8A\xDAJ\xCA��\x8DF7\x80\xAF_\x80\xCC'�\xFE\xF8$�\xDD0\xF1\x92I\x94\xF8n\xC0x0I\xD7�l\xB2\x84\xB1_.\xB8\xE6\x99�\xA6\xA9\xCD\xF5\xE1\xE9\xE2\xEF�E4I\xDC$\xF4\xC2\xC9Ӌ%+vY�\xF3\xC9\xD3\xE2\xAB3s}\xF7�$0\xE7\xC3\xED\xDD\xF5\xE5\xD4�\x98\x93\xD0\xE7\xFAnN\x8D/\xB7��g\x8F\x97"r~'\xC2\xFC\xB7\x87\x87{Ex\xBA\x9Cr?J<g\xF6\xF0psw}\xFB/b\x98\xA1L\xC6�\xF5\xEAf~\xF9\xFD\xE9\xD3\xC5\xCDS\xB7h{c\x9C \\xF1��_\xBF\xB3\xC9�\xF6\xF7邹"\x89\x83\xC9;t\x98˓ě\xAC/\xFC@\xB8\x81/\x84\xA1��\xF3\x8Bt�\xADQ5u\xF0\xA08s=�z�'\xE5\xF1 \xE7n��^拓\xC4
-\x85'\xD4Q\xDD?7U\x91\xB5\xD9\xE2\xE0x\xE6Y\xBA\xAD\xF3vG\xBDÇW\xCD\xC9\xCD
-\xE1
-/\xE1gP\xB4\xB8hm\xDE�\x8A\x86�\x97\xF6�\xB4z,�\xBE�j\xE6\x9E�\xA7�D\xE3\xAA;\xAEc\xDD"\xB1ts/r�/\xEAë¾®\xD62//\xA7\xBEÇœ;\xB9ΰÅ\xF9\xAEi\xB35Q\xF7�\x84#7?Ú¬l\xF2\xAAT\xC7t\xB0;�37\x8A\xA3�Ö…\xB2\x82)\xA1p\xAE]=U6m!_\xB3KN#\xBE#\xEAK�;�\xD2#Kݸ\xD2\xFC\x9F\xE5\xF6e-K-\xE5\x93,\xB7\xB2Þ¡VزQ4%\xD8i/`W\x91{�=�\xA7\xC4}\xEF�z�\xD7�z\x86\xABC\x8F\x8Bh�\xBD1\xD5�z\x87\xBA\x87ѳu+l\xF0�3m\xD5�Ml�\x9A\xCA\xC45\x9A\x8AcW\xCAu\x9ER\xE7\xB7\xCDB\xB6\xD9�\x90 w}/\xB1\x80Ts]\xFA� 5Y\xA3\xA8{\xB3M\x9D�\xD4�\xC5#\x8C\x85�\xC2\xC6\xC7\xF1\xB0\xB9N\xE3\xD1qux�bÄ›FU\xEF\xF18\xD2=\x88GO\xF7\xF9\xF3qo\x8A\x84\x9B$\xC1\xFF\x80\xC1\xAFRu\xD3U\x87Cr�\x87\xD0w!\x9EFgp\xB0\xB8Fp0\��\xC1X<\x82Øj�\x87C\xDD\xC38غ
-�"\x8E5�\xD828\xA8v\x87\x83\x88#\xE7���d\x84\xF9\xCD�\xB4\xB8\xE6È—e^.\xA93Û¶\xABJ\xF1�\xE3\xE4\x85�\x92Vb�=\xCFs>\xB84ñŸ—^\xB3\xA2 Im\xA5b\x99'\x9C\xBB\xEA-[?g5�33\xBF�\xCB<\xC6\xD8i\xCC \x82'P�\x9C\xC1\xCC\xE2�\xC1\xCCp\xED1K\xD8�fc\xAA-\xCC�u�cf\xEB>\x91\x91;�\xA1\xEEU!\xEB\xFC�c^*ÛŽh\xBE\xFF\xAEJ\xE3r\xADl\xB7CN\xE5\xF1\xC8e\x91�\xF7\xBD\xEAF{Õ—\xEC=o\x86\x9D� \xE1\xA7�\xE1\x81\xCB=v\xA64\xB0\xB9F 1\� \xBE?�\xCC\xC6T[\x80�\xEA��\xC4\xD6\xFD%_\xE7-y \xE4\xEAv\x85^�\x89x\x9EV\x9B\x8Ch\xD5�\x91\xF4\x98\xEF|\xBE\xF9\x9D(\x8FYSQfJ\xF5\xD0c\x96V\xF5\x82\xDA\xE8n\x8F\x8F\xCA\xD5��\xF2\xC0
-"ÏŠ{8�\xE3�
-\xFEU6M\xB6#\x9A\xAA�Ô’\\xAD\xA3j0
-p\xB9\xEB,\xB5]\xCCÈœve"\xF9\x98w�\xD2 \xF6]\xC1\x823\xF5\x82\xCDu�ÒŽ\xAB\x834�F �U\xBD\x87\xF4H\xF7 \xA4=Ý\xD9"C\xE7)sr��q��\xBE\xCA\xFFD\xC4T\xAC\xCB\xCA6��\xC3jY\x8D\xC9VR�\xA1\x9B]\xEB( \xFD\xE7\xBC�Â\xC5n�\xC1"\xF71\x91q\x8A\x890\xA7��\x89FXB\xE3^3\xFD\xB2]\xAC\xB7\xE5\xA2i0j�\x88Fh�\xC4.\x96�/�\xA7!\x85K\x86\x9F\xD0ue�R\x8Bk�R\xC3eA:\x92\xEAFU[\x90�\xEA�\x86\xD4\xD6}\x9D�\xD9ÒŠ\x85\x98\xB6\xCCi\xA8\xB46'\xB0\xD4\xED\xA6\xE7\x95D!\xAF4\xDC'\xBD\x92Ç¡\xEB\xFB1\xEF\xC7\xCD{�7{`Q\x9Db\xFC\xEF/\xC0"|\xB8\xA6\xB13\x95\xA0\xCD5�\x8B\xE1\xEA`\x89F=mL\xB5�Ë¡\xEEaXl\xDD_ \x94t\xB7?\xF6\xE2Íœ\xC5U\xB5\xDE ^\xCFy\xD1帗\xAA6\xA7\xF6\x97\xC0�p8̤~\xD2Gg\xAE\xD1!\xCB�\x90�\xF9N\x97\xDEv�6\xFEil !D�;Si\xD8\#\xD8�.�\x9B\x91[Ó¨j�\x9BC\xDD\xC3\xD8غ\xBB*\xDD7\xD5!\xB6\xBA*�\xDA*\x8FaC�\x86\xD0\xD7^�\xB4�/R�\xEDEz\x86\xF6"�k_Ñ S\xB6\xF5\x8E\x9A�U^\xB6\xFBY\xF3\x9B\x87\xFD\xB4\x8F\x85\�\xE0,\xE0\xE2\xEB\x81/v@\xAB\xC8\xD8Q{\x91\xD18\xE7\xE7\xAAx\xA5{4\xF6>i\xEA<]�\xBB\xB6g�*�\x9F*\x87\xAC{ݨ\xC5\xF8\x90o` g,\xC6\xE6:m1�Wg1\xF1X)4\xAAzo1G\xBA�-\xA6\xA7\xFBDmzxmP×¾\xECG�\x84Þµ�\xF9\xEEz\\x8F׳\xCB p\x9E\xD03gD\xFAX\xD5k9\x98LCXy\xEC\xF9}\xE7�\xC1q\xB6]n\x9B\xF6 \xAB\xC3G\xB2\xA9\x80\x90\xE1\xF30@\xF3�\xEB\xE1\xBE~Q�\xAEw9\xE5p\xFDpnK\x90[fZ\xD2u-_Ú¡\x92\x9A\xE1��j�Ae\xA35+�\xCC,hS\xD9w{\xDD\xE8S\x80A\xD9��tT\xBB\xDA.W\xD3�\xCE!\xE2{U\xBF\xAA��\xE7/\xAAt\xBB\x86ʤ\xA11,\\xF0\xAB\xAAO�\xEFk\xBE)\x97y\x99e\xB5\x9E\xAE�[6\xAF\xC4�\xC7M.\x8C\xAFM�FW�=.\xB1\xBE�\xE95\xAA�&vÔ¥2\x8A\x9C�\xAA\xD02%jB\xAF\x86@�\xBBq\xAA\x88\xA1\xB1\xA1\xE9�\xD4\xD2%>_)b\xD3\xCAe\xD6P\x9Bʯ\xD0YdoYQmp\xB0\xA20\xE1\xCE\xEDzSdدj-\xBD;/\x9C\x98\xCA-&
-*\xD1"\xA7\xACZ\xAD\xBA\xEAo\x83P\xA1\x99Ki^\xDC<0�\xC0\x82�R}\x85cn<\xF9\x9B,Жb��"U\xFFYU\xDBBS\x95Vl<g\xF4\xFDc[\xD1�+0\xAA\xAC�\xB44\xD7$_\x9D\x8F\xD2Xja/h\xF5��m|\xA1\xBB-�8f͟\xA6\xD5z:\x84\xCFF\x96\xB9\x92Ι\xF3\xBC\xA3/Y�4�y\x93�2_\xAB�\xAA�d۱h\xE6\xBD�B\xE7\x9B\xE7\xF9hs
-u\xD5r\xE1K(VKbm��\xF9h\x88���+\xF9\xA6\x85H\xFA�\xF9K\xD6\xC0򨧬�\xBEM\xFE\x83�\xEB\xAAlWz.ػY\xE2\xFB*\x87+\xE7\xC0F\xF5\x8A�{\xC5\xD0Yd֫vwd\xD8V\x8F{z\xE0YO�!\xB9\xAE'\xA4z\xD2h�\x83�;�
-B�\x85{�a\xAA��/�;\xCF\xD5V\xC7
-\xF5kD'�. ~\xD8\xC9\xF5\\xB0\xABH_G^\xB2�\xFD\xE8䛻�y.\x8B#<\x9B\xD8\\xC7لs\xE6�\x9B\xD8�S鄟N$\xA3Z\xF7\x89\xE4H\xED`"\xE9i\xA5D\xC2�\xEDW,\xB4\x8F\xCA^t�\xD9'�Vȇ9�r[ФY�\xF7\xAE?�$]\x81Y8y\xFA\xAA� \xF4\xBF\xE4[\x9C\xC8}(97\xBB:_\xAETv\x99\xF0(\x86
-\xF81\xFE\xD6\xC2\xF4-"\xA5% \xDE\xFB%L=7
-�ا\xC5\xF7\x8D\xF1`\xE8v [d\xB1)?y\x92Ĵ\xB6y\xF6,\x9B\xB6\xDAT*\x9C@\x94\xBD\x9A\xFDL#\xF7{\x84\x8A\xB4\xD0\xEF\xF9^\x80\xBA�nv]92\x83{E\x9A\x831\xDBƺ7\xAAi\xC4\xDCX\xF8 \x8D�f�\xEA\xA7ؙ\xEBk\x8B�\xF9i,\xAEUPV\x89t\xBB\xD9Tu;\x9C\xE0�s\x99\xCF)\x94>\xADr\xB0x\x9E��jzz\x99\xC2�:8~I�\xB6�\xFA`\xAC\xC8~\xA0\xEC\x86\xC2��\xF3V\xCB\xC8U\xD2\xC2�\x88\xBDB\xAD(\xCF\xF4`Sї\xE2�\xB50
-`+\x95Z1\x86^\x9E@\xBCl\xD0\xDB�eg\x98s\x8A\xF7Ó\xAC[M\x94\x9BM\x91\xD3\xEBY3�g\xD6U�^ \xA7L6y\x81'\xC4(\xBFkz*\x8B\x82\xA8\xB0\xA25\xD1\xF6�\xD5\xE1�hE�F\xD9\xED )*\xA62L\xDByC�L\xDC\xC7\xC2 \xAB\x9A$\x80T\xAE\x8D{\xB1\xD0O�JU\xA5\xA9F\xF7Z\xFEG%�\xA0�\xA8S\x9Dku\xD8�\xE2\xEC\xE1\xB6�ʆG&\x91\xEB��\xD5� )\xDBB\xDBŶ\x81
-\xE2\xA7.|R\x83\xB6Im�3\xEC\xEA\\xF1\x96/\xB2\x83I/UQT\xEFT\x8F`7\x93\xAD.�\x9B\x9FO�@�6\x9D�\xE1\x99˱ͥ"Qϑ#�\xF7\xD2В\xA5=9:T�\x81<�{\xE3J
-Ó±Òž\xD3\xC4\xDC
-\xF0׋\x9E\xD2'u�I\xE2\x94ٻ:_h\xA6t��4 \xA0\xF1\x90\x8B\xE2h\x91\xA3e\x90=A]-\xB6\x85\xAAقH{"\x92\xCDW\xD2g�\xC1Ne)h�XXQ��\xBA�\x80\x96\x85\x96�Qj\x91\xE8\x98/2\xD5+�.\xABJ\xBA>
-\xAE�,\xB8諪�\xEDE��\x9AN\xA1�hK\xC2s\xDAZ\x96\x8DL\xB5Y\xC3\xC8{ޮ\xA8%\xE9\x83ޚ\xA7\xDBB\xD6\xD4o\xB2\xFAm_\xE1��\xF3A֢\xFB9�\xD8(\xE3\xE3\xFB�\xC3\xF7VS\xEC\xA1\xC1
-\xF89-]@
-v\xB4t\x9Fa\x80\xA2\xC1\x86\xC2bC=\xB9x\x93\x90\xAF\xC1\xA7�D\xB0\x8D\xD8L\xC0'sŬ(\x9ECW$\xA2Ae\x99/\xA4y}�\xE6\xDDσ\x80�ug\xB9\xC4\xDA7J�\xD9\xC1\xE0\x84\xF0\x93\xFF\xECW\xA6*\x9C\xAA\xD5/\xF5ͮLW�kYm\x9B\x83\xBB\xAD���\xB9\xD9\xC9+m\x9C\xB8p\xBCg\x9E
--\xA6\xD3�h\x98\xCE9\xE0\x98\xC6\xCE\xFF�5�\xBA\x9F\xADQy\x9F��z�5Яn�\xE7\xE4^\x8A\x80W\xB4R�\xE5�# >f-\x84\xB77\xCCQØ¥\x87�\xFD��\xFDBgQι\x83\xFF9�\xC1Õ¥\xA5\xA1\xBEw!Ej\x99\x96wa�#\xBB\x9A \xEBÆ\xCCj\xC1_�+\xCA�jUq\xB27\xE27ZHZ\x95/4\x82�\xDEh3"\xD1f\x80\xC4}\x96Þ6\xEB\x85\xFA}\xCEW\xB9\xA4\xD9d)\xFD\xD0D, �{\xCBmmN\xE6@\xB4z\xC4C"-|\xBF\xA4\x96zꢗ0\xCA{�\xA1d#\xD3W\xB8�\xEE_�\x9A\xEC0\x81\xC0)\xA6u\xBEÙ¿�v�\x87{\x96\xB2\xD1['1\xB4>\xE5 p\xBD|\xA7�{\xC2\xCEE\xE0\xE2\xBF\xE0���\xEB.�\xFF\xF7\xFAXo@\x91+\xE2\xF8\xC4O'^�\xB8094\x8BRu\xA5��-\xDD\xFCO\xD0\xF1\xDA\xFF�\xD4\xD1
-Nendstream
-endobj
-2311 0 obj <<
-/Type /Page
-/Contents 2312 0 R
-/Resources 2310 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2255 0 R
->> endobj
-2313 0 obj <<
-/D [2311 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2314 0 obj <<
-/D [2311 0 R /XYZ 56.6929 749.0089 null]
->> endobj
-2315 0 obj <<
-/D [2311 0 R /XYZ 56.6929 749.0089 null]
->> endobj
-2316 0 obj <<
-/D [2311 0 R /XYZ 56.6929 749.0089 null]
->> endobj
-2317 0 obj <<
-/D [2311 0 R /XYZ 56.6929 745.2843 null]
->> endobj
-2318 0 obj <<
-/D [2311 0 R /XYZ 56.6929 721.2146 null]
->> endobj
-2319 0 obj <<
-/D [2311 0 R /XYZ 56.6929 714.4694 null]
->> endobj
-2320 0 obj <<
-/D [2311 0 R /XYZ 56.6929 699.7048 null]
->> endobj
-2321 0 obj <<
-/D [2311 0 R /XYZ 56.6929 695.6096 null]
->> endobj
-2322 0 obj <<
-/D [2311 0 R /XYZ 56.6929 680.9049 null]
->> endobj
-2323 0 obj <<
-/D [2311 0 R /XYZ 56.6929 676.7499 null]
->> endobj
-2324 0 obj <<
-/D [2311 0 R /XYZ 56.6929 652.6802 null]
->> endobj
-2325 0 obj <<
-/D [2311 0 R /XYZ 56.6929 645.935 null]
->> endobj
-2326 0 obj <<
-/D [2311 0 R /XYZ 56.6929 631.2303 null]
->> endobj
-2327 0 obj <<
-/D [2311 0 R /XYZ 56.6929 627.0752 null]
->> endobj
-2328 0 obj <<
-/D [2311 0 R /XYZ 56.6929 603.0055 null]
->> endobj
-2329 0 obj <<
-/D [2311 0 R /XYZ 56.6929 596.2603 null]
->> endobj
-2330 0 obj <<
-/D [2311 0 R /XYZ 56.6929 572.1906 null]
->> endobj
-2331 0 obj <<
-/D [2311 0 R /XYZ 56.6929 565.4454 null]
->> endobj
-2332 0 obj <<
-/D [2311 0 R /XYZ 56.6929 550.7407 null]
->> endobj
-2333 0 obj <<
-/D [2311 0 R /XYZ 56.6929 546.5857 null]
->> endobj
-2334 0 obj <<
-/D [2311 0 R /XYZ 56.6929 531.8211 null]
->> endobj
-2335 0 obj <<
-/D [2311 0 R /XYZ 56.6929 527.7259 null]
->> endobj
-2336 0 obj <<
-/D [2311 0 R /XYZ 56.6929 501.0062 null]
->> endobj
-2337 0 obj <<
-/D [2311 0 R /XYZ 56.6929 496.911 null]
->> endobj
-778 0 obj <<
-/D [2311 0 R /XYZ 56.6929 464.7873 null]
->> endobj
-2338 0 obj <<
-/D [2311 0 R /XYZ 56.6929 439.0859 null]
->> endobj
-782 0 obj <<
-/D [2311 0 R /XYZ 56.6929 352.4521 null]
->> endobj
-2339 0 obj <<
-/D [2311 0 R /XYZ 56.6929 326.7507 null]
->> endobj
-2340 0 obj <<
-/D [2311 0 R /XYZ 56.6929 290.6891 null]
->> endobj
-2341 0 obj <<
-/D [2311 0 R /XYZ 56.6929 290.6891 null]
->> endobj
-2342 0 obj <<
-/D [2311 0 R /XYZ 56.6929 290.6891 null]
->> endobj
-2343 0 obj <<
-/D [2311 0 R /XYZ 56.6929 290.6891 null]
->> endobj
-786 0 obj <<
-/D [2311 0 R /XYZ 56.6929 241.4457 null]
->> endobj
-2344 0 obj <<
-/D [2311 0 R /XYZ 56.6929 201.7704 null]
->> endobj
-2310 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2347 0 obj <<
-/Length 2294
-/Filter /FlateDecode
->>
-stream
-xÚ¥�]s\xE36\xEE=\xBF\xC2�\x9D9yf\xAD\x90"\xF5Õ·\xECn\xB6\x93\xB6\x97\xCB9\xE9Lov\xF7A\x96\xA8\x98]Yr\xF5a\xD7\xFF\xFE \x82\x92e[I\xF6\xAE\xC9d�\x81 @\x80\xF8T\xF8\x8C\xC1/\x9FE\xBE\xCBD,ga,]\x9Fq\x96n\xAE\xD8\xEC�\xD6~\xBA\xE2\x96f\xD1�-\xC6T\xAE?\x89p�\xBBq\xE0�\xB3\xA7|\xC4+rY�\xF1\xD9S\xF6Ù¹yx\xB8\xBD\xFFx\xF7\xFB|\xE1\xF9̹q\xE7�\x9F\xB1�\xFB\xE1\xF6q\xBE\xE02\x8C=X\x91\xB8�0\xE7\xFD\xDD\xFDG\xA2\x8E\xE9\xF1\xF1\xFE\x91\x80_\xEF\xDE/o\x96s�:\xFF!\xC4\xE3o��\xFF2\x88\xA7\xF9ק\x9F\xAFn\x9F\x86C\x8F�\xE3L\xE0\x89\xFF\xBC\xFA\xFC\x95\xCD2\xD0\xEF\xE7+\xE6\x8A8\xF2g{xa.\x8Fco\xB6\xB9\x92\xBEp})D\x8F)\xAE�\xAF\xFE=0�\xAD\x9A\xADS\x86�h�B\xBAQ <^7\xA7�\xBB\x81\xF0\xC4`N.G\xE6\x8C�\x8C�h\xD0S\xA19\xBF0�\x9E\xABÊ™\x84M2\x9C\x8D\xF9]H�\xA8.\xC5z\xDEH,g \xCB\xE0T\xECM\x83�\x8F\x9CmR\xB7�\xC5N\x95�\xA6]+�î–��zU'\xF5a\xCE9w\xDE�*\xE0N\xA9\xF6ÅV\xF5f[\xA8\x8D*[\x95�\xA2i\x932K\xEA9\x8F\x9C\x8CX'Yf^U\xD3,\xCAdc\xF9o\x92\xEDV\x97\xCF\xF4\x92we\xDA\xEA\xAAl\xAC\x80g\xD5&\xD9�
-�\xCA.8wc\xDF\xF7\xCCɳZ\x97y\xF5\x85\xF9�\xFE8P\x87\xA1���\x88p�
-�S \xC3H:t E\xF4[\xF3R\xEDt\xA62pR�\xEE\xFA\xB4V�Z\xEC�KE\x96 \xAEà¯\xB7��\xC9\xFE\x84\xC9.)t\x96\xB4\xA4�\xBC[�\xABb\xA7jÚ·J\xD2o\x93:\xA82\x83c \xC1\xE8\xE4\x82K'\xAD\xBA€\x82�\x80\xB8
-NP�\x98d\xBB\xA4L\x95%\xCEU\xD2vV\x9E%\xCDi\xAF93"(\xE8�\x8A\xE9A\xB7\xA8\xFB
-M\x97\xAEiKb1i\x92\xAEA��\xD0\xC6�\x84\x9E\xBA >y�\xA8O\x8F\xF8Æ&\x99sgg$�r�j�\xF1\xCD\xD8�\xB0r�?\x84Z.��ÒªL\xBB\x9A\xF8\x94-\xFA�bQ\xE6~\xADJz#\x9Da\xFF\xC8\xCF\xECi\x92\x8D\xEE\xF7h+\xBE+'\xAF\xA4ÙªTa\xCCS�jã¾”~\x82X\xB8\x92�\xFEz"�S\xBD\x9C��\xAA7�\xC1\xABR\x8F\x89\xE0B\xECd"8�{\x83F�|G\xFD\xB5U\xB5\xC68N
-\xC2\xE45DÒ¾\xAA\xBF\xE1k\xE0\xB4�\xA1\x9Bn\xBB\xAD0i\xE0K\xEF\xA1\xC8`�{ �\xBB�\xEE\'V\x88uJ\x80\xE24�hH�u\xD9\xCB�\x98\xC0\xAE\xA4\xF96\xE5uÍ¡i\xD5\xC6\xDC�\xE8�6\xEA/1\x9F-<0���\xC8Ö��\x90Ó\x86P\x88\xC0;9\x832\xF5P\xABZ\xFD\xD9\xE9F\xB7\xCAr�[�Dy\xBE�x>\xED\xFC\xE9\xFE78\x8B' U}C�\xF3<\xF2"\xC0\x90\x9F�'�2\xC2��\xC1s\xD5i�Ì°\x81\x9C�p``2�\xC0c��
-\xBAsoIX\xA5\x9C\x8C\x90\x89jxZ\xBB�iL\x88\xD4X�\x80\xA6\xD5EAK+u�n\xF7\xEF\xB5 5\xE4d\xD8O\xF8}{\xD8\xE21\xBC(\xA0
- OԖb`!y\xE8ܕ\x84\xA6t� \xA9\xBC\xD1ef�\xDDhg\xBBֆ\x97\xEFdUڡ3a\xF6\x8D}\xE7\x8B\xE7I\xC3�\x9EV\x88JJ+ט\xB9�l\x85\xDEW\xAD\xEAy&-A\xDA�\xA4\xA96vm[$\xEDdjʫz\x83\xDCc\xE6�\xAA�\x89c\xE0~ L\xA9L\xA9��\xEF�\x97t\xB9\xAB\xF0\x86�\x97\xD0#\xD39\xAA\x99+\x9B{ \x83\xB5\xB4\x92V\x9B
-��\xE4E\xE5�x\x90\x97#\xEELÙ˜\xF2\x95r1\xB5J/6\xEB\xCF=\x81-bÈ "b\xB0\xABN\x93\xD6�G\xB7�)�\xF7FF\x83\x96\x89\x8C6�
-\xAC��9\x84\x81g\xC3\xE0C\xB5\xD9j\xB0�&j\xB3S\xF2\xD3(�\xA1\xEBG,4�\x98/�\xD8\xE3^C.\xCE\xF5sW+B,�\xAALV\x85Z\x90g\x83O�\xFE\xB3ue\x84\xF3"yn\xBEN\x9D\xDFr5\x915�\x88�\xDA2_�\x86\xF8\xC9\xF8��sì»#\x94\xD2\xC5�Cqkc\xF4�\x84\xA1�h\xAAB\xDC\xDE2>\xBB\xA6K\xECf
-(\x84bzØŽ\xE0�r^CWb\xF8\xE05sr
-|4
-bs\x90ب\x96 t|\x8E\xC2\xDAȣ 1GX\xAB\x81\xE4\xDAf\x82\xA9\xDEƦ\x93\xB4\xADl\xBF\x85\xD5�:\x89O�\xE6��C�I\xB0\xDFz7qm\x9CEPVx�L\x91\xD7Q\xD2uV6\xD7\xF0
-�7\x9906\x97�z[_ÚT(c\x9B\xB9$\xB3\xAD�4�;E+X&��\x9B�%\x87"��\xF3�\xC0\xD0 5\xD4�H\xB2R\xCF�u\x87l�\xBB\x91�\xF9\xA9
-\xE8j$5.\x92\xFB4-ȡ\x83�\xEC�1\xE1<�k��\xB4\x93��\x8E�\x88\xF4\xE3;%Lטn
-\xA9\xCDy\xE5i_\x84xr0\H\x8A\xA6"he%\xD8\xCCj8\xD1\xDD\xF6\x9C&R\xD0\xC8\xFE\x8D9eC\xF1zz\xC7�\x85\xAE\xDB(E/+UT\xFB\xA1�\xF9\x8E\xA0�6\xA8\xEFJ輋\xFF1\xAAӌ\x9E\xAF\xFB\xE58X
-\xA4I\xD6\xF7F\xAE\xE7�Ö°�\xF5\x9B\xCDK\xA9\xE6\xA5Z\xFD�v!\x98\x9C\xCCl\xF6{s#\x9E\xCA� \xE7\x86�Ô¨\x89#\xC4\xEAp\xB6 Rn\x80U\xD1&\xAD�\x86\x85\xB6\x9C!\xBF\xE1\xDE\xE7n\xE8\xF2\xF1H\xDB\xC9v\x91\xBC�\xDB~\xBC\xBCL\xE5IW\xB4?R�s\xFB\xB0\xBC\xFDt\xF7;\x86\xDC\xF5
-\xB2y<�ChR \x9D\xB5JH%âW�\xC7�\xABjØb\x80;W�P\xA7\xAA�bu8\x9BZ\xCEU\x9DRC\x97i\xD1\xC1�\x84&\x90L^\x9A \x91\xD5\xD6\xC6�\xF3Ï´
-\x80\xC8*k9��\x86�
-C\xE1,\xAB\xAA%6\xDBZ\xEFt\xA1\x9E-W\xF4�|\x96P\xAA\xC1��\xC4\xFF\xBC\xAFr\xA7B\xCB�\xD6>8\x8E\xAE'1\xFD \x9B\xC5\xC8W1\xA0^\xF6U?p\xB9�\xDB
-\xB6Z\xC3�\xD3o\x{B1F131}\x80l_\x8C]\xEBÖ¸X\x9Dm\x83\xB0\xA7\xCA�\x8D9w!\xCB
-P#\xA2\x8F
-&6\xE60wV}-\xB1�b]\xEDO\xAB\x96\xED%9\xB52\xB6\x9ET\xFB\xBEÒ\x93\x9EA\xE4\xEDE\xD1ѣ̀~�\xE3�Ê»\xCC�^�\xB9\xBE'\xE5e \xB1)\xEC\xFA\x9F`\xD6�nqaSx\xBF\xE1Ä«\xB6�\xB4\xA5$\xD3\xD5\xE5\x84\xE1#\xE1�Q\xE0Y1Ó½|Os\x91\xEF\xA4\xCDw\xBF\x94\xC6
-惒\xCA\xE1N\x9A\xEB\xA5j\xDAZӇ\x84\x97�8�@\xC4\xE4��ܘ\xEA\xE5�n\xA0zs\x80{U\xEAq\x80\xBB�;9\xC0\x9D\x88\xFDp2��\xDFh0\xE1\x96\xC2CP\x98X\xC3g\x89\xB1\x88\x80�\xE2L\xEE\x80\xD7�\xDB��\xC8w\x83㴂\xF0Y\xDD�26i\xE0\xDE�.\x91\xD8O|\x81)ڈ8\xF1KD\x98\x89�\x81\x95\x95@\xC5t"'%M_�\xF1X\xA8٫�9\xF7}W\xFAL\xBEq\x9F#\xAAWz\xFB>_\x93:\xBA\xCFs\xB1\xD3\xF79�K�^"\xE1\xD0t\xC0\xBC\xBFTF\xB9 \x91˥\xE9:�$\xE3\x98b\x81\xAF\xA6m\x8B\xEC�\x9B\xFDpG'\xDFN\xECW\x9A\xE8\xE4\xFA\xCD֒\x9Em/z\xE8ᢋ\xDB�Y\xEC\xDC\xE5\xB4dF+�\xF6\x89\x99ڡ\xBE\x99 8\xA2oX/d\xEE�\x9Dp\x8A\xB3:\xE1\xD88\xD2 W\xD0�Bi�:\x96\x8E\x99\xA0.\xD3>\xF7�7\x8AC\xDFf�\x9CȲ\x89\x9C#\x84�\x89\xB8\xA7گua\x87H;B\xA3x\x93k\xE9\x83\xDEq\xE0\xF5\x8F\xC1�\x8D\xFB�x\xC1\xCF�D\x82\x85\xB6\xEAڳI٪J\xB9\x92�\xCC
-Ex\xEA\xECc\x85\xB1d\xD0ż\xB3�@\xA9\xDF�\x95\x8D%\xB13Hq\xF8\xF1\x85.o\xD4~\xBD9\xBB\xE5�η\xA8ks�\x93\xD3\xDB;\x82W\x9D%0\xFE5=\xFF}Ï \xF7\xC2\xF2\xFF?]\xBE}\xBE\x91\x8E_\xA7\x9C\xF2\xD5Vx*\xE5��W1\xF9Q\x9E
-%\xECo\xFF{☻d\xE8\x8A(\xF2\xA6s\x88\x80\�S�\xEF�\x85
-q/>?\xBA/\xA0PG^8q\xF6\xFF�J\x9C\xBB\xE8endstream
-endobj
-2346 0 obj <<
-/Type /Page
-/Contents 2347 0 R
-/Resources 2345 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2255 0 R
->> endobj
-2348 0 obj <<
-/D [2346 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-790 0 obj <<
-/D [2346 0 R /XYZ 85.0394 662.3711 null]
->> endobj
-2349 0 obj <<
-/D [2346 0 R /XYZ 85.0394 634.4781 null]
->> endobj
-794 0 obj <<
-/D [2346 0 R /XYZ 85.0394 566.8617 null]
->> endobj
-2350 0 obj <<
-/D [2346 0 R /XYZ 85.0394 536.3186 null]
->> endobj
-798 0 obj <<
-/D [2346 0 R /XYZ 85.0394 411.7882 null]
->> endobj
-2351 0 obj <<
-/D [2346 0 R /XYZ 85.0394 386.7645 null]
->> endobj
-802 0 obj <<
-/D [2346 0 R /XYZ 85.0394 230.2565 null]
->> endobj
-2352 0 obj <<
-/D [2346 0 R /XYZ 85.0394 203.9874 null]
->> endobj
-2345 0 obj <<
-/Font << /F37 1026 0 R /F14 964 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2355 0 obj <<
-/Length 2527
-/Filter /FlateDecode
->>
-stream
-xÚ¥�ko\xDB8\xF2{~\x85\xB18\xE0d\xA0b\xF9г\xDF\xD26=d\xBB\xC8\xF6\xEC\xEC\xED.\xDA~\x90-\xD9�*K^IN\xE2\xFD\xF57\xC3!eÉ–\x9D�\xAE�*r8\x9C��\xE7I\x8B \x87?1\xF1��\xC42\x9E\x84\xB1\xC7|.\xFC\xC9r{\xC3'kX\xFB×08\xAEEr\xFBX\xEF�o\xDE~R\xE1$fq \x83\xC9\xE3\xAAG+b<\x8A\xC4\xE41\xFD\xEA\xDC2\x8FM\x81�w\xDE\xDF?|\x9C\xBA\xD2\xE7NL\x9F\x8F�s�\xFCr\xFF~v;\x9B\xAA\xD0\xF9\x93 \xF3ß¾|\xF9U��\xA7\xAE\xF0\xC2X:\xB7_\xBE\xDC=|\xBC\xFF\x83�n\x91&\xE7�\xFA\xE1n>\xFD\xFE\xF8\xF3\xCD\xDDc't\xFF`\x82+\x94\xF8\xAF\x9B\xAF\xDF\xF9$\x85\xF3\xFD|Ù\x8A#\xF2��\xCED�\xCB\xC9\xF6\xC6\xF3�\xF3=\xA5,\xA4\xB8\x99\xDF\xFC\xBB#\xD8[\xD5[G�%8\x93*\x90#\x9A\xF2DOS\x91`~�\xFB\x93ÐY\xA0\xA4Òš\xFA\xC7\xD4
-\xE0H\xDB\xE4Gv\xF102b^�\xBDrIG$\xCDYx=Ρ \x86\xC1\x91�2\xFE\xC6Ex\xCA1�j"\x92W9Z\x9C3\x8ER\x8E\x9D\xB5\xC7\xF1q\x93M]\xE5\xF9βȳ\xB2ű\xE7l\xABt_�xR\xA64h \xD3s\xEEgs\x82�\xF9\xA2N\xEA�A\x97\xFB\xBA\x9E\x8A\xC8�"Å\xD6ÓŠ\xBEee\xE86\xFBÝ®\xAA[\x82\x82\xCD\xCD\xEF>\xD0\xC2SR\xE4i\xD2\xE6UIk\xFB&/\xD7�\xED\x97)\xD8\xDCP+pVW��\xFB\xBE4\xDA\xF2\xB9\x96
-\xEDp_\xA6Y]�\xF4>\x9C\xD3��\x9A,\x93\x92��8Nav\xE4\xED��,\xF6-
-\x80�\x9D\xC1 \x98\xDDee\x96\xF7e\xB2\xE8v\x97mV\xAF\x92\xA5\x99\xB6�'\xEB\xA1t\xB2\xAD\xB2\xA4\xDD�e\x90Y\xB0KF�\xC4!S�x\xF2U\xAB\xEAc]6\xAB�\xEB5\xBB\xBAʴ3\xAC3\xA6\xA3\x965`:\xFB�\xB7+E\xE0\x80\xF7 �\xF9\xA4Q\x80h\x8B@\x80\xB1\x88,%x^�\x984� k�\xFAVa޴\xFB�\xA1\x90:\x9B\xAAx\x82;\xD3k\xD5\xEAds\xF6Bֆ@k\xABB��"\x96\x8Cc\xE7\xDE0\x83KԖ �\x98Ĩ\x9C�xG\x96\xD4C�\xA4\xA0\xFA\xBCɴոRIڮ\x94\xD3l\xAA}\x91\xBE��\xE6\xC2i\xEBi��m\x96\x92r\xB9\xA9\xEA\x86\xF0\x9F�\x8D\x86\x8B̬Ӵ94m\xB6u\x9F\xF3\xD4\xC0\x97U\xF9\x8Ds\xB9\xDE\xD7\xC6M\xF4\xFEM\xBE\xDC\xD0\xFA�\xA9mR&k\xD0\xEC\x88\xE7,�x\xDE\xD8\xD1n!#'I\xB7y\x997-�\xAF\xEAi\xE89o�\xD5M\xAE\x8D�PI\xAB00W \xA3\xEE
-\xA6¡[ \xE0s^�4Z\x98
-\xFBF_/\xB0\xB1l+\xBD3\xCDK�=\xB4 \xBB]\x91/\xF5\xD1�\xC2\xD5Z+
-%\x8BE\x9F\xB2\xAA\xB7I1v.`\xA5ſ\xECa\x9Ed2\x82\x8Cr\xDD\xC3zXW<\xCCb\xBD\xEAaט�=\xEC\x94鸇\xF5\x99>h\xF3\x94\xD2IH\xE7h&\xDB-X��r\x92\xE7B�\x85\x80\xEF�O\xDC\xF86k\x97ok\xED=�,kE���\xC1\x93#?\xB0�\xAA]w5\xC0\xAD�\x92\xC0\xB1\xEF\xC1\xB0\xA6=�\xBE\xC6\�e�\x84\x9Cx \xBA\xC6#!I\xA7*\x8B\x83\xA1\xFD\x94\xE4\x85�\xA1x\xBD\xAE�9\x8B=�
-\xAF\xF9(\x8D�\xC46\xDA\xDAx
-\xB6Ø\x8F\xC0$\xE9G\xF4oRzi\xB6دq`\xD61\xBFÙµ2\xAD\xDA��\xCChDL:\xBE\xAB\x89�\xF0\x98�\xC1\xC4U1SBuU\x95�\xA5�\x87\x82\xE1\xD1�\xFC\xB4lH\xAFz\xF6)\xA7\xE3\x9Ch�lW�,\x8C\xC0\x94\xBAL,\xA3\xD0h,
-\x8E\xF9�\xA1F\xCF
--i\xC7�(ʚ\xA4O�U\xB2Ԝ Vσ�\xA2�D;3 \x90N\x8A\x84\xAE
-�u\xFA\x82\x85\xD6
-A�!�zB�Ϊ\xAA z\xCAa\xC4�wI\x9Dl3H\x92 \xB2R��7IK#�\xABp\x881\x82\xBE\x87J��ʤM�.\x93]\xB2ȋ\xBC=\xD0��<Q\xCAF,\z�\xD4ya`,\xF6\xBAu�1\x83\xE2A�\R
-�\xB2\xBEr\xE6\xBBl\x99#d ^E\xE6
-\xD1P\xF9B\x87w䟛�a U�EXW\x89\x90\xF9~xb\xAA\xA8X%bg\xA7U^=逮$?\x96?"�^��\xCE.�w��\x8A\x92Ž\xF7�\xC2N\xB3U\xB2/Z\x9A\x90\xF64z\xBB1\xA0\x8A \xE4!\xE3\xF4�h
-�Q�\xF1\\xC3'\xA9O�\x91\xCE\xD2\xCFu�\x86,䑽�\x90\xD9\xD3.\xAF\xBD4\xE2]\x91)#\xD2(\xC2\xC0s�4\x82Ü\xD5\xF9�\xAAɤ �r\xD4È–U0�1s�\x99�\xB6\xBC��Y+\xEFÛ°8�n
-Ý›�spm\xDB�\xB1C\xD0�T\x8Ck\xC3OG�\x80\xAD\x{1B66A3}\xB9\x897x-Ð8��\x95\xB0\xB1�\xF4��\xE5\xCC�l\x80\xE9Y\xB0�\x99\xF4!�\x90\xC6\xDA�\xAA\x86,ud\x87fD\xBDаH \xED�!7-X\xCFVW\xF0(\x92U(F
-\xC8\xCE:@\xBF!\xD7}\xDET\x8D�\xDC\xE8J\xAB��d^�ʡ�lH\xEDJ\xD9�L\xD0�\xCE\xCBKe7\xAAL�싇�qU\x8Fy0WLq\xDFZ�RI/��\x9C>�\xFD\xE8h\Jp\xDD�̳\xB3\x9E
-\xDA��\xAB`\xE2s\x8Fy~\xA43,\xAD\xD5\xEB
-f\xBD\x8Cl\xD1\xDD>\xFEyF>\xA3\x8A\x82̳eۥ\x9E\x80A\xAE�\xA7\xD2x\xDCg\xC2S\xFE@\x9C\xB3\xB2\xA0\xC3zE
-\x8F\x87P\x8D\x80��bP\x9C\xC6D\x94\xB5\x90O�\x86m\xC7hJS\xBEN\xB0\xF2,\xA7�&\xA7͓\xED\xCE64\xB7\xFD*\xEDՄ6\xAF\xD0
-�ז\xA1i\xE0\xB8W\xE9�\xC0D\xC65�\xB7\x86 \xB6\xFB\xE3]\xC8\xD2\xEF�\xF7\x86\x80u\xBD\xDEf�\xAB)A\xF4\xD1q at h+\xD3\xD1A\x82\xC4��\x98$M\x98EQ=w\xAC\x88\x91\xC0"�\xA7\x8B:\xCFVcy-͚e\x9D\xEF\x8E\xD7lm��\xA1\xB1\xBE\xD1S��\xF1t \xA9\xA0S\x92\xDC?\xEA\x9B \xA3q\xD2\xD6;2\xE9\xC4\xF8O~\xBC�S\x80è>\xF6?\xD8�\xB7\x94+_\xBD\x98{\xF4B�J7\xC8^
-
-\x91
-\xF4\xE1\xED) �D\x9FÊ®(g\x9D?e%!�\xEF� \xFA\xDB%<e\xAA4�\xBEa\xD7lF\xD0\xF6\xB0\xD3M\xB0\x99U\x83Ýͽ\xBA.\x81]ty\xCB=�ا\xCCJ]?e]\x93�8\x94�`\xB0\xAB!\xB67cwF1J\x85\xB6e\xD1\xD9R\xAA\x80\x82�\xC0�\x9A�9\xF5i!�� \xB3\x99�\xEB< \xAD�\x84\xDE�pO\xD1T\x86\xCA\xD2\xEC:!7\xE8^�lnN�\xA7\xDD+\xAC\xE5\x86aB\xD3~\xD7�\x98\xAE\xD1 6�\xB3\x9A�\xD0S\x9E�\xF86\xD9\xF1�#\xDA\xC0&\xA1+{\x8B\xBC\xB4\xB1zw\xB4W\xBD%f""\x8B\xF9\xAD\x81N\xD2Xd\xD3��_Íž\xEF\xC62\xE9jN�\x9E\x88��E\xA8&
-)\x82M\xFE//\x80\x92\xC5Q�\x8D\xBF\xFF\xB9�E\xB7O\xF2<8\xC2
-\xE4vX\xED\xD0\xF00I\x9A�\xF5\x9B�� \xB1\xD5FM-\x87\xC7��J
-�\xF0k\xBF\xE3\xE8tw\xAB\xE9\xAC\xF7\x98Øšwg=\xA7 !E0\x91AÄ¢ \xFA\xCA\xF1wJBr\xFBXt�1\xF2\xA0\xDBa\xA1P\xAEɦ\xB3�:Õ™\xDA9(O\xC6\xD1u\xFE�Öˆ �Ub>\x82C \xB4\xBF\xAE�'\x85\x80vu�\xA0T\xA7!\x92��hl+(\xFA\xAD\x93-f\xFB/pݾ[Ë]\xD46�\xD6P@=w]\xDB=\xAC+Ú¶XxÖ¯\xAE\x89\xC5I\xB1\xAE\xEA\xBC\xDDl\x8D\xD5u33r\xD0�*\xB6c \xE4~\xEE\x80M[c,8\x91\\x82T^\xCC\xE3\xEB\xA2wX#\xB2\xF7/
-
-H\xA8\xE3 4�\xBE\xBB(%(\xC3 nÀK� �tӇ�\x90\x95�Ծp�\xC9��\xF5�H\xA9l\x9E{/.د{,
-e0\xEC�>\xD9r${\xD1\xC1\xE3\xCD\xF0\xCDtÜŠz\xE9\xD9\xFCD\xF1\xF9\xEEÏ¡9�rP#nßÔ“\xB1\xCF�O\xE8(�\xB5\x94G\xB5Mo�\xA3g~�\xFF\xD1\xE8\xFE\x81\xBE\x96�\x8E\xA5��4\xFA\xF8\xF4yyy�I\xB4\xEE Ky\xC5K�\x8F�\xB6\x98\xA6C7c\xA7\xB1�\xAF\xEB)\xC6\xE3Ø£�\x90\x918hy\xF8\xED\x9D\xCE,|\xA6\xEFO \xF0Oc�\x9F\x90\xF5;\xB22\x88\x9Dm\x96h Cn\xDAw�\x9A\x87��i3\xC1E�H\xE8\xF3wUf\xFF4\xFB\xF0U\x82\xF0`\xA1\xC9\xD7%\xDD(\xED6O�!\x95\xEE\x89%[VÏ¥!Ø£\xD2`�`\xDB.X\xBB+\xDB\xDA\xD0\xDDU\x90\xF9�\x87\x9E\xD7]�D\xCE\xEF�\x9D�a38\xEE\xC8Ë\x8D-\xD56o\xE9��+\xAA&i6\x89\xA0\x89y\xCA\xC4_�\xEC\x8F�\x8DE\��\xE1\xEA⃣\xF2�\xFER5\xE2Ѽ\xAB\xC3\xFF\xEF�ÄŽ/\x97�T\x95Ñ¥^A\x86б\xC406B\xA1�\x84\xE2\xE7\x91\xD4\xFCtv.\xFB�<8-\x9Bendstream
-endobj
-2354 0 obj <<
-/Type /Page
-/Contents 2355 0 R
-/Resources 2353 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2255 0 R
-/Annots [ 2358 0 R ]
->> endobj
-2358 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [344.9397 501.3201 406.1397 512.7122]
-/Subtype /Link
-/A << /S /GoTo /D (trusted-keys) >>
->> endobj
-2356 0 obj <<
-/D [2354 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-806 0 obj <<
-/D [2354 0 R /XYZ 56.6929 609.3932 null]
->> endobj
-2357 0 obj <<
-/D [2354 0 R /XYZ 56.6929 583.208 null]
->> endobj
-810 0 obj <<
-/D [2354 0 R /XYZ 56.6929 484.1849 null]
->> endobj
-2359 0 obj <<
-/D [2354 0 R /XYZ 56.6929 454.463 null]
->> endobj
-814 0 obj <<
-/D [2354 0 R /XYZ 56.6929 405.4622 null]
->> endobj
-2360 0 obj <<
-/D [2354 0 R /XYZ 56.6929 378.8348 null]
->> endobj
-2353 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F14 964 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2363 0 obj <<
-/Length 2458
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZ[o\xDB:�~ϯ\xF0\xDBq\x80c\x96w\x89yK\xDB\xEC"�\xBB9\xD9&�v\xD1\xF6A\xB1\xE5D\xA8,\xB9\x92\x9C˿\xDF!\x87TD[\xB6�Hv\xB1(Z\xD3\xE4h\xF8if8\xF3
-k6\xA1\xF0\x87MRE\xA80r\x92�I�ej2_\x9D\xD0\xC9=\xAC\xFD\xF5\x84y\x99Y�\x9A
-\xA5>Þž|\xF8\x8BH&\x86�\xCD\xF5\xE4v9Е�\x9A\xA6lr\xBB\xF86=\xBF\xBE\xBE\xB8\xFA|\xF9\xCF\xD3�WtzNNg\x8A\xD20\xFB\xE9\xE2\xE6t\xC6db8\xACH\xBB\xA6\xE9\xF4\xE3\xE5\xD5g\x946\xF8\xF1\xF9\xEA��\xBB\xFC\xF8\xE5\xFCË©H\xA6\xFF‰\x9B\xAF\xD7\xD7\xBA\x89\xDB\xD3�\xB7\x9C\\xDC\xF6\xA0\x87/ƨ\xB0\x88\x9D|\xFBA'�x\xBF?N(�&U\x93'\xF8B 3\x86OV'R \xA2\xA4�a\xA6<\xB99\xF9G\xAFp\xB0\xEA��3\x94T)Q\\xEA\xC9�\x84\xC1NlÜœ\x94P�\xE6\x99%\x92�\x99jÙ›\x93\xB31s�)k\xCEY\x8Bo\xBE\xA8WYQ\x9Dee\xB7\xFD\xE2LJ\x92J\xC00\xD4~\xEC\xD591i\x9A\x8E\xBF\xF8\xAC\xD7x�08\x92\xA4B\xA8�q\x9B7\x8Fy\xB3\x832\xD1\xE0\x96\x84\xBD#Ê \xF1�\xCA\xC4�j\x94\x89Qf\x8BE\x93\xB7\xED6L\xCE�1J\x9A�\xE6\x8EC{\xA9\x91\xAD\xF9`k\xCERb\x84�[�Z\xE7\xF3b\xF9�~�f\x9A\xC1\x87\xA4`\xB4u\xD6d]\x8E\x93\xCD)K\xA7\xF9|Ó´Å£\x9F\xF2Vu\xC2�\xBB\x93h[\\\xD6
-�\xBA\x87\xDC\xEB\xB3{|\xA7\x94\xCFq\xE1;\xE7�CȎ\xE0\xE0 \x9AL/\x9Eg\xF6\xFD\xC1\x94�p�843\xC6\xE0\xC5�G�\xAD\xD6e~�\xA2\x8C\xF6a\x98?\xBBY2\xAFWg\x9CRv\xB6\xB8K\xCF\xCE��r\xE7<\xFA\xA0\xD7\xC6�)\xF0@\xEE?�C\xA9\xFD'\xA3\x97:�g\xE0�\xC1D\xB4\xED\xDB\xC2\xCC+<�\x911M�ei\x8CqO\x94A\xA2 L\xD3\xF4\xB0qz\xA9\x91\xAD\x87Q\xC6��� S\xF1\xD6�z\xEC\xF2\xFA;U\xF4Q~x\xD40`8�G�L\xD4K\xFC\xC4 \x82\xC1v�*\xFA�\x82V\xAE\xC6ϧ\x87b\xFE\x80\xC3_\x9B\xBC)r\xAF/\xC3\xE7ÃUG\xF6Ƈ6Dp\xB0\xFB\xE1\xF8�H�\x88\x8F e
-\xF0P\xB7]\x95\xAD\xF2�\xE3s\x83�rh\xE3 4\xB2qdz! 7rk\xE7Þˆx\xE2pì ¸�\x9EÖ¡\xB1\xAD\xE9^,Î\xF7\x9AIC\xB8R\x93\x99�\x90h!�\\x81\x85© \x87:J\xA1\xB0\xB6\xEE<β\xF6\xA5\x9A\xFB\xB3\x9Ay\xAB�vÅ\xBBÍ\xF7k\xDEÖ¥u\xA3R\xD3ß½�\xEB\xE6gQ\xDD{\xC7YE�M]Õ›\xB6�\x98\x86\xAFL!\xFD)@%1\x99\xDD�\xAB\xA2\xCC\xEC�q\x85Q\xC1\xB5\xCB6�ÌŽ\xEC6\x82N\xEF6�Je\xF3y\xBE\xEEZ�\xCDp\xAE,Z\xBF\xEA"\xD1ꀨuv\xF1Q�K\xBD9aÙš\xB3\xF5\xFA\xC2'\xAE�R)L\xDA�X\xFAqV-P\xC4Ǿ5\x84�]\xD1\xEB\xB5Y\x91neC4\x8C}2�\x8716%\xBDl
-\x87P\xA1\x8B\xBE\xB6\xD9}ȜC�\xA1\x89\xBF\x85d:\x9E\xC18gD =Q�\xFCL\xBE=\x81�}\xB3\x81‘R�U�\x98\x8C\xE9\xB7
-\xE9˧\x89��{\x87\x83/_vp�J�\xA9\xCC\xFB��
-\x8F 7\x82$B\xA6�\xF2\xEEe\x9D{\xC8E\xB5\xDE\xEC\x90&!�\x81\xE7\x93w�\xDB+<�VHM4$\xEC�\xAC\x8FQW\x8A\xB9�o%\x9A\x87\x802N\xE2\xCFuW\xD4UÈ.\x8C-\xB9vι߬ \xBF\xB6g\xFB�\xAC�\x8C\xA4F�\xA1\xA6C\xA9\xFD \xB6\x97�R\xD3=\x85\x98[\xFA,U\xB4\xFF\xDB*q\xD0x�,\xE3���\x88{\x84v_)�{�\xC3\xE5a3\xF5R#[G\xF5@��H\xA0I\x8A\xB7\xB69Kj(Å�Gq\xFD\x95 f=X\xF0�N\xEF\xD4_\xA9��0\xC1L�s\xA1\xFE\xC2\xF0\xB5\xFE\xDA
-\xFA\xFA\xEB�\xB4\xF5�(\x9FqY�`\xE8��\xB9���t\xC1�\xC4B\xF2$\x89�aU\xFB�\xD0n\xD6\xEB\xBA\xE9\xF2E8g\xA1\xAA�>0\�\xB2\xC1\x99\xD9\xE8uy|O\x8C\xCA\xD4@\x813\xE6p\x8C�\xA5\xF6\xC7h/\xE5bto\xBAb\xD4\xC0\xF9\x82`�j}[|�\x8DG\x802\xC6 �\x89\x8E\x91ڌ\xB5\x83QpB5O�ۧ\x97�\xD97&+ \xA1R\xB2x\xDF\xD7nd\xC8H\xC0^8aQ\x8D3D�o�\xCB\xDCm\xCFy\xF2e\xB6)\xBD\xD9C$\xF4�\x9D�\xF5{\xF9 \xA4<H\xE7\xE9\xB1P�H��\x85 e_t\xB4�0Fm\xAE\xD0Ѷo\xEC�\xBC\xC6#�m_\xA1\xA0\xEA\xC6 _KA\x9CK�bh*��\xA7\x97�\xD99\x8E�N\xD2Ԥ\xF1Ξ5z"6p\xF86\x89m\xE3�\xE0.j��\xA7Z\xF8\x98ȳ\xD0�\x94E\xE5\xC5\xE6P\xC6`\x8B\xAD\xB6\xA3\xA7\xAC\xD5}\xB9\x87;{\x9D�Ͼ-u\xCCTFl�,�\x8E�\xCB�p
-\xC5\xDC\xFB\xF4\xF4D�M\xEB�\xB3[=; �\xA8\xF2.�@�UK\x9E\x9F\x9F\x83\x9A1\x9E.4I5\xB3'P\x91$\xF5i�\x89\xBA\x88\x89z\x93ùi\xBB\xFDT\xBD\xBF\xFCꚬj\xB3\xB9M\x9D\xDEte�\xB9\xF48%\xBFt�d6\xED/\x9C\x9D9\xEE\xC3|\x9F\xE1\x86\xE8\xBE~\xA5\xBF/\xC0l\xCEC\xB1I$v ,\xB0�>]7E\x85\xFEc\xE1\\xB3\xE0\xFD5x7G\xB1\xA7\xA2{\xC0\xB5UQ�\xAB\xAC\xC4/kd\xD0s(9\xE0l\xE7T\xD5#^\xD4y[\xFD\xE6\xBF\xC0\xAB{\x88\xE3|\xDC\xF2u\x8E\xAD�v7\xF0m�\x84\x8D]�3s\xA3\xA7E\x87\xCBmW\xAF[�z\xC2Ϸ \xE1\]\xCD\xFDjx\xF2>džE\x80�^\xA2\xBD\xC2+\xC3\xCC�U\xAD\xB6v\x88M\xC9�(\xDA9,6\xA8\xAF8�3\xFE�\x94�U/\xF3\xA6�\xB3\x8D�$^\xF7P$��LU�\xAE \x82)[\xE0?]\x9D\xFF\xFD�\xBF\xA2$\x83\xA8\x82)\xDFI \x9B\x8F\xB3�GO\xF5\xA6\\xA0�\xEE\xFAkS\xF4\xDC�֗\x9B\xC6c�\xC3�_\xF8�\x82I0MP\x9A\xE3
-\xA4px\x97�\x90\xED�\xBE\xBE\xE3 bz\xE9Q\xD7N\xF1\x88k\xA1!\xB5��\xED\xEFیb\xD3�e\xD1\xF9b����q�\xA5\x91G�\xE5\xFE`\x85\xB8\xDE=\xB7,M\x89N(� v\xDFEq?r\xBA\x98$F\x8A\xD4\xCB�O\xD3)\xD0}&\x8F\xB6}\xC1\xA6yȪ\x83�jУ\xEC\xE9�\xB5m� \x9Bp\xA8{:\x81]\xDE\xDCR�\x8D\xB3\xA1ʑ\x9EJ�\xA2)t\x83\xBD\xD8V;\x88\xB0\x87W,\xD6�\xD0Bj{]\xF1^\xAD�\x87J%\xF91.0\x94\xDA\xCF�z\xA9\x98�\x8E\xD2.\x9E�i{\xB0\x83\xFB\xF7R# \xE2r+\x88T\x89\x8A�\xFC\xBF\xD1.N9�<9f\xEA\x81\xD4�S�\xA9\xE3״C\x85\xEFsM{�bM�a<vM{\xD08\xAF״\xBB[\x8F^\xD3\xC6[\xFF\xAF\xAFi\xB7.�\xA3x9xQ\xCB�N8$\x86\xC3�2\x94\xDA�!\xBD\xD4rQ{p\xE3\xFE\xA2vw\xE3ы\xDAh\xE7\xFF\xD6E\xAD�\xF0?�\xF3\xBF\xFB\xAC\xF0��\xEA\xA6\xF5oQ-k\xEB\xFA\x81\xD7C\x92� �fW\xA2\xEB\xCBɼ^\xE4\xC7�\xE1\xAD+\xA0B\xA8)~\xBAkW\xFB\x81\x8A삧A\xF7M\xB6\xF2K5.\xCC�\xF2\xF9O\x9C� �\xD2\xF2
-\xC9)\xB4\xA0\xBD\x90�
-��n\xBBv\x97?d\x8FE�È€Ò‰\xA3~v\x9B.\xFB\x99�\xB1)��8\x81�\xB1sY�\xA9F)á ¨ u\x90JL\xE7YY\xC23\x92\xF1q{K&<S\xB5"\xCE\xCFv\xEA�NS\x85s�\xC3NZ�^\xAD{[\xBB�\xEB\xDF\xF5\xD6�\xFD\xFET[\xA2TÝ1\xBC\xCBkxQ\xCB}\xE3��\xD1S\xEDn\xD3T\x96\xAB[\xA1\xBB�\�yC\xB0\xB2\xB6�{\x89\x92�\x80�,\xA0\xA7\x81Vl\x89�\x86Kr\xBB\x92?c{&�\xE7w\xE2\xB9�\xA9�\x82k�\xECrל\xA6Óó’¬\xE6�u\xA0\xB9"I^7\xDBT\xB31w-\xF2\xA6|q\x9C[$*\xA2\xEE8\xF3T\x94%\x8E\+\xE0�\xAD\xFFÄG \xBE\x8B\xAC�×@$
-\xB1\x99���\xA2\xB3\xB7чQ\xCF
-�\xE8\xE92+\xCA0g\xBD\xE9@\x8C�\xE1\xC5\xF9\xE5\xEEU�4܂\xAB\x89V\x90\xF8\xDF\xE1"4蛽*�IyT\x91\x94\xDB\xFF\xE8B!�VW7�\x9F\xBE~\xB9\xF8|n\xCDsk\xFF\xF1\xD4 z
-\x97 \x9AP0\xF2\xAA\xEFG\xE1�O\xAC\xBD\xBDCGj\xADҒ}\xBF\xC4�\x8A؟O\x8Cdm\xF8\xEB-\xF6\xE6_i\xBC\xFEVE&D\xA4\xE9\x9E\xFF\xA8�T�!��\xA0\xAC1\x98ع\x8FT"%*\xE5\xC9�\xF6�gWf\x98endstream
-endobj
-2362 0 obj <<
-/Type /Page
-/Contents 2363 0 R
-/Resources 2361 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2255 0 R
->> endobj
-2364 0 obj <<
-/D [2362 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-818 0 obj <<
-/D [2362 0 R /XYZ 85.0394 650.8348 null]
->> endobj
-2365 0 obj <<
-/D [2362 0 R /XYZ 85.0394 625.7398 null]
->> endobj
-822 0 obj <<
-/D [2362 0 R /XYZ 85.0394 378.0874 null]
->> endobj
-2366 0 obj <<
-/D [2362 0 R /XYZ 85.0394 350.2627 null]
->> endobj
-826 0 obj <<
-/D [2362 0 R /XYZ 85.0394 153.7325 null]
->> endobj
-2367 0 obj <<
-/D [2362 0 R /XYZ 85.0394 128.6375 null]
->> endobj
-2361 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2370 0 obj <<
-/Length 2393
-/Filter /FlateDecode
->>
-stream
-x\xDA\xC5Y_s\xDB8�ϧ\xF0t\xEEA\x9E]s\xF9W�sO\xE95\xB7\x93Ý6\x97xg\xEE\xA6\xDB�\xC5V�]m˵\x94\xA6\xEE\xA7?\x80 eÊ–\x9D\xCEvî®\x89(��A�\xF8�\x80ň\xC312)K\xAD\xB4\xA3\xCCjf\xB80\xA3\xD9\xF2\x8C\x8F�`\xEE\xE73\xE1y&\x81i�s\xBD\x9E\x9E\xFD\xF4w\x95\x8D,\xB3\xA9LG\xD3\xFBHV\xCEx\x9E\x8B\xD1t\xFE>\xB9`\x9A\x8DA�O^_\xBD}3\x9EH\xC3�K\x8F7ooi\xF0\xDB\xD5뛋\x9B\xB1Ê’�\xE1\xF6\xF7\xEB\xEBw\x8E0�O\x84άL.\xAE\xAF/ß¾\xB9\xFA'1\\xA0L\xCE�\xF5o\x97\xB7\xE3�\xD3_\xCE.\xA7\x9D\xD2\xF1\xC6�W\xA8\xF1\xA7\xB3\xF7�\xF8h�\xFB\xFB\xE5\x8C3es3z\x86�΄\xB5r\xB4<\xD3F1\xA3\x95
-\x94\xC5\xD9\xED\xD9?:\x81Ѭ\xFBt\xD0P\x823\xA9R9`))\x87,e,K\x95T\xCER\xBF7\xC5Cy>\x9E(\xC1\x93\xA6X\xAE�\xE5䡨h\xBF\x8FuӮ\x8Ae\x89\xBB�Y"\x92\xC5G�\xA5\x99\xCDy\xDA\xD9;e�\xCC\xC6y'\xE7i=/\xDA \xBB \x91M\x85S4\x9EoAx5\xA3�b\xA6\xF1lQ\x95\xAB\x96\xC6\xEBM\xFD\xB0)\x96^�\xD9WA��\x9B\xA1\x8D\\xE1�\xA9N\x8A٬\\xB7
-\xBE(\xB7*Кj\xF5\xE0V\x85q\xB7�\x8Cg\xF5rY\xACæž·\xF1�zs\x93E\xB5\xF2\xDC\xC5f,\xF2\xE4\xE1i \xCA\xFD\x88\xA4,i\xCA\xD5<|\xB6"1\xB1|\xF7A\xF9\xE9\xA9l\xBCr˲A{\xD3K[\xE3\xAEp�B0k\x8Ct\xFBh�aZ\xA94)\x9E\xDA\xC7zS\xB5E[}\xF6\xA4\xA6\xDC|.7\xE3L'\xB0\xBE2Y\xE2\x94w3\x8F\xF5sC\xC3N \xADÞ¬\xEBU\xE3)\xF7\x8ET/\xF7�wb]\xD0\xE4\xC9ÕŠ&j`\xD9\xD0\xF0\xB9v\xDF\xCE�\xB7r��W~\xBD\xF0,\xBC0<\xE1\xEA�\xCEe9�v\x9Cx\xB7\xAB\xC6\xDB\xEB\xF0|\xB5d\xDC \x85;F\xE6l5 ĉșÎ9\xE6ñ;\xBD\xAF\xD7m�F\xF8@\xAFpË\xB9\xD7M\xE8hE\x91jÆ•�~\xC9�(%Y\x96f\xDA3\xCC\xCBEÙ– Ox\xC9R\xEAxa��H#\xD5E\x9A\xB2\x9Cs�t\xA7\xC8yG\xBA\xD1�䋈4\x91\xAB5\xE7�(#X&D:JyÆŒ\xC9\xE5�T \xA6I\xCCE\xA0 �@\xA1\xE3B\xA5&>Z\xD1�\xF7�\xCFs\xE0�@\x8Až\x84q�\x90"χ�n��\xBE\xA0\xA8� \x84@\xE9)\xEA=wOE!,\x93"?m\x9F\xC04\xB0l|\xE0Bj\xD4Z\xF5×½\xC0`\xB7"\xB9\xBA\xC6'�j>\xF7\xD1\xD6\xD0D}O\xCFv,��3�\xEF�4\x92\xBC\xFENF\xFBX\xB4D},\x9A\xFE�[ⸯ7^*\x89\xE4\xC9\xD7z\xE5%\xCD\xEAU[T+ \xBA�K\x88�cm\xDE�\xBB\xE0\xA5*\xE7 "<\xC4}j\xF3dJA
-D\xC0\x93\xA7�bKf\x93U\xBDY�\x8BŖf\xEEJ\xA2�z\xE4\x88\xD0ղ\xD8l\x89\xBA�Z(\xCA\xEF�ǴG\xC7�`�\xC9\xE1&�\x80CҴA`ʵ�y\xA5a\xB7\x88\xB6JˤX45\x91\x9C^\xF0,h\xA2)\xC1"s\xD2K\xEF�\x8Dc\xAF�\x8C\xDCn\x81�X�\xB0�\x9E\xE8�\xE7\x9E\xCFK�\xB3?�\xF6ω\xBD\xB3�LF�\xDFğ\xC9\xEE�\xBA
-QjÒ™\xCB]\x87�\xF2� r\xA3�\x93:?�\xE3�\xD3\xF1��L.\xC2?\x92��\xCB-\xEE|Q\xEE/o-3\xB9\xB0'\x97�<\x87\xCB\xF7"\x88CR�\xF9Fo\xFD�B\xEB\xE9\xED\xD5\xCF0\xE2��!\x92WÇ\x9D)a��\xD3�\x8D\xA7?\xFAAw�\xC0\xD4n\x8AUS\xCC�N\xC1[ `\xC1\x9D=\xDBn\x97\xEE\xF5��\xBA\xA5\xAF\x9C�\xC4"�Lx\xDCT\xD1M9f\xFA\x90\x82J�\xA2\xA5\x90\x86�\xDE\xDCh\xD4\xEER\xA3̦\xAD��\xC2B\x88㧬!{\xCD5d\xAF'\x8F9\xE6:~\xCE�\x97;\xE8uÈ£\xCA
-\xB8i\xD5T\xED\xC1Y�\xA9\x98\x95\x90\xAE\x9EÔ¢\xE3�P\xA3\x!
8F\x989\xB3<Þ“?pi,\xA8\xE1\x8E1D
-\xA9�\xD9P 7\xE3\x81�);#Zwi\xD7+\xC4 \x9C!\xD4;)\xCE!�\xB2\xDCyB\xB3.g>-\xC1�\x9Ba\xB6\x92\x93\x8B\xE0\xF4\xA0$�Ќ).E\xFF\xAC\x83�\xA1i+{w\xE7O.\xE4.\xD0nj\x9F\x99\xF0\xAF\xF4\xF7\xFD\xDDvOğq!8\xAD_\xCA�b\xAE�.�\xB8\x9C�mH\x8B
-Fa\x83\xB8\xBE\xEF?��\x9A,�=�\xBE+'\xE8$\xBE\xA0/�\x84\xE94\xDDS\xF8HV\xA0,�Z\xE6\xA7
-\xD5q
-\xAC\xDC\xF3r
-y\x81Ô¢\xBF\xB2\xCB�\x8C\xCF�\x8C\xDC\xCB�\x8C\xCF�p\x82^i2\x98Õ‘\xBA\x94\xC0\xC8\xCEm\x84O\xB7\x91�|\xC1\x91\x9F\xABÅ‚FO
-^\xE2J�\x8A\xB4�E/\x8B-\xB9w
-\xF9\x81\xD4i߽\xEF\x82�\x963\xACX\xC2u\x85x\xEC\x9Cx�yiu\xBF\xEF\xB4\xFB \xCE\xE9\xBE1v\xE2\x9E�\xAB\xD9㞬\xD8\xFD\xFBeT�DP~\xB5\xC7\xE3A at 6\xAFs\xF5B<D\'\xE2!p\xB9x\xF8J\xABc\xF2�\xCA\xE3~\xFA @\x99e\xF6\xB4��׀
-=G\x83j\xC1��\x91\x9E�\xD3`\xA7y\xBD\x84\xB4ϟV\x87;\xE4f\x919}\xA2؃"\x9F26\xC7�\xA8r\xC5R\xAE\xD2\xD3�\x8C\xB9\x8E�\xB0\xE3B\xE5\x8FW`\x92C\xD8+\xB9W\x80\x89o(\xC0�΀3+2qz��\xD7\xC0.\xFAg`X\x8E�\xD6\xDB\xC6-\xDE(�A\xD0n\xD7{\x87�\xBBr\xBD.7\x85OQ0\xA3\xB8\xAC\xA8\xC4�\xE5#\x98\xC5U\x8C\xC4�M\xF8\xADvs˧��!V\xA3�\xEEhL(\xA3\x980\xF9�\xD9d\xCCu\xE2H�\x97;\xD2�\xA5o?\xD5\xE0P\xC0�ʜԤ\xE3�P\xA5\x9Fj�(\xD8S\xD3ץ;�%C\x93��\xA8\x91'\xD5\xF4\xBC\xF33\xA4\xF7�K�\xC8�.<\xD3v]͊�\xBD\x94_
-j[\xE1��\xEB�\xC9Ͼh\x92Y\xB2\xA8\xA1\xF2\xAB?\xFA\x97\xEA\xA3\xE7E\x9B�Ì€\xC8WL+\xB8\xBDz\xD8;\x9D\xFEF6\xBC\xB9\xD9\xF9\xD2Í›�\xAC�\xA6\xF8\xE7�\x85\xB0c\xADG\xC8\\x99J\xF57\xDD\xC1Z\xC0-l\x8D�\xBE\x85\xA1pq\xC7e\xD1w�d\xF9a\xF8b\xEFBïš¹\xD2\xF5\xEC\xB2^\xA0u\xBB\xBF�\xC1m\xA42\xF0AiS&\x94\xB2\xCE"o\xA3F\x8CI\xE1\xCEuU�3J� x�\xF5\xAB\xC0\xB6m*\x93\xCB}Ë€L\x9E\xC9l�W \xEC\xD6:_�}� @S,\xEC�S4v{\xDD\xD9\xC0�~\xBAZ\xCAÑ›�v4\x8A6��Ob\xC9nSiì¥���\xAC\x9Fq@�\xDF\xF7q-6\x9E\xBB\xBC�\xB3\xC1\xB6\x9A\x95c\xB8\xBD\xB1\xBD&\xB2\xA4\xF4\xB8\x80,Ø\xC1g\xBD\xA1\xBAd\xE2\xE9K\xFC\xD2\xC1 R\x9D7�\xB5��\xE0ai\xF2�E54K\x85s\xC4N\xBD\xB1b\xF1W\xF4O\xED\x9D�\xE8O\xABy\xB9\x99�U\xE4\x8B-5�R�~}G\xEA;\x8D\x92\xAD\xEFzÖ\xA3P\xD3TAU6\x9E\xC0\xB6\xAA\xD2wdÝ�LQ
-\x81\xD4G\xCF^\xAC×›z\xED\xBF\xE9\xFA\xA8
-\x99"\xF9<\x96&qp\x89\xAC\xA1q\xEB?\xD6\xC9W4`�V\xF6\xB7!\x8C\xEE\xC7Ê\xE9 at 5N\xDFfy i�p�Y:\xB5L�\xFC\x8Fb\xDF\xFD\xBEp\xC0\xC03�#\xD7\xD7\xFF\xBE`\xEDG\x982V\x9C\xFE�@r�Å»\xD5\xCE
-\x97\x84o\xCD98\x8CÍ ji\x9E\x96î•�.\xA1U\xD4\xE8�j\x94\xEB�й^\x8F\xD6Q\x9BE�Nj�\xBEס\xCB\xC3�\x9AB-3s\xBDh\x98\xA3\xFC�G\xAE\xF9\x85\xDFQ\x8BGC.\xFD9�\xF2ÃtRr.\xCE\xE7w\xF9\xF99\x94\xAA\xFAG�
-\xBD\xFF\xAB�d�ZgN\xC2_ /\xF8A\xCB�I�rǦ>\xD2\xF3\xD7/_\xBE\xB0�V\xAB\xD5�K\xF8\xC7\\xFF�\xE9\x98ظ\xC1\xAB\xFB\xBAf{{\xA6
-\xE3\xAC\xE2\xF4\xBCzK\xCF�z�+\x99Hs�_
-\xFF\xE6�7\xBEa\xAD\xAEs\xEC�\xC7\xE1\xEA\xA0\xE7}H!\x8E\xEA\xE2�\x94\x86":Nc� \x85_u=\xA2]\xE5y̢\xF9Ϣ\x94\xFA\xFC)\xA3~\x83
-ɇ\x96\xF5\xE72\x98\x92J\xAAȖ\xCD\xFFژ\xD9\xFFט\xAF\x8E\xE6��\xF2�5\xD8�\xE2\xA3 \xAB\xDF\xFD\x9B\xE7�ʰ\xF5\x92�\xAB\xC0ef �e\xDAi\x856�J�\xE6\xBE\xFE\xE7\xD1�\xED\xFF�ə}iendstream
-endobj
-2369 0 obj <<
-/Type /Page
-/Contents 2370 0 R
-/Resources 2368 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2373 0 R
->> endobj
-2371 0 obj <<
-/D [2369 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-830 0 obj <<
-/D [2369 0 R /XYZ 56.6929 740.3318 null]
->> endobj
-2372 0 obj <<
-/D [2369 0 R /XYZ 56.6929 714.7319 null]
->> endobj
-2368 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R /F14 964 0 R /F62 1361 0 R /F41 1218 0 R >>
-/XObject << /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2376 0 obj <<
-/Length 1890
-/Filter /FlateDecode
->>
-stream
-xÚ�\xC9n\xDB8\xF4\xEE\xAF\xF0Q�j\x96\x9B\xB6\x99SÚ¦\x83�E\x9BIR`�i�\xB2D\xC7B\xB5\xB8\x92�'\xF3\xF5\xF3\xC8GÊ’\xAD$�t\x92\x83\x9E\xC9Ç·o$\x9BS\xF8g\xF3\xC8'T\xC4r�Æ’\xF8\x94\xF9\xF3\xB4\x9C\xD1\xF9=\xEC\xFD1c�gé–C\xACw7\xB3\xB7�E8\x8FI�\xF0`~\xB3�Њ�\x8D"6\xBF\xC9n\xBD\xB3\xCB\xCB\xF3/�.\xFEZ,\xB9O\xBD3\xB2X\xFA\x94\xBA\xD5\xF7\xE7׋%\x93a\xCCaGê½€z\xEF.\xBE|@\xEC�?�\xBE\#\xF0\xF9\xE2\xDD\xD5\xD9\xD5B\x84\xDE߸p\xFD\xED\xF2\xF2\xABY\xB8Y\xDC\xDD|\x9A\x9D\xDF\xF4B��cTh\x89\xCEn\xEF\xE8<�\xFD>\xCD(�q\xE4\xCF\xF7\xF0\x83��\xC7|^Τ/\x88/\x85p+\xC5\xECz\xF6gOp\xB0k\x8EN�\xCA��\xF1#�NX\x8A\xF3)K\xF91 ��\xC6RÍ‚E\x9E*\xEB�Õ¢vIQ pueW\xD6u〚dOUR\xE6)Q\x8FI\xB9-�I\xEB�7wm^\xDD#\xD8m��\xF7\xF9\x83\xAA�\xFC\xA1\x9E�\x8C1\x8Fh\x93\x81`l �\x9D/\x85 \x8C9\xE7\x81S��\x80\x8F(8\xADj\xB7M\xBDR\xBF-\x96\x82Q/\xAB\xCB$\xAFÞ‚�\x96E\xAB\x9A�e\xE5K7*\xFD\xE1~\xE4\x96q\xA7\x9A\xD2*R\xAF\xADf�\xDF# i(\xAD<|,�\x97$\x96L�y.:\xE0�\xF8H\xBEE8\xD1� \xDC\xED\x9E&\xAD\xBF(\x9FE\xEAj\x87\xA5\xEC\xC2\xC6�(\xBF\x86P\xFE���\x95�oDn\xA56Ƀ\xDDH\xEB�=\x97v\xC5��\xD6
-\x9Bè\xF0P*\xAD0\xA8\xA9�c\x8CľÏbZ}��K\xEFf\x93\xEB3\x8C{\xF8e at .-v\x99\xCA\xDC/\xDCE\xC9`�5\x87�\xC3C/\x98x at xkd\xAB\xB4T\x8D)4Ö¦\xDE#d\x81�I\xF5\xB8\xAD�K\xB5\xC8WM\xD2<\xE1F\x9AT�\xAC�\xEE\xEE\xDAc\xB9\x92)\xFD \x85\x97h\xA5"\xE9\xF4 �\xDF\xDBm\x91\xA7I\x97\xD7�\xE9�\x85$�\x90@\xFAз6\xB9wѦc\xCFh\xB2\xB2\xD1v\xBB\xCC\xEE�\xF4p L`�rw\x87\xC7n\x97\xA9
-\xC8�b\xE6\xB8Fp? T�b�@�\x86<�\xFFK\x95\xE0$\x8E\xA2h\xBAF,{\x8A\xCB!\xC9\xD3�\xC0a\x97
-\x9F�8k\x85\x93,C#\xB5\xAD\xD3-\xAF\xB6\xBB\xEEXn\xC1�� \xCA\xFE?\xB9{\x8A\xAF\xC8-xL"�\xC5c\xB9\xBFS\xCA�ug|�\xF9*I�ƾ\xF3edP\xBEn\xB5\x9Bۓ*M \xF5\xA1\xD8�:Xh<\xDD},\xCEr\x80\x84\x92\xB1\x89\x92\xEA\x904\xD3ev\xCC�\xAA\xB2\x94\xF2e~�\xE7\x94\xDF\xD0�qL$\xF7\xC7\xFC\x9AE\xE4\x{DAA3}\xA2\xE7*\xF0w\xCEe\xA6V\xBB{
-\xE0RYg\x8A`\xA0\xEE\xF3n\xE3�\xE4\xAEH�\x9B!|�\xFF\xFB\xDCu\x87lWn�RP\xBF\x9E\x8EZF\xDE\xE1\xD7\xD6(�}\xA0%Ϲ�z�\xA1\x9C\xB1\x97\xFD0\xC4z\xDE�=\x96\xF1\xC4É'�\x89\xE2\xE0�\x96�i\x82\xE5\xC8��\x89\xC2\xF0\x88%TM\xD49i\xAD\xC9\xC0:\xAB\xBAÍ»\xA7q�\xAA\xC1E\xB6SUuS&Ö¬Em{h \xE9�\x85\xA8\xB5\x9E\xBA\xE9\xFDc\x8A\xA1�\x9COÚJs\x9D�\xAE•\xBB\xA2\xCBM-6\x9EÍÔ³\xA6\xF79aB\xF0WL?\xC0z\xC1\xF4�˘\xFE\xA5
-\xC88%a\xE0\x8F\xD9\xFFR%\xE9)\xBE"+や\xFE\x91\xAC\xBA \x82\xB5O\xA4\xF4#�0\xF1\xB2\x8D�\xD2�\xDFa\xAC\xB0 ƸX\x8A1c㹵ir\xB1gz�\xA7\xDEť\xFD}(˸a�-|�ܷ\xA9\xB5k\xDA\xDC��\xB0\xF3\x9D\xFAT���1 �\xE2\xD9Q\x83\xF7\xA3R(==\xF3\xC2\xE9Qzk�\xE8\xAB-\x9E\xC2z08e\xAA,�\xA3\x81\x8Cĸ\xCBbk\xE7޽\x9B�lC瞞\xA0\xF5\xF7j\xC1\xBC\xAB\xA3\x81\x81C\x8A\xA4�\x84pʱ\x8D\xBCʎ\xA8\x9C\xF5�o\xF5 j\x96\xE0�\xFB\xFF\x95\xA6kg\x8C\xB5\xDB\xEE\x8FZ\xDD�\xB2c\x96\x99v�\xC8&55/dj\x9D@\xEEؼM\x8A\x9DM!\x97z\x8C\x87�r\x82\xB0gK\x99\x84\xA2 \x84|\xA5\xA5�\xB1\x9Eϧ��\xEB\xCADGf\x8C�_\x88`\xC4\xF6\xD7\xF2\xC8Q|EF\xC6 \x9E\xA1\xA3\x8C\x85Ď|\x9A\xEDБi$_6N\x8F5\xC1y\x94I\x82\x93(\x8A\xA31g\x9D�4v��\xD8\xF9�jP]u�_\xE6z\xA2w,r\x91\xB7�B&"\xE1{\x88C̥\xEAJ\xD9D\xB2�[�M\xC8\xC3wey\xF5i\x94\xE9 \x8B"o\xBF\xD1\xF7�C\xBB\xCC;3{\x9As�+R\xDB%\xD5\xD2N.\xE0�)\xA2\xA3HL�ES\xD0�\xEB|�\xBA��\xD8\xF2�蜅\xF4Ҍa\xEA\xF1\xCEMR\xE9\xF5"\xAF,�\xB6\x9C\xC0
-�#z\xCEb\xDC\xF7�\x8D\xA4\xC5\xCD�?\xFAbWØ£\xCED�v\x970\xC0\xD89\xAE\x89=\xAA\xC7
-}E\\x8E\xF3�\x9B\xA4\xBD7j�#6\xF3.�I�5\xA4R
-\xF6B\xD9\xCF$r\xC0U\xF4\%\xF4\xB9\xB6õ\x95r'�.$[\xF5\x88K�t4\x83\xF0\xDAÚ\xD8+\xBE\xF0\xB4\xA3qI\xBB}W�\xF9�\xFB\xDB\xF6\xE6\x89b\xA1\xA5\xDF\xD4F\x82\x98ap\xD8�+\xA6\xCE \xB0a��_\xBD\xB7\xDF\xEF�1\xF7\x86wg\xBD\xACCLÇ\xE0G�\x97>�\xEEh\x90 Ô¡LU\xDD\xC1C\xB0\x8D
-�`4\x89i_�\xF5�\xDEÛ‡Xx�\x9F\xAA|.\xF29\xBA\xF5
-\x802\xB0\xC5�\xD6ZUe\xA6�\x84\xA6�\xF3\xC1\x96\xADŰ\xF3s\xA7\x9Aܤ�,\x9B�\xE1&\xE8Z\x85\xFB\x87\xAB.\xACc\xB1֤\xEB\xD2\xEE��\x81\x8E\xE6B\xCBMdghR\xBD\x8B\xE97�M\xBB*s\x93T?\xF6j\x87\xFE~4�\xA5IQ\xE0�\xC4�{�̲\xFE\xC9º\xE70%�\xFD\xDCκ\xDB�v\xB4f'\xCC\xEC$�2��8z�\xAF\xF1=\x81�PW\x85O\xA0Ȇ\xFDCGh\x9F9>\xBB�\xAF\x99\xA3\xD5Z5\xAAJQ\xE1\x97_'δ\xB7��1\xFD\xB5Y#\xA0�5y�
-jm\xA5 ����-\xB7Ǫ�\xBFk7\x84\xC2A\xADk\x99T\xBB\xA4\xB0Z\x8F\xC8[�xC�[\xFA\xEA1U\xDB� 8�tIMw%D\xADEÚ¨�\x9D%\\xB1n\xDD�\x9F\x9AH\x98p\xB0�\x99\x81\xB5}k\xB2I\xF2 \xC12\P\x9D\x9B\xB23��\xBFp�\xB1z\xDC�Ie\xAE\xFC\xADN\xB67G.vO�G\xCF�#^\xE6-\x83<\xF7\xDE�^Õt�\x8D\x8D\xF6a\xF0\xCBo\x81\x87�Q���E\xCFÌš\x82Jh\x8C1sBi�\xC2\xC8y,z\xFFjx*\xFB\xBF*\x87H\xCBendstream
-endobj
-2375 0 obj <<
-/Type /Page
-/Contents 2376 0 R
-/Resources 2374 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2373 0 R
->> endobj
-2377 0 obj <<
-/D [2375 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-834 0 obj <<
-/D [2375 0 R /XYZ 85.0394 741.6375 null]
->> endobj
-2378 0 obj <<
-/D [2375 0 R /XYZ 85.0394 716.9352 null]
->> endobj
-838 0 obj <<
-/D [2375 0 R /XYZ 85.0394 420.5643 null]
->> endobj
-2379 0 obj <<
-/D [2375 0 R /XYZ 85.0394 393.2598 null]
->> endobj
-2374 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2382 0 obj <<
-/Length 69
-/Filter /FlateDecode
->>
-stream
-x\xDA3T0 BC�S3=3K#K�sK�=S�CS\x85\xE4\.�\x85t\xA0\x9C;\x97!T\x8D\x89\xA9\xB1\x9E\xA9\x89\xB11\x90\x83EV�.\xADknj\xA9g`fA\x82! \xC2V�\x8Cendstream
-endobj
-2381 0 obj <<
-/Type /Page
-/Contents 2382 0 R
-/Resources 2380 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2373 0 R
->> endobj
-2383 0 obj <<
-/D [2381 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2380 0 obj <<
-/ProcSet [ /PDF ]
->> endobj
-2386 0 obj <<
-/Length 2016
-/Filter /FlateDecode
->>
-stream
-xÚµXK\x8F\xE3\xB8�\xBEϯ0\x90=\xB8\x81�\x87oI{ʼ\x92\xE9�\xA6'\xD8\xE9 \x87\x99>\xA8m\xDA�F\x96\xB4\xA2\xDC=F\x90\xFF\x9E"\x8B\x94%\xB7\xBCF\xB0��h\x93\xC5\xE2\xC7b\xBD)\xB6\xA0\xF0\xC7�\x99"T\xE4r\x91\xE6\x92(\xCA\xD4b\xB5E�[X\xFB\xFB+�x\xA4�DI!`2\xB3\x9A(\x91�\x95\xF1t\x91\x8CA\xDEÞ¿z\xFD7\xCE�\x9C�\xAD\xB9Z\xDCo\x86\xB3t\x9A�\x9A/\xEE\xD7_\x97o\xDA\xD6\xD4\xEB\xF2\xC7M\xC2�]\xBE\xBDy\xB8\xFF�wI\x92f)s\xBB(\x9C\x90�-\x94\xF6;>�\x{161A10}\xBF-\xB6\xC6�{\x98$Bj�\xF6hE4U\x99\xDFó–°›\x84QJ\x97\xEBr\xEB\xF8�\x83H\x89\xD0�Ÿ+\xF6&\xE0\xF0ENr\xCDu\x80�\x8C\x88�dv\n\xB3?\xF7�\xE7)\x8E\xDE\xDF}\xC1A\xD54\xDF�-\x8E�}Y\x95\xFD\xF1$�#\xB9RQ0\xC9�\xCF�^\xE6˱nZ[\xFA;\xBC\xFAp?\xE8TS\xC2�hT2M\x98\xCAÅœ\xDE�\xC8É•\xBC`\x94\x8C�\xB8=sÇ \xBCM$�\xDD0\x9Ad\xE0�\xEE\xA9A[_\xFFjM\xF7d\xBA\x870M�\xF1NJ\x8C �M\x89ʵ\x82s\xDD\xE6b\xBD\xEE\x8C
-V\x99\x9C��Ϥ`\x81o\xC0\\xCD`
-E2\xAD"\xE4\xAA*f�yN\xB2,\xCD\xCF�7W�7ee\xEA\xC1\xE4S!S\x92q\x9A\x9Ec~\xFF?`\xEE\x87Q;\x83\x9E�\xE7\xF5*\xCB�\xC9\xE0?\xB0\xBBm\xBA\xFE/\x97t\x91\x9D�\xF1\xFBU\xB1/\x88\xCC�\xC9��\xE7x\xFDU\xBC\xFE\xD8\xFE�x?\xAE\xE29w\x9AÓ\x84\xEB�\x96?^\x85\xFB\xBA\xDB�\xAB_�Ü\xF9n\x8E3\xC89%2\xA7\xFA�Z�#\xFD\xE03H" 9�\x94O\xED\xF3\xD5AG^\xA7\x8C8\xF6N�'\xBF�LwlÚž�\xF2p)\xF6EʉLÙŸ\x89\xFD1\xC4\xE5\xD8�\xB8\xA6\xB1\x9F\xEC.\x8B\xA68ѹH\xFF\x8Ch#\x88?�-rME\xDBV\xCDcQ%�-&\x8C�\x9A\x8Dj\xBD\x92}\xDF\xF8\xF2\xEE\xB7\xDB\xDC\xDF~\xBE�\xB8'ÉŸ\xBB�d\xA7\xE4\xFF\xB2B0("\x82FG\xFCF�]7\xFB\xA2\xAC\xA1�H\xBA,\xEBM\xD3틾l�A\xE4\xCBmwòeÓš�XY`\xB2\xB8V\xE0\xF4�\xA5\xC2\xFC(�+\x83\xE4\xBEi*\�\xAC�Û›�\x91\xB6 ^o\x91�k�\xAC\xFB\x98\xF6$Lß–\xDC$\x82\xA6\xCB\xDB�\xA9p\xBC\x93\xCB"\xB7\xDB\xE6�:\xDEe\xE2\xCFX×€U0�\xB1^À\xBB2jÛª8�r\xBF3H.j\xFB�\xC7Ejчm^\xD6\xC0\x83\xE3\xFE\xD0\xD5f\x8D\xCB�\xBC\xCA\xFE��o\xE1Hx�\xA7\\x8Bjs\xCB'x82\xE2\xC3\xCC9 at i\xD6pe�\xB3O\x8D\xEDc\xC1�_\xCB\xEBJh�\xF9e_\xD6\xE5
-[ھ+\xFA\xC6��\xE4\x8353.\xC1 B\xE7CŹ\xE0�\xD0
- �\xB3}\xDF `\x8F\x97<\x80]\xED\xAEi\x9C蚞\xC4hq�V\xF7�\x97�ͪpR\xF8\xE5f\x83\xBFe�V\xA3\x97`\xA3�r-\x86\x85�\xB4P\x9C\xEF \xD4[�
--(\xE1\xD0*E\x95\xB0Xe;�\xE6[�\xB7\xD9\xFF�\xFA\xF6\xD0;\xFFat\xF9�lӽlw\x9C\x87\xDA04\xCEC\x90\x88\xBF\xBB\xE2Ʉ-\xAE+\xF0\xA3͡^\xB9\x98(\xAA\xE1<\xB0f=\xA3pᲉR\xE9�+\\x92\\x8AX\xFBH\xCCΒdy\xAE\xE0\x8E9I\xD3�#\xFEM\xD5\xEF\x9A\xC3v7s\x94T\xD0q
-qÍ´�2e\xE0q\x81+�_\xD6.Æ«\xEA\xE8f^\xDDk\xA4?\x97\xFD�i\xABf\xBF�\xED'UY�\Ã\xD8�\xF6\xA6\xEE\xAD3\x9D\xE2`\\xE4.*\xDB ×®\xB0\x81\x84\xF3Ç¢_�\xC8}\xB3�P\xDE\xCE\xEE�\xC2�S\x8DW\x80\x96\x90B\xA9\x9C\xBA\xFD\x90B0b\x8A5&�92(\xE4�\\x84@\xB2}\xC8�\xA7�u\xB3S\xA6\xE2\x95\xF1\xB9E/\xDF \xED�bo\x83C{\x80KwG\x9C4\x81\xE8�Ø1U\x89G�\xAB$\x90\xBC7\xB9\x{DB7B}\x98��\xE6LD\xB7\x9DK\x8B\x8E_\xCB\xE5\xF3\xCE\xD48r\xE9\xE4e\x91Os˜\x96\xC1\x90\xC9nÞ«T\xA6c�\x80� \xA4O\xD8\xF0\xBB-\x9FL\x{DBAF}\xC4\xF2\x9FuU~7H7EW\x95>P`\xE2Ò¯�\xFDg7M1\xBBq\xAD\x96oo\xEF\xDE#G�P\xF7-�?ܽ8\x9D\xD4lfc�^cl\xE8\xA3/\xD6%\x95\xAA\xE8\xCD\xE0\x9D\xCD3j-\x91\xEEi\x9539
-\xFE\xFD\xA1\xEA˶2\xE3\xE8\xB6\xD3H~�\x8B\xA5\xB5��\xA2|\xE4�>\x88�K0n ��\x93\xC1b\xA3`�\x9DaJ�\xE8\xFB\\x88P�9�Z\xAD\x91\xE2\x8F�\x8A/\xECH*\x90b[\xB3*\x9D�\xAEp�˞��\xE3&\x95\x90�_*\x90Ӝ\xC0;\x84_S \x87WM\xE0y.\xAB*��\x850\x85�E��\xD0K\xEA\xAF\xEF�ê\x8BԪ\xB4\xE8\x96\xEE\x96\xF5\x8C/2\xA5�\xE3,v\xA8\xAFM\xBFz
-/\xA8\xA6z\x8A\xA9,\x83\x87�\xE3b\xEA﫦\xDE\xCC\xC8=m\xB4C\xE2\xBE
-Ù¼�\xA6<\xD8\xE21\xDA:\xE8Ê}\xB3\xEDbßš`\xFC\xA1t{k7\x87z=\xA7Q\x96f\x84I*\xAEiT
-\xA9\xA6�\xF5��5#\xFAO\xB4\xF5\xC8\xFB\x86\xB5\xAAY\xC5\xE7\xFF�\x8A{\xD0��ǒ\x99\xE2S�\xFB�\xA6�\x9E\xE1\xCDy:\xF2L \x86\xDC�\xA3\xF3\xDC�$\x9F)a\xC7)\xF5�|a\x93\x8F\xFFY�\x93�\xD4�\x95_u0Ƴ\xA9: 54gxx�\xC4\xF7\x9D�\xFCF\xC5\xC0p��\xFC\xC6!\xA2\xDD?\xA4\xBB6 \x95���ϦwmSԔ\x86\x97>\xCDҩ\xA6|k\xA8\xB3\x90\xDBRxfZ�zP\xA0z# ՚\xC0\xD6b˕@\xB1\xEBpim6�\xE4�\x8B\xEBN\xB897\xD1P\xA9�O\xBF\xA8�M󨗧\xB2\x98��\xB8B�a~\xFA\xF7\xC7ϟ>\xFC\xE75�\xBCn5\x83\x98 \xA23\xCDG!\xA1\xC5\xF2~�\xAF\x8Ael|\xFDl(\x8F��\xE4\xA2>"\xE5\xE4�nS\xA8\xB8<\x97D2\xAE\xA6q\xEA3\xDBy$�m�%b��\xABS\xD7i\xF1r��#�g\x9Dͬ\x{1FE1C6}\xAA|{\x87\xBFظ\xC3\xE0\xDDG\xFC\xC5O*\xFEU\xE0ҦEj�\x99\xA0*Z\x9C\x84\xF6�F\xFDU\xB8\xBEi�\xAC2O\xA6B�>\x84�\xB2?�T/\xD3l\xF9\xA1\xC4>\xD2ѱ9
-g\xCC|9\x81\xE7\x9Aʲh\xBB\xF8\xFDab\xDEd`\x9A\xE8=t\xBB\xE7\x9E�i"�12\x93ե\xC2\xCFŤ\xF0\x87\x8A\x8Fq \xB0\xF2l\x8E\xA7���\xEEӇ_��#Q͡\xF4\xFB\xAB^nIX�Ic\xC8�\xF1\xCB͌d\xB1k�\xCE�I#N\xD4\xE1�
-c\xA7\xFD E�\xFA\x92 \x8D\xF0\xE9\xE3\xF6.&�X�\x9E \xD0\xEAB\xA3\x91\x9E=��ã»\x91�\xDC1\xF4Z\xA1m\xC0\x86\xD2Õ˜v\xF0f��\xBBi\xE3S\xC0{\x89��/!\xE7\x9F�N_ \x88\xFB\xF2<\xFB-!\xB0$'�\xFC\xE8<\xD6�\xB4\xC0\xF0\xAA\xCDY�rW`B\x9D�7|\xC3~y\xDE�@<\xD9\xDEendstream
-endobj
-2385 0 obj <<
-/Type /Page
-/Contents 2386 0 R
-/Resources 2384 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2373 0 R
->> endobj
-2387 0 obj <<
-/D [2385 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-842 0 obj <<
-/D [2385 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-2388 0 obj <<
-/D [2385 0 R /XYZ 85.0394 573.0107 null]
->> endobj
-846 0 obj <<
-/D [2385 0 R /XYZ 85.0394 573.0107 null]
->> endobj
-2389 0 obj <<
-/D [2385 0 R /XYZ 85.0394 538.4209 null]
->> endobj
-2390 0 obj <<
-/D [2385 0 R /XYZ 85.0394 504.6118 null]
->> endobj
-2391 0 obj <<
-/D [2385 0 R /XYZ 85.0394 432.7569 null]
->> endobj
-2392 0 obj <<
-/D [2385 0 R /XYZ 85.0394 303.3232 null]
->> endobj
-2384 0 obj <<
-/Font << /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2395 0 obj <<
-/Length 3818
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCDZYo\xE3F�~\xF7\xAF0\x90\x87h\x80�\xD3�\xD9d\xF6\xC0z\x92\xC9\xC4A\xE2̎�l\x82$�\xB4D\xDB\xC4H\xA4"R\xE3L~\xFDVuU7�\xB5\xEC�\xFB\xB20`5\xAB\xEF\xEA:\xBE\xAAny.\xE0O\x9E\xA7Y\x92�\xAA8\xB7\x85IR!\xD3\xF3\xD5\xF6L\x9C\xDFCݛ3\xC9m\x96\xBE\xD1r\xDC\xEA\xD5\xCD\xD9g_i{^$E\xA6\xB2\xF3\x9B\xBB\xD1Xy"\xF2\\x9E߬^\xBCJd\xF2�F�\x8B//߼X\xAA,�jq\xF1\xF6\xED\xEB\xAB//\x84\xEFT@�h \xC4⻋\xAB�.\xBE%\xDA\xDB��4{\xF3\xFA\xFAů7ߜ\xBD\xBE \x8B�/X
-\x8D+\xF9\xED\xEC\xE7_\xC5\xF9�\xD6\xFD͙Ht\x91\xA7\xE7\x8F\xF0!�Y�\xEA|{fR\x9D\xA4FkOٜ]\x9F\xFD;�8\xAAu]\xA3�\x90"Q:S��(y.eR\xA4\xA9\x9A\xB0 -\x92L+\xEDXp}\xF9\xDD\xDBo_Ӿ~\xB8\x86Mហ\xA7�\xF1N\x9CCu\xA2Uf]\x97�j\xDD\xDCիrC�u\xF3\xA1]\x95}\xDD6\xF4\xDD\xDE\xF18r4�\xB0$��&�n\x9Cu}�\x99L\xDA\xC4h\x93r\x9BM۾\xEFh\xC8M\xFD\xBE\xFA\x9C:\x98\xF1\xA8K)MbR\xE0\xDDR\xE6\xC0\xC44�\xBE\xCC\xE0\xE0\xFE\xD5U\xFB�՞>\x9Ar[Q V_Ef_\xA6Iam6�\xEA\xF1�\xBA\xCB|A\xB3O\xCE[&V\xCA\xEC<\xCBlb\xB3Ԝ8�j\xB4�\xB7r\xC7c򈀆V85\xAF}6m\xA1\x924\xCD\xCD\xD3\xD3\xFAF\xC7\xD3N6\\xD8$Յ\x9DN[#\xCBs`\xD2�pKق\xF9\x86\xA4vO\xBF\x97o\xA9\xA6\\xAF\x899�\xF7\x81\x93?\xD5ן�R\xFB\x96h\xBF�\xAA\xFD\xC7�R\xCA�(\x9A.\x8A\xC5̓\x9F}U6\xD4\xF6\x96\xFB\xBBo7\xF7�sb\x{19A6EC}۾\xAF\xD6K\xE4�\x9C%�\xAA�(�^�P@\xAAU\xBDE\xF1\xD5�\xC8E۳\xF0\xEA\xBCp{Dj\xC9\xDF0_Ɣ\xF1|H\xA8\xB9ɪݴ\xCDr]m\xEAm
-�OG\x85\x9DYU,\xFE\xF3Pqk\xC7�l\xD1�v\xBBM
-\xED\x9D$\xA6zt0��\xD0Z\xA9X��I\x98Klh8\xD9^\xE9\xD6y\xD8VM\xCF*\xCAzT\xD2\xCFC\xDB\xF5x4/c\x8A
-&%\x95&\xFB�\x8A\xCAli7�*\x9E\xA7(yf\x96 (\xDDVw-\xB5\xA4ow\xFAus\xBA�\xEF\xDB�\x90�:Le\xE14�9Q\xD1K�:\x9D!\xC7#\x9C�\xDB%\xF2\xEC9>\xEA�\x8C\x88\xF2ìž²�\x87F\xF6\xE1\xEF\xCEÕ´�\xEAu\xB5\x8E\xF2N\x98D \xFD�\xEFr\xD0:\xE1y\xB7j\x9B\xEE\xB0黈q\x83U\xE5`Ò¹\xE1gU\xBF\xFAl︜@\xA7\xBB\xC8\xC8E\x9AdF�\xEE\xF0\xB7�K#\xD3E\xCD\xECq�\x9D\xCD\xC5x\xB4\xB9\xBB\xF6Ь\x89\xCFZ\x81Xe:\x9F\x8AU\xEFm\xE1K8�\x94<\xB0\\xB9\x83\xAC\xDD\xC9\xC3�\xA9>�\xBC\xEA\xABA\xF5\xA1\\xF6\xBE\x99/\x8D\xD6�\xBAbD\xE6��k\xAA\xDA\xCD\xE8\xCA\xED\xDD0\xFC1\xA7T\xAE���\xBFó¥‰±Ý \x8D\xF3\xDCl\xF7\x91a\xA4Jd�\xA4z\x99=?\xCA�U\x9Cw^�\xE1\x86�\xB2Ejq\xE8<\xB7z\xB4 \xCC]�\xE3\xA5\xD2s\x97\xF0H\xDBl>BK#\xC7�q\�Ò3\xBDP \xF6Ba\xD5\xEE\xB9Ñ®mÖ¤FX\xBF/�\xA0쑹F,�\xEB͆*n+\xDF L�\x9A[a\x89\xD1 at kZ\xFA=t\xE5\xED\xA6:\xB9\x88a\x83nE -1�0R\x933{J�\x96\xA1\xD5D\xC2x\xB9N\xF5A�\xD90\x8C\xED�\xD3\xDAYݦ
-h�m�\xEEO
-p'\M�\xDFm\xB8\xFB�\xA9\xF1v6È‘\xE1\x99�\xA6�\xBF\xBB\xA9Y]\xD7\xDDnS~DÆž@ )\xE2.c\xF4\xD3(a\xDC\xEA4J�\xAD\x90enѳIs\x91d�\x80ã““\xFAFÇ“NN*O�@�\xD9tÒº;\xC9:\xA7\xA8\xE3*\xEF��\xAE\xB0\x9APW\xE4�\xD6sN\x87\xF1[\xEF:\xFC1\xB7\xEF+n}Øf\xB6�{^\x80j?\xCD\xECQ\xAB'\x98\xED[9�\xC8\xC01\xCA\xEC\xA7&�\x98=\x9F4\xCE\xEC\xF1\xA45\xA87\xC0k\xA7\x85\x85�D\xEA\xB8�%\xB7�WrL\x87_\xAF"P\xAC\xB991\xFA\xB7CM\x855QQ\xCAb B\x99\xAB\x9F��{I��\xFC\xFBÝ\\xB8\xBE|\xC3%\xF0?I\xCC\xC3�Y�\x98\xC1;\xCF�\xD8ZeI.\x83\x81&tW\xB0U\x82ß²\xE1e(7\xF5z\xBC�\xB6\x98YR\x884\x9BZL\x9C\x8A5\xFD\x92\xA5.\x8A��D}\xB2\xD0\xCF.\xD0�_{�@y\xD0�\xB3|�]\xE6&\x97�8
-\xF6nW\xED\xC1\xC6o'(
-\xA5\xFD\xB0c\x93ղ9*9Ⱥ\x88\xE9Q�V5
-\xFD\x96
-0p&
-\xE0\x9E�0\x9C\xE7n\xEA\xEF\xDF\xDE\~u\xFDTÄ—\xB9\x867Q\x8F+�\x88;\xA5\xF5\xAE\xF26\xEE*S\x9Cu\xEC*q\xD1�\x98\xD7Þ±\xD3z+�\xA4\x89}\xB0�b }
-\xF2\x81@\xF6e\xD43\xB8\x85�\xCDED>\xC1\xD3\xE4Yꗊ�\xE2`\xC7\xEB5�\x8EO\xFB\xE3C\xC1R!"\x81 \xB7\x87\xAE\xA7iny\xE6\x92*\xBC\xC8�\xAF\xD6.\xFC\x8Eۦ"IV9BM!\xA7~�7\xA5uʱ\x81Μ�\xFB\xB4#bS\xF5\x8F\xED\xFE=U\xD4M�\x92R\xAE*\xAEt\xE1
-\xD0A\xA1\x8DH\xDC��Ǖ\xA9\xAB\xFC\xFCs\xFC\xEF2�vq\xD1p�w(.�\x821�6 }[~\xA4\xC2-\xAF\xA7\xDBA\xC4\xF4�\xC4\xEF.\xBC\xC1\x8A\x8FTQ\xEEv�\xC1�ܞ\x98n�g\xFC\x848-'\x8A\x82% \x8F��\x84\xA3&\xF7
-ܲ\x8E���
-B\xEDa\xC6?\x9F�\xC5q\xC5�\x811\x89\xB0\x93�\x82p\x82�?^ݕ \xC61�T�\xC1�\xFAjS\xBA�\x85\xE2/"�\x97WT&\xA5\x84\xA6\xEET\xE0\x9C\xA0RRU\xCD\xCD[\xC0�\xFBz\xBD\xAE�\xFAF\xBEa\x8F�8֊\xA4\x90�;-Wq\xB5ʌ\x9A\xAAU\xCC.k \x99\xB9Ƚ\xC5u;\x88D>*Im\xEA\xED\xB2_5\x99cX\xA6\x97m\xCF�t�6�+\xB8z`˜j\xB0\xFE\xD2\xCE�P\xB6\x96__Ϭ\xD7\xD7UW\xB7\xEB\x98\xE9\xE2�\xBE\xE1�_\xCFz~\xF1P\xB6�\xB08\xDA7 \xD27=Ԩ\xDD*\xAC\xF1\xBE`�\x8B\xA2\xC0Z\xAA!�\xF4vKk j\xF1\xBE\xEA"\x86?\xD3 )
-\xF9\\xD4��\x9A\x87Q\xAB=\xB8t�\xB6\xE6\xE1o\xCB�\xD8J3\xB5k\xAE$E\xF3~\xBC$\xA4\x8F\x84�03\xD6\xF5D #"\x83\xDB�z\x81$w}G�\x84T\xF8ˡ\xEC\x8A\xC2@ �PL\x9168*\x99g\xFA(�D�0�4�\x9B*&u
-\xA4\xCE�\xE7]\xBD\xA9<>\x9D�[\x9B\xE4JØ‘\xB1Í\xD7\xC30\xBC\x935\x88u\xFB\xB2~�QJG\x84\x92~\x9A\xC3�\xAC�n\xD1}:\xBF \xBF\xB0W$B<\x8A\xB2\x9AKgz]ÍŽ\xD2O�X\xD6T<\xE3\xEB�9\x8ED\xF0\xF4\xA4\xED)\xC5n@\xE2ݦ\xA3\xE5\x98E\xF7\xD0�6k\xA2ß²Q�t\x97\x8B\xCC\xCE\xE29\xC2�eS\xFF\xE1P\x97\xE2\xA0P\xF9��
-�\xC1f\xA5�\x8Fhq\xB9\x8EK\x8F<��o\xB9\xFD\x8E\xBD�,Ö\xE9T
-��\x82p�\xA4\x8DH\xA9\xCA�\x83i\xF5�>\x91\xA9\xF5\xF6\xE0\xD0Q`9^\xF3\xAA\xDDn\xCBf\xBDD.\xFAm\xB1O\xE2,\x8D��\x94LdN�ef\x83\xBD\xDB\xC6\xED\x9D1i~�#���\x86\xABl8\xB6ն\xF5\xE1!ı\xF7�1\xAC\xAB\xDB\xC3\xFD=\xEC¯
-\xC2N\xA9\x83\xF9\x97C�I8\xC9\xD2\xC2 \x88l\x96]�{,}t\x82\x95\xEC�\xB1�%oOT\x97<\x81_\xA7VP\xE7�\xA6H\xF98 &�<\xCDOY{-\x93T\xE7~k\xCB]|\xF7E!\xE4\xDC�\x85\x99
-f�\xD61\xFB�\xAED\x8B\xB1�\xFD$n\xFE�\xA5\xF2\x91\xF9w\x9Bq0�\xC6\xF6{NG{6�\xA7�\xCB\xD7R\x9B"\xB1i>Ӄ\x93r\xA6\xF29��\\xC1q?\x94j\x87�u:\x92l\xA46]�V\x90>\x9C\xCE{ؤ4(\xE7\xE4԰\xEA˫k*pND�[\xC12x/\xDA�㼀\x89\xA8\xECU\x90\x91�\xFE"\xBBy֖\xC1\xB8\xB2\xD1\xE4MM}\xE1\x9FK.<x\x9Fy[U,\xDF`\xF9\xD0\xF2\xDC�\x86\xD0m��\xA3\xE1\xF7-\x83\x97�x\x85\xBE\xB4\x99\x84�\xC7b\xED��\xE2�\xD6�_B\xB6\xF5O\xBAS[��3�w\xA7ªt.\xC1R/8�\xBC\x8A\xFBT at B66\x93*2\xE9\x95é �K\x894,\xC1YQ\x81.
-\xB0Ä NK5\xA4\xCA0\xED\xE8.�\xA2;\xB4
-=U\xF1dR\xF0\xFFc\x8B�\x9B8tG\xBA\x98%o\xC7ٳa\xE3᜵\x95~\xA9\xCB\xFE�.=�\xF7\xAC\xF0\xE1\x9E\xF5\xD9K;\xE4\xF2l\xC8bX��\xDF
-'\x80s\x9EK/\x80\xC7\xC1K\xD7�N\xC0È—=\xCD\xC0wI\x9CF\xB2>\xDB \x84 o\xE5�\xED�+z|\xA8 �\xC8 \x8D1� \xAC\xAB\xB8[\xCDC\xBF\xBA\xBC\xFA\x92\x8D@�V \x9B#\xE2Â\xC9z\x88\xA3F\xA1\x86\xD5\xC3\xE4*L\xAExF\xED"\x97�\xFC\xE7\xC0w\xBE84�\x8A/\xED\xA9t8\x9Ceb\xF4 \xB3\xBF\x9F8\xAE,?>\xAEa\xDEp?E3\xB5\\xCB\xD9(jS�\x91��X\xB5\x8E\xD7N�\x94\xF7|Am\xFF�\x82` ajQ\xA4\xB3t�\x8A\xE5\x9Ds2�3\xDC}� �\xE7Q\x95�CY�\x84b\xD5G\xAAr\xD1\xE9�\xDD%!\xBD$2\xB1� ���\xE5\xE2ǯ\xDE%D\xE2�9DP<Qݬh�\xCC\xFA\xB8\x98�*Ý¢]\xF5ty.�\x84\xD1(\xE2sÝ»X�<O\xBF\xBD\x8C\xE5\xA7 \x93\xA8p!tJ\xC2A\xAA\x86lJÍ \xBD\xAB\xFA \xEB#�H��"\xBD�Ô¿\xDF\xED\xFFq���)&HÒ‘\xF2\xC0\x807�!:\x99\xB3�\x88\xCC�\xAD\xC6l�:9r,�l\xE7Ȧ\xF7\x83\xAD�\xCA\xE6\xBE\xEA|8\xE5\x83�
-J\x828��
-Z�;s\xA54\xAB󡰪j\x96h�\xBFZ\xFBK\x80\xE0\xE3S\xBE��7\xC4a>e�y\xFD\xFD\xC5\xE9\x84\xF4c\xD9E\xAF���\xD2\xFDQ\xC48\xCA� <CI\xE83`s!ԟ\xB3\xB6�Nx\x93\xB7\xFC-\xAE\xBEڤs\\x88W>lm\x8D߰�\xAC\xAD��\xF2攵�@�p\xC8\xC3\xC6�\xC1۱\xB5�\xD6#(�\xF9\xF0��\xF3\xCFu˿ X at E�u\xF70\xAC/\xB6\x84�\xA2逊O-!\x83u\x86%\x8C.t`ܖ\xAF
-\xA18N\xE4v>�H\x9Dl\x99\xC9A\xBC\xF3\xD6�})Y/\x94Ri8U\x8E\xE4m\xB9Û‘\x8D\x81\x8F\xD9\xFD�\x92\xC8;�\xB7d&
-\x9D\xC3\xE5�\xB6\xE8\xEA-\x98ÖO\x93l\xCAp\x8C\xA8@\x80\x8E$B\x85\x9CDÜ #�\xC9\xD2\xE7\xF3B�\x80T5N\x87Æ\x8D�Ò»5\xEF\xC6YJX\xBE\x83S\x94K�Eb\xA4\x9E\xA53\xA7iP\xAB\xD9Kj\xFF2#<\xBF at W\xE1�J\xBC\xA4W��\xC9�\xB9\xA4�Go+\x90Ho2\x9C\xFF\x99\�k\xF0\x8Ed×±\xAE\xF0\x9E,\xE6\xDD�\xC7\xF3\x94\xE1^{j\xC0\xE5\x90�Ó†\xEEH\xF1\xB7"\xFC\xAF�\xFF\x9B\xF1\xA3 "\x9C\x90kpz\xB9\x91I\xB5\xA2\xDE"\xC9\xD3\xF0\x8Cꉴ\x9E\x92Ö·*\x9B\xD8#�\x8C\xBD\x8BL>{-\xA2\xF0\x89\xD0\xF1\xBDH\x97D m\xAA@\xB5\x9E\xBF�\x81��\x8F-�}\xBB��X\x95�w=\x8B�\xA5\xBB�f|I\xDC�\x97!@\xA2p\xC7\xD5qR\xDD&�\x91\xF4D
-\xD9ԉ½�\x8Bh�\xFA\x98\x90k\x85\x9Ex\xFD\xAF�8\xA6\xBAY\xA2`%\xE5~WFmo\x9A\xA4\xC6\xDA�w\xDD4ly\xA5\xB7\xBCb\xC8!C\x91\x81\x9D�C�\x9FV�\xFC$
-\xEA\xDE޼#Bh\xE4\x92\xCDr\xB8}\xAEV}\xFD\xA1\xDA\xF8wS\xE4.���\xC8f\x98\xF3�Μ\xE7�j\xBAk<\xEB\x95'\xB7GW\xFC\xD0t\xF4\x86\xC1�\xB7\xADP\xE1X�4\x9F��RS\xDF\xD2k� \xE3yу�ħkz\xB5\x91\xFB\xC7 8i\x96\\xBC\xA3\xB7\x93\xBC(8\xF5�_G�@S7X\xD1rw\x87!\xF3\x904\x99+d\xBB\xA1\xE1\xD3b\xF1\xEE\xAB/\xC0Qd\xF4\xB1\xAD\xFA�J-�a\x95i\xE1\xBD~\xE1\x96pyuC�4;\x95�=�\xCDcyy\x97\xA9 i\xE3\xFA\xC4u\x97�\x99to�\xD6\xD8\xC5+\xF7R�\xA7\xEA\xF7aa\x9B\xF2\xB6\xDAtTF4 \x9B�N�\xBEB b92JKL\xDE \xABg'ܴ\x8F\x9C
-\xFB�\x94\xA6\xF6�\x8D\xEE �Ĕ\xE37W`l\x99
-\x86x\xBB\xEB9u4\x8F�\xC3q\xC0\x92\xEB\xFBfr\x98�\xE7T\xF2b\xFC\xF0'\xC7\xCCMO\xE4Û\xB1\xA7QNiij\xA6!\x97\xE1N\x87\xB6 at O\xE6j\x96\xA8\xE1
-�\xCB\xECp\xD8\xD8�\xC1h\xB9bk\x8F\x8B\x82Õ—='P\xB8=2\xFB\xE6\xFA\xF2
-r\xFA%o2\x88 \xEA \xEBT\xA6�=3)\xD8
-�e\x8B\xF7.K�\x92�r\xC3@�+\xC9N�f�`[\x91\x86\xC0\xEC}\\x8Er�D-È‘\x91\xC5\xE2'w.�\x9A\x81\xA2ZT\xE3M\xD7�i\xB4
-A
-\xD4Ȣ뾫6wD$Ve\x83\xAEr\x82\x97\xA8\x9C\xE5
-\x9B;\xF1\xE8Yc\xC0�}g"\xC2U\xF4\xFF\xFC zx\xEEml\xA2\xF3\\xC5�Q(�\xF0\xBB\x802/\xCAYw\x9D�?�\xE1\xA7\xD3\xC7k\xFF/\xBF\xD0\xC5Uendstream
-endobj
-2394 0 obj <<
-/Type /Page
-/Contents 2395 0 R
-/Resources 2393 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2373 0 R
->> endobj
-2396 0 obj <<
-/D [2394 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2397 0 obj <<
-/D [2394 0 R /XYZ 56.6929 752.2855 null]
->> endobj
-2398 0 obj <<
-/D [2394 0 R /XYZ 56.6929 474.2043 null]
->> endobj
-2393 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R /F53 1313 0 R /F11 1451 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2401 0 obj <<
-/Length 3255
-/Filter /FlateDecode
->>
-stream
-xڥZ\xDFs۸�~\xF7_\xA1\xB7\xCAs���\xFC�\xB6s�N\x9CK}s\x97\xF8\xCEδ\x9D\x9C�h�\xB68\x96H\x9DH\xD9\xD5\xDF], \x82�)\xB5\xD3\xC9L��K\xECb\xF1\xE1\xDB]\xD0|\xC6\xE0�\x9F\xC98`"\x8Bfi��1\xE3\xF1l\xB9\xB9`\xB3g�\xFB|\xC1\x8D\xCC\xC2
--|\xA9�\xF7�\xEF�\xE9,�\xB2$Lf\xF7O\xDE\2`R\xF2\xD9}\xF1}~u{\xFB\xE9\xCB\xF5\xCD?/�a\xCC\xE6�\x82\xCBE\xCC\xD8\xFC׫/ß®~\xA1\xBE\xDB\xCB,\x9C_}\xFEt�\x8FI\xCCB�\xE2(\x96\xB0\xF9\xF5\xCD\xE7ˇ\xFB\x9F/>\xDD;c|\x839�hÉŸ�\xDF�ج \xBB\xBE`\x81\xC8d<{\x83��\xF0,�g\x9B\x8B(�A� a{\xD6�w�\xBF\xB9 \xBDQ\xFD\xEA\x98�b!\x83X\x86\xE9\x88�\xC2p\xCC�q�$"�\xDA�\xEDJ\xE1"\xDE\xFF�qO\x94\xA7h~�\xF3\xA3\xCC\xE2@"\xBD\xD9x�\x84�\x93F\xA4Þ¶e]\xFD\x8D\xE4b\xE1ɉ( \xC3C#\xB7\xDA\xE4Ë‘\xC9BЗř�*\x9BË…�L\xDBF\x8D\xC3�[a6\xAF\x9F�C\xF7w7\x9F\xDFQ\xB3PO\xF9~Ý’\xE0\xDF\xBD\xFA\xB8\xF8\xF5:~7bRÈ’\x80e\xD6\xF4*ߨ\xFF\xDD$\xFDÖ´I\xD4zQ\xDAs3\x90K�\xC9�\xA4\x9C�Y�\xEE\xC0I\xF3\xAA�\xB1\x8Eg� /5\x8A\xCD�C\xE3 �<I=\xE3B\x91\x91�\xB0)\xF3|\xD9\xEE\xF35u\xE2�\x9C\xF39\x80V\xB0d~\xAFeL\xBF�\xB6o\xE7\xF4\xF3\x987j\x91D4\xA6\xAAe]\xA8\x82F\x9AvWV\xCF\xEFp\x84ã–”\xCB|\xBD6\x93<\xABJ\xED\xF2\xF6\x92ϵ4\xF4<�è¢j�\xB5\\x80:\x90\xF9\x83\xC5L\xC2p\x84\xC8/Y�'\xE9\xC0-�\xF3=\x82 \xEDM\xE7ͪޯ�j?*\xFAm\xF3�e\x86\xDFV\xB6\xB5o\xC083>\x8Ei��R\xB2\xE4�\xA8��\xBC�j\x9A\xD3\xFEn a\xE5bߨ\x9D\xB1\xEFдj\xD3\xD0C\xDEt�\xE8\x86v2\xBA}\x99W\xFD5\xBC\x96M\xF9\xB86�eE\xEE ��d&�\xEB�\xEE\x8E\xE8"Lż޷\xDB}\x8B\xEDh\xFE\xB4\xBB\xE4r^ohdÛ g9zÖˆ\xEEH�f\xD6\xCFn\x8Ef\xA5\xD6\xEB\xBF4\xF4\xB0*\x9B\xB6\xDE�H\xF4�\xC6µB\x98H6\xFF\x87\xF6+\xCA�\xBFb\x93\x80\x8D\xB2\xB0C \xD0��\xC8C8\xFAV\xB6+\xE3R\xDF\xED"�\x83HHK E\xF9<\xE6w �22�\xB14\xEBl\xB6't\xB6\x88X�\xE0\=\xBC\xC0^\xBC\xE2v\x841\xBE\x93\xA3\x83bI\xB0\x86\x9E?\xF7jWjP\xC2C\xA5T\xD1\xD0x[S\xD7KU\xBF\xD9w�
-\xD1Ñ€�<\xA0\xD4X?\xD7;X\xDFƼk\xB4dNË£"/\xC1 `\xA3@/\x8Ad~S\xD1臛/\xD7﬒\xB2\xE9�XÔ•2\x93�[\xB0\xFE\xF2\xB6\xB4Ó¯eaT\xC0\xF9Þš\xCE\xED\xAE\xCC[5\xE2u\xCE�\xD0n\x96\x9Dd�`�\xA0Aad��\xF5'\xCA��\xA7VƸ\xFAx*�\xD1+I\xEC\xD9jZ\xB0j� i\xC8^\xC2\xF7\xE0<&`a\xC6"\x8F\x85\x8B`YWO#\xB3C\xC0JS\xC7Å3Ó¹\xE9i\xB6�3\xE0\xC4T�\x97\x88�L6\xE1\xED\xB7o\x9F~\xBF\x8C\xE3\xF9\xBFÈ\xAF\xB7\xF77_\xBFÜ\xAC�\x9C�\xC6A$\x81TO\xC0�bB\xC8-\xEDv�\xA3p\x9D\x9C(�\xBA\xAA\xFD\xE6Q�\x92St\xC0>\x84\xE1\xC1tiZ1\xAF\xBC\xADJ \xCD\xE5!
\xCAL\xF0\x84S>\xA9eK\xCF�I\xE8z\xCB\xCD\xCB\xFA at cǪ\xB4/\xAD\xEB\xFAe\xBF\xB5&h\xA3\xCC[\x9B\xBCP\xA6[#\x99K;c6'\xB9�\xE8\xAC1\xE4c�\xD7�_Q6\xDBu~ D�\x8F\xDD\xD5��?$-Lh\xAEkLW\xA3Z3\xB6\xA31\xA3\xC3v�È\xFC\x99Ú\xA5�\x87HiE\xC2Z&:W\xC1\xD8J\xC1
-v\x97\xC08\xEF(\xAA4N\xA1Z\xB5Û”\x95y\xB4\xFE\x80\x97 \xDCX�;;\xA5
-\xC3Ó•W\xCD�\x91��\xB1\x96�p\xAC\xAAV�\xEF\xCCi#�`\xF3�\xE6\xD8�H\xFB\xEAcf\xB9��\xE5F\xD5\xFBv\xF0&9\xA2\xD5Ë‚G\x88\xA4p@\x9EK\xD5�\xCE&��\xC8δM\x9Fr\xDAÚ´C\x8Dt\xC1�\xBB5u@� �H�\x89[��\x8C<�\xE9\x9C�\xE1Ü¿\xD5Z\xB9\xD9~¬Z\xAAb\xE2\x8D\xEDzo&o\xCAg\xA3�c\xCB\xC8��<�2\x91\x96\xB5�;\xB8A\x96\xA6\x96�(\xEE\xC3A\xCD,\x8C\xB8\xF4-lH�\xC1\x85��\xF1>\x8A\xD0P�,����%\x83\xE4\x81ܤ\xD5Ę\xEChl\xB2�\x8E�\xAE\x93\xC5: c\xC7\xC0�8r\xA0�\xDAKè „g,\x95\x80<;�\xD2�AU\x8Fq\x85 z�-\xBD\xE9h�sW\xEA� [Oo\xF4\x80m*\xAF\x88Û¡W\xE3U[\xA1c�\xF4x.2\xEB\xFA\x8A@$\xB1\x9E\xFF\xB4_B&\xC18\xCE�8oh?\xC1k\xF3\xD7|\xBDG\xCA�\hðϑ�v\xAE\xCB�EÝ”\xC9`\xC3\xE2�\xC7\xF1t\xEC`�0'\xCARt\xF3\x81�V\xF9\xEB\xF0ŧz\xB7���O\x82Tf6-\xF8\x81\xD6Q\xFC\xA8m�q\xA7�A"\x93Ð… \xAB\x98\xF4\xD291)��\xA24\x8E\xFA9Tǹx,i\xEB\xFFzT\xBD\xB1\x80\xC5P�\xC6!�H�JF\xCBM#\xB4\xF0\xA5t\xB1�É‘b\xCBI\xE9U~\xAF\xEA\x87v\xB9�*\xE6�\xA0\x9C\xB03\x9A\x9DÔ±\xEA�\xF2\xA0؈\xF8@\xF77< �V\xFF\xBD\xC0-\x8F �\xAA[êŒ\xE5\x81Z\xF7�oi\xCC\xE4\xD5Ð¥]K\xA95\xBECe�r\x98N�\x80\xC0� \xCB\xCCN\x80 at W\x84\x81Ì£�@\x94x\x8E\xF1I\xD7P \xA2!Gj\xA9\xF1\xED\xFA\xD6@��\xCF\xE2\xC1\x89\xDEWk\xD5Ø\xAB\xE8\xF7\xEA\x9F?\xFDn8\xD9p\xF7\x8D뱜i4v\xF4��M\xC7꥙\xCA��h.\xF3Æ°xN?\xDA�z\xA4\xAE*\x8A*\xFD\x89)×›\x80Q$\xD3 \x{25F191}/5
-#'\xE5`\xF4\xBA<BQ�|,\xC3\xF8\xB4b'u\xACy\x80"�h\x83\x9C\xBC\xA7\x9AP�9�1\x83\xA2È¡(r(b�EP.\xFA(r\xC5s\xE4\xA3(\x86\xAA\xE3~E�\x81
-X�\xC3T\x9A*\xB5ءj\xF3S\xBB\xADGo� ~J\x97\x80\xFA�m�\x92x�\xB2\x8Cw\xA53\xB1Fȃ\x98\x8Bx*\xF5V&\x90?Y\xBC=\xE6˗\xB7\xBC�\�$\x9B-\xD4C\x8F\xE5\xBAl\xBB\x9A\x9B3Ss\x83\xC4�a�\xBD.\xF1\x9B�@\x86\xD0�f\xD6B\xE5\xCET\xF08o\xA9\xD5,\xF7e\x8Bc\xD3x\x8B\xF0J&\x93g\xF0\xE6I\x9D\xC0\x9B\x95rބ\xE8Q\xEF\xD4�\xE6b�\xA4Y(O+wR\xC7\xDA�\xE5w�\x89~\xC4\xFB\xEAoP\xB3\xCDj� `w UVekO(\x9A\xE903b�\xDDar\x86-p\xBEN\xCE��x8\xFDyA\xE3�e\xBD\xC4\xCC\xC4_Fe\xAC\x96A�\xF30\xC3]��\xEA6�\x874\xC2-Ex3ARg ��2\x94\xC30\xEC�\x82i\xA6\xDAat<E!L\xC0~\xC4\xF1\x99-\xF5\xA4Nl\xA9\x95\xD2[Zԛ\xBC\xAC~\xC4|ږ׽}\x85\xC9�\xC9\xD2\xD3�8\xA9c�\xFA\xFB
-6$�\xBC{&\xDCaB'�\x9B*@\xA3Q\xE4�\xE4c\x91`�\xD2X\x91\x9A~\x81\x87\xDB�7\xBB\xFF�l\xDEڴi]c\x97~�\x92\xD1,\xB2E\xA4\xBF\xF0\x81\xB5�D\xA1\xD0]\xC0\xE1\xE5b\xC6\xE8j�\xE6/\x9Fȶf\xAB\x96.\xF3\xD6�ƪ|\xA4\xB8\�\xBC肔gP\y\xB6\xF6\xABi \x8C\x9B%\xEE\xCAĤ\xAAm\xA9\xB3\xAB\x84\x8F�\xD4q��(l\xA9\xFE^\xB5\xCB\xF7;\xD5\xD4\xEBש\xB2:\x83]\xC1<\xA1[\xA84\x95".�\xDCC�T\xA0\xAF\xBF3\xDC\xDB�C\x91K�\xD1D\xEF0\xDA\xF7�\xEF\xEE\xE3�\xF7\x9C2\x80Z\xC0\xDA\xFB�\xEAX\xAEF\xCC�\xB3 W\xF4\xAE\xC5\xC2\xDE\xED\x9C�\xE2\xCA?W\xCF\xE0\xA7j\xF2La\xA8\xC0Hq\xF2HyB\xD3'\xCA
-9\x8E\xEC\x960Ê‘\xA74w�9T=Î\xBEn�\x94\x91\x8CtP\x86\xE8FA�{((c\xCBT�Yo/q\x80\xF6�G
-\x85\x80\xAE\xA8247\xB8\xE3o\x9Aw\xB8ɿ\xE0\xD7`\x99\xE6\xE9��\x87G��\xD1�ڱ\xFD\xCC`\xC0j\xAA\xBB\xD1=\x9F 2\xA44�\xE3]\x99\xC9�y\x94/�L\xD5ً\xC3=�\xC4\xCE�^bG�4�\x9E\x89\xF8�[\xF9k\xFE\x9F\xC6�\x94\xC5I\xCC\xD33 \xF3\xA4N \xCCJu�[\xD5o�0K\xA3 e\xE2\x8C�N\xEA؂\xC1U�\xD4�2\x8A\xFB&\xDCR\xC4"G�\xDA|g\x99\x80\xF6\xD0K\xA2\x87\xCE\xC6�\xB8\x9BL]IB�,\xA9*v\xB9\xBA\xBE\x97\x9Atq\x98&\x81\xC8\xC23aї\x9Av\xB1\x93r.\x86
-�
-\x891 2e\xD1i\xEDN\xEAX}ß¿ �RtkO\xFF\xB5\xB2\xD7�yW\xA9\xB4Ô…=ƱM\xDF\xC1\x87\xAA\xAE�\x9B.\x8D�\xE1\xDA�\x92\xFE0\xCC\xFC\xF4x�E\xCE\xC5Q�p!\xCE\xD4\xC0\xBE\xD4 �[)\xA7;\xCF\xEBj}\x98$Ê“\xCA;\xA6<\xD2>N\x95=\xF5\x90u4\x83+;L\xAA\xF3\xBC\xCB\xCA\xDD5\xA5W%:a\xAA.)\xB9\x9Fr�d�2\x8D\xC23\xAE\xF3\xA4N\xB8\xCEJy\xAE{Z\xE7\xCFÓ®;\xA5\xDCs\xDDP\xFB\x84\xEB|\xF5W\xFF5Ü’��\xE9\xAE\xF6�;>Е\x80\xAA\xD8}j\x9Et\xAAN!y|\xA6\x98\x{1A599D}\xEA\xA4:늓N=\xA9\xBCs\xEA\x91\xF6q\xA7\xF6\xD4\xEB,\x98g1\xB1)64\x9Bb\xA3Q\xED�\xB54\xFA\xB0quM\xBF�\xE3\xDC78\xEA*\xF26\xA7\xEF\xF8\xF4X\x9AI\xCAj0\x85�\xE0E\x98\x85\xA6\xE8\xC6!�\xBCe\xBF\xB1\xE9\xCE\xDA�o\xF7\xBB\xEAD\xC1\xF3\xB6R\xE6\xB22L\xA1\xAAÇ’64\x97\xF2\xA1\xF9P\xAAG\xEC5\xBCn�$\x85+\xC4\xCFn�\xEA\xF7\xEE\xF5ቮ�\xB5�ÍŠ\xDFV\xF5GKh\xBD\xE6\xEB\xB20\x84�\xD2wY\x94\x84�\xF6.Q\xC4\xFE\xE5\xD2ÜR at B\x8Bj�=\xFA\\xC0\xCD�0\x98\xC1X$\xE7\xDBz} \xC9\xF8\xF2\xE0\xAFJv\xAB2^K#\xFA\xFA.`\xFF~\xE44TV�~=U\x8D}E\xDF\xF6\xFA>2\x81\xC0\xBB�\xEF\xADzb\xB1\xD2_,�\xE7\xADWv\x9E=\xF71$\xE3\x94 \xC1/�whx_\x9C3\x8A=\xD0\xF9\xF5\xF6�?\xAF-\xBE~\xBB\xA7\x8E]^=\xE3G\xE4H\xE8\xD523\x99Y-=\x99\xC5f\xEEs�\xF4m\xF3\x9DÑ£\xBD\x98q\xE3Eh\xF8V\xBDå\xD1\xDBÌ‘\xA5\xD8\xDB�\x97\x9B8/MS�K\xA1H\x8B\xC5�\x8A\xF1\xA4NP\x8C\x95r�\xB3<C1\xA7\x94{�3\xD4>A1\xBEzM1p0M\xC2&\xED\x9EJn(�[\xE4mh|\xBC\xA6_\xA4\x98\xE5J-_\xE8h at OQ6X��\xE6\xAF�\xA0G\xB3�6t\x98\xF4g\xE9\xB1�\x94\xFD\x86ep\xA8\xCF2\xA1�\xBB\xB7Ü—|\x9C\xAA>\xC1*ÃŒ\x93�\xAE\xBF\xDC\xDD}\xFA\xD8\xDBnW!\xD6O\xBD\xF4\x92.\x86&\xA1 AI\x84gbM'3
-�#Ó`=yi{Bewe;\xD09~a\xEB)\xBD\xA6Ï·S\xF9\xBA\xF9\xBA\xFB0\xC8q>\xFEruwgo\xC7U\xE5}�uy\xBB\x93\xED\x!
B3T0\xF5�q"�\xF0\xAF\xD8FV\xC7\xDCW\xFC\xFF\xFB\x8F\xE5\xBA?�\x8C\xF0\xCFD\xE4Dv#X��\x91qk�:\x8A\x8Bth\xBA\xFB\xB3\xBAc\xDB\xFF�V\xA6�\xD7endstream
-endobj
-2400 0 obj <<
-/Type /Page
-/Contents 2401 0 R
-/Resources 2399 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2373 0 R
->> endobj
-2402 0 obj <<
-/D [2400 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2403 0 obj <<
-/D [2400 0 R /XYZ 85.0394 654.1216 null]
->> endobj
-2399 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R /F21 938 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2406 0 obj <<
-/Length 2748
-/Filter /FlateDecode
->>
-stream
-xÚ¥ZÝÛ¸�ß¿Â^$Q\xC5�QR\x81>$H�\xE4\xD0\xDEm/>\xB4@\xB2�Z\x8B\xDE�N\x96�K\xCEb\xF3\xD7w\xC8!)R_\xBE^\xE1�Q\xE4\x883\x9C\x99\xDFÌ4\xD9\xC4\xF0#\x9BDD"\xA7\xF9&\xCDy\x94\xC4$\xD9\xEC\x8F7\xF1\xE6�\xC6>\xDE�C\xF3\xC6�\xBD\xF1\xA9\xDE\xEDn\xFE\xF2w\x96n\xF2(�Tlv�o\xAE,\x8A\xB3\x8Clv\xE5\x97\x{DEC8}D\xB70C\xBC}\xFF\xE9\xE3\xED�*\x92\x98n\xDF\xDE\xDD}\xF8\xF9\xFD\xA7\xFF\xC0{�� �\xC4\xF1\xF6\x9Fo\xFE\xED\xED?\xB0\xEF\xEE6�\xB2\x8F�>\xDF\xDE\xEF~\xBA\xF9\xB0s\xC2\xF8�\x93\x98)I\xBE\xDD|\xB9\x8F7%\xC8\xFD\xD3M�\xB1<K6\xCF\xF0�G$\xCF\xE9\xE6x\xC3��%\x9C1\xDBS\xDF|\xBE\xF9\x97\x9B\xD0�ÕŸ\xCE)\x80'Y\x94P.@�,\xCAI\xBC\xA0&�\xA5\x84 Q\xCA\xE3(ɉ\xD3�\xCF\xE6\xB4d\x88\x94\x92^}i\xDA\xFB\xBE\xAF\xABr\xBC\\x98/\xE2"\xCB6Þœ�ÆŽh™R\x8F3\xA1$\xE2`\xBE\x80\xF5\xFB\xAA;\xD5\xC5�j\xFDK\xD9b\xA3i{l\x948|\x8Fo\xFD\x93\xC4\xC6ng\xEC\xF4\xFC$�l\x9D\xCEU\xD3W\xCD\xE3\x88\xF2|K\xB2\xADÜ·\xFAYF�s�\x9D\xA5q�"\x81\x86\xD7�\xEBQ\xADh\xD6R9Õž\xE5\xFEr\xEE\xE4D\xB94\x8B8e\xF9:wG5e�\xAA\x97\xB1\x88\xC7
-\xF9\xEF\x94#\xB7\x8F\x8F5\xE8\x83e��\xC32\xBA\xEDd\xDFߒ\xAD֘zo���\xD9\xFE\xFA�\x9F_\xE3$6Z\x84ETm\x83\xF4\xA5\xEC*\xEC.\x81\x82 \xEDC\xD5c\xA3jF\xEC\xBE]\xE4\xF9\xE5\x96�\xB2�\xB4\xA51\xDFn\xFC\x91\xE9 \xD1\xF0\xA3\x87�\xA52m\x80,NR\xE5iQ\x9E\xC0�\xD5\xCAJy(.u\xFF�H �G\xA8\xF6O`\xF2<\xDF�e\xD1t\xEACP�\xF1��aA\xA4 �\xAD\xEAϫGC�(1\x8Dr*rCӴ\xE7cQ\xD7/8o'\x9BRI�;\xAFR\xFA\xF8.qT-\xB0\x92�\xAC�к\xFD\xD5S�Ы\x95)\xA2\xE2ҷǢ\xAF\xF68\xAB���/�jY\xE2J�\x94DL\x99]*\x82d\xF0r\xA5O-u\xC2<\xA99X>�\x89\x91\xFAU\xD3u\xB28\x83:\xA6\xEB��\xA5Yf\xD7�\xA8\x98N�\x8C3\xE1\xD4\xF4\xAA?�{93�\xCB"\x96�j\xC8мZ\xC4\xF6\xD4ú;|)PS\xF8r\xE9\xE42�\x81e$\xB24_G\xA0O\xB5\x8C at G\xE5�\xE8\xAB$\x80 \xE3 �\xC8(\xAB\xEC�Ք\xFF�\x82y�~\x9B\x85�\xFC[[\x8F\x91�\xAC\xA7]�Z\xA8$l\xDB>p\xFB\xD73nK ΄\xA6ɺ\xDFf\x90\x8D\xAC1\x8A\xBE\x97\xC7So\xA6\xED[|~\x8DcڔV�\x89
-pȧ\xF6\\xF5\xE0\x93\xDFMWS�\xA5�\xE8\xFC]\x9E\xCD4�p�\xF7-\xFAj\x96D1D\xA7�\x96?\xDAF\x99\x9B\xE7\xDB}\xDB\xF4EՌb2� �\xD5z\x90n\xB4n\xDB\xDF��\xBA\xFBr\xC2g\xA1\xE4\xF5\xD2 \xF6\xBAy>\xFF\xF2v.\xC8[\xA!
A\xC2\xE4�Y\xE8\xC8�0Æ¥\xE1\xF8S\xA1\xA3�(/X\x88^p\x90K\xD4\xD2�\xFD7\xC9\xF3(\xCD�Y\xF7_\x9Fj\xD9�Õ\x9C-
-g\x93\xF3*\xEF!;O\x98ϧ\xE7\x80{\x90?r\xB0>�\x829#�\x983r\xEBN\xD0(e-��\xE3\xDA at p*\xFA'�9hÛ´\xC7\xE0�\x81\x96kU\xB6W\xDD\xC6\xF5r\xDF\xF5r\xEBz@\xED\xF8�\x84\xE8A\xDA��|Y�\xB5Q�:\xAD[)Ͻ\x9CT\xA5G\x98Z�8\x8D]\x88\x83`6�c\xDD\xFB\xF0bz1\xD3è©\x83s\xE6\xE9›B6z\x869$\xB38\x8D\x80\x84^G\xB2\xCB@\xC7\xE2wi X\xF5\xF2\xEC`\x9A\xD9|c\x96N�\xA8���z\xB0F>e��][\xEBo)7z\x84�\xA3Gh�$\xAAQ\xA72\xE8F\x95\xB1x\xFB\xA9\xC7\xC1\xE7
-\x8A\x86\xBAƗC[\xD7\xED\xB3\xCF\xE4 \xCF\xE7\xA2\xEE\xCC\xF0`s pL=\x9B�\x91\xB1\xB4J\xE3�R\xFFS\xFB\xEC�\xB1\x91f�L\xC8\xEE\xCF�\xBB���\xE9\xD0\xF2\xF1=D\x82\xE7\xA2�2\x91�l\xFD�bt�\xA0^\xA9C\xA9a \xF7\x8CBI�e\xFD:\xEE=\xAA�\xDC[*\x87\xFB\xFDqZ\x92ǰ "\xEC
-gG5e�\xBA�d�\x9E\xF3�\xEF�\xF5Ja\xC2x��\xCC/\xB3\xA1[� o\x98C\xDDW\xF5\xCAC\x8A�\xDF\xF7\xED\xF1(\x9B\xDE�\x8E&k/\xFD\xE9b�K\xA0\xAB�/nnG\xA5\xDCCG�\xC3q�XBD,V{\xA8\xF5\xD2.I\x89\xA5Q\xA9EC\x87\x83k\xA5\xA3\xD2\xD2\xD9~\xA9\xAC�\ꩰ�\xF3 m\x91V\x9CNu\xA5J� jl
-]\xD5?(#1%\xA1ݷXo|0\xCC\\xC4Yp:\x9E\xA9u\xA5W\xB6+>ղ\xD39*\xE7t \xC2s\xBF\x98lVy�\xC9f\xC2|>\xD9�\xDC\xEF�\xCD\xDF\xC1�\x8C&\x8D\xBA\xA5\xDA=a�\x82?\xE5[\xA7^�\xE8,Ԯ\x85\xB7\xD6\xF2�\xD8~�\xA9\x9A\x80!\xB8\xDCCkYB\xFA9.[�\xB6\xE6yJ\xAE\xC0ߧZ\xB1\x84\xA5r\x96\xB0\xA0X,[W\xD9�e\xEB\x84\xFF|\xD9��\xF0\xF9I\x87v \xE0�\x9D�|j{\xAE:\xF4\xF6\u\xA8p}\x8F}�ޡ\xF1\xE9�NJ\xB24A\xB5\xC3�]ͩ\x91\x93r/\x9C\xE8r|\x90g;Aag\xBD \x80\x82\x89\xB9\xB5�\xEE�S(Q\xD8\xEC6\x89%|i\x9B\x94D �ng\xE3\xDC|\xBC\xB3�m\xE4\x84\xD8=\x92\xAD\xD4aZ\x9D\xE3\xE1ir<x\xA0\xA0d\xFB逽8\x9Fn*\x97\xC1�
-m\xBEs\xBB!\xF5\x82m\x880]\xAF\xCA�\xD8\xF0�\xDFd �\x9C\xD9g\x8BjW\xCBkQ��\x8Fr\x96&a\xF0\xEA\xB4\xDD�O\xEFڋ涷\x9E\xEF\x9B�\xA1`��\x9AF�\xC1�\xD3\xE8\xD8w�O8\x9B^O�|\xCBy\xACi\xD8.! 2V,\xF8\x95\xB3-\x9Fj�I\x96jH\xA4�{\xBBe$\xAD\xB1\xF7\x904激$_ \xBF\x86�\xB4R\xFA\x87_V\xC9A\x96\xA8\xABFva\x88r_c\xF6\xFC\xB3a\xD0*d\xD1�,e\xB0\x84\xECʆƧZ\xB6\x87\xA3�r�l9\xBB\xC5�\xB3\xCA{\xC81�\xE6\xF39&\xE0n\xD21\xCB\r\x87\xA6�\xB9j\xF7\xAE\xEEQ/Z\xAD\xD0\xF0\xEA�E\xC0\xA7ZE\xD5\xF5վ\xFB\xAB:\xCD\xE1*�A\xF5ӌ>\xF68a
-\x8DcQ\xCA\xD7j3J�\xBA\xAE\xFA!�\x83\xB9=ͨ<A�\x9F\xEA\x97�\x8A;c\xEE\xB6Y\xF5\x8E� \xD5Ke\xB7\xB9$ez\xF5а\xF4e�bq�\xCF+\x88\xF6\xA9V<\xC8R9�\xFAv�\xF3ͳ(aW\xD8�\x9A)\xD7QUÌ zNY\xC8\xF6n\xD0\xC8\xF4\xA4Z\xAB\xEB~Y_v\xEBQ\x8D\xA0\xD9��\x8D\x95Þ…\xD5\xDF\xEB\xE5\xC9\xEC\xC7!\xF7\x95\xD35\x9A\xABC\xA4\xF8
-\x98}\xAAeS8\xAA\xC1�*\x89) -�\xD7U\xF6Cp\x9D\xF0\x9F�\xAE\x81 \xD6(\xAAN\xD1F\xB1\xF5\x89Û(\xA3�:\xEC'\x9C\xB4\xFA\xAD\x93\xFB\xE1�\xF73L\x97\x81H\xA95�Ms��\xF3�\x86Ö•\x8F\xD0\xD6\xF6�v�\xDC_\xCE
-\x96\xFF<\xD7Л+Y\x82C\xEC\xFF \x81Vx\xED<\xFB\xE1\xC5zX��\xF8e\x97 {�\x91]A\xA7O\xB5\xE2�\x96ʹ\xC4P\xAC\x857�4\xE2\\xB0u\xE6\x8Ej\xCA}�\xE0ÓˆSؼ�\xEC\xFFÜ\x92\xBF��\xB4j\xD3r1�\xB9\xE6.\xE3\x8F'\xDF \xDBW+\x86\xA1IDRz
-\xAB�ÕŠa,\xD5`�s\xE2;\xDDS\xF08biN\xD6\xF9;\xAA\xA9 \xA1m\xA0\xD8f"\xE6\xA1�\x83m\xB8\xB5
-\xB7\xB6\xE1\x81m\xB8;/\x8E\xB7\x83\xC8\xFAu0�\xCB\xD1<�\xCD\xC3\xE7\xCC�\xA7\xC6<\xDC7�7\xE6\xE1\xC6<<8c^5�Q7\xBFi\x92\xAE\x9BǧZ6\x8F\xA3�\xCCS\x96\x95Z]QO\xED#ÔK\xBA.\x80\xA3\x9AJ�\xDA�$e,�%\xF0\xCC#\xACy\x845\x8F�Ì“Z\xF3\x88\xAD'\xB2~�\xECÃ…\xB1\x8F@\xFB\x889\xFB\xE4\xD6>·\x8F0\xF6�\xC6>\xA9\xB3\x8F�\xA6"\x8FR\x96\x8D\xEA\xA25\xA3A\x83B\xADu\xC5h�ÕŠ\xD1,\xD5`\xB4\xBA^<\xA5[\xE5<\x9C\xD2MXÏŸ\xD2�\xBC?K�il \xB7\xAFea\x9AJ\xA4i\xD4\xF9�Ǭx\\xAE\xD8 \xAB\xC2\xF4\xE95\xDF\xF6\xA8V\xD4d\xA9\xF0�\xB1:Ê¿\xED�*\xB6U\xB6\xB6b\x9Bp\x9D\xAF\xD8�\xB6\xA0!\xEDE6\xFB\xAB���%z\xAB\xCF�\xE1�\xAFy\xA0Q\xE0\xC3\xE6|E\xDA\xCE]\x8FB\xB5�x\xB1\x87\xF8\xBB\x99�\x84�\xCA�w3
-hh\x9B\xB2�C�\xF5]�e2��\xE3\xF7t\x9B\xE0#\xFC\xFEmc\x84\xC5+>'\xA7!\xEDg�~�\xE5+l�
-\xC12/8\xEC\xAB\xEC \xA9M[\xB5;%\x80\x9D\xBEI\x8AÄœ\xA7W\xD6\xCB\xCCqÂ\xFB\xC2\xF34\xAFt�\xD6\xEA%W\xE2�ok\xF70\xDEÕ ;O]\xFA\xF3F�\xD1T\\xC1\xB6G\xB4\xF2\xD7
-Cdn\xBE+\xD9M}\xD6av\x8D\xED \xEC1\xDFy\\xFB\x8C\x8D\xD3\xDA\xFB.\xD5p\x871\xE6\xD2M�\x82"-]k\x9EZ\xC9\xD0\xF8\xED\xFD�6\xEC-Q@\xE6No\xB0o\xEA2T\xFF͈$\xAB>\x9E\xD3$3�U\xD3\xF5\xB2(G\xF2Y\xE1\xBD?j\x80�3\xF5� \x9E\xA9S\xB3�p\xC1\x96=K\xAE\xF2\xB5\xB7c\x95\xB9\xFE\xE2\xF0\x99 \xA3\xFE\xD5ߌ\xE3\xDAH)\xBF]\x8A:,\xCF~H<\xBE�o\xBBf�ŒR\xFD}\UC\xB5m\xB7\xE28եq'a\xFAJ\xDB\xE3F\xA2\xA5\x96\xB1$R�\x9B\xF1\xAAxc�\xFC\xFF\xEBl\xF8O�O!Ze�'\xC34M"\xF8XX\xA1\x94Z ˦@\x84\x98\xCB \xE4Me\xFF/o\xA1\xB5\xD2endstream
-endobj
-2405 0 obj <<
-/Type /Page
-/Contents 2406 0 R
-/Resources 2404 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2408 0 R
->> endobj
-2407 0 obj <<
-/D [2405 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2404 0 obj <<
-/Font << /F37 1026 0 R /F48 1238 0 R /F22 961 0 R /F21 938 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2411 0 obj <<
-/Length 3179
-/Filter /FlateDecode
->>
-stream
-xÚZ\xDDs\xDB6�\xF7_\xA1\x99{\xA1\xA7�B|\x91\xC0C�\x9C\xDAɹM�7vz\xBDi\xFB at I\x94Í©D\xAA"�\xD7\xFD\xEBo��P\xA4HI\x9D\xF6\xE2\xC9� \x97\xD8\xC5\xE2\xB7�X\x88Ob\xF8\xE3�\xA3Y,\xAD\x9A\xA4V1�s=\x99\xAF/\xE2\xC9#\xBC{w\xC1=\xCD4�M\xBBTo�.^\xBD\x95\xE9\xC42\x9B\x88d\xF2\xB0\xEC\xCCeXl�\x9F<,~\x8E\xAE\xEE\xEEn>\\xDF\xFEt9�:\x8EÞ°Ë©\x8E\xE3\xE8\xFB\xAB�\x9F\xAF\xDE\xD3\xD8Ý¥�\xD1Õ»\x9B{\xE8&:�@Ä‘,\x89\xA3\xEB\xDBw\x97\xBF>|{q\xF3\xD0
-\xD3�\x98\xC7�%\xF9\xFD\xE2\xE7_\xE3\xC9�\xE4\xFE\xF6"f\xD2�=y\x86N̸\xB5b\xB2\xBEPZ2\xAD\xA4�#\xAB\x8B\xFB\x8B�\xDA ;oݧc
-P\xDA0-T2\x99�1\x97:�WS\xCCb
-Ëž\xA6\x8A3\x99hÓªI\x9915�*T\xD3WÛ¼Ù¾\xBC~8\.\x97\x82\x99$\xE6\x93\xEE\x9C�\xCE-Õ\xB5��\xD6\\xA6\xCC(~\xC0\xFB>ojн\xE4Q\xF3\x94S\xA3Üg\xF9\x96\xDA\xD5Ò¿,\xD6y\xA0\xABè¹½\xE4&B\xC1\xA9\xFB\xF9\xFA\x8E�\xBF\xEF\xF2mqH\\xE7\xDB/aN�\x83\x85\xBEz\xABeG:\xA1�KReaM(\xD6�\x91\xF4�`\x98H\xC3\xFB\xA2\xAC\x9B<[���V\xB0È—\xD9n\xD5|\x8D=� \x94\x8CU\xF4\xF9�Ö¶*~\xCBG\xD8O\x85\x8DA;V\x82>9\xB3Z�Ú™\xC6-e(\x8BÔ s\xAD\xBD4_�\x98\x9B\xA7\xA2\xA6Ö¢\xCA}\xAB\xAC�j�\xE5|\xB5[\xE4\x812�\xA3ESd+\xEA\xA0\xE6^.9\xE7�� \xDF\xC3+\xB1\x96qc\xECi�v\xA9\x8Ec\xB0\xA5r+-�US\xBF\xBE>\x8A\xC1\x93\x9C\xF7��\xB0�\xC7`\x8F7`�vH\xA6\xA4�l��J\x99\xB8\xDD\xC51\x94/\x90e\xFE\x83\xA7\xEC\x8B\xFF�\x81\x86\xCFl\xB3\xC9a\x9F\xB3-u\x8Br�k\xB1e\x89Q\xC2\xEF^\x99\xAD\xF3\x91-�)�I\xC2=\xD1(h\xB9`\xB1\x92\x9E\xE2zd�ˤ�\xCA�,\xAB TÓ•9\x89f~
-󪬋EN\x86\xB5\xF0\xEB\x99\xD5\xD5j\xD7\xE4�� S\x930!8\xEF\xC3\xF4\xC1\xE9M\xA7�\xF8\xD4\xF9\x92\xADv~�q\x89O\xAF9G\xF9K�\x8BÒ±\x81\xEE\xAE.\xD0:��\x99\xFF\xAE\xF4J\x87f\xDDdM\xBE\xCEK\xFF}P\xAC\xE2]\x95�\xC5�`\xCB/\xF8U\xDE\xCC_msX\xC0��k[\x8E)H\xB3Dq\xB9\xB7#iT\xE4\xF4�<\xB8g\x85 \xD0 \x98�\xE9@\xA6�@�K\xF7:\xA0X\xE3E�V;Qa5^Z�)\xFC\x9BÍ¥\xF3[i\x84�\xA9\xE15\xB8�\xA5T\xF4!#\xF7�$\xCFE\xF3\x84-�-\xF3g\xE7\xB2`0Ì�X\xB8;~ڲɷ�\xEF�Q\x95\x8E\xC2ODë\xAC)\xBE\xE4\xF4\xA6\xDCs\xC9JO\xFD\\xACV44s �M\xF4\xB6\xB6Ή\xE3\xFC\xC9\xCD�^\xC2\xC1\x88|Ç3YT\xEB��#uVEÝ„O\xBA\x94\xC3]\xE3\xA9a\x86\xA7�\xA6\xC8q\xFE4\xE6\xF3�\x83m�V�R\x8CL\xC5\xD1-\x86\x99H\x9E\xA33�\xD3Z�\xA4\xAA\xB9\xD7� <\x9C\�\xC6�\x99\xFC]p�\xF7\xA9�\xE2z\xCC\xCD�\x9FÚ¡:\xE1S�\x95\xF3\xA9\xB3ݲ.\xFE\xCC_\xBF�xU\xA5@\xE5\xB0\xC5'y\xB7TC\xE6}\xAF\xAA,Km\xA2\xFBÜW�\xC1\x9A\xB1A!�� \xC3:{\xF4\xA3 $\xAAé°Ž\x86��c+\x89\xB2�\xC4즨 F\xCEI\xA0\x87\xC0\xE6\xCD\xF5\x87\xFB\xD8O?�Γ�\xD3\xC0 \x967\xA3\xE1\\xCB4�\xCC^\x9A\xBC\xC68
-\xD1\xFB!Ȼ\xCE\xFE(ֻ5u\xD0b\xC8\xFC\xB9f*նo'k\x88\xA4D\x9BZ\xB7\x84\x9A\x9A.7\x80\xA7\x8F\xCD\xD0\xEA\xAD�\xFA{\x8B\x86�\xC4t\xA9\xFD\xB83Qh\xC4\xF4 \xB2zC8]\x85@=\x956\x8D~\xC44�\xDDm\xE0\xBAkГ\xF7X\x9B8\x!
DAf\xA0?\xEExA\xAF\xC7ص\xAB]\xB9\xC8�cn`\xB7!\xC3�\xB6\xBF\xA8\x9E\xBDMC\xC0\xA3o7\xDB�<tG.�\xF7\xE5\xC2\xCF��\xDB\xE0�2?ß�q*\xEAy\x87�\xADy\xB6\xAB\xBD=f\xF4\xC0]\xEF\xA6*4\x91\xFFp\xE6i�\xB15
-\xBE\xC6&\xF6L�ݥ:nk-\x95\xB3\xB5|Q֯\xFF504\x910\x80\xA1>͸\xA5�r>H_пI\xD3g}�\x90(\x96N�&�\x9Biue"0\xA2\xBA\xA8J\xFF\xBE\xA2g\xAB@\xE3"\x8E\x83\xBE
-\xFBU,\xFC\x97\xEDÖ™�Z\xA0�\xF7'�Z\xFB \xC0\xE8�o\xA4'e\xA1d� �ο�G\xFF\xFB��\xB4eZÛ�|UV\xB8e#\x8E�\xBC\x9E\x94\xA0d\xA2\x9B\xAF �\xD5�\x91\x8Et\xB1\xCE]\x96è³¥\xBE\x80~\xA1Ç(�\xF0\x99\xE2L"Ý¥:�\xC4@\xE5\xD6\xF5sY\xFD\xBA\x86$\xACX�e>\xC0cbX
-\xBE\xF54\xFF\x96j(@�\x8F\xA9di\x9Cؾ�w\xDB�\xF3�%\x8C\xD7Ó¼r\xCFEM\x83\xEE�\xE4ZN\x9Fظ\xFFx\x85\x8Dt\xFC�L�\xF0\x99\xD1�T;\xABj\xFF\xA5[\xE9\xD4-\xD5\xF5!;Yg\x9E;\xA5R\xD8zÚ\xB3rJ\xA8K@\xE6$>p\xDF\xC47[d\xB3�N�sH\x86ט\xBFaPH�MA�\xC7\xDB��;\xE8XU,��\xB1\xBF\xF1K\x87\xA1<\x9B?\xD1`M4\x86\xE6\x88T�u1\xB0�c�\xE1Z �UÒ¶\xD3.\xB39\xEC&&\xC0D\xB2\x86\xB9\xFD\xE6\xEE�5\x99\xCF�\xC0\xEA
-0\xA6\xE0\xD3ͻD\xD7 @�\x8As\xDDfA\x8F#\xB6\xC0S\xA6\xA4
-4�V6\xBB\xE3\xCEU�\xC1�T\xEDILw\xA9\x8Ec\xBA\xA5j1]\x95\x90le�@\xEB�\x91gN3o\xA9\x86\xDC\xFB\xCB�G\x96\xA6\x8A\xF7\xD9{@�\x8D\xFB\xB6rnG\xE0�R$\x85\xF6/\xB1\x8E!\xE9ߢ\xEB\x836'Z�jl�� ?y~\xCAKz\xBBÉ·�Z\xBFipt\xF4\xE3W?\xBD\xFDĈ\xD8g$�\xF0a\x87�\xFB\xBE\xC6�T�>\x87q\xA5\x99�\xE6\xE0\x946\xAB\xDCÉ¢\xEBÇ‚\xD0\xDEË–Þ\xE5\xE5\xA2�\xF4\xAB\x88�M\xF38
-T̔Qg@\xB0':\x81�O\xD4B`\x99�\xABa\x81 N�2MN\xF2m\x89�\x8C��Y \xAF\xED1\xBE\xC6C\xB2J\xA9\x90\x82
-Wq\x92\xCA{/\xF7*\xFFÿ�e&l\xBBc#<_\xAA�\xD1{�\xE6î”o2z\xDC\xDF|\xBA\xD4:\xFA\xF1\xEDe\xAA\xA2\xAB\xDB\xF7\x8C\x86�\xC2\xF4\xFBC5L\xE2N\xD2ÊŸ\xDDG\xC4
-\x87g ubQ\xCA
-\xCBJe\xDFQ\xB4�1̹\x9E\x8A\xB9\x87F1�\xEA0\x9C\xE5}\xA7R\xA2\xA7]��\xEDf]r<�\x85\xC9g\xF9S\xF6\xA5 \xD8\xC0ꎂFZ8\x92Å\x8E\x9FDM\x97\xEA8lZ\xAA�7\xB3�΢K\xB0\xB2f\x80\x9ETA�\x93g�h\xA9\x86��xKW\xD8\xD1}�\xAE\x9A&_o\xD0h�\x8A�"�K.\xEA\xCD*{\xF1\x83N\xD9Ѐ\x83d\x83A\x87h\x9C\xA6a\xD4�\x97j\xEA\x85\xCDJx''C\xAAl\x85~$_8\xFC\xF8\x88\x85/\xF6N�:E\xED\xA3 �Ù¤\xD1}��R\xA9\xB6h\xB8\x97�:-\x83\xE0-\xEAg@\xC5\xF1-\xD5 \xE32>\xE3�\xBAT'\xB64P\xB5[
-\xA9[\x9DÏF\x83\x93\xCC\xF7\xD1`\xC0}<�\xF4\xD8\xCA!\xF9\xACq\x8F\xB8\xD5�$|\xF77\xDFP{\x90\xBCp*\xAB\xB8g\xED\x8AAn\xE4%\x8C\xF8\�;��\x87�~\xFC\xCEQ\xF8O1\xD0\\xA4�\xC3]��\x9F\xC9\xFE\xEB\x8Fw�c\xB2\x9C\x88
-\x83*N\xB6X�
-\xA4\xAE\xADmã³*\x87�\xC5_\xAD�K.\x81\x9D\xD4g\x80С:�\x84@\xD5�\xA1.�\xE7OY=\x92\xE9
-\x96\xC2�'\xB9�\xA2!\xF7>�\x92�\xF2a+\xFB\xEC\xBFql\xA7�\xF2Ë°iB`\xFD\xE2\xB1Ìš]k\x9A�\x8BgX�s\xD7 \xC2\xE1\xC7W\x9Cjz\x8D\xA9\x97k\xB8#\x8C\xC0B\xECzS\xAC\x9C\xA1\xB5i,\xB6\xA6\xD7#\x97R\x98\xAA(+Uo\xA5箥�\xB3Ƙ\xF1K\xA9i;\xE3�\xB5(\xD8�\xA0�}\xB5\xDCß¾\xFB\xE6\xDFW\xF77G\xF1 �d\xE0\x92\x9FI�\xBBT\xC7\xF1\xD0R\xF9Û’���\xA7\xBF\xE5/\xAF\xFF�\xFF�\x980 K\xB4\x91\xA7Eh\xA9\x862\xF4Qa9K\xA4M\xFAB\xB8\xD38Ö¶s\xE7 \xDC\xD9��8\xB4Ê©\x8Dn��\xE1\x8D�\xACi{i\xA2�\xD5K\xB1�\xF2\xFB\x8F\xD1#\xE3s\xE6\xBF\xDCÕÆ¡b\xA4�.�Ó¶-\xA6~\xD55\x8F�\xF95Hm;<\x89wPÑ;\xB6 �\xC0\xF4w7\xFF
-%o\xD8�sx;5\xCCk!H\xC02\xFA\xE7\xF1\xE0:\x8A&�\x81B\xE9�O:\xAC=\xC4�\xBC\xEE �ݺ\xA2\x99\xF6q(M\xA2\xBAU\xEA\xE2둓L\xCA\xC1='ɹ\x93Lb\xDAz\x9F\xAF2 \x8FUU\xFDFL\x96\xA3%e\x9D2\xA1ڒ\xB2\xAB\xFAv`\xC6\xE0\xFF�3!\x98\xB0\xE1\xD8\xD4`\xAE?\xB2U\x82I\xBD':;\xA9�\xAB\x8C\xD3\xF6�\x92\xC4'G�\xD2\xCF\xC9\xE3\xF8C\xAE4xW�\xD4#�V\xB6\xC1=Խ\xAB\xAE�?܌�\xE5>|\xECoq\xC7_\xE98\xF8+h\x8D\xFA+\x91\xA23U�\xD6/\x990\xE6\x9F\xFB\xABv\xC6iwʡ\xC1
-p.)\x97\xE9\x9E\xF3_\xF2W\xDCJ�'É™\xFA|\x97긿j\xA9\xDA\xF8\xD5T�WL�d2 \xE4�\xB1:ͽ\xA5�\xB2?�`\x9C\xA5\x9A\xA7}\xFE\xFF\xA13\xA8\xBB\xDD\xC9|Õ€\xDB}0\x83�\x87\xC1\x8C\x87`Fmv\xA5NF\x9FÂ\xA6\xBE<\xCC] \xB1Xd\x8D+\x85\x81\x83\xB1\x87p\x82�\xBC\xBDN\xA6\x9A3�\xEB\xB4N\xF9{�\xE3Xëƒ\xE6�\�\xE7\xE9?\xC7X\x98qÚr�c`\xD5Z \xBD\xE7\xFC\xD70�)\xE9\xB9[\xF5=\xCD |�M\x8B.\xBC\xD0=zb>\xC1t`>\xE0:z^\xEEp\xBD\xED\xFE\xCC T\xF8\xF7eQw\xD7\xED\xD3\xCA\xFD\xF9\xF3\xF6\xBA{xt\xE9u8\x98\xE6e[\xD5\xDD\xD7$\xB2\xD1\xDC\xD3�\x85\xD6\xDD-�O�\x8C�\xE2\xF3T\xE2\xA55\xED\xC4\xF7\x9F\xDF\xE3A\xF4\xE1\xF6\xEE\xFD
-\xCD\xF2\xC3\xE7\x9BO\xB77\xF7#���\xA1\x80�G\xFAM\xA4���\xAC\xDF\xDC~@\x81\x95\x8D,
-�\xEB\xCD\xCA\xDD\xF6f>SV\xEE\xE2g�\xA8P\xAD:�\xFClÍ\xDB�\xA9\xEA\xDDf��ך8\xD5T\xEB'M �W\xFEܬ\xBC`\xFB\x9F\xBE\xA0 %
-R\x84\x80�\xAChR\x89G\x99\x88*\xA6\xD8\xC23E\xE1\x85\xC6\xDC\xDFG�<\xFCX\xC3�B>\xADOÆ’
-�\xB1
-\xF29\x89\xDC\xF8\xF8�o\xCC�\xC5q�\xA3ӱ\xEBR\xAE\x98Mm\xD0\xCD,k0�A��\xF8/y\x84\xAB\xC4n\xB5A)\xF0�\x84\xB7\xE7)\xF79�2w\xBF\xD5 \x92\xE6\xC9�\x88q\xA8\xD5 \x8E\xCF3/\xFD,\xDFK\xBF*ܯ�`\x94\xBC
-\x8E\xBBd\xC5\xCD\xF8\zJ\xF7#�\xE2A
-\xE2 \x8B1\xC8\xF7\xDC�\xC8*\xB3\xC7\xDA\xFF"\x87D\xAD�\xCAk\x9D\xCB�O\xC0\x8E\xFD\xD2L"\xFE䘉\xC6-\xD4\xFF\xF1\xAF\xD0\xF6\xBF\xB1S)\x93xk:j\xED\xA0�&\xA5\xE5A(\.\x97\xF6Pt\x8D�7`nC\xD9\xFF�E\xFA\xAD7endstream
-endobj
-2410 0 obj <<
-/Type /Page
-/Contents 2411 0 R
-/Resources 2409 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2408 0 R
->> endobj
-2412 0 obj <<
-/D [2410 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2413 0 obj <<
-/D [2410 0 R /XYZ 85.0394 105.2981 null]
->> endobj
-2409 0 obj <<
-/Font << /F37 1026 0 R /F48 1238 0 R /F22 961 0 R /F53 1313 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2416 0 obj <<
-/Length 2274
-/Filter /FlateDecode
->>
-stream
-xÚ¥YKs\xDB8�\xBE\xFBW\xE8\xB0UC\xD7D0^|\xCD͉\x9D\x8C\xA72\x8E7vjv\xCB\xF1\x81"!\x8B�\x8ATDÊŠfk\xFF\xFBv\xA3�\x9A\x92\xE8\xF5lm\xE9@\xA0�4�\xFD\xF8\xBA�\x89 \x87\x9F\x98\x84�\x8BR\x99N\xE2T\xB3\x90\x8Bp\x92/O\xF8\xE4�\xC6>\x9C�7g\xEA'M\x87\xB3\xDEÞ\x9C\xBDW\xF1$ei$\xA3\xC9\xDD|\xC0+a<I\xC4䮸�\xDE2\xC9N\x81��~\xFDt{w:\x95a$yp~ssy}q\xF5�\xECs\x98�38�~?\xBF\xFEr\xFE\x91h7\xA7\xA9�\xCE?\Þž>\xDC\xFDvry\xD7K3\x94Xp\x85\xA2|?\xB9\xE0\x93��\xFF\xED\x843\x95&\xE1d��\xCED\x9A\xCA\xC9\xF2D\x87\x8A\x85Z)O\xA9NnO\xFE\xDE3�\x8CÚ¥\xA3��\x9CI�\xC9��H9\xA6\x820e\x91\x92ʪઆ#)�t\x8B\xB2\xA5V\x9E\xB5\xE6
-6\xA3\xC0d\xF9�\x8Fx\xF6>T�Fq�\xBBD\xB092\xF8\xBE1\xEB�M\xDA\xDBMI&y"ܬl}*\x92\xE0q\xB34uG\xDBX\x82Yѧ\xEDə\x93\xA7\xAC\x8B\xF2\xA9,6Y\x85}\xE9\xB6qC^d\xE3$n\x96ˬ.\xA6UY;J\xBB\xAB\xBB\xEC�\xB5�\xD3\xE6\xEBrf
-�r2�<f\xB1Ð 7!X�\x86\x92\xE4\x9B5O�--\xD2\xE0�O=U\xE0 yS\xB7eÛµ\xD4k\xE6\xF0\x85\xF1\xAC\xDE
-�\xF0\xB5\x82`\xA3\xED@�:jAs\x9BUW���\x86Aj|\xE5\e\x8F-hY\xA9\xF8yy\x9D-]\xABkh\xF9\xCC\xF5\xAB\xA6\xF9f\xDC\xE2\xCDÊCUY1\xEC�\xA0(<�\xDF?\x97W�8m\xB7[�jY9\xB0\x91WY\xDB�\xD0\xEC\xE9\xB01XÚŸ\xC2\xF2Yd�\xB5\xDAE\xB3\xA9ܲ\x99\xE7\xBDZU\xA5qD<\xC6\xFE�b*\x84�X/n¢$L\xAD\xB8\xE7\xE4w\x8FU3#\xC3\xC7Ak:"\xA2\xB6\xF1\xDB{B\xE4\xE5\xB2Þš�\xDBE\x89\x86\xB3\x8B\xBCd0\xC9J�\xDFg\xC9P\xE7\x8D#V\xD53\xD7\xD2xV9\xB9!\x8E\xB7
-\xAD\xF0l\xDA
-\xF1�gQ<�\xEE�\xE0\xBC4\xC3I\xFD\xB2����\x87\xE02Xnڎ\xC8.�rS��"\xA7\x80�\xF0�\xB9\xA6i@ݬ*G\xB7\xCE�$t�t�\xA1ɜ\xAE\x8Dֶ\xCDp\xA0%��\xF8�\xF4\xC8%\xB9|QD8\xEEt\xFFH�\x9D^\x97Z�
-\xEAJ\x87.�\x81\xE0⑨�\x94VWIpn]�&\xF4\xF6\x85qoNdԻ�п\xF2\x90\x9B�\xB9Yu4\x88\xDC-\xCA@\xE8>\xA3\x8CLRƅ��\xCC\xFC|_7�\xF9\xB2�\xC1\xA3�@2\x8C\x94\x9BH[\xC1�‰\x9C\xB9C\xCC\xDC� �\xD6\xEB\xB2(LM\xB0\xA1T\xCAd\x94$\xFB\x86\x9D\xB9 \xC9�\xDE=mW&/\xD1l\xB9��\xE3\x9C\xDFz\xF0hd\xA1\x82��\xDE7k"\x9B�\xD9�,\xFD\xCBȉ\xC1�\x8A\xB3H�\xB2CQ>\x9EN#\xC8O?_Sc\xBBݲ\xB2\xCDY\xB3v#6\xA2\xB11\xFDA_!c\xC6\xE1'\xA8\xBB7�\xD5o\xD9\xD5
-0<V\xE3\xC1\xF6�h[4X\xAC�h\xB9\xF9Cq!q\xCE�\xA7v\x94\x{1989C8}Y�+o\xC3܅.\xB0\xB4ƀ\xEF\xA65\x8E2\xB7q\xD2,\xA9G���=�:.
-\xE0xC\xDFe\xF6\xCDS��h\xAE\x8B\xB8\xBAY\xB5\xBF\x80\xFAÄr�Pϯ\xFFI
-o(ܸY\x8F��V\x813$\xB1��UO\xEE\xA2%\xE6X\xB5\xEF-^\xD1\xC7�Ђ%Z\xF9d\x89\xB1�\xC5\xE8TJ\xFBD \xEE\x888\x83���ۚP h�\x93b\x97\xC2�\xC6���\xDD\xD0ă\xD8!B�\xA0\\xDF�7\xCA�\xCA_m\xBF\xC1Hԥ\x8A\xC5i\x94:y\xFF\xEA\xB90\xBF\xA6�A�\xB7\xF3 \x80\xBB\xF4E�xW�3\x9D(\xB1�7�'�#^\xA4\xBD\x9AD\x83D\xBC\x87\x81Qו�\Q\xF42�3\x97�P\xE5�Ю!\xAAMX\xC7ΜH�&\xFDq^p\xE6��\xC9\xCFq\xF1A<
-5ʺ\xECJ{r\xE8\xF4\xB8�\xF4\x8E\xBEˬp3\xC9V\xD00T\x92@\x8B\x8C�\x9AÔ‰\xC6\xE4\x83\xD4\xD8&\x89z\x9F%�;Q\xC8 \xD2\xE5\xBE�.2[\xEAY\xEF\xC0O\xD5\xE4\x94m\x9F=^\xE9^\xE5\xB6=\xA6ra\x8F\xEA�\xF5%\xC0\xC0:P<G\x88\xCF\xD1�\x94&\xAB\x9D�/\xA9�<�\x80\xE15\xEC\x80\xF0\xF4\xC5趬\xDCAꦣ\xC6j]Ö\xDF\xC6P\xA3\xB7\xC0\xC1\x91\xB7�\xE3\xCB\xCFΫ\xA6\xF9!
愄\x90\xB3:\x95:fa\xAC\xA2}\x9D�o\x80n\x8C&\xFC�E��\xC7Q�\xDCJk.\xFF\xE7h\xF2�\xEB嘃LR3\x99 \xF2(@U\x99R]uuqM�\xDC~\xB9\xB9\xF9\xF4\xF94\x84\xC2e�\xDCeĸ\x8E�Z5�1Jʄ|�\xCFU\x92z\x93\x93\xB7i(\xC4N� o\xED:\x9B\xB2\xEA(\xE5n\xCBnAD�\xD3%0\x9BY\xD7�ն\xE5\x9FTmDA\xD1,\xB3\xD2%k\xAC}|�\xA7ʬYwo\xA8g-�\xDF>\xB3g\xB9/&\xA2\xA0\xAFN\x8A\xB2]Uَ\xA8uSO\x9D\x8D#�\xB7\xAAp\xDF\xC4\xE7\xB7ﮮ0\xC4T/\x84/\xC0Z6\xA2)\xC1�.\xC0s^\xD3U�q\xEF\xE3\x80F\x94\xE0\xC0k\xB3\xCET;\xDA�\xEE!\x80\xFF\x9D+\xC9\xF2E\xB6\xCErP�
-\x9A:o\x8A\xB2~\xA4�\x95\x85\xC7��uf\xE6�\xF7.\xBB\x94\xC0BrD\xDEx�y�#\xA2Թ3\xC4
-\x96\xA2H\xB0\xB95J\x82�\xEB\xF0 at h\xCD\xFA e\xC2v\xE3\xBEN\xBD \x88��\x89\xB4\xC7o\x85'\xC4\xEE \xAF#o�L\xC0\xDC\xF1\x84\xFC\xCB('^\xCDi`\xD7l~*hrU\xDA\xE4ދ�\xDFͺ\xA6i\xA0
-`;\xDF\xE3\x9A:7C\x91\xC9c\xC6Jv\x82^) %ХL:\x91\xB3\xB6\xA9\xED��Ng,f\x8EW\xA8�*��\xF7�*\xEE}\xF0h 9\x84l
-7 �\xA3\xC3h\xFDW\x9E
-$K�\xA8FG�
-\xA6=\xC7é¥}�\xD8\xCF\xE3p�\x96\x89\x8E\x9FwF�/\xAEn\xCF\xDF~\xBC��\xA0�\xC0A{\xA02\xF5SIf\xAB\xE9Z\x8FJx\xCA\xC0sg\x95\xBDKK\x9F\xA1 at yV\xE7V\x9FN\xE7\xB6c\xB30\x8C\x82\x9F\xE0\xA2\xC2Q\xE7Du
-�ä!TS�\x88\xEBw"`+Ûƒb\xDBb\xF9HN\x81\xBAL\xC8W\xF1K+\xED-\xB6>M\x82Mݾ \xB7\xA0A\xC0\xCB�\xB8}\xF5\x91Þ†\x8Ek\xF7!\xBE\x9E\x99.?[\x9B\xB6\xA9\x9E�\x84\xF8|\xECF\xFC\xB7\xFD\xFA\xE9\xF7\xCB\x9F1�u\x9D\x8F\xC9\xC0iozι\xBD\xBC\xA4\xE3\x9F\xBC\xFD\xF4:\xC2/\x9A\xB6C\xAC�\x88\xA2oh%\xA2E\x81\xC4d@,\xEA\xB65\xF9\xF4\x9B\xD9=\x9Az0hwP\xE9Py�Tb\xBA\xD7\xDE\xE7\xF7\xEF�W\xE1Xa\x90\xB08\xECç«W�\x84jP\xEA\x9Ev\xDF~\xF9p\xFB\xFA\xD1\xC0\xF3<\xD2\xD9�Ú°\xE3 at v�\xEE\xE3�G�\xF7T\xB1\xFC/\xEF���5S:\xF2\xEA×’\xC5X�\xBA'\xC5S\xF0
-\xB8A\xA1n\xBDEU\xC8b\xBC�\xE0\x8CkD\xE3q\xF1S\xE0�ƽeh\xF3\xAFR\xC6Ժ𵅿�`{Ó•U\xD9\xED^\xF7\x8C]ݬZ�\x93�\xF4Q�6\x859q�\xC5��!#/\x8C�\xA4\x94!\xE6\xA8\xF1\xE7G���\xC19\xE0p�5\xFD㣛\xF4|F\xBCm\xDEO\xB3wEU\xAFÛ»\xEDÓƒ'\xE5c5\xA7\xC2Û\xF69\x95�\xB0\xC6.(Ì¢\xA3\x9D\xD43\xBC�a�\x96I\xA2\xD0{a]4Ý‹\xFC\xE2\xF4\x90\xE1\xE7\xD7�n\x9633zs\x8C\x98\x94Z�r\xEC^\xE5h\x9F\xF1F$T,�\�\xF2\xFB\xE3U~Û¬\xEC^\xE4\xA7z~t7KA�\xD1a]t?]\x8E\xEC\xB2/м\xCA�\xC7v\xD1�\xE2\xF5H�\xBAoE\xAEE%\x8C\xA5QM\xF0\xF0\xD2\xD3;\x9C�\xDF\xCBG<\x95\xF7\xB1\xF1?\xCB?\xFFë ±\xD6M\xE4\xF8\x8B\xBB\x8CC�\x8B#/��Rh~$\xBA\xC0?\x96\xFD?ΧL\x9Aendstream
-endobj
-2415 0 obj <<
-/Type /Page
-/Contents 2416 0 R
-/Resources 2414 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2408 0 R
->> endobj
-2417 0 obj <<
-/D [2415 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2418 0 obj <<
-/D [2415 0 R /XYZ 56.6929 526.8607 null]
->> endobj
-2419 0 obj <<
-/D [2415 0 R /XYZ 56.6929 415.3623 null]
->> endobj
-2420 0 obj <<
-/D [2415 0 R /XYZ 56.6929 332.9987 null]
->> endobj
-2421 0 obj <<
-/D [2415 0 R /XYZ 56.6929 269.3209 null]
->> endobj
-850 0 obj <<
-/D [2415 0 R /XYZ 56.6929 229.9211 null]
->> endobj
-2422 0 obj <<
-/D [2415 0 R /XYZ 56.6929 196.709 null]
->> endobj
-2423 0 obj <<
-/D [2415 0 R /XYZ 56.6929 160.9458 null]
->> endobj
-2424 0 obj <<
-/D [2415 0 R /XYZ 56.6929 94.3462 null]
->> endobj
-2414 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F53 1313 0 R /F41 1218 0 R /F21 938 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2427 0 obj <<
-/Length 4190
-/Filter /FlateDecode
->>
-stream
-x\xDA\xCD�\xCBr\xE36\xF2\xEE\xAF\xF0m\xE5\xAA�\x83�I\x80[\xB5�gf\x92x7qf\xC7\xCE&[I�\xB4DY\xAC\x91H\x8DH\xD9q\xBE~\xBB\xD1
-\xF0!j4S\xB9\xAC}@\xB3 �\x8DF\xBF�\xC9K�\xFF\xF2\xD2&\x91\xD0Y|i\xB28J\x84L.�\xDB�q\xF9�ᄑ\x90\xDCg\xEE;\xCD\x{3F7EFBF}\xF8\xEA�m.\xB3(KUzy\xBF\xEA\x8De#a\xAD\xBC\xBC_\xFE:\xBB~\xF7\xEE\xED훛_\xAE\xE6*�\xB3\xAF\xA3\xABy"\xC4\xEC\x87\xEB۟\xAE\xBF'ܻ\xABLͮ\xBF}{\x87\x8F\xA9\xC2N
-\xBB\xA5b\xF6Ýw\xF7W\xBF\xDF\xFF\xF3\xE2\xED}\xA0\xA6O\xB1��I\xF9x\xF1\xEB\xEF\xE2r \x84\xFF\xF3BD:\xB3\xC9\xE53<\x88Hf\x99\xBA\xDC^ĉ\x8E\x92Xk\x8F\xD9\\xDC]\xFC;�\xD8{\xEB>\x9D\xE2@\xA2m\x94Xe&X\xA0䥔Q\x96$j\xC0\x83$\x8BR\xAD\xB4\xE3\xC1\x9B\xB7w\xAF\xDFß¼\xBB\xBF\xF9\xF1�W\xE3\xBE\xE9\xD8&.\xE7\xCADJ�\xE3:\xAF\xEB\xA6\xE5^\xAA\xD7K\xC9H\xC7�:c\x9F\xB2\xB9\x9A\xC3Jf95M\xB9\xDDm
-\x84\xED\xECЖ\x9B\xB2}\xA1�\xABzO\xC0\xAE\xD8�\xBC-\xABGz~s{G\xC0\xA6\xAE?�v
-\xF0[ezv\xD3\xD2 ~\xFC
-\xBE\xC97��\xED\xD0�K\x82ښ\xDAE]=�{\xFE\xA8ʷE3|\xF3\x8E\xE9\.\xF7W\xD2Ί\xA6\x81.\xB08X2\xADg�x�\xCB\xCA+�_\xA5v\xF6T.
-\x86\x8A}\x93�u:ճ\x9F\xD7EEت\xA66w\xA3>�\xB6E\xD56\x84\xC2�\xBBvזu\xD5\xF4\xFB\xB9!\xCD\xEC\xB1|*\xAAW���\xD2�\x898\x89\x99ɧ6B\xC1�'~'v\xFB2L\x9DSӬkd\x89��\xDBm\xBE\xA1y\xEB�!K\xDFQ\xC3[X2\xF1à \xD2H\xE59Bڳ)\xAB\x82\xB4d\xBCTD9v�\xC0k\x8D\x88\xDAD�\x85KfQlX\xB8p\x8F\xA6\xD6���IO\xB8\x94�\xB3v]�\xB0\xAC\xB7y\x89\x9C\x97\x92�\xE0\xD7yKP\xF8\xA0\xA6>�\xDC�e�%�\xE1\xC3Ή\x98q"\x86\x88E^�\x90o\x9A\xD1w\xB9\x9F\xB6m\x8B\xE5|Y,J�B\xC2ݼ{\x8A\xA9sO\xA4\xE8\x95\xDB\xF8\xEE\xEBE\xBD\xA9\xAB9\xF3\x96\x967\x90\xB5e\xB1)\xB7e\x8B\xF4i\x99\xE2\xC0)BI\xE0W\x80\xD1z\x86k\xC77\xCF\xEBr\xB1\xA6)&$H��\xC5*;+@\x89T\x9E\xDB\xCF\xE5fCc>\xBC\xD04\xCBb\x95�6-!Yq\xE9!\xA7�D�jFAxRb\x82\x9D\xCA#@\xFB3Zє\x88\x80\x80\xC4Q�\xCB�\x83\x9Ab�SLЯ\xB3HJ#{Ң�ІLR\x86e�\xF7\xCBa{RK�\xCFD\xE8\xEA?-J�\xB5=\xE1\x9C\xD0!\x92�
-\xA1\x9A_\xA11qc\xF6w\xDEuX\x9D\xFC\x96�\xC1\xAF\xF3vb\xCFt�&;9\xB3g\xF3X\x83\xB71\xA9�\xAA'\xA8\xFAa\xC3J\xF8\xF1P8M�\xB0\xAC\x9A\xB6Ƚr\xAE\xA8%u�\xC0\xD3\xE4^\xEE\xFB8\xD6\xEBM\xD98\xB9\xA4\xA1\x88\x9Ax`\xA8t��
-\x8E\x8Ch\xFE\xAAh�_틦\xDE<E`\x91W�\xF4\xC3�\xD3Xj\xFE "\xB5\xD0ZE\xDA:\xC5p&º\x97\xF7\xEBbbJ\xE8!S\xE3\xB94\xCF'\xE6\x90q�\xC7\xC10\xFE&��\xAE��\xD97R\xBC*^i\xF1\xF1P>\xE5�'�\x8EG\xB5gG\xDB:_\xE5�7AP
-�V\x84%͟\xCER\xD4' \x98μ\xF9\x80��\x8B\x85U\x91\xD4R\x9DQe�\xD9\xC4\xF8 <\xF5\xDB\xFC\x837\xDAG\xA2�\xA4\xE1e\xC7}\xAEo\xFF{%\xC1\xA0\xF9M\x811\xD38\xB3C\xBBM\xAEOK}\x82�q
-; \xE1 3\xE3\xF5�3@Ì\x8CG\xCC\xC0!\x9D�B\x8B\xFE}\xCA/�\xA7\x85\xD2\xEA\xACU\x8Bm,GVM\xCFr0\xE2\xDB]\xCB\xC4\xD7تٲlv\x9B\xFC\xA5[\x91�\xEE~\xBC&\x80\xD4{Q\xBBv\xC9Ô±aÓ³?몘0c
-��"\xEEyp\xCA\xD3�X\x8B\xF1kY\xB9�\xEA-\x93\xEAif�\x83\xD6���\xD6>\xB4\x8C^?\xB5\x8Ag\xF9\xA1�w_\xB6y�Q�\xA1\xBC\xF5I:\xADF4\xD1� �f\x80p%�é‚\xB9_\xF3\xD788}Mf\xAD�/�\x8EG\xD6�\xDD\xC5oB\xA8\xCA�伈\x9B\x85?\xC2H�\xFB\x8D\x99\x8A��Cs\xC6.=D�,\xA1\xAB\xFA\xE0\xD5e\xE5
-V\xB0f\xB4�?\xD8\xE7ؑ,\xF8\x8E\xF9bZNU\x9C\x8D\xC5TKgU\xF7W�\xE1.0 Қ\xCC�\xBE!\x85CLN��\xDE"\x80\x9Aw%g/\xF4\xE48
-\xEDb\x937͔�I��\xDCn\x9A\xBC\xD7m(CYdm\xB0\x85\xB8\x81\x89\x82\xE5\x96L\x95\x8Blp\x9A\x87\x82Z\x8A\x9B\xFB��\x87
-\xB8\xAC\x97L\xE0\xDE�\x83Id\xA5��\x83\xAF\xD7y\xDDT�o�Q\xE7 at v\x87\xF5\xC1�\x8B\xA2\x8F
-�\x8EA4\xC4E\xF7~\xE3B\x981�\xCC\xDB\xE6\x9B[jÑ\xDFTm\xB1\x87\x99Ñš\x8F6\x9B\xEC\xD3\x9C +\xF6�uㆇ8\xE0\xD0\xEE�-\xC14$D\xDEEU\xECs\xF6m�Eu"\x84\x82\xF0"I\x82\x88\x9C6\xBC\x99\xB2\xC1\xDAPb\x90\x98S\xD6QG)\xF8�/u\xCBiW\x91\xC8\xD4K\xDD~JraJ\x9D\xA4g\xFC
-�"\x8F\xFCM\xC7��\x85\x88\xF6\x9A7�h~\xAE\x99e!e\x81\x87\x9E�\x9A\x9E\x9Fd/\xA1\xC0\xE0\x8B4�\xE5O0$\xBA\x99\xD8\xCC\xD69Z#�[�B\xC7�\xC0\xED\xC8\xD8=\x95K\xB7�\x80!m\xC6N\xF9\xE2\xC3s�\xCC-\xBE\x83\xE4d�Fí²IrPs- \xA7��W<\x95\xF5\xA1\xA1Q\xD06\x95\xA0m\xB0\x86W\x84\x99\xDE�\x9D\xC4\xE0\xADR}f?b�"\x9C\xC0J\x98\xB7y.\xDBÅš\x96 Ë©\xD8m\xA66\x82P\xE6(\xC88<>v\x91\xC4>_�\xBD\xE4阴̀\xA4\x84 \xFE3\x82\x8A\xA2\xCA�6>X{\xEA�@\xB0�\xF0~I Ycb\xCDPk\xBEw\xB6^Al\xBA\xAD\x97�ANR\xA0m\x8AM\xB1 UQNU\{"��\xE7�\xBA\xEDS\x8A\xF9f\x9Al%\xD3a,\xE4vÔ›.G��\xD2f*�J!\xF8\xCD\xE2\xB3:\x99*\xEBy����7\xA7\xC6ynZ\xC7>\xAF\x9A\x95\x8B\x82\x95\x97C\xDF\xE1\xD8.KT`%\xD23\xAE]G\x99�qg\x96\xDDÚ®2\xB0\x84<�\xF9t��\x9B\xA6\xE9PRÈŸ\x81Z2\x8D \xB9Ôžd�M\xB33f \x84\x9E\xB7w(\xE5`\xC1\xDFÝ¿'�E\x95z\x9C\x9C�\xE2(\xA2A$Z\xD6믮\xE1\x8F\xEC\xAACÞ¬\xA8�\xFD{(\x9DW\xC7'\x90\xF9\xF5\x94&��F\x95\x9E \xCBU�\xF2��㜤ȅm\xA4O\xD6F)V\xC3��\xE8\x81eÛ±�-Ù„+8\xE1\xF7a\xB8\xA4S\xACr\x8AP\xD8?-\xC6\xD1:V\x96\x9A]\xB1(1\xCA \xF5%�\xA8\xE0\xABA.\x8C�.h\xD1�:|\xAACav\x8F\x98a%\x8AF\xE7$\x8EK\\x84t\xBB\x8C\xC0Í»4\xBA\xB9\xBD\xA7�_ q5-\xFE\xBC\x8B\xBF8~\x8F�\xAB\xCDP\xBAJN;\xDE\xF3ZZP\xA6O\xB9b\xEF}6q\xF0��)\xB9~O\xD5\xD2/\xE0\xBC�\x91È‚Z\xCEo\xA7C.m\x92\xA3\x98+Ö˜\x88aT�\xFBx�P\xD5a\xFB\xE0Rj@\xBA\x80
-p˺\xEB\xE6\x82[\xC0\x91�r8\xF4 �>\xF0 >\xAD�E\xF0I�\x87<\xE3t \xAFC�\x8A\xA9q\xBC\x96\xA7\xAA\xE9\xF9\x81\xA7\x86t\xB8�G[\xBE\xA4w\xF9�dʇ\xD6Eޙ\xF4\�\x9F
-"\xAF@\xEE\xC7.\xC4\xEF
-\xF0�|\xF0�w�>s\xDB�(\x8E\x99�\xEA�\xE2\xD8\xE1Ð\xEDp}
-�*b�\x82
-\xA4��\x95E\xDCp\x93y~b`wC\xA9\xE8\x8B\xF3\xFCWd�\x9Du\x85)%5劦tE\xD4 \xA2\xB8h\xA6��I\x88Ɔ\xEC`\x8A\x95eGe}�и\xE0�\xE6Ó³[*�\xE3Kg\xB7�\xB4*\x9E\xC9\xDC[\x96�\x84\xBA ��\xC4 \x93Gc\xC7GZ\x86/ \xBD\xE14�1U7�\xD9]7\x9D3oÊ’\xA5\x82\xB6)h�\x8E�\x90\x90z\xEF\xE7\xA3)|\xB67J\x86HקK2ã‚Ž\x9FcX\xD4 uS\x84K6\xB8\xBC\x80\x93\xA5�\xD0�\x8BG�\xB1\xB4\x83\xC9p\xAC\x8E\xED�h\x80B�\xBE\xC2\xF4dO\x8F\xA4\xC5j\xF6\xD3�\xAC\xB0\xC5\xDE7\xB4\xFB\xB2h�\xC1z\xA6\~�\xCD�5\x9AS�x\xA4\x8C� R;p^\xEB\xBCz$}S,�\x88\x9E\x8E^T��\xBF\xEC*9\xEFOX\xA8\xE4(z96!\xDADR\x85�\x9CM\xD5d S\xA5!}(\xABe\xB9 \xC1\xE7Å®\xEBgfb&\xA1\xDB8\xFB\xDF\xE6\xD5�\x9D\x96\xB4\xE5v2Z\x82\xF0\xD6Z\xAB\xCF\xD6K\x94\xD5\xE9\xA0^\x82\x83�\xEFw\x85\xB7*9\xA1} \xA7e\x8B\x83f\xB7`ÅjF=��@\xC8\xF3\xEC\xED�\xE8e\xAC-\xFB�\xFC\xAEoÓ¼=\xC7�\xAE:�\x88`�@\x84\xB7v\x92\x87\xBAYM�\x92
-p\xDFȑ\xC58\xBD �\xF7\xB4_GF\xAD\xA8\x8AǼ\xD3�\xAFJ\xD2R\xEAW#\xD5�\xC4\xF7JkC\xE2�\xC1\xCC�;Z\xEF`\xA5\xD7�\xA6g\xA03\xB7u5g\xCD=@v\xF3\xC4\xFE\xEB\xE3\xE1
-\xD3]V�\xED5\xC0;��R\xB2\xE4\xAEO%+͉\xD8=K#c\xAC�\xED\xF9\xFE\x84\xF4�\x87\xB3;_(\xA5 J&\xA7sá œ�0O\x8Co\xBD�x\xFF\x86�\xBFA\xD4M\x98\xDE"}N\xA5 i\x91qz\xE4�\x9B2\xF8S%$\x8F\xA1\x84\x98=\xA0�F\x94\xB3z\xC2ï“A|�\xA4�\x80\x89\xC4�\x82|c\xCF�\u�\x92/\x97\xAE\xB8s\xA5\xD8'10i(\xCA\xC3d\xDB"�\xA4\xE4L��%\xFCY�\xA0BI^\x84\xC0\xB8(\x9F\xC8�/\x832\xBA4�\xE6�;t�\\xF7�\x864�\x81\xAE
-�.>\x81\xD6Wl6O\x93\xF9�,S\xC5:\xFE\x9C|\xA73\xFC\xF3\xD8\xCAS1\xA0\x89\x84��锌\x89\xAEz���h\xA5�w\xCAÐ¥��]|\xFE\xBC4\x86@\xA6W#\xC7A\xB7\xE5\xB6\0O\x9CP�\xF0P@\xCCX:W#\xE8\xB8\xD4\xF1\x8F\xF9IUPaz�SX(\x83�)KF"\xEAj\xA0&C\xF9 \xE50x\x94}\xACÈ€\xC6�%-\x86��Gh+f\xC5�;\xF4\xD4\xFE[G4\xB4\x9Dh�\xFE�4\xB2Í°W\xBBv5\x80\xA3\xD194\xB6\xBD\xEA*\xA2�\xCD\xC1�\xB1�B�Z�u\x83\xCCu\x9FoFYAMGf\xCE�\x92�w\xA7H\x93\xC9\xC1\xD7/\xA4'l�\xA7\xEA\xFC\x90\x83\xEAL\xC9\xF3~+�u\xFECC�"\xA6\xE0��.Æ\xD3\xF0\xECG,s�\xA54>%\xA5x\xA4\xA3UW�\xBA\x9F\xCEf\xAD\x95c1\xC5�\xA8v\xE1\xC0\x92} \xA5N\x80\xC8\xD9F\xBCf�!\x94\xAAp\x83k\xA6\xD4\xD1L��!\xB7\xCDb5\xDC�\xA7\xF7$�\xFE`�Ka,\x932\x9C陘\xF40\xA3\xA9\xB0\x8F? �\xE4� \x93�Z��[�9\xDC\xCD
-\xFA\xDC�{\xB0�\x9Ft\x88\x9E\xF8\x84\xF3v|Ob\xF1\xF1P�1\xC2C\xF8\xF6����\xE8\x90Z\xB8\xD8�[_U9*\xF7wE�\xAE\xF3^\xFF\xF2\xCD\xFB\xEE\xC4\xCE\xCFS4m\xF3%\xA9>\xEC\xA2 )\xDA<\x9E\xDE\xC54\x91G\xD5=C\x91\xA6\xABaO\xDA��I\x9D\x9E�P\x91\x86�\xACI"\xAF\x95\xF1\xF94\xA0\xF8.\x81\xE9\xCE\xE7 \xE9x\xB2\xAB\xF7.\x971\xEA�\x92*T(\x88\xCD\xD3\xFF\xE35\xA6>\xBAQx]*\x9D�\xECP�\xF5+\xFF\x92\xADNb�\x8E�\xDB�
-\xABÒ£3X\xCB $\xB4t<\xA2,YPÄ:�L\xBE� O*\xE2^v\xC5T\xF4/M� �\xEA\xA0\xEE\x8Cuò²‹±\xD2W;\xE8�\x8A\xE5\x8C\xD1b2\xF9B\xD4\xF8
-\xD9cU\xFEI���\xF1w\xB4\xE7f\xF6\xFA\xF6\xFA\x87\xB7\xAF�\x8DUA\xB2$\x90\x8B at d4\x8A\x86\xEF~\xBCv�\xD5\xEC\xEE\xE6[\x86\xFE\xF5\x96N\x80Ý£\x9C\xA1�\xF2�\xC8\xFEО\x88\xC4\xDF}\xB2\x8A\xD2vh�)\xCA�&[\xAEJ \xA6\xAB\x98M\x9E\xE8\x82h@\xF6aÓ³R&M\xEC\xCD\xF1\xC8l\xB9Y\xDC>54u\xCE\xF4\xE5;>h\xD8\xEDKH\xAA\x98�\x99\x8E\xE2Te\xD3\xD2g�o)\xA4\\x8A<\x95\xB1\x9D\xA7\x82aÙ¦CG\xAC\xEF5Ô2y\xC09\x96b�\xAF\xE8�\x95� \xF7\xC3/ÔŽ\xEA\x9D<ꃫ\xEABW�1\xA7
-\xEC`WA\x8A�\xF5\xC9\xF3\xF582\xD2��\xFE\xC0\x98\xCF9�\xCC7\xCF\xDC\xCC޶\xF3M\x8C\x8C\xAE N�\x93:\xE5\x93\xC4\xD4g�\xDA_\xF3�\x80�\xCDu2\xB1@\x9D0�\xB0_\xB9\x9AT�\x81\x87�\xC9ْ\x9B\xEA\x92o:\xE6\xA4\xCBHЌoi!\x8E,\xAB\xEB4\xB8\xAB�Tz\xB2\xE9zV\xFF�\x96N{\xD6Jf\x86Nb\x87\xF7�\xFBW\xB3\xA6n\xF2D&3\xE7Mg,\xC2\xF9\xB2\x8F\xD7�/\x8B��o�p\x85}�\x8E\x8FRcp\xF57+z\x9B�\x8D@
-\x89P\xCD}n@\xA9 r\xFC\x83v\x81a\xA2�\xB1}q�\x90M\x9B\xEF9\xEE�\xEE\xFE@\x993}]�}9O!��\xA3�\x85\xECX"B\x8D\xBEg�\xF8��zPТZ\x86C1\xFF�8\xFA|\xE3O\xF97\x9B\xFAy\xFC]W\xEF
-Dr\xD0Y\xFA�\xFB\xE98\xC6�E\xF4ȵ\xEE9'\xDDȇH\xA5\xE3$5\xF6\xE4q2U*t\xECJ,�\xD5\xD4>\xE7\xCE�h\xBEP\x81 at N
-WN\x9Cq\x82Gb\x88\xA6\x9A\xB3C\xD4UK\x96iC'v��b\xC2��\xD7<\xCDt\xFE\x94\xA8Ȥq8`\xFB\xF9\xC49\x8B\xED\xCEY&\x8F�\xF1�Uf\xC20ϧ\x86�\x9D!\xBB\xB3{\x90\x81i'��k\x92f\x9FAۑ�\xD6\xF1\xC9�\xBFT\x82\x93L?\xF3V\xDCH�i\x8B\xF0\xE6\xE4ʟ\xA4�\x8Bt�\x98\x99\x84\xC3{\xEC=mt\xC0Nr\xA7�\x94\xAFr\x8A\x97$\xD9t\xF5)\xD1�\x92u\xD7*?gT2ez\xB6a\xF3\xE4jk�A�3;�\xEA\x95�Pݺ\\xA9\xFA\x89�\xC34�\xBF\xA6k�n�\xFF�\xC9g\xEA\xF9.\x97\xD6'\xEB\xA1I\xA4cm?%%\x98EE\x89\xB5\xA3�"]x\x95r(`N\xDF겑LSs>\xDBSbxW��/V\xA86+*gS8`\xBCj\xDA\xD4G\xB8��U�\xE1\xFA\xE4\xF4\xDC\xE9*\xDF,\x88e\xC6Z�\x9DX\xEB\xA1�E\x84\xE3\xA1�\x90\xD3�v�;\xD0�\xFE\xC6Si8\xA4K\xDD\xC68Ù\x89�ⵑ\xB8\xFA\x94\xFA\x93EE�@zp~\xFC\x84q\\xF35
-\xBENQ\xFC\xAD\xF1\x97�\xFF(\xB7\x87-_�\xE0s\xA4\xFE\x8D*o\x87Q\xB6�\xFD\xF4`\x93\xAB\xB6\xBB\x80q\xE2\xA7��\xCF\xCD\xF4\xD4��D\xF8m\xC2_\xFE\x99D\xF7+\x90\xD8 �\xAD\xEA~�1\xA8\xEA\x8A8\x82pFz\xA2\x90\xC32\x96c\xD2\xC3�*\x8Ei\xFF�1\xE8
-\xC4endstream
-endobj
-2426 0 obj <<
-/Type /Page
-/Contents 2427 0 R
-/Resources 2425 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2408 0 R
->> endobj
-2428 0 obj <<
-/D [2426 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2429 0 obj <<
-/D [2426 0 R /XYZ 85.0394 751.6872 null]
->> endobj
-2425 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F53 1313 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2432 0 obj <<
-/Length 2037
-/Filter /FlateDecode
->>
-stream
-xÚµ�\xCBr\xDB8\xF2\xAE\xAF\xD0m\xA5\xAA!\x82�A\x82G%\x96\xB3\x9A\xC9\xD8^S\xD9ÚL�\xB4�I\xAC\xA1H
-I9\xE3\xFD\xFAm<H\x91�,';\xB5\xA5\x83\x80F\xB3\xBB\xD1\xEF�\x99b\xF8\x91)�P�\xD1h�F>\xE2\x98\xF0\xE9\xE60\xC1\xD3�\x9C}\x9C�\x8B\xE3\xB5H^�\xEB\xFDz\xF2î–…\xD3�E�
-\xA6\xEBm\x8F\x96 at X�2]\xA7_f\xEF�Cs\xA0\x80g7wq\xBC\xFC\xE0\xDDķ\x8F\xF7\xBF\xFE\xB2\xFC\xF7\xDC#\xA1\xC0\xD1l\xF1𰼻Y\xFDk\xEEQ\x8E��\xB01\x9E\xFD\xBA\xB8\xFB\xBC\xF8d`�\xF3\x88\xCE��\x97\xF1\xFC\xEB\xFA\xE7\xC9r\xDDI֗\x9E`\xA6\xC4\xFAc\xF2\xE5+\x9E\xA6p\x89\x9F'�\xB1H\xF0\xE97\xD8`D\xA2\x88N��\x9F3\xC4}\xC6ZH>\x89'\xFF\xE8�\xF6N\xF5\xA7Nm�\x8C(�\xA8C�\x94\xBA\xD4\xC1#�0ʴ:\xD6{\xA9.\xF1\xEE\xD6'=T
-�}?�\xFA
-Ç«
-ʀ�\xE1\x88S*,Jyl\xB2\xB2\x98{\x8C\x8BY#\xF3\xBC\xFD\xA2O�\xAE� �\xD8/\xF6e\xDD�$�\xF59S�1\xBF%[\x94\x8D\x8Bu\x80\x84�\x86�\xA7)
-\xDBZ�\xA9� \xEE\xA4�\x9Cd\xF5ba\xE5\xE0,\x9A�\xF2\xCFÆ€\x8A\xE4 kY=\xCB\xCAì³\xF9O\x8A\x97\x96\xF2\xF9\xB0\x9A�1\x93\xF5\xB1,\xD2\xDA@\xBEe\xCD\xDE~\xA0d\x9Dz\x84F\x883!`EP\xC49\xD5b\xC6\xCB\xC79\xE7\xB3\xDE\xCEC\xB6XYO:\x93\xAB\xE5O�\xF4m\x9Fm\xF6f\x99\xD5\xE6_�}F�aj�(\xB7\xE6\xBF(\xABC\x92\x9BuÝœ\x9E�\xD4\xCB\\x8B\xAF Or\x9F<ge\xA5\x84 at Z\�b
-�\x9A\xA5W\xFC\x81D\x88�a\xE7��\x97Q|\xE4\xFB\xBC5\xDC&)Z\x86\xE6\xFFT\xCB\xD4^\xA6\xB4b\xCAft\xBB\x83<\x94\xCA^�?\xD9Yp*\x9FN\xBB]V\xEC\xCC\xF67\x8CY\xB2\xB3�\xC6Y\xDFwX�>�\xB4\x8EQ\xC9MY\xA5�Q�G"\xE0Ü¢\xFD\xE4\xA0䃧�f�\x8C(�2�\xB1\xB0\xF3\xE7\xA4H�\x84 at q\x8C\x87-\xA5\xA6J6.J\xE00B\xB4\xAAC]\xE8tî³z,b( �\xC2�.\xE93l\xA2wusg\x94�~x\xB8\xD7�\xB6v\xD0��S�;lR\xE0j\xEB\x88N�1\x85\xC5Ep�\xE5$\xE0ØŒ\xB4H\x89rO�\x82\x8D\xA5\xB26\xF8\xDA\xD3)\xCB��4a\xA1\x80FH \xFD\x869ΊFVE\xA2\xB2E\x92g\xFF\xD1N�GiyH2KD\xC5#\xA0�sR\x9F\x8EDzjTpP\x96Y\xEAÆ¿ 9\xD9l\xE4\xD1�\x95 �\xB5\xAC>\xE6É‹%W�\x9E L�I4\x84l3\x88\xCBE\xFCa\xB5�Ì\x9C\x85\x80\xB5N
-ȡ'\x821\x8A|\xF6\x96\xA6(\xC2A\x97\xA2\x92\xE3Q\x87by\xAC\xB2�\xD2\xE3\x8B\xE1\xB1)��̦\xB6\xBB}�\xEE\xD1\xE8H\x85\xAD,6ej\x9C�v:\xCE�"\x9AՓܖ&\xD6\xCD^\xA5B\xF5\xA9MG�a�E\xC1^\xDB\xF8@�\x98Ad3�\xE4ɺ1 �\x9D\x81P\xC5\xD1 \xDA\xE4\xA7֥\xFD\xB7\xFA�A\xC8lg@�zG}C\xD8n͵�\x96\xB6�\xF4\xA0K\xA8:�y,�\x95Gꃗ\xF2\xF4\xB7\xD4 \xE7\xD9\xEF\xB2/�\xFC\x9F\xAA \x816\x80\xECv at 5\xB2~\xA6D6.ӥ\xB7\x9E\xB5\x95\x9E<FAE\xA5R�\xA3Ԋ\x9C\xD4e�>\xC6�\xDC�\xBC�\xD3B\xD6�\xB3qgD\x88Y�\xD26\x89(ޣ^\x80b�шG\xD3 P\xA12G\xDF\xD3
-PU"\x85\xBB�\xF0:\x8A^\x9F\xA4.\xF4\xA3\xEA�"
-�\xF2\xCCY\x89x\xB3\x8A�\xEF?-�\xCE\xEAs\x84}\x9Fګ\xC8\xE293f+�\xB2h\x8C�\x9E�\xF0ܧ\\xAAf�\xC2p\xBD\xB7\xCA\xD3:\xD7\xFA\xB4:כ\xAC6\xA7\xE0'\xEA\xA3\xD4B\xB7�j�
-\x86\x8984"\xC1\xD01[N\xC3
-\xD8�\x8Bo{\xC85\x8E\xEC�-
-\xA1o\xA7/\xC1\xBB*V\xCD\xC5\xECT\xD4\xEEt�\x99�\xF9!�\x87\xE9\xF6v\xF5\xC9\xF4|#\x85\x8F\xF2\xEB;\xD9l\xDEU\xBA\xEE"\x88\xF1\xAD\x8B��R\x8E\x97Ks\xBFŧ\xF8\xFE\xED�\x9Ef;\x95L\x89J\x93\xB6mP\xD9 U@\xA1\x80\xBD[\xF9\x88\xF9A\xCBӧ\x88�\xC6\xDBN�Z^�\xBDmZԵ\xDCxi\xBD\xAD\xCA\xC3\xEF\xF2\xA5\x8D�(\x94A\xC8�\x8D}\xA7\xB2\x8D[0\xD0}$\x8C\gB&\xF0�1S\xB5)
-\xCDʴ\xDDv�\x9B\xFF\xC7G󿓅\xAC�\xD3J\x9A^\xA1̿G{/Ey\xAC\xB3z�\x82\x8C (\xD0�\xFE!�\x88{\x98\x80\xA3\x88rU\xA1ݽ\xB5\xFA�\\xB4O\xE22\xE2\xDAֺ\xC3�)\xC3*" ]\xF1\x9E]}�U\xEDt\xD46
-9\xF4x\xB9\xAB/W\x8DB\xE7\xC1_[\x8A\xA4[\xD1n\x958\xB8\xA8x\xF3\xBB\xBE&\xC9w\xAE\xC4&`\x84\xC0\xC1\x98E\xEE 7\xEC\xA3li\xBA\xA48D\xB3�A�\xDB,\x97\xAFZ���\xD9\xC0\xD8\xC1b=�W,\xD6b\xBDn1�~P\xCF�3\x98\xC8:;\xFD\x90\xA2y[\xD1�t\xB6\x8D\xEA\x94/\x89r�ZyN\xFE\xDF\xD6\xFB\xE2\xD5\xDDjã &,\x849\xF3\x87\xB9}\x93'u\xFD\xFDn\xBD}S\xEAÖ…\xC6\xF4`\xD2T\xE3\xF7\x88\xDE\xE2\xEB\xB5��8
-9\xE3\xFFK�\x82\xDF�\xE7\xF48\xAC$TM焌*\xC9\xCD2\xFE\xF0\xB8zX\xAF\xEE\xEF�\xD5l\x9C\xED�\xE9y\x94\x86�G&$\xF40~j\x8E'\xDDVRn\xDB#�\xCCnd.wmn\x85\x838\xDB�\xBA\xB1\x83\xB5\xAA�7\xB1m\xBA�\xB7��Oz\xB1\x91�\xCB at 7\xA6\xD5L\xCF_>>\xB6u�>M,߶\x8B\xB2x\xBAi\x85\xE3\xC7\xDB��\xC0�.\xCC\xCANNS\xCF^bа�|(�>Ǒ-u\xBA\x89�L\x8E\xBB\xECYڒ�\xFAQ2գ*\xF8j\xED\xB8\xD7F\xB8|ɱi\x840�\xB8"\xBA\x9Ek\xFAX\xE6\xE1ŕk:,=D\x931\xCB \xA6Έ\x88\xEB,[$�˾?�\xB0�aR�\xB0\xFCܾ�\xC4_x\xC4,\x93\xF1��\xB4�f�P\x87\xF9\xAE\xAC`\x8E;\xB4\x937\xC7g<\xB9MNy3z\xA8(\xBBiߎ\xFFe\xB3\xBF\xE4Y\xA4g�\xE5Ag*\xA7�\xA0\x99\x85\xAE\x8D\xBFa\x80�\xD6��\xB4X\xDA \xF4U�\cy6\xC0�K\xA7�\xFA,��\x80\x8B\xFF\x88 ^UP�\xCD~�\x90\xEB\xFA\xE9!\xBD\xAE\x9E�Ik\xA7\xADk|0\xFBBu\x8E\xF8\xB9\xACY\xEF�IF\xA0Ѧ�\x9A\xE7k\xA2uH\x97\xB2
-\x9E\x95h\x80\xD4\xDBT_\xB6�2٦1Úy\xCFc\xA2S\x9A�\xF6\x94\xE6\xF10\xB0\xE3
- ='\xF9I�\x9Cr\xEB\xAC\xC9!
-�\xEA\xBC\xE1\xF855D$\xA4m\xA5=\x9CZ\xDEO\x96UY\x9C�\xE9� \xEAL��lm\xFB\xAEs�\x85 ÆB2,\x98�?\xB1_Ù€\xB1\xB9\xF0\xE3}\xBC\xB6O\x81\xD5Ù·\x98\xF0�\xDF\xC0\xDE��\xF4\xB1X\xA9\xA3uD\xAD�\xEBI\xF7\x84 \x9BMÒ¢dE-\x8B:k Å¢\xD7Þ»\xA1*\xABGj\x87\x9Dq\x97z\xFF\xF2[\xF8\xF9\xD9\xDF���\x82\xBA=\x86\x86P:#X[\xA1\x94�\x89O/\xC3Ǿ\x9A_\xCA\xFE_\x9F\xA0\xE9\xB5endstream
-endobj
-2431 0 obj <<
-/Type /Page
-/Contents 2432 0 R
-/Resources 2430 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2408 0 R
->> endobj
-2433 0 obj <<
-/D [2431 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2434 0 obj <<
-/D [2431 0 R /XYZ 56.6929 684.0716 null]
->> endobj
-2435 0 obj <<
-/D [2431 0 R /XYZ 56.6929 572.8605 null]
->> endobj
-2436 0 obj <<
-/D [2431 0 R /XYZ 56.6929 509.4701 null]
->> endobj
-854 0 obj <<
-/D [2431 0 R /XYZ 56.6929 470.2699 null]
->> endobj
-2437 0 obj <<
-/D [2431 0 R /XYZ 56.6929 433.5878 null]
->> endobj
-2438 0 obj <<
-/D [2431 0 R /XYZ 56.6929 401.47 null]
->> endobj
-2439 0 obj <<
-/D [2431 0 R /XYZ 56.6929 335.1577 null]
->> endobj
-2440 0 obj <<
-/D [2431 0 R /XYZ 56.6929 244.1508 null]
->> endobj
-2441 0 obj <<
-/D [2431 0 R /XYZ 56.6929 168.8052 null]
->> endobj
-2430 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F39 1161 0 R /F53 1313 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2444 0 obj <<
-/Length 2161
-/Filter /FlateDecode
->>
-stream
-xÚ¥Y]{\x9B8�\xBEϯ\xF0\xDD\xE2\xA7c\x8D\x84$$z\x87�\xA7\x93I\x9Av\xE3\xB4;;��\xC4\xC8 O1d�N&\xFB\xEB\xF7\xE8��&Nf\xB7\xBD@��\x9DW\xE7\xBC\xE7C�\x99`\xF8O&\x92#Lc6�1C��>YmN\xF0\xE4�\xDE}<!Nf\xE6\x85f]\xA9\xF9\xCDÉgTLb�Ga4\xB9Yw\xF6\x92�KI&7\xD9oA\xF2\xE5\xCB\xE2\xEA\xF4\xFC\x97\xE9,\xE48\x98\xA3\xE9\x8Cc�|J\xAE\xBE&\x97v\xED\xCB4�\x83\xE4\xE3b9\x9D�!q�BT\x8BE88\xBDZ.��f\xA7˳\xEBÏŸ.�\xFF\x9E\xFEq\xF3\xF3\xC9\xE2\xA6E\xD6EO0Õ°\xFE<\xF9\xED�<\xC9\xE0�?\x9F`Dc\xC9'O0\xC1\x88\xC4q8Ùœ0N�g\x94\xFA\x95\xE2dy\xF2\xCFv\xC3\xCE[\xF3\xE9\x985�\x97\x88\x87,\x9A\xCC at 8b8�\xB7�F\x98\x83
-f\x82a$#�\xB56�ɘͼ\x94\xB6\xD9\xECB�\xF4\xC73\xCE;\x92�\x90\xF1�6\xD7�Y\xBEU\xAB\xA6\xDA>�-Bx�ȣh\xD2U{ \xAE\x95�A�vur\x81\xA8\x90}t\x97U\xF5\xDDzn]m\xED\xE0\xBBz\xB6\x83\xDF1��U\xFB \xC7 !X\xF0\x83]\xC8\xCBV\xBCV\x8D�o\xAAL\xFD`\x8F˺\x86!\x91@\x82\x80\x83\xEC\x81\xED'3+\xD8\xC3\xC8�\xA2\x94J'\xE7 \x80j\xD2\xEA<ܜ2��p\xEF\x881�\xBB\x83\x8B\x81\xCE\xD4I\xA2��:/��t\xA2\xF45*t\xA4\x8EP\xC1K�*\xACG\xA8�\xA3HR\x8F~\x9D�\xEA\x80�D\xA2�\xACr�W+5�\xACǂ�xN\x80\xF0=d\xBFV\xA5��G\xDC\xD9܎\xB5;\xDFOg\x94�\xEBmXz(ҕ{[\xAD\x{DCF9}7�\x91vk\xF7\xEB2\xDD(͕(\xF6"<H\xB7S"\x83\xBB\xDDF\x95\x8D]\xC9\xEB\xC1.\x90&\xECJVmR\xAFV\xEF\xD5ךZ\xE9\xFFh\xE0`00 \x9C+\x92\x91\xB6�\x8A9�͹6i\xDD(\xE05\xC5��Qƒ\xA7\xFB|uo\xD7Wi\xA9�ap\xAB\xEC\x82\xC1\xA8\xD2̮\xAEʹڌ\xD2�k\xEA\xC5�\xE7
-,��\x8Fu>\xF3\xAC\x9B1\x80\xBE\xB6\xBA̱\xF5\xC0�\xC4(\xB4g\xD5k\xDA6z\xA5�\xAAݫ0H\xEB1<�Ƙ\x88\xBF\x83\xC7؃i�\xCE
-ycum\xD2\xE7\xD6,\xC6\xC0�Re\xC4H\xE8-lKB\xB5É›Fe/�S\xC49bq$\x8F�SW\xEA\xE5`j\xA5L0%C\x95q�uC\x88\xE3*\xBDЈ\xCA^\x98`�e/\xEE\xAB</W\xC5.\xD3D\xA4q\xF0\xEB\xF2\xE2�\xB5�>�\xE3\xE9Ñ*\xD56m\xF2\xF2\xCE\xCEO\x97\xF6i)\xB5\xAA\xCC3\xAB\x91\xB6\xAC�\xFE5\xE5� \xCD}\xB5k\xACXs\x9F\xBB-\xAB\x87&\xAFJ�>�|UY<\xDBe\x9D9\xBDNC`=\xBCO�\x95\xFF^���.\x96�v�HO\xD3;\xE3@\x89$�\xFD\xF0h�\xF7S^�v\xA4\x83@?WU\xF9\xA8\xB6\xE0Y;m*\xFB4�\x82\xE7\xE0 at v1-\x9D\xF4\xC36/
-)\x80[8\xF8Z\xAB\xF5\xCEm\xEF\x8Eҩ�\x96\xF8\xFBz\xB3\xAF$/s\x8A\x84H�\xF6�\xA7:RG8\xE5\xA5�\xA7\x8A\xD1�MB\xEEc\xCA%\xA5a\x8A\xA6\xA0\x94BI=\x8A\xAC\x95�\x81\xD6\xE3��l\x84\xC4}l�-\xB5\xB4}\xA44\xE9��\xA7\x97\xBA\xDF\xFA\xA6'\xC2y�V\xF3�\xB2\x9E\xCE_zb�\xA6\xFFBX�\xC2�\x84u*
-ips\xEF\xF6\xAC�\xD4*\xD7N \xA7�&�`�\xA2�9\xB0\xC3 <\x95HP�Z1Cg\xAD\xFC\xE1A\x95\x99r\x90�\x99 K\xE35\xBB\xF4�#Ý…\xD8l\x83)"<\xE6}ªÔ\xFE\x80\x80}J\xD9}a`�\xA99x\xE3\x97l�jǺ\xF9I\xEB<s\xAF\xBEi[\xA6E\x9E\xA5:\xF6\xF6m\x8F3\xF2\xBE
-\xB9\xBEv\xFA�\xEF3U\xAF\xB6\xF9\xAD�\xC0\xB8>sz�\xA3\xE4E2s\xA1\xEBp\xF8J\xB7Ñ•z\x99Ì\x94!s}\x90 C�=yx\\xA5��Q\xD9\xF5s��]D\xA2\xBEÊ‹A/\xF8\xDE�\xDF�\xC47�:�\xAC�\xAE\xEA6�0\xF5\xCDCWd\xD0<t�\xD0t\xBC\xEB\\xE2\x9B�\xB7W_kzغZ\xE5/{ \xD8\xCF0\xD0\xFF\xB8\x97:RG\xBC䥌\x97Vc\xD7�\x8CB\xE8R\�\xAD\x8A\xB4>\xF0%\xE4$\x88�)\x8F#k\xA5F\xA0\xF5S�x\x91a\xD2Ƕl�‹v\xB6\xD8\xDAP\xC9\xD4:\xDD��\xEF\x9C_\xE9\xD0Avr\xBC�t=\xE2\xEF#\xFFC\x81\xE0�Z��\xD3W\xBCÕ‘:\xE2-/e\xBC\xF58\xE6-\x82(�\xBE\xA1*Ô£*�\xBD�\xA1P@\xD7}�Y+5�\xAD\xEF-\x82B�\xF5\xA1-U3\xF4R\xA6nwww\xB6�\x81\xA9A\x86\\xCE\xD6\xF7
-\x97W\xD7p
-�\xC5D_!\xA9\x80\xE60\xB2w\xC3\xC5/ɧ/\x97\x8B\x91$\x8F'\xD0|#"\xA8�\xBC\xD1\xF9\xD14�$\xB8\xDD\xE5\x85Ƀ\xA1\xC7A\x82\xE5O <#\xBBj;�\xE2\x92h\xA7\xBF6\xAB\xFA�[{d\xAFц\xE6�3_U.\xD4_\xE9\xE6�\xA2uUm\xD0;\xE8pÞ…\x90\x8A\xF0�P�t\x8Ee�\xEF/\x9E{�\x91}\x92i\xB1�\x9C\xAA(\xAA'g3\xB8�T\x9B\x99/HP\xD9bƇ��\xDF\xF3<U\xBB"\xEB\xF7Py]\xEFT\xF6~\xE4@`@\xB8\xAF A\xAC�\xB3\xB2\xAE\xD5j\x96\xD5\xEBm\xB51\xF7\xEF�\xE3`�\xDA\xE7Û;ض-z\xF0\xE1(PÓ§\xB9RYm�\xB4\x9F-W\xF2\xEF\xEA
-\xC0\xBBȦ\xC0_\xAC\xA3ݢ\xD6~\xD6O\x8B\xD5�\xB9[\xB1�\x9A\x90Er\x9A\x88D\xB0\xB9<\xC5\xF3DF"\x8C\xE6\xF8C�\x8A$\x91<\x99\xCB\xF9\xFC4\x9Cæ�Z�x-�\xCE\xCE̹
-\x8E\x8E�>\xF0E\x82\xE71�#7\xEE\xB3\xFA\xEC\xFCr\xB1<\xC6iѱ�%=\xCEPw[�\xA9\xBD-\xEA�(\xFE\xF9]ij?\xCCn\x9F\xED\xB3\xE9|n�\xD0f\x94\x8Dɦ+\xDB_\x8C\xB5X�zt\xE6\xF3\xFEE \xFFл4M\xDF\xE5\xFA\xDF�h\xA8\xC21k\xE3\xC2d̮rȴ\x85Ek\x8E0%\x81\xB2SS���H\x81\xA4\x90\xA2\xA7߲\x9F��\xA9F\xC8\xFE\xE5o\x8F
-\xE9s�\xE2\x93ڢ\x91\xFF='u \xCAݒ|\xBFt늀\x8B�\xD8 �t5\x91\xB6n� ~\xA7q\x82�V\xF2a\xE9\xF7\xC5H\xE7''\xD8\xCD<\xB8\x93y\xFAW|\x8E\xF8\xBE\xFB\xF3\x8FK\xC3ޥn\xB6:\xB6��\xC0\x95\x9D\x85\xEC\x8D?\x8Cy�m,\x8F\x83\x86\xFBC�yR\x80U\xF7\xDE\xEE\xEF lc\xBD_\xC3�\xEA�\x8D1\x8A\xE0\xA3^�}H\xA6$\x8C\x83o\x8BD\xE7\xFD\x9B\xD7c)�m\xF1\xD4\xD6\xDAߕy�X\x9A�\xF9\xA3\xEA\xB5i\xBF\x87!\xEB9\xB5\xF2�\xACve\xA6ߺ
-�\x95\xDB"�v\x97=\xBD\xE5uS\xA37\xA4\x8A\xE5ba?I.\x97\x9F_/\x83\xE3\xFC\xD5L\xA0̿ԹB74\x9D\xD7f_�\xF7H\xA7\xAB�\xF5�\x9C\x9F_\x9D\xEAMp�\xDBG\x92m\xF2���1dC�\xEE�j\xAD앨\\xB9\xE0\xFF\x94\x96;\x88\xF8\xB4�\xAB\x8B\x91 at LDa\xCB\xD6C��I\xC8�N\xC0^e@�\x8D\xB8�\xA7�f\x82\xFD\xED\xED\xF4\xCD\xE8\xD5\xED\xD0\xC8v�\x95\xA4\xB7\x9D\xCDR\x94!AX\xD8/�\x8C\xE3x\xCC�0�\xF9q\xFE{\x99�-\x92\xAF7?}\xBE~\x9D\xF6\xE7e\xA3\xB6\xA5OK\xCBg\xB8\x94o\�\xFAP\x95u\xB5m\xF2\xDD楿\x82@�\xEB?]\x8C\xB4\x89\xB8E\xF8\xFF\x85d\xFF\xC7 &�\x952�\xEF7)\xD6\xD9'&�\x94>�at�\x9D\xC3ݟ\xCBP\x8C`\xFF/�)X�endstream
-endobj
-2443 0 obj <<
-/Type /Page
-/Contents 2444 0 R
-/Resources 2442 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2408 0 R
->> endobj
-2445 0 obj <<
-/D [2443 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2446 0 obj <<
-/D [2443 0 R /XYZ 85.0394 463.2352 null]
->> endobj
-2447 0 obj <<
-/D [2443 0 R /XYZ 85.0394 318.8302 null]
->> endobj
-2448 0 obj <<
-/D [2443 0 R /XYZ 85.0394 224.0131 null]
->> endobj
-2449 0 obj <<
-/D [2443 0 R /XYZ 85.0394 159.9229 null]
->> endobj
-2450 0 obj <<
-/D [2443 0 R /XYZ 85.0394 83.8775 null]
->> endobj
-2442 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2453 0 obj <<
-/Length 2556
-/Filter /FlateDecode
->>
-stream
-xÚµ�\xDBrÛº\xF1\xDD_\xA1\x99>T\x9E �\I"o\x8E\xAD$>Il\xD7r\xA6M\x93<\xD0"esL\x91\xAAH\xD9u\xBF\xBE�,\xC0\x9B()\x9D\xCE�Ϙ�`\xB1\xBBX\xEC�\xA2��t"�?PLMB%|I\xA8\x9C,V'd\xF2 k�O\xA8\xC5\xF1�\x92\xD7\xC5zw\xF2\xF6��'\xCAW��&w\xCB�\xAD\xC8'QD'wÉ\xE9{_\xF8\xA7@\x81L/\xAE\xE6\xF3Ù¹\xF7y\xF6\xFD\xC3\xED\xF5\xD7/g\xEFg_N=*\xA3(\x98\x9E\xDD\xDCÌ®..\xFFq\xEA1I`�l d\xFA\xF5\xEC\xEA\xDB\xD9�\x9C\xBB9Ulz\xF6q6?\xFDu\xF7\xC7\xC9\xEC\xAE�\xAE{ J\xB8\x96\xEC_'?~\x91I�\xE7\xF8\xE3\x84\xF8\Er\xF2��\xE2S\xA5\xD8du"$\xF7\xA5\xE0\xDC\xCD\xE4'\xF3\x93\xBF5�;\xABf\xEB\xA8B(\xF1��؈F�\x9DP\xE1s�\x8B]\x95H\xE5\xB3(dN%pp�'L\x8A\xAAJ�\xDES\xFA\xBAÜ”\xAB<\xBEOs}>`\xE2q\xE9�\xA1\xF5
-�\xAE\xE2U\xAA\xE7\x81:\xEB\xE8�\xB0\x98\xF2E Q\xD3]b\xA74\x9A:\x82F?���\xC2k@�p�xH\x8Bt�\xD7YY\xE0\xB8.\xCB\xDCr\x84\xF3P_I\xC9,K�\xF8\x91R\x91a9-\xCAu\x95U\xC3K\xE1\xD4�\xA3\x80O�
-H\x90vD\x89��\xC2$\xA8y\x8F\x86\xFD\x90\xD2`\xE2uI���:br
-\xD6P�\x8D��P\xB7g\xCF�\[�\x94\x87\xBE\x88\x84 \xBEzss �Np�Q \xA5\xC5\xFA\xE1\xF1_H\xF3\x87�\x8F����/\xE0�;\xCE�\xCAMV?\xAEF\xE8�\xA6�a`1�\xA2g#D\xFB"$q\x9D\xBE-\x97\xCB*\xADG\xC8��\xF4\xC1Å\xECb\x84,\x98Z\xE8G�\xFC\xD5kn�\xF6,\xF2\xB8\xAAF(\x83\xC9EQ4$|\xF1\xE7\xC8;;J6-�\xB2"=za
-\xC5\xE5Q\x8A\xCB<~�;\xB7\xF0E�\xB1!\xBD\x8F
-t9B\xB9\xAC\xFFM�:�x\I�KE\xFFn~xO
-\xDB\xCFG\xCD/\xC96\xE9\xA2.7\xAFc\xE6'\xFC\x80I:<UqTK�Ĥ\xFAu=\xA6y�\xE6\xC4H8\xA4y\xF3\xE7\x98\xC8\xFA(\xD9\xF5\xA6\xAC\xCBE\x99\xFF\xBE\xA8\xB7\xA3n�B\xA0\xA0"tWA[\xE6�#\xAC\x8FʼG\xB5�\xA2\x85\xCEr�z\xCFG\xE9\xE5\xE9\xF3hX�\xF7\xE6W��m\xE2\xE9\xA5�\x8F\xD1\xC0\xA7\x91�.�(\xB3\xFFb6?\xBF\xBD\xBC\xB9\xBB\xBC\xBEjv\xF5\xD3�\xA8\x83\x85to\x94\xDE\xCDqPJ��q\x97\xFE\x90\xD6\xD5)\xC4+\xAA3\x97\x85^ \xB0"T?\xA6�<d\xCFi\xA1Afù\x99uY�G1~�\x9B\xD7u]"\xFC��\x8C\xE4�\xBF\x96X\$�\xDCo\xB3<i\xD9#\xF0\x93�\x96\xA7�2[\x96�\xF4Z'u\xCFi\xBB\x89\xF7'\x91d\x9E.\xB6\x8E\x91M\xCC0M\xDF\xE0(\xAE𛤚E\x91&8\xCCl\x82\xBE\xFD`)A
-\x95vG\x91�\xD6�\xE1P|ق\x82FP*\x84\x98!\xEF�nj�22\xE5"\xEA8\xF8ȅ\xB0\xC0\xE7\x81\xC3)\x97\xC0H\x84\xA8y&�[P\xC0LV\xE1\xB7Z\xA7\x8BL\x9F\xC0� 0L\x85\xD1n \xA7\x8Br\xB5B\xD1a5\x87X�\xD5�'
-dt4V۪\xB6P\/��\xB3\xD9o\xE44�J\xD3Y\xFAOYXHߌY{ỳ\x82\xB9$!\xA1rcQ\xFF\x92po\xB74\xCA\xECEܧY\xF1Ы\x96\xD2\xC4\xFF\x8D�\xE9\xDA\xF8\xC3n\xDDj���\x9E\xC4�\x97@
-\x8A+0w\xEB�D\xD1\xEC\x9ArDvo\x96@=\xA6\xE4X9Ò•\x892
-U*\x84\xC3\xFDB5(C\xA9\xBA6B\xC1H��\xC0\xADT\xF34\x87�\xA45ɘ\xD51 \xE8|�\x9Bx
-\xB7\x82S\x8Dl\xC6
-\xA8\xB1T\xB3\xF0�\xE7[�\x96˱@FC(\xDBŞ\x92\xAB'�(\x8DP\x97\xF2\xACq�\xD9{G\xBEh\xF9\x98\xEF\xED\xFC\xEC\xEB\x85|c�2\xF8�\xF0
-\xFBf�(\xF3Og\xC6w \x9B^\xCC\xCF \xA2\x8AL\xAF\xC0\xE3y\xD1L\xB5�\xB8\xC8d`\x97q,)\xB3\xE3\xD9\xF9\xF9\xC7\xEB\xF9\xDDi(\xA6v\xC7\xEC�v\xDF\xC0�\xDC\xD7\xF8wG�c\xEDÒ¡\xF2H *\xFC\xD7:\xA5Dë´²Vn\xB4j
-<\xEE�\xA3E\xECP\xB2\xA2J\x8B*\xAB!\xA6\x8EƒK\xAD\xA50\x9A�\xA5\xFE\xAA\x8E\xE6ʹq�\x986\x81\xE0��f\x9A\xE8\xC3E\xC6S�D\xB3:Bܗ,\xCFq\xDA\xDC |\xB7\x95\x89�\xB0v\xFF\x8A3I\xBA\x8C\xB7ym m��\xC2�\xAEԣ\xC1\x8D�凄\xBAT\xEF\xF1�À\xC6-dM6,׶��\x9C³\x86�@Aȉ\xECk>k\xCE'H`\xA25�\xA5\x8D:�D\xC5j\xA8k��͜[C\xF7��\xCF\xCD\xE1\xF2\xE1�\xEA4\x86\x88\xE3�\x914\xF9\xE3r\xD4
-\xA2�*�z\xF0\x94�bFSC\xE8\x93u9I\x9B\xF0�`\xBF\xED\x8D\xEA!\xB6{\xA0 ¡E\xA5\xBC_�u�\xBE\xCDd\xF5c\[�\xEB\x98��\xED5\x9B\xD8j\xAD\xEE1]<\xB9T\xB7tV��b
-\xBD\xE9}\x96g\xF5\xABÛª\x93\xBE\x86\x8C�}\x9D8\xFB\xC6�b\xE7\\xD6)\xDE�}�\xD2�\xCAI�3H� L\xCCÆ’H\xDF�ݵ\xC7\xF8\xD1y*6\x85\xB4A\xAD\xAD\xC5g\xABu\x9E\xAEÒ¢�8\x80\xA1�Ú¼\xAC\xF9\xCC\xCF:d\x81 :��\xCF�sb\xA0\x98\xD8�3\xF49{,\x9D\xFEß¡O_|\xB2*\xDE\xD6%d\xC9l�\xE7\xB9\xD5Ue\x8A&\xBC \xBB\xCB{re�\xE1\xF1\x83\xBF/7\xB1\x90\x80\xA9@\xF3q0=u\xB1\xF6g\xA8�\xAB\xB5\xCB.Kp&\xA5ht\x98\xA5C�a\xD95\xF0 \xC0\x90\xD3>\xCBo�Ϙ\xB1j(\x9A\xD0p\xBCE\xBC\x8E\xEFs\x88K)\xCE\xF6L\x94\xE1�\xC3\xD7e|K�qÛ‚\x8E\x99r\x81R:5!6Ä \xA8\xF7c��P�M`\xA3\x9B\xB3Q\xCD�e��E{r\xE8\xEB�\xB3\x80\xB3
-C\x8D\xBD\xD5\xF4\xDF\xEB<[du\xE7\xBE�h�sܵ\xB7\xA5��t\xA9\xF5\xA6\xE3C\xADáº\xA6\x93\x95`�6\x95\xA9\x89\xC0\xFB\xAD\x87E>g\xE4\x98\xF5t\xB0�X\x8F\xC32\xD63�+q(\x94\\x92\xEF\xBC
-\xF4\xEA��![\xF2\xE8\xB0h
-Öˆl\xBD8J�$ �{=\xE1\xE6M\xFC\xAB0]�\xEDk �U
-\xE9¢\xB7\xE4\xBA�
-\xEFv!zV�\xFC\xEBuZ\xCC\xE7_p�O\xA8\xE3�\x98�\x83\x89\xBF\x9B\j\xA8A\xBC\xCCr}]z\x84\xA1RC7\x9F\xCF\xE7\xA1�'\xC1\x85\xFC\x88ËIU\xDB\xF5\xBA\xDCX\xF3\xC9\xEA\xDE=\xBB�R6�\x8Ab\xFD\xB4\xA8(\xD5\xD0^#\xA0\x91\xF4\x95`G\x8C\xA0\x8B\xB5\xDF��,c�\xF9\x88�@�\xC3d8|\xC9\xEBÊ¥\xA0�%\xE0I�\xE5rH#r\xF5
- \xE2K���\xEB�\x80�\xCDؖ�\xE0zQhn\xB4�\xF4ְ\xA1�`�g�\x84L\xF1\xD0\xE0\xC0\xA6\xA6W\xA5\xBBV�F �\xC1rY\xE3:^\x80\xBA\x8A-\xE9{\xCBkm\xF3N\x9A\x98\x94Oѥ\xF57.\xD08\xA0�$Q\xC4�E\xA5\x89`\xB1\x8D�\x8D1\x9A�\x84\xEEf`m\xE6o\$ZǦO\xEA�\x8E\xD8E\xA3\xBC,�ݮko[\xEBz�\x9A1\x879lf\x82\xFB2�\xC7̬\x83u\xC0\xCC�\x961\xB3\xE2h\xAC龄\xF5\xA2
-t?\x82D\xEA\xB0p
-Öˆt\xFD\x9E\x8A\xFA\�\xD6�\xAFgl,\x88l\xAC�\xA0|\x81\x8C\xA5A\x85oI8\xB9\xECa\xA9\xE9\x93\xCE|m\xE6
-\xA4m\xB8`\xC95\\xB8m\xBCᢡd\xA3\xEF\x81\xFD~\x8B\xF8Bq\xDEo\xB8\x80l
-\x91 e\xB4\x85>p\xFD\xE7\xF5\xD5�gt\xC4\xC3�
-�\xB1+9C�ÍŠ\xF5K\xCE&�+\xE6Z~e\x9Fh\xF4\x94&\xF4y\xF6\xFD-\xA0\xC1GGL\xF7\xCC�X\x9Ftoe\xD0�+\xF8ή\xEE.\xEF\xBE\xE3j+\x83¬ߥ�WU\xB9Ȭy\xC3\xD8Ö¤\x8A"&\x9B>\x96æ¤�-\xEF\x91r\xEF\xDB|v\xAB�˺'G\xAE�\xB3\\x83�× \xE1�P\x87 \x89z3\xE0\x87�\x8E\xE2\xF5ݧ.\xA7V->N\xBA\xF60`m{\xA8�7\xED!�l{�\x90i�G\xEB\xD7N\xCF8\xE6\xB2a\xE8\xB30\xA0\x87=\xB6\x83\xB4\xDFa�\x92\xF1\xD7\xF3\x9D\xCA�V ��\xF99\x9C]~];�\x99O#�\xF5\xF8\x9D\xF7{�\x9DfWe\x92\xBE\xC3�ß•\x8D\xB6�\x88m\x82.\xF3Ä«\xEA\xD7\xDC\xE6vW;ÚŽ_\xDFh\xB9\xAD\xDD�G5\xADch>b\x9B\xED\xDF\xDB\xE9\xA6
-\xDE}o\xE5��-rç ¿\xF7Þª�5}\xA6\xDA��\xF0\x98\xB63\xA5\xD0\xFD�\x8B|\x9B\xA48\xB0\xE9˼\xFB\xFD\xB5¹�Ú‰\xFD1Q\xCF$\xA6p\xC6̓}\xEET8]Aoe6'8\xB6O\xBB\xED� \xB9+{\xB6ä‚®\xE28w/\xB5\x80Tb\\xD1(\x89\xD1\xFE\x9Eߌ\xF5o\xAC|\xF4\x9D\x8B4�z\xFF\xF7\xEF\xC9\xED\xAF\xE7"\xF4y�\xB1q\xE3b!\xD4�
-`+\x94\xD6:�b\xD7{\xEC/ϻ\xB2\xFF��{\xC9Tendstream
-endobj
-2452 0 obj <<
-/Type /Page
-/Contents 2453 0 R
-/Resources 2451 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2460 0 R
->> endobj
-2454 0 obj <<
-/D [2452 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-858 0 obj <<
-/D [2452 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-2455 0 obj <<
-/D [2452 0 R /XYZ 56.6929 744.4739 null]
->> endobj
-2456 0 obj <<
-/D [2452 0 R /XYZ 56.6929 712.5891 null]
->> endobj
-2457 0 obj <<
-/D [2452 0 R /XYZ 56.6929 647.0402 null]
->> endobj
-2458 0 obj <<
-/D [2452 0 R /XYZ 56.6929 551.5126 null]
->> endobj
-2459 0 obj <<
-/D [2452 0 R /XYZ 56.6929 446.5077 null]
->> endobj
-2451 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2463 0 obj <<
-/Length 2973
-/Filter /FlateDecode
->>
-stream
-xڥZKs\xDB8�\xBE\xFBW\xE8f\xBA\xD6b�\x80\xE0\xA3\xF6\xE4\xC4v\xE2q\xFC\xD8س\xBBS\x939P�e\xB1B\x91�\x91\xB2\xE3\xF9\xF5�(\x80\xA2\xE8\xAD\xDD\xE4 �h \x8D\xEE\xAF_\xA0\xD9$\x80\xFFl\x92H?�i8\x89\xD3З�\x93\x93\xF9\xFA(\x98<\xC1\xDC\xE7#\xA6i\xA6\x86hjS}|<\xFAp)\xE2I\xEA\xA7�\x8F&\x8FKk\xAF\xC4�\x92\x84M��\xBF{g\xF7\xF7�\xB7\xE7W\xFF>\x99r�x�\xFD\x93\xA9��\xEF\xE6\xEC\xF6׳\xAF4v\x92r\xEF\xEC\xF3\xC5\xC3ɔ\xC9$\x89\x80(D\xB2(\xF0\xCEo��.>M\xAF/~\xBB\xFCvw\xF3\xF5\xEC\xE3\xC5ד?�9\xBAx옳/\xC0�\x81\x9C\xFDy\xF4\xFB�\xC1d�\xF7\xF8\xE5(\xF0E\x9A\xC8\xC9+\xFC�|\x96\xA6|\xB2>
-\xA5\xF0e(\x84�)\x8F�\x8E\xFE\xD1mhͪ\xA5C�\x91"\xF1e\xC2\xE3�\x89pnI\x84�\xD0�\xA3I,S?�\(\x89\xAC\xB37\xB8\xB8H\xBCYNm\x93\xB7؉\xBDv\x95oNX\xE2\xE9\xF1\xAC\xA1\xF65/K\xEA}�dð¼•\xC5<k\x8B\xBA\xA2\xC1E\xD6\xE6\xA7\xD0
-�/\x9B\xB7\xC5\xCB\xF0T\xDE\xCEa5�\xC1\x8A \xF2\xAE\xF37\xBDy\xBB\xCA\xF4\xE9E5/\xB7\x8B\xDC��M\xB7GF=\x9Bq\xD0�\x88bʘ\x9FJ\xC9Õ½`}\xBD~\x86\xD3geN\x9A}-\xDA�\xF5\xEAr�WSÝ—|\xD3 \x83\x8D\x9EXj`\Ýž\xFF\x9D\xBA �\xDC\xFE\xC3e\xC8,Q\xF2@\xFAI*C8��\x9B~"�WÜ¡�\x862\xD1$\xF5\xB3��\xEC\xD9l\x9F\x9FI\xB4M\x937\xDD9k�N\x81�H\x80n\xCC"?\x88e<l�\x9AhjS\x91\xF6Ù=�*\xC5\xF8\x9C�\x97\xD2\xC1\x89\xCF�\x80\x88�\x9F\x97Y\xD3\xF4�c\\xFAh�\xE3\x9CuT�\xAC9\x92�\x80\xFD0`.oW\xD5�\x91\xA5��
-�
-\xD5Ë©��\x89�\xEE\x910\xE7\xB5j�49\xAF\xAB6+\xAA\xA2z\xEA\xAD\xFA\x91\xBFQ\xA7Y\xD5\xDBRS\xAF\xB2\x97Ü¡\xE3^\xF3\x9CÏ‹\xEFA\xC0s\xB3#JBA6\xF1\xAE\x964VÕš)E=UH\x9Cr4å¹\x80\xA4\x9DNI\xDB$TÕ½\xBA\xA5\xB6п\xB7M\xBE8�\x84(\xE6\xBEd\xE0%F\x81`S��BG\xA5\x80\xB0� �\xB8\x89D��,\xCB\xECi��,�O�\xDEi\x94\xAF\x8Ej\x801��\\xF8���\xE5p\xF6\x80\xFEH�!)�;\x8EbD Q\xB4�\x98S\x93EÕ£\xDEM*B~¼\xBC\xD4�\xD1\xDE�b\xF0\xED� U\xD0\xD0o�X\xA0\xFB0�Þ£\xA1\xAE\xAB\xF2Í¥{\xAA\x8A\xBF\\xAE�\x82�\x83\xABEI\xE4B"\xEB\xFC+\xE8\xFD\xFA\xE1\x9A:\xE8V\xAF�F\xE1\xC7C\xF1\xA4!\x8C$\xF9�zM\xFA\x91U�\xEA|\xBB\xF8\xE7\xDD\xF5\xC5a\xC8\xF0�%\xFC\x8Eï°©F c\xA8�d>\xF7\x8FL#?\x92`\xBD\xA3G�\xA2\x81#\xDD`\xC5 4\xB1{\xE4\xE7\xBC\xCA7\xE0�\xB4�\xA8A{f\x8CyÚ´fÛ–:\x8B\x9AZ2Q\xE8\xA8X\xD5\xE8�P\xE8\xC1Z�\x82��Ý�E\x8B\xD6\xCE�и\xB1NÛ\x9B\xB1\xB1P3\xBD\xEFikzvPS2\x8D}�11\xAE)\x9Bê°¦:*\xA5\xA9Õž\xA606\x85\xEF�i\x88�\x8E\xB45\x95\xA6~\xC8e\xEF\xC8\xFBMQ\xB5\x8D\xA3'p\xB7\x9B\xD6�\xC0\xF5:Û¼\xB9A\x97�o'\xE3\xA6'82\x96\xA7\xED:\xEF6nk�v\x9D\xD0�\xA6>\xE7 �r[\x8B
-b\xEC|
- Yn\xEAu\x99\xCD\xF2r V\xA7�\xA8�Ȉh\xCDa
-E҇\xEC)}GC�Ո\x86�\x95\xD2\xD0\xF5P�\x86\xD4O\xA6\xE6�\xC5&\x9F\xB75�\xAD\xEF\x83%\x87\xD40\x8Aƙ\xEB\xA8�\xB8s\xCCN\x82�\xE3\xC4\xE5�\p\xD3\xD3�\xB0C.O\xB1\xA4\xCD@\x83U\xCCW=\xF2�Ɵ\xA1�.M\xCE\xE3\xF8\xBFV\x9B\xEB\xCC\xD8Цhۼ:\xAC��br�\xBD\xA3�\x8BjD�\x86J\xE9\xE2\xC7Ak�;rg-{G�Z\x8B}\xA4\xEB\xD7T\xF4\xC1\x8E�}\xB4Ѐne\xB2Wȉ\xB4\xD0M\xD0�XvX\x82�\x84Y�\xBF\x93L\xD8T#�4TJ\x82\xCFChf\x981��{\xDE\xD4m=\xAF\xCB=4\x87!\xE0N\x86\xE3\xCCuT�ܹ)x\xEA\xC7"\x8A]\xF6�\xCE\xC2\xE4z�r=J\xC75Kj\xEA%+\xB79u\x97�#\x90J\x93\x8B.\xE4`a\x98$:!\x80\xF1\xFE6\\xC5�\x9Cɨ\xA9\xB6\xEBY\xAEw\x9B\xE5\xEDk\x9EW4�h2\xF4v\xD8\xE1RZ\x9B\xAB�B\xC0]\xD2 vS\x88E\xBE̶%fH@\xAA�KRO\xD0OL$\xA8f5\xB5�\xCC\xDD�zp\xFE\xB9n�\x8AY8\xA1.\xDC\xD0�\xDD��\xA9\xF0\xC2!\xDB\xFD\xD2\g\xBD8
-\x81\xB5U\x89�L\xA8��ƾ]~\xA2�.\x85ԻT\x86\xA6mܪ\x8D\xEA\xF3f;\x9FCQTo�\xA36�c?�\xA5�G\xADMu�\xB5�\x95Bm;\x98�C�cbI\xFB\xF6\x9C�\xA5\xC0P\xB2\x84\xE3|uT�\x8C\xF5S\xE0@�`�\xCE\xECJ\x88�\xAF\xCA�\x96
-4\xA2B\xE8n&\xB0 \xBA_\xBB2�\xA1 \x93Þ¥z\x9C\xF0\xC8g\x81\xC9\xFD\xD7Û¦\xA5\x8Dg\xFA\xE8\xBA\xEA�}\xF6\xEB\xE3\x97Ow\xB7\x97\xF8|rJC\xB7w{\x83L�j
-\x80�e\xC7�${��\xE7`\xFB\xF6ά\xF5\x91<";\xC3N\x87z\xFC\xA1\xD20h\xED\xC3\xFC\xDD�\xF6\xA4\xF6\x89K\xA8\xF6iFE�lÍ–Ù¬(\x8B\xF6ÍͶ0_\xB5J\xF8\xFA\xE4\xACÍy\xC1tf�c\xEA\xD0�0w\xD1o\xB7\xB7�\xE7\xF2j\xBEy{6\xB9*l{�\xF1"e\xBE�"�G\xBCMu�\xF1�\x95B\xFCË°\x9F�P\xE5hÍ—\xF9K\xBE\xEF\xA4��<\x86Bm\x94\xB3\x8Ej\x805\xB7\xFAg>\x97\x91\xCB\xDAPʑ϶OO]1\xA48;,3 ���\xBE#3\x8BjDf\x86J\xC9l/�K��\xB6\xE8\x9D#
-\xD1\xC0\x91Nv\x90\xF8I�\xF7\x8E<+\xCB\xFA�\xDDp \xF4�$\xF69%U8\xD8%U8\x8A\xF8\xC2\xC1YN\xED\x93\xCE-�4
-R\xABh\xA2X\xEA�+M\xD9\xEDwuN3\xAF\xF4>\x82C�\xD0\xCAb\x91\xEBqU\xDE\xE00=\xCA\xE0�\x95\xD2�\xC1\xA8\xCDBD at e\xA1a \xA6\x82\xBD\xEAש۸N�\x99\xD17S\x9C\xB6Ô¥��\x98/L\xEE\xC3LJ\xC9\xE0\xA2��L[\xF9K\xFD�\x9FP\xA0r�U�4\xD5�\xD7��Ó…;\xF6\x9Al\xA9\x8F#\xBB\xE4Ú©\xC2@\xB1\xA4\xF6\xAD\xDEÒŒ\x95\xAE\xC2Â\xFDK\xD30�Yu\xDC�y\xFF]\x92\x9C¶\xE9�\xAC\xE2#vd\xC0tQ\xDFnN�\x8F\x9C\xAD\xAA}\xE6+S\x9F\xAE3(\xA8\xF2
-\x86\xF6jÌT�\x8A\xA9�\xF4\xB6\xAA\xF2\xF3\x97\xBA|�ɨ7�S8u�YN\xA6<\xF4\xD3 k\x840\xF0\x93\x90�ÃW7W\xB7\x9Fi\x8B\xBB\xFBÇ«\xBBÛ‡\x81p�\xB7\xE4\xB1�Ê„ {\xAE\xA3U,\xBD\xB9JQ\xE3\x90B��\xE4?w\x8F\x9F�\x9AR\xBA\x87)\xE2�:\x90\x80\xAC\xD5s�L\xFE�\xFFnn\xCE\xCFiF\xC9\xC3�\xFD\xF2\xE5\xE6\xE6\xE1\xC1\xA7I\xF5*�\x87\xBB}ܬ�Gf9\xB8\x90f\xE8\xC5X��WQs\xFC\xB7c\xECD\xFAL�\x98�#X�F\xAF�\xB1\x8E=0\x83\xBA\xD9\xE8k\xB5t+I/\xE6\xD8\xEAÛn`~I�\xEC\xB0xI\xD9\xE2\xBAww#\x9D\x8E\xE5\xB6X\xE7*{\x8B\xBCK\xC3ʼ\xAE\xC0<
-�"\xEAI=\xE1�W\x98\x81�j5~n1x\xFDe\x8DnF\xF1\xCE"o\x86\xF6\xC1b�\xE7a@�\x8BÅšM�h\xB6j[\xF4=?\x95\xAEa\xF2�,\xDAS2\xE2\xA1w\xBC\xAE\xA9+\xBC\xE3×®\xB7\xE8z+\xD3Sw\xC2\xD5\xEB\xC2�aØ¥c\xF4y\xB1{�\xA6E�-\xBE\xBDlI\xE6,&$\xC1\xE8[\x9Em4S\xE8��9\xF2Y�Õ€I\x92\x9E�OD\x92:<\x9C\xAE\xEA\xED\x86~,\xB2\xB7F\x89�\xB4\xFCT\xD5�2_\x98(\xF3\xEC\x99z\xEA0\xB4*M\xB7\xAE\xABv\xA57uOWC\xDDy\xC1\x81ã¬\xA0B\xF8a\x8E\xB78Az\xD3\xD7ITO\x9D\xEB\xA2�\xA94\xA7vI\x88�\xA7m�a\xB3\xAB^\xF0q\xEB_'�\xAE\xD6–\xAD\xFB^c)\xF8\xB4\xFFDc+\xC3z
-\xB3\x94a\xBD�4P\x8CV#\x85(K�\x9F\xA7\xE9;)\xBDMu8XwT*Xß¿[\x88\xE2G\xA9�\xF5R]\xA5\x9F\xE6DÜ\x92\xF7\xF8\xEB\xA8��tÒœ(\xF6\xA3�f��u\x9E\x93�\xD9Bi\xB4\xA0d�\x86\xD4Cc\xBA{Q\xC1\xA2\x8BF(\xF8a�eV\xD7\xD4\xCE\xF4&\xFA\xADSiš\xEE�\xF9���\x9F\xB3y\xEA\x9D-[�=Ô´r\xBA\x9A\x89S\x8C\xE4f\x8D>T\xA5\xEB2\xF6c.\xA4kE\xAF\x85\xFA.�s\xED\xE8\xB9\xF9\x84\xB70\xBF\xA8\xD5~\x8E+�\xF4�\x85\xBCXX{У\xAD\xB5Ù¶1�\xA9\xBB@\xAB_lqk\xF5N�\x9E\x8D\xFC\xBF\xB5�\xB4z\xAA\x8D\xAE2|,{|L?S\xDB=\xEDBE6J\xDFw�\xACk\xA6
-w\xF3\xB9\xE6t/S5\xE5\x89e�\xDF\xC1'V\xF5+6\x87
-Ap?N\xE2w2}\x9Bj\xC4��\x952\x84\xB3w\xDF�\xC7\xEC \xF4\x85d\xC98{�\xD5 \xAE�\xA4\xBE�\x82\xB9�\xEA7�\xA9\xE3 v\xC8�\xB0\x87Z�24v\xE0PQҊ�̬\xAF\xA9\x9Di�\xFD�Ze\x84�\x84%
-w\xDADe\xAF\xFA,\x84{\xC2�v&T\xEA=\xC9 \xE0
-I\xCC\�\xD8\xC1]�\x82;\xB6\xB4\x9D��\xEE8D\x8F \xC2`ZQ\xD5\xD4�\xA6\x91\aZJ\xC24N)L\xE3�aZ\xC8n#\x9D\xCA\xEF�#Lck0\x8D}\x85ig'B\xB1\xE1Dm*\xCC�\xEF>\xE2\xFFgL\xC71T\x81P\xF9\x8C\xBA\xDE�\x8D|\xB9\xD6D
-\xD0߆���\x8C\xFF7\x88�~l\xED8\x8Cg\xA2\xD9\xE7\xCDEs\xE2\xC71D�\x9B9
-\xE6D\xBB�\xECh0'\xE4Ô±5`\xB6\xA9�rI\xA0_\xF2\xC8o#(g\xF8Õ’\xBAn\x8D�\x83\x836\x88N\x8C�7�\x82FC\xC6\xF7\xB6g�\xD1I\xB0C4�\x9E<�.\xA2\xE9�\xE6\x93 \xE7Yc'�\xBB*+\xF0\xAEZS\x93(\xFFm\xBD\xE2[1\xC0J�:O\xA9c\x80\xFD\x9Dg�\xED\xFA\xAD\xB7\x93\xDD\xC7:4\x93�\x83#\xA4\x8F83\xA0Û \xABz\xFE\xEF\xBF\xCF\xD9\xFD5R�\x83OH�<D\x8B \x9C\xA3H\x99a
-\xA5\xCBB\xD9g\xBD\xFBK\x9E}\xDE\xFF�\xA3z\xF2\x87endstream
-endobj
-2462 0 obj <<
-/Type /Page
-/Contents 2463 0 R
-/Resources 2461 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2460 0 R
->> endobj
-2464 0 obj <<
-/D [2462 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2465 0 obj <<
-/D [2462 0 R /XYZ 85.0394 287.1527 null]
->> endobj
-2461 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2468 0 obj <<
-/Length 2099
-/Filter /FlateDecode
->>
-stream
-xÚµYKs\xDB8�\xBE\xFBW\xE8\xB0�\xA9f\x85\xE0I GÇ–\xB3\x9Ed<YÛ©\x99\xAD$�Z\x82,\xD6P\xA4\x86\xA4\xECr~\xFD6�\x80\xA2(\xC8\xF2\xEC#9\xB0E5\xBA�_\xDDh\xC8d\x84\xE1?�\x89�%\x9A\xEA\x91\xD4� L\xC4h\xBE>ãG\xF8\xEE\xC3�\xF1:Ó 4\xEDk\xBD\xBF?{w\xC5\xE4H#\x9D\xD0dt\xBF\xEC\xD9R�+EF\xF7\x8B\xAF\xE3\xF7H\xA0 X\xC0\xE3Ë›\xBB\xBB\xD9\xC5\xF4\xE3\xEC_�f7\x93)\xD1J\xE8\xF1\xF9\xE7ϳ\x9B\xCB\xEB\xDF'S*0(\x83*\xC6\xE3_\xCEo\xBE\x9Cr\xEF>O4�\x9F\x98\xDDM\xBE\xDF\xFF|6\xBB\xEF\xC2\xEA\x87N0\xB31\xFDy\xF6\xF5;�-`�?\x9Fa\xC4\xC0\xC3\xE8�>`D\xB4\xA6\xA3\xF5��� \xCEXx\x93\x9FÝ\xFD\xB33\xD8\xFB\xB6]�\x83\x82�\x85�\xE5 \x80"�\xC6\xF2�`�IB at I2\x8D\xB8\xE6�^\x94\xC4\xF0\xF2J�\xAE\xE9\xB5\xDD\xE6\xBB+!z\x8A�%\x8A%`\xDAj,\xD2Ƽ+\x97\xCB\xDA4CD�\xA3\x88P\xBD\xB3�\x8B\xADS:�\x8E\xF6|�&�!\x84\xEEEwg\x9Az2e\x8C\x8C\x9B\x95q\x82
-\xC7Jx\�\xEE\xCD\xF3*\x9B\xAF�Z\x98�'da}\xE9�=x\x85jB\xD4\xD84\x99{.,���\x9F/�S\xF9��2^\xA5\xCD\xCE\xE9\xDFA�1�\xCFY\x9E;\xA9n:�\xFC Xm\xD6D\x9B�B\x90�\x82\xB6\xDBʊy\xBE]\x98\x85#\V\xB8gk\xD9
-?\xCA\xC2z\xB3\xE2ö\xF1J\xFE\xE9\x9CY\xA9(\xFD\xAB�\xBFl[�\x8Bv\xB3\xF6Yg\x8FEX\x8E�\xE8\xEC9\x93h\x818�\xFCub\xF5\xB5\x8E3\xAB\xD3j\xA9u�\xA1�\xB1\xB5#\xDFB\xAD�AF\xF8\xEB\xE1uZ\x91\xF8\xF6\xC8\xC5 �5\xB9�\xA0c�\xA5\xCCC�\x82c\x97\x95,\xBB(\xA5\x81]{Zmê\x85\xF5\xA5{\xB6\xA9\x80E�\x93\x9B\xA6e�\xC3$\xB0Ê™\xB0\x94
-\x9El\x92\xA9\x8A\xD8\xF5Y�\xA9\xF0\x96\xF3\xB2x�#\x8ES\xB01\xA0\xE2>\xA7��\xDE\xC0-��\xC1\xE3oX\xE0kϡu\xFA\xE2�W�\xEB4,<0\xE0b\xEC47e\x9D5e\xF52\x81\xDA�{Ү\xCAg\xF3�\xC1J>F\xE0\x848� a\xBAx\x97\xA3)\xE5H\xE3DB\x87\xA3\x88+\xD5\xEE�\xFA\xF4\xEC\xF6\xDC\xF6\xDF\xFB٥\xB3�\xDD\xDB Wן\K�\xA4�\x83)\x85\x88"\xAC5\xF1\xDB\xCA�\x9D\xBF\x9D�\xD5@;\xCA�6\xF3)leY\x95\xEB<}0yIJ\x96�-�~ͼ\olRmƥ�\xD7\xDB\xF9\xDC\xD4\xF5r\x9B绽+\xE1\xEA�\xBE\xDFTYѲK\xEAq\xEA\x974\xF0\xEE\xD1\xC9\xE5\xD2=�\xAC ,\xCBj\xEDb\xE0{q3\x8C�O\xA8�\xE2c�\xFF\xD0Oi\x9A\xFE\x94\xD9\x91\xA8\xA1IAܘ�v\xB8S1t\x84.\x8Du\x93�\x8B\xB4͡\xA7J\xB9m6\xDB\xC6s\xE3~\xD5R\xDB�\xC0?\xD3@\x88\x85)\x9A\xEC�\xC6t\x9E6YY�s~o \xC3V\x8Eq\xC6.\xCBM\xBD\xDF\xD2V\xA9\xF1h
-S\xA5m\xDD�9z\x85\xC2HRybj\xE8k\xB5\xBD\x80\xF0�@\x92\xA0\x84%=[�\x9Fo\x98È¡S \x{1888AF};
-J\x87N\xF7\xF2\xA8\xA0\xFFh-\xF6\x9D\xDAdF2H�\xC41\xF1��\xF0�bY\xA4ks�\xA8�#\xA14;�TO\xEB�\xA0\x82\xD6I\xA0^s\xBA�j\xE84�T\xDF)\xF0=\x86�F\x9Cv\xF5y T\xB1]\x9B*\x9B\xEF5+\xF7\xA8\x81\xC1=\xD8_\x99\xE6\x8Fe\x955\xAB\xF5qx9\xF8\x86\xD2z�Ý\xD2+\xE0z\xA5\x93ؾ\xE2q�\xED\xC0c�Ùž\xC7cM�F6&Ur\x92\x83\xBBf`\xAAP\xE1�\x87\xFA_\x96e\xD3\xF6A{�\xA0HW\x9EB\xAB\x82\xA6 \x91C. S\xEC\xAFugÉ’0I\xCC]fSןE2n\x9EÛŽ'C\xCBi\x8F&��k\xB3r
-\xB6|j\xA7\xF2\x90\xD6�\xA6\xBD\x85\xFB\xE4h\x91\x84\xDDJ\xD7\xCAÝ\x9A\xF8F\x87b\xADZ\xC0h\xA3\xA4<Òª\x91;\xBB\xE1\xDCF\x9Ar\xBEx[@\x8F�\x9Cw��\xB06+\x86\xB9\xD8l�\xF2\xC0rk\xA6w�C\x87\x8F\xC4I\xEC\xC9K\x8EE \x9B}\xB23\xD0a4\x84��\x98\xCA�\xE1\xF8\xF5{\xF1\xF8\xBDSM \xDD \xE9v{\xBF_\x99X\x94\xDA\xF6\xC9\xE0���(��k\xAF\xE42mG\xAE\xA4�\x9D\xFD\x94Ú‡\xB4�B\xF7\xB9�*\xAC\xE0X3/\xC39hß¹�\xAD5b\xCF<+\xB4\x97�0 �M\xD5R\xC1\xBE�V\x94=\xFBI;[9\xA9�\x8A\xAD\x88\x85\xBFgÌ›\xFCÅ™\xB25b\xBFu\x84\xEC�\xF9\xDB\xF5\xCD\xD4\xC1Å¡\xAC\x95�\�.>}\xB9\x9CuGxcÖ¦W^\xED0t�Z\xD0\xC0\x92\x84Yè•Œ\x83UJ\xB8�\xC2\xCBI�^\xDE\xEB\x97\xD3zc\xE6n6pzmg\xC8�\xB5\xBD^):\xBEjw
-\xEFˇ\xA7\xAC\xDC\xFA\xE5P\xEC[X\xFE\xE2\xBE\xF2\x85\\x97\x85\xADY\x96Ø™\xB9\xBD\xC4ys!\x84Ei\xFCz{�j�\x93\x81^}\xC0V\xE9\x93\xE9\x8F�y\xFF at H\xFD\xEC\xB31\xD5:\xABk8�PlX\xC5{S\xEA\xDD\xCC'\xE0\xFC\xD3ݯ\xA7'\xD2];\x83 ,�\x94Í—/Q\xFF\xA5\xBD\xA8Y\xF6\xF4\xBEn\xED2\xDD/ \x89�Ü£CM\xBC\xBF\xBE\xF13\xB2\xF6\xE1,\xD6Y\x91A\x83J\x9BÐo\xCDÒ¸\x9D�s\x8F\xC2/i\xB1Mc
-\x95$
-\xD1$ M?��4�EB?\xBA\xBD\xBAp�9f<b�\xAE\Ԟ3\x9Ef\xD1K S�IM\xD5�\xBE\xE7_\xEE\xFF\xF1\xEB\xEDi`\xAF\xA1+W\x85\xF1S\xE4\xDDK
-\xD5\xE0\xDB\xD1�\xB0\xA7\xAC\x9Al\xBB޹\xE5\x88\xD9AڧS\xA2\x84��~1\x9AL \xC6x?U\xA1\xA0\x98DJ\xC3AcUo\xE0Ј�\xC6`WD\xD3Ì\xFBc\x91R\xE9$\xF7\xAB\xD4\xE0�\xF5\x93o7\x924e\x99\xBF\x81\x88/E\xB9\xA9\xA18�3�\xC4�\x877\x83\x85\x80.�264@\xD5T\xD8&\xF0굿o\xE2p\xA4�\xA3N\xA7�\xD9}�\xB8~\x9D\xFA\xF9
-�\xF6�\x87%L$I�\xE0\xBA.�iY\x82!\xCDe\xA0\xE6\xF7`\xF5!b\x95 \xA4��\x8CB�u\xF6#\xD6�\x81\x9E\x8A324Y\x9C4i�\x87\xE6e�\xB5 T\xA1ݯ�\x9DM\xD6I\xE7�\xEBp,*\x84�\N\xF7\xFA\xD6ෑ\x81\xA7D \xB9\xBB\x9Bv\xF6/:i�\xF1\xE4�u\xF3D\x9E\xD6u\xECx\xD0H)\xA9\x87\xA6/O�\xF3\x96\x88\xF9\xD0\xEC\xEC\xA4YS<fE�\xED}\xB5΢\xE9\xA4e�mƀ\xAB\x9C\xCB\xFD\xFB\xF12O�cXpĥ\xA2C��:\xE9\xF1$̾\xB4\xCB*Fk\x98�Er \x{16A4EE}O\x9A\xFF\x8F@\xCFN\x82n'\xDE\xEA)\x9C�o!\xF9\xC7(\xD8B\xC3-\x8E\x88�\xB5\xB3
-&!\xFB\xA3Q�\x92\x84\x8A\x83\xB2\xFC\xA3\x93>\xFF Ùœ\x84dS\x95M9/\xFF�$v\xD2\xED\xFF8h7�b\x82��`\xFBuZE|Q\xE8\x9F�\x87\xF5�\�\xCA\xF5\xC2<�\xC1��\xE2\xF7\x96N��\xE3��\xAE��w}\xD2�\x8C1P\xF80�\xBF�\xED\xE6\xA4\xCD#]ÛÆ\xF6\x9EN\xDA\xCBÍ“ÉuP5\xB4\xF7\xC3K\x85\x9F!b\xBF+\x80}\xFB\xF7\xA0È‘\x8C\xBB1\xE0\xBF\xFE\xB3\xD3\xEE�
-@\x92)Eã¿™S \xF7=
-\xB2�\xCAn\x86\xF0\xE4\xF0\xCF�0\x952�\xAC�c\xFF7 \x81\xC9oendstream
-endobj
-2467 0 obj <<
-/Type /Page
-/Contents 2468 0 R
-/Resources 2466 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2460 0 R
->> endobj
-2469 0 obj <<
-/D [2467 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2470 0 obj <<
-/D [2467 0 R /XYZ 56.6929 632.7441 null]
->> endobj
-2471 0 obj <<
-/D [2467 0 R /XYZ 56.6929 393.4246 null]
->> endobj
-2472 0 obj <<
-/D [2467 0 R /XYZ 56.6929 322.7553 null]
->> endobj
-862 0 obj <<
-/D [2467 0 R /XYZ 56.6929 278.4974 null]
->> endobj
-1455 0 obj <<
-/D [2467 0 R /XYZ 56.6929 239.5941 null]
->> endobj
-2473 0 obj <<
-/D [2467 0 R /XYZ 56.6929 205.2551 null]
->> endobj
-2474 0 obj <<
-/D [2467 0 R /XYZ 56.6929 131.664 null]
->> endobj
-2466 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R /F14 964 0 R /F39 1161 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2477 0 obj <<
-/Length 3070
-/Filter /FlateDecode
->>
-stream
-xڥ�\xCBr\xE3F\xEE\xEE\xAF\xD0-t\x95\xC5\xF4\x93\x8F\xECɱ=cgv<\xB3#\xA5j\xF3:PT\xDBfE\x96�\x91�\xC7\xF9\xFA��h\x8A\xA4h\xCDa\xCBU&\xBA\x89n\xA0\xD1xSr"\xE0ON2��\x9D\x9BI\x9A\x9B\xD8
-i'\xE5\xF3\x99\x98<»\xF7g\x92q\xA6�i\xDA\xC5\xFAq~\xF6\xFD;\x9DN\xF28OT2\x99?t\xF6\xCAb\x91er2_\xFE�]~\xFE|s}\xF7\xDF\xF3\xA9\xB2"\xFA1>\x9FZ!\xA2\x8F\x97\xF7?_\xFE\x9B\xE6>\x9F\xE7*\xBA|3;\x9F\xCA<\xB39 YDKDt}?\x9B\xDD\M?\xDC\xFC\xF2\xFE\xE6\xFE\xFC\x8F\xF9Og7\xF3\x96\xAD.\xEBRh\xE4鯳\xDF\xFE�\x93%\x9C\xE0\xA73�k\xD8m\xF2���\xCB<W\x93\xE73cul\x8D\xD6afu6;\xFBO\xBBa\xE7\xAD_:&
-\xAB\xB3\xD8f*�\x91\x85\x92�)\xE3\xDCZ\xD5�\x86\xCD\xE3D+\xED\x85q}3\xBB\xFAr\xF7y~\xF7ɟƯ9\xC8OL\xA6*\x8DE\xA22\x8F\xBC\×µ+\xA7\xBA\xD7G\xB7ft\xD5AOElS�\xAB��PÜ®h\}>Õ‰\x8E`�C�\x9B��$K\x82�V\xCC\\xB9ß\xCB,r\xED{\x98\x96�4*x\xF9\xD2\xFD.\x84Z\xBB%
-\xAB5=\xBF\xBCã”Õ–W\xAC\x97\x83wFh��\x99\x98<\xBAk\xF0 4\xE2y\xDA
-
-X/�\xDC4\xB5Q\xB1\xAA7�\x85\xD3Ј�\x93�>�L\xEDk~\xF7R5O�\xCDgw\xEF \xC2\xD3\xCD\xCFs�\xED\x8Au]\x94M\xB5a�\xB3\xEAq]4\xE72\xE2\x83\xD7x`\xA6]ӳ{^�V\xBC\x92\xCE�\x80ʌ���\x91D\x81\x979\xA8\xA7?\x9D\xE8\x9Fk\x94
-T\xF8�\xEE\x95�\xE3 \xE3\xB3C�\x87�\xE3z\xC2�\xA8\\x8B\xB8%\x93\xC7:MHM\xE6O\x8E\x94\xC3tu 0T\x9A\xE5\xAC�\xEB\xE2Ùh\x90Jb+\x95d\xA4\xCD�PJd\xD4\xC0\x86� \xB9�P!\x8F\x89\x8A\xEA\xAD++dÓ�\x974\xE7�\xD5]Un\x9E\x9F\xBD.\xE0`U\xAD�\xA8\x806:z\x87\xF2\xC2�A�\x99D}\x81\xA0\x81
-\x88\x8C\x8C\x9E\xF7u\xC3PєO\x83\xFD\xFDY<��{\xA526Ns\xD9�>\xA1\x83\xDC\xFE٬�\xF2ʃ\xC0\xCBS\xE5w�\xB0E\xA3\xB3\xA2\xE0\xF9>�\xAEZ?��\xB4q�\xB7F\xDB1t\xB8�
-"5\x92�\xF2\xD6=;rV"��\\xA2�ߨ\x934�\xF7\xB3\x8C4\xEDb�\xDFr\xECg[,\xA4;-\x889k\xBBZ bP\x82\xE0#\x8A\xD5\xE3f�\xF6\xF2<dN�\xF0Q*\xFD�w-\xD6�{]\xAD\x92\xD6ĉ \xFF\xD9\xE3o\xE6V\xAElP\xB8\x99f\xB1g&*w\xAF\xDBf\xF3\xB8+\xB6p'\xF4\xAE\xE5�\xF4\xC6H\xC1z�\xB8\xAD\xDEd\xBA\xD5�\x88�\xBC\x97\x8E\xBE�\xAB=oK\x9A10 - at ni"Ǥ18\x82M\xE0\xA42X\x8F\xD7G\xD24\x91\xC0\x89\xC4\xC0\x81-<\xD5<"M\xCB2\xB2$\x98\xF82\xBB\xFCxm=\x9F��f\xB7\x97\x92G׳\xCB�B\xBA\x87C\xE9\xFEK?�0\xC2Je�\xFF:\xE71X\xEEE\xDF\xEDP\xC0\xBD\xB9\xBAz\xFFi6?�w\x89\xF8i�3\xB0\xD7gXO\xBBФ\x97j\xFBRg�^\xC24V`\xEA]x\x8D^\xF5{\xEFᤔaC�9 A\xE4 \xB2\xD1�\xE4Å‘\xA6\xD1\xF5\xED[^\xF1\xBAz@\xFFK\x9E�\x9C\x99\x88n\xDDj�^\x83�\x90�*\xBA\xFDxy5e\xE9\x85a�Qg\xAC\x94�Î\x9C:3p\xAC\x8B1V\x82?�x Q<>\xE8�\xF8Ôš�\x83?"\xFB\x84"\xC4K�\x94E@\xA9Öµ[\xD7US}u\xA3�\xFA�\xD5!Í¢\xF5�\x9FyG\xF3\xFC\xB4\xF780\xED\xBD+8V/\x96\xA5\xBF{/\xEA5\xA1\xB1\x8A�\xEEK\xB5Z\xD14I;È\xB8\xA4w\x8BW\x9AY\xBA\x87b\xBFjx\xA3\xFDz\xE5\xEA\x9A\xDE4\xA3!C\x83}\xA7Bf\xAC\xF5S=b�\xD2Ä©\xCA\xD2�1\xB6�\xD4�\xA7\x98\x92\xB5\xE8\xC4\xC4F�\xAD\xA5jχA4�X\xF6\xC9�\x92`�\xEA\x9AF�\xF7xn\x84�\xAE\xCD�\x96\x94�\xC054\xAEXbÆ‘Q�p7\xE6�\x80\xFD8\xB5\xF2\xE4)m\x9C\xE4\xC20JU\xF7)YNu<�2\x97\xF6F}\xD6P\xB3 \x84\x8E\x8D\x91\xA6/\x80C�\xF5\x97\xEC\xA3PÑ°\x86uT�#�]\xB3�G\xACuO\xAE\xFC3$ mD\x83\x98\xBB-\x9AjQ\xAD\xAA\xE65,m8\xC6y)\xC6>\xE3�Q\xCE\xFBM\xE3\xE8\xE6\xE4�\x98\xB6\xE5\x81�!
\x98\xA1\xFD� \xD7\xEB5I\xF4�1\{A�\x8C\xFCE\xB3Ù½�j\xC3�_=oW\xEEÙ\x9B\x81�\xF8�S\x92\xA7\xA73\xBB\xECl��\x90\xC1\xC1\xF1\xA6c��;.1*{\x9B}�\x84\x81.\xEB\xA2c\xD9\xE0D\xFA\xA1\xFD\xC0$\xFA\xB4\x81\xC9\xE6�\xA9h\xAD"�R1p\xA7×·�4\xD1qLÚ†\xB4W냇"\xB4\xE6\xC9\xF3\xBE\xD9?>uÖ‘\x97\xA1�ž\xD9@\x82S\x95\xC5j\xF5J8\xB5k\xC2jGH\xD3\xF9\xD8\xC1\xD1�\xFB\xA3\x90�\xC6oe�F\xEAX%\xFA�\xD9F�\xEB\xEDl\xA3\xC5\xF2f\xB3�\xCB6d�Ɇf\xB3\xC1�]\xFD\xE3\x8Er
-(\xA0\xD24\xCDN\xF3\xD6b\x8D0\xD7\xF7G�\x8C9\x97}\xEEf\xAD\x85դ�$N \xD6\xFB\xE7\x85\xDB�\x8CQ�\x9F\x8B\xAAa4\xEF\x8C$\xE6\x9A\xE0\x86�\xC1\x98�\x92\x9ALM\xEE#�\xE1\x96O\x9B\xAAt\xFD\x9D|�\x89\x80?\xB8\x87\x96n�J\xCA\xFBo\xDA\xFD\xF9m/��\xA1\xE3L\xEAA&\x8Bn�U\�\xB4<\xB8v�\xCA;\x848\xECj�-\x88g�\xBA\xE6\xC5\xF9\xB8��^\xDF� +�@ \x93�\x84G\xE7\xBD\xFB1�_rL~\x8B\xA2&\x9F\xE4\x9F�rRe\xC4�\x92�IO\x8C\xC8}�"[\xE2\xE0\xBA\xD9\xEEe \x93\xAA6\x9F\x90�\xE1d\x87��\xE8T\x80ǾCFR(sؘ ~\xA9\xBC\xA3\xC6 \xF77�b�>Cl\xAC\xC0-\xD1ȧl\x80\x98\xF8�(%s\xA6)\xCFӘ\xF7!�;\xCE\xF9\xC0!�B}\xB7fgM�[ў�\xEE\xFFf\xB5\xAA\xC0\x82K\xF6\xE2\xFB\xDDW7\x88�\xA1:ܬ\xBFcbk�\xDC?WL m\x8B�TE
-h6�sÔ¡y\xBDU*\xE3B� \xD2Q\xA5R\xD8\xDC'8
-3\x94\x86�"�\x90wဴ\xE0\xF5\x9D\xE8E�\xD5�=\xF75�L �\xBC/% <\xD7I\xEB!.�\x86�XG\xDCqb�O\xBF#\xD7�̗Õ�%\xA6\x9A�\xA7j\xA8\xF8=[8\xE0>\x82\xD7r+~\x9D}\xF8.4 \xE0%\xF9q \xC8:�\xEBh\xE7<Xxvj\xE3�\xB8\xB1��ɡt$D�\x94\x8FS�#\xA1\xDE\xC8d\xA8Ӧ\xA1\xAE
-\xD3=�\x82\xED\xC7R\x964ε
-\xB9��+F3\x84�\xB8yq_I1.\xC80\xFD\x85iI6\xA1\xFB9\x87\xE6( O\xF7\xF7vU\x95U\x83\xB1 \xC7\xFD\x8B\x87\xF5\x9Cah\xF1F>\xA9\xAC\x8E\xB5\xC8\xDB|\xB2�c\x9B�F(\xCC 缴q\x9Brkٲ\xE6�i-:\xAA\xA3C��X^u\xB0V\xF1B\x84\xCA0\x96y\x9A\x{1959B5}\xCA7RaH ��\xEA\xBF�솙\xB01\xB6W"\xF6|�\xB9\xED7\xE2\xB2\xCAE\x9C)s:,w\x90ގ\xCA�\xC9\xF3\xB9\xFEfP\xC6\xE6I\xF3\xBA=\x8E\xCA��{k\xCDI\xCEZ\xA4c\xD6\xFA\x92\x81:�\xEA\xFE�o\xBD\x90\xAC\x92,\xF4s CzY;\xDF�\x82\xCC�9\xA3ɇ�V'�\xEBIJ\xF7\x80%\xA1�\xA55#J�\x86!�\xE9~\xF7\xFCÚ_\xC4&צ\xA1\xB0\xAD\xAB\xBC�zx\xC1T\xFDtC3h\xF0\x94&'\xE8\xF78\xEDOcP
-\xD5W\xB9\xB6}\x91\xABД\xCAC\x8F
-\xA6\xBC\xE7\xB8\xF9\xE5{@\x83��p(\x86�\xEB��z\x8F\xE6I\xC1\xF3\xE6~~7\xFF\x85\xDE�x\x80�\xC5`ߢ\xAE7eE.�\xC7l\xB5\x80R\xD0\xC4\xD3ÆŸ\xF4\xC0Â\xF6\x88\xB7\xFDyv\xF3\x85\xDAx\x9D\x93�\xD5D\x85\x8E\xE1\x80j\xD2RMd\xC0�\xF3\xD8
-\xE8q?\x91w\xFC4\xBF\xEDR:\x88%\xA6\xC9P\xA2�Ø–\xE8H\xB8\xF5�0\xE0�� _\xA2O\xC7\xF2\x91P\xB7\xFBx|M�\x85\xA3\xAA�}\xF0\xE4\xDB\xEE�\\xC4N\xAF=x*�WJÇ f\xDF2\xF8�\xD6 \x8B�X\x87\xF2\xB5K2�\xA7\xAB3u\x9Ad@�!\xD95 \xEC\xDF\xC9\xDC\xF6I\xFELÕ¹\xE4\xE2WQ}9-\x8Bm\xB1X\x85W\xDDzXzA"f\xB7\xAD\xEF5�'\xDB\xEF�i/\xD9N `a\xE3į\xA2�\\xB5��\x9C\xA59\xD9\xD6\xE5*\xD4\xE5\xD2��?�|ÐÕ\xC3 �\xAD\x88�\xF5\xF2\x84B�<{Q�ƾ"C\xC0\xF79\xF2\xD0\xFB�\xE0\xD0\xE7\x86�\xF6\xB91\xE4\x8Blд\xC0\x97\\xC5\xE7\xDC�\x83'7kp\x86\xE9p(\xC3*\xC3\xE4\xA1(\xF7\xE4\x8AfLm{=\xC1Lv{\x82~<\xEC�Ú±.\xA0
- \xB2�\xB6�\xF9\xED!��q�\xBDnXO ޴�i\x93ب,;m�]\xAC\xB7\xED\xA0\xC5\xF2vpud�6\xB6&\xCFO\x93�H#${�M\x88\xD8j\xA9\xFA4\xAF�M\x97�j\xA3\xCD\xD2\xFD\xD0\xFF\x84\xC5�o\x9Fl\xC1s\xB3ZN\xEB\xE6u\xE5\xDA>v\xDBX\xCD)\xA5\xDA웰\xC4\xEF
-\xA5\x90k\x8Ae\xD1�\xA8�"\x8F~dbm\xEF\xF8K"\xD8@,\xF2�\xF4\xBF\xF5!�"*XG\x9A\xA9\xBE\x8Aq\xAFM\xE2W\xB0r\xB5_:�p\xF1\x9A \xEF\xDF\xD54W\x92*�l\x9C0\xB3$3\x97\xFC \xAD\xBB.�\x87\xA6\xEBfC\x8B\x974\xE6�z\x87�6\xDA\xBC]ҕ\x98\xD62\xA4\xED6\xDAP\x94F\x94\xA5�\xFBX\xC5V\xF8�\x91\xE38<ɺu\xDAO43\xFA(�\xCF�\xE7-WS\x9C\xDF\xEE�\xE0�\xF8\x908\x89\x84\xF0\xE6�$\xD1e\x83L\x8E\xBDrM\xC9qK\x8B�?\xFE\xF1\xE6\xDCg�\xEA\xAD|i\xBA\xAA\xDB=
-\x82\xBA\x8C\x8F\x9C�Ö³.\xAEÜ°\xFB�
-\xE78hA�P�\x83�\xDD|\x8A\x85\x9F\xE4\xEF\xEE\xAF\xFFu*�V\xC2b
-�2#2\xB5\xD1l8�\xF6\x85a\xCFz\xBF\xDD\xF2\xD7\xD6:\xF4Ñ\xCE\xF3\x9B>"\xCBc\xC8\xE2\xF5i�\xD1Az\xDBC�$\xCFu9\xFEy��B\xD9U\xAE k9J\x8C\x95\x8D\xA5�\x8B?\xC5V\x8Bt\xCCWOHZ\xC4\xD2�\xD9c\xECn\xBDD\x9D\xF2\xA21:(\x85 \xDFÈŒ\xFF0\x8F\x80j\x9B\xA1\xFE\xB9\xA4\x97\xE5f\xDD��\x95\xA2\xBDU\x94\x8A�P\x83GY1\xF6S\xF1\xD5\xF5\xF0Ô \xAC\xC3�Q�1\xC52\xFF\xE5�\xE6\xA8/\x80\x9B!6\xB7\xF7�\xFE\x88\xC2\xC8\xE1\xE7\x9DN_\x9B$\xEA\xC1\xBB\xFB~�v\xBC<⋃\xF2�\x861"j\xD1~y\xFD\xBF\xEDq\xF8U\x8BIc\x9Dej\xFCÒ´0\x90+\xE520\x85\x87\x94&�\xB2\xDE\xFE.\xE4\x98\xF7\xFF���\xC9\xD4endstream
-endobj
-2476 0 obj <<
-/Type /Page
-/Contents 2477 0 R
-/Resources 2475 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2460 0 R
->> endobj
-2478 0 obj <<
-/D [2476 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2479 0 obj <<
-/D [2476 0 R /XYZ 85.0394 751.7313 null]
->> endobj
-2480 0 obj <<
-/D [2476 0 R /XYZ 85.0394 629.4849 null]
->> endobj
-2475 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2483 0 obj <<
-/Length 3191
-/Filter /FlateDecode
->>
-stream
-xÚ¥�Ë’\xDB6\xF2>_\xA1\xAA=X\xB3k\xC1x\xF0\x85\xCDiÖž\xD8\xCEÄŽcM6\xBB\x95\xE4\xC0\x91\xA0�\xCB�\xA9\x88\xA4'\x93\xAF\xDF�\xBAA\x81�%\xA5jK��\x8D�\xD0h\xF4����?1\x89�\x96h\xA9'\xA9\x8EX\xCCE<Yl\xAE\xF8\xE4�\xC6\xDE^ ™y\xA4Y\x88\xF5\xAF\xFB\xABWߪt\xA2\x99Nd2\xB9_�ke\x8Cg\x99\x98\xDC/\x99\xFE\x8B\xC5\xEC�V\xE0\xD37�\xE7\xF3\xDB׳\xBB\xDB\xFF\xBE\xBD\xFDx=�:\x8B\xF5\xF4\xE6Ó§Ûo\xDE\xFF\xE7z&c�È€\xCA\xF9\xF4\xC3\xCDÇŸn\xBEGاk-\xA77oo\xE7׿\xDDwu{ß“�\x92.\xB8\xB24\xFD~\xF5\xCBo|\xB2\x84�|wÅ™\x82�&O\xD0\xE1Lh-'\x9B\xAB(V,\x8E\x94\xF2\x90\xF2j~\xF5c\xBF`0ꦎ\xB1"\x8A3�\xCB(\x99\xCCT\xC42\xD8\x9Ca\x82\xA5B R�k\x96(\xA9z\x86I1\xC60\x8Fe�6\xBB\xB5�}\xF5m��\x98B\xB0L\xC7@\x99C1\xD5cQ\x99C~��18B6 7="\xAD\xC7�\xA1M\x86;r\xCD"�\x8B!q?5\xA6\xB9\x9E)\xB8\xA2�nG\xEB\xE9b\xF7\xBCmk�\xAD\xF3ݵȦ\xCB'\xFC�\x84\xFE\xCAc\xFE\xC3\xD6T\xF3\xF9\xF78�\xA9�\xB0@\x84U\xBD\xC3\xC6.\xAF\x96\xF5�\x91\xAAn\xF3`��\xE0\x97\xD0�r\xFA\xB46�šn\xBB\xADw\xAD\xF1#_̳\xE5\xC7d&S\x96)\xE0\xDD�X\xA6\xE3X:\xB2�Mevy[\xD4�\xB3\xD3\xF5\xF4g\xB7\x90\x8C\xD2\xE9\xA2\xDEl\x8B\xD2,\xB1\xF7T\xB4k\xDBʦ\x9F\xEE^\xCF\xFF&�\x82i7\xEC�\xF4]\x9AUÞ•m\x83=\xCB�;o\xFBe\xD1�\xF1
-vڵ\xC1Q\xB3ٶ\xCFج\xF2
-�\x91K\x8D\xC1%2\xBB\xB0=��\xD2\xEE��=\xA8\xE8\x8B\xECcG\xDA@"\x97\xC2\xFD\xF2D\�\xCB=\xD2�\xA9$$'\x94GҖDLk\x91\x9D\xDD\xCF\xE3�\xEF�JZ�\xCDT\x89\xC1~\xEFWxXq\xD5#\xF6\xF3
-\xBF\x9F\xE77�\xDEį\xE03w#�fE@�1}\x89ݮ14�?%J\xE5#A\xCD�ۺ2U{\x92\x91I*Y\xC4\xF9�N\x86X\xA7Y\xD9c9^\xAEF��t,S \xE9\xF7\xAA\xCC��\xC9Ҝ\xC9,\xC9Γ\xE5\x91F\xC8
-9\xAEc&�\xB0\xCF�\xB2榵\xBA�\xA1\xD0\xDAF\xB35\x8B\xE2WΥ\xD5�\xC5cPe\xAE\x8027XT�\xD8\xFBA\x87(\xAF\xC5Ԕ4\xB1^� \x83�x�\xFE >\xD8GUX\xD4h@@I\xA3TM\xEF=v]\x95\xCFC\xBCǪ\xF8sHU\x83\xEA/�K\x92,�\xAAPo\x8F\xEC\xC5\xDF\xCD\xEF\xB0a
-Óy\xC6μ\x80%\xBD\x94��\xCD�\x8AÜ’d\xEE\xF6\xDF?\xDCÝž\x96�\x99\xB14\x8B.\x88\xCB�錴�\x92�\x96\xB7G\x8A\x971\xB0`\xEA\xEC~�\xE7x\xBFP�RŤ\xE6\xC9`\xBF\xB7\xA8pC\xD59Ь\x87\xAE\xC5Ʋ7M�\xD8v�eѬ\xB1S�Кw\xFBm\x80\xC5\xD8"+\xEBp\xACA��\xEE\xBAh�}k\xED4
-�\xAC\xA8\xAC\x99�;\xF0P\x9A\xC3%f\x9F�\xEEivs\xF2\x8Eb\x9D2!\xD5�\x9D�\xB1N\xDFR\x8F\xE5\xAE\xE9q\xDCi\xAB(\x8DH\xA9ɔ�7�\xFD\xB6�\xE7\xAE \xDE8K]\x8F5B\xDE\xC0o˄e�[
-\xE9\xB3\xF6T\xC9h`Om?\xC7ϛbe5\xC4\xE9:Bޙ\xB2\xDCXkk;\xC1\xFD\xABH\xA2e\xB5\xF0\xD6]Z\xB0.�.\x8D\xA66\x88S�\xB3\x95e\xFD\xE4\x94��\xBE\xE6eg�y��@G�\xAC"Ęf\xBF_\xA1BG`\xAB$Dw�\x85\xB6\xBEP)�l\xEB\xBAH\x8D�
-\x97%��\xD9"|\xA9\xEA\xA7
-\x9B\xDB]a\xFD\xB0m\xAE�=6\xF2\xB0\x93?\xFB�\xC12V�[OEYbë¦ �\x96\x88^\xACh\xBD\xBAi\xACx\x82\xE7W)H1\x98\xBA\xDDS\xD1�\xBE5|�ߎ\xD7B!\xC4P\xD8\xE5i\xF1\x8D�\x83\xA9\xFA\x82\xF8�Xg\xC4\xD7c9\xF1]�Y\x99\x84q\x9D^\xD8\xD2#\x8Dl9\xB03\x82\xF14;\xD8\xF2Ó®\xA8\xDAf`f\x9A5\xC6X\xB6\xD9m6\xF9\x8ElsM\xC1 FS\xBD\x89h�\xF4\x9E\xFC{\xB71\xFD\xC2�;9\xB5�p at F�DJ\xA6\xA4\x97˪i\xCCb�2�\xD2D\xE8\x83\xF0$\x81\xFB�\xBDC\xEC\xD3w�\xF1r\xA6/Y\x96=Ò™\x9B!$w1wcv�Ò”X{\xF2\x8B\x9DY\x80�<�\x9B��\xA7b.\xCFR\xD6#�\x9364*\x9Aq�y_H\xDB\xDC\xF4l\xF6��Ä \x83v�\x91\xE9&\x83\xBD.�\xEB�\xF4/\xDE\xFBZ]-M�Þ£\xE9o�}\x8E\xB7\xFB\xBB\xA2mMu\xF2�\xA24c'2\x9F\xFE�\xF68\xA7/\x81p\xDC�|9\xA5�g6\xEBU\xE3p\xB31\xC5�6{c\xB6\xC4Bp\xC2\xCB!�W\xF9W\xEFK\xBDJ\xCC\xEE)b\x81@\xCAZ\xE8\xD3|\x89��'\x97\xE43\xC4:\xC3�\x8F帳\xBD\x98\xAEnwu[/\xEA\xF2HBE�\xE1g\xA6\xCF�\xD7c\x8DP7\x94Qp\xB7�Dy@�
-\xA9�\x9AbOi-\xBF3\xF7H\x92�r\xCE �1�
-\xD1\xC9\xC78{�p\xEF�\xAD\x9B\x82e\xEEO\xAF\x8A\xDE�}\x8F�2Zi\xA5\xB9}2.\x95\x85�Nh`ǜ\xC7S\x9A\xA5\x9A\xA7C\x8F'\xE3\x98a\xE6\xEBv\x94R�\xCE�:\xCEy\xC0W\xD9�ƶXo\xB1\x81,ñ�\xACO¦\xF7V\xD8\xF3\xCEYz�X :w\xDB
-
-k�\xA1\xD9\xE5\xB5\xDD�\xA5\xD5RR\xE1\xD7\xF9Q\xDB ?�\xD34:\xE2\x81�,\xBC�i\xBA\xC5\xC24M\xBDkN\xCA1\xDC0\xE4\x94\xE9���b\x9D\x96\xE3�\xCB\xC9\xF1林\xFC얽\x9E�o9\xA6\xE9\x83-\xEC
-\x97s\xC5\xE9tS/\xCD?A\xA2\xA4\x9Aλ-\x99\x80�\x8B-0\xDCU\x95\xB1\x9Cq.Q\xC5ɴ\xEE\xDAm\xD7\xDA\xE0&\xB3\xA9آ\xEC\x96�\xD3\xC1�I\xE2\xA3_�\x97(\xAAe\xB1\xF0%\x90�B\x92\x9F\xAF\xE3�X\xBF\xAE;\xA2\x81\xA29h\xA1}\xE9\xEEJp�K~\x90P\xB9:̈gM\x81�\x89\xF8\xAB\x8EU3\x95\xF6\xE1\xB1�\xB6HA\x86\x97\xC1q\xB1
-��\xA8ޢ-\xBE�+d\xCF�\xC5J\x8B\xEA��{9\xCD\xF9<\xBF\xB1
-\x89i� \xDE @\x91\xB7\x81\xC66/\\x9CjÓ™(\xA2z\x8E\xA2(\xCF!\xC0f6<\xA1\x95\xF1Ó´;\xCBb\xA7\xA2�LR\xAA�\x8ALh\x93!\xFA|\xDE<\xD4e\x83��\x81D!\x9F�0\x8FRy�Þ´K\xB3Û0He,\x8A2\xCF�\xBA?\xCCQ\xB5w\xA2z\xE4\xBAe\xC2{bz4\xF2\xB5\xFA\xA0�\xA6\xB2\xE9
-\xC2_\xB0�Ø \x9D\x8C?\xC1:oq\xCD��T\xA6\xC3t\x9Bs&S�\xE9�
-\xEDM\x9D\x8C\xC4t\x9D\xBB\x8B\xB56�Kn�LL\xE7b\xB6h�� t\x9B7
-\x96\xE1�]\xA6\xF5|E[\xE4%�\x9B\xC2|5\xD8�\xE2Z\xB8\xA3o\xF0�_\xFC\xE3�\x827&\xAFh\xB7�!\xA3\x94�v\xF2kW\x8F\xA5�+\xBF!w�\xC1� a%�\xBE\xE8�\xA0\xF1�\xA4\xC68\xA4\xD9\xE7\xFC\xC1UE j\xB3\x8B\xBC,l\xCD\xCFa�\xBD61\x882\xF4�1\xA4(\xF9\x82V \xAAqU\xCB\xEB\xC1\xFA\xBDÛ€\xB6;\x81[\x9EN`Û¹\xCBMD\xB2\x9Fbwk\xC6\xCEÒ‡\xCA\xC5A\xE0
-\xE2Ь\xF2 j\xDB{\xB9�vXj
-NV\\x88'B\xAC\xD3v\xB8\xC7rvxw\xA9:\x86\xF2\xB74_\x8F#^\xCED�\xA5\xE7\x89\xEB\xB1F\xA8�\xC6�1�q2\xA4n\xDEg\x96\xAE�.|EKN\x9B\xBAsR\xE0n��\xB0\xE4%\x88\xDA
-�\xD3V\xB5\x92�S\xF1\xFDL\xC0\xDC\xEESr\xBB\xD03\xF8\xD2
-�-k\xBF\x8F+\xB1\xD8aR\xF7\xAFŒ\xA6\xE7#�FA\xB4 \xB4\xF4�\xD8+`\xD6+�\d,\x8D\xB2\xEC@\xC8{\x95>4A6\xEEO}\xAA\x84\xB1�X\x99߻�b���\xD8��\x96/�\xC6z#\xD5K\xAE\xDE\xC7'vʀ=\xF6 +Dڳ�\xE1EӇY�5\xBD'\xD0H��\x8F\x8D�V\xC5,\xE3<��\x8F\x83\xE3 at j�Q�%\xB4W\xCD\xF0V\xFB:\xA5\xA2b\xBD\xABAR 3\xC7\xCFb\x9D[τO�\x8A8@\x98\xBB\xBE *K\x82-\xEA\xAA͋\x8A.Y\xF5O�vl\x99\xB7\xB4(>\xA4DXe ,\xAA2\xB8j+�E\xBE�\x92rTT\x90aQ\xA1/\xACQ\xE6\xE4�\xE9l)t0\xE2=\xE6\xA5�1\x8B�,\x84\xBC\xA4[X\x8E\xB02\xE6L \xA1\x86\xDE\xC9\xF4 a\xDE\xF6\x86$\xB8G\xCCf\xB6\xBE~� W.\x87 \x9E=\xF3i\xAB\xA3$\xC8#\xE8\xEEy\xAB�`\x9D\xB1:�\xCBY\x9D\xF9\xC5,\x86^\x98B\xB22H4`\xED\xB3T�\xCE�Q\x83\x8A\xBC`\x90\x85\xAB!Q\xAFѥ\xBB�Gqt��� \xF3\x84}\xE7\xD2-\x84\xBC\xA8\x859\xFD�\x90+\xDDA\xDF\xFC\xB1-\x8BE\xD1"\xB4�\xB0q�\xE5-D\x868\x9Edt\x90\xE9DY\xEC\xAB\xF1\x99Ӊ\x97T\xB5+�kH\xC8\xD7�ׇ�\xA9\xF8Ӽ\xA4�\x89A.\x96\x8D\xF9�
-\xF2\xF1\xBC5\xD8rqJ\xE6\xE3�\xEDk�\xDA�\xDDl��-;\xE4��\x9B\xBCuу\xE6\xFB\xF9\xFB3\xF8\xD5\xFC�\xA4&e \xB8�*s*4C\x89q$\xAC\xED�
-�t\xEC>\xA6l$\x8FqtF\x9A茈\xCE\xC8�.\xB2\xA1\xD5`c��h\xE3\x886�\x91\x83\x93\xD8a\xFB\xE6�h\xB4}j\xB4\xD5\xF6E\xBF\x98��\xF3\xB1\xAC\xFE�D�$\x8DY\x93\xFE1`ST\xDDa\xC1\x872\x95!%N\xC9\xC14\x82\x91yyT\xFC ^M\x83\xF2\x8E\xE24\x9A?\x9F\xCE\xFDDb\xFF}\x90]\xA8\xEE\x84X\xA7\xB5\xBF\xC7r\xDAߌi?D\xB6\xB6\xE4\xE5\x83\xF4\x9D\xA9�\xDB\xF5q
-#�
-�p\x96\xB8�k\x84\xBAA\xCC! \xF7\x97I4$\xEF \xE8\xE0\xDE=qK\x95㿣\xCCA|)\x83sr��v\xA8� \xF7
-=\xB6J\xB1䷟\xF01~_\xBA\x80�\xEF�\xE8\xB1!b\xF7�\xAF\x82bFƄL\xF4P\xA6�ݎvlK
-818�\x9E\xB9\x97Æž\xB8\xF25\xB0m\xB7\xDB\xD6\xFEE\xD7�Ä°\xC2qZ^ \xD2Ë´\xBC\xF0�\x8D�댼x,'/\xF7c\xF2"\xED\xFF*\xBC\xE7\xDCíœ;\xFA\x8BF\xCC\xF8E\xD2z\xAC�\xDA�\xFF\xA2\xA1\x8F\x88�J\x8B\xEC+Y\xDA\xFF\xDF \x8C\xC4z\xA8z\xB5\xB0\x8Cì³›\\xE3\x97\xDE|4�\xC8\xC2e�\xB9\xC2A<�Y.p%J\x8E\xB8r�g\x8A\xC8\xF3n\xD35-.\xFD@[\x98�KW\xB6\xDD?��\x9D\xF8\x98�R\xC6�\xA63} f\xFB\xA2(\x98må¿
-
-g\xD0q\xA9�|\xFD\xB2RG\xF47��\xED�r%X�@<\x909�\x85\xEE\xCF\xC6m\x9D_\x94\xBE\x8B\x9C\xD6y\xA0\xADë¯\xEA�Ë¥_�=\x99{��\xF3(+_\xEF\xED\xFFÌ°\xF7\x9C\xBFk\xAB|��|~2\xD8��g\xF4_\x9D\xE0o�\xA4f\xF70\x8B@\x9E\xF6\xFDc\xF8\xBB�7\xAFg�>Ú¾y\xB7 _\xD5$8\xBD��{\xB3\xF5&\xFDtIÚ—\xDFbf\xFFl5\xA2�|\xE2\xAF\xF1\xFF\xFEO\xD7\xFE\xBFkQ\xCAT\x96\x9DP%\x99\xC6V\x95�O\x94埈\xB2c\xCBb\x9DB"Gh\xFF�ﯓ\xD2endstream
-endobj
-2482 0 obj <<
-/Type /Page
-/Contents 2483 0 R
-/Resources 2481 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2460 0 R
->> endobj
-2484 0 obj <<
-/D [2482 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2481 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2487 0 obj <<
-/Length 2936
-/Filter /FlateDecode
->>
-stream
-xÚ¥Z_wÛ¶�ϧ\xF0[\x94\xD3Z�ERΞ\xB2%\xED\xB2Þ¤\xBDKvv{\xD6=ȶ\x9C\xE8Ô–<KN\x9A}\xFA�� MÙ²\x93\xB3\xB5�\xA4I� \xC1�@�\x8A�E\xF0_\x8C2�F2W\xA34W\xA1\x8E\x84�M\x97'\xD1\xE8�\xE6>\x9C�\xA6�[\xA2\xB1O\xF5\xE3\xDDÉ»\xF72�\xE5a\x9E\xC4\xC9\xE8n\xEE\xF1\xCA\xC2(\xCB\xC4\xE8n\xF6Gp\xFE\xF9\xF3\xE5\xCD\xC5\xD5\xFF\xCEƱ\x8E\x82�ó\xB1\x8E\xA2\xE0\xFA\xFC\xE6\xB7\xF3\xFF\xD0\xD8\xE7\xB3<�\xCE?\Þž\x8DE\x9E\xE9�\x884\x92%Qpqs{{\xF9\xD3\xF8\xE3\xE5\x97�\x977g\xDE\xFDrry\xE7\xD4\xF2U�\x91D\x9D\xFE:\xF9\xE3\xCFh4\x83�\xFCr�\x85�\xB8\x8D\x9E\xE0G�\x8A<\x8FG\xCB�\xA5e\xA8\x95\x94vdqr{\xF2_\xC7Л5K\x87L\xA1t�\xEAX%\xA3\xB1Ta\x96 \x8FA\x83Ea\xA4\xC1 \xE3T\xE7a"c\xE9��\x8B!\x83Y*4ظÃ\xBE{\xAF\xB5G\x99\x87"\xD6)0G\x8A\xEEyU\xEE�C�\xB0y\xAA=^Cz9\xAA�\xC5bO\x9C\x88%l I\xFB\x9A]Õ³jZte�\xE7�GA\xF7PbG�\x9B\xB6\xA4\x91fÞ›\x89\x82o\xE5\xF3\x99�"�iKJ\xF4dÄ¡\xCCT\xB6\xB3\xA9�M\xE2�\xCEV3\xCDr\xD3v\xC4x¢\x9BzG\xF4\xF9ow?\xFF\xF4\xE9\xE6=b\xEA-
-\xDD|\xDA��<\xC8�\xCD�%\x83y��&�\x88�C\x85\xB9ֱ\x91z\xF3ɮ
-\x91< \xEEh{I0+\xE7\xC5f\xD1Ñ\xAA\xA5\xD6��n\x87\xB0\xA7\x83\xF5\x99È‚r^\xAE\x99\xB8k\xB8\xB5,\x8BI\xB5\xA8\xBA\xE7\xFEl\xB1\x81\xF9\xBA3\xC6g\xC9EW\xA0\xF2R�E=\xA31#�\xF7�\xF5\xF5'\xDE\xE0h[\xDE\xF0\xC3\xF0\x86\xB6\xAC\xA7\xEB\xE7UG?\x90m\xB8\xE7g�\xE64Ra*D\xFE�\xE2=\xAA#\x88\xB7T�\xF1\x8F�\x88\x87�H\x95J>\xF9E\xF9X.\xF60�\xE0\x88S\xF0Å£\x9A9\xAA�\xD5z\x98\x97"\x8Cu\xD2W\xED\xB6\xECZ\xB6\x97\xB5⬜l\xEE\xEF\xAB\xFA\x9E~�\xCD�\xDF1\xFA!�~�\xB1��\x8B�CE�\xA1B\xD1i\xDC]]_\xDD|\xA0\xB5\x9F>\xDF]}\xBA\xB9�\x80=�!\xA8\xAD\xB3<3\x8B.\xD8\xEBR�L\x8B�;\x8A\ �\xCA\xEF+BUÛ–3\x9A\xAAj\x9A"\x9D\xA13o\xD6Ë¢\xA3\xC9/\xF0\xEF\xFA\xFA\xE2\x82f \xFA\xBDÑŸ\xBE\xBE\xBE\xBD
-i\xF2jN\x93\x8EOa$\xDDo\x96\x80F�\x99\x94`\x8Av�vOU\xF7\xC0\xAB\xA89}s\x8A\x9D\x84e\xC2\xC0\xF8�1\x9C\x89\xA0\xEAh\xA6\xE2MVuW\xAEy[�\xED
-\xD8\xF0d\xC1\xBB�\x97\x87\xF9y[\xF2⹡o\x96;{\xB7\xD6q*wղ\x84
-\xCA, \xDE[U\xA6M\xFDX\xD6�8CiT\x8A\x83jN3\xEDf\xFAp\n\xB5\xB3}\xBA\xF7\xE6\xCDb\xD1<�\xDDE�L\xD0\xEBD\xCA\xF1
-�L\xBC\x82�R��Úa\xFB5\x8A\xE2\xEF\xE6\xACa\xF2�\xA2g`l�\xAB\xE0t\xD9PW�\xA7O\xAE7s\xBD�\xDB3{\xC2\xD5\xCB\xCA�a\xF8 1,/\xED\xEFB\xB0é¡6\xCBÕ†l�T�/{.\x8B5+\xF55\xD2ѬD=k\xA0�8x:\xA7,\x90\x89\xA6N\xAC\xC6�\xCDfM?f\xC5skL�\xA7|_7kr$\x98X\x94ÅŠzF�\x88�L\xB7l\xEAî™\xF6\xA5\x9B!'/: \xCEc\xF5T\x96߬xO�\xA4\xB7}\xBE�v6\xB5\xACj\xB0\x8A\xA1�\xC7eH\xAD\xCAiW\x81\xFB\xDBKn,E�\xFC~\xA6ak�\xB0\xE4\xA0ZP\xE3�\xF0Û\x98\xD2;�\xF8]q\xD0\xF1��Gk\xE6T�\g\xED\xC1@
-\x99S\xA8\xE2\xF4\x85\xD4ħ:�\xA8�\x95 ԟ\x87�u\x96k�\xA8\xE1�)\xDF5s\xB3\x95\xDDp\x9D\xC4a\x92\xBD\xA4\x9F\xA3�P\xB0�\xAE\x934L\x92\\xF75\xE4x\x9D[\xDBf\xB9ш\x86\x9A\x9Aڧ\x87\xCA\xF84L�4\x82y\x8A\xF9]\xD9\xD5
-\xB5�f\xB2\xDAL�U\xFB`N›vB\xFE�dž\xF3Wq�\x9C\xCF!v\xD9i�tY 8t�\xD95,Ԥ�:
-\xD3X\xEA\xDD\xF0\xB9X \x84c�\xF4�\x91\xEA\xE9b3#\xD4\xC7�\xE3c�\xE7b\xA3�/0\xC8K\xA5ǣn\xBA>\xB3Mk�\x99\xBD@ۂ;2\xEB�\xA1�\x91\x8D⿷�N\xF5-;]m\xF5\x98\xEF\xE81\xFE at m\xB3ꪆ9>\x90\x8FJ\xC3i XNʒ\xB1\x8Dz\xBDݻqm\x9A\xE5\xB9\xC6W\x88\x89u\xF3\x84\xCDaG\x884<W\x92\xEC�G\xF0\xA8\x8E8\x82\xA52\x8Ep>\xE4�\xF0z\xD0\xF9k\xFC@\x85R\x8B\xEC\xB8z\x8Ej@\xBF\xBE�䡔R\xF4�$?\x90\x9A\xEFA\xEC\x90�`�OEje\xFD\xA0Ge<�;\x95]\xDFP;a\x82�C�\xB0\x9A�F�\xB8\x96�\xEE\xC4�\xE1ne!\xDC\xE1j\xDF\xE7L\xA8d\x9E\xE4 \xB0\x85,�}�\xD8\xC2]J\x82;\xB6\xC4NJ\x86;��(b\x870m\xA8�j \xD3Hn0\xAD5a�\xA7�\xA6q\x860-\xB5c$
-\xA6=a\x84il-\xA6\xB1o0\xDD\xE3D(\xB6\x9A�\xA6\xE6\xEA�B\xFC?ƴ\xD2�䅉:\x8Ei\x9F\xEA0\xA6�\x95\xC1\xF4\xAFØ\x8E"�\xBF�\xD42L}\x96Ø&\xA2�\xF5\xFA\x90\xCE\xC24\x85+\xA5\xA7�C:\xE3\xC0\x80�\x86tF\xA1�[�i\x9F\x8A\x80\x97\x91\x99\xCDLCМ@vUR\x97.\xF4\xC7\xE6\x9B\xC1u
-a\xDA\xE2:\xB3a\xDC
-\x84sU"\xDEc/,\xAE\xB3h\x8Bk\xC8\xFB\xE3\\xF6q
- \x80,\xEE\xEF\xED\xA5^\xB4~Ja5\xC0D\xE2\x8A\xD1\xC1Q\\xF3md��w�xi\x81\x8B\x97|� \xF3zv\x88�_ \xDEK\x90/ \xE4\xD8�\x86_�\xD7n,^\xC8-|\xAA#\xF0\xB3T�~W\x83e\x8F$\x93\xFA5\xE8\x83� M\xE4q\xF5�Հ~}\xFC\xE9P\xE94\xED+\xC8\xF8\x936\xA4A\x87\xF1'�0b\xF1\xE7S�@\xA0S\xD9\xF5
--\x9A0�\xBFs*jg&PI�@\xE9 \xC8�M`�\xE2\xCF \x84^Û¹\xAE\xC3"\xDC�B\xA4\x87b\xECA \xF1e<\xB1\xD9l\xB5\x87J\xCA�\xFE=\xB4$\xDCx Þ G\xA1\xE5S�\x86\x96\xA32к�\x8AlX4L_w[g9\xBCÃ\xAA\xE7\xA8�\xF4Û½\xAD!\xB9�}�9k\xA5\x87�u8k\xC5\xE7�Z.\x8E]\xD6\xEASQ\xDE
-\x9Dʮo\xA8\xA5\xFAX�\xD7̢\xA4\xBBZF¥\xA6\x86\x85IMY\x92y&f�|\xF9\x94c\xCCܨ]4\xF5}\xB9v\xF7v�P\xDC\xCD\xE5^�\xA48\xD0\xE1\x9B\xCE�\xBBe\xF1\xEC\xC7\xC3ea�\xEE1 ��\xE5\xAAi\xAB\xAEY\xD3S\x8CA\xFB �\xF0GP6UA\x88\x8F\xC0\x83ȋE\x98䀆\xE3\xC8\xF3\xA8\x8E \xCFR�\xE4U/\xD5rM\xA5\xE3\xB1دm)0i�dGusT�\xCA\xF5`\xA7�觢\xAF�\xC3.\xB1U\x81\xC4�K\xCCsgZp���NMC57%��.\xE8\xF7\xB6\xCC�\x91)\xA5g��\xDB\xD7Bd\xEB�\x89-\xCB\xC0\xD2=�tW%.\xC3t�3S\xFC2\x80\x93i�\xC5b'Q䪰\xA2�5V �^�\xEB\x82\xDE\xCD8\xFCLm\xC1d\x8B\xB2\xA0�\xB8q\xE390\xB8\xA4:\x8F\xDAև\xA2\x9Cv\xA2\xAC\xD6jG7e\x93j\xE4d\xF9`Q\xA0\xC2G\xBE\x93\xBE\xE9zL\xFA[�J
-\x89g\x82^]\x9F��&\xA93\xA1\xAD\xC6\xC1\xF4\x8E \x95\xB7\x92\xFD�\xC7\\xA2\x99px0,\x8C\xBA0\xC2\xDB\xC61\xD86\x8DMJ<`\xC4�\xAF"\x81j\xE7d(t\xFC\x80',\xB0\x806�\xAA\x9B\x80\xFB\xB5\xB6@\x82�W\xAC)\xBB�6A\x83q\xDC�\xA4bn+8\xC6W\xAB\xE0\xAC
-ڞaq\xC0��;\xBEZ\xF8ۮ�΀(\x96�8D\xCF\xF7\xA6\xE0��e\x95�1 \x83
-V\xD4m\xC6\xCE\xE6øD\xE6ä\x8B\xA3,t\xBD�
-�\xA3�≢\xC0o\xF0\x95Yhd\xCA�"\xE8\xF9\x85�\x93\x92
-d04\xA53a\ÃœI�3.L\xC2\xEF\xF2\xFB
-\xA4\x99�:3\x85\xCBiٶ\xC6Ua\xD2�\xBD!n@\xDAz+\xCE\xC6\xCBܕ }\x85\xB6\xF0\xC9�\xA3\xC3 ~\xBDX\xE1\xBDmLu\xCE|bxn\xE0\xAA�*\xF2T\xB5e?\xB3\xB0+\xFE.\xA9\xA0;h\xB9s\x93Ki\xAE2K\xA9\2\xE6�h۷\xFC\x98\x9D\xD3�\xE7Lj\xA7\x90\x8DS\x94\x9C)\xAFn\x8B\xA3\x93g�\xE5Ǧ\xE1m�\x98\x93ޫ\xDB\xE2\xE4\xE9\xF3\xA9�\x9Cآ\xAD\xE9>\x9D\xB26T\xB45c�\xB67\u\xB4%\xDC$\xDB\xF7\xDD�ʊ\xCC�\xED�\xA2ۆSIKG3\xA6\xAE\xCA쨦\xCA?\U4\xD9\xD6g\xA1몢�~(\xE2k\xBF�
-��\xEA\xA0�;\xF9'U\xD1a \xED\xEC\xEF@]t\xEFc�<\xA9\xF3h\xFB1\x86\xA0\xFA\xE1\xF2\xE6\xF2\xD7s\xFCRwwyAL>^~y\xC5�\x99\xDF\xF14\xAC�\xEFk%\xDC\xEDB'6\xAB\xAC[Pi�Nv\xEF\xA8}\x9E\x90�\xA6\xCA�N\xB1ԋ\xB9\x9A)\x94\xE5\xD6{\xE7\x9B\xC56x\xC6YJN�O\xCC\xD5�\xACô�
-\xB5\x9D-\xA6\xE7\xF4y\xC1>\x82q \xBF
-|\x84\x8De�\xFD\\xB0��k\xF8�\xBE)\x8A\xE2M\x85\xFF�\x94γPÅ®\xCCE\xC5\xC3\xDCU9\xC6*\xCE\xC2Xˤ\xFAm�\xB7;\xF9�\x9F�\xE0`\xB5\xE98�\xBCs\xF1Ô¶\x85\xCD\xFAf\xF8\xDD�\xD1\xE1\xEE9\xED\xED�\xFA\x94\x8B�&\x866\xA0<\xD876�C\xB9\xA6\xDAÕ\xBF%�\x91�\x95\x8C\xB2\xE3�\xE1S\x99dK(\xDFB\xD0ͤNj^\xFD"\xDD\xCB\xF1"\xC0d\xA2\xD2\xE3R�Õ¾\xD8\xFE\xF7\xF4�\xFA*\xE9\x8B\xC5\xF3�\xFE\xAA\xAE"{\xE8U{È€u\x81\x99\xD0�Se*\x94\xE9\xA1ך\xB5\x94Gt\xD8P\x96\xE8E;��\xB95Ó®\xCCA+\xF92�\xEEC6\xC2\xCF
-\xA0\xDD�#\xD5pw\xAC\xABi\xEF \xB2\xFD\xD2\xE8\x81ո\xA2\xBF\xB2X\xDC7k�\x85˃\xA6Mt�\x89\xFAq\xCBni��\x96i^\xB4\xEB�y[\xB3\xEE��\xB4\xAA'\xF0P\xFC\x901�>K^\xC4\xDE\xD6\xF3m2\x85\xCFD\xEB\xEC\xF3\xA6\xE9L�\xC4g\xDDA;J�\xE2\x9F\xF3�\xEC+rwÿ\xFE\xAB\xA1푨4\x94Yv\xA0\xA8$\xC1\x90RB\xA4e\xA5p\xF7B廪k\xB8\x9Et�\xA7�\xBA\xFF�\xD7\xFCD\xF6endstream
-endobj
-2486 0 obj <<
-/Type /Page
-/Contents 2487 0 R
-/Resources 2485 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2460 0 R
->> endobj
-2488 0 obj <<
-/D [2486 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2489 0 obj <<
-/D [2486 0 R /XYZ 85.0394 658.0977 null]
->> endobj
-2490 0 obj <<
-/D [2486 0 R /XYZ 85.0394 153.2806 null]
->> endobj
-2485 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R /F14 964 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2493 0 obj <<
-/Length 1726
-/Filter /FlateDecode
->>
-stream
-xÚ¥XOW\xE36�\xBF\xE7S\xE4\xD0C\xF2v\xADJ\xB2$˽�\xC8\xEER P\x92\xED\xDBvw�&V\x88\xDF&6�;\xD0\xF4\xD3w\xE4\x91���l[8D\x92\xC7\xF3~32\xEBS\xF8g}\xA9\x88\x8AyÜbA$e\xB2?_\xF7h\xFF�\x9E\xBD\xEF1G�4DA\x97\xEAh\xD6\xFB\xF9]�\xF5c�+\xAE\xFA\xB3E\x87\x97&TkÖŸ\xA5\x9F�GD\x91!p\xA0\x83\x93\xC9t:>�\xAEÇ¿_\x9E\x8D\x87�\x8Bc!�\xA3\xAB\xAB\xF1\xE4\xE4\xF4\xD30\xE0\x92�1\x90R:\xB8�M>\x8E\xCE\xF1\xECj�\xF3\xC1\xE8\xFDx:\xFC:\xFB\xB57\x9E\xB5juUg4\xB4:}\xEF}\xFEJ\xFB)X\xF0k\x8F\x920Ö²\xFF �J@�\xEF\xAF{B\x86D\x8A0lNV\xBDi\x{FDD6}a\xE7i\xFD\xAA\xD7�\x8C��*\xEE\xF1�g>_Ș\xA8\x90\x87\xB5/Ò¼,\xCD<\xF8fv\xB7&\xB7\xE6\xC0K\xBC\xF3R�\xBCu\xAC@\x92\xA5\x9Eo\x86L�LR\x99r�\x84\xA1�T�\x85]\xC8\xC1�J\xF9Ê”oa'\xE5\xE0!\xAB\x96H\x90'k\xA4\x95\x83\x9B\xA44)\x9E�9�UC6X�\\xDFm\xB2\xBCj�\xCA
-v\xB7���]+\xB8
-ID9s�\x9D\xE5\xF0G\xDE$I\xF2&\xB3�,\xF1\x98�LC�\xC7,\xEA�\x8C\x91XJ\x8E\xF6�y\x95dy\x89a\xAD\xAC*vq\xB7\xBDYes\[~\x8C\xB1\xC1[\xDC&y\xEAQ\x8AqA\xE2gU�\xCB\xEE\xC1e�\xB5\x98\x90\xA0�\x8F�\xF7>\xA3\x8E{\xFF@\x9F\xDA7\xFD\x80C\x80\xB4���\xA7D\xF0HՌfK\xE3\xD32&�\x8F�a\xCFx\x8A+X\xD2\xD8�aX!&Tu\xB4\xB3\xBB\xC4\xFED\xB6\x82p6\xFE��\x98"\xF3\xA2\xFEM\xF1\xACZ&\x95c\x92丸1\xC8 �\x9A
-\xC6�N!�\x8A�5\xF8\xBBÈ\xF8\xAE*_\xA8\xA4i\xE6$U\xAB�\xB2�\x91\xF5S\x97}{&?\x9DN�t\x97\x80�\xD0Z�f\xC1\xF1\xF9Ç“1z\xB7\xAC\xC0\xD1k\x93W \x81\xA1\x8Bé¸�(h\xC4\xC2Ƶ\xCFG�\xB8r&\xF4c\xF7
-\xD6u\xAF\x80<[\xDD��\xB0c�\x94wf\x9EY\xC29\xD2Ù¥Y\xA5\xA5\xC5%\xCD�\xEFj\xABἸ\xB9ÏŠ\xAD{�jz�\xAF\xEF\xF0\x91\xABÚ²\xC8\xEB�U!�$+\xF7\xEC��\xD2¸\xF7\xF3\xA2B\x87E\xA0\xAFV\xEC\xD0a\xCB\xE4\xDEe#\x80\x86\xD9$+\xDC81\xA9\xCBZ\xB3Yge\x99�\xB9×G��\xC9\xE3HAB��\xF6r\x8EFD \xC0J$\xF2\x97$\xC8RT\xAA�\x8A\x88\x94-\xC29��/Dr\x90\xA0Ev\xA3\x9C\xA9\x98\xA9\xF0lQ\xFB��\xE5n\xBD6 WsÜš|\xBE\xD9\xDDUY
-q\xF0Z�Hdz\xDCΗ\x8E\xBB;\xF9p1:v\xE9iq\x84q��\xBA\xFB\xE2D:\xF41\xF7 \xD2��\x8A\xED\xED\xF2�ܲ^\xF1\xA3�>nL\xAB\xD9~\xDF�\xCD
-\xD2\xDE!.\xC0k\xAB\xC0\xC2FN\x84DH�\xDC\xF8\xD3\xE8\xE2\xEA|\xEC�\xAF+l-3\xDB%\xA1\x9Ay\xC8\xD0y \xF6P\x90\xACF}\x83\xE7 \xFEDJ�7Ye7Д\xA7#<Ee\xE1\xA4\xF6\xB5=AK\xE1$-\xD6P+.\xEC\xFA \xEC\xCCV\xA2p\xE14%뻕!\xF3b\xEDQXI�ɰ\xA1\xB5>\xB6-m\xE9t[�\xABU\xF1 m�E�\x8B5:�\x9E=�\xDBU\x8A\xE77\x8E�r}k\xD2_<:�\)\xA29\x9C\xB9
-\x88<\xAD7P0d� \xFE\xD6.\xA8�n\xF0��\xE4��埗\x931\xAE^6у^u\xC8\xF7\xD6\xC0\xA6\xB1�\xB3%\xAF\\x8A4\x90\xB8A�\xC0\xBAX<\xCA8\x88\xCC\xDAg\xF2#\xB1g�%\xC9�J\xC37\1E_\xD2�}tZw�\xD9\xE0��\x8D\xB9o\xDBD\xED\xCC*\x82��6m\xF8\xB5\xC9F\xC12޷ރɦ\x96hP`\x83�O!�\xB0\x91\xB2\xB8\xC1\xAAgl|�˜�ea\xB2z�à aÇ´\xEDÅ ÄŠ0\x86v.${<\xD1��a\xF4��\xF7\xA8j:\x91\xB7\xF0\x83\x96�� \x80\xC9\xD2NÇ®[\x8EΧ\x97\xAF\xE3\x80�D\x99\xDD涛\xDBÞm{u!�\xE3ΫZ��\xCBF\xA9\xA3\xD3\xC9 J\x8A\x9D\xC0t\x9D\xE5�ddRÕ G\xD7fa0v\xF9\xDC%\xE5E\x92o\xA1'\xF9\x9C\xAE Ô¢j�\xFE\xA9�0\xC7é¶_\xBF;F\x8E\\x86\xB1\x87\x9F\x80\xE6h#\xF0\xAF\xD9i!\xFF;;\xF1\x98�$\xBDx\x95\x9D?\xC0a,\x89�v,\xEE \xFC\xE8\xE3\xEC\xC3\xE5\xF5\xEB\x81=\x85y}\x93���\xD3] \xA3\x93\x9B]\x8Fa\xD4(6U\xB6]\xEF\xC5Bg�\xAAm(\x96OÌ›\xFB�\xB4�
-X\xE6Rec\xEE\x8Bo\xA6\x99�BMB\xCEtM:\x81\xEB\x84_\xB1\x90�{q\x90q\x98�5\xABZ\xA9/\x9CGN\xD7F\xE9�\xC8\xF0
-\xE8\xB2
-[\x91Å»\xFC
-\xF1\xBA\xB8勞\xF6\xCA\xE9./\xEEʬ||O\x84\xB2\x8A4x\x91\x89\x98\x84\xA1�\xBE{\x9D-~\xC8;X\xFB/}$b\xCC�\xB2��\xF5\x9DO\xF8\xEE|-U\xD7=\xCE5\xB6\x89|�\x96\x9B\xAF\xCD\xF2�
-�\xD9Ý›
-X\xA5\x9A\x91k�\x83\xC8\xCA7t\xC5D\xEB\xA6z[~g�~!ä’
-v\xC2,�s|\xB1\xD9yxJA�oÓ¸e:~\x95\xA9\xC9o\xB3\xDC7\xAC�\x92\xB5��\xED\xEAÚ Æ‹le\xFC\x95�\dd#Љ\xF7\xC9xz|}z5;\xBD\x9Cx\xFA\x93��\xF7\xC9\xFE\xB8AE�\xB2v0m\x86k[`
-3R\xB1}F\xAAf\xB6\x83�v,;\xCE\xC0\xA4_\x9Aʽ\x82\xB9\xAE\xBA\xB9��0ו\xCB\xF5.\x99\xE3\xC7\xEAA\xD5�\xA4\xC6r\xCE\xED�l\xB7\x99{�q�\xE8$e\xAC\x96ʛ~\xD6��#�\x9BT\xB7\xD9v\xEA+7�n
-I\xB2\xCD\xE1\xC4\xD1�\xAE퀎SL}gj瓶\x9C\xF3\xE2\xA1S\xFE\xA9\xE7\xEA\xEC\xFBl�!\xB5\xDFZ<\xF5F\xDB\xD8\xFF\xEFO:\xFBOW�|\xA35\xDF\xAD9\xBC\xE3H;\x9F\xA8F)\xEB7&\xE9�՛\x8F?Ou\xFF�\xDB\xC5\xCA2endstream
-endobj
-2492 0 obj <<
-/Type /Page
-/Contents 2493 0 R
-/Resources 2491 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2502 0 R
->> endobj
-2494 0 obj <<
-/D [2492 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2495 0 obj <<
-/D [2492 0 R /XYZ 56.6929 598.7685 null]
->> endobj
-2496 0 obj <<
-/D [2492 0 R /XYZ 56.6929 432.9509 null]
->> endobj
-2497 0 obj <<
-/D [2492 0 R /XYZ 56.6929 360.8886 null]
->> endobj
-866 0 obj <<
-/D [2492 0 R /XYZ 56.6929 315.6627 null]
->> endobj
-2498 0 obj <<
-/D [2492 0 R /XYZ 56.6929 279.8921 null]
->> endobj
-2499 0 obj <<
-/D [2492 0 R /XYZ 56.6929 241.5703 null]
->> endobj
-2500 0 obj <<
-/D [2492 0 R /XYZ 56.6929 166.5861 null]
->> endobj
-2501 0 obj <<
-/D [2492 0 R /XYZ 56.6929 97.4887 null]
->> endobj
-2491 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R /F39 1161 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2505 0 obj <<
-/Length 1929
-/Filter /FlateDecode
->>
-stream
-xÚµY[o\xDB6�~\xF7\xAF0\xB0��\xA8Y^DJÜž\xD2\xC4\xE9\xDCK\x92\xC5\xEE6\xA0\xED\x83lÓ¶PK\xF2,9Y\xF6\xEBw(\x92\xB2$\xD3ΰ\xA2(PS\xD4\xE19Gß¹3\xA4\x8F\xE1�\xE9G�a&\x83~(�\xC41\xE1\xFDy\xDA\xC3\xFD�\xBC{\xDB#\x96f舆M\xAA7\xD3\xDE\xEB��\xF6%\x92\x82\x8A\xFEt\xD9\xE0�!�E\xA4?]|�\\xDEßn\xAF\xC7^�)ǃ7\xE8b\xC81�|\xBC\xBC\xFDt\xF9\xC1\xEC\xDD_H:\xB8|;\x9A\�\x89\x8C��\xA2P\x93 <\xB8\xBE\x9DLFW\xC3\xC9h:��]|\x9D\xBEë¦\xB5^M\xDD fZ\xA9\xBFz\x9F\xBF\xE2\xFE�>\xE1]�#&#\xDE\x82�\x8C\x88\x94\xB4\x9F\xF6�\xCE���s;\x9BÞ¤\xF7[Í°\xF1\xB6:\xEAÂ\xB3�\xF1\x88\x86�0(\xE9�\x82$ç´…�\x97H0\xCA*4\xEE\xEE\xA7\xE3\xBB\xDB\xC9Ñ—`\x849 �R\x82�
-\xA4\xDF
-\x96hؤr\x82=VpTZ\xEEp\xDD� \xCA�A\xF0\x82HG\xE4�I�"\xA5D�\xE5�\x91\xA34)\x8D\x81\xF7E\xBCRf\x99\xAA\xE2\xF0�g�\xB3P'%:\x85\x89\x90��\xA1�\xE71iR\x9DƤ\xA6\xAA0y\xAFE\xBE\xBE\xE1\xBCAI\xC0�\xB8�\xE6\x9Ab\x91\xECÔ¼\xCCw\xCF]\xDD�\xA7\xE0!\xC0\xE7\xACr5\x95G\xBB&|\x84\x87\x88\x85Q[\xBB\x89*�\x83N\xB9\xB6x\x81:�$�X\x95\xAA\xAD$3\xBFO\xEBd\xBE\xEE\x90S\x96\xE8�\xC6t\xA3,\xB7\xD8ð°´¹\xF95{E\xB2P\xA7Í Ý˜F\xEC�34\xA8Θ\xC1QUf\xD8�\xB9&ET�\xCCY\x91\x8E\xC8#\xB2\xE5\x9A!\xA2\x84\x89\xB6\xC8\xCBe\xA9v�\xB8]R&Ùª�]\xA6\x9Ej��Uz`4\x88\xA5\xF9\xA3\xEA�\xCDw\xC9*\xC9\xE2\xCD\xC9\xF3\xA7�\xA6��/8\x8FoMs�]CSa\xFB\xE8sq�\xD2 d\xD6\xC77\xEAQm\x8E\xFC\x9B
-D\xC3@\x9CÓ©\xA69R\xAA\xE5ÛŒ \xCAES)\x9Fg\xAB\xD9~\xB5\xAA\xEDP\xE9t�'�6\x95\x8C\xBC\x80T\x93\xEA4V5U\x85\xD6ÈV$\xB9CKe\xA0\xA5:\x82\x8BQ�\x81uÏ«VSytkC��TPWZ\xCA}*\x94\xAE\x8F€Fd8X%\x8F*3{w[\x95M&�̃\xD1�*(\x95l\xF0\xC7\xDA\xD1\xCC\xF3t\x9Bl\xD4\xC2<=%\xE5Ú°\xB95\xF9\x89�\xB3]\xEC\xB7\xDB|W\x9A\x87\xA44��\xB5\x8C\xF7�m\xB4J~nv\xB7\xDF\xE6�!\xBFh,\xFAC�\xA2\x88�nú \x82ʵyU\xBA-m.\xCA\xE2T\xB5rN\xED�\xAEZ\xB8\x9C\x94\xD9_\xF79\xA7\xBC\x81sD^\xCCKM\xAA3\xDE\xE0\xA8*oX\x9E\xCAKgE\xD6y\xE9X\xA4//\xB5D\xDE\xE4�(s\x8D�&�H.;\x9D\x9F\xD4\xCF\xF0�\x89\xC1U\xBC/ \xFFT>\xDAÒŸ\xE0��\x91\xA0\xAEleE\xA1\xE6ÃzÌ¿)KÞ”-�
-9 ,u\x857H\xAB$\x99\xA51�\xA66�Ž\xA9%\xB0\xD8\xC6\xC9άT\xE5}z\x95,
-ul�M\x9E3\xEBxc\xCC�/\xECy(\xF5EeqX\xA7q9_ë ¯\\x88��\xED�\xB8\x8E߇\xE2\xCD
-Rk\xB9N;\xBDC]\xE5\xC6\xD76�/;\xC9\xC5h\xA0\xB1h�!\x84�N\xFB�\xA1\xBA\x8Fy)\xC34\xA8\xCE\xF8\x94\xA3\xAA|\xEA\xE1ȧ8t\x9CR\x9E�\xE9\x88<"[\x89�c\xC4�\xA1m\x99\xF7\xBB$+O\xB5�e\xBC:\x81ZMb2E\xEB\xDD\xC3\xE8\xF7\xBB\xF7#\xB3\x9E\xB9\xB8\xAD\xEB\xDClo�\x8B:\x92ˮ%<\xC2j\x8Bt�i\xE8\xA3P !
-�\xA1\xF5v\x8D\xF4dd\xE5_~\x98\xDCy|�CN�\x88qJ\x9B!�rV*\xFB\x829\x8E\xE0?\xF2\xCA�d\xB2i7\x82�0\x9C
-\x8E7\xE3[\xEBVÒŠ[\xA4I�.\xBC\x8B\xA1 \xB3h\xA8\xA52_\x96\xCD\xED\xF7|\x8C\xB3}\xBC\xF1\xA8ED\x84\xA8\x80�Ï°\xF7)� �\x82\\xBDy\xB8\xB92�a\xD0 �~�T×€�Kí‡\x82\xFBDRH\x87\x9F\x9D\xCB>M\xBD{8\x87\x9C\xA1�g\xD0+eζ\x93\xE7\xA2T\xA9\xCD\xD8WyV@\xB1H\xF6\xE9An \xBD\x85\xA0\x96O\xC0t?k��C�\xD4
-�\xB3\x9F\xB5�\xF8K\x99\xA4U~ҴL ,B\xD3\xFB\xDEƩ\xF2k\xC6 \xF8$&M\x9B:>\xA6Ǣ4\xB4\x9A\xAA\xD3N\x9F\xA4u\xAB\x91\xAA2^\xC4el\x9E\x96Φ\xF6\xD9̟\x87\xE3�xq�\xD6\xC9s\x96o\x8B\xA4\xE8ƹ\x80\x81\x93\xC1\xD4Hq\x84\x84\x80\xA3\x9E8'\xF0\xA9z\x8C\xC2\xE7\xF3N\x93E\x95��_ީ\xA9|P 0\xC3\xE7\xE1\xF2\xAB[\xB9I\x885]U[\xEFPS\x9A\xA3PG$�\xA0\xB5\xAE\x9D\xB0fz\xEFa\xCA\xC0��\xF4 \x96i\\xAA\xD7\xF9r\xA9S\xC71[\xC1\xA1L\xB1\xA0\xCB\xF6\xF2ǰ}\xF0\xB0�\xB2P\xA0\x80 at unդ\xFF\xC5\xFCcԾ\xFE1l\xD7\xF5\xEA\xD1#\xC0�\xE2\xDD \xA2ÚJ�E\xA1\xEC\xB2�y\x81�\x81\xBE$�m\xA0�\xDDv\x87u\xFB�-k�\xD0%4\xB8\xDE��\xE1�\x86\xB0\xD7,!ף\xC9\xD5ø\xBA\x90\xF1\xF4T\xFE�\xD2HZ\x9D\xE4�B\x80\xE3\xC0%v\xD7\xF5@\xA6\x84�^\xA7�\xFD\xE3\xD2 #\xD0>\xEF\x92\xC7X7\\xFAE\x95\x9A\xF4\xC2\xF5N\xD5!\xDD\xE2腶��XVU:k\x9Dq\xE9L\xAF�\xE9Lˈ\xED\x99b\xAB\xE6\x89f\xAD,\xC7\xD9\xF3\x81\xD91\xBAC\xF7--c\xB8xn׳\x8A\x80\xB4\xCBY;9 \xA1k\xB7!p\xC1\xFB]<�N\xF2\xA0/\xF1��\x8F\xF1\xE01d\x94TF\xF0\xB8\xB6� \xE9\xFC\xCF�a\xE7R��^\xBBh\xBE-�\xA8\x96\xFAZ\x93�\x83ieC\xE0\xDE0�<\xCD\xE3L/\xA86Kf\xB6f\x96��\xFF\x85y7{\xF6
- 2B\xA4�\xF2\xD6Y\x93U\xF6O\x9Ey\xBD�&K\x8C]\xD8몧\xA5\xE4 xg\xC4\xE8\xB3ukΠ)\x8AB�9\x870\xA5\xAEȗ\xE5\x93\xF7:i\xA1\xA0gHu\xE8\xDA\xCB)\x95\xB5\xCAj]\x89\x93\xA2}pfOl\xF7\xB3MR\xAC\xD5\xE2U\xCD\xC1\xA8\xD6��\x8Bu\xBE\xDF,\xDA�
-N\xADR\xA9\x80FŲV\xE5�\xB9�\x84D\xD0(\xD9B>\x8!
6\x86\x98aݼ\xEA\xCF`z�\xB3;\xA0IᶌY\xCD~b\xABF\xB8z\x9B\xD5�\xCC�\x8C੉j\xD8\xDD$\x95�\x8C0c\xEFc\xABR\xAE����\xAB\x9ELAB\xEA\xEB�\xE7�E\x92n7\xCFF\xD6V\xCF \x85Q\xC2jc\xADP\xED\x98�bL\xADou"Nڱ\xDF\xEE\x92\xDAC\x9D\x86\xB84\x83\xAB\xC3\xDE\xDDJ\xFA\xFB{\xDF�>$t}\xEF\xEE\xE9{p�\x97\xDF}\xBD\xF8;F�"�E\xD4?F1�M,\x93\xC4)\xA5� \x9CtU\xAF\xFF�p\xAC\xFB\xBFR
-\x99endstream
-endobj
-2504 0 obj <<
-/Type /Page
-/Contents 2505 0 R
-/Resources 2503 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2502 0 R
->> endobj
-2506 0 obj <<
-/D [2504 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2507 0 obj <<
-/D [2504 0 R /XYZ 85.0394 751.9581 null]
->> endobj
-2508 0 obj <<
-/D [2504 0 R /XYZ 85.0394 466.3276 null]
->> endobj
-2509 0 obj <<
-/D [2504 0 R /XYZ 85.0394 401.6524 null]
->> endobj
-870 0 obj <<
-/D [2504 0 R /XYZ 85.0394 361.5595 null]
->> endobj
-1456 0 obj <<
-/D [2504 0 R /XYZ 85.0394 328.0431 null]
->> endobj
-2510 0 obj <<
-/D [2504 0 R /XYZ 85.0394 291.9754 null]
->> endobj
-2511 0 obj <<
-/D [2504 0 R /XYZ 85.0394 224.3783 null]
->> endobj
-2512 0 obj <<
-/D [2504 0 R /XYZ 85.0394 138.7576 null]
->> endobj
-2503 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F55 1321 0 R /F39 1161 0 R /F41 1218 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2515 0 obj <<
-/Length 3013
-/Filter /FlateDecode
->>
-stream
-xÚµZKs\xE36�\xBE\xFBW\xA8j�\xA6+�\x87 �>jO\x93\x8C\x938\x89gf\xD7Ne\xB7\xB29\xD0�$\xB1\x86"�\x91\xB2\xC7\xF9\xF5Ûn@\xA4DÉ“l\xED\xCCAx4�Ý�\xFD -&�\xFC��\x9D\x84I.\xF3I\x9AÇ¡\x8E\x84\x9E\xCC\xD6�\xD1d s\xDF]�\xA6\x99:\xA2i\x9F\xEA뇋7ߪt\x92\x87y"\x93\xC9â\xC7+�\xA3,�\x93\x87\xF9\xAF\xC1\xD7a�^�\x87(x\xF7\xFE\xFE\xFE\xE6\x9B\xE9\xFD\xCD\xC3\xC3\xED\xDD\xCD\xD5Tä™\xC1Û�oÞ¿\xBB\xFD\xD7\xD5T\xEA�\xA8\x816\x8A\x82\xBB\xB7\xEF~\xFB�\x8D}\xBCÊì»›\xFB\xAB\xDF�~\xB8\xB8y\xF0r\xF5e�\x91B\xA1~\xBF\xF8\xF5\xB7h2��~\xB8\x88B\x95gz\xF2�\x9D(�y.'\xEB\x8BX\xABP\xC7J\xB9\x91\xEA\xE2\xFE\xE2�\x9Eao\xD6.�\xB5\x85\x88B\xA9�9b�)ÇŒ\xA1\xF30QRYc\xFC\xB225(%\xF3\xE0\x93y\xC1F�\xACMWÌ‹\xAE\xA0\xE1\xFFD\x914Õ¼\xA5^\xB1\xBD�Y`\xA83[�\xF5\xD2̯\xA1\xA7T\xF0\xD8t+b\x80K*\xC3+\x9A�\xAF<\xD8eS\x94[\xB7\x83\x8EÐo\xBE\x8DEO\\x99&a�\x89�\x94DA\xAC\xE1_\xF8UQ�_\x95\xF8/DNv\xD5 at I!E\x98\xA9H󪢞\x8F\xB0�y(b\x9D�8#\xD9d�\x8B4L\xD24\x9BL\x85�s\xAD\xA5\xA5\xE8\xED\xBAÙ–OEg\xC6v\x8E\xD2P\xE7\x89\xDB�\xB4�WS\x95\xF7l\x86�j/Mm\xB6\xC0f�\xE0Ju�\xDCy\x93#\xCD\xDE\xE4p\xE6\xC3\xE5m\xD7PwN\xFD\xB2\xA6\xDFn\xC5�N>Ϩ2\xBC\xC7[�[\xED\xD6E=%m\xBD\xC8�mi�\x90\xE7\xB1B>Q�\xCCM;Û–\x9B\xAElj�\xC0C\xC5_\xDA��{\xCC`\xAFlé·¨\xDA�[:\xD8T\xC5\xCCÊŒ\xB3\xCCd֬צ\xEE\xDA\xE1\xA8gi\x91\x82
-\xAFE\x9C\xCA\xE0\xC1M\xEF��\xF6Drɬ6ƪ@JFN9\xBA\xFC\xEB\xB2mA\x8D\x96.\xF2�\xCEة\x9E\x8B�\x9EhMG\x8D\xAE\xA1\xDFG&*\xEBb63\xC0\xC3�\xA7OQ\xD4/M\xCDcp�̖\xA7ᒸ\x96\x9B}\xAE\xDD,b\xDD\xCCy"J\xA2�q�2\xBC\xC4ğ\xCB��Qi(\xA3\x9C.�\xB7�\xDE�{ �\xA6B$\x93$\xCE\xC2T\xE5\xEA\x84\xC7 \xA2i\x9F\x8A�\x86�q�\x9E
-\xF7\x9D.�\xB7LT\x98e:;\xBF\xA5#�ٲ\x89\x92,̒T�\xB7\xFC\x960?C+\xE1\x85@{\xE6i\xB0\xDB\xCC- p\xCCz��\xA39\xE8W\xF3\xE9\xA2ٮ\x8B\x8E\xFA\xE4v\x80๴^
-\x86\xEA\x86Fz\xEE.\xCF\xFC\xDDC\xB8i�\xFCr\xA5u K\x9A�3\xEAV�n\\xD7\xD8\xFBp\xED\x8Fj\xAF\x84J\xE30V\x91\xF3\\xF3\xBAm\xCDl
-\x90\xEA\xCA\xF5\x98瘪D\x80\xA535\x84\xEAsYU h��\x8B\xA2\xB4-�<[w\x8DcEי5\x88P/i�a\x88\xE3\xCE*8V\xD0Pe\x96\xC5셆\xD0�B\x88\xC0F@\xAB�\\xBD+�\xA0U,�\xAB�\xAEr\xFAM\x95N\xF8V\xF2z;\xED\xA4\xD3\xF6j\xE0�ݥ�\xBB\x8F\xCE^w\x98\x86\x8B=\xB8\x87\xE4d\xE82\xA4IP\x9Bgl耎�\x83I&\x83Gko\x98\xE6\xF3J\xF5~E\xB3-\x97p
-+�\xA6\x93\x85a>C�" \xBA\xA2\xAC\xAD\x83UYJn�\xA9\x80�\xDD�\x92yI\xAD[c�\x86\xE6H;�{\xE4�\xF2�0`\xEF{J&�QlC\[\xF0lH\xA7�<t+E�\xDC.h\xC8B/\x8D\xBD\x9B\x80\xA1\xA7\xA2\xDAÙ \xED\xBDW�\x9Avcf\xA5E\xA5
-\xB4\xA9\xF5\xF55\xB3&\xAD\xD4^+p~\xBB\xC7
-�t\xE6\xF5\x8Am�$γ�\xBD&O(\xAB0\xAF\xB3�\x8F8L\xF2\xE1}�x\xE4�\xBDc�\xEA\x8E3V\xF7�.J\xA7Q�G\xEA��է:\xED\xA2<\x95uQ?\xD2%Ӻ�\x9E!\x91ҹ\xBB\x92\xE5\xD6\xCC \x94\xBE�\xCA&d�\x82K\x96\xE7\x85\xF3T#\xD2
-\x93\x91<\x8C�\xE4c�\xF1\xEEM\xD7���\xE4\xA1\xCBce\xE2 at C\xBFϫr\xB6: '\xCC\xDB\xF0\xE12\xAD\xC3`\xE6ΆO\xA4\x9C\x9F9�\x95\x83o\xCE^9\x86=љS`"{�\xAB\xA38\x91\x84Q\x9E\x9E\xDF\xCF\xD1�\xEF׷k*\xC2(͆\xFBݬK�ݮ-\x96l\x855Djߡ[
-\xF3\xB9\xECN[#\xCAC\x95\xCA\xF4�s\xF4\xA8\xCE\xD8\xC3QY\x83<\x8D\xA1R\x84*Nc\x86ee\x9ELu(X\x9E\x869\xB8\xC4\xF3\x829\xA2�\xC1\x869\xAA�\xF3(\xD7C\xC9\xC6 i�w˥
-.ص\x82\x9D4Y\x9CB\xD4Ö \xC5Y\x93\xF5\xA9N\x9B\xCCSY\x93ÝŒ\x9B,˵b\x93\x99�\xA44G\xD78\x82�\xACUv^4O5"\xDB\xD0j9\xC4s\xF0\x87�\xE1~n
-V\x8C���d�\xCB\xF2 =3\x8E}ؘ\xFA\xFE\xFE'êŒ!\xA6
-\x8A�.�\x86\xFCwSV�&\xB1G\x81�\xD9|\xFC\xF1\x9B\xFB\xBF A\xC3\xEDn\xB3i\xB6�uÊŽ(\xE6fQ\xEC*<4\xBBC\xA3\x9BO\xB3V\x88\xBFSj/S(\x83\xB4��\xBAx� s`�R�k3p���å›\xAF\xF9ש3\x92\xA3N\xC11\xE6Q\x92\xBAT\x95\xB6\x85\xE2\xFA\xF6\xFDw\xB4\xB8\x97\xB6�X�\xE2\x8EÔ\xFD\x91\x93|\xE7"�\xC4\xE9\x82Ø�\xC5\xE6\xB3�4\xAD\x99Ó”\xF5\x96\xFB$\xC1e�4\xF9o\xF8ww\xF7\xEE�\xCD4\xDB\xE1\xE8\xF7\xDF\xDF\xDD\xDD߇4I�:\xDE\xF3!\xA7\xBAÜ9\x9Ec\xBA�\xEA\xB7c\xA1\x9F\xABp"r\xF9Õ¥KYx`zi��AÆ…\x99\x92\x95,\xEB\xCElY\xAD\x8E\xB4�6<Y\xB0v\x90\xE5\xC2\xFC§"�K߬�t?HA\xF4>�Il.MVmj at ki\xEA\x99ᜫ\p\xA6\xB3\x9B\xAD\xCE\xEF[\xB6c\x99¢\xA9\xAA\xE6\xD9\xCA. oB| H\x93mM��6E\x87��S \xB4-[\x8Ca\x9F\xEDY\xC3\xE4\xE5\xCB%\xE4.(\x90\x8C\x83\xCBuc\xCD%Up\xF9\xEC[s\xDFZ\xB9\x96\xD5 W\xAFK7\xC4I\x92H\xDC~\xE9P�\xC1\xA6�t�wds\xA0*yÙ‹)\xB6,��is\x83rBB9v\xF0tNY\xA0�M
-�O\xA1d\xD8Rg�U\xA551\x9C\xF2\xB2\x86\xEC\xD5zU\x98\xA8L\xB1\xA1\x96\xDD�+?\xA6[7u\xB7b\xA6\xC3\xDD\xED\x90\xDF/:\xB1]\x8Fճ1\x9F\xDC\xF6=I\x90޵\xC1|#J\xAD\xCB�\xACbi\xF6\xCE�\x92Q\xC8 M\xE5\x8B�%\xA2\x83" #-'\x8A\xBD�\xBE>\xAC\x81\xFB\x87\x81Ά\x9DN\xEF0zI�\xD4OMm\x8B2\xDC\xEF�\x9F\xDF\xD8�\xEDjςwŜ\xF6\xDAe�\xBC\xDBe
-0\xBC<�\xC0�8\x9E8%~\xF5\x88N\x87/Gd\xA3\xD7\xC7W\xA3�\xCA\xFA\xA6YX3�\x860�Cj ҳ\xC2y\xA2c\xE9���\xF2$|\xF!
0\xEBK\xC7A?wg\x92\xE5\xAE\xFC\x81![�\xE4\xFB\xE43\xA3\xF7\xBBܥ\x9E\xD0/\xDD\xEA\x86~�\x99\x89\xAD?ڕ=\xC1޴\xDF\xE4\x8FƆ\xC2X\xE6\xC1\xDBEg\xCB�;m\x9D5�\x81Eg\xE4\xD6\xF0\xA66\xAA\xE94L\xA5\x8A�ݮ\xAD\xD5�\x8F4\xB3j7?�\x91\xC7\xDE�\xFE\x9D\xE6\xD1!vϣn\xBA!\xB3]\xEB�\xB9@\xD8\xC25v!\xF2$\xA6d\xA6\xC2H*}�T}\xAAӨ\xF2T�Vo_\xADnΡ
-�\xEC�\xF0wV<O5"\xDF Wq�\xE6�\x84\xFB\x81\x80\x84,H>\xF8\xD5 at kF�\xB6\xEC�\xA2\x8E�\xB2�T\x{13603E}Äo\xE8\xF7\x91 \xB8|\xB5U}��\x82�DL�@n/�P&F8\xF3\xAB�\xF1$H\xC1\xD5\xC8R1�e_� _S\xFCU\x94\x80�\xB5~\xA5�\xEE�\x9D\xC1��Y\x88\xFCs�"Q$\xE4\x97`�\xBCD\x9C\xEA\xB3\xC2y\xA2c\xE9���K(\xD1\xFA\xE21 at 2\xB6(6� �\xB9�\xFCu \xE9S\xD11f�-\xECLC�\xFD\xC8��\xA5\x9E\x9AO\xF4\xB2�>\xC4A$s>\xC6\xED��\x89\x85<\xE2-�D\xB2h��\xC8\xFA!u�B�\xA2\x9A*\x96Kw\xEAEÛ\x93N�\x8CV\xB7G.\xE6O\xBB)\x8F\xB2c��w\xC2~�\x833:�\xBC>\xD5i\xE4y*�\xBD\xDB�\xE8\xE5a\x92\xA9\xE4K\x90'C!\xF3\xFC\xBCx\x9EjD\xBEa\xD4KC\xC8R\xE4P@�\x9Fr\xDE��\xEE\xC1\x94\xC1�#�|}*~\xF9��>\x9Cih\xD1#�p\xF2\xCEO9x\xFC x�@\ \xA9-a\x907\xB5\x8F\xABc[\xB8\xC7U�\xB4\x9Doz8\xEAP\xD3\xF1\xF4\x82\xE0�`\xE9\xFA \xE6\x95\xFF\xB7\xD8'@\xC4D XΣ\xABGu�]\x8EÊ¢\xEBݘc\xC3o\xAD\xE9\x97\xC5>8\x91\xF8\xBCx\x9EjD\xBE\xA1g�!\x90\xA5C�9\xAB\x92\xEEmV*\x97Ua\x99b\xBF\xB4J\x9FU\xF5\xA9\x{EE88BC}
-g�\xFA\xB5G�\x8B\xE6\xA62�\xF9T$|\xEAdY\xD8ԉw\xBA\xA6\xAF\xAB\xC7|\xF9\x94%\xBF>\xC3o\xD5\xD4K\xB3\xF5Q0\xC7�\x8E�\xA6\xFE\x84\x9Fb_\x87\xB5\x8A\xF3w\xEB\xE2\xA5\xEF�ׅ[x\xC4\xC0?g�\xE5\xA6iK\xFB�\x8A%�\x83v�\x85\xE5���\xA5yh\xBF\xAC\x9EB�D98\x99\xD7\xFCZ\x8F\xEA�\xF2�\x95E\xDE\xFD\xAB\xC9\xFCfk\xE6�\xBF
-b9\x9AD>m�`�b\x89�\xF3\x9E\x95\xD3�\x8D\xC89@`\xA2B\xA9\x94�
-z�8\x99\xD9#\x88\xA9"r\x9FH\xA0\xBF\xB0\x852\xA6A\xEEQÙ½t\xE8\xD8Qaf\xC4\xEF~1Ô¡s\xFE\xF6\xC0\xEB\xD8U\xF0[\x8C\xE6'�\xE8\x9BÏ›\xAA\x9C\x95\xBCq\xBB\x9B\xB1!\xF0\xC0 �\x90\xAC=\xF0\xF7\x92i&\xC2D\xA9l�N\xF1�
-\xCF:\x81\xEA\xB6ZB\x91ÜÖ¶\x9F\x82\xCB\xF9\xC3O\xD9@\x98\x80\xD4/�� \xD1\xF4\xAC\x908=\x92ؽ~\xEC\x8F��I9h\xACwmG�\xCDgpÇQV/\xD4_�\x9D\xB5\x89\xE5Õ´\xCC\xED\x88=srf�+\x9C\xBDÑ°\xCEIR\xF7\xCDZ�>\xBF\xA8ȹ�\x9C\xA1�\xEA.�\x81\xA9\xBD�\xED8�\x97.2D\xE4�p\xC4Ö¿8`\xE3Ñž\x87\xB4ߪ\xBFxC6\xDBtL#oK>M�\xF3�5�^\xB6\xDE\xF3�\x9B\xB4\x8B\xA6\x80_\x8F�\xC1h�\xEEÓ‘\xE4p"�\xFA\xC4\xF0\xCB��8.¾C\xB4�\xD4,\xEC\xC1Þ’^Ñž\x8A\xEAz\xEC}\xAA\xF7%e\xFF\x80Úm\xF69ž \xBC\xB4\xE1\xA9?\xED\xC1\xBCw\xFC\xB3P\xE4_B\xFF\xE7?\xFB\xD9\xFF}S\x9CBy\x92\xC9q� S�\xC2\xE2\xC4 \x85Z
--\x8F\x9D#\xFF\x81б\xEC\xFF�\x92�8Aendstream
-endobj
-2514 0 obj <<
-/Type /Page
-/Contents 2515 0 R
-/Resources 2513 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2502 0 R
->> endobj
-2516 0 obj <<
-/D [2514 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2517 0 obj <<
-/D [2514 0 R /XYZ 56.6929 679.0396 null]
->> endobj
-2518 0 obj <<
-/D [2514 0 R /XYZ 56.6929 422.1751 null]
->> endobj
-2513 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2521 0 obj <<
-/Length 2295
-/Filter /FlateDecode
->>
-stream
-xÚ¥Y[s\xDAH�~\xF7\xAF\xE0\xCDP�\xDA\xDD\xEA\x8B\xD43O$q2\xCC\xCE`\xAF!5[\x9B\xF8A�a4��\x8B\x84�\xE7\xD7\xEF\xE9+�4&ÙTE\xAD\xD6ѹ|}.\x9F0\xE9a\xF8Gz G\x98JÖ‹%C��Þ›\xAF/p\xEF�\x9E}\xBC Vf脆m\xA9\xB7\xB3\x8B\xAB�4\xEEI$E$z\xB3eKW\x82p\x92\x90\xDEl\xF1\xB9?\xBA\xBD\xBD\x9E\xBC�\xFFk0\x8C8\xEE\xBFE\x83!Ǹ\xFF\xE7h\xF2i\xF4\x87Ù»�Ȩ?\xFAx=��I�\x93�\x84�%&p\xFF\xFDd:\xBD~7\x9C\x8E?N\xFE}3\xB9�\xDC\xCF~\xBF\xB8\x9Ey\xC7\xDA\xCE�L\x95W\xFF\xB9\xF8|\x8F{�\x88\xE1\xF7�\x8C\xA8Lx\xEF�n0"RF\xBD\xF5�\xE3�qF\xA9\xDB).\xA6�\xFF\xF4
-[O\xF5\xAB!0�O�\x8F\x98\xE8
-9C� �"\x86�\xE6\x80\xC00\xA6�%\x82\xED�\x8BH�1'\xA5��\xE6*Ϋ�\x9C\xB7$%"�\x8FA\xB9\x92\xC8\xCB&\xDB>\xA5\xC5!�\x84��nǽ\xB6\xD5#߼T\xC0\xB9\xA8e\x920�\xEB\x98t\xBD\x9BfM
-\xE7&D\xBFYej\xC1\xFB\x9B\xED\x80$\xFDl\xB3{(\xF2y\xDA\xE4Ui�\xBC\x9BZjYm\xCDvj\xEE\xBFf/�BH�\x8E\x9A\xF2\xB8?^\x9A\xED:k\xDE\xC0*\xC6Ji\xF6\xAC%\xD1?2\x91\x96�#\x92Λ\xFC\xA9\xF5`\x916Y\xAD\xF0\xE9
-i\x8CpDT\xE0�7\xE7&-×»\xBA�I\xC6\xFB�J7�`x\x93ná…\xDD~1\xD7ÔŠ�Yj\xDEP\x81\xE7\xB5\xD9\\xEF\xE6+\xB3j\xF2u\xA6"\xC1\xD2DÂœ\xD7\xEC\xC07\xB8W\xBE�MNO\xBD\xC9\xE6\xF9�\x8C#o}\xD7t\x94tCWaa�O\xA4\xE3\xB1:��\x9D奆P\xC4�B\xE6 \xA4\x87�\xB2Ö›\xCFyQؽl\x99\xEE\x8A\xC6l7\x95S\xA1Ý…��\xB6Úƒ\xB0\xCD\xDEC\xA6�X\xE5\x81}\xCB�d�'C\xB5\xBD_\xD5 \x93\xFE\xBC*\x87\xA1`\x9E\xB2m\x9D�&= ��\xF1~�\xA0R\x82\x8DZ
-\xFB*\x8E�\xE9\xFBPԞ E\x89)Oյ�\xAC\xDA\xD0\xC0\xAAE\xDB-u\xEF\xDE%�@e\xD6 �\x927`i\x95\xD6&d\xAEQ \x80u\x822�g჆gვ\x85�V\xE9�j\xC5,['\x84\xBC"\x89b�\xC7Z\x91\xCA/�\xD9\xFA\xA3Q\xAC+I\xEF\xE8\xA8a\xE3!\xCB\xCBG\xB3e\x9CRҕ{f\xEE\xD3\xD2\xDCg\xDF6`M!٘\x8Dz7\x9Fgu\xAD\xAA\xB5\xFD^ZV`\xD0n\xBA\xDAU(\xE9\x82\xD0(\xED}�\xFB�R\xEF��D\xE0\xD4[킛�TW\x8A\xCDu\x91\xBEԿ\x9A\xA5v\xE49\xAF-t\xCA\xF1\xF6�\xDF3m\xAE
-\x827R�Q�\xC7׬\xD4\xCA\xE5\xBFÚ«\x96\xEA\xBD%@V\xAB\xC0\xB8\xCD:j\xABP \xA7Z\xF5\xE3n\x9D\x95\x8Dy\xA41\x87'˪(\xAAg\x9Df\xD4t�\xB5[\x95{\xDDz\xC3j\x82\x92\xDFik*7\xBFeV\xC7\xE5Ë¥6,\xFA\x97\xEB\xCA/\x9F/\xAD7\x97�\xBF\xB7r+8\xA6 \x94\x97\xEB\xFCR\xB7\x80\xE4\xB8�\xF0N_f�6\xB8\xAE\xA1\xC1\xED\xCCA-\x9C\x9Cy\xF2\x92\xA5\xDBÚª[We\xB3r7\xCFY\xF6Õ\xD5\xF9\xD8\xE5\xAA\xDAY\xF9\xB8o\x9A>tʼ\xDCAG\xB6�ÆŒ*N(*W\xE9(T5
-\xD414\xA0Òžrj.m\xF8\xDE\xD8bZ\xB9\x84�&\xD2A|Z\xCE\xEAÊ �-jd\xC6.�h�\xE5\xB2�\xBD�I,`\xDA\xC3ÔŒX"\xB4W\xB7w\xE3\xC9l<\xF9hÞ¿\xB9\x9D\x8Do&S\xFF\xFA~\x84B0Q�$AHÓ¤\xCB�l
-!\xC1t\xE1�\xF9\xF6\xC8��\xB1H�;\xE6\xE7\xA9u0-\xEAʬ�l\x88\xBB\xDA�\xD1\xD8'\x9Bm^6�@\x80�\xDD�L\xF8M
-\xA9n\xE1K\xA1\xC0ç¹v�\xDBrhở·\x9C\xCB2�N�p�\xA0A\xAFÒŸ\xB6\xD4i\xFA\xE3\xA54\xFD\xD9�\x9A�v\xC7�;c\xD2 �L\xB6�\x96
-a~`\xF2\xB6\x85��L\xDDM\x8FO�\xC7^\xB3M\xE5:7�\xBBuÚœD\x87%�\xC1(8C�\xDBR\xA7\xD1\xF1R�\x9DM\x80�B\xBE&\x92S\x9B6\xEF\xAEn\xAFFWwW\xE3\xAB\xF7WiqL��\x81\xB8"\xB7\xAF\xFA\xE8\xA5�NvH\xA2$\x88�\xE1\xEFz\xE9 UsC]\x92\xFD \x9E\x9B\xEDV:\xC2S(\xD6]f�膡\xC6PÖ˜g\xAAs\x9Ex\xA3ÖŒ+\xEA\xCFV\xB6\x98X�\xBF�\xAA)aØ‘f\x87\xDC�\xC7EQ\x84�+Rm,MQ\xE6\xD2�c\xE9!\xB34Rp$�ÊN\xBBo\xFBP\xB7\x864\xC2U\xB7\xFDHb�
-l\xAC\xF7\xDCH=^\x9A\xAB)T\x89\xAD�S\xAB\xB0_@\x83
-d\x85*s\xCD˅�\x9E\xF6\x8D\xE7U\xAES��8\xF0\x94\xE2mk\xAB\xF3\xBEm�\xBF�p�\x88�\x8Eq\xE4\xD2' S\x82\x92\x989\x81\xA5\x9D9\xD0�9\x92Pt\x87<G9�\x8B\xFE܄\xEC\xA8_lH\xF9\x9B\x80�\xB1�\x86�K\xA3\xFF6\xE8@\xAC\xAAv\xEF\x80\xD6\xE7MuIm\xCCOZ"X\xA2\x88ƮÎ~\xDET\x87ξj)\x82t!\xD2*\xBA\xFByK�\xBE\xA7\xEA\xC7\xE2\xE2\x88S\xE2Z\xC08`m\xC8"\xF0\x88Kr\x98\xC0ۣ\xF1ى\x91ck\xD5p\xAFm\xC8:h&�;\xEB2\x91D\x9DX\xDB6��\xE4|\xC7�2\xA4z\xA6~�8�qia\xA7\xBB.\xA5\xB6&\xD7&\xDE\xF8A�j
-T\xC0\xB4\xC0l\xDF�\x86��\xADǮS�_\xBF\xD0o\x8Dl\x98%0�\xF3 S�\x99\x86&\xD8o\xE5\xEBk\xE3\xC5\xE8\x8F\xE9M at s\x98�\xC0\xE8}\xCC\xCA/\x98\xE3�\xFE#6�\xC7�\xF2\xC7\xF2;\xB4\x97\xD6c\xAD\x97\xCA\xF6y\xC4�ER\xBA\xB6\xF6v<yo\x94H\xEB\xCE�xA^7\xF0\xB9\xEBN\xE2.[�ڜ\x95s\x8B\xE4\x9Fi\xB9KC\x80�\x91 \xF8\xC6v\xF5�\xF2 HS\xE2\xB3\xF1\xEE\xC3;\xA3\x91cB�\xFA4d\x9C\xBC
-0\x85\xF1�\xCB(\xE9\xF2\xB0ѧ\xD9o7w\xE7\x91�+FXf6y\xA6/u\x93\xAD\xED\x94W\x95\xF0\xAD\xD3\xE4\xBB\xF5\xDE.L2&"\xAB\x87A\xAA`;\xD7Þ¢d0$���\x87\xA3\xAE4F\x94GL�O\xD2 \xC7SR�јu9\xA1S\xA4\x9D\xFA��Ȭ\xCC/`\xF6\xC3\xC6?WÒž\xD95UU\x840\xC3�\xC9\xF8RV\x9B:\xAF�\xF9\x80\xC0\x88\xC0G��\xB1 at B`�\xA2�\xF0�%M\xABz\x95Ï´Uh\xAA\xC0B|\xC6K�\xC3Wu\xF8y\x98Þ»\xD5\xDC\xF2�Ú™\xDA\xC0\xE2\xA8t 8/\x80Ά\xAA�\xE6�\xBB�\xEC5.��\xBB5\xBEÈ·\xF0eRm_�JÕ~\x91OV\xAF\xF4\xFA\xACÒ¬|\xCC\xCBP3\xEA\x8Ay\x8D\xD9�h\�\xF7��Ý™�\xED(\xF2\xD4\xE7\xDE\xCEk\x8C�\x8D\x92\xB8; >�\x97�K�E\x92\xF8\x8E�__\x9B]3\\xE6E\xC8��\xA3\x98Ó£ �\xFDj\xE5W\xFF�\x98\x92\xC0\xAB\x98o�\xFF�\xF6_\xCF"\xA5\xBEf�c��0\xF7Y\xE4\xD5�\xE7\xF3\xA3Z\xA7y\xF9\xE3G\x99�4�\x9F�(J�\x{DCA7}\xF6O\xBB\xC13=rw|\xD6ݼԇ\xA7\xBFXBì‹ \x98�\x81\xFA\xF7Y\xB5犥\x86P\x80\xC0"O�\xBD\xC6\xC9Y\x8Du\x95\xC2\xC7\xF16O\x8B\xD3\xDE�L\x90 \xC9QUWa\x8Ca�Ir\xC0Ù«m\xFE\xF83\xC7ws\xD6qW�'!\x8EQ\x8C\x93\xA3\xA3\xDB\xF8Õ_mOV\x88c+Û´\x84�\dO'*�\xF3#\xE8\xA7~U\x87`�\xAE\x80D��\xAF�Sݤ\xDB\xE6T\x83\xE1�\xC5P<\x87\x86fg\xA1j\x9APn\x93�IhM\x87\xEA�\xBF\xDA\xF9\xD5\xD3\xD9�RdOY\xF1\xE3\xF3\xE0\x9B_}\xF7+z\xF6�\xEA\xB4h\x82̲\xDD7\xBD\xBEß‚\xD9\xC9�\xA4\x80\xE96 \xA8)M\xBD듨�\xC14\xB2+5Au\x8F6\xFB\xD0\xF5�B\xF7\xA7\xFEj�\xE7\xA2\xFE\xD4�\x98\xE8\xD8Óˆ\xFF\xFB/j\xFB\xBF�B\xFB\xA2I�\x85F\xA0�8�\x85o�\xEB\x94
-\x8Fpz\xE8:\xA7 \xE2 \x90\x95c\xDF\xFF�\x80\xE7%\x8Aendstream
-endobj
-2520 0 obj <<
-/Type /Page
-/Contents 2521 0 R
-/Resources 2519 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2502 0 R
->> endobj
-2522 0 obj <<
-/D [2520 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2523 0 obj <<
-/D [2520 0 R /XYZ 85.0394 567.3101 null]
->> endobj
-2524 0 obj <<
-/D [2520 0 R /XYZ 85.0394 399.1134 null]
->> endobj
-2525 0 obj <<
-/D [2520 0 R /XYZ 85.0394 330.2279 null]
->> endobj
-874 0 obj <<
-/D [2520 0 R /XYZ 85.0394 287.2095 null]
->> endobj
-2526 0 obj <<
-/D [2520 0 R /XYZ 85.0394 248.8505 null]
->> endobj
-2527 0 obj <<
-/D [2520 0 R /XYZ 85.0394 215.0559 null]
->> endobj
-2528 0 obj <<
-/D [2520 0 R /XYZ 85.0394 143.2486 null]
->> endobj
-2519 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R /F39 1161 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2531 0 obj <<
-/Length 2973
-/Filter /FlateDecode
->>
-stream
-xڥZ\xDFs\xDB6�~\xF7_\xA1\x99{\xA1\xA7��?I }rm_\xEA&v|\x91ӻ^\xDB�Z\xA4-N$R�\xA9\xB8\xCE_�,@\x91�Ee\xA6\xC9�\xA1\xC5�X,>|\xD8]\x9AM(\xFCg��\x93\xD8p3I\x8C$\x8A25\x99\xAF\xCE\xE8\xE4�\xFAޞ1\xAF3
-JÓ®Ö�g\xFF\xFC\x97H&\x86\x98\x98Ç“\x87\xA7\xCEX\x9AP\xAD\xD9\xE4!\xFB-\xFA\x91hr�#\xD0\xE8\xEAn6\xBB\xBE\x9C\xCEn\xDE\xDE\xFD\xEF\xC3\xDD\xF5\xF9\x94\xE9\x84%\xD1\xC5\xFD\xFD\xF5\xDD\xD5\xCDϧ\QP�eJ\xA3Û‹\xBBO�\xEFQvnxt\xF1\xF6zv\xFE\xC7\xC3\xCFg\xD7�\xADa]\xE3��Öª?\xCF~\xFB\x83N2X\xC3\xCFg\x94�\xA3\xD5\xE4�~PÂŒ\xE1\x93Õ™T\x82()D\x90,\xCFfg\xFFn�\xEC\xF4\xBAW�\x9D\xC1(\xE1"\xE6�\xDE\xE0l\xC2�1J\xF1\x9E;\x94!\xB1\xE0¹\xE3\xEAzv\xF9\xF1\xE6\xFE\xE1\xE6Ã]\x8D{g\xE7A:\x99\xF2\x98hA\xB5S\xCEʺ\xCE\xE7Óºx.\xBFVe\xEE_\xE0\x9D�\x92\x84�.�x\xD1\xEA[\xC5�|�\xCB(\xB5��\xD9\xD7\xC0\xA3B\xB1\xE8\xA6A\xD1s^更ɽ\xE2�\xEC v\xA4e\x86\xA2\x8F�a\x8FP\xB69g:\xCA\xE7\x95{falT�\xD1Ú‰\xABl;\xCF\xFB\xD3ZCr?Ú—|S�U\x89�Õ“]�\xB8\xCE\xDB=E!T\x9AE�ZFG_��Qu\xCE"g\xBCTq\xF4\x80]&�l7E�}\xAF^ФͶ\xC6\xF7`t'\xCB\xF2e\xFE\x9C60\xAB\xEFxBCW\xD8\xDD\xCEÓš B\xE7`'\xFD\x9D*\xDA,\xD2�\xE5E\xFD=\xF8\x8F\xB1\xE8e\x91Ë�\xD4i\x82=\xF3E\xB1̼\xD50B\x8D\xD2�\xFD\xE6\xD6J\xC3"9\xEE\x91] \xF6:pW�|\x96U��3\xFCQ\xD4\xF8\xCC\xF2&߬
-4�~?\xBE\xE2�\xA7\x87�\xEE@^\xE7\xE5|o\xBC\xF4\xB1+|\xF2B\x84\x90\xECb�\xF6\x88p\xC0\xA8\xC7\xD0\xE7\xFC\xB5Λ�\xA8 M\x84�Ø£\xDA\xEF\x94\xF2\xA5�\xFD)Ì™\xA7\xF3�\xB6\x82[\xA0\x89��Xïœ\xA9\xA0\xDC��8S\xC2�\xC98\x82\xFE\x83;�\x87g\x9D\x91\x84\xB1x��j\x8FÕ±\xB3\x89JÓ®V8\x9A\x87D\xD5j\xD9y\xA7\xE9\xFE\x94\xE0�c\x98�\x9F2(
-L\xD9\xF5^�\xCDD\xB0\xFE\x94\xBF\x9C3 V\xBE)\x9E\xFC\xBE\xA6\xCB%6\xC2!\xF5>\xB4@�\x98\xFB\xCD&\xC7|\xA3\x8C!\x8A\xE9�\xBE\xE9j�\xF7M\xAB\xE5|3\xC7
-T\xAA\xA3\xE9x�\xD8��1_\xA6u\xBDo\x98�2c\\x8E��\x94��\xE3\xBD\xE9`��.\x9C\x9Ee\xB3u>/,�\xF3z\xEFh\xC0u\xE3\xB1\xE8,ëƒV\xA9�\xE7\xA0;c\x80\xBC\x94\xF2\x84;;Z#\xEE�ZÎ\x97�PK�\xA7B\x8EO�\x94�\xA6\xEC\xDD \x9C0-u\xCA\xCBj\xB5�F|,\x96E�`�1\x8BVU\x96\xBF\x81\xDBV\xB0è‡�v�\xB1�\x93\xD0�J\xF5Xb\xEAQ!:\x8A\x92�-�\xF3zÖ¿e\xBA�\xBA\xBA\xC0\x81\x92)\xB6\xC7'v\xFE\xA2\xF4vdYѸ\xABC@\xF8\xD0T�fiN\xB41\x81\xBB\xB2\xFA\x88QB��\xB7\xC6\xB3Q@\xF9%\xDEW\x92
-\xE0-#\xF7\xB8�\x8EeQ>�nm�\xF5\xFD�/n\xEB\xBC\xCF\xDF\xD52\xCB}\x9F\xBF�w =\x8C
-\x98a\x84\xC1��Vy:*\x90 :0�\xF5\x8F\xE3\x9B+\xC2�\xACe�\xDF�\xAD�|�-\x87\xEFl\x88. ��v\xC5/\xA2\xD8\xE4\xF3\xA6ڼ\xEE�\xC78'�6kܺVk\xC0\xBC�ip�4\xE2D\xF7\xED{_U\x9Fw[t\x88* \xC1a2�\xAA\x91�qp \xBB\xE6XɡC\xD3�JJ"\x84Hzg\xC1#\xA2(�\xC6�\x8C\xC4t�\x88\xAE/\xF7�-\x8045?�� \xA1,\x950\xE2(�\xBAZǡ\xD0j9(\\x9F\x84B^>��\xE3��\xA8$�\x8E\xEBq\xD3Z\xAD�\xDB\xFA\x97�D���\xF7\x8D\xFBT;/åj�/\x83hn\xF3\xBA�\x9Eq\xA2��q\xD9Kچk\xA0a\x83\xC3�뼜\xCDޣ�Z\xEFC7\x{347785}(�$\xBBAMT\xAD-\xCF\xFA\xF3�}E\x83\xCFz\xBB^W\x9B\xC6ƚ\x9C\xAB\xDD E \xF1\xAD
-\xE3���\x98\xB5\xE5\xE0a���\x82ԢY`k\xBD)\xBE \xA3\xC3�\x8B<l\xED"a\xFB+\xC5G7&\xF5꾣\xC1\xC8߅\xE1�\xBE\xFF\xC7�\xA2\xEB\x99\xC3}R,m|ҟ\xF6\xFE\xDD\xE5\xEC�\x8C\xD9�<\xAC
-{
-\xFF\xCC\xF2\xE9P\\xFC\x94n\x97M\xB8\xC3+�\xDD~\x9E׌\xFD\xB0wg\xE7\xABu\xE3yÔ±\xB8k\x8588�\xE1�\xDB�\xAA\xF4OÜ®\xE3\xE7 �\xB5Qqr\xE2�t\xB4F\xCEA\xD0r\xE7\xE0\xF9\xE0\xCAW\x90j\x9A�S�\xA5\x81){\x84O\x89�to\xCAÎ¥\xAEut5\xC3\xE7AF't\x82x\xB3\xBD>n\xB7M\x9F\xCE\xD8f�\x9A�\x863\x82ÄŠ''\xC9Ò�\x92\xA4Q\xB2��O�v\x9A,�Ih\xA2zd \xF8L\xB8\x8C\xAE\xFF*\xEA���\xACjd\xC9� kcm\xDBz�\xA7K3\xC2c\xBAw\xBC\xF0\xE5U\xF5%ÏŽ\xA2F�\x88/xr"P\xECj�GM\xAB\xE5P\xF3n\x88=�Qm\xBA6r\x8F�\xD1)\xCAÇk\xB5�\xAC\xEBߣ\x86P�\xEC\xF7\xCC{gy\x82Sã´\xAE\xEAš�A%\xD7�C\xF3'\xAF\x91\xE2�\xCC\xC5\xCDp&;\x91;\xA1�(0G\xA2u)$È‘�\xA1\x81u#l[T�\x9Bc\xC7\xD1\xCD�\x8A q\xC6Fݦ�\x99\xA5Q\x96 \xD5xV\xC1�.\x81+\x80\x99\xFE\xF6�~h\xD9�\x98�M,=\x83\xF4M\xB6 \xDBq�(Hh\xEDm;\x8E\x83\x8E\xD6��\x82\x96\xC3\xC1ç“·\xA8\xE5\xEC=\xB3tL�\x8C=j\x95\xD7�0\xAA\xBB\xFD�\x80�HDߨ\x87s�x\xD7�K \x91\xEFn�
-\xF0&\x81FZ\xFBgO\xCE;\xB7WW�\x84Õ¦�\xA7\xE5\xEB^?L!\xD2g\x8B�\xC5E\xF4\xB0(\xFC\xE8\xD5\xDA\xE7�\xD0^\xA5~\x8A\xC7\xFC\xD08��X�åº\x87�\xE0\xA5X\x87\xCAFS\xACF\xD2m`\�I\x969\xB1\xDD�\xAD\x91\xED�Zn\xBB\x97�\xDBm�\xE3\xAA\xE5\xD9j\x95bdØ\x99 .\xD4@\xAA\xA3\x96\xB5Z�\xA6\xF5c&\xB0\xCDF\xAF=\xDBv\xB7J[\xEFS\xD1\xD5{[\xA2\xFD�e\xB6|\xE4\xA4E\xE9\x95\xDA<\xCEJ݉�)\x9E8h\xB8]\xB5=6\xB6\x82\xC3\xFE\xEE\xFAW�N\xEDj\x8DÊ‘\xB9�\xBDv�Má‹‚\xD0\xE7\xBD\xE1\xFA]\xE9�d\xE9�\xA2\xB4,l5D\xFF4Vf\xAFÞ¸\xF6w\xE1\xC4A\xA1`\xEF�9\x8A �\xC7\xC02\xE6D \xD1\xD5:\x8E\x89V\xCBa\xA2>Y\x82\x81Pq\xD3L-f�/\x83�\xEEL*\xC6\xCDk\xB5�\xEC\xEB�æ�\xBA\xBBض�\x83t�6���B\x85\x86\xF2\xB2\xED+V\xBE\xD3\xE5\xD7]}\xD1+|\xD1])�\x9A\x87\xA5h�>\x82`\xE5_\xFD\x92.\x8B\xCC]�\xCAS\x82Õ˜\xA7ePE((J\xA8\xB6\x94\xD7=\xF6y\xE1k\xBB\xDCB\xCE?�\xEBj\xB9u\xE6CH^\xF9^4c A\xFC\x97�%v=�cÛ‹�\x95\xBB\xAFJÜ—\x9D.\xB6\x9C}\xDC�\x92\xAC8\x87xÚ¯�$\xAEH\xC0\xF1l\xC1\xA3Ü®�\x83i\x85�\xFFW\xF8w{{\xB5�H#\xAA\xAF~\xFA\xE9\xF6vfC�\xB8�\xE1rt\xE9\xC6�\xF8
-\x80S\xF8�\x91"\x93RQjU\xC0\x959(\xB9H�\xF4\x99|#՛\xD0\xF5\xE9�,\xBBĶ\xA3Uиu\xB4
-�A\x9B\x85-\x8D�醵\\xCCxt\x81Z}/Yut\xC2@\xE0�\\xA2\xBDK\xB4sI\xEB�\xED\xFD\xA1\xA3\xEF\xEE\vd 6\x85��:\xAF\xDC\xE1��\x99\xAA̼\xACS\xF4\xE7\xA1b�\x8D\xFE�o{\xC2\xFE \x8C)@TV\x83I7�\xE3\xD4��\xB6\xFDj/\x87$S\xC7^5�\xD9�P��E\x92@,\x97\xC4{�9�\x8Bx_AkU\x94[\x9F\xEA\xF8o�\x8Bj\xEBKJ\xEE�F\xD5V\x94\xAB\x97\xBDr\xD4|Y\xCD}\xFD\xA3\xFE\x9C\xBF�~v\xD8\xD6#\xC1.\xD3�G\xC9�5\xE6\x8E\xD2q~�J\x8E\xDE\xF2azK \xC4i\xEB�\xD90\xB9\xC1\xBE\xC0\xE6\xB1Q\xCBZ\xA5C\xD3\xFAq.0\xAA\x96\xB2g[\xCBl\xCC\xF8�\xC16\x90\xD9l\xCB1\x9B\xEBs\xDBc[\xC8l=\xFD�\xB3ٟ\x9E٘\xA1\x87\xCCf\x85\xF9_\xEB\xA2ͽ9�.|\x87˵�\xD0) �\x8Be\xFC-\xF0T\x90\x8C\xED\xBE\xF8x,J\xC1m\x84!\xFAXtd�\xCC\xD1a4\xC5[�2��\xD6;\xB3\xA0P\xF8\xD7<Q\xB5\x9Cde\x81\x93\xEC\x99c\xCA2\x86\x95\xEE\x86\xDCcX;]\xE5u�^%0j0e\x80V\x9CaF\xF6�3\xC2W*l�҉�y:1\x9E\x94At\x87?wt�\xB2\xEE7\xC4pa\x818\x98bڋ@J\xEA�eZ\xBA7\xED\xB5q\xEE"`X 4pyV\xAB\xDA�\xB3\xEE\xC38�\\xEF\xE2^ɻ\x8B�\xB2-\xC7 at GY\xBD|wG\xB0m\xC9\xCD\xF6�\x92�\x93\xC2&\xBFz\xE0\xAC�\x96\xC8\xE1*R�n\xB3\x83\xF7\x93/�\x81\x98\xA0ؓ\xA5\xAF^\xA7S{\x92~3ݫ\xE8A's\xFEr+\xF2\xEFX*¾\xD4KR\x84+3\x92H\xAD\xF6*\xF2>\xE3#C�$\x86t\x89\xF1oX %\x82\xB1\x90W\xAD\xB6\xB5'\xDFGO\xBD\x80\xCCP\xBCo�i9\xFCU\x82\xE9֗\xDFp�\xF5\xA9\xFA,\xA3\x9AH\x9B\xA7\x8F\xB3nGk\x84v\x83\x96\xE3ݧ\xC1T#\xD6"0I\xB5m\xD6\xDBf\xFAT,�\x99\xD7Q\x861\xE3\xE6\xB5Z�\xF6\xF5\xC3ʄ@z\xCD\xFB�\xBA _\xB0\xD8�\xE7\x961lpn%\x88 +p&\xA2\xB0\xFD\x90�r8\xBD
-$�\x98H\xC2\xEF&\x8C�>\xFC\xDB\xF6\xD7\xF6�
-�Mv\xD3y$\xE1\x8B�\x8Dv\xC6
-cr1�2X\x83l\x8BS\xC4S+\x87\xB4Y�vX\xB8ͳ\xA3��B!\xEC K)J\xB7X\xBC\xE9\xEDb\xADg\x8E"'\x86{\x8F\x9F\xA8\xEB\xEFtF\xBE\x95\xA3\x8E\xC3\xCC⠖��j\x92\xD1ɂ\xCA\xC1d\xBD:&#�n\xFC\xEEd\xF7\x9B\xA2�E]\xFF\x89\xAD^T�\xEF\x80z\xBBZ\xA5\x9B\xD7#I�\x96�\xC2˥\xFF\x98\x8Ee\xA6\xE7\xED*/;�\xE7\xC3\xCFn\�`\xBA]i\xF3ovk+;\xC4\xFE\x89р\x93h\xFB\xE7�\xFB/\x99v\xB3%�"\xF4\xB1\xC2�O�\x81\x97\xE3`\x945\x9C)y�&\xFF7O\x87\xB6\xFF�2\x89?tendstream
-endobj
-2530 0 obj <<
-/Type /Page
-/Contents 2531 0 R
-/Resources 2529 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2502 0 R
->> endobj
-2532 0 obj <<
-/D [2530 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2533 0 obj <<
-/D [2530 0 R /XYZ 56.6929 751.8053 null]
->> endobj
-2534 0 obj <<
-/D [2530 0 R /XYZ 56.6929 661.6515 null]
->> endobj
-2529 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F55 1321 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2537 0 obj <<
-/Length 3169
-/Filter /FlateDecode
->>
-stream
-xÚ¥�\xCBr\xDBF\xF2\xAE\xAF\xE0m\xA1\xAA�\x99�^G;vRNvm'Rj\xB76\xC9�"@ 1 0�\xD02\xF3\xF5\xDB=݃��\xAA\[:p\xA6\xA7\xA7\xA7\xA7\xA7ß\ \xF8\x93\xAB4
-\x85\xCE\xCC*\xC9L� �\xAD6\xFB�\xB1z\x84\xB5�n$\xE3\xAC=\xD2z\x88\xF5\xFA\xFE\xE6\xDB\xEFu\xB2\xCA\xC2,V\xF1\xEA~;\xA0\x95\x86"M\xE5\xEA\xBE\xF8-x\xF5\xF1\xE3\xDB\xF7o\xDE\xFD\xE7v\xAD"�\xBC�oב�\xC1\xBF^\xBD\xFF\xF5\xD5? \xF6\xF16S\xC1\xAB�\xDE\xDEݮe\x9A\xC8�\x90RD\x8BE\xF0\xE6\xFD\xDD\xDD\xDB\xEF\xD6w\xEF~x\xFF\xDF�\xEF\xDF\xDE\xFEq\xFF\xE3\xCD\xDB\xFB\x8E\xB1!\xF3Rh\xE4ꯛ\xDF\xFE�\xAB�\xEE\xF0\xE3\x8D�u\x96F\xABg\x98\x88Pf\x99Z\xEDoL\xA4\xC3\xC8h\xED!\xBB\x9B\xBB\x9B\x9F;\x82\x83U\xB7uN�&J\xC3H\x99x\xB5\x8EL(\xA2TϋL\xE0���#Bc\xB4\xEAD\xA6\xE4\x9C\xC8<�\x8Al]\xE1E\xBF\xFD>\x8A�\x98Y(U\x94 qĨ\xEA\xB6<~\xCEwS\x81H#C\xE0;Y
-O\xBD\xE0\xADÚaN
-\x8E\x94&\x86q"\xC7\xDC\xFD\xFB\xA9\xAC\xE1\xA52�\xE4\xF4s8\xDE\xCA4(?W\xCD\xC9\xEE\xCEk[=\xD6eAK7uI\xA3\xCA2rn\xAD_\xCD�VÕ‡S\xFB
-(\x83P�\xD1\xDA4\xEE\xB7`\x84}~\xA6\xC1�S#,: TE�\xE8\xFE\xA9$\xA9\x99\xA1|\xB5\x81\xB12fFn\x93ˮu
-\xB75 \xF3\xB5�\xF1D�ݶ9\xB4U�\xF7U*
-\xEC\xA1\xDCT\xBF�\xA1JK\x80�\xCEt\x83\xCDy\xB3\xE3aw\x84\x9B匙3\x89f\x8B\x9Com\xD9\xD2|\xEBn\xD2\xECq\x96�\xED\xAD�\x88d�lNG\xBAeͨm\xB5\xE7#~�\x91\xA8<O \xAB\xBA\xB0 \x92 �
-�|\xB7\xE5#\x89\xCE/\xBF\x80\xF5�d,[\x94�\x88\x85oK\xC6Z~9T,[ؒ\xCA \xDF\xC2mhH\x97\x85\x81\xBF,�\xFDe\xF1\xF1R\xB8{\xCB`\xDEM\xA4ڼ\xA2g2B��\x80\xCC\xF1\xB9\xB2\xE5\xC2�\xB8\x8D\xAD\x8A\x92v�|rC\xBF�|\xAA㲪�if\x9B\xA6v\xC42\x90\xF2\xE4V\xF4\x86\xEE�p4\xCF\xD5nG#G)\xF2zt\xD8\xE5�d\xD0o�SK3\xB7�\x95
-\xE6:(\xCAm~ڵ8Q^ �\xEF_\xDB\xCD,!\xB0\xD6\xEB\xE0\xAFS~t�\xC4 \xBC\xBD[m;\xA2�i�߶\xDE0\xFC\xA1l\x9FK2\xB2�6j{ޞ�\x97 at e]�RN�@j\xE1@�\xA2\xBE\xD8pN�w(\xCF�\xD8EM\x89MP\x97�\xBEʌ\xF9D�8
-\xA9\xD9zี\xD3\xC2K\xEB\x89\xD0A\x98\x94�\x9B9Z\xC8A�r%�\xC7\xE8�\xB5X\x85\xDEbs_d\xB87\xC0\xE2�\xDE6<!�&�#ygQ\x83\xA7\xD98w\xE4\xDC\xD0\xE51I�j\xA5#\xC6,\xEB\xF2\x98\xB7N\xF3㉸- \xAA}\xCA['е\x96i�+ 3�lϬN�Њ
-�X\xC7\xC1\xB69�L���\xF9Ù¢\xCE�T\xCA\xF6\x89\x809\xE1x\xF3�\xC8\xC0\x97\xC0�\xEA�B\x930" RqF�\xA3\xA2\xF2\xD9Ò\x86C>\xA0\xE2my}\xA6m\xE5\x97ʶd> \xF6\xFE��.|/�\xFD\x9Df\xBCEqb3r�
-\xBF\xBD\xFB\xA0\xB9sR\xF0\xBB+\xADȩ\x9Cat��xY\xB8\xD5\xF2̦ڜv\xC5�\xB6:\xCA�8\xDC\xC6\xF0.:ɮ\x87\xE4�\xD2rD\xF6H. \xBF\x9B
-\xC8q\xDA)\x8F�ak\x90\xFC\x9E4d�\x94\xE38\x84\xC4"\xBB\xCA\\x87t\xC9\xDD($'24�\xD4mȞ\xF3RZF�\x9F�c\xE3\xB4�a\xAD_t,\xD2�\x85e�\xA21\xEDJ\x97\x94\x99\xE0ccm\xF5\xB0+ \x89\x88Y\xC2�h\xC1D^\x90 \x85I,��\xE2w\xA5L[~i\xF1w\xC6\xE4�H-\x8B\xBC\x89b cϊ�\x8C\x8F"'>\xB5m )\xA56\x83S\x8E\xF9\xF3\xD2!I(e\xEA9"�\xB86*�!\xA1\x91c\x8B\xBDr\x81'\x8B\xFA@�c�;�\xAB}~\xACvg�\x839օ\x8BJ0sJ\x9FŤ\x9F0?Y\xBFB\xE6�\x83\xE2\\xE7\xFBjC�\x9F�\xE1��\x80ϰ
-\x93C\xDF\xC2#\xA6X\x9C\xF6�\xDA��ޅMm\x90��-=!s3\xE4H`Z7\xF5�\x9F\x82f^7p�A�\x832\xF9 \xD8p:�\xEC\xF8p\xD1Y(��\x98l\xC78`�lߛ�\x84"\xA5�\x9C\xFF\xC9H���\xA4@�\xE7\xAD`GK�F\x88\x970\x8C\x8B\xC6�W7\xED\\x8C\xDA\xE7\x9F\xD8\xEE\xF7\xA7\xCD�\x8DlY[�\x92\x88a\x80\x97\xEC\xC5�Q\xCAi�\xFD�\x88-\xD4q\xF6B\xCE>\xC4Z\xF6��\x96s�\xBE\x94\xB3\xFFY\xB5-�ّs\xD0p(x\xF0\xEB\x9CuX3\xAC\x8D܃�ޤ\xCCƼQƮ\xE2\xD8=%\xBDz\x9C85\x89Y\xB3�\x80CQL�� T\xAE/\xEE\xE9y\xEF \xFF\xC0\xF5]\xB5-1\x84\xA3\xFBN \x9Fw\xE9�\xC0}L\x81]\x971�\xD6+kO\x9E\xAC\xD3I\x80\x91\xD6�\x80\xF3\xDCة\x903]�\x97\x8A\xA3l\xAC \xFDU\x92l\x9A\xB7\x82\xAAT{p*y]\xBA\x9A\xA4\xD3\xD4,\xA5\xF48�|�\xEC\xE5\xFB\xA7T\xA3 \xA4\xAA7Dl�\xC97\\xEAL`\xB2�\x97j\xC2�\xC2\xD2�̜\xAC`u\xA1
-B\xBA\x97\xB6\xCBy):W\xD5\xD7DZIW0 \xCC{kE\xD1�\x97ȓ+A\x8C�o�� 3Z\xA7$x\\xE9\xE5\xC0\xE4\xA6Y�"=\xE5\x9F\xCB1\xE5�\x9E�\x9AO\x84<G\xCCF\xFE\xD0t��'@>\xDF\xCFz%|CL\xF8\xC1\x89\xCD\xD7eXY*\x9D^\x98\xC6D\x9Fu�f\x89\xF4^\xDF;�-ո�\xD3\xF0\xBC9\xC1\x99\x94�?Wu\xD1<Ә\xDC+"R�\x800wm\xF8%\xCF\xED\xB0�\xC29B�j\xF6\xD5ߥ\xDF̃\xB1
-8\xE5�o\x90f𠣗\x9D&B\xDEH\\x8Es\xE2\Ȳ\xCA\xE4�\xE9\xB1K\x98F\x9A\xC7x�Ë&�EN�\xA0\xCD\xE7\xF2؟7W\xCF\xDCMH\x99\xAC\xB3a\x9Ay\xF1)\x83Z\xE5b�@[\xFE\xB5\x8Dǃ\xB0B\x85)\x8C�\x80
-|\x89\xD6\xD2\xDC%\xBEy\xDB�-Ó©�\xDE�\xC9lyd\xAC\x873�'R \x90\xD33�l\xF2\xCDÓ¬\xE58\xF9\xBA\x9B;\xA9jo\x8E@È¥\xBB \xD9Q\xCA\xF2\xE8$\xA6\x82\xFA\xB4\xA0\xB3#\xAA\xC4�\xE8\xFC�Ê\xA6\xFEGK\xE0\xF1\xEBirQ\xF0K.��\x9C\xDA�\x88$�\xB0A%\x8F[\xA8\xD2Tt�\xDB\xED�\x92u\x8A8s9\x9F\xF0\xF6Y3\xC4\xEB\xC7\xD2\xF6�\xDDg\xD1t[\xEFza0�>\xC6Dz,\xC6I:\xB1 \x8F\xEE\xC3j\xCE\xE5\xF1\xBE\xB1\xED\xEE\xDCe\xE2\xAC||ÕN\xCD\xC5U�\x89\x9D�\xD1\xF5\xB0:@Z\x8E\xAA�\xC9�\xD5z&\xA8\x82\xA8\xC0\xE0|MZo�`OÓ
-\xB9^\x8A\xD5\xD95\xB6:\xA4K\xBE\xC6!�\xCE�c\xBE\xEEF\xCE\xC7\xF8$\xDB�V3�\xBA�\xDC-z
-\xB7\x84伌q�#fޙ ^\x9Fi\x85\x93at\xEBqFm�\xB7\xA1\xA3@�+>\xD6�\xD1\xCEw�C)�B\xCB�_�GE\xD9B\xA6V��F\xE1"Q:ֵ\xEF>\xFE\xBA\xF8\xA6\xD8�S"\x8A\xAF?\xEA�k\xF9U;,\xF7\xAC\xEF\xE7\x9E�[\xB8>W\xB2M\xBE�oQ廅\x9AJ �U�h\xC1U&;\xAC�.G�\x83\x88\xC2\xC4\xC4\xF1\x98M\x97\xD3�\x91�w�^\xE1 �\x88%�\xFA\x97Ʊ��_�a\xAD\xDF\xED3�\\xC4L \x9E<\x81\xA4\xA0/\xB6z
-\x96&\xCB\xC5\xD6:\x83h#Ĥ\xED\x80eЧ\xB2<,\x94CڄQ&\xF4|\xCD5\xD7G1
-\x82s:\xAC\xB50.\xB9\x98\xB4pD�\xC5hڽ\xDE|��aHG\x89�P=\xD5\xD5�\xF4*KDE\x98\x89\xAEat\xA1\xA6R�@5 \xDCO\x83\xEA\xC4�\x99\xB3\xC7Z�\xD1.�U
-�\x9B\xB8'6'\xD8q\xAB]\x85\xC2D\xF1�\xC7{\xAC\x99\xE3Ç\xF6$�*\xCE\xC6\xE7\xBFi|\x91Ó¹\xE8\xA2\xDAN]\xB4SO\xAA\x8FH=\xDD�RO\xC8�\xAF��\x95(�1\xBC \xB8�\xDA�\xC1y\xACE\x9D�\xF7D@\x91u\xFC��\x8C4\xC3\xC1\xB8'"\xC2T&f\xCC»a*\xF5��s\xE3\x93\xEDR\xB2_\xBE\xFF\x8E�2K��\xCC#�J{Èš6vY\xB8\x90\xF8#W\xE9�\xC2�\xA2-�\xB7\xC3Z2\x9D\xB1l�92\xE9�,x\xAC��FÒ¥GPc�\xEEʯ\x96\xA9\xCF?\xBA�\xC3\xC5f\xEB7\xBB\xCF�>\xF1u-q\xD7Y<4\x9B\xA7\xC5H�\xB9b�'\xFA\x85H5\xC4Z\x8ET�\x96\x8BT\xCD|�\xA2M\xE7Èšc\xF5XÕ—e\xBD
-!\xFDS\xD7Y\xEB\xB0fx�\xE7 I\xA8\xB4\x8E\xC6\xCC\xDD{Ar�\x8Bbt̸LXP\xA5;\xF4�\xA3\xF6\xF9\xE4-\xBA4ϿD{I\xBD\xEB5E\+\xA3-@)\xBF\x9F\xA6\x98>\x83\xEDhx\xBE\x96\xDEO\xE2'U�\xFE\xF5\xF7�`]y?\x8F\xE5\xDE\xEF\xC3K\x99�\xD4�W:\xB7 \xA4\x88\xB0\xF7*�i\x86\xBF\xD1�\xA6�\xEDH\x8F�\xA4\xD6m"\xFA\xD6m")qL|\x99
-�b\x92\xC6\xFE��\x91\xFBx\xB7\xF8!\xEE\x91@\xDD�\x9Fv\xE0\x98ÓŽ�\xD6�=\xDE\xEETK[\xAF\xA4� \xE6ÜB\\xA4�\xD7[\xBDb\xB9\xD3\xEBtg6O\x88\xB20�\xB4\x88\xBF\xB6\xD3;\xA7_2\x89B\xA3\x85\xBC\xAE_C\xACe\xFDê°œ~�\xA6Gf�?\x84\xBDp\xA4G\x9A9rx\xBB,�\x8D\x8A&G\xFE\x8A-P`$8\xD8\xF2T4kjU �\xF2\xFD\xBC\xCDi\xF1Ùµ\xFC4\xB7\x9DI;2\xC3\xDA\xC1
-hLD\x8D\xE6�\xB8\xE6\xB67bms\xDBv\xFD%\xA3e\xF0\xE0\x94�0\xA8$E�pԧ\xEE3�\xE2PM\x8AK�<�\x9F\xCB�*s\xA5 \xBD\x9F殞}\x95(\xC7>\xFA\xAE$\xF1}\xF9D\xF7]c at p\xFF�\x80�\xE7``�*\xA8\xED \xD4GS\xBA5"�\xBA\x83j\xD4
- ,\xDF|\x87�\xD7E\x86_\xBF\xD1\xD7\xF8 \x82\xAC\x81*\xFA�\x9Fi�\xBA\xF0\x86\xC9Tv\xAEx\xDFU\xFB\xAA\xBD\xF2\x81J*�\xEA$z\xA1R�b]QE\x8F\xE5T\xF1\xE3\xA2*^;\xB2WÅ‹#gUqx\xE4\x9B\xCA\xE6�> ��\xDB\xF6\xFD*nF@*\x80\xFEj3hR\xB5\xA5m\xF9\xB3t\xAF�\x93/\xEEا%z\xD8`%z�\x9B\xD2C�Ò£QY\xDBA\xA3�6r\xCF�\x96\xA86F�\xAA\x8D3\xECn=6.\x8F#ÜŠÉ,\x9F?h\xD6\xE0\xB4b\x9A\x9E\xE2\xAE\xCC\xFD\xB9T\xA6\xC3Z\xDD\xD4s*\xC1\x8D\xE1\xE6�\xB5\xBC%\xD8\xCE\xCE}yW\xFD\xA7�\x80\xFEt\xF7��?\xE1G\\xEAYc\x98\x8E\xBBoC\x80\xC4-v\xFF2\x9F�\xD3\xD3U\x9E\x82�
-gK\xA0\xC1\xE7\xF3\xFE\9he\xC7�\xF7\xE7b\xB9|̨}/\xE9;SLmљ\xFB\xF6 C>\xECYvw\xC5�aZ\xC3t\xAF\xC1\xB9�\xDB?\xA6�\x87^w\xEC\xA7\xEA\xD0}H.\xFD\xB7\xA0^\xA3\xE6\xFE7L\xA3\xEF\x9C-\xCE\xC4\xCAs\xFD\xFF\xDFX\xFF�rP\xC7\xE94]\xF8\x87*
-i\xBFÖ™\xF4L\xA1\xB4d�MY\x8F4d�\xA9Jfx\xFF�2Zß endstream
-endobj
-2536 0 obj <<
-/Type /Page
-/Contents 2537 0 R
-/Resources 2535 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2502 0 R
->> endobj
-2538 0 obj <<
-/D [2536 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2535 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2541 0 obj <<
-/Length 3085
-/Filter /FlateDecode
->>
-stream
-xÚ�]s\xE3\xC6\xEDÝ¿Bo\x91g\xAC\xBD\xFD\xE0\xF2#}r�\xE7z\xB9\xD4w\x8D\x9C\xB9\xB6I�him\xB1'\x91\x8AH\xD9\xE7\xFC\xFA��,EJ\xA4\xAE\xE9u<c.\xB1X \x8B\xAF�\x96R� jbc�g:\x9B$Y$\xACTv\xB2\xD8\\xC8\xC9#̽\xBEP\x8C3�H\xB3.\xD67w�\xAF\xBE7\xC9$�Y\xAC\xE3\xC9\xDDC\x87V*d\x9A\xAA\xC9\xDD\xF2\x97\xE97"�\x97 at AN\xBF\xBB\x9D\xCFo\xBE\x9D\xCDß¼\xBE\xFD׻ۛ˙J�\x95L\xAFß¿\xBF\xB9\xFD\xEE\xCD?.g\xDAJ@�d)\xA7\xBB\xBE\xFD\xF9\xFAG\x82\xBD\xBF\xCC\xF4\xF4\xFA\xF5\xCD\xFC\xF2\xB7\xBB�.n\xEEZ\xC1\xBA\xC2+iP\xAA\xDF/~\xF9MN\x96\xB0\x87�.\xA40Yj'\xCF\xF0"\x85\xCA2=\xD9\D\xD6���� \xEB\x8B\xF9\xC5\xDF[\x82\x9DY\xBFtH�\x91M\x85\xD5Q<\x99\x99H\xA4\xC0XeJ$J�Rb3��mZ\x95i5\xA4\xB2\x80\x85*\x9B\xEDp\xA3\xAF\xBE\xB7\xB6\x83 ó©‰8b\xEC\xF2rYm\x96\xEE\xE9X#Jþ\x92(\x99tÙž�\xD7b
-H\xA7;<\x95\xB6Bٸ/\xDD|\xEB�ůRjW_ΌT\xD3f\xE5p\xA0\xA7u\xB5\xDF]\xAAt\xBAp4Q=Г\xA4-]]\x83q\xA3\xD8N\xDF<\xF4V�\xE6\xD6\xED\xF2\xA6(�\x99\xD0Kݸ
-M-\xAB\xC0\xA7\xAC�\x9A\xDEz.\xD5S\xB1\xE4\xE59\xE9+\xEAj\xD6X\x90=�\x99Ic\xAF at Y\xAF�
-\xCC�\xEE\x99Di
-zP"\xB3VwTJ\x84zJ0\x99\x90&I\x98N\xB5�\x96\xC0\xDD\xFD\xBE/\x9E\xF2\xB5+Q&\x95M\x81|\xB1pW\xF0b,\xEF\xCBC�\xF2\xFD\xBA\xA1%=\xF5\xE0���\xE9\xA0�\x82�5\xC1?\xBA\x97\xFB*\xF7K\x96<Sn\xF7\x8D�Ú¬\xB1"\x952�r\x8F\xA3\xED\xCCL�nk\xC0\xB9{Û¯\xFBV\x8D\x82mÌ´\xCC7\x8E at d\xCF�\xD4\xED�\x8BU\xBE\xCB�\x8D\xDB��i\x801w\xF4D\x82k\x86-\xAA\xB2É‹\x92\x8Dl\x82\xC2\xFD\xDC2o\x98hS\xD1\xF3\x9E\xB9\xEFk\xB7$HQ\x82S\xE4˾((%�U\x86\xDDP\xD2a\xBD�T\x9B\x9C\xDE\xE1V0\x91\xF8M\xE6kz�\xEB\xEDÝ€.\x95\xB2\xC2*P�é’\xB0�P\xA5\x85,\xA1T\xF0\xB0\xA2\�\x8B\xBCA\xFD!\xF9f\x9574\xEA\xDB�!ÞŽ,ÒªÚ¯�|\xCFb\xE2\x9E\xC5I\xAE\xE3\x84�\xE9B\xC4��8\x9Bu\xBAX\xE3Y\xA7\xC5\xF2Y\xE7$\xBDƱ\x90Y\xF2�\x96�i\x80eWW\x89�2I\x8FX\xCE7\xF9�\xF5\x90&ÓºxD\xD7\xF8�,\x96B\x82 [\xEF.\xD3\xE9~\xD1Ô¬\xF8\x9E\x89d&\x8CV\xC1Ý—e]\xBB\xC5�I\xFCQ\x95n\xC0RI"l\xAC2\xC6G�\xF3<�Ye\xB1\xC2\xF7\x94\�'\xC0b4\xF0\xD3n[\xD5ES\xED^�\xEB�\x9D\x9B\xB1j�\xB1\xADa\xB4É›�jA&p\xD1$�&6\xAA�z\xF7\xCEÇ„\xF7�Ø‚[^\xD1�\xC4�\xBBR�\xDCf\xB1\xDE/]\xF0/Ì�n!4\xF0�i\xEA\x81Im9gnw�\xB8\xA8hc&�
-\x8C\x82R|X9\xA4\xA3}xkmX \xF0\x8E\xF9�\x9F�Õ¾\xF4\xB2\xE9lZ45a5ņ\xA4�\x84\x8Dkr\x8Ad\x9C \xCBܧ�P0\x8A\xF1\xCD\xEFEc\xB6\x80Äp�\xAF\xAAgf\xD6\xD0|��\x9Ar�>1.\x98\xBEXT�Q\xB3~\xFCk\x8E\xC5Ǿ\xEAZ\xDD<T\xEBu\xF5\xDC\xCE{'[\xBB\x9A3\xC5Mî‡\x96\xD8/�\x90\x91\x8B'\xD7Cdj\xF9\xC7�\xE6\xA0\xD0jW4/\xF4V=a6\xEC1\xF4�<�9\xFE\xEB\xE3 �\x97\x88U\xAA'\xF0O\x98$�\x8A\xB1Hd\xA9O3C\xF1\x97*a\xB3�\xB2y\x87\xC0i\x{971C29}\xCCZ.\xA8$<\x85u\x82\xE7*=[S¸cJx[\xE55
-\xEE\x9Dw��\xD5�
-\x95H�\x87\x84�s�\xA0\xE3(\xA5\xA6h\xAA$\xEE\xC3\xFD\xA0`j\xDB\xFD\xFD\xBA\xA8W\xDE5�\��b?\x86�\x85��\xE88\xF0X,5\x86\x8Cw��\x8B\xCC\xC4G\xC7Z/&Ę\xEEmb\x85N\xB2\xF8W~\x97˜\xF6\xD3�\x9FV\xFD]O�\xFD|�\xBC
-5�\x87IQql\x83-BH3
-�\xA0\x9B&\xC2\xCCI>\xD8\xE6usuʬ\xBF\xAAk\x8C\xB1\xA42\xAE\xC0�
-pc\xA3/P`\x87\xC2���\xACV\x81�W*:3\xAD���u \x94g\xAC\xBF,
-\xFA\xCB8-�\x84\xF4\x87\xA8^YD[��\xA6��\xBD�i{<�\x9B\xE9t\xF5�\xF3\xBFJ+\xE9\xD4x\xE4#\xED�;D\xAD�:Kغ\xA3\x9E\x8B��1udd�\x80Nj\xF3�\xF0gl%\xE1(6_\xE2\xEB��g,\xC5H\xC1P\xD0l\xB1|\xB2\xF5t\x84\x91\xAE\x9E\xAA\xD6\xD9epv\x9C\xF5J\x96\xE8\xEC\x97�\xF14\xF6\xAA\xF0\x93\x8C\xEE\xC9" \xF8\xB9\xEA uy�hz\xEC`8^\xD2\xF8�p|
-�\x82\xB4�qը\xE9��\xF7\xAA==\xDAu#\xE1\xF7\xE5v\x8Dl\x82\xB2|\x81a\xBB�\xC6-\xDBb�\xD3�\xE8\xCE]\x81BB\xABG\xAF�\x83\xA9\x89\xC8T\xB08\xC2\xF6e\xEB\xFF\xB0 m\xEEW\xF0ʥ[;\xF0�\x98\xE1\x89%\x95\xD48\xA4\x80b\x8A>~=�\xB5\x8D\x90\xA2<b\xCA\xFE�\xE9$\xC04)\xDEc3\xD1\xDBwwC\x96\xA4>\xE2()\x86\x83\xFC\xBF6\xD6U\xD7\xFCG �\xE9\x85\xF2\xAC�\xF5�\xACf�\xE1��m�"\x85}\b\xCE7�]\xAC\xF1F\xA0\xC5\xF2\x8D\xC0\xDD\xC0\xF5\x83\xD2"\xB2&4EM\xB3>�+M\xB0\xC0Oϋ�\x90�\xC4\xEA\xBA�\xF4�2\x96\xBA/V\xFF\xDE!�]v�M\xEF\xEE~dHE \xDF<\xC2;7\x8FqDU
-\x82J\xF7L\x90\xEFn\xE7oo\xFEI@\xB2O\xA8(kB(6\xDBj\xD7���\xCE�\x883[\xCB剧N\xC5\xF5\xA6'\x97\xF5\xBEFu\xBF�Q,\x93\xA3�\x87~o\x81��\xDE}YCAe…���\xCD9&+c\xC3\xCD L�n��\xFB\xB4\x91\x87Y(\xE8\x8A\xCD~C/\xA4&�P\xE7\xEB\x87�\xC9M\x87*n\xCD\xC7+\x8C\xE7\xEF\xAEi\xD0ג�\xAA\xBB\xEFV$\x82\x81N\x83\xF2\xB91z�`�#\xB4\xD8+�&\x9E}\xCA\xC5)n\xFF��ɤ\x82�\xF9\xB47\xD72�I\x9C\x85\x96\x9BZ\xD6\xE3K+\x96\x87P\xAE�\xFD\xD2\xDFM \xF5\xD6\xF0 >5\xBC\xE9\xA6�\xC0`�\xE8\xAE; \xB8՛\xB7\xAF\x86\xE4\x91\xE8(\xEA'�n C\xB2O\xD5@;ɅV\xDA\xDE� \xD6"\xAF�^\x94I5}\xD30RMS\xF9��c]\xD1KO\x9D�\xEB\x81&|�\xA1- 8t,�5\x84n\xE6>�5ݼ\xE1tP�\x8EO\x94\xE3%h\x86\xEC>\xD0z\xE6[\xF7\xE9\xAA_K>\xAF\x8A\xD0^\xE1�i\xE4�\xF2\x90$[v_�\xD4;m{]\xC3y\xF3\xB9X\xAF\xFBW&m5��rhĹS�͢\xFE\xE6�lw>\x8Bv\xB1Ƴh\x8B\xE5}\xB39\xB9N1\xC2@\xF5\x9Ee@�`\xD9u\xF2�\xDA8 q\xD0c\xF9~W\x94\xE1Z\xA9\x81\xE3�\xEC\xBA`\x8D\x85\xBB\xA8E\xB5\xD9\xFA�\xB6�\xD7�ƘN?s\xAD\xDD\xC5:\xA3\x91\x80\xE55\xB2�\xBB`:˲\xBD`:e9t\xC1\xD4c\xF9\xF3\x96jIc\xE3\xE9\xED\xFC\xE6\xDBW\xF8\xCF\xE0{\x82ח\xBEb\x80)\xCEC0\xE2\xA08\xA4#@\xCCi\x8A�橨\xF6\xF5\xFA\x85`t_ChT\x9C\xCDb\x9DM?\Z81\x9A�!5\x94�aDI�SRj\x88l\xE7v�� \xABe|t-��\xA4ҧE�\xE1.h\xB4\xC8K�\xF8#�\xE2\xB3~ƪ
-|\x9FVQ\x9F�\xD6�\xAC\x86��[�\xCC4\xC5�Y*ϰ3\x83\xFC$\xF2\xF3\x81Ƭ�r���E\x98g\x8B\xC5XE\xCF@�\x86\xCC�FK\xC8b\xA0\xE7�Na\xFE~�\xC0\xDB|\x97o\xF0\xCE�\xAFjl\xA4Z�\xE3AATI\xCDȇ\xD5|zq\x88Α\xC5\xF2O]�f6 \x9F](\xEF ���\xEF\xB3\xF9\x9BB\xAAE\xA6\xD2\xC1� ®\x93d1�\xC9\xF3(%\xBA\xB2\x9B\xFE\x82\xE7\x8DF\xA76 �F>M\xB5\xD1\xD9\xC5�\x8F\xCE�\xCBG\xE7\xD3Pէ\x84\x89\x92\x88\xB7\xBFvO\xEE\xA4\xEE\xCB at C�ng��H�\x82\xF5\x8En Z\x94Њ\xF4$\x9B\xBB\xA6>\xAA\xAD\x97\xEE~\xFF\xF8\xD8*\xD4�6\xAE2 \x9DK�}\xA6P\xEEb\x9DQY\xC0\xF2*\xFBt\x92\xD0\xC0\xBD\xC0
-γ�H�,{)�\x86\x89Q}\x96\xEFJ\x9Fz\x94\xE5\x8EèP\x90�\xA8\xADl`\xFC\xD3O\xD4 \xC1<ǖ\xF2�i'\xB5! r\x85{\xA9\xAF\xA8\xC0\xA3N
-\xC0զh�\\xF2\x86\xBE[\xF9\xBA[\xF5\xAA]EU\xF0�Q\xA0H\xD5!\xB8�l\xE6\xA8;\xC6��\xAA�{\xD7YŦX\xE7\xBB\xD3[\xDB\xD3 \xCE,t�Z\xF7c��\xB8\xBB\x8F\xF5\xC7ʫ�\x97\xBF\xB8\xFA/C�\xA2Π\x88Ԗ �J\x96P\xB3r\xCDr\xCA9\xB6`\x92\xF6\xB3�~��\xFA,d$ط\xFDT+\xFC%Έk*8\xEE!\xBE\xB2\xF3\xAE\xD9\xC5�w\xCD�˻\xE6�c\xAEy\x96e뚧,\x87\\xB3\xC7\xF2M[\x8ER\x89\xFCv\xFE��\xFE#\xA0\xC9�\xB9-\xE0z\x9F\xDAp\x98<\xB4 \xE1\x8B \xB7��\xA6\xF2\x86F\xFE\xC0 dt3\xFE1\xC1\xA1\xD3X\xE4\xD0\xE6\xD5-\xCF�\xB1{\xA4J=\xE2\xAF4�*&D�\xCC\xE5\xEB\xF5\xB8\x9F�գX\xCBf\x96\xFA�\x9D\xC6\xD3\xEFk�q\x9D�w\x8A\xE7\x98\xE2�\xABx\x95u=�f\xC2\xF3\xE0\xF1H\xA3:\xD0:\xF5;
-z\x8E�߯\x{1BEA99}\xC1�\xBF\xF8\x88�OK\xCBj\xD0٥�I�龳\xA7\xF1\xC1\xD9Q\xA4!g\xC7\xCEVD&V\xFD3\xED\xFF\xE1\xF52�\x91\x96\x9FI\xC8]\xAC3^�\xB0\xBCכ\xA13��\x90f!\xDA\xEB|}R\x98gp\xCA\xC1\xF1t^\xAE\x804 W\xEF\xEA"�&\x81\x9E\xB5'\xD7kW\xE2\xEF�00\x92t\xEAK(x\x86\xF2'9Ԣ \xE5l\x9D\xF0�D�<�O\x8EgW\xEE�\xADp\xE5\xA2Zz��(n
-K\xCF,\x9A^\xD3\xF42\xAF\x99
-:�k\xC5t\xCD�-+$\xEBc\xB5�\xEDF�\xA8jd8\xFF\xE9:�\x89.\xC2�|��\xFC\xF8\xA6�\xA5\xAE\xB8"\xB2\x90\xA6\xA5<\xAA\x88\xC2G\xF2\xE3o\xE4e\xB8GC9z�C8�\xBA�Çk\xA7G\xD2\xEF\xE1\xAB_\xA8�X\xC5m\xD15\xFEU\xDD\xE2�\xE5\xCF|Soq\xCE|Q'�\xEF\x8C�rF\xFC\xA1R\xF8-I\xD1x\xA9\xAB\xB2>\xF9��D\x93MlzN\xAE�\xE7D\xB0^\xFCC\x83hm\xA2\xBA\x92}�U\^�\xEB\xED\xAA\xD5}Pp0Ϧ\xBD\xBB\x84\xDE3l\xE7\xF8w�\xED%U×°�\x97c\xBF\xE7�\x99\xF1GX�\xBB\x96\xED\xF5\xCE�\xFF\xD6\xEB\xF0\xAB\xB6(�&�\xEB+u�\x87~�c�
-�\xA8l|\xEAHRh�\xEB�\xD9\xFF�(y\xAChendstream
-endobj
-2540 0 obj <<
-/Type /Page
-/Contents 2541 0 R
-/Resources 2539 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2543 0 R
->> endobj
-2542 0 obj <<
-/D [2540 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2539 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2546 0 obj <<
-/Length 2027
-/Filter /FlateDecode
->>
-stream
-xÚ¥XIs\xDB6�\xBE\xEBW\xE8\xD2)55Q\xEC$\x8E\xB2\xAD\xB4i�Û\x94i:i�\xB4DYl$R�)'ί\xEF��p�\xACd\xDA\xF1\xC1�\xF0\xF0\x96\xEF\xAD �c\xF8#\xE3X \xCC��G\x8A#\x81\x89�/w#<~\x80\xB3_F\xC4Ò„\x8E(\xECR].F?\xBF`\xD1X!%\xA9�/\xD6�^1\xC2qLÆ‹Õ‡`zw7\xBB\xB9~\xF9~�R\x81\x83K4 �\xC6\xC1\x9B\xE9Í»\xE9k\xB3w7Q4\x98\xFE2\x9BOB�IÆHi2\x89\x83\x9B\xE9\x9B\xD9ux\xF5\xEB\xEC\xEA\xD5\xD5\xEDÍ‹\xC9\xC7\xC5o\xA3Ù¢Q\xAC\xAB<\xC1Lk\xF5\xCF\xE8\xC3G<^\x81
-\xBF\x8D0b*�\xE3\xCF\xF0�#\xA2��\xEFF\0$8cng;\x9A\x8F~o�vN\xEB\xAB>0\xB8\x88\x91\xA0\\x8ECAQ,\xE3\xD8��FX �a\xC4 \x92\x8CF
-d\x94\xF8 sT�\xB2p:4TI\xB0/\x8A\xC6]f'"�\x91G$\xED\x88$\x98\x80wT_\xE4�\x9B4�o(�<\xA4yzH\xAA,пi\x90\xD8\xFD\x9B\xF9슙\xAD\xE5&\xC9\xECn\x99VfQmRsx{\xB7\x98\x908\xB8}\xB70�a\xCC�Ë«\xB0\xB7\x92\xED\xF6\x84\xE9A\xDFJ\x97E\xFDUZ\xC2|eNW\x85\xD9È‹\xAA\xA7f\xAA\x91�\xC7(�`7!H a\xC2\xCEq\x86\xF8:\xE5�\x9Bk\xF8Y/\xB2\xBCL\x97GCcvV\xE96} �\x8A\xBCD5{�\xAC#\xA4\x94�5\xEBw\xA5��\x83\xD5YiV\xC5^_\xB0\xBB\x9F\xB3e\x8D��\xEB�\xCE&$@)\xBAм~~\xC1\xBB\xEE'4�Õ¥��\xC6\xF1SC\xD4w�\xC8\xD6~24\xC0\x91X1\xC7C^:=R\xB3è£;è“ X룵90\xF6\xC3\xC2\xFA\xE2�&\xC8@\xCEH \xEC�k$ \x9C\xB1\xC72]�\xED\xB5\xCF:r4J!\xE1�E\xB1\x92\xCE�\xB4\xD6\xF7h\xD1�F\xCBS�8CTF\xC4Ap\xF4!\xC0�\xE7¡\xD4@\xADY�\xE6\xFF\xAEXe\xEB'\xB3N\xECY'�\\xC4
-\xADo\xB6ܘ\xE5ޘ\xFC\x98�\xC7rk/o\x92\x95Y\xF4\x90\x84\xDF�\xE9\xE8\xA4\xFE\xD8$\x97R\xA1H\xC6\xF4|%\xE8R=_ �*m\xEA\xD7"O\xC1\x85t\x9B�E�
-YL8;/\xBB\xA1\xF2�\xEF�L�\xC47\xE4PO\xFAbc3ª`\xA0,\xF2
-\xC0\xEC9\xB5^h]\xFBN\xB9\xB7\xBF\xCB\xEC!OWÏ£\xC7�\x8A �\xDF@\xAFCu�=G\xA5\xF5\xFF\x94>\x9D\xC0�\xC5O\xF2\xE8\xBCLG\xE4\x91\xD9/\xA4�I�\xB3\xBE\xD0\xF9>]\x9AP\x94\xB2 6X\x822\xA5Y\x95\x9B\xE2\xB8]\x99u
-�\xFC\x87\x8C\xB2;5x\x9A
-@\xB3;�K\xA4�\x86\xB4d"�^\xAE\xCDV^�\xB9'M)\xD3L\xB42\xDA{\xE9\xEA�v\xA2\xDA]5Û¨\xCFÖª\x9B\xD5\xC5\xC0\xE8\xA5s\x9A!F\xA2\xA8\x9F\xD0\xE9\x97d\x97嵺\xCC\xD5�\xAA\x82\xEB\x9B\xF9\xABÙŸf\xF3\xB4\xE2�AR\x99C#\x975�\xA3\x8F\xF6\xE9�m�\xE6\xC60\xD8�\xAA\xD2Òµ�\xC1\xFE\xBA8\xE6Vt\xE2�@\xDB%i\xE9\xE1l\x97TË V\xA63>{tM�\xF7�\x86F\xF0µ\x84AhC0<\xF3ʶ\x88ÌšX�\x87\xA7 !$\xB8h\xAE\xB4\x97K{\xDD\xC2\xDA\xC9�\xEB\xEEn�\xD2\xFE�=\x91-�\xAA�\xF3\xF58\xA4�),\xA1\xB22\x81�\xE3\xB5³\xF7\xD37w\xAFg\x9Er \x96Q\x9B�m�K�\xB2\xB6\xDB\xE2\xB3�C
-\xC8\xE4\xDD\xCE`�gZ|i\x96m\x99\x8E\xBB\xD1�\xA3�\xC51\xB7EXG\xC1~\x9B"`\xE2\xD1@ƈ\xC5RXZ�`�\x90\xA86Fx唺\x9EO\xCDBgk\xBDp\xAD}e(\xEF\x9F�H:\xDAH@$V\xAE%\xAC\xF2�\xBAx�,�L7�\xE8�\x826H\xC4\\xF5CYw\xE7W�K\xD0O\xD0."�\xE5\x91n\xB3z�\xA52\xB8L\x97\xC9Q\xFB\x92Q҂\xD3WGA\x99jZ\xD8\xDC\xD7\xC2(\x920\x9D
-Z�\xA3\xB4n\xAA\xFA=\xDA\xE8\xC5}Z\xBBHK\xD3q�\x91Ÿ
-F}\xAC\xD1\xFC\xD1\xDE1i\xAFW\xBBc\xD9\\xB7|\xF3\x9E\xC6���t\xA0x\x90λ\xA4\xAC\xD2C3-\x98:_\xAF�\xF6tk\x98y#!\xA9\xC3\xFD�\x9D�\x84\x98!�7\xE4�\xD4z\xAEh&\xA7,,\x96I;=m\x8B\xE2S\xD9�)\xBE\xA1\x89!��\x87\xE5\xAA\xD4C\xE8\xA9h�\x9A\xC2à �\xADM\xD3�ΰ\xCD\xF0vn"\x83�W\xCFd\xB8\xBEZ�\xEEjRY\�HÂ\x95\xBDzr=?3}.ÝŒ\xE2
-B\xB6\xDB�\x87\xAA)
-51 \xEA*\xC9\xCE\xF5a\xE7\x93~\xF4E�ETH��>G\xE893\xEA\xF9\xE1�Ù@��1\xE5\xFD\x81\xF7\x87I(\xC1r\x9Bd\xBAR\x98\x8CÖ› \xCC\xFC/\xCC\xFFn8\x98[\xFD�\xA9\xF7\xFE"\x8C\xF7k\xB0\x89\xC5gr\xD1G\xDAg\x8B̈\xE1\xAB\xEB?\xF8�d×¾\x97\xFDzO\x82\xE4\xBEx\x84\xB9\xD7\xFE\xB2r.<\xC8+\x85�ij\xE2�\xA0S\xC1Q�\xAF\xCEf\x94_\x9AØ€RW��N;\xF3
-<$��H"o\xFAu@\xF0\x8Cw�^M\xF6\x9An\xB5\xA4I\xC1\xC1|\xD7L'`\xB9\x9D�B&#(o\x8C\xF4]`\xB4_\xDBޛ/]\xF4\xBA\xF6\x99�\xE7²�SwM�m\xE9<9.\xA0\x81)�[\x8D\xF3d��$\x8C\x9Ek_\xB3\xA1\xF0\x80h\x9A\x8D\xB1�\xD9\xD4�73 \xEF\xF9\x9E\xBF\x9D\xE1\x8Dk\xF5�\xF7�
-]'\xD4q`�N\xDF \xC4δf\xED,\xA4\xAE\xBF\xC1\xDE*]'\xC7me�$�0 \xCAlYC\xCF\xDDdM\x9A\x81\xA4&\xB3C\x9C�ܾG\xE1�^\x96\xC7\xDD0\xB8\x8D�\x86\x93\xF6\x99\|\x85 {�\xC0r\xEFKi�v\xBEl\xF7\xA8|\xB6\x98|g�\xF1\xA4\xF9w\xD4�ګ�\xBD��\xF7&\xAB\xF9lf\xC0\x9A\xBE\x9E\xDF~{\xBE\xEA
-�\xBADǺ\xBE\xDAr\xC1T\xB7��ı\xAB�\x97/o\xAE\x8D�e\xA5\xAD`\xAE\xCE\xCA
-f�7�\xBE\x{D997}\xD9z\x93\xE4\xC7d\xEBKr�\xBA �\�\xF0\xC9\xD73�qU\xE0\xED\x8B+Ñc\xC6<\xFC8A\x94�\xD2\xD4�\xEF\\xAA�\x8AU\xD4Co\xFAn\xF1\xEB\xED\xDBs\xB0\xB9\xAA� \x91\xA76.\xE7O0\x86\xECl=\xBA*\xF2�\xDAavܵR9b\:gq��@d<\x89 ?\x82!J\xEA*�.7\xE9\xF2\x93+�\xB5g9\x8C,F\xE6
-P<\xA3Y�\xD3B\xC4\xDBj\xD3\xE1cj$\xA5\x91Y\xD5\xC7\xCDcXכ\x87\xE3!i\xBFI\xF4\xAA\xE9�\xBC\x96\xBF\xB8\x8F�\xC0\xB0}7�\xC5\xF6\(\x82\xE3\xEAX|ʋ} \xF5j\xF0\x90\x95��\xFDQHJ�\xFB?T�\xB0\x8F
-�m\xDF\xF8*\xE1�\xD4/\\xEE\xFF&Q\xD3x\xB1\xD1\xE9\xF9!\xDC|t\xAB\xC7f\xF5w\xB3\xB2\xE3\x99`�\xDE�+D\x89hzgv\xB05\xC93sr\x98[\x9BH\xB4\\xD7\xD96\xD5\xCA8�\xFBF\xDA×\xCF}'�`\xF5\xC7]��\xB8q\xC1\xFF\xFE\x86\xDC~-\xE7\xD0|\xE2\xE7>\xB9\xC0c�\xBC\xAC\x88SJ\x9BFD4T]\xB0XOd\x91G\xF7���\xE9\xB1endstream
-endobj
-2545 0 obj <<
-/Type /Page
-/Contents 2546 0 R
-/Resources 2544 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2543 0 R
->> endobj
-2547 0 obj <<
-/D [2545 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2548 0 obj <<
-/D [2545 0 R /XYZ 85.0394 573.4038 null]
->> endobj
-2549 0 obj <<
-/D [2545 0 R /XYZ 85.0394 309.4358 null]
->> endobj
-2550 0 obj <<
-/D [2545 0 R /XYZ 85.0394 249.0624 null]
->> endobj
-878 0 obj <<
-/D [2545 0 R /XYZ 85.0394 211.9585 null]
->> endobj
-2551 0 obj <<
-/D [2545 0 R /XYZ 85.0394 179.7548 null]
->> endobj
-2552 0 obj <<
-/D [2545 0 R /XYZ 85.0394 144.9999 null]
->> endobj
-2553 0 obj <<
-/D [2545 0 R /XYZ 85.0394 81.7046 null]
->> endobj
-2544 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R /F39 1161 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2556 0 obj <<
-/Length 1971
-/Filter /FlateDecode
->>
-stream
-xڥX[S\xE36�~ϯȣ3C\xB4\xBAY\xB2\xFAƲiK\xBB�(d\xDBN/�\xC6q\xC0mbS_�\xE8\xAF\xEF\xD1͗\xC4 \xECt\x98!\x92\xFCY\xE7\xE8;W\x99L1\xFC\x91i(\x90PTM\xA5\xE2(\xC4$\x9C&\xBB \x9E\xDEó\xEF&\xC4a\xE6�4\xEF\xA3ޯ&\xEF\xBEer\xAA\x90�TLW\x9B\xDE^�\xC2QD\xA6\xAB\xF5\xEF\xC1{D0\x9A\xC1�8X\x9EZ|\x98_|\xBF\xB8\xF8\xF1\xB7\xAB\xE5b6'\x92P�\x9C__/\x96�.\x9D\xCDi\x88��`\x8C\x83O\xE7\xCB\xCF\xE7�\xED\xDA\xF5L\xD1\xE0\xFC\xBB\xC5\xED\xEC\xCF\xD5�\x93Ūլ\xAF=\xC1L\xAB\xF5\xCF\xE4\xF7?\xF1t
-\x87\xF8a\x82�SQ8}\x82 FD):\xDDMx\xC8P\xC8�\xF3+\xDB\xC9\xED\xE4\xA7v\xC3\xDES\xF3\xEA(�p \xCA��\xA1\x83\x92)!H\x85!�\xF0�*$�e\x86\x8F�\x8Bۋ\x9B\xCB\xEB\xD5\xE5\xD5R\x9FƼ\xD3Q\x88\xA7s*��)5\xE0<ޥ\xEBy\xF2\x90&'E\xBEq/\xD0\xDE��\xE8\xCBH�/j\xBCAV\xB39c$\xA8�R=\xC0A\xF5\x92\xD7\xF1\xF3�LB�\xDC5\xB5]͋z�\x97\xEE\xE2\xBCΒ\xCAA\x8B\x8D�\xC4#zR,�\xA1\:\xB9F\xCF�\xED�G4�\xCAkW\xE4`L\xEF\x9B2\xAE\xB3"\xB7\xBB\xEB\x95\xED\x8C�\xA9\xB6{H\x83\x95U\xC7=p\xAAe\x95\xDE|:g\x94#\xC5�\x9F\xCE[\x9Aa\xDFǸ\xAC@\xFC\x9C��Ĺ��*\xFC\xEA\xA6(\xF5\x80�. at X\xFCl\xA7iY\xCEH��\xA593\x95A\xBC-\xF2{\xFB\xCESV?XT\xBC\xDD\xDA%\xABRe'Y\x9El\x9B\xB5\x97p\xF7\xE2Vk8�W"\xB8\xDCؗ\xF3\xA2\xFF\xAE�\xB9-\xAA\xC74\xC9\xF4\x83t}f\xD9\xE3}\x929eH\x84!w\xF4\xBDK\xEB\xE4\x9D\xE5\xA1}\xE2x \x9D�\xD0�G��Q!B\xB7\x97\xD6 at G\x969~�\xAF\xEDL�B\xFF\xAE\xD3M\xDCl\xE1$F\x98sN"�)f9_�u\xFA
-\x9C\x94E}V8xS\\x8F\xF8\x8B\xC4�s\xF2\xBA\xB7�\x8A\xBD\x8A^5\xB7q\x96\xDB\xDF*�s\xC7ujg\xC6\xF4ζp\xF0:}\xAE\x8D)\xB5;7Ƀ�\xC5\xD5�\xB9$\x92H\xF2V\xA72_'\xE8\xEF\xF4eD\xAD�\x83\xCFI\xE1\x80\xDA\xC1Fv\x83\xA1b�s\x97\xE5k\xBDY5\xB6�C\x90�\x99C:]c{X\xAB\xAE\x8ELke� \x84\x83q�V\x8E\x9B\xBA\xD8A %\xE0\x96\xDA\xE9hÔ³\xA2\x9Eݽ\x8C�\x80`�r\xB9\xE8\x9B\xE0tb\xD1I.\xF2\xC6\xD0\xC1\xC9ypq�\xC1 \xAF�"=W\xD6R\xB0�\x89\xA5J\xED\xB0s�\x98\xECb\xA7v�7 �I.\x84Bn\xE6\xE1�\x92\x8B�ZT]\xD8M7q\xB6\xF5A"�W\x98�\x93\x85\xC6QÉ\xB3(h\xF23=QA\xFA%\xCD\xEDr\xB6�QH@\xD6Q\x94\xBC\x9D;
-C\x90g\xF1Oqe\xF7�\x8FLҪ\xDA4[4�"�\xE1�\xB3\xAF�\xE2\x95Jbw\x80\xBBT\xFF2w>\xBBV\xB8_g�\xFD\xB8\xB5\x88^O\x9F�\xB7Y\x92\xD5\xE0O\x84\x90\xE0\xCC%[�\xB4I*\x87\xFC=�O\xC0V9\x83׺S\xF4\x8A�T0�!_\xED\xAEL\xA1;\xAC\xDB�IB\xC44\x94�\xA9�\xCB#uւ\xE6}\x94/\xB3\x87]G\x8B\xD2r\xE7�\xFB"\x85 at X\xC9WDzЈH\xBAg*�퉼.3\xA8-&\x9A\x92\xAA�M�߻a\xD5\xECvq\xE9�\xAC\xA9Rz\x90>g6͎\xB2á\xC8B\xC9{\x85\x9D�\xEA�;�e\xD8q):�{H�\xC97\xF4�}\x9D\x95iR�\xE5˾n�2\x9D B\x9DV\xAEE\x8Dh\xD7'�Z��\xAA\x88�ջx\xB0 \xC5t(X\xE9\x90�)\x8E!
-#!\xC6\xF4\xDDϸ�E2\xF4-RU\xB8Mu\xA12#W\xC8\xED�62\xC94\xA9\xB3/&ai t�\xB9\xCB\xE1�{�Xlk<\x8C\xBB\x94�\x93G{ �\xFD6\x95�Ep .\xF6s\xBB+Ë\x85\yvA\xDC+α\xF3\xA7l\x97m\xE3r\xEBV\x93\x96\xB3Ô¹\x96\xED�\x8E\xFA�\xE6�\xA4\xEA�\xD7\xEA@'<Ë\x8Cc}9�;0�\xB4C'\xE5yÌ¡<:l!B\xE0r o,\xE6 9U\xC6"zRl\xBA\xA7cE\x91!α\xF8\x9A\x9C+\xA9\xF2\x89\xDDY\xF5\xBE\x8Cw_�\xD6\\x82\xD4W\x93^�u\x9C\xFC�e\xD8<\x96\xF4N\x8Al\x93ޡȱ\xA47�\xD93@\xD1\xD4{\�\xE25\x94(\x8Ah\x9F\xE9\xB7u\xAA-\xA7]\xBF\xADg]\xFD2\x8F\�\xC4y\x91\xEB\xC6\xC8N\xA1\xEB\xDF
-\xE3I7\xE3\xC6>\xBD\x96EÏŸR�\xAD\xB6\xFD\xAD!\xFEO��\xE7T_\xE8^I\xCC}\xD4 �z\x94\xB1\xE0\xBF��Ô�\xDC\xEFN\x8A\xF4\xA0�\x91�ba(��\x8A\xBCNËŽ'\x97[\xEA\xB4r\xB6\xDC�\xFEn\xE0#\xC9\\x86\xF4`�W\xB5n\xBD\xF5\xF8\xDF"\xF7\xB6\xD8�Mg\xB1�?\xA0D\xF79\x82\xBD\xC5�\xE0\xDE,\xBB\xCC}\xDC�\xB0\xA5\x8C@\xCAis\xF4P'\xCC\xE1Q\xC6��\x98\x83A\xEE\x91\xEA\xB4H���90�\xB4IX\xB1\xA1\xC8_�Ò¼\xA3>Ó—Ñža4Ͼ\xC8�^\xDF\xDA�\xF8WÑ”\xB9\x8F�\xEF\xFBY\xDD榪\xAE\x8E\x92É \xF1W�H?If�u\x9C\xCC�\xA5Of\xF5\xD6\xF6\xDE�\xADB\xE8\xA2\xE02{R\xB4�\x8D\x88\xA6{\xF7�%\x84�\xCA6��(\x93\xC6\xDD\xF4(\xB2\xFE�+\x964X8\xA8\xE8\xFAiK6 \xCC\xCD�\xD6\xEE\xFC�\xF6��\xD2%>4\xF7}\xBDj\xBE\xABh\xD8\xE0r?\xA7\xDCY \xEEz]9�ƺ�\xC6�
-\x89 \xFD\xABWÐ�H\x92Q\xC4Ø°7?�F\x94!E0\xEF\x87\xD1~\xD7>\xE7p\xB7'rл\xDF,V\x9Fo\x96\xD6i~\x9E�\xB8Ù\xFCl\xBF\xC1\xFD\xEF\xAFV\x83:j\xBD\xB8�\x9F\xAD|�\xEDʨ\xEBv\xEA\xB8n\xAAa&"C\xFF~[N\xDF+\xD4\xD8m ^P>eU:N\x8EW×±c#\xF5v\xB1\xB0/\x9F\xBC\xBD�9cKJ\xEF\xE3\xCC�pË\xE0�9\xEB\xF5h\x96)�\xDA\xEDc\xB3�S}\xCF�\x97`\x8Cx3\xBE\xBF\~\xB0\x9B(\xA7\xC6z\x97\xE5�\xDA྅K\xCB7\xE9Æ‘\x90'\x8E\x87Oq\xDE\xC4\xDB�u \xA4#(\xBB⤗0\x98@\xBF>$\xE2\xFC\xF3\xEA\xFB\xAB\x9BS�X\xB7\xB8Ì¡^䩳\xE8\xED�\x94\x8F\x9D\xB3\xD5E\x91WEYgÍ®��]��\xFEJ g\xE7R\xD0\xF6\x8B\xF2l�\x81~\xC0\x9F\x89
-}�\x85\x8EFHÛ¡,]\xC29Ôa\xE8{0\xD9wY\xBD\xD1\xD0<\xC5\xEE1Û¦F\x80\xED=(\x95]>\xEE\xF7#\xAE�\x8D\xB7\xD9:\xAB\xDB\xCE�6m�\xB97
-��4\xAAu\xBB^�\xC5\xF6\xD8\xD7m�7�\xC6Ʋ"n\xAD\xF3\xBF\xBF|w�\xF9\xE1*\xC6t\xAB6\x9A_\xA9�\xF5\xB7�\xE1\x95\xD2\xE4\x910:\xAC&\xEE�\xF9\xA1\xEE\xFF�:\xAD\xEA#endstream
-endobj
-2555 0 obj <<
-/Type /Page
-/Contents 2556 0 R
-/Resources 2554 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2543 0 R
->> endobj
-2557 0 obj <<
-/D [2555 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2558 0 obj <<
-/D [2555 0 R /XYZ 56.6929 751.9581 null]
->> endobj
-2559 0 obj <<
-/D [2555 0 R /XYZ 56.6929 608.6139 null]
->> endobj
-2560 0 obj <<
-/D [2555 0 R /XYZ 56.6929 322.9834 null]
->> endobj
-2561 0 obj <<
-/D [2555 0 R /XYZ 56.6929 258.3082 null]
->> endobj
-2562 0 obj <<
-/D [2555 0 R /XYZ 56.6929 193.633 null]
->> endobj
-882 0 obj <<
-/D [2555 0 R /XYZ 56.6929 153.54 null]
->> endobj
-2563 0 obj <<
-/D [2555 0 R /XYZ 56.6929 120.0237 null]
->> endobj
-2564 0 obj <<
-/D [2555 0 R /XYZ 56.6929 83.956 null]
->> endobj
-2554 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F55 1321 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2567 0 obj <<
-/Length 2595
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDDZ[wܶ�~ׯ\xD8G\xEA��\xC1\x95\x97GŖS\xA5\xB5\xACDj\x93S\xD7�Ԓ\x92\xE8pIyɵ\xB2\xF9\xF5�` .\xAF\xBB\x92\xBDM{�\x9F�\x82\xC0p0\xF3\xCD`.в�\x85l�)BE,�a,\x89\xA2L-\x96\xAB�\xBA\xB8\x87\xB5�N\x98\xA5\xF1�\x91ߥ\xFA\xFE\xE6价"\\xC4$�x\xB0\xB8\xB9\xEB\xF0\x8A�\x8D"\xB6\xB8I?xgWW\xE7\x97o.~=\xF5\xB9\xA2\xDE\xF7\xE4\xD4W\x94z\xEF\xCE.\xFF~\xF67\x9C\xBB:\x8D\xB9w\xF6\xC3\xF9\xF5\xA9\xCFB\xC6��1\xAA\xE9�\xEA]\x9E\xBD;\xE3\xBF\xFE\xCB\xF9\xEB\xBF\xFE\xF3\xFD\xE5\xF9\xE9Ǜ�O\xCEoZɺ\xD23*\xB4X\x9FO>|\xA4\x8B�\x94\xF8\xF1\x84��Gj\xF1�/\x94\xB08\xE6\x8BՉT\x82()\x84\x9B)N\xAEO~j�vVͧSh(���\xF1p��\xCE�\x8C\x91X)\xDE\xC3C\xC5$�\�<\xAE\xB7e\xF5X\xE7\xF5P\x95 \xE4�\xC04��\x88\xA3`jk�Xs%a<i%J\xA8�\xD4\xFD.�#\x96dSVrTZ\xAA2Ye\xA9\xBF|Ȗ\xBF\xFDQ\x95٩�\x80\x91>\xF8\xE9G7zhG\x9F\xDA\xD1\xE7v\xF4\xA5�-\xB5^߽U\xA2\xB3#�"�\xC7�@5{-\x8B\xA4\xAE\x91\xAC'�\x8FI�\x85\xB1\xA5j9\xDEMp�\x8AD\x81R\x96\xF4\xAEZ\xAF\x92f\x82c\x9F\xAC\xE5\xF8\xF6x�\x81b\xE1K��)d\xB0\xF0[\xE3\xC3\xE2�?\x9F\xC2B\x90X{*2XUi6\x85\x84!\x92C\xB9;(\xF7^~b\xC8o\xF5m\xFCF\xF2\xBD;\xB2|\xE5\x91\xF9U\x87\xED\x9E�\x99>
-�<eH"N\xC3!\xCF\xF5�O_\x84\x94�\x8Cr\xE7�\xEC+\x84\xAD�
-[7\xDB"\x9B;GÑ\xDF\xF5\x91\xC1l�\xF2K\xF3u\xB6l\xAA\xF5v\x82\xA9\x92$\xE0\x8A
-\x99\xDE�Yȧ\xFF\x84\x90o\xEC\xB1�\xB1N!\xC1\xE8\xD8\xFF\xF2m\xC7~\xA0\x84�\xC7\xC6%\xCD[\xD7A\xA7\xB2G�Æ„q\xE0\xFA\xF5Ù£\xCBb>{\xB4T\x9D\xECQ\xAD�A\xBC\xE9\xFC\xF1�YC1-\x91\xFA\xBA\xAC\xF1\xFAȱ\xED\xCF\xC9B\xBE\x88B\xA8?\x82\xB0\xEFS/e\x9D�Y\xF9\xFF\xF5\xC4s\xECD\xB1>2\xBF\xA3\xC5r,7(%2\x8E\xF80\xEE4\xB3qG\xFE\xFFGd;\x9A\x8A\xBD\x81"\xA1�\xF2+<k\xB2b\xE8�\x9C=�\x83/dD\x84�A\xBF�\x98�\xE8\xC3\xFE\xC1\xE7\x92\xC4T'��Q\x81BT\xD0ß¿9\xBF~\xFD\xF3\xC5\xD5\xCD\xC5\xFB\xCB\xF6\xA3ݦ�\xBERPm\x8B\xE9\xBA�?\xE0Ý€.\x89\xE4a[\x9Bk\xCAZ\xF7e\xC2k�2=\x90^\xBD-\x9B\xE4w\x9CL\xCA�'\xF3\xB2\xC9\xEE\xD7y\xB3\xC5\xF9\xEAή\xE3*&�=\xF1/Jy\x91A;'\xA0\xB3\xBBhp\xF21[\xEB\x986\xDA\xC8\xC0\xA2\xA7vrH/\xA9'\xF4�Є1Î\xDCF\xCF \xED|\xC99�\xD4x\x90\xA4\xD3*\xD3\xCC#\xE9==d%\x8E\x8A*I\xF3\xF2^\xBF\xA0��\xAA�\xA2Kƽ\x9B\x87\xBCƵU\xF2[6%��\xC1\xD1��\xBB"�\x82>\xE4\xB1\xF3\xA4M\x9D\xDDm
-\xDC�\xC0\xC1\x81\xF9\xBC\x95Ê¢
-\xF3\x88\xAA\xD5\xE16\xD3\xF4,\xF2\xEC\xE2\xB2*\xF5\xFA\xBD\x8F\xF1\x82Cq %�@\xB0Y#[h\xC0�\xFF�\x8E\xC0\xA8�\x8E�|\x94\xD6"Ô«\xB3\xF5\x97l}�J\x8FL\xBB�\x8BH \xE3\x99z`\xAC|\xAC�g\x81;ʈ-ì’¯\xF2"1\xCA3\xAF\xA9&v\x82��q�?�dЙr�\^iΑw\xBBip\xBF\xBC\xC1\xAD\x92\xE2)\xD9Z�\xD2\xCD\xEA\xD1�\xD13a\xDD!O5\xB8MV6\x8E\xA0\xB2\xDF[\xF1�\xB3\xA5C]\xC0\xC6R\xA8>\xEA\xB96�x\xAA/\xA8\xB2F\xD4\xE3 \x90ǹ�_5\xA3�-\x96 \xDA�\xC3\xD0;KӼɫ2)\x8A\xED)cL\xAB%Xl\xB41L��\x8B\{\x87aÕ¬\xF3e�\xA63K�*\(\xB2/YQ\xE3\xF4\xED�\x9Fiv\x97l\x8AF\xF3\xE3\xDA�\xE52\xC3�\x83\x84\xFEJ\xA3c4\xA4}ͪM\xF3\xA8Q���U^�8\xBA\xCD\xF0 Î\xE2(\xA9\x{DCF4}\xCFe\xB3I,5\xA2\xACG-4��\xA6\xFB\xFAv;\xE1�����
-u ��\x8Aq�\xA9\xCCE�\xF7~1\xE7_\xB3^%\xE5\xC6 j\xDE\xFA�\x80\x89
-�X?\xE5u\xA6\xB1�\xE8�\xF6x�\x84K]9w\xA3\xBC\xC5Y\x9F�\x87\xB3�\xAF6uc�X\xE3V�7uk\x8FZb\x89\xD1r\xFD\xB9桪݉슈\xA7\xB7=\xCFS(�1\xA1,��\xA1$\x88\x8Cd\x9B�l(٬�\xEDp\xC8߅\xF4\xA9\x94%(\xD7Wbq?g\xBD7\xE9\xEAzt}g{� )+
-!\xA7\xEEmL\xBAT\xEE\xB6mܘ\xB4Tz_?�n�C\xBA\x83`\xB8KG4\xB1e/\x84Å:\xD5`\xCB\xF32\xB9-\xAC\x85\xD2\xECvs�q\x96\xCCi.t��E\xB0_\xF3.Õ¼\xE6-\x95\xD1\xFCaN\xF3\xBD[\xB6\x9A\x8F\xB7\x9CÒ¼\xB7\xE5�d\x94f\xE7\x81f\xB0\xA9\x93{ç®›\xD5*Yo\xAD;\x97\xD6g\xB3\xDF\xF3f�\x9D \xEA\xBD TÛN\x87j�:\x8EÊ \xF3y�\x9D}[\xEE\xD0�m9\x89NwËŸ6yf\xD11%\xA8�\xF9;�p\xB4l\x97\xAA\xD2\xC6\xF6yt\x84$4\x80s\xB7�\x9D�\xD5�t�\x95A\xE7\xCB��A\xA288\xB0\xA5#\x9Aز\x87N\xA4�\xCB`\xCB)ßr\xA3nc�Ö—s\xB1
-�
-\xB0�
-^Rz\x89X\xB8\xEA\xE3\xD1TO\xD5\xFD:Y\xBD\xC8=\xF5\xAE�=�\xB6\xBAT{�਌�>\x8D�\xC0H�J\xB9KG4\xB1e\xCF �\x81n+\xECo\x89y\xD0$\xA4\xB6�\xEE�\xC3�\xF4\xB4M\xCDz\x8CUg\x92�\x88?U\x9Bu\xA9\x93\xBA\xC9J\xD6r\xCE\xC5�Һ\xA9gA\xE5!'\x91\x82\xBC\xB1�\xD4.\xD5<\xA8-\x95�\xD5]2\xA9\x9E\xE3�(\xD4FwL]\xC1�Dw\xA6\xA0 \xDF+YK5!Z�|�U�\x93\x94\xF5e\xBB֩\xFCn;\x80�\xC5�\xB9k�\xDDT1\xEA]ص\xB2jF\x85\xC1+k3\xCE\xE5ť\xFE\xBF\xB5E\xED\xAA
-\x88\xCAY:o�É¡\xB2\xE2\xEA\x801:T{\x8Cᨌ1\xF2 c\xE8�E��\xFA\xF4\x9E)\xA0Ç \xA1\x92\xFB\xE5j\xA9&�\xEB\x99�z~\xAA-Г\xEC
-[S\x80VB\x9FZÕ\xAF��\xBE\xDA\xFAT\xF6\xBA_\xBD\x80\xED\xAA.)\xA3Ø»\xAA\xEA:75\x80\xA6\xD4z\xD4H\x95\xD8&m\xA26��\xA8Mc\xE7\x87\xDAP\xD0��\xC6`\xE3\xE0\xC5a�\xA2\xB6l\x87!{5\xC1^B\xA4\x8Db1\xE0\xEEk)\xE1\xA4\xCF\xEC�@U�\x84\xACm\x9C\xC6l\xA1<
-\xC0\x99�\xD6\xEF�4\xBF\xA2Z&s\xE2Cc\xA4$S{�K�GLv\xC45\xEC�\xC9�YW\xB8\xBEP�\xF0\x894��\xA1\xC2.\xE3�,:'&\x870\xD9��,\xF6\x99
-�{s?k\xDA],\xF6ßµwJ|py�\xF4\xFC\xF9F\x8D%�\xDC\xC3�\xA9[/\xDD+h_z\xF7+Î �-\xB1\xE9O\xEB\xEE\xE4\x9Di\xF4\x80Vw\xA6z\xFA�_\xAB\xB5}\x85\xFF\xA6\x98 \x95\xF6\xA5[\xE8t\x90"/}\xE7\xF1
-S\xA2\xE1\xB4i\xFC\xEA\xCEw\x89u\xE1+\xAD&�\xFD\xFE�Ú”F\xA7\xE1Z\xFB\xA4
-T30\x99\Ì£\xA1\xB9\xE7\xCC�\xBE,\xB8�\xD5TI�,\xDB�#jpÚ¥\xA7�Nz\xF2\xE9!_>t\xD7
-d&\xB8V\xAE\x8F\xF2w\xE9\xAEU\xC4y ��\xAA\xBB\xE79\x80\xFE\xBBw[e�v\x80hx
-'x\xE4\xCC�\xA3\xEB\x9FO\x95\xF2\xFE\x81/c�\xE0q\xCF�\xF4\xA7�>\xCF\xF0Q\xD9i\xEB�#&ȣ\xE3�@\xB1\xF3�xA�МF> E�$\xD2~ \xF8\xAF\xFA@�֟\xE4��\xFC\x80�A\xF4l?\x80r6�]Ⱥ@\xC0U \x8De\x91ݷ�\xB9\xF2\xA0\xB56\xCF =U_\xB9\xC0*g�\x83~Tv�\x9Db\xCC�\xE7vN\xA1\xDF:\xB8�\xAEVV\xC6)\xAC7\x84D\x84tp\xF5\xE5\xFC�܀\x8D\C\xC6\xC2\�뵤\xA8+�\xB5\xC7 \xC6\xF6�\xC0\xE8\xBE\xD8X.I\x9A\xA2\xB0\xB5%��
-\x984Wk\x86\x83\xF9\x8C{;1VI\xA3] W\xCD\xC5
-\xB2\x85֣\xC9k\xBC��^tݎʴ\x87\xBCH�\xB8\xB7"\xA1�ًܛ\xEDuo\xB4\xF8\x91=\xDB֚\x8E\xF6\xC1\xDDQ\xD5\xD5*sN�\x930\x8C�\xBFl\xC0M>or�\xD8v \xED\xB4+\xF9_
-\xD9æ¸Y9\xC0Ôˆ\x837\xCE=RwÅ•t\xA0\xEF�\xC4\xCE^ÏŠ\xCDT\xB6\xBF\xE7xnM$ \x8F\xA4<Td\xB0H\xB2\x97W/<h\x8B\xDF4\xAF\xED-\x92�\x9E\xFDP\xBFp�\xAA\xE8\xFC\x89�f\xF1>[\xECJL3\xDB^Y\xE2�\x82\xAB�\xE2\xA5>PL\xFEi�У`d�i\xA3\xB2nØ‚��\xBD\xB0\xFEz~\x94\xB7��Z\x9B&\xFF\x92u\xEFF\xA0�\xE1\xBA\xFB\x97\xCF
-\xC5\xEC\xB9� \xB4t\xFAb\xB7g\x93zt\xFA\xB1\xF4\x9F\xF9e"\xF0\xD0?'\x9C\xE8Sh{o\xFAÍ¿Z\xDC\xFD at SBä¢\x99\x9B�A!\xCB
-8�V(\xAD�S\xF1P\xF4\xF6\xF7\x8Dc\xD9\xFF
-\xECsC�endstream
-endobj
-2566 0 obj <<
-/Type /Page
-/Contents 2567 0 R
-/Resources 2565 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2543 0 R
->> endobj
-2568 0 obj <<
-/D [2566 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2569 0 obj <<
-/D [2566 0 R /XYZ 85.0394 749.1077 null]
->> endobj
-2570 0 obj <<
-/D [2566 0 R /XYZ 85.0394 598.1922 null]
->> endobj
-2571 0 obj <<
-/D [2566 0 R /XYZ 85.0394 456.267 null]
->> endobj
-2565 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F41 1218 0 R /F53 1313 0 R /F22 961 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2574 0 obj <<
-/Length 3016
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDDZYs\xE3\xC6�~ׯ\xE0C\xAABU-\xC7s�3\x8Fk�\xCE:^yc\xC9\xF1Vl?@$\xB8D�$d�\xB4\xAC\xFC\xFA\xF4\x9C88 \xB5+=$)\x95\x8A\x83Fc\xA6\xD1\xF3\xF59 3�d&�\x94(\xAAf\xA9\xE2H`"f\xCB\xED�\x9E}\x82{ߜ�dz\xF0L\x8B.\xD7\xD7wg_]\xB3t\xA6\x90Jh2\xBB[w\xE6\x92�KIfw\xAB\x9F\xE7_#\x82\xD19L\x81\xE77o\xDF_]..\xFEvu\xF1\xF7}su\xBE )\xA1d\xFE\xF6Ç\xAB\x9B\xCBw�\xCF�T`\xE0�f\x8C\xE7\xEF\xDF\xDE\xFC\xF8\xF6;K\xFBp\xAE\xE8\xFC\xED7W\xB7\xE7\xBF\xDE}{vu�$\xEBJO0\xD3b\xFD~\xF6\xF3\xAFx\xB6\x82\x97\xF8\xF6�#\xA6\xA4\x98=\xC2�FD):۞q\xC1\x90\xE0\x8CyJyv{\xF6\x8F0a\xE7\xAEy4\xA6
-.$�\x94'\xA0�\x8E\x98`<\xAE3\x82RB\x80)\xE5\xB0��mx\x9DQ�ә\xE7\xD2:[\xAC\xF5\x8B~u-D\x87S\xA1D\xB2�&\xD7�\xEBj\xBF͚\xA1:�\xA6\x88r:\xEB.y$\x98g\x8A�F;\xCB�\x9C"JA�=\xC9n�\xF2e\xB1~\xB2\xDB\xD2lr;pҘq\xB5�\xDC\xFCw\xB5s\xA3_0\xA6e�\xFB\xCB�\xECiU\xD7\xC5}ٛ\xA1\xB6�\xD9\xFE\x9C\xC8ynu\xD0\xD3�\xE5�q\x8C\xBD�~\xA1\x947\xF9\x9F\x8D\xFEu\xDC\xDDW\xA0
-aA</�x\x95\xAF\xB3C\xD9\xC0\x90\xB8\x95v\xAB\xC8*B\xA1T\xB5�\xC2\xE4\xFB\xECql\x8D��"\xA9\xE3EG u(H\xB1D\xF0/O@\xA5\xC35��\xCFe\xA0r�\x81
-!\x88\xF1\x94\x9F\xC0
-C
-�9-Z\xE0\x8A\xC8\xD6G\x8BDR\xA6\xA4/\@�\x93\xDC�\x82I�Т\x89�-\x9A\xE6n�\xE1\xD0<��K\xB4x\xB1\xF4ZO\xA5 \xF9
- �\xEA\xEA \xA8\x9D\xB4\xB6\xCC\xE3 b\x84"ƈ|�\x80�x�I\xD4�\x82\xCCRQ�-X\x8A�Æ„\x81� RB\x90/\x80\x921\x93\xEBj�\xB3�\x8AT\xEB�v\xD96_-\x96\x9B|\xF9\x9B1\xB6\xE3\xA9%�\x81\xA9p\xFCo\xBC\x85�\xCE\xE0VU\xEEF\xBBÊ™\xF12;Ô¹7�g\xEF\xF9Z\xABu\x9D/\xBD\xA1�ve^\xBBq\xE1�\�\xB6�\xF5\xA8�XV\xBB&\xDF5\xF5\xA8\xA1$\x89@\x8C\xF0�>\xB5\xCB5n(\x81\xCB�\xCAoqC\x91J0\xA7\x97m\xB5ʇr)\x8A\xB8\x92'\xE4\xF2L�\xB9\xBA\xBB\xA0R\xC4S5\x90\xEBC\xBE\xD7Øl2\xF8]L¦iИ-^\xE8\xED\xAEG0\x94\x82$\xC4{.\xC3nL\x82\xCC�\x8Bf\xA3GÔ›�éš”%\xAC\xB3\xA2<8\xD31�\xAD�mm\x98\xF7\xAC\xCDÞ¨\xEDt�\xCE:\xE5H\xA6\xB2\xFB�z\x85�\xC9��\
-\xC0?\x98���]\x88�1\x97
-f\x8D�\xED�D\xB5}(\xCA|\xC4$\xF4\x9EQ*[\xDB&o"\xF3JD\x95\xECz\x8B\xC7l\xBF�\xF3��`\x97�;\x8BÏ–\xFBÙ†|*\x90Q\x81H"\xBA�P|\xDAU\xFB|\xEC���CÙ©X\x96P�\x82\x9E0\xD0\xC03a\x9E\x96\xC7�\xE76f\x9C�% WS\xC6)�M 3\x99\x90ȳ�IÔ^�R"Å»"\xB5\xB1�\x83\xF5lr0\x9B\xBD\xBE\xA0\xF3\xF7�-\xD1�Y\x99\xDFUm\x89\xF5\xA6:\x94+;\xBE\xCF\xED�fCsGl*ǘ\xBB\xBB\xC5\xDA\xDD\xD8\xE4n\xB5,Ø \xBEX\xAD\xECe]\xE7\xE06�<\xE9�#L`\x8D�T�\x96#�hL\xF5Mh\xDCBI\xF2<\xDB��qÈŠC\xF8\x88\xF8*\x88G\x84\xBD\xCCN>?-{�\x9A\xF9)4\x8BTg\xF3BL\xE3\xB9\xCB5\x8E\xE8\xC0e0\xFD>\x86i\x81RH\x8F\xA60\x9D \x96r2-\x97g\x8A\xC8\xD5\xC75$\x82B\xF0\xBE`��\x8E �\xCE,\xF6\xE07\xB3?�Ùœ�\x90m\xEFY\xDA:\xDF\xD7\xF6\xDA\xE0\xB8}\xF4B�w\xC8>Þ'\xDC\xF1\xB1B\xF3\x8E\xC7
- \xEE\x98\xC9\xCF\xC2#\x9F\xC0c\x82�K\xC53\xF1�\xBBG\xF1x\x96\xA7��\xCF\xF28N\x87!ëµ \x86B�9�Ì–i�\x97\x8E\xC9\xC0r\xF7\xA2<hJ\xA8\x90�� �Ë‚\xBAB\xB5e%c\xC6Ùž\x93\xB9\xF1\xB7\xFA\xFA\xE6\xD6\xFE�\xF9[\xCAh\xF0\xB7\x9AA\xFB[M�\xFEV�5N
-c\x9E[\x82Ƽ&X\xAB)\xC1\xDFj\xF2\xD0\xDF2,\xBA\xB5*\xF3\xFE\xB6\xF7d��`\xE9Rb~�\x8D)\\xA7Hq\xF1
-�\xC4ke>\xEA3<\xBAP\xFF\xFF\xA9�W0`I2m\x93]\xAEq\xA3�\\xC6*\xAB\xD3e<\xEC\xA8\xD6\xD2Q!\xAF\x91\x96`5-\\xE0\x8AH\xD7���#\xC9A�=\xF1~:O\xF9|_4Ú¥3\xE2\xEA9\xC6p[\xAE3\x93Ù˜w\xE0Ý·\x85H%SJ#\xEF0X\x98\xA7HR\x9C\xB6\xD5/\xD8\xCC\xFC\xDD:2%�+�\x8A\x9F\x9E�6�^\xDB'�E�\x9B��8 \x81b�\xB3�D\xD3\xD0� \x9F\xB1\xB3/\xFBèµm$�R\xDD �\xB3�3\x81�\xDAq/rgjm\xCD]\xB8T\x8DB\xA9\x96(%\xFA�b\xAB\xA7h\xAA\xFDÓ”\xE5$ \xE2�\x93/6\xF9qxs \x88\xA3'BN\x97k�Þž\xCB(v\xAA\xA1�\x8D9\x90\x95\xCBDN\x8B\xE5\x99"b\xF54\xE0ꀞX.�\xA2\x8A�M\xC3 �e\x94\x8E�\xA6\xBD\xA9\xBA\xB1B\x93\xEDEÖ˜`�\x84\xAC\xB6\\xABµJ,î\xB1\xB7\xEF\x9F\xEC\xEF\xE5\xCD\xED\xEDÕ…e\xBD?\xB8\x9B\x9D\x99�D+ at BS,\xB3�"a\xF9d\x89\xF9\xEF�\xB86\xCC\xC5Î’�ʬعܟA\xB9\xA4\xA3o�O\xB0�r=\xF4^\xBF\xD5Ç°\xC9n+! �\xB0\xDE\xD7J\xCA\xFEw\x8B�\x8EAv\x9E\xA6'�\xA3\xC35a�\x9E\xCB�F�\xF3\xFB iF\xBCS\xAA\x9B\xA72V%H�rO
-\xE6\x99"\x82
-\xAB\x84T\xB1\xB4/Y\x9B\x92I\xE5:y
-;a�\xCD4\xFA\xBB\xF7t\xE7\xCF���]\xC7�F\xA1\xE9ϩ\xB2 �D[�\xFA\xF9j\xCB9\xD5I"�\x82y\xAF:8\x94\xE5x۟s6\xDE\xF7\xD7KE\xB1\x93`$ <ݾ^fM\xF1\xC7�z8\x87\xE0\xC0\xD2.z@\xD9�\x8A�>\xB0\xC3;\xD3tc\xE0�@n7\xF2mp�\xDB\xE0 \xC1,kG\xA9�E\x93\xD9�\xCA\xF2\xDA\xC1\x83\xD1Q\xB5\x84\xEC\xB4\xD8}\xB2\xB4\xEC\xD0T0\x93v�\xDAShҽ\xFB\xCD\xDCd\xF9C\xB6\xCF�7Y\xBD\xDC��&0\xA5b\xFE\xFD\xCE��/`e��\xFAMp\xFF�6\xA0\xB47\xC0#\x88g\xC6\xCEYZ�YJ\xFBVd\xEEC޶
-
-
-\xA0n�\xE0\xDA�\xCEs\xAE\xFC;Z{\xEE=\xD6l�\xB5\x8B\xAC�\xC0L\xAB�\xE2\xF5\x81\xE7\xF9\xAAh\x9C"\x88{kl$uq7\xDE>\xC7\xFD\xB6\xFC3rO�\xB1
-�\x98\xC6y\xAA|\xE3�F\xB6q\x9E\xCA\xD08O\x95k\x9Cà \xDF8�Bh\x9Cøp�\xFA\xC6y\xEAM*
-f�\xA3\xB6q\xBE`*\x99\xBFk\xDC�e]uD1 \xF4\xC2\xF6v/4\xF67\xD9�þ\xFE6\xCFvF\x89\xA6\x8F?<\xBF\xF3)\xDE\xF0\xA0\xAF���胔Q�\xCA <$\xF2\x94�\xEDr\x8D{\xD0\xC0e<\xE8\xED\x8B\xEA\xD9I\xB9BA{,W\xAC\xA2\xED\xC9\xE5\xBB,\xC2u\xF8\xE07\xB3?\xB7?\x9C�1\xFF\xA7\xBD8j\xB5\x88A\xAB�xL\x82\xD9>�Z-\xA2\xD7j�\xA125\xBC�\xAD\x96D\x9F+\xBCb\xAB\x85\xEA3\xF0\xE7\xB6ZR��\xE6q\xABE�>\xDEja\x84\x8B/j\xB5\x9C\xAC\xEBt\xFB \xD2)6\x8D\xCE.\xD78:�\x97Ag�M| �^ \xABb�~Ag\xFCGu�$\xC8$Q\xD3\xC2�\xAE\x88t\xFD\xBA\x8E#\xA1$\xED\x8Bw\xB1\xB1\xF1D\x9B0\xC3*^\xC2q\x81\x84L\x92\x98\xBCÂK�{—�u\xE5&5ɳ��\xBBeyX\xE5\xF6�&\xB2\xD8\xD7\xC1\xA3v�\xE0\xE7w\xFE)\xC7�\x9EO\xE7�\x9F��\xC1\x8A\xCA\xDD
-G\xC3Xu\xDB\xE5\xAA� \xF3\x95K\x8C\xE1�xB�M\xF1\xBA\xEF\xEE\xF6\xE7�\xBC\xB2�\xDF;\xBF\x98ٟ\xBA\xD8�e\xB6/�u�tf\x92�\xED�u\xFC�\xC7�\x93\xE0\x8CN�\xFDw\xB9&\xB0\xE5\xB9�\xB6\xEEb\x9E�\\x96�]\x95\xA8\xE7c�\x8B\x84O\xCB\xE5\x99"r\xF5<\x9FD\x98\xA5\xB2/W\xE8/'\xAE\xBF\x9C\xCCo\xF3\xDD\xCA�\x9F\xC0\xF8CU�\xCB';\xBEރ\xEA�\xAB\xBDc?>Q�\xA2\xF6�w�\xEF\xF4\x85pI\x82\x9E\xF1õo\xCF&\xF3\xFB\xCA�n\xC2(\xFF\xB30���\xAB\xFD\xF0\xE6\xAA\xDA\xFD\xB5\xE9\xF0\xE9�A\xC9\xF9[�\x93Dw\xA0�aS\xFB\xB264z\xCC\xD4\xF5\xC1\xEF}'\>\xF9\xC3t\xB3\x8A \xACY\xB3\xDCD\xBFwyV\xFDE�X��\x94\x97WL\xD1j\x8C"E\xE5kw\xC8��\xDA�\xF3�\x9E\xB4\xCB5\x8E\xF6\xC0e\xD0\xFE�?"$\xF8\xB4'\xF5\xBEoR\xB8\xC0�\x91\xAE\xEFI\x95-�z\xE2-7ڟA\xF2\xCFG\x9C\xA8nS\xD0\xE7\xF8P0)\xFDyV\xEBC͜Ƈ\xEAQ?\xE5\xD6�\xEB�\xCDW�\x9A Ls@\xDF\xD8fu\x93\xEF\xBBLv\xFC\x97w7�\xDF\xFDxye\xAF�~ع\xCCDwUh?Oֆ\xEA\xD0|\xB7i\x8D\xA1\xE7%\x9D5T\x83$\xB2]$\xF4\xB6\x96e\xFB\x89I\xB1\x8B\xA8\x8CB9Jh\xAFA\x8C �\xACcJ\x83\xAA\xBF
-<\xE3\xE0��\xF0�\x99\xDA48;\�\xE0\xF4\�\x9C\x97\xC3%� \xE6\xA2\xD8\xF4\x92\x9E)\xB2d\xEF\xA3����'\xFD%/\xA1\\x88`�T\xEA>\xE4\xD9U;\xD3H\xEAd𣻘\x95\x8Fٓ��\xA4\xC0_\xAD\xA6:\x91P\xB7 \xC6�{\xFDV\xA4\xEEC')>\xD1i\xEFrMl\x95\xE72[\xF5Ӌ\x8Ee'\xE5
-Dz\xC7rE\x8Fe{\x82\xB5��@}\xD7~p �&\xFF\x87ߥ�\xAC*u�0\xD0`s�`\xE4\xDBb\xA7w\xD8<Z\x94\xAB\xA5kC\xEBr1\xE5r~3\xCDeIm���d\xA5\xE9EXo \xD6%\xF47\x80\xBD�\xCA#\x85\xBBO\x8Ah88\xAE\xED\xC9�\\x9B��7\x95\x8B\xFE\xE9}`d�\xAC\xEC\xEFA\xA7�\xA6>\x98\xB0+\xA6\xA5\x98\x98jC\xB2\x9E\xB8\xFCT\xED\x8Bf\xB3\xB5\x97:\xEC\xFDp}a/�f\�?s\x88'\xDB \xDC\xEBm\x90\xB0\xE3'ñ>\xA1 \x98\xFF�\xF6/O\xB2#�;\xD5\xD6oy&>ٱ<z-m\xDE\xD1\xE3(\xF3�\x97\xE4Sk�\x9E\xA3E\x87ߔBe\x93vW\xBD��\xA5\xDAf\xDE\xC5�1N}||\x9F\x87<�\xA3\xB1\xAF\xC9a\xEFx\xBC\xDC\xC23o�/\xFEҼ\xFD\xA8�pŤ�\xF94\x89\xA6�\xC1É�J+\x81$\xF8x\xA3u\xCF��\xF6\xB1\xEC\xFF�P\x99\x85'endstream
-endobj
-2573 0 obj <<
-/Type /Page
-/Contents 2574 0 R
-/Resources 2572 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2543 0 R
->> endobj
-2575 0 obj <<
-/D [2573 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2572 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2578 0 obj <<
-/Length 2008
-/Filter /FlateDecode
->>
-stream
-x\xDA\xDDY[o\xDB\xC6�~ׯ�Ї#�\xE6f\xEF\xDC}tb\xA5\xC7E\xE2\xF8Xr[ \xCD�-Q��\x89TE\xD2N\xFA\xEB;\xCBݥHjm�(\xFAr� �Rù\xEF\xCC74�c\xF8G\xC6J \xCC4�ǚ#\x81\x89�/v#<^\xC3o?\x8F\x88\xE3\x89<S\xD4\xE5z;�\xBDy\xCF\xE2\xB1FZR9\x9E\xAF:\xB2�\xC2J\x91\xF1|\xF9yruw7\xBD\xBD\xBE\xF9\xFD"\xA2�Oޢ\x8BH`<\xF9xu\xFBp\xF5\xC1>\xBB\xBB\xD0tr\xF5\xF3t�\xB7L3 L\x84�>\x89'\xB7W�\xA7\xD7�_濌\xA6\xF3֞\xAE\xCD�3c̟\xA3\xCF_\xF0x \xA6\xFF2ˆi%\xC6\xCFp\x83�њ\x8Ew#.��\x9C1\xFFd;\x9A\x8D\xFE\xD7
-\xEC\xFCڼ�\x8A��
- \xCA\xE58��)LÃ\xC2��p<\x8A9AR\xEBc\xA0( �\xCAs\x99@\xFD\x811ݦy\xB2K\x87\xFE�\xCA�cD\x8F\xBBROt\xB7\�å´£\x9CP\x8D�a\xB4\xAF}\xBEIm6���\xAAX\xD9k\xE5\xFA\xAB\xC8�emE\xC6\xD0\xC65È—�\x82�\xF1�\xE7\x88\xC6L\x8D#\xC6QL\x89\xAD\x82\xFB\xE9\xFC\xE1\xFEÖ¾\xFC\xEB�\x980\xB9\xFA\xF0 �\xF7�\x8E\xE6\xE1q�\x8EhNx\xF3\xA21g�-6\xE9\xE2k\xA3Þ¾\xD0\xF5G\x81Ûš\x990�\xFE\xC3�Q\x93\xB4\xAA�yi\xB5%\xB9\xBD\xA6ß²\xCARe\x95Tu\xD9\xF7\x91\xD8K\xE6n\xD3C#\xA788\xB6\xE7\xD4ʵwË´J�U\xBA\xF4
-�\x81\x9DH\x88\xD7\xE19+_�\x8F7\xB7�\x9E\xD9tj_\xBE\xFA0\xFB�\xF01�\x94?\xB0\xC0
-\xFE#\x97\xC7ĹH-\x8A|\xD5\xF9\xB9\x91\xC7t\xB7� \xF5\x8C(\xED\x82v\xFF\xFE\x9D��f"\xA0�\xB8)�>\xC4!\x81`\x9C"\xCC1\xBC\xBD\xB9\xBD\xB6\xF2\xB4\xF3j\xB9\xCB\xF2\xAC\xAC�IU�\xEC\xA3\xFBt\xE5b\x9A/\X?&y\x9Dl�\xEA\x89T\x88J)\x9D\xF8p\\x99�H�S\xFE\xDD\xC0^=\xCC\xFF\xFB\xE9\xFE|Do\xF2*=䩫\x90\xD9\xF7\xB2Jw.\xF7,�UV\xEF\x8Ez!\x87\R'\x87i\xA4bά\xEBк."\x82\xB1ˇy\xA5\xE1\xE1H
-\xA9�\x9E[w\xC4��)$cÍŽ9v\xA7\x8D\xD2\xD8R}3\x97\xC5.\xC9\xF2\xE1\xB1-\xD3\xC3�\x846�#<(\xBA\xEFy\xB1/\xB3r\xD8n$\xF4HF\xE31\xD3\xE0�d9\xD0l�\x98M��\xFA\xD5.Ø‘\xD0\xF4!�j\x82\x9E\xA9ã´„\xF0}\x8E\xF8�OÉ–ZX\xBF�\xEB\x96�X#�\x89]y\x98\xE2\xCF\xD6\xD1*Ûº(\xF7\xB4J\x81b\xC1\xB8\xE3m\xE5.�r��\x94�±.\xD3\xC7z�mÓ§t\xFB\xE3b\xA7gŦ\xF9:\xCB\xD3(ok\xE2GÄ®\xBE4u�1É\x84\xFF\xA0\xF9\xFB,�\xDB\xE7h\xDDr\xEE��\xC0\xB0\x83 \xED�\xEBj\x9B\xAC�\x9A\xE1p\xF0X\x91\xA1\xE6\xFC\xACC?-\xF6u���YV\xB1�
-ÜŸ�\xB8\x87\xC3�\x92Ç&\xF8$4eK\xCD�\x92\xFB\xF1\xFCi\x97|\x8B\xCAb\xF15d\xAF\xD0(\x8E\x85�ʯ\xCE�Jv\x80\xE9P�\xBE\x87\x84B�\xA0\xE2�\xD5&\x8B�\xEAWQx\xDFe\x91\xB8,\xD6�U\xD6k\x9F\xBB\xBA\xF4�}\x98;*O"\xFD\xD4R\xBF\xB6Ô·\x80
--\x90\xE4m/_$0Q^:L6F\xBA\xEB\xCEI_\xA6\xD0\xD4���\xBC\xEB\xE9\xEC\xDD\xFD\xCD\xDD\xFC\xE6\xD3\xED�b\x80@\xC7�\x81\x9Cc\x81
-9I\xEC\xE5\xDA5GC7�\xB7\xA1lg\xB7\xB4\x99\x90×·33#\xED�\xD79c�#.b1\x9E\xEC�(\xBD\xE6'\x83�̵\xC1B\x86\xB03\xCEP\xDA^\x96f\xBEe\x8Fu\x95�N\xEB\xCAb�\xA7\xEDf\xF6�Yê½™\x81\x86\xD8��U\xD8\xC3\xEC\xBC\xE9\x9D\xE5,_�\x87]b\x856\xE8"�\x802\xF0\xE0\xD27~\xF7�\xC6y\xD9\xCEsvÙ’\xFCr\x80X̸G~D\x91�i\xD3\xF6\x8D\xDA\xDF6i\xA3G\x83�O\xC5W;\x88\xD4\xE49\xAB6E]\xD9_\x92\xC6\xF8u\xBDK\xF3\xAA\xBC�d\x91\x88�1�\xFB\xB1\xFDb��{\xC7\xD8�\xD1s\xB6\xDDZ\xF966\x89S\xED\xFC\xD5ЇWI\xBDu6@\xAF7Pt]�\xDA�)�N�\xE5Jb\x8C8k{Æ›\xB4Z\xBCi\xACBff\x84\xA0\xA5FR2\xD5\xC5=f� 0\xDE\xE8 Q]kM\x84\xBF;@\x99gU\x96lݼN\xAAd\x98\x82-\x94M\xEAr\xBA\xF2\xE0\xE8\xCF:=di\x89~`\x88j\xCE\xD0\xECdEr#\x98b\xB3\xAC\xC0\xA4~uNw\xB9^\xDEVZ.\xA37\xE2C\x95\x9A\xC1\xFA\xA1\xE8\xEB*=S at e7\xF0\xB0@\xC2&#\xFA*�JW\xDF7wOÜŸ\x86\xAD�4\xCCå¼\xE1\xDB�\xB2)J�\x98v\xD0\xCC2\xBF\xC3d\xEE\x8C,\x92}\xF2\xB8�\xEC<\xA0B\xA2Pk�\x94\xA9U\xEC;\xB8\x8D\xC2�\xAE\x9A\x83\xDCN�\x93\xE9@)\xC2�&b_\x89\x91</\xA6\xBB\x80\xEC\xEA
-\x90r\xEB\xFA\xB7Ŷ.\xB3'\xBBp\x84\xAA\x80\xC4�\xC6F,^\xAF\x82.\xD7\xCBU\xD0r�
-�U\xC1\xAB*\xDB*8U�\xAA\x82\x9E\xCAn�\xC8\xBF
-\xF8\xFFQ�p\x860\xD5\xF2L�t\xB8^\xA9�\xCF\xD5�\xEEQ\xB9\xE8�\x8E�eD\x84Ay\xEF놄~Jazվ\x96+``W\x94�c�\xF7-4E� S�\xD6-\xF5\xE2\xDEГ+a�(\xE8\xC0.��kh\xE1\xE0\x80槃\xC8\xFC\xEA�QCg9\xF4y3��w\x83&\xBA\xAF\xBB\xA1v�\xAA5"��:>�Z~�\x80�\xA9\xD8`�xa\xA0\xF5\xE1#\xE0�%\xF9dn\xBE\xBF���g�֑\xB2\xF65f\xEE\xABMR�\x8A\xBB�\xB7-\x92e\x96\xAF\xFD\x8F\x8E\xEB\xC4{\xF3\xD0{o^�\x86*\xCB\xEB\xB4t/:m\xCF\xC5\xE1\xABeHV\xB0\xD8�\xA4:8\xD6Л\xA4\xB4\xEEz�\xFA\xDEn\x92|m@
-c\x80X\xAA\xD2�Fzc\xAB\xB9�T\xDE8`\x91\xB9}T\xA7\x960\xE6t\xAF\x89\xBD싲\xCC�\x83H\x822\x8C4\xC62�\xF9{!���\xAD˟\x83b\xEF\xCA\xC3�ꮶ
-X ͘\x876\x8C\x97\x81\xF2\x8D\xA8R�Ç’\xF4�\x873u\xAC�\xE5\xDCw\xAE�\xE0\xDC\xD6!\x91Ç´\xFF\xC1,y,\x8Bm]\xB9\xA7\xFB\xA4Ú˜\xB2{\xB1\xBB\xC41\xA2Æ–\xD7?\x8B�\x99^\xF9*ꘚֲ�\xB5�\x82\x94�,\xBC\x98\xF7[�\x85S{Ƹ\x96\xE9Ôº~c\x89��\xC24\xEA\x9A7k>\xC5h\x97CC,\x93tW\xE4\xFF)Ý\xB1Í’\xD6\xC0\x88\xC1\xDE�u�\xF8\x8A\xC1�b\x9A\xBC\x{13585F}\xC4\xDE��ǘ\x8Bxrm^Y7�\xDFXtH�\xE6\xBC�\x85\xED&� \xE9\x84"�7\xE7A\xBA\x8E[$\xFC\x98F~u59\x83\xAD~P\x81\xFE[T\xBB\xE14wp\x9A��?\xBE\x93r0\xA0}\xAC�(\xB6\xB1\xB2 z\xE1\xA0u\xE9 q\xE8/�\xB0Ƙ\xCF\xF7\x81\xF4\xE2�;\xFF\xE3\xBF��\xFF�\xC2\xCDb\xA3h\xB8P`\xC1 t�\x99tF\x99\x88\xC0\xF4�\x9A.�\xEC\xC5\xCA|f;\xB1\xFDo�r(�endstream
-endobj
-2577 0 obj <<
-/Type /Page
-/Contents 2578 0 R
-/Resources 2576 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2543 0 R
->> endobj
-2579 0 obj <<
-/D [2577 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2580 0 obj <<
-/D [2577 0 R /XYZ 85.0394 699.7547 null]
->> endobj
-2581 0 obj <<
-/D [2577 0 R /XYZ 85.0394 640.0922 null]
->> endobj
-2582 0 obj <<
-/D [2577 0 R /XYZ 85.0394 580.4297 null]
->> endobj
-886 0 obj <<
-/D [2577 0 R /XYZ 85.0394 543.9387 null]
->> endobj
-2583 0 obj <<
-/D [2577 0 R /XYZ 85.0394 511.833 null]
->> endobj
-2584 0 obj <<
-/D [2577 0 R /XYZ 85.0394 477.1761 null]
->> endobj
-2585 0 obj <<
-/D [2577 0 R /XYZ 85.0394 414.5918 null]
->> endobj
-2586 0 obj <<
-/D [2577 0 R /XYZ 85.0394 333.9838 null]
->> endobj
-2587 0 obj <<
-/D [2577 0 R /XYZ 85.0394 232.4782 null]
->> endobj
-2576 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R /F53 1313 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2590 0 obj <<
-/Length 2767
-/Filter /FlateDecode
->>
-stream
-x\xDA\xC5Z\xEBo\xDBF�\xFF\xEE\xBFB@\xBFP@\xB4\xE1>\xF8���8\x89�\xB8\x97\xB8\xBE\xDAA�\xB4\xFD at K+\x99g>T>\xE2\xB8\xFD\xCD\xEC\xECR\xA4DI9$\xC0\xB5 at 8\x9C�\xCE\xCE\xCE\xCE\xFCfve>\xF3\xE1>�B�&"\x99E\x89b\x81σٲ\xB8\xF0g��{\xC1\xAD\xCC\xC2 -\x86Ro\xEE/^\xFF(\xA3Y’P\x84\xB3\xFB\xF5 at W\xCC\xFC8\xE6\xB3\xFB\xD5\xEF\xDE�\xC69\x9B\x83
-߻\xB9\xFCx\xF5n\xBE�2\x91\xA1wy{{u\xF3\xEE\xFA7x�|\x90��\xDF\xF7>^\xDE|\xBA\xFC@\xBC\xDBy"\xBC\xCB\xF7Ww\xF3?\xEF\xBA\xB8\xBA\xEF\xED�\xDA\xCC}\x89\xC6\xFCu\xF1\xFB\x9F\xFEl�\xA6\xFFt\xE13\x99\xC4\xC1\xEC�^|ƓD̊��H�()�'\xBF\xB8\xBB\xF8w\xAFp0j>\x9D\xF2\x81
-b���\x827b\x90RG<\xC5Y\xC49�E2�ۢ\xDEQ\x82O9\xCA
-\xA1\x9F�W\xB8\xCC\xD7?�\xC1@�\�'�\xD8eDt\xB9\xC9J\xBD(\xD3BﻄKŤ\xE2\xD1l0\xEF\x81q\xBDСub8\xA9L\x98�rdݧF\xCF�\xC0\xF4R|(oY\xBFlÛŠX\x8Fi=ç±·z\xA6\xA7�\xFC\xC3�\x{1FDFAF3B}\xFB@�\xB2�ØœT\xAC\xAB\x9A�\xDAG\xFB\xC9Pi\xB5\xD5u\xDAfUÙt\xD6�\xBF\xE9\xB6Ûªn\x9BW\xF0\xAA\x84Q�\xAE \xC7G,�R\xC1"9K\x82@�\xAB\xB3\xB2i\xD3r\x89\xEA\xE3\xC4#\xEB�M\xB6)\xB3rC\xBC\xE7\xAC}$j[g\x9F\xD3ÖŠ>é—†\xA8\xB5\xF9\xAA*\xE0-\xF1\xCD\xEA\x81\xD9\xE8eׯ\x95\xC4\xED@[��\xC29�\x91\xF7\xEB\xA3.idY�\xDB,׫Ѵ\xA0\xF1\xF6_o\xEF~\xE0\xDC,\xC2w\xD6S\xE6Ø¥Ú°\x90\x83�\x92�\x93<Q\xD3a\xB1\xB7\x9BaÌ„R\xDCÊ®\xF4:\xED\xF2\xB6\xA1�Cg\xE3s\xFB\xB4l8e\x99\xB8�H\xE8bÛ¾�it�\x8A\x96\xD7h\xA7�\xF7e\xA8\xAA\xB4O2\x8A�\xA4\xAEÍ0
-\x81�\xC5\xE9$�J�Ϣ^ʤ\xD1z\xCAP\xB28�\xE2\xD3S:\xA1\x89)\xF7\x9C�\x87��O\xF9KW\xEEy\xAE\xD1\xF5g][�\xED�\xAEm\x88l(\xB2\xBArE|L\x98\x8Ca\xE4H\xEE{\xABޟ\xD6\xC1\xABT�U\x99\xFDm2\xE8\xB8_�gB\xC2BN\xFBu u¯N\xCA\xF8us\xE0\xD7 0393\xA5�\x9A\x98r\xE8\xD7\xC8g\x81\xF4\xF7\xA6\xFCN~M�a�\x96V>\xCDs"\xF2j\xB31\x80`\xE3\xD8\xE4\x90�zD\x80\xE7\xFC�\x90\x99\x92\xA8iW\xBA\xAE'rM���\xBD\xD8\xF1M\xF2���\x81<\xB3I�\xA9�\x9B\xE4\xA4\xCC&�S5D\xB10T\x895j\x9D\xA7�;\x99�L\x84P\xAEO\xDA\xE5\x84&\xEC���\xDF�\xBC�l��v?�\xA8\xEBj\xC4B�\xD8n\x9E\xCA+ \xA2\xEB�\xE2uM\xBA\xD1D\xAE\xF4Cgw�\xA5\xFE\xF0}\x99n�l��/\xAB\xA6\xC9�r+j\xC7\xE8ŕ\x9FC\xBC�a\xC2�.C\xEB�\x9A\xEBp\xFBD� �9O\xBD\x9AP��Q\xF5j\xDA:]�U�\xAD\x96Z/\xABzu6\x98\xCE\xEAi �\xA6\x8C\x91,\xE1\xBE�j\x81^F\xE0\xA7\xE1\xB8Xb\x9E�\xCE\xC1\xA1��"�\xCB\xF6\xCB\xD1Id�\xF7�\xC1\xEE�ucS
-Vh\xEBƶr\xD9\xE8
-F\x9F\xBF\xD7wo\xF7�S��\xBBI2��\x80g\xDF�_\xD3\xE9 \x96�\xEFO\xF5y�\xA7p1\xD4x�\xC4�\xBA\x890\x8E\xE2\xDDĸ\xAE\x8FW���\x8C%�\x82O�\x9D\xC6s&\xC6!�Ø\x8DL|w\xF5\xE6\xD3\xFB\xDF\xE0?WRlz\x98�\xA2\x9Be\x9D=\xE8U\x8F\x9F\x87@�\xF1\x84ƹ\x98\xFAG\xD6,_C\x96\xB2\xC7Nu�\x98\xE0\xF2,\xDA�\xD8/\xF3$:\x8DvC\xA9\xE3h\xD7K�\xB4+\xCFv\xCC?,\xB7]s w1S�\xD49\xA1 \xC3\xC6p'\x99
-\xA2`l\xD9[\x8Avl''\x9A7\\xB2\x8A\xF6-\xDC\xCF~\xC9|�\xBBJR\xCFU\xFD\x84\x85Orl\x97\xAD\xF6�\xE2�W&\x93\xCC@\x{29094EE}>\xA7eK\x80
-�՚\x9E�t~\xD96\xB7Boo?5\xF6\xD4um�L\xB3\x81c\xCDV/3\x88�\xA1W�xF\xDB!9\xD6\xC3\xDE:\xEC�\xA7���\\xC8#%\xF9�h\x9E3Sy�\xB1[DC � ֯t\xAB\xEB��G\xCB~\xB4D\xD9��\xA6\xF0+Z
-ʢ\xFD\xC4ٺ\xA6\xB4l\x89A%_ቢ\xDF�\xF3M\xB5\xD3\xEC\x9ChU8\x{D815}\x91\xEC\xF5\x9A8\x99U\x9A\xD9ٺ25\xF5�e\xA8[\xD8o܇\xAB�"\\xBF
-\xA0\xCD*\xE0\x89\xAB\xB0\x8Dwj\x9B�\xA8|\xB9\xFD\xC2\xED;\xA9�\x98\x8Cc\x99k`��\xCC\xF6\xAB]�\xCDF�\x81\x9D\x8889\x9D\x8DC\xA9\xE3\xD9\xD8K\x99lܞ\xCDFw\x9A�%\xA3`\xA0\xE6\x8C]Nh®a\xBCA\xB4\xA9(ٳ\xEBCִ\xBA\xDCu\x80\x86\xF8\xAB\xD3u\xA6-0Vv\xF4\xC8a\x8BC�%v\xA9\xB8\x93:Qgm \xBC^\xEF5\xF1\xA3\xBC��\x87=\x99Ypn�&�*\x90Ƿ��/J\xC5g.$\x86R'\xB6\xD4I\x99-=\x80\xCEP1%e|zJ'41\xE5\xA8|$LqȘє\xBF\xCE#\xE5\xD5Yk\x9D\xE2:D\xA4m\x87h\xDCئ-lk\xB6lN4\xED\� >b׳W\xDD\xD4\xC6I\xC0\xED tb.�\xF4\x97\xAC=px\xCCY\x90$\xC1�\xDB'艾\xEA\xE2I\xC6\xE6.\xECH\xB9�\xE0\x88 "\xA1??\xAE\x8B\xBE\xF3A\x97%\xE9�\xB9\xDF98\xEB\xA0�\x86\xF0\xF7\xC3Q\x92\xF4\xF8\xBB\x9E\xC5��Q,f\x8AK&\x95\xA0,\xB9�x&\x80S�\xD568\x94 �\xD2?\xCF�!\x87F~�
-\xEF\xEA\xC03!K"h\xFA%l\xAA\xF0)?gÍ J\xA8$\x91$4\xA0\xCDZw>0\x8C\xD7×…\x98\xBD\xAB`E\xB3᢬\xE2\xC5P\xB3YT8*Ã~!\x9C�`7�� \xA5=u<R�E^\xB5Å«$\xA2\x89�zE\x9A\x95\xF9\x8B�_Û±�\x90[7-\xBDQ\x8B�yo\xAEo\xDE\xD17 1Vz.}\xEF\xF3\�\x9E\xCE\xF1\xA6\xCANc\x8F\x9A�\xE8F\x81�\xFA\x88\xE09\x82N\xBF\xA8\xE6<\xB0ßÆ•\x83J\xA3\xC1\xA7�Ψ\x8Fi\xB91\x9D�\xBC\x98\x93.<Sz\xAC\xBB\xB6\xAB5ѵ\xCEu
-]6h=\x88V\x85�\x8B\x93x6\x8C\x87o�1 \xB1�&\xD0\xE8/v�\xA5ß– �w\xE6B"\xF0Å™\x8B�è°˜\xEF�\xE1i�\xEB\xA5�\x88Ý\xEF�\x8B\xF4Ë¢\xA9\x96O�x\xC7�\xA0�\xA6\xC3p\xE2\xC3{U'5a\xDF\xF8b�3.Pc�/\xF3\xBCz\x9Eh\xB2\xC0!\xD1\xEE4z\xAC\xC7�\x95*Vn%\xEEPÕ¹\x93W\xB7�#䨲\xC1aH\xCA\xFE\x849\xF6\xC2>XCZ\x85a��R\xBAm\x8E�\xA4\x80,\xE4\xD2W\xDF� \xF1:ZE"\xF8�\xC2\xD7~\xA2\x8EB$W\x82\x85At�"E�\xB3�\xD6mK\xD3�D\x82\xC2H\xB8^\xFEÒ€\xE3/\xE6\xDF��\x97\xD7=-\xBC\xF7\xC7@�N
-,Bh$\xD0\xF4\xA1\x91P\x8A\x80rH��My�4\x87\x9AO\x80\xA6\xC0J�\xDAJ`A3\x89w\xA0 t\xF3Xu\xF9\x8Ah\x83g\xF0\xEC\xCAR/uÓ¤x0!\xB4�\xEE�\x91\xCF\xE0�\xBCPw�\x84\xC1\xBC\xD4 +\xBC�\xE9P�P+37̉E`T\xDA \x9A�<[(_\xE1-B?0\xD5k\x9B\xB3\x8DĆ�Í–R\xF4f#wIV#9\x80\xEC\x92�q�8\x82\xBF_@\x92xÅºË‰ó —©I!�\xA3\x9F'\x80;hÞˆA\x8B\xCA;;Þƒ>~e\xA6\xFB\xB2\x98�\xF9\xA5F�\x8A[\xD5P\x87\xBD<+\xB26%\xBBq W\xA5\xB8t��|\xBD\xD2\xE4\xB1\xFC\xC5ÜŒ\xE1h\xF3�\xADmA�\x97\xB7׌\xB8\xD7s\xEE\xB5D\xA2K\xEC<\xB5\xB6�cgltk\xA7\xC2"8a\xE5\xB3\xF9\xE9B\xF9\xA15�\x88�\xE9\xA06��˪Dl\xF0\xC7�\xE0[\xFBq \xDD\xD7�M\x9Ex�\xCEnܬ\xCF�\xF0\x82B\xE4\xBD\xF6fi\x83b\xDBV\xB5\xFD\xDA\xDEJ\xEDo;m
-d�V\xDF~\xF2�\xF7�R
-,�\xB0\xD9Y]\x95\x859�\xA2\xA4\x89��|*M�~.\x89mN\xCF\xC0\xA6_[pR\xCF~\xD0\xCF1\xDEx\x90-qF{\x983F\xAC\xA7<�(\x89f<\xE1?\xF8{ �u�\xF27Uk\xB6�:\x86\xBC\xA9\x90\xC2TI[\xE2\xD9M\x87\xC1e\xDB�p\xCE
-\x9A\x96�C�\xF0\x9D\xF6�\xF8\x95\x8D\xE64\xC7\xEE\xC6\xE8\xA1G\x9E\xB5m\xAE\xA7,5۪\xD1\xCEg\xD4jN\x9C\xC6�i\xE9(M\xC4\xC8��\\xE1r \x82N�\xC7%\x8FA\xCBpt\x92\x8A$\x94\x85(>,i#\\x92
-\xAB}=\xDAh\xC2�\xCA\xDD\xC6\xDAQ�\xD6"�BH�C\x88Ro!\xFC\x88\xC5
-\xCA\xCB8|L|\x99n\xAA\x87+\xEC\xB4\xDAƵ\-�\xBB=�S\xC8\xEAεYÚ\xF2\x8Du\xEA\xFF\xDEgq.X�\x84g\xFA\xAC^\xCA\xF4Y\xEDD\x9F\x950�\x9D\xAF\xFB\xED1\xAB\xF5\xB2\xC5\xF3\xDC~\x97�\xEDP\xC8Ã\xC2\xC9.\xCBIMX7.k
-\xAA|,\xC6潥ۓʜ\xC4E8\xDD�\xE1\xED\xA7�ɔ\xBD{\x93\x80�|�;\xC9tM\xE1�z\xE9.\xAAºH\xBF) �\xA0H,\xAB\xA2\xA03�\xBC\xE4tA\x84\xE9c\xBE\xD9t\x88U\xE62Hr\x86>h\xF7\xC3�\xBD\xBBK \xD4n"�\xE3.\x89\xFD\xBD\x9F\xBE\xFB{\x85�F\xA7\xEE�\xE4ۤa\xC7\xFE\xB0B�x\x82\x9F\xDA�\xBFo\x93\xBE\xF9\x8F.vU\xA2"�\xD1{\xEC\xA2;
-�|�:\xA3pq<�\x87\x97!>�\xFC G�m\xFF/\x8Bh8zendstream
-endobj
-2589 0 obj <<
-/Type /Page
-/Contents 2590 0 R
-/Resources 2588 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2592 0 R
->> endobj
-2591 0 obj <<
-/D [2589 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2588 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F53 1313 0 R /F41 1218 0 R /F62 1361 0 R /F63 1364 0 R >>
-/XObject << /Im2 1350 0 R /Im3 1515 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2595 0 obj <<
-/Length 2428
-/Filter /FlateDecode
->>
-stream
-xڵY\xDDs\xDB6�\xF7_\xC1\xB7R3�\x8A�� \xA7O\xCE\xC5ɹ\x938\xB9D\xB9\xBB\x99\xB6�\xB4�[l(\xD2�I;\xFEﻋ�%R\xA2\xD4\xEB\xA5�ψ\xF8X,�\x8B\xDD\xFD-\xD6"\xE2\xF0'\xA2T3\xAE\xB2$\xB2Y\xC24�:Zn.xt�s\xAF/D\xA0\x99\xF7D\xF3!Ջ\xC5\xC5�\xAF\x94\x8D2\x96�i\xA2\xC5݀W\xCAx\x9A\x8Ah\xB1\xFA9\xBE|\xFF\xFE\xEA\xE6\xE5\xF5gs\xA9y\xFC\x82\xCD\xE6\x9A\xF3\xF8\xED\xE5ͧ\xCB74\xF6~\x96\xC9\xF8\xF2\xF5\xD5G\xE8\xAAL� ��\xE9�\x8Fo.\xDF^\xBD\x9C\xFD\xBA\xF8\xE9\xE2j\xB1\x93g(\xB3\xE0
-\x85\xF9\xFD\xE2\xE7_y\xB4�\xD1\xBA\xE0Le\xA9\x8E\x9E\xA0Ù\xC82�m.�\xAD\x98N\x94\xEAGÊ‹\x8F�\xFF\xDA1�\xCC\xFA\xA5S:HdÊŒ26�\x99\x99\xE2Z\xFC/Ûª\xD4k"\x9DÞ–G\xF3L\xB1$M\xB2Ó¼h��^\xA1Ù¯�\xB3\x9A��\xF7\x90\x98hn\xACfV�\xAEH\xCA�Ô™i-\xF1\x8E`\x86�\x99\xD8\xC8j\xA0ˤ\xF5\x97\xF4�T\xB1'͘6\x89 J\xA6-\,\xA7k\x9CÍ\x8C?\xF8\xDF�\xF8�\xF1\xF5\xAE-\xE3ׇW\x84\xDB(\xA9\xD3\xC8r\xCBR\x9DymE\xBF\x83�2\x91$\xCAS
-\xDB\xFE\xFC{\xBD\xF8\x81�\xAE7*zY\xC3)\xA3\xE1A{\xCE\xF3!kR#�\xC6(4�:\xE5 \x81\x92�\xBEt\xD0źh\xC0\xCC2�\xD7�mQW\xD86q\xB3\xAE\xBBrE㷎\xBE]\xE3\xC2H�\xA8\x96u\xF5[W-\xFBe6~*\xDA5\xB5ڵ#
-\x82\xEA\xF6"H\x990\x99\xEDT8\xEF\x88f,f�Z�I !\xA1\xBE\x9F\xCD��q�$]\xAE\xB7u\xDD�\xD5=.\x8F\xD0G\x98\xE4 j"\xDC*,\xCCa\x89P\xF1ö^\xBA\xA6\xA1\xCEv6�:\xEE\xAA
-\x97\xFA\x91\xBC\x9F�~ؒ\xF1\xAAvM\xF5]KîZ\xE7\xD5\xD2Q\xA7qˎ8�\xED3
-\xE1\xB9񻩛\xB0\xA2ynZ\xB7i~\x84\x9E\xE2\xBD�ЮI6\x8A O3`\x92π\xE0yJI\x9CqneP \x9D\xF5�\xAE\xB9\x84�1\xA10m\xC0U\xB9�\xF4\xFE6\xAD\x8EW\xEE�\xCEe\xE5\xAF�\xBAyYָ듟6\xA8��ީ�;\xE1\xF6\xA0E\xEA �:\xF1cQ\xBA{��\xB75M\xBAf\x99?\xD0 \xE7�\xA5\xB0\xEA\xE8�\xA4M\xC3�\xA8\xFD[^\x94\xEC\xD09\x92\xCCb(Q\xD1\xD0W\xBF\xCE\xFDU
-,3\x88\x85\xF3}�\xFB\xBA\xE0�\xA6\xC7p�Ã\x906\x9B��\xB8<tE\xA3\x81G\xAA\xF7\xAE(\xC5�.ì¨†Þ \xF5\xD0��K3\xAD\xC2\xE5\x82�n\x8F��\xD8K\x9A\xE8h\xB8\xE3\x91X=Ñ„\#߃\xA3\xA5\xD2��\xF6ѵ]\xE1]_\xE2Õ“\x90j\xB0,\x91\xCC\xC2���y\xC0[�\x96\x8A,
-D\xF9]�T\x9E\xE5\xB2\xDE<\x94λ\xB3\xEF?l\x83\xB5\x85-\xEB�\xB7\xCD1
-4>�ȸ\xE9\x96k\x9A\xA2\x80\xA0\xE2\xE5v&\xD2\xD8\xCD�Z\x9C\x88[h�v\xE0\x91\xF5\xF23\xF4]�h\xDBu\xDE\xD2\xEA\xB2 _\xAD\xC2&�\x991\xDCL\x92d\xD9ØŒG��>?\xD4Û¶92\xE2�p���\x86\xF0\xF8\xB7\xC0\xA1�\x86\xA9\xF4�\xB6�9\xC4n\xC9)@LÒŒ\xA9$\xF9S@Ô™d\xA0�\xE5up3�\x88\x9Ci%\xFBP\xFD΃\xE0\xC2\xC3\xDF\xD5I\xF8\xD3J1.\xE1\xC4�\x82q\xBF\x85\xA7�\xB4O\xC0\x9F<�C\xD6g\xE0O�8>@% \x8D�<1\xF1�\xC04\xC1\xE3\xEE\xCB\xF7!ÂŽ\xEC�LW\x99\xDEt\xAB|�\x86p�\x87\x95fZÛ�4\xC4�A\xC07>\xCF$\x8F\xBD\xD5\xEB\xB8r\xE5w30\xA5@�q4\xBF-J��\xE8o\xDC�\x90\xA7h6ص>\xE0\xE2\xF0j[?P�\xE295|d%Ó•`�\xE8\xE3C\xA89\x8A\xDFp�p�\x80\x9E/K\xF7\xD0R\x9F$4Y\xBC\x97�G\xEB p�\xCA2\xA9\x92�\x9Dn\x8Bju�\x9B�\xD0\xC9�\xCC\xFD1\x80sN\x9F\xB1l+��|k6O :�i\xB5\xA2F\xE3\xDA~U=\xA7�\x8B�\xE3\x8E6cg%<K kÞº\xA6\xEE\xB6�߉\xB2\xE0\xED\x9B�b l�\x994D\xA2\xF8Su\x87z\xE8\xF7몼u\xE53X�\x8F!\xD0$\x80o\xADÏp\xF1\xC6\xE5U\xE0J\xF1\x83Z\x939\x8E�\xAF\xE0\xE9\xF9��<\x94K1\xCAq\x88g]\x95\xCF!\xAB\xB1�0\xC1LG\xA7{B+\xADIq\x9F\xF1:e�?\xAD]5a\xB5\x90�$"K\xFE\xDCjU*\xD3A\xF6\x80,\xFBL {)\xA590z`\xC04)\x99�\xA8 ���\xC7\xCA�\xA3\xBB\xF6\x8A�cÙO0È€\x81bY6\xD8:E'\xCF \xF38�\x9A\x91!{�\x90�\x8EXs�7�%h�\x81\xC3�\xF6cQw
-��\xEC�FW�f\xB8\xA0\xF2I�&\x96}vD\xDDc\xA7\x81Ao\xBC\xB0\xE8\xD6Q\xEBÚ¼\xF0\xF9\x95\xE7\xE0\xF1\xEC\xD8�\xF8\xF8\xFA��\xA5g\xB39�\x8F\x90\xB4�\xFCÓ™\xD20\x88%0|\xEBT)=\x9B)%F\x81\x9D\xA7\xE7�\xA5\x9E\xC8{\xD4\xE3\xA1R �L3#\xA2�\xAB\xA3\xEDz\x9A\xE3\xFD\x86Ú‡wzj\xEDx\xBF��\xF1\x9E\x90\xDFGJl<\xBAmC\xCF�\xE8T\xDDæ–¬\x8CS\xC0†\xFBR\xB4G\xD7G\x87�I\xE1 f!\xDB:\xA3��u at uF7=\x95Wο\x8F\x94c�D�{~Ëžhb\xCBQ\xDC\xE2\x80\xD1i6\xDE\xF2\xFF\xD4\xCFmW\x94\xA1I��Ó»\xBF\xA0A�\xC5 at t<\xAF\xC0=\xD1�\xFD�"\xAF\xBE/S98g�\x92\xF0\xFEA\x96/\xD7n~�\xA1\xE1(\xC7Ñ8qH\x9C\xCEɶ#:�n\x8C�\x80" "C\xE1\xDE\xD4y\xD0\xCC*osj\xDD\xF9Ì·\xDELd\xE5\x963c�;)\xF6\xC1n�\x82\xB81\xFD \x8B\xCA?\xF0\x86\xD7\xE9W\x87˺;\x98[\xB9\xBB\xBC+\x83�<�\xEE \xABW'\xB3c\xC0x05\xF3\xF7d\xC7\xD6Bb\x96\xFE\x95b\x91_q\xBAV$�{\xA4\xB1\xF6\xCFRc\x85\xB5".\xB3o\+R\xC8\xC6d\xF6�ÔŠ\x86\xAC\xCF$Ë\xDE3
-N\xB2/�)\xBD/�a{\xE3\xF3!
f_\xFF\x80�A\xAA\xA6\xAA�~\xB1j\x84\xA5\xCB�\xCE�\xA6v\0ס\xD6]\x98\xA9 E�\xF1\xA22�\x8E\xBE\xB8\xBEyI\xAD\x8C>+\xC2\xF9�\xA0\xBA+\xF1y\xD8LUY(\x8E\xD84Þ„R\x8B\xEF\xF8j�|\xB7n\xE3!\x9F\xB8�JL2\xA8`\x91W\xF7\xFD\xA0\xAFvÙ´/f\xDCum\xB7\xDD1)]\xDE8J*O!\xF5Ц\xBE\xCAJ\xBF�N��\x9F\xB3\xD4 \xC1 T��\xBF\x8F\x95�\xECB\xA6\x82\x92\x99\x8Fׯo.\xDF|\x9C\x88'p�\xF0Ü·\xF4r\xBCF\xFDIH\xC7}\xA4\xEA\xE0\xA1\xEFh`\xF7\xB0\xC7\xC0\xAF�\xA4r\xF7U\x8EI�N\xEE*\x902���Þ†\x95\xA1�)C)J\xFARdK�\x94\xB4\x86\xC2�\xCC`\xE2Û¸- ÒA\xD2!�(i᱾˷\xB6\xD5j9U\xBB \xB8\x83 �\x88\xF6\xA2�K\x846Ü´._\x9D�.\x81�+|\xB5\x9CE\xAE!\xD5i\xE8\xDAQ\x85\xEB\xF8\xE7\xA7\xF7\xC7\xE5!\xCD\xE0�c\xCEﻣ\x9A\xD8x���\x87G�D\xDC\xD1ίj\xAF\xFAe \x84 MT\x93)w\xA0u��t+3\x9Bħ\x95�Ȥ\xB0\xB8y^Y�\xAA3\xCAê©‚\xB2\xAEo�\x88T!ë€\xC5Õ‡\xB7G\xEA\xB3 S
-|\xF1\xAC$;\xAA QFê³\xB4�p\xA9\xB1,\xEB.\xA0\xE7\xAA~\xAA\xCE+ R\xB5\x84I\x8B�\ \x90jÞ‡f7Tz\xB3\xC3\xE3^é«VT�\xF3�\xD6s\x98\x85mB^\xB6w>ܽ\x9E\x96·\x8B@\xD4U\xBB�3\xDBy\xD6 f@�P b\xAA(M\xFCÇ»\x9BWׯ?}\xB8D\xA5/\xAE\xDFÝœ\x89�A1\x8B\xFE\x81=\xBAO8\xB7ɲ\x89j̈\x95J��-\xF7\xD9O]\xA1\xA8\xF7���|\xB3\xA9�GJ\xFF\x9AK�\x93`\xAC\xADkjPU\xF2�Ͷap\xE5\x9A嶸\xED\xD7T\xFD(\xBC�Kj\xA3>\xF1��V�8�?R\x86�\xA7�ry\xD8�B\x9B'\xF8\xEE\xC4��\xCA�\xF8��f\x8Ci\x8FŪ/B��K\xF1\xC7�\xF3�<#\xC1\x9F\x8D\xE8\xC3�!(Rg\xF4\xB9\m\x8A\xAAhZPG�\xAE\xF5\x83\xBB�\xB2W\xBD#\xBFÍ«./'\x94+L\x8A \xA39\xF5J\xED]NaTQS.\xC3w\x96\xF2\xD5\xFF\xAB\xDC\xFF36\xB1\xF0\xBEM\xE5\xB4ï‚\xC1G3\xD1�\x85\x82�\xA3�E\xD7*\x85\xC4[\xDA \xD9\xFF g\xA0�Bendstream
-endobj
-2594 0 obj <<
-/Type /Page
-/Contents 2595 0 R
-/Resources 2593 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2592 0 R
->> endobj
-2596 0 obj <<
-/D [2594 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2597 0 obj <<
-/D [2594 0 R /XYZ 85.0394 243.4864 null]
->> endobj
-2598 0 obj <<
-/D [2594 0 R /XYZ 85.0394 96.2114 null]
->> endobj
-2593 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F62 1361 0 R /F41 1218 0 R /F21 938 0 R /F55 1321 0 R /F53 1313 0 R /F63 1364 0 R /F39 1161 0 R >>
-/XObject << /Im3 1515 0 R /Im2 1350 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2601 0 obj <<
-/Length 1795
-/Filter /FlateDecode
->>
-stream
-xڽ�\xDBN\xDBH\xF4=_\x91G#\xD5\xC3\m\xCF#�\xDA�\xB5\xC0B*\xAD\xD4\xF6\xC1\xD8�\xE2nbgm�\xCA~\xFD\x9E\xB9\xF9\x92�\xA8\xB4\xABU�<s\xE6̹\xDF&d\x8E\xE1G\xE6"B\x91\xA4r�K\x8E�&b\x9Emfx\xFE g�g\xC4\xE1\x84�)�b\x9D.f\xC7�X<\x97HF4\x9A/\x96�Z \xC2IB\xE6\x8B\xFCkp\x8A�EG@��W'\x9F\xCF\xCF\xC2\xCB\xEB/\xB7W'\x9Fnn/\xAE�G!�q$\x82\x93\x9B\x9B󫳋?\x8EB*0\�|\x8C\x83\xCF'W_N>Y\xD8͑\xA4\xC1\xC9\xC7\xF3\xBB\xA3\xEF\x8B\xCB\xD9\xF9\xA2�n\xA8 \xC1LK\xF6\xD7\xEC\xEBw<\xCFA\x8F\xCB�FL&b\xFE��\x8C\x88\x94t\xBE\x99q\xC1\x90\xE0\x8Cy\xC8zv7\xFB\xBD#885W'
-B0\xA2,\xA2��\xA1d\xCA"B\xA2\x88Qf,R\xA6�\x95k5 \x99�\x90�\xF0\xC5�\xF8�\xAC\xA2\\xA9\xBAh�\xAD>
-ڕ\xB27\xF8\x88<E\x9C\xF0\xC8\xDD\xD8m\xD2\xE6\xCF)\xBA��\x91\xC2a}\xC3�Ø\xAE\x95\xA5\x9C\xD5G$ T\xDA�Ui!\x9B*wg\x9A \xE0�\xBB[�\xCCj\xD3K���lSK\xA1l\xED\xC1֢e\xAAi\xC0\x8F\x8CD\xC1\xC5ҞX\xB6\xCD�_\xB0\x85�\xDC?;ه�2LP̤W\xF1E\xD3a$%Ģ\xC5z\xA71\xE6!��aA\xE3yH�\x92BPs\xD8\xEC\xB2�0Lx\x90jI��\xFC\xA8vu\x99\xAE-\xD0\xC9\xF8�v\x92�\xA52\xD2�\xBC\xAD,\xF2*}T�\x92\xED\x9A\xD6��\xD6[Uo\x8A\xA6��\xFA\x9B\xD3�\xA3�E�G\xF2m\x8F\xC5�{u\x9AU\xB5[;1\xEE\x95�\xA3Q\xAD�\xA8\x9F\xDBu\x91�\xED\xFA\xD9\xEE\x8B\xD2"X\xF7 \xA0\xC9\xEAb\xDBZ\x8BP)PD\xE3hl\x91]c]\x80\xAD\x92\xF0mڴn�\xC8\xEB1rK\xCC s\xB8x\xCB+�\xF1\x84\xFB\x80�Ņ'\xD9ɱ�\x990dK\x9C$\xF3\x90I\x84ANs\xED\xC3ŧ\x89\xA4\x87\xA8 $\x9AG�*
- N\xE7\xA8\xC5 �H&Cy2\x91\xA1�I\xB3<Vmvl\x94BYU.\xF7\x99C\xC6!&\xA2\xF8U\xEE�\xD2�\xFB\x91\x89�H\xC9X2b\xBF\xB0\x99\x85\x83\-\xD3\xDD\xDA9�$ѱ\xF9\xB0\xAB\xBBT\xC5.Zы\xE6\xA1�\x98�\xFC\xFD\xBA}�X\xAF�\xC8c��=\xA6\xF5q\xBD+\xAD\x95\x9C\xAD\xB6E\xBE/�\xC5Pb�\x97\xAFK\xD2a�\x8A22�\xC5���\xB1\xB1,\xD3\xE6�D[X\xE4�\xD6:�>\x9E \xCE���\xDF\xDD\xF9\xB9\xBDz\xF2\xE9\xEE\xDA\xDEcr ��\xE1u\xD0Z\xEC\xDB�I�@�b�\xF9\xC01\x8Ax\x94�\xAB\xD4�=\xDDK�q�Cr\xFC\xBF%'~\x81�\xB8\x85\xDA\xD4�\xB3\x95\xCA\xFEԩ\xA0\x9BG\xA2;\xC2\xE1\xF1\xDFU\xA9\xF6\x8F\xEB2\xCF\xF6a\xEB'[\xF8\x9B|\x92�\xF2l\x84=9T*$\xBA\xDA\xF3h\xAF\x8A\x9D^\\x9DY_I\xE7\xB2|S\x94E\xD3B\xBET\xB5�ݪ\xA5r\xCD*sA\xF39-wP\xFB�\xCDA\xA2�\xD1(\xF2\x9D煨\xF!
1H\xA3\xA89\xF9\xB2\xF8\xED\xFAv\x82\xE68\.\xCAVÕ¥r�{\xF7Ü´j\xD3\xD8\xCD{h$U\xDD�\xBBMÏ–#\xC6#\xEA\xC8p\x8E(�\xB2\x9B\xB0\xC0\xB3�&&\xEB�\xD7жuQ\xDA\xC2���\x94#I\x85\xB9p�X\xD3Òea\xA0\x90}U�Ó²YDi\xECs\xAC�j\xEF\xDBU\xDFMaS\xB8:\xB5\x82NW\x86\xAE\xE3\xE7\xE9\xFD\xDA!/\xABz3eX\xEC
-\x9A\xD84|.\xABmS4\xFB\xE5\x85A K\xA0�0\xE8�0bɩ\xEAB at Aj\xA6\xAAW\x8B\xE0\x90\x84-\x82Ss\\x87\x{14204C}*\xC0l�F�\xA6\xBA\x98\xFB$\xF4֙�&\x8F:
-\xA6\xB3\xF3\xBB\xF7\xB7�7\x8B\x8B뫉F<\x8E\xA8\x97$�\xB9YRЅ\xC4]W�\xAC\xA6\xEF\xF5\xBE״\xAA�WK\xFBM_uu?S\xF6nO\xDF\xF6>\xB2\x93\x89�
-
-�"\x84\xDBA\xF9\xD2\xD3g\\xF6ã޸\x91So\x92 \xDD\xC1��M1K\xD7z
-\xD2\xE7\xA3\xE1R�&\x87K\x92@ӕ\xE4\xAD)\x86#(\x8B\xDE^O+U:�\xAB\xB4|\x98�h\x93\xE6ʂ\xF5@\xA5\xBF\xF93P/2\xBB\xD1�l\xBCR�+\xF4\x80\xA0�\xB2\x98MK�RJ\x91�\xB2\x9Bc\x{DEEA}lv\xDB��\x9C\xAA\xE4TϽ\xA4�\xF8 �\xE2\F\xBAUj��\xA8\xCCFܬ2\xDF\xDC\xC2T\xAA'c\xBDJ\xF3\xBC\xB0C\x86\xDE\xE9ꩿ\xB9Z\xAB�t\xE9p\x87��\xF0\x98^\xE8\xEAz\xC8FkIc��\xFA\xF0\xBE(\xD3\xDAɣC!m
-�8t\xBD\xAE\x9E\x8A\xF2\xC1�\xB9 �j\x9ESkT\xF6;/\xD0\xC8ϯ\xD2Nɰ\xB7\xEC\xC3t�3\xB2\x99q=N\xD4�\xBB\xF4\xF1� \xEB\xDB\xFE��\x8D\xAA�Um�\x8BfH\xD5\xCCȞh\xBAl=V\xEA.\xAEvm^=9z\xA6�\xC17\xAB\xD3f\xA5_EL�\xA7\xCF�\xE6Ɩw\xBER�\xB5\xB3r`b\x82S\xAF\6�\xA4;\xEA\xB3�6]��\xA6\x91�`ڶFPX\xDF?\xDB30\x89*sc\xE3�1\xF5��_\xBFc\xA6�/\x89~a\xC7~\x9EG?ʩ\xBEI�\xEAR\xCAغ'\x8F;5ȡ��$ΰ\xDB
-$;�\x9D�\xAC\xDF�<\xB61�\xBE\xA3\xF8\xEF\xCB\xD0\xFEX7\xAA\x8E\xC3z\xF2k\xE5\x91\xC1�-\xF1m�*!\xF8_WB�\xBB7\xAF^\xF4�R\xEFL*\xC46� \x8B�\x8AGS# \xD2\xF9Fo\xBCo\xF4�xW\x83Kt\xB2F�\x96\xE0�\xBB\xB2)\xE2륓r�-\xE7&\x81u�\xAE\x8BR\xF9Tx(JSȓ\xE0\xA9h\xDD9\xF4p�I\xAE?�P\xD5\xFD�\xE4\xB9\xFE\xE8\xA9,"]N�\xE0\x94L\xD7�\xB3\x83T�c\xB8K.\x95\x92\x83\xAAb0\xCD3['F\x9E\xAB|\xCC\xCDT�\x95;Ni鎵u\x8B2�'\x84\xF5\xFAN\xB9\xA6\xE4u�t\xAD\xC3�\xD4C\x872\xF5\xFD \x9E��\xC3a\xFB�X\xFA\xC5\xC1\xE4\xC5\xF7\xC1+�\x9F\x89\xBF\xD1\xD4�7}��\xC0�g^\x829\x8AY\xC4]T\xFE�\xB3\xEE\xD4lL \xFD\xC7\xD8\xC4 \x85;#\xFD\xEB\xFF\xDF\xFA�y\x8CX\x92\xD0��\x831�� k'\x94�\x9CD\xFC\xF0)\xEC\xFE\xA9;\x94\xFD�\xA2\xF2>\xAFendstream
-endobj
-2600 0 obj <<
-/Type /Page
-/Contents 2601 0 R
-/Resources 2599 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2592 0 R
->> endobj
-2602 0 obj <<
-/D [2600 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2603 0 obj <<
-/D [2600 0 R /XYZ 56.6929 688.8814 null]
->> endobj
-2604 0 obj <<
-/D [2600 0 R /XYZ 56.6929 580.117 null]
->> endobj
-2605 0 obj <<
-/D [2600 0 R /XYZ 56.6929 502.4221 null]
->> endobj
-890 0 obj <<
-/D [2600 0 R /XYZ 56.6929 461.5895 null]
->> endobj
-2606 0 obj <<
-/D [2600 0 R /XYZ 56.6929 424.1905 null]
->> endobj
-2607 0 obj <<
-/D [2600 0 R /XYZ 56.6929 391.3558 null]
->> endobj
-2608 0 obj <<
-/D [2600 0 R /XYZ 56.6929 322.6942 null]
->> endobj
-2609 0 obj <<
-/D [2600 0 R /XYZ 56.6929 259.9194 null]
->> endobj
-2610 0 obj <<
-/D [2600 0 R /XYZ 56.6929 84.2201 null]
->> endobj
-2599 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R /F39 1161 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2613 0 obj <<
-/Length 3006
-/Filter /FlateDecode
->>
-stream
-xڥ�\xD9r\xDB8\xF2\xDD_\xA1\xB7\xA5\xAB"�\xC4\xC1c\xDE<\xB1\x93\xF1\xCC\xC4\xF1\xC6N\xCD\xEE&~\xA0DXbE"="e\x8F\xA7\xF6\xE3\xB7�\xDD\xE0!ӎ\xAB\xB6R�5�@\xA3\xD1w\x83\x8Ef�\xFEE\xB3ԄBez\x96d:4"2\xB3\xE5\xF6H\xCCV0\xF7\xE1(\xE25s\xBFh>\\xF5\xF3\xF5\xD1\xDB\xF7*\x99ea�\xCBxv};\xA0\x95\x86"M\xA3\xD9u\xF158\xB9\xBC<\xBB8=\xFF\xD7\xF1\��\xFC���\xC1Ǔ\x8B/'\xBF�\xEE\xF28\x93\xC1ɇ\xB3+�J\xADbX�)\�\x8B\xE0\xE2\xEA\xCB\xE5\xE9\xC9q\xA2\x83\xEB\xB3\xE3\x9B\xEB_\x8Fή;\xB6\x86\xACGB!O�}\xBD�\xB3�n\xF0\xEB\x91�U\x96\x9A\xD9��D�e\x99\x9Cm\x8F\xB4Q\xA1\xD1Jy\xCC\xE6\xE8\xEA\xE8\x9F�\xC1\xC1\xAC\xDB:%
-\xA3\xD2Ф2\x99\x90\x85\x8CfQ�f\xC6ȑ0L�\xC6J*�Ɨ\xEB_>}Ƌ\xC0r9�\x9D\x98\x81(Bm`�\xAE;\xAFZ\xBB\xABlK�\xBAzlZ\xBBmh𮮚zז\xFB-\x93\x81Su\xA8t,\x99\x8E\x8EB\x8D\x97@:(\xC9\xE3y$@\xE2U\xB3\xBF+\xF2\xD6\xE2.\\xA6L�%:s\xCB.\xF2\xAD}\x86\xA9��\x95�\xB1\x8E\x82\xE3㛔 A\xA7\x8FU\xBE-\x97<\xB8\xB8"`\xB8vߖ\x9B\xB2}\xEC�\xEEń\x9Cġ̄tg\=V\xF5]S6\x87\xBA\x8EAa
-\xA4n\xE28\x8CE\x92N\xE9&�Î¥\xD1 OÚ°�\x85IQ\x83��No:\x9A\xB0\xE1n\xD5\xF8\xE61H\xF2뼸\xF1\xD0i�\xAD�\xF8/\xFD\xCC\xEB\xF1p3�\xB2(\x8C�\x9C�\xF2�#\x9DJ`�\xCF\xFC\xBA\xDE\xE6ËŸn\xBE[\x94\xAE\xFD\xA9\xB1\xCB�؃\xDB6b8R�\x98a\x9C\xF26\xC2\xF7\xA9�\xB20M\xFDB |[n\xEC�E0\xA0T+^v\xE3\xECe\xAE�Xg\x82!\xA0\xD3�\xF28o\xA7\x8EQa\x86\xFEH�\xDArk\xEB}\xFB\xEC9Qw��r?A�\x8C5\x8D\x8D\xE1\xA5\xFB\xE2\xEEy\xAA\xE0n \xF8\xDC!\xD5\xDDk\xA8\x82\x84w\xA5m\x9E\xA5\x9A�R\xFD\xFCC\xAA\xBB\xBC*\xEAma杻j01#�\x89޳̕NH\xB3c\x99\xA3\xD6\xD0$n\xA6\xDCi.u\x98\x898\xF6^E1\xF8\xF4\xEC\xEA\xDD\xE7\xF3\xCB\xEB\xF3O�ݦgc\xCF0P���mB�\xE9\x98��/\x9D\x83O�\xFB\xC6��\xA5A[�\xA6\xD9/\xB6eK\xB8.:\xE0\x84\x8B�\x88\xFD\xC2\xFE\x84\xC8\xDDq\x94�\xF6ϽmÚ†fs\xA6\\xD8oBÈŠ\xC8'AY\xD1\xF4\xE7\xF7\xEF�!#�\x8FO\xCEi\x88\xF2aV\xEC\xEE\xDE\xEE0\x81\x84l\xC9|\x87\x91P\xAF\xD7\xEE2Q�\xE4\x9BM\xFD\xC001\xD6\xD4{�,\xED�\xBB\xAC\xDDo\xC1K\xDD\xF9\xF0\xBBp\x8BL\x90�\x85\xE3�P\xB0p\xB0o[\xDF\xFB\x89[\x87\xA9\xB7|0\xFD\xFC]W|\xCECÙ®\xD1\xC4\xDD`\x9BW{`\xED\x91F\xB6(Û²Z\xF1\xD1k;\xD8\xCAÑ.G\xDAG�nl\x88\x8BDpB�\xB9\x81\xED�\xFB4R�tA\x88e^1PWm^VO\x96qZB�\xE0/\\x9C \xBCv\xBF�\xAFM\xE3- \x8EG\xED\xDA\xD3w\xF7\xEE7�\xA5\xDEc\xBD\xD4\xC3\xEE\x9Ei(SC\x86\xFB� \xE1�Ç‘m \xCA\xFDi8\xD8W\x85\xDD�X\xF4fIw#el�q_\xE6�\x8E�\xA5\x90Ê£\xD8\xDB\xFFËŽ"\xB5\xF0\xA1\xAD\xE63s\xFA9\xFD\xE5\xDD%Al\x9C�\x83\xB27�\xC1U\xCD\xDC/\x98qT\xB8\xE5\xC9\xC5#\xFD\x82\xE4X�s\xA9t\x98\x9A8��\xF5Gg3$>$\xD0xE\xBAsX\xA7`�\xAA\\xB2\xB2\xD1\xE4�*\x869\x9D\xAE\xC9\xDB\xE1To�\xE0\xF8\xBC:o\xF3\xB1�,xfS7\x{D932}\xAE\x9DÕšl\xCA\xC9:\xEC\xD0\xC9 \xC9Z�\xA8\xD7*�\x98Wv\x8FXt\xCE�sN\xF4�=\xEF|\x80pW}\xAAb%\xA0\xA8Kc\xFD*�\xC72\xF3yf\x9D\xDF37.�\xC0\xEF\x82\xC7.h9\xE6�\xD1p\xB1\x85%\x98�e�\xAB\xB1\xBB\xA2�\xA3\xB3\x8A$\xF8Ü»\x98\x96\xFD\xA5\xA5\x8E\xC0t\xAA\x96\xD0N\xE4\xF8\xBB\xE6)$\xF0�޳͡t\xDC�<�\x85\x8E<E=\x9C\xA2\xDF((� [b\xC0 at 9\xE1�Z�\xCE0u�|\xBC8\xF9xF\xA0[\xE7l �Ô·#6\xA4gc�\x90\xB8\xC8\xFBt\xF2j\xA7F;\x99(z�T\xDE�\xE7Å„~"t\xC1ȧ\xE1�*\x86�5\xA1 �\xE5\xDF}\x8E�\xE9>Va\x9C%\xE9\xABT\xAFTÚ“\xB6;\xCAe@\x!
BB\xE43
-\xBBد\xF8\xB8\xBA@}�\x9D\xF94�\xC8;
-7\xF7 pƴ\xBB|I1ݑ\xB9\xADwۜy\x96`\xF0�J�\xB8p\xCD\xE6�i\x8DW<\xA8ɞ\x89\xE6M�o\xD9\xD7\xF3a�\xDE\xE6\x85=po\xD2cG\xE4nS\xFA�\xC0Z\xB3\xA5s&\xC4\xF4\x99l\xB4\x93\xB2\xB0K7�Y\xB8S\xB2zY\xC9Q\x9Cx�\x9B\x9FN)YC\xAFӕe^\xC9t\xA3g\x94,\xA1W|\x95C \xD0ғf!@\xE3ե\xB9��\xF3\xF1\xD5\xE9{\xE5\xF4\x87Ñ\xFE8.N]PA�,^6cV-- }e�c3\x93\xBC\xD2U\x94ȼ\xB1\xCE\x9F\x96"�ӇR\x8C\xB5O� \xB94��\xB8YkW.\xA2 ҉e\xB5\xDFR0�\x8C\x8B�\xF0\xFB\xB7%\x93`\xEC\x8E6\xAF\xCB\xD5\xDA\xEFm\xAC\xB3I\x80\xC8^ \xD8\xD4^\x840`�\xC2m�{o7�\xB3\x8C�\xCE��x\x83ô\xDBJ\xE2�\xB1fq6\x{18B4AD}\xB7(\x9B|\xB1\xB1Ŵ!�g�K\xF6&_\xB2\xEFe�j\xCBU\x95\xB7{NT\x84se��.\xCC\xC3/�\xC1 \xB9� \xBF\xF9�.�\xD1tI\xC1!\xE3�\x8A at _�\xE3\xC0\xD5\xC4H\x82\xD2,\4Q
-\xB5\xD9\xF4\xB4��\_\x9D\x98\x8A\xAC�\xC9T\xA4�a\x96p\xED\xE3�\xCFB�Z\xEEÊ…\xE5 �\xC1\x84/\xB2!K\xC8T�B\xB9d\x8A{×¼�\xB8\xF8&\x8C�\xF0_\xF4\xFCQ/�\x90�\xD2(>\xC0�\x9F\xF1\\xA6\xA2\xA9\x8B:V\xB4 >\]Í0`\xA4\xA9o \xEC\xF0Dm\xE8D\x98&\xAA\x80P1\x84p�É™�\xFCfìS\x98\xC3\xD5N\xFD\x80\xCF\xE9\xA7Ys\xC4,h��r7ni\x9E\x8B�\xB7\x92+9\x80\xEB\xCA�%\xB0\xDE�
-`\xBEW\xF5�S\xF6A\xE1\xB0��V�/G(\x9D\x88\x84Ý–�\xB7V>�+�~\x9Ff\xFE4x\xB7\xDF�\xF3U�\xFCEQ�\xA0�i\xDDo&\xC6\xDD\xE6\xFD�\xC6=\xCB\xE4m\xB5\xDC=\xFA��\xE3|\xB3\xAAw�&\xB64\xBC\xAD\xB9\xDA \xC1"\x8A\x8A��\xFC\xF2\xF1\xE4Ýœ\x9B0f}\\xAF\x9E�\xC7E�<\xAC\xCB%\xC6�H\x99\xB49�\xB6\x828t\x8D\x88fCA at FP\xB9\xE1\xE5\xB2\xE0S\xE5\x9A�@\xD6-\x85� ;6\x99Þ \x98zB\x9Cïº;\xBC!>\xF2;È€\xCBcpk\xBCzCȇr\xB3\xA1\x95\x95\xB5Å”\x9D\xBA\xE2,\xCD at j;;1u.\xF4H3\x8D\xDDXW\xA7\#"\x90\xDF\xC1I\#\xDC\xEDJJ\xE8\x88���\x87
-\xFD>X\xC7G\x9Av\x98\x8E\xD2w:�ej+\xDE\xD5�&\x8A\xB6\xC8_\xEE�\x9Ez\x99\x91\xA9hh\xA0\xDF׻\xA9\xA6\xB2\xAC\x9A6�A\xBF\xC1\xB62�#)[�\xAB\xA8�M\x87"\xC0�m\xFAN�\x90\xB0\xB1\xB5\x982��?\xB0\xBB\xC0\xB2��\xF0�<\x80\x93\x99S\xA6q�\xEB\xAEV{k\xDB\xE5[4\xF7"\x84\x96\xE6v\xC2W2 \xB5]\xF7(\xD3\xD4L\x9B|V��\xD249
-e\x91�2'>\xA4\x8E�\xEA/�A\xECpI \x81\xBCi\xEA%i \x87\x8E�$w4\x9A\xB1�qv�8p\xEC\x84å¨ \xB0�\xD0k�\x87\x94\x84G\x84\xCF/yeQp\xC8o�\x81\xF9w\xB0�x\x84\x80V\xF1Id\xC3T\x95L\xD9*I\xC3==\xA0=\xF5\xEF�1\xA4\xA0î½#&>Y��\xA9\xAE\xDC\xCB\xFE\x93\x9C\xE0\xF6Z~%\xB9\xDB/6.\xED�L6�\x80�'\xF5j\x97ß)�1\xA1k\xFC,Pw$F\xAF$O�Ar�Ç”R]\x91|`\xB5\x9E��G\xE4� l\xF7
-\xB7R��~M[w\xB1\xDEE0�\xEB\xE8緳\xD3\xFA\xC3l7\xB1\x96\xDEs\xBA ̋�\x8F\xCF\xC4juX*�\xF6\xA7:öӼ\xAA~\xD5I\xE4\x9F \x8A\xDAr�vo���\xF3y1\xE1^Pc\xE0'�q\xF0J\xF6c7\xC3�\x92X\xA5\xE3j\xD5#G\xC5j\x9F\xB8%t\xECd"�\xBA\xE3\xDF\xECn\xC1\xA5]Cs\xEC-\xAE3\xCD7X�)\x95�W�}\x8A\xBC�<\xAC�P�:\xD8u�\xBEd:
-\xF8\xD1rM-K�P\x85\xDB=y\xC4]_u
-\xE8\xF3\xC24V>\xCB\xCEW\xCF\xD4\xCFZ\xFA�o|Q\xC9W\xCC\xE6 Ñ®\xEA\xCAg>!B}(\xD8fp\x99f\xBE\xAC\xB7\xE0\xA7yÅ\xC6}\xBE\xEB�\xAE\xBE6\xE3\xCB
-.>ݻ\xCB#\xFD\xFEql\xB0\xEE)\xDC[&"\xA4�\xE2\xE0EϿ\xD1��#�߱\xF4oAӂ\x81\xC63LtW~\xCC\xEB�\xB6g^0O\xAD��
-\xF4zil\xC6\xD5\xF8\x8F�\xD8t\xF7t\xDF\xF4�\x93J\xCCB
-Q޳\xFA8\xFD\�\xE9$\xEE_\xEC&:)�\x9A8\xF1�忰\xBCD\xC5?:H\xC1�\xD4Ѱ\xF1\xEF9v3\xA3�\xD3=��
-L\x98\xC7�\xC3\xCF�5�\xACl\xE5��`�\xBF/r\x80�ēj�fo9\x9F\xCF#\x99\x84F%�\xF9\xEDIq\x90e\x83�|8p�\xF8 \xE8��\xB2l\xF4\xD0\xE0*\x82�j\xAA\xDB|\xBFii\x9E\xBA
-\x84\��\x95�V�&\xF5]�Î\xB4��\xF4\xE5��\xB6\xFB\x96�\xBF'\x92\x96\xFDk\xB9\x81\xE4to'\xFB\xB9?\xA8\xE8\xE1g\xA9 #\xD6 fÑ‹\x86\xA1C�w
-x\xD7�w\x8Ff\xD2yߛAЗ\xE3\x8Eq\xBC\xD8k\x8C\x9F\xD7�/'0\xFA:\xF55
-�F\xDC5\xE7\xEE\xA3\xE0�\x97\xA3O{7S_\xA5B�%\xA6\xFF\xF67\xF8\xA8ȯ\x81\x8C\x9C�\x81\x8A\xC3,I\xF5\xE0\xBB\xCF@\xA4\xE0\xBD
-?\xA7Ö\x91f8\xA5%\x8A\x82V\xE2\x9F���$k\x99d\xAE\xF0y\xCA1\xA4\xA0\xD8xW�~\xFE�\xF1\xE6>Ç‹�kpb�\xE5\xF3\x9AO_ä5��\xCDK\xED\x9C�'\x86�\x87\x93\xBDáD\x924\xF8\xD20\xBFt�\xF5\x8C�I�\xC2O\x92��Q\x9C\xF4\xDF�\xBC�%\xB2\xE3\xB8(\x9B%\xB4\xED\xF9\x8A\xFA\x88\xA9\xBFsP&\xC4rt\xE2\xE3\xB6螉\xFEï¿\xE8\xFF\xD6C'\xA1JS\xD9\xFFy\x83<x'\x87\xFC�y\xA6\xF0ZQl�Y\xEF\xFEZ\xE2)\xEF\xFF�
-\xDC\xDC\xECendstream
-endobj
-2612 0 obj <<
-/Type /Page
-/Contents 2613 0 R
-/Resources 2611 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2592 0 R
->> endobj
-2614 0 obj <<
-/D [2612 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2615 0 obj <<
-/D [2612 0 R /XYZ 85.0394 752.2432 null]
->> endobj
-894 0 obj <<
-/D [2612 0 R /XYZ 85.0394 714.1831 null]
->> endobj
-2616 0 obj <<
-/D [2612 0 R /XYZ 85.0394 678.1164 null]
->> endobj
-2617 0 obj <<
-/D [2612 0 R /XYZ 85.0394 646.3846 null]
->> endobj
-2618 0 obj <<
-/D [2612 0 R /XYZ 85.0394 581.7132 null]
->> endobj
-2619 0 obj <<
-/D [2612 0 R /XYZ 85.0394 499.0182 null]
->> endobj
-2611 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2622 0 obj <<
-/Length 3862
-/Filter /FlateDecode
->>
-stream
-xڥ�]s\xDB\xC6\xF1]\xBFBo\xA5&&\x84\xFB�\x907%VR'\xB5\xE3Z\xF2\xA4\xD3$� �\x99\xA8I\x80!@\xC9r&\xFF\xBD\xBB\xB7{\x87�\x81\xAAێG\xC6aoq\xB7\xB7߻Gq�\xC3?qnld3\x99\x9D'\x99\x8EL,\xCC\xF9zw�\x9F\x80\xB9\xEF\xCF�\xE3,=\xD2r\x88\xF5\xCD\xED\xD9\xE5w*9Ϣ\xCCJ{~{7X+\x8D\xE24�\xE7\xB7\xC5/\x8Bo"\xA1\xA2�X"^\xBC\xB9y\xFF\xF6\xE5\xD5E\xA2�\xB7\xD7�K)\xB5\xB2\x8B\xAB\xB7o\xAF߼|\xF5�x71 �f�/^_\xBDy\xF57\x82\xBD\xBD\xC8\xE4\xE2\xEA\xFB뛋\xDFn8\xBB\xBE
-d
-I�\xB1B\x9A~?\xFB\xE5\xB7\xF8\xBC\x80�\xFCp�G*K\xCD\xF9�\xBCÄ‘\xC82y\xBE;\xD3FEF+\xE5!Û³\x9B\xB3\xBF\x87��\xB3\xEE\xD3YV\x888\x92\xCA\xCA�^H9\xC7�\x93EVI\xE5x\xB1*\xD7\xF9\xB1-\xE1\\xA9Xt�7\x90\x8Bv\x93�.D\xBA(�\x9Ah\xCB5\xBDw4_\xB5�?\xEE\xF7ÛŠ\xB0\xE4"ghN\x8Fu\xB3\xDB\xE55\xCFm\xAB\x9A7\xA1\x95?�we\xEDW\xAB\xF9\x83m \x93�Ô•\x9F:`\xBC\x8EA0�\xBF\xDB.\xA4\xD9�/u_\xB5\xD5j[\x86U@�\xC0\x92\xA5�Qf\x8Ct\xE7\xA3#\x81Ìšc\xB7?v4\xBEs$4;zÛ·\xBF\xC6\xC05\xF8O0êž\x8E.x\xE6\xF4 :\xBA\xE6\xF0H/\xBFƱ\xDC\xF2Ò»\xBC\xAA;\xF8s|\x80\xF7�ㄽ\x81\xC1\xB0$(\xD9_Z�\xB4\x9Br\xBB\x8D�\xBDidSa�\xBD?_�\xB3\xA8\xBA
-*\xA3r+ \xD2\xE5wZ��\xA9@~\xD2\xC0\x97\xF8\xC1\xF2#a\x8CD-@\xFD\x924e\x94f\xDFUM\xFD\x82\xF1F+\x81v%\xA0t\x84W\x838\x8B\xBC+g�\xD4:\x92\x89\xF1�\x92.\xE4E\xDBS\xE9�#\xB5\x91z\xAC60?\xE0\xFB\xF03\xE6\xA5\xDBը\xE11 at eS\xAD=}�\xCBǻj;K\x9E <%���G\xC5b\xF1c\xF9H+3\x99\xA4>0p\xEA�\xE49\xF9"!�
-\xD3\xD78�\x97N0K\xA5\xC0\xE8\xB4�^\xA1\xC8y\xEC\xF2\xAE\xFD�6P\xD2\xE9\x85�#\xA8\xEA�N�`�\xD4¢\xFE;\xAD\x80Yz\xCFgD)��\xA5\xB5^\x98u\xBE+\x8B�>\xBC\x9B9$\x98m\xD2\xCB` \xC4�-sB5`\xDEV\xF4L\x9BS\x90,\x92q\x921NÛ\xD4\xD1�_ \xA5z\xF1\xB0\xA9\xD6�"\x9A\x98�\x83�\x9F\xEACY\x97�@/\xF8PÇ®�2*\xE6\x994"\x92\xA9Uc#\\xE7Û[&EÛ˜\xA18�\x8F\xEC\x89)\x8A\xBA]"�`\xA7�Ê\x8C\x8C\xF2\xFCBz�E��\x8B;\x81d\x8B}^1\xA0\xB9#H\xAF� |\xD84\xCE\xE1��\xF9\xCDP\xD6\xDC\xF1w\xA4\xA2 �2{$@)l\xA4R\xED\x89\xFF\xF1�\\xF2\xCF\xE8+a\x92\xE8\xAB?�\xE0\xFF\x9AÝŸ�+�\xE0\xC6&\xCD\xC6Ì™�\x90\x8C\xA34\xB5 /\x8BntFy\xB2(\x95\xB1}~\xEB\xFD\xA1\xBA\x9F\xB7i\x91d\x91�\xAB\xEEy\xA9\xE24\xC8>K at lh \x99%\xD9�`({�\xCF\xC9R\xC8$ʲ\xC0!
��&x\x81%�\xF2\x848-p"5\xBD\xE5j\x9D\x81˟s{�L\xE59\xA7�\x9F\x8AȤ\xA9\x9C�,\xA8\x9E�\xD9"߶
-\x8D\xF0<\xF8�\xBF\Ш\xE3\x99v_\xAE\xAB;\xFC@:\xBF\x8F\xB0\x9BW\xDFc\x80\x88)@ �Evb�\xB0\x87
-�R\xB5F\x9E;\xC8\xCBG\x90K\xB5\xE6\x9777\xFC%yZ7&\xCD\xFB\xFDX\xB6]\x8B\xD9�\xBC\xBD\xAAyY�~3am\x9D\xB7\xE5\x8BI\x94qT\xB9肇@\x95\xF7�\xA9\xE2\xB0S7� s\x8El}}\xF5\xED\xF2\xF5K\xD3/ \x84XD3b\x9D\x84\xA9\xE7C\x85H\xB4bI\x91� v\xBA\xF0<\\xA4\x8B#\xC3*~\xE6\xF4\xD86\xE0(\x96`\x9D�\xBD7\xB5\xF3�0\xDA5�~lɟ\x8AS\xC1Q\xC6�ܤ\xF41c\xB9\x9D�\x8Fq\x92x�\x81S*\xFF�\xA1N\xA7>ۀ\xE5۲k\xFB\x8D�t\xB8\xC7H\xEEh.
-\x92[뱚\xC1)\xDC!\xC8#\xDA8\x8A\xA5J\xC7\xF2C\x85*\xAA6_m\xE98\xD9\xE08#\xBE[�\xA5`\xD0\xDEQ��OO�\xA1\xCAd\x89\x8F
-\xA8\xE7\xB4d\x8E\xAC\xCC4�!��!\x9B�� ,R�\xF8b\xC5�4\x80~\xA8\x8A\xA2\xACQ\xFF\x9D\x81Ƌo\x9B\xBA.טU\xF0\x97]\xD3�\xC2}\xEE\xB80\xDA\xD2q��T-\xC0}\x8F,\xF4\xA1\xDAnɣP&
-\x83\x9C�\xB7`{4"\xE5\x86\xC1]s\xAC\xD9\xFFT\xF5lD�\x91\x80\xE4\x90Yqy\x9F�.�\xC7\xFAÒ…\xD6\xCB�\xCE
-TG'\xA2\xA21@^"OxDK\x86\x84\xE4q\xD4\xF3\x81
-@\xEC�/�e?\xE0-g\xDD#\xA4\xAA�2z3\x89\x90\x8E\xBA9\xB9\xEA(̈́w\x8F�\x84%\x95A�i\xC0\VP\x8E\xEC\xF2\xB6C\xC1"\xF8s\x83\xC96\x8E6\x98\x93\xE3 \xB4y\xCEYk\xB0\xE9\x90R\x90I/\xF7ͶZ?\x9E\xF0\xD5i\xEC=;\x88|\xCE\xFBG\xBD7'\xEAfb�\xB8\xE9$\xCDz\x9F\x9F(\xED|~8�j�\xBD5|d\xE7�\xDDA\xC9\xF9f}\xAE\x85c\xE7fp\xB0*\xD9\xECR
-Վ\x9E\xB0\xB9Wf\xF2x�\x94i\xB3�}\xAAL�D\xE1,\xA4I\xA7Rm\xADM6J\xB59ދ\xD8@�\xE9L߹NC\xD5'*Ll�Ey\x97�\xB7\xDD\Z\xAE\xB1@\x8B\xC5�\xA5\xE5"μ#�\xEBii\xED\xF7/\xDF\xE2 !\xBB�@[:\xA3�\x88�<���\x9E1>\xD91 P1\xFD�\xEC9p\x91zKN\x83P� ڧP�n�\x82n\xB9\xE0�pz\xA2\xF4\xD8Ef*JT\xA6Ǣ\xA2\xE4<s\x9E@\xC5|"9
-\x96�\xF0\x88\xDEL��\xA3#�o\xBF\xE5\xCF\xD8\xC7H
-\xFE\x88\x84\xB1\xDBU
-\xEAT\xBE�\xB9y"\xB2\x90p\xDF\xCFK_\xAA \x92>m\xB3\xCB?\x96\xED\x9CC�\xA0\x97J}\x91l\x95\xB2�ÙŽ\xF8��\xB6�\xAE\xD8g\x99�\xCD4M\xC6\xEC\xE4\xB8\xE6\xAAUN�V\x9C7쉥w\xE0\xBEV\xBE\xA4}Ø”\xE3\xE2w\x95wk6�\x97�cU\xEB5 \xC6�M�\xE4�\xBB\xBC('\x95\xAEa\x8A\xCA\xF9\x9CV\xD8\xDE\xE2\xF6'-.ĺ\xD2\xEF��!\xB6,>]s\xE0Q}ÜJ.\xED\x9D�Re\xCE-�_\xF4\xAFG\xA1m\x80ÊŒ`\x83\xC04\x8B��\xCAzT#�\x93�{B\x80g\x84Q^@*\xB2B%\xE3\x84\xEA$7b\x99\x86\\xA6\x9B熊C\xB5�4PY\xCF�\xE5\xAD��\xBB\xFCS\xB5;\xEE�Z\xED�\x9C\xF3�A\xA2\xCAN\xEC� k\x8FÕf\xD3hUr\xC5\xCC\xEF�\xA3\xBA#+\xB3\xC8W\xC0|\xB62\xCB\xECQv\xC0\x9E\x80k�*\x8E�{\x94\x9A:n\xA8!\x9A\xBAh\x99\xD1\xFF,\xA9\x91\xC0�\xF3\xD9\xEC\xAAo\xB7�c\xD9Q\xAAUN\xF4��\xD0�\xBB\xFFF;\xD3�RK\xED\xE5q<\x91[Ʊ\x9E\xCA#6^�\xBDw5\xDEO�\xE6v\xE7\xBAK\xF0Z\xD5�\xCB\xEF\xF3\xADKJ
-s.�r�\x91Zz*\xBF\xBCg�\xA6#\xAF\xEE�\xFA\x99Y\x85ł\xD0\xFD\xCE~�Z\x97\xBD#\xC0W<\xBFnv\xFBcG9 \xC8D\xE2\xB9'9츋6\xE5\xAAo\xA1\x85m\\xD9Q<5E\xEFN\x88�\xC1\x97t\x87\xAAlg[d'ME&2�\x88\x87y\xD1��\xEA\xE5 ��{\xD1X\xDF�\xB5��\xAD\xE0v\x80'� #�\x97J���L\xF5"\xB2l\xFB T\x8C\xE5\xA4�\xEFC\xA9\xD8P\xE8\xE0N5o�L1\xEC\xE6M\xD1\xC6^\\xB6Ow\xC0hR\xA9\xE4X@\xFF\x83\xEB
-Y\xD9\xF2\xDD\?�J{%}1B�\x86\xA2\x9C\x8B\x8B&\x89\x84\xB0Ù”\xD5F�\x8AÓ– 9Û\xA3;纤wR�É»Ôn8\xE3O\x88\x870\xC1
-�\x98{L\xBC\xA9\x8E…�!�\xDEѸh\xFC.\\xFAJ\x8Ev\xCD}U\x94\xA1$\x81\xF2̎Y7׫K"\xA9\xBD\xF2\±/\x89\xB4\xB9D9\x8Db�J��Yd\x82�\xAC\xC0�\xA8\xED-SД\xFBj\xED\xAAx\xE5\xF5\xCEA\xBD\xFE\xC0'#\xA6\xC0\xBBc
- \xF5L!x\xC5OÈW
-\xE5[�aBv$�{vr\xD3>\xB2\x84H�\xC8|N\x9C\x90ZgQ\xA2\x8D\x98x\xE5\x91,U\xE2�MH��\xB7\xD2 \x92\xD3c\xBD\xC9�\xF9\xDAU*8K<\xA0)\xC7'x\x86�*\xA2�{\xA8\xCA�\x9C\xE6\xC0 at xQ\xE7\xE6\xE1\xB9\xE2=9 \xA4\xAAA�r~\xF1\xA40\x95\x81\xD7Ѹ\xC3"\x82\x8D\x80'\xD4tȜ\xDD#\xC8\xEF8g; (\x87\x95\xAA﹢�\xE6
-:H\xEDS\x93\xF8\xF0PÕ…\xEB�\xB5\xB4�\xD7\xEB\xB0\xCFD\x9016\xAB\xE9\xFA�=\xFD\xA69n�\xBCb*9\x9B\xA5h\xE1#C�}4\xA7}\xC1\xC3\xEBQ\x97\x88\xCA�\x89F\x9BM�\xC7�0\xA8\xDAo�ν\xED\xFBC�\xD15\x88T�\x89\x8D\xD1\xEE\xB3WoÞ¾\xBF\xA5o\xBE\xFB\xE9\xDD\xEB+\xBC1\xBB\x9D\xEF+I�\xC5Z\xE8/\xB9\x82\x90\xA1�2\xBC\x82�i\xE0��CXz\xEA\xBF��\x99\xCC\xEB;^%85\x9D�R\x96\x85�\x96\xD3KX\xB2\xED@\xF9z\x99\xF8]]v�/\xAEs\x97�\xA3\xB1\x86{/Da��7eH]M\xCF\xF2�\xD8�5\xB92\xF6\xFD uwe$��\xEA"&V\xE7Jb)\xC3\xEEF\x9A\xC5M\x83\xF6\x86PÞ½\xA5\xB7P\x92))(\xC7u\xD0b�6\xD5v\xE86\xEF\xF9\xBB\xFD\xF1\xB0oZ�\xCFpA*\xC7�Þ€\xB5�ZZ`\xB0\x9A\\x94�\xCE\xD08t3�Y\xB006\xF98\x89\x9E\xB1-G\x87�\xBE\xF2\xF0\xF1\xADj+j\x89BN\xB7)\xD7�[\xC2r\xAD \xC1.\xD2M\x82S /\xEA\xA7\xEF&\xD3\xD8\xFD\xC0>�jܦlK\x9A�\xAE\x88\xCD�\xBFRQq\xAEOk\xE4�\xA3�C\x85O\xF8\xDDN\x87\xFE\xF3\x99\x9E,e \x8AUsäºf\xE8\x9A\xF2e\xA7\xB6V\xB96\xE0\xBBw\xB0�_>�ȳÕ?UTO\xC1\xF7
-\xC3*\xFE4_\xB5�I`n\x90\x89Y߃\x83�3B\x99\xD83�\xA1\xC33\xE3\xFB\xEE\xD8\xF22+\xC6ع\xFB:\xDC\xEB\x8E&\xB892=0\xF6\xB9C\xFA\x9F\xA9>g\xC9\xD4$gɘ\xEEA\xA7\xB0=\xAE×¥\xF3YZe\x8B\xF7\xEESF\xF1\xFD@�\x9A\x90\xB4Ú¿\xA0.\xA3\xE6�\x93\xD67�a\xC0\xA5g\xA6\xB8\x96�N\xCE+\x9Aky\xF6ܘQÔ»\xBC\x9A\xBF\xA6\xBD\x86\xCA�\xDBPI_4\xA9$�\x9F�'a\xF9\x96d\x88\xD3NU\xE1\xF9\xB9\xBCମ\xE1\x89�=w\xA1\x9CÂ\xE7\xA8æ•œA\x9C\xCF\xE5\xD3u\xECh�\xDF\xF2A˶i\xC6\xE1\xC1-\xB2\xDD6�\xB3\xD7�x\xF3\x91@*u\xAC:\xA8\x9B\xDCA\xD5\xE8j\xA3 \x84\xFE\xECrzv\x924NpÆ…\xD2&\x80kc��\xDBX"\xC77�\xFDbC�\xC2�\x9E\xD8�\xA2\xF6N)\xECU\x92i(\xBA�\x9C\x91\xEB\xAEj\xF9�!M\x87\xD6�o\xFC�\x884\xB8�p\x86W�Ym\xF3\xFA#
-}\xBCI\xD3\xF0ˆ\xD4Y\xB3S=^\xE6i\xB4\x93R╲
-\xBD\x8Bz.G\xC0\xB4L\x87\xA6�;t\xF6�\xB0\xB4\xFB\xC1F;\xA16_\xAF\x8F�\xAA\xF9r.M\xFB8@\xEDPm\xA3$3\x93\xABG_�\xAFBG\xA3\xF6�Dܴ\xA0\x98�\x83p\x8B\xE5^\xF0�\xEB\x99�и\xF8�\x95\xE1|\xEB\xE4D}\xC2\xCD��J\xA9E\x83\x97\xEF\x93R�V\xAF\xB8\x92ܕ9g\x8A\x88�<\xD3\xE08w\x8DS\xF9\xAF\x9F\xFCnGD \xD4+\xEE� Q\xEA\xD4\xEFl�i9Ģ\x9Fو\x99\x9F\xD9�\xAC\xC1\xC5\xCD\xE0\xF0=3~\xC1�\xD5oS\x92\x84M"\x857\xC0\xCF\xD2�\xB0f\x88�\!
xDF\xF5\x82\xE2\xD9tL\xD4MIy�$\x859z\��\xE1\xB6�^\x82y\x87�\x85\xEF\xF0)\xCCV�\x9A\xA1\xC0��\x8E\x94\xAE�\xD1\xDFS\x8D20 Y\x9C\xC1dox\x9Fu"��\xFF\xDE�M11\x8B\x9F7t\x8D\x8C%\x89\x89bȥ'�)H�\xD4=\x9E\xE1n\xEC\xDE@\xAF\xCE\xFD\xC1sP �/N\\x8E\xE88\\xBE<\x97\x9A\x9AH\xC9\xD8SJወpn�FG�\xDF\xF0\xA5c�\x89q0�w7�\xC2)\xD3\xCBzDp}\xEC�\xB9u.\xB0w.\xA5�\xBB7ﺴo\xBAev\xF1\xFA\xCD\xD5\xEBk*�\x9C\xA3\xDD\xF2%\x9A\xCBZ2�\xEE
-\xAD\xFB\xDA\xFDP \xA07?]�p\xECzi\xB2\xBF\xB7��B`\xB8{\xF4K\xF1\x9E\xFE\�\xEC/�\xAD�\xD0\xD3M\xA3�\x85\x99�&\xD7Í\xF1\x98�=\xA6/\xAA\x9C\xB1{2`\xE0[\xC0z\xD0w2\x98V>\xDD.K#��\xF5%\xEAi\xC1\xA2\x84\xF6\xDA\xF1\xB0){\x873Ø»\xE8\xFD\xA6�\xB8K\xF3\xA4cn��\\xDAe\x8CsØ\xB7I\xCD\xCD�\xE3\xD4:�\x85$\x9F&Ql\xF5\xA4'7l\xAC\xF9\xC6\xF3 \xB8\xBEx\xAES�\xBC\xFA|\xCB\xDC\xF7\xE9\x8C�/O\x95\xE7 \x87\x8Auqb\xC5\xF3\xFEt\x80tÚz\xA4\xFEb\x91<{Q�\xA8
-rړj��k\xF5\xB3\xC4�\xA4\xA7\xD4ȉO0:IF\xE4\xB0�\x95IL~T&b \xF7d�&�1\x95;\xCEr*\x92\xF8.�\xC0�W\xA7c\xFF)\x91\xCCp#\xE0O\xFF%\xBF\x88\x83\xE5\xA6[��9}
-\xFB8\x90\xF3\x92\xE1\xA7o\xA0\xDCfz%\xC7.Thr\xA1B\xFDG�\x9A\xCAH\x8B\xEC\x8B�\xA8H\x92\xB1\xFF�\xDA\xFBO\xA1�\xFESh\xCF0�\xBAk\xDF\xE9\xAF1h\xA2\xA0�)3\xE2\xAC\xF1w_5AW\x8F�\xE3\xA2Qs\xD70:\xF5\x83^e"\xFC�\xEE\x8C\xE6ġ \xF2\xFFط\xFFQ\xB3ƨ\x9E\xCAy�\x94\x89\x89\xE0c\xEB\x89B\x9E k\x9F\x9A \xFF,\xF8)\xED\xFF�_u\xCC.endstream
-endobj
-2621 0 obj <<
-/Type /Page
-/Contents 2622 0 R
-/Resources 2620 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2592 0 R
->> endobj
-2623 0 obj <<
-/D [2621 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2624 0 obj <<
-/D [2621 0 R /XYZ 56.6929 337.8412 null]
->> endobj
-2620 0 obj <<
-/Font << /F37 1026 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2627 0 obj <<
-/Length 3120
-/Filter /FlateDecode
->>
-stream
-x\xDA\xC5ZYo\xDC8�~\xF7\xAF\xE8\xB7m�i�OI|\xF4 \x99 \x8B\xDD �{0�d\xF2 w˶\x90n\xC9Ӓ\xEDx\xFDV񒨫\xED\xC9b��,\x8A\xAA&\x8Bu~E\x92\xAD(\xFC\xB1U\xA6��Z\xAER-\x89\xA2L\xAD\xB6\x873\xBA\xBA\x85o\xEFϘ\xA3\xD9x\xA2M\x9F\xEA竳\x9F~�\xE9J�\x9D\xF0duu\xD3�+#4\xCB\xD8\xEAj\xF7e}\xF1\xE9ӻ\x8Fo?\xFC\xFB|\xC3�]\xFFL\xCE7\x8A\xD2\xF5?/>\xFEz\xF1�\xDB\xF7\xE9\\xF3\xF5\xC5\xFBw\x97\xF0ʥH\x80\x88 \xA4K\xE8\xFA\xE3察\xDE^\x9C\xA7r}\xF5\xEE\xFC\xEB\xD5\xDF\xCF\xDE]�\xB6\xFA\xAC3*\x90\xA7?ξ|\xA5\xAB�\xAC\xE0\xEFg\x94�\x9D\xA9\xD5�\xBCP´\xE6\xABÙT\x82()\x84\xEFٟ]\x9E\xFD+�\xD8\xFBj~:%
-%2\xA22\x9EN\xC8B\x89\x9E,�\x85\xB6LV\xA9\xD2$�\�Y\xDC\xD7\xC7�W\xF1\xD3/\x9C\xF7hyB4LjH\xB6yu\xBE�T\xAC\xF3ݮl˺\xCA\xF7\xFBg\xDBs]\xD8\xE7CS\xECl\xAB\xAD\xED\xF3\x90sߎ\xE7,[�<�M\xDB`\x8F\o\xEB\x83\xFBvc>\xD6�7\xBE}4\xF7Ŷ\xFC\x9DR\xBE\xB5\xEF\xC8"\xC8^&z\xFD\xE1\xC6vUu\xF7\xC9\xF5<�\xAE\x8B\xA3m\x97
-\xAEh\xB5\xB1\x8B\xD80F\xB4Rܬ%\x8C]\xEC\xDEXU\xB7w\x85m4\xCFM[�l\xFB\xA9\xDC\xEFm+o\x9A\xF2\xB6\xB2\xED\xBA*\xC8H\xE3\x94P�v\x95\xB2\x94\xA4�d8i\xAC\x8Ehӧ2
-\xE2l\xCAX=�r\xFC�\x98\xD5N\x8F\xAD*�\xD1
-X`J\x91\x84I\xB9\xCCC\xA0\x9A`\xA2\xAFy\x96P\xA2\xB4\xCAb..\x83\xDC@\x87<Q \xB6\xBCÅ–\\xE7FT\xD0\xF5p\xBF\xCB[\xFF=\xB7jwĵ%\xBDv\xEF\x87|�}QN�@b\x96k\xEC1\xB2].��^�g\x92}Q�\xF8\x97)\xC98M�!ØP\xD2\xD8
-N�v31\xB6&\xF0�\xDD�z\xDA!\x94�DM�+=�Uk
-M\x80\xE6\x94\xCCtlk%\x8A"\xD3\xEB{k\xE4\x8F\xE5�\x8D\xCE�\xDDW\xBBJ�\xE3\x89\xE7\xB8j\xAC�\xA7\x96&\xC1\x9E\x99t\x84\xCEFa\x82\xBC�f\xEE[\xFB\xB2+\xDA\xE2x(\x8D\xD1\xC0\xAB�,4\xB6\xF5Ѫd\xEB�\x9Da!Mm\x9FnbÓ¾ÎKc\xB3\xAE�C\xD9q�7N}\xD3}6\xD2`\x949s\xB7Ò°A\xB7\xAC\xEE�\xDAY\xF7I�A\xB24]\xF6\x9E�Ѽ\xF3x"�\xB9\xF6\xE0\xBE\xD6yLs\xCE{T*\xC5"�\x81h\xCC\xC3\xC8w\x94J"&\x8C\xEB\xDC<�\xA2Í®\xB8\xC9�\xF6m\x8F94UF\xAD\xA9Bߤ\xA92!\x88\xD6\xDE�\xEC\xF2\xC6v"8�)$�Ú™!Æ·\xF9\xD07f\xC66\xCBf\x92\x87\x84\xA4\xB0J7\xFC\x87\x8F��x7\xF0N8\xA7u\\x8E 5.\xAB\xBDG\xB5\xA0wO\x853\xB6\xAD�\xDFM\xB1\xAD\xAB]3R:�K\x99\xCAe��\xD5��\xD1j!�K\x9Ee1�\x9DÞ©\x8Fo\xD0\xE8D\x8D\xBD\xE5\xC1u��\x84\xE7\xBE|4=r}S�m\x97\xF3\xDA\xDA<wML\xED~�\xA9\xB9Ø�q\xAD\xD6W~\xAE\xC7|\xFF0�L3�$\\xFB`V\xCDD<�:\xE4,\x8E60\xEAv_\xE4Ç™U\xD9h(4�\x89\xCC\xE2h�*\x99\xB5�\xA59(\xF1D\xEE\xEC�\xCD[\x81'\xC2�\xBF�\xCE\xE9\x8C\xDB{s8�\xED8�\xA4D�l\b\xC3ӌو� '\x8Ae1�q\xEĘÏв\xB9��]\xEE\xC4Þ;\x91\xB8\xB6\xCFk\xF7~u\xF9\xE1\xFD�1\x89
-\xCF\xF0Ӧ\xACn\xFD\xC0\x93\xEA\x86\xE0ų4s\x9A�\xB18\x81\xC0/॓\xC9p1�\xC79\xA7\xDE�\xEE\xF3򈨗X-K@\x934\xA3"\x8E\xF2W\x9E\x83H;L�\x96\x84\xE4\x89z\x99\x98
-\x86\xD3Y\xC0\x9C\xF5\xE1\x90W;\x87\xBB�\x8B\xE3�\xB2\xA7\x8BJy\xE5\xF4��\xDC�m�\xA9
-"\4Þ¾\xF4\x90\xEA\xB1\xCC-+\x92E\xFE\xC1 \x9D3\xCF\xCBf\x92] \xA1Ay\x99\x82s\x8E\x87�\xB9d\x89\xF2\xE9z\xF3\xED\xCF\xC7I\xA5\xA088\xE9��Ñ‚8"\x9C\xEE\xB6�D^ÞŽ\xBC\x81%\x84r\x9E-\xCE�\x88\xC6\xD3F\xEB\xE3 �\xA8dѼ\xBF6N\xFA\xEF//7h\xCENW\xB5Sf\xC0\xDBA{\xD6;v.C^Ý•]~2O\xA8.J�v\x88\xC7\xE2\xA1l�F\xFF\x98вV\xA0\x9F\xC4'\xD3\xCD\xEDi-\xCFX�\xDAÓ¼\xEE8\xAC<KO\xE4\xB8>Õ‚\xF6<\x95\xE1f\xBF\x9BÓ \xA0\xF0SX\xD9\xE2Üjb\xF28\xBBA"\x80h�Mnu(\xA5\x93\x85T\xEB\xDFΕ�\x90\xB7\xAB\x9F�\xFB\x85SJ\xED'pߦ4ƒn��\xA1\xB3\xA7|�\xA!
6\xB6\xBDN\xF9\xFD\x81{ʧ\x99W>�ا\x8A\x95\xDF�
-\x95\xBF \x95 D\x878!\xCD\xDA�@\xBDLx8\xBE\xA9g\xCDB\xFF\x88Y\xC84à \xBCl�=\xA2y\xA3\xF0D\xC8ʱ\xC8\xF7\xAE\x84\xFDb\xDBCÓ i�\x9D\xF6\xE7?\xB5C\xC1\x89\xCE \xDCL\xEEOl€\xCB\xCC2\x99�p$�q\x8Bi\xE8\xEB\x88\xC3T\x92$\xE3jQB\x81h<k\xA4\xA7T�\x80\xE2Y4\xEBow�\xEEg�\xE93\xA7�}k\xB4�\xA6\xF2(\xE3\x9Cd\xB8\xBBB{\xB2�p/ {kE\xF5\xFFL\xBEa\xC0\xD1J#\xDE�:\xA9\xE8\xE9\xD5\xCBw
-إ\x84\xCBPF�s\xB0ۣ]7 \x93\xCA\xCA\xC3\xD82v�\xBC\x8A/�\x97��C\xA2\xB2\x9A\xCAz�\xFC\x87�\xFF\xF9v\xBCV�1\xC0\xCAI*\xB3�.�|~3\xC5$ i\xDCA\xEB\xCA\xF8\xB862\xCF�?\xFDt0\x82�\xDD�O\xFE\xE8\xFBf~k\xD1-~\xDA\xCD\xFB.T@\xE2\xA4\xEFvD�\xBE\xEB\x88�\xBE:�\xC7\xE2�\xB7\xC0\xEF\xBB\xFA\x90\x97.\xB0\xD8\xF6f\xAAz\x85��z�\x99.\xF1�\x88\xC6L\xC5"�\x99s�\x93}\xAE>cxu�\xFF\xF9\x86i\x8F^\xB1\x85j\xC0\xA7\xFB\?\x98ƶ\xE8\xF7\xFA\xBA\xC5\xF6a\xF0ǧ\x81pf\xB0\xE7{G^|/\xCD�!\xB6\x9F\xCA\xF6\xCEM�L8\x86\xB4IJ��5\xE8@@\x83u%
-\xEAU\xA1N\x81,I!D\xC9S\xC5h\x9FjA\xAF\x9Ej\xA8\xD8\xE7\xD7(Vh\x9A-\xB3�\xA8&\xF8�\xAAV\xA4\xD0�16Ô\xB0\xBA�\x8B[i\x92f\xD9�\xA5\x9D\x92$\xD4�\x9DR\xC5\xFAw\xAA\xE8]\xEE^\xC2Ó˜\x92\\x83\xD75\xAD\xED2\xDBRؘ2+10\xAB7.\xBF�\xBC\xCC4n\x81\xF7CK}3(�\xD0Ú€
-6k�P\xB6�\xF2?�\xB4{D\xF3�\xE0\x89Æž}<6E;Ö¿M\xDAf\xF3\xE5k\xC7\xED\xC8,P\xBC
-\x80\xF4�\xA7\x81h\xCCj\x9C�8I\x84T�\xAF\xB1Mp\xC1|\xB5
--�v\xE19VL\xD7\xDB\xF9;\xF6y\xFDc\xDBhÌ\xE7~\xD0�\xD3S;\xBE�w\}m䅱\x98&\xDEL\x8C\xB3\x91 \xFE ~�\xB2\xCE\xE2֙\xAF \xB0b\x9C\xC0�\x9A�\x95\x8AW\xC4�9Jc�\xA3JH\x8E2\xFDS[{\xF5\xA1l۰\xAD\xF7\xE1\xA3}\xA2ÕU[�\xAB\xA2E\xAB\x8F��\x8C\xFFpXHr�\xD0N"\x99>\xE1�=\xAA�g\xF0T\xE3p\xF8\xC3\xDE\xC0(\xA8t\x91\xD9 at 5\xC1\xED\xD0�(T\xEC1\xBB\xB6\xE0\x90\x94\x86\x83\xAC\xCE=$\xF5\xEE\x81\xDF\xF3>Y\xDF;\xBA\xDE\xCE;\xF0\xA7\xE8�\xF8\xCDx�6Nx\x84�\xA9k\xF5"\x8F\x90/\xF0\x88\xC1�\xFD_\xE6� P\xA5\xF4\xBBJ\x87\x87Ʃ\xDFĊ%�\xC1,\xA4Ջ�$\xF9��\x84C#=\xE9 }\xAAy� T?\xEA \x96.osBF\x8Cs
-\xB9_\xA8�\x9C�\xAA \xD6#ASF$K�\xBC_M\xEF at Bmô\x8Fm\xC8\xDEtY"�\xF7D\xBD\x93a\x99 N\xDF\xDEa�\xAAz��v\xA1\xF3`\x87=]+\x82s6\xA5\xD9G퓴ƅ\xB1\xE7\xA6>��b�\x80\x89%��#\xCD]~\xB45!�a\xE2ÜV�\xEAjbUY\x8A\xE5\x8C\xFAQw�q\xD3\xECԑ�\xD7$\xCB\xC2�*ر@\xF04\xE9\x8Bx\xEAM\xD3\xF4e\xBE�~\x9B\x85\x8D\x8C\xB0\x87e_\x97f\x93�\x85`\x8E\xF5\xA1\xD7�\xD0\xF4\xE4\xB6\xC3\xEA��F\xD8\xD0\xFF\xF93\x9Ed%J\xDA\xC8i\x85-%\xF8\xFC\xE0xԚ\xB5v�\x88\xF0\x84_چ\x8B \xD0*\xBE\xE7\xDB\xD6^6\xA0\xEBCޢ�`\xBF\xC5�И�Ą�\xBB3�o�q\xF7\xE8N?\xB56�T\xF8(\x8C�\xB7\xE5c1\xA5o0 \x80\xC1*\xFDQD�\xF5\xB1�\xEC\xD5
-glF\xE1�\xFB\xB34\x8D\xC3\xF9+q\x89\xA4b\xCEy�Ñ©f'\x9C�DCGv\xC43\xB6~:b\xE8\xAD\xECK\xE9\x9E\xEE(\x99\xE1Az\xB5\xCB�d\xC4O\xC5ww8bGq\xFE\xDD�U\x9B\xB7v�1s`\xB2?\xD0�&͆\x98\xF4o\xCE��Ë �b*\xB6\xC7\xCF\xEER�\xFE\xBB\x98\x8F\xFA\x94\x838�q"\xEA\xF7\xA8�\xA2\xBE\xA7\xC2\xE9\xC3\xE1\xBB9\x8F\xDD�\xA1=
-\xFAm\xBB\xFF:�\xFF\xBFt \xE0\x8B\xCB _G\xBBk\x82c\xE1LO\xAC#PM,$\xCA�\x90m\xA9f\x83\x95\xBC5\xDC7\x83J\xFF%\x9B�MW\xF4O\xA2��Ð\x87�\x95\xD7Y\xB8=\xB4\x92x\xD7B�v\x82'\xD1�\xA4\x87P\xC6ιzB8�\xE2�2b\xC9\xC9\xD4g�\x92}\xD0�\xF5Q|o�\xBA \xC8V��\xF1\xA3 \x866\xBC\xBD\xB0"3\xA3r\x90�\x9F\xAF#\xB2C\xFD\xE86Ù¥;A�\xE8\xAF��Ù·�\xAB\x8C\xA5\xAB�/�EW<b\xE4\xE4\xE0\xD4�\x94\xD3Tf\xAAØ©j�\x87\x9A\x87\xFB\xFB}\xD9;�\x9A\x8A^\x9A�NiH\xD2\xED~J\xFC\x94H�\x8B��\xBF\xADj\xB7�\xF8\xC6\xEF#\xECb\x88\xE8Ô¡\xCCAn\xFD\xE4\x97l\x8F\xEE\xEDA\xC0=�\xAD\xEBr_\xB6\xCF\xE7�"\xF8l\a��\x85\xB3�\xBBO}\xAA\xF9\xB8�\xA8\x86q%\xDF\xEDf\x82J\xB80\xF1zH\x99h\xA9\x96\xD9�T�\xFC�!e\x92\xAA,^\xC0\xC5�MW\xA4�r\xC0\xA3*\x9E\xB0\xA1&\xAC�?�+-\xEC\xB3�\x8Aز�\xDB\xD08Qk1\x80e\x99X\xB6�\x96\xE2m\x8F\xF4\xFF\xB9\xF90�O"\xD09os4\x85xz\xCA\xE4:\xA2�\x8BsD�C\xD7O\xA3C�\x8A@�\xE0\xCCÒ”\x81h<g|f.\x89H4\x8F&}[6\xF7\xFB\xFC�\xFD2M�*\x80\xC6\xF6\xC1]z3\x87\x83\xD0q(\x9A&\xBF-С3\x81g�-\xF8\x81
-\xA3\xF0\xD5^\xC7Hm\xE5�
-4Se\x98�\x99\xA8 \x8D\xEE��\xBC\xC4g�\xD8QVۢ�զ#\x8C;\x83d\xB4\xCF}A�\x90g\xBE\xFA\x84\xF4v\xFA\xE2T\xA0Y\xB86ei, \xB7��+�\�/\xB4,\xCC�hF�\xC6jc\x80{!�\xF6f\xBC,\xAA]3<<\x8DT��Ne\xAF>\xFC/0wY\xD5*\xB39\x83\x8F\xEB}^}\xEBn\x81\x90\xB9�\xDCB�\xBCu=\xB1\�.m\xFC\xF0\xE5\xEE\xEE�\xBB\x84\xDA7\xCB\xF8\X�\x83�\x80\xC0�S(9\x96\xA4C\xD6\xC35\xF01\xEF\xFF�\x81 c\x8Eendstream
-endobj
-2626 0 obj <<
-/Type /Page
-/Contents 2627 0 R
-/Resources 2625 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2592 0 R
->> endobj
-2628 0 obj <<
-/D [2626 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2625 0 obj <<
-/Font << /F37 1026 0 R /F53 1313 0 R /F22 961 0 R /F21 938 0 R /F41 1218 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2631 0 obj <<
-/Length 1965
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDYQo\xE38�~ϯ�p/ \xB6Q%K\xB2\xE5\x97�\xB2\xD3\xCC\w\xDB^o\x9B�\xF6\xB0\xBB�\xAE\xED$\xC6$v&v\xDA\xE9\xFE\xFA\xA3Dڵ�'-\xEE\xFAx(
-Q�ER\xE4'\x8ArÄß�j\x9F\xF9\xA1��\x83P1Í…�Æ›��.a\xEE\xCB@�Ϥf\x9A\xB4\xB9~\x9C�.?\xCB`�\xB2\xD0\xF7\xFC\xE1|Ñ’e�7F�\xE7\xC9\xEF\xA3�\x99\x90l�"\xF8\xE8\xEE\xE1\xD7\xFB\xAB\xE98P\xA3\xF9l<\xF1<%\xFD\xD1\xF4\xFE~vwu\xFD�\xF45�f\xE0\xE4|t;\xBD\xFBuz\x83c\xF7\xE3\xD0�M\xBF\xCC�\xC6\xCE�\xCC\xE6\x8DYm\xD3�\x97Ö¦o\x83\xDF\xFF\xE4\xC3�v\xF0Ó€3��=|\x86�g"�\xBD\xE1f\xA0\xB4dZIY\x8F\xAC��\x835�[\xB3ni\x9F+\x946L{\xCA�\xA7(�\xF8"\xECw\x98`\x81�\xC0�È\xC1\xBF\xDF8\xCC�}�\xAB\xB9\xACâ\xBC|Nw\x87\x9B5!\x93
-6\xD9�x\xA4\xB6f\xEAQ\xEB\xB5Ô‚\xBF\xA4�\xD6u\xD4^e\xE5v�\xBD\x94\xE8\xF4j\x95"A\xD6@\xCCØ‘\xFFi\x93��\x98 \x85y\xC3�-\xAE3\x9E\xA8\xB9\xACII\xFA\xB8_�9B3�\xA8\xF0\xBCÖš\xA9Gk\xC7�\x9C)\xED{]\xAD\xF3q\xC8G\xFB]\x8E\xFB/\xA8u\xB6,\xB3|\xE9\xDC0\x9CH \xD1�\xA8LD�K=\xF4\xE1M\x96\xA7\xE4\xC0\xC7�\x98s\xE0\xC7\xEEsV\xADÈ¡Ø”\xE9&\x8B\x8Bu->Ú\x85�\x91\xCF\xE3b\xB3I\xF3\xAA\xAC#\x90\xF4\xF0d˼\xC0~\xE2,r\xFE�\x82\x85Z{vk�\xA0*\x98\xEF\xFB\xDAY6\xFBmz{\x83g\xE8\xC0 \xC0\xE9\xC1\xF6=\x8E\x9Cs�y#G\xE9\xF7h\xB3]\xBB\xFD��\xF6\xB3.\x9Eq\xA2\!\xE5\x8D,Q\xEB~�(\x94\xC7t\xA0�\x90l�\xE6\xE5~\x9BDUÚ£Z)f\xFC\xC0�c\\xEC\xD7 \xAAxLQ\xC1\xBELi\xA4*p$\xCB\xCBtW\xE1�z�\x88$]\xA7�-A\xA7\x94\xC5\xDE�1m�GctYB{Z\xB8^\xB1!
-\xAB�C+L\xC0\x94\xF24PΟ\x98\xC7\xC8�,v\xFC\x81�\xFDU\xE4)\xA4+i\xFC\xD1]QeN��W\xAB\xA8\xAA)�\xCA\xF2\xEDÞ\xF9@\xE2P�\xC5+\xA2P.v\xE2"\xAF"\xD8"\xF6"\x92\xB3\x8B\xB25" $<\xAE\xA3\xFC+N\xC0 \xAD+\x8BC\xE5�r/q\x8B\xFB\xAD\xDB�\xAF\xB7\xE4\xB9-�\x8BW\xBC\x81/\xCB�\x98\x95\x80C�.\xEB�AS\xC9K��\x86\xB1C!v4\xAE\xFF\xB6OKZ\xEAb\xD7N*\x9B\xA8\xAC \xA98�\x844\xBAvO\xF5\xE8\xA2 \xA2\xE5v¹�]\xF0J\xC1\x8C
-\xF0\xEC\xFEm<\xF1\xE1\xFAhC\xEEp\xD3G\x96\xDA`K\xD7\xF0\xB1t\xB1NVEY\xB1N\xB8\xED\xC4\xF4\x9D¢$!#\xD2\xE7~I\xC6W\x9C\xD7B]#�\x8F \x9F &\xBAJD[ \x84"\xE9?\xBEm�L\xF3�\xC0$\x97V\xB4m\x8E\x80/\xB9\x87޵\xB3\xBD\xBB\xB5�
-�l�\xFD�yf\xA2|���\xE2\xC9[\x9A\xBC�M8\xD5(\xEAu\x86\x9Dp\x89\xB1dz\xD7\xF7�\xBB$\xA1�M\xF8k\xF9
-�a\xD90:�\xA5\xE0\x94ô\x8B\xC1\xFAe\xE2\xA6\xDA\xD8|5Ҏ\xADjhSj&\xC1I\xF4\x82\xC4|N\x95\xC8�\s
-�\xE2�\x8EkR¨\xF8Phnw\xE9.\xFDF\xECß“b�Ù¬\xE1zY\xFCÕž\x97\x8E�O#\xA6�\x96}2�q\xF9\xE9nz;#\xD8�\x9B\xF4(t\xA7\x8D�J1@\x90\x9F\xB6�\x90:edeV\xBD\xA6\xC2$\xAB2wA\xDAD\x96\xBA\xFB�\xA8\xAA^K\x99æ\xBF:s\xD8\xE9�\xDBx\x95\xC6_\xEB�\xAD\x94\xDCd7\x98\x88Ú\x9C�\xF6\ \xB0\xF2\xF8��V\x97@\xAD�{蜦\x97mod)\x9D\x99^\xEF[\xD0J5\xBAv\xD98\xEC\xD8�+\xC8\xC6�\xE8\xF9M
-5\xAD\x84k��\xAE�-\xE0\xC2(\x9DXMb
-\xACÄ“b\x9A\x8C�\xFB(\xD2z\xAC\xA0\xA5\xE9\xF7\xAC\xACHY\x84�!�N\xEE\xCA\xC0�\xAC\xA8-\xB1\xADÏ¢\xE2�B]\x8F\xA6\x80}r.�P\\x80z^\xA56\xCEF\xD0�M�\xC1#\xB1\xD66c�\x95q\x94\xA3\xED\x96.\xF2?8\x97Y\KÅ¢\xCB\xD4n�\xF1Pp-'e�\xB7\x9D\xBDP{\x8E\xCEn�\xBEu×±O\xB75\xB4\xBF|\xFE\x84�<3�Rd;P�6\xE4U\xA06\xFB\x92\xA6\xD02 \x9CW\x89\xBD\xA4\xD6a�\x88\xC2�Ü‘G\xD9\xC9'H\xA15�j\xDBB\xCB�\xA9\xD88\xE71\xA4m\xD6\xC2\xF3\xE64\xE0\xF6z\xA2\xE9Ò \xF4m\xA9g\x83a)�\x99\xCD\xE5~\x9D\xCBa\xF4\xEA\xEE\xE1a\xF6 \xE9\x8C8\x9D\x87,\xE1i\xA9\x91\xB2�Ѷ\xD1\xDAU\x8EV\x843\xAB\xECN\xAF\xA2\xA7\x94d\xFC\xF2p\xFD\xE5\xA2\xD1\xF1\xF3\xEC\xDF$ '�\xEE\xAC\xDA�\xCB�\xCE&\xB3�\xF9lM\xACܲ\xCF\xD77=\x8FJz\xAFxP\xC4J\xEE\xEB\xF3\x8F\x9A6\x97{^(\xD3\xF3\xA8i\xB8\xAC\xD6Ë´\x8A/w\x90_\xD6Op\xF8\xF3Å¡�B�\xB3T\xF2\xBC�
-ױ \x9D\xBC+t\xC0\xA4\xD0~\xD7�*\xAB[\xA5Y\x96@\xA1\x97-^\xEA\xC7\xCE"گ\xAB��\xDA)\x8F \xFB\x9A2\xC1��kq\x9D\xF1X\xCD\xE5<\xF6�\xED.w\xFB\xFC\xD2Z\x92\\x96P
-\xC0\xB5\xC0\xBE\xA6/\x87\xA6x�j�\xC1\xC5y[�\xAEcc:\xBE\xF3D\xC0x(Tך2\xAD�\xDF\xC8�w\xCD�\xC4HY�\xBB\xC5,\xF8\x9D\xDCMϾu�G\xEBI\x91\xAF\x89sS$\xE9)\xFF\x8A\xC00_\xF07>8\xB4\xB9N\xFB\xB7\xE1\xB2;\xFA�\xCF
-l\xB4\xC5\xC8\xC2 \xF0\xE9a\xB6\xA0\xEA\xA6-I\xB1\xD0�Y?\xF1,D\x8E\x85x\x92\x85\x82+bZ\xBE%\x85\xFD`\xD1\xFAC\x8F eK�)\xDEk\xCE�2��)�r\xA4\x86\xF7\xA6\xD6o�T[\xDC�1n\x98\xF0\xE0\xB28�\x8E\x86\xEB8���\x93Lp\xC8G\x9D\x80<Fe:\xF1�=\x80\xF2\xB8H\x9A\xEF�\xF5\x93\xED�\xB7\xD3O\x93\xDB+}\x80\xB4�S!&m\xF7�\xA2>\xD1y \xE5\xEA��\x97i\xEE\xEAئl\xEDŚ\xF2\xED\xE7\x8D7\xA0\xF6\xCAt�i\xC4\xF4\xA0\x9D�\xDAv\x97=ѣ\xA0�6\xE91.\xB5:�\x8F\x86\xE9( ]\xA8I\xC8f\xC27\x9D\x884H�a�i\xB6g\x91f\xDBW\xA4ٞC\x9A%:H\xB3�\x8F4q�i\x87\xF7\xF1D�Τ'\xC3\xEE\xBD\xFC0\x9B!h\xA77�\xFF\xC4u\xC0r\xF2\x83��g\xA1�\xC1a\xF2\xFB>2�^\xA1\xF4#W_\xF4�\xD4L�]\xAEj\xC4I΃���\x97\x88\xFAHqF\xE9��\xE7
-\xDB�\xB4\xCEV\x81\xFF\xB58\xFFH\(\xC5;\xC4\xC1�S\xB8�\x914\xB8\xBB\xC0�� \xA0rb\xAB\xAD6&/\xE8K\xAE\xA7m\xEA
-\xBA\xEF\x80\xF7&LJsp\xE0\xED��=\xE7\x937\x88\xFF\x9F\x9Fx\xFD�FAUg\x8Cw\xE2\xA4�\x90T\xED'i2\xCAn��\xFEq\xAE\xE7̃\xFA\xBA\xC7\xF6\xFF \xBC\xC5Y\xC0endstream
-endobj
-2630 0 obj <<
-/Type /Page
-/Contents 2631 0 R
-/Resources 2629 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2636 0 R
->> endobj
-2632 0 obj <<
-/D [2630 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2633 0 obj <<
-/D [2630 0 R /XYZ 56.6929 638.1898 null]
->> endobj
-2634 0 obj <<
-/D [2630 0 R /XYZ 56.6929 273.9392 null]
->> endobj
-2635 0 obj <<
-/D [2630 0 R /XYZ 56.6929 96.9537 null]
->> endobj
-2629 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F48 1238 0 R /F14 964 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2639 0 obj <<
-/Length 2606
-/Filter /FlateDecode
->>
-stream
-xڥYKs\xDBF�\xBE\xEBW\xF0�\xAA*�\xCF�\x83\xA3ly\xBDJ\xAD�m$\xA7\xB6\xCA\xC9�"A�e�`�Њ\xFE\xFDv\xCF�\xC0\x80 \xE5\xAA���\xCC4zzz\xBE~\x92\xCD(\xFC\xD8\xCC(BE*gI*\x89\xA2L͖\xBB+:\xDB\xC0ڧ+\xE6i�\x81h1\xA4z\xFFt\xF5\xEE_"\x99\xA5$\xD5\Ϟ\xD6�^\x86Pc\xD8\xECi\xF5u~\xF3\xF0\xF0\xF1\xFE\xF6\xEE\xD7�\xAE\xE8\xFC=\xB9^(J\xE7\x9Fo\xEE\xBF\xDC\xFC\xC7\xCD=\\xA7|~\xF3\xE9\xE3#\xBCJ\x93J b�\xE94\x9D\xFFv\xFB\xE1\xFAϧ_\xAE>>u\xE2�EfT\xA0,]}\xFD\x93\xCEV \xF9/W\x94\x88Ԩ\xD9�\xBCP\xC2Ҕ\xCFvWR \xA2\xA4�a\xA6\xBCz\xBC\xFAo\xC7p\xB0j?\x9DR\x81�\x86(Ó �p6c\x8C\xA4J\xF1H *%Zpa\x95\xF0\xFE˧G<��\xF3\x81\xC2\xE8��@\xD24\xE1\x96\xEAi\x9B\x83
-@�O\xD7l\xFEx\xF7ɽ|\xCB_q\xC0\xE6E\xE3&�\xD7\xCC\xCC\xF3ձZeU[\xFAŦ\xAD\xFD\xBC#**\xF7l\x81\xD5K\xED\xC6M\xBE\xCF�Y\xEB7\xF9\x83R^\xE6\xB0܀\xAE\xA5P\xB0}\xD8\xC1=\xD9<s\xAF˺j\xF2\xBF\x8Ey\xB5\xCC\xDD|\xBDv�Usܯ<C6?6E\xB5\xF1\xBB\xC2I\xE0\xB8x@\xA7�\x87\x85\xDB\xC7'w\xE5e\xF1|\xC8�\xAF\xEEe
-\x92\xDBA\xD16n\xB0<\xBC\xEE\xDBzs\xC8\xF6\xDBb\xE9\xA6\xEA}�\xA2� \xC9\xCFn"\xABVn\xB0\xCB<\x9F\xE56\xAB6\xB9gUy\xDE\xC7\xF6\xE8\xF4\xE2\xDEݸ̳&\x87c\xBB�\x81\xEB\x93DH\xCD\xFD\x95HN\xB4N\x8C\xBB8\x80\xE2\xF5\x82Q\x80\xEC\xA1Z-á\x84" �0 \xC9}\xB6\xCB\xCF\xDCmJ�\xA1,\x91\xFD\xD8J\xF0�\xE7\x89�U\xF8\xA1�5\xF9\xE1{\xEE\x95 \xCAn\xAD\x94u\xE9&\x8EmQ�\xEDk/l\x8F5\x94$!\x8AIm7y|\xAD\xEA}�\x9772�
-\xA8� \xADR\x94P�\x83 \x803\x90\x9C+ \xE3I�\x80��4\x83���~\xC9&�@G\xD5�]\x83�\xBF.\x9E\xDD)\x94�|�\xC6��\x83\xC3FH\xDD\xD4\xC7\xC32_d\xAB\xD5!o�G�\xEF!\x886:\x90\xFF�8/'8\xC3-�\xAD\x94'�Ů\x8B\xCDb]\x94\xF9�[
-7\xAA\x84�\xB3\xFD\xF6&[0\xCFs<eB�\xA7ɘg\xF3&O\x8F\x87S\x8EB�\xCE%�s\xDCOp\�
-/ W\xC1�\x9D\x8F\xD9ׇv\x821�$E_:b\xFC{7z\x9D\xD8"\xD6�\xFA\xA9�\xF083`?\xC0�\xBD'M�\xFD#\xBE\x9A\x93\xD4�3\xED\xA9��\xC7Å\xA5Eb$�\xE7\x8C0pJ\xFD\xCE(b\xB1\x9A8:\xE3D(\xA1\xE3\xA3/\xEB\xDD�=Ì„\xD1-\x984Db\xB8\xF0\xC6\xE7`~\xFB\xF1\xF1\xC3ow�Ow\xBF\xDEw_Mxz\xD6\xDBÄ©\xCF\xE0�\xF9\x99�\xB0\xC1�\xA0_\xA4ʺU;輡]\xBBg\xE6�Þ±\xC0\xC8�)\x91s\x82\x8EY\xCE\xEFZ\xBFp��M\xBE\xCA�\x9CO\xA5\xE62\x85�
-\xAA\x99\x96�.D\xA3\xCD;\x9A\xE0\xAC<\xD3\xCCo\xF7\x92\xF9}\xF6\xEE@ß‹\x95
-T0S\x843\x94~\xE2\xFD\xDD\xFD\xAD\xF5\xB3 0%\xE0Jx\x8C\xE0؅C\xE42\xF3\xBB\xF5\x84\xF0\xE0\x83\x8C\xE4A\xF8s��D\x98\xA0p�\xF6�\x88\xF4\xBD\xFE��\xE9K\xD1n\xDDtU\x87p\xE8\xB0a'ˢ\xF2\xF1\xB4\xDE\xDB\xF0\xE4\xA6mH\x83gf\xA5\xDD�wy\xD5b\xE4��ط\xEE\x83\xFD\xA1\xA8ZO\x9F\xB9G\xB3E\xF3t\xC1\xFA�\xBB\xD8�\x89\xEC\xD6N#\x89$\P�GU\x87
-�#\xC7=\x9Aw\xBE
-\x91\xC4\xCAÙŒ\xE2eG\x9E}ÏŠ2{.\xF3�a\x83\xFC#\xEA\xC2G\xA6\xE8,d�\xE4\x88�\xC5\xD4E\x95\xC3����\xC8w\xBBcU,!\x8B\x80\xADE\xA2\xBC\xC2qd%�\x89\xF6\x80Æ©�)q\w\xA3\xCC=\x9E><8z\xB0\x9C*_\xB6�$7u�Z\x974\x81/\xAB\x95\xCDO\x90\xB2W\x8D\xFD\xFC�;U\xAD�b\xE5\xA1ç…Œ��\xA0 \xE7\xABbS\xB4��\xE8�d*6U�\xD2��I)\xE6w\x95\xA3t\xDA�\xAA\xE5\xF1\xE0(\xAAÖ\x80\xF4M \x8C\xF27<\xB6?p�\xDCh\xF9&\x86%\xD5A\xA1C\xAF5\xB0Ò”�\x94\xA32W�l��\xFF\xD4\xF9A\x8BU�Ä—\xA0G\x97i\xCA�ei\xA4<\xF4G\xDEp5\x91F\x8B\xD8p\xB3rS�@\x85;`\xAD\x85\xB56|\xFE\xFB\xF3͇\xC5\xE7[\x85;B�\xF9�)\xDFÖ�\x9B\xDC\xD3d\xEE\xD1l\xB3.ɵ\xEF\xF9Ò½\xB7\xEE�\xFD!>\xF3,\xB0\xC8+K*\xAD\x8B\xC4 \x87)��\x8C\xD4�ܘ\x96\xA9Oqiच8\x8D\xF5y:\xE4拦}--+3V\x81\x9D\xB3I\xAD\xD0I\xD8\xD0\xF4n�_\x9CØS7\xAD\xE7�V:z�z\x9Dt\xA0�7\xFES3\xFC\xBE\xD9cf\x8E\xF2\xC3 o\xCA2Ú¨\x99\xCA\xC0��?4\xF7.\xE3\xEC��&\xD0U\xEE\xD3\xCEݱ\xF1\x94\xCF\xC1\xBD ΃oy\xF69w\xE6�S\xB1\xDF$\x90Rh6��l\x89B\x9A\xF0\x8Fc\xE0\xB8�\xB2t%Xd��6R*\xD3~g�\xFB\x9D\xA8U\xFD⋃\xB6�)`�.Om�\xA3\x93\xCB\xD2~\xC8\xCD\xE1YÒ\xAA\xB9\xFBÊœ3v\xEE^\xD9\xC2
-\xAB\xB0ͱ�\xE6\xB0\xE6\xEB2K\xE0$�\xF3U\xDEæ‡�50\xBD\xAD_ܼ[\xB7\x8C\xDAl\xD9\xFAÉ'��\x86���<\xB8vd\xBA�\x84\xBB\xF1\x8B�Õ¸\xDCY\xA93e\x8C�E]tp\xB5\xA9-ݼ�\xB7\xF5\xB1\xF4\x8BG\x84楪\xC5%N\xBFÚœ\xE9\xF1\xA4\xCA\xF7%�O�fr\xE6r]2\xA4
-E\xF9i]\xD2Q\xE1\xBE]1\xA2\x86~\x92�\x93*q\xB6��J\xC8`w\xCDizYÄŽjB\xC68\x8FRDS\x98\x8A\x84\xFC\xD2\xE4�\x897\xA7\x90\x80ju\xA1d\x8AX\x83\xDD�\xA3B�\x92Ù¨\xC7Bt\xE5\xF6{\x84\xE72w�\xC8ȹ�O\xE9|Y\xC2\xC3'l\xE0<=\xAFzD0\xB2$T�D)cd�\xA4\xCFDz-\xF6eW\xB47mV-\xF3f\x98o\xF8\xB5=\xE2\xBF\xEDr\x9B`\xBAYY:[@\xE3m[×€@\xEF\xB6\xF6~\xAA\xB6!{h\xE4w�\xDF\xE5(É)\xED\x99�taIz]\xF8\x86\xC1$F\xA1|S��\x971:\xA0\xBA\x80\xD1 at e1\xBA\x9C\xC2(\x85$\x90\x9D)k#\x80jF(\x97\xE2\xB2|�Õ„\x80�@\xB5&\x94�\x8C" \xA7�\x8A\xFEQ�\xE6\xCFT\xDE�_\x9D`\xBBE�\xD0\xC9|�\xC9�N|$\xEB{Wv\x8C\xA8�\xCF\xEA^\xF0\xDEY*\xFA\xCFW\xF9:�\x90\xFD<U\xF3R\xB8\x99\x84�)\xDF\xE5\xED\xF2�:s\x82\xF2N\x99Q\xD4y8��*\xE1\x93s\x9D\xD4���\xAA�`�T��\xDF\xDEtX\xC3fD\x84�)\xA1TW\xF2\xB2p�Õ„t��$6\xB6t�\x8Bw� i"\xF9d\xB3$b\x8A-#\x99\xA4��p�\xD2g.|\xA4\x81\x99.<r\xD1_=.X\x93\xE7!\xFC\xC1Ä…\xABg\xCA�\x83>v|\xF5>\x91�É–$$\xA1Fw7�\xA91\xF3\xDDZ\xD8Ç‹\x86\xE2Ll\xA5\xA0\xC2\xC4\xFE\xC3`'\xE7�!\xFB! \xB8\xC4Qu{^
-\xD0zjX\x90\xF9\xA5\xC0|\x8F\xB3\xC4\xE5g\xF0\x84x\xBBr#\xEB�\xE19,lpF�kB\x96\x84lp\xF0\x85S�\xEBsN��\xEB~q"�%\x82\xA8\x84\xFD\xA8\xAD\xA7L�׵\xAAs/HU\xB7A)\x8CH\x9D\x8C*\x87\xFC\xEF\xA2i\xCF��S��\xE5��7\xA4:op�\x955\xB8\xE6M\xEF\xDBw\xEA"s�\x8C0\xA8:.\x8B\xD6Q\x9D\xCA�\x9B\x90Є\xB1$\x89\x85�\xF6�\xE3:�\xA0-;\x8Bs=\x8D4�riH
-a\xE4z�i�\xEF\xED\xC2z\xF4M���\xFB\xFA�\x87\xBB\xAC]ns\xFFQvJ
-Ѽ\xCDw\xBE\xE0M\xFD_��\xB6\x80\x95\x85\xBBv
-\xEAg*\x8Do=v\xFB\xC2\xF4n_�\x97\x94\x9C\xE6\xE8\x86�\x9D\xBCQ.\x83��\xD1\xDBrB�6\x90,Sl\xF1\xE0F]\x9B\xC1\xB8\xBF]\xEC�ԽeaKOxs"\x85,\xCA�\xBAB8\x8B]!\xEC;\xB0\xD0Ā\xB9mmk=\xC3}�n'\xB1\x8E©\xF0\x87ɂQN\x98�5�\xBC'[D\xFF�\x94��|\xFCoG\x97\xE3D\xBD\x9C\xE15�R\xA33-?�u\x99�o\xA8�\x8A�-\x92\xDE\xE4\xC7U��T14\xB8\xAAA)\x89\xAE\xEA\xAC=\xA7\x8A\xA4\xDC5vϛ\xF3\x80\xE8\xBC5�"k\xCC\xFB7\xA3g\xE8\x8DG\xA6̱\x8D\xA8.
-�hN\x85\x8A\xA2&\x87\xEA\x91\xEBX\xAAǼ\x9A\xECօ\xFCֶ\xB4l\xFE\xDB\xF5\xEDc\xDF\xC0S"\x92\xAEk\xD3S\xC5\x{1E5264}\xC1C\xF7As �\xDBt\xB5\xA3\xF4'/\x82�ݙ\xA5\xA2^�n\xEB\xFF\x96�m\x9E\xBDX\xB0r\xC1\xDFH\x92{\x9A\xF3\xD7\xEAi\xEC\xAD\xFE>\xDE,�gI\xC1Y^\xD8,\x90\x9Cl�]�\x85\xB4ؤ\xC3\xCD>V}\xB7�\xEC\xF0\xB9�\xF6W֛
-\x94�\xE4\xDC?Õ0\xE3\xFF��\xB2Ю0\xFE\xC7\xFFb\xF7\xFF\xD2K\xAC\xF7�\x9F>\x97\x80\x9CM@\x98
-B\xE1\xC1\x98NÇ¢w\xFFw\x9F\xCA\xFE\x83\x86\xF2\x85endstream
-endobj
-2638 0 obj <<
-/Type /Page
-/Contents 2639 0 R
-/Resources 2637 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2636 0 R
->> endobj
-2640 0 obj <<
-/D [2638 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2641 0 obj <<
-/D [2638 0 R /XYZ 85.0394 752.0715 null]
->> endobj
-898 0 obj <<
-/D [2638 0 R /XYZ 85.0394 700.8318 null]
->> endobj
-2642 0 obj <<
-/D [2638 0 R /XYZ 85.0394 667.6704 null]
->> endobj
-2643 0 obj <<
-/D [2638 0 R /XYZ 85.0394 631.9578 null]
->> endobj
-2644 0 obj <<
-/D [2638 0 R /XYZ 85.0394 565.5242 null]
->> endobj
-2645 0 obj <<
-/D [2638 0 R /XYZ 85.0394 493.0222 null]
->> endobj
-2646 0 obj <<
-/D [2638 0 R /XYZ 85.0394 308.5213 null]
->> endobj
-2637 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2649 0 obj <<
-/Length 2135
-/Filter /FlateDecode
->>
-stream
-xÚY_o\xDB6�ϧ0\xB0�e\x8B�\x92"%\xB1oi\x9An�Ú´k\`\xC0\xBA�Å–ca\xB2\x94Yr2\xFB\xDD\xF1HY\xB2\x99fÅŠ�5u<�\xEF\xEF\x8Fw\x8A\x98p\xF8'&:a\x89\x91f\x92�\xC54�z2_\x9F\xF0\xC9=\xEC\xFD|"�\xCF\xD43M\x87\\xAFg'\xE7o\xE3tb\x98Id2\x99-�\xB22ƳLLf\x8B?\xA2\xD7Lhv\xFA\xE7\xEC\xD7\xF3\xB7:�0K`�\\xC2�\xC8\xF5\xE9\xE6\xCD%\xBB\xFCp\xF3\x968Gbe\x9A\xB2T\xC4Ʊ^|\xFCxu\xF3\xE6\xFA\xF7Ó©\xD4�ÄŸN5\xE7\xD1\xFB\x8B\x9B\xCF�\xEF\x88\xF6\xF1\xD4\xC8\xE8\xE2\xE7\xAB[�vr5\xEB
-��+x\x8CV\xFC}\xF2ǟ|\xB2 \x9B=\xE1,6\x99\x9E<\xC1�g\xC2�9Y\x9F(�3\xAD\xE2\xD8S\xAA\x93ۓ\xDFz\x81\x83]\xFBj\xC8yJgLK\x95\x80�\x81Y\xA4*\xECb�6
-`J�g&S\xA2w\xB1�!�{.\xF4\xC8t\xE7\xFC\xAB�\x9CB\xB0X\xC1a䴿\x8Aݡ3\xB2\x84锧\x93\xE1\x81/yC�g\x96\x85}1\xF5�\x8FM�)\x96�\xA6\xB5I\xC6&\x94\x8BC\xF5��\xE0-5\xD6\xEF\xC8m=W\xC0or\xE8
-\x9E0e�1>\xF5s[@\xC6$:\xEAVn\xE1\xFCt\x90\xABZ\x81/\xB9~Þ—"5,N\xBE\xA3/\xBD\xC0\x80/\x87\x8A\x89L\xB2�\xBC�r\xE6\xA1�\xA0rM\xE2\x8Bh\xB99�YÔ¬�ÌŸ7\xF5�\xCE\xE5\xFDv\x93weS��)U�\xAAa!\xE1xa\xD2\xE7��\xC7)Ë Ò¾\x9Bc\xBC\xC0���\xE1b\xA9�\xD97;f\xBDm;2\xFBΧD\xDD<9O\xDC\xED\xF07\x89\xEA|],\x88\xF4Tv\xAB\xBD�A\xFAd*Ó˜\xA5\x99\xC1(
-f\xB4\x96Vp�\xEF <\xE9(\xAF\xEE\x9B
-\xBC\xB6v\x8F\xF5\x82�m1\xB7Q):\xF7\xDCm\xCA\xFA\x9E\xD6%j\xA0U\xD4X\x8EE\xB1!\xF2\xB2q��\G!\xAD\x88\xB0.\xDA6\xBFw'>\xE6U\xB9\xF0�\x85\xE7\xAEq'l\xE7\xF3\xA2X \x84\xC6RG\xD7K\xA2\xD6M Ա\xD1L$R>�j��\xD2H\x88\xB54\x8C\xCB\xCC\xFC\xEFX\xF7�\xA7C\x91\xC7\xC1Vp\xDF\xC8L\x88\xFD\xC9\xCF�{\xAA� h�7\x98�\x8EK\x8C�\ \xB7H\xFBP\xCCK\xCC\xF7bq\xE6\xDE�c�0�\x96\xE4\x83M\xBD\x98�\x8E\x901SI\xECk⩬*\x92\x8Db7\x98\\xF8P5\xCD_\xB8��\xC2S�mh\x9D\xD3&:\xD7.\xE6U\xBEE\x88\xC25f \xFE\xDAZE\xE6\xB6\xD8<��\xA7w\x97wź\xA8\x9D\xF4f9\xE2\xE5#޻\xC2f�\x8A \xE1d'x8cq\x9A\xC4㜵\xD9eTTbf�\x9B�\xF6ًC\xDA\xE0h\xCB\xDA�\xF9\x81R\xB9\xED7(U
-\xD6I\xEEH\xAB\xA6\xED\xCEP\x93�5\xAD\x89HX�\x8BE\xB1Ì·U7\xB5\xDE\xC0�\xBD7p\xB3Yza\x9E\xF0\x80\xE9\xDD�t\x9AZ\xC3\xF8\xD8"T\x94!S�\xDD4�\xBEË׈gN�\x90\x8E\x81�v �{\x86./í°Ó®r\xB2wA\xBB\xFBRv�O\xABr\xBE\xA2=\xC7It\x8C\x80S\xA2q\xA2\x8A\xDAQ\xF2-z\xA5+\xE7`\xCCbl�e\xEDA\xD1C\xBE4\xEB5\xC0IKOT\xE5Ü¢�\xAD(n-Ö»\xE0\xD1u稫f[-\xDC;\xAB\x82\xD4[6\xBD\x9A(\xA2q\xBC\xAB\xFCё\xD8\xE4\xEE`\xE2Í��%�=�\xCA9\xEE�\x80\xA6m\x99�H(#\x8E\x97\x9B\xC8X\xA22\x8A\xCC[\xFB\x96J]�T\x82\xD6<T\x85\x95 \xE4\xD6\xC2"\x90m\xE8\x8100�\xA8\xED\xF6\xE1\xA1\xD9tÖ›\xB0y\xB7�\x94\xAF\x84N\x94s-^\xA8_\xCET�;\x9E3xq\xA0\xDC\xEB\xEB\x9B7D2D\xB8X\xAC˺�\xCC\xCE;oɧb\xE9\xBCY\xCF\xDDk\xEF\xF3z�N#7\xC4�N\xCAD\xA0\xE6\xACK!;\xEA\x80�1g\\xA4\xF2�# X\x938\xE9A\xA8\x83�\xBB�R\xFE\xDDo\xB1��2\x85Ì„E\xE9wVE\xF5 at +w\xA1\xB0^\xA3^i at U\x8D8\xCE3\xB8\x9ES\x98�\xE0\<\xF5\xDD\xF5\xFB\xEB\x99m\xC5\xF1\xBF\xD9\xF5\x87\x9BÛ€9\x90\xD3R3\x830\xFF\xA2=�T�M\xD1�$\xE6\xAE\xF0\xD9L\x89\xE0l\xAD\xAA>\xAFC%bsi\xB8\xED\xC2
-\xAB,\x94 at q \xFB\xF6 �VU��~|�m\xBB\xB2*\xBBݩ�"\xF2\xE9�Xk\xF0\xBAr\xF9O\xC5<\xF3\x95�\xC7KC8
-\xBF\xF3\xEDƥPW\xED\x88dQ�~\x9FrG\xE8�\x810\xB7y,�V\x88\x873\xD8�\xE1\x934\xE3V�\x9E \x9Ca\x91\x93Ajd\xB56,\xE5:\xF9Z\x97\xA7\xD0/0\x9Ddp\xF7q\xF3�\xBA<�8�J\xB4�\xFFH3l�\x8DH\xB3\xFD\xC1_\xEB\xF2d\xA0�\xC0\xE4mK]�:\xD2\xFB\xEB�\xFE\x818\xE8\x83'x\xCDЉ\xA3 \xDE�\x8F{P,(r\xBE\xA0]�\xB5>�{̽\xF3\xA9Y�.J\x9B\xD3TE\xC1J\xE3\xBE\xC4R:\xEF\xEA\x8A޽xw\xFB!`u\xA0\xB8�ض\xFC\xC25\xD7\xF0\x9F8s`��S\xDC Tǽl\xB0g\x9B\xDD 1(
-$
-\x98i\x9A7\xC3l\x82\x91\x85s\xEE\xEBc_p\xC6Yr\x80\xA3@:\xC4Q \xEDq\xF40ΠТ\xFBH\x87\xE1Ji\x8ELf\x8CW�\x9Fg\xBF|\xF8\xF4\xB2�\xAF\xEB\xAE\xD8\xD4�onw-\xF4?.\xAA\x97Ђ \xF8\x94\xDB\xF5\xFE\\x9C���<%Y�\xC9\xDA�q\xE5\x96
-Ù”`\x99J\xD3�\xC0[G\x87$N=\xEF�\xEE�\x98\xBDI\xF0
-^\xF8\xC7u\x8Cf@%\xC7\��\xCB\xF1g�\x99e~&\xFA"e\xBA\xCF�\x9F\xBF\x87�\xA2\xB9o\x90\x827\x84\x938\xF2\xF8\xED\xAEn�Z\x80\xBAC<�0 at A3*\xB5\x80\xAA�}�\xA3?\xC0\xAC\x91�\xD3諟S\x86"\x8E�\xC4N鹞\xF1\xF8\xB3�\xF8\xE6\xEA\xF6\xF2\xD3\xF5G\xBCܞ\xF1x\xA8\xFCB�Oa\xD4\xE1\xDE\xE3v�\xD1\xC25\xF0!w\xE3\xAE\xEFG\x91��\xFC\xF8\xC2�\xD0j\xC5\xD0_[\xC7�\x83\xC0\xFEd*P<\xCE�\x81\xDAI$\xF4S�)\xB8\xEFEqs|\xF1M��-\xC0\x8A\xEC\xE2�\xCD�\xB4\x94\x8E\x98;d\xE5 �F�Lhm\xB9.\xAB|C\x93*\xA0�vG\xF3n\xEB\xAFL\xA4\xDAA\xDAn\xEF\xA07\xFF\x87\xD6]�\x88\x8BP�\xCA&\xF1�\xC7\xF6`�
-�\x94L\xAA\xB3�O\xA6:\xD6Ñ�zZw\xF4P�@\xA9\xAA\xB1}},�\xCDm@\xBD\xDB\xE4\xF3\xA2=\xD0�\x80�\xD0\xCE\xF6\xF7\xF6\xD9~Mp^\xE0�\xC6m9n�s�]\xD0\xF1\xEB�\xE0\xBAjj\xD0G\xC5*\xBA\xB4\xA3\x91\x9D~$}+0\xC2\xCFFr?\xA2\xB5\xB4\xB1\x9F@\xF0\xA1j�\xC7\xD6Ku\xEF\xF7ʹSf^\xE0\xB6\xDD\xDAK�\x98\xB0\x9Fr3�\xE8\xD5\xED*\xAF\x85?$0\x84\xF5\xBD\xFA\xAB~wp\x87^\xBA>�e\xBD\xA2I\xE5\xFCG\xA2\xFDx>~\x81\xC4]\xFE\xF4S\xE0\x95\xF3qkKSÕ \xE5\xABʺ��\xFF\xB9.\xFF9�\xF7\xC3\x94v� CM_\x82ܾ�m\xF7\xA7\xB2h\xBD\xB5S\xA32\x98\xFF0�m\x88��k�8
-Z\x928\xEBe|[V\xC70pR|\x95\xD9�\xBA\xCAN\xA8-Q\xBB�\x85\xD4m\xEC\xB3\xEA�\xBD\x9E\xD7ķ�Ň\g\xB4\xE9\x8B�\xF2Aʼn8(r\xFF]A\x8F>i\xD8N\xDE{<\xA7�\xFA*0\xE4c\xCF}\xED\xC71+\x8EC\xD7�\xEF\x91\xFD\xFF%`\xFF7�\x95B�2�\xFE�-S{�$^)\xB4Z\xA4\xFCHu\xC1\xB1]\x95�\xDD\xFF�\xF6�Z�endstream
-endobj
-2648 0 obj <<
-/Type /Page
-/Contents 2649 0 R
-/Resources 2647 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2636 0 R
->> endobj
-2650 0 obj <<
-/D [2648 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2651 0 obj <<
-/D [2648 0 R /XYZ 56.6929 605.5421 null]
->> endobj
-2652 0 obj <<
-/D [2648 0 R /XYZ 56.6929 504.7499 null]
->> endobj
-2653 0 obj <<
-/D [2648 0 R /XYZ 56.6929 441.2539 null]
->> endobj
-902 0 obj <<
-/D [2648 0 R /XYZ 56.6929 401.9804 null]
->> endobj
-2654 0 obj <<
-/D [2648 0 R /XYZ 56.6929 368.8239 null]
->> endobj
-2655 0 obj <<
-/D [2648 0 R /XYZ 56.6929 333.1161 null]
->> endobj
-2656 0 obj <<
-/D [2648 0 R /XYZ 56.6929 266.6983 null]
->> endobj
-2657 0 obj <<
-/D [2648 0 R /XYZ 56.6929 206.1673 null]
->> endobj
-2647 0 obj <<
-/Font << /F37 1026 0 R /F53 1313 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R /F39 1161 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2660 0 obj <<
-/Length 2593
-/Filter /FlateDecode
->>
-stream
-xڥ�]s\xDB6\xF2ݿB\x93\x97\xCAs�\x8Bo\x82\x97郓8\xA9\xD3\xC6q�\xDFM\xA6\xBD>\xD0�e\xF1\xC2�U\xA4\xACq:\xFD﷋�(R\xA6\xECdn\xF4@`�\xEC.\xF6{!>a\xF0\xE3�\xAB#&�5\x89��i\xC6\xF5d^\x9E\xB0\xC9-\xAC\xBD=\xE1~\xCF,l\x9A\xF5w\xBD\xBC>\xF9\xFE\x8D\x8C'I\x94�a&\xD7\xCB�.�1k\xF9\xE4z\xF1\xFB\xF4\xEC\xEA\xEA\xFC\xF2\xF5ŧә\xD0l\xFA2:\x9DiƦ\xEF\xCF.\xFFu\xF63\xC1\xAEN�1={{\xFE�\xA6B\xC5�6q�\x9D\xFEq\xFD\xEE\xFB7Z\xF6\xF0\xCB$\x89b\xA5\x91-\xC4\xFC\xEB\xE5\xEBWѫ�\x97op\xEB\xC9\xF9u\xC7o\xFFN\x9CId\xF6ϓ\xDF\xFF`\x93�\\xED\xDD \x8Bdb\xF5d���\xF1$�\x93\xF2Di�i%e\x80�'�O~\xE9�\xF6V\xDD\xD11�ii#mE<"$!Ƅ\xA4\x93\xC8H!\xDDU\xAEW�\xDDW\xF1\xDEV�וF\xF8\xEB\xD6\xEB6\xAF\xAB\x86\xF6
-P*�%L\x84}M\x9B\xB6Y\x99U\xED\xE9L\xB2x:\xAF\xAB6\xCD᜛\xFD\x871q\x97\xF9\x95"\xDD6Y��Q\x96�c\xC1\xA8\x88i\xA3=\xEEE\xB6L\xB7E;k\xB2\xCD]\xB6�a\xC5�\xD4P`\x85(�\xB5\xDCs\xB0\xAC\x8B\xA2\xDEe�\x9A\xDD\xDCӷ]\xF9mUZ:>&3 F\xA0��\xD1r�%�\x90:)l`\x9F\xE0\xD3t\xB1؜r;͚\x86 \xF5\xD2/\xD0\xC7\xE1q#`\x80O�\xBB\xB1\x9A\xA2\xF9 \x97\xCD\xFD\xB1Uݴ4\xDA\xE5EA\xA3��x_\xF8\xB5UVy\xBC\x80\xAC~H\xC2\xE1w\xE3\x80\xF86\xBF�gR�J\xC3\xDCq~\xBB\xF5J�H[{Y\xF6eφ7\xDFT\x8B\xF9\x88\xC4�\x8BT,\xBD\xC0\xF1zJ�ѥ\x88#��{\xA0\xCA\xCF\xD9\xFD�V\x93DLhs\xA8Ga\xFD\xFD\x92\xBE��\xEA\xF4�P\xD2# \x82p�\xAF�K\x8A\xB1S\xA4\xE7\xE0\xBBU>_
-q\xE6�\x90H\x8E6z\x887�\xBBO\xC2#�\x9B\xC0\xE4\xF8E�\x8F�SI\xDF7fd_J\x80{i\x91�)S\xB8B\x9D\x80�\x8D1\xD3�d\xDC\xC0U\xEA�\xE2\xDAD�'\xE4\x9Ev\xBE�\xA1.!n\xE8$x\x8F\xBB\xA6I\xA6k\xA7\xFF\xFA.�[Z\xB8\x9B�\xB0\xAE\xE8K��\xB2N\xDF�4\xAF\xCB2\xAD��.\xF2*{�\xC3�$Z\xF9\xB3\xA3�
-�G1\xD3\xF1S\xE21L\xC9C=�Nbւ\x9E\xB7\x81L^�(\xA5i\x99\xB6\xF3\x95�&\xE8(\xB2\x86ۡ\xC9\xE6\xD5\xEDXL\x81\xEC :\x8D�\x8B$�£\xB6\xFC0\xA8\xC1\xD5�\x97 %ǟ\xE5\xC1\x8EiB\xC6eYpf\xEB\x9D\xD9v\xCE�kmM\x90t�\xB2�{\x9B�j\x82\x90\xECaKph\x88�\xDFy:^ ~F\xA2\x87\x9D�\x84\xBC�t����D\xACf
-Q\x9B\xC2l��qM\xC31�\xA8�\xD7\כvD2\xB1\x8A\xE2\xF8\xA1o2\xE3c\xAC�\xC4X\xE3c\xAC�1\xD6L�^7j}4\x83!\xE4\x89*\x9B�xMG\x9CQ✎jݲn=*\xEF\xE60\xF2"s1\xD6 \x83K�)f\x87\xEE\xE5|\x8A�\xF1)�\xB9F\xC9�\xA0\x8E\xDC^\x80\xE3A\xEE�$E\xC2�2L\xE7^\xE4[\xB0�vtY\xC6\xFB�\x80\xF6\xBE\xC5\xF6\xBE%Ĵ\x83�\xE1T��]\xD8\xFD*V\x{1CACBD}d\xB8
-tr\xCFcJ+ι\xC6\xFD�3� \xDEG.\xF1\xA4'i\xA8G\xC6< *1\xEFI1\xEBy�\xC6(\xB2\x91\xB8s%�9W\x82\xAFw\xA5ػ�|\xC9x\xC0\x98\\xEC�\xC0\x91��v\x9EȮ\x80몉z\xBB\x99g3L\xE9\x98\xCE�ހK
-e��\xFE\x81\xBA��\x8B�\x833\x98��b�'2\xBB3ct\xB4\x88\xB8\xD1\xC3p�\xD2�`\xD5>]\x89XN\xE7\x98\xC8�\x86�A �!(�\x844Y\xEB�\xAB\x8C��Ww\x8AÖœiy\x90\xF1Û94Ú¹\xDFÜ«n\xB2Æ»S\xE0m\xE0O~\xD7�<�\xEA\x8D\xE2\xFE\x94s\xEE��\xCB��\xA9Dh\xAA×-F4\xA1\xC8
-�\xCAO\xF1(\xC6\xE0\xF5T\\xB6\x91\x94V\xED\xB3ʮvL,\x9E#r\x9F\xBF\x90J\x88\xA1n\xBC\xAFIq\x9AW\xF3b\xBBp\x92U\xCE\xE2\xF1`\xD3n\xD0\xDE�(�[\x91\xAB�\xA6\xDD +6
-;x\xAA\xF6��\xF5 �\x96\xF5\x86�g\xA1\xA4�Z�\xAD"%/�U\x8A�\x84/(�\x8D\xB3`Z\xE9\xD5\xD3pdE՜ \x86\x88`F\xD3u\xDD4\xF9M\xE1�y\xD3\xF9\xE7\x98�`\x96H\xBA\x92d</C\xEENdW\xAB=�+@"\xE8\xB0\xF4��(\x86\xABs\xF1\xA8\xDB@\xFD\xC8 \x9D\x84=\xE4�٘�B��\x9D\x9D蕚"�b�\xA1\xAE�\xFD
-\xDE
-h\x84\xCCA>,\xB7Xq�#)\xC6Ñ\xB4k\x94\xD7�\x82\xB0n\xC4oJ�\x87��}[\x82��7{�\xA4kq\x8A�Ø“\x9AâƒR<\xC3Q\xB5-o\x9C]".p�\xAA7\x9B�,a\xBFwi\x80t \xD2\xED\xAB=�Hh\xC1\xD9zn �b\xA4\xEE\x91�3,\xF9�I�\xD0Ir\x98á… \xAA�\xBF\xCDv\xBD.r�u\xA8\xEA��\x86\x91Ã(\x80\xE3\xE8\xC6o\xF2\xF1
-\xF1UM\x9B\xA5~\xE2$�\x8AxG%\xB80\x8CQ1xg&\xA7\xE7\xA9SÛ�\xA9�\xFA�\xAEØ\xB3Q\xBC� \xCA\xF4sF#\x82h\xCCß5 \x85\xA7��P\xEE\x8E�w\xB5\x82\xDF;&L�Å¿�\xD5\xED\x93)�\xDA\xEE\x84w"\xAD7c(\xB1�\xEE\xEC\xFB\xAB\xF2�\x93\x91\xD5]�P{\x86\xFB\xCAq�\xA0\xEAF\xA4&M:!'\x911\xA4gqP9;M\xE9\x90jq\xE4\xCC�\xBE\xCEd\x97\xF7�\xB8\xF2\xFB|v\x81�e���\xA4\x9F]pË\x8Dh\xF6
-y\xE4Hfg\xD0K)\xF1x\xAF!"\xC6�\xFB\xF0\x99B14\xCD[\xF7H\x81\xE3]ޮ\xB0\xCCg\xCEL�B\x8D\xE1\xF2\xDE%��P\xB2\xC0�&\xA4�\x84R\xF0\xC0�\xAA��tK\xC8�\xDDi�[Kq\x81�
-\xD8p\xD1��\xED\xAE�mb��u`\xD0\xE1\xE5\xE4\xA1 \xB0ز2\x98eZ\xDC\xD6�\xB8M9\xE6\xE4�\x9C\xB9�\xB6\xD3k}1\xBFH�\x8A\xA4�Ó¬\x9Ao\xEEC\x9D��{\xA4n\xBA�\xC6<x<\xE01\x94L\xB6럎=�@H\xDForÕœt\xE5\xCC�\xAC\xEB\xD4t\xBEÝeTmqO\x8BuE#1\xFD\xF1\xFDÙ«\xD9\xFBך\xE4$�
-՗�\xC3 at H\xD9\xDB8\x97 \xCF\xCE�η�\xFF #T\xDC\xED\xD8\xF7,�Ş�\xA1)M\x9BlN|\xB4�\xEEB"\x8C\xBBZ\xA1\xFFօ�\xBEb di\x93͌"(H\xB3^\xF8B#&\x97\xED\xEF\xED\x84\xFB]3�\xEC\xA4\xF9\xBE.\xD0ozf%yH7 ߓD\xFF�\x95
-\x8Cs\xEFp\x80\xA8\xA8;\xE7\xCE=\xBAE\xBDu%�\x8E\xFF\xDCB\x97\xD5�\xF3A�\x87o�\xF6\x93\xD8�n\xD7\xD9P\xE3�Ow\xE9}\xE3[\xA0\x9A \xB7Y\x95m\xA8\xF1\xED7F�\xDF�
-|\xE3x\xE9�\xDE\xF6/u\xB6\xA7�\xF7\x82(|) +//._\xD3\xE6\x84 \xBE#\xBBݤ利\xFA\x87�\xDB3\xD5\xE1�\xCDAl�-/\x81\xFD\xF1N\x87\x81�\x85\xBC\xE9\x92�\x94\x827^\xB7>\x98*\x92�~\xF7Rp\xBA'\xE0�Bh]\xD28\xE8\xF79M\xA9ڌ\xF7�\xF4\xD0\xE7�� \xD6u\x85e\xE9l-�\xF3}� \xCBB�\xDD�\x8F\xA7\x93�\x8D\xE7\xF0sU\xEF*\xCF^3F\x93\x81]H�P\x95\xF9#De\xC4eG\xF4\xB9�\xB1\xE6�\xD3\xF8l\xDDw[�\x9D\xF1�C\xD7\xF2!\x84ʡ\xA4/:XO\xFD\xF6\xCE\xECM\xAF\xA0\x87\xF5%]\xB1\xA4\x95p)\xF7\xA6\xB4޶\xD1\xC8ńё\xEE�\xF6\xE3\xB2TI\xF7J\xBE\xA8\xA9\x94\xC3G\xB1\x96h7\xAB|M J,8"�\xC5\xD5\xC4s\xBEmó\xB3\x8DX"\xC4\xC1K\x96w\xDB\xF4.͋\xB4\xF3\xD1��ʴ\xF2�\xB9\xB9\x87\x82\xAAl|<\xF8\x98e�\x89\xFA\xFC\xD3\xD9\xFB\xAB\x9F\xCF\xFDfL\xB7�\x87\xF30�M\xCBu \xD0=O\xE0�\x9F'\x9A\x83\xCD�\xD4b{\xF1u,\xBB\xD7c(\x91�K0�\xB2# �� \x83\xED�\xD4!1d\x8C\xC1
-3\xC3\xD8\xF4/'\x98\x80z\xBC\xB9\xF6\x85"�\xB0\xBF\xA8\xE7i\x81]Ú‹\xB1�\xDAw\x86\xE0\!
xC0\xC2}a\xFE\xC2w\xBACJd\x91w\xC8 !+|?\xECu\xA9\x8EÍŽ\xEC#\\xF3\xAE<\x81*\xE0i\xD2b\x94\xB4}@�\xE2tÛŸ?"1jc\x94?\xD4Q>�Ò¾9\xF0\xF8\xC6nH-
-\x8E\xB4\xD4\xF2�
-\xFF\xFEv!:\x96L_�OÞ¢W\x82(T\xF9\xAAL\xE7\xB3r\xA1_\x8C5C\x98(2\xE2\x94M\x9F\x997\xEF\x97\xFFU\xF2C\xF3E�\xF77B}\xB8\xC8D\xFE\xF6\xFCKR,yQ\xBC\xFB\xF0\x8F\xE2˳o\xD7FÇ´\x97\xEA\xB7\xDC\xC0�\xBF\x80�\\xC0\xA9\xEDÙ¯\xF2\xC7�{e^\xFE\xB4K~\xDB}\xDA]\xCA\xFF\xF6\xD3\xF6\x97�~ \xAE\xC7\xFE\x87��\xC3?�G\xFE5d�s\xFF\xF7\x94\xFB?iU�Ik\xC5\xF8ß\x90 ")��\x98\xC2\xFB\xF1\x98�\xB2\xDE\xFD\x9B\xF9\x90\xF7\xFF�\xBF�\xD6�endstream
-endobj
-2659 0 obj <<
-/Type /Page
-/Contents 2660 0 R
-/Resources 2658 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2636 0 R
->> endobj
-2661 0 obj <<
-/D [2659 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2662 0 obj <<
-/D [2659 0 R /XYZ 85.0394 420.6717 null]
->> endobj
-2658 0 obj <<
-/Font << /F37 1026 0 R /F53 1313 0 R /F22 961 0 R /F41 1218 0 R /F21 938 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2665 0 obj <<
-/Length 2225
-/Filter /FlateDecode
->>
-stream
-xÚ¥Y_s\xDB6�\xF7\xA7\xD0\xF4\xA5\xF4L\x84�\xFF�\xE0\xFA\xA4\xDAN\xEAN\x{D936}rÓ™$�\xB4�[\x9CP\xA4*Rvss\xF7\xDDo\x81�)R\xA2-g:z \xB8\,�\x8B\xDD\xDF\xEEBt�ÃNdB�\xC3\xCCD�AdL\xE5d\xB1:\x89'�\xF0\xED\xDD
-<Ӗi\xDA\xE7\xFAe~\xF2\xD3[\xAE&\x86\x98\x84%\x93\xF9}O\x96&\xB1\xD6t2\xCF>E\xBF�\x9A\x90S��G7\xD7\xE7gӳ\xF7\xD7o\xDF]\\x9FN\xA9�JD\xB3��.\xAE\xCF/\xFF<\x9D2��3p\xC6qt5\xBB\xFE8\xFB�i�N
-\x8Bf\xEF.nO\xBF\xCC;\xB9\x98wj\xF5U\xA71w:\xFDu\xF2\xE9K<\xC9`�\xBF\x9DĄ�-'O\xF0��j�\x9B\xACN\x84\xE4D
-\xCE[Jqr{\xF2G'\xB0\xF7\xD5O�5�\x8D \xE3 �\xB1\x85\xA0=[�F\xA4\xD4b\xA2\xA4! g\xDC\xDB\xE2?\xBB=\xFC\xF4\x96\xB1�\xE7\x94K\xA2�)a��\x910\xE9Y/Kؽ\x88\xA3fia\xC0M\x94\xDEU\x8F�i\xF6\xEFt\xB5.\xEC\x9B l\xB0\xAC&\x8AR�\xBA:!\x9B2[\x8C\xAC\xC8�\xD1\xD2\xC8\xC0\xF4\x94��ʽ\xFB\x86Ke\xF6>\xDD�
-�\xB7uP 5�Jm7\x8Fv�\xB4
-\E\xB5H\x8BeU7H\xFE�\x83e\x98"1\xFC(\xBCP\xE4J\xCBlO\xD6W�Ö„\xE9\x85\xCD\xC2�\xE9j\xEAÔžL)\xA3D\xAA�<\x8FRb\xA4d^cØ»\x9BG)\x8D\xC0_8\xF8\xCBY\xB5Z\x81\xF0�\xE63�5Ux\xFAU��h�\xF4n�\xF0)\xEC�\xA8\xB8\xD1\xFE\xB4Ú›�U�z\xBB\xE6�\x{1EA8A7}e\xBEX\xE2\x97\xD5�E\xD3(-\xEA\xB0\xF8]�\x92\xD9\xCFq\xCCJ\xBF7 \xE7\xE5n�\xB7Ÿ\xDD�FK\xAB�DÆn7JE\x8B\xAAt��\xB6\x9B\xB4\xC9+7]\xE9\xC8Q
-\x8B�Oy\xB3\xC4�j�\x9FA\xF3\xF0\xB1\xECFh|\xF7\xD1.6\xA7TG\xB6qփ\xE0\x9A/��nձ4icW\xB6l\x90\x9E\x97Y\xBE J\xDD.\xE3\x8F�\xD7 ��\xEC�\x8F �\xEA&�\xDD�\xB7\x8E~\xBD\x9A\x9DM\xAF\xCE%\xBE\xA5\xC5)\x8D�\xAA
-\xE8\xBF
-�\xAF#�\xF2&L\xDD)\x8B\xEF\x8B"Ńr\xE3\xAAlҼ\xF4\x9Cj\xB7\xC8]Z\xDBi"\xF0Ŗ\x8B*\xCB\xCB�|\xAB\xEE\x9FShD\xFF\xC1\xD2 D \xAA\xA8j\x90\xF0\xE6��\x9EY\xB5\xBD\xF3'�㿶��\x89t\xC24 \x84Ba\x97\xF7#Ѫ\x89��\xE9�+\xC4�\x8D\xA6nG�|\xC4\xD6Mp\x88\xC3 V\x9Ah\xC1\xC3ܼƙ[T\x8F{\xFF*GV\x94\x82(\xC1\x8F\xE3\x83Rj��@:ػ\xB4\x8B&,P!q\x87�4\xF2\xDEɇ\xF1�\xAC\xEBj\xD3\xE0�\xC9%o5\xC5C\xE1m\xBC�-\x80�\xF5�\xDFE8"A" w\xD8�\xAC\x8A\x80:w\xB9\xA1B\xE3?\xD8\xD2B\x88\x84\xA3H\xF1\xB1�\x8F\xAAV8\xDE?O�7\x87&\xA2�,\x9BĬg\xA3)\xEC\xFC\xFE\xA13h\xDFV \xE4
-\xD8D`\xFE�r�\xDD\xC7w��B5�}\xA0\xFA�\xB9\xF1\x90{�\x91\xAA %+�o\x8D
-\xCB�NV\x92D�\x90\x9F8\xE9#\xA2\xA5�L\x954p"\x92 \xA6 0v�.\xBE\xC5pq\xCB\xF9\x93\xE1:\x98�\x82uU|CBk\xEC��{\xD0\xE8Ä Ë¸���\xDD\xF3 \x82\xBC\x81\x8D\xA2ت/�� 7e\x96\xFA\xC3\xC9\xC2qSN�\x9C\xF9��\xABm\xB3\xDEzÔ¢\x88\xF9\x80P6\x9B�y\xC4 �2\xB52m\x84�\x8C\xDA\xF7tȸ\xAC��\x87>#r�\xE1R\xB5<�s6UQ\x8F\xD9�\�\xF4�\x8C�\x84\xD6\xE8m\xF7\xD5fDx"�T�m\xA89\xB0Ξ;\xB6\x84�\x96$-+Z\xABuv\xCC:0Zorg\x92�4\x9CiB\xB9\xA2\xDF�4; \xFD\x9E\xA8I\x88\xD4Z�\xF5\xDC\xD1 \xF0Ú‘}�C4e\xFA\xA5\x88\xA1&!•V�\xBD\xEDb Z'\x90\xEE\xF8ZVO%\x8E\xD7E\xEA\xB6\xFCw\x83\xAF\xCE\xCC~\x90\xE2éo\x9B�\xF0\xE5\xBF\xF8\xD8S\x8EN:\xD4\xF7qÇ¡n\xE1L\xF85\xAFgW�\xB8\xEFÛ‹\x9BS\xC8\xCA\xFF\x86\x87wu\xECå»73g\xCD\xF9\xE5\xFB\xEB\xF1 f\x92(-\x83὿\xD3$$eNe\x87\x9E\x8E\x8AU\x84�Ý…\xAF\xBB\xD4\xEFO ï>|\xE0\x99.�v\xDD '&�G
-
-\x95B�\xD8\xCA�y\xDAy(lQ=\x94\xF9\x82B�\x89\xC0\xE3!\xD8Q\xEA\xB5]\xE4n\xF1vռ�ˑ\xA1\x8C\xD9�\x99\x84�\x9E\x98\xD7`�pRu\x80E\x9C\x996Cp\xCA[\xF58F\x9FS\xDFE\xA0\xA7\xF4*�\x{1DA5E3}\xEA at dJ\xFD\x9A \x83j�2_\xAB9 \x8D0&\xBA\xB5vO\x8F\xBAga\xEE\xD3^\xFBy�\x87(Q\\xA8\xE3 2�1x�\x83\x97a�\xD2+\xC6z\x85�\xA6M\xD74]^\x9F\xE3\xC8\xE0c\x96\xAD\xF22\xAF��l�
-\x8Etc\xEF-\x9E{\xB9�Ӯ\xD2r\x9B�;p\xC2j\xC6BEU` s$4n/Bd\xCC~\xBF}\xDC\xF9\x9D�\xB8\xB6@\xBBv\xE0M\xC8ν�\xB8\xFF\xAD
-R\xDFJ ݯ\xC1M߶\xCA\xE52ւ\xE2?\xB3\xC4\xE1�h\xA2�\xE6&\x9D;\x8CXe\xCA�\xF4oPF�\xAD3\xFB8\xFF\xF5\xFD\xCDKf�\xA1\xCFk\xEC\xA6l\xC1\xF5\xF6[
-G�2\xC6�8�TN\xF9v\xB5[W@�\x94\xB4\xA7!�\xD4�Rvm6\xF4\xD4q��T�\xFE\xE0$\xE0(\xF4Q�\xD3�\xFA\x8C+f\x88d|\xA4>\xF1\xFA|\x86\xAEgwn8Â’m\x97H\xB0Aq\xDEYU\xC5k\x9C\xE8[Y\xAD\xEB\xBC\xDE\xEF\xED9ÄŒN8�\xB0\x84\xA9P#\x8F\xF4â˜
-\x93.ߎ7\xEA\xAE�v\xA1\xD4�qا\xB7\x97��\xD7\xE1\xDE]\xCA\xF84M\xBF\xB4\xA3;\xDC�\xAC\xDC\xF3�PX\xC6�\xE4\x81Yj�\xAE\x87h \xA8+\xDB[\xC0\xEBd.Fd\xB6\xF7�\x9D\xC8\xFB\xBC\xF8�\x91\xCBn\xF4uD8\x94\xD3Jv\x95��/;\xAFx\x8D\xF0\xF5Q}}\xD1(\x8Fq \xFC\x98\xEF\xCBیȃޔ\x83?
-6\x84C,韱�\xE2\xB7\xDE�_�U7Ͳ\x8D\xAD\xEB\xD7[\xA09*r\xB1\xDCTU\x93\xE5cu�\xF4aTv\xEE\xD2 \xDD��
-�Þ˜<& \xA8v\xE2Fq\x8A2"\xA1\xCE�\xC4\xDF\xF9\xC5\xED\xD9\xCD\xE5\x87^\xFDB_\x86\xF0\x97Z!(\xD9cÖºT[Y:0\xD3f\xE4�C\x9B\x90\xEF�GW \xEFÕ•\x9C\xA8Ø°#�+\xD4\xF1\x8A\xF7\xB26S\xD1e�VN\xC3j\xFEFF\x9B\xB6I\x86Q�\x96N;��m\x99c\xA6u\xE4\xC2a3\xE8\xFB�f\xFA\x9EWc7�n\xA8 � \xD7b/ecok\x92gJ��A\xE0\xEF�_S�)\xD1�\xCBÝ\x8F e�32\xD4�\xC6U~�Ll\xF5\xBA*}�7bN\xB0�\x93\xC6�/F\xB8!"\xE9*\xB3\xAE5b{\xAD\x91\xA6\x94\xBD\xD8b��X\x85\x8EuE&�\xAF\xD7�\x888\xA3\xD9+\x9B"\xC5:8\xF1�\x98 u \xEA\x86�H\xB8\x94i\xC4\xDE
-\xE2lw\xB2\xC5\xEERO\x80>\xFE\x9AI�\xA7��\x9D��\x9BS�m�-\\xB8�\xB5;ޡY$\xB4]\xBA\xAB\xF8\xA6\xE9\x98Y\xA09\xE5\xB2U\xBCZ\x87\xA0�X\xA6;\xD95^y\xC9h\xBBFB:b*\xA5\x89\x89)\xED{\xD2\xF81Hw\xEE\x8A\xED;�\x88�wn \xFF\xB1ʳ\xA0\xC32l\xBB\xB46\x90\xB0D|F
-0!\x95�\xE8�\xEC�\x80�\xE8%\x86\x8D\xFC3\xA7\xC9|۷\xAF\xA3l/\x8E}\x87zhn@\x88�\xCC\xFD*\x97\x8EiwW\xB3WVC\xB0W��6\xBEqm�y\xEE\xCF�@c�\xB9#�Gܡ\xED?\xFE#b\xF7\x87\x8Bp\xE8\xA2YW\xBB�\xCD\xE5j��㠔\xDB�U\xEC@\xF5\xF6/\x8BC\xDD\xFF�'y\x94�endstream
-endobj
-2664 0 obj <<
-/Type /Page
-/Contents 2665 0 R
-/Resources 2663 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2636 0 R
->> endobj
-2666 0 obj <<
-/D [2664 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2667 0 obj <<
-/D [2664 0 R /XYZ 56.6929 513.8248 null]
->> endobj
-2668 0 obj <<
-/D [2664 0 R /XYZ 56.6929 427.0967 null]
->> endobj
-2669 0 obj <<
-/D [2664 0 R /XYZ 56.6929 364.279 null]
->> endobj
-906 0 obj <<
-/D [2664 0 R /XYZ 56.6929 325.4767 null]
->> endobj
-2670 0 obj <<
-/D [2664 0 R /XYZ 56.6929 288.9693 null]
->> endobj
-2671 0 obj <<
-/D [2664 0 R /XYZ 56.6929 257.0263 null]
->> endobj
-2672 0 obj <<
-/D [2664 0 R /XYZ 56.6929 191.2867 null]
->> endobj
-2673 0 obj <<
-/D [2664 0 R /XYZ 56.6929 119.4786 null]
->> endobj
-2663 0 obj <<
-/Font << /F37 1026 0 R /F41 1218 0 R /F22 961 0 R /F21 938 0 R /F48 1238 0 R /F39 1161 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2676 0 obj <<
-/Length 3036
-/Filter /FlateDecode
->>
-stream
-xÚ¥Z[\x8FÛ¶�~\xDF_\xE1G/p\xCC\xF0.�\xE7)i\xD2 E\xBB\xD9\xD3l\x81�m�\xB4\x96��\xB1%×’\xB3\xDD\xFE\xFA\xCE\xF0"KZ\xCANq\xE0�QÒˆ�\xCE|s\xA5Ù‚Â-\x8C"TX\xB9Ȭ$\x8A2\xB5X\xEFo\xE8\xE23\xBC{\xC3�\xCD*�\xAD\x86To�n^}/\xB2\x85%Vs\xBDx\xD8�\xE62\x84�\xC3��\xC5o\xCB\xD7\xF7\xF7\xEF\xEE\xDE~\xF8\xF5v\xC5�]\xBE!\xB7+E\xE9\xF2\xA7\xD7w\xBF\xBC\xFE\xD1?\xBB\xBF\xB5|\xF9\xFA\xFD\xBBO\xB7+fe&\x81\x88i\xA4\xD3t\xF9\xF3\xDD\xDB\xEFV\xDF}\xBC\xFB\xFE\xFD\xBB\xBB\xDB?�~\xB8y\xF7г5d\x9DQ\x81<\xFDy\xF3\xDB�tQ\xC0�~\xB8\xA1DX\xA3�OpC \xB3\x96/\xF67R \xA2\xA4�\xF1\xC9\xEE\xE6\xD3\xCD\xFF\xFA �oݧ)Q(a\x882<KÈ‚\xB3�c\xC4*\xC5G\xC2P\x96h\xC1\x85�\xC6\xC7\xFB\x87��\xEF>\xBD\xD8 %T\x81\xBC2\xCE\xE0#\x98<\xA9\x84@\xB4�RÅ…�J\x88T\xB8\xEE*\x9F.i��\xC2\xF0\xCBKF\xA2Ä’|\xB0$\xA8[0\xAB\xC6K\xBEm@\xBBF/\xF3S\xD7\xEC\xF3\xAEZ#��^5'&\x93��\xC3/\x8Eu�\x89\x86\xB3s`\x82s�\x88\xD6M\xFD;\xA5\xFC\xF3\xE9�s65\xC0D2\xB3|\xD8V\xAD_n}\xBC\x85\xFB2\xEF\xCA\xF0 \xF7�\xFChW\xFA\xE9\xE5\x90�&�\x91\x99\xE6�&È—\xF29\xC1\x88\xA2DgT�ªNM\xC6 @��$\xAF\xCA.\xB9!M2M#\xD1\xEFT\xD1\xE6\xE8\x99|\xDA�\xDF_\xCBcbf@\x91�*J\xA1}nA�\x9B\xA2:&\xE6_ m\x88\xD1\xD4,V=�ᛧ\xBCE�S\xCB\xF6P\xAE+\x94GY\xF8�\xF1\xC5Ó¶\xAC\xFD\xE8͇\xBB\xB7\xE1Y|\xF9x\xAAv�0\xCB\xFCm�\xAC:{]V\x81 �>\xCC\xF9\xF8�\xAEM\xB7Mh\x9E+�B\xE0\xEC\x8A\xEA9\x91L\x89@\x94\xD7Eb&�{\xA5&
-\xA6\xCE\xF7e\x91\x98Ipb\xCF\xE2k\xC26\xDB.?v\xA7�\x80\x88\x83�zئ\xF0\x81\xB2\xE4z\x88Q\x82T e\x80}&\xCDD\xCAi\xE80�\xF6L�,\xAE8\x95ˢĻڡ\x95*\x87V\xF7t\x93\x9Fv\x9D\xBFY7\xFB=\xEE\xDD�\xAC\xB7y]\x97;\xFF\xA6
-FvË–\xA0>\xB03g�\xFE12\xE3 w\xBB橪?'\xE4'\x98"FZuU�\x8AÚ¨\xAE\xAE9sv\xAAq\xC92\xC8D\x81+\xE0\x99\x8A2\xF1!\xE0\xA9Jc\x80\x83\xFC\xA4\xBC\xA69A\xA4\x91b\xA09\x8C�ݶ\xF4\x83]\xB3\xCEw~\xB8m\xDAÎÜ‚nT7\xFE\xBA9�á“£\xBFy\xE1C�\xEFJ�\xCE
-8vP�\xB5ܳ\xFE\xF3\xA9\xAE\xD3r\x93\xE0\xEBT\xEF\x96Pl+4\xC9ϥ\xE30�.w\xB2\x99L\x90Ld�LN+\xAD'\xF7�Ǖ^Z\xFF \x8Dv�Lj\xA5\xAEzL*\xC0\xFC�ʂ �K?\xFF\xA9E\xBBwK\x84\xB5�g\xBA\xCDaU�޽)�v\xF9\xBA\xDC�\xA6Z\xFF\xE1ƹ\xA9�\xAF\xD9\xD2x\xD1q.!\xE0\xEB\x89)\xCCث%BeQ\x9F\xE9
-@\xF8W6\xCB�\xCD攊\xB6\xF0\xD9Y�"\xA2\x99 \xA3\xFC\xABj;ÔO<�\xCF\xD4\xF3<\xF5\xDB�p\x95\xF5ruX$\xA8\xCE�s�\xB4\xC0�\xA8\x91-��\xF1,C\xC6\xC7�\xFA\xB0\xC1u\xAD3m\xC8h\x{18D5EE}X\xEE\xF2\xC7\xE6\x88\xF6\xE3n'\xC8\xF4�\xC1ÕžG\x9D\x9F�`V\xE2g\x85\xF1\xF8\x9C\xB2/iIf\x85\x98\x81\xA8\x9D\x87\xA8\xC9"x\X�R\xCF\xF3\x9F\xA7\xCA�
-ԉ\xE6��\xB0\x8F\xBF\xF2\xFDa�\xBD �2�6\xF6��\xC8Ap\xE3A\xEBF89^QuxE\x84\xE2��
-Þ¬�\xE4n\xC1}Ó•\xBB\xE7[\xC6�\xC2AH\xB3|nN\x9E\xA0\xDD6\xA7]O�_\xD7)Y0J\xF89\x94\x8Cd\x91P1\xF0o\xFB�\x8D\xC0k\xC0\xC1z^c\x90�M�\xD1,N\x9D�*\xE6�ZE at 7�\xAF\\x9CϹp\xB7\x8D2\xACp:\x847 \x9C\xC2\xCE1 9\x8B\x96\x9F\xA3\xD2�\Ñ\x99>\xF4\xF46)_Ú¤\xFC\xF7\xE8σ\xF1���k@$\x99\xCBn��2\x9F\xA8\xCFg\xB7C\xAA\xF9춧r"\xF4\x8C\x82\xFD\x8EDnl\xAFp\x88\x84m\xF5w9e\x8DA6\x9Fe\x80\xF6\x8B\xBC\xF5T \xE6FZ\x96`;ʲ1w\x9F\xFAt�\xE1.\xB9\xF7P8p�\xB9Q\xB3\x99\xBC\x82\x80>\x8A\xE6\xF8\xCCEs�T\xE1\xC1cÕµX'A\xE6\xF8\xD3 c\x9F{X\xC6k\xF7T\x96\x81\x92\x85Y�\xD8`\xA0�ÇpS\xFC�\x86\xA6G6`L�\xC3\xC4�b\xE7\x8C�\xD4]�\xB53n\xE6\xB5-2B5�\x{DCB6}�T�\xB4�\xA9\x9C\xB6\xD7)m\x83yC&s\xD6\xF6\xA6\xDA%\xB4\x9D�\xC6\xE4e\xD6"Q\x82\xB5\xB1\xAE9\xB8x\xC0׈\xB7_Bl�F\xAB\xB4\xC7\xD0��N\xEFf\xD3N\x83\x82'\xEE�\xB3\xE84\x86\xB1\xCEe\xF2\x9Bg\x93\x87\x97\xF9\xAE+\x8Fu�)>A:\x89�;a\xFF��\xBD\xEB�\x90\xCC �\xA6ÑÍ«\x9EjB9\xD5WT?\xA0\xBA\xA0\xFAH\xE5Ä´}Q\xC6J�)\xE4\x95%#Qb\xC9Q�k\x89\xE4j\xB2\xE4\xFD\xB1
- �u��\xA5\xBEm\x8E\xC1�\xDA�\xA4\xE6Ç \x80f3\xC9@\xBC\xCA\xE2\xC7u at F\xEE\\xE5\xE7S\x9FY9}\xA6\xC37\xE7<\xFBÆE!\xF1�\xFC\x9Ajd&\x89\xCD\xC4��<\xA4\x9AWMO\xE5T\xF3\xE5[|0\x86\x96Y�|\x91\xB7\xB3�~\xC9\\xD2�\x8F\xB8�\xF9`\xCCe\x83\x8Et(\x91`\xE0Xs#\xAF\xC7�\x8D\xCFXp4u\xCBq�\xCCK\x88�Û¡��/\xF6'_\x8F\xE8>\xF5\xCE\xFD\xE5k\xBE\xAB
-?,\x9A}^\xD5g�\xC8��\xFC�q5\xF5ʼn\xA2�\xCA5#\x87e\xC2\xEA\x92E뫰�\xC0GF\xED�\xD8�\xA8.\xC0&R9\xD8�\xAE\xC2\xE6\x80\xD66\xC5�\xA7�\xF7w\x91\xAFH\x94\xE0k\x84�\xAE\xB0Ÿ06\x8E\xDA6\xA0��}9.\xEC\xA0�\xC77\x8ES7z\xC2Z\xD3e\xF9 \xBB\xA6\x90\xC2q-\xAEս _\xD1\xD7I;\xA8e\xCA:\xB0\xE2\xB2n\xCF
-,\xBE�N�\xD9\xD9\xF8Jn\x9F\xAA\xBB�%\x8C\xF6\xE5\xF6\\xE9H\x89\xEC��Dg\xD2ľ�ȑB\xCC\xE3��\xAFf�\xA0\xBEY0A\xB2\x81\xDD�u�LC\xAAy0\xF5T�L\xC7�\x98,\xD1F\xF4\x96 \x8Ak\xF6\xC9\xDC at A\x90\xB0\xC6\殧J\xB07”\x82Xb(�\xF37Ɣ\x92\xE8�\x84R˶99\xBD\xADK\xFF\xD8e\x83p\xF5\xDCz\x9A"\xEFr\xFF\xD4k��\xA1�t%.\x92x\x84\xE2\xB4ग़c\xF5w\xEC\x90j.\�\x8A\xEF�\x91\x82\xE0�?\xF6\xBA\xB5D 9\xF18\xED3\xA0n\xEFK\xBD\xA2q\xBES3(\xBF;\xFF\xE8\xE0\xD1\xF6\xB5*J\xFF O\xB6D
-�6\xD6�\xAF\x8A\xF2뫰\xAFD��R\xDDwX]m \xB3b\xD9 .�\xFC\xAE_�\xA6\xA8֥\xAB@æ�=�\x81d(Q|\xE9\:\\xFD\xCAuٶ~\xD7\xCCh\x8C�\x93~Ut\xE0\xE02���\xAE\x83\xBB\xAE\xEAé#\x89]�<98\xB73\xDD2\xC0g\xBA��2\xEB�\xB9\xB3\x81\xE9e<
-\xD1�\\xCE1\x87B\xCBU\xDE*H#P�\xFD\xB5o0*\xE7#:�1\xA1�\xA2\x97g\xE1cP\xB5\xE0i'\xE6쀆BtY\xA6\xA6>z\xC1}h�\xC1\x93\xAA�\\xE4\x85\xECe�\xD3�\xA7�\xA7 \xE2K
-�\xB5tHV]\xAF�h@\x9F\xA7T\xB7\x95K�\xF5\xE50\x91G
-�\xE9n\xBCd\xBA\xEFSԅkC�\x88\x9E�%��\xC2;\xA7\xC3Я\xB1�\xAAi#&\xA8�
-�\xF4c\x8F!\xE4\xE2\xDE\xE7��C\xD7z-\xDF�R]ph\x91\xCA9\xB4\xF6j\xA9\x93�\xC51\xC09U\xEA\d\xAD/u^\xB2\x96,uF\xBC\x8DS*�\xF5\xCF\xD9\xF2ý\x80\xAC\xB9 \xD8�\x8AKQ\x91A\xBC\xA3\x92e׻\xC1\xCC�=\x8D\x8A8\xBB\xEFE\xC1\xFA\xE7~9\xA7\x83~9\xA7\xE3x龙\x8F\x97\x90��nſ\x8B\x97ޕrM\x98\xD4ߘ\xBCM\xDB\xD9\xCD\xE11_ \xA5\xC2H\x82\xAE\xE0\x86b�~l�\x8B\�\x85\x85\xC1E,�\xA9\xE6\xB1\xD8S9,v\xC9\xE0
-\xD9S\xD4\xD9z{l\x9A.\x9CI\x8D\xC0�Y\xA6Õ\x8A_d\xAE\xA7Jp7\x8E\xAD\x9CX \xF2�\xB1�*okc\xE5m\xED\\xE5
-\xE9\x9E0\xEAJ\xBB\x8EgZN+o\x9C\xB2\xF1\xD7s\xE5m}gךA�\xAC9\x867���9�e\x92]G\xBC\xCD�\xEF{\x91\xBB\x9D\x9F:\xB4:\xDD�$\xEFpܸ\xF6\xDBJ\x82\x9B�^\xE5\xC5*\x94�L\xA0\xB4\xCC8\xD4��\xEE\xCD{e�\xF6qx��Lq�\xE18Ú\xDB4Ù·�\x99JÑ›k`�\xA6\xF5!E,\x9F\x8E��\u\xAE#
-\xF7^X;\xC8K\xBE�
-�\x84\x90�g+�\xE8'b\x86\x97mO\xE4ݾXV\xE1
-K\xC2\xFC\x93U7\xCDɹ�|\xF4|\x8E\x84 \xE5\xC9 Fo\x96C�\xA7Ú¿��f^\xF5]\x94X+\xAE\xD6Z\x9Cqp�×¢É\xEA\x82�G*�\xF5\xD3\xD5Z�\xC2\xDCq\xAEÖº\xC8W_k\xBD\xE4+Yk\x8D��\xB6\xEB\xD4\xE5lW\xCB\xF9\xAEY\x96)v\xA5kf9\xB3S\xDB\xED\xA1$}\xA7=\x82\xDB
-\x9A\xA7ڥS8\xDCL\xD6�'\xB3\x82C\xBEH\xED\xB7!�\xA0?=\xF1\x85�\xFA\xA3�L\x90 [�6\x89\x8Df\x8A(\xDA\xD7\xE5\xD1\xF7\x8E\xDBU�\xF0ʇ\xE740y\xBEk\xE3.�\xA7\xFC\xE1l�S|:I\xF7\x9Az\xF7<\x89A\xE7\xEC\x91.\xAB\xE9y\xEB\xD9�\x86ݬ2\xB4ƶ\xF1@\xA0\x8A\xAD\xAD(\xDA\xFE\xB8\xAE \xFDv�\xFF\x96Yq(w\xA9\xD6XX�\x8B��\x99{\xF7\xEB\xEB\x9F\xEE|\xF7)\xB1{\x8Aa\x82h<?v\xE1�\xFFC\xD4\xC4�\xE8\xAEyJ\x9D\xD8B\xDC�\xF6\xFA_� �e\xA3\xB3\xD3q�8w� 9\xC7)�EO\xCE\xF1\xC2 \xE6\xF0tJ\x9Aᱎ\x86\xB4\x86r3>8��\xD8iJӀ\xA7㯢$�\xD5P\xA0UX4\xE10\xF7\x97\xB6?\xA6\x9B\xBAtF\x84�\xE1z\xFE<\xC9\xC8)\xAE\xDD
-\xAE'B\xB1\xE28\x86\xAC\xE5\xD0 at Z\x9E<=g\xD4u\xB8\xC4\xF9_=ݱٵ)\xAF \xA8͸\xBC\xFC���2=(�\xD2\xC1\xD0\xE73\xAE\xB6����X\xE4\xB9��{�\x9B\xF1\xCAD\xD3\xC0\xBB\xAA\x8EA\x943L\xED&\xB9�8\xCD.\xE2��\xDE$\xC4�嵤\xDFt\xC0�V
-.ΎϾ\xE7\x91\xC3(�\xAE\xCC\xDA�Й\xF9ۜPD\xA6\x9B\xAD\xB4\xB7\xCC\xFF\xFB/u\xE7\xBF�Bv'\x8C\xE1\xE9\xB8 \xA8D\xF8\xB1\xC8�\xEE\x81eb\xCAz\xFF绗\xBC\xFF�\x9E\xC8\xF4?endstream
-endobj
-2675 0 obj <<
-/Type /Page
-/Contents 2676 0 R
-/Resources 2674 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2636 0 R
->> endobj
-2677 0 obj <<
-/D [2675 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2678 0 obj <<
-/D [2675 0 R /XYZ 85.0394 751.8648 null]
->> endobj
-2679 0 obj <<
-/D [2675 0 R /XYZ 85.0394 153.4294 null]
->> endobj
-2674 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F55 1321 0 R /F48 1238 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2682 0 obj <<
-/Length 2296
-/Filter /FlateDecode
->>
-stream
-xÚ¥Y[oÛ¸�~ϯ\xF0\xA3�\xD4<\xBC\x8A\xE4Ù§l\x93\xF6d\xB1M\xB2\xB5�X\xA0\xED\x83jɱP]\Kn\x9A\xC5\xFE\xF8�\xDE�I\xA6\x93 ��j\x92��\x873\xDF\xDC�2\xC3\xF0\x8F\xCCD\x82�M\xF5Lj\x8E�&b\xB6\xAE\xCE\xF0\xEC�\xBE\xBD?#\x9Ef�\x88�C\xAA_Wg\xFFy\xC7\xE4L#\x9D\xD0d\xB6\xDA�x)\x84\x95"\xB3U\xF6i\xFE+"�\x9D��<\xBF\xBC\xBCY.\xDE\xDEÞ¼{us\xBE Z�:\xBF\xB8\xBB\xBB\xBA\xB9\xBC\xFE\xEB|A��b\xA0\xC4x\xFE\xE1\xE2\xE6Ï‹\xDF\xDD\xDAݹ�\xB2\xF7W\xCB\xF3/\xAB\xDFήV\xBDXC\xD1 fF\xA6\xEFg\x9F\xBE\xE0Y�7\xF8\xED�#\xA6\x95\x98=\xC0�#\xA25\x9DUg\0$8ca\xA5<[\x9E\xFD\xD13�|\xB5[\xA3\xAA �Q\x96Ј.(\x99�\x82ÌF\xCA��%\x8C2\xAB\x8C\xE5Õ•\xBB\xD4\xC5\xEF\xCB[s�\xD8E��ij�M\x90V\xDAR\xEF\xEBl\xFD��\xAC\xE0?\xF2\xC6m4kh\xDD\xD4�\xF3A�>\xD4i\x95g�jËœ\xE9�s\xC2)"J(8\xC5�\xE6\xFA\xE6\xD2m\xD5^\xA6\xAC*\xEA\xA2\xED\xF6i\xD7\xEC\xDD\xD2\xC7|\x93\xEFω\x9A\xE7\xF5:wK�\xD2\xFA\x90\x96�\xD9I\xA2�M\x92ijG\x9Ed\xA4\x94��\xF5qA9\x8C4\x92\x92QK{\xF1\xE7\xEA\xB7�_\xD4\xC7u\xDD\xE5\xFB:\xEF\x9C \xCBǶ˫\xD6M\xDE6u\xDB\xEC\xBB\xE2P=�\xCB�\xE3 \xF5l8G\x9A&\xAC\x87$\xE0��в\xACn�F\x9D\xF7ymv�R\x96 \x89\xB9\xB0\xA47\xA0Õ¸\�#I�'؈\x8B\x95\xE73\xA5Ò\xCC77\xFA\x96?\xBA�P\xE5\xA0\xE4\xA2\xF1\xC4]Ó”1má±–\x96\x8Fu\xB3k\x8Bv\xEA�\x8C \xA9\xE0j\\x81\xE0 \xA11\xDC�\x90\x9D
-@\xF6 P#IH�Z�\xB0\xB0\x98\xE6$\xE2\xDF=\xD5\xF1\xDD�\xD0\xE9\xA7E\xEAn�\xE7
-\xE0\x81 J�X\xD2\xC1#-\xEF\x9B}\xD1m\xBD\xBD\xC6\xE70\xA4\xB9�@\xFA�\xB8n\xFBѷ�\xFFD )�\xF7\x9B@\xD7uo\xBA�sN\x90\xE2\x8CL\x99\xEF#,\x99@*�“\xEE\xD3:k\xAAMQƸ
-c\xA7Þµz\xAE\xED\x8B\OHI5R*\xB0\xFBDZ[\xFC�\xE1��\x81\xF8"\xC0�\x8B�9\xB0\xE5年\xB2�ÍšP9�\xF3{��i\xBED�\x97+\xA4�\xC0\xDD#\xD2\xC5\xF6Ë«\xE5Û\xD7w\xAB\xEBÛ›~\xD3)\xE7\x9Dz\xDAÄ£\xC0|\xCC@\xCAI\xE6=$7\x9E\xA3\xF8<5?\xCC;�\xCC76>\xC1\xE0\xD0\xE6\xEE\xD3\xD7Lj \x84($$�@\xAA\xDB\xC3.�\xA6\x91\xD3!:(\xA9\x82^\xC0\xD01nÚ¡\xFF\xC9nY\x84�\x84�\xAD\xD9S�\pB\xE6×�\xB7-\xAA]Y|Ƙ\xBA\x9B\xB19(\xC4L\xEF�}< \xB2f\xE3~3\x83\xE1bm\xE3Ò‚J
-\xE9�'\xC7v6\xAC\xB46*\xB0\xBF!\xBA\xD4\xF7n\x9E\xBA�\xA7<3\x87\xDB\xC1@\xCDw6\xB27?\x8A\xAC\xA7\xED\xB6y\xE4\xE6�S\x88�\x84\xBCB\x8F�a\x86_Ô£\xE2\
-\xF5h�Z\x84���\xA6d\xF0\xE9\xF6\xB1\xEEÒŸAдs\xA3\x87\xA2,\xBD�r\xF7[\xE7y\x96g\x9E\xAEq\xDAc�j�\xC5&\xDAs\xF0\x81�\t>\x8B�\xF5\xBA<x}\xC04\xF5�:\xFF\x99\x82\xE5b\xBA! q!\xA1�r2:\xCD,vMY\xAC�\xE30�P\xB7��Wy\xDD!'%Ñ\xA19\�F\x88A2ui�\xE0\xC0\xA84\x86\x84\xB59�\xA1\xB4\xA8Ý’\x8D�v�Ò‚]iw\xF9\xDA!,s��OjLk�릪,�\xCCײ\xA8s\xB8:$JÐ[r
-5\x94_\xFD�P\x93'/\xC6Ì’^ iAkV\xFAs\x82�gnj\xF0\xE7�\xEC\xD0�N�\xF0�\xCB�~\xDD~E\xE7\xED)\x95C\xF6�\xF8\xCAW�H"J����|Rb5gb\x889\xD0\xDB\xF6M̸\x90\xB3\x88�\xDBÇ™n\xB0�N\xAFb��5\x91Y\x87H\xFF\xD0�J× �7K=D%�,�\xEA�\xAF����@0�\xB3\xA5eiQ\x9D(S]p+\xCD9\xB1��b���c\xBE�@K\xEA\xBD�\xF6\x9FT'\x85\xFA\x9CkM^\xE9\x90X\x86 \xDD�É°\xF7� Â\xE1\x9E \x97�\xD5:e�0dF\xC6\xD0\xE6\x8B5\xB4Y�\xB9\xCA\xC48(\xC0\xA1��C$\xCB
-\x9E\xEB\xE2\xA9`Ú„\xFA\xD4\troÔ£l\xE0B7M\x97\x87SA\xCEc%@�`\xE2\xE5\xE0\xCEP\x92\xF4\xC1\xBD\xE8Ú¼\xDC\xF8K\xA7u\xB8}�\xE8\xB6lv\x8B\xA9\xFB)�0\xA2�\x9AVÈ\xBC\x81\x95\xBF��\T\x82\xC1�\xD4G1\x83A�gRO\xA3\xB1ݲ\x88U\xE6P\xDE1P\xEBQa>�K�\xCA?�\xC3y4\x84Q\xCC\xC3\xF1&\x9B\xBAt\xFE\xBD\xE0`�,9��\xB1�\xCA
-\xCF�\xB6\xB6LV\xC4%v<\xAF\x9A^[0\xCB\xCB\xF4k\xE3\xDC\xC3L#)\x92\xB8c\xE1\xA3\xDB\xF7\xFDP\xB8A\xF6_p)� b\xE8j\x88\xB1л�oPj^l"\x97g\x94@\xE3B\xD5\xEB\xCA�\xDE\xD7�A�\xC81\xF6\xAC\xAF^`�u�m\\x86\xAD\xDC,\xF8y�\xDA\xC66\xC8�\xF4\xE3\xE4\xAF�N�Ù\xEDnгm\x81\x8B�\xB7\xB6\xFE:\xEE\x8E}MO\xB1\xA9\xC1\xC0\xFA\xCF�\xFEC\xAA\xD0\xCC��\xFE=\x959\xB7\xAF\xF2\xC5(bB/Ò‡\xBCQ\x91?�\x8E�\x95+,\x9F\x97\xAE\xA7\x8A\x88G'9��8�o\xD9'Bc&�\xE2
-�\x9E\xA4r\xEB\x8D\xFBunǂ#�w\xAC\x96\xD7\xEF\xCDH>E[\xC0�N\xE6�\xE6m\xE2GZ bKO\xBB\xDE6\xC5:\x9C\x99:\xB3�Tb>\xDFV\xE9zQe€\x91�7\xF5>\xC3!\xB0\xD0 $\xDAm�\x9A{K
-s�ׇ+"\x99\xAC0\xC5Cñ’¿@\x97`\xE4&x\xBE\xDAz\x98e\xF9&=\x94\xBE\xA3.\xDA#\xDE\xE8�\xACH \xDF\xC2/\xC0jHu�V=\x95\x85\xD5vz$\xF8�\xD6\xF2\x85#�Q\xE4\xC8!T$\x81ؤ&G\xDE틺\xF3wO\xBD\xFBm\x9B\xBD\xD7J{\x804\xB7\xF7\xAD\xBB-\xCDM\xCB��\xD8\xECLPj'�wv\xBF?\x98Ú®
-M~,\x94s
-�
-\x95\xAF\x8C\xBC� &Fq<j�F�O�{\xC14�\xAAgL�\xA8\xACi\xBE\xC5<�\xFAi-\xD8q\xDF=\xF2w\xF3\xEC\xC3�{^\xB6\x9E*"\xDC\xC8߉@\x9C\x80\xD6F�\x9E�\xEE+I�\xD8�ˈ�\xD5*q-ֈ\xC6%dC\x94�`\xB1O7\x81\x83w{\x81\x99s�\xB3޻\x8F\x99�m\xA4\xE3fP\x86�\xCDG\xB9՗\xC2\xD3,
-\x9D\xA3 }\xB5\xB8\xF5�R�\x8E\xA1i7e\xE4$\x9FB�\xCB\xF7.\xB0tPom\xA3\xCF�\xC4<\xC4�\x9E\xE19b\xACL\x8E\xB4\xECkܺ\xD9G\xD8@�Mt ix\x86x\x86\x8Bs
-'[�\xB2\xB5n8\xE8M~\x81��\xDEc\xEE\xF0P\xB4\xB6�!\xA1\xAF\xC0Cł\xBA\xA3\x8A�\x81\xA0\xBE\x93\xAF\xD2\xEB\xA0\xDFL\xBD,\xA9c\xDD\xE6\xBB\xD4W\xE2\xB0�a</}\x96\xE6P��\xA1\xC7\xD5\xF8\xA6)\xCB\xE6\xC1\xB64\xC2>:\xD8_'5�\x86n\xEFV,Ά$N5\xE6\xBAR\xCFst\x8F\xDEĞi\xB04\x8F\xCCzr\xB9a\x89\x8FbF`�\xBC\xB6\x81]\x853�\xFEa\xE0\xF1�\xA3\xEA\xD0v\xFE\xA2L!\xCD\xD8�^\xDB\xF4G>\x89t\x90�\xAB\xB4�\x87A�-\xA4e\xE1#_\xE8NÓ\xB4ON�\xD4ڢ\xED\xFA\xC6:0(\xF3\xAE\xCB\xF7\xAD\xA7ʊ{(\xAAC>{�L#\xEB.\xDF�M֞�~\xE6�\x89\xBE\x90\x95\x9EhN�>Oc�\xFF\xFDTFz\xE6\xB0>�M�\x8Be\xA3\xC1a�\x8A\xF0\xC0]5\x99\xAD� _\xDB�\xE55g
-\xED\xB1eBt\xF2\x8A\xB3m\x833@�\x9E/veZ\x9Bg\xFD\xB05\xFF�\xD8\xF9N\xEAЦ\xF7\xF9\xE8\xB1#\xA2c\xAF��\xE1\x97EC8\xEE\xEB\xD4\xFF\xFB\x8F1Ot�OdJѸ
-\xA9��6'A(\xA3C"\xF91<\xFC\x9Fm\x8Ee\xFF�\xEB\xFF\xB1\xC0endstream
-endobj
-2681 0 obj <<
-/Type /Page
-/Contents 2682 0 R
-/Resources 2680 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2691 0 R
->> endobj
-2683 0 obj <<
-/D [2681 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2684 0 obj <<
-/D [2681 0 R /XYZ 56.6929 751.7548 null]
->> endobj
-2685 0 obj <<
-/D [2681 0 R /XYZ 56.6929 684.9927 null]
->> endobj
-910 0 obj <<
-/D [2681 0 R /XYZ 56.6929 643.4496 null]
->> endobj
-2686 0 obj <<
-/D [2681 0 R /XYZ 56.6929 605.7386 null]
->> endobj
-2687 0 obj <<
-/D [2681 0 R /XYZ 56.6929 572.5919 null]
->> endobj
-2688 0 obj <<
-/D [2681 0 R /XYZ 56.6929 502.9079 null]
->> endobj
-2689 0 obj <<
-/D [2681 0 R /XYZ 56.6929 427.1554 null]
->> endobj
-2690 0 obj <<
-/D [2681 0 R /XYZ 56.6929 238.0538 null]
->> endobj
-2680 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R /F53 1313 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2694 0 obj <<
-/Length 1802
-/Filter /FlateDecode
->>
-stream
-x\xDA\xC5X\xDDo\xDB6�\xF7_\xE1G�\x98Y~\x88�\xB57wɶ�k\x9A%�0\xA0݃jÉ0[\xF2,9Y\xFA\xD7\xEF\x8EGÊ’\xA2$��l��R\xC7#y\x9F\xBF;Z\xCC9\xFC\x89\xB9ÕŒ\xAB4\x9E'i\xCC4�z\xBE\xDE\xCD\xF8\xFC3\xAC\xFD0�\x9Eg�\x98�}\xAE\xB7\xABÙ›\xEFU2OYj\xA4\x99\xAF6\xBD\xB3,\xE3ÖŠ\xF9*\xFF�-\xAF\xAF/\xAE\xCE/;[HÍ£\xB7\xECl\xA19\x8F\xDE-\xAF~]\xFEL\xB4\xEB\xB3TF\xCB�.n\xE1S\xA4I�L\xC2"\x9F\xE1\xD1\xF2\x86V\xAF\x96\xEF.\xCE~_\xFD4\xBBXub\xF5E�\\xA1L\xCE>\xFC\xCE\xE79h\xF0ÓŒ3\x95Z=\x80�\xCED\x9A\xCA\xF9n�k\xC5t\xACT\xA0lg\xB7\xB3_\xBA�{\xABn\xEB\x94)bm\x99\x96\xB1\x99/\x80\xD9$t\xEDS\x83q\xC65�`\x91ÄœY%dg0)\xA6��\xB8\xD0`\x8B�*\xFA\xE6{\xAD{\x9C)3Vi8�9�Y\x95×»M\xB9-\xC6&�:fqj\xED\xBC\xEF�\xE9:\xAE \xF1d\xEFR\xA1S�[.\x86\xF2\xDD\xEE\x8Bu\xF9\x91sY4g�\xA5\xE3(\xC3AGM}<\x9C �\xAD�"\xD7��IZ\xE2ɳ6#\xEA\xA6>\xD0\xE4sQ�\x87\xAC-\xAB\xCF\xC4\xD2\xDE\xF9\xFDÙ±\xBD\xAB�\xE5�X\xAB+��#Ut\xE9\xCF\xF4L:\xAA\xF7a3X�\xBC\x932\xADbTQ\xB0Tk\x8A\xC0\xE6\xB1i��@��\xE55J-\x8D\x88\xAA\xBA%\xD2\xDEI]ß—yA\x84\x8C\xEC�\xF7=% "U\x9Az�\xBCÉ‹\xFB7^/\xC7;0\x9B�VÃ\xB3PO<\xB5\xF8\xF3X\xDEgÛ¢j\xE9~8\xA2\�\xDF\xE0\x87W\xDA\xC9Wl\xB2\xE3Ö³\xF4-\x8A\x8BhQ�\xE9\xE6\xAAh�\xD2ZX\xC3�\x9D\xEA\xA06\xF9\xA9DE\xB5\x89\xFE(�?Õ™;('JY\xED\x8F-\x9B\xD0\xD2b\xFCK1�3\x90sBGm\x98\x8A\x93`\x8F\xA6��x�\xE9�\x93*\xDB\xF9\x99��ÆŒ\x86\xF5]v\xC8\xD6m\x81\xD6\xC1\xC0p\xD6\xF0\x9C��\xF1\xC0\xAD\xA7\xAD\xEB\xAA\xCD\xCA\xCAE ~\x9F\x8C�J\xAB\x94\xD9t\xA8<���\xB1\xADq\xE4ѧ\x82\xBE\x8FM\x91�\xA5\xAC .\xB2\x9C\xC8d[�<!\x82' \xF0T,\xA3�\x919\xA9\x9Am\x89�\xFCy,&\xEC(c\xCB`=\x84\x80\xF7@>eG\xCEba\xACg,\xAB\xBC\gm�\xD1\xF6.k\xE9Ö‘�a\xCD\xF9\x90\xF4\x97 \xB7&\xB1j�\xF5w\xF5q\x9B�\xC2:\xDDaD\xDD\xD9��\xF5Xe\x8CdR\xC7\xF1Ë€\xD6\xE7z�\xD0:.�h\xCD�\xA0 Τ\xEA,\xE4\xC2d\x8Ce"\x85: \xA0\xF3\xA2`�ׄd�,\x93P$p>�\xED��
-CL\xC5:\xBA\xAB\x9B\x96f\xBB:/\xBE\xA5:\xE5\xFC\x8E\xB4\xE2\xAFl\xB7\xDFzg�t�\xB1\x81b\xA2\xE2\x9E*9\x83x\xDDL\xA7\x8D\x8D�\xCF\xD9�\xF9�\xC1W�M\x90\xE2\x81&�\xB7n\xAD\xF0LYE\xE3q�\xC1\xED\xA5\xDA\xD7\xDBr\xFDHsBÔ˜\xC0\x84�C$\xA0j2ÌŒS\xAE\xFAxÔª'`�\xC69!@p\xCBH�i`\xEAY\x8E
-!7\xF7I\x8F\x93\x8FRƸ�G\xA2\xE0W\xFB\xB8/ \x9B 5\xBCU\x81\xDE\xC1�~@\x90\x9F\xB8i\x86�\xE6\xF8\xF2\xAAY\xE0\xBA�"b�rK\x80@ɵyEp\xC5R\xEC�\x88\xC9 c\xA3\xAB\xBA-\x82�\x99O)\x95\xA4L ;̨�\xA4Q\xAF\xA6\xD8nH?iT\xA7�\xAD\xAF\xB3\xCAW�\xE5aG\xBA\xD4s`o"\xB0�!\xBA:�\xE9q�I5Q>\xF9orwN\xC4]\xF6HԼ\xDC �l
-_]6T\xC4v\xA3c\x9DI\x83\x80\xCEn\xA0\xFB �VwT'8\x94R,\xB44\xEF4�\x81�\xCD�\xCA\xF6\x8Ef>\xD4\xC6\xC5\xD2 \xAAq�2b\xF1e\xC2��Z�\xE8\xA5B\x91\xDCS\x91�\x9A\xA0\xB61\xA3d\xF224\x{179787}\xA6\x8E\xAB/\xDA�\x9A�\x9B�h\xFARW\x93Д(\xE8�_�\xACãšl�M �\xEFP4w/�Y�8RB\xF92\xA4\xC5Kp$�\xA4\xB0�_�G�\xF2\xC1\x88��\xE1\x8D�\x8F\xF0"\x87GHsq �\x87GH\xC8*���\xE1b\xC0#\xA4o\xA8\x8E\x8B\xD0�\xC8W\xA0�\xDA�HO5Æ«`\xFF\xA7�$d\x92�QH\xCA�\xFB\x92\xB2�77\xC7O>Q\xE5)Q1�\xA5\x8D\xB2\xED\xB6~\xF0[\x83&\x8D?\xA7&"\xB0��Î\x96�\x9A�\xA2\xE3I\x9E�\xF3!\x90�\x86\x8C\x94S \xC8\xCB\xED(\xA6^\x81'jiQS|o\xF4\xA1\xE8\xBF\xC8\xDA\xE6\x9Fd\xAD�\xC2\xCEm\xE8\xCC�\x82_\xE3�C\xC1c�
-\xBD+\xB7��$\xC1\xF2\xE7\xDB\xF7�\xC7�6\x81\xB6R\x98\x94b\xB7!\x8F|\xE4\xF0\xE6\x84\xE2�\xDA}\x8Ai\\xD1\xE3�$Z"\xBA+T\xDA\xD7 \x81\xF4P6t\xAEo/\xAF\xCEik\xEA%\xCBw\xD0f6-\xBC*(~ytS \xCC�\xBC�\x84\xDB at z\x97UGh�'�d\xB0\xF33\xA6\xEF\xC3'\xB6\x81�
-\xBC\xA2�s\xC861i\xBB\xFCu\xF5\xE3\xFB\x9B×rYA\xD7\�\xDEÏ·\xEEq\xE3\x83Ỻj\xEAC[�w\xA7{chÔ\xF4\xE7\xC4
-\x9A \xFF0\xC7W\xF6\xD9Bp\xE8r\xB2\xC3>�%�\xD9�\xE0\x82\x92\xD4"]M\x97R�
-\xBEtl�Ww\x82\x93�\xF2-\xF1\xA1�\x8Dz\xB3\xF5\xF8\xC0\xA3\xCBk�\xB3<'\x8B6M\xE1e'|
-8Fs}\xF0<\xFB�\xFAb\xEA\xFCO\xBF�\x9C�\xDEL�\x99��ﱪ\xF7Mٌ\x81�B^ \xE0J�\xBA$\xC2L\xE18\xA0x
-
-#\xCC_\xAC>\xFD#�\xC6\xC7Sէ\xE3��\xED)^hŒ\xD4\xCA\xF0.أ\xC1\xFC{ot2qv\xA0\xC1\x9EIG\x9E0\x9D�=\xB0\xCA\xF9\xC5\xEDw7\x97׫\xCB\xF7W�\x85\xA4�;;!\xEC �\xE2\x84Y\xE8\xADC� .w\xBD\x9B\xF7y\x9A\x8E}\x8EK\x98\xA9\x97\xD7\xF7\xB1g\xA8\xF2\xB0\xE3\xDE`\xFE�\xD95\xC2<���&�\xC3\xED\xBAZ,\xCF\xCFoX/@\x80\xD95\xC5\xEELsZ!`\xF5R�\xAA\x8D\x8B'\xF6��\xF5�\xC9�032\xDE\xFF�3�S_\xF0\xD7Q\xC6\xFE3\x94\x99\xFAE�\xF0�F\x9B\xC8�\xDEI\xF8\xAF\xAD;\xFD* \x9ET\xD6>\xF3#\x96 *�A(TN$z,\xBA��i�P\xF0T\xF6\xBF�\x8Cs<Xendstream
-endobj
-2693 0 obj <<
-/Type /Page
-/Contents 2694 0 R
-/Resources 2692 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2691 0 R
->> endobj
-2695 0 obj <<
-/D [2693 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2696 0 obj <<
-/D [2693 0 R /XYZ 85.0394 526.0765 null]
->> endobj
-2697 0 obj <<
-/D [2693 0 R /XYZ 85.0394 461.8446 null]
->> endobj
-914 0 obj <<
-/D [2693 0 R /XYZ 85.0394 422.0598 null]
->> endobj
-2698 0 obj <<
-/D [2693 0 R /XYZ 85.0394 385.2356 null]
->> endobj
-2699 0 obj <<
-/D [2693 0 R /XYZ 85.0394 352.7463 null]
->> endobj
-2700 0 obj <<
-/D [2693 0 R /XYZ 85.0394 285.5926 null]
->> endobj
-2701 0 obj <<
-/D [2693 0 R /XYZ 85.0394 224.3257 null]
->> endobj
-2702 0 obj <<
-/D [2693 0 R /XYZ 85.0394 148.1387 null]
->> endobj
-2703 0 obj <<
-/D [2693 0 R /XYZ 85.0394 83.9069 null]
->> endobj
-2692 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F55 1321 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2706 0 obj <<
-/Length 1183
-/Filter /FlateDecode
->>
-stream
-xÚWMs\xE28�\xBD\xF3+|\x84\xAA\xB1V�\xD6ב$l&S�\x92
-\xA4j\xAB29x\xC0�\xD7b\x9B\xB1\xCDd\xD9_\xBF-K66�vvg\x8B�\xB6\xF4\xD4\xDDzz\xDDj��Ãx\ \xA1\xA9\xF6\xA4��Ç„{\x8Bd\x80\xBD7\x98\xBB��\x87\xF1k\x90\xDFF]\xCD�\xBF\xFCʤ\xA7\x91�Tx\xF3UË–BX)\xE2Í—/\xC3+D4�\x81 <\xBC\x9DL\x9F\xC6Ó›\x87\xFB\x91Oa^
-Ç\x8F\x93\xE9\xCD\xDD\xEF\xF0\xCE1 �\x86\xF1\xF0~<}�\xB6c\x8F#M\x87\xE3\xDB\xC9l\xF4:\xFF4\x98Ì›\x98\xDAq�\xCCL@\xDF�/\xAF\xD8[B\xF8\x9F��1\xAD\xB8\xF7�/��\xD0\xD4K��g\x88�\x8C\xD5#\x9B\xC1l\xF0[c\xB05[-\xED\xE5\x81`D\x99\xA0=DP\xE2\x91 \xB1 &\xDBLp\x8D\xA8\x92\xB4ab\xE4��[|\x8B\xD2<L\x97Yb\xB6�\xB6}&�\x85]�\xD84L"3�6i\x8B\�"\x88R\xCE+\xD4\xC1B\xC5\xD3�J\xA5}\x82\x89(�\xCBȾ\x85n�c\xBAqC\x8B,-\xC38\x8D\xD37\xFB\xDE6\xB3�\xCB\xD0\xF9\x86\xFD�\xA49\xA7\xCEy\x80\x91\xC6*\xA8\x9C\xCF\xF6i\xB6-\xE2\xE2\xF8P @\xA9�\xF3�\xA5�\x98P}$\x82�4\xE5@\xF3�\x86\x91$Dx~\xDBDEp at z\x94Ö \x8E(�\xC0\xF1\x8B\x9FÚ\x80\xB3\xC3JÅPpH\xB8Z\x92î’¯Qna��L \xD5�q\xB0\xD7�C5;�Q\xC4E\xD6\xED*\xDED\xE9\xE1�;4\xFA��R�\x8E\xB0C\xE7\xCDdv\xFDt\xF78\xBF{\x986\xAB:�O%
-\x94�G\xBB<\xD5�\xE7H)\xC9\L\xB5�\x8A\x91ϔ4R`J4R0CYޚ\x92\xC3"*-&[\xD9�\x8Bu\xEBۺ1\xA0z\xD16Z\xC4��-\xED\xC0\xB7]\x98\x96q\xB9\xEF\x9A\xDA�\xD1n\x99\xF9\xF5�\x99!#\xB6�U�\xF8u\xE0\xBE%\xCBV\x8E\xF7u\xBCX;͆\xA9}\xF8\xEAD\xBC+\x8C\xBBJ\xE1EG\xE9E\xB6\xCBGD
-��h\xFC\x9B\xFF(-\xAB\xF1l\xBB\xB7�+\xB3\xF9
-Q\xAE\xA3\xBCN\x8D$\x81 \x9D\xC5\xCC\xF9,\xF6E�%n\xF0=.]LiÖ“?\xD1\xF7x�\xA1�H\xA1\xF1\xD3\xED\xF3\xFDd:?-l.�����\xF3\xCBi\xD2F\xD5u\xE84M�\x94\xF1ܤ�\xEF\xAAYi\xCENÒ¢��\xC1�\x82*\xA9.\x87Ö zbkk\x95`\x8D��G\xDD \xEE\xCEpn\xE4\xB2 \xAB�t
-2CNζn�\xF1\xA6�`U\xFA�^\xB4h\x89\xFE4\xA9\x89\xA2\x88+\xC6{\x92\xBF��SHR\xA2�\xEC�\xE6xe\xB5\x93X\xCF\xD4\xFA-3\xFB\xAA�A\xEC\xA3K��K\xB8\xDDF\xE9\xD2�\xDC��\xA3pG
-\xF5\xEFb�\x97U\xBE�\xA6\x8A�\x9Aw��\x84\xEC\xA4 \xF5�\x9D��Q\x88\xA8\x80\xFE\x83\xB0Z\xA8�ªQM
-<r*\xE1N\xD4"\xB8\xEC\xB4�\xF58mS!5bRÊ®\xD3y\xBDg[\x81\xDB)\xDF\xD0q��\xBC\xC4.\xAB\xFF\x887\xD9\xD7}i�Ë \xB3\xEE\xFDy\x96?\xA8j\x88�v\x99\xBE�\xE8<{5Ȫ\xCC\xC4X_�m\xBF\x9A#\xE8G\x82\x8B~kÌ©\xDFn\xCAA��Bv�Ï»,��T\xD3U�\xD3*\xC7'-\x83=\x81u\xB6\xDB,\xBBu\xFA=\x8F\xCB2J{+\xA2��\x88ʪR\xB4{\x8B\xC9\xC4.�\x9E=\xF4\xF7A\xF6:\xB4�Äb2\x94\x99$tG�\xDA� \xB0a6\xB3?R\x95\x9F\xE7��\x9E.y�\xAEL\x95Q\x9E\x9A\xEB\xD2\xF8\x9B\xB5/\x88\xEB,-\xB2\xBC\x8Cw\xC9\xC1ß¡14\xFE�‚�\xD7�R\xECZ¸X\xF8\xEB$\\xF8\xE6�\xFE\xDCm\xFFsgxb\xE8\xA8A\xAC\x86#�\xED\xC7\xFB\xF1\xB5ˇh_t3\xA0>Jwaf\x9Be}O~\x8F\xF2"\x86}v\xF3\xED\xEAnz\xF34\x8F�z�\xFE3\xADcc\xE0B\xE3h1�\xBEV\xB1\xA3\xFD\xB8e\xD4H�V\x97\xE0pó–¨×¦\xCB$�z\xA6E�:8\xF3u\xC282\x9F�=\xE1↡\x9F\xFEr9|\x9E��1\xA5ΔO*\xA1HhxvA\x99\xCD�)NËœ\xFB\xC69\x8D\xFDo\xD3\xE0^\x8Eendstream
-endobj
-2705 0 obj <<
-/Type /Page
-/Contents 2706 0 R
-/Resources 2704 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2691 0 R
->> endobj
-2707 0 obj <<
-/D [2705 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-918 0 obj <<
-/D [2705 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-2708 0 obj <<
-/D [2705 0 R /XYZ 56.6929 743.9119 null]
->> endobj
-2709 0 obj <<
-/D [2705 0 R /XYZ 56.6929 710.2666 null]
->> endobj
-2710 0 obj <<
-/D [2705 0 R /XYZ 56.6929 638.9488 null]
->> endobj
-2711 0 obj <<
-/D [2705 0 R /XYZ 56.6929 573.5178 null]
->> endobj
-2712 0 obj <<
-/D [2705 0 R /XYZ 56.6929 493.1666 null]
->> endobj
-2713 0 obj <<
-/D [2705 0 R /XYZ 56.6929 337.618 null]
->> endobj
-2714 0 obj <<
-/D [2705 0 R /XYZ 56.6929 269.222 null]
->> endobj
-922 0 obj <<
-/D [2705 0 R /XYZ 56.6929 226.5437 null]
->> endobj
-2715 0 obj <<
-/D [2705 0 R /XYZ 56.6929 188.4488 null]
->> endobj
-2716 0 obj <<
-/D [2705 0 R /XYZ 56.6929 154.6889 null]
->> endobj
-2717 0 obj <<
-/D [2705 0 R /XYZ 56.6929 83.3711 null]
->> endobj
-2704 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F41 1218 0 R /F53 1313 0 R /F55 1321 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2720 0 obj <<
-/Length 1946
-/Filter /FlateDecode
->>
-stream
-xڥX[\x93\xE2\xB6�~\xE7W\xF0�sj\xD1\xD1\xC5\xD7Gvf\xB2C\x92e7�\x9Bʩ\xCD>x\x8C \xD7�\x9B`3\x84\xFC\xFAt\xAB%c\xC0\xB3[\xA9S<\xB8\xD5j\xB5Z}\xF9\xD4B�9\xFC\xC40��W\x89?\x8C�\x9F�\�\xC3l;\xE0\xC35̽��+3vB\xE3\xAE\xD4\xDB\xC5\xE0\xBF?\xAAh\x98\xB0$\x94\xE1p\xB1\xEA\xE8\x8A�\x8Fc1\,?{\x93\x8F��f\xF7\xD3\xDFGc�p\xEF-�\x8D�ν\xF7\x93٧\xC9/\xC4\xFB8J\xA47y\xF70\x87\xA1\x88\x94�!)P.\xE4\xDEl\xFEp\xA7�'\xF3\xC7ї\xC5O\x83\x87EkS\xD7n\xC1��\xF4\xE7\xE0\xF3�>\\x82\xF9?
-8SI��\x8F0\xE0L$\x89�n�~\xA0X\xE0+\xE58\xC5`>\xF8\xB5UØ™5K\xFB\xFC�\xA8\x98�\xB1\x8Cz�!\xC5P�\x96�\x81\xBC\xF0D\x90\xB0PIe<q\xFF0\xBF{\x9A~\L?\xCC\xF04\xB0Fv\x9CLJ\xE0�\x96(?1¿\x8D\x84�\x9E\xDE\xD7yUÖ£\xB1RÜ«V\xF0\x95\x89\xF7v:\xBB'NB\x9FÃŽ&\x9A\x8A\xC6i\xB9$"/\xB3\xE2\xB0\xCC\xCB\xF5\xCDB��\xB1I\xADhJ"χ5\x8D\xB3\xF4P\xD3B�<\xBE\x9FÜç“\xFF\x90\xD0b>}G�_\xF5\xC9�w\xDC\xE4\xD9�\x8F\x85�i=��9\xEA\xFDHÄž\x86\xE0\x86\x89WT\xE5��\x86n6i\xE9(;\xBD\xCC׺n\xAC\xA8.\xD7͆h<\xFA\x85\xE0&\xAD\xEDTZ\xAC\xAB}ÞŒ\x84\xB7\xD9�\xE7��\xF0\x9Ci\xF6�\x86\x91\xEF\x81Ý‚&\xC8\xDA\xD7\xCD�!'\xE29o\xEA\xF3j�\x84}�\xB3\xDA|\xFF\xAC\xCD�\x9C6\xE0\xE22\xC3rÚ€\xD4M�\xD6 +Z\x91೦\xEF\xA1\xD6K\x9A\x81\xB8U{r[\xD6�'\x93
-V\xC3Z\x97z\x9F6&48Ni\xEDV\xD7u\xBA\xB6\x8A\xD2�\xF8\xA9l\xF2�䪒\xE4\xB2jig\xC1†xǴ\xBE<�U,\xEE\xBE\xDD\xC1\xDA\xE7BS\x85�s��\xA0*м'\xF2~6'"\xDF\xEE
-\xBD\x85
-\xCDv5ku\xC6,\xE4 \xE9\lrL��\xDA���Bh9Z\x97H��9.\xFFB' ;/\xE9k\xB3�\xA8\x84E��*\xF6�\xAB\xA3~�C @\xE0�e\xFC\xAE;:H~\x9B\x9E\x88\xC0d\xD6N\xAB;\^\xE4\xCD\xC9Y\xD0�\xAD�\xA1W�K<"\x92XH=\x91/\xF5\x91\xC2�y/m\x85J?\xA44�.\x9A\xFC\x86\xC8\xE3F\x974i\xEB \x99\x980Da�1\x8B�\xA2\x83�RH��a�[\x9B\x90\xD4\xD9x\xB3M\xB3\xB19�\xD4\xFB-~\x841\x8B\xFDX\xD9�\xDBj\x99\xA3\xAC\xAEi\x9FfS՚\xECpy�\xD9�\x8C<ʴ\xBA\xA9\xDAJ�1릱q\xC0XƂE�\xCE\x91)և\x98\x9E\xFDQGd7\x9Bpc\xD1\xEAD\xB4IZ\x81\x96\x9CS[\x82�\xB1w({\x9C\x91H�D\x80\xB5\xFF\xC6�Q\xACB\xBB\xC0\xC0!n[\xEFt\xD6\xDA at PBV\xFCP[\xBB�K�\x90\xF8\xBC\xB3Pg䚆\xC6TT��\xE0\xACm+]䥆<U<\xF2\xA6+r\x9F��S赋<\xA2\xE5\xF1\x95~�c\xAD\x80ǽ�P\xCDa��-\xB6\xC4\xFC\xBC\xB2�L\xA0[\xC0\x8C\xE9\xAE\xE8�\x8A\x8B\xA3��12\xF4\x89~>5&M\x80\U{",h\x9AM\x8Di\xD5�lYo\x88G\xA0\x88a\x8B#\xAF\xB2\xD6 �\xF7\xA1\x89ծ\xB8$튛\xF5*\xF6\x89I\x97�1�!��\xB1\xA4\x85)钦R�\x85\xBA#\xA2\xEB/\x9C?\xE6EA3\x88\xA5ȱ0i\xB0�\xD8�\x94h^�j\xE2\xD8\\xA5g\xC5t\x9B \xC3\xF9\xF3,$\x8D�{P p\x82\xF0\xEFl
-F]\x90s\xA7+\x9A\xA4 �W1�0rvyYY�M\xFFy\xC8\xDB2�&Xn1\xE6M\xAB\xB0\xB4\xB8\xDB8t\xC6\xD3#\xF5l�\xED\xF6yi\xCE\xEE\xC0\xBB:XY\x87�t50s�\xB9\x82\xEB\xF4/pT�1�IjF\xA0 \xFB\xF44]\xFC\x8Ft\xDC}\x98ͧ\xF7�O�\xACn\xECf\xE6\xDFog\xE6\xED\xE91Ӹr\xB7\x90q\xFE\x8B&�]�Hѩ\xE9��\xD5S�*\x88 bp�\xFF_\xC1\x82/\xB8p\xB0к�6\xAC7�lW\xEA%zY\xC0\x8E\xC6a0\x91\xD6dBc.0\xE4\xB8\xEF\xA6:\xBA)\xAB�\xDB$\xA2vT3M\x95U\x85�P\xF0\x86/dp\xD5�U\xFB\xAFX�"\xA2\xEB��\xED\xCC\xFD^\x95\xC4N\xCB\xD31maR\xA9\xC0\x84�g\x96\x95\xA9+Xb2\xC8�\xAFp\xDB�4
-4\x86\x9C;\xEC\xCF�=�\x84\xF2\x9E~\xBC\xA3I)\xB8߮׵\xD1\xEE{H\xE9\xFFL]\x9D\x88\xDA\xCE�\xA5�}\x90\xFB\x99.[\xE0\xD9r\xE9){�\xA3/\x941i7\xA3\xD3,ӻ&m\x9B\x8Bg\x97\x9Bm\xA9迚}Jd\x8Bi\x98\xC8ա\xB8\xAE\x99:_\x976\xA1K씨0J\x9Bli\xAD\xAFT\xAF�ef\x9B"\�\xEE\xC1\xF0\xE4ߪ�eK\xE1\x81\xD6N~\x99 q\x95\xBC\x9E\xF7Լ\xA0|b\x97-\xB7y P�1\xAEl#\xF5\xA4W\xB6G.3k\xE6\xFB\xB4<\xA4EO
-�\xC8a�\x86\xEEj{\xD3c\x81ϒX\xB8>\xC0D�5\x9Ah\xDF\xEA\xF3�\x83NЕ�\xEB;?ԃ\xCF\xFCD]B\xC2\xE4\xD3\xE2\xF1\xC3\xD3\xF7�
-@\xB4/�\xE8\xCDOu\xA3\xB7\xB5\xC5� e\xA8\xBA\xFC\xB0=o\xEB3\xE5\x87\xCE\xED>\xDC\xFB2\xA4|\xC27\xE1h,8\xBC�KHke \xDB\xE6\x9D
-X�p\xDF\xC8\xCDÒ~\xC5*x\xF4D2\xA6�\xAEUa,\x81\xD0GD\xB9{\x83F\xE6\xF5I\xA4\xDB\xEF{Hy*\xAB�\5\xD7\xCF\xD5�Þœ
-�\x8ER�ЦA_\xD7\xF3\xBC�`\xAE��\xCFz\xDF\xE0\x9C\xF1 \xDE\xD4\xE3\xAE
-\xF3\xF4\xF4E\xCF�\xBC\x95\xBA<\xAE9A\xA0:�\xE0\x85�EAl3\xA0N��U\xC8/z\xA1P \xEAXX\xAAizYmÓ¼\xEC\xCD�\xA7\xF1\xC21\xB7\x8F_\xF1z\xD2\\xD9{\x99\xB1\xD0\xDBEqd\xEDu\xF1”Rp\x9F\x97\xF4u\x81Sp\xBD\x8C\xCC5/<�l\x98{Né¥�\xF5q\xCA\xCC\xE3\xA76i\x8A\xFC�\xADm\xD5�o\x97\xEE!\xB3\xC0 \xB5i\xED\x94}Ñ T\xE6v5\xD7/|�\xED�\xA6Æo\xB6\xD1\xD9W˲\xDD\xC4\xD8�\xE4\xE2BxI\x8B|i\xDE%æµµ\xBA\xC9C\xFB*\xA4V}Y;\xC0\xB3\xD0z�Ew\xFB\xFF]a3\xFA\xFDÄ<\xBD\xFB\xF4\xFEa\xB6\x98\xDF\xFC\xD1b\xF3.�\x98\x92<\xF9vnv\x84Ü¿"\xB7\xA9\xE9\x84\xDA|\xBB\xDA�\xAEhÆ£\xE4\xDB[\xB6B\xB7{^\xE0%���\xF9妋\xB6'3\xD9N�\x93\xB9\xB0_\xF2\xA5s\x9C ]\xF7\xEA8\xC3E[�\xEC\xB5\xA5 \x91\xF0\xAF\xA4�\xC3y�\x83\xFF\xFB�\xAB\xF3\xDFr>�2\x8Ee\xBF���PU\xE0)k�z at Dѵ\xE9\xED[\xB7\xB6\xFF�\xB24�\xFDendstream
-endobj
-2719 0 obj <<
-/Type /Page
-/Contents 2720 0 R
-/Resources 2718 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2691 0 R
->> endobj
-2721 0 obj <<
-/D [2719 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-2722 0 obj <<
-/D [2719 0 R /XYZ 85.0394 752.0914 null]
->> endobj
-2723 0 obj <<
-/D [2719 0 R /XYZ 85.0394 555.924 null]
->> endobj
-2724 0 obj <<
-/D [2719 0 R /XYZ 85.0394 468.7059 null]
->> endobj
-2725 0 obj <<
-/D [2719 0 R /XYZ 85.0394 405.3981 null]
->> endobj
-926 0 obj <<
-/D [2719 0 R /XYZ 85.0394 366.2553 null]
->> endobj
-2726 0 obj <<
-/D [2719 0 R /XYZ 85.0394 333.1561 null]
->> endobj
-2727 0 obj <<
-/D [2719 0 R /XYZ 85.0394 297.5057 null]
->> endobj
-2728 0 obj <<
-/D [2719 0 R /XYZ 85.0394 231.276 null]
->> endobj
-2729 0 obj <<
-/D [2719 0 R /XYZ 85.0394 170.9331 null]
->> endobj
-2730 0 obj <<
-/D [2719 0 R /XYZ 85.0394 95.6701 null]
->> endobj
-2718 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R /F41 1218 0 R /F53 1313 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2733 0 obj <<
-/Length 807
-/Filter /FlateDecode
->>
-stream
-xڥUMo\xA30�\xBD\xF3+8�\xA9\xF1\xFA�\xAC=\xD14\xFDR\xB7\xED6\xA9\xB4R\xB7��H\x82�\xA0
-\xB0U\xFF\xFD\x8E\xB1\xA1$\xA1\xD9\xC3*R�\xDB\xE3yo\x9Egl\xE2b\xF8�WH$�U\xAE\xAF8�\x98�w\x919\xD8]\xC1څC\xACϸu�\xF7\xBDN\xE7ηs\xE6\xBB
-)I\xA5;_\xF6b����q\xE7\xF1\x93w\x8A(A#�\x81\xBD\xDB\xD9t\xC2.\xC3\xD9\xE5hL\x89Ϙ�\xDE\xDFOoÏ®~\xC1X`\xF0�7\x8C\xBD�\xE1\xEDcxc\xE6\xEEG\x8Az\xE1\xC5t6z\x9E_;\xD3yÇ©Ï›`\xA6 \xBD9O\xCFØ\x81\xFE\xB5\x83�S\x81p\xDFa\x80�Q\x8A\xBA\x99\xC3�C\x823\xD6\xCEl\x9C\x99\xF3\xB3�\xD8[m\xB6�\xE9\xC0E\x80�\xE5��\xA1(\xC0tX,\x82|B\xC0\xC7\xE7�8\xAAO\xB1(��\xAB\xF5\xD2bE\x9BU\xB1M\xABu\xB6\x9F.\xC1D#3\xB7�\xF4 \xBA\xF3�\xC0\xA6=l\x82%�\xA3\x90\xBB\xE0!H\xAE\x84\x97\xD7\xD9K\xB2\xD56\xF7\xD2<N�Q\x95\xE6+\xB3V\xAD�\xB3\xB0\x8Eʵ\x99\xEA(\xC3\xE9qνI\xBDÝŽH\xE0%y\xB5\xF9\xD8\xDBU\xE4\xEDTY\xBF\xBE�\xDB*\x89\xBF�g\x86\xCBb\xAB\xA5pÇ”#\x85\xA5Α %�m�7�5�3�xii\xBE\xB3\xCBpLN\xC0\xA6\xCC{_\xA7\x8B\xF5\xEE\xB2MH\xE3\xEA\xE1ˇ\xF96�\xB5\xD1&\xAFm\xF2�\xBE\xCC\xF7�E^&o\xB5MH\xAF\xFC\xA6\x94�\xFD\xB7�\xBC\x8Bb\xF2\xD4V]&\xCBzc\xEC?ѦN\x9Alp\x9B\x86i�\x9DdS\xED\xD5Z\x87\xD2V\xD4h\xB8\xAA3 at E�\xB5o+L�>\x88B\xD8\xF12\xEC{}]\x86\x9D\x97&\x94V\xC9�N�\xF2Þ‡V
-��\xFBǡ[\xA7�\xE8\xDD*\xE4(`t�z\xDE\xD4
-(Е!\xD8\xC5Ҫ�ǩ\xA6�m\xAC^i\x96\x94\xADtv\x9F-%\xB0\xCAuQobc\xBF\xD8\xD5\xD7d�jgI\xFC\xB5\xA8\xD0\xE3@\xE6_\xA2\x{1BC388}\xDAz\xE9\xCC\xE2"\x8B\xD2\xFC at P\xE8XI\xD4q\xD8\xD6i \xB6/\xA8\x92\xFA�\xA3\xBB\xB0\x9D\xA0�߈�ev\xB6*v�\xD2\xF2Yu\x9A\xA4\xBAv[\xBAc֜+\xDC.L �wH�6\x9D\x9A\x9D\xE1\xCD\xEC\xCElc\xAAG
-\x9B\xDEå„›\xE7\xE0\xEA\xF6\xCC\xF8+\xBB-\xCE\xD2<-+(\xB8\xB6
-�\x92ebï…\xA5\xF5#\xCAk8u\xC3j\xA7\x88d\x80\xA8\x94�pt\xF8\x93��\x80�@u�\x87\x87\xF3\x89\x89(\x88��\xF1\xE0B\xA4\�\xEB=\xAC�%�q\xB5\xA7C\xF88\xBF\xBC{�\x88\xB8'\xC0U�Í•'\x95a1\xFB(\xAB$\xB35<\x81\x86\x83K1\xAD\xB3\xAF^; \xE4\xC35\x82;\x86\xFF\xFD�~>\xF7\xDCG,�\xE8p\xB5Q_ \xD8,[R:9\xE2�\x87}\x85�e\x92�p\xFF�\xA0B\xFAcendstream
-endobj
-2732 0 obj <<
-/Type /Page
-/Contents 2733 0 R
-/Resources 2731 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 2691 0 R
->> endobj
-2734 0 obj <<
-/D [2732 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-2735 0 obj <<
-/D [2732 0 R /XYZ 56.6929 615.679 null]
->> endobj
-2736 0 obj <<
-/D [2732 0 R /XYZ 56.6929 555.6269 null]
->> endobj
-2731 0 obj <<
-/Font << /F37 1026 0 R /F21 938 0 R /F22 961 0 R /F39 1161 0 R >>
-/ProcSet [ /PDF /Text ]
->> endobj
-2059 0 obj
-[930 0 R /Fit]
-endobj
-1908 0 obj
-[930 0 R /Fit]
-endobj
-1589 0 obj
-[930 0 R /Fit]
-endobj
-2737 0 obj <<
-/Type /Encoding
-/Differences [ 0 /.notdef 1/dotaccent/fi/fl/fraction/hungarumlaut/Lslash/lslash/ogonek/ring 10/.notdef 11/breve/minus 13/.notdef 14/Zcaron/zcaron/caron/dotlessi/dotlessj/ff/ffi/ffl/notequal/infinity/lessequal/greaterequal/partialdiff/summation/product/pi/grave/quotesingle/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 127/.notdef 128/Euro/integral/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE/Omega/radical/approxequal 144/.notdef 147/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe/Delta/lozenge/Ydieresis 160/.notdef 161/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]
->> endobj
-2094 0 obj <<
-/Length1 1628
-/Length2 8040
-/Length3 532
-/Length 8905
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDte\\xD4\xED\xB66\xD2 \x88t\xC3\xD0\xDD\xDD\xDDݡ\xC40�00\xCC \xDD\xDD\xDD\xDD�\x92\x82R��"��\x82\xB4t �\xD2ȋ>\xEF\xDE\xFB\xFC\x9E\xB3?\x9D\xB3?\xBD\xBFw\xBE\xCC\xFF^\xD7Z׺\xEE�7�\x8D\xB6�\x87\x8C5\xDC
-\xAC�\x87\xB9r\xF0pr\x8B��t\x8D\xB4\x81P(\xD0��Wç…C\xAD�\x8Ff�L��9g0\xD0��\x87\xC9�]\xC1\xA2 #\xB05@���\xF0\xF2�xDDD0� rp'/g\x88\xAD\x9D+\x80\x{144314D}\x8D\xFD_\x96\xDF. +\xAF \x8F\x91.�[�\x80\xF1\xF1\xC3��\x85;9\x82a\xAE\x8F�\xFF\xE3@=0�\xE0j��\xD8@\xA0`\x80\x9C\x96\xB6\x89\x8A\xA6�\x80YI\xD3 \xA0�\x86\x81\x9D\x81P\x80\xB6\x9B����\xA8C@`\x98�\x98�`�w�@\xFF: @p\x985\xE4\xF7\xD5\8�\xB9d\ @\x80\x8B���y��{\x82\xC0N\xBF!v\x80�\xD8\xD9�\xE2\xE2\xF2\xF8
-\x80\xB8 l\x9D\x810\xD7\xC7�\xB8\xC2����\xEAf\xFD[\xC0\xA3\xDD�\xFEG\x90\x933\xFC\xD1\xC3\xF1�{$ӆ\xBB\xB8\xBA\x80\x9C!N\xAE\x80Ǭ\xDA\xF2\x8A\xE9t\xB5�\xBA\xFE\xCE\xED�y\x84�p\x9BGOk8\xC8\xED\xF7\x95\xFE`\x8F4\x8F\xA8+��s�\xB8\x82=]\xE7\xB2��\xAC!.NP\xA0\xD7c\xEEG2'g\xC8��n.�\x98\xED\xBF�\xB0�\x9C\xC1\xB6 at gk(\xD8\xC5\xE5\x91\xE6\x91\xFBwu\xFEuO\xC0\xB9=\xD0\xC9 \xEA\xF5'�\xFE\xC7\xEB\x9F� \xAE.`\xA8
-'&�\xEFcN\x90\xEBcn[��\x93\xEB\xF7\xA8\xA8\xC0l\xE0 �\xEE\xBF\xEC\xD6nN\xFF\xC0\xDC\xC1\xCE
-\xC4\xFC{fX�E \xAD\xE10\xA8�\xC0�l\x83É¥ w}L `\xFE\x9Fu\x99\xF3?\xD7\xE4\xFF@\x8B\xFF#
-\xFE\x8F\xB4\xF7\xD7Ü¿\xF7\xE8\xBF,\xF1\xFFv\x9F\xFFN\xAD\xE8�\x85j��\xC1\x82 \xFFxc \xEA\x80ß\xCCs�:B\xA0^\xFF\xCE\xFD\xEF\x9EF\xE0\xBF4\xFE;��W\xE0c!d`\xB6\x8F\xCD\xE0�\xE1\xE4�\xE6�\xF9�\x80\xB8(B<\xC1\xD6\xDA�W\x90�\xC0��}\xAC\xD4�\xBB�\xCC�\xEC�\x85\xC0\xC0\x8F�\xFDSL ��7\xF7\xDF0};�\xC8�\xF6\xBB\xF4�A`\x98\xF5\xDF\xE5?6\xE9\x8Fx.�ey9�u\xB6\xFF\xF6\xAAr\xE8A�\xA7Ë‚GP\xE8\xAF�\xED\xC79p\xD5\xF7r��\xFEo:#
-\xB8\xF5?�\xBF\xF9de\xE1\x9E ����^ ��7\xCF\xE3\xFA=*�\xE1�\xF0\xFB7\xB9\xFF�\xF1\xFC\xEB\xAC�tu\x86x�^psr?Fr�~\xFFs\xFF\xCE\xFDO�\xC0\xECo4
-0�\xDC\xFA\xF7\xE4\xE8\xB9�aÖ\xC3\xF6O\xC3o�\xE4\xE6\xEC\xFC\xD8\xE3?\xFB\xFFx\xFD\x9C\xFF\x8C=�\xEC �a.\xCC\xC1Ab\xA1\xF6\x999Y\xAE
-\xC4��\xA3\xF2/z{x\x90�œ*\xDE\xE8\x97��\xD6\xC1\xBB�2#\xD7Dj,\xEF\xEA\xC38\x9B\xC7E\xB5y\xCD\xEE;\xDDo\xAA\xB2n
-\xF6�A\x99\xBA\xD3\xC1ߋ(\xFC\xE8X>�\xE3.3v�\xB1m�s\x99W`g��\xC5\xFA�Ϩ\xAF"\x9B
-r�n\xAD\x8F\xEA蚗ߡR\x8Ew\xF09\xA3�_\xB2�ҹ���\xD0_8=\xF3�e4%�v>oF\xC0k(\xD9?`Lٽ\xBC`\xEA�\xFA4\xF0\xB1\xFB�\xE5\xC3&9[~��\x83\x98;26cL\xE0\xAB|r)S\x83j\x85\xD7\xCDl(\xDF\xDB
-b\xAC\xC57\xCE\xDF\xCA\xE7\xCFV\xF0\x99h9\x8D\x8E\xF9,\xA2I\x82\xB0R\xCA�\x95\xA0�e\xAE\xE4ß·R�\xC6%=\xB2\xEC\xD9
-�\xEAt\x9B\x9C(�\x86\xCC�%\xB3LÇ\xEE)\xAE\x8E>1Ù¥\x91\x84\xB5\x85^\xD12\xBC\xE9\x88O\xA3\xDD %\xF5\x89>\x95pj�Õr{2\x96\xC2w\x90\xCD<\x96g�\xAC\x99-j\x97!3c\xE4\xE1akI\xE8,A\x8C$\xC1L\x88\xC7Æ‹J\xAF\xB3n\xF6\xF9U\xBB�\xCFm\x9BÞ‰D3
-~"\xC5V\xF6\xE8=\x94�\x8E\xF2\xED\xED`\xF5\xA7\xEF�3���t;k\x87\x96Bf?\xF5[\xBC\x84Y\xAE�\xA4\xBE\x9Aa\xA3\x84+�g�l\x92ft]\xCEB\x82�\xB2w3\xEB\x8B,\xA3\xAA\x88\xF4k�\xEA�y\xF4\x92\xAD\xFA\xC5>��\xA1\xEF\x84m�\xF3W\xAF�\xB5r\xC5\xFD\xBC0�ϔd\xCB#\xBB\xA7B\x8A\xB8\xDDUJ\xE0\x9E�u\xD5�\xF1\xC6�I�\xCD\xF4a\xF2\xD4\xE3�\xB7׸\xA7�\x99 ��\x9EL\xA6�\x80\xC4d\xF4<\xADc\xCB-8\xE0җ\xA3t\x89\xC4�\xBA4\xFA\xA3|\xA9D\x84\xA1\xB9\x9A�\x8C�]\xB8\xE3\xCF\xDFE\xAF\xA1�>\xD3�R\xB79�xy\xF4\xF6\x8E[\xCC\xEF`\xBA~Ͳ\xFBD\x9C\xA8�'\x88\xBA5e�[-0GM\xD3=K\xCA\xCAJ\xFE&\xE2&\x92P\xF8S\xA48\xEB�\xE3in�,\xF5 2PU\xABr`Z\xC5\xC4\xED\xA2v8Q\x97\xC1\xE8\xCD \xD7\xEB\xAFo\xE3\xBBo[\x8D2\xDDO2Ӿ\xD0m�/\x9F\xDF\xD7Y\xBF\xFC\xECvV\xB9"_=5ӛ\xE9�\x9D\xB6\xE8 \xE1a֙7\xFEv�|g \x93y\xD7&"Y\xE6�Ж(\xBE+\xD0M�o\xFB\xC1|\xB0>�\x9B঱�vZ\xCEI\xA0\xCFW�\xB4\xC4%\x90^\x91\x9B�\xFC�\x88\xAF\xAD\xDA]\xD6%\xBDZ\xC6\xC1_\xCF@\xC4R\x81d\xE7\xD2\xC49詂\x86\xF5\x91k\xE3\x9D�C\xBE\xA5Hz\xF5Ol�n\xD5��\x9E�\xDD\xCD\xE0\x99>{\xF3b\xD97�U^|\xE4-)G?
-8\xF2�Þ¼x\x93m\xEC\xBE%�\xFFj�\xE3=!\x95\x9A[\x9E\x9E;[#ÆŠ\x99��\xE9J�\xA9/A%\xD1v�\x96\xB5\xFB`\xE9i�\xF3\xF6\xED؜njP~^z\x95\xE7Q\x957��\x98\xBF\扯\xE2 \xC8\xDB.|\xE2\xF9\xFA\xC1�è\xE9\xE1\x99 \xAA9�x\xB0\xB6`\xF7V\xB6v\x99\xF6\xC9Ý\xE7\xF1\x96%\xAE\xA8�\x8Fe\x9D\xDF�\xF9\x81\x9DbU\x80|;0}\xF5d\xAF\xBA�G\x8A\x9F\xA1*\xBAS{\x85\x9D�Oi,ÚŸ\x8B\xED\x960M\xBEU�_jL\xAC at q\xAA?Ôª�uo\x9B`\xF6@\xE8\xAD\xC5\xFB-\x80\x9B\x9D-\x8F0M\xFAp_��\xF0\xE0*K\xFE*\x9A\xB4ll\xB48\xF0c\xA9\xEF\xD1J+cC\xF4�cr\xF7\xAE4$G\xA1\x8C\xD5<;i\xA8Wi�Ùª\xB5\x87\xFD^g\xB5\xA3�\xBE\xD5N!\xCE*{\xB6\xA3\xF4\x85\xC6W5'x\x8Ds��^\xC5\xCD&o`C\xF0\xB8O��\xEF\x8AP�Ñ©4e\xBCB\xC39j\xDD�\x92N7t�\x922_M\xB4Ô¢�\xE4�Ô¸/\\xE4_\x89\xA2{\�\x94\xF1w\x93Ï‘\x90q\xFA�\\xAE\xFB\x9D�7\xABX\xAD\x94\x83\xDEA\xC1\xA5}\xC6
-\xB8\xC8\xF7\xBB\x8Cq\x84z`\xB2\F棖\xFBE\x9C!~\xF5����T\xA6\xBE\\x8E'4/�\xFDC\xEEe\x96�7,\xEE9t\xE3Ò¾\xC21��\xA6\x92\xB7IM^y�/\xA2\x98kIm;\x98\xA8\xBD}O\xAB\x95o\xD0Hâ•¡\xC76\x97]\xED��7��\xF4h`\x86��J\xADT\xC2cwe\xF3f\x9CkÔ\x97�\xD5R\xD0\xD3(9%\x90Ö¯�c
-ӷ�_܀\xA1\xE8\xFC\xEAr_7\xFDGm\xD4&\x9CЉl\xDEƎ
-K\xEA#\x9DT\xF0�Ö†\xA7\xF8\xF1\xDE�\xBF\x9A�\xFBDE�&\xF1\x9EËœ^QH\xB6!\x92Þ»\xB8>\xE0�\xE1\xC9\xE0̹\xE7$\xDAx\xFEF`\x8A\xD7\xCD4I\x8E at N@\xD2\xD6>_�9�\xB2J\xBE\xC3��E\xFAO\xEA \xE1�\x98/kI\xC9u~~\xA6r\x96\xE6w0\xA7\xF8F\xBC\xD6\xEB!\xC5\xDEÍ<-\xD1:yLj]\xF3C&\xFC�w\xCF�\xF6\x9D䟃!\x95\x93��\xAE�\xB2h!\xB6�\x916\xF2\xD5\xDD\xFDO\xD2\xD1\xE9\xC3Vwc1\xCC�{\xF5�X/�MHÕ¼\x93\xF8\xCDT(\xAFm\xAD)5~\xDE\xF7\xFA?\xC96n\xF0\xFDY�\xBA\xB3`\xE6j�\xB6]`.\xD2�\x92\xB7Ë�im�zd\xEB\xF8jXJ[�\x94\x98OX8w\xE2�\xEA^\xDE\xD4G\xD3\xF6\x86\x90^&�
-\xCC\xE8WZG\xC5\xEF] \xF0\xCD}\xD9��\xA6L5\xAB\xFBrk\xCEw\xAFC3\xED\xF1TS\x87n\x87a\x86\x92\xCD|\xAD\xEFD\xD4R\x94\x88�\x9F\xC6\xFE\xDAg\xF2\xFD\xB7\xAF0,\x82\x85\xFE\xABd\xF16�\x9B��\xF4@\x87\xDA�\xF2 \x8B6~\x83
-u\xFF'\xA2�\xB5?�s_\xAFЇ\xF6\xFF\x8A�\x98'u
-B\xEAH\x97\x82?\xFD
-$O\x8D\xED�\x9C\xE0Å€D\xC8 \xE5\xECص\xF6\x84\x{1E543D}O%\xA94��\x9Eñ¢¯\x91\xD4\xF0�Q\xB1\xA18M\x94\xAC|\xE2��\xE3h\x83\xC2!\xE3\xEBa\x9E!\xC9\xC7�86e}Y\xD07I\xCFW\xEB]\xB6\x8E`\x85\xCF\xDC&\xC2cD\xD7rZ\x8B�î”…\xB5\xF6\xED\xF2j\x97\xAB\xA7ÐŒ\xF46Z\xD1\xF3\xC9\xCE�\xF5\xBB�\xA7
-\xC9�D�d\xDF\xC6\xE7x\xE3T �4\xE3\xA5\xE9\xD0|\xF9�w%h\xB1\xA0V\x96\xBEtf\xB0\x8B\x90\xF0\xC3/\xF9\xE4�anЇh\xB5\x95]\xAA�U\x95\xB2\xC6f\xD1h\xAA\x81\x9D\xA5Hm�9�\xD4a\xEA\xEB\xF4\x8D\xA6É’T\x9B\xC0\x85\xE1/\x89\xA1\xF8�O\xF5\xA3\xE8��\xEE.\xEA\x9A;{?W\x9B\xA5~#\xC2\xDDG\xC2\xDAM\x86\xD1\xD0uEh� 7m[E\x86l\xFB\xCC\xEC�\x92�\xE3\xCDcT\xB1�\x88U,ͧ\x98\xA4\xF7Ö„\x8F\xBDw\xFA\xB0aV.\xAF4\x9Eg\xAE\x8Fr\xA0\xAFR�\xAB\xA9*\x98"�\x82\xB6\xB1\xBA\x9E\xBE�<\xAB0\xDB\xCD�Ê\xF5\xF2\xC2h\x84�\xDB� \x82\x86\xBDz\xAB\xC3�\xF7î\xEE�Û²�\xB1\x9E\x88 �\xA9\xCB_>)FM\xC1�\xBFEI\xD5\xFA\xAE\xB4\xCBR\xC9s�\xA1b\xCCo�\x81\x99\xE7-:\x83\xD2\xECX\xD6S\xA2\xAA\xC8�\x9C\x87�(2\xB3\xDC{Y\xA51\xB3$\xCA&?\xCEIX>\xB5W\xD1Ѓ\x9A\xCD\xE7�nP\xCA�\xC9L\xC7@\xBC\xA6\x872\x97\xADe\xFDS\xAC+�\x8B\x86^WD�\xA3gu\xA6\xED\xF7\xF9B�\xFC]8\xB8\xEFOÔ��5mV�l\xB3\xD5\xE9\x94�V\xCB(\xBC\xDBmN^nml\xA0�\xF7\x92�s \xCA\xF5Ù±�\x85-
-�\x99x\xB3\xE0iΛ*\xB5� a1ן\xE1u\xAB+ at N\xF1s�\xE2)\x8F,#G�u-/Jե�[\xF2m\x9A\xAC\xBB\xBA_\xE4>T\xC2\xE5g?\xE2D"�gC\xF35\xAE\x99,�\xFD\x92�\xABg\xBA%q\\xC9w&\xE1٤ۇ\xF8=rM\xB1\x89\xA9\xFEA\xD3ǯ{\xCA\xF2\xBEfņW۲%\xA7\x9Bs\xB6J\xA1\xFC\xEA\xED;<IU~OsZ\xBDz\xC9\xFE\x99\xCA%\xB1+y\xE6\xA8\xCFf*\xF0^L\x83\x98\xDD\xF0v�Oz\xC2 at 1'Y\xB0\xFA\x8DJK\xCD
-\xB6_�O\xAE\xF0�-\xA1;�\x85\xAE�u\xA7u\xAA\xBAX\xC4�[A\x8C�\xF9\xD7×¼�^L�\xB9\xEA=_󱑵ħ�\x8AfJ\x97\xE4\xCC�;7\x9C1\xBE,`_q\x94�\x90\xBE\xB49\x9B�\x8Cx\x95\xB1t\xFE\x94 HcJ�_\xDF\xC22�'Vw\xB3>7\xA5\xD2\xC2"��\xA1\xE4\xC9U\x92wlQ-Of\xCC\xDAS\xE1\\xD0*\xA1BI:\xE0\xE0�\xACe\x92,Ï\x97�\xA8x�F)f\x91\xFD\0l\xB1�\xF7\x84\xBDÝ…\xC7v\xE3\xFB�\xC1��\x82\x84�@>:\xFBY\xB4\xC8\xC3\xF7�\xB5[e|&�.$��U\xCE;M\x93\xEDj\xB9\xAA_\xB8=*\xDE�\x9D�� \xE4S\xF3\xAB\x97M\xBE\xBE�r\xB5\xF8ds\x82\xEFP�\x82\xD2�*\x81\x92\xF7�\xD6\xE5ß �`2\xAC\x84 \x9A\xEA\xC1T^\xA3\x84J\x92\xA2\xB6\xA6\x9E\xA6\x9F�+�\xF5\x90\xA6\xD0\xDB�c8Î\xCD(\xA2\x95\xC9\xC6O\xFBX\x99rZu"\xC2&U =o\xF6E\xB1\xEAPy*2\xDF\xEE"�V\xE5\xD6T\xFA\x95\xBC\xD0c�&\xFA\xF8\xBC-\xFF{\xC4A\xCA+jV\x95�f\xB3\xFE\xA5\x9CÚ\xB08\xE3\x{1A97F7}
-\b,��>\xC6ܗ(hw̩\xB9\xFB\x86�}\xDEwW#3?\xB8\x9An/�f\x83\xB4\xDBǜ\xA5\x9F\x97 \x88\xAF\xBC\xF8\x96HՋ �\xF7S+AL\x97\xA3v\xCA\xD1Q\x86\xBF\xABl0�v^\xA3\x9E\x81\xC1JIL\x94\xBD}\xD3\xCE\xDF>\xCF�\xD8&\xE9(\xFC\xF4\xE3I\xDFv0\xDBu�
-�\xEE\xF2'+\xA2g\xF4\xF4\xF7\x9DFv\x88\xFB\xA7B\xF4YO�
-\xADg\xA9qq\xAF\xCB+\xE4(\xD6Gb\x9B\x82�\xB1\x9BÌ¿x\xEA�!\xB1�\xF9Ò‹\xA7G
->C{(\x81\xA9�\xBCÊ°nw\xF0,K
-?E\xDA7\xFEBq&\x82\xB4\x94jÉ\xB8\x88\x81\xB7?\xE8\xA6\xFA-\x9FC\xD8\xFC\x83%\xA5uXc\xFD\xF8\xE2\xE2B\xEFÅ \xB4��;\xC1\xB5\xDC3h\xF6Ŭ�\xB6\xF7\xC9t(\x87\x84�\x9A\x9C\xEC :\xEE\xB4cØ¢>:\x83\x82�\xAF\xFA�\xF2�\x82#\xD1Ǥ_�VIt�S�\xCF$\xEB\x8E`\xF8~�"\xD4ܲ\xDCr$\x8CU�\x96Y7\xF7\x93\xF8?\xA2\xEA\xB9i\xE2\xAF\xC9q\xC5\xF5\xE3\xCFØIS\xAA5\xF14Â…\xE8�\xD1b\x93E\xDD\xEA\xD1\xD1n��\x9B��p\xB3\xFA\x86-.\xE4\x89�\xECo\x9A\xE5\x95H\xFB~B�\xBB\xCEÂ\xEE\x82T\xA7Z\xA7\xCF_)\x90\xA9�Oq\xD3z\xE8ß\xF7�>\xEB\x98\xCA;\xAD�dpI\xA1rr1\xDBA
-\xF6�\xDDP\xEE2Pw]\xB6u\xA2\xE8\xFA\xE4\xBB(\xA3\xFD/\x8E\xBE\xAA\x88\xA7\xFE�\xDF�ܿ~&\xE6[1\xB8A\xE9-K\x9E\xDAEО5J\xC3\xF7�.f\xF8z\xDFwi\xB0h\x93bL\xF1B\xB3\xDF6\x88 \x90^\xF1*�\xA3\x96\x97q\xBA'\xC0\xB0\xB4T\xC88\x89\xC2W\xCF\xF5\x97\x84\xE3\x8Ely&V\xACAղK \xF2^\x88\xE2\xBD\xFE\xC5Y;/�Vw\xFA�\xED}<�\xF7Gc\x85R\x93#]\x9Bg\xF9D\xCF�r\xE5V\xA5k\xBF�\xBDp\xBEռ\xA5}\xC3vG\x9AA\xD0g\x95\x867P\xF6\x8A\xB2�S
-\xC3\xD0Ù²\xB6\xA9HÈ �9^\xA9\x81;\xA2Ìœp\xBB\xC3m%{r7E�\x95\x81\x80\x9DÏŒ\xB5��\xC2E\xB1\x85ʨ*o,�\x84\xF3�Q\xDE\xFAÊ䦀(\xF4$\xED\xAAy{\xC7gk�9\xA9\x91\x815\xC21\xAA0Û˜F�3\x8C\xDB!s0\xB84�X\xE0\x8A\xFA#r\xA5\xC62\xE1\8nq\xE5\xB0\xC3s�}䮀\x84s\x96\xE85)q�\x85i\xB9�C9ad\xBC\xBF`u
-^<\x892�@\xB4\xC4R\xAD\xD7�$\xE2Ƴ\x97x\xBA>\xE1\xC8wd\xAA�\x87}T\xE9\x86\xD7\xCE\xC2�\xCB\xF5\x80\xC8\xF8t\1\xDC~\x829\xA0\xFF\xBD8ia�D9\xA9\xEC"\xD0!g\xD1\xDFq\xDD�\xF9A\x93ׯ\xF8\x8A \x89\xA7j_d�I*\xA1
-\xBB]\x82��Ä\xD9�\xAAA\xD38\xEF�\xAF\x99\xCEd at I\xEE?_ɽ\x8Eb\xCEJ\xCA8&1ß’b\xE7y\xB7\xCCJ\xFC\xAEJ�_\x83|\xA1i\xEF\xC2�C\xAE\xA1L;\xA1Æ–=x�8"\xC6\xDD\xF9\\x9AG�d'\x97\xAE\xAE\xF0\xD6/B\xBF\xDD\xDEpR\xC6'\xB5s\xF1X'M\xC2\xC1�d;\x9F\xE4\xD5E\xFBtGm\xFD\xAB\x86g\xBE\xA0\xBF\xA8\xF6�\xF9W\xED},\xBEφět\xD3k\x84f\xAA\xF5\x9E��\xD1 \xBB\x9B&\x8Do\xF4/L\xBF\xC7G\xEC\xFC\xB2\x95\xE2BZm\xCEOw݉\xDA\xF1\xBC>\x96\xB6\xFC^\xDD�v\x9AÉŽHk6\x8C\xB4\xAD\xB6�DM0\xA6\x9B}\xD6da'\xA8\x9A\xDFo\xB7\xE9˾xWp\xBC�311\xEF\xE7d\xCF�\x989\xF3Å\xD4�\xA7�?\xAFj\xF2>*\xA7\xA8\xA6\x89\xD0:�\x92-+X}7\xBF$\xCFL�\\x9C\xF6\xA6nD\x99\xF0ì¡\xC9X\x98v�W\x8A\xF1=m\xE7\xA1|'M}\x84\xE7\x8B\xE7\xC4_\x92\xF8Ï£\xF7rci%\xC5\xEBs܃\xA0\xA8\xC4\xCF,n\xB1\xB1\x88" �5Ù½6\xEC\xC9�6\xFA�Q\xE8\xD2\xF5�m\x8E\xAC�\xF6\xF3\x96�\xE0+�q\xAEÆ\xBE\xF9\xC3$\xF4|\xD2\xEE]\xBE\xF6\xD2\xF1\xD5\xE4\xCB&\x9D�\xE6\xE8\xF1\xB2\x80Õ„Kf�V\xBA\x94Df\x83\x8C\xE5Z\xF3b\xFA\xE4`#\xF6Z\xB7��<�\xD2_\xC7\xF7-\xA6\x90\xAA\xCF\xF4\xAA
-�_\x98lg\x98\xA8\xCE>\xAB�\x8AT\xC27�0\xA1\xF0W~\x97\xDBC�!<Z\xFC\xF2\xFE�\xC5#(\xB7\x8F3\xA8�b\xE6:ß\xA8n\xA2\x8C\xE8\xBD\xD9$\xDEđ\xCEf;\xAE\xCC*��=\xCBnنb\x85\x83\xB4\xC2VE\xBC\xC1<\xF6uBg\x88\xFFׯx\xEE\xD7_\xF2\xAD\xCC�z\x97X�\x88\xD6`\xA9\xD64s\x90i\xDD\xCFA\xED+<\xBE\x9F\xE3\xC1E.Q\x98\xD2Qq\xFA\xD6D\xF5\x94\xCF\xD3$`d\x90l\xDA/B\x8C\xF1Y<x\x8E%\xC1\x84+{\xE6�Ԣ\xB4\xAE�\xB3N\x87\xAD�\x94T\xF8T\xF5\x94V3�Tj+"}\xE2\x9E\xC2r�}\xA9X\x9E�\L$\xD3\xC7Ț\xF7\x8EEh\xAE�\x8A-x\x8D\xF9
->_�\x8E\xCEr\xA6x�\x89|\x84\x8A\xFAN�x\x87<7M\x96/&\xD7ga\xC5j[\xB2˱�\x8B4\x97\xC0\xA4\xC0\xD6O\x96|\xBE1_J���Sw{\xF0\xD0ıD\xC3P~\x90\xDCFY\xADYy\xB3]\x88:\xACa�\xD4_|\x9Ej\xD3M+\xFD\xAD\x820@\xEEh\xC5t\xD9l\xBF\xCAg�\x9A\xEA\x85�\xB5AbDå·\xD4w\xBF\xFE}\xFB\x90Y\xD5\xD7�i\xEEB�\xD5*j\xF2\xFDZ�\xF6˦\xCFN\x92F\xE9T�/H�n�\xB1\xFA\xC1Ö“4\xD1OE\xECØœz~\x9F
-\xDE88\x87�\xE1 \x8Bw|q\xA3\xAA��\x9A\xEEF�\xAA\xE3\xC6\xC7
-��TT�>/5\x97䬽%\x89\x94�d\xF0q\xDAn���C\xC3%\xCE4\xC3�XDme\xDF:#\x83U\xB9��\xD8�\x95l1~\xE0�4\xB1GL\xA7%\xD5\xEBEЈ\xAE\xEC\xD2\;\xE3\xDB8\xC5+\xA7\xEAJ�Zd\xBA\xD7d\xA1K\xA9\xA1Z\xC5�I\x8Ef3�z�V#W\x95c[ۡ*_-\x9D߈\xAF�\x97\xB6�5k
-\xAA\x80\xBA�\x97,\xECd�\xBF\xBB\xCC\xEB\xF7�S/\xFA\xF2\xA2\xD7�\x8E ��N\xE2)u\xF3\xD2Y~ ]\xDFj\xD1\xD7Ù˜f\x9Au\x9E\xB2K,tÊ\xF7\x93\'gy\xBF�\xF75\xAD<��T�\xCF4CUM\xE0\xA3Æg�\xFF3Q\xA38N\xF0\xB2É\xCBzN5\/M\xD8r\xAE�]�\x81S\xDD\xE9}p\xE6�\xA7VD@\x99:]\xAC\xD4\xCB�7>1\xCC\xC8\xE9C\x95'\xDBEÆŒ!\x85\xD97aV�\xEC:ASQ×µ{|\xE3�\xC7j9Y\xC84\xD6�|m�\xA0η*_\xEDw4\xF8�!D1 \xF1X\xBFÙ¤X�\x95\xB3\xE7
-t\x90\x87\xCD=\x9E\xDDb\xF3\xC6\xC3w\xEE6\xDF�"\xA3\x93\xCBµ?\x8F�\x94J\xCBOP��2�R�\xD0�oQo+\x86\xE21)�\xA9�w\x86\xA6\xDC\xE8\xE5d\xEEI\xBD\xC8�Z\xBFVÍ\xAD(e\xF7\xE5\xFB \xC8�"�[vQ\xD4\xFCF�\xD8s(\xFAF\x8F$'\x91qL \xAE�/\xB6!\xF5\xD4
-\xA4H�vk�։\x8Ch\xBCȉ\xAC\xEA؉\xE1\xB6o?\xD9�a:\x8A\xFF\xB1q\xEA�c\x8C\xB0�g\xE3!_Q\xC7~\xCFW\xEA\xA11\xFCa\x9C\xAFU\xDDGm\xE3\xA7Y\xF1mn%\xECR\xE3r9\xF7\xAC\xDF0q�\x885\x86/\x82E\x85(\xEAړ\x81�\x86,W\x82\x98$\xD9�\xBD\xEF\xB6\xE5\xE7Lx\xCB\xCE\xD4�|�\xFA��奕\xA3w\x86Z|\xC2V\x80\xE3\x9E\xF7,\xE9Od
-\xDEy\x8AG�\xDD
- \x8E\xCE�\xA8\xDD3l\xCD4\xA9\xBF\xCE\\xD7T�2Z\xAA\xBDAg\x97.7�\xD9#\xCFP\xE6�\xEF\x99�v\xBCeŦQL\xC3�\x9E\xBB\xB1O\xFE\xBC\xD4\�\x92 \xAC\xFFĵ�J\xC5\xF1\xBE(\x9A3\xC7].\xC5*,M\xCE�>\xDBB�x\x9D(�\xC3S\xC3\xF3|D\xB3u�\xFB\x82ޡ�\xEF\x86{:ґ\xC1�\xA82G9�\xA1C\xEA{ɕ<|?\x8D�\xD2K\xA0\xE1\xE9\xE1 at F)\xD8,\xEAw\xF7\xF3�?�\x81\xC8 �\xB8�\xA2\xCBa\x84\xC7h%�ٱo��^\x8C�\xF1{\x8B6\x99\xDD�@\xA5-�\xAB\xE4%��\xC5�~j\xC9wXjz1\x8F\xEEi\xB4\xB7\xEE\xAC%u�\xD53^\xBF\xB1�g\x90\xB8`d+\xCEK[\x8EDe\x97\x84]\xE2\xF2\x86Y\xE8\x8D\xD6\xFD\xC7�?\xCF>\xA3\xB3Hj\xCB,\xE8kѸ\xCDh\xD48\x8A\x94�\x99v_\xC5
-[\xAAJ֮\xB29m=\xB7\x8F\xE2�\xFA?\\x8Bk>\xBCଇ\xA4*\xB3ѳ\x9E,Y�
-\xEA<\x8B\xFD\xB9u\xD3��Z/ZV$S\xB7\xE9#\x83mN�O\x9A\xA85M@\xBF\xA7r�\xE3\xDD0H\xF5�7\xAC&7�[\xE0\xE7\x8EA\xD8\xF1\xEAO\xF5Ƨ\xC8\xEA\xDA5\xB1pE6~d\xBB\x8E^.x\xA8T1\xAC\xB5\xA4$\xA3\xCD7\xBF\xFF4\xF2\xC6\xEA�\xFCj\xA7\x8BG1\xAC\xE8\xEDpo\xF3\xCC3\xB3Q\xFD\xD0Z:\x9CN\xCD\xC6\xE9\xE7,0\xBD\x8B�\x8A\x87Zg\x8B\xF0\xE2\xA3\xE0)\x8BQ\xA9\xAF�\xB3\x8BX""\x9C�\xDB\xC60\x81�\xCF\xC1\xBE\xE4BvFA\x82)Y9(\xCEY�Ö\xFD\x85\xEC\xACS\x85|\xB8\xD4\xFC\xBE\x93qb�\xE6\xC7N.L\xD4X\xA7\x85_\x81\xEF\x82¿\x9C%\x8D%\xBD\xA5\xE5\x8C\xEC\xE9|\xB0�D>W\xB27}C�\x96\xCD�#\x97ZR\xB8�\xAD$\xBA`b\xDB�Gο\x85a\xBF9g\xDD��S%\\x94\xC1/\x9C�\xEE\xF1\x90hC|\x8F?s\xA7�؅\x9Ag\xAF\xCE\xD9\xC8)\xAA\xACm}\xD0�v\xD6\xCBk\x86�\x9F.b\xC9&O
-\xFC�\xF5\xED+uqf�\xBA`\xCEa\x87\x84\xB0\xA3\xE2,I\xA7㯽/\x91�\x9D\x98\xF7\x8F�\xC7Ý›\xC1\xA4'P6ߢH\x82�\xDA?\xF7\x9B�\xBD\x9AÙ¹\x98\x8E\xE09\xA6\x8AmHr7:pMRY\x9F#\xA3 '\xE6W\xA5\xBF\xF0KC\xDF|-\xA1mW\xDD躖nᲶ\xCB0\x96\xAB\xDE\xD03\xE4\xDB\xD9=j\x92�\xB8\xCB-,n\x96\xB3e\xB1\x80\xA2\xFCb\xBDi\xD9;\x91\x98H\xE2\xB0l�<)\x9EL.\xDF\xD0Y\xD6\xFF\xB0Ú·)\x8Dw�L=�(\x82\x8C\xA3\xB1\xA0L|\x8D)=\xE5'\xC0\xC6-\xC5@\xB2\xF6\xF2\xBE\xB5<\xC3Nr\xE4\xB36�\xEE\xB5E\xF4ʃ3\xB1d\xB6�k\xD3�\xBB\xAC\xFF\x8B%\xF4\xB5\xF8\xFC\xB7(kD~\xF4(\xAC_y\xF1\x87\xCD;�\xAF�\xE5�\xE4\xB2f\xF9O\xEE�{&*\x89\xE4yÒ¯9ÛB\xB1T\xA8d>\xE8.<S\xE2\xA2\xE9X3p7\xAB\xC1~�\xAA"럽\x9F\x93l�Ë´�\xCD\xD4DQ\xFFf\x8C\xB0\xCC \xA2H\xA0EIA\xB8\xB0Õ‚\xAE\xE2}\xBE\xDFl�:\xC8$k8\xA0y&3\xA6\xC7�\x86\xF4t\x8D\xC5\xFA4\x91\xCCGÛ†q \x91�PH�\xDF\xFCܹ|�@\xE0 a\xBDB\xB6Ø �\xFE\xE5\xA9\xDE\xEAr\xE6\x8B\xF8\xFE\xE5\x9DØ®\x89\x91\xF0\xC6\xCFi�\xA1\xE7
-\xAA\xF3\xA7\xEE\xDE���� "�)\xD6\xCB1i�\x96\xE0s\xC4u\x81sj -c\xD2\xEF]\xD1JH3\xF3�\xE4>\xF2Y[a-�\xB3Zy\xCF�\x95px9\xDD\xD8\xDC>穾\x84\xBB*|,4\xB0\xE7\x81 \x8E\xF0=\xCF� a\xF1\x8E\xA9�{Z\x8FwL�Vq\x9EC\xC5o,\xA0H;�\xE7_7Gg[\xE5Gx��d\xBDD\x8D\x8E\x85*~\xC2JS\xDB/�
-*\xFB\xCE\xD4F\x8B�\xB5�\xEB\xFAjQ\x8Bjw \xDD]_-\xD2q;\x8C,1t\xB3\xF52ߥÆ\xED\xCB\xF2\xEA�{:Ö§\xD9o$�<\xD7\xF0\xAC\x9E\xF4\xF4J\xA9\xC0\xEB\xF3\xFCλ\xEC\x84b\x9B�F=\xCD\xE7\xE5c�T\x94u;\xD0uË›�\xF7#\xB3\xBBZ1�q\x93\xD2Y\xD6gH\x8A�^fiyv|\x89\xA2,Pk\x8AA\xB1\xA2FH\xA3s^\x85E\xCBR\xF4ƇnQWE\xDBt%Ú·y3\x99{\xE6\xC8�\x8C\xF5�FbK\xE3<%\xC6)\xE2"-L+{å¢\x92zS'\x93#\xE9\xB2\xCA\xF2Z\xC3�+\x95\xF7U\xAD\xC1׎#Ç©\xC3Cc�\xE6�H�\x9F,\xEA\xE4;�\xF7=�\x8F\xED\xCF\xF4�.\xF3Y\xE4g:\xAFj\xD4��\x81n\xB9\xB6\xC6\xF4\xD7\xEAS:c\xA4\xAC\x8DU\xBAW�\xB9\xDE/\xCBf\xB9\x8A\x9Ac�O\xA5\xDB\xF8�\x8CM\xAFlD\x89�\xC1\xA69\xB2�\xFA:Â\xC8\xF9\xC8\xDFÛ˜�\xEC\xD1�Ër6\xBD\xF5x\xA7\xE7\xB12\xFA]\xFAS\xB9�\x91� p7O\xBC,j1\xEE\xF6\xD0\xCB\xDA{\x9E$\xAAS7O\x96xY\x8Er�\xF3\xE6\x90s\xF7\xE2�\xBB\xEC(\xE8\x98Ýš\x8B\xCF�\x8FD\x82@\xA7\xADY#\x9EC\xB2L%\xAF\xEDáž›1A\x95ø\xA93\xBE~M+\x8D\xD6A\xEED\xED!
>\xA4�\xB6\xAFc\xE3\xB5\xE3-�N\x88\xA5�\x94\xFB\xDA\xD4ß \xC4\xD6tz �\xE2"\xB9t\xE3\xD8'>(\x98\x93\x94hS\xF0\xD5�\x9CM]\x88\xCEÛ…0\xEC\x8E
-\xF1�<Q\xEA-GSc\x94\xB8\x85o\x85\xD3�jԼ\x8E>\xE2SP\xD3KD\xB3\x97�dOj�n\xCC\xF3\xAE|KHtޑ\xD1+�㢟S'\xF7 at 6�\x84i\xF5\x93\xA8�C,\xF7\xE1g3B�\xBD\x9E\x9Dp\xD6\xE1Ρ\xC4\xEAφ\xD6\xD1n\x89\xDC;ɦc\x93
-_�7T,\x90Q1\xE7TiH\xF8B\xD5WL8\xAD\xA1\xBE\x8F \xA0,\x9C\xB2\xA3.\xB1�\xDF�u2\x86)\xB6=\x96O\x9A\xA0\xB9�\xFF\xEAÚ´\xAD\xD9\xEA\xB2,
-Aq\xA8\xBFr\xE2^T!�1\xED\xA2\xEB�\xE72\x8F)\xE1N\\xA7\x8B\xAC\x82)\xE6\xC4�\xCBR\x85\xCBb\x9E\xF7\x9E��6�Cb5\xFC\xB4�\xE7\xEAÞ›\xD4;\xF0\xB6\xB9m�H\x93\xFC\xC5L\xB8^Ȭ�\xFC�\xA4ݸ\x81\xCA {>\xABm@\xCB�\x9B\xF0z�\xE9N\x8B\x9B\xB4×»\xD4\xCC\xC3B\xFF]\xAC\x97\x9A@)\xF5p[j\xCA\xE2\xE1\x85�6�ë¶\xA1�\xB2B�SHQ\xF8ר�.\xF6Ø«N\xF7\x8E`\xF0G�\xBF\xA7z\x8E^n)?\xEC\xFB\xB1\xAB892\xC9\xC3�\xBFx\xC8\xCC\xC4\xF7\x90\xD9%\xBC\xAD\xD83\xD5\xCEZJ\xF0�\xF4]\\xFF^\xB8\xC4\xE9\x84SXA\xE3�\x8F\xA3\x85\xB8\x8Dr}�[�(\xE20\xD2@\xA5el\xF6\xC9mi\xB6\xF6\xADEW\xD59\xFAQѲ\xB4\x88C\xB6Û¯\xB5A\xF1=\xB0g>MF{Q\x92=\xA0\x86�*\xCBk\xA8+\x99\xD7��\xD8\xF5\xB5k<g\xA8�_\xD7}\x90\x94\x9A\xA5\xC1I\xA9�]\xA5\xA7\xC2\xE7\xA8\xCC\xF2\xB0Nj,\xE0\x9C\xBC,�\x89�\x89\xA6
-KcIJ\x92\xE4\xBB��\x92\xB4S\x8A\xF9PVB�\xFE\xD6�-"�\xCE(\x87�\x93dp\xED�A1`+W\x9C[\xE7��\xB1\x97\xD0H\xF7a\xB0:�5Jo�EM\xB6\xA6\xB6ny4\xCEK\xF3\xA5\�\xFA\xA7c\x84p��\xCE\xF3\xA1\xA8\xF5&\xEDgk\99�\xAEt\xFE\xA7QÙ¼�\xFBWG;#'>\xA4i@\xEFħ\xD5�W:x�<\x9B\xF3"�\xCD}<=<\xB2\x9AC\xBD�Q\xA44\xC6\xF0\xF7i\xA9U\xB5S\xF6A-\xD2iM\xDBk\xD7qn\xF1\xD4\xC6\xE8O\x93\xA6R<)D\xBE\x80\xF7/\xC7��\x81T�#\xEE\xA1\xCDM�\xA9 �\xC6$Öž\xE5\xD43\xB3п\xC1\xA2\\xE7{U\xAA\xF7\xDE<�U�W=\x88$\xAE&<\x83\xAAZ\x800\xF3\xD8\xD2g\x9D\xD2R*\xB9\xC9\xD2O\xA6�1\x91'\xA3\xF9 \x8E\x9D\x8Aj*5w\xCB-\xB7\x89\xFB\xF9T\xA0j4\xDD�i\xF3\xCDu``\xF2h߯\xB5\x93K\x85ݻʔ\xD1k\x87\x87AÂ\x9B\x94\xF4\xC8�\xD4D\xF4\xECtk�\xAF\xF62\xC5\xDB�\xF6\xF7\xFA\x97\xA8\xA7$\xCC\xF6Z\xA5\xEF�@\xCE^\xF9\xDD\xEA���\xF5^�E�~\xA7\x94\xDC�\xFA\xED\xA8u4߉<*ôŽ±§\xB8�KJ�\xDF\xF9�y/\x9En\x95C*}\x85!
\xC3\xE5LgI\xA3J\xB78j\x8E�[\x93޳ \x94\xD8T7%J\xC8O\xEF\xE4,\xC1!؞\xC8+\xCC�\xC1�\xAFf\x97\xC9Șs\x87h`\xDAq\xA2O\x941\xA3<\x833(\xA9d\xD8OfBO\x9F \xBA'"��p=Q\xA3B\xBF\xE2\xE4pJ\x8D}\xDD\xD8\xFC\x99�\x9FZ\xAE\xA4!p{\xF2\xEB\xC8a}\xF7q<I�:\xA9\\x85�M�\xD1ׄ;\xCD[ݯ\x85\x94l\xAB,\xB2T\xE8�O)\xE4\xD3-�x#\xA0\xDD
-\xB8o?\xD01\x99pÅ Û\xB5Z6\xB6j\xB4\xBD
-k+\x861\xA0g\x8F\xA0\x97jd\xA63\xAA\xA66\xB6f\xB9J\xBD\xEECc\xAAg5�6\xC4n\xE9N\xE1\xCE:\xA7\xEA�F\xB3\xEA5\xF0\xE8*\x8D\xF2\xC8Ó\xF2=\xB7<\xB4\xFE\xB5��a\x87\x8B7�\xF3\xE8\xD2H\x9C\xFBC�F\xCA\xDA%p��\xDC%'\x9F*\xC5m\xFD\xAA_>Ñ¥\xB3äƒ\xA3DKX\xF4\x9E\xF2�x\xC7(\x9E\xCF\xD1\xE3
-\xA9\xA8\x93{\xCF\xE7\xC9\x9Aj\xBFdqX�\xB7\xE3\xB7�\x9FP\xA6\xDCv�\xA3\xE4\xA3π\xB3i\xAC\xBEA\xD5;\xB3@\xF8y\x8A*\x9Co\x81L\x9CO\x9C\xD5\xF8\xEB\x85\xFA\xBE\x9B\xBAxO\xDB�\xDD\xCB�c - at Y\x9AUʳ\xAA\xF8;\x9EBi�\xE4M\xD6��\xF0.\x95\r\x9E;\xF9�U\xB4��\xBE�R\xF8'\xEE\x85\xE7)眄\x9A\x98� \x85@\x83i/�_ A\xAE\xC9\xE9\xD9\xEAr\xAB0\xE1Fx<\xD7Er;�\xBEzǴUϚ\xF8S\xC2\xF6\xB2ل.\xA5m\xF4\xF7�\x8Ch\xE2\xE6\xA8\xC92ؒ\xE7/{I;\x90\xF5�\x8Aj\xD1m\xF7\xAC
-*s"}Y
-;�҉\xA2��\xFA�{Y\xCC\xDD\xC7\xED]p\xB6\xD2ݯ\x80�\x8E\xB6�Xo\xB3\xEA\xD9}� U\xB9\xF4Z\xF8: h\xC1\x82)8f\xF7E\xB5\xD4\xEB\xDBD\xE4�\xB5s\xFC\xF0\xA2\xA0qTM\x8A:�ù\x91�ɸX!\xB1l\xAE�\xFB�\xD4�\x8D\x94\xCB\xFB�΄,\xF1\xBA17\xFDb\x9Fg\xFB\x9F&fܽ\xD7�Y'jeAt
-�]\xF4\xDB\xEFwV^\xFE%\xD1\xE5�\xB5\xDBR\xBC\x94t�Î\xBC\x87\xCBl\xA5\xBF阦j\xB9\x84\x82\xF8ϸ3\xE8m>Yj\x9F\xD6C\x83\xD5�\xB8Äž\xC4�\xC8\xCAjb\xC6n\x93\xAA\x8C�U\xFD\xA9?\xF4\x8B\xEF\xF0u\xAB\xC8\xC3�W\xF8\xEC\xFD#\x90\xEB,M\x80\xBE�ߥJBQl\x8E\x89\xE2�X\xE8-eb<VÚ¿leq6g\xEA|KÊ·${9;\xC79I\xF5�0\x9A\xA2�\xC5\xFC\xAE\x95y,B\x9E\x8B\xAC\xBD$9䃦\xE8\xF64�\xAB\xE9\xEA\xA8/�:Z|\xE4M\xC8�j�\xB5z\xCD]\xE0\xF4\xC18)9�I\x86\x82 u\xC3K\xBDl�\xBD\x82�/\xC0\xF0\xE5\xE4Z‰wf̨:%�\x9A\x87\x8C:\xA9\x8FAeK\x96_\x84^\x9FP\x82wx\xFF\xE7DX9�\x93e\x88zÆŸ\xBCJ�K\xFE&fp\x8B:.0tI%L�\xF7\xB6$\xFF�^\x84"\x8E\xC0oK\xA6\xC9�ñ6&\xC8�BL\x9E\xA5\xF9\x9E\xF4$V\xE0\xD94\xDB\xEE\x92�\xF8C\xAF2\xEBÓ±\x87\x85\x89�n-m\xDE\xDB*\xBFpk\xA8\xD9Þ†\x9A -�W\xF5X\x94\xD3\xE0\x8A\xF5ß¿[\x91Y!Wg�\xEF\x82#\xB7Ó¤_\x9A\xCB\xC8\xCC�\x8F�\xDA�\xBA\x8F�h<\xD9>tx\xC3]\x80�s<\x97\xFF�\xA2:X\xDDQ\x85\xB8w\xB6\xB2-N;N\xBE?Vl\xA4\x91vG\x89\x85,\xC5%\xEB9\xEA\xE7\xF6\xCB'b\xEC�η9|1.\x85\xB1!]\xB9\xB6D\x9A\xCF\xF3=RԌݬ\xA4I\x88g\x89�=\xC5h_\xEC\x9F5r\xFF/\x98\xFF\x9F\xE0\xFF ����tv\x85;�\x9D�0\xFF�Pk\xF5\xA1endstream
-endobj
-2095 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 67
-/LastChar 85
-/Widths 2738 0 R
-/BaseFont /YHDCUL+URWPalladioL-Bold-Slant_167
-/FontDescriptor 2093 0 R
->> endobj
-2093 0 obj <<
-/Ascent 708
-/CapHeight 672
-/Descent -266
-/FontName /YHDCUL+URWPalladioL-Bold-Slant_167
-/ItalicAngle -9
-/StemV 123
-/XHeight 471
-/FontBBox [-152 -301 1000 935]
-/Flags 4
-/CharSet (/C/D/E/H/I/O/R/S/T/U)
-/FontFile 2094 0 R
->> endobj
-2738 0 obj
-[722 833 611 0 0 833 389 0 0 0 0 0 833 0 0 722 611 667 778 ]
-endobj
-2076 0 obj <<
-/Length1 1630
-/Length2 6133
-/Length3 532
-/Length 6982
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDVuT\xD4\xED\xB6VA\x81!\xA4���\x86n\x86n\x94.I\xE9\xCE�\x86\x98�f(\x91N)\xE9n$�\x86\x90FJ \xC1!\xA4[:%\x95�$.\xFA\xDD\xEF|g}\xF7\xFCu\xCF\xF9\xEB\xAE;kͬ߻\x9F\xBD\x9F\xFD\xEC\xF8\xBDk�i5\xB48\xA5\xAC\xE1\x96�y8�\xC9\xC9\xC3\xC5-
-\xD2y\xA6\xA7a\xE1\xE8ha
-\x85\xABpJ\xC3�\xAD\x95\x90�\x8E\xA0�H \xC0\xC8(\xE3
-\xB1 at B\xE10Y�$D�\xA4�\xB1�\xC9B\xAC@\xBC\xBC ���� #H�\xEE\xEC\xE5
-\xB5\xB5C\x82XnxX\xD9\xD99\xFE\xB2\xFCr�Yz\xFD\x89\xDCD"\xA0\xB60�\xD3̓;\xC4�\xEE\xEC�\x81!o(\xFE×Z���i��\xD9@�! �u
-�%5��\x8B\x82\x9A�H��\x83\xB8\xDE�\xA1\xE1f\xE9�\xB5�\xA9@\xAD 0�\x84�d�w�9\xFEq Y\xC1a\xD6\xD0_\xA5!\xB8n\xB8\xA4� ��\xC2�b�\xBD \x83xZA\x9CA� g\x88\xAB��\x81\xB8y�A� [W��\xF2\xA6�H8�
-\xB3rt\xB3\xFE%\xE0\xC6n�\xFF-\xC8\xD9�~\xE3\xE1t\x83Ýi\xC0�H\x84\x95+\xD4� \xBAɪ!+\xFF\x87N\xA4\x9D�\xF2Wn�\xF4��\xC1mn<\xAD\xE1Vn\xBFJ\xFA\x8D\xDD\xD0Ü H�(��BB<\x91\xBFrYB@\xD6P\x84\xB3\xA3\x85\xD7M\xEE�2gW\xE8o�n�(\xCC\xF6/�� W\x88\xAD\x85\xAB\xB5#�\x81\xB8\xA1\xB9\xE1\xFEÕ\xBF\xEA�\xFDS\xF5�\xCEÎŽ^\xBF\xA3´\xFE\xA1�\x8AD@�m\xB8 <\xBC79\xAD\x907\xB9m\xA10 \xF8׺(\xC1l\xE0 �\xEE?\xEC\xD6n\xCEb\xEE�\xD7\xDF
-b\xF9\xB53\xAC7",\xAC\xE10G/\x905\xC4� V\x83#oR\x82X\xFEwS\xE6\xFA\xCF
-\xF9?0\xE2\xFFȀ\xFF#\xE3\xFD\xF7\x86\xFB\xF7�\xFD\xD3K\xFC\xEF\xBE\xCF\xA7\x96wstT\xB3p\x82\xFC��\xFDyπT@\xBF.�Я\x9B�j\xF5?b,\x9C\xA0\x8E^\xFF*\xEA\xEF\x9Ez\x90?\xA4\xFE"\xFB;\xF6�\xB7�\xCC\xF6f&\x9C"\"X\xA1�y\xA8'\xC4Z�\x8A\xB4\xB2�\xD9X8\xDEt\xEB\xB7]�f
-qu\x84\xC2 7S\xFD\xDDP�'�7\xF7\xDF0m;\xA8\x95�\xECW\xFB�\xFE\x80 0\xEB\xBFk\xBF�\xD4o\xE5`��yme
-\xF6}\xBB\xFE\xF6ո\xD9�\xA4\xB6\x973�\xF4߉\xF4T\xE1\xD6\xFF8\xFCb\x92\x96\x86{\x82\xBC9y\x84\xB8A\x9C|7rx\xB8\x85\xF8@"|�>\xFF"\xEBo"\x9E\xBFΪ�HW\xA8'Ȉ\x9B\x8B\x9B\x9B�t\xF3\xFB\xE7\xF7\xAF\x93\xC9\xDFh\xE4`Vp\xEB_{\xA3\x85\xB4\x80Y߬\xDA?�\xBF`+7Wכ \xFF~\xFBo
-\xFF\xF3\xFC{\xE9!�O\x88�`z�n%�l\x9F\x9A\x91\x86\xAC"\xCF\xE9\xE9\x975\xFA\xD0\xC1\x83\xD1�\xE2\\\xA3\xFD:߿�\xDE\xEE\x97�\xBE(Rf~Q�\xC2U;(z\xD5\xE45\xBE\xED|\xB9\xAA̶\xD6\xDBA\xE6\xC8ܞ�\xD9ˣ\xF2\xA1g}\x9FO4\xCF\xF4N\x88}-�lZ\x8C\x9F\xF6U/\xCA{Le�\xD3P\x90[wm\xA9_\xF3\x99i\xD1\xC5=\xE0\xE0;>W\xEC\xFDSVz\xF7|R\x86�g�_\xAB\x94\xB7\xAF�\xB4�\xD6\xDE"\xAE*\xD8\xFEʔ\xB0yz\xC2\xDC\xD5\x{1F19FB}\xFD\xF0\xEE\xFBUJ\xF6\xECW8\x8Cb\xEE\x98\xF8L\x91\xFE.ٔO�uJ\xE5\xCAߪݎ\xCB;Bbub\xC1ï�<_^˿\xC5�`\x9D�i\xA2�K\xD9\xC5y�\xA8�yc@\x96\x89\x9F�'\;\xF8$\xB7�\xAEQ;S-\x94\xE2s/,
-9D\xA6\xD4#,9Ʀ\xEFKv\xB2\xB1S\xD0\xFAê¿»\xE8\xE7\xF6�\x89%\x85\xF7\xB2\xF5-\xE2\xC1]�3\xEB�\xE3Ý“\xB1\xD1][�\x99C\xE6\xBA\xCAl\xEB\x8A\xD1L\xFC\x8B\xA6\xEB\xC0\xA2�\x805\x91ؽr\xF4�\x9B\xEC\xE73\xFCÜ°\x81\x98\xFCD\xD1S�j\xDB��\xF0\xF4\xE4)W\xEF�\x8F�8\x8E*\xF6�ÜŸèž“3@�'}~+Ï\xDD�6\x91\x9E\x88\x95\xD8\\x8Ep\xB5<��z\xFCu\xDA>Ab\xE5P\xF3\x81�بLbZ\xF7a3\xD2�Y\xCDE\x9CV\xC1= \xBE\x8B\xAD{\xB7^�\xAE2<\xBF}5aq\x80\xA9\xFF�_5�\xB9�\xDB\xF0\xF2\xB5\xF7>\x9B\xC0\xA5\xB4\xEA$C}\xC0X\x8A\xB9�\xAD\x9C�\xD5�\xF7ji\x81\x97�\xFB\xAD\x80\x9DG\x87/\xA7�\x8Cd\xFB-!j\xB9;\xCB6#\xD4ÜŠ.�O\xE9\xAD\xD7\xF4\xCEc\xB4\xBC\x9D$z\xBEI(\xF1\x81\xD8\xC7/�Wj�\xAE\xBD"\xB9\xDFK\xD2\xFF\xBE\xF0{�L\x9A\xBF\xDEH\xA5hÔ»\xC3�\xAD\x90�:i\xD3F�RF�<�g]��\xDB39}��\x97�\xDE\xDEF\x998|\xE00\xAD��\x89\xE5 \x82\xD4"�\xA6\xAF\xA3G$\xBC\x8D� \xBA\xEA\xC6�I\xAA\x98\xCA΃�.\x96\x8Aô‹µŸE�\xB7\xDBCq\xFCQm\xE6oi\7y\xAA�\xE0m\xFB\x8AJ\x850: n\xE6\xC5\xCA\xD8\xEA\xAE\xF3Æ Xe\x8C`\xC3\xE9\x92_�\xFF\xEE\xBDj\xE2ì…”\xCAr\x89\xC7O\x84D\x9F\x8F\xD3\xD5�6x�Í·�o\xAFl\x8A\xFDP\xA6\xFF\xCE*5\x84$8d\x94�#\xD9iWt�u\xBF\xF7\xBE\x9EG=��k\x9FoH\xC9]\x98\x9F:��\xE33\xF9N\xBB\xAD�g}\x84�\x90\x99?\x81&\xEC
-b\xDD�\x87�a\x9ByKÜ£%t\xD7Tca�Ö\xCBF˨?B:\xE4\xD0 3\xDAZP��\x82\xCCÆŠ}
-f\xF1φ\xF4\x88�\x83\x9DTU\x87J\xE9�\x89\xBD\x9Ej:\xBB\xABϋ\xBA\xF4N)/�\xC2\xD5� \xE4E\xBD\xAC^g\xBA\x8B�\xA0^/\xABk\xAF&6\xD67%\xB3"\x94-ήQ\xCB\xF2͓�\xF1Ƒr\xBE\x93'# Lw�DE\xEBЙ}`?\x97$-`\xA4�\xA6\xCDC5Շ��9\xE63\xD6X\xEF\x9EʺUFC:ׇ\xB8T�<\xED�\xE0�\xECe\xB8z&\xEEĊ�\xF9 @\xD5!\x98-�\x93ڽ\xA1\x85\xB4cEҼο\x89\x94�\x9F\xFD\xCD\xF32\xA6\xB1h\x8D\x92\x97Y#\xAA\xAA\xC7S\xC0\xECjzaT
-\x8D�\x80\xD5�x\x85^\xC9\xCA9%\xEE5F��\x{1610C5}\x99y ױ\xAA\xE4l\x9A2$g$?\x98�\xDF{v\x80\xA2\xE8\xA7\xE0,\xAF\x8E�\xC0nD\xA3\xCDfG\xAA\xAASH4\x87S"\x80\x8F�\xDA\xF3\xF4\xF6\xF3\xE3N\x83^\x9C\xA4\xE4\xBDt!\xA2+�\xCF\xF8\xDD\xF7n\xA9X#\xF5g\xABuW
-\xB3}ceS\xF7\xF6\xB8\xEFcZ\xA6BF%\xD7#
-\xE8S=\xAAb\xC1\xF5\xCBF\xF1\xC1p%\x8D\x88&\x88�\xF7\x9D\xD1��\xFF\xF8\x87@\xA7{\x9B§�F$
-\xF1\xC0\xE8�Hvo\xBBV\xFCy\xBD\xBC\xD2糳\x8F\x94\xCEj\xC1՟,_\xC2h^\xA7\x96p\xB3/�\xE2#ӄH\xCA\xC0焻\xFB\xC4�\x8C[�\x87\xA4ʻB8Ҭ\x92%\x9DP\xCB� \x99#\xB9&}��\xD47uo(\xE0\x96\xEEu\x95\xFA\xB5\xD295\xC0\x8F�\x8C\xBE?\xCB\xEAc\xD58\x97\xC4\xF1\x90\xE2\xCE�\xB8\xD1,\x99\xEA�:f\x94\x86.\x87\xD0�\xE0\xA1\xDD\xF5\xC1�41h\xC0�\x9B3):\xAB;\xCDc�\x83\xB7\xFA\x9D\x91\xB6\xDE,\xE8\xF0Y�\xBD:N\xE75u\x85QE\xF0��\x89�r\x9F\x96\xB2\xCC\xFB\x8A!&.\xDCY\xE2\xFC\xD7\xC9��\xFA;\xE1$�\xA4`\xD7yme~b\xA9@{\x953*\xB9 \x87\xF4\xF7\xA4�\x94
-\xA5\xC5\xEAg`iDÕ˜��|)1I\x9F\\xB0\xEAj\xF1\x98Ι+\xA0\xC4&j\x89w\xE9�\x84\x99�\x96\xA3\xC1\x81{\xF7\x85\xE1�\xAB�\x90�-G�3\xB5\xAB\xAE�\xF4*U\xC5mÖ\xEF\xE8, \xEF!\xA6\xA0\xF6O\xB5\xECl\x95�y\xF3\xE2\xFA\x8E\xE0\xE4\xE7�?M\xB5\x8EǾ\xC4팼\xAEs\xDE\xC0\x8D\xB1x\xBB\xE5\xC5�!\xBC\xB4\x9C\xAE\x93X>\xD2IÙ»\x97X�,\xD7EA\x9C;\xAF�\xE8%\x8A�]"N?�v6\xC1n\xC1$W\xA5��0O\xABW\x8D4\xB8\xBBÆ—NQ�I\x85>\xC4\xF3q\x86z#\xDAQ\xFB3]\xBA\xB9\xD1
-\xB7\xB3\xAEpBk\xBEj0ĵ\xB9\x8Ej\x9C�\xDF\xE7]ZٟB�� d\x8A\xCC��\xD3�\x9A\xADU\x95�
-\xC2I\xDB9䂷�\x9C�\xE3\x83\xC2\xE8\xA9�\xF5߽�n^(\xC1\x95\xDDh\xB47C\xB6\xA62��\x84K~V')\xCF��\xEF\xB1^\x9A}z�T\xC9\xFA\xD4u?\xA3F-!z_\x82\xAC\x9A\xC9\xC9/U\x82og4\xB2\x8A\x92�.\xA7�N\x99Eh\xF4\xE1\xCD\xCE\xCB\xE5Ô\x8CL^�ѽ\xF0\xB9\x9CfC\x8F\xDB\xEFPI\x86^\xD4Lʸ\xF0�\x88\x81�\xA7/\xE7�\xD3\x{1B14BE}��\xBF\x9F�\S�
-\xB3\xA9\xBB\xEF�\x99�ή0\x89ڷ\x98O%\x94\xE7p\xD7\xF91\xD4A?P(�\xE5\xDE.\xA4g\xD4>
-\xF3\xA5\xAA\xD5l�^\x8C\xA8\xAD\xDD)e\xBB\xF23Pp[�\xB4db\xF5\xAC\xF0V\x8A\xFF�Ò³\xDC4\xC5+Î\xB2&V\xCABÔ e\x8CCu�Oé‚¿#�U9f�i\xEAC�l\xB7\r\xAB\xD2z\xC3\xD0W\xFC\xAE6\xEAb1~i\x93E\xC9�5\xDA\xD2�A\xA6\xB9�\xA7\xFCÑœ�N\x83\xC7=<�l�\x94\x94\xEDy�I\x9D\xE6j%\x90\x87\xA8\xE4\xC4i�\xF1(<\xC8O\x9B�\xF5;Z\xF5�}\xBET�\xAAL\x92[\xEE^\xE5\xDBA\x80Z\x85\xEA\xFEHKJ\xFChØ�\xFB\xF1\x9Cq/f�\xF3\xC4f\xA28\xB3?\x80\xE6\xA2%K]Tkc\xD1\xF8K�E\xC4L1\x87\x95\xB7F\xC6\xEE��\x9Aú\xE5Ø KC\xC2Ck\xC7xG\xAE\xEF[v�\x93 U\xA4�Dx?�B;/\xB3�j8\xCF,\xE3)\xA2\xC9\xCF\xF9�\xD9 \xC5�\xB1Z,w�y\xF0#\xBD\xCF�\xABÛŒr>\x8Fx\x8CW\xD6\xC6�\xFA|n\xF2Ú¸�\xA3\xC1'\xBC\xDB�#\xCD5C\xB2&g\xAB=O(\xBDm\xB0\x92\xFAb6̶˲G\x84\xAC8Uc\xAC\xFF]\xBAͼ\xAF7A\x95\xC2]\xCAu\xFE 0\x9CL2\xE4+\xA6\x8E\xC0\xAA\xB2m>us\xB6\x84*6\xBAωl\xBE\xDC]"\xB6�\xEB\xD1�\x82\xE6N\xE99\xB4v\x97\xC8 \xE4�N\xBC\xA5{� \x96\xA0\xF1\xB0i\xD6�Å«\x8F�H\xBAv!Y�%�\x8A\x9E\xEE=\xC3�\xB3]\xA98¶\xE17\xCE�R8v4\xB9\xEF\x8E\xDAw\xB2t�s`�\xFC�\x8E<\xCFJ\xC5\xFB\x8E\xE7\xF7\xADF\xA8\x96\xB8Z\xE7I�\xB0~\xA1\x900\xFF00\x8F+3�8)XAM&H.��\x9E:l\xEA}\xE8t\xAB\xC8ÃŽ\xF0\xD1Ô†2O\xD4\xE9\xA2S;\xF6\xA0�\xB7\xA2\xBFO\xB1N~\x8FVR�\xE6\xE8�\x8A\x86\x8E@\xF2\xD0`"ä‰\xA1\xE2\xDA\xDE \xC71gW\xCD\xE7aÕˆ\xAC\xB1\xB3�\xF2\xDA*�|\x93
-ML\x96�" 1�f\xE4V\xBDC\xAB\xC73g{\xA9yb\xED
-Z) BV\xC9��?+\xA2]\xECOd�a\xF2\xCFCxy&&\xFC\xCE\xF3\xD8�\xE1\xE5\xBDNR\xBAu8ì§$\xA5\xFDu\xC6E\x9E\xC7qU-\x91\x8COqv�\xB4\xA3\x81\xDDZ\x81\x8C\xA6\xCC at F~\xEA\xBAa3\x8F>h\x8A j-\x8A"TB\xAB\xDE\xE7\xFA�X�B\x8B\xD1N
-�\x89\xCC\xD9d%JW�ܽ\xF3\xB5\xC8T�\x8F\xBF\xC8$\xFF$H~@\xB2�&j��M\xA4I\xF2\xFC\xE9.\x87\xBF\xF7yw\xFA\xDCB\xBD\xD0ۊ�F\xF6g\x84\x94p\xBE�\xE1\xDA\xC07s\xBA\x89&RD\xEE(\x8Ap\xC53\xAF\x83g\x83L�\xAB\x8C\x98\x96)\�\xB0\xAF��b\x84\xEEe\xFD��\xA1u1\xEC�9\xD4a\xBA\xD40\x95i
-l]\x98d\xDE\xCAN\x8F\xBAw\xDA\xF8w T甼T\xA0\xAD31&\xD3\xE3�\xE2�\xE5�"q
-\xE8{\x95tjI\xF5O\xD9#u\x89U\xF0\xA4\xFB/qA\xA9S\x88\xCB\xD5[�7\x8A\xB7o\xD14\xC6�\xA6^\x9Eԙ�Q�\x99\xA6\xA4Lz\xF29QT1q�\x86}\xABcaK"\xAAQv[\x91,P.\xA3d\x8F¡\xF9:\xFC\x9CF\xAA\xB1\xEE\xA4R=\xE9Y at A
-�\x87�\xB6\xFAL�\x819\x9200#\x86\xF4�}\xE0\x85\xDA��\xAC\xEB\xE8�\xBE�>\x80\xE0)\x85�fb\x88\xFB\x867sӿ\xD7\xC4\xC5}\xE4׊\xB3\xD2g�\xCD�\xBF?�FІ\xE6IP\x9B�\x98k\xE9�\xF72\xE8\xB4\xE02|֧\x99\xA5\xA3[\xB6WBM\xE5t�\xE8\xB3<\xE8\xF9:2�8\xA2\xC4�;Xf1S\xA7�\xB3E\x8F\x8A&\xB4\xD7\xE50\xC4���0d\x975Ť\xD04|yl�\xE6\xA9@\xC4r\x98l\xE9\xCB@\xC8}\xB1}\xB5\"\xF2S\xD0d5\x8C\xD3k\xF9p�\xFC3ʇ\xCF\xCE
-+\x98^h\x80&9I\x89\xF2\xDD�3\xA5\x96\\x97�q�a\xE2)&J\x99N�Bb0\x9A�N\xED`\xD2�.'�39\xEB4^\x80\xEEg(}*v\x96�\xF5
-d \xAF�\xF2\x88\xA6:\xF4w .�\x8C\xF45%\xB5S\xAF�s\xFD\x98?\x99g:S\xC2�&\xABt|E\x9F4\xEEsFC\xCF�\xAD\xC9Agd\xAB'�geߺ\xCC\xF7h\xDBghj34\x80\x9E>\xE6\x80\\xFB\xB6=\xF1\xFE�JY\xDBQ\xE3$\x8A\xD8]\xB8�\x88\xFA�\xFFܕ~\xAD\xA1\xCB\xD8\xD6\xE5�\xFA\xA5\xB7\xFCD7_\xCAk\xFE\x81o\xF9\xE5\x9F6=:\xEB�\xEB\xF2s\xE2\xB2�\xD8\xD2\xEA\xCANr�a\xFD?{\x95>J�\xF4^\xEF(\xCF%ZR`\x93W\xFB\x80[s|-\xF0\xAE\xF6\xFC:Q\xB0\xF8`qX\xF3
-d=\xFD\xF3\xE1� �\xF7\x87\xEFҷe�\xBFQ\xE9;)1\xC4\xDA*�\xCA7\xBCع\xB0\xF9n\xE9\xFB`\xEE\xFB\xA5\xB5�\x90.{�_\xE6Ι$\x8E\xDB�\xD5\xE46\x96\xA5\xB3\xC1\xBB\xFAc\xCB�\xC4\xFE$\xFA\xC4\xFC\xD2Gy\xC6\xDF\xEC�\xB3\x88\x82\xD1\xF72@~\xBB\xCC\xFEH\x82D��\x9BX\xAE\x97v\xD1 \xE2t\x87�\x92Ɵ\x94|\xF9fO\xFBc\xEBQ?U?\x92N|�b�k\xBE
-\xD4t\x89\x90\xF2)MA\xA0\x87稴\x8B\x9BNJ%\xEE\xA0*\xECN�3z\xF6\xFB\x98 \xCD\xF0\xD790´\xAD~\xE2܊Og\xBD`\xE9\xC6.\xE6%k�K2\x9Cj/z\xC8}\xE2\xED;Z\x9DтtZ\x95\x84\x8C\xB1z\x8BD\x90
-\xD3NZV\xAB\xCA\xF5BE\xED
-�\xFDL\xA1T\xF7�\xC6{\x9Ai\xAEG3ȥ\xE3"y+\xE23\x92\xA7[cͽ<\xE5\x86�Q@\xF2\xE6\xEC+�}\xB7\xF7\xBC\xCD\xF10\xFE\x92�\x9DD\xE2%\xDF\xE9fL�\xB97\xAE\x87S\xECD�n\x9F��e\x8D\x8B\xEF\xE3F
-c\xE9\xAF\xFF\xE4�φ=j\xFD\xFAÑ…f\xEC\xC1\xB5�A\xCC^He\xB1\x9C\xC6Ì€PP\x8B at S\xF2\x98\xC8�\xC85D�7\xC2\xFE˃\xAF\xED\xE3�\xECo\xCE�64ÒŽY\x9B]l_o%а\xA4\xD2�\xC9S\x8E\x9A\x8F\x8C\xE6�\xA9\xF3A\xFC\x8F\x9Fh\xF6U\xF9\xBB\xD0y\xE8v\xEDS\xAC\xD0D=\xCBO\xC3x\xFDa\x93\xB2I;\xCA�\xC3Ö‰do\x93L\x81�\xC8\xC1d<\xB1~\x8C��\xDEg\xAE��\xA8\xD9\xCF\xD8\xC3\xEE��p\xF0z�Õ±5\xF5*\xA82\xD21\xB72B�\xCF`\xAB\xF9\xF1G8n�\xE5^{�bh\x85Þƒ1K�\xF7\xA9\xE9�VZ\x98g\xED"2eF\x98\x88A4\x94\xC8T�\xF8xzrA\x81\xA4\xDA\xD8?\xDF]\xED\xDD�\x9D\xC7K�\xDA \xE2\x81��>/oA,\x99\x83\xCD�ßš7\xB12\xD6\xF5\xD2%\xDD\xE1\xBB\xC6A\xFC\xC4jL\xEF\xA6#\x98!�el\xB5qÏpj\x8D\x95\x9Ea\xEE\xF1\xE6"\xAC�\xB9�pÈ®\xA1\xB3�\x91\xBE\xACp_�Û°~\xF6\xACY\xE3$\xC4�/\x82\xAC]\x8B>\x927\xE7W\x9C�\xB6*C\xFCGž\xA7\x930#,\xD9\xE2\xF7�4)j\xD2-o\xEF-\x8E|?\xC4-\xB9\xF9\xCB&\xBFI\xB5B\x9E\xDBh\xAB\xA3\xDEE�,\xF7\x97�TÍŒ\x89\xF0\xC5d+pY\xB4\xE8\xB4[\xD1[\xF3\xE4r\x9B\xA4�\x96\xDB�#.Nk\xFALK \xF5\xC0z?|ì\xFE\x85"�\x8C\xB2*\xE7\xDD#\x8A;\xFE
-/\xC1\xBE\xD5�\x99u�\xDBfxA\x85\xF7\xB1\xF8\xCAx\xAD\xEBL1\xCA-�\xA2�\xE6\xEDY�a\x93\xEAKᰬ\x86%\xF5= \xCA\\ɨ\xB2*\x89)s,\x9B]\xF8\x8C\xC6\xD7!;yp\xD5\xE3Q4\xCE\xDE0Q\xD5\xD3\xF4\xCDo\xFAy\x8FAyuU\xE7\x98C\x94C\x94�\xEA؇o+\xCA鼡
-\x8D!\x82�����Wc\x87q\x85\x9B\x97\xC1-\xAE\xE4\xB1s:\xA3\xB8\xF9\xE6f4#�W\xDF\xD0z\xBD]!{\x8FׄwET\xE8
-\xECy\xEE\xA2LF׆\x8B�\xFAa�\x87\xF5b\xCD-d�\xC7&× \xDA
-\xF6\x94bÇ\xD0�\x83 9\xB5\xB3+&�ì\x93[8�Y) +T\xEF�D>\xEC�\xB9BÙ˜c\xA8E\xFC,\x84\x98L\xE5\xF70\xB1\xE4+\x83;�n\xA7\xF8r\x92H�N[\xB5\x87\xDA\xF6\xCE=�\xFA\xF4\xC8\xF4dW\xCCNP\x96t\xAB�\xE4\xA1i\xFFc\x83\xA8\xF0\xDE "\xB2`\x8C�\xC3�\xA9\xA3\xD1��\xDD{�(\xE6\xB8\xCBf\xDE��.X\xE7�tri\xAFh\xA4\xBD8\xF2�\x9E\xBE\xB3pK\xC7\xF9\�\xEB\xFEǬ\xD0(o\xC8\xF9Ï \x9CO5\x86�� w\xAA\xD2\xDD\xE4Ê™\xD9�\xC1\xE6)�\xD0\xFA\xC3w\xB9�\xBF\xDD\xEE\�d?�\xA0\xE5$\xB5\xB2 ?(\xB0\xA1\xC2�\xF2r>9�\xF0\x96u \xE9
-'8\xB0YÒ§�hZ\xB3�\x94\xA3\xBA؃���\xEA\xC9\xD4��\xF6\x90wl"\xE9Wi\xDF\xC88\xA2\xA3_\xF87W�l\xF5\xB0Ù\xEFLE
-\xBC\xAB/\xA3\xE2\xBCu\x91�&\xF5}\G�uA��+Ŏ\xF6/E`\xE5\xF5y�\x91ʽJ\xF7\xED\xF0\xAD;\x90z�\xA3\xF7
-\xAB\xB8\xA8o\xDE\xF98˨z�\xBBjI*\x8C\xBB\xE6C\xAE\xFB,\xB2M3no�\xE2\xA7W\xEF\xFD\x9C\xFB0-5\xFE6\x8Fڞ�\xE0M\xCE\xEE��n\xFE\xF7\xA8\x99\xEC\xDCr\xEAU\xAF�\xFE�q
- \x91x\xA3�\xB4J��60>y\xAE\xEA$\xB4�7An\xA6\x93_\x83\xFA\xB5Z\xB3�+�i5\xBAŇ\xC1) \xBF{iR�`F\xAAF\xFD\x93S�\xF0\x99\xF1�\xE5�\xBB\xFFa%\x80\xF0e\xE5\xF7u\xEC�\x86\xD2*\xE0\xA7�\x9C\xC5\xCA\xCE9
-|\xC0\xD1\xE5|,\xB4\xADH\x83\xE8n_\xD9\xCB%i\xB7\x98\xB3\xBCÃ'\xB5+c%�\xFC\xE9\xBA�\x96\x91Ý@;\xB6zu@
-\xCBf#�[2aP\xE0\xD8�\xC4\xEB\xA0\xFC�S\xD1\xF2�\x93\xEB\xF9I\xFD1\x9B\x84t\xFA\xC9b\xAFM�\x88\xB7g\xC3\xDE\xE7+k\xDA:\xD9\xEESRc�;\xA6\xA0EKZ\xAA\xE2\xA4\xD8jU\xA1\xAA\x90\x86z\xADi�R�\xFBR\x9E�2\xE3 \xAD\xBE~��\xE6�9\x9D\xA0\xB6hK\x8DI<\xFC�ORd\xD1*�\xE3A\x9FY\xEB\xEA�\xE0\x93\xBA\xF1p0\x9D\x9F\xE9�j<\xB0\x8F\xF78Kg�Q\xBB$`\xB9��d\xCC\xF94\xE0|\xD0È¥�\xF1\x84\xEE\xB1\xC3\xE4\xC2\xF1\x9C\xF0*S 妽.\xAER\xB3+Õ„\x84\xA7\xE6\x9Bu4\xDDZ\x8B]\xCE\xF3\x89\xFA5\xFDÃ\xEE9\x95\xD4p��"G�\xF5A\xECÛ²\xA8<\xE8QQ\xEFg7�,k\x9F\x81\x9Cx\xA1Ê\xD3��,/0\xEDV*\xD2>x\xEC\x80\xCB\xF8\xF3]\xC2}ã´„I\xA9\xD3\xEBs\x94�Óš\xF0\xB1\xDF�U\xDB\xF4\xD6E\xC9|5\x9F\xAE\xD0\xC1\xC8�Yf\x86\xE5?\xE5\xF5��N\xF6l�s\xCArO\xA9Xf\xD2P\x98\xED\x8B�\xF1~\xF8X\x82\xAD\xFC\xC0\xABW\x9F\xF9\x8Bè½¢\xA7I\xCB!\x9B\xA8\x84q;\xB7[\xF2'�@\x8B�9\xAA\x8C\xF2\xD5\xC2�Bi\xC2}�\x97&Å‹\xFE\x90\xAA7\xA4�\xDC<�$Qj\xA5\xBD\x80\x93\xA2A\\xA9\xF8\xB6\xA9\x9A\xF6}\xF9Nm\xA2�r\x95\x88\xC52~/\xB6^=1m\xEA"\x92\xD8$\xECR\xCEB�\xEF"\xD6ha\xA8��H&Û€\xE0;\xD6\xCA&K<\xCB�v|o\xE4�ϬAF\x91/ÜŸ\xC8w\xD5F�\xB5< \x86\xE6�vJ\x80\xAE\\xA7\x81\x9A\xBC\xEF\xF4~ntG\xB7�9%\xB8M\xA4x\xBD\xC4�\xA2\xAB\xC85\x8E��\xD2ܶ?\xAF\xC8\xCEó\xB8Û™\xE8]_\xC4~l\xF7?��\xC5<o> 7�`N�K\xC6��\xBE)a;]\xA5%س\xEF^\xBB\x9CSx5\x81O\x9D�\x91uy\xB7KE\xEE��\xD4ß\xC7
-�(Z\xA2`\x91\xAE~�Vp\xF9EaAzy\xF7UwJ\xADs\x81\xF7\x8C�?\xB4\xBD\x8B\x9A�|: }\xD2H\xBBa\x82\xBA\xBE�g)o}\xB3=\x8Brr\xB5M3v-\xEF\x80\xC4@�\xD9\xEC'p\xC5�X\xDFÒ–\xD7
-\xD5B\xBE\xAA\h~8\xA9$\x89\xBC\xBC\xB7\xFD\x987!�g;ɥ�\x90\x83\\xAEcf>}7\x9B\xF9\xE2\x9E\xD0\xD9Zس\xE3\xC1֖\x8F\xDC^-U\x9E&(
-\xD6�\xCBÓ»\xDCIF\xD9\xD8S\xAD\x98\xF5�OV_\xBAh\xFD\xD0�n-\xAE
-X�{$\xA2\xBD\x89\xBC\xFB\xA3@\x96rlZ\x99\xE2ɞˊ1o(\xAD�\xB6\xA8m�\xE8\xF6\xA1\xD0\xE9\xBB\xF7\xDD\xF5\x81\xE4I\x8C�]\x8C_-\xF4\x8B�\xB8\xDE\xFB��\xF2'z\x9F�T\xB6n�76Gت\x96\xB7&�\xFA\xECIĆ\x8B7�\xCEÔ‰\x89f\xBE<B\x87\x9B&�\xAA\xBD\xFA�\x8Cמ\xB4�)\x84\xC6c+\xA4\xA0\x9C?\xB5\xC6(�_\xB9\xE0\x99\xF10\xE1�NZ\xAC/\x88_c24\xED\x8CË¢\x97'{.\xF6\xA5d\xD6\xEE\xA7\xC7z̓\xAF\xDBK��\xC3{u�`\x87:s\xB1\xB9\xA0\xC1<\xBA�'\x97�0\x97 HMq\xB1L\xE5R�nC at x�\x9B\xF4s̈W6\xDF>u\xE43\xBE\xF5\x88;)EO4,�Źk&��l\x89#\x{14EF84}\x98\xACÙ¶\xB3 \xBDh\xF6\xE2iF�\x8F] \x8B\x9Cx'\xB4\xC5f\xCAb\\xF1\xEA{\xDD?\xAC\xB9\xB6=\xEA3�\x8F�\xA4XT\xD5�W\xA9*\xAE\xA7\x89\�E�e\xB6\xA9x\x91@�\x86Dz:�\x83!\xA1X\xBE\xC2K�\x94G\xBD�\xE8\xDF�>c{\x8DB\x8C\xCDC�\x8C\xB1\xB90\x9AU�Õ¼\x83�\xBF\xAAÝ•�5x�f\x9C\xE9\xC9U\x93Nh\xE8\xF2\x81\xE3\xBB�Z\x96$8\xFB훎\xB7\xF2Б\xDE\xE5\xFA\xB8;ß¾2~%~Q\xCD\xF7*|6ο\xC0.\xA9\xF3\xB6H&l]\xE1\x9E�\xE7\xB5\xD0[\xE8\xF9%\xA5�κƬ���!�\xD9rOx\xC6!.B\x98�\x93zuW,\xD4\xEAr\x8B9\xE5�\x99\xCAT\xB0CHÖ‘_e\x91\x89\xFF\xF0�:\xFB5r\x80\xFB3.\xF14v\x97W\x94\xF2]\xAA[)\xEF\xF3\x96\xE4\xD9\xC0\x97�݈H\xBE\x8F\xCC\xFB\xF9S\x8E\xB8+\xB9\xBA�fS4\xE7H\xF5\xBF�\xDE�zy\xE0\xC2*/\xE7%�\x8A�\xE2\xD7�\xBBÍ \xCF�8\xF4�\xE6\xE3m\xBA'7�\x85\\xEC�\xB0\xC5\xF7K)8\xD0��\xC1@\xA3b\xC5\xEE\\xE7��\xB1\xC4\xDDÊ‚\xD7[�g\x93\xA9\xBB�5\xE9�\xAB\xC5Ö¡\x92��'\xAF\xD4\xEDÌ¥\xBA\xE9g\x88<��\x82\xE2\xA2\xCF8��T\x8Aq\xF9�\x9C_U�\xE5=\xA2�\xA6#f\x9C\xDE*\xAA6\xED�\xB6\xB2*\x81\xE6�\x9B\�oi\x9B\x90\x96\x95`\xFB�lj[\xDBW�*�\x88\xBB\xBA\x9C2\x8E(\xCBt\x8Cp{�\x88��\xA56\xCD]\x9A\x86}\x84\xAF>{?'C\xC6\xE0\xA75z\xEDE\xEB\xDD\xDA\xD3\xDE&v\xF8\xBE\xF6\x8A
-\xF7dYc\xD8L\x898\xE0\xC7\xC9u\xB0\xE0\x95G\xCBݚ\xCE\xF1t\xFB\xEBV\xB2\xAD\x88\x92e\xD3\xEB\xFB\xAD&K\xC5\xE0Ⴣ\x91oS�*.m\x95\xBB8\xD5\xEE\x8CWQ�\xEC3\xCAD\xCC\xFBj O�pH�Y�\xB2\xEF\xAEf>׼\xF9\x89�_\xF4\x9F�\xF6\x91Ƥ\x89\xB4\xBB\xF8|E\xC0\x92�=P\x9Dz\xEA\xEE�XD\x83%\xBD+C\xA3\x881_\xF9\xB6�\x87=A\xFDY\x9C:&Aa\xFA;\xE6\xACU\xBE\xF6�\x8D\x8D\xDD*\x93\xCDXJ\xB7=\xE0\xB2\xF9\x88�1\xA6�\xAC\xFD<�\x8F\xF0\xBB\xA9,|�#
-O!
'C\x83�\xB5\xEB\x93M�]\xED\xBC\xE6�f�\xB0\xBA\xDCS4\x87�A\xC7\xF7Mj\x80\x93ҷ\xD0\xF6kx\xF5\xCA\xE1\x9E�\x99\xCBG\x87\xDE\xD5\xE9\xFA,\xF3\xD4�92\x82¬
-߸gp0o9)\xC1M\xA3\xAB&ChVF=Vv\xAF\xF1\xF5\xADÅž\x8F\xA1\xFC\xDC\xC8T\xB7\x8E\xEFv\xE4(Ê´\xE3�\xE9\xBF7jzä \xBE\xB9\x8D\xC26]E\xB3�ÚŸ\xC9\xDEeI\x9DG\x90OI�\xF9\xE7�\x85&�\x98�+\xCAZ Sl\xA9
-\xCD`\x83\xA9c��\x8F\xBDG\xAFLs\xE9:Jθ\xFF\xCD�\xE0\xFF \xFEO�X9B,\\x91p'�W�\xC0�O\xD3y\xA9endstream
-endobj
-2077 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 66
-/LastChar 78
-/Widths 2739 0 R
-/BaseFont /CYFTJP+URWPalladioL-BoldItal
-/FontDescriptor 2075 0 R
->> endobj
-2075 0 obj <<
-/Ascent 728
-/CapHeight 669
-/Descent -256
-/FontName /CYFTJP+URWPalladioL-BoldItal
-/ItalicAngle -9.9
-/StemV 114
-/XHeight 469
-/FontBBox [-170 -300 1073 935]
-/Flags 4
-/CharSet (/B/D/I/N)
-/FontFile 2076 0 R
->> endobj
-2739 0 obj
-[667 0 778 0 0 0 0 389 0 0 0 0 778 ]
-endobj
-1450 0 obj <<
-/Length1 771
-/Length2 1151
-/Length3 532
-/Length 1711
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDRiTS\xD7��\x91\xAA\xA1\xAC2\xA9\xA4j=,\x8C�iF
-!\xA1\x80��D�\xA2a\x9E$\xE6Þ[\x92{\xE9\xE5�\x922\x888PIU\x96Elt\xC9(*J\x85UE\xA0�(\xB5\xC4*\xB4\x80�i�\xE1�\x96χT\xAD\x8A\x80Ó»`]]\xA5?\xDF\xFB\xF5\xD6;\xE7\xCF\xD9\xDF\xFE\xCE\xDE\xDF\xF9Φ\xB9E\xC8�"�\xDB��c(\xC1\xE009B�(\x95J8l@\x9E\xD9l
-\x8D�\x88\xC3r�\xC1\xD0 9���G \xF0�\xAB\xB5j\xC0]�\xD8|!o\x85\x90ǧ\xD0@ \x96\xAEǑT��<�\xE9\x93$>�i`�Q\xC8Q \x95�*XC\xD6P\xC8\xD5@\x86)�\x98\xD03\x81H\xAD�\xEB'od\x80\xF5p�\x8Cg\xC2�\x93\xC2\xE1 �Q�`#\x9C\x8A\xA0�֤& \xAA\xC4 \xFF-�i\xD3ߥ2a<\x83��<\xA6d\xD2�)�\xC2P\xB5�@\xB0\x92\xC2
-\xC7\xC8n0\xA9\xE5\xBF!kz\xF1`\xADZ�.\xD7L\x96\x9Fr\xEAoy\xB9�Q\xEB\xFF``\x9At-�\xE3@\x8AA0\x8EN\xA7\xC6\xC0o\xC5Ia�\xD1j\xA6g%\x84\\x8D(Dh\xAA���\xCEJ&{\xE5[�\xC9�Ft0�\x81�
-�P\xCA\xD5�\xF0��\xA3\xD0t%\xA4S:X\x92\xF8\xB5\xE1q�\x9E|\xEDT2B\x8E\xA0D\xA4>��\xEC?\xD9S1\xE7Ϙ4 Gt \x81\xCDd\xB39$\x91\xDC\xEFNIӚ\x89Q��!h*\xE0\xF2\xBC\x80�\xC7\xE5z
-9Dd\xC4�\xD9�\x80\xA0�\xAC�\xB0\x8ET\xCCb\xA2�A^�\xA43\xB9@\x89\xE1\x94\xC9\xF5b�\x96�\xCEȘD\xDF�\\xC0J\x9D\x9C=ҽI\xEC\xEFO��\xC0tٌ�\\xC0\xE0\xF2\xC8V\xEC\x95ހ\xCFc\xE7\xFE\x85\xA8\xD0\xE28\x8C�S\xE3C�\xF4.V"\xA4\xA70\xAC\x83��\xF3ML\xE1\xB3\xF5\xD3}\xA7\xB7\xD7扫\xBB\x8E\xD9\xD23��\x8Fl\xED8\xBF\xED\x94ч9\xDC\xE7\xE3t�o\xFA9�\xFE\xE8w\xC7m\x8E\x9F"\xC7�JG¾aAJ^?\xF5\xB4(ǔ-cm\xEBu4ٻ\xD0+\xF7\xCBf=T�'&ϸ\\xDE\xDE\xF6\x81\xE6\xE0\x8E{\xE6Ŗ\xF4&χ\xBF\xB8?\xBB\x9By޶~\xCD}�\xBF\x8A:R4\xB3\xF6\xD6\xCDWO\xF2\xD26u\xF6\x9B\x{DF86}܇J)I\xE5g\xD6셣\xFFy\xB7\xF8\xEAă�\xAC�3\xD7\\x9E\x9F\xB8\xFF\x99\xF3k3\xB5\xEDNO\xDAm{\xA3\xC0P.\xB5\xB9a\xF4}9\x87M\xD7)�:)\x9C�i\x8Bͱe\x82\xD52\xE1\xEC\x85^ף+\x8C\xC0\xEAC_7c\xAC_Ks\x98\xF4\xB7ك\xDDt\xC1\xA0\x9B\xF1\xFD�IAnih\x8C$jt\xC1\xB1J'E\xED�\xB5oH
-\xD5�nh\x8Bo\xD5\xF8\xA1��-
-\xEB
-\x9C\xD2�\xBA\xB8\xBE%\x9C\x{126F74}\xF5)\xE3\xAFh\xBF/\xD99\xF3iҋ�}\xCF\xDF�\xA8\xAD��\xD9nV\xAE'f\xC4xz�\xF0\xCF\xF4\xF0�\xA6w\xB0\xA9\xB6׾0\xB9\xC5\xC9U_\xDD#D\xFE\xA1}v\xAB�횟\xFC�rZƤ Vp#\xDF\xE5\xE6\xD1/\xDC\xCD\\xCA}\xE1\xB8f_\xC5\xC7\xD2x\xCFo\x9BM{�\xC5:+A\xDC%\x{11306A}G\xFF\xBA\xD4j8\xC0M��L\xE8K9�y\xCB\xF3r]\xE3\x85\xEA \xE7\xBA™I\xA6\xE6\xE0\xE0\xEA%ͳ\xB1\xDE\xC1\x80\xF9n~\xCE�}\xE6:\x88�-\x91@\xB5\xCB|\xB1GW\xFC at u.lj71\xBE\xE8\xB8\xD0\xEB`\xCFK\x9F\xA1\x9FK\xA3LM#G\xBC�\xE5\xD9�mY\x90\xB6\x8B\xF9 ry\xB6\xF7o6\xE7\xC3\xEAR\xF4]\xDEu'M?\xCE[\xB6�\x8A\xCCa\xACۗv\xBC6\xACv\xBBF\xFFX0g\xEF1A\xC3#\x8EMEι\xA7\xA2\xE6�\x94\xE5x1\xA8\xF7�\xDB\xF4l9\xBD\x9D\xB6\xE1J\xDDc¡8\xE2EU
-�\x8F\xF3?\xDBÚ†\xE2\xA8\xE5\xC4xv&\xF7\xEC\xDA
-<\x9F\xC4\xD4\xD7=~G\xD6�\xAA\xC9Þ½\xE9\xE1\xE3[+�\xED\xD8@�\xDA
-\xF4�
-\xA8\xE9\xE2\xCFK\xF3\xDEl�\xED
-\xD1\xDA9\x8A\x9B;�\xCC\xE8\xBDc\xC6;?\xF6#\x82\xC1-\xE7�9j\xDD}c\xBFY\xEA\xD7J\xAD\xBF\xF0\x8F\xB1U\xEB�\Ged6[�\xE7Yd=0A\x83Z\xAA4u.4\xC8\xC5r9@\x9E\xEAav5I\x9D\xBF\x97<uEM-\xE9\x86\xED\xC1�\xED\xF0\xAB\x93եѬ<K\xEF\xAAS^nÄš\xB1*!*[*9\xAD^n5\xE3\xCE̱'\xA5\xAE\x96g\xF8\xE6\x83\xD7B\xF9\x8D�\xBB \xFFÛ•�\xF1\xA3\x95�\xBEw\xBB'\xB4\xF9\xCEWF\x8A:=\xB3B\xAA\x94\xBEI\x90\xEDM\x99\xAF\xCC\xD2\xEB\xBA\xE6e5w\x97-p\xA8\xD0�2<\xB6\x9EY\x9B\xFD%\xF7\xABÓ†\xA6\xCDV\xF3\xF0pI�\x{11DD6A}c\xFBuç«¡\xD1\xF6�Ζ�\x81\x8E\xFB\xFChlg\x81\xCD\xFB\xB9E\xAB\xA9\xD4\xCFP\xC3\xD2\xFA1\xDD\xFE\xFA\xD02K\xFFÑ\x97\xB2\xA2>,4\xDD\xF5\x88v-�\x97\xBE\xB6\x8E\x8B\xAE�\xEA\xB0.O<\xCC�:5)\x9A��{.V\x95\xD8�\xAD�\xC4\xCB"��\x{DDD3}\xB7\xAC�\x96\xD67\x9E\xD8m\xB7\x83sH\x95S\xD2=\xB7\xB0e\xD6Â\x9Bqy\xBC,SV\xF9u\xBC\xDFy~Af\xF4\xB9`^\xBF\xFF\x9C\xEF\xDD��\xAB�(9\xF7\xE4P\xB1\xB8\xE6`\xEA=qoh\xCEs\xFF�>\x80Þ³
-�]\xF2$欱\xA8\xF0\x85E\xD5wƻ\xA2D2|\xA5Kt\xABm�\xAD\xAE[\xDD\SV\xB8G:\xB7\xD6i\xC3{!�\x87;\xAE�\xAF9\xF8\xEE\xEE(\xE9\xE0}\xD6>N]F\xBC|\x9Dpj\xB9˷\xFA\x94bNP\x8F\xE1QH\xEB\x9A,�=Ҋ�ه\xF759\xB5\xFB3\xF3\xF3Ee�\xDD7v\x8D\xA8\x92�;\xAF\x97\xE7\xFF\x8AF\xC9�\xA9�\xED\xD5\xFB\xE7p\xA2\xF2Y~\xED\xB3\xF0\xC5�\x9BY\xF7?\xBA�\xF7\xF9w)5\xFC\xC1\xB1�\xE2֤k\xBD_\x8E\xAE\xDB\xC9iNbѓ\x8A�rbU�o\x9Ey\xE3Ӭ\x88\xC3�\xD5Ժ�\xF6\xB8(\xFF/\xF0?Q@\xA1\x86\xE58\x81i\xE4x�\xE5\xDF7\x93\x8C\xABendstream
-endobj
-1451 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2740 0 R
-/FirstChar 60
-/LastChar 62
-/Widths 2741 0 R
-/BaseFont /IZONYB+CMMI10
-/FontDescriptor 1449 0 R
->> endobj
-1449 0 obj <<
-/Ascent 694
-/CapHeight 683
-/Descent -194
-/FontName /IZONYB+CMMI10
-/ItalicAngle -14.04
-/StemV 72
-/XHeight 431
-/FontBBox [-32 -250 1048 750]
-/Flags 4
-/CharSet (/less/greater)
-/FontFile 1450 0 R
->> endobj
-2741 0 obj
-[778 0 778 ]
-endobj
-2740 0 obj <<
-/Type /Encoding
-/Differences [ 0 /.notdef 60/less 61/.notdef 62/greater 63/.notdef]
->> endobj
-1439 0 obj <<
-/Length1 1199
-/Length2 2269
-/Length3 544
-/Length 3058
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDWi<Tm�\x8F2e$"˃8d�a\xCC\xD8Me_{\xC2h\xECT\xC6̙q�3\xCCb\xDF"\x8A'[Y\xDA$K�\xD9*EeK\xB4\x98("4\xDA)\x89\x92%K\xF4\xD4{\xD4S\xBDOo\xDF\xDEo\xEF\xEF=\xE7ù\xEF\xEB]\xFF\xEB\xBA\xFE\xF7u8*\x8Ax\x82\x969\x99\xE1�\xDA0\xE8l-,�\x83��\xA1 ?�\x8B@\xA4\xEF\xD0\xDA R9\xF6l"
-\x80�}"RE\xC5�b\xD3\xC0_\xBA\xC0\xA0%�$\xB2!�݊Ȇ}\\xFC9\x80�\x91 \xE8` ,�\x871\xC2\xE9a\xE05F\xF7\x9B#\x83\x89�\xF0L(\x88� \xE0A6ȤAt�\xB2b\x908A \x9DM\xE0��\xD3 \x90\xBC�d18L�\xC8\xC2��\xB8\xC2_g�,�\xC1�L\x88\xEA\xCF�P\xAE;\xDD\xD5544X\xB0\xC6\xC6ƀ_\xC47�\xB0�Y�\x95�\xA8‹P\x90\xC6�^\xCE�S؂t\x90 �N^\xF6\xC5S\x88\xD6d\x88\xBD\xDC6\x80\xF2g\xB3\x83q\xDA\xDA\xC1�"�\xDB\xD0,
-\x9A�\xB2\xB5\xD5\xE1b\xAD\xE9dKF\xD02��\xB9\xAC\x9F�\xC4�Ipc�Ú¿\xD20\x90\xCE�\xA3G\xFD�\xA2 at t\xF2\x97\xF6Èœ`mW:�\xC2�\xED\xAD\xFE�\x80M\xC8�6*\xC8�\xF41:�c\x8C� \x86 `8\xC9_{9\xB5KD0\xF8�\xC4.\x9B\x89trLT0#�\xA0�i,0�\xA2\x80\xF0��\xC5"\x86\x82 \x9B\xC9�c\xA2\xFE�\xF8\xE7�\x89\xC5�d\x88\xC4�\xFC@*|$?\xD8a3H\xF9\xBAw \xB2\x99P8\xE0\x8DAc0X \xB3\xFC~_\xED\x82�\x97Ì \xD3"~\xB8;�\x83@@\xFBw\x82�\xC1\xC3Q\xE3W\xFD\xF7\xB4\xB0`\xC0\xB4ZXC#@K\xC7H�\xC0b\xE1>\x8D\xF5uf\xFD\xAE\xC77-\xBEX\xF1D\xE8\xEFZ1?(\xED\xE9��`\xFC\xB5%X\xCBom\x85\x82L�<\xAB \xEA\xCBh\xAB�\xFF\xE4wd\xB0!��\xA0~\x8C\x91�F��O�\xFC\xC1\xFEr\xBC\xFE\x81\xFFr\xC8~\xCEaáѾ(\x83\xFA* k\xC2�v ˪\xD0\xE0\x8B\xB3\xAC�D\xFA\x8F(b�D\x8B\xF8E\xDCÏŽ\xEE\xE0\xD7�\xF17\xDD\xCF\xF0Wvs:\x95��ZX\x9D\xAFF\x88e�\x85\x83d<\xC4&\xF9\x9D\x9Dor\x93\xBF\P�\xCF`A\xCBW��\xD1\xC7\xFE\x84\xB9\xF8C\xA4@:\xC8b\xC1\x87\xF2��\xE9䟒Z\xD3I�2D\xA7��6<\xA2D&\xF9\xBBa�&q\x98LX\xA7/'�\xC7~\xDBS \xB8D���IH^?\x83\xB4e_@;ƅs\xE6\xB2aZ/\xEF\xEA\xB6�\xB8\xCE}\xE6(\xE8!\xD3h|\xC3h\xFEVG\xE9\xC03\xB2z\x85\xB3F9\xF9V\xF8�\x93j\xEF\x95�+\xF9\x923e\xAD\xD3�\xC3�\x8D-\x9AЫ\xC5Ä“\xC4\xF8\xEDRdÞ /luÄ\x9D\\x83\xEA\x9E´\xC9d�\x94\xCE+xm�q\xD3\xEE\x9DbÅœ\xA7\x8A\x89\xE5�1B2C"n\xE3\x82׫\xD1�'\x84\xAC|Eq\x95\xA0\xD3h\xBF\xBA\xB1\xE4b„\x93�-\xD6�\x87\xB8\xCFm\xB6\xC2�$\xEC\xCF�\xDA~\xB5\xEE\xDE�\xB5\xED^Buo\xE6Å«\x9A\xC4|\xFB\xFA\xAF[�\xEB\xC7\xDDO\xB6E\xB2k&\xFDd=\xCF�\xE2\x9A\xEF\\xD5Y\xF4/o\xA0,\x9E\xE3��\xEBo\xD7\xDD�\xFCP\xB3\xEB\x82;*\xED]B\xB3\x85\xC6\xD1
-\xE78\xAF\xDEH'z\xEC\xADPj-\x89)/\x99h){\x\xA7V]�\xFBRU\xFE\xC1R\xCB\xFE�a1^S\x8B\x80�|\xA0F\x9F?\xA8\xAC\xF0\x90\xB6oK^\xB0\x88\xB1\xD2\xDFj\xBEh\x91\x87\xD6!\xE4\x9D=\xEDsZ\xFA\xB8\xFC\xFB\xBC�D\x88\xBCY\x80b~\xA7M{F\xBB2\xEB\xB2[\xAC\xED%�yiB\xE6\x80\xE9u\xCD�=\xCF\xC7=6:\xACU\x99�\xBC\xEAI\xD80\xA6�`\xEBs�S\xB1&\xF6\xD8>\xE4\xCDJ
-R\x88캤Ҏ\x91\xCF<5�\xA2\xAD�\xD5 {\xF0\xC2~D\x8A0Y\xA9\xA3\xE6\xE2і\xF6c\x91\xD3\xD2M\xFB> \x89\xF7\xA7\x8C{b\xAA\x84+|\x84\\xE7�\xDDZ\x93\xDE>\xF0ފ\xFC$\x9B\xC9\xE7\xBE\xF9\xCDZ\x83C9�q&\x92!
�\xD7j!l믕\x8C\xA1\xAB\xD7k\xFB�\xE9V\xE5{\xE6j7\x91\x9A\xFBB\x89Ʌ\xD7[�\xF0B\x86�\xD2/\xA3Nj܌x\x93;ׅ�\xD76\xEE�\xA0\xF671[B�C�\xBD}\xDF\xEEN\x9819\xD9c\x{14704D}j\x85kj\xDEa\xFFsS\xF6\xBB�\xE2�\xCBꆲ^\xED\x9D}�\x9C\xF1\xBA\x96w\xA2\xD57"Scjl\x9F\xCF\xCD7\\xD6`\xD7�\x9E[h~}c\xA7B\xB4Յ\xF3\xEB\xA5t\xB6~\xF2\xF5\xD0\xF3xmz)\xB7\xC4\xEC�F\xFAzר\xCD�\xB7WI\x8E\\xB4\xA9\xBC\xB3Q\xA0\xA44\xE1P2{\xC9\xE8\x8F\xF3\x82\xF6Q�
-H\xDE8\xEA�o\xDFS\x81\xD8T\xB5i�\xBEN\x95\xF1\xE2\xF4��\xD2wW6�X\xCF{5��\xF5\xDF\xDEos\xEA�(=
-V�\xEE8Yd\xF8\xCA"\x9Ey�\x9A\xAA\xB5\x95j\xDE\xDDI9\xE0\xF2\xD0\xE1I\xFF\x86�9\x9D��\x89\x9CF-�\xC90\xCDu]K\xDD�\xAB�\x95dÆ–�rEÕ¯y\x9EW\x9C�\xE3\x96\xFF\xF5|\xFFQs\xFD�\xB6죹\x8BVh*\xAA\xC9\xE87\x87\xEB\x883�i\xB8\xEC��j^\xEFc\xA9H\xF7\xCF}\xD8y\x94\xC1\x84\xBDN�V\xBB|\xADÜ\xFB\xD2|\xE6Åš\xF5�\xC5Ã\xAF_\xE1l\xEA\xE9b\xEFO\xA7\xFA\x94\x88\xC9\xF5\xFF\xF9\xA7\xA2à \xAD��Dl\xAA��hd\x98\xE9ݬ\xB3\x9BQ��|�o\xCBo\xBE\xB7\x86\xF5I\xE6~\xDCjt \x84BQ>\x89�\x8A\xC6\xE6\x97g�L\xBCO\x8CJ\xF0Z\xB7b\x9D\xFB\xA5\xF5JH\xA8\xC0hb\xA4)Q3\xE0\xF1\xC1\x8A\xAE\xC8c\xBB�\x96a%\xB9<\xF1\xDC\xDF^\xAC>\xAB{B\xC66��c�\x9CN\xB5\xA1\xF9a:\xBC2\x92�sv#kB�\xBEG\xE2-\xF6�
-\xDE\xEBxӈڂ�\xEDI\x95\xB8\xA4\xE8q\xC0�\xFB\xC2e�=l\x82{\x8C\xB2\xB9d�~D\xF3/\x83\x9Cc\xEB㤂\xA8\xF1XѩF\x8BH\xC7{u\xE6\xA5a'\xD8z{\xEA\xD7\xE5�\xC8\xF0e\x81\x9A\xE4M�\xD9MJ\xBB�*\xC2|CR̈́\xA3~\xDB�f榑ʘ.f\xDB)wJ\xAD*\xBC\xA4_\x8C*\xB9\xE2�\xFF\xDCX;\xD6y\xF1\xA5\xF9L\xF1R\xBA�yvix\xB7\x8Fh\x91�\xAE\xBB7%J&\xB1\xBA\x80.\xAE�\xBC\xBB\xD8#\x85�\xBC�\xFF\xE8\xBA\xFF\x96\xAC�\x94\x91lLo\xC0.\xB1\x88\xE7UW\x8A\xB3|�U\xA9ޣ\xAD\xB5�µ\xC3rq7\xCBĶI�\xDD\xCAUxm\xDB*\xCA\y"��\x99t\xB6_\xB8\x9F�\xE3C\xB4Ҋ�v15\xB9\xD1f\xDF#\xBC\xE3Jk\xC0�\xAD\xDE0\x87L\x8Cr\xA1\xC9�a\x8FZAC at TN\x90􄫲\xD6W\xCFض\x85\xB7\xA2anN{p\xB6�\xA8L\xEA`\xBB\x85.\x84\xEBvz\xAC\xF4\x8B�\xEAo�6\xBD\xB5fq\xAEu,\xC3Ҟ{\xB0z�ë\xBC\x88�\xBF\x9A\xBFᬩ\xC1\xD3=�\xC3`^\xAE\xA8\xA97߶\x94G\x81�2\xFFl\xAADn\x92{%g7Yk,1T\x8Fna\x98
-\xB1\xD1\xDD�\x93g��G77\xF3\xA5+�\x90C?
-\xFE1r:\xD0q\xF4c\xED!G\xBEy\�\xE3v^\xA4\xFB\xE1��\x95m9\x98\x83Ê‘G\xAFY{\xF6\xC6ñ¤ª\x86\xA0%\xC7\xF0\xB7G\xFC�[\x8Ez\xDCÚ† �8\x83\xCC\xC8sn\xFF\xD8\xDEY\xBF\xBE\xF7�OÃ\xAD\xDC\xE9.FM|\xBAÛ„\xF5Qi!\xFD\xAC\x89Yb\xE7I\xF2{$^d\x95\x97Ú\xC5w\xA5Ah\xC2\xE1\xD6\xC1\xC2�\xCD\xCCD\xE3A\x9B\xB7\x85\x9F>X�\xA5\x9FH\xBAVp\x84\xE3w'\xA0�1K\xF1kÎ\xB6o�\xCFtÈ �U6v\xA5�\xE6\xEF\x9F5\xE9\x9E�\xAC6\xA7\xD8D\x97\xAEs\xEF\x9E⦢?��J\x89o\xEB=~SÄŸ\x85(D�\xB6)_6SQ\xC3\xDBy=8ݬ,D\xB2ݺ{\xF3\x90\xB2|\xDA�\xEB#\x90B\x98\xD5\xEAÌ\xAA\x95\xDBKqK\x8A�5!\xB9'o\xC3�V\xA1\xF2\xE4\xB8{3\xB8\xB6�\xF2�|#Ï›O\xA9�O\xCA7\x84\xF4K:Oɺ|�\xD2-\xD3:\x99y4K�\xFDd\x8B\x95\xCCSS\x9D\xCCÎ’\x93
-\xC3�\x8Ao\xD3U\x9F\x9D'\x9C\xFA\xAC\xED\xE49\xEF\xE3$\xA2_"D8\xE6z�\xE1\xBE\xF3�O\xE8\x80Y\xFC\xF7\\xF8 �,e\xEA\xFC\x9E\xAB\xED\xD9z\xC6\xFEA\x91\xF3��\xB8\xFB\x9C\xDF\xC7\xEEkD\x89:\xDEF\xED\xF2�)ʾ�\xBF\xE8<\xC0\xF1�\x97\xCF�p\xD5{��\xCA\xEF|\xE3ԽF\xEE\xEA\x85Ҵ�Ť=ʦ\x81\xFA/�\xBA\xF6�\xAB_\x8E\xAF�㡞n&\xE7w!�
-FH�\xF3\x82Ϧ�~�b�?\xBBly�G|\xEB\x85�K\xA2\xDF \xB4h\xF6�\xDD\xEE�\xEB\/\xA5\x98\x9A\xEC4\x8F'\x9A\x{1E7578}Q\xEC\xA2\xE0G]\x9E\x86\xABg��I�\xE7S\xF7T\xA84\xDF\xF2\xA6۔^,\x9F��lL
-s�\xF2\xB4
-2�u\x81l�\x91y!\xE7\xB7Wu\xC7F\xF3\xCBW3\xEA|\xB2\xAF \x97�p
-\xCC@ \xF3+\xDD\xDCc\xB953\x98Y)\x86\xC4^\xA9>m7�U\xA2\xB5\xDB\xE3\xB3b\xF7\xA6\x9313\xD4W\xAE\x8BI\x87\xCAR\G\xF8=o\xA8c\xF5��\xBB\x9F\x95
-\xABG\xF7X\xA2bC�\x8B\xCBbz\xF6\xBA\xFA}p�IX\xC0\x9C\xE1\xD4|xz/\xAF\x97\x99\x99\xBEá ‚v\xBAmN\xAAB(U7\xBC\xB2�\xB8\xEF\x8F4x\x98\xB6\xB2\x98\x9Dy\xE7\xFA\xC7j\xD7\xCC8�\xC9\xE4\xA1ËO&l\xE8+\xA9}/\xF19O\xE7\xDD%\xBA\�㌄@\xF8\xE9\x8A�\xED̘\xD7\xC7\xD3{\x85\xBD{\x88y\xC4W\xB1a\xE5\xB7\xF5�\xC6D\x8C\xE5\xE2\xC6R\xC5L\x9D\xE2É¢\xFC\x9B\xF3Y\xED\x82[\x90\xA2\xADE\xB28\xF2x\xB2\xB3L\xEA\xEF\x93o�,\xF9EZ\xA4\xBA�{m�\xAF\x8C�\xEC\xD6-\xAC\xE9\xBEuS\xE0\xA9\xFE\xB8i�\xE1\xB1
-\xE7�\xE2\xA4\xEFx�k\xB6?\xB5\xA0H\x92/\xC1*K݈�]\x9D\x9B�\xEDp\xCC\xE9|R_\xB5\xD7
-\xE7\xB2 \xCB\xE1\xCD3EqZ\xF9f\xA6t\xD9\xECI\xBD"f\x8Ad\x87\xE8\xC3B\x83#O\x94O\xE0\xA9.\xE7\x95��7\xCCU\xAF\x8F\xD9\xE6\xA2v7|
-u}\xD6X\x86�\x94c\x9A4}`0\x88\xEC\\xC2\xEF\x9D2\xF5\xA0\xE1\xE4"\xBF\x80\xBBK\xD5'\xD49\x95\xC7h�o\x9E\xDEK\xB2c\x95T\xA1\xE4\x9CWŦ4\x8D\xBFXϟ\xE7\xB6�&p\xB7\x8D\xD9$��\xAD\x94\xF7$\xF1Ȱ\xAEכڧZW$l\xB2�Y\xCEY\xB3)\xB3L\xB0�{@1]\xA0\xAF\xB0S
-\xF3_>\xC8\xFF�\xFCO�\x90h \x91\xC9f��\x99\x81\xC8(&È‚(\x97\xFFÍ\xFF�\xEC\xDD@\xBCendstream
-endobj
-1440 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 97
-/LastChar 110
-/Widths 2742 0 R
-/BaseFont /KSHSXN+NimbusSanL-ReguItal
-/FontDescriptor 1438 0 R
->> endobj
-1438 0 obj <<
-/Ascent 712
-/CapHeight 712
-/Descent -213
-/FontName /KSHSXN+NimbusSanL-ReguItal
-/ItalicAngle -12
-/StemV 88
-/XHeight 523
-/FontBBox [-178 -284 1108 953]
-/Flags 4
-/CharSet (/a/c/n)
-/FontFile 1439 0 R
->> endobj
-2742 0 obj
-[556 0 500 0 0 0 0 0 0 0 0 0 0 556 ]
-endobj
-1363 0 obj <<
-/Length1 1608
-/Length2 7939
-/Length3 532
-/Length 8790
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDvgPTݶ-�HPP\xC9Ihr�M�\x91\x9CirN�l\xE8�Z��\xBA\x9B,Q@\xA2 9G%#A2H\xCE9\x83\xE4\x8Cd\x90 �\xE2C\xBF{ι\xF5\xBD\xF3\xEB\xDE\xF3\xEB\xD5\xDBU\xBBj\xAF9\xE7�s\xCC9\xE6Z\xB5Y�\xB4tyd �K\xA8"\xC2�\xCD�\xE4\xE5�Ѐ\xD9[:\xA3t\xC1�j<\xB2�8�pk�&`a\x91CB\xC1h�\xC2A�\x8C\x86>��B! y\xA8�@@ ���%`�\xC8!�Ý‘0�[4\x80]_Ç\x83\x8B\x8B\xFB_\x96\xDF! K\xF7xnw\xA2`6� \xD6\xDB��(�\xE1h�u@\xDFB\xFC\x8F7\xEAB\xA1 \xB4-�`
-\x83C�r\x9AZ\xC6
-% \xBB\x92\x86>@ \xEA E\x82\xE1 -gK8\xCC
-\xA0�\xB3\x82:\xA0\xA0� k�� \xFFk�\xB0B8@`\xBFKC\xF1\xDEbÉ ` \xCA�j�\xBB\xDD�u\xB3\x82:\xFEvq��\xA1H{�
-u\xFB
-\x80\xA1 6H\xB0�\xFA\xB6�h� \xE6`�w\x86\xFC&pk\xB7F\xFC!\xE4\x88D\xDCF\xD8\xDF\xFAn\xC1\xB4�(4\xCA
- sD�n\xB3j\xC9+\xFE\xC5�m�F\xFFÎ\x82ݺ��\xEB\xDBH�\xC2\xCA\xF9wI|\xB70\xB7^4�\xE6\x80�\xA0\xA1n\xE8ß¹,\xA1 ��\xE5��\xBB\xDF\xE6\xBE�sD\xC2\xFE\xD0pF\xC1�l\xFEÅ€�\x80\x84Ú€\x91�8�\x85\xBA\x85\xB9\xC5\xFEÝ\xD5 \xF8oÕƒ��\xE1\xEEv#\xFED\xFD\x93��\x8D\x82Ây \x80�\xB79\xADз\xB9m`��|\xBF��\xE4`\x8D \xF9\xFF\xB2C\x9C�\xFF\xE1s\x81"\xFF4\x88\xFD\xF7\xCCpÜ’ C��pw �jM\xC0\xA7\x81@ߦ�\xB0\xFF\xCFT\xE6\xFDω\xFC�\x90\xF8?"\xF0D\xDE\xFF\x9D\xB8\xD7\xE8\xBF�\xE2\xFF\xEDy\xFE;\xB4\xA23�\xAE�\xB6\xBF�\x80\xBF.�\xC0\xED
-\x83�\xA8�~\xDF1\xFFW,\xD8��w\xFF7\xD1�4\x84\xFE\xC5\xF0ß\x80\xD0\xE0\xDB6\xC88\xD8\xDCJ\xC1\xCF\xCB\xFF\x97�\x86R\x84\xB9A!Z0\xB4\x95-\xC0��\xBF\xED\xD1�\xBB\xBE��\x8A\x84\xC3�\xA0\xB7Z\xFEi#\x80�(,\xFC7\x9F\x9E-\xCC\xCA\xCE\xE1wÓŸ\x88\xFEqA� g~+\xCF�\xDE| �
-E
-�\xAE\xBFߦ\xA2\xB4nUG\xEB\xB9;\xDE�\xFB\xAF:\xD4�\x90.~c\xC8\xCA"\xDC \x9E<@�A \x8F \xBF\xC8\xEDa\xE3��\x88
-\x89z\xFD\x9B|\x80\x80\xFFZ\xAB\x83\xD1H\x98�\xE0\xF9m\xD1\xFC\xC0?\xA5\xFF\xD7\xFB\xAF\x95\xD9\xDF`��\xAC�\x90\xDFs\xA2\x8B�;@nG럆\xDFn+g$\xF2V\xD1?\xA7\xFD\xB6\xE4\xAC\xFF�9�\xEA�\xB5"\xF82\x85\xB0��x\x99\x98\x92\x84.\xA3\xC8\xE8�\x90\xDE\xD6�\xC4\xEA
-t\xCC\xFB\xA4\xF7>\xDB\xF7#\xA2\xD9'1xY\xB4\xE8\xC5ui o\xE5г\x9B:\xF7\xC9�ǟ\xEB*\x9C�=-\xE4p\xB6\xE6x\xE8A�\xAD��Gk\xF6\xA3�\xD6��\xAE
->\xF3<¤]\xC3p\xCF\xC3 \xB5%l\x93'\xFC��+�\xDA:\xE6\xB9\xD7w��5�"\xF1�\xBFs\xF82\xB9d\xFB\x922\x9F;�y[%TD\x925>\xAC\xC4 .\xCB\xD9\xD9e\x8D\xF9\xFA\x{5CB63DFB}\xAB\xB3\xF9�\xA7u\x9D\x86+=�\x9FE\xCC�\x9B\x905\xCC\xD7)\x9DF\xCAD\xBF\xC83\xC22��\xD3\xF11\xB6%\xA8U\x9F]pa昼jI�`\xB2\x85\xFF\xA9\xD0j\xD6s\xB7�Z\x8D\xF4\xF3\xF7T\xBE2\x9FÛ¿\x93\xF5\xA1\xC5M\xB3\xD3K\xE8\xCD\xEC\x878@\xFD,\xCD\xDAUB\x9Cu�\xB3 \xED\xFA\xA9\xF5\xE0[)\xEF\xB7m \x95�\xDF\xD5��\xE5\xDC 곺\xA3\x81B�\xBE\xD52\xA1Ä\xBEA\xBBTÑ®\xFCok\xE9w�\xCA\xC0ü\xED\xBE9\xBC\x97#5Q \xAAU��\xA5\xF8\xD1J\xA4�\xF1(K\xD7E!?)\xB6\xA2\xED\x98;�v\x95c19>�\xD6\xDE>�7\xEB\xC3Û£\xB9.�\x90\xE1�\xAB�\xF9\xCE��\xBC\xD1�\x83\xBB\xDFY\xAE\xFA�ɲ\x82ChCE\xEC\xD2fre;\xCA�\xCA�NN\r\xA7\xD6\xE8\x8E{\x84Õ—|E\xFB�\x97E\xFDB�\xE8�\xF1\xF0��r\xA8\xFCn\xED\x87µ\x8F\xD2�\xF4\xF4\\x8F\xF4m\xA9S{�/\x9C\xD9{\x93\xB9\xEE\xD8V>\x93\xF4O\xF7�\x9B\xB1\xEA׉\xC3E}N\xC1�΃\xA2\xF5�{me\xEA\xF7A�Æ€>�8m\x84\xF41�4�,j\xF5\xF5\xB2\xA6X\bd8\x842\xB3\xA4\xBFV>M��\xBCg\xC77\xC1\xDC�&N\\x80*DK\xD2\xDCO\xB5\xF8\xEE8\x95^\xDD\xE7\xF0\xE1�\xF2\xBCJ%q\xF5\x87 \x91\xAE�.\xB5�&\xD1�\x83;lX\x82R0\xCA\xDAc�K\x9F0-SÛ·\xFCߌ�G?�s�\xED��\xB7E\x83\xF2\xF1(\x80(\xA7\xB8Ëš\x92�=\xB4\xD8�\xF4�\x95\xFA��y\J6.\xE6\xEA�\x94,\xB3\x82\xACÞ»\xF3^%\xBAÞ‚\xB7V\x84(\xF5b*$\xFD=�y\x81\x9E\xE9\xCC�m�\xA9\x90\xEF�a9\x9E�o\xF1\x80�\x92\xFD3\x99\xD9\xD1S\xE2\xD7!\xF7\xD8\xCF\xE3\xD29\x8A\xC5\xD4\xE7\xDCr\x83Å¢\x91CB\x99\xC4\xF9\x9C\x8B-\xD5\xD52k\xB1�r\xA1\xF8\xE1\xC3Í8\xF2u\x9A\xC5?\xD3<\x96\x93G\xAC d�\x8F\xF9\\xAF\xED}\xDF\xF3\xB6>\xB6\x99)\xA0�\x81\x93\xF4\xACÉ«--\xAAsÒ0\xC8<P\xA9\x91૲
-\xFA\xFC\x8E?v�\x88\xD7;�`p\xFC\x90eu�$\xFAH\xD5n\xD80�\x8B\xAC\x93O<\xAB\xB1-\xE8Akf\xDDU\xA8\xC8G\xBE\xB6\xFB�&\xD4�,\xDAJQ>#\x82)\xB8\x84z\x9B\x90;\xC4Ò¸\xB4\xD6f\xEB�\x84\x97\x94<�O
-�\xAFd\xB2g\x8C\x82\xCBIӓ]\xE0\x95'\xF8\x95\xAB\xF5\xD9\xE1\xC7��$\xC7zX\x9CY�f\xD4�_\x98�@X7\xFALS�)!
]�\xA7)\xAC�M\xE2Ի7\\xABp�\xB7�\xD7\xD0*\xD7κu\x97\xFE\xB2C\xD8\xC1\x9AV\xC3N�\xF1`B�;�\x98�\xF2\xE9�\xE6VY\xE8ZJO
-هVja\xBA\xBB\xF7C�\xBA\xA5\xBC\xC2\xC4�\xFB\x85�@\xE0\xCD`\xD9\xE1\xF6�4c73\xEA\xED,\x8Ag�\x87\xEF\x99�>\xAE\xE1\x94\xE6\1\xC0^/\x819\x92\x83Ψm�\x97�\xA2\xBFh��\xAFEy
-\xB8oV\xB4�MJP\xBFnÑ\xF8v\xC1\xC2e�/�\xD8\xC0Dx=d\xF7S"\xC0\xEB\xFD�e-}I>%\xA9 \x97%o\x93\xAD\xF2\xC7�\x98\xFA
-w^\x99Y\xCB\x{D9C7}\xBC\xD5\xF9\xC6!}�i\xA1\xD52@{O\xBAE\x9D\xDCw\xF2\xA1 \x99\xDA\xE2e\xABH`�\xA8ޓm=J\xF5bF?\x96\xE0hI\xEC \x8B\xB5(t\x807\xA6\\x9FΙ\xB0B.j\xFA\xC8W\x93\xFDÂ"\xE1\xE5�\x91\x81\xC73\x9F��\xB2\xB7Z\xEBĎ\xB3[\x87\x8F9�\xF7\x82{A\xC7�\x9AGO\xC2Be\xED��\xFA4W򒖑Q�0A\xB4\x96\xA3;,�7\xAF.\x9F\xE1\xE3\xABb\xF7\xB4yS\xB8\x89J\xEF*\xEDr\xF1q�g
-\xF2\xA4
-\xB2N�l\xBCiB\xA6Z;D\xA7\x8D
-`w\x9CCb>\xBCT\xF7yelc\xBEs\xA1)\xA8oWpH\xD6\xCB�˳\x86�jQ%\xCDy\xFD\xDC6\xF7\x9C>\xEF� \xF5\xB1z�\xA4�MW%\xF2i~A\xB4\xAF\xEES/\xC8 p\xDE �7\xC1%\xDE\xC6ǟ��\x89�\x92jG1\x87PIu)\x896\x9DG \xF7
-\xAF\x9A\xB1�\xD4\xF6cxu-\xA2\xA8\x928\xEFԙ\x89�\xC4�K�\xAC\xB3";\xB1]\xE2�\xD54\x97A\xA9\xE6\xF1i\xA6u\xC5{\xB5\x9D*\xCF^\xE0\x9C\xF8}IͲjz\xB6u1-勸\x83�Ț\xA9�\xBB\xC4_
-(P\xC8\xE2\xFC\xA1]V\xE2\xE2,\xED�2��\xE5\xD2W,\xEE\xFFh\xA4\xA1=@*\xD0y\xAA\x81^\x83=\xB1jo\xB5n\xDA�Sh\xF0\xB5�\xFC\xC02\xAC\xF7l\xB9Lh\x82+*\xB1\xF4Qn\xB6\xEE#\xA7\xC5‡\x98o/\xD6o'2+\xAD^J\xD2Uj\xE0s�\xADq\xC4\xE60\xFF3"^ r\xF7\x96\xC7s\x85\x88\x80\x8Ec�\x81�\xFB\x9B\x9E\x8C9\xB0-M=\xFF\xF0�\xEF\xCA&\x8A\xC0򎦢\xFB_\xC0\xBA#K\xB4ĕ{\xCA�][-\xDB\xFE�\xB4\x91?�\xB0\x95\xAE\x87R%Q\xF3[\xCDz\xD6R\S��\x86\xA3E\xE3�\xF2\x9A\xE6d\xD3\xCF\xF8�\xD4�B\xBF�
-\x99B\xD8\xF5$Í’A\xA9�\x95Z\xE4\xDC\xF7R\xC1\xA1)Ï\xF3\xB6J�\xF5
-\x8D@
-�N/DW~\xB6L\xF9D�\xDE�\xA3\xD1�\xF1|�سpd\xDD\xEE,\xBDxAb/L, Xs\xD4\xE6\xCD�\xB2\xF6\xA8�\xC8_\�\xCCo\xE4\x9F�\xBA\xBCBE\x96D�1 \xBC/\as\xE1\xCAJf\xA2\xA1\xD5^־G#�5\xBE=\x8A\xD7j.\xCC\xEF9\xCF|\xD6\xCB>�\x92(\xC6\xF04�7\xFD\xA0Z\x927\x9E^�{\xA9\x8EʲڑN\x91*\xF9\xB2R9�\xEFĥ\xFF\x85\x8F\xF8\xE1\x9Em\xB0\xA3)�\x91I�$W\xB1�e\xCC�\x9B\xAB\x9FY\xF3\xCB\xF2\xC4�k畊u\x84v|\x90\xDBWzK\x86\x96\xEE$\x8B=Ĩ\xB2\x80,�!|a1\xD1\xFBH��\x9D\xAF\x97�@\xE8\xF4e\xA0\xF6p�o\x8Dhd\xD6\xFE:\xD1\xC3�\xF4\xDA��y\xA6
-\xB7\xD7\xF98\xC58\xB0*\xFD\xB6G\xF9�ⰲ\xA3�\x80\x99_\xB9\xB5\x84ٷ\x9E\xB6-\xDFf\xB1\xFA\xD5�Qb�\x{1E274A}\xA0=X\x9E\sz\xE5\x983\xC5 ]\x86N0\xA3\x9D\xDC"\xBC{\xCA\xC5)\x9F\xA2\x82\xA3C\xBA���5�\xB4\xB5\xFC\xFE\xA4\x9A\x81\xA4\xF5\xAAh\x9D\x8E\xC1&\xB7 \x91 \xCC+\xDCf��\xA5ΠZI\xEC\x94]�\xD2�\xDF�r�\xC3�\xAFu\xF3O\xBF\xAF>\xC3\xF0
-\xE1\xE6\xB0iE\x80\x8B\xA3\x83\xE3O?\xE0\xFDp\xAB\xF1\xF2~ß‚�\xF5|\x85yūסt\xDB�X at Wz�\xC2Te\xF6\xB4\xEEc�\xB4L\x84\xD9�\x9B\x93NQd�� d0)\xB8\x9CiC\xF8\xA2Z\x82\x8E&�:Ȧi-\xA9\x93kP\xFE\xC1+lƷ\xEAN.\xF73dW�ybI[\xCBu�\xF4i�\xCF\xD0Þ�\xB5:\xBFg2\xAEz\x96�/\xF7pe\xEE\xA2\xCA\xE0�Z�I\x92\xC5\xE2�K�\xABfE\x99훘9\xBD�\x9C\xB7�+(�m\xAFÖ¦\xD1\xFA�A\xD4D%W\xE3j\x89\xB2\x97\xFEt\xCE#g�g�y\xE7\x8F8\x87"\xC2\xDCW\xFCs\x95\x95�\xB7\xFDB\xE3KÙ'\x8E\xB2O\xFB,\x9DU�͉\xC9\xF73N\xF9�\xAE\xEE�\x91Úµ}\xB6\x81\xC3\xE48\xF4\xE5h\xE6�\xF8\x9CH\xAA\xB3\xB24 <\x8Fß¿8++\xAFV\xE8\xE2�\xB7\xA74u6b�`\xB4\x98\xFFR�7\xC3�Å·�)I\xE4�\xF7X?\xBC\xC9~\xF4\xC8[o\xFC\xBC\xB7\xE7\xFAg\x9A\xF6\xEC=�\xD3b.\x9A�\xAC�\xD9D\xD2\xFB\x8F\xCA\xC6g\xDA\xD8n\xE4\x97\xF2\xCE\xDA^\\xA7\x92=\xC9�\x9A�\x89\xBA\x94\xE3\x90Åžv\xF4\xD0s�\xE1�V[hNHM�W�0\xD6z�<\xFBPlp�Иؑ�\xA0\xF5\xE9yb�v_q\xF3Ô”\xADD\xECÉœ\xA8\xBA!a\x8FKf\xD4\xF4\x96}#\xF3d@\x87\x9F͈u\xFF\x8A\xAC}\xBE�\x9BQ�p5Iy\xEB\xF2*']�7\xF7B\xACi\xD8D\xE2\xDB\xE7\xA3\xE8ⵓ\xBA\x8B`u#\xB2\xEBd��^�\xB3\xDDrs�\x89ó…–�\xBB\x89A6�\xBE\xD73\xFBjM\xC7\xFC\xC7v\x9D8b\xEA<\xA7\x87ß™\x96<B\xD4b˪cq\x92=&s�Vcm)\xFC\xE4L\xDE\xF9\xD2�\x91p-_\xFFe.\xFC(�dÊ„\xD3=\x8Bz\xF7\xFD�\xB6. \xD1\xE6%�\x89\x8D��\xCA.\xA9w\xDE"}�H\xF0\xAD['4\xE0\xC1ZF\xE3\xF5f\xFB\xCB\�>5�\xCE@\xB6D.\xFB\x91a���\xDE\xD0}�\xCA\xCF\xDA1�\x91\xA9\xC0�\xFB\xE6'
-\xAD\x9Atü\x96\x9E/\xBF\x80\x97J\xCCx|D\xA6
-�\xB9\xB2\xF0 I\xC7ì›—n\x9A;¯\x99@\xF6\xC1\xFE�\xE3\xAF\xFA3�T&\x93\x8C\xBD-\xF2\xC6q�R�\\x9Ae\x9E\xD8$\xD0Þ*\xC0(\xB9+\x940�)\x8Du\x95VÕ”>\xD2={\xEE\xFCy\xCD\xEBê¾\x80\xA9\xA6�[\xFD\Jt�O�eD\xBF�zK9QB:!k(\xE9\xCBZ"Л\xA9\xD1\xF0\xD84\xFF�\xA7V Ò¹\xC82\\xFB\xBDE\x9F\xC9zt\xE3;\x85\xCC6n\xBA+\x8C\x8E\x9F\xB2Cf�E\xECc)\xAC\xEEO\xDBÕ†8h'|\xB1��\xBA�\x94\x8B\x85�\xF3\xEF\x96�\xEB\xD3��\xD1 \xDCD\xC8dM��O\xC5\xCF\xD8�'53\x9D\xD7\xC1�\xA7\xE1\x8CweN\xAA�\xCD\xC2\xFCw\xCD�\xB6\x88\xC9�\xBB�+\xC1]\xFD\x9B�\xF5hM.\x81I\xE2\xB5�yC]\xD3|/ÍŽ��\xBF\x8F\xF5Ī\xF7\xB9H\x97\x8B\xDD7\xD4eU\xFE\xB0&\xB3\xB9\xE6\x92+�\xB1\x95W|_���fØŸ�|�>\x84%\xFDH\xCE\xCC\xDA`����=6"\xE6�W\xAB\xF49#\xD1\�\xD3#3z-\\xF4�|%\xFE�\xA8�$\xB6Gc�^\xA4\x8BM�]\xF7\xB2\xB3\xD4\xFA�[��\xA2�_\xFDD\xD2\xFB \x90\xF1\xCD*\xF5,θ\xF0\xEA\xD8\xE3�\xFCe�\x95G\x83g\xB8\x8CMaÒ‚ \x86\xBB\xE9�\xBB\xCA\xFC�+M�[T\xCF�\xB5lm\xA7�2!\x9E7V\xA6\x8DÔˆ\xB7n
-\xE6\x91�\xB8�\x86pj7\x8CY\xF9?\xF2 $\x9A\x98\xEB\xD0�:{\x97�\xAD\xB6^\x98u^9L�\x84\x87DW,9%%�^\xF4�\xD1\xCB\xE5\x8D\xCCW0߲\xA6\xDCݙZ\xD2\xD7\xFD/\xF5{x\xFB\xC6>\xB2\xDE�\x94\xA0�\xE0/"\x8EDj\xFAmy1\xA7_\xEC>WP\xE3\xE2��\xD1\xE9Ʊ\x9C\xA0\x8B\x9B\x90\x8D
-z\x83\xBD\xCA%�%
-\xAFO`\xBFL5\x8F\x93\x83\xFB\x92\xAAV\x8D,��\xEE\xBD\xF8\xCA\xEE\xC3r\x87.\xF2��&\xCFw\xBC\xB4r�VǗƊw\x8EG\x83�\xB1\xC2*\xDCA5\x83\xF2\xEB�\x9AS�\xF9S\xD5i\x85\x9F*z~\xD6\xE5{�Or\xD9\xCE�\xE2\xBFz\xBB�\x97\xAD�\x92M\xAEd\xE6|P\xFB\x94�\xEE�"\x8B\xE3�\xFCi\xAEW\xF2\xE6\x88W\xFC\x9B�#\xD0'�\xF1\xEBg\xCFb\xEDb\x9C\xB4\xC9Q\xF9b\xB3 �.\xC3�\x85�\xF1k\x9B\xCCBd\xACil\xFC�\x96w_\xE3cŒ䵾,\xE3
-\x8E x\xCA?
-\xF5\xA0X\x9E\xC8ÅŸ8\xF1\xB7\xAC��u�\xA6\xC6\xE07\xE4W~\�A\xCCD\xCE\xF8Z\xC5~+\x8C;�\xC0cïš–&\xDBa}�\xCD=\x86Ϩ>\x99\xE8Ýš\xF1\xFCp{[<\xE2\x82Þºt\xA1\xFF�\xD2\xDDR\xD5\xF7j.9\xFF�4~s\xBC\x87\xDF\xE6\x8D�A\xAF4\xDDc\x93Å„\xEA!\xCFå¨\xDA 1.\*$\xFE\xB2�R^ר\xEA\xC7"Y\xFE\x88\xA7Ò¾_\x9D<Z`%\x90\xED \xA4|\x90r(\xD2�\xDAp\xC0\xAD5\xA7@\xEA�D\x9E\xE6\xD4\xE0\xA2\xE0E=$\x83a�\x94\x93_�\x9C�kd�\x9E\xF7[\xA7 -'�\xE1X\x92\xC0\xF6 \xC7n\xAEu>�\xE5\xD9N��\xED:\x93\x8B$#\xB6Ú�(\xE4EL��u\xDE\xF3\xA7>\xFBJ\x9F\xEE\xD3[\xF83O\xA3Ø\xAC\xBA(*D\xD0\xD3\xFFG\xF3\xC3�\xD6\xEF?\xFA�:"\xD2}3(̽\xB9\x8B\xC91\xEF\xDB�%\xC8���\xBC4_IYdӽܙbMWo\xBF\xCB\xEDqF2\xA0\xF10Ar\xE2[Gµw��\x8B\x9B%\xB8Rz),Å¡\xF1\xF9h\xD8p*\xF7\xA2\xA8�s~\xAF;?\xA0\xD9\xEF\xA3XÜ‹\xDE%\x8Bu\x8E�9g\xA7\xD0�\xE0\xC6%I\xB5|m Ĭ4C\xA3~@x#Wi\x8B\xA8\xA3\xFB(\xEE%\xAB\xCE�\x89\xAB\xF8�D⮌\xBA\xE9QÓŒ�\xD3\xE3�\xD3K\xA2\x93\xE2��\xC79\xAFw\x8DÒ’\xE6\xC30\xAA=SWF\xA6\x9B\xC9\xFCKEx_�\xF2pW/\x9Cб\xF8\xF8sw��\x8B\xA9^R�a\\xADd\xC0}0\x99�\x92\xF4\xEF\x9E\xCF\xEEM\x8D[\x9A Gq7\xF1\x92n\xE2�\xE6��TS�\xE4ÿ�\xB9O\xCDd(5j\xB5T\xABn�\xA5�\xCF�\x9C\x91�\xEA�[::\x9D+MN\x8B\xE0\xB1i�R�*<�\xA8\xCA\xEB�Ö¦z\xA8\xC7�E\xEB"\x8BQ\xDF"A\xFD�YBÐ¥u-\xE8d_\xB5lp|R]\\xF14�L\x94\xC2]\xF2f\xA3\xFD\xB9V\xF7\xB8\xC2S\xE6\x85Q�\xA2\xF5\xD6
-XV\xA9g\x92�\xF2\xF0\xBC6A\xB8\xBE\x9F\xE3J\x80\xB8\xE9\xC9\xDD\xDDˇQ\xB1R\xB99z\x97\x81�ٺ\xBA\xC5.[�伅�2\x83�Bq\x88\xC8�6�\xBFF]\x8F\xFA�?~\xA9\xBDI\x81\xA6����_\xFBv\xB5&\xFBI^}F\xDDQt\xAD\xEB\xB0 \x8Dy\xC7m\xE3\xFE!\xEC\xED\xE4\x9Bm�\x9B\x80\xC5�\xED\xD7_L�N\x9B\xEDm5\xBFੴ\xB9\x9F\xED\xF6)\xB0\x87PX\xF4�\x8EUt\x8Fuc�ь\x87L\!
xB4\xA9)b9\xFF\x82}R\xA7\ɨu\xEA/\xC9\xD6{\x{179EB1}\xED\xAA4\xD3У�\xEF�\xEAC\xDAt�\x9E\xEA�\x96\xD0�\x8C\x92sJ�1\x9Fkd\xF5\x97\x9B\xE8
-`2\xFD
-\xAFd\xE0 \xC7\xC5^v\xC8Ø—o�ROq\x9D]{\xBDî·«\x9BB?b\xB3R\x9D�q\xAA+e\xBC}R\xDC�)\xAA\xFCqQ\xFB\xC1_X\xF9\xBEH\x9E\xBE;"\x9F\xC4\xC0\xEFÖ•\x9EyS]\xB3\x9B\xDA^\xF7\xE9\xF1���\xAD\x87\xEBU \x82�\x8C�\xDA"\xFF\xA6\xE2�*\xE0\xA9;}\x81Å–h6\x9D\xB6\xC8\xCF\xC9P\xF2\xFB\xE5\xA3\xD0�\xB9Vi\xE8\x97a�GR3E\xEF\xF9�<=\x85>\xBF\xE7�\xA61�\xE2s:\x9F\xF6�j'\x92\xB1{VR}NP\xFD�7\xE3T\xB73\xFFzÏr�\xE3\xA4"\xAFj�k\xC5� \xB2l\xB4\xCD\xCAL�>\xC6�\x8D\xEE\xC1m\xBA6x8�\x{A2C98D}\xF1\xD4Ô©\x82\xEE�4C\x97W\xED\xE4�E;{LHPd��t"\xBDE?_\x9D\xFD%\c�Cc�\xC0\xD89\xB3A9\xD7T,T\x8A\xEAC\xF6\xEEr\xFBT�\\xE9,�\xBE!d\xCEHb$)\xE5\x9EMh �G\xC8�P\x8D\xA9\x9Ef\xF5\xAA�\x9B\x9F(\x9E\xE3\xED\xA9'}5o\xF9�\xD7�y\xB9\x95\xC6k\xC7̹-+E�\xE1\xC1\\xC4\xEDV) !\xA6�d^\xFA^\xFCy\x8Dd\x95\xFC'<�\xC1n9J\xC30\x8DW \x92x\xB5\x80\xA5\xA9\xA6\xC1wJ\xEC@;U��V\xB9OqH\xDE,^\xC4�\xF3\xC3o9\x82_\x8E\x8BL\xCA\xC5wj\xEC�\xCFiq\x9C\x8A]\x8E\xD6%j\xD8\xD3\xEE\x9D‚\xD3\xCB�\xAE\xCBS#\xF2]5\x9C�A.�͇\xA7\xC9S\x8D\xCAkC|O\xC7:\x9C0J{k\xFB6h\xFD\xDDU\x8B&f\xFCT\xB9m\xBBl5\xE8\xA1�\xA6\xC4!0B�+\xBC\xD64z�\x82\xA0N\xA6v\x87\x95\xD4\xE2\xADA?]
-Ã¥$\x8B7r\x93
-\xCF\xF0��5\x9A\x95\x8E]�\xBF\xD1�\xA9\xA8b\xAB �\xF4a�&\xBED\x9EdNbh
-k=n�\xB2/\x8A[\x96x\xE0\x95\xBA\xB1\xFF\xAD\x86g\x95�\xB6�rIA�0ȧ\xA0�\x8D\xEC\xAD\xFBdt-q\x88\xFA\x93_=\xAB-\x82\xC3<&�̌�X_{�\xE9\xFE\xE0\xE7\xEF7\xC2?L\x84 \x98]*P\x991�4�\xE5Mwp\x85�2f
-#�s\xFB�TÌz8G\x8C$/\xFC\xD4\xEET\xD9\xC4Z\x94-\xBEU\xA3N\xBB�\xB3]\xA4\x97
-\x9F\xAF�\xFEe\xF5Ü·\xB1\xA3Ò’\xE2d\x86\xB9\x9AI\x88JG\xB7\xE3�_-\xC1\xE7\xEEO\xD2Xx\xA5\xD4~M\xCF\xE3n\xAE\xAAe}\xFB\xD0�\xF7\xADO�\xE5\xF6\x83o�\x99}\xD9(<B\xFD\xFD\xB9\xC8\xDEW�\xEC\xD5��\xA8*�,r<E\xB7'\x85\xA4cHr\xCE{\xF7\xE6\x88\xF9\x8Cf\xF4�;\x90y\x9A~�\xF8\x86\xA144*x\xEFGY\xD8�\x90ci\xB3�I�G \x8Cq\xB6>\xEF\xF3k\xAF�yC\x87�\xDE�\xB4\xA1 \xD2\xC7y>\x8E�\xE2\xF7\xF34h[\xB9�\xF0\xEA~Ũd\xA4NA2�pKÆ¿xc62�\xC2�\x94/\xDF;\x8E4'\xC7�U\xEB'\xAF\xAAÛ¹� \xB8] ��}�\x98>\xDE\xC1\xDA\xD9+\x85\xA7<q\xBE3\xEE\xC3�ix4\xD6\xEC\x91�\xBEt\xFAu�\xEB3Y\x88M\xCEÛª\xF5\xF0\xE3�\xB9\xB5\xAFE\xFB;@\xDD\xD5\\xB5�\x9D\x8D�N�a^\xE4/jS�Û©\x95\xD9G\x94�\x9F\xFDV\xB8\xA5�\x8D\xEA\xB9�\xF6m\xFCI4\xB5Q\xF5\xDBo�'�\xAE'Kĺz K\x97\xDE^4�\xD2\xE5Ú\x92��7\x93\xF6Ë·=l\x96'\xA5Er\xD05\x90A��\xC69=\x82�^Ñ‹C\xB1\xE1�\xEDC�\xBBsIJ\x8B\x8C\xB6n\xE5�$\x83\xB1\xFEL\xC9+R\x8F:e\xAA\xC7\xF1\xA7\xD9\xC4Ù›\x8C\x84GC\x89Y\xE5�\xA1Rd\xC3\xC9O\xE6\xFA\xF0\xFA~\x91P\xB2\xE5*F:}\xE0\xF9\xF8\xAD\xF6\\x98\x90\x83a�\xEDK\x94\xAA\xDE\xCD�\xE4
-�\xF2\x9C\xF6\xE0�Lk\xC0�Re\xEFV�`\xD2j\xD9<\x86\x87\xD1�\xE0V\xEA`\xAA\xBE$\xCA![\xCB\xC7\xC8(w\xF6\\xE4�\xAE[�
-
-\xEF\xAB\xFA\x99\xCD\xE1^-c\x84L\x93n4b6e\xEF%\xAE70?\xBFs\xBA\x90J\xC3y\x94�\xF0\x8B\x8E�\xD2S\xBA\xB8\x84,C[H\xB1\xF5h�\xB9\x99\x89m"\xADu\xF9\xB0- \xFB\xAFy\x9F��\x94`ꢛ�\xB1\xA7�\x9CF��\xC8\�j\x9A\x9DjU�\x95e\xAB\x{17A7D5}\xD5�4K\xA4^?͸\x89]\xBC�\x8B\xDB>\x92q]�\xE5\xF0\x95P+�\xBE\xFE\xC1\x90\xECH\xB0\xE3\xD4\xD9&\xF9kg\xF0\xF2c\xFC\x88\xA8\xEE\x93\xF7\xD92y/%\x8F\xACzO�\xF1�\x9Dן�ß‹\x8D\xB5\xF89\xCA\x{DE2B}sW\xB30PEI\xC6\xFE��\x9FS\xD0\xE3�\xAD�\xFD\xBC.\xEE�\x87\xAF#2)\x8A`\xFD�\xE4JC1\xB7Rs\xB3\xD3\xF3A\xAE\xA8|Ù˜Ù›\xCD� /\xBB\xB7Ol�\xE9\x96k\xCF<\xFF\xD5;\xC8\xFE"\xC9x\x92�Ò\xB5\x99P\xB5\xDC\xFA\xDEY\x91\xF6SÖµ\xA2Ob\xDE\xEA\xA9\xF6\xE3ÝŒ\xFA\x8A\x9By�Zg\xC4g\xEB�\xD5d\xCEm~RS\xE8�\x96\xFA\xFB\x9C\xF7iV󘇧\xB6K\xC9\xCE\xFB\xCF\xDD:\xE2e7\xA8Ii-\x84\xBE�&\xE7
-\x92[\x95\x8F\x83\x98\xB2R(\xE4\x866\xF5z\xDBã¡…\xB3|+\x84#E\x81\xF8#d\xED��\xE5w\xF0�I�x\xB3l\xD8lt)i<U\xFD�\xFC W\xAFv�\xC1\xD1r\xBD\xA749\xC5�\x9F\xEB\xD9;\xE4\xE6\xB1b�<\xA9|\xE3.\x9FR\xCC�\x8E\x90\xBB\x81\xE7c#\xA7<\xE3�/@a��FÉŽD\xC1)\xE6K\xF9\xBF\xF8\xBC�0\xA6\xF1\x8DbJg\xF0\x87\xA8;\x82\xE8YD�\x87~\xE6tv\xF6sP\xD9��\xA6CÙ¶YA\xEA�\xEA\xB1KC�.a\x84~a\x86�\xF7\xF1\x82"�\xB0V,>�}\xAD\x96CF\xEC\x99�6\xFE8\xE3\xEB\xC1\xF6 at FMD3\xB9\xA6\xCE ]w\xFA0\xFD\xA5qEf��D<\xF4\xD7�)7\xDDv×½d�^\xA2\xD1�|�Zf\xA3\xCE\xF9OZ\xAA\x92dL\xAD�\x9CÖŽ*�\x85�\xFD[�d\xC4M�\xB4ÒžW\xB0\xDBΡ�\x8Aq-�\xDF\xCA\xC8\xED��l%\xB0�\x9FB8Ì\x87\xBB\x84\xB1\xE0\xDF|\xAE\xF2\xCEZ23lC��\xF7d+ae\xE1\x8EѨg �\xA6y[\xEDؽ4\x86\x8E!R~"�\xFD\xC7\xF8��\x9A\xEF\x9EQ\xA7A?\xEC \xC8\xDB\xCC,\xDEÏ¿\xF6\xA8vv\x85�\xB2jm\xEF\xFC,f}\x97\xCE\xF5\xE2�\xD66�\xC6[\xE9\x93'\xEES\xAD\xA6\xCAN\xE4\xB5�\xED"\xF2\xDDy\xEA\xA0a\\xAB_\xA3\x95\xF0�kl\xAE��$\xCA\xEA\x8A`VK�\xEF\xECŹX\x85 \x8B\x9BZ\xD1\xDF\xC6\xF7\x9F\xF2\x98\x9A�\x91\xBC\xAAN\xA3@¤\xEBv\xF9g\xB3;e\x95(\x89Æ\x98\xAB\xA3�\xD6�\xF2C~ë«£��2y\xFDIQ\x88\xE7\xD0q�Ë‚X4y[\xBE\xF0s�)\xEB\x97�A\xB5w+d�::\xB3\x9E\xAE\xD5\xD66w\xAC!\xB4\x96\xDD"Y0\x8C�\xBE�\x94It\xDDA\xEC\xF3\xBB\xDCTÊ®I\xA9dc\xF4[\xDC\xDF^}\xC1\xAD\x8F\xA7\x8C{/n\xF2�\xA!
F\xB6\xAD\xF8L\x9A\xAE0\xE2H\xEB�\xFB\x9A\x81(]bJj\xB1\xB1\xE2\xC8 7�\xDF\xFF\xAEÞ£
-#�\x9E\xF3�\xD2�2\xA9ZØ’È„
-Je\x97\xE9\xDA\xD6da\xE3+\x{1A36EC2}\x94C\x8D#i\xA2\xB0\x89̲\jk\xB6G\xA7 >S-\xCB~\xE9\xDEE\xA6\xFE\x8E\xC1\xFB\x88\xED\xA2>1\xAEnw\xA6\x89]\xD0�\x93t8\x81\xC1\xDB3\xB9\xAD\xC5{\xCDoO\xBD{vy2db
-�]\xC1v\xFE\xF5іU\x86\x8FC\xADEg�w87{FZh\xBEeԔ��\xBC8z�ө\x9E;[\x8DaÉo\x8E�\xB5$O\x9B\xB0M\x8EG�b\x97\xA7\xA9\xBC.\xE3x\xFF\xA9ӷ0[\xEAUD\xE6X\xF1QŚ�\xB9ݒ71�~8dD\x8E"h�\xF1Sn\xE4j\xFB$ye8RvA\xF4Wz+\xD9\xF6V'\xF3\xF34\xACWj\xD9\xDD\xE6�\xF3\xF0\xC3 \x92\xD6\xE82�\xA2=\xF9�"\xDF\xCF\xFD\xC3Ó�\x96�\xEB3\xD3ʉ5\xAE\x88 at n\x90\xA3\xF0\xB4\x99
-\xDE8\xDC(\xFFR&�H AԜ\x9CG\xFB\xAE\x97�\x94!\xF6W\xC3$\xAB\x96\xBA\xCB\xEF�\x92�\xFA��\xE8�R�\x8Bk?�~/\xB7\xB9hj8(\xB86U\xA5\xED\x9B�u\xFE<z\x96\xAC"5K\xB6;\xE1E\xB4i�\x8F\x86\x9D\xA5\xB7[\xC4\xF6b\xD9�\x91Ao\xB4Gc\xF8\xE3\xFD\xD6:\xEA
-\xE66\x9D�\xB7�S\x8EcE\xACK\xA7�Fhra\x8A\xD1\xE7 \xF0\xC8cO\x8D\xEF\xC64\xD7�\xBD*\xA6\x96\xF6Z\xB3ޕ\xA7\x80\xA3bG\xA3\xFB\x8Cl�\xBB�\xBE\x82V\xA3\xA7.c\xBB\xA3\xE9\xEC\xCF\xD2R�\xC5�\x92\xD0G\x92w\x97c8\xA4)\xF7�\x9AyQ\x8C�\xC7E �+\x82D\xE3\x9DB\xC5R\x916\xA6�\xFA\xABڧ\xE5\xBFt\xBA\xB7\xEA\x{DEAF}\x8AnB34\xA5�\xE5W.~ӡ�`\xE1\xDC\xFB�\x8A\xA7�\xF9\xB4s\\x80)j\xA2\x99O%\x9B\xA4G\xE8\xF5\xAC\xF2\xE6\xABՀ\x9D\xEA�\x83\x91\x92\xC9*\xEABy\xA0\xA5\xE0n"#�5\xF81_מ\xF4\xB9\xE5\xC5W\xA7�\xBE\xDE\xEEȶ
-��\xFD\xC4×€\xCBF�NN)K�(4�\x86\xEF}i|]p\x88\x9D\x8B\xBB\xC0v\xFB�\xE8\x9A\xCF\xFB\xF1\xBC\xF6\xAE\x89\xD9zK\xF4\xE7p\xE5f\x82\xC3��,s�Qm1\xF9�\xDC\xFE\xAE:\xB1�_\xC1rR\xD4\xFA\xFC\x96\xE2\xB9\xE2%�D�K� \x86\x90�ÉŽ�5\x8A\xC4\xE0�1\xF5\xFB.\x94\xF2g\x81\xB4[\xBA\x9C\x8F|\x85%c�$\x8E\xB0Þ•�\xE7Ê\xF2N\xF9\xFFh\xE9x<С\xB443\xBE\x96\xB4\xC09P\xAEE\xD3�@\xBE\xC6
-\x9B\xD86\xD3\xE6xEО\xC9�r\xB0%\xAF\x90\xBC�e\xE6\xEF$5\xAC\xFB�O,\xA4'\xBF}\xA6~\xF6UNd\xA3�\xBBK\x91�\xF9w\xA0Z\x81\xABL\x84-=\xB1L\xD7jm\x9A\x89I
-\x95\xFE{&ZUGN�\xCBW=\x92\\xC5�AB�\xF0=\x9F\xAA\xB4\xA7\xD9\xFE\xA2T\xD9�u\xF3{J:\xD3�\xE2�w�\xC0W`\x9A�N:\xC09\xAA\xB2\xFC\xCD���\xA5�\xB4\xDCD\xDCKǨg\x9D\xDAß¼iZ\x94\xB5,\xDC\xD9\xDE&�\xACEˆ9z\x888\xE04\xB9�h\xE0Y\x9C�\xE1\xFC\xEA\xE7)@�\xD2)\x89�v\x92\xF9\x87\xE2V�\xA9\xFB\xE8J\x8E\xB06\xA8f\x92\x9Fs\xEA3\x8D\xCA\xE5OL\xABG\xB2\xADA\x8Dǘå´\x8Fc\x82'X�\xEC\xAFRÛ’\xBC�H\xE8 \xCEp-\x8C\x89F\x97\xCD2DzR,\x8B�\x95$�\xF9=\x94\x94zʼn/^_\xF5\xAB{]\x88\xED\x85Q\xBC\xBE\xB5q\xDF\xF1q+\xEAY\xEB
-ˤ\xE6ړ"n{\x8F\x8A\xA34\xC1za\xAB\x9D\xF0\xF2\xE7_\xECk\x9B̕n�\x92\xE4Nτ\xBD~*{\x91�hN\xF2�\xBB�+\x92f6a\xEF\xD7Uտ\xCD \xB1nS\xDAٿ\xF1�\xDDS\xE5\xB7)�J4\xA6\xA3\xF8B\xF7\xE3���\xBB\x92\\x89:\x89\xD4$?׮�\xDF�\x88\xE8>}A\�\\x86
-�P\xF17%\xD8.\xAF\xD7\xA9iP\xA46\xEC\x9D?a}O\x80Y2\xDB|\x81\xF6JD�\xB0\x94\xE8\xE8\xF5|\xE2 mJ\xD8J2;���j 3\xA7�{\x8F\xE9ҮR\xB9Nc8�Ʉ;�'^\xC1�p\x97\xC1b3�Qg
-\xB3�\xC6~LV\xF5\x97�9S\xE0!\xF5\xA7\x8Bn\xB8\xF8\x8A�\xAEw\xC1T�}\xE6J\xF1=Mo\xC1Ó¶n\xC9\xF9\xD9\xF4`\x87\xB6\xFBZ\xB8\x9B\xEF\xEF\xF3NG�\xE3(\x8C>\xF1R\xCE\xF8\xA6a
-\xF41#7\xD8q$[d\xA4\xDF\xD6?"\xAF=\xA2�/$iNx�\xBCaLڬ�s\xAFR\x92a't�\xBC\xC99\xF53\xA3e�oUf\xD6d\xBFb\xA8 \xFC\xE1\xC3=\x91\xA9\xBAt\x99\x97Sz[8\x9Ef\xA3^\xAE ��\xE0>\xC7+\xFC\xAD\x98ս\xC6\xF68M�9\xAEԦ
-�)_\xF2\xA5�\xAFtIY\xBA�\xB2\x9FzIܤ\x8E\xBE�\xD9\xEFT3\x8A \xBC0\xFD`\x94E\xC6̥\x83E\x86?\xC5Gkq\xC0&\x8Di\xEF��\xFA)\xF3\xCD4\xFAHP\xB4�M\xC6�\xCB~1QT\xD3K}D\x95�\xF2n�\x95+sy\x94\x91.+In�ʹ�\xE9,\xD9JEA"\x89`\xD8\xD0\xE1j##\xAB\xF4\xDCJ\x9B\xE0\xF9\xE8\x87ꕙl\xFC\xED&\xBF\xB7\x87Q
-Þ…\xABF{\x8DRl\x88Bí…Ôˆ\x9A(h\x9C\xFF\xDA�\xDE\xD9i\xF3�_\xBD�Ò‡\xF0
-\x86\xDEY\x98\xA6\xF8c@\xB7\x8B�\xAD\x8E/�_U\x91D\x9A\xA7\xF8\xFB\x86\xCCe\x89X\xA7\xA3\xEAm\xEC+��\xBB\xEA��<\xA3\xCCǣ&�g=\xF2\xBE\xCEt=\xED�\xAD\xF3\x9E\xD7H�\xAD\xA7\x95$:ͯ\xDF�\xE5\xB5\xC0\xFB\x80\xF7\xA6�5\x86\xF53pi\x80\xB5�/).\xA6\xB9\xA3D�\xD9T
-\x85\x99\xF1\xDE�zo\xE5\xCA\xFB\xC70D6�U\xD0g\xB7k\xCB'\xA1;\x9Duf"\xFBA\xAFp\x8C\xC4A@\)\xB7\M2ÑŠ\xD7\xE2i\xF9\x9D\xA9i:2Wf\x8F ?\xBD��\x8D\xA6It)�\xAB�\xBA\xBEz\xED\x95�\xCC�C�\xBF\xBE\xDA{ؾ\x8B\xD9vm\xCD-*\x9D\xF0\xDA�\xBEb\xC9(�t,�\xF5Ym\xE7n\x8A�\x91p\xF9s�\xAA;\xC8Y\xE4E\xB2\xDB_(z\xA0\xF2d\xA0b\xF6\x87\xE9"qy\xBC's\xF7\\x83\xE1\x84\xF2\x8B\xE7$,\x81*1\x8C\xAF?�Y\xFE\xA8�T\x9D\xFCT/\xAEz\x9A\x9B\xF1\xE3*�\xDCZ\x93\xC6�Yxȱ\x86yÆ U\xB0p�\xEA\xFEZ\xCC\xCBLO\xE6\xC8Rć\xEF\xDB�\xD1<C\x97)=\xDF&Y4p\xCF\xDB\xF1~\xD8\xF9\xB3�\x88�\x92\xA9\xFF\xF3\xE2\xA7\xE0\xF5gp!\xFC\xAD\x88\xBCqÓšrO�\xC58\x94'n\xF1A\xA6\x80\x91\xC8�\xEF\x97q\xECU\x95}\xFE\xD4W\xF8�\xAC�N\xF3\x947\xB6\xEB\xE9\xB9- �&\x93Y2\xDA�\xFC\xFFˇ\xE0\xFF�\xFC?�`�\x87\x82\x91h\x84=�iG\xF0 y\xEA)\xDBendstream
-endobj
-1364 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 36
-/LastChar 121
-/Widths 2743 0 R
-/BaseFont /IJNFNJ+NimbusSanL-Bold
-/FontDescriptor 1362 0 R
->> endobj
-1362 0 obj <<
-/Ascent 722
-/CapHeight 722
-/Descent -217
-/FontName /IJNFNJ+NimbusSanL-Bold
-/ItalicAngle 0
-/StemV 141
-/XHeight 532
-/FontBBox [-173 -307 1003 949]
-/Flags 4
-/CharSet (/dollar/hyphen/semicolon/C/D/E/F/G/I/L/N/O/R/T/U/Y/a/c/d/e/f/g/h/i/l/m/n/o/p/q/r/s/t/u/w/y)
-/FontFile 1363 0 R
->> endobj
-2743 0 obj
-[556 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 722 722 667 611 778 0 278 0 0 611 0 722 778 0 0 722 0 611 722 0 0 0 667 0 0 0 0 0 0 0 556 0 556 611 556 333 611 611 278 0 0 278 889 611 611 611 611 389 556 333 611 0 778 0 556 ]
-endobj
-1360 0 obj <<
-/Length1 1166
-/Length2 8911
-/Length3 544
-/Length 9724
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDzU\\k\xF6%��\x82\xBB�\xEEnA\x82\xBB\xBB;�PH�\xEE\xAE!x 8��\xEE\xEE\xEE\xEE\xEE\xC1\x83�<$ý\xFD\xBF\xDDӷ{\x9E\xE6m~S\xF5p\xBEo\xAD}\xD6\xDE{}\xFB\x9Cz)�
-U
-�1K\x889P��ve\xE1`e� (\x83�\xCC\xDD\4\xCC\xC0\x8A,\xEA at k7\xC0+\xC8c\x86LC\xA3 r\xB5�\xFE�\xFDJH8�\xCD\A�\xB0\xA4\x99\xEB+\xAFi\xE3�P2s�p\xB2�8\xD8�\xD8\xDF \xF0p\xBC\xAEٹ\xFE
-\x848� T\x9DA��o\x80*\xD0�\xE8l��\xBFR\x92��7� \xD8U\xC3\xCD\xD1\xD1��\xB4T�\xBA@ܜ-\x80.� \xAB\xD7\xCA\xFE3+@�\xE2\xE8\xE5�\xB2\xB6q�\xD0k\xA9\xEB0011\xFF�\xE1\xE0\xE7\xE7�\x98{\xFD\xC5 $\x81. k0\x80\xF6u\xE1�\xB4\x878\xFE\x91\xE9UB���:\xBF�m\xF9G\xAC\xAA\x95\x99\x94%\xC8\xF5\x8Fv�\xF46\xAE\xAE\x8E�ll\x8EVf\xC0W\x8C\xD5Ŋ��tecx-T
-l)�q\xF8C\xC0�\xF9�\xCF$A\xCE@\x8Bצ\xBC\xD8\xFE\xEE\x9B��\xE2�\xF6\xF9�\xD8
-�\xB6\xFC\xB3%K7G6-0\xC8\xC9
-('\xF9?\xC1\xAF�\xF2\xBF0k\xA0+\x80\x87\x9D\x93\x9D\x9F\x9D� t� =-l\xD8\xFEH\xA9\xE9\xE5�\xFC\x93\xE4\xF8�6�[\xFA\xF98B��Vf\xF6.@?\x90�\xF0\xF5\x82\xEC\xE3b\xE6��\xB8:\xBB�\xFD|\xFEw\xE2\xDFw\xC8�� K\x90\x85+\xC0�h\xFDz�\xFFR\x85\x81V\xFF\xD8+\x99\xB9:\x83<��\xEC\xAC\xEC\xEC� \xF6?\xBE\xFF\�\xBD�\xA8%�l\xEF\xF5\xAFpe3� \x80M_[MBL\x9A\xE9\xEF\xBD\xFF3J\�\xF2*\xC9\xC2\xC1\xC7
-`\xE1|\xC7\xF3:)\xAF\x8A\xFC<\W\xFC\xA7�\xF9\xF0'\xAAj�\xFA\x9F:\xD9\xFF%)�\xB6\x82 \xF8\xFF\xD1Ϋ\x8F\xB5\xE4�tvy\x9DM \xFD\x9Fc\xCC \xF8w}e\x88+\xC8��\xA0\xFF\xD7\xE8�\xB2\xF3\xB0\xBFN\xCD\xEB\x85㿎Կ\xF1\xFFu\xB0\xFE\x9EC\xDA\xCD\xDE\xFEOW\xE8\xFFa�\xE0\xD5��\x80"\xE0�G\xEC͜\xFF#\xDC\xCC�d\xEF\xF5_n\xF8{\xA0�\xF0�\xD3\xFFБs5\xB3�Y\x88\x81\xAD\xED\xFFi�\xC8E�\xE4 \xB4T�\xB9Z\xD8\xFCc\\xFEr\xD9\xF2\xCF\xE7�\xA8
-q�\xFD\xF1$�X8x8\xFE\xC6iڀ,\xEC\xC0@�\x97׳\xF8\x93�\x82-\xFF\x96R
-l�\xB1�\x81\xAD��\xAE\xAFSi\xE6l\xF9O\xE0�\xDA\xC2\xCD\xD9\xF9՞?�\xE8\xF5޿\xF6V\xA0\xD7�\x81 at O\xA0�\xF2\xCA"\xC4B0Զ6\xB4\xFD\xA1Z\x8C؃e\x92\xAB\x8FW\xEB\xEE\xB7�97r\x8C=\xF47V\x98^e�\xBB�b\xEE\xDC\xDBw\x9F\xB3$U\xC7l\x84+
-`\x95`\xA1\xC3㉥b\xF8<\xEC\xF8\xC5;X�\xB0\xB0ð`d#\x89NY넔�P/�駯\xD8\xFB\x88�\xA2 R\xBE�Kx
-\xCA^P\x94\xDD\xE9\xD1�KL`i\x84Cp�H�\xF4�\x8F\x9CT\xE0\x89\xC9\xCA\xF2+\x90T\x8E��\xF8\xF1\x9E\x82\xCFUd\xED\xFD\xD5�\xE0\xE7G:%\xD9m\x83#RP\xE4\xBB�g�\xE9\xE4\xF5Q�O\xEF\xB1+:\xB0L��\xFB\xC5\xD1x�\xE6\xC3e\x90]k/͉\xF5J\xF8�:'\xBA8\x9FlJ۬\x9E\xAAG�\xF3y乌�ט�\xF2�Q\x8DK6\x87
-\xD1+\xEDLv\xFE\x98\xF0\x89�\xC516(\xCE\xF1kX\x84\xC9ßš\x86+\x85\xA8p\x9C��\xBA\x96�QÄ´\xD4�\xDF^\xEE)R\xEA\xD4[W,,\xA8Þ‘\xF5É»\xE3p%n\xD7)iuGY\xD6Çš\x90Ï€\xF1Z\xACÕˆv4\xB9\x9B\xEE\xB5:\xAEu\xC4�\xBE\xF5\xAD\xABG\x81�Z\xFD\xD6:\x84<=\x9F@�\x87\xAA\x98yÝ—l:�G\x90B\xCE�\xDAOAs\xBD\xC0:r\xC1��Uuiw\x99\xAA\x9D\xA8,w\x91ʽV\xE7\xB1\xCCwZ6\xE7�]\xBA\x9A\xBD\x9EW\xDF\xC6e�͹\x8F\x84縤h\xA3\xF6Ù8�\xE2\xD8YW\xD1tÔ¸c}\xFC5\xE6?\xB05&Jt\x94�\xF9\xCB\xDE��\xA8\x97O\xC9\xCB\xDB\xF2\x81\xC1H\xCC�\xEEZ\x82pr_\x91�\O\x9Cű\x844\x9Aß²~\xF2I\xDDb\xE2í‡y"\xFB�\xCA\x93\xAC4\xF2\x90\x8EZ\xA6\xBF;\x82\xC0\x9Edz\x99R�Ñ�t[��^c�\xED\xC6=\xF0\xE0\xE6\xF7\x9F\x91\xF8\xDCÏ•\xE4
-�=X}\xA7^\xCD\xF3\xE2\xD3\xCC:\xCB;}\xDF�%[\xB5,\xA0\xFD\xC9Л>\xB5\xDEܱ^4AX�\xE7%�\xE4#\xACwÛ±\x90W:e\xC5N\xE3\xA5S\xB6S\xC8�\x93\x8FH�f\xF7ÖϦ\x8AKuP�\xB7}.\xF3F!\xD6�\xA7\x95"k\xAF\x93/�\xE5g\xF6\xAB\xC9Ф�\xC1
-\xA0\xEA�2�\xB3Õ°"\xDD \xDDk\xC7\xC3\xF1J�
-\xAC\xB0P\xD9\xDCHy\x90CO\xCDb\xF1\xB6\xAA\xDF+\xF3N)$\xD1d\xAE\xE5]\x90\x9AU$浈\x97D\xDA!�΢\xEA퉆\x91\xB4dG�G\xFC4\xC9�\xF8p\xABlУ\xB3Ld\xD2\xEE�J����\xD2-\xB9���\xA2T�\xD3�ޜl-t=\xAA\xB2\xC3l�̚2iΊ\xDA\xDE\xDD\xFF\xE5O\xF3\xE1QDWX\x99
-\xBC \xE5�\xDF�Sͦ\xB6\xA0\xF0�\xE5\xABx\xC2AÄ\xA2<\xC4Q\x93I\xD4/\x82\x9F\xC5e8XW\x854X\xDEO\xBC\x8Ci\xFF\xDE�\xE4]\xF3\xD3\xCC�\x87�\xF4+\xF6`dsa\xC4Ý´6\xE2\xC4\xEA\x8D�\xD2\xFA6\x8Dk\xEB\xE1s\x8B\x83\xC9ض\xC7\xC78\x96\xB2�"\x8B\xBD�\xF66~r_\xA2\xBE;c\xE7\x98O\xFC$\xB5yt�\xE9g\xFF\xAC\x9E\xF1\xE9\xBC\xF4\x88\xF8y!�\xE6\x93_;\xE6dx\x96V�\xAA\xFF`\xA9\xABm%s\xDD8K\xE7�\xEF\x88&\xEA\xEEvp�\xA7 \xEF\x9Df\xE6ZJ\xDB\xE3\xE5\xAAxfÉ°E#\x83�b\x98&Zaz\xE9�{_\xBC\xDAH☦τ\xCE{K\xD9u\xA4\xAE\x80\xEB\x99�IJS\xC6\xCA=x4�ÆŽ:�\xE4A\xBA\xFDá£�,\xF1\x8Bi\xC301bT2l�$qm\xAEJ\xFE\xEF�i\xCF`\x97\xD5\xFC@;\xE5\xB3v{�"\x95�X\x94IAÖ¼\xC1~ر*\x8AexAT\xF6x\x9A\xDBX�'�\x88�\xE8.m;\x9D\x84E��\x85�\xDBC\xB7\xF9\xA6_�\xEB\xD4m\xC6\xE3\xB1�ݤV�\xBE\xA8\xD1]V$\xCB�:\�\xEE\xF8Cت2\x99G\x83\xBB1�\xAD\x96\xA0dT�4\x81\xFBp+p\x8F\x98\xAEs,J\xDE\xC6G\x8BL\xFA\x{D893}\xA8.Ó¸\xA5-\xAF\xA1\x86\x8D\x937\xC3}\x8B?�\xF1\xFD\x88\xB2K*\xDE at P\xBF�5\xF0\xE4\xB1\xDD\xE7r
-tW\xEF\xCB�\xDFSzy\xD7S\xECX\x85\xBB�|\xDB�;PR\xE0F\xE1/x\x98\xECb\xFA\xF0YM\xA4+#d!&�\xBB\xC0\xB8&\xE6*I\xCB�\x81\xB6 \x91U\x91\xEBQ2\xDBa\xF1\xE1\xCB5\x90Z#Л\xDE\xF6WLAj\xD4Ù¯\xE9>\x9D�\x8F@\x93"\x98\xBBp\xF5\x82\xD6\xE3;$8\xBF\x86\xB2�NX\xE6\xDCG\xB0��\xECVFP\xFC\xE3ï§3\x8B!ao|n\x9B\xF4\xD8\\x96`\xC49�Ù©\xA6Y"]\xB0\xDD1�I`\xA1\xD8Q\xB2\xAF\xF49�WfD�$\xEB%�bJ�=�\xD3BM\xB7\x96Е\xF5\x84|}GC\xB6;%\xFDkȃ_\xC2[]Õ¸QJ\x95)M\xD3?\xA1\xD7(\xFCr ~\xE99[m;3l\xA0}\x93}\xC6p%g\x9Dˤ\xBF!r\xEDS-Q\x87\x89<�=\x95]\xBB\xC5�\xA9ɤL\x88\xF3gψ�\xE6\xCC\xFE\xCD)j\x87\x9Fm\x8B{\xA2R\xD7�\xD7\xE3\xD1Q\xE6dÙœN\xE6�<#C=$�V㙃g�\xFA\xB1r\xC3\xDC+\x85>\xBAJ\xE4\xE528\xB4(\x94\xF8\xB1\xBA\xF8d\x95ز3/�\xE1UF\x9DI\xCF\xFA\x80\x90.Cw'S\xBB�ÕŒÛ \x8EjXPK�b\xE6\xF8\xC3[HS>\xF5@\x91z\xBE\x87\x98\x84\x8C1>\xCEY\xE7\xD1>\xC5\xCASÞ³Sh\xA5\xA3#ʱ\xB8\xCB\xFA;!\xE1\!
xB7� 0/x\xDFyd\xC9PP\xDC\xDE_\xC0\xEA$�\x85\xB42\xA1V�]\xD2.\x90)\x84\xEE\xC5w\x99\xE9
-"E�2��\xF8Nهc�O4 \xB5[\xE0\xD6�H\xA1\xBE\xA0 2^zϾ\xDE�#2�%H\xB2\xE66\xA0\xBB�aZ\xCB^\xE0]w\xBEu\xA8\xAD\xFBN\xE5\x8Fqj\x95{\xDE\xEB\xAB+�\x88[\x97�\x89U\x8A\xB1\x9B7&N\xD2|\xAC)C\xC3\xD2\xE5�\xA5o\xBD~\x97t\x82K� v\xA6\xB7\xE0 Eq\x8Ez�,�\xBFu\x91�\xAA�\xDCy\xDB6\xBB �-o\xD3\xC4%\x9A\xA7Ӟ\x83]\xD2z\xDD\xFE��\xA6W\xD5\xC4UƓ\xDF\xFE\xA2�\xA5?C\xA7\xA4¨Z*c\x84\xA5\xB27\xECCO0;�\xC5t\xF5g�5\xD4,J�\xF0`.\x8B�\xF2f [\xA6z\xEA\xDB\xF0b\x96\x81\xC1>\xA11�ƚ\x83\xE7�
-�\xD0��\xAF\xAAh�0\x9D/D\xFD-\xE5�\x80Ȍc\xE6\xBD]\x87K�\xBA\xF0\xC2\xFD!\xA2\xBD\x9E\xBF
-\xCE\xD0\xE7\xEA!\xF9�\x82�n\xDD��\xC7 ��\xE9\xBD:b7\xA3\xA8>\xC3 }f\xC1\x95\xD9=\x8A\xA4\x82xF\xE4(;\x8E\xB4��x\xE35\x82feT\xEF�\y\xB6+-7O\x9B�>\xE2�])\xB5\xEF\xC1\xDEC\xF6'9\x90\xF3�&\xCFr�\xFD\xCEk\xC4 \xA4\x83ϖG\xB5\xAD\xDC+�?R?\xAENJ\xB2}t\x93-K\xE8\xC9\xE86\x9C\xF2�\x9APUJ*_]\xF0\xF1K{7\xAB\xF9fF�\xC2\xC8\xF4\\xDDB\xC0]M\xFE!~`o8m\xAD\xE4x��3>\x90_.{g\x87-Ű�\xE2�-\x8B\xEAKT'�)�\x9990\xCB�\xB8|Jx\xE6\xFC\x8D ?\x8Cb\x83y\xBAZ\x86\x97b\x94\xBA\xD6v\xD5\xF1\xF6S\xA6\xD3\xFE~\xBD\xF0\xA7P\x94\xD9TG:;�F\x855\xDBa8K\xBE\xD5\xCB\xFA�\x8A\x9D�0\x9F~__l�&׫B�o\x8BxM\x9B\xDF�\xCF\xCD
-Š\xF8Óhae\xDC1\xBA\xDB\xF4ȇ>\xEC0x;J�۔\x9D\x86\xD4\xE1z\xA9\xF2]ɔ\xE7Q\xD3
-\xCBl\xE56\xB9h\x8D\xE8\xCF\xFB\xA9\xDC)�s\x9D\xFD\xFC\xB5\xE9\xF0\xB4\xCA\xE7�z\xEF\xFCR|Gz\x94\x90\xF1E\xDF@\xABM\x86!\xBB0\xB5瑓\xFE\xA2\xC25\xCF;\xA9\xD3\xF7\x9B|3\xD2\xE1\x9E4!\xC2\xF0\x85\xDF\xC4o+\xD5{w\xB8\x8A\xFD\W\xE1 )rtϊ�\x93\xA1\xF7F\x9F��\xAF3]\xBE�Л\xF9 ˟\x92n\xB43\x96�?
-,\xF5\x8Ez\xEDF\xDEM\xCE_6uё\x97‰\xF2\xB5�R\xE7�W\xBEJ
-�}\xAD\xD8\xFCN\xB2î\xE9_\xDFDЄIx�\xFA\xC6fÛ´\xC2çš‚\xF3X\xBB\xCAT\xA6 `à§{cI_\x8B^\xB2\xA2$\x8E�=}\x87F\x9FT\xD0Y\xF4$Ý£Tô\xD44=�\xF0f \xDF뉳\xE0y\xCE\xE5\xE9\xECc\xE0\xD5\xE6��\x86i\x807Ú„W\xB2\xAC\xF6U�\xEBh\xF1)�$e�H\x977qcM\xF7=\xA6\x8C\xBCZ^\x93\xA4qs�\xB0Y7� \xAFg\xEA\xAB��\x91\xE5\x84~L\xB4l\xB5\x94^\xE8Ha\xC3�\x8F+�\xCFO\xC5B"j\xF3V\x82\xAC\x85\xC9\xDB:K\xF7\xA0M46\xF4\x92\xD4��\x94bB�\xDFM\x94�\x93X\xBF\xA9*2\xC2'��Ô\x8D\x9BÑ\x86dJ\xE4\xA4�\xA8\xA31\x88\xA1� \xF1�\xFBx!\xDF\xE3IE\xF6�Y\xD7{\xE9[\xB2\xDA\xFAd�\x8E6v\xA8'\xF7"\xEA�\xB2'3\xC7H\xD8qR\x93\x86\xCA\xDD\xFCB�\xF2',\xBAĸ\xADZ�I\xAE\xB9\xC2\xC3�È·e\x94u\xAD>^
-��\xA23\x95/��\xF0\xE5\xE3\x90�\xC9\xD5w\xA2骟?�8\xB4\xC70JÒ²*\xFB\xB4ÛŸ\xA5\x91!Hb\xFFz\xE2Ú·\xD6\xEC\xAE\xFF\xCDf\x8E\x97D\xC3�\xBB\xB5\xB6 �A\xFFx\x9A�\xA3UÛ°\xE9�u\xF7Q\xD3%�\xED\xD2縸\x9D\xA5S\x863 �\xB8\xB6\xE2\xA6\xC7>�\xA6\x90�\xA470K\xFF\xBAD$4\xF4 at Cj�Î�A6�\x87\xFA\xD8�\xC1�CÜ\xC5\xCA~\x86\xD7\xC16 _\x9F\xEF]\xD2\xE6$�p\xD3Op\x869�\xA6�\x8AF1\x8EnϤ�\x81d\xA1\xE4o \xC1\xFC\xF1-\xA1\xB6\xB1�c�\xE6\xBA2V&\xAB-7\xB8)\x89�\x8D\xACp\xE5׋oH\xC4'Q�\x84\xF0\x87�\xBCÈ»PÍŽ\x85\xBB\xFE\xAE!\xD4Ê€\xDE;\xABs+_\xF1�Z 8\xB9\xF1{\xBAJ�A\xFEY\x89`$\x9D(Om\xC6\xE4.\x99\x�\x95!q\x83"*\xB6\xC0\xD7\xE03dB\x9F.\x8AQ�~�0\x8BOz\x82b\xCC\xEC7\xF4\xED�\x92[\xEA\xB8V\xFC/S%.m\xCF\xE0y\xFEƾg\xAEij.'\x9D\x92K\x859\x9B�\x82\xD3\xF6JÈ \xC2ת\xE8!\x8C\xB6}1\xEA\xFD�_r\x81\xE7�\x8F\x87\xD4岪j\x94Ϛ˟~\x82\xA4$\xD2[ײ%\x9B5\xA4'\xD8q\x8AÇ \xAC\xF5t\xB8\xC3QQ\x8B8\x98\xCEo�!
-�c\xFA\xBB\xE2\xAB\xCC;\xEC\xE3\xE0c B$\xE6\xE0O|\x87f\xE9\xE3\xAB\xEE����\xE8B\xB9\xB7\xF6\xC5Ӷ6\x9B�$�Xu\xA0%�\xE1IE\x9C\x9F\xB7\xBA�\xC9��\xF2%F \xC5\xDDd=\xB2g[\x93'\xB1&�\xE1J\x9FĽs\x90
-\xA1\xCA6\x98\xAEfi#8\xFB\xC8#\xE0\xD0ge\xCCq\xF1
-\xD7ÉŸH�\xFC�\xD6�\xA1d\xB4\xFD^\x8E\xEB\xAB c4\xC8.FTO\x9Di-\xE3U\xA8\xA7\xB5Ô¹\x91\x99�\xBDÏ?\x93\xA41\xC4\xD5Õ„\xEB\xD6�W\xA8�\xD9B\xA8\xD8\xE8cK?*q\x8E\xBC\xFB\\x82-\xF7�P\x99\xAEt\xBF\x85\xEFh?9X�^9\xAC\xC9 \xB1m\x81|�1\xE6&\xAEÊ“\x96�J\xF2VF\xBE]L\xDCjÍ©\xFC\xAA2˾\xA0\xF8`}DV*\x86e\xEA�l+\xEC�n\xE4��\xA5Z�\x84I\xC0\xE0gjY\xA5\xAE\x83\xF5\xDDx\xE9\xB1\xDCÜ‚\xBC\xBDZ\xB8\xC3\xFCÔ¹hb\xEC6`?\xA0\xE6\xF4\x98*\x9A�\xA6Ï��\xEFt<\xD7k\xD8\xEC6$\xB8�\xFC�7l>\xF7\x93\xE5j�\x8Bq]a\x98\xDC��\xF9\x8Bm\xAD\xD8~~\xB4\xA8\xEF\xE7Æ\x90\xB3K~\xF8pF\xB9-\xD1\xCB�\xD7Yk\x90UD\xF8�+\x95\x92�_\xD1g\xCF\xD9z\xC1\xF3\xFE�\xBB�-/\xA1Øw+[\xA5\x99\xD0IHÓ–\xCE!$\x8D-\xFB\x84\x9C\xB2Xb\xBC\xA7\x8B at R\x8C\xB4\xBE\xFBh.\x83
-\x9EP4a\x80\x8F\xE3\xB6V\xD8:!+\xA4\xBB׶\xD7\xEE\x87\xFBl�\xB40j;\xA5\xF7o\x8E\xE2VA[\x85�\xCE\xE1\x89`\x91\xDA1d\xCB�\xED\xE6;\xD5�6\xE1\x9F\xEF\xCD&6\xF23ÅŽ \xDE\x{DDF3}\xD5\xED�\xEBJ\xE8\xFE:g\xD7A6\xC9�Ú›Ò®��\x9Ctј\xFB�SÓ&�\x87\xA3sO1\xC4\xF57d%
-YIe*s\xC7~\xF6]/\xEA\xACnoj\xC9w\xAB\xF9\xE8jh~í”®>\x8C\xE4�XzÖ»\x8C\xBCQ\xF7R\xA9\xAC \xBB\x92\xB6\xC5>%\xC2�H\xF5#æ¹\xCDcF�d\xA1Q=i\x80?$P\xAC\x90\xF0\xB3V\x8D:F[Y�\x93\x98\xAD]\xE4k[\x80�\xFB\x90zq�\xF9�H�w|\xD7q�\x9E&2\xDF%4\x83\xFC\xFD^���T~\xA5\x81!�Yp\xE7h\xB7\xFB
-)XOAl\xFE\xE8\x8E�\xBB\xAA\xC7\xC1�C\x9E\xF2\x9Av\x9A\xC8ʗ�\\x8FmK\xE9\xC2\xE1�\xE7\xDE7\x8C\x83;vAĹ\x89\x9A\x84}\xA2\xFB\x8C\x964�Y\xE4-ş\xB3�\xD7{#+Hm
-~\xB1s�8\xCC9\xB5p/\xBE�{\xD4.\xCF9m\xAB\x9F\xC5%�\xB22궩xW�EG\xD6��g=\xD1a\x9C\x9D\x87\xFD\x91*\xFE3\xEC[\x8D\xE3\xBC"E\xC9<\x98\xF7�\xF0�\xEA\xA5p\xC9J\xE2\x8BZ\xF4\xB9X\xA4.\xAB�\x8Bf�\xDBk�V\x96s�\xE9�Gk\xB4#\xB8\xDF=\xECk\xD7O+n\xA8A%\xB6 \xB6�b�\xA7\xE8\xF4\xCA\xC6;\x8A\xFC$\\x8E\xB0\xE8\xEA\xC2D\x98\x89θ.J\xF1\xE2�<Y�\xD4\xEF\x9D�\x80A�׌\x9C˹/?\xD2\xCAȫ
-brrG\xA0Â\xD0\xECZ\xEA\xC5\xE6\x98�\xCE92\xB9sJ3JÞ¿iÅŠ9|�\x8C@\x94\x87�\xCA <\x89Up��\x87E�\x88{\x92`\xAE\xCF�Y\x95åª\xD8Ê£\x8Cß±7\xADpx|$\xDABg\xA4\x94l�\xAE\xB9Ñ…\x9D\x9A\xCF\xFD|�
-!n\xE2K\xDCQ
-$?�\xF5\xFAŤ�&\xE1i�\xB2�\xE7\xA3ד4�\xE8ڧ\xB4\xF8\x86\xEB|.\xAD\x8F8\x86
-׃\xF2\xACW\xCD\xCF,\xB4dU\xC8Jݦ\x8B04\xDEP�\x85M\x97\xE2\xE5\xD9�>\xAC\xEF�F\xCD]\x91\Jd\xEC�?Q\xDE\xE0\x8D\xD2!\x97\xC7\xDA\xF3\x89 \xFD�\x8B\xF9�\xEBv\xFA\x9E\xE9\xB9\xD5�\xB7A\x98ɒZ-\x9F\x84٤^\xD0+\xD8Ӌ\xA5\xF5\xD5 Ȭ�\xA0\x97/\xE8w\x8A�_\xF04�jF6�D=\xF7�=\x8D\xA0\xDCi\x8FY \xA1\xA6�=�\x97%\xE8\xFB\xB1\xC7n1Q[Q-\xB5\xC7=W\xAF4\xD52-w�C\xFDd\xE4\x8B\xFB}\x9A\x93$�\xBE�]�\xC1\x94v\x8D'\xA8\xFF\xD4�U\xC6h�\xA4#\xE3C\xE5T\x8C\xD9g\xE9 B#\xCF$\xC5\xE0\xD7\xEE\xFB\xE8^o\xCDv-O\xF3��;\x99�a\xA7(#�\x85\xA4\xD3b¤\xC5,J�\x87rX\xD9KVd\x96g\xBB[C\xFD�x\xAF\x96\x9D6.\xF8f{Ek\xC77\x99\xBBy\xDA\xE9$��\x88~\xC2\xCA%\xE7\xA9k\xB7\x8F\xADYW\xCC�\x91c\xE5\xCBwP@@6�B\xC7\xE8Ht'�\x90\xF6q\xE5<k$�[<o\xEBTx5B\x98v\x9D\xBFo�\xF5\xFA�\xBC\xBF\xECc\xC6ㆇ\x89=�\xF8�$7 \x99\xEE뷿w."\xBF\xE6*"\xDD/\xDD,\x94\x9Cv4\xD2�5\xB3/—I0
-Y`r\x8D��\xED\x85<DQ\xA7\x98\xF7\x99bÙµ\xBF\xAD\xEC~oN\x81\x9E\xD7�\x90^e�OF\xB5\xFF\xE2\xC1\xBA\x9B\xFEFf\x86)�\xBCД\x8E\xDD\xE5�F\xD8\xC8.\xB1i[7\xF4\xC18 y\xA1A\x9D1\xA5-gqF\xF5x�f\xE5kCR\xF9'="\x94�əڜd\xA80^k�Äs\xB5\xE3\xF4#2\x95�\x92\xE8\xE8\xD8*\xB6\xBC\xF1hO\xC3
-\xE7u\x82R\x9D�{\x91*\xD0\xF8^\xA2\xC1�8�\xE9\x8Ce�\xE4\xE4L\xCCX\x83b\xED\x8Dpn\xF9擜\xE8\xF6f�\xCDK\xB4\x8C9�\xD0jjKy3\xCCL\xDB\x!
D5\xCF\xCD|M\xCEpa��N�\xD0\xF6i\xE9\xED\xE5EP1|\xDD\xCD\xD4�\xA7}r–R\xB2\x83\xAA�#\xC6Pn\x96\x93\xE8;$i��\xFC\xB5\xF0\x89\xEAٲ^\xD83\\xD1}�*\xC8Z��\x9A9R�\xD7~��\xEA\xE7
-e\xAAY�\xDC՛\xAB�<l \xCD㟮��\xF9\xC0\x9Fi\xF7y\xFB\'-f"e\xB8\xCCB\x8B4Ut\xEA\xEF\xD4�&�\xFC\xFA)\xC0GML]\xA7Ś\xB9c\x99\xA9\xDCܖe"I�3S�4\x9B\x9Bk`\xC8\xE7\xD5��\xFE\xC0a\xF8\x95\xEFD\xE1Wʸ)\xCB\xFC\xC8Х\xB0\xBB&;\xA0\xAD\xBA1\xADEn�\xE2\xC7צW�\xCEW�_\x8E\xC9s\x84\xA5v\x83v\x9Eh\xE2ן2\xB2�g+\x95ѯ\xFA\xA2I\xCC\xD6{\xB8殾թ\xED.׊$9\xC3]�$\x83D�3Icc�\xA7\xCB\xFE4\x9EZF\x8D��W\x97�C\x99ׯ\xE9\x95݃\xB9\xC9\xF3D\xB8_7ڒ\xEC9\x9B/z\xB6�\xA7\xECmZ�\x9B\x83\xF1\x93�\xA8\x91\xD0)IO\xF2Mq�\xD7\xF0\xA1ѣ\x8C�&\xD9\xF1\x86�*�q�]O[�\xC5枯\xD0ģ4\xB0�\x8E4L\xD8O\xA6\x9A\xE5\xE6m\x8B\xC4 \xDAT\xF7\xE2\xED\xEF�\xCE
-�n\xB2&\x86\xB0*\xBC�j\xAB\x80e2x\xA3\x8CM}-Z�N\xF2��CMx�OC\xBD��\x85㡡\x97\x95\xB9\xE4\xE5�\xA3f\xF8\xE6K\xB22�?\x82\xC0\xDDo5\xD06C\x9Cg\xC4\xF4,�\x9B\xA4\xE4\x92`p�%oL\xAC�9l'�\x85\x95\xE8a\xA5�\x974\xEF\xF5>\xC8\xE2�\x83[�\xAET\xFE{7\x86\xA8@�\xD7V@\xF5\x8F\xEE\xB19\xA5�\xFA墑-7!\xBC\xE7\xEC\xAB=p\xD50:�\xDD/s\xBCh 1(\x9A\xEFr\x92\xBB&\xC7\xED4D
-\xF2Ê¢r\xC8Y*caV\xF8\xF5�È\x80\xD8V\xA4\xAEM'\xEA\xDE1V>?\xAE#n>\xBF\x83\xF1\x97�\xFE\xAB\xC9Ò£!SÆ€j\x96\xA9Nj5J6D\xE4\x84oÔ¨\xB58\xE5\xBB��\xBFJ\xA8\x87\xD5+Qi\xDBz\xAF\xE9\xD8\xE4-\xB3Ö³��U\xE9h\xB1\xAB\xFB
-\xC4U\xBC\4\xC8\xF2\xE1
-\xDCޯJ\xFD\xA8\xBB�}
-\xFBI\xF8R1�\\xCFK\xCCj\x82MM\xA0\xD4\xD6�[\xE8\xDB \xE3`R\xB0t\x90\x9ELI\xFE\xC0b\xC0rg\xCE�\xCB�\xAC!\xD4\xC6{q\xD2r\xD6�\x8F\xF0\xFA3<?�\x80<\xD3޻#��t\xBA�I\xA5}\xC2�\xFEu�5\x90Pq'\x9ET|\xDB9<}\xF9\xB1\x84K|\xA3\xC2Z\xEC\xAAB24\xFD\xBD\x80\xB7\xF9\x9E+tEr\xE6�\xACn�\xAC[t�8 \x9Am\x9Cc/@=CD\x98�\xF9xV\xFAK\x8C\xD1"��ե�j\xFA\xF8\xFD\x89\xC0w\x90\xA0j\x98\xD2\xFA�\xA8`�U\xE1\x9Be|�\xA9\xB9\x855F:\x8A�N\xC8\xEF\xC1yL\x8E\xBBg[\xE2M!2\x85\xF2�\xDA\xDEcʫ�\x98+6Mx<҅�\xD3\xF1�I\x82\xB3[x$g\xA6\xB0ފ��\xAC,�\xB3QV\x8F\xFB\xCE\xEBzG\xCB\\xF6\xED\xAEj�ݫ;Ǘ\x93�\xCDo\xB0\x88\xC4�g˶\xFC,\xE60\xFBD$g7�^\xE7Z�f\\x8B\xD0\xDBJh\xD6N\x9E\xF1JY%m\xDB�\xF1\x91\x94w\xF38E-7{\x8BB\xEERw~�_\xECZR\xA3\xDF\xD8u*\xF2\xA6�\x8D\xA7\x96a�\xE7\x97 \xAD\x8E)
-ʤÕ\x90�"57I�\xE9=J�\xCE\xFCF\xA62$h\xF3\x9D\xAE4�A\xB3\xBEH+\xB2|ǔ\xA3\xD3
-\xEB�-\xD3/\xEBG\xC5?\xB9\xAC\xCC\xCF=\xA3�t\xC0\x8C/�\xA7\xA5\xF4\x8BR\xC6b\xB3�\xC6\xFFׄp1\xA4|Z��\xCD&6;\x8FC̢\xF9C/\xB2^\xFAXI=!A���]\xD1\xE73\xE3\xB4U\xEF/\x8BH\x98-Eΰ\xD4�!O\xDBO\x98}�-\xF0\xF9L,\xB8_`\xA5�\xC9g�\xAD\xFCT\x92gM�t\xCA\xEC�\xB98\xA6\xDFw�b/17�\xF7�\xE0 .\xC6H\xCA
-E \xE83�\x8B$-,\xB6ƾ+:̆\x8D\xB5\xD4ey\xF8\xA1\xFA�S홻\x89\xC8\xF7�?\xCEV\x9B\xDF�\xF5w=\x80\xFD$\xFF\xEF\x9D�k~\xB2\x90o\x99H\x9F\x83I\xDF\xD9ɎX`
-\x87U\x9ES\xD8,\xE1\xB5\xE0\xE9|= - \xB0���\xA0\xCD\xC7GODe\xF2\xAD\xB2Þ¾\xAB/6�\x94\xE9\xDF,\x8D�a�%\xB5\xCF��\xB3i�\xAFR\xB9\xA3�lC\xB9䘼!w\x93:L\xD7Q\xD9嚈\xEEA,\xBCzPwl8wy\xF4\xF1b\xA0&~\x92�\xC9\xF1\xC6(O\x89Þ/$�Y\xAE\xB4\xC9l\xF8\xFD\xBE-\x91\xADl\xA3À�\xBF\xA5W\xAF
-g~�nM"up^\xC5\xC3\xD3\xED\xD3\xEAè” ,{!5\xFF8�\xBFU\xCBn d\x803\xF6\xDD��e�^s\x80\xDBXU[f\�\xAC\xC3\xDAO\xEAibt\x87\x98\x9F��+\x9B\x84.\xF70XZ,�Ý©p58\xFB\x98\xAC\xC6�o�\xA0�\x98_�\xB1\x8Fk\xA9\xBB'R\x99\x8F�8\xFAm &-R\xFA\xE3'B>P�\x86�\xA7\x9C\xF4\xEA\xD3k\xEB\xB1\xD1\xF9\x9B\xDD�\xA0#IM1�<\x81\xA7�\xB2m%2?\xA9Êš\x92.\xF3E\xA0]E\xC0]-\xBBus\xAE(x\x86Í¥�\x8A��m#\xF0�\xDD�)T\xC1\x8D\x82\x9F�â©©\xB2QE\xB8�u\xDD\xE0�\xCA�\xBF�I\x8D\xD3<\x84\xAD\x90E\xBFw\x85Z3\xD7\xCB\xE7�T$Q[&h\xE9\xE3$\xFFhkVen|\xC4m\xA7�{\xE4 W
-R
-÷&w?\xD8\xFA&a�\xC5/\xEA�?1�\xEA��0\xD6\xF9\xBD\xFA\x8Dر6\xE9\xF7�&\xDC\xFE0\x86\xA3,\xC6u;m�\xB7�u\xDA\xE4\x82\xFA\xED&\xBA\x91\xEF^�C\x93\x81u"\xCBe_(w\xB4#\xF8\xD5d5J, ;\xE7a\xCC�3E\xDF\xC1,EÕ–\xB8\x99z\xE8Be\xC3�\xB2\xB3�\xE6:-\xC0\xE5\xF8J\xDCë¥�\xD3bb\xBD�\xBFj\x87%Úˆ!\xED\xAB\xFB0\xEA\xAE.>h~\xF7ycLW\xDC�\xD8ɱ\xA2n\xA9.È£�sr\xB4n\xD5V�\xC6\xF6\xCDZ\x8C�ˬ\x82�\xB2\xD4\xC2U\x8A\xC0\xF6|\xA5\xBFÎ¥\xE5\xDA\xFE�\x8B\xC7=\xC97\xF7N\x84 �V\x97|\xA1\xB0\x83�w\xA4\xA2&닱\xBF\x95È\xE8�
-\xF1}\xAF\xF6�㳂\xCC\xC5�\xEF\xF8�^\x8EOu�\x94�ϙr\x95\x91\xBF\xBDLyk\xAC\xAB�P9�~g\xEB(\xEF\xF2Z\xF0틆�G\xAA�D\xF6\x9E;N\xFE\xAC\x9Co\x99\xCDI\xA5\xE2\xC9l\xE1�\xA7\xA2\xE5Ъ!\xD4ޘ\xECb\x82uh*\xB2�҈�&\xFA\xCB'�c\xD4ns\xAE~Af=\xE7Rh\xC8\xE22�,\x9A9tX\xA5\xDC\xE4]\x9D\x9C�\xCB1\xC2&\xDB'\xA9AX\x99\xBB\xE3p
-�\x85-ζmm\x88\xA2\xF0\xD4\xFDa\xA8\xF2\xF3=\x93d\xA3q \x90!\xB3\x93��NÎ\xB3 ß±\xFD\x84t<T\xDC�\x93\x95B~1�QK\xAC\xC7�|xf
-P�\xEA\xB0s\xFE\xC1\xA8RV?l\x87\xF8%J>a\xAC\xE4{La\xAFFH5\xBF[\xDE{a\x98\x9A\xF6Ç\xA4p=�\xDE_\xABl\xE4\x98\xF1\xAC#ub
-\x81�>\xCD\xFD�\xF8ee\x91\xFE\x841~����\x9E\xB9�L\xE8d�\xE9ק\x8F\x89\x98\xA7\xF2U�PG;K\x89SH9\xF7�\xB5\xF3O9)\xD6\xC3���d\xF8\xEC)S\xF3�̇\x94\xF9dؾh\x80�v\xE5\xC3�\x97
-?9k\xE8d�\xA2�^\x97\xDB1\xCAÖ¤�G\x9C\xAF\xAF\xA2Ö �\x97\xFC2 at v\xF9\xC8}\x98\xDEI\xE6,h\x8D~\x89:�ߺ$H\xD6\xECg\xF9@\xC3�\xD4\xEE�O\xB9\xD3p*@\xFB8\xBC\xCF�Ù©zF64\xA1\xCBs\xF3"\xEE@\xAD,\xED\xFE\x9Edb\xA9d�\\x89�\x9C�=\xE3h\x9F#\xA7\x88\x91\xF8\xED\xCD-\x94Un`\xCC\xD4�g�\xAD\xF1��3\x93HR\\xBBq=\xE9\xED\xADpȸ\x90\xA4\x8A\xF8(\xE2\xF6g=:\xC0�\xA3\xB3\xA6\xC4'\x83}\xDEX\xBA�Ý^\xFDb\xA9\xAF-\xF8o\xB8\xF3\xC1\x91
-\xCCÄŠvu
-\x98ȧ\x84P\xEA�\xB2\x84A\x95��]fv/�\x82͖~H;\xF4\x84\xBEu�oR\xF9x�o\xF9}\x89\x9Df\xED0\xE6\xF3�\xDE\xD5j\x8F[+u\xF1\xEAN\x86ö\xA4P!%8\xBC\xFFH|\x9B\x91]@^Kl!@^)
-�<8\x9B\x8E\xB7�n|,\xDDy\x8A\xE2O\xC96M\xFDZ\xEEzq\xB4:}1\xFC\xE4$?\xC3\xC3J\x9E<\x8E\xF1\xA0\xE8ix\xB1\xFF\xAB]×»+�\xE9\xB4
-U\xD6zNYTm_��~Ém.7\x8D,Db nuM\xB1\x8E\xC2Ϻa�W!\xA0Ó‡g\xD2x 4*�Hz\xE9\xB7<\xCC04,%\xFF�\xA3�\xEB�z�\x8A\xA6\x88\xD5\xD4g�\x94\xF3�\xB9f\xF7\xE98\xB6Ñ\xE9\xEE)\xA1\xB8<\x82\xA4\xF0\xF6\xF9�\xBD\xE3�\x99\xB7t"\x90\xFA_9\xCB\xD9؉5|\xF3\xBB9\x8D\xC4�\xD7Q\xA7X\xCD\xFE�\xD4n{2θI\x99ÕŒ�g$=A.�u\x89\xF7\x9B�\x8D\xDAj\xC1\x86\xFB\x85浉�M�O\xB4\x81\xF7 I~b�$tdIî~A\xE1B"\xD09��\xCD\xD9\xFC97d'\x8A\xDA��
->\x8A\xAA\xEF7�\xA11� �\xB9Q�\cHj?רQ\xE2�X!\xF3\xA2K\xCC\xF3=\xC2
-\xED�C\xE4�\xFC\xEB�\x87�]\xA2U+(}�\xB5\xCC}\x82��\xF6n�B-\xFD�\xB2䇥\xADp\xD6\xE3�\x82\x96\x9F8\xBD5\xFCÕ±]\x82bɶ[Ò}\xFBs~�3L\xB1Xw\x92\x9Er\xBA_o�=af\x97'\x9C=s‹\xB8\xE08�Fag\xA3�\xD0|\xFD\xE6�\x9FÛ†><\xA6�\xA5\xAA\x98\x9C:\xA8\xA1Ó”\xA6 i\xE5S\xE2t)Ñ \xB0\xA2$3\xD5n\xD9\xFE�\x8A\xDEΖ\xFA\x95\xB7_\x9BGJ\x{D937}\x8E\�\xD1Â¥T\xA7h\xAF9\xB4KÕª�-\x9Fݲ\xBB\xF1�u\x97\xA9�\xD3e\xA6I\xF9�F\xC6w\xF2\xC5'\x8F3\x90\xBD=\xCA \xFFv\x8Afcu�Ç0\x8CQH\xE3\xE0\x9A\xD9,r6*\\x83P\x99�\xC2*\xAB\xC5*\x85`\xB9\xC8Es} \xFC4��{s\xE2c*\x91\xB7\xE4�L*Ò¶\xF9\x91\xC2_�d\xEEf*\xED\x83�\xB4u\xC7༕N\xE5\xA3Û¤7\x82eY\xCE[\xAC�LÌ‚@\x8C\x93\xBBk\xE6\x83E\xB4\xB1dU\xD0\xEEp\xAFC\xFA\x87,4\xEB\xF6t'\xD1�P��i)R\xF0\x8F9]C\xEAw\xD5�\xAA\x88\x92At\xEEÅœ\x93yb\xB3I\xC7\xC5�\xAD\xBE
-]4o\xFD\xD8\xF5[�/\xF0t\x9C:\xE1\xFC\x81\xFA\xB8<\xF6HM\xB0�$2O\xDE\xE5\xDC?\xE7f>\xD8E\xA8}\x93\x84%
-\xC3X�iMÊ®i\xD6\xC6Ð¥\xAD#o�&\xC9\xFE\x81\xF7\xFA\xBE\x8428\\x8EÈ ��\x95�\xC5\xFC\xBA`\xB2tz\xFE\xA5Lr\xD3f\xEA\xAD�\xB7-m8\xBAm\xEEC⡬\xB6.\xA3�\xD7^\x87\xC6\xEF/_\x98\xF3\xBC�so\xFBq\xFD\x9Cz\xB3`\xB8\xF9\xD0iNWIL\xE4 �\xB1\xD0l�;\x98\xEC�\xB0\xF5\xC3��\xB0}\x8F\x82�\xDF\xEBR\xAD\xD3=\xA1/\x89 \xB18E\xB57\xE9=;j\x9A�\x8Be\xA78\xFD\xA5 3&�\x98eGᨵ\x9C\x85A&\xDC`6�\xF61\xDC\xFB3#\xEF\xAF�\xFDF\xF6\x80g\!
xD8\xFC\x8F\xD1:�M\xB7D\xB4�)2\xA0\xE0�\xFC\xA5\x99u\xC9"tt�\xAE\xB8\xF2\xED
-\x99\x9Cz\x9F�\x8A\xF4Í‚\x90�\xED\xA0\xCCN\x86ÊŒ\xBB*\x9E;+[\xE5\xF1�\xAD\x9FB\x96{\x8C~g+b\xF2\xA1z�\xFC*\xC9 =x\xAF\xCEc9G\xD8\xFD}]e� �\xEC�q\xA7Z\x9F\xB5�`)\xA1\xB5-M\xEA\xECÒ¯x5\xAB9Ù©s\x87(�\x89\x9EO�b\xF5\xDD at wk�\x9B\xAB`�må¹£x!WO\x9F\xA7LÐ[\xF3\xD44"\x96:\xEB\xEA\xF4��\x97�\x83[\xB0\x91\xBBg10Å«\x9A5\xED\xC2ss\xCCv�\xB3�\xEF\xC8\xCC<S3[\x91z\xD4PE+
-\xE9:\x8F\xFB\xE5\xC1\xABJ\xF9\xE9\xFCJ\xF8c\x82u�\x96\xB9\xA9\xA6h\xBD\x94l�~\xFE\xB7\x9C�\x9E.�\xE2,>\x9C\xA4Ob\x8E\xD0W\xBDE\xB4\xABi\xDA^7\xEA\xB5�A\xB7\xE3,\xBB\xDF�\xF4͘O\x94�\xA5�͜\xD3\xEF[\xA79\xF5\xD3f\xB6\xF49\xB0\xE5\xC2#\x9Fז6l\xA6G\x93\x9A\x98\xDE1\xCA\xD3�dQq\xC6\xDEˮs�\xC0\xA8\x84J\xC9\xF8\xEF}\x88�\xB0\xDC,\x80\x91;`a\xD65!\x80b\xE4\xAF\xE0b\xD6�l\xA7\xCDS*K\xF6섢G\xB5\x84�\xEE\x92\xD8̯\xFCLXz\xA8ȵ\xCCA\xED!g\xDF\xDAF\xF7\xA4I\xE8\xA2Mn\xDE\xE3?\xB5-\xA7\xB9\xE9\xCF�ʨNm*\xB0\xF4\xB2\xE8\xEE\x88\xE9E1\xF4+[\xE7D\x95\xBD̉\xD0\xF6|\xAE\xA0 \x94[�t\xACH\x8BN\xF4\xE7�\x87\\xD0\xEB\xACܻp\xDD �\x87=�gl\x9D\xDFy#\xCD\xE6
-\xB5\x97\xD6X\xD7��,\xCA<\xA1m$\xDD\xEA�
-\xD5ÛŸX%`z�\xBCL\x{143671}\xEE\xA4\xDE1{È‘H\xD3#\xFDEEN\xF0=\x92\xF4�G�\x9E\xBB\x87.>i�\xEES \xAEE\xF2\x80R\x89\xC1\xDE\xE2\x96\xEC\x96.\xA3a\xCDI\xD6\xDB^\x9A}�\x81\xB2�i\xF8�/\xD5\xC8\xE4�\x86\xAAw�\xC5L~4?O\xA4#V\xCE�\x82\xF6�OØ\x94%'�;\xC3\xEA!\x93Üd\xB7p\xB2\x85q!o�ceZ\xB3�sbØ\xE0\xDF
-\xD0\xFA\x87\xE49��\xACPjK\xA2!z\xF3\xD9!\xF1Ha\x9F�\xB4\xDE\xE3\xEF\xFF\xBC\xA3\xEAO\xDF�,?\x80\xFAV\xD0z\xBE\x92\xA2\x8C\xA4\xF1\xB8gTW-\x8A\xABX\xD1\xE8\x83\xF0N\xA8P\xCA94X}c�hAc~\x87�^\xC5\xFBI8Y\xBD-\xB0Ji�\xBE\xE1.\x98<\xAE\xAF\xC7I\xE2\x9A�o,\xA6\xD9N\xEC\xA5#\xCAÍ\xBD\xCA\xFB\xCA\xE0\xF9��k\xA4l\xF9n\xFDh2\xB3\xD2\xFE\xDDu<�A\xED\xE2$F\x8C\xFE�\xA6\xCFD!\xFE:\x83\xEAj%FD\xF5\x8A�\x82Q\xFAP\xC0\x84\xB4\xE8\xD6�#�מbG\xA1\xB3\xB0\xEF\\xF9e�%m\xCBf\x9B\x91g\x90'C��\xD5䦨��\xD1)\xCA�$\x89\x87x`A%�*\x9BH\xAB��\xB6#\xCC'\xE5;\x85p\x91\xFB\xDA9\xDF/iÔ¤��N\x85\xEF�#\x89y\xE0�E\xD7\xD3z�\x988�\x83\xC4\xDB�\xBC\xEApXe\x80N�\xAE\xD1 �\x86\xB5\xA7�r%\xE7\x98\xFB7\xAF\xBC\xC7\xE9&\xEF`�Fo\xF9\xAA\x92׬\xF3\x9B}tW\x99\xEB',4Ó‘\xF5Ê™\x918\x91�\xC0`�Z*\-\x9A\xF0\xFA[Ü‚J\x81\xE5Õ®{i!Ux\x84T
-\xFB\x95\x88�\xBC\x91\x87\xF4m�\xD985\xFB)\xEEۼe\xA2\xFD\xBEK\xB5\xD4\xCC;\xA8\x9E�\xE8{\xDCȡ��\xBE\xE8{\xB4\xD1e\xBC�\x8E\xF2\xBB~!\x96\xB1l�\x8F�\x98�\xD7R\xA1^n`\x9ETG\x90?Ž\xCECM\x9E\x97\xFB�[\xA9s\xAC ;Z�W\xC0\xE1�\xA4�\xEC`\xB1�3�iSw-iU\xC9CW \xA9%L\xED\xAEG�cM\xA6\xD5\xE3\xFF\xAAz\xE2\xCAZ\x95*�\x81\xA8\xB1�\x85\xBF
-\xDAV\xE2>xj\x84E\x8B\x8Cw\xEA�Io\xB3}\x82\xFCH\x97\xE3
-\xD6r\xFA\xA0\xE3k\xD1nT\x82e\xBFS<\xA0\xA2x
-K\xBB\xAB-�1��\x85\x8B54\xCB\xC6a\xAB\xF7-\xD5\xDC@\xDAU\xF3\xAA�\xEE\xD0sL/}8\xC0Ѷ\x9B\xD1l\xA1\xF2\x89\xF39�\xC8+ߩO\xB9ȨqD\x8B\xA3RK\x887h\xEB\xC0\xFB\xDA\xEB,l\xB3\x8E[\x8Bx\xB3#\x8B\xB3�\xC6\xD24
-\xB6\xFF\x81ڮ\xBD\x96ZJS\x95\xF1~\xB4\xF5\xD3p+S!\xA8yWC6\xC6jy.L\xE4\x81�\x93X�5\xAD�^g\x98£\x98\xFD\xFF\xF2\x83\xFC\xFF�\xFE\x9F�\xB0\xB0�\x9A9\xBBB�̜\xED\x90}\x9C\x81.\xAE�\xE7?\xFE\x80\x87\xFC\xBF \xDBy�]endstream
-endobj
-1361 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 2
-/LastChar 151
-/Widths 2744 0 R
-/BaseFont /ZVQCAF+NimbusSanL-Regu
-/FontDescriptor 1359 0 R
->> endobj
-1359 0 obj <<
-/Ascent 712
-/CapHeight 712
-/Descent -213
-/FontName /ZVQCAF+NimbusSanL-Regu
-/ItalicAngle 0
-/StemV 85
-/XHeight 523
-/FontBBox [-174 -285 1001 953]
-/Flags 4
-/CharSet (/fi/quoteright/parenleft/parenright/comma/hyphen/period/slash/zero/one/two/three/five/seven/eight/nine/semicolon/A/B/C/D/E/F/G/H/I/L/M/N/O/P/R/S/T/U/W/Y/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/quotedblright/endash/emdash)
-/FontFile 1360 0 R
->> endobj
-2744 0 obj
-[500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 222 333 333 0 0 278 333 278 278 556 556 556 556 0 556 0 556 556 556 0 278 0 0 0 0 0 667 667 722 722 667 611 778 722 278 0 0 556 833 722 778 667 0 722 667 611 722 0 944 0 667 0 0 0 0 0 0 222 556 556 500 556 556 278 556 556 222 222 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 0 556 1000 ]
-endobj
-1320 0 obj <<
-/Length1 1624
-/Length2 9769
-/Length3 532
-/Length 10633
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDveP\\xED\x96.\xEE� xÒ¸K\xE3.\xC1Ý
-4\xD0X�h\\x83;!�\xDCCp
-�\xC1\xDD-\xB8\xBB�K\x80\xE0C\xBE\xEF\x9E9S\xE7ί\x99\xF3\xEB\xD6\xDDU\xBDk\xBF\xEBY\xEBY\xFA\xAEj:*u-6IK\xA89X�\xEA�c�\xB2s
-�T!�\xE6\xAE.*PGe\xB67P{K5s{�\xE0�\xE0Š\xA3\x93r�\x83`�\xA8\xA34����\xE8\x81-�\xD2`� �� (((\x88A�\x90\x82:y:C\xACm` F�M=&��\xD6J\xFE\xA8 \xCC=\xFF\x81<[\xBA@\xAC��\xF4\xCF�n`{\xA8\x93�\xD8�\xF6L\xF1?6\xD4�\x83�0�0\xC0
-b��H\xA9\xA9�(\xA8\xCA��\xE5Tu r`G\xB03\xC8�\xA0\xEE\xFA\x9C\x8A�@�b�vt�3�\xAC\xA0\xCE \xFB\xBF� �\xA8\xA3%\xE4Oj.\xEC\xCF\\x92. �\xC0\xC5 l�y6�{X\x80\x9D\xFE@\xAC '\xB0\xB3�\xC4\xC5\xE5\xF9� q�X;\x83�a\xCF5\x80A��G�{W\xCB?�<Ë\xA0�\xE4\xE4�}\xD6pxÆž\xC9Ô¡.0��g\x88��\xF0\xECU]Z\xF6\xEF8a6 \xD8�\xDF.\x90g� \xB5zÖ´\x84Z\xB8\xFEI\xE9/\xEC\x99\xE6�\x85\x81 \x8E. �\xD8�\xF6Ç—9�` qq\xB2�y>\xFB~&sr\x86\xFC�\x86\xAB�\xC4\xD1\xFA\x9F�\xB0�\x9C\xC1\xD6 gK{\xB0\x8B\xCB3\xCD3\xF7\x9F\xEA\xFC3O\xC0\xC9�\xE4\xE4d\xEF\xF9\x975\xF4/\xAD\xFF\x8C��s�\xDB[\xB1c \xB9\x9E}Z\xC0\x9E}[C�18\xFE�\x8B\x82\xA3�� \xE4\xFC[n\xE9\xEA\xF4�\xCC
-\xEC\xFCW\x81�\xFF\xCC�\xD3s� K\xA8\xA3\xBD'\xC0�l\x85\xC1\xA1
-\x85=\xBB�0\xFEϺ\xCC\xFE\xEFk\xF2\xBF\xA1\xC5\xFF\x96�\xFF[\xDA\xFB\xBFk\xEE\xBF\xF6\xE8\xBF\\xE2\xFF\xED}\xFEWjYW{{U\x90\xC3\xF3 \xFC\xBDd \xCF[�
-P�\xFC\xD93\x80?\x8B\xE6\x9D+\xF8\xFF\xB2�9@\xEC=\xFF�\xABU\xD4�\xFF�\xE9�\xB2\xC5�`\xA0\xE7rH:Z?\xB7\x84
-\xC8\xC5\xCE\xF9\xB7�\xE2"�\xF1 [\xAAC`�6 +\x90\xFDs\xB5\xFE\x92\xEB8Z\x82\x9D\xED!\x8E\xE0\xE7\xAE\xFEU\xD0g#N\xCE\xC1\xB4m �v\x8E\xCA\xCF\xFB7�v\xB4\xFC\xD7؟�\xF5W\xE4�j\xB2r\xD2
-\x8A,\xFF\xDDn\xFDKS\xFDy�`ÚžN`\xC0\xFFq\xA3\xA7�\xB5\xFC\xCF\xC3�\x9E7o\xA0� o6> \x80\x8D\x8B_ \xC0\xC3 �\xE0�\xFA\xFE7�\xFF\xA2�\xFE\xF3\xAC�\x829C< F\x9C윜@\xC0\xF3\xFB�\xBF\x9E\xDE\xFE�\x8D\x8C\xA3�\xD4\xF2\xCF\xCCh\xC1@\x8E\x96\xCFc\xF6\x9F\x82?\xB0\x85\xAB\xB3\xF3sw\xFF\xBA\xF9\xCFI\xFF\xE3\xFC\xD7\xC0\x83\xC1�`�\x8C\x85Y\xA8\x85p\xB0mJz*\xAC\x8A8\xBBoDÚ¨\xAB�\x88\xD8�\xE2TX\xA3\x9D\x9F�P�m\xF7O _�,5\xBB\xAF�a\xAF��zl\xF2\x9C9tz\xD8Vd\xDE�\xE8xi\xCFО�>É¥\xF0\xA5a\xEA\xCC\xC3_\xA1o\xE1g\xD9 \xE40)\xC4N=Ò‹\xF6>\xFD\xAE\xBC\x86d\xC8Ç©\xBB\xB31\xA2\xA1iRp\x8FB9\xD6\xC2\xED\x8Cvz\xCD�@\xE3\x96�@H{\xE5\x84\xE3g\x91\xFC5\x8E\xE8�^-Ü‹\xAAχG\xF4 \xFB\xD7W�=\x83\xFD}\xBD\xED\xE7È\xDB\xE4,Yq\xE8t\xC2nH\xD8\xF4Q�\xEF\xB2\xC8\xC5
-uJ\xBD#h\xC5d�\x87\xF11\x8D�$Ǩ\x97\xBC\xB1\xFD"\xDC�\xE1_/\xF1h\xE4\\xE2O�\xBF\xB2\xAFH\x8A\x8F\'@�\xC33�Rcl�\x90'\xFF�G\xBB\x8E�2�\x98\xF1\x91
-�\x9Fv=�=no\x9FI\xD0\xDF\xC8\xCB�K\xC4D\xAD\xD4�\x9Ff1\xF9'ALа\x99\xB0y\xBE\xF9}\xEF4(Y\x97
-\xF4Ur�\xFCBpS\xFB
-\xC4\xE2og;\x8D\xF0\xB5[\xAC;Q\x8A\x88\x8C\xAF\xDB�w\xEE\xF3=�Ö¯ \xBC`\xF3\xAD\xBCW\xAF\xE5\xE7L\xBEq3>\xC5W\x87\xE8S{\xE0V\xFDd\x8B\x9D&\xEF\x95\xCF<\x97\xCF\xD4=7D|\xC3\xFD \xACZT\x90\xF40�\xE8\xFF\x94\xA8\x9F\xC7U�Ó©\xE4\xF3{\x9A\xB1Ý®$&\x93v\xD9|G~\xF0�y\x9BV\x8D\xD8\\x99+�
-\xCD1ÆŒC\xEF\xC8`"&\xBFg!\xA6\xAC\xA25\xBA����vIN\xA7\xB6L�/\xF2\xEB��\xF1\x89S\xA3M\xC0\xCBTp\xDB.\x90K\x8C\x85\xBE\xFE\xDA\xD2N\x89�\xB5\xA7g�C\xE8\xC6\xE5a\x80�hFظ\xB4G\xF4\xC6J#\xD48VZ\xF5\xBBtH\xC9\xDA8Eq\x94B×…\x89\xA2u\xE6I-?ms\xD9rP\x99\x96v)Ú·\xD04v<\x8A\xBD\xFA\x9A�\xD7t\xAF(\xE6\xF4u\x83\x9C;0\xAE\xACR��\xBAkI�\xE3c\x8Ag\x8Beu\xC1\x96'\xA8'Q\xC9n�\xA7\xB7\xBA>�\x9A\x89A\xAB\xC3\xF6?\x82\xA5/\xF6\x8B\xEC\xDEÖ¼�\xB6VO\xADl\\x9A6\xF3\x9A�\x83\xF3345Åš��kni\xADP1�\x87Úž\xAFg~zysJ\xB4�\xA4\x96\xE6OW\xF1\xB2�H\x93-\xC0 !\xBA�\x93r\xE1<�\x94Ly\xE1D\x97Fo\x95\x80�ݲ\xE7\xDEb\xF9\xC2K\xEA[H\xB13J\xCA\xFC\xF2g\x8Apc\xEA\xD6Z\xC2�Íឨ\xAA\xB8\x92Þ \x8D�\xA4\xEDo\xD5K\x8AU\xA2s\x9B\x8FÑ—\xB8I\xDF\xED\xD4\xE15�\xBD0\xDF\xE7 \xCD\xE7�\xBE�\xF8\x8D}\xE4)\xE8�\xF3\xC1*u8\xA3\x94!Y\xB0\xA9Bt9wA}\xFDL\x95p2>\x97\xEFv\xA2\x8B\x99\xF8\xF5\xC7 \xEFW\x8B\x9D�\x8E\xA2)\x8E\xEE3|<\x9D\xFC�\x87F\x99L`a!*\xCFß—\xF5\x93ή\xD5b\x816\x91\xE3ÛµjR\xAB\x82�\xF9T\xBE!\x82Ö•&\xA5\x9DYr\xEF\x81\xF1I�\x9EŽyg\xAFF\xF7+\xEC\xDEG\xBCW=Ï‘\xF8\xC9\xE7\x953\xB8)p2`R\xE4)Z\x8F\xDEy\xE0\xD3\xED\xC1\xB4+\xF6�\xC8Q{E\xC1\x{155381}!�\xB9\xFD\xF4\xCEC\xB9|\xFD\x8A”S\xE6\xE8W\x95Jj\xB5�\xF9b\xE7\x81�\xF1\xD6\xF1bw\xB0\x9F�\xFF\xF0�\xE9\xEFEuU\xF1\xD2Ò‹5\xB6\x98v\x93�\xB8��\xCE3\xF2\xBB\xC7\xDCS\x80 `\xFA*F\xD6�3\xA7\xFC�\xBD\x9E\xF3U\x9B\xF3�\xBCX]�K\x9C^c\x96�z\xA36\xA2Ô\x88\xCCFh\xE3a\xE7@\xBFm�\xBC\xBC\xA3N8\xF6�-z\x99o2GU��\xE6OA\x8E\̤�ad\xF5j\xF2Ô²:\xE7�-\xCE\xFE1�\xA5;X~5; \xC0\xA8%7\xC8h\x98�|�\xB6\xB3\xFA\xF8\xEDB\xCCdw\xA9\xA8\xA6\xA9C!�7+\xC8\\xBC\xB8^�\xF8
-n|�\xEA\xEBfn\xBE\x88\xE6\x9C!;\xA0A[\x86?�\xCAA\xB5\x94\xF5\x80v\x91\x9AW=}m�E\xDF�\xF5y�\xA6Z\xDF<\x8E\xAF\x9C̒\xF8a\xA4R\xB9\xA8\xF0�\xDF^\xAB*(\xFE\xC0\xCDX\xB9:\xF4�\xA7'w\xA2)2\x83\xDE�\x9EL\xC8\xF6�.\xD5�\x9Eyȯ;�\xA1ұо�=@{\xF57d*\xE3\xDAҔ\xEClEr\x89\xA7�^H\xF4\x80Q\xF9߼�&\xF1r\xCB ;~\xCC\xCB$\xC6\xC1\xAA\xD90
-\xCAÞ¼\xC8\xD7\xDC\xC4�4\xDDV\x89m\x9Az�\xF3�]\x98\xF5\xDFH\x966\x8A�<�z\xBE\x9AZv|\xC6\xFD\xEAs\xCF\xF6 �\xBA\xC3\xFB\xA68\xB8#�Fi\xF5�9y\xFB"�!
\x8A|^'\xA4\xF1�k\xEE\xDD� \x89\xFA\xA7�\xD6x\xF3Q\xB1\xBB\x8ES\xDF\xD9P"\xE2_\x9F\xB1�\xF1^c;�ÒŠ\xE2\xEAY\x82�\xA5+\x85\x8A\xB1Ì‹_\x8CP\xD8\xEA�Ú£b~��\xCF%'���\xD5�\xB0�¾R(\xF9Y}�}\xCFa\xE6{7d\xF2\x9EÞ‘\x8A\xAF7\xCC��\xD1**o\xA6-i�e\xA8�\xD0.\xF3S\xF5$6ɾ$\xF3\xB8�\xD7��\xD1\xFD\x8C\xB1\xC0Bq�B'\xCEZ\xAE\x81\xA2#_\x89�qt\xB2È–\xA5(\xFB~4\xC6K\xC5-\xA4L\xD7N\xE9�\xBFa\xA9i摽�\xF7\xFC\x87�\xFCE!\x91I\xB0\xEF\x97M�8�(���\xD1w?\x83\xA8\xDD\xFE\xD42l\xA7\xA9\xC5KKT\xF7n$\xB7\xF1\xF4itG�:#[jQ\x9C\xE9E'ÉŸ\xE8[Æ\xB73/\x9D\xF8\x9B\xD2\xF2l\xBB\xD8\xE6\xA975V\xD4Ó«\xAB'\x98c\xDA��\xBC-\xFA*\xC4HL|\xD6Ðyx\xFBT\xBEz\xD3~7&%3j�\xF7Q\xD8�\xB7]m\xF1\xB7Ǿ\xE0\xC6V\xC4\xE6'ty�\x9F\xB0W\x9A#\xFB�ħ%\x80e\xDA(8Og\xAA\xFC\xC8 ��\xA8�\x89\xB1 \xFC%\xB7\x83\xFC\xC2\xD4_\xF4\xD2gU\xA6+��Ѽ&{\xDFR@\xB4\xB4b\xA6\xB4�\xC7.\x88\x98O`h\xA5\xFES\xAB�9\xAB\xA0\xCA�\xD3ñ£”¡\xEB]2�cÔ›�\xB6�4\xC3\xFA\xE5�\xA0Þ¬\x91\xDA�z\xF6�\xA8I,{tS\xF3<$\xE8\xC5\xD5\xD6U��.�V\x95\x98BmÆ€\xA1\x9Bׄ\xB92HJ\xCD}\xC2\xFC\xAA\xE4\xC0\xE6}0\xAF\xCCG\+Úº\xEE\xE3\xDC\xFE\xAE'
-Ă\xAA\x92ߗ\xC3\xFB\xB8_�\x8C�9\xBA?l¼\xB1\xE70\xDE\xF8\xDAN\xD9G)\xA3\xBE\xDC\xF0\xB7�>P\xA26\xBAk~\C\xB6\xBF-ct[\xC2�\xE7B?:;\xA0\xCFEbyQ\x99.�`&�\x88\xEE\xB7h\xA8\xDA\xED\xFC1\xAA\xB0K�\x86���\xBD\x8E\x95\xC0\xB3N\xBA\xED\x96\xE4N\x97a\x99\xCCb\xFD\xB6�xӱ\xB8��\x8Bh|=Z\xFEV\xDF\xCA1<\x8D/�\xFCc\xD0V\x8D\xD0Y\xEAm{|Rs\xB2\xFC鬉\xCE
-\x92Q(\xF8f\xB4�\xD5�\xC6v\xBB�\xCE\xEE\xF3�cq\xE025\x95�\x8F:H\xF88\x99\xEFd\x91_\xA1ݒ\xF6\xBF\x88d\xAF,\x8A!*\xE9\xEF\xC8?\xBAf\x9B]\xE6U 4a��\xE9\xA7�>Jd*P\xD6Ro\x8E�e=\xC5
-c\xED\xD9\xD0\xE2\xE2D�<%d)\x91Y\x80\xAD\xE4\xFB#TG\x99z\x877[\xA63BV\x87\x95D�ߵi%\xB3M\x91\x9B\xE1�
-\xEA\xBBWosDV��hH�d�\xAF\xE3\xE5\xBF~\xF2\xF4\xDB�\xA6\xBF\xFC\xEDK\xFD\x8Dت@\xCE5\xA4\x8A\xBC A�B\xAD \x85y/�\xBCB~\xA1�0\x91\xFC\xB6\xB1O%\xA4^\x9A#X\x8Dcn\xA2\xC9#\xF3�s(O�\xEE\xECa`\x97s%\xC5j\xFB\xAC\xC1~6\xDBÈ»2\xC1_\xA1)o\x9F\x92i\xA0:\x95\xD0o�\x958/\xDD\xDFL\xB4\xE2�\x90�\xA72\xA4\xA8S ~\xE4JE\x8E\xAA\xBE<\xA9msN9Uk\xDDHV\xAC��\xC0 \xBBÞŸ��ÄŸ��0�`\xC0\xE2\xE0\xF0$;\xAA70�\xCF\xFBÄ�dF\x8658+/\x9F\xF4IqkPiBq@\xBB\xBDE4L\x94Þšm\xBEY\x98\xFDX\xFDayN\x9C\x9D\xD1\x97\\xA8\xEF@\xF5\xBA\xE6s\xC3J\xF9\xA4\xE4,pR(\x80\xB5\xA1Þ \xC0X\xE1�\xC1Tn
-\x97\xB1wOhW]k(\xF2\x8FW\xAC\xF5\xEB\xDE\xDD\xDEX!\xDE]?s\xC0&yh7v\xA1\xB9ן\x98\x89\xE1<\xC4$�\xBDA͟B\x8C\xED8\xBB\xA9\xD2\xCD%\xFDD\xFB\xDDI\xC3%�\xAE\xA2x�\x81!E\xD0:\xB8 \xE7B\xABeVc^*�m�\xD4O\xFEB\xC1s
-:\xF2\xB5��\x88V\x9E\xCD<�\x8Afs=�Q\x8B\x95]\xD28m\xCA~)\x84҅\xDF<\xF2Y\xA7��\xF3�\x91\x98
-\x84\xED\x80\xCEї�\xF0\x80\&.M��\xFD\x98\xD8ݻ\xF4ڦ\x84鼥&l\xD5,�,8պ\xA3Qr\x85\x99\xAA&\xBC\x9C\xDE3\xF4'6Z\xDDm\xBF\xC4\xF7o\x9A\xFD\x97>t\xDA{\xBA*\xB6]\xAFd�h\x95\xDE
-P\xE2f�1|\xD4݇\xE7\xE5;\xDAd{$\x83\xD7F\xEAY̖Ѥ\xC1\xDAL\x9B\xBC.g�\x93J{\xC4!\xC6@\xFDM�1\xAC\xFB~k\xF7\xCB˪s'�1\xFA�\xE3\x91�\xBD\x8Dټb\x9D�\xD2Z��R\xE5M\x{5E16054F}j\x97Z;լN>\xC8S\xF7\xD5$ں/\x94O\xEF~|E\xD01\x86\xB1� f\xF1i\xE5\xB7tK\xC8k\xE2%U\xD3\xE2,\x93\xE4@\xC6re\xDD\xE1$\x84H\xAD\x91\xE7\x84�+m\xE4Oʦ\xEAm\xC10\xB80W
-I\xF4L\xDB\xD0�븫\x99\xDC\xD40\xA4\xF7\xD5\xEDE(\x9F\xB5\xB6\xA8\xEC,:wQ\xD8龼\xBF]\xDA�D\xA8�\xD43��\xCEz\xB2�\x9C�֯\xE6Q\xE6\ \xC43\xBA$o|\xD4 �\xF3x\xA3C�\xBE\xB5\x9E\xE3\xC0�~\xF8�(~\xCD��\xFB"\x8E\x9DT\x9D\xB1z�_\xD8�ӀDvH�\xD4q�S\xEB'\xC7\xC2s\xFB{�\xB4b\x82y\xA9\xC6�K\xE1\x97\xFB\xB8\xFF
-\x9D\x8C\xA1\x8Eb\x9D\xA4I\xF7\xFBz\xA2��\xE8\x904\xF1 ?�\xA7\xFB� \xEC\xC8Y:�:\x9E\x81>\xDBJ\xF38ss�y\xD7\xE1\xF9\xF3�\x86\xEE}O
-n6\xC0,f\x84\x84\xE5\xA7�{�\x80\xF2\x97�'\x84\xB7\xC3Q\xDB\xF1\xC7 \xA4\xF6\x92\x85\xEDq\x99o9\xF3\xFB\xAA"AÈš\x8A\xE6\xCBN%~A�\x97\xBD\xB2\xB5'\xC1�\xBBE\xE5D?�9\xF5�e{\x8A\x8F\x96\xF9nP\xF4s;Ð<d\xA8L6\xD2\xCB\xF68 \xD0u\xF6a\xA7\xFC�N\xEF\xF9Ö³\xA8�\xE2\xE5W9�\xFE�D\xB46QP\xAA\x9FFl\xA9.R )W\xF2\xC7:\xF9�\xF8\xFCx\xBAki\x8D\xCE\xE0 RH'|�\xADgpf\xADm\xD3-\xF1\xA20L\xB2�u\xC2�\xE7Q\xB0\x92%W\xA45\xE2\x82 \xDF\xFC�\x87\xC6L$|\xFEIm\xA9FB[�\xA2\xB5h��!}BW{\xD1\xEC`]\x91YÓŸ\xDBݺ\x968\xA2R\x8F
-\xD7\xC5>z\xD9�/=ܛm\xA0an\xAC3m W΅\xAAKd;�8\xB1\xB9\x8E\x93�~\xDB\xD6z\xE5XkN\xEB\xFE5\xA0,\xB1u\xAB\xB0<F\x82\x83�\xC0\xD3\xF0\xEDGqOZ\x9D\xF9\xB2\xD9\xD8c9\x95x�rL\xBFd'˫\xC1v\xBB;\xBBn�}C|\xD7`-ՇU\\xEF�\xF1\x8A\xC6L�\xFF\xEC�H\xED\x8Fb\x{130C83}\x8B\xA2c\xB6\xA6\xB8���xs\xF1i�\xABGB72\xFB\xBC\xE2W`c컦\xE9\xC7p\xA4\x98RMƅ��\xB4�4)\xE4TI\x8Fr\xFB\x9Fcȑ\xA2\xA6]\xE7|QG�\xAE\xAB\xAB{�y-C��\xF8M\xF3z\xE3\xB1�(\x99ho'>Ğ\x93
-,'8Ь�\x9B\xE1\xB5\xDFa\xC0��\x90\xA4\xD2]\x88c\xB7�_e�\x96K\xA4\xD3dS~z\x9D\x98�\xC0l2 S\xF9\xB4\xA9\xEB\xD3 4\x95nThS�(\xB2l�o\x9F\xAE\xB4fSYS\xC0:\xA2{�e\x84\xA9\x96l�\xC7\xE2\xA1\xE9�\xCD�\xFD\x88\xEE��\xF5�\x86\x9E\x96\x87<H\xBFs\xBA\xF1\xBDUÙ§:\xF8\xB0�\xBE"\xA5q~I \xCCM�\xB1\xBE\xBB-�\xA7\xE2B2\xB3clJ[/ Ü¥SN|<Thk\xA9?\xE1DÍ)\xC2\xD3}\x99+\x84|(\x93e�]\xDF<\xF1��0iu�+\xD6�%nϳU\xCE�z\xFF\xE3\x9DS\x89#yă]we\xC2d\xEAk <\xF7\xEC�\xF6�\x9B_\xF2\xBF\xF1Z:
-U\xA2\x96\x8F\xE1\x82�\xA6yf\xDDN݇\x8ET:\xD3��@\x83\xF8Y\x9A\x87\x97�{ݟ\x97�\xDAB�\xE8\xD9~\xB3Mc
-Z\xAD:\x95\xBEL\xE7l\xE7DUr"�\xB42U\xFA\x85癉{J\xD6�vE\xE3\xD6\xE3\xA6�\xC7\xF5 \xFBD\xC3D\x84��\x85\xD4O\x8A9\xC4\xCEX\\xE7.\x96�\x8F6��ݎ\xF4\xFE\xDD
-\xE4\xFCR8\xB9\x92\xF0\xBDc�
-\xF4\xF5\xB8\xA5)\x953\xD8\xDF{�\x95\xC8\xF1\xAAwϷ\xBC\x83�\x91\xCF\xFE\xBB\xF5\x92�\xD1zϓ
-�\xACe\x86?ӳ:�\x9B\x8A�\xE3\xEDr �s \xE8\xD3\xE1\xE6-�\xBA\xAB\xB9\xBE\x900ӧ\xB1\xD9�\xD9�a^\xCA\xE4\x84\xF2\x887\xDCU\xB7FC\xF2�\xF0b\x8Aj �}ﻺd.\x90\xB7#B�Wh\x{13C70A}Y�\xC5et\xE4PӜ\xAE\xE7\xED�#+\xA5\x97C\x99\xD3%\xBA\xD26&\x89 Cn\xB0\xD1|;)o\xF2\xD5o�vf*#J\x87\x8E\xC3'\xB4f\x84D\x89�H\xD6d?\xA2P\xB5Ub�\xEA9&\xF3\xA0\xAA\xFCJ\xCE)\x8C6\x8Fk\xF96\x90jħء�"\x92d\x9EmC\x96(#\xA9�\x99$c\x8A\x93ecP\xB5\xAB\x97\xA2}c0\x89\xF5\xD5$\xCE\xCFuje��F\xB6\x8A\xE4�\\xDB\xCF�\x97\xF9\xC2c\xD7*\xFD
-\xFD\xEE\xEB\xA3\xF4S\xAD�G$7ZB\x8B\x95 \xB7\xB5\x9D\xA7ç´’%\xEB\xEAD\x8A!\xA6\xA4+\x8E�\xA8P^\xE0'\xA0\xE0
-^+\xEA\xC3P[F\xF1\xADKr\xF9\xD4\xD1\xF4\xD5p\x82�\xAA\xE0/�\x97\xC0\xCBt\x9DH��0N\xF2\xEB\xF9\xAF\xF2\xF1m\x8B\x94si\xD0\xFCLcie:\xAE\x94^\xAF �\xE1S;\x8FS\xF5/\xF4\xAAљ
-\xD6\xFBJ!x�;\xEFR\xDB\xCD.ɫ\x99\x8C\x94\xA9$CBu%\x92`\x92�X\x8D\xA5DŽ\xBEhv\xFC<L\xB5\xC1i\xB5b\xCAI\xEF1\xE3\xECC\xA0\xA4\xE9Dely\x91r\xF7y\x8B�F\xB9k�`\xCAU]\xAET\xDC�}#\xA7\xDAn%<D\xF4\xD0?<N\x94�\xFD\xA3�}\x9C+\x82�\xFE\xF5 \x91\xF3\xF7\xB0\xBB\xFBG\xE8\xEB\xB4K\xAAp\xAEFe\xAD\xFEF\xB1R[�\xA6\xFE#�C\xB7t\xA0\xB4�A<\xB7\x83\xB4\xA2 =3\xCB\xEF\x97^�h\xA3�\xE1%C-Y*�\xBD\xF4"\xD1ޥ\xB1\xFA\xA2\xF2;\xE3\x88\xC0\xC9vX�9\xCD\xD8\xD6!\xBF\xDC$\x9E헽qb՚9y3\x887\x9D\xB1s0\x94\xC8iH&zq\xDC?\xB7\xEF)\xF2\x8A�\xDB��X\xA7y\xF7\xE1\x9C5\x87\xE6\x8B?\xCCD@\xFCw\x8BCG\xBF\xE6@\x85\x80?\xA5\xF2\xEB\xD5\xD4�T\xBE-
-\xBA
-\x8A\xBB\xB8\xAC�_T+\xC9\xF9\xC8H)=\xE5V\x84��\xF1bc�g\x84\xB6&Ä\x93\x9C
-7H\xDE�\xA2\x85_B4Y\xD5)\xBF\xE2\xB7\xF4\xAD:�\xAA\xDF\xF6\xC86\x944\xF8\xD0-\x98\xBFv\xD5UvMGk?\x8F0v\xEF\xA6F4ї\x82\xC3r�L��\xF3\xCDw�\xA6\xA4�&\x98h\x83\xAA\xD8�R\xB2X"
-NÞPe&YLʱ\xD6Ǽ\xF0\x88#I\xB8Y\x9E�U\xA2\xBA\x8ApHz3\x8F\'�\xC7\xEAZ:\x87\xF2d~QF\x85vy\xB0�*\xF6\xDF\xFF�0\xE5R\x88\xB8\xE4M \xA5Ôµ\xA8v6�\xC1\xAD\xDEB\xFD\x85\xE6\xAA�Bmp9\x8F%u\xB1\xCFn\x8A<yc&\xE4@\xB3\xD7\xDEu\x90\x9F\xAC%%\xD0\xF1\xF6\x97'\xFE\xFD S\x94\xC5b\xC4\xC9м\x84p�\xB4`\xC1D夘\xE6\xD5x\xF7Â^\xC3;\x84\x82\xE9\xAD}\xAF\x91\x98>\xB8\xEDW\x8F*\x8B\x8D]M\xBD.\xB9$�'戄M\x8D\x85y\xB8"�X\x98\x9D\xDB�\xE8\xF9(0\xAAu\xB6v�\x98\xEB\xF91{\xA6/\x9B[
-Wղ󜯷\xE59\xFE&�\xB6\xCCiS�>\xF7O\\xD4\xF7\x9D\xB6M\x85Q}f\xFCFJ\xE5
-\x84\xF7\xE1Å¢pu\x9D\xD1�5�)�;B&�\xE7\xEB\xCET\xBC�\x8D�5\xB0\xF1\xC8i\xFE\xB1\x8Fnе`[/qs\xD9\xD1q\xB5\x90\xDFt\xB6x�\xAA\xC0\x90€�\xCA��\xA6�y\xB9\xD2ÚšI\xA7.צ\xF32\xA0\xEE�\x904\xA6ì°\xB8á¼µ\x9Elߟ�e\xBC|\xEBt�\xDD07l[oÙ·Q\xE5È¡\x90\xF3\xE3\xC5k\xA4k�\xB8\xCCf\xFDvU\xEE]h$]\xA6Y5\\x9C\xBEiNBy\x9B\x85v\xCA G�\xB2\x85�t\xE6I\xB9\xAD:\xA1\xCA)j\xA7�7\xBDͬ\xD8\xCB2\xF1'\x8B\xD0\xCF�\x8D%\x8AxO\xC3\xEC4\xEF\xD3\xF0\xDC!ÍŽ\x82d\xF7l\xAC\xD1\xE2&\xDC\xCE\xCCN��\xD0
-CT$\xCE,?o\xAAr\x95\xC0\xA8\x9Bo�\x9A0\xBEN\x87\xF8^�\xE1\x8C)~\xF9\x80\xF2'S\xB2\x88\ѯ\xFA\xDE\j\x97`�\xDA\xF5E\xFA1\xB7l\xF1Kp?J\xC6�ȟ\x9B\xC8:\xAF\xCA\xF6�t\xE!
3W\xCD�l\xF6B\xCD\xDFň.䋈OÕ¢�5\x89Ä«\xA5\xBA5̲\xF9\xC1�L4r\xB7\xFD\xC1ÔŠ\xDFL �l\x83\x93T\xB8\xEF1w\xF9FW\xC3\xC5(\xA4\xFB�\xD7p�c\xF6\xA7X\xE8\xBEp,\xCC\xD8G \xADJ\xC1�\xD0f\xFB\xDCUM\xA99�\x9B\xEE�tz\xCCC#4Ýy?\xE0|\xFF\xF6\xF9\x8B\xA8S\xA7\x91\xA4a\x98\x8E\xE5\xCA u1J\x86�Kr\xFC\x90\x81\xD2
-�k\x9D\x8B+\x98\xEA\x86>\x9D\xA9\xE2Ô²\xF9d1B�\xE1\xEA\xF7�\xFB\xEEu\xE1x\xB9\xB7\xA0�O\xC0\xC0\xC5\xFB_<N\x99\x8E\xEE\xBEA\x90\xAF\xAE5$\xA2!\xF65G\xA0A \xD6�97m:\x9DR=\xD7*9vG\xD6~\xBE�U� ��ó·&]/>\xB2\xC1s\xDA=\xACM\xA6\xA4�\xEE�~\x93!GÈš\xF6\xA3W\xF2.�[\x80\xE0I\xA3�\xF6�\xB7\xD6Þ¼\xF8rÈŒ\xA4\xB3`���{\xF9\xAE\xA6\xE3Ù:c\x9F7\x93\x8A\xB9\xAE\xFBca\x80\x84(\xFF�\xF9U\xAA|sa\xD5\xC1Mf�\x9A_\xA7>\xF4X\xB1Û®G\x98�\xAF\xBF"\xF98\xBD;\xB2\xDCVl�\xAA\xF5�\xA7x\xAF\xD5\xDDQ\xFB(o\x95\xA4�F\x82\xF5&{\xBEعÑ\xA1ed\xA8_\xF6|\xC3\xD5\xE5\xB2\xFA\x8A�:\xE8\xE6�\xAF�$\x89oÜ›Ø�\xCB\xD8�b\\xF5\xF1×…\xF3#��\xAF\x89\x9A\xF9�l",5Ô7\xA6\xBE)\xD3p8\xE0\x85"\xF8\xA7R_H\xF8\xD1\\xCCA�\xDBs\xFC\xAE\xF5dͧV\xFA\xD14�RE3\x92�\xC9\xDB\xE5\xC2o�YËŽm�ÇŽg4f \xFDQzOuiP2\xD4\xE9\xF8�z\xDF�.\xAFP}l�+O\xA2ͱ\xDE\xEAz\xCF\xE0��\xDF�)\xCD�\xD0�4�M\xCA\xE1\x8D{\xA7;t\x9Er\x8E*\xEC\x8Dc\xA4\xF5\xE1\x91 \x94\x9C\xB4i��\xEB~z8*^\xA1\xBB\xDC\xC7\xEA6�\xE4w \xC0\x93Æ\xE8\xD8�\x9Dp\xA3\xBB\xC4\xF7\xF0��}\xDFHh?VSf\xCA\xFFr\xBFT\x9C�\xEAdD"\xE9\xF5�4��C}S\xD0v\xDC劫\xF8\xD146\xACU@�\xD0\xDDV\xABã\xD9G\x89Õ¼\xBD�Û‚�\xBFܯǡ\xFB\xB2\x83\xCFW\xF0\xD1�G\x99�\xD9\xF8fÙ”\xE3�\xFE+\xFF\x95\xE3\x8FE\xE0�\x8B\x97_\xF0\x82\xD5[\xAFU\xB5\\xB0N!w\xED \x93W\x97\xDEU45\xC7O\x97\x82\xCDʽ\2l\x8B\x97\x9B\xA0~_I\xCE\xF0\xDD\xF4/\x99\xB2�:\xF3\xD4q\xA4\x8C}B\xE8\x9EA�s/uX\xBA�\xD6U'}(\x9EW\xA7\xAA\xC6g\x93V=\x95\xE9N\xFCR�'_D\x96\xBC��\xC1Æ’I\xF1\x84��xd\\x9F\xB7\x91u\xB6}\xBE&\xFE1Ò¶���\x9Co>\xC9�\x8C/Æ¿\xE6o\xE5\xC3B;\xE3l�\x9F�\xBEB厀�\xA7��\xB1/\xFB\xAC�\x9F\xC1\xDFM��\xBA\xEF]6(\xDE�Ý’kec=\x90\xE51R\xCC�\xBA�aQÜ‹z\x93\xF2\x9CG}\xA6\x89\xFEF\x89N\x85Ó¿\x9C�It\xD0�\x99\xFE\xF6\x96
-N\xAE\xBB%�\xB7\xDEކ\xE8\xC0}H]\xA3\xD5L\xC5\xE0|\xE7ax|�TzSȚc\xC6õd֢P\x97\xB3\x!
C3w\x8B\xD29\xAC\xC8\xCDq\x9A�\xABDdH\xF8$ǯ?\xBB\x80,\x9C/\xDE\xCD\xCF\xDF\xCF~Ü¥\xF5�bo\xFA\xF6\xBA2\xF2M\xC0\xA3 \xCD\xED\xAE*\x85^ѵ\x88<onE\x9ET\x87c��\x9C\x96\xE9\x94p\xC1\xC9\xFCK�\xC6×-\x8F�k\x95\xC8;�bK\xADÚ†\xAB\x90w�\xA8�>W\x94\xAB\xBDq4P\xAE1\x91|\xA9<74�\x8B\xAD\xB8\xDBÞª\xFFmÚ›DL\x94\xB9\xEC\xCCs$^N\xE4\xDD�R�\x8E\x99\xC1U�=1\x9A\xFC\xC1K`�\x80�\xBF\xBE\xC8xÓ¡\xE5H\x9B\xA0V\xD8\xF3\xB36�+q\xA7h�\x930\xDD\xD7-_\xA2H\xFB'\xE6\xDF�{\xDC\xF6\xB7�\xE0\xA1\xDE�\x97��Ñ¡G\xF5L:Ɖ\xD6z;#l�\x8E7Y\x81*O\xB9\xCD7
-�\xA34+ at b\xC2_�`�\xB1:\xDE\xEF\xAF�d\xDE�\xCE8/\x8F\xEB\x86xcJ�\x9C\x86I\x99\x9E\xEB\xB5v\xB0\xB6\x89!\xDEO\x90\xF0\x88V\xF1\xFAajB\xB3\xD0\xF7r\x82&\xF3�F\xA6\xEC\xF40I\xEE3\xEB/6\xB0\xF7\xA5\xF1,y�0�&�\xB9>jxS\xF1\xFA�_7\xFAX\xEA\xE1\xF5\xF3\xE4~\x84\xC1\xC2D\xA7\xB0Bs\xEBN\xA2�\xB7�p4
-\xF1z\xE3\xF6Re\xA9\x8A�\xC8�Χ�\x8DD7\x9D\xE1�G\xF7�\x88!\xA9K\xB2��b�\x82\xDA}�R\x8C\x8A\xEA|v\xA8]\xA3\xBFH\x9AR\xBF�z\xAB]\xE5jdm\xCE�N|\xEF\xCC$ \x8E>\xB8\xAC�\xEA\x9A&Q4\xD1V�%_\xF8v0:\xD0\xC0\xE4\xD0\xCE>�\xB9\xA45\xC7\xE0\x93\x8C\x8C}\x9FU;\x99 \xEC\x8Ec9\x94_=\x8F\xBE1\xF5\x8CW\x8Eᩃ\xA5\x99\xA1��\x9B\x8A\x8F\x9DJ\x9F\xDA\xE8\xCD\xDA�\xA0\xC6\xFC\xE6w@\xFC\xF8�\x9A'\xFE\x96\xBA#F\xF1�\x949�'$\xDB
-IÙ€dr\xCD\xDD�\x89a\xE1u�Y\x86M\xA1tsj&Kz\xA7XU\x80]\xFC\x87\xF5\xEA4\xA8\xD8�\xFB\xE0&\x84\xDB\xE0\xF8\xB8u>J",\xDA\xC8B�\x85\xF7U\xBB\x95n\xE6;$l\x84\x98\x8A'\xC3xh\x8B\x8E^#A nG�bn\x97ZEq�V�d\xB4\xC9/\x9A\xE2⬂\xE7\xF8^S܉ÙU\x91D�\xA0\xFF\x8C\xD7�ÛŸH\xCF\xE5kr3\xF3�\xA9\xBC\xD3 \xF7Õ\xE9\xF7\xE37\xA0\xF8m�-\xAAu\xC1\x9C/Ò—\x9De\xE9j\xA7dJE\xFA�\xDBh\xBC\x94\x811-\xA1\xE6e
-v�i\xB4׮خ(O\xC1ή<'\xF0&\xF6\xE7\xB6\xC5\xFD\xB7\xDF\xE3\xBE4c\xE2\xA4\xE9\xAF\xE8\x8DD;\x88�\xD2$#\xB6\xEFC\xFC^\xB8(\xF7\xB4\xC0{KŚ\xB7��JPw1\xAE;\x82744ڷ\xCE7F\x8C�\xE6\xEA\xD2\xD4\xE1\xF0\xEA\xC8$\x9AWF\xD5�\xEF\xE6�\x84\xC4X\xE2\x8F�\xD7\xE12x\xCFי\xB2\xB0.\xDAY\xD8q\xF8\xA02?\xC7���C�\xA9K%>�\xA0�\xA1�\x97:\x80K\xC4��\xF2�ϛ\×\x8CI6\xEC\xFAex\x93s/\xB0\xB1}zs\xDC�n\x91\xB8%=\xD0i\x96\x91\x90\xF0:[\xEB\xB7�^aQ\x94\x8Ad0\xA1D1\x9A\xD8L\x8DA\x80L\xC3\xE4q\x93�\xBEq\xF6\xBB\xDA��\xFEn�\x88�\x84ZIDd\x94\xA8\xF9�\x86\xE8\xAA�1\x8DRXHVt\xE0�\x984\xE3�k\xD0\xFB
-\x91\xFA\xB4\xF7\xC5Q\xDF\xC9\xCCK\xE8\xAC(FO\xAA\xFC\x98�#P#\xCE�BǛ\x8CU"\xCB\xEC\xEB\xBCD>\xEAE\x9B\xEB\xFE\x9A\xCE"A\xAD\x92gA\x88\xCF\xCDy:\x96��\xCB\xDA�\xEA^\xD4Mdm&rS��\xEE�\xC0oda.��\x94\xED)\xBD�&\x9E\x98Q�6�`\xAC0\xCF\xF4L\xD0\xEE\xC0Z\xBA \x9Bv�d\xE3�\xC2Zȋ\xE4%1\xFC\xE5-�cҹ\x9E\xE2\xF7=S\xC94B*ǑL\xE4\x9D/\x8E\xFD\xA4\xDFwʪ\xED\xFA5J\x9B\xFA\x8A\x9B\xDD\xF1��J\xA3\xA4�\x8E.\xD6G\xEEn�vr^\xE4\xBE3\xEF`U\xBA�\xBA\x9E�\xB5@�\x856\x9D.̔$4}\xDF\xC2ba7\xCCۙ\xC6\xE0\xAC4
-\x9E%\xF3\xF77\xDE\xE3,�\xCE[\xD2\xFC\xEB$'�<t0\xB6䑈\x8C\x8A\xD7BNu\xED\xE9D&�qg\xB5\xAF9�X\xFB\xF7\xF7ÖŒE\xACl&\xAB\xF9\xDBL_S\xF2\x8Cƃ./\xFDJ=�\x89\xC5~\xEA\xF3�5\xC9\xE1}|�;s~\xE0Ôš\x86\xAD\xF3\xD3\xD1]�+V\xD4B�|~\x86\xF3ZT\xBB\xE6\xE7q4\x8A�\xD6\xD8"\xFBeÖ¤s'm\xBC\xD9`룿\xF5\xC5P�h7�\x8D\xBE Y\x91>!H\xAB\x93�o\xE0~d�\x99\xF8\xF3�\xF3i\xC1M\x86*\xE60\x87\xC4/\xF6R\x8F\xBCM\\x94�\xD4\xD6:�\x9A^�_\x95\xBF\xE1S\x87\x9D[~\xE8\x9E\xDAX\xF2�/P\xFBq�\xFA×U\xAD;\x93_UW\xC6,\xD98*ݬ\xB1\xBC\x96�C\xB7\xA7\xB7\xF4\xDDQ�\x9D�j�\xB8\xF8\xA2\xF2\xB0�|\x9A\x9C�\x81\xF9a\xA3dH\xD64�\xE3}�
-\xC48\xFC.)>�³"\xE4\x8C\xE3\xC7\xEB]\xB0\xA4\xBA܈\xC1�\x9C�,:x3\xADR�\xD1\xF9{J]J\xAC\xE5\xF4M\xD0\xD6m7�
-\\xA7mG\x8B\x8CD�O\xAC\xE4I<3\x8C\xFA\xF3\xA7\xB4�\xB0_\xAB6\xCF<k\x85T\xDE+"t\xAA�.\xBC\xEFy\xC8a\xB4�\x85\x9E�\x92\x8E\xE2\xEF*\x85\xE6|)!\xAEM2he\xF9\xDC\xD2\xE2\xA2�Hx\xFE\xEB\xFDs8\xDE8�(\xFF\xEAf\xD6]zvf\x93�\x8C4\x85L\xEB\xE1\xE7\xB6;q \xBF%�91�\xE8�%m\xE03L\xE3\xA0\xEE\xF3\xBC\xF0\xBC\xB8X\xEF~f\xAD\xAC⼜&\xA6b\xF1f\x8F\xF4\xB4[\xFC\xD9Z\xBE0B8\x85.H\xEA|\x98x-k\xC4\xD2\xE2\xDEڟns�{(Ҁ\xBE\xCA�i\xDFp\xC2~ \x8C#\x8B
-R`\xAB\xE5\xBEV\xAExÙ0*\xA1{\xF2e\xF1 \xC15\xAEa\xB1\xDF*[\x87\xE0\xF13\xFBo\xBB(�\xB4\x96\xB0\xF9J1NÙ‰ \xD3 o�@\xF9\xAA\xE0\x8C[\xE4\xE3X\x92\\x94�\xC0\xDDW\xBA\xA6\xD1\xD7rj\xB8\xD2Bo\xF6\xE2f\xF2g�\xB6\x8F�ËŽ\xA7\xDDÞ»'\xFB\xEA\xBAn\x90\xB3h\xCDw\x87W\xD76>y~놗�\xC6�\x94\xA7\xFC\x8E\xD3\xFAÝ—HRN\x95\xFA\xDB\xEB�{\x82k}RL�\xFEo\x86t'\x89\xA8\xB6\xDFg\xCE~\xC1\xBC\xD9�\x84\xA89\xA5�a\xE7\xC8^\xC1ñ´Ÿ¿
-\x9E\xD8=\xE51\x9E\xE2X�\x99e\xEF\xC9ǩ\xD5\xE4\xA4<�\\xBD�\xDA'N\x954\xAD4E\xEDe�6)\xDD(\xEE8p\xF9�\xDF{\xBD\xD9�\xCFI8*�\xEF\xA1\xDD2\x9FK\xDA>\xA3<\xF4 \xF9\x92iV�\xAA\xF8\xD9�f \xFD9\xF7\x93T\xE2j\xA4\xA5]\x86\xF4B\xF8\xD3\xF5�\xF6a"un\xE1Qa\xDD,\xABv\x94��F\xDD\xD1\xFB�\xC3��)�'ѣ�\xBB\xE6[\xA4$\xEB\xEAj\x80\xDEFu١>d\xF2\x96M\xD7�~�\x9F\xF5\xBDB\x9C\x96\x99k\xBD\xAE\xE8M\x83G\xB5
-\x89\xC3G\x8F\x940\xB5\xE9�\xE9\xD8ЀBBV\x85�BZ_\xC2\xEB�/�m9�L\xFA\x82\xDFk\x88Ï–\x9C2}�\xC2)�:\xAA2}2jUd^=\xE8\xCE��\xA8oDÒœ6�\x9A_\x9B\xCAX\xD2\xDE\xDC\xEA\xDA\xD0\xD3�x\x9D\xA2\x9A\xCCn�M\xA2\xC1+\xAA[\xCD\xE4\x8E\xEE$�9J\x9C\xA0)o\xA5\xC7H�\xF7\x93�q\\xA3�\xB3\x9C\x87_\x9E\xDD\xDBg \x94M(\xBD\xBD\xBE\xCD\xDCJj\xF4\x88'\xD4á˜X\xE2\xB4zAK3\x81í—®7;\xBB\xF7�\x83\xF8-yf\xD7�\xF3m\xFC\xEC9\xC3Ë–q\xFC\xF2~\xA5\xAF�\x85\\xB8\xEB\xE7\�\xB3\xFAAm~\xCDr\xFC�
-,^?y\x8E\xC1I\xD7Ï\xFA\\xB3\xEC'\xB4A\x9BC4\xEEs_\xE7j%R\xE2�\x84*\xDF�\xE3\xA3�3\xEB\xFA\xB5|\x94\xB2\x8C$\xDFÔ•\xA69y\xF3�Y\xBD7-\xE1B\x94[\x97^\xE7\xCEv5u$\xAEM\x9E\xDA��E\xA2\x88\xE2rBv�\x8Ct2�j�LAr\xF4v�C\xD2\xECz�A\x9FO�N\xBF_\xE4\x87t\xA9�Ï°Ò‹\x9A\xE2=\xCA\xED\xB5"ËŸ\xDE\xDC\xEE\xE1r\x96\xFD%*<#\xF6\xA1�'!\xE9J�\x9DY^Gj\x8E\xDE`\xA2�!\x92+\x94\xB8yx,\xE5\x84\xE8�\xF21\xFD=,\xF6 at P\xED\x80*\x8D\xFE\xC8\xDB \xBA\xDEw\xA9Z\xD6\xEA'�\x87bg\xDEvy\x90\x94\x9C\x8F\xA6�2�@\x9Aóš’„\xD1{\xD5B\x86\xB28/�\xC9�\xF1<l\xA7\xCE�\x9F\xB2$�\xAD$�\xDE?u\xB6\xB0\xF2bC\x84\xBD\xA5��\x92d\xAC\xDFz\x9E}\xBC\xB2\xDC\xFA"�b\xB9\xA1\xDC'�v\xEF\x9C�\xF5(wv\x9DX6G\xD4L\x81\x85
-\xD3L=M{*\xE4)q\xD2(�iI"\\xC4�uS\xFD��6[\xFE�\xCBը\xB1\xD3b\xA6�e\x88
-Uγ\xD4n\xBA\xC5\xC2\xD1B4:\xE8uD\xE9\x85$\x93dtev\xF60\xB8\xB8\xD1\xE9\xD5\xD1�g\xB6\xB3�\xBC\xA5NN2\xEE�\x83i at 6�\xB4\x9A<-\xD3tf\xF9\xB7@\xC8j\xE3\xAC\xCD�×\xB8>�Ïš/|YMV\xA9M\xF9\xAFTa"c�w,\\x86\x81\xEAÔ\xFE\xF5\xDE*�\x98\xF7\xDD~U\xA2Ò’\x8Er{�^\xFD��\xAD\xB7U\x99�\x94\xE36\xC4\xD5\xC9�\xA9\xDEE\5$\xA5fX\xB2A\x85�a\xED\xC1r\xB3>zg\xE9\xB9Ù¬u=\xF1\xA6\xD3=_\x88\xED\xD9H\xCF@\xDA\xE3\x81\xCB]�\xDD�\xBB\x9EmD�\xA9I\x9F<\xAC�æ—©J\xA6k���w\x98ã¤\xC7:\xBD�\x97\x9D��\x83�Ú•ÊŠ\xB5\x8E\xE8��8\xD5mT)-\x879Y\xA1\xBE:\xE4\x96\xC7!\xF8\x8Ck\xA3Yw\x9F=\xE2d|\xE6\xEAD��\xC7.\xB1h\xEC\xCD\xE4�4\xCEb�\xB9�\xD42:HH�3bu\xEC\x95f\xEFMwK\xB5\xAE\xF5-\xE3�Y^
-\xE92\xA3\xE4\xAA�.W\xC1P\xB8kS\xDEI!\xDCʨ\xD4
-#�\xE7t\xFBui\x98"\xC7\xEE\xBD\xDDSk\xB7\xD7\xE9S?�\x80�+x�\xFB)dQ��d\x91u\xE4+\xDB!f.D\xAC\xD6�\xBB.�\x9C\xA9�\x92u0\xF4U\x9D0\xE2\xB16$5\x8B\xA2�&&�\xE3\xE6Û±\xAFAÙfsD�\x8C)d���?\xD3ܧâ¢\xD2�\x8F\xE68LmGpÛŸx\xBA\xCB�6\xC7i\xC7(\xBE7\x8D<t\xA7\xEA\xF5\xB7\xF3R\xCF
-/$]n\xE4\xFB?J$\xD4\xDB\xDEm\xF6!\x92\x9F&\xF0\xB2P\x91c\xA7�e��\x93[v�$\x8F\xC2)+\xBBNN\xE7\xE9r\xD6u\xD3_\xAE\x85\xCD at +\xB2H\xB6_\xF7\xF7\xBBRf\x9D\x9Eh\xE3s\x93^Bj\x98wr\x88\x80[�\x87\x96\xED�\xAA%�\xF1u\x834ܻF쫡l\xF1,\xD6�\xB1JL\xB9\xEC\xA6\xC72�\xE1�\xC2ͨ�\x8C\xF1}��W\x9F$�\xEE'`4\x8D7�\x87vP]\xE0\xB6�\xC1p�\xEC�\xED\xB0i\xF4]\x880W\x9D {�F�\xCEK\xA5\xA0\xB2\xB1Ew
-
-\xFBV\xEB`\xD7\xFCb\x9C\x9B�塘\xDF}\xE3\xD8\xC4m\x97$\xEE�ӂe\xF3xv񰷷\x95\xA3$tR\xBD\xCCƖٔ\x8B\xF0�\xB8>\xC6"�\xB1k\xBFO,3_wK�r\x90 \xDFF\xDB\xD5
-�El\x8BR\x9F�KR\xC1\x97&\xF9$JS\xFC4\x9F\x96F\x85\xD7\xC1\x8F\x99Ù®8\xB7`��\xF0L�\xEF\xC0\xE5�"i\x9D\xBDihD\xC8G��4�\xBCK\xBB\xD9T2\xFE�\x90D\xA7�\x8C\xAD\xA9\x9E}s<\xB5\xC7Hz\xCA<W\xD3\xE8\xC3\xD6�\x90\xD6f\xBCT\xE3I\xBD\xD4q\xDFrP\xB5STn\\x9D\xB4�\x8E?3 p�\xA1\xE0NØ\xFEd\xC0\xA1=\x8E\xB3-7J>��4\xDA[P\x9Ayj\xAD\xC8�|\xFD\xB9\xF1\xF6\xE0x\xCA;/8{!\xA3\x85gÇœ\xB3"\xD0�\xF3Ø‚\xF6W6\x8F\xA6\xB9\xC0\xDEJ�b%\xB0`�\x88&\xBBx`w{A�\xAF\x9Alv\x8C\x8B\x82RR\xED\x96[�\xDB`U)(\x97A1ܹ\x97\x93war\xE64�\xEB\xC0\xD9`Vm\xA7\xB2\xFD\xBE9\xA7\xAC\xFC\x96\xE9å¢�I\x97�\xC6fU}s�)O5<\x8E�\xA1\xEC
-\x8A\x96Õ¦Is�É|\x8F\xB3�\xB1j\xE3�\xB8y\xAA7\x9F\x9C7\x89a�\xB2CT�x\xBB+ß¹�\xD3\xC0UF\\xF7
-/qZ\x83(\xEF\xBFUbfG\}\xC2)\xB6\x9Djo
-iR\x9F*"\xDF�\x91\xD6_�Hþ\xAC2X\xB3ED��\xB5F\xDEo[]\xF9\xBC\xA0�\xE6P.\xD7\xC0C\xB3�JOQ1pßŠ× �?NU3\x{18EEBF}N\x87JH�\xD3N\xBB\x9B\xBAVk4rDQ\xAC\xE1\xD7�\x9BGO\x96\xCBO\x9C�r\x9DJ\xF2\xEDp�@rw;tzjg\xF9Z\xB6 \xD4�l\xE0�/^e\x9CY{\xE8\xA7F\xA4\x87\xC4�\xE5�\xEC}\xBB\xAA\xDFØ“�\xE4VEP\xBB\xE3\xCA�\x84\x82i"\xFB\x82o6�%\x87\x95\x8B\x9D\xFD\x9A\xFD�\xA1\xCC-\x94fÛ¹\xF2\x9CiekA�\xF68UË“ç–¯69\xEF\xBF\xCB'A\xDA\xF8g\xBF.:\xBB\x9C�\xC8n\xE9\xF1b
-\xAC\x9C6\xA5\xE17…�\xC7*W��\xC5�DA\x91\xA0
-djj��\x9D���n�{3=˜�\xB3nt\x9C.a\xB0\xC0xD\xFAKw1 HP�\xC5\xDAI\xA7w\xF2;\xE1\x8A�S�$-\xEDG\xB2$\xF1\xFE\xC0\xED%\x9DRѵ\xEC\xDC\xE4i \xD1:"\\xA4H\xC3�b�o`��\xABLD Y\xE0\xC87\xF3\x9D\xB0\xC5�\xF5\xB9�\x94\xE1qh\x87\xC0R)\xAER�\x84h\xF2\x81\xEB\xEE\xAD�-\xF6\x9E�\x8A\xE2\xC5\xD7,{\xA3"�,\xA4\xFE\xF4\xF6\x95\xD9ގq\xE9\xE4C\x9C\xDB�ޥaG\x9ELB\xFE\x8F\xAB+\xE4<\xB6Ź\x90\x87\xBBӡJB-ky -\xF3\xFAG\x81\xBE\xF2�\x95�\xA2H\xB2k�\x9F�\x94\\xD7zQ�XI\xDF~\xA8\xC9G<\x95\xC4\xFA\x9D:.*\xEF\xBD�q�\x8E\x8D\xE2s*LK\xFD#�\xA8\xBA�V\x9Bė^LE\x988xz'R\xD3=]\xBDC_R7C\xA3\xA6cՀ�\xAF\xBAte\xFC\xB3\x9B\xE3f\x82\xAF\xF3\xCBw\xC4\xDF4\xEB\xB8�>jȺ͓\xCDL\xF9\x9D\xE6{RO};\x9BH\xD6-�\xEE
-�\xBDT/>V�\x87\x99\xBBE\xBA�\xE3\xC1\xA6\x96\xD3j\xD0A�\xFA\xEE\xB2\xF0\xD9\xC8�\xAF��\xA0\x96Q^^\x8C\x8CMJ�\x9F�9ֹX �\x91\xBF
-?\xE2�f,\x9C\xFF4\x93\xE1\xC8E\x923i\x82\xE8;+�+ވۗp�\xB0t\x8F\x8Dl1/J\x8CBnbb\xDB \xC1ڥ\xAC�*<\xBDLc\xBF\xFCA\x82\xFA \xE9j\xF4�G\x85\xBB Q\xB2\xE3�[o\xCE\xFF\xE5\x83\xF1\xFF \xFE\x9F \xB0\xB0�\x83\x9CaP�\x90\xB3�\xC6 \xDAӀ�endstream
-endobj
-1321 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 35
-/LastChar 122
-/Widths 2745 0 R
-/BaseFont /OFGDIJ+NimbusMonL-BoldObli
-/FontDescriptor 1319 0 R
->> endobj
-1319 0 obj <<
-/Ascent 624
-/CapHeight 552
-/Descent -126
-/FontName /OFGDIJ+NimbusMonL-BoldObli
-/ItalicAngle -12
-/StemV 103
-/XHeight 439
-/FontBBox [-61 -278 840 871]
-/Flags 4
-/CharSet (/numbersign/hyphen/period/slash/A/C/D/I/P/R/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/r/s/t/u/v/w/x/y/z)
-/FontFile 1320 0 R
->> endobj
-2745 0 obj
-[600 0 0 0 0 0 0 0 0 0 600 600 600 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 600 0 600 600 0 0 0 0 600 0 0 0 0 0 0 600 0 600 0 0 0 0 0 0 0 0 0 0 0 0 0 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 ]
-endobj
-1312 0 obj <<
-/Length1 1630
-/Length2 10888
-/Length3 532
-/Length 11760
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDteT\\xEB\x96mpw\xF7\x82\xE0�\xDC\xDD\xDD-@\x80�
-(\
-www��4Xp��\xD7\xE0Np\xD7\xE0\xAEy\x9Cs\xBB\xFB\xF6\xB8\xAFu\xF7\xAF7^\x8D\xB1k\xECo͵撹\xF6GC\xA9\xA6\xC9"n\xEE`
-\x92q\xB0\x87\xB0\xB0\xB3\xB2 T\xC0v\xA6\xAE.\xCA�\xF6J,� KWUS[0\xE0
-\xE0F\xA6\xA1\x91t��!`�{) �$ \xD0�\x99�\xA4 at f �� ;???2
-@\xD2\xC1\xD1\xD3�li��\xD0kk\xE82011\xFF\xD3\xF2\x97�\xC0\xD4\xF3ߑ\xB7H�\xB0\xA5=\x80\xF6\xED\xC5
-d\xEB\xE0h�\xB2\x87\xBCQ\xFC\xB7�5A \xC4
-�\xB0 Û‚ \x92\xAAj�\xE5Ud�\xF4\xB2*\xDA Y\x90=\xC8�h�Ps}k\xC5�\xA0�6�Ù»\x80� ��\xCE \xDB� f�\xF6\xE6\xE0\xBFZsa}\xE3�w� �.\x8E 3\xF0[�\xC8\xC3�\xE4\xF8�\xC4�p�9Û]\\xDE\xDE�`�\x80\xA53\xD0�\xF26�\x88� lof\xEBj\xFEW�ov�\x87\xBF�rtvx\xF3\xB0{\xC3\xDE\xC8\xD4�\ .f\xCE`G�\xE0-\xAB\x9A\x94\xCC?\xEA\x84X�!\xE5v�\xBF\xC1 �\x8B7Os�3׿Z\xFA�{\xA3yC!@\xB0\xBD� �\xF2\x80\xFC\x95\xCB��0�\xBB8\xDA�=\xDFr\xBF\x919:\x83\xFF.\xC3\xD5�lo\xF9\xCF
-\x98�\xCE K\xA0\xB3\xB9-\xC8\xC5\xE5\x8D\xE6\x8D\xFB\xAF\xE9\xFC\xB3O\xC0\xEA�\xE8\xE8h\xEB\xF9w\xB4\xC3\xDF^\xFFQ��\xE2�\xB2\xB5`Ef\xE7x\xCBi�y\xCBm \xB6G\xFE\xF0ײ\xC8\xDB[8 \xD8\xD9\xFEa7wu\xFCw\xCC
-\xE4\xFC\xF7\x80\xE8\xFF\xDA�\x86\xB7"\x80\xE6�\xF6\xB6\x9E s\x90�\xF2���\xC8[J \xFDOe\xD6\xFF=\x91\xFF�$\xFE_�\xF8E\xDE\xFF\x99\xB8\xFF\xAA\xD1\xFA\x88\xFF\xA7\xDF\xF3\xBFR˸\xDAڪ \xED\xDE�\xE0�\x97�\xE0\xED\x96q (�\xFE\xBAgl\x81΀\xBF\xEE�'W\xD0\xFF��\xB4�\xDBz\xFE�\x81\xFF\xEA\xA8�\xFAG\xB1\xFF\xC6\xF7\xAF\xB0<�\xF86�q{\xCB7aX\xD89X\xD9\xFEa�\xBBȀ=@\xE6j`\x88\x99�\xC0�h\xFB6\xB3\xBF\xED\xDA\xF6\xE6 g[\xB0=\xE8Mۿ\xC7\xFA�\xC4\xC6\xF6/\x98\x96�\xD8\xCC\xC6\xFE/�\xB8\xFF�\x81\xEC\xCD\xFF\xB5\xFC7\xB9\xFE.\x{F6F9268E}.\xD3u\xC3\xFE\xED\xA9\xF6\xB6 �-OG�\xE0\xDF\xD2\xE8*;\x98\xFF\xC7\xE1/� ��\x807��;\x80\x85\x83\x93�\xC0\xCB\xCB�\xE0cg\xF7\xFD/2\xFEM\xC3\xFEϳ2�\xE2�\xF6 �\xB0\xB1\xB2\xB1\xB1�\xDE\xFE\xFF\xFD\xF9\xE7\xE9ӿ\xD0Hۛ9\x98\xFF\xB59\x9A�\xA0\xBD\xF9۲\xFD\x87\xE1/\xD8\xCC\xD5\xD9\xF9M㿿\xFF\xB7\xA6\xFF\xFD\xFC\xF7ڃ@� 3\xE4_\xF3�f\x82!\xD6�ٙ\x90o�y�\xA3R�=]\xEC0�\xA1\x8E\xA5\xF5ZE\x85�\xD5�\x9D\xFE���\xFC�&\xCF5\xA1\xAC
-\xE3�\xAF\xAD\x9EsG\x8E/;
-\x8C\xBBC]\xF8\xB6t\x9Di\xA0\xD3�R\xDF\xF7�݅X\xAB\xB4m\xBCL\xBBA�\x8CJ\xD12\x8Fuc\xBC\xCFf\x95\xD6a\xF5y\xD8tv7G\xD55\x8CJ\x9E\xE1\xC9\xC6\xDB8\x9D�\xCF\xEE��޻��\xE0R\xDF:\xA2\xFB\x99\xA5\xD7\xC5\xE3\xB5c6\xBC\xC3\xFE\xF6\xE5\xE8\x986\xF9\xE0oxp\xA0\xBF\xF3�\xAE{\x87\x84)7�\x89F\xD0
-�\x8D6:\xC0)\x97DT_\xBB\xC2;\x92i�\xBAv\x97"\xAE;)\x8F�\x88mq*\xF3\x90�\x82?�\x981\xFB5_\xDDN[\xEB\x92ǯ=\xD7\xE7\xB3"/LI\xEA�\x8D}\xC4�\xA3\x9B�k\xBC\xB6lB\xF1\xAB\xA8�\xAF\xBE-\x9A|oRk\xDC\xF3&[\xDE�&\xB1\xDD\xF1re\xE9\xF2�DQn�\xDF\xF4?\xAA[K�79\x8D\xD07/\xD9/\x96_!\xFDm\xDBџ� \xB7\xA5ʓ�\x9E�H�\xD5]\xC7y\xF7A\x8F8\xAD\\xBCٟ.\xB6h\xAC\xE6\xE8\xFA�\x86�\xF4\x93�\xAD�Bj\xA3\xAD\xD6\xE8\xAE{\x8E\xFAȣ\xF7\xA0�\xF6\xD6t=\xBF !\xE6\xA2Dږ\xB6bO\x84t8&\xF3\xEF\xFB\xB7\xF9#\xBF-\x90L.Ii\xA7\xBC\x8D\xB5\x8F\\x92\xEE\x9EhR\xBA\xAA\xAE
-x\xEFN \x8C�\xBCL\xD2�V\xB0μ0�\xC8'\xC8:\x94n]\xF3\x92\xA2�k+\xCFQb\xD9P2\xFF,\x88\xE8\x8D鼕8S\x93\x9A\xB7\xB3\xEC\xE2>mL\xC3�\xC2\xC7p]_1\x8C\x8D\x83�,\x8Eb�\x9A\xA8\xF0M\x9Bz\xC1\xED\#\xA8m-\x98$\xB2\xB6ӓS\x94\x814cW"\xD3?\xA3^\x97\xF2\x96aǢ;\xE1\xFB\xB1\xDDP<֋\x84�\xAC\xB2\xDD2\xB2&\x87\xF8\xD5�\xD2<�\xB3�A\x96d�\xE2\xF4\xDDޡ\x9F\xB6*\xD41\xF3\x97)\x91�\xBA\xB0\xC4\xDAn\xCF\xFD\xE5>�\xF0,\xFC\xF6Ua\x83\xEE\xF9\xC24�\xDCU/�\xCE�\xCF ��\xC5\xED\xBA\xCFCԽ!\xBCL0\xFB�Bk\xCE\xDD؟fRk�SGD:,\xFEaX\xA7�}\xEEK�+\x9Eɥ\xF7\xC6\xED\xCAa5\xF2�b=L\xA7A!\xF4.
-�;\xF5�\x93\xB9�\x9E\x9DEF\xEC\xCE`\xAD;[a\xDF9\�\xB2@\xA7\xE5�~\xCA3\xF9ű
-\xF3RI\xE1PE\x82�\xBB\x81PÊ•!\xBC�\xF6.l\xEDbl\xC3�!3\xA2\xB5\xDA\xF8\x9CÔªÊ\xEC=\xFD\xB0:\x905\xA2ħ"/p\xEF�g\xFA\xEE\xE9\xE3\xC4\xC37<\xDA_�\xC4�¤(L�F\x9D\x95\x9ER.\xD83\x811s[\x92\(\x9C\x82\xAE\xA4'\xBEt;\xDFw&Y\xD2M\x92�\x8E\xAA�?\xBA�cmbU\x8B\x8A\xB6*\xB4�X\xDE/\x8B\xFF2\xE4\xB1I
-\x80�\xA1y\x97�\xD6\xEB^\x82T\xFB\xFE\xD2A\xAAHAmf�\x8A�É9\xEF\xA7Û‘a_Ë®\xC0\xD4a\xF7�r;\xF4z�p��=�\xA7�\xE6\xAC@[>`S\x90\xF7\xB5W\xF8\xAANt\xB0\xF3\xE4\xCBa7&%\xEA\xEC�X\xD5\xE5\xD2Î’\xD1{�\xEE�\x9B\xF2w\xDF��1� $t\xAEL+\xED\xF7\xE2Qz�\x9F\xBA4\xF0m_\xC8a\xEABkz�K\x87H\x82\xCF!
\xA9-M_\x9D\x84\x90\xF7\x9Cp:�\xBA\xA4\xF54 1\xB0\xEEN\x8CYIz\xCDW\x83\x89Û�y\xEC� \xA9\xF7\xF93TÃ\xDBu�&\xCC\xC0\x84\x866Ó¦0�\xA5\xC7m\x8CB�w\x89\xE9\xDBQ\xAF\xE8IR\xB4S\xEB\x82\xF2�j>\xCBŧ�Ò—\x82\xF8\x88Q�\x97\x8A\xE6\x86\xDFF\x99bp5S\xB17�\xECu�\x8E\xBD\xA7\xB1\xD4lI*\xD6\xC3(�>\xDA�\xF1\xA8<Wg\x9D\x99�jN\x99P&ØŒ\x86\xECSÇ‹\x91{\xB7R\xD2\xB7A\xB08XY?\xF9×£Z \xDF�u}W�\xC6\xE4\xE32P\xDBW"\x93]\xF3�b[\xBB|*\x85Cg\xD8s\xA5r\xBF\xEC\xE8\xE7^\xE5Z\xC1\xC1\xBC\xBF(\xAFBuQ\x8FS|\xDE\xE8HfI\xD6mA\xC2\xED\xA8XZ\x8E"1e\x84\xD5\xF7Cу/QJ\xD55\xCA\xE7g\xD2p\xEF�j\ZSd\xC7h�\xB4߃\x9Fg�\xE5\x89`\xFBy\xF7M\xA9\xFAf\xF8Fx��\xA4�\xBF\xEA� \xC3\xE0o5\x8A\xE9�we\x99^\x96冤)2Y\x99\xB0$�\x9E\x9D\xC3®\x9FBÅ‚�\xA7.\xC4�\x82\xAD�\xB2\xEC\x89L\xA6K"\xAC �Ŀ˶\xA0�\xD3\xCCMf\xBE\xBE\xA4u�G\xD7\xFA4aŽd\xE4\xE7Ʋ\xFF\xC02q\xC9\xC5x\xA72P\xF2Ø”acg\xFD�Ì‚\xA6j]:\xDF\xE9�i\xAC\x85yUPmH\xFC\xAE\xAA\xA5��1Q� ��k\xF4{%\xBE|aI\xAFm\xC2
-�nOί\xDEl\xFB\xA3\xEF\xBCZ
-[\xD9H,\xCDT?-\x8F\x9B\xAF\x91\xA4 \xB1\xE5q�,~\x96\xA7K\xB7\xD2F)\xB5\x9C\xFF\x92NT\xC1Q_\xFA\x94\xD30\x9B'\xDA%�\x905V\xA4=\xC0\xE8\xD6H\xE6\x82�\xE5\x8Cz\xB1ly23?\xF6JE\xC9\xEF\xC0\x82w3\x8FAW\xF3CϘ�\xF8\xACW\xA7\x87�\xBC��\x8Do
-\xAE\xB0V \xD7қ\xDFn}[�\x8Bd\xC5�S�\xEA�\xF37Z>�$\xAE\xDFi�� ���w\xADi!\x9CQ4\xB1\xB1\xA8\xE4\xC0\xCC…vU|\xD0�\xF7\xFC \xC7�\x92Y\x9B�\xBE�w\xFBuNWdt\xE4[\x90K\xD9m8�~=\xB6i\x9A5\xBE\xCD\xFB]SM\xD6�\xD1j.\xBE �\x88\xC1\xB1\xFCq\xC9\xD2\xF5\x83�\xD9�\xF8yѿZ6k\x92ş�Z\xE5z\xCAI\xE6 \xF9\xBB:N=\x95\xB4qo�\xAF�\xF5\xB9�+\xA5\x84B\x99\xA1d\xEC\xA1A\xD9\xDD\xD5\xCFYgO\xFE�\x86\xA5�t\xE3\xB5N\x95\xB6\x82�.\x93\x8F\x9F\x84\x8CE\xA4\xA5\xEFmv\x9E\xF7\xE7]4\xDA}Ұ'~\xAAR\xC9fv5c\xEAى�\xAF\xD3�\x87)\xEB8�j\xD2\xE8s\xB0;C\xAD�L\x87\x92~\x9C\x8B\xC3\xF2��%\xB8\xEBP"\xB8\xDEU\xC9\xEC^�\xAA\xA46P\xE7\xDA'% \xF0\xE3\xD4'�Nurp~Q
-\xD8\xF7}\xF1\x83:|\x8A\xA9\xBDlLǎH|\xB7\x97\xDC\xDD\xFE�\xB6w\x81�\x9B\xE6A\xB5\xF9\xBD \xE2n\xB9\x87T\xA6:\xBF\xCBz\xCA(�\xEF!ɯ�\xC4�\xFA_\xCD�\x86<ch{$�w\xBA\xE1\xF7\x9DZ'{\xCC?�2\xBE�\xDCAg\xA9u
-(\x8A0\xA2\x99P\xC1\xB4i\x97\xB5\x85\xBDg�`
-\xE4�\xD2WDWN\x90=�%&j�c6\x96K\x85\xC1�\xD7M\xE5�\x9B\x91\xEA\xE6>v�E\x90\xC2\xEB\xC1�|\x8E\xB9E\xCA�\x81\xAF#\xAB\x8D\xEEu\x80U\x95\xFD9�\xE5\x99x\xBC.\xADd\xE1v\xC8!\xFD:�8\xF2\xBE\x80ـ;p\xF1J#WT \xA2\x8Fª^\xDB�\xE0'\xE1H\xF0mAFr4\x94,�=gK3M\xA8\xCC(R
-\xAA�\xA6S0\x86\xB6�5\xA7(\x83\xE7•\xD2\xC3\xF2\xD9#\xC0\xC0\xEE\x9Cj\x9B\xD3=\xE2\xE9�\x8F\xC8�mo\xDF\xD0
-\xB8w�\xDB\xF5e\xE47\xCA\xFCȂW\xAA\xA4I\x84\xDCG\xF1aq�uŒ\x86!�q\x94\x8A\xC2��\xD3\xFA����F\x9B\x8D\xBAN\xD1vw=ɀ\x88
-\xF8?\xA9�\xFE\xA4\xDD\xCAC\xCC\xF5�\xFD\xDF{?~\x81\xB5C\xE2\xA4\xDDX\x9C\xEC\x86�q\x90&�\xE71j;\xAF\xE3I\xA2\x99Ô§U$\xB4\xF62s\xABQ6\xB7oÛ†\xB1\x8C\x95\xB0\xEB\xE3\xE4'n\xA2\xAA\xCC(�" i\xC5�\xDAPV\xA0Ý£B\xAAε��qt\xB8Ö•Ým\x99Y\x95d>\xC3[\xB6\x89\x92\xBF\xA6\xDBV\xAD\xB8\x89\xF5\xBB\xEB+W\xD3P\xAC�\xC5`,kE}\xB1�_Ys\x99\xB0 \x91/\xCE\xFE�\x92Jr�e\xBB\\xE1\xD3Z\xB8^\x98\xD0\xE8Cc\xEA�?�S�Bk at z\xA9\xC9{�%7�y44V\x82ꪄ֯�n\xE6\xED\xE6\xB9\xDFTd&�\x85\xD69\xAA�\xA5op\x9D\xF8Z^G� \x83\xA1\xEB\x83D\xBAqÏ’:]�\xA2\xBEl\xC5\xFE\xF1K\xEA\xE0\x86\xEE\xEB\xD2
-7pR!42�e\x83I=%y\xF8p\xAC?\xF3\xA0\x93y\x9F\xE5\xF0u]\xCBÛª\x88\xA2W\xA6@�)\xD1>4F\xA2\xAB\xC0\x91\xBA\xCE\xF4\xC1\xF6\x9D0\xF2�z\xFA\xAC�\xE1N\xA0RJ\x91�\xBD\xCEwJ\xFA\xEC\x8B
-V�9\xFBd\xF5®DlG�"~\x9B\xA7\x92\xF6\xAF\xB7�A\x9AnÎ\xCDT
-\xE4\x92ޛ\xAB+;\x8DW\x9C\x8B\xF2,\xEFV�\x91\xE4\xEEI�\xBA9^ܡU\xBD0~\x98\xF0\xE2\xDD^�^\xF1ܤO��gn}\xC2]^\xBF\xA1%K(\xEE\xF9\x98\xA7\xBD\xC9\xF5U\xD9\xF3\x98\xD7\xF2\xC1 \xEE\x90\xF4\xF2#!\\xDF\xC4Y\x9D\xBE-�\xAFG\xD1\xC1\xAC]@\xF6\xF5u\xC9sX�\xFA\x87\xB0
-_\xAEl�\xA7O\xEC\xE3\xAFU40&\xA2\x86b\xBE\x9F\xBB\x97��\xE8�/IR֯}\xE0\x96\xF4
-+\xC2|\xFA܂\xEE\xFB\xD3\xCEPT�\xE6\x8C�\xE6\xD2\xEFy��#E\xE2�݇\xA1\xB7l\xE4l.\xF6\xA7�\xA5V\xB2!*\\xE6\xEA~\xD3P\x84\xABD\x8F��\x82Ҕ\xFC\xD7\xFBS\xBB�/\xE68?\xC9\xF4i|ner\xF8\xF3�R\xDC~P�\xC1E\x88YG= ҿ\xDC@\xECj�p\xE2\xB9\xC1�[8\xFC\xBF\xDA.\x90\xEE\xFE�?\xF8\x9A�\xF5/�\x93\x9A \xC7ͧա�\xA0\xE6ۥ\xD8SXt\xC7�\x94\xF9"Qk\xCBy\x84_\x9E\x99rx
-\xEE\xD1\xE2�\xA7\xD3/\xC6\xD4�\x80P� +\xB0-\xBC�\xDDy×\xAA\x9EV\xFD(�\x8F/}�_#\x99mѱ\xA6\x8D\x80*\xA5f~[�\xF3p\xCF�8V\x86�\xC9\xD1�8\xEF\x84$g\xFF�"\xA0�N:<3Uw�\xF1\xF2�\x9B\xF0\x9E�\xC2p6\xADÖ‚\xCBI&R\xFC\xAC�ÜŠÊ“\x8Bp\x9E\xD3o/8)\xD4+~\xDB�Js\xA7�\\xA2\xAD\xF6\xCAl\xF6\xED\xBBi{U\x9FȻû�4\xB4\xBD\xCCM_\x98\x9A�?\xC5]FÌ©\x95A\xB7\xD6_\"Óƒ\x82\x92\xDE}�#FG�\xEFK}g|\xFF\xF1\xCC\xE0�\xEB":\x8AE\xF9\xD7%\xF1\x92\xF5.C!+6\x8B\xBCR\xB1\x88\xE0!Q\xEA\x98_};��\xBC\xC8�#Ë\xF6]\xBF?\xDC~�d'My*�\xBD{\xB78\xBF\x81\xE1+\x9D��\xEDn\xDF\xFB\xB7/\x9F�u�G\xAB\xF80�\xA2ߧ\xD2\xCD\xE9Ì–\xE0b\x93'\xA5\xFF\xEE\xA4�\xFBm>\x82\xFF\xAB?\x82�\xB4Q \xF5\xDE(�[\xBA\xC1fM\xDB\xFF�\x8A\x83\xB4\x96?Â…?\xAC\x8E\x9E\x9A.T\xF9\xF4�+\xAA\xA9\xE3J\xA6�eUq8jr\xDC�\x85�Yp?\xC1�\xBDY�~H\x85#\xFA\xF2=*\xCF�q\xED\xB7Ï™\x82T\xE8\x93�\xA6\xF2\xA1E\x87\xFCA\x82⫘Lm=\xCF\xCA72\xD8\xF7���]\x8B\xD5�\x99+eÉ¥\xBD\xF5\xA6�\xBD=\xBE\xBCE\xF3��@\x953.\xB9w\xB9G�\xE3d\x93\x95.\xC5/\x8Bf\�OFJ$Q\xF3:\xD1\xE2 \x81T\xE1\x85ݨ7B\xD0�\x96\x8D_[E!\xFC�\xF3\xE8�\xF3\xAAÝŸ$�\xE6\x9E\xCB�� 3D�\xA6\xB9\xE3]D\xD8�\xF9\xF8#\xB0\xA2R}\x92�o\xB2\xE4\xA3K\x91\x84G\xE2%\xFEJqI.\xD67\xCF_5�E\xC3�%\x81�\xF3\xC5gA\xD3^�\xD6����\xB3\xDE\xEF�2\xFC�\xFAIk1\xDD>Ĥ\V\x99$\xC7\xD0\xD3\xC9L}m\xFE\xAB\xD4\xEC~\xB9H\xA3\x8A\xEAO\xF0\x8F0\x8A1\x84M6�k\x81\xEEwQ\x8F}\xA8\xEB;\x99[\x8AmsÑ‚\xC8l\x85�\x8F\x84
-\xFD\xF2\xAD\xC3)8ȉ\xC5)�7�\xE8_\xA3\x8C\xB7\xC6T\xF7\xF4壌mM̜+\xA4
-�\x9DG\xA6��\xA9J\xA8�\xE7\xAD$\xEE}0\xFFx\xAFR7\xEB&K.�i\xCB��P6R\xD4�.<,\xEB㺥1~4XÛ¸\xA5�>\xF7�\xC6 \xE8t\x8D\x9E\x95>\xA2\xC2:\xD1#)\xE1>�\xE6k[\x90\xBE\xBB�\xEF\xDB'\xCE\xE5�\x{15EB0E}"\xA5\xE0 P\xBC\xCA!B5\xFFi\x8B\xD2\xCC\xD2\xF7\xC0I\xAF\xB4\xE66\x89\xEF\xED\xDAK\xB2��j�?uF\xE9i\x89W!Ü’\xBD�N���\xD2�.TE�tm\xFA\xD6F\xB0t\x8E\xB9.\x86}-\xBE\xFC%`\xFA\xB5\xD9V\xEEC\xA2p?�V\xFA\x8E\xCE\xEB\xCF-j\xFB-f\xC3�r\xC5\xF3$\xEE\x8BÏ„\xAC��\A\xCB\xC7l\xE4\xA1NÉW\xF4\x98,� �\xF1\xA1\xEF�t�5�\xEB�\xA7\xBC��\xC0\xF73Þµ\xE5b\xEC\x91 \xB3\xA5�+\x95\xE6Q�\xB9\xA6i\xC2S\xFD�\xDD(Ý›\xC7i'o\x84\xDFF\xFD\xD8��\xD5L\xE3\x97$U\x9Af\x83)ß–J\xB3�6�\xF6o\xFA\xABH \xA9\xDD\xEDISO\xD7\xFB\xCFM\xA7\xAB\xCBS\xA5LL�\xF1~\x9F\xC5ZcDò�\xF3JTIE�sZ\xCFYK\xD4T&6\xB7)/\xC7Ã��,\xB1L\x97,\x86\xBB\x87[Ò»s\x9E\xA3��\x8E\x82g\xE7\xB99m\x98\xBDFV\xCB",\x98\xDBx\x99\xA3\x9F\xA2\xCE\xFA\xE4\xE7/\xFB\xA3\xDC\xEEdL3\xA8JÔT�\xFA\\xB1\xFFH\xC9�L\xC8\xEFa\x85\xBAfNu\xF6ѯ�&]�,r\xC1E\xC2\xDA1D\xDAÇŠ
-\x9F`b�\xEAT\xE8\xD66\xE7C\xC5�x��+\xC4\xE8\xF4@\x9B\xFE`\xD9v\xAAl\xD0Tw�\xBBJ\xB7��\xF4+\xB2\xF9\xF8p4T\xE2\xEE]\x94 \xF0\xE2\xFA>\xEA\xF3X\xFFf\xDFdO\xA4Ï£\Ï”H:[PC\x8BIJ\xA1-\x89\xAD\xC7\xF3|\x97\xD5�\xCF\xF1ÊŸ0�\xEF\xB3i�ov%\xA7\x8E=\xC6�\x91\xBB\xF1fLu\xB3$\x81\x8CX\xAB�Dm|B\xD8xz\x92\x91:�\xCDD\xEF\xBET\x96[&n'\xEE\xF3\x9AZ) \xB6L`z\x98\xF7\xCE(1\xDC\xA6\x97\xC9c\xA5\x9C\x98*`�\xEF3\x9F+F(\xF2\xBFgV\xE0�/_Jc\xC4h\x87\xDB\xD1|\xA2\xDC�m:rG\xE6-\xC3\xEC]07\x89\xB1?×›�\xAD\x87�\xB6\xAD0�RK4\xE5\xC0\xED+\x97\x82`\xEE\x8ED\xD5\xD0L\xBA�Î’\xF9\x889>�\xF1\xAF\xEBwe\xA3�\xAF\xD3\xD1�\xA9<\xD4�\xBA:n;�=]7\xB6cm$�\xCFj\xF4\xA8\xE2\xC9\xE5x\xB8\xD58>\xC3p:'`=2\x92\xAC~\x8D\x9D'\xA1�\xB7:\xE9�'\xEE\x95\xFCc|\xB1�#\xFA�vN< z�꧄\xC7Hxw+\x9D\xCC�\xADit2e\xB3\xBCSj\xFEd\xCA]R\xE0w\xF3\xA3\xBA\xF6�\xD4BBBi\x87\x9Eu�exyUw5{G\xFFÏ«f\xE7H\xA1�\xE4\x91�\xCB[\x8Bß›\xB9\xF6#\xB1g\xE0�e�\xA99H|Ca�\xC8=\xA8\xAB̨D\xA5�\xD7\xF2j\xEE�\x86\xE6�XJ(V�r\xD9\xFAg4\x80�\x90�O�8�%\xACi^\xD9Q�,*�\xE6\xEE\xA3%\xC5�gM\xA2b%D1�d\xF9\xD7�M\xBC� \xBE\x93\xEB\xCEW\xF0Y)\x95=\xBC\x8F\xB4`\xAF�\xAC�\xBF�l,T\xF9\xE1\xE8\xF5\xC5uqC�'\xEF�\xFE<A\xF3\xC05\xBEu\xF3\x96\x9E\xEDh{\xDB+1c\xF3\xC7/A�\xE3\xEC\xAB)3\x82�!\x94I\xC5Æ\xCA\xEC�_\xB0\xC6I{}\xCDw\xC3;U\xEB�\xAD\xD4\xE1eD�\xB8\x94vq\xEEg� �\x8F-�\xEA'
-ɋ|9 \xBF\xA8\xA87\xE2\xD8\xD8\xFA\xFD\x8B\xA5\xB4 fEƔ\x8Eh\xEBƶ�\x8B^\xA4\xC1\x9Ah\xC1\xA2\xAC\xD8m\xA7�\xA2\xE8\x85R\x8Ax\x92\xEF�\xEE��2\xAA\xF9\xB5\xF8�,,\xB2\xCC⪕\xBC\xF5\xEF\xDBI\x93\xEB\\xC9W\xB0�d5�\xF2K\xA2\x98K%\xCB\xD4�*$\xC1g\xB6�Z\xC2ɑ#¡�J.Ƒk\xE3\x8Dr\x85[\xC6\xC9�G\xA2�-~C\xC8�\xCCx\x82
-Pٷ\xE5I,\x99\xCB\xFAP�5\x97\xE3\xB4"\xAA�Y\x9EBR\xD2!�\x9D\xBF\xD1)\xD1E\xEF\x85\xC5EU\xC1�O\xBB\xAB\xA0\xD1 \xBE\xA00\xC5)ۻ9Q\x87\x82\xE1T\xA5\xE1\xE5\xE5h\xB0\xB9\xEDe�\xFD��\xE8\xB2bO\xE4o\xBF*\xDEe\x8F\xBA}N5��\xE0\x84M��=*�,".}\xBA.\xD8\xD2
->D�\xEF7\xBC�\xA4O\xAF\xB7Äšt\xE9\xFE"\xCC�s\xBE\xC1%Þ\xCC\xF8-".#S\x84�\xDAOX\xF5N\xE8W\xC7l\x84\x8F\xD2]8T\x8B�0\xFCP\x90\xD4}zZ�\x9D�\xDD�^\x84\xF0!\xA6Jr\xBD�f\xEE:5\x85\x80c6Z\xB8\xE3Gv\xDD~Õ¦\xC9\xFE\xCDOq\xF8�\xDB\xC3\xC2\xC85Bl\x92\xF7e\xC6T�5\xAA\x96\xFC\x80\xDCØ\xD6zä€\xFC��\xDB�W\x96\xCE\xF2\xCF\xCEB\xDD\xEE\x94}]\xC4\xE8�\xBBv\xB5�}V\xAD&\x96h� \xD40;5#\xD9B\xED�\x83\x9F{\x88�>â‚\x8F�\xE9\xF1\xAF/b�\xFA3\xA013\x84;6\xE9:\xAE\x83"|sj\xFC�\x94;\x93\xE3\xB4iK\x97\x89\xD6c\x88\xAD^#kJÚ•\xFCMCG&\xB3�
-\xDA�#�\xA9\xC1\x9C\xB6}\x8F\xE4��e-Y\xF2�\x8F
-i\xD3pn\xA5�I�S\xD6�\xCE.D\x8Ak\xDE\xEB\x8Be\xAA\xF1\xD4Y�\x92\xAAU \xCDwU\xFB\x8A�\xD4\xC5+f*F\xE8u\x9E\x93\x9D}\xA6\xDB�\x8A\x84\xA2d�\x84\xEB$;\xD6���� �\x82\xF6a\xFEr�>wr9\xCAD\xDBN\xFD\xA0.\xDE�t9J�\xB1�\x94\xA8Ѹ\xAF�\xA6,�'%P�K\xB7\xB8_O\xD1B�\xBEh\xB0^\xEF.\xD6dY\xE81\xA6S+\xEFy\x8B\xD48=\xD4�\xAEo Yz\xE0\x83+GQK\xE8
-�A\xC8�>\xD3$$\xBD\xF4\xCFO\xF2\xC7W[OV"\xF5>g\xE74B\xDAghF\x9Ad�zج™\x90}?щZ�\x8B\xC5?fv\xC9�\xE8\xB6&\x8D\xC0�ߣ\xAE\x8Ep\xF7\xE0o\x8B\x9B\xBA\xDCH\xBFB*L\xD55\x83$O1\x9DB\x9CޫY,\xDE.8K\xD6\xE5\xEA
-\xB7X\xE8Hs\xF7�'(��\xFDB\xBE}\xB1\xA1
-{&p\x96�\x8D\x90\xE8\xB0\xCCO@\xA4)\x88��
-\xE1(\xC9�\xD0'k�\x82\xEF\xBE}Zuq\xE5\xD9a\xD5a \xE0u\xDF+\x95?\xAE\xD2�,\xE7<ܢp)L\xE5\xB6c\xA7z7\x83\xDC\xC7c\xAE{\xD6߰�U\xFE\xAD\xDD\xFB\xC1\xDE_)P\xF9\xEE\xE30Nh_4�S\xCCb\xC9-�\x8C\x94�\xB2:\xE3%\xB9\xEEL\xAFE\xD1)\x83�\xAA\x8F\xC77D.\xF7{\xB8>\xC8L\xBE\xAF\x93G\x89\xF3EZ:|\xC7L\xF7 \xE7�\x8D\xD3m\xF3\x92��\x8BXƖU\xAE\x93\x8E\x80\xE3\xAE$15\xF3\xB3\xBA\xFAP\x80\xE0YqL4\xB7\xC9\xCE\xF6�\x91۬\xB6o\xBE\xFB\xF9p\xB9\xFC�\xB2D摧\xCD\xFEl;�Ux\xAD!\xABl\x8B\xF9E\x89�og\x82\x8D\x8B�qA\xB5't\xAD׵\xC3 u\x8F+\xBF@\xC79\xD0\xECOH��\x92\xF7\xCFU�\x84\xAE\x89\xAD\xB6�E\xDCO3�\x97h\xB6\xF6\x91Lӆ>\xDB\xCE\xC1~!�\xF4\xF1.��N}\xBEBr�\xD5\xC7�撃\xBB\xD6c\xD52WT�cs\xB9\xA4;\xAC\xEA\x9DK\xB4d✺\xCF\xFE6\xF5\xA5�\x9D\x8Fo�=\xA1H\xA9[\xF4�\xCB\xC2\xF0\xAD\x9BA�\xF6\x90&�\x97\xE0\xE0\xD3!\xFF@\xF4N\xA4\xF0\xE0\xED�\xDC\xC1\xA3��E>�&\xF0\xBB&\xA18֒Qr\xCA\xCAQ\\xB9\xEChV7\x8D��᫦\xB3\xFBOG)u�\xB6\xBEo\x9F\x8F 3p\xFD\xBF@\xBCS\xD9G\xEE;Uc�\x9B\xB5a\xF4L�\xEB\xED\
-\xF4\xA8\xE8P�\xD6J\x82G�!\xF2\xDD\xD4�5\xA3�\xCE(J\x8D\xB5�e\xA2\x96\xB1Í´w}\x9F^�\xCA\xE7
-\x83\xC9/\xA1�\xA4\xE8\xEFi\xD4\xF2;\xCC\xF3\xEA\xF4\xFFL\x9AU\xEF\xD1[l\x8D��\xE6Q\xCEa\x9C\xA6\xD1>\xF1\xB3G�\xF7\x99=}!C\x87\xE1\xF3oΤ\x85\xC3TD^\xEA~\xF7�Y\xF15l{\x9E\xB3\xD7(\xE1\xB3�\x93*\xA0\x8A\x9F�\xCFg�\xE9\xAD?\xBB\xF1\\xB2�\xC0\xE5'Dž\xEE\xF1�\xB5\xFE at vǸ\x8C\x87\xA8\xF3\xC09\x9A\xE6\x82\xC3?\x9F�\x9F\xBE\xE8x\x8AB\x9C�Z\xF7\xF6\xB4k\xF6\xF6\x86dqϑ"�$!\x88�
-\xEDx\xF0�\xFF"`�\xA3\xFEm\xCD\xD3K\x9B\xEB.\xBF\xF4e|\xEA:\x9F\x86\x9B%u@\xE9�\x9Co('_
-\xB8=\xC4\xF5\xB9¨\xEC�W|\xDD\xF3\xFA\xF5y\xC6\xE5�\x9D\xA3\xB9\x8C O<\xE3\x96H\xA6\xBEk\xFB�\xBBTCT\x95�3�S\x90Q�\xFA\x988E\x8A9�\xB7[\xC9i{\xAA\xF0\xE3\xE1\xB2\xC7\xE4�\x8D�ve=��\xA7\xFB\xEF\x9F$)e \xD9(\xEF\xF6y\xEF6bU_>`R\xA8\xFF\x992Qt\x98\xE7R?=�\xDDI\xEAbĉ& \xA6y\xCD\xE8Z\xF7;\xD8%U\xBC\xE5͇⌌\xE0ʷ\xAB6\x8An\xCBLJ\x98�S2tq\x8A\xE7+\xDA\xF3K\xC40\x8FH \xFB\xD3'\xAD\xBD\xAA~�ϔaL\xF8\x98\xB1\xBAىl\xBD,\xA3 ;\x88�$\xF9ubq\xB9�\xF1\xDD8c\x8DC\xA8.b�/άK\xCCJ\xE1\xD6R7\xA3��\xB8\x8F\xA7\xF4ŵR\xEC`\xE7z\xCBb\x93\xB3Z��'�\xBA\xBD$\xA0�\xE9\xEB\xFD\x80\xD5\xF7\xD2\xDE\xF9\xA1\xC0.(?\xFC<\xD3o' \xC2X�\xA3\xB9
-\xBD\x82\xFC\O\xE3l}\xE7Ï r\xC9^\xDC�\xEB�c\xEBrh\xC1\xC4{\xA3��x.�;9\xB9\x9E\xB3\xB8#\x8F\xDBO}+�\xF6�H\x90\x87Gz�\xF8\xE5%
-\xC6�\xAE\xBC\xF0§AjS2k\xED;<\x8D)\x9F@�Z\xCDƻ\xC8`n#\xE7Pgl�v<C[H\xC0B (�\xFC\xB4zw\x9F\x8D]\x91���\xCB\xDA~��\x9E��r\x85\xA9\xE1�p��\x87!Tu�fs\xBF\x96{3\xB5y\xA6QeXXIh\xA6���\xC5B�#@8�@\xBF\xA2.=\x8C\xB9\xA1+�\xD0/\x8Bl4;H\x89=\x97+?\xD7g\xD9\xF4hV&\xDA c
-\xF3>\xE7x\x9E�\x96Hh\xD1o\xB0\xFE\xA6�\xAF\xA3m\xC9،Ģo\xAD\xBBL\xA3\xC7Q\x930\xED\x8D\xF1\xC5\xF9u\xE2�#\xF82\x86N\xFC\xAE{Q[V\xAF\xC0j\xBF�\xA2\xBB\xFE��?�\x83NW\xF4�\xA8?\x83t\x9B\xE1%�\xA6qGG\xF6��:\xBC\xAE*x\xBC\xC3\xC0\xCC�\x9E\xD9\xCD�\xD9^?\xA3\xF5gf\x89�\x95�\xE7\xFB\xFAp\xEF\xEELÂT�\xC57^\\xFD?0[\xC5\xC3\xE8Q\x8D\xC4�\xE8$\x86\xC0\x8F\xD7}ÝŠI\xC3P\xB1\xAA\xC7dY�vg\xE4\x89e\xA6w�\xA9\xDE$\xE0\x8C\xA2_\x9D\x99�×¹\x8E\xE9\xDF�\x99\x86\xD8�'D\xC29ËŒ?�h2\xF3�\xB8%\xB9\xDF̆�\xD36UÖ¾\x97\xF5\x84\xAFm\x93\xB1(�\xF2�\xA8\xF8\xC8\xFE\xAD�\xC9\xE6D\xA5\xAB�\x91\x{1E7F7A}w\xF5\xA6\x90$\x81MM\xF3:2\x9E\x93\xFA\x9D\xA9\x91�\x83=\x87�3\xCFt]\xC6F\xB1\xB0i\\xC7\xE3\x93%N\xA5\x8Aa\xFFÝ£\xDBEK\xBC�\xF4\xD1\xD7\xEE\x8C�6y.G\xAD\x86(�\xAEAM\x86<\xEF\xB9\xD6~\xCAy\xF5.\x8Bï—²\xC0.\xF58'_e#\xE5B\xE2[�7Q:�\xBF\x9E\xDF\xE4m\xF8"m\x83b\xEC��S�\x83\x8E�\xC6�Z\xE1\xC2
-4\xA8Y\x8C\x95{�t\xBFOp\xA1ƨ\xE0\x8B!| \x91\xF5j\x97/\x99�\xA7\xD0L�ve\xA7e\x9F�(\xFA]<�\x8Eq\x9E(\xC1\xA8\xF0칄\x85\xCF\xC0\xDF\xF9\xA8;\xEFAJGZ0\xFD�7\xF9ˈ�\xBE\x86�[�(-\x90\xAEP+U\xECp\xA4\xEB�\xF1|\\x97;\xEF<?\xFF�TlX8\xCE\xEDD\xF2\xA7�\xEA\xF7\xE7�\xB7\xD0\xC4�\xDF\xC7\xF0\x93Qۡ\xAA\x9B�\xBE\x9E[,d\x89\xC9;\xB4\x8A�\xB1\xA6I\xC4W
-\xB2�
-\xF0\xEAw\xF2o\xC0
-=+�\xD1��\xBAEg\xA2\x8A\xD6y\xE9�5,\x98bQڥx\xAE\xDB:�>\xF9\xDD27r\xA4v\xA8x\xA9t�\xAF�\xBD <\xA2\xED\xE6V\xFE\x96(\xF9\x92]\x94�\xDB�\xAD\xAE\xC2\xE3BB²\xDF\xE2 \xEFE�\x9B\xDC\xE4 ?\x95\xEFd
-\x9E\xA5�̺\x94k�\xAE\xD6P\xFA-F�3{^.|\xE0\x83M],\xBF\xD2�ck&�\xCF\xFD"\xA7^{9D_o\xB7\xE4�˕\xC4gD�w\x9F��\xC7>B_6\xF5\xA6F\xA7zJ\xAD\xEFf\xACE\xA79\xE5GƊ(�IK6na m\xFC\xB9\xA2\xE4\xDF\xFAta��\�\x91\xB1+O|o\xDBn\x99�\xD4ĺ\xE0\xD9_
-$\xFC\xD4>\xAD\x8A\xE4k\xEBs\xB17\xA1{^\xB4�2\xD0X
-\xFA\xF1\xA9ã³¼\x80\xA5=\x8A&I\xD7}\xB5\xEE\xE4\xD8sU5u\xA8\xFF\x92\xE0\xEF"VB\x94\x97~\xB2r\xF6n\x89\xC3/A\x93�\xAF�>k]苬\x90\x92�)�\x8EÄ\xEC\xC2\xE8�Ì�?vY\xE8\xE4F8\xEC\xFA\x9A \xAEGF�\xDC�\xA7\x8AX\x9D$\xE3\x87\xD4b\x8DÐ¥\xE5\x9E_\xA4�M2`c5�\x90\xE3�&\xCA\xCC%R�J\xC7Ϙ\xE1Vq\xF3\xD2\xE48Q�8\xAC\xC9\xD33\xB7\xD5"�\xD7ya䱈\xF2\xF2\xDA9\xB9�2\xE4\xC86\x86Ku\xD9\xD4tiA\d\xB1\xFE\xE1f\x92w\xC3A\xE9 at To^\xBC\xA2 *\xA4Ë€\x99R\xF6%̃\xB0\xA3\xFC�\xFA\x89G\xEB\xF7'xGJI\xC0\xB4\x87P9 uÍ„\xD2Q\xC6"\xF2g\x85L*+c�l\x8D4\x97�æ…¬9�rv*\x9A0\x96�4\xDB�\xB1\x8Ct\xA6\xBE\x91\xD1\xDDI\xD5:\x9A\xBB\x94I\x9AWY\xF8\xFB \xE8�\xE8Ng+Q\xFC\xBCv�-V\xEA~\xC34�"\xE54}/\xFC�Ç—\x92W'\x8EÉŸ\x8CrO\xE1\xBF<\xB7�3\xDCl6\x8F\xA6//\xA6\xAB\x8Ew�\xFA\x96\x83Nb\xA9\xAB�\xFE\xC42Y4\xB7aG^\xA211\xFD\xCEg\x9C\xC5Ö¿\xA3\x92,\x840\x88\xDC\xCB�\xFB\xEE\xDB�\xB7j\x98p\xD4�wS\xB1\xA8W\xA8\xAF\xB9j\xBC~O\xD6\xD2\xDC\xD2h\xA8\xD0\xF7p�I\x95摹\xC8{z^\xBD3q\xBD
-\xE49\xC6�\xAFLh>\xED\xEFY\xE6\xC7(\xEC$%\xC9��\x86m]"\x92)_]Vf\xED\xC1[\xE1\x9B\xC6\xE4\xE6�1\x89\xBF\xF2\x8C�\\xB3.\xF41T\x95�]\xE2G\xF6{\x88\xA4V.\xB8/S\xEFd`\xB4.�\xF2Uu�ڋ�\xEE\xA9>\x8C\xC7��\xA5\xF7S?iI\xAE9\xC3q-�\xDD%\xE1\xCCK\xF5�\xDE\xC9\xEA(?:L�-\xB7R\x86\xD0A\xE1\xE76=\xA5\x9Ap\x953�\xC8)\xAE\xB2\xBA/�\x96}\xCC?A\Ӟ\xCEx\x8A ;\xAD\x8EZ\x8D\x9Bh\xF0J\x95򡞊\xD4\x9Cj\xF3\\xE1\xCA8OR\xF8\xB1\xD8\xDE\xFE\xDA�\x89\xAB\xA3%e
-M,b�?S\x9C\x86�\xE8��\x82-\ \xEC\x89\xFBdVw�\xD1I\xF4\x9C\xFA\xE1~\xD67\x8E\xC4ke��A\xF8\x80\x9B\xC2G9\x94\xAC��\x99C:\xB6\x9C<_}9T\xEFr\x8FT\xD2^%M\x85\xED\x8CC�,[E
-t\xD3\xCE@�\xBD*\xAFg :_\x8B\xBBo]\x9F\xB0\x92c\xFC\x89\xB7\xD1cM
-}\xAD+�^\xC2Â\xED\xAFe\x8F\x82�\xB3\xE9)�\xC0+-[\x82f\xDF7�j\x9D5$\x87=\xE1\x9B\xAEb\xD6�;tZs<u%/\xE9�*\xB6\xC8\xF8\xB2E\xCC\xE8�\xC1\xFER\xE5��\xB46�*F\xF50N纄Z
-\xC44\xF7\x8D\x804r\xF0\xBF_�\xD3ktV{zd\xA8%\xCE`n
-\xBB\xDA3Nr\xC1\x90'\xC9H��\x8A\xA1Q1\xC2\\xAE\xA99\xE0
-$2\xCA\xD3�\x89�\x9F�(\xB9
-�+\xE4\x97JE\x9A�Ǘ\xE9\xE1J\xDD\xCB\xC5Gq\xAD\xA5\xBDo�P\x97Z{@L�\x8A�\xF5\xC8�_
-L\x84\xB3�”%$6$n\x94%\xA0\xA0I1Y\xC8c\xF3\xB3:\xC1�\xEC/\xF7H\xC5 \xAC\x83\xFA?\xCC\xF5\xE1P\xA2�;\x82g9\xE8�
-緋z\xBF\x8D4/\x8FgSD\xF6\x94n\x94\xBBS[\x89\xD7+\xDC\xE0CF˾\xFF\xAE\x90\xA0�\xA8XnF\xDC1\x88\x8F\xE2�i\xF3a\xC7�Q�?ߡ\xDC\xEA\xA8\xD5\xE02\xF6<t\xB7d\xC8H�\x81zB\x99\xB6H?\x90\xB9|\x9BWضe\xC2\xD0\xE1\xC6/X\xA6\x99\xB4�;N~5\xDE\xF1)\xA1>a\xB9r�z�\x97x\x9E,\xFF
-\xB0\xC2,ZAË°z\x98w\xC3V� \x89\x94]AVr\xC9|RMc:\xF9~p\x8EꈰƸ�\x9C\xCE\xF5b�\xB2.<\x84\xE2\xD3?\xF8\xD5M\xCClH~6\x8E\xE4\xD3l\x81:�\xCDx\xB2_$j)\xCA�WA\xBC\xEBhEBu\xB5\xB2\xB9\xF9%Gx \x97iS\xC5�Ê—\x8E\xB2\xC5Ä©\xA02'�B\xE6\xC8�\xB0箦Q��0h<�\xB4\xF3\x92� \xFF\x9E\xB7\xA7\xA3�Q-\xF6n�\xB5\x82q\xA1\xF2S\x87�!\xBB\x8Fl\x98\xEC ÙŽS\xF6�\xA3�'�\xBAN\x96\xB3\xBA,�\xC7T�\xE9W�\xA6\x93�\xF0\xB8ÇgÈ‘\xB2\xCB\xEA�\xB3\xE4\x89�#\xA1,Gd\x9B\xE4\xF4\x89\xF0\xFDl$H\xC0\xFBa\x97>7f�\xBB�\x82Z%\xFD\xD9�S\x95\xB2\xDA at G\xF7\xD8/��RÝŠ\x8A\xA4`\xB7\xA0\x9D\xEA\xB28f\xBD�\xF3�\xA8�\xAA\xBB���\xFCq\xC4\xCEd�X
-G\xFB\xA4�g�\xB9˘�
-\xBB\x84_qvw3\x839T \xDB\xE1\xCF\xFAm\x9C\x94 at n\xB9aO�J\x89
-\x85yu��\x86\xE7�\xEAf\xD9=\xD5\xFA{\xDD\xD3F\xCE�Lf�N�\x8BG\xE4\xD4i"?\xFE�\xD6�}醊\xDBU\x9C\x97_\x9A\x9Bi�N\x84z\xB2r�\xF2Ã\xF5�3
-u\xCE\xC2\xFC\xD5\xCF\xCD{1T\xA8\x97\x9Dt+j\xAAN\xECpC4\xE7�@\xD6\xEE\xC5f\xD9\xE4:)0\xFD\xF4\xF0t<P\x8Bb\x90\xA57\x8A\xD4Ò·\x9A�\x82\xF9�(23�\xAC\xF5ÙM\xF6+&c�\xD3�l.^85^Z���\xA3�L�u\xFC\x89 LM:�9$_)=o�\xBB'\xE0i\xB2�\xAD�g6\xDD\xD1\xFA�AWw��>\xF2�uw\xF4\x9B\xA7`\xE2\xE8\xC3J_\xC2\xE5f\xF2\xB2\xA4p\xA1\xC9\xFD@� \xEB\xA4\xE5c\xF9C\xA1\xEE\x97rj\xBF\xC1R\xB5P\x93\xDC�\xFCQ[\xF6\xBAC\x9B\xA8\x982J\xED\xB9~?\x84.�\xECpÞ»\xC2VXz%\x98\xA9\xAD^\x8C\xBAε\x86\xD7�\xFE'�R\xB9\xCAxE\x98\x95\xFA\xBD\xC6#�\xB4\xC2ET\xED\xF6`\x85T\xC6*\x91\xC64d\xB9�\xC6\xD4\xCA\xF4;\xE9\xAFQÍ·�\xECe\xBFÉŵ\xA7\xDA-\x8C\x99\x96\xBE~j�Ͷ\x90\x9CÅ`k(v\xEF\xAF\xFB\x81a\xA4\xE6 \x89\xF6ឆ\x85\xF6*\x84�\xFEl\xD8N\xD9\xE7�fr\xB2ÇŠ1\xB3|/0�\xEE4\xD1\xC9\xC7\xFD\x9EjÈ¿>�V\xF9E \x83" O\xE1Z\xA8z\xDF\xFB,q!\xBF\xE5]3\x84*Øœ\xEC>\x8D\xC0\x8EÅ\x88�\x91{+$�v\xA4fx[V�\xFF\xC1\xA7\xF0aX\xEF\xF2\xDE\xF2\xC3ݸ\xB4\xEE\xD6\xE6#\xACO\xC6��fe\xAD�\x8E\xA8\x80\xC4gs\xB7B\xCCgt\xEDD\xB7\xB0\xA61�?��\xE9Bmbv�\xF8\xB6\x97\x8D9\xA2\xAF'2S☟\x97\xF8\xF8/��\xD0]\xC5`\x9C\xCE\xE6k\xE2$:DK\xD8$\x9Er\xB0[[/o\x95\x87ᇦ\x84\xF4\xA8\xDC\xEB�\xCF~fwH\xFD�\xA5\xC8C\xB8\xAF\xC9Â\xBD\xDFn
-\xEA \xF7E6K\xBF\x90�\xAD\xED\x8Bzv
-$\xE0g\xA8\xA1\xD1�8qx!]\xFC`b6#2\x95\x9B�P֊>)Ц\x9A\xF4ʈ�Q�І)C(Ճ\x8F}R~\xAD\xAD\x87_\xAF\x98>{\x9A\xB7u9;ƃ�\x81n\xA1\x93\xED\xF3'\ =�\x85i\x81{,\xC1e\x93b\xAB\xAB=\xB5Źۈ\xCE\xDD6߮\xE3\xD1܀�AŃ\x9Al\xF4ϺΛv6\xDA\xEC 5\xD5\xCD�Rj\xE5�8\xE4\xF2\xAC\xDA\xE8p\xF5h. \xD2\xDB\xFE1\xAB\x8D,Sd\xA2\xCF\xEC^5
-\xF6\xA2 \xDAO\xE8�\x88��\x84iᔚ8�\x8E\xA8ᧈC\xEE\xA4M�\x8F\xBE\xBB\xD9Ir\xFAd \xF6\xFF\xC3\xDF#58\x838\xF8\xECꯦ\x91c\x879<\x9C\xD4?X\xE9(\xF5\xA3\x83\xD9F�kc\x88\xCAU#\xB4g\x83\x96\x9FA>f\xE2\xC3\xE7�\xA9\xAC-mD\xF1{nʢ,B\x91dK\xDD*\xDEFΑ�t�0\xB8\xDF28�\xB0\xEA!ۙh\x97\x9F"\xE0}8B�\xF2\x98\xE1"\xA5f]\x8F\x99M<�"$\x87[\xD5\xEB��nwYŗ\xDBu\xCC6\xCEG\xB9\x9D\xF3\xEA=\xA6�\x99\xA8\x88G(fjwf\xD0\xDC\xC4\xC3\xFA\xA3\xD9�_Y\xD7\xD2�m\x8D\xA8\xF5P�\xF8\xB2\x97'\x90MW�u\xDF�\xDB�Kj\x90\xD3\\xB7EE�}\x82Sy\xE8\xAF \x86c\xD4P\xDEc
-U\xBB\xBFW�Î…{g\xCE�V\xA9)\xFB\xF0qB\xD0P\xE8g\xF5\x82 \xBB\x80�\x91j\xB4\xB5J\xA1!\xFD\xCC\xC7O^�\xE2��\xAE=\xD3\xF4\xD1F~\xF7H�×¥[\xF1\xB2\xD5�É»y�\xE8\xA6<\x80]\xAF\xA9RE\x9Bx\x86{r.\xB8\xF5Sz\xF7N\xAEr\xCDcOd\xF9\xF16\x93\xF4\xEDF\x83�Z�Å»\xB5p�\xB1\xEAL\xDBll\x99\xDE\xD4\xF2Óž\xBEh\xBEs,\xFC\xD7\xC3"T�q\xC2\xDD^\x96\x81O\xE3r\xE7,\xD9ÅŸ\xA8\xC5E\xF2/*f�\x92\x94\x8E\x80\x98\x9B\x85#�\xEA��\x96\xFAJ8\x8A\\xD0TH6\xC4\xC4\xEB \xEAV\xE4\xF9\xE3\xA7q_(�7Q\xD0N\xE0�QK\xB87VÓ¯�\xBE\xABv\x85�!YԫΓ\xB2Q\x8AÚ—>\xF7m\x82\xAB\x93Ð\xBCN\xD8Y\xA9\x8EJ\xC9\xE8\xC0\xEA5\x97I\xAB^\xEA\x91\xCBT3E���y+f\xE8\xCF�Û¥\xFD\xAFÔ°�\x90\x80H7Û³k
-\x879�\xF9\xD4\xE1?b�&�=e�\xD6�\x96\x9B\xC6\xD3G"\xCEkM\x95å•\xF8\x82\xDAXaI\\xDFmh\xFB]\xBD\x93T\x86\x90��\xB7�8\x9F��N\xC0\xDDKmp\xE6\xE9\xF0\xED\x94?Qã·°U[�\x98\xC9\xE4\x94y\xAD\xA4\xAE|\xEF\xF6Z\x{DD67}&\x94A\xB6\xF9L\xF0\xD5�(\xE3\xF0\x9D\xCE^X&\xBF*H\xF0Ì·l\xD8g\xD4��\xF5"\x91\x87\xB3o\xC6\xFF�\xD7�a�\xE1T\x9E'z\xFB\xFB\xB9\xAE^u?%\xC0tc \xB6\xE8\xC1\xC1VuA\x86|\xA3\xB8�\xC5\xCD×”6>1\xC5'\xA8\xA5\xD42\xBCo\xF2g\xA0\x92o\x9B\xCA
-K\xE2\xFA\xC2T\xF0\xDD\xF63r�
-�bB�Wn�\xEA��P�\xD1\xD5�\x83\xD5Z\xEC)d\x9E\xA1\x!
CCB�T\xABʹA\x81\xF15\xBES5\xA3\xE6\xCC�\xA6\xA5\xD0T��U\xA2\xAF:�\xDCꋰ\xA1��\xC0\x86zBn�\xFCm`L�\xF4\x93\x9A!\xB1\xC2H\xBE\xA4\xE5\x96+\x8E\xAB�I\xBE\x86\xEFS\xAA\xF9q\x8D�S\x94\xD1&b�F\x9C \xB0\x96gV\xC1Y\x90\xF2\xCC\xD2b\x89\x89(\xF4\x8E\xDC\xC4\xF8\xA6X�\xE3\xC2]\xBF\xE3>\x80)\xAD\x97\xA8�\xB0�\xC7F\xD3<\xE4GFݫb\xBAD•\x8A�\xA3nw\x85|\x9Cpg\xBE0\x81\xAA\x93\x95MP�\xFC,\x82\x9BE\x98\x9E\xB1\x9DY\x99\xFC\xA7\x90ۢb\xCEl\xB7\xD7؂\xB3\xE8\xCF�l\xA8�\xA1~\xE6!ȥ\xD4�S.\x9A\xC8\xE5w�\xF2\xA9\x82h\x809\x83\xD4U\xA87w\xBE\x8D�\xA49\x93܋�\x94\x89\xF3r\x91\xA4\xF2\xE1�[\xCA�K\xE2\xEC�\xDCX\xAF\xF7\xD3\xDDn�\t\x93�\xD3~\xBF�\xD4lO\xF6\xFC8Œ��\xEB\xDDBj\x94Nf{橆�u\xF6{!^撙Y\xAB\x87w댰1\xD9$M\xAD,\xD1gZ\xD2�\x83\x8C\xC8&\x93ɂFS\xB4ç�\xB7\x85\xA5wl\xFC4w\xA0\x83#F.�\xB0\xCBc\x92\xBCu\xD4i\xB4\xED\xF2E\xBF\xB7Y�\xB1u\xCC\xD1r\xC2\xE5\xE4\xCE3J2\xFD9}\xB0\xC3\xD2X\xACs\xF8w\xE9�\xAA0\xDCwP1\xAE\xA4Tv=gvM\xA2\xC76igU\x9B��\xF7* \xB8W\x8E\x88%\xD1\xFA\xA6\x8F<O�\xE3S3/\xB0\x9B�\x8B�\xF6]\xBB\xCF\xE5\xEBn\xB9t\xC2\xD3\xE2\xCD4\x8D<5cr\x83\xD8\xD6- ra$\x88\xEC\xE9+{�|%SB_\xB4O\xE3\xDAČ閇\xEA>\xF3\xA1V�\xC6\xCA`\x8D\xC2/�\xBD\xD9#\xBB\xCF\xC3\xE2\xD2߾�!\xF5Ȏb\x90>"\xC4�*200\x9C7\xAC�\xCFT}�\xE8\xF3\xA0fT\xF7\xA1\xB7MEf\xBA>\xB3\xBC5qրm\xAE)�\xBD\x97\xFA~\xE8�tL\x91\xD7(\xE6{\x8C\xF9C\xF5\xE1\xA2^m\x84\xE7\xC7'y؈~
-E�\xAA\xCAq�\xD3�\xEBT\xE9C\x9D\xF2�\xE2\xAFy\xC7\xF5\x95+\xAB\xFBv\xA9FZp\xC7Z\xF2U1ì´‚\xEE\xE2D\xA84\xF9\xD3�\xA3B\xAAg9\x8C\xA4\xC1�\xC6{\xBEP\xFA\xE9\x99�S\x9Bv\xD1$�\x87\xBE\\xF1xll\xCB5\xE7\xCDi\xE9\xF5$\xE9TlFÚ—}G\xC8\xD8�f<\xFC�È -�\xFC�%\xEB2�bh{a\xE7\xF2g\xF4C\xFF\xA3\xDC\xEFW{e�1\xAF\xE9F\xBE'G\x8A)\xC6a.\xA8\xB3BG=(\x94\x88\x81\xFC\xAAC\xDE\xDBjHk_\xD7i\xEAPtk\xBA\xE97\xEF\x8Dze\x9B\xB6\xFD\x93t\xE59\xAC)U1M\xAF\x9E�6\xBE\xAC �4*k?\xA6�\x91<ꮢ\xB1\x90\xB2\xE0N|\xD7P\x92.n\xB9|�|\xA3\xDCU+\xB63F\x94MhÆœ�\xA1\xA6�9\x9F?hH\xFB\x9B\xE7\x97nr��\xDE-\xE40\xB1Ň�\xDD\xD6\xE0\x92U\xB7\xA2�P�A7\xC4\xDCFw\xE6\xB0'\x8E\xC1\xEC\xD3\xD6�\x91�\x96\xBA@\xE7P\xFA)�B\xB2\xE0Fp\xE9\x9C=\xE7(\xAE\xE9\x85\xE0�\xCE\xC2L�\x84N\xB7\xCD-\xFE\xC4Y\xD8\xD2�.\x8EF\xB9\xCF\xEE\x90\xC01�\xAD\xC7N4.\xEC\x97{\x9CH\xB6�/\xAA\x81B\xA50��\xBFN\xAD�\xE6%@\xBB&�Z\xEBÑ»Bh�Ùœ\xE6\xB9\xE1í„W\xE8\xBA\xD1$K\xED�[\xCAit�9\x9C\xDF\xEB;�*\xF8\xA2F\xDC\xED�\x83Pk�\x97\xD7x�\xF8Oy\x8C\xFC\xF8\x8A\xBC\xC2\xDB�/\xAFOw\xD9\xF3��p\xBBB"6\xE0l:\x88\x9B\x8A\xD5��\x82U\x91eP
-\xC7^;�\xE1�\xB5\xB3\x86\x98\xB8\xD4\xD5\xF1X\xF0ÞŸ\xC0\x81\xBBb\x92\xA8\xAEk\x80*G/\xB7O3(�|�\xFD�hÉ›\xD0\xC5\xD8%\xA7Y\xE66\xC8\xCBM\x91~O\x8E\xBF\xC6\xF1\xFF\xFC
-\xBD}\xBB\x97%K\x83\xEF\xA6|\xBA9W\xBC�\x8D\xF8+[X\xEC\xE8\xA4P˸\x97�\xFA\xF2bh\xEA~\x83�T�\xA5�:J\x8B\xEC\xDB\xD4 M,\x8AԚf4\xE9nh\xD8~\x9F\xFB\xE2\xE81\xE7\xE4\xED\x9B}\x93\xEFޮ\xEC\x94[/0\xFB\xCB,\xB9\xD81\xA4\xF9�\x85�\x8E 4E]MIw1\x9Fx}\xFF؀\xAE\xB0��\xFD`\x94dt.\xA8\xAB]\x{DEEC}\xE7�\x9F\xF7^\xB2\xCEبH\xBC\xE2�(k\xE6O\xFDGɯ\xBFQ"�g\x82ϟ�u\xFA\xB7\xAD�A\xF1h{f\xBA{i\x8C�v\xAE٦=\xF29\xDB)\xD0ԕ\x8D#\xF9\xEE\xD2\xE9�\x96K\x8DT�\xE5+\xA7"\xBBd\xE5X�\xEFk\xF8�\x92S.\xF0\x84\x81��\x9B\xF7]�l\xFF\xC3�\xF2\xFF'\xF8\x82\xC0\xCC��t\x868\xD8�\x9Dm\x90\xFF�\xF5\xA7\xD0}endstream
-endobj
-1313 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 34
-/LastChar 122
-/Widths 2746 0 R
-/BaseFont /UZLPVW+NimbusMonL-ReguObli
-/FontDescriptor 1311 0 R
->> endobj
-1311 0 obj <<
-/Ascent 625
-/CapHeight 557
-/Descent -147
-/FontName /UZLPVW+NimbusMonL-ReguObli
-/ItalicAngle -12
-/StemV 43
-/XHeight 426
-/FontBBox [-61 -237 774 811]
-/Flags 4
-/CharSet (/quotedbl/numbersign/parenleft/parenright/plus/hyphen/period/slash/four/six/colon/B/C/D/F/I/N/O/R/T/bracketleft/bracketright/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z)
-/FontFile 1312 0 R
->> endobj
-2746 0 obj
-[600 600 0 0 0 0 600 600 0 600 0 600 600 600 0 0 0 0 600 0 600 0 0 0 600 0 0 0 0 0 0 0 600 600 600 0 600 0 0 600 0 0 0 0 600 600 0 0 600 0 600 0 0 0 0 0 0 600 0 600 0 0 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ]
-endobj
-1237 0 obj <<
-/Length1 1606
-/Length2 17262
-/Length3 532
-/Length 18167
-/Filter /FlateDecode
->>
-stream
-xڬ\xB5c\x94\xA6\xCD\xD2%\\xB6\xBB̻\xAA˶m۶m�]\xB6\xAD.vٶm۶\xF1\xF5s\xCE̼\xB3\xCE7\xBFf\xDE�\xD7ZWFD\xEE\xD8�;2\x93\x84P^\x89F\xC0\xD8\xCE\xD0D\xD4\xCE֙\x86\x81\x96\x9E� kac\xE8\xE2$cg+M#hgm�\xF8kd\x81!!�r41p\xB6\xB0\xB3�6p6\xE1�\xA8\x99��\x84M\x8C \x8C\x8C ������\x80\x90\x9D\xBD\x87\xA3\x85\x99\xB93\x80\EQ\x8D\x82\x8A\x8A\xFA\xBF,\xFF\x84 �=\xFE\xA7\xE7\xEFN'�3[ \xE9\xDF�W�k;{��[\xE7\xBF�\xFF\xD7�\x95LL \xCE\xE6& S�k�\x80\x90\x9C\xBC\x86\x84\xAC�\x80\LV� fbk\xE2h`
-\x90w1\xB4\xB60�H[�\x99\xD8:\x99P L\xED��\xD6\xFF^ \x8C\xECl\x8D-\xFE)͉\xF6/\x96\x80�\xC0 \xE0dobd\xF1w\x9B\x89\xBB\x91\x89\xFD?.j\x80\xBD\x89\xA3\x8D\x85\x93\xD3\xDF\x80\x85�\xC0\xCC\xD1\xC0\xD6\xF9o�\x9C\xED �\xB6F\xD6.\xC6\xFF�\xF8k7\xB5\xFB�!{G\xBB\xBF�6}\xC1\xE4휜\x9D\x8C�-\xEC\x9D�\xB3\xCA�\x8B\xFE\x9B\xA7\xB3\xB9\x81\xF3?\xB9\x9D,\xFE\xBA�v\xA6#\x8D\xED\x8C\\xFE)\xE9_\xBE\xBF0\xBD\xCE��\xB6N g�w\xE7r�\x9A \x8C-\x9C\xEC\xAD
-<\xFE\xE6\xFE�f\xEFh\xF1/�.N�\xB6f\xFFŀ�\xE0hbf\xE0hlm\xE2\xE4\xF4�\xE6/\xF6?\xDD\xF9\xAF:�\xFF[\xF5�\xF6\xF6\xD6�\xFF\xDAm\xF7\xAF\xA8\xFF\xC5\xC1\xC2\xD9\xC9\xC4ڔ�\x86\x81\xF1oN#翹\xCD,la\xE8\xFE�� [S; �\xFD\xBF\xED\xC6.\xF6\xFF\xD3\xE7j\xE2\xF8\xAF�\x91\xFF33�I��\xDB\xD9Z{ \x8CMLa\xE8d\xED\x9C\xFF\xA6�\x90\xFFߩL\xFB\xDF'\xF2\x83\xC4\xFF-�\xFF\xB7\xC8\xFB\xFF&\xEEj\xF4\xBF�\xE2\xFF\xD7\xF3\xFC\x9FТ.\xD6ֲ�6�\xE0\xDF��\xE0\xEF
-c�\x90�\xFCs\xC7\xFC\xFFb
-l,\xAC=\xFE�\xD1\xFF�\xA8f\xF2o\x86\xFF'� g\x83\xBFm�\xB05\xFB+�=-\xFD\xBF\x8D�N\xA2�\xEE&\xC6\xF2�\xCEF\xE6 S�\xEB\xBF=\xFA\x97]\xC5\xD6\xD8\xC4\xD1\xDA\xC2\xD6䯖\xFFj#\x80\x86\x81\x9E\xFE?|\xCA\xE6�FV\xB6\xFF4\x9D\xE5\xDF.�[\xE3\xFFd\xFEW\x9E\xF1\xA6S\x92R�\xA2\xFA\xCF\xDB\xF4_Q\xF2UwV\xF6\xB0\xFFK\xEC\xD4!cg\xFC\xBF�\xFF`�
-ڹ�\xBCh\x98\x99 4\x8Cl\xEC Vv� ;�\x83\xCF\xFF!ۿ`�\xFEk-c\xE0\xECh\xE1�\xD0\xFA[2=ÿ
-\xFF�\xDF\xADt\xFE�F\xC4\xD6\xC8\xCE\xF8\x9F)Qr6\xB05\xFE;X\xFF\xCB\xF0\x8F\xDB\xC8\xC5\xD1\xF1\xAF\x9E\xFF:\xEB�\xFE\x9F\xEB\x8D\xB8\x89\x89\xBB\x89�\xCCê’�W\xB0eZf\xBAs
-F\xEEЄ\xB0V_��\xE8P\x88}I\xBDrQ\x81\x95]\xB7_گ�\x8E
-\xFD\x8F\xEA�چ)ίV\x8F\xC53\xFB\xCF�I\xCAÑ�tk\xB2\xEE�\x93\xAB|\\x9F\x9F�\xBD�ț\xA4\xEDlT\x87\x81t\xBA%\xF0\xE9\xE7jQ^\xD7�\xD2\xDB`\x9A\xAC\x{12A1FB}�
-\x8A\xBA\xBF? \xF0\xA6ڙ�\xA1\xAE\x9F)\xFC\xBA�\xF8\xA3�?\xD9#\xF8�\xA5\xD6Ţu 5 \xA1\xD4�\x9E\x9D\x93&\x9E<?\x91
-\x8C��
-v߂\xF7�\xE0P\xE5\xC4B\x93p\xB9\x82\xC1\x93F\xFA;\xE4\xE0\xF0i\xAATx\x85S.�e\x8CMX\xA3\xF3\x9Fӛu�I\xB0?\xA0\xB3\xAE\xFFb\xF8ŵY1\xE4\xE6s\x85qw"\x87\xA7�;l\xA70D\xE8ra\xE5\xE8�؛8\xDB\xE3\x8F=\x90о�\xD0`J\xDAIx\xF7\xA7\xFD�U,\xF1\xDAE\xF2L�w\x8D \xE9\x84\xC7=/
-�\xCEt\xA9f(Z\xC25<:\xBB7/�\xD8�\xA6\xFF\xF8)\x9A{\xA7d��IP|<\x94!�\xA83\xF0:\\xF63+I\xF5\xD4^\x85\xDC�U\x86\xF7c\xCEP�\xE9\xB6Ê•�É£\xAB7\x9D\xA32\x85�\xB6\xF4�K�Z\x8D\xB7\xF3\xE2ih�\xA1\xD9�r\xFA�ni\xA0\xF7\xE6mW\x90�)\xCE<\xAD\xC7\xD7\xEF�1�\xB7\xC1\xA7\xE0 \x91\x8E\xC3\xE8G!\xC5 5Ê£z.%}ß®\xA3�Ã…aŪ�n\xA0\xC9\xEE9\xF5aW\xAD�\xEA:�&W\xA0\xB2\xEAh[��\xA4�% }\xAF\xEA\xDF`\xA9HWl\x81�\xD4+r{b|?X\xE6`\xB8ls\x82T\xAAY͸×\xB8\xC9�nv\x83\xBE\xD6j\x81�j\xAF\x98Z\xD58i\xB1�\x9A\x87ÚŠ�\xBCy\x8F!\xBFB!\xF1\xB7\xD4T\xF3ླྀn
-p\xBC\xB9�\x90�'M/&&\x88�\x94$P\xC6\xE3`\xA1\x8E\x92\x9Dk\xFC\x88\x8D\xC07:~\x86\xF9\x93E\x9CG\xE5\xA8\xF0@[&\xC9�\x97\xE7Z\xF8\xB1H\xE6\xB3mǕ)\xFB~\xF5\x8E/\x9A\x8F\xA7\xA7{<V
-U\x97Ê®]\xA1�Ϻ+\xE3>�!�\xB8\xA3C}\xB2\xA7�\xAAM\x87׎\xEC\xA0\xC0\xF2Y\xDEx\xB0\xA4\xFEQ\xE1\xBEÒžX�\xB8ɪi8M;:6�\xC2\xC2~>eg\x9A1�\xE2CP2\x83\xF7M\xB7]\xF2\xFE2M\xFF\xBD�\xA0\xC1\xF8\x87\x8C\xF2!0\x8Bv'\xACtH\xE8\xFA\xF8\xC1�\x93zQ<\x86\xF33\xED\xB2\xE8\xBD*\xEC�\x83\xB6_Z\xAC\xCC\xF2\xD8 \x83,bz\x81LC \xE2Z�\x88`R u\x84\xA6\xE5\xFD\xB4\xD8���M\x8C23\xAD\xF8Gt~�\xE6\xA7\xC6�[G\x98bC�\x8C\xA68\xA2:f\x988,\x8A\xF0jze\xA8\xC2\xC8��.\x8ACF\xFF9X\xE9\xB0Í\xC0#\xC3�\xEC\xAF?\x96�@F\xD2*^\x80\x8F\xEB�\xB8\xA7\xAD\xE1ì•\xEE\x8Av>S�
-Vs\xA3\x80\xB7Ý‚\xAA�\xA0M\xBD\xA7\xC40\x9A!a9Q\xDB\xE1\xF95\xFDGd\xF5\xF7u8\x95\xF4
-_\xA0\xC4;+\xB7\xB9V\xAB18\xF6nQ\xB1\xF9-͓�\xAAT\x86\xE3~\xED\x90-o\xF2�\x84l\xE8q#]\x8F�\xCF\xE85>�\xD9I]n'\x84�\xE7
-\xB1�\x9A�\xBB-\xA1\xD8\xC3FÞ\xB3Ë‘�#\xA8V�FF\xE0Ѷ|\xC20\xA7\xF6N=\xCD}\xE5�\xCC��_$ [\xEB\xF6I
-t\x81\x95\xFA\xC22"�\xC4B=Ž\x87\xC3\xFDw�=\xD3S\xAB;�vb\x83\x9F\xBC5\xAD\xB5X at _\xBB\xAB\x93E\xBE\x98}e)\xDB.B2*\xB7\xB5c\xCA~\xEAJ\x93\xF5\xEF\xF0\xAA\xDD� G}\xEE\x9A\xFBN\xA3P\xAC\xB6\xC1\x989\x8D\xEC\x97cg'�\xD8u\x9De9\x9E\xBF\x95\xB4\x85\xB3ϑ\x96X�\xE3\xE5n\x9A\xF6I+I`nB\xB9\x99_�\x97&\x96\\x8D\xDB$\xF7k\xB5\xF8�\xB4v\xAFV\xA7\xFB9��\xFBXg*w\xAB\xBC\xF5\xA4�ϡeQ at J\x99�dz\xFA\xCEeh\xFA\xB5\xCB\xD6 r9\xB5\xBF\xE6z\x87\xA3\xC4��\xD3C?\xF7a#
-\xE8R\xCD\xF7�\xE5�\xABì³½k\\x87\xD7I\x93\xA3\xF3%Ø—K'\x8F!\xEA\xA5\xCA\xEAU\xFF\xA8t\xD4\xD9�Q\xF7\xD7I\xFE\x86�\x9E\x86\xF3\x96\xDC\xFC\x96YB\x94DI5w|\xCC4\xEA.�\xC1�\xD1\xFF\xBA\xE9\xB2a=;\x91�\xF312 BB\x9Cnh\xE3\x9D-O�\x94d7>\xA9D\xE4\x90>n�Å—\xC6\xCFi\xDE@^R\xCB\xC5&\x93z\xBFw��bÝŸ=\xC6MD&PÂ\x8FAמ�\xFE\xB5�,ll�\x91\xAE\xDE\xF4#\x8C,\xF0af\xCA�H\x95\x94�\x88\x9Ag�^\xABf\xF6\xF1\xEFp\xC1\xE9�Ò‹\xB8gT\xE2\x9E\xC4\xF9)\xA7\xA8!��Of\xE5~\x8Cl\xAEFE\xC0};\xE5\x92Q�q�\x8D6ò–ˆ™Æ½\x93\@v\x95{\xBF�Ð\xDEa�\xE0�Ͼӱ3\xA3B16x,\xF1\x94\xFB\x82�\x82\xA2\xB6�x\xBF~[4\xA7\xD0K\xD8\xE7\x97\xEC\xF3/\x82\xC9x���\xF4\xA7�\xD4@�\x8A\xDB\xE5\xC2��W\xA1\xB4c\xCBJ��\x92P,�\xEF\xD3o�\xF9\xC6oyT\xCC\x{1D4E1F}\xDDÔ¯\xB5\xFD
-HÅ”7dv\x93\x9F\xBCuAeR\xA7�Ο\x9D�\xB5�~\xB7"\xA0�\x89\x9A~\x81(w\xB7\xE4p�\xCD\xC2\xD8V�\xB1йԚkY\xF2V\xA2\xA4\x8B|B>æ¾s\xB2\x9C\xBF\xADm at e\xBCÉ¿\xFD\x86\x89K�\xAF\xE3+� a�\xD8F\xC1\xE50~\xA8\xA5?�V\xB7 \xA3f@;\xD4K)\x94wr\xEF\xD53\x93\xDA\xEEdܲD\xFAP(\xD8\xD4\xD4�\xF8\x9C\x99\xA0\xD0]y\x9Ev8�P\xE9\xBF]Ú\xBD\xFD\xDA\xEAP\xD6\xC0�\xA8��\xD4l�6\xC0\xB7\xBF\xD4\xC5��\xF7.\xCEe\x91\x9A\xBB\xB8\x87\xB3Ɉ�\xCE\xE0'\xC3f�9�\xF5\x9Be ��q\xC3
- at +\xEF\xF0\xAEG\xE9� O\x82\xB3\xBE5~\xD2\xC5\xDC\xC0\xD4O\xFB\xD9vG�\xB1(<\xA6\xA4\xA4펰yPÅ™�Hn O�\xF1U\xFF5:\xEB}Z\xFE�f*\x89\U$`�\xE2F\xF8\xC1\xBC\xF0!\x84\xFD\xE6\xE1\x86;SD�\xFAn\xB5\xEDo�\x89Z\xC0A\x90~\xE2\xDDÕ "\xE1?q\xE8/\xC7[V\xECqú@\xDE\xC7Z\xD8,\xFAqrf\xC0Q\xF4���*\xD8w�{;�Ê¥\x8A\xB1�vs\xB7\xE0WC\xB9\xA1\x99\xE3\xB3\xFA�\xAC\xC2R�\x93\xDAMo%�\x9E\xE7\xE9È—ÔŽ}\x85\xDEb\xB9k\x9F\xC1Æ·\xC1�\xCFLH�iN\xC6\xD0Z\x9B7\x81\xDE\xE6\xCB \xD6\xF5-?\xCFT�ݲ\xDEH\xFF[Æ‘Ù�O\xE8\x8F"�\xB1\xEC\xD4�\xBFÞ˜\xAB\x97\xBE3\xC4�H�\xB2\xFB6\xE6M'�E\xCA\xD5Vi\x82�\xE3b�\xF8\xBD\xF9\xDD@\xF7*\x9B\xA5��.\xE0&@\xD4Ê\x98\xBF�\x8C�\x9A\xBE\xE1\x8C$f\xACnÜ©�\xD6`ά\xB7Lv=\xC0\xB9�\x81\xAA!\xFF\xD0\xDD�\xDBv\x87\xAF]\x82\xE4\xEEm\x98]w\xCDh\xCB\xD8>\xF3*�\xB2�\xCB�\x91
-\xFF\xC2�\xF8�k\xC4\xD7\\xB2)1]8\x83\x8Bh��\xA5�Omf\xC8\xDFa�\xC3\xE9\x93\xC6S\x93V�\xF2 \xF9\xEB�R\xE7\xABW�<\xB3\x98&Д\xCF\xD6\xE1�d\xADy\xA1\xB9,\x98\xF7r\xA2\xF3go�\xBA1F\xEE\xD7\xF4�;Ë•\x98,\xD3Ú»�W,\xA6j�?\xFAÑsv\xD5\xE0Úž.f\xEA"Sp/2��\xB2+h\xC1�\xE4.\xE8\xF6 \xFA\xA4 \xF5\x9D\xB4\xD9U\xCFÕŠ<J@\xF6\xDCGP\x8D`r\xE8\xBA)\xD2�\xBE7\xDD#���\x82\x95\xD0v�N\xA0D!\xA7-\x84d/ \xACtXzz\x8D\xD4\xF3t\xDF��\x86\xE5~\xE0(H5v\xE8\xD0\xE9A�+\xBA\xCB\\x83c\xF9;0\xB7\xE48\x86RV\xB5M+\x8E\x93\x80=\xAAI\xDD�J\xB4H\xAB\x92�Y\xEC�\x87\x8D\xFF3IS\xBC,\xB5\x82\xFA\xEE at r�\x97\xDC�Mh\x8A\x94\x8F\x9E\xB5\x95\x8EÑ·X\x982O}\xF4u\xCD¨\xF5\x9D��0\x81\xFFL\x98\xEE\xE1w\xA3[\x92òœƒ\xEB\xFA\xC0vWp�\x84\xF9-H$\xF7\xC4�]\xF8\x8C\x93\xDCm\xADy\xEF\xE8\xFAA\x8F\xEA\xF1\xEB\xA0\xFE\xA3ë†\x87^\xC7�e:rg1p\xE6\xADe\x9Dg��\xBC60\xA2\x8C\xBD��\x9E\xF7�s\xB8\xDB\xFC\xB2�\xE8I\xFC�#-(\xF6\xDE\xC6HT\x9FÒƒ\xE4\xA6\xF4p�f\xF1\xEDBOÞµ \xE2U1C)\xE1\xCF3&E&>\xEA\xEEì–‘P\xD1S~\x86\xFEj\xEA\xCFC�\xD4Æ…O(V\xF4|:\xCCΧ\xB6�\x99\xBC Õ†k�Fr6Mmv\x9DY4I.m\x82\xE08\xAFä‚Y\xFAl\x97\xB9�Sq\xC1H\xAB\xB3a\xB2\xFE\xECz$
-\xACj\xFF\xC1\xDB\xE8&��\x94\x97 \xAC+�\xAD3<�g\x9D\x87g\xFCz\x96\xF7\x84Â…]x&\x82*`\x83��\xA5�Õ¼\xF6Фo\xFA\x9D>\xEC\xE9W\x9AMC2Y\xBB�\xBD\xEB�\xB5\xA2\xCAxL\x9DY<\xEA�\xF4\xF5m\xA0Ä„\xA2\xD9�\xEF+\xC7�y%\xA8\x8C�\x9BÆ �\xCF 7\\x97OvN��\*\x82\xECz\x95\xE2�IB�l+u\xC2[�\xF4\x90P\xC1�\x97\xA24H�\xD6[×…\xEB\xAC5$\xDEv�\xC0 -?\xED\xD0�\x88�d
-\x9B\xB0\x8F2)q`{\xBC\xD1�ß�P\xC8o\x8F\x9Eé‰H\x96\xC8\xF9�\xC5{\x89\x9F\xC7C\xBCY\xAD{\xC1\xE0kN\xDCys\x8E�\xD2Æ›#R\x89P\xC9x\xB4<\xA0\xBB\xAFq\x91y\xC9ÿ\xAC\xF68\xF3\x83x(�\xFDzsC\x93\xCB|=[\xE0\xF0!\x9B\xDCJ$�b\x98Q4>6\xF1\xA3�\xC9\xF9?
-�]K��\xE9<#
-\xE7\xA9^\x96v\xA9�K}\xB3Æ�\xEBY\x87\x8AA%E FÉ‹P\xDF�ƲÍD\xE4Ö›\x8B\xC4Ö¤\xD3M\x8F\xD5�"]\x99\xBE\xD2\xC0\x91�;Z H\xB7Fh� \xC0\xD5QK-\x87a\xB3\xFD\xFD\xA5\xAC\xDDÒŸ%\xA51\x94NT\xE6\xB9$\xC5#\xA4a\xEE\xE1\xC53\xC1\xEB\x95F?Ê·\xD8c\xAAj\xC7c_Y0Z\xEC\xF7�\x96P�\xD2L\xD5\xC3(
--w\xE30!s�\x9E-,�\xBC\x8B�\xA6Ò—�t]\xA7X\xFC\xB2E\xF9h\x80\x88
-\xF1~\x81\x96\xC4-\xAE�\x8E\xC8$`\xF2\xF4tM\xD0JS]\xE2\xC1\xEE\xE2\xD9\xF6,se, -+\xA9\xFB\x90ц\xF2\xBD\x8As`\xDC&\x97l�\xC1�8岣\xE2D\xCAVܴȔ'\xE3Ȍ�\x9E�TF\xFB"\xEC\xE7\xC0�p\x87L\xD2\xFD\xEA\xD2\xCAl
-\xCA�^\xFE\xBE\x8C*�\xD0,\xDA!4\\xF5�\xCBs�\xBE\x87Vn
-Ý\x81�\x91^gna\x9E]\x8D\x8D(�+P>\x97\x8F[\xA1��\xF5\xF6\xE3\xB9Z\xBE\xC1x�\x9A.\xBC\x97�G�\xFC3�\x93\xDB\+\\x99~\xF3\x96F]\xB5�\xEA\xDF+�IU\xBD*7\xBB\xE0d#\xD8\xD6b\x81\xE3B\xEE�*m\x8B'g\xB9D\xB2m)\x95�SA\x91X\xAC0\x81\xD1�<�HX\xB0\x8Ba�Xtͤl\x9D\xFDaIG\x99V~\xBC#)�$I�\x9C\xC0Ö\x9F\xF4v"S\xF3y3�\xA6\xB3�NU\xE1\xD20\xE9\xBC�\xAFk\x82\x81%(jJ0g.3\xA6J�R\xBF\xA3\xB0\xF8\xA1Z\x80�\xAE\x8D\xFB\xC6ÔŠx\x9DI t\xA2J){CX\x90\x81\xED\x8D�9\xCD^��<\xDF�&p3\xDC5\x92\xAC\x81*|$\xF5/�\x8A\xA4\xB3\x86\xD0�Xj\x9A\xC1 "\x8C\xA6�\xDF\xFE\xB2\xD8\xD3\xC9J\xFC?\x91\xA9DÄ¡Ep#\xB7Dï°š\xAF8\x9F\xF0
-)i�\x8D\x86s�\x9D\xF7\x91�\xBF\xF8)\xA4Òf.;\xC4�&\x89]\xC5\xE1\xE4\xB2 �
-J\xFC\xE3�\x91�\xDCt>\xA3CM�mp)Ԏ\xD8.\xCCrk\xD0\xEB\xE6 at 5x\xB1\xB0\x8C\x99\xB0\xD2H\xB8*&�\xCB��)�\xF5\x98?gS\x8E\xAC\x95\xA2\xBD3\x94�\x80\xCAM\xB9\x8F\xFB\x8EL\x8D�\x86H\xE5\xED\xCE\xE8\xB5Y?\xF7 J\xACY\xB5券 IDѥ1{\xC4\xEB\xFEJ\x96Z\x9C�m?ѿ�\xFD\xB1 Q\xB4\x8B�\xC6\xFBk\xFB\xA37Qʵ\xD6M픶\xE0�\xE7\xE6\xAD\xE2|\xFC\xEA\xB3S#\xD8\xFD\x87\x8C�\xF3\x87\xFC\xE7\xD2p`'\xE4o\x90��Ik\x9Dr4%o�\xB6fk�L[�K\x9Fst\xBAg"&7t\x89*�\xD9\xDF\xC3\xE02\xBA\x9A\xF8}\x96x�-V?\x91"\x8CcY\xBA��\xB5\xFAv P�dk\xA0\xEE&\xDF3H\xEF%'\x8Eآ�\x90\xABG\xB6\x85�\x96�\xD3b�x�\x94\x95!\xABH\xBC*׵\xCA\xEE\xD2��l\xA5�\xFD\xE14G\xC8A&�K\xC8-\xFB�\xDC�w\xDCiO\xEF�E 2\x89A\xA62�\xB3\y�t_\xEEBO
-�\xBF\xD1\xD9\xE3]\x9A\xD1I\x8B\xF3C\x92(\xB8-E\\xF4H\x88.\xE7\xCEoB\x8CT\x85\x9E\xAE5�:@\xACPNk\xFE\xF9�\xF2\xA7r\xAC\x8BG\xB3\xEF%馒\xFC�\x938\x99\xB9/q\xEE1\xF0B\xC5WXB�ս\xBF\xFD\x90\xA2\x86\xD9ј\xA9\xB5?\x82�\J\xEDk.\xEA}\xEAS\xA5ˀ\xB6\x87\xD5�\xD8�\xE2\xDA�L>�$\x8F\xA9\xC4r\xE5`\\xED ww\xA4\x83\xA2\xB6\xF3\x8A\x9F\xC0e
-�p\x89�\xEF\x8F\xE5\xACtpy(\xB6�Ŏ\xB2W\xE5�+\FE\xDD\xD4\xF3G9��_A\xF3\xC3DY\xDF=N\xBF׀\xF5�\xD9]�E\xD28\xE7\x8F͊\xA3\x85<M\xAE\xD3";\\xFF\xD0\xE6\x9F�\xDCr湔\xCFY`\xB80�o\xDC{s\xEA\xCBXs\xEFr\xECj\x83x\x97d\xBD+\x8D\xF8h\xAF�\xB5%\xE2!\\xEA�R�-\xB1CO\xD1\xE09\xF1�^�
-n�
-�t^B\x85�\x92\xA0y\x89\xDCD\xB7@\xB5\x98\xBE\xD3�\xF7\xA1\xB0_z\xB62\xB5$㱘J\xF3\xA2a\x93\xD6\xF3\x83Tp;\xD5T\x9AeI\x9DM\x81\x95�t\xBE\xD55\x8A\xF1\xBA
-u4\xA6\xF9>\x86\xF0<\xEE�>\xD5j\xC2 \xDAh�\xE1:\xE2\x97\xC0\x96\xDC�;Ƥ\xDF�\xEF\xE1\xEE\xB6ô„¯²\xD3y\xFA6\xB1�\xAFꫤ\xAD\x97\x8Fe\>\x8B.Ò¼\xC3�z@\x8A=\xFC\xB9v\xB3\x9C\xAC\xE0r�\x86\xB8/\x84:΂1���\x8F\x93\xB3r_\xFBÖ‰\xBD^oa~�sïª�Ì(\xB8d\x9C\xFAv\xFCa$ O\xD0U\xAF\xD5�\x92 Ѿ\x9F
-\xA6(jcn�\xB7=�\xA5�\xFC\xA1\xED0�`9\xF5A\xBB\xF5\xFB\x94Æ–H\xC4'ReM_ \x83\x85ʲ\x8B�\xC2�\xD8\xF7\xCDXÒŠB�ɧ-\xB8vekâ§Ë\xA3\xEB� \x9B#^8\xF9\xB4\x8B\x9C'Q ]\xF9\xD9b\xE5@\xBD�;��t�_wD,N3\xF6�\xDA�{\xD9Ì¡.\xA7\xBF\xB1\xA2�[\xBA\xE4�\xA4L\xD3\xEB\xBDwE�\xB1\xA3�Ð\xD7N6\xD7(\xBF=X\xC0�z~\xF6\xBB\xE7Í›\xBD�Ko96\xB8\xA0S#ß‘\xE5k\xA5\xB4q\xB60 <\xDE,��\x8F\xC5\xC8\xC0\xA9\xB0\x85�_\x85\x98\xCDß…\x84bSq\xEA\xA6�1AZ\x97\x82'E\xD1|\xA3v\xDF\xE2\xA6\xEE\xA1\xF9\xC0e5 \xBBv8,�\x94\xB7^GÖœ\xA3\xF4f\xEF\x97 \xF2\xF8}�\xA1c\xA61\xA3ij\xB8D\x86/[\x83\xBF��T�\xBB\x91\x84\x97��I\xE47\xCE\v\x8DI�\xF8\x8BU\xFB4\xB1\x8Ds\x95\xBA\xEC\xC3���\xB2\xC9\xE4Uƈw\x91�\xF7\x9C\xC2<mlN\xB0p\xA3\x97\xA9\xA69Y\xB06�Ì‘\x89_*\x9B\x80�~\xC4�\xFF\xBB\xEC\xDCj\xAF7ms\xECV�~J\x9B\xB1\xF3\x93�T"�m�\xB1/\xF2\xB0�\xC78�\x82\xF2\xB6\xB7EHÍ…A\xF4b\x98Q\xA7�\xFD'i\xE9\x9D�>\x8B\xFFzǯo)׺\xBB\xD6YM\xFD\x82q\xAE\x97]\xD5m\xDFW-R\xD8\xFC1EJ\x8B{B\xE0{\x88O=\xCEw\xBB\x93\x8F\xFC\x8D\xE1\xEA\xA0�\xEF�\xB0�B\x84�\x9E%>{MJSj x\xB9u\xC9\xCA�\x9C*\x94VK#I\xFE\xC8Õž��N\x9EÏŒS\x94\x94f\xFD>\xE5\x87\xC5V\xFFM\x85\xC0�\xFD\xD9<\xE6(6\xA7\x91P\xAF\xF5\xCBY\\xBB\x91\xADK\xF2%\x9B$\x93\x82|d\\xDB�\x98�\x95\xA6\xF1\xF9\xBD4Ap�8F\xD2�UrG\x8C�\xCF\xDD_\xBB\x88\xC2�\xFA#FMÓ–\xB6]\xC0\xC8#\x9AtY\xCA\xCBB\xB2\xF1T�\xFC\x9CΑ)m2�i�P3\xA2\xC6;\xD8ʉc\xC4\xF2;é—»\xB9cF\xAE\x91>\xA5\xC0Y\x88w\xA4�A%��\xAA.ƨ[\xE3Ú“\xDE;�\x92\xA8\xC3T7\xE3F\xA5\x90\xB5\x9D\x87\xC7z/J\xDEAX\x80\xA7\xEC\xA0óˆ—‘>f��\xB1d\x8C7\x8A\xE20:\x9F\xFF\xD0B\xCEL\xACa�T\xAF\xF9j\xE5R6Þ¦.-\xF9\xBD\xE5S\x91\xD80\x81 \xAA\xE3\xFC��M1^\xB0\xBBtX\xE1\xC1##\xE6\x9B\xC8\x!
E4�9\x86\xD0kD 7£$\xB7J3\xAC�\x8Aw,\xF5�\x8Fׅ\xCD~d\x98�\xF6,\xD5o\xB5.\xC2E����\x83�Q\xEE\xF3\x82A\x8C\xE6\x9D\xC4�\xB7d\xE9w��HXa#\x90n\xC5\xC7\xE1\xEC\xE9\x9C\xC3EɄ+8S<x�\x9E\xB5�\xF6\xC3\xCEǎx\xB3\xB2m\x8B�3\x93��/\xD3. \x8BE\x86x
-K\x97\xD0i\xE7�\xEF\x91Z\x92 \xE7\x9BK�\x8D/�E\x8A�kk�-\xF0]\x80�\x96|\xA9\x91i\x9C\xBE\xEFÙX\xC1\xA0Giz\xF0\x84\xFC\x862~\x9D�\xF2�\xAD\xEA4\xAC\xEBβ\xF0\xD6a,\xB1\x83\xB6�\xAB\xEE1QÒ¬\xA7"\x86\xC4r\x84\xDE�s�VRo|\xDDB+\x9D\xF1�\xBB�hb�\xDAy\xACT`����N\xDAS'j&Ö‡\xF3y�\xEB) \xA9s\x8B*�_j\xDE\xC1㦯_\xB2\xEAb\xB8£!%\x8BF\xB5K EU\xF7i\xFFP\xB6
-\xCF
-\x8C:\x8F\xA1G=\xF1\x9B\x96
-\xE6@,�\xBA\x805\xB5\xB3\xE4j�\xB2\xE949\xE8C\x92F\x88\xB4d|cp\xA2\x88C\xAB\xB0'\xBBM~\x94 c\xBC�R\x82u\xC3\xF2\xB3\xB3t\x8Dp\xBA at r\x9E\xDBXGz�:K\xEAGjv\xF3\xD5(\xB8�*\xEC\xEE\xB7\xCFv\x9F\xD7D\x83�\x91튽�\xF7\xFC�\xFD�9\x92\xF6z\xFD�\xD7\xE8Q\xE2,\xF9\x9B�[\x85�&\xFB\xC6\xD9�9�cO��]ڋ\xEF\xE6\xC0\xCA\xDDQ<K+\x9C\x80E="\xE8iO2\xF2\x81\xA6Zb\xDBb\xFA\x83\x9A\xA1l6(1$�Y\xFEu\xB9\xA9\xC6Wv4^\x8A�\x9B\xCC-�\x9B\xE6k�\xA1\x9E\x97Njm\x9F
-\xAAC\xF11\xCE7\x9DF\xE2�g\xF0�|\x8E\xDDh\xF3\xD4\xCAɼT\xB5\xBB\xF4T\xB3\xC3�Y@?\x82\x86\xC5�=\xB2�\xFCD��\x81�,\x9A%Bf!\x81s\xF4O;\x82\x86d\xA9�,\xE3�W\xECh\x9B�\x9C\xBBÜ\xBC\x9F\x85Õ³\x82P \xFB�\xAC\x96\\xE5b6�\xA3ZV\xB6�8\xF4&|\xAE\xA4r\xAE\xC5)|\xF0\xA9�\xCC�a�\xF7�\x8CFÏ·x\x86Ä°�<�R\xCE-ymR$`\x8D�\xBA\xEFm}/*\xE7\xDA_\x84\xB7'\x8C\xB7 \xB0É¥\x87؃/\x82U�\xD4�\xDCH�#\x86\xD5\xD94\xC2\xF9|\x9Al^?\xA6�->_\x905\xAE�A\xB5\\xA8\xD1\xD1CR\xFDSI\xBF+\xADS��\x81\xDC\xC1\xC5\xE0^>S@\xC3KX+\x8C\x9C\x86\xF9\xBC\B\xE6R
-U\x8AI\xF6\xDDbB�\xBFd9L<P\xB1\x9E\xDE�I~\x81\xDAi|\xEDqQ\xE2B\xF9�\xD6�.\x95\x9A,�\\xB5p\xA4=\xADØM#.�“$*\x9E\xC2�k\xAA\xF9\xBD q\x9C\xED\xB3\xBD"\x99\x9E�\xFBv@\xF2\xFE@\xBF?dzS;k\x9D%?\xE6\xCB.�\xF2\x9B\x96�\xC3ÛP\xEA\x94Pz)Zq\x92 Ú‰\xF8d\xA1\xC3ÊŽ�\xA8\xB2�\x99�\xA5C\xF4<\xD8mY154\xCB\xDCM\xE6\x83`\xF6ii\xDF�Û�\xF8e3\x9A%R_\xA6\xA5\x9Fet\xAD,\xE4ØŒ\Tݵʹ)\xA4\xA9zUQ+e�ÌŒ}d\xD1\xF9�\xB5S$�Z&\xF5\xDE\xE7-\xB2;�\x9B\x983\x84\xD2\xDD\xE0\x8E\x87\xFA\x81\xF8&\xDFL -y\x8B\xAB\xAE\xBB\xB3\xCE.�\xA2��@7x!\xC6ʼ\xB4\x86\xA6_\xED\x8C\xDD\xF7v\xCEg\xE3b/\xEATu�O\xDF\xF1\xAB��\xAA\xA0`\xF9\xCC\xF3�\xADÖ¯\x83\xDCJ2�\xEC\xB0MF\xAE3!m \xD7Dj\x97\xBD\xF8\x84V�\xBD\xEDTS>�\xCB4g\xAC?\x99<[�*Y\xB5\xE6\xE7 \xA1\xD4\xF3: \xD6n\xB0?\xD1p\x80�m\xA7\xB1\xD34#\x85\xF1\xF87k�%w\x8A\xBAR\xD9"�ซ\xD2p\xA6\xB8\xC8�\xB2J�\xF1~\xBD�gF��\x87)]\xCF\xD3
-3�\xA4î§Æ¦�\xCAgZ�\xC9Se\x96\xA4\xF5\xD5o0\xA7\x8C"N%�\xA2.ZV×¾(\xDC\xCA1*\x94\xEB\xB4Z\xBDSe\xB4\x99\xB7J\xE8\xA2]\xA6\xDBq\xBE\xBDE\xC6.Ó»w\xC8��N\xF7\xA7`|\xC5�\xBBx\xA1\xC3EGoVH\x99\xE0\xF7\x98br�\xC2$�\xB5=\xAF\x8Dm�
-ec\xB8\x97\x9F\xA5wl\xCFÓ²\xE6<-\xFB,\xD6z\xC5/SwC\xFEĺ\x8Du\x8A\xA64\x98U\x85\xC7t\xDA3gr\xE2\xD6j�R\!\x8E\xF3�\xE3�\xE2h\xC2\xC2�\xDB#\xB23\xF0t\xE2\x87\xE7e\x85�*\x8B\xCD\xE3Q\x9D\xC88\xF2\xF9)\xF1&\xD5x\xF4\x80\xC4�\x9Fc\x8CDTyÔ€\xF9k\xDE\xD2d8\xC1E\xA0\xD1`\x8A��:\x9B\xB1\x9F�S\xB0J\x99\xFB\xE7\xD5 \xEAZ\xEE\xB8\xD8\xE1�h���2\xCE�\xA8\x82U\xD7\xC3I%\x81\x91�\xB6\xF2\xDF;И\xEA�\x98\x94r\xFC\xA2#\xE7\x9E \xEB\xB3>�13\xC9\xFB\x89E\xF8\xC2X\x85\xE8Ý׳:\xDBf\x95\xF3,LN\xA8\xC0\xF0\xA7\xE34a\x8C\x81\xDA�;�b\xAE\xF0o}\xBDÑ\xE1K\x9A\x8DX,\xA2\x98kSS�\xFB\xEA\xD4 5\x9B��\xD6\xE3\xF0\xEDv�ì½¾\xA0\xF0 at z&\xCC\xD66^\xAD�\xBC\xCD�ʹFÒ¡I\x95�\xB2Fb�\xEC\xEA\xC1\xB7\x9ED~\x94g\xEAF�\x9D#@\xCF\xF2
-\xE2~\x86&\xD1�\x9E𽑻Y\\xAD\xDE\xC1\xE2\xBC\xC8$�\xF2\x86\xCF\xD7�J=\x9B\x9F\x87\xB1\x81\xFA\x8Azv\�\x91[Û\xFA\xA2q\xC4�\xBAK\xB9g$\xC9-'d�\x9F\xA8(\x82\xEA\xD9`\x99\xAC`�:t�u\xE8� ��`=)\x86\x87\xB3\xE7\xD1�\xAFL\xFA\xA1&\xD5�w\xABM~\xDD,waS\x88\xB0\xF5\xF2\xF9�\x89\xB3?\xA6q\xC0c� \x8E\xAF=�-o\x95b\xFA\x9E\xC7L\xACÓƒK\xB1\xFD}\x83\xB0\xDB}|\xF4;\x84Xb\x89\%&\xC0T\xE58\xF6\xDB#�A\xDD͆\x82VbÑ£1\x8A4\xB0�Ï\xCFȨ\xB5a\xEBA�*Z\xBA\xBFB\xA1�h%lܧ�T\x8A �\x90�\xBF\xC6t\x83\xEFo�\xED�\xD7io\xAAF\xA6
-�F/mwL�vw\x89D%\xD9\xFB\xD4\xF0q\xCF'(<<\x8D\xBD\xBA\xD1\xEF\xAEÏ™\xC7z�Óª~2Ì\xB77\x9A\xE1`\x9D\x94Z|�T\xF23>\xAA\x99\x8C\x86���\xE1+\xC0J\x98\x97�Q\xFA\xA8\xF3\xF3ad\x96�gDh\xA0×™X\xB6\xE3\x8B�\x82.\xA6\x96��;\xA9-$\x8E\xA1\xEALJ`��\xA0\xA1j�\xDD)�\xD6 �\xBCS\xFE\x8C\xE1Q\xDFy\xA2\xC7�\x86�Q\xD4ÝQzm\xED\x86ʃO\xEF�\x97�s\xBE\xAF\xADP\x82\x83\xB1"r�v�\x89\xAB\xE5JgJ\xAC(1\x8F\x94w\xF5Ó‡\xF7)\x94\xB9\x80\xF3h0\x85Ø‚\xC7\xF0\xE3P\x8E\\xD0\x8CA� i\xDBQ{\x977Ñ—\xDE �\xC87\xD2\xF6A\xAD\x847�\xDA\xC2c\x8B\xD70\xA3=\xA15zܺ_\xFA\xBDv\x8E\xF9QO\x8D\xCAE�\xF0\xFC\x96 /W\xB6!.\x88O\x9A\xE5�\xB3
-B\xC3Z.!
x'g�k\xEA�\xA8\xBA4A̡#\xFA\xED\xD1\xE55\xA3\x9F\xEF!\x8F\xB9F\xB2�\\x84�_.\xBD\\xB4OqӪ\x85K\xF7K|!\x82\xCB��\xC0E\xED\xC1bE\xE18�B\xC6�ƽB\xBE\xB5\xEB\xD8��\xFB\xEB\x8A/\x94\xBF\xCB<\xC7�3�/b\x92\xC2~\xEB\x85M\x82\xC0�N}\xB1s&\xDEg/VNx\xFFyVq\xF6\x9D}P�j"Xw\xB5m�陵|\xAA"\x81\xE4\xB0pf;�VMW\xF0eF$\xC9]\xD1m׮u2J\xEE��\x94�n\x9C7&\xCE7\xAC!\xE8q\xBB\x92\xBE\xB4)k\xB0\xD7+\xC5\xF0\xCE\xE0\xC1i\xCD \x98\x93%\xC3Ϳ\x89\xFF\xEC\xF7\x85\xCC>\x80^\xA0\xC2rJ\x91 \xF0 at F\x85ހ\x96\xF0\xFF℉\x94nw\x8CD\x9E\xD6 \x94\xC9l��]VU ��\xFD-\xB8\xFE-ݛ\x86Of\xF1\xC0�E\xD25 \xA9>V3fg\xF4�\xBC�\xF1\xF5\x90\x9A\xFF�B\x95\xA4\x85J\xA7^\xC6T\xA7sU\xBC\xF6
-\xE2�\xDB\xFCئ/l\x83X\xA1\xDBV\xD9
-�-\x8F\xD2\xC2)Т4\xCC}ѳ`\xEF�gZ\xBC+\xACF\xA3\xF3&\xB4(\xD4\xCF\xDED�\xC6\xFC\x96 07�\xE8�\xC6\xC8JB\xD8
-\x93\xB8\xC7it\xAE\xE6\xB5\xCC\xF9\xB0"\xC9\xE6\xAC3j(\xDFD\xABR\xCE\xEFm\x8B\xFA\x90\xE4�\xDCz\xD7�\xDB\xDE-\xC7x雩l�j�v\x9B&o Q\xE66͔k\xBEd\xC4vg\xB9T\xFDD\x9B\xA5u\xE0H#\xB9\xF8%\xFDQ\x8D5\x8Cp\xCF\xF7�\xF4,\xAAk
-\xBFI.#\xF2�\x8B\x91$$qk
-+f\xC3S\xEB�\x9C\x8A\x94]W\xBF\x9C\x9F_\xEA\xD3j\x99#�\xED\xFEk\xCB\xCF\xE1K\xB17FMM:Ö—
-�\xDF\��
-~\xE1^/r$\x8C�\xC0\xF4\x94\xA2_\xC6A\xB5\xB9*\xF3\xAB\xB7�t\xF6\x88\xF0N\x9C0\xC22g\xBE�I\x9BqŲ\x98\\xF8\xC3(6\xFD}\xDD\xFF\M\xA6]~\xC3v\xA0\x9C'e\xF0\xA9.�&r\xE4x�R\xA5�*\xFF>\xB4�BSR\x87\xED \xBF.DË¢JX=\\x86\x96\xF5\xFB\xA6\x99Eb\xD1B\x90\xB0�_\xC1\xD6\xDE\xF1\xA6\xF98\xFD.d?2\xB5!_\xB4\x9F\xF5�펱o)t\x95Îs\xAB\xDD>P^\xEE�\xFE�\xE2\xCC\xD1%,\x8D\x9C\x8F
-��\x92�\x86\x9E~\xF7/\x98\xBA\xF1w�h�V\xF1T\xDEp8\xC5x\x96\x92l\xF2\xB4\xF1G\xD4��'�\xCF\xD5�X\xA6\xD9e\xC8\xFD�K\xE6pRY7\xF9\xFCsd\xA9R2{\x81\xF8zu\xEC\xD7S\xAE\x8D\x87/�\xD5\xDF�\xB9\xC7$\x86nNהrp\x9B\x9A\x81d\x8DY\xC86�^^\x84\xF1�\xC0i�a\xF52\x9C�\xF1\xA7;\xBD\xB3
-\xD3�\x94ͼ\x93\xB9��hծ\xFB\�,\xB4\xA7�\xC94.O65��%�FMuCC\\x9F\xECO\xB7\xAD:\x9B�\x90\x92\xCF)_7><\x9B[\xFC}e\x8B�'\J\xF6\xE8 at L\x88\xA8�k�\xDC\xF3qY�b\xBD\xE2�\xF5~�\xD9M\xB9\xAE\xAC��e|�I\xF3\xCEj+\x94\xCF\xD5cb8-\x9A\xCEr`F\x9E\xCB\xC1 n\xC9
-\x84\xBDh\xB7�\xD3Ai3\x9C\xC4�\xCAHDr\xC0z5�-;\xAE\xE5�j\x97b\xC4E\xD9\xEDY\xBD�\xFB�Hj at o\xFDO\x8DJ\xD1\xDAI\xFFr\xD4\xE1\x9Bɺ\x99D\xF1�$e(ѶÖ\xF0=\x9D�c$\xC9\xF1x\xAA1S\xD1\xED\x85\xD8ӷ\xA4\x89rL \xB2\xDE\xEB]\xE7
-Q\xBF\xC9�\xBF\xCC\xC3�TV\x8C\xCAQ\xF2\x91~�\xEA1S\xEA�\xE3\xEE\xED2\xBC�\xC8J�\x97\xACc�\xCB\\x97z\xA7�{\x86�\x8D\xA6\x94Ɗ2\xC1/D_\xDC>\x9B\x9B[\x8E�A\x8AZP\x95`\x9A\xAD\x80\x94�L�<\x9B\x83\xDD \xA3ԺV¸\xF1%\xB4�\xFA�\xB1^Vf\xB8E\x91\xE3� K\xD3�\xBA\x8Cn\xF1O\x8B9r\xB7�f|Ԛ+}\xBA%}^\x8C\xE7r�Ňd~\x93�\x9B\xB1\xC8�+\xEE\xEF$\xDF:Z\xE7\xA2t�
-\xCD[ÏŽ\x89�J\x81\xA2\xF1?ѳ�H\x96M?o\xB5\x96�\xACÞ\xA6�:\xC9\xF5\xDAQ\xB2;�\xF6<h\xF34a\xE8\x98w\xE0\x81\xC7\xE7�\xB6\xDCl\xE7\x9E`\xBC\xACG�i\xC1\xA2\xEA3\xF6\xE5�Lo_\xB4@/\xA1�\xFAÕµm�IM�(\xA7`\x84\xE9\xA4\xEB\xFE����ߎ\xEA\xC9^m\xA3dI\x91}e\xDBlm\xA1\x969vC\xC2u\xF9X\xBD\x9Cj�W~\x8E\xB0e\xB6;\xB8}\x9B`\xA1*\xFAF]\xF1\xEC9\x8D\xE9�\x92\xBFO}q\xC5 \xA0�\xD8j
-?\x93\x82�\xF8\xBD\x9B�C\xE4�ãµ¾�Kd\xA5\xA1~\x96?a\xD2s\x91D�\xFB�\xF3\xBF��\xF8u\xD50Õ¼\xFF\xD12_QW�#\xA1J\xD5HH\x98"\xF1jc\x86"\x94\xE2,\xE0��9\xA2]\x9F\xFAPq\x93\xE09Øju\xE3�<!\x8EË-\xA5Z׋T\xEE-E\x9B�\x9A�v0m\x9D\x9C\xD7^\xBA€ujW\xE2#�\xA1\x80(\xD6\xDB\xF1�\xEE:\xE3~~y F)\xDB\xD3]:>Y�\xBE\xA8\x9C\xE2\xCA�\xC5RG\x9C)\xB8\A�\xAEG\xF6��vD\x9A\xB4 \xF4\xEC5`Cb\xEC\x92 i_\xF4,\xDE \xD7-Dļ}\xA2\xBB\x86\xCA��gq"\xAE\xFF\xCC�\x9Bo|[\x8CB\xC1\x9B\x82�\xFFS\xB9;b\x8B\xD0׉�\xB4\x90B\xB2\xDA\xFC\xFA�(Ê¢bY\xB4\xD0ʼn�z�\xC4\xF2بA?�#3\xF9\xA9\xC3G\xA3�onZ�\xF6|-�\xEB\xC3xÊ%\xF7\xAB�\xFC\xE3j\xF3\xEE"\x91\xC8M\xD4Dv\x99w\xCE�\xDCwS\xD0�\xA2Q q\xBDX\x8B\xD7�\xFC\xFD\xE7П\xA7\x88\xFD\x9E�0�\xB0(\xBC\xD3�Z9\x85\xCF\xFD\x9B;\xD4r\xCF'\x95Ä”\x92$k1aÛ“\xE1�_\xBD\xC6׆U\x88î°„M ���\xC4\xF3�\x96�?\xBCdD#\xE8gy|U\xFC\xCF\xF7_
-TY\xB9\xE8?
-\x83\x8B�\x8A�C\xA3ʘcl9y?E�\xBC*&3Y�1\xE8ǣF�6J`f\xB8�[u\xB7�\x92\x88\xD27i4|\x8ACkb\xF2\xB0 `ϡkt\xEA_\xB6v]7%\x88p\xA4\x9Fz$@Fjl\xBD\xEFd\x8EA\x92M-\xB4\xC0�\xC08
-A\xD9F\x98/\xAC\xB3cv�
-\xA2
-\xB0�a\x8Fd\xD3@\xB5l\xAF�b3@\xB3\xF55\xC8q\xE2\xDBZЅD\xDC\xF6\xFD�\xF8}`O\xDCtq�\xA1F\xBA�l\xE0��В�6!�\x96w\xC8�\xAB\xF6�g\xA2\xC8c\xC1�!\xC5kj\xF2Q\xD8�{\xBD\x93\x8B\xF5
-MX\x86\x93VS\xDBoV�\xF9\x8B\xAD\xAE\xE1G<>\xF4ڪ\xE61&\xD7m\x9B���Ny\xFC�\xC9x\xDCz\xAE\xD7\xF8\xBD\xA9\xC6\xFB\x99�@\xA0Z<\xF8r\xB2\xB9\x8C\x89Hosk\xEBQ0\xB7\x9E�\x96v\x80\x93��3\x85\xAF\xBB\x91\xEA \xF0�Cx,\xA7\xBC\xB6c\xEF\xD6\xFC\xBB~\xA8cR\xBD\xE1\x9C�W-\x81�\xEEyN}i\xA7\xE9\xDCR\xADY֨P!f\xD8\xD4�\xB2M\xA3\xD1<\xE4\xDA\xE92c|\xB5\xEC�ɞ7\xE0\xF2\xE0�\xCAX\xEE�4ӱV.\x91z%\x87\xE3
-\xB2f \xE29\xCAï’Œ\x92f1\xE8\xD3Cs\xEE�\׋�W\xED\xA6�\xBD�tM.\xD0^\xD9\xFC\xD6\xCC�Ú¡�x\xC3�\xC3t\x83D&'\xED\xC8x`i\xEAH\xCC�\xFE�M\x89\xEB\x99=\xAF\xED\x89\xD3�\x98>"\xFCE�\xBA4k\xD6O\x9F\xB9Ø.r!P\xDB0*J\xA0\x98\xB1 \xF8�j]Y\xE5Ȥ;uY\xD3lc\xC2X\xB9\x81\xB1*�\xA9\xA7\xAAw]#k\xCE?�\xFA�\xC0=\x913\xB7;\xFB��%\xE2\xD2V/\xF4\xD1u\x8E�.�\xE4LSN\x84󅆘s�O�\xF3{QA~\xC4\xF2\x8C+��J\xFE\xF9\xEE\xC3v\xB2\xC7M\x95\xCC`Ip\xE5'\xB1b@\x81{F\xDE"�k\xE46\x945�\x9A \xCB[�{`\xFE\xF3bH��s\xFD\xAD\xDB\xDD\xD9Jx\xA3\x8D
-\xFE\xA4�\xFB\xEBr\xBD\x9F�Ì\xA9\x82\xB3f\xCE\xDDtw4N�\xA9\xE1�*r\xBE\x8Bm�\x80 \x9C*
-\xED\xB33\xCD\xF5\xB1(\x91V[\x8B.[�\xB3\xEF\xE4ٓ\xC4ƇGh�\xC0\xDCF~p\xF0m\xEF\xAD\xD2\xCE �\x8ECeG�\xB1�\xFC�A\xD2�\xF3�\xA4>\xF2(w�nB��#\xD16\xB1\xD8#��fV\x89�\xE8\xB7ڸ\xF90����e/�\xF9:\xD2!�\xEE�^�A[\xA3\xB8
-\xAA�\xF1mD04\xB53ND\xD4�\xBAɌ-~z\xCF_Ԫ\xE7\xF5I��\xC8�q#"u2\xED�\xF5\xAA\xEE\xF0\xB8煬G\xFB\xF3\x84ZY5\xFFs\xAB��^\xC9pA\xFEq\xEA\xC6\xE8\xA7\xDC\xC6
-\x9C\xD0\xD3�xww\xE5\xA3j\xE5\x9DhZ3 5Q�\xAB\xAB܉k�\xAB\xB2\x9F9�O8\xB2\x9AkV\xE4\x99�\xDAh\x98R\xAF\x8B\xE5�\xE3\xA0*L\xE3��B�\xCAP\xB3\x91\xB3]OA�\xA1P�\x86\xB4\xA2֌\xFAK\x95\xBB\xF9 \x96ɛ\xFD\xF8R \xD2\xCDX�\xE4\xF4�\xF5*B
-\xC5C\xF2\xFD\xDAb\x9F��.v[\xA5�\xDEy#\xBD0o\xC6�o}5\x9A�t+z\xC0\x98\xB2\xB3JA1-Z_{\xB5\xE8*DBC\xAEO\x92>\xCD\xE1rt�MΟ;#\xE2\xF8\xB3
-\xF5\xB8\xEC\xD7Z{\xA9\xE2�
-\xEF\xA4Ռ\xE6ZP=\xACY}\xAB\x92\x90\xE4nz\xC8N$O\xDEz\x9C�\xDBy\xB5\xA8\x95f\x93yt\xAAT\xA8\xE52\xFB��\x93\xA9\xF4\xAE�\xA9oZ\xC8)�\xDF৩\x9F\x9B\xA7\xA0�\xC2\xE6\xB73Tu\xF6\xBA�\xE4Z\xA5�\x8DT^--\xDD\xFA\xA3\xDBz\xB5I8\xE7u`##P\xF49\xF0Q\xA3�\xA6\x89�*\xB2J3\x8C\xF8o\xD9\xDBj\xFB\xDC\xF7\xF8\xCB
-\xB9{ \xA5\xEF\xD1\xF3m\xD5\xE5}j*$ \xF5\x9E$\xD3;\xB6\xA3B
-\xB7K�=\x82'h\xB2�@\xDF\xF3h\x8B\x95ÊŒ7\xAF\xB5\x8E\xE08�X\x80\x9B�\x9A\xDE\xC7v\xD0k\x81\xCA]\x9D\xE0\x9FS\xFC�=Η�]\xE4Ö¥aj\xCB+*\xA4\xBEo�\xB2딤0K�>\xFB\xCAV$\xF6\xE5\xC4gÞ·y[\xD0�\xA4\xC8\xE8YW5")J�Í\xEC!h\xBC\xBFdi|!6�]$\xC4\xD5X�T}\x9D|
-ț��`\x94\xB85\xB2 \xE5!4/V�qT,\xF9\x92\xBA\xC4\xF7\xB7\xDDg\xA1\xBB\xDD?\x80\xB8\xD2?FE\xA3t�K\xB4\xB2u\xC0\xFC,\x85�L\xC1\x8BVo\xF9\xC5\xF6ԩ:\xCB\\xDD�\xAF�\xD3&\xA7\xB6*\xE1\x97s��\xC9B\xBD�h\x9AYi\xC9\xD0l��\xF3ƽ"΢N�
-i��\xF3\xDCG4\x83\x81\x98Y8\xE5\xCB
-\xB2Ᲊ\x8A.\xB2�%\xA7�:�\x8B\x99\xBB\x89A{okÂÏM\x9B\x97\xDF�\xE7�B/\xC8\xF1\xE9\x94�\xEFÓ²fOk\xAC\xF9]\xEC\x9F\xE1\xA9\xDA$UG\xCF y\x9Bj\x89\xC2�x0N\xF9S\xEEg3V8B�C\xFAZq\x9Ch\x91\xE0\xAD\xC3\xDC8#\x90\xEC\xEAL\xC2\xC3-]\xF10O\x8A\xD5M\xE6r�\xCF\xF8\xB8MÉ“�h��Z&\xD9Ò¬\xAD\xA6Q\xF5�5�eJ\xED"o\xEBÙ¤\xE8�]y\x83\xB3\xCF\xE3R\xD2u?\xE5\xFE>®\xD3(\x9ER��\x91\xB2\x81\x81L\x8EA\x86\xBBv\xD0n\xD8z\xB2)\x89Ä "\x92x\x9C\xECd\x82W�[f\xB8$\xE0\xB5F]\x88l,1\xA0\x82Y_�j\x9E\xE6$R\xE5\x9B:�\x88Gl\xE5)^\xD5\xC8\xD3;�3\xF2 \x9A\xE3\xAB\xD4J�\x98�+͘\x9FVlk\x88\x9Au\x89\xFD\xCDA\xBC�fO""\xA9\xED\x88&�&L}sj�\xD6\xFC\xA2|\xE5\xF5I\x99m)\xFD\xEF\xC3kDÒ…~@XpY>+\xC08�c\xE6\xBE8\xA9=<VM\xF2\xAD/<@Üš\xA9\xED\xBD\xE9\xEB\xF5\xE9\xD8S1C\xF6JE\xEF5\xD6b\x93Q\xDB0o\xB7e\xAD\xE1�r\xC0\xBC\xF06\xDD)#/�\xCEyM\xF0\x84\xBD\x8D%t�FhSTD\xB8 \x80>_\xA3�\xD6�\xFD\x91Dbws\xBB\xF7��\xB3K\xF8b\xEDBw\xA7\xAA�i\x86#sX\xEA�\x87\x88z\xB6\xD3e\xB9M\x84[\xCE\xFB\xD1zj\xC7T\xA6o�𨉱Wr\xA7'K\xFDe�\xF6<\xA5\x84v�\xB3;\x81\xBC(\xA7\x8AÝ™] \x82 \xAA\x8B�\x9F/\xD6t�2O\x84\xBF�\xCB\xD8\xD5}\xF2;.\x91\x89|\x80y-%\xFBXXd�\x87`` \xE6\xF4\xCE�'h\xE6H\xBA�\xE0\xF5#Y\xA2\xF6\xD7FF�\xBCE\x85\xCC\xC7.\xA5tz�É® \xF0\xE6\xAB9r�:�Y\xB8&\xA1\xC5 �\xA377�P�\xB3\xFA\\xE9�&ê²\x86sI\xC9&\xA5\xDF\xEFH'}V\xC6`�AQE\xB0\xC1\xF1\x89\xCA�\xEFAS\xFE\xF6\x84
-Gzߦ@�\xAA9\x8FL\xE6\x83�\xA3}r#f9\xA3\xAC\xF7B/o\xB4\xFE\x8D\xE7~�B3l?9uB\xA2\x98\x94\xEC\xCE\xE9�\x87v\x92\xEB\x83󢲂\xBB\xDF02=\xB72IL./4\xED�\xB2\x81ㅱ>\x85S\xF9\xC7\xD5�\x8D\xF0\xFD|\x9EO`s}\xEB\xEB
-\x88\x93y\xFA\xF3\x8Ez\xE87\xA7@\x84\xB9\x87��\xCA\xF2\xD9�nt\xE6�\xCC�Y�v\x8B\\xA1\xB8\xCE&\x9Dʙ\xBA4\xBCXOb\xE6\x8E{\xB4N�\xA2\xFD)\xAD< �\x87\xA8\xEF\xA0\xFBߋ�T\xBAA�|夯\xBE؆\xF4a�k\xD7J\xA50�SP�\xC6�\xD0>�*�\xAE\xE1�7\x97\xE6\xB5T�\xE5`�\x83�_j\xBFi\xFE\xA0<\xDFB\x9D
-,\xAB\xC1\xCB&^\x93V\x97[�*�%
-L�\xE3D\xC9\xE6\xFA5\x9A\xB3Y\xE8\xFB\x90Ü�w'D\xE0�\x86<\xD6P\xB2?i\x81ȯb2\x91s\xD3'�Þ»\xC8Dc\xFBˈ�\x8Bb\x98\]\x83gL\xE21\xDA\xF7s\xE2�Ö³\xFE\x81\x81\xE9|\xCD+G\xE6x\xEF\xF4\x92R\xC9\xDD8�V\xB3-\xD1���i\xC9J\xEB\xD1b\xC4q5\xB8kr\x87\xBE�\xE9\xC3\xF8}$\xAA\xCEaunj\x94M*q\x9Cs\xCE\xE0Fi7�p\x90\xEE\xDFp\xA5�\x8AF2\xE7�\xD8\xC0O\xAAA\x8Av\x92/|(\xB9\xEF~ g$dß\xBC\xA1�\xEF\xF1�\xE2G*\x86\xE8t\xDB*\xBB��_��x\xF6\xAB|l�\x87|\xA4\xAF<\xD2Q\x92�\x85\xB5\xB7\x8DB\xCF\xD2b\x88\xC8\xE7S\xE6�|UX\xA5\xA4\xB3\x83\xF6\x87km\x83K.\xA2^>^XK\xB6Z�\x93\x96\x97\xF5"\xD9�j\x89\\x8FO_�_y\xBFU2N3\x95\xC6\xFA\xC1\xDD\xF9\xE6\xB2v3\xA9�a\xFE\x8F�\xEA\xE2V\xF9�\xF3\xEC�M
-�$E\xC6s^�+\xEE\xC9%\xBA\x9C\xB6\xC9P�.LY\x85\xC4t\xEF'F\xF8HÜvq\xA1\xC9oV'\xAC\xFB\x88\xC7\xD5\xDD3\xD2m\xB9S\xEC\xBE\xC0\xCC\xC5EK\xF0'\xED~\xDE*�\x9E\xD3\xF1\x9EÒCȶvZ\xD5J^\xF5A4m\xB2\\x83K\xFD��\x8Fa \x81\x8E\xB37_\x89\x88\xFE\xDA\xC1vd\xAA\xAE\x94\xC4\xC7�0=\xA3m"�=\xAEb."n\xC8_\xA7�X\x8C\x9DH/z\xFE\xF3Õ›U\xED�M�\xEDgOV,\xA4y�\x81U\x97.*�\xB1\x99\Qšc\xC0\xFC˲\xB2>^\xE5\x84
-\xC0\xFC\xCF�v�\xC1b\xC0 \xEF q[QF\xD0hX\xF4.q\xB1\xEE\xF5�_=B\x92\xBFB�\x830q\xF9\x99\xE0\xFA�9\xC3@\xDF\1\xC92X\xFC\xA1�\xF6a�\xE34\x8Fr\xE9Z\xBF�\xAC\xEE\x85\xFD`$�W\x{7786198}\xF1�o\xA7I\xEC\xB9\xF7Z\x8Af�\xE5m\xF1\xD5w\x8D\xFB\x87\xF2k%��\xA5g\xA9\xC1\xAE�j�\xA2\xB4\xE7\xBF\xA2D\xF9\xA5\xD0\xD0�\xC8\xE1Fy\xDF\xC4Ot\x87\xE1\xBE<1\x8B\xA9Mq.�ڼ}-\xE6\xF6\xE1A*zw�*\xFC\xCB3{��\xC8%\xE4\xE8\x91x\xA2\xA2�\xD2\xC9e)\x{175597}\xF2\xF0\x80Ì\xCE~\xA3'\xDC\xDC$\x90\xCB\xFF\xBE\xB1\x86\xE5\x91?`\xE2\xD5a+\xBA\xE9\xF2w\xA2\xE4p\xA8�3\xD2�\xCDV\xE8e=\xE5\x92v\x88\xF3\�pS\xECy�\xF7X�\xB2ud;�o\xAA��7\xCDm\xB2�\xF3\xF9\x8D+\xF7g\xF3�u\xC6'⫂\xE2\xB4d|\xC7\xD5\xDD��S>\xFF��>\�\xED8\xE2U\xF6¼\xAD\xB4\x8C\xB6G=\xD9\ݘ\xEE\xC2qX\xA2\xA8
-\x9C_\xF0\xC0,9\xB0�(\xF6hg\xFB\xA1o\xAFj\xCC\xD6
-o4\xE7\xFE\x82\x89�f\x85]\xD3\xEC�\xA2\x99\x9E\xC5m)\xDCU\xFE���\xB5\xDE\xEDQS\xDF\xEFק\xE3W
-m\x82d\xF4\xE5vqM\xE0\xD9kN\x8Bu�\xB6\x9D\x9D\xFC\xFB\x82\x89�L\xA3R\xA9i �nA\xDD�t]�\xAB\xAC9\xE9T\xB1f\x8FN\xFBh}\xBC#\xF4�\xC3HN\xBA *T\xF1\xB3W\xC5.}*Z�\xF9\xF6A0\xF4�\x87\xA9\xC1\x9A\x8De\xB6`v\xA2�\xB0\xAAC\x8F <\xCE<\x9A\x94\xAF\x8A\xEC6-MÂ\xC1�r\xB9\xC8hݾ\x92\xCEHR�=\xAD�/\xAB\x83<\xF6\xED\x80i�"@[\xAE/\x93pR\xAF\xF3\xF9w\x81U\xEBz\xA1\x95\x95z\xCC\xCC%\xBB\x81\xC6q
-�\xC1oP!
-�~}(\x99\xFC5\xCC�\xC59\xC6;Õ±Û´[H.\xAF\x9F\xB3\xECd\xD4\xD1`\x93�\xCD\xD9J\xA6S1<\x9AH
-\xEB�\xB8\xD9\xECÛ \xBC\xB0\xC5˺\xCC}F\xB5\xF3\xA2\xA8��(*X\xCE\xF2~\xB8\x82\x84Ø€gØ\xA4q\xC0�\xECSUhyxZ\x9C\xAA. %\xC1{\x9D
-YwB\xE6�\xAD\x91��03\xD0ÞŒ}NÔ‚\x8Bh\xC0�W\xBA\x9C\xCC+w\xDF�\xD1l\x931\xCB�\x92CQ\x8FС6]\xE1\xD0w\\x91\x92\xA6\x85Sqpi�& \xE2?�sv\xAB=\xEB\xA8z�\xF8Å£�\xF0\xED\xBD;Î\xA9\\xBA\xA0c=E�B/\x9B\xB4\x99\xFD\x91\x935e\xAA�~D\xA7ノ&\xDE)^L\x8FQ\xE9z\xE5\xDAÈ»\x84`�\xBC'8\xCC\xE7v\x8A ÔP�\xE6\xE6V\x95\xCCz(\xDEjrHO�Z\xAA\xEE,\xF4Ïz\xAD\xC37\xED,₸ t!>Õ\xB8\xA2\xAFÒ»\xFB\xC4&M\xCC6\xAA�!\xDBa�\xCF\xE3�J\xF1\xBCo\xD6{aA\xA1 \xC8�\xC3\xE6\x89#�mX \x80\xFCÜ€0\xF9\xD4Zei\xB0T]s^\x87\xB9ÒJ\xDB\xFFP\xC7P�
-\xF8�HȈn��\xEFß \x8A7\xE7\x97w=K\x98\xDBzu\xE2\xD0A\xC7]P�x�;
-X�\xFA��oLa�\xF9\xD0\xDAt\xA6 at a\xB3\xD0"\x97\x84S \xBD\xCD�Ϲ\xCE\xF3Sߩ\xD7C\xAC\xDEML[I\xC1\xC4L�\xA2J\xF0>\xA5lg\xBC\x82v�\x9Bdd\xC60\xAC\xC5\xFC\x81!\xBDȜKis\xF7\x8E\xFAÒbk\\xBF\xC8�\x86\x80\x8CsF
-\x88;\xF6v\xFB.\xD5\xE6zi\x94\xC1\x{DE5C}\xE4`f�\x93s(\xE9A\xB6R\x90\xBC�\xA8�2\xE1^: �\xC4!=�\x8Ef\xFD\xBE\x89;\x8EW\xA7c~\xB5�\xC1\xEFn�S\xBF\x87\xEF�9\xE2�\xC9L\x9A\xDF<\xDAÏ\x86\xB9R\xEB\xE40Gc\xADvѽ�I\xB1\xA6\x80\xA5('\xA7q�9\xF5\x8C�\x81�Ë j1�&0k�\x84j0\xC5\xC6<\xCB\xEBr\xAD\xD8:N\xD6;{\xE4|`�*\x8CM4Lj\x85\xBB�\xB70V6\xD8d�Þ¥\xA6Q\x80mm\xDAS
-\xAA\xFE\xAE�\xE6\xB6´]\x9B\x86f\x9F�\x8D\xD4d:\x9A\xFE\x87|B<\x83?X\x8F2\xBE6�\xF1I\xE3p\xCBxCC�MS�?IL\xD1E[\xA4�\x9F\xEF9 _\xFD�\xEFN�\xF2s\xAA\xBF�p\xDC\xDC E\xB2A\x99�\xB5,\xA6/\x8EA�d-\xDD̥\xAET[c\x97[\x8C\x94\x83AN\x8D\x91\xED녻\xCD�\x85OXU\xC5\xD1\xE3\xBE3\xFD\xAA\xF5w\xE5�ߣ� \xA8\xE7\xEFSR\xA0\x99\xB6\xB5TJ]\xEDy\xA9:\xAD\x88\xCDs\xC6[@\xA5*s\xD1\xD3SyK\xC3OhϻE'\x94\x81\x88��\xDB?�\x81\x88f\x92\x8B\xB62楄pL\x92
-\xBBB\xD5=Hv1eۦ\x9A\xA4\xCE\xFB\xC2\xCAt\xA0\xDB>\x96����\xB6,\xFA\xC5\xCC\xDE$\xACܸ\xE9\xEC}-�160\x8A\xF0�\xFF\xE0ϓt\xB6\xFB\xBB�i$�\xB6�\xF1@]\xA54\x8B\xB5y\xF1ah\xEFw�n
-F\xD7\xCB0Gn\x8BĎ\xD5m\xE2믔\xF5ܓT^-\xFA
-9\x9D�]5p\x9A\x8Dzx\x8D\xEB\xBD!\x91��P�\xCA �\xDC��\xA7`;\xBF\xBCT\x8E\xCCN�\xAEaҎ\xE0 C\x8F�\x9B�\xBD/Q\xF0
-\x8F\xA4}V\xA3�\xD7\xD1\xC8v\xAE_`\xCE�\x85,�$
-\xF2\xA33\xB6\xE2[ Þ¦\xB6J,\x89\xCCߺ\x87\xC3F\x9F\xB0\xBE\xD6\xC0\xAA\xC4�\x91\x98qh\xEDÖ \xD6�\x985/$\xE6D*\xD4U\x9BÞ‹]\xE1Ù´*�\xCCz6\xA3\xB9��\xA92\xCA\xF5s+�\xC8\xD3#'R�\x94\xB1(d\x81\x85\xE3\xBD\xEFt"-H\xFAG\xCF\!j\xB4\xE7z\xF3P\xEA\xFB7\x9E\x9CF\xB4\xC1ë¼&\xB7\xE6\x9B\xC1\x99\}\xA0�6t\xEA�\xBF\xD8\xCE9\xD0e4\xA8Í´\xF4\x95��\xB1B\x92}\xBFO\x84,/�\xB1\xB2X�1�\xC9n\xB7\xF1�8o'\x92\xA4\xBE5\xD0-\xB1�\x84'j#^)\�\xB3\xBCÊ\x96\xCC��?\xE4N\xAA\x9F\xB2$�+\xEFц\xA0�\x8E\xF1\xEA\x85�\x82\xDDx\x9A\x99C�>b1\xAF):\xC9Ã\xD0]|\xBE\xC7\xCA\xEC\xF3\xC2\xFD\x81=(eѼmoL=\xCB
-Ȍ\x9E\xD9\xED\xCF\xD5*9J\xF6\x96\xE07J\x92G�K\xE9/cL\xF2�L�>[\xFAH�A\xC6ު\xA9\xB5\xC4��\x8C�'\xB0\x89i5b�\xB8 �\xAB\x82ݧ\x8D\xDF=\x88\x86\xC5�\xEFJ\x8C"J\xA5ɱ�K\xA2>\xDA\xFB\x88_1]@h\xFCnH%|\xD1:\xB2\xB8�ew\xB7\xFD\xB890\xF4BK&\xD7\xE5w5\x9DBz�h\xA6\x92\xE6\xB8Yd\xDC\xF3\xE6g}D
-V;\xDC#R\x99'\x8E5\x9E%g|!@1\x9EG�\xBDG�\xF8\x86aU!\xD0s\x85R\xF7+\x89\xB5\[�\x80\x81\x9Dg\xD9]gь:) \xF9\xF1�f\x82\xF9\x8B\xA2�\xF9#5/\xB3\x85%\xE0\x95\xECg\xC7d\x90\xBEZ>�r\x84˹o\x97\xBB+I�\xA2�l\xFE$E\x94�\xB6\xBD%\\xCF/\xE9�\xB9wP\xDF\xEF�\C6�\xF1X�\xCDA0\xAB\xEFi�\xC7g\xA65lR��\xA4?:\xE7\xAD\xC6 at Svɤ\x9D\xFD\xE2\xB0\xD8ID<�~\xB0\xB5\x83\x99F1f\x9Eq7�&\x9F\x80\x8DN\x9B�d�\xF8j�8\xF4\xB0\xCADgF\xC8\xCE\xC66\x92`ú\xB7\xB3HB)\xC1?A#1\x88s\x99\x99\�l\x9F\x8B\xFC\xCC�\x8B>\xD3T\xFD�\x9B\xED\xE41\xA5\xBA.\xBD\xB5�\xEBHU\xBD;`\xE5 at t\x97L:\xB0/\xB04\x8A\xAE\xCF\xD8BlVgX�\xD9L(Ѣ!\x9B^\xF1\xD7vBQZECJ\xE1sf\xBF\xE0\xA4w� \xAA(
-Cd�N<\xEF4o�\x90:\xF2\xCDXE6/\xB4\xFF,\xE6\xF0\xAB\xCC\x{DACB}\xB2\x9Ai\xD0\xD4X\xD3b$߀PL+Þ¦?!\x83\x86\xB7Az.\xBE\xA8L\xA7\xF5�\xFC\xC4\#\x9DV\xA5�\xF5\xED\x95�\xE4\xBAo\x89\x85jF5\xA0\xB64\x85\xE1QQsX\xCAA\xFB\x97\xA945�\x8Ae\xA5\xF0�*s\xE0\xEF\xF1\xCFG\x89\xE9\xCFÃ,\xBC\x8EÇÕŠiK\xBBcQ4\xC5\xD7�?ep\xEElz�J\xFC�\xA8\xC6\xCFÞˆ\xAE'C�!pl\x91,\xAE-\xD8\xC8\xD8�\x85Ò\xB1
-Ô‘�LN\x9D�\xA4@\xC9\xCCh"O\xEED\xBD\x92(ko]\xACc\xFA\xD4�=�\xD2\xFC\xB8\x85&TÎ\xA8D\xB4m\xCAE%J\x83\xC9Þ›\x92~9D�\xAA\x8D��\xF4\x9821xBou�\xD7,\xDA\xD4
-\x99Q
-Z\xAE\xCBo\xDB4\xEB\x8A*s\xB3\xB0\xFCtg\x86\xA9Ne\xD4\xFA#\x87\xDF\xECF\xB9\xA4\xB9K\xB8]C��\x95f/ZЪ}\xBF@�\xF4F\xEAbM̼\xA6K�\xB4\x90\xD8\xCBJ\xAE?L\x9B^\xEB\xE5ɼo\xAC\xE0\xDC^S\xE5\xF5\x9A\xBEqD\xAC�E\xA8\xC1O\xD9C\xA6\xAA\x86\x81#\xA2HGd
-\xB7\xF3\xA1ƉAPH\xF6�ʬ\xE3\xD2_I \xE7b\xAEYX\x86\xA6\xF7Q"\xA5\xA4\x9CN\xBE*I#\xEB\xDEO\xBCYM\x9B�㫼)\xB3\xF2Յ��d^\xB0M\xF8��(\xD5�\x8CI\xEAn\xB3H\xADߟ�R\x91\xCE�\xD5^7\x8D8ϣ`\xD2\xD5�-\xD4�>=#\xF1n\xAE\xAE\x95jf\xFA۩\xD9\xFC\x87WYlh\xEE\xBB\xEE|F]ti!\x9C 'D\xAA�|\xFA%\xA1\xE9\xEF4G�Y\xF6=!\xC8?P\xC0
-�Þ°S,�Lq\x90\xCE*\x99C\xA0�\x95\x96�\xEB\xFC\xF0Ó¨\xC1jl>\xE6k\xF8�\x83�\xF3
-\xFE\x84џ\x9C\xA5*\xB4�\x83\xC3�\xDC!�\xC0r\x99�27l\xDBN\xE2\xF8�\xF2,%�@/\xFC\xF9j\xC7\xEBf\xAD\x84�@\xB4R\xDB�۹\xD5:#D\xF4\xADN�tA\xCA_\x8B\x8F+fQ�$'ߓ_\xAD�9\xCBW\x84�~c\x8C\x81\x93\xFC\x8A\xB6a\xC0-\xCD<\xD5\xE7x��\xEE~)Bf�vd%\xA6Z\xFDd4�\xC2*\x8C^\xD3\xD0�\xCE\xF5(\x93��n֕\xC17\x86\xCEr{S\xA6攋\xCFF/h8\x81\x93�\xA4s$\xC1N\x85t\xB4\xE6zi\x9B
-\xA1\xE2\xB80Ç\xF8$\xF8\xD6;\xAC\x9A\x83y\xEBM\x9F\x9E\xFC\xA0t�\xFD�L\xEFX\xBA\xAAA-�\xF8]\xB7\xF6\x959\xA3\xF6\x98\xC0[�\xE6\xCB#\xADo\xCF}\xF4<\xB0F�\x97�\x9FA\xA4\xCC� \xC8\xFAë…¾K��U\xC7\xC5\xCE}\x8E\x8D\xF8v^\xB8\xFA�ͺ\xDBá´„W\x85Qo;, at o\x98\xF9Q@&\xD7�_}=. \x9A׊\x98c\xAF(\xACt\\x99z\xB1�g\x8F\xB98\xA7\xDA�\xB1\x8E\x8E\x81Þ¦LiR\x99\x91K\xC7>\ �*kuqz�\xC1Zf\xCB\xE1q�\x97\x9BJ`X\x87\xA4\T\xC2uZ\xF6\x90c\xF7\xF2!\xE7�\xB3yuB\xABD�n~ \xC9\xDC\xC0�\xFE�.\x86\xD2�\x94\xE1\x97N\xCBL3%�\xE1o�\xF1\xF3\xBD&��Z5\xE1\x94"~�V\x91;�\x85\x88"\xB4F&U�ß½\xE3\xEF\xF6@\xB5\xB8 !\xD9T\xE4\x8Bf*\xA7\xE0Ls壪�чv\x9D�\xBEtQ\xEA�\xBC,\xDFAN\x8AK\xF8\xCF\xD2C+\xABk\x9E\x887D\xCA�\xEEA�霋熻\xF2\x81+ \xDDN\xF3\xCC\xE2a\x92��X\x9CÒ±�SK4� 4\xD6\xCC͵4\x81x\xC9wJ\xB5#i\xAD�\xE7\x98D\x93\xCE�O�ep\xA1r\xD3@\\x8E\xC6[\xE5\xE2ì¿›\xE1�\xD1�5\xDD\xFF\xC2\xE7=[-\xA6sk��Ê\xF3\xF1\xE0\xE8�\xBB\xDCÛ±�\x8AU�\xFE�K\x9BkÚ³\x9C<\xC7v\x86U�\xD5b\x83\xF1lq\xA3�\xC7�y1n\xF0~\xFC\xF1&:�\xB5\xE9\xFF\xB8T\xCCl\xFA\xEB\x90\xF8\xE0\xD3&\xCDG\xA0\xEF:�\xAE!4s\x90\xF5\x80\xBDYOǶ\xE0\x93*j\xFAJ�\xEC�Ô\xF51a\xE2\x9E~\xA9~�\xFE at 89\xA1 n\xC9OX\xBE\x80\xB2\x963\x8Az\xB5Η��$u\xFA1\xBC\xF2\xD37\xBA\xA5h\xC8xsB$\x88�&\xEE*\xF9��C\xC6e\xD9:\xC4Í«\x98H\xB8�s\xF3
-H\xA1t\x97C\xB11\xF1P[ۗ�\x86\xFC\xD2\xD2Cь\x9B\xF1\xBB\x97Z\xCF\xF9\xB5\xD3^\xF2\xBA>\xF1\x89\xAC\xCA�ݓLۊt�G?\x8Bw�\xC7N\x84G\xF5\xD5={\xCB M�Fh�\xDD\xCE\xD1\xD3H:�\x93L\xC4n�\x8D\x89\x8F1h\xBCwr\x9D\xCFof��\xFB2�@\x84\xAE?\xF7 \xD3`C;\xECy\xD2\xD1\xDDt\xD3b$\x85\x92P\xB1\x9A�\x8D;ҵ\x95�X\xBF8ЖL\xA69$:ގ9"8\xAF^\x90.\xA2\xC70\xA4\x8C\x8C\xD2 \xE0\xF6\x9E�\xFC1�\xC6P\xB8��\x8D$@\xD6\xFB\xB8�iͦ"\x91��~|}\xCBU\xD1}\xFC%\xF0Pw\xA5\x8Alm\x97\x91R\x99ܯ\xCA\xFD\xA0\xAE�S\xB5\xA7�\xC1\xE9\xB7��ʗ\xC2y\xEB\xD1]�7\xF6{ėf'TB\xF0\xA6\xDFi�λ\xA8\xB5<|l\xFC�\xD9\xE3a\xD6K
-\xB0.P\xAA\x99\xFAs\xEB\xD9�\xFB\xD8\xC8lS\xD0q�8eg\x85S\xA0�QY�\xC2�h\xB9\x95:\xF3\x84,!\xF5'\xF1\xB4z}x�\xF9W\xEE\xFA\x88Pԇ\xD3\xCF\xE0ͳ\xC4�\xF2�\xA0J\xEA\x8FMw\xD1\xE9/[Nl\xAB�\xA7\xEC\xB5=Ȼ\xAA\xD4\xEBj,\xB98��\x!
A2\x8D\x9B��&\xC3~�\xAB���s\xEA�\x8E\xD5U=\xA8�c\xC4\xFA\x82��\x82?"R\x91�n\xF6\xFD\xB6\x9C\xC79\xD4u\xF5\xA8+-\xB8�P\xEA0e\xED\x86\xEDkE.B\xC4\xE3\xF3s�!\p\xE6s\xC3\xFA1Q\xB6$\xE8\xEB\xE9���\xC94\x9A\xF0�w ��\xD0\xEF\x9Ac\x89p(.\x8D),K?\xF5\xD7\xF852\xBF\xBB�\xFA'\x84\xFCtC|4\x8F\x8A �\xD5]\xA1\xAF+\xA1\x8E\xDBs\xDB�\xE2\xB8R\xE4\xCD\xEB\x82\xE8\xD4\xC5�EB\xA57\x996\x86\xED�?\xCEÖ�\xA5\xF7\xAB\x9D�\xE8\x88_\xEF\xE3f2�\xB5�\xCCP \xC7\xC65\xD0_\xC7r\xFDÒ«\xB0\x82�*\xE8\xBC.Wj&g+\xB8\xE37\xCFß©<\xD6 \xA1\x87\x80n\xB10\x8E\xC2A\xF5\xDA\xF4Z\x98z\xB5Q\x83\xCC�\xB9Ùž\x80\xF9E\xB4'�c\xF2\xDC\xC6\xC52\xD3Ü h�qs�\xF9|0C�^[�\xF2C\xAB\xD3_\xAA\x86r"\\x87\xCD\xF8o\xFB&g\x94�(\xD6\xCC\xC8\xD9\xF9\xDDÅ´5&\xEFSRV��\xED\xAF\xFB\xD8P\x810��8\xB2P�$\xAEZ\xBF�\x97otb\xA5\x90U g\xC1g-`-0\xEC\xBD\a\xE7\xC6쨖[\x8A�\xB6\xC7�@zG+*\xC0BM\x96"v\xBD�\xA1\xCFY�\x86Ia72\xB1\x8C\x9Cv\xB7Z=\xA5\xE3\xED\x8D\xEE�\xE5\xAC�\x8D\xAA\xF3Pc\xE8\x88 \xD3�\xA1K "�\xEB\xCC�\�\xFCa\xA1\xD7\xEC\x8F\xDD�\xCF<\x80n\xEA�n\xB6\xC7Xi\x8D\xEE\xF2\xCE\xD4P5\xDB\xF5駘c&[WZ�\xF8K��\xEFÑ´\xC1 �.Vw\xF9B\x83\xC4%\x8B\xACÕ“7\xF9�Cq#O\xD9Ö…L?\xC05\x84��ß…
-\xFC��l�\x87WC\xCE(\xB0\xF9\xF0|J\xC7�\xDC\xF5$!Í»\xD7&{\xCF�-�\x96F7\x94\xD2T\xE2eGs\xF6rFu\xBB\x8Ea\xADQZ;\x80Ýš)\xE3\xBAZnB\xFDl\xF0mC\xA8�\xF6\xFD\xA3\xBB�\xC9Jr�\xD3\xFC�\xBD\x8E\xC4X\xE3\xFD\xDDC\xAB¬\x8D\xA5\xBB<9�\xECL\x9C@\x93|\xBE \xEC5\x88\xB0[зc\xF4\xC5<p\xD22\xA0\x86\x87p\xBB"�Ù·O�_\xAC�éŒ�\x85\xFB\xA4O�XÚ¸^\x82�x1\x9E\x8F\xC0T\x86��\xF4U�e5G\xA4v\xD9\xD8/#n\xA2\xD3V7Q\x90MfbJ\x96\xD3%�^:\x9F\xE3 \xC2]\xB3s\xA6M\xB6S\xA3\xC8q\x88^k\xE2�\xC5�?=\x8C;/v\xD2�\xE2vI\xECv \x8Fxɉ\xF9\xD2!;l\x8D r2\xC1\xED`�\xE2\xBBq\xB3�\xB9s.Õ§?:\xA3\xD7U}\xE1\xC7\xF9�\x9F(�\x9C\xE6�\xCEd\xF7�\x88\x8Cq\xD8��\xA8\xEBZ�\xB2\xC5�\xBF:\x99\x88KC\xF4\x90t`Wkloe\xB2:\xF5\x97\x98D~]Jr\x86\xFC\xF6�b\x9D�\x8C\xDF/2Ê¢C\x955\x8CÔ›�'�=\x8E@\xCEÍZ&Å‘|\xE9\xD8v\xBDÓª.k N\xAFO W\xE8\xDE\xFC΋ \xB9t�?б\x87L\xA6U��Dz\xB6\xEBc\xBBWf\xE7\x96�C�P\xC1r\xC1a߇�\xE3�\x95<\xE8\xE2 \xB8\xD45\xBE\x99\xCAy\xBCPj\xB3�̃Qw\xA4f\xD4c\xEB�\xA3�!
\xF3(\xBCXv\xA7s�ȥ\xB3\xEFO\xB9\x83F_\xA8
-�\xEF���\xABFo\x88t~b(+|\xDC(\xCA\xF3\xFB\x99Z\xC8uR\xAE\xE0<9\xA1�\xE9\x92\xC9�\xB8g�\xF3\xF5\x91\xCC\xFDi\xA7\x8F�\x9C\x82(\x89"mPa\xB2\x8A ݲΥ\xA0�\xFE\xDE\xE6!{>æć<\xE5\x93�\x81g\x84\x9FÛ‡�\x881\x90L\xAEQ�#\xAA\xBD\x98\x93\xE1\xA0\xD2K\xA6�P�@�V+\xA3N\xB7Щ1\xAA\x90\x9C̘R�i\xE7\xD3'�\x90a\xAA\xC5\xE4y\xC8�Ô£?\x91@\xE1\xB4>s1�2O=9)B\x91k{\xD9�\xC0&�e\xAA\xC1\xD5GHr\x87\xEB\xDA\xCB\xD0*A\xDB_sW��MÞ\xFDL0~\xF9\xB4G\x92؈\xE8z\xB4\xFA\xBD.\xE4\xA1\xC0\x92G\xB6�\x84\xE2,u\xC7Nm1\xDF\xE8\xD9\xE0Õ2\xD0�R \x87\x84\xF8�\x89\xF4\xB73�\x80\xC5\xF0\xAA$i�\x9D\xD8*\xA3\xEA\xF3\x9A��\xF0x\xC0\xF3\xFAW!\xE4U\xE1\xA1s-��Ú°\x89{\xDE<\xE9\xF6�\xFE\xED\xCC\xF9?�
- p\xA20\xCA6\xAC\xB9\xAF0\xB7\xCAz\xC2\xD0\xD8\xCC\\x89�\x8D\xF7Hfd\xD1P4sG�V9Z>\xCA=4$\xCC
-\x93;\xB7�!i\xCD1w4!I\xF5\xFE\x88\xF7\xDB\xFB\xBC\xEF�\xF0\x9Dy\xA4\x92\x9D2\xB6
-\xBC\x96I�\x8F�\x8DãŠ\x99\x95��oh\x86\xFF9\x9D\x8D\x9C\xA1\x96\xCE\xED\xB0\xC5`\xFB>C\xBC]\xFB\xD6
-\xE3P[i\xE9\xBA5o\x99\xF2S\xB7\xCDڦb\xB8\xF9P7x\xCA�p]_x+Rl\xA5\xC3\xD7z�/CU�O\xB2�\x90\xE2R\xC0\xA8lX\xA0;\xB2��\x90
-V\xCD]\xEAAy�\xB3XH\xB1ÔŒ\xE8�y\xD2L\xE5\xFDk�o\xF9�"-\xD56_�X\x9Fs(G\xD5j�\xD8wO\xCE\xC3�I\xD5Õ\\x91\x9B"N\xDAGvB�<d\xCE2\xE6U\xF8\xF5\xC7ͨa�'n\x9C"d\xE1\xF5j\x9BK�\x86\xB7\x85\xE9\xC0a\xB5*\xBB\xDCz^YCOs�\xB4\x92\xE2Uer\xD53\x93\xAE\xA9\xBF*\xCC�\xB6\x90^q\xE8\xE5S\xF8m�Ä“\x97\xB4\xBF\xCCm+V#.M\xEF\x90\xE4\xEEu�S\xB3\xB0\xA2\xBA\xA0\xBD7Rz\xB7�Ú•DÊ£{\xF3t\xA7UYEzØ”Q\xF9-t\xB2y\x98\x92\x85[ O[U\xDCW\xA8\x87\xB3!\xA8\xEF�5\xFD
-\xB9yK=n\xB8\xB1u\xBB.5\xAE\xB0R\xEB\xA1�f\xF0\xA8,\xB8V2\x81\x9B\xE8>Óˆ�\x8E\x85\xA4Y\xF4\xB7\xD8f\xE0Ä\xD8(\xDF\xC1x\x89!\xB4\xE0\x89%�\x9EM>\xAFZ) g\xFE\x95\xC2EO�\x93<\xA0\x8C\xE1�\xFB_\x92W3\x83\xEB�LmJ\xCDvD%Hv~\xD0^\xA2bAXp\xD0\xCD
-\xE5"U\xD8\xF0;z\xAF\xC3g\xABÔ«\xBCL\x92"\xA4\xDA-Û‚\xA0\x9F\x82xw\xD2\xD7~� e]b\xFEL\x82\xB8=V\x9B\xCF\xF3\xF0\xA8�-�\xC1\xC5\xFB\x94C\xAA�\xB3;\xD3�\xD6o\xE4\xAE\xCD \xA8\xD0\xD2&Cd\xCA\xDC\xDE<_}9Íž�s\xDF\xFA\x81\x96M\xA9\x92\xA3\xEA\x98E\xE4\x87S+\xF8{\xF0\xE5\xC51Kg\xA5V\xA32\xBE\xD2\xC15\xABÈ–\xADe\xE9�\xFD\xEA\xA0\xF5Ï\x8A��\xBDS\xC5\xF6\xC1\x85\xAE\xD9�K\xBCT\xF9\xD0�\x93\xAE\xB0zc\x86\w�\xEDr,Ö™y\x81\xC6T\xF4fD\xC7\xE3F^\xB1\x96\xFDt\xDA|�\xB6\xABw]\x92\xC2йP �1dEi\x89R\x97\xDC@\xED�\xEBH#É‘\xBA#$\xDEJ\x83\xB5\x80�u!\xEA&\xE4\xCB+;Y\x8A\xB5M\xA7\xE6.\xB8Tin\xD6K\xC4\xE6\x93\xC9Z�1pk\xA3|\x9AYÌ™\xD5�x�\x8Cv\xE2\xB3\xE0\xF5\xF0�1\xED\x8F\xC0t�\xF4^\x87)9"\xDFb\xB0Y\xA6\xC7\xD0G��}\xB2\xFFt\x83VR=߇V\xB2\xE2ßš�\xD0��?V\xEB\xAF\xB1f�\xEC+\xAF �\x86&�cuOn\x94\x88\xD1c�C\xEC%LK\x94\xA4\xF0\xC1ÉŸÖº\xE5�\xA8\x89䟇\xF7�\xAA\xFA8\xE7\xF4\xBB0\xB1\xBBA_ߛ\xAC\xC4Q\xF8
-\xBF\x81,�:Fp\\xEE\x8Er��|0`\xCF�!�\xDB\xCD\xE9\x90y\xBE.N\xEF��\xE8�^(%׽\xF1��>\xDC0\xD8�]^\xD2C \x91$\xAEǞ5~<\xF0r�p\xCA\xC3z>\x8AP\xE3u\xCDx{\xBF\x9A\xE8cA\xCA\xFB�\xDF�·\x8F\x8D\x99\xCDZ\xC6~\x9Ce\xB79^��|ؙ�\xAA\xB4:\xF6\xDB���9\xBD0 *\xFF}\xF4\xF5�W��'\xBCD>\xBD�\xB3}=\xC3 -z\x9E\xFBc\xEA\xC8^\x87\xF5s�a`\xD4�\x8F\xFA\xFE\xE7B\xBA&\xBF\xAF\xC8\xC0}ܖ#\xFC\xDD\xD7\xF5,\xB6\x85\xF0\x805nX\x9C`K�\xC3|\xDA�\xAAup\xB4\xEBq\xAA�\xA3\xA6Ws\x95\xB3F\xFE\xBB\x89\xFB\xEB\xBB\xD5�n˷+�1\xA7!NqM;ڦ\x94�+1\xC5\xF4\xE4 at 2Z
-\x9C�X\x9D\xDE�%Ɋ\xFB�:bj \x85\xC4 ��UC\xBE\xB7'\x8D\xE8\xC8V\x8D\xF5
-�\x94�\x81߽E�\xF0\xA9\xB0\xF1�n7I\x94ȕ䦑\xA3\xBC"o~\xF4$\xBE�\xC7\xED\xEDD`i
-X\xE3�\xD9S�9\xB4\xBD A�Ċ\x9B\x98\xEC \\xBFj\x8BGq�\x91\xF1
-�Y\xD44\xDB\xFB\xAA2x"\x85\x8F\xFE\x80\xA6\xC6">5�I\xE5\xF1O\xF9\xBC\xD0\xF9)\xFE\xFEbZ\xF2Zj�\xF7Ö›\x8CE�\x8Cש8\x8C\x86\x96BY\xEE\xBB�\xAC\x87t\xE7�\xF7]\xDC \xFE×™\xA2Ë€9\xA3\xFDd\x90%ut\xA0o\xA5t\x90\xC3�\xD8_\x8B\xD2s\xBC#�\x8Ep9\xC4 Rs\x88N\xF3\xCA�A�α\x9B\x91my_\xEAB[\xF6�\xE9NU9Wɶ\xBF~\x9B\xEA? \xE9�\x9C\xA8���\x98\x96\x92"\xBF\xB2\xBE�ê ³/8�� \xA9\x8E\x876\xDD!R\xEB\xFA;\x849j\xBA\x89�\x8B��$:\xB7\xDF<O�N\x9C\xA9\x89\x8Fq5\x82\xF5>\xB3\xEF{\xC7�wB\xED�`#�\x8C\x85\xDC\xE4$\xD5g\x9A\xB3\x8EmD\xC7\xD8<�& P\x94\xBB\xAFhpTÒ¢I\xEBWZ\xB2\xE5\x96�[\xE4\xA7�\xCFL \xD8�g\xEE{]\xEDC\xC7|ÞªL�kR\x90�\xEDy\xCC.\x83\xB7\xE7\xFD�u\xD1d�g\xD9�'Õ·\xF4NY�\x95�XJ
-A�\x8F!O\x8F\xB80\xCB�\x9E9v(H\xA7"l\xF0p<G\xE6\xD1�\x91B#\xEAN\xD3g�\x88|\xE1u\xBDѿ�\xF8?\xF8O�\xFE!�~\xA4\x88P\xA2�\xE9*\xE0�U1�\xD2endstream
-endobj
-1238 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 34
-/LastChar 125
-/Widths 2747 0 R
-/BaseFont /SKQYOC+NimbusMonL-Bold
-/FontDescriptor 1236 0 R
->> endobj
-1236 0 obj <<
-/Ascent 624
-/CapHeight 552
-/Descent -126
-/FontName /SKQYOC+NimbusMonL-Bold
-/ItalicAngle 0
-/StemV 101
-/XHeight 439
-/FontBBox [-43 -278 681 871]
-/Flags 4
-/CharSet (/quotedbl/numbersign/quoteright/plus/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/at/A/B/C/D/E/F/G/H/I/K/M/N/O/R/S/T/W/Z/bracketleft/bracketright/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright)
-/FontFile 1237 0 R
->> endobj
-2747 0 obj
-[600 600 0 0 0 600 0 0 0 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 0 0 600 600 600 600 600 600 600 600 600 600 0 600 0 600 600 600 0 0 600 600 600 0 0 600 0 0 600 600 0 600 0 0 0 600 600 600 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ]
-endobj
-1217 0 obj <<
-/Length1 1612
-/Length2 18918
-/Length3 532
-/Length 19829
-/Filter /FlateDecode
->>
-stream
-xÚ¬\xB6eT\x9C\xDD\xD6%\x8ACpw),\xB8�www\xF7�
-w�Npww\xF7 \x81\xE0�\xDC\xDD\xDD\xDD\xDDn\xDEs\xBA\xFB\xEBqn\xDF?}\xBF�5Ƴ\x97\xCC5ךk\xEFQ\x94\xA4J\xAA�\xC2f\xF6&@ {;���Ff�\x80�\xC8\xD6\xC4\xD5Y\xDE\xDEN\x8EA�h\xE1
-\xF8kd\x87\xA7\xA4�u��\xBB\x80\xEC\xEDČ]\x80< M\xA0�@�h
-`e�\xB0pss\xC3S�D\xED�<\x9D@�\x96. ju�M�::\xFA\xFF\xB2\xFC��0\xF1\xFC\x9F\x9E\xBF\x99\xCE �;\xC0׿�n@�{�[\xA0\x9D\xCB_\x88\xFF\xEBDU �\xE0b �\x98\x83l\x80 QE%mi�I \xB5\xA4\x82:@�h�t2\xB6�(\xB9\x9A؀L�r S\xA0\x9D3\x90�`n\xEF�\xB0\xF9\xF7�`jog�\xFA\xA75gƿX\xC2\xCE c\x80\xB3�\xD0�\xF47
-\xE8a
-t\xF8\xC7E�p :ق\x9C\x9D\xFF~�@\xCE �'c;\x97\xBF3p\xB1�\x80\xECLm\\xCD\xFE!\xF0\xD7nn\xFF/B�N\xF6#l\xFF\xFA\xFE\x82)\xD9;\xBB8\x9B:\x81�\ \xAB*\x89I\x{1B9CB971}\xCB?\xB5\x9DA\xDD {\xF3\xBF\x91f\xF6\xA6\xAE\xFF\xB4\xF4/\xDF_\x98\xBF^�c\x90\x9D3\xC0�\xE8\xE1\xF2O-� \xC0�\xE4\xEC`c\xEC\xF9\xB7\xF6_0�'пh\xB8:\x83\xEC,\xFE\x8B�=\xC0 ha\xECdf�tv\xFE�\xF3�\xFB\x9F\xE9\xFCW\x9F\x80\xFF\xAD{c���\xCFe\xDB\xFF+\xEAq \xB98�m\xCC�\xE1YX\xFF\xD64u\xF9[\xDB�d�\xCF\xF4ϢHۙ\xDB�X\x98\xFFm7su\xF8\x9F>7\xA0ӿ�D\xFD\xCF\xCE\xD0\xFC%alfog\xE3 0�\x9A\xC33)ػ\xFC- \xA0\xFE\xBFS\x99\xF1\xBFO\xE4\xFF�\x89\xFF[�\xFEo\x91\xF7\xFF\x9F\xB8\xFF\xA9\xD1\xFFv\x89\xFF\xFF\xDE\xE7\xFF\x84\x96p\xB5\xB1Q0\xB6\xFD\xBB \xFF~` _�{\x80�\xE0\x9F7\xC6\xC6\xD8\xE9\xFF�nl�\xB2\xF1\xFC?$\xFCg\xA0&\xF0\xDF$\xFF?p\xA4]\x8C\xFF�C\xD8\xCE\xE2\xAF ̌\xCC\xFF6\x82\x9C%@�@3%\x90\x8B\xA9%\xC0\xDC\xD8\xE6\xEF\xA4\xFEeW\xB73�:ـ\xEC\x80�\xFD\xD70��,\xCC\xCC\xFF\xE1S\xB3�\x99Z\xDB\xFD3z\xF6\xBB\x80vf\xFFI\xFE\xAFH\xFF\xA2\xCE$!\xA1\xA4\xAE C\xF7\x9Fo꿢\x94\xFEj\xEF\xA2\xE6\xE9\xF0\x97\xD8\xFFhE\xDE\xDE\xEC�\xFE\xC1��\xB1\xF7 x3\xFC\xBD\x81�\xAC\xDF8���r\xB1\xB0|\xFF?T\xFB��\xCB\x9D\xE5\x8D]\x9C@� ݿ-3\xB3\xFC\xAB\xF1\xFF\xF1\xFB\xAF\x93\xFE\xC0\x88ۙڛ\xFD\xB3+\xAA.\xC6vf\xD7\xEB�\xFEq\x9B\xBA:9\xFDU\xF5_7\xFEo\xC3\xFF\xF3\xFC\xAFE��=\x80\xA6\xF0\xCB�\xF6\xA6\xBC\xC1Vi\x99\xE9.u8\xB9�cb\xBA\xBD\xDD,\x90�!�\xA5
-jE�\xFE5\xF6]~ia[Ü•Fo\xB5!\x8C\x8D�<�\xBF=\xE7O�\xDE\xF7dh\x{1C7EB1}m\xA8\xBAR\x80�\xF9\x84\xDF\xC9iz
-\xD0Ö¿\xB6q\xD2\xED�2�\x94"\xA5\x9FjFy_\xCE\xC9mB\xE9p0k\xECo\x8F)\xAB�\x94\xBC\xC1�M\xB4}s\x82\xBB|\xA4\xF1'w+\xF0Ǥxp@\xF65M\xFD�\x8BÕŽ\xDA�\x86^Wxr\xFA5\xF1\xE8\xF1\x81\xEA\xCF\xF0\xE0@\xD75t\xCF��]N\xEC�J^7(\xA4\xAF\x91\xFE\x8E9�\x82:\xEA\x95\xDE\xE140\xE9M\x88�×\x97�$\x9A\x9D\xDE�y\x94�\xF8��\xB6r/J�\xF9+v\xADroI\xD0é‚|\x89\xF2NR-{UZ\xD8W3�\x91|‰�\xDCÓ¹\x9F\xAB\xAE\x94\xE2\xCE8|M\x84\xE3A\xBD7S\xD6�A\x93\x99\xB0?\x89�\xEE!\xAE\xA8{\x9Dü\xEBlkh_z\x90sg�'\x95\xDBK\xBA7\xC3\xECQ23�\x86\xBBV!\x8B\xB688Sz\xE9-\x8A\xC8Z�\xDFʲ\xC3\xECb\x93\xFF<\xCCi\x9A\xF0\xB7uO[מʙ\xE5\xEA;\xD5e\xE2*1\x9E\xFC
-=\xC6:n\xE2(4n\xBC�\xEB�\x97��j\xBA\xD2Q�\x95"/>U\xF6l\xF3\xBD\x88t\xEB%\xA0\x88/\xF7\x80{`\x89\xD4\xD2E\xA8N\xBBcj,Uoo\x96\x9BU{L�\xEA,\xFE\x8D\xF2ے`>8[\x9C—;�1\x8C"\x8E��\xDBd6k$T\xF7\xF3\xA4\xEF0\xC3c\xC3�=\xAD\xF28\xC0\xEB\xF8\x87\xEB�l2\xF8\xA9\xD9B\xA0\xFF��-NE>\x85\x8D\xB0\xADVQ?S\xDB׊\xDB_\x8FZ\xDFjcx\xCASH\xA3k\x8B�_�G\x96\x91'\xB2\xC2\xF8�\xF8c\xB1\xA3�~\xB4\xBD\xA0\xC0\xEB5ر3\xEC\x8D\xE4=͒\xF99\xF5C[\xBF\xEA\x8EX?� Cz!\x8BY\xC0G\xF3\xB5g\xE0\xDDz\x8ED7 8\x92(GD\xB9\x82H\xF1��%.fjM
-\xFD\xC8#\xA7:\xD0� Y�\x9C��\x83�N�o�\x89\xD3�\xFBFp=)I%\xFA&\xC7�.\xBDٙ\xA3J\xA9�\xB3k\xB4\xA0\xBE\x90<\xA0\xFD6K\x86#\x84Rcx\xFC\xB8
-\xD9�\xC0[\x8B
-�Ӵ\xE4'\xA5\xC6\xC8\xC6t\x8A(\xA4"ߞ6\xA4}\xBAb#\x9B\xAC]u\x8C�'\xD9ߚ\xCC\xFC\xE5�;\x83w\xF7\xF9\xC1m\xB1Um\x95�ݓ�\xF0I\xAF\xD3!m\xFC,\x8E\xE64F\xD8�B�\xDD`�K\xFF\xB14\xFB
-m\xA1[SPk<����\xB6)\xF3\xD2
-\x83q-\x86)\xE5\xD4\��\x86\xB5p\xA4
-\x96ޕ4\xE2ϵ[\x8A\x95\x80M\x97E\xE4\xC7�C\xCA%�\xA3\x8E\xEDAT-o|�ؖy�\x8Ff E�\xE9z\xD2\xEEeFN��\x87\x8A~�\xEB\x97|�\xC4Ұ\xA5\xEE\xAFjQ�\xD5_ at X\xBCR\xB6x\xBB�\xDBq0W}\xE1\xA2fޒ\xA6�\x9EN\x8F8\xAA\xB0\xC3͎\x9B5t\x9A\xB5\xED3\xB9(\x9B+M\xA9^\xDA\xF7s\x9ED\x8B\xEA\xE8\xFA\x87�\x8D\xFC\xE8/Q\xB2�\x93_�h\xAF>v|xӈ�}\ 9\x97T� c\xE5�\xBB{*m�\x87\xB9p(D�\xA5zB\\xA8=\xEC{9�\xC5��\xB6\x9D\xD9�8�\xD1ݳ"&\x94׷ߗ4^v\x86\xAC\xF0!\xC5�j\x82M\xB0\xF1P\xBF\x96w\xEAYg\xE4M�_DrW\xD5E\xB4\xFDf\x9D?\xC8�L\xF6\xF61;\xCAlʒ\xD9D,�\xE4\xBF�\xBCS\xBE\xEC\xFD:\xCA\xFB\x87 at X9\xF0�E�\xFEcGB\xC9:\x8DP\x8Er\xF9U�n
-xJ\xC5xQ\x{DF45}j\xFBk2�\xC6ê¹”yg��Zn\x99E0\xB1\xB9\xAC"r\xF5%\xB0#�\x9E\xD8\xE8\xCD\xD0O\xE0\x85\xA8\xB3qE�\xCE\xFBДv`\xE6�Pᥧ\xDC\xE0\xC9\xF9\xBC \xB6�\x9Fm}\xC6�O\x81\xE0}LZ\xDD\xC2:|,'\x98H\xF5\x95\xF9�\xBDg�{\xE3[CcÖ\x96\xE7�\xAE3Ê”�_!q�I\xB91\xC3l\x96\x9Bwl\xF8e\xFB"-\xF0\x96\xB7v:!\x94U\xEE�\xBC�\x8C\xCB\xF1\x9E\xEAG\xAC\xE7 !\x8FE\xB2\xBAZ\x99t\xFF\xCD\xFDw\xCF%\xFFmV\xE7\xC7"\xF2�y\xEC\xC4\xE6\xE7\xC7�r\xFC८\Q\x89�\xCF�\xBE\xF3`\xB84\xC6)�Þ°7\xB9\xD5\xC9.#\xB3r.\xB1cHV\x8DX�\xCF\xEB�g/�\xD6=��\xC9.æµf\xF8\xB8~\xEB<m]\x92� \xDBG\xA3Ä
-\xDD\xFB\x84`\xB2<y x᤯ {?5\xE2�\x88J|\xB3&<\xD8#1\xCB~\xB7\x95\xFET�\xB0\xFCp� D�s\xBF�\x8C�\x98�\xB0\xA6\xA4$\xBB\xAD\x91�,
-\xB1\xA7�\xBF\xA9-?gfB\x8E\xE6\xF3\xACJ\xFC0�H\x8E�l\xC0\xA5\x8A\xB1\xF9�j\xEA.\xF1Z\xFD,\x86�(\x98@\xFDÜ°\xBE\xD6Ñ«\xAD\xC0MÄ\xA3P\xA0�k\xE5\W�q\xA8\x8E\xE0\x92�\xF7\x82\x9F%�/\xB9\x8D\xB6\xF5�\xF2�\xB6W\x80\xDF�\xE7+\x9F\xDAYÈŠ\xFF\xC5\xEC\xFC\x9D\xABF\x95,\xC3'\xF2Y\x8Etت\xB4\xE6:1\xB5m\xFF�\xE2\xC2\xC9\xF8\xACÝ\x943\xE93�\x9FP}\xCE\xEE\xEBb\xA8\xF4\xCC��G%\x8F\xF1+_(\x8B\xF8\x9E7\x97? d( \xE4\xB0\xC3\xE7t�\x81\xAFB\x90\xF7\xBB\x84{tJT\x98\xA5\x82\xE9\xCD*� \xF9�\xF9\xFD\xFB`\xE7\xEB\xBC6Ù¯c�\x8F�\x882\xC1�\xBC\xE8\xBB�m\xF4\xA0�\x80.B\xC8(\x86\xCA\xD7�\xF2\xD8}\x8A\xB9X\xD2>\x92P\xE6\xFE\xA9�A\xE5h\xE8K\x95H\x85fŬD\x8F\xFB\x8BI/\xEEsÓ¶#\xD2\xEF\xE0w\x83Ȥ\xF7\xB3\xF3@\x8DO\xD1\xD0K\xCDD7\xE8\xC3�8Mf\x90\xCE\xC6g8e\xC7\xCA)d�\xF4v\x88\xCC�ǘ\xEC\xC5r\x90�D\xA0\xE9\xD9�'\x8A�\xB2\xAF�\x95\xF1\xE2
-lL\xA8�\xBF\xFD�È\x8B^\xE6Pc$\xB0I\x92}\xA3]\x8B\xA5\xE2\xA0�\xAA\xD2�\xBCF\xD9�R\xF7e\xE0�BI\xD4b \xA9�Έ\x9E\xE1\xF2\xFA�޷‹\xB3\xAA�\xCAH\xC6A�\xA6�\x8F\xF4\xBB{\xFFYw\x98\x8A+\xB9\xA8\xAA\xB6 D\xC7\xF9gÚƒ\x80�\xC1\xB3U\xF49qS\xB1\xBD?\xD7B�x�\xAB\xF5\xBF\xF1�\xBFkJM\xC4Ù™\xF0\xC4W\xCA\\xB2t\x97\xBCÑŒ�\x83\xBD�\xB0Õ¦\x92\x94pS\xFFp\x90grI\xF4\xBF \xF9\xAAZ\x87\xE4+%�V \xF5\x8E\xF3\x89\xEC�\xAB\xA3\xAE\x98s\x95WD�\xE9\xF4\xF6 *\xEED\x82\x81 I�0\xFF\xF1\xF9B\x96\xAB\x9CD\x8B\xD7�jA+\x8FjG\x8C;Ó¹8&\x88\xE91\xDD\xFA\x93\xE7\x8A\xCF\xF9^�3\xA1\x99\xB6"\xED\xC1:\x9A\xB7eW\xD56^#\x97\xCEB�\xF5\xA8,^\xD8s<ND\x8E\xD5fD\xC1\xA3а;�\xBF5\xE6è—¶�\xFAp\x80Je\xBEb\xF9G\xBF\xCB��0\xB3\xD8g�\xE4\xD7\xFF\xFB̦\xAC\xC5^K\xD8\xD2;\x9C\x8B��\x9B\x87B\xB2
-\xF3\x8F\x98\xF9\xBE0\xD2L\xF8\xE6 s\xDBE�O\x8E\xB8Z\xEA4\xB8�:\xF2=\xCDu\xF3�\xA5\x84\xC1\xF5s2\xEC]\xE3\xE4\x8BCe\xB5\xBFlb\xF8\xE5d\xE7Ê(·y\xA5�\xCB\xD6�\xBD\xAD\xDF\xF4�\xEC\x{19C153}\xD1/\xFA�\xC5��t\xC2�?Bs\xAEÐ
-qE�\x9C"\xAFN\xA7Y\xB5\xC6J�\xE5\xAF\xCFLzB\x95>\x{16E262}�3|\xAB\xB4{\xEB\xF5\x9A\xD54\xBC:�\xAA\x8DE\xDFn\x82\xA2!!\xD7\xDC�\xB9~ń\x81�ﶵ\xDD\xFB-a\xFF\xE0\xA5.�j�\xFD\xC8�\xF3\xF8�ʺ�\x9EQQ9\xBD\x87\xB9\x9A\x87\x8C\x874\xAEOw@�\x9B\xDC\xC70\xA6w\xDE\xF2\xBC\xAB\\x8FM(\xD3C\x85\xE5P"\xD7j\x9D�GU\xBD\xFE\xEC\xD8 \xB7�\x8Fk\xD2�\xB3[Іr\x9D\xC6{\xE8\x97~ U\x8C\xAA at a{K\xAD
-\xE1���z�\xD1�\x85c\xC8\xDF?æ\xDA�\xDDz\xB4\xE9\xD6+i\x80hO/%\x97Q\xC8\xCD\xCB\xD2\xDD\xCD�\x9EHtNã²\xFA\xA1P�\x98\x8D�@\xFE\x81\x93\x8Bi\x94\xF8\x87:=\xBB(-;%\xE7\x97k\xC1\xA7\xB5\xD4}Q[\xB2\x93�\x95L\xA1�q\xABn\x9D��\xF3d01\xD9L\xD1\xE5B7�\xE9oU`;N\x90\xF7�0\xD7r\xE0jnv\x92;\xDDn\xF7i<B\xD2�\xCE\xC1\xC2%\xE8\xF3\x8A\xBD\xFC\x85�\xA0)�\xC7\xD9`aQ\xB2\xA0\xBF-\xC4H77E\xFAqÕ½\xD6/\x89\x9E\xA2\xE1^�\xB9\xE5,�\xCBJ\x96�\x8C\xC1�\xE0ïŠ\x92� \xAC4\xC1
-�\xE87�\xABCnL\xCE\xD0V�\xBC\xBDN\xA0\xA9\x8D\xB1 �)i4\xCA1>\x95\x8A\xC5Y\xFD\x87w\x92>\xBDXe �L0}r\xE1'\x8Cv\xAAz
-\x89u\xA6\x8Dbr\xBA{T\xD79\xFAF\x868\xF0\xCB\xD7RC\xB0L\x9Fa\xBF\xF8\x8Ct�\xA1k\xCFa\xA3LO1Ga��
-\xEE~\xA1\x91�\xA0n.\xC1\x9F`\xBF6\xE1�ǻ\x95\xF6AW\xCFh���\xD2g\x9DMv\xD7\xFE\xB0e}\xD2}\xF5BW\x9A2�j˟�D]\xF7\xE6%IR\xE8I\xBC\xE8'�E\x9A\xF4h\x9D_-\x96�\xBD\x92\xBE\xAFΕk\xA6z�>x��\x9Ei�w\xB5\xD1�~\xB5cx
-ڈ\xAB\x95\x9A\xE0<\x82\xAE\x86m!X"\x99\xBFB�\xFE\xA8\xAB\xC0\xB2\xB2\xB1\x80\xEC\xEA&[\xFBQ�\xAD"w\xD3\xC5~\xA9\x9B\x87;\xB6צD\xE0\xB9�|\xF6\xC1>\xBF\xFC\xB0y\x96\xFAN\xA6\xAA\xF4L�\xCD�\xD4)\xF8\xB3ʉ_x�\xAE\xB8\x9F\x9C.\xFC\xB4\xE3�ۂ̳\xEB\xD3x�\xAA\xFF\xC6Q:+\xDA>\xB3�)Ĩ\x91\x87+F\x81\xA8�?�\xB9\xF1\xA4\xA4�fX\xB4^R\xBCG'Ϭ�_U\x8D\xA8}\x8C\x95\x80;\xD4�K軈\xB9\xD9&KzM\xCF8J@}gT\xD9%\xB9(
-\xF5\xAA*J\xA0\xF0�\xA5)�\xBD?\x97\xC4$\xFA\xEF):p.\x84\xCCH\xC3`Ɔ�\x96\xED�"\x96\xF1\x8EN\xD4\xC2I\xAA\x\xB6'k\x83eFb����R\xB4\xEByf=who\x8C\x8D\xBAӲ\xE8�\x8AՖD\xF0"~VWn
-\xEEMŸp!C\xF0\xF7\xB0 \xBFނ\xC3�}\xCF1Ϊr\xC5LM# D\xCFh\xFF\x94�\x9E\xB1j\xA1L\xF2\\xA2dBp\xEF\x81Ф \xE4\xF6,\xD7ee\xD4-\xA8\xBE\x91\xDEq\xBA\x98��\xC2��0x{\xFB\xEB35H\x81\x8Au�\xEED�#\xB7�&9!\x84\xE9\xBCoy\x8C\xDC\xE2!\x83U�\xA7"*p\x81\xF7�@�\xAE\xE3M\xE9ɯ�墤C�%\x98\x94{lwN5\xC1\xF6M<�8\xEBDL!\xAC!\xBBx\xBC\x97,\xFB\xDDX\xC4\xEC¸=\x82\x94\xF0f\xDFy\xD1!\xEC\xD7v \x95�,LI?_\x90
-�\xAD\xCD\xE7\x9B\xEB=%\x84\xB3S\xFD\xFAh\xC0t\xC5F\x8Em"\xBA\xDCÝ„I\x89/5r\xEEl
-3\xFCjX\xA1\xCF\xF10I9\xF2\xA9|)S�-�1!��\xBF\xB8R*\xB8/\x91\x91\x907\xF7\xF1=K\xEC\xF5\xC7^A0\xC0\xB5\x8A\xFD\xF6m\xD5[�+V$@\xD2\xC1Û“�\x88\xA4\xFE�\x81Õ…:\xF55�\x82\x9E,\xDFE�4J\xA0˪�\xAB\xC4R_:\xC7P\xDB|\xF3\x8C0�HÍ‘\xE4[7�r \xDB&i;IÖ›�C�r-ß¾\xAD\xBB@\x8A/qÆ–\xFB\xCE6�L\xF8\xC4V\x93P_\xECY\xC5�\x87\xB0R'\xC2\xC7T%�\xED\xFDR{=\xBC{<I\xDDYw\xEE\xB2S~frÑ\x89\xCC&1\xD3�\xF3\x9D�~\xE0\xC1�\xAE\xAA4e.\x86\x9An\xC9W\xEC.\xE9\x89\xF0�2\x80�\xD0�DCN\xA0\x9EM\xC24/Ie^\xAB\x8FÄ›�\xE1P\xB5\xE6\xA3S*�T\xB6\xF2\xEB\x86\xC2\xC9j0g\x93\xA9u\xD6|\xE4\xFF\xCC: \x9C\xA7\xEF\x9A�)�\xC5\xD9$�)�G\xA9\xB7\xFB\xF6-\xA7\x8E\xEE׉\xA4\x95KB\xE3W\xB0>\xB5\xD3\xCB\xF2
-\xAC�%\x92\x84�ud+\xFA�Ó¾\xDF+U4\xC9K\xEE\xC0\xC7YC44\x97R'�\xEC\xF058\xBF�G\x97\xB3\x89\x93 at -Ί�\xC1\xD2Û…\xAB:r>\x91O\xAF\x95p\x8F\xAF\xBB\xB5W�\xFEN\x96\xD2;⟟\xBCG�\xBF\xF2\xA4sf\x84p\x95@Æ‘\xCEÏ…)\xA2e\x82 KN\xCFv\xFDQ�s\xB8k\xA4芪�\xE1$\x99\x9B�\xB8\x8Cg�\xEB.\x8B1\xECX\xFF\xD3\xCC3@\xB6�-V\x95vØ¥\xE1�ß¡\xFC\x94\xAAA\xB4\xBDP\x84\xFA\xBDp4��\xEB\xAApç¹H?SO\x9A\xF0\xA1]\xF8\xCA\xFC\xDBAk\xBB%\xD6gwr\x88�\xE7|\x9F\xEA=\xADFߊP3߬�\xE6Y\x8E!\xD6�\xD2.(o�-z\x95Ö¤j�k:\\x8E\xEB'\xE7\xAC*
-�eVf�\xD8�\xF8(\xB3n\x85\xF3�`\xA1\xBBL\x9F\xD5\xC2vs8\xC8-7\x86\xB2H\x8A\xCAmU\xF8fnmo\x811K\xB1x�\xED[J{ϛѕT\xCB0<8i*_\xD7/\xB3bY\xBB\xEFI\xFD\x89P\xA1\xF65�,4\x89��\xDFW\xD3wk\xF5\xC4C�\xF3\xC2܈\xEB[9\x9C\x86H.���\xE1\xEA;p\xC2\xCF��\xB6\xA1�g\x88\x95Ú†P\xECY\xCDoJ\xD4av�Q\xDFFݘ\xAA-1\xB27\xB9\xF3H<l\xC6\xF4\xCFi�\xABQ5\xBE\x95�G\xA80\x95\x81\x8F5s!O\x93\xF1\xD2Ø€\x8BÕ¨\xCD\xCC4\xCBx\xF4\x82\xE3��\xDA{.K\\xF5CUxPZ\xE2i\xCC&\xD9\xF4�NEUdX|���<\x83\xC9&UÊ‘|\x8B\x86\xB9_\xC8�A\xC4FA\xEFc\xAA\xF1X4��C(\xBD�x e(\xB1⑃:\xE4j\xA3\x9E]a·\xADc\xF8\xC6$c\xF2)\xC8D\x80�wZ�x�i2Ñ›��\xC5yI\xEAY\x9E�\xC1\x8Av�\x80;\xB2\xBE\xF2\x8D\xC6\xE5Íž\xE3\x87cl$/\xAD"B\xC0C\x91T\xC1vâ³\xDFM\xD6�\xFD�/�0\x96�x[\xAE\xDF45\xFC\xBE\xF02;{%\xF6Y)\xF3x�\xAE\x98&\xF9;\xDF\xC1Y+6�G�\xC4B\xAD\xCC&\x8DZ\xDD-\x82\xB1K\xCE\xDA!��\x93j~\xF9�\xB12\x88�%�\xA2p\xD2w\xE3\x92�\x97\xD9\xC0�\xC2\xDFmf\x84
-E#y`r�\xE2\xA0\xC9\xF5n��q
-x\x8F\xFC\x98 d\x8F\xA8\xBFL3\xA7qhÖ\xEA\xE0\xDEVס�6{g\xE1\xFF\x8C\xE7\x8F6\xCCdA^�r2~yOw\xA4n\xDD\xCB\xC6�\xBAV5\xCDz7\x8C
-\xE1ߺSj�\xC2)"Ta\xE8\xE7C\xF5#)\xF0Õ†�U�zÊV�A\xF0�×¼�\x86W0~\x9E5\xA3\xA3ÒŽ�dg\x96l�\xA2\xEC\xA6�ݤ\xAE\xD8E�x\xE7\xA3UU\xF6\xB2\xAA\xCA\xF7\xDAU:p�I\x9F|\xBE�m\xF4\xD3xI��\xA2Kd\xF0\xF2\xA7�oj�"\\xD2\xE7�7�\xA9=�%\xBD\x9E\\xDE"\x9D\xE4\xDD7<p�-Ƀ�E;\xAD\xF1�\xAC\xC6m\xEA\xF8\xAE5|\xB2\xE8;l\xA6\x85\xCB\xEFf\xE9O\xD9\xE6\x93|r\x83k\x8F\xA8\xE4\xC1\xB1\xCC\xCD�\xC1�\xE6\xBB\xE3T�\x9A\xB1\xC5V\xCAqs[�V(-Þ¸\xDAt�\x8B-�\xB8\x91\xB2\x9F4\xAE\xDF\xF93�\xBD\xFCo\xBAI0\xDE�\xCFP&\xFB\xD6?\x89\xB3\xA2.\xCDC\x9C&�qG}y\xEB\xB3H��\xA7�\x8CY\x85-\xB5}"Ú¿\xC7\xF3�\xD8�\x{1BECA1}wO"�\x8BX\x90 C\xBF:z\xA3 \xA7\xA6�5E\xEE\xC1ì–œ+G\xDE\xE4(\xCB�\x9B\x8DW\xFD~\xCF]\xB6\xFE�\xB1\xEB\x87\xE3vA\xF2VQ<\xE7\xF4\xF9)\x94\x87d6G\xE3W\xC0\xF1\xEA\xA6\xEBi\xFF,\xB6\x80\x97`As\xD3C:\xA9\xA6\xDD\xF7\xC7�\x9DjiÙ³\xA4\xE1\xFE\xC2\xEEyA.\xE7%\xF9\xDBA!\xF3���of(kI\xA1Õ°\x99\xE8Þ©n\xFES×¹\xFA\xE8T:\x98\xF8\xB2*q\xDFN\x84c\xBD\x85`�\x9Cc\xF7\xC2z\xA4��<\xA4\x8F{(\xC1(\xB104I\x9C\xC8--\x98"\xFB\x97�柚�\xB8ñ±©ƒm\x91&\x{3B29900}\xED`/�9\xA8f5�1IEe\xC1\xD8\xF8�\xEC\xCA�\xD1\xE00S\x9C\xCF\xE8�\xDE7\xEBq\xE9b�z\x89\xAC|�\xE2\xB7V\x81\xA0\x84\xA1\xFD\xCF{\xCF#m\xE0\xBDP X#\xF6o@Í�\xF1\xB1u�L\xAA\x8Eq\xD9@~�\x9C\xC7�csO\xF3)\xAF/\xD8\xE6\xDCy\x97\x90\xD8ÕŽ\xE4\xB2f\xB2\x91x\xBD1�qv\xAF\xF0�\x8DV at q\x819\x92>%\xFFCEzÌ¢\xBA"\xAEF _�ZC\xD39\xA0\x9AiO\xF3\xD0\xF4z7\xC2n�\xE88zU�\xADÚœ{/\x967\xF0�\xE5T\x99�|;\x8C\xC8F\xAC\xAD\xAB\xE3\xFDA'I\\xC5w\xD0Ý–�e\xF5 \xF5&R^'0ÇŽ\xE7\xE5]\xE2\x97\xE5 ��\xE4\xE5\xF6\xF9\xA5&}�b\xB3\xEE\x8D*R%K\xD7V\xB4IG\x90gd\xB5T ,\xF8\x99ξ\xBD_XY\xBB\xBF`\x8D6�\x8Bb\xDA|�\xFC\xD3e0m\xEAr�\x80v\xF8\xF1]%\x85?\xAAz\xD6i\xF5�\xA3\xBDa\xDB�qߧW\x89\xAC@\x80+Ò—~\x86 ��\xA1\xBD\xFF3ʤ%i�\xD6\xFD\x8B\xDAq\xB2\xAFY�\xBF\x8D\x9E#w\xD4A\x93\x96b\xFE�\xA2\x9BWT@\xB6Mj0�\xF4\xED\x96lb\x8FX`=�<\x9E+v\xD54\xBF\xFBi\xAF?4
-\xB1\xBC[\xA4\xE1\xCFm\xC1�\x97�?\x90(\x87g\xAC\xBCÓ™i\x9D�\xD4\xC6.\xE7H\xA8�\x9CP\xB1é„„Ôª\xB8\xB1L\xC8/�&
-\xFB\xEB\xB2L\x95k\xA7\xE2Û‹\xBE\xFE\xF8\xBBE~]\x8D\x98\xEF\xFD\xC7\xC0
-wÉ·O\x85\xC1%\xDF:=6(\xA4\xB3\x82!
w\x9E�lB)L\xBC]Q�\xEBg;C\xE6b0\xA48c;vFy\xD7�b�\xEF\x8C�\xC9SJ\x95W\xBD\x8A>\x8FaW<\xC1
-\xDE7\xEC�\xD2 \xB2\xE4\x88f\xE3\xBD\xEF}7�\xD3+�>n\xC1tKX\x8B�@�\x83\xDE\xD5�\xCF�+K-\x94\xB9aO\xE7\xBCZ\xA3\xF2"\xFDNTX�v\xE8\xBE\xD3�\xF8>\x8A\x8D&P\xF6"rS\xA8\xD0ÚŸ\xD649fÔ²� s7\x8Co\x82\xC2ls\x95\x98}��O\xE9\x92Ó”\xA7\xEF׶x)\xD5�x'!\xF3\xAE\x9D�X\x96\x96)�\x88\xF3\x9A\xD10\xDD\xCFw�Rs�ʩϱ\xECl9\xFCH\x98I2\x99�"\x9D\xBF_2\xF8�\x8F�\xD2$3:px\x93ewxF��{\xC4Å®,\xD9\xF8;K\xA1\xDB9��\xD9\xDBX�\xA9e\xF3\xD0\xFB\x88A\x90\x92\xD41U\xB1 \xD0�\xB7L\xB9\xED\xB37\xE3!\xC0\xD0\xC1\x81|\x9E>\xAA\xD4M\xC8\xD1`�\xB7\xF9\xB7'�\xD35�\x90�s\xDE�\xEF \x91��w\xB0\xFC\xA35�\xA1\x86\xF3\xB7#\xF28\x8A��\xE67\xA3\xF2\xADk\x83\xB0;\xB7{\xDA%\x92\xD3��Z1N\x967mc\x85�I\xDE\xF1\x92Q\x86X\xA1u#P!\x867S\xBD\xE7\xB7\xE2Åj\xA6_\x83�\xA1\xFD\xBDÒµ\xD8%DN+�zÓ’}4\x98\x80XW\x8C\xFB�]o\xE6\x91]D]t\x99l\xAC\xA0\xD8j\xB38F\xA5Lf\xCE\xD9lw6\xA7\xEBc\xF0\xC3�\xF1\xAF\xB5$-5\xD7\xCC(\xEE\xB4\xC4\xC1�\xE3\xC4\x{128307}_\xA7\x85l{\x8C\xD0}n\xA3>\xBE6\xB8kV\x93zk�d\x{1142CB}w�\xF0I3\xBF�\xF28S\xC4\xCBR`Br#\xC3&\xBA4\xBE=\xA1\xFExq\xE2dm/\xC20\x8A\xC3<hW2\xE5f\xFBR#\xD6\xCC�r\xEE}\xAD|\xA7\xC9B\xFC\xEE_\xDC�÷\xE1D]ω΢\xC6\xCE�{\x9E㈇\xA9\xAD5:\xF9I\xFCA\xDB\xF7Y9S.\x8FD�\xB7 \xE6�\xF7.Ù•c\xF5y.�zP\xDEX/\x9AN\xDA�\xDE\xCB<`)�0\xAB,a\xBB\x85jQ\xB5\x8D\xDD\xC0�\x88P*\xAAZ�\xFF\xFCT\xA6\xB6\xD7_B\xD4\xC57
-\xEEk\xC0\xFE\xA8�\xEB*|%.\xEA at w\xE1\xA3\xC6\xE9\xEE_\xF7\xAE \xA5b\xF4�\x9B\xE9\xCCv\xF8\x9E\x97\xCE^$(6kM-\x8C\xE61\x8EtZlFU\xA4\xD4\xD3θ\xD3Z\xD5Û®\F4sI�\xFE]#\x98\xAEN\x81\xC9oP\xBF\x84\x89�t\xF5Û…\xA8\x9B\x9C\x8D\xF1�\xAC\x9EÛ—ug\x81\x8F\xFD\xF1\xEA\xE0N�a\x9C0$\xCA\xF7�Þ³1Å\x89\xA5z.\xBE\xAB.#\xBE\xB1u\xD4hv\xDA\xCC�Q\xF5\x83\xFB\xFD\xC7\xF0\x9E\x98&�S\x95$\xE6\x86J\x87\xA9\xD0Ñ’\xBB\x82o\xB8bļ8"V\xE0\xDC"|\xDF\xC3b\xAE\xD7\8Ò…(\xDDF7\xAD\xA0ct\xAF�\xF6\x9CPe\xB41\xE44Ç¿d'Q\xD4'0�\x85\x90\x95%s\xE7\xC04W�\xB1\xAF&\xFD
-\xD8
-�4\xAB\x9Ej)\x90^� \xFFb}H\x8A�\xAC\xC9[\xED(\xA1\xE2&C'N\xB8\xC9pD�\x96�'\xAE\xB2\x94\xDAo^\xC9mBrz~\xA3\x91Y\xFA�8l\xA3�U\x951M‚\xFC�P\xD2G\xB5\x83?m)\xEB�\x8Dڢ\xD0\xC0\x97=��\xB4�?Z\x82\xB3\x99\xEDŘ\xBF\xE5\xF5�\xBA�\x828\xE4I\xD6XG\xEC\xF095�\xF6%a�\xA3\x9E�\x93\xE7\xEDN\xB5M,*4\x8D�0\xFA\x97\x8D0
-\x82\xE9\xF0G\xEBÛ™]\xF5
-s\xFA\x86�KeQ\xBF \xA9RL\xD4�\xAF`\xA6!\x90\xEC\xF1\xC8\xC9i�\x96\xA9D��\xB9l\xD6I\xC6\xC5)\xB9\xB7I\xAE\x94\xEA\xC1
-
-<\xF5\xBE\xC3\xED\x8A\xD0mR\xE0-<\x96\xB2\xAB!\xF4�\xCE�U\xE1\xEB\xE65Gg\xCCU\xE7\xBCO;(\xEDn:
-\x99\x86�ZKv\xF1#\xBC\x99\xA9 \x90W\xFA\xE5\xD5\xCD\xDA��\\xCC$\x92~W�ZR)\xB4ԙ}\xD3 at -׺�'\xD8ڑf#J\x8A�\xEA\xD6\xD0\xFB\xCCt^Lϻ\xDA�\xEDn�\x8D\xFCd\x88#\x92�\xE2\xA8\xFF|P\xCCU9\xB4\xE2q\xBB\xBA�am4A\xD8�y\xA9�E[ق�
-+\xBE\xED!t\xB6�\xA3'�\xB51X&\xD41�\xD6'\x98�1\xCC\xE4x\xD6n\xA2\xD5I\xE3\xF1�7]\x9B'm%\xA9S\xF9Qe
-�Æ\x8D\xB0Ea\x91\xC4
-\xEF�\xB3cÇ°u\xA5\xFB\xED\xD3�\xF3 \xC9b\xF4\x868\x97=\xB6
-\\xD3C\xD0\xC9}\xD3\xF0\xBD\xFD\xB3\xA5\xE8\xB3Tw\x8F~\xF9\xEA\x89%\xE2\x97Þ¾\xB1\xFD\x83\xFA\x94\xC6
-\xA6\xF0O\xB5\x8AmCOu\xA33\xE37�3߯Ç�}\xC0\xF5\xDAH\xA9eé‡�\xAF\xDE\xE6Z[\xF9\xBE\xEB\xBEE1"]\xB0\xD3Mw\xD1í’³\x9F\xA5\xAD6\x96\xB7I\x92)\xB0qߌ\xB9pèŠ\xD76W\xB0}h �'�\xA2py<�\x90\x8BvA\x82\x8A\xB5�\x96(s7\x81\xD8,�\xB4ψxb\xC6B\xA6\x8F\xDC4m-qCG
-G)\xB4r\xBBzo\xDC8\xE3\xF4\xFA\xD9g�\xF69\xB9\xE3F\xA8\xD6c\xF6\x8A\xFC\xD0C�\xC4;0OW\xBE\xDD\xF1}\xA50^wyr\xF7O\xFC-U>\xB9\xF9�\xE6d!j}Š�\xBEzu?\xBA\xF0�u\xB7iz\xFD#\xA5rzV\xBE\x82\x97\xEA!H\xB9iB\xD2�\x94\x84��0(\xF3\xCA4w\xBF#ךB�z\xB6\x9D\xD3j(O\x98\xE9}J\xEEg\xFAԖ5g\x95h}\x9B\xF7Y\xC6߽'1x\x84̞��'\xF0\xF6�B\xE7�KH?6#s>\xDDe\xC4�\xDB\xE9\xA3yw\xFCF�x�\xE7�g�HQ-\xEBĄZ\xD3N �\xA4\xFALƅ{\xF8]w\x98�\xA3\xD5A\x8B\xC7\xDB\xC2T\x93\xF6\xEFY2%�\x82O\xFD��:{�Τ\x9C\xB7\xF9\xB9mf%Ii
-\xA8�_\xD0ʾ\xE2�\\xAC�_;\x87\xF7\xBE��\x94|#@\xAA�F\xA4\x9Cq\xAE# o\xCBb\xE6SI\x95\x98\xB5\x96�\x98\xC3-\x88�\xB8o+ݪQ�\x90o\xF4T at 7\xD7d-\x89\x8ETX\x91\xA7\xC2\xF2�y)\xC1\xDD!t�+1\xC8\xF4&�?)\xFB\xE0%]Nij\xA1)[R\xFA\x9F\xB1\xF9�\x96V\xECd\xEDC\xCA\xE5MÐ\xF6\xEEØ\xA9\xB4Wp&Y\xB9\xFC\x93/\xFF$�\xC3�-|\xF7\xE6\xE8\x91��\x80\x98\xC4-OjB$\xFC\x89£W
-Ux..�\xAB"\xB2\xDF\xD0(\xE3\xF7\j�\x9B\xAF1f\xB54a�\xB9\xFE+\xF2\x84\xBF,\xA0y\xE7\xAD~\xD8\xE2\xF9`\xD9ᶄ\xE73M\x9C:\xE1\xDC�i\xC1�u\xB4\x9DL18*\xBD\x87\x9DhB0\xF8\xDDu\x94\xE3\x86ϻ5\xD9 �*\xBC\xA3 ?j\xBB\x80$�\xE9\xF8\x8B\xF9\xEF\x82\xC0pQ\xB9�<\xC2ӥC\xEF\xB9\xE6\x97s�\xE5\x90l{\xD4�TB\x94\xA5\xDA
-w\xA6h\xE9Rs\xBF�4\xE1&\xE6}\xBC\x99�\x98N\xDCt-\xF7sj\xF4\xD3D\x85\x84\xB9"\xAF\xD4D0x\x9B\xCC��w�\xF5�`\xE89�G[N\xBA��xw�\xD7"ws\x97�\x8F\x9D\xD5\xD7Ù¥\x86\xF9\xE3\xB0�Y\x85u�g\x85T\xEF\x8ANCb�\xC0\x98\xF3\xD1\xEEZg#\xCF^\xAA-\xDD�u4\xECf\xC2\xC37\xCBODΉYo\x9D\xFC\xCDoV�\xB6NZ\xBF�\xC32'i\xFE Y\xEDW\x82\x86Ý\xA0��\xA7\xE7t\xD6X\xE51\xDB\xE9�\x96\xB1}G_�\xFB�\x86\xA1\xF1\xE7d\xCA\xC3Ï™6L\xE9FgY\x82eQ\xAE\xD2\xE9\xA0i\x95\xC16(tÛ»Z=G\xCCRxwf\xFEî‹Ÿ\xF3\xE4��(\x93\xB0�-jd�J�T\xE8S(<\x8C\xF6Qz_�\xB4)�\xFF\x9DG0\xD5\xE8s+?Ä„\xEB#�(\xBD\xA28\xAA\xCB�\x9B\x8F\xDDg6\x91\x84�\x9D�\x8FM\x9A<i\xFBR\xA6q \xBB
-F\x8E\x91\xD0�&\x82O\xE3\xA0\xF3��"�B2{6\xE8cg\xF4Xè\x8B¸\xB8\xE6*\xE3h\xE6\xB4\xD8\xEA\xFEv7\xFE�\x87\x97\xCDv\xD9�\xFA\xE4^\xEC%\xD2\xF6\xFEY\x93m)\xB6#\xFD�\xD6\xD2ou7\xC8UTN\xC4
-\xE2\xF2\xF3\xE0\xC2�_Z\x96~V\xB3\x81-!�\x9D\xB1皒vWd\xA9\xED\xAB\xD4�Z@\xE4\xD1ǀ~��\xBE\x9F�oC|%\xA8\xB4>2 N�\xBC\xA0\xE3Ű\xD59I\xB5\x83\xCDE\x83\xB9\x8AVΓ\xD7\xEAX\x82�\x90(\xA1<\xCC1\xE5\xD7;\x93�5s\x8B!\x97\x96�3\xDF
-9\xC8\xDB:gWoV\x87Z|ߧ\xC8v\xB4\x801�r/#J� *?\x8CK(\xE2\xEE N\xBB$\xDB#�\x88&:�t\xF5\x9C\x{1C56516}\xC4n\xF9J\xD7\xDC\xD2\xEB\xAB\xD4�\xA6\x90\x8E\xC0`\xC6W؈4\xEF\xB65\xA4�Y\x89\xE1]�\xC9\xF7\xCF\xFA�$գ\xBE\x87u=WL@\xA4�)B(ۀ \xDB\xEB\xFE\xD6�4\xF8t\x8D\xB8\xB9�8o\x9Ei\x96\xA5\xCE\xC5$3.\xD8\xF8\xF7�2\x9Az\xBF\xC6(\x86�R\xA6"\xE8/�#(\xA9<\xBC\x9Aj\xEF\xA2d}ֆn\x93{�\x8E\xCB\xCB\xD6\xD6\xF0yB\xFAN\x80\xAD~Y
-�\xF3\x91w\xC233\xA8\x9D\xBA\x85j\x98"iQ\xD6}(\xAD\x87|Rb\x96+{\xFD\x80\xF96b\x81\x87\xBA\xB4\xEB\x84ʹV\xA0\xCD-\xA4\x9C�\xEAYa\xBE\xF7H7\xB9\xE9Ç1\xBDz�W\xF5\xEA�\xC4Ѭx\xBB!\xD5\xF8\xF6\xEA\xE5\xF8��\xF6\x91Ĝl\xC20F\xEC,e\x84:\xAC\xFE\x84N\x88\xA0\xC5B\x94qHۦ}\xDE#\xC0\xE4\xCB\xEC\x94�\xFA3�=\xBEǼڵ\xA2Q\xDEDm\xA3\x8E�\x9C4w\xFD,)ֽ\x991\xAE\xBC\xB9up~�\xAB\xCAO�\xA4*\xE2\xCA\xD88\xC19yZ\x93΂ 2\xDARb*AI9\xBB\xB4\x9D\xE4\xA4~\xD1o\xB9!\xE6[^\x9E\xAD�\xD5\xE7\xF88u\x92.\xFD\xB2 \xC4"J闫r\x9C\xAE
-�e�m\x8B\xC6�\x8E\xC4P\xC3\xC1\x9Bg[\xA8�;"\xADHT�l\xEF�\x9B`R\xAC\x9Fݿkh>�\xC4\xF9WTD_\xBA|*\xA7-\x93\x9DX\x8D�\xC0�\xDD~�X��\xFC\x99%\xD5򙔓\xCE�\xF4K\xBF\xE3�Qw\xCB
-/�(\xF0\xF5\xB0&\x9B��f\xADs\xBE\xD79\xB2 \xC9\xFDZ\x8A@�\xB8-\xDC?I<X\xF7\xDA\xEFX+ÎŒ\xC02~J\xE2\xD2�\xEC�\xA1~�\xBB\\xA0O\x9C:�\xDA\xC3�a];q\xA9\x93\xABW\x84\x9E\xFA:\xF6�\xD9\xC1\xA5\xE8\x94Ã\xA1"/\xD4lG\xFCÐB\\x95�\xFF�\xF7\x91v\x9D$\xABÎŒwð��ƆAh*\xFA8\xC5\xCBv\xE6\x84\xD3\xED�\xB26Q"Õ‹�\xFB\x86�m\x9E\x97 �\x86\xB0\xF5#\x9B\xFC\xA7mØ»-�\xBF\x8E\xEC \xE5\xF79\xE5ĉ\xE1\x8BB\xBB\xC8\xE8�\xB2z\xD1
-h�\xB2딟)\xBAߩY�\xFF\x84\xF3\xB8\xE0\xF1\xF1>b�\xF57\xCA�\xDE �|\xAB4�
-ƴ\x85\xAD\xB2\xD6\xF8\x95�\x97�\xABY\xFC;%�\xA6ݴ\xFBN\x8C\xE0]\x89֚9m��0\xEBz\x9AȮɂ\x97G\xAE\xBF>\xF5\xBD\xB4.[\xF9\xE9�'Gk\xFAF\xB7_\xE1~(�~\xFE\xD2TpZ{H\xFD\xCF\xD8@\xF24�\x8A\xAEբ\xBF"\xBE6\x9D\xD6\xCC&\x9E_\xE8px�W\xF9\xEB
-\xC6Ñ•\x9A\xB0J]\xE8BeP\xDB\xCDÛ¨\xAF�T_]v�\x97\xC2'_\xAA\x83eg;
-\xD1+\xC3fP\xAD\Z\xE1!\x8E�Z\xE6t�'\xB3�\x98^LE \x83\xC6F\x8F\xBE\xF8o\x90\xDCXfT\xCEsl\xD3)\xBF�L'\xBB4Ò†\xED;�V\xED&:\x92\xF2$�\xE9\xAE
-\xF4\xE6\xF8\xA2\xEA���� \xFC\xDDJ�Q�>\xCAI\xB1Í\xBA\xA3\xC4\xDC\xC3�\xB7f\x8A\x9B\xD2w�\xEB+\xDC\xF3\xB1H�\x91\x8C?\x88'ܦT\x98\xD4V\xB3F�#\xD5jpi5\x92L\xD2hN\x91\xDAA\x90C\xF5g#\x9E\xA5\xA9}E7^\xE5 \xF2\xE6\xD8o?�G
-\x85 ?\xA7\xC3i\xAF\xB3\x95&\xAF\x87�\xAEI'$\xBD{��\xC8
-\x959\x8D&�\xF9\xA2\xDC1\xC4/^%�\xD5\xF8\xB4\x97\x8D:�\xC8\xE9'?\x96 at N�d\x8E2\x86\xC8\xDF�\xF9vѱ\xF26\xAAڒg�\xE2b+L�\xCB\xE1{\xAC\xAB\xB1\xE7�'Gs\xD3�\xCDh\xF1\xE2`W[�$,�A\xD8Ch%ԯ�\x98\xC0\xBC:JI�x`
-\x8C\\x9C�\x93\xB5P\xEE\xFB\xB6\xD4�\xAD\xFE~\xF4Jw\xC0\xD1\xEE\xE9,\xDC�m\xFCÚ¿\xEDZ\xA7
-\xA6{�Ol\xA9�\xAEU[.$\\x92#�}6\xA1d��\xBB\xC77\x85\xA2\x91\xB1�\xF7\xD9K\xFB\xC4\xE2H\x{1AD0BC}5]\xB1\xAE\xB7\xA5:] \xEE\xAE\xF0\xE7b\xA2\xDC&G\xF7E\xEF,D\x9Di8#YQ\x8F\xBD\x9C\x95�\x9CI\xEF\xA0\xE0$�'5/k\xA1\xE0w\x85l\xAEY�\x89\xDD \xEB\xF7\x{16BAD7}\xE0N\xBBl\xF4\xC5\xCF\xE1\x97*\xF0\x8C\xC4\xD2|��\xA8\xC2Lǯ\xBC>|5CUR^\xB2\xDB+\xF2�9��\xD0\xF4n4\xAE5\xDDSK2)�Sy\x8A\xB2\xD6"\xC8\xF0i\x98mFY\xB2;�{�2n\x96\xF2{beMÛ\x9C\xCBl\x83[\xBB\xA9\xB2\xDF<s\xA3\xA0\xE4\x9D�\x82M\x9B-6\xEB\x8Fi�\x9C_Ŷ�Jah\xB3\xABP\xCE8"\xE3\xF3�\x83ó™²·T\xFD\xC7\xC8~(/i\xD5N\xC5Ù¡>l\xD4\xCE_\xC6謚\xAAÅ\xDBܼ,�\xF4_\x9D\xE0M\x88\xA9
-\xFF\xA4V\xD5\xF8x\xFFC\x83\xA9~Ҵ\x95\x94\xE2\xD2'i\xE9`\x9F�{\xA6C(X\xC2) !@\xA2\xE3F/-QHW=^\xED\xB1\xF3�d\xBD\xB4\xC1"�\xF7\xFA\x83c-\xC8l\xBBz\xBFfNX\x94\xD9\xCFK\xED\xA9V\x9D\xB23\xED&\x95\xF2\xDC&}\xB8�v��v\xA7+\x88\x9A6�\xBEཊ\xD2\xD6o�\xEB\xA8\xFF:P\xC5\xC6ѧqY\x9BFx\xA3�\x9E\xEBl\x8D\xB0�\xF5\xD6\xEEO\xF9d\xCA\xE5\xE8\xB2[\xFF\xAB\xFAt�n\xBF\x8F\xA9�.TpP?\x94\xFDs\x89\xC3\xFAr)>H�\xF1\xBE\xEA�̑�\/�M\xD7H\x9E\xD3�G{<ӌ<\x976a�3\xA9_\xE6\xFAa�\xDDA$-\xDD\xF0�\xE1S*\xA6\x8D\xE6gb\x9C\xF6\xF4�!\x8F\xFE\xB0BL%#x\xE4>�\xC5-\x90�\xABuN\xDFV\x93\xAE\xAC\xF3\xBB1G\xBFu\x99\x83�F\x87:\xEA�\x98I?Ɠ\xF5 �\xF2I_9LŜ\x97\xBA�\xA3\xA3\xD7\xEF2\xA3`\xEFю\xB3�
-\xE0(\xC2"\xF3\xE2\xCA\xE2\xE2\xA5\xE2\xAF$\xE8\xB7AOL?\x86\x9B\x97\xF4\xAD$,�Ш�\x9C\xE4g\x82t꽘\xCA\xC6@\xAB\x9C\xE1Y\xD0\xE0\xC6{\x95\xE2 \x9B*���\x96\xAE›\xEF\xF5\xE4\xEB!\xE1\x92\xF6
-8|B\xDBa\xF1\xB5l\xF9\xF2�w \xC5 eO\xB2\x89{|Ué‘ \x920N\x98\xB0�\xE0�&\xAA+\xFB\xBC\xBD\xC9\\xA7\x8E\xF0"�\xF1O\xA5 at O\xB3\xE8\x9C~*X\x98}[\xC1�4|\xA5\xED\x87z\x89\xA7_�w46��\x83\xEC�=\xD8\xEF�Zu\x87
-\xA47\xED̰\x97\xB0�z\xD2\xC4\xEB\xDFlr\xD5\xD4Od6 \x84\xDD7R\xDAc#\xC9�?\x97\xEA<:s\xFC\xED\xE2\x95l\x90g\xD8?\xC1ĵvO\x9D\xAE�\x84\x9A\xED?\xFFx\xE2l\xF3\xCAgoGX\xE7֥\x81�\x82^;Z)\xA07l\xE6�X
-\xEA\xFB\xBD\x98\xC3\xF9.z>\x8C\xC8�*\x9F(dc-\xEA\x99\xE4��\xC3\xCB
-\x8CÕ΄\xA5� f\xE5�\xBF\x83\xC1\xFC\xF6\xADß¼\xB5�\xFD��\xC3\xAD\xC8\xDC
-�\x8E�ܿSB\xBF\x8F\x92(\xE8���\x93�\xEC\xBD&\xDD ���\xE8\xF4�;\xC2�\x84M�;\xE3`\xD3�
-<\xD6\xC54}\xC1ߣ\x87\xCC\xF5\xCEZ\xC4H\xDD%"[9\xA2\xDC\xCDm� \xFD\xA2�\x96%\xAB'S \xD4D=\xE8fr\x9E�:�I\xE2v\xDBAp\xB9D\xE7\xF3Q!�\xE2\xDE�\x99 0\xB36\x91,5\xA6\xA7\x926"\xDF%:\xFA�\x8D/\xDBG�\x98\xABK\xEF\xE3H\xD27\xD3Qj\x89RJY\xC88�\xACw?\xD6 \x94�\xFC\x96\xA4l\x84t\xBEr\xFF\xC4JÄ^9(Kp\xE0\xA9�lДHk\x8FV\xE0\x94嚟B\x91\xB4\xB5V\xBB\x99�\xD3z\x9C\x82|)\xEC{
-\xFC\x820�9n�\xDEO��#qz\xC0\xF1\x8BT\xD8u\xA1/�)\x852ߚ�o\x98"G\xFE\x86x\x98R\x9A0\xBB�\x8F\xE4\\x88uv\xD8D\xE0\x97\xAF\xE8~д\xD7\xC5\xFAG\x84/�\xDD+™�\x90�\xB1\xA0\x82\xD69=>\xF2�L4\x80\x89\xDF\xD1#-\x99\xE9DW\xCE\xCD>�\x8A\xA4�\xA9
-\xCF�\x9E�!\x86'wĬ\xF1� \xE1B .\x97\xF9\xF6O\xF5\xDE,,\xB3\x8A\xE3r� ¿A\x9D\xE2\xD4H|\xAEC\xCD.\xB9nÍ16�"a\xF3\xC6\xD9S8a�\x8FwY!\xBD{\xEC�b\xF9��\xCC|[�\x81\xAFf�vƺk@#2�\xDD\xE1{kd\xCFãµQs\xB8 Ûº5�5\xD65a\xABF=\xDE�\xBF\x9F\xF2�\xDD�PÖ—\xA3M\xD5!\xF4�\x81\x83?\xD6X3\xBD\x85O!\xF9_wvC\xF3\xB21h~\xFFJ\xB0�\xB6\xB8S�\xE4\x81g\xDC\xC2+\xBA*\xEF%:{\x9Aͪ'r(\x9DE%$\xC5w\xFE\xDE}xn\x83\xBB\xF9\x883\xF8⛧M\xA2\xA8\xCA\xD0Ij\xBF\xE9\xC7\xEA\xFD\xE5\x875yHd\xF5�\xB2\xE7^\xFA\xD1s\x8E\xFD�ß\xF8\xBCT\xEA\xE2\xC0<\x97
-\x92\xC3\xFC\x8C\xD1L M\xF1\xF2\xFA\xF2
-\xD1Í”�\x9B\xD1Y\xF2\xD7a\xFDSx5+L\xEB\xD8Q�u�\xEC=F\x81�\xF5�qÃ\xC0\xE6\xAD�R \xBD\xDA\xDELU\xA6wÛ¼\xF1Mö\xD1\xE2\xB4�\xA7;\x89\x81�a\xD3\xD2@\x98\xA6�X]\xDC*u\xBC\x93#\x8E\xC7{\xBAC\xCDI\xE53\xEF\xF1\xF7\xDCE\xB7\xA3�j\xA2]\x9D4K\xD4Ý\xB4o\xF3�\xD7�\xD0�f�S�'CU\xBA|\xEEX\x8B\xB1�\xF9й\xC0e\xAD\xDC\xD7(a�� r\xC1s\x8F\xCA�\xC1\xB1&4UlV\xF0^0|Ù¯
-\xD2*\x91z�^\xAEde/\x9A�v\xE6\xD4��{\xF8\xB4\xBC�T+Q\xA2k o�ESM\xBE\x871y\xECH\x81G›\xFFfb\xA7G0\xCB"\xAF\xF2\xB0O\xD0*mQ\x95s\xD1�&e�\xDAi<\xE4\xACң\xA6t2\xE2\x8C}0h\xB77\x88\xB1>\xA3B?Yä\xA5\x92\xBA\xF2\x81\xA7x\x93QC\x9B\x89\xEA\x8D\xEAz�\xC0\xE5(*̩|\x9624\x9C\xAE\xD6\xF5M\xAEjea/1\xDAA|�b\xF4\xAC\xCEs�*R@\xD0a1ao\xC1a\xE9\xDE'׽/\x96\x82\xDE|�z6&\xB1\x89.\xE5ܶ\xBAo\xA2Qr\xB6\xA0Z �%5+'\xA3�\xBEm\xFA\x88�\xD7a�i�u5\xE7+j\xA5\xA8 at 1?\xAA\xA1m\xC8\xD8\xF6S�\xAB\xBC\xA6\xE9�\xE1[m1\x92\x8E8\xFA+]\x83ĥ\xD2[9 �\x99\xD9X[9M\xBE�)\xAC޼z$\xB9\xF7f�% �\x95\x971j:�\xFC\xE5'\xEF\xEChr"R\x84amE\x91\xBF\xAF>ڜj\xCD8\x81*\x9E5\x8B\xE2\xE0\xDB,\x95�\xAB\x82\x88�\xEC\xA0�R\x82z-G\x99|\xA8\xA2̾2\xEE\x89\xE0\xE6G\xE0h\xCF%4\xEC\x9E#\xDDѨ\xCF\xC7\xE8�\x9D�1do\xBBXX\xD8كD\xD1WAq�\x84EH}\xC2\xD7[O\xAF\xC5_\x88.�\xB5\xA3\x96�\xAEy\xA2\xD2س]E6\xF1\x97q\xD9y\x97�TSX\x84n0\xAB�_\x9D\xE3j\x9Cp\xEF\xEFY\xFC\xD8\xF7L\x9B�w�\x98�
-\xE6\xC2\xF9\x9B\x865:?\x95�r\xBAev\xE5�k\xA1a݊ I\x84F\xE4\x8D\xF0\xAF�\xE8\xCA<g*\xDE\xF0\x98\x8A\xEB\x81.lT\xCDcX&�r\x8CA\x9F}\xFD\xA7\xB2\xE2\x93\xD8\xF5\xE9\xCCS\x8E\xEB\xF5W\xCBdc=\xBF\x88\xC4��CV\x8E\x87�\x89\x92\xF4k�y\xB6\xA8\x9E\xD2\xFB\xEF�\xA8\x97c�t\x95´\\xC6�\xBF
-Os�Jx\xB1�\xAB{\x92\x9F�i�\x88\xE7Ê„4\xA1\xA2K\x9Aks�\x88g>\xC7!<L+\xF3\xBB�\xC2� \x9A\xA5G\xD7,~\x90�\xB5\xF8\xA5}\xB2z\x9B!�\xA4U)Z\xFAÇ«T\x8A�\xE6\xAF\xDBCR}\xF4_i
-\xFC�\xD1\xE2\xC6�\xF59\xFD\xC5i$\xEFy\x89Er\xAB\x83܇\xD9}\xD5X*\xB1\xBB. \xA6f\x83JPan��e\xD4 \xBDǘaw�\xA8Aᨯ]�;\x81Qj\xC7:\xB9O\xDBWd\x84b\xE2\�\xB8\xF8\x81d\xE0\x94\xF2\xAB\xF8\xE0�mga\x99�ݔ"AP0I�X\xE7
-"\xAF�&\xA7\xF4\xC2
-\xA2�#\xF3w\xF3$�Mz\x84\xADM�u7I1�\xCB�tW\xB5\xB1\x9B\xDAM\x8F]\xF3�q[\xE3\xA5s|�b\xA0&�\xA1f�º˨ֹ\xE482\xD5�\x83_gc�\xBFR\x85\xED\xA7R\x80K\xB8;]\x9F\xBDmÝ Ï“\xCC�Z5\xCC\xF1\xBD\xCB+�Ê9�6\x96\x91]6 \xC0{\xAEv\xB1�Si�Õ•�\xCB|A\xD5ʵ�\xB1b\xBD at yiy6
-\xA8�<\xBF\xE2&\x8EN\xD2rJ\x8E\xAB?m\xC9d\xA1Z�"\x9E\x93\x90\xBC\xF6hP\xB6\xE2\xF9}$�\xB3 \x96O�H\xE9W\x95\xEB{p\xD2\xE4\xD7ms\xF1�y~y\x87\x96
-\xCE\xDC<X\x8A^\xA4\x85�\xE2`�}I\xAD\x8B\xBAq�#eq,\xADw\xE5�\xAE�n\xBF$\x9CdmC\xAB{\xB7\xC9
-w\xE1�^o\x8E\xC6�\xD8�\xC6\xE9\xE7\x9F'vUÜ\xD9\xC1\xA7-\x8C�\xB6\xE1\xCB\xC7zN\xEB�D\x8F/\x9D\xD9q\xA0g�e�C\xA2\xBB\xBC\x9F7y9\x90\xB7\x8B\xDFY�\xA2\xC1k\xE2`\xFC<?O\xCCw�\x93߉\xFA\xCEk#\xA9,y\xBD\xBE\xF1\x9F~\xB9k\x8Bd�\x83\xFD\x8D\xC2N\x84�5\xAF at x�\xD5\xF7\x9C`\xAA\x91X\xDD\xDEq�\xA6�l\xAA:\xFES\xCA\xDB\xF3��\xA6\xD2\�Y\xD3gSY>\x9C\x8C.\x91�L\xF12\xA5\xCF�0\xF1UF\xD3\xF6Fu5\xECa\xC6�\xFB\x8B�\xEE\xF2\xA0\xCF\xCFÓ¡��\xF4{�q\xAF|�\xA9S�\xA9\xA5/\xE60\xAFmÕ³\x98\xCFf\xBD[64� \xC8}\x9D\xE7\xFA\xB5Y\x9D�\x92\xD4EV\xDB$*\xAD\xFD\xB9\xB6WG\xFB\x95\xBB\x93![/ÔŸm\xE1�\xCB\xC0\xE3KC|\xBF\xBBO��\xDEh\xBC\xB8��\x9F\xE5\xF4\xE9xN\x8D|\xCB\xD4\xCBH-\x91 \x9Cq\xA9\xE4uE\xF3o+|\xC8G\xBCW�Å£A+\xF9\xDD\xC4nS�G\xA7\xA8\xAD;\x9Fk\xBC\xB7\xBD\xEB\x87Fp\xB1\xD3,\xEC\xC3��\xF8\xE1\xCDÂ¥.<_j\xCFJ\xD6\xD8\xFB\x87X\xBA~\xB6\xF3pEZh7\xCD\\x89\xCE)
-
-\xBB>|~\xC5]Z\xB4\xEBv�m Æ\xF0\xA8I\xCB4\xEF\xDE\xEEn>W\xE8d\xCD�\xACz3�\xCDi[\x98%<\xB2Å–\xFA\xF07�a3Q\x88\xE13\x8C�\xF9\xB1R\xB9\x9BiÕ¦2y\xD3�z\xB1\xBE\xCFP{\xE0K\xB1\xFA\xC9�j\xA2\xF5\x85L\xD9R��T\xEA�\x86q\xEB_å°Œ\xF1\x8E��\x99>W\xA7\xB6��Q\x85\xE8}\xBD[\xE3n\xEF\xB4'\x99\xCBH=�ks�\x95\xFE\x9E�\xF0\xEB\\x8C\x82\xA1Бr\xCC\xE9ž`\xE0\x83\xF8�V\x94\xF8\xD3\xC2\xC7/Ca\xB4\x90\xED\xA1�\x97xv\xC4\xEF�\xE2d\xC5\xE7\xD5\xC5FH\xAEKl\xE7�M\xE0Z\x90�\xBA},c\xAE�6�qa+�\xC0\xED�
-fu\xFD\xD6ĕQ\xA4\xDCՆ\xF1\xA0nh\x92\xD7\xDF\xC5o\xDF\xDDg\x8D��xZ\xCD8\xD2>�\xAD�Dܙ\x82\xE7{�J\xDD>zNl\x89\x96\xF2M̱\xB0;MLV\xFC\xBCG\xF5\xE5\x8A\xD1c\xE2\x9B�Y*\xF8.\x97I�܆\x94\xC9\xFE\x92\xA52�kǛV(\x85K\xB7\xD2
-ʉ;\xA6^ /\xD3s$\xFDM\xBD'\x8C\xCCA\xAC-cU\xB2�~\x90YÞ„�\xB5~Ý¿�F\xEA{\xC8_�\xE5_�\xD7 at .Z\xAD$\xD1\xF6�\xDFE_\xF9*\x9A!�\x92Ë™c\xF5\x96p隀\xC1\xAB\x93\x96�\xA2\xCD �\xD5\xDCÂy\xFD\xD8\xD0˪Mt\xD7\xC5d\xE0\xFD\xE4\xA7\xD7>\xA7\xD5Y4\xB7\xF0jS\xE2M\xC0\xACf\x8B\xC2\xE6{Q\x8F\xEC|$d\xDAJm\xE2�\x93\x85\xA4 \xFEA\xE8\x8F\xF4H���m\xAF|[\xC0@#_\xEC\xE3<�\xE9\xCE\xFDyj0_�1\xC6P\xBBU\xD9\xCF\xD2%\xC2Q\xCDG\x9Ey\xF5\xA4�\x87e\x9ECn|\xE3\xAB|\xD6�Z\x8A}\x8BD\xB5mo\xBE6\xDD<(\xE3�\xD3x
-M\x8C\x9E\x9CV*5�\xFB\xA3\xDEI#\xA0i�K�_ꩶr.\xD8A
-\xF9\xF5g!e&S\xBB
-:\xA3\xE7�\xE8\xD2q\xFF\xED�j\x9EoC\xE3\xEBCjOQÑ”o:\xA6\x85^N\xF3m\xBA\xD2d\x8BV\xE6�tI\x8B\xB8\xA4j\xB1\xE3�f}\xE1\xAF\xD1\xFCÙ\xB3\x90_\x9Bu\xC1-\xEEWt\xEF\xA8*\xE0/
-\x89\xEF\xB2\xFB\xC4jD�-�ִa�t\xA9ӎ\xEE�]*\x9FC "\x9D�\xA0A\x9Aؒ\x95pd\x8E4\xEB\xACy\xA9H\xF2^\xAE\x86T\xFCﷺ\x8D΀S\xC4K\xC9�3}\x95S\xB6Ũ!�\xB2y\xFB|'�y\xFB\xB5�\xC4\xE5\xFD\xB7(f6\xCD\xE5�\xE9�\xB48\z\xE1x\xED�t�_� \x92\xF3\xF0Y\xED|\xE8\x86\xEF)\�\x83\x96�Uzhn�\x94\xF5\x92\xB1F�\xAB\xDD\xF5FhrL�\xA6\x87\x9D \x816eu\xBF\x97\xA3%=\x8Dm\xAC\xFC\xDE�\xF19lx\xEE\xD8\xD8j.\xABC*g�@2^\xBAo'-\xE7\xFA\x80\xB5�\xE7Gx \xF5\x93\x92~$#\xD3
-\xBA\xF0m\xC4.\xACTዯ\xA9\xE8U\xD0X\xF4\x87N\xCEz\xE3 \xFA\x9DMJ�,\xAD\xE0\xC9]\xAB\xF26\xE6�\xF2\xAEz\xB2�\xAFM�t-\xEE\xE8[\xB90S�
-\xD5\xCF\xF5\xB0~RЖ�\xF5â\xA9e\x87�\xC2�\xA8`\xEE\xF4\xAB\xE1�\x84\xF6\x8F௓\xA7\xE6oP\xD0\xC1�`\x9FS\xA1uy\xD8u��\xE7\xF6w˪X\xF0m\x8F\xA9\xAFÞš\xAC\xE0, \xABÇ\x94\x83\xDBj\xA1\xB7\xCAI\xF7Òž\xAE\x98\x95\xB0R
- R]\xA7L\xB9\xFBwØ\x93x\x8F#x\xE6Ä¡\xA5Ȫ\xF78X\\xF0\xE9цR�\xF2/\xF3\x91.}Ey \xCEz\x84�\x93\x94\xD2r-�J}\xF2\x96{\x8DK*�6\xABZxV��\x826:�5"�\xE5\xDF(m\x97�Ʋ\xAA\xEBm\xEE\xCEW�q\xB8Ê“�\xA4\x971\xD5�y\xBE\xC6�\xC1d�\x82\x9F\xFB\x91\xB5\xBE�'Qn\xEE~\x8A\xF23\x89\xE6)\x95@��+\xEB8e�\|)\xFAJN=qC�eI\xC5��\xD7D�\xEA�Ͳ\xF9\xC8 at q\xD8\xEC\xFC�4\xC0I#\xAFo=�\xE9��\xFC\xD9)R9iI#Ò¶\x82U\xE9\xEE\xB8\xE0\x85Æ©'\x8F3��\xF8 a\xC5\xD2�B�-\x87\xFF\xB2\xD4%�6n\xB8?_�CpLC;i\x9C~\xB3\xA8\xC09ߤZ\xE4r1J6\xB3&Þ½%{4�\xDE7�c\xB7\xD9�\x95\xB0\xBC\xF3Ú o\xCB~\xA6c\xF7\xDE*\xF4[K\xA8\xE0\xD7\xEC\xA1\xE8\xDC$~|\x94a\xBA&\xF1\xC8v{k\xF9\x89\xC3H\xA0\xC8\xDB\xE2\xC6;\xF32\xF0i�\x86ÊŸX\xE6)�\xEF\xA1�nÓ¯E\xD8�l\xB8\xBDm\xF6\xD9\xEE�\xBF\xF4e\xF1�\x8BX� �Z4\x8F��\xF8hKj\x9E\xBE�\x92/8\xF4\xEC\xB8\xF2n\xC9\xF2\x8FPU\xD3\xEA0~Þ¥\xFF&\xEA\x8B~\xBEF4\xF2�$[\xE8Q\x9A\xE1~:,\xB44@\xD7il�眗Dqd^#!O�\xCA#8\x9A/\x80�\xF6#\xE6\xF5\xAC\xA8\xF5\xDB\xF0i\x80�\x8A\xFA4{\x98[\xEB�\xF4K~\x9EÇ¢\xC1\xF5W{�\xF4\xB3\xAF*=�\xD1�\x8C?\x98\xFCq\xC3Hk\xE3\xA9A\xDD\xF8\xA3椓PÓ¤\xF9\xCB\xCFÊ‹\xC1* u3�\xE1I\xFD\xF9\xC9\xC3]g�\xA2\xA8�2�N��\xD2�\x9Adk\xC7l�\xDB\xC1\x8C\xDEo\xE0\xF3\xD6d#\xCC\xC5$�\xADx\xB4\x87`\xE4\xC2u\xF3K�\xE87\xB7\x9D(\x92�\xFF�\xA1\xFC\xF2�\xF6C\x85}]A)A\xF9\xE0�I�\xF3\xFD\xB5\xB7 V\x8F\xFB7\x9F\xD3j%\x8B\xB5\x96�\xA8Bܯ@�%\x94\xE8\x8A�:\xEEI\x95\xF2\xAD=\x8D\xEE\x91�\xD4�9\xDCrµ�\xE1
-\xEA�\xA8�*g\x88x�慈�7HJȸ\xD5�\x83\xB3\xD9
-�\xC7\xE8\xFD\x92\xBB~1\xAB/\xD7\xFAG\xED)H\xC3"U\xEE0Q\x8C@\x82[\xFC\xA9\xDB\xF9\xA5\xFD\xC1\xAEܶ\xD3\xC9RW\xFCÃ\xC9�\x86_\xC7 at Bk\\x92�iX'U�\xB0?\xBA\xA5k2Ö´p7&\xFF�.\xA2ܶ\xE5\xC8MX;e\xF6\x93\xA2o\xDB2È–g\xDD %\xFBi\xAD0/\x88Q\xA5�\xECE\xDE ;E\xDE\xED
-Y�\xA2�l\xB7\x88&H\xD7�F���~\xDB\xF0\xDB\xF2\xD4[��� \xA3(�i�\x92�\x99\xFDֈ\xAD�\xD7�\xE4j_\xE7\x87s\x87\xA1��\x9C\xF8\xA5\xEB\x8D\xC5"$-FT\!
xA6 \xD7�\x90/\xF2s\xE3H\xEAT\xC4\xDEpW:\xBE\xADK\xB0\x97\xAF\xE2\xE2\xE3\xFDteL\xE2\xA0<\xDB\xE5\xD8�\x97\x87Aw\xF9\xB1M6�&p� \xB5C��\x9F\x83*\x8C�e\x8FD- at HP\x98Qز߶\xAD\xFF\x8D{
-\xAD\xAD?\x96>=\xA3\xD9�\x81~$�e\xBAd \x8A00�����\x85\xFC\xD7gٱB`�\x96\x9A�>\xE5\xD0\xF0 \xFFԥDA\xFC\xBCl
-�U\xF5\xC0�]�
-�qG\xD8bڊ\xC6\xEA\xDE\xC0\x9F\xD7f\xE7Q\xFB\x8EF\x8D\xA8]�E\xBF!t\x979�f!\xA78\xFD�*.\xEE\x83:\xA4�b��1\x93\xE1\xEEJ6\xE2q\xC7)\x95P\x97A�NV�\xB0�d{!\xE1S?\x9E\x98\x9C\xA3�/5W\xB3\xE5\x9A
-[R\x81Èa;\xFC\xBEU�\xBFa�\xA3\xC5NY�\xAF
-H8\xFA)\xF6�_\x9F�\xE1aT\xC1\xDD;Æ¢Ís\xF7\xED\x93q\xFC\xE8Ï¢5\xBF\xDB\xD0@\xEE\xD1\xE5f9'w\x89-j�\xD6L�\xA6)\xC9\xD0W\xA9\xDF�\xDE\xE9_�\x91 d\xEF^\x8D\xE3\x8A\xFC\x9F\xED,�\x84i\xD7 \xCB\xFA\xF6\x9F¢\x90\xAA\x9E3b|8}X\xB2\xAB\xADc2\xBC�\xA4\xD2w[noGD\x{1E402C}0Rz\xF3,\xCE\xC2W7\xA5X�$\x9BB\xFAbu`\xBF\xFFÔ ]s\xA6l\xE4 at AD\xA3Òª\x9C�\xD5\xC1\x96\x9F\x9A\x8C\x85�\xA6rs�\xFA\xE9\xB0\xF4kwF+sB�w\xFE�Æš\xF7\x888\xC1��\x81AA�\x81H\xB7\xF9\xAC\x88�c\xFFm,�E\x8B4o:\xB8\xAEKl?\xBF�\xF2$J\x80\xDB-�\xA71�\xF1\xB1TφQqÇ«\xA2�Q\x979\xA9!T0Tkg\xC0\x8A�,q\xBD\xB3\x8D\xB5IÚ´
-\xFC\x97\x9E\x9F\x874sض_S\xA7Ç‹\xA0\x8F\xEF@>2\xBC�\xF5\xAE\xB1?=�\x9AU\xB2r\xFAZ\xFA\xB1#z{\xBF\x9Et\x87\xB9\xFENs_\xB1II"T\xD1��\xD4N\xF4\x8C\xCEAenHE�\xDBqu\xA1C�\x96X\x9EZ�AFN\x96\xF1è¬7\xCD~A�v\x89
-�\xA5�)q\xF5\xCDm�\x97�\xD4\xEF.\xFA\xAD\xF1X\x8Fx[d\xA3E\xB9\x953\xBF\xAC\xBF\xA3\xA8\x8E\xF1$\xE8\xD3_'͔,\x842\x8F\xCFG\xE3R\xD8:<\x95�±�\xC4J\x876i�\xA5\xCC\xF6\x98,\xC7.\x87{\xD5\xFA\xD1\xC5\xD2"CqJ"\x88l\xE3`z\x82.\x83\xF0\xFC\xDA\xE6\x8F_\x88i\x9C\xEE\xC1\xD1\xFDl\x85`CPPk\xD6\xCC\xF7��~ć\xF5\xC8}\x8D\xE2\xB51\xF1K\xBA�+G�\xC2\ڲ\xB75\xC2Q`\x8E\x97؟l\x8C>\xA6\xC6\xD2\xCD6&\xAE *P\xBBp�\xBE\xBB\xB0�\xB9\x82t\xB1\xCF�.
-\xE1\xEA\xAA\xF8y�\x95Ƹ:J�|a �1\x9A\x98\x9B\xBF\x90\xEE�19\xEAz\x9E\xC5\xDC&L\x9F\xFA\x87\xE7\xE5\xB8tu\x81d�z�\xD28\x86\xCC5�XZG\x94H\xA2\xCAZ\x8A\xB6\x89\xC5\xE9\xAB\xFE\xC3�\xB3*\xA2�\xB5\xFDv\xDB\xFD \xC7\xF3�8�\x9C�u6#\x8A\x97\xF3\xA7\xCF\xDF5\xC6�:\xC0 \xD8%q\xDAʷ\x8C\x88��L\xCFy\xCC\xEC�<\xA1\x8B\x909M8\xA0\xDF\s�z.b\xC1&�\xC6\xD9\xF4^\xA6\xB2\xC7\xE7D\xC0p)q`\xA0(}\xF1\x84\xD3�\xCD=9Y\xFF\xF9\xA35\x9CQ\xAA\xBFZ\xC0lԄ\xFB\xA4ȩ\x9E\xF5\xBE\xF9j�\x82i\xDF\xF9ڹ��P~` \xE53\xEBT\xACc\x95\x9Dj\x82*n\x8F\xF16\xAD"\x93\xBF0�T7\xFC^\xD3\xEF\xDA&ȃ`F\x91\xA8A�\xFFT
-3\xBB\x84\x98�$?\x89J\xB8\xF6ū\xDD��Q\xFE\x9Ep\xB4N\x95ò\xD0+Xd\xBEo\xA3\x9A\x93Cv\x8F\xD89�\xBF\xD9\xD3\xC0?�\xC3J\x8EK'\xF1[P\xEC~U�\xB3.\xB73�4\x8ErPu,�\x95C<��w\x94L\xED0\xA1�7 r\x93\xEE\xE6;(\xC7�%\xB2�%b\x86%w\xE4\xABx\x8F\xA3 \xC9�\xDB\xF8\xECm\xE1P~&\x9E��\x86\xBB\xAA\xF2\xF2bh
-\xDD\xCB\xEF\xCB
-\xB7\xC42E.�\x9C\x80�\xCDu�N\xA2f�x�\x8Ecȧ=\xB4 at j�\x84•\xA6r 4\x83\xAE\xF9Rq�\xEEĮ\x97�\xC2P\xD5\xC1a*\xFD\xBA}\x9C]\xC6�K\xE0\xF4F \xFB�I\x91�OPe\xB6\xAA���)\xFF\xE7�kt\xA3\x97\x89�D\x8A\x9Aӊ\xB4\xB4\xB7\x84\xB1{\x84\xA7e\x90E+w\xBD\xABN(�e"Y._.\xB3{s\x85�bv\xC8\xF1\xC2w�\xD0\xFA\x8FA\xE1/\xE0w\x9FiI\xE3\xDC�6\x83\xD6�7\xE7"a:\x9E\x82i\xBD\xAD\x9A\xDC$\xF4\x8A\x920\x9A\xFD%�)�z\xCB?\xD1!\xDBp:\xA3\xD2?\xD6̅\x95�l
-\xBA&\x8AW\xEE�a\xEA\xA82)\xD6×yPu/|K�<l \x9D\x9B�\xF5~\xBF\xAA\x8A\xAF�\xFC>\xCF�\xDD\xF5�H\xFC\xE4\xE6\xFA\xC7"gm{y\xD7j�\xB9\xE1\x9Ez\xB2L\x90Å«\xE5�\xCF\xF3\xFD:Õš0\xF4MT\xA4\xF5\xDB%\xC4T\xB9��\x9B4\x8A\x91l\xAF\xB1\xD1}\x86\xB3T\xD5���q\x8BG>\x917\xA8\x9E�!\xEFt\x96rÞ‰\xAD�5\x90\xBC�\xF7$\x99\x99\xA7\x8B#zZ\xDE<)�\xDAz/\x85Ǭ\xFE\xDCy\xC61� \xE2\xF7 \xE5oÄ—]\x8Fl)H\xFC�\xE3*_g\xB2\x90\xEFॾ\xF9\x8B\xD8>\xA2\xB6V�;_�\x89\xF2\xEE\x92ΪBg^\xFF�\x97e\xF3\xC0\xCApE\xF9\x94\xFB:\xC9\xD2\xFBe\xCC\xEC\xCB\xFE\xE8\x99m8\xB2�t\x806\xFB\xB4]\xFE\x96WEh6B[�\xA9�u\xED�R\x8E\x8A >�o�Z\x91O\xB6\xFA�D\xFE�];I\xBB\xFDsÏ©\x95\x84\xB49\xD9\xE7FG\xB7zh\x88MÂ…K\xA0\xF7\xEB�]ÅŽ\xE6?aÒ¬\x86\xD1\xFA\x9B5H\xFE\xE5\xEF9\xA1vÜŒ\xA5\xBD�n)Þ\xA5\x8D\x9D:\x95t\xAF7\x9D\x96\xAA\xBE\x81\xFC%>yůAS�ÓbxE\xC6\xF7\xEEÂœ\x81B\x9A\xC6×¢
-\xD1`]\xCF\xEB��aS\xED(\x8B\xD3\xD2\x9Cwz\xB4\xBB\xF5\x9A\xD8#uT"\x8FK\xC9\xC06:$\xCE:\x9B\xD0f�i�?\x9A\xFA{0��N\xC4r�)ߘk\xAA\x8D{\xCC\xF7\xFBKeR\xED_\xD5-\x9DjK�;Uٿ�b\xB4`]#\x97\xBEw�\xACM\xFA\xE5�|F<\xB0\x9E\x8FZ�\xB3d\x94�
-S\x92k+\xC2]\x89G�E\xA7z\xE6twq\xB3\xC0\xE6��\xA1\xD0�C\xE9\xE7\K\x9D�/�\xA7\xD60\xFF\x8C\xF6\x96�S."\xAF7\xEB\x95;/aA��\xF1z�\xFC^�\xD1҈\x80�?�7;e\xF6Ϯoo\xF61Խᷟk\xC6|o�\xB1\x8Ey[\xA4\x8B�\xA48\xAF\xFBE�\xC5%\xDE[\xFE\xF7\xBF\xCCYx\x98M
-5\xF1\xD7\xEA�\xD4HE\xA3\xBDk\xE6�\x96Q\x88\x86��\xEA\xEC\x8A'D��]�OmS\x8Fù$\x91\xEDu\xC8�:LY�\xFC\x9Ct\x88�\xD2\xC0\x96\xA6Ih\xB9\xEF\xB0/�f4\xA8\xC0g�\x81�l\xE3A\xA0 �\xE1�\x92\x8F\x9F\xAD\xAD��\xE5;B̀�\xEA\xCDT�\xAF\x95i=\xC2~�(\xEF[U\x94C\x97O\xBBy\x88\xC8rl�\xAE�\xA5ڶ\xFBf\x9Ey\xE7\xE4\xA8*�\xD7OK\x98;\x92H\xA9\xA1\xC9\xD0I>d\x87z(\xF8�\xF5h\xEBI\xEBS\xC7\xF7�A\x99ԎE\xD9\xCB\xCF�\xEE_Қ\xC9,\xAE\xB8\xD9zkX\x8C�\xACcߦ{1瞤\xFD\xD9k�\xE5^;[\xF3\xB67\x92c\xBB\L\x9C'\xA1Jc\xAA:x�\xE4\x8EO\x88\xFE�+\xAE\x9En\xBC�\xBF\x97<E�V\x8F\xDBu2�\xB01\xF1䯚\x93\x91f�Y6\x8A,w\xB8p�AY\xAE-�\\xA2\xB1?�\xAE\x8F\x9F\xAB\xE3\xC6�ɪ�\xEF\xB9\xF0\xB8&+7�\xFB\x80\x82\xBCY\xA8龋\xB8\x90�U��ƙ5\xB0\x92+bya.B\xBDs��v\x83l�:\xD2]z\xF2\xFFx\x87\x98�5[J\xF0m$‘�e\xCB �\xEA$J\xB2j�>\xC2{\xD1cS]\xB4\xEF\xFE\xCC7\xEC}\xCE)ԉ\xF3\xDD}\x88\xC6�{C\xAD\xD3\xC9enO1"O\xEBAz\x82\xD6\xCE\xC6z\xD1\xF8\x84r\xB9Y�\xE3i\x91/\x9C\xDAO\xF6N\x8D9\xF2
-\xA1`\x91\xBE\xFA\xD9\xF6�P-\xD4z\xE8U\xE3\xAF\xD8\xC5n{\xA9\xF4*L\xB6n\x93\xE9,\x89\x84 \xF7~�2P\xC5&]E�\xA9\xF5\xD5%\xB7"b\xA2>u\xB1\x915\xE5\xD6J\xA7\xF2\xB8i\xB7!.\xDE\xFD\xFA�\x8D\xFB\x82\x81\xF9HQ\xF2\xC6ØP\xF8z�m%e�\xCA
-\xFE\xCE!ANs\xD0L\x90�\x92\xCDrl
-?\xD9y\x87\xC3$4\xAD�Mg\xD6:LF\xB1QÞ\xB0X�q�g\xD5Y
-v\x91o$\xF0S^F�4\xA7!@\xDB�~�Y�xr\x99\xC3\xFA\x9C_\xBF�ecy�\xFA at M\xF2s\xA4ÆŸ\xC3$C\xFF�\xB1\\xA1 \xB7�R \x9A\xB0\xECje\xA3�O1�>\xC6\xC9Ç‚Q�\xC8p0\x8BP+\xCC$ÐŒ\xF1T�@\xDCK�\xAD\xAFN9\x95\xE4h& \xC2-\xD2\xC1\xCAZ\x82\xC7s\xF8Θ3V\xBC\xD5\xC4\xFB\x80HK�5\xEEÊ¿"gJ\xA8�K\xD9]�\xB0\xBD�:Ö\xEE\x96\xE4\xFB{\xCBa\xF6"\xBBAj{Õƒ\xFA\xB9\x9B\xA8\xEF\xEB�\xC7Q\x90,�\xB47d\xB5B\x8A f\xAA�\xF8\xBAç…ªO&^\xF8\xFE\x84\xE3*\xD6=\xA3\/��:\x8F\xEC��\x8A
-X\xFBY$�\xB5\xF6\x82ޟPot\xDBa,pB\xC7\xFEd\xD4\xD9�\xB2\xFE)�/^\xDAe\xBAl\x9A\x89\x81b|kk\xB1Y\xC0\xF5m>?\xC4NjS�B\xEA\xC6U\xA7\xE6y\xF4\xDC�\xB2qEB\xDEWwU9\xB4\+\xC5��\xFF�(C
-�a�\xB6\xB1vm\xF8\xBA\xB4\xEF\vZ\xED\xDF�a\xA5\xABB)%Ul\xD6\xF1\xD6}\xF4\xB3\x9F\xC23�\xF8,|�\xF1\x91\xF2\xC8�\x92\x9Bp9\xEE\xEC "\xA2\xA8Czn\xCE��{Q�\xF2�4\xBE\xF6X\x9C+\xF3_\x88,\x8F#n\xA2\xF2\xEE9\xE4-\xE3n\x97\xB2:\xA56!\xAC\xBD\xFBv\xFC?\xED\x9AW?�\x8E�@k\x95\xDAA\xED�\xA5\x88Õ \xB46\xB5�+\xA9M\xCDÄŽR[i\xEDP\xA3�\xD4�5jU\xAD\xD4\xDE{\xCF�5\x8B�U;\xD4(u\x9F\xEE\xFD�\xF7\xED\xFE\xEEy?\xE7�\x9C
-�\xBE\xD8\xC4\xC2j\xAD\x83(\xE8\xE3ECI\xA1Ma\x86p\xA2\xE3\x9D<\xE6\xE5\xD6\xEF�Q\xD7Nv\xECG\xB4.w`v\xA4`\x8D\xAC}\x9EM\xF8
-� \xC5\xD3\xDD:]\xA4\x9FcЇ\xBF\xA2\xB8\xE4ٖ\xA2�Q�ے\xD8\xDF
-|\x94�4\x9FK(\xB0\x{1F691B}\x8A�\xF1_�\xFC\x9E\xE0B�8EÉI�\x8Dg\xF2\x8EÙµ5\xF47\xB6�_\xB4\xD2׊�\xFBu�\x8A\xC8`\x8FQ\xCB]\xFFH_aO\xC1^\xD5�\xCF\xFAAS\x88G\x86\x91\x98\xC6N,\xFD\x98\x9C\xBD�<\xBA%�kC\xDC\xE0"\xD9Ú”\xB6Qb\xBAw\xA2\xD5yÜŠ�&\x8A}R\xD9L%J} k\x92\x9AgP\xA5'\x98\xE7\xA0\xDD�\xEF_\xED\xE8\xD9Y/
-�\xA5*\xAA\xCCA�\x8A\xAE"\x84\xEF\x85�\xFD\x88\x89\xBD\xE6[\x8B,\xE5$t<\xFA\xF8Z%\x8C\xEC\x8Fj_܉Gͷ\xAF\x9E\xC6\xD4\xED\xC3e\x97h\xBA݌��\xF5(:\xFC�JP�\x9E\xC8[eZ\xB0\xE0\xEE\xFFɯ�v\x85\xAE\xDD#s\x8A}�
-\xC9ޮ\xB3\xC9{\xE3n\xF7\xACf�A\xEB�N:\�\xAE\xA2}\x91\xA6�~(\xB8_\xAA�\x97"pi\xF9\xDC'gx\xE4\xBDZ\x8B\x8E|\xFD��A\xEEgK\xF4\xA3\xB8dae9\x96\xF3�\xC9\xCDk[\x9E�|�\xD8 �\x89�iA=\xD3OEw@�\xE9n\x9FZ�M\x9D?�|�Iih�\xC4,\xC98\xC9Ɣ\x93\xDA\xDC�
-s9^bXzp\xF4b�\xDBR�\xF3\xD4s�\xE7�H\xF1\xFE\x96T�+wV\x90yb+\x8E\x9A;\xD7r\xAFA\xE0=�\xE6\xC9Õ\xD8{\xEC &# o\x98h\xCCj\xB3;G\x99\x91\xF7 \xFA\xA2\xF7\x8Cv\xC1Ö´�\xB8\x90�\xEF>J\xE5�w\xBF\xCE�\xE7o$�N\xF3\xDD\xF58\xB1\xC5SS\x8B\x82�t\x90�.\xA50\xBAbÏ‘\x90\xBA\xA2\xB1d\xB7v-\xE6\x80�K\xC0;Já´‘\xEBP\x8BA\xF8\xBB\xC5"\x8D\xC1\xDF\xE8%\xE4�\xF0\xB8HH�O_}=\xCA+\xA5M\xEB\xB0{o\xDCQ\xE0 ƪ\xBF\x99�a=\x96%e\xF4\xFDÖª�\xA2\x81w?]I\xE4\xEET4�7ݾ\xB4h33\xCFV\xEA\xDE&\xF1\xE6\x9DT3Õµ,\xD9 M��\xB1\xF55j\xB25
-E\x8B/6D\xCB\xC6}�\xEAc\x8Fh\x8F`j\xF2\x86VI\xC4\xCE\xE0T@\xBE\R�\xB2(\xE8g\xFF\xDD�>\x87s\x86\xCD�\xECe>\x8B\xBF�\x92\xC2{nn\xEE\xBCE\xAAV\x87\xF0+]\x9D\xE0n \xBD�liV%�\x9B
-\x9Dm\x8F\xC3N�\x97\x9B\xA4x\x9D��\x81\x85�\xBFZl�\xCCIN 2:\xEE\x92\xD2�m>\xE7�\xFA\x90\x9D\xAFÚ¬4\xDA*P��\xC4I\x90\x92s,R\xA5\xC1�\xC3]\x80$\xF6Ó\xC8'[\xA2mƯ\xDEj\x8Ag\xA2\xD42\xED�\xAD(�}\xEE \xD7,f\xAF\x95YI\xE3\xDD\xC3:\xE5ص\xF4\xC5�\xAEbT,y\xAB\x86xr
-\xE5NU\xF0r\xC1\x9F fDc\x87\xB7��\xD0j\x91rK { \xC3\xFA\xC2�\x8D!\xF0\xAB\\xED61\xA1\xC5c\xF1�\xEFK\xAE\x84\x91\xC0\xD1� \x97R\xA6>�\xBD(!z\xD0�?\x80lË\x95\x9DpP��\xBE\xCD�2\xE3\xF4jQ\xDF�9��\xFA�\x98@!E\xCB\xF8\xA2D\xFD\xCDÜ–\xAC&\xB4\xA8\xEB9E3\xC2�\xEB5!\x91\x89�e1\xB6!\xB5\x8B�\xB2y<\x8D\xB2`j4\xE9_>�\xC6\xC4W\x8D\xA5D'\xE0�ftX=U\xD6\xFF|\xDB\xC5PUl\xFD\xAC\xADG\xF0\xF7\xAB\xDB\xFF\xAE\x82\xFE]\xA7\x9Az\xF1r\x9E*\xB8 \xA1"TI\x91E\xA8h\x97\xB4�\x94\xE0Ý¢\x91Ý´hg.�\xD74v\xF0/9�\x8E\xD1\xD9�\xB1\x90\xA4\x8Bl\xF0)\x9C \xC9Й\xBDb\\x9C\xD3×G~\xC8\xF3\x99\xA69\x9A\x93�\x88\xA1�\xAEv3\x83\xBD\xAC$=\x9A\xFF\xAD\xB7l\xC6(4\xADi0\xA9\xFB\xD3\xDC^5\xB0\xD9\xEF1w8;[\xC5-b\xC20Pc}\xED�\xFE\xCB�\xB8\xFD\x84>l#M\xE9㬹�\xCBz\xF4\xE1
-\xF3)\xD4\xC1b\xF6Z%\xE5\xF3A\xF4P\xFB�)\xDF(�\xFA\xAE[\xC1\xFA\x8C\xBBb\x98S\xC3\xF9ÖžV)\xE0u\xA9wA\xB5\xDEh\x94'&\x9F\xE3+\xAF\xA3\xB1M\xA2\xDC�B\xEA
-\xBF\xF5\xC1/\xD5\xC0\xBCÉ\xF6�faZ\xAA\x81<\xDF�\xE6%V\xAC\x9E��\xB4\xEBb8�\x8AA\xD7+O4\xB0\x92\xC4m\xAF\xD0\xF3\x82\xA8\xF7�\x8E\xC8LÚ•\xCB\xC5\xEDm&m�%�q\xDFA\xEB9\xC7��\xB1\xB8Ð¥\xFE\x99\xB1\xF6l\x98\xC3}eS\x8Ch�\xD5sd\xE7\xBAq\x83�\x84\x99�\xC7(��:\xFCN\xE5\xCA�\x9A\~y\x8D\x9D\xF5\xBE<\xA4\xD9EX\xEBng*r\x86\xF3qS�\x91M\xD7w\xBC-\xADo�\xDC\xCF\xC9MLv\x9A\x9D\xC2%\x9F\xEA,\x9E\x98\xD5]nOH��\xE47�\xE5\xD3S\xEC&\xEF(\x93F<P\xF7 �\x88\x93\xB3\x83�Z���\x9C\xD7\xD4\xF6W>\xD9*\x8C\xA7�\x9BwHm䙼b\x88�
-\xEB\xF08\xFF\xB2\xE7\xCFË£\xA0'k\xB3�\xE7\x9B�1\xADL8_A\x85>\xE1\x8Avp1\xAC\xAAu\xADi\xD49A\xC5\xF7R\x8F\x9C\x84\x92�О\xC2\xC8\xC0n\x93\xB5�:)?|\xDC=\x9D \xBA\xADHlO\xC9~M\xB7\x8DQ�\x9D\xFA\x9FJn\xC6\xFD��\xE2\xF4\x8A"\xC7e^5 �1\xA1\xF4�Û•\xA5\xF4\x88D��\x86\xD3�^\xA5{\xF7\xF9vC\xE2a\x8FA\xFD�\xFC!\xD1\xF4 \xD7�VW\x89.)>O'\xD8\xFB�U˧\x9Dw\xB1e\xD4\xF5\xAB_\xFD\xD4=���\xB2\x81Í\xAC\x85\xE9\xBD8\xEDË”\xBA�Y\xDA\xF4-%\x9E)\xB9\xF5?\x8B�2\xE5#\xC4q\xAD1Õ»S\xC0Њ\xADN\xE5\xE4\x9B\xEC\xA4\xCA h/\xC0S\x85\xEF��S\xB5$\x87_M\xE3\xBA\xEF\x84и�\x8EJ.\xF0o\xC9\xC4.�\xC7�\x91�H-\xFBd~b\xD2\xF6\x84\xEA\xAFW\xCFL\xAD\xE7\x90Q�\xFAq\xF5\xAD\xC4\xCA]�\x92Y]\xA0\xF3QU)h/ *g\xE9\xA7A\xB7@\xD8\xD1\xF7�Q=\xD9�\xA3\xE1\xBDZ\xF8��*>\xE41X\xD5U\xDFU\xA9w4ÚM\xFAab\x9C\xBF=)\xA6\\x9B\xA8\xF9@\xE1�E&\xC0[D{\x9F[t\xEAE1<X \xC2\xDB^\xA2mm:Zn\xB0Q�\xCCB\x95Æ´�\xE4-\xCE,\xA8o\xB6Ky��xkH\xF6\xAE\x9A� \x8A\x8F�{$s\xA8(\x83\x8F\xDF\xF4?\xB7\x8F\xD4~\xAE\xE1:\xF5\xBDy��
-1\xEC\xD9�\xF5\x83�\x9DϘ\xAD��\x8D\xBE{E\xAC\x8E\xD0jwt:+TU@\x9F]&�\xCEy\xE1\xDB׃_�H\x87t7_\xB2\xCD�\xB9j\xFF#\xDAP�\xF1U$\xB1\xA3\x8FXq\xAF at LGi\xED\x940\xF6w5uHκ\xC9|\xD2\xFD\xE9R>\xD7x\xBD
-M\xA1\x84\xA3\xC9\xE3B�\xA4&vIA{}ɨ\xFC\xD8?\xF2Xc\xE7R&Y\xD8Ü„*3�c\xB5�,;S\x98\xA9fKnLX\x8FӌȊeL�\x8D\xA7KS\xFC,\x91\xD3�.\xFD\xEF)\x95\xF2\xFDX\xA9\x8D"pn\xFC\xC1\xFA\xFE\xB5\xBE\xEEÛžU1�\xA8\xD9V�\x90v\xA5~U\x9FX\xD0\xDFs$\x8Fgú�a\xC49Ò³\xA4\xC7n\xEF\xBF\xE3�\xBDH\xFA1\x99\xD0Èž\xF9\xBA)\xEF\xE6\xE3\xD9=�d\x86\xD4\xF5�\x9A\xB3\xB9~~,�\xC4!OÎ\x94\xAF\xA0\xA1ÃJ\xFAb\x8C\x85\x92Y\x9B\x9F8g\x83\xC4h5\x95.ı.\xD7�\xAF\x87\xC52F\x991\x98$\x92\xAB\xA9\x9A2yx\xB06\xC3\xF27%ë~t�@\xDC&)H\xCA\xFBh?Hu\xD5gO\xC0^(�\xA6!\xDA\xE9X]\xD0\xE4WL.C�{_z\xD1\xE4\xC5@\x81\xDE�#�\x9B(\xC8\xF4E\x98O\xBC\xEA\xA0\xD3D\x80c\xDF\xE4 \xDA!}\xB1�~�#Ý\xAES\xB2N[\x80\xAD�\x8D\xF9á\xE3jR\x94^b\xFF\xE7nx)\\xE6I%
-\xE1\x92ë†)\xEE�\xBF�\xAC�\x86\xB0s\xB5\x89\x8F,(³\xF7z\xCCS\x91)\xE5\xE3ø\xA7�I\xB2%?\xF5\xC7:.\xA9M9\xF8\x98\x9D\xB2
-xaP\xCAe6�\xE9�\xD4v\xE0H\xD2�#Þȶ{\x9BCi\x81q{a
-\xEE_\xE67Kb\xCBͤ\\xDE\xE2?M\xC3\xF2\xF5�\xACαI\x9E9\x88S\xEFf\xE2\xFA\xF3\x92Í¢q\xD6c�U\x85D\x94�R&\xBA\x8FP8\xD0\xCC\xC9q\x91p\xFA\xDBS�\xA6\x99�\xBEì§\xD3 at K\xB9\xA5\xED2y4,\xE0�nz\xF1~\x86\x8A\xF9�\xDD�B\x87\xE2w\xA18\xB2X7Õ…V\xCBƶ�\xEA��
-\xFF/H\xF1\x8Dۇ8\x81\x9E4\x9F\x8C[\xBD\x89;[ ]άT \xBC�H\x8A\xA2o\x8CRU\xDA\xF7q\xA7X \x91\xF4\xF6�}\x91\xF7S��\xB7�\x87\xA8\xF5`Y\x9C�\xF8d2\xA6\xD0yԾ\xF5\\xBC\xC3�1?�a#\xF2�\xA3u\xC4T!\x90\x9A\xC3ZG=Q\x92\x9B\xFC\xD7�\xCE]\xD0\xD6c\x9B9/\xB1\xA7d\x8FҜ�\x85i\xAC\xAC
-\xF5Z\xA7\xAF\x916\x924Lv+\xE5\xC6\xCB�\xC8/\xBE{Vs\xFC�\xA1\xE6�;\xA55Þ‹ÉÙ“\xF7\xB0Kq\xD0 at -\xC2�\xFA\xA5\x98UJ\xF0\xB9;Ñ\xD3n�\xA0\xEF\x8E\xE9U/�"%\xF3<\xC4�\x90\xDD{\x9F\xC9�\xD6\xE9Fq+\xA3�\xBF�
-\xAA\xCE\xF2\xEA\x9E\xEB\xCD�x\xEC�\xAF\xF7\x9FQg\x9Ba+q%\xB2\xBD[\x83Fe$\x99\x9DM�\xED%\xB8\xB3\xC5�r@�]C\xC6"pI\x93:%?0F\xBBX\xB8_�\xA5f\xCC�N1\xB6ήH\x8C\xB9\Y2\xBE{\xCD\xEF�!"\xB9\xB4\xE8Ê6fB\xAE\x93\xBB\xC5\xF5�\xE8\xA4\xD1O0\x96�0\xBF\x81H\xFA^\x984W\xEDagUv;Ö—F\xF1I\xF4\xFCz\xE7\xF5Y�\x88\xD8\xFD\xC2\xE8`\xB2�\xCB\xC1\xAC\x80\xF3\xC85\xE8\x94CPW\x9E\xE0\xBE2\x81\x89ssF�H\xE2zS汕˳\x8Cͤ }<.\xEB\xD9i\xB5D{\xE4�\�Ì£\xBA9!�\xF6z�ד!\xEE0\x8A\xB2\xF7V;\xD6&K\xE9\xAF(M\x9CV}\xEE\xFC\xF8Q\xE8cL\x93\xC8\xD2\xCE3\xEFAT\x8B�\xEB\xEA×\x9F\xCC�&\xCA'g\xAE\xE7\xC5VÆ´�F\xDA\xDE\xF9\xCAy\xA2�tc\xAC\x90\xF3\xBA\xF8�\xD2-yfgA\x91zTz\xBC\xEC\xAE\xF8\x8E-:y@\x83\xA5\xB1\xFF\\xB8"\x95?PV\xCFW\xD5E\x86\xC83\xCA lDK��\$\x81U\xD4w\xAC>rß©D\xE8%<\xBB\xD5��\xEC\xDAW\x94\xE5v\\xCFÓŒ\xA0\xF8��\xBF\x80�\xA7J\x9C\x8B\xEA\xB8� RdÉ¢\x8B\xC87\xDBv:\xEE.�\xED\xDC\xF1Q;\x96/\xB1\x98�\xA1\x9F\x83\xE5D\xE1\xA2'\xB7]\xB0\xE7ew7\xBEQ\xC5
-A}\xDC[\xAEL\xBC\xAB#\xB2G\x8E_a\xE2Í¿KH\xA4\x9F\x9F\x89\x90�\x82h�
-\xBC\xAA\xBB�,_&\xBD\xF2\xEEoy��\xA3p\x81B7vK\x8E\xA3\xAC�Nh\xC4�O1\xFB_\xA6\xBE\xB6�\xAErD\x99\x8191\xDC\xF0�)\xCD\xDE�\xBAs�\xF9TA\xCD\xF6��\xE6\xF7\xDD\xA5\xE9\xEBc5?�͂\xD2\xDA.\xEE�\xE7�\xFEy;4\xDB�\xFA/\xA1\xFC\xE0"\x80ps\xB0\xF3\xF2\xF1xe煤\xFC��hq?endstream
-endobj
-1218 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 33
-/LastChar 125
-/Widths 2748 0 R
-/BaseFont /FFPUNJ+NimbusMonL-Regu
-/FontDescriptor 1216 0 R
->> endobj
-1216 0 obj <<
-/Ascent 625
-/CapHeight 557
-/Descent -147
-/FontName /FFPUNJ+NimbusMonL-Regu
-/ItalicAngle 0
-/StemV 41
-/XHeight 426
-/FontBBox [-12 -237 650 811]
-/Flags 4
-/CharSet (/exclam/quotedbl/numbersign/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/underscore/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright)
-/FontFile 1217 0 R
->> endobj
-2748 0 obj
-[600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ]
-endobj
-1160 0 obj <<
-/Length1 1620
-/Length2 20127
-/Length3 532
-/Length 21036
-/Filter /FlateDecode
->>
-stream
-xڬ\xBAct\xA4]\xB7.�\xDBv*I\xA7cul'�\xDBF\xC5N\xC5FǶm۶͎\xED\xA4cw\xFD\xBC\xEF\xB7\xF7>c\x9F\xF3\xEB\x9C\xFD\xA3j\xDCk^s^�\xD7Z\xEB�5FQ\x92)\xAA0�\x9B\xDA��%\xEC\xED@�,\x8C\xCC< 5e
-E#��#SK{Y�)\x90\x91
-௙�\x81\x92R\xD4 h�\xB2\xB4\xB7�3��y �@S\x80�\xD0�\xF0\xED�\x80\x85\x9B\x9B�\x81� j\xEF\xE0\xE1din��P\xFFå ¡\xA3\xA3\xFF/\xCB?. c\x8F\xFF@\xFEF:[\x9A\xDB�\xBE\xFE}p�\xDA\xD8;\xD8�\xED@)\xFE\xAF�U\x80@ \xC8��0\xB3\xB4��D��\xB5\xA4\xE4%�Ô’\xF2j I\xA0�\xD0\xE9o�\x8A.\xC66\x96& YK�\xA0\x9D3\x90�`f\xEF�\xB0\xF9\xF7�`bogj\xF9OkÎŒ\xB9\x84\x9D�F g�\xA0\x89\xE5\xDF0\xA0\xBB \xD0\xE1�\x88�\xE0 t\xB2\xB5tv\xFE\xFB�\xB0t�\x98;�Ù\xFE\xCE d�\xB0\xB43\xB1q1\xFD\xA7\x80\xBFv3\xFB�\xE4\xE0d\xFF\xD7\xC3\xF6/\xF6\x97L\xD1\xDE�\xE4l\xE2d\xE9 �\xFCͪ(&\xF1\xEF:A�F\xA0r;[\xFE\x85�\xF6f=M\xEDM\\xFEi\xE9_\xD8_\x9A\xBF(\xC8\xC8\xD2\xCE� �\xBA\x83\xFE\xC9e��\x98Z:;\xD8�y\xFC\xCD\xFD\x97\xCC\xC1\xC9\xF2_e\xB88[Ú™\xFFW�\xF4 '\xA0\xB9\x91\x93\xA9
-\xD0\xD9\xF9/\xCD_\xEE\xA6\xF3_}�\xFE\x97\xEE\x8D��l<\xFE�m\xFF/\xAF\xFF\xAC\xC1�\xE4�\xB41cD`\xF9\xF67\xA7 \xE8onsK;�\xA6\xB6\x8A\x94\x9D\x99=\x80\x85\xF9\xDFvS�\x87\xFF\xC0\\x81N\xFF��\xF5?{\x86\xE6o�F\xA6\xF6v6� S\xA0��\x93\xBC=\xE8oJ \xF5\xFF\x9Dʌ\xFFs"\xFF�H\xFC?"\xF0\xFF\x88\xBC\xFFo\xE2\xFEw\x8D\xFE\x97C\xFC\xFFz\x9E\xFF;\xB5\x84\x8B\x8D\x8D\xBC\x91-\xF0_A\x80\xFF\xB8c \xB2\x80.�K\x93\xFF\xCD\xDD\xC8\xD6\xD2\xC6\xE3\xFF�\xF0\xDF=5\x80\xFF\xAER�h\xEEbc\xE4\xF4\xDF\xE1\xD3�ۙ\xFFU\x84\x81\x9B\x91\xFD\xDFVKg Kw\xA0\xA9\xA2%\xC8\xC4�`fd\xF3wV\xFF\xB2\xABٙ�\x9Dl,\xED\x805\xFD\xD78��,\xCC\xCC\xFF
-S\xB5\xB04\xB1\xB6\xFBg\xF8\xEC\xFF\x86\x80v\xA6\xFF\xBD\xFC\xBF2\xFD\xABx&\xE9\xEF\xB2\xDA\xF2rt\xFF\xFB\xBD\xFA/?ſ\xFA\x83T=�\x80\x80\xFF?\x89\x86\x9C\xBD\xE9.\xFEa��\xB1w�x1\xB0p2��X\x99\xD9\xFF�\xBB\xBF�\x8F\x9B\x8D\xC5\xE7\xFF\x90\xF1_D,\xFF\xB5\x963�9Y\xBA�t\x98�\x99\x99Y \xBF\xFF\xE3\xF3_+\xBD\xFFF#ngbo\xFAώQ��ٙ\xFE\xDDd\xFFi\xF8�6qqr\xFA\xAB\xED\xBF\xCE\xFDߦ\xFFc\xFD\xAF\xED��\xBA�M�\xD6W\xECMx\x83\xAD\xD22\xD3Au\xB8\xB9#Sb:�},\x90#?�J�U\x8B
-\xFCk\xEC{\xFD\xD2\xC2v\xB9+
-?j06\xCD\xF0\xFCn\xF7X>w\xF8<\x94\xA6=�\xEBñ\xA1\xEAM�^\xE7�\xF9P\xD0\xF4�\xA0o}\xED\xE4\xA4;
-d\xD2/EN\xBFЈ\xF2\xBAY\x92Ý\xD2\xE6`V?Ú›RR\xD6/\xF9\x80!\x9E\xE9du\x82\xBBy\xA6\xF1\xA7p-\xF0\xC7\xFA\xF2\xE4\x80\xE2k\x92\xDA�\x8BÝ…\xD6�\x86QWx~\xF15\xF1\xF4\xF9\x89jh|td\xB8\xF7�\xBA\xFF\x90\x90.'�\x9E\x92\xD7�
-\xF9k\xA4\xBFc�\xA1\xA0\xB6Z\x85xU\xF3\xAB\xF3\xF6\x94\xEA�&B\xCF\xD8>\x9F\xBF\xF9\x87Pv�E\x91妷\x8D\x82\xEF\xD5\xE0O͘\x83\xE1\x86\xC0l�\xAC\x84\xD4\xC8W"\xE6\xFEx\xB2\xA0
-\xE3\x8E\xEFIx%Q\xBCK\xE2f\x86�\xCEo\xBFm\xF8Wcw\xFA\x9F\xF2\x82\x91\xDF\xC4\xCE׊\x81\xFC;L\xA7֑;\xE6T\xB0��\xA36�\xAE�\xE3Gv\xED�\xCC\xD3.\xF5��=n\xBE\xD5.7�\xE8X\xACJ\xCC[\xC3ZU\xFD\xF9b\xAA\xDC�\xC1+_\xAE\x9BxF\xBB-b\xA8\xC0(�\xA5㩃w\xB8\xDC\xC4$��\xCC�Ӆ
-(_,\xD3� \xA1\xC34\x8CS4r-ٓ\xA9\xBE\x883��\x822\x8E\x89\x8C\x81\x8E$\xBF d\xAD�\xF4\x93\x84}\xBCD\xE49%G\xB9<\xE1\xAC;\xD66\xAE\xA3\xDBA\x91\x9C\xB4\xD8p\xFF��(w\x81\xDF\xF6\xECW\x9F��.S�?62=\xFA0z�\x91\xDF\xE3\x9A@΀\x83\xEB\x81�\x9D�\xEC\x98\xE73\xB9>9\xC8%\xE6\xD2��\xF0O\xDE`z\x8C\x976"A\xEFܪ\x93\xB3�\xD6S\xAA�ҼqRɌ!\xDD��M떛�\xC5/\x986� p\xF6p\xF2>\xD9OB\x90\x88\xC1r\xEAO<\xF5lb�\xAD\x82�\x87�\x88\xE0\j\xD1h\x8E!\xB7\xB7q處\x{DE94}\x85��u��=5\xB1\x97\xAA\x97\x97\x87\xB3\x9FG�\xBF:\xD7K\xCE{\xF2ɵ\xC5\xE9K\x9CJC\xB7�\xD2�B\xB5\xBE/)�qpg\x9F\x94\xAD\xB5\xED\x82 \xA8\x95�\x8Ag�\x9Cu\xBA\x9C\xDA]_\xD5\xDE�\xB4c\xB8C\xFB\xF4\xBFY\x8B\xFC n\xBF3\xC7�aɻ\xF0�S�r \xB0ќ�\xA8t3\xFDW \xE5
-o(:\xA8\xD1_�\x82\xE5�\xA4\xF1��OF\xF5�\xD8I)Q\x92l\xA4\xAE\x89\xCD;T\xDC*k\xC02\xF1\xB4\xD2(\xCF\xCB2+\xADջ\xD0\xDD�龛\xE4AM\x81\xBE\xD7Q\xAD?A"tto\xAF\x90$\xCF\xCAA\x9C\xC7;t\xCEB\x9D�\xBE\xE3\xA2\xFC1j\xFEUx\x90q\xA8e\xD3\xD2\xE4\xFEt\xFEc\xC9T�I\x80\x8F��3!\x9A at X芆e\xCE^\xED'a\x82\x86:U+�\x8F�\x93\xF2\xC0\xC5$\x98 \x8BE\xD5\xF9\xC6 \xA8\xC9�M\xE6[\xA1'\xFBn\x8C\x91\xB5\xAC\xE6\x95\xCC�C�\xC1^.\xED'R\x89\xC3\xD24\x86\x84d\xD8h-�y\xC5qC\x8B_\xB7�\xB9\xA3ɑ\xAD5�R^�\xF4\xD1za\xB0ҵ:z\xE0\xF8\x96�\x81A\xE8\xDDg\x9E\xC4P5\xC6 \x96\xB9x\x84�\xBES\xC8\xEE\xD1*\xBFi&2O-8(c\xF3Cݧ\x86l\xB3�2;\x8F.\x9E\xFA\xF5C��\xD7
-]z\xEEW{ r{]ÞŽQYz�?4\xE9Z_)g\xE6:�\x8D\x9D}o\xE3\xC4\xD2Oa�\xCBa\x91\x89\xB2`\xFC,\xB3\x86\xF1\xEBP\xA4\x97}SU\xCD\xE7 <[[\xC6�\xA9\xC5Ȧn\xE6\xB2�\x9F�\x84\x935\xB7\xB3Ú’\xA3�\xC7\xF4\x96\xFD\xF5�\xEE�\x84}\xC7\xD0\xF9sI��\x8C |d\x9AK\xAEs\xBFaK\x8C�.��|%\x80:GÉ”\xDCO�}\xA9P\xAF�z-�$\x8D\xA3\xD7W\xF5\xFD]1\x80\xB4\xD8.Y"\xA0T`\xDE3o\xDEì¥>\x88\x91�?�\xAD\xB7\xE7?]\xA3NA\xA6\xFAA\xC3"e\xE5\xAA\xDB\xF6\xF1�&�u\xE3\xB54\x90\xD8\xDD\xEA\xE7\xF1+)\xC6/\xB2\xF1\xDF�\xF4�\xEA\x95\xF1Õ°\x9D\x8AN$n\x9Bxye�\xBE\x92\x91\x96\xE3�\xF4\x9Cs\xAEb\x9Fh\xC1�xE\xB9\xB2\xC0\x8E\xC0\xBD\xF2\xC3&\xE3\xE7\xA3\xFA\xAB�\xF2\xA5\xBD\xDA4\xA5\x88\xA6\xF3\xB2\xAA\xC7!\x89}I\xEFN\xCD�\xD6\xF8\xADJ\xBF\xC8*\xE9'\xF4\x83\xDFC\xE3�\xAAÊ›v\xDDx J\xE4 \xD3c\x89\xFA6\xBC\xEA�\xDFs2\xB8\xB53_\x841\xF54\xC5]\xB0ѯS\xF4_
-a\xAE;\x9D?o�\xAE\xE5\xFC+L7O7\xB9uv\xA4\xD3u\xDE̸\xB6\xE7\x8EN\xF3\xE6\xEE\x99\xC9\xF1\xA2\xCA\xCFC\xB0\xB6\x8A\xE6\xD0�\x82\xDA\\x9D\x84P\xBC\xAE\x88\x99ߢ\x9D�\x92�1\xE2Ê¢Þ zO&\x81\xC9�\xB7c튩\xC8�\x97\xA97\x95\xC1\xBCG}\x8E\xFA\xE4\xF1ʬ\x90!F\x8Ad1\x82_mÅ€�t��h\xACן2\xB0?X\xB6'9\xAD1��\xEEî»(R\x8C�\xE6\xCBÜF1\x94�P\xA0(�Ê·\xFA\xED\xBCe�\xF4<sy\xF4A$\x94��\xA8\x85\xB3Z\x87j?\xA1\xBB\xBD\xA4`y\xD7�\xCA \x9B\xA4\xBB\x80\x96\xE4\x85 at 3�\xE9\x8C��2\xE4a�M\xCA\xE0��T\xAC6\xB6�\x86\xD9\xC1�\xDC\xDF\xF1\xC1.\xEFs\x97f��}\x8Ar�\xF5EK\xE6Ë–4\xC5Jm\xFEH\x9E6\xEE�\x80\xEF^\xE7\xD4t\x9DV-O4\xEB"\xB2$\xEC2\x83�\xEB\x86`z\xEA�%\x9E\xA6,"\x8F\xFE\xA2�\xFD_\x85\xD9\xF74Ô›\xF8\xE3\xF6\x95\xF7\xEF\xBCf=hR \xE0\x88\xBC\xAE<|\xD3$�dd\xF0\xA3Ì…\xCC\xCB\xD6\xE1\x89\xF1q\xB8W\x9CQ\xC8�G\xF0dȾ\xD7-&\xFC\xE4J6f\xEB\xCFur\xFEq^�K\xD0k\�#\xBA�\x934\xC2�\x94\xFF8r�\xDD\xE4�Rl\xBAQ �\x92o\x8E\x8BË£+��\xB4u,\xA8\xEE�xI\x86'[\xD58ÌŸ\x93X\xDC6\xBB�a\x86j�\xE4�L\xA1\xF7"\xB69\xE8\xF3iꔦ\x9C�c\xA2|\xC1\x93\xBC\xB7`5\xF3\xE32\x85n\xC7O!\xA9Є�'�DIrUf��^;#\xD8\xC8rß\xEEq�|)\x92HG\xAE\x83ny
-\xC69vrQ\xDA�\xFBa\xDE\xDF\xEF\xE8\xF3�Q\xDDi\xE7\xB7\xC4j�\xED�(^&�+
-M\xCC\xE4kR�\xD0<7\xF7u\xBE!+o\xAD\xB9�-}\x90iC\xBC�HBb\xD7*��1'O. \xCD�\xFE~6'j�\xEF\xF3\x98\xF1+gt5\xFB\xA2PV4घ\xBF\xD4 \xDA\xF3�\xD4R\xA8�\x81s(�S\xA1\x9Aq\xB9"yV\x87\xF4��\xEEHvhp\x843\xEB\xDCHG\xB9\xE7�\xF2\x9Au�\xBC\xC9\xC5Q�\x9B8�\xD4�%\xE2\xDBU\x86w>\xF0\xDBg\x90\xE3\x91ۈ}\x9D\xADH}\xF6E\xF72�O\xF6\xD1�g\xED
-\x827I\x95�{\x9CP\xBE\xA93\xBD�\xA5\x8C\x8F/\xC4[\xD6[\xAAp\xABC\x83\x92\xBDf\xB1cB8|*�\xD7vޒ(�2M\xB4:G\x8B\xE7e\x83�\xC0\xFC\x91H7\xFE�5'is=\xBD\xF3{L�Xw\xDC\xEBi\xEC>A\xBA\x84\xEF=\xCBo?F\x97A\xB5b\xA9\x9D\xDC\xC4§c�L\xB7\xBC\x9E\x85כ\xC2Y_\x89g� Ͽ\xA6\xA9\xE8e\x91O5\xD9\xC0ܧ�\xE2\xED/96]d\xB1�\x8F\xCAP\xE0H]~+B��\x86<\x8DԕR\x96\x85�\x80�\xF5\�ͯ\xA9s\xF0\xD1�\xFErO\x8C\x85[\x92\x8D\xBD\x8F\xB8m+��\xFE\xB6�\xF8\xB6\xFD\xA9>\xFE\xBD�\xD8Rkn�\x84\xB4V\xC1\xC1E.\xC9YSssF\x91k\xFF\xA9T\xE2\xE2.�\x9F\x9F3hȎxҵ\xA6\xF6�\x96\xD19\xF5�d\xA8H\xCE6 �\x8A�\xF5\x8B�g\xA0:M6:m\xC7ɣX\x80�\xD3I�Q�\xB2\xA0\x8D\xFEJ7\xBB\xF5\xCF|\xB3\xFD\x979w\x90\x8E>�\xAB\x9Ea^�\x8D\\x83lEuѺ\x85\xF9\x9F\x93Y\xA7�7
-\xE1]�\xF4
-\xD8I�:�\xFD}�\x9F\xF0\x85\xEE�\x8Cr�\\xD2�v-`\x{1D2DAD}\xBBj\xB3\x9C\xB3\xB7\xED}
-]rS\xD3|�\xACU]I\x83suo\xE9$\xBD9\xA2c\xF7U\xB9\x93�\xE4x\xB0ж\xBEؤۋ\xABb\xDCI\xC5Q\xB6?�\xB3\x85\xE16.S\xBC\xE0\x87n|\xD1G{\xD7B\xF5wK\x8D\xA2�\xBB\x99(��\x87\xA7\xF2q\xB0�4N\x90q�\xE9�\xE5\xE9\xBBi\xC1;\xED�\xB6\xB9\xF6�U\x91PȜ\xAF\xE6x\xCA&\xF4\x95\xA4�1S\xB62\x90\xF3\xA5w\�\xB7+z\xEA\x9BDJ\xB4�\x90v\xB8$\xCC�L\xDF\xF2�\xC8\xEEk>^�\xB5\xB2.L\xB1\xBF�\xB2�!\xF04^�\xB8\x93PԿ\xA6.\xAC\xE4\xEF\x9F(\xBF'ڶ\xA3Pb\xA5i\x91\xF7\xEAz\xDD\xFBD�Uo\xC0\xF5Q
-0E\x86I\xC3Z^\x8A\xFF\x8E\xA6Ö‚0\x9B2%�\x93\xFDJ\xA7^\x88V\xC4�\xC9k"y
-4\xD1\xC3�\xA5\xCB2\x9A=�\xA5�\xABUkW3G\xAD{\x97\xF0̪K\xA6\xBE(\xDEØ–W\x8E\xD3Ó\xFC�ý\xAE�9\x92\xE3\x91<�dž\xE2�\xF6\x97\x8A��\xE4�\xD3^R\x83\xFF�\xB0P�\x8AÊ·Zl—\x9BTj\xAD�5\xBE9.\xA2"\xA5\xB3�f>89\xF9\x9DI\xC6vp3Ý\xE99\xE7\xE1CDq
- �\x80\xAF\xB9/\x8FW4=\xB9\xB6dopso\xB4\x8D\x91��\x87\xC01\xB6\xAC\xB4\x92�m\xF8\xDA\xC96]\xF3|"쮘V\xBB\xC3JhO5\x82\xB02\xD3\xCB�\x8F\xB1�\x877N߼hC; \x97\x8AZқ�\x84\xE4?% \xBC]\xF9c\xA4\xBD\xBC�q\xC8 ë�#h�\xB9il�\xC0\xB2\xF4\xB2X\xD8\xE6\xFE\xE9\x9E�\xA7\xE4\xD3%�\xF9\xB5\xA2(eq�B�\x95\xE7\x81P\xC1\xEC=݄\xDC\xC19\xE2\x87\xC1\x9C %J
-\x9C\xEEN�R\x8FC\xE8I\xAA\xCD\xEB\x9DKD��QZ\xB3\xC5�\xA0\x9Du\xA5\x87H�\xD3�\xA3�z\xEC\xA5\xFC\xEF3\xF2t\xAE\xA7,P�\x9D�3\x8E\xFC:]\x9A\xD9�\xE2\xEBIc\xAA\xBFW\xB1\xCFzA~\xDE Czz\xCE\xF10\xA2\xAE4\xA0p~\+\xFC\xF80\xB9\xFFq}\xF1~}\xE9
-\xAE@\xEA#^>\xAB\\xD7Ȳp\x8B\xC7�*,� A_\xD3�\x90\xF0t\xC5
-\xE2q\xD9b1?&}=\xC42\xE3\xD2]\xF3\xF0\x80Æžo\xD1G\xA1PL.]B\xAA\x8F\xA2�E3\xFD7z��\xAE\xC6n\xB8c<\xAE\x9EepN�wd\xB6\�\xF1\xFA�"\xAFkÑ;\xEF�X\xA8\x8B�ЀBgN}\xAE\xB2�\xFB�\xE0\xF3\xC3Ì\xF2hkr��\x9F\xC0�\xB6G\xE2{\xB0l:&j\x91\xF1\x99\xFB
-^\xF2\xD5PkNɫ�\xB1L\x9D\xD6\xF1\xFC\xABD\xD9j\x8B+Y9\x82d̜\xF2\xD6�\x84ʗ6<\x80\xF4Vc\x8A\xA7\x8B͚�\x91\xDD\xFE\xB3\xA5S\xD5si\xDAڤ\xDB\xF2>�v\xFC[\xC2\xEB ^\x82*\x9Eݽ\x9EVg\xAAT=g\xEA\xEF\x81@!\xBBc�)\x83\xB1F\xC0h\x85\xB4�1�l�-\xF2Z�\xB19\xB1lH@\xB1Ę\xAC_\x8D\xD7m\xA6\x8A\x8F\xE6iw�\xD6J|\xA1\xD4\xC6ɒ\xB9ƾx9\x9B.\x9A\xFE\xC47o\x88e!\xA3c\xD0�\xB7\xA5�\x8D\xDD�\x86B߬S��\xFB�\xC4\xF1�\xB9e\xE9x\xAD\xCC- ln\x9Ck<J\xE1=S�\xE95:\x8E'�\xEB\xB9\xCC\xC5.\xE3\xCA#C\x98q\xF1\xCF\xD8܆W\x9D�\xE5i�\xF9A��^$\xE8�\x88\x81\xFC\xCB\xDB�\xCBd\xC42\x8C
-\xEF\xAA��\xAB\xEC\xE3\xC0\xCC\xDF\xC5;\xE0\x8B\x8D:�\xA7\xC5��3;y\xDD\xC2\xF725Ek~á�� \xBA\xC5\xF1`�\xB8\x8A\xA9v\xC1\xBDn"\x84-i\x9C$%?wI�H88\xA8�[\x98fÒ5+ry\x99\xD1[>
-\xD0"$\xA9p�@\x81z\x9F\xD6\xD0G�\x83\x9B\x82\xB7^_f\xF1\x9EtDPi\xC2\xF1\xF8\xCB\xC9�\x98.y\xD6\xC6\xD0\xF3\x86�\xB7\xC5D\xE3^!\xA1\xA5\xA0�1\xE2\xF3\xDC,\xF3\x9A��\xAAi�\xD6c�.\xE24�\xA3�\xF7L\xDB}cN6\\xC8\xDB�\x9DÐC�\x95\xC5?\xD0\xD6\xD4\xD85\xF7Ü tbgipO
-\x8B\xB9sh\xDB�t\x83t�{�J'uYÌ„\xD5Ñ’Z�6è¬w\xDF�\xF9/N\xD0\xC8y0\xAC\xD6�\x82;g�\x8B\xD6Z�0\x85.R;
-*\xC8\x{DB74}\xE2T�\xB8�\x9EfW�3\xD5'7)\xD4Y\xDF=�\xE1!`\x83S\xE9\x897\x88�v\xA4U\xBF\xC8!~{\xA3\xD81\x9Dǜj\xF7\xE0\xBA\xDFŨ\x9D\x9EG�]\xAC\xDFg\x95,\xBD[
-W,{ukR\xFF\xD4j\x95\xC5\x82\x8F\xE8\xD2<\x92\x85\xE6p_\xED֩\xDBRV\xB7((\xFE22\xDF�\x8Av\xF3��\xC7\xDDl.\x88\xCF\xDCs/\xACU\xA1\xA5&\x82ko\xBE\xF7\xF1@\xC6\xC7\xCA5V\x85jj\xACa
-`N}\xD5�\xC6\xEA��\x8E\xE1O\xFA �\x8A\x9E&#\xF7\xA6\xC0u\xD3\xDBW\x99{p\xE4c\xB3\x8F <4\xC9\xF3�\x93\xBC\xA3\xD27��J}G\xE1\xE6\xC1\x86T\xCB$\xE4\xF0\xD301Kp"\xA8?\xB6Q\xF8\xA4\xF44d\xBFx}\x9DKs\xAFc*�\xA0\xECh\xF7\xA7\x91\xCE\xFE#�Xiu\xC17n\xEA�\xEEØŸÕ©\x8D\xE8|ÓD\x86�3\xB6\x95\x83\xB4Q\x90\x8A\xDETG\xF8Ð\xE6E\xAEͯm\xC2\xE6\xB0!\xC0�bXÉ´�2\x96\xB7\xB1R\x9B?h\xDD\xDC\xF6=m\xB87\xEB6\x86\x88\xB9o'\x93\xF0l\xF8\xA5g\xE0\xEB\xE8\x94\xCE\xF6�z�\xCA8\x82lL >\xC5\\xA5* \xC1�\x8E\xE9Ѿß1\x89\xE0Ú¶"N\xC4\xC8U\x81\xB6\xA1y\xDE"\xE5e/\xBD\xFC\xF5\xB49\xC6hÓ¶\xF13�+\xDE\xC1\xCA+�3\x96\x94R\xDA\xED�4p\xB1}�\xB5^s\xE4�w�\xF6&\xF2GN^9�\xD7�t\xA7\xCE\xEDd\xF7�\xE2\xCB\xF7\x87y|\x81ܨ�hͪ\x93m \xDB\xF8\x8AY\x91*gS\xC6�\x8C\xF7lZ1�S\x99\xE7\xDB\xE0\xAE2j\x99\xE7\xEA\x95�\xA7��p\x84N\xDD�\xBD\x99_�\xEE\xBF9\x99\xE5\xDA�\x91\xB1�\xA3\xFC\x8C$4W�\x82\xD2\xDCkߤ\xBEZ\xEC`�\x8F\x95\x90@�B\xF1\xE3jO\xAE\xF5Va\x92�t\xC2I\xA1\x84[L�\xEC$ U ;"\x94\xBF\xB9B)\xDC\xFE\x94\xFFp\xAA\xB2\xEF\xE8\xEE\xC8\xE9~\xD8\xEE\xA0dxpv\x92K# AWE\x95\\xE5u\xBA�\xEFo\x8C�\x81woϳ\x88�?\x8B]\xFFy\x9E\xBDE \x99�\xC0\xB7\xC1\xD1R�Y\xA3_ \x9F4\xA2\xE0\xCF�7\xA9�\xA3\x95#e�\xE0\xABȾo\x8E�d\xDE�h=g!\x85\xA30\x92H\xBF�\x9C\x85l\xD6)|\xFF�P\xEDC\xF0\xA9ߣ\xC5��OÄ…�3\xED\xE1\xB1Y�Q\xA1\x9B}\xDC\xEA\x81\xEB\xCF
-\x96\xD9�\xFD\xC9vu\xF6\xF9�\x8B\xAA\xA5'NP \x98e\xCF �\xB1\xE8�,�a\xE8\x99n\xB5\x9Ed\xD8
-\xB1\xD0� �dL\xCA|�tHo\xAD\x9C\x84\x99\x97\xB0މ#\xFC]\xCB�\xD5�2\x89\xED8�\xE9\x94=l\xCEMK\xBE\xFC)Z\xAD}ټW\xC6YX\xF5\xDE\xE1\x8CK�8~\xD9\xCF\F\x86�='h<J\xD9GX\xD4\xE6\xA6\xC9�\xC3\xFD\\xAC\xC1\x97�\xA4�&\x8B\xF6\xF0c\xE7[\xB5\x90&b\x86� \xEC~wg�\xD6\xCB�\xB3U�y\x95\x86\xF8�\xC8W\x9C�\xB1k\xBC\x9D\xD4h\xF0\xA0\xBB6�Q\xC3\xC1�\xBBk\xDB\xDEW\xB4\xCCv�\x8E\xCB\xCBf\xBB\xED\xA1\xC0o\xDF>\xA5\x87;\xF9k/E7\x92r\xD7y'\x8D4x�\xF6zUZj��
-S\xE8Ç´�FÞ¦\x85\xDB\xCF�\xCE��\x9A13\xB1\xA9\xC9'\xE6z��t\x83\xDEm~ \xB9H\xBA�&�\xB6\xD1~\xF1\xCD�h\x9F\x8A\x81pu�\xA2\x8Fh�^�\xC2c0x\xC6(\xEB7\×[:\x8B\xB6q\xA2Íš-�\xB5j\x93\x92"�z\xBEr�\xA7YJ\xF7�-\xD96\xD4\xEFn�n\xD4\xE3\xF5\xCD\xCCI�\xB7n \xEFS7\xFD\xF64\xA6��\xA6쾕\xF4\xC8@؈F9x&\xAB�s��\xEE|\xD7`pu\xA1e�F`{i~\xB6Ùƒ\xCB!$jmJt\x86\x9C/\xFCa\xE2\\xE8\xCE\xC5Ni\xE0"\xFB*\xB1z\x98\xC3t3\xACGs\x80\xB5/Y�n ~\xB3�1&\xBE\xE2\xC60tY\x9CV\xE1q�\xF0(\xEA\x99w\x86\x97�V\x86\x9F\xF7 :\xB7\xC9\xF3Çotx\xF8\xED\x85*\x98\xAE\xF1\xA7�\xF5\x91\xE1#Ms�9\xBDC\xA89\xF0tIL\x9D\xB3\xF2X\x88\xD7\xED\x8A\xE7Ý€\xEEW�\xDE�\xAB\x8F\xCA.�\xAD\x92\xC2\xE5݇Ӝ,7\xA7\xA9�\xD97\x82\xC6Q\x83\xC4\xE9\xE8d`\xB3Ú³\x93�t\xF7\xBEk
-\x9CM\xF7\xFBx}P\xEF\xEFo\5\x81\xD6\xF7�\xF4C\xA7\x9F\xAEZ*\xEF�\xCFkm R\xE3̽oÙ°�?1D\xEA\xF1�e\xC4'\x9F�Æ \xE06\x85�\xA9jb6�L\xD2\xEB\xA6X\x9A�\xE1|\x97?\xF7tK\xD2:6\x99\xCB\xFCh\xEF;\xAC��p\x80G\x88*z\xA0\xB5-Ox\x97\x8D�o\xC2ܽ�\x9A\xB0\xB6\xE7\xC8\xDD�\xD4\xC6 \xD1b\x84,I\xAD\xA3\xB1\xBD\xE9\xB8Ni\xC9�\xF5\xC7{^\xE8d\x96PL[\x91\xEEc\xB1�\xD8�\x99Q\xAFdZ\xC3\xD9&\xCB�\x8EA\xAF\xEE/\xDA;\x81!\xF2�\xF9�p\xC1B\xDF\xD9s\x8D\xDDO\x91��΃3ײ\xB32\xA8%\xD6u�z�\xF8\xC4�[c\xE9\x91Ù§\x89\xC2\xEF�\x8ARfU\xD4�g\xE7\xFAW��\xB7\xAD\xBA\xEC;��\xA7\xD8\xF88\xCDL\x8A\xA8\xE9k\x98"\xAD\xA2�\xAC�t\xB52\xB9�e�\x9A\xF2�K\xAC\xA0\xC1\xBE9�c�$rMe�\xA9\x80\x80Ô˜6T\xA1Б1\xADQ\xE7T\xE8{O�\x96\xC5\xCB]\xD1��\x92f\xB3\xD5\xD39\x8D-\xA9\xFER[0\xA3Nk\xBE�\xB7�\xFD\xB5\x81\x84�\x8E�\xCFߨN\xEF\xE7\xC2"��?Gw~\\x93\xAC\x85XH\x94\xE3\\x8Fl\xE3\xBC\xC5_\xA1\x92\x94�*G\x8DwQQB\xC19+\xA7\xAA\xC1\xA4\x90Â¥\xE0(-n\x9B_\xD2x3\x93m\xEC\x82gU\x91w\xB5\xE9\x9D\xED\xE2ߪv6\xBAȯp\xD3[�\xF3\xE6\xA2�I\xB4�2\xD66\xDF �\x87�\xD7\xC7\xEB\x9F�\xEDI\x9DG\xFB\x83\x97e<\xAA\xF01}x\xE7\xAA\xC0\xE9\x9E~\xF4\xE1*@O\x80\xF4\x85\xB9ɶs\x97\xEA>\x87\xDA{#\xD8\xCBz߈\xB9\xE7!\x9E\xE5<�\xD7Ó‹\xA6g�=\x91ÑGH\xF6'\xB2\xD4�e ȱ\xF3\x8E\xF5\xB5\x93:\x85\x9F\x82\xEB�R,q@\x8F\xF5�\xFB\xB4��\xF9\xFCqh\x8EN\Ve\xC6dh\x8F\x84ɘB\x99\xC1�m*�QZ!cJe\xE5Mj\x85\xCF\xF2\xE1#\xE!
9\xE58;\xA1H\x82 W\xA4\xC3\xC9�\xA1\xDBσy\xBFȧ\xE9\xD1\xC9q\xB8\xC2\xC9O�\xC0\xA6$*\xBC\x94Ö”\xBF\x90\xFE\x9DC�\x8E\xA1ß—(]b]uH\xED\xD8;\xA6ݧ\xC7�\xC9E\x82\xFE�K\xB1\xDBH]\xD8X\x91I\xEFif\xCBS2p��hz\xBE\x82 \xDFA\x87\x9C\xF3\xD6 t\xDDب8\x8CÙ„�Ç\x89�\xCF\xFEq\xCB�\xBB
-*\xD8�\x91E�\xE66\xF3\xF88\xA5\x94J\xE7\xC2?\x8DK\xEE7߾\xF5)N\xCFT\x89"\xA8V\xD4\xCFL>+��\xF6�\x80å\x98\xCC�\xFE\x86e�-mί`$T^\xC5\xECE\xA2\xB6�p&\xA491fXh\xFD\xFC\xFAQ\xF3\xB8kc�\�#B\xD0\xD7\xEE\xFB&\x93�\xAA~\xF6�\xBC\xFE,�t\xED]\xAA\x95w\xC41y\xB8\xD2\xCD\xD5:\x85�Au\xCC�\xC7\xD7 �\xDF2\xF3=\x97\xFB\xE9\xC20\x83zV7P\xA6\xA9O>\xA9\xA1\x91*\x89\x9DB4\xF4\xBC&3\xD6\xE0\xEFDח\x96�\x99iW\xED\xBFU+�L\xB4\x9C\xB1\xA7f\xBFZ=��B�B\xA3\xA1s�1\xDB\xF0\xFEX\xC4\xF2j\x80Y\xB2\xF7\xA8is�\xE6�/\xE6
-\xBEzT�\x85\xA2g\xF4O\xFF\x92\x8B\xD3o0-\x9A\xCE०�\xB2�Š�\x98h�\x9B9\xC9\xC8%m-\xDCC7\x82\xB5$\xA9O\xE3zAp9�%m�\xEB\x83f��7\xEC\xC4\xEE\xE2\xBA\xDEN�\xCD\xEDOKB\xAFW\x88\xE0/\xB0\xB4e�\xA1\xEC\xD4\xE1o~f\x9B]{\x88\xF0E\x8A\x98*�\x83\x81\xFB�N\xB7G\xAE\xB2\xCEϫE\xF4[\x87\xF0Q\xF0u1\xAA\xD1\xC3(�X\xB2\xC1Z\xFB�\xA8\xC2x5\xA4 6\x99\x9C�\xB9\xAF�$\xDF's.�1߬)\xC7^r��\x91\x81au5n�U�G\x91\xE1�\x9F�\xD5\xD4\xF7���T\xC1z�\xC0\xBD\xA6\xAC\xDC\xCC
-l\xE9\x81Ld�i\\x94a\xD0Zj(\xF4\xA0\xAC\xF5\\x9C\xF1,\xF4�S\x96W2\x8D\x83o\xB3\x87C\xDC�\x8D`e\xAD\xE6\xED㦃F$\xEAuÆz\x81{\x86�\xC2\xCEK!K#�$
-�b�\xC9b\xF0\xFAu\xD99\xF0e\xDEWs���S\x86\xDAIN\xF1\xAD�E$�\x8Cc�\x8DD3>\xE4:\xDD\xD4%\x9E\xD0\xE7Ir<۽;�\xE5\xB5�V}$1\xE2\xB0\xF0��\xF4\xA3\xF5�m\xF5\x93\xB6)L\xA3B\xF2�\xF9P-P\xEE\xC0\x99\xD1D|=\xDCF\x97d\xE3;\xF5\x85R�^j��\xBA\xDFs\xD2�c\xFER\xD6'\x9A\xEEϳH\xA5\xB9\xBC+�j\xEC�F+\xF2\x98\xAAB~\xC8Cg\xD95\xFB\xEB \x80U\xD3(6�\xFB\x98\xDD�#�̼v�\xC0\xA3\xC4�\xF2q\xA5\xFE\x85\xE4�\x9E\x93Zrtj\x8Ao\x81e|\x82+\xA0g\xC8�b
-\x8D�\xC7Xx\xDE\xC8\xCDG\x9F��\xC6\xDC/b\xF8c\xA7\xE8\xFCv+\xF8\xB2\xF2kb\x88\xA0BF\xDB;l'a\xA1�|E]\xE9\xFC\xD76t\xE9C�\xBF\xD70q\x82M\x99\xB1I0\xEA\xC7`\xC7sZ+\xA3.\xCCg\x8A\xCA)�\xF9cs\xB3\xBD-\xE3V\xE9\xA8ݳ\xB7��\x86\x86\xB2�\xBC&D̘\xF4\x94@�\xB6ݔ\xEF\xB3O\x9C�\xF6\xF8]\xA5\xFF��]\x83Ҙ,\xB1\xCE
-q�\x9C p\xA8F\xFF\xD8�\xB0�\xBAy\xF3\xEB+45\xC4 \xE2$\xBDIW\xAA�\xDBo6s\xB5PW\x82�R\xFDy\x8F\xAA \xD9\xE9\xE98M\xE2-lv�r�Ψ$�\x96�\xB3\xD4\xD2+\xECL\xE5�\xD7t\xE5�\xFD\x89�c8\xA5��nH\xC2ټ@\xD2+i\xDA\xE8\xDCHԋ\xA4\xB3!\xAB\xB8\xC7qz�{��\xAD\xC6{\xA4l\xEF
-\xC7p\�=N\xFC\xAC4\xB7\xB7
-d;u̒\x91\xDC�sۄ\xF7_]e\xA0px\xDF\xC1\xC0:�\xCFh�\xE2\x90\xEE|k\xB1\xB7\xBE\xF6'nTd\xC72\xE52fu\xB70\xBCe}X\xC7c*�I\xC3o\xF4}x�Fe6����;�ac\xD1\xC8\xEEX�\xFA\xFA˥\xE1\xE6�r,\x96\xEA\x9Ch\xA4/\xBA9;`\xA9\xAEGŖ\xB0
-\x8D,\xD3H>%��O\xE0"\xFB|?\xE9J3iὓQ!Ef�b\xAB\xE8DC\xF5\xF1d\xB1M\xF0h\x88�\x96X\xB5\xE6ϸ\xAD6\xF4#\xF1\x86l�\xBBȅ\xB1\xFBsL\xF3\xE6\xDFg\xE9l;\xB5\xF1\xCC#%
-\x91\xBCG\xF8CA\xCC\xD1�\xF0}\xBE\x80\xB66Ç¢�\xB3V\xBB\xFE\\x83 diKB�\xB4\xABÙQ\xEF\xE8.�\xA7��~Þ‚\xB4\xC8\xCC=\xEC\xE4m\x92�yS$\xFD-�Ñ¥\xAA\x8E\xB9�P\x82\x81\xB4)ke��\xC5\xD3nM\xA1G\xE3�\xB6\xCBu\xB75%\xAC_\xD8E\xE7M\x8AK\xD2c\x83\x86\x8C8��\xEE5\x80\xC3|5�w\xEC\xF3\xB5 \xD4"\xF6ů\xA3\x84\xB23�ÇŸ��\x9D\xB3\x92\x9CV\xC9�\xF7
-�\x9E\xF3\xF8.Ѩ\\xE9d\xA5(\x9A\x98>�\xAF\x96L�\xE3PÚ\xA0�Ԛ�3,\xBF\xD416�\x9Ae\xAC\xBB۲\x98BG\xBBO\x9D�\xE5\xDC\xCF\xE6nP\x9DƵ�W\x82\xAE�e�o\xC1P׽'\x94\x9D@\xE7\xDF\xD2�KL\xFDº-/\xDEJ[\xFD\x8Cxw]�\xF6G8f\xF6r\x88V\x83\xC9sv\xC4�\xFEh;\xCC�\x9A\xE9\xA3H\xDBF\x8D\xCF\xE6\x908w&_a\x86\xB6j\xA1\xE3\xF7q�\xB4r\xA9�\xDD}~9\xC3�Q\x87\xB3�\xB9\xC3�\xF1Q\xCB\xF6\x9A�\x82\xB8\xB8�\xC5\xD2R\x9Fv�7\xDD/\xEC�\x83\x83\xF0+B\xADg�N2�\xE3\xE2j�\xD2z \xC2E\x87`\xF5fQ�\x958{\xC6�\xC1�9\xFB\xBB\xA8\xBDqN5mc\xAF
-g\xC0<\xC5j\xBD`\x9E�@.vS;눂D\xCA�kn�DԚ\x99\x98�\x8F\xB1\xBAO�\x9DZֵ\xDC�іHJ\x94\xE4\xE4�&�\xB6[�\xF3X=
-<\xCA\xEE�\xF2\xC8Y\x9F\xAD�\xD8\xECZ�
-\xCA�\xA3�\xF7\xED�\xE9\x99�\xF9\xC8�\x9DTx�\xC7�S\xEAhD\xAF\xD3e{Ð’\xD6M\xC2���\xD2\xE9*\x9D�\x92\xADD#\xF4TtهͼÔ<�~W\xEA\x9Aϯ�,\xC4ѵ\x97\xFAH�L�\xC6\xFCc\x9Ccy\xB5\xBC\x87\xC5\xD2\xEE\xC7<\xCF ��E\xC7v\x9E\xB9t\x8D\xFA�\x93�H;:\xB1[æ¥@B\xB3Co�јI�3\xE5ÕŽ�+\xB4s\xAB\xA9\xC6?\x99\xC0\x930\x90\x94V\xF0\xCD\xED�É \xBE\xB9\xD9\xEC\x90�ʃ\xBC\xE3A\x8F\x9C'7\xB6\xC6�\xC1&\xA2GL6\xF6Ý¥
-\xD5.\xB9YO\xACꪜ\xA9�\xDBי\xA5
-o;\xE5 E0�
-+P|\xAFî ¾\xA7\xD0I\xEB�g\xB0\xA5\xAA\xD4o�K\xFDd/&\xFA\xC5\xCCg\xEBVÕ”\xC8\xFDÝž\xAF\xDB#t\x83#\xD6\xD3^3\xD5%N�s\x93\x80M\x94\x920\xA8\xE9a|\xCA|ɼ}F\x8E%x\\xCBg\xB9�b\xD3\xF5=\xBC\xED"\x85s�\x9DU\xCF�\xE29̯ԫ�{1K��\xBC\xB7\xC9�fU\xA1\xCF7
-\x88猼\x99\xACE|\xDC\xCC\xD0\xF0Xu\xE3�\xFD\x96\xFC\xC2\xCB�\xA8\xB5ί�\x88r\xA0\x89\xAF\xFB�V\x99\x9D\xC6Z\xF9� Hm�Q�E,\xFA\xEF\xEF�Y�\xFC(\xB3\xBB\x8E\x81��\xE1ښ&�\x84\x97\xA7ƅ\xF3\xF8tk\xB1\xF2\x95΢Aw\xC5Ș)\xE3\xE6^\xFA\xA2X�\xA9E\x8EO\x99\xE6\xEA\xAB\xEF_\x95ܔp8\xFD\xB0\xB3'W#\xA7\xF1�~\x9E\xF5\x9C\xD0\xD9\xF85;<\x92\x8A�\xDA\xE6_)W\x9B/�\x92\xC9\x)w\x9D\xFC\x885ڲ�w9�ֈ.Ѫ#y\xDB2g� F�\xBC_\xFAnc\xF3A\xBA\xED�\xE7)F,\xF3\x93\xAE\xFBM~e9\xFB\xB0Ns\xFB\xA3f쓵5\xAA:PK\xF7\x83\xB5T\xD09oY\xF6 \x80\xAA}$:t\xF1\xB2ld$W%\x91ȳ�WCxH\xE1\xC3EO89�!\xD7hv\xDF3\xD3(\xA6�#g\x9F\xE5\xDE[�\x8DQ\x80\xCDr\x82ن4\xC7c\xF0\xF0\xCE\xF7\xAD� \xB8Պ�\x89\x84\x83>zL\xE1r\x97\x8F\xF5\xDC[\xF9\xEDVU\xA7\x93\x8E-J
-\xD7\xFC\x81\xA2\xF5\xBE\x89͞ަ\xD9\xD7(\x9D\xC4m\xCA\xDA&\xAE\xC2\xDD3�ȣ \x9E\xC9\xD3#�\xE2�\xBB\xFE\xF0%�\xB2�\xEA&�7\xEA56q\xE3\x84\xF6cI$\xB6\xD6u\xA0�\xA9%\x90\x9F\xDB�\xBE\xB5\x8D\xD5\xCBVP\xBC հ\xE3\xE9\x99\xD8b\xD5g�K/4\xC2�\xFE}
-i\xC50|b\xAA(\x9D\xE7\xDDX�#\xCF�\xEF,\x8F\xF8;\x88x\x9AcR\xCE8L\xB5j!\xEE
-\xBB\xF3\xFAV�\xA5 at L&K!\x89]\xB0U\xC4\xC3�\xFB��щ|�\xE6vYlN\xE6\xBCa\x9A&\xA4hDA\x97\xDA\xFDm�hs\xE4\xD9c\x80\xA4\xB3W"\xE2{މ569�L�\x{DF5D}�\xD7\xCB~\xB4\x9C\x87�ͤ\xC6^\xA1\x98�\xCA4eU\xB3\xA3\xB4Eȓ&p��h\x8C\xCF\xEE\x9D\xF9?\xE8\x99X}}\xA5\x84\xD98�\xC3m\xBFb;\x86\xB1�\xEB
-\xD7\xDDI\xC0\xBB[t<\x8E\x89\xE0\x84\xBA�\xEAF\x87\xC4\xDC�6Gbftw\xFE\x9E�T�7$\x96\xE4om�w|[$EV\xB8M\x97g[\xFAy\x9C\x91\xE9\xB1\xF8\xED\xB3Öƒ%Õ\x82�CI\xF8\xD3K\xA5]L� }\xB2\xCBp\xA5pCg>\x83\xFF\xBB\xEAn\xF8Ä�\xEA=\xE2]\xA4p�\xF5\x82j\xA7\xC7\xFDܨ\x98\xF6\xCF\xE1�\xB2\xA8>\xA6\xD9U\xB7n\xA4'\xF0\xAB\xA4\xE1{\xF8r\xF9uU�\xB4\x85\xBF�\x83�_4,U\x86\xB0;~�\x86\xBC\xF5\xD1l\xFEn\xEE/�\xAE\xC2\xDF\xF1X\xAC\xB6\xFAU�%~\xA4\x8C\xE5\xBDÞ,/�0Бw\x8EQ{\xD6:\xC8\xC1\xD7\xC2�\xAA\x95\xEBf\\x93\xEF0\x98�\x9D\xC4Üœ$e�\xB3R\xD4\xC7\xE8<[\xF2\xC2 X\x95\x90�\x8E+\xC8\xC0�'\xDB\xE6]\xF5\xDB\xFB\x96\xAAiX{sV-#\xF0\xAF\xF2��5�\xB2\xB4\xC3+\x9B�f�\xF8*\xA1O\x89�\x9C~E\xCCkɲ\x88Ò\xACÉ\xF5\xA3K\xEB\x8FUb실]\xF4�\x9Aj\xF9-\xE5*bA\!
xA5\xF9\xB1�\x82i\xEAk$-V\x88\xE7\xFB�G"]\xCE[I�\xA5��7\xD65�ꧮq[\xDF�+\xCD\xF0\xF6\xD8/\xBA��\xF7\xF0Ղ\xFA\xF0\xD3\xF7\xEC2*H\xEA3\x8C\x84\x8E\x87\xD1|_ތD\xAArw�\xFAi\xA1."�\xA7\xD6\xEE\xAA��\xCE\xDD/`�8 q\xC4?
-\xD9\xF2s\xF8�e�\xEC\xD5\xD9\xC21Y\xA4t\x8DYv~�
-\xB3L7,\xF2H
-\xC9_A�Wš\x85*Q\xD9k4\x8B\x86��\xCASg�\xEF\xEB}\x93\xE6\xFD
-\xDDH>\x95b5?\xFE\x91ÄœbÇ‘\xFE[\xBD\xB2%?Q\xC3\xD4u\xAD2NѼ5\xAF|F\x84=k�t\xE5\xC2n�ï\xEC\xC8\xF2\xE6\x8B\xF4�'\x86<��\xB3LJ_\xC6n|V\x9C \x93mp\xE9U\xF7YX \xAD|NH\xF4\xA5k�\xCA�\xA0r�O6\xE1g\xCCf \xB6\xD8lh\xC8b\x89\x8A\xB5\xB0DŨx`\xDEz\xF9\xB8\xB3/;�\xE7\x8F\xF6y�jiI\x9AuR\x9D\xE7\xAE3\xB7\x9E\xDDAZ\xF8\xCC*\xEE\xC7\xFD\xB1��@>\xD6,cIß’\xED\xCF\xC8}-�\xE5�E\xE7J<�\xAF\xB5p,I\xC8[\p�uÏ©^\xCCz\xFCQ\\xAE\x8B6\x8D�m\xA5Ȉg\xF0\xDCÍ/�|g\xD4Y\xA5\xBF\xD7XC�\xF5É\xAAy9m\x98\xB0\xB7r!>Z.
-SS\x98K"
-\xCF~~C\xAEx\xAE'\xF10y\xC9#\xF1ں\x83.U\x8Aq/\xF6џ\x98*\xCE�\xF6\xA5\xFD\xB5���4��\xC7\xEF�`\xE0Im\xAD\x8A\xB4\xA6ǔN\xED.z�\xDFF6\xF9\x89\x91�\xA1D\x9E\xB3\x9D��\xA2,t�\xB0\xCD(\xB8\x998\xE9\xB1%iXK{\xCBl\xF2\\x91V�\xF1}g��x7w\xCFb\xF0b\xAC\xBD\x89j\xC1\xBD`\xFB�'\xFC\x90Nf\xA0\xCC�B\xA0̴Я1f�BȌ+�%\xB97��\xBEC\xE4Kv�\xC7ю\x8A\xA8'\xB6,\xB3jvZ\xDBڕ\xA2lD\xA4Ƚł\x85U?�/r\xAA\xECuGш\xA45�9+\xF2\xFA\xF8F\xB4'\xC9\xFBu\xA3\xF7\xC1O^C.\xB6\xBA\xF3\xD7?�D�\xA1�\xFA�
-\xCB!\xAB�O$�!*_\x97�\x91} quf\xD6\xE4\xAD2\xBF\xD0AQ�\x94\xA4\xC2\xE2WH,\x91Z8\x81gm\xAD\xC8ިgA\x91\xB8\xB6va\xF5�ȔYֹ\x9B\x91k (
-á„%F<5\x9F\x8F\xBCK\xBB\xE7\xB4\xC5\xF6\xA0\xDB3\xD3΄\xD5\xC1\x8A�\xC2~\xE7�D�7/�\xE2\x9A�\xC5 �\x8C\x88\xBC\xEAÇ™\xA9�E\xBD\x8E\xEE�ûF\xED<g\xF0SL2R\�\x94\x98um\x92|Ø¿��I"-\x91ÊQ:\x87\x91w\x98\xB0\x83\x84~U�\x97\xD2\xDB\xE3\xE4\xDA"(\xF9y\x97k1W\xC0q�r\xB1�\xB7}\xA7MN\xC9\xF0É\x86a0\x92~\xE5BnJ\xE8\xD4$\xB6\
-\xE1yq��!~Y!\xCA`E\xF5\xE2\xEF\xE1$\xEC\xB5\xF2s\xB9\xED��\xD2f\xD8T\\xE0\\xFEL \xA3o�\x96\xE6�\xC4\xC9rQ\x93�\x86�)~�\x9C�\xEA\x8D\xCFU\xCA�m\xEDْ\xAA\xA2p
-Pb�\x94�<�p\xC2*1oAjV\xB1\xFCV\xAA\xF1��\xD6\xC3\xDAt\x949oÕ H\xBD\x948O\xDD#q\x87�\xE6\x80\xFF�\xF7 ��\x8CÚ‚\x80@\xB7�\xE4V\x81\xCC�\xB6x�xO\x9Edh\xEC�Q[\xCE\xFF�_��\xA8�\xA3\xF2D\xE01\xD6s?\xF5~-e^\xB9\x8A\x87�\xBA\xEA\xEB\xE9\xA2>3v\x8E,\x80 P\xF4�\x8D\xBD4z\xF9\x84Pp\xB4_-\xAF\xB3\xF7\xE7 \x90\xC4�\x9A0X�R\x80\xA9A\xF7?Jf\xBE\x95\x92{\x81�\x88Ï”4\xDAR\xD8l�\xD8\xF6I\xBC�\xBF\xAE\xF6\xF5�~\x82�\xC9�\x85�PĦxI\xDD�\xE2/B\xB2B\xFC\xA2�=\xBFA'\xF6\xF6`\xA3H>H\xDF\xED�\x97\xB6�\x9CPx�\xE1\xFC\xA1Z�\xF2\xF1LQ\xF6LVg*t\xE71KÆ„\xBAdQ\xC1�\xE5\xDA)\x9A\xB8|"Í·Ä´S\x91\xA2\xEC�8\xFBg\xFE\x90\xE1s\xF3\xCD�l\xF0A\xCCC��Ûª�\xA4^�\xACI\xEA\xD9�\xA8\xB7m\x82\xE5i\x97nq\xFA�Ħj\xB6A�\xAB"\xBC\xB1\x90\xE7\xBC��{H\x84�#\xFES
-\xBD���\xC1\xEASG\xB1L8\xFAkO{d�\xEEf\xB0\xA9�\xBB�\xECOǽ\xD4/\x98\x9D\xE6\x95w\x83\xF0\xE1\xC7`\x9Cɵ�'j^\xEB\x90\xE5\xE98S�x\x87\xB1
-\x8D
-\xD4\xF9\xB46\x8A8�\xE4�\xAD\xD4\xD4s\x87\xCE�C\xFD\x97�\xF3<n!\xE4\xF6\x99\x85\xE3օT\xAB\xD0\xF9��ꓗJ8R\x85\x92\xD0\xE6(Q�\xE5|�?\xC7:\xB96\xEA<�\x99\xFA\xC8\xFC\xD9�:\xF2\x8BG8\xE7\xFC;k\xBB�Z[\xB7\xC9}\xF1\xA0b\xA6ND\x89)\x81\x9F_\xDAT j\xC4\xD8*\xE0+5\xB5\xD0.\x8Bj\xB4a\xB5\x94�n^@\xEC]\x95yE}\xB1�ϻ \x9F�\xF9\xACw�\xA9\x85\xF2;\xF4'�\xD3\xDB�\xE9\xFB#N䪦(\x85��Y\xF2g\x8Fv\x8D\xEC\x99%c\xB7\xEB\xB5I\x88\xDB\xD6$J\xD7�E�+\xAC\xC2Vb�x*5u\xC3l}\xA6\xF6KZ#\xC8\xF3�q%\xF1\xAD\xDC72\x9FË\xF8iXu�\x80ᕩ~\xD6\xE1
-\x9C\xD1\xF0\?"\xAB\xA7\xD3-\xAA�\x88\x84�ƵK��\xD1Q�\x88\xD4\xC0MH@}\xCE\xEEkV\xC9P"�� \xF1Zß4l\xA7\\xCA�7w'\x9C\x88\xA3\x8Bc\xDDj�\x93Խ?P�\x85qƽ\xAF\x81\xDD�\xD1tךY{;\xA18FңN� \xAA\xDB\xDDè&~G\xFDI\xA4\xF2\x92\xC1-M\xA6�Q\xECb
-p\xDA\xC0Ҕ{\xBB\xE4\xFC\xF3Mgy\xF4جؒ/9\x85\xC1j(\x97\xA5x1\x9E}*ڕ\xF2\xA3"j\xF0r\x84-!\x85\xCE\xC2\xC0=\xFB\xF0$e\xFE\x9A\x89\xA2\xA9c@\x93\xA0\x9Fi.\x8D\x8F\xF7\xD1�6*\xE4l�BK\xB1c�n C\x86X\xDE|\x87\x8F\xECvN\xA9f�\xFD\xC9`\xF7V\xAE2A!�\xC6w2
-\x87�f\xF0�\xA6ZUi\xCE\xE30$\xBF\xDC|M\xEFШC\xBC\xEC\xED29\x86\xC0e\xF0�O\xB5Y(F\x8CÔ\xB3\xF9-^\xAC\x96�\x8E\x9F�>\xD3:2\xB1\xE8\xEB5/�\x95l\x86%\x86\xD6�hC\xD3��\x98�]\xA8w'hX6Í—�\xB9S\xBA\x86U\xAC\xD2\xFA|\x93L\x90A\xD2\xC1c�\xE7p\xCF:i\xB3\x88c\xA4\xD6\xFB\xFA\xC6IX\x97m\xA5\xF9�|(\x9F:\xB2�\x81zS\xB6\xC3\xC1�\x98\xA6\xDF�\x96\xE3�\xF2�\xDF\xC6�\xEE\xD6jb-\x90\xAD
-\xE0�\xA7�\x97\xDB"\xDB�X\x9B�?\xD5SD\xE2J\xAA�\xCCG\xFA\xACڑo�\x8F\xB0\xD9\xF0\xA4\xAE\xF7\xD0ȳ\x9E\xF1\xCFKv��\xD7F$-\xE3��`\xF75 �=\xBE\xBFn\xAC�\xFB\xEB\x8D_I#0\xF0\xAD7\xCA\xEE]˾թ\xB8\xE2\xA6\xFB\xAD]\x93\xE1\xE6\xEE\xFC�\xEAOu\xCD\xD2ȎF~\x87B\xA0g$d\xFD\xFD\x85i7u\x85\xB1\xCB\\xAC@\xFD iN~\x97\x9D�\xD7O\xCC݋[\xC6\xCC\xC1\xB1\xC0]D�/=]\xAFz\xF1\xF2\xD0\xC5a�s\xBD\xA4\xC3Z 3\xD7�\x97\xDA=\xB1'.K�\xF2\x{1F734C}e�\xA0 \xC2i)\xBB\xDDh\x80\xE9�\xD3/\xF7:�ĕ\xF3X��\xB8\x92v�\xB8IP�\xAE\xCE8\xDD#o\xF1\xCAj�N%d\xBD'8D\xA3V=t\xE0l\xA15�„4go\xB1\x89A\xE8KoN�\x9D!�\xE4�.\x98\xB7\x906
-\xF7��8b\xBF�Ut?\xE3i\xDB�C\x9C\xA8\xF4\xF7�\xB7\xD81\x88\xBE\xD8\xDE\xE3��QĄ_\xBA\xFBH+R\xDA>\xA4x�3\xFD\xE0\x82\xFD7\xB0\x99\
-\xA1Зl�\x9Aj(\xE1\x8C]Uȣ\x8Cdb\xCF�2GT/\xF6\xB1�t=\xC0}\xFC�w\x90`�Q[�\xE9s\xF8o/k\xF6\x9D\x8F�r�\xEB\x97�#\xB6\xA6\xC7\xEE[\xFD\x80\x90D>
-a\x9D-\x8BP\x9A\xEA�\x81�\xCAi^(5a\xF2\xF7\xDE8\x9C\xC6—\x86rm\xEB\xDC0Û™//U\xAA�\x9F\xD1bVPp\xA9\xFB\xC9`�i.\x89 \x96\xA7\xC1\x92\xA4Þ¡\xE1\xFB \xC7�Ï\xBA\xBBij\xEC\x91"f�[\xBAtk\xF6\xC1\x8A\x94\xC8|^g\x86\xCD�\x84ZÏš\xA52\xDDD\xDCy�Ó—\xC0>\xFC\xB66\x95th\xE2\xE0o\xEC\\xC1
-z\xA4�\xFB\x8A�\xE2�u\xD0y\xE7\xF8\xE9�\x9B1irݞ\xE3\x91\xE9\xA3\xE4X\x92E\xDFa\x9B׈\xD5Ǔ;\x98/\xBC\x92>\xEC[\xF6\xB1\x99�\xB3�FcFҪg\xE3\xF6\x82ዩG
-o�L1MFr-\xCD�\x8C\x99a�=\xE1\xD6VV�F�\xCEwÎ¥X�ߪ\xE2s\xBFÜ”<\xA4��\xD3mp\xF6{g~ű�� \xB3\x832\xCA�ЈB)�,\xFD�\xB1\xD3Þ¨�\xA3Ä°\x8D\x90\xED\xF3:\x9A�\xE0\xA4x�1�\x90Íž\xC5�M\xC26\xCDQ\xF4�\xB2�Ø©(\x89\xA1\xBFÞ‡�\x8D\xFB�\xBE\xF40\x82Z�\xDC\xEA\xE4]\xB5.0\x89\xED\xCF\xF4�"ì° \xE8��+k\xE8t�\x82\x{15F63B}4\xB77\xCC%\xBC\x89\xABÐœN.\xEA�m\xAC�g\xC2ݶ@9\xFAl�\x9B\xDE\xDBrH�!.\xB8]\xA2\xA4Q\x8C�\xB1\xD94\xEBg\x8A\x90{se\x8D\xAAo\x86�\x8ECK?k\x85\xF9�7qC+�\xA4
-\xA9o\xB1|\x8A\xE5Z\xADHWi\xFD9\xF3\x91qn�\xA1ͽ2$\xB9G<g�+�\x88�U\xB6\x86�a`\x9C
-uU\xB9Z\xF4\x84af+\x87\x88\xF1t\x9AVw'\x88Ç\x9C\xC6�\x8E\x93\x86\x86\x9F
-Ϊ\xB6yY5Tl\x81\xB4\xAB\x9C+�\xC32\xCA$W\xC40\x81\xD13\x98K�_\xD3m\xA3\xE2\xE7\xA1^\x82\xDC<\xE7\xEB\xFE,\x8F\xF5˲
-\x9AD\xD0)\xF4\xE0\x942\x9F\xE5�\[E\xAA��\xE2W�&\xC7'\xD2N\xB3\x85\xCD(JJ\xDA�\xD8~;\xCE\xD7\xDA\xCD+�噞\xBC�ULJ;\x8C\xA43\xE4%\x85\xD3\xF4
-X\xBC\xA9\xEA+\xCEbT�\xD8�+��E\xB8\xB8\xC4 \xDFpze\xC5^�\xF7.Ê“\xA0\xEE\xEC�\xDAA\x96\xA3Ì‘l�H\xB8\x93iM\xAB\x99\xC0\xFE�(\xCAn�S1\xA2e\x85\x95,v\xFB\xA9��\x9C+\xBD\xD4\xE40euT\xAFw�}\xDD.8� fÉ€��V\xF6�\x94\xEA\xC6[�\x9Dys\xF9\xFEy\xA1\xCC\xC1i\xFC\xE9\xE1\xFEIu\xA8\xFEto\xEB\xE2�×´\xEEx\xC6qu�\xD6\xF3\xB5\xEE�C\xE5e\xEBQ\xFDf“\xA5q�\xF7\xA8\x83�\x96\xF2\x97T\xEBV*\xC1U6\xF4\xB9\xB1R\xF9X0x2Y\x85\x83\x93\x86\x9E~1J\x82\xE5\xFE\xC9\xEB�\xE9\xE9\xD0+\xC4\xEAÜ�\xAB1\xE2\xDCp\\xE6g F\xA3�ky\xCD\xF4V/OE\xF2O\x84\x8B\xDF\xD5\-�\xF7\xEC\xE0\xC3h�=M}\xC8\xC5)\xA2\xBD\xCCPy\x9D\xD2R\xE4R\xB6\xEC^F\x8A:}\xFB9\xF7?E\xF8�\xCBo\xA8 \x89�d\x8E\xBFr\xAC�\x93$\xA0\xE2<ͯo\xAC\xA6\x8D\xA8\xD9\xD8%\x90F�\xB83\xF0\x88\xD5_X\xF6yMZ�\xF7RZ�\xF7\xBA~\xCE�4\xD7\xF3È\xDDW\xA0]y�5\xC1\x96&\xE7\x9AY<\xD9\xF2\xD7\xF2D&f�\xDDЗ�\xEA"\x86\xDB
-\xEA\x90�d \xF5K
-^�\xDD\xFA\xE3�\xDD9\xD1F\x98.\xDBgÛ«q\V\x9D\xDFr_g|\x9C�x[D&w\x97=\x80w\xD16\xCA\xD0E\x8D\x92t\x9C>-L�E\xF8b\xB5\x98\xF6bo\x85\xE7
-m\xBB7oÕ–7\xE6W\xC0G\xBBJ\xE1��o\xD4b\xD05z^oDB�\xB0w\�<\xE0 /r\xB8\x8A\רrRj\xFEB\xF5\x90\xE2�\xFFÂ\xE8\xF9�!&\x86\x8E�h\x84\x8E6\x8B$\x98W\xF3\x88B-3\xE3\xBDä—�K`\xAD\xBCò‡‰”z�\xF3\xB0\x99\xF2\x8BN`zd \xE5\xC7B\x99\x81\xA3+s��\xD5\xFDN�<\x8B-�8\x90\x87\xF2\x8E0;\xEB)E\xB5&\xCC.�P\xB9$ݾM\x80\xF1\x92@ݸ\xA6/\xC32H\x9CQ\x85\x84IJEz\xEFe\x82q\x99\x9F\xD1z\xC6-t�\xE0Q\xCDÔ¤rÆ‚}\xF4�\x988k\xED\xB1\xCA\xE4X\xEB\x82\xEBl\xB2i�\xC0��D\xE2\xF1J\x94FR\x87AÏŽ-H\x9B2\xB2�\xE3X\xD2\xE7+\xDD"Ã\xF0\x81\xFB\xCD�Óš\xFF+;W\xF3\xB8_G�\xB1.O\xD2x\xE8"\x83%�u\xB0\xAF\x93\xBF�>W\xFB^\xEF.7� \xE5òƒ \x9E0\xF4��uS\xBC2 \xA9'w\xB2\xE1\xC1\x99\xE3i\xA8\x9AFN\xF96\xFDUv\x93-\xAB>]
-x\xF1Õ—*\xE6\xAE\xE7\xC5\xD4v\x91?\x87\xDD\xE2\x96Ü©.M\xA0+0\xB7d\xE6�\xB4\xEB\x9E\xFF\xC7Tcz\xA1J\xCD\xDC\xE6\x8C.5a\xF6$\xBF\xA5Ê\xB0\x8DD
-\xDCE\x85q3\x84f\x9Bʜ\xCE.l\xAAdX\xB1\xEE\xDA\xFBp}\x81\x98\x957M\x93Ȝ�\xC0ӪkQ4N5�\xC5�\xE7\xAD�-\x85@\xB2!G\xA9\xA26\x9A
-�V\x9Ci\x88R7\\xD0Mj���\x84d�c\xE4\xEE\x80do\xFB4\x9D~<\x94\xD2e6�\xE4m?\xD00I�\x80\x8C\xD4K�\x9B\xDBS\xA3\xF2\xA3\xCA�%\x8Av\xA5\xD5\xEF^+\x84\xACƳ\xD2\xDB\xF8!&\xE0�1:\xA5\xC7\xE3\x82�'\x84D=\xEC\xE0�\xAB&�\x80\xA9I\xE3Y�
-\xAF\x80\xE4\xC2Wƺ\xA5\x84RÒŠHw\xB2\x88s\xEB.\xFCÙg\xE4\xE8\xF7m\xEFyo\x81\xB5\xA9ltx\x8DebmH\xF7f\xEF\xEA\xEFo&H\xEC*\xE2�j]�\xA6ξk�\xD2rX\x9B0\xA0\x97
-\xF3=\xF8^\x87�,\x9B\x8D.\xC2\xF5\x98/\x81Z�\x97[\x92\xE1X\xFD\xF5~\x99?4\xD2d\xC8\xC57\x9D�\x80\xE4\xF1q�\xB4\xA4\xAA^J\xD9[K\x99\x86O\xF8�D\xCA�W\xF7ãº\xF2"\xEEf/\x92\x92u.�3\xE9�\xAAZ\x9A\x9C�\x98�Â9\xB5\xC0\xB5�\x94\x85\x94Û±\x86m�\xF9l��Ë—�\x87ϳ'\xB4�4/\xC9u×µF\x8F\xB1\x8BgG\x8E\x82\xC7�;`\x8E\xF8\xE7:�\xED\xB7\xFA�Gj\xB9�\xC3\xCAH\x87\xCDi\xA4\xCE@\xC9\xF7\xB2\xC7ÖiF\xE8Åžo\xBAË\x85�\xF5XWA\xFA\x81��\x8CF\x98g �=\xE7\xC7$\xA5\x9D\xB6\xB8i\\xFCh\xB8\xD4\xE8\xA2\xEB9\xC3\xCB\xF1\xFCw<d;Bv\x8AÄŸ\x84�\x8C\xEF6È™*cf[\x9A�\x97\xC7ImAÌž\xEBIdM8�R\xABDVU\xEA�\x82\xFA\x!
81�x\xD7a\xCA\xC1]\x9F\xB1�\xFE%ܵ>\xB9U\xC7\xFCv"\xA2\xEEj\xD5i\xD0��S+\x904\xE3%⎩\xF1ao\xE4{Zg=�!$�\xCE3\xE5\x8D\xF51'\xC9\xEA�\\xAAW\xE4\xBCsֆ\xCDl\xE24,N9\xC34\xBC\x9D\xBD\xFEĂ;w\xA0\xBD'U\x87z~\x94\x8A\xA1+\xC96\xC9\xCE�\xF9\xB8\xA9\xF5�\x97\xF5\x80\xF0\xCB\xC2T\x874\xE7j\xF4A\xA2ތ\xA0\xD3[\x89\xF4\xEFq\x90Wűd\x89\xB6\xDB�\x9F\x80\xA2K�\xAA\xEE1\x9A\xD2\xC9|ִ\xF8\xD0\xC9\xF8K\x9C-`@XƲ\x9C\xBB\xDEj\x94\xA7\xA7�\xA1\xF8\xF0\xA9ֵ\x84�\xCB\xCD\xF1\x9A\xFC\xC0\xA8�ɯ\xA1�\x9E\xDF\xD2
-#ZV�\xF6\xCFe\xC1r�\xB2l\xE3[\x9Dc�ѽ\xB7a\xD7�\xB2\x87xþѿ�n\xCA\xED"p\xAF\xBD6�\xD6�8wK
-\x86\x82\x99!�Y5\xAA\xAC�h�\x9B\xC2\xF8� I\x9Fs\xEB\xE2\xCF\xE7 ù\xD5Au8\xE1\xB1�\x87vQ\xF8\xC6t�\x93M$�N\xD7\xD3\xE5\x93y'^\x91qN\xB2\xF1\xD0EW��
-\xE6\xE1x\xBA\x84\x98\xFBA;W7\xB7H �\x94\xE3WN�\xAA\x97g=�p\xAE\xC4"n�\xAF\xB74\x9A\xA9\xF8ZKG\x9C\xF2Í£~O\x87\x9E\xAF �\x8E��\xF9\xA6\xDA&\xFE\x8D\xBC\x9D\xF3\xD8b\xBD\xEA\xC7\xFD3\xCB\xCC at 1"\x86r=�qo\xC3E\xF3�\x94\xE4×™v0\x99\xBAp\xBD\xB3\xB3Ë„\x83"\xB4\xC5�\xA1\x82�\x92\xB6\xC9�G$QC\xB9��\x84\xAA\xBB\xD7\xE2u\x8C\xE2\x91�\xDB\xC1.\xCFkYMÍ¡\xD9��\xC4ó ¼·\xF5\xE7\xA1\xDDF\xB4\xB86\xD3od\x98*\xBA\x96�'&a[TF\x98\xB5uOi�\xC2/k1\xCE\xCC#�\xD9'\xB3\xE1\xF5�(\xF1}:&�\xCCVS1Ho8\xD2`\xFE0\xF7\xF7_"UUu\xB8!\x82\xE3�\xDDpwI\xBFgl\xDD\xCB\xEEhaÓ¹\xA3�Θq\xA2\xE2$8\xB2\xBB\xA2@\xAFoe\xD1\xFF\xED\xA9IIk\x8CÒ…\x97\xAC\xA9Q�\xFE\xA5\x84\x9BV\xC5\xD8\\xE3Å\x95
-\xDC`\xB9}\xCAW\xC6\xD6\xFD&_�c�Ws\xA3\xE5\xD4lÓ¿\x9B�
-.\xAB\xFEvЎ\x96%u\x89\xA0\xAF\xA4\x92\xA8]5\x90H4\x81\xD8e"\x9B\x83hQ\x89\x89\xF4M�\x93\xAARM-D>\xED\xA1)r\xFC\x88(\xCB�\xE8\xA5\xD4Y\xC79\xD3QH�\x8E\xDD\(]
-\xD6�\xF05,(x �J)\xDC\xC0\xDE\xC1g0�\xFD{w\xFD\xE7\xEA\x8Cx\x94
-\xD4&\x91#\xE0f\xEE�\xC9\xD7kBq\x82\xC2\xF5�\xC5{\xE01\xE6\x88\xE8#\x9Ew�\xADKH\xD7\\x92˜!w[\x89\x8B\xCB)\x83?q[\xF8,Y\xE7\xD4Y\xFF\xAA�\xB2\x87\xB6˕:\x8E\xE8\x93tG\xBD\xAD3\xE8\xD4*�\xFEm\xE8ʞ\xDC`m
-(\xAF-\xFC\xFC�2\xC9\xF2FM:\xE3M\xA8sv\xB6\xC4\xF7Ðv"�\xA5}�k\xE6dJ\xEE
-\xD7c\xBA\x9F\xCB\xE3+D�oÇ–\xE3É)\xFDe\xAF\xB6\xF4\x8C㢗WÖ™eBde\xEC�\xBAf|\xED\xF6\x98-\x8C\x8BZw\x8F�4V�\xE7v�\x9E&\xCA=\xAE\xFDÂ¥H\x87,d|�L\xE0\xE2\x9D�3N\x8B�'\xB9\xB2�,\x9AK\xB0#L\x84\xD4]\xF8�m\xB3)n-@Ü´\xACN&\x85\xAC$\xFF\xC8\xE7\xC3\xEDK\xF0t|]\xD8l\x87\xA2\xCBJ>h\x96
-\x929\x84�\xA9\xB2ͦi�=�\xFF\xA8���nu\xFE\xF2\xA9\xAD'x\xBEN�»\x984\xD50��7<\xB1\x96\xB9\xFBI\xED\xD3\xEE�\x86\xAD\xCF\xD5=\xCE)i\xC7N{\xE0$dQ\xF1\xE3T\xCB0\xBF\xA7h\xB9k\xDD\xE7\xB5\xF9\xDA\xD29\xE4\xF3�\xCC\xE8\xCD\xEF \xA2\xCBG\xA2\x8F�$\xE9\xF0f+vH\xC0\xD1�:\xD3\xDD&\xEE\xFBA�oР`\x9E\xAE\xB3DGO?\xCCd\xA8\xCE3\xEC\x8C+\xC2̪Y\xA2\xEC'��Y"-\xA8\xF6\xEDG3q\x9FZ\xEA\x85[|i<B\x87{5m\xE4�\x9A�i\x92\xF9%�\xF9\x97 Dq\xEBr\x8Ch\xA4c碫Z\xB4\x8D�B\xC1GE\xA0y"Ϟ\xB7܉\xFC\xBC tu�\xA6\x85\xB3\xB4ܸ\x8C�H\xFE\x9BZ�\xF3-%b\x889S\x82�\xAE;\x85\xFE\x8A�G\x8B\x8E\xC4\xC70\xA2\xE6\xD1P\xB1T\xF4Օ\x95\xBF|P(�\xD7\xEFV\x8E38\xE1ôQ\x8D\xFCl\xF5\xE2\xF3\xFC\xFD\xF7��}ΦP\xD4\xC3s�M\x92\xC86\xA2\xB1dR\x8C<\xC5Bq\xB4\x97\xE1HW\xA1\xB0X\x8E0\xCCQ\xF0\xEA5e8\xE7\xA0tK�\xCC\xC2\xD4�\xAB�U\xD1\X\xEEH\xA3W��Ƙ\x8E+\xFAe@�\xC3\
- \xBE4e\x91\x9C\xD1�d^�\xB5ԀJ�\xA4M�n\xCE\xDDܧ\xFA�\x81\x9Ct`7��\xD0g\x82\xF5\xB5z\x8D\xEA\xD7\xEE\xF2x\xA4\xD1�\x9F\xB9\xD1�%\x96\x9E{\xE6Vp\xA8XU\x91\xC3\xED\x81�~�\xB8\xED\xD6Kp�\xF1\xAF1܉~{�\xE1�\x9C\xBC\xBF\xC1\xC1\xCAo.\xA5�\xA5�\xE8\xE6=�\xBCj*\x87\xF6* �\x98�Z\xF3\xE6\x9Cx\xE26�\xD3w\xEA�J�\xFAC\xF1\x86\xBE�J\xD3l(nֺ\xFA\xA9+\xE1\xA7!�U�\x930�\xA2\xB9�aݳU�\xB6�\xF9|\xB7h\x86\xBF<\x8C\xED\x9C\xF2\xF8\xF8Q.\xCD\xD98d{\x8D\xDE#n=ޕw\xD3(H3t\xEB-\xD9�\xBA\xD6i\xA0\x90N\xE5\xF8\x93Ī�\xC8[\xC0\x93\xCCy�+\xCCRH\xB8{x\xE1\xFD\xAE\xBA}:\xA5\xF4+
-~�\xBA8\xC7\xF9\x88\xEA\xAC\xE4{\x84W<:\xEE9\xEB\xCFa\xF9\xC9
-\x96Y\xE6ik�Q9\xE8\xFA\xDEÍ…\xACAr\xA2$�sCK\xA1\xAC+\xCFHbw\xAD\xF3\xAFn�\x91a�É \xE7\xC0$.\x8A_\xBA\x9C0\x87\xE2�\xD0~�j\xEE�I\xB2؈!<\xD93<\xED\x98m�\xD0×µ\xF8}�\xE3u\xC2g\xFC>\xF8b�\xA3H\xC7ß·\xBFl\xE8 t#\xE6h'\xAF\xB6\xDFk\x91\xBF\x8D
-\xCE\xF2\xD1\xC1\xCC\xFB�\xF8jTL�,
-gR�H�`\\xC2\xEA\x87%A\xFE\x82\xB8\xFF\x95LT�a\x86\xF8\xA46T:\xF9Q\xE8�^\xB7�.\xB8ʴDYA\x9E\xA3\xB5$�\xC0�<\xF4{\xC3i\xE7\x8AKl\xBFX\xE6\x8A\xD4\xC4%\xE3�\xBB<\xBAr\xA3\xB2\x89\xC9\xC7I\xA7\xDF\xF0\xD2\xF7\xAE\xF3\xA5\xA9X�X;|�\xA8\x89\xEAbu\xCA���� X�\x87j\xC2\xD5X\xA3Ԇ\xD8�\xD2\xEFI7١\x99
-G;\xB3*\x87�\xD2e\xF7\x8E�nIn\xEE\x82(\xBF\xE62\xDEš\xE6bE\xA74!0{\x9A\xD5?\xDE񊔒n\xF40g\x99\xB2\xE4}��\xBBO4,\xE4]\xC8h\xF63g"l\x98\\xA1̱\xD3p\x95\xCD»6\xB2Z\x93\x9A\xFF\xEA\x8A/\xA6\xB6\x83\xFBe\xDD$\xB3\xAE"tդ\xC8:�\xF4�\x83\xF2\xF5
-\x89\x9B\xEEx\xFF\x9C\x8C\xA5?\xC0h[�MND.\xC7\xF0�L7|S�ɶt\xD1\xF0\x84\xF6&\xF8yDZ\xCC\xFB*Gmpr8�\U\xDB�\xAC�gT\xC0\xADX
-h\x9D\x86\x93\xCC]\x9D\xF55\x88%?\xBB\xE2'\xBA\x98M\xBEמ/\x95[C2\xB0\x8B\xF0}j\x85\x8E.\x88&\x95\xB57�\x88\x88\xC1�\x81\xF5\xD6
-\xFF\x89r\xB8\x89*\xBDơrsC\xA5\x87�\xC1\xE0\xBCq\xE3l\xA7\x9E_\x80\xD4v\xBFvw\x8CSX\x90~K\x99\x9Dʔ \xC7\xEE\x98�\xBD�\x9B\xB8\xB45"_\xA2�\xBB\xE5z\x9DW\x898L\x8D�B\x87\xF4\xDAĚ+H*Ƃ߯@K\x84/\xEB\xB7\xC1)\xB9\xB2%\xCD%]\xDC\xE5\x96=ȫV,\xE8
-�\xAD{\xABRW\x82:ik>\x95H\x9FST\xC7\xFF\xC9%6v\xF4\xBE\xF6\\xE1\xF1-�R�\x95 at B\xEA\xD4�\x93�f\xCA\xF8\xB2\xF8\xD5Ur�Ç–\xF7\xEBSv\xBE]�\xF5\xE1\xE5G:Ɖ\xD0\xEC%* \xED�\x8FpÑ\xF2\xCEw\xFE\xEAzd\xBE,\xB9~\xC6V\xDDI\xFD"�\x92\xF9!k\x84\xAD�\xF0��\x8B\x95\xFD\x9E\xF5\xBE6\xF4\xC1S\xD6Q\xA5\xEE\x87\xCD\xCCi\xAC\xCC2\xD7V\xFE\xF6\x8E\xC7,]?\xA7\xF0\xD2\xF9\xFB\xE1>\x81=,+\xD2\xE5E�!\xF4#?6\x85l\xAA\xBE\xB9*\x83\x9A\xF6�\xDF�.�‹+\xFEN\xB9\xF3�\xFCc\xEEs=A�
-\x8E$�\x978\xAA\xCBt\xC9hͲ\xC1%�M\xEC\xEF[�r\xEF?\xBD�>5\x98\x90\x82s�\xC1\xA9Z\x99\xE2|�\xC6g\xDEϳ\xEB6\xA0g\xEA]`\xE7w\x9F\x89
-\xD6\xE4J\xB6$\xF7A\xADB�:{~P\x8C�\xAD�|\x88\xCA
-\xA9\xB8/N\x98\xBCw\xE9\xE0\xFD\x89\xD8a\xCA9\xD5Ҕ\xAE\xF2M_u*u�~0\xC3׊\xE9\xE0o\x89\xE8X0\xCAr\x87\xD6\xC1\xD9qh[\xFDl\xBD\xAE\xD8\xD1\xEE\xE1\xC3e7�\xE6M\xE0\x80;\xE6,\x97"\xEDF\xF3TI\xFB \xB9�\xB2Ў\xF7_\xE205#\xB8.c\x9CY\x89]j\x90\x98\xAA:\xC7�\xBF\xF9\xF6:Qq�\xE6�!彾i\xC0\xC1\xC8�\xE9o\x8B\xA1\xBE{\xA36j\xC6�\xD1\xF5({\xF6\xFB�^\xC1�\xE8\xE9W\xDD{\x83H\xC8%\x8C\xE9K!z\xFEox�
-� \xA0\xB5\x98\x98\xA6\xB0�\xFB�\x88\xC4ll\xA1Y:\xD0\xFF3\xECvz6G0��\x86\xC7&Q\xDA \x8D\xE4\x8A�\x9D\xAB\x82n\x82}u\xE3aI#߃y�>g\x97/\xA8�`��.n+/\xAD\xD0^�q\x9B�\x89t*+\x88\x8F\x9D\xE2\xF5a�+uF\xBC\xFD}\xA0\x98\x8E\xA5\xEF�>\xE0\xA3j\x8EĘ;\xE2�\xA4\xCF�LU\xE1\x81\xC0�\x98\xCDPҬ\xFC\x93�\x9E\xD6km�"�,\xC1(\�~\xE9GP\xBBO\xAAt[\x82܎\x8E6nxf\xB3lT�\xC6\xED\xD8H\x9D'\xBAS\xCD�\xF5�w<\xB2qs)�\x91\x91\xC7~*\xDAn\xA5
-\xD1B�\xEB�R\xCB\xCF++\xA5È›!\xAE)�\x99\xF8Ä•\x99\xFE\xEE\xEA\xF1�\xFE\x9CC\xE5aIy\xC3γ<\x96\xE4x\xDFsG\xB2)\xAC\x95\xA2\xD7�\xAE8z\xC5J\xE4\xF3`\xE3n�\xA9\xCCs\xCC�\x99\xE6EH\x9CX-zo\xE8=O!�\x90\xE5\x99B?\xCA\xF3\xEDw\xF6\xBB \xB5\x8C\x9B\xF47CM\xFB\xD5\xF6î‚Œ\x93\x98:\xA8\x92P'+\xD0'\xA8M\xD6�\xED�\xE9\xC5�\xBCAJN�Qb\xC6u:Vw^\xD0(*m�k\xE9\xABK櫬\xD9)�7,"[\x9Bc\xD3X\xE5\xBAɪ\xCCq\x85\x87\x91\x84g\xC2mb(GXT\xA0��,\xF9\xC5�bo\xA9\xF0p\xB2\xA9\xEF\xF7Önr\xF2ΡUm\xB0\xA0C\xFE\x93v\xE6$P\xF5`\xD2匀V�\x96c\xC0�\xFEu6\xAE�\x85\xF9qc\x86\xAC\xF3:\x86Ot\xCE\xEC\x95n\xF4w\xD8�\xD2�P\xC4v\xA9*\xFB&<\xFB'\xBDv\xBBAhE\xF1\xDC�\xEA\x8C \x91\x97\xC1&!x^�\xF8\xED(n\xDC\xC2\xE6\xA5�\x81�=Y\x9FÓ“p\xEC\x82E\xFA\x96�qE\xE6�\xD8\xD8\xED\xE9\xCEVP\xA27\x93Õ¹�
-\x86\x8D\xBB\xB7=z/\xA2\xC7C\xEF\xA5\xE4\x87`R\xF0\xCF!\xA4�Ù·)\x9E\xED\xFA!\x8C\xB7z\xCD�\xE1\xED;�LZ|F\xD5G�\xEC%\xAB\xAF\x88�Å\xD6�\xA4H6}+�8�\xE3\xB9\xF0\xFA\xB8\xB0\xD0\xC0Ñ/\x8E�\xEB)d\xED\x88z\xB0W\x82\xFAX�\x83X\xB6\xBEm\xABؽ\x95\x84\xBB\xF95g�R\x9B\x9EF\xB9{\x82��$\xB3*\xFA)u\=(\xD1-\x82"Ð…\xF7\xB1,\xE2\xA2|]ǹ\xFD?9\xBFY\xD0O\xD8[L\x8B&\xE3\xC0\x9FrS*AØf\xAD\x9Ai
-t)\xCCXN9\xA5D\xB1z\xA4\x89-D0\x8C�8\xAD\xE0\xAA;�\xC1E\xCE+p\x93\xF9�hJ\xBD:\x96\xC9�\xEE�f\xF6\xE2}\xA9�P�\xFDS\xFCcd?\xE0\xF3 <\xCCÈ“|\x8A\x88�\xEE\xE7�}\xAErw\x82R\xD5:Í$\xE5\xB7=\x84~m\xC9]]\x98R\xF2\xF6�Ö„\xBD\xAE\xED�X((\x97\x80\xB6�\xC4?Éž\xB8\x8Be\xBB\xBF\xE8�\x9C\xAC\xDBX\xC4 `]\xB9#\x83Ý’X�\x97\xD5o\xE6Q�g �\xE8\xBF\xCFU\x84\xBB7m\x88\xA5\xE4\\x92s\xF5\xF7\x91\x8C�\xA2M\xCAw5�Yl\x94\xD3aM)\x9C\xC2]G\x83o\_�\xA5BW\xA2É–\x8C�3
-\xDC�\x81\xAF*\x98\x8C\xF9\xA2V}\xD2D\xA6\xFF\xF4�\xF0\xA3\xCE\xC8
-}\x882\xE0q�=G/\xA68\xF51\xDD\xFC\xCD/]Z?\xF3�{��P>y\xEAU\x95\x9C\xB5�\xFA}\xE9\xC72&@\x9E\xCA\xE56\xDE\xE4\xA1\xFE�;T\xC6
-݂\xC6o 9\xCE�\xD6\xEF[f|t7\xF1C�[,#ѼR'Ry�\\xB3\xA5\xBBVX\xC0�\x83�\xB1AA+w
-\xA9\xF5\x8Aʧ\xFCy\x9E+\xBE\xFB���\x99�\x92i�\x862\xA3]\xDE\xE1�\xAD\x95\\xF7�\xA4M\xE7�\xF3:\xB5\x9A\x95wbՑ\x85\xD9�\x88\xD7hg\xA2I\x8D\x90\xB5�#\x8C\xBA\xDB\xE0@\xEFuJ*\xB3\xC9�<\xB8S�!\xD9\xD6dNP�\xC2�D )\xAD\xD7c\xC5k�\xF82\xE6\xF2\xF2\x9B�b\xAB\xEB #\xB8Ε\xB5N\xB2 \xFB\x9BT\x93Z#\xBFF�\xFD\x8CS\xC4̦ۻ\xE9z,\xB3ËŦ\x8AG\xAA\xD6\\xC0�V�\xA6(Z�\x89\x9AQ �vQ\xD6K>T\xAB:\x9CSn
-J\xCEt\x8C.a\xBD\x8DA\xF6B\xBF\xD7n
-8b\xA6\x94w��\xBBV�\x8E�n$\xF8\xCD\xE9\x8D)4\xDC\xFA\xA4\xF7V\xE7\xCB\xCC��\x81\x8C�\xB5\xB5\xE8N�\x89R\xA3\xEB\xD0\xC5�\xAA\x97\xC3\xFF\xD7>Y\xB65�(��Q�D\x89!%\xDDH\x8F\xEEf\xE0\xA8\xD19\xBA\x91n i��\x92"]\xD2-\xDD1\xBAK\x90�\xDDݵ\xF7\xFE\x87\xF7\xDB}\xEE\xF9�\xE7\xC3y\x9Eã•\x944|\x9C�"\xEF\xF1`\xDB\xFD]_\x80\xDF\xFF\xBC\x90ݲ\xED\\xA3$\xAB�:\xEA\xAF{\xB6F\x86Æ»l\xEC\xCF3\xA2�?�\xD1L�$�G@\xD6\xF3�\xE5\xD7vm\xF4\xE3�\x8A#\x8E�\xAA×°tή���4\xCBFI�\xF1\xEA\é±¹\x86\xF2\xE3\x96\xCAcL\xCF�B\xD9\xF0�n\xB6\xB2e\x99i\xA4\xFFs;�<\xB6\xA0\xBC\xFF\xF1\xCF7J\x9F\x8D\xA8ie/\xFE5\xF7\x93F\xE0�EZUu\xE7!\xED\xAF\xEE\xF0\x9CJM\xFE\x95\xB3\x8E\xF4Ó }\xCBß–~\xB8
-\xC2\xF2\xE9\x80z{JE\x89F\xAA�M\xA0Û„\x9D�u\x96\xE6G0i�\x9E\xB3\xCD\xC0\x86\x9D^\xB5Yk\xFAz\xFE'\xF4\xCD\xF2H\xACn�\x93\xC8([\xD2KFR}\xFF^\xF7\xF4dk
-\xB15b\x8D$\xDF\xEC}Cd%#vﱓ*\xC2�\x9A\xB0\xDF\xC9
-\x91\x{2C3BB65}8h\xF1\xC0\xDC_\x8C\xBB\xD07\xA5U\xBD2f
-�b\x9Bo\xD2m\xF7\xE3\xC5Y\x85\xBDj\xE3��nQ\x8C\x98\x90f\xFD\xCAm\xBD\xAD\x81\xAAm&*\xFE8\x94\xC8\xE71|\xF1\x98a\xAC~\x96� F\x91\xAB\x95\xA2\xFB\xCE\xF2X�Q;(�_\xC6SI0\xFC+p�\x98�\xFD�&\x8D\xE1\xB8$BF
-\xFD1\xEC_v#Z\xE2\xCD��,\xB5g\xAA\xECV\xD8
-*\x8B\x9A at i\x89\xFA\xFB\xBF\x9E8�\xEB\xE4C\xEE3luR�\x8E��n\xA3�\xD2sbX\x89É \xFDÚN\xE30Lb\xA3?yrK\x97�S\xF8\x83=Õˆ\x8D\xE1\xDC\xE1@�\xC6 \x9E�\xC0l\xFE
- \xA6\xC3<\x98�'\x95A�\xC587g�\xF1U\x98
-\xDCx\xE4\xF8\x9B\x8A�\x95XG\x8Ay\xBA'\xFC�\xE19v\xB5,սO\xD3�\xE0\xACK\xCF\xFD\xD8IC`\xAD�\x94�\xBF\xB89�\xC2�\xF2\xA7鸈�\xDFcZ\x94\xC2h.R\xD5�\x8CI�\x81�8\xAC_$\xF2fIKm\xCCXr\xF3\x96\x80\xE0\xC7\xEA�\x9F%Ŭg\x94\xC6\xC2\xFC\x88\xDFY'\xBAVR, \xA8B~
-\xD0\xD4AQ\xE4�ϲ\xAFu\xA3s\xA2\x80\xDD_\x98\x8C�\@\xF8t-\xF2�\xA9\x9F\x92>\xF6\x87Q\xF7F\xC9\xCEU\x8E\xABl$\xD4.ËW(�\xA68*\xB3\x9F{>B7@�-7�쑘�\xF4y\x99\xD97\xBA!\x84\xB3�\xB6�Q�\xE8\xCC�L�}*\x9F$\x82�WV\xC9ɮ\x9A\xB1\xC8\xF1״//2ZA$\xBC\x9D\xA7\xA5�\xAAb;>~T6E\xD5<տ\xBF�Vj3ps[\x87\xDA[\xEB�\x8D�#.J��\xEC�\xF1\xE5Y\xAF\xAA0\xFB\xEC\xA9'\x99\x84\xB1\x9F\xB5Q\xD68}Q\xA5\xDEҚ\xBD�.H\x90\xD2\xFD\xA4\xF1\x91\xF5$=\xA8�\xE2\xAFo\xF1\xF6aZ]\x8B#6\x9E/�\xBF\xA6\xD0\xF4\xB9e\xB8\xDEZ\x8B�\xC7M{\xAAh=�Hp\xBF\x9C�\xA6-\xD5\xF4\x9A�\xA3��\xE5e\x9E\xC2\xFAz\x82\x80\xDBƫ\xEC(On\xFB\x8D\xF7s\xF6QY\xB2\xE6�\x89\xCF&�\xA1�I(Ja]\x8FU\x9B-f\xF8\xB4�\xDB[�\x88\xFF�\xDE\xF3ݦ6v\xBA�%\x9A.�[\xCD�\xE1\xA7KpyJֈ\xE0\xEAh2n\xF6sjJ,\xA9�V\x8E&EͯU\xA8�\x95x\x909\xF8W+0\xE9��O\x9E\xDCX\x893\x84�\ \xB4\xE5\x82]:aF�\xEFz\x94* ^Կ\x8E\xE0\xE0\x88\xA5A
-\x82\xBE�\xA1\xC9z\x8C:s[\xAD+\x9E:[\xB4�\x82�r�7\xC0\xAB�_\xF3\xE7\x86�\x88\xD1�F\xC22\xD5:\xA8\xD9��\x9D\x98-A\xE8
-\x9C\xC6\xE2O\xAD\x8C,�Eß\xF7\x90;XM�\xAB��\xE2�U\x86\xE6\xFC\xECe\xE7\xCE�&\xBE\xB8c\xEB2\x93�.D\xA3T\x81\xABh8&\xCBe7nV"\xCEC\xF8p�\xC1\xA8\xD6#�}&_ot-\xE72\xC3\xE6X\x8FL\xA6\xBA\x8A\x90\xF0ï"\x92\x82\xC1f�&Ñ탔w\xA4\xE9ʼ�\x8EE9\xC3\xEA�\xB6Y|t\d�\xE0=_\xA9\x9Fi\xB5\xAA\xAF���9\xC5\xDDU5\xBD<�}\xE2oCʬe\xB1É·mQJ_\x94�\x81\x96\xF5�x-\x8D\xBA�D\xEF\xE4\xBB3\xA6\x9F\xEB\xEF"\x82_
-{�8\xFEF\x8D\xD1�\xC7\xE6\x96\xE9\xEC \xE9\x96sE\x8Dc\xF8\xA0\xF4c�/
-�\xA5Xne\xAD\xA3\xDF Ip\x92�X\xCC,X\xA7�x�\xA9o\x9D\xDEC\xA7C7}y\xF18\xE3\x9F�\x91Kӕ�F<ؗ\xB6c\xDA\xF9c\xA7>\xC9\xF7"\xCA\xE5\xE6\xD4YxV\xEC#��\xB3\xED\xB39y\xABbTj\xFD\xE9\x89N�\xDC\xE1\x{1105A8D}j\x8E�\�\xABW�\xCDX!\xCC[\xCA뺧�b'ތ\xC6)�<$1\xF4\xCA\xDA[�,\xE0\xA7 \x83@\x8EW\xC3c3/\x97\xB0WnY"\xAC�\xC64\xE1\xE9�[_\x8A\xFC\xE5\x96#x\xCE\xF6f3I�\x8F\xB9[V\xA6;�\xF1\xB2\xE82f\x92a_�\xCF\xE3X�;q)��\xF6\x81&�\xD6\xF64F\xD8���\x85\xC8��\xF7\x9F
-\x88M\xF3K\xB6\xD1\xF5\x87�\xBA适\x9C\xBB&n\x88\xB0\xA4\xFD�\x8B\xEB\x9E\xDC[}\xB7R\xBD\x99��ھN\xF2
-=X\xA49\x90�\x83:Ø•\xF1\xD2 \xA4\xE1i\xC1�\xE1ß”×\xEB\xF9�pj2\xE3\xAC#C\xF7\x8D�\x80\xF9�=� \xA0Ë#;�.\xA7Y\xBA\xB0xB\xB1}��!\xDDA�\xAE\xED×›< �\xFBF\xD4 9O\xB5X\xA5��|\xBDD;-^\xC8\xEA-\xC8\xF1(\xF58\xB6\xBA\xDEs\x9Ej\x91\xFF�\xFB_\x841\xCCo^}$\xE5\xA9ZR\x82\x84\xD2��E!
-\x86*�N\xF1(\xDFc\x93\xC0\x93
-\xCEQ�\xD3p/6\xE8~\x81 E\x94\xAA:\xDD?\xAA\xFAÚ O\xE6\x98%3=/4X\xA0\xFD\xC4\xD0u\x83\xE4�\x8D\x96\x8A\x9Eب\xFB\xE1\xE1 ]\xB0\xC4D\xF3\xCF\xED�\xBC
-G\x8BƘ; sL\x91y\xF8\x8Bla\xDATKc�\xF8\xFE\xD9\xD25\xCCg��+\x9F\xFB{D\xFC\xB1\xCD9\xADM9\xEE\x8Cu.\xCD�\xC1GBLK\xACO%\xB9\x8C\xD4�LM\x85�\x95\x93\x96`Ov\x92T�E\xED\xFB\xD0\xD6[\xEF21\xCAsd\xA9J\xE9\x9Ap\x95\x98\xE9\xF8#\xC3Y\x90�\xDDE\xF6�\x89\x90\xA8\xF5�rn\xE2芻\x89��\x85\xEB\xB0�\xAC&\xE2\xE8�݃\xE93N^\xC1r\xFF\x9C\xF0\x95\xF3+fd-9\x8F\xB8U0\xD3�d\x91 \xB4U\xA5A}\xF9\xAE\xBA"\xE4�\xF6\xD4ݩ
-�\xEA\x99\xE32�\xFA\xBB\x82\xEEY$\xF3\xB5É•\xADߪ2^I\xD1PY�m3��\xEF\xDC\xDA�\xD7Ju\xFD�\xBC=\xD5\xF9\xCC~9\xC4\xFF� 2\xA9\x94p�mP��kDÉ Ç¥)DcX\xA8\xD9\xEC�\xBD\x98\xFBk�*+�\xC7MC�\xC6{\xD9�\xB4~\xAD\xCD�\xB5)\xB2\xE85\x9D\xBF\xAF\xC5L|y\xFF1\xAA�5u\x87\xCA\xEB�\x9D\xF1\xF7\xD2c9\x84\xCDrU�\xB6\xF3B�D\xF8\xF23Ty\xC8嘙� SzH1\xDF+`\xCE\xF0\xB6+�\xA7`\xBD\xB0W5\xD3㎎\xB2\xC1\xD1\xC3i\xC1\x99,\xF7\xF2}c\xFD\xF63!\xA7\xEFÒƒ\x8C\x91Pu�aÛ›\x94\xCB t\xF2\xCD|�T\\xC5L,p\x8D\xC8BH\xF0\xEC9\xE7\xD1\xF4)8H-\xFA\x8F\xE4jj*\xEA=\xEAO\x8E <\x99\xE2�:\xF5Y\x819\xAD�\xAA\xD3=i\x83\x82h\x8D\xBE��!�\x87\xB6\xEF�h\xAD\xF0\xE7\xBC\xD7\xEE\xF6\xCEWc?|8na|q\x9E\xED+\xACA}~\xE9{\x90\xE2�V+g\xEA7L7,\xF0t>�\xD3S\xC9r\xA2$\x98 at Z\xFDaQ\xBB�\xB2L=4\x9BEb��\x94\xB6�\xBC\xFA\xA8\x95\xCBÅ›\xE5/Dj� {h>UV\xC7�\xEA\xFA\xD3�\xB7\xD7�!JÞ£�\xEBp‚FL\xA6DE8"\xB8FK\xCBy\x90\x8A�R\x8A�\xE0\xEFQ\xB6\xD6\xFFcF\xF6,nc$�\xF5C\xE8��\xDBn^\xBA\xCB\xF8�}ÃÞ‰\xD4\xD5\xC3\xEC m{eb\xE8\xC5\xDF�5|:\xBC\xEA6\xD9\xD1\xD1\xE7d��\xAE\x87ÄŽ\xE6\xF9Ɔ�^\xDD+\xF7/\xD8:!\\xD8�\xB0meCkn+?
-\xE4m \x96\xF9K'S| j&\xB9q\xFD\xC9�\xC6J\xB2�\xA4\xB5\xFA\x9Ee\x95x\x8Fz�2\xD9�\xCCBw\xDB\xDD:�\x91C�\xA4\xB7\xB8:�\xA5\xBD�\x90`R\xDB�\x88\xEB1\x81\xEFN^\x8Br+Ú©:�\x81/cm\x811+W\xE3\xA4\xE0\xFB\xF0\xF3\xB7\xEA\xF7$\xE2{\x91\x99\xE0�\x89\xBEm\xA9\xA1\xAF\xC8lXC\x9Ay\xC6\xEFÓ»,P\xB0&Ä•\x96\xA4�\x966A\x81\xED\xB3�\xE8\xBCX\xCB4\xEC\xA2Ljn\xA2 \xE9r:\x8DS#7v\xB0\xA3\x98\xACdd\xF7\x97\x93dZ\xAB\xBCrQK\xA8\xFD>�\xAF�\xF5\xAE l�H}\x99\x89\xD3\xFCz\xF4\xDFa\xAD\xAA\xEB\xB5j\xC8\xEE`\xEA\x86\xF7V\x9A�\xAC\x8A�\xD6�\xF4\x9EÕŽ�op\xF5\xC4h\x80�\x97\xA0\xE2c\x97m�Ná»’E�\x8F\x85\xA1�/\x97\xAF\xF1\xAD(�\xC0\xBB\xBE\xA3\xD0g\xF1KÂ¥�K_}d\xC0\xE7\xB2çš\xF8WNy\xB4bJ\xBA\x9C\xF1\xFD\xCE^y{D�\xB9\xBF�\xE1\xF6\xF8�ȯ\xD7�\xCD\xF3�WV?S\xA26�y\x82
-�D\\xEB \x86\xB5Ɔ\xFB\xFF
-\x8C\x86<\a/r\xBC\x88�v�\xC8x\xB5f\xED\xC9CvP\x80\xD5\xF3u\xF3f\xF6\xC8y\xA7\xC5m�4\xCD�\xDB\xC6aj\xF9lW\xA4J\xD54p\xF1\xFB�Z\xA2�A\xFF6\xD1�\xAE\x96B\x9D][\xA2\xB5\x9A×´B\xA9\xAE\xA6\xD6 {?q\xA3Q4\xA2\xAB]*\xEA
-f1
-\xAC\x8C*w5#Ò” H\xF0\x8A\xBC\xAA\xA1\x96\xA9\xD6\xCBC\x9A\x8C\xF1�Ì®\xBE\x94\xEB\xD3j\xAF\xBC\xC3'gE\xB8F\x8E:\xED�\xB7\xB2\x88\xAF%u0A\xFC\x8F\xBC$\xB0a�X\xC2/�\xF7ߵƪ\xC2\xFA\xAC\x9D(�ß™ukl\xEA..\xDA\xE1\xA8etV\x87r\xD3*$\xDF;>wYp\xAE\xDBr\xA1\xA3�\xEEdʈ\x86\xE9\xF1�\xC7V\xE9\xC3hK\xF1\xAB\xB8\xF3\x9D�WC��\xDE�.\xEF\xF2$.\xA2o\xC2\xDEQ#\xBB\xC5�\xB9*\xA0q\xA6\xFB\xC06\xB8J�\xD4 \xE0�\xC7\xE6O\x8C\xF9[\xF4\xCFQ7\xF3e\xF8\x81^\xF0\xCFa:i�\xC4\xE7\xBAb\xA2�&\xD9gA\xD1V\xA3�\xE7\�tj\x86y\xE7ר\x99<\xA3\xC8�\x84\xEC\x8F3t\xE7V(\xF4\xDF\xCCh\xA9\xD7OѬEf\x9B\xBD \xE9\xDDK\x95X?`\xC3\xFE7\xD8ok\xD3\xC8h_y,\xDC\xF7\xED\xBD?\xE1\xAC{\xAEMp\xF3\xDF\xF9\x82�z\xAF\x96\x9E\xA7\xFB�\xEBe\xF2\xA0e�\xCCt\xDE\xF8a\x82s{\xFA(5J<�i �K�f\xD9\xFD6ZilX'Å\xA2\xE36\xC9\xF1\xC3\xEB\xD3\xDB)'\xB4Y\xAC\xBC\xF34a\xA0\xB3\xD44Ǹ\xD4;\xC1\xF1U\xC1\xD1u]�h\x87\xCEl\x8E\xD1Jqz$�KЪ@\xCA\xDB3\xA7\xDCo%\xF9\x98CS�\xF7.\xF5\x84\x8A�u\xE1�D\xE2\xB0Yk\xCA5N-\xB8�\xE0 \xEE
-)\xA6u\xF3ñ�\xD7RÒŽ\xBB\x97,\xE2,\xD6\xF2\x91\xF9;\xB2e\xF5'h=\xF6:\xA9aCDcj\xCFç¾µg"\xC1�\xCC\xFB'\x85@\xE4\xA1�e�;\xE9L7F�K@\xBB,\x83�\xFD\xEBdE\x92\xB9\xBFe\xCAu]\xFE\xA6�&\xE3\xF1*\xE7X\xEA�R\\xD7|\xE7�>\xA4}\xD08\xFB\xC5\xF2\xB4\x86\xEF�Z\xFAI\x96-ÄŽw<PieU�F�m\xBC\xFE%h *��\x89U\xD4\xD4|\xFBj:3\xF9\x95[\xE9\xFE\xCF at 6[\xF7\xC3{R2Ø\xEA3w\xA4\xAC\xB6/\xB4=z\xEF\xAC6TÜ›\xB8�5Ѿ\xDD\xC0\x8E\xA1\xB2u\xF5\x8EO\x92\xFC�R\xAD�wL\xD6q3\xD3.y\xB2\xAC\xABP\xBE\xEBX2\x81#\xA1\xBF\xAE\xC3 \xFD\xAA\x8C2B�\xD8\xF1\xBB�\xE0\xF3(\xBD\x9BG\x93\xD9{Ct'Lgy5�5\xF4,&z!#\xA4d\xBD�\x8A�\xB7\x9B\x88\xF2\xA4�?:\xA1\xDC/\xAEx\x9E\x9EM\xBD\x9A\xEEO\xE4{k\x8F\xD1f\xD2\xF1g\xD0[~\xBC\x88\xB3\xE9\xA2n\xD0:{\xC4E\xCCc\xF7Z\x89�\x80�:vV\xEC\xD0\xFFf#\x94Je\xE5+\xF8-\xD5�G<\xB1 S��\xF6\xB7&�\x8F�\xCC\xC3(\xA1�\xD6\xF6i6[\xEB�\x8E\xAD�'\xB4\xC6\\xED\xFB\x9E\xB3w�\xF0T\xF5k\xB6!
8\xABÕ¸9Y'\xB9\x94\xA5\xF1\xE9\x91\xED\xB9=\xF9\xCD\xC7~\xAB\xE6\xBDisn;;\x99\xCBJY\xCD5(\xD7�\x89Ø \xDAhL\x9CI\xD4\xE5\x8D&}\xEE�\xC4\xC7ft2\xA7�\xCB\xC3Ji` �\x9E\xB5t�\x9A\xDE\xD0K\xB1#\xFC�\xA1G\xB2$\xC66\xA2�\xAC�g=�\x92\x8C\xBC>p\xAD\xED\xF4 |M\xAA\x9B\x85\xDET\xF5\xE8Ë¥{E-�5u�yÐ\xAA�(�C\x88\xAD\xDEF\x87\xD2og\xE7\xFC\xDA3\x82\xC6?Sh`\xD5\xE6\xB22\xAD\xA3=\x82II\xA5\xF1\x93��\xC6�\xF1\xCEh\x90\xC6z��[\xF9P.\xCDgN#w\xA3\xE9_\xE1\xA3\xE3\xE4bJ\xFD\xE8�\xA63e\xE7\xF81\xCE?\xAD\xFAw\x96�\xFB\x92�\xEB �zT4{\x85
-BfA]qpe\xF3�D=>�\xF6$\x94z\x8BєH"s\x9Be\xAA+\xE8\x96\xC6�\x8E\xB5 z\xA0lSv�\xF6\xF1\xA9\x85\xEF\x96Y\xF6W\xF1��ǘ\xDBF\xC6\xC9\xF0&\xA0\xEBB\xBC�\xB4s\xF6\xD3n>\xB3\x95ƨ�\xBBVj�Ԍw\xA5\xBF \xB7x\xAC\xA0I\x92ERH�\xB7
-|M\xC4\xE3z\xC5sz{o� ß–\x9E\x9B\x8CD3e'l\xC1b=\xE2\xDF\xE795K7\xC1\x9C\xC3'\x9D\xE7�k+'\xC2\xE6xAS5#]\xA1�~� Ú§\xBEw\xC5\xE4oV\xAC1\xBFA\xC3\xCD\xDD4\x9A\xEF�OFG,j\x8B`\xDD8\xF0�E\xA14\x99\xFC\xF8\xECi\x96\xA2L-C^+\xD4\xDCF\xABUݱÇ\x84\x8E\x8A(\xFB89A�\xFB[\xA1\xF7�Óf)\xAD\xC6a|\xE9]�l\xA9\xEC�\x99\xF9\xC0�`�\xA7\xAA\xB6p\xABB8L\xFA\xF1o@}\xFEÐ’F\xB3\x92\xD9a8
-\xE5\x8FU\xD4wUM\xF5\xBBg\xD5"& \xDBQ=Q\xBF\xC1\xB2p,\xE6\x8E \xF0r��\xCEf\x9C݇Q\xE3\xB3\xE9\xEE�t\xDCt6.\xA7>\xF4\xD9\xEA\x90\xF0�97\x9B\x93\xA1\xDEnW\x87\x95\x82\xF8\xAB\xD1 \xBF}\x8B!\xAEN�\x87\xE9i\x85 at l\xE3
-C\x95�\xC1&\xFBA\xD7"4\xC2\xCC]i\xC5�\xCE|,\x9B\x9E(mÍ…p\xEA\xD6.\x89\xFD\xB3oR\x8E\xD5]�\xB8k\x8E\xAC\xA2P\xD6\xA1Z\xDBZ\x8C\x8ET2Ê©\x82pC\xAF\x96d\xF4.Rn���\xAEf�\x99�7\xA3\x9E\xD8�\xE6r�\xF0��k\xAE\x96-!O\xF5\x8E\x9E1t\xBF9~\x82ó–‰\xE6\xB7q\xBCmx�Y\xE6\xF3\x949gK\x92}�\xC3\xDC\xD5�\xE8\xD7\xE5 H\xE9\xCFAf\x99\pC\xCAˬM\x82._\xF3B\xE2\xDA��jq
-\xC0\xB6]q�L�\xF7\x87�\xC2a�\xAF\xA1n\x97\x88\x9B\xB4\xA2(�'\xE2�\xA5&Cv\xADp\xF1f\x96\xBF\x81\x87OF\xD92\xF6
-# \xF0:\xF8F(\x89\xA5Y\xE4s\xE4L\xE8\xC6\xF9x�\xC2J\xDF\xD3%\xCCg\xE6\xC2\xEE\x88\xF1e��:\x87\xAF#0\xAE\xFF\xEBʻ3\xAF\x87\xF3\xEDLM\xA4\\x93w\x8Cg\xDFRkH\xE4\x8E\xC5_K\xD8wӪ�\xC2\xECni\x96�\x8Aر
-\xA8w\x8AlN\xFEj�s\xDF\xD18v<o\xB8\xDE\xE2Ö²\xE3U8^\xEB|W\x9A\x9D
-\xC6\xFA\xC1\xFF%\x9E\x86\xEB\xFF \xF6\xFF�\xFF��s�K\xA8\xAB\xBB\xB3#\xD4\xD5�\xFB\xFF '\xFA\xE2 endstream
-endobj
-1161 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 2
-/LastChar 151
-/Widths 2749 0 R
-/BaseFont /JHLZNM+URWPalladioL-Ital
-/FontDescriptor 1159 0 R
->> endobj
-1159 0 obj <<
-/Ascent 722
-/CapHeight 693
-/Descent -261
-/FontName /JHLZNM+URWPalladioL-Ital
-/ItalicAngle -9.5
-/StemV 78
-/XHeight 482
-/FontBBox [-170 -305 1010 941]
-/Flags 4
-/CharSet (/fi/fl/parenleft/parenright/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/emdash)
-/FontFile 1160 0 R
->> endobj
-2749 0 obj
-[528 545 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 333 0 0 250 333 250 296 500 500 500 500 500 500 500 500 500 500 250 0 0 0 0 0 0 722 611 667 778 611 556 722 778 333 0 667 556 944 778 778 611 778 667 556 611 778 722 944 722 667 667 0 0 0 0 0 0 444 463 407 500 389 278 500 500 278 0 444 278 778 556 444 500 463 389 389 333 556 500 722 500 500 444 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 ]
-endobj
-1025 0 obj <<
-/Length1 1630
-/Length2 16214
-/Length3 532
-/Length 17112
-/Filter /FlateDecode
->>
-stream
-xÚ¬\xB9eT\x9Cm\x93-\x8C\xBBk\xF0\xC6\xDD�\x82{pw\xD7Æ¥qwwwBpwwww�n�\x82�\xF7/\xCF\xFB\x9E\x999k\xCE\xF9u\xBE\xF9\xD5\xF7U\xBBjW]\xB5\xEB\xAE^\xBD\x9A\x92TI\x95Q\xC4\xCC\xC1\xC4\\xD2\xC1�\xC4\xC8\xCA\xC4\xC2�PW\xD1T2\xB6\xB556�:\xC81\xAA8\xD8��\xFE\x9A9�()ÅœÍA@�{qc\x909�@\xD3\xDC� nn
-`c�\xB0\xF2\xF2\xF2"P�\xC4��=\x9D\x81\x96V \xCD_�Zzz\x86\xFF\xB2\xFC\xE3�0\xF1\xFC�\xE4o\xA4�\xD0\xD2�@\xF5\xF7\xC1\xCD\xDC\xD6\xC1\xD1\xCE\xDC�\xF4\x97\xE2\xFF9P\xD5\xDC� \xB22�X m\xCD�b\x8AJ\xDA2
-R �)�u\x80\x94\xB9\xBD\xB9\xB3\xB1-@\xC9\xD5\xC4�h
-\x90�\x9A\x9AÛ»\x98\xD3�,�\x9C�\xB6\xFF> L�\xECÍ€\xFF\Í…\xE9/\x97\x88�\xC0�\xE0\xE2hn
-\xFC�f\xEEaj\xEE\xF8�\xC4 p4w\xB6�\xBA\xB8\xFC}� ] \x96\xCE\xC6\xF6\xA0\xBF= 9 \x80\x{1A6DAE}f\xFF�\xF0\xD7n\xE1\xF0\xAF\x82�\x9D�\xFEz\xD8\xFD\xC5\xFE\x92)9\xB8\x80\L\x9D\x81\x8E \xC0߬J\xE2\x92\xFF\xAE�de�\xFA'\xB7�\xF0/�p\xB0\xF8\xEBi\xE6`\xEA\xFAϕ\xFE\x85\xFD\xA5\x{12C2301}\xF6. \x90\xB9�\xE8\x9F\&\xE6 3\xA0\x8B\xA3\xAD\xB1\xE7\xDF\xDC\xC9�\x9D\x81\xFF*\xC3\xD5�ho\xF9_�0 \x9C\xCD-\x8D\x9D\xCDl\xCD]\\xFE\xD2\xFC\xE5\xFE\xA7;\xFFuO\xC0\xFFv{cGG[\xCFE;\xFC\xCB\xEB?k \x82\\xCCm-\x98�X\xD9\xFE\xE64�\xFD\xCDm \xB4G`\xFEgTd\xEC-� \xAC,\xFF\xB6\x9B\xB9:\xFE�\xE6f\xEE\xFC\xAF�\xD1\xFC33\xB4\x8B06s\xB0\xB7\xF5�\x98\x99[ 0+8\x80\xFE\xA6�\xD0\xFC\xBF\xA9\xCC\xF4?'\xF2\xFF\x80\xC4\xFF#�\xFF\x8F\xC8\xFB\xFFO\xDC\xFF\xAE\xD1\xFF\xF6�\xFF\xFF}\x9F\xFF;\xB5\xA4\xAB\xAD\xAD\x82\xB1\x9D\xF9\xBF\x82 \xFF\xB1c r\x80\x96\x8C\xFD\xFF\xE1ml�\xB4\xF5\xFC\xBF\xF9\xFFwOM\xF3�\xF9\xA5\x91��\xFFm\x85\x88\xBD\xE5_9�y\x998xXx\xFF
- ]$\x81�\xE6fJ@\x90\xA9�\xC0\xC2\xD8\xF6o\xAF\xFEeW\xB773w\xB6�Ú›\xFF\xD5\xF4_\xED�0\xB2\xB2\xB0\xFC7L\xCD
-hjc\xFFO\xF39\xFF
-\x99ۛ\xFD\xF7\xFA\xFF\xCA\xF4\xAF\xEA\x99յDe��\xE9\xFF\x8F\xBDʨj\xFBw\xBE�Y\xB9\xB8\xFF�\xA1\xF4w�@j\x9E\x8E\xE6\x80\xFF\x95NS\xDE\xC1\xEC?�\xFF\xF0\x89\x8A:x \xBC�Y\xB9\xB8 \x8Cl<\xEC_ at 6V /�\xBB\xEF\xFF%\xF7\xBF\x88X\xFF\xEB,o�r�z tY\x98XXX\xFF\x92\xFE\xF3\xC9\xF2O\xEE\xFF4 \xF4\xFF�\x8D\x84\xBD\xA9\x83\xD9?\xB3\xA3
-2\xB67\xFB;n\xFFi\xF8�6uuv\xFE\xAB\xF2\xBF6\xC0\xDF\xEB\xFF\xC7\xF9_\x83on\xEEan\x8A\xB0\xBE\xE2`\xCA�b\x9D\x91\x9D \xAA\xC3\xCD�\x99�\xD7�\xE8c\x85� u,mT+*�\xA8q\xE8\xF5ψ\xD8\xE5\xAD4z\xAB
-ej\x9A\xE1\xFBh\xF7\>s|?\xFCFw4Ö‡cKÝ›f~\xF9\x9DЗ\x9C\xB6\xBF�\xFD'U'7\xFDQ�\xB3A)r\xE6\xB9f\x8C\xF7Õ’\xDC�\x94��\x8B\xC6\xD1Þ”\xB2\x8AA\xC9��\xD1L'\xBB3\xDC\xD5#m \xB9[a �Ń#\x8A\x9FizC<v�Z��FÝ\xB3s\xAA\xE4\xD3\xC7�\xEA\xA1\xF1Ñ‘\xE1\xDE�\xE8\xFEC�\xFA\xBCxxJ~7(d\xAA\xE8 \xA7<�!�\xF5
-\x89\xAAV\x8D\xB6\xFD^]n�?É\xF7o\x8A \xFC\xD0\xEC\xE6\xC7\xD5Q\xFFÑŠ\xB4K\xEB\xF1\xAF0�AÙ�\xAC�\x8C\xDA#\xDB\xF5\xBD\xFC\xB6Sz_\x93Ò¶\xC2\xE6\xB0¯\xA3Z\xAC�4\xA6\xD7\xE2\xDApj~�\xBFH]c}j\xC7y\x8C{\xEC|yz0\xD2\xE4$�\xB7\x91�\xD7\xF9\xB3\x9B'\xC8�\xA0\xFAK\xE5W\xB50w\xEF\xE8\xE5\xF3\xE4\xBB\x{1E09A4}\x86\xAE\xDF\xEB��\xD3\xF4\xE4�Ng@�\xAB\xD4\xCBfR~7�\xF8X��3X\xAF\xA7\xBA<\x86\x9E�\x87:;�D݇�Y�\x8B�\x92\x87�\xB1\xC7Ʋ\xA0�\xBEqv"\xA9\xCE.\xE5�\xB6\xB18\xC1[Ö†\xB8�g\xDBy\x8E \xB0�d=7U�\x95Kr\xB8�\xBD#$\xBD@�\xB6KG\xFEJ\xFE\xD0\xEC\xF4s\xACa\xD6�N\x8C\x90\xB8\xDA\xDFf\x9D\x8EAt\xE2wʳ\x93\xA2\xF8\xC1�\xEBk-y\x81Y�\x9D?\xE6\xCA�w�\x8Dj>�<��\xAC\xFAQt\xA9\xC67\xE1h,�r�\xE7"\xF2
-k{\xB5\xDF8t\xAFO/;\xA5\xBA\x88of\xB1\xFA%�\xAC\x94�&\xED�x\xD5)F\xE1\xF6W\x93\xF1\xB9\xE4\xC0 �\xF5 H�U\xA1\xAFDR˅W\xE9\xC6\xF9�\xA3�]\xEBj�A\xB0\xD2\\xF9*2̘H�\x83c\xBBc.\xEE�\xB6\xA47ۢ9\xD8�\xC9�\xEE\xE1�!F\x86\x96\xA1\xCD\xD5g\xE9l�r\xAF\xB8\x92jU
-\xAEN\xC1\xD3
-S\xCCT\x9C\xB1Hi~|\x8C\xD5w\x9D\xDBk\xB6q�\x9A\x87~�\xB96c\xB6��\xB3#\xC5'X\x87\xF3\xC3�\xA6\x85~k\xDD|a\xCC�\xD9jXՕ�lb�\xF1m�6\x81�\x8AE٧\xDF5\xC0:\xE9\xD2 Y\xC1\xEFP\xFD�ߊj\xA8\xB7\xD7})\x93�ދ�\xA4\xD0/\xBCh2\xAB2\xBAc#<K~HSi\xB1e\xCA\xF1W�\xEC͓%NB'\x89A\xB4�\x88\xF3\xB9�\xE4�R\x9Fnm\xAD\xF9\xF0\xEF\xF9\xEE\x8A\xE2K\xB9|\xA5_%\xCF �\x8Abkq࡚kG\xA0\xD5\xC6Tg\x88>}?\xE8\\xA8a\x97\xEE\x8E�\xFF\x92\xBF\xFF[C\xECB>�+\xDC���\xE2\xB2\xD54k:\xE0J�V\x8D\xBE\xB3/?㉤�\x9F0r$\xB1\x97gF\x94\xB7\x9E\x90�9\xCB&LJu�\xAA\xAFk�^�3?\xD7�\xEA�:d�\x82\xC1\x84$\xEC\xA8wW\xEA]�%*\xB21\x9C!\xFC1\x908\xAF\xAB|\xF6�\x85s�~\xC4\xC9�\xE9\xD1�pc\x9E\xBC-V\xC1�uM/lT\x9C\xB3wb?\x86^\xAFZs�?[\xDC%\xC1�J8\xB4\x99\xDD�\xC6\xD6.\xE7W\xCAB#\xFB\x9Dc5\xDBb�M�#0\xDB\xEB\x98\xDE*g�iIK\x89\xB8k\x81\x87\x84\x83e�:o\xAB\x901�{�r\xFA\xCB$�\x8Av\xDF/\xA3\xC7�\xB4-\xE2\xBC!ĒD\xC5\xFC\xD6T¦劗\xEF\x9C\xFD\xBE\xFAf\xD3!Ql\xA3\xF8z\xA1\xB6\xE3\xE3\x8A�-㵡\xB2\xC1\xEE8�}uM#E\xEB}:\xDB\xC0\xA3>\xC9\xF4p\xE5�"\xBA\xA5b\xB8)\xE39\xAB\x90�
-\x87�\xD8 R\x8A�\xFF>7@\xFF�y X\xF5Cu\.\xE8�\x8C\xBA\xCCQ鶙\xB06\\x81Ç\xEA\x9DÔ’BZTt9\xE4殢%\xC8s3)#\xF7\xA5\xFB\x81\xFB\xD3\xC4_J\xA3\xF6 \x95\xFA\x8C>k\x9A\xB4"\xFA(ߵ쬆\xFF\xFE7�\xD6!\x88A�\xCEv\x868\xBC\L-E\xA9\xBB>\xE6Lk9\xAD\xFBwÙX@\xE8[\x9AI\xCB f\xF3\xA4Zyu\xCCLt5\xE5\xE6�B��\x9B\xF1wO)\xE3\x97�\x96C\xBE\x92\xE2ì·Ÿ\xBE\xB3W\xB0\xCF\xEC��[\x9A�\x8B\xC5C|\x94I\xD9j\x91\xD1\xE5ͱ,#7\xD9\xF25D;q0Q\xD1℺�$G�\x9Bx\xFA4\x81oY\xB5\xDA1�3\xC8 at dL\xA8��\xCAG\xFC\x92\xF0\x9C�;\x8CQ\xEE�\xDE\xF2\x97\xD5B\xD5Ä’\xDC�\xE2)E�M_\xA9\x99�\x88\xFAzw\xCAp^\x8B\x94\xB7\xDE m\xF9n\x90�|�a\x84\xA8�=$RW�\x83�\xFA\xE5Ë®f\xE7\xB1k\xA8C�R\x8D\xC3Kxl\xFE�\x8E��,\x81H\x98\xF23\xF1\xFD\xF7V(�\xCD\xF4n��:s\xFE]'-\xA3\x92\xB6\\xFD�Pka�I\xCA\xF52P\x8CN\xE3\xAC?\xD7\xC8e? Z\xBAÜŽ\x95'B\xFB\xC6$\xAA\xDE\xC7\xE3f\xD7\xE6\xBC0�4\xC85Z\xD7\xF0\xB8\xB3g\xBB\xCAXJ1#�$�\x9DjÓ«5e?2\xC5%I\xA6S\xE0\xC6b\xAD�Û«.\x8F\xF2^*W\xED4\xDC�X\x9D\xFD"\xF7\xD0*\xB5�\xA3d�9\xE0F��\x96$uY\xBB\xCF?\x8B\xB3\xE9\xECSx�\xEFa\xB5Y-\xA2\xA1\x80\xD1_{\xE2\xA9 b]\xD8}*\x91\xB8\xA7l\xFEm-\xF5�\xA0�\x9F\xB8,\x9A�=\xC7�\xA6q\xD4m'}\xE3 \x92\xBD\xC8J/W\x96\x82\xD1q\xD2k\xD0\xC0��x�\xF6Jz\xDC�R\xE7\xBER�\xB4I\xA5�-\xA6n\x91\xFB��iK\xA8xH\x816u\x9Ax\xD6\xE9s\x837�)\xD8\xEB2~v
-\xAC\x99fA\xF9)K\x9FyH\xE8\x84)Ô’D\x85,\xDC/o\xDDEI[\xABt�5\xC9Gs�É\xBB\xCC~\xC4\xDE\xEEYL�"\xE2\xB6F,c\xF0`K�\xF1�3]\xF5\xB39udÏ£Cs�\xB4�\xCC!\xA8\xB0>\xB3\x93\xD1\xD9L\xD9\xD3\xED0g\x80;\xE4�r\x9E5E�f\xAA\xCCw\xA7HD\xAEnVd\xFC/rp2\x98\xA9\xB1d\x9A�\xA1\xCF\xF9\xA1 �\xB4\xEC
-Lc\xD3\xD2k\x84}x\xE3M\x87\xF8�ATᳶǦ\x9AC \xB2\x9E\xADP\xA3\x995\xF0HL�5\xC8�\x91>�gF\xAC\x95\xCA9�@P\xBAM�\xFE\xE5G-*\xA3?ɦ\xB1]\xA8\xDF$\xA0\x8D\xD9�\xC2H<\xF0\xEF\xF4\xD5u=l\xB2\xE9\x87M'8\x8F�C\xF7\xD16�`\x85\xABp\x95\xB79
-S\xD0A\xDC?\xE4\x85�C+\xD9B\xFD\xB0\x8E%\xAB\x815\x92k#4f%\xE3\x96E\xF2\x9E`KR C\x94x\xA3n\xA92^�\xE7˄M�\xE7\xC8��wS\x86q终�y�,\x986\xD1�4\xDF\xD6\xD9\xDA\xC3I+�\xAE\x91\xEF\xD2h\xE2%\xFF\x90\xF4+cDz�A`\xA0\xCF!\xF8?(\xB2*\xE90�n\xB2�G�\xA1\xA1\xE6\xD2\xEBQXN\x8AJ5�\xFB\xBA\xEE\x8E\x!
DA �\xF1$h\xD3\xE4\xEFc\xA1ʢ�\xD1Y\xC9\xDD`\xB8�q�'u\xFFЪ/�\x82ݴm\xD1\xF8D\x93�\xAF\xB2�v~�\xB9\xB0\xF9L\xCA{B݌\xA1\xF8\xC36\xB2\x96\xED\xECю&\xCD').\xDD瘃\x8B\xA6#\x82\xA62̃\xEB\x8E\xE2q'r\xF4�\xDB\xF8]\xE9\xBAH\xF4\x82\xE5\xF3\x83'\xCE:\xADM\xD8,Cz)�m>\xB8Zk\xB6�\xD3]\xAB>\xF8:,\xD9\xC0%\xFF\x9A\xC5)��\x9D\xA9\x82�\xA9%�A\xD8y�\xB4\xBC=\x80\xACNX\xA6�\xC4�v\xD9\xF9'a-\x8ASR\xBC\xE8\xF36\x86o\xA1(\xA0\x86\x8B4ZQ\xD2&\xC6�\x93\x80'x_!B\xE54
-\x9CQdÓž\x88o\xA5��j\x9B*��\xF7\xFA*y\xE8\xF5A\xAEÈ›\x8A\xD8�\xF9\xDE*�9Ö¤\xFB\xB8\xB7\xC2\xC3mÈŒ\xBF\xC5�\xFB�\xD7t\xE1\xFA9�\xC2Ì¿\xD7j\x8C\xEEuÊO\xE07�\xAC\xE4'\xBD\xA3[�\xBB\xF7HsHs\xA24x\xC5\xC8\xE9\xA0\xFDv�\xDEh\xF7�\xBB&N\x99�3\xEF\xB2,\xE4\xAF\xF2\xE0Þ¼�\x8D\xAB�\xBBP\xF8\xDBÖ…\x85\xCC\!nÊ—I\x9E\x91\xDD�\xF9\x99,dsa\x8B\x992,\xC9\xDC\xEF\xE9�\xCF\xE9\x9B_\xD4n8�Zr�\x8F烹\xAA�v{\x88W1\xF3LN�\xA1�\xA6\x8BJD\xBC\xA5"e\xE9UM�\xE4\xE3\xEBj\x93\xB5B\x8BND\xB7\xF3\x9B^\xD6\xE5\xD3ܦ\xD9v\x89\xE7xD\x8B\xFA)M\xE8n\xC1�\x8C;\xD5\xD7`x\xDE�\xFD\xA4\x8CA�h\xE0�I�%\xDC\xFA��\xE1G`\xA6\x87S\xD8\xC9ň,\xF8,^\x87QX\xD2<5\xB5[\x9DOt\xC2\xD7{\xF9\x85\x8E\xF6\x84F×�\xCF�+N\x95W�\xBE\xA4T\xE6�r U \x8C\x80\xB4q^\xBEt\xC6^?\xD8|%�uÂŽ\xAFB_\xB5\xF7\xC5\xE1s�-\x99^�\xB1`Ö¹\xD0�\xFC�|\xF1.\xF9\xBD\x84\xF5\x9CÏ¡-e\xFD\xCB\xC5Ì…\xA3\xD7\xEFO\xA9\xE8O\xD5R�\x8D\xC1]k\xAF�\xFE)\xBF\xD2\xC3\xFA �\xE7\xF8bU'\x8D\xFE\xF7\x98\xC0\xC1\xB1��C\x8E\xCA��|\xD8o��\x8BV\xC0,\xF7�QY\xE1\x8Ee\x83TÅ€4�\xF9`h\xF5h\xC3\xCC"\xCE\xD5
-\xBE\x95Q\xFFf\xED�2FZ Ys�\x93^\xC92\xE71\x9B\xE8\x8C}\xB4\x90x\x95o\xF8L�\xC5�~�\xC3�\xAA\xFA\xBCSr6\xC3,f\x93\xC5$\xD6�\xC1~\xB8!\x92\xC5u\xA3þ�\xB9fu[\xA8\xBD$|8G�\x8A \x9DXP&k\xA9:\xC40[gI�J�\xF5\x84�\xE7)�C\x91
-\x8Cī\xE93T\xFB\xC2\xFC\x91\x8D\xEB8\x8B(�ق.\xE0u6s v>\xF1\x90\xB1=�ei\x99t\x84�\x9D\xC3�c\xFE9 ^O\xA0\x8F��\xCEb\xD4Sf\xFC\x85.\x92
-˞\x9F\xDCx\xAAĮ\xBB~d\xFF|\xB0\x83\xDD{\xFA볩P\xA4\x88�\x8DC{T\xC3\xC2b �~3\x98\x98 Զ\x90�q-\xD6Tk�\xFEWB\xB5R\xE8�1
-\x9C^\xC5}\x81\xF7b"\xE1\x9F\xD9\xF7?�'q
-�\x89\x8D�\x96\xC5/F?\xAE\xCAD�\xA8%�\xB7\x8E\xD0�rm\x876\xD3�\xC3ȈWw[�\xD8\xCA.K.\xBC\x80\x96X\xB8\xA2\xB6ei�\x97\xF9y�\xA6 \xDAI\x89s\xC1\xD9\xDB�\xE8FC\xEB\x9A�ˉ�\xB0\xC1\xBA\xAC\xC2\xEC\xA74{\xF4_ju5\xA7qWb\xA1\xE2:\x82F\x9D\xAE\xB9\x91
-\xA3MQ\xF9\x9E\xD1\xE9Ä›\x97\Jo\xA3c
-\xDAS�AЧ\xCF\xF1`�K\xA1\x88C%oÝ«�\xFC\xB0\xA2\x92N\xBD`\x9E\xBEVDÚº\x91\xB4^\xE1l�m\xCCb�'O\x8A �\x9EQS\x82s�xC\xFE\xED\xBA7páž\xC4!\x9DJ\xE0
-wF\x91\x9B\x8FU\xEDG7\xEDoY{\xBA\xB3\xD5\xE3b\x9E\xD5\\xDB."{\x8A~\xEF!x�\xB9\xCE+~S\xC6eT\x95\xB1ZЯ\xC67
-�\xAB\x88b\xC94\x87\\xB7L0<V\xF6\x86G\xC9'e\xF7\xD4\xDF6\x88'�\x84�)\xA9o\x8D薿a\x8A�C!�*uȨ\xC89\xFD$J\xC4\xEAp\xEA\xFCt\xCFr\xF6\xFDr\x96\x99\xB7j\x8F�\xAB\x9C'�\x93\xB0\x88\xE2d\xA7\xCD,=~\xE8\xBBE\xD4\xFA\xF2#\xAF\xF9I/\xADr\x98�\xED\xD3\xFA�Y\xABhu=�}\xFE\xFA]%H\xC7*�\xBB�a4W(\xBE\x8Bu\xF32\xA7\xCA\xCF}5\x9Bz\x97\x94\x{DEF9}8N�\xD27\x93;ðѨ \xDA\xF4*q\xE4\xB1\xE5\x92\xFA\xAD\xD3\xC1+�\xAD\xA2\xF0\xEE\xFA\xC6\xC7\xF3V\x99-q\xE1Y�\xE58\xB2R\xBD\xFB_\x93Y\xF2\xF5w\xC7M]\x9B\xBDc:|I\x8D\xAF>xi_��\xD6�\k\xB5\xA6\xE4f�\xB45�\xBE~\x8C"%\xEE�}\x85|�\xEB
-\x9B\x88u61j&v\x9AQ\xCC/\x82�\xB7�b\xE9nx;\xC18G̾
-X\xFE\xAEqp\x85r\xC6m`\x91\xA0/�I\xEF\xA8�ë‚‘�;\xFDR\xA8\x95���\xE5)�\x92\xD4`m ^f\xA9>\xACO\xDB\xCE3��[~\xBD\x9B\xCD\xC4\x8A Ü?\xEB\x8Au\xD7\xF6�\x94�.|\xD0\xF1b8\x89�\xE0\xFF\xB4s\xCF6�Q\x82"j�W\x8EB\x89
-x�\xAF\xB0&\xF9.\xB1\xF3h|�-\xF6\xA4\xB2�K\xB6\xC9\xC96
-�N\xBFȿ\xF0.�\xB7\xD0\xF8S\xFDAH\xD7\xFA\xA4\xC5\xCCް\x97\x91,\x8AeV\xAED\x92R\xB9\xCF\xCE_\x83\xA2��\x87):?\xA8\)\xCC/
-\xE1s\xC6#\xFB\xDDa�\xD8\xFC\xBEC-(^�\x9F\xBC,\x95}3\xDB\xF0\x96VG\xBC:\x90\x8E\x88p\xF6\xF8
-�\x87~f\xEA"��\xA1\x80\xAB\xCB\xF6D\xF1q\x9A\xFB\x84\\xE3L={,Y\x8D6\xE8s\xD3\xF6&\xFFR\x9E�\xE9\xE3��\xCEv�\xF8�\xFCƒ \xA9\x972[<�\xC2]*\x8E�U�\xCD\xF6~F\xBA*\xC4e\xA4A\x9D\xAC \xAD\xE2\xD2\xD0{q\xF7\xA1Tj�\xE1\xAFr*DQ\x96\xD0n8ֱ\xFC\xC7\xD7^\xEA\xEE5
-\xA2\xDA�]KM \xACd\x8Ct\xAC\xEA \xFCr\x96қ8\xBB(B\x9D:\xF3��\x8D1OC\xF2\xA3P�^x\x9E�\xB6\x8D\xBC\x83 z\xA8V5]�\xAA\xBBr
-\x89�&$_׉<%@v\xA9\xC71\x894��~\xE5\xA2f\xE5\xB6_\xB1E\xFB\xB4\xBD\xF3*�`,\xC7\xC2͓)\x87\x8DD7^[\x8F#\xA8eN\xC4�\xEE�]\x9B\xC4|cc\xCC.g\x89\xE6R�u\xF5~\xEAP\x84\xA8\xF6\xAD\xFE\xB2\xF8\x8Fw\xE2\xAF�\xDA��\xAC9\x88\xC6o�D\xE0{\xE9\xF8k JP�\xD4\xE7�\xAE\xAB\xBE<\xE0ء{Ҏ\x83\xA3H \x88\x9A9۾>,v\xA7\xDFڈ37\xEFegiZ\xD8\xC3�Β��~92�\xEFc\xBEq`\xBC\x84\xB9W\xCBm\xDE/\x9F\xAA\xC8"\xCB\xF9t\xFE\xF9\xA1ΠT\xBC
-1\xA83 (K$/U@\xD4T\xCA.5,6f!-\xCCxFh\xCC\xC1\xF3\x82Nn�r\xDAz\xEB\xA6w\xC7O\xEFa\xF3N\xF4%0I[\x97�\x90\xC1\x83�\xBD\xEC\xEA\xAFz\xE1\xEDZpi\x9D\xF8\xE9l\xF2"`+W\xFC\xFC\x87\xCE\xF9\xBD(\xFC-]X7om_�\xEC\xE6�\x9E?\xD3o �c.ޥ\x8E:�\xF7t\x83S3\xFF䤽0\xF7Ov\xA4u\x99g��&\xA6q\xECI,\xD95S�v\xFA\x99\xA8\xFFo\x8Dx\x88\xF09\xB1\xA6ͯ1c��\xFC\xF9.\xD0e\xA0'�\xA0�}\xD2�ߔ\xEF\x88"ވ\xE6#\xC9�o\xE6W\x9B�\x9F\xC4HM\x82\x987/�\x8D\x97f �2"\xCF�\xF0Gb
-i\xFA_�C\xE2�\xD7\xA4,\xF8A\xB5w\x981\xB9�BÒ¦�"S�?\x87E\xFF�\xD10L�\x8B\xB2\xBD\xDCDC\xF62\xC6\xC0-\x83\x80x\xA5!\x9A\x99'O\x92\xA8O<\x97Ý®\xD2ao\xF5Òµ��w\xCF\xD4Ö¤;�\xE0kK\x88\xEAz\xE4oqm\x87\x9A\xD2k\xEF4\xB3\xE3�\xA5d\xB7\xB76 at T�S$T\xB7ã²\xD7j2HÇ‘#�\xFA\xFB\x83\x87\xE2i]\xBC\xBE_\xD8Ñ\x9A#T\x81f\x90\xA3~:\xB9\xF7�3\xB2+\x8D\xFE�\xD3 ÈC\x905�\x90\xA2)\x84Y\xFF^.\xBBx��\xB7Q\xEB(A�\xE4\x87\xF2Ia\xE8�dF\xEC�\xDF;\xD3p\xD6\xC7\xC2�\xF7=r\x86m\x90΢j{�#\xB6V\x9CNC\xB0\xCFB\xBC\xE8\x91\xF7ë—†\xA3Z\x86V!\x92\xD2\xF2\x8A\x8D\xE2Y\xF5\xA4\x8BD�\xA1T\x99\xEB\x9C7(8\xD6&\xC3\xDE(\xFC\x87*t]\xAFjT\xEA_\xE8�\xA8\xD4u/\xFD\xF1N�\x90U��:\xA6#\xFBP\xFCL\xE7\xDF�\xF6�Ô¬3\xA7�C5\xAB8N�\xBB,r\xC3�_=^U\xA2A\xBA\xCA�7N\xE5\xC64�l�[\xDA\xD9rc�w\x98\x9B%\xD0o\xBB\xC6Õž\xD9�\xFA9\xAAR\xA4w\xE3{E\xD5[\xBB\\xA9_\xBDz\xF8t�\xCF\xCE�n\x95
- \x89�\xDAtP\xB6�\xB3�\xE3h\xB4�\xBCO\xC4H\xE7\xE7\xED".\xEB\xB56�\xBE\xDA\xF6W5\xD4އ\xBAd\xA8\xA6\xE8��m\xFCq$:\x8DY\x90\xF8
-\x9F\xE1G\xAEo4\xB1 �\xD6Q\xD3o$\xF8\xB5\xEC;�\xD1bV!\xFBykA\x8F\x9E\xD4^\xB6\xAA\xA1�\x9D/�\xA9\x83\xC17\xD9\xC8�\x8FS\x8D\x{1C3710}\xD4d\xED\x90M\xE8SA\x882x\xEE^vΨ\xCAXd\xBAo{g@\xBD\xCBZǃ�\xA4\xC3Mp\xA6|\x80\x85\xA4}\xF8\x{DADA} %%�\x99\x8E�\x8Ct@\xB6\xB2\x82\xD1|\xA2^\xA6V\xCA0CN\xE3r\xA7S=\xCB\xC0�\x9D\xB5jX(s'\xB7�\x9F\xC3,>\xA0fy��m�\xBE{<\xF5(�w/v\x95\xDA\xE9`\xF6\xADA\xBA�h�J\xBD Ȓ
-\xB9\x98%A�\xC7©�OO\xFB\xD8+Vċ~{H\x8A\xB9l\x85�\xA5m\xDF,+?�(\xF2\xD6\xDC\xFE\xF2Ha\xF6jZ<Dg\xBA\xA2(\x88SN\xF7j\xD6�I\x80\xB5\x9E\x84*m\xF75e�\xC9
-\xF8;\x8F\xEB'{\xAA\xB4\xE4\xFA\U\xB7�\xAE\xBFn\xE28\xAC\xF7Ó‘\xE0f\xE4
-,"\xF5RbzR_��'\xCF4\x8D\\xCEG�-M �z�\xBF\xD9\xE6qS�\xC1ZN\xD0�\xBE\x83 &�L\x99\x8A|�+\xC6�*\x98�F�\xC4Q�a\x8A\xA1{%�N\xAA\xD4%#\x8AZ\xD9Z\xB4\x90=;^v\xBF\x9E�1>�|�\xEA�\x8DCJpL\xB9\xE1\xEF\x9D�\xE6w\x94\xAD��~\xBD\xD8\xD8\xD3<
-\xE6lS\x8CN\xC3 \xCB\xF9}\xEC3\xBD�\xFFڻ�~\xBE-\xC7\xD3]\x96\xCD
-\xD1\xD9\xDC\xF4W3>\xC7z\x8D\xB6P\\xFC\xF5\xBA"kw5�\xB7D
-��(\xD9�üՅ'\x95�\xB1\xB2\xF2\xB1\x97g\xCA1H\xF0Ḷ��Ýœ\x9C\xF2*\xE3�N_R\xD3\xFD\xC8\xF5\xB4Ùž\xAESvt\xA4/wp\xF5�L;AÔ\xD18\x97\x9A\xE5\xC4�x{K\xB3\xEDeS\x94\xC1\xF19\x90U�Me\x9B\x8E\x88\xCD\xD7��\xDFÉ¥�al�\x91�\xC2\xE8i\xD7N~\x8F\xBE\xCE3\x81\xB1\xD9p�Y��b�d�\x81ÕŽ\xF0\xE9a/\xE5\x858\x95H \xFE\xD0e\xFD%\x82B\xD2\xD8�d�\xCE\xF6\xAC/~.\xAFm\x8C\x93\xD3\xF85\xAD\xDDÑ„\xDF\xD3I\xC6k\xB4\xED0\xF9X,�\xE3HKKÙ©�q\xE46ç¡•�\x90\xF8;~�\xBF\xC9o�\x8A\x9C\xE7�\x94\xF7-mz\xCB9é‹.\xF2�Õº\xFB+Ó·\x9C\xAA7\xC6\xD4�\xB9�D\xB4!�\xFA\xC5A\xB1\xB4\xE2\xEB9\x9C\xB6a\xA4�<\xCF�\xEB\xAD\xE1_\xED\xB0\xC1\x82L=\x80@�\xB0\xF9\xB6NM\x81\xB9\x95\xED\xF4\x99gFN\xF3\xAE\xE4�\xECS!\xE0{\xF9\xB2g\xE2A}��*\xDF�Z\xAC\xBE"L;\xA1!&{S\xBAG\xDA\xF5v\xFF�\xE1It\x8D\x98h<\xCAo`\xD0
-W\x95\x98\xF7\xA8�\xBA=\xE1p\xAC
-]3#"�\x8CB\x9Ft\xAA�\x94�\x82\xA5\x87\x98Q\xF0\xEB\xFFD\x9F\xB0X\xFC\xF9\xA7\x97K`!6\xEFH\xA9/\xF4y\xFE\xCBZ�\xBB\xF9c\xA5\xCF\xC7\xD6��\x99\x84\x8F\xDA\xDD"\xD8Ñ6\xD8l\x9A\xE4\x96\xE3N�dn>\x8D\x91�W\xA8f4Ý…\xCA\xF0B\xF7�=Iâ¹²\xDED\x8A\xA1\xE9\xF3\xF1L\x97eM\xE5u/\xF7r5�\xD2\xC4\xD8�\xF9?\xB6\xDF\xED\x9E;>�#ØŸ#J\xAC\xEF\xED\xFDw\xC5\\xE10NJ�]\xFE\xEE\wL\x89\xCBW) \xE1\xABj\xFB콪:\x82ÄŒq\xCB�\xBEt/�eÖ’\x9F��n\x85\x87\xFE\xE0Ob\x8Dë·¶t\xF3\xC5@Ý—\x86v9p%Z\x81�\xA7�P4n���\xA6kh\xDB%\xFD\xAE\xE4\xC7=v\xB1\xAFl8E45)\xC2c\x9FfÕ‡\xB3Q�\xF9\xE2\xEFs\xCA9
-Yb\x81\xDC�\x84\x8F\x83l\xEF^\xEB)\xFD\x97$Վ\xFE9%A\xCAf|(\x97\xC0�\xBB\x82\x86\x90\x86\x9D\xEE^m\xFCu\xB9\x83\x9F�\x8EC\xA9\xA2p\xB0\xB0�\xF0(3\xEF\xFB{T\xAA\xD3\xFDᓘ\xEF,\xEE��\xCD\xD4}\xBB\x9F�\xC74��\xBC\xE9kv\xD7
-з5\x99\\xC5��\xAB\xF1NK\xE5'\xAE\xCCh\xFCM\xC1\xFC\xFA\xEEV\xB5\xFC~\xA6@\x8C1\xD9Y\xD0�\xAFx\xB9\xE9\x9CI\xB6\xE4\xB9O\xB9\x98 N\x876\xF5�q\xE9\xE0/\xF0\xB87�^\x96@\x80O\xDC�slD\xE5\xD3\xEE��j\xDF\xCB��VS!V6U%\xE1\xC7\xD4�aD\x9A\xF2\x93\xA3u\xBB7Z3c\x828p\x80\xC83\x98\xA3I\xBA\xBE\x9C\x88\xB2�#>\x91\xBF\x8CR\x{6D298597}\x9C-�\xA4\xAE\xD0\xE1ZhOьf�u\xF04\xB1�wC\xF3\xC0�:t\xB2�Y\xC6
-\xE0�\xE9 �nرn�\xA2YoI\xEA\x9F<vIS Y�\xB0\xC6\xD2�\x8E��5�G\xAD\xE6\xE50M\xF6\xBDA\x88߄\xAB\xFF��/kZ\xE2�\xFC\xC2z\xD7�bAd�\xF0)9Œ6\xCE\xF6\x91\xD0k\xBFݧ\xC4�7#\xC0jhD(\xC5\xEA\xF9\xD2\xD3|[C\xAA\xE9\xB6w\x80\xE1\xE0r\xCFx\xE9\xC8sCptE\x90\x92\xF7$e\x9F\x91\x83c\xF62o\xAC\xDD�\x9CSaTS\xB9/]v\xB6Ag`\xE6ơ\xA6\xC1\xA7�Gl�\xC0�\xA2?v\xE6Ͷu\x8E�+\xA8�\x8F\xCE_\xB8\xA4\xA0k1\xA1�v=\x9C\xB0\x{26A7F1B}�:ܵ\xCD2\xAF\xB7^&,\x88(:\x98Kw�\xB2\xB4.\xD0f�\x82fr:=P]�_�\xF0\xB5W2\x81V�\x834�\x8B"\xFAC\xF1S\xF0��\xE5�\xD9\xE2�\xAD\xB0\xAC\xD8�\xAB\xF5\xCFR\xA0�,{zv\xFE\xC9
-\xFBÕ™\x80\x94��{uuV\x81\x9C\xACu\x9E�\x87�\xECN\x9F�\xFB\xE2\x88l, *\xD8p\xAAh�u]\x9AC*\xC9\xF3�[M\x9EÌ€\x94\x8Bxj�]�3e(\x9Eq{\xD7J7 \xBE�?M\xDCW>1\xC2�4׋b\x83\xA4�\xF4\x8Ee&\x80\xDC[;\x98�\xA4ÕŸ\xFCf$t\xC5\xF9\xE7S\x82cMF\xD5kÔ•uDI/\xE7\xBBi\xAF\x8B\xCD4z6D\xF9>\xBA\xF7\xCCv\xFF�\xD9�r\xE8\x80 }n,$\xD4f:\xFB6\xFE\xE2�D\xC75[* \xF0�[\xAB�\xF9L\xEC\xE2\xAAXÈ\xCF\xCCRTU\x85>���\xDD�#n\xF1 �\xB6yO^\xE9�F\xBD�#\xEF{\x89}xDq\x9F\xDAl\xAFt\xD8v\xA56"\x93\xB5\xC2
-\xA6.}\xE0w\xC4 \xEA\x88\xE1\xB3o\xA3�\xC9ɧ\xC9 \x91D�\xB3\xAC\xDB�\xF0Y[\xBF�[-\x89楘t\xB7\xC0\x8Ch�,\xCC""� \xF5ő�\xA2\xB3�\xA6\x83\xEDD\x8D)\xAA\xAD\xC2\xE3X\xE4\xC6\xC6\xD0\xF7\xB2'J�A�\xBFӀ�v\xF0\xBA\xE6�\xD80\xC6xu\xB7\x91��\xE7\x83�\xA2n6\x9F\xCA\xEC�k\xA6\x8Cg\xBE�S\xF6z\xA4\xD3/\x95\xEF�\xE8\xD4@�2Uw\xA6\x91J�=\x9C?\xAE�\xFD\x81\xFC\xC8Z<\xDEO\xDD;\xB6= e\xF6�\xF5\x8B\xB1\xD9m\xC9\xE2¬<1\xF4\xB0\xF3\x9D͟\xA9/\xA2P{\x8E\x93�\xE0o\x8DQٶ\xE6\xA5<HS\xE6^\xBCc\xFF WL>+�\xAC\x8Fܣ\xE9�\x9C\xE70\xC6\xEBTtSc\x9Bp;\x86�;\x8F\x80\xA2P5\xA1L6�\xF1T\x8A\x8EP6R\!E\x8E\xB9]|ߴ\xB1\xF6� \xDB-\xFB!\xD0�._\x8B7\xAB\xAF\x84\xA7X\x9DqZ�X\xAB\x83&R\xFD\xFD\x8Aja `x\xE4`\xB0\xA0\xA8\xA7l\xB6q\xACg.b\xF2M{\xC9\xCF�DB=\xEE\xF4z\x86\xD0/\xBBa#\xB3]\xF5\xABЩf\xF4� u'� П/L$\xFD2.\x8Em\xD8�\x93\xCFM��Q_��\\xA4�\xCAeᇆK\xDD
-\xEE\xF9m\x9ChntG*\xA0\xDF\xF6n7\\xB8\xBE\\xB3\xFA\xB6}\x94\xF2�\x8ATGid%�\xD3~\x91у\xF5\xAD8\x{13326F}\xC3\xFA�F\xACڸ3\x92�\xDB�C<\x9A�\x813k\xE8[!ޑA߉\xB4\xF2\xF1\xF6\!
x94\xFD}Ùˆ\xE8\xF1k}\x8D\xBCRa\x81\xBA\xB7\x90\xE2\xBE\\xFC�X��\x83�Â\xE9\xA8;\xD6\xD1�8\xFC\x9A\xB02+\xB1M�7\xB09F\xB1�妧C)�J\xA7\xC3SE\xC2\xCF\xE4�\x8EÈ\x9D\xA0ko\xB5\xBD:�\xD9fD�kx6\x9B³\xE9d\xB0\xA9C\xCA�\xBA�Ý¥\x8B\xBCq\xDE\xDC'/vr\xA3\x99l\xEF\xAEVn\x8F��b\xCC\xDF\xE8}Z\x8F\xAA\xC8}�A\x99\xE0\xB67�\xE0\xE71\xDB�`\x85\xF1D1\x8B\xCD\xC2#\xE5\x8B\xD0\xCAW3\xE2?\xF9\x91_\xC81\xE3Tii\x9A\xD7�\x97u�R\x8E\xE1�\x8A\xC4�BT\x95\xC2a\x95T\x984\xA6\xDF\xCB !�\xF4\xFFCÓ’G�um\x8F\xA7\x87"D\x8F\xD1ľ\xBAAb*m\xBEao\xB0\xAAL\xFC%\xFA�wd\xAC\x95\x85\xC27\x92�\x8BP?PyX\x80L0_\x84
-_�\x85�Q\xD7G\xD7z\xFC\xF9\xB2\x9Ex�Z5\x843&\xB0\xA0�S&\xE1\x8AT�\x9BD�\xABH\xCE\xD3Mn at gl"\xBA7\xF7q\xD4E\xD4\xD3Ô´\xB4\xA5!e\x86j\xB3�7\xB7_\xDF\xDB*
-\xAB4�è\xD1?j\xFA�9\x91`\xB8\xE2Q[�\xE8)\xB5F�\xACj,\x81>.�\xA1\xFF\x9EBy\xF9\x98\xFA�n��\x9F\x82)L\xA9�uw\x8E6\xA0f�
-(\xEBI0r/*\x956�#\x88,\xBA\xA8YCY\xE6\x81ɧ�\xE0If\xF0cWζ\x9D{\xC0`\x8C" ί\xED+\xB86\xB6qԅ\xC6*zc�\xD1\xEA\x81Z\xA0\xF4,
-keF\xFC\x9F\xD2\xF9 \x8D\xDF\xD7Щ?\x9F\x954oJ\xAC�1\xBD\x908\xE2%�1\xAF V\xE581B�\xD6 ^\x86D51\xD3K\x98�\x9C\xBD�;\xD0O\xD3fk\x85-$=�\xDBB\xC6�k^\xE8 \xAE\xDF+c�稲8Ȝ$\xE7d\xF4\x9A�X�\xBC�"\xBB\xB20; \x95\x8A;d�B\xCC\xDFעؒ\xBF\xBD^t\x85R\x97r\xEF\xFB\xBD\xA7Y\xBA�n\x86\x8Aetd\xD4֌+�\xC1\x94�-�{\xF0\xF06\xB7M\xAC\xC1�\x82>ښ�i\x9D\xB1|\xF3\xBAq\xF3�\xF2\xD195\xA5\xE3f���a\xF2\xFE�L\xCFp\xFA\x8ELN�\xEFv\xF91\x88jf�(Ƙ@\xB7%�\x8D|\xE29?\xF1\xD3Z,\xF1\xC0\xBE\xF3fW\xFC\x88DQL\xDD(�\x88\xE8\xCA~\xCCAe6\xD0bHLS\xBAFV\x84�\xAE\xA6\xB7C\xFD\xE3\x84z\xAF;\xFE\xBE\xD8p\xA21b\xEA\xEEn\xDF\xD1\xF0�\xFF\xBA\xA3T7._\\xE4\xEE�\xE0\xB1rւ*\xC1,\xCBAގ\xB2b5<
-�\x87\xAF\xFD\xE7\xB3:^R\xB5\xA7H
-\xCE�\xEC�9:F�w(2\xDD!Rk\xCB\xF7�"*�3w\xC0\xF4E\\xC4$l\xCF\xE3\xE9d_\x99JKGÔ†Ej�\xA0\\xC4\xEDuv\xFC\xF7<\x9E~\xE2\xA5\xE8\xC6Æ\xB2U*\x80?�\x9B\x96\xDF\\8\xA0\x85\xEE\xE7VÉ»t\xD0\xE6hG_%\xE9�V\x8AÏ‹\xC0GO��\xF5RÛ6\xDFN\x9DtÔ£C\xA9\x96'l\xA7\xDAV\x92\xF8
-d\xA7'\xAC\xF6
-�\xAC\xC2\xF5=\xB9\xBB\x8F+\xA2۞ߛ�-�\xB06�ǴmQ at hbQ�\xEE\xC0@\xBE<\x98\xF5J\x9ABH\xE7J\xD1#\xEB\xB5mVi\xB8\xD70\xAE*YE\xE1\x9C �y\xDA
-\xD9\xD5U|e\x9C=D\xDDYW�\xAE\x9C]\xFEF\x90\xB1\x87S0\xB1�ģ�\x9A\xF0 �$\xE6dL\xBD\x93\x86\xBEEv\xEA\xF6me\xE6)\xC0\xFF\xBD\xB2/\xA4kg\xA0�\xE2F\xD7@�\xE5\xE0��\xF8\xFE\x9F\xB9<�B[\xE6<\xF1\xE4\x87O \xD0ea\xBD�o�\xA1�3\xCBȎa!\xBC�l\xD4NU\x8D\x9Aoq�P\xA9Y7\x90+*�\xCEל\xE3kiB\xC7u\xFC
-\x9F\x8E\x8D\x9D\xB9\x8Fo\xBD%�4\xF1\xC6�\xDAByps\xE1�4\xF44%\xC9aq\xFA\x9DH`\xE4\xEF-Q�\xF9T$\xCCF\xC2\xD6&ϡ\xDEᴷ\xE7\xC5\xFDWQem\xCEH50\xF6\xCF�\xB9\xF5\xB2�\xF2�s\xE1��Pw�\xD5O&d0�W\x9F�\xBD\xDD\xED\xA47H\xB6X\xE5\xCD����\x9Cʕd\xA2\xBB�\xCCE]Hx\xCE\xF3\x95\xEA#\xDC]\xE1*M1��Hs}\xA8\xBC�D\xB0\xF3\xF4\x8A\xE4mgvX\xBET
-\xD2Ç™\xBC\xEFw\xB1w9=r\x9E\x84%É\xF7\xBF\xB4\xE1
-\x85\x88\xDBa\xE7E\x84\xCC|�\xD4\xDD\xEE\xC4O\xDC\xE5!\x83\xEE8$\xE1[\xA2\xF4bIe\xA993\xAB\x95\xEC\x83U\xEB\xD48\x9F\xE0% !U\xA0\xD2R\xD3A\x9Ax\xAEP\xF6Ô™J\xD8k\xF3\xC7\xD7ng"��\xBC\xD0�+7tF|\x85;\xFE\xED|Pv�\xF9\xE7\xC6g/CD?A\xE6`CFF9\x80\x94\x92\xD2󮋇\xF9\xE39#\x90�H\x85K\xE0{�p\x94\xA6\xA7\x8F\xF3\xD7Xz\x83\xD0h\xC3Ƨ ×´;{ØÉ…O\x9D\xC5Y\x93\x8D\xF3\xE7"\xF7
-\xE3�\xCA\xC5F_\xD5X\x83\xD6�w_\xA1\xD8K\xE8��JVD\xCBXc\xEFEhۋԗ�\x96\xD9R\x8F\xA1p�\x8AԀV\xA7\xE9\xEA�\xC6\xCE~'%\x9Cje\xF6\xAF�\xB4!\xE7\x98\xF6�:�� cf
-f(\xE6\x92"\xE4\xCB\xE8\xC1\xD8\\xFB�\xD6\xF4\xF9i\xC1<\x84�\xEEv\xD4\xCF:\xA5\x95F\xB2,�\xCE\xD2$\xA3\xDEzv�bs\xD3\xDA�q\xC2Q V-/\xB0\xED-�2v\xC5�\x83�\xE4\x83H\xEC\xA3
-߬\xAB&�\xCD\xC0\xB5�ө\xEA^; \xE7\xDE��\xC7\xF3\xF3~\xEC/\x8C�\x9F�\xF0\xFEh\xBF\xC2\xDE \xC1\x86\x9E^tW\xF7\xB4]\xFE�\x81�\xBF�\xC0\xB7\xD5w2tIW1\x8B��*\xED��\xE0Nk-\xFB\xC8ȯ\xC3\xEE�o\xD58\xE7\xE2\x95<\xFFfZ\xD1\xDBu�1\xA4u\x93&L\xD1\xDF\xC2Z�*4|Qd�\xF9 \x88\xEA\xF3\xBD\xEB\xBDS\xFD0z�'D%4\x95�c�\x8AH\xC6#Gmqu �\xDC�Fu7\xE2\xA8pq�\xB3\xEC~z�S\x8D\x95>\x81\xA6\x85\xB6\x98\xA2\xA5\x87E\xED\xD8^\xFE\xAE�Hj��\xD7-ވ�-�1\x9D1e\xA0\xB1%\x8FɾY\xF6^\x89\xC1\x86\xDA\xCD\xDD\xEFx௰\xE9\xFD"\xFB�cѮ\x9E\xEA\xF6n=F8^\xA3G\x81\xF4nW?&L1w\xF1W\xFE\x93�\x97\xBE\xCD؆\x9F\xCF\xEAƀ#�\xA7R�\xB7\xBC\xDAR�룸\xFE�\xE6
-EڪVMo\xB7\x8C$yg@;�\x94�\xA6\xF14]�\x84逵P\xD8WJ]\xA5�0\xEENڔ�}�0\xFD?\xDCw\xFC\xC4
-"�\xAFR\xCA*�\xD7Q�\xFA�(\xAD\xC04\xF6\xB3)FO\x9B\x92 \x82\xE4�\xEA\xE0\xFE(\xC7\xC0N-\xC5B\xC1\xDAc\xB7}2\xAB\xD5\xEB\xE9\xA2~\xD2R\xAF\xDB\xFB\xC7D\xE3�]\xDB�\xC1\x9B75\xD1\xE2\xDB?}\x92^\xB8\xC3/T89B"�j':up\xB7\xFD�\xC1�\xC0\xCB�\x8Fu\x8Aw�X\xA8\xF4N,[\x9CZ\xD5z\xA1�j\xF0^[\x81\xE9\xD0\xD2\xCAB\xAC ?\xF9\xE9\x88&\xB5_8\xE8\xE8\xAF\\xBFT~+\xAF\xFEz��F\xB9\xAD\xF5 \xE3+\xB9�6s\xD5\xE9t\xE4\xEF\xF8\xEB\xF7\x92\xE76\xE9\xA2MLq\xFD/V\x89{k\x98\xD6�táŽ
-5��\xC23r;\xFE\xAAO\xE9\x8B-\xF2\xB0Y\xFCe\xE5\x894\x8A\u\xD4�\xAE�\xBEO\xBD\xDClM�\xC0\xA2\x80r\xBA%bAB\xF5΢8�\xF21\xE2G\xDD\xF0+kLiy\xFB\x837\xF5�;3\xBB\xE0%h\x9D#\xFC\xEF�[)\xCD\xE1p\xB5\xC4�s\xD9HObg\xD0\xF4\xBB\xD1�\x8E\xB9�?\xA7\xC7e\xD7ĵ{
-�\x9D\xEC�\xAB\xFE&\xC4qKZ\xD6�\xA6� \xBF\xF0\xD2;q\xDB�\xAA47\xB7\x91)<\xB4�2\x89\xC7-Ҹ�6�,\xE9\xF3}\x9B\x89\xCA�\xE1]\xC2?\x85�\x90�\xAE�\xF96ǜb�\x845\xC2x\xC0�\x9E^\xE8v\xEDٜ\xFE\xC9�\xE3\x85~�Ȓ\xD5��*Epב~솳\x9FP\xA7\xCD!\xF0�\x9C\xDA
-^*\x8Eҹ\x8F\\xDDM\xD9\xE0vu\xB8�2\xC8L].�\xCD\xE0E\xB4\x94NDJ\xF6s\xF6\x96\xEA\xE4�*\\xD0qe\xF9\x9A߱\x9C\xB2\x83\xAF\xEAr\xFDrx\xCD!\xB8\xEF%ծΟ\xD6\xF2\xC4ͱ\x9C\xB7q\x9AZ%\xAA\xE6\xE9\xBB�\x8F�V7\xE4̿%\xFE_\xFF���V\x9A*\xDD��\�\x84\xCA\xD2$Ǭ�ǙVa�\xD6\xC3V\xE1\xD9\xE0Y\xFA#gX\xF5ܿ\x8C\xB2\xD5޷\xE8\xEA\xB5\xC1)�,|d\xA0\x9C�\xA2۶\x86\xF1;\xEE\xECSJh"\xACt\xA7��?\xDFyiKYLڴp؊�G?'\xE2{\xE2�\xC1:�\xEC&~&\xA8�*Ir\x89O\x8E\x8A\xDC\xF4\xAB\xFEa\xC0�\xE4O\xC0\xDD�0\xD8ԛ\x9BU\xF1 at t\xB0'\xC2�\xFF}�\xFB\xA8ÚA0I\xF9\xFAL{\x97p.\xF0Z\xA6{xyYO\xDB�\x96\xA9�\xC4\xEF\xB4+\xDC�s�HuO\x8C\xA8\xCEU
-G\xA3\x96@\xAC\xC8o`\xF1\xFD"q�\xE0\x91�\xB1\xEE\xF8\x95\xA2��\x86>�M\xC5�\x80\x9E�Qg\xAF�\xA6\xFCn(N\xDF_\xE4z�[�\xF2\xF4:\xD5K�\x9C\xAD\xB2S\x97|v\xEEc50\xF0>r\xE1*\x98RLZ�r\xA7\xB1\xE6\xA8F\xF7\xD3\xCB\xC5R�\xE8\xAF%\xF9d\xCF\xCCnw\xB0�GA\x9A\xA4�\x92\x80\\xEA\xCCp\xBD{\xEB;\xEE\xFF\xA9\xA31\xF6�\xA7\xA4Z\x85(\x8C\x9D\xA3\x9F�\xE2\xD3�lX�z\xF8ӣg\xAE\xE9\xCB7\xE2E\x96$�M@ò\x8A\x8C!\x91\xF8\x84~�!\xD3m\xA1.YAu\xF5dO\xC9P)$0+1\x817`\xB4\xA6>\x8BS\xBA\x9A\xE0`\xD9|\xC3\xF9\xF5Z+i\x!
CC%\x89�\xD5-\x8E�\xADLf\x841\xAE\xC1]L?ç©Ž\xFD\xB2\xF8d\xB5\xA7j\xC4a\x9A\x9B\xFD��\x92\xAB+}W\xB8\xBDC\x85\xF7 .\xEC\xF1H�Ö¯b s\xFA�=l!\x81\xEE�‚0Q\xAD�%\x97\x8D �̤\xA5\xA5\xAE.\xA9Q0cÑ…2\xA1\xF9\xC4r*\xDB>\x9F\xD9�8\xF0r\xF5\xDC\xF4\xCEG\xF9\xD3%'\xA7\xC25\xE6+)\xC9\xF1;wF$\xF6��\x92/=\xD4=\x861Ñ¡*^\xC0\xBD\x94\xBBÑœ\xE4J\xFB\xA2\x9C%u\xC5,\xBAs+\xA7\x8DItO\xB8\x92\x8D\xFD�\xF4�\x90�\xED�^\xEA\xD3qV\xC6/\x90\xF5\xF8\xAD\x98\xB8\xE8c\xA0\xE8\xAC\xE6\xB2ao\xBC\xB8=\xA6\xAA\xF2^y#��et\x85\xCB\xF5\xEA�j\x87sK\xC6\xDD{%�&\xE9\xB3 \x98P�\xC5FU1�\xC2\xE4\xFF\xC88Lˇ\x99\xA7\x94�\xC1W\x82e\xBES\xEE3_×\xD0R\x85%\xAB~Þ¶\x87\xAA\xADR\xB9\xBC0Ö¡|!GZ\xAC7\x99D�\xA1Âml\xC9�\xAB \xFB\xAC\xC5Ú›��\xE5'\xFB!ªX\xCC�ƥЇ\x9F$\xDBn\xAC\xDFi�\xB6cN\xD6T{\xB7d�\xAD\xEC\x8FD\xA7Xw�\xBF\xA7Äš�U\xA0~p\xCC\xDF�\xED\xDB/\x938� &[\x95+2u\xB5\x8F�@H�\x91\x82,\xCC݆\xA1\xF7\xB5�\xEEK\xF4\xCEF�T@\xB7UN\xD1-Õš\xC1%�\xAB(a\x9A \xDA#\xFA\x89T�\x83\x81Kc\xB4\xB3\xE7\xF3|*\x94�n=\xA5K~e~Ï“
-\x97[\xABR^i52)\xFAI\xED�8\x8E?\x9C\xF0\xED\x95(H\xF9�%\x82\xB6\xA7q\x8B\xA9�[&H\x85U\xBD3\xC8��\x92�Pǃj\xDEX\xA1(�\xEC\xC1\xF5J[\xDA(�y4\9{1\xAF\x80�k҉X)\xD7'\xD9ʱi\xFC\x83\xB2�\x81{\xE6x\x8AH.\x9E?\x96\x85� ݮ\x90�C\xDAS\x8B|\xA6i\x9F\xCE�+\x97^P�c�\xAA(\xBF\x9C($&:W\xA7�||R\xCF\xE4|\xF3\xAD\x84�Ñgx^\xAD\x88I4\xBF,]\x85\x8D\xD1\xA7 <\x91�\xE5\xA0\xE3\xDC�5u@܉\xDC��\x8A4 \xF5\xF5펛�\x83\xAF\xD1E�\xFF5qK\xC1\x92\xE6\xFB\x84wQU\x9B\xD5\xF3\x94�aRG\xB3o\xB6ʊr\x84\xFD�\xB7\xFB\x96l\x8A\x85Q`\xDCw\xC8�W\xE1p\xB7�\x8A|S\x8C\xFC\x9B\xF8lu1\x85\x8Ac5|\x81\x96b\xBF\xC2ϰ\xF9R\xF4\xF0"TM\xB7\xDAt�|zg\xDFn�\x82\x8F$؊r}7\xB8\xEC�\xBB�\xD6UT\xE6T^\xBD
-\xB8\xD0HxԚ\x991\x87��3�\xDF?1_%\x91\xD5 ኚB|\xCE~\xE3�n\x89�"\x94\x91\x9F\xC04gqٌ:\x80�\xE2d[\xAD\xD6m\xEC`r�
-\xEE~%\xB3\x80�8\xC1j\xB7\xCCÓ¥\x{DA6A}�f\x89\x81�\xBE\x84\xF6\xA7ω\xF3\xE7\xF4$z\x831\x8E�\xA4PP9*'+p9\xF8x3T.\x8Ch\x93\xF6J\x99\xBF\xC2\xF5\xE6bo\xB8\xF3\xBE4\xAF\xED\xF2\xAF\xFD ~\xB5b�\xE0\xDC\xC4\xC6\xC5\xEB\xBA \xC1�J\x87\xA3\xEE2\x83=\xDD \x99v\xC16\xAD}\x8B�R\xF3�\x83\xA5\xC1\xF5IbS�\x9FI\xAC\xE9\xC8"\xB2\xFF X\xB4\x80Z\xA3\xB0\xD7 =\xA1�g)+\xF6�\x95m\xF2&\xAE\xB9\xE1t3\xC0\xA8\xC3(t\xBD\x97\xDA/R\xA4\x8B+T�\x8F\x92M\xB45c\xBB\xB8\x8D\xA0m\x9BR\xA8f\xDA\xF9p \xE4\xD6>'\xB5\xAD\x92\xFD\xB9\x9DR3r\xDA+\x91GGN\x92\xEF\xEA\xD6\xC1\xC7 9p�\xDA��Ï‹\xE3\xF1�\xA4H\xFA\xCF\xFA�3Ë«\xA4:_\x88=o2��C\xA3\xE3w\xC4%\x9C\xF2\xEE\xC2�(\xD9N�\xB2\x99`�\x90\xEC^�\xAA\xE4f\xD3\xDC`\xB8{\xD1D\xB1u\xF7P\xA1\xCDy\xB6\xD5\xD2�ÌL\xF3�^�\xE6\xCD&e\xE2\xBFy\xB5\xCB-g)\x9E\xBE˼\xE5Db
-�0NRg\xE4\xC1\xAA\x94).\xAF=�\xB0[\xE4�\xE5K\xE4}\xF7䥾\xD5fM�\xCE\xE5\xAD6KÙ•\xDF\xDBi�V\xCEج\xD0 at Mp-�\xE7F�<\xEB\x92\xE3K\xF5#�#\xA8\xE6\xAAf|\x95v\x9DÓ¸ \xE8Sy‘\xCFz\xCA\xED<hJ\xC3�&�2\xE7\xCE[\xDB\xCEÒ¦j\xB9\x9CZ�\xE2a\x92 \xC5v\xC3�\xE8\xDC\xD0�\xD2b�\xA4\xEE\xFA\x9A\xE8c\xCB�\xC9&<f \xA9�K�@�\xDFÞ¶\xC7tL.�\x85\x97g\xE0N\x99\xF1\xF5\x9DC��u\xA3[f@\xB8\x8D6\xEF\xC8P\x87�&�\xC0 +.2\xE8\xE5H1 \xDD��\xC9.\xF6\\x9D\xA8T\x96ß²�I\xB3K��*\x8A�\xC4\xD6S\x9F\xFE\x8D\xEB�\xD4H\xE5\xBF\xC2 S�\xA1\x91\xA3ÙŒ\xF6b\xDDl\xC0\xD12\xE3\xC4H\xA3�Ô¯`E.k\xA4\x96|\xC5\xC8L\xF4\xBD\x99ª\xE8Ù¼\x82\xEEU��\xB4\x81�\xD0CJ\xAB\x8C\xB8\�ÆŽ\xB6��>\xDA\xE8\xE6\xF8\xAE-\xDF\xEC\x8C`9\xEE3y\xC9e\x8C\xA2\xA1r\xE36�\xE9\xF4\xD2\xC8\xE2&�\xEA\xEA\xD9x�Y\xBD�#\x8B\x854.'!\xE2\x93߸\x95\xCB\xCF\xE7\xD7}�\xBE \xE0\xD2m\xC6h\xB2G:\xADv5ß¾>\xB9\xE8\xACI\xA4R\xAC\xF3%\xED\xAE<cЀG\xD9\xDDS-\x8FX\xE7\xA3\xD7\xF4y\xA1!\xF9Ì‚\x95\xCF\xE4\xC4&\xAE\xCC_-}\x95\xF8\xDC\xCC`.PG\xE55IV\x80\xECDh\x98\xC1$\x9A�\xD2\xC5]\x91\xF8Ý…\xC8\xCD\xFF\xEC\xB3\xE1\xF10\xD9\xC6�\xB6R\xB3$\x89\xEC\xD4Û \xE9Ê s)*\x96弌�̓ \xBAX�a\x9D\x98\xDE�\x9B\x87\xB1^\x9A\xFCN\xB4�\xBC\xBB�\xAF;%�'\xE4m7r\xA8|\xFD(D\xB8\x9A\xD5H1N\x982\x9E\xB9\xA3(V0A\xF3\xA5\xDB \xC4�\xD6\xCDi�L�c\x8E\xD2�\xD7r'W\xCC_\xE9!
Lo\xAC\xD4C\xA5\xDE\\xDAD\xDB\xE4\x91 \x8E[\xCF I��%\x98yu8}\xFB\xBE5Z�\xBC\xBB\xED9 n=�"d\x84\x99\xCD\xC8\xD0�\xD2IÔ•\x9C\x8A�\xED\x80�\xFD\x91\xF4�\xD21\xCA\xC5|0�\xF7\xA9\xD6(\x89*\xBD\x84Hr\xC9;\xC7\xCB3q\xBE\xA3\xAC�×¬Ê \xAFi\x8Bv\xEC0Ç¢\xEA\xCB\xF2\xAFAs\xEC\x86î¥\xC0\xBA\xB6�6\xF7
-\xC5\xEFB\xFA\xA6\xB7bF3�\x91\xBFR�m\xAB�v�\x97�\xBENh\x8E�\xB5\x9FSs-\xA9\xAE\xD8�V�\xFB$߱:\xC6M\xCF\xC7a�\xA3鬥Ҟwu\xB8`\x86>I2"m�)p\x9F\x86�\xAC)LJ-sE\xA4wB\xC6\\xFB�\xE0x\xBCu\xC1 \xEC\xE0\xE0\x9D)\x86\xFD\xAE?w\x90�-\xFE\xC4\xDB\xF3S*\x87�\xDB\xD7w\xFCn>\xF2\xEEº佇1\xA9\xFA\xECIn\@\xC1\xFB\x82#\x96\xCAI\xA3\xF3\xFEm\xFC\x80\xCA\xE5��^M\xE5Q5��ۆ\xEC+f\xCC\xC9)sm%$\xA5\xAE2A\xC1*r\xBE\xAFi�`\x83\xFF\xEB\xF7/\xC9f\xD7(\x92�e\x8Ep\xFD
-\x92Eb\x8A\xF8\xD2\xF2\xF7\xB3\xF3�rrx\xBF\xD9\xEE\x85\xCDa"\x94\xE6$\xE7\xC6:O[\xBDD\x97\xCFM�mî”\xF3\xAF\xE5�\x8E\x8Cl\xBA7\x9B\xDF\xD4\xC1\xAC\x84�dp\x89e=\xE3v\xCFA6\xE4\x93\xDBc4\xAA\xD9 \x9E��)\x81\xCA\xCFÓŒM�\xEBU\x97)\xC5#\xE3\xF9p\xA5)~\xD8߇g\xBA�te�\xA9\xA0wuÃ^-Ù†\x9C3�m6�vx\xD0.\xFA\xBBCd&\xCF\xCC ]�\x8D\x90\x88
-%"ë»\xB5 4-\xCE\xF8Y\x90m\xBA\xAC<\xC4�\xD5\xE0\xC8VT\xF8Eʦl'\x87U3�\x9E,3\xEEÔ€K6:\xE1�\x85\xC1 ز0�\xD2\xF6uX\xEA\xE7\xF9p\x83$\xF3\xB6\x9E\xC5\xFB�\x9AR\x99=?\xEC�\xBF3OZ0\x9C\x87�\x8B\x9C$%�f\xC55\x95.," �\xC5\xD5IKfL&�\xDDd\xAB\xD2Û¶
-\xD2*\xD1z>~�|\xE5\xC4!\xE1\x93;T\xFF\xBC\xB0wc8\xC2
-\x9F(*mB\xCAp\x9177cq\xB2\xAF\x84#e�\xB5\x88\xBDe\xF1\x94\xE6\xA6KN84\x90e\x81
-\xFE&m\xD5õ\xAD1Û™\x8F�P\xB7\xA3S\xD3<\xF2�\xCA�V\xB5}�\xF7Z\xEA\xA7@\xDEM\xEB\x80��<\x80\xAC\xE5\xCB�&\xFBq\xDDA_\xC1X�Rz\xBD\x96\xAC�X�;w3\xAA\xB9B�\xCB��?#,d�?\xA5\xAE\x8B�#�{\x9Ch\xEF1��\xBBD\x89L\xC4ш\xD4]L\xAA0\x8BG\x80~8\xEEK\x8B\x9Eo H]\xA4\xE4\xEB\xAE\xFC\xB2\xFE\x93\x92B\xF6\xBEw\x80\xD6:8Y2�\x9Fo\xB8È\xA3\xC7}\xDC\xD5V%\x81$\xC1�\xBD\xF4K\x94t\xB3�15^@$N5k\x9B\xBFW\xB2\xE0\xE9\xEEJXɺÝh\x87\x8Cq\xC7^\xE8\xF0�^\x97\xDB\xC1\xEEH\xFA\xB85�<\xBAL~_�\xDCO\xF9o\xDD#\xE3P�\xF7C(oqZ�o~�\x84\xD8q}\xB7wy\x99s\xF8\xC8 �D\xFBXp�\xA1E\xB2�Y\x87ND\x83h\xAEk\xDB\xFEÂΦ@�\xC8Ë¿_\x9F\xBF\xF4\xB2\xE7H\xBF\xCB\xEE|\x91\xA5�\xE3P[�\xB5\x9D!^\x90O\x83\xC6\xC6r\xE11\xD4Ñv\xCF
-\xB4\xDF\xEF\x8Aed\xEC\xB0\xCAC\xB2\xD6'Ó˜\x84\xE7\xC0\xE8\xAFu9\xD4d89\xBB}
-\xA9�\x9Co\x81X\xD1d�ǎ\xDC\xD0�PS\x8A7\x81\xED\xC0\x85\xA8><\xA4�P\x9D\xC8 1|\xB97\xDFVy�Ų\xBD\xE9\xE9\xE1%\xCFڔ\xF2\xC7�'Y\xA4\xD4\xF1;\x988\xA5N\xA2\xC4\xEF
-\xB5�#\xAE�]«\xB8H��gg\xAA\xFE�\xA2Ó‘\x89\xDC|t�\xFFH�\xB0M)\xA6�R\xA5 \xB6N\xAD�\xC6ݪ\xED\x9A\xF2\x83\x89R\x90 \xED{\xF8\xB9�\xE9L\x80��\xB9\xCEĶ\xE7\xFCDG\x87�\x84�*�\xE7(\xA4\xE1P�\xA3\xF0\xE2\xEB-\xEE犌�\xE3���)@\xC5(?\xBEc~\xBE\xE2h\xE0,R\xFD\xDDFî½3\x88\xBCm\x96\xE6q5<,0~�\xF6K[XÔPI\xA6\xDB\xCF\xF3\\xADb\xA3\xDF~\xC0!&���\xEE\x83�\x91{@��\xDD\xF7\xBC�\x89N\x96\xDE&H\x80\xDAÔµ\xA9\xCC22Ï”)I\xD1B\È¥=q\xCE\�\x89\xE6\xE7\xB4\xD1\xE0\xA5\xDF \xA2b\x90�\x91��\xF3\xF8\xEC\xE5\xF7\xA7i\x8EN-\xB8D&\x88�5�)\xDF\xE3\xAD\xF33.\xFFdn#
-\xCEs!V\xA0\x95\xE3rML\xF1<�'\x9AP\xBEԟ@\xB8�WY�ґw\xE7\xFF\xF2\xBE\xD2\xE7\x96֖V.wں7q\xCBw \xBEy2�ob�W�}\xCB\xD0\xEB\xA3 ~W\xB7\xC0g\xB8sbj\x84ȳBMt�\xE8i(\\xAD\xF9\xEA\x93\xED&�\x8D�\xD7\xD9zz\xC1\xF04#C\xAE\xADx@\xE5HCK\x90\x82[\xD0ڤ[\xDE#ǩr\xD6{\xB0\x93\xC8\xD584S\x92cm\xE1�˓�\xE1�\xF4ڤ\xC8*�\xA76MM*s\xCBY$:_�\xCE\xF1\xA4C\x93ؓ\x9B�Ӭ\xAAc\xBE\xECi�'�\xF5s1z\xB3\x9Dv\xD8h\xE6:\xAC\x97�\xB5\xBC�\xD9\xF9\xC6L\xE5\x86Җ\xB3i]\xA8W@\x86\x96M˶\x8Dڧ\x89I܉U\xA1\x80G\x87�\x95
-\xAA'�>\xDBf4C�\xB8MvtrZn\xE0\x8FyT\xC9��Z\xD5$K\xCB�\xFDaG\xE5E\xECݿkr\xC0\x87~\x9Df\xB5\x8E\xFA�\xEE\x84\xD9G\xE9\xA6\xE9\xE5Ga5\xDC\xD31\x83\xCCZ[\�
-U\xB6\x85\\xD0ר\xB7\xFC�\xA5\xC0\xE6\xEAۂR\xE8m\xE0>\xF1\xBA4\xEB�\xB5�\xF7V�yG~\xFC\xBDm4\x8F\x9D\xF8�0Q\xCD\xCF<\x815&6,\xC5*\xD4"� \x80\xF6\xBA\xE0\xCF`]M$��\xA5\xB9\xBC$\xFB˫>S\xEEy
-i\xA2\xA7\xA3 ���!ãº\xB2\x8F\x94\xD0\xD9mP\x9EY1\xE1\xC8U\x97\xACh\x85\xF8\x83\xDF'p\xBFX\xB20\xAB\xC5\xFB�\xD7N\xBF\x94UV\xC0z\xD4v\x83�Üš\xFD\xE2\x84\xE5\xAE\xF0\xD5\xE6j\xE6\x96Ä9\xDEr`Ã\xB2Ù·\x8F\x85Z\xEE\xA2\xF4\xC35\x86Q�\xAF\x84\xFF\xD6e�\x9E&�Z\xE7:\x80\xE2\xDC3\xF9O7\xEE\x95r+B�\xAB(\xF4]g\xFEÒ¦�\xC8\xD1H=F\x8D\x88ez�u\xB1!D\xD3\xC6Qfl\xB3C%q\xA7K\xF5\xAF�\xCF\xD6Z\xAE^\xAE�\xB9N�\x88;\x96\xA4\xDF\xC0\xA8Z\xD5�S\xA1\x85�\xC4\xF1\xCE_\\x91\xEB�\x8B\xBC\x8B�\xF3Do\xAEF�\xF8�>\xA6R\xB0\xDD\xCDj\x91~\xC9\xF7\xAF[\xF7o\xEC�\xC4�\xE6\xF2�n?[\x8C\xE1)m\x92@\xA9\x97\x91\x8C1\xB4b\xD69\x8F\xCDÂn8-M\x8AÝš\xE1_j\xC2\xE5\xAD�\xEA���\xC0:�B\xDD{��8J4 �4q\x86ea:\xA0\xFD�>F\x91-\xBC\xAA\xF8\xACO�\xF0\x85\xE0\x8E\xF3MA1b\xD2vB\x8E0{\xABi~n"\xC9��(\xE3UeAq\xF2`Z(سRl\x908\xEC|\x96\x8F\xBDv:\xF8\x9F\x94\x82�'\x8A\x92�^\xC4\xCFl\xC77\x85\xB7}\xA1\x854\xEDK\x9C\xE7:\xA9\xFA,X\x85\xA5\xAD\xAD\xA1bt\x87~W\xEE\xA5\xF6\xD5c�E\xAB\xC3\xDDS\x8B\x86=@\xE5 \xB4\xCA\xD7\xE6\xE5\xF3\xDE=hj3\xE1�R�e*\xFD\xB8
-C\xE0\xA0\xEA8\xCE\xC9]\xD6zá\xB7}6\xF9\\xF8*\xF8\x8D�1B%[3D\x8EG V.C#\x95k\xD4\xEE\xA0F�\x92�)қ\xB9z\xE4\x9D\xFDWݱAKyI\x9DZ\xF9�\xFEr\x85\xF9\xC6�3�c\xCD\xC4\xE6\xDAH\x96V*\x9B\xF1
-\x9FH\xA1�\xF35q\xA4÷i\xB1\x82\x94p\xB3\xD7S\x93\x9A\xA1�\xACp\xA3\x93
-\xBF\xA0E\xFB�\xD9c\xA1�\xF3,\xDF�l\xC15\xC1\xB2Ȭ\xED\x8E\xCFl\xA9-f�Ϳ궘SO�p\xF8\xBC5�Sy˃\xF8�\xFA\xB6(\xFB
-.3\x9F\x96\x81�\xA7\xEF\xA2U\xED,?H-\xFD\xD6\xD2zÆ¥\xA8>#uQ4\x9F\xD5�\xC3J�E,\xB0NN\x95SON\xE3ó‚©;0\xE3b\xB0^\x89�U\xE5\xAA<& \xB2N\xE5\xF0 I[\x95ƫ纴\xC9Q\xEC�\\xEF\xE5��\xBA\xDE\xEF\xF1�8+\xECNH\x89\\xB6\xA5S\x89)\xBD0@\xCCJ,y�\xDFÙ�?3F\xE7\xD0�i\xAE�\x93\xC2�\xA9�
-X%\x8E\x85\xBE�\x87�\xB8\xDD\xEB\xC4\xECk�|�\xDF\xE2�\xF0mb\xD8|\xB6\xAE\xB6L\xEF\xC4�\xEC\x86\xD9\xFB\xB8ä¡›\xBF\xE5�\x9D4�\x9EUt\xA7�\xCD-\xDA�'\xCFx\xF1wÓƒh\xDC�\xA3\xAC�N�\xA6\xFA\x80\xB7$��:\x96\xA9<\xA9?�\xE6\xCC"7{\x95\xE5�Qιv�\x81 \x96 Y�R\xC0\xAFT�\xE9\x9C'Ob�\xAD\xB2�)7_\xF9\xD6\xCA$\xF9\xD0GD\xCBky\x97Ý\xB7\xA2�ÉŠ\x86Ý¡\xED\xB8�sx\xB8�\xECq\x8E#c\xDF�\xEA\xA9ʱ\x95g\xF3f\xA9\xF5\x8D\xCF�)mé¼³_\xAB\xB4`\x97\xA6\x84j?\xF9\xC1\x93\xB3\xDB)\x84\x84)F'\xCF\xD4�JL%%\x9B\xAB\xC9w�\x82\xA6\xA4\x89\xA1g\xB8
-\xA2�̪Bé±¢W>"BY\xC9:VS�=e=X|\xF9\xC1\xB1�\xA8\xDEw \x{1BC394}\xF2\xB0=\xE8\xE4\xDAD\xA2z*\x95(J":\x93\x96\xDD\xE6\x8D\xDC\\xD2\xCB\xE2\xA6�\xF2U\x8F\xE0\xF1+\xBA\xA1\xEE\xEE\xF1,�XbA\x9DeL\xBC\x81�\xC1sg]\xD4P\x8A\xFB\xD5!\x91\x9DI\xB4+SdD\xDE\xC0\xF0\xAE\xBCb\x96\x8A\xC7�\xEAq\xFC\xC6�\x8E\xB7\xDF0\xBA\xAF\xAC�\xF7Y\xAEM\xBB\xAE\xA1J\xB1\x98|�\x87\xE06RBÃ\xF0\x9A\xCD\xD8\xF8\xE6U\xF7\xB9\xA8E\x97�9Ò\xEA\xFF\x84l\x99\x96\xA0\xC5\xDA\xCEÔƒ\x99\xAD�G\xDD\xEA\x99�"��\xE2X[zq3H\xB3\xDC\xE9[\x8B\xE3q\xBB�\xA9\xA6�-\xDA\xDE,ÈŒ3:I{r\xBC\xE2�:\xDC?#\xA9+\xB2\xF7%g\xB2 X6F~�\x93K�0'\xD2\xF6\xE9\xBD0�r=\x9F\xCBH\x93\xA2\x93\xE9\xDEi\x8C\xFAR7a\xB4�B�\xF6j�\xBB帒C\xEAOm\x8BFE\xA0\x84m�&V\x94'TK\xF5\x9C
- \xE7�\x84\x89p')\xF3s\xF31\xEC\xAFz\xA3��\xF9߲�\x9B�\xD4Վ�\xD9\xCDd\x95\xBEJ\xE3\xE0\xF5g�\xFBP�\xB2\xF6\xCE\xC1\xF9i\xD1r
-\xBF*,\x89H\xE7[�`\xF6R�{w\x85\xDD\xC6�\xB85\xB9\xBE\x8Aǟ\xC9z\xBC\xC3�WDg\xE3X�\xB0+>B\xC3�]\x8BB\xE1m\x83\xE9I\xDC_<\xA9�\x9C\x9D+V\xA7U\x9E\xCCGT�Ƃ�(\xF8\x87\xDEv9N{\xA0\xD3\xFC
-�Ó\xFA\x9A"\xFDSz�\xD7\xE2ת\xA02\Ö´\xDD\xF5ØŽ��HhKÌ´\xA5s\x9A\xF9\xEDio\x9D=\xB6\xEFÇ·\x87\xBE\xDC⪧\x96AL!\xBE\xEB�\xF8�\xE3t\xBEtblkM\xC0\xE9\xB97A\xD1|e\xB7\x9A\xE1fa$�|\x94?\xB2\xC50�\xCBv\x9C�\xC1×°(�Õ‚\xEE)=\xED\x86\xFE \xB1�T1�\xDF<\x94� \xEE\xB3 P\xD4Úƒ\xDEz\xE7\xE4u�\x99\xBB\xD3ƶ\xBB]\xF7so\x9Bw~\xAA\xB0\xE4\x83]\xDBG\x85,\xA1�\xF1\xF3!X\xFAÆ‘\x8E�\xDDo-*d~}\xE1\xF3\xD6\xF62�\xA7Cv\xBF*\xECi\xEB\xD5\xCE\xF8\x88IX�rg]\xE9\x87
-\xB3Y�\xE8�\xEE\xE3�`"\xF9\xDEW��׷\x81sԿA^n\xD2\xD5\xF9I\xD6\xC7Z\x88\x8B\xD5�\xFAM�\xBApn\x8Dc1\xE0\x80\xF4C\x85M��\xAF\xB3\xF9m�lU\x94�\x97Xz��\xAD\xECS;\xD2\xC1\x92\xBD�yX\x9EM\xC8\xF0\x9B\x92]h|\xB9 �\x88\xFC\xACa^6\xD5\xE9�vH\xA3ʚ\xC8\xD8Du\xF6G\xD1wdp7\x99\xF5\xF1\xE0\xE9\xD6d\x93\xF3?\xA2\xD1>;\xF4\xA5:\x9Eu\xA0�\xF4\xCD\xE1S�>3\xDE\xD2\xF7\x93\xC9�U\xB7\xE1k&\xBD\xFE\xBDe|\x91\xDD\xDBZuF\xD20\xA0
-\xAC\xB1\xFC\xD5�\xB8\xA2
-i\xD1$\x8C.Þo\x8A\xE1r\xF2"~\xD6\xF9\xF4Õ³zUF\x95=G\xC9\xDD��\xA9\x82��~\xE9R\xDC\xD7h4\xD6\xC0\x9Dei\xE2w\xB1�žR�\xFC/�dR\x9D\xC1\x8CTk\xCD#w\x830&�\xA7\x9A\x9Eh,Gë�\xB1\xC3\xF1\xB0\x81`�\xBFpLs\xEE'\xFAm\x8D\xAF=�\xB1\xE7ɱe\x97�~\x96\xAF#\\x87z\xF3,\xAA\xCA\xC3\xE3\x95\xEC�9\xBB^B\xFC\xB9\x93\xFF�C=u\xB0cDk �\xFED8\x9C�/\x90'V\xB64\xA5?�\x81 a\xB6d\xBB\xD8\\xF1Q\xADm\xD3\xF5:F,\xC7\xC7Ô²\\xF1\xCE�<\x9Ar9o\xE2\\xE8\x89\xF1Ób]\xC5�\xBB\xA6\x8Ff;U\x88#e2S>��\xA0xV\xA5�\x98ÃŽ\xAD\x88�\x86꧗j�\x8AP\x99\xAD\xB8\xA1��.!�\x91#\xC8\xF7�\xA9v�o\xD4`\xD2S\xBA\x92\xFB\xFE�\x9E}\xB0S \x89\xD4&|\xDA�\xCA=\xCA4�#\xE6Ì—\xEE\x96\xC12$�!\xF9\xAFÕ³\x83\x92(�Z3�\xEDtU\x95\xE2z\xAB.V}e�\xBC\xAC\x9Ch>d\x90$ z�H�\xA4\x865\xE76�\xE3��\xA7\xFCL 5\x87\xEAC\xA0\xBA/Jd~:\xA6\xBC\xED��fIu\x84Ìu\xFC\x9F\xF0c%\xD5î¹£s�\xF1\x82O>���\xBB9\x8B=�l\xB6\xD6\xD3�+#\xB0H\xD2I-\xF7@?JP�1ih\xBE &\xEE\xC9\xF4]\x93\xBF|X\xE4\xB4\xDA\xC4�\x9D\x83v\xFA\xB2\x86(á“\xA1\xB45��CzC\xA24\xFA1.�X��\xD0Í�\x83\xA7
-�KK��\xA6\x8Ci\xFA\xBAz#\xD2.\xE2\xF6\x9D�\x9DG]�\x82\x8F'\xD7ԯ\xBF \xD2_X\x8B�_\xB0�\xFEx4\x82\xF0\xC5˳#\xA4\xE4"\xABP\xB9\x96j �\x96\xD1�\x96BY\xED\x8887\x8C\xC0�z" IO\xD2x\xE1s\xD8l\x9F\xB1\x9B\xC9pk7K�\xF0A�\xE7/ɇH\xF9M\xB8�\x9E6
-T\xA0S!\xF5\\xB6Z\xE3\xD2J)\xA1#\xA2:s\xCC\xE6\xC0\x8E_\xEER\xB7\xE8\xA2#ԦB\xF2 �:\x8F~��\x823LѸ\x89dR\x94 \xD9Z\x98Qő\xC0O\xE4w\x87\x88oJ]\xAC
-|*L1qB'�)\xC7L��\xB2$\xCE.��\x8Dc\xA4\xC1}2\xB4\xE4�\xEA\xE2q�zE\xB8i\xDC(\x80\xCB\xC0kD[�\x88\x84gÑŒ\x8E\xB2\xDEÝ‹�\xCFY\x85\xCA4寖|\xEEVO.\xCE߶,\xEFO\xF1BϽ\xD7\xF5\x9EldX\x8F|\xC0\x90VlË„�\xD12\xE2\xD6\xD3\xC3 ND\xE8{\x9D�\xF2Bl\xE1y�\x84VT\x9B3Ò„E�/�u\xE0\xF7\xFA\\xBF\xB7\xBA\xDCg�\xEC�7\xB1\xCB�\xD1"Ý¿"\xB3�\xA1>\xB2\xBF(C\x8B\xE3\x9Ee\x9F\x9BP��R\xF2FW\x9F\xAB"ÃÐ¥\xA4YX\xED\xF9\xF1\xC4��XY6\xE8
-\xEAOq\xDA\xF4\xA19U\xA4�$\xD6=6\xD0\xF0\xFC|H\xF2\x8B\xB0s%nS,{�\xA8\xFC\x88&\xF5ʒ��\x978�$\xB2�c\xE5\x926\xBF�p[�\x8Ex7\xEDj\xA3\k@?\xAE\xF0�\xB6�"\xDC<4s=3\xD1a\xBDB\xDA_Z\xBC\x96\xE2�\xE70h�^\xD7Iӡg\xC0DF\xCC\xFB"\x90O,v}�V%t �\xEF\xE6\xFB\xFCH\xA6\xBC\xAF\xB8\xCA�i\xB9\xF2\xA2\x8C� \xDEf4\xF0A��\xD6\xD5\xF0�\xEE\x8F[�\xF9\xD7%\xA3\xA9!\xBF\xD1�\xF4\xF8r{&\xFF\xF6\xA7\xF5�'Q\xBA\xB5݉\x92s$
-V\xBA<3\xFFi\xFA\xFC`\x90+zв�\xB1\x83\xF5\xA4��\xE2By\xBFe5m\xA8\xE1^�[\xC4yaS�\xA9a\x8A\x80()ޟ\xED\xC6\xDC=7w3\xD4V�\xB3Md& �\xF0\xD1\xC8咽T�e\xF6\xE4\xB4�\xFEe\xA2Q\x8E�h\xAC\xF5�\xE4\xD8\xEEα\xFF\x94\xF8g�\xB4>\xBB6\xB9\x94\xBCg\xB4(>\P\xF3\xD4k\xBA\xDFo\x86\x91v\xDD8\x8B\xA5\x87HZR\xAF\xB1\x98(�r\xD4s\x95\xCC7R\xB6s×\xBBL\xED\xAA\xF8\x8A\xE6\xFCz!\xC1\xC8
-U��[\x96ղ69\xA7Q\x8E\x83.[\xBF\x92\x9D6\xE7\xCFh\xFCS\x97W�se�\xAE\xF7\xB1d\xDF�b�f\xEFy\xEEI\x87�d\xC1FbN\xFE%\xD5g\xD4\xC6G\x9C\xA2,b\x9Cr\xFC(\x9A�\xD9\xC2%+'�\x8B
-\xD2l��\x81\xA3g"\xEEu\xAArC`W�ro\xA61\x805\xC7�Cȅ\xE7p\xFB\xB6\x9A\xCD\xC4]s�G\xB9\xD1On\xE4\xE0rq\x9C\xECZ\x9DI=\x85M}\x85�)\xE4CQ\xCA~ \xEA!\xB5\x9F\xBE�D�z9\xB7%e\xDE!\xAD��\xFB�\xA9\xC6\xC1\x94,�\xDD,>׿\xBF\xE2b\x89lG\xFBrs�
-R�\xF8V0'�uV\xB7\x83�\xD4)�É \xB2;^%!�#\xFA�ㆹ\xE5"\xE0\xF7È“\xB5�\x82i4Í �p#\xD6o\xB7\xA4_\x8C\xE4%\xB1!\xA5\xD3\xE6`\x85(�`\xA2ix\xB8\xFC={P\xECr�{[\xA33\xFE\xDD\xC9�\xB6�*\\x8D\x90�\xD4v\xB5�v��\xC8\xC6e~0{z\x8AJ��"É®\xD1c
-\xB5\xC4\xC0\x8B\xED_~ \x85U\xA2\xF7\xED\xFDw\xF5�\x9C\xC56o\xB8J\xDA\xE8\xA8�O\xCA\xFF7E\xAE�\xD5?\xFFm]~\xBB\xFA\xE0D\xBE?\x9C\xF1�\x8E\xB9,\xE0\xBE$\xF4\x83c2\x8B\x99\x8B\xE3\xE9\xB8\xE6ß‹M|&\xEC\x9Ap{\xB3\xD7Ó\\xCC \x8D\xABe
-\x95\x8C\xA4\xB7\xC6\xFD:\xAEs\x94Cr\xAA\xDEr\xB1[G^\x85_x[�\xB4?\xD2\xD8\xE6\xE5'\xAE\xD6ܬ\x9E�\xA5\x8Akv5\x89Gl\x9F�뽺>Q\xC4\xE85󆅼�~\x9A\xD2�َ\xDD���\xD9vn�\xC2|*\xD1\xD0a\xF2ݥ\xC9\xFF\xDE^\xE1=t\xF8n\xDA֕_\xCE\xEFx�P\xF0d\xF2\xF9Cߕb\xADR\xE6w�Wbg\xD6J?~\xE5rο\xFEC�\xAC[B\xFD\xE4d\x8FƯ{\xF1\xA0h\xA7\xFA\xCD�wӉ\xCF'}2�~\xD1]\xD86\xE5\xB0\xE2ٌ9\x8F�\xFB�\xB2&\xDC\xD4\xEEN\xD6\xF1\xFB\xF6\xA1\xEE\xB1`lu\xEE\x8B)G2�O�=\xDF\xF9E\xDFC\xF9\xE4\x94\xD5\xF9\xF9[
-\xB9\xD3ϙw\x9F\x98s\xEC�\xC7\xC6\xE2@\x95\xBB\xAFM\xB7\xE5\xF6MX�v\xBA\xF3E\xFF�\xFFu9~ۤk\xB2\xB9\xB6\x85\xEA\xBC�\xAA\x9D?y\xC9g\x93\xBA\x94\xF2\xCC�\xDC{\xE7�;��\x8DO۫Y\x9F$3i\xD5\xE6#\xDB\xCFn\x958\xB2ov\xE4\xF3\x8E7\xAF\xE3}\xCB\xCF\xEB\x9D\xD5\xFD\xDC\xE1?\xF7\xFE\xB9\xEBs\xFF�\x84\xE6\xD5\xE4ȩ�\xD9\xF7p\xF6.\xD5`�\xB9f\xFDO\xA9a\x9BK<\xAD\xDBN\xEE\xEA\xE8=|\x88u\xD6\xEFD\xA9⹵\xDF\xFD�\xDD^\xDA(\x9AD\xAAM?T\xB9C\xC2x\xDD;)\xF1\xB4g�\xA5\xD9E�N\xD3/۾}\xF5%\xD7\xCA\xDBJ���\xAEQ�\x86\x85�\xC99\xA9\x89E%\xF9\xB9\x89E\xD9\ ً�Wendstream
-endobj
-1026 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 35
-/LastChar 90
-/Widths 2750 0 R
-/BaseFont /UXBIOO+URWPalladioL-Roma-Slant_167
-/FontDescriptor 1024 0 R
->> endobj
-1024 0 obj <<
-/Ascent 715
-/CapHeight 680
-/Descent -282
-/FontName /UXBIOO+URWPalladioL-Roma-Slant_167
-/ItalicAngle -9
-/StemV 84
-/XHeight 469
-/FontBBox [-166 -283 1021 943]
-/Flags 4
-/CharSet (/numbersign/parenleft/parenright/comma/hyphen/period/zero/one/two/three/four/five/six/seven/eight/nine/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/X/Y/Z)
-/FontFile 1025 0 R
->> endobj
-2750 0 obj
-[500 0 0 0 0 333 333 0 0 250 333 250 0 500 500 500 500 500 500 500 500 500 500 0 0 0 0 0 0 0 778 611 709 774 611 556 763 832 337 333 726 611 946 831 786 604 786 668 525 613 778 722 0 667 667 667 ]
-endobj
-963 0 obj <<
-/Length1 862
-/Length2 1251
-/Length3 532
-/Length 1860
-/Filter /FlateDecode
->>
-stream
-x\xDA\xEDUkT�g�n\xF5�J\xC0+Å€\x80�\xB8�
-\xE62\x81\x90��%(�\xCB���\xA9�Ʉ�\x92�L��P.��(\x82\x80`P\xA1r�\xA8\xB4RZ/\xC0�\xE5b\xB0\xA2\xE0\xA9�\xA1 7\x8D\x82 �V\xAE\xBA\xA2\xEE z\xECҟ\xBB\xBF\xF6\xEC̟y\x9F\xE7\xF9\xDE\xEF\x99\xE7\xFD\xCE\xF9\xCCL<\xBC \x8El$�vF\x84b�H�逓\xAB\xF7A\x90�\x80D2\xCE\xCC\xCC \x85!1��\xEE\x82\xC40� \xED\xEC@\xC0Q��\x80T\x80L\xA3S\xC8t*
-g�8!a\x91(/\x98+�,\x9C>[�\xD1 G�\x8C\xF2X\x90�p\x85\xC4\X\x80\xF5`A|\xC0�a\xF1`q$�p\xE4\xF3�\xAF\x85�"\xC0��\xC1h�\xCC&\xE2@�`\xF3Xb ��\xE6 q\xA4�GL!��hK0[�\x{18E280}Q�f
-\xB0\xC0L~�`�Ùˆ\x90� \xB0a�\x8E\xE4\x86`{\xC1\x98\x93\xFF\x86\xA9\xE5Í%|\xBE�$Xh\xBF\x98\xD2_xH\xC0\xE3G\xBEU \x820\x89�F�W\x84
-\xA3\xC2\xE5R_xÉœ+\xCC\xE6I�\xCBY\xA6�\xE2\xF3X\x8E\xC2`>��@�"Ùš\xBAD\xF0D\xCE<)\xCC\xF6\xE0\x89Y\\x80�\xF1E\xF0"��\xD9Ë`\xF1-�!\xEDsc\xF8\xEC\xDEm\xF5v\xAE\x8B\xA4�\xC4�\x8A\xF7G\x86\xC1 \xF9\xBDz\xB1�\xDF\xD7XJ(O
-\xF8\x93\x89d2\x88 \xB1\xF7\xDDW\xC0\xB2\xCDv�Y�\x9B'��(T[ BQ(�\x87\x9D \xAC\xA2�\xD1 \xC0�\xB2a) K1\xC7$\xA2��cK ,\x9A�\x80\x83\xA0\xB8\x85\xB1\x82\xD6 \x89\xC5CY|\x98\xB505\xF1�\xBBDP�R�\x969\xFC'\x88L\xC10�b\xC1|\x98\xF3g\xD8\xFA-\xBC4\xF4\xF7\xB8-\x86C\xE8{ \xCB �X\xA1">$\xE2.\xC2
-\x8E\xC1@\xA4\xD1�\x8A�@\xB0\xB3\xC5~��m��\x8D�\xF3oB\x96�Ea\xA1x\xF1lb\xF1\xBF\xAB9<ld0,\x85Y\xB8\xDEn\x84e\x9F�\x92W\x9D\�\xBB\xFB\xDC\xED\xEF?"i\xBDh\xABT\xF7j6\xFB\xD5\xC6\xE6\xF3\xD81\xDEÔ³\x9E&\xC1\xE2\xD2\xD1b\xE5\x95\xE3r|\xA8B�\xCB\xFE\xA4.z\xD9 \xC3-\xFD\xCB\xE9�\xDD�WÒŠ\xCA\xFD\xB2\xE2\xA9M\xC4�o|db\x9Al\xD5k+\xF3Q\xA6<\xFC\xC0\xA9\x82\xAF\x95\x86\xF4&\xF4\xE1\x99o\xB6l\xED\x9D\xDE�צs\x96\xADb�:\xD787Ø\xBD\xDE\xD2ë„¥\xE9FZ\xEFyÍ�7\xE0#��wn\x9E\xAC\x8DË»\xBE\x9D5q\xEB\x9E�\xD3�/rN3Wp�\xB4\x83\xA6\xA1\xD9G\xB8 N\x84Ba\xE59\xE2\xD8rW\xA5<\xAAÏž_\xEB\x9E\xDE\xE4/}b\x9Cj\x9Ab\xF6\xACÕ»\:\x93�k�\xFD\xFB\xCD0M\xFC\x9DÔ±\x8C♯ܵpMÆŒk�\xB7\xE5Iו\xA4\xCC\xF8=\x8D\xC6.Fm�\xAD\xB9/7\xB6Y\xB9\xC9> &�Z\xAF\xB88Rk\xD0�\xF2\xC8\xE7\xE7*0\xE5\x8DJscY\xEC\xF3r(\xB4\xA0&\xD7xד\xA8\xF0\xEF\xEA\xB7\xCF\xF9\xE03b\x88_T\x9F:\xF8\xB4\xB4^\xAE\xDD]\xAF�\xEA\xEE\xB8\xDB\xEB\x94\xF9\xA2PËC#\x8D\xE2*\xB92+\xAB\xE5��#\xE1\x87\xC7m:\xBAo\xEF)}�/\xF8@\xC7\xE0Û¯<�jp�\xEE\x90\xF3k\x8D\x8C\x96\xE1\xC1c\xD7\xC2(Z\xA6\xB2.\x9A\x91\xF9\x97�^2W\x96\xAF�\x95Xl�\x95\\x8C�K\xA4\xF7��\xABntv\x81\xF7U\xE3�\x87sb\x99\x93\xCC4\xBD\xDC\xE0\xAB 0\x8E�oWeÙ¼^V\xA7\xD7SsF&\xEF\xD31\xD6\xECWfE\xE9)Ld\x95\xE2@�\xE7\xB4\xF6lfz\x86G\x80\x9B\xA7\xDF��q\x87\x9B\xF3\x92�\xDC�\x9E\xA9\xD5}\xCF+\x9E\x96!g\xB6\x8DmJ�\xF3U'3\x8F\xB7\xBE�\x9C\xB0\x9A�\x8D{k\xD3/v\x95\xFA\xA5�\x9AG\xC2���lf
-4�\xCBϬU1�HN\xFB
-\x86ß…\xFD]\xDC\xC2\xE4ln\xD4T\xEA\xD9\xDFL_\xC4
-\xFE1\xF9\xDD\xFA\xA2�ÂÑ–C��\xC8ͽ\xD93q#\xAE�'ʸϔ\xEEu\xF6\xD5e\xC6&\xC4^\xBBqZROH�\xCE�\x95%\xB5+W=\xC1ß°�\xEC<\xB4\xF7>\xC58<.\xEBH\x{6091C6}\xAE{\xB9ì²½vB\x82@\xCDu\xD9Dy\x95\xD9�:�\x9A\xF3\xCFJÅ´\xB0Õˆ\xFA\xA9G�\xB8\xAAw\xF3\xB6]\x93�k_*\xF0�9\xB9\xEDG5\xC5R\xD2\xFAm\xCD~v\xE0\xFD\xE9j\x9F
-o2�<\xEB`\xE8\xE7~�\xFA�\xDDY?\xF5\xCB\xF0\xBC\xF9#\xC3\xEAc*wY\x9F\xFC�\xEE\xC3\xFCF\xE9\xF7\x82?\xFE6T:�\xBE6\xFF\xEAM\xF9U9Ñ™\xD0:\xD1\xDA\xB3È–\xAA8\xFA`Ry\xAD\xF2\xFA\x98\xA4ᆽ\xB9\x8C\xA4\xBCE\xF1I8\x9D\xC5\xF6/\xCD\xF3\xBD\xF0\x83\xDA=\x92uYeñ¨ª©\xB1\xA7n>%pP\xF4*�\xBA\xAB\xA8\xFA\x94>\x8Fr\x9E:\x8FW\xD8OV\x96\xFA\xD3?\xF7\xDE\xFBk�U\xCC9\xE1\xF8\xFC\x97\x93\xA47\x89\xDD\xCF5\xEAZ\xA5Fe\xBE\x8C\xAA\x94\xA9\xE9�\xAD\xD67\x9B=\xB2Ú‡\xDC�\xF5dsV\x96�J\xF5*\xC9\xDEf�\x90f\xB7\xB3\xDFp\xDB.\xCE\xDC\xF9ߥv-k\xC6}�\x89\xD1v:^\xC1\x8DN8Ëu\x9E\xFCt\xA7y\xE7kn\xFE\xD3c�\xD1)\xF2\xE1"�>q\x8D\xFF=\xD5
-\x95\xFA\x94Q�\xFD\x9E<\xA0b\x8CXW\x98v\xFEW\xB7�\x85Ê”\xE4\xF9\x88M\xF9C\xD7�+v�\xC8c6{\xB7<\xA0�[7\xDB\xF42\xD1B\xF5Mf\x95\x87\xE9J\xE3\xE2\xBEW%\x95 c\xCBp\xB1\xBA`\xE0#\x92xkÙ€k\xB8>a\x94Κ\xF8\xBC(\xA1\xA1#\xDCc`\xAEK\x92Ó\x9B\x90\xE3&\xBF�E\xCE|\\x8A�\xFB\xB5\xDA\xE8\x94\xE3\x8B{\xA2/\x89\xBA\xD7\xC1QFm5
-�\xB7\xFF\x9E\xEAp\xB4k\xCDÌ\xBBpj}\xA1l\xCCE\xB5"Z\xB3\xCF@\xF7N\xA7sÙ¨n\xEB\xABZ\xF6Ζ[\xA3�!C\x8EW\xB5$A\xFC6ÍŸ^\xC9�5�\x80\x84C\xBEy\xE9\x9A36\xEB��\x93\x9C\xF4\x80\xF1î‚\xFA\x86k\xB2\x8D\xF6\x908||X\xD3<\xFE1\xF5\xC1\xECf\xCFA\xDB\xF1\xA9l\xBAc~\xD3a\xA6@\xF188\xFA\x9C\xC9�_G�Q\x8D\xF8\xAF��\xFD\xB9\xAFE_UWw\xE4TgW\xB2o\xAC\x8B\xE9\\xBB4\xE5\xB4rj\xFD\xF6\xF6n\xC2\xF1�\xD9î˜'\xFA\xF61\Nk\xF4\xCFɵV&\x95Dz;B\xEAmи\x83\x92\x9E\x98l/\x8D^�\xB7`u`on�\xE7��\xF2\xF8\xE0\xFE\xDF\xE0\xA2�vuC\xA8��@h(\xEE_\xB9\x9B\xFENendstream
-endobj
-964 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2751 0 R
-/FirstChar 13
-/LastChar 110
-/Widths 2752 0 R
-/BaseFont /JNBUEE+CMSY10
-/FontDescriptor 962 0 R
->> endobj
-962 0 obj <<
-/Ascent 750
-/CapHeight 683
-/Descent -194
-/FontName /JNBUEE+CMSY10
-/ItalicAngle -14.035
-/StemV 85
-/XHeight 431
-/FontBBox [-29 -960 1116 775]
-/Flags 4
-/CharSet (/circlecopyrt/bullet/braceleft/braceright/bar/backslash)
-/FontFile 963 0 R
->> endobj
-2752 0 obj
-[1000 0 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 500 500 0 0 278 0 0 0 500 ]
-endobj
-2751 0 obj <<
-/Type /Encoding
-/Differences [ 0 /.notdef 13/circlecopyrt 14/.notdef 15/bullet 16/.notdef 102/braceleft/braceright 104/.notdef 106/bar 107/.notdef 110/backslash 111/.notdef]
->> endobj
-960 0 obj <<
-/Length1 1616
-/Length2 25435
-/Length3 532
-/Length 26323
-/Filter /FlateDecode
->>
-stream
-xÚ¬\xBAc\x94\xA4]\xB0%\]î²,Û¶m\xDBvuÙ¶mÛ¶\xBBlW\x97m\xDB\xFA\xFA}\xEFܹ\xB3\xEE̯\xF9\xE6G\xAE\xF5\x9C\x888;v\xC4>'\xD6z2\x93\x84@^\x89F\xC0\xD8\xCE\xD0D\xD4\xCEÖ‰\x86\x81\x96\x9E�\xA0\xA2\xA8&o`mm`la'M\xA3hgc \xF8kf\x81"!�r01p\xB2\xB0\xB3�6p2\xE1�\xA8\x99��\x84M\x8C \x8C\x8C ����(�\x80\x90\x9D\xBD\xBB\x83\x85\x99\xB9�\x80\xFC/����\xF5Y\xFE ��\xBA\xFF\xA7\xE7\xEFNG�3[ \xE9\xDF���k;{��[\xA7\xBF�\xFF\xD7�\x95LL N\xE6& S�k�\x80\x90\x9C\xBC\x86\x84\xAC�\x80\LV� fbk\xE2``
-\x90w6\xB4\xB60�H[�\x99\xD8:\x9AP L\xED� \xD6\xFF\xB1 �\xD9\xD9�[\xFCS\x9A#\xED_,�G\x80�\xC0\xD1\xDE\xC4\xC8\xE2\xEF6�7#�\xFB\\xD4 {����Gǿ\xCF �G\x80\x99\x83\x81\xAD\xD3\xDF�8\xD9�,l\x8D\xAC\x9D\x8D\xFF!\xF0\xD7nj\xF7/!{�\xBB\xBF�6}\xC1\xE4\xED�\x9D�\x8D�,\xEC\x9D \xB3\xCA�\x8B\xFE�O's�\xA7r;Z\xFCu�\xECL\xFFF�\xDB�9\xFFSҿ\xBE\xBF0\xBDN��\xB6\x8E '�7\xA7r�\x9A \x8C-�\xED\xAD
-\xDC\xFF\xE6\xFE�f\xEF`\xF1/
-gG�[\xB3\xFFb@
-p013p0\xB66qt\xFC�\xF3�\xFB\x9F\xEE\xFCW\x9D\x80\xFF\xA5z�{{k\xF7w\xDB\xFD�\xF5?9X89\x9AX\x9B\xD2B10\xFE\xCDi\xE4\xF47\xB7\x99\x85-�\xDD?GE\xC2\xD6\xD4�\xC0@\xFF�vcg\xFB\xFF\xF4\xB9\x988\xFC\xDB \xF2\xCE�\xC5_��\xC6v\xB6\xD6\xEE c�S(:Y;\xA7\xBF)�\xE4\xFFw*\xD3\xFE\xBF�\xF9\xFF\x81\xC4\xFFO�\xFE"\xEF\xFF?q\xFF\xBBF\xFF\xCB%\xFE\xFF{\x9F\xFF;\xB4\xA8\xB3\xB5\xB5\xAC\x81\x8DÉ¿\x9B \xFF9c Ò€\x86\x8C\xED\xFF�m`ca\xED\xFE\x8A\xFF\xEF\x91j&\xFFA\xF2\xFF�#\xE1d\xF0\xB7��\xB6få §\xA5\xFF�\xA3\x85\xA3\xA8\x85\x9B\x89\xB1\xBC\x85\x93\x919\xC0\xD4\xC0\xFAo\x9F\xFE\xB5\xAB\xD8�\x9B8X[Øš\xFC\xD5\xF3\xDFV�h�\xE8\xE9\xFF\x9BO\xD9\xDC\xC2\xC8\xCA\xF6\x9FƳ\xFC\x87\xCB\xC4\xD6\xF8\xBFs\xFF+Ñ¿\xCC\xE9\xD45edD\xA5\xA9\xFE\xF7\x99\xFAo\x9C\xFC_í”\xDD\xED\xFFR\xFB�\xA5\xC8\xD8�\xFF\xCF\xC5?(\x82\x82vn O��VV
-#;\xD3\xDF+\xC7\xC8 \xE0`f\xF2\xFE?d\xFC�\x88\xE1\xBF\xD62�N��n \xAD\xBFe\xD33\xFC[\xFC\xFF\xF8\xFC\xD7J\xE7\xBF\xC1\x88\xD8�\xD9�\xFFsZ\x94\x9C�l\x8D\xFF�\xB0\xFFi\xF8\xC7m\xE4\xEC\xE0\xF0W\xD7\xEF\xFCߢ\xFFs\xFD\xEFQ71q31\x82Z\xFDcg\xC4�d\x99\x96\x99\xEET\x87\x9E;<)\xAC\xD5\xDF\xC7 2�l_ڨ\T\xE0Wc\xD7\xEB\x9B�\xB6\xC3Q\x!
A9\xFFQ�L\xDB4\xCD\xF9\xD5\xEE\xBEtf\xFFy Iy8Ú‡fMÖ›br\x95\x8F\xE3MD\xF1\xBB q\x93\xB4\x93\x8D\xEA0\x80N\xB7�6\xFD\-\xCA\xF3zQz�T\x93\x95^\xF5pwRAQ\xB7\xE4��w\xBA\x93\xC9�\xF2\xFA\x99ÂÈ¥\xC0�\x85\xF8\xC9�\xCE\xC7(\xB5!�\xB5�\xA1 �\xA9\xAE\xF0\xEC\x9C4\xF1\xE4\xF9\x89lpldx\xA8\xF7�\xEC\xF7�6UN\xECO�.�PX\xD2H\xBF_9\xD8|\x9A*�"U\xAD\xAAm{\xBDZl\x86>\xA2k\x9F\x92rNX\xC1\x99\xCD\xCF\xCB#\xBE#�)W\x96c\xDC\xE0\xE3�\x99\xFE_�\xFB4�\xC3[\xF5\xBD\Ö“\xDA\xDC )�!\xB3(\xA17�-\xE6O\xAAS+1mh5\x9Bxob7(\xDF�1ncn\xDB�/O\xFAj,\xD8cV\xE2?4\xEFvrx�\xFC\x94N�O\xAB\xF9\xD9zG\xAE^'>=�\xD4DU\xB5|\xDE\xEF�\x8CR�kX� A�bo\xEB \xB9\xDD\xC4?F#\xD8\xE9\x80z\xDDUd\x90\xB4\x95\x99U\x98\x80\x80\xEB\xBEl�\xD3\xE8\xC5`Ü”\xF1\xDCÖ–x\xBD\xB0�2\xE3 4wH^P
-\x84\xB1?2ք\xF5Y\xDAγx,:\x9C,g'+@\xB3\xF1�V\xC1\xB6\xF9\xC4\xE7)\x80v(\x89މ\x9E\x9Am\x8E6\xCC\xD8C
-\xE1\xE0U\xFBZ\xADRR�\x8E_&\xBD\xFE\x92�ޟfx\xAF%\xCA3\xAE\xA0\xF4E\xFEs\xC8�C\xAE\x94�\xF4\x93\x91�B\xE50\xB2TU\x92?�\x85\x9A�ܡ\x88h\xCD\xD2V\xF9�\x8D\xF2\xFD\xE5m\xBBT�\xFA\xC38Z\xA7�۰\xFD \xB3:I?\xD4\xF6z"6\x9B\xC8b\x9C^% �\\x89\x8F�Wl\xA9\xE0:\xD5 \xB7įkU�* B\x9C5\xF7\xB32[Q\x82���j`tg\xD4\xD1u͚\xE0vK0�\xB5"1\xCD5\xD4.H_\xCF,\xB8\xB9\xFA,\x95�\xFB.\xFB\x9A5\xA1VI\xF7\xFA\xE4G\xAA^\x92\xB1\xA2�
-�y\xE1\xD7h}׹\xADZ��\xA0ypӂu=j\xEB\xE9 3\x\x9Ca(74n\x8A\xEFR\xFD�\x83&cx\xA3aYKܿ\x89~ػբ\xC9I\xB7X\x90i\xEAS�\xA8\x932�\x90�\xF8 \xFA\x9BG\xB2\xA8\x86lk՛$\xF1\xE9\xB3\xF8I�\xF1ƒ<\xBD*\xAD;:̽\xA4P\x9CT\x9D1]\x9A\xAB\xDAow\x8E0~�,A�\xB8\xD5O\x98\xD3%/�\x87\xECdcc\xC5\xF7\x8Bk\xD7{G�K̑\x9Bj\x99(+\xD4B�U\x9D��\xDED#�\xA16\xAA:M\xF0%\xBFs\xBE\x86I\xBC;v�#w\xEFRU\xE8B&�%\xD4� �\xF8\xAA\xD5(c\xCA\xEFZ�B\x99\xAA\xB3/7\xED�\xBF��'|8\xBE\x97}Z\x90\xA3���6\xC3*DLi�\xB4\xAFk\xE2'/rn\xB6�\xE8�X\xD060\xB5!~\xC8a\xEFގا*\Dxc(u\xE8\xB3?^NW\xF9��\xB1C�V\xD8\xF1 \xC1\xE1\xB4\xC5\xDA�Q[\xB4\xAC5\xFC\x8AvȈ0K\xEF\xF8^�\x95v\xB5\xDA*V\xA6\xB0c\x9C
-(p3\x93�\xB8\xB5M\xD6i\xD2|#Ӄ}5\xE3B�y�\x8DE\xA6\xC7�\x95y\xD6�\xCCޢ\xBA<^\xD7<;>3\xFD X\xCEF�M.\xEA8\xC8�\xC6��\x9CFߩ\xFEs�\xC2�^\xCE tI\xBC\nk2N\xD3R\xC5[>\xCBoo�㩠�\xC6�,\xED`\xEB\xB119▱\xDA`\xA9 at W4\xB7\xBE\xBA\xA6\xE1\xA2\xD5>\xCD-\x8B\xC3>\xD1\xD4P\x85[\\xCA\xF9\xF1\xD3\xC4S}\x99Ř\x86`\xE3\xC3\xEDm\x9A/\xF8\x8C\xC7\xFC]G\xE6\xDC\xEA�\x83?\xE5�\xA3,J/�k\xA8\xDD\xEF\xB4\xDB\xDE\xE6\xC0�z\x84\xA1\xB9u<u��\x9D+4K\xD8\xE4S+3\xE6q\xC34\xE3�W�\xB9\xAFI\xDAq� \xFB�n\xC5���(\x85)\xDE\xE5i\xB5\xD5\xC1rʇ\x89kb\xA05\x85�\xA0 \xC4Ȃ�\xB7\x9E\xA2\xAE\xF4iU\xF1�\x82i \xE07\xAC\xAF�\xFB\xC5@ڟ\xEAm\x9C\x80\x8FJ\xDD\xD0 ��jJR"\x98\xF0\x9F\xF5�^\x81�\x996\xDE�\xEB\xEF\xA2\xE2¯*;�\xB9|�z%\xA1M}]\xFD�\xBB�\xA1\xD0\xDEt\xAF?\xB9\xBB\xCDˆ\x95jL��fDI\xF5\xA1�e\x8EPՂ7<!5T\xF7\xE8\xDF#\xEEc\xDE\xE3�\x9C\x8A\x96\x97
-\xCE\xC8;V<g5j\x87\xF9\xF4IH�\x9BC�\x84\xFF\xE6aT\xD3\xC2�\x80 \xFB\xDDb\xD5�(<\xFB\xD7\xFDz\xE5\xD7 \x8CQ�o\xB9cҴ\xD1[��2\x8Bym\x95\x81�\xB4\x99Ft\xB3{\xE2\xE0\x9C\xF7\x9Dէ\xB9\x8CO%\xD8luʆ\xEE�g\xEBn\xDE�\xE8\xC4J
-\xFA\xCD\xF2\xCAix\xB9\xD6\xEE]牨\xF9�\x83U)ʘ\xD5\xFC\xACè»\xE0&\xF0\x8A�q\xBA_E\xFE>��Mv\x96ԌΡ\x81\xBB�:0j\xDAê¬\xB0\x8E��Cg\xFE!\xF1�!YBRÕ¿i\x86D\xAF�@!\xB5rC!,ç´¦�\xDC�oieq$\x9Dwj\xA4q\x95M4r\xE4MÈ©X\xA2Z_\xEC�\xB9\xCE\xE3i\xA8\xE4\x9D/\x81J�F\xA0�y \xC8tp(��\xAC2\xEEZ\x91Ç¢�\xD9\xF0�\x82�:\x96\xC3Ox\xE4�b=\xEA:\xE4H@,b�\x8E\x93t!\xC5\xE3�KMd\xFE\xF6Ñ•`\xA3\xAAj\x95*Ъ�C[L+�x\xAF\xD9}\xA3C\x94�\x82\xFF\x80!\x91\xC9\xE3|\x86\xEBu�\xEE\x97\xD4U\x92\xD4�\xE9z\xD4er�\xF0\x88\xE1 \xC3\\xB7\xCDZ�\xA0\xE5jWq\x8DFW [\xEF\x95~s\xAD�\xC9"Ëš\xE3\xB1\xC4\xDC]\xA3Vf;\x9FTi\xCB\xE1\xAE� \xCB)M\xEEr\x93p\xA6\xEC*�\x9Ex\xD7\xE7RiH\xAF\xD1)Ç€(g\xD5r\xCE\xF7G\xB2��/\xDC��\x87\xE7\xBBl\x97W>a\xCFB\xB78z\xC9C\xF6
-+S\x9F\xD2�\xF0\xC2�\xBE\xFFVV\xED\xA0\xFD1*Y\xD8� e"K\xE0P\xBD\xB5y\xFC\x88\xBB4\xA8\xF9:�ad8\xE5\xCB>)4\xA0\xFC.~\xE6\x84#\x90\xD7ݤ\xE3\x8Co*\xF0Y\xADoRh\x8AR\xE2\xC7^Ir\xE9�\x88e\xF6\xA48\xF3'\\x81�,|\xC8�\xECk8\x89\x966\xF3�\xEC�}\xFC\x9D\xBE\xA4\xF9j\x8B\xCFL>\x8A\xB0\xB2\x87�\xCCg\xF1\x9AЬ\xFE\xA4\x96�\0\xE9 b\xA6\xBFbh\xA1!\xAD{\xE2a\xC0b�O\xE9\xA6\xDC\xE0\xF5\xE9hi\xE4\xB8\xE1
-X�z\x82G)g\xE0c�\xFAl\xB6�ɩ\xF0\xDDu\xBD^QC�\x98\xFB\xE8\xD5i]s]\xB0?\xC5�"�*\xC2\xFC$fOv\x91\xA2\xF6\xAC\xEC\x9B T!\x8A\xE5P�X\xD9\xD6М\xB3P\x95ո�\xAB� �"\xE8
-\x837k\xE4\xFEk\xC2[\x9F\x8A\xD0\xE2\xD3n\xA5%
-�\x84�\xB8r\xF1\x83\x8B3!\xF6\x86\xBFwq\x8A+\xF7-\xD7}\xF1\xA8�C}3X�\xB6[G\v\xBFV�l=\x8A\xFE~\x83\xECBjÅž\xB5 at L
-w�\xBA\xA0�\x8C\xE8f�\x82\xFD.�\xD3��\xD0r\x9B'<\xD2�\xFC\xB6\x8E\xBF\xC2�f\xE64\xF9\x9DJ� �\xE4\x9Ft^
-g\xC3\xD3�\x8Cr;\x91s�\xA6\x9FV\x90h\x8C@\x80�'�ǽ\xEA�d\xF2\xC9�,\xB7\x9C \xC7\xDDRSJ\xFFk\xFENF�\xB6倃\xB2\xC2L\x8C{\xDBY-k^zB�$\xEB�e\xEC�/ff\x87\xE4\xEDc�A3RN\xD4\xEFÜ¿iV,{1\xA3�\xD15-�\xE6\xC3�uÝÙ³\xBE�î»®\x99\xDB:\xBAÉ›\xED�%n`p�D8\xA9L\xB0�a��\xECkK+�$\xF9;\xBDG\xB5.�gZ}1J9\x8CGZ1�\x88GR\x97x\xB5\x9CT\x8BU\x97y\xB1ZmaiI\xE7\xF7:\x9E3\x9C\x98\xFB,\x93\xE3fbp\xF1\xA4\x96\xEA<Þ¥\x98„\xFAs\xB4K\x96\xF0\xB2}\xB2\xC2Ï·\xC5U5^��\xE5R d�\xBEK\xD0LTj\xA5�:\xD55\xC7�\xA13ϳ\x90Ta\xFEZβ\x88\xE7\x93d\xAB\x90\xD7Vp6(\xE1�\xCB�~�\x80\xF92\x91\xB1<\xBDd=ʬG\xF7\xC1�#\x9C\xE5\xFA\xFA#&\x8E\xA2\xB2�\x87^\xE5\xAC\xDF�\xCC
-l\xF4\xB3�\xEE at p\xAE�\x92\x8C\x94JEc\x9E\xEC�e\x89;�LÙƒ*�#.P8\xDD^Nr\xC1O\xAEw\xA2\xEA\xE5\xC3P\xE4\xE5\xFA�\x87\xAA\x8FH\xCF\xF9\xF1\xE2\xCA�\x9B%\x83\xD3\xC6{\xA4Û«Â\xB9}\x8B\xF7\xFEta2X\xD1`È°\xBDW(P\x81l\xAE\xF4t\x8B8\xE1n�\xED�\xDD1\xAFv\xAB\x9F<\xF1\xBE\xCD4\xAD\xE5F\xA6\x984d�\xA4Dr\xB44��J\x84)\x9F\xF9\xEB�\xB8�L\xB2�\xB5% \xE7?\xB7\xEB\xDAUA\xA7tkݱx\xE8L�\xEB\x853k\xE0��N,\x88\xDB3\xABQ\xC9ĸǹ\x89\x96B\xB4\x82�7\x9D\x92\xFB\xC4L\xB3�_\xCBg\x83\xD5
-\xF1�\x8E1\xDC
-\x98\x9A\xE6}\x9B\xDB��}�}<\x913\xB02\xE8RÍp�\xB4$\xF0ʧFu(#6A��<x\x95)\x9F\xF6\xB7QÜ´\xC7
-\xE5,�\xB4,\x9C6\x88\x8F\xE5|\xEB\xD2tл\xE5$�3��ÊŽ\xA2\xA8'\x82\xB1\xD7ÄŠ\xE9\x9Bv#c5\xC9\xC7\xE2\xD4Ǥw�\xD0Û\xB50\xC1o\xE3i\xD9\xED\xE0\xB0A�\xF1òœ¥µ\xA2î��\xA0DS\xEA\xE1�\xA9\xF3,z\xE96A\xB2\x94V\xE8F\x9A�xzG\x88\xE2J\xE6ls\xAC>\xECF\xCF\xCA2/\xD5�\xD0:�C
-\xCDfg4\xCES"
->\x88\xF6\x97H\xA8\xE4\xB5>8h\xA1\x8A\xA13l\xD2
-{%ྼ\xBF#\x87\xABB\xC8,>\x82^@�Ò¬\xC70n\x90\xD3�C\xED\x9EU\xBD�\x9A\xC2Z�^�u\xBB\xE9\xEAn\xAEp% \xC0#d\x8F\x90\x90_\xD0by\xBE\xC5\xE9Z\xC7�\xB2�l\x80\xF7�\x84R%\xECS\xA2\xD9+L}\xEAPS\xAB\x89$1\xC1d8\xC72c\xE6\xC3J\x9C\xB8Lx\x99��\x8A\xAC3\xB5�\x94\xEAR'1�\xE3\xF8 j\x94�\xF5z\xD7>\x89L\xFE(\xB2\xAC�\x92|\xEA�0aÑ“F\xB1\x9F\xD3�@\x9D=\x9B\xF9~Ï¿\xFA\xEA�|\xF4\xBF�\xE6e\x95�|\xB6\xCCa\xC5%`n2ꎥ\x9B\xF7\xA3�(Y\xB0+ϼ<\x9A5\xBAiÒª\xAD\xBE^\x83\xDF*\xF1\x99Éš\xD4]e\xA9\xBCF\xB5�\xEFk\xC7�\xDD\xC3tE \x87\xC1,\xAC\xB0J^��\xF3\xC54\xBB\xFEv\x8A\xEAk�\x80 \xBD{\xE7Gi\xFE;\xA6�\xC1dkG\xDC>\xC0\xF2ß è¡€)G\xD1u\x97R\x81\xA0&\xB6\xA9\x89\xBD\xF5\xF8t\xEA\x9C^\xDE\xD4\xDC\xF8\xEC-\xD1�\xD4\xFC���\x93\xDD^\x8B\xA4dD(g\x846\xB5Õ¬kb\x8C\xA1\xA8G\x9A\x83&%\x89Ť`\xE6L\xB2̵\xE1\xF6\xE8�7�\x98\x83\x936\x82��\xC3�[\xE4\xA6\xF4\x9E\xCA�s^sd\xEF� \xA9D�hd\xD1n\xAB_\xC9BH\xA4EÙ®s\xF1\xAE+�
-\xF8\x97I\x9B&\xC3X9!\xAB<�O |\xE8�\xA5�5\xA9\xD3\xD1
-\xD5M\xEAÔž5\x85\xC5\xC9mW\xB6�\xC4!\xDFCX\xE9\x9E\xED�\xB4*�m�\xA4\xC8j\xCFCB\x805B\x8C\xCF)Õ‡d"Z\xD5ጼ� B�^mo�J�\xA1\xEC\x91\xD7Y\xB1\xF8RA�D%HX\x97\xAB�\xC8\xEB\xB7\xC0\xC7*\xC6\xDA0\xDA\xFD�é –\xEC?9\xD6�\x96]\xA9e\xA2\xDFÄŒ\x8DB<\xD9\xC1\x84Cd\xC0\x8Bl\x95z
-GzX\xB0\xF60F�!\xEB\xFE\xBD{\xAC\x87VH\x95Z\xC42[�t�\x94\x80pS\xB3\xF5�.aQ[\xED)\xA9u\x8F����3\xD1
-/\xFCI*ԕ\xAA"�\xF9(�T\x80}v�\xC4�8\x99\x90�xf\xFCzY�X\xA5�\xFB\x99�w\xB7$]-a\xC1\xA5\xE6\xBB\xE3B\xF3�!x�C\x9A\x9C\xCD��\xFEe\x897\xC4�\x85`\xAFn\x8B\xB3\xB9\xEA\xFB\xC5\xDB
-\xA7\xD4rD\x9A�\x8D\x87\xEA�_\x83\xE78\xC9�\xC8˳f^\x91\xB1\xD0\xF2\xE9\xA3�\x8F\xC6K��$�x�\xFEd�C�#\x8BC7\x8B�Úˆ�\xEC�\xB4\xBD\x87h\xE2\x9Er�v\xF4\xEEe\x9Ax\xD0\xD6\xF0\xE0˵\x88$\xD4\xEF\xADJÄ›'\xAF롦\xAFC�y2\xE4\xC0\xAA\x9Få‚¡\x8A\xC6�Zd1�\x94\xFB\xCEç\xD0"\xC1\xD8S\x9D�X\x8D}j3r>\x93\xA20\xA5\\xD2�;Q\xF5Ծɇ\xA5-\xA7\xA0\xB6\x8AX\xA9\xDDo\x8B L\xEB\xE8R\xD7R��$�A[s\xE3�\xA6\xF8\x97\xF2\xC2`\xAE/l\xDC#\xF9h\x9F\xC1\x9C\x8Eq\xBD\xC4�'\x81\xF5zk\xFC\x99]s\xD1�\xDC�Þ¬(Q\xB9\xCD\xFE\xA9��iv`c\xF6\xF9\xB8-\xD3z X_�\xD1ZzVm\xF7�\xEF�\xC8�\x86\xB7\xD0Qf\xFAq\xAF<\x96^\xC8�\xA5\xD2\xEE\�\xE8\x83\xE7B�\x8F\xA9.\xF4\xA0lr\xE4ê\x89\xE5\xD3\xCAgj\xB4\xF8od\x91\x83|\xA4�\x88\xA1\xD0� \�yh\xB4v\x82\x8F\xF6\xB5\x90�:\xE3�Y_\xB6\x94\x9CJË”(Øž#\xBC&bd\xB7\x87\xA5\x94<�Xd\x94\xBE\xD7!}\xD4�\xC3\xFA\x8CT\x86\x89\xC0R\x91\x87\xF2\xD5�\xAD\xA5\xD7Ý\x93\xD0\xC4JxÝ&\xC6\xF5\x85�/\xBEuQ~4N\x9F\xAD]\xBA\x8D\x9B?\x95\x8B=g\xE68\xE3�
-+\xDF\xE7\x9C;\x85!\xE0<\x90
->���\xEE]&\x93\x9FYd\x8A\xC3/"\xC1&Z\xEFY\xB1ź,nGÔ®Gz\xA7\xF5k+\xF1\xA5\\x81\xA3>k\x95á„žj\xDF6\xD96\x96\xD4�8t\xB5\xC4�O\xA7&\xA2\x84\x9C�\xB4b\xFA\x89|uT\xE8@�\xEA^[\xDB5\x9C\xBCN<v\xF1\x95�we\xB7!X\x8E\xF9\xB2)�u\xEA^\xBD\xB4ɤ\xB2\x9D\xAA\xB542\xDD��\xB4\x8C\xE7\x80Ù¡Y\xFA \xF3\x97Y J\xEB�\xD8 �\xFB�\x8EgL\xA8KqH�\xCD(~\x9F\xCCAM\xAA_\xBClk\xB5z/(\xAB\xB7\xE4\xB4X)�\x89F_6JxF\xBFK\xB7Ê\xF4�\xF1\xDA�\xD1�\xA6\xEF{-wM"T\xD0�\xA8`\xBC~�\x9F\x93\xAC\xAAvF\xFC\xD4A\x8A\xAA<Z\xF4\x94ׂ\xAA\xECk<Lת\xF8\x98(cK\xA9\x9E\xB3\x80bSVl\xE4�"{\x9D\xE5]\xD9\xF3\x80Z\xEFDF\xFD\x85\xDC�\xD0å½™\xB8<\x82\xEF\xEF\xEF\xB3{ \xE6r��A\xAD\xB8\x9A\xD9\xCB{0h\xAE^\xE5\xC0\x9AO?\xD4Q\xEC$;\xBD\xA4\xA0\xCDz\xE7�\xA9.�\xB9\x9E\xCB\xCB\xD7�)Icw\x9A\xADÚ\x82l\xD0]b\xF1'\xF0\xB9�\x9BG]\x9C�f,\xDC�\x84W�\xA7ܨ\x81\xE37\xE3\x9C\xEAOc�R\xBE)\xAB3-^\xD9�h�a\xB9\xE8�\xFF\x96\xCC�\x81\xB1\xF7\x8Bc\xAAI=\xE5\xE6<\x81\xAB',\x8BP\xE6�\x97\xF9\x88\xBE�\x9B\xB9�\xBE\xE2\x9F\xCE^z\xDCsW<aI\xF0\xC6\xDARu\xBF\xF3\xEA\x9DÕ½\xA7j�P(È©\xAD\xE9\xF6\xE8�Mrf\xB45D\x96\xE7\x9D�Q \xC2\xC3\xFD\x96\xB2Q\x95�\x8D\xD1H\xF9�\xB5\xA9?\x92�P�y\xE0{i\xB6\xA2\x9Dy9\xF8q\xB0e\xDC\xE5\xA1u\x95Ľ\xC26\xE3A]pe\xCB&\xBC\(\xA5c\xB7\x9B\xEF\x9B\xE0X\xAF\xB6Xo×\xD8\xFC&�\xE18\xAB\x9D\xA62��\xCA\xDB5�K\xFE�\xFC\xBBmZ\xB2js\xDE\xD2\xE2\xA5�\xEAv
-\x84,\xCE8\xBD\xD5�\xADM\xFEk\xA4\xAB\xC15\xAD\x9D\xA0ܪU\xF4�\xE6^N\xC1&ºg#w\x81²X4YeWn1�\x95#~\x99\xBCq\xE2\xF5h\xAFjP\xA8\xC5\xF6\xA4Tp\xEB\xCF\xE8\xBE\xF6\]\x96\xF6\xF6<\x85\xB8\x8F�GxV\xFF\x94K<$L \x8A�+\xEAd�
-\xD4�U\xF1@\x955\xDE"
-\xB6\xBE\xA81&\xB5w\xC9\xF9\\xEC�9U\xDB39T�Q\xF7�亹\xED\ \xA1\xC3�=̈\xBA; GL\xE2\xA76\xFF�\xE3\x81\xEC\x98Ì¡"\xBE\x8E�\x95w\x85B|(iïˆ'\xC5'\xBA\xAC�\xFA[7\xF4��
-\xB9r+\xA3\xB2*iÌ\xC6\xC4;\xB9E}\x97\xFBO\xFE\xCAF\]�\xA6l{Y\xE5�F=AD
-\xBB\xF7 \xA6!\xF4 \xE3\xD4'\xA7\xBB\xDE\xC4\xFB\x8F�✨\x9C\xB9Zz\xF1 \xCCk�\xE5\xCC\xFAY�\xA1ÓŸ&G\xA0\x87Ii\xE4\xBF�\x9F\xD3�\xEE\xE8\xBD\xC0\xA4\x8C\xEA\xE7\x89c\xAD��\xD2\xD8&\xBD\xB9!\xB74\xE2[$\xB5~\xB3\x99\xB52\xB8730;\x81*\xBE\xE2hퟂ4�h\xC3�ͤ\xCFk\xE7B6P�S$N\xD13�r1�5@�\x84�\x9A\xDAa\x84\xBFy\xBE�`otf\xE6\xBA0QTY\xBDS\x94�\x83\xE7\xA8\xCC\xFDv\xC0�\xF6�N\x9ELO~\xB5\x9F\x8B\p\xE4>\xBFC'\xBE\x8A\x8C\xA0|\x80[\x83 \x8B.æ†\xD7K�\xCDk\xC8\xDBS\x9B�\xAB\x8BL\x9DRP\xD39��\x9B\xFE\x95\xAA\xEB\x8C<\x8Bj\xBBF^×°\x96\xE4\xBC BN�\xCBZ L\xE8\xA6�\xED Sx\xEB\xC63H\xE3\x80\xC2\oA;}\x88��2�+\xF5�\xE2V\x9C�2\xCDH \xE1}I\x8F\\x92c\x82H0\xBE+\xDE\xFA\xDC\xC8|
-\x87\x99r@\x9FZo_ß±\xBCA\xDA�
-\xEA\xFA<��V{VI\xDA\xDDLn\xE1_\xEF�އ\xBE\x92\xF5\x99\x94\xF7\xD5. \xB5\xC0\x85gV+Ĭ\xB2jw5#
-\xF3B�\xC2:2s\xB2u\xE1\xA7(\x95\xC8a\x8E\xCC9:�\xAF�ܷ2�t\x83\xB3DK\xD6�<\xF4G\xA1\xC2\xE7龡31\x95\xDD\xCA�t#\xEDg�\
-.\x98\xEDu6\xEE\x8Fi\xB2\xD9��J\x8E\xC8o\xB5\xEF�x\xF6Z\xD7\xD7��_s��Z\xCB\xF2h\xB0V5�\xBC}r\xAF�\xD9\xD1\xFE�3D�X\xFF8�\xCB\xE96\xE6Q\xE0�\xCA)�\x92v\xF7\xD8\xDCkx\xDE�\xDD\xE9\xF7)J\xE6�\xBF\xDFd%\xCCAm=\xC7\xC2(#Õ K��Y8\xFD_
-u1`\xD1ΑI\xAC\xCEP\xA8@\xE0\xDC�\x9E\xC7?M�}\xAE\x89# �\xAF\x91\xBDБ�\x98W\x96\xEDg
-w\xC3!h\xBAʢߵ\xDDf\x82]�\@\x98\xB6Ly\xECod\xAA\x9A\xB9\xF8w\x87\x93>B\xABշ\xBC˿/K\x80\xB5Ur\xE6ȟ\xBEUI\xB1\x{DEAB}\xE0� �ߖϰ\xEAEˤ\xFA\xCD�v\xB0A\xF5�="\x99\x82\x97�7Y\xF0\xDE\xFA\xD2m\xD2�\x96\x8A\x83\xEF\x8D\xD9{\xF3E\x831\xB00[ =Z>\xC2|\xB8\xAAެO \x89\xCE�\x8F\xA7uw�\xB8O�L\xBE+\x82\xC6�\x85\x89\xDDmdY\xCE�H\x8E\xB6d6�)\xEEf\xB9\xB3�|\xF5i�\xC3?R�\xEBv&?\xBF�;�5\xE2f\xB3\xB8��\xC3c�\xC3+\xA9@\xA8\xA2\xAE\xC1�\xA2z\xAA?%\xC9Ⱦ\xAA�\xBF\x970;\xBF\xC0st\xC0Z\xD5 \xF9{�\xCB\xF5\xBDl5\xA41.q~<\xFA\xA3\xD68ϖ\x{D8DF}\xCB\xE6k\xEC*\x84\xE7^ﶎ\xCA#\xA0u\xE6
-g\x85�߷.:\xFFa\xE25\x92֋AZiD�+\xA6\xDFuFƉ��}\xB6\xFB\xBD\xE92\x99\xB8 (�\xF9p~\xB7\xAA\xB3x\xA2
-:\x923���\xB6\xBE/e\x85)\xC1\xCC
-\xBC\xE4�\xC7Ri\xAFz>\xEFu\xD91V\xCF\xD0�\xC2�\xBC \xFF\xAC&\x91�3\x9FL.~Y
-_\xB2\x9D\xA9Ћ\xE2O\xE0vH"r\xA7\xA6$\xA0\xB5�\xE9 m\xBD\x8B�bS\x99�ʴ\xED\xF0\xE04ҧ\xCFUGB]\xBE\,k\xB6Q\xA5b=R\xCA@\xA5=\xC3~5�1.=!\xEA\xB4\xF9F\xDF����l�\x82&m\xF2·\xB3�\xDB\xEF�\xF0\xA2\xCC2\xF9�zA�S�\x92V\x8E\xC3J\x9F|)\xCF�!\xE3\xA1=\xDCH\x9Fw\xC3\xD84*\xF6\x82\xF5�\xB6\xEA�\xB9�\xA6pT\x99\xD6\xD4�\xF6\xE4&�\xBA,đci\x81Q�\xAA��\xF4yi\xB4zoj�/\xBB\xAB"fuC�R\xD7�\xF3�\xC1\xA8A\x80$c\xF7\xBEE׽݂\x93ٲ)қ\x9B\xF2U�\xF3AJ7\x81JC\x93\xF0\xD0I\xEF\xE4Z\xBA\xDA\xFF\xFAz\xEB\xF1X :ܪ\xD1�\xD6\xD5\xF9K\x94�\xEC\xC6_\x95R\xC6�\x8E�\xE5\xBC\xD9!\xF2�T\xE7\x9E\xC3\xD9Zs\x8D�z\xE4X\x8E\xEF\x80mLu \xD1i\xD9&\x9F\xC8C\x8E\xCF�\xC84�\xA4 �-�\xFF^{\xB0\xD9�\xA4�\x87�t\xDBE\xFE\xC7bQwȗ\xF4,G\xA78\xD1\xC4^\xFB\xAE
-\xC7\xF0\xAA4\xEE\x87c\x89\xB9 j%cx\xA0ËŠ\x9E+q\x9A\xE9r
-\xB4�\xCA/W?K\xEC\x9F�%\xBC�Nt \xBE:c\xAF�\xEC�b\xF3�\xDCw\xB2
-\xBA'7$c\xB2Ј\xD0!\x95\xCE\xDD�\xA7C\xBD\xAC\x8F\xE7$\xCA?b\xEF�\xA8\xFE\xECl�"O\xE2\x8EK\xB1\xBE'\x98w
-bx\x97\x89\xDC\xEA\xFCj\xB9�\xA3O@\xFF\xD9,s\x81[\xBB6\xFD\xAA\xEDc\xE1v\xD1Y\xB9hd�_\xE6\x93,�V\x8C\xA0\x9Cb\xA8
-\x89\xF0#"^\xC6�\xC3g�\xB6\xB5\xB8!\xFF\xC9#i/\x93\xAA\xF1\x8F�d\x97\xC1\xD0RD4\xEC\x8C-�%\x85\xB7#\xE0r\xFEvf"I(&!Q\x83\xD1CG\xA8swEe`Ff\xF7\xCB\xDA�\x8CæœRC\x86�\xD7\xCB\xEE\xEF+Zs\xC3\xE3\xD8Hz\x96Xf--\xA6\xBC\x85\x94�N)\xB1�;\xB1shs{\xA3\x95a�VXAת]�\xBEb9\xEF"�\xC1\xFAp\x9C\xE4\x95Ôm9�0$j\xAE\x84\xCExL�YxC\xC0�8\xCFB�\xBF\xC3\xED\xBC\xEC\xF9\xEC\xE9\xD2eE\xE1\x85i\x98U��\xEA#\x91\xD5A\xA4\x92\xAF\xCD�\x8C\x92�a
-\xAB�Ç\xB4�\xA9\xBET#$5? \xE9\x9F诡\xB3pr\xE4Z\xE8<\xA7�\xA0\xD1M{å«¡x\xA6\xAF\xA1\xC9!�\x82)\xB16\xBFUp\x82Ó¼Ì\xD1ÜŒ0+�\xFC�9r\xD7\xF3\xD5>\x8D��\xDEY\xE3\xC3\xF4 d�3��\x96�\xD2_`gbת}\xFB
-r\xC2Wf\xAF(\xBE\xA0\xCA.T\xB3\xFB\x9C$rG~\x87\xCCR)G\x85-�\xFA\xB2O2\xA3l?\xC2B\xFCX C\xC7�\xE4d"iXć\xCE�\xE0\xF7\xC8\xCF:\x8E\xE7EN �?\x92O\xC1L\xA65\xCDÔ \xA9\xE99\xF7\xB0\xD3?\x97~P5\xC2�+ \xBC�\xFEÒ†��y�\xD5\xF4\xD4#\xDF3-\xAD\xD2.\\xB6\xB4\xF9\xA5\x84\x95 \x9D\xE7ÄŽV\xBF\xB0\x8F:\x89\x9F\xCFj\xA5\xD7\xCE\xDB�|M\xBF\x9F�\xAE'\x8A\xA9i\xD5\xE1Ľ\xA0;\x87\xB9\x8B*\x83\xFA\x8A�\xF0\xBAG<n�c\x87H\xBE \xCFt\xD6Ï…\xE5�9
-}
-\xF6&\x8F\xD5>\xADo\xB4\xD7\xE3�\xAE\x90\xE6\xAC\xD1 at z-\xC3=\xE9\xF7\xEEۃ\xEE\xF8\xBB^]b\xC4ˊ\xACN�-I\xFD�J\x80\xB0\xC0jDM;\xA9˜U�\xD7\xF4\x99\xC3|\xC1\xCAȳ��5\xC3
-\xB6!yJ6\xDC#\xBD\xBA\xF85\xD2�\xC7-u
-\xB4\x96Ot\xFF\x8B\xCA�\x87�\xDFk\xA7]\xC33\xA4\xAC\x840\xA5`\xE1ʓ\xEA\xED~\xA9/�^C\xEB\xF7\x95\xB5p\xAD\xC9\xFC�7sc\xCB \x81�O󋿣h\x88-ހ\xEEi� \xEE\xB8[j\xC4'�Ճ\x8F\xB4\xA7�!\xB6\x977\x9E\xDD\xD4�Y\xBFE�Μީ\xCA\xCBi`��\xB5\xEAm\xA3\xA2>T\xD3\xF11Z`N\x9F\x87�\xA4'\xFC\xB1i\x93\x92Jb\xFF\x80\x899X\xEA\xCAڗ\xB5�p,\x8F\xBD\xD3W\xA5��\xC2\xD4r\xD7!K\x9A\xC2\xCE\xE8\xFC`�\x87\x9E\x84\x8D\xD5�\xE0@\x81l\xAE�/�\xAD\xD8\xFA�\xE6.z\x94\xC8�\xD9\xE4+\xF6<7\x9B\x83\x8D\i0z\x8Fl\xFD\xA3b\xA9U\xD0{S\x9B|\x80h\x95Y\x83�\x91�\xE6>\x85mL0�\x8B\xBE\xBE\x84�,q\xCAdn\xEF#\xE7�K\x8F{\xEA�\xBA\xFD�\xC2I�_r(\xAE\xAC\xB5��׉\xD2\xF5v/\x88\xCF\xF1\xF3\xF7\x86\xD9\xC8BD\xDF�\xD1\xD1#\x85i\xE2�\xB7d\x87W\xB8\x88\xBD\xF7���\x9A�Л\xAD\xF0\x83\x8B_� \xA5\xBF".
-(\xF8\xA7\xE3٤�'\xA7I?D\xD8D
-�(F\xB8 \xDA\xF9\x96|\x91\xB3e\xBEQ�6�j1\x89j\xDF$\xA2\xC2�\xFC\xAE\xBA\xDB�SR\xDFÈ’+6\\x8E\xB9FÝ‘Z\xFC\xFDuMb\xB1�*eR^\xDEZWjSC\xB90r\x942\xE2\x92]\xF2�\xC35|\xF4\xB9\xD1^\xF2I\x80\xD5+`\x{12B18B}\xD0t�\xFAI�\xDA�\xD9\xF4\xA9\xDA\xF2\xF3\xAC\x83�\xEE
-\xE4\xB6\xD4\xF1{uÚ¸M\xAF\xFD\x9C\xEEd\xDF\xCB \xE6�6 \xDA�\xB4Q\xB5\x9C
-\x8B\xAC)�\xCC \x9F\x9E6\xD6=�j\xC6�dÝ;\xED\xA1Ô¶\x84\xB5\xBCn*_>;y<"\xB8\xFC,߸藵\x92\xF0\xF0\x92�d
-\xCBD\xA8Q\xA0T�\xC7\xEB\xCC\xD9\xEA\xCF\xDC\xCD\xE5��\xEF�\xD8`.\xF8|M�\xF5\xAD�\xBA\xED$\xF5�\xB4\xC3É*\x9A�\xF67 \xB4\xA2Z\x95\x97C^\x93\xFAkVa=\x9EB\x9E\xAB�\xC3�U\xF5u�\x8BVQVQJÕ\xDEL\xA7Q\xB6Å¡\xEF\xBA\xDC\xF6\xDE\xD6\xF8MØ¥b]\xAB\x81\xAE[�\xBFo:}\xBA\xFBg<$\xC8V�X\x84~\\xEE at uOG\xAE1u\xE7�\xE6M \x890).
-U\xF2\xF2\xC9\xC8hW'��Vws\x98\x87׈\xA2\x83\x95\
-=;�3؇�Z\xD1m{\xA7f\xC7u1{\xA9\x82q\xAE\x8B\xE9%\xD1)(\xDB+�\xCB*j�\xF3\xBApd\xB1N\xE1NK\xB6�\x9B\xE1\xF3\xFA\xA0E\x8B\xB4\xD8*\xEB_\xAA\x8C�\xAENvL\xA2Q�\xB0-\xEB�lr\xB1\x{1261F3}\xFD4\xDD!a�A\x85\xDA�xYGmfBv�_C\x85\xB3\xD8\xDEb\x9Aų\x94֚�\xD0\xD0
-\xA2\x9C\xF1 \xA3\x91I\xBD�\x85
-M\xA9\x9D�:l/
-?X\xE5\x9B\xE8S\xEEv\xE5\x9EÉ›\xE5\xCE\xC1\xF1iM\x84ED\x93\xAC\xCA\xF2\xF2n[\xBBy�\xD9�\xA7�\x94 \x95\xDD\xF5\xA7\xE2C\xE55\xFA\xFA\xA9�:\x89È•�5 æ—€p\xAA\xF0)�-\xC6w\x8B\xFA^R\xD5��\xF5�`�\xCEWL\xDBQ\xC1Ý°N\x92 G\xB6R\xA6\x8DZI\xED�\xA4s$\xCD\xEE\xDB\xEE\x85�\x81\x8B\x8A�\xAFr\xA1\x9An\xA1C\xDA\xCD\xE4\xA5ÛŠ\xCC\xDE\xC9�\xE7\x85\xDB<n\xB2\x97JoE��\x98M�\x99h\xBFGU%\xD1\xDB�\x94\xFF�\x83\xDE+�P\xE0\xD5MT�\xE6\xF8\xAB._�\xC3eL]Ã²Ó <Ë°e\x99\xB1F�\x8E\xA2\xBC\xBA$^\xF1$g�\x93\xB0\xF9\xA4&\xA9\xB5_'KTd\xB7\xAFbF\x97\xBC\x8E~\xF2�\xEE=NÕœ\xF7\x82�<!c\xD2�?\x8F\xEC�Q\xAEЄ\x8C\xB0BTN\xF0{%\xD0VQ�\xC7h\xF2:_\xF9\xAE\xF7�A\xA8eiL\xA8(��\xDC�\xF2*\xF4h\xE8 *�\xA89[\xE92"\xDE\xD2�\x8B\xA2\xA5Vc\xCFÔ½�\xE8\xFA"\xD5�5\xFAgF
-.\xA8CA�V\xB2\xAD\xB6\x9AH't\xA8_\xF6mjA\x9E\xEF\x95\xDAqm\xABB
-fÖ\x9D\x98>�i\xE7td9,kQÏŽ\xF9pM\xEE8\xC5x\xA2E\x90w�=s\xF5\xF3\x8C\xAB\xD3j\xC0\x98#\x88Û•\xBE\x80\xE1ꌳE\x96�o!�)�\xBB)\xF6�\xD2o\xF5o\xCAQQ�<R\xF1�\xF0z\xCB\xE53\xA2X��\xF5Yf^\xE5v�\xF2\xB4\xAD�\xA1b\x86�\xE0�*�\xF5\xD6o4kyO\x89\x8A\xA77\xC9_#\xA2\x81wm\x9B�\x9F
-IJ�\xAA�\xEC'\xFEq .\xBDa\xF8\xB0+�rã³—2!\x9A\x99\xF8`%<R\x88\x82\xD6W\x88\xD3\xF6\xB3&�\xAC\xA0\xE7)UvC\xDC)s6(�\xE2\xC3\xC2[\x9E\x95\xAB�
-�%\xCD\xEB�6\xA9]\x92\xB4a\xAEK\xF35\x94t>\xF9,�\x8Db�R\xAC\xF7\x84S\xF6\xABN\xC1\\x8FS_+ǂ\xF8ھ\x87\xDCzh(\xE8\x88\xC3A\xA6\xF3_�\xDB�\xF0\xA1v/ۤ�\xBC\xF8A\xC7J�
-�\xBDdcb4�Ç\xE5\xF8\xF1\xBE ��\xF3?\x81\xC4 9\xE8\xF9D\x91Q\x99q\x85�@Y;\xD1v/\xA3�\x99YQ\x8B|\xA7Ò²\x97(\xB6\xBA\xD7.\x85\xE7b\x98r&�\xE2\xDFå…k�?�U\x8C\xE3\xFE\xFDj\x8A�\xCDO&ÃŽ)~\xABt\x82t\xB1è„©@\x9F\xED\xD3.*\xADN\xCA}\xDC2\xF6\xA1xy\x8FB\x89W�!J�\xAA\xF5%*x|\xEA~\xA2É–\�\x8DÄ»\xE8Ç„2\xFDâ±¼3�\xCBx�\xE8\xC6g\xF2St\x94Hb\x8E;\xB3\xF6\xAAY^DVdf\xA2k\xE8�\xEF\xB9\xCF{\x92\xAF\xED\xFD\xE5y\x88w\x9C\x9B:\xA8\xBA&�\x9AI;c\xC7��\xB5\xF8\xB0��\xC2\xF7\x9C�\xF3(\x97\xC2R
-\x991\xFC\x8F\x98|\xDE_"UZ\xA4l\x80\xB9y%N OH�nEV\xEFp\xE9�\xFE�\xDEkf\xF4\xFCÔ•h\xA3\x93ߘ:n\xE2\xD3L-e\xE9Y �i^\xBB\xF4~\xBF\x84N\xE3\xD9�\xA7\xE4FV\x86\xBB"�\x8A\xE1=\xD4�%��61\x82*?\xD5Q,S N4�\xB6\xF6J\x90\xC2\xCA\xF8\xE86c��\xF8\xF2䀀\xE0\x8B\x8F+挿z\xF3N�{\x85hi�\x84�'\xC8��~\xCD+\x9B2\x87\xFF\xDBn4\xBE\x9B�\xE5\xE7\x99ÎÌ°u[\xF1\xFA8\xB4^Ó‘u\x97\x90\x91��gV4=S\xA0\xE7,\xAE� \xE0>\x82\x99uhX\xE1B(\xDA\xF2\xD6\xF0Kg�\xF3
-\xAD\xAF\xFAä´†\xDD}Ji:~U~\xA2\x98\x9E\xB6q\xE9\\xCAf\xA7Ny\xF1H\xEF]\x8D#\xC5\xFB\x98\xBD�\xD0\xC4\xC5�,sx�\xAE\xF0\xE4C�\xF03шx\xD7y{\x9F\xFE:l~"\xFB�8\xE0\xD6\xC5\xC2Û«\xF9%\xF3l\xF7\xA8tf')h�\xCC�\xD83\x8A\xB0c \xFF\xD4\xD0�\xA9\xD2\xF2I\xDE\xF5ש\xA31\x84\xD2`he>\xD3��\xD6F]к\xF7'\xC6W\xBAPB\xE4�\x92\xBDs\xD2+\x815\xF1\xDFÚ§xO\xC6�\xAB\xE0\x82\x9E\xA3.Ht3<\xC0\xFA\xA9*m(\xF3\xAF\xADK\xB4\x9Fe`er\xC5�\x82\xE9�\xA3\x9F~�\xD2b\x89\xF2\x97v\xFC\xC9\xCD6\xA3ZC\xB0Q�\xCE�\xED\xF7\xB1\xE8\xFB\xA1\xF6J]�7\xA0\xEB\xC20lD2�6 \xB2\xED��\xBA\x86\x87\x85\xF2\xFC\xE4\xF28\x89D\x97U\xB5�R}c\x9B\x8C\xD1G$Æ«Z+E<|\xBB\xBB\xC5X\xB7\xE4vT \x97t\xF2\xB2\xF9\xAFT2)\xEB�\xB4z\x9BO,:]3\xCFÖ\xF81U\x9C\x89\x98C�t<\xAC:8.��J\x86\xB6C\xE6�^�
-\x8FENc\xADw\xEE \xAC O-\xBE\x94+\xC9a�gÙ€\xC6A\xC7>\xDA/\x8E\xCF\xD7\xCB_\x8B�\xA8i*\x88{\xBA\xBA\x8F\x84\xCB¼�W\xD0P\x81\xBAb껾\xCF\xC8XÌP at d\x98\x8B\xEFU%\xA5:\xA9a:\x83Ú’\xA5\xDE�\xB34ID\xC1\xAD\x95\xDF%�_\x85=!Ș\xCE��a\*�ß¼\xBC\xEA<\xBB\xE1ae)�\xA3\xE9\x8C\xF0"0\xA3m\xED�É\xA6\x80�|\xB0U\xE1\x846\xC1\xE2Px0-\xF6Q\x93\x8AC\xDC4\x8Cd�x^\x8Edh��:)\xB3�]4\xDB',P�\xC5�o\xE8\xADno\x83=\xEB�줾mz{\xF4\xC6\xC3�\xB8\xC3i?\xEA\x97\xE14\xF4!\xF6 \xE5\xF0A5\xB1\xF7\xD9\xEE\xCF\xE7\xEC}
-%\xD5�EJ\x9E;l\xB6\xB8\xDB\xFC�
-³\x9D]A�Q\xB0ë±€2�\xBD'T/]y{\x88s\x94\xE9s\x86\xEE\xE6\xEBq\xC0\xC7$Ië¾\xED(\xD2̯\xB3\x92\x94\x9Ae\xDE�\xBC\xE9�4nGGq\xB7\xB8�\xC4�0uZ\xED\x89b
-\xF3�ѣ\x80\x87�\xAB
-\xB2``\x83\xBF\xEDs\x9C�l\xB7\xCEF)pe\xCD\xD1\xF4p\xC5zF\xDDO\x95\x8C~3S\xBA\xCB?\xA8\xE0\xC9�>\xEE#\xC0\x90\x80B8\xA0p\x92�\xD9�)\xC0�\x9D`\xA4cL\xE5?\xC6\xEB�'�D\xD2k\xB1�G*7,}L\xF0\xFCD\xC9SX�V\xBF;\xC2�)�\x87\xC9*{��\xF5\\xDAz5p\xC7-J\xEAè \xCD\xEE\xBBKDO�\xB2\x91\xD7oyA�\x835�ȃ�\xE8�\xF2\xF66w \xA0Q\xBCRx�\xDC^\xCFG\xE7\xCA\xD5Û·\xCC9�\xD6=\xF8\xD5!ކ˶\xB1\x80\xFC\xA9\xA6\xE2\xF9)\x9DX\x93`I:qS\x8Cĸ\x8C)>]K!@�\xCCYqQ��\xC1\x89�\xB8\xE2\xC7Q\xD4Uw�\xB9j�KN�F\xC0-\xA7W<\xAC <\xE8\xD4\xDCu\xB7\xA6BE�j\xEA\xFC--Ï¢V[\x9A\xA9\xC0\xC9\xFE\x8D\xAD\xB1\xC2\xF5\xE5$@V\xD7)\x90\xCD\xF7qEA\x8Fâ–ž\x83\xF9\xF1\xF0M\xB1ȳ/\xF8\xE3.\x8D>cS5\xFB\xDAv\xF1��\xEEJÜ«5\xC0\xAD\xBD|+\xAD�\xDDÌ…k%Sb�\xBA\xC1\x8CT�\x84-Õ©\xCFJ|\xF5O\x86Ayk\xD1\\xC5gH\xF6ÊŸQ\xE7f\xDF$\xE0Ϲ\x8B-\xDF
-\xDF&�\xCEi�\xFD'g\x85\xD9\xC2\xEB\xA7\xD0>A\xEFz?\xB6\xE3\xB6�\xA2;)Y��w\xBC\xA8\xAE\xD0\xF5x.\x88\xF6\xF8:\xBE\x91\xC0\x8B\x8C\x91rmH\xC6\xCB\xC8N(\xFE4a\x9AUk�×\xCFb>\x89\xBA\x96\xA2$ï¤\xA3\xB4\xD9�y\xB0B\x92\xB5W�\xCA{P\xBFn\xFA\xC7LZNI\x8B�\xFF\xD5LT_\xE1\x8AI\x95%\xBC߆Ë\x87\xFC�\xAF��6d\x90\xB6PY\xB9\xA3;\xC8,D\xFA\xEFÜ¥\xFDj\xB4 \xAB\xB2\x8DN\xD1�\xF7\x9B\xCB\xD1k\x81\xFDl\xB5\xC5\xEB\x9D/r\xE1B\x95G\x87\xD6É\xB0\x94e�j\xF4Òœ@\x8E\xD9>Ã…\xDD\xD8h\xAA\xEEB=2\xBB%
-<\xF2\xDAU\xA1~^d\x89\xF1\xD3\xC9�\xB0\xB4�e\xD6\xF2\xF3h
-\x96P\x81B\xAD\xE5\xC3=\xBF\xF2\x8BBD\xEA\xF4\xF0�\xC9�\\x9F\xB3\xD6y LJq�\xBCX*`\xDA6wY=\xD2*�P\xD8C�2\xC0\xD7\xE7\xBB\xE10\xF1\xD3
-\xF2DG�^\x9Dd\xA3\x9D~�\x82\xC8\xE2\xCC \xDDMÕ·\xF9\x96\xBD\xE9p\xEDE\xE0\xD0\xC4\xD1)K\xDF\xDB\xCA\xC3xF\x90nØ·Û¢\xD5\xDCagKd;�lzm\xA3\x92\x95\xE2Ð\x8Fr~\xAD\x86g\x9A\x82\x89�i�\xEA�\xCBU#T\xB9�\xB5o%\x99Лy\x92\xF8\xCD\xE2\xF6\8�\xC9Jv+��\xA1k_g\xBF\xFC\xD9\xDA-V\x9Bj1\xF5\x95���\xAF�\xA6\xBCu\x81T~f \xE5\x9AË’4|\xA4 W[\x91�\x8Fs4`\xB2�\xA1`\xAB\xC7/�\xFFN�Q\xD4�\xDC\xD0�\x8B\xB6eUR\xE8/-,\x9D\xEE\xEB\x87�h\x81-,@$\xCE�>\xA1\xF3\xFCsx\xC5\xD5�e�\xEB\xBF\xFA�\x91\x8A<�\xF2\x96\xF7\x89DGyP\xDF��\xFB\xEE\xDD\xF3�\xFC\xF8\xA6\xD8|t\x94\x8E&\xCDR}m\x866\xE06�N\x9F\x8Asu!!\xC0\\xD5w\x8F\x87\xEB\xA0E�É€Ó“{��\xFE\xABd\xCFS\xED\xCD"\xB9l\xA5Grw\xD6?E4\x9E�\xE6"[SUGY\xFE\xE6\xDC
-\xF8Z\x8A�.\x8DV\xAB\x87\xA7G\xAF\x90Kb)\xA4\x9E\x86\xA4\x8C,]1ccQ\xAD\xCEO2\x9C\x85\xE1\xB4�\xD2\xE5\xC7��h\x82�T\xD3\xF7\xE3�\xCF�†\xBB\x99\xBCu\x8Bg\xC2\xF6<\x86\xA4|d\xB1�\x81\x82Z5\xDAd\xA5\xC7�\xF8G?fIi\xFF\xD1PU=\xDD <G \xFE`GCp\x94v�\xF6\xA9.W\xAF�\xD2*\xB3\xC0��}%)\xD2\xD3/\x93��\xE7\xC0\x9Dy:P\x82�N\xA7\xD3X&�O2\xCC�\x9C\xC26\xE7
-�\xEAh\xBBc\xB1\x83I�%+\xB83\x93-_��\x86\xE9�q�\xED\xA2Bf\xD1?�X\xA2=\xA6\xFA<=U\xB6�8h\xCEA/*\xCF \xCCI�\xA5\xCD\xDDH\xD1\xD0[\xE6l\xC4�\x95\xE9\xEEnx\x9960�\xAA�_{t��\x9E��\xF5\x9A\x93KF\xCF)`\xB6\xCF\xDF*\x82Ó±\xB9\x8B\xEB.V\x98o\x97\x93\xF1,C\xB1\xB17'�\x8A\xB4\x8C\xE3"\x9CK\xFD\xF3G\x8F:\xC3J\x8B\xB6\x8D;\xEAF'�\xFE-\xAD\xD6\xD7R\xF1I��\xB1+�\xC6�\xB7\xEA\xFBV\xCDb|\x89(�\xD1\xFE\xA3`�w\x9C�a+\x8E\xE2X|G\xB0Â’\xFBU\xF6\x9D\x8FlG_ÝQ\xD5u\x97O\xD6�\x9F\x87�Óƒy@\x92\x94\xF7T\xC0\xB1Ù´�\xC8Ù³[\x95\xE3qP\xE6W\x93\xCC\xF0\xC9[\xE7\xF1\x96G�M\xCE\xCAf\x84V\xBD�\xD5�\xB6\xAC\xFB\xD4&`����\xA5?\xA3\x8F\x98C\xCDn\xDC�\xD6W}\x98L=\xBBF�O+f\xD5Zs\x81\xC8U�\xC9 �<,64\xA9\x80s\x8D\xED\xDB5)\x89v�\xEC\xF1j}6\x9E\xE5V\xB2
-q\xCE\xE8\xC1(/3\xEC\xE3[\xAF\xCF�\xF5C\x82S\xE7�\xFC��\xB0b\xA4 \x92 \x8FhF\xB6\xE3
-B\x9AK�\xE4;*t\xBBT��\xE5\xE0\x99\x9F1g\xF45_\xA7j\xE8\x92�\xAEH\xA4\xB2�Ä\xAA<\x91& O]y�9\xB3RÚ¥\x9AA\xB8\x96W=J\xF6 at V
-W\xFAm\xC8\xCDH\x82�B×\x86U
-\xA8(
-:\xFE\xD9iÓ„ZtM/e*\x90i\xF9\xFCY\xFCx\xE7mM\xDF\xDD\xCE\xFA +�D�\xD7\xC5o�{�
-T\x88�d\xDA[\x90\xBBo쨔\xCC�\xACu\x82i9\xA1n~p
-G\xC8�f\xEA\xEC\xF0.\x86t DRmf\xC0&Q\xFD3\xE1v\x95}Ó¾}\xC0\xF7\xF2�\xF3K\x85\xB2×™V)�*\xAD�\xB9E\xB5 �\xE9\xA3�\xFB\xCF=\xE8㨡\x82�\x80\xB6h\xAE`�\xDAS΀Wvm\x9Bb\xCF�\x8E\xF92\x91�\xA8È—\x9CR?\\xAB\xAE\xCF�\x96�\xE4Tg\x9A\xAE\x88$g\xDEr=\xAF;\x98QW\x90碂\xBB\x9D\xD8\xED\xA1.\xD8\xF6Å\xDF\xC8�\x9F\xEB}�\x87\xEEy\x97>Ì}\xA2\xE0\x93RI\xEAM\xBC�\x95e\xBD\xA8pl,\xA43*\xC4�T\xB7\xFE\xD1)0v\x92\xF4z\x8B\xEF\xFC1\x8A4jH\xA4\x86\xBCa\P\x99\xEF&?\xA7��\x92\xA97\xA8\x97
-\xDE=\xE1\x947?\xEE\xD6
-\xF1\xCBu.\x9B\xC4Z=\x95\x93ز\x8B,-~\xA0\x87��J\xD0\xDA\xF4r&\xEBm\xA0\xFB\Z\xE6\xE2o�\xAE\xF0\xBC\x8BI^\x86\xC0\xD0\xF9\xED�o\xA4Ll\x87\xA0�\xA5Te\xE6N"\x91\x88c{Oп \x9BX\xF1j\xFFd'ڎ\x93La.\xCF4ag\x95\xA6\xAC5\xCE\xC1
-^|eV
- \xF38�BгM\xF0\x90\xF6\x8E5\xB7krÌ¡\xA6ɉ\x86\xCE�*\xF3\xEE\x98E�\x94 \x95\xCEŔІ\xF0\xAE8ð±ŠC\x91�\xC1Sj\xDC�N\x8C1I2\xFF\xF1\xF3\xA1&�\x91O�\xE4s��\xB3=xVWG8��sÛ‡\xE6k=�\xA1�\xFCk\x89\x9D\x8C{>\xCEi\x85\xCA�Ì¢%\x82\xC5{M6C(E,w6\xA1\xC2\xCCT\xFE�\x8Af\xF6W\xA7�u7\xBB�\xB9\xC4b(\xE15\x9C!\xFE\xAC \x9F\xB1w\x9C\x8A\xCB\xF3Õ³\xCE\xE0\xF6\x81#4ky[�8\x86\xAAÇ‚n\xD4{\xD6BzQ\xE5�\xF9\xB7=C\xC7z\xF1+A\xC7Í¥\xDBJn\xDDÄ©\x91tÕ¨\xA6Ú²55G\xA1%2��\xB6\xEAFÑœu\xD0��a\xF73\x9A\xBE\x80m\x94Rj2\xB2\xAEh,\xD6\xDA/�\xC6+7�*\xB0\xA6\xE2\xA9\X*\xF1|\xD1\xCEND��P~D�\xAD\xF5\xA6\xD7�G\xA22\xEC\x88\xF4B\xAB\xDC�\x81ÒŠL\xEB\xEB\xBC\xE8\x8C!$\xEF\x99\xEFS\xA2pK\xC88K2�o�\xEF\xDAf'\x83\xFD\xD9o\xDAÛ±�Q\xF1<\\xBC\x8B\xC1(\x92_\xE6C\xD7㨄\xC6\xFE\xF8�E\xFEw\x91\xBD�"[�\x94Xq\xAC\xF0a\xAF�f\xD9`\xCB7P�\x95\xA0\xD7 »ge\x91\x9C\x97\xF3L2\xB1[�Ú\x96rЛ<Z{\xD2D\xD1P\xE0\xC1�\xBFn\x95�T\xED\xE4\x96\xC8}<w\x90\x9F\xE1]9\x9F\x96\xF1�%\xA1M<��M\xE7\x948ɽ\x90t\xE4E<\xA0VP\xBD\xE3\x88\xCA(碊\xF18�#x\xB7T\x81�\xB9\x89�\xA3=%�d.IM�^A\xBD\xE7Cm\xBA\xBFAnw}pk\xD7?@\xA8'\xEAx~�oG\x93<wO��HÍ�
-}\xC5\xF3\x96Cglx�kS\xC5�\x9Ag;\xD7r\xD1?\xC7\xC8�8�\x8C\x87\x84\xA4\x95\xD6}�Y�\xA9\xBCt\xED\x83\xD3\xDA",ɫ�2E\xC5V�\x80|\xC8\xD1c\xFE\x96\xED\x89�\xF8ȨՈ
-\x9B\xBE\xCBױBnWM\xE8�\xF5\xA6\xCD;\xF6y\x8B{?%Zp�\xB6\xFE\x81\xEF�,OO\xD1^:5\x9A\xE7\xF00\xC4+\xA4�\x82\xB9\xA7j\xC0\xF8�\xFF�\x99BX?\x84\xD4\xD9\xF0\xB5Ǹ\x88 \xD0U䷿D\xFC.
-�\xE9+\xFD\xAE\xDEfD\xE4\x83[\xE4�\x89\xB0e\xD7��\xAA�G׻��\x96m\xBBр\x8Eve\xB8\x87\xD7o\xA0\xF2\x83U\xCBG#ޯ3\xA5H\xD0�\xE7W\xB2\xD0��h�\xB4Xօ.\xCD\xCE�-\x8D\x80\xBF�B�\xD5
-2\xB5A \xA8�\x93\xA4\xFD\xAD"\xBC\xAF;\xD9\xF2 mf"8vzP\xA4\xEC\xFAH\xBE�I\xF86[\x91#a\xD0�\x99��\x85g\xAA\xC3&F�']-+�\x86Z7\xFCR\xFBV\xEB^ \x89�j\x98\xA9KZ�N\xCA\xFDA?�6��~\xE7\xA8\xDB욃\xE1q\xCDg�\x8EW\xCA\xFCzǃ\xBD+\xE0Ic��auÑ“\x87\xDA\xFE`�\x{18A118}\xA1\x87\x80\xA0A(�\xA18\xC5�i\xCAP�H\xB0:)\xE2\x8Ev\xD5�u\x875\x9B\x84\xAD\x99�\xB1\xC0\xEDc\xB6\xABk\xE8\xD1X\xCBa\xB8�\x8E\xE65Ç”�s\xF5\xFC3\xF8�E +\xA22�W\xD1\xC5�È\xB0\x8F\x95��\xF2\xCD,\xE4�\x9D\xC3Z&\xD3R\xD6\xEF\xAAr@\x94\xE44\xBC�8\xE8�\x8BE\xEC\xC0�\xB0\x8D?a*\xB2oѾt\xFC\x8D\xA7�\xD0\xE4x\xD6�\xD8<\xD8DÞ\xDB<\x8E�6\x93�K)\xA4\xBDw\xED\xE5IX\xECtc\xED�Z\xC1GP\x8ED\xCE\xFA'�\x85H\xBChë ›\xFD\xF7I~�\x9E\x8E\xA9e\xBF6�\xDFp\xDDL\xE0A\xFC:I�Ø°\xB3\x83\x8CRo\xDEasm\xD0xÅ»\xD6\xC8\xF5Jg�\xBDV\xA0\xCA!n\x97�\xFA1̃*\x8D<\xA6UY!=<\xC98\xF5\x97L\xF2�\xDDK2_T\xD1�\xE9\xD31Å k\x9E��s\xD5�
-��O�\xC1\xFAFb�\xE1\xCB^\x80\x90 �\xE1��\x90\x96\xDF\xF4\xB6\xD8<\x88\x92*�\xA6\xAE\xF4\xDA\xDA�[\xAAO@/iM\x{117C59}\xB5\xC8\xD5\xF2�\xB6\xB9j\x87\x83�9\x8FGMzO�U\xF5~<�m\x80\xC4Ê“\xC5ÚŸF\x97\xEB*\xFA�\xB7\xBF\x85\xB6\x88\xE7%c\xEDЬ\xF2r\xE9!\x92\xBD\x9C\xCE-'\x9A!\xC8�J\xA5\xBE\xB1M�F\xFF�Õ“�\xFA\xE5: \xA6\xA9at4g$\xA9\-i\xF01\xA4�r\xA7\xE5}\xEA\xEB\x8A\xEBC\xA1\x88 _Xá\xA0\xF3`\xB2:,@>��\xE7��\xBEl\x82\xBE\xC4�P#�3\x81�\xFFJ\xCCs*\xDD\xF0\x932\x9F\xF8%\x97\xE9\xEEIjCk;\xD79\xF3MO8\xF7=\x86\xD1r\x80\xE7\F\x9B�x\xA1\xC5\xE1�\xD5�\x83\xF8&3\xDC\xE0\x81\xA5�l\xACQ\xE4\xF9�u~\xAFI\xB9c\xBES�\xF3�\x84v\x90\xFBkV\xB5\xADb\x9C\xD1tU(%9\xDCZe\xB9d5P\xC5/$9\xF6\x85\xC3Ý»I\xC1\xBC\xFC\xFEë©\xD7\xCC3W\xE4Tz\xA7p\xDD\xED\xA4\xE7\xC4\xEA�&\xD3YM~�1\xAFèš2\xF5\xBAn\xC5f\xB5\x97\x8E\xB3QfO�\xAD\xF6\x87�4\xEEK\xEF\xCBk\x8FY.&꯳�y\xFF\x88Ãct\x90:\xDAi\xFEY�\x83\xBD�\xD6 at 0\x8D.\xBCØ›\x81\xE5\xB8�\xCC`\xE3:S5\xE3FRaK�l;:V�BJ\xEDs\xB9\xB3\xACo �*ms at UÒ¥�\xC2\xD9�ሼ3\xA5U�\x88\xEC\xF4r\xD9Й\xEA\xC3"_\xA6\xEDBp�w�B��F\xE6o\xFB9 \xF5\x86\xAE&\xE2ו\x82\x94\xF4\x8FQ\xB7QR/\xDB\xDB5!�\xD3\xCE
-.\x93\x9F\xB2l8md\xC7\xC4\xD7\xD5B�\x84\x8F\xBEɕ\x89�\xBFeI\xB9Q!b'\xEC\x9E��\xB4�\xF4\xA7W)\xB1\x84L\x8E啺g�ϑ\x84\x99\xB0w\x91\xA3�:
-3\xA1\x8F�=�ϧ\x91\xA5QT\x8A\xFA\xBE\x9A\xE8\xCDzÅ„(\xBF\xA1g\xCE"\xDFl\xAE3\x87\xA0�\x94\x87\xEEoÞƒ+�Z�\xA6o�\xE1\xF6\xE04Ę=t\xC9K-\xC64\xE4|~\xFCaPX/D&_\xF5\xC5;*\xA1\xFF\xAA\xF0!\x84�i,\xF6,\x96xou�*\x8C\x85\xC20c*S\xE4H\x98\xE8\xB5\xF9\xBC\x8CÜ’\xB5\xD9:\xFC\xD8�r9Њ��6�p(\x8C\x88��\xFF�\xD4LGE�\xCB?9\xD86E\xA6\xF8 C\xF86\xDC\xECzU��\x89\xC9Jo\xBDTÓ \x9Dx\xF53\xC7\xC2\xE6�\xB4Y\xE6\xA0�\xB9ZK\xAE\xBA\xB5�d�y\x97\xAA\xC0\x8DW\xC4�
-\xF7\x97Jb\xE6\xB0W\x87\xD5$\x93�\xA4)!`'�<\xFC�\xA1�a\xBE��\xF3=\xA4#۷j�\xF5嘕Wqo\x98\xFD\x96)_\xACH\xC53\xD4�AIW\xB2~{\x8E\xD1\xC7\xEE/\x8B�&\xCB\xDF]w\xDE\xCEZ\x83\xF2O\xB0^\xE5\xFB\xB5�\xC1H\xF1\xEB)\xAF\xAD\xFF
-z\xA4\xD9\xD6�\xB65.7N`\x8BO:K\xF5h\xECٜ=\xBA\xFB1\xAF\xE5'\x88\x8F\xA8d[\xE0\xC0\xAE\xA6\x9E\x{D865}�g\xEDo\xB2wG\xB3\xCD\\xFB\xA2922 \xF1\x9FzK}\xB7\xD8p$\xD6\xC8,b\x97\x9Brd�)�^\xD4YW\x86�\xD71\x9A�
-Ëœ\x9D\xA66p-�e\xD1�\xF9[n$�\x84:�J\xB0\xA8&bSEa\x87H\x97\x82�\xD1W\xBE\xF6�q\x8E\x8D11�\xC0cy\xC7K#m)�!\xC6m\xB1\xBE�59\xF5U�$}\xC0[\xE7Óƒ\xE7\xB8ׂ%\xF7\x82~H�\xAE\x8B>\xAC\xAC\xDF5Lzcx\xED���Ek\x93\x88�\xB9\xFA\xBC\xD1s:A\xB2\xF3p6\xB9\xF6n\xC1\xA5�+\xB2��\xE0P \xF5\xC9A�\xA1\x82\x8D\xE9\xDB\xF4Ä”,,\xA8Íb�6\xF4ʘ\x8EU\xC0%"�\xF0Ô”�\xE7~qf�?\x8F2\xCEƉ�RW�\x8B\xEA�KС:\xAF\xBC(P\xF2�~\xA3\xBF\x98�e*\xB2\xBB\x9E\xACh�q\xBB�\xAF�\xF9\x911'\xA1\xDB~P\x8F\x9F\xD3\xEC�\xAALq\x8C\xD9*\xA30\xEC\x8F\xD4Ϻ\xA0\x9F`t\xDEY\xEFw\xFD.\xC3×›\xD9/\x88'�x\xFB:\xEF+#\x99:\xE3\xE0i\xDDA\xCF�D\xDB q\xB4\x98&\xA5\x81\xB4\x89\xCAbb\xD4\xC7�\x98\x95v\xC4�U\xF2Mj^\xB3i5s\xD7�B��1\xAF]IO�]�\xCE�\xE9\xA3o>\xA4\x88\xE2\xD8N\xA7�\xC5f�\xC1+\x9EK|\x8AV\xF7\xD80\xB5��\xA2\xDAÉ„\x9AU\xAE=�ÙOBб^#\xB1\xF0W\x9Cs\xE9\xA4�>*\xB8ÂC\xC4Ö«\xF6#\xEB\xC2J\xA62�\xF6Ƕߦ\xAF\xD7!�G\xCF\xF1 _>pfR o"awo`<L\x9B\x9E\xAB\xBF*\xAA;\x97\x8E i!�Yt_\xEA\xCE\xF1\x95\xA9w\xB5T=<\xE1\xD0�å–\xB4)F\xE6RE;jÞ•|�\xBD\xE0\xE7\x8AL\xA1%�\x93\xBE \xCB\xF1qU^Ö¬A\xBF\x9C\x88\xA6\x95\xE1\xD2)h\x8B�f�\xF2m\xDCÖžtMr\xE9\xF0\xCC=\x9F\xBA&\xE7+\xE8/&\xFD\xD8d�\x91\x99�Y�\xA6;\xDD\xC1\xFD�u�-\x9C�\xACPD#M)\xA5\xD3\xE!
0\xDAVb�\x84\vs>\xA1\xE1�ҽ\x885dX\xB3\xB6�\xA3q\x97\x98�\xFEt�\xCF�\x96!\x8D\xB4\xA4\x94\xB5\x86\xA4z\xD8dd\x9C��\x93hY\xCE�\xBA\xAEF)\xD8\xF4\x90kI\xE1\xE6:Y\xF5\xE4c�T\x85\x9B<�\x96E�\+\xCF\xE9v+\xB2'\xE9�\x91\xD6"~M\xAB\xE9\xCB\xEE�~\xBBOn7"\xA0.\x88߉\xA5\xEB\x85E޵\xF0\xF4\xBBw DeIBZ0P
-\xB6K\xED\x81�\xBE\xAA\xB9\xD07�hĪy
-\xDB\xC1@^\x93H\xB7v\xEE\xE2\xF31\xF4\xD7�\xA6s\xB25?�ns\xF7\xFC�*<\xC0\xB4�e\xBA�bME\x84�N\xC7\xFAD�\x9A`\xA1\xE6W\xC3 at V\xA9�h\xA3\x8F\xFF\x8D\xC38\xB4\xA1
-\x94v}�\x89\xA4\xECc�JV\xD0�}e!\xA5\xB4�\xEF�\xBBQV=\xB4\x9B|8ѻ\xE4\xEBT\xCB+E\xBE+,\xBB0\x96\xB8\xB5'su\�~\xD1 a&\xA9ߔ\x9Co\xBBU\xFF\xA0*\xB7\xB7_߃i\x8B\x9B\xC2\xE6\x82~\xECT\x99\xA1#e\xA4ﺹ\xB77\x8D\XWqw\x83s\xDA\xE1i\x97[~\x8BD\xAC\xEE\xB6-�r\x859G\x84-\xF9Wc]\xC7gP-U\x8C�*L\xA3\xBAt\xC3�z\xB3$ZU>3n\xED�\xF1X\xC1Hw\xA1\x9A\xF3 \x9D�\x89N\xFA͡\xAEb\xBA�Zԅ\xADٓ�\xEBP�kY\xAC~J\x86\x8BԀ \x9CsF#\xC5\xC1\xAC\x93L\xFF\xFD\xB5\xF9\x96\x86`\xB4�O\xDDe\x89\x90\xAE\xE3�3X8\xA8
-E\xB8m4��*�a\xC0-&�N(\xBB\x9F\xF3�\x9A\xCCQ\xB7i\xBF&\xAD;\xD0k\xE8.\xED
-\x81\xF2$7c��\xA2\xF6\xE1zh\x98O\xA5\xF3 8\xDD\xFA\xE6j\xA1Ë\x91/%j�\xB1A\xB3\xC0\xF3\xEB�\x99c5$\xA0\xD3\xFCr\x92\xA0o|*\x85i(\xB2^j\x94-\xB0\xF3!"\xF7\xF1,\xB0\x9E'\xD4q�\x88\x8F\x81\xA4\xE2\xF9ŤCU#�\x89\x86y0-Hr\'\xBE\xD1\xE85\x87\xA4�%O_J\xEDS<^\xD6\xE1cP\xB0�Z\xFEZ5\x82Ҷm\x85\xFA[\xE9\xEEI\x92\xE0\xD90\xC3Q\xF9\xCE\xC7h�p\xF0\xA7ҕ>\xFE\x89\xAD\x9E�u�\xEA�]O\x89\xB4�\xF6d\xAD\xE3)/P2\x82\xA9:\xCE\xE7\xF9\xFE\x96
-�b \xB69G\\xA0 \xF7ٸ8 \xD9cCܱ�2\xF2~�$G\xC4"\xB81\xF3��\xD7?Ճ\xE4\x93~VY��P\xA4\xF8v`3U�Q\xBF\xFEftI\x9B\xBCgl6y\xEB_\xC6[\xF8HW\xF5[0�\xB0\x97j\x86B\x83LgxN\x86N\xBC\xB08wt\xE3r&\xF0$\xD2\xE1\x93\xF7\xFB\xC4;gU\xB9\xAEYG\xA4"Ȅ\xB4\xE7>\x8Eg_X\xA9�\xF8Q\x984\xBB\xA6\x89=|d�\xDA\xE7\xFC\xFC)\xD5\xFB\x8D��6MG�\xA7;#Q~l�\xD8
-,�I\x8C\xBF&\x98^\xFD\x9D\xBE"\xCF�\xA6\xA2Øqr\x8F,\xCDß®\xCA�>�\xEE&x콋\xC1d@\xDCh\xEC\xD2ZtES\xB7\xDA\xE5\xAB\\xB9�\x8F\x9E@�m�\xFA \xBD\xA7�!\xC2u\xEB�\xE4\x8AVE\x96Fw\xB6\xE1=\xBF\xC6�\xE6\xD6!(*p5\xAE,\xC1\xA9\xAA\xDB(\xEE\xB27\xE1]\xB7}\xF8� \xD8#\xB9F\xFD�_ßµ\xA9\xC0\xF3ן�\xAET"1'�\xA6\xE8\xB7\xDF\xC4\xC2F}k�#I\xAB\xEE 5\\x8F]l\xDFQ|\x96\x96~�r\xC0\xA5R\xC5�;\xBF$cHp��\x8B\xEBʳƿ4(b\xA3R\uÖ¾\xED\xD8\xD7¿\xC5`T\xA6alq\xF1\xBF\xE8\x95�6 �߬ Ê®\xA3J\xF1\x9F9W\xA43}Z\x96\xEDP�JB\xDBo8X~t\xA9�\x9F\xF5\xAC\xC46\xF1\x8AB\xB6
-e\xEE$\xC2jp�\xA5dJ\xBAlw\xA0\xC4\xEC\xB3�j \x85P*G\x9Ff�\xBAI\xABB0\xEE\xF9\xA1\xB0~\x92\xC1\x9B�\xAB'�H\x96!k\xC7\xE0�\xEBJП\xACYYã¹³\xE6\xD6�\x87^Sm\xD9�\\xF5Ó\xAE�� �\xBC\xA4\xAE�\xEC\xE2Ö±�h\xDF\xD5%\xB55i\xBB+Y\xE7\xB2\xFA\x8Cqk\xAB\xF4\xE1\xEF�$\x89n\xB5\x87�\xD4f (~\xB1\xD5\xD8DÉŒE)\xD0_hÛ¹\x86\x89'��\xA6\xF3p;\xD8\xE6a\xC0�8\xBC~\xB4P\xAFP(n[)Y\xE3b\x93\xA6\x92j\x9FH\xA7\xB7\xDE��\x8F?\x80\xCB\xF8�%\x83.\x9F(Ú”dh\xB1�\xBAOÈ’y��\xFD<\xAAØ›a\xE0T R\xB1�i\xB9\x98)G[o\xABK,c�7�\xB7M�\xB1Ǧ$�!\xBBK \xBA\x8E\xD4`�\xA6H\xB0\x80\xE2\x9Dy\xDF\xD1\xCB\xE5tB\xB5�\xE7\xC3\k�1(\x82\xD4\xC3�\xA9Ú¢\xE1o�\xC5\xF4\xA4\x92��\x95#e
-\xBB@�ਉ\xE4�eF\x80܎\x80h'2h\xD4S#\xDA\xCF*\xCA\xE7\x8C.ג_�X�\xCFe\x98\xE0~<H\xC0Q\x97�D\xEE\xD3\xEC\x96\xC8_\x{DAB1}\xA6\xB7:T\x94\xD9\xCE\xFBe�xU\xA6\xFC at EF\x9AsM\x9Dv\xFB�\xC3|>\xC7R\x865\x81�\xA1X?\xFF\\xD4\xFC\xB9�\x880]б\xE0/|W\xF5\xED\xE9\x91,\x87\xFE\xAD\xA7\x9F\xCDԇ�\xEC�\xA9ݞ\x8E\x98ݫ\x9E�\xD6O\x9B\x9BJ\xAF7r\xC0\xD9\xF5\xF3\x9Ai�\xCA\xD2�\x85\x96\xA7߽\x84b\xE7k\xA6Wu(C\xC4��A\xD5�\x89&\xE4\x84�c\xD6),\xA7��\x89/�\xBD\xF4\x8E���\xDDM\xBA\x8A\xF5\xBB\xAAH\xA1\x8F\xC0"\xBF\xE28\x98\xE5��\x9A\xE7L\xEA\xD69\x8EX\xC7ԕkQw\xA3\xEDC3d�\x81\xDAW\xA0+"YЇ|\xE3^�4,}3\xF8\xBB�\xCB\xF6:-z)}\xAF��Tmk\x97�5\x97��ق\xCE@\x85x*�m\xA4\xB7*\x88K\xDF\xC9i.%\xED\xEE\x9F[J\xE0\xAC*׻J\x93\xD6\xEE\xB1g\xD0]\x9DX�\x99\x9D\x9F\xF4\xBF(\xFA\x84\x95\xB2\xCF\xD5*xz^̰\xAA�\xE4x\xA5#}!*ϰk\x9Ac\xBFf\xBA\x81/&\x85\x8B\xB7\xF8 \xF7A#\x81\xAB�\x83j26\x94c\xCFLw;˩\xEEd\xCBɃ\xD8\xFA\xE4�\xE4\xF6�h=�\xBE�=\xFBjK6H\x89QQ\xA8\xED\x8EA�\xAB\xBF\xAF*\xC6%\xA7\xC1u\xE3\xF4\xA5h\xBD\xB2\x9B5Z\x90\xE3\xEC\xE2$
-~\x8B\xF5Dr\xE1\x99\xF5\xDF]\xBBl�.f> \xAB�\xCB\xE5\xC9Ă\x97DK&�\xAB\x9E�\xB9o\xE0\xF7\xF8\xA7}!)uc\x8CM\x80\xA3��\x94\xDA#&<��S\x97J\xCA\xEE\xE1\xC2b&:g#\x8Cͼᑥm\xE2�\x8F\x9B2\xF7\x96<\xB6
-Ü5�\xC7�+�I\xF6*�|\xCE\xFC\xAE\x92UZ\xADp_%6op\xF5\xC9_IO7;\x94C\xF4@\xA2\x99\x94人D at 2\xA1�B'\x85�\xF5��,0\x99\xE2nN�-\xD6k\x83S[7�p,s\xCD�>�\xAD�\xEB\xDD]\xE0\xDA�t\x81\xB6\x9F\xBE\xFF\xF2�M5���nڛē
-
-
-\xEChT?]\xD9\xC5+e at Ch@JH$��\xEA\xCF�&>2\xFDã°£\xAD Y\xFADXQ��Õ¾\x8Aȉ\xD5�\x8A\xC3\xD2\xE2\xA6\xC6\x+\xBF`2e�\xC9 \xB5^\xB4\xF4B|iCEÊ·\=�\xD9\xFC*7�\x8FCRL\x9E\xDCt�\x9Bx,�3\xB6J%A ~\x86\xD3`�\x90\xAE*w\x87Z\xFD.\xA8#W\xC8\xE1\x88\xEAS\x8B\x93\xC9*&\xD6LL~'\xD1;\xB6\x90M'&%�\xEA"�\xD7[*mo\xBA\xBF\xF4H^\xFA\x82 n�M6)\x95U\xAB\xAC\xA2W�Vg\xA7\xC4&x�K\xED{Ç\xBF]zÉ
-\xB9\xBA\x98X\xA3f\xDC<#�}\xF4Þœl:\�\xF6%\\xE1\xB7Ñ–\xD4\xF5<E\xF1�a\x9B\xFDE>WY\x8Ad\xF7�\x8C\xC2[\x8B\xA1\xDE
-\xE4�\xBA\�\x9CÚ9Ix\xFAI\xDEpÌš��\xE4\xB5B\xD4:\xB6�\x97\xB3\xEC�\xF4x\xC5\xDAQn\xB8\xCC\xC4/\x84�Âœ�\xF5\xDEw\x8A\xEB\xC2\\xD3���\xF9\xD0\xC8/\xE7:k\xF8TqjN\xC5\xEB\x93j\x85�㜸\\x97��\xB3\x86g\x9Bd8\xA4\xA4\x8E\x9AÚ’\xE3LZ\xBE\xC3�\x9D\xB8]\xE2ì´\xB6\xCF� T&\xAC\xEF66\xAA̽�*�|\xA50w\xAB
-v�\xEE�&\x8B\xAEl5fٚ�E�\xC9\xFF\xF4̹\xF1\x9D$�\w\xF1\xA3�O*9\xD1\xD4 \xC5\xFE\x96�\x9C\xD3'¤\x8EY\x85g\xF0P\xB1\xB0ё*3\x95\x88~\xAA
-Mpœ(i\xB9p\x97\xC2M\x9C;��U�k>$\xD7,>c\xA7\x88�a&�\xBC(\xF6B\x8E\x93,\x9Fe�\xA3\xDC
-\xFDG\xB1\xFD\x8FN\x9D;\xE38\xF1s\xF8\xA8\xEF\xE7�\x89\x911�\\xB0�Q\x93\xE2\xE6Zbgx\xC1qڟ\xA6�)1\xE2\xAD\xDBw!hK{\x85�\xD1h\xAD\xAF\�\xBE򖧢,\x88O\xC0�\xB0h|\xCE\xDE\xD8\xE9jn\x89�\x91\xA3#\xCD\xFA\xC54|\xD1Ӳq\xD4\xD1\xC1\xB9�\xF51\xB3G\x8F\xEF\xB6&d\xF0b<\xE0\xCBVO\xC7W��\xADR\x89<\xAD\xA6*\x9B\xB8!�\xF4\xF8P_1[�,\xB1\x8C\x90v�\xF7~\xCE� \x8A\xBEr\x8A\x80\xB9\xB3�\xB6f\xFA\xCE\xD26Ѕi\x84
-\x80\x83�C#\xC2u\x81\xC3\xE8\xF7Ê\xA2\x91i\x98��=\xD2L\\x99\xBC\xE6Õ\xD9�\xA2'\xAFÆ’\x95\xC2835P\x90\xF2�\xEEL\xB1\xC7S\xCC�\xCDQ\xFD\xED\x96\xD3r&�\x80�cÛ¶9\xB1&\xB6mÛ¶mÛ¶&\xFAbÛ¶m\xDB\xC9\xFE\xEF\xB0w[\xDB�\xD07]\xA7\xEA\xB4s\xD0\xE7 e\x88%\xD32�9\xA7b\xB2\xF8Ǧ+\xEE\xE4\xF23\xCE\xF8\xC5/�\xE5Ú¬�\xBF\xDB�\x8CS\xBE\\xE6D\xE9H\xB6�\xCE\xC7�hyv\xFF�9\x9E^\xB9\xFES\x94s9\xF5sꔜ\�\xCAP[ \xE3\xC7cƺ�\xEE\xC4J\xA1Cr\x89\x8A\xC2\xE9\xE5\xBBN,\xE0] 5\xFD\x85\x96 \xF8\xFE$\xDE8\x86�$\x8A\xF8윈Oݨ <\x98c�\xBD\xE5\xD9~J\xCA\xCA9\xA5\xF7\xCDh\xE7�S\x80i�\xC5\xDDbd%\xF7:�\xE3\xC8��d`�\x91K�\xEA\xDE\xD9\xDFd\x9Es%�\xAC\xE0\xCF�nLd\xE8\x8C\xF7\xD2v7\xA9
-\xFD\xBF'�\xBE\x8D-\xD8G\x9Fs\xB6Ö¶\x81
-4�8\xA7�4\xEE�\xB2G�\xE10>\xBEWlx{O.�.ʼn�6mD\xB8\x97ÚµQ\xA4]\xE4]\x8E.\x86\xD80k\x96�:3\xEA\x91M}\xFAf�\xB8\xE2H]*\x81\xD1|\xEF\xE2��|@\x85�\xD2\xEF\x87H�\x99\xC2Ö„\xA0\xC6;�\xBE�æ™\x9C\xE5\xE2\xC8Ñ¥\xB9\xCCx0\xBB\xB0W\xE4\xEE\xCE{\xDE�~
-\x83\xD0�\xF1\x8F2\xD7�"�\xCBO\xFFi"4�\xA7^\xA6"�\x88\xCB�o\xE5<ð�\xE1\xCF'\xB8\xE4[\xD3\xC4\xF5* w�X\xBC\x8F\xEA `؆�
-\xC5u\x8C\xD5״$\xA6�0o\xB1\x8D\x8D\x83\xA2\xE3� \xFFnlk\xC4=\xB3\xF7\x8F0\xFA@�T\xD3~"\xD3,\xE0\xE7\xDC\xF1O\xDE�\\xE0}\xFC\xBD mx�T\x8D\xC0\xC8�\xB2?+\x9F\xF0w��\xEDx\xAA�\xAC\xF2\x93�\xDEc\xC41\xA8�+E�\xE2yT;\xB0O��
-\x94\xBC\xB4\x84�Ì•4YHU\x90\x86\xDB\xEE:�\xC0\x92\xB46c\xA7\x9FL<\xF4w\xD0v�bif�\x94�\x94 \xE8A\xC61�`Ï”y\xFE\x96b�\x93\xE0Â…\x96��W\x83\xCC\xE0.\x9A\x9E\xEE\xFD\x98\xEC\xE3Ob\xE9Fv\xA9r\xFCh\x80\xD5\xCC��}\xA0\xA7��\xBE�FUSt\x8E\xFC\x{165DA3}\x8E\xC6\xDDA\xEF\xA5i\x92h\x90 \xD5j�=\xFA\xE8@\xC2\xC5\xF0\xC2\xC5\xFE\xB0\x95\xBCS�\xE1"\x9F\xCE\xEE�\xD3b\xB8\xAE�"\xFA\x9D\xE1\xC0T\xB0\xEEJ\x83\xF4\xFA\xEF\xEB&n\x8B\x99Ë‚'\xCA\xF8OI\xB5\xE9\x84o\x84\x9Cr\xC3\xEE\xE48й+\xF3u\xAFé¬\xA6\xCEuܬȔ
-\xA0A\x88�\xC4ÒŒS\x8F\x80w\xA23"c\xF6\xE8F\x91\xFEH\x99\xFFU\xAC\xFE\x9B�\x81\x80\xAAb;6\xFD�@>\x9C\xE3\x9E\xCA\xDF7�)Sz'\xCC\xE4\xADCs�"�O\xF5\xAB\x97$Ö‡��X\x9E|\xEA#ϳ݀\xB8\xAE3\xC9\xFE\xB8x0\xB1ݾ��\xC6@\xC1J&\xED\xE6\xD7jJ\xA8\xB5j\xC3[\xE4-\xD9L\x98N`\x9EF\x9Ax\xF3�MC\xDCÞ \x9B�\xB3R_\xD3f�\xB7\xE2\xE9\xDB\xDFV\xE7��v\xA1>  $\xE0d\xE3�<#OG1�\xDB¢F7\xFB\x99m@`\x81\x83\x93r\xBA\x94�\xAE\xBD�C><\xAA\x88F[\xB7\x8EI<.f$#�\xD0\xFC\xF5\x89F\xBC�\xFA\xF3\xD3Z���\x97z\xF0}�\x824JÚ‡�\xA9\x82\xADoI\x86�yj\xF8��[x�W\xFB\xEAJ\xA2r\xE9d\xAAM�.<T\xAC\xAC\x9A�\x96\xE2\xE0�\x98.LV\xD9\xD3\xD4��\xB8\xFB\x91�P\xB7\xEF\x8D\xEB\xC21\xCCf\xC2��\x9F@@\xAF1�yO~CnÅŸ�\xE6d\xE7n$\x81\xBB2\xE2\xE7
-J\x928�\xB1�\xFB\xFC\xD9M\x92\xE6\x94[\xBC\xAE\xC1'\xC1\x84SbS \x81_\xD6�È왕J�?"�h�\xA3E,o\xA5C_*\xA2\xB4h\x871\x98\xB7c\xEE\xDF�\xE7A\xF6\xF4�\x94\x93\x85\x97znS�\xBEe\xE8�\xC0\xDA�\xC9\xFD��\xAF\xB5\x86\xAB9z\xCF�\xB7}\xA5\x96h\x87h6��\xD1��h`\xDBV\\xC4\xE7g\xFEÜ\xE3\xF6\xE8Wi+�\xE6\xBFRF\xF6,\xCF*
-oM\xF9\xEDC\xBB\xBD\xC5\xEC�6j;�\xCD)\x9FD\x82\x813\xB4\xDB\xF6\xD6{\x9E<y3�*\xFC\xCA�\xE9u\x9EÓ°8Vë…\x9A\xF2\xD5\xE3Òž\x8F\xDD\xFC\xDB\xDDfX��s@#4\xE16`�H\xF9�\xB0\xE9\xC4 |8p\xD7- at u\x87A\xD3�\xE0\xD7;\xBF\xCC6\xB4\x86-]�e\xDB`\xAF&E\xE0M\xF4\xA6'\xE5\xE1\xFF\x95`Sm\xD5c\xDA\xC3\xF0GÇ \xBA�\xA4\x8D\xA3�\xAF\xA4G\xCD
-\xB8\xE2ư\x9F\xCB_\xAFh �j\x9F*5\xCE\xFE\xA4.D#g\xC3Q\x87w\xCF�E�\x9C�l,\x9B^B\x8A�Lg<�$\xBC]\xE0\xC2\xF1\xF5\xF8zG\xD6\xC0\xF9\x9A�>\xA3����\xE9\xA4+\xFF�\xD6�\xC1Hc4\xE0\x9DΒ\xBB KA(\x89\xD4\xCEH$<!%ȅ\xEB5
-\xAAÇ„\xF7\xD8\xD1
-\xFC}\xAB�\xD2@\xD5A\x9A\xEA\xEF\xDAX\xB2a\xD2
-\x98=�\x96\xFA�\x99\x88\xA9hi$Bn\xDB\xD5Yo\xCAc�FTN\x9F\xFB\xEC\xE8\xCD2\xF5ë”™\xDB\xF8\xE0\xA7{�\xA2I\xF0\xA7!U/M眼Դ\x8C\xC8Rg\xAA�\xDBOC\xBA2\xC8z\xA0\x96\xE6\xC5/\xF1\x8Avq\xFC0�kZ\xCE$\x91T.R\xA9fÇ\xD0\xEA\x83 @\xD1\xE7<<]�\xD3&w\x89X5�!}\xDC{�\xE9K"x�\xFC3\xDE�\xAA\xA0*"\xE0h\xD5\xD1\xE8c\xB7y=u\x8F�\xC4È‘\xF4\xA7�\xBB\x96\x85�\xD2\xCFع�U�I\xAD\x94B\xFB\xE9\xEB
-M�h\xDA\xFF\x84\xA4BMs�\xDF{\x80\xF0\xD5\xED,Ut\xCBm Y\xC5k\xA6X\x97|\x8E\xAA\x85\xD2�/M�\xBD�l=\xB8�0\xD3-R1\x88\xAF \x86\xF8\xD2"��Z�\xE4\xAC
-a\x9F�)\xF6\xFDk\xE3\xAE\xD6\xCA\xD8Ç¿E�\xB7\xE4Ó›\xB1mL-\x87\xF4\x8C
-�\xE9O\xCD!P\xD9Ag\x8DK\x89\xBB/'\xABF\xEC}�|\xAE`-J\xF3\x8B\xCC�O5�\xDB\xFE\xA6\x81U""\xD0Y\x8C
-f_iz\x8F�,\xA9\x94\x9B6]%�\xBC5\xA6\x90�D�\x96S\xEB:I\x99\x9B&zi\x8A\x85D\xA6>�Ɔ\xD1\xE5Ϩ\xD3})m\x8C�=Tm\xF1\x90�yD\xCA\xF67\xA9\xCF\xEEEx�\xD7$\x8E\xBE�\x976�\xEA\xF1U٪\xFB\xAE'��.\x95\xC1\xDB|uK�\x8Fu\xCB�\xA05y\xA2\xBCq\x9EY\xE0Έf'\xAB|~\xC1\xC5
-ްM\x9C6Q\xEF\xA5\xF9T\xFA\x8B\xADK\xB8\xAB\xFF*\xE8\x9E\xF8\x92\xAAq7 \xD8\xD8]\x97It\xA7$&p`I\xE7�\xA9\xC52\x89\xF5؃�j\xCF\xD5�\x9B\x93\xAA\xDD;$\xF9\x89\x92w\xDC�\xAE\#�諸,\xA9\xDDA\xD5�u͖[ˆ��\xC3\xDAy\x94a\x89@\xD4\xF0k\xD3q
-l\x8Bㄪi\xCA�È´8\xFC\xF811\x97z]S\x94y.Ó‰�\x8E\xA1ä™’KS\xA1\xD6ÃŽ\xAA]�\x88�\xD3\xFER�\L_A8D[8ÔWI\xB5�\xFA.\x80�Xm:;a�1i\x94D\xA1�r\x9C9?\xC3\xCD�\xC7y\xBFDc\x8C\xB5\xFCH\xCB\xFBE\xEDN `�\xAB\xC40\xABgP�\xB2x_\x97t\xA4\x8B�ò`$\x93�4\x99É�\xBF\xB6\xEC�\xCFB\x96\xCF\xF1\x97��\xBD \xC8O�[\xB1\x80%~@\xF3{P\xE6>5&�m7��B7,\x95"�~\xB3\xC87�\xB0\xED\xA1\xE8\xEB<\x8F]\x80Ö»\xF4Zz\xCB \xCB\xE6ꬼ.“\xFA\xB2\xFBc\xF1k\xE8w29\x85\xC9!�\xAEC\xB3h\x82\xF8ou\xD3TI\xCD�\x86Ö§g%72�b\xE6\x952\xE6+\x9A>J�\x8D\�\xB6\xA8�"f�#\xF4!}\x93me1\xEB�5\xC4-t\x92�d 8�\xCB�(\xC4^\xEC�mn-\xCAl��\xE4\x8E\xED�w\xAD5q\x9D1U>f\}\xB1\xE3\xB1-\x8D�\xFD\xB0�+\xF2\xDB"�@v\xC92TÆ«\xB9\xA5
-\xEC\xCE[ \xB6
-\xFF\xF8Vf\xC4X#\xDB;\xC17\xE5\x89��
-SCs\xECtL\xD1p|�\x86 _V\xE7u\xDEE\xAA\xA1\xF4x7?\x8E\xA0\xEBD\xE4Mv\x8EC\xDBp\x97\xE0\x9D\x8CC\x88~x\x9De\xC7\xE8� \xF1\x84E
-\xA9V\x9A\x87\xDB\xE9\xA5\xC0\xDCp\x8Cc1C xn\xCF\xDBpp\xD4n\xC6\xC0\x8C��:ݨ\xAC��}tS4\xCE�Õº\x8F\xB4\xD0\xFBK\xDC^\xC5�\xDDbh6\x98,\x95\xE1Nf\xCAm\xD7A\x98\xAA\x8A�\x9D\xB7\xD7é¶ �\x99\x82m\x83p\xDE\xC4\xC4%\xE5\x98swÃ\xD5\xF6�)
-5n
-V\xA8~vu\xB2H\xA7<mU�v\x80[�A\x84!\x91#%2\x8B�ä� \x83\xC1Ϭ�0\x95ұ�\xFF\xE1Q#\xE8\xDD\xF2F\x80~p\xFB\xF3\xC95�(\x94�si
-L\xF89\xD1�{\xFD\x9C\xCB�\xE5¦\xD1Mj]3\xFE� E\xC3\xFA\x8Bj\x81\x9F3\xFEd�>x\xE6\xF9p\xF0\x8Dms\xB9\xBF\xC3�\xC1\x92\xA3;>^t�\xF9\xF9�\x97�F�VN_�\xED!�\x96t\xEFY\x9A\xB0\xA0�\xF9\� \xFC\xB9�\x97\xA0h;\xB0�\x8F?;{\xED�.+\x90\xA2\xF6-�\xDFe�׽\xB4a\x85\xFAL�[{�\xAB-F\xB0f�W\x8F\xFE2\x9D'\xF9CQ\x94\xD85\xE1V:\xE1\xFE\xB6\xEE\x86�\xA5\x8F\xFD\xF7E��X�\xEE8/ \xE6\x88\xC2ؙ8Qo5\xF0~\x85z\x88.
-s\xA6H\xAFv\xDDS\xE2\xE2y\xF3\x92Ì’\xD2�\xC4�\xC5\xD8\xDE60\xDCtf\xED\xCC{\xB0\xA7�m\x8AÒ¸0\xDD�\xAB|bXA\xB9\xE1\xC5[\xE6͇\xC8\xDC:\xEE_\xDC�nt#\xAE\xE4I\xF7k\x8AÏ \x85\xE71+\xB8\x88\x89\xCF\xD3�"�\xEA\xDEK\xD6{\xD3\xDB/\x8B� \xA2\xFC\xED�\xA4rÊ…\xE8t\x81�h\xEC\xB99U\x88\xEE\x8Bt\x96T{\xB4S\xEF\x84\xF3o�\xB0 at .\xA6\x9C\xEE'`܃@\xC9\xF5\xA1&\x8E)\x9B@\xFC)\xAA*\xA2\\xE6\x92\xC6\w\xA5�+\xA6߉��\xD6[!\\xE0n\xB3�W\xBB\xF3\xCF�\xF2y"\xD7�\xC5U\xF9&\xA7x\xDEfq\xAEf\xD5\xF0 FU`g\xF5\xC2P�(T�\xED at 1\xE5o ^•P\xA3\xC0\xC04\xCC\xEC\xC8�,k\xCE\xD7�\xDAL\xBD\xF4�fB:6��\xD1䟨s\xE0\x8DÉ„61\x89\xC3\xFBy|\xAB\x8D<\xBA\x84�GC\xDDEƲ\x92]\xD8/ \xD6y\xE2��\xEB\x91Ò±\xAF\xA71*9�p\xE8ÞA\xE4\xCE\xCE�=\x83\x9D@\xCC'\xB0��\xD4q\xC1/\xE9�\xFB7#\xA8\xAEVvÝ™\xF3!NE\x90�\xBB\xA8\xE9'zÏ“S\x9F\xBCZÌ·la\x82��¦\xCB"BM\x91\xE2\xBER\x9AB\xB0\xE1\xCFIU\xB0�gf\xFD\x96\x8Dzð–��\xFCu\xF1?y\xEE%\x93\xC7a\xE0\xF2ik\xED�붤\xC7S|\x92�J\xA8\xCE\xFA]\xA3W\xB9\xE1\x97XQ�|/\xA8Q$��\xB7\xFFJ ua\xB1g\x83\xA2 \x96\xE5_\x83!\xE3=\xFCYG5\xBCJ\xBC\x86j\xC1q\x8C\xDAh\xE4&\xE0\xFF\xE2^L\xCA�:\xAElt\xAD\x9C1\x80\xE5\xCBm\xF9. +wv�\xA489\x8C{*�\xEE\xE7iMg\xEB �{.z%\xDE_+\x9B\xA17\xC1\x83�\xB9\xAB�\xB0,aWz\x89-\xAB\x91.\xDA\xF1\xC5.a.\xB9\xFC\x9AD6\xAA/\xCAJu\xED\xDE\xF9\xCC\xD3\xEE�p\xF1\x9DF\xC1�\x93\xC3(Ãh\xB8�\xE8\xA3�\xC3l\xB6�b\xF2�\xC6\xD9\xD2\xF9\x8C\x99\xE1\xAB\xCDU\xFE\xED\xF9\xE4E\xE1O\xC7iz\xC3\xD1�C\xB78=|\x93\x84\xFFP\x88�\xF2�\x8B\xD2\xED�Òµ�\xFEwR[2W\xEB\xDF\xF1Y\x86\xEEKyU<�\xB3\xC9\xCFx6\x9C\x80\xB4\x8Fá‰\x9D\xF9aÌ«\x96\xED/G\xBB\xFC\x9C�\x94\xFC\xC6\xE9s\xA1�\xD3\xE2/�\xF6\xECr\xF4d�\x87!\xA6�\xC1g+\xE6\xC3R\xD0\xF9=\xE0 1kj\x93d\x87_\x86\xA6K8\x!
A7\xB6Þ³\xC7��{\x94\x91Q[AÕ§\x8E�2\x87\xAF\xAF\x9E\xFCÔ®\x97nWÛµ`\xB2�\xCA\xFFÍŽ@\xC6~i\x92\xBC\xF7� s�^�Ã9\xC3\xF2<O!\xA0f$\xA3\xCBZB
-\x93Tm\xAAW\xE3�\xE5aC_\x9A\xEE3\x82Q\xF3\xEC\xFA2!\x9B\xEC�d\x8D�\x86\xB9\x8Cr\xEE\xC1\xDE��4y\xB0F4fz)\xA5\xC60\x81\xA6%\x9E\xAD<+\x90\xC8(\xB51=l\x91l\xD0N\xD0�d5|\xAD*\xBB\x9E�\x9D�\x81�h\xC8~\x89e\xA2r\xF2\x8B5\x81hH\x80v�Z\x86\xE5$\xF7��\xF0\xF0\xBB\xF4\xE7os���\xED0s\xBA\x90ӆ��\x97'r|.^\xAD~\x83\xEBc\xD2Z[�\xC7z�yc\xBD\x85'h\xF8\xDD�\xCC�m\x8D\xEC�\xA7Ȓ�d�\xCC
-u\xBE\xD7Nzq\xFB� d\xA4\xB1�z\xEF\xE5\xC0\xBF\xFF\x8A�t\xADLq�\xFF\x8Bž\xAE=W\x94\xA5I\x84/\xC6wh\xF1tr�\x84$ȧ\xA4ͪC\xEA�\xEC\xC4\xE7Ez\xCB�\xF8Ak\xE5\xB4Dt9\xEE\xE8\xA1|pA\xD6\xD0h�D\xC1\x9Es8\xBA�O7[\xB0(qլ((\xE9V��\xC6ff)i<\xA9�m\xB4\xB3\x86W<w V\xD8\xF9\x92\x86\xF9:Z\x9C\xC1!�;�T\xCDTb\xD6u<\xEB\xF4TY\৳�\xC9Z}\xD3\xF9M\xA1x\xBAz\xB7�>\xCAB\xB5Y\xA7h\xCDs5\x8Bv\xC3x'£\xE4�l\xD0\xF6\xE4\xFC\xD3jkIz�ٷbv
-\xE1I`As�[_\xB8\xEF
-\x83\xC4(}\xAE\x99\x98/\x97B\xC5�eUx :\xF0,�\xA6 \x8D-\x87\xBF\xF0P\x9D R^M\x95j�\x9C\xEC\xD8\xC4L\xD7\xF6\xB0\xC3\xECX <Ô¬\xBD\xB8.G\xB7e\xCEBs\xA1\xDD\xCF��\xF1�}\xFA55\x94\x92c0�\xF9u\xBD0G\xEE(OS\xE5n:�N\x88쯔W\xCAh�\\x86(\xA4f1\x9Fh\xCB>\xE4$?\xBE#"\x86\xD8P\xF0\x9F\xC4\xE3\xDCY�1\x8D��"\xB3\xCF?\x93M<Sv�\xFF/�\x8C\xA4\xF8\xCC_)>\xA1\xB62\xA2\xDE6\xEB\xAB3:j;\xAFT\x95k�\xA4�\xD1(C\xEFÐIW\x8B�/�\x98\xA3\xE5\x95-\x94\x90U\xE0O\xE4\x8A�\xB6$U\xAD^\x94\xC8Å¢'T\xF3\xEE\xC4=_ɱ\x88\xDD �F\xF1\xD6'Ò\x98\xBA\xDDF\xA2\x8EJ9u\W\xB5�:\xED\xCDnO�>Úq\xDA\xC7\xC4;\xD1\xFB(OA'\xA9\x8B3\xE8\xAC?�\xDFh Õ¬\xE1\x8F\xC6|\xF6\\xC7\xEA\x87A\xC3\xEC�TK\x87�\xA0X,\xE35\xA1Or\xF0�\xB9\xCB �0�\x8C�\xA4\xE5U\x9Bç€ %\xCE�\xA3\xC5\xFB�*��\x87�$�\xAAmظq�\xE7\x89s\xB2'E=/\xDC1J\x8B\xF1\xAB\xB9\xE1�7\xB3`\x92�$�z\x8C\x8E\x9A �^\xC6A*\x85\xA2\xDF�*\xC1\xDBy\x92��\xB2�\xA77d�\xE4ÏŸ-[m\x91\xBA\xD1\xEB\xAF\xE0r\xDBÞ˜;\xBB�\x99�{su\x8Ft\xA6>\xE7;qAs4\xF8,NÉ¢4n\xAC(\xBE\xB9\xD2}X\xA0<\x89\xB4\xB8\xD1v�5�t\xE2\xA2ļf:\xC5(\xF5#\xAC�+o��\xB5��\xF2\x9A
-}\xFA\xAFo\xF1O;xG\xD6y$\xF6\xEE%0���\xBC\x98���n\x84�x\xE7\xB2k\x90lÈ \x8AQ\xF1\xD2Z\xB3E\x92\�\x83\xCB!\x9E\xCAN\xAC at q\xF1\x99\xC9\xF1:7�"+ÅV\x9BÕ’�\xD1\xCFW\xC8"\xEA\x9ES\xC2�o\xBA�Q\xF5\xC2\xF5}_'\xDDÈ°\xE1o�\xB6\xEF>1\xF1o\x8Bfc(\xA0��B�\xFB\xF9oȾ\xAA\xFA\xC6/\xFF\xC9jp\xC7-t=\x9F at H�}\xA5\xD8�\xF4\xFBÓº"}�\x91�\xB91\xCD\xD5��O\x86Y\x9EudH\xE2\xEB\xB9\xE9\xA9�\xBE\xC43\xBCT\xEA\xABjì¿¢\xAF:!#g7\xF6{\xE1\S\xE2�\x8AS�\xA0 \xFE\xC2.\xE7\x8Aͧ&��\xE3z\xBFÕ®`/\xF7\xEE\xEFY0[;%\xB0\xFD\xD4�y�D\xABF}T\xB1i�\x84)È„c\xE2\xC5\xE8o\xF3v@\x8A\x88a\xA9h\xD21\xEDU+fa`\x83km~\x9BU\x98\xB0\xCBe�~\x97\xD4O\xAF\x95j\xAE�\x84�i\x9AD(\x98\xB0\xBE\xF9ak\x95 \xE0_�\xB0M9Q�\xFA�\x87\xA8]`�e\x82\xA4t�\xFE\xFD\xBA�\x86L*\xA1\xE2\xF3Ë”\xBE\x80
-pe8Yo\xFF\xD6̪\xEE@\xF98\xB3�\xAB.\xF7�\xE2 �־\xBE\x98P\xE8\xCA\xC7p4\x8E9a\xCD/!\xF5\x8E\xEDwZ+@\xD2O\x9A\xB7p\xB7J\xD3\xD2m\xEF�w]KE\xC8p\x9B\x9EN\x95\xA4Ci\x8A\xE1�\xBCL!\xD75\xF2\xE0�d
-\xED\xC2q\x87]\xCEt�D?�\xD2�S\xC25g\xB8�o\xE7��>ԥ\xE7\xC1I�\xD5\xEF`!
\x9F\xCC^�\x9A\x8F�\xE1
-\xF9\xD2#\xE8\xF3�B:\xA9\x91�\xEA\xDB;:\x97\xA0\xCC\xE22\x86�\xBE\xB3>\x96�\xC8#�\xA9u\xBC\x82!�\xC9\xF9\xF8f�]p\xEE\xAD�\xC4�\x96�\xC1[�o\xF219\x97\xA5b\xBD\xE2\xC9xQ\xD4ΞH:B\\xC3GMƷ\xF6�\xB35/\x82�)�\xA1ԩ\xE0�g\xBBg\xBC\xAB\x8B<\x90\x9C\x90LJD\xA7>\xA1?�\xBB\xA7\xFDe\xB3R[\xE2\xAA
-S\xEA\xF2\xA0U\xB5\xB0W\x8F\xA6+\xAD\xA8S\xD2\xC7p\xA7\x8D-\xFFDj�\xEB3\x8E�sne\xE96O\xBE\xCDlY\xA1\xB8;\xE3߿\xC7��5\xFA\x98\x9DL�\xFD:\xE0\xD10\x8A[5\xB4q��!\x8B:Ms<\x94\xFD\xF1ʒ\xBA?\xFA\x84 \xBB\xA3\xFEyQ|UL\xEB\xC1Ҏ~��w\x98\x99\xB3T\xB3��\xEE\x9C>l\xB8\x8Eq\xE8J\x99V[�5\xCAO\xA7\xD5X\xFC\x8A�\xA6x�:u\x89t\x89\xE5\xC6\xD5#;IITB\xC2!�\xF1\xE0\x95\xB6\xF5\xEAd��}T|K�ˮ
-\x9B\xDC�\xAB\xA8�\xD65"�sV\xDAGZ\xF2\xD7gk\xEF\xE1�.�W
-\xC8MB�U7{:\xE3K�I\xD0
-\x88\x9D\x97\x88w\x9B&(8ܓ\xE6\xBḎ\xF11\xD1�^گ\xC3\xE0r\xF0\xA30\xEB[kf\xF7\xD5*}\xB9\xDF@\x84\xC6\xE4\xF6}7Y\xC3\xEA\xA8\xC6z'\xB7Ke\xAA\xDB$ӲbI
-E\xD9#\xDF\xEF{\x86,\x92\xE6\xD5~ExT.!\xCC.�\xD1�\xB8qGh\xFD9p2\xC0@\xCA�p_\x8C^\x8A\xF2\xFB\xBB\xE2\xD1@\xC6\xEB\xF8\x81\xE6�n ^\xE3\xC2�͒\xBA\xF1�jQ�\x90�\x91\xE3j\xE9�\x9F\xB9�Ԥ\xED\xCCw�/\xAEx\xE1\x81\xFA\xC43@\x9D\x8EK\x8F\xD1\xE5=\xB5\x85T\xAF\xE0\x99\xAAF\xE3\x90\xF5\xCF'�\x8BJ.\xF4'\xA4w�\xA31\x92�\xF1\xFA�8\x8AC\xE5#\xF0\xF3Ԇ,\xE9x\x91\xEF6�\xD3\xC6/�Hi4\x92&\xD5M~\xFFh/\x88�G\xF0v\xEE\xA3�\xB1\x8D\xE22\x95\xF8\xC3:jp}\x90��\xA4gIp;p\x83R�M1\xB8\xC4\xDCo\xA1\
-rG\xFE at L�r\xEAjhx%8\x9F\xDA>l\xAB\xDD^=\xE9⪲
-F+\xA9d\x80\x86\xB5\x89\xBC\xBD\xBE�B\x90`o%冴r\x9E\xCA7.Յ\xFEӔ.\xD3\xC3O\xE7k\xC0\xEE�\xF6�H\xD0?\x9An\xFC\\xFBʗ\x96\xF2\xA6�\xFEI\xD8cl6�_\xE5�?2�aZ\xF2E\xF4\x87�C8\x9EF~\xD4\xE8�,Kz\x8Co\x8C\x87JO�*\xB7\xD2�\xC4h^�–R\x85{Q\xA0'!\xB2��\xB7\xA4\xE4\xF5\xEC\x89
-\xE1s(;\xCD9r�\xA3aC\xB6\xCA�`:\xF0Y�;\xDBQ\x99!\xBE\x814Ê—\x97�r\xCC|\xB8\x92\xA2\xCE��_\x94��\xE0v\xEE�\x89�\xD0�R\xEBX.\xFCfv\xDCd\xA29=\x82\xD0��]\xB7b>\xF9\xC6\xFF\xCC\xCE\xEB�'\xC3\xE8�\xA29"\xB6\x95\x86\xB3\xA1Õ—lS-\x86\xDCZAq\xAA\xEF\xD9\xD8�\xD5\xE8\xFAD \x9E\xD3�\x945\x8A\x95sA\x8E\xAA\xA4{ \x9E\xE7?\x98X{.\xFA:\x84b\xED�\xF2�\xB7\xEB\xD5\xCA\xDDEh\xE2.\xCD\xFAB_Ʋ\xC1\xE6S\xCB<hS\x86\x96\xE8\xF0\xA6\x82\xC5\xF3X0\xE1J\xF7\xA4\xE6o�H\xD6^'\x8B\xB9.W\x82\x85\xB6\x87{\xB6\xC9xl\x8B\x90\xB6g�\x9CJ\x84f\x9E\xB2Dí\xE2*\xD4p\xDE\xF5\x82\xDE3\xA23\xFF7v\x8D\xB8\x9C=�\xA1k\xD6\xE86z\xF8�+\xF2ᶑ\xFEh\xF3f� \x85Y>v\xE7\xF4]\xFE\x9F\xEA7X\xE0\x85\xD5Ò—�\xCE�\xA0U\xD5D\x90\x94�7\xA5O\xAA\x88\x9D\xC6r#\��\xBF\xBB\xF5e]\xA9\x90��\xF4w\xDE#��\xCA�q\xB0\x9FuM\xD9�\xFE\x9B�\x8A\xFC$\xD4\xCD\xC8ͨ\xAD\xCEÜ°\xE9\xB4=\x8D\x95�q\xF0#\xE7�g\xFE\xD5P\xE4\x8C�Ï´\xE1\xCF�\xFB\xF3jb2��\x8E\xFB\x87\xA4S�\xB0RY\xABÀ\x85rS\xF0\xFB\xC1\x9D2\xEF�\xFC\x91l\xE3\xEFPi5v\?%�\x95\x96\xEC|]\x87?j\xDFS\x9Aa\xF5\xE6\x85\xE0 \xB7�\x9F\xE2K\x8B�\xE2S7\xA7x\xD0h��\xEEt\xB2\xAD\xED\xEDX\xCC\xF7\xBB\xF8\xF1\xBDQ�YM\xB7\xF5\xC9\xDB*02\xF7\x97'(~@\xF7*�cx.ag$\xCC.6\xCA\xCE0~zG\xF3\xD3\xFEZ\xB2\xBFo\xADx\xE4\xB2&\xCBN\x89U]\x9CP\xC4Z/\xFA~Q\xB6\xCE\xF6\[\xD6�$\xF1�\xE3R[�\xF6é–’t\x97/�)$\xAFh\xB4<\xA4\x8Ec\xE9\xFD\xC3\xC4\xF0\xB19>Z|\xC9 \x88Þ¨\xACghH\x80\xF1j~\x85��\xEEç °Q\xCF�\x9Ad"\xC4�\xD9d\x9E>\xC9×¥�\x82\x96\xC9sJ�\xBF\xF6\xE3\xF45B\xED\xEC\xC0\xBDþD\xD1Y\xC1\xDF9TF\xDBi�\xF4\x85H\xBF=~�!\xB5\x94_\xA3\xFF\xD5hz \xDBé³\x81R\xC7=@��QXÚ›$\xF9Q�\x9F�2la\x8E(\xF0v\xBAQ\x84�]j\x8A\x8F\xD6-`\xEB\xC78\xF6J\x95\xA7\xE4.?N�*\xEAh \xE2\xDA2T \x891ß\x9A\x97\x8A�\xD8H\xB8Xi\xC5s\xE8G�\xF1\xDCH\xA4\xA4Ò»\xAC\xB2\xD82qT\xFFHj\xB8U\xB4�\x8F\xFAX>\xEDs\x8D\xFD\x92�jÊ–\xE5�\xA8*\xEC"\x89\xC2;Ft\xD2b[9S\x99\xF5mI�\x9D\xDFe
-�\xEA\xD9�\xA9\xEF\x95\xD7`\xB1\x96\xBC\xEC��\xAB�\xED���\x82�\xFA{}�X\xED�l\ER�\xAB\xEAb{E,\xEC\xEAl\xC1\xA8\x9E\xB6`\xCB eF\xF5\xCC\xD4\xF8\xDC�\x90\xA4\xF3\xBC ژ\xC2_�\x8B\xDA}L݇y\xFB�C\xF6��=z\xB4\xA9ů\x9E.\xC9\xD4Q;\xA8i\x9C\x84 6J\x86b<Y\xD4\xFEKKv�\x94x\x96\x95L@\xAA\x9EZ\xFE\xE4&$' \x8D\xF6\xE7�\x85
-\xFC\x91\x89\x92\xF0mHդ\xA9\xBC\\xB8n\xBF���r\xEC\xDBQw\x8D+\xF0\xB1e�^=vzP�\xA5\xCFr򘰸\xDF\xE8$
-\xFB\xDB\xCE \xB4*5R]\x8B\x8E\xC5�^�\xD8\xD5B\xB9*\xFA[wD\x84\xB6\xF9�\xD7W\xE0aͳ\xAEnNo<c\xC2Q\xDD�~\x8F;\x9E\x9D\x99>j�\x91\xFD\xCEn\xA4\x91M\xA9l"c\xCA9Ѷ\x9B|\xEE\xC4\xF3\xAF\x94\xED\xEDU}]\xEDb\xD0n�Ü®�Ñ„\xF4K\xA4\x89\xFE\xE4\xAF�\xB8\xA1�\xA7ÚŠ\xB1[\xC2\xE3\xCF�.\xE5\xF0\xA2X��\xD8m\x91yLp\xC5\xEC\x95\\x92ho�;\x8F\xB6\xD3�\xE8\xEFÙ±Zظ\xBF\x91+\xFF\xBC\xF7�\xA3Ì®\xCE2\x9D\xE9\x80_�z\xF1Ì·^��ioůW'<\xDFf(\xE0\xC2Ï›\xA1\x8B"Ç™\xB7\xC5\xF4%O\x99\xCE�r(�\xCAQzΩDP\xB1pH*�u`ب#_\xE7\xDF!�\xD7V\xEA\xB4P2\xE2\xFD/\x88|ð ‹„o�\xE7\x9A>\x93\xC7C\xFC�\xB1\xF0+5\xEB\xE3(w�8\xEB\xC9,4\xEB1\xD9|\x86U_5Y}6b\xEF\xFC\xA7a\x85�\xABJh\xDB\xE0\x92;\xEEd\xC1q\xA4\x9F�r(\xC2kVU\x98U\x94�UH3~�\xCC c�s_l\x8E+\xE4\xA8<L\xA6Oy\xA7ÞŸZ6\x8C�"\xE8s~f\xFBQ6\x83\x9B\x99J\xF7�W\xE3I\xF8\xB2\xF3`\xF89\x84Q3\xBCj9p\xAC\xF0<\xD0�\xB5\xF3\xA5\xCBb\xD6m–\xE0%��\xBBà p\xB8\xABC\x92\xF8|�' yܹ\xB7\xF1y�Y\xF0'\xB5� \x84ǶT\xF6�`\xC7\xF7\xF1\x93�\x8A\xCE- \x88J�\xA8\xFA7â\x9F\xF9\xBE\xC3�\xE7|\xEB\xB8R\x91l\xEDɧ\x9D\xA6}e\xDFz\xB2q\\x80w\x9EW:\xC4\xCA3\xE5\xD8,\x85�\xB8Ђ\xCF�!�\xD8Sɸf=\x9Bl\x8E\x83\xFB\x87\xFC)\xF8F\xB9H@\xCBd\x89P\xB5æŒ\xE5���\\xFE\x8F\xF2�Y\xC0�O\xE2)wK�\xEEÝ¡\x87\x81k\x9F\xAC4v
-1�#\xA3VGW\xF2\xBF\xA9H\xDAV\x89/\x8C\xB7\xD6�WL|V\xB3\xFF~\xE5P\x92*��� \xF3\xB30_\x9C\xB5\xF2\x8B\xC1â$\xD2D߷��\x93\xE38|6*\x96zL\x8FީV҄�\xF8\xB4�t\xAC\xE8
-\xEB\x92d\xA6\xD5\xF8m\xF6\xA8׊\xEF4\xA3aL\xE4O\xE7\xC8\xE4Wqn\x8C\xD1\xFA\xC3l\x85\xA6�\xFC\x87^Jh\x8A|�d\xE9\xC7��\xC8{* \x9B\x9C\x92\xB7X\xD3}\xF7^(\xE2!\xB2m
-\xBB\xB0f�p\xBEbD\xBA�i7n\xA9\x957\xB6\xB7ti\x9Ay\x82\x8BÅ„\xEF�Õi-\x9Ay\xE7�<á‹™\xE3\x9EG�\x8F\x942\x9A$M\x858\x86]\x8F\xE6\x9C�x�Ý™�+ì—ƒI\xC248 Ó‰N\x93[�e)N\x86\x8C\xE5E\xC2ñ\xB3^\x83\xB6e\x93D\xAB\x94\xE9�<\xD1N\xC0\xA9'\xFB\xF4\xE2\xE2\xEE�K\xD2\xEB/\xFB@Þš\xC4 \xA6\x94\x86Eo\xEE��<\xA1R�\xA0�\xF3'\xCDI \xEB\xF7\x84\xF7\x9C�C$K\xDBZO<Ò¶\x9A\xDFh\xBB\x86\xA9�!\xF2W��#\xB0X�5k``D¶\xE50\xD2v�U\xEA\xAC\xFD�\x94!�\xECQ\x8E\xA8ҟ먒\xC3� =\xBC\x8C\x99\xAA��Y\xB09\xAD\xF6\xC6�\xACC�\xB6\xA1\x99\x93G;\x9Dh\xE4zG(\x9AÕ®�z\x8A\xC4�~\x9B\xBB\x910\xEA4]\x83\xEF�\xD4H�E&2n\x9Aj\xDB_\xD0\xE0\xEF\xE6 |\xE2)\xEC\xC9\xD87\xC2[Û\x96\xE6]\x80D\xD9\xE0vBB\xADG\x8B\xD1lp=\xC2\xC5\xCE×¼\xC6.\xEE\xA3 \xA4�\xA2\x8C\xEF<\xA4\xEED\xFC\xC0|\xAEM�R\xAB\xEF)c\xAD\xB4\x9E\xD6X\x9AodÍ\xF9\x9D'\x86$6m\xF0F\xBA\xF8:\x92\x90\xABщc \xDC\xD3 \xFA\x80\xB3<e\xED�9\x9A%\xC7�X\xFD\x8B\x9A\x85\x98^M�\xFA\xB9\xEDbD�/\xACx\x84\xEC}��rSX\x99B�\xE4.\x81ع]\xAA\xFB\x83w\x8F\x8F\xB8(\xDC=%\xBC�Æ�^+~Hб�O\xC1*\xBA�r�\xE4]n`L�\x81\xA7\xB5>\xFF�hK9\x90\xF5\xB07V?
-P\xD4�3��)l�m\x8C;\x9C\xB8�\x97\xFC\x935|\x97\xEE�\x94+\xC0��T\xC5v\x89\xBC\xD4_\xF2F^�\x9Bb��Q\xE3LT?yÇ¥\xF0b\xB2\xE8�ew\xEFA\xA9 !\xC5dY\xF2�]m��\xDD��\xCF\xC8\xCD[\x9FC9\xC9v%?�\xD38| 5�h ç´¯\xBE�\xB1\xDB�\xD8�!Vu9=ziS�\xDD�\xA6\xC0\xEE.Y\xCAt�rg\xA4E\xE6\x93M\x80\x946lA\xABX9\xB7\xCD]\xFF;\xCF\xFF\x85ily@\xB1\xDDr��W\x91Ä�\x96q�\xB1\xE9�i\xBD\x90\x82\xCD)踂\xB0\xF3zg\xF9\x8F\xD3Rb\x98È©\xF34"\xF1\xAE, \xBAÞ¶_\xD6��Ä·\xFA\x93b\xB5\xF3\x98\xA1l\xF2UÉv\xB21\x82\xE5M)K(\xA7\xD3C\x8C\x84Y\xC0Ö²E\xA4�$\xAE�\x93V�n.\x9F\x85d\xECV[\x8F\xD2ïƒ Æ¹Gs
-\\xB0l{\x88<\xAD\xFB$\\xDB5�\x95/\x97\xBB�\xEC�\x85\xF1VT~B \x8C-\xCDPÕ¨\xC1\xAA\x95��\xA4;\xE7\xEC\x89R\xBD�\x91\x80\xF3\xCA6Ç›f�\x9F\xA9\xE9\_\x96\xFA\x98\xC7k\xE8~/\xF4\xED\xBCÜ\xF2\xCC\xF58\xFABÇ—^\xFDØ€�\x81�PQ\xA5�\xB3\xDB\xFA\x90C\xDAs\xDF��(��e\x96\xB2$��\x87\xB2\x8BZo\x8F\xEA/\x92G\x81\xB9!\x85Þ�\x96*\xFB\x910\xEB\x8CH\xA6l\x82\xCB,\xB7\xEE�\xABU�toÐp�\x81i\xD8
-�\xB8\xE9:�P\x97\xEC���\xAA|T0\xBC\xFB\x95\xA8\xC1�.I\x99>\x8Dq�\xDD\xE4\xAC�\x88 \xB7\x93*\xF4\xD7p\xED\xFB�� \xD7�\xE4\xA3 \x9E\x8B0\x98?R�\xF11B\xC0>\x83Iҽ\xD0\xC7l\xE0M7\xFA\x98 V�\xFF1_I\xA9S\x9C�
- *\xEE\xC6\xFFL^\xC8�\xAEp\xB5\xE7\xF2\xD9�\xBE\xFAK�&pNM\x8F\x95\xBBh0JP\xD2\xD7H\x95B\xF9\xF6)\xBBE|\xD9q�\xB1P0\x828\xABz\xE1j\xAD\xF6!\x80���\xEFφ�\xD6x\xC2ST]R\xE7\x91R�\xC7Bh\x85ÙŠ\xF8\x8C\xA7͹\xBFh\x91z\x99\x9A-�B\xB7g\xA5\xE8hh\x8A\x87\xFA\xA9[*�-\xF6\x9DW\xBF�\xDDk\x99\xEAFÍi�\x99�?Dvr_\xB4�\xA0�ÖŠ,]%&��z\xB4\xB5\xADb
-\x9A�}!4E.O\xC8꺟\xBF\x90\xAEa(th$\xB3\xA3\xB4�'u�O\xBAc\x9F\x8C)�\xD3k\xBB\xF3o\xB8.(6��\xF4\xE3z\xB5\xD2N+O\x87\xA0�\x91(\xCB4$u\xD7P�jzJ\x9FR\xAE\xA8.\xF7\xC1\x84�=\xDE\xD6 v\xD7�?\xFAF1\xCE�\x8Ai*B\x93\x99FT,�\xB1K\xB8楱\xD2_\x99Hf73\xEB�#I|\x92W\xAB\xCCΧ\x81\xDB}�\x86,ʃ.\x8E\x95\x84\xA2\xA4\xF2�\xB7\xF4\xB3\xE9\xB21\xEBӒ\xE8\x97\xC7\xF9/\x8D VT2\xD7Y
-J\xAB\x841\xA8\x94t\xB2\xF2��\x9A\xD5d}\x99\xC0\xDE\xF5mu\xAA\xEAz\xEC\xA5j\xD7L\xDB"`\x93\xB9\xFA,ܟ\xFE8\xF9_*\x91\xE4m"!\xE9�\xDB\xD6R1G,�U\xC3\xE4\xD3\xF1\xF3\xEE\xA7e\xFA4\xF3l *\xB6\xF9.\xA1\x9E\xF0\x93\xDD\xCB\xE8)\xC7l\x8F(X1\xCAVX\xC3�\xCE\xD4�\xCA\xED \xD6whL\xA4\xEC�\xAE at 9��a�h\x8E\xE0\xF4 ?\xD6t\xDF8�\x93\xD2\xF4Un>�6\xFE\xFB\xAF\x8Ar�\xB2\xB28\\xA4!\xF5\x86o\xA7\x89^\xCE\xF2\xDFu��ZC�\x92\xF9\x94\xAA�\x94D\xE8I\xF6\x81�\xF9\xE9\xFD�\x83\xC0pu\xD5?\xD5mg\xCB�\xADͨ\xBA\x8B\xDEC\x82\xACڒ\xD1\xFBJ\x9E\xF4�E\x94n\x87 \x94\x93%F7\xFF8\xC9\xD4�w*J!\xD4I�4-w\xA0x�\xD3�\x87�\x8232\x82F\xB7\xD3\xE3�P>\x9B\xC1\xFD�\xD4g\xF1\xAAc\xA0\xCE5\xF5V\xD3�\xA4\xF6\xFB4+˙@%;\x94p\xC5V_\xA6\x98\xE3�\xFB4ɔ66�`%9etIh\xD3�i\xE3\x9AO\x83;\x8A\x95\xB9O\x!
DF;d\xCEOY\x85݆\xD4˪r\xFF\xF0g֊\xFA]�k\xA8\xF0\x96\xD7\xE4\x8F \xCC\xE6\xE8\x9A\xD5�s\xDC\xEF&\xC2�ѩ\xAF\xA4\x94\x8D:\x80\x971\xB5\x9B\xE6\xBD\xDFÜ\xBBM\xE3e\xB4͎\xB32�\xAE\xCDrtj�9��\xC5Z\xEC\xEC\x86�̖\xBF\x80\x83\xA8\xC1I�\xD22\xFC;^\xE9\x97:\x84\xAA܉\x83\x90\xE8\xBBr[{sŞ�\xED"\xDC�q\xE1c\x91Ҷ\xFE�\xDEb.,\x93ŋ\xD1\xF2m\xF7\x85a\xFF\xC3N\x94\x88\x9Ej�,?w&�+\xE7\xCAo\xD8`Q�\xDCڊ\xA5\xE3\xFCh*\xEBs8\xB7 F\xD5\xFC\xA3n�\xB0\x82)\x95ŷ\xF0\x8D�\xCB�\xA1xY\xE0;\xE9\xCAy%\x9F��\xF5\xAC\xD9\xC0\x95MmR�'\xA1<\xB2\xD1^\x88V\xA8\xDF<\xB4�PK\x8EvKl\xF4\xBD\xDA\xF3\xCEв\xDF���\xBF`\x8E|\xD9?\xB1\xCC-\xCA at H\x86\x9D\xADO.�o\xFChr
-\x87)\xCD�1p\x92}l\x8B\xC8٤\xFB\xA8\xAF\x9A\xF01\xF4nQ�\x93\xD6\xFC:\x94\x83\x91�96\xEA\xEC(\x85+\xF5\x83<\x934\xC37Q|\xFF�F�1��\xB0\xB2\xA8\xFC\xF1#\\xF5l1\xEF�,\xE4\xDD?7\xC2e\xEC7\xAE\x8C\xBDn�\xD8<Ʉ�3\xC4ӛrhNBR\xF2\xC2\xD1C
-�^[\xDC\xC0\x9D!ĊxMcOݗ\xD9PFt�>l\xBF\x81\x8D\x8BJ�F\xA2\x87\xDF\xC2\xF6\xF0�1\x92\xA3\x86\xB0\xE5\xEFxD\xD1��v h\xC7\xDA
-\xA5\xE5\xE3\x97r\xA2f\x8DY\x97\xF2�U\xB7zif\xC1U\xC6z*JfU\xA4\xCBÞ \xBD��\xFD\xE4|\xFF:\xD0(\x81Pk<�\x92\xA5�W\xDD�\xECo*\xC1]\xF6\x85\x90gP\xB3\x8A\xFE,\xDAFj\xEE\xB6%\x99;ɘ\xB9\xE19L9.D\x8D\x9C\xC7Ǧ\xDD at sO\xB5h\xF2Ú³B\xE3t�\xD1s\xD2�~\x88\xAE\x9B\xD7)-\xC9A \xAA\x90×Z\xD8kfbTf\xF0N\x9A\x8F�\x9A\xF6VU\xC7\xE5\xF8\xEE�\xC6�\xE8&�ܼ+0\x99\x8E#\xF5\xB18�h\xE5�\xCC�\xF1\xC9\xF0\xA8}\xEAe\xEDa\xACN\x85I\xFB{� \x98\xEF�\xC2Ο&v\xCAÈ\xEB:s]>\xB0W\x8Aë‚ W�\xA0\xB71\xAE�$�&-/~\xE6.`\xC9.m6�$\xFB�Ų\xFC�I\xC0\x89Ú¤��5ut\xFD�\x8F\xB3 \xCA\xE4\xC7S�m�\xE9W X` \xA0\xCDF��\xDBm
-@\xA2\xF1\xD0��\xA2\xA5\xEAf3\xAD\x99\xD4C\xBF\xC1F\xD5\xC6"\x9Cؙ\xBB\xE1䦳(5I\xB8/L\xBD\x92\x9D\xA1Y\xB2\xEC\xF1\xD3Q#�\x94\xFD\x86Yh\x8Eu}T\xA4\xA4\xBC?\xB9N/\xD6�\x8Bc\xA0\x8F\xBF5Ll�0\xA1\xCB>\x82w\xB8\xEC\xDBl\xAD\p\xD3;�jC\xA9\xFCr�\xBB-J\xDDW\xBF\xB6\xD9\xE5\xA0m\xDC1&�\xCA\xEE\xAD\xF24WÒY�\xB5+\xC4\xFC#-�\xBD��\xE9�\x90"\x94\xA5{u\x9Eo�\x91\xCA\xEB\xE6S\xFD˕@\x92\xD4=\x{158F7D}\x8E3³�\xCE\xD8}Vs\x92:�\xC1 �\xFA\x93摫\xA3\xBB{g�\x88\xF3#\xD1q\xF6\xFAb\x826�+7\xEE\x9Fw&\x8D\x8EX\xD9\xFF�y\xA87\xEDp\xFD\x84\xAC\xF3\xF3\x8B�\x83\xB1w\xE9\xCD\xE3CN(\xB3\xB9�9\xE3啦�\xB0\xECX";\xA5\x87\xFC\xCC\xF8f\xADg\xDCG\xC0\xD6]S\x97\xEA\xA3f\xE7\xF9\xB9\x94\xE5�I|�Fys\xB1�f\xE8\xC7\xF8\xFD8A\x9CF\xE6\xF5ی.W\xBFH\xF8,\xCCFF\xD9Qѹ,P�\x9F\xE5\xED�\xA0F"O��\xADr\x8C\4n�\x9Aў3"V�\xC25\xB0\xCAp\xF8-f\xA5\x9As
-\xC7�Г�\x9D\xF6\xDEV�M\xFDͲ:\x93��\xAE\xB3m\x9B\xD3WB\xD6\xFE\xFC/\x81\xF9\xC1\xFF \x81\xB1\x8D\xA9\xA1\x93\x8B\xBD\xAD\xA1\x935\xCC\xFF \xDC2�Iendstream
-endobj
-961 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 2
-/LastChar 216
-/Widths 2753 0 R
-/BaseFont /XZMMFL+URWPalladioL-Roma
-/FontDescriptor 959 0 R
->> endobj
-959 0 obj <<
-/Ascent 715
-/CapHeight 680
-/Descent -282
-/FontName /XZMMFL+URWPalladioL-Roma
-/ItalicAngle 0
-/StemV 84
-/XHeight 469
-/FontBBox [-166 -283 1021 943]
-/Flags 4
-/CharSet (/fi/fl/exclam/numbersign/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/bracketright/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/circumflex/quotedblleft/quotedblright/endash/emdash/Oslash)
-/FontFile 960 0 R
->> endobj
-2753 0 obj
-[605 608 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 0 500 500 840 0 278 333 333 389 606 250 333 250 606 500 500 500 500 500 500 500 500 500 500 250 250 0 606 0 444 747 778 611 709 774 611 556 763 832 337 333 726 611 946 831 786 604 786 668 525 613 778 722 1000 667 667 667 333 0 333 0 0 278 500 553 444 611 479 333 556 582 291 234 556 291 883 582 546 601 560 395 424 326 603 565 834 516 556 500 0 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 0 0 500 500 0 500 1000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 833 ]
-endobj
-937 0 obj <<
-/Length1 1614
-/Length2 24903
-/Length3 532
-/Length 25789
-/Filter /FlateDecode
->>
-stream
-xڬzcte߳ml\xDBN:\xB6\x93\x8Em\xDB\xF6\x89m\xDBN:\xB6m۶\x8D\x8E\xD9q^\xFF\xFEWo\xDC\xF7>\xBDw?\xEC1\xF6\xAA\xAA5kV\xCDZk\x9C3\xC6&'VP\xA6�4��\x99\x8A�\xEC\x9C\xE9\x98\xE8�\xB9\x89T\x95\xD4��ml�M,�2tB ��\xA2\xBFf6�rraGSCgK\x80\x9D\x88\xA1\xB3)7\x91\xBA\xA9 \x91\x88\xA91�33������9\x910\xC0\xDE\xC3\xD1\xD2\xDC™\x88\xF2/��
-
-\xEDY\xFE !2\xF2\xF8�\xCFßN\x96\xE6vD�_\Mm \xF6\xB6\xA6v\xCE!\xFE\x9F7*\x9B\x9A�9[\x98�\x99YÚ˜� \xCB+hJʉ�Q\x8AË©�\x89\x9BÚ™:�\xDA�)\xB8�\xD9X��\xC9X�\x9B\xDA9\x99R�\x99��\x89l\xFEmAd�\xB03\xB1\xFC\xA74'\xFA\xBFX\x82ND\x86DN\xF6\xA6Æ–\xB7\x99\xBA�\x9B\xDA\xFF\xE3\xA2%\xB27u\xB4\xB5tr\xFA\xFBNd\xE9Dd\xEEhh\xE7\xFC\xB7�\xCE "K;c��\x93�\xFC\xB5\x9B�\xFEE\xC8\xDE�\xF07\xC2\xF6\xAF\xEF/\x98�\xC0\xC9\xD9\xC9\xD8\xD1\xD2Þ™\xE8oV��\xB1\xE3\xE9la\xE8\xFCOn'Ë¿n"\x80\xD9\xDFH�\x80\xB1\xCB?%\xFD\xCB\xF7�\xE6\xAF\xD7\xD9\xD0\xD2Ή\xC8\xD9\xD4\xDD\xF9\x9F\F\xA6D&\x96N\xF66\x86�s\xFF�\xB3w\xB4\xFC�
-�'K;\xF3\xFFb at K\xE4hjn\xE8hbc\xEA\xE4\xF4�\xE6/\xF6?\xDD\xF9\xAF:\x89\xFE\xB7\xEA
-\xED\xEDm<\xFE\xB5�\xF0\xAF\xA8\xFF\xE4`\xE9\xECdjcF�\xC3\xC4\xFC7\xA7\xB1\xF3\xDF\xDC\xE6\x96v0�\xFF\x8C\x8A\xA4\x9D�\x80\x88\x89\xF1\xDF\xEC&.\xF6\xFF\xE1s5u\xFCW\x83(\xFF\x99�\xAA\xBF$�M v6�D&\xA6f0�r \xE7\xBF)\x89(\xFF\xDFT\xA6\xFF\x9F�\xF9@\xE2\xFF�\x81\xFFG\xE4\xFD\xFF�\xF7\xBFk\xF4\xBF�\xE2\xFF\xDF\xF3\xFCß¡\xC5\ll\xE4�mM\xFF\xB5\x89\xE8?\xEE�"�\xA2.\x99\xFF#\xD8\xD0\xD6\xD2\xC6\xE3\xFF�\xFE\xDF#\xD5M\xFF\x8D\xE3\xFF
-E\xD2\xD9\xF0o#�\xED\xCC\xFF\x8A\xC1H\xCF\xF8oFK'1KwS��Kgc�"3C\x9B\xBF]\xFA\x97]\xD5\xCE\xC4\xD4\xD1\xC6\xD2\xCE\xF4\xAF\x9A\xFFj$���#\xE3\xF3\xA9XX�[\xDB\xFD\xD3v\xB6s\x99ڙ\xFCw\xEA�\xFA�q�aUqM 1\x9A\xFF\xF3F\xFDW\x9C\xC2_\xE5\x9DU<\xEC\xFFR\xFB\xF7Jd�&\xFF\xB9\xF8�EH�\xE0N\xE4E\xC7\xC4\xC6LD\xC7\xC2\xC8\xF4\xF7\xC0\xFD\xE5\xC3\xC5\xC2\xE6\xF3\xC9\xF8/ \xA6\xFFZ\xCB�:;Z\xBA�i\xFF-\xFB\xEF\xCE\x8A\xFF\xF7\xE7\xBFV\xBA\xFF
-F\xD4\xCE�`\xF2Ϭ(;�ڙ\xFC�\xAF\xFF4\xFC\xE36vqt\xFC\xAB\xEA\xBFN\xFCߢ\xFFc\xFD\xAFA75u75\x86Y_��\xF3�[\xA5ge8\xD7a\xE6\x8EL\x89h�\xF41\x81\x8E\x84ؗ6\xAA��\xF8\xD7!
z\xFD\xD2\xC3\xF7\xB8*
->jC\xE8\x9Bf\xB8\xBF\xDA=\x96\xDB�IQ�\x8F\xF5a\xD8\xFC\xE8M5\xBD\xCE\xC7\xF3!\xA5\xEA/@ަ\xE8\xE4\xA09�d\xD0+\x85ϸP\x8F\xF6\xBAY\x92\xD9�\xD3bgT;ޟRT\xD2+\xF9\x80\xC0\x9F\xE9dq\x84\xBA\xF9C\xE5O\xEAZ\xE0\x8FF\xF6l\x8F\xE0k\x9C\xD6�\x87ޅ\xD4�\x84RW\xF8\xFB\x82"\xE9\xEC\xCF\xF3\x8F\xA1\xF1ё\xE1\xDE;\xF0\xFE#\\x9A\x9C8hr�W0x\x8A(\x87�\~-\xD5
-Ѫ&�\xF0\xEB\xF6\xDC(�\xDE\xC3\xC7�\x91\x9C\xE5R�My\xFB\xA9i\xAFMH>c\xB8\xA4b�q\x9B\x8Bbg\xDC\xEB㤸�>\xB7�+Z\xB5\x8B�\xA5�{\xFC\x8Bq=v\xBE�\xAD\x99\xABO\xBC\x97\xAB\xD1��)X!\xED\xC1/$ä\xB1)$\xA7\xC1\xD8^\x91w?\xED�\xA6\x91\xF9]\x80\xA7\x93X.2)\xA7\xA9�\xCAer[\xA4 .\xA9\xBB\xB9\x99�\xA0;\xFE\xC4�\xFDI\x89\x8EB\xC3�A\xA6\xB8\xAF\xBB\xE0\xD0a\xC1\xF4Þ®|\xFB\xB3 �5�\xEF8s\xEAÓ†� ~\xD02V1z\x9D\xB64l�\xA7\xD4U=\xBE�\xB4<:\xA4\xAFcg\xB0\x9B\x9B\xEC\xB0D\x83��\xBDI\xBF8\xC2N\xEB\xF9\xB3l��\x97y\x96^\x9Bo�Q\x8E\xA1R]WC\xC1\xA4\x9Ch4\xC43Ldk\xD3\xCAi^\x9F\xB3\xFB
-"\x9F\xCD\xEB\xE3�-\xF6 .T�\xDE;�\x94\xCF\xE8*Y�p\xA7\xAB\xA9\xA0\x8B\xD5\xC0K\xC0k"��!\x9C\xD1E\xBE[O\x8F���\x9EKA3\xE6�Tv7\x89.ѧ��\xFC\x99"\x8D\xC7�S"V\x99bI\xC6@�Ζӧ \xEAA\x9EAj\x8D܃\xBCDP\xE4\x901\xBB!\xF2p��\x98\xD1_;\x85q\xDEȰ�ŌW�\xA0E\xBCk\x91\x87\xEC\xE6\xEAA\xA4(=$dd$�p\xB9p\xC5\xE5=q�d\xDC@\xC3f\xE7\xDB%�\x83�Jɗ\x8D,Jj\xBA<WO\xC4+\x91\xAB7\xDE2Tm\xB4\xC4\x{1BEDE9}\xA7\xBBަ\xA7\xAC\x92��n?~֘\xE8,\xB8<\x94\xED\x88T\xCC/
-\xA4{\xD9,\xEAwb1Q*\xAEi�<�~�\xD8 \xB6\xB6s\xF1�{\xFA\xB5\xC7\xF3\x9E\xB1\xF5�Æš\xF7\xEB\x8Dզã\xBD\xD5�\xDBݕУ\xA9\xB0��� \xA3 \xEC�/\x8D\xDD\xFB\xA3*H\xF5�\xF7�\xEC�Ó±Ö’cP\x95\x82Z85Ð\xB9KB\xC2
-3�\xB6ʒ\xE7�p\xA5V<\xC1\xBB1JE\x991\x8D(��.
-Z\xE9��5>\x97{\xB0\xE06']\xDD\xE7\xD2\xFD�i\xD4n\xCC\xD4p=\xE6\x88u\x98\x85\xEEF'\x90v\xF9\xA5\xECJS�\xBD\xA3+J\x85\xBD�\x86\xED\x8DV\x86q\x92�g\xE2:Vt\xD7Cy\xF2>\xBD\xE2\xB6Ä‘\xF3+\xB5\xDC\xFD\xAA\xDC�\x91Ü”\xB5D�\xD8[\xEC\xD6\xD8\xD3"t�i\xFFbU-bqbÉ`���\xA8\xC0\xDE{\x9C\xA9P\xACp\xFB1\xEE~sl\x80\xCCm\xC4dP\xE3\xF3\x8D{a!V\xEE'\xD2a\x98\xBA{{^Q\x89\xC8\xCF\xFA\x9B\xBC<\xB2Ka\x87��E|:Ò—\x81\xE6�=E\xA4M�\x95\x9A'Wl~(ب�\xE2\xFC�m\xF9\x82\xA3E\xBF\xFB\x98\xC8\xC5Âœ\x89\x938ub\xB0\x86\xC9\xF0\xE2%C\xE4%�\xBBxz\xAA\xC0\xB8\xC8\xFBj\xA7\x8D\xA2.\xB2_�×µ'�Ô–#m\x{1D7140}\x8DGQ3ή\x89\x9B\xD5yW\x85\xAD"\xAA\xD1i�\xE2.m\xA6\xAD\xC0\xB3솴=\xA0\xD21
- (g\xA4�Q5C\xFB{\x9E\xD2f[\xF3\xC1١�\xE4�=\x82C\xE9\xAA]\xC9�\xEE�\x95.�\xD2�f\x9B\xDE%tP7\x96\xF9z;7�d\x84\xD4\xE4r&\xF6\xBD\xA2\xD3i\x82R\xEA}b\xD5�%\غ\x9D\xB2c\xB1\xE2
-\xE1\xEA¡ט\xDEO\xBFU\xE6ݥ\x9A\xD1<\xD1m\xCBs]�T\xAD�\x90+\xA4O\x98\xB61\xB8\xB6\x8D\xF0\xE6�\xE6�#\xB6V0\x90B\xF8k\xC5\xF8\x8B\x87\xD9ԕ\xBA]ֲ$\xF2}\x8BZZ\x96�$�\xEBe1�\xAF\xA5P\xAC\xC9}�\xE9\xEEj\xC0(�R\x8E\x9B\xA1\xDBDZ\xF94�P\x99
-bw\xD74\xAAe\xDC\xEAI\x99A\xA0�\xBFR\xF1\x8C24\xA7i��҃o\x95\xE67\x85j,;\xD9:\x8Cq\xAB\xFA\xD1N\xE8H\xE5\xCA\xD3BuN\xED|\xDA\xCC
-6q!#z~`i# VE\xF4�yA
-\xE3
-5?�ąJ\x89\xA1?\x91\x96x\xB0\x8A:p�\xB4x\xEE@\x9F\xCB*\xA3W�\x83\xF5NQ\x8A\xC3�\xF3m\x83�\xCB@���bق\xC4\xDB6=_\xEFc\xA8Ũ\x81\xFC\xD0I�\xFBVs/D\x96)h=[\xBF\xB0J\x9B\xD4\xF0V]\xE8B\xA8\xF6K�6J\x89\xF4\xCD�\xEE=\xAE\xB55\xF0\xE7"YAr1\xE4\x8Fc\xB6�\xF4\xA2.\x8D\xE91\xC4\xE9\xC0y\xB2\x86_Õ-\xFF)\xA5\xBA*\x99�\xEFH\xA0\x80Ұ@\xBF�\xBF\xDF\xE5|�\x8F\xC71Ss\xFC\xEE\xF3FXF\xA2\xD9B\xA4�\xFE\x8E�0\xB6m粿�R�\x82\x9EP\xEF[#@U4K�\xA3\xBB\xE5\xED8c¨t\x81\xDC\xD9\xC7Um\xCC�\x83�z\x91H\xCCk\xCB�Kٜ\xA8\xC8\xCFC\x97ݜ\xCF\xC8c\xED�\xA4�\x9A\xF6\x8B\x9B\xEA \xD6�\xA82f}\xC4O\xC7l\xCC\xD25" C\x81ff\xCA\xCA\xD9\xF9c\xDB{\x8C6Ķ7��\xEC\xC2h|\xC7*M�\xB2\xD7\xEE\x83gO�\xB8ốب\x88\x90\xE2��\xC7�5Ó\xA8��\xD2�\xC3B\xE4\xE9\xFDg�QNS\xA4Nc-a�A�\xC6\xD7��\xEF I?\xAC\xEDG\xA5(\xBBV�\xF3\xB2r\xE0> \x8FP\xFE\xA0\xF9[m=\xC3�\x90���4\xCA \xB4\xA5\xF3\xB46.x\x8A\xBD\xF3\x86\xCCq\xFCϞ\x84\x88\x93�\xD8\xCB\x\xC8"O��<\x96\xE1a3\xB3\xF5\x99\xA0\xF3e\x81\xE1\xD1[\xB3\xAF\x97_\xB9H\xA9�\x80\xB2(\xD7��\x86\xAD\x98-\xAA\xA4\x8E"\x86\xEAe\x84\x83�t\x9C\xF1V\xE0�\x873\xD0[7u�\xD6\xE6#:p\xD6 at 0\xFD\xCCW���\xDE\xC9C\x96)\x83\x92\xB2\xFB\xDEM0\xEE-\xD8\xE47�\xFB6\xDB0
-�\xDA
-1�\xCB\xD4\xE5 \xC8a!\xCDz\x90G*\xEC\xE7-Z�\xB1\xEE-\xAE\xBB�\xB0\x85}\xA7:\xFFmpÄ¡\x8A \x9E�\x9FÇ›×_bJ3f\x86\x82X�\xA1\xECL\x90m\xEFÓ€\xE0T\xB6o\xA4\xACF9\xC3[9/\xDB\xCFy\xAD\xCB:\x80\x98.\x88U
-\x94�y�\x84b+iI\xA7I\xB7\xAA at f\xD3\xC0S8q4\xFC.\xFD\x97Û `\xC4\xE7\xEC*r�T\x9CG��TX�Ç’ \v[t5�\x98Z'\xF7\xFD\xF2\x96 Sl\xA7\x91\x99\x86\x9Fl�Ä‘\x89\x82V�JPz\xEAH\xB6\x96\x85\xAA\xD6\xF4Ô™\xDF\xE7ÊŒ\xEE|\xF7~�E\xB8\xEE\xEB\xB0Öš\xF9F\xD6�\xBC\x81�\x8B"\x81{\xE3.⽺\xBE\xD0 ��\xA7\x8F\x9D�.�5Õ \xD4 \xB9\xF6(n�\xE4z\xE9Z\xACM\xF4N\xEE\xFE
-\xC9q\x9E�\x97�\xEAh\xCB\xCFF\xC7=\xEAO\x94\xF9+\x8A<�c\xC1�\xB7.\xFCI\x83F&T�fj%v}H殻\xBA\x81/ދ:\x80\x85tq�>\xC6�S\xFER�L|\x9E�\xEDl}\x84\xA8IV\xE2M\x88\xB3\xB9\xAC|\xF6vW\xA3UEqݲ\x96^`��)d_\x84\xAF\xD7a\xE5�0\xE1\xEF'
-\xB5\xE3Jc\xA00Î\x9F\xF3\x95w\xEA(á·ŸK\xA3\xEAÅ¥\xC7<\xCCD\xF8\xA8n {AV\xC8Sb\x98���1\x92Q\xEA�g aW\xBE\xA0\xBF\xE1\xA8\xC0+�:Q\x98\x9A\x9A\x93\xF1�\x87m\xBC\xBA\x85\xB7m\xD4 \xEEy\xA9\xA4\xBB\�p\xBAA\x9F\x9C,)\xFCE\xBBÏ \xCA\xFC\x9C\x89N\xF3�\xED\x97\xE9EgB\x86Ý·\xDAd\x9F�u5C
-<\x85:0\xB5o�$V��\xE9�Ŏ�i\x95ڤ\xCB\xF6\xD1\xC7\xD1.f \xF3\xB3�X\xA9f‡\xB95JQ\xB7\x81&�\x96
-%CD\xCC\j\xF6\x98��B\x91u/\x82�\xA7~;k\xB5�$�&yU]\xF4ʉۿ\xE6I�\xCEE\xA4\x8A\x94[\x9A\xDC�\xA4\x8C\xE8G\x9C\xE7\xB3>J\xFDj\x88\xCC��U�Ԃ*
-�e\xAB1�\x8B\xEFm�Í°\x967p\xA4+\x92qy+�E\xDF\xC4[\xB7�\xFC5\xF1\x9F\xF2\xC0^\xEEF�\x84}f\xE1\x95I�\xFB~\x8Dc\x94sÄŸ[&\x9E\xBC\x82\x9F?/\x9Ea\xD1v\xE3�E\xCEY\T{\x90\x82\xEBv<\x8Atc��\xFBpÚ¥Ag\xD2g ]`\xC3�ʉ�J\xDBv\xA7lt\xEA-� \5�\xA91&ë” ä¸¯\xA1\xA8�Mٰ݈?T\x99\xF0\xEF.\x99m\xEB\xDF\xFDߘV\xFD4\xC4K/\xD1\xF1\x93\xEA�4�\x84�T\xB2�(\xF3\xEC\xEF@
-\x8Au��\xFC\xECK\x9C\xE3\x90!\xA5}=\x97\xE0|��\xD6\xC0\xACB\xAE\xC8J��H\x89^\x8DM(B \xBC\xB5�\xC2N8`\xE6XG_\xE6\xF3"Xٴ\xE8r�6\xE1`M��\xDE5f\xA8t\xD3:�J\xEBiL\xD9\xD3{\xF4x�
-ק�\xB5\xF7Y\xCFÛP\x96\x99\xADΛ䇸-f:\xA0\x83r\xF5\xF1\xF2;57\xEC>\Ç\xB5\xB6 \xAEü}�8�&;DP\xED\x85e\xAA\xEE\xA2W\xBC'\xAD vb��\x82)^n߈\xA7'Tn\xC4/\xFC\xF4\xD2�\xB1\xBC\xD7V\xB7J
-a\xE8q\xC1r1\x8Ft�\x989f\xBB+� (��*\x91\xB3-�\xC3\xF2\xE8R\x8D\xF6\xA3\xBDg\xE8\x96\xDF~�n)v\xE9\xE2lO\x8Ae\xF8\xDDܨ\xEB?P\xC3-L\xBFOl\x8F\x82\x80q\xE4�\xB5\xEA=\xAC\x9FR��\xA9̅\xD79\xB0\xADzG�B\xB8w{&=GH\xD1a*\xF9��\xA38��u\xCA�B\xE2\x9F\xE8\xCE�6Z\xD4\xF6\x8A\xB8\xC7\xD1>Շ�\x9EC\xAB\xDF�]\xFC\xAEA\x8B\x97\xDA!2|�XI\x9C\xB5r\xAE5\xE8 (\x92v\xBF+\xE3\xEF\xF9F\4\x93\xAE=\xE5p\xDF�\xB9\xDB�\xD3t8�R\xCE\xC0\xE0x\x93\x9A\x9B\x84\xC7\xC3�\x95L�9[\xF4i\xCE.\xB6\xA6�\xF0 Ri\xA3\xB4c\x81=S�\x82<\x9B1\xCD\xC6v\xA2�\xA76\xF5ș\޲\xA9\xD4\xFF��\xAA
-�\xC6i�2�\xD0��\xD3B\xA5\xB7\xE5\xD2
-\xEEձ\xDE:D!\x80\xCAW"\xB2\xC0\x98\xF2\xDEš\xE8\xFCx\xC8\xF7|\xA1\xE13 �2y\xF7�n/D�#P\xD62\x92\xA9\xC8k\xAD.؇\x90�Hd\x86\xA3�Lv{\xDB\xF1\xF6\x8D��\xFB\xFC\x8A\xBDl\xB5�t@�\xEFH\xAD\xA8\xAD\x94;\xE1B\xD12\xABC\xACaC\xF5I\xF0�#_\x94\xBD��\xAA\x86'\xEE�,\xCFG�\xAF�\xFB)\x97D\xC6*~\xCC2\xD0\xFCQDy\xF4\xA1\xBA\xF4\xE5 &\xDFB�\xEA�f\x86\xB3ʲ\xE8\x98:\xB3\x8F�tu \xF1\xBB\xFE9rK*8]\xA9\x84\xB7]�\xC6\xEE�C�\x8E�\xDCi\x8E\x90J\xC6f\xA7�\xD4
-0\xEBRi\xD7�\xF0\xA6h���a&\xA4\xB7\x97ϲSz\x85\xA0\xF5h\xDF\xDD0\xCE�\xD4H\x97\xCC-z\xD1m\x9E\xDB\xFB
-�S\xA0\xFAQ\xF3\xD5��F\xF2ב,<yt\x86\xA4\xE7\x93j\x88L�U\�W�\xF3aS\xE0\xA4h\xB5R$@IԳ\xAEk\xF0\x86\xAE\xCBŜ\xE9\xE7\xBAq+\xB9\xA4\xE5`\x94 \x92
-\xFE\x83\xC1U\xC2\xE6W\x88\xCC#\xDC\Ҁh�\x9D�\xAE&\x9F�\xC95\xE9=\xFAPȆ\x9BQ4\xA2\xC1\xCEJG\xA4\x8D\xDE^\xBFҽ
-\x85\x8C�\xB5 at w\x87\xFEKL\xE0\x8D\xED\x{1C124A}ÆŸ ,\xDBk\xE7\xEA\xB7E\xA1\xD0\xF8 \xE9\xD8\xE8�,\x98S\x9B=y\xC7O\xD2\xC2�v(\x98)'\xED3\xF8?/Æ¢I?\x8E\xA2oW\xE4\xEC\xF7\xEA\xE3\xDA\xDD(Ê¡\xB8\x9A� \x96\xABo/\xAB\x8F\x8Fg\x879v\xBC\xD7
-L\xA5\xFD\x909`�= \xE2\xD4\xFFs+\xEC|\x97\x85�茇o�\xF6�$\xF3c\x93\xE8\xEBus\x9A9\xB9\xAC�';�]�1\xFD�\x95ɖv\xD0DE\xDF\xDF㱞\xAA��\x8D\x8D\xA1\xEE�\xC9N⛈\xCC\xCB{\xF7\x8CB\x82\xF5cU\xF8,\xAB�:\xC8^\x83 \
-ʽK\x96�\xF4\xDC�a\x9BB�[R1\xA78_\xFC\xEAg\xCB%m\x8EDc\x91\xBA4w\xB8\x8D\x8E\xBB}j\xB7\xF4\xB2D\xC1\x91�'\xF8\x9C2\xBBo\x87x\xFBq\x90�\xC1\xAF\xFE2\xDC\xD6�\x99a3��\x8FJ|uPp\xB6+\xD89\xC5\xC6\xF8\xEEE\xBE$YKd\xC6�\xFEo\x87\xBD\x98�\xB3\xAD\xBC�9\xAD\xC5�\xFB\x89/ЩA\x8BO\xA9L\xF3<\xF3�\xB4~�ť�g—{Y\xCF�\xBE\xD1S\xED\x8Es2��\xAF\x8E&\x83^\xB8Δv'\xB4\xF7\xF9\xC8ڟ\x91�J����\xB6�\xFE�;9\xC5у�\x9F)\xB0�f\xF3\xC6}\xBBz\xB0=\xA0\xF8v\xD6
-\xDB\xD8\xC5/\xE9G\x8EI��\xAC\xD9W\xAF\xB5=\xB7̜\xC5Pv\x86\xD1;\xD8 N\xF1\xB9ו\xC0\xEC
-\xD4\xFE�\x89\xBB\xF2p�'\xEBVS\xEF\xFBR\xB8\xF9O\x8F\x9BW�2Û—�\xD4\xE4\xB0BA"h\xDCw\xA4Sx1&}~\xAEQ�#95\xA0�\xAB}\xD3HU\x8C#\x9A\xE8\xC4�\xD6\xFB\xAE�-\xA1u\xEE\x98\xEAV\xADA\xEA\xF4l\xF9\xBE\xE5�\xDC\xE2\xD3,y
-�\xE7\xC8z%\xFFjv꡼\xBD\x9FY/fy\x9F&\x9E<t�j\xAB\xF6\xD2l\xF2?֟\xD1q\x8F\xD5��M\xEA\xD5A\x95\x8E\x97\xC5\xEFƼQa\xB8\xE1;
-d:\x85\xAD\xD6`\x87�-^uI&\xAF,\xAA\x8DƑ\xDC\xCF�ƢV\xDA�\x8F57Ǵ\xDA�\xAC3W'\xBF/\xA0ʌ\xA3�\x8C\xA4�\xD0y\xFB\xB0�n~\x9C��?x\xFF棄\xEFr6\xDF\xDBS+#\xC6B\xA3\xCF=\xAFUi�\x83\xA2\x89w5\xF4,\xB7
-C\xE0\x97q\x9E\xE0\xEE�\xB4ԛ\x91\xF5\xD4\xDB\xF75\xC7P\xCDr\xC3#\xC4^\xC4\xEF\x8C嗓\xA2\xA1\x93�\xF4\xE2m\x87{\xA3\xCA\xDB\xECF^\xBF\xAC\xA5V /=[�\xAB\xA5�;\x9C\x89\x8FӨ�\x98�/�\x86\x8A\xB1
-��\xD6Y\xA2\xEF\xE3\xB8�\x82\xE7\xF5�(�\x82\xCA7\xBA�\xA6\x81\x9A\xDFaYY\xAE\x83\xB5\x91�\xEE\xAF
-Z[Ä…\x91\xC7Ì®
-g{S\x94v
-\x85\x80\x98!0"\xAA�\xF3:\xA4\xA2\xAF\x93\x91� a\xEB1e .l\xDC�\x9B�
-j\xB6\xEB~�-Y�\xA6�\xB8"\xF5-\x90\xAD\x8B�wb\x80K\xAE\x9Evp\x94\xCF�\x81\x8A�\��\xE8\xC1\xFE\xBC\xEB�u\xB2W_\xA0Eѻ�n\xC1 |)\xF8�\xCEEU\xF2\xF3\xB7?\xE3\xEE!p6|\x89\x8A\x8BC�E�\xBDj��\xEF%\x9C\xD8c\xCF+8�\x814\xAD, at U\xB7*\xD36\xF9\x90\xF7ᢡ\xC0\xAA�%\xC0\x95\xCFB\xAE\x955\xDC&mP\xF4W\xEC\xF0Ҁ�N8\xDFv8\xB5\xA7����>8\x91\xC8��\xF9A\xD0M\x81\\x81\xB1\xB7\xFF
-\xE2k#�\xE8\xD9h\xEEY\xFFyT�\xDF\xCE1\xE3\x80n\xC8�ܑ\x94\x9AW\xA2\xC9:\xB5\xB8�a!�\xBA\x8F�N��\xB0g�\xB4�\x82�K�\x98nh\xE1\xF30�\xB3\x97\xA6\x97<>.r\xF0\xC3�\xE5\xF4-�\x8E\xF1\xE4\xF8\x84k�7a\xAC\xA0�\xEAGaHˈ\xE2j�r\xBB\xE9\xCBm�t�\x943SR�n\x893q ܕY\xF2-9;\xFD\xC0\x9ED�O
-\xC5iL\x85ͯ\xA0\x94ћ\x8B\xDEP�\x92A\x9B1\x93\xF1\xA6�\xBF\xE4m8�:�\xDAj\xA4nK\xE2|J\xE4\xFB\x94K\x8C\x9B�\xB2?p|y:\xEB-\xB7\xD0
-\xA3{t\xAFT�\xC1>\x9E\xB5\xC1\xBD�\xA2��\xAF\x8F.�\x9AIw�\x99R\xE7�\xE8\xB2\xF3m+5؆+2\xA2\xB6\xA4Q\xFBg \xA9!\x93Q\xA8\xBFE&\xB7\x84\x95\xBA"�\xB2Zhu�\x82\xE8\xA0(4\xA1JRE�\x86\xE2��\x9D\xFE�\xA0[,\x9B\xB7\xE4bU8\xEC`Hj�\xACF(\xC12"L\xE3<\xFB}蔸\xD9\xCC\xEDv\xD8�_\x838Z\xA2\xDD|\x84�\xC0h\x9B\x9C_\xE1\xB3b�\x8E\xBE\x90�\x96F� \xC8e/킜6\xBF\xEC~\xE10�\x80l \xE8'�o\xD6�\xDFN\x8B\xBE'�tK�\xE0\xA9H�
-�\xF8\xEA�\xC7Qud8ÖVX\x93'K�\\xB8\xC8�Í€\x91�\x95�\xDB�\xACd�Ô‹\xDF\xDCh\xFB\xB9\xCF\xFD\xFDW\xC5άJT\xA8d�\xDD'\x9Bh\xB0��\xD9\xDE @Ò«\xFB3p�w+\xC4\xF7\x96�ÆŒ\xC5\xCE\xE9s\x97\xF8j\xA2:�\\x83;mB\xD4í—¦�\x87ή\xF7É€\x92N#Ò\xC0\xD8\xF3\xCD\xEC\xCD~\xEAe\xB6!oE�γqi{�\xCE\xCD��\xD9DoM�\xAC\xCF\xC7E\xF0MF\xF0\xEA\xE3_\xCF\xE38\xB0\xA9\xFD�\xAB\xAFJw-�!<�\xC0~e\x95\B+S\xDDP3\xE8\x8C"\xF0= 5}�Ö;Q\xCD\xF5�\xCB^\x8A\xEFÊ¿[q\xAAs\xE2#�Ï·\xC8Xs\xA9�\xC5!\xB5\xFC\xF4�\xD5dx\xB4@\xC6\xD7<8[\xF5^\xECM\xCCVh��x\xB2\xFD\xE7@\xF7Ô»\xA4\x91\xCF\xD9\xF5CYÝ–\xAB<P\xB5\xC8�Ø…\x84\xF9\xE5�=�\xB0��Üœ\xB1\xFCÞ¤Bk\x87\x91 \x9F\xF4\xD3:
-\x8E3^\xEF\xEEtl7\xE9E��\xD0R^\x99�UY5.\xD4�\xC9<ÙŒ?t�L\xFAdN\xACO\xD4\xD6 \xBD\xC9V\xFC8ㄽe QÊ”\xECXÙŠ\x9E\xA1\x92{Q\xDDá¾\xFAq\xC1\x83!�\xFF\xE8JP�\x9B\x94�\xF5\xFEQ�\xEF\xEC�\xFD\xBAV�\xCAX\xF3�\x91\xA9�jU0\x89)\x8B\x8D
-\xD4>\xC4*\xE2-\xE6�6\xD2}ɛ@C�\xCC=Ҟ\xE6P\xDB\xCF\xD3UmeX\x860>\xA5�\x8A;qA��0h\xBA�x\xF4\x8F\xCC%\x9A\xE6�\xA1\xEE\xCB\xC0\xF7\xB7]\xB3c^\xFE\xE5\x98[\xB6I\xEE4\xF7,_#5\xE9\xA1\xF1;X\x93�g+\xC9�1\xA8\xEA#=\xB5mu\xFEm^G˲K\x8Bc\x90\xA6\x81\xE9\xC63 =U_�\xB2\x9F}�{\xF3\xC9ɶ=\xE9��\xDC~\xC3*Ly\xBE\x95\xB51h\xCC�\xE2DŽ'\x8A\x83{\x9F\xF4Hr�HO�\xF0\x9F\xFB\xFB\x937\x84\xE6
-\xBFZ6\xD0L4\xD3\xF7\x80\xBB�Q\xAA4\x99֮�\xCD\xE5Y\xBBs\xBF\xA5\xA4\xD2'w\xB2\xB8q;F\xB85\xFBf��\xE59$X�\x86�/\xF1\x912\x97\xB9nl\xA1-'jU\xA6w\xED\xFB�E\xBF\x95\xA1\xA5\H[\x89�\xDA\xFB\xA6\xCB\xDES\x8C\xE2\xBC �@\xB98>\xDC�p\xBC\xEEf\xA9\xF3X\x8A+6\xA7\xDA�\xA1\xA50\x94j9\xCDmp\`Y\xA5\xA2\xAB\xA7
-\x960 at J\xE8\xDD\xF55 at 9>\xD0m\xE7\xE6sS\xA3p\xF0\O\xCFJ\xF0\xF4EX�\x8A\xB1ɬU\xE2\x94\xDBÍ\x86B\xA8Ç—\xF9Yʦ\x98n\xE0�^`nn$\xDBLÆ®��\xACÂ\xC7\xFD\xE3\x8F?\xB5\xF2\xD4�5\x99\x8CQ\xCB���\x8F\x90\x99J\x83\xAD\xD7C\x89�\xBD\xD1=\xB4\xB3q\x99\xBBm\xF4\xFBrl\xEE\xC6"H\xB5\xD5\xFF\xFD\xB7�\x94T\xD1
-\xD0��)\xA7^nL\xBE\x94\xA6\x96\xE3i\xF5@\xA8\xAD\xCE~\x9D\x86+\xC6\xC2\xC6kinuy\xC4M\xF2.-\xDBŃ\xAB\xD7\xE5\xDD,>\xE1a\x95\xAC [
-\x85>\xE8c\x8B\xFF\xB5\xEF"\xA8\xC8I\xD3\xE8�\xDB�\xDD\xD4\xC6./>\xC0"\xB8x�\xBB\xF8�\x8D\xD9^\xAA\xE7-RR\xA8\xA5�\xF1\x81�R-\xC5\xE5\-\x87\xB4\xA4�Do\xDE\xE5\xB1($\xFA&\x97\xF8�\xF4V\x8D\xB0\xE2\xBD\xE2\xEE\x94\xC4`(f�\xFEQ̤�\xD6n\x95W��\x86&mr\xA6\xA0\x8D\xF2\xE4\xE9\x8A7K\xA2\xF0UV\x9E��\xBC)(E3�\xF49\x80\x85\xDBn\x92\xAA\x93m\xCE��U@\xE2\xD2S\xB2\xEB�\xD4\xC7@\xD7g\xDC\xDEҗPp\xFE
-\xB6�\xA8f\xBBܖ\xF5|\xCF�b\x9E�c\xDE2\xA1\x84<\xA1N\x84_\x93\x82\xC2\xD5\xC9\xDC~\xA0`$�@\xC7д�vW\x9B\xE7B\xBA\xBC6&\xBBS\xCAv\xA5�\xDC \x93\xAC[S\x89\xD7\xF2\xF1\xDE\xF5T9\x8E\xFE\xBCK\x94)\x82Z\xFB)\xB8�p\xDBjC\x8E�\xDAN�+\xEF��'hss\xB5\xBD6\xFDIa\x85\xE4S4X\xE4HA
-^\x94\xD4�~Ϝ(Xt
-z\xFF\xD6c:\x9B#\xE9\xA6,\x8B � l\xBE1\x8FM\xBC\xEF\x99\xE1\x8C
-\xB6\xE8I\xCA�\xA15D\xED\x9C
-]\xCD�T�%f'\xC1�\x94^\x85+>l$& \xFA\xC3\xE5��\xFA[\xFAH\xF5C\xFF\xBB�_\xBB�\xDF\xF0s\xC0G\xB9�z\xC7%\xC1\xA6\xAB˪I\x9A��\xDAF=/�\xF7\xF3~\xC3\xE7\x91i\xE7�*O\xE9�\xE2\xB6;\xB8\x91_\xBA�N\xEA\xBD&\xFAө8\xF5\xCFh\xAD\xB0W\xE4\xD2\xFD\x9Dұw\xD2\xF03Ʃ\xE1\xB8X\x89\x84�\xBB\xB8\x88R\xDBz99\xD0\xF8|y2+\xB7\xBA\xB8\xF4\xF4\xC5\xF2\x8B>�&c�c{\xB8m�\xDCl|\xB3\x84\xFDˆ\xC87^\x80\xA7;{\xED:`\xD8\xCF\xD3p�\xCF>\xF80�#\xC7\xF9^|V\x94\xF1\xDA\xC0U\x81\xE9\x90\xE9,\xB1[\xFD&\xB8\xA4�h\xAB\xB8Y\xCAAr\xC7\xF3\xD7J�{D\x86:\xF0\xEB\xD2\xDA�&\x88\x81\xDF\xE6\xE9e\xBC\xFC\xD7+[\x8A\xD4;�\xBE\xA0\xC7-�\xE1TWQ\xDFmt\xD6U\xFC�\xC7^\xD2lƑ\x81jp��n\xE5)�Vi\xB2+b\xA8\xA4\xEF�\xEB\xECl\xF7\xD8\xE9\xD8aK\xB4x�4�\xE8D0\x9E}\x8D\xD3$\xD3\xEF��<\xAFl<�>�~�\xDAXv\x8C\x91\x8D\xB65\xD9\xFCF;\xBCR\xE5\xC5-�NS�\xCE\xD6\xCF)P\xB6\x92\x81��maK\xCB\xEEf\xD7\xE8\xCB\xC0��\xCAX4\xF8\xAE\xF3\xB7\x9C\xE8\x97\xF4і`9dfͷ\xB5\xC4\xC9m�bc\x90�\xB0k\x9B펾\xB6\x91n�\xAA\xBAtw\xB3�\xAD�� \xA2\xEDۊ\xAD\xB2��\xDEY\xAE%\xC8BV\xA5*�(<\x8D=\xC8��n\xAE\xB1\x88\xA28w\x81#\xD0\xF9�\xF7\x96\xBA\xD2\xD1$1wB�\xFA�,1A\x9Dj\xD5\xC5�#�)K\xBCk\xF2�\xE3\xF9m�˥4\xDAHk\xDBM\\xE1fy\xC97Ͻf\x9AWp\x85\x9FD\xC7\xDB8\xAA�\xDDYqRy\x9C:+\xE4�\xF3ޙ?�
-H�\xD4o\x9Aû\xCEJ\xC5i5\xCDERP\x86\�\xA4\xE4�bch\xDAJ\xE9
-n\x87\xA4\x98o|Y\xC7�\x9C!�\xBE\xFF\x90|`V\xD3s\xD5'6\xBEZ�\xC3:\x91\x88\x86X\xB5X\x96Oߕ�vnwsp\xD9��\x9DD�bE�:\xDE]\xD5�\x96 Y\xB5\xCAG\xCD]\x9A�F+\xDA?\xD5ޛ*g+WuPe\xF9\xBE�?\xA77
-�\xCAл\x8FwB\x85\xC81\x83\xFE\x94\xAF\xFA\xE4Uo\xE0��.\xF3+i\x91� �=�\xC8\xD5\xFD\x8AN\xAC�m\xB7\xFE\xC3x\xED.=�\x8C\xAD5�\xAE\xF3\x9A\xAEH\xBF><Ǥ\xED\x81\xC56\x89W\xA2\xF3ճNP\xF9g\x9B\xCAXtIt\xE0\xF3
-\xC2\xDEe\xEE\xA3�\xD1|\xEF\xC1\xFEl\xD23\xEB��\xABa3\xC82\xC0\xA6\xBC\x8B\xA2�;�\x9CW\xCB|\xBAa\xC6�\xB9\x92\xE5|\xDFk\xF5 at R\xEDn-\xC0\xF8 A\xAD�\xA9mr#�<]b\x89\xE5\xF4\xF7e\x9C\xF5,�Öœ\x90v��\x8Ad\xFC�eÛ\xB90\xF00\xFB�.};\x8F\x93\xCD\xE1\x93J\x83\xF3\xFB$(\x9Df \x94-b4\xC5V\xC2Dk᤼;�\xE0�SZ�R\xAB\xE4*\xE5\xBD߯;l@\x898\xEEX\xEFL\xC1a\xA5(S}\xD79\xFA�\xB4\x8B\xBC�EYa\xFD
-\x82\xC6�\xA9+g\xAB\xA1f\x9B"P�>\xE7 =py�E\xB5$C\xAE,s\x81�\xA7\x99eۤO\xAB\xB9\xB7l\x9CX\xEC.\xC5\xF0�\xDAP\xA2\x8Drn\xCFlƦi�_\x89\xE6\xD5(\xFB\xED\xCC\xF1\xF9h�'\xB3\xB9\x8E\x91�Q]i-> 8F��/'\x9B\\x84�@��H\xF9\xBD\xDC{\d�ߗ\xA7S"\xC7
-i8�<h\xC0�\xEE\xDB\xC7A\xC9t\xE3\xB4��\xA6�\xF7
-m �\x813\xA1\xB9\xF8\x97)z\xF5%<\xA7�
-\xB3
-\xD3Û‰\x9A�S�NÕ—\xA0��=\xB7\xDEG\xE6Q\iB~L�rb+\xD7Ňb�\xC4\xD0Ù•\x9D+\xA4Wi2\xAAh�W\xE4�. (@\xAC\xE7�~\xBAX�\xF9\xE2\xD1%�\x9D\xF3\xF7�\xB5\xD3&^Ô/;t>8�ŸD}\xF6�\xDCe\xB3\x8E\x97\x84\xAB\x80\xCEGc\xD6\xE8P\x90}\xEE\x86-hi\xDD\xF2\xE4e\xEF\x96\\xEC\xBCO �\xF9z\x83\xAC*\xA5G�o\xB0�\xAA\xBB!\xED\xF7\xB2\xDE�\xA0;\xD9ȸ�)y\x96;\xA5X\xAC�pz�V\xA9\xAC
-bl\xCC<\xCEa\xE0\x93\xDF�c\xBCl~\xDD\xC3�j\x97EF\xDE�/\xD7Dz\xF0\xC7\xA36\x85ѡdž_\xF3kB#\xB6\xFF\xBDR\xAE\x8A\xDD#\x8Eo8$j�\xF0�\xE9\xB7Vq%\xA6;\xC0~\xD5�\xDEt\x97nB\xFD�\xACͣ\xA3\xE1ZX��\xF4Cb�\xE7)\xBFB\xF3FSQOc�<\xB3�G�ELw��\x99\xE12\xEE\xCE0A�#Pp@\x9E\xF2dM\xA9\xDB4\xC5\xCB*�ɱ\x8F
-o\xC91�\xCA�0웘\xE0\xCDk�.sD\x95�}?*\xE5V�M\x9DV\xC7p�%:h\xA6\xB7�\x88\xFA]9RG\xAE\xE53/\xA5\xF1Û\x90 at f 3�\xF6\xC1\xAA\xAE\x91�Ùµ\xFFxT\xBA\x87W\x86��\xD7qN�\xEB�#\xE8\xF4\x87F0�\xF4x\x83O =\xAD�E:5\xBD\xB4\xE8.\xDC�&>S\xEF$\xA7\xD8rY\xA7r\x96\xB9qJ� \x9C8\x85�"1'\xDB�\xE5/G\x8E\xDE&�\xCD�\x94\x8C
-\xAFh92\x95\xA2\xCA\xF0\xBFшq\xED4\x96\x92tZ2\xB5\xA8�k\xD0</\xB6;.I\xDCw\x9E��\xD4D��)Q\xAB\xF4\x92ղjٛ#\xEC\xCF\xE1F\xCEϬ\xB1>"_\xF87�"\xA7\xD8\xC2[]\xF3�b
-i8�W\xDA�\xBF\N[\x8E\x94!\xF6L,\x8C'n\xE2�u\xB8v�\xE5t\xCC�\xA2\x96\xA3a\xA1\x8A\xE3\xB5\xE8\xC1%\x9C\xC0 /*w.\x88x\xC3�\xA9:\x94~5K(\xAC\x9Dm�g}\xEEu1\xDD3\xEF�㫽\xFB\xF5W\xA4\xAE4�8�P�\x82J\xC8\xD0��_\xA53U\xFE\xEC\xCAt\xD6\xF7\xC1\x95C�3�s-�\xE3YYv\xD3�\x82\xB2Y��\x90\xB1\xB5x\xC8k\xBDS\xA2\xA6U\xB7y\xD45\xF4\xD4b\z34V�\xA3r�\xA0,w\x87~\x88\xE5.\x85��C�YϾ5\x84]\xD7ڵ'ӛ\xF8s+q\x88)\x82\x8Bv\xABt\xFCc(\x93Rlh�
-\xEF|?\xD5F\xF0 &\x87\xC5�i%D\xE1W\xAA\xAE)sl\x8C�A\xE8�-�\xBE¼`]\x82\x{95FE74FFD}�\xDA\xEE�\x87\x98\xE7p\xA6\x81\xC0\xC5\xF3)\x86\x96z\xAB.\xB5\xB0\xBD\xE3+f\xE7�.Ye8\xDAzF\x82�\xF4\xB3\xEE\xFC�AŴ\xE3\x8D\xF1!G\xD4~0Ѻ<| ü\xB0h\xBE\xA9\xB7\x87%\xB7㺰\xEBW\x92\xF7p\xD325
-6M\x8A\xF75\xBC!\x89<F\xCA\xD6\xE1\xCEX\xCA�\xE5\x9AÔ,\xF8<��A\xC8��\xEDU\x9C7U�|t\x97Ô¯P�Ò\xB8D�^�\xB4G\xA0
-�#\xE6k\x9B\B23�/\xB0\x90|\x82\xD6N�\x97\x92\xDE\xD2XtEi\xC4\xE9(\xE28]\x80 \x95\xF3P\xE5&\xB3ipj~'\x92�O\xC1BP\xAF\xA8\xADnTܜ\xA2\xE5\xE8T\xB4ux\xD7\xD7�5\x94\xEDw��\x9A\xD8\xF7)\xBBÎ\xD5\xEB\xA9¨�\xBC'\xB7X>\xF5gxj�4\xBE\x89\x85�\xAE\xB5X\x8D'\xA1m\xCC-7\xBFF\xA0r\xB7p%\xB0h&\xB7k1\xD6\xE3��\xC8\xD3T\xB5\x80\xE0�C�\xF7\xF7\xD0^D(:U\xECJ_\x87$!KZ\x8C\x81\x8B,|1*\xAE).\x92D�\xA6\xDF�\x8E\xAC.��\xCBs�\xD4\xCF\xF4㇉Ҩ\x90\x9C\xF4t\xE3\xDF-ė\xC5\xD5�\x99\xC1��\xA5K\xD3*\x8B\xBEG{\xDF� \xB6S� \xE1\xE7\xB1\xF1�\xE4K�j\xB8u�D\xC7��]\xC04\xC7G`\xD2\xDCP�ЙÊ\xC0\xA7\x98lג�%wi\xD5Pk\xA4 �\x96?\xCA;\xF72\xB1C\x86\xF07\xB7\x94\xF0\x83"K\xCCwA\x86\xB94\x99S\x82��%\xB9.nN\xE0\xBA\xEA\xB9_\x8E\xFBM`�\xD2;S\xE6\xFC\xEA\g|\xA2�P\xC8�\xE0\xE5"�\xA7\xFB\xD7\xE7\xDBu\xA7M:\xAF\xBA\xD6�(\xCA\xFF\xB24�\xCD\xDFVi\xAE\xDBh(\xE1�Se\xB97 at j\xCA\xC5s�\xFF�\xD0\xF6�3\xA3\x95wV?w\xCB\xD9\xF7\xE0\xA4\xD1 \xC44�W\x95x\xF5�C\xE7\xD6 W\xF0\xCBʜ\x95Q\xDC\xD6m\x81#y_)\x90\xF3�\xBC\xA8VW_i�\xB8\xFA\xB81d\x82\x93
-\xD7\xDAq\x9Er\x85\xBBUv1í–Â\x9Bb\x91O>eÏ€\x850\xC9�\xEF-�\x9A\x91ã›·\xD1_�\x9B\xC3\xCF�\xBA_\xB1Z�\x8F<\x9E\xCA\xD7p9\x82\xE1h\x97\xE0J\xE6 F\xB8\xD5W\x8C �Ê‹PT\xC1\xB8��� A\xAB\xF7!\xF22PÓŒ
-\J\xAE=E\xCA~\xA4\x9D\xAF\x80k/P\xDF\x{157D14}\xF7�\xE6\xFD�7\xF6\xDD\xD7�\xF8�e\x8D\xF4�毒\xA8>\xA0�\xBEh\xD3;(\xB0\xE4\xF5\xB24\\x96�\xB8\xA9?\x90
-�ePiJ~m\xD7뛇\xA3hb3d\xB9n\xBDg\x8A�\x8A��=\xACÓˆ�lQ,~KBN�\x94\x86��W\xC5^"\x8C\x93z\xDET\x91nNÖ\xAE\xFFZ�ƶ\x9E\xDFi\xFDb.z<!�qr.\xC2\xCB<J\xAEp^ÞG\x8F5\x92!\xE3h\xA6- U�\xF8\x8A\x87vO\xF2\xD3I#\xA7\xBF,\x9E\xE0\x906\xCBW\xB1\xFE$\xE4\x8B!\xF4Be\xC3�yGG\x9Dl\xA0�\xBB\xA7\xC4MIR\xF6-\xA9\xAC[\xAD益\x8C@\xAF}8��K\xA2��\xD6Ę\x95\xE0\x88\xD7�Gj4\xD7NO\xD3\xF8Õ¶\xAF\xF5\x91\x86§\xED�j\xBE�\xA8\x8C(\xC6%�m\xD1\xE5\xCEDÕš9h> \xFE$\xAE\x85\xCE\\x93\xA9\xAA\x9Dm\xB4\x82\x8Aƨ\xCE\xF2&aa.\xF2\xE4�^\xE7\x9A\xE0u~{\xC2 �\x95q\xAF2\xA0]}\x91G@\xE5�\x8A\xE4\xD7a\xD1U\xAE\xF3�:`\x92PX@�h&�\xF5x\x86H\x88\xE2\xF3\xD2�f\x86B�z˨\xA8_\xEFI at B&f4M\x9A\xAC.a\x83\xA2K�Bz\xEA\xAB!\xAA\xFF3NP\x89É\xA59*\x9A1z�\xC6\\x96|wQS\x8559f\xB6\xD8in\xB5�\xBCI\xEE\xCB IL)ĨeL\x9D\x82\x96Aj\x89M>Dy\x80G>\xC1\xA1�\xE6"\xAEIÉ¡\xB4\xB1\xB9V]Y
-\xFD\xD1�
-�\xD7\xF2\xC8�_\xFBA\xF3wV�\xE4\xEFjq'�!1\xA0mS<\x9C\xB6\xBBͲ�\xC0\xAD�"\xE1\xEC7�z\xF3�\xC7HnؿjU\x89f~�-շS\xCAv\xF6\xF1\xC0Jqg\x94`\xC7jY�\x90�Ԙ.N\\xF8�\xFD>\xE8\xE2y\\xD6\xDB \x98\xCE\xF4AЫ��X�\xC0\xFEP�\xCB�#�-Ę\xE9\xFD\x86\xF5\xBE\xF0\xA52�0\xC4�\xD9ߋ��\x84i=�\xF3Y\xC3$\xA25\xC2'5D̸\x94ij�٪�u昬�i\xE5�Oj\xE3a!\xF8\xEA\xCAL\x99-�\x83 c
-\xD0\xF8D�\x8B\x8A\xD5�\xAB\xABÇ•c#\xD9= /|\x80��Í\x982\xA2\xD8L\xAE"mÐ�׌\xFF \xC2,J�r�o8𞨄\xA1Y�\xCC^N�m*\xBB�\xCA��\x97\xD0W\xD8\xD2\xF4\x83\xB9�1\xAD\xE3E\xDAp^Mw\x82z�ya\xD9�O\xD0\xE6\x8E\xFB�\xF9}\xAE\xAE\xA5]1\x9D\xBE\xAB8\x97)\x90V\x94;\x81\xA2\xA3�\xE8|-\xFB\xAF~\xA4\xF8\xEA\x8D\xE8\xEBÅ—Ù’���\xA7L\x8C\xB8\xF1]V�\xA6\x9C\xEB"\x98Ý…\x81"�G\x8C�K\xD7�S6\x99\x80\x99
-%\xC2<\xF6\x93;�\xD3�\x8A_\xA3\xECd\x9F\x84)\xB1c\x9A/5-\x82\xFF\x82gL\xC2\xDF�^\xB7\x85{\x9D�\xF8\xA3\xEC\xF6{\x87\xC8È…\x86\xAF7E�\xC3[!\x97 \xF9\xA1O\x97zS\xA1\xD5^\xB7�\x8C\xCF\xD0[.'\xC3hQ,\xAB]\x8FQ\x99\xA8u\xA5${\xBF\xF9\xED�tAz;@;3\xF2\x8B\xB1M]w\xA3\xAD6I\xE3nx�Od?�/\xA8'\xE3v\xBC\xE3|�\xF5\xC7o\xBE>�U%\x80`\xB5\xE6~a\xACP?\x8C\x8C\xE0\x8Dp\x8E\xAFH\xBF{5\xEC\xE0\x89=\x86Z\xF5P\xECa\xAE�\x94|0J�/\x89\xF8(!\xCEÇ =\x84\x80 \xF7\xF7\xC1\xC3�8\xCE\xCF\xEC\xFDK\xD6È°\xBA�\x85!\xFB\xF0r\x96k\xB8\x89\xB7al<�8`jH�p\xAD+&'fs�\x9An\x90ym@\xA7$\xDCU\xB3\xA9$d\x8B\xC1\xD5,LBpL\xC3I\xBEl\xFDvr\x82\xAC\xE1�D\x8F\xDEb��,�\x8B�\xE4D2&\xAFM\xB7s\xCF4c\x89\xA3#M\xEDm\xD0\xD9*#u~j\xD6{Û'\xB4\xA3\xB7b\x84�\xD9L\xDA\xFEg&\xC2W�$\x84�t\xE7\xF1\x8Ci\xFB��0\xCFwÂ\xEE�\x89\xED\x8BIP7)\\xBC�]\xA3�#\x86e&\xFF�K\xE1 �\x85�m9Ÿ7�\x8A?\xE6?y\x8Ct\xE9.PB\xEDØ¿P\xABO\x9F7\xD4,\xB7�\xFD�^\xBE\xEC=\xF6dÍ´\xD8 w\xAB\xB6T\xE9~\x91\xE3Ö‹0\x84!3\xFFc\xA4\xB3L�OO\xD5 �����T\xC6�\x93\xD6ŎЀ\xD2\xCEZ\xE9\xB3�I\xA9\xCE2\xCEf\xB2\xEA\xA1\xDC\xD8Y\xF3.\xBF\xA7\xA0Mz/\x98\xC0:\xD8mt:\x86\x99\xE8�^\xFDL\xD5�\xA4\x9EE\xAB&\x8DÒ¶n�\xFBU#w\xBAFï±·t\xC5CV\x99e\xBC\x97�N\x8D\x83>�\x98ZSF̪\xFC\xCA̬\x90\xA3\x94� [q\x92M\xDB��\x95\xECxd\xA7rP?.t\xD5G\xAC\x93|�\xE1\xDDk\xD8!\xD7 $�\xF1:\xBA?\xFB\xFC�\xCB\xE5W!
,#\xBD\xE7�\xCE3�\x9D\xA9E\xE4\xE5E!t]}\xA9v\xE1GQ�,\x9A;��I\x93!{\xB9ڽX[\xD9�\xDAJ\xED_3\xA2-\xFF\xFBa\xCCp2~\x8F\xF9\x8A\x93\xC2G\xAB\xAD\xC2G
-n\xAE\xB1\x88ʞ�\xB6 \xAE\xE1�J<\xA9\xF6;\xA0\x80\xEE\xDC x�+�\xF8\xF7\xAD\xB5�\x96'Iט\xE1\x9Fo�\x8CY\x99�(\xB1�\xA6\xAC\xF3\xD3E_3\xB5�#d1\x8D\x9A\x91js�\xC5\xFB\xB3R\xF1\xFC�\xE4~�
-\xAB�\x85\xDB\xC1�0|\xD8ۨr\x9E[��\xF1\xC5
-n\xA3\x8C\x88\xE0w\x83m5\x86\x89u\x93
-\x8E\xB0�\x91\xA3\xF3q
-/U\xBC;\xD6}\xE2$X\x85\xDAÓ\xB4K\xE7�\xABf\xE0\xD3*MM\x919\x8C}\xEC\x8B\xC0�@\xC4\xE8\xDFS\x9A\xB3\xAB�<G\xEBw\xB2\xBE�\xD7+TR\xAD\x96\xF2\x8E\xCC\xF6Q\x84�g�@Gs��\xA1\xC0Æ£E\xBD4\xB5\xADl
-M\xDE\xFA\xC5>�Hd\x91$\xE3^�\xC3\xCC�[\xA1\xFB/\xE4X+\xCDt��~\xC5\xDF\xFES$3\xD9ß—~z]\xF4\xFAYh\xED\xB2\xE4!\xD4"'\xF0\xD5\xE3:t\xB8\xDB\xCF\xC5K`\x83[\x87\xC7x\xFD4\xF5\xEC\xD0!#\xE7\x88/�j�\xCEp\xCA\\xA3\xD8i\xE6\xCD\xC1Æ‹\x82- ^è‚…''\xBFO��\xF2D\x90�\xB9Ê·\xEA\xDEaw\x95\xEF\xED)0�\xF5P`Q?x9\x9A\xA0\x81\xFC\xB0\x9Ah���x\x89?\xB7Ø c~\xFBZ6\xD2Q@
-k�eG
- I\xF4\xF1�\xE3a��\x87\x86\x86��+\xB24�\x824\xA43\x8D>\x87\xBD\x82�N�\x93�kf�R\x8AP64K�yU\xE6:\xD4\xF0M�[�=_\xFF\x9E\xC1*\xB5Q\xD0Y�Æ\x8Cr^\xF0
-\xD1�隿\xD8\xFE!\xBDd��\xA8T\xB4#\xFAP\x84o\xFA1 at F\xEFy\xF40\x96O6\xA3e\xA4\x84\xCFꀪ�O\xC7Q'K\xF5\xD1~\xE7w\xE7\x89e\xC7j*\xD7o^/\x88\xDEuD�m��\x86\xC30;&\x93:\xDDX\xF0�\xA5\xBDM\xF4=
-\x97P\xC1\xFBE\xE1�\x9B�hÒ“+\xB6M\xE2<J\xC68(\xB97bwH`{\x9B\xE4~\xEC\x91,\xFE\xCA,\xB8\xEC\xCB7/\xD5z~\xD7\xFBg\xCC\xDDq\xEE�\x96Þ…\x98\xA3\xEB\xF7xÙ\x90\xA3"\xEB\x8E�\x88\xDEJ\xDD�\xC3=\x9D\xBC+\xE0\xC72\xC5\xD34\xAD\xE6\xBB!\xB5\x8Bu@\x9A�机\xC7��\x95�\xA0Ù¹\x90\x87\xB0\xE4\xFC\xE7�\xAD\xDEam\xB9-\xEC?#��
-\x9F\x82�\x84\xA8\xD5/k\x87
-�]�\xD1���\xBA/\xCDx\xC2�p\xAC\>\x99L�\xEA}\xFB(ù'\x99y
-^d1]�\xC0G\xF2\xA4\xADK\\xD9L\xB7(\xDB\xD79�Ʀ i\x90�\x8Bc�ݛ��\xF5�N \x99\xB9n,:�m$\xF8�\xE7h\xDA�V\x87.\xAC
-\xC8\xD9!�z\xBB[\xFA\x9CD�\xB8\xA1\\x99V\�a\xFC���<I\x81'bܚ\xC4\xCEgw\x97\xEC\xA3;\xDE\xFC\xD2�\xD9
-\xA4#~\x81\x996H\xF9Y\x8DS\x92\x87\x95\xE5蓳6\xD29f|\xD0l�}\xE7\x9A߂\xA5�/d\xA5ޅvX\xCBpd�&�\x97H~�T
-�\xA7\xC5ԗs\xAC:\xD7\xF7\xF6\xDA\xE8\x9En\x9E\x8Aե\xE1\xA2\xFD\\xF1\xF3\x90\xD6r4\xED\xF4+\xB3�\xBB\xA5X\xD0vel�\x9B\xA2\x9E\x8AEJ&v\xDAw\xB7\xF0\xCC��:�\x986WG'�K9\xAF�j\x97\x82l\xA6x\xC3逖�L\xD6^\x8Eq\xFE\x83='\\x8EA\xEF\xA0\xE9/*\x8D\x8B�`~&\xCB}U\xEFV\x85\xC6Ml\x83\xD9\xF7\x89x^\x81\xB3CI\x93=�_k<�S�_\xF3\xD8\xDD\xEE�D\xCD�\xE6\xAA\xEA.\xFA\xF5\xA0\xAE3[\xF9;\xEC\xDB. $\x9AӞ\xE6S\xE12ZЯ
-߼'\xFDPb\x80X��\xD1FM�\xBFʜJ\xBB�'\x93\x88\xB8΄J\x87\xC4\xDCg*\x9F\xB5\xA4\xF5\xB5\xA7C*\x95\xF1
-\xA6ǃ熫4 �y\xE3\xF6\xE6\x9A\xE3\xA7>Κ\xFC\xE8\xAF�>\x9Ab\xBA\xD8\xFD\xFA\xC5�P\xAC J�~
-\xE6l\xEE�t�V\xB8\xFB\x91\x963q��\xFB%\x8EY7\x89\x89p\x92u1$q\x8D\x85\x88\xD1\xD9\xC8
-\xA0\x90\x83\x8A\xD9Ǿ\xBC\\x8B�u\xFBK\xA1&˺h\xFBD'n"Q\xA2&\xAFi\xCA7Í¡\xFA��\xBB\x9A\xD8i\xB5� \xFFÒ¨\x8D퉇Ka\xAF\xD1\xF0\xF2(`h\xF2\xEC�\xAA\x86G6X�\xF0�M\xC8�\xB2ß±\xE0;�\xF1\xD6�\xB6�{\xF5\xB0\x94H$�3�isC\xC1\x86`\xC3#:\xA0^\xFC\xEB�\xE4\xE7\xD4{T\\x9E�C\xD9�\xEC\xA5\xF6D.\xED\xF0bU'\xE7MP\xE4\xA0Γ&.A0(\x9C\x94\xFB�\xE9\xF2 �\xFBt?\x857Ÿ4;\xEE\xB9\xC1\xEER\xE2U\xC00cQ\xA8\x9C�i)�\x82\\xF2_\\xF2\xF9\xC1\xB1\xA7\xD4\xED"\x91Ïn\xA1\xA8\xE7W\xB9�@ i\xD1\xD64\xA0\xE4���7\xE43o\xB9\x9BC\xBF\xA8ÊŸ\x80 ɘ�Ù®\xAC4\xF5JDÅ\xA9!�\xF3\xC3&pc\xBE�\x9C=p\xD7\xC0\xDD\Ol\xCE�\x8F\x8B@\xCEÛªs\x82\xCD\xF7\xA3R\x864\xAA?Gt(�^\x82\xD4\xEE�\xE6\xC4zEk\xA5\xCF \x9D\xEA\xE0�E\xB4\xA4\xBA\xE3e\xED\xB1\xF2�\xF7�B<UlA\xC0\xAC�\xF5\x9B\xFBÔ§\xFB\xBB�i\xECx\xBB\xE7�\x89�\xF86\xB4{zQ\xF5\xBBu18\xBDID뜪c�#\x94D?V\x9Do\xB5i\xA6\x878?\xA9\xB1\xA2\xE35\xBB�\xC6��\xB9 \xFA\xFC{}驸\x95\xAB�\xDF_\x8C\x9A93\xBC磾\x96\x90�\xE4]�Ì’f\x8A\xEC�\x83\xE6\xC1\xAE\xAEe\x82A\xF4\x8E�ϼ�\xDF\xF0\x81cJ\xA4�"\xA4,/s"\x94\xE5\xED\xAAÓ„y\xFEh\xAEu\xD6\xCA\xD4�\xC0\xAA;y\x90\xA5\xE3\xE93�\xF4\x95+\x8E5 �R�\x8AP\x82�\x9B\xB9\xA1\x94\xF4+\xB5\xAB\xEF\xF6\x97\xFB(U\xDD\xFD\x92!C\x9F\xB5\xE7\xE3�EW\xF2\x9D\xF1\x9C\x98\xD0l\xC7Qff>&UR}hwG\xC7�8\xD1s\xBD\xB9\x95~\xB8\xB8-
-4mbA\x91.,�+\xF93\xDEr\xE4\xC97zz\xB8x\xBA\x84vF\xE05\xC5\xEF�\xF7`>\x83\xBF \xCA3\xA2j�\xD01 _\xF2\xFFM\x9A\xCEQ1Y\xA9\xE0�$S\xC1\xCE\xEA�\xA8\x84\xF3\x91\xF0,?/�\xF8\x8C#q�\xB9,\x95M\xFE@\x9A�7\xC8lf\xA7\xAF\x951NK\xA8\xE6\xD7$\xA3`�\xC8xE\x8D�\x8A\xD5�6\xE8r%\xF21+\xC9\xE0\xF7
-\x86Cp\xB3p\xDCo\x86Wi\xCE\xEB*$\x95�FxO.\x86�@M\xF1\xB9\x99\xE5��\xABi;Lg\x9D{\xE3��\x8Dv Ö±\x8E]--\x81\xDD�\xA7\x85\xAB\xFDS\xF9�\xAFF\x87K\xA9D\xAD\xBE\xD8'j\xB3Õ‡\xF9\xFD$ÒdU\xDD@\x82\xB4�#P\xE9\xC9gh\x9F&\x85\xC83�7��)d
-�Lt~\xE4\xE2>\xA6\xB57\xDC\xD4j\xE9Y\xE5\xF92�\xBAL��R:\xE4Z\xC2s\xA8\xAEN\x8Cm\x89ǂ\xE1\xE6U7\xDC\xF5e\x8F��y{�\xB2i\xE6�M\\xE4�f\xDEǾ\xA5\x9C \xE2I\xE6"\x85��C\x8B\xDC\xE5\xD1�Y\x9F�6\xBD�\xB6W\xCA�!\xCC?\xC6!\x93\xF48/\xA8�\xA0\xF5T\x80\xC8(y�\xA6\xCC�!ނ\x8E\xE9\xD3/-\xE1\xC69\xE6�6d\x99\xF1\x93�\xB1B�\xCD�\xA2�c\x88(
-\x84\x8D,\x98\x9B"\xF3�\x9A\x9CT&i\xD9\xCE\xE0\xB1n�\x94:�\xC8t'
-\xA2\xAA\xAC�\xF5A\xA9A\xFAÚ†\xF4\xA0\x98\xEC\xEBI�\xA2�\xD4J\xCF\xF6G�)M\xFB\xFC�\xC5\xC1�\x{1F6C1CD}f\xA4\xD5<mÊ¡\x9EÄ«|�d\x82É\x9F�r\xA8�\xD9/\x95\x89N\xB5\xC7�Y\xFB\x8BH�\xAA\xB9\xAE|)\xB3�\x8C\xF3^\xA3\xBB\xAFÙ�\xA40�B\xAF+\x8F\xCC�x\x83\xF4t~\xE4\xB9�\x83F\xC5Ö–�\xFEo\xB96\x94\xBFx\x89\xEF;�M�ܪ\xF0XB\x93\xF4\xAC,\x87C#)b\xF0\xF9\xF0�V\xD5wЙ"\xA7\xCAh�\x97UZ���\x82\x9E\xD5�\xEB\x81}S\xA7\xF0l\xA2�@vM�9J\xE0�\xBDé¹T\xF2}(\xFA\xB6\xB1\xA9\xD8�b\xAB\xE7s\xC8IS-�(
-G-\x83c�D\xB6\x96:\xDF^\xE8\x86\xEB\xDA8\xB9g\xAFy,9\x8Fb~\xA6�\x9C\xE1V{p�\xEE�\x93O'\xFE\x92G1\xA1\xBD\xE01\x96\xFC\xBE"\xC3Q\xEDFV\xA9w�V\x8E\xA1\xC2Ε\xCFa;k\xB2\x84\xBC5t\xD5K\xAE\xBF\xC8Ä´ \xA9\xECW\x9F� \xCA@(IE;\xB5W3\xBF\xB2\xF5\xFFI\x8E&jk7(Sb�Ö›\x97��q6.\xBA\xBA�;l\xDDsߎYvv\xE2\xC9,\xA4ͼ \xA23b\x9A\x9AA\xB1\xF6\xED\xF9\xBCw\xB2�P��\x84\xBA\xF0\x9C&.Ó£\xFAK1/J\x85\xC3*�in\xB6\xC1\x82\xD1Of~Øš�5 at -êŽ;V�?\xCE�N\x9F\x89�Nk\xD5\xF0d\x97\xF7\xE3×\xA6?si\xDC5$\x9D\x80,\xE9�\xCC at z(\xAF܇\xC7O\xCA\xE8Bß \x9Ay�\x88\xE1\xF4N\xA7#.Æ„ 8Z\xFB\xF9kV�\x82䂵\xE9p\x9B\xCEz\xD5Gh\xE9\xCE\xC4f�\xCF\xEE\xDBI%\xB4H�P\x91\x90j-\xCC\xF4Õ§"Y\xED\x83\xF0\xDA�\xD2�\x97?\xA5grH\x9D<l\xA4-�\xFD\xE6\xC7\xEAa\xA4,QP\xE6\xA4t\x92#l/BgSf�Ň\xB5\xFE�\xFD"B\xFDg±4\xB5x\xDEÚ‚Mß‚dI\xAE\xBD�\xCCT\x8A
-��ٻ\xD7H�=\xB5\xB4\xB0\x8B�E\xE6\xA7|\xB8)[D�\xD3{pʌ\xA3 \xCBA�\xE10\x87���\xA8\xC9-T>�2\xBA�s?�\xC2�\xA6\xFA~†\x87~e5-\xA4\
-&{b\xBE\xE9�\Q�\xCAc\xE8\xE2\xE5�K\x8A\xA1ۀ�\x95\\xB1"\xD3{�E�),\x9F\x9F\xCB#E\x91\xB7iUH\x9A�\x99\xB7'6�&<i[\xDE\xC0\xD1\xE7\xBA\xCB\xD4g+\xE9A\xBCT\xF6��l\xACn\xB4\x95\xFFR\xD4�\x97\x9C�\xF9\xB24\x88�\x81/\xE5�փ
-Z\xD3o\xEDضSG\x87E\x9F\xC3q\xC9۳\x81�\xED\xB1F\xC1\xE9\xDBn\xB4���!19\xF7\xF7.
-\xFD\xA5+\xF5h\xA8�\xDC\xED\xEF\x8Fs\xB4q\xD70
-2|\x97\x85\xC3tB�Ƨ\xB4\xE4 �\xBE\x9CJ�3�\x9Bn`m$\xC4;P\x9E=\xCC!\xB7\xFE\xF6\xBB$Q\xAF�I
-cQ\xDE\xF2>�u�\xAF_\xAB\xF7\x96\xA4\xCBܑ\xDB\xE0\xD0\xF0\xD4K\xDB�?\xBC��\xFB\xA9)\xD1QT\xF3QUm`\xA6i\xF8<u\xE8\xBF>:\xD1[\x97\xA7s\xF8\xAE\xE1�\x9B)%
-\xA4\xE77�\xF3D�\xA8\xD7K\xD7F\xB4X֌AH\xD8\xFA\xB8a�\x97��/\xAB 5:\x9B\x86\x8A\xFA\x99\xEFn�\xBC#`�\x87+�\xBB\xDE[\xF8jXZNi\xE5Jx�)T\xBB\\x97\xD8\xE3�\xDA�\x9A\xE6s\xF7DlI\xDAb`\xB7:e\xDB\xC4\xF4\xF6\xEFT\xA3\xBA)�\xA3&\xEFyd\x84\xE3\xEC\xB03e2\xF2\x96/@ \xCAr\xB3\x8C+\xB9G�\xE90\xCD�
-\xA0.�\xD30'��]�\xD3 �_Odq\xE2\xAEÄ–\xFCå…>#\xDEWÖ³cR\xAAv\xD7�S\x9E\xBCXΧ!8$\xF5\xCB\xE0\xED�
-3D�=\xF3n\x93~\xB7\xC1\x9FD㕹=\x92\xF4\x99h\xBFI\xD2\xEE�\xC7v\x83K>A�\xA8s\xCE\xDEt\xDD�\x98\xCFZ\xB6G
-U^\x8FW0\xE5\xF5�\xAE\x92\x95\xA4\xA1͚\x92 ��\xA5
-h\xA8E+I\x91)\xF2\xA7\xDAO\x9F.\xCF`o\x8B\xFBr�B\xE4B\x8BÙQ\xC9F\xD7\xE6\xF7r\x9F{\xEA\xC52n\x97\xF2\x8AG\xE1\xDF��\xFBS4\x87\x8B3\xAC\xAB \xC0=,\x88\xEF\x92\xC3��L\xE2\xC1Mj�\xDCU}e\x97\x98
-\xD9xXk�I\x93 \xF6\x99.۵��E#8\xDCZ\xE5\xDB�\xA9\xFC\x99\xEA\xFAڪ\xD3\xF2X�3\xC3\xC9�v\x98\xA0\xDC\xE3
-\xD2\xCC7:-^i\xE0r\xDC�㤨\xB5D\xFF\xF3����\x94\xEDQ�.��E\xBE\xF9�\xAF\xD7H\xA6 \x95�6�\xAD7\xC1�7d\x95\xE8\xADY\xEC\xEFC\xB4ϳ\x9A\xE8J\x88=\xD05\xEE\xE5\xDB3\xD2\xE1\xB9T\x8F\x82k\xE9\xE6\xEE\xC6\xE1OQa\x90\x98
-�\xB95�\x95\xBC�\xB7Йxm\xA4D9!\xF1\xBA�\x88\xE4�P;��5;2}dj>hQS\x92\xB6\x95 |-|F+\xEE2{\x9A�\xB7
-/<\x98\x93}\xDF;�\xEBOжr\x9A\xB3<\x88\xFE\x96hM�\xE8j\x8B\xE2�\xD7\xF2ų@W�
-4t\xFA:�\xA9\xEB\x95\xD7`\xB1\x96T\x8F\xBF/�\xE0#\x8D]\xDB\xCDN\x9B\x89\xF6\x90\xCDQ\xAB\xD5\xC7\xD8Ñ£\x83\x9Eo\x8EzB�}\x88��\x8C\xA2\xC1\xF5S\xDE˲\xDBA!Y\xDBa\x9DhZg\xBC\xA4u|W\xBEq\xFE~\xE2Wt`�us�2yX�\x82 \xDE�\xCB#Ö\xDC\xEE\xDCQ\xBE+U\xBC\xF1\xE11Y\xC0\x89\xB4MD\xAA�\xBD\xA0|\xB4\xC7\xE6\xCD\xFF É–\xEE#u\x80\xCE\xE7\x8A#K@\xEC\xC2�\xFAR8\xC4l#�\x81=�J\xC7H(�^ \x96¬\x9D\xB8T\xB4\xC27\x8E\x8A\xB3I�\xAA\x84kÙŽ0-m9i]F\xD1\xFF\xABA~v+\xAD\x9C.\x95\xDEF\xAD\xA8)\xA5V\x98\x9C\xCB�\xC07��Ò©|
-\xB6\xA9\xCAh\x90\x94Å¥\x95\xEC\x8A'\xAD[�\xC3�\xF0\x9C\x82�\xD8�
-�\xA8El*�\xC53/Z\xD1\xFFT\xE3i.)ÑÍ¢G\xF78\x95�{\xF0p\xA0\x9C\xBE�!\xEE4\xBD\xE1\xB4\xDEf\xCD+\xE79'L�F\xA1\xBB\x81^É¿Nd�*\xB9�\xC6�h\xC7�\x8E\xA0g\xA5n)ZR\xBE\x9C2/@�K\x8C�\xB5K\xA8\xF8XI6\xC7R\xC9 �\xEBa\xB5$\xC5\xEEN�\xBB-�\x90\xA2'\xBC%+i\xE2?h%Fbs�\x84\xF2�j\�\xA5\xAD\xA1u\xCB\xF8\xC4
-\xE2\xC2\xEA\xE1\xC4\xED(-��\xAF!\xD60\�\xF7\xE8|\x9E\xC0 WE\xD7\xD4\xE7T\x82\x89`q\xC4\xEE;\x8C,\xDFP\x95\xCD�W4$\xBC\xCA\xC2?\xB0:\xACWϱ\xB2\xA1T\xE7\xB7\xC6:D\xACX\xF4�\xBB?͉\x8A=
-�\xB6 \x83
-\x81\xA2E2Lt\xE3\xE6\xE2\xE8\xBEI;\xC6�|\x88\xBB\xB5]0�\xCA�\xC8!\xE7\xDB�J\xA2b^\xFB�&��\xD7\xE0}\xBB'�0qT[}y\xEB&P�\xBD1\xDEA\xE6\xE1^\x99�0q\x8Ck7�٥\xB1\xDFb\xAA�0\xC4\xFCh�\xABN\xB1D�3G\x88\xBE_\xB2\xDF\xFD&\xB1UG\xB7b`\xFC\xC2O|=\xC7\xCEYדnj\x87��\xFCG t\xC6δ�/\x8C��\xB1\xA7\xDA\xD6%�t}\x9A\xF8�h�P\xC0gz�\xCD�\x86\xAA\xA9d\x95\xEE2^G\xA1\xA5o\xAF\xA1\xD3\xFC\x91UC\x8B)֔\xD6S\x88*ђ\xC8:�k at o\x8B\xFD})f\xB0+L\x8DXn\xC5@�\xEA_
-\xDF2\xC5��i\xE2(\xAAt\x85ި\xB6\x96+\xC8\xDBk�\xBF(\x9FQg䔈\x8Afl.\xAC\xA4\xFE\xCB8\xE8\xD6\xE2\xA5>\xA0\xF8|�g\xFAܔ
-Tp\x8E\x89�ß¾\xAE\xBA]�+.;+\xBC\x95\xDD�\x9F\xF46\xB6�\x81\xE8h\xD5m\xD8\xF3Ú¹ \x88\xFFwk\xCDn\x8B\xD8\xD6\xE6a\xF0\xD9F��u�\x97k\!\xCF\xE9\x93>\xED}\xC9\xFE\xB2\xD2��S\xB0\xC5\xECC\x8D\xBD\xEF�PU\xC8�\xC9��\x81\xC1\xBEF\xF6,\xE9\xE0\xBEe�\x90\xF64\xB0G\xF1e\xE1�\xBAÑ¢\xC5"w)\x9C�\xE7zO\xA7$\x90#g^\x86\xBEI��\x86b\xA1l\xEC4�e�\x978&\xE1\xE2Ä«\xF0\xD4c\x89\xFEo\x98iw\xA8 �={\x80\xF5\xF4I=wl\xBA\xB7(n�'\x98�}\xFC;h|-Pn%X\xAA\xB2\x88~~\xBB'�\x9B\xF2�!\xE9@\xD5]͹\xE0*\xEE\xAAD\xDD*\xF5\xE6O͵\x98�\xFD\xA8�\xA1\xD2-s\x87\x98�\xD0I\xF2�3)\x91\x99{\xA6_\xC7Wu\x86\xF9\xB5\xB0\\xB0%\xDF\xEF7i\xE5\xDCG\xA5D\xDE \xF1?\x92|%\xC6�\xFCiG�\x97lG\xEA\xBEL\x8B`1\xEE�Dx,\xBD\x8B\x8C\xCAp\x97\x9A\x82D~e'K\x99\x85V,u�\xA4>\x9F\xE2\xEC\xE7F\xBB� nLF\xE4\xE8\x94.1\xB0�FÖˆ-oË”p\xCA\xF8c\xF3;6\xB3\xF9Fma7A\xADC\xD5�W'\xE9Þ¼\x81�<\xAB1\x846\x9C&\xB3\x83F5\xCC7\x9D\xD2o`\xA5d\xBA%�<\x87|W\xB9[\xF5T\xFA'\xFFX�'3\xA7���]\x85\xB1\xE5vR\xA7\xF3(\x9B\xDCO�\xE6\xFFD\xB3\xAFir \xA7\xF0\xDF\x{13FEFE1}¯\x8E\x88�V!"�\xF1/Ô�\x82VcY\xE9n\x82\xA7\xA0F#\xFCt\xF1\x8D\xE9�\xA4D\x81\xDE@\xC4`�]\xA0gO��\xBB{\xAC\xEDWxj+.\xAA�\xB6(X�N\xF4`b\x8A\xA7\xCA\xE9.�W��QT2\xB3Ù‡y\xA9X\xA6\x8E(�\xF7�|Α\x91\xDDv*\xA4\x86Õ\xA4D\x98\xCF��\x8B\xCF�\xE2�M[E�\xD3 ÇŠ]\x9C\xB0\xB7��\xBA\xAC�\x86\xC0'\xCB&\xAB\xAD \xB3\xFDiMÆ›\xFE
-ۇ�\xB9q\x96\xEF`=т�H�GOg�mU\xD5�\xA3\x8C\xED9{\xC5k\xEF\xA3K�_BŅ�
-lo\x84^O\xC2D\xB9{\xD73\xBB\xA5�\x91\xCFXj\x98\xF3\xD31\x81|\xA7ד\xAF\xCBI`>/\xA9\xEA\xFB\xCD\xD5�[\xBF\xA6У\x9D\x84n\x83y\xC4\xEBh\xF8\xB5\xA2$
-_\xAF\x8D\xA3tV�Q\xA3i@\xE1>h\x95k`a\x9End�\xD6+j\xE4\x8Ca\x82�^DCO\xB5\x96\xBC\xF4b.\x8E\xBDc�Z\xE9K\xCE
-\xF9\xE9\xD6o\x93l\xF9!\xFEy
-\xA8\x8C\xBD\xBE\xA8�\xADx\xF1\xD7aieE\xAC4A\xCC\xEE'\xBD
-\x8C\xE7�\xDE\xCCy\xBE\xFCL\xAFc�\xE9[\xCDw\xFBJ\x9D\xE1a�߯�u4Mh&\xF7\xA5\xB3+yo\xC2\xC9|[\x97\xED񋄒\xF5~�\xEE\x8F5\x88\x97\xA7\xFC\xFEy\xB7�(;\xE3g\x8Eu\xA3 \xCAzqW\�pl\xCF<{�]�C\xE9\xB0U�M\xFF��l\x91\xA0\xFE\xB5�6i\xDAmH?\xAA\xBF\xF2\xC1\xE4#\xAF\xB4'T\x8A�\xFA�\xA8\xD0L�\xAB�\xA6I\x91%\xDB_\x8FЀ\xB2\xF8\xC1��\xE7�q)\x!
F6V\xB3S\xFF>\xEE�%xꈈ7\xE6\xC2z*@\x9EJF+\x97>Í¡\x97\x874\xBD�\xB1\x97:\xA83%\xCF9#\x9E\xA8\xB6\xA0!\xC72\xE0K\���^\x90×\xEC\xA9\xD9\xC3��P��\xD5\xE2\x933\xF1\xFB}r<\xBF\x9D\xB0\xBD\xF7i\x89\xBC`\xA7\xEB at R\xC7\xE2;jä²»<��3\xE6\x93�\xD5\xCBM�\xEC\xF9�\x991Å”=�Ö½y\x9A\xD4�Ȇ{SK�\xF9\x82\xB8\xADK\xAA\x97Y#\x91M\xE3o El\x89\xB8\xDD\xD4#\x8C\xBE\xFB�\xD0U\xE2Y\x83\x84\x93��\xAF\xC4>\x87\xF9\xB8W\xDD\xF6\xF6'\xD3͉A\xCD]b���\xD8\xE6\x89\xC5\xE8\xA47\x9D\x8F\xE7\xEE7\xED\x805�\xA2\xE9\xF3\x84�Ò“#\xA4?r\x82\xB0\xEF\xE3<��|\x9A\xF7\xDF<\xBD\xCC�b\xE43\xB8O=\xF4\xCC|N C\xEA@\xB6x\x8F>\x8F�\x94Z�w\xB8�\xB8�C\xEC\xEE\xBD�#\x9E�;\xEA\xC6i\xC3\xF8s\x82\xF5I\xDA]\xFC�'\xD0S\x98\xD1ì¡o��E\xE5\x9C-\xA1\xBC\xF0 \xA6\xE6+^_y�+#T�r\xA9L8\x87"\x8B\xAA�\x99V\xD6\xC4\xEE>\xA3�
-\xEB\xE10\xED\xE1�3\xF5Ft;\xC9�\xC1\x9A\xBC\x91\xDE<\xC5y\xD5ê©–ze\xA2l\xD2ft\xA3?\xFFF%\xDD�\x87�\xA4\x81G[dÊ°\xF32\xAF|?s\x87\xB7\x82\xC1\xC69\x97\xB8�,k/K\xC1\xD8\xD6I_\xC2 �G\xC2�+�\x8A$\xFD�v$\xA1G|7Fi\xC3oÑL\xD8S\x89\xB5�\xB6\x89V\x906bB\x9A\xD7F\xAC�z\xD3\xE4\xB7W\xE8߆\xDB#\xA2\x9A\xBB\xB0�\x9Eq�"\xAE�\xA6<I6\xC3\xE8\xFD\xF14
-ۖ\xE5\xC3{>;\xB3Ĭ\xB2\xD4\xD9�\xFE�SX�q\xE5\xA7%�\x8Co�\x85
-\x8A\xA5]\xF4\xEA\xFB�\xE6�\x89\xC1yP�;Bi)O�mq\x94\xA9�{\x87+\x99 Y=\xCBv\x970\xD2�\xCB�+A�\x9F\xB4\xEB\x8D Ó&5\x8A\xF7\xD3P\x84R'\xEB-\xE2�+ \x84\xDBƵq\x8D\x9BÝ“�<\x96\xE1\x8D�C\x93Þ®\x9B8\xD4\xC1h\xEE\xCF�#\xED\xDE�^�\x8D�tG\x86\xB0Qb�Ų)N#\x86\xB7\xEE ?\xB1�\xB0\x{198455B}\xA3\xE6\x88a$(H쵄\x85PZs\xD1&\x86\xAE\xE9\xB6�\xE0b\x92ã°\xA4\x8C�0\x8B\xA7\xA7ﻧ�\xF3D\x87~3:+\xE9\xD8\xD5\xE4}\xF7 8�\xF1`\xEE\xA9?\xDF\xD3o\x9Bw\xBAFW\xD0\xE9O\xB4\xA9�0\xC8ò¹½¶�B�\xC4\xDBp���
-=d\xB2�\xFFP-\xE2\xEB\xC5\xE8T\xCA\xCF�\xDEg~\xAE\xFD\xFA=�\xA3g\xADl\xB4\xFEC}�\x97&\xB3\xAF\xC1\x8C\xCA\xF7\x9A�\x9AI\xEEä™\x9D\xE99\xA9\xB1\xF9É•\xE0\xF5+#�\x9D\x9E\xA2\x98\xA3�\xBA\xFE\Ö\x81\x83#\xDEkÝŒ\xEB&t0\xCA\xDD\xE1\xA67Ö¶\xA1\xE4\x945j\xCCÔ²\xC9wvx�\xD9�\x96\xEE\x9B\xE0`\xAC\xE7\xF7\xEC\xA1"�\x81a�\xA1f*\xED`\x96zL\xA9b\xA45\xDE+�6=j\xF4{z\xCC9\xF9\x8A\xF7�\xB4z\xFB\xA4dI�7\xFD\xA2\xE9a�\xF9�g\xCC]rä–º�\xFAhl=M(j\x90tn\x983\xC3 \xAFL2\x8D\xE8f\xE9\xF2Þ¹\x92IPË—~�/+$�c \xAA\x89\xC1\xBD\x88\xE3+Z \xBA\xF9\xAD
-\xCF{\xAAs\xE5\x9AU�#�\xF4\xBDV\xBC�o�\xD86�\x82\x9E\x80\x82\xEAƒ37\x95�(S\xB8n\xDB\+5\x88\xF0\xF0r~ɞLO5\x9F?\x9EUa\xC2Cs`~I�\xAE\xFAb\xAEE\xBBI\xCFZ0<LP\xDB~\xB2|gUk\xECF\xD2`\xD7�0\x9D\xD6\xFE\xC8�\xD9
-[\xC23\x8D䀳\xFD\xDC;ߢ\x90\x9A\xEC\xB5\xE8\xD3x\x83Ê '\xC9\xC7�W\xF5\xA9>\xB8y�\x87(.U\xF4\xEB \xB4\x9FG}\xB5\x82w\xEBN<he\xD5n']D\xB3C\x8Bu\x84̯\xE4?O �V\x86w9\xE0\xCAH�\xFD\x9Et;\x9D\x83\xC0v7v�\x9FT\xB8[\x90xN\xF8%\xB2Of�pI\xF8_$\xA7\xE95.\xBE\x89\xECZ\xCC
-\xE7\x90\xDFQ�-�<F�_\xBEA\xBAt\xEF=Wxi\xBF'S\x9F{\xC74�\xA1\x86[P\xC7�\xA6\xD8\xCA�v\xB1\xADo*Sڮ\xB22W\xFFW\xFB\xE6\xB0��\xC0(\xD0ض\xD5\xD8n\xD2\xC6nl6lc[\x8D\xEDL&\xCE\xC4\xE6\xC4Fc۞\xD8Ncܻ\xB9Opw\xFF\xF7\x9F�8\xAB\xB3=\xDD\xC3R.�\xC5E\x85E\x8BU\xF6\xC1\xCEtZ\x8B\xB8\xBB4\xC0\xE2)\xB3Sd\xD6ѴS p at E\x8Biɳ\xD7aBk\xAE$^\x91\xBD\xF9\xE8V\x8C\xD7
-\xB5\xE6v1\x92qpVn�\xAAr��a\K��J\xC302\xF8\xCFQ�?\x94K\xF1\xB5yT\x88"\\xBAg\x91K\xAE\x99Ö„Ê›Tc�/\xBE-��\xAA\xAB1\xEFkÄ\xF3 \xE7\xF4\xE7%E�׿\xD6ÃŒ\xB1L\xE6\x8B\xD8Þ¨\x80\xE1\xFDf\xA1g\xB7\x8F/7Å¢\xBCR[\xF5\xE27\xEF\x99\xC6�z\x92\xF8�/Nzo\xE0\xFB\xAC\xE5\xE4ck\x83Ç›\x98\xC4\xF9\x98V\xF5\xF0:)\xFF\xFD\xE3\xB5\xFC\xFE\xE9J \x8By\xFDF\xDF\xE3y:\xEFv\xF8K?\xB6�9b\x99,sH#�\xF3\xB1\xCC
-���3n
-\xFF\xFD\xFBAL�\x942\xE0C\xBCI\xD12V\xC3$:9\xDB\xF6\xB9o\x84r�cl\xBC\xCE]\xFC\xC9%\xE4�[\x9D&=\xEB6\x85\xEF\xBE\xEBiȥ\xF8O\x8C\x82\xE3$K\xBFh\xAB\x95u\xD56I\xE5/8d\xC9wMNN\x81X�\x92\xD4Z1(\xD6�\xA5\xF4\xA4`\xD1k\x90ٰԂ7U%b\x9FMW\x9E\x95:+\xFAa\x99\x9A\xED\xF9\xB4\xCF\xE8\xCE�\x84\x9F,^\xC70\x8A!�q\xF9\xABN�6@\xF1˫\xB5\xB0\xA4\x8F\x90\x94\xAFS©i\xDD\xC6{\xDD�\x81\xC7>_\xC0 ,\xDB�܀\xD7y#\x8D\xCAW/�y1g��\xB0\x96 \x8C\x87xcm(\xCB05V#G\x8E\x8C&\xB5\x8A{Gf\xCD%GI\xE2\x80�\xF0,
-\xB4\xFE~\xCE(1\x91\xF9<\xFD\x81�\x98\x8F
-\xF1\x900\xDA�\xE0]\xFE\x9E\xDC\xE5?*\x89&ı\x81\xAB7(i\x90K\xB8�\xB4ٴ\xA8�;in\x86\xFB^\x802z\xEFvo\xE7"\xB0>\xB8L��\xB4�\xF31-\x97qf\x9C\xE0\x88\xBC\xF7�A\xAC\xD3dJ\xC3z\x9F\xEE�f1\x89�\xB8\xAF;$\x8Bx\x93\xFF\xD5�<\x9E\xDEO\xD5\xD0\xC2��Q\x84�\x97\xBE\x8D\xCB`z [�\xF6\xBC?4Z`�m�\xBA\xDE.>R:�8\xFC\xED\x81\xEA\xFD\x81^�\xF9\xCA]i\x87D�\xC82\x89\xA1�i\xB168\xDC+FL\xBB�\xD9\xD9-K�\xFA\xB7\x94\xFB\xBB\x8E�\x8F\xA92wqѣ\x9A\xCD'b(_�\xB1\x92\xFCz7�\xD9\xF3&-\xAE\x9D\xF23\xD0\xF3\x81�\xEAT\xBC\xC7`\x95\xB1\x89\xB8a\xFDc9\xC3m\xA4G\x99=V\xA2\xE12r\x96X\xC1��\x91\xDA\xF0X\x9F8]\\xE3\xE7;}\x9E\xBA]6\xABD�"WN\xBE\xA5\xE3\xA5r\xDB3Q@\xF6&7\xE3\x8F�%s\xCE!l0\xEFTM7hj�\x90\xB0\xA8\x9B�R\xE5\xF2\xAA[\xC7\xDA!�!M\xBA�(�\xB4\x84\xF6aЌ�\x90YM\xF9c�tQ\xB5�
-\xFF\x9D\x81?!C\xE7c\xE6�^\x91O}\xFF\x835\xA0�\x93C\xFC�!\xD8ɻ\xAE?\xED|\x94+\xA84\xC2\xF6\xAAl�\xD8\xE5\xBD\xFB�$\x86,\xF8\xE1\xBE/\xF9t\xA3�\xCBz\xD2~ج\xA11ш\x97\x81~D��\xD51\x88%\xC0lфA\xB7睊\xFE5��c \x8E\x8C�\xB7(\x88\xE8߅\xAEt\xDE6\x9E\xAB\xA8\xFD+>\xF9\xA4"�\xB5\xD5خ\xA6?\xA4Fn\xAE\xA4�\xF0\xC2�\xC0\x8F�\xAFB\x88C\xCDo\xE4�\xDBV \xFC\xBE\x91\xAB`�$\xB8+\xB0"\xA4u\xA1%f�?\xFD�\xE3\x8EV\xE3\xFC\x8FZ\xE9�kK
-�\xB2}_\xEE\x99\xE9\xE9\xCB@�\xA9éŸz\x99xzW\xE1Q&gvL\xAE\xCE\xD8\xD5\xCF�Ɖ\xC8P\xA8\xEE\xAC/u\xE2\xA4á£�\xA7Xd\xFD\xFFÖ•fB] �\xE7\x96\xCD�L\xAB�\x8A�|�\x96c\xBE\xED\xB8I
-:\xC0\x80\x95áŽ\xB1�\xBFX8\xD1j\x87\x8C\x98>\xC1g{Z\xD0�\xD7Ø°i\xAB\x87\xBAyDj"\xC5
-j\xB5K\x96D\xA5\xAB\x9C.\xAF\xFC\xE7\x94\xE4\x9D\xE0d7X\x917\xE6<\xB6\x92�\xDB*\xA2\x86ED6\xA0
-\x94\xA0]\xB4\xB11�\xDC?\x93\xB9��F\xC1&\xA6\xA1l\x97�FJ\xD0s\xB2!\xBD\x8BD\xE3p\xF9!/dԈOĎ]{Tփ:_I\xEE�\x9D\xD6\xE1\xED\x8C\xE3H�%#\x881`@\x8D\xAE\xD6|\xC8u\xE5\xF1\xA2O\xBE.$�YP'j\x9F?\xBF5\xD7^܂\xEE��Y%�\x92�>\xC9,M\x8C20�H\xD2V�\x99H\xB3\xCA\xCEҗ\xE0\xFD\x8E\xB3\xD1]E}\x8DTy\x83\xBFմ9\x95&\xDD\xDD
-\xBE\xB2Sî¹”s\xAC�
-\xA8˶\xB4\xF3E\xF1źA/Me\x91\xC5 "{"k\xBD\xF2K%F\x88\xC9�k\xF1Q\xC1�\x92A@\xC30�
-\xE9 ��>\x9F\xBC\xC3<\xBB\xEA
-�8�\x82\xE3*[KEU\xE8�)\xF9a$\xBFN\xA2\xB5�\xF8\xEF\xCD\xC7>:\xC74\xD8-,\xBE\x9F\xF2>Þ\xA4\xB9\xB5\xC0\x9ES\x83\x85n5ɡ\xE87�\xBB~\xB2�\xA7b�\xED\x96L�� �\xAA�0\xB6\xF2\xCD`\xA7R�!�(\xC6й`�6prav\xF4W\xE1Y\x8B\xBFBU\xAF\xF3P�I\x99\xD8P\xFA\xF2
-p:\xF3\xAA\\x9C\xD2pnkcR�\x80\x9Bc\xF8\x83\xF4\xE1�\x91\xC1c\xE9\xB45\xA4\x95\xA4W1\xC2'=v<Tb�\xDA[\x8F\xE2�L��0\x8A\xE5ÝŽME\x85Q\xA9�\xBC'*�\x93\x83&YꈖՑ=o\xB5\xE1\x9A\xEDX�\xEA1\x837\xE3/\xEEZ\x80�q�vT�Dn\xB8q\xD3\xC7(�A\xDD�\xCF��[\x81\xBE\x9E6\\x88�\xC4x8\x86\xEE\x9FZ\xC3)�\xAC\xAB\x96w@\xE1\xA8o*\xE18\xCDX\xFFQ\xCBݧ\x90O\x9D\xC7�\xA9\xB0\xB6d\xB8\x90�\xED\xBE$�?��\xF5\xD08\xBFC]Ú˜dI8Er\xE6\xD7\xF5\xF6D\xD3~\x97^\x9E`d=0\x9D\x843\xF4\x91"q'�"`\xB48�Ó‰\xEF\x8C7{\xDDa\xDA\xDC\xF5\xE4\xBB\xF9��\x81\xC94\xF2VvbYe\xC0\x89�\xC8�\xB2��\x9D\xFBÓ‡l\xA8�\xB5(w6�rŸP\x84 \xF1\xC9ye'\x98DT\xAC!\xE8J\x83^\xED/\x818\x8F\xF7�F\xDC=L\xFE\xF8\xAD '?<\xE3�\xB8�ŧ�\x95\xFB/\x8F\xB1{F\xA0\x90�b1y8�\xF74\xBE\xFC\xCA\xFC\xF7W\xBFNx\x97\x80�\xB4\xC5{\xD5Û\x91\xBC\xBB\xE1P\xBB\xB0O�M9\x8B\x88\x9B\xE7\xEA\xCD�E\xF00�\xFA�'(pfn \x94\x87E\xEA\xD7�R\xF2\xCD�\x8F\xA4 7Z\xE7\xEF\xFEF3\xAD�sæ…½�dz+\xAC\xB0\x86B\xF2D�\x9E\xAF\xAA\xF1SS8n]LD�\xFD\xC84g\xDF�\xF0�<�\xB1\xC8N\x9A\xDC�\xC3'g.\x83\xB1�\xC6\xE8)Ò¿}n
-\xCA\xFCf4j�\xFE\xC1��\xFDm=n\xB6+\x90#j\xFAq\x81\xBE\xC5÷M~\xE4\xCF\xC5\xD6\xF2\xE1\xB41\xE6L\xA0=\x8F��\xB3
-\x95\xA1\x96\xB8C\x8C#\xB6\x9E\xA9\xDE.ί\xE8\xBF�\xB7z\xC6Q\xE8�}\xDB̌6\x99\xC4\xF2"\xF2\xBCh\xF7\xFC�\xF5�2\xFF\xB2,\x9B�\xFB}�\x8B0~77_J\xBC\xADS\xD5�dj�1�\xF87n\xC5\xEBH\x91\xF3�x>/'7\xC5WW\xE27'\x8E\xFA \x9Dy\xD2>;�F\xE7:\xE4{g'\xE0\xC9.C\xBB4H%\xEC\xB2\xF58\xC3\xF1\xD2j
-M\xE6\xFAmÒ“<\xEFPѤ}R\xD0Q�\xAD}G\xFD.\\xCC\xFB\xFE\xEF\xE3 \xDA/X\x85�$Ñ\xA6{З\xDDØM\xC9a\xFA�\xE8\xDCch\xA8$D�
-\x8B\xC1cB
-\xA0
-A\xE0\xC3\xD0>�4.\xD0t\x92\xC1\xFD\x8E`\xA1�\xF51uĬS\x89a\xCF \xE7F�^V-\x9A>\xA1\xFD�\xD8N��\xF1\x870\xE5T\xAF\xD9
-\xB7\xE8\x877\xEB\xE9B\xF1�(9\x99\xC0cY+\x81k$\xFEŶ\xAB\x8C=�QwL
-\xE4<(r\xF3�`,X�eG\xF7\xA6\xDDY\x96\x82\xAE\xF9��\xD5K\xE9\xF7\xC8\xDEHC\xB0\xA3\xE4\xE4$=\xFC\xE6\x85q
-_\xD1=d\xB4)\xEE`Åœ\xAC~�s\xD9:U\xB5 �\xB4\xA7\xDE�V\xB6_K!Ô¦`\x91E\xF9cT\xF1Y\x8Ed\xCA\xE6\xCEx\xB9\xD3\xC0\xCF\xD57s,|äº�S\x86\xED\xEDRN]ex\xC0q\x94\x9B\xFD-\xCB`\xEB`�\x89\xA8\xD6\xC4c\xB1\xB8.\x90u\xB9�g9\xBAB\xB5f\x9C:\xEE\xEF\xE62HV1\xD2\xCE�<l\x9A\x94\xB6ص\xB1Hi\x9C�Q\x915\xFC\xBB\x9E\xB9R\x9D\xAA\xBB\xF4B\x80\xEE.V\xC2˵\xE4v\x8E�\xED�\xAE�)\xFCf\xC4?\xE6\x88,\xDE\xC4o\xE0\xA4\xC8���\xCD\xE6� I?\xC7\xEA\xF7�Ò´\xFA\xC7Z\x81�\x9A\x94g\x95É3\xC8'\xB3\xE0\xEA;\xCB%�\xC7.\xE8!\xF6{\xE4�=
-�\xF4\xE9e\xC9\xFE&\x872"$8\xAC\xED\xDB\xE3O\x98\x887S\xC6,\xE9 \xF3[9\x86\x97\x8FÉž\x9At\x82\xC1B$�\xAF\xB8��\xB3vșÑ\xE6r\x9FA�!,V�\x9C\xA3\xD2\xD9�\xBB~^Ǻ\xA4v�\x8B\xD6\xCBcp2\xBE�\x86\x8A\xEB'>á¼²�\xF84\xE8\xFB\xF5\xB5\xAFÖ‚0\xEB\x95\xDF|P\x81R;�=V�\xC8\xFC\xF9�.7\xD6\xCEe��\x86\xCC6`>N\x8E\xFB\xE3v)\x88�\x90˵S\xD6a\x9C\xFA\xB7\xDC?BQ���\xD4w\xF8\xA5\xFF\xA2z`X\xB5�w:HP\xD2ѻ䛋�\xE1\xE3\x8F5ä —Z\xB1\xC0\x90L\x83\xFD\xAC\xC9Uo�Ο\xAA)\xF7�×\xFE\xFC\xB3\x84.\Ð¥\xE9N\x845\xF0\xB3\xC6Wb�\x91\xE0\xEE\xCE[6\x867�\xE4t
-\xB1\xF5\xF1\xA8E'O\x83\xA6ò¸Žœ\xAD\xB2\x84\x8C\xA8IS\x8E�\xA7\xEC\xBA2!��\xB2\xB3\x92D\x87H\xB6\xEA;\x94|\x8B!\xB6j\xE8\xB2_rD�ꀩ\x9E\xD6\xC2�\xB8�\xD8\xE3}\x888\x97\x97T\xB2|+Å׋8\xBE\x90\xFB�W\xF7\x9Ao
-\x86?\xC5,\x8F\xA0Ա\x99x�\xAC\xE7\xA5�\�3*ϩC\xB6q0�\xEB߽\xAB\x99\x8E>\xAD�j\xE2\xC4>Kt\xA4)�\xA6k>(\xAAK·#:\x9BxMµ\x96\xD02\xB2�\xDF\xF1\xAE\xC4\xFDR\xF2\xA1\xEC\x91wz!\xEE,�\xB1�\x95\xC1\xCC\xF5
-D\x8C\x96\xAF\xD8Ø®0o�\xB4\xD7\Ú²{l\xF6jâ°C�\xA8\xF53Lu�3\xA4RLyz\xA7 1\xDB\xC1\xC2\xCB�6�\xBB.}\xA0\xC0|?\xF2\x81�{,j\xA2:\xB5\xE6\xFB#-\xDD\xD1"\xE5Hb\x88�G\x9Ea\xE6\xC0~\xC0_tݶ\xDB\xE0E\x95
-\xF3c��Æ
-�\xDD�\xB2+\x87S�?\xE8�oJ\xA3K\xA4
-\xD3\xFE�L5\xBA\xD0$p�\x95\xFC\x9ByB\xC3|5\xBBw^\xFE\x90l23(\xCB�\xDB\xF4\x80\xE5\xB5m\x91��\xEF7\xEC\xB75v\xB0\x93\x92._\xF4]\xD5D\x8FO\xB8X\x9DR�6\xF6}\xC7��\xC9\xC9
-\xDB7\xD18\xFA\x8A\xDF\xEE7;�\xB0\x94�\x97\&\x9B\x88\xCF�\xE6\xC4e\xE2\xEA.s\xA4\xC6ю\x85Y0\xB4\xCA\xE9�\xDE\xC0�\xE2�\x9E\xEC� \x8Bx4\xDC\xC1w\\x95f\xE8\xF6갼\x9F3\x81p\xC7Oy\xB3\xCD4�\xF9\x94-\x86\xA2\xA3\xC0 \xC2N\xBF\xCB\xFE\xD9P\xB3z�[\xB4\x8B\x8D\xFC򮯘�Ʈ�-\xD7I\xA3+\x94\x96\xF6H34P�\xE7�M\xF7|\xB4w�\xC1\xB0Qv at 2v\xBA\x8CR\x8D\xB6\x90f\xBC\x9F4\xC8,\xB2,BӜ�\x93U\xEA\xE4~\xF3\x82\xF9\xB7\x956o\xE1\xE9A�+K?\xF3 FC\xA4h\xBC\xCDR\xDA_�\xB1�L\xB2"\xE7\xAA\xD2͓\xF7\xFB\xB3\xD4BK\x8C\xC3(\xBCshE�\x8Em\xE4_\xDE\xD9SI
-f8\xA2lE�\xFAKAf�\xF0\xB2\xDCeM\xA5��ÐŽ\x99�\xDC*\xDDS�\x89\xA7d#\x85$�3�u}!j\xCC�\xEFƨCa\xF4\x82�\x94\xBF\x95\xDA Q,\xDC4\x8CT=A�\xC5?AUJ\x94�e �\x96\xD7S<)UÇ‘\xA1\x84cc lÛ mv\xD8�s\xD6\xCB(?\xFA\xB8D˺\xAFx\xEC/�P\xE7�/�\xB7\x87�\xF0�bÞ \xF7\xF4\x91�B\xBD\x9A\x8B\xA19Tr\xDC\xC6ar\xEC�\xF1\xA0t\xE9;w$ya>\xEAT�\xEA\xC3\xDCJ\xB3\xE3�
-]"\xA1\xB5�\xE5\xECI�\xE0�fAua\xA7\x9F�%�\xBD1\xC9/uMwA\xDE�\xCF~�\xFC\xB8\xA9\xBF\xE0\x8FdÒ¥J\xCA$\xDB�\xC8xP\x87´\x95\xDE\xFA\xA6\x88\xB3P\x98�^}$\xEF)\xBE\xA5\xDA,\x93.\xE4ey8\x81.\xB5\xEB\xDA\xC8>C�\xA1q\x95B)\xE5�~\xF1\x87EQ\xEFAU�\x9E\xE30\xE4N{\xB2\x8B!�\xFA-�\x83\x8B\x84K\xDF7\xEDn\x81\xF0ᵯ\xB2[\x8Dd\x9A\x8B �(\xB0\xD6\xFF\xADV\xD0l\x87�\xF3{yÊn\xDFi�\x88\xA3;\xD7Ö§�\xF7wk\xA6�J\xD0\xC2i\xD7���vM)\xF4�\xE6\x8DK"\x9E\x9D\xD89\xC4�\xDDYld�g\xF6�EG\xD1\xF2\xC7{\x98�.\xE6�P\xFA"\x9D�\x97\xBA��Y\xB2-r\x80tl6w\xEF\xE8Õ®]>C\xA8�i\xE8r'\xB7\xB9\xB9\x9E \x95\xEE\xD3\xEA\xA4g\xA5r\x84\x82>)a\xE6Ќʉ\xA1n\xBAÑ‘?\xFF\xBAz"�6\x8F�\xF6\x9B\xFB\xFB V@\x8A\xE0\x95\xCB\xFC\xE8\xA6\xC9\xD4q&�\xA0\x8B\xC5$\xD7\xE3ز�\xECv�\x9E\xB9Ü—\xAF\xAC\xD8\xC3\xC4\xD28�\xA6�v\x9E?\xF7u�
-\xCB\xDA."d\x9A\xF1\xE3\xED·<\xC8�AmM\x8F\xE3s\xE5�\xFD\xEB\xE0\xBDƙ\xFB\xD3K\xE6P\xFA i\xECЇ\xD6\xF3!�\x9Ci��" \xB7\xCC\xF9\xB5.\xD26\xC7$�.?\xF2�\xACt}v8\xAB\xFBy\x8C)z|tߊ\x88 \xEA90\xBC\x80ӡ\x98S\x99\xF3l\xA7�"�xzX\xC2\xFC\xDCZ\x9E�\x98\x92\xF3\xB1��3\��J\xD1�\xBF\xF6\x8A�1�G �e�zGt\xE4V\xFF\xE6\xFB^��\xF6�\xBA>\x82�\xD6\xE8\x87onb\xCEt\xF0{5�to\xEA\xA63\xF85\xDB�Y\xEAy-sX\xE0 \x88wG7\x96\xF3e\xAA�'��q\xF6\xAA\x97\xE3\x94:�\x88�\xDF0\xB2\xCB\xD5f\xBA\xEE
-RY,\xC0rÚ°�ݧ�-\xA6\xA3<@$\x95N\\xD7:6E�wF\xE0C\xB4Y\xABUvv\xB5×\xE7\xEAn\xBF\xF2��\V\xEA6\xE2~\xF2T\xA5\x95\xBDI\xFDA<_\xBD�\xB5\x99\xEDb+\xF6@\xF6\xADx\x9E>o\xB4x\x9D(�\xB0\x8B\xE0\x9A\x83\xFB\x8B\xFF'\xF5e\xD3loZK\x928\xB4�\x86\xE1'\xD4p\xF8\xBAÔf\x9E\x8Fni(|"\xA8,\xFF\xB0\xAEu \xA8\x8B�\xEA\xFB\xD4ˆ,Ф\xE8\xBE9\xA0{+\xB8$\xB0w/\x9E\x89\x92�&3RÀ\xAF\x84\x84c\xC1�\x9AOm\xCFH\xB5]� \xDA!\xDD\xD5J$\x8E\xE1
-V\x91<}6j]'\xBB��E�V\xEEh�\xFB\x82}6\xA1�\xDD\xC0�6\xE0۷o\xF7C�f\xC0\xBFi\xE8ﬕ\xF21e�\xB7)(+\x82\xA7l\xA6\x85\xE3\x83ֈ\xE7\\xE0\xED\xC8�\xECk}�/y\xBB�\x97\xECǸo\x8F\xD5\xF3\xD1#\x8Euo'i\x94F�G \x9Cp�\xD6Cf\xEF̟\xA27j�\xBDW\xA8\xE9�v\xF4\x9C��\xADFa\xC7�\xA2~\xAE|Z\x8F][�p\x8D\xD4�\xD6\xF9(\x8E\x81\xA5\xE5
-�\x96�p\xD6�\x96 \x9CL\xAE\x80�\xEE2\x9F�d#F\xF1�D�\xA7\xF0\xEFƳK\x93U\xF0I\xF3\x91\xBD\xD8\xD2^\x81\xBF\xBA\xFDO4Jh%9�rC\xD8\\\xFA+\xDE\xFC\xE68[�\x85}\xDA� \xF4u\xA8\x9B\xD4V\x8F\xA4J�\xBB\x88\xA2<#\xA1%\xC1t\xC72\xE5� 7\xD9I\x9FÔ®O\x99o\xDFp\xD9\xEAÈ\x97\xB59 \xA7.\x86*���i�T\xE1\x8ANG\x82\xF7Yk�(\xC5iJ\xCC\xC7g\xD6'\x8F�gOZU\\xF2o\xAE\9F\xAEhÛŽ�\xB2v@\x9B\x94P�N\x95\xAA\xFE|z\xA5\xBB"^�\x91�\x97\xCBN\xA7\xB3�$\xCB'\x87kWØœ.\xDEe#\xC4\xDA\xE4/\xAA\xAB:�I!�\xEE\xF2 at F.Ù§�N�,X!Ϫ%�\xB5p\xBAD\xD6�EÐ’6\xE55eFÙ™\xC2\xF4Û’E\xF6q\xE4\x9C\xD8+R\xB2\x9F]�C~�=\xEB\xFF\xD6xP\x84\xBBw�(\x8A\xC9Tn
-\xFD\xA3\xEA�\xF6\xC5\xEBG\xCF!_/\xC4!\x84\xFBݸЩ\xEE\xE7Cs\x9B\xE4J\xA0\xA7\xB1\xFC\xF0@\xD4\xD6f\x9D\xCB4���\xE1
-�\xFC%\xE5/\xAB\x82\xCE\xFCT\xEF�;�MK\xF0"3\xA2\xCE\xE6c7\xA0�
-\xDA�\x96\xFE�b$\x88F\x9B\x9A\xD7�4�\xCCG\xC2w6 \x90J�B\xCAA\xA9\xADR"\xB1#\xAAvw>\x9D!*3\xFBLߴ\xD6ax\x8FqUR\xB1\x99^3\xEEj\xD5ƪ\xAEvO\xCD+\xEA] �N
-n\xEC\xFE\xF9\x87Õ¨\xB8\xAEâƒÑ±\xD5\xC9\xED\xCDU 6�\xFE\xB4\xC9i\xE7\x8C7LGi\xBB\x8B\x8C\xB9\xBB\x8F\xD3�<ɳ7\xA3\x9E\x94\x8C\xE4(\xE6\x8Fs\xD4�\x87\xC0\xAE\xED\xF62�`M�\xE1?`\xBB,\x99\xC4 _t\x8EQi\x86\xE8\xBE\xF4\xCB��\xBB�\xD0�ã™…b_B��\xC9\xCA\xCD\xF8mzÔ‚;\xBA\xD8MN�\xFA
-\xA1;\xD9u(G\x85\x9CP\xF5#\xB1�\x80I\xCAE\xAB[\x87n\xAE�\xCEbM|\x94\xAE?C\xE3⮪8\xF0g\xD0\xE0Fp\xB2>%vt�Üž\xE2dB\xF6\xEAR\xD2ß\xB9\xA3�\x97Ù–\xED\xF2�\xD9\xF9;\\xABI\xA4\xF2Ųև7[�\xB1(bv\x88d<\x98U_\xEB\xF2gr\x9E\xE0\xFC�\xA6>N3\xD7I\xA51\xC3\xEA8~>
-�V\xF3G\xD6\xC6\xDBq\xF6"\xE6i\xB7\xF8gz�\xF5">\xAF\xFB\xD0w\x88\x9AyL�\xAB\xCD?\xD4\xFE\xC1�\xD1ų\xF3\xE8\xE2"�dH\xEC\x96���\x95\xAB\xE8W\xA0/\xAB\xF3�L\xF5\x9A^A_2\x979e'�\xEB\x84b\xB7�\xED\xED\xAB(\x9A�
-\x8EM\xA3\x98Me\xAE�opG\x9A\xC1\xD0�\xE6\xFF��\x9B-\xBB\xC1,\xEF�E*h�h(wF�\x9D\x96 \xBC�\xBF\xF4,\xD8G\xAB��\xA9�W�\xF0\x87\xB8\x9E\xE3\x96Fu\xB5\xBE�^T\xE7\xF0\xFA0\xCE�\xB5\xC0\xE0`=\xBAr� \xB8"H\xCDws\x91\x9E8R'Q\xA3ʥ8\xE8\xF8MEF;ݵ0\xACNA
-`\xF5\xD8
-i�:ey/ÓT\x93\xEE\xFC\xC3g{q\xAA}\x8ET�r\xA03\xFD�\:\xD7\xEEY6�\xD2��\xB0\x92\xD9<e\x9D\xDAC\xC8_\xFCi\x9A\x96Qm\x96\x9B��#\xF6\xEF�\xCET\xBA�9\\x9C�\xEBy�\xED\x8E&$\xDE\xF1e\xDE�I4\xF0\xFAl#\xFF\x9D\xBF{��2/\xF4)\x99\xAE#0\x84\xC7B_�\xF2�� l\x95\x8D\xFB\xA9\xA5\xD7\xEB\xA5\xEA:&T\x87\xED\xA89�W\xDA!\x92�q\xA8\xFF��\xC1�T\x88Û¥\xE2\xAB×™a9\xA6\x88RPÕ½\xA4\xD4_i&U\x97M\x93X�<\xDC\xF4YÈ«\xB6\xAA&v@\xA4\xE0\xC62\x981j 9 (�\xCE=\xA7\xC484J\x99\x83H\xDF\xED\xCAp�Ö¿��\x91JlOk:&�\xFE�\xDDq\xCE�/�\xED\x9Fxb\xBD\xF2\xA9R轄ڃ\xE7\x99\xFC
-\x83\xD6\xF99\xFC\xDE\xEB%CߚA۱\xB7\x8D\xC1\xFFxH\xED\xB4�\xCB\xFAD\xAE\xC3n6j\xAD\xB0\xF8c\x84-\xB1�\x91F\xAE\x9Dm�\xF0\x80\x90\xE4\xD3z#\xEC�A;L {&a0%\xADj8\xCA\xD4\xF3\xA3{G\xB5\xA2=4\x89\xA4)\xDA[\xF4\xD0Ӱ\xCFOw\xA5�\xC7\xF7M\xAA\xBAA:X\xB9\xCD�\xB6\xC2v4i�h\xEC\xE4\xD7s�\xBE\xF8,\x82\xC6P\x92�\x90㉖�\xD5\xF9\x99\\x86@\xAF\xC1\xB1\xC6\xCE\xDFC
-\x97\xE8\x9CF\xEC\xA7M\xB9"\xE2\x93\xCAonn_ֳ\xFFLBfF\xC4�����>;x\x8Co\xF9�3\x87�\xFD%\xA4\xE0\xF6.\xDC͑8i\xF2zʹ\xCE\xC8\xE9�\xD5C\xF9\xD4\xEE\xC9(\x8C\x8C\xAB\x9D\xAA\xFB-�\xE4d\x8D\x986�\xED\x8B(\xC7JT*L_4\x8D�\xA5\xF6\xCD\xFC\x85\xB0\xED\xA1M\xB6\xA4\xED\xE2\x8B1\xD6`\xD7x\xDCe\xB2l\xDC\xE1\x86�\xD6/\xAE;G\xE6+\xE0\xC6\xDB\xD4�\xDC\xDE釾{\xE5�
-2K(�\xBE\xE0\xC8rG\x80\xE9I^�\xDD�\xAF\xA7˜E;\xC9\xEBZ$�\x84)\xBDJ�%\x86 *� \xF7%�\x84.Jr\x96&*\xB9ܯM�s\xB6\xB0_k\x84\xEE�\x9A�\xBFN\xC6S�\xBB\x82wX*\xFF\xEF\xADf\x83=\xBA\xF0�W=\x9B\xB17Zx\x89�\x92d\xAD�#\xF3\x921\xE3Z\x985'`�N
-�@\xAD@\xD3tq\xB6\xA5ÙƉ\x9B\x96\xEE\xE0\x97%\x8A7\xFBÙ¹%.�\xCCx\xA4D\x97\xE3\xF0�\xC1\xB3b\x89C5\xF8\xA0I�d\xF5k/\xC5Q\x8A?\xE8x\xE3\xEA5\xB3\xAF\xC4\xD6>\xD2\xF0uow\xF5=\x96\xE89\xADY'\xE0\xE3\xAB Õ‚z\xC9��\xA6\xB1\xB6Ô‚>N
-;�}`\xF7*\x8E\xBF\xC3Þƒ$\x93\x83\x86\xCF|\xA3\x90\xE3\xB7\xC4#@\xBA\xEA\xCAͪ\xB2\xC6.\x88X\xB3\xA4��\xBE\xE0\x8EG\xBF\xAF\x{184AC7}w\x82�M\x9AZ\xF6��gs\xCE�\xD9Q1\xAA\xA1ﱪ;_\xFES\xEC?\x93\xE1x\xB4�\x9F\x82^\xAFI\xAB\x98\x90E2\x95\x93\xA7\x96κ\xDBw!l\xBE:\x87_\xBCs�\xAA\xD4�N\xFF\x98~\xF9\x99\xDB݃[\xB23\xF9ULi\xB5eiž\xC0\xECe%�\xA5�\xBD\x98\xA8\xFCß’O\xAC/\xB0\x94�:\x9D\xBF\xE8x>D@\xFE\xA6\xF9\xF2\xE1=9'\xBB|\xBBĽ\x8C��\xA9L�\xB2\xC4/\x96\xEA-\x82\xBD\xCE�\xEC\xC3s\x9C�\x94\xA0~(\xE1\xE0,\xE5p\x83\xA1\xCBRs,\xD5:\x8E\xB1\xFF�\xC36h\xC6\xCB\xD4D�\xDE\xEF^\xD1\xEAI\xAC'�kð½ ±\xC4�\x9E\xD9\xFE\xF7\x9F\xF8\x9F\x85\xDCÈ�\xC6��\x9B� \x9D;\x99l�+�\xE4\xAD\xF1y̼\xDA(g`\xFD� s}\xD4Ö’\x8D\xD7\xE5\xF9$�Ï–c\x86\x83vjlHM\xBBk�\x9C\xC4^\xFD08\xF9qS}\x8D\xE3�!<\xA2\xA5mPYm\xBC\xD1ј\xC3�s:\xF6h\xAA6\xAF!\xDB(sD\xB916\xE4�\xD1?\xABr.o�\x99�\xC9\xFB\xF2\x81\x88�\xBES\x9A\xC9\x{DCD5}\xF5P1K\xB2EreS\x91(\xA7A\xF0\xD6?\x9EÔo\xA7G,C<\xF2Δ\xBDkul\xF3\xA0\xB5kX\x93\xC1\xF1Ó—WO\x81G\x88\x8B\x9Dv$\xD4\xC3\xC1\xD7a�\xB6D�\xB4\xAD\x83\xE6�\xE9<�x\xE7 �x\xF7D\xC9�\xBAB\xF5o\xD9\xF2Q3�\xAA\x91�GÞŠgMy\xCE\xEB\xE6:\xE7
-\xE8W\x83\x92\xA5o�\xE1\xB5=\xA3\xF6b2\xF0\xBB\xB1�K<6\xF6%J�{
-\x8B\xC5K0}\xB4zc?�\xB9
-L�\xA3Z^�F\xAA\xCB\xEF;\x90\x97\xFE\xA0d%C\xBA\x9F�\xFCÂ\xA5�\xFC\xA8)0\xF3�\x9A\xE25\xB5\xFB|#\xF1\xCA1\xA4\x8A\xB5\x96\xA0Pgm� _R�\x84\xAEz1\xD9�\xEFO,\xEES\xF2��[\xB3\xC3Y[Z\x85�-\xB62
-�{\xE5]\xAD\xE8\xAB��X�\x95�\xA0\xB2\xDF�\xE6�F�]T%9F\xE1T�\xE2\xFE\xA5}q\xDAxo\x82{w;w+h|\x8A\xCF\xEDaq�\x88\xEDX7\x8C\xD2z\xA1\xEE\xB1v�\xF1\xA8\x88\xE6K\xDC�\x89\x8Fbs6\x9F\xB1\x99"\x82�\xAC|��;�\xAFm\x9A\xAEu\x984bƼ��\xFD\xA6\xFE��7\xF5\x99�\x95\x8D�\xBBЯl(h\xF5)&I\x97\xBC��\xB8\xF3\xDD�\xF4#F\xEA%yD\xF4\xEAW\xD6\xEB\xCF\xE4\xF4D‡߂\xF9\x91�|\x81}\xC599Q�}\xE2\x9D>�� u\xF4ҧ\xABh�\x86:\xFAVL\xE3�\xD6zB\x9EŌ\xE5\x92F'\xFC\xD5\xC6Q��\xD3/9\xCE�F\xDDҰɵ#6sn\x9CjG\xF6X\xE3~\xC3\xE9P\xF3LpJ\xFD\x9C&wB˽\xF3\xC2\xF3�b1�7a\xAA\xD3�Hj;\xE8\x95\xDF\xD0\xF0S\xBD]\xFE\xC5�\xDDp\xCC\xDA\xF2�\x93
-\xAD\xAAA\xEB8K\x9E�\x9Dp\xAA\xE4\xA6<\xEB\xF1-\xF9�S\xA2\xE4\xEB\xCA\xF5���&}9c\xAD\xE0\xD2o\x98\xF2�t3a\xEBc`�St�\x8C\xD4Dr3\x9C\x96ic#Ñ‘x"\xA3\x9E7\xFD\xB3\x96þl\xAD\xCA\xEAIF)^\x88\xD7LÌŠ[h\xA3I\xB5A _#\x83c\xAB\xACL\xD4'P\x8C�\xF6\x96Tñ™»,\x8A\xA0x\x8F\xB4�\xC5r�
-\x8B;dTx\xA2C\x8A\xDA�\xB5�'x^3$|\xC0Ƚ\xAC4\xEC^áœ\xA5$0\xFD'\x81\xA9\xB4s
-\xE1c@\xD3A\xD9ou\xD6�\x8C\xCE�@@\x8D\x8B\xD9[\xA8\xF1\xC4#r\xB5\xEC\x91\xF6�9s\xA4N\xE82\xEA\x9A>8*\xFB@\x81\x8Bh\xCB\xE7ES\xE6Ih\x92V\\xBAw+\x9B\xF8YET�\x8E\xEB楋\xC6E\xEA�\xE6cfCo\x8A\xE5\xDA�M\xAC\xB7\xD4\xFE�\xE1\xE9w\x84Ii�D\xA4^\x8BJ\xAD\xF7�T\xB9J�\x86a\xB1k\xE3\xC2\xFA�\xF4ꟶ\xCA\xE7\xC6ck\x80-T� \xFF\x8A\xD7ݥ\xE8\x90\xDD\xFB 4\xFCGl-Usʫnu\xB90\xC1\xAB\x85�¶\xE0\xF6Xl\xC7= >\x85\xCA\xEA.v\xC5\xC9\xE4\xDBu\x8E\xE7\x81\xFF{\xA5\xAB\x9B o\xFE\xB2\xFFk\x8F�\xC1G\xF7\xB4\xF1\xC7\xE1\xCD钛0Q\x874~\xC2w\xB1ru\xC0�\xF7o��\xEF/\xFD\xA0d\xA2\x8E,
-�%%��\x96\x83~O1楪\xDA \x9D\xBB'~\xC9_f2IR\xA3!\xEB\xB0\xFA[S/d9[V5\xBB\x92�]\xB7\xAA\xBE�\xD5^�i)\xA9\xDFj\x9C\xD5\xC0izp\xB2Yߒ6\xEC\xFB\xC3�\xAB\xD8[\x87m\xFF\xAE\x98\x80\x86ji\xB0\xA0YPr\xCC\xC1\x9A\xF3\xFC"\x979\xC2�\xB8[\xFASU,RaJ\xB2ۜ\xEC8}\xD8\xDD8\xD2Q��qw\x97IO��zH\xB2\xF2\x83\xA1j, \xF7\xAB\xFA\x9C\xDD&�\xBBi\x80\x99\xA8\x9A#\xD6\xD3\xD4b\xA9ܦ\x85\xC5\xC9pX\x8F\xD7ƕ�\xFE\xBD\x80\xDDNjxQ�\x9F�CU\xB8�\x89!»sI.p0�\x8A\xD9\xD3\xE8\xF9b\xD3LN{\xC5�\xCE \xA9\xEFE\x89\xF4\x8D\xFF\xB99K\xFD\x8D\xF4׌\xA2�Km\xBA\xF0\xF6\x9Bl\xF7\xD6IҞ\xF1n+\xAA\xBC\xF3(D\xE6\xFE\xBA\xBA\xC9\xCD\xEA\x89v\x80\xF0\xEF�Lwt\xCA\xFAB\xA2\xCA̺�\xFB\x89\xBF\x8E�\xEA}x�{\\x82º�\xED\x82\xC3H\xA6u\x81Pje\x8C�\\x95nj\xF3k\x94\x98�\x8B\xBEc\x82ʿ\xC5\xC5\xE4{\xE3<\xD3�^�a\xAFi{\xFE\x88\xCCl\xC7P\xB77\xA0\x99\xAD0Ui\xF5\xF6\x85�\xEF\xE2v1\xF6\xE5�bp\x82\x85�g\xC3߸Kqx\xBF�{\xB6
-\xA5`M/\o\xF5\xDB\xFEJXS\x9D\xF96\x94\xBF\xFC'\x8EO\xD8La\xE0\xA8o\xCD���ZN\xF5\xB5\xE1\xF8\xF7�\x8FP\xB3\xAC\xE6\x90#\xC0\xAB-\x92\xB7^=\xE8�Cp\xA7\x93\xB4\xF1\xBB\x8Dw\xD3^\xBB\xB1\xF2\x9E,\x9D\xE0\xEC\xCE-3\xE0 rg\x87l\xD6:G> �\x80\xC3s\xA6\xDA�\xA3\x85\xEE:�\x9C\xF40�\xEBX<�Ԁ\xB5a\xCB\xE2\xF8B��\xB4j[\xE6\x93\xF7)�s\xE0\xD8�A\xAF\xBF7\x81oB\xC1\xDE\xC2ĔA5d{F�\xE1\xE4;c\x8E%e\xF3*]\x9A{+/\xC5=\xBE\x8561�/\xE1\xFE\xE0K~H\xA6)\xA1\x94Q"\x97v\xA4#f\x99&�\xA4\x8C\xE7\xD6'�m\xB7\xF7\xE5S\xB7L+3\xC7q\xB5\xD2\\xEB\ێ,\xCA ]\xB6\xC1\xB5ة \xE7\xD2\xDAe8\xA0ƅ߰5\xB2\x87r\xC1\xE8\xA2\xEE\xE0\xC5\xE5\xA7\xCA^o*K{V#L�\xF3\xA0\xE2�0�\xD5�\x80\x82\xB2\xDEx\xC2Y\x8C`\xD2zB:�[\xCAnة\xEE�\x8C\x86\x83\xB43\x88\xC3\xF5|\xF63\xDE+\xC7u[K\x9C\xB3\x9A�\xB8=(i\x90�"҄gc\xDA�\xEF4&=2\xF59\xB0\xABi\x8Eo\xD6$W\xA4�\xDCEC\xB6z\x99��\xBA\xA8�\xFDv Ю\xBF3-еD\x8AR
-\xA9(\xBD\xAD\xEB\x91�\xB1\xD2l\x8B-�z\xA74��\x95\x8FΕܸM\xD8\xED6n\xD3Z\xF3\xC8a\x89I\xFD\xBE\xAB@\xDC\xDCh\xF1�\x9Bd\xC7\xC0�"uñ£ \xE5\xBA~!\x89�qZ\x90\xF67\xCA5=\xCFs\x8CЗ\xE3�\xD7u\xC66\xD9H�J\xFF\xD2�P\x80SN$\xF0\xBD\xBD\xD0\xEE\x9E�j\xE6\xE8<^\xA5)ÔŸ\xD7Õ—Q�tÚ¹\xFD\xB7�\xE3\x90�\xCB$\xCA�\xC1\xB7\xC1\x84\xE8\x9D:\x88\xED\xFB�㛤P\xF5#��xi�\xF0�\xDC\xD8\xE0\x92Eu\xC3N\xB1n\x97\xAD\xA4�A\xD5\xD4Op\xE4\xF6�\xCA`gW\xEE=ÖˆqI�zCQ\x84+\x9AÆ´'\x89\xBA\xDA\xD0Z\xDB�a\xBBb\x92�\xDD��wu\x9B�\xC7/@\xFDcu\xF6\x96H\x96�6\xD3\xC2c]Ũ\x8F7$\hwFƪP\xD8$V\xC0{L\xB5H�\xC5Y\xC1\xD9�\xE7\xD4\\xD0\xFC;v\xCE\xF1\xC0\xFCM\xA31\xF4>I8w\x9F\xA8\xA8\xA0\xDE\xF9\xE2\x90`(:\xA3\xD5\xC0Ř\x9EZ[\x94�\xFC \xDCL\xACA2\xDB[\x84\xB0\x92\x83\xCC\xF1:�\x90\x91�<\xA2L\xFB(\x95�\xD4\xC7\xC2=::\xB6\x86\xE2\x92=2Ǩp\x9Bj\x90\x91ݳ~\xB0\xFF\xD2g\xF6i\xAD\x92vq\xAB"\x99\xFB\xD3A`5\xDE\xFBu\xA4\xF0Ê ?\x99Ij\x92J\xF8�\x96\xBE\x8Eq\xB8<a˽\xCD(�\x91t�o \xF0A\x8C<\xB2\xF1\x9FM\x9B5\xA9_\xA19\xE1�\xDB\xE6\xC9߬\xD5z{~2:}h(\x9B#\xFB\xAC\xBF�\x9Ak]LwV\xE8\x92
-�\xE2\xD6ޞTjo\xAD&a.\xAE)\xC1\xF0G�J�\xE1S\xA2��\xD2V\xB7d\xE1\xCC6a\x9Dm\x87\xD1N\x9B$}T\xCC*\x9A0k\xFC\xA4U�Tv\xC3�%YXp�A\xA1!i\xF3\xDD\xE5B!
\x96l\xE7\xCF\xE8
-\xA44\xCD7[\xE7�E\x84\xAF4Zu\x8A���GEu\xB2\xFE\xE0\x9B\x93\xBF\x91\x98\xF72\xE6\xA0�\xD5_\xA2Ó·\x81rx9\xFAN)�?=N\xA8\xB2\xE88\x879�J\xFDy\xB90\xC9\\xA5\xFF�\xEA;/\xDA\xDB\xEA\xBE\xF3/\x88S\x8DO\xD2�\xBF\xFD-Y-v\x8D\xEC)\x97\xC0\xDEa\x94\xEDo\xE4\xD9d\xF70\xF4\x84\xD4\xE1\xAEG\x96\xFE\xB8'f\xA6\xE2\xBE\xDE{h\x8Co\xE5\xAA\xF9\xC2[6\xFA\xA93^\x8Bßž\xB0yÊ»I\xE7\x8Bß…\xDB\xE8\xA3\xC3\xC9;o OA�Z\x90\xA0nSɶ\x90\xD8 �\xAB�\xC84Û§q\xBF\xA6r\xC44�\x93\xC3\xFA\x95=?\xC1\xA5\xABc�\xE6�Ki w\x8F"\xEC�\xD8�3fA!\x87\:\x8E�\xE5\xF1\xB7\xD6�\xEE\xBC\xEB7_\xE236É È•\xC8\xF5\xBE\xCB\xDD×\x91Æ‘_\x9Eg\xE3�\xE9U|\xD1�\xF2�6\xE9\x8C\xD0m\xA1\xE0&\xE2Y\xEA\xD2>\x84�;\x99\xAE>\xFB%\xEC�D\xE2&\xACT\xD8Õ¯M\xC6J\xF6*�G�\xCD\xEC"Sr\xB3\xC3j\xA5\xCCn\xB86Ëš\x94\xA6ê±q.\xF8'\xAA\xE1\xFD"\x81\x90�\x85\xA4\x97\xBC��r\xCB�T"s\xB9�~Ɖ&\x9C\x94r\xBAm��\xED\xAF\xC6\xC7h\xB8\x8C\xA9J\xD9S�\x9A\x93�
-\x87�\xFB$\xCB\xFA\x81*\xCF[\xBE'е5\xD8\xCC�\xBDþ^\xBF\x82 at rG{X\xCE��N3�?\xDC&\xD3vj\xBD\xEC\xD6fl3O\xAD\x88\xD0��\xA5\\xE1"�\xDDJ)P\\xB07\xC0\xABJ&zgT\x91\x9A|�\x86\xF1h\xDDh�^r\xD7X&\xE2h\x8C\xE7]C\x8A\xD2\xF7\x88���\xFA%#şߒ\xEF\xE7UU\xD2\xD9$\xEFRD�\xE4\xFC\xBER\x8Dk\xA4zw\x8C\xF1\xAD\xE3\x97Z�
-U\xDFD\x84j%\x91{7\xB9\x92�&Lo\xC5L\xF3\xB4T0\x89* V^\xF7N\x91\xB3eV�B)\xCA\xF8\x87t\xF0_1J\xBF\xA1\xE3x)s0\xDF\xF1~�\xB1_+\x9D\xC8L\xF6;\xBE\xA1�"l�tMڳ\xBD\xADoI�\xC6t\xE8-\xC2<'_4\xC03.\x97\x8C\xF22J\xC4U�\xBDەT\x84�\xA5U\xFE\xDD>��A)JD�y\x8E\xAB\xEB&\xE1\xBE֔\xB1\x91�= #\xBEcD6Ǟ@�\xFC\x86\xEC�\xC2\xE0\xBFx\xA4\xE8\xD1\xCF\xF3D\xC1\xBB�Ǝf\xB24\xD3\xD1H\xDF�\x99y\xF7\\xF2^\xA5\xB1\x92\xED\xABdi�\xE5\xFA\xF8\xBE\x9E\x86.
-˗\xCCF+u\xE5| \xE3��_\xEC\x8E'\xACgk"\xB8q\xE1D]�\xB2 S<\xFE\x80��\xD507=\xD3¾\xFB\x94
-\xB3:]T��?\xE7\xC5&3\xCA�\xF7Ŕ\xD9-Ļ\x9F\x97\xDC^"l\xCA\xC0
-%Z�\xE4\xDF: o�Π\x81�\xA7d\xCE\xFF'(\xFF�\xFCG�~ٙ\x9B\xBA\xB89ڛ\xBAآ\xFC�\xD9\xD1\xE0\x9Eendstream
-endobj
-938 0 obj <<
-/Type /Font
-/Subtype /Type1
-/Encoding 2737 0 R
-/FirstChar 2
-/LastChar 151
-/Widths 2754 0 R
-/BaseFont /CUGYHF+URWPalladioL-Bold
-/FontDescriptor 936 0 R
->> endobj
-936 0 obj <<
-/Ascent 708
-/CapHeight 672
-/Descent -266
-/FontName /CUGYHF+URWPalladioL-Bold
-/ItalicAngle 0
-/StemV 123
-/XHeight 471
-/FontBBox [-152 -301 1000 935]
-/Flags 4
-/CharSet (/fi/fl/exclam/numbersign/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/question/at/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/bracketright/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/quotedblright/emdash)
-/FontFile 937 0 R
->> endobj
-2754 0 obj
-[611 611 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 0 500 500 889 0 278 333 333 444 606 250 333 250 296 500 500 500 500 500 500 500 500 500 500 250 250 0 0 0 444 747 778 667 722 833 611 556 833 833 389 0 778 611 1000 833 833 611 833 722 611 667 778 778 1000 667 667 667 333 0 333 0 0 0 500 611 444 611 500 389 556 611 333 333 611 333 889 611 556 611 611 389 444 333 611 556 833 500 556 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 500 0 0 1000 ]
-endobj
-939 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2755 0 R
-/Kids [930 0 R 956 0 R 966 0 R 1021 0 R 1085 0 R 1148 0 R]
->> endobj
-1226 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2755 0 R
-/Kids [1210 0 R 1228 0 R 1240 0 R 1253 0 R 1264 0 R 1271 0 R]
->> endobj
-1287 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2755 0 R
-/Kids [1283 0 R 1289 0 R 1297 0 R 1306 0 R 1316 0 R 1329 0 R]
->> endobj
-1337 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2755 0 R
-/Kids [1333 0 R 1340 0 R 1347 0 R 1352 0 R 1373 0 R 1383 0 R]
->> endobj
-1392 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2755 0 R
-/Kids [1388 0 R 1394 0 R 1399 0 R 1408 0 R 1417 0 R 1424 0 R]
->> endobj
-1433 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2755 0 R
-/Kids [1430 0 R 1435 0 R 1444 0 R 1458 0 R 1465 0 R 1479 0 R]
->> endobj
-1489 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2756 0 R
-/Kids [1485 0 R 1491 0 R 1497 0 R 1504 0 R 1512 0 R 1517 0 R]
->> endobj
-1530 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2756 0 R
-/Kids [1523 0 R 1533 0 R 1540 0 R 1544 0 R 1554 0 R 1558 0 R]
->> endobj
-1573 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2756 0 R
-/Kids [1565 0 R 1575 0 R 1583 0 R 1591 0 R 1603 0 R 1609 0 R]
->> endobj
-1620 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2756 0 R
-/Kids [1615 0 R 1622 0 R 1626 0 R 1633 0 R 1638 0 R 1648 0 R]
->> endobj
-1655 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2756 0 R
-/Kids [1652 0 R 1657 0 R 1661 0 R 1665 0 R 1669 0 R 1676 0 R]
->> endobj
-1684 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2756 0 R
-/Kids [1681 0 R 1686 0 R 1692 0 R 1703 0 R 1707 0 R 1711 0 R]
->> endobj
-1723 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2757 0 R
-/Kids [1715 0 R 1726 0 R 1732 0 R 1738 0 R 1743 0 R 1747 0 R]
->> endobj
-1756 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2757 0 R
-/Kids [1751 0 R 1758 0 R 1766 0 R 1771 0 R 1779 0 R 1786 0 R]
->> endobj
-1796 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2757 0 R
-/Kids [1791 0 R 1799 0 R 1806 0 R 1811 0 R 1815 0 R 1819 0 R]
->> endobj
-1828 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2757 0 R
-/Kids [1823 0 R 1830 0 R 1835 0 R 1839 0 R 1844 0 R 1850 0 R]
->> endobj
-1863 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2757 0 R
-/Kids [1859 0 R 1865 0 R 1870 0 R 1874 0 R 1878 0 R 1882 0 R]
->> endobj
-1893 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2757 0 R
-/Kids [1890 0 R 1895 0 R 1910 0 R 1925 0 R 1937 0 R 1957 0 R]
->> endobj
-1969 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2758 0 R
-/Kids [1964 0 R 1971 0 R 1975 0 R 1987 0 R 1991 0 R 2000 0 R]
->> endobj
-2021 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2758 0 R
-/Kids [2012 0 R 2023 0 R 2030 0 R 2036 0 R 2043 0 R 2052 0 R]
->> endobj
-2067 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2758 0 R
-/Kids [2061 0 R 2069 0 R 2080 0 R 2084 0 R 2090 0 R 2100 0 R]
->> endobj
-2107 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2758 0 R
-/Kids [2104 0 R 2109 0 R 2120 0 R 2124 0 R 2131 0 R 2141 0 R]
->> endobj
-2255 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2758 0 R
-/Kids [2200 0 R 2257 0 R 2311 0 R 2346 0 R 2354 0 R 2362 0 R]
->> endobj
-2373 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2758 0 R
-/Kids [2369 0 R 2375 0 R 2381 0 R 2385 0 R 2394 0 R 2400 0 R]
->> endobj
-2408 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2759 0 R
-/Kids [2405 0 R 2410 0 R 2415 0 R 2426 0 R 2431 0 R 2443 0 R]
->> endobj
-2460 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2759 0 R
-/Kids [2452 0 R 2462 0 R 2467 0 R 2476 0 R 2482 0 R 2486 0 R]
->> endobj
-2502 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2759 0 R
-/Kids [2492 0 R 2504 0 R 2514 0 R 2520 0 R 2530 0 R 2536 0 R]
->> endobj
-2543 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2759 0 R
-/Kids [2540 0 R 2545 0 R 2555 0 R 2566 0 R 2573 0 R 2577 0 R]
->> endobj
-2592 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2759 0 R
-/Kids [2589 0 R 2594 0 R 2600 0 R 2612 0 R 2621 0 R 2626 0 R]
->> endobj
-2636 0 obj <<
-/Type /Pages
-/Count 6
-/Parent 2759 0 R
-/Kids [2630 0 R 2638 0 R 2648 0 R 2659 0 R 2664 0 R 2675 0 R]
->> endobj
-2691 0 obj <<
-/Type /Pages
-/Count 5
-/Parent 2760 0 R
-/Kids [2681 0 R 2693 0 R 2705 0 R 2719 0 R 2732 0 R]
->> endobj
-2755 0 obj <<
-/Type /Pages
-/Count 36
-/Parent 2761 0 R
-/Kids [939 0 R 1226 0 R 1287 0 R 1337 0 R 1392 0 R 1433 0 R]
->> endobj
-2756 0 obj <<
-/Type /Pages
-/Count 36
-/Parent 2761 0 R
-/Kids [1489 0 R 1530 0 R 1573 0 R 1620 0 R 1655 0 R 1684 0 R]
->> endobj
-2757 0 obj <<
-/Type /Pages
-/Count 36
-/Parent 2761 0 R
-/Kids [1723 0 R 1756 0 R 1796 0 R 1828 0 R 1863 0 R 1893 0 R]
->> endobj
-2758 0 obj <<
-/Type /Pages
-/Count 36
-/Parent 2761 0 R
-/Kids [1969 0 R 2021 0 R 2067 0 R 2107 0 R 2255 0 R 2373 0 R]
->> endobj
-2759 0 obj <<
-/Type /Pages
-/Count 36
-/Parent 2761 0 R
-/Kids [2408 0 R 2460 0 R 2502 0 R 2543 0 R 2592 0 R 2636 0 R]
->> endobj
-2760 0 obj <<
-/Type /Pages
-/Count 5
-/Parent 2761 0 R
-/Kids [2691 0 R]
->> endobj
-2761 0 obj <<
-/Type /Pages
-/Count 185
-/Kids [2755 0 R 2756 0 R 2757 0 R 2758 0 R 2759 0 R 2760 0 R]
->> endobj
-2762 0 obj <<
-/Type /Outlines
-/First 7 0 R
-/Last 843 0 R
-/Count 10
->> endobj
-927 0 obj <<
-/Title 928 0 R
-/A 925 0 R
-/Parent 843 0 R
-/Prev 923 0 R
->> endobj
-923 0 obj <<
-/Title 924 0 R
-/A 921 0 R
-/Parent 843 0 R
-/Prev 919 0 R
-/Next 927 0 R
->> endobj
-919 0 obj <<
-/Title 920 0 R
-/A 917 0 R
-/Parent 843 0 R
-/Prev 915 0 R
-/Next 923 0 R
->> endobj
-915 0 obj <<
-/Title 916 0 R
-/A 913 0 R
-/Parent 843 0 R
-/Prev 911 0 R
-/Next 919 0 R
->> endobj
-911 0 obj <<
-/Title 912 0 R
-/A 909 0 R
-/Parent 843 0 R
-/Prev 907 0 R
-/Next 915 0 R
->> endobj
-907 0 obj <<
-/Title 908 0 R
-/A 905 0 R
-/Parent 843 0 R
-/Prev 903 0 R
-/Next 911 0 R
->> endobj
-903 0 obj <<
-/Title 904 0 R
-/A 901 0 R
-/Parent 843 0 R
-/Prev 899 0 R
-/Next 907 0 R
->> endobj
-899 0 obj <<
-/Title 900 0 R
-/A 897 0 R
-/Parent 843 0 R
-/Prev 895 0 R
-/Next 903 0 R
->> endobj
-895 0 obj <<
-/Title 896 0 R
-/A 893 0 R
-/Parent 843 0 R
-/Prev 891 0 R
-/Next 899 0 R
->> endobj
-891 0 obj <<
-/Title 892 0 R
-/A 889 0 R
-/Parent 843 0 R
-/Prev 887 0 R
-/Next 895 0 R
->> endobj
-887 0 obj <<
-/Title 888 0 R
-/A 885 0 R
-/Parent 843 0 R
-/Prev 883 0 R
-/Next 891 0 R
->> endobj
-883 0 obj <<
-/Title 884 0 R
-/A 881 0 R
-/Parent 843 0 R
-/Prev 879 0 R
-/Next 887 0 R
->> endobj
-879 0 obj <<
-/Title 880 0 R
-/A 877 0 R
-/Parent 843 0 R
-/Prev 875 0 R
-/Next 883 0 R
->> endobj
-875 0 obj <<
-/Title 876 0 R
-/A 873 0 R
-/Parent 843 0 R
-/Prev 871 0 R
-/Next 879 0 R
->> endobj
-871 0 obj <<
-/Title 872 0 R
-/A 869 0 R
-/Parent 843 0 R
-/Prev 867 0 R
-/Next 875 0 R
->> endobj
-867 0 obj <<
-/Title 868 0 R
-/A 865 0 R
-/Parent 843 0 R
-/Prev 863 0 R
-/Next 871 0 R
->> endobj
-863 0 obj <<
-/Title 864 0 R
-/A 861 0 R
-/Parent 843 0 R
-/Prev 859 0 R
-/Next 867 0 R
->> endobj
-859 0 obj <<
-/Title 860 0 R
-/A 857 0 R
-/Parent 843 0 R
-/Prev 855 0 R
-/Next 863 0 R
->> endobj
-855 0 obj <<
-/Title 856 0 R
-/A 853 0 R
-/Parent 843 0 R
-/Prev 851 0 R
-/Next 859 0 R
->> endobj
-851 0 obj <<
-/Title 852 0 R
-/A 849 0 R
-/Parent 843 0 R
-/Prev 847 0 R
-/Next 855 0 R
->> endobj
-847 0 obj <<
-/Title 848 0 R
-/A 845 0 R
-/Parent 843 0 R
-/Next 851 0 R
->> endobj
-843 0 obj <<
-/Title 844 0 R
-/A 841 0 R
-/Parent 2762 0 R
-/Prev 751 0 R
-/First 847 0 R
-/Last 927 0 R
-/Count -21
->> endobj
-839 0 obj <<
-/Title 840 0 R
-/A 837 0 R
-/Parent 787 0 R
-/Prev 811 0 R
->> endobj
-835 0 obj <<
-/Title 836 0 R
-/A 833 0 R
-/Parent 811 0 R
-/Prev 831 0 R
->> endobj
-831 0 obj <<
-/Title 832 0 R
-/A 829 0 R
-/Parent 811 0 R
-/Prev 827 0 R
-/Next 835 0 R
->> endobj
-827 0 obj <<
-/Title 828 0 R
-/A 825 0 R
-/Parent 811 0 R
-/Prev 823 0 R
-/Next 831 0 R
->> endobj
-823 0 obj <<
-/Title 824 0 R
-/A 821 0 R
-/Parent 811 0 R
-/Prev 819 0 R
-/Next 827 0 R
->> endobj
-819 0 obj <<
-/Title 820 0 R
-/A 817 0 R
-/Parent 811 0 R
-/Prev 815 0 R
-/Next 823 0 R
->> endobj
-815 0 obj <<
-/Title 816 0 R
-/A 813 0 R
-/Parent 811 0 R
-/Next 819 0 R
->> endobj
-811 0 obj <<
-/Title 812 0 R
-/A 809 0 R
-/Parent 787 0 R
-/Prev 807 0 R
-/Next 839 0 R
-/First 815 0 R
-/Last 835 0 R
-/Count -6
->> endobj
-807 0 obj <<
-/Title 808 0 R
-/A 805 0 R
-/Parent 787 0 R
-/Prev 803 0 R
-/Next 811 0 R
->> endobj
-803 0 obj <<
-/Title 804 0 R
-/A 801 0 R
-/Parent 787 0 R
-/Prev 799 0 R
-/Next 807 0 R
->> endobj
-799 0 obj <<
-/Title 800 0 R
-/A 797 0 R
-/Parent 787 0 R
-/Prev 795 0 R
-/Next 803 0 R
->> endobj
-795 0 obj <<
-/Title 796 0 R
-/A 793 0 R
-/Parent 787 0 R
-/Prev 791 0 R
-/Next 799 0 R
->> endobj
-791 0 obj <<
-/Title 792 0 R
-/A 789 0 R
-/Parent 787 0 R
-/Next 795 0 R
->> endobj
-787 0 obj <<
-/Title 788 0 R
-/A 785 0 R
-/Parent 751 0 R
-/Prev 771 0 R
-/First 791 0 R
-/Last 839 0 R
-/Count -7
->> endobj
-783 0 obj <<
-/Title 784 0 R
-/A 781 0 R
-/Parent 771 0 R
-/Prev 779 0 R
->> endobj
-779 0 obj <<
-/Title 780 0 R
-/A 777 0 R
-/Parent 771 0 R
-/Prev 775 0 R
-/Next 783 0 R
->> endobj
-775 0 obj <<
-/Title 776 0 R
-/A 773 0 R
-/Parent 771 0 R
-/Next 779 0 R
->> endobj
-771 0 obj <<
-/Title 772 0 R
-/A 769 0 R
-/Parent 751 0 R
-/Prev 763 0 R
-/Next 787 0 R
-/First 775 0 R
-/Last 783 0 R
-/Count -3
->> endobj
-767 0 obj <<
-/Title 768 0 R
-/A 765 0 R
-/Parent 763 0 R
->> endobj
-763 0 obj <<
-/Title 764 0 R
-/A 761 0 R
-/Parent 751 0 R
-/Prev 755 0 R
-/Next 771 0 R
-/First 767 0 R
-/Last 767 0 R
-/Count -1
->> endobj
-759 0 obj <<
-/Title 760 0 R
-/A 757 0 R
-/Parent 755 0 R
->> endobj
-755 0 obj <<
-/Title 756 0 R
-/A 753 0 R
-/Parent 751 0 R
-/Next 763 0 R
-/First 759 0 R
-/Last 759 0 R
-/Count -1
->> endobj
-751 0 obj <<
-/Title 752 0 R
-/A 749 0 R
-/Parent 2762 0 R
-/Prev 731 0 R
-/Next 843 0 R
-/First 755 0 R
-/Last 787 0 R
-/Count -4
->> endobj
-747 0 obj <<
-/Title 748 0 R
-/A 745 0 R
-/Parent 731 0 R
-/Prev 743 0 R
->> endobj
-743 0 obj <<
-/Title 744 0 R
-/A 741 0 R
-/Parent 731 0 R
-/Prev 735 0 R
-/Next 747 0 R
->> endobj
-739 0 obj <<
-/Title 740 0 R
-/A 737 0 R
-/Parent 735 0 R
->> endobj
-735 0 obj <<
-/Title 736 0 R
-/A 733 0 R
-/Parent 731 0 R
-/Next 743 0 R
-/First 739 0 R
-/Last 739 0 R
-/Count -1
->> endobj
-731 0 obj <<
-/Title 732 0 R
-/A 729 0 R
-/Parent 2762 0 R
-/Prev 707 0 R
-/Next 751 0 R
-/First 735 0 R
-/Last 747 0 R
-/Count -3
->> endobj
-727 0 obj <<
-/Title 728 0 R
-/A 725 0 R
-/Parent 707 0 R
-/Prev 715 0 R
->> endobj
-723 0 obj <<
-/Title 724 0 R
-/A 721 0 R
-/Parent 715 0 R
-/Prev 719 0 R
->> endobj
-719 0 obj <<
-/Title 720 0 R
-/A 717 0 R
-/Parent 715 0 R
-/Next 723 0 R
->> endobj
-715 0 obj <<
-/Title 716 0 R
-/A 713 0 R
-/Parent 707 0 R
-/Prev 711 0 R
-/Next 727 0 R
-/First 719 0 R
-/Last 723 0 R
-/Count -2
->> endobj
-711 0 obj <<
-/Title 712 0 R
-/A 709 0 R
-/Parent 707 0 R
-/Next 715 0 R
->> endobj
-707 0 obj <<
-/Title 708 0 R
-/A 705 0 R
-/Parent 2762 0 R
-/Prev 363 0 R
-/Next 731 0 R
-/First 711 0 R
-/Last 727 0 R
-/Count -3
->> endobj
-703 0 obj <<
-/Title 704 0 R
-/A 701 0 R
-/Parent 683 0 R
-/Prev 699 0 R
->> endobj
-699 0 obj <<
-/Title 700 0 R
-/A 697 0 R
-/Parent 683 0 R
-/Prev 695 0 R
-/Next 703 0 R
->> endobj
-695 0 obj <<
-/Title 696 0 R
-/A 693 0 R
-/Parent 683 0 R
-/Prev 691 0 R
-/Next 699 0 R
->> endobj
-691 0 obj <<
-/Title 692 0 R
-/A 689 0 R
-/Parent 683 0 R
-/Prev 687 0 R
-/Next 695 0 R
->> endobj
-687 0 obj <<
-/Title 688 0 R
-/A 685 0 R
-/Parent 683 0 R
-/Next 691 0 R
->> endobj
-683 0 obj <<
-/Title 684 0 R
-/A 681 0 R
-/Parent 675 0 R
-/Prev 679 0 R
-/First 687 0 R
-/Last 703 0 R
-/Count -5
->> endobj
-679 0 obj <<
-/Title 680 0 R
-/A 677 0 R
-/Parent 675 0 R
-/Next 683 0 R
->> endobj
-675 0 obj <<
-/Title 676 0 R
-/A 673 0 R
-/Parent 363 0 R
-/Prev 619 0 R
-/First 679 0 R
-/Last 683 0 R
-/Count -2
->> endobj
-671 0 obj <<
-/Title 672 0 R
-/A 669 0 R
-/Parent 619 0 R
-/Prev 667 0 R
->> endobj
-667 0 obj <<
-/Title 668 0 R
-/A 665 0 R
-/Parent 619 0 R
-/Prev 647 0 R
-/Next 671 0 R
->> endobj
-663 0 obj <<
-/Title 664 0 R
-/A 661 0 R
-/Parent 647 0 R
-/Prev 659 0 R
->> endobj
-659 0 obj <<
-/Title 660 0 R
-/A 657 0 R
-/Parent 647 0 R
-/Prev 655 0 R
-/Next 663 0 R
->> endobj
-655 0 obj <<
-/Title 656 0 R
-/A 653 0 R
-/Parent 647 0 R
-/Prev 651 0 R
-/Next 659 0 R
->> endobj
-651 0 obj <<
-/Title 652 0 R
-/A 649 0 R
-/Parent 647 0 R
-/Next 655 0 R
->> endobj
-647 0 obj <<
-/Title 648 0 R
-/A 645 0 R
-/Parent 619 0 R
-/Prev 643 0 R
-/Next 667 0 R
-/First 651 0 R
-/Last 663 0 R
-/Count -4
->> endobj
-643 0 obj <<
-/Title 644 0 R
-/A 641 0 R
-/Parent 619 0 R
-/Prev 639 0 R
-/Next 647 0 R
->> endobj
-639 0 obj <<
-/Title 640 0 R
-/A 637 0 R
-/Parent 619 0 R
-/Prev 635 0 R
-/Next 643 0 R
->> endobj
-635 0 obj <<
-/Title 636 0 R
-/A 633 0 R
-/Parent 619 0 R
-/Prev 623 0 R
-/Next 639 0 R
->> endobj
-631 0 obj <<
-/Title 632 0 R
-/A 629 0 R
-/Parent 623 0 R
-/Prev 627 0 R
->> endobj
-627 0 obj <<
-/Title 628 0 R
-/A 625 0 R
-/Parent 623 0 R
-/Next 631 0 R
->> endobj
-623 0 obj <<
-/Title 624 0 R
-/A 621 0 R
-/Parent 619 0 R
-/Next 635 0 R
-/First 627 0 R
-/Last 631 0 R
-/Count -2
->> endobj
-619 0 obj <<
-/Title 620 0 R
-/A 617 0 R
-/Parent 363 0 R
-/Prev 395 0 R
-/Next 675 0 R
-/First 623 0 R
-/Last 671 0 R
-/Count -7
->> endobj
-615 0 obj <<
-/Title 616 0 R
-/A 613 0 R
-/Parent 599 0 R
-/Prev 611 0 R
->> endobj
-611 0 obj <<
-/Title 612 0 R
-/A 609 0 R
-/Parent 599 0 R
-/Prev 607 0 R
-/Next 615 0 R
->> endobj
-607 0 obj <<
-/Title 608 0 R
-/A 605 0 R
-/Parent 599 0 R
-/Prev 603 0 R
-/Next 611 0 R
->> endobj
-603 0 obj <<
-/Title 604 0 R
-/A 601 0 R
-/Parent 599 0 R
-/Next 607 0 R
->> endobj
-599 0 obj <<
-/Title 600 0 R
-/A 597 0 R
-/Parent 395 0 R
-/Prev 595 0 R
-/First 603 0 R
-/Last 615 0 R
-/Count -4
->> endobj
-595 0 obj <<
-/Title 596 0 R
-/A 593 0 R
-/Parent 395 0 R
-/Prev 591 0 R
-/Next 599 0 R
->> endobj
-591 0 obj <<
-/Title 592 0 R
-/A 589 0 R
-/Parent 395 0 R
-/Prev 587 0 R
-/Next 595 0 R
->> endobj
-587 0 obj <<
-/Title 588 0 R
-/A 585 0 R
-/Parent 395 0 R
-/Prev 583 0 R
-/Next 591 0 R
->> endobj
-583 0 obj <<
-/Title 584 0 R
-/A 581 0 R
-/Parent 395 0 R
-/Prev 579 0 R
-/Next 587 0 R
->> endobj
-579 0 obj <<
-/Title 580 0 R
-/A 577 0 R
-/Parent 395 0 R
-/Prev 575 0 R
-/Next 583 0 R
->> endobj
-575 0 obj <<
-/Title 576 0 R
-/A 573 0 R
-/Parent 395 0 R
-/Prev 571 0 R
-/Next 579 0 R
->> endobj
-571 0 obj <<
-/Title 572 0 R
-/A 569 0 R
-/Parent 395 0 R
-/Prev 567 0 R
-/Next 575 0 R
->> endobj
-567 0 obj <<
-/Title 568 0 R
-/A 565 0 R
-/Parent 395 0 R
-/Prev 563 0 R
-/Next 571 0 R
->> endobj
-563 0 obj <<
-/Title 564 0 R
-/A 561 0 R
-/Parent 395 0 R
-/Prev 559 0 R
-/Next 567 0 R
->> endobj
-559 0 obj <<
-/Title 560 0 R
-/A 557 0 R
-/Parent 395 0 R
-/Prev 555 0 R
-/Next 563 0 R
->> endobj
-555 0 obj <<
-/Title 556 0 R
-/A 553 0 R
-/Parent 395 0 R
-/Prev 471 0 R
-/Next 559 0 R
->> endobj
-551 0 obj <<
-/Title 552 0 R
-/A 549 0 R
-/Parent 471 0 R
-/Prev 547 0 R
->> endobj
-547 0 obj <<
-/Title 548 0 R
-/A 545 0 R
-/Parent 471 0 R
-/Prev 543 0 R
-/Next 551 0 R
->> endobj
-543 0 obj <<
-/Title 544 0 R
-/A 541 0 R
-/Parent 471 0 R
-/Prev 539 0 R
-/Next 547 0 R
->> endobj
-539 0 obj <<
-/Title 540 0 R
-/A 537 0 R
-/Parent 471 0 R
-/Prev 535 0 R
-/Next 543 0 R
->> endobj
-535 0 obj <<
-/Title 536 0 R
-/A 533 0 R
-/Parent 471 0 R
-/Prev 531 0 R
-/Next 539 0 R
->> endobj
-531 0 obj <<
-/Title 532 0 R
-/A 529 0 R
-/Parent 471 0 R
-/Prev 527 0 R
-/Next 535 0 R
->> endobj
-527 0 obj <<
-/Title 528 0 R
-/A 525 0 R
-/Parent 471 0 R
-/Prev 523 0 R
-/Next 531 0 R
->> endobj
-523 0 obj <<
-/Title 524 0 R
-/A 521 0 R
-/Parent 471 0 R
-/Prev 519 0 R
-/Next 527 0 R
->> endobj
-519 0 obj <<
-/Title 520 0 R
-/A 517 0 R
-/Parent 471 0 R
-/Prev 515 0 R
-/Next 523 0 R
->> endobj
-515 0 obj <<
-/Title 516 0 R
-/A 513 0 R
-/Parent 471 0 R
-/Prev 511 0 R
-/Next 519 0 R
->> endobj
-511 0 obj <<
-/Title 512 0 R
-/A 509 0 R
-/Parent 471 0 R
-/Prev 507 0 R
-/Next 515 0 R
->> endobj
-507 0 obj <<
-/Title 508 0 R
-/A 505 0 R
-/Parent 471 0 R
-/Prev 503 0 R
-/Next 511 0 R
->> endobj
-503 0 obj <<
-/Title 504 0 R
-/A 501 0 R
-/Parent 471 0 R
-/Prev 499 0 R
-/Next 507 0 R
->> endobj
-499 0 obj <<
-/Title 500 0 R
-/A 497 0 R
-/Parent 471 0 R
-/Prev 495 0 R
-/Next 503 0 R
->> endobj
-495 0 obj <<
-/Title 496 0 R
-/A 493 0 R
-/Parent 471 0 R
-/Prev 491 0 R
-/Next 499 0 R
->> endobj
-491 0 obj <<
-/Title 492 0 R
-/A 489 0 R
-/Parent 471 0 R
-/Prev 487 0 R
-/Next 495 0 R
->> endobj
-487 0 obj <<
-/Title 488 0 R
-/A 485 0 R
-/Parent 471 0 R
-/Prev 483 0 R
-/Next 491 0 R
->> endobj
-483 0 obj <<
-/Title 484 0 R
-/A 481 0 R
-/Parent 471 0 R
-/Prev 479 0 R
-/Next 487 0 R
->> endobj
-479 0 obj <<
-/Title 480 0 R
-/A 477 0 R
-/Parent 471 0 R
-/Prev 475 0 R
-/Next 483 0 R
->> endobj
-475 0 obj <<
-/Title 476 0 R
-/A 473 0 R
-/Parent 471 0 R
-/Next 479 0 R
->> endobj
-471 0 obj <<
-/Title 472 0 R
-/A 469 0 R
-/Parent 395 0 R
-/Prev 467 0 R
-/Next 555 0 R
-/First 475 0 R
-/Last 551 0 R
-/Count -20
->> endobj
-467 0 obj <<
-/Title 468 0 R
-/A 465 0 R
-/Parent 395 0 R
-/Prev 463 0 R
-/Next 471 0 R
->> endobj
-463 0 obj <<
-/Title 464 0 R
-/A 461 0 R
-/Parent 395 0 R
-/Prev 459 0 R
-/Next 467 0 R
->> endobj
-459 0 obj <<
-/Title 460 0 R
-/A 457 0 R
-/Parent 395 0 R
-/Prev 455 0 R
-/Next 463 0 R
->> endobj
-455 0 obj <<
-/Title 456 0 R
-/A 453 0 R
-/Parent 395 0 R
-/Prev 451 0 R
-/Next 459 0 R
->> endobj
-451 0 obj <<
-/Title 452 0 R
-/A 449 0 R
-/Parent 395 0 R
-/Prev 435 0 R
-/Next 455 0 R
->> endobj
-447 0 obj <<
-/Title 448 0 R
-/A 445 0 R
-/Parent 435 0 R
-/Prev 443 0 R
->> endobj
-443 0 obj <<
-/Title 444 0 R
-/A 441 0 R
-/Parent 435 0 R
-/Prev 439 0 R
-/Next 447 0 R
->> endobj
-439 0 obj <<
-/Title 440 0 R
-/A 437 0 R
-/Parent 435 0 R
-/Next 443 0 R
->> endobj
-435 0 obj <<
-/Title 436 0 R
-/A 433 0 R
-/Parent 395 0 R
-/Prev 431 0 R
-/Next 451 0 R
-/First 439 0 R
-/Last 447 0 R
-/Count -3
->> endobj
-431 0 obj <<
-/Title 432 0 R
-/A 429 0 R
-/Parent 395 0 R
-/Prev 427 0 R
-/Next 435 0 R
->> endobj
-427 0 obj <<
-/Title 428 0 R
-/A 425 0 R
-/Parent 395 0 R
-/Prev 423 0 R
-/Next 431 0 R
->> endobj
-423 0 obj <<
-/Title 424 0 R
-/A 421 0 R
-/Parent 395 0 R
-/Prev 419 0 R
-/Next 427 0 R
->> endobj
-419 0 obj <<
-/Title 420 0 R
-/A 417 0 R
-/Parent 395 0 R
-/Prev 415 0 R
-/Next 423 0 R
->> endobj
-415 0 obj <<
-/Title 416 0 R
-/A 413 0 R
-/Parent 395 0 R
-/Prev 411 0 R
-/Next 419 0 R
->> endobj
-411 0 obj <<
-/Title 412 0 R
-/A 409 0 R
-/Parent 395 0 R
-/Prev 407 0 R
-/Next 415 0 R
->> endobj
-407 0 obj <<
-/Title 408 0 R
-/A 405 0 R
-/Parent 395 0 R
-/Prev 403 0 R
-/Next 411 0 R
->> endobj
-403 0 obj <<
-/Title 404 0 R
-/A 401 0 R
-/Parent 395 0 R
-/Prev 399 0 R
-/Next 407 0 R
->> endobj
-399 0 obj <<
-/Title 400 0 R
-/A 397 0 R
-/Parent 395 0 R
-/Next 403 0 R
->> endobj
-395 0 obj <<
-/Title 396 0 R
-/A 393 0 R
-/Parent 363 0 R
-/Prev 367 0 R
-/Next 619 0 R
-/First 399 0 R
-/Last 599 0 R
-/Count -28
->> endobj
-391 0 obj <<
-/Title 392 0 R
-/A 389 0 R
-/Parent 383 0 R
-/Prev 387 0 R
->> endobj
-387 0 obj <<
-/Title 388 0 R
-/A 385 0 R
-/Parent 383 0 R
-/Next 391 0 R
->> endobj
-383 0 obj <<
-/Title 384 0 R
-/A 381 0 R
-/Parent 367 0 R
-/Prev 371 0 R
-/First 387 0 R
-/Last 391 0 R
-/Count -2
->> endobj
-379 0 obj <<
-/Title 380 0 R
-/A 377 0 R
-/Parent 371 0 R
-/Prev 375 0 R
->> endobj
-375 0 obj <<
-/Title 376 0 R
-/A 373 0 R
-/Parent 371 0 R
-/Next 379 0 R
->> endobj
-371 0 obj <<
-/Title 372 0 R
-/A 369 0 R
-/Parent 367 0 R
-/Next 383 0 R
-/First 375 0 R
-/Last 379 0 R
-/Count -2
->> endobj
-367 0 obj <<
-/Title 368 0 R
-/A 365 0 R
-/Parent 363 0 R
-/Next 395 0 R
-/First 371 0 R
-/Last 383 0 R
-/Count -2
->> endobj
-363 0 obj <<
-/Title 364 0 R
-/A 361 0 R
-/Parent 2762 0 R
-/Prev 351 0 R
-/Next 707 0 R
-/First 367 0 R
-/Last 675 0 R
-/Count -4
->> endobj
-359 0 obj <<
-/Title 360 0 R
-/A 357 0 R
-/Parent 351 0 R
-/Prev 355 0 R
->> endobj
-355 0 obj <<
-/Title 356 0 R
-/A 353 0 R
-/Parent 351 0 R
-/Next 359 0 R
->> endobj
-351 0 obj <<
-/Title 352 0 R
-/A 349 0 R
-/Parent 2762 0 R
-/Prev 131 0 R
-/Next 363 0 R
-/First 355 0 R
-/Last 359 0 R
-/Count -2
->> endobj
-347 0 obj <<
-/Title 348 0 R
-/A 345 0 R
-/Parent 339 0 R
-/Prev 343 0 R
->> endobj
-343 0 obj <<
-/Title 344 0 R
-/A 341 0 R
-/Parent 339 0 R
-/Next 347 0 R
->> endobj
-339 0 obj <<
-/Title 340 0 R
-/A 337 0 R
-/Parent 131 0 R
-/Prev 287 0 R
-/First 343 0 R
-/Last 347 0 R
-/Count -2
->> endobj
-335 0 obj <<
-/Title 336 0 R
-/A 333 0 R
-/Parent 287 0 R
-/Prev 331 0 R
->> endobj
-331 0 obj <<
-/Title 332 0 R
-/A 329 0 R
-/Parent 287 0 R
-/Prev 327 0 R
-/Next 335 0 R
->> endobj
-327 0 obj <<
-/Title 328 0 R
-/A 325 0 R
-/Parent 287 0 R
-/Prev 323 0 R
-/Next 331 0 R
->> endobj
-323 0 obj <<
-/Title 324 0 R
-/A 321 0 R
-/Parent 287 0 R
-/Prev 307 0 R
-/Next 327 0 R
->> endobj
-319 0 obj <<
-/Title 320 0 R
-/A 317 0 R
-/Parent 307 0 R
-/Prev 315 0 R
->> endobj
-315 0 obj <<
-/Title 316 0 R
-/A 313 0 R
-/Parent 307 0 R
-/Prev 311 0 R
-/Next 319 0 R
->> endobj
-311 0 obj <<
-/Title 312 0 R
-/A 309 0 R
-/Parent 307 0 R
-/Next 315 0 R
->> endobj
-307 0 obj <<
-/Title 308 0 R
-/A 305 0 R
-/Parent 287 0 R
-/Prev 291 0 R
-/Next 323 0 R
-/First 311 0 R
-/Last 319 0 R
-/Count -3
->> endobj
-303 0 obj <<
-/Title 304 0 R
-/A 301 0 R
-/Parent 291 0 R
-/Prev 299 0 R
->> endobj
-299 0 obj <<
-/Title 300 0 R
-/A 297 0 R
-/Parent 291 0 R
-/Prev 295 0 R
-/Next 303 0 R
->> endobj
-295 0 obj <<
-/Title 296 0 R
-/A 293 0 R
-/Parent 291 0 R
-/Next 299 0 R
->> endobj
-291 0 obj <<
-/Title 292 0 R
-/A 289 0 R
-/Parent 287 0 R
-/Next 307 0 R
-/First 295 0 R
-/Last 303 0 R
-/Count -3
->> endobj
-287 0 obj <<
-/Title 288 0 R
-/A 285 0 R
-/Parent 131 0 R
-/Prev 275 0 R
-/Next 339 0 R
-/First 291 0 R
-/Last 335 0 R
-/Count -6
->> endobj
-283 0 obj <<
-/Title 284 0 R
-/A 281 0 R
-/Parent 275 0 R
-/Prev 279 0 R
->> endobj
-279 0 obj <<
-/Title 280 0 R
-/A 277 0 R
-/Parent 275 0 R
-/Next 283 0 R
->> endobj
-275 0 obj <<
-/Title 276 0 R
-/A 273 0 R
-/Parent 131 0 R
-/Prev 219 0 R
-/Next 287 0 R
-/First 279 0 R
-/Last 283 0 R
-/Count -2
->> endobj
-271 0 obj <<
-/Title 272 0 R
-/A 269 0 R
-/Parent 219 0 R
-/Prev 267 0 R
->> endobj
-267 0 obj <<
-/Title 268 0 R
-/A 265 0 R
-/Parent 219 0 R
-/Prev 263 0 R
-/Next 271 0 R
->> endobj
-263 0 obj <<
-/Title 264 0 R
-/A 261 0 R
-/Parent 219 0 R
-/Prev 259 0 R
-/Next 267 0 R
->> endobj
-259 0 obj <<
-/Title 260 0 R
-/A 257 0 R
-/Parent 219 0 R
-/Prev 255 0 R
-/Next 263 0 R
->> endobj
-255 0 obj <<
-/Title 256 0 R
-/A 253 0 R
-/Parent 219 0 R
-/Prev 251 0 R
-/Next 259 0 R
->> endobj
-251 0 obj <<
-/Title 252 0 R
-/A 249 0 R
-/Parent 219 0 R
-/Prev 247 0 R
-/Next 255 0 R
->> endobj
-247 0 obj <<
-/Title 248 0 R
-/A 245 0 R
-/Parent 219 0 R
-/Prev 243 0 R
-/Next 251 0 R
->> endobj
-243 0 obj <<
-/Title 244 0 R
-/A 241 0 R
-/Parent 219 0 R
-/Prev 239 0 R
-/Next 247 0 R
->> endobj
-239 0 obj <<
-/Title 240 0 R
-/A 237 0 R
-/Parent 219 0 R
-/Prev 235 0 R
-/Next 243 0 R
->> endobj
-235 0 obj <<
-/Title 236 0 R
-/A 233 0 R
-/Parent 219 0 R
-/Prev 231 0 R
-/Next 239 0 R
->> endobj
-231 0 obj <<
-/Title 232 0 R
-/A 229 0 R
-/Parent 219 0 R
-/Prev 227 0 R
-/Next 235 0 R
->> endobj
-227 0 obj <<
-/Title 228 0 R
-/A 225 0 R
-/Parent 219 0 R
-/Prev 223 0 R
-/Next 231 0 R
->> endobj
-223 0 obj <<
-/Title 224 0 R
-/A 221 0 R
-/Parent 219 0 R
-/Next 227 0 R
->> endobj
-219 0 obj <<
-/Title 220 0 R
-/A 217 0 R
-/Parent 131 0 R
-/Prev 203 0 R
-/Next 275 0 R
-/First 223 0 R
-/Last 271 0 R
-/Count -13
->> endobj
-215 0 obj <<
-/Title 216 0 R
-/A 213 0 R
-/Parent 203 0 R
-/Prev 211 0 R
->> endobj
-211 0 obj <<
-/Title 212 0 R
-/A 209 0 R
-/Parent 203 0 R
-/Prev 207 0 R
-/Next 215 0 R
->> endobj
-207 0 obj <<
-/Title 208 0 R
-/A 205 0 R
-/Parent 203 0 R
-/Next 211 0 R
->> endobj
-203 0 obj <<
-/Title 204 0 R
-/A 201 0 R
-/Parent 131 0 R
-/Prev 199 0 R
-/Next 219 0 R
-/First 207 0 R
-/Last 215 0 R
-/Count -3
->> endobj
-199 0 obj <<
-/Title 200 0 R
-/A 197 0 R
-/Parent 131 0 R
-/Prev 195 0 R
-/Next 203 0 R
->> endobj
-195 0 obj <<
-/Title 196 0 R
-/A 193 0 R
-/Parent 131 0 R
-/Prev 159 0 R
-/Next 199 0 R
->> endobj
-191 0 obj <<
-/Title 192 0 R
-/A 189 0 R
-/Parent 159 0 R
-/Prev 187 0 R
->> endobj
-187 0 obj <<
-/Title 188 0 R
-/A 185 0 R
-/Parent 159 0 R
-/Prev 183 0 R
-/Next 191 0 R
->> endobj
-183 0 obj <<
-/Title 184 0 R
-/A 181 0 R
-/Parent 159 0 R
-/Prev 179 0 R
-/Next 187 0 R
->> endobj
-179 0 obj <<
-/Title 180 0 R
-/A 177 0 R
-/Parent 159 0 R
-/Prev 175 0 R
-/Next 183 0 R
->> endobj
-175 0 obj <<
-/Title 176 0 R
-/A 173 0 R
-/Parent 159 0 R
-/Prev 163 0 R
-/Next 179 0 R
->> endobj
-171 0 obj <<
-/Title 172 0 R
-/A 169 0 R
-/Parent 163 0 R
-/Prev 167 0 R
->> endobj
-167 0 obj <<
-/Title 168 0 R
-/A 165 0 R
-/Parent 163 0 R
-/Next 171 0 R
->> endobj
-163 0 obj <<
-/Title 164 0 R
-/A 161 0 R
-/Parent 159 0 R
-/Next 175 0 R
-/First 167 0 R
-/Last 171 0 R
-/Count -2
->> endobj
-159 0 obj <<
-/Title 160 0 R
-/A 157 0 R
-/Parent 131 0 R
-/Prev 151 0 R
-/Next 195 0 R
-/First 163 0 R
-/Last 191 0 R
-/Count -6
->> endobj
-155 0 obj <<
-/Title 156 0 R
-/A 153 0 R
-/Parent 151 0 R
->> endobj
-151 0 obj <<
-/Title 152 0 R
-/A 149 0 R
-/Parent 131 0 R
-/Prev 147 0 R
-/Next 159 0 R
-/First 155 0 R
-/Last 155 0 R
-/Count -1
->> endobj
-147 0 obj <<
-/Title 148 0 R
-/A 145 0 R
-/Parent 131 0 R
-/Prev 139 0 R
-/Next 151 0 R
->> endobj
-143 0 obj <<
-/Title 144 0 R
-/A 141 0 R
-/Parent 139 0 R
->> endobj
-139 0 obj <<
-/Title 140 0 R
-/A 137 0 R
-/Parent 131 0 R
-/Prev 135 0 R
-/Next 147 0 R
-/First 143 0 R
-/Last 143 0 R
-/Count -1
->> endobj
-135 0 obj <<
-/Title 136 0 R
-/A 133 0 R
-/Parent 131 0 R
-/Next 139 0 R
->> endobj
-131 0 obj <<
-/Title 132 0 R
-/A 129 0 R
-/Parent 2762 0 R
-/Prev 91 0 R
-/Next 351 0 R
-/First 135 0 R
-/Last 339 0 R
-/Count -12
->> endobj
-127 0 obj <<
-/Title 128 0 R
-/A 125 0 R
-/Parent 111 0 R
-/Prev 115 0 R
->> endobj
-123 0 obj <<
-/Title 124 0 R
-/A 121 0 R
-/Parent 115 0 R
-/Prev 119 0 R
->> endobj
-119 0 obj <<
-/Title 120 0 R
-/A 117 0 R
-/Parent 115 0 R
-/Next 123 0 R
->> endobj
-115 0 obj <<
-/Title 116 0 R
-/A 113 0 R
-/Parent 111 0 R
-/Next 127 0 R
-/First 119 0 R
-/Last 123 0 R
-/Count -2
->> endobj
-111 0 obj <<
-/Title 112 0 R
-/A 109 0 R
-/Parent 91 0 R
-/Prev 107 0 R
-/First 115 0 R
-/Last 127 0 R
-/Count -2
->> endobj
-107 0 obj <<
-/Title 108 0 R
-/A 105 0 R
-/Parent 91 0 R
-/Prev 95 0 R
-/Next 111 0 R
->> endobj
-103 0 obj <<
-/Title 104 0 R
-/A 101 0 R
-/Parent 95 0 R
-/Prev 99 0 R
->> endobj
-99 0 obj <<
-/Title 100 0 R
-/A 97 0 R
-/Parent 95 0 R
-/Next 103 0 R
->> endobj
-95 0 obj <<
-/Title 96 0 R
-/A 93 0 R
-/Parent 91 0 R
-/Next 107 0 R
-/First 99 0 R
-/Last 103 0 R
-/Count -2
->> endobj
-91 0 obj <<
-/Title 92 0 R
-/A 89 0 R
-/Parent 2762 0 R
-/Prev 67 0 R
-/Next 131 0 R
-/First 95 0 R
-/Last 111 0 R
-/Count -3
->> endobj
-87 0 obj <<
-/Title 88 0 R
-/A 85 0 R
-/Parent 67 0 R
-/Prev 83 0 R
->> endobj
-83 0 obj <<
-/Title 84 0 R
-/A 81 0 R
-/Parent 67 0 R
-/Prev 79 0 R
-/Next 87 0 R
->> endobj
-79 0 obj <<
-/Title 80 0 R
-/A 77 0 R
-/Parent 67 0 R
-/Prev 75 0 R
-/Next 83 0 R
->> endobj
-75 0 obj <<
-/Title 76 0 R
-/A 73 0 R
-/Parent 67 0 R
-/Prev 71 0 R
-/Next 79 0 R
->> endobj
-71 0 obj <<
-/Title 72 0 R
-/A 69 0 R
-/Parent 67 0 R
-/Next 75 0 R
->> endobj
-67 0 obj <<
-/Title 68 0 R
-/A 65 0 R
-/Parent 2762 0 R
-/Prev 7 0 R
-/Next 91 0 R
-/First 71 0 R
-/Last 87 0 R
-/Count -5
->> endobj
-63 0 obj <<
-/Title 64 0 R
-/A 61 0 R
-/Parent 23 0 R
-/Prev 55 0 R
->> endobj
-59 0 obj <<
-/Title 60 0 R
-/A 57 0 R
-/Parent 55 0 R
->> endobj
-55 0 obj <<
-/Title 56 0 R
-/A 53 0 R
-/Parent 23 0 R
-/Prev 39 0 R
-/Next 63 0 R
-/First 59 0 R
-/Last 59 0 R
-/Count -1
->> endobj
-51 0 obj <<
-/Title 52 0 R
-/A 49 0 R
-/Parent 39 0 R
-/Prev 47 0 R
->> endobj
-47 0 obj <<
-/Title 48 0 R
-/A 45 0 R
-/Parent 39 0 R
-/Prev 43 0 R
-/Next 51 0 R
->> endobj
-43 0 obj <<
-/Title 44 0 R
-/A 41 0 R
-/Parent 39 0 R
-/Next 47 0 R
->> endobj
-39 0 obj <<
-/Title 40 0 R
-/A 37 0 R
-/Parent 23 0 R
-/Prev 35 0 R
-/Next 55 0 R
-/First 43 0 R
-/Last 51 0 R
-/Count -3
->> endobj
-35 0 obj <<
-/Title 36 0 R
-/A 33 0 R
-/Parent 23 0 R
-/Prev 31 0 R
-/Next 39 0 R
->> endobj
-31 0 obj <<
-/Title 32 0 R
-/A 29 0 R
-/Parent 23 0 R
-/Prev 27 0 R
-/Next 35 0 R
->> endobj
-27 0 obj <<
-/Title 28 0 R
-/A 25 0 R
-/Parent 23 0 R
-/Next 31 0 R
->> endobj
-23 0 obj <<
-/Title 24 0 R
-/A 21 0 R
-/Parent 7 0 R
-/Prev 19 0 R
-/First 27 0 R
-/Last 63 0 R
-/Count -6
->> endobj
-19 0 obj <<
-/Title 20 0 R
-/A 17 0 R
-/Parent 7 0 R
-/Prev 15 0 R
-/Next 23 0 R
->> endobj
-15 0 obj <<
-/Title 16 0 R
-/A 13 0 R
-/Parent 7 0 R
-/Prev 11 0 R
-/Next 19 0 R
->> endobj
-11 0 obj <<
-/Title 12 0 R
-/A 9 0 R
-/Parent 7 0 R
-/Next 15 0 R
->> endobj
-7 0 obj <<
-/Title 8 0 R
-/A 5 0 R
-/Parent 2762 0 R
-/Next 67 0 R
-/First 11 0 R
-/Last 23 0 R
-/Count -4
->> endobj
-2763 0 obj <<
-/Names [(Access_Control_Lists) 2088 0 R (Bv9ARM.ch01) 1230 0 R (Bv9ARM.ch02) 1274 0 R (Bv9ARM.ch03) 1292 0 R (Bv9ARM.ch04) 1355 0 R (Bv9ARM.ch05) 1536 0 R (Bv9ARM.ch06) 1547 0 R (Bv9ARM.ch07) 2087 0 R (Bv9ARM.ch08) 2112 0 R (Bv9ARM.ch09) 2127 0 R (Bv9ARM.ch10) 2388 0 R (Configuration_File_Grammar) 1570 0 R (DNSSEC) 1421 0 R (Doc-Start) 935 0 R (Setting_TTLs) 2008 0 R (acache) 1281 0 R (access_control) 1721 0 R (acl) 1579 0 R (address_match_lists) 1552 0 R (admin_tools) 1314 0 R (appendix.A) 750 0 R (appendix.B) 842 0 R (bibliography) 2135 0 R (bind9.library) 2344 0 R (boolean_options) 1370 0 R (builtin) 1802 0 R (chapter*.1) 969 0 R (chapter.1) 6 0 R (chapter.2) 66 0 R (chapter.3) 90 0 R (chapter.4) 130 0 R (chapter.5) 350 0 R (chapter.6) 362 0 R (chapter.7) 706 0 R (chapter.8) 730 0 R (cite.RFC1033) 2263 0 R (cite.RFC1034) 2147 0 R (cite.RFC1035) 2149 0 R (cite.RFC1101) 2244 0 R (cite.RFC1123) 2246 0 R (cite.RFC1183) 2206 0 R (cite.RFC1464) 2285 0 R (cite.RFC1535) 2192 0 R (cite.RFC1536) 2194 0 R (cite.RFC1537) 2265 0 R (cite.RFC1591) 2248 0 R (cite.RFC1706) 2208 0 R (cite.RFC1712) 2305 0 R (cite.RFC1713) 2287 0 R (cite.RFC1794) 2289 0 R (cite.RFC1876) 2210 0 R (cite.RFC1912) 2267 0 R (cite.RFC1982) 2196 0 R (cite.RFC1995) 2154 0 R (cite.RFC1996) 2156 0 R (cite.RFC2010) 2269 0 R (cite.RFC2052) 2212 0 R (cite.RFC2065) 2317 0 R (cite.RFC2136) 2158 0 R (cite.RFC2137) 2319 0 R (cite.RFC2163) 2214 0 R (cite.RFC2168) 2216 0 R (cite.RFC2181) 2160 0 R (cite.RFC2219) 2271 0 R (cite.RFC2230) 2218 0 R (cite.RFC2240) 2291 0 R (cite.RFC2308) 2162 0 R (cite.RFC2317) 2250 0 R (cite.RFC2345) 2293 0 R (cite.RFC2352) 2295 0 R (cite.RFC2535) 2321 0 R (cite.RFC2536) 2220 0 R (cite.RFC2537) 2222 0 R (cite.RFC2538) 2224 0 R (cite.RFC2539) 2226 0 R (cite.RFC2540) 2228 0 R (cite.RFC2671) 2164 0 R (cite.RFC2672) 2166 0 R (cite.RFC2673) 2307 0 R (cite.RFC2782) 2230 0 R (cite.RFC2825) 2275 0 R (cite.RFC2826) 2252 0 R (cite.RFC2845) 2168 0 R (cite.RFC2874) 2309 0 R (cite.RFC2915) 2232 0 R (cite.RFC2929) 2254 0 R (cite.RFC2930) 21!
70 0 R (cite.RFC2931) 2172 0 R (cite.RFC3007) 2174 0 R (cite.RFC3008) 2323 0 R (cite.RFC3071) 2297 0 R (cite.RFC3090) 2325 0 R (cite.RFC3110) 2234 0 R (cite.RFC3123) 2236 0 R (cite.RFC3225) 2180 0 R (cite.RFC3258) 2299 0 R (cite.RFC3445) 2327 0 R (cite.RFC3490) 2277 0 R (cite.RFC3491) 2279 0 R (cite.RFC3492) 2281 0 R (cite.RFC3596) 2238 0 R (cite.RFC3597) 2240 0 R (cite.RFC3645) 2176 0 R (cite.RFC3655) 2329 0 R (cite.RFC3658) 2331 0 R (cite.RFC3755) 2333 0 R (cite.RFC3757) 2335 0 R (cite.RFC3833) 2182 0 R (cite.RFC3845) 2337 0 R (cite.RFC3901) 2301 0 R (cite.RFC4033) 2184 0 R (cite.RFC4034) 2186 0 R (cite.RFC4035) 2188 0 R (cite.RFC4074) 2198 0 R (cite.RFC974) 2151 0 R (cite.id2512742) 2342 0 R (clients-per-query) 2059 0 R (configuration_file_elements) 1548 0 R (controls_statement_definition_and_usage) 1338 0 R (diagnostic_tools) 1262 0 R (dnssec.dynamic.zones) 1441 0 R (dynamic_update) 1365 0 R (dynamic_update_policies) 1327 0 R (dynamic_update_security) 1730 0 R (empty) 1809 0 R (historical_dns_information) 2129 0 R (id2466570) 1231 0 R (id2466594) 1232 0 R (id2467484) 1233 0 R (id2467494) 1234 0 R (id2467734) 1244 0 R (id2467755) 1245 0 R (id2467789) 1246 0 R (id2467874) 1249 0 R (id2467966) 1242 0 R (id2470272) 1256 0 R (id2470295) 1259 0 R (id2470393) 1260 0 R (id2470414) 1261 0 R (id2470444) 1267 0 R (id2470480) 1268 0 R (id2470574) 1269 0 R (id2470609) 1275 0 R (id2470635) 1276 0 R (id2470716) 1277 0 R (id2470742) 1280 0 R (id2470753) 1286 0 R (id2470785) 1294 0 R (id2470801) 1295 0 R (id2470823) 1300 0 R (id2470840) 1301 0 R (id2471245) 1309 0 R (id2471251) 1310 0 R (id2473366) 1343 0 R (id2473378) 1344 0 R (id2473879) 1380 0 R (id2473897) 1386 0 R (id2474398) 1402 0 R (id2474416) 1403 0 R (id2474454) 1404 0 R (id2474472) 1405 0 R (id2474483) 1406 0 R (id2474519) 1411 0 R (id2474577) 1412 0 R (id2474626) 1414 0 R (id2474640) 1415 0 R (id2474893) 1420 0 R (id2475098) 1422 0 R (id2475177) 1427 0 R (id2475258) 1428 0 R (id2475479) 1442 0 R (id2475653) 1447 0 R (id2475689) 1448 0 R (id2475840) 1454 0 R (id24!
75877) 1461 0 R (id2475890) 1462 0 R (id2475923) 1463 0 R (id2475949) 1468 0 R (id2475959) 1469 0 R (id2476037) 1470 0 R (id2476050) 1471 0 R (id2476087) 1472 0 R (id2476097) 1473 0 R (id2476202) 1475 0 R (id2476225) 1482 0 R (id2476394) 1488 0 R (id2476558) 1494 0 R (id2476628) 1495 0 R (id2476745) 1500 0 R (id2476964) 1501 0 R (id2476972) 1502 0 R (id2477004) 1507 0 R (id2477041) 1508 0 R (id2477089) 1509 0 R (id2477120) 1510 0 R (id2477523) 1520 0 R (id2477569) 1521 0 R (id2477623) 1526 0 R (id2477685) 1528 0 R (id2477706) 1529 0 R (id2477876) 1537 0 R (id2478023) 1549 0 R (id2479053) 1561 0 R (id2479081) 1562 0 R (id2479424) 1563 0 R (id2479438) 1568 0 R (id2479468) 1569 0 R (id2479611) 1571 0 R (id2480077) 1578 0 R (id2480120) 1580 0 R (id2480267) 1586 0 R (id2480627) 1594 0 R (id2480644) 1595 0 R (id2480667) 1596 0 R (id2480691) 1597 0 R (id2480850) 1601 0 R (id2480976) 1606 0 R (id2481028) 1607 0 R (id2481721) 1618 0 R (id2482482) 1629 0 R (id2482544) 1630 0 R (id2482933) 1636 0 R (id2483006) 1641 0 R (id2483139) 1644 0 R (id2483182) 1645 0 R (id2483197) 1646 0 R (id2486685) 1689 0 R (id2488853) 1718 0 R (id2489048) 1720 0 R (id2489609) 1736 0 R (id2490819) 1754 0 R (id2490878) 1761 0 R (id2491233) 1769 0 R (id2491872) 1783 0 R (id2493699) 1826 0 R (id2493825) 1833 0 R (id2495157) 1854 0 R (id2495297) 1856 0 R (id2495344) 1862 0 R (id2495853) 1868 0 R (id2497417) 1885 0 R (id2497425) 1886 0 R (id2497430) 1887 0 R (id2498038) 1899 0 R (id2498071) 1900 0 R (id2500110) 1967 0 R (id2500842) 1978 0 R (id2500860) 1979 0 R (id2500881) 1982 0 R (id2501049) 1984 0 R (id2502424) 1994 0 R (id2502552) 1996 0 R (id2502573) 1997 0 R (id2503004) 2003 0 R (id2503141) 2005 0 R (id2503159) 2006 0 R (id2503563) 2009 0 R (id2503688) 2015 0 R (id2503703) 2016 0 R (id2503815) 2018 0 R (id2503837) 2019 0 R (id2503853) 2020 0 R (id2503914) 2026 0 R (id2503984) 2027 0 R (id2504020) 2028 0 R (id2504164) 2033 0 R (id2504675) 2040 0 R (id2504973) 2048 0 R (id2505047) 2049 0 R (id2506683) 2056 0 R (id2506690) 2057 0 R (id2507066) 206!
4 0 R (id2507072) 2065 0 R (id2508156) 2072 0 R (id2508188) 2073 0 R (id2508598) 2078 0 R (id2508825) 2096 0 R (id2508906) 2097 0 R (id2508966) 2098 0 R (id2509046) 2113 0 R (id2509051) 2114 0 R (id2509063) 2115 0 R (id2509080) 2116 0 R (id2509142) 2128 0 R (id2509382) 2134 0 R (id2509570) 2139 0 R (id2509572) 2145 0 R (id2509580) 2150 0 R (id2509604) 2146 0 R (id2509627) 2148 0 R (id2509664) 2159 0 R (id2509690) 2161 0 R (id2509716) 2153 0 R (id2509740) 2155 0 R (id2509764) 2157 0 R (id2509819) 2163 0 R (id2509846) 2165 0 R (id2509873) 2167 0 R (id2509934) 2169 0 R (id2510033) 2171 0 R (id2510062) 2173 0 R (id2510089) 2175 0 R (id2510164) 2178 0 R (id2510171) 2179 0 R (id2510198) 2181 0 R (id2510234) 2183 0 R (id2510299) 2185 0 R (id2510364) 2187 0 R (id2510429) 2190 0 R (id2510438) 2191 0 R (id2510464) 2193 0 R (id2510532) 2195 0 R (id2510567) 2197 0 R (id2510608) 2204 0 R (id2510613) 2205 0 R (id2510739) 2207 0 R (id2510776) 2215 0 R (id2510811) 2209 0 R (id2510866) 2211 0 R (id2510904) 2213 0 R (id2510930) 2217 0 R (id2510955) 2219 0 R (id2510982) 2221 0 R (id2511009) 2223 0 R (id2511048) 2225 0 R (id2511078) 2227 0 R (id2511108) 2229 0 R (id2511150) 2231 0 R (id2511184) 2233 0 R (id2511210) 2235 0 R (id2511234) 2237 0 R (id2511291) 2239 0 R (id2511316) 2242 0 R (id2511323) 2243 0 R (id2511349) 2245 0 R (id2511371) 2247 0 R (id2511463) 2249 0 R (id2511509) 2251 0 R (id2511532) 2253 0 R (id2511582) 2261 0 R (id2511590) 2262 0 R (id2511613) 2264 0 R (id2511640) 2266 0 R (id2511667) 2268 0 R (id2511703) 2270 0 R (id2511744) 2273 0 R (id2511749) 2274 0 R (id2511781) 2276 0 R (id2511827) 2278 0 R (id2511862) 2280 0 R (id2511889) 2283 0 R (id2511907) 2284 0 R (id2511929) 2286 0 R (id2511955) 2288 0 R (id2511980) 2290 0 R (id2512004) 2292 0 R (id2512050) 2294 0 R (id2512073) 2296 0 R (id2512100) 2298 0 R (id2512125) 2300 0 R (id2512163) 2303 0 R (id2512169) 2304 0 R (id2512227) 2306 0 R (id2512253) 2308 0 R (id2512290) 2315 0 R (id2512301) 2316 0 R (id2512341) 2318 0 R (id2512368) 2320 0 R (id2512397) 2322 0 R (id2!
512491) 2324 0 R (id2512518) 2326 0 R (id2512554) 2328 0 R (id2512590) 2330 0 R (id2512617) 2332 0 R (id2512644) 2334 0 R (id2512689) 2336 0 R (id2512730) 2339 0 R (id2512740) 2341 0 R (id2512742) 2343 0 R (id2512898) 2349 0 R (id2512907) 2350 0 R (id2512932) 2351 0 R (id2512963) 2352 0 R (id2513108) 2357 0 R (id2513134) 2359 0 R (id2513143) 2360 0 R (id2513234) 2365 0 R (id2513287) 2366 0 R (id2513419) 2367 0 R (id2513434) 2372 0 R (id2513565) 2378 0 R (id2513698) 2379 0 R (incremental_zone_transfers) 1377 0 R (internet_drafts) 2338 0 R (ipv6addresses) 1531 0 R (journal) 1376 0 R (lwresd) 1538 0 R (man.arpaname) 2698 0 R (man.ddns-confgen) 2686 0 R (man.dig) 2389 0 R (man.dnssec-dsfromkey) 2437 0 R (man.dnssec-keyfromlabel) 2455 0 R (man.dnssec-keygen) 1455 0 R (man.dnssec-revoke) 2498 0 R (man.dnssec-settime) 1456 0 R (man.dnssec-signzone) 2526 0 R (man.genrandom) 2708 0 R (man.host) 2422 0 R (man.isc-hmac-fixup) 2715 0 R (man.named) 2583 0 R (man.named-checkconf) 2551 0 R (man.named-checkzone) 2563 0 R (man.named-journalprint) 2606 0 R (man.nsec3hash) 2726 0 R (man.nsupdate) 2616 0 R (man.rndc) 2642 0 R (man.rndc-confgen) 2670 0 R (man.rndc.conf) 2654 0 R (managed-keys) 1477 0 R (notify) 1356 0 R (options) 1326 0 R (page.1) 934 0 R (page.10) 1318 0 R (page.100) 1939 0 R (page.101) 1959 0 R (page.102) 1966 0 R (page.103) 1973 0 R (page.104) 1977 0 R (page.105) 1989 0 R (page.106) 1993 0 R (page.107) 2002 0 R (page.108) 2014 0 R (page.109) 2025 0 R (page.11) 1331 0 R (page.110) 2032 0 R (page.111) 2038 0 R (page.112) 2045 0 R (page.113) 2054 0 R (page.114) 2063 0 R (page.115) 2071 0 R (page.116) 2082 0 R (page.117) 2086 0 R (page.118) 2092 0 R (page.119) 2102 0 R (page.12) 1335 0 R (page.120) 2106 0 R (page.121) 2111 0 R (page.122) 2122 0 R (page.123) 2126 0 R (page.124) 2133 0 R (page.125) 2143 0 R (page.126) 2202 0 R (page.127) 2259 0 R (page.128) 2313 0 R (page.129) 2348 0 R (page.13) 1342 0 R (page.130) 2356 0 R (page.131) 2364 0 R (page.132) 2371 0 R (page.133) 2377 0 R (page.134) 2383 0 R (page.135) 2387 !
0 R (page.136) 2396 0 R (page.137) 2402 0 R (page.138) 2407 0 R (page.139) 2412 0 R (page.14) 1349 0 R (page.140) 2417 0 R (page.141) 2428 0 R (page.142) 2433 0 R (page.143) 2445 0 R (page.144) 2454 0 R (page.145) 2464 0 R (page.146) 2469 0 R (page.147) 2478 0 R (page.148) 2484 0 R (page.149) 2488 0 R (page.15) 1354 0 R (page.150) 2494 0 R (page.151) 2506 0 R (page.152) 2516 0 R (page.153) 2522 0 R (page.154) 2532 0 R (page.155) 2538 0 R (page.156) 2542 0 R (page.157) 2547 0 R (page.158) 2557 0 R (page.159) 2568 0 R (page.16) 1375 0 R (page.160) 2575 0 R (page.161) 2579 0 R (page.162) 2591 0 R (page.163) 2596 0 R (page.164) 2602 0 R (page.165) 2614 0 R (page.166) 2623 0 R (page.167) 2628 0 R (page.168) 2632 0 R (page.169) 2640 0 R (page.17) 1385 0 R (page.170) 2650 0 R (page.171) 2661 0 R (page.172) 2666 0 R (page.173) 2677 0 R (page.174) 2683 0 R (page.175) 2695 0 R (page.176) 2707 0 R (page.177) 2721 0 R (page.178) 2734 0 R (page.18) 1390 0 R (page.19) 1396 0 R (page.2) 958 0 R (page.20) 1401 0 R (page.21) 1410 0 R (page.22) 1419 0 R (page.23) 1426 0 R (page.24) 1432 0 R (page.25) 1437 0 R (page.26) 1446 0 R (page.27) 1460 0 R (page.28) 1467 0 R (page.29) 1481 0 R (page.3) 1255 0 R (page.30) 1487 0 R (page.31) 1493 0 R (page.32) 1499 0 R (page.33) 1506 0 R (page.34) 1514 0 R (page.35) 1519 0 R (page.36) 1525 0 R (page.37) 1535 0 R (page.38) 1542 0 R (page.39) 1546 0 R (page.4) 1266 0 R (page.40) 1556 0 R (page.41) 1560 0 R (page.42) 1567 0 R (page.43) 1577 0 R (page.44) 1585 0 R (page.45) 1593 0 R (page.46) 1605 0 R (page.47) 1611 0 R (page.48) 1617 0 R (page.49) 1624 0 R (page.5) 1273 0 R (page.50) 1628 0 R (page.51) 1635 0 R (page.52) 1640 0 R (page.53) 1650 0 R (page.54) 1654 0 R (page.55) 1659 0 R (page.56) 1663 0 R (page.57) 1667 0 R (page.58) 1671 0 R (page.59) 1678 0 R (page.6) 1285 0 R (page.60) 1683 0 R (page.61) 1688 0 R (page.62) 1694 0 R (page.63) 1705 0 R (page.64) 1709 0 R (page.65) 1713 0 R (page.66) 1717 0 R (page.67) 1728 0 R (page.68) 1734 0 R (page.69) 1740 0 R (page.7) 1291 0 R (page.70) 17!
45 0 R (page.71) 1749 0 R (page.72) 1753 0 R (page.73) 1760 0 R (page.74) 1768 0 R (page.75) 1773 0 R (page.76) 1781 0 R (page.77) 1788 0 R (page.78) 1793 0 R (page.79) 1801 0 R (page.8) 1299 0 R (page.80) 1808 0 R (page.81) 1813 0 R (page.82) 1817 0 R (page.83) 1821 0 R (page.84) 1825 0 R (page.85) 1832 0 R (page.86) 1837 0 R (page.87) 1841 0 R (page.88) 1846 0 R (page.89) 1852 0 R (page.9) 1308 0 R (page.90) 1861 0 R (page.91) 1867 0 R (page.92) 1872 0 R (page.93) 1876 0 R (page.94) 1880 0 R (page.95) 1884 0 R (page.96) 1892 0 R (page.97) 1897 0 R (page.98) 1912 0 R (page.99) 1927 0 R (page.i) 968 0 R (page.ii) 1023 0 R (page.iii) 1087 0 R (page.iv) 1150 0 R (page.v) 1212 0 R (pkcs11) 1483 0 R (proposed_standards) 1381 0 R (query_address) 1741 0 R (rfc5011.support) 1474 0 R (rfcs) 1251 0 R (rndc) 1589 0 R (root_delegation_only) 1908 0 R (rrset_ordering) 1304 0 R (sample_configuration) 1293 0 R (section*.10) 2272 0 R (section*.100) 2604 0 R (section*.101) 2605 0 R (section*.102) 2607 0 R (section*.103) 2608 0 R (section*.104) 2609 0 R (section*.105) 2610 0 R (section*.106) 2615 0 R (section*.107) 2617 0 R (section*.108) 2618 0 R (section*.109) 2619 0 R (section*.11) 2282 0 R (section*.110) 2624 0 R (section*.111) 2633 0 R (section*.112) 2634 0 R (section*.113) 2635 0 R (section*.114) 2641 0 R (section*.115) 2643 0 R (section*.116) 2644 0 R (section*.117) 2645 0 R (section*.118) 2646 0 R (section*.119) 2651 0 R (section*.12) 2302 0 R (section*.120) 2652 0 R (section*.121) 2653 0 R (section*.122) 2655 0 R (section*.123) 2656 0 R (section*.124) 2657 0 R (section*.125) 2662 0 R (section*.126) 2667 0 R (section*.127) 2668 0 R (section*.128) 2669 0 R (section*.129) 2671 0 R (section*.13) 2314 0 R (section*.130) 2672 0 R (section*.131) 2673 0 R (section*.132) 2678 0 R (section*.133) 2679 0 R (section*.134) 2684 0 R (section*.135) 2685 0 R (section*.136) 2687 0 R (section*.137) 2688 0 R (section*.138) 2689 0 R (section*.139) 2690 0 R (section*.14) 2340 0 R (section*.140) 2696 0 R (section*.141) 2697 0 R (section*.142) !
2699 0 R (section*.143) 2700 0 R (section*.144) 2701 0 R (section*.145) 2702 0 R (section*.146) 2703 0 R (section*.147) 2709 0 R (section*.148) 2710 0 R (section*.149) 2711 0 R (section*.15) 2390 0 R (section*.150) 2712 0 R (section*.151) 2713 0 R (section*.152) 2714 0 R (section*.153) 2716 0 R (section*.154) 2717 0 R (section*.155) 2722 0 R (section*.156) 2723 0 R (section*.157) 2724 0 R (section*.158) 2725 0 R (section*.159) 2727 0 R (section*.16) 2391 0 R (section*.160) 2728 0 R (section*.161) 2729 0 R (section*.162) 2730 0 R (section*.163) 2735 0 R (section*.164) 2736 0 R (section*.17) 2392 0 R (section*.18) 2397 0 R (section*.19) 2398 0 R (section*.2) 2138 0 R (section*.20) 2403 0 R (section*.21) 2413 0 R (section*.22) 2418 0 R (section*.23) 2419 0 R (section*.24) 2420 0 R (section*.25) 2421 0 R (section*.26) 2423 0 R (section*.27) 2424 0 R (section*.28) 2429 0 R (section*.29) 2434 0 R (section*.3) 2144 0 R (section*.30) 2435 0 R (section*.31) 2436 0 R (section*.32) 2438 0 R (section*.33) 2439 0 R (section*.34) 2440 0 R (section*.35) 2441 0 R (section*.36) 2446 0 R (section*.37) 2447 0 R (section*.38) 2448 0 R (section*.39) 2449 0 R (section*.4) 2152 0 R (section*.40) 2450 0 R (section*.41) 2456 0 R (section*.42) 2457 0 R (section*.43) 2458 0 R (section*.44) 2459 0 R (section*.45) 2465 0 R (section*.46) 2470 0 R (section*.47) 2471 0 R (section*.48) 2472 0 R (section*.49) 2473 0 R (section*.5) 2177 0 R (section*.50) 2474 0 R (section*.51) 2479 0 R (section*.52) 2480 0 R (section*.53) 2489 0 R (section*.54) 2490 0 R (section*.55) 2495 0 R (section*.56) 2496 0 R (section*.57) 2497 0 R (section*.58) 2499 0 R (section*.59) 2500 0 R (section*.6) 2189 0 R (section*.60) 2501 0 R (section*.61) 2507 0 R (section*.62) 2508 0 R (section*.63) 2509 0 R (section*.64) 2510 0 R (section*.65) 2511 0 R (section*.66) 2512 0 R (section*.67) 2517 0 R (section*.68) 2518 0 R (section*.69) 2523 0 R (section*.7) 2203 0 R (section*.70) 2524 0 R (section*.71) 2525 0 R (section*.72) 2527 0 R (section*.73) 2528 0 R (section*.74) 2533 0 !
R (section*.75) 2534 0 R (section*.76) 2548 0 R (section*.77) 2549 0 R (section*.78) 2550 0 R (section*.79) 2552 0 R (section*.8) 2241 0 R (section*.80) 2553 0 R (section*.81) 2558 0 R (section*.82) 2559 0 R (section*.83) 2560 0 R (section*.84) 2561 0 R (section*.85) 2562 0 R (section*.86) 2564 0 R (section*.87) 2569 0 R (section*.88) 2570 0 R (section*.89) 2571 0 R (section*.9) 2260 0 R (section*.90) 2580 0 R (section*.91) 2581 0 R (section*.92) 2582 0 R (section*.93) 2584 0 R (section*.94) 2585 0 R (section*.95) 2586 0 R (section*.96) 2587 0 R (section*.97) 2597 0 R (section*.98) 2598 0 R (section*.99) 2603 0 R (section.1.1) 10 0 R (section.1.2) 14 0 R (section.1.3) 18 0 R (section.1.4) 22 0 R (section.2.1) 70 0 R (section.2.2) 74 0 R (section.2.3) 78 0 R (section.2.4) 82 0 R (section.2.5) 86 0 R (section.3.1) 94 0 R (section.3.2) 106 0 R (section.3.3) 110 0 R (section.4.1) 134 0 R (section.4.10) 274 0 R (section.4.11) 286 0 R (section.4.12) 338 0 R (section.4.2) 138 0 R (section.4.3) 146 0 R (section.4.4) 150 0 R (section.4.5) 158 0 R (section.4.6) 194 0 R (section.4.7) 198 0 R (section.4.8) 202 0 R (section.4.9) 218 0 R (section.5.1) 354 0 R (section.5.2) 358 0 R (section.6.1) 366 0 R (section.6.2) 394 0 R (section.6.3) 618 0 R (section.6.4) 674 0 R (section.7.1) 710 0 R (section.7.2) 714 0 R (section.7.3) 726 0 R (section.8.1) 734 0 R (section.8.2) 742 0 R (section.8.3) 746 0 R (section.A.1) 754 0 R (section.A.2) 762 0 R (section.A.3) 770 0 R (section.A.4) 786 0 R (section.B.1) 846 0 R (section.B.10) 882 0 R (section.B.11) 886 0 R (section.B.12) 890 0 R (section.B.13) 894 0 R (section.B.14) 898 0 R (section.B.15) 902 0 R (section.B.16) 906 0 R (section.B.17) 910 0 R (section.B.18) 914 0 R (section.B.19) 918 0 R (section.B.2) 850 0 R (section.B.20) 922 0 R (section.B.21) 926 0 R (section.B.3) 854 0 R (section.B.4) 858 0 R (section.B.5) 862 0 R (section.B.6) 866 0 R (section.B.7) 870 0 R (section.B.8) 874 0 R (section.B.9) 878 0 R (server_resource_limits) 1763 0 R (server_statement_definition_and_usage) 1701 !
0 R (server_statement_grammar) 1842 0 R (statistics) 2039 0 R (statistics_counters) 2047 0 R (statschannels) 1853 0 R (statsfile) 1674 0 R (subsection.1.4.1) 26 0 R (subsection.1.4.2) 30 0 R (subsection.1.4.3) 34 0 R (subsection.1.4.4) 38 0 R (subsection.1.4.5) 54 0 R (subsection.1.4.6) 62 0 R (subsection.3.1.1) 98 0 R (subsection.3.1.2) 102 0 R (subsection.3.3.1) 114 0 R (subsection.3.3.2) 126 0 R (subsection.4.10.1) 278 0 R (subsection.4.10.2) 282 0 R (subsection.4.11.1) 290 0 R (subsection.4.11.2) 306 0 R (subsection.4.11.3) 322 0 R (subsection.4.11.4) 326 0 R (subsection.4.11.5) 330 0 R (subsection.4.11.6) 334 0 R (subsection.4.12.1) 342 0 R (subsection.4.12.2) 346 0 R (subsection.4.2.1) 142 0 R (subsection.4.4.1) 154 0 R (subsection.4.5.1) 162 0 R (subsection.4.5.2) 174 0 R (subsection.4.5.3) 178 0 R (subsection.4.5.4) 182 0 R (subsection.4.5.5) 186 0 R (subsection.4.5.6) 190 0 R (subsection.4.8.1) 206 0 R (subsection.4.8.2) 210 0 R (subsection.4.8.3) 214 0 R (subsection.4.9.1) 222 0 R (subsection.4.9.10) 258 0 R (subsection.4.9.11) 262 0 R (subsection.4.9.12) 266 0 R (subsection.4.9.13) 270 0 R (subsection.4.9.2) 226 0 R (subsection.4.9.3) 230 0 R (subsection.4.9.4) 234 0 R (subsection.4.9.5) 238 0 R (subsection.4.9.6) 242 0 R (subsection.4.9.7) 246 0 R (subsection.4.9.8) 250 0 R (subsection.4.9.9) 254 0 R (subsection.6.1.1) 370 0 R (subsection.6.1.2) 382 0 R (subsection.6.2.1) 398 0 R (subsection.6.2.10) 434 0 R (subsection.6.2.11) 450 0 R (subsection.6.2.12) 454 0 R (subsection.6.2.13) 458 0 R (subsection.6.2.14) 462 0 R (subsection.6.2.15) 466 0 R (subsection.6.2.16) 470 0 R (subsection.6.2.17) 554 0 R (subsection.6.2.18) 558 0 R (subsection.6.2.19) 562 0 R (subsection.6.2.2) 402 0 R (subsection.6.2.20) 566 0 R (subsection.6.2.21) 570 0 R (subsection.6.2.22) 574 0 R (subsection.6.2.23) 578 0 R (subsection.6.2.24) 582 0 R (subsection.6.2.25) 586 0 R (subsection.6.2.26) 590 0 R (subsection.6.2.27) 594 0 R (subsection.6.2.28) 598 0 R (subsection.6.2.3) 406 0 R (subsection.6.2.4) 410 0 R (subsection.6.2.5) !
414 0 R (subsection.6.2.6) 418 0 R (subsection.6.2.7) 422 0 R (subsection.6.2.8) 426 0 R (subsection.6.2.9) 430 0 R (subsection.6.3.1) 622 0 R (subsection.6.3.2) 634 0 R (subsection.6.3.3) 638 0 R (subsection.6.3.4) 642 0 R (subsection.6.3.5) 646 0 R (subsection.6.3.6) 666 0 R (subsection.6.3.7) 670 0 R (subsection.6.4.1) 682 0 R (subsection.7.2.1) 718 0 R (subsection.7.2.2) 722 0 R (subsection.8.1.1) 738 0 R (subsection.A.1.1) 758 0 R (subsection.A.2.1) 766 0 R (subsection.A.3.1) 774 0 R (subsection.A.3.2) 778 0 R (subsection.A.3.3) 782 0 R (subsection.A.4.1) 790 0 R (subsection.A.4.2) 794 0 R (subsection.A.4.3) 798 0 R (subsection.A.4.4) 802 0 R (subsection.A.4.5) 806 0 R (subsection.A.4.6) 810 0 R (subsection.A.4.7) 838 0 R (subsubsection.1.4.4.1) 42 0 R (subsubsection.1.4.4.2) 46 0 R (subsubsection.1.4.4.3) 50 0 R (subsubsection.1.4.5.1) 58 0 R (subsubsection.3.3.1.1) 118 0 R (subsubsection.3.3.1.2) 122 0 R (subsubsection.4.11.1.1) 294 0 R (subsubsection.4.11.1.2) 298 0 R (subsubsection.4.11.1.3) 302 0 R (subsubsection.4.11.2.1) 310 0 R (subsubsection.4.11.2.2) 314 0 R (subsubsection.4.11.2.3) 318 0 R (subsubsection.4.5.1.1) 166 0 R (subsubsection.4.5.1.2) 170 0 R (subsubsection.6.1.1.1) 374 0 R (subsubsection.6.1.1.2) 378 0 R (subsubsection.6.1.2.1) 386 0 R (subsubsection.6.1.2.2) 390 0 R (subsubsection.6.2.10.1) 438 0 R (subsubsection.6.2.10.2) 442 0 R (subsubsection.6.2.10.3) 446 0 R (subsubsection.6.2.16.1) 474 0 R (subsubsection.6.2.16.10) 510 0 R (subsubsection.6.2.16.11) 514 0 R (subsubsection.6.2.16.12) 518 0 R (subsubsection.6.2.16.13) 522 0 R (subsubsection.6.2.16.14) 526 0 R (subsubsection.6.2.16.15) 530 0 R (subsubsection.6.2.16.16) 534 0 R (subsubsection.6.2.16.17) 538 0 R (subsubsection.6.2.16.18) 542 0 R (subsubsection.6.2.16.19) 546 0 R (subsubsection.6.2.16.2) 478 0 R (subsubsection.6.2.16.20) 550 0 R (subsubsection.6.2.16.3) 482 0 R (subsubsection.6.2.16.4) 486 0 R (subsubsection.6.2.16.5) 490 0 R (subsubsection.6.2.16.6) 494 0 R (subsubsection.6.2.16.7) 498 0 R (subsubsection.6.2.16.8) 502!
0 R (subsubsection.6.2.16.9) 506 0 R (subsubsection.6.2.28.1) 602 0 R (subsubsection.6.2.28.2) 606 0 R (subsubsection.6.2.28.3) 610 0 R (subsubsection.6.2.28.4) 614 0 R (subsubsection.6.3.1.1) 626 0 R (subsubsection.6.3.1.2) 630 0 R (subsubsection.6.3.5.1) 650 0 R (subsubsection.6.3.5.2) 654 0 R (subsubsection.6.3.5.3) 658 0 R (subsubsection.6.3.5.4) 662 0 R (subsubsection.6.4.0.1) 678 0 R (subsubsection.6.4.1.1) 686 0 R (subsubsection.6.4.1.2) 690 0 R (subsubsection.6.4.1.3) 694 0 R (subsubsection.6.4.1.4) 698 0 R (subsubsection.6.4.1.5) 702 0 R (subsubsection.A.4.6.1) 814 0 R (subsubsection.A.4.6.2) 818 0 R (subsubsection.A.4.6.3) 822 0 R (subsubsection.A.4.6.4) 826 0 R (subsubsection.A.4.6.5) 830 0 R (subsubsection.A.4.6.6) 834 0 R (table.1.1) 1235 0 R (table.1.2) 1243 0 R (table.3.1) 1302 0 R (table.3.2) 1345 0 R (table.6.1) 1550 0 R (table.6.10) 1983 0 R (table.6.11) 1985 0 R (table.6.12) 1995 0 R (table.6.13) 1998 0 R (table.6.14) 2004 0 R (table.6.15) 2007 0 R (table.6.16) 2010 0 R (table.6.17) 2017 0 R (table.6.18) 2034 0 R (table.6.19) 2041 0 R (table.6.2) 1572 0 R (table.6.20) 2050 0 R (table.6.21) 2058 0 R (table.6.22) 2066 0 R (table.6.23) 2074 0 R (table.6.3) 1581 0 R (table.6.4) 1619 0 R (table.6.5) 1631 0 R (table.6.6) 1690 0 R (table.6.7) 1784 0 R (table.6.8) 1888 0 R (table.6.9) 1968 0 R (the_category_phrase) 1613 0 R (the_sortlist_statement) 1775 0 R (topology) 1774 0 R (trusted-keys) 1855 0 R (tsig) 1397 0 R (tuning) 1789 0 R (types_of_resource_records_and_when_to_use_them) 1250 0 R (view_statement_grammar) 1804 0 R (zone_statement_grammar) 1724 0 R (zone_transfers) 1371 0 R (zonefile_format) 1797 0 R]
-/Limits [(Access_Control_Lists) (zonefile_format)]
->> endobj
-2764 0 obj <<
-/Kids [2763 0 R]
->> endobj
-2765 0 obj <<
-/Dests 2764 0 R
->> endobj
-2766 0 obj <<
-/Type /Catalog
-/Pages 2761 0 R
-/Outlines 2762 0 R
-/Names 2765 0 R
-/PageMode /UseOutlines
-/OpenAction 929 0 R
->> endobj
-2767 0 obj <<
-/Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfeTeX-1.21a)/Keywords()
-/CreationDate (D:20130516011107Z)
-/PTEX.Fullbanner (This is pdfeTeX, Version 3.141592-1.21a-2.2 (Web2C 7.5.4) kpathsea version 3.5.4)
->> endobj
-xref
-0 2768
-0000000001 65535 f
-0000000002 00000 f
-0000000003 00000 f
-0000000004 00000 f
-0000000000 00000 f
-0000000009 00000 n
-0000348651 00000 n
-0001188206 00000 n
-0000000054 00000 n
-0000000086 00000 n
-0000348778 00000 n
-0001188134 00000 n
-0000000133 00000 n
-0000000173 00000 n
-0000348906 00000 n
-0001188048 00000 n
-0000000221 00000 n
-0000000273 00000 n
-0000349034 00000 n
-0001187962 00000 n
-0000000321 00000 n
-0000000377 00000 n
-0000353320 00000 n
-0001187852 00000 n
-0000000425 00000 n
-0000000478 00000 n
-0000353447 00000 n
-0001187778 00000 n
-0000000531 00000 n
-0000000572 00000 n
-0000353575 00000 n
-0001187691 00000 n
-0000000625 00000 n
-0000000674 00000 n
-0000353702 00000 n
-0001187604 00000 n
-0000000727 00000 n
-0000000757 00000 n
-0000357999 00000 n
-0001187480 00000 n
-0000000810 00000 n
-0000000861 00000 n
-0000358127 00000 n
-0001187406 00000 n
-0000000919 00000 n
-0000000964 00000 n
-0000358255 00000 n
-0001187319 00000 n
-0000001022 00000 n
-0000001062 00000 n
-0000358383 00000 n
-0001187245 00000 n
-0000001120 00000 n
-0000001162 00000 n
-0000361368 00000 n
-0001187121 00000 n
-0000001215 00000 n
-0000001260 00000 n
-0000361496 00000 n
-0001187060 00000 n
-0000001318 00000 n
-0000001355 00000 n
-0000361624 00000 n
-0001186986 00000 n
-0000001408 00000 n
-0000001463 00000 n
-0000364571 00000 n
-0001186861 00000 n
-0000001509 00000 n
-0000001556 00000 n
-0000364699 00000 n
-0001186787 00000 n
-0000001604 00000 n
-0000001648 00000 n
-0000364827 00000 n
-0001186700 00000 n
-0000001696 00000 n
-0000001735 00000 n
-0000364955 00000 n
-0001186613 00000 n
-0000001783 00000 n
-0000001825 00000 n
-0000365082 00000 n
-0001186526 00000 n
-0000001873 00000 n
-0000001936 00000 n
-0000366159 00000 n
-0001186452 00000 n
-0000001984 00000 n
-0000002034 00000 n
-0000367818 00000 n
-0001186324 00000 n
-0000002080 00000 n
-0000002126 00000 n
-0000367945 00000 n
-0001186211 00000 n
-0000002174 00000 n
-0000002218 00000 n
-0000368073 00000 n
-0001186135 00000 n
-0000002271 00000 n
-0000002323 00000 n
-0000368201 00000 n
-0001186058 00000 n
-0000002377 00000 n
-0000002436 00000 n
-0000370650 00000 n
-0001185967 00000 n
-0000002485 00000 n
-0000002523 00000 n
-0000373988 00000 n
-0001185850 00000 n
-0000002572 00000 n
-0000002618 00000 n
-0000374116 00000 n
-0001185732 00000 n
-0000002672 00000 n
-0000002739 00000 n
-0000374244 00000 n
-0001185653 00000 n
-0000002798 00000 n
-0000002842 00000 n
-0000374373 00000 n
-0001185574 00000 n
-0000002901 00000 n
-0000002949 00000 n
-0000389238 00000 n
-0001185495 00000 n
-0000003003 00000 n
-0000003036 00000 n
-0000394862 00000 n
-0001185362 00000 n
-0000003083 00000 n
-0000003126 00000 n
-0000394991 00000 n
-0001185283 00000 n
-0000003175 00000 n
-0000003205 00000 n
-0000395120 00000 n
-0001185151 00000 n
-0000003254 00000 n
-0000003292 00000 n
-0000399492 00000 n
-0001185086 00000 n
-0000003346 00000 n
-0000003388 00000 n
-0000399621 00000 n
-0001184993 00000 n
-0000003437 00000 n
-0000003496 00000 n
-0000399750 00000 n
-0001184861 00000 n
-0000003545 00000 n
-0000003578 00000 n
-0000403470 00000 n
-0001184796 00000 n
-0000003632 00000 n
-0000003681 00000 n
-0000406624 00000 n
-0001184664 00000 n
-0000003730 00000 n
-0000003758 00000 n
-0000409569 00000 n
-0001184546 00000 n
-0000003812 00000 n
-0000003881 00000 n
-0000409698 00000 n
-0001184467 00000 n
-0000003940 00000 n
-0000003988 00000 n
-0000409827 00000 n
-0001184388 00000 n
-0000004047 00000 n
-0000004092 00000 n
-0000409956 00000 n
-0001184295 00000 n
-0000004146 00000 n
-0000004214 00000 n
-0000410085 00000 n
-0001184202 00000 n
-0000004268 00000 n
-0000004338 00000 n
-0000413548 00000 n
-0001184109 00000 n
-0000004392 00000 n
-0000004455 00000 n
-0000413677 00000 n
-0001184016 00000 n
-0000004509 00000 n
-0000004564 00000 n
-0000413806 00000 n
-0001183937 00000 n
-0000004618 00000 n
-0000004650 00000 n
-0000413935 00000 n
-0001183844 00000 n
-0000004699 00000 n
-0000004727 00000 n
-0000417795 00000 n
-0001183751 00000 n
-0000004776 00000 n
-0000004808 00000 n
-0000417924 00000 n
-0001183619 00000 n
-0000004857 00000 n
-0000004887 00000 n
-0000418052 00000 n
-0001183540 00000 n
-0000004941 00000 n
-0000004982 00000 n
-0000421955 00000 n
-0001183447 00000 n
-0000005036 00000 n
-0000005078 00000 n
-0000422083 00000 n
-0001183368 00000 n
-0000005132 00000 n
-0000005177 00000 n
-0000427223 00000 n
-0001183235 00000 n
-0000005226 00000 n
-0000005294 00000 n
-0000427352 00000 n
-0001183156 00000 n
-0000005348 00000 n
-0000005408 00000 n
-0000431157 00000 n
-0001183063 00000 n
-0000005462 00000 n
-0000005513 00000 n
-0000431286 00000 n
-0001182970 00000 n
-0000005567 00000 n
-0000005621 00000 n
-0000431415 00000 n
-0001182877 00000 n
-0000005675 00000 n
-0000005721 00000 n
-0000434533 00000 n
-0001182784 00000 n
-0000005775 00000 n
-0000005817 00000 n
-0000434662 00000 n
-0001182691 00000 n
-0000005871 00000 n
-0000005922 00000 n
-0000434791 00000 n
-0001182598 00000 n
-0000005976 00000 n
-0000006025 00000 n
-0000437889 00000 n
-0001182505 00000 n
-0000006079 00000 n
-0000006136 00000 n
-0000438018 00000 n
-0001182412 00000 n
-0000006190 00000 n
-0000006245 00000 n
-0000438146 00000 n
-0001182319 00000 n
-0000006300 00000 n
-0000006356 00000 n
-0000438275 00000 n
-0001182226 00000 n
-0000006411 00000 n
-0000006472 00000 n
-0000438403 00000 n
-0001182133 00000 n
-0000006527 00000 n
-0000006573 00000 n
-0000438531 00000 n
-0001182054 00000 n
-0000006628 00000 n
-0000006671 00000 n
-0000438660 00000 n
-0001181922 00000 n
-0000006721 00000 n
-0000006777 00000 n
-0000438789 00000 n
-0001181843 00000 n
-0000006832 00000 n
-0000006878 00000 n
-0000442381 00000 n
-0001181764 00000 n
-0000006933 00000 n
-0000006980 00000 n
-0000442510 00000 n
-0001181632 00000 n
-0000007030 00000 n
-0000007087 00000 n
-0000445669 00000 n
-0001181514 00000 n
-0000007142 00000 n
-0000007182 00000 n
-0000448364 00000 n
-0001181435 00000 n
-0000007242 00000 n
-0000007315 00000 n
-0000448493 00000 n
-0001181342 00000 n
-0000007375 00000 n
-0000007448 00000 n
-0000451274 00000 n
-0001181263 00000 n
-0000007508 00000 n
-0000007565 00000 n
-0000451403 00000 n
-0001181131 00000 n
-0000007620 00000 n
-0000007678 00000 n
-0000451532 00000 n
-0001181052 00000 n
-0000007738 00000 n
-0000007815 00000 n
-0000454026 00000 n
-0001180959 00000 n
-0000007875 00000 n
-0000007952 00000 n
-0000454155 00000 n
-0001180880 00000 n
-0000008012 00000 n
-0000008071 00000 n
-0000454284 00000 n
-0001180787 00000 n
-0000008126 00000 n
-0000008170 00000 n
-0000454413 00000 n
-0001180694 00000 n
-0000008225 00000 n
-0000008265 00000 n
-0000460733 00000 n
-0001180601 00000 n
-0000008320 00000 n
-0000008388 00000 n
-0000460862 00000 n
-0001180522 00000 n
-0000008443 00000 n
-0000008514 00000 n
-0000463653 00000 n
-0001180404 00000 n
-0000008564 00000 n
-0000008611 00000 n
-0000463782 00000 n
-0001180325 00000 n
-0000008666 00000 n
-0000008727 00000 n
-0000463911 00000 n
-0001180246 00000 n
-0000008782 00000 n
-0000008852 00000 n
-0000466353 00000 n
-0001180113 00000 n
-0000008899 00000 n
-0000008952 00000 n
-0000466482 00000 n
-0001180034 00000 n
-0000009001 00000 n
-0000009057 00000 n
-0000466611 00000 n
-0001179955 00000 n
-0000009106 00000 n
-0000009155 00000 n
-0000470881 00000 n
-0001179822 00000 n
-0000009202 00000 n
-0000009254 00000 n
-0000471010 00000 n
-0001179704 00000 n
-0000009303 00000 n
-0000009354 00000 n
-0000479434 00000 n
-0001179586 00000 n
-0000009408 00000 n
-0000009453 00000 n
-0000479563 00000 n
-0001179507 00000 n
-0000009512 00000 n
-0000009546 00000 n
-0000479692 00000 n
-0001179428 00000 n
-0000009605 00000 n
-0000009653 00000 n
-0000479821 00000 n
-0001179310 00000 n
-0000009707 00000 n
-0000009747 00000 n
-0000482354 00000 n
-0001179231 00000 n
-0000009806 00000 n
-0000009840 00000 n
-0000482483 00000 n
-0001179152 00000 n
-0000009899 00000 n
-0000009947 00000 n
-0000482612 00000 n
-0001179019 00000 n
-0000009996 00000 n
-0000010046 00000 n
-0000485817 00000 n
-0001178940 00000 n
-0000010100 00000 n
-0000010147 00000 n
-0000485945 00000 n
-0001178847 00000 n
-0000010201 00000 n
-0000010261 00000 n
-0000491302 00000 n
-0001178754 00000 n
-0000010315 00000 n
-0000010367 00000 n
-0000491431 00000 n
-0001178661 00000 n
-0000010421 00000 n
-0000010486 00000 n
-0000494901 00000 n
-0001178568 00000 n
-0000010540 00000 n
-0000010591 00000 n
-0000495030 00000 n
-0001178475 00000 n
-0000010645 00000 n
-0000010709 00000 n
-0000495159 00000 n
-0001178382 00000 n
-0000010763 00000 n
-0000010810 00000 n
-0000495288 00000 n
-0001178289 00000 n
-0000010864 00000 n
-0000010924 00000 n
-0000495416 00000 n
-0001178196 00000 n
-0000010978 00000 n
-0000011029 00000 n
-0000499115 00000 n
-0001178064 00000 n
-0000011084 00000 n
-0000011149 00000 n
-0000499244 00000 n
-0001177985 00000 n
-0000011209 00000 n
-0000011256 00000 n
-0000506045 00000 n
-0001177892 00000 n
-0000011316 00000 n
-0000011364 00000 n
-0000512785 00000 n
-0001177813 00000 n
-0000011424 00000 n
-0000011478 00000 n
-0000516012 00000 n
-0001177720 00000 n
-0000011533 00000 n
-0000011583 00000 n
-0000518850 00000 n
-0001177627 00000 n
-0000011638 00000 n
-0000011701 00000 n
-0000518979 00000 n
-0001177534 00000 n
-0000011756 00000 n
-0000011808 00000 n
-0000519108 00000 n
-0001177441 00000 n
-0000011863 00000 n
-0000011928 00000 n
-0000519237 00000 n
-0001177348 00000 n
-0000011983 00000 n
-0000012035 00000 n
-0000526974 00000 n
-0001177215 00000 n
-0000012090 00000 n
-0000012155 00000 n
-0000543721 00000 n
-0001177136 00000 n
-0000012215 00000 n
-0000012259 00000 n
-0000569340 00000 n
-0001177043 00000 n
-0000012319 00000 n
-0000012358 00000 n
-0000569469 00000 n
-0001176950 00000 n
-0000012418 00000 n
-0000012465 00000 n
-0000569598 00000 n
-0001176857 00000 n
-0000012525 00000 n
-0000012568 00000 n
-0000577092 00000 n
-0001176764 00000 n
-0000012628 00000 n
-0000012667 00000 n
-0000580658 00000 n
-0001176671 00000 n
-0000012727 00000 n
-0000012769 00000 n
-0000583787 00000 n
-0001176578 00000 n
-0000012829 00000 n
-0000012872 00000 n
-0000591012 00000 n
-0001176485 00000 n
-0000012932 00000 n
-0000012975 00000 n
-0000595490 00000 n
-0001176392 00000 n
-0000013035 00000 n
-0000013096 00000 n
-0000595619 00000 n
-0001176299 00000 n
-0000013157 00000 n
-0000013209 00000 n
-0000599456 00000 n
-0001176206 00000 n
-0000013270 00000 n
-0000013323 00000 n
-0000603805 00000 n
-0001176113 00000 n
-0000013384 00000 n
-0000013422 00000 n
-0000603934 00000 n
-0001176020 00000 n
-0000013483 00000 n
-0000013535 00000 n
-0000606805 00000 n
-0001175927 00000 n
-0000013596 00000 n
-0000013640 00000 n
-0000610188 00000 n
-0001175834 00000 n
-0000013701 00000 n
-0000013737 00000 n
-0000619248 00000 n
-0001175741 00000 n
-0000013798 00000 n
-0000013861 00000 n
-0000621682 00000 n
-0001175648 00000 n
-0000013922 00000 n
-0000013972 00000 n
-0000629226 00000 n
-0001175555 00000 n
-0000014033 00000 n
-0000014089 00000 n
-0000633711 00000 n
-0001175462 00000 n
-0000014150 00000 n
-0000014197 00000 n
-0000638026 00000 n
-0001175383 00000 n
-0000014258 00000 n
-0000014326 00000 n
-0000644384 00000 n
-0001175290 00000 n
-0000014381 00000 n
-0000014432 00000 n
-0000649443 00000 n
-0001175197 00000 n
-0000014487 00000 n
-0000014551 00000 n
-0000653172 00000 n
-0001175104 00000 n
-0000014606 00000 n
-0000014670 00000 n
-0000653301 00000 n
-0001175011 00000 n
-0000014725 00000 n
-0000014802 00000 n
-0000653430 00000 n
-0001174918 00000 n
-0000014857 00000 n
-0000014914 00000 n
-0000653559 00000 n
-0001174825 00000 n
-0000014969 00000 n
-0000015039 00000 n
-0000657599 00000 n
-0001174732 00000 n
-0000015094 00000 n
-0000015151 00000 n
-0000657728 00000 n
-0001174639 00000 n
-0000015206 00000 n
-0000015276 00000 n
-0000662082 00000 n
-0001174546 00000 n
-0000015331 00000 n
-0000015380 00000 n
-0000662211 00000 n
-0001174453 00000 n
-0000015435 00000 n
-0000015497 00000 n
-0000663928 00000 n
-0001174360 00000 n
-0000015552 00000 n
-0000015601 00000 n
-0000669438 00000 n
-0001174242 00000 n
-0000015656 00000 n
-0000015718 00000 n
-0000669567 00000 n
-0001174163 00000 n
-0000015778 00000 n
-0000015817 00000 n
-0000678489 00000 n
-0001174070 00000 n
-0000015877 00000 n
-0000015911 00000 n
-0000678618 00000 n
-0001173977 00000 n
-0000015971 00000 n
-0000016012 00000 n
-0000699552 00000 n
-0001173898 00000 n
-0000016072 00000 n
-0000016124 00000 n
-0000709763 00000 n
-0001173766 00000 n
-0000016173 00000 n
-0000016206 00000 n
-0000709892 00000 n
-0001173648 00000 n
-0000016260 00000 n
-0000016332 00000 n
-0000710021 00000 n
-0001173569 00000 n
-0000016391 00000 n
-0000016435 00000 n
-0000717446 00000 n
-0001173490 00000 n
-0000016494 00000 n
-0000016547 00000 n
-0000721226 00000 n
-0001173397 00000 n
-0000016601 00000 n
-0000016651 00000 n
-0000721484 00000 n
-0001173304 00000 n
-0000016705 00000 n
-0000016743 00000 n
-0000724939 00000 n
-0001173211 00000 n
-0000016797 00000 n
-0000016846 00000 n
-0000725197 00000 n
-0001173079 00000 n
-0000016900 00000 n
-0000016952 00000 n
-0000725325 00000 n
-0001173000 00000 n
-0000017011 00000 n
-0000017056 00000 n
-0000725454 00000 n
-0001172907 00000 n
-0000017115 00000 n
-0000017167 00000 n
-0000728083 00000 n
-0001172814 00000 n
-0000017226 00000 n
-0000017279 00000 n
-0000728212 00000 n
-0001172735 00000 n
-0000017338 00000 n
-0000017387 00000 n
-0000728341 00000 n
-0001172642 00000 n
-0000017441 00000 n
-0000017521 00000 n
-0000735453 00000 n
-0001172563 00000 n
-0000017575 00000 n
-0000017624 00000 n
-0000735582 00000 n
-0001172445 00000 n
-0000017673 00000 n
-0000017713 00000 n
-0000739025 00000 n
-0001172366 00000 n
-0000017772 00000 n
-0000017819 00000 n
-0000739154 00000 n
-0001172248 00000 n
-0000017873 00000 n
-0000017918 00000 n
-0000739283 00000 n
-0001172169 00000 n
-0000017977 00000 n
-0000018036 00000 n
-0000743058 00000 n
-0001172076 00000 n
-0000018095 00000 n
-0000018159 00000 n
-0000746825 00000 n
-0001171983 00000 n
-0000018218 00000 n
-0000018274 00000 n
-0000749876 00000 n
-0001171890 00000 n
-0000018333 00000 n
-0000018391 00000 n
-0000750135 00000 n
-0001171811 00000 n
-0000018450 00000 n
-0000018512 00000 n
-0000752303 00000 n
-0001171678 00000 n
-0000018559 00000 n
-0000018611 00000 n
-0000752431 00000 n
-0001171599 00000 n
-0000018660 00000 n
-0000018704 00000 n
-0000756231 00000 n
-0001171467 00000 n
-0000018753 00000 n
-0000018794 00000 n
-0000756360 00000 n
-0001171388 00000 n
-0000018848 00000 n
-0000018896 00000 n
-0000756489 00000 n
-0001171309 00000 n
-0000018950 00000 n
-0000019001 00000 n
-0000756617 00000 n
-0001171230 00000 n
-0000019050 00000 n
-0000019097 00000 n
-0000760876 00000 n
-0001171097 00000 n
-0000019144 00000 n
-0000019181 00000 n
-0000761005 00000 n
-0001170979 00000 n
-0000019230 00000 n
-0000019269 00000 n
-0000761134 00000 n
-0001170914 00000 n
-0000019323 00000 n
-0000019401 00000 n
-0000761263 00000 n
-0001170821 00000 n
-0000019450 00000 n
-0000019517 00000 n
-0000761392 00000 n
-0001170742 00000 n
-0000019566 00000 n
-0000019611 00000 n
-0000764833 00000 n
-0001170609 00000 n
-0000019659 00000 n
-0000019691 00000 n
-0000764962 00000 n
-0001170491 00000 n
-0000019740 00000 n
-0000019779 00000 n
-0000765091 00000 n
-0001170426 00000 n
-0000019833 00000 n
-0000019894 00000 n
-0000768774 00000 n
-0001170294 00000 n
-0000019943 00000 n
-0000020000 00000 n
-0000768903 00000 n
-0001170229 00000 n
-0000020054 00000 n
-0000020103 00000 n
-0000769032 00000 n
-0001170097 00000 n
-0000020152 00000 n
-0000020214 00000 n
-0000769161 00000 n
-0001170018 00000 n
-0000020268 00000 n
-0000020323 00000 n
-0000794003 00000 n
-0001169925 00000 n
-0000020377 00000 n
-0000020418 00000 n
-0000794132 00000 n
-0001169846 00000 n
-0000020472 00000 n
-0000020524 00000 n
-0000794521 00000 n
-0001169728 00000 n
-0000020573 00000 n
-0000020623 00000 n
-0000797343 00000 n
-0001169649 00000 n
-0000020677 00000 n
-0000020715 00000 n
-0000797472 00000 n
-0001169556 00000 n
-0000020769 00000 n
-0000020806 00000 n
-0000797601 00000 n
-0001169463 00000 n
-0000020860 00000 n
-0000020898 00000 n
-0000797730 00000 n
-0001169370 00000 n
-0000020952 00000 n
-0000021004 00000 n
-0000800966 00000 n
-0001169277 00000 n
-0000021058 00000 n
-0000021101 00000 n
-0000801094 00000 n
-0001169145 00000 n
-0000021155 00000 n
-0000021200 00000 n
-0000801222 00000 n
-0001169066 00000 n
-0000021259 00000 n
-0000021325 00000 n
-0000804208 00000 n
-0001168973 00000 n
-0000021384 00000 n
-0000021472 00000 n
-0000804337 00000 n
-0001168880 00000 n
-0000021531 00000 n
-0000021606 00000 n
-0000804466 00000 n
-0001168787 00000 n
-0000021665 00000 n
-0000021750 00000 n
-0000807374 00000 n
-0001168694 00000 n
-0000021809 00000 n
-0000021890 00000 n
-0000809835 00000 n
-0001168615 00000 n
-0000021949 00000 n
-0000022033 00000 n
-0000809964 00000 n
-0001168536 00000 n
-0000022087 00000 n
-0000022131 00000 n
-0000812864 00000 n
-0001168416 00000 n
-0000022179 00000 n
-0000022213 00000 n
-0000812993 00000 n
-0001168337 00000 n
-0000022262 00000 n
-0000022289 00000 n
-0000831153 00000 n
-0001168244 00000 n
-0000022338 00000 n
-0000022366 00000 n
-0000838711 00000 n
-0001168151 00000 n
-0000022415 00000 n
-0000022455 00000 n
-0000844995 00000 n
-0001168058 00000 n
-0000022504 00000 n
-0000022547 00000 n
-0000851530 00000 n
-0001167965 00000 n
-0000022596 00000 n
-0000022633 00000 n
-0000864820 00000 n
-0001167872 00000 n
-0000022682 00000 n
-0000022719 00000 n
-0000867695 00000 n
-0001167779 00000 n
-0000022768 00000 n
-0000022806 00000 n
-0000874480 00000 n
-0001167686 00000 n
-0000022855 00000 n
-0000022894 00000 n
-0000887974 00000 n
-0001167593 00000 n
-0000022943 00000 n
-0000022982 00000 n
-0000890955 00000 n
-0001167500 00000 n
-0000023032 00000 n
-0000023072 00000 n
-0000900381 00000 n
-0001167407 00000 n
-0000023122 00000 n
-0000023152 00000 n
-0000909494 00000 n
-0001167314 00000 n
-0000023202 00000 n
-0000023245 00000 n
-0000913381 00000 n
-0001167221 00000 n
-0000023295 00000 n
-0000023328 00000 n
-0000927209 00000 n
-0001167128 00000 n
-0000023378 00000 n
-0000023407 00000 n
-0000930342 00000 n
-0001167035 00000 n
-0000023457 00000 n
-0000023491 00000 n
-0000936585 00000 n
-0001166942 00000 n
-0000023541 00000 n
-0000023578 00000 n
-0000943343 00000 n
-0001166849 00000 n
-0000023628 00000 n
-0000023665 00000 n
-0000946092 00000 n
-0001166756 00000 n
-0000023715 00000 n
-0000023748 00000 n
-0000948156 00000 n
-0001166663 00000 n
-0000023798 00000 n
-0000023832 00000 n
-0000948673 00000 n
-0001166570 00000 n
-0000023882 00000 n
-0000023921 00000 n
-0000951550 00000 n
-0001166491 00000 n
-0000023971 00000 n
-0000024005 00000 n
-0000024378 00000 n
-0000024500 00000 n
-0000289301 00000 n
-0000024058 00000 n
-0000289175 00000 n
-0000289238 00000 n
-0001160695 00000 n
-0001134610 00000 n
-0001160521 00000 n
-0001161733 00000 n
-0000025809 00000 n
-0000026002 00000 n
-0000026082 00000 n
-0000026119 00000 n
-0000026200 00000 n
-0000026324 00000 n
-0000026583 00000 n
-0000026942 00000 n
-0000026974 00000 n
-0000027068 00000 n
-0000028101 00000 n
-0000039237 00000 n
-0000104827 00000 n
-0000170417 00000 n
-0000236007 00000 n
-0000290741 00000 n
-0000290556 00000 n
-0000289401 00000 n
-0000290678 00000 n
-0001133374 00000 n
-0001106755 00000 n
-0001133200 00000 n
-0001106070 00000 n
-0001103926 00000 n
-0001105906 00000 n
-0000302483 00000 n
-0000293792 00000 n
-0000290826 00000 n
-0000302357 00000 n
-0000302420 00000 n
-0000294346 00000 n
-0000294500 00000 n
-0000294657 00000 n
-0000294814 00000 n
-0000294971 00000 n
-0000295128 00000 n
-0000295290 00000 n
-0000295452 00000 n
-0000295613 00000 n
-0000295775 00000 n
-0000295942 00000 n
-0000296109 00000 n
-0000296274 00000 n
-0000296436 00000 n
-0000296602 00000 n
-0000296764 00000 n
-0000296918 00000 n
-0000297075 00000 n
-0000297232 00000 n
-0000297388 00000 n
-0000297544 00000 n
-0000297701 00000 n
-0000297856 00000 n
-0000298013 00000 n
-0000298175 00000 n
-0000298337 00000 n
-0000298494 00000 n
-0000298649 00000 n
-0000298810 00000 n
-0000298977 00000 n
-0000299144 00000 n
-0000299306 00000 n
-0000299462 00000 n
-0000299620 00000 n
-0000299778 00000 n
-0000299941 00000 n
-0000300099 00000 n
-0000300257 00000 n
-0000300419 00000 n
-0000300577 00000 n
-0000300740 00000 n
-0000300908 00000 n
-0000301076 00000 n
-0000301239 00000 n
-0000301402 00000 n
-0000301565 00000 n
-0000301727 00000 n
-0000301890 00000 n
-0000302046 00000 n
-0000302202 00000 n
-0000315989 00000 n
-0000305921 00000 n
-0000302568 00000 n
-0000315924 00000 n
-0001103338 00000 n
-0001085917 00000 n
-0001103152 00000 n
-0000306571 00000 n
-0000306735 00000 n
-0000306898 00000 n
-0000307062 00000 n
-0000307221 00000 n
-0000307385 00000 n
-0000307549 00000 n
-0000307713 00000 n
-0000307877 00000 n
-0000308041 00000 n
-0000308205 00000 n
-0000308369 00000 n
-0000308533 00000 n
-0000308697 00000 n
-0000308862 00000 n
-0000309027 00000 n
-0000309192 00000 n
-0000309357 00000 n
-0000309517 00000 n
-0000309682 00000 n
-0000309846 00000 n
-0000310006 00000 n
-0000310171 00000 n
-0000310341 00000 n
-0000310511 00000 n
-0000310681 00000 n
-0000310845 00000 n
-0000311014 00000 n
-0000311184 00000 n
-0000311354 00000 n
-0000311518 00000 n
-0000311683 00000 n
-0000311848 00000 n
-0000312013 00000 n
-0000312173 00000 n
-0000312338 00000 n
-0000312503 00000 n
-0000312660 00000 n
-0000312819 00000 n
-0000312978 00000 n
-0000313134 00000 n
-0000313293 00000 n
-0000313457 00000 n
-0000313626 00000 n
-0000313795 00000 n
-0000313959 00000 n
-0000314128 00000 n
-0000314297 00000 n
-0000314456 00000 n
-0000314620 00000 n
-0000314784 00000 n
-0000314948 00000 n
-0000315112 00000 n
-0000315275 00000 n
-0000315439 00000 n
-0000315601 00000 n
-0000315762 00000 n
-0000330149 00000 n
-0000319601 00000 n
-0000316089 00000 n
-0000330084 00000 n
-0000320269 00000 n
-0000320433 00000 n
-0000320602 00000 n
-0000320771 00000 n
-0000320939 00000 n
-0000321103 00000 n
-0000321267 00000 n
-0000321431 00000 n
-0000321595 00000 n
-0000321759 00000 n
-0000321922 00000 n
-0000322091 00000 n
-0000322260 00000 n
-0000322428 00000 n
-0000322597 00000 n
-0000322766 00000 n
-0000322935 00000 n
-0000323104 00000 n
-0000323273 00000 n
-0000323441 00000 n
-0000323611 00000 n
-0000323781 00000 n
-0000323951 00000 n
-0000324121 00000 n
-0000324291 00000 n
-0000324461 00000 n
-0000324631 00000 n
-0000324801 00000 n
-0000324970 00000 n
-0000325140 00000 n
-0000325309 00000 n
-0000325473 00000 n
-0000325637 00000 n
-0000325801 00000 n
-0000325965 00000 n
-0000326129 00000 n
-0000326292 00000 n
-0000326456 00000 n
-0000326620 00000 n
-0000326783 00000 n
-0000326947 00000 n
-0000327111 00000 n
-0000327275 00000 n
-0000327444 00000 n
-0000327613 00000 n
-0000327781 00000 n
-0000327950 00000 n
-0000328108 00000 n
-0000328270 00000 n
-0000328438 00000 n
-0000328605 00000 n
-0000328768 00000 n
-0000328931 00000 n
-0000329094 00000 n
-0000329257 00000 n
-0000329425 00000 n
-0000329592 00000 n
-0000329758 00000 n
-0000329923 00000 n
-0000343329 00000 n
-0000333754 00000 n
-0000330249 00000 n
-0000343264 00000 n
-0000334386 00000 n
-0000334549 00000 n
-0000334707 00000 n
-0000334875 00000 n
-0000335038 00000 n
-0000335206 00000 n
-0000335374 00000 n
-0000335541 00000 n
-0001085026 00000 n
-0001063691 00000 n
-0001084850 00000 n
-0000335708 00000 n
-0000335875 00000 n
-0000336031 00000 n
-0000336189 00000 n
-0000336347 00000 n
-0000336510 00000 n
-0000336673 00000 n
-0000336831 00000 n
-0000336987 00000 n
-0000337145 00000 n
-0000337308 00000 n
-0000337466 00000 n
-0000337623 00000 n
-0000337780 00000 n
-0000337938 00000 n
-0000338101 00000 n
-0000338259 00000 n
-0000338422 00000 n
-0000338580 00000 n
-0000338743 00000 n
-0000338906 00000 n
-0000339069 00000 n
-0000339227 00000 n
-0000339390 00000 n
-0000339553 00000 n
-0000339716 00000 n
-0000339879 00000 n
-0000340042 00000 n
-0000340205 00000 n
-0000340373 00000 n
-0000340541 00000 n
-0000340708 00000 n
-0000340875 00000 n
-0000341043 00000 n
-0000341211 00000 n
-0000341374 00000 n
-0000341530 00000 n
-0000341688 00000 n
-0000341846 00000 n
-0000342004 00000 n
-0000342162 00000 n
-0000342320 00000 n
-0000342478 00000 n
-0000342636 00000 n
-0000342794 00000 n
-0000342950 00000 n
-0000343107 00000 n
-0000346169 00000 n
-0000344288 00000 n
-0000343443 00000 n
-0000346104 00000 n
-0000344516 00000 n
-0000344675 00000 n
-0000344834 00000 n
-0001062712 00000 n
-0001042585 00000 n
-0001062537 00000 n
-0000344992 00000 n
-0000345151 00000 n
-0000345310 00000 n
-0000345469 00000 n
-0000345628 00000 n
-0000345787 00000 n
-0000345945 00000 n
-0001161854 00000 n
-0000349292 00000 n
-0000348525 00000 n
-0000346270 00000 n
-0000348713 00000 n
-0000348841 00000 n
-0000348969 00000 n
-0000349097 00000 n
-0000349162 00000 n
-0000349227 00000 n
-0001041768 00000 n
-0001023303 00000 n
-0001041593 00000 n
-0000353829 00000 n
-0000352688 00000 n
-0000349420 00000 n
-0000353190 00000 n
-0000353255 00000 n
-0000353382 00000 n
-0000353510 00000 n
-0000353638 00000 n
-0000352844 00000 n
-0000353038 00000 n
-0000353764 00000 n
-0000709956 00000 n
-0000769225 00000 n
-0000358511 00000 n
-0000357453 00000 n
-0000353957 00000 n
-0000357934 00000 n
-0000358062 00000 n
-0000357609 00000 n
-0000357772 00000 n
-0000358190 00000 n
-0000358318 00000 n
-0000358446 00000 n
-0000374308 00000 n
-0000361752 00000 n
-0000361177 00000 n
-0000358639 00000 n
-0000361303 00000 n
-0000361431 00000 n
-0000361559 00000 n
-0000361687 00000 n
-0000365210 00000 n
-0000364044 00000 n
-0000361866 00000 n
-0000364506 00000 n
-0000364634 00000 n
-0000364762 00000 n
-0000364890 00000 n
-0000365018 00000 n
-0000364200 00000 n
-0000364353 00000 n
-0000365145 00000 n
-0000629290 00000 n
-0000366287 00000 n
-0000365968 00000 n
-0000365296 00000 n
-0000366094 00000 n
-0000366222 00000 n
-0001161979 00000 n
-0000368330 00000 n
-0000367627 00000 n
-0000366387 00000 n
-0000367753 00000 n
-0000367881 00000 n
-0000368008 00000 n
-0000368136 00000 n
-0000368265 00000 n
-0000370909 00000 n
-0000370279 00000 n
-0000368430 00000 n
-0000370585 00000 n
-0000370714 00000 n
-0000370779 00000 n
-0000370844 00000 n
-0000370426 00000 n
-0000606869 00000 n
-0000374502 00000 n
-0000373797 00000 n
-0000371023 00000 n
-0000373923 00000 n
-0000374052 00000 n
-0000374179 00000 n
-0001022620 00000 n
-0001010558 00000 n
-0001022441 00000 n
-0000374437 00000 n
-0000379109 00000 n
-0000378219 00000 n
-0000374630 00000 n
-0000379044 00000 n
-0001009985 00000 n
-0000999051 00000 n
-0001009806 00000 n
-0000378393 00000 n
-0000378548 00000 n
-0000378718 00000 n
-0000378873 00000 n
-0000527038 00000 n
-0000699616 00000 n
-0000382474 00000 n
-0000382283 00000 n
-0000379278 00000 n
-0000382409 00000 n
-0000387252 00000 n
-0000386854 00000 n
-0000382616 00000 n
-0000387187 00000 n
-0000387001 00000 n
-0001162104 00000 n
-0000491494 00000 n
-0000389495 00000 n
-0000389047 00000 n
-0000387408 00000 n
-0000389173 00000 n
-0000389301 00000 n
-0000389366 00000 n
-0000389431 00000 n
-0000389964 00000 n
-0000389773 00000 n
-0000389623 00000 n
-0000389899 00000 n
-0000392659 00000 n
-0000395249 00000 n
-0000392494 00000 n
-0000390006 00000 n
-0000394797 00000 n
-0000394926 00000 n
-0000395055 00000 n
-0000394302 00000 n
-0000394464 00000 n
-0000998145 00000 n
-0000988125 00000 n
-0000997971 00000 n
-0000987561 00000 n
-0000978474 00000 n
-0000987386 00000 n
-0000395184 00000 n
-0000394626 00000 n
-0000394131 00000 n
-0000394189 00000 n
-0000394279 00000 n
-0000543785 00000 n
-0000583851 00000 n
-0000399879 00000 n
-0000398943 00000 n
-0000395420 00000 n
-0000399427 00000 n
-0000399556 00000 n
-0000399685 00000 n
-0000399099 00000 n
-0000399265 00000 n
-0000399814 00000 n
-0000773256 00000 n
-0000403599 00000 n
-0000403279 00000 n
-0000400035 00000 n
-0000403405 00000 n
-0000403534 00000 n
-0000405175 00000 n
-0000404795 00000 n
-0000403740 00000 n
-0000405110 00000 n
-0000404942 00000 n
-0001162229 00000 n
-0000406752 00000 n
-0000406433 00000 n
-0000405276 00000 n
-0000406559 00000 n
-0000406688 00000 n
-0000410214 00000 n
-0000409378 00000 n
-0000406866 00000 n
-0000409504 00000 n
-0000409633 00000 n
-0000409762 00000 n
-0000409891 00000 n
-0000410020 00000 n
-0000410149 00000 n
-0000414063 00000 n
-0000413166 00000 n
-0000410356 00000 n
-0000413483 00000 n
-0000413612 00000 n
-0000413741 00000 n
-0000413313 00000 n
-0000413870 00000 n
-0000413999 00000 n
-0000418181 00000 n
-0000417604 00000 n
-0000414204 00000 n
-0000417730 00000 n
-0000417859 00000 n
-0000417987 00000 n
-0000418116 00000 n
-0000422212 00000 n
-0000421764 00000 n
-0000418323 00000 n
-0000421890 00000 n
-0000422019 00000 n
-0000422147 00000 n
-0000424212 00000 n
-0000424021 00000 n
-0000422340 00000 n
-0000424147 00000 n
-0001162354 00000 n
-0000427481 00000 n
-0000427032 00000 n
-0000424313 00000 n
-0000427158 00000 n
-0000978199 00000 n
-0000974840 00000 n
-0000978020 00000 n
-0000427287 00000 n
-0000427416 00000 n
-0000431544 00000 n
-0000430607 00000 n
-0000427652 00000 n
-0000431092 00000 n
-0000431221 00000 n
-0000431350 00000 n
-0000974485 00000 n
-0000972488 00000 n
-0000974320 00000 n
-0000430763 00000 n
-0000430928 00000 n
-0000431479 00000 n
-0000851594 00000 n
-0000867759 00000 n
-0000434919 00000 n
-0000434342 00000 n
-0000431672 00000 n
-0000434468 00000 n
-0000434597 00000 n
-0000434726 00000 n
-0000434855 00000 n
-0000438917 00000 n
-0000437521 00000 n
-0000435033 00000 n
-0000437824 00000 n
-0000437953 00000 n
-0000438081 00000 n
-0000438210 00000 n
-0000438339 00000 n
-0000438466 00000 n
-0000438595 00000 n
-0000438724 00000 n
-0000438853 00000 n
-0000437668 00000 n
-0000657791 00000 n
-0000442639 00000 n
-0000442190 00000 n
-0000439045 00000 n
-0000442316 00000 n
-0000442445 00000 n
-0000442574 00000 n
-0000445798 00000 n
-0000445478 00000 n
-0000442753 00000 n
-0000445604 00000 n
-0000445733 00000 n
-0001162479 00000 n
-0000448621 00000 n
-0000448173 00000 n
-0000445968 00000 n
-0000448299 00000 n
-0000448428 00000 n
-0000448556 00000 n
-0000451659 00000 n
-0000451083 00000 n
-0000448778 00000 n
-0000451209 00000 n
-0000451338 00000 n
-0000451467 00000 n
-0000451596 00000 n
-0000454541 00000 n
-0000453835 00000 n
-0000451773 00000 n
-0000453961 00000 n
-0000454090 00000 n
-0000454219 00000 n
-0000454348 00000 n
-0000454477 00000 n
-0000457235 00000 n
-0000457044 00000 n
-0000454655 00000 n
-0000457170 00000 n
-0000459742 00000 n
-0000460990 00000 n
-0000459616 00000 n
-0000457349 00000 n
-0000460668 00000 n
-0000460797 00000 n
-0000460925 00000 n
-0000464040 00000 n
-0000463281 00000 n
-0000461161 00000 n
-0000463588 00000 n
-0000463717 00000 n
-0000463428 00000 n
-0000463846 00000 n
-0000463975 00000 n
-0001162604 00000 n
-0000768967 00000 n
-0000466740 00000 n
-0000466162 00000 n
-0000464168 00000 n
-0000466288 00000 n
-0000466417 00000 n
-0000466546 00000 n
-0000466675 00000 n
-0000467181 00000 n
-0000466990 00000 n
-0000466840 00000 n
-0000467116 00000 n
-0000471268 00000 n
-0000470502 00000 n
-0000467223 00000 n
-0000470816 00000 n
-0000470945 00000 n
-0000471073 00000 n
-0000471138 00000 n
-0000471203 00000 n
-0000470649 00000 n
-0000479498 00000 n
-0000475963 00000 n
-0000475772 00000 n
-0000471368 00000 n
-0000475898 00000 n
-0000479950 00000 n
-0000479243 00000 n
-0000476105 00000 n
-0000479369 00000 n
-0000479627 00000 n
-0000479756 00000 n
-0000479885 00000 n
-0000482869 00000 n
-0000482163 00000 n
-0000480091 00000 n
-0000482289 00000 n
-0000482418 00000 n
-0000482547 00000 n
-0000482676 00000 n
-0000482741 00000 n
-0000482805 00000 n
-0001162729 00000 n
-0000486202 00000 n
-0000485626 00000 n
-0000483026 00000 n
-0000485752 00000 n
-0000485880 00000 n
-0000486009 00000 n
-0000486073 00000 n
-0000486137 00000 n
-0000491559 00000 n
-0000490771 00000 n
-0000486316 00000 n
-0000491237 00000 n
-0000491366 00000 n
-0000490927 00000 n
-0000491078 00000 n
-0000953467 00000 n
-0000495545 00000 n
-0000494145 00000 n
-0000491700 00000 n
-0000494836 00000 n
-0000494965 00000 n
-0000495094 00000 n
-0000495223 00000 n
-0000495352 00000 n
-0000494310 00000 n
-0000494462 00000 n
-0000494649 00000 n
-0000495480 00000 n
-0000499373 00000 n
-0000498924 00000 n
-0000495673 00000 n
-0000499050 00000 n
-0000499179 00000 n
-0000499308 00000 n
-0000503601 00000 n
-0000503222 00000 n
-0000499501 00000 n
-0000503536 00000 n
-0000503369 00000 n
-0000506109 00000 n
-0000506302 00000 n
-0000505854 00000 n
-0000503715 00000 n
-0000505980 00000 n
-0000506174 00000 n
-0000506238 00000 n
-0001162854 00000 n
-0000509440 00000 n
-0000509249 00000 n
-0000506416 00000 n
-0000509375 00000 n
-0000513040 00000 n
-0000512594 00000 n
-0000509554 00000 n
-0000512720 00000 n
-0000512847 00000 n
-0000512912 00000 n
-0000512976 00000 n
-0000516141 00000 n
-0000515821 00000 n
-0000513154 00000 n
-0000515947 00000 n
-0000516076 00000 n
-0000519366 00000 n
-0000518325 00000 n
-0000516255 00000 n
-0000518785 00000 n
-0000518914 00000 n
-0000518481 00000 n
-0000518634 00000 n
-0000519043 00000 n
-0000519172 00000 n
-0000519301 00000 n
-0000520863 00000 n
-0000520672 00000 n
-0000519480 00000 n
-0000520798 00000 n
-0000522420 00000 n
-0000522229 00000 n
-0000520964 00000 n
-0000522355 00000 n
-0001162979 00000 n
-0000523887 00000 n
-0000523696 00000 n
-0000522521 00000 n
-0000523822 00000 n
-0000527103 00000 n
-0000526783 00000 n
-0000523988 00000 n
-0000526909 00000 n
-0000531230 00000 n
-0000531039 00000 n
-0000527231 00000 n
-0000531165 00000 n
-0000535702 00000 n
-0000535154 00000 n
-0000531372 00000 n
-0000535637 00000 n
-0000535310 00000 n
-0000535467 00000 n
-0000739089 00000 n
-0000539952 00000 n
-0000539553 00000 n
-0000535830 00000 n
-0000539887 00000 n
-0000539700 00000 n
-0000543850 00000 n
-0000543530 00000 n
-0000540094 00000 n
-0000543656 00000 n
-0001163104 00000 n
-0000547691 00000 n
-0000547371 00000 n
-0000543978 00000 n
-0000547497 00000 n
-0000547562 00000 n
-0000547626 00000 n
-0000552917 00000 n
-0000551623 00000 n
-0000547819 00000 n
-0000552852 00000 n
-0000551815 00000 n
-0000551969 00000 n
-0000552126 00000 n
-0000552311 00000 n
-0000552485 00000 n
-0000552669 00000 n
-0000649507 00000 n
-0000557284 00000 n
-0000557093 00000 n
-0000553088 00000 n
-0000557219 00000 n
-0000561443 00000 n
-0000561252 00000 n
-0000557425 00000 n
-0000561378 00000 n
-0000565121 00000 n
-0000564930 00000 n
-0000561557 00000 n
-0000565056 00000 n
-0000569726 00000 n
-0000568784 00000 n
-0000565235 00000 n
-0000569275 00000 n
-0000569404 00000 n
-0000568940 00000 n
-0000569533 00000 n
-0000569662 00000 n
-0000569110 00000 n
-0001163229 00000 n
-0000663992 00000 n
-0000573118 00000 n
-0000572738 00000 n
-0000569840 00000 n
-0000573053 00000 n
-0000572885 00000 n
-0000756681 00000 n
-0000577221 00000 n
-0000576709 00000 n
-0000573275 00000 n
-0000577027 00000 n
-0000576856 00000 n
-0000577156 00000 n
-0000580787 00000 n
-0000580467 00000 n
-0000577349 00000 n
-0000580593 00000 n
-0000580722 00000 n
-0000583916 00000 n
-0000583596 00000 n
-0000580901 00000 n
-0000583722 00000 n
-0000587963 00000 n
-0000587772 00000 n
-0000584073 00000 n
-0000587898 00000 n
-0000591141 00000 n
-0000590640 00000 n
-0000588077 00000 n
-0000590947 00000 n
-0000591076 00000 n
-0000590787 00000 n
-0001163354 00000 n
-0000595748 00000 n
-0000594940 00000 n
-0000591312 00000 n
-0000595425 00000 n
-0000595554 00000 n
-0000595096 00000 n
-0000595683 00000 n
-0000595270 00000 n
-0000599585 00000 n
-0000599265 00000 n
-0000595862 00000 n
-0000599391 00000 n
-0000599520 00000 n
-0000604062 00000 n
-0000603266 00000 n
-0000599756 00000 n
-0000603740 00000 n
-0000603869 00000 n
-0000603997 00000 n
-0000603422 00000 n
-0000603584 00000 n
-0000607063 00000 n
-0000606423 00000 n
-0000604233 00000 n
-0000606740 00000 n
-0000606570 00000 n
-0000606934 00000 n
-0000606999 00000 n
-0000610316 00000 n
-0000609997 00000 n
-0000607191 00000 n
-0000610123 00000 n
-0000610252 00000 n
-0000614779 00000 n
-0000614236 00000 n
-0000610501 00000 n
-0000614714 00000 n
-0000614392 00000 n
-0000614553 00000 n
-0001163479 00000 n
-0000735517 00000 n
-0000619376 00000 n
-0000618867 00000 n
-0000614893 00000 n
-0000619183 00000 n
-0000619311 00000 n
-0000619014 00000 n
-0000662146 00000 n
-0000621810 00000 n
-0000621491 00000 n
-0000619518 00000 n
-0000621617 00000 n
-0000621746 00000 n
-0000623518 00000 n
-0000623327 00000 n
-0000621923 00000 n
-0000623453 00000 n
-0000625620 00000 n
-0000625429 00000 n
-0000623618 00000 n
-0000625555 00000 n
-0000629355 00000 n
-0000629035 00000 n
-0000625734 00000 n
-0000629161 00000 n
-0000633840 00000 n
-0000633295 00000 n
-0000629498 00000 n
-0000633646 00000 n
-0000633775 00000 n
-0000633442 00000 n
-0001163604 00000 n
-0000638155 00000 n
-0000637835 00000 n
-0000633968 00000 n
-0000637961 00000 n
-0000638090 00000 n
-0000642066 00000 n
-0000641875 00000 n
-0000638282 00000 n
-0000642001 00000 n
-0000644513 00000 n
-0000644193 00000 n
-0000642193 00000 n
-0000644319 00000 n
-0000644448 00000 n
-0000649572 00000 n
-0000648913 00000 n
-0000644627 00000 n
-0000649378 00000 n
-0000649069 00000 n
-0000649220 00000 n
-0000653688 00000 n
-0000652807 00000 n
-0000649686 00000 n
-0000653107 00000 n
-0000653236 00000 n
-0000653365 00000 n
-0000653494 00000 n
-0000653623 00000 n
-0000652954 00000 n
-0000657856 00000 n
-0000657408 00000 n
-0000653802 00000 n
-0000657534 00000 n
-0000657663 00000 n
-0001163729 00000 n
-0000662340 00000 n
-0000661891 00000 n
-0000657984 00000 n
-0000662017 00000 n
-0000662275 00000 n
-0000664057 00000 n
-0000663737 00000 n
-0000662468 00000 n
-0000663863 00000 n
-0000665611 00000 n
-0000665420 00000 n
-0000664171 00000 n
-0000665546 00000 n
-0000667071 00000 n
-0000666880 00000 n
-0000665712 00000 n
-0000667006 00000 n
-0000669826 00000 n
-0000669247 00000 n
-0000667172 00000 n
-0000669373 00000 n
-0000669502 00000 n
-0000669631 00000 n
-0000669696 00000 n
-0000669761 00000 n
-0000673491 00000 n
-0000673300 00000 n
-0000669940 00000 n
-0000673426 00000 n
-0001163854 00000 n
-0000678747 00000 n
-0000676904 00000 n
-0000673605 00000 n
-0000678424 00000 n
-0000677114 00000 n
-0000678553 00000 n
-0000678682 00000 n
-0000677282 00000 n
-0000677444 00000 n
-0000677606 00000 n
-0000677768 00000 n
-0000677930 00000 n
-0000678092 00000 n
-0000678263 00000 n
-0000953434 00000 n
-0000684108 00000 n
-0000682015 00000 n
-0000678861 00000 n
-0000684043 00000 n
-0000682252 00000 n
-0000682415 00000 n
-0000682577 00000 n
-0000682740 00000 n
-0000682903 00000 n
-0000683066 00000 n
-0000683229 00000 n
-0000683391 00000 n
-0000683554 00000 n
-0000683714 00000 n
-0000683875 00000 n
-0000688921 00000 n
-0000687351 00000 n
-0000684236 00000 n
-0000688856 00000 n
-0000687561 00000 n
-0000687731 00000 n
-0000687892 00000 n
-0000688053 00000 n
-0000688215 00000 n
-0000688377 00000 n
-0000688540 00000 n
-0000688693 00000 n
-0000695218 00000 n
-0000692326 00000 n
-0000689049 00000 n
-0000695153 00000 n
-0000692608 00000 n
-0000692761 00000 n
-0000692915 00000 n
-0000693065 00000 n
-0000693219 00000 n
-0000693381 00000 n
-0000693543 00000 n
-0000693704 00000 n
-0000693866 00000 n
-0000694028 00000 n
-0000694190 00000 n
-0000694352 00000 n
-0000694504 00000 n
-0000694667 00000 n
-0000694822 00000 n
-0000694987 00000 n
-0000699681 00000 n
-0000698842 00000 n
-0000695360 00000 n
-0000699487 00000 n
-0000699007 00000 n
-0000699170 00000 n
-0000699324 00000 n
-0000703134 00000 n
-0000702814 00000 n
-0000699809 00000 n
-0000702940 00000 n
-0000703005 00000 n
-0000703069 00000 n
-0001163979 00000 n
-0000705928 00000 n
-0000705737 00000 n
-0000703276 00000 n
-0000705863 00000 n
-0000710410 00000 n
-0000709211 00000 n
-0000706099 00000 n
-0000709698 00000 n
-0000709827 00000 n
-0000710085 00000 n
-0000709367 00000 n
-0000709537 00000 n
-0000710150 00000 n
-0000710215 00000 n
-0000710280 00000 n
-0000710345 00000 n
-0000713613 00000 n
-0000713422 00000 n
-0000710524 00000 n
-0000713548 00000 n
-0000717704 00000 n
-0000717125 00000 n
-0000713700 00000 n
-0000717251 00000 n
-0000717316 00000 n
-0000717381 00000 n
-0000717510 00000 n
-0000717574 00000 n
-0000717639 00000 n
-0000721743 00000 n
-0000720905 00000 n
-0000717832 00000 n
-0000721031 00000 n
-0000721096 00000 n
-0000721161 00000 n
-0000721290 00000 n
-0000721355 00000 n
-0000721420 00000 n
-0000721548 00000 n
-0000721613 00000 n
-0000721678 00000 n
-0000725583 00000 n
-0000724748 00000 n
-0000721871 00000 n
-0000724874 00000 n
-0000725003 00000 n
-0000725067 00000 n
-0000725132 00000 n
-0000725260 00000 n
-0000725389 00000 n
-0000725518 00000 n
-0001164104 00000 n
-0000728470 00000 n
-0000727892 00000 n
-0000725796 00000 n
-0000728018 00000 n
-0000728147 00000 n
-0000728276 00000 n
-0000728405 00000 n
-0000731874 00000 n
-0000731553 00000 n
-0000728655 00000 n
-0000731679 00000 n
-0000731744 00000 n
-0000731809 00000 n
-0000735841 00000 n
-0000735262 00000 n
-0000732001 00000 n
-0000735388 00000 n
-0000735646 00000 n
-0000735711 00000 n
-0000735776 00000 n
-0000739542 00000 n
-0000738653 00000 n
-0000735969 00000 n
-0000738960 00000 n
-0000738800 00000 n
-0000739218 00000 n
-0000739347 00000 n
-0000739412 00000 n
-0000739477 00000 n
-0000743317 00000 n
-0000742681 00000 n
-0000739656 00000 n
-0000742993 00000 n
-0000742828 00000 n
-0000743122 00000 n
-0000743187 00000 n
-0000743252 00000 n
-0000953401 00000 n
-0000747083 00000 n
-0000746634 00000 n
-0000743431 00000 n
-0000746760 00000 n
-0000746889 00000 n
-0000746954 00000 n
-0000747019 00000 n
-0001164229 00000 n
-0000750264 00000 n
-0000749685 00000 n
-0000747197 00000 n
-0000749811 00000 n
-0000749940 00000 n
-0000750005 00000 n
-0000750070 00000 n
-0000972207 00000 n
-0000964923 00000 n
-0000972027 00000 n
-0000750199 00000 n
-0000750747 00000 n
-0000750556 00000 n
-0000750406 00000 n
-0000750682 00000 n
-0000752559 00000 n
-0000752112 00000 n
-0000750789 00000 n
-0000752238 00000 n
-0000752367 00000 n
-0000752494 00000 n
-0000756746 00000 n
-0000756040 00000 n
-0000752673 00000 n
-0000756166 00000 n
-0000964602 00000 n
-0000955389 00000 n
-0000964416 00000 n
-0000756295 00000 n
-0000756424 00000 n
-0000756552 00000 n
-0000757778 00000 n
-0000757587 00000 n
-0000756973 00000 n
-0000757713 00000 n
-0000758206 00000 n
-0000758015 00000 n
-0000757865 00000 n
-0000758141 00000 n
-0001164354 00000 n
-0000761520 00000 n
-0000760294 00000 n
-0000758248 00000 n
-0000760811 00000 n
-0000760940 00000 n
-0000761069 00000 n
-0000761198 00000 n
-0000761327 00000 n
-0000761456 00000 n
-0000760450 00000 n
-0000760622 00000 n
-0000761975 00000 n
-0000761784 00000 n
-0000761634 00000 n
-0000761910 00000 n
-0000765220 00000 n
-0000764642 00000 n
-0000762017 00000 n
-0000764768 00000 n
-0000764897 00000 n
-0000765026 00000 n
-0000765155 00000 n
-0000769418 00000 n
-0000768199 00000 n
-0000765306 00000 n
-0000768709 00000 n
-0000768838 00000 n
-0000769096 00000 n
-0000768355 00000 n
-0000768534 00000 n
-0000769290 00000 n
-0000769354 00000 n
-0000776308 00000 n
-0000772480 00000 n
-0000769574 00000 n
-0000772606 00000 n
-0000772671 00000 n
-0000772736 00000 n
-0000772801 00000 n
-0000772866 00000 n
-0000772931 00000 n
-0000772996 00000 n
-0000773061 00000 n
-0000773126 00000 n
-0000773191 00000 n
-0000773321 00000 n
-0000773386 00000 n
-0000773451 00000 n
-0000773516 00000 n
-0000773581 00000 n
-0000773646 00000 n
-0000773711 00000 n
-0000773776 00000 n
-0000773841 00000 n
-0000773906 00000 n
-0000773971 00000 n
-0000774036 00000 n
-0000774101 00000 n
-0000774166 00000 n
-0000774231 00000 n
-0000774296 00000 n
-0000774361 00000 n
-0000774426 00000 n
-0000774491 00000 n
-0000774556 00000 n
-0000774621 00000 n
-0000774686 00000 n
-0000774751 00000 n
-0000774816 00000 n
-0000774880 00000 n
-0000774945 00000 n
-0000775010 00000 n
-0000775075 00000 n
-0000775140 00000 n
-0000775205 00000 n
-0000775270 00000 n
-0000775335 00000 n
-0000775400 00000 n
-0000775465 00000 n
-0000775530 00000 n
-0000775595 00000 n
-0000775660 00000 n
-0000775725 00000 n
-0000775790 00000 n
-0000775855 00000 n
-0000775920 00000 n
-0000775985 00000 n
-0000776050 00000 n
-0000776115 00000 n
-0000776180 00000 n
-0000776244 00000 n
-0000782956 00000 n
-0000779392 00000 n
-0000776422 00000 n
-0000779518 00000 n
-0000779583 00000 n
-0000779648 00000 n
-0000779713 00000 n
-0000779778 00000 n
-0000779843 00000 n
-0000779908 00000 n
-0000779973 00000 n
-0000780038 00000 n
-0000780103 00000 n
-0000780168 00000 n
-0000780233 00000 n
-0000780297 00000 n
-0000780362 00000 n
-0000780427 00000 n
-0000780492 00000 n
-0000780557 00000 n
-0000780622 00000 n
-0000780687 00000 n
-0000780752 00000 n
-0000780817 00000 n
-0000780882 00000 n
-0000780947 00000 n
-0000781012 00000 n
-0000781076 00000 n
-0000781141 00000 n
-0000781206 00000 n
-0000781271 00000 n
-0000781336 00000 n
-0000781401 00000 n
-0000781466 00000 n
-0000781531 00000 n
-0000781596 00000 n
-0000781661 00000 n
-0000781726 00000 n
-0000781791 00000 n
-0000781856 00000 n
-0000781921 00000 n
-0000781986 00000 n
-0000782051 00000 n
-0000782115 00000 n
-0000782179 00000 n
-0000782243 00000 n
-0000782308 00000 n
-0000782373 00000 n
-0000782438 00000 n
-0000782503 00000 n
-0000782568 00000 n
-0000782633 00000 n
-0000782698 00000 n
-0000782763 00000 n
-0000782828 00000 n
-0000782892 00000 n
-0001164479 00000 n
-0000789131 00000 n
-0000785693 00000 n
-0000783070 00000 n
-0000785819 00000 n
-0000785884 00000 n
-0000785949 00000 n
-0000786014 00000 n
-0000786079 00000 n
-0000786144 00000 n
-0000786209 00000 n
-0000786274 00000 n
-0000786339 00000 n
-0000786404 00000 n
-0000786469 00000 n
-0000786534 00000 n
-0000786599 00000 n
-0000786664 00000 n
-0000786729 00000 n
-0000786794 00000 n
-0000786859 00000 n
-0000786924 00000 n
-0000786989 00000 n
-0000787054 00000 n
-0000787119 00000 n
-0000787184 00000 n
-0000787249 00000 n
-0000787314 00000 n
-0000787379 00000 n
-0000787444 00000 n
-0000787509 00000 n
-0000787574 00000 n
-0000787639 00000 n
-0000787704 00000 n
-0000787769 00000 n
-0000787834 00000 n
-0000787899 00000 n
-0000787964 00000 n
-0000788028 00000 n
-0000788093 00000 n
-0000788158 00000 n
-0000788223 00000 n
-0000788288 00000 n
-0000788353 00000 n
-0000788418 00000 n
-0000788483 00000 n
-0000788548 00000 n
-0000788613 00000 n
-0000788678 00000 n
-0000788743 00000 n
-0000788808 00000 n
-0000788873 00000 n
-0000788938 00000 n
-0000789003 00000 n
-0000789067 00000 n
-0000794650 00000 n
-0000792254 00000 n
-0000789245 00000 n
-0000792380 00000 n
-0000792445 00000 n
-0000792510 00000 n
-0000792575 00000 n
-0000792640 00000 n
-0000792705 00000 n
-0000792770 00000 n
-0000792835 00000 n
-0000792900 00000 n
-0000792965 00000 n
-0000793030 00000 n
-0000793095 00000 n
-0000793160 00000 n
-0000793224 00000 n
-0000793289 00000 n
-0000793354 00000 n
-0000793419 00000 n
-0000793484 00000 n
-0000793549 00000 n
-0000793614 00000 n
-0000793679 00000 n
-0000793744 00000 n
-0000793809 00000 n
-0000793874 00000 n
-0000793939 00000 n
-0000794067 00000 n
-0000794196 00000 n
-0000794261 00000 n
-0000794326 00000 n
-0000794391 00000 n
-0000794456 00000 n
-0000794585 00000 n
-0000797859 00000 n
-0000797152 00000 n
-0000794777 00000 n
-0000797278 00000 n
-0000797407 00000 n
-0000797536 00000 n
-0000797665 00000 n
-0000797794 00000 n
-0000801351 00000 n
-0000800594 00000 n
-0000797986 00000 n
-0000800901 00000 n
-0000801030 00000 n
-0000800741 00000 n
-0000801158 00000 n
-0000801286 00000 n
-0000804595 00000 n
-0000804017 00000 n
-0000801478 00000 n
-0000804143 00000 n
-0000804272 00000 n
-0000804401 00000 n
-0000804530 00000 n
-0000807503 00000 n
-0000807183 00000 n
-0000804709 00000 n
-0000807309 00000 n
-0000807438 00000 n
-0001164604 00000 n
-0000810093 00000 n
-0000809644 00000 n
-0000807673 00000 n
-0000809770 00000 n
-0000809899 00000 n
-0000810028 00000 n
-0000810534 00000 n
-0000810343 00000 n
-0000810193 00000 n
-0000810469 00000 n
-0000813317 00000 n
-0000812673 00000 n
-0000810576 00000 n
-0000812799 00000 n
-0000812928 00000 n
-0000813057 00000 n
-0000813122 00000 n
-0000813187 00000 n
-0000813252 00000 n
-0000817651 00000 n
-0000817330 00000 n
-0000813431 00000 n
-0000817456 00000 n
-0000817521 00000 n
-0000817586 00000 n
-0000821399 00000 n
-0000821143 00000 n
-0000817807 00000 n
-0000821269 00000 n
-0000821334 00000 n
-0000824561 00000 n
-0000824370 00000 n
-0000821541 00000 n
-0000824496 00000 n
-0001164729 00000 n
-0000828205 00000 n
-0000827949 00000 n
-0000824689 00000 n
-0000828075 00000 n
-0000828140 00000 n
-0000831410 00000 n
-0000830702 00000 n
-0000828347 00000 n
-0000830828 00000 n
-0000830893 00000 n
-0000830958 00000 n
-0000831023 00000 n
-0000831088 00000 n
-0000831217 00000 n
-0000831281 00000 n
-0000831346 00000 n
-0000836079 00000 n
-0000835823 00000 n
-0000831552 00000 n
-0000835949 00000 n
-0000836014 00000 n
-0000839098 00000 n
-0000838325 00000 n
-0000836207 00000 n
-0000838451 00000 n
-0000838516 00000 n
-0000838581 00000 n
-0000838646 00000 n
-0000838775 00000 n
-0000838840 00000 n
-0000838903 00000 n
-0000838968 00000 n
-0000839033 00000 n
-0000842011 00000 n
-0000841496 00000 n
-0000839254 00000 n
-0000841622 00000 n
-0000841687 00000 n
-0000841752 00000 n
-0000841817 00000 n
-0000841882 00000 n
-0000841947 00000 n
-0000845384 00000 n
-0000844804 00000 n
-0000842167 00000 n
-0000844930 00000 n
-0000845059 00000 n
-0000845124 00000 n
-0000845189 00000 n
-0000845254 00000 n
-0000845319 00000 n
-0001164854 00000 n
-0000848836 00000 n
-0000848580 00000 n
-0000845526 00000 n
-0000848706 00000 n
-0000848771 00000 n
-0000851788 00000 n
-0000851144 00000 n
-0000848964 00000 n
-0000851270 00000 n
-0000851335 00000 n
-0000851400 00000 n
-0000851465 00000 n
-0000851659 00000 n
-0000851724 00000 n
-0000855429 00000 n
-0000855108 00000 n
-0000851957 00000 n
-0000855234 00000 n
-0000855299 00000 n
-0000855364 00000 n
-0000859020 00000 n
-0000858829 00000 n
-0000855557 00000 n
-0000858955 00000 n
-0000862486 00000 n
-0000862165 00000 n
-0000859148 00000 n
-0000862291 00000 n
-0000862356 00000 n
-0000862421 00000 n
-0000865143 00000 n
-0000864434 00000 n
-0000862627 00000 n
-0000864560 00000 n
-0000864625 00000 n
-0000864690 00000 n
-0000864755 00000 n
-0000864884 00000 n
-0000864949 00000 n
-0000865014 00000 n
-0000865079 00000 n
-0001164979 00000 n
-0000868019 00000 n
-0000867309 00000 n
-0000865299 00000 n
-0000867435 00000 n
-0000867500 00000 n
-0000867565 00000 n
-0000867630 00000 n
-0000867824 00000 n
-0000867889 00000 n
-0000867954 00000 n
-0000871590 00000 n
-0000871269 00000 n
-0000868175 00000 n
-0000871395 00000 n
-0000871460 00000 n
-0000871525 00000 n
-0000874739 00000 n
-0000874094 00000 n
-0000871718 00000 n
-0000874220 00000 n
-0000874285 00000 n
-0000874350 00000 n
-0000874415 00000 n
-0000874544 00000 n
-0000874609 00000 n
-0000874674 00000 n
-0000878270 00000 n
-0000877949 00000 n
-0000874895 00000 n
-0000878075 00000 n
-0000878140 00000 n
-0000878205 00000 n
-0000881853 00000 n
-0000881662 00000 n
-0000878412 00000 n
-0000881788 00000 n
-0000885338 00000 n
-0000885147 00000 n
-0000881981 00000 n
-0000885273 00000 n
-0001165104 00000 n
-0000888232 00000 n
-0000887588 00000 n
-0000885480 00000 n
-0000887714 00000 n
-0000887779 00000 n
-0000887844 00000 n
-0000887909 00000 n
-0000888038 00000 n
-0000888103 00000 n
-0000888168 00000 n
-0000891145 00000 n
-0000890440 00000 n
-0000888388 00000 n
-0000890566 00000 n
-0000890631 00000 n
-0000890696 00000 n
-0000890761 00000 n
-0000890826 00000 n
-0000890891 00000 n
-0000891017 00000 n
-0000891082 00000 n
-0000894348 00000 n
-0000893963 00000 n
-0000891287 00000 n
-0000894089 00000 n
-0000894154 00000 n
-0000894219 00000 n
-0000894284 00000 n
-0000897778 00000 n
-0000897587 00000 n
-0000894490 00000 n
-0000897713 00000 n
-0000900769 00000 n
-0000899995 00000 n
-0000897906 00000 n
-0000900121 00000 n
-0000900186 00000 n
-0000900251 00000 n
-0000900316 00000 n
-0000900445 00000 n
-0000900509 00000 n
-0000900574 00000 n
-0000900639 00000 n
-0000900704 00000 n
-0000903964 00000 n
-0000903773 00000 n
-0000900925 00000 n
-0000903899 00000 n
-0001165229 00000 n
-0000907006 00000 n
-0000906686 00000 n
-0000904177 00000 n
-0000906812 00000 n
-0000906877 00000 n
-0000906942 00000 n
-0000909882 00000 n
-0000909109 00000 n
-0000907233 00000 n
-0000909235 00000 n
-0000909300 00000 n
-0000909365 00000 n
-0000909429 00000 n
-0000909558 00000 n
-0000909623 00000 n
-0000909688 00000 n
-0000909753 00000 n
-0000909818 00000 n
-0000913705 00000 n
-0000913125 00000 n
-0000910038 00000 n
-0000913251 00000 n
-0000913316 00000 n
-0000913445 00000 n
-0000913510 00000 n
-0000913575 00000 n
-0000913640 00000 n
-0000918032 00000 n
-0000917776 00000 n
-0000913833 00000 n
-0000917902 00000 n
-0000917967 00000 n
-0000921552 00000 n
-0000921361 00000 n
-0000918160 00000 n
-0000921487 00000 n
-0000924111 00000 n
-0000923726 00000 n
-0000921680 00000 n
-0000923852 00000 n
-0000923917 00000 n
-0000923982 00000 n
-0000924047 00000 n
-0001165354 00000 n
-0000927598 00000 n
-0000926953 00000 n
-0000924266 00000 n
-0000927079 00000 n
-0000927144 00000 n
-0000927273 00000 n
-0000927338 00000 n
-0000927403 00000 n
-0000927468 00000 n
-0000927533 00000 n
-0000930666 00000 n
-0000929956 00000 n
-0000927740 00000 n
-0000930082 00000 n
-0000930147 00000 n
-0000930212 00000 n
-0000930277 00000 n
-0000930406 00000 n
-0000930471 00000 n
-0000930536 00000 n
-0000930601 00000 n
-0000933766 00000 n
-0000933510 00000 n
-0000930836 00000 n
-0000933636 00000 n
-0000933701 00000 n
-0000936909 00000 n
-0000936200 00000 n
-0000933894 00000 n
-0000936326 00000 n
-0000936391 00000 n
-0000936456 00000 n
-0000936521 00000 n
-0000936649 00000 n
-0000936714 00000 n
-0000936779 00000 n
-0000936844 00000 n
-0000940503 00000 n
-0000940182 00000 n
-0000937065 00000 n
-0000940308 00000 n
-0000940373 00000 n
-0000940438 00000 n
-0000943732 00000 n
-0000943022 00000 n
-0000940645 00000 n
-0000943148 00000 n
-0000943213 00000 n
-0000943278 00000 n
-0000943407 00000 n
-0000943472 00000 n
-0000943537 00000 n
-0000943602 00000 n
-0000943667 00000 n
-0001165479 00000 n
-0000946545 00000 n
-0000945771 00000 n
-0000943888 00000 n
-0000945897 00000 n
-0000945962 00000 n
-0000946027 00000 n
-0000946156 00000 n
-0000946221 00000 n
-0000946286 00000 n
-0000946351 00000 n
-0000946416 00000 n
-0000946481 00000 n
-0000948931 00000 n
-0000947965 00000 n
-0000946701 00000 n
-0000948091 00000 n
-0000948220 00000 n
-0000948285 00000 n
-0000948350 00000 n
-0000948415 00000 n
-0000948480 00000 n
-0000948545 00000 n
-0000948609 00000 n
-0000948737 00000 n
-0000948802 00000 n
-0000948867 00000 n
-0000951937 00000 n
-0000951100 00000 n
-0000949073 00000 n
-0000951226 00000 n
-0000951291 00000 n
-0000951356 00000 n
-0000951420 00000 n
-0000951485 00000 n
-0000951614 00000 n
-0000951679 00000 n
-0000951744 00000 n
-0000951808 00000 n
-0000951873 00000 n
-0000953287 00000 n
-0000952967 00000 n
-0000952079 00000 n
-0000953093 00000 n
-0000953158 00000 n
-0000953222 00000 n
-0000953500 00000 n
-0000964844 00000 n
-0000972433 00000 n
-0000974732 00000 n
-0000974701 00000 n
-0000978419 00000 n
-0000987860 00000 n
-0000998595 00000 n
-0001010291 00000 n
-0001023008 00000 n
-0001042242 00000 n
-0001063304 00000 n
-0001085455 00000 n
-0001103711 00000 n
-0001106557 00000 n
-0001106327 00000 n
-0001133975 00000 n
-0001161241 00000 n
-0001165595 00000 n
-0001165720 00000 n
-0001165846 00000 n
-0001165972 00000 n
-0001166098 00000 n
-0001166224 00000 n
-0001166304 00000 n
-0001166414 00000 n
-0001188316 00000 n
-0001212549 00000 n
-0001212590 00000 n
-0001212630 00000 n
-0001212764 00000 n
-trailer
-<<
-/Size 2768
-/Root 2766 0 R
-/Info 2767 0 R
-/ID [<AB7D8FE7604A610EE0A87A3E923B9339> <AB7D8FE7604A610EE0A87A3E923B9339>]
->>
-startxref
-1213022
-%%EOF
Modified: vendor/bind/dist/doc/arm/Makefile.in
===================================================================
--- vendor/bind/dist/doc/arm/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001, 2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+# $Id: Makefile.in,v 1.22 2009/02/12 23:47:56 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -23,6 +23,8 @@
@BIND9_VERSION@
+PKGVERSION = @PACKAGE_VERSION@
+
MANOBJS = Bv9ARM.html
PDFOBJS = Bv9ARM.pdf
@@ -38,17 +40,18 @@
docclean manclean maintainer-clean distclean::
rm -f releaseinfo.xml
+ rm -f pkgversion.xml
-Bv9ARM.html: Bv9ARM-book.xml releaseinfo.xml
+Bv9ARM.html: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml
expand Bv9ARM-book.xml | \
${XSLTPROC} --stringparam root.filename Bv9ARM \
${top_srcdir}/doc/xsl/isc-docbook-chunk.xsl -
-Bv9ARM-all.html: Bv9ARM-book.xml releaseinfo.xml
+Bv9ARM-all.html: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml
expand Bv9ARM-book.xml | \
${XSLTPROC} -o Bv9ARM-all.html ../xsl/isc-docbook-html.xsl -
-Bv9ARM.tex: Bv9ARM-book.xml releaseinfo.xml
+Bv9ARM.tex: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml
expand Bv9ARM-book.xml | \
${XSLTPROC} ${top_srcdir}/doc/xsl/pre-latex.xsl - | \
${XSLTPROC} ${top_srcdir}/doc/xsl/isc-docbook-latex.xsl - | \
@@ -55,17 +58,22 @@
@PERL@ latex-fixup.pl >$@.tmp
if test -s $@.tmp; then mv $@.tmp $@; else rm -f $@.tmp; exit 1; fi
-Bv9ARM.dvi: Bv9ARM.tex releaseinfo.xml
+Bv9ARM.dvi: Bv9ARM.tex releaseinfo.xml pkgversion.xml
rm -f Bv9ARM-book.aux Bv9ARM-book.dvi Bv9ARM-book.log
${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
-Bv9ARM.pdf: Bv9ARM.tex releaseinfo.xml
+Bv9ARM.pdf: Bv9ARM.tex releaseinfo.xml pkgversion.xml
rm -f Bv9ARM-book.aux Bv9ARM-book.pdf Bv9ARM-book.log
${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
-releaseinfo.xml:
+FORCE:
+
+releaseinfo.xml: FORCE
echo >$@ '<releaseinfo>BIND Version ${VERSION}</releaseinfo>'
+
+pkgversion.xml: FORCE
+ echo >$@ ' <para>This version of the manual corresponds to BIND version ${PKGVERSION}.</para>'
Modified: vendor/bind/dist/doc/arm/README-SGML
===================================================================
--- vendor/bind/dist/doc/arm/README-SGML 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/README-SGML 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,7 +4,7 @@
The BIND v9 ARM master document is now kept in DocBook XML format.
-Version: $Id: README-SGML,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+Version: $Id: README-SGML,v 1.17 2004/03/05 05:04:43 marka Exp $
The entire ARM is in the single file:
Modified: vendor/bind/dist/doc/arm/dnssec.xml
===================================================================
--- vendor/bind/dist/doc/arm/dnssec.xml 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/dnssec.xml 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec.xml,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<sect1 id="dnssec.dynamic.zones">
<title>DNSSEC, Dynamic Zones, and Automatic Signing</title>
Modified: vendor/bind/dist/doc/arm/latex-fixup.pl
===================================================================
--- vendor/bind/dist/doc/arm/latex-fixup.pl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/latex-fixup.pl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: latex-fixup.pl,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+# $Id: latex-fixup.pl,v 1.5 2007/06/19 23:47:13 tbox Exp $
# Sadly, the final stages of generating a presentable PDF file always
# seem to require some manual tweaking. Doesn't seem to matter what
Modified: vendor/bind/dist/doc/arm/libdns.xml
===================================================================
--- vendor/bind/dist/doc/arm/libdns.xml 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/libdns.xml 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
- - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -270,7 +270,7 @@
consists of a single domain name. Example:
<literallayout>
www.example.com
- mx.examle.net
+ mx.example.net
ns.xxx.example
</literallayout>
</listitem>
@@ -527,4 +527,4 @@
programs.</para>
</sect2>
</sect1>
-<!-- $Id: libdns.xml,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $ -->
+<!-- $Id: libdns.xml,v 1.3 2010/02/03 23:49:07 tbox Exp $ -->
Modified: vendor/bind/dist/doc/arm/man.arpaname.html
===================================================================
--- vendor/bind/dist/doc/arm/man.arpaname.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.arpaname.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.arpaname.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2617315"></a><h2>DESCRIPTION</h2>
+<a name="id2615018"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
@@ -57,13 +57,13 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2617330"></a><h2>SEE ALSO</h2>
+<a name="id2616740"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2651272"></a><h2>AUTHOR</h2>
+<a name="id2616754"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -87,5 +87,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.ddns-confgen.html
===================================================================
--- vendor/bind/dist/doc/arm/man.ddns-confgen.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.ddns-confgen.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.ddns-confgen.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2645394"></a><h2>DESCRIPTION</h2>
+<a name="id2644462"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">ddns-confgen</strong></span>
generates a key for use by <span><strong class="command">nsupdate</strong></span>
and <span><strong class="command">named</strong></span>. It simplifies configuration
@@ -77,7 +77,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2645481"></a><h2>OPTIONS</h2>
+<a name="id2644550"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
@@ -144,7 +144,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2653328"></a><h2>SEE ALSO</h2>
+<a name="id2650348"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -152,7 +152,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653366"></a><h2>AUTHOR</h2>
+<a name="id2650455"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -176,5 +176,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.dig.html
===================================================================
--- vendor/bind/dist/doc/arm/man.dig.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.dig.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dig.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,12 +47,12 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2610344"></a><h2>DESCRIPTION</h2>
+<a name="id2609573"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -76,7 +76,7 @@
<p>
Unless it is told to query a specific name server,
<span><strong class="command">dig</strong></span> will try each of the servers listed in
- <code class="filename">/etc/resolv.conf</code>. If no usable server addreses
+ <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
are found, <span><strong class="command">dig</strong></span> will send the query to the local
host.
</p>
@@ -92,7 +92,7 @@
</p>
<p>
The IN and CH class names overlap with the IN and CH top level
- domains names. Either use the <code class="option">-t</code> and
+ domain names. Either use the <code class="option">-t</code> and
<code class="option">-c</code> options to specify the type and class,
use the <code class="option">-q</code> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
@@ -99,7 +99,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2610515"></a><h2>SIMPLE USAGE</h2>
+<a name="id2609675"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -112,47 +112,47 @@
<dt><span class="term"><code class="constant">server</code></span></dt>
<dd>
<p>
- is the name or IP address of the name server to query. This
- can be an IPv4 address in dotted-decimal notation or an IPv6
- address in colon-delimited notation. When the supplied
- <em class="parameter"><code>server</code></em> argument is a hostname,
- <span><strong class="command">dig</strong></span> resolves that name before querying
- that name server.
- </p>
+ is the name or IP address of the name server to query. This
+ can be an IPv4 address in dotted-decimal notation or an IPv6
+ address in colon-delimited notation. When the supplied
+ <em class="parameter"><code>server</code></em> argument is a hostname,
+ <span><strong class="command">dig</strong></span> resolves that name before querying
+ that name server.
+ </p>
<p>
- If no <em class="parameter"><code>server</code></em> argument is
- provided, <span><strong class="command">dig</strong></span> consults
- <code class="filename">/etc/resolv.conf</code>; if an
- address is found there, it queries the name server at
- that address. If either of the <code class="option">-4</code> or
- <code class="option">-6</code> options are in use, then
- only addresses for the corresponding transport
- will be tried. If no usable addresses are found,
- <span><strong class="command">dig</strong></span> will send the query to the
- local host. The reply from the name server that
- responds is displayed.
- </p>
+ If no <em class="parameter"><code>server</code></em> argument is
+ provided, <span><strong class="command">dig</strong></span> consults
+ <code class="filename">/etc/resolv.conf</code>; if an
+ address is found there, it queries the name server at
+ that address. If either of the <code class="option">-4</code> or
+ <code class="option">-6</code> options are in use, then
+ only addresses for the corresponding transport
+ will be tried. If no usable addresses are found,
+ <span><strong class="command">dig</strong></span> will send the query to the
+ local host. The reply from the name server that
+ responds is displayed.
+ </p>
</dd>
<dt><span class="term"><code class="constant">name</code></span></dt>
<dd><p>
- is the name of the resource record that is to be looked up.
- </p></dd>
+ is the name of the resource record that is to be looked up.
+ </p></dd>
<dt><span class="term"><code class="constant">type</code></span></dt>
<dd><p>
- indicates what type of query is required —
- ANY, A, MX, SIG, etc.
- <em class="parameter"><code>type</code></em> can be any valid query
- type. If no
- <em class="parameter"><code>type</code></em> argument is supplied,
- <span><strong class="command">dig</strong></span> will perform a lookup for an
- A record.
- </p></dd>
+ indicates what type of query is required —
+ ANY, A, MX, SIG, etc.
+ <em class="parameter"><code>type</code></em> can be any valid query
+ type. If no
+ <em class="parameter"><code>type</code></em> argument is supplied,
+ <span><strong class="command">dig</strong></span> will perform a lookup for an
+ A record.
+ </p></dd>
</dl></div>
<p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2610641"></a><h2>OPTIONS</h2>
+<a name="id2610142"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@@ -211,10 +211,14 @@
</p>
<p>
The <code class="option">-q</code> option sets the query name to
- <em class="parameter"><code>name</code></em>. This useful do distinguish the
+ <em class="parameter"><code>name</code></em>. This is useful to distinguish the
<em class="parameter"><code>name</code></em> from other arguments.
</p>
<p>
+ The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to
+ print the version number and exit.
+ </p>
+<p>
Reverse lookups — mapping addresses to names — are simplified by the
<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
an IPv4
@@ -256,7 +260,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2663207"></a><h2>QUERY OPTIONS</h2>
+<a name="id2662517"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -276,62 +280,19 @@
</p>
<div class="variablelist"><dl>
-<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
+<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
<dd><p>
- Use [do not use] TCP when querying name servers. The default
- behavior is to use UDP unless an AXFR or IXFR query is
- requested, in
- which case a TCP connection is used.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
-<dd><p>
- Use [do not use] TCP when querying name servers. This alternate
- syntax to <em class="parameter"><code>+[no]tcp</code></em> is
- provided for backwards
- compatibility. The "vc" stands for "virtual circuit".
- </p></dd>
-<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
-<dd><p>
- Ignore truncation in UDP responses instead of retrying with TCP.
- By
- default, TCP retries are performed.
- </p></dd>
-<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
-<dd><p>
- Set the search list to contain the single domain
- <em class="parameter"><code>somename</code></em>, as if specified in
- a
- <span><strong class="command">domain</strong></span> directive in
- <code class="filename">/etc/resolv.conf</code>, and enable
- search list
- processing as if the <em class="parameter"><code>+search</code></em>
- option were given.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]search</code></span></dt>
-<dd><p>
- Use [do not use] the search list defined by the searchlist or
- domain
- directive in <code class="filename">resolv.conf</code> (if
- any).
- The search list is not used by default.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
-<dd><p>
- Perform [do not perform] a search showing intermediate
- results.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
-<dd><p>
- Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
- </p></dd>
+ A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
<dd><p>
- Sets the "aa" flag in the query.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
+ Sets the "aa" flag in the query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
<dd><p>
- A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
- </p></dd>
+ Display [do not display] the additional section of a
+ reply. The default is to display it.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
<dd><p>
Set [do not set] the AD (authentic data) bit in the
@@ -343,244 +304,278 @@
from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated.
</p></dd>
+<dt><span class="term"><code class="option">+[no]all</code></span></dt>
+<dd><p>
+ Set or clear all display flags.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
+<dd><p>
+ Display [do not display] the answer section of a
+ reply. The default is to display it.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
+<dd><p>
+ Display [do not display] the authority section of a
+ reply. The default is to display it.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
+<dd><p>
+ Attempt to display the contents of messages which are
+ malformed. The default is to not display malformed
+ answers.
+ </p></dd>
+<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
+<dd><p>
+ Set the UDP message buffer size advertised using EDNS0
+ to <em class="parameter"><code>B</code></em> bytes. The maximum and
+ minimum sizes of this buffer are 65535 and 0 respectively.
+ Values outside this range are rounded up or down
+ appropriately. Values other than zero will cause a
+ EDNS query to be sent.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
<dd><p>
- Set [do not set] the CD (checking disabled) bit in the query.
- This
- requests the server to not perform DNSSEC validation of
- responses.
- </p></dd>
+ Set [do not set] the CD (checking disabled) bit in
+ the query. This requests the server to not perform
+ DNSSEC validation of responses.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
<dd><p>
- Display [do not display] the CLASS when printing the record.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
+ Display [do not display] the CLASS when printing the
+ record.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
- Display [do not display] the TTL when printing the record.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
+ Toggles the printing of the initial comment in the
+ output identifying the version of <span><strong class="command">dig</strong></span>
+ and the query options that have been applied. This
+ comment is printed by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
- Toggle the setting of the RD (recursion desired) bit in the
- query.
- This bit is set by default, which means <span><strong class="command">dig</strong></span>
- normally sends recursive queries. Recursion is automatically
- disabled
- when the <em class="parameter"><code>+nssearch</code></em> or
- <em class="parameter"><code>+trace</code></em> query options are
- used.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
+ Toggle the display of comment lines in the output.
+ The default is to print comments.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
<dd><p>
- When this option is set, <span><strong class="command">dig</strong></span>
- attempts to find the
- authoritative name servers for the zone containing the name
- being
- looked up and display the SOA record that each name server has
- for the
- zone.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
+ Deprecated, treated as a synonym for
+ <em class="parameter"><code>+[no]search</code></em>
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
<dd><p>
- Toggle tracing of the delegation path from the root name servers
- for
- the name being looked up. Tracing is disabled by default. When
- tracing is enabled, <span><strong class="command">dig</strong></span> makes
- iterative queries to
- resolve the name being looked up. It will follow referrals from
- the
- root servers, showing the answer from each server that was used
- to
- resolve the lookup.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
+ Requests DNSSEC records be sent by setting the DNSSEC
+ OK bit (DO) in the OPT record in the additional section
+ of the query.
+ </p></dd>
+<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
<dd><p>
- Toggles the printing of the initial comment in the output
- identifying
- the version of <span><strong class="command">dig</strong></span> and the query
- options that have
- been applied. This comment is printed by default.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]short</code></span></dt>
+ Set the search list to contain the single domain
+ <em class="parameter"><code>somename</code></em>, as if specified in
+ a <span><strong class="command">domain</strong></span> directive in
+ <code class="filename">/etc/resolv.conf</code>, and enable
+ search list processing as if the
+ <em class="parameter"><code>+search</code></em> option were given.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
<dd><p>
- Provide a terse answer. The default is to print the answer in a
- verbose form.
- </p></dd>
+ Specify the EDNS version to query with. Valid values
+ are 0 to 255. Setting the EDNS version will cause
+ a EDNS query to be sent. <code class="option">+noedns</code>
+ clears the remembered EDNS version. EDNS is set to
+ 0 by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
+<dd><p>
+ Do not try the next server if you receive a SERVFAIL.
+ The default is to not try the next server which is
+ the reverse of normal stub resolver behavior.
+ </p></dd>
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
<dd><p>
- Show [or do not show] the IP address and port number that
- supplied the
- answer when the <em class="parameter"><code>+short</code></em> option
- is enabled. If
- short form answers are requested, the default is not to show the
- source address and port number of the server that provided the
- answer.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
+ Show [or do not show] the IP address and port number
+ that supplied the answer when the
+ <em class="parameter"><code>+short</code></em> option is enabled. If
+ short form answers are requested, the default is not
+ to show the source address and port number of the
+ server that provided the answer.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
<dd><p>
- Toggle the display of comment lines in the output. The default
- is to
- print comments.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
+ Ignore truncation in UDP responses instead of retrying
+ with TCP. By default, TCP retries are performed.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
<dd><p>
- This query option toggles the printing of statistics: when the
- query
- was made, the size of the reply and so on. The default
- behavior is
- to print the query statistics.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
+ Keep the TCP socket open between queries and reuse
+ it rather than creating a new TCP socket for each
+ lookup. The default is <code class="option">+nokeepopen</code>.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
- Print [do not print] the query as it is sent.
- By default, the query is not printed.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]question</code></span></dt>
+ Print records like the SOA records in a verbose
+ multi-line format with human-readable comments. The
+ default is to print each record on a single line, to
+ facilitate machine parsing of the <span><strong class="command">dig</strong></span>
+ output.
+ </p></dd>
+<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
<dd><p>
- Print [do not print] the question section of a query when an
- answer is
- returned. The default is to print the question section as a
- comment.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
+ Set the number of dots that have to appear in
+ <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
+ for it to be considered absolute. The default value
+ is that defined using the ndots statement in
+ <code class="filename">/etc/resolv.conf</code>, or 1 if no
+ ndots statement is present. Names with fewer dots
+ are interpreted as relative names and will be searched
+ for in the domains listed in the <code class="option">search</code>
+ or <code class="option">domain</code> directive in
+ <code class="filename">/etc/resolv.conf</code>.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
<dd><p>
- Display [do not display] the answer section of a reply. The
- default
- is to display it.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
+ Include an EDNS name server ID request when sending
+ a query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
- Display [do not display] the authority section of a reply. The
- default is to display it.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
+ When this option is set, <span><strong class="command">dig</strong></span>
+ attempts to find the authoritative name servers for
+ the zone containing the name being looked up and
+ display the SOA record that each name server has for
+ the zone.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
<dd><p>
- Display [do not display] the additional section of a reply.
- The default is to display it.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]all</code></span></dt>
+ Print only one (starting) SOA record when performing
+ an AXFR. The default is to print both the starting
+ and ending SOA records.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd><p>
- Set or clear all display flags.
- </p></dd>
-<dt><span class="term"><code class="option">+time=T</code></span></dt>
+ Print [do not print] the query as it is sent. By
+ default, the query is not printed.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd><p>
-
- Sets the timeout for a query to
- <em class="parameter"><code>T</code></em> seconds. The default
- timeout is 5 seconds.
- An attempt to set <em class="parameter"><code>T</code></em> to less
- than 1 will result
- in a query timeout of 1 second being applied.
- </p></dd>
-<dt><span class="term"><code class="option">+tries=T</code></span></dt>
+ Print [do not print] the question section of a query
+ when an answer is returned. The default is to print
+ the question section as a comment.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
<dd><p>
- Sets the number of times to try UDP queries to server to
- <em class="parameter"><code>T</code></em> instead of the default, 3.
- If
- <em class="parameter"><code>T</code></em> is less than or equal to
- zero, the number of
- tries is silently rounded up to 1.
- </p></dd>
+ Toggle the setting of the RD (recursion desired) bit
+ in the query. This bit is set by default, which means
+ <span><strong class="command">dig</strong></span> normally sends recursive
+ queries. Recursion is automatically disabled when
+ the <em class="parameter"><code>+nssearch</code></em> or
+ <em class="parameter"><code>+trace</code></em> query options are used.
+ </p></dd>
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
<dd><p>
- Sets the number of times to retry UDP queries to server to
- <em class="parameter"><code>T</code></em> instead of the default, 2.
- Unlike
- <em class="parameter"><code>+tries</code></em>, this does not include
- the initial
- query.
- </p></dd>
-<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
+ Sets the number of times to retry UDP queries to
+ server to <em class="parameter"><code>T</code></em> instead of the
+ default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
+ this does not include the initial query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]search</code></span></dt>
<dd><p>
- Set the number of dots that have to appear in
- <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
- considered absolute. The default value is that defined using
- the
- ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
- ndots statement is present. Names with fewer dots are
- interpreted as
- relative names and will be searched for in the domains listed in
- the
- <code class="option">search</code> or <code class="option">domain</code> directive in
- <code class="filename">/etc/resolv.conf</code>.
- </p></dd>
-<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
+ Use [do not use] the search list defined by the
+ searchlist or domain directive in
+ <code class="filename">resolv.conf</code> (if any). The search
+ list is not used by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]short</code></span></dt>
<dd><p>
- Set the UDP message buffer size advertised using EDNS0 to
- <em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes
- of this buffer are 65535 and 0 respectively. Values outside
- this range are rounded up or down appropriately.
- Values other than zero will cause a EDNS query to be sent.
- </p></dd>
-<dt><span class="term"><code class="option">+edns=#</code></span></dt>
+ Provide a terse answer. The default is to print the
+ answer in a verbose form.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dd><p>
- Specify the EDNS version to query with. Valid values
- are 0 to 255. Setting the EDNS version will cause a
- EDNS query to be sent. <code class="option">+noedns</code> clears the
- remembered EDNS version.
+ Perform [do not perform] a search showing intermediate
+ results.
</p></dd>
-<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
+<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
<dd><p>
- Print records like the SOA records in a verbose multi-line
- format with human-readable comments. The default is to print
- each record on a single line, to facilitate machine parsing
- of the <span><strong class="command">dig</strong></span> output.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
+ Chase DNSSEC signature chains. Requires dig be
+ compiled with -DDIG_SIGCHASE.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
- Print only one (starting) SOA record when performing
- an AXFR. The default is to print both the starting and
- ending SOA records.
+ This query option toggles the printing of statistics:
+ when the query was made, the size of the reply and
+ so on. The default behavior is to print the query
+ statistics.
</p></dd>
-<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
+<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
- Do not try the next server if you receive a SERVFAIL. The
- default is
- to not try the next server which is the reverse of normal stub
- resolver
- behavior.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
+ Use [do not use] TCP when querying name servers. The
+ default behavior is to use UDP unless an
+ <code class="literal">ixfr=N</code> query is requested, in which
+ case the default is TCP. AXFR queries always use
+ TCP.
+ </p></dd>
+<dt><span class="term"><code class="option">+time=T</code></span></dt>
<dd><p>
- Attempt to display the contents of messages which are malformed.
- The default is to not display malformed answers.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
+
+ Sets the timeout for a query to
+ <em class="parameter"><code>T</code></em> seconds. The default
+ timeout is 5 seconds.
+ An attempt to set <em class="parameter"><code>T</code></em> to less
+ than 1 will result
+ in a query timeout of 1 second being applied.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dd><p>
- Requests DNSSEC records be sent by setting the DNSSEC OK bit
- (DO)
- in the OPT record in the additional section of the query.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
+ When chasing DNSSEC signature chains perform a top-down
+ validation. Requires dig be compiled with -DDIG_SIGCHASE.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd><p>
- Chase DNSSEC signature chains. Requires dig be compiled with
- -DDIG_SIGCHASE.
- </p></dd>
+ Toggle tracing of the delegation path from the root
+ name servers for the name being looked up. Tracing
+ is disabled by default. When tracing is enabled,
+ <span><strong class="command">dig</strong></span> makes iterative queries to
+ resolve the name being looked up. It will follow
+ referrals from the root servers, showing the answer
+ from each server that was used to resolve the lookup.
+ </p></dd>
+<dt><span class="term"><code class="option">+tries=T</code></span></dt>
+<dd><p>
+ Sets the number of times to try UDP queries to server
+ to <em class="parameter"><code>T</code></em> instead of the default,
+ 3. If <em class="parameter"><code>T</code></em> is less than or equal
+ to zero, the number of tries is silently rounded up
+ to 1.
+ </p></dd>
<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
<dd>
<p>
- Specifies a file containing trusted keys to be used with
- <code class="option">+sigchase</code>. Each DNSKEY record must be
- on its own line.
- </p>
+ Specifies a file containing trusted keys to be used
+ with <code class="option">+sigchase</code>. Each DNSKEY record
+ must be on its own line.
+ </p>
<p>
- If not specified, <span><strong class="command">dig</strong></span> will look for
- <code class="filename">/etc/trusted-key.key</code> then
- <code class="filename">trusted-key.key</code> in the current directory.
+ If not specified, <span><strong class="command">dig</strong></span> will look
+ for <code class="filename">/etc/trusted-key.key</code> then
+ <code class="filename">trusted-key.key</code> in the current
+ directory.
</p>
<p>
- Requires dig be compiled with -DDIG_SIGCHASE.
+ Requires dig be compiled with -DDIG_SIGCHASE.
</p>
</dd>
-<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
+<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
<dd><p>
- When chasing DNSSEC signature chains perform a top-down
- validation.
- Requires dig be compiled with -DDIG_SIGCHASE.
- </p></dd>
-<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
+ Display [do not display] the TTL when printing the
+ record.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
<dd><p>
- Include an EDNS name server ID request when sending a query.
- </p></dd>
+ Use [do not use] TCP when querying name servers. This
+ alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
+ is provided for backwards compatibility. The "vc"
+ stands for "virtual circuit".
+ </p></dd>
</dl></div>
<p>
@@ -587,7 +582,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2664290"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2663555"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@@ -633,7 +628,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2664375"></a><h2>IDN SUPPORT</h2>
+<a name="id2663640"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -647,7 +642,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2664540"></a><h2>FILES</h2>
+<a name="id2663669"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
@@ -654,7 +649,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2664562"></a><h2>SEE ALSO</h2>
+<a name="id2663690"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -662,7 +657,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2664599"></a><h2>BUGS</h2>
+<a name="id2663728"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
@@ -685,5 +680,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.dnssec-dsfromkey.html
===================================================================
--- vendor/bind/dist/doc/arm/man.dnssec-dsfromkey.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.dnssec-dsfromkey.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-dsfromkey.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2612124"></a><h2>DESCRIPTION</h2>
+<a name="id2611447"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
@@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2612138"></a><h2>OPTIONS</h2>
+<a name="id2611461"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@@ -120,7 +120,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2612327"></a><h2>EXAMPLE</h2>
+<a name="id2612332"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2612568"></a><h2>FILES</h2>
+<a name="id2612369"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -149,13 +149,13 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2612610"></a><h2>CAVEAT</h2>
+<a name="id2612410"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2612619"></a><h2>SEE ALSO</h2>
+<a name="id2612420"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2612659"></a><h2>AUTHOR</h2>
+<a name="id2612459"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -188,5 +188,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.dnssec-keyfromlabel.html
===================================================================
--- vendor/bind/dist/doc/arm/man.dnssec-keyfromlabel.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.dnssec-keyfromlabel.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-keyfromlabel.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,14 +47,17 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2613242"></a><h2>DESCRIPTION</h2>
+<a name="id2613620"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
- gets keys with the given label from a crypto hardware and builds
- key files for DNSSEC (Secure DNS), as defined in RFC 2535
- and RFC 4034.
+ generates a key pair of files that referencing a key object stored
+ in a cryptographic hardware service module (HSM). The private key
+ file can be used for DNSSEC signing of zone data as if it were a
+ conventional signing key created by <span><strong class="command">dnssec-keygen</strong></span>,
+ but the key material is stored within the HSM, and the actual signing
+ takes place there.
</p>
<p>
The <code class="option">name</code> of the key is specified on the command
@@ -63,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2614013"></a><h2>OPTIONS</h2>
+<a name="id2613645"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -161,6 +164,16 @@
Other possible values for this argument are listed in
RFC 2535 and its successors.
</p></dd>
+<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
+<dd><p>
+ Generate a key as an explicit successor to an existing key.
+ The name, algorithm, size, and type of the key will be set
+ to match the predecessor. The activation date of the new
+ key will be set to the inactivation date of the existing
+ one. The publication date will be set to the activation
+ date minus the prepublication interval, which defaults to
+ 30 days.
+ </p></dd>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd><p>
Indicates the use of the key. <code class="option">type</code> must be
@@ -183,7 +196,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2614859"></a><h2>TIMING OPTIONS</h2>
+<a name="id2654854"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -192,7 +205,8 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</p>
<div class="variablelist"><dl>
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
@@ -227,10 +241,34 @@
date, the key will no longer be included in the zone. (It
may remain in the key repository, however.)
</p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
+<dd>
+<p>
+ Sets the prepublication interval for a key. If set, then
+ the publication and activation dates must be separated by at least
+ this much time. If the activation date is specified but the
+ publication date isn't, then the publication date will default
+ to this much time before the activation date; conversely, if
+ the publication date is specified but activation date isn't,
+ then activation will be set to this much time after publication.
+ </p>
+<p>
+ If the key is being created as an explicit successor to another
+ key, then the default prepublication interval is 30 days;
+ otherwise it is zero.
+ </p>
+<p>
+ As with date offsets, if the argument is followed by one of
+ the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
+ interval is measured in years, months, weeks, days, hours,
+ or minutes, respectively. Without a suffix, the interval is
+ measured in seconds.
+ </p>
+</dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2616323"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2654976"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@@ -269,7 +307,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2616417"></a><h2>SEE ALSO</h2>
+<a name="id2667016"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -277,7 +315,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2616450"></a><h2>AUTHOR</h2>
+<a name="id2667117"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -301,5 +339,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.dnssec-keygen.html
===================================================================
--- vendor/bind/dist/doc/arm/man.dnssec-keygen.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.dnssec-keygen.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-keygen.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2615154"></a><h2>DESCRIPTION</h2>
+<a name="id2614825"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2615174"></a><h2>OPTIONS</h2>
+<a name="id2614845"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -269,7 +269,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2669210"></a><h2>TIMING OPTIONS</h2>
+<a name="id2668472"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -278,7 +278,8 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</p>
<div class="variablelist"><dl>
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
@@ -293,7 +294,9 @@
Sets the date on which the key is to be activated. After that
date, the key will be included in the zone and used to sign
it. If not set, and if the -G option has not been used, the
- default is "now".
+ default is "now". If set, if and -P is not set, then
+ the publication date will be set to the activation date
+ minus the prepublication interval.
</p></dd>
<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
@@ -340,7 +343,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2669332"></a><h2>GENERATED KEYS</h2>
+<a name="id2668662"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -386,7 +389,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2669508"></a><h2>EXAMPLE</h2>
+<a name="id2668770"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -407,7 +410,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2669564"></a><h2>SEE ALSO</h2>
+<a name="id2668826"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -416,7 +419,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2669732"></a><h2>AUTHOR</h2>
+<a name="id2668857"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -440,5 +443,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.dnssec-revoke.html
===================================================================
--- vendor/bind/dist/doc/arm/man.dnssec-revoke.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.dnssec-revoke.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-revoke.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2616000"></a><h2>DESCRIPTION</h2>
+<a name="id2615127"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2616013"></a><h2>OPTIONS</h2>
+<a name="id2615141"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -96,7 +96,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2616134"></a><h2>SEE ALSO</h2>
+<a name="id2615261"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
@@ -103,7 +103,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2616158"></a><h2>AUTHOR</h2>
+<a name="id2615286"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -127,5 +127,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.dnssec-settime.html
===================================================================
--- vendor/bind/dist/doc/arm/man.dnssec-settime.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.dnssec-settime.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-settime.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2616615"></a><h2>DESCRIPTION</h2>
+<a name="id2615813"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2616742"></a><h2>OPTIONS</h2>
+<a name="id2615872"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@@ -109,7 +109,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2616836"></a><h2>TIMING OPTIONS</h2>
+<a name="id2616034"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -118,7 +118,7 @@
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds. To unset a date, use 'none'.
+ is computed in seconds. To unset a date, use 'none' or 'never'.
</p>
<div class="variablelist"><dl>
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
@@ -188,7 +188,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2616974"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2616992"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@@ -214,7 +214,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2617123"></a><h2>SEE ALSO</h2>
+<a name="id2617072"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -222,7 +222,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2617156"></a><h2>AUTHOR</h2>
+<a name="id2617105"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -246,5 +246,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.dnssec-signzone.html
===================================================================
--- vendor/bind/dist/doc/arm/man.dnssec-signzone.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.dnssec-signzone.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-signzone.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="repl!
aceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2618290"></a><h2>DESCRIPTION</h2>
+<a name="id2617564"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2618309"></a><h2>OPTIONS</h2>
+<a name="id2617584"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -365,7 +365,7 @@
</p></dd>
<dt><span class="term">-H <em class="replaceable"><code>iterations</code></em></span></dt>
<dd><p>
- When generating an NSEC3 chain, use this many interations. The
+ When generating an NSEC3 chain, use this many iterations. The
default is 10.
</p></dd>
<dt><span class="term">-A</span></dt>
@@ -397,7 +397,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2672630"></a><h2>EXAMPLE</h2>
+<a name="id2669857"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -427,7 +427,7 @@
%</pre>
</div>
<div class="refsect1" lang="en">
-<a name="id2672709"></a><h2>SEE ALSO</h2>
+<a name="id2669936"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
@@ -434,7 +434,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2672733"></a><h2>AUTHOR</h2>
+<a name="id2669960"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -458,5 +458,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.genrandom.html
===================================================================
--- vendor/bind/dist/doc/arm/man.genrandom.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.genrandom.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.genrandom.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2653420"></a><h2>DESCRIPTION</h2>
+<a name="id2615560"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653435"></a><h2>ARGUMENTS</h2>
+<a name="id2650528"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@@ -77,7 +77,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2653496"></a><h2>SEE ALSO</h2>
+<a name="id2650588"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
@@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653523"></a><h2>AUTHOR</h2>
+<a name="id2650615"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -108,5 +108,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.host.html
===================================================================
--- vendor/bind/dist/doc/arm/man.host.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.host.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.host.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,10 +47,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
+<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2611090"></a><h2>DESCRIPTION</h2>
+<a name="id2610631"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -200,9 +200,13 @@
<em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em> and
<em class="parameter"><code>trace</code></em>.
</p>
+<p>
+ The <code class="option">-V</code> option causes <span><strong class="command">host</strong></span>
+ to print the version number and exit.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2611877"></a><h2>IDN SUPPORT</h2>
+<a name="id2611158"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -216,12 +220,12 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613954"></a><h2>FILES</h2>
+<a name="id2611187"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613968"></a><h2>SEE ALSO</h2>
+<a name="id2613317"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
@@ -245,5 +249,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.isc-hmac-fixup.html
===================================================================
--- vendor/bind/dist/doc/arm/man.isc-hmac-fixup.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.isc-hmac-fixup.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.isc-hmac-fixup.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2617529"></a><h2>DESCRIPTION</h2>
+<a name="id2653126"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653602"></a><h2>SECURITY CONSIDERATIONS</h2>
+<a name="id2653154"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@@ -87,7 +87,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653618"></a><h2>SEE ALSO</h2>
+<a name="id2653170"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
@@ -94,7 +94,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653635"></a><h2>AUTHOR</h2>
+<a name="id2653187"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -118,5 +118,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.named-checkconf.html
===================================================================
--- vendor/bind/dist/doc/arm/man.named-checkconf.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.named-checkconf.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.named-checkconf.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,10 +47,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2619428"></a><h2>DESCRIPTION</h2>
+<a name="id2618468"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@@ -70,7 +70,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2619498"></a><h2>OPTIONS</h2>
+<a name="id2618538"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -92,6 +92,16 @@
Print out the <code class="filename">named.conf</code> and included files
in canonical form if no errors were detected.
</p></dd>
+<dt><span class="term">-x</span></dt>
+<dd><p>
+ When printing the configuration files in canonical
+ form, obscure shared secrets by replacing them with
+ strings of question marks ('?'). This allows the
+ contents of <code class="filename">named.conf</code> and related
+ files to be shared — for example, when submitting
+ bug reports — without compromising private data.
+ This option cannot be used without <code class="option">-p</code>.
+ </p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
Perform a test load of all master zones found in
@@ -109,7 +119,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2619633"></a><h2>RETURN VALUES</h2>
+<a name="id2618694"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
@@ -116,7 +126,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2619646"></a><h2>SEE ALSO</h2>
+<a name="id2618708"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
@@ -123,7 +133,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2619676"></a><h2>AUTHOR</h2>
+<a name="id2619147"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -147,5 +157,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.named-checkzone.html
===================================================================
--- vendor/bind/dist/doc/arm/man.named-checkzone.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.named-checkzone.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.named-checkzone.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2633210"></a><h2>DESCRIPTION</h2>
+<a name="id2670131"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2674630"></a><h2>OPTIONS</h2>
+<a name="id2670181"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -234,10 +234,10 @@
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
- Check if Sender Policy Framework records (TXT and SPF)
- both exist or both don't exist. A warning is issued
- if they don't match. Possible modes are
- <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
+ Check if Sender Policy Framework (SPF) records exist
+ and issues a warning if an SPF-formatted TXT record is
+ not also present. Possible modes are <span><strong class="command">"warn"</strong></span>
+ (default), <span><strong class="command">"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -272,7 +272,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2675429"></a><h2>RETURN VALUES</h2>
+<a name="id2670980"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
@@ -279,7 +279,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2675443"></a><h2>SEE ALSO</h2>
+<a name="id2670994"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@@ -287,7 +287,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2675476"></a><h2>AUTHOR</h2>
+<a name="id2671027"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -311,5 +311,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.named-journalprint.html
===================================================================
--- vendor/bind/dist/doc/arm/man.named-journalprint.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.named-journalprint.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.named-journalprint.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2613857"></a><h2>DESCRIPTION</h2>
+<a name="id2613165"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2639434"></a><h2>SEE ALSO</h2>
+<a name="id2632189"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2639465"></a><h2>AUTHOR</h2>
+<a name="id2632220"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -108,5 +108,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.named.html
===================================================================
--- vendor/bind/dist/doc/arm/man.named.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.named.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.named.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2633550"></a><h2>DESCRIPTION</h2>
+<a name="id2621933"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2633581"></a><h2>OPTIONS</h2>
+<a name="id2621964"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -246,7 +246,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2641303"></a><h2>SIGNALS</h2>
+<a name="id2671124"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -267,7 +267,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2641353"></a><h2>CONFIGURATION</h2>
+<a name="id2671174"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@@ -284,7 +284,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2675740"></a><h2>FILES</h2>
+<a name="id2671223"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -297,7 +297,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2675784"></a><h2>SEE ALSO</h2>
+<a name="id2671267"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -310,7 +310,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2675854"></a><h2>AUTHOR</h2>
+<a name="id2671337"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -334,5 +334,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.nsec3hash.html
===================================================================
--- vendor/bind/dist/doc/arm/man.nsec3hash.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.nsec3hash.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.nsec3hash.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2653680"></a><h2>DESCRIPTION</h2>
+<a name="id2653300"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653694"></a><h2>ARGUMENTS</h2>
+<a name="id2653315"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">salt</span></dt>
<dd><p>
@@ -80,7 +80,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2653756"></a><h2>SEE ALSO</h2>
+<a name="id2653377"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
@@ -87,7 +87,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2653773"></a><h2>AUTHOR</h2>
+<a name="id2653394"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -109,5 +109,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.nsupdate.html
===================================================================
--- vendor/bind/dist/doc/arm/man.nsupdate.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.nsupdate.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.nsupdate.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,10 +47,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
+<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2639765"></a><h2>DESCRIPTION</h2>
+<a name="id2635315"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -131,7 +131,13 @@
[<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
<em class="parameter"><code>keyname</code></em> is the name of the key, and
<em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
- Use of the <code class="option">-y</code> option is discouraged because the
+ <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
+ valid choices are <code class="literal">hmac-md5</code>,
+ <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
+ <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
+ <code class="literal">hmac-sha512</code>. If <em class="parameter"><code>hmac</code></em>
+ is not specified, the default is <code class="literal">hmac-md5</code>.
+ NOTE: Use of the <code class="option">-y</code> option is discouraged because the
shared secret is supplied as a command line argument in clear text.
This may be visible in the output from
<span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
@@ -208,9 +214,13 @@
<code class="filename">keyboard</code> indicates that keyboard input
should be used. This option may be specified multiple times.
</p>
+<p>
+ The -V option causes <span><strong class="command">nsupdate</strong></span> to print the
+ version number and exit.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2641532"></a><h2>INPUT FORMAT</h2>
+<a name="id2677965"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@@ -314,14 +324,16 @@
</p></dd>
<dt><span class="term">
<span><strong class="command">key</strong></span>
- {name}
+ [hmac:] {keyname}
{secret}
</span></dt>
<dd><p>
Specifies that all updates are to be TSIG-signed using the
- <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
- The <span><strong class="command">key</strong></span> command
- overrides any key specified on the command line via
+ <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.
+ If <em class="parameter"><code>hmac</code></em> is specified, then it sets the
+ signing algorithm in use; the default is
+ <code class="literal">hmac-md5</code>. The <span><strong class="command">key</strong></span>
+ command overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
@@ -490,6 +502,18 @@
<dd><p>
Turn on debugging.
</p></dd>
+<dt><span class="term">
+ <span><strong class="command">version</strong></span>
+ </span></dt>
+<dd><p>
+ Print version number.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">help</strong></span>
+ </span></dt>
+<dd><p>
+ Print a list of commands.
+ </p></dd>
</dl></div>
<p>
</p>
@@ -498,7 +522,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2676987"></a><h2>EXAMPLES</h2>
+<a name="id2679138"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@@ -552,7 +576,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2677037"></a><h2>FILES</h2>
+<a name="id2679188"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -575,7 +599,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2677121"></a><h2>SEE ALSO</h2>
+<a name="id2679271"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@@ -590,7 +614,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2677246"></a><h2>BUGS</h2>
+<a name="id2679329"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
@@ -618,5 +642,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.rndc-confgen.html
===================================================================
--- vendor/bind/dist/doc/arm/man.rndc-confgen.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.rndc-confgen.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.rndc-confgen.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2643706"></a><h2>DESCRIPTION</h2>
+<a name="id2642500"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2643772"></a><h2>OPTIONS</h2>
+<a name="id2642566"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@@ -173,7 +173,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2644978"></a><h2>EXAMPLES</h2>
+<a name="id2650871"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@@ -190,7 +190,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2645034"></a><h2>SEE ALSO</h2>
+<a name="id2650928"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -198,7 +198,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2652650"></a><h2>AUTHOR</h2>
+<a name="id2653082"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -222,5 +222,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.rndc.conf.html
===================================================================
--- vendor/bind/dist/doc/arm/man.rndc.conf.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.rndc.conf.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.rndc.conf.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2642400"></a><h2>DESCRIPTION</h2>
+<a name="id2613474"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2642571"></a><h2>EXAMPLE</h2>
+<a name="id2641430"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -209,7 +209,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2643239"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2641552"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2643265"></a><h2>SEE ALSO</h2>
+<a name="id2641577"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@@ -227,7 +227,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2643303"></a><h2>AUTHOR</h2>
+<a name="id2642093"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -251,5 +251,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/man.rndc.html
===================================================================
--- vendor/bind/dist/doc/arm/man.rndc.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/man.rndc.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.rndc.html,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2641686"></a><h2>DESCRIPTION</h2>
+<a name="id2640274"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -79,7 +79,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2641736"></a><h2>OPTIONS</h2>
+<a name="id2640324"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@@ -143,19 +143,263 @@
or write access.
</p></dd>
</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2640669"></a><h2>COMMANDS</h2>
<p>
- For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
- see the BIND 9 Administrator Reference Manual or run
- <span><strong class="command">rndc</strong></span> without arguments to see its help
- message.
+ A list of commands supported by <span><strong class="command">rndc</strong></span> can
+ be seen by running <span><strong class="command">rndc</strong></span> without arguments.
</p>
+<p>
+ Currently supported commands are:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
+<dd><p>
+ Reload configuration file and zones.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Reload the given zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Schedule zone maintenance for the given zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Retransfer the given zone from the master.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd>
+<p>
+ Fetch all DNSSEC keys for the given zone
+ from the key directory (see the
+ <span><strong class="command">key-directory</strong></span> option in
+ the BIND 9 Administrator Reference Manual). If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. If the DNSKEY RRset
+ is changed, then the zone is automatically
+ re-signed with the new key set.
+ </p>
+<p>
+ This command requires that the
+ <span><strong class="command">auto-dnssec</strong></span> zone option be set
+ to <code class="literal">allow</code> or
+ <code class="literal">maintain</code>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
+ (See "Dynamic Update Policies" in the Administrator
+ Reference Manual for more details.)
+ </p>
+</dd>
+<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd>
+<p>
+ Fetch all DNSSEC keys for the given zone
+ from the key directory. If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
+ sign</strong></span>, however, the zone is not
+ immediately re-signed by the new keys, but is
+ allowed to incrementally re-sign over time.
+ </p>
+<p>
+ This command requires that the
+ <span><strong class="command">auto-dnssec</strong></span> zone option
+ be set to <code class="literal">maintain</code>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
+ (See "Dynamic Update Policies" in the Administrator
+ Reference Manual for more details.)
+ </p>
+</dd>
+<dt><span class="term"><strong class="userinput"><code>freeze [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Suspend updates to a dynamic zone. If no zone is
+ specified, then all zones are suspended. This allows
+ manual edits to be made to a zone normally updated by
+ dynamic update. It also causes changes in the
+ journal file to be synced into the master file,
+ and the journal file to be removed.
+ All dynamic update attempts will be refused while
+ the zone is frozen.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Enable updates to a frozen dynamic zone. If no
+ zone is specified, then all frozen zones are
+ enabled. This causes the server to reload the zone
+ from disk, and re-enables dynamic updates after the
+ load has completed. After a zone is thawed,
+ dynamic updates will no longer be refused.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Resend NOTIFY messages for the zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
+<dd><p>
+ Reload the configuration file and load new zones,
+ but do not reload existing zone files even if they
+ have changed.
+ This is faster than a full <span><strong class="command">reload</strong></span> when there
+ is a large number of zones because it avoids the need
+ to examine the
+ modification times of the zones files.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
+<dd><p>
+ Write server statistics to the statistics file.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt>
+<dd><p>
+ Toggle query logging. Query logging can also be enabled
+ by explicitly directing the <span><strong class="command">queries</strong></span>
+ <span><strong class="command">category</strong></span> to a
+ <span><strong class="command">channel</strong></span> in the
+ <span><strong class="command">logging</strong></span> section of
+ <code class="filename">named.conf</code> or by specifying
+ <span><strong class="command">querylog yes;</strong></span> in the
+ <span><strong class="command">options</strong></span> section of
+ <code class="filename">named.conf</code>.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dd><p>
+ Dump the server's caches (default) and/or zones to
+ the
+ dump file for the specified views. If no view is
+ specified, all
+ views are dumped.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dd><p>
+ Dump the server's security roots to the secroots
+ file for the specified views. If no view is
+ specified, security roots for all
+ views are dumped.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
+<dd><p>
+ Stop the server, making sure any recent changes
+ made through dynamic update or IXFR are first saved to
+ the master files of the updated zones.
+ If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span><strong class="command">named</strong></span>
+ had completed stopping.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
+<dd><p>
+ Stop the server immediately. Recent changes
+ made through dynamic update or IXFR are not saved to
+ the master files, but will be rolled forward from the
+ journal files when the server is restarted.
+ If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span><strong class="command">named</strong></span>
+ had completed halting.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
+<dd><p>
+ Increment the servers debugging level by one.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
+<dd><p>
+ Sets the server's debugging level to an explicit
+ value.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
+<dd><p>
+ Sets the server's debugging level to 0.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
+<dd><p>
+ Flushes the server's cache.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt>
+<dd><p>
+ Flushes the given name from the server's cache.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
+<dd><p>
+ Display status of the server.
+ Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
+ and the default <span><strong class="command">./IN</strong></span>
+ hint zone if there is not an
+ explicit root zone configured.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
+<dd><p>
+ Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
+ on.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>validation ( on | off | check ) [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>] </code></strong></span></dt>
+<dd><p>
+ Enable, disable, or check the current status of
+ DNSSEC validation.
+ Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
+ set to <strong class="userinput"><code>yes</code></strong> or
+ <strong class="userinput"><code>auto</code></strong> to be effective.
+ It defaults to enabled.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>
+<dd><p>
+ List the names of all TSIG keys currently configured
+ for use by <span><strong class="command">named</strong></span> in each view. The
+ list both statically configured keys and dynamic
+ TKEY-negotiated keys.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
+<dd><p>
+ Delete a given TKEY-negotiated key from the server.
+ (This does not apply to statically configured TSIG
+ keys.)
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt>
+<dd>
+<p>
+ Add a zone while the server is running. This
+ command requires the
+ <span><strong class="command">allow-new-zones</strong></span> option to be set
+ to <strong class="userinput"><code>yes</code></strong>. The
+ <em class="replaceable"><code>configuration</code></em> string
+ specified on the command line is the zone
+ configuration text that would ordinarily be
+ placed in <code class="filename">named.conf</code>.
+ </p>
+<p>
+ The configuration is saved in a file called
+ <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
+ where <em class="replaceable"><code>hash</code></em> is a
+ cryptographic hash generated from the name of
+ the view. When <span><strong class="command">named</strong></span> is
+ restarted, the file will be loaded into the view
+ configuration, so that zones that were added
+ can persist after a restart.
+ </p>
+<p>
+ This sample <span><strong class="command">addzone</strong></span> command
+ would add the zone <code class="literal">example.com</code>
+ to the default view:
+ </p>
+<p>
+<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>
+ </p>
+<p>
+ (Note the brackets and semi-colon around the zone
+ configuration text.)
+ </p>
+</dd>
+<dt><span class="term"><strong class="userinput"><code>delzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>
+<dd><p>
+ Delete a zone while the server is running.
+ Only zones that were originally added via
+ <span><strong class="command">rndc addzone</strong></span> can be deleted
+ in this manner.
+ </p></dd>
+</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2642029"></a><h2>LIMITATIONS</h2>
-<p><span><strong class="command">rndc</strong></span>
- does not yet support all the commands of
- the BIND 8 <span><strong class="command">ndc</strong></span> utility.
- </p>
+<a name="id2680192"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@@ -165,7 +409,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2642060"></a><h2>SEE ALSO</h2>
+<a name="id2680210"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -175,7 +419,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2642116"></a><h2>AUTHOR</h2>
+<a name="id2680265"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
@@ -199,5 +443,6 @@
</tr>
</table>
</div>
+<p style="text-align: center;">BIND Version 9.8</p>
</body>
</html>
Modified: vendor/bind/dist/doc/arm/managed-keys.xml
===================================================================
--- vendor/bind/dist/doc/arm/managed-keys.xml 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/managed-keys.xml 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: managed-keys.xml,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $ -->
+<!-- $Id: managed-keys.xml,v 1.3 2010/02/03 23:49:07 tbox Exp $ -->
<sect1 id="rfc5011.support">
<title>Dynamic Trust Anchor Management</title>
Modified: vendor/bind/dist/doc/arm/pkcs11.xml
===================================================================
--- vendor/bind/dist/doc/arm/pkcs11.xml 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/arm/pkcs11.xml 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11.xml,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ -->
+<!-- $Id$ -->
<sect1 id="pkcs11">
<title>PKCS #11 (Cryptoki) support</title>
@@ -68,15 +68,17 @@
is an example of such a device.</para>
</listitem>
</itemizedlist>
- <para>The modified OpenSSL code is included in the BIND 9 release,
- in the form of a context diff against the latest verions of
- OpenSSL. OpenSSL 0.9.8 and 1.0.0 are both supported; there are
- separate diffs for each version. In the examples to follow,
- we use OpenSSL 0.9.8, but the same methods work with OpenSSL 1.0.0.
+ <para>
+ The modified OpenSSL code is included in the BIND 9 release,
+ in the form of a context diff against the latest versions of
+ OpenSSL. OpenSSL 0.9.8, 1.0.0, and 1.0.1 are supported; there are
+ separate diffs for each version. In the examples to follow,
+ we use OpenSSL 0.9.8, but the same methods work with OpenSSL
+ 1.0.0 and 1.0.1.
</para>
<note>
The latest OpenSSL versions at the time of the BIND release
- are 0.9.8s and 1.0.0f.
+ are 0.9.8y, 1.0.0k and 1.0.1e.
ISC will provide an updated patch as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.</note>
Modified: vendor/bind/dist/doc/doxygen/Doxyfile.in
===================================================================
--- vendor/bind/dist/doc/doxygen/Doxyfile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/doxygen/Doxyfile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# $Id: Doxyfile.in,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+# $Id: Doxyfile.in,v 1.2 2006/12/22 01:44:59 marka Exp $
# Doxyfile 1.4.7
Modified: vendor/bind/dist/doc/doxygen/Makefile.in
===================================================================
--- vendor/bind/dist/doc/doxygen/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/doxygen/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+# $Id: Makefile.in,v 1.4 2007/06/19 23:47:13 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/doc/doxygen/doxygen-input-filter.in
===================================================================
--- vendor/bind/dist/doc/doxygen/doxygen-input-filter.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/doxygen/doxygen-input-filter.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: doxygen-input-filter.in,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+# $Id: doxygen-input-filter.in,v 1.4 2007/06/19 23:47:13 tbox Exp $
# Input filter for feeding our source code into Doxygen.
Modified: vendor/bind/dist/doc/doxygen/isc-footer.html
===================================================================
--- vendor/bind/dist/doc/doxygen/isc-footer.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/doxygen/isc-footer.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-footer.html,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $ -->
+<!-- $Id: isc-footer.html,v 1.5 2007/06/19 23:47:13 tbox Exp $ -->
<!-- $Id -->
Modified: vendor/bind/dist/doc/doxygen/isc-header.html
===================================================================
--- vendor/bind/dist/doc/doxygen/isc-header.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/doxygen/isc-header.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-header.html,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $ -->
+<!-- $Id: isc-header.html,v 1.5 2007/06/19 23:47:13 tbox Exp $ -->
<html>
<head>
Modified: vendor/bind/dist/doc/doxygen/mainpage
===================================================================
--- vendor/bind/dist/doc/doxygen/mainpage 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/doxygen/mainpage 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
// -*- C++ -*-
-// $Id: mainpage,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+// $Id: mainpage,v 1.2 2006/12/22 01:44:59 marka Exp $
//
// Doxygen text. Lines beginning with two slashes are comments; lines
// beginning with three slashes are Doxygen input.
Modified: vendor/bind/dist/doc/misc/Makefile.in
===================================================================
--- vendor/bind/dist/doc/misc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+# $Id: Makefile.in,v 1.9 2009/07/10 23:47:58 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/doc/misc/dnssec
===================================================================
--- vendor/bind/dist/doc/misc/dnssec 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/dnssec 2016-11-03 12:20:06 UTC (rev 9200)
@@ -81,4 +81,4 @@
ensure the integrity of zone transfers.
-$Id: dnssec,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+$Id: dnssec,v 1.19 2004/03/05 05:04:53 marka Exp $
Modified: vendor/bind/dist/doc/misc/format-options.pl
===================================================================
--- vendor/bind/dist/doc/misc/format-options.pl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/format-options.pl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: format-options.pl,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+# $Id: format-options.pl,v 1.5 2007/09/24 04:21:59 marka Exp $
print <<END;
Modified: vendor/bind/dist/doc/misc/ipv6
===================================================================
--- vendor/bind/dist/doc/misc/ipv6 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/ipv6 2016-11-03 12:20:06 UTC (rev 9200)
@@ -110,4 +110,4 @@
3542: Advanced Sockets Application Program Interface (API) for IPv6
-$Id: ipv6,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+$Id: ipv6,v 1.9 2004/08/10 04:27:51 jinmei Exp $
Modified: vendor/bind/dist/doc/misc/migration
===================================================================
--- vendor/bind/dist/doc/misc/migration 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/migration 2016-11-03 12:20:06 UTC (rev 9200)
@@ -264,4 +264,4 @@
start the named process.
-$Id: migration,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+$Id: migration,v 1.49 2008/03/18 15:42:53 jreed Exp $
Modified: vendor/bind/dist/doc/misc/migration-4to9
===================================================================
--- vendor/bind/dist/doc/misc/migration-4to9 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/migration-4to9 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
Copyright (C) 2001 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-$Id: migration-4to9,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+$Id: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp $
BIND 4 to BIND 9 Migration Notes
Modified: vendor/bind/dist/doc/misc/options
===================================================================
--- vendor/bind/dist/doc/misc/options 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/options 2016-11-03 12:20:06 UTC (rev 9200)
@@ -174,6 +174,7 @@
multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
+ no-case-compress { <address_match_element>; ... };
notify <notifytype>;
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
@@ -313,7 +314,6 @@
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
- database <string>;
deny-answer-addresses { <address_match_element>; ... } [
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
@@ -387,6 +387,7 @@
min-roots <integer>; // not implemented
minimal-responses <boolean>;
multi-master <boolean>;
+ no-case-compress { <address_match_element>; ... };
notify <notifytype>;
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
Modified: vendor/bind/dist/doc/misc/rfc-compliance
===================================================================
--- vendor/bind/dist/doc/misc/rfc-compliance 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/rfc-compliance 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
Copyright (C) 2001 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-$Id: rfc-compliance,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $
BIND 9 is striving for strict compliance with IETF standards. We
believe this release of BIND 9 complies with the following RFCs, with
Modified: vendor/bind/dist/doc/misc/roadmap
===================================================================
--- vendor/bind/dist/doc/misc/roadmap 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/roadmap 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
Copyright (C) 2000, 2001 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-$Id: roadmap,v 1.1.1.1 2013-01-30 01:44:58 laffer1 Exp $
+$Id: roadmap,v 1.2 2004/03/05 05:04:54 marka Exp $
Road Map to the BIND 9 Source Tree
Modified: vendor/bind/dist/doc/misc/sdb
===================================================================
--- vendor/bind/dist/doc/misc/sdb 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/sdb 2016-11-03 12:20:06 UTC (rev 9200)
@@ -166,4 +166,4 @@
A future release may support dynamic loading of sdb drivers.
-$Id: sdb,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+$Id: sdb,v 1.6 2004/03/05 05:04:54 marka Exp $
Modified: vendor/bind/dist/doc/misc/sort-options.pl
===================================================================
--- vendor/bind/dist/doc/misc/sort-options.pl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/misc/sort-options.pl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: sort-options.pl,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+# $Id: sort-options.pl,v 1.3 2007/09/24 23:46:48 tbox Exp $
sub sortlevel() {
my @options = ();
Modified: vendor/bind/dist/doc/xsl/Makefile.in
===================================================================
--- vendor/bind/dist/doc/xsl/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+# $Id: Makefile.in,v 1.4 2007/06/19 23:47:13 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/doc/xsl/copyright.xsl
===================================================================
--- vendor/bind/dist/doc/xsl/copyright.xsl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/copyright.xsl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: copyright.xsl,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: copyright.xsl,v 1.8 2009/07/10 23:47:58 tbox Exp $ -->
<!-- Generate ISC copyright comments from Docbook copyright metadata. -->
Modified: vendor/bind/dist/doc/xsl/isc-docbook-chunk.xsl.in
===================================================================
--- vendor/bind/dist/doc/xsl/isc-docbook-chunk.xsl.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/isc-docbook-chunk.xsl.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-docbook-chunk.xsl.in,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: isc-docbook-chunk.xsl.in,v 1.6 2007/06/19 23:47:13 tbox Exp $ -->
<!-- ISC customizations for Docbook-XSL chunked HTML generator -->
@@ -56,6 +56,10 @@
<xsl:text>
</xsl:text>
</xsl:template>
+ <xsl:template name="user.footer.navigation">
+ <p style="text-align: center;">BIND Version @PACKAGE_VERSION@</p>
+ </xsl:template>
+
</xsl:stylesheet>
<!--
Modified: vendor/bind/dist/doc/xsl/isc-docbook-html.xsl.in
===================================================================
--- vendor/bind/dist/doc/xsl/isc-docbook-html.xsl.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/isc-docbook-html.xsl.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-docbook-html.xsl.in,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: isc-docbook-html.xsl.in,v 1.6 2007/06/19 23:47:13 tbox Exp $ -->
<!-- ISC customizations for Docbook-XSL HTML generator -->
@@ -49,6 +49,10 @@
<xsl:text>
</xsl:text>
</xsl:template>
+ <xsl:template name="user.footer.navigation">
+ <p style="text-align: center;">BIND Version @PACKAGE_VERSION@</p>
+ </xsl:template>
+
</xsl:stylesheet>
<!--
Modified: vendor/bind/dist/doc/xsl/isc-docbook-latex-mappings.xml
===================================================================
--- vendor/bind/dist/doc/xsl/isc-docbook-latex-mappings.xml 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/isc-docbook-latex-mappings.xml 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-docbook-latex-mappings.xml,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: isc-docbook-latex-mappings.xml,v 1.4 2007/06/19 23:47:13 tbox Exp $ -->
<!--
- ISC modifications to db2latex mapping rules.
Modified: vendor/bind/dist/doc/xsl/isc-docbook-latex.xsl.in
===================================================================
--- vendor/bind/dist/doc/xsl/isc-docbook-latex.xsl.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/isc-docbook-latex.xsl.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-docbook-latex.xsl.in,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: isc-docbook-latex.xsl.in,v 1.9 2010/04/20 23:51:12 tbox Exp $ -->
<!-- ISC customizations for db2latex generator -->
Modified: vendor/bind/dist/doc/xsl/isc-docbook-text.xsl
===================================================================
--- vendor/bind/dist/doc/xsl/isc-docbook-text.xsl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/isc-docbook-text.xsl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-docbook-text.xsl,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: isc-docbook-text.xsl,v 1.3 2007/06/19 23:47:13 tbox Exp $ -->
<!-- Tweaks to Docbook-XSL HTML for producing flat ASCII text. -->
Modified: vendor/bind/dist/doc/xsl/isc-manpage.xsl.in
===================================================================
--- vendor/bind/dist/doc/xsl/isc-manpage.xsl.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/isc-manpage.xsl.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-manpage.xsl.in,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: isc-manpage.xsl.in,v 1.9 2007/06/18 23:47:34 tbox Exp $ -->
<!-- ISC customizations for Docbook-XSL manual page generator. -->
Modified: vendor/bind/dist/doc/xsl/pre-latex.xsl
===================================================================
--- vendor/bind/dist/doc/xsl/pre-latex.xsl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/doc/xsl/pre-latex.xsl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pre-latex.xsl,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ -->
+<!-- $Id: pre-latex.xsl,v 1.6 2007/06/19 23:47:13 tbox Exp $ -->
<!--
- Whack — into something that won't choke LaTeX.
Modified: vendor/bind/dist/lib/Atffile
===================================================================
--- vendor/bind/dist/lib/Atffile 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,3 +4,4 @@
tp: dns
tp: isc
+tp: lwres
Modified: vendor/bind/dist/lib/Makefile.in
===================================================================
--- vendor/bind/dist/lib/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $
+# $Id: Makefile.in,v 1.21 2007/06/19 23:47:13 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/bind9/Makefile.in
===================================================================
--- vendor/bind/dist/lib/bind9/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $
+# $Id: Makefile.in,v 1.14 2009/12/05 23:31:40 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -79,7 +79,7 @@
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libbind9. at A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libbind9. at A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libbind9. at A@ timestamp
Modified: vendor/bind/dist/lib/bind9/api
===================================================================
--- vendor/bind/dist/lib/bind9/api 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/api 2016-11-03 12:20:06 UTC (rev 9200)
@@ -5,5 +5,5 @@
# 9.9: 90-109
# 9.9-sub: 130-139
LIBINTERFACE = 80
-LIBREVISION = 8
+LIBREVISION = 11
LIBAGE = 0
Modified: vendor/bind/dist/lib/bind9/check.c
===================================================================
--- vendor/bind/dist/lib/bind9/check.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/check.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
-
/*! \file */
#include <config.h>
@@ -25,6 +23,7 @@
#include <isc/base64.h>
#include <isc/buffer.h>
+#include <isc/file.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/netaddr.h>
@@ -1131,7 +1130,7 @@
void *ptr;
DE_CONST(stack, ptr);
- memcpy(new, stack, oldsize);
+ memmove(new, stack, oldsize);
isc_mem_put(mctx, ptr, oldsize);
}
stack = new;
@@ -1299,64 +1298,66 @@
const cfg_listelt_t *element;
static optionstable options[] = {
+ { "allow-notify", SLAVEZONE | CHECKACL },
{ "allow-query", MASTERZONE | SLAVEZONE | STUBZONE | CHECKACL |
STATICSTUBZONE },
- { "allow-notify", SLAVEZONE | CHECKACL },
{ "allow-transfer", MASTERZONE | SLAVEZONE | CHECKACL },
- { "notify", MASTERZONE | SLAVEZONE },
+ { "allow-update", MASTERZONE | CHECKACL },
+ { "allow-update-forwarding", SLAVEZONE | CHECKACL },
{ "also-notify", MASTERZONE | SLAVEZONE },
+ { "auto-dnssec", MASTERZONE },
+ { "check-dup-records", MASTERZONE },
+ { "check-mx", MASTERZONE },
+ { "check-mx-cname", MASTERZONE },
+ { "check-srv-cname", MASTERZONE },
+ { "check-wildcard", MASTERZONE },
+ { "database", MASTERZONE | SLAVEZONE | STUBZONE },
+ { "delegation-only", HINTZONE | STUBZONE | FORWARDZONE |
+ DELEGATIONZONE },
{ "dialup", MASTERZONE | SLAVEZONE | STUBZONE },
- { "delegation-only", HINTZONE | STUBZONE | DELEGATIONZONE },
- { "forward", MASTERZONE | SLAVEZONE | STUBZONE |
- STATICSTUBZONE | FORWARDZONE },
- { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE |
- STATICSTUBZONE | FORWARDZONE },
+ { "dnssec-dnskey-kskonly", MASTERZONE },
+ { "dnssec-secure-to-insecure", MASTERZONE },
+ { "file", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE },
+ { "forward", MASTERZONE | SLAVEZONE | STUBZONE | STATICSTUBZONE |
+ FORWARDZONE },
+ { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | STATICSTUBZONE |
+ FORWARDZONE },
+ { "integrity-check", MASTERZONE },
+ { "ixfr-base", MASTERZONE | SLAVEZONE },
+ { "ixfr-tmp-file", MASTERZONE | SLAVEZONE },
+ { "journal", MASTERZONE | SLAVEZONE },
+ { "key-directory", MASTERZONE },
{ "maintain-ixfr-base", MASTERZONE | SLAVEZONE },
+ { "masterfile-format", MASTERZONE | SLAVEZONE | STUBZONE },
+ { "masters", SLAVEZONE | STUBZONE },
{ "max-ixfr-log-size", MASTERZONE | SLAVEZONE },
- { "notify-source", MASTERZONE | SLAVEZONE },
- { "notify-source-v6", MASTERZONE | SLAVEZONE },
- { "transfer-source", SLAVEZONE | STUBZONE },
- { "transfer-source-v6", SLAVEZONE | STUBZONE },
+ { "max-refresh-time", SLAVEZONE | STUBZONE },
+ { "max-retry-time", SLAVEZONE | STUBZONE },
+ { "max-transfer-idle-in", SLAVEZONE | STUBZONE },
+ { "max-transfer-idle-out", MASTERZONE | SLAVEZONE },
{ "max-transfer-time-in", SLAVEZONE | STUBZONE },
{ "max-transfer-time-out", MASTERZONE | SLAVEZONE },
- { "max-transfer-idle-in", SLAVEZONE | STUBZONE },
- { "max-transfer-idle-out", MASTERZONE | SLAVEZONE },
- { "max-retry-time", SLAVEZONE | STUBZONE },
+ { "min-refresh-time", SLAVEZONE | STUBZONE },
{ "min-retry-time", SLAVEZONE | STUBZONE },
- { "max-refresh-time", SLAVEZONE | STUBZONE },
- { "min-refresh-time", SLAVEZONE | STUBZONE },
- { "dnssec-secure-to-insecure", MASTERZONE },
- { "sig-validity-interval", MASTERZONE },
+ { "notify", MASTERZONE | SLAVEZONE },
+ { "notify-source", MASTERZONE | SLAVEZONE },
+ { "notify-source-v6", MASTERZONE | SLAVEZONE },
+ { "pubkey", MASTERZONE | SLAVEZONE | STUBZONE },
+ { "request-ixfr", SLAVEZONE },
+ { "server-addresses", STATICSTUBZONE },
+ { "server-names", STATICSTUBZONE },
{ "sig-re-signing-interval", MASTERZONE },
{ "sig-signing-nodes", MASTERZONE },
+ { "sig-signing-signatures", MASTERZONE },
{ "sig-signing-type", MASTERZONE },
- { "sig-signing-signatures", MASTERZONE },
+ { "sig-validity-interval", MASTERZONE },
+ { "transfer-source", SLAVEZONE | STUBZONE },
+ { "transfer-source-v6", SLAVEZONE | STUBZONE },
+ { "try-tcp-refresh", SLAVEZONE },
+ { "update-check-ksk", MASTERZONE },
+ { "update-policy", MASTERZONE },
{ "zone-statistics", MASTERZONE | SLAVEZONE | STUBZONE |
- STATICSTUBZONE},
- { "allow-update", MASTERZONE | CHECKACL },
- { "allow-update-forwarding", SLAVEZONE | CHECKACL },
- { "file", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE },
- { "journal", MASTERZONE | SLAVEZONE },
- { "ixfr-base", MASTERZONE | SLAVEZONE },
- { "ixfr-tmp-file", MASTERZONE | SLAVEZONE },
- { "masters", SLAVEZONE | STUBZONE },
- { "pubkey", MASTERZONE | SLAVEZONE | STUBZONE },
- { "update-policy", MASTERZONE },
- { "database", MASTERZONE | SLAVEZONE | STUBZONE },
- { "key-directory", MASTERZONE },
- { "check-wildcard", MASTERZONE },
- { "check-mx", MASTERZONE },
- { "check-dup-records", MASTERZONE },
- { "integrity-check", MASTERZONE },
- { "check-mx-cname", MASTERZONE },
- { "check-srv-cname", MASTERZONE },
- { "masterfile-format", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE },
- { "update-check-ksk", MASTERZONE },
- { "dnssec-dnskey-kskonly", MASTERZONE },
- { "auto-dnssec", MASTERZONE },
- { "try-tcp-refresh", SLAVEZONE },
- { "server-addresses", STATICSTUBZONE },
- { "server-names", STATICSTUBZONE },
+ STATICSTUBZONE },
};
static optionstable dialups[] = {
@@ -1526,12 +1527,13 @@
* Master zones can't have both "allow-update" and "update-policy".
*/
if (ztype == MASTERZONE) {
+ isc_boolean_t ddns = ISC_FALSE;
isc_result_t res1, res2, res3;
+ const cfg_obj_t *au = NULL;
const char *arg;
- isc_boolean_t ddns;
obj = NULL;
- res1 = cfg_map_get(zoptions, "allow-update", &obj);
+ res1 = cfg_map_get(zoptions, "allow-update", &au);
obj = NULL;
res2 = cfg_map_get(zoptions, "update-policy", &obj);
if (res1 == ISC_R_SUCCESS && res2 == ISC_R_SUCCESS) {
@@ -1540,12 +1542,42 @@
"when 'update-policy' is present",
znamestr);
result = ISC_R_FAILURE;
- } else if (res2 == ISC_R_SUCCESS &&
- check_update_policy(obj, logctx) != ISC_R_SUCCESS)
- result = ISC_R_FAILURE;
- ddns = ISC_TF(res1 == ISC_R_SUCCESS || res2 == ISC_R_SUCCESS);
+ } else if (res2 == ISC_R_SUCCESS) {
+ res3 = check_update_policy(obj, logctx);
+ if (res3 != ISC_R_SUCCESS)
+ result = ISC_R_FAILURE;
+ }
+ /*
+ * To determine whether auto-dnssec is allowed,
+ * we should also check for allow-update at the
+ * view and options levels.
+ */
obj = NULL;
+ if (res1 != ISC_R_SUCCESS && voptions != NULL)
+ res1 = cfg_map_get(voptions, "allow-update", &au);
+ if (res1 != ISC_R_SUCCESS && goptions != NULL)
+ res1 = cfg_map_get(goptions, "allow-update", &au);
+
+ if (res2 == ISC_R_SUCCESS)
+ ddns = ISC_TRUE;
+ else if (res1 == ISC_R_SUCCESS) {
+ dns_acl_t *acl = NULL;
+ res1 = cfg_acl_fromconfig(au, config, logctx,
+ actx, mctx, 0, &acl);
+ if (res1 != ISC_R_SUCCESS) {
+ cfg_obj_log(au, logctx, ISC_LOG_ERROR,
+ "acl expansion failed: %s",
+ isc_result_totext(result));
+ result = ISC_R_FAILURE;
+ } else if (acl != NULL) {
+ if (!dns_acl_isnone(acl))
+ ddns = ISC_TRUE;
+ dns_acl_detach(&acl);
+ }
+ }
+
+ obj = NULL;
arg = "off";
res3 = cfg_map_get(zoptions, "auto-dnssec", &obj);
if (res3 == ISC_R_SUCCESS)
@@ -1557,12 +1589,6 @@
arg);
result = ISC_R_FAILURE;
}
- if (strcasecmp(arg, "create") == 0) {
- cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
- "'auto-dnssec create;' is not "
- "yet implemented");
- result = ISC_R_FAILURE;
- }
obj = NULL;
res1 = cfg_map_get(zoptions, "sig-signing-type", &obj);
@@ -1701,6 +1727,35 @@
}
/*
+ * Warn if key-directory doesn't exist
+ */
+ obj = NULL;
+ tresult = cfg_map_get(zoptions, "key-directory", &obj);
+ if (tresult == ISC_R_SUCCESS) {
+ const char *dir = cfg_obj_asstring(obj);
+ tresult = isc_file_isdirectory(dir);
+ switch (tresult) {
+ case ISC_R_SUCCESS:
+ break;
+ case ISC_R_FILENOTFOUND:
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "key-directory: '%s' does not exist",
+ dir);
+ break;
+ case ISC_R_INVALIDFILE:
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "key-directory: '%s' is not a directory",
+ dir);
+ break;
+ default:
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "key-directory: '%s' %s",
+ dir, isc_result_totext(tresult));
+ result = tresult;
+ }
+ }
+
+ /*
* Check various options.
*/
tresult = check_options(zoptions, logctx, mctx, optlevel_zone);
Modified: vendor/bind/dist/lib/bind9/getaddresses.c
===================================================================
--- vendor/bind/dist/lib/bind9/getaddresses.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/getaddresses.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getaddresses.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
@@ -107,7 +107,7 @@
result = isc_netscope_pton(AF_INET6, d + 1,
&in6, &zone);
-
+
if (result != ISC_R_SUCCESS)
return (result);
#else
@@ -129,7 +129,6 @@
*addrcount = 1;
return (ISC_R_SUCCESS);
-
}
}
#ifdef USE_GETADDRINFO
Modified: vendor/bind/dist/lib/bind9/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/bind9/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+# $Id: Makefile.in,v 1.4 2007/06/19 23:47:16 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/bind9/include/bind9/Makefile.in
===================================================================
--- vendor/bind/dist/lib/bind9/include/bind9/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/include/bind9/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+# $Id: Makefile.in,v 1.8 2007/06/19 23:47:16 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/bind9/include/bind9/check.h
===================================================================
--- vendor/bind/dist/lib/bind9/include/bind9/check.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/include/bind9/check.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: check.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */
#ifndef BIND9_CHECK_H
#define BIND9_CHECK_H 1
Modified: vendor/bind/dist/lib/bind9/include/bind9/getaddresses.h
===================================================================
--- vendor/bind/dist/lib/bind9/include/bind9/getaddresses.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/include/bind9/getaddresses.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getaddresses.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: getaddresses.h,v 1.11 2009/01/17 23:47:42 tbox Exp $ */
#ifndef BIND9_GETADDRESSES_H
#define BIND9_GETADDRESSES_H 1
Modified: vendor/bind/dist/lib/bind9/include/bind9/version.h
===================================================================
--- vendor/bind/dist/lib/bind9/include/bind9/version.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/include/bind9/version.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: version.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */
/*! \file bind9/version.h */
Modified: vendor/bind/dist/lib/bind9/version.c
===================================================================
--- vendor/bind/dist/lib/bind9/version.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/bind9/version.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: version.c,v 1.8 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/Makefile.in
===================================================================
--- vendor/bind/dist/lib/dns/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -138,7 +138,7 @@
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns. at A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns. at A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libdns. at A@ timestamp
Modified: vendor/bind/dist/lib/dns/acache.c
===================================================================
--- vendor/bind/dist/lib/dns/acache.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/acache.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: acache.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id: acache.c,v 1.22 2008/02/07 23:46:54 tbox Exp $ */
#include <config.h>
@@ -1669,7 +1669,6 @@
REQUIRE(DNS_ACACHEENTRY_VALID(entry));
acache = entry->acache;
- callback_active = ISC_TF(entry->cbarg != NULL);
INSIST(DNS_ACACHE_VALID(entry->acache));
@@ -1676,6 +1675,8 @@
LOCK(&acache->lock);
ACACHE_LOCK(&acache->entrylocks[entry->locknum], isc_rwlocktype_write);
+ callback_active = ISC_TF(entry->cbarg != NULL);
+
/*
* Release dependencies stored in this entry as much as possible.
* The main link cannot be released, since the acache object has
Modified: vendor/bind/dist/lib/dns/acl.c
===================================================================
--- vendor/bind/dist/lib/dns/acl.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/acl.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: acl.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -287,9 +287,12 @@
if (newmem == NULL)
return (ISC_R_NOMEMORY);
+ /* Zero. */
+ memset(newmem, 0, newalloc * sizeof(dns_aclelement_t));
+
/* Copy in the original elements */
- memcpy(newmem, dest->elements,
- dest->length * sizeof(dns_aclelement_t));
+ memmove(newmem, dest->elements,
+ dest->length * sizeof(dns_aclelement_t));
/* Release the memory for the old elements array */
isc_mem_put(dest->mctx, dest->elements,
Modified: vendor/bind/dist/lib/dns/adb.c
===================================================================
--- vendor/bind/dist/lib/dns/adb.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/adb.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: adb.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
-
/*! \file
*
* \note
@@ -157,7 +155,7 @@
unsigned int *entry_refcnt;
isc_event_t cevent;
- isc_boolean_t cevent_sent;
+ isc_boolean_t cevent_out;
isc_boolean_t shutting_down;
isc_eventlist_t whenshutdown;
isc_event_t growentries;
@@ -245,6 +243,7 @@
isc_sockaddr_t sockaddr;
isc_stdtime_t expires;
+ isc_stdtime_t lastage;
/*%<
* A nonzero 'expires' field indicates that the entry should
* persist until that time. This allows entries found
@@ -321,6 +320,9 @@
static isc_boolean_t kill_name(dns_adbname_t **, isc_eventtype_t);
static void water(void *, int);
static void dump_entry(FILE *, dns_adbentry_t *, isc_boolean_t, isc_stdtime_t);
+static void adjustsrtt(dns_adbaddrinfo_t *addr, unsigned int rtt,
+ unsigned int factor, isc_stdtime_t now);
+static void shutdown_task(isc_task_t *task, isc_event_t *ev);
/*
* MUST NOT overlap DNS_ADBFIND_* flags!
@@ -344,7 +346,7 @@
* Private flag(s) for entries.
* MUST NOT overlap FCTX_ADDRINFO_xxx and DNS_FETCHOPT_NOEDNS0.
*/
-#define ENTRY_IS_DEAD 0x80000000
+#define ENTRY_IS_DEAD 0x00400000
/*
* To the name, address classes are all that really exist. If it has a
@@ -852,12 +854,12 @@
dns_rdataset_current(rdataset, &rdata);
if (rdtype == dns_rdatatype_a) {
INSIST(rdata.length == 4);
- memcpy(&ina.s_addr, rdata.data, 4);
+ memmove(&ina.s_addr, rdata.data, 4);
isc_sockaddr_fromin(&sockaddr, &ina, 0);
hookhead = &adbname->v4;
} else {
INSIST(rdata.length == 16);
- memcpy(in6a.s6_addr, rdata.data, 16);
+ memmove(in6a.s6_addr, rdata.data, 16);
isc_sockaddr_fromin6(&sockaddr, &in6a, 0);
hookhead = &adbname->v6;
}
@@ -1498,10 +1500,13 @@
* If there aren't any external references either, we're
* done. Send the control event to initiate shutdown.
*/
- INSIST(!adb->cevent_sent); /* Sanity check. */
+ INSIST(!adb->cevent_out); /* Sanity check. */
+ ISC_EVENT_INIT(&adb->cevent, sizeof(adb->cevent), 0, NULL,
+ DNS_EVENT_ADBCONTROL, shutdown_task, adb,
+ adb, NULL, NULL);
event = &adb->cevent;
isc_task_send(adb->task, &event);
- adb->cevent_sent = ISC_TRUE;
+ adb->cevent_out = ISC_TRUE;
}
}
@@ -1756,6 +1761,7 @@
e->flags = 0;
isc_random_get(&r);
e->srtt = (r & 0x1f) + 1;
+ e->lastage = 0;
e->expires = 0;
ISC_LIST_INIT(e->lameinfo);
ISC_LINK_INIT(e, plink);
@@ -2430,10 +2436,9 @@
adb->view = view;
adb->taskmgr = taskmgr;
adb->next_cleanbucket = 0;
- ISC_EVENT_INIT(&adb->cevent, sizeof(adb->cevent), 0, NULL,
- DNS_EVENT_ADBCONTROL, shutdown_task, adb,
- adb, NULL, NULL);
- adb->cevent_sent = ISC_FALSE;
+ ISC_EVENT_INIT(&adb->cevent, sizeof(adb->cevent),
+ 0, NULL, 0, NULL, NULL, NULL, NULL, NULL);
+ adb->cevent_out = ISC_FALSE;
adb->shutting_down = ISC_FALSE;
ISC_LIST_INIT(adb->whenshutdown);
@@ -2467,7 +2472,7 @@
"intializing table sizes to %u\n",
nbuckets[11]);
adb->nentries = nbuckets[11];
- adb->nnames= nbuckets[11];
+ adb->nnames = nbuckets[11];
}
@@ -2740,9 +2745,28 @@
UNLOCK(&adb->lock);
}
+static void
+shutdown_stage2(isc_task_t *task, isc_event_t *event) {
+ dns_adb_t *adb;
+
+ UNUSED(task);
+
+ adb = event->ev_arg;
+ INSIST(DNS_ADB_VALID(adb));
+
+ LOCK(&adb->lock);
+ INSIST(adb->shutting_down);
+ adb->cevent_out = ISC_FALSE;
+ (void)shutdown_names(adb);
+ (void)shutdown_entries(adb);
+ if (dec_adb_irefcnt(adb))
+ check_exit(adb);
+ UNLOCK(&adb->lock);
+}
+
void
dns_adb_shutdown(dns_adb_t *adb) {
- isc_boolean_t need_check_exit;
+ isc_event_t *event;
/*
* Shutdown 'adb'.
@@ -2753,11 +2777,16 @@
if (!adb->shutting_down) {
adb->shutting_down = ISC_TRUE;
isc_mem_setwater(adb->mctx, water, adb, 0, 0);
- need_check_exit = shutdown_names(adb);
- if (!need_check_exit)
- need_check_exit = shutdown_entries(adb);
- if (need_check_exit)
- check_exit(adb);
+ /*
+ * Isolate shutdown_names and shutdown_entries calls.
+ */
+ inc_adb_irefcnt(adb);
+ ISC_EVENT_INIT(&adb->cevent, sizeof(adb->cevent), 0, NULL,
+ DNS_EVENT_ADBCONTROL, shutdown_stage2, adb,
+ adb, NULL, NULL);
+ adb->cevent_out = ISC_TRUE;
+ event = &adb->cevent;
+ isc_task_send(adb->task, &event);
}
UNLOCK(&adb->lock);
@@ -3912,8 +3941,7 @@
unsigned int rtt, unsigned int factor)
{
int bucket;
- unsigned int new_srtt;
- isc_stdtime_t now;
+ isc_stdtime_t now = 0;
REQUIRE(DNS_ADB_VALID(adb));
REQUIRE(DNS_ADBADDRINFO_VALID(addr));
@@ -3922,21 +3950,53 @@
bucket = addr->entry->lock_bucket;
LOCK(&adb->entrylocks[bucket]);
- if (factor == DNS_ADB_RTTADJAGE)
- new_srtt = addr->entry->srtt * 98 / 100;
- else
+ if (addr->entry->expires == 0 || factor == DNS_ADB_RTTADJAGE)
+ isc_stdtime_get(&now);
+ adjustsrtt(addr, rtt, factor, now);
+
+ UNLOCK(&adb->entrylocks[bucket]);
+}
+
+void
+dns_adb_agesrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr, isc_stdtime_t now) {
+ int bucket;
+
+ REQUIRE(DNS_ADB_VALID(adb));
+ REQUIRE(DNS_ADBADDRINFO_VALID(addr));
+
+ bucket = addr->entry->lock_bucket;
+ LOCK(&adb->entrylocks[bucket]);
+
+ adjustsrtt(addr, 0, DNS_ADB_RTTADJAGE, now);
+
+ UNLOCK(&adb->entrylocks[bucket]);
+}
+
+static void
+adjustsrtt(dns_adbaddrinfo_t *addr, unsigned int rtt, unsigned int factor,
+ isc_stdtime_t now)
+{
+ isc_uint64_t new_srtt;
+
+ if (factor == DNS_ADB_RTTADJAGE) {
+ if (addr->entry->lastage != now) {
+ new_srtt = addr->entry->srtt;
+ new_srtt <<= 9;
+ new_srtt -= addr->entry->srtt;
+ new_srtt >>= 9;
+ addr->entry->lastage = now;
+ } else
+ new_srtt = addr->entry->srtt;
+ } else
new_srtt = (addr->entry->srtt / 10 * factor)
+ (rtt / 10 * (10 - factor));
- addr->entry->srtt = new_srtt;
- addr->srtt = new_srtt;
+ new_srtt &= 0xffffffff;
+ addr->entry->srtt = (unsigned int) new_srtt;
+ addr->srtt = (unsigned int) new_srtt;
- if (addr->entry->expires == 0) {
- isc_stdtime_get(&now);
+ if (addr->entry->expires == 0)
addr->entry->expires = now + ADB_ENTRY_WINDOW;
- }
-
- UNLOCK(&adb->entrylocks[bucket]);
}
void
@@ -3949,6 +4009,9 @@
REQUIRE(DNS_ADB_VALID(adb));
REQUIRE(DNS_ADBADDRINFO_VALID(addr));
+ REQUIRE((bits & ENTRY_IS_DEAD) == 0);
+ REQUIRE((mask & ENTRY_IS_DEAD) == 0);
+
bucket = addr->entry->lock_bucket;
LOCK(&adb->entrylocks[bucket]);
Modified: vendor/bind/dist/lib/dns/api
===================================================================
--- vendor/bind/dist/lib/dns/api 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/api 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,6 +4,6 @@
# 9.8: 80-89, 120-129
# 9.9: 90-109
# 9.9-sub: 130-139
-LIBINTERFACE = 122
-LIBREVISION = 1
+LIBINTERFACE = 126
+LIBREVISION = 3
LIBAGE = 0
Modified: vendor/bind/dist/lib/dns/byaddr.c
===================================================================
--- vendor/bind/dist/lib/dns/byaddr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/byaddr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: byaddr.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: byaddr.c,v 1.41 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/cache.c
===================================================================
--- vendor/bind/dist/lib/dns/cache.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/cache.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cache.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/callbacks.c
===================================================================
--- vendor/bind/dist/lib/dns/callbacks.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/callbacks.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: callbacks.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/client.c
===================================================================
--- vendor/bind/dist/lib/dns/client.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/client.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -1094,11 +1094,23 @@
UNLOCK(&rctx->lock);
}
+
static void
+suspend(isc_task_t *task, isc_event_t *event) {
+ isc_appctx_t *actx = event->ev_arg;
+
+ UNUSED(task);
+
+ isc_app_ctxsuspend(actx);
+ isc_event_free(&event);
+}
+
+static void
resolve_done(isc_task_t *task, isc_event_t *event) {
resarg_t *resarg = event->ev_arg;
dns_clientresevent_t *rev = (dns_clientresevent_t *)event;
dns_name_t *name;
+ isc_result_t result;
UNUSED(task);
@@ -1117,8 +1129,16 @@
if (!resarg->canceled) {
UNLOCK(&resarg->lock);
- /* Exit from the internal event loop */
- isc_app_ctxsuspend(resarg->actx);
+ /*
+ * We may or may not be running. isc__appctx_onrun will
+ * fail if we are currently running otherwise we post a
+ * action to call isc_app_ctxsuspend when we do start
+ * running.
+ */
+ result = isc_app_ctxonrun(resarg->actx, resarg->client->mctx,
+ task, suspend, resarg->actx);
+ if (result == ISC_R_ALREADYRUNNING)
+ isc_app_ctxsuspend(resarg->actx);
} else {
/*
* We have already exited from the loop (due to some
@@ -1310,10 +1330,9 @@
ISC_LIST_APPEND(client->resctxs, rctx, link);
UNLOCK(&client->lock);
+ *transp = (dns_clientrestrans_t *)rctx;
client_resfind(rctx, NULL);
- *transp = (dns_clientrestrans_t *)rctx;
-
return (ISC_R_SUCCESS);
cleanup:
Modified: vendor/bind/dist/lib/dns/compress.c
===================================================================
--- vendor/bind/dist/lib/dns/compress.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/compress.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: compress.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: compress.c,v 1.59 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/db.c
===================================================================
--- vendor/bind/dist/lib/dns/db.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/db.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: db.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/dbiterator.c
===================================================================
--- vendor/bind/dist/lib/dns/dbiterator.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dbiterator.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dbiterator.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: dbiterator.c,v 1.18 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/dbtable.c
===================================================================
--- vendor/bind/dist/lib/dns/dbtable.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dbtable.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -16,7 +16,7 @@
*/
/*
- * $Id: dbtable.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+ * $Id: dbtable.c,v 1.33 2007/06/19 23:47:16 tbox Exp $
*/
/*! \file
Modified: vendor/bind/dist/lib/dns/diff.c
===================================================================
--- vendor/bind/dist/lib/dns/diff.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/diff.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: diff.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -78,7 +78,7 @@
datap = (unsigned char *)(t + 1);
- memcpy(datap, name->ndata, name->length);
+ memmove(datap, name->ndata, name->length);
dns_name_init(&t->name, NULL);
dns_name_clone(name, &t->name);
t->name.ndata = datap;
@@ -86,7 +86,7 @@
t->ttl = ttl;
- memcpy(datap, rdata->data, rdata->length);
+ memmove(datap, rdata->data, rdata->length);
dns_rdata_init(&t->rdata);
dns_rdata_clone(rdata, &t->rdata);
t->rdata.data = datap;
@@ -373,15 +373,6 @@
diff->resign);
dns_db_setsigningtime(db, modified,
resign);
- if (diff->resign == 0 &&
- (op == DNS_DIFFOP_ADDRESIGN ||
- op == DNS_DIFFOP_DELRESIGN))
- isc_log_write(
- DIFF_COMMON_LOGARGS,
- ISC_LOG_WARNING,
- "resign requested "
- "with 0 resign "
- "interval");
}
} else if (result == DNS_R_UNCHANGED) {
/*
Modified: vendor/bind/dist/lib/dns/dispatch.c
===================================================================
--- vendor/bind/dist/lib/dns/dispatch.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dispatch.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dispatch.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -695,8 +695,8 @@
/*
* Called when refcount reaches 0 (and safe to destroy).
*
- * The dispatcher must not be locked.
- * The manager must be locked.
+ * The dispatcher must be locked.
+ * The manager must not be locked.
*/
static void
destroy_disp(isc_task_t *task, isc_event_t *event) {
@@ -813,6 +813,7 @@
{
dispsocket_t *dispsock;
+ REQUIRE(VALID_QID(qid));
REQUIRE(bucket < qid->qid_nbuckets);
dispsock = ISC_LIST_HEAD(qid->sock_table[bucket]);
@@ -1046,6 +1047,7 @@
{
dns_dispentry_t *res;
+ REQUIRE(VALID_QID(qid));
REQUIRE(bucket < qid->qid_nbuckets);
res = ISC_LIST_HEAD(qid->qid_table[bucket]);
@@ -1243,8 +1245,8 @@
} else {
free_buffer(disp, ev->region.base, ev->region.length);
+ isc_event_free(&ev_in);
UNLOCK(&disp->lock);
- isc_event_free(&ev_in);
return;
}
} else if (ev->result != ISC_R_SUCCESS) {
@@ -1255,8 +1257,8 @@
"odd socket result in udp_recv(): %s",
isc_result_totext(ev->result));
+ isc_event_free(&ev_in);
UNLOCK(&disp->lock);
- isc_event_free(&ev_in);
return;
}
@@ -1430,9 +1432,8 @@
*/
deactivate_dispsocket(disp, dispsock);
}
+ isc_event_free(&ev_in);
UNLOCK(&disp->lock);
-
- isc_event_free(&ev_in);
}
/*
@@ -1614,9 +1615,8 @@
restart:
(void)startrecv(disp, NULL);
+ isc_event_free(&ev_in);
UNLOCK(&disp->lock);
-
- isc_event_free(&ev_in);
}
/*
@@ -2507,8 +2507,7 @@
* MUST be unlocked, and not used by anything.
*/
static void
-dispatch_free(dns_dispatch_t **dispp)
-{
+dispatch_free(dns_dispatch_t **dispp) {
dns_dispatch_t *disp;
dns_dispatchmgr_t *mgr;
int i;
@@ -3110,9 +3109,10 @@
* Try somewhat hard to find an unique ID.
*/
id = (dns_messageid_t)dispatch_random(DISP_ARC4CTX(disp));
- bucket = dns_hash(qid, dest, id, localport);
ok = ISC_FALSE;
- for (i = 0; i < 64; i++) {
+ i = 0;
+ do {
+ bucket = dns_hash(qid, dest, id, localport);
if (entry_search(qid, dest, id, localport, bucket) == NULL) {
ok = ISC_TRUE;
break;
@@ -3119,8 +3119,7 @@
}
id += qid->qid_increment;
id &= 0x0000ffff;
- bucket = dns_hash(qid, dest, id, localport);
- }
+ } while (i++ < 64);
if (!ok) {
UNLOCK(&qid->lock);
@@ -3131,9 +3130,9 @@
res = isc_mempool_get(disp->mgr->rpool);
if (res == NULL) {
UNLOCK(&qid->lock);
- UNLOCK(&disp->lock);
if (dispsocket != NULL)
destroy_dispsocket(disp, &dispsocket);
+ UNLOCK(&disp->lock);
return (ISC_R_NOMEMORY);
}
@@ -3506,7 +3505,7 @@
isc_event_free(ISC_EVENT_PTR(&newsevent));
return;
}
- memcpy(buf, sevent->region.base, sevent->n);
+ memmove(buf, sevent->region.base, sevent->n);
newsevent->region.base = buf;
newsevent->region.length = disp->mgr->buffersize;
newsevent->n = sevent->n;
Modified: vendor/bind/dist/lib/dns/dlz.c
===================================================================
--- vendor/bind/dist/lib/dns/dlz.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dlz.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -50,7 +50,7 @@
* USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dlz.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/dns64.c
===================================================================
--- vendor/bind/dist/lib/dns/dns64.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dns64.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dns64.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -63,7 +63,7 @@
unsigned int nbytes = 16;
REQUIRE(prefix != NULL && prefix->family == AF_INET6);
- /* Legal prefix lengths from draft-ietf-behave-address-format-04. */
+ /* Legal prefix lengths from rfc6052.txt. */
REQUIRE(prefixlen == 32 || prefixlen == 40 || prefixlen == 48 ||
prefixlen == 56 || prefixlen == 64 || prefixlen == 96);
REQUIRE(isc_netaddr_prefixok(prefix, prefixlen) == ISC_R_SUCCESS);
@@ -73,7 +73,7 @@
static const unsigned char zeros[16];
REQUIRE(prefix->family == AF_INET6);
nbytes = prefixlen / 8 + 4;
- /* Bits 64-71 are zeros. draft-ietf-behave-address-format-04 */
+ /* Bits 64-71 are zeros. rfc6052.txt */
if (prefixlen >= 32 && prefixlen <= 64)
nbytes++;
REQUIRE(memcmp(suffix->type.in6.s6_addr, zeros, nbytes) == 0);
@@ -83,10 +83,10 @@
if (new == NULL)
return (ISC_R_NOMEMORY);
memset(new->bits, 0, sizeof(new->bits));
- memcpy(new->bits, prefix->type.in6.s6_addr, prefixlen / 8);
+ memmove(new->bits, prefix->type.in6.s6_addr, prefixlen / 8);
if (suffix != NULL)
- memcpy(new->bits + nbytes, suffix->type.in6.s6_addr + nbytes,
- 16 - nbytes);
+ memmove(new->bits + nbytes, suffix->type.in6.s6_addr + nbytes,
+ 16 - nbytes);
new->clients = NULL;
if (clients != NULL)
dns_acl_attach(clients, &new->clients);
@@ -155,7 +155,7 @@
struct in_addr ina;
isc_netaddr_t netaddr;
- memcpy(&ina.s_addr, a, 4);
+ memmove(&ina.s_addr, a, 4);
isc_netaddr_fromin(&netaddr, &ina);
result = dns_acl_match(&netaddr, NULL, dns64->mapped, env,
&match, NULL);
@@ -168,19 +168,19 @@
nbytes = dns64->prefixlen / 8;
INSIST(nbytes <= 12);
/* Copy prefix. */
- memcpy(aaaa, dns64->bits, nbytes);
- /* Bits 64-71 are zeros. draft-ietf-behave-address-format-04 */
+ memmove(aaaa, dns64->bits, nbytes);
+ /* Bits 64-71 are zeros. rfc6052.txt */
if (nbytes == 8)
aaaa[nbytes++] = 0;
/* Copy mapped address. */
for (i = 0; i < 4U; i++) {
aaaa[nbytes++] = a[i];
- /* Bits 64-71 are zeros. draft-ietf-behave-address-format-04 */
+ /* Bits 64-71 are zeros. rfc6052.txt */
if (nbytes == 8)
aaaa[nbytes++] = 0;
}
/* Copy suffix. */
- memcpy(aaaa + nbytes, dns64->bits + nbytes, 16 - nbytes);
+ memmove(aaaa + nbytes, dns64->bits + nbytes, 16 - nbytes);
return (ISC_R_SUCCESS);
}
@@ -268,7 +268,7 @@
if (aaaaok == NULL || !aaaaok[i]) {
dns_rdataset_current(rdataset, &rdata);
- memcpy(&in6.s6_addr, rdata.data, 16);
+ memmove(&in6.s6_addr, rdata.data, 16);
isc_netaddr_fromin6(&netaddr, &in6);
result = dns_acl_match(&netaddr, NULL,
Modified: vendor/bind/dist/lib/dns/dnssec.c
===================================================================
--- vendor/bind/dist/lib/dns/dnssec.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dnssec.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -16,7 +16,7 @@
*/
/*
- * $Id: dnssec.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $
+ * $Id$
*/
/*! \file */
@@ -295,7 +295,7 @@
* Create an envelope for each rdata: <name|type|class|ttl>.
*/
isc_buffer_init(&envbuf, data, sizeof(data));
- memcpy(data, r.base, r.length);
+ memmove(data, r.base, r.length);
isc_buffer_add(&envbuf, r.length);
isc_buffer_putuint16(&envbuf, set->type);
isc_buffer_putuint16(&envbuf, set->rdclass);
@@ -492,10 +492,10 @@
if (labels - sig.labels > 0) {
isc_buffer_putuint8(&envbuf, 1);
isc_buffer_putuint8(&envbuf, '*');
- memcpy(data + 2, r.base, r.length);
+ memmove(data + 2, r.base, r.length);
}
else
- memcpy(data, r.base, r.length);
+ memmove(data, r.base, r.length);
isc_buffer_add(&envbuf, r.length);
isc_buffer_putuint16(&envbuf, set->type);
isc_buffer_putuint16(&envbuf, set->rdclass);
@@ -753,6 +753,7 @@
* If a key is marked inactive, skip it
*/
if (!key_active(keys[count], now)) {
+ dst_key_setinactive(pubkey, ISC_TRUE);
dst_key_free(&keys[count]);
keys[count] = pubkey;
pubkey = NULL;
@@ -1021,14 +1022,14 @@
/*
* Extract the header.
*/
- memcpy(header, source_r.base, DNS_MESSAGE_HEADERLEN);
+ memmove(header, source_r.base, DNS_MESSAGE_HEADERLEN);
/*
* Decrement the additional field counter.
*/
- memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
+ memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
addcount = htons((isc_uint16_t)(ntohs(addcount) - 1));
- memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
+ memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
/*
* Digest the modified header.
@@ -1228,7 +1229,10 @@
/* Metadata says activate (so we must also publish) */
if (actset && active <= now) {
key->hint_sign = ISC_TRUE;
- key->hint_publish = ISC_TRUE;
+
+ /* Only publish if publish time has already passed. */
+ if (pubset && publish <= now)
+ key->hint_publish = ISC_TRUE;
}
/*
@@ -1490,7 +1494,7 @@
const char *directory, isc_mem_t *mctx,
dns_rdataset_t *keyset, dns_rdataset_t *keysigs,
dns_rdataset_t *soasigs, isc_boolean_t savekeys,
- isc_boolean_t public,
+ isc_boolean_t publickey,
dns_dnsseckeylist_t *keylist)
{
dns_rdataset_t keys;
@@ -1518,7 +1522,7 @@
if (!dns_name_equal(origin, dst_key_name(pubkey)))
goto skip;
- if (public) {
+ if (publickey) {
RETERR(addkey(keylist, &pubkey, savekeys, mctx));
goto skip;
}
Modified: vendor/bind/dist/lib/dns/ds.c
===================================================================
--- vendor/bind/dist/lib/dns/ds.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/ds.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ds.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: ds.c,v 1.13 2010/12/23 23:47:08 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/dst_api.c
===================================================================
--- vendor/bind/dist/lib/dns/dst_api.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dst_api.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $
+ * $Id$
*/
/*! \file */
@@ -1291,10 +1291,27 @@
key->times[i] = 0;
key->timeset[i] = ISC_FALSE;
}
+ key->inactive = ISC_FALSE;
key->magic = KEY_MAGIC;
return (key);
}
+isc_boolean_t
+dst_key_inactive(const dst_key_t *key) {
+
+ REQUIRE(VALID_KEY(key));
+
+ return (key->inactive);
+}
+
+void
+dst_key_setinactive(dst_key_t *key, isc_boolean_t inactive) {
+
+ REQUIRE(VALID_KEY(key));
+
+ key->inactive = inactive;
+}
+
/*%
* Reads a public key from disk
*/
Modified: vendor/bind/dist/lib/dns/dst_internal.h
===================================================================
--- vendor/bind/dist/lib/dns/dst_internal.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dst_internal.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst_internal.h,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
#ifndef DST_DST_INTERNAL_H
#define DST_DST_INTERNAL_H 1
@@ -125,6 +125,8 @@
isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< data set? */
isc_stdtime_t nums[DST_MAX_NUMERIC + 1]; /*%< numeric metadata */
isc_boolean_t numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
+ isc_boolean_t inactive; /*%< private key not present as it is
+ inactive */
int fmt_major; /*%< private key format, major version */
int fmt_minor; /*%< private key format, minor version */
Modified: vendor/bind/dist/lib/dns/dst_lib.c
===================================================================
--- vendor/bind/dist/lib/dns/dst_lib.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dst_lib.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: dst_lib.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+ * $Id: dst_lib.c,v 1.5 2007/06/19 23:47:16 tbox Exp $
*/
/*! \file */
Modified: vendor/bind/dist/lib/dns/dst_openssl.h
===================================================================
--- vendor/bind/dist/lib/dns/dst_openssl.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dst_openssl.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst_openssl.h,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
#ifndef DST_OPENSSL_H
#define DST_OPENSSL_H 1
Modified: vendor/bind/dist/lib/dns/dst_parse.c
===================================================================
--- vendor/bind/dist/lib/dns/dst_parse.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dst_parse.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -31,7 +31,7 @@
/*%
* Principal Author: Brian Wellington
- * $Id: dst_parse.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+ * $Id$
*/
#include <config.h>
Modified: vendor/bind/dist/lib/dns/dst_parse.h
===================================================================
--- vendor/bind/dist/lib/dns/dst_parse.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dst_parse.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst_parse.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: dst_parse.h,v 1.17 2010/12/23 23:47:08 tbox Exp $ */
/*! \file */
#ifndef DST_DST_PARSE_H
Modified: vendor/bind/dist/lib/dns/dst_result.c
===================================================================
--- vendor/bind/dist/lib/dns/dst_result.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/dst_result.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -17,7 +17,7 @@
/*%
* Principal Author: Brian Wellington
- * $Id: dst_result.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+ * $Id: dst_result.c,v 1.7 2008/04/01 23:47:10 tbox Exp $
*/
#include <config.h>
Modified: vendor/bind/dist/lib/dns/ecdb.c
===================================================================
--- vendor/bind/dist/lib/dns/ecdb.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/ecdb.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,8 +14,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ecdb.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
-
#include "config.h"
#include <isc/result.h>
@@ -770,19 +768,24 @@
static void
rdatasetiter_destroy(dns_rdatasetiter_t **iteratorp) {
- ecdb_rdatasetiter_t *ecdbiterator;
isc_mem_t *mctx;
+ union {
+ dns_rdatasetiter_t *rdatasetiterator;
+ ecdb_rdatasetiter_t *ecdbiterator;
+ } u;
REQUIRE(iteratorp != NULL);
- ecdbiterator = (ecdb_rdatasetiter_t *)*iteratorp;
- REQUIRE(DNS_RDATASETITER_VALID(&ecdbiterator->common));
+ REQUIRE(DNS_RDATASETITER_VALID(*iteratorp));
- mctx = ecdbiterator->common.db->mctx;
+ u.rdatasetiterator = *iteratorp;
- ecdbiterator->common.magic = 0;
+ mctx = u.ecdbiterator->common.db->mctx;
+ u.ecdbiterator->common.magic = 0;
- dns_db_detachnode(ecdbiterator->common.db, &ecdbiterator->common.node);
- isc_mem_put(mctx, ecdbiterator, sizeof(ecdb_rdatasetiter_t));
+ dns_db_detachnode(u.ecdbiterator->common.db,
+ &u.ecdbiterator->common.node);
+ isc_mem_put(mctx, u.ecdbiterator,
+ sizeof(ecdb_rdatasetiter_t));
*iteratorp = NULL;
}
Modified: vendor/bind/dist/lib/dns/forward.c
===================================================================
--- vendor/bind/dist/lib/dns/forward.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/forward.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: forward.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: forward.c,v 1.14 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/gen-unix.h
===================================================================
--- vendor/bind/dist/lib/dns/gen-unix.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/gen-unix.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gen-unix.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: gen-unix.h,v 1.21 2009/01/17 23:47:42 tbox Exp $ */
/*! \file
* \brief
Deleted: vendor/bind/dist/lib/dns/gen-win32.h
===================================================================
--- vendor/bind/dist/lib/dns/gen-win32.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/gen-win32.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,290 +0,0 @@
-/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Copyright (c) 1987, 1993, 1994
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: gen-win32.h,v 1.1.1.1 2013-08-22 22:51:58 laffer1 Exp $ */
-
-/*! \file
- * \author Principal Authors: Computer Systems Research Group at UC Berkeley
- * \author Principal ISC caretaker: DCL
- */
-
-/*
- * \note This file was adapted from the NetBSD project's source tree, RCS ID:
- * NetBSD: getopt.c,v 1.15 1999/09/20 04:39:37 lukem Exp
- *
- * The primary change has been to rename items to the ISC namespace
- * and format in the ISC coding style.
- *
- * This file is responsible for defining two operations that are not
- * directly portable between Unix-like systems and Windows NT, option
- * parsing and directory scanning. It is here because it was decided
- * that the "gen" build utility was not to depend on libisc.a, so
- * the functions declared in isc/commandline.h and isc/dir.h could not
- * be used.
- *
- * The commandline stuff is pretty much a straight copy from the initial
- * isc/commandline.c. The dir stuff was shrunk to fit the needs of gen.c.
- */
-
-#ifndef DNS_GEN_WIN32_H
-#define DNS_GEN_WIN32_H 1
-
-#include <stdio.h>
-#include <string.h>
-#include <windows.h>
-
-#include <isc/boolean.h>
-#include <isc/lang.h>
-
-int isc_commandline_index = 1; /* Index into parent argv vector. */
-int isc_commandline_option; /* Character checked for validity. */
-
-char *isc_commandline_argument; /* Argument associated with option. */
-char *isc_commandline_progname; /* For printing error messages. */
-
-isc_boolean_t isc_commandline_errprint = ISC_TRUE; /* Print error messages. */
-isc_boolean_t isc_commandline_reset = ISC_TRUE; /* Reset processing. */
-
-#define BADOPT '?'
-#define BADARG ':'
-#define ENDOPT ""
-
-ISC_LANG_BEGINDECLS
-
-/*
- * getopt --
- * Parse argc/argv argument vector.
- */
-int
-isc_commandline_parse(int argc, char * const *argv, const char *options) {
- static char *place = ENDOPT;
- char *option; /* Index into *options of option. */
-
- /*
- * Update scanning pointer, either because a reset was requested or
- * the previous argv was finished.
- */
- if (isc_commandline_reset || *place == '\0') {
- isc_commandline_reset = ISC_FALSE;
-
- if (isc_commandline_progname == NULL)
- isc_commandline_progname = argv[0];
-
- if (isc_commandline_index >= argc ||
- *(place = argv[isc_commandline_index]) != '-') {
- /*
- * Index out of range or points to non-option.
- */
- place = ENDOPT;
- return (-1);
- }
-
- if (place[1] != '\0' && *++place == '-' && place[1] == '\0') {
- /*
- * Found '--' to signal end of options. Advance
- * index to next argv, the first non-option.
- */
- isc_commandline_index++;
- place = ENDOPT;
- return (-1);
- }
- }
-
- isc_commandline_option = *place++;
- option = strchr(options, isc_commandline_option);
-
- /*
- * Ensure valid option has been passed as specified by options string.
- * '-:' is never a valid command line option because it could not
- * distinguish ':' from the argument specifier in the options string.
- */
- if (isc_commandline_option == ':' || option == NULL) {
- if (*place == '\0')
- isc_commandline_index++;
-
- if (isc_commandline_errprint && *options != ':')
- fprintf(stderr, "%s: illegal option -- %c\n",
- isc_commandline_progname,
- isc_commandline_option);
-
- return (BADOPT);
- }
-
- if (*++option != ':') {
- /*
- * Option does not take an argument.
- */
- isc_commandline_argument = NULL;
-
- /*
- * Skip to next argv if at the end of the current argv.
- */
- if (*place == '\0')
- ++isc_commandline_index;
-
- } else {
- /*
- * Option needs an argument.
- */
- if (*place != '\0')
- /*
- * Option is in this argv, -D1 style.
- */
- isc_commandline_argument = place;
-
- else if (argc > ++isc_commandline_index)
- /*
- * Option is next argv, -D 1 style.
- */
- isc_commandline_argument = argv[isc_commandline_index];
-
- else {
- /*
- * Argument needed, but no more argv.
- */
- place = ENDOPT;
-
- /*
- * Silent failure with "missing argument" return
- * when ':' starts options string, per historical spec.
- */
- if (*options == ':')
- return (BADARG);
-
- if (isc_commandline_errprint)
- fprintf(stderr,
- "%s: option requires an argument -- %c\n",
- isc_commandline_progname,
- isc_commandline_option);
-
- return (BADOPT);
- }
-
- place = ENDOPT;
-
- /*
- * Point to argv that follows argument.
- */
- isc_commandline_index++;
- }
-
- return (isc_commandline_option);
-}
-
-typedef struct {
- HANDLE handle;
- WIN32_FIND_DATA find_data;
- isc_boolean_t first_file;
- char *filename;
-} isc_dir_t;
-
-isc_boolean_t
-start_directory(const char *path, isc_dir_t *dir) {
- char pattern[_MAX_PATH], *p;
-
- /*
- * Need space for slash-splat and final NUL.
- */
- if (strlen(path) + 3 > sizeof(pattern))
- return (ISC_FALSE);
-
- strcpy(pattern, path);
-
- /*
- * Append slash (if needed) and splat.
- */
- p = pattern + strlen(pattern);
- if (p != pattern && p[-1] != '\\' && p[-1] != ':')
- *p++ = '\\';
- *p++ = '*';
- *p++ = '\0';
-
- dir->first_file = ISC_TRUE;
-
- dir->handle = FindFirstFile(pattern, &dir->find_data);
-
- if (dir->handle == INVALID_HANDLE_VALUE) {
- dir->filename = NULL;
- return (ISC_FALSE);
- } else {
- dir->filename = dir->find_data.cFileName;
- return (ISC_TRUE);
- }
-}
-
-isc_boolean_t
-next_file(isc_dir_t *dir) {
- if (dir->first_file)
- dir->first_file = ISC_FALSE;
-
- else if (dir->handle != INVALID_HANDLE_VALUE) {
- if (FindNextFile(dir->handle, &dir->find_data) == TRUE)
- dir->filename = dir->find_data.cFileName;
- else
- dir->filename = NULL;
-
- } else
- dir->filename = NULL;
-
- if (dir->filename != NULL)
- return (ISC_TRUE);
- else
- return (ISC_FALSE);
-}
-
-void
-end_directory(isc_dir_t *dir) {
- if (dir->handle != INVALID_HANDLE_VALUE)
- FindClose(dir->handle);
-}
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_GEN_WIN32_H */
Modified: vendor/bind/dist/lib/dns/gen.c
===================================================================
--- vendor/bind/dist/lib/dns/gen.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/gen.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -309,7 +309,8 @@
static void
insert_into_typenames(int type, const char *typename, const char *attr) {
struct ttnam *ttn = NULL;
- int c, i, n;
+ size_t c;
+ int i, n;
char tmp[256];
INSIST(strlen(typename) < TYPECLASSBUF);
@@ -330,15 +331,20 @@
exit(1);
}
+ /* XXXMUKS: This is redundant due to the INSIST above. */
if (strlen(typename) > sizeof(ttn->typename) - 1) {
fprintf(stderr, "Error: type name %s is too long\n",
typename);
exit(1);
}
+
strncpy(ttn->typename, typename, sizeof(ttn->typename));
- ttn->type = type;
+ ttn->typename[sizeof(ttn->typename) - 1] = '\0';
strncpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname));
+ ttn->macroname[sizeof(ttn->macroname) - 1] = '\0';
+
+ ttn->type = type;
c = strlen(ttn->macroname);
while (c > 0) {
if (ttn->macroname[c - 1] == '-')
@@ -364,7 +370,10 @@
attr, typename);
exit(1);
}
+
strncpy(ttn->attr, attr, sizeof(ttn->attr));
+ ttn->attr[sizeof(ttn->attr) - 1] = '\0';
+
ttn->sorted = 0;
if (maxtype < type)
maxtype = type;
@@ -393,11 +402,17 @@
newtt->next = NULL;
newtt->rdclass = rdclass;
newtt->type = type;
+
strncpy(newtt->classname, classname, sizeof(newtt->classname));
+ newtt->classname[sizeof(newtt->classname) - 1] = '\0';
+
strncpy(newtt->typename, typename, sizeof(newtt->typename));
+ newtt->typename[sizeof(newtt->typename) - 1] = '\0';
+
if (strncmp(dirname, "./", 2) == 0)
dirname += 2;
strncpy(newtt->dirname, dirname, sizeof(newtt->dirname));
+ newtt->dirname[sizeof(newtt->dirname) - 1] = '\0';
tt = types;
oldtt = NULL;
@@ -436,6 +451,7 @@
}
newcc->rdclass = rdclass;
strncpy(newcc->classname, classname, sizeof(newcc->classname));
+ newcc->classname[sizeof(newcc->classname) - 1] = '\0';
cc = classes;
oldcc = NULL;
@@ -485,7 +501,7 @@
static unsigned int
HASH(char *string) {
- unsigned int n;
+ size_t n;
unsigned char a, b;
n = strlen(string);
@@ -779,6 +795,14 @@
ttn = find_typename(i);
if (ttn == NULL)
continue;
+ /*
+ * Remove KEYDATA (65533) from the type to memonic
+ * translation as it is internal use only. This
+ * stops the tools from displaying KEYDATA instead
+ * of TYPE65533.
+ */
+ if (i == 65533U)
+ continue;
fprintf(stdout, "\tcase %u: return "
"(str_totext(\"%s\", target)); \\\n",
i, upper(ttn->typename));
Modified: vendor/bind/dist/lib/dns/gssapi_link.c
===================================================================
--- vendor/bind/dist/lib/dns/gssapi_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/gssapi_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -16,7 +16,7 @@
*/
/*
- * $Id: gssapi_link.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+ * $Id$
*/
#include <config.h>
@@ -47,7 +47,7 @@
#define GBUFFER_TO_REGION(gb, r) \
do { \
- (r).length = (gb).length; \
+ (r).length = (unsigned int)(gb).length; \
(r).base = (gb).value; \
} while (0)
@@ -180,7 +180,7 @@
* Copy the output into our buffer space, and release the gssapi
* allocated space.
*/
- isc_buffer_putmem(sig, gsig.value, gsig.length);
+ isc_buffer_putmem(sig, gsig.value, (unsigned int)gsig.length);
if (gsig.length != 0U)
gss_release_buffer(&minor, &gsig);
@@ -216,7 +216,7 @@
buf = isc_mem_allocate(dst__memory_pool, sig->length);
if (buf == NULL)
return (ISC_R_FAILURE);
- memcpy(buf, sig->base, sig->length);
+ memmove(buf, sig->base, sig->length);
r.base = buf;
r.length = sig->length;
REGION_TO_GBUFFER(r, gsig);
@@ -286,7 +286,7 @@
static isc_result_t
gssapi_restore(dst_key_t *key, const char *keystr) {
OM_uint32 major, minor;
- size_t len;
+ unsigned int len;
isc_buffer_t *b = NULL;
isc_region_t r;
gss_buffer_desc gssbuffer;
@@ -346,13 +346,13 @@
gss_release_buffer(&minor, &gssbuffer);
return (ISC_R_NOMEMORY);
}
- isc_buffer_init(&b, buf, len);
+ isc_buffer_init(&b, buf, (unsigned int)len);
GBUFFER_TO_REGION(gssbuffer, r);
result = isc_base64_totext(&r, 0, "", &b);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
gss_release_buffer(&minor, &gssbuffer);
*buffer = buf;
- *length = len;
+ *length = (int)len;
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/gssapictx.c
===================================================================
--- vendor/bind/dist/lib/dns/gssapictx.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/gssapictx.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gssapictx.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -68,8 +68,12 @@
* always use one. If we're not using our own SPNEGO implementation,
* we include SPNEGO's OID.
*/
-#if defined(GSSAPI)
+#ifdef GSSAPI
+#ifdef WIN32
+#include <krb5/krb5.h>
+#else
#include ISC_PLATFORM_KRB5HEADER
+#endif
static unsigned char krb5_mech_oid_bytes[] = {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02
@@ -103,7 +107,7 @@
#define GBUFFER_TO_REGION(gb, r) \
do { \
- (r).length = (gb).length; \
+ (r).length = (unsigned int)(gb).length; \
(r).base = (gb).value; \
} while (0)
@@ -229,7 +233,7 @@
krb5_free_context(krb5_ctx);
return;
}
- p = strchr(gss_name, '/');
+ p = strchr(gss_name, '@');
if (p == NULL) {
gss_log(ISC_LOG_ERROR, "badly formatted "
"tkey-gssapi-credentials (%s)", gss_name);
@@ -252,12 +256,12 @@
gss_cred_id_t *cred)
{
#ifdef GSSAPI
+ isc_result_t result;
isc_buffer_t namebuf;
gss_name_t gname;
gss_buffer_desc gnamebuf;
unsigned char array[DNS_NAME_MAXTEXT + 1];
OM_uint32 gret, minor;
- gss_OID_set mechs;
OM_uint32 lifetime;
gss_cred_usage_t usage;
char buf[1024];
@@ -304,8 +308,7 @@
usage = GSS_C_ACCEPT;
gret = gss_acquire_cred(&minor, gname, GSS_C_INDEFINITE,
- &mech_oid_set,
- usage, cred, &mechs, &lifetime);
+ &mech_oid_set, usage, cred, NULL, &lifetime);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed to acquire %s credentials for %s: %s",
@@ -312,8 +315,10 @@
initiate ? "initiate" : "accept",
(gname != NULL) ? (char *)gnamebuf.value : "?",
gss_error_tostring(gret, minor, buf, sizeof(buf)));
- check_config((char *)array);
- return (ISC_R_FAILURE);
+ if (gname != NULL)
+ check_config((char *)array);
+ result = ISC_R_FAILURE;
+ goto cleanup;
}
gss_log(4, "acquired %s credentials for %s",
@@ -321,8 +326,18 @@
(gname != NULL) ? (char *)gnamebuf.value : "?");
log_cred(*cred);
+ result = ISC_R_SUCCESS;
- return (ISC_R_SUCCESS);
+cleanup:
+ if (gname != NULL) {
+ gret = gss_release_name(&minor, &gname);
+ if (gret != GSS_S_COMPLETE)
+ gss_log(3, "failed gss_release_name: %s",
+ gss_error_tostring(gret, minor, buf,
+ sizeof(buf)));
+ }
+
+ return (result);
#else
REQUIRE(cred != NULL && *cred == NULL);
@@ -620,7 +635,6 @@
RETERR(isc_buffer_copyregion(outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
- (void)gss_release_name(&minor, &gname);
if (gret == GSS_S_COMPLETE)
result = ISC_R_SUCCESS;
@@ -628,6 +642,7 @@
result = DNS_R_CONTINUE;
out:
+ (void)gss_release_name(&minor, &gname);
return (result);
#else
UNUSED(name);
@@ -669,7 +684,7 @@
context = *ctxout;
if (gssapi_keytab != NULL) {
-#ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER
+#if defined(ISC_PLATFORM_GSSAPI_KRB5_HEADER) || defined(WIN32)
gret = gsskrb5_register_acceptor_identity(gssapi_keytab);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed "
@@ -730,7 +745,8 @@
}
if (gouttoken.length > 0U) {
- RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length));
+ RETERR(isc_buffer_allocate(mctx, outtoken,
+ (unsigned int)gouttoken.length));
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(*outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
Modified: vendor/bind/dist/lib/dns/hmac_link.c
===================================================================
--- vendor/bind/dist/lib/dns/hmac_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/hmac_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+ * $Id: hmac_link.c,v 1.19 2011/01/11 23:47:13 tbox Exp $
*/
#include <config.h>
@@ -42,6 +42,7 @@
#include <isc/md5.h>
#include <isc/sha1.h>
#include <isc/mem.h>
+#include <isc/safe.h>
#include <isc/string.h>
#include <isc/util.h>
@@ -138,7 +139,7 @@
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -227,9 +228,8 @@
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, hkey->key);
keylen = ISC_MD5_DIGESTLENGTH;
- }
- else {
- memcpy(hkey->key, r.base, r.length);
+ } else {
+ memmove(hkey->key, r.base, r.length);
keylen = r.length;
}
@@ -414,7 +414,7 @@
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -503,9 +503,8 @@
isc_sha1_update(&sha1ctx, r.base, r.length);
isc_sha1_final(&sha1ctx, hkey->key);
keylen = ISC_SHA1_DIGESTLENGTH;
- }
- else {
- memcpy(hkey->key, r.base, r.length);
+ } else {
+ memmove(hkey->key, r.base, r.length);
keylen = r.length;
}
@@ -690,7 +689,7 @@
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH) == 0)
+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -781,9 +780,8 @@
isc_sha224_update(&sha224ctx, r.base, r.length);
isc_sha224_final(hkey->key, &sha224ctx);
keylen = ISC_SHA224_DIGESTLENGTH;
- }
- else {
- memcpy(hkey->key, r.base, r.length);
+ } else {
+ memmove(hkey->key, r.base, r.length);
keylen = r.length;
}
@@ -968,7 +966,7 @@
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH) == 0)
+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -1059,9 +1057,8 @@
isc_sha256_update(&sha256ctx, r.base, r.length);
isc_sha256_final(hkey->key, &sha256ctx);
keylen = ISC_SHA256_DIGESTLENGTH;
- }
- else {
- memcpy(hkey->key, r.base, r.length);
+ } else {
+ memmove(hkey->key, r.base, r.length);
keylen = r.length;
}
@@ -1246,7 +1243,7 @@
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH) == 0)
+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -1337,9 +1334,8 @@
isc_sha384_update(&sha384ctx, r.base, r.length);
isc_sha384_final(hkey->key, &sha384ctx);
keylen = ISC_SHA384_DIGESTLENGTH;
- }
- else {
- memcpy(hkey->key, r.base, r.length);
+ } else {
+ memmove(hkey->key, r.base, r.length);
keylen = r.length;
}
@@ -1524,7 +1520,7 @@
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH) == 0)
+ if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -1615,9 +1611,8 @@
isc_sha512_update(&sha512ctx, r.base, r.length);
isc_sha512_final(hkey->key, &sha512ctx);
keylen = ISC_SHA512_DIGESTLENGTH;
- }
- else {
- memcpy(hkey->key, r.base, r.length);
+ } else {
+ memmove(hkey->key, r.base, r.length);
keylen = r.length;
}
Modified: vendor/bind/dist/lib/dns/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/dns/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.15 2007/06/19 23:47:16 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/dns/include/dns/Makefile.in
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -21,17 +21,22 @@
@BIND9_VERSION@
-HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h cert.h compress.h \
- db.h dbiterator.h dbtable.h diff.h dispatch.h dlz.h \
- dnssec.h ds.h events.h fixedname.h iptable.h journal.h \
- keyflags.h keytable.h keyvalues.h lib.h log.h \
- master.h masterdump.h message.h name.h ncache.h nsec.h \
- peer.h portlist.h private.h rbt.h rcode.h \
- rdata.h rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \
- rdataslab.h rdatatype.h request.h resolver.h result.h \
- rootns.h rpz.h sdb.h sdlz.h secalg.h secproto.h soa.h ssu.h \
- tcpmsg.h time.h tkey.h tsig.h ttl.h types.h \
- validator.h version.h view.h xfrin.h zone.h zonekey.h zt.h
+HEADERS = acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \
+ client.h compress.h \
+ db.h dbiterator.h dbtable.h diff.h dispatch.h \
+ dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h \
+ ecdb.h events.h fixedname.h forward.h iptable.h \
+ journal.h keydata.h keyflags.h keytable.h keyvalues.h \
+ lib.h lookup.h log.h master.h masterdump.h message.h \
+ name.h ncache.h nsec.h nsec3.h opcode.h order.h \
+ peer.h portlist.h private.h \
+ rbt.h rcode.h rdata.h rdataclass.h rdatalist.h \
+ rdataset.h rdatasetiter.h rdataslab.h rdatatype.h request.h \
+ resolver.h result.h rootns.h rpz.h rriterator.h \
+ sdb.h sdlz.h secalg.h secproto.h soa.h ssu.h stats.h \
+ tcpmsg.h time.h timer.h tkey.h tsec.h tsig.h ttl.h types.h \
+ validator.h version.h view.h xfrin.h \
+ zone.h zonekey.h zt.h
GENHEADERS = enumclass.h enumtype.h rdatastruct.h
Modified: vendor/bind/dist/lib/dns/include/dns/acache.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/acache.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/acache.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: acache.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id: acache.h,v 1.8 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_ACACHE_H
#define DNS_ACACHE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/acl.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/acl.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/acl.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: acl.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_ACL_H
#define DNS_ACL_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/adb.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/adb.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/adb.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: adb.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_ADB_H
#define DNS_ADB_H 1
@@ -510,7 +510,12 @@
*/
/*
- * A reasonable default for RTT adjustments
+ * Reasonable defaults for RTT adjustments
+ *
+ * (Note: these values function both as scaling factors and as
+ * indicators of the type of RTT adjustment operation taking place.
+ * Adjusting the scaling factors is fine, as long as they all remain
+ * unique values.)
*/
#define DNS_ADB_RTTADJDEFAULT 7 /*%< default scale */
#define DNS_ADB_RTTADJREPLACE 0 /*%< replace with our rtt */
@@ -521,19 +526,7 @@
unsigned int rtt, unsigned int factor);
/*%<
* Mix the round trip time into the existing smoothed rtt.
-
- * The formula used
- * (where srtt is the existing rtt value, and rtt and factor are arguments to
- * this function):
*
- *\code
- * new_srtt = (old_srtt / 10 * factor) + (rtt / 10 * (10 - factor));
- *\endcode
- *
- * XXXRTH Do we want to publish the formula? What if we want to change how
- * this works later on? Recommend/require that the units are
- * microseconds?
- *
* Requires:
*
*\li adb be valid.
@@ -549,6 +542,24 @@
*/
void
+dns_adb_agesrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr, isc_stdtime_t now);
+/*
+ * dns_adb_agesrtt is equivalent to dns_adb_adjustsrtt with factor
+ * equal to DNS_ADB_RTTADJAGE and the current time passed in.
+ *
+ * Requires:
+ *
+ *\li adb be valid.
+ *
+ *\li addr be valid.
+ *
+ * Note:
+ *
+ *\li The srtt in addr will be updated to reflect the new global
+ * srtt value. This may include changes made by others.
+ */
+
+void
dns_adb_changeflags(dns_adb_t *adb, dns_adbaddrinfo_t *addr,
unsigned int bits, unsigned int mask);
/*%
Modified: vendor/bind/dist/lib/dns/include/dns/bit.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/bit.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/bit.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: bit.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: bit.h,v 1.14 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_BIT_H
#define DNS_BIT_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/byaddr.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/byaddr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/byaddr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: byaddr.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: byaddr.h,v 1.22 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_BYADDR_H
#define DNS_BYADDR_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/cache.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/cache.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/cache.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cache.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_CACHE_H
#define DNS_CACHE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/callbacks.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/callbacks.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/callbacks.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: callbacks.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_CALLBACKS_H
#define DNS_CALLBACKS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/cert.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/cert.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/cert.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cert.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: cert.h,v 1.19 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_CERT_H
#define DNS_CERT_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/client.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/client.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/client.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: client.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
#ifndef DNS_CLIENT_H
#define DNS_CLIENT_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/compress.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/compress.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/compress.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: compress.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: compress.h,v 1.42 2009/01/17 23:47:43 tbox Exp $ */
#ifndef DNS_COMPRESS_H
#define DNS_COMPRESS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/db.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/db.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/db.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: db.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_DB_H
#define DNS_DB_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/dbiterator.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/dbiterator.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/dbiterator.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dbiterator.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dbiterator.h,v 1.25 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_DBITERATOR_H
#define DNS_DBITERATOR_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/dbtable.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/dbtable.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/dbtable.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dbtable.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dbtable.h,v 1.23 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_DBTABLE_H
#define DNS_DBTABLE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/diff.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/diff.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/diff.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: diff.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: diff.h,v 1.19 2010/06/04 23:51:14 tbox Exp $ */
#ifndef DNS_DIFF_H
#define DNS_DIFF_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/dispatch.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/dispatch.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/dispatch.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dispatch.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_DISPATCH_H
#define DNS_DISPATCH_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/dlz.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/dlz.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/dlz.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -50,7 +50,7 @@
* USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dlz.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file dns/dlz.h */
Modified: vendor/bind/dist/lib/dns/include/dns/dlz_dlopen.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/dlz_dlopen.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/dlz_dlopen.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dlz_dlopen.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file dns/dlz_open.h */
Modified: vendor/bind/dist/lib/dns/include/dns/dns64.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/dns64.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/dns64.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dns64.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dns64.h,v 1.3 2010/12/08 23:51:56 tbox Exp $ */
#ifndef DNS_DNS64_H
#define DNS_DNS64_H 1
@@ -84,7 +84,7 @@
* zero.
* 'client' to be NULL or a valid acl.
* 'mapped' to be NULL or a valid acl.
- * 'exculded' to be NULL or a valid acl.
+ * 'excluded' to be NULL or a valid acl.
*
* Returns:
* ISC_R_SUCCESS
Modified: vendor/bind/dist/lib/dns/include/dns/dnssec.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/dnssec.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/dnssec.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_DNSSEC_H
#define DNS_DNSSEC_H 1
@@ -292,11 +292,11 @@
const char *directory, isc_mem_t *mctx,
dns_rdataset_t *keyset, dns_rdataset_t *keysigs,
dns_rdataset_t *soasigs, isc_boolean_t savekeys,
- isc_boolean_t public,
+ isc_boolean_t publickey,
dns_dnsseckeylist_t *keylist);
/*%<
* Append the contents of a DNSKEY rdataset 'keyset' to 'keylist'.
- * Omit duplicates. If 'public' is ISC_FALSE, search 'directory' for
+ * Omit duplicates. If 'publickey' is ISC_FALSE, search 'directory' for
* matching key files, and load the private keys that go with
* the public ones. If 'savekeys' is ISC_TRUE, mark the keys so
* they will not be deleted or inactivated regardless of metadata.
Modified: vendor/bind/dist/lib/dns/include/dns/ds.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/ds.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/ds.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ds.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ds.h,v 1.12 2010/12/23 23:47:08 tbox Exp $ */
#ifndef DNS_DS_H
#define DNS_DS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/ecdb.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/ecdb.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/ecdb.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ecdb.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ecdb.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
#ifndef DNS_ECDB_H
#define DNS_ECDB_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/events.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/events.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/events.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: events.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_EVENTS_H
#define DNS_EVENTS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/fixedname.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/fixedname.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/fixedname.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: fixedname.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: fixedname.h,v 1.19 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_FIXEDNAME_H
#define DNS_FIXEDNAME_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/forward.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/forward.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/forward.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: forward.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: forward.h,v 1.13 2009/09/02 23:48:02 tbox Exp $ */
#ifndef DNS_FORWARD_H
#define DNS_FORWARD_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/iptable.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/iptable.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/iptable.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: iptable.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: iptable.h,v 1.4 2007/09/14 01:46:05 marka Exp $ */
#ifndef DNS_IPTABLE_H
#define DNS_IPTABLE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/journal.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/journal.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/journal.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: journal.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_JOURNAL_H
#define DNS_JOURNAL_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/keydata.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/keydata.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/keydata.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keydata.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: keydata.h,v 1.2 2009/06/30 02:52:32 each Exp $ */
#ifndef DNS_KEYDATA_H
#define DNS_KEYDATA_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/keyflags.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/keyflags.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/keyflags.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keyflags.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: keyflags.h,v 1.16 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_KEYFLAGS_H
#define DNS_KEYFLAGS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/keytable.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/keytable.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/keytable.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keytable.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: keytable.h,v 1.23 2010/06/25 03:24:05 marka Exp $ */
#ifndef DNS_KEYTABLE_H
#define DNS_KEYTABLE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/keyvalues.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/keyvalues.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/keyvalues.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keyvalues.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: keyvalues.h,v 1.29 2010/12/23 23:47:08 tbox Exp $ */
#ifndef DNS_KEYVALUES_H
#define DNS_KEYVALUES_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/lib.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/lib.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/lib.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lib.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lib.h,v 1.18 2009/09/02 23:48:02 tbox Exp $ */
#ifndef DNS_LIB_H
#define DNS_LIB_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/log.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/log.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/log.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file dns/log.h
* \author Principal Authors: DCL */
Modified: vendor/bind/dist/lib/dns/include/dns/lookup.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/lookup.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/lookup.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lookup.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lookup.h,v 1.14 2009/01/17 23:47:43 tbox Exp $ */
#ifndef DNS_LOOKUP_H
#define DNS_LOOKUP_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/master.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/master.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/master.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: master.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_MASTER_H
#define DNS_MASTER_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/masterdump.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/masterdump.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/masterdump.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: masterdump.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_MASTERDUMP_H
#define DNS_MASTERDUMP_H 1
@@ -148,6 +148,11 @@
*/
LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_debug;
+/*%
+ * The style used for dumping "key" zones.
+ */
+LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_keyzone;
+
/***
*** Functions
***/
Modified: vendor/bind/dist/lib/dns/include/dns/message.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/message.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/message.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: message.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_MESSAGE_H
#define DNS_MESSAGE_H 1
@@ -105,7 +105,12 @@
/*%< EDNS0 extended OPT codes */
#define DNS_OPT_NSID 0x0003 /*%< NSID opt code */
+#define DNS_OPT_CLIENT_SUBNET 0x0008 /*%< client subnet opt code */
+#define DNS_OPT_EXPIRE 0x0009 /*%< EXPIRE opt code */
+/*%< The number of EDNS options we know about. */
+#define DNS_EDNSOPTIONS 3
+
#define DNS_MESSAGE_REPLYPRESERVE (DNS_MESSAGEFLAG_RD|DNS_MESSAGEFLAG_CD)
#define DNS_MESSAGEEXTFLAG_REPLYPRESERVE (DNS_MESSAGEEXTFLAG_DO)
Modified: vendor/bind/dist/lib/dns/include/dns/name.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/name.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/name.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: name.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id: name.h,v 1.137 2011/01/13 04:59:26 tbox Exp $ */
#ifndef DNS_NAME_H
#define DNS_NAME_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/ncache.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/ncache.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/ncache.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ncache.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id: ncache.h,v 1.29 2010/05/14 23:50:40 tbox Exp $ */
#ifndef DNS_NCACHE_H
#define DNS_NCACHE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/nsec.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/nsec.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/nsec.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_NSEC_H
#define DNS_NSEC_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/nsec3.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/nsec3.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/nsec3.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec3.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_NSEC3_H
#define DNS_NSEC3_H 1
@@ -43,7 +43,7 @@
/*
* Test "unknown" algorithm. Is mapped to dns_hash_sha1.
*/
-#define DNS_NSEC3_UNKNOWNALG 245U
+#define DNS_NSEC3_UNKNOWNALG ((dns_hash_t)245U)
ISC_LANG_BEGINDECLS
Modified: vendor/bind/dist/lib/dns/include/dns/opcode.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/opcode.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/opcode.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: opcode.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: opcode.h,v 1.8 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_OPCODE_H
#define DNS_OPCODE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/order.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/order.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/order.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: order.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: order.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_ORDER_H
#define DNS_ORDER_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/peer.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/peer.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/peer.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: peer.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: peer.h,v 1.35 2009/01/17 23:47:43 tbox Exp $ */
#ifndef DNS_PEER_H
#define DNS_PEER_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/portlist.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/portlist.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/portlist.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: portlist.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: portlist.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */
/*! \file dns/portlist.h */
Modified: vendor/bind/dist/lib/dns/include/dns/private.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/private.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/private.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: private.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#include <isc/lang.h>
#include <isc/types.h>
Modified: vendor/bind/dist/lib/dns/include/dns/rbt.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rbt.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rbt.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbt.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rbt.h,v 1.77 2009/11/04 01:18:19 marka Exp $ */
#ifndef DNS_RBT_H
#define DNS_RBT_H 1
@@ -914,6 +914,31 @@
#define dns_rbtnode_refinit(node, n) ((node)->references = (n))
#define dns_rbtnode_refdestroy(node) REQUIRE((node)->references == 0)
#define dns_rbtnode_refcurrent(node) ((node)->references)
+
+#if (__STDC_VERSION__ + 0) >= 199901L || defined __GNUC__
+static inline void
+dns_rbtnode_refincrement0(dns_rbtnode_t *node, unsigned int *refs) {
+ node->references++;
+ if (refs != NULL)
+ *refs = node->references;
+}
+
+static inline void
+dns_rbtnode_refincrement(dns_rbtnode_t *node, unsigned int *refs) {
+ REQUIRE(node->references > 0);
+ node->references++;
+ if (refs != NULL)
+ *refs = node->references;
+}
+
+static inline void
+dns_rbtnode_refdecrement(dns_rbtnode_t *node, unsigned int *refs) {
+ REQUIRE(node->references > 0);
+ node->references--;
+ if (refs != NULL)
+ *refs = node->references;
+}
+#else
#define dns_rbtnode_refincrement0(node, refs) \
do { \
unsigned int *_tmp = (unsigned int *)(refs); \
@@ -935,6 +960,7 @@
if ((refs) != NULL) \
(*refs) = (node)->references; \
} while (0)
+#endif
#endif /* DNS_RBT_USEISCREFCOUNT */
ISC_LANG_ENDDECLS
Modified: vendor/bind/dist/lib/dns/include/dns/rcode.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rcode.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rcode.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rcode.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rcode.h,v 1.21 2008/09/25 04:02:39 tbox Exp $ */
#ifndef DNS_RCODE_H
#define DNS_RCODE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rdata.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rdata.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rdata.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdata.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_RDATA_H
#define DNS_RDATA_H 1
@@ -170,6 +170,9 @@
/*% Output explanatory comments. */
#define DNS_STYLEFLAG_COMMENT 0x00000002U
+/*% Output KEYDATA in human readable format. */
+#define DNS_STYLEFLAG_KEYDATA 0x00000008U
+
#define DNS_RDATA_DOWNCASE DNS_NAME_DOWNCASE
#define DNS_RDATA_CHECKNAMES DNS_NAME_CHECKNAMES
#define DNS_RDATA_CHECKNAMESFAIL DNS_NAME_CHECKNAMESFAIL
Modified: vendor/bind/dist/lib/dns/include/dns/rdataclass.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rdataclass.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rdataclass.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdataclass.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rdataclass.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_RDATACLASS_H
#define DNS_RDATACLASS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rdatalist.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rdatalist.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rdatalist.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatalist.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rdatalist.h,v 1.22 2008/04/03 06:09:05 tbox Exp $ */
#ifndef DNS_RDATALIST_H
#define DNS_RDATALIST_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rdataset.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rdataset.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rdataset.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdataset.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_RDATASET_H
#define DNS_RDATASET_H 1
@@ -199,7 +199,8 @@
#define DNS_RDATASETATTR_NXDOMAIN 0x00002000
#define DNS_RDATASETATTR_NOQNAME 0x00004000
#define DNS_RDATASETATTR_CHECKNAMES 0x00008000 /*%< Used by resolver. */
-#define DNS_RDATASETATTR_REQUIREDGLUE 0x00010000
+#define DNS_RDATASETATTR_REQUIRED 0x00010000
+#define DNS_RDATASETATTR_REQUIREDGLUE DNS_RDATASETATTR_REQUIRED
#define DNS_RDATASETATTR_LOADORDER 0x00020000
#define DNS_RDATASETATTR_RESIGN 0x00040000
#define DNS_RDATASETATTR_CLOSEST 0x00080000
@@ -673,7 +674,7 @@
const char *
dns_trust_totext(dns_trust_t trust);
-/*
+/*%<
* Display trust in textual form.
*/
Modified: vendor/bind/dist/lib/dns/include/dns/rdatasetiter.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rdatasetiter.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rdatasetiter.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatasetiter.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rdatasetiter.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_RDATASETITER_H
#define DNS_RDATASETITER_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rdataslab.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rdataslab.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rdataslab.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdataslab.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rdataslab.h,v 1.33 2008/04/01 23:47:10 tbox Exp $ */
#ifndef DNS_RDATASLAB_H
#define DNS_RDATASLAB_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rdatatype.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rdatatype.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rdatatype.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatatype.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rdatatype.h,v 1.26 2008/09/25 04:02:39 tbox Exp $ */
#ifndef DNS_RDATATYPE_H
#define DNS_RDATATYPE_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/request.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/request.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/request.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: request.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: request.h,v 1.31 2010/03/04 23:50:34 tbox Exp $ */
#ifndef DNS_REQUEST_H
#define DNS_REQUEST_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/resolver.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/resolver.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/resolver.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resolver.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_RESOLVER_H
#define DNS_RESOLVER_H 1
@@ -97,6 +97,7 @@
UDP buffer. */
#define DNS_FETCHOPT_WANTNSID 0x80 /*%< Request NSID */
+/* Reserved in use by adb.c 0x00400000 */
#define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000
#define DNS_FETCHOPT_EDNSVERSIONMASK 0xff000000
#define DNS_FETCHOPT_EDNSVERSIONSHIFT 24
Modified: vendor/bind/dist/lib/dns/include/dns/result.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/result.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/result.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_RESULT_H
#define DNS_RESULT_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rootns.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rootns.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rootns.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rootns.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rootns.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_ROOTNS_H
#define DNS_ROOTNS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rpz.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rpz.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rpz.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rpz.h,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_RPZ_H
#define DNS_RPZ_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/rriterator.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/rriterator.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/rriterator.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rriterator.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_RRITERATOR_H
#define DNS_RRITERATOR_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/sdb.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/sdb.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/sdb.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sdb.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_SDB_H
#define DNS_SDB_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/sdlz.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/sdlz.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/sdlz.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -50,7 +50,7 @@
* USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sdlz.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file dns/sdlz.h */
Modified: vendor/bind/dist/lib/dns/include/dns/secalg.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/secalg.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/secalg.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: secalg.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: secalg.h,v 1.21 2009/10/12 23:48:02 tbox Exp $ */
#ifndef DNS_SECALG_H
#define DNS_SECALG_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/secproto.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/secproto.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/secproto.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: secproto.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: secproto.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_SECPROTO_H
#define DNS_SECPROTO_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/soa.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/soa.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/soa.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: soa.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: soa.h,v 1.12 2009/09/10 01:47:09 each Exp $ */
#ifndef DNS_SOA_H
#define DNS_SOA_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/ssu.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/ssu.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/ssu.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ssu.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ssu.h,v 1.28 2011/01/06 23:47:00 tbox Exp $ */
#ifndef DNS_SSU_H
#define DNS_SSU_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/stats.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/stats.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/stats.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stats.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_STATS_H
#define DNS_STATS_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/tcpmsg.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/tcpmsg.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/tcpmsg.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tcpmsg.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: tcpmsg.h,v 1.22 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_TCPMSG_H
#define DNS_TCPMSG_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/time.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/time.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/time.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: time.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_TIME_H
#define DNS_TIME_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/timer.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/timer.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/timer.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: timer.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: timer.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_TIMER_H
#define DNS_TIMER_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/tkey.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/tkey.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/tkey.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tkey.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: tkey.h,v 1.32 2011/01/08 23:47:01 tbox Exp $ */
#ifndef DNS_TKEY_H
#define DNS_TKEY_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/tsec.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/tsec.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/tsec.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsec.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: tsec.h,v 1.6 2010/12/09 00:54:34 marka Exp $ */
#ifndef DNS_TSEC_H
#define DNS_TSEC_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/tsig.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/tsig.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/tsig.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsig.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: tsig.h,v 1.59 2011/01/11 23:47:13 tbox Exp $ */
#ifndef DNS_TSIG_H
#define DNS_TSIG_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/ttl.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/ttl.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/ttl.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ttl.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ttl.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_TTL_H
#define DNS_TTL_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/types.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/types.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/types.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: types.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_TYPES_H
#define DNS_TYPES_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/validator.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/validator.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/validator.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: validator.h,v 1.46 2010/02/25 05:08:01 tbox Exp $ */
#ifndef DNS_VALIDATOR_H
#define DNS_VALIDATOR_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/version.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/version.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/version.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: version.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */
/*! \file dns/version.h */
Modified: vendor/bind/dist/lib/dns/include/dns/view.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/view.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/view.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: view.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
@@ -138,6 +138,7 @@
dns_acl_t * updateacl;
dns_acl_t * upfwdacl;
dns_acl_t * denyansweracl;
+ dns_acl_t * nocasecompress;
dns_rbt_t * answeracl_exclude;
dns_rbt_t * denyanswernames;
dns_rbt_t * answernames_exclude;
@@ -706,6 +707,7 @@
* Returns:
*\li #ISC_R_SUCCESS A matching zone was found.
*\li #ISC_R_NOTFOUND No matching zone was found.
+ *\li #ISC_R_MULTIPLE Multiple zones with the same name were found.
*/
isc_result_t
Modified: vendor/bind/dist/lib/dns/include/dns/xfrin.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/xfrin.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/xfrin.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: xfrin.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: xfrin.h,v 1.30 2009/01/17 23:47:43 tbox Exp $ */
#ifndef DNS_XFRIN_H
#define DNS_XFRIN_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/zone.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/zone.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/zone.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zone.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_ZONE_H
#define DNS_ZONE_H 1
@@ -1906,6 +1906,12 @@
* Set the response policy associated with a zone.
*/
+isc_result_t
+dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db);
+/*%
+ * If a zone is a response policy zone, mark its new database.
+ */
+
isc_boolean_t
dns_zone_get_rpz(dns_zone_t *zone);
Modified: vendor/bind/dist/lib/dns/include/dns/zonekey.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/zonekey.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/zonekey.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zonekey.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: zonekey.h,v 1.10 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_ZONEKEY_H
#define DNS_ZONEKEY_H 1
Modified: vendor/bind/dist/lib/dns/include/dns/zt.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dns/zt.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dns/zt.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zt.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_ZT_H
#define DNS_ZT_H 1
Modified: vendor/bind/dist/lib/dns/include/dst/Makefile.in
===================================================================
--- vendor/bind/dist/lib/dns/include/dst/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dst/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.4 2007/12/11 20:28:55 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/dns/include/dst/dst.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dst/dst.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dst/dst.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef DST_DST_H
#define DST_DST_H 1
@@ -887,7 +887,24 @@
unsigned int protocol, dns_rdataclass_t rdclass,
isc_mem_t *mctx, const char *keystr, dst_key_t **keyp);
+isc_boolean_t
+dst_key_inactive(const dst_key_t *key);
+/*%<
+ * Determines if the private key is missing due the key being deemed inactive.
+ *
+ * Requires:
+ * 'key' to be valid.
+ */
+void
+dst_key_setinactive(dst_key_t *key, isc_boolean_t inactive);
+/*%<
+ * Set key inactive state.
+ *
+ * Requires:
+ * 'key' to be valid.
+ */
+
ISC_LANG_ENDDECLS
#endif /* DST_DST_H */
Modified: vendor/bind/dist/lib/dns/include/dst/gssapi.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dst/gssapi.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dst/gssapi.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gssapi.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: gssapi.h,v 1.16 2011/01/08 23:47:01 tbox Exp $ */
#ifndef DST_GSSAPI_H
#define DST_GSSAPI_H 1
@@ -29,7 +29,7 @@
#include <dns/types.h>
#ifdef GSSAPI
-#ifdef _WINDOWS
+#ifdef WIN32
/*
* MSVC does not like macros in #include lines.
*/
Modified: vendor/bind/dist/lib/dns/include/dst/lib.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dst/lib.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dst/lib.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lib.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lib.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DST_LIB_H
#define DST_LIB_H 1
Modified: vendor/bind/dist/lib/dns/include/dst/result.h
===================================================================
--- vendor/bind/dist/lib/dns/include/dst/result.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/include/dst/result.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: result.h,v 1.9 2008/04/01 23:47:10 tbox Exp $ */
#ifndef DST_RESULT_H
#define DST_RESULT_H 1
Modified: vendor/bind/dist/lib/dns/iptable.c
===================================================================
--- vendor/bind/dist/lib/dns/iptable.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/iptable.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: iptable.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: iptable.c,v 1.15 2009/02/18 23:47:48 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/dns/journal.c
===================================================================
--- vendor/bind/dist/lib/dns/journal.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/journal.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: journal.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -299,7 +299,7 @@
unsigned int magic; /*%< JOUR */
isc_mem_t *mctx; /*%< Memory context */
journal_state_t state;
- const char *filename; /*%< Journal file name */
+ char *filename; /*%< Journal file name */
FILE * fp; /*%< File handle */
isc_offset_t offset; /*%< Current file offset */
journal_header_t header; /*%< In-core journal header */
@@ -349,7 +349,7 @@
static void
journal_header_decode(journal_rawheader_t *raw, journal_header_t *cooked) {
INSIST(sizeof(cooked->format) == sizeof(raw->h.format));
- memcpy(cooked->format, raw->h.format, sizeof(cooked->format));
+ memmove(cooked->format, raw->h.format, sizeof(cooked->format));
journal_pos_decode(&raw->h.begin, &cooked->begin);
journal_pos_decode(&raw->h.end, &cooked->end);
cooked->index_size = decode_uint32(raw->h.index_size);
@@ -359,7 +359,7 @@
journal_header_encode(journal_header_t *cooked, journal_rawheader_t *raw) {
INSIST(sizeof(cooked->format) == sizeof(raw->h.format));
memset(raw->pad, 0, sizeof(raw->pad));
- memcpy(raw->h.format, cooked->format, sizeof(raw->h.format));
+ memmove(raw->h.format, cooked->format, sizeof(raw->h.format));
journal_pos_encode(&raw->h.begin, &cooked->begin);
journal_pos_encode(&raw->h.end, &cooked->end);
encode_uint32(cooked->index_size, raw->h.index_size);
@@ -395,7 +395,7 @@
j->filename, isc_result_totext(result));
return (ISC_R_UNEXPECTED);
}
- j->offset += nbytes;
+ j->offset += (isc_offset_t)nbytes;
return (ISC_R_SUCCESS);
}
@@ -410,7 +410,7 @@
j->filename, isc_result_totext(result));
return (ISC_R_UNEXPECTED);
}
- j->offset += nbytes;
+ j->offset += (isc_offset_t)nbytes;
return (ISC_R_SUCCESS);
}
@@ -512,7 +512,7 @@
return (ISC_R_NOMEMORY);
}
memset(mem, 0, size);
- memcpy(mem, &rawheader, sizeof(rawheader));
+ memmove(mem, &rawheader, sizeof(rawheader));
result = isc_stdio_write(mem, 1, (size_t) size, fp, NULL);
if (result != ISC_R_SUCCESS) {
@@ -554,10 +554,13 @@
j->mctx = mctx;
j->state = JOURNAL_STATE_INVALID;
j->fp = NULL;
- j->filename = filename;
+ j->filename = isc_mem_strdup(mctx, filename);
j->index = NULL;
j->rawindex = NULL;
+ if (j->filename == NULL)
+ FAIL(ISC_R_NOMEMORY);
+
result = isc_stdio_open(j->filename, write ? "rb+" : "rb", &fp);
if (result == ISC_R_FILENOTFOUND) {
@@ -660,6 +663,8 @@
sizeof(journal_rawpos_t));
j->index = NULL;
}
+ if (j->filename != NULL)
+ isc_mem_free(j->mctx, j->filename);
if (j->fp != NULL)
(void)isc_stdio_close(j->fp);
isc_mem_put(j->mctx, j, sizeof(*j));
@@ -670,17 +675,17 @@
dns_journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write,
dns_journal_t **journalp) {
isc_result_t result;
- int namelen;
+ size_t namelen;
char backup[1024];
result = journal_open(mctx, filename, write, write, journalp);
if (result == ISC_R_NOTFOUND) {
namelen = strlen(filename);
- if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0)
+ if (namelen > 4U && strcmp(filename + namelen - 4, ".jnl") == 0)
namelen -= 4;
result = isc_string_printf(backup, sizeof(backup), "%.*s.jbk",
- namelen, filename);
+ (int)namelen, filename);
if (result != ISC_R_SUCCESS)
return (result);
result = journal_open(mctx, backup, write, write, journalp);
@@ -1200,7 +1205,8 @@
isc_mem_put(j->mctx, j->it.target.base, j->it.target.length);
if (j->it.source.base != NULL)
isc_mem_put(j->mctx, j->it.source.base, j->it.source.length);
-
+ if (j->filename != NULL)
+ isc_mem_free(j->mctx, j->filename);
if (j->fp != NULL)
(void)isc_stdio_close(j->fp);
j->magic = 0;
@@ -1216,9 +1222,7 @@
/* XXX Share code with incoming IXFR? */
static isc_result_t
-roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options,
- isc_uint32_t resign)
-{
+roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
isc_buffer_t source; /* Transaction data from disk */
isc_buffer_t target; /* Ditto after _fromwire check */
isc_uint32_t db_serial; /* Database SOA serial */
@@ -1235,7 +1239,6 @@
REQUIRE(DNS_DB_VALID(db));
dns_diff_init(j->mctx, &diff);
- diff.resign = resign;
/*
* Set up empty initial buffers for unchecked and checked
@@ -1368,6 +1371,8 @@
REQUIRE(DNS_DB_VALID(db));
REQUIRE(filename != NULL);
+ UNUSED(resign);
+
j = NULL;
result = dns_journal_open(mctx, filename, ISC_FALSE, &j);
if (result == ISC_R_NOTFOUND) {
@@ -1380,7 +1385,7 @@
if (JOURNAL_EMPTY(&j->header))
result = DNS_R_UPTODATE;
else
- result = roll_forward(j, db, options, resign);
+ result = roll_forward(j, db, options);
dns_journal_destroy(&j);
@@ -2009,7 +2014,7 @@
dns_journal_t *new = NULL;
journal_rawheader_t rawheader;
unsigned int copy_length;
- int namelen;
+ size_t namelen;
char *buf = NULL;
unsigned int size = 0;
isc_result_t result;
@@ -2019,16 +2024,16 @@
isc_boolean_t is_backup = ISC_FALSE;
namelen = strlen(filename);
- if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0)
+ if (namelen > 4U && strcmp(filename + namelen - 4, ".jnl") == 0)
namelen -= 4;
result = isc_string_printf(newname, sizeof(newname), "%.*s.jnw",
- namelen, filename);
+ (int)namelen, filename);
if (result != ISC_R_SUCCESS)
return (result);
result = isc_string_printf(backup, sizeof(backup), "%.*s.jbk",
- namelen, filename);
+ (int)namelen, filename);
if (result != ISC_R_SUCCESS)
return (result);
Modified: vendor/bind/dist/lib/dns/key.c
===================================================================
--- vendor/bind/dist/lib/dns/key.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/key.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: key.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
Modified: vendor/bind/dist/lib/dns/keydata.c
===================================================================
--- vendor/bind/dist/lib/dns/keydata.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/keydata.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keydata.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: keydata.c,v 1.3 2009/07/01 23:47:36 tbox Exp $ */
/*! \file */
@@ -51,7 +51,7 @@
dnskey->data = isc_mem_allocate(mctx, dnskey->datalen);
if (dnskey->data == NULL)
return (ISC_R_NOMEMORY);
- memcpy(dnskey->data, keydata->data, dnskey->datalen);
+ memmove(dnskey->data, keydata->data, dnskey->datalen);
}
return (ISC_R_SUCCESS);
@@ -82,7 +82,7 @@
keydata->data = isc_mem_allocate(mctx, keydata->datalen);
if (keydata->data == NULL)
return (ISC_R_NOMEMORY);
- memcpy(keydata->data, dnskey->data, keydata->datalen);
+ memmove(keydata->data, dnskey->data, keydata->datalen);
}
return (ISC_R_SUCCESS);
Modified: vendor/bind/dist/lib/dns/keytable.c
===================================================================
--- vendor/bind/dist/lib/dns/keytable.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/keytable.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keytable.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: keytable.c,v 1.41 2010/06/25 23:46:51 tbox Exp $ */
/*! \file */
@@ -172,6 +172,7 @@
for (k = node->data; k != NULL; k = k->next) {
if (k->key == NULL) {
k->key = *keyp;
+ *keyp = NULL; /* transfer ownership */
break;
}
if (dst_key_compare(k->key, *keyp) == ISC_TRUE)
@@ -180,7 +181,7 @@
if (k == NULL)
result = ISC_R_SUCCESS;
- else
+ else if (*keyp != NULL)
dst_key_free(keyp);
}
@@ -573,6 +574,8 @@
dns_rbtnodechain_current(&chain, NULL, NULL, &node);
for (knode = node->data; knode != NULL; knode = knode->next) {
+ if (knode->key == NULL)
+ continue;
dst_key_format(knode->key, pbuf, sizeof(pbuf));
fprintf(fp, "%s ; %s\n", pbuf,
knode->managed ? "managed" : "trusted");
Modified: vendor/bind/dist/lib/dns/lib.c
===================================================================
--- vendor/bind/dist/lib/dns/lib.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/lib.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lib.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: lib.c,v 1.19 2009/09/03 00:12:23 each Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/log.c
===================================================================
--- vendor/bind/dist/lib/dns/log.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/log.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/lookup.c
===================================================================
--- vendor/bind/dist/lib/dns/lookup.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/lookup.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lookup.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: lookup.c,v 1.21 2007/06/18 23:47:40 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/master.c
===================================================================
--- vendor/bind/dist/lib/dns/master.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/master.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: master.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -91,6 +91,8 @@
#define DNS_MASTER_LHS 2048
#define DNS_MASTER_RHS MINTSIZ
+#define CHECKNAMESFAIL(x) (((x) & DNS_MASTER_CHECKNAMESFAIL) != 0)
+
typedef ISC_LIST(dns_rdatalist_t) rdatalist_head_t;
typedef struct dns_incctx dns_incctx_t;
@@ -684,7 +686,7 @@
isc_boolean_t nibblemode;
r.base = buffer;
- r.length = length;
+ r.length = (unsigned int)length;
while (*name != '\0') {
if (*name == '$') {
@@ -796,13 +798,12 @@
dns_rdatalist_t rdatalist;
dns_rdatatype_t type;
rdatalist_head_t head;
- int n;
int target_size = MINTSIZ; /* only one rdata at a time */
isc_buffer_t buffer;
isc_buffer_t target;
isc_result_t result;
isc_textregion_t r;
- unsigned int start, stop, step, i;
+ int i, n, start, stop, step = 0;
dns_incctx_t *ictx;
ictx = lctx->inc;
@@ -820,8 +821,10 @@
}
isc_buffer_init(&target, target_mem, target_size);
- n = sscanf(range, "%u-%u/%u", &start, &stop, &step);
- if (n < 2 || stop < start) {
+ n = sscanf(range, "%d-%d/%d", &start, &stop, &step);
+ if ((n < 2) || (start < 0) || (stop < 0) || (step < 0) ||
+ (stop < start))
+ {
(*callbacks->error)(callbacks,
"%s: %s:%lu: invalid range '%s'",
"$GENERATE", source, line, range);
@@ -1757,7 +1760,8 @@
dns_name_format(name, namebuf, sizeof(namebuf));
result = DNS_R_BADOWNERNAME;
desc = dns_result_totext(result);
- if ((lctx->options & DNS_MASTER_CHECKNAMESFAIL) != 0) {
+ if (CHECKNAMESFAIL(lctx->options) ||
+ type == dns_rdatatype_nsec3) {
(*callbacks->error)(callbacks,
"%s:%lu: %s: %s",
source, line,
@@ -2081,7 +2085,7 @@
f, NULL);
if (result != ISC_R_SUCCESS)
return (result);
- isc_buffer_add(buffer, len);
+ isc_buffer_add(buffer, (unsigned int)len);
} else if (isc_buffer_remaininglength(buffer) < len)
return (ISC_R_RANGE);
@@ -2127,7 +2131,7 @@
isc_result_totext(result));
return (result);
}
- isc_buffer_add(&target, hdrlen);
+ isc_buffer_add(&target, (unsigned int)hdrlen);
format = isc_buffer_getuint32(&target);
if (format != dns_masterformat_raw) {
(*callbacks->error)(callbacks,
@@ -2241,7 +2245,7 @@
lctx->f, NULL);
if (result != ISC_R_SUCCESS)
goto cleanup;
- isc_buffer_add(&target, readlen);
+ isc_buffer_add(&target, (unsigned int)readlen);
/* Construct RRset headers */
rdatalist.rdclass = isc_buffer_getuint16(&target);
@@ -2249,7 +2253,7 @@
rdatalist.covers = isc_buffer_getuint16(&target);
rdatalist.ttl = isc_buffer_getuint32(&target);
rdcount = isc_buffer_getuint32(&target);
- if (rdcount == 0) {
+ if (rdcount == 0 || rdcount > 0xffff) {
result = ISC_R_RANGE;
goto cleanup;
}
Modified: vendor/bind/dist/lib/dns/masterdump.c
===================================================================
--- vendor/bind/dist/lib/dns/masterdump.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/masterdump.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: masterdump.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -100,6 +100,20 @@
} dns_totext_ctx_t;
LIBDNS_EXTERNAL_DATA const dns_master_style_t
+dns_master_style_keyzone = {
+ DNS_STYLEFLAG_OMIT_OWNER |
+ DNS_STYLEFLAG_OMIT_CLASS |
+ DNS_STYLEFLAG_REL_OWNER |
+ DNS_STYLEFLAG_REL_DATA |
+ DNS_STYLEFLAG_OMIT_TTL |
+ DNS_STYLEFLAG_TTL |
+ DNS_STYLEFLAG_COMMENT |
+ DNS_STYLEFLAG_MULTILINE |
+ DNS_STYLEFLAG_KEYDATA,
+ 24, 24, 24, 32, 80, 8
+};
+
+LIBDNS_EXTERNAL_DATA const dns_master_style_t
dns_master_style_default = {
DNS_STYLEFLAG_OMIT_OWNER |
DNS_STYLEFLAG_OMIT_CLASS |
@@ -228,7 +242,7 @@
int n = t;
if (n > N_TABS)
n = N_TABS;
- memcpy(p, tabs, n);
+ memmove(p, tabs, n);
p += n;
t -= n;
}
@@ -249,7 +263,7 @@
int n = t;
if (n > N_SPACES)
n = N_SPACES;
- memcpy(p, spaces, n);
+ memmove(p, spaces, n);
p += n;
t -= n;
}
@@ -339,7 +353,7 @@
if (l > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, source, l);
+ memmove(region.base, source, l);
isc_buffer_add(target, l);
return (ISC_R_SUCCESS);
}
@@ -456,7 +470,7 @@
isc_buffer_availableregion(target, &r);
if (r.length < length)
return (ISC_R_NOSPACE);
- memcpy(r.base, ttlbuf, length);
+ memmove(r.base, ttlbuf, length);
isc_buffer_add(target, length);
column += length;
@@ -501,9 +515,22 @@
type_start = target->used;
if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
RETERR(str_totext("\\-", target));
- result = dns_rdatatype_totext(type, target);
- if (result != ISC_R_SUCCESS)
- return (result);
+ switch (type) {
+ case dns_rdatatype_keydata:
+#define KEYDATA "KEYDATA"
+ if ((ctx->style.flags & DNS_STYLEFLAG_KEYDATA) != 0) {
+ if (isc_buffer_availablelength(target) <
+ (sizeof(KEYDATA) - 1))
+ return (ISC_R_NOSPACE);
+ isc_buffer_putstr(target, KEYDATA);
+ break;
+ }
+ /* FALLTHROUGH */
+ default:
+ result = dns_rdatatype_totext(type, target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
column += (target->used - type_start);
/*
Modified: vendor/bind/dist/lib/dns/message.c
===================================================================
--- vendor/bind/dist/lib/dns/message.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/message.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: message.c,v 1.1.1.2 2013-08-22 22:51:58 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -1375,6 +1375,16 @@
covers = 0;
/*
+ * Check the ownername of NSEC3 records
+ */
+ if (rdtype == dns_rdatatype_nsec3 &&
+ !dns_rdata_checkowner(name, msg->rdclass, rdtype,
+ ISC_FALSE)) {
+ result = DNS_R_BADOWNERNAME;
+ goto cleanup;
+ }
+
+ /*
* If we are doing a dynamic update or this is a meta-type,
* don't bother searching for a name, just append this one
* to the end of the message.
@@ -1673,8 +1683,8 @@
msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length);
if (msg->saved.base == NULL)
return (ISC_R_NOMEMORY);
- memcpy(msg->saved.base, isc_buffer_base(&origsource),
- msg->saved.length);
+ memmove(msg->saved.base, isc_buffer_base(&origsource),
+ msg->saved.length);
msg->free_saved = 1;
}
@@ -1746,7 +1756,7 @@
* Copy the contents from the old to the new buffer.
*/
isc_buffer_add(buffer, r.length);
- memcpy(rn.base, r.base, r.length);
+ memmove(rn.base, r.base, r.length);
msg->buffer = buffer;
@@ -3194,7 +3204,8 @@
dns_pseudosection_t section,
const dns_master_style_t *style,
dns_messagetextflag_t flags,
- isc_buffer_t *target) {
+ isc_buffer_t *target)
+{
dns_rdataset_t *ps = NULL;
dns_name_t *name = NULL;
isc_result_t result;
@@ -3268,8 +3279,11 @@
sprintf(buf, "%02x ", optdata[i]);
ADD_STRING(target, buf);
}
+
for (i = 0; i < optlen; i++) {
ADD_STRING(target, " (");
+ if (!isc_buffer_availablelength(target))
+ return (ISC_R_NOSPACE);
if (isprint(optdata[i]))
isc_buffer_putmem(target,
&optdata[i],
@@ -3466,7 +3480,7 @@
dns_rdatalist_t *rdatalist = NULL;
dns_rdata_t *rdata = NULL;
isc_result_t result;
- size_t len = 0, i;
+ unsigned int len = 0, i;
REQUIRE(DNS_MESSAGE_VALID(message));
REQUIRE(rdatasetp != NULL && *rdatasetp == NULL);
Modified: vendor/bind/dist/lib/dns/name.c
===================================================================
--- vendor/bind/dist/lib/dns/name.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/name.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: name.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -53,7 +53,6 @@
typedef enum {
fw_start = 0,
fw_ordinary,
- fw_copy,
fw_newcurrent
} fw_state;
@@ -578,6 +577,11 @@
REQUIRE((name1->attributes & DNS_NAMEATTR_ABSOLUTE) ==
(name2->attributes & DNS_NAMEATTR_ABSOLUTE));
+ if (name1 == name2) {
+ *orderp = 0;
+ return (dns_namereln_equal);
+ }
+
SETUP_OFFSETS(name1, offsets1, odata1);
SETUP_OFFSETS(name2, offsets2, odata2);
@@ -691,6 +695,9 @@
REQUIRE((name1->attributes & DNS_NAMEATTR_ABSOLUTE) ==
(name2->attributes & DNS_NAMEATTR_ABSOLUTE));
+ if (name1 == name2)
+ return (ISC_TRUE);
+
if (name1->length != name2->length)
return (ISC_FALSE);
@@ -963,8 +970,8 @@
DNS_NAMEATTR_DYNOFFSETS);
if (target->offsets != NULL && source->labels > 0) {
if (source->offsets != NULL)
- memcpy(target->offsets, source->offsets,
- source->labels);
+ memmove(target->offsets, source->offsets,
+ source->labels);
else
set_offsets(target, target->offsets, NULL);
}
@@ -993,7 +1000,7 @@
len = (r->length < r2.length) ? r->length : r2.length;
if (len > DNS_NAME_MAXWIRE)
len = DNS_NAME_MAXWIRE;
- memcpy(r2.base, r->base, len);
+ memmove(r2.base, r->base, len);
name->ndata = r2.base;
name->length = len;
} else {
@@ -1153,7 +1160,7 @@
count++;
CONVERTTOASCII(c);
if (downcase)
- c = maptolower[(int)c];
+ c = maptolower[c & 0xff];
*ndata++ = c;
nrem--;
nused++;
@@ -1177,7 +1184,7 @@
count++;
CONVERTTOASCII(c);
if (downcase)
- c = maptolower[(int)c];
+ c = maptolower[c & 0xff];
*ndata++ = c;
nrem--;
nused++;
@@ -1192,7 +1199,7 @@
if (!isdigit(c & 0xff))
return (DNS_R_BADESCAPE);
value *= 10;
- value += digitvalue[(int)c];
+ value += digitvalue[c & 0xff];
digits++;
if (digits == 3) {
if (value > 255)
@@ -1244,7 +1251,7 @@
while (n2 > 0) {
c = *label++;
if (downcase)
- c = maptolower[(int)c];
+ c = maptolower[c & 0xff];
*ndata++ = c;
n2--;
}
@@ -1851,7 +1858,6 @@
0)
return (DNS_R_DISALLOWED);
new_current = c & 0x3F;
- n = 1;
state = fw_newcurrent;
} else
return (DNS_R_BADLABELTYPE);
@@ -1859,8 +1865,6 @@
case fw_ordinary:
if (downcase)
c = maptolower[c];
- /* FALLTHROUGH */
- case fw_copy:
*ndata++ = c;
n--;
if (n == 0)
@@ -1869,9 +1873,6 @@
case fw_newcurrent:
new_current *= 256;
new_current += c;
- n--;
- if (n != 0)
- break;
if (new_current >= biggest_pointer)
return (DNS_R_BADPOINTER);
biggest_pointer = new_current;
@@ -1977,8 +1978,8 @@
if (gf) {
if (target->length - target->used < gp.length)
return (ISC_R_NOSPACE);
- (void)memcpy((unsigned char *)target->base + target->used,
- gp.ndata, (size_t)gp.length);
+ (void)memmove((unsigned char *)target->base + target->used,
+ gp.ndata, (size_t)gp.length);
isc_buffer_add(target, gp.length);
go |= 0xc000;
if (target->length - target->used < 2)
@@ -1989,8 +1990,8 @@
} else {
if (target->length - target->used < name->length)
return (ISC_R_NOSPACE);
- (void)memcpy((unsigned char *)target->base + target->used,
- name->ndata, (size_t)name->length);
+ (void)memmove((unsigned char *)target->base + target->used,
+ name->ndata, (size_t)name->length);
isc_buffer_add(target, name->length);
dns_compress_add(cctx, name, name, offset);
}
@@ -2070,12 +2071,7 @@
if (copy_suffix) {
if ((suffix->attributes & DNS_NAMEATTR_ABSOLUTE) != 0)
absolute = ISC_TRUE;
- if (suffix == name && suffix->buffer == target)
- memmove(ndata + prefix_length, suffix->ndata,
- suffix->length);
- else
- memcpy(ndata + prefix_length, suffix->ndata,
- suffix->length);
+ memmove(ndata + prefix_length, suffix->ndata, suffix->length);
}
/*
@@ -2084,7 +2080,7 @@
* copy anything.
*/
if (copy_prefix && (prefix != name || prefix->buffer != target))
- memcpy(ndata, prefix->ndata, prefix_length);
+ memmove(ndata, prefix->ndata, prefix_length);
name->ndata = ndata;
name->labels = labels;
@@ -2158,7 +2154,7 @@
if (target->ndata == NULL)
return (ISC_R_NOMEMORY);
- memcpy(target->ndata, source->ndata, source->length);
+ memmove(target->ndata, source->ndata, source->length);
target->length = source->length;
target->labels = source->labels;
@@ -2167,8 +2163,8 @@
target->attributes |= DNS_NAMEATTR_ABSOLUTE;
if (target->offsets != NULL) {
if (source->offsets != NULL)
- memcpy(target->offsets, source->offsets,
- source->labels);
+ memmove(target->offsets, source->offsets,
+ source->labels);
else
set_offsets(target, target->offsets, NULL);
}
@@ -2200,7 +2196,7 @@
if (target->ndata == NULL)
return (ISC_R_NOMEMORY);
- memcpy(target->ndata, source->ndata, source->length);
+ memmove(target->ndata, source->ndata, source->length);
target->length = source->length;
target->labels = source->labels;
@@ -2210,7 +2206,7 @@
target->attributes |= DNS_NAMEATTR_ABSOLUTE;
target->offsets = target->ndata + source->length;
if (source->offsets != NULL)
- memcpy(target->offsets, source->offsets, source->labels);
+ memmove(target->offsets, source->offsets, source->labels);
else
set_offsets(target, target->offsets, NULL);
@@ -2390,7 +2386,7 @@
isc_buffer_usedregion(&buf, ®);
p = isc_mem_allocate(mctx, reg.length + 1);
- memcpy(p, (char *) reg.base, (int) reg.length);
+ memmove(p, (char *) reg.base, (int) reg.length);
p[reg.length] = '\0';
*target = p;
@@ -2466,7 +2462,7 @@
ndata = (unsigned char *)target->base + target->used;
dest->ndata = target->base;
- memcpy(ndata, source->ndata, source->length);
+ memmove(ndata, source->ndata, source->length);
dest->ndata = ndata;
dest->labels = source->labels;
@@ -2478,7 +2474,7 @@
if (dest->labels > 0 && dest->offsets != NULL) {
if (source->offsets != NULL)
- memcpy(dest->offsets, source->offsets, source->labels);
+ memmove(dest->offsets, source->offsets, source->labels);
else
set_offsets(dest, dest->offsets, NULL);
}
Modified: vendor/bind/dist/lib/dns/ncache.c
===================================================================
--- vendor/bind/dist/lib/dns/ncache.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/ncache.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ncache.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/nsec.c
===================================================================
--- vendor/bind/dist/lib/dns/nsec.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/nsec.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -63,7 +63,7 @@
shift = 7 - (index % 8);
mask = 1 << shift;
- return ((byte & mask) != 0);
+ return (ISC_TF(byte & mask));
}
isc_result_t
@@ -83,7 +83,7 @@
memset(buffer, 0, DNS_NSEC_BUFFERSIZE);
dns_name_toregion(target, &r);
- memcpy(buffer, r.base, r.length);
+ memmove(buffer, r.base, r.length);
r.base = buffer;
/*
* Use the end of the space for a raw bitmap leaving enough
@@ -146,7 +146,7 @@
memmove(&nsec_bits[2], &bm[window * 32], octet + 1);
nsec_bits += 3 + octet;
}
- r.length = nsec_bits - r.base;
+ r.length = (unsigned int)(nsec_bits - r.base);
INSIST(r.length <= DNS_NSEC_BUFFERSIZE);
dns_rdata_fromregion(rdata,
dns_db_class(db),
@@ -421,7 +421,7 @@
nlabels, &common);
}
result = dns_name_concatenate(dns_wildcardname, &common,
- wild, NULL);
+ wild, NULL);
if (result != ISC_R_SUCCESS) {
dns_rdata_freestruct(&nsec);
(*logit)(arg, ISC_LOG_DEBUG(3),
Modified: vendor/bind/dist/lib/dns/nsec3.c
===================================================================
--- vendor/bind/dist/lib/dns/nsec3.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/nsec3.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2008-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2006, 2008-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec3.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -120,15 +120,15 @@
*p++ = iterations >> 8;
*p++ = iterations;
- *p++ = salt_length;
- memcpy(p, salt, salt_length);
+ *p++ = (unsigned char)salt_length;
+ memmove(p, salt, salt_length);
p += salt_length;
- *p++ = hash_length;
- memcpy(p, nexthash, hash_length);
+ *p++ = (unsigned char)hash_length;
+ memmove(p, nexthash, hash_length);
p += hash_length;
- r.length = p - buffer;
+ r.length = (unsigned int)(p - buffer);
r.base = buffer;
/*
@@ -215,7 +215,7 @@
memmove(&nsec_bits[2], &bm[window * 32], octet + 1);
nsec_bits += 3 + octet;
}
- r.length = nsec_bits - r.base;
+ r.length = (unsigned int)(nsec_bits - r.base);
INSIST(r.length <= DNS_NSEC3_BUFFERSIZE);
dns_rdata_fromregion(rdata, dns_db_class(db), dns_rdatatype_nsec3, &r);
@@ -282,7 +282,8 @@
dns_name_downcase(name, downcased, NULL);
/* hash the node name */
- len = isc_iterated_hash(rethash, hashalg, iterations, salt, saltlength,
+ len = isc_iterated_hash(rethash, hashalg, iterations,
+ salt, (int)saltlength,
downcased->ndata, downcased->length);
if (len == 0U)
return (DNS_R_BADALG);
@@ -290,11 +291,11 @@
if (hash_length != NULL)
*hash_length = len;
- /* convert the hash to base32hex */
+ /* convert the hash to base32hex non-padded */
region.base = rethash;
- region.length = len;
+ region.length = (unsigned int)len;
isc_buffer_init(&namebuffer, nametext, sizeof nametext);
- isc_base32hex_totext(®ion, 1, "", &namebuffer);
+ isc_base32hexnp_totext(®ion, 1, "", &namebuffer);
/* convert the hex to a domain name */
dns_fixedname_init(result);
@@ -306,7 +307,8 @@
dns_nsec3_hashlength(dns_hash_t hash) {
switch (hash) {
- case dns_hash_sha1: return(ISC_SHA1_DIGESTLENGTH);
+ case dns_hash_sha1:
+ return(ISC_SHA1_DIGESTLENGTH);
}
return (0);
}
@@ -314,7 +316,8 @@
isc_boolean_t
dns_nsec3_supportedhash(dns_hash_t hash) {
switch (hash) {
- case dns_hash_sha1: return (ISC_TRUE);
+ case dns_hash_sha1:
+ return (ISC_TRUE);
}
return (ISC_FALSE);
}
@@ -338,7 +341,6 @@
* Create a singleton diff.
*/
dns_diff_init(diff->mctx, &temp_diff);
- temp_diff.resign = diff->resign;
ISC_LIST_APPEND(temp_diff.tuples, *tuple, link);
/*
@@ -603,6 +605,7 @@
CHECK(dns_nsec3_hashname(&fixed, nexthash, &next_length,
name, origin, hash, iterations,
salt, salt_length));
+ INSIST(next_length <= sizeof(nexthash));
/*
* Create the node if it doesn't exist and hold
@@ -629,7 +632,7 @@
flags = nsec3.flags;
next_length = nsec3.next_length;
INSIST(next_length <= sizeof(nexthash));
- memcpy(nexthash, nsec3.next, next_length);
+ memmove(nexthash, nsec3.next, next_length);
dns_rdataset_disassociate(&rdataset);
/*
* If the NSEC3 is not for a unsecure delegation then
@@ -717,7 +720,7 @@
* Fixup the previous NSEC3.
*/
nsec3.next = nexthash;
- nsec3.next_length = next_length;
+ nsec3.next_length = (unsigned char)next_length;
isc_buffer_init(&buffer, nsec3buf, sizeof(nsec3buf));
CHECK(dns_rdata_fromstruct(&rdata, rdataset.rdclass,
dns_rdatatype_nsec3, &nsec3,
@@ -726,7 +729,7 @@
rdataset.ttl, &rdata, &tuple));
CHECK(do_one_tuple(&tuple, db, version, diff));
INSIST(old_length <= sizeof(nexthash));
- memcpy(nexthash, old_next, old_length);
+ memmove(nexthash, old_next, old_length);
if (!CREATE(nsec3param->flags))
flags = nsec3.flags;
dns_rdata_reset(&rdata);
@@ -836,7 +839,7 @@
* Fixup the previous NSEC3.
*/
nsec3.next = nexthash;
- nsec3.next_length = next_length;
+ nsec3.next_length = (unsigned char)next_length;
isc_buffer_init(&buffer, nsec3buf,
sizeof(nsec3buf));
CHECK(dns_rdata_fromstruct(&rdata, rdataset.rdclass,
@@ -847,7 +850,7 @@
&tuple));
CHECK(do_one_tuple(&tuple, db, version, diff));
INSIST(old_length <= sizeof(nexthash));
- memcpy(nexthash, old_next, old_length);
+ memmove(nexthash, old_next, old_length);
if (!CREATE(nsec3param->flags))
flags = nsec3.flags;
dns_rdata_reset(&rdata);
@@ -880,8 +883,8 @@
dns_db_detachnode(db, &newnode);
} while (1);
- if (result == ISC_R_NOMORE)
- result = ISC_R_SUCCESS;
+ /* result cannot be ISC_R_NOMORE here */
+ INSIST(result != ISC_R_NOMORE);
failure:
if (dbit != NULL)
@@ -977,7 +980,7 @@
isc_buffer_init(&buf1, src->data + 1, src->length - 1);
isc_buffer_add(&buf1, src->length - 1);
isc_buffer_setactive(&buf1, src->length - 1);
- isc_buffer_init(&buf2, buf, buflen);
+ isc_buffer_init(&buf2, buf, (unsigned int)buflen);
dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_NONE);
result = dns_rdata_fromwire(target, src->rdclass,
dns_rdatatype_nsec3param,
@@ -996,7 +999,7 @@
REQUIRE(DNS_RDATA_INITIALIZED(target));
- memcpy(buf + 1, src->data, src->length);
+ memmove(buf + 1, src->data, src->length);
buf[0] = 0;
target->data = buf;
target->length = src->length + 1;
@@ -1131,7 +1134,7 @@
result = dns_rdataset_next(&rdataset)) {
dns_rdataset_current(&rdataset, &rdata);
INSIST(rdata.length <= sizeof(buf));
- memcpy(buf, rdata.data, rdata.length);
+ memmove(buf, rdata.data, rdata.length);
/*
* Private NSEC3 record length >= 6.
@@ -1395,7 +1398,7 @@
if (result == ISC_R_SUCCESS) {
next_length = nsec3.next_length;
INSIST(next_length <= sizeof(nexthash));
- memcpy(nexthash, nsec3.next, next_length);
+ memmove(nexthash, nsec3.next, next_length);
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOMORE)
@@ -1439,7 +1442,7 @@
* Fixup the previous NSEC3.
*/
nsec3.next = nexthash;
- nsec3.next_length = next_length;
+ nsec3.next_length = (unsigned char)next_length;
if (CREATE(nsec3param->flags))
nsec3.flags = nsec3param->flags & DNS_NSEC3FLAG_OPTOUT;
isc_buffer_init(&buffer, nsec3buf, sizeof(nsec3buf));
@@ -1498,7 +1501,7 @@
if (result == ISC_R_SUCCESS) {
next_length = nsec3.next_length;
INSIST(next_length <= sizeof(nexthash));
- memcpy(nexthash, nsec3.next, next_length);
+ memmove(nexthash, nsec3.next, next_length);
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOMORE)
@@ -1539,7 +1542,7 @@
* Fixup the previous NSEC3.
*/
nsec3.next = nexthash;
- nsec3.next_length = next_length;
+ nsec3.next_length = (unsigned char)next_length;
isc_buffer_init(&buffer, nsec3buf,
sizeof(nsec3buf));
CHECK(dns_rdata_fromstruct(&rdata, rdataset.rdclass,
@@ -2106,6 +2109,9 @@
if ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0)
(*logit)(arg, ISC_LOG_DEBUG(3),
"NSEC3 indicates optout");
+ else
+ (*logit)(arg, ISC_LOG_DEBUG(3),
+ "NSEC3 indicates secure range");
*optout =
ISC_TF(nsec3.flags & DNS_NSEC3FLAG_OPTOUT);
}
Modified: vendor/bind/dist/lib/dns/openssl_link.c
===================================================================
--- vendor/bind/dist/lib/dns/openssl_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/openssl_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $
+ * $Id$
*/
#ifdef OPENSSL
@@ -242,8 +242,7 @@
}
void
-dst__openssl_destroy() {
-
+dst__openssl_destroy(void) {
/*
* Sequence taken from apps_shutdown() in <apps/apps.h>.
*/
Modified: vendor/bind/dist/lib/dns/openssldh_link.c
===================================================================
--- vendor/bind/dist/lib/dns/openssldh_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/openssldh_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: openssldh_link.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+ * $Id: openssldh_link.c,v 1.20 2011/01/11 23:47:13 tbox Exp $
*/
#ifdef OPENSSL
@@ -608,11 +608,11 @@
s = strchr(hexdigits, tolower((unsigned char)str[i]));
RUNTIME_CHECK(s != NULL);
- high = s - hexdigits;
+ high = (unsigned int)(s - hexdigits);
s = strchr(hexdigits, tolower((unsigned char)str[i + 1]));
RUNTIME_CHECK(s != NULL);
- low = s - hexdigits;
+ low = (unsigned int)(s - hexdigits);
data[i/2] = (unsigned char)((high << 4) + low);
}
Modified: vendor/bind/dist/lib/dns/openssldsa_link.c
===================================================================
--- vendor/bind/dist/lib/dns/openssldsa_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/openssldsa_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: openssldsa_link.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#ifdef OPENSSL
#ifndef USE_EVP
Modified: vendor/bind/dist/lib/dns/opensslecdsa_link.c
===================================================================
--- vendor/bind/dist/lib/dns/opensslecdsa_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/opensslecdsa_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: opensslecdsa_link.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -371,7 +371,7 @@
cp = buf;
if (!i2o_ECPublicKey(eckey, &cp))
DST_RET (dst__openssl_toresult(ISC_R_FAILURE));
- memcpy(r.base, buf + 1, len);
+ memmove(r.base, buf + 1, len);
isc_buffer_add(data, len);
ret = ISC_R_SUCCESS;
@@ -414,7 +414,7 @@
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
- memcpy(buf + 1, r.base, len);
+ memmove(buf + 1, r.base, len);
cp = buf;
if (o2i_ECPublicKey(&eckey,
(const unsigned char **) &cp,
Modified: vendor/bind/dist/lib/dns/opensslgost_link.c
===================================================================
--- vendor/bind/dist/lib/dns/opensslgost_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/opensslgost_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: opensslgost_link.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id: opensslgost_link.c,v 1.5 2011/01/19 23:47:12 tbox Exp $ */
#include <config.h>
@@ -253,7 +253,7 @@
len = i2d_PUBKEY(pkey, &p);
INSIST(len == sizeof(der));
INSIST(memcmp(gost_prefix, der, 37) == 0);
- memcpy(r.base, der + 37, 64);
+ memmove(r.base, der + 37, 64);
isc_buffer_add(data, 64);
return (ISC_R_SUCCESS);
@@ -272,8 +272,8 @@
if (r.length != 64)
return (DST_R_INVALIDPUBLICKEY);
- memcpy(der, gost_prefix, 37);
- memcpy(der + 37, r.base, 64);
+ memmove(der, gost_prefix, 37);
+ memmove(der + 37, r.base, 64);
isc_buffer_forward(data, 64);
p = der;
Modified: vendor/bind/dist/lib/dns/opensslrsa_link.c
===================================================================
--- vendor/bind/dist/lib/dns/opensslrsa_link.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/opensslrsa_link.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $
+ * $Id$
*/
#ifdef OPENSSL
#include <config.h>
@@ -474,7 +474,7 @@
INSIST(prefixlen + digestlen <= sizeof(digest));
memmove(digest + prefixlen, digest, digestlen);
- memcpy(digest, prefix, prefixlen);
+ memmove(digest, prefix, prefixlen);
status = RSA_private_encrypt(digestlen + prefixlen,
digest, r.base, rsa,
RSA_PKCS1_PADDING);
Modified: vendor/bind/dist/lib/dns/order.c
===================================================================
--- vendor/bind/dist/lib/dns/order.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/order.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: order.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: order.c,v 1.10 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/peer.c
===================================================================
--- vendor/bind/dist/lib/dns/peer.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/peer.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: peer.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id: peer.c,v 1.33 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
@@ -300,10 +300,15 @@
isc_mem_put(mem, p->key, sizeof(dns_name_t));
}
- if (p->transfer_source != NULL) {
+ if (p->query_source != NULL)
+ isc_mem_put(mem, p->query_source, sizeof(*p->query_source));
+
+ if (p->notify_source != NULL)
+ isc_mem_put(mem, p->notify_source, sizeof(*p->notify_source));
+
+ if (p->transfer_source != NULL)
isc_mem_put(mem, p->transfer_source,
sizeof(*p->transfer_source));
- }
isc_mem_put(mem, p, sizeof(*p));
Modified: vendor/bind/dist/lib/dns/portlist.c
===================================================================
--- vendor/bind/dist/lib/dns/portlist.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/portlist.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: portlist.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: portlist.c,v 1.13 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
@@ -80,7 +80,7 @@
portlist = isc_mem_get(mctx, sizeof(*portlist));
if (portlist == NULL)
return (ISC_R_NOMEMORY);
- result = isc_mutex_init(&portlist->lock);
+ result = isc_mutex_init(&portlist->lock);
if (result != ISC_R_SUCCESS) {
isc_mem_put(mctx, portlist, sizeof(*portlist));
return (result);
@@ -111,7 +111,7 @@
for (;;) {
if (list[xtry].port == port)
return (&list[xtry]);
- if (port > list[xtry].port) {
+ if (port > list[xtry].port) {
if (xtry == max)
break;
min = xtry;
@@ -164,8 +164,8 @@
goto unlock;
}
if (portlist->list != NULL) {
- memcpy(el, portlist->list,
- portlist->allocated * sizeof(*el));
+ memmove(el, portlist->list,
+ portlist->allocated * sizeof(*el));
isc_mem_put(portlist->mctx, portlist->list,
portlist->allocated * sizeof(*el));
}
@@ -215,7 +215,7 @@
dns_portlist_match(dns_portlist_t *portlist, int af, in_port_t port) {
dns_element_t *el;
isc_boolean_t result = ISC_FALSE;
-
+
REQUIRE(DNS_VALID_PORTLIST(portlist));
REQUIRE(af == AF_INET || af == AF_INET6);
LOCK(&portlist->lock);
@@ -227,7 +227,7 @@
if (af == AF_INET6 && (el->flags & DNS_PL_INET6) != 0)
result = ISC_TRUE;
}
- }
+ }
UNLOCK(&portlist->lock);
return (result);
}
Modified: vendor/bind/dist/lib/dns/private.c
===================================================================
--- vendor/bind/dist/lib/dns/private.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/private.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: private.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
#include "config.h"
Modified: vendor/bind/dist/lib/dns/rbt.c
===================================================================
--- vendor/bind/dist/lib/dns/rbt.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rbt.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbt.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
-
/*! \file */
/* Principal Authors: DCL */
@@ -134,7 +132,10 @@
* of memory concerns, when chains were first implemented).
*/
#define ADD_LEVEL(chain, node) \
- (chain)->levels[(chain)->level_count++] = (node)
+ do { \
+ INSIST((chain)->level_count < DNS_RBT_LEVELBLOCK); \
+ (chain)->levels[(chain)->level_count++] = (node); \
+ } while (0)
/*%
* The following macros directly access normally private name variables.
@@ -1478,8 +1479,8 @@
OLDOFFSETLEN(node) = OFFSETLEN(node) = labels;
ATTRS(node) = name->attributes;
- memcpy(NAME(node), region.base, region.length);
- memcpy(OFFSETS(node), name->offsets, labels);
+ memmove(NAME(node), region.base, region.length);
+ memmove(OFFSETS(node), name->offsets, labels);
#if DNS_RBT_USEMAGIC
node->magic = DNS_RBTNODE_MAGIC;
@@ -1840,7 +1841,7 @@
* information, which will be needed when linking up
* delete to the successor's old location.
*/
- memcpy(tmp, successor, sizeof(dns_rbtnode_t));
+ memmove(tmp, successor, sizeof(dns_rbtnode_t));
if (IS_ROOT(delete)) {
*rootp = successor;
Modified: vendor/bind/dist/lib/dns/rbtdb.c
===================================================================
--- vendor/bind/dist/lib/dns/rbtdb.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rbtdb.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
-
/*! \file */
/*
@@ -93,6 +91,127 @@
#define dns_rbtdb_t dns_rbtdb64_t
#define rdatasetheader_t rdatasetheader64_t
#define rbtdb_version_t rbtdb_version64_t
+
+#define init_count init_count64
+
+#define cache_methods cache_methods64
+#define dbiterator_methods dbiterator_methods64
+#define rdataset_methods rdataset_methods64
+#define rdatasetiter_methods rdatasetiter_methods64
+#define zone_methods zone_methods64
+
+#define acache_callback acache_callback64
+#define acache_cancelentry acache_cancelentry64
+#define activeempty activeempty64
+#define activeemtpynode activeemtpynode64
+#define add32 add64
+#define add_changed add_changed64
+#define add_empty_wildcards add_empty_wildcards64
+#define add_wildcard_magic add_wildcard_magic64
+#define addrdataset addrdataset64
+#define allrdatasets allrdatasets64
+#define attach attach64
+#define attachnode attachnode64
+#define attachversion attachversion64
+#define beginload beginload64
+#define bind_rdataset bind_rdataset64
+#define cache_find cache_find64
+#define cache_findrdataset cache_findrdataset64
+#define cache_findzonecut cache_findzonecut64
+#define cache_zonecut_callback cache_zonecut_callback64
+#define cleanup_dead_nodes cleanup_dead_nodes64
+#define cleanup_dead_nodes_callback cleanup_dead_nodes_callback64
+#define closeversion closeversion64
+#define createiterator createiterator64
+#define currentversion currentversion64
+#define dbiterator_current dbiterator_current64
+#define dbiterator_destroy dbiterator_destroy64
+#define dbiterator_first dbiterator_first64
+#define dbiterator_last dbiterator_last64
+#define dbiterator_next dbiterator_next64
+#define dbiterator_origin dbiterator_origin64
+#define dbiterator_pause dbiterator_pause64
+#define dbiterator_prev dbiterator_prev64
+#define dbiterator_seek dbiterator_seek64
+#define decrement_reference decrement_reference64
+#define delete_callback delete_callback64
+#define delete_node delete_node64
+#define deleterdataset deleterdataset64
+#define detach detach64
+#define detachnode detachnode64
+#define dump dump64
+#define endload endload64
+#define expire_header expire_header64
+#define expirenode expirenode64
+#define find_closest_nsec find_closest_nsec64
+#define find_coveringnsec find_coveringnsec64
+#define find_deepest_zonecut find_deepest_zonecut64
+#define findnode findnode64
+#define findnodeintree findnodeintree64
+#define findnsec3node findnsec3node64
+#define flush_deletions flush_deletions64
+#define free_acachearray free_acachearray64
+#define free_noqname free_noqname64
+#define free_rbtdb free_rbtdb64
+#define free_rbtdb_callback free_rbtdb_callback64
+#define free_rdataset free_rdataset64
+#define getnsec3parameters getnsec3parameters64
+#define getoriginnode getoriginnode64
+#define getrrsetstats getrrsetstats64
+#define getsigningtime getsigningtime64
+#define isdnssec isdnssec64
+#define ispersistent ispersistent64
+#define issecure issecure64
+#define iszonesecure iszonesecure64
+#define loading_addrdataset loading_addrdataset64
+#define loadnode loadnode64
+#define matchparams matchparams64
+#define maybe_free_rbtdb maybe_free_rbtdb64
+#define new_reference new_reference64
+#define newversion newversion64
+#define nodecount nodecount64
+#define overmem overmem64
+#define previous_closest_nsec previous_closest_nsec64
+#define printnode printnode64
+#define prune_tree prune_tree64
+#define rdataset_clone rdataset_clone64
+#define rdataset_count rdataset_count64
+#define rdataset_current rdataset_current64
+#define rdataset_disassociate rdataset_disassociate64
+#define rdataset_expire rdataset_expire64
+#define rdataset_first rdataset_first64
+#define rdataset_getadditional rdataset_getadditional64
+#define rdataset_getclosest rdataset_getclosest64
+#define rdataset_getnoqname rdataset_getnoqname64
+#define rdataset_next rdataset_next64
+#define rdataset_putadditional rdataset_putadditional64
+#define rdataset_setadditional rdataset_setadditional64
+#define rdataset_settrust rdataset_settrust64
+#define rdatasetiter_current rdatasetiter_current64
+#define rdatasetiter_destroy rdatasetiter_destroy64
+#define rdatasetiter_first rdatasetiter_first64
+#define rdatasetiter_next rdatasetiter_next64
+#define reactivate_node reactivate_node64
+#define resign_delete resign_delete64
+#define resign_insert resign_insert64
+#define resign_sooner resign_sooner64
+#define resigned resigned64
+#define rpz_enabled rpz_enabled64
+#define rpz_findips rpz_findips64
+#define set_index set_index64
+#define set_ttl set_ttl64
+#define setsigningtime setsigningtime64
+#define settask settask64
+#define setup_delegation setup_delegation64
+#define subtractrdataset subtractrdataset64
+#define ttl_sooner ttl_sooner64
+#define update_header update_header64
+#define update_rrsetstats update_rrsetstats64
+#define zone_find zone_find64
+#define zone_findrdataset zone_findrdataset64
+#define zone_findzonecut zone_findzonecut64
+#define zone_zonecut_callback zone_zonecut_callback64
+
#else
typedef isc_uint32_t rbtdb_serial_t;
#endif
@@ -537,6 +656,8 @@
isc_stdtime_t now, isc_boolean_t tree_locked);
static isc_result_t resign_insert(dns_rbtdb_t *rbtdb, int idx,
rdatasetheader_t *newheader);
+static void resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
+ rdatasetheader_t *header);
static void prune_tree(isc_task_t *task, isc_event_t *event);
static void rdataset_settrust(dns_rdataset_t *rdataset, dns_trust_t trust);
static void rdataset_expire(dns_rdataset_t *rdataset);
@@ -774,7 +895,7 @@
rdatasetheader_t *h1 = v1;
rdatasetheader_t *h2 = v2;
- if (h1->resign < h2->resign)
+ if (isc_serial_lt(h1->resign, h2->resign))
return (ISC_TRUE);
return (ISC_FALSE);
}
@@ -1121,8 +1242,8 @@
version->hash = rbtdb->current_version->hash;
version->salt_length =
rbtdb->current_version->salt_length;
- memcpy(version->salt, rbtdb->current_version->salt,
- version->salt_length);
+ memmove(version->salt, rbtdb->current_version->salt,
+ version->salt_length);
} else {
version->flags = 0;
version->iterations = 0;
@@ -1706,8 +1827,11 @@
nodelock = &rbtdb->node_locks[bucket];
+#define KEEP_NODE(n, r) \
+ ((n)->data != NULL || (n)->down != NULL || (n) == (r)->origin_node)
+
/* Handle easy and typical case first. */
- if (!node->dirty && (node->data != NULL || node->down != NULL)) {
+ if (!node->dirty && KEEP_NODE(node, rbtdb)) {
dns_rbtnode_refdecrement(node, &nrefs);
INSIST((int)nrefs >= 0);
if (nrefs == 0) {
@@ -1776,12 +1900,11 @@
isc_refcount_decrement(&nodelock->references, &refs);
INSIST((int)refs >= 0);
- /*
- * XXXDCL should this only be done for cache zones?
- */
- if (node->data != NULL || node->down != NULL)
+ if (KEEP_NODE(node, rbtdb))
goto restore_locks;
+#undef KEEP_NODE
+
if (write_locked) {
/*
* We can now delete the node.
@@ -2127,8 +2250,8 @@
if (nsec3param.flags != 0)
continue;
- memcpy(version->salt, nsec3param.salt,
- nsec3param.salt_length);
+ memmove(version->salt, nsec3param.salt,
+ nsec3param.salt_length);
version->hash = nsec3param.hash;
version->salt_length = nsec3param.salt_length;
version->iterations = nsec3param.iterations;
@@ -2370,8 +2493,18 @@
lock = &rbtdb->node_locks[header->node->locknum].lock;
NODE_LOCK(lock, isc_rwlocktype_write);
- if (rollback)
- resign_insert(rbtdb, header->node->locknum, header);
+ if (rollback && !IGNORE(header)) {
+ isc_result_t result;
+ result = resign_insert(rbtdb, header->node->locknum,
+ header);
+ if (result != ISC_R_SUCCESS)
+ isc_log_write(dns_lctx,
+ DNS_LOGCATEGORY_DATABASE,
+ DNS_LOGMODULE_ZONE, ISC_LOG_ERROR,
+ "Unable to reinsert header to "
+ "re-signing heap: %s\n",
+ dns_result_totext(result));
+ }
decrement_reference(rbtdb, header->node, least_serial,
isc_rwlocktype_write, isc_rwlocktype_none,
ISC_FALSE);
@@ -4168,7 +4301,7 @@
header_prev = NULL;
for (header = node->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl <= search->now) {
+ if (header->rdh_ttl < search->now) {
/*
* This rdataset is stale. If no one else is
* using the node, we can clean it up right
@@ -4176,7 +4309,7 @@
* the node as dirty, so it will get cleaned
* up later.
*/
- if ((header->rdh_ttl <= search->now - RBTDB_VIRTUAL) &&
+ if ((header->rdh_ttl < search->now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -4292,7 +4425,7 @@
header != NULL;
header = header_next) {
header_next = header->next;
- if (header->rdh_ttl <= search->now) {
+ if (header->rdh_ttl < search->now) {
/*
* This rdataset is stale. If no one else is
* using the node, we can clean it up right
@@ -4300,7 +4433,7 @@
* the node as dirty, so it will get cleaned
* up later.
*/
- if ((header->rdh_ttl <= search->now -
+ if ((header->rdh_ttl < search->now -
RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
@@ -4469,7 +4602,7 @@
header != NULL;
header = header_next) {
header_next = header->next;
- if (header->rdh_ttl <= now) {
+ if (header->rdh_ttl < now) {
/*
* This rdataset is stale. If no one else is
* using the node, we can clean it up right
@@ -4477,7 +4610,7 @@
* node as dirty, so it will get cleaned up
* later.
*/
- if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) &&
+ if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -4625,12 +4758,12 @@
switch (rdata.type) {
case dns_rdatatype_a:
INSIST(rdata.length == 4);
- memcpy(&ina.s_addr, rdata.data, 4);
+ memmove(&ina.s_addr, rdata.data, 4);
isc_netaddr_fromin(&netaddr, &ina);
break;
case dns_rdatatype_aaaa:
INSIST(rdata.length == 16);
- memcpy(in6a.s6_addr, rdata.data, 16);
+ memmove(in6a.s6_addr, rdata.data, 16);
isc_netaddr_fromin6(&netaddr, &in6a);
break;
default:
@@ -4875,7 +5008,7 @@
header_prev = NULL;
for (header = node->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl <= now) {
+ if (header->rdh_ttl < now) {
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we
@@ -4882,7 +5015,7 @@
* mark it as stale, and the node as dirty, so it will
* get cleaned up later.
*/
- if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) &&
+ if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -5182,7 +5315,7 @@
header_prev = NULL;
for (header = node->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl <= now) {
+ if (header->rdh_ttl < now) {
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we
@@ -5189,7 +5322,7 @@
* mark it as stale, and the node as dirty, so it will
* get cleaned up later.
*/
- if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) &&
+ if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -5671,8 +5804,8 @@
for (header = rbtnode->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl <= now) {
- if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) &&
+ if (header->rdh_ttl < now) {
+ if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -5871,10 +6004,28 @@
return (result);
}
+static void
+resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
+ rdatasetheader_t *header)
+{
+ /*
+ * Remove the old header from the heap
+ */
+ if (header != NULL && header->heap_index != 0) {
+ isc_heap_delete(rbtdb->heaps[header->node->locknum],
+ header->heap_index);
+ header->heap_index = 0;
+ if (version != NULL) {
+ new_reference(rbtdb, header->node);
+ ISC_LIST_APPEND(version->resigned_list, header, link);
+ }
+ }
+}
+
static isc_result_t
-add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
- rdatasetheader_t *newheader, unsigned int options, isc_boolean_t loading,
- dns_rdataset_t *addedrdataset, isc_stdtime_t now)
+add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
+ rdatasetheader_t *newheader, unsigned int options, isc_boolean_t loading,
+ dns_rdataset_t *addedrdataset, isc_stdtime_t now)
{
rbtdb_changed_t *changed = NULL;
rdatasetheader_t *topheader, *topheader_prev, *header, *sigheader;
@@ -5980,7 +6131,7 @@
}
}
if (topheader != NULL && EXISTS(topheader) &&
- topheader->rdh_ttl > now) {
+ topheader->rdh_ttl >= now) {
/*
* Found one.
*/
@@ -6046,7 +6197,7 @@
* has no effect, provided that the cache data isn't stale.
*/
if (rbtversion == NULL && trust < header->trust &&
- (header->rdh_ttl > now || header_nx)) {
+ (header->rdh_ttl >= now || header_nx)) {
free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
if (addedrdataset != NULL)
bind_rdataset(rbtdb, rbtnode, header, now,
@@ -6116,7 +6267,7 @@
* Don't lower trust of existing record if the
* update is forced.
*/
- if (IS_CACHE(rbtdb) && header->rdh_ttl > now &&
+ if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
header->type == dns_rdatatype_ns &&
!header_nx && !newheader_nx &&
header->trust >= newheader->trust &&
@@ -6152,7 +6303,7 @@
* to be no more than the current NS RRset's TTL. This
* ensures the delegations that are withdrawn are honoured.
*/
- if (IS_CACHE(rbtdb) && header->rdh_ttl > now &&
+ if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
header->type == dns_rdatatype_ns &&
!header_nx && !newheader_nx &&
header->trust <= newheader->trust) {
@@ -6160,7 +6311,7 @@
newheader->rdh_ttl = header->rdh_ttl;
}
}
- if (IS_CACHE(rbtdb) && header->rdh_ttl > now &&
+ if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
(header->type == dns_rdatatype_a ||
header->type == dns_rdatatype_aaaa ||
header->type == dns_rdatatype_ds ||
@@ -6208,6 +6359,19 @@
*/
newheader->down = NULL;
free_rdataset(rbtdb, rbtdb->common.mctx, header);
+
+ idx = newheader->node->locknum;
+ if (IS_CACHE(rbtdb)) {
+ ISC_LIST_PREPEND(rbtdb->rdatasets[idx],
+ newheader, link);
+ INSIST(rbtdb->heaps != NULL);
+ (void)isc_heap_insert(rbtdb->heaps[idx],
+ newheader);
+ } else if (RESIGN(newheader)) {
+ result = resign_insert(rbtdb, idx, newheader);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
} else {
newheader->down = topheader;
topheader->next = newheader;
@@ -6235,9 +6399,14 @@
* will not leak... for long.
*/
INSIST(rbtdb->heaps != NULL);
- isc_heap_insert(rbtdb->heaps[idx], newheader);
- } else if (RESIGN(newheader))
- resign_insert(rbtdb, idx, newheader);
+ (void)isc_heap_insert(rbtdb->heaps[idx],
+ newheader);
+ } else if (RESIGN(newheader)) {
+ resign_delete(rbtdb, rbtversion, header);
+ result = resign_insert(rbtdb, idx, newheader);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
}
} else {
/*
@@ -6289,7 +6458,10 @@
newheader, link);
isc_heap_insert(rbtdb->heaps[idx], newheader);
} else if (RESIGN(newheader)) {
- resign_insert(rbtdb, idx, newheader);
+ resign_delete(rbtdb, rbtversion, header);
+ result = resign_insert(rbtdb, idx, newheader);
+ if (result != ISC_R_SUCCESS)
+ return (result);
}
}
@@ -6563,7 +6735,7 @@
cleanup_dead_nodes(rbtdb, rbtnode->locknum);
header = isc_heap_element(rbtdb->heaps[rbtnode->locknum], 1);
- if (header && header->rdh_ttl <= now - RBTDB_VIRTUAL)
+ if (header && header->rdh_ttl < now - RBTDB_VIRTUAL)
expire_header(rbtdb, header, tree_locked);
/*
@@ -6598,8 +6770,8 @@
}
if (result == ISC_R_SUCCESS)
- result = add(rbtdb, rbtnode, rbtversion, newheader, options,
- ISC_FALSE, addedrdataset, now);
+ result = add32(rbtdb, rbtnode, rbtversion, newheader, options,
+ ISC_FALSE, addedrdataset, now);
if (result == ISC_R_SUCCESS && delegating)
rbtnode->find_callback = 1;
@@ -6775,6 +6947,7 @@
topheader->next = newheader;
rbtnode->dirty = 1;
changed->dirty = ISC_TRUE;
+ resign_delete(rbtdb, rbtversion, header);
} else {
/*
* The rdataset doesn't exist, so we don't need to do anything
@@ -6844,8 +7017,8 @@
NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
isc_rwlocktype_write);
- result = add(rbtdb, rbtnode, rbtversion, newheader, DNS_DBADD_FORCE,
- ISC_FALSE, NULL, 0);
+ result = add32(rbtdb, rbtnode, rbtversion, newheader, DNS_DBADD_FORCE,
+ ISC_FALSE, NULL, 0);
NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
isc_rwlocktype_write);
@@ -6867,28 +7040,21 @@
loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep,
isc_boolean_t hasnsec)
{
- isc_result_t noderesult, nsecresult;
- dns_rbtnode_t *nsecnode;
+ isc_result_t noderesult, nsecresult, tmpresult;
+ dns_rbtnode_t *nsecnode = NULL, *node = NULL;
- noderesult = dns_rbt_addnode(rbtdb->tree, name, nodep);
-
-#ifdef BIND9
- if (noderesult == ISC_R_SUCCESS && rbtdb->rpz_cidr != NULL)
- dns_rpz_cidr_addip(rbtdb->rpz_cidr, name);
-#endif
-
+ noderesult = dns_rbt_addnode(rbtdb->tree, name, &node);
if (!hasnsec)
- return (noderesult);
+ goto done;
if (noderesult == ISC_R_EXISTS) {
/*
* Add a node to the auxiliary NSEC tree for an old node
* just now getting an NSEC record.
*/
- if ((*nodep)->nsec == DNS_RBT_NSEC_HAS_NSEC)
- return (noderesult);
- } else if (noderesult != ISC_R_SUCCESS) {
- return (noderesult);
- }
+ if (node->nsec == DNS_RBT_NSEC_HAS_NSEC)
+ goto done;
+ } else if (noderesult != ISC_R_SUCCESS)
+ goto done;
/*
* Build the auxiliary tree for NSECs as we go.
@@ -6898,12 +7064,11 @@
* Add nodes to the auxiliary tree after corresponding nodes have
* been added to the main tree.
*/
- nsecnode = NULL;
nsecresult = dns_rbt_addnode(rbtdb->nsec, name, &nsecnode);
if (nsecresult == ISC_R_SUCCESS) {
nsecnode->nsec = DNS_RBT_NSEC_NSEC;
- (*nodep)->nsec = DNS_RBT_NSEC_HAS_NSEC;
- return (noderesult);
+ node->nsec = DNS_RBT_NSEC_HAS_NSEC;
+ goto done;
}
if (nsecresult == ISC_R_EXISTS) {
@@ -6914,21 +7079,41 @@
ISC_LOG_WARNING,
"addnode: NSEC node already exists");
#endif
- (*nodep)->nsec = DNS_RBT_NSEC_HAS_NSEC;
- return (noderesult);
+ node->nsec = DNS_RBT_NSEC_HAS_NSEC;
+ goto done;
}
- nsecresult = dns_rbt_deletenode(rbtdb->tree, *nodep, ISC_FALSE);
- if (nsecresult != ISC_R_SUCCESS)
- isc_log_write(dns_lctx,
- DNS_LOGCATEGORY_DATABASE,
- DNS_LOGMODULE_CACHE,
- ISC_LOG_WARNING,
- "loading_addrdataset: "
- "dns_rbt_deletenode: %s after "
- "dns_rbt_addnode(NSEC): %s",
- isc_result_totext(nsecresult),
- isc_result_totext(noderesult));
+ if (noderesult == ISC_R_SUCCESS) {
+ /*
+ * Remove the node we just added above.
+ */
+ tmpresult = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE);
+ if (tmpresult != ISC_R_SUCCESS)
+ isc_log_write(dns_lctx,
+ DNS_LOGCATEGORY_DATABASE,
+ DNS_LOGMODULE_CACHE,
+ ISC_LOG_WARNING,
+ "loading_addrdataset: "
+ "dns_rbt_deletenode: %s after "
+ "dns_rbt_addnode(NSEC): %s",
+ isc_result_totext(tmpresult),
+ isc_result_totext(noderesult));
+
+ }
+
+ /*
+ * Set the error condition to be returned.
+ */
+ noderesult = nsecresult;
+
+ done:
+#ifdef BIND9
+ if (noderesult == ISC_R_SUCCESS && rbtdb->rpz_cidr != NULL)
+ dns_rpz_cidr_addip(rbtdb->rpz_cidr, name);
+#endif
+ if (noderesult == ISC_R_SUCCESS || noderesult == ISC_R_EXISTS)
+ *nodep = node;
+
return (noderesult);
}
@@ -7027,8 +7212,8 @@
} else
newheader->resign = 0;
- result = add(rbtdb, node, rbtdb->current_version, newheader,
- DNS_DBADD_MERGE, ISC_TRUE, NULL, 0);
+ result = add32(rbtdb, node, rbtdb->current_version, newheader,
+ DNS_DBADD_MERGE, ISC_TRUE, NULL, 0);
if (result == ISC_R_SUCCESS &&
delegating_type(rbtdb, node, rdataset->type))
node->find_callback = 1;
@@ -7265,7 +7450,8 @@
*hash = rbtversion->hash;
if (salt != NULL && salt_length != NULL) {
REQUIRE(*salt_length >= rbtversion->salt_length);
- memcpy(salt, rbtversion->salt, rbtversion->salt_length);
+ memmove(salt, rbtversion->salt,
+ rbtversion->salt_length);
}
if (salt_length != NULL)
*salt_length = rbtversion->salt_length;
@@ -7395,6 +7581,9 @@
INSIST(header != NULL);
header--;
+ if (header->heap_index == 0)
+ return;
+
RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
NODE_LOCK(&rbtdb->node_locks[node->locknum].lock,
isc_rwlocktype_write);
@@ -7402,11 +7591,7 @@
* Delete from heap and save to re-signed list so that it can
* be restored if we backout of this change.
*/
- new_reference(rbtdb, node);
- isc_heap_delete(rbtdb->heaps[node->locknum], header->heap_index);
- header->heap_index = 0;
- ISC_LIST_APPEND(rbtversion->resigned_list, header, link);
-
+ resign_delete(rbtdb, rbtversion, header);
NODE_UNLOCK(&rbtdb->node_locks[node->locknum].lock,
isc_rwlocktype_write);
RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
@@ -9284,7 +9469,7 @@
isc_rwlocktype_write);
header = isc_heap_element(rbtdb->heaps[locknum], 1);
- if (header && header->rdh_ttl <= now - RBTDB_VIRTUAL) {
+ if (header && header->rdh_ttl < now - RBTDB_VIRTUAL) {
expire_header(rbtdb, header, tree_locked);
purgecount--;
}
Modified: vendor/bind/dist/lib/dns/rbtdb.h
===================================================================
--- vendor/bind/dist/lib/dns/rbtdb.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rbtdb.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
#ifndef DNS_RBTDB_H
#define DNS_RBTDB_H 1
Modified: vendor/bind/dist/lib/dns/rbtdb64.c
===================================================================
--- vendor/bind/dist/lib/dns/rbtdb64.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rbtdb64.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb64.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: rbtdb64.c,v 1.11 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/rbtdb64.h
===================================================================
--- vendor/bind/dist/lib/dns/rbtdb64.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rbtdb64.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb64.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: rbtdb64.h,v 1.17 2007/06/19 23:47:16 tbox Exp $ */
#ifndef DNS_RBTDB64_H
#define DNS_RBTDB64_H 1
Modified: vendor/bind/dist/lib/dns/rcode.c
===================================================================
--- vendor/bind/dist/lib/dns/rcode.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rcode.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rcode.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
#include <ctype.h>
@@ -194,7 +194,7 @@
if (l > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, source, l);
+ memmove(region.base, source, l);
isc_buffer_add(target, l);
return (ISC_R_SUCCESS);
}
@@ -212,11 +212,13 @@
return (ISC_R_BADNUMBER);
/*
- * We have a potential number. Try to parse it with
- * isc_parse_uint32(). isc_parse_uint32() requires
+ * We have a potential number. Try to parse it with
+ * isc_parse_uint32(). isc_parse_uint32() requires
* null termination, so we must make a copy.
*/
- strncpy(buffer, source->base, NUMBERSIZE);
+ strncpy(buffer, source->base, sizeof(buffer));
+ buffer[sizeof(buffer) - 1] = '\0';
+
INSIST(buffer[source->length] == '\0');
result = isc_parse_uint32(&n, buffer, 10);
@@ -381,9 +383,9 @@
unsigned int len;
char *delim = memchr(text, '|', end - text);
if (delim != NULL)
- len = delim - text;
+ len = (unsigned int)(delim - text);
else
- len = end - text;
+ len = (unsigned int)(end - text);
for (p = keyflags; p->name != NULL; p++) {
if (strncasecmp(p->name, text, len) == 0)
break;
Modified: vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsig_250.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Thu Mar 16 13:39:43 PST 2000 by gson */
Modified: vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/any_255/tsig_250.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsig_250.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: tsig_250.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */
#ifndef ANY_255_TSIG_250_H
#define ANY_255_TSIG_250_H 1
Modified: vendor/bind/dist/lib/dns/rdata/ch_3/a_1.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/ch_3/a_1.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/ch_3/a_1.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: a_1.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a_1.c,v 1.8 2009/12/04 22:06:37 tbox Exp $ */
/* by Bjorn.Victor at it.uu.se, 2005-05-07 */
/* Based on generic/soa_6.c and generic/mx_15.c */
@@ -117,7 +117,7 @@
if (tregion.length < 2)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, 2);
+ memmove(tregion.base, sregion.base, 2);
isc_buffer_forward(source, 2);
isc_buffer_add(target, 2);
@@ -149,7 +149,7 @@
if (tregion.length < 2)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, 2);
+ memmove(tregion.base, sregion.base, 2);
isc_buffer_add(target, 2);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/ch_3/a_1.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/ch_3/a_1.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/ch_3/a_1.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: a_1.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a_1.h,v 1.5 2007/06/19 23:47:17 tbox Exp $ */
/* by Bjorn.Victor at it.uu.se, 2005-05-07 */
/* Based on generic/mx_15.h */
Modified: vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: afsdb_18.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: afsdb_18.c,v 1.49 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Wed Mar 15 14:59:00 PST 2000 by explorer */
@@ -113,7 +113,7 @@
return (ISC_R_NOSPACE);
if (sr.length < 2)
return (ISC_R_UNEXPECTEDEND);
- memcpy(tr.base, sr.base, 2);
+ memmove(tr.base, sr.base, 2);
isc_buffer_forward(source, 2);
isc_buffer_add(target, 2);
return (dns_name_fromwire(&name, source, dctx, options, target));
@@ -134,7 +134,7 @@
dns_rdata_toregion(rdata, &sr);
if (tr.length < 2)
return (ISC_R_NOSPACE);
- memcpy(tr.base, sr.base, 2);
+ memmove(tr.base, sr.base, 2);
isc_region_consume(&sr, 2);
isc_buffer_add(target, 2);
Modified: vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/afsdb_18.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_AFSDB_18_H
#define GENERIC_AFSDB_18_H 1
-/* $Id: afsdb_18.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: afsdb_18.h,v 1.20 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1183 */
Added: vendor/bind/dist/lib/dns/rdata/generic/caa_257.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/caa_257.c (rev 0)
+++ vendor/bind/dist/lib/dns/rdata/generic/caa_257.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,370 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_CAA_257_C
+#define GENERIC_CAA_257_C 1
+
+#define RRTYPE_CAA_ATTRIBUTES (0)
+
+static unsigned char const alphanumeric[256] = {
+ /* 0x00-0x0f */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x10-0x1f */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x20-0x2f */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x30-0x3f */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,
+ /* 0x40-0x4f */ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 0x50-0x5f */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
+ /* 0x60-0x6f */ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 0x70-0x7f */ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
+ /* 0x80-0x8f */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x90-0x9f */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xa0-0xaf */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xb0-0xbf */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xc0-0xcf */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xd0-0xdf */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xe0-0xef */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xf0-0xff */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+static inline isc_result_t
+fromtext_caa(ARGS_FROMTEXT) {
+ isc_token_t token;
+ isc_textregion_t tr;
+ isc_uint8_t flags;
+ unsigned int i;
+
+ REQUIRE(type == 257);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(origin);
+ UNUSED(options);
+ UNUSED(callbacks);
+
+ /* Flags. */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ if (token.value.as_ulong > 255U)
+ RETTOK(ISC_R_RANGE);
+ flags = token.value.as_ulong;
+ RETERR(uint8_tobuffer(flags, target));
+
+ /*
+ * Tag
+ */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
+ ISC_FALSE));
+ tr = token.value.as_textregion;
+ for (i = 0; i < tr.length; i++)
+ if (!alphanumeric[(unsigned int) tr.base[i]])
+ RETTOK(DNS_R_SYNTAX);
+ RETERR(uint8_tobuffer(tr.length, target));
+ RETERR(mem_tobuffer(target, tr.base, tr.length));
+
+ /*
+ * Value
+ */
+ RETERR(isc_lex_getmastertoken(lexer, &token,
+ isc_tokentype_qstring, ISC_FALSE));
+ if (token.type != isc_tokentype_qstring &&
+ token.type != isc_tokentype_string)
+ RETERR(DNS_R_SYNTAX);
+ RETERR(multitxt_fromtext(&token.value.as_textregion, target));
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+totext_caa(ARGS_TOTEXT) {
+ isc_region_t region;
+ isc_uint8_t flags;
+ char buf[256];
+
+ UNUSED(tctx);
+
+ REQUIRE(rdata->type == 257);
+ REQUIRE(rdata->length >= 3U);
+ REQUIRE(rdata->data != NULL);
+
+ dns_rdata_toregion(rdata, ®ion);
+
+ /*
+ * Flags
+ */
+ flags = uint8_consume_fromregion(®ion);
+ sprintf(buf, "%u ", flags);
+ RETERR(str_totext(buf, target));
+
+ /*
+ * Tag
+ */
+ RETERR(txt_totext(®ion, ISC_FALSE, target));
+ RETERR(str_totext(" ", target));
+
+ /*
+ * Value
+ */
+ RETERR(multitxt_totext(®ion, target));
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+fromwire_caa(ARGS_FROMWIRE) {
+ isc_region_t sr;
+ unsigned int len, i;
+
+ REQUIRE(type == 257);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(dctx);
+ UNUSED(options);
+
+ /*
+ * Flags
+ */
+ isc_buffer_activeregion(source, &sr);
+ if (sr.length < 2)
+ return (ISC_R_UNEXPECTEDEND);
+
+ /*
+ * Flags, tag length
+ */
+ RETERR(mem_tobuffer(target, sr.base, 2));
+ len = sr.base[1];
+ isc_region_consume(&sr, 2);
+ isc_buffer_forward(source, 2);
+
+ /*
+ * Zero length tag fields are illegal.
+ */
+ if (sr.length < len || len == 0)
+ RETERR(DNS_R_FORMERR);
+
+ /* Check the Tag's value */
+ for (i = 0; i < len; i++)
+ if (!alphanumeric[sr.base[i]])
+ RETERR(DNS_R_FORMERR);
+ /*
+ * Tag + Value
+ */
+ isc_buffer_forward(source, sr.length);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline isc_result_t
+towire_caa(ARGS_TOWIRE) {
+ isc_region_t region;
+
+ REQUIRE(rdata->type == 257);
+ REQUIRE(rdata->length >= 3U);
+ REQUIRE(rdata->data != NULL);
+
+ UNUSED(cctx);
+
+ dns_rdata_toregion(rdata, ®ion);
+ return (mem_tobuffer(target, region.base, region.length));
+}
+
+static inline int
+compare_caa(ARGS_COMPARE) {
+ isc_region_t r1, r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == 257);
+ REQUIRE(rdata1->length >= 3U);
+ REQUIRE(rdata2->length >= 3U);
+ REQUIRE(rdata1->data != NULL);
+ REQUIRE(rdata2->data != NULL);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_caa(ARGS_FROMSTRUCT) {
+ dns_rdata_caa_t *caa = source;
+ isc_region_t region;
+ unsigned int i;
+
+ REQUIRE(type == 257);
+ REQUIRE(source != NULL);
+ REQUIRE(caa->common.rdtype == type);
+ REQUIRE(caa->common.rdclass == rdclass);
+ REQUIRE(caa->tag != NULL && caa->tag_len != 0);
+ REQUIRE(caa->value != NULL);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
+ /*
+ * Flags
+ */
+ RETERR(uint8_tobuffer(caa->flags, target));
+
+ /*
+ * Tag length
+ */
+ RETERR(uint8_tobuffer(caa->tag_len, target));
+
+ /*
+ * Tag
+ */
+ region.base = caa->tag;
+ region.length = caa->tag_len;
+ for (i = 0; i < region.length; i++)
+ if (!alphanumeric[region.base[i]])
+ RETERR(DNS_R_SYNTAX);
+ RETERR(isc_buffer_copyregion(target, ®ion));
+
+ /*
+ * Value
+ */
+ region.base = caa->value;
+ region.length = caa->value_len;
+ return (isc_buffer_copyregion(target, ®ion));
+}
+
+static inline isc_result_t
+tostruct_caa(ARGS_TOSTRUCT) {
+ dns_rdata_caa_t *caa = target;
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == 257);
+ REQUIRE(target != NULL);
+ REQUIRE(rdata->length >= 3U);
+ REQUIRE(rdata->data != NULL);
+
+ caa->common.rdclass = rdata->rdclass;
+ caa->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&caa->common, link);
+
+ dns_rdata_toregion(rdata, &sr);
+
+ /*
+ * Flags
+ */
+ if (sr.length < 1)
+ return (ISC_R_UNEXPECTEDEND);
+ caa->flags = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+
+ /*
+ * Tag length
+ */
+ if (sr.length < 1)
+ return (ISC_R_UNEXPECTEDEND);
+ caa->tag_len = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+
+ /*
+ * Tag
+ */
+ if (sr.length < caa->tag_len)
+ return (ISC_R_UNEXPECTEDEND);
+ caa->tag = mem_maybedup(mctx, sr.base, caa->tag_len);
+ if (caa->tag == NULL)
+ return (ISC_R_NOMEMORY);
+ isc_region_consume(&sr, caa->tag_len);
+
+ /*
+ * Value
+ */
+ caa->value_len = sr.length;
+ caa->value = mem_maybedup(mctx, sr.base, sr.length);
+ if (caa->value == NULL)
+ return (ISC_R_NOMEMORY);
+
+ caa->mctx = mctx;
+ return (ISC_R_SUCCESS);
+}
+
+static inline void
+freestruct_caa(ARGS_FREESTRUCT) {
+ dns_rdata_caa_t *caa = (dns_rdata_caa_t *) source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(caa->common.rdtype == 257);
+
+ if (caa->mctx == NULL)
+ return;
+
+ if (caa->tag != NULL)
+ isc_mem_free(caa->mctx, caa->tag);
+ if (caa->value != NULL)
+ isc_mem_free(caa->mctx, caa->value);
+ caa->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_caa(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == 257);
+ REQUIRE(rdata->data != NULL);
+ REQUIRE(rdata->length >= 3U);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_caa(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == 257);
+ REQUIRE(rdata->data != NULL);
+ REQUIRE(rdata->length >= 3U);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_caa(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == 257);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_caa(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == 257);
+ REQUIRE(rdata->data != NULL);
+ REQUIRE(rdata->length >= 3U);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_caa(ARGS_COMPARE) {
+ return (compare_caa(rdata1, rdata2));
+}
+
+#endif /* GENERIC_CAA_257_C */
Added: vendor/bind/dist/lib/dns/rdata/generic/caa_257.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/caa_257.h (rev 0)
+++ vendor/bind/dist/lib/dns/rdata/generic/caa_257.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_CAA_257_H
+#define GENERIC_CAA_257_H 1
+
+/* $Id$ */
+
+typedef struct dns_rdata_caa {
+ dns_rdatacommon_t common;
+ isc_mem_t * mctx;
+ isc_uint8_t flags;
+ unsigned char * tag;
+ isc_uint8_t tag_len;
+ unsigned char *value;
+ isc_uint8_t value_len;
+} dns_rdata_caa_t;
+
+#endif /* GENERIC_CAA_257_H */
Added: vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.c (rev 0)
+++ vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,366 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/*
+ * Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley.
+ */
+
+/* RFC2535 */
+
+#ifndef RDATA_GENERIC_CDNSKEY_60_C
+#define RDATA_GENERIC_CDNSKEY_60_C
+
+#include <dst/dst.h>
+
+#define RRTYPE_CDNSKEY_ATTRIBUTES (DNS_RDATATYPEATTR_DNSSEC)
+
+static inline isc_result_t
+fromtext_cdnskey(ARGS_FROMTEXT) {
+ isc_result_t result;
+ isc_token_t token;
+ dns_secalg_t alg;
+ dns_secproto_t proto;
+ dns_keyflags_t flags;
+
+ REQUIRE(type == 60);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(origin);
+ UNUSED(options);
+ UNUSED(callbacks);
+
+ /* flags */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
+ ISC_FALSE));
+ RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
+ RETERR(uint16_tobuffer(flags, target));
+
+ /* protocol */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
+ ISC_FALSE));
+ RETTOK(dns_secproto_fromtext(&proto, &token.value.as_textregion));
+ RETERR(mem_tobuffer(target, &proto, 1));
+
+ /* algorithm */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
+ ISC_FALSE));
+ RETTOK(dns_secalg_fromtext(&alg, &token.value.as_textregion));
+ RETERR(mem_tobuffer(target, &alg, 1));
+
+ /* No Key? */
+ if ((flags & 0xc000) == 0xc000)
+ return (ISC_R_SUCCESS);
+
+ result = isc_base64_tobuffer(lexer, target, -1);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /* Ensure there's at least enough data to compute a key ID for MD5 */
+ if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
+ return (ISC_R_UNEXPECTEDEND);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+totext_cdnskey(ARGS_TOTEXT) {
+ isc_region_t sr;
+ char buf[sizeof("64000")];
+ unsigned int flags;
+ unsigned char algorithm;
+ char namebuf[DNS_NAME_FORMATSIZE];
+
+ REQUIRE(rdata->type == 60);
+ REQUIRE(rdata->length != 0);
+
+ dns_rdata_toregion(rdata, &sr);
+
+ /* flags */
+ flags = uint16_fromregion(&sr);
+ isc_region_consume(&sr, 2);
+ sprintf(buf, "%u", flags);
+ RETERR(str_totext(buf, target));
+ RETERR(str_totext(" ", target));
+
+ /* protocol */
+ sprintf(buf, "%u", sr.base[0]);
+ isc_region_consume(&sr, 1);
+ RETERR(str_totext(buf, target));
+ RETERR(str_totext(" ", target));
+
+ /* algorithm */
+ algorithm = sr.base[0];
+ sprintf(buf, "%u", algorithm);
+ isc_region_consume(&sr, 1);
+ RETERR(str_totext(buf, target));
+
+ /* No Key? */
+ if ((flags & 0xc000) == 0xc000)
+ return (ISC_R_SUCCESS);
+
+ if ((tctx->flags & DNS_STYLEFLAG_COMMENT) != 0 &&
+ algorithm == DNS_KEYALG_PRIVATEDNS) {
+ dns_name_t name;
+ dns_name_init(&name, NULL);
+ dns_name_fromregion(&name, &sr);
+ dns_name_format(&name, namebuf, sizeof(namebuf));
+ } else
+ namebuf[0] = 0;
+
+ /* key */
+ if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+ RETERR(str_totext(" (", target));
+ RETERR(str_totext(tctx->linebreak, target));
+ RETERR(isc_base64_totext(&sr, tctx->width - 2,
+ tctx->linebreak, target));
+
+ if ((tctx->flags & DNS_STYLEFLAG_COMMENT) != 0)
+ RETERR(str_totext(tctx->linebreak, target));
+ else if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+ RETERR(str_totext(" ", target));
+
+ if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+ RETERR(str_totext(")", target));
+
+ if ((tctx->flags & DNS_STYLEFLAG_COMMENT) != 0) {
+ isc_region_t tmpr;
+
+ RETERR(str_totext(" ; key id = ", target));
+ dns_rdata_toregion(rdata, &tmpr);
+ sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
+ RETERR(str_totext(buf, target));
+ if (algorithm == DNS_KEYALG_PRIVATEDNS) {
+ RETERR(str_totext(tctx->linebreak, target));
+ RETERR(str_totext("; alg = ", target));
+ RETERR(str_totext(namebuf, target));
+ }
+ }
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+fromwire_cdnskey(ARGS_FROMWIRE) {
+ unsigned char algorithm;
+ isc_region_t sr;
+
+ REQUIRE(type == 60);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(dctx);
+ UNUSED(options);
+
+ isc_buffer_activeregion(source, &sr);
+ if (sr.length < 4)
+ return (ISC_R_UNEXPECTEDEND);
+
+ algorithm = sr.base[3];
+ RETERR(mem_tobuffer(target, sr.base, 4));
+ isc_region_consume(&sr, 4);
+ isc_buffer_forward(source, 4);
+
+ if (algorithm == DNS_KEYALG_PRIVATEDNS) {
+ dns_name_t name;
+ dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
+ dns_name_init(&name, NULL);
+ RETERR(dns_name_fromwire(&name, source, dctx, options, target));
+ }
+
+ /*
+ * RSAMD5 computes key ID differently from other
+ * algorithms: we need to ensure there's enough data
+ * present for the computation
+ */
+ if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
+ return (ISC_R_UNEXPECTEDEND);
+
+ isc_buffer_activeregion(source, &sr);
+ isc_buffer_forward(source, sr.length);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline isc_result_t
+towire_cdnskey(ARGS_TOWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == 60);
+ REQUIRE(rdata->length != 0);
+
+ UNUSED(cctx);
+
+ dns_rdata_toregion(rdata, &sr);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_cdnskey(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == 60);
+ REQUIRE(rdata1->length != 0);
+ REQUIRE(rdata2->length != 0);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_cdnskey(ARGS_FROMSTRUCT) {
+ dns_rdata_cdnskey_t *dnskey = source;
+
+ REQUIRE(type == 60);
+ REQUIRE(source != NULL);
+ REQUIRE(dnskey->common.rdtype == type);
+ REQUIRE(dnskey->common.rdclass == rdclass);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
+ /* Flags */
+ RETERR(uint16_tobuffer(dnskey->flags, target));
+
+ /* Protocol */
+ RETERR(uint8_tobuffer(dnskey->protocol, target));
+
+ /* Algorithm */
+ RETERR(uint8_tobuffer(dnskey->algorithm, target));
+
+ /* Data */
+ return (mem_tobuffer(target, dnskey->data, dnskey->datalen));
+}
+
+static inline isc_result_t
+tostruct_cdnskey(ARGS_TOSTRUCT) {
+ dns_rdata_cdnskey_t *dnskey = target;
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == 60);
+ REQUIRE(target != NULL);
+ REQUIRE(rdata->length != 0);
+
+ dnskey->common.rdclass = rdata->rdclass;
+ dnskey->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&dnskey->common, link);
+
+ dns_rdata_toregion(rdata, &sr);
+
+ /* Flags */
+ if (sr.length < 2)
+ return (ISC_R_UNEXPECTEDEND);
+ dnskey->flags = uint16_fromregion(&sr);
+ isc_region_consume(&sr, 2);
+
+ /* Protocol */
+ if (sr.length < 1)
+ return (ISC_R_UNEXPECTEDEND);
+ dnskey->protocol = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+
+ /* Algorithm */
+ if (sr.length < 1)
+ return (ISC_R_UNEXPECTEDEND);
+ dnskey->algorithm = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+
+ /* Data */
+ dnskey->datalen = sr.length;
+ dnskey->data = mem_maybedup(mctx, sr.base, dnskey->datalen);
+ if (dnskey->data == NULL)
+ return (ISC_R_NOMEMORY);
+
+ dnskey->mctx = mctx;
+ return (ISC_R_SUCCESS);
+}
+
+static inline void
+freestruct_cdnskey(ARGS_FREESTRUCT) {
+ dns_rdata_cdnskey_t *dnskey = (dns_rdata_cdnskey_t *) source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(dnskey->common.rdtype == 60);
+
+ if (dnskey->mctx == NULL)
+ return;
+
+ if (dnskey->data != NULL)
+ isc_mem_free(dnskey->mctx, dnskey->data);
+ dnskey->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_cdnskey(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == 60);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_cdnskey(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == 60);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_cdnskey(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == 60);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_cdnskey(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == 60);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_cdnskey(ARGS_COMPARE) {
+
+ /*
+ * Treat ALG 253 (private DNS) subtype name case sensistively.
+ */
+ return (compare_cdnskey(rdata1, rdata2));
+}
+
+#endif /* RDATA_GENERIC_CDNSKEY_60_C */
Added: vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.h (rev 0)
+++ vendor/bind/dist/lib/dns/rdata/generic/cdnskey_60.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_CDNSKEY_60_H
+#define GENERIC_CDNSKEY_60_H 1
+
+/* CDNSKEY records have the same RDATA fields as DNSKEY records. */
+typedef struct dns_rdata_cdnskey {
+ dns_rdatacommon_t common;
+ isc_mem_t * mctx;
+ isc_uint16_t flags;
+ isc_uint8_t protocol;
+ isc_uint8_t algorithm;
+ isc_uint16_t datalen;
+ unsigned char * data;
+} dns_rdata_cdnskey_t;
+
+
+#endif /* GENERIC_CDNSKEY_60_H */
Added: vendor/bind/dist/lib/dns/rdata/generic/cds_59.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cds_59.c (rev 0)
+++ vendor/bind/dist/lib/dns/rdata/generic/cds_59.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,350 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/* draft-ietf-dnsext-delegation-signer-05.txt */
+
+#ifndef RDATA_GENERIC_CDS_59_C
+#define RDATA_GENERIC_CDS_59_C
+
+#define RRTYPE_CDS_ATTRIBUTES \
+ (DNS_RDATATYPEATTR_DNSSEC|DNS_RDATATYPEATTR_ATPARENT)
+
+#include <isc/sha1.h>
+#include <isc/sha2.h>
+
+#include <dns/ds.h>
+
+static inline isc_result_t
+fromtext_cds(ARGS_FROMTEXT) {
+ isc_token_t token;
+ unsigned char c;
+ int length;
+
+ REQUIRE(type == 59);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(origin);
+ UNUSED(options);
+ UNUSED(callbacks);
+
+ /*
+ * Key tag.
+ */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ if (token.value.as_ulong > 0xffffU)
+ RETTOK(ISC_R_RANGE);
+ RETERR(uint16_tobuffer(token.value.as_ulong, target));
+
+ /*
+ * Algorithm.
+ */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
+ ISC_FALSE));
+ RETTOK(dns_secalg_fromtext(&c, &token.value.as_textregion));
+ RETERR(mem_tobuffer(target, &c, 1));
+
+ /*
+ * Digest type.
+ */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ if (token.value.as_ulong > 0xffU)
+ RETTOK(ISC_R_RANGE);
+ RETERR(uint8_tobuffer(token.value.as_ulong, target));
+ c = (unsigned char) token.value.as_ulong;
+
+ /*
+ * Digest.
+ */
+ switch (c) {
+ case DNS_DSDIGEST_SHA1:
+ length = ISC_SHA1_DIGESTLENGTH;
+ break;
+ case DNS_DSDIGEST_SHA256:
+ length = ISC_SHA256_DIGESTLENGTH;
+ break;
+ case DNS_DSDIGEST_GOST:
+ length = ISC_GOST_DIGESTLENGTH;
+ break;
+ case DNS_DSDIGEST_SHA384:
+ length = ISC_SHA384_DIGESTLENGTH;
+ break;
+ default:
+ length = -1;
+ break;
+ }
+ return (isc_hex_tobuffer(lexer, target, length));
+}
+
+static inline isc_result_t
+totext_cds(ARGS_TOTEXT) {
+ isc_region_t sr;
+ char buf[sizeof("64000 ")];
+ unsigned int n;
+
+ REQUIRE(rdata->type == 59);
+ REQUIRE(rdata->length != 0);
+
+ UNUSED(tctx);
+
+ dns_rdata_toregion(rdata, &sr);
+
+ /*
+ * Key tag.
+ */
+ n = uint16_fromregion(&sr);
+ isc_region_consume(&sr, 2);
+ sprintf(buf, "%u ", n);
+ RETERR(str_totext(buf, target));
+
+ /*
+ * Algorithm.
+ */
+ n = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+ sprintf(buf, "%u ", n);
+ RETERR(str_totext(buf, target));
+
+ /*
+ * Digest type.
+ */
+ n = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+ sprintf(buf, "%u", n);
+ RETERR(str_totext(buf, target));
+
+ /*
+ * Digest.
+ */
+ if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+ RETERR(str_totext(" (", target));
+ RETERR(str_totext(tctx->linebreak, target));
+ RETERR(isc_hex_totext(&sr, tctx->width - 2, tctx->linebreak, target));
+ if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+ RETERR(str_totext(" )", target));
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+fromwire_cds(ARGS_FROMWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(type == 59);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(dctx);
+ UNUSED(options);
+
+ isc_buffer_activeregion(source, &sr);
+
+ /*
+ * Check digest lengths if we know them.
+ */
+ if (sr.length < 4 ||
+ (sr.base[3] == DNS_DSDIGEST_SHA1 &&
+ sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
+ (sr.base[3] == DNS_DSDIGEST_SHA256 &&
+ sr.length < 4 + ISC_SHA256_DIGESTLENGTH) ||
+ (sr.base[3] == DNS_DSDIGEST_GOST &&
+ sr.length < 4 + ISC_GOST_DIGESTLENGTH) ||
+ (sr.base[3] == DNS_DSDIGEST_SHA384 &&
+ sr.length < 4 + ISC_SHA384_DIGESTLENGTH))
+ return (ISC_R_UNEXPECTEDEND);
+
+ /*
+ * Only copy digest lengths if we know them.
+ * If there is extra data dns_rdata_fromwire() will
+ * detect that.
+ */
+ if (sr.base[3] == DNS_DSDIGEST_SHA1)
+ sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
+ else if (sr.base[3] == DNS_DSDIGEST_SHA256)
+ sr.length = 4 + ISC_SHA256_DIGESTLENGTH;
+ else if (sr.base[3] == DNS_DSDIGEST_GOST)
+ sr.length = 4 + ISC_GOST_DIGESTLENGTH;
+ else if (sr.base[3] == DNS_DSDIGEST_SHA384)
+ sr.length = 4 + ISC_SHA384_DIGESTLENGTH;
+
+ isc_buffer_forward(source, sr.length);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline isc_result_t
+towire_cds(ARGS_TOWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == 59);
+ REQUIRE(rdata->length != 0);
+
+ UNUSED(cctx);
+
+ dns_rdata_toregion(rdata, &sr);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_cds(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == 59);
+ REQUIRE(rdata1->length != 0);
+ REQUIRE(rdata2->length != 0);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_cds(ARGS_FROMSTRUCT) {
+ dns_rdata_cds_t *ds = source;
+
+ REQUIRE(type == 59);
+ REQUIRE(source != NULL);
+ REQUIRE(ds->common.rdtype == type);
+ REQUIRE(ds->common.rdclass == rdclass);
+ switch (ds->digest_type) {
+ case DNS_DSDIGEST_SHA1:
+ REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH);
+ break;
+ case DNS_DSDIGEST_SHA256:
+ REQUIRE(ds->length == ISC_SHA256_DIGESTLENGTH);
+ break;
+ case DNS_DSDIGEST_GOST:
+ REQUIRE(ds->length == ISC_GOST_DIGESTLENGTH);
+ break;
+ case DNS_DSDIGEST_SHA384:
+ REQUIRE(ds->length == ISC_SHA384_DIGESTLENGTH);
+ break;
+ }
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
+ RETERR(uint16_tobuffer(ds->key_tag, target));
+ RETERR(uint8_tobuffer(ds->algorithm, target));
+ RETERR(uint8_tobuffer(ds->digest_type, target));
+
+ return (mem_tobuffer(target, ds->digest, ds->length));
+}
+
+static inline isc_result_t
+tostruct_cds(ARGS_TOSTRUCT) {
+ dns_rdata_cds_t *ds = target;
+ isc_region_t region;
+
+ REQUIRE(rdata->type == 59);
+ REQUIRE(target != NULL);
+ REQUIRE(rdata->length != 0);
+
+ ds->common.rdclass = rdata->rdclass;
+ ds->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&ds->common, link);
+
+ dns_rdata_toregion(rdata, ®ion);
+
+ ds->key_tag = uint16_fromregion(®ion);
+ isc_region_consume(®ion, 2);
+ ds->algorithm = uint8_fromregion(®ion);
+ isc_region_consume(®ion, 1);
+ ds->digest_type = uint8_fromregion(®ion);
+ isc_region_consume(®ion, 1);
+ ds->length = region.length;
+
+ ds->digest = mem_maybedup(mctx, region.base, region.length);
+ if (ds->digest == NULL)
+ return (ISC_R_NOMEMORY);
+
+ ds->mctx = mctx;
+ return (ISC_R_SUCCESS);
+}
+
+static inline void
+freestruct_cds(ARGS_FREESTRUCT) {
+ dns_rdata_cds_t *ds = source;
+
+ REQUIRE(ds != NULL);
+ REQUIRE(ds->common.rdtype == 59);
+
+ if (ds->mctx == NULL)
+ return;
+
+ if (ds->digest != NULL)
+ isc_mem_free(ds->mctx, ds->digest);
+ ds->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_cds(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == 59);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_cds(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == 59);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_cds(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == 59);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_cds(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == 59);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_cds(ARGS_COMPARE) {
+ return (compare_cds(rdata1, rdata2));
+}
+
+#endif /* RDATA_GENERIC_CDS_59_C */
Added: vendor/bind/dist/lib/dns/rdata/generic/cds_59.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cds_59.h (rev 0)
+++ vendor/bind/dist/lib/dns/rdata/generic/cds_59.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_CDS_59_H
+#define GENERIC_CDS_59_H 1
+
+/* CDS records have the same RDATA fields as DS records. */
+typedef struct dns_rdata_cds {
+ dns_rdatacommon_t common;
+ isc_mem_t *mctx;
+ isc_uint16_t key_tag;
+ isc_uint8_t algorithm;
+ isc_uint8_t digest_type;
+ isc_uint16_t length;
+ unsigned char *digest;
+} dns_rdata_cds_t;
+
+#endif /* GENERIC_CDS_59_H */
Modified: vendor/bind/dist/lib/dns/rdata/generic/cert_37.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cert_37.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/cert_37.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cert_37.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Wed Mar 15 21:14:32 EST 2000 by tale */
Modified: vendor/bind/dist/lib/dns/rdata/generic/cert_37.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cert_37.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/cert_37.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cert_37.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: cert_37.h,v 1.20 2007/06/19 23:47:17 tbox Exp $ */
#ifndef GENERIC_CERT_37_H
#define GENERIC_CERT_37_H 1
Modified: vendor/bind/dist/lib/dns/rdata/generic/cname_5.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cname_5.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/cname_5.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cname_5.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: cname_5.c,v 1.49 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Wed Mar 15 16:48:45 PST 2000 by brister */
Modified: vendor/bind/dist/lib/dns/rdata/generic/cname_5.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/cname_5.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/cname_5.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cname_5.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: cname_5.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */
#ifndef GENERIC_CNAME_5_H
#define GENERIC_CNAME_5_H 1
Modified: vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dlv_32769.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/* draft-ietf-dnsext-delegation-signer-05.txt */
Modified: vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/dlv_32769.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dlv_32769.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dlv_32769.h,v 1.5 2007/06/19 23:47:17 tbox Exp $ */
/* draft-ietf-dnsext-delegation-signer-05.txt */
#ifndef GENERIC_DLV_32769_H
Modified: vendor/bind/dist/lib/dns/rdata/generic/dname_39.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/dname_39.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/dname_39.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dname_39.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dname_39.c,v 1.40 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Wed Mar 15 16:52:38 PST 2000 by explorer */
Modified: vendor/bind/dist/lib/dns/rdata/generic/dname_39.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/dname_39.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/dname_39.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_DNAME_39_H
#define GENERIC_DNAME_39_H 1
-/* $Id: dname_39.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dname_39.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief per RFC2672 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnskey_48.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*
* Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley.
@@ -32,6 +32,7 @@
static inline isc_result_t
fromtext_dnskey(ARGS_FROMTEXT) {
+ isc_result_t result;
isc_token_t token;
dns_secalg_t alg;
dns_secproto_t proto;
@@ -67,7 +68,15 @@
if ((flags & 0xc000) == 0xc000)
return (ISC_R_SUCCESS);
- return (isc_base64_tobuffer(lexer, target, -1));
+ result = isc_base64_tobuffer(lexer, target, -1);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /* Ensure there's at least enough data to compute a key ID for MD5 */
+ if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
+ return (ISC_R_UNEXPECTEDEND);
+
+ return (ISC_R_SUCCESS);
}
static inline isc_result_t
@@ -173,6 +182,15 @@
dns_name_init(&name, NULL);
RETERR(dns_name_fromwire(&name, source, dctx, options, target));
}
+
+ /*
+ * RSAMD5 computes key ID differently from other
+ * algorithms: we need to ensure there's enough data
+ * present for the computation
+ */
+ if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
+ return (ISC_R_UNEXPECTEDEND);
+
isc_buffer_activeregion(source, &sr);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
Modified: vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/dnskey_48.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_DNSKEY_48_H
#define GENERIC_DNSKEY_48_H 1
-/* $Id: dnskey_48.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dnskey_48.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief per RFC2535 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/ds_43.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ds_43.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ds_43.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ds_43.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* draft-ietf-dnsext-delegation-signer-05.txt */
Modified: vendor/bind/dist/lib/dns/rdata/generic/ds_43.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ds_43.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ds_43.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ds_43.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ds_43.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
#ifndef GENERIC_DS_43_H
#define GENERIC_DS_43_H 1
Modified: vendor/bind/dist/lib/dns/rdata/generic/eui48_108.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/eui48_108.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/eui48_108.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -142,7 +142,7 @@
eui48->common.rdtype = rdata->type;
ISC_LINK_INIT(&eui48->common, link);
- memcpy(eui48->eui48, rdata->data, rdata->length);
+ memmove(eui48->eui48, rdata->data, rdata->length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/eui64_109.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/eui64_109.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/eui64_109.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -147,7 +147,7 @@
eui64->common.rdtype = rdata->type;
ISC_LINK_INIT(&eui64->common, link);
- memcpy(eui64->eui64, rdata->data, rdata->length);
+ memmove(eui64->eui64, rdata->data, rdata->length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/gpos_27.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/gpos_27.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/gpos_27.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gpos_27.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: gpos_27.c,v 1.43 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Wed Mar 15 16:48:45 PST 2000 by brister */
@@ -61,7 +61,7 @@
dns_rdata_toregion(rdata, ®ion);
for (i = 0; i < 3; i++) {
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
if (i != 2)
RETERR(str_totext(" ", target));
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/gpos_27.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/gpos_27.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/gpos_27.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_GPOS_27_H
#define GENERIC_GPOS_27_H 1
-/* $Id: gpos_27.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: gpos_27.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief per RFC1712 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hinfo_13.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hinfo_13.c,v 1.46 2009/12/04 22:06:37 tbox Exp $ */
/*
* Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley.
@@ -58,9 +58,9 @@
REQUIRE(rdata->length != 0);
dns_rdata_toregion(rdata, ®ion);
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
RETERR(str_totext(" ", target));
- return (txt_totext(®ion, target));
+ return (txt_totext(®ion, ISC_TRUE, target));
}
static inline isc_result_t
Modified: vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/hinfo_13.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_HINFO_13_H
#define GENERIC_HINFO_13_H 1
-/* $Id: hinfo_13.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hinfo_13.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_hinfo {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/hip_55.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/hip_55.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/hip_55.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hip_55.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hip_55.c,v 1.8 2011/01/13 04:59:26 tbox Exp $ */
/* reviewed: TBC */
@@ -76,7 +76,7 @@
len = (unsigned char *)isc_buffer_used(target) - start;
if (len > 0xffU)
RETTOK(ISC_R_RANGE);
- RETERR(uint8_tobuffer(len, &hit_len));
+ RETERR(uint8_tobuffer((isc_uint32_t)len, &hit_len));
/*
* Public key (base64).
@@ -92,7 +92,7 @@
len = (unsigned char *)isc_buffer_used(target) - start;
if (len > 0xffffU)
RETTOK(ISC_R_RANGE);
- RETERR(uint16_tobuffer(len, &key_len));
+ RETERR(uint16_tobuffer((isc_uint32_t)len, &key_len));
/*
* Rendezvous Servers.
@@ -122,7 +122,7 @@
totext_hip(ARGS_TOTEXT) {
isc_region_t region;
dns_name_t name;
- size_t length, key_len, hit_len;
+ unsigned int length, key_len, hit_len;
unsigned char algorithm;
char buf[sizeof("225 ")];
@@ -318,6 +318,8 @@
goto cleanup;
isc_region_consume(®ion, hip->hit_len);
+ INSIST(hip->key_len <= region.length);
+
hip->key = mem_maybedup(mctx, region.base, hip->key_len);
if (hip->key == NULL)
goto cleanup;
@@ -466,9 +468,7 @@
INSIST(r1.length > 4);
INSIST(r2.length > 4);
- r1.length = 4;
- r2.length = 4;
- order = isc_region_compare(&r1, &r2);
+ order = memcmp(r1.base, r2.base, 4);
if (order != 0)
return (order);
@@ -475,14 +475,12 @@
hit_len = uint8_fromregion(&r1);
isc_region_consume(&r1, 2); /* hit length + algorithm */
key_len = uint16_fromregion(&r1);
+ isc_region_consume(&r1, 2); /* key length */
+ isc_region_consume(&r2, 4);
- dns_rdata_toregion(rdata1, &r1);
- dns_rdata_toregion(rdata2, &r2);
- isc_region_consume(&r1, 4);
- isc_region_consume(&r2, 4);
INSIST(r1.length >= (unsigned) (hit_len + key_len));
INSIST(r2.length >= (unsigned) (hit_len + key_len));
- order = isc_region_compare(&r1, &r2);
+ order = memcmp(r1.base, r2.base, hit_len + key_len);
if (order != 0)
return (order);
isc_region_consume(&r1, hit_len + key_len);
Modified: vendor/bind/dist/lib/dns/rdata/generic/hip_55.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/hip_55.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/hip_55.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hip_55.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hip_55.h,v 1.2 2009/02/26 06:09:19 marka Exp $ */
#ifndef GENERIC_HIP_5_H
#define GENERIC_HIP_5_H 1
Modified: vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ipseckey_45.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef RDATA_GENERIC_IPSECKEY_45_C
#define RDATA_GENERIC_IPSECKEY_45_C
@@ -87,7 +87,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < 4)
return (ISC_R_NOSPACE);
- memcpy(region.base, &addr, 4);
+ memmove(region.base, &addr, 4);
isc_buffer_add(target, 4);
break;
@@ -97,7 +97,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < 16)
return (ISC_R_NOSPACE);
- memcpy(region.base, addr6, 16);
+ memmove(region.base, addr6, 16);
isc_buffer_add(target, 16);
break;
@@ -361,7 +361,7 @@
break;
case 2:
- memcpy(ipseckey->in6_addr.s6_addr, region.base, 16);
+ memmove(ipseckey->in6_addr.s6_addr, region.base, 16);
isc_region_consume(®ion, 16);
break;
Modified: vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ipseckey_45.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ipseckey_45.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ipseckey_45.h,v 1.4 2007/06/19 23:47:17 tbox Exp $ */
#ifndef GENERIC_IPSECKEY_45_H
#define GENERIC_IPSECKEY_45_H 1
Modified: vendor/bind/dist/lib/dns/rdata/generic/isdn_20.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/isdn_20.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/isdn_20.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: isdn_20.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: isdn_20.c,v 1.40 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Wed Mar 15 16:53:11 PST 2000 by bwelling */
@@ -65,11 +65,11 @@
UNUSED(tctx);
dns_rdata_toregion(rdata, ®ion);
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
if (region.length == 0)
return (ISC_R_SUCCESS);
RETERR(str_totext(" ", target));
- return (txt_totext(®ion, target));
+ return (txt_totext(®ion, ISC_TRUE, target));
}
static inline isc_result_t
@@ -127,6 +127,8 @@
RETERR(uint8_tobuffer(isdn->isdn_len, target));
RETERR(mem_tobuffer(target, isdn->isdn, isdn->isdn_len));
+ if (isdn->subaddress == NULL)
+ return (ISC_R_SUCCESS);
RETERR(uint8_tobuffer(isdn->subaddress_len, target));
return (mem_tobuffer(target, isdn->subaddress, isdn->subaddress_len));
}
@@ -153,11 +155,17 @@
return (ISC_R_NOMEMORY);
isc_region_consume(&r, isdn->isdn_len);
- isdn->subaddress_len = uint8_fromregion(&r);
- isc_region_consume(&r, 1);
- isdn->subaddress = mem_maybedup(mctx, r.base, isdn->subaddress_len);
- if (isdn->subaddress == NULL)
- goto cleanup;
+ if (r.length == 0) {
+ isdn->subaddress_len = 0;
+ isdn->subaddress = NULL;
+ } else {
+ isdn->subaddress_len = uint8_fromregion(&r);
+ isc_region_consume(&r, 1);
+ isdn->subaddress = mem_maybedup(mctx, r.base,
+ isdn->subaddress_len);
+ if (isdn->subaddress == NULL)
+ goto cleanup;
+ }
isdn->mctx = mctx;
return (ISC_R_SUCCESS);
Modified: vendor/bind/dist/lib/dns/rdata/generic/isdn_20.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/isdn_20.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/isdn_20.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_ISDN_20_H
#define GENERIC_ISDN_20_H 1
-/* $Id: isdn_20.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: isdn_20.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1183 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/key_25.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/key_25.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/key_25.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: key_25.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*
* Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley.
@@ -32,6 +32,7 @@
static inline isc_result_t
fromtext_key(ARGS_FROMTEXT) {
+ isc_result_t result;
isc_token_t token;
dns_secalg_t alg;
dns_secproto_t proto;
@@ -67,7 +68,15 @@
if ((flags & 0xc000) == 0xc000)
return (ISC_R_SUCCESS);
- return (isc_base64_tobuffer(lexer, target, -1));
+ result = isc_base64_tobuffer(lexer, target, -1);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /* Ensure there's at least enough data to compute a key ID for MD5 */
+ if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
+ return (ISC_R_UNEXPECTEDEND);
+
+ return (ISC_R_SUCCESS);
}
static inline isc_result_t
@@ -173,6 +182,15 @@
dns_name_init(&name, NULL);
RETERR(dns_name_fromwire(&name, source, dctx, options, target));
}
+
+ /*
+ * RSAMD5 computes key ID differently from other
+ * algorithms: we need to ensure there's enough data
+ * present for the computation
+ */
+ if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
+ return (ISC_R_UNEXPECTEDEND);
+
isc_buffer_activeregion(source, &sr);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
Modified: vendor/bind/dist/lib/dns/rdata/generic/key_25.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/key_25.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/key_25.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_KEY_25_H
#define GENERIC_KEY_25_H 1
-/* $Id: key_25.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: key_25.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC2535 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keydata_65533.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef GENERIC_KEYDATA_65533_C
#define GENERIC_KEYDATA_65533_C 1
@@ -21,10 +21,11 @@
#include <dst/dst.h>
-#define RRTYPE_KEYDATA_ATTRIBUTES (DNS_RDATATYPEATTR_DNSSEC)
+#define RRTYPE_KEYDATA_ATTRIBUTES (0)
static inline isc_result_t
fromtext_keydata(ARGS_FROMTEXT) {
+ isc_result_t result;
isc_token_t token;
dns_secalg_t alg;
dns_secproto_t proto;
@@ -79,7 +80,15 @@
if ((flags & 0xc000) == 0xc000)
return (ISC_R_SUCCESS);
- return (isc_base64_tobuffer(lexer, target, -1));
+ result = isc_base64_tobuffer(lexer, target, -1);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /* Ensure there's at least enough data to compute a key ID for MD5 */
+ if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 19)
+ return (ISC_R_UNEXPECTEDEND);
+
+ return (ISC_R_SUCCESS);
}
static inline isc_result_t
@@ -91,8 +100,10 @@
unsigned long when;
REQUIRE(rdata->type == 65533);
- REQUIRE(rdata->length != 0);
+ if ((tctx->flags & DNS_STYLEFLAG_KEYDATA) == 0 || rdata->length < 16)
+ return (unknown_totext(rdata, tctx, target));
+
dns_rdata_toregion(rdata, &sr);
/* refresh timer */
@@ -176,9 +187,6 @@
UNUSED(options);
isc_buffer_activeregion(source, &sr);
- if (sr.length < 16)
- return (ISC_R_UNEXPECTEDEND);
-
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
}
@@ -188,7 +196,6 @@
isc_region_t sr;
REQUIRE(rdata->type == 65533);
- REQUIRE(rdata->length != 0);
UNUSED(cctx);
@@ -204,8 +211,6 @@
REQUIRE(rdata1->type == rdata2->type);
REQUIRE(rdata1->rdclass == rdata2->rdclass);
REQUIRE(rdata1->type == 65533);
- REQUIRE(rdata1->length != 0);
- REQUIRE(rdata2->length != 0);
dns_rdata_toregion(rdata1, &r1);
dns_rdata_toregion(rdata2, &r2);
@@ -253,7 +258,6 @@
REQUIRE(rdata->type == 65533);
REQUIRE(target != NULL);
- REQUIRE(rdata->length != 0);
keydata->common.rdclass = rdata->rdclass;
keydata->common.rdtype = rdata->type;
Modified: vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/keydata_65533.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -17,7 +17,7 @@
#ifndef GENERIC_KEYDATA_65533_H
#define GENERIC_KEYDATA_65533_H 1
-/* $Id: keydata_65533.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: keydata_65533.h,v 1.2 2009/06/30 02:52:32 each Exp $ */
typedef struct dns_rdata_keydata {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/l32_105.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/l32_105.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/l32_105.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -51,7 +51,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < 4)
return (ISC_R_NOSPACE);
- memcpy(region.base, &addr, 4);
+ memmove(region.base, &addr, 4);
isc_buffer_add(target, 4);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/l64_106.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/l64_106.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/l64_106.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -155,7 +155,7 @@
dns_rdata_toregion(rdata, ®ion);
l64->pref = uint16_fromregion(®ion);
- memcpy(l64->l64, region.base, region.length);
+ memmove(l64->l64, region.base, region.length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/loc_29.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/loc_29.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/loc_29.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: loc_29.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: loc_29.c,v 1.50 2009/12/04 21:09:33 marka Exp $ */
/* Reviewed: Wed Mar 15 18:13:09 PST 2000 by explorer */
Modified: vendor/bind/dist/lib/dns/rdata/generic/loc_29.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/loc_29.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/loc_29.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_LOC_29_H
#define GENERIC_LOC_29_H 1
-/* $Id: loc_29.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: loc_29.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1876 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/mb_7.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mb_7.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mb_7.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mb_7.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mb_7.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Wed Mar 15 17:31:26 PST 2000 by bwelling */
Modified: vendor/bind/dist/lib/dns/rdata/generic/mb_7.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mb_7.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mb_7.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_MB_7_H
#define GENERIC_MB_7_H 1
-/* $Id: mb_7.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mb_7.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_mb {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/md_3.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/md_3.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/md_3.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: md_3.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: md_3.c,v 1.49 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Wed Mar 15 17:48:20 PST 2000 by bwelling */
Modified: vendor/bind/dist/lib/dns/rdata/generic/md_3.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/md_3.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/md_3.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_MD_3_H
#define GENERIC_MD_3_H 1
-/* $Id: md_3.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: md_3.h,v 1.28 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_md {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/mf_4.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mf_4.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mf_4.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mf_4.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mf_4.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Wed Mar 15 17:47:33 PST 2000 by brister */
Modified: vendor/bind/dist/lib/dns/rdata/generic/mf_4.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mf_4.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mf_4.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_MF_4_H
#define GENERIC_MF_4_H 1
-/* $Id: mf_4.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mf_4.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_mf {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/mg_8.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mg_8.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mg_8.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mg_8.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mg_8.c,v 1.45 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Wed Mar 15 17:49:21 PST 2000 by brister */
Modified: vendor/bind/dist/lib/dns/rdata/generic/mg_8.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mg_8.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mg_8.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_MG_8_H
#define GENERIC_MG_8_H 1
-/* $Id: mg_8.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mg_8.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_mg {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/minfo_14.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/minfo_14.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/minfo_14.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: minfo_14.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: minfo_14.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Wed Mar 15 17:45:32 PST 2000 by brister */
Modified: vendor/bind/dist/lib/dns/rdata/generic/minfo_14.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/minfo_14.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/minfo_14.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_MINFO_14_H
#define GENERIC_MINFO_14_H 1
-/* $Id: minfo_14.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: minfo_14.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_minfo {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/mr_9.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mr_9.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mr_9.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mr_9.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mr_9.c,v 1.44 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Wed Mar 15 21:30:35 EST 2000 by tale */
Modified: vendor/bind/dist/lib/dns/rdata/generic/mr_9.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mr_9.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mr_9.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_MR_9_H
#define GENERIC_MR_9_H 1
-/* $Id: mr_9.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mr_9.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_mr {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/mx_15.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mx_15.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mx_15.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mx_15.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: mx_15.c,v 1.58 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Wed Mar 15 18:05:46 PST 2000 by brister */
Modified: vendor/bind/dist/lib/dns/rdata/generic/mx_15.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/mx_15.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/mx_15.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_MX_15_H
#define GENERIC_MX_15_H 1
-/* $Id: mx_15.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mx_15.h,v 1.29 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_mx {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/nid_104.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nid_104.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nid_104.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -155,7 +155,7 @@
dns_rdata_toregion(rdata, ®ion);
nid->pref = uint16_fromregion(®ion);
- memcpy(nid->nid, region.base, region.length);
+ memmove(nid->nid, region.base, region.length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/ns_2.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ns_2.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ns_2.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ns_2.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ns_2.c,v 1.48 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Wed Mar 15 18:15:00 PST 2000 by bwelling */
Modified: vendor/bind/dist/lib/dns/rdata/generic/ns_2.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ns_2.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ns_2.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_NS_2_H
#define GENERIC_NS_2_H 1
-/* $Id: ns_2.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ns_2.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_ns {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec3_50.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*
* Copyright (C) 2004 Nominet, Ltd.
@@ -100,7 +100,7 @@
RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
ISC_FALSE));
isc_buffer_init(&b, bm, sizeof(bm));
- RETTOK(isc_base32hex_decodestring(DNS_AS_STR(token), &b));
+ RETTOK(isc_base32hexnp_decodestring(DNS_AS_STR(token), &b));
if (isc_buffer_usedlength(&b) > 0xffU)
RETTOK(ISC_R_RANGE);
RETERR(uint8_tobuffer(isc_buffer_usedlength(&b), target));
@@ -187,7 +187,7 @@
i = sr.length;
sr.length = j;
- RETERR(isc_base32hex_totext(&sr, 1, "", target));
+ RETERR(isc_base32hexnp_totext(&sr, 1, "", target));
sr.length = i - j;
for (i = 0; i < sr.length; i += len) {
@@ -455,15 +455,26 @@
static inline isc_boolean_t
checkowner_nsec3(ARGS_CHECKOWNER) {
+ unsigned char owner[NSEC3_MAX_HASH_LENGTH];
+ isc_buffer_t buffer;
+ dns_label_t label;
- REQUIRE(type == 50);
+ REQUIRE(type == 50);
- UNUSED(name);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(wildcard);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
- return (ISC_TRUE);
+ /*
+ * First label is a base32hex string without padding.
+ */
+ dns_name_getlabel(name, 0, &label);
+ isc_region_consume(&label, 1);
+ isc_buffer_init(&buffer, owner, sizeof(owner));
+ if (isc_base32hexnp_decoderegion(&label, &buffer) == ISC_R_SUCCESS)
+ return (ISC_TRUE);
+
+ return (ISC_FALSE);
}
static inline isc_boolean_t
Modified: vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nsec3_50.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_NSEC3_50_H
#define GENERIC_NSEC3_50_H 1
-/* $Id: nsec3_50.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*!
* \brief Per RFC 5155 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec3param_51.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nsec3param_51.c,v 1.7 2009/12/04 21:09:34 marka Exp $ */
/*
* Copyright (C) 2004 Nominet, Ltd.
Modified: vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nsec3param_51.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_NSEC3PARAM_51_H
#define GENERIC_NSEC3PARAM_51_H 1
-/* $Id: nsec3param_51.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nsec3param_51.h,v 1.4 2008/09/25 04:02:39 tbox Exp $ */
/*!
* \brief Per RFC 5155 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/nsec_47.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nsec_47.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nsec_47.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec_47.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nsec_47.c,v 1.15 2011/01/13 04:59:26 tbox Exp $ */
/* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */
Modified: vendor/bind/dist/lib/dns/rdata/generic/nsec_47.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nsec_47.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nsec_47.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_NSEC_47_H
#define GENERIC_NSEC_47_H 1
-/* $Id: nsec_47.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nsec_47.h,v 1.10 2008/07/15 23:47:21 tbox Exp $ */
/*!
* \brief Per RFC 3845 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/null_10.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/null_10.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/null_10.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: null_10.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Thu Mar 16 13:57:50 PST 2000 by explorer */
Modified: vendor/bind/dist/lib/dns/rdata/generic/null_10.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/null_10.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/null_10.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_NULL_10_H
#define GENERIC_NULL_10_H 1
-/* $Id: null_10.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: null_10.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_null {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/nxt_30.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nxt_30.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nxt_30.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nxt_30.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nxt_30.c,v 1.65 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */
Modified: vendor/bind/dist/lib/dns/rdata/generic/nxt_30.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/nxt_30.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/nxt_30.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_NXT_30_H
#define GENERIC_NXT_30_H 1
-/* $Id: nxt_30.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nxt_30.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief RFC2535 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/opt_41.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/opt_41.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/opt_41.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: opt_41.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Thu Mar 16 14:06:44 PST 2000 by gson */
@@ -93,6 +93,7 @@
fromwire_opt(ARGS_FROMWIRE) {
isc_region_t sregion;
isc_region_t tregion;
+ isc_uint16_t opt;
isc_uint16_t length;
unsigned int total;
@@ -108,10 +109,7 @@
while (sregion.length != 0) {
if (sregion.length < 4)
return (ISC_R_UNEXPECTEDEND);
- /*
- * Eat the 16bit option code. There is nothing to
- * be done with it currently.
- */
+ opt = uint16_fromregion(&sregion);
isc_region_consume(&sregion, 2);
length = uint16_fromregion(&sregion);
isc_region_consume(&sregion, 2);
@@ -118,7 +116,49 @@
total += 4;
if (sregion.length < length)
return (ISC_R_UNEXPECTEDEND);
- isc_region_consume(&sregion, length);
+ switch (opt) {
+ case DNS_OPT_CLIENT_SUBNET: {
+ isc_uint16_t family;
+ isc_uint8_t addrlen;
+ isc_uint8_t scope;
+ isc_uint8_t addrbytes;
+
+ if (length < 4)
+ return (DNS_R_FORMERR);
+ family = uint16_fromregion(&sregion);
+ isc_region_consume(&sregion, 2);
+ addrlen = uint8_fromregion(&sregion);
+ isc_region_consume(&sregion, 1);
+ scope = uint8_fromregion(&sregion);
+ isc_region_consume(&sregion, 1);
+ switch (family) {
+ case 1:
+ if (addrlen > 32U || scope > 32U)
+ return (DNS_R_FORMERR);
+ break;
+ case 2:
+ if (addrlen > 128U || scope > 128U)
+ return (DNS_R_FORMERR);
+ break;
+ }
+ addrbytes = (addrlen + 7) / 8;
+ if (addrbytes + 4 != length)
+ return (DNS_R_FORMERR);
+ isc_region_consume(&sregion, addrbytes);
+ break;
+ }
+ case DNS_OPT_EXPIRE:
+ /*
+ * Request has zero length. Response is 32 bits.
+ */
+ if (length != 0 && length != 4)
+ return (DNS_R_FORMERR);
+ isc_region_consume(&sregion, length);
+ break;
+ default:
+ isc_region_consume(&sregion, length);
+ break;
+ }
total += length;
}
@@ -126,7 +166,7 @@
isc_buffer_availableregion(target, &tregion);
if (tregion.length < total)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, total);
+ memmove(tregion.base, sregion.base, total);
isc_buffer_forward(source, total);
isc_buffer_add(target, total);
Modified: vendor/bind/dist/lib/dns/rdata/generic/opt_41.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/opt_41.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/opt_41.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_OPT_41_H
#define GENERIC_OPT_41_H 1
-/* $Id: opt_41.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: opt_41.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC2671 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/proforma.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/proforma.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/proforma.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: proforma.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: proforma.c,v 1.38 2009/12/04 22:06:37 tbox Exp $ */
#ifndef RDATA_GENERIC_#_#_C
#define RDATA_GENERIC_#_#_C
Modified: vendor/bind/dist/lib/dns/rdata/generic/proforma.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/proforma.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/proforma.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_PROFORMA_H
#define GENERIC_PROFORMA_H 1
-/* $Id: proforma.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: proforma.h,v 1.23 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_# {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/ptr_12.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ptr_12.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ptr_12.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ptr_12.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ptr_12.c,v 1.45 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Thu Mar 16 14:05:12 PST 2000 by explorer */
Modified: vendor/bind/dist/lib/dns/rdata/generic/ptr_12.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/ptr_12.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/ptr_12.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_PTR_12_H
#define GENERIC_PTR_12_H 1
-/* $Id: ptr_12.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ptr_12.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_ptr {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/rp_17.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/rp_17.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/rp_17.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rp_17.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rp_17.c,v 1.44 2009/12/04 22:06:37 tbox Exp $ */
/* RFC1183 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/rp_17.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/rp_17.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/rp_17.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_RP_17_H
#define GENERIC_RP_17_H 1
-/* $Id: rp_17.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rp_17.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1183 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rrsig_46.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */
@@ -90,7 +90,20 @@
*/
RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
ISC_FALSE));
- RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_expire));
+ if (strlen(DNS_AS_STR(token)) <= 10U &&
+ *DNS_AS_STR(token) != '-' && *DNS_AS_STR(token) != '+') {
+ char *end;
+ unsigned long u;
+ isc_uint64_t u64;
+
+ u64 = u = strtoul(DNS_AS_STR(token), &end, 10);
+ if (u == ULONG_MAX || *end != 0)
+ RETTOK(DNS_R_SYNTAX);
+ if (u64 > 0xffffffffUL)
+ RETTOK(ISC_R_RANGE);
+ time_expire = u;
+ } else
+ RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_expire));
RETERR(uint32_tobuffer(time_expire, target));
/*
@@ -98,7 +111,20 @@
*/
RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
ISC_FALSE));
- RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_signed));
+ if (strlen(DNS_AS_STR(token)) <= 10U &&
+ *DNS_AS_STR(token) != '-' && *DNS_AS_STR(token) != '+') {
+ char *end;
+ unsigned long u;
+ isc_uint64_t u64;
+
+ u64 = u = strtoul(DNS_AS_STR(token), &end, 10);
+ if (u == ULONG_MAX || *end != 0)
+ RETTOK(DNS_R_SYNTAX);
+ if (u64 > 0xffffffffUL)
+ RETTOK(ISC_R_RANGE);
+ time_signed = u;
+ } else
+ RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_signed));
RETERR(uint32_tobuffer(time_signed, target));
/*
Modified: vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/rrsig_46.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_DNSSIG_46_H
#define GENERIC_DNSSIG_46_H 1
-/* $Id: rrsig_46.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rrsig_46.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC2535 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/rt_21.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/rt_21.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/rt_21.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rt_21.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rt_21.c,v 1.48 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Thu Mar 16 15:02:31 PST 2000 by brister */
@@ -109,7 +109,7 @@
return (ISC_R_NOSPACE);
if (sregion.length < 2)
return (ISC_R_UNEXPECTEDEND);
- memcpy(tregion.base, sregion.base, 2);
+ memmove(tregion.base, sregion.base, 2);
isc_buffer_forward(source, 2);
isc_buffer_add(target, 2);
return (dns_name_fromwire(&name, source, dctx, options, target));
@@ -130,7 +130,7 @@
dns_rdata_toregion(rdata, ®ion);
if (tr.length < 2)
return (ISC_R_NOSPACE);
- memcpy(tr.base, region.base, 2);
+ memmove(tr.base, region.base, 2);
isc_region_consume(®ion, 2);
isc_buffer_add(target, 2);
Modified: vendor/bind/dist/lib/dns/rdata/generic/rt_21.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/rt_21.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/rt_21.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_RT_21_H
#define GENERIC_RT_21_H 1
-/* $Id: rt_21.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rt_21.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1183 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/sig_24.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/sig_24.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/sig_24.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sig_24.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */
Modified: vendor/bind/dist/lib/dns/rdata/generic/sig_24.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/sig_24.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/sig_24.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_SIG_24_H
#define GENERIC_SIG_24_H 1
-/* $Id: sig_24.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: sig_24.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC2535 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/soa_6.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/soa_6.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/soa_6.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: soa_6.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Thu Mar 16 15:18:32 PST 2000 by explorer */
@@ -186,7 +186,7 @@
if (tregion.length < 20)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, 20);
+ memmove(tregion.base, sregion.base, 20);
isc_buffer_forward(source, 20);
isc_buffer_add(target, 20);
@@ -224,7 +224,7 @@
if (tregion.length < 20)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, 20);
+ memmove(tregion.base, sregion.base, 20);
isc_buffer_add(target, 20);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/soa_6.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/soa_6.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/soa_6.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_SOA_6_H
#define GENERIC_SOA_6_H 1
-/* $Id: soa_6.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: soa_6.h,v 1.32 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_soa {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/spf_99.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/spf_99.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/spf_99.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: spf_99.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: spf_99.c,v 1.6 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Thu Mar 16 15:40:00 PST 2000 by bwelling */
@@ -64,7 +64,7 @@
dns_rdata_toregion(rdata, ®ion);
while (region.length > 0) {
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
if (region.length > 0)
RETERR(str_totext(" ", target));
}
@@ -103,7 +103,7 @@
if (region.length < rdata->length)
return (ISC_R_NOSPACE);
- memcpy(region.base, rdata->data, rdata->length);
+ memmove(region.base, rdata->data, rdata->length);
isc_buffer_add(target, rdata->length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/spf_99.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/spf_99.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/spf_99.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_SPF_99_H
#define GENERIC_SPF_99_H 1
-/* $Id: spf_99.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: spf_99.h,v 1.4 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_spf_string {
isc_uint8_t length;
Modified: vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sshfp_44.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/* RFC 4255 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/sshfp_44.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sshfp_44.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: sshfp_44.h,v 1.8 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC 4255 */
Modified: vendor/bind/dist/lib/dns/rdata/generic/tkey_249.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/tkey_249.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/tkey_249.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tkey_249.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*
* Reviewed: Thu Mar 16 17:35:30 PST 2000 by halley.
@@ -459,6 +459,7 @@
/*
* Key.
*/
+ INSIST(tkey->keylen + 2U <= sr.length);
tkey->key = mem_maybedup(mctx, sr.base, tkey->keylen);
if (tkey->key == NULL)
goto cleanup;
@@ -473,6 +474,7 @@
/*
* Other.
*/
+ INSIST(tkey->otherlen <= sr.length);
tkey->other = mem_maybedup(mctx, sr.base, tkey->otherlen);
if (tkey->other == NULL)
goto cleanup;
Modified: vendor/bind/dist/lib/dns/rdata/generic/tkey_249.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/tkey_249.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/tkey_249.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_TKEY_249_H
#define GENERIC_TKEY_249_H 1
-/* $Id: tkey_249.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: tkey_249.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per draft-ietf-dnsind-tkey-00.txt */
Modified: vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,9 +14,9 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tlsa_52.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
-/* draft-ietf-dane-protocol-19.txt */
+/* rfc6698.txt */
#ifndef RDATA_GENERIC_TLSA_52_C
#define RDATA_GENERIC_TLSA_52_C
Modified: vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/tlsa_52.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,13 +14,13 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tlsa_52.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef GENERIC_TLSA_52_H
#define GENERIC_TLSA_52_H 1
/*!
- * \brief per draft-ietf-dane-protocol-19.txt
+ * \brief per rfc6698.txt
*/
typedef struct dns_rdata_tlsa {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/txt_16.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/txt_16.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/txt_16.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: txt_16.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: txt_16.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Thu Mar 16 15:40:00 PST 2000 by bwelling */
@@ -71,7 +71,7 @@
dns_rdata_toregion(rdata, ®ion);
while (region.length > 0) {
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
if (region.length > 0)
RETERR(str_totext(" ", target));
}
@@ -110,7 +110,7 @@
if (region.length < rdata->length)
return (ISC_R_NOSPACE);
- memcpy(region.base, rdata->data, rdata->length);
+ memmove(region.base, rdata->data, rdata->length);
isc_buffer_add(target, rdata->length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/txt_16.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/txt_16.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/txt_16.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_TXT_16_H
#define GENERIC_TXT_16_H 1
-/* $Id: txt_16.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: txt_16.h,v 1.28 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_txt_string {
isc_uint8_t length;
Modified: vendor/bind/dist/lib/dns/rdata/generic/unspec_103.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/unspec_103.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/unspec_103.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: unspec_103.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: unspec_103.c,v 1.37 2009/12/04 22:06:37 tbox Exp $ */
#ifndef RDATA_GENERIC_UNSPEC_103_C
#define RDATA_GENERIC_UNSPEC_103_C
Modified: vendor/bind/dist/lib/dns/rdata/generic/unspec_103.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/unspec_103.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/unspec_103.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef GENERIC_UNSPEC_103_H
#define GENERIC_UNSPEC_103_H 1
-/* $Id: unspec_103.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: unspec_103.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_unspec_t {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/uri_256.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/uri_256.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/uri_256.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: uri_256.c,v 1.1.1.1 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: uri_256.c,v 1.2 2011/03/03 14:10:27 fdupont Exp $ */
#ifndef GENERIC_URI_256_C
#define GENERIC_URI_256_C 1
@@ -115,15 +115,12 @@
isc_buffer_activeregion(source, ®ion);
if (region.length < 4)
return (ISC_R_UNEXPECTEDEND);
- RETERR(mem_tobuffer(target, region.base, 4));
- isc_buffer_forward(source, 4);
/*
- * Target URI
+ * Priority, weight and target URI
*/
- RETERR(multitxt_fromwire(source, target));
-
- return (ISC_R_SUCCESS);
+ isc_buffer_forward(source, region.length);
+ return (mem_tobuffer(target, region.base, region.length));
}
static inline isc_result_t
@@ -178,8 +175,6 @@
static inline isc_result_t
fromstruct_uri(ARGS_FROMSTRUCT) {
dns_rdata_uri_t *uri = source;
- isc_region_t region;
- isc_uint8_t len;
REQUIRE(type == 256);
REQUIRE(source != NULL);
@@ -203,18 +198,6 @@
/*
* Target URI
*/
- len = 255U;
- region.base = uri->target;
- region.length = uri->tgt_len;
- while (region.length > 0) {
- REQUIRE(len == 255U);
- len = uint8_fromregion(®ion);
- isc_region_consume(®ion, 1);
- if (region.length < len)
- return (ISC_R_UNEXPECTEDEND);
- isc_region_consume(®ion, len);
- }
-
return (mem_tobuffer(target, uri->target, uri->tgt_len));
}
Modified: vendor/bind/dist/lib/dns/rdata/generic/uri_256.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/uri_256.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/uri_256.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -17,7 +17,7 @@
#ifndef GENERIC_URI_256_H
#define GENERIC_URI_256_H 1
-/* $Id: uri_256.h,v 1.1.1.1 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: uri_256.h,v 1.2 2011/03/03 14:10:27 fdupont Exp $ */
typedef struct dns_rdata_uri {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/generic/x25_19.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/x25_19.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/x25_19.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: x25_19.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: x25_19.c,v 1.41 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Thu Mar 16 16:15:57 PST 2000 by bwelling */
@@ -60,7 +60,7 @@
REQUIRE(rdata->length != 0);
dns_rdata_toregion(rdata, ®ion);
- return (txt_totext(®ion, target));
+ return (txt_totext(®ion, ISC_TRUE, target));
}
static inline isc_result_t
Modified: vendor/bind/dist/lib/dns/rdata/generic/x25_19.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/generic/x25_19.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/generic/x25_19.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef GENERIC_X25_19_H
#define GENERIC_X25_19_H 1
-/* $Id: x25_19.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: x25_19.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1183 */
Modified: vendor/bind/dist/lib/dns/rdata/hs_4/a_1.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/hs_4/a_1.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/hs_4/a_1.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: a_1.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a_1.c,v 1.33 2009/12/04 22:06:37 tbox Exp $ */
/* reviewed: Thu Mar 16 15:58:36 PST 2000 by brister */
@@ -48,7 +48,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < 4)
return (ISC_R_NOSPACE);
- memcpy(region.base, &addr, 4);
+ memmove(region.base, &addr, 4);
isc_buffer_add(target, 4);
return (ISC_R_SUCCESS);
}
@@ -87,7 +87,7 @@
if (tregion.length < 4)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, 4);
+ memmove(tregion.base, sregion.base, 4);
isc_buffer_forward(source, 4);
isc_buffer_add(target, 4);
return (ISC_R_SUCCESS);
@@ -106,7 +106,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < rdata->length)
return (ISC_R_NOSPACE);
- memcpy(region.base, rdata->data, rdata->length);
+ memmove(region.base, rdata->data, rdata->length);
isc_buffer_add(target, 4);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/hs_4/a_1.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/hs_4/a_1.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/hs_4/a_1.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef HS_4_A_1_H
#define HS_4_A_1_H 1
-/* $Id: a_1.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a_1.h,v 1.12 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_hs_a {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/in_1/a6_38.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/a6_38.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/a6_38.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: a6_38.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a6_38.c,v 1.56 2009/12/04 22:06:37 tbox Exp $ */
/* RFC2874 */
@@ -122,7 +122,7 @@
if (prefixlen != 128) {
octets = prefixlen/8;
memset(addr, 0, sizeof(addr));
- memcpy(&addr[octets], sr.base, 16 - octets);
+ memmove(&addr[octets], sr.base, 16 - octets);
mask = 0xff >> (prefixlen % 8);
addr[octets] &= mask;
ar.base = addr;
@@ -347,7 +347,7 @@
if (a6->prefixlen != 128) {
octets = 16 - a6->prefixlen / 8;
INSIST(r.length >= octets);
- memcpy(a6->in6_addr.s6_addr + 16 - octets, r.base, octets);
+ memmove(a6->in6_addr.s6_addr + 16 - octets, r.base, octets);
isc_region_consume(&r, octets);
}
Modified: vendor/bind/dist/lib/dns/rdata/in_1/a6_38.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/a6_38.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/a6_38.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_A6_38_H
#define IN_1_A6_38_H 1
-/* $Id: a6_38.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a6_38.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC2874 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/a_1.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/a_1.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/a_1.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: a_1.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a_1.c,v 1.55 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Thu Mar 16 16:52:50 PST 2000 by bwelling */
@@ -50,7 +50,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < 4)
return (ISC_R_NOSPACE);
- memcpy(region.base, &addr, 4);
+ memmove(region.base, &addr, 4);
isc_buffer_add(target, 4);
return (ISC_R_SUCCESS);
}
@@ -89,7 +89,7 @@
if (tregion.length < 4)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, 4);
+ memmove(tregion.base, sregion.base, 4);
isc_buffer_forward(source, 4);
isc_buffer_add(target, 4);
return (ISC_R_SUCCESS);
@@ -108,7 +108,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < rdata->length)
return (ISC_R_NOSPACE);
- memcpy(region.base, rdata->data, rdata->length);
+ memmove(region.base, rdata->data, rdata->length);
isc_buffer_add(target, 4);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/in_1/a_1.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/a_1.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/a_1.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef IN_1_A_1_H
#define IN_1_A_1_H 1
-/* $Id: a_1.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: a_1.h,v 1.28 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_in_a {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aaaa_28.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: aaaa_28.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Thu Mar 16 16:52:50 PST 2000 by bwelling */
@@ -51,7 +51,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < 16)
return (ISC_R_NOSPACE);
- memcpy(region.base, addr, 16);
+ memmove(region.base, addr, 16);
isc_buffer_add(target, 16);
return (ISC_R_SUCCESS);
}
@@ -90,7 +90,7 @@
if (tregion.length < 16)
return (ISC_R_NOSPACE);
- memcpy(tregion.base, sregion.base, 16);
+ memmove(tregion.base, sregion.base, 16);
isc_buffer_forward(source, 16);
isc_buffer_add(target, 16);
return (ISC_R_SUCCESS);
@@ -109,7 +109,7 @@
isc_buffer_availableregion(target, ®ion);
if (region.length < rdata->length)
return (ISC_R_NOSPACE);
- memcpy(region.base, rdata->data, rdata->length);
+ memmove(region.base, rdata->data, rdata->length);
isc_buffer_add(target, 16);
return (ISC_R_SUCCESS);
}
@@ -165,7 +165,7 @@
dns_rdata_toregion(rdata, &r);
INSIST(r.length == 16);
- memcpy(aaaa->in6_addr.s6_addr, r.base, 16);
+ memmove(aaaa->in6_addr.s6_addr, r.base, 16);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/aaaa_28.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_AAAA_28_H
#define IN_1_AAAA_28_H 1
-/* $Id: aaaa_28.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: aaaa_28.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1886 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/apl_42.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/apl_42.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/apl_42.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: apl_42.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: apl_42.c,v 1.16 2009/12/04 22:06:37 tbox Exp $ */
/* RFC3123 */
@@ -148,7 +148,7 @@
INSIST(len <= 4);
INSIST(prefix <= 32);
memset(buf, 0, sizeof(buf));
- memcpy(buf, sr.base, len);
+ memmove(buf, sr.base, len);
RETERR(inet_totext(AF_INET, &ir, target));
break;
@@ -156,7 +156,7 @@
INSIST(len <= 16);
INSIST(prefix <= 128);
memset(buf, 0, sizeof(buf));
- memcpy(buf, sr.base, len);
+ memmove(buf, sr.base, len);
RETERR(inet_totext(AF_INET6, &ir, target));
break;
Modified: vendor/bind/dist/lib/dns/rdata/in_1/apl_42.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/apl_42.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/apl_42.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#ifndef IN_1_APL_42_H
#define IN_1_APL_42_H 1
-/* $Id: apl_42.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: apl_42.h,v 1.6 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_apl_ent {
isc_boolean_t negative;
Modified: vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dhcid_49.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* RFC 4701 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/dhcid_49.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_DHCID_49_H
#define IN_1_DHCID_49_H 1
-/* $Id: dhcid_49.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dhcid_49.h,v 1.5 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_in_dhcid {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/in_1/kx_36.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/kx_36.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/kx_36.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: kx_36.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: kx_36.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Thu Mar 16 17:24:54 PST 2000 by explorer */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/kx_36.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/kx_36.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/kx_36.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_KX_36_H
#define IN_1_KX_36_H 1
-/* $Id: kx_36.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: kx_36.h,v 1.20 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC2230 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: naptr_35.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Thu Mar 16 16:52:50 PST 2000 by bwelling */
@@ -226,19 +226,19 @@
/*
* Flags.
*/
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
RETERR(str_totext(" ", target));
/*
* Service.
*/
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
RETERR(str_totext(" ", target));
/*
* Regexp.
*/
- RETERR(txt_totext(®ion, target));
+ RETERR(txt_totext(®ion, ISC_TRUE, target));
RETERR(str_totext(" ", target));
/*
Modified: vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/naptr_35.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_NAPTR_35_H
#define IN_1_NAPTR_35_H 1
-/* $Id: naptr_35.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*!
* \brief Per RFC2915 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsap-ptr_23.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nsap-ptr_23.c,v 1.40 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Fri Mar 17 10:16:02 PST 2000 by gson */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_NSAP_PTR_23_H
#define IN_1_NSAP_PTR_23_H 1
-/* $Id: nsap-ptr_23.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nsap-ptr_23.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1348. Obsoleted in RFC 1706 - use PTR instead. */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsap_22.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: nsap_22.c,v 1.44 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Fri Mar 17 10:41:07 PST 2000 by gson */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/nsap_22.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_NSAP_22_H
#define IN_1_NSAP_22_H 1
-/* $Id: nsap_22.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: nsap_22.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC1706 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/px_26.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/px_26.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/px_26.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: px_26.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: px_26.c,v 1.45 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Mon Mar 20 10:44:27 PST 2000 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/px_26.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/px_26.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/px_26.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_PX_26_H
#define IN_1_PX_26_H 1
-/* $Id: px_26.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: px_26.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \brief Per RFC2163 */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/srv_33.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/srv_33.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/srv_33.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: srv_33.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: srv_33.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
/* Reviewed: Fri Mar 17 13:01:00 PST 2000 by bwelling */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/srv_33.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/srv_33.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/srv_33.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_SRV_33_H
#define IN_1_SRV_33_H 1
-/* $Id: srv_33.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: srv_33.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */
/* Reviewed: Fri Mar 17 13:01:00 PST 2000 by bwelling */
Modified: vendor/bind/dist/lib/dns/rdata/in_1/wks_11.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/wks_11.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/wks_11.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: wks_11.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* Reviewed: Fri Mar 17 15:01:49 PST 2000 by explorer */
@@ -98,7 +98,7 @@
RETTOK(DNS_R_BADDOTTEDQUAD);
if (region.length < 4)
return (ISC_R_NOSPACE);
- memcpy(region.base, &addr, 4);
+ memmove(region.base, &addr, 4);
isc_buffer_add(target, 4);
/*
@@ -222,7 +222,7 @@
if (tr.length < sr.length)
return (ISC_R_NOSPACE);
- memcpy(tr.base, sr.base, sr.length);
+ memmove(tr.base, sr.base, sr.length);
isc_buffer_add(target, sr.length);
isc_buffer_forward(source, sr.length);
@@ -278,7 +278,7 @@
a = ntohl(wks->in_addr.s_addr);
RETERR(uint32_tobuffer(a, target));
- RETERR(uint16_tobuffer(wks->protocol, target));
+ RETERR(uint8_tobuffer(wks->protocol, target));
return (mem_tobuffer(target, wks->map, wks->map_len));
}
@@ -300,8 +300,8 @@
n = uint32_fromregion(®ion);
wks->in_addr.s_addr = htonl(n);
isc_region_consume(®ion, 4);
- wks->protocol = uint16_fromregion(®ion);
- isc_region_consume(®ion, 2);
+ wks->protocol = uint8_fromregion(®ion);
+ isc_region_consume(®ion, 1);
wks->map_len = region.length;
wks->map = mem_maybedup(mctx, region.base, region.length);
if (wks->map == NULL)
Modified: vendor/bind/dist/lib/dns/rdata/in_1/wks_11.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/in_1/wks_11.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/in_1/wks_11.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef IN_1_WKS_11_H
#define IN_1_WKS_11_H 1
-/* $Id: wks_11.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: wks_11.h,v 1.22 2007/06/19 23:47:17 tbox Exp $ */
typedef struct dns_rdata_in_wks {
dns_rdatacommon_t common;
Modified: vendor/bind/dist/lib/dns/rdata/rdatastructpre.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/rdatastructpre.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/rdatastructpre.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatastructpre.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rdatastructpre.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */
#ifndef DNS_RDATASTRUCT_H
#define DNS_RDATASTRUCT_H 1
Modified: vendor/bind/dist/lib/dns/rdata/rdatastructsuf.h
===================================================================
--- vendor/bind/dist/lib/dns/rdata/rdatastructsuf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata/rdatastructsuf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatastructsuf.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rdatastructsuf.h,v 1.10 2007/06/19 23:47:17 tbox Exp $ */
ISC_LANG_ENDDECLS
Modified: vendor/bind/dist/lib/dns/rdata.c
===================================================================
--- vendor/bind/dist/lib/dns/rdata.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdata.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -114,7 +114,7 @@
} dns_rdata_textctx_t;
static isc_result_t
-txt_totext(isc_region_t *source, isc_buffer_t *target);
+txt_totext(isc_region_t *source, isc_boolean_t quote, isc_buffer_t *target);
static isc_result_t
txt_fromtext(isc_textregion_t *source, isc_buffer_t *target);
@@ -128,9 +128,6 @@
static isc_result_t
multitxt_fromtext(isc_textregion_t *source, isc_buffer_t *target);
-static isc_result_t
-multitxt_fromwire(isc_buffer_t *source, isc_buffer_t *target);
-
static isc_boolean_t
name_prefix(dns_name_t *name, dns_name_t *origin, dns_name_t *target);
@@ -279,7 +276,7 @@
}
if (tp != endp)
return (0);
- memcpy(dst, tmp, NS_LOCATORSZ);
+ memmove(dst, tmp, NS_LOCATORSZ);
return (1);
}
@@ -320,7 +317,7 @@
return (source);
new = isc_mem_allocate(mctx, length);
if (new != NULL)
- memcpy(new, source, length);
+ memmove(new, source, length);
return (new);
}
@@ -500,7 +497,7 @@
isc_buffer_t st;
isc_boolean_t use_default = ISC_FALSE;
isc_uint32_t activelength;
- size_t length;
+ unsigned int length;
REQUIRE(dctx != NULL);
if (rdata != NULL) {
@@ -587,7 +584,7 @@
isc_buffer_availableregion(target, &tr);
if (tr.length < rdata->length)
return (ISC_R_NOSPACE);
- memcpy(tr.base, rdata->data, rdata->length);
+ memmove(tr.base, rdata->data, rdata->length);
isc_buffer_add(target, rdata->length);
return (ISC_R_SUCCESS);
}
@@ -681,7 +678,7 @@
unsigned long line;
void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
isc_result_t tresult;
- size_t length;
+ unsigned int length;
isc_boolean_t unknown;
REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
@@ -908,7 +905,7 @@
isc_buffer_t st;
isc_region_t region;
isc_boolean_t use_default = ISC_FALSE;
- size_t length;
+ unsigned int length;
REQUIRE(source != NULL);
if (rdata != NULL) {
@@ -1123,7 +1120,7 @@
}
static isc_result_t
-txt_totext(isc_region_t *source, isc_buffer_t *target) {
+txt_totext(isc_region_t *source, isc_boolean_t quote, isc_buffer_t *target) {
unsigned int tl;
unsigned int n;
unsigned char *sp;
@@ -1138,13 +1135,20 @@
n = *sp++;
REQUIRE(n + 1 <= source->length);
+ if (n == 0U)
+ REQUIRE(quote == ISC_TRUE);
- if (tl < 1)
- return (ISC_R_NOSPACE);
- *tp++ = '"';
- tl--;
+ if (quote) {
+ if (tl < 1)
+ return (ISC_R_NOSPACE);
+ *tp++ = '"';
+ tl--;
+ }
while (n--) {
- if (*sp < 0x20 || *sp >= 0x7f) {
+ /*
+ * \DDD space (0x20) if not quoting.
+ */
+ if (*sp < (quote ? 0x20 : 0x21) || *sp >= 0x7f) {
if (tl < 4)
return (ISC_R_NOSPACE);
*tp++ = 0x5c;
@@ -1155,8 +1159,13 @@
tl -= 4;
continue;
}
- /* double quote, semi-colon, backslash */
- if (*sp == 0x22 || *sp == 0x3b || *sp == 0x5c) {
+ /*
+ * Escape double quote, semi-colon, backslash.
+ * If we are not enclosing the string in double
+ * quotes also escape at sign.
+ */
+ if (*sp == 0x22 || *sp == 0x3b || *sp == 0x5c ||
+ (!quote && *sp == 0x40)) {
if (tl < 2)
return (ISC_R_NOSPACE);
*tp++ = '\\';
@@ -1167,11 +1176,13 @@
*tp++ = *sp++;
tl--;
}
- if (tl < 1)
- return (ISC_R_NOSPACE);
- *tp++ = '"';
- tl--;
- isc_buffer_add(target, tp - (char *)region.base);
+ if (quote) {
+ if (tl < 1)
+ return (ISC_R_NOSPACE);
+ *tp++ = '"';
+ tl--;
+ }
+ isc_buffer_add(target, (unsigned int)(tp - (char *)region.base));
isc_region_consume(source, *source->base + 1);
return (ISC_R_SUCCESS);
}
@@ -1237,7 +1248,7 @@
}
if (escape)
return (DNS_R_SYNTAX);
- *tregion.base = t - tregion.base - 1;
+ *tregion.base = (unsigned char)(t - tregion.base - 1);
isc_buffer_add(target, *tregion.base + 1);
return (ISC_R_SUCCESS);
}
@@ -1260,12 +1271,15 @@
return (ISC_R_NOSPACE);
if (tregion.base != sregion.base)
- memcpy(tregion.base, sregion.base, n);
+ memmove(tregion.base, sregion.base, n);
isc_buffer_forward(source, n);
isc_buffer_add(target, n);
return (ISC_R_SUCCESS);
}
+/*
+ * Conversion of TXT-like rdata fields without length limits.
+ */
static isc_result_t
multitxt_totext(isc_region_t *source, isc_buffer_t *target) {
unsigned int tl;
@@ -1284,10 +1298,9 @@
*tp++ = '"';
tl--;
do {
- n0 = n = *sp++;
+ n = source->length;
+ n0 = source->length - 1;
- REQUIRE(n0 + 1 <= source->length);
-
while (n--) {
if (*sp < 0x20 || *sp >= 0x7f) {
if (tl < 4)
@@ -1318,7 +1331,7 @@
return (ISC_R_NOSPACE);
*tp++ = '"';
tl--;
- isc_buffer_add(target, tp - (char *)region.base);
+ isc_buffer_add(target, (unsigned int)(tp - (char *)region.base));
return (ISC_R_SUCCESS);
}
@@ -1338,17 +1351,11 @@
do {
isc_buffer_availableregion(target, &tregion);
- t0 = tregion.base;
+ t0 = t = tregion.base;
nrem = tregion.length;
if (nrem < 1)
return (ISC_R_NOSPACE);
- /* length byte */
- t = t0;
- nrem--;
- t++;
- /* 255 byte character-string slice */
- if (nrem > 255)
- nrem = 255;
+
while (n != 0) {
--n;
c = (*s++) & 0xff;
@@ -1382,41 +1389,12 @@
}
if (escape)
return (DNS_R_SYNTAX);
- *t0 = t - t0 - 1;
- isc_buffer_add(target, *t0 + 1);
+
+ isc_buffer_add(target, t - t0);
} while (n != 0);
return (ISC_R_SUCCESS);
}
-static isc_result_t
-multitxt_fromwire(isc_buffer_t *source, isc_buffer_t *target) {
- unsigned int n;
- isc_region_t sregion;
- isc_region_t tregion;
-
- isc_buffer_activeregion(source, &sregion);
- if (sregion.length == 0)
- return(ISC_R_UNEXPECTEDEND);
- n = 256U;
- do {
- if (n != 256U)
- return (DNS_R_SYNTAX);
- n = *sregion.base + 1;
- if (n > sregion.length)
- return (ISC_R_UNEXPECTEDEND);
-
- isc_buffer_availableregion(target, &tregion);
- if (n > tregion.length)
- return (ISC_R_NOSPACE);
-
- memcpy(tregion.base, sregion.base, n);
- isc_buffer_forward(source, n);
- isc_buffer_add(target, n);
- isc_buffer_activeregion(source, &sregion);
- } while (sregion.length != 0);
- return (ISC_R_SUCCESS);
-}
-
static isc_boolean_t
name_prefix(dns_name_t *name, dns_name_t *origin, dns_name_t *target) {
int l1, l2;
@@ -1460,7 +1438,7 @@
if (l > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, source, l);
+ memmove(region.base, source, l);
isc_buffer_add(target, l);
return (ISC_R_SUCCESS);
}
@@ -1586,7 +1564,7 @@
if (length > tr.length)
return (ISC_R_NOSPACE);
if (tr.base != base)
- memcpy(tr.base, base, length);
+ memmove(tr.base, base, length);
isc_buffer_add(target, length);
return (ISC_R_SUCCESS);
}
@@ -1604,7 +1582,7 @@
c = tolower(c);
if ((s = strchr(hexdigits, c)) == NULL)
return (-1);
- return (s - hexdigits);
+ return (int)(s - hexdigits);
}
static int
@@ -1619,7 +1597,7 @@
return (-1);
if ((s = strchr(decdigits, value)) == NULL)
return (-1);
- return (s - decdigits);
+ return (int)(s - decdigits);
}
static const char atob_digits[86] =
@@ -1679,15 +1657,15 @@
}
} else if ((s = strchr(atob_digits, c)) != NULL) {
if (bcount == 0) {
- word = s - atob_digits;
+ word = (isc_int32_t)(s - atob_digits);
++bcount;
} else if (bcount < 4) {
word = times85(word);
- word += s - atob_digits;
+ word += (isc_int32_t)(s - atob_digits);
++bcount;
} else {
word = times85(word);
- word += s - atob_digits;
+ word += (isc_int32_t)(s - atob_digits);
RETERR(putbyte((word >> 24) & 0xff, target, state));
RETERR(putbyte((word >> 16) & 0xff, target, state));
RETERR(putbyte((word >> 8) & 0xff, target, state));
Modified: vendor/bind/dist/lib/dns/rdatalist.c
===================================================================
--- vendor/bind/dist/lib/dns/rdatalist.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdatalist.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatalist.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/rdatalist_p.h
===================================================================
--- vendor/bind/dist/lib/dns/rdatalist_p.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdatalist_p.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatalist_p.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: rdatalist_p.h,v 1.11 2008/09/25 04:02:38 tbox Exp $ */
#ifndef DNS_RDATALIST_P_H
#define DNS_RDATALIST_P_H
Modified: vendor/bind/dist/lib/dns/rdataset.c
===================================================================
--- vendor/bind/dist/lib/dns/rdataset.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdataset.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdataset.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/rdatasetiter.c
===================================================================
--- vendor/bind/dist/lib/dns/rdatasetiter.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdatasetiter.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdatasetiter.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: rdatasetiter.c,v 1.16 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/rdataslab.c
===================================================================
--- vendor/bind/dist/lib/dns/rdataslab.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rdataslab.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdataslab.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -148,22 +148,37 @@
buflen = reservelen + 2;
- nalloc = dns_rdataset_count(rdataset);
- nitems = nalloc;
- if (nitems == 0 && rdataset->type != 0)
- return (ISC_R_FAILURE);
+ nitems = dns_rdataset_count(rdataset);
- if (nalloc > 0xffff)
+ /*
+ * If there are no rdata then we can just need to allocate a header
+ * with zero a record count.
+ */
+ if (nitems == 0) {
+ if (rdataset->type != 0)
+ return (ISC_R_FAILURE);
+ rawbuf = isc_mem_get(mctx, buflen);
+ if (rawbuf == NULL)
+ return (ISC_R_NOMEMORY);
+ region->base = rawbuf;
+ region->length = buflen;
+ rawbuf += reservelen;
+ *rawbuf++ = 0;
+ *rawbuf = 0;
+ return (ISC_R_SUCCESS);
+ }
+
+ if (nitems > 0xffff)
return (ISC_R_NOSPACE);
+ /*
+ * Remember the original number of items.
+ */
+ nalloc = nitems;
+ x = isc_mem_get(mctx, nalloc * sizeof(struct xrdata));
+ if (x == NULL)
+ return (ISC_R_NOMEMORY);
- if (nalloc != 0) {
- x = isc_mem_get(mctx, nalloc * sizeof(struct xrdata));
- if (x == NULL)
- return (ISC_R_NOMEMORY);
- } else
- x = NULL;
-
/*
* Save all of the rdata members into an array.
*/
@@ -180,12 +195,12 @@
#endif
result = dns_rdataset_next(rdataset);
}
- if (result != ISC_R_NOMORE)
- goto free_rdatas;
- if (i != nalloc) {
+ if (i != nalloc || result != ISC_R_NOMORE) {
/*
* Somehow we iterated over fewer rdatas than
- * dns_rdataset_count() said there were!
+ * dns_rdataset_count() said there were or there
+ * were more items than dns_rdataset_count said
+ * there were.
*/
result = ISC_R_FAILURE;
goto free_rdatas;
@@ -194,7 +209,8 @@
/*
* Put into DNSSEC order.
*/
- qsort(x, nalloc, sizeof(struct xrdata), compare_rdata);
+ if (nalloc > 1U)
+ qsort(x, nalloc, sizeof(struct xrdata), compare_rdata);
/*
* Remove duplicates and compute the total storage required.
@@ -230,17 +246,15 @@
buflen++;
}
}
+
/*
* Don't forget the last item!
*/
- if (nalloc != 0) {
#if DNS_RDATASET_FIXED
- buflen += (8 + x[i-1].rdata.length);
+ buflen += (8 + x[i-1].rdata.length);
#else
- buflen += (2 + x[i-1].rdata.length);
+ buflen += (2 + x[i-1].rdata.length);
#endif
- }
-
/*
* Provide space to store the per RR meta data.
*/
@@ -318,7 +332,7 @@
*rawbuf++ |= (x[i].rdata.flags & DNS_RDATA_OFFLINE) ?
DNS_RDATASLAB_OFFLINE : 0;
}
- memcpy(rawbuf, x[i].rdata.data, x[i].rdata.length);
+ memmove(rawbuf, x[i].rdata.data, x[i].rdata.length);
rawbuf += x[i].rdata.length;
}
@@ -330,8 +344,7 @@
result = ISC_R_SUCCESS;
free_rdatas:
- if (x != NULL)
- isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata));
+ isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata));
return (result);
}
@@ -711,7 +724,7 @@
tstart = isc_mem_get(mctx, tlength);
if (tstart == NULL)
return (ISC_R_NOMEMORY);
- memcpy(tstart, nslab, reservelen);
+ memmove(tstart, nslab, reservelen);
tcurrent = tstart + reservelen;
#if DNS_RDATASET_FIXED
offsetbase = tcurrent;
@@ -790,7 +803,7 @@
#if DNS_RDATASET_FIXED
tcurrent += 2; /* fill in later */
#endif
- memcpy(tcurrent, data, length);
+ memmove(tcurrent, data, length);
tcurrent += length;
oadded++;
if (oadded < ocount) {
@@ -817,7 +830,7 @@
#if DNS_RDATASET_FIXED
tcurrent += 2; /* fill in later */
#endif
- memcpy(tcurrent, data, length);
+ memmove(tcurrent, data, length);
tcurrent += length;
nadded++;
if (nadded < ncount) {
@@ -913,7 +926,7 @@
* This rdata isn't in the sslab, and thus isn't
* being subtracted.
*/
- tlength += mcurrent - mrdatabegin;
+ tlength += (unsigned int)(mcurrent - mrdatabegin);
tcount++;
} else
rcount++;
@@ -949,7 +962,7 @@
tstart = isc_mem_get(mctx, tlength);
if (tstart == NULL)
return (ISC_R_NOMEMORY);
- memcpy(tstart, mslab, reservelen);
+ memmove(tstart, mslab, reservelen);
tcurrent = tstart + reservelen;
#if DNS_RDATASET_FIXED
offsetbase = tcurrent;
@@ -1000,11 +1013,12 @@
* This rdata isn't in the sslab, and thus should be
* copied to the tslab.
*/
- unsigned int length = mcurrent - mrdatabegin;
+ unsigned int length;
+ length = (unsigned int)(mcurrent - mrdatabegin);
#if DNS_RDATASET_FIXED
offsettable[order] = tcurrent - offsetbase;
#endif
- memcpy(tcurrent, mrdatabegin, length);
+ memmove(tcurrent, mrdatabegin, length);
tcurrent += length;
}
dns_rdata_reset(&mrdata);
Modified: vendor/bind/dist/lib/dns/request.c
===================================================================
--- vendor/bind/dist/lib/dns/request.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/request.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: request.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/resolver.c
===================================================================
--- vendor/bind/dist/lib/dns/resolver.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/resolver.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resolver.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -104,6 +104,7 @@
#define RTRACE(m)
#define RRTRACE(r, m)
#define FCTXTRACE(m)
+#define FCTXTRACE2(m1, m2)
#define FTRACE(m)
#define QTRACE(m)
#endif
@@ -133,7 +134,6 @@
* Maximum EDNS0 input packet size.
*/
#define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */
-#define EDNSOPTS 2
/*%
* This defines the maximum number of timeouts we will permit before we
@@ -160,6 +160,7 @@
isc_buffer_t buffer;
isc_buffer_t *tsig;
dns_tsigkey_t *tsigkey;
+ int ednsversion;
unsigned int options;
unsigned int attributes;
unsigned int sends;
@@ -340,6 +341,7 @@
struct dns_fetch {
unsigned int magic;
+ isc_mem_t * mctx;
fetchctx_t * private;
};
@@ -448,6 +450,8 @@
#define FCTX_ADDRINFO_MARK 0x0001
#define FCTX_ADDRINFO_FORWARDER 0x1000
#define FCTX_ADDRINFO_TRIED 0x2000
+#define FCTX_ADDRINFO_EDNSOK 0x4000
+
#define UNMARKED(a) (((a)->flags & FCTX_ADDRINFO_MARK) \
== 0)
#define ISFORWARDER(a) (((a)->flags & \
@@ -454,6 +458,8 @@
FCTX_ADDRINFO_FORWARDER) != 0)
#define TRIED(a) (((a)->flags & \
FCTX_ADDRINFO_TRIED) != 0)
+#define EDNSOK(a) (((a)->flags & \
+ FCTX_ADDRINFO_EDNSOK) != 0)
#define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
@@ -791,6 +797,7 @@
dns_adbfind_t *find;
dns_adbaddrinfo_t *addrinfo;
isc_socket_t *socket;
+ isc_stdtime_t now;
query = *queryp;
fctx = query->fctx;
@@ -861,14 +868,13 @@
/*
* Age RTTs of servers not tried.
*/
- factor = DNS_ADB_RTTADJAGE;
+ isc_stdtime_get(&now);
if (finish != NULL)
for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
addrinfo != NULL;
addrinfo = ISC_LIST_NEXT(addrinfo, publink))
if (UNMARKED(addrinfo))
- dns_adb_adjustsrtt(fctx->adb, addrinfo,
- 0, factor);
+ dns_adb_agesrtt(fctx->adb, addrinfo, now);
if (finish != NULL && TRIEDFIND(fctx))
for (find = ISC_LIST_HEAD(fctx->finds);
@@ -878,8 +884,8 @@
addrinfo != NULL;
addrinfo = ISC_LIST_NEXT(addrinfo, publink))
if (UNMARKED(addrinfo))
- dns_adb_adjustsrtt(fctx->adb, addrinfo,
- 0, factor);
+ dns_adb_agesrtt(fctx->adb, addrinfo,
+ now);
if (finish != NULL && TRIEDALT(fctx)) {
for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
@@ -886,8 +892,7 @@
addrinfo != NULL;
addrinfo = ISC_LIST_NEXT(addrinfo, publink))
if (UNMARKED(addrinfo))
- dns_adb_adjustsrtt(fctx->adb, addrinfo,
- 0, factor);
+ dns_adb_agesrtt(fctx->adb, addrinfo, now);
for (find = ISC_LIST_HEAD(fctx->altfinds);
find != NULL;
find = ISC_LIST_NEXT(find, publink))
@@ -895,8 +900,8 @@
addrinfo != NULL;
addrinfo = ISC_LIST_NEXT(addrinfo, publink))
if (UNMARKED(addrinfo))
- dns_adb_adjustsrtt(fctx->adb, addrinfo,
- 0, factor);
+ dns_adb_agesrtt(fctx->adb, addrinfo,
+ now);
}
/*
@@ -1132,6 +1137,10 @@
if (fctx->reason == NULL)
return;
+ /*
+ * We do not know if fctx->domain is the actual domain the record
+ * lives in or a parent domain so we have a '?' after it.
+ */
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
@@ -1666,7 +1675,7 @@
isc_boolean_t cleanup_cctx = ISC_FALSE;
isc_boolean_t secure_domain;
isc_boolean_t connecting = ISC_FALSE;
- dns_ednsopt_t ednsopts[EDNSOPTS];
+ dns_ednsopt_t ednsopts[DNS_EDNSOPTIONS];
unsigned ednsopt = 0;
fctx = query->fctx;
@@ -1813,12 +1822,12 @@
if (fctx->timeout) {
if ((triededns512(fctx, &query->addrinfo->sockaddr) ||
fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
- (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
- query->options |= DNS_FETCHOPT_NOEDNS0;
- fctx->reason = "disabling EDNS";
+ (query->options & DNS_FETCHOPT_NOEDNS0) == 0 &&
+ !EDNSOK(query->addrinfo)) {
} else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
- (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
+ (query->options & DNS_FETCHOPT_NOEDNS0) == 0 &&
+ !EDNSOK(query->addrinfo)) {
query->options |= DNS_FETCHOPT_EDNS512;
fctx->reason = "reducing the advertised EDNS UDP "
"packet size to 512 octets";
@@ -1851,12 +1860,13 @@
if (peer != NULL)
(void) dns_peer_getrequestnsid(peer, &reqnsid);
if (reqnsid) {
- INSIST(ednsopt < EDNSOPTS);
+ INSIST(ednsopt < DNS_EDNSOPTIONS);
ednsopts[ednsopt].code = DNS_OPT_NSID;
ednsopts[ednsopt].length = 0;
ednsopts[ednsopt].value = NULL;
ednsopt++;
}
+ query->ednsversion = version;
result = fctx_addopt(fctx->qmessage, version,
udpsize, ednsopts, ednsopt);
if (reqnsid && result == ISC_R_SUCCESS) {
@@ -1868,6 +1878,7 @@
* bit.
*/
query->options |= DNS_FETCHOPT_NOEDNS0;
+ query->ednsversion = -1;
}
} else {
/*
@@ -1876,8 +1887,10 @@
* not using EDNS0.
*/
query->options |= DNS_FETCHOPT_NOEDNS0;
+ query->ednsversion = -1;
}
- }
+ } else
+ query->ednsversion = -1;
/*
* If we need EDNS0 to do this query and aren't using it, we lose.
@@ -3604,12 +3617,14 @@
*/
if (dns_rdatatype_atparent(fctx->type))
findoptions |= DNS_DBFIND_NOEXACT;
- result = dns_view_findzonecut(res->view, name, domain,
- 0, findoptions, ISC_TRUE,
+ result = dns_view_findzonecut(res->view, name,
+ domain, 0, findoptions,
+ ISC_TRUE,
&fctx->nameservers,
NULL);
if (result != ISC_R_SUCCESS)
goto cleanup_name;
+
result = dns_name_dup(domain, mctx, &fctx->domain);
if (result != ISC_R_SUCCESS) {
dns_rdataset_disassociate(&fctx->nameservers);
@@ -3995,6 +4010,7 @@
isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t now;
isc_uint32_t ttl;
+ isc_uint32_t bucketnum;
UNUSED(task); /* for now */
@@ -4011,7 +4027,8 @@
FCTXTRACE("received validation completion event");
- LOCK(&res->buckets[fctx->bucketnum].lock);
+ bucketnum = fctx->bucketnum;
+ LOCK(&res->buckets[bucketnum].lock);
ISC_LIST_UNLINK(fctx->validators, vevent->validator, link);
fctx->validator = NULL;
@@ -4033,7 +4050,6 @@
* so, destroy the fctx.
*/
if (SHUTTINGDOWN(fctx) && !sentresponse) {
- isc_uint32_t bucketnum = fctx->bucketnum;
isc_boolean_t bucket_empty;
bucket_empty = maybe_destroy(fctx, ISC_TRUE);
UNLOCK(&res->buckets[bucketnum].lock);
@@ -4136,7 +4152,7 @@
result = fctx->vresult;
add_bad(fctx, addrinfo, result, badns_validation);
isc_event_free(&event);
- UNLOCK(&res->buckets[fctx->bucketnum].lock);
+ UNLOCK(&res->buckets[bucketnum].lock);
INSIST(fctx->validator == NULL);
fctx->validator = ISC_LIST_HEAD(fctx->validators);
if (fctx->validator != NULL)
@@ -4264,7 +4280,7 @@
dns_db_detachnode(fctx->cache, &node);
if (SHUTTINGDOWN(fctx))
bucket_empty = maybe_destroy(fctx, ISC_TRUE);
- UNLOCK(&res->buckets[fctx->bucketnum].lock);
+ UNLOCK(&res->buckets[bucketnum].lock);
if (bucket_empty)
empty_bucket(res);
goto cleanup_event;
@@ -4281,7 +4297,7 @@
* be validated.
*/
dns_db_detachnode(fctx->cache, &node);
- UNLOCK(&res->buckets[fctx->bucketnum].lock);
+ UNLOCK(&res->buckets[bucketnum].lock);
dns_validator_send(ISC_LIST_HEAD(fctx->validators));
goto cleanup_event;
}
@@ -4364,7 +4380,7 @@
if (node != NULL)
dns_db_detachnode(fctx->cache, &node);
- UNLOCK(&res->buckets[fctx->bucketnum].lock);
+ UNLOCK(&res->buckets[bucketnum].lock);
fctx_done(fctx, result, __LINE__); /* Locks bucket. */
cleanup_event:
@@ -4900,10 +4916,17 @@
}
}
- if (valrdataset != NULL)
- result = valcreate(fctx, addrinfo, name, fctx->type,
- valrdataset, valsigrdataset, valoptions,
- task);
+ if (valrdataset != NULL) {
+ dns_rdatatype_t vtype = fctx->type;
+ if (CHAINING(valrdataset)) {
+ if (valrdataset->type == dns_rdatatype_cname)
+ vtype = dns_rdatatype_cname;
+ else
+ vtype = dns_rdatatype_dname;
+ }
+ result = valcreate(fctx, addrinfo, name, vtype, valrdataset,
+ valsigrdataset, valoptions, task);
+ }
if (result == ISC_R_SUCCESS && have_answer) {
fctx->attributes |= FCTX_ATTR_HAVEANSWER;
@@ -5433,11 +5456,11 @@
dns_rdataset_current(rdataset, &rdata);
if (rdataset->type == dns_rdatatype_a) {
INSIST(rdata.length == sizeof(ina.s_addr));
- memcpy(&ina.s_addr, rdata.data, sizeof(ina.s_addr));
+ memmove(&ina.s_addr, rdata.data, sizeof(ina.s_addr));
isc_netaddr_fromin(&netaddr, &ina);
} else {
INSIST(rdata.length == sizeof(in6a.s6_addr));
- memcpy(in6a.s6_addr, rdata.data, sizeof(in6a.s6_addr));
+ memmove(in6a.s6_addr, rdata.data, sizeof(in6a.s6_addr));
isc_netaddr_fromin6(&netaddr, &in6a);
}
@@ -5654,7 +5677,7 @@
"unrelated %s %s in "
"%s authority section",
tbuf, qbuf, nbuf);
- return (DNS_R_FORMERR);
+ goto nextname;
}
if (type == dns_rdatatype_ns) {
/*
@@ -5717,6 +5740,7 @@
}
}
}
+ nextname:
result = dns_message_nextname(message, section);
if (result == ISC_R_NOMORE)
break;
@@ -6649,7 +6673,7 @@
unsigned char *p, *buf, *nsid;
/* Allocate buffer for storing hex version of the NSID */
- buflen = nsid_len * 2 + 1;
+ buflen = (isc_uint16_t)nsid_len * 2 + 1;
buf = isc_mem_get(mctx, buflen);
if (buf == NULL)
return;
@@ -7002,15 +7026,12 @@
* EDNS may not be supported so we can now cache the lack of
* EDNS support.
*/
- if (opt == NULL &&
+ if (opt == NULL && !EDNSOK(query->addrinfo) &&
(message->rcode == dns_rcode_noerror ||
message->rcode == dns_rcode_nxdomain ||
message->rcode == dns_rcode_refused ||
message->rcode == dns_rcode_yxdomain) &&
bad_edns(fctx, &query->addrinfo->sockaddr)) {
- char addrbuf[ISC_SOCKADDR_FORMATSIZE];
- isc_sockaddr_format(&query->addrinfo->sockaddr, addrbuf,
- sizeof(addrbuf));
dns_adb_changeflags(fctx->adb, query->addrinfo,
DNS_FETCHOPT_NOEDNS0,
DNS_FETCHOPT_NOEDNS0);
@@ -7017,6 +7038,21 @@
}
/*
+ * If we get a non error EDNS response record the fact so we
+ * won't fallback to plain DNS in the future for this server.
+ */
+ if (opt != NULL && !EDNSOK(query->addrinfo) &&
+ (query->options & DNS_FETCHOPT_NOEDNS0) == 0 &&
+ (message->rcode == dns_rcode_noerror ||
+ message->rcode == dns_rcode_nxdomain ||
+ message->rcode == dns_rcode_refused ||
+ message->rcode == dns_rcode_yxdomain)) {
+ dns_adb_changeflags(fctx->adb, query->addrinfo,
+ FCTX_ADDRINFO_EDNSOK,
+ FCTX_ADDRINFO_EDNSOK);
+ }
+
+ /*
* Deal with truncated responses by retrying using TCP.
*/
if ((message->flags & DNS_MESSAGEFLAG_TC) != 0)
@@ -7130,6 +7166,18 @@
DNS_FETCHOPT_EDNSVERSIONSET;
mask = DNS_FETCHOPT_EDNSVERSIONMASK |
DNS_FETCHOPT_EDNSVERSIONSET;
+ /*
+ * Record that we got a good EDNS response.
+ */
+ if (query->ednsversion > (int)version &&
+ !EDNSOK(query->addrinfo)) {
+ dns_adb_changeflags(fctx->adb, query->addrinfo,
+ FCTX_ADDRINFO_EDNSOK,
+ FCTX_ADDRINFO_EDNSOK);
+ }
+ /*
+ * Record the supported EDNS version.
+ */
switch (version) {
case 0:
dns_adb_changeflags(fctx->adb, query->addrinfo,
@@ -7301,9 +7349,12 @@
* NXDOMAIN, NXRDATASET, or referral.
*/
result = noanswer_response(fctx, NULL, 0);
- if (result == DNS_R_CHASEDSSERVERS) {
- } else if (result == DNS_R_DELEGATION) {
- force_referral:
+ switch (result) {
+ case ISC_R_SUCCESS:
+ case DNS_R_CHASEDSSERVERS:
+ break;
+ case DNS_R_DELEGATION:
+ force_referral:
/*
* We don't have the answer, but we know a better
* place to look.
@@ -7328,7 +7379,8 @@
fctx->adberr = 0;
result = ISC_R_SUCCESS;
- } else if (result != ISC_R_SUCCESS) {
+ break;
+ default:
/*
* Something has gone wrong.
*/
@@ -8206,6 +8258,8 @@
fetch = isc_mem_get(res->mctx, sizeof(*fetch));
if (fetch == NULL)
return (ISC_R_NOMEMORY);
+ fetch->mctx = NULL;
+ isc_mem_attach(res->mctx, &fetch->mctx);
bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets;
@@ -8296,7 +8350,7 @@
FTRACE("created");
*fetchp = fetch;
} else
- isc_mem_put(res->mctx, fetch, sizeof(*fetch));
+ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
return (result);
}
@@ -8387,7 +8441,7 @@
UNLOCK(&res->buckets[bucketnum].lock);
- isc_mem_put(res->mctx, fetch, sizeof(*fetch));
+ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
*fetchp = NULL;
if (bucket_empty)
@@ -8839,7 +8893,7 @@
}
memset(new, 0, len);
if (algorithms != NULL)
- memcpy(new, algorithms, *algorithms);
+ memmove(new, algorithms, *algorithms);
new[len-1] |= mask;
*new = len;
node->data = new;
Modified: vendor/bind/dist/lib/dns/result.c
===================================================================
--- vendor/bind/dist/lib/dns/result.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/result.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/rootns.c
===================================================================
--- vendor/bind/dist/lib/dns/rootns.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rootns.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rootns.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id: rootns.c,v 1.40 2010/06/18 05:36:24 marka Exp $ */
/*! \file */
@@ -63,6 +63,7 @@
"A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n"
"B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201\n"
"C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n"
+"C.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2::c\n"
"D.ROOT-SERVERS.NET. 3600000 IN A 199.7.91.13\n"
"D.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2d::d\n"
"E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n"
@@ -201,7 +202,7 @@
{
isc_result_t result, eresult;
isc_buffer_t source;
- size_t len;
+ unsigned int len;
dns_rdatacallbacks_t callbacks;
dns_db_t *db = NULL;
Modified: vendor/bind/dist/lib/dns/rpz.c
===================================================================
--- vendor/bind/dist/lib/dns/rpz.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rpz.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rpz.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -496,8 +496,8 @@
}
if (canon_name != NULL) {
- isc__buffer_init(&buffer, str, sizeof(str));
- isc__buffer_add(&buffer, len);
+ isc_buffer_init(&buffer, str, sizeof(str));
+ isc_buffer_add(&buffer, len);
result = dns_name_fromtext(canon_name, &buffer,
dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
@@ -504,8 +504,8 @@
return (result);
}
if (search_name != NULL) {
- isc__buffer_init(&buffer, str, sizeof(str));
- isc__buffer_add(&buffer, len);
+ isc_buffer_init(&buffer, str, sizeof(str));
+ isc_buffer_add(&buffer, len);
if (type == DNS_RPZ_TYPE_NSIP)
name = &cidr->nsip_name;
else
@@ -1115,7 +1115,7 @@
* one could cast netaddr->type.in6 to dns_rpz_cidr_key_t *,
* but there are objections.
*/
- memcpy(src_ip6.w, &netaddr->type.in6, sizeof(src_ip6.w));
+ memmove(src_ip6.w, &netaddr->type.in6, sizeof(src_ip6.w));
for (i = 0; i < 4; i++) {
tgt_ip.w[i] = ntohl(src_ip6.w[i]);
}
Modified: vendor/bind/dist/lib/dns/rriterator.c
===================================================================
--- vendor/bind/dist/lib/dns/rriterator.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/rriterator.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rriterator.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/sdb.c
===================================================================
--- vendor/bind/dist/lib/dns/sdb.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/sdb.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sdb.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/sdlz.c
===================================================================
--- vendor/bind/dist/lib/dns/sdlz.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/sdlz.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -50,7 +50,7 @@
* USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sdlz.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/soa.c
===================================================================
--- vendor/bind/dist/lib/dns/soa.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/soa.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: soa.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: soa.c,v 1.12 2009/09/10 02:18:40 each Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/spnego.asn1
===================================================================
--- vendor/bind/dist/lib/dns/spnego.asn1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/spnego.asn1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,7 +4,7 @@
-- (The above copyright notice is per RFC 3978 5.6 (a), q.v.)
--- $Id: spnego.asn1,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+-- $Id: spnego.asn1,v 1.2 2006/12/04 01:52:46 marka Exp $
-- This is the SPNEGO ASN.1 module from RFC 4178, tweaked
-- to get the Heimdal ASN.1 compiler to accept it.
Modified: vendor/bind/dist/lib/dns/spnego.c
===================================================================
--- vendor/bind/dist/lib/dns/spnego.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/spnego.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2006-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: spnego.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file
* \brief
@@ -463,7 +463,7 @@
free(buf);
return (GSS_S_FAILURE);
}
- memcpy(*outbuf, buf + buf_size - buf_len, buf_len);
+ memmove(*outbuf, buf + buf_size - buf_len, buf_len);
*outbuf_size = buf_len;
free(buf);
@@ -856,7 +856,7 @@
data->data = malloc(len);
if (data->data == NULL)
return (ENOMEM);
- memcpy(data->data, p, len);
+ memmove(data->data, p, len);
} else
data->data = NULL;
if (size)
@@ -1107,7 +1107,7 @@
if (len < 128U)
return (1);
else
- return (len_unsigned(len) + 1);
+ return (len_unsigned((unsigned int)len) + 1);
}
@@ -1191,7 +1191,7 @@
if (len < 1U)
return (ASN1_OVERFLOW);
if (val < 128U) {
- *p = val;
+ *p = (unsigned char)val;
*size = 1;
return (0);
} else {
@@ -1198,11 +1198,11 @@
size_t l;
int e;
- e = der_put_unsigned(p, len - 1, val, &l);
+ e = der_put_unsigned(p, len - 1, (unsigned int)val, &l);
if (e)
return (e);
p -= l;
- *p = 0x80 | l;
+ *p = 0x80 | (unsigned char)l;
*size = l + 1;
return (0);
}
@@ -1217,7 +1217,7 @@
p -= data->length;
len -= data->length;
POST(len);
- memcpy(p + 1, data->data, data->length);
+ memmove(p + 1, data->data, data->length);
*size = data->length;
return (0);
}
@@ -1227,10 +1227,10 @@
const oid *data, size_t *size)
{
unsigned char *base = p;
- int n;
+ size_t n;
- for (n = data->length - 1; n >= 2; --n) {
- unsigned u = data->components[n];
+ for (n = data->length; n >= 3u; --n) {
+ unsigned u = data->components[n - 1];
if (len < 1U)
return (ASN1_OVERFLOW);
@@ -1397,7 +1397,7 @@
p += len_len;
*p++ = 0x06;
*p++ = mech->length;
- memcpy(p, mech->elements, mech->length);
+ memmove(p, mech->elements, mech->length);
p += mech->length;
return (p);
}
@@ -1430,7 +1430,7 @@
gss_release_buffer(minor_status, output_token);
return (GSS_S_FAILURE);
}
- memcpy(p, buf, buf_size);
+ memmove(p, buf, buf_size);
return (GSS_S_COMPLETE);
}
Modified: vendor/bind/dist/lib/dns/spnego.h
===================================================================
--- vendor/bind/dist/lib/dns/spnego.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/spnego.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: spnego.h,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: spnego.h,v 1.4 2007/06/19 23:47:16 tbox Exp $ */
/*! \file
* \brief
Modified: vendor/bind/dist/lib/dns/spnego_asn1.c
===================================================================
--- vendor/bind/dist/lib/dns/spnego_asn1.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/spnego_asn1.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: spnego_asn1.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id: spnego_asn1.c,v 1.4 2007/06/19 23:47:16 tbox Exp $ */
/*! \file
* \brief Method routines generated from SPNEGO ASN.1 module.
@@ -229,7 +229,7 @@
int i, e;
for (i = (data)->len - 1; i >= 0; --i) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_MechType(p, len, &(data)->val[i], &l);
BACK;
@@ -257,7 +257,7 @@
len = reallen;
{
size_t origlen = len;
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
(data)->len = 0;
(data)->val = NULL;
@@ -418,7 +418,7 @@
int e;
if ((data)->mechListMIC) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_octet_string(p, len, (data)->mechListMIC, &l);
BACK;
@@ -427,7 +427,7 @@
ret += oldret;
}
if ((data)->mechToken) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_octet_string(p, len, (data)->mechToken, &l);
BACK;
@@ -436,7 +436,7 @@
ret += oldret;
}
if ((data)->reqFlags) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_ContextFlags(p, len, (data)->reqFlags, &l);
BACK;
@@ -444,7 +444,7 @@
BACK;
ret += oldret;
} {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_MechTypeList(p, len, &(data)->mechTypes, &l);
BACK;
@@ -641,7 +641,7 @@
int e;
if ((data)->mechListMIC) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_octet_string(p, len, (data)->mechListMIC, &l);
BACK;
@@ -650,7 +650,7 @@
ret += oldret;
}
if ((data)->responseToken) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_octet_string(p, len, (data)->responseToken, &l);
BACK;
@@ -659,7 +659,7 @@
ret += oldret;
}
if ((data)->supportedMech) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_MechType(p, len, (data)->supportedMech, &l);
BACK;
@@ -668,7 +668,7 @@
ret += oldret;
}
if ((data)->negState) {
- int oldret = ret;
+ size_t oldret = ret;
ret = 0;
e = encode_enumerated(p, len, (data)->negState, &l);
BACK;
Modified: vendor/bind/dist/lib/dns/spnego_asn1.pl
===================================================================
--- vendor/bind/dist/lib/dns/spnego_asn1.pl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/spnego_asn1.pl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: spnego_asn1.pl,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $
+# $Id: spnego_asn1.pl,v 1.4 2007/06/19 23:47:16 tbox Exp $
# Our SPNEGO implementation uses some functions generated by the
# Heimdal ASN.1 compiler, which this script then whacks a bit to make
@@ -99,7 +99,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: spnego_asn1.pl,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: spnego_asn1.pl,v 1.4 2007/06/19 23:47:16 tbox Exp $ */
/*! \file
* \brief Method routines generated from SPNEGO ASN.1 module.
Modified: vendor/bind/dist/lib/dns/ssu.c
===================================================================
--- vendor/bind/dist/lib/dns/ssu.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/ssu.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2010, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2010, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
/*! \file */
/*
- * $Id: ssu.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $
+ * $Id: ssu.c,v 1.38 2011/01/06 23:47:00 tbox Exp $
* Principal Author: Brian Wellington
*/
@@ -217,7 +217,7 @@
result = ISC_R_NOMEMORY;
goto failure;
}
- memcpy(rule->types, types, ntypes * sizeof(dns_rdatatype_t));
+ memmove(rule->types, types, ntypes * sizeof(dns_rdatatype_t));
} else
rule->types = NULL;
Modified: vendor/bind/dist/lib/dns/ssu_external.c
===================================================================
--- vendor/bind/dist/lib/dns/ssu_external.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/ssu_external.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ssu_external.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*
* This implements external update-policy rules. This allows permission
@@ -131,7 +131,7 @@
isc_buffer_t *tkey_token = NULL;
int fd;
const char *sock_path;
- size_t req_len;
+ unsigned int req_len;
isc_region_t token_region;
unsigned char *data;
isc_buffer_t buf;
Modified: vendor/bind/dist/lib/dns/stats.c
===================================================================
--- vendor/bind/dist/lib/dns/stats.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/stats.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stats.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: stats.c,v 1.18 2009/01/27 23:47:54 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tcpmsg.c
===================================================================
--- vendor/bind/dist/lib/dns/tcpmsg.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tcpmsg.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tcpmsg.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: tcpmsg.c,v 1.31 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tests/Makefile.in
===================================================================
--- vendor/bind/dist/lib/dns/tests/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -37,16 +37,28 @@
LIBS = @LIBS@ @ATFLIBS@
OBJS = dnstest. at O@
-SRCS = dnstest.c master_test.c time_test.c \
- zonemgr_test.c dbiterator_test.c \
- dbversion_test.c nsec3_test.c rdataset_test.c rdata_test.c
+SRCS = db_test.c \
+ dbiterator_test.c \
+ dbversion_test.c \
+ dnstest.c \
+ master_test.c \
+ nsec3_test.c \
+ rdata_test.c \
+ rdataset_test.c \
+ time_test.c \
+ zonemgr_test.c
SUBDIRS =
-TARGETS = master_test at EXEEXT@ time_test at EXEEXT@ \
- zonemgr_test at EXEEXT@ dbiterator_test at EXEEXT@ \
- dbversion_test at EXEEXT@ nsec3_test at EXEEXT@ \
- rdataset_test at EXEEXT@ rdata_test at EXEEXT@
-
+TARGETS = db_test at EXEEXT@ \
+ dbiterator_test at EXEEXT@ \
+ dbversion_test at EXEEXT@ \
+ master_test at EXEEXT@ \
+ nsec3_test at EXEEXT@ \
+ rdata_test at EXEEXT@ \
+ rdataset_test at EXEEXT@ \
+ time_test at EXEEXT@ \
+ zonemgr_test at EXEEXT@
+
@BIND9_MAKE_RULES@
master_test at EXEEXT@: master_test. at O@ dnstest. at O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
@@ -88,6 +100,11 @@
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
rdata_test. at O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+db_test at EXEEXT@: db_test. at O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ db_test. at O@ ${DNSLIBS} \
+ ${ISCLIBS} ${LIBS}
+
unit::
sh ${top_srcdir}/unit/unittest.sh
Added: vendor/bind/dist/lib/dns/tests/db_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/db_test.c (rev 0)
+++ vendor/bind/dist/lib/dns/tests/db_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/name.h>
+#include <dns/journal.h>
+
+#include "dnstest.h"
+
+/*
+ * Helper functions
+ */
+
+#define BUFLEN 255
+#define BIGBUFLEN (64 * 1024)
+#define TEST_ORIGIN "test"
+
+/*
+ * Individual unit tests
+ */
+
+ATF_TC(getoriginnode);
+ATF_TC_HEAD(getoriginnode, tc) {
+ atf_tc_set_md_var(tc, "descr",
+ "test multiple calls to dns_db_getoriginnode");
+}
+ATF_TC_BODY(getoriginnode, tc) {
+ dns_db_t *db = NULL;
+ dns_dbnode_t *node = NULL;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+
+ result = isc_mem_create(0, 0, &mctx);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ result = isc_hash_create(mctx, NULL, 256);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ result = dns_db_getoriginnode(db, &node);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ dns_db_detachnode(db, &node);
+
+ result = dns_db_getoriginnode(db, &node);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ dns_db_detachnode(db, &node);
+
+ dns_db_detach(&db);
+ isc_mem_detach(&mctx);
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+ ATF_TP_ADD_TC(tp, getoriginnode);
+ return (atf_no_error());
+}
Modified: vendor/bind/dist/lib/dns/tests/dbiterator_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/dbiterator_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/dbiterator_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dbiterator_test.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tests/dbversion_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/dbversion_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/dbversion_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dbversion_test.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -57,7 +57,7 @@
static dns_dbversion_t *v1 = NULL, *v2 = NULL;
static void
-setup_db() {
+setup_db(void) {
isc_result_t result;
result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db1);
@@ -71,7 +71,7 @@
}
static void
-close_db() {
+close_db(void) {
if (v1 != NULL) {
dns_db_closeversion(db1, &v1, ISC_FALSE);
ATF_REQUIRE_EQ(v1, NULL);
Modified: vendor/bind/dist/lib/dns/tests/dnstest.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/dnstest.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/dnstest.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnstest.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -76,7 +76,7 @@
};
static void
-cleanup_managers() {
+cleanup_managers(void) {
if (app_running)
isc_app_finish();
if (socketmgr != NULL)
@@ -90,7 +90,7 @@
}
static isc_result_t
-create_managers() {
+create_managers(void) {
isc_result_t result;
#ifdef ISC_PLATFORM_USETHREADS
ncpus = isc_os_ncpus();
@@ -167,7 +167,7 @@
}
void
-dns_test_end() {
+dns_test_end(void) {
if (lctx != NULL)
isc_log_destroy(&lctx);
if (dst_active) {
@@ -241,7 +241,7 @@
}
isc_result_t
-dns_test_setupzonemgr() {
+dns_test_setupzonemgr(void) {
isc_result_t result;
REQUIRE(zonemgr == NULL);
@@ -270,7 +270,7 @@
}
void
-dns_test_closezonemgr() {
+dns_test_closezonemgr(void) {
REQUIRE(zonemgr != NULL);
dns_zonemgr_shutdown(zonemgr);
Modified: vendor/bind/dist/lib/dns/tests/dnstest.h
===================================================================
--- vendor/bind/dist/lib/dns/tests/dnstest.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/dnstest.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnstest.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tests/master_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/master_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/master_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: master_test.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tests/nsec3_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/nsec3_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/nsec3_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsec3_test.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -29,6 +29,7 @@
#include "dnstest.h"
+#if defined(OPENSSL) || defined(PKCS11CRYPTO)
/*
* Helper functions
*/
@@ -74,12 +75,26 @@
iteration_test("testdata/nsec3/min-1024.db", 150);
iteration_test("testdata/nsec3/min-2048.db", 500);
}
+#else
+ATF_TC(untested);
+ATF_TC_HEAD(untested, tc) {
+ atf_tc_set_md_var(tc, "descr", "skipping nsec3 test");
+}
+ATF_TC_BODY(untested, tc) {
+ UNUSED(tc);
+ atf_tc_skip("DNSSEC not available");
+}
+#endif
/*
* Main
*/
ATF_TP_ADD_TCS(tp) {
+#if defined(OPENSSL) || defined(PKCS11CRYPTO)
ATF_TP_ADD_TC(tp, max_iterations);
+#else
+ ATF_TP_ADD_TC(tp, untested);
+#endif
return (atf_no_error());
}
Modified: vendor/bind/dist/lib/dns/tests/rdata_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/rdata_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/rdata_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdata_test.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -75,11 +75,314 @@
ATF_REQUIRE_EQ(result, DNS_R_FORMERR);
}
+ATF_TC(edns_client_subnet);
+ATF_TC_HEAD(edns_client_subnet, tc) {
+ atf_tc_set_md_var(tc, "descr",
+ "check EDNS client subnet option parsing");
+}
+ATF_TC_BODY(edns_client_subnet, tc) {
+ struct {
+ unsigned char data[64];
+ size_t len;
+ isc_boolean_t ok;
+ } test_data[] = {
+ {
+ /* option code with no content */
+ { 0x00, 0x08, 0x0, 0x00 }, 4, ISC_FALSE
+ },
+ {
+ /* Option code family 0, source 0, scope 0 */
+ {
+ 0x00, 0x08, 0x00, 0x04,
+ 0x00, 0x00, 0x00, 0x00
+ },
+ 8, ISC_TRUE
+ },
+ {
+ /* Option code family 1 (ipv4), source 0, scope 0 */
+ {
+ 0x00, 0x08, 0x00, 0x04,
+ 0x00, 0x01, 0x00, 0x00
+ },
+ 8, ISC_TRUE
+ },
+ {
+ /* Option code family 2 (ipv6) , source 0, scope 0 */
+ {
+ 0x00, 0x08, 0x00, 0x04,
+ 0x00, 0x02, 0x00, 0x00
+ },
+ 8, ISC_TRUE
+ },
+ {
+ /* extra octet */
+ {
+ 0x00, 0x08, 0x00, 0x05,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00
+ },
+ 9, ISC_FALSE
+ },
+ {
+ /* source too long for IPv4 */
+ {
+ 0x00, 0x08, 0x00, 8,
+ 0x00, 0x01, 33, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ },
+ 12, ISC_FALSE
+ },
+ {
+ /* source too long for IPv6 */
+ {
+ 0x00, 0x08, 0x00, 20,
+ 0x00, 0x02, 129, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ },
+ 24, ISC_FALSE
+ },
+ {
+ /* scope too long for IPv4 */
+ {
+ 0x00, 0x08, 0x00, 8,
+ 0x00, 0x01, 0x00, 33,
+ 0x00, 0x00, 0x00, 0x00
+ },
+ 12, ISC_FALSE
+ },
+ {
+ /* scope too long for IPv6 */
+ {
+ 0x00, 0x08, 0x00, 20,
+ 0x00, 0x02, 0x00, 129,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ },
+ 24, ISC_FALSE
+ },
+ {
+ /* length too short for source generic */
+ {
+ 0x00, 0x08, 0x00, 5,
+ 0x00, 0x00, 17, 0x00,
+ 0x00, 0x00,
+ },
+ 19, ISC_FALSE
+ },
+ {
+ /* length too short for source ipv4 */
+ {
+ 0x00, 0x08, 0x00, 7,
+ 0x00, 0x01, 32, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ },
+ 11, ISC_FALSE
+ },
+ {
+ /* length too short for source ipv6 */
+ {
+ 0x00, 0x08, 0x00, 19,
+ 0x00, 0x02, 128, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ },
+ 23, ISC_FALSE
+ },
+ {
+ /* sentinal */
+ { 0x00 }, 0, ISC_FALSE
+ }
+ };
+ unsigned char buf[1024*1024];
+ isc_buffer_t source, target;
+ dns_rdata_t rdata;
+ dns_decompress_t dctx;
+ isc_result_t result;
+ size_t i;
+
+ UNUSED(tc);
+
+ for (i = 0; test_data[i].len != 0; i++) {
+ isc_buffer_init(&source, test_data[i].data, test_data[i].len);
+ isc_buffer_add(&source, test_data[i].len);
+ isc_buffer_setactive(&source, test_data[i].len);
+ isc_buffer_init(&target, buf, sizeof(buf));
+ dns_rdata_init(&rdata);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY);
+ result = dns_rdata_fromwire(&rdata, dns_rdataclass_in,
+ dns_rdatatype_opt, &source,
+ &dctx, 0, &target);
+ dns_decompress_invalidate(&dctx);
+ if (test_data[i].ok)
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ else
+ ATF_REQUIRE(result != ISC_R_SUCCESS);
+ }
+}
+
+ATF_TC(wks);
+ATF_TC_HEAD(wks, tc) {
+ atf_tc_set_md_var(tc, "descr", "wks to/from struct");
+}
+ATF_TC_BODY(wks, tc) {
+ struct {
+ unsigned char data[64];
+ size_t len;
+ isc_boolean_t ok;
+ } test_data[] = {
+ {
+ /* too short */
+ { 0x00, 0x08, 0x0, 0x00 }, 4, ISC_FALSE
+ },
+ {
+ /* minimal TCP */
+ { 0x00, 0x08, 0x0, 0x00, 6 }, 5, ISC_TRUE
+ },
+ {
+ /* minimal UDP */
+ { 0x00, 0x08, 0x0, 0x00, 17 }, 5, ISC_TRUE
+ },
+ {
+ /* minimal other */
+ { 0x00, 0x08, 0x0, 0x00, 1 }, 5, ISC_TRUE
+ },
+ {
+ /* sentinal */
+ { 0x00 }, 0, ISC_FALSE
+ }
+ };
+ unsigned char buf1[1024];
+ unsigned char buf2[1024];
+ isc_buffer_t source, target1, target2;
+ dns_rdata_t rdata;
+ dns_decompress_t dctx;
+ isc_result_t result;
+ size_t i;
+ dns_rdata_in_wks_t wks;
+
+ UNUSED(tc);
+
+ for (i = 0; test_data[i].len != 0; i++) {
+ isc_buffer_init(&source, test_data[i].data, test_data[i].len);
+ isc_buffer_add(&source, test_data[i].len);
+ isc_buffer_setactive(&source, test_data[i].len);
+ isc_buffer_init(&target1, buf1, sizeof(buf1));
+ dns_rdata_init(&rdata);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY);
+ result = dns_rdata_fromwire(&rdata, dns_rdataclass_in,
+ dns_rdatatype_wks, &source,
+ &dctx, 0, &target1);
+ dns_decompress_invalidate(&dctx);
+ if (test_data[i].ok)
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ else
+ ATF_REQUIRE(result != ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ result = dns_rdata_tostruct(&rdata, &wks, NULL);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ isc_buffer_init(&target2, buf2, sizeof(buf2));
+ dns_rdata_reset(&rdata);
+ result = dns_rdata_fromstruct(&rdata, dns_rdataclass_in,
+ dns_rdatatype_wks, &wks,
+ &target2);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ ATF_REQUIRE_EQ(isc_buffer_usedlength(&target2),
+ test_data[i].len);
+ ATF_REQUIRE_EQ(memcmp(buf2, test_data[i].data,
+ test_data[i].len), 0);
+ }
+}
+
+ATF_TC(isdn);
+ATF_TC_HEAD(isdn, tc) {
+ atf_tc_set_md_var(tc, "descr", "isdn to/from struct");
+}
+ATF_TC_BODY(isdn, tc) {
+ struct {
+ unsigned char data[64];
+ size_t len;
+ isc_boolean_t ok;
+ } test_data[] = {
+ {
+ /* "" */
+ { 0x00 }, 1, ISC_TRUE
+ },
+ {
+ /* "\001" */
+ { 0x1, 0x01 }, 2, ISC_TRUE
+ },
+ {
+ /* "\001" "" */
+ { 0x1, 0x01, 0x00 }, 3, ISC_TRUE
+ },
+ {
+ /* "\000" "\001" */
+ { 0x1, 0x01, 0x01, 0x01 }, 4, ISC_TRUE
+ },
+ {
+ /* sentinal */
+ { 0x00 }, 0, ISC_FALSE
+ }
+ };
+ unsigned char buf1[1024];
+ unsigned char buf2[1024];
+ isc_buffer_t source, target1, target2;
+ dns_rdata_t rdata;
+ dns_decompress_t dctx;
+ isc_result_t result;
+ size_t i;
+ dns_rdata_isdn_t isdn;
+
+ UNUSED(tc);
+
+ for (i = 0; test_data[i].len != 0; i++) {
+ isc_buffer_init(&source, test_data[i].data, test_data[i].len);
+ isc_buffer_add(&source, test_data[i].len);
+ isc_buffer_setactive(&source, test_data[i].len);
+ isc_buffer_init(&target1, buf1, sizeof(buf1));
+ dns_rdata_init(&rdata);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY);
+ result = dns_rdata_fromwire(&rdata, dns_rdataclass_in,
+ dns_rdatatype_isdn, &source,
+ &dctx, 0, &target1);
+ dns_decompress_invalidate(&dctx);
+ if (test_data[i].ok)
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ else
+ ATF_REQUIRE(result != ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ result = dns_rdata_tostruct(&rdata, &isdn, NULL);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ isc_buffer_init(&target2, buf2, sizeof(buf2));
+ dns_rdata_reset(&rdata);
+ result = dns_rdata_fromstruct(&rdata, dns_rdataclass_in,
+ dns_rdatatype_isdn, &isdn,
+ &target2);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ ATF_REQUIRE_EQ(isc_buffer_usedlength(&target2),
+ test_data[i].len);
+ ATF_REQUIRE_EQ(memcmp(buf2, test_data[i].data,
+ test_data[i].len), 0);
+ }
+}
+
/*
* Main
*/
ATF_TP_ADD_TCS(tp) {
ATF_TP_ADD_TC(tp, hip);
+ ATF_TP_ADD_TC(tp, edns_client_subnet);
+ ATF_TP_ADD_TC(tp, wks);
+ ATF_TP_ADD_TC(tp, isdn);
return (atf_no_error());
}
Modified: vendor/bind/dist/lib/dns/tests/rdataset_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/rdataset_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/rdataset_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rdataset_test.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tests/testdata/dbiterator/zone1.data
===================================================================
--- vendor/bind/dist/lib/dns/tests/testdata/dbiterator/zone1.data 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/testdata/dbiterator/zone1.data 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: zone1.data,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+; $Id$
$TTL 600
@ in soa localhost. postmaster.localhost. (
Modified: vendor/bind/dist/lib/dns/tests/testdata/nsec3/1024.db
===================================================================
--- vendor/bind/dist/lib/dns/tests/testdata/nsec3/1024.db 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/testdata/nsec3/1024.db 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: 1024.db,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+; $Id$
$TTL 0
test. SOA . . 0 0 0 0 0
Modified: vendor/bind/dist/lib/dns/tests/testdata/nsec3/2048.db
===================================================================
--- vendor/bind/dist/lib/dns/tests/testdata/nsec3/2048.db 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/testdata/nsec3/2048.db 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: 2048.db,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+; $Id$
$TTL 0
test. SOA . . 0 0 0 0 0
Modified: vendor/bind/dist/lib/dns/tests/testdata/nsec3/4096.db
===================================================================
--- vendor/bind/dist/lib/dns/tests/testdata/nsec3/4096.db 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/testdata/nsec3/4096.db 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: 4096.db,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+; $Id$
$TTL 0
test. SOA . . 0 0 0 0 0
Modified: vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-1024.db
===================================================================
--- vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-1024.db 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-1024.db 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: min-1024.db,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+; $Id$
$TTL 0
test. SOA . . 0 0 0 0 0
Modified: vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-2048.db
===================================================================
--- vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-2048.db 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/testdata/nsec3/min-2048.db 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: min-2048.db,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+; $Id$
$TTL 0
test. SOA . . 0 0 0 0 0
Modified: vendor/bind/dist/lib/dns/tests/time_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/time_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/time_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: time_test.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tests/zonemgr_test.c
===================================================================
--- vendor/bind/dist/lib/dns/tests/zonemgr_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tests/zonemgr_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zonemgr_test.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -183,13 +183,24 @@
in.s_addr = inet_addr("10.53.0.2");
isc_sockaddr_fromin(&addr2, &in, 5150);
ATF_CHECK(! dns_zonemgr_unreachable(zonemgr, &addr1, &addr2, &now));
+ /*
+ * We require multiple unreachableadd calls to mark a server as
+ * unreachable.
+ */
dns_zonemgr_unreachableadd(zonemgr, &addr1, &addr2, &now);
+ ATF_CHECK(! dns_zonemgr_unreachable(zonemgr, &addr1, &addr2, &now));
+ dns_zonemgr_unreachableadd(zonemgr, &addr1, &addr2, &now);
ATF_CHECK(dns_zonemgr_unreachable(zonemgr, &addr1, &addr2, &now));
in.s_addr = inet_addr("10.53.0.3");
isc_sockaddr_fromin(&addr2, &in, 5150);
ATF_CHECK(! dns_zonemgr_unreachable(zonemgr, &addr1, &addr2, &now));
+ /*
+ * We require multiple unreachableadd calls to mark a server as
+ * unreachable.
+ */
dns_zonemgr_unreachableadd(zonemgr, &addr1, &addr2, &now);
+ dns_zonemgr_unreachableadd(zonemgr, &addr1, &addr2, &now);
ATF_CHECK(dns_zonemgr_unreachable(zonemgr, &addr1, &addr2, &now));
dns_zonemgr_unreachabledel(zonemgr, &addr1, &addr2);
Modified: vendor/bind/dist/lib/dns/time.c
===================================================================
--- vendor/bind/dist/lib/dns/time.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/time.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: time.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -35,7 +35,7 @@
#include <dns/result.h>
#include <dns/time.h>
-static int days[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+static const int days[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
isc_result_t
dns_time64_totext(isc_int64_t t, isc_buffer_t *target) {
@@ -98,7 +98,7 @@
if (l > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, buf, l);
+ memmove(region.base, buf, l);
isc_buffer_add(target, l);
return (ISC_R_SUCCESS);
}
@@ -161,6 +161,14 @@
RANGE(1, 12, month);
RANGE(1, days[month - 1] +
((month == 2 && is_leap(year)) ? 1 : 0), day);
+#ifdef __COVERITY__
+ /*
+ * Use a simplified range to silence Coverity warning (in
+ * arithmetic with day below).
+ */
+ RANGE(1, 31, day);
+#endif /* __COVERITY__ */
+
RANGE(0, 23, hour);
RANGE(0, 59, minute);
RANGE(0, 60, second); /* 60 == leap second. */
Modified: vendor/bind/dist/lib/dns/timer.c
===================================================================
--- vendor/bind/dist/lib/dns/timer.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/timer.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: timer.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: timer.c,v 1.7 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/tkey.c
===================================================================
--- vendor/bind/dist/lib/dns/tkey.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tkey.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -16,7 +16,7 @@
*/
/*
- * $Id: tkey.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $
+ * $Id$
*/
/*! \file */
#include <config.h>
@@ -152,7 +152,7 @@
dns_rdata_toregion(rdata, &r);
RETERR(isc_buffer_allocate(msg->mctx, &tmprdatabuf, r.length));
isc_buffer_availableregion(tmprdatabuf, &newr);
- memcpy(newr.base, r.base, r.length);
+ memmove(newr.base, r.base, r.length);
dns_rdata_fromregion(newrdata, rdata->rdclass, rdata->type, &newr);
dns_message_takebuffer(msg, &tmprdatabuf);
@@ -252,12 +252,12 @@
if (r.length < sizeof(digests) || r.length < r2.length)
return (ISC_R_NOSPACE);
if (r2.length > sizeof(digests)) {
- memcpy(r.base, r2.base, r2.length);
+ memmove(r.base, r2.base, r2.length);
for (i = 0; i < sizeof(digests); i++)
r.base[i] ^= digests[i];
isc_buffer_add(secret, r2.length);
} else {
- memcpy(r.base, digests, sizeof(digests));
+ memmove(r.base, digests, sizeof(digests));
for (i = 0; i < r2.length; i++)
r.base[i] ^= r2.base[i];
isc_buffer_add(secret, sizeof(digests));
@@ -534,7 +534,7 @@
goto failure;
}
tkeyout->keylen = isc_buffer_usedlength(outtoken);
- memcpy(tkeyout->key, isc_buffer_base(outtoken),
+ memmove(tkeyout->key, isc_buffer_base(outtoken),
isc_buffer_usedlength(outtoken));
isc_buffer_free(&outtoken);
} else {
@@ -544,7 +544,7 @@
goto failure;
}
tkeyout->keylen = tkeyin->keylen;
- memcpy(tkeyout->key, tkeyin->key, tkeyin->keylen);
+ memmove(tkeyout->key, tkeyin->key, tkeyin->keylen);
}
tkeyout->error = dns_rcode_noerror;
Modified: vendor/bind/dist/lib/dns/tsec.c
===================================================================
--- vendor/bind/dist/lib/dns/tsec.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tsec.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsec.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: tsec.c,v 1.7 2010/12/09 00:54:34 marka Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/dns/tsig.c
===================================================================
--- vendor/bind/dist/lib/dns/tsig.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/tsig.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -16,7 +16,7 @@
*/
/*
- * $Id: tsig.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $
+ * $Id$
*/
/*! \file */
#include <config.h>
@@ -1317,7 +1317,7 @@
alg == DST_ALG_HMACSHA384 || alg == DST_ALG_HMACSHA512) {
isc_uint16_t digestbits = dst_key_getbits(key);
if (tsig.siglen > siglen) {
- tsig_log(msg->tsigkey, 2, "signature length to big");
+ tsig_log(msg->tsigkey, 2, "signature length too big");
return (DNS_R_FORMERR);
}
if (tsig.siglen > 0 &&
@@ -1370,21 +1370,21 @@
* Extract the header.
*/
isc_buffer_usedregion(source, &r);
- memcpy(header, r.base, DNS_MESSAGE_HEADERLEN);
+ memmove(header, r.base, DNS_MESSAGE_HEADERLEN);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
/*
* Decrement the additional field counter.
*/
- memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
+ memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
addcount = htons((isc_uint16_t)(ntohs(addcount) - 1));
- memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
+ memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
/*
* Put in the original id.
*/
id = htons(tsig.originalid);
- memcpy(&header[0], &id, 2);
+ memmove(&header[0], &id, 2);
/*
* Digest the modified header.
@@ -1609,7 +1609,7 @@
* Extract the header.
*/
isc_buffer_usedregion(source, &r);
- memcpy(header, r.base, DNS_MESSAGE_HEADERLEN);
+ memmove(header, r.base, DNS_MESSAGE_HEADERLEN);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
/*
@@ -1616,9 +1616,9 @@
* Decrement the additional field counter if necessary.
*/
if (has_tsig) {
- memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
+ memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
addcount = htons((isc_uint16_t)(ntohs(addcount) - 1));
- memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
+ memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
}
/*
@@ -1627,7 +1627,7 @@
/* XXX Can TCP transfers be forwarded? How would that work? */
if (has_tsig) {
id = htons(tsig.originalid);
- memcpy(&header[0], &id, 2);
+ memmove(&header[0], &id, 2);
}
/*
Modified: vendor/bind/dist/lib/dns/ttl.c
===================================================================
--- vendor/bind/dist/lib/dns/ttl.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/ttl.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ttl.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -53,7 +53,7 @@
isc_boolean_t space, isc_buffer_t *target)
{
char tmp[60];
- size_t len;
+ unsigned int len;
isc_region_t region;
if (verbose)
@@ -68,7 +68,7 @@
isc_buffer_availableregion(target, ®ion);
if (len > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, tmp, len);
+ memmove(region.base, tmp, len);
isc_buffer_add(target, len);
return (ISC_R_SUCCESS);
Modified: vendor/bind/dist/lib/dns/validator.c
===================================================================
--- vendor/bind/dist/lib/dns/validator.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/validator.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -343,7 +343,7 @@
dns_name_getlabel(&nsec3name, 0, &hashlabel);
isc_region_consume(&hashlabel, 1);
isc_buffer_init(&buffer, owner, sizeof(owner));
- result = isc_base32hex_decoderegion(&hashlabel, &buffer);
+ result = isc_base32hexnp_decoderegion(&hashlabel, &buffer);
if (result != ISC_R_SUCCESS) {
dns_rdataset_disassociate(&set);
continue;
@@ -918,12 +918,26 @@
devent->name;
}
if (!exists) {
+ dns_name_t *closest;
+ unsigned int clabels;
+
val->attributes |= VALATTR_FOUNDNOQNAME;
- val->attributes |= VALATTR_FOUNDCLOSEST;
+
+ closest = dns_fixedname_name(&val->closest);
+ clabels = dns_name_countlabels(closest);
/*
+ * If we are validating a wildcard response
+ * clabels will not be zero. We then need
+ * to check if the generated wilcard from
+ * dns_nsec_noexistnodata is consistent with
+ * the wildcard used to generate the response.
+ */
+ if (clabels == 0 ||
+ dns_name_countlabels(wild) == clabels + 1)
+ val->attributes |= VALATTR_FOUNDCLOSEST;
+ /*
* The NSEC noqname proof also contains
* the closest encloser.
-
*/
if (NEEDNOQNAME(val))
proofs[DNS_VALIDATOR_NOQNAMEPROOF] =
@@ -2800,7 +2814,8 @@
if (!NEEDNODATA(val) && !NEEDNOWILDCARD(val) && NEEDNOQNAME(val)) {
if (!FOUNDNOQNAME(val))
findnsec3proofs(val);
- if (FOUNDNOQNAME(val) && FOUNDCLOSEST(val)) {
+ if (FOUNDNOQNAME(val) && FOUNDCLOSEST(val) &&
+ !FOUNDOPTOUT(val)) {
validator_log(val, ISC_LOG_DEBUG(3),
"marking as secure, noqname proof found");
marksecure(val->event);
@@ -3750,8 +3765,7 @@
val->keytable = NULL;
result = dns_view_getsecroots(val->view, &val->keytable);
if (result != ISC_R_SUCCESS)
- return (result);
-
+ goto cleanup_mutex;
val->keynode = NULL;
val->key = NULL;
val->siginfo = NULL;
@@ -3784,6 +3798,9 @@
return (ISC_R_SUCCESS);
+ cleanup_mutex:
+ DESTROYLOCK(&val->lock);
+
cleanup_event:
isc_task_detach(&tclone);
isc_event_free(ISC_EVENT_PTR(&event));
Modified: vendor/bind/dist/lib/dns/version.c
===================================================================
--- vendor/bind/dist/lib/dns/version.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/version.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.c,v 1.1.1.1 2013-01-30 01:44:59 laffer1 Exp $ */
+/* $Id: version.c,v 1.15 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/view.c
===================================================================
--- vendor/bind/dist/lib/dns/view.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/view.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: view.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -180,6 +180,7 @@
view->updateacl = NULL;
view->upfwdacl = NULL;
view->denyansweracl = NULL;
+ view->nocasecompress = NULL;
view->answeracl_exclude = NULL;
view->denyanswernames = NULL;
view->answernames_exclude = NULL;
@@ -349,6 +350,8 @@
dns_db_detach(&view->cachedb);
if (view->cache != NULL)
dns_cache_detach(&view->cache);
+ if (view->nocasecompress != NULL)
+ dns_acl_detach(&view->nocasecompress);
if (view->matchclients != NULL)
dns_acl_detach(&view->matchclients);
if (view->matchdestinations != NULL)
@@ -547,6 +550,8 @@
void
dns_view_dialup(dns_view_t *view) {
REQUIRE(DNS_VIEW_VALID(view));
+ REQUIRE(view->zonetable != NULL);
+
(void)dns_zt_apply(view->zonetable, ISC_FALSE, dialup, NULL);
}
#endif
@@ -598,6 +603,8 @@
UNUSED(task);
+ isc_event_free(&event);
+
LOCK(&view->lock);
view->attributes |= DNS_VIEWATTR_RESSHUTDOWN;
@@ -605,8 +612,6 @@
UNLOCK(&view->lock);
- isc_event_free(&event);
-
if (done)
destroy(view);
}
@@ -622,6 +627,8 @@
UNUSED(task);
+ isc_event_free(&event);
+
LOCK(&view->lock);
view->attributes |= DNS_VIEWATTR_ADBSHUTDOWN;
@@ -629,8 +636,6 @@
UNLOCK(&view->lock);
- isc_event_free(&event);
-
if (done)
destroy(view);
}
@@ -646,6 +651,8 @@
UNUSED(task);
+ isc_event_free(&event);
+
LOCK(&view->lock);
view->attributes |= DNS_VIEWATTR_REQSHUTDOWN;
@@ -653,8 +660,6 @@
UNLOCK(&view->lock);
- isc_event_free(&event);
-
if (done)
destroy(view);
}
@@ -855,6 +860,7 @@
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(!view->frozen);
+ REQUIRE(view->zonetable != NULL);
result = dns_zt_mount(view->zonetable, zone);
@@ -869,6 +875,7 @@
REQUIRE(DNS_VIEW_VALID(view));
+ LOCK(&view->lock);
if (view->zonetable != NULL) {
result = dns_zt_find(view->zonetable, name, 0, NULL, zonep);
if (result == DNS_R_PARTIALMATCH) {
@@ -877,6 +884,7 @@
}
} else
result = ISC_R_NOTFOUND;
+ UNLOCK(&view->lock);
return (result);
}
@@ -939,7 +947,12 @@
is_staticstub_zone = ISC_FALSE;
#ifdef BIND9
zone = NULL;
- result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
+ LOCK(&view->lock);
+ if (view->zonetable != NULL)
+ result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
+ else
+ result = ISC_R_NOTFOUND;
+ UNLOCK(&view->lock);
if (zone != NULL && dns_zone_gettype(zone) == dns_zone_staticstub &&
!use_static_stub) {
result = ISC_R_NOTFOUND;
@@ -1185,6 +1198,9 @@
dns_name_t *zfname;
dns_rdataset_t zrdataset, zsigrdataset;
dns_fixedname_t zfixedname;
+#ifdef BIND9
+ unsigned int ztoptions = 0;
+#endif
#ifndef BIND9
UNUSED(zone);
@@ -1210,9 +1226,17 @@
*/
#ifdef BIND9
zone = NULL;
- result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
+ LOCK(&view->lock);
+ if (view->zonetable != NULL) {
+ if ((options & DNS_DBFIND_NOEXACT) != 0)
+ ztoptions |= DNS_ZTFIND_NOEXACT;
+ result = dns_zt_find(view->zonetable, name, ztoptions,
+ NULL, &zone);
+ } else
+ result = ISC_R_NOTFOUND;
if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
result = dns_zone_getdb(zone, &db);
+ UNLOCK(&view->lock);
#else
result = ISC_R_NOTFOUND;
#endif
@@ -1402,7 +1426,13 @@
* treat it as not found.
*/
zp = (zone1 == NULL) ? &zone1 : &zone2;
- result = dns_zt_find(view->zonetable, name, 0, NULL, zp);
+ LOCK(&view->lock);
+ if (view->zonetable != NULL)
+ result = dns_zt_find(view->zonetable, name, 0,
+ NULL, zp);
+ else
+ result = ISC_R_NOTFOUND;
+ UNLOCK(&view->lock);
INSIST(result == ISC_R_SUCCESS ||
result == ISC_R_NOTFOUND ||
result == DNS_R_PARTIALMATCH);
@@ -1417,7 +1447,7 @@
if (zone2 != NULL) {
dns_zone_detach(&zone1);
dns_zone_detach(&zone2);
- return (ISC_R_NOTFOUND);
+ return (ISC_R_MULTIPLE);
}
}
@@ -1434,6 +1464,7 @@
dns_view_load(dns_view_t *view, isc_boolean_t stop) {
REQUIRE(DNS_VIEW_VALID(view));
+ REQUIRE(view->zonetable != NULL);
return (dns_zt_load(view->zonetable, stop));
}
@@ -1442,6 +1473,7 @@
dns_view_loadnew(dns_view_t *view, isc_boolean_t stop) {
REQUIRE(DNS_VIEW_VALID(view));
+ REQUIRE(view->zonetable != NULL);
return (dns_zt_loadnew(view->zonetable, stop));
}
@@ -1674,7 +1706,10 @@
#ifdef BIND9
isc_result_t
dns_view_freezezones(dns_view_t *view, isc_boolean_t value) {
+
REQUIRE(DNS_VIEW_VALID(view));
+ REQUIRE(view->zonetable != NULL);
+
return (dns_zt_freezezones(view->zonetable, value));
}
#endif
@@ -1681,6 +1716,7 @@
void
dns_view_setresstats(dns_view_t *view, isc_stats_t *stats) {
+
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(!view->frozen);
REQUIRE(view->resstats == NULL);
Modified: vendor/bind/dist/lib/dns/xfrin.c
===================================================================
--- vendor/bind/dist/lib/dns/xfrin.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/xfrin.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: xfrin.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -221,7 +221,6 @@
static void xfrin_connect_done(isc_task_t *task, isc_event_t *event);
static isc_result_t xfrin_send_request(dns_xfrin_ctx_t *xfr);
static void xfrin_send_done(isc_task_t *task, isc_event_t *event);
-static void xfrin_sendlen_done(isc_task_t *task, isc_event_t *event);
static void xfrin_recv_done(isc_task_t *task, isc_event_t *event);
static void xfrin_timeout(isc_task_t *task, isc_event_t *event);
@@ -270,13 +269,18 @@
static isc_result_t
axfr_makedb(dns_xfrin_ctx_t *xfr, dns_db_t **dbp) {
- return (dns_db_create(xfr->mctx, /* XXX */
- "rbt", /* XXX guess */
- &xfr->name,
- dns_dbtype_zone,
- xfr->rdclass,
- 0, NULL, /* XXX guess */
- dbp));
+ isc_result_t result;
+
+ result = dns_db_create(xfr->mctx, /* XXX */
+ "rbt", /* XXX guess */
+ &xfr->name,
+ dns_dbtype_zone,
+ xfr->rdclass,
+ 0, NULL, /* XXX guess */
+ dbp);
+ if (result == ISC_R_SUCCESS)
+ result = dns_zone_rpz_enable_db(xfr->zone, *dbp);
+ return (result);
}
static isc_result_t
@@ -860,8 +864,11 @@
xfr->sourceaddr = *sourceaddr;
isc_sockaddr_setport(&xfr->sourceaddr, 0);
- isc_buffer_init(&xfr->qbuffer, xfr->qbuffer_data,
- sizeof(xfr->qbuffer_data));
+ /*
+ * Reserve 2 bytes for TCP length at the begining of the buffer.
+ */
+ isc_buffer_init(&xfr->qbuffer, &xfr->qbuffer_data[2],
+ sizeof(xfr->qbuffer_data) - 2);
xfr->magic = XFRIN_MAGIC;
*xfrp = xfr;
@@ -937,6 +944,8 @@
isc_result_t result = cev->result;
char sourcetext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t sockaddr;
+ dns_zonemgr_t * zmgr;
+ isc_time_t now;
REQUIRE(VALID_XFRIN(xfr));
@@ -951,16 +960,16 @@
return;
}
- if (result != ISC_R_SUCCESS) {
- dns_zonemgr_t * zmgr = dns_zone_getmgr(xfr->zone);
- isc_time_t now;
-
- if (zmgr != NULL) {
+ zmgr = dns_zone_getmgr(xfr->zone);
+ if (zmgr != NULL) {
+ if (result != ISC_R_SUCCESS) {
TIME_NOW(&now);
dns_zonemgr_unreachableadd(zmgr, &xfr->masteraddr,
&xfr->sourceaddr, &now);
- }
- goto failure;
+ goto failure;
+ } else
+ dns_zonemgr_unreachabledel(zmgr, &xfr->masteraddr,
+ &xfr->sourceaddr);
}
result = isc_socket_getsockname(xfr->socket, &sockaddr);
@@ -1041,10 +1050,8 @@
xfrin_send_request(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
isc_region_t region;
- isc_region_t lregion;
dns_rdataset_t *qrdataset = NULL;
dns_message_t *msg = NULL;
- unsigned char length[2];
dns_difftuple_t *soatuple = NULL;
dns_name_t *qname = NULL;
dns_dbversion_t *ver = NULL;
@@ -1113,12 +1120,16 @@
isc_buffer_usedregion(&xfr->qbuffer, ®ion);
INSIST(region.length <= 65535);
- length[0] = region.length >> 8;
- length[1] = region.length & 0xFF;
- lregion.base = length;
- lregion.length = 2;
- CHECK(isc_socket_send(xfr->socket, &lregion, xfr->task,
- xfrin_sendlen_done, xfr));
+ /*
+ * Record message length and adjust region to include TCP
+ * length field.
+ */
+ xfr->qbuffer_data[0] = (region.length >> 8) & 0xff;
+ xfr->qbuffer_data[1] = region.length & 0xff;
+ region.base -= 2;
+ region.length += 2;
+ CHECK(isc_socket_send(xfr->socket, ®ion, xfr->task,
+ xfrin_send_done, xfr));
xfr->sends++;
failure:
@@ -1135,43 +1146,7 @@
return (result);
}
-/* XXX there should be library support for sending DNS TCP messages */
-
static void
-xfrin_sendlen_done(isc_task_t *task, isc_event_t *event) {
- isc_socketevent_t *sev = (isc_socketevent_t *) event;
- dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
- isc_result_t evresult = sev->result;
- isc_result_t result;
- isc_region_t region;
-
- REQUIRE(VALID_XFRIN(xfr));
-
- UNUSED(task);
-
- INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
- isc_event_free(&event);
-
- xfr->sends--;
- if (xfr->shuttingdown) {
- maybe_free(xfr);
- return;
- }
-
- xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request length prefix");
- CHECK(evresult);
-
- isc_buffer_usedregion(&xfr->qbuffer, ®ion);
- CHECK(isc_socket_send(xfr->socket, ®ion, xfr->task,
- xfrin_send_done, xfr));
- xfr->sends++;
- failure:
- if (result != ISC_R_SUCCESS)
- xfrin_fail(xfr, result, "failed sending request length prefix");
-}
-
-
-static void
xfrin_send_done(isc_task_t *task, isc_event_t *event) {
isc_socketevent_t *sev = (isc_socketevent_t *) event;
dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
Modified: vendor/bind/dist/lib/dns/zone.c
===================================================================
--- vendor/bind/dist/lib/dns/zone.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/zone.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zone.c,v 1.1.1.2 2013-08-22 22:51:59 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -427,6 +427,7 @@
isc_sockaddr_t local;
isc_uint32_t expire;
isc_uint32_t last;
+ isc_uint32_t count;
};
struct dns_zonemgr {
@@ -438,7 +439,8 @@
isc_socketmgr_t * socketmgr;
isc_taskpool_t * zonetasks;
isc_task_t * task;
- isc_ratelimiter_t * rl;
+ isc_ratelimiter_t * notifyrl;
+ isc_ratelimiter_t * refreshrl;
isc_rwlock_t rwlock;
isc_mutex_t iolock;
isc_rwlock_t urlock;
@@ -686,8 +688,6 @@
dns_dbnode_t *node, dns_name_t *name,
dns_diff_t *diff);
static void zone_rekey(dns_zone_t *zone);
-static isc_boolean_t delsig_ok(dns_rdata_rrsig_t *rrsig_ptr,
- dst_key_t **keys, unsigned int nkeys);
#define ENTER zone_debuglog(zone, me, 1, "enter")
@@ -1431,6 +1431,18 @@
return (zone->is_rpz);
}
+/*
+ * If a zone is a response policy zone, mark its new database.
+ */
+isc_result_t
+dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db) {
+#ifdef BIND9
+ if (zone->is_rpz)
+ return (dns_db_rpz_enabled(db, NULL));
+#endif
+ return (ISC_R_SUCCESS);
+}
+
static isc_result_t
zone_load(dns_zone_t *zone, unsigned int flags) {
isc_result_t result;
@@ -1679,9 +1691,7 @@
result = dns_master_loadfileinc3(load->zone->masterfile,
dns_db_origin(load->db),
dns_db_origin(load->db),
- load->zone->rdclass,
- options,
- load->zone->sigresigninginterval,
+ load->zone->rdclass, options, 0,
&load->callbacks, task,
zone_loaddone, load,
&load->zone->lctx, load->zone->mctx,
@@ -1715,12 +1725,17 @@
LOCK_ZONE(zone);
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
if (zone->db != NULL) {
+ const dns_master_style_t *output_style;
+
dns_db_currentversion(zone->db, &version);
+ if (zone->type == dns_zone_key)
+ output_style = &dns_master_style_keyzone;
+ else
+ output_style = &dns_master_style_default;
result = dns_master_dumpinc2(zone->mctx, zone->db, version,
- &dns_master_style_default,
- zone->masterfile, zone->task,
- dump_done, zone, &zone->dctx,
- zone->masterformat);
+ output_style, zone->masterfile,
+ zone->task, dump_done, zone,
+ &zone->dctx, zone->masterformat);
dns_db_closeversion(zone->db, &version, ISC_FALSE);
} else
result = ISC_R_CANCELED;
@@ -1741,14 +1756,9 @@
isc_result_t tresult;
unsigned int options;
-#ifdef BIND9
- if (zone->is_rpz) {
- result = dns_db_rpz_enabled(db, NULL);
- if (result != ISC_R_SUCCESS)
- return (result);
- }
-#endif
-
+ result = dns_zone_rpz_enable_db(zone, db);
+ if (result != ISC_R_SUCCESS)
+ return (result);
options = get_master_options(zone);
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS))
options |= DNS_MASTER_MANYERRORS;
@@ -1795,9 +1805,8 @@
return (result);
result = dns_master_loadfile3(zone->masterfile, &zone->origin,
&zone->origin, zone->rdclass,
- options, zone->sigresigninginterval,
- &callbacks, zone->mctx,
- zone->masterformat);
+ options, 0, &callbacks,
+ zone->mctx, zone->masterformat);
tresult = dns_db_endload(db, &callbacks.add_private);
if (result == ISC_R_SUCCESS)
result = tresult;
@@ -2230,7 +2239,7 @@
INSIST(tl <= rdl);
if (len > sizeof(buf) - i - 1)
len = sizeof(buf) - i - 1;
- memcpy(buf + i, data, len);
+ memmove(buf + i, data, len);
i += len;
data += tl;
rdl -= tl;
@@ -2352,8 +2361,8 @@
checkspf:
/*
- * Check if there is a type TXT spf record without a type SPF
- * RRset being present.
+ * Check if there is a type SPF record without an
+ * SPF-formatted type TXT record also being present.
*/
if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKSPF))
goto next;
@@ -2382,16 +2391,13 @@
dns_rdataset_disassociate(&rdataset);
notxt:
- if (have_spf != have_txt) {
+ if (have_spf && !have_txt) {
char namebuf[DNS_NAME_FORMATSIZE];
- const char *found = have_txt ? "TXT" : "SPF";
- const char *need = have_txt ? "SPF" : "TXT";
dns_name_format(name, namebuf, sizeof(namebuf));
- dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found SPF/%s "
- "record but no SPF/%s record found, add "
- "matching type %s record", namebuf, found,
- need, need);
+ dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found type "
+ "SPF record but no SPF TXT record found, "
+ "add matching type TXT record", namebuf);
}
next:
@@ -2552,7 +2558,7 @@
nsec3chain->nsec3param.iterations = nsec3param->iterations;
nsec3chain->nsec3param.flags = nsec3param->flags;
nsec3chain->nsec3param.salt_length = nsec3param->salt_length;
- memcpy(nsec3chain->salt, nsec3param->salt, nsec3param->salt_length);
+ memmove(nsec3chain->salt, nsec3param->salt, nsec3param->salt_length);
nsec3chain->nsec3param.salt = nsec3chain->salt;
nsec3chain->seen_nsec = ISC_FALSE;
nsec3chain->delete_nsec = ISC_FALSE;
@@ -2701,20 +2707,35 @@
unsigned int resign;
isc_result_t result;
isc_uint32_t nanosecs;
+ dns_db_t *db = NULL;
dns_rdataset_init(&rdataset);
dns_fixedname_init(&fixed);
- result = dns_db_getsigningtime(zone->db, &rdataset,
+
+ ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
+ if (zone->db != NULL)
+ dns_db_attach(zone->db, &db);
+ ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+ if (db == NULL) {
+ isc_time_settoepoch(&zone->resigntime);
+ return;
+ }
+
+ result = dns_db_getsigningtime(db, &rdataset,
dns_fixedname_name(&fixed));
if (result != ISC_R_SUCCESS) {
isc_time_settoepoch(&zone->resigntime);
- return;
+ goto cleanup;
}
- resign = rdataset.resign;
+
+ resign = rdataset.resign - zone->sigresigninginterval;
dns_rdataset_disassociate(&rdataset);
isc_random_get(&nanosecs);
nanosecs %= 1000000000;
isc_time_set(&zone->resigntime, resign, nanosecs);
+ cleanup:
+ dns_db_detach(&db);
+ return;
}
static isc_result_t
@@ -3057,6 +3078,8 @@
/* Convert rdata to keydata. */
result = dns_rdata_tostruct(&rdata, &keydata, NULL);
+ if (result == ISC_R_UNEXPECTEDEND)
+ continue;
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/* Set the key refresh timer. */
@@ -3110,7 +3133,6 @@
* Create a singleton diff.
*/
dns_diff_init(diff->mctx, &temp_diff);
- temp_diff.resign = diff->resign;
ISC_LIST_APPEND(temp_diff.tuples, *tuple, link);
/*
@@ -3501,8 +3523,7 @@
else
options = 0;
result = dns_journal_rollforward2(zone->mctx, db, options,
- zone->sigresigninginterval,
- zone->journal);
+ 0, zone->journal);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND &&
result != DNS_R_UPTODATE && result != DNS_R_NOJOURNAL &&
result != ISC_R_RANGE) {
@@ -3759,7 +3780,8 @@
dns_zone_log(zone, ISC_LOG_DEBUG(3),
"next resign: %s/%s in %d seconds",
namebuf, typebuf,
- next.resign - timenow);
+ next.resign - timenow -
+ zone->sigresigninginterval);
dns_rdataset_disassociate(&next);
} else
dns_zone_log(zone, ISC_LOG_WARNING,
@@ -4046,6 +4068,21 @@
dns_db_currentversion(db, &version);
+ if (nscount != NULL)
+ *nscount = 0;
+ if (soacount != NULL)
+ *soacount = 0;
+ if (serial != NULL)
+ *serial = 0;
+ if (refresh != NULL)
+ *refresh = 0;
+ if (retry != NULL)
+ *retry = 0;
+ if (expire != NULL)
+ *expire = 0;
+ if (errors != NULL)
+ *errors = 0;
+
node = NULL;
result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
if (result != ISC_R_SUCCESS) {
@@ -4407,7 +4444,7 @@
UNLOCK_ZONE(zone);
return (ISC_R_NOMEMORY);
}
- memcpy(new, notify, count * sizeof(*new));
+ memmove(new, notify, count * sizeof(*new));
zone->notify = new;
zone->notifycnt = count;
}
@@ -4529,7 +4566,7 @@
result = ISC_R_NOMEMORY;
goto unlock;
}
- memcpy(new, masters, count * sizeof(*new));
+ memmove(new, masters, count * sizeof(*new));
/*
* Similarly for mastersok.
@@ -4736,20 +4773,40 @@
* have no new key.
*/
static isc_boolean_t
-delsig_ok(dns_rdata_rrsig_t *rrsig_ptr, dst_key_t **keys, unsigned int nkeys) {
+delsig_ok(dns_rdata_rrsig_t *rrsig_ptr, dst_key_t **keys, unsigned int nkeys,
+ isc_boolean_t *warn)
+{
unsigned int i = 0;
+ isc_boolean_t have_ksk = ISC_FALSE, have_zsk = ISC_FALSE;
+ isc_boolean_t have_pksk = ISC_FALSE, have_pzsk = ISC_FALSE;
- /*
- * It's okay to delete a signature if there is an active ZSK
- * with the same algorithm
- */
for (i = 0; i < nkeys; i++) {
- if (rrsig_ptr->algorithm == dst_key_alg(keys[i]) &&
- (dst_key_isprivate(keys[i])) && !KSK(keys[i]))
- return (ISC_TRUE);
+ if (rrsig_ptr->algorithm != dst_key_alg(keys[i]))
+ continue;
+ if (dst_key_isprivate(keys[i])) {
+ if (KSK(keys[i]))
+ have_ksk = have_pksk = ISC_TRUE;
+ else
+ have_zsk = have_pzsk = ISC_TRUE;
+ } else {
+ if (KSK(keys[i]))
+ have_ksk = ISC_TRUE;
+ else
+ have_zsk = ISC_TRUE;
+ }
}
+ if (have_zsk && have_ksk && !have_pzsk)
+ *warn = ISC_TRUE;
+
/*
+ * It's okay to delete a signature if there is an active key
+ * with the same algorithm to replace it.
+ */
+ if (have_pksk || have_pzsk)
+ return (ISC_TRUE);
+
+ /*
* Failing that, it is *not* okay to delete a signature
* if the associated public key is still in the DNSKEY RRset
*/
@@ -4816,7 +4873,8 @@
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (type != dns_rdatatype_dnskey) {
- if (delsig_ok(&rrsig, keys, nkeys)) {
+ isc_boolean_t warn = ISC_FALSE, deleted = ISC_FALSE;
+ if (delsig_ok(&rrsig, keys, nkeys, &warn)) {
result = update_one_rr(db, ver, zonediff->diff,
DNS_DIFFOP_DELRESIGN, name,
rdataset.ttl, &rdata);
@@ -4824,7 +4882,9 @@
changed = ISC_TRUE;
if (result != ISC_R_SUCCESS)
break;
- } else {
+ deleted = ISC_TRUE;
+ }
+ if (warn) {
/*
* At this point, we've got an RRSIG,
* which is signed by an inactive key.
@@ -4834,7 +4894,7 @@
* offline will prevent us spinning waiting
* for the private part.
*/
- if (incremental) {
+ if (incremental && !deleted) {
result = offline(db, ver, zonediff,
name, rdataset.ttl,
&rdata);
@@ -4882,7 +4942,9 @@
* We want the earliest offline expire time
* iff there is a new offline signature.
*/
- if (!dst_key_isprivate(keys[i])) {
+ if (!dst_key_inactive(keys[i]) &&
+ !dst_key_isprivate(keys[i]))
+ {
isc_int64_t timeexpire =
dns_time64_from32(rrsig.timeexpire);
if (warn != 0 && warn > timeexpire)
@@ -4900,6 +4962,7 @@
result = offline(db, ver, zonediff,
name, rdataset.ttl,
&rdata);
+ changed = ISC_TRUE;
break;
}
result = update_one_rr(db, ver, zonediff->diff,
@@ -5068,7 +5131,6 @@
dns_rdataset_init(&rdataset);
dns_fixedname_init(&fixed);
dns_diff_init(zone->mctx, &_sig_diff);
- _sig_diff.resign = zone->sigresigninginterval;
zonediff_init(&zonediff, &_sig_diff);
/*
@@ -5125,7 +5187,7 @@
i = 0;
while (result == ISC_R_SUCCESS) {
- resign = rdataset.resign;
+ resign = rdataset.resign - zone->sigresigninginterval;
covers = rdataset.covers;
dns_rdataset_disassociate(&rdataset);
@@ -5987,7 +6049,6 @@
dns_diff_init(zone->mctx, &nsec3_diff);
dns_diff_init(zone->mctx, &nsec_diff);
dns_diff_init(zone->mctx, &_sig_diff);
- _sig_diff.resign = zone->sigresigninginterval;
zonediff_init(&zonediff, &_sig_diff);
ISC_LIST_INIT(cleanup);
@@ -6831,7 +6892,6 @@
dns_fixedname_init(&nextfixed);
nextname = dns_fixedname_name(&nextfixed);
dns_diff_init(zone->mctx, &_sig_diff);
- _sig_diff.resign = zone->sigresigninginterval;
dns_diff_init(zone->mctx, &post_diff);
zonediff_init(&zonediff, &_sig_diff);
ISC_LIST_INIT(cleanup);
@@ -7264,7 +7324,7 @@
isc_time_settoepoch(&zone->signingtime);
}
-static void
+static isc_result_t
normalize_key(dns_rdata_t *rr, dns_rdata_t *target,
unsigned char *data, int size) {
dns_rdata_dnskey_t dnskey;
@@ -7285,6 +7345,8 @@
break;
case dns_rdatatype_keydata:
result = dns_rdata_tostruct(rr, &keydata, NULL);
+ if (result == ISC_R_UNEXPECTEDEND)
+ return (result);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
dns_keydata_todnskey(&keydata, &dnskey, NULL);
dns_rdata_fromstruct(target, rr->rdclass, dns_rdatatype_dnskey,
@@ -7293,6 +7355,7 @@
default:
INSIST(0);
}
+ return (ISC_R_SUCCESS);
}
/*
@@ -7316,7 +7379,9 @@
dns_rdata_init(&rdata1);
dns_rdata_init(&rdata2);
- normalize_key(rr, &rdata1, data1, sizeof(data1));
+ result = normalize_key(rr, &rdata1, data1, sizeof(data1));
+ if (result != ISC_R_SUCCESS)
+ return (ISC_FALSE);
for (result = dns_rdataset_first(rdset);
result == ISC_R_SUCCESS;
@@ -7323,7 +7388,9 @@
result = dns_rdataset_next(rdset)) {
dns_rdata_reset(&rdata);
dns_rdataset_current(rdset, &rdata);
- normalize_key(&rdata, &rdata2, data2, sizeof(data2));
+ result = normalize_key(&rdata, &rdata2, data2, sizeof(data2));
+ if (result != ISC_R_SUCCESS)
+ continue;
if (dns_rdata_compare(&rdata1, &rdata2) == 0)
return (ISC_TRUE);
}
@@ -7430,7 +7497,11 @@
name, 0, &rdata));
/* Update refresh timer */
- CHECK(dns_rdata_tostruct(&rdata, &keydata, NULL));
+ result = dns_rdata_tostruct(&rdata, &keydata, NULL);
+ if (result == ISC_R_UNEXPECTEDEND)
+ continue;
+ if (result != ISC_R_SUCCESS)
+ goto failure;
keydata.refresh = refresh_time(kfetch, ISC_TRUE);
set_refreshkeytimer(zone, &keydata, now);
@@ -7581,7 +7652,6 @@
INSIST(result == ISC_R_SUCCESS);
dns_diff_init(mctx, &diff);
- diff.resign = zone->sigresigninginterval;
CHECK(dns_db_newversion(kfetch->db, &ver));
@@ -7921,8 +7991,10 @@
trust_key(zone, keyname, &dnskey, mctx);
}
- if (!deletekey)
+ if (!deletekey) {
+ INSIST(newkey || updatekey);
set_refreshkeytimer(zone, &keydata, now);
+ }
}
/*
@@ -8245,7 +8317,7 @@
}
/*
- * Master/redirect zones send notifies now, if needed
+ * Master zones send notifies now, if needed
*/
switch (zone->type) {
case dns_zone_master:
@@ -8605,10 +8677,16 @@
result = DNS_R_CONTINUE;
UNLOCK_ZONE(zone);
} else {
+ const dns_master_style_t *output_style;
+
+ if (zone->type == dns_zone_key)
+ output_style = &dns_master_style_keyzone;
+ else
+ output_style = &dns_master_style_default;
dns_db_currentversion(db, &version);
result = dns_master_dump2(zone->mctx, db, version,
- &dns_master_style_default,
- masterfile, masterformat);
+ output_style, masterfile,
+ masterformat);
dns_db_closeversion(db, &version, ISC_FALSE);
}
fail:
@@ -8988,7 +9066,7 @@
return (ISC_R_NOMEMORY);
e->ev_arg = notify;
e->ev_sender = NULL;
- result = isc_ratelimiter_enqueue(notify->zone->zmgr->rl,
+ result = isc_ratelimiter_enqueue(notify->zone->zmgr->notifyrl,
notify->zone->task, &e);
if (result != ISC_R_SUCCESS)
isc_event_free(&e);
@@ -10112,7 +10190,7 @@
e->ev_arg = zone;
e->ev_sender = NULL;
- result = isc_ratelimiter_enqueue(zone->zmgr->rl, zone->task, &e);
+ result = isc_ratelimiter_enqueue(zone->zmgr->refreshrl, zone->task, &e);
if (result != ISC_R_SUCCESS) {
zone_idetach(&dummy);
isc_event_free(&e);
@@ -10170,70 +10248,25 @@
static isc_result_t
add_opt(dns_message_t *message, isc_uint16_t udpsize, isc_boolean_t reqnsid) {
+ isc_result_t result;
dns_rdataset_t *rdataset = NULL;
- dns_rdatalist_t *rdatalist = NULL;
- dns_rdata_t *rdata = NULL;
- isc_result_t result;
+ dns_ednsopt_t ednsopts[DNS_EDNSOPTIONS];
+ int count = 0;
- result = dns_message_gettemprdatalist(message, &rdatalist);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- result = dns_message_gettemprdata(message, &rdata);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- result = dns_message_gettemprdataset(message, &rdataset);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- dns_rdataset_init(rdataset);
-
- rdatalist->type = dns_rdatatype_opt;
- rdatalist->covers = 0;
-
- /*
- * Set Maximum UDP buffer size.
- */
- rdatalist->rdclass = udpsize;
-
- /*
- * Set EXTENDED-RCODE, VERSION, DO and Z to 0.
- */
- rdatalist->ttl = 0;
-
/* Set EDNS options if applicable */
if (reqnsid) {
- unsigned char data[4];
- isc_buffer_t buf;
-
- isc_buffer_init(&buf, data, sizeof(data));
- isc_buffer_putuint16(&buf, DNS_OPT_NSID);
- isc_buffer_putuint16(&buf, 0);
- rdata->data = data;
- rdata->length = sizeof(data);
- } else {
- rdata->data = NULL;
- rdata->length = 0;
+ INSIST(count < DNS_EDNSOPTIONS);
+ ednsopts[count].code = DNS_OPT_NSID;
+ ednsopts[count].length = 0;
+ ednsopts[count].value = NULL;
+ count++;
}
+ result = dns_message_buildopt(message, &rdataset, 0, udpsize, 0,
+ ednsopts, count);
+ if (result != ISC_R_SUCCESS)
+ return (result);
- rdata->rdclass = rdatalist->rdclass;
- rdata->type = rdatalist->type;
- rdata->flags = 0;
-
- ISC_LIST_INIT(rdatalist->rdata);
- ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
- RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
- == ISC_R_SUCCESS);
-
return (dns_message_setopt(message, rdataset));
-
- cleanup:
- if (rdatalist != NULL)
- dns_message_puttemprdatalist(message, &rdatalist);
- if (rdataset != NULL)
- dns_message_puttemprdataset(message, &rdataset);
- if (rdata != NULL)
- dns_message_puttemprdata(message, &rdata);
-
- return (result);
}
static void
@@ -10812,10 +10845,10 @@
isc_time_compare(&zone->refreshtime, &next) < 0)
next = zone->refreshtime;
}
- if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
- INSIST(!isc_time_isepoch(&zone->expiretime));
+ if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
+ !isc_time_isepoch(&zone->expiretime)) {
if (isc_time_isepoch(&next) ||
- isc_time_compare(&zone->expiretime, &next) < 0)
+ isc_time_compare(&zone->expiretime, &next) < 0)
next = zone->expiretime;
}
if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
@@ -11052,6 +11085,8 @@
int match = 0;
isc_netaddr_t netaddr;
isc_sockaddr_t local, remote;
+ dns_tsigkey_t *tsigkey;
+ dns_name_t *tsig;
REQUIRE(DNS_ZONE_VALID(zone));
@@ -11128,8 +11163,10 @@
* Accept notify requests from non masters if they are on
* 'zone->notify_acl'.
*/
+ tsigkey = dns_message_gettsigkey(msg);
+ tsig = dns_tsigkey_identity(tsigkey);
if (i >= zone->masterscnt && zone->notify_acl != NULL &&
- dns_acl_match(&netaddr, NULL, zone->notify_acl,
+ dns_acl_match(&netaddr, tsig, zone->notify_acl,
&zone->view->aclenv,
&match, NULL) == ISC_R_SUCCESS &&
match > 0)
@@ -11467,7 +11504,7 @@
/*
* Leave space for terminating '\0'.
*/
- isc_buffer_init(&buffer, buf, length - 1);
+ isc_buffer_init(&buffer, buf, (unsigned int)length - 1);
if (dns_name_dynamic(&zone->origin))
result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer);
if (result != ISC_R_SUCCESS &&
@@ -11499,7 +11536,7 @@
/*
* Leave space for terminating '\0'.
*/
- isc_buffer_init(&buffer, buf, length - 1);
+ isc_buffer_init(&buffer, buf, (unsigned int)length - 1);
if (dns_name_dynamic(&zone->origin))
result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer);
if (result != ISC_R_SUCCESS &&
@@ -11519,7 +11556,7 @@
/*
* Leave space for terminating '\0'.
*/
- isc_buffer_init(&buffer, buf, length - 1);
+ isc_buffer_init(&buffer, buf, (unsigned int)length - 1);
(void)dns_rdataclass_totext(zone->rdclass, &buffer);
buf[isc_buffer_usedlength(&buffer)] = '\0';
@@ -11536,7 +11573,7 @@
/*
* Leave space for terminating '\0'.
*/
- isc_buffer_init(&buffer, buf, length - 1);
+ isc_buffer_init(&buffer, buf, (unsigned int)length - 1);
if (zone->view == NULL) {
isc_buffer_putstr(&buffer, "_none");
@@ -11862,7 +11899,6 @@
DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS) &&
!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER)) {
isc_uint32_t serial, oldserial;
- unsigned int soacount;
dns_zone_log(zone, ISC_LOG_DEBUG(3), "generating diffs");
@@ -12335,9 +12371,18 @@
void
dns_zone_setsigresigninginterval(dns_zone_t *zone, isc_uint32_t interval) {
+ isc_time_t now;
+
REQUIRE(DNS_ZONE_VALID(zone));
+ LOCK_ZONE(zone);
zone->sigresigninginterval = interval;
+ set_resigntime(zone);
+ if (zone->task != NULL) {
+ TIME_NOW(&now);
+ zone_settimer(zone, &now);
+ }
+ UNLOCK_ZONE(zone);
}
isc_uint32_t
@@ -12658,8 +12703,18 @@
case dns_rcode_yxrrset:
case dns_rcode_nxrrset:
case dns_rcode_refused:
- case dns_rcode_nxdomain:
+ case dns_rcode_nxdomain: {
+ char rcode[128];
+ isc_buffer_t rb;
+
+ isc_buffer_init(&rb, rcode, sizeof(rcode));
+ (void)dns_rcode_totext(msg->rcode, &rb);
+ dns_zone_log(zone, ISC_LOG_INFO,
+ "forwarded dynamic update: "
+ "master %s returned: %.*s",
+ master, (int)rb.used, rcode);
break;
+ }
/* These should not occur if the masters/zone are valid. */
case dns_rcode_notzone:
@@ -12807,7 +12862,8 @@
zmgr->socketmgr = socketmgr;
zmgr->zonetasks = NULL;
zmgr->task = NULL;
- zmgr->rl = NULL;
+ zmgr->notifyrl = NULL;
+ zmgr->refreshrl = NULL;
ISC_LIST_INIT(zmgr->zones);
ISC_LIST_INIT(zmgr->waiting_for_xfrin);
ISC_LIST_INIT(zmgr->xfrin_in_progress);
@@ -12831,16 +12887,25 @@
isc_task_setname(zmgr->task, "zmgr", zmgr);
result = isc_ratelimiter_create(mctx, timermgr, zmgr->task,
- &zmgr->rl);
+ &zmgr->notifyrl);
if (result != ISC_R_SUCCESS)
goto free_task;
+ result = isc_ratelimiter_create(mctx, timermgr, zmgr->task,
+ &zmgr->refreshrl);
+ if (result != ISC_R_SUCCESS)
+ goto free_notifyrl;
+
/* default to 20 refresh queries / notifies per second. */
isc_interval_set(&interval, 0, 1000000000/2);
- result = isc_ratelimiter_setinterval(zmgr->rl, &interval);
+ result = isc_ratelimiter_setinterval(zmgr->notifyrl, &interval);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- isc_ratelimiter_setpertic(zmgr->rl, 10);
+ isc_ratelimiter_setpertic(zmgr->notifyrl, 10);
+ result = isc_ratelimiter_setinterval(zmgr->refreshrl, &interval);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ isc_ratelimiter_setpertic(zmgr->refreshrl, 10);
+
zmgr->iolimit = 1;
zmgr->ioactive = 0;
ISC_LIST_INIT(zmgr->high);
@@ -12848,7 +12913,7 @@
result = isc_mutex_init(&zmgr->iolock);
if (result != ISC_R_SUCCESS)
- goto free_rl;
+ goto free_refreshrl;
zmgr->magic = ZONEMGR_MAGIC;
@@ -12859,8 +12924,10 @@
free_iolock:
DESTROYLOCK(&zmgr->iolock);
#endif
- free_rl:
- isc_ratelimiter_detach(&zmgr->rl);
+ free_refreshrl:
+ isc_ratelimiter_detach(&zmgr->refreshrl);
+ free_notifyrl:
+ isc_ratelimiter_detach(&zmgr->notifyrl);
free_task:
isc_task_detach(&zmgr->task);
free_urlock:
@@ -13028,7 +13095,8 @@
REQUIRE(DNS_ZONEMGR_VALID(zmgr));
- isc_ratelimiter_shutdown(zmgr->rl);
+ isc_ratelimiter_shutdown(zmgr->notifyrl);
+ isc_ratelimiter_shutdown(zmgr->refreshrl);
if (zmgr->task != NULL)
isc_task_destroy(&zmgr->task);
@@ -13086,7 +13154,8 @@
zmgr->magic = 0;
DESTROYLOCK(&zmgr->iolock);
- isc_ratelimiter_detach(&zmgr->rl);
+ isc_ratelimiter_detach(&zmgr->notifyrl);
+ isc_ratelimiter_detach(&zmgr->refreshrl);
isc_rwlock_destroy(&zmgr->urlock);
isc_rwlock_destroy(&zmgr->rwlock);
@@ -13475,10 +13544,15 @@
}
isc_interval_set(&interval, s, ns);
- result = isc_ratelimiter_setinterval(zmgr->rl, &interval);
+
+ result = isc_ratelimiter_setinterval(zmgr->notifyrl, &interval);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- isc_ratelimiter_setpertic(zmgr->rl, pertic);
+ isc_ratelimiter_setpertic(zmgr->notifyrl, pertic);
+ result = isc_ratelimiter_setinterval(zmgr->refreshrl, &interval);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ isc_ratelimiter_setpertic(zmgr->refreshrl, pertic);
+
zmgr->serialqueryrate = value;
}
@@ -13497,6 +13571,7 @@
isc_rwlocktype_t locktype;
isc_result_t result;
isc_uint32_t seconds = isc_time_seconds(now);
+ isc_uint32_t count = 0;
REQUIRE(DNS_ZONEMGR_VALID(zmgr));
@@ -13510,12 +13585,13 @@
if (result == ISC_R_SUCCESS) {
locktype = isc_rwlocktype_write;
zmgr->unreachable[i].last = seconds;
+ count = zmgr->unreachable[i].count;
}
break;
}
}
RWUNLOCK(&zmgr->urlock, locktype);
- return (ISC_TF(i < UNREACH_CHACHE_SIZE));
+ return (ISC_TF(i < UNREACH_CHACHE_SIZE && count > 1U));
}
void
@@ -13589,6 +13665,10 @@
*/
zmgr->unreachable[i].expire = seconds + UNREACH_HOLD_TIME;
zmgr->unreachable[i].last = seconds;
+ if (zmgr->unreachable[i].expire < seconds)
+ zmgr->unreachable[i].count = 1;
+ else
+ zmgr->unreachable[i].count++;
} else if (slot != UNREACH_CHACHE_SIZE) {
/*
* Found a empty slot. Add a new entry to the cache.
@@ -13597,6 +13677,7 @@
zmgr->unreachable[slot].last = seconds;
zmgr->unreachable[slot].remote = *remote;
zmgr->unreachable[slot].local = *local;
+ zmgr->unreachable[slot].count = 1;
} else {
/*
* Replace the least recently used entry in the cache.
@@ -13605,6 +13686,7 @@
zmgr->unreachable[oldest].last = seconds;
zmgr->unreachable[oldest].remote = *remote;
zmgr->unreachable[oldest].local = *local;
+ zmgr->unreachable[oldest].count = 1;
}
RWUNLOCK(&zmgr->urlock, isc_rwlocktype_write);
}
@@ -13825,10 +13907,12 @@
REQUIRE(DNS_ZONE_VALID(zone));
- if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMES))
+ if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMES) &&
+ rdata->type != dns_rdatatype_nsec3)
return (ISC_R_SUCCESS);
- if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL)) {
+ if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL) ||
+ rdata->type == dns_rdatatype_nsec3) {
level = ISC_LOG_ERROR;
fail = ISC_TRUE;
}
@@ -14453,7 +14537,6 @@
mctx = zone->mctx;
dns_diff_init(mctx, &diff);
dns_diff_init(mctx, &_sig_diff);
- _sig_diff.resign = zone->sigresigninginterval;
zonediff_init(&zonediff, &_sig_diff);
CHECK(dns_zone_getdb(zone, &db));
Modified: vendor/bind/dist/lib/dns/zonekey.c
===================================================================
--- vendor/bind/dist/lib/dns/zonekey.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/zonekey.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zonekey.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: zonekey.c,v 1.9 2007/06/19 23:47:16 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/dns/zt.c
===================================================================
--- vendor/bind/dist/lib/dns/zt.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/dns/zt.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zt.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/export/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/dns/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/dns/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/dns/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id$
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/dns
Modified: vendor/bind/dist/lib/export/dns/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/dns/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/dns/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/dns/include/dns/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/dns/include/dns/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/dns/include/dns/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.4 2009/09/18 07:18:04 jinmei Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/dns/include/dst/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/dns/include/dst/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/dns/include/dst/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/irs/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/irs/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/irs/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id$
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/irs
Modified: vendor/bind/dist/lib/export/irs/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/irs/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/irs/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/irs/include/irs/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/irs/include/irs/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/irs/include/irs/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.8 2010/06/09 23:50:58 tbox Exp $
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isc
@@ -22,11 +22,19 @@
@LIBISC_API@
-CINCLUDES = -I${srcdir}/unix/include \
+CINCLUDES = -Iunix/include \
+ -I at ISC_THREAD_DIR@/include \
+ -I at ISC_ARCH_DIR@/include \
+ -Iinclude \
+ -I../../../lib/isc/unix/include \
+ -I../../../lib/isc/@ISC_THREAD_DIR@/include \
+ -I../../../lib/isc/@ISC_ARCH_DIR@/include \
+ -I../../../lib/isc/include \
+ -I${srcdir}/unix/include \
-I${srcdir}/@ISC_THREAD_DIR@/include \
-I${srcdir}/@ISC_ARCH_DIR@/include \
- -I${export_srcdir}/isc/include -I${srcdir}/include \
- @ISC_OPENSSL_INC@
+ -I${export_srcdir}/isc/include \
+ -I${srcdir}/include @ISC_OPENSSL_INC@
CDEFINES = @USE_OPENSSL@ -DUSE_APPIMPREGISTER -DUSE_MEMIMPREGISTER \
-DUSE_SOCKETIMPREGISTER -DUSE_TASKIMPREGISTER \
-DUSE_TIMERIMPREGISTER
@@ -70,8 +78,8 @@
md5. at O@ mutexblock. at O@ netaddr. at O@ netscope. at O@ \
ondestroy. at O@ parseint. at O@ portset. at O@ radix. at O@ \
random. at O@ refcount. at O@ region. at O@ regex. at O@ result. at O@ \
- rwlock. at O@ serial. at O@ sha1. at O@ sha2. at O@ sockaddr. at O@ \
- stats. at O@ string. at O@ \
+ rwlock. at O@ safe. at O@ serial. at O@ sha1. at O@ sha2. at O@ \
+ sockaddr. at O@ stats. at O@ string. at O@ \
symtab. at O@ \
version. at O@ \
${APIOBJS} ${ISCDRIVEROBJS} \
@@ -94,7 +102,8 @@
ondestroy.c \
parseint.c portset.c radix.c \
random.c refcount.c region.c regex.c result.c rwlock.c \
- serial.c sha1.c sha2.c sockaddr.c stats.c string.c symtab.c \
+ safe.c serial.c sha1.c sha2.c sockaddr.c \
+ stats.c string.c symtab.c \
version.c \
${APISRCS} ${ISCDRIVERSRCS}
Modified: vendor/bind/dist/lib/export/isc/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/12/05 23:31:41 each Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/include/isc/bind9.h
===================================================================
--- vendor/bind/dist/lib/export/isc/include/isc/bind9.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/include/isc/bind9.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: bind9.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: bind9.h,v 1.2 2009/12/05 23:31:41 each Exp $ */
#ifndef ISC_BIND9_H
#define ISC_BIND9_H 1
Modified: vendor/bind/dist/lib/export/isc/nls/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/nls/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/nls/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isc/nls
Modified: vendor/bind/dist/lib/export/isc/nothreads/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/nothreads/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/nothreads/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.5 2010/06/09 23:50:58 tbox Exp $
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isc/nothreads
Modified: vendor/bind/dist/lib/export/isc/nothreads/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/nothreads/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/nothreads/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/nothreads/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/nothreads/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/nothreads/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2009/09/01 00:22:27 jinmei Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/pthreads/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/pthreads/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/pthreads/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isc/pthreads
Modified: vendor/bind/dist/lib/export/isc/pthreads/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/pthreads/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/pthreads/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/pthreads/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/pthreads/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/pthreads/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2009/09/01 00:22:27 jinmei Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/unix/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/unix/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/unix/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isc/unix
Modified: vendor/bind/dist/lib/export/isc/unix/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/unix/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/unix/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isc/unix/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isc/unix/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isc/unix/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2009/09/01 00:22:27 jinmei Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isccfg/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isccfg/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isccfg/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id$
top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isccfg
Modified: vendor/bind/dist/lib/export/isccfg/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isccfg/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isccfg/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/isccfg/include/isccfg/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/isccfg/include/isccfg/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/isccfg/include/isccfg/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/samples/Makefile-postinstall.in
===================================================================
--- vendor/bind/dist/lib/export/samples/Makefile-postinstall.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/Makefile-postinstall.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile-postinstall.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile-postinstall.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
#prefix = @prefix@
Modified: vendor/bind/dist/lib/export/samples/Makefile.in
===================================================================
--- vendor/bind/dist/lib/export/samples/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.4 2009/12/05 23:31:41 each Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
Modified: vendor/bind/dist/lib/export/samples/nsprobe.c
===================================================================
--- vendor/bind/dist/lib/export/samples/nsprobe.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/nsprobe.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsprobe.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -1101,7 +1101,7 @@
(long)res->ai_addrlen);
exit(1);
}
- memcpy(&sa.type.sa, res->ai_addr, res->ai_addrlen);
+ memmove(&sa.type.sa, res->ai_addr, res->ai_addrlen);
sa.length = res->ai_addrlen;
freeaddrinfo(res);
ISC_LINK_INIT(&sa, link);
Modified: vendor/bind/dist/lib/export/samples/sample-async.c
===================================================================
--- vendor/bind/dist/lib/export/samples/sample-async.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/sample-async.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sample-async.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: sample-async.c,v 1.5 2009/09/29 15:06:07 fdupont Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/export/samples/sample-gai.c
===================================================================
--- vendor/bind/dist/lib/export/samples/sample-gai.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/sample-gai.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sample-gai.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: sample-gai.c,v 1.4 2009/09/02 23:48:02 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/export/samples/sample-request.c
===================================================================
--- vendor/bind/dist/lib/export/samples/sample-request.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/sample-request.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sample-request.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: sample-request.c,v 1.5 2009/09/29 15:06:07 fdupont Exp $ */
#include <config.h>
@@ -221,7 +221,7 @@
exit(1);
}
INSIST(res->ai_addrlen <= sizeof(sa.type));
- memcpy(&sa.type, res->ai_addr, res->ai_addrlen);
+ memmove(&sa.type, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
sa.length = res->ai_addrlen;
ISC_LINK_INIT(&sa, link);
Modified: vendor/bind/dist/lib/export/samples/sample-update.c
===================================================================
--- vendor/bind/dist/lib/export/samples/sample-update.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/sample-update.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sample-update.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: sample-update.c,v 1.10 2010/12/09 00:54:34 marka Exp $ */
#include <config.h>
@@ -38,6 +38,7 @@
#include <isc/mem.h>
#include <isc/parseint.h>
#include <isc/sockaddr.h>
+#include <isc/string.h>
#include <isc/util.h>
#include <dns/callbacks.h>
@@ -188,7 +189,7 @@
exit(1);
}
INSIST(res->ai_addrlen <= sizeof(sa_auth.type));
- memcpy(&sa_auth.type, res->ai_addr, res->ai_addrlen);
+ memmove(&sa_auth.type, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
sa_auth.length = res->ai_addrlen;
ISC_LINK_INIT(&sa_auth, link);
@@ -210,7 +211,7 @@
exit(1);
}
INSIST(res->ai_addrlen <= sizeof(sa_recursive.type));
- memcpy(&sa_recursive.type, res->ai_addr, res->ai_addrlen);
+ memmove(&sa_recursive.type, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
sa_recursive.length = res->ai_addrlen;
ISC_LINK_INIT(&sa_recursive, link);
Modified: vendor/bind/dist/lib/export/samples/sample.c
===================================================================
--- vendor/bind/dist/lib/export/samples/sample.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/export/samples/sample.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sample.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: sample.c,v 1.5 2009/09/29 15:06:07 fdupont Exp $ */
#include <config.h>
@@ -197,7 +197,7 @@
exit(1);
}
INSIST(res->ai_addrlen <= sizeof(sa.type));
- memcpy(&sa.type, res->ai_addr, res->ai_addrlen);
+ memmove(&sa.type, res->ai_addr, res->ai_addrlen);
sa.length = res->ai_addrlen;
freeaddrinfo(res);
ISC_LINK_INIT(&sa, link);
Modified: vendor/bind/dist/lib/irs/Makefile.in
===================================================================
--- vendor/bind/dist/lib/irs/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -39,7 +39,7 @@
# Alphabetically
SRCS = context.c \
dnsconf.c \
- gai_sterror.c getaddrinfo.c getnameinfo.c \
+ gai_strerror.c getaddrinfo.c getnameinfo.c \
resconf.c
LIBS = @LIBS@
@@ -74,7 +74,7 @@
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libirs. at A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libirs. at A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libirs. at A@ libirs.la timestamp
Modified: vendor/bind/dist/lib/irs/api
===================================================================
--- vendor/bind/dist/lib/irs/api 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/api 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,6 +4,6 @@
# 9.8: 80-89, 120-129
# 9.9: 90-109
# 9.9-sub: 130-139
-LIBINTERFACE = 80
-LIBREVISION = 4
+LIBINTERFACE = 81
+LIBREVISION = 1
LIBAGE = 0
Modified: vendor/bind/dist/lib/irs/context.c
===================================================================
--- vendor/bind/dist/lib/irs/context.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/context.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: context.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: context.c,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
#include <config.h>
@@ -148,7 +148,7 @@
}
static isc_result_t
-thread_key_init() {
+thread_key_init(void) {
isc_result_t result;
result = isc_once_do(&once, thread_key_mutex_init);
Modified: vendor/bind/dist/lib/irs/dnsconf.c
===================================================================
--- vendor/bind/dist/lib/irs/dnsconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/dnsconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnsconf.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: dnsconf.c,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/irs/gai_strerror.c
===================================================================
--- vendor/bind/dist/lib/irs/gai_strerror.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/gai_strerror.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gai_strerror.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: gai_strerror.c,v 1.5 2009/09/02 23:48:02 tbox Exp $ */
/*! \file gai_strerror.c
* gai_strerror() returns an error message corresponding to an
Modified: vendor/bind/dist/lib/irs/getaddrinfo.c
===================================================================
--- vendor/bind/dist/lib/irs/getaddrinfo.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/getaddrinfo.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getaddrinfo.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: getaddrinfo.c,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
@@ -178,6 +178,7 @@
int socktype, int port);
static void set_order(int, int (**)(const char *, int, struct addrinfo **,
int, int));
+static void _freeaddrinfo(struct addrinfo *ai);
#define FOUND_IPV4 0x1
#define FOUND_IPV6 0x2
@@ -339,7 +340,7 @@
if (family == AF_INET6 || family == 0) {
ai = ai_alloc(AF_INET6, sizeof(struct sockaddr_in6));
if (ai == NULL) {
- freeaddrinfo(ai_list);
+ _freeaddrinfo(ai_list);
return (EAI_MEMORY);
}
ai->ai_socktype = socktype;
@@ -409,7 +410,7 @@
* Convert to a V4 mapped address.
*/
struct in6_addr *a6 = (struct in6_addr *)abuf;
- memcpy(&a6->s6_addr[12], &a6->s6_addr[0], 4);
+ memmove(&a6->s6_addr[12], &a6->s6_addr[0], 4);
memset(&a6->s6_addr[10], 0xff, 2);
memset(&a6->s6_addr[0], 0, 10);
goto inet6_addr;
@@ -446,7 +447,7 @@
ai_list = ai;
ai->ai_socktype = socktype;
SIN(ai->ai_addr)->sin_port = port;
- memcpy((char *)ai->ai_addr + addroff, abuf, addrsize);
+ memmove((char *)ai->ai_addr + addroff, abuf, addrsize);
if ((flags & AI_CANONNAME) != 0) {
#ifdef IRS_HAVE_SIN6_SCOPE_ID
if (ai->ai_family == AF_INET6)
@@ -458,7 +459,7 @@
NI_NUMERICHOST) == 0) {
ai->ai_canonname = strdup(nbuf);
if (ai->ai_canonname == NULL) {
- freeaddrinfo(ai);
+ _freeaddrinfo(ai);
return (EAI_MEMORY);
}
} else {
@@ -481,7 +482,7 @@
socktype, port);
if (err != 0) {
if (ai_list != NULL) {
- freeaddrinfo(ai_list);
+ _freeaddrinfo(ai_list);
ai_list = NULL;
}
break;
@@ -789,8 +790,8 @@
RUNTIME_CHECK(result == ISC_R_SUCCESS);
SIN(ai->ai_addr)->sin_port =
resstate->head->ai_port;
- memcpy(&SIN(ai->ai_addr)->sin_addr,
- &rdata_a.in_addr, 4);
+ memmove(&SIN(ai->ai_addr)->sin_addr,
+ &rdata_a.in_addr, 4);
dns_rdata_freestruct(&rdata_a);
break;
case AF_INET6:
@@ -800,8 +801,8 @@
RUNTIME_CHECK(result == ISC_R_SUCCESS);
SIN6(ai->ai_addr)->sin6_port =
resstate->head->ai_port;
- memcpy(&SIN6(ai->ai_addr)->sin6_addr,
- &rdata_aaaa.in6_addr, 16);
+ memmove(&SIN6(ai->ai_addr)->sin6_addr,
+ &rdata_aaaa.in6_addr, 16);
dns_rdata_freestruct(&rdata_aaaa);
break;
}
@@ -831,7 +832,7 @@
error = EAI_NONAME;
} else {
if (trans->ai_sentinel.ai_next != NULL) {
- freeaddrinfo(trans->ai_sentinel.ai_next);
+ _freeaddrinfo(trans->ai_sentinel.ai_next);
trans->ai_sentinel.ai_next = NULL;
}
}
@@ -1123,7 +1124,7 @@
ai = ai_clone(*aip, AF_INET); /* don't use ai_clone() */
if (ai == NULL) {
- freeaddrinfo(*aip);
+ _freeaddrinfo(*aip);
return (EAI_MEMORY);
}
@@ -1130,7 +1131,7 @@
*aip = ai;
ai->ai_socktype = socktype;
SIN(ai->ai_addr)->sin_port = port;
- memcpy(&SIN(ai->ai_addr)->sin_addr, v4_loop, 4);
+ memmove(&SIN(ai->ai_addr)->sin_addr, v4_loop, 4);
return (0);
}
@@ -1153,7 +1154,7 @@
*aip = ai;
ai->ai_socktype = socktype;
SIN6(ai->ai_addr)->sin6_port = port;
- memcpy(&SIN6(ai->ai_addr)->sin6_addr, v6_loop, 16);
+ memmove(&SIN6(ai->ai_addr)->sin6_addr, v6_loop, 16);
return (0);
}
@@ -1161,6 +1162,11 @@
/*% Free address info. */
void
freeaddrinfo(struct addrinfo *ai) {
+ _freeaddrinfo(ai);
+}
+
+static void
+_freeaddrinfo(struct addrinfo *ai) {
struct addrinfo *ai_next;
while (ai != NULL) {
Modified: vendor/bind/dist/lib/irs/getnameinfo.c
===================================================================
--- vendor/bind/dist/lib/irs/getnameinfo.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/getnameinfo.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getnameinfo.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/irs/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/irs/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/irs/include/irs/Makefile.in
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -23,7 +23,7 @@
# machine generated. The latter are handled specially in the
# install target below.
#
-HEADERS = version.h
+HEADERS = context.h dnsconf.h resconf.h types.h version.h
SUBDIRS =
TARGETS =
Modified: vendor/bind/dist/lib/irs/include/irs/context.h
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/context.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/context.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: context.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: context.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
#ifndef IRS_CONTEXT_H
#define IRS_CONTEXT_H 1
Modified: vendor/bind/dist/lib/irs/include/irs/dnsconf.h
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/dnsconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/dnsconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnsconf.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: dnsconf.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
#ifndef IRS_DNSCONF_H
#define IRS_DNSCONF_H 1
Modified: vendor/bind/dist/lib/irs/include/irs/netdb.h.in
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/netdb.h.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/netdb.h.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: netdb.h.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: netdb.h.in,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/irs/include/irs/platform.h.in
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/platform.h.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/platform.h.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: platform.h.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: platform.h.in,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/irs/include/irs/resconf.h
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/resconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/resconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resconf.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: resconf.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
#ifndef IRS_RESCONF_H
#define IRS_RESCONF_H 1
@@ -46,8 +46,13 @@
irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp);
/*%<
* Load the resolver configuration file 'filename' in the "resolv.conf" format,
- * and create a new irs_resconf_t object from the configuration.
+ * and create a new irs_resconf_t object from the configuration. If the file
+ * is not found ISC_R_FILENOTFOUND is returned with the structure initialized
+ * as if file contained only:
*
+ * nameserver ::1
+ * nameserver 127.0.0.1
+ *
* Notes:
*
*\li Currently, only the following options are supported:
@@ -55,6 +60,11 @@
* In addition, 'sortlist' is not actually effective; it's parsed, but
* the application cannot use the configuration.
*
+ * Returns:
+ * \li ISC_R_SUCCESS on success
+ * \li ISC_R_FILENOTFOUND if the file was not found. *confp will be valid.
+ * \li other on error.
+ *
* Requires:
*
*\li 'mctx' is a valid memory context.
Modified: vendor/bind/dist/lib/irs/include/irs/types.h
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/types.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/types.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: types.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: types.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
#ifndef IRS_TYPES_H
#define IRS_TYPES_H 1
Modified: vendor/bind/dist/lib/irs/include/irs/version.h
===================================================================
--- vendor/bind/dist/lib/irs/include/irs/version.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/include/irs/version.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: version.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/irs/resconf.c
===================================================================
--- vendor/bind/dist/lib/irs/resconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/resconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resconf.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file resconf.c */
@@ -224,7 +224,7 @@
v4 = &((struct sockaddr_in *)res->ai_addr)->sin_addr;
if (memcmp(v4, zeroaddress, 4) == 0)
- memcpy(v4, loopaddress, 4);
+ memmove(v4, loopaddress, 4);
}
address = isc_mem_get(mctx, sizeof(*address));
@@ -238,7 +238,7 @@
goto cleanup;
}
address->length = res->ai_addrlen;
- memcpy(&address->type.ss, res->ai_addr, res->ai_addrlen);
+ memmove(&address->type.ss, res->ai_addr, res->ai_addrlen);
ISC_LINK_INIT(address, link);
ISC_LIST_APPEND(*nameservers, address, link);
@@ -258,14 +258,14 @@
unsigned char zeroaddress[] = {0, 0, 0, 0};
unsigned char loopaddress[] = {127, 0, 0, 1};
if (memcmp(&v4, zeroaddress, 4) == 0)
- memcpy(&v4, loopaddress, 4);
+ memmove(&v4, loopaddress, 4);
}
addr->family = AF_INET;
- memcpy(&addr->type.in, &v4, NS_INADDRSZ);
+ memmove(&addr->type.in, &v4, NS_INADDRSZ);
addr->zone = 0;
} else if (inet_pton(AF_INET6, buffer, &v6) == 1) {
addr->family = AF_INET6;
- memcpy(&addr->type.in6, &v6, NS_IN6ADDRSZ);
+ memmove(&addr->type.in6, &v6, NS_IN6ADDRSZ);
addr->zone = 0;
} else
return (ISC_R_BADADDRESSFORM); /* Unrecognised format. */
@@ -483,7 +483,7 @@
{
FILE *fp = NULL;
char word[256];
- isc_result_t rval, ret;
+ isc_result_t rval, ret = ISC_R_SUCCESS;
irs_resconf_t *conf;
int i, stopchar;
@@ -507,46 +507,50 @@
conf->search[i] = NULL;
errno = 0;
- if ((fp = fopen(filename, "r")) == NULL) {
- isc_mem_put(mctx, conf, sizeof(*conf));
- return (ISC_R_INVALIDFILE);
- }
-
- ret = ISC_R_SUCCESS;
- do {
- stopchar = getword(fp, word, sizeof(word));
- if (stopchar == EOF) {
- rval = ISC_R_SUCCESS;
- POST(rval);
- break;
- }
-
- if (strlen(word) == 0U)
- rval = ISC_R_SUCCESS;
- else if (strcmp(word, "nameserver") == 0)
- rval = resconf_parsenameserver(conf, fp);
- else if (strcmp(word, "domain") == 0)
- rval = resconf_parsedomain(conf, fp);
- else if (strcmp(word, "search") == 0)
- rval = resconf_parsesearch(conf, fp);
- else if (strcmp(word, "sortlist") == 0)
- rval = resconf_parsesortlist(conf, fp);
- else if (strcmp(word, "options") == 0)
- rval = resconf_parseoption(conf, fp);
- else {
- /* unrecognised word. Ignore entire line */
- rval = ISC_R_SUCCESS;
- stopchar = eatline(fp);
+ if ((fp = fopen(filename, "r")) != NULL) {
+ do {
+ stopchar = getword(fp, word, sizeof(word));
if (stopchar == EOF) {
+ rval = ISC_R_SUCCESS;
+ POST(rval);
break;
}
+
+ if (strlen(word) == 0U)
+ rval = ISC_R_SUCCESS;
+ else if (strcmp(word, "nameserver") == 0)
+ rval = resconf_parsenameserver(conf, fp);
+ else if (strcmp(word, "domain") == 0)
+ rval = resconf_parsedomain(conf, fp);
+ else if (strcmp(word, "search") == 0)
+ rval = resconf_parsesearch(conf, fp);
+ else if (strcmp(word, "sortlist") == 0)
+ rval = resconf_parsesortlist(conf, fp);
+ else if (strcmp(word, "options") == 0)
+ rval = resconf_parseoption(conf, fp);
+ else {
+ /* unrecognised word. Ignore entire line */
+ rval = ISC_R_SUCCESS;
+ stopchar = eatline(fp);
+ if (stopchar == EOF) {
+ break;
+ }
+ }
+ if (ret == ISC_R_SUCCESS && rval != ISC_R_SUCCESS)
+ ret = rval;
+ } while (1);
+
+ fclose(fp);
+ } else {
+ switch (errno) {
+ case ENOENT:
+ break;
+ default:
+ isc_mem_put(mctx, conf, sizeof(*conf));
+ return (ISC_R_INVALIDFILE);
}
- if (ret == ISC_R_SUCCESS && rval != ISC_R_SUCCESS)
- ret = rval;
- } while (1);
+ }
- fclose(fp);
-
/* If we don't find a nameserver fall back to localhost */
if (conf->numns == 0) {
INSIST(ISC_LIST_EMPTY(conf->nameservers));
@@ -575,8 +579,11 @@
if (ret != ISC_R_SUCCESS)
irs_resconf_destroy(&conf);
- else
+ else {
+ if (fp == NULL)
+ ret = ISC_R_FILENOTFOUND;
*confp = conf;
+ }
return (ret);
}
Modified: vendor/bind/dist/lib/irs/version.c
===================================================================
--- vendor/bind/dist/lib/irs/version.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/irs/version.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: version.c,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -62,7 +62,7 @@
parseint. at O@ portset. at O@ quota. at O@ radix. at O@ random. at O@ \
ratelimiter. at O@ refcount. at O@ region. at O@ regex. at O@ result. at O@ \
rwlock. at O@ \
- serial. at O@ sha1. at O@ sha2. at O@ sockaddr. at O@ stats. at O@ \
+ safe. at O@ serial. at O@ sha1. at O@ sha2. at O@ sockaddr. at O@ stats. at O@ \
string. at O@ strtoul. at O@ symtab. at O@ task. at O@ taskpool. at O@ \
timer. at O@ version. at O@ ${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
SYMTBLOBJS = backtrace-emptytbl. at O@
@@ -78,8 +78,9 @@
netaddr.c netscope.c ondestroy.c \
parseint.c portset.c quota.c radix.c random.c \
ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
- serial.c sha1.c sha2.c sockaddr.c stats.c string.c strtoul.c \
- symtab.c symtbl-empty.c task.c taskpool.c timer.c version.c
+ safe.c serial.c sha1.c sha2.c sockaddr.c stats.c string.c \
+ strtoul.c symtab.c task.c taskpool.c timer.c \
+ version.c
LIBS = @LIBS@
@@ -93,6 +94,10 @@
@BIND9_MAKE_RULES@
+safe. at O@: safe.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} @CCNOOPT@ \
+ -c ${srcdir}/safe.c
+
version. at O@: version.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
@@ -128,7 +133,7 @@
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc. at A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libisc. at A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libisc. at A@ libisc-nosymtbl. at A@ libisc.la \
Modified: vendor/bind/dist/lib/isc/alpha/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/alpha/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/alpha/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/alpha/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/alpha/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/alpha/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/alpha/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/alpha/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/alpha/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/alpha/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/alpha/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/alpha/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: atomic.h,v 1.7 2009/04/08 06:48:23 tbox Exp $ */
/*
* This code was written based on FreeBSD's kernel source whose copyright
Modified: vendor/bind/dist/lib/isc/api
===================================================================
--- vendor/bind/dist/lib/isc/api 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/api 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,6 +4,6 @@
# 9.8: 80-89, 120-129
# 9.9: 90-109
# 9.9-sub: 130-139
-LIBINTERFACE = 87
-LIBREVISION = 1
-LIBAGE = 3
+LIBINTERFACE = 122
+LIBREVISION = 0
+LIBAGE = 2
Modified: vendor/bind/dist/lib/isc/app_api.c
===================================================================
--- vendor/bind/dist/lib/isc/app_api.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/app_api.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: app_api.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: app_api.c,v 1.5 2009/09/02 23:48:02 tbox Exp $ */
#include <config.h>
@@ -91,6 +91,16 @@
}
isc_result_t
+isc_app_ctxonrun(isc_appctx_t *ctx, isc_mem_t *mctx,
+ isc_task_t *task, isc_taskaction_t action,
+ void *arg)
+{
+ REQUIRE(ISCAPI_APPCTX_VALID(ctx));
+
+ return (ctx->methods->ctxonrun(ctx, mctx, task, action, arg));
+}
+
+isc_result_t
isc_app_ctxsuspend(isc_appctx_t *ctx) {
REQUIRE(ISCAPI_APPCTX_VALID(ctx));
Modified: vendor/bind/dist/lib/isc/assertions.c
===================================================================
--- vendor/bind/dist/lib/isc/assertions.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/assertions.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: assertions.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: assertions.c,v 1.26 2009/09/29 15:06:07 fdupont Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/backtrace-emptytbl.c
===================================================================
--- vendor/bind/dist/lib/isc/backtrace-emptytbl.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/backtrace-emptytbl.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: backtrace-emptytbl.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: backtrace-emptytbl.c,v 1.3 2009/09/01 20:13:44 each Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/backtrace.c
===================================================================
--- vendor/bind/dist/lib/isc/backtrace.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/backtrace.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: backtrace.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: backtrace.c,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
@@ -51,6 +51,8 @@
#define BACKTRACE_LIBC
#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__ia64__))
#define BACKTRACE_GCC
+#elif defined(WIN32)
+#define BACKTRACE_WIN32
#elif defined(__x86_64__) || defined(__i386__)
#define BACKTRACE_X86STACK
#else
@@ -127,10 +129,18 @@
return (ISC_R_SUCCESS);
}
+#elif defined(BACKTRACE_WIN32)
+isc_result_t
+isc_backtrace_gettrace(void **addrs, int maxaddrs, int *nframes) {
+ unsigned long ftc = (unsigned long)maxaddrs;
+
+ *nframes = (int)CaptureStackBackTrace(1, ftc, addrs, NULL);
+ return ISC_R_SUCCESS;
+}
#elif defined(BACKTRACE_X86STACK)
#ifdef __x86_64__
static unsigned long
-getrbp() {
+getrbp(void) {
__asm("movq %rbp, %rax\n");
}
#endif
@@ -278,7 +288,8 @@
result = ISC_R_NOTFOUND;
else {
*symbolp = found->symbol;
- *offsetp = (const char *)addr - (char *)found->addr;
+ *offsetp = (unsigned long) ((const char *)addr -
+ (char *)found->addr);
}
return (result);
Modified: vendor/bind/dist/lib/isc/base32.c
===================================================================
--- vendor/bind/dist/lib/isc/base32.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/base32.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: base32.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: base32.c,v 1.6.698.1 2012/02/15 05:00:16 marka Exp $ */
/*! \file */
@@ -54,7 +54,7 @@
static isc_result_t
base32_totext(isc_region_t *source, int wordlength, const char *wordbreak,
- isc_buffer_t *target, const char base[])
+ isc_buffer_t *target, const char base[], char pad)
{
char buf[9];
unsigned int loops = 0;
@@ -67,8 +67,8 @@
buf[0] = base[((source->base[0]>>3)&0x1f)]; /* 5 + */
if (source->length == 1) {
buf[1] = base[(source->base[0]<<2)&0x1c];
- buf[2] = buf[3] = buf[4] = '=';
- buf[5] = buf[6] = buf[7] = '=';
+ buf[2] = buf[3] = buf[4] = pad;
+ buf[5] = buf[6] = buf[7] = pad;
RETERR(str_totext(buf, target));
break;
}
@@ -77,7 +77,7 @@
buf[2] = base[((source->base[1]>>1)&0x1f)]; /* 5 + */
if (source->length == 2) {
buf[3] = base[(source->base[1]<<4)&0x10];
- buf[4] = buf[5] = buf[6] = buf[7] = '=';
+ buf[4] = buf[5] = buf[6] = buf[7] = pad;
RETERR(str_totext(buf, target));
break;
}
@@ -85,7 +85,7 @@
((source->base[2]>>4)&0x0f)]; /* 4 + */
if (source->length == 3) {
buf[4] = base[(source->base[2]<<1)&0x1e];
- buf[5] = buf[6] = buf[7] = '=';
+ buf[5] = buf[6] = buf[7] = pad;
RETERR(str_totext(buf, target));
break;
}
@@ -94,7 +94,7 @@
buf[5] = base[((source->base[3]>>2)&0x1f)]; /* 5 + */
if (source->length == 4) {
buf[6] = base[(source->base[3]<<3)&0x18];
- buf[7] = '=';
+ buf[7] = pad;
RETERR(str_totext(buf, target));
break;
}
@@ -121,7 +121,8 @@
isc_base32_totext(isc_region_t *source, int wordlength,
const char *wordbreak, isc_buffer_t *target)
{
- return (base32_totext(source, wordlength, wordbreak, target, base32));
+ return (base32_totext(source, wordlength, wordbreak, target,
+ base32, '='));
}
isc_result_t
@@ -129,9 +130,17 @@
const char *wordbreak, isc_buffer_t *target)
{
return (base32_totext(source, wordlength, wordbreak, target,
- base32hex));
+ base32hex, '='));
}
+isc_result_t
+isc_base32hexnp_totext(isc_region_t *source, int wordlength,
+ const char *wordbreak, isc_buffer_t *target)
+{
+ return (base32_totext(source, wordlength, wordbreak, target,
+ base32hex, 0));
+}
+
/*%
* State of a base32 decoding process in progress.
*/
@@ -143,11 +152,12 @@
int val[8];
const char *base; /*%< Which encoding we are using */
int seen_32; /*%< Number of significant bytes if non zero */
+ isc_boolean_t pad; /*%< Expect padding */
} base32_decode_ctx_t;
static inline void
-base32_decode_init(base32_decode_ctx_t *ctx, int length,
- const char base[], isc_buffer_t *target)
+base32_decode_init(base32_decode_ctx_t *ctx, int length, const char base[],
+ isc_boolean_t pad, isc_buffer_t *target)
{
ctx->digits = 0;
ctx->seen_end = ISC_FALSE;
@@ -155,6 +165,7 @@
ctx->length = length;
ctx->target = target;
ctx->base = base;
+ ctx->pad = pad;
}
static inline isc_result_t
@@ -166,18 +177,27 @@
return (ISC_R_BADBASE32);
if ((s = strchr(ctx->base, c)) == NULL)
return (ISC_R_BADBASE32);
- last = s - ctx->base;
+ last = (unsigned int)(s - ctx->base);
+
/*
* Handle lower case.
*/
if (last > 32)
last -= 33;
+
/*
* Check that padding is contiguous.
*/
if (last != 32 && ctx->seen_32 != 0)
return (ISC_R_BADBASE32);
+
/*
+ * If padding is not permitted flag padding as a error.
+ */
+ if (last == 32 && !ctx->pad)
+ return (ISC_R_BADBASE32);
+
+ /*
* Check that padding starts at the right place and that
* bits that should be zero are.
* Record how many significant bytes in answer (seen_32).
@@ -212,6 +232,7 @@
ctx->seen_32 = 4;
break;
}
+
/*
* Zero fill pad values.
*/
@@ -244,8 +265,18 @@
static inline isc_result_t
base32_decode_finish(base32_decode_ctx_t *ctx) {
+
if (ctx->length > 0)
return (ISC_R_UNEXPECTEDEND);
+ /*
+ * Add missing padding if required.
+ */
+ if (!ctx->pad && ctx->digits != 0) {
+ ctx->pad = ISC_TRUE;
+ do {
+ RETERR(base32_decode_char(ctx, '='));
+ } while (ctx->digits != 0);
+ }
if (ctx->digits != 0)
return (ISC_R_BADBASE32);
return (ISC_R_SUCCESS);
@@ -252,8 +283,8 @@
}
static isc_result_t
-base32_tobuffer(isc_lex_t *lexer, const char base[], isc_buffer_t *target,
- int length)
+base32_tobuffer(isc_lex_t *lexer, const char base[], isc_boolean_t pad,
+ isc_buffer_t *target, int length)
{
base32_decode_ctx_t ctx;
isc_textregion_t *tr;
@@ -260,7 +291,7 @@
isc_token_t token;
isc_boolean_t eol;
- base32_decode_init(&ctx, length, base, target);
+ base32_decode_init(&ctx, length, base, pad, target);
while (!ctx.seen_end && (ctx.length != 0)) {
unsigned int i;
@@ -285,19 +316,26 @@
isc_result_t
isc_base32_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
- return (base32_tobuffer(lexer, base32, target, length));
+ return (base32_tobuffer(lexer, base32, ISC_TRUE, target, length));
}
isc_result_t
isc_base32hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
- return (base32_tobuffer(lexer, base32hex, target, length));
+ return (base32_tobuffer(lexer, base32hex, ISC_TRUE, target, length));
}
+isc_result_t
+isc_base32hexnp_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
+ return (base32_tobuffer(lexer, base32hex, ISC_FALSE, target, length));
+}
+
static isc_result_t
-base32_decodestring(const char *cstr, const char base[], isc_buffer_t *target) {
+base32_decodestring(const char *cstr, const char base[], isc_boolean_t pad,
+ isc_buffer_t *target)
+{
base32_decode_ctx_t ctx;
- base32_decode_init(&ctx, -1, base, target);
+ base32_decode_init(&ctx, -1, base, pad, target);
for (;;) {
int c = *cstr++;
if (c == '\0')
@@ -312,19 +350,26 @@
isc_result_t
isc_base32_decodestring(const char *cstr, isc_buffer_t *target) {
- return (base32_decodestring(cstr, base32, target));
+ return (base32_decodestring(cstr, base32, ISC_TRUE, target));
}
isc_result_t
isc_base32hex_decodestring(const char *cstr, isc_buffer_t *target) {
- return (base32_decodestring(cstr, base32hex, target));
+ return (base32_decodestring(cstr, base32hex, ISC_TRUE, target));
}
+isc_result_t
+isc_base32hexnp_decodestring(const char *cstr, isc_buffer_t *target) {
+ return (base32_decodestring(cstr, base32hex, ISC_FALSE, target));
+}
+
static isc_result_t
-base32_decoderegion(isc_region_t *source, const char base[], isc_buffer_t *target) {
+base32_decoderegion(isc_region_t *source, const char base[],
+ isc_boolean_t pad, isc_buffer_t *target)
+{
base32_decode_ctx_t ctx;
- base32_decode_init(&ctx, -1, base, target);
+ base32_decode_init(&ctx, -1, base, pad, target);
while (source->length != 0) {
int c = *source->base;
RETERR(base32_decode_char(&ctx, c));
@@ -336,14 +381,19 @@
isc_result_t
isc_base32_decoderegion(isc_region_t *source, isc_buffer_t *target) {
- return (base32_decoderegion(source, base32, target));
+ return (base32_decoderegion(source, base32, ISC_TRUE, target));
}
isc_result_t
isc_base32hex_decoderegion(isc_region_t *source, isc_buffer_t *target) {
- return (base32_decoderegion(source, base32hex, target));
+ return (base32_decoderegion(source, base32hex, ISC_TRUE, target));
}
+isc_result_t
+isc_base32hexnp_decoderegion(isc_region_t *source, isc_buffer_t *target) {
+ return (base32_decoderegion(source, base32hex, ISC_FALSE, target));
+}
+
static isc_result_t
str_totext(const char *source, isc_buffer_t *target) {
unsigned int l;
@@ -355,7 +405,7 @@
if (l > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, source, l);
+ memmove(region.base, source, l);
isc_buffer_add(target, l);
return (ISC_R_SUCCESS);
}
@@ -367,7 +417,7 @@
isc_buffer_availableregion(target, &tr);
if (length > tr.length)
return (ISC_R_NOSPACE);
- memcpy(tr.base, base, length);
+ memmove(tr.base, base, length);
isc_buffer_add(target, length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/isc/base64.c
===================================================================
--- vendor/bind/dist/lib/isc/base64.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/base64.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: base64.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: base64.c,v 1.34 2009/10/21 23:48:05 tbox Exp $ */
/*! \file */
@@ -124,7 +124,7 @@
return (ISC_R_BADBASE64);
if ((s = strchr(base64, c)) == NULL)
return (ISC_R_BADBASE64);
- ctx->val[ctx->digits++] = s - base64;
+ ctx->val[ctx->digits++] = (int)(s - base64);
if (ctx->digits == 4) {
int n;
unsigned char buf[3];
@@ -234,7 +234,7 @@
if (l > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, source, l);
+ memmove(region.base, source, l);
isc_buffer_add(target, l);
return (ISC_R_SUCCESS);
}
@@ -246,7 +246,7 @@
isc_buffer_availableregion(target, &tr);
if (length > tr.length)
return (ISC_R_NOSPACE);
- memcpy(tr.base, base, length);
+ memmove(tr.base, base, length);
isc_buffer_add(target, length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/isc/bitstring.c
===================================================================
--- vendor/bind/dist/lib/isc/bitstring.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/bitstring.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: bitstring.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: bitstring.c,v 1.17 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/buffer.c
===================================================================
--- vendor/bind/dist/lib/isc/buffer.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/buffer.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: buffer.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: buffer.c,v 1.49 2008/09/25 04:02:39 tbox Exp $ */
/*! \file */
@@ -420,7 +420,7 @@
REQUIRE(l <= isc_buffer_availablelength(b));
cp = isc_buffer_used(b);
- memcpy(cp, source, l);
+ memmove(cp, source, l);
b->used += l;
}
@@ -439,7 +439,7 @@
available = isc_buffer_availablelength(b);
if (r->length > available)
return (ISC_R_NOSPACE);
- memcpy(base, r->base, r->length);
+ memmove(base, r->base, r->length);
b->used += r->length;
return (ISC_R_SUCCESS);
Modified: vendor/bind/dist/lib/isc/bufferlist.c
===================================================================
--- vendor/bind/dist/lib/isc/bufferlist.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/bufferlist.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: bufferlist.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: bufferlist.c,v 1.17 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/commandline.c
===================================================================
--- vendor/bind/dist/lib/isc/commandline.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/commandline.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005, 2007, 2008, 2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -27,11 +27,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@@ -48,7 +44,7 @@
* SUCH DAMAGE.
*/
-/* $Id: commandline.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: commandline.c,v 1.22 2008/09/25 04:02:39 tbox Exp $ */
/*! \file
* This file was adapted from the NetBSD project's source tree, RCS ID:
Modified: vendor/bind/dist/lib/isc/entropy.c
===================================================================
--- vendor/bind/dist/lib/isc/entropy.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/entropy.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: entropy.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: entropy.c,v 1.22 2010/08/10 23:48:19 tbox Exp $ */
/*! \file
* \brief
Modified: vendor/bind/dist/lib/isc/error.c
===================================================================
--- vendor/bind/dist/lib/isc/error.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/error.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: error.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: error.c,v 1.21 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/event.c
===================================================================
--- vendor/bind/dist/lib/isc/event.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/event.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: event.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: event.c,v 1.21 2007/06/19 23:47:17 tbox Exp $ */
/*!
* \file
@@ -41,9 +41,28 @@
isc_event_t *
isc_event_allocate(isc_mem_t *mctx, void *sender, isc_eventtype_t type,
- isc_taskaction_t action, const void *arg, size_t size)
+ isc_taskaction_t action, void *arg, size_t size)
{
isc_event_t *event;
+
+ REQUIRE(size >= sizeof(struct isc_event));
+ REQUIRE(action != NULL);
+
+ event = isc_mem_get(mctx, size);
+ if (event == NULL)
+ return (NULL);
+
+ ISC_EVENT_INIT(event, size, 0, NULL, type, action, arg,
+ sender, destroy, mctx);
+
+ return (event);
+}
+
+isc_event_t *
+isc_event_constallocate(isc_mem_t *mctx, void *sender, isc_eventtype_t type,
+ isc_taskaction_t action, const void *arg, size_t size)
+{
+ isc_event_t *event;
void *deconst_arg;
REQUIRE(size >= sizeof(struct isc_event));
Modified: vendor/bind/dist/lib/isc/fsaccess.c
===================================================================
--- vendor/bind/dist/lib/isc/fsaccess.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/fsaccess.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: fsaccess.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: fsaccess.c,v 1.10 2007/06/19 23:47:17 tbox Exp $ */
/*! \file
* \brief
Modified: vendor/bind/dist/lib/isc/hash.c
===================================================================
--- vendor/bind/dist/lib/isc/hash.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/hash.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hash.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hash.c,v 1.16 2009/09/01 00:22:28 jinmei Exp $ */
/*! \file
* Some portion of this code was derived from universal hash function
@@ -94,7 +94,7 @@
isc_boolean_t initialized;
isc_refcount_t refcnt;
isc_entropy_t *entropy; /*%< entropy source */
- unsigned int limit; /*%< upper limit of key length */
+ size_t limit; /*%< upper limit of key length */
size_t vectorlen; /*%< size of the vector below */
hash_random_t *rndvector; /*%< random vector for universal hashing */
};
@@ -140,7 +140,7 @@
isc_result_t
isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy,
- unsigned int limit, isc_hash_t **hctxp)
+ size_t limit, isc_hash_t **hctxp)
{
isc_result_t result;
isc_hash_t *hctx;
@@ -250,7 +250,8 @@
isc_result_t result;
result = isc_entropy_getdata(hctx->entropy,
- hctx->rndvector, hctx->vectorlen,
+ hctx->rndvector,
+ (unsigned int)hctx->vectorlen,
NULL, 0);
INSIST(result == ISC_R_SUCCESS);
#else
@@ -258,7 +259,7 @@
#endif
} else {
isc_uint32_t pr;
- unsigned int i, copylen;
+ size_t i, copylen;
unsigned char *p;
p = (unsigned char *)hctx->rndvector;
@@ -269,7 +270,7 @@
else
copylen = hctx->vectorlen - i;
- memcpy(p, &pr, copylen);
+ memmove(p, &pr, copylen);
}
INSIST(p == (unsigned char *)hctx->rndvector +
hctx->vectorlen);
@@ -282,7 +283,7 @@
}
void
-isc_hash_init() {
+isc_hash_init(void) {
INSIST(hash != NULL && VALID_HASH(hash));
isc_hash_ctxinit(hash);
@@ -323,9 +324,9 @@
DESTROYLOCK(&hctx->lock);
- memcpy(canary0, hctx + 1, sizeof(canary0));
+ memmove(canary0, hctx + 1, sizeof(canary0));
memset(hctx, 0, sizeof(isc_hash_t));
- memcpy(canary1, hctx + 1, sizeof(canary1));
+ memmove(canary1, hctx + 1, sizeof(canary1));
INSIST(memcmp(canary0, canary1, sizeof(canary0)) == 0);
isc_mem_put(mctx, hctx, sizeof(isc_hash_t));
isc_mem_detach(&mctx);
@@ -347,7 +348,7 @@
}
void
-isc_hash_destroy() {
+isc_hash_destroy(void) {
unsigned int refs;
INSIST(hash != NULL && VALID_HASH(hash));
Modified: vendor/bind/dist/lib/isc/heap.c
===================================================================
--- vendor/bind/dist/lib/isc/heap.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/heap.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2010-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1997-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: heap.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file
* Heap implementation of priority queues adapted from the following:
@@ -32,7 +32,7 @@
#include <isc/heap.h>
#include <isc/magic.h>
#include <isc/mem.h>
-#include <isc/string.h> /* Required for memcpy. */
+#include <isc/string.h> /* Required for memmove. */
#include <isc/util.h>
/*@{*/
@@ -123,7 +123,7 @@
static isc_boolean_t
resize(isc_heap_t *heap) {
void **new_array;
- size_t new_size;
+ unsigned int new_size;
REQUIRE(VALID_HEAP(heap));
@@ -132,7 +132,7 @@
if (new_array == NULL)
return (ISC_FALSE);
if (heap->array != NULL) {
- memcpy(new_array, heap->array, heap->size * sizeof(void *));
+ memmove(new_array, heap->array, heap->size * sizeof(void *));
isc_mem_put(heap->mctx, heap->array,
heap->size * sizeof(void *));
}
Modified: vendor/bind/dist/lib/isc/hex.c
===================================================================
--- vendor/bind/dist/lib/isc/hex.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/hex.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hex.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hex.c,v 1.20 2008/09/25 04:02:39 tbox Exp $ */
/*! \file */
@@ -99,7 +99,7 @@
if ((s = strchr(hex, toupper(c))) == NULL)
return (ISC_R_BADHEX);
- ctx->val[ctx->digits++] = s - hex;
+ ctx->val[ctx->digits++] = (int)(s - hex);
if (ctx->digits == 2) {
unsigned char num;
@@ -183,7 +183,7 @@
if (l > region.length)
return (ISC_R_NOSPACE);
- memcpy(region.base, source, l);
+ memmove(region.base, source, l);
isc_buffer_add(target, l);
return (ISC_R_SUCCESS);
}
@@ -195,7 +195,7 @@
isc_buffer_availableregion(target, &tr);
if (length > tr.length)
return (ISC_R_NOSPACE);
- memcpy(tr.base, base, length);
+ memmove(tr.base, base, length);
isc_buffer_add(target, length);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/isc/hmacmd5.c
===================================================================
--- vendor/bind/dist/lib/isc/hmacmd5.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/hmacmd5.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hmacmd5.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hmacmd5.c,v 1.16 2009/02/06 23:47:42 tbox Exp $ */
/*! \file
* This code implements the HMAC-MD5 keyed hash algorithm
@@ -28,6 +28,7 @@
#include <isc/hmacmd5.h>
#include <isc/md5.h>
#include <isc/platform.h>
+#include <isc/safe.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
@@ -82,7 +83,7 @@
isc_md5_update(&md5ctx, key, len);
isc_md5_final(&md5ctx, ctx->key);
} else
- memcpy(ctx->key, key, len);
+ memmove(ctx->key, key, len);
isc_md5_init(&ctx->md5ctx);
memset(ipad, IPAD, sizeof(ipad));
@@ -145,5 +146,5 @@
REQUIRE(len <= ISC_MD5_DIGESTLENGTH);
isc_hmacmd5_sign(ctx, newdigest);
- return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+ return (isc_safe_memcmp(digest, newdigest, len));
}
Modified: vendor/bind/dist/lib/isc/hmacsha.c
===================================================================
--- vendor/bind/dist/lib/isc/hmacsha.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/hmacsha.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005-2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hmacsha.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*
* This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
@@ -27,6 +27,7 @@
#include <isc/assertions.h>
#include <isc/hmacsha.h>
#include <isc/platform.h>
+#include <isc/safe.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/string.h>
@@ -62,7 +63,7 @@
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -93,7 +94,7 @@
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -124,7 +125,7 @@
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -155,7 +156,7 @@
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -186,7 +187,7 @@
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -212,7 +213,7 @@
isc_sha1_update(&sha1ctx, key, len);
isc_sha1_final(&sha1ctx, ctx->key);
} else
- memcpy(ctx->key, key, len);
+ memmove(ctx->key, key, len);
isc_sha1_init(&ctx->sha1ctx);
memset(ipad, IPAD, sizeof(ipad));
@@ -259,7 +260,7 @@
isc_sha1_update(&ctx->sha1ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
isc_sha1_final(&ctx->sha1ctx, newdigest);
isc_hmacsha1_invalidate(ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -280,7 +281,7 @@
isc_sha224_update(&sha224ctx, key, len);
isc_sha224_final(ctx->key, &sha224ctx);
} else
- memcpy(ctx->key, key, len);
+ memmove(ctx->key, key, len);
isc_sha224_init(&ctx->sha224ctx);
memset(ipad, IPAD, sizeof(ipad));
@@ -325,7 +326,7 @@
isc_sha224_update(&ctx->sha224ctx, opad, sizeof(opad));
isc_sha224_update(&ctx->sha224ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
isc_sha224_final(newdigest, &ctx->sha224ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -346,7 +347,7 @@
isc_sha256_update(&sha256ctx, key, len);
isc_sha256_final(ctx->key, &sha256ctx);
} else
- memcpy(ctx->key, key, len);
+ memmove(ctx->key, key, len);
isc_sha256_init(&ctx->sha256ctx);
memset(ipad, IPAD, sizeof(ipad));
@@ -391,7 +392,7 @@
isc_sha256_update(&ctx->sha256ctx, opad, sizeof(opad));
isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
isc_sha256_final(newdigest, &ctx->sha256ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -412,7 +413,7 @@
isc_sha384_update(&sha384ctx, key, len);
isc_sha384_final(ctx->key, &sha384ctx);
} else
- memcpy(ctx->key, key, len);
+ memmove(ctx->key, key, len);
isc_sha384_init(&ctx->sha384ctx);
memset(ipad, IPAD, sizeof(ipad));
@@ -457,7 +458,7 @@
isc_sha384_update(&ctx->sha384ctx, opad, sizeof(opad));
isc_sha384_update(&ctx->sha384ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
isc_sha384_final(newdigest, &ctx->sha384ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
@@ -478,7 +479,7 @@
isc_sha512_update(&sha512ctx, key, len);
isc_sha512_final(ctx->key, &sha512ctx);
} else
- memcpy(ctx->key, key, len);
+ memmove(ctx->key, key, len);
isc_sha512_init(&ctx->sha512ctx);
memset(ipad, IPAD, sizeof(ipad));
@@ -523,7 +524,7 @@
isc_sha512_update(&ctx->sha512ctx, opad, sizeof(opad));
isc_sha512_update(&ctx->sha512ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
isc_sha512_final(newdigest, &ctx->sha512ctx);
- memcpy(digest, newdigest, len);
+ memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
#endif /* !ISC_PLATFORM_OPENSSLHASH */
@@ -538,7 +539,7 @@
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
- return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+ return (isc_safe_memcmp(digest, newdigest, len));
}
/*
@@ -551,7 +552,7 @@
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
- return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+ return (isc_safe_memcmp(digest, newdigest, len));
}
/*
@@ -564,7 +565,7 @@
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
- return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+ return (isc_safe_memcmp(digest, newdigest, len));
}
/*
@@ -577,7 +578,7 @@
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
- return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+ return (isc_safe_memcmp(digest, newdigest, len));
}
/*
@@ -590,5 +591,5 @@
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
- return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+ return (isc_safe_memcmp(digest, newdigest, len));
}
Modified: vendor/bind/dist/lib/isc/httpd.c
===================================================================
--- vendor/bind/dist/lib/isc/httpd.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/httpd.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: httpd.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/ia64/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/ia64/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/ia64/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/ia64/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/ia64/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/ia64/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/ia64/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/ia64/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/ia64/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/ia64/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/ia64/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/ia64/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: atomic.h,v 1.7 2009/06/24 02:22:50 marka Exp $ */
#ifndef ISC_ATOMIC_H
#define ISC_ATOMIC_H 1
Modified: vendor/bind/dist/lib/isc/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.13 2007/06/19 23:47:18 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001, 2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -26,8 +26,9 @@
# machine generated. The latter are handled specially in the
# install target below.
#
-HEADERS = app.h assertions.h base64.h bind9.h bitstring.h boolean.h \
- buffer.h bufferlist.h commandline.h entropy.h error.h event.h \
+HEADERS = app.h assertions.h backtrace.h base32.h base64.h \
+ bind9.h bitstring.h boolean.h buffer.h bufferlist.h \
+ commandline.h entropy.h error.h event.h \
eventclass.h file.h formatcheck.h fsaccess.h \
hash.h heap.h hex.h hmacmd5.h hmacsha.h \
httpd.h \
@@ -34,12 +35,12 @@
interfaceiter.h @ISC_IPV6_H@ iterated_hash.h lang.h lex.h \
lfsr.h lib.h list.h log.h \
magic.h md5.h mem.h msgcat.h msgs.h mutexblock.h \
- namespace.h netaddr.h ondestroy.h os.h parseint.h \
- print.h quota.h radix.h random.h ratelimiter.h \
- refcount.h regex.h region.h resource.h \
- result.h resultclass.h rwlock.h serial.h sha1.h sha2.h \
- sockaddr.h socket.h stdio.h stdlib.h string.h \
- symtab.h \
+ namespace.h netaddr.h netscope.h ondestroy.h os.h parseint.h \
+ portset.h print.h quota.h \
+ radix.h random.h ratelimiter.h refcount.h regex.h \
+ region.h resource.h result.h resultclass.h rwlock.h \
+ safe.h serial.h sha1.h sha2.h sockaddr.h socket.h \
+ stats.h stdio.h stdlib.h string.h symtab.h \
task.h taskpool.h timer.h types.h util.h version.h \
xml.h
Modified: vendor/bind/dist/lib/isc/include/isc/app.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/app.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/app.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: app.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: app.h,v 1.11 2009/09/02 23:48:03 tbox Exp $ */
#ifndef ISC_APP_H
#define ISC_APP_H 1
@@ -117,6 +117,9 @@
isc_socketmgr_t *timermgr);
void (*settimermgr)(isc_appctx_t *ctx,
isc_timermgr_t *timermgr);
+ isc_result_t (*ctxonrun)(isc_appctx_t *ctx, isc_mem_t *mctx,
+ isc_task_t *task, isc_taskaction_t action,
+ void *arg);
} isc_appmethods_t;
/*%
@@ -153,10 +156,13 @@
* close to the beginning of the application as possible.
*
* Requires:
- * 'ctx' is a valid application context (for app_ctxstart()).
+ *\li 'ctx' is a valid application context (for app_ctxstart()).
*/
isc_result_t
+isc_app_ctxonrun(isc_appctx_t *ctx, isc_mem_t *mctx, isc_task_t *task,
+ isc_taskaction_t action, void *arg);
+isc_result_t
isc_app_onrun(isc_mem_t *mctx, isc_task_t *task, isc_taskaction_t action,
void *arg);
/*!<
@@ -164,6 +170,7 @@
*
* Requires:
*\li isc_app_start() has been called.
+ *\li 'ctx' is a valid application context (for app_ctxonrun()).
*
* Returns:
* ISC_R_SUCCESS
Modified: vendor/bind/dist/lib/isc/include/isc/assertions.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/assertions.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/assertions.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -16,7 +16,7 @@
*/
/*
- * $Id: assertions.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+ * $Id: assertions.h,v 1.28 2009/09/29 23:48:04 tbox Exp $
*/
/*! \file isc/assertions.h
*/
Modified: vendor/bind/dist/lib/isc/include/isc/backtrace.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/backtrace.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/backtrace.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: backtrace.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: backtrace.h,v 1.2 2009/09/01 18:40:25 jinmei Exp $ */
/*! \file isc/backtrace.h
* \brief provide a back trace of the running process to help debug problems.
Modified: vendor/bind/dist/lib/isc/include/isc/base32.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/base32.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/base32.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,8 +14,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: base32.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
-
#ifndef ISC_BASE32_H
#define ISC_BASE32_H 1
@@ -27,6 +25,8 @@
*
* Base 32 hex preserves the sort order of data when it is encoded /
* decoded.
+ *
+ * Base 32 hex "np" is base 32 hex but no padding is produced or accepted.
*/
#include <isc/lang.h>
@@ -44,6 +44,9 @@
isc_result_t
isc_base32hex_totext(isc_region_t *source, int wordlength,
const char *wordbreak, isc_buffer_t *target);
+isc_result_t
+isc_base32hexnp_totext(isc_region_t *source, int wordlength,
+ const char *wordbreak, isc_buffer_t *target);
/*!<
* \brief Convert data into base32 encoded text.
*
@@ -69,8 +72,11 @@
isc_base32_decodestring(const char *cstr, isc_buffer_t *target);
isc_result_t
isc_base32hex_decodestring(const char *cstr, isc_buffer_t *target);
+isc_result_t
+isc_base32hexnp_decodestring(const char *cstr, isc_buffer_t *target);
/*!<
- * \brief Decode a null-terminated base32 string.
+ * \brief Decode a null-terminated string in base32, base32hex, or
+ * base32hex non-padded.
*
* Requires:
*\li 'cstr' is non-null.
@@ -91,8 +97,11 @@
isc_base32_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
isc_result_t
isc_base32hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
+isc_result_t
+isc_base32hexnp_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
/*!<
- * \brief Convert base32 encoded text from a lexer context into data.
+ * \brief Convert text encoded in base32, base32hex, or base32hex
+ * non-padded from a lexer context into data.
*
* Requires:
*\li 'lex' is a valid lexer context
@@ -110,8 +119,11 @@
isc_base32_decoderegion(isc_region_t *source, isc_buffer_t *target);
isc_result_t
isc_base32hex_decoderegion(isc_region_t *source, isc_buffer_t *target);
+isc_result_t
+isc_base32hexnp_decoderegion(isc_region_t *source, isc_buffer_t *target);
/*!<
- * \brief Decode a packed (no white space permitted) base32 region.
+ * \brief Decode a packed (no white space permitted) region in
+ * base32, base32hex or base32hex non-padded.
*
* Requires:
*\li 'source' is a valid region.
Modified: vendor/bind/dist/lib/isc/include/isc/base64.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/base64.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/base64.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: base64.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: base64.h,v 1.22 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_BASE64_H
#define ISC_BASE64_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/bind9.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/bind9.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/bind9.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: bind9.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: bind9.h,v 1.2 2009/12/05 23:31:41 each Exp $ */
#ifndef ISC_BIND9_H
#define ISC_BIND9_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/bitstring.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/bitstring.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/bitstring.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: bitstring.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: bitstring.h,v 1.14 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_BITSTRING_H
#define ISC_BITSTRING_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/boolean.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/boolean.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/boolean.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: boolean.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: boolean.h,v 1.19 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_BOOLEAN_H
#define ISC_BOOLEAN_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/buffer.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/buffer.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/buffer.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: buffer.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: buffer.h,v 1.55 2010/12/20 23:47:21 tbox Exp $ */
#ifndef ISC_BUFFER_H
#define ISC_BUFFER_H 1
@@ -664,12 +664,12 @@
/*! \note
* XXXDCL Something more could be done with initializing buffers that
- * point to const data. For example, a new function, isc_buffer_initconst,
- * could be used, and a new boolean flag in the buffer structure could
- * indicate whether the buffer was initialized with that function.
- * (isc_bufer_init itself would be reprototyped to *not* have its "base"
- * parameter be const.) Then if the boolean were true, the isc_buffer_put*
- * functions could assert a contractual requirement for a non-const buffer.
+ * point to const data. For example, isc_buffer_constinit() could
+ * set a new boolean flag in the buffer structure indicating whether
+ * the buffer was initialized with that function. * Then if the
+ * boolean were true, the isc_buffer_put* functions could assert a
+ * contractual requirement for a non-const buffer.
+ *
* One drawback is that the isc_buffer_* functions (macros) that return
* pointers would still need to return non-const pointers to avoid compiler
* warnings, so it would be up to code that uses them to have to deal
@@ -787,7 +787,7 @@
#define ISC__BUFFER_PUTMEM(_b, _base, _length) \
do { \
- memcpy(isc_buffer_used(_b), (_base), (_length)); \
+ memmove(isc_buffer_used(_b), (_base), (_length)); \
(_b)->used += (_length); \
} while (0)
@@ -797,7 +797,7 @@
unsigned char *_cp; \
_length = strlen(_source); \
_cp = isc_buffer_used(_b); \
- memcpy(_cp, (_source), _length); \
+ memmove(_cp, (_source), _length); \
(_b)->used += (_length); \
} while (0)
Modified: vendor/bind/dist/lib/isc/include/isc/bufferlist.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/bufferlist.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/bufferlist.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: bufferlist.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: bufferlist.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_BUFFERLIST_H
#define ISC_BUFFERLIST_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/commandline.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/commandline.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/commandline.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: commandline.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: commandline.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_COMMANDLINE_H
#define ISC_COMMANDLINE_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/entropy.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/entropy.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/entropy.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: entropy.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: entropy.h,v 1.35 2009/10/19 02:37:08 marka Exp $ */
#ifndef ISC_ENTROPY_H
#define ISC_ENTROPY_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/error.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/error.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/error.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: error.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: error.h,v 1.22 2009/09/29 23:48:04 tbox Exp $ */
#ifndef ISC_ERROR_H
#define ISC_ERROR_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/event.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/event.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/event.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: event.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: event.h,v 1.34 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_EVENT_H
#define ISC_EVENT_H 1
@@ -90,9 +90,12 @@
isc_event_t *
isc_event_allocate(isc_mem_t *mctx, void *sender, isc_eventtype_t type,
- isc_taskaction_t action, const void *arg, size_t size);
+ isc_taskaction_t action, void *arg, size_t size);
+isc_event_t *
+isc_event_constallocate(isc_mem_t *mctx, void *sender, isc_eventtype_t type,
+ isc_taskaction_t action, const void *arg, size_t size);
/*%<
- * Allocate an event structure.
+ * Allocate an event structure.
*
* Allocate and initialize in a structure with initial elements
* defined by:
@@ -103,7 +106,7 @@
* ...
* };
* \endcode
- *
+ *
* Requires:
*\li 'size' >= sizeof(struct isc_event)
*\li 'action' to be non NULL
Modified: vendor/bind/dist/lib/isc/include/isc/eventclass.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/eventclass.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/eventclass.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: eventclass.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: eventclass.h,v 1.18 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_EVENTCLASS_H
#define ISC_EVENTCLASS_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/file.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/file.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/file.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: file.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_FILE_H
#define ISC_FILE_H 1
@@ -62,7 +62,7 @@
*\li #ISC_R_NOPERM
* The file's metainformation could not be retrieved because
* permission was denied to some part of the file's path.
- *\li #ISC_R_EIO
+ *\li #ISC_R_IOERROR
* Hardware error interacting with the filesystem.
*\li #ISC_R_UNEXPECTED
* Something totally unexpected happened.
@@ -213,7 +213,7 @@
* permitted in addition to ISC_R_SUCCESS. This is done since
* the next call in logconf.c is to isc_stdio_open(), which
* will create the file if it can.
- *\li #other ISC_R_* errors translated from errno
+ *\li other ISC_R_* errors translated from errno
* These occur when stat returns -1 and an errno.
*/
@@ -229,7 +229,7 @@
* File is not a directory.
*\li #ISC_R_FILENOTFOUND
* File does not exist.
- *\li #other ISC_R_* errors translated from errno
+ *\li other ISC_R_* errors translated from errno
* These occur when stat returns -1 and an errno.
*/
@@ -326,6 +326,16 @@
* - ISC_R_NOMEMORY if unable to allocate memory
*/
+isc_result_t
+isc_file_getsizefd(int fd, off_t *size);
+/*%<
+ * Return the size of the file (stored in the parameter pointed
+ * to by 'size') in bytes.
+ *
+ * Returns:
+ * - ISC_R_SUCCESS on success
+ */
+
ISC_LANG_ENDDECLS
#endif /* ISC_FILE_H */
Modified: vendor/bind/dist/lib/isc/include/isc/formatcheck.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/formatcheck.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/formatcheck.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: formatcheck.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: formatcheck.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_FORMATCHECK_H
#define ISC_FORMATCHECK_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/fsaccess.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/fsaccess.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/fsaccess.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: fsaccess.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: fsaccess.h,v 1.16 2009/01/17 23:47:43 tbox Exp $ */
#ifndef ISC_FSACCESS_H
#define ISC_FSACCESS_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/hash.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/hash.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/hash.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hash.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hash.h,v 1.12 2009/01/17 23:47:43 tbox Exp $ */
#ifndef ISC_HASH_H
#define ISC_HASH_H 1
@@ -82,7 +82,7 @@
ISC_LANG_BEGINDECLS
isc_result_t
-isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, unsigned int limit,
+isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, size_t limit,
isc_hash_t **hctx);
isc_result_t
isc_hash_create(isc_mem_t *mctx, isc_entropy_t *entropy, size_t limit);
Modified: vendor/bind/dist/lib/isc/include/isc/heap.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/heap.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/heap.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: heap.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: heap.h,v 1.26 2009/01/17 23:47:43 tbox Exp $ */
#ifndef ISC_HEAP_H
#define ISC_HEAP_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/hex.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/hex.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/hex.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hex.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hex.h,v 1.13 2008/09/25 04:02:39 tbox Exp $ */
#ifndef ISC_HEX_H
#define ISC_HEX_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/hmacmd5.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/hmacmd5.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/hmacmd5.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hmacmd5.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hmacmd5.h,v 1.14 2009/02/06 23:47:42 tbox Exp $ */
/*! \file isc/hmacmd5.h
* \brief This is the header file for the HMAC-MD5 keyed hash algorithm
Modified: vendor/bind/dist/lib/isc/include/isc/hmacsha.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/hmacsha.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/hmacsha.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hmacsha.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: hmacsha.h,v 1.9 2009/02/06 23:47:42 tbox Exp $ */
/*! \file isc/hmacsha.h
* This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
Modified: vendor/bind/dist/lib/isc/include/isc/httpd.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/httpd.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/httpd.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: httpd.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: httpd.h,v 1.9 2008/08/08 05:06:49 marka Exp $ */
#ifndef ISC_HTTPD_H
#define ISC_HTTPD_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/interfaceiter.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/interfaceiter.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/interfaceiter.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfaceiter.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: interfaceiter.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_INTERFACEITER_H
#define ISC_INTERFACEITER_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/ipv6.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/ipv6.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/ipv6.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ipv6.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ipv6.h,v 1.24 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_IPV6_H
#define ISC_IPV6_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/iterated_hash.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/iterated_hash.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/iterated_hash.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: iterated_hash.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: iterated_hash.h,v 1.3 2008/09/25 04:02:39 tbox Exp $ */
#ifndef ISC_ITERATED_HASH_H
#define ISC_ITERATED_HASH_H 1
@@ -23,7 +23,7 @@
#include <isc/sha1.h>
/*
- * The maximal hash length that can be encoded it a name
+ * The maximal hash length that can be encoded in a name
* using base32hex. floor(255/8)*5
*/
#define NSEC3_MAX_HASH_LENGTH 155
Modified: vendor/bind/dist/lib/isc/include/isc/lang.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/lang.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/lang.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lang.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lang.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_LANG_H
#define ISC_LANG_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/lex.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/lex.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/lex.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lex.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lex.h,v 1.37 2008/05/30 23:47:01 tbox Exp $ */
#ifndef ISC_LEX_H
#define ISC_LEX_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/lfsr.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/lfsr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/lfsr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lfsr.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lfsr.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_LFSR_H
#define ISC_LFSR_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/lib.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/lib.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/lib.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lib.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lib.h,v 1.16 2009/09/02 23:48:03 tbox Exp $ */
#ifndef ISC_LIB_H
#define ISC_LIB_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/list.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/list.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/list.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: list.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_LIST_H
#define ISC_LIST_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/log.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/log.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/log.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: log.h,v 1.59 2009/02/16 02:01:16 marka Exp $ */
#ifndef ISC_LOG_H
#define ISC_LOG_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/magic.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/magic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/magic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: magic.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: magic.h,v 1.18 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_MAGIC_H
#define ISC_MAGIC_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/md5.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/md5.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/md5.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: md5.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: md5.h,v 1.20 2010/01/07 23:48:54 tbox Exp $ */
/*! \file isc/md5.h
* \brief This is the header file for the MD5 message-digest algorithm.
Modified: vendor/bind/dist/lib/isc/include/isc/mem.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/mem.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/mem.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mem.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_MEM_H
#define ISC_MEM_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/msgcat.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/msgcat.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/msgcat.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: msgcat.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: msgcat.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_MSGCAT_H
#define ISC_MSGCAT_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/msgs.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/msgs.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/msgs.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: msgs.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: msgs.h,v 1.19 2009/10/01 23:48:08 tbox Exp $ */
#ifndef ISC_MSGS_H
#define ISC_MSGS_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/mutexblock.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/mutexblock.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/mutexblock.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mutexblock.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mutexblock.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_MUTEXBLOCK_H
#define ISC_MUTEXBLOCK_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/namespace.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/namespace.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/namespace.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: namespace.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISCAPI_NAMESPACE_H
#define ISCAPI_NAMESPACE_H 1
@@ -104,6 +104,7 @@
#define isc_socket_sendv isc__socket_sendv
#define isc_socket_sendtov isc__socket_sendtov
#define isc_socket_sendto2 isc__socket_sendto2
+#define isc_socket_sendtov2 isc__socket_sendtov2
#define isc_socket_cleanunix isc__socket_cleanunix
#define isc_socket_permunix isc__socket_permunix
#define isc_socket_bind isc__socket_bind
Modified: vendor/bind/dist/lib/isc/include/isc/netaddr.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/netaddr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/netaddr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: netaddr.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: netaddr.h,v 1.37 2009/01/17 23:47:43 tbox Exp $ */
#ifndef ISC_NETADDR_H
#define ISC_NETADDR_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/netscope.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/netscope.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/netscope.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: netscope.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: netscope.h,v 1.13 2009/06/25 23:48:02 tbox Exp $ */
#ifndef ISC_NETSCOPE_H
#define ISC_NETSCOPE_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/ondestroy.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/ondestroy.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/ondestroy.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ondestroy.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ondestroy.h,v 1.14 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_ONDESTROY_H
#define ISC_ONDESTROY_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/os.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/os.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/os.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: os.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_OS_H
#define ISC_OS_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/parseint.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/parseint.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/parseint.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: parseint.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: parseint.h,v 1.9 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_PARSEINT_H
#define ISC_PARSEINT_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/platform.h.in
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/platform.h.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/platform.h.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: platform.h.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: platform.h.in,v 1.56 2010/12/18 01:56:23 each Exp $ */
#ifndef ISC_PLATFORM_H
#define ISC_PLATFORM_H 1
@@ -328,6 +328,7 @@
#define LIBISCCC_EXTERNAL_DATA
#define LIBISCCFG_EXTERNAL_DATA
#define LIBBIND9_EXTERNAL_DATA
+#define LIBTESTS_EXTERNAL_DATA
#else /*! \brief ISC_PLATFORM_USEDECLSPEC */
#ifdef LIBISC_EXPORTS
#define LIBISC_EXTERNAL_DATA __declspec(dllexport)
@@ -354,6 +355,11 @@
#else
#define LIBBIND9_EXTERNAL_DATA __declspec(dllimport)
#endif
+#ifdef LIBTESTS_EXPORTS
+#define LIBTESTS_EXTERNAL_DATA __declspec(dllexport)
+#else
+#define LIBTESTS_EXTERNAL_DATA __declspec(dllimport)
+#endif
#endif /*! \brief ISC_PLATFORM_USEDECLSPEC */
/*
Modified: vendor/bind/dist/lib/isc/include/isc/portset.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/portset.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/portset.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: portset.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: portset.h,v 1.6 2009/06/25 05:28:34 marka Exp $ */
/*! \file isc/portset.h
* \brief Transport Protocol Port Manipulation Module
Modified: vendor/bind/dist/lib/isc/include/isc/print.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/print.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/print.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: print.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: print.h,v 1.26 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_PRINT_H
#define ISC_PRINT_H 1
@@ -38,10 +38,13 @@
*/
#if !defined(ISC_PLATFORM_NEEDVSNPRINTF) && defined(ISC__PRINT_SOURCE)
#define ISC_PLATFORM_NEEDVSNPRINTF
+#undef snprintf
+#undef vsnprintf
#endif
#if !defined(ISC_PLATFORM_NEEDSPRINTF) && defined(ISC__PRINT_SOURCE)
#define ISC_PLATFORM_NEEDSPRINTF
+#undef sprintf
#endif
/***
Modified: vendor/bind/dist/lib/isc/include/isc/quota.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/quota.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/quota.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: quota.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: quota.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_QUOTA_H
#define ISC_QUOTA_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/radix.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/radix.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/radix.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007, 2008, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: radix.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: radix.h,v 1.13 2008/12/01 23:47:45 tbox Exp $ */
/*
* This source was adapted from MRT's RCS Ids:
@@ -41,10 +41,10 @@
(pt).family = (na)->family; \
(pt).bitlen = (bits); \
if ((pt).family == AF_INET6) { \
- memcpy(&(pt).add.sin6, &(na)->type.in6, \
+ memmove(&(pt).add.sin6, &(na)->type.in6, \
((bits)+7)/8); \
} else \
- memcpy(&(pt).add.sin, &(na)->type.in, \
+ memmove(&(pt).add.sin, &(na)->type.in, \
((bits)+7)/8); \
} else { \
(pt).family = AF_UNSPEC; \
@@ -54,13 +54,14 @@
} while(0)
typedef struct isc_prefix {
- unsigned int family; /* AF_INET | AF_INET6, or AF_UNSPEC for "any" */
- unsigned int bitlen; /* 0 for "any" */
- isc_refcount_t refcount;
- union {
+ isc_mem_t *mctx;
+ unsigned int family; /* AF_INET | AF_INET6, or AF_UNSPEC for "any" */
+ unsigned int bitlen; /* 0 for "any" */
+ isc_refcount_t refcount;
+ union {
struct in_addr sin;
struct in6_addr sin6;
- } add;
+ } add;
} isc_prefix_t;
typedef void (*isc_radix_destroyfunc_t)(void *);
@@ -90,12 +91,13 @@
#define ISC_IS6(family) ((family) == AF_INET6 ? 1 : 0)
typedef struct isc_radix_node {
- isc_uint32_t bit; /* bit length of the prefix */
- isc_prefix_t *prefix; /* who we are in radix tree */
- struct isc_radix_node *l, *r; /* left and right children */
- struct isc_radix_node *parent; /* may be used */
- void *data[2]; /* pointers to IPv4 and IPV6 data */
- int node_num[2]; /* which node this was in the tree,
+ isc_mem_t *mctx;
+ isc_uint32_t bit; /* bit length of the prefix */
+ isc_prefix_t *prefix; /* who we are in radix tree */
+ struct isc_radix_node *l, *r; /* left and right children */
+ struct isc_radix_node *parent; /* may be used */
+ void *data[2]; /* pointers to IPv4 and IPV6 data */
+ int node_num[2]; /* which node this was in the tree,
or -1 for glue nodes */
} isc_radix_node_t;
@@ -103,12 +105,12 @@
#define RADIX_TREE_VALID(a) ISC_MAGIC_VALID(a, RADIX_TREE_MAGIC);
typedef struct isc_radix_tree {
- unsigned int magic;
- isc_mem_t *mctx;
- isc_radix_node_t *head;
- isc_uint32_t maxbits; /* for IP, 32 bit addresses */
- int num_active_node; /* for debugging purposes */
- int num_added_node; /* total number of nodes */
+ unsigned int magic;
+ isc_mem_t *mctx;
+ isc_radix_node_t *head;
+ isc_uint32_t maxbits; /* for IP, 32 bit addresses */
+ int num_active_node; /* for debugging purposes */
+ int num_added_node; /* total number of nodes */
} isc_radix_tree_t;
isc_result_t
Modified: vendor/bind/dist/lib/isc/include/isc/random.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/random.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/random.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: random.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: random.h,v 1.20 2009/01/17 23:47:43 tbox Exp $ */
#ifndef ISC_RANDOM_H
#define ISC_RANDOM_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/ratelimiter.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/ratelimiter.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/ratelimiter.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ratelimiter.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ratelimiter.h,v 1.23 2009/01/18 23:48:14 tbox Exp $ */
#ifndef ISC_RATELIMITER_H
#define ISC_RATELIMITER_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/refcount.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/refcount.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/refcount.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: refcount.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: refcount.h,v 1.17 2009/09/29 23:48:04 tbox Exp $ */
#ifndef ISC_REFCOUNT_H
#define ISC_REFCOUNT_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/region.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/region.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/region.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: region.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: region.h,v 1.25 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_REGION_H
#define ISC_REGION_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/resource.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/resource.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/resource.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resource.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: resource.h,v 1.13 2008/07/11 23:47:09 tbox Exp $ */
#ifndef ISC_RESOURCE_H
#define ISC_RESOURCE_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/result.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/result.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/result.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_RESULT_H
#define ISC_RESULT_H 1
@@ -88,9 +88,10 @@
#define ISC_R_BADADDRESSFORM 59 /*%< invalid address format */
#define ISC_R_BADBASE32 60 /*%< bad base32 encoding */
#define ISC_R_UNSET 61 /*%< unset */
+#define ISC_R_MULTIPLE 62 /*%< multiple */
/*% Not a result code: the number of results. */
-#define ISC_R_NRESULTS 62
+#define ISC_R_NRESULTS 63
ISC_LANG_BEGINDECLS
Modified: vendor/bind/dist/lib/isc/include/isc/resultclass.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/resultclass.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/resultclass.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resultclass.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: resultclass.h,v 1.20 2009/09/02 23:48:03 tbox Exp $ */
#ifndef ISC_RESULTCLASS_H
#define ISC_RESULTCLASS_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/rwlock.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/rwlock.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/rwlock.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rwlock.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: rwlock.h,v 1.28 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_RWLOCK_H
#define ISC_RWLOCK_H 1
Added: vendor/bind/dist/lib/isc/include/isc/safe.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/safe.h (rev 0)
+++ vendor/bind/dist/lib/isc/include/isc/safe.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef ISC_SAFE_H
+#define ISC_SAFE_H 1
+
+/*! \file isc/safe.h */
+
+#include <isc/types.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_boolean_t
+isc_safe_memcmp(const void *s1, const void *s2, size_t n);
+/*%<
+ * Clone of libc memcmp() safe to differential timing attacks.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* ISC_SAFE_H */
Modified: vendor/bind/dist/lib/isc/include/isc/serial.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/serial.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/serial.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: serial.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: serial.h,v 1.18 2009/01/18 23:48:14 tbox Exp $ */
#ifndef ISC_SERIAL_H
#define ISC_SERIAL_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/sha1.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/sha1.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/sha1.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -18,7 +18,7 @@
#ifndef ISC_SHA1_H
#define ISC_SHA1_H 1
-/* $Id: sha1.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: sha1.h,v 1.19 2009/02/06 23:47:42 tbox Exp $ */
/* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */
Modified: vendor/bind/dist/lib/isc/include/isc/sha2.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/sha2.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/sha2.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sha2.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: sha2.h,v 1.12 2009/10/22 02:21:31 each Exp $ */
/* $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $ */
/* $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $ */
Modified: vendor/bind/dist/lib/isc/include/isc/sockaddr.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/sockaddr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/sockaddr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sockaddr.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: sockaddr.h,v 1.57 2009/01/18 23:48:14 tbox Exp $ */
#ifndef ISC_SOCKADDR_H
#define ISC_SOCKADDR_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/socket.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/socket.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/socket.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: socket.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_SOCKET_H
#define ISC_SOCKET_H 1
@@ -281,14 +281,14 @@
unsigned int options);
isc_result_t (*sendto)(isc_socket_t *sock, isc_region_t *region,
isc_task_t *task, isc_taskaction_t action,
- const void *arg, isc_sockaddr_t *address,
+ void *arg, isc_sockaddr_t *address,
struct in6_pktinfo *pktinfo);
isc_result_t (*connect)(isc_socket_t *sock, isc_sockaddr_t *addr,
isc_task_t *task, isc_taskaction_t action,
- const void *arg);
+ void *arg);
isc_result_t (*recv)(isc_socket_t *sock, isc_region_t *region,
unsigned int minimum, isc_task_t *task,
- isc_taskaction_t action, const void *arg);
+ isc_taskaction_t action, void *arg);
void (*cancel)(isc_socket_t *sock, isc_task_t *task,
unsigned int how);
isc_result_t (*getsockname)(isc_socket_t *sock,
@@ -658,7 +658,7 @@
isc_result_t
isc_socket_accept(isc_socket_t *sock,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
/*%<
* Queue accept event. When a new connection is received, the task will
* get an ISC_SOCKEVENT_NEWCONN event with the sender set to the listen
@@ -682,7 +682,7 @@
isc_result_t
isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addressp,
isc_task_t *task, isc_taskaction_t action,
- const void *arg);
+ void *arg);
/*%<
* Connect 'socket' to peer with address *saddr. When the connection
* succeeds, or when an error occurs, a CONNECT event with action 'action'
@@ -749,11 +749,11 @@
isc_result_t
isc_socket_recv(isc_socket_t *sock, isc_region_t *region,
unsigned int minimum,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
isc_result_t
isc_socket_recvv(isc_socket_t *sock, isc_bufferlist_t *buflist,
unsigned int minimum,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
isc_result_t
isc_socket_recv2(isc_socket_t *sock, isc_region_t *region,
@@ -836,19 +836,24 @@
/*@{*/
isc_result_t
isc_socket_send(isc_socket_t *sock, isc_region_t *region,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
isc_result_t
isc_socket_sendto(isc_socket_t *sock, isc_region_t *region,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo);
isc_result_t
isc_socket_sendv(isc_socket_t *sock, isc_bufferlist_t *buflist,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
isc_result_t
isc_socket_sendtov(isc_socket_t *sock, isc_bufferlist_t *buflist,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo);
isc_result_t
+isc_socket_sendtov2(isc_socket_t *sock, isc_bufferlist_t *buflist,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
+ isc_sockaddr_t *address, struct in6_pktinfo *pktinfo,
+ unsigned int flags);
+isc_result_t
isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region,
isc_task_t *task,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo,
Modified: vendor/bind/dist/lib/isc/include/isc/stats.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/stats.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/stats.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stats.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_STATS_H
#define ISC_STATS_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/stdio.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/stdio.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/stdio.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stdio.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: stdio.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_STDIO_H
#define ISC_STDIO_H 1
@@ -22,7 +22,7 @@
/*! \file isc/stdio.h */
-/*%
+/*%
* These functions are wrappers around the corresponding stdio functions.
*
* They return a detailed error code in the form of an an isc_result_t. ANSI C
@@ -48,8 +48,12 @@
/*% Seek */
isc_result_t
-isc_stdio_seek(FILE *f, long offset, int whence);
+isc_stdio_seek(FILE *f, off_t offset, int whence);
+/*% Tell */
+isc_result_t
+isc_stdio_tell(FILE *f, off_t *offsetp);
+
/*% Read */
isc_result_t
isc_stdio_read(void *ptr, size_t size, size_t nmemb, FILE *f,
Modified: vendor/bind/dist/lib/isc/include/isc/stdlib.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/stdlib.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/stdlib.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stdlib.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: stdlib.h,v 1.8 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_STDLIB_H
#define ISC_STDLIB_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/string.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/string.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/string.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: string.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: string.h,v 1.23 2007/09/13 04:48:16 each Exp $ */
#ifndef ISC_STRING_H
#define ISC_STRING_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/symtab.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/symtab.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/symtab.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: symtab.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_SYMTAB_H
#define ISC_SYMTAB_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/task.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/task.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/task.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: task.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_TASK_H
#define ISC_TASK_H 1
@@ -119,7 +119,7 @@
unsigned int (*unsend)(isc_task_t *task, void *sender, isc_eventtype_t type,
void *tag, isc_eventlist_t *events);
isc_result_t (*onshutdown)(isc_task_t *task, isc_taskaction_t action,
- const void *arg);
+ void *arg);
void (*shutdown)(isc_task_t *task);
void (*setname)(isc_task_t *task, const char *name, void *tag);
unsigned int (*purgeevents)(isc_task_t *task, void *sender,
@@ -430,7 +430,7 @@
isc_result_t
isc_task_onshutdown(isc_task_t *task, isc_taskaction_t action,
- const void *arg);
+ void *arg);
/*%<
* Send a shutdown event with action 'action' and argument 'arg' when
* 'task' is shutdown.
Modified: vendor/bind/dist/lib/isc/include/isc/taskpool.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/taskpool.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/taskpool.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: taskpool.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_TASKPOOL_H
#define ISC_TASKPOOL_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/timer.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/timer.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/timer.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: timer.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: timer.h,v 1.43 2009/09/02 23:48:03 tbox Exp $ */
#ifndef ISC_TIMER_H
#define ISC_TIMER_H 1
@@ -112,7 +112,7 @@
const isc_interval_t *interval,
isc_task_t *task,
isc_taskaction_t action,
- const void *arg,
+ void *arg,
isc_timer_t **timerp);
} isc_timermgrmethods_t;
@@ -173,7 +173,7 @@
const isc_interval_t *interval,
isc_task_t *task,
isc_taskaction_t action,
- const void *arg,
+ void *arg,
isc_timer_t **timerp);
/*%<
* Create a new 'type' timer managed by 'manager'. The timers parameters
Modified: vendor/bind/dist/lib/isc/include/isc/types.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/types.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/types.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: types.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_TYPES_H
#define ISC_TYPES_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/util.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/util.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/util.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: util.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_UTIL_H
#define ISC_UTIL_H 1
Modified: vendor/bind/dist/lib/isc/include/isc/version.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/version.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/version.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: version.h,v 1.9 2007/06/19 23:47:18 tbox Exp $ */
/*! \file isc/version.h */
Modified: vendor/bind/dist/lib/isc/include/isc/xml.h
===================================================================
--- vendor/bind/dist/lib/isc/include/isc/xml.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/include/isc/xml.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: xml.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: xml.h,v 1.4 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_XML_H
#define ISC_XML_H 1
Modified: vendor/bind/dist/lib/isc/inet_aton.c
===================================================================
--- vendor/bind/dist/lib/isc/inet_aton.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/inet_aton.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005, 2007, 2008, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1996-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -27,11 +27,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@@ -71,7 +67,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
-static char rcsid[] = "$Id: inet_aton.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $";
+static char rcsid[] = "$Id: inet_aton.c,v 1.23 2008/12/01 23:47:45 tbox Exp $";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
@@ -92,7 +88,8 @@
int
isc_net_aton(const char *cp, struct in_addr *addr) {
isc_uint32_t val;
- int base, n;
+ int base;
+ ptrdiff_t n;
unsigned char c;
isc_uint8_t parts[4];
isc_uint8_t *pp = parts;
Modified: vendor/bind/dist/lib/isc/inet_ntop.c
===================================================================
--- vendor/bind/dist/lib/isc/inet_ntop.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/inet_ntop.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] =
- "$Id: inet_ntop.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $";
+ "$Id: inet_ntop.c,v 1.21 2009/07/17 23:47:41 tbox Exp $";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/inet_pton.c
===================================================================
--- vendor/bind/dist/lib/isc/inet_pton.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/inet_pton.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1996-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] =
- "$Id: inet_pton.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $";
+ "$Id: inet_pton.c,v 1.19 2007/06/19 23:47:17 tbox Exp $";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
@@ -44,7 +44,7 @@
static int inet_pton4(const char *src, unsigned char *dst);
static int inet_pton6(const char *src, unsigned char *dst);
-/*%
+/*%
* convert from presentation format (which usually means ASCII printable)
* to network format (which is usually some kind of binary format).
* \return
@@ -91,8 +91,9 @@
const char *pch;
if ((pch = strchr(digits, ch)) != NULL) {
- unsigned int new = *tp * 10 + (pch - digits);
+ unsigned int new = *tp * 10;
+ new += (int)(pch - digits);
if (saw_digit && *tp == 0)
return (0);
if (new > 255)
@@ -113,7 +114,7 @@
}
if (octets < 4)
return (0);
- memcpy(dst, tmp, NS_INADDRSZ);
+ memmove(dst, tmp, NS_INADDRSZ);
return (1);
}
@@ -196,7 +197,7 @@
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
- const int n = tp - colonp;
+ const int n = (int)(tp - colonp);
int i;
if (tp == endp)
@@ -209,6 +210,6 @@
}
if (tp != endp)
return (0);
- memcpy(dst, tmp, NS_IN6ADDRSZ);
+ memmove(dst, tmp, NS_IN6ADDRSZ);
return (1);
}
Modified: vendor/bind/dist/lib/isc/iterated_hash.c
===================================================================
--- vendor/bind/dist/lib/isc/iterated_hash.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/iterated_hash.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: iterated_hash.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: iterated_hash.c,v 1.6 2009/02/18 23:47:48 tbox Exp $ */
#include "config.h"
Modified: vendor/bind/dist/lib/isc/lex.c
===================================================================
--- vendor/bind/dist/lib/isc/lex.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/lex.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lex.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lex.c,v 1.86 2007/09/17 09:56:29 shane Exp $ */
/*! \file */
@@ -75,7 +75,7 @@
new = isc_mem_get(lex->mctx, lex->max_token * 2 + 1);
if (new == NULL)
return (ISC_R_NOMEMORY);
- memcpy(new, lex->data, lex->max_token + 1);
+ memmove(new, lex->data, lex->max_token + 1);
*currp = new + (*currp - lex->data);
if (*prevp != NULL)
*prevp = new + (*prevp - lex->data);
@@ -173,7 +173,7 @@
REQUIRE(VALID_LEX(lex));
- memcpy(specials, lex->specials, 256);
+ memmove(specials, lex->specials, 256);
}
void
@@ -185,7 +185,7 @@
REQUIRE(VALID_LEX(lex));
- memcpy(lex->specials, specials, 256);
+ memmove(lex->specials, specials, 256);
}
static inline isc_result_t
@@ -210,7 +210,7 @@
}
source->pushback = NULL;
result = isc_buffer_allocate(lex->mctx, &source->pushback,
- lex->max_token);
+ (unsigned int)lex->max_token);
if (result != ISC_R_SUCCESS) {
isc_mem_free(lex->mctx, source->name);
isc_mem_put(lex->mctx, source, sizeof(*source));
@@ -445,7 +445,7 @@
c = EOF;
source->at_eof = ISC_TRUE;
} else {
- c = *((char *)buffer->base +
+ c = *((unsigned char *)buffer->base +
buffer->current);
buffer->current++;
}
@@ -522,7 +522,7 @@
!= 0) {
lex->last_was_eol = ISC_FALSE;
tokenp->type = isc_tokentype_initialws;
- tokenp->value.as_char = c;
+ tokenp->value.as_char = c;
done = ISC_TRUE;
}
} else if (c == '\n') {
@@ -615,8 +615,9 @@
v->as_textregion.base =
lex->data;
v->as_textregion.length =
- lex->max_token -
- remaining;
+ (unsigned int)
+ (lex->max_token -
+ remaining);
} else
goto done;
done = ISC_TRUE;
@@ -659,7 +660,8 @@
tokenp->type = isc_tokentype_string;
tokenp->value.as_textregion.base = lex->data;
tokenp->value.as_textregion.length =
- lex->max_token - remaining;
+ (unsigned int)
+ (lex->max_token - remaining);
done = ISC_TRUE;
continue;
}
@@ -744,7 +746,8 @@
tokenp->value.as_textregion.base =
lex->data;
tokenp->value.as_textregion.length =
- lex->max_token - remaining;
+ (unsigned int)
+ (lex->max_token - remaining);
no_comments = ISC_FALSE;
done = ISC_TRUE;
}
Modified: vendor/bind/dist/lib/isc/lfsr.c
===================================================================
--- vendor/bind/dist/lib/isc/lfsr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/lfsr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lfsr.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lfsr.c,v 1.20 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/lib.c
===================================================================
--- vendor/bind/dist/lib/isc/lib.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/lib.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lib.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: lib.c,v 1.16 2009/09/02 23:48:02 tbox Exp $ */
/*! \file */
@@ -96,7 +96,7 @@
}
void
-isc_lib_register() {
+isc_lib_register(void) {
RUNTIME_CHECK(isc_once_do(®ister_once, do_register)
== ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/isc/log.c
===================================================================
--- vendor/bind/dist/lib/isc/log.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/log.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file
* \author Principal Authors: DCL */
@@ -766,7 +766,7 @@
break;
default:
- isc_mem_put(mctx, channel->name, strlen(channel->name) + 1);
+ isc_mem_free(mctx, channel->name);
isc_mem_put(mctx, channel, sizeof(*channel));
return (ISC_R_UNEXPECTED);
}
@@ -1129,7 +1129,7 @@
if (lcfg->channellist_count != 0) {
bytes = lcfg->channellist_count *
sizeof(ISC_LIST(isc_logchannellist_t));
- memcpy(lists, lcfg->channellists, bytes);
+ memmove(lists, lcfg->channellists, bytes);
isc_mem_put(lctx->mctx, lcfg->channellists, bytes);
}
@@ -1145,7 +1145,7 @@
char *basename, *digit_end;
const char *dirname;
int version, greatest = -1;
- unsigned int basenamelen;
+ size_t basenamelen;
isc_dir_t dir;
isc_result_t result;
char sep = '/';
@@ -1632,6 +1632,7 @@
TIME_NOW(&new->time);
+ ISC_LINK_INIT(new, link);
ISC_LIST_APPEND(lctx->messages,
new, link);
}
Modified: vendor/bind/dist/lib/isc/md5.c
===================================================================
--- vendor/bind/dist/lib/isc/md5.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/md5.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: md5.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: md5.c,v 1.16 2009/02/06 23:47:42 tbox Exp $ */
/*! \file
* This code implements the MD5 message-digest algorithm.
@@ -217,11 +217,11 @@
t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */
if (t > len) {
- memcpy((unsigned char *)ctx->in + 64 - t, buf, len);
+ memmove((unsigned char *)ctx->in + 64 - t, buf, len);
return;
}
/* First chunk is an odd size */
- memcpy((unsigned char *)ctx->in + 64 - t, buf, t);
+ memmove((unsigned char *)ctx->in + 64 - t, buf, t);
byteSwap(ctx->in, 16);
transform(ctx->buf, ctx->in);
buf += t;
@@ -229,7 +229,7 @@
/* Process data in 64-byte chunks */
while (len >= 64) {
- memcpy(ctx->in, buf, 64);
+ memmove(ctx->in, buf, 64);
byteSwap(ctx->in, 16);
transform(ctx->buf, ctx->in);
buf += 64;
@@ -237,7 +237,7 @@
}
/* Handle any remaining bytes of data. */
- memcpy(ctx->in, buf, len);
+ memmove(ctx->in, buf, len);
}
/*!
@@ -271,7 +271,7 @@
transform(ctx->buf, ctx->in);
byteSwap(ctx->buf, 4);
- memcpy(digest, ctx->buf, 16);
+ memmove(digest, ctx->buf, 16);
memset(ctx, 0, sizeof(isc_md5_t)); /* In case it's sensitive */
}
#endif
Modified: vendor/bind/dist/lib/isc/mem.c
===================================================================
--- vendor/bind/dist/lib/isc/mem.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/mem.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1997-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mem.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -68,7 +68,7 @@
struct debuglink {
ISC_LINK(debuglink_t) link;
const void *ptr[DEBUGLIST_COUNT];
- unsigned int size[DEBUGLIST_COUNT];
+ size_t size[DEBUGLIST_COUNT];
const char *file[DEBUGLIST_COUNT];
unsigned int line[DEBUGLIST_COUNT];
unsigned int count;
@@ -396,12 +396,10 @@
* mctx must be locked.
*/
static inline void
-add_trace_entry(isc__mem_t *mctx, const void *ptr, unsigned int size
- FLARG)
-{
+add_trace_entry(isc__mem_t *mctx, const void *ptr, size_t size FLARG) {
debuglink_t *dl;
unsigned int i;
- unsigned int mysize = size;
+ size_t mysize = size;
if ((isc_mem_debugging & ISC_MEM_DEBUGTRACE) != 0)
fprintf(stderr, isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM,
@@ -456,7 +454,7 @@
}
static inline void
-delete_trace_entry(isc__mem_t *mctx, const void *ptr, unsigned int size,
+delete_trace_entry(isc__mem_t *mctx, const void *ptr, size_t size,
const char *file, unsigned int line)
{
debuglink_t *dl;
@@ -555,9 +553,9 @@
return (ISC_FALSE);
}
if (ctx->basic_table_size != 0) {
- memcpy(table, ctx->basic_table,
- ctx->basic_table_size *
- sizeof(unsigned char *));
+ memmove(table, ctx->basic_table,
+ ctx->basic_table_size *
+ sizeof(unsigned char *));
(ctx->memfree)(ctx->arg, ctx->basic_table);
}
ctx->basic_table = table;
@@ -623,7 +621,7 @@
total_size = ctx->mem_target;
new = ctx->basic_blocks;
ctx->basic_blocks = ctx->basic_blocks->next;
- frags = total_size / new_size;
+ frags = (int)(total_size / new_size);
ctx->stats[new_size].blocks++;
ctx->stats[new_size].freefrags += frags;
/*
@@ -1605,7 +1603,7 @@
oldsize -= ALIGNMENT_SIZE;
}
copysize = (oldsize > size) ? size : oldsize;
- memcpy(new_ptr, ptr, copysize);
+ memmove(new_ptr, ptr, copysize);
isc__mem_free(ctx0, ptr FLARG_PASS);
}
} else if (ptr != NULL)
@@ -1780,7 +1778,6 @@
ctx->water_arg = water_arg;
ctx->hi_water = hiwater;
ctx->lo_water = lowater;
- ctx->hi_called = ISC_FALSE;
}
MCTXUNLOCK(ctx, &ctx->lock);
@@ -2260,7 +2257,7 @@
#ifdef USE_MEMIMPREGISTER
isc_result_t
-isc__mem_register() {
+isc__mem_register(void) {
return (isc_mem_register(isc__mem_create2));
}
#endif
Modified: vendor/bind/dist/lib/isc/mem_api.c
===================================================================
--- vendor/bind/dist/lib/isc/mem_api.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/mem_api.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mem_api.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mem_api.c,v 1.8 2010/08/12 21:30:26 jinmei Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/mips/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/mips/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/mips/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/mips/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/mips/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/mips/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/mips/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/mips/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/mips/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/mips/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/mips/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/mips/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: atomic.h,v 1.3 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_ATOMIC_H
#define ISC_ATOMIC_H 1
Modified: vendor/bind/dist/lib/isc/mutexblock.c
===================================================================
--- vendor/bind/dist/lib/isc/mutexblock.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/mutexblock.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mutexblock.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/netaddr.c
===================================================================
--- vendor/bind/dist/lib/isc/netaddr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/netaddr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2010-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: netaddr.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -235,11 +235,12 @@
nbytes = prefixlen / 8;
nbits = prefixlen % 8;
if (nbits != 0) {
+ INSIST(nbytes < ipbytes);
if ((p[nbytes] & (0xff>>nbits)) != 0U)
return (ISC_R_FAILURE);
nbytes++;
}
- if (memcmp(p + nbytes, zeros, ipbytes - nbytes) != 0)
+ if (nbytes < ipbytes && memcmp(p + nbytes, zeros, ipbytes - nbytes) != 0)
return (ISC_R_FAILURE);
return (ISC_R_SUCCESS);
}
@@ -340,7 +341,7 @@
t->zone = 0;
break;
case AF_INET6:
- memcpy(&t->type.in6, &s->type.sin6.sin6_addr, 16);
+ memmove(&t->type.in6, &s->type.sin6.sin6_addr, 16);
#ifdef ISC_PLATFORM_HAVESCOPEID
t->zone = s->type.sin6.sin6_scope_id;
#else
@@ -349,7 +350,7 @@
break;
#ifdef ISC_PLATFORM_HAVESYSUNH
case AF_UNIX:
- memcpy(t->type.un, s->type.sunix.sun_path, sizeof(t->type.un));
+ memmove(t->type.un, s->type.sunix.sun_path, sizeof(t->type.un));
t->zone = 0;
break;
#endif
@@ -429,6 +430,6 @@
memset(t, 0, sizeof(*t));
t->family = AF_INET;
- memcpy(&t->type.in, (char *)&src->type.in6 + 12, 4);
+ memmove(&t->type.in, (char *)&src->type.in6 + 12, 4);
return;
}
Modified: vendor/bind/dist/lib/isc/netscope.c
===================================================================
--- vendor/bind/dist/lib/isc/netscope.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/netscope.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] =
- "$Id: netscope.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $";
+ "$Id: netscope.c,v 1.13 2007/06/19 23:47:17 tbox Exp $";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/nls/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/nls/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nls/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.17 2009/12/05 23:31:41 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/nls/msgcat.c
===================================================================
--- vendor/bind/dist/lib/isc/nls/msgcat.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nls/msgcat.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: msgcat.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: msgcat.c,v 1.18 2007/06/19 23:47:18 tbox Exp $ */
/*! \file msgcat.c
*
Modified: vendor/bind/dist/lib/isc/noatomic/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/noatomic/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/noatomic/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/noatomic/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/noatomic/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/noatomic/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/noatomic/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/noatomic/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/noatomic/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/noatomic/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/noatomic/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/noatomic/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: atomic.h,v 1.4 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_ATOMIC_H
#define ISC_ATOMIC_H 1
Modified: vendor/bind/dist/lib/isc/nothreads/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.12 2010/06/09 23:50:58 tbox Exp $
top_srcdir = @top_srcdir@
srcdir = @srcdir@
Modified: vendor/bind/dist/lib/isc/nothreads/condition.c
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/condition.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/condition.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: condition.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: condition.c,v 1.10 2007/06/19 23:47:18 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/nothreads/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.5 2007/06/19 23:47:18 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/nothreads/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.7 2007/06/19 23:47:18 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/nothreads/include/isc/condition.h
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/include/isc/condition.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/include/isc/condition.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: condition.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: condition.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */
/*
* This provides a limited subset of the isc_condition_t
Modified: vendor/bind/dist/lib/isc/nothreads/include/isc/mutex.h
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/include/isc/mutex.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/include/isc/mutex.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mutex.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mutex.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_MUTEX_H
#define ISC_MUTEX_H 1
Modified: vendor/bind/dist/lib/isc/nothreads/include/isc/once.h
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/include/isc/once.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/include/isc/once.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: once.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: once.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_ONCE_H
#define ISC_ONCE_H 1
Modified: vendor/bind/dist/lib/isc/nothreads/include/isc/thread.h
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/include/isc/thread.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/include/isc/thread.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: thread.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: thread.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_THREAD_H
#define ISC_THREAD_H 1
Modified: vendor/bind/dist/lib/isc/nothreads/mutex.c
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/mutex.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/mutex.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mutex.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mutex.c,v 1.10 2007/06/19 23:47:18 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/nothreads/thread.c
===================================================================
--- vendor/bind/dist/lib/isc/nothreads/thread.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/nothreads/thread.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: thread.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: thread.c,v 1.5 2007/06/19 23:47:18 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/ondestroy.c
===================================================================
--- vendor/bind/dist/lib/isc/ondestroy.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/ondestroy.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ondestroy.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ondestroy.c,v 1.16 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/parseint.c
===================================================================
--- vendor/bind/dist/lib/isc/parseint.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/parseint.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: parseint.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: parseint.c,v 1.8 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/portset.c
===================================================================
--- vendor/bind/dist/lib/isc/portset.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/portset.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: portset.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: portset.c,v 1.4 2008/06/24 23:24:35 marka Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/powerpc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/powerpc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/powerpc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/powerpc/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/powerpc/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/powerpc/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/powerpc/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/powerpc/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/powerpc/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/powerpc/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/powerpc/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/powerpc/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_ATOMIC_H
#define ISC_ATOMIC_H 1
Modified: vendor/bind/dist/lib/isc/print.c
===================================================================
--- vendor/bind/dist/lib/isc/print.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/print.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: print.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: print.c,v 1.37 2010/10/18 23:47:08 tbox Exp $ */
/*! \file */
@@ -117,7 +117,7 @@
dot = neg = space = plus = left = zero = alt = h = l = q = 0;
width = precision = 0;
head = "";
- length = pad = zeropad = 0;
+ pad = zeropad = 0;
do {
if (*format == '#') {
@@ -260,7 +260,7 @@
if (hi != 0)
sprintf(buf, "%lu", hi);
else
- buf[0] = '\n';
+ buf[0] = '\0';
sprintf(buf + strlen(buf), "%lu", mid);
sprintf(buf + strlen(buf), "%lu", lo);
}
@@ -317,7 +317,7 @@
if (hi != 0)
sprintf(buf, "%lu", hi);
else
- buf[0] = '\n';
+ buf[0] = '\0';
sprintf(buf + strlen(buf), "%lu", mid);
sprintf(buf + strlen(buf), "%lu", lo);
}
Modified: vendor/bind/dist/lib/isc/pthreads/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.22 2009/12/05 23:31:41 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/pthreads/condition.c
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/condition.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/condition.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: condition.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: condition.c,v 1.36 2007/06/19 23:47:18 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/pthreads/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.14 2007/06/19 23:47:18 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/pthreads/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.16 2007/06/19 23:47:18 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/pthreads/include/isc/condition.h
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/include/isc/condition.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/include/isc/condition.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: condition.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: condition.h,v 1.26 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_CONDITION_H
#define ISC_CONDITION_H 1
Modified: vendor/bind/dist/lib/isc/pthreads/include/isc/mutex.h
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/include/isc/mutex.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/include/isc/mutex.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mutex.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mutex.h,v 1.30 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_MUTEX_H
#define ISC_MUTEX_H 1
Modified: vendor/bind/dist/lib/isc/pthreads/include/isc/once.h
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/include/isc/once.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/include/isc/once.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: once.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: once.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_ONCE_H
#define ISC_ONCE_H 1
Modified: vendor/bind/dist/lib/isc/pthreads/include/isc/thread.h
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/include/isc/thread.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/include/isc/thread.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: thread.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: thread.h,v 1.26 2007/06/19 23:47:18 tbox Exp $ */
#ifndef ISC_THREAD_H
#define ISC_THREAD_H 1
Modified: vendor/bind/dist/lib/isc/pthreads/mutex.c
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/mutex.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/mutex.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mutex.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: mutex.c,v 1.18 2011/01/04 23:47:14 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/pthreads/thread.c
===================================================================
--- vendor/bind/dist/lib/isc/pthreads/thread.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/pthreads/thread.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: thread.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: thread.c,v 1.17 2007/06/19 23:47:18 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/quota.c
===================================================================
--- vendor/bind/dist/lib/isc/quota.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/quota.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: quota.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: quota.c,v 1.18 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/radix.c
===================================================================
--- vendor/bind/dist/lib/isc/radix.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/radix.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: radix.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*
* This source was adapted from MRT's RCS Ids:
@@ -34,7 +34,7 @@
void *dest, int bitlen);
static void
-_deref_prefix(isc_mem_t *mctx, isc_prefix_t *prefix);
+_deref_prefix(isc_prefix_t *prefix);
static isc_result_t
_ref_prefix(isc_mem_t *mctx, isc_prefix_t **target, isc_prefix_t *prefix);
@@ -62,14 +62,16 @@
if (family == AF_INET6) {
prefix->bitlen = (bitlen >= 0) ? bitlen : 128;
- memcpy(&prefix->add.sin6, dest, 16);
+ memmove(&prefix->add.sin6, dest, 16);
} else {
/* AF_UNSPEC is "any" or "none"--treat it as AF_INET */
prefix->bitlen = (bitlen >= 0) ? bitlen : 32;
- memcpy(&prefix->add.sin, dest, 4);
+ memmove(&prefix->add.sin, dest, 4);
}
prefix->family = family;
+ prefix->mctx = NULL;
+ isc_mem_attach(mctx, &prefix->mctx);
isc_refcount_init(&prefix->refcount, 1);
@@ -78,7 +80,7 @@
}
static void
-_deref_prefix(isc_mem_t *mctx, isc_prefix_t *prefix) {
+_deref_prefix(isc_prefix_t *prefix) {
int refs;
if (prefix == NULL)
@@ -88,7 +90,8 @@
if (refs <= 0) {
isc_refcount_destroy(&prefix->refcount);
- isc_mem_put(mctx, prefix, sizeof(isc_prefix_t));
+ isc_mem_putanddetach(&prefix->mctx, prefix,
+ sizeof(isc_prefix_t));
}
}
@@ -109,7 +112,7 @@
isc_result_t ret;
ret = _new_prefix(mctx, target, prefix->family,
&prefix->add, prefix->bitlen);
- return ret;
+ return (ret);
}
isc_refcount_increment(&prefix->refcount, NULL);
@@ -146,7 +149,8 @@
if (radix == NULL)
return (ISC_R_NOMEMORY);
- radix->mctx = mctx;
+ radix->mctx = NULL;
+ isc_mem_attach(mctx, &radix->mctx);
radix->maxbits = maxbits;
radix->head = NULL;
radix->num_active_node = 0;
@@ -168,7 +172,6 @@
REQUIRE(radix != NULL);
if (radix->head != NULL) {
-
isc_radix_node_t *Xstack[RADIX_MAXBITS+1];
isc_radix_node_t **Xsp = Xstack;
isc_radix_node_t *Xrn = radix->head;
@@ -178,7 +181,7 @@
isc_radix_node_t *r = Xrn->r;
if (Xrn->prefix != NULL) {
- _deref_prefix(radix->mctx, Xrn->prefix);
+ _deref_prefix(Xrn->prefix);
if (func != NULL && (Xrn->data[0] != NULL ||
Xrn->data[1] != NULL))
func(Xrn->data);
@@ -209,11 +212,10 @@
void
-isc_radix_destroy(isc_radix_tree_t *radix, isc_radix_destroyfunc_t func)
-{
+isc_radix_destroy(isc_radix_tree_t *radix, isc_radix_destroyfunc_t func) {
REQUIRE(radix != NULL);
_clear_radix(radix, func);
- isc_mem_put(radix->mctx, radix, sizeof(*radix));
+ isc_mem_putanddetach(&radix->mctx, radix, sizeof(*radix));
}
@@ -221,8 +223,7 @@
* func will be called as func(node->prefix, node->data)
*/
void
-isc_radix_process(isc_radix_tree_t *radix, isc_radix_processfunc_t func)
-{
+isc_radix_process(isc_radix_tree_t *radix, isc_radix_processfunc_t func) {
isc_radix_node_t *node;
REQUIRE(func != NULL);
@@ -461,8 +462,8 @@
*target = node;
return (ISC_R_SUCCESS);
} else {
- result =
- _ref_prefix(radix->mctx, &node->prefix, prefix);
+ result = _ref_prefix(radix->mctx,
+ &node->prefix, prefix);
if (result != ISC_R_SUCCESS)
return (result);
}
@@ -623,7 +624,7 @@
* make sure there is a prefix associated with it!
*/
if (node->prefix != NULL)
- _deref_prefix(radix->mctx, node->prefix);
+ _deref_prefix(node->prefix);
node->prefix = NULL;
node->data[0] = node->data[1] = NULL;
@@ -632,13 +633,13 @@
if (node->r == NULL && node->l == NULL) {
parent = node->parent;
- _deref_prefix(radix->mctx, node->prefix);
- isc_mem_put(radix->mctx, node, sizeof(*node));
- radix->num_active_node--;
+ _deref_prefix(node->prefix);
if (parent == NULL) {
INSIST(radix->head == node);
radix->head = NULL;
+ isc_mem_put(radix->mctx, node, sizeof(*node));
+ radix->num_active_node--;
return;
}
@@ -651,11 +652,13 @@
child = parent->r;
}
+ isc_mem_put(radix->mctx, node, sizeof(*node));
+ radix->num_active_node--;
+
if (parent->prefix)
return;
/* We need to remove parent too. */
-
if (parent->parent == NULL) {
INSIST(radix->head == parent);
radix->head = child;
@@ -665,6 +668,7 @@
INSIST(parent->parent->l == parent);
parent->parent->l = child;
}
+
child->parent = parent->parent;
isc_mem_put(radix->mctx, parent, sizeof(*parent));
radix->num_active_node--;
@@ -677,19 +681,23 @@
INSIST(node->l != NULL);
child = node->l;
}
+
parent = node->parent;
child->parent = parent;
- _deref_prefix(radix->mctx, node->prefix);
- isc_mem_put(radix->mctx, node, sizeof(*node));
- radix->num_active_node--;
+ _deref_prefix(node->prefix);
if (parent == NULL) {
INSIST(radix->head == node);
radix->head = child;
+ isc_mem_put(radix->mctx, node, sizeof(*node));
+ radix->num_active_node--;
return;
}
+ isc_mem_put(radix->mctx, node, sizeof(*node));
+ radix->num_active_node--;
+
if (parent->r == node) {
parent->r = child;
} else {
Modified: vendor/bind/dist/lib/isc/random.c
===================================================================
--- vendor/bind/dist/lib/isc/random.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/random.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: random.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: random.c,v 1.28 2009/07/16 05:52:46 marka Exp $ */
/*! \file */
@@ -50,7 +50,7 @@
*/
pid = ((pid << 16) & 0xffff0000) | ((pid >> 16) & 0xffff);
- srand(time(NULL) ^ pid);
+ srand((unsigned)time(NULL) ^ pid);
#endif
}
@@ -67,8 +67,16 @@
#ifndef HAVE_ARC4RANDOM
srand(seed);
+#elif defined(HAVE_ARC4RANDOM_ADDRANDOM)
+ arc4random_addrandom((u_char *) &seed, sizeof(isc_uint32_t));
#else
- arc4random_addrandom((u_char *) &seed, sizeof(isc_uint32_t));
+ /*
+ * If arcrandom() is available and no corresponding seeding
+ * function arc4random_addrandom() is available, no seeding is
+ * done on such platforms (e.g., OpenBSD 5.5). This is because
+ * the OS itself is supposed to seed the RNG and it is assumed
+ * that no explicit seeding is required.
+ */
#endif
}
Modified: vendor/bind/dist/lib/isc/ratelimiter.c
===================================================================
--- vendor/bind/dist/lib/isc/ratelimiter.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/ratelimiter.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ratelimiter.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: ratelimiter.c,v 1.25 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/refcount.c
===================================================================
--- vendor/bind/dist/lib/isc/refcount.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/refcount.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: refcount.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: refcount.c,v 1.5 2007/06/19 23:47:17 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/regex.c
===================================================================
--- vendor/bind/dist/lib/isc/regex.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/regex.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -220,7 +220,7 @@
++c;
switch (*c) {
case '.': /* collating element */
- if (range) --range;
+ if (range != 0) --range;
++c;
state = parse_ce;
seen_ce = ISC_FALSE;
@@ -255,11 +255,11 @@
default:
inside:
seen_char = ISC_TRUE;
- if (range == 2 && *c < range_start)
+ if (range == 2 && (*c & 0xff) < range_start)
FAIL("out of order range");
if (range != 0)
--range;
- range_start = *c;
+ range_start = *c & 0xff;
++c;
break;
};
Modified: vendor/bind/dist/lib/isc/region.c
===================================================================
--- vendor/bind/dist/lib/isc/region.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/region.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: region.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: region.c,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/result.c
===================================================================
--- vendor/bind/dist/lib/isc/result.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/result.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -103,6 +103,7 @@
"invalid address format", /*%< 59 */
"bad base32 encoding", /*%< 60 */
"unset", /*%< 61 */
+ "multiple", /*%< 62 */
};
#define ISC_RESULT_RESULTSET 2
Modified: vendor/bind/dist/lib/isc/rwlock.c
===================================================================
--- vendor/bind/dist/lib/isc/rwlock.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/rwlock.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rwlock.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Added: vendor/bind/dist/lib/isc/safe.c
===================================================================
--- vendor/bind/dist/lib/isc/safe.c (rev 0)
+++ vendor/bind/dist/lib/isc/safe.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/safe.h>
+#include <isc/util.h>
+
+#ifdef _MSC_VER
+#pragma optimize("", off)
+#endif
+
+isc_boolean_t
+isc_safe_memcmp(const void *s1, const void *s2, size_t n) {
+ isc_uint8_t acc = 0;
+
+ if (n != 0U) {
+ const isc_uint8_t *p1 = s1, *p2 = s2;
+
+ do {
+ acc |= *p1++ ^ *p2++;
+ } while (--n != 0U);
+ }
+ return (ISC_TF(acc == 0));
+}
Modified: vendor/bind/dist/lib/isc/serial.c
===================================================================
--- vendor/bind/dist/lib/isc/serial.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/serial.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: serial.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: serial.c,v 1.12 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/sha1.c
===================================================================
--- vendor/bind/dist/lib/isc/sha1.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/sha1.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sha1.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */
/* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */
@@ -209,7 +209,7 @@
INSIST(state != NULL);
block = &workspace;
- (void)memcpy(block, buffer, 64);
+ (void)memmove(block, buffer, 64);
/* Copy context->state[] to working vars */
a = state[0];
@@ -301,7 +301,7 @@
context->count[1] += (len >> 29) + 1;
j = (j >> 3) & 63;
if ((j + len) > 63) {
- (void)memcpy(&context->buffer[j], data, (i = 64 - j));
+ (void)memmove(&context->buffer[j], data, (i = 64 - j));
transform(context->state, context->buffer);
for (; i + 63 < len; i += 64)
transform(context->state, &data[i]);
@@ -310,7 +310,7 @@
i = 0;
}
- (void)memcpy(&context->buffer[j], &data[i], len - i);
+ (void)memmove(&context->buffer[j], &data[i], len - i);
}
Modified: vendor/bind/dist/lib/isc/sha2.c
===================================================================
--- vendor/bind/dist/lib/isc/sha2.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/sha2.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005-2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sha2.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
@@ -560,8 +560,8 @@
if (context == (isc_sha256_t *)0) {
return;
}
- memcpy(context->state, sha224_initial_hash_value,
- ISC_SHA256_DIGESTLENGTH);
+ memmove(context->state, sha224_initial_hash_value,
+ ISC_SHA256_DIGESTLENGTH);
memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
context->bitcount = 0;
}
@@ -580,7 +580,7 @@
isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
- memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
+ memmove(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
}
@@ -590,7 +590,7 @@
if (context == (isc_sha256_t *)0) {
return;
}
- memcpy(context->state, sha256_initial_hash_value,
+ memmove(context->state, sha256_initial_hash_value,
ISC_SHA256_DIGESTLENGTH);
memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
context->bitcount = 0;
@@ -803,7 +803,7 @@
if (len >= freespace) {
/* Fill the buffer completely and process it */
- memcpy(&context->buffer[usedspace], data, freespace);
+ memmove(&context->buffer[usedspace], data, freespace);
context->bitcount += freespace << 3;
len -= freespace;
data += freespace;
@@ -811,7 +811,7 @@
(isc_uint32_t*)context->buffer);
} else {
/* The buffer is not yet full */
- memcpy(&context->buffer[usedspace], data, len);
+ memmove(&context->buffer[usedspace], data, len);
context->bitcount += len << 3;
/* Clean up: */
usedspace = freespace = 0;
@@ -822,7 +822,7 @@
}
while (len >= ISC_SHA256_BLOCK_LENGTH) {
/* Process as many complete blocks as we can */
- memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
+ memmove(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
len -= ISC_SHA256_BLOCK_LENGTH;
@@ -830,7 +830,7 @@
}
if (len > 0U) {
/* There's left-overs, so save 'em */
- memcpy(context->buffer, data, len);
+ memmove(context->buffer, data, len);
context->bitcount += len << 3;
}
/* Clean up: */
@@ -900,7 +900,7 @@
}
}
#else
- memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH);
+ memmove(d, context->state, ISC_SHA256_DIGESTLENGTH);
#endif
}
@@ -916,8 +916,8 @@
if (context == (isc_sha512_t *)0) {
return;
}
- memcpy(context->state, sha512_initial_hash_value,
- ISC_SHA512_DIGESTLENGTH);
+ memmove(context->state, sha512_initial_hash_value,
+ ISC_SHA512_DIGESTLENGTH);
memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
context->bitcount[0] = context->bitcount[1] = 0;
}
@@ -1122,7 +1122,7 @@
if (len >= freespace) {
/* Fill the buffer completely and process it */
- memcpy(&context->buffer[usedspace], data, freespace);
+ memmove(&context->buffer[usedspace], data, freespace);
ADDINC128(context->bitcount, freespace << 3);
len -= freespace;
data += freespace;
@@ -1130,7 +1130,7 @@
(isc_uint64_t*)context->buffer);
} else {
/* The buffer is not yet full */
- memcpy(&context->buffer[usedspace], data, len);
+ memmove(&context->buffer[usedspace], data, len);
ADDINC128(context->bitcount, len << 3);
/* Clean up: */
usedspace = freespace = 0;
@@ -1141,7 +1141,7 @@
}
while (len >= ISC_SHA512_BLOCK_LENGTH) {
/* Process as many complete blocks as we can */
- memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
+ memmove(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
len -= ISC_SHA512_BLOCK_LENGTH;
@@ -1149,7 +1149,7 @@
}
if (len > 0U) {
/* There's left-overs, so save 'em */
- memcpy(context->buffer, data, len);
+ memmove(context->buffer, data, len);
ADDINC128(context->bitcount, len << 3);
}
/* Clean up: */
@@ -1224,7 +1224,7 @@
}
}
#else
- memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH);
+ memmove(d, context->state, ISC_SHA512_DIGESTLENGTH);
#endif
}
@@ -1239,8 +1239,8 @@
if (context == (isc_sha384_t *)0) {
return;
}
- memcpy(context->state, sha384_initial_hash_value,
- ISC_SHA512_DIGESTLENGTH);
+ memmove(context->state, sha384_initial_hash_value,
+ ISC_SHA512_DIGESTLENGTH);
memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
context->bitcount[0] = context->bitcount[1] = 0;
}
@@ -1277,7 +1277,7 @@
}
}
#else
- memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH);
+ memmove(d, context->state, ISC_SHA384_DIGESTLENGTH);
#endif
}
Modified: vendor/bind/dist/lib/isc/sockaddr.c
===================================================================
--- vendor/bind/dist/lib/isc/sockaddr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/sockaddr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2010-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sockaddr.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -332,7 +332,7 @@
#endif
sockaddr->type.sin6.sin6_addr.s6_addr[10] = 0xff;
sockaddr->type.sin6.sin6_addr.s6_addr[11] = 0xff;
- memcpy(&sockaddr->type.sin6.sin6_addr.s6_addr[12], ina, 4);
+ memmove(&sockaddr->type.sin6.sin6_addr.s6_addr[12], ina, 4);
sockaddr->type.sin6.sin6_port = htons(port);
sockaddr->length = sizeof(sockaddr->type.sin6);
ISC_LINK_INIT(sockaddr, link);
@@ -386,7 +386,7 @@
#ifdef ISC_PLATFORM_HAVESALEN
sockaddr->type.sin6.sin6_len = sizeof(sockaddr->type.sin6);
#endif
- memcpy(&sockaddr->type.sin6.sin6_addr, &na->type.in6, 16);
+ memmove(&sockaddr->type.sin6.sin6_addr, &na->type.in6, 16);
#ifdef ISC_PLATFORM_HAVESCOPEID
sockaddr->type.sin6.sin6_scope_id = isc_netaddr_getzone(na);
#endif
Modified: vendor/bind/dist/lib/isc/socket_api.c
===================================================================
--- vendor/bind/dist/lib/isc/socket_api.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/socket_api.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: socket_api.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -131,7 +131,7 @@
isc_result_t
isc_socket_sendto(isc_socket_t *sock, isc_region_t *region, isc_task_t *task,
- isc_taskaction_t action, const void *arg,
+ isc_taskaction_t action, void *arg,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo)
{
REQUIRE(ISCAPI_SOCKET_VALID(sock));
@@ -142,7 +142,7 @@
isc_result_t
isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr, isc_task_t *task,
- isc_taskaction_t action, const void *arg)
+ isc_taskaction_t action, void *arg)
{
REQUIRE(ISCAPI_SOCKET_VALID(sock));
@@ -151,7 +151,7 @@
isc_result_t
isc_socket_recv(isc_socket_t *sock, isc_region_t *region, unsigned int minimum,
- isc_task_t *task, isc_taskaction_t action, const void *arg)
+ isc_task_t *task, isc_taskaction_t action, void *arg)
{
REQUIRE(ISCAPI_SOCKET_VALID(sock));
Modified: vendor/bind/dist/lib/isc/sparc64/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/sparc64/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/sparc64/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/sparc64/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/sparc64/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/sparc64/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/sparc64/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/sparc64/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/sparc64/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/sparc64/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/sparc64/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/sparc64/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: atomic.h,v 1.5 2007/06/19 23:47:18 tbox Exp $ */
/*
* This code was written based on FreeBSD's kernel source whose copyright
Modified: vendor/bind/dist/lib/isc/stats.c
===================================================================
--- vendor/bind/dist/lib/isc/stats.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/stats.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stats.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -275,8 +275,8 @@
}
#else
UNUSED(i);
- memcpy(stats->copiedcounters, stats->counters,
- stats->ncounters * sizeof(isc_stat_t));
+ memmove(stats->copiedcounters, stats->counters,
+ stats->ncounters * sizeof(isc_stat_t));
#endif
#ifdef ISC_RWLOCK_USEATOMIC
Modified: vendor/bind/dist/lib/isc/string.c
===================================================================
--- vendor/bind/dist/lib/isc/string.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/string.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,34 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: string.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/*
+ * Copyright (c) 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
/*! \file */
@@ -188,7 +215,7 @@
target = (char *) isc_mem_allocate(mctx, source->length + 1);
if (target != NULL) {
- memcpy(source->base, target, source->length);
+ memmove(source->base, target, source->length);
target[source->length] = '\0';
}
Modified: vendor/bind/dist/lib/isc/strtoul.c
===================================================================
--- vendor/bind/dist/lib/isc/strtoul.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/strtoul.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -27,11 +27,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@@ -53,7 +49,7 @@
static char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93";
#endif /* LIBC_SCCS and not lint */
-/* $Id: strtoul.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: strtoul.c,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/symtab.c
===================================================================
--- vendor/bind/dist/lib/isc/symtab.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/symtab.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: symtab.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/task.c
===================================================================
--- vendor/bind/dist/lib/isc/task.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/task.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: task.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file
* \author Principal Author: Bob Halley
@@ -204,7 +204,7 @@
void *tag, isc_eventlist_t *events);
ISC_TASKFUNC_SCOPE isc_result_t
isc__task_onshutdown(isc_task_t *task0, isc_taskaction_t action,
- const void *arg);
+ void *arg);
ISC_TASKFUNC_SCOPE void
isc__task_shutdown(isc_task_t *task0);
ISC_TASKFUNC_SCOPE void
@@ -762,7 +762,7 @@
ISC_TASKFUNC_SCOPE isc_result_t
isc__task_onshutdown(isc_task_t *task0, isc_taskaction_t action,
- const void *arg)
+ void *arg)
{
isc__task_t *task = (isc__task_t *)task0;
isc_boolean_t disallowed = ISC_FALSE;
@@ -1524,7 +1524,7 @@
#ifdef USE_SOCKETIMPREGISTER
isc_result_t
-isc__task_register() {
+isc__task_register(void) {
return (isc_task_register(isc__taskmgr_create));
}
#endif
Modified: vendor/bind/dist/lib/isc/task_api.c
===================================================================
--- vendor/bind/dist/lib/isc/task_api.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/task_api.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: task_api.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -158,7 +158,7 @@
}
isc_result_t
-isc_task_onshutdown(isc_task_t *task, isc_taskaction_t action, const void *arg)
+isc_task_onshutdown(isc_task_t *task, isc_taskaction_t action, void *arg)
{
REQUIRE(ISCAPI_TASK_VALID(task));
@@ -190,7 +190,7 @@
void
isc_taskmgr_setexcltask(isc_taskmgr_t *mgr, isc_task_t *task) {
REQUIRE(ISCAPI_TASK_VALID(task));
- return (mgr->methods->setexcltask(mgr, task));
+ mgr->methods->setexcltask(mgr, task);
}
isc_result_t
Modified: vendor/bind/dist/lib/isc/task_p.h
===================================================================
--- vendor/bind/dist/lib/isc/task_p.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/task_p.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: task_p.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_TASK_P_H
#define ISC_TASK_P_H
Modified: vendor/bind/dist/lib/isc/taskpool.c
===================================================================
--- vendor/bind/dist/lib/isc/taskpool.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/taskpool.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: taskpool.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/tests/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/tests/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -36,12 +36,14 @@
OBJS = isctest. at O@
-SRCS = isctest.c taskpool_test.c hash_test.c sockaddr_test.c \
- symtab_test.c parse_test.c regex_test.c
+SRCS = isctest.c taskpool_test.c hash_test.c lex_test.c \
+ sockaddr_test.c safe_test.c symtab_test.c parse_test.c \
+ print_test.c regex_test.c
SUBDIRS =
-TARGETS = taskpool_test at EXEEXT@ hash_test at EXEEXT@ sockaddr_test at EXEEXT@ \
- symtab_test at EXEEXT@ parse_test at EXEEXT@ regex_test at EXEEXT@
+TARGETS = taskpool_test at EXEEXT@ hash_test at EXEEXT@ lex_test at EXEEXT@ \
+ sockaddr_test at EXEEXT@ safe_test at EXEEXT@ symtab_test at EXEEXT@ \
+ parse_test at EXEEXT@ print_test at EXEEXT@ regex_test at EXEEXT@
@BIND9_MAKE_RULES@
@@ -57,6 +59,10 @@
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
hash_test. at O@ ${ISCLIBS} ${LIBS}
+lex_test at EXEEXT@: lex_test. at O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ lex_test. at O@ ${ISCLIBS} ${LIBS}
+
parse_test at EXEEXT@: parse_test. at O@ isctest. at O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
parse_test. at O@ isctest. at O@ ${ISCLIBS} ${LIBS}
@@ -65,10 +71,18 @@
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
sockaddr_test. at O@ isctest. at O@ ${ISCLIBS} ${LIBS}
+print_test at EXEEXT@: print_test. at O@ ${ISCDEPLIBS} ${top_srcdir}/lib/isc/print.c
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ print_test. at O@ ${ISCLIBS} ${LIBS}
+
regex_test at EXEEXT@: regex_test. at O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
regex_test. at O@ ${ISCLIBS} ${LIBS}
+safe_test at EXEEXT@: safe_test. at O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ safe_test. at O@ ${ISCLIBS} ${LIBS}
+
unit::
sh ${top_srcdir}/unit/unittest.sh
Modified: vendor/bind/dist/lib/isc/tests/hash_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/hash_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/hash_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: hash_test.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/* ! \file */
@@ -39,7 +39,7 @@
unsigned char digest[ISC_SHA512_DIGESTLENGTH];
unsigned char buffer[1024];
const char *s;
-char str[ISC_SHA512_DIGESTLENGTH];
+char str[2 * ISC_SHA512_DIGESTLENGTH + 1];
unsigned char key[20];
int i = 0;
@@ -51,7 +51,7 @@
* Postcondition: A String representation of the given hexadecimal number is
* placed into the array *out
*
- * 'out' MUST point to an array of at least len / 2 + 1
+ * 'out' MUST point to an array of at least len * 2 + 1
*
* Return values: ISC_R_SUCCESS if the operation is sucessful
*/
@@ -963,7 +963,7 @@
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
- memcpy(buffer, test_key->key, test_key->len);
+ memmove(buffer, test_key->key, test_key->len);
isc_hmacsha1_init(&hmacsha1, buffer, test_key->len);
isc_hmacsha1_update(&hmacsha1,
(const isc_uint8_t *) testcase->input,
@@ -1126,7 +1126,7 @@
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
- memcpy(buffer, test_key->key, test_key->len);
+ memmove(buffer, test_key->key, test_key->len);
isc_hmacsha224_init(&hmacsha224, buffer, test_key->len);
isc_hmacsha224_update(&hmacsha224,
(const isc_uint8_t *) testcase->input,
@@ -1289,7 +1289,7 @@
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
- memcpy(buffer, test_key->key, test_key->len);
+ memmove(buffer, test_key->key, test_key->len);
isc_hmacsha256_init(&hmacsha256, buffer, test_key->len);
isc_hmacsha256_update(&hmacsha256,
(const isc_uint8_t *) testcase->input,
@@ -1458,7 +1458,7 @@
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
- memcpy(buffer, test_key->key, test_key->len);
+ memmove(buffer, test_key->key, test_key->len);
isc_hmacsha384_init(&hmacsha384, buffer, test_key->len);
isc_hmacsha384_update(&hmacsha384,
(const isc_uint8_t *) testcase->input,
@@ -1627,7 +1627,7 @@
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
- memcpy(buffer, test_key->key, test_key->len);
+ memmove(buffer, test_key->key, test_key->len);
isc_hmacsha512_init(&hmacsha512, buffer, test_key->len);
isc_hmacsha512_update(&hmacsha512,
(const isc_uint8_t *) testcase->input,
@@ -1770,7 +1770,7 @@
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
- memcpy(buffer, test_key->key, test_key->len);
+ memmove(buffer, test_key->key, test_key->len);
isc_hmacmd5_init(&hmacmd5, buffer, test_key->len);
isc_hmacmd5_update(&hmacmd5,
(const isc_uint8_t *) testcase->input,
Modified: vendor/bind/dist/lib/isc/tests/isctest.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/isctest.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/isctest.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: isctest.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -59,7 +59,7 @@
};
static void
-cleanup_managers() {
+cleanup_managers(void) {
if (maintask != NULL)
isc_task_destroy(&maintask);
if (socketmgr != NULL)
@@ -71,7 +71,7 @@
}
static isc_result_t
-create_managers() {
+create_managers(void) {
isc_result_t result;
#ifdef ISC_PLATFORM_USETHREADS
ncpus = isc_os_ncpus();
@@ -138,7 +138,7 @@
}
void
-isc_test_end() {
+isc_test_end(void) {
if (maintask != NULL)
isc_task_detach(&maintask);
if (taskmgr != NULL)
Modified: vendor/bind/dist/lib/isc/tests/isctest.h
===================================================================
--- vendor/bind/dist/lib/isc/tests/isctest.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/isctest.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: isctest.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Added: vendor/bind/dist/lib/isc/tests/lex_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/lex_test.c (rev 0)
+++ vendor/bind/dist/lib/isc/tests/lex_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <isc/buffer.h>
+#include <isc/lex.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+ATF_TC(lex);
+ATF_TC_HEAD(lex, tc) {
+ atf_tc_set_md_var(tc, "descr", "check handling of 0xff");
+}
+ATF_TC_BODY(lex, tc) {
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+ isc_lex_t *lex = NULL;
+ isc_buffer_t death_buf;
+ isc_token_t token;
+
+ unsigned char death[] = { EOF, 'A' };
+
+ UNUSED(tc);
+
+ result = isc_mem_create(0, 0, &mctx);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ result = isc_lex_create(mctx, 1024, &lex);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ isc_buffer_init(&death_buf, &death[0], sizeof(death));
+ isc_buffer_add(&death_buf, sizeof(death));
+
+ result = isc_lex_openbuffer(lex, &death_buf);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+ result = isc_lex_gettoken(lex, 0, &token);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+ ATF_TP_ADD_TC(tp, lex);
+ return (atf_no_error());
+}
+
Modified: vendor/bind/dist/lib/isc/tests/parse_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/parse_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/parse_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: parse_test.c,v 1.1.1.1 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Added: vendor/bind/dist/lib/isc/tests/print_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/print_test.c (rev 0)
+++ vendor/bind/dist/lib/isc/tests/print_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+/*
+ * Workout if we need to force the inclusion of print.c so we can test
+ * it on all platforms even if we don't include it in libisc.
+ */
+#include <isc/platform.h>
+#if !defined(ISC_PLATFORM_NEEDVSNPRINTF) && !defined(ISC_PLATFORM_NEEDSPRINTF)
+#define ISC__PRINT_SOURCE
+#include "../print.c"
+#else
+#if !defined(ISC_PLATFORM_NEEDVSNPRINTF) || !defined(ISC_PLATFORM_NEEDSPRINTF)
+#define ISC__PRINT_SOURCE
+#endif
+#include <isc/print.h>
+#include <isc/types.h>
+#include <isc/util.h>
+#endif
+
+ATF_TC(snprintf);
+ATF_TC_HEAD(snprintf, tc) {
+ atf_tc_set_md_var(tc, "descr", "snprintf implementation");
+}
+ATF_TC_BODY(snprintf, tc) {
+ char buf[10000];
+ isc_uint64_t ll = 8589934592ULL;
+ int n;
+
+ UNUSED(tc);
+
+ /*
+ * 4294967296 <= 8589934592 < 1000000000^2 to verify fix for
+ * RT#36505.
+ */
+
+ memset(buf, 0xff, sizeof(buf));
+ n = isc_print_snprintf(buf, sizeof(buf), "%qu", ll);
+ ATF_CHECK_EQ(n, 10);
+ ATF_CHECK_STREQ(buf, "8589934592");
+
+ memset(buf, 0xff, sizeof(buf));
+ n = isc_print_snprintf(buf, sizeof(buf), "%llu", ll);
+ ATF_CHECK_EQ(n, 10);
+ ATF_CHECK_STREQ(buf, "8589934592");
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+ ATF_TP_ADD_TC(tp, snprintf);
+ return (atf_no_error());
+}
Added: vendor/bind/dist/lib/isc/tests/safe_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/safe_test.c (rev 0)
+++ vendor/bind/dist/lib/isc/tests/safe_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/* ! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <isc/safe.h>
+#include <isc/util.h>
+
+ATF_TC(isc_safe_memcmp);
+ATF_TC_HEAD(isc_safe_memcmp, tc) {
+ atf_tc_set_md_var(tc, "descr", "safe memcmp()");
+}
+ATF_TC_BODY(isc_safe_memcmp, tc) {
+ UNUSED(tc);
+
+ ATF_CHECK(isc_safe_memcmp("test", "test", 4));
+ ATF_CHECK(!isc_safe_memcmp("test", "tesc", 4));
+ ATF_CHECK(isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x00", 4));
+ ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x01", 4));
+ ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x02", "\x00\x00\x00\x00", 4));
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+ ATF_TP_ADD_TC(tp, isc_safe_memcmp);
+ return (atf_no_error());
+}
+
Modified: vendor/bind/dist/lib/isc/tests/sockaddr_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/sockaddr_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/sockaddr_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sockaddr_test.c,v 1.1.1.1 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/tests/symtab_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/symtab_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/symtab_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: symtab_test.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/tests/taskpool_test.c
===================================================================
--- vendor/bind/dist/lib/isc/tests/taskpool_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/tests/taskpool_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: taskpool_test.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/timer.c
===================================================================
--- vendor/bind/dist/lib/isc/timer.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/timer.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: timer.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -131,7 +131,7 @@
ISC_TIMERFUNC_SCOPE isc_result_t
isc__timer_create(isc_timermgr_t *manager, isc_timertype_t type,
const isc_time_t *expires, const isc_interval_t *interval,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_timer_t **timerp);
ISC_TIMERFUNC_SCOPE isc_result_t
isc__timer_reset(isc_timer_t *timer, isc_timertype_t type,
@@ -393,7 +393,7 @@
ISC_TIMERFUNC_SCOPE isc_result_t
isc__timer_create(isc_timermgr_t *manager0, isc_timertype_t type,
const isc_time_t *expires, const isc_interval_t *interval,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_timer_t **timerp)
{
isc__timermgr_t *manager = (isc__timermgr_t *)manager0;
@@ -1066,7 +1066,7 @@
#ifdef USE_TIMERIMPREGISTER
isc_result_t
-isc__timer_register() {
+isc__timer_register(void) {
return (isc_timer_register(isc__timermgr_create));
}
#endif
Modified: vendor/bind/dist/lib/isc/timer_api.c
===================================================================
--- vendor/bind/dist/lib/isc/timer_api.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/timer_api.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: timer_api.c,v 1.1.1.2 2013-08-22 22:52:00 laffer1 Exp $ */
+/* $Id: timer_api.c,v 1.4 2009/09/02 23:48:02 tbox Exp $ */
#include <config.h>
@@ -97,7 +97,7 @@
isc_result_t
isc_timer_create(isc_timermgr_t *manager, isc_timertype_t type,
const isc_time_t *expires, const isc_interval_t *interval,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_timer_t **timerp)
{
REQUIRE(ISCAPI_TIMERMGR_VALID(manager));
Modified: vendor/bind/dist/lib/isc/timer_p.h
===================================================================
--- vendor/bind/dist/lib/isc/timer_p.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/timer_p.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: timer_p.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: timer_p.h,v 1.12 2009/09/02 23:48:02 tbox Exp $ */
#ifndef ISC_TIMER_P_H
#define ISC_TIMER_P_H
Modified: vendor/bind/dist/lib/isc/unix/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/unix/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $
+# $Id: Makefile.in,v 1.44 2009/12/05 23:31:41 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/unix/app.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/app.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/app.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: app.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: app.c,v 1.64 2009/11/04 05:58:46 marka Exp $ */
/*! \file */
@@ -107,6 +107,11 @@
isc_socketmgr_t *socketmgr);
ISC_APPFUNC_SCOPE void isc__appctx_settimermgr(isc_appctx_t *ctx,
isc_timermgr_t *timermgr);
+ISC_APPFUNC_SCOPE isc_result_t isc__app_ctxonrun(isc_appctx_t *ctx,
+ isc_mem_t *mctx,
+ isc_task_t *task,
+ isc_taskaction_t action,
+ void *arg);
/*
* The application context of this module. This implementation actually
@@ -148,8 +153,8 @@
* The following are defined just for avoiding unused static functions.
*/
#ifndef BIND9
- void *run, *shutdown, *start, *onrun, *reload, *finish,
- *block, *unblock;
+ void *run, *shutdown, *start, *onrun,
+ *reload, *finish, *block, *unblock;
#endif
} appmethods = {
{
@@ -161,7 +166,8 @@
isc__app_ctxfinish,
isc__appctx_settaskmgr,
isc__appctx_setsocketmgr,
- isc__appctx_settimermgr
+ isc__appctx_settimermgr,
+ isc__app_ctxonrun
}
#ifndef BIND9
,
@@ -373,7 +379,7 @@
}
presult = sigprocmask(SIG_UNBLOCK, &sset, NULL);
if (presult != 0) {
- isc__strerror(presult, strbuf, sizeof(strbuf));
+ isc__strerror(errno, strbuf, sizeof(strbuf));
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_app_start() sigprocmask: %s", strbuf);
return (ISC_R_UNEXPECTED);
@@ -387,13 +393,22 @@
isc__app_onrun(isc_mem_t *mctx, isc_task_t *task, isc_taskaction_t action,
void *arg)
{
+ return (isc__app_ctxonrun((isc_appctx_t *)&isc_g_appctx, mctx,
+ task, action, arg));
+}
+
+isc_result_t
+isc__app_ctxonrun(isc_appctx_t *ctx0, isc_mem_t *mctx, isc_task_t *task,
+ isc_taskaction_t action, void *arg)
+{
+ isc__appctx_t *ctx = (isc__appctx_t *)ctx0;
isc_event_t *event;
isc_task_t *cloned_task = NULL;
isc_result_t result;
- LOCK(&isc_g_appctx.lock);
+ LOCK(&ctx->lock);
- if (isc_g_appctx.running) {
+ if (ctx->running) {
result = ISC_R_ALREADYRUNNING;
goto unlock;
}
@@ -410,12 +425,12 @@
goto unlock;
}
- ISC_LIST_APPEND(isc_g_appctx.on_run, event, ev_link);
+ ISC_LIST_APPEND(ctx->on_run, event, ev_link);
result = ISC_R_SUCCESS;
unlock:
- UNLOCK(&isc_g_appctx.lock);
+ UNLOCK(&ctx->lock);
return (result);
}
@@ -703,7 +718,7 @@
}
ISC_APPFUNC_SCOPE isc_result_t
-isc__app_run() {
+isc__app_run(void) {
return (isc__app_ctxrun((isc_appctx_t *)&isc_g_appctx));
}
@@ -758,7 +773,7 @@
}
ISC_APPFUNC_SCOPE isc_result_t
-isc__app_shutdown() {
+isc__app_shutdown(void) {
return (isc__app_ctxshutdown((isc_appctx_t *)&isc_g_appctx));
}
@@ -940,7 +955,7 @@
#ifdef USE_APPIMPREGISTER
isc_result_t
-isc__app_register() {
+isc__app_register(void) {
return (isc_app_register(isc__appctx_create));
}
#endif
Modified: vendor/bind/dist/lib/isc/unix/dir.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/dir.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/dir.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dir.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file
* \author Principal Authors: DCL */
Modified: vendor/bind/dist/lib/isc/unix/entropy.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/entropy.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/entropy.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: entropy.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: entropy.c,v 1.82 2008/12/01 23:47:45 tbox Exp $ */
/* \file unix/entropy.c
* \brief
Modified: vendor/bind/dist/lib/isc/unix/errno2result.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/errno2result.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/errno2result.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: errno2result.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/unix/errno2result.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/errno2result.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/errno2result.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: errno2result.h,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id$ */
#ifndef UNIX_ERRNO2RESULT_H
#define UNIX_ERRNO2RESULT_H 1
Modified: vendor/bind/dist/lib/isc/unix/file.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/file.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/file.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -27,11 +27,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@@ -48,7 +44,7 @@
* SUCH DAMAGE.
*/
-/* $Id: file.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -97,7 +93,34 @@
return (result);
}
+static isc_result_t
+fd_stats(int fd, struct stat *stats) {
+ isc_result_t result = ISC_R_SUCCESS;
+
+ REQUIRE(stats != NULL);
+
+ if (fstat(fd, stats) != 0)
+ result = isc__errno2result(errno);
+
+ return (result);
+}
+
isc_result_t
+isc_file_getsizefd(int fd, off_t *size) {
+ isc_result_t result;
+ struct stat stats;
+
+ REQUIRE(size != NULL);
+
+ result = fd_stats(fd, &stats);
+
+ if (result == ISC_R_SUCCESS)
+ *size = stats.st_size;
+
+ return (result);
+}
+
+isc_result_t
isc_file_mode(const char *file, mode_t *modep) {
isc_result_t result;
struct stat stats;
@@ -462,7 +485,7 @@
if (len > buflen)
return (ISC_R_NOSPACE);
- memcpy(buf, base, len);
+ memmove(buf, base, len);
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/isc/unix/fsaccess.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/fsaccess.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/fsaccess.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: fsaccess.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: fsaccess.c,v 1.13 2007/06/19 23:47:18 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/unix/ifiter_getifaddrs.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/ifiter_getifaddrs.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/ifiter_getifaddrs.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ifiter_getifaddrs.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ifiter_getifaddrs.c,v 1.13 2009/09/24 23:48:13 tbox Exp $ */
/*! \file
* \brief
@@ -159,7 +159,7 @@
namelen = sizeof(iter->current.name) - 1;
memset(iter->current.name, 0, sizeof(iter->current.name));
- memcpy(iter->current.name, ifa->ifa_name, namelen);
+ memmove(iter->current.name, ifa->ifa_name, namelen);
iter->current.flags = 0;
Modified: vendor/bind/dist/lib/isc/unix/ifiter_ioctl.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/ifiter_ioctl.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/ifiter_ioctl.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ifiter_ioctl.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ifiter_ioctl.c,v 1.62 2009/01/18 23:48:14 tbox Exp $ */
/*! \file
* \brief
@@ -398,7 +398,7 @@
static void
get_inaddr(isc_netaddr_t *dst, struct in_addr *src) {
dst->family = AF_INET;
- memcpy(&dst->type.in, src, sizeof(struct in_addr));
+ memmove(&dst->type.in, src, sizeof(struct in_addr));
}
static isc_result_t
@@ -454,7 +454,7 @@
ifrp = (struct ifreq *)((char *) iter->ifc.ifc_req + iter->pos);
memset(&ifreq, 0, sizeof(ifreq));
- memcpy(&ifreq, ifrp, sizeof(ifreq));
+ memmove(&ifreq, ifrp, sizeof(ifreq));
family = ifreq.ifr_addr.sa_family;
#if defined(ISC_PLATFORM_HAVEIPV6)
@@ -469,7 +469,7 @@
INSIST(sizeof(ifreq.ifr_name) <= sizeof(iter->current.name));
memset(iter->current.name, 0, sizeof(iter->current.name));
- memcpy(iter->current.name, ifreq.ifr_name, sizeof(ifreq.ifr_name));
+ memmove(iter->current.name, ifreq.ifr_name, sizeof(ifreq.ifr_name));
get_addr(family, &iter->current.address,
(struct sockaddr *)&ifrp->ifr_addr, ifreq.ifr_name);
@@ -524,8 +524,8 @@
#if !defined(ISC_PLATFORM_HAVEIF_LADDRREQ) && defined(SIOCGLIFADDR)
memset(&lifreq, 0, sizeof(lifreq));
- memcpy(lifreq.lifr_name, iter->current.name, sizeof(lifreq.lifr_name));
- memcpy(&lifreq.lifr_addr, &iter->current.address.type.in6,
+ memmove(lifreq.lifr_name, iter->current.name, sizeof(lifreq.lifr_name));
+ memmove(&lifreq.lifr_addr, &iter->current.address.type.in6,
sizeof(iter->current.address.type.in6));
if (ioctl(iter->socket, SIOCGLIFADDR, &lifreq) < 0) {
@@ -599,7 +599,7 @@
* Get the network mask.
*/
memset(&ifreq, 0, sizeof(ifreq));
- memcpy(&ifreq, ifrp, sizeof(ifreq));
+ memmove(&ifreq, ifrp, sizeof(ifreq));
/*
* Ignore the HP/UX warning about "integer overflow during
* conversion. It comes from its own macro definition,
@@ -637,7 +637,7 @@
ifrp = (struct LIFREQ *)((char *) iter->lifc.lifc_req + iter->pos6);
memset(&lifreq, 0, sizeof(lifreq));
- memcpy(&lifreq, ifrp, sizeof(lifreq));
+ memmove(&lifreq, ifrp, sizeof(lifreq));
family = lifreq.lifr_addr.ss_family;
#ifdef ISC_PLATFORM_HAVEIPV6
@@ -652,7 +652,7 @@
INSIST(sizeof(lifreq.lifr_name) <= sizeof(iter->current.name));
memset(iter->current.name, 0, sizeof(iter->current.name));
- memcpy(iter->current.name, lifreq.lifr_name, sizeof(lifreq.lifr_name));
+ memmove(iter->current.name, lifreq.lifr_name, sizeof(lifreq.lifr_name));
get_addr(family, &iter->current.address,
(struct sockaddr *)&lifreq.lifr_addr, lifreq.lifr_name);
@@ -739,7 +739,7 @@
* Get the network mask. Netmask already zeroed.
*/
memset(&lifreq, 0, sizeof(lifreq));
- memcpy(&lifreq, ifrp, sizeof(lifreq));
+ memmove(&lifreq, ifrp, sizeof(lifreq));
#ifdef lifr_addrlen
/*
Modified: vendor/bind/dist/lib/isc/unix/ifiter_sysctl.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/ifiter_sysctl.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/ifiter_sysctl.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ifiter_sysctl.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ifiter_sysctl.c,v 1.25 2007/06/19 23:47:18 tbox Exp $ */
/*! \file
* \brief
@@ -37,7 +37,7 @@
sizeof(__uint64_t))
#else
#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) \
- : sizeof(long))
+ : sizeof(long))
#endif
#define IFITER_MAGIC ISC_MAGIC('I', 'F', 'I', 'S')
@@ -58,9 +58,9 @@
static int mib[6] = {
CTL_NET,
PF_ROUTE,
- 0,
+ 0,
0, /* Any address family. */
- NET_RT_IFLIST,
+ NET_RT_IFLIST,
0 /* Flags. */
};
@@ -171,7 +171,7 @@
namelen = sizeof(iter->current.name) - 1;
memset(iter->current.name, 0, sizeof(iter->current.name));
- memcpy(iter->current.name, sdl->sdl_data, namelen);
+ memmove(iter->current.name, sdl->sdl_data, namelen);
iter->current.flags = 0;
Modified: vendor/bind/dist/lib/isc/unix/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.14 2007/06/19 23:47:18 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/unix/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.30 2007/06/19 23:47:19 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -21,8 +21,8 @@
@BIND9_VERSION@
-HEADERS = dir.h int.h net.h netdb.h offset.h stdtime.h \
- syslog.h time.h
+HEADERS = dir.h int.h keyboard.h net.h netdb.h offset.h stat.h \
+ stdtime.h strerror.h syslog.h time.h
SUBDIRS =
TARGETS =
Modified: vendor/bind/dist/lib/isc/unix/include/isc/dir.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/dir.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/dir.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dir.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: dir.h,v 1.21 2007/06/19 23:47:19 tbox Exp $ */
/* Principal Authors: DCL */
Modified: vendor/bind/dist/lib/isc/unix/include/isc/int.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/int.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/int.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: int.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: int.h,v 1.16 2007/06/19 23:47:19 tbox Exp $ */
#ifndef ISC_INT_H
#define ISC_INT_H 1
Modified: vendor/bind/dist/lib/isc/unix/include/isc/keyboard.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/keyboard.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/keyboard.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keyboard.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: keyboard.h,v 1.11 2007/06/19 23:47:19 tbox Exp $ */
#ifndef ISC_KEYBOARD_H
#define ISC_KEYBOARD_H 1
Modified: vendor/bind/dist/lib/isc/unix/include/isc/net.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/net.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/net.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: net.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_NET_H
#define ISC_NET_H 1
Modified: vendor/bind/dist/lib/isc/unix/include/isc/netdb.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/netdb.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/netdb.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: netdb.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: netdb.h,v 1.11 2007/06/19 23:47:19 tbox Exp $ */
#ifndef ISC_NETDB_H
#define ISC_NETDB_H 1
Modified: vendor/bind/dist/lib/isc/unix/include/isc/offset.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/offset.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/offset.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: offset.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: offset.h,v 1.17 2008/12/01 23:47:45 tbox Exp $ */
#ifndef ISC_OFFSET_H
#define ISC_OFFSET_H 1
Modified: vendor/bind/dist/lib/isc/unix/include/isc/stat.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/stat.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/stat.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stat.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: stat.h,v 1.5 2007/06/19 23:47:19 tbox Exp $ */
#ifndef ISC_STAT_H
#define ISC_STAT_H 1
@@ -24,7 +24,7 @@
*****/
/*
- * Portable netdb.h support.
+ * Portable <sys/stat.h> support.
*
* This module is responsible for defining S_IS??? macros.
*
Modified: vendor/bind/dist/lib/isc/unix/include/isc/stdtime.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/stdtime.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/stdtime.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stdtime.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISC_STDTIME_H
#define ISC_STDTIME_H 1
Modified: vendor/bind/dist/lib/isc/unix/include/isc/strerror.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/strerror.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/strerror.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: strerror.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: strerror.h,v 1.10 2008/12/01 23:47:45 tbox Exp $ */
#ifndef ISC_STRERROR_H
#define ISC_STRERROR_H
Modified: vendor/bind/dist/lib/isc/unix/include/isc/syslog.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/syslog.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/syslog.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: syslog.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: syslog.h,v 1.7 2007/06/19 23:47:19 tbox Exp $ */
#ifndef ISC_SYSLOG_H
#define ISC_SYSLOG_H 1
Modified: vendor/bind/dist/lib/isc/unix/include/isc/time.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/include/isc/time.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/include/isc/time.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: time.h,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: time.h,v 1.40 2009/01/05 23:47:54 tbox Exp $ */
#ifndef ISC_TIME_H
#define ISC_TIME_H 1
Modified: vendor/bind/dist/lib/isc/unix/interfaceiter.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/interfaceiter.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/interfaceiter.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfaceiter.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: interfaceiter.c,v 1.45 2008/12/01 03:51:47 marka Exp $ */
/*! \file */
@@ -79,14 +79,14 @@
dst->family = family;
switch (family) {
case AF_INET:
- memcpy(&dst->type.in,
- &((struct sockaddr_in *) src)->sin_addr,
- sizeof(struct in_addr));
+ memmove(&dst->type.in,
+ &((struct sockaddr_in *) src)->sin_addr,
+ sizeof(struct in_addr));
break;
case AF_INET6:
sa6 = (struct sockaddr_in6 *)src;
- memcpy(&dst->type.in6, &sa6->sin6_addr,
- sizeof(struct in6_addr));
+ memmove(&dst->type.in6, &sa6->sin6_addr,
+ sizeof(struct in6_addr));
#ifdef ISC_PLATFORM_HAVESCOPEID
if (sa6->sin6_scope_id != 0)
isc_netaddr_setzone(dst, sa6->sin6_scope_id);
@@ -105,8 +105,8 @@
if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
isc_uint16_t zone16;
- memcpy(&zone16, &sa6->sin6_addr.s6_addr[2],
- sizeof(zone16));
+ memmove(&zone16, &sa6->sin6_addr.s6_addr[2],
+ sizeof(zone16));
zone16 = ntohs(zone16);
if (zone16 != 0) {
/* the zone ID is embedded */
@@ -252,7 +252,7 @@
isc_interface_t *ifdata)
{
REQUIRE(iter->result == ISC_R_SUCCESS);
- memcpy(ifdata, &iter->current, sizeof(*ifdata));
+ memmove(ifdata, &iter->current, sizeof(*ifdata));
return (ISC_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/isc/unix/ipv6.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/ipv6.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/ipv6.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ipv6.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: ipv6.c,v 1.14 2007/06/19 23:47:18 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/unix/keyboard.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/keyboard.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/keyboard.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keyboard.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: keyboard.c,v 1.13 2007/06/19 23:47:18 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/unix/net.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/net.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/net.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: net.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/unix/os.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/os.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/os.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: os.c,v 1.18 2007/06/19 23:47:18 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/unix/resource.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/resource.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/resource.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resource.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: resource.c,v 1.23 2009/02/13 23:48:14 tbox Exp $ */
#include <config.h>
Modified: vendor/bind/dist/lib/isc/unix/socket.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/socket.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/socket.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: socket.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -34,6 +34,9 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h> /* uintptr_t */
+#endif
#include <isc/buffer.h>
#include <isc/bufferlist.h>
@@ -49,6 +52,7 @@
#include <isc/platform.h>
#include <isc/print.h>
#include <isc/region.h>
+#include <isc/resource.h>
#include <isc/socket.h>
#include <isc/stats.h>
#include <isc/strerror.h>
@@ -373,6 +377,8 @@
#endif /* USE_EPOLL */
#ifdef USE_DEVPOLL
int devpoll_fd;
+ isc_resourcevalue_t open_max;
+ unsigned int calls;
int nevents;
struct pollfd *events;
#endif /* USE_DEVPOLL */
@@ -476,11 +482,11 @@
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_recvv(isc_socket_t *sock, isc_bufferlist_t *buflist,
unsigned int minimum, isc_task_t *task,
- isc_taskaction_t action, const void *arg);
+ isc_taskaction_t action, void *arg);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_recv(isc_socket_t *sock, isc_region_t *region,
unsigned int minimum, isc_task_t *task,
- isc_taskaction_t action, const void *arg);
+ isc_taskaction_t action, void *arg);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_recv2(isc_socket_t *sock, isc_region_t *region,
unsigned int minimum, isc_task_t *task,
@@ -487,19 +493,24 @@
isc_socketevent_t *event, unsigned int flags);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_send(isc_socket_t *sock, isc_region_t *region,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_sendto(isc_socket_t *sock, isc_region_t *region,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_sendv(isc_socket_t *sock, isc_bufferlist_t *buflist,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_sendtov(isc_socket_t *sock, isc_bufferlist_t *buflist,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo);
ISC_SOCKETFUNC_SCOPE isc_result_t
+isc__socket_sendtov2(isc_socket_t *sock, isc_bufferlist_t *buflist,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
+ isc_sockaddr_t *address, struct in6_pktinfo *pktinfo,
+ unsigned int flags);
+ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_sendto2(isc_socket_t *sock, isc_region_t *region,
isc_task_t *task,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo,
@@ -518,11 +529,11 @@
isc__socket_listen(isc_socket_t *sock, unsigned int backlog);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_accept(isc_socket_t *sock,
- isc_task_t *task, isc_taskaction_t action, const void *arg);
+ isc_task_t *task, isc_taskaction_t action, void *arg);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr,
isc_task_t *task, isc_taskaction_t action,
- const void *arg);
+ void *arg);
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_getpeername(isc_socket_t *sock, isc_sockaddr_t *addressp);
ISC_SOCKETFUNC_SCOPE isc_result_t
@@ -554,8 +565,8 @@
* The following are defined just for avoiding unused static functions.
*/
#ifndef BIND9
- void *recvv, *send, *sendv, *sendto2, *cleanunix, *permunix, *filter,
- *listen, *accept, *getpeername, *isbound;
+ void *recvv, *send, *sendv, *sendto2, *sendtov, *cleanunix, *permunix,
+ *filter, *listen, *accept, *getpeername, *isbound;
#endif
} socketmethods = {
{
@@ -575,6 +586,7 @@
,
(void *)isc__socket_recvv, (void *)isc__socket_send,
(void *)isc__socket_sendv, (void *)isc__socket_sendto2,
+ (void *)isc__socket_sendtov,
(void *)isc__socket_cleanunix, (void *)isc__socket_permunix,
(void *)isc__socket_filter, (void *)isc__socket_listen,
(void *)isc__socket_accept, (void *)isc__socket_getpeername,
@@ -1072,8 +1084,6 @@
"read() failed "
"during watcher poke: %s"),
strbuf);
-
- return;
}
INSIST(cc == sizeof(buf));
@@ -1242,8 +1252,8 @@
&& cmsgp->cmsg_type == IPV6_PKTINFO) {
pktinfop = (struct in6_pktinfo *)CMSG_DATA(cmsgp);
- memcpy(&dev->pktinfo, pktinfop,
- sizeof(struct in6_pktinfo));
+ memmove(&dev->pktinfo, pktinfop,
+ sizeof(struct in6_pktinfo));
dev->attributes |= ISC_SOCKEVENTATTR_PKTINFO;
socket_log(sock, NULL, TRACE,
isc_msgcat, ISC_MSGSET_SOCKET,
@@ -1261,7 +1271,7 @@
&& cmsgp->cmsg_type == SCM_TIMESTAMP) {
struct timeval tv;
timevalp = CMSG_DATA(cmsgp);
- memcpy(&tv, timevalp, sizeof(tv));
+ memmove(&tv, timevalp, sizeof(tv));
dev->timestamp.seconds = tv.tv_sec;
dev->timestamp.nanoseconds = tv.tv_usec * 1000;
dev->attributes |= ISC_SOCKEVENTATTR_TIMESTAMP;
@@ -1387,7 +1397,7 @@
cmsgp->cmsg_type = IPV6_PKTINFO;
cmsgp->cmsg_len = cmsg_len(sizeof(struct in6_pktinfo));
pktinfop = (struct in6_pktinfo *)CMSG_DATA(cmsgp);
- memcpy(pktinfop, &dev->pktinfo, sizeof(struct in6_pktinfo));
+ memmove(pktinfop, &dev->pktinfo, sizeof(struct in6_pktinfo));
#if defined(IPV6_USE_MIN_MTU)
/*
* Set IPV6_USE_MIN_MTU as a per packet option as FreeBSD
@@ -1402,7 +1412,7 @@
cmsgp->cmsg_level = IPPROTO_IPV6;
cmsgp->cmsg_type = IPV6_USE_MIN_MTU;
cmsgp->cmsg_len = cmsg_len(sizeof(use_min_mtu));
- memcpy(CMSG_DATA(cmsgp), &use_min_mtu, sizeof(use_min_mtu));
+ memmove(CMSG_DATA(cmsgp), &use_min_mtu, sizeof(use_min_mtu));
#endif
}
#endif /* USE_CMSG && ISC_PLATFORM_HAVEIPV6 */
@@ -1574,7 +1584,7 @@
static isc_socketevent_t *
allocate_socketevent(isc__socket_t *sock, isc_eventtype_t eventtype,
- isc_taskaction_t action, const void *arg)
+ isc_taskaction_t action, void *arg)
{
isc_socketevent_t *ev;
@@ -1687,6 +1697,10 @@
/* HPUX 11.11 can return EADDRNOTAVAIL. */
SOFT_OR_HARD(EADDRNOTAVAIL, ISC_R_ADDRNOTAVAIL);
ALWAYS_HARD(ENOBUFS, ISC_R_NORESOURCES);
+ /* Should never get this one but it was seen. */
+#ifdef ENOPROTOOPT
+ SOFT_OR_HARD(ENOPROTOOPT, ISC_R_HOSTUNREACH);
+#endif
/*
* HPUX returns EPROTO and EINVAL on receiving some ICMP/ICMPv6
* errors.
@@ -1928,7 +1942,7 @@
* references exist.
*/
static void
-closesocket(isc__socketmgr_t *manager, isc__socket_t *sock, int fd) {
+socketclose(isc__socketmgr_t *manager, isc__socket_t *sock, int fd) {
isc_sockettype_t type = sock->type;
int lockid = FDLOCK_ID(fd);
@@ -2008,7 +2022,7 @@
if (sock->fd >= 0) {
fd = sock->fd;
sock->fd = -1;
- closesocket(manager, sock, fd);
+ socketclose(manager, sock, fd);
}
LOCK(&manager->lock);
@@ -2834,7 +2848,7 @@
UNLOCK(&sock->lock);
- closesocket(manager, sock, fd);
+ socketclose(manager, sock, fd);
return (ISC_R_SUCCESS);
}
@@ -3753,8 +3767,10 @@
#elif defined (USE_EPOLL)
const char *fnname = "epoll_wait()";
#elif defined(USE_DEVPOLL)
+ isc_result_t result;
const char *fnname = "ioctl(DP_POLL)";
struct dvpoll dvp;
+ int pass;
#elif defined (USE_SELECT)
const char *fnname = "select()";
int maxfd;
@@ -3781,23 +3797,51 @@
cc = epoll_wait(manager->epoll_fd, manager->events,
manager->nevents, -1);
#elif defined(USE_DEVPOLL)
- dvp.dp_fds = manager->events;
- dvp.dp_nfds = manager->nevents;
+ /*
+ * Re-probe every thousand calls.
+ */
+ if (manager->calls++ > 1000U) {
+ result = isc_resource_getcurlimit(
+ isc_resource_openfiles,
+ &manager->open_max);
+ if (result != ISC_R_SUCCESS)
+ manager->open_max = 64;
+ manager->calls = 0;
+ }
+ for (pass = 0; pass < 2; pass++) {
+ dvp.dp_fds = manager->events;
+ dvp.dp_nfds = manager->nevents;
+ if (dvp.dp_nfds >= manager->open_max)
+ dvp.dp_nfds = manager->open_max - 1;
#ifndef ISC_SOCKET_USE_POLLWATCH
- dvp.dp_timeout = -1;
+ dvp.dp_timeout = -1;
#else
- if (pollstate == poll_idle)
- dvp.dp_timeout = -1;
- else
- dvp.dp_timeout = ISC_SOCKET_POLLWATCH_TIMEOUT;
+ if (pollstate == poll_idle)
+ dvp.dp_timeout = -1;
+ else
+ dvp.dp_timeout =
+ ISC_SOCKET_POLLWATCH_TIMEOUT;
#endif /* ISC_SOCKET_USE_POLLWATCH */
- cc = ioctl(manager->devpoll_fd, DP_POLL, &dvp);
+ cc = ioctl(manager->devpoll_fd, DP_POLL, &dvp);
+ if (cc == -1 && errno == EINVAL) {
+ /*
+ * {OPEN_MAX} may have dropped. Look
+ * up the current value and try again.
+ */
+ result = isc_resource_getcurlimit(
+ isc_resource_openfiles,
+ &manager->open_max);
+ if (result != ISC_R_SUCCESS)
+ manager->open_max = 64;
+ } else
+ break;
+ }
#elif defined(USE_SELECT)
LOCK(&manager->lock);
- memcpy(manager->read_fds_copy, manager->read_fds,
- manager->fd_bufsize);
- memcpy(manager->write_fds_copy, manager->write_fds,
- manager->fd_bufsize);
+ memmove(manager->read_fds_copy, manager->read_fds,
+ manager->fd_bufsize);
+ memmove(manager->write_fds_copy, manager->write_fds,
+ manager->fd_bufsize);
maxfd = manager->maxfd + 1;
UNLOCK(&manager->lock);
@@ -3953,11 +3997,12 @@
}
#endif /* USE_WATCHER_THREAD */
#elif defined(USE_DEVPOLL)
- /*
- * XXXJT: /dev/poll seems to reject large numbers of events,
- * so we should be careful about redefining ISC_SOCKET_MAXEVENTS.
- */
manager->nevents = ISC_SOCKET_MAXEVENTS;
+ result = isc_resource_getcurlimit(isc_resource_openfiles,
+ &manager->open_max);
+ if (result != ISC_R_SUCCESS)
+ manager->open_max = 64;
+ manager->calls = 0;
manager->events = isc_mem_get(mctx, sizeof(struct pollfd) *
manager->nevents);
if (manager->events == NULL)
@@ -4488,7 +4533,7 @@
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_recvv(isc_socket_t *sock0, isc_bufferlist_t *buflist,
unsigned int minimum, isc_task_t *task,
- isc_taskaction_t action, const void *arg)
+ isc_taskaction_t action, void *arg)
{
isc__socket_t *sock = (isc__socket_t *)sock0;
isc_socketevent_t *dev;
@@ -4542,7 +4587,7 @@
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_recv(isc_socket_t *sock0, isc_region_t *region,
unsigned int minimum, isc_task_t *task,
- isc_taskaction_t action, const void *arg)
+ isc_taskaction_t action, void *arg)
{
isc__socket_t *sock = (isc__socket_t *)sock0;
isc_socketevent_t *dev;
@@ -4687,7 +4732,7 @@
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_send(isc_socket_t *sock, isc_region_t *region,
- isc_task_t *task, isc_taskaction_t action, const void *arg)
+ isc_task_t *task, isc_taskaction_t action, void *arg)
{
/*
* REQUIRE() checking is performed in isc_socket_sendto().
@@ -4698,7 +4743,7 @@
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_sendto(isc_socket_t *sock0, isc_region_t *region,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo)
{
isc__socket_t *sock = (isc__socket_t *)sock0;
@@ -4726,17 +4771,27 @@
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_sendv(isc_socket_t *sock, isc_bufferlist_t *buflist,
- isc_task_t *task, isc_taskaction_t action, const void *arg)
+ isc_task_t *task, isc_taskaction_t action, void *arg)
{
- return (isc__socket_sendtov(sock, buflist, task, action, arg, NULL,
- NULL));
+ return (isc__socket_sendtov2(sock, buflist, task, action, arg, NULL,
+ NULL, 0));
}
ISC_SOCKETFUNC_SCOPE isc_result_t
-isc__socket_sendtov(isc_socket_t *sock0, isc_bufferlist_t *buflist,
- isc_task_t *task, isc_taskaction_t action, const void *arg,
+isc__socket_sendtov(isc_socket_t *sock, isc_bufferlist_t *buflist,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
isc_sockaddr_t *address, struct in6_pktinfo *pktinfo)
{
+ return (isc__socket_sendtov2(sock, buflist, task, action, arg, address,
+ pktinfo, 0));
+}
+
+ISC_SOCKETFUNC_SCOPE isc_result_t
+isc__socket_sendtov2(isc_socket_t *sock0, isc_bufferlist_t *buflist,
+ isc_task_t *task, isc_taskaction_t action, void *arg,
+ isc_sockaddr_t *address, struct in6_pktinfo *pktinfo,
+ unsigned int flags)
+{
isc__socket_t *sock = (isc__socket_t *)sock0;
isc_socketevent_t *dev;
isc__socketmgr_t *manager;
@@ -4769,7 +4824,7 @@
buffer = ISC_LIST_HEAD(*buflist);
}
- return (socket_send(sock, dev, task, address, pktinfo, 0));
+ return (socket_send(sock, dev, task, address, pktinfo, flags));
}
ISC_SOCKETFUNC_SCOPE isc_result_t
@@ -5130,7 +5185,7 @@
*/
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_accept(isc_socket_t *sock0,
- isc_task_t *task, isc_taskaction_t action, const void *arg)
+ isc_task_t *task, isc_taskaction_t action, void *arg)
{
isc__socket_t *sock = (isc__socket_t *)sock0;
isc_socket_newconnev_t *dev;
@@ -5205,7 +5260,7 @@
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_connect(isc_socket_t *sock0, isc_sockaddr_t *addr,
- isc_task_t *task, isc_taskaction_t action, const void *arg)
+ isc_task_t *task, isc_taskaction_t action, void *arg)
{
isc__socket_t *sock = (isc__socket_t *)sock0;
isc_socket_connev_t *dev;
@@ -5714,8 +5769,6 @@
isc_socketwait_t **swaitp)
{
isc__socketmgr_t *manager = (isc__socketmgr_t *)manager0;
-
-
int n;
#ifdef USE_KQUEUE
struct timespec ts, *tsp;
@@ -5724,6 +5777,8 @@
int timeout;
#endif
#ifdef USE_DEVPOLL
+ isc_result_t result;
+ int pass;
struct dvpoll dvp;
#endif
@@ -5757,19 +5812,45 @@
manager->nevents, timeout);
n = swait_private.nevents;
#elif defined(USE_DEVPOLL)
- dvp.dp_fds = manager->events;
- dvp.dp_nfds = manager->nevents;
- if (tvp != NULL) {
- dvp.dp_timeout = tvp->tv_sec * 1000 +
- (tvp->tv_usec + 999) / 1000;
- } else
- dvp.dp_timeout = -1;
- swait_private.nevents = ioctl(manager->devpoll_fd, DP_POLL, &dvp);
- n = swait_private.nevents;
+ /*
+ * Re-probe every thousand calls.
+ */
+ if (manager->calls++ > 1000U) {
+ result = isc_resource_getcurlimit(isc_resource_openfiles,
+ &manager->open_max);
+ if (result != ISC_R_SUCCESS)
+ manager->open_max = 64;
+ manager->calls = 0;
+ }
+ for (pass = 0; pass < 2; pass++) {
+ dvp.dp_fds = manager->events;
+ dvp.dp_nfds = manager->nevents;
+ if (dvp.dp_nfds >= manager->open_max)
+ dvp.dp_nfds = manager->open_max - 1;
+ if (tvp != NULL) {
+ dvp.dp_timeout = tvp->tv_sec * 1000 +
+ (tvp->tv_usec + 999) / 1000;
+ } else
+ dvp.dp_timeout = -1;
+ n = ioctl(manager->devpoll_fd, DP_POLL, &dvp);
+ if (n == -1 && errno == EINVAL) {
+ /*
+ * {OPEN_MAX} may have dropped. Look
+ * up the current value and try again.
+ */
+ result = isc_resource_getcurlimit(
+ isc_resource_openfiles,
+ &manager->open_max);
+ if (result != ISC_R_SUCCESS)
+ manager->open_max = 64;
+ } else
+ break;
+ }
+ swait_private.nevents = n;
#elif defined(USE_SELECT)
- memcpy(manager->read_fds_copy, manager->read_fds, manager->fd_bufsize);
- memcpy(manager->write_fds_copy, manager->write_fds,
- manager->fd_bufsize);
+ memmove(manager->read_fds_copy, manager->read_fds, manager->fd_bufsize);
+ memmove(manager->write_fds_copy, manager->write_fds,
+ manager->fd_bufsize);
swait_private.readset = manager->read_fds_copy;
swait_private.writeset = manager->write_fds_copy;
@@ -5841,7 +5922,7 @@
#ifdef USE_SOCKETIMPREGISTER
isc_result_t
-isc__socket_register() {
+isc__socket_register(void) {
return (isc_socket_register(isc__socketmgr_create));
}
#endif
Modified: vendor/bind/dist/lib/isc/unix/socket_p.h
===================================================================
--- vendor/bind/dist/lib/isc/unix/socket_p.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/socket_p.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: socket_p.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: socket_p.h,v 1.15 2009/09/02 23:48:03 tbox Exp $ */
#ifndef ISC_SOCKET_P_H
#define ISC_SOCKET_P_H
Modified: vendor/bind/dist/lib/isc/unix/stdio.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/stdio.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/stdio.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stdio.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -24,6 +24,7 @@
#include <isc/stdio.h>
#include <isc/stat.h>
+#include <isc/util.h>
#include "errno2result.h"
@@ -50,10 +51,10 @@
}
isc_result_t
-isc_stdio_seek(FILE *f, long offset, int whence) {
+isc_stdio_seek(FILE *f, off_t offset, int whence) {
int r;
- r = fseek(f, offset, whence);
+ r = fseeko(f, offset, whence);
if (r == 0)
return (ISC_R_SUCCESS);
else
@@ -61,6 +62,20 @@
}
isc_result_t
+isc_stdio_tell(FILE *f, off_t *offsetp) {
+ off_t r;
+
+ REQUIRE(offsetp != NULL);
+
+ r = ftello(f);
+ if (r >= 0) {
+ *offsetp = r;
+ return (ISC_R_SUCCESS);
+ } else
+ return (isc__errno2result(errno));
+}
+
+isc_result_t
isc_stdio_read(void *ptr, size_t size, size_t nmemb, FILE *f, size_t *nret) {
isc_result_t result = ISC_R_SUCCESS;
size_t r;
Modified: vendor/bind/dist/lib/isc/unix/stdtime.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/stdtime.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/stdtime.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stdtime.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: stdtime.c,v 1.19 2007/06/19 23:47:18 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/unix/strerror.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/strerror.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/strerror.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: strerror.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: strerror.c,v 1.10 2009/02/16 23:48:04 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/unix/syslog.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/syslog.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/syslog.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: syslog.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: syslog.c,v 1.8 2007/09/13 04:45:18 each Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/unix/time.c
===================================================================
--- vendor/bind/dist/lib/isc/unix/time.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/unix/time.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: time.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/version.c
===================================================================
--- vendor/bind/dist/lib/isc/version.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/version.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.c,v 1.1.1.1 2013-01-30 01:45:00 laffer1 Exp $ */
+/* $Id: version.c,v 1.15 2007/06/19 23:47:17 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isc/x86_32/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/x86_32/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_32/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/x86_32/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/x86_32/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_32/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/x86_32/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/x86_32/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_32/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/x86_32/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/x86_32/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_32/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: atomic.h,v 1.10 2008/01/24 23:47:00 tbox Exp $ */
#ifndef ISC_ATOMIC_H
#define ISC_ATOMIC_H 1
Modified: vendor/bind/dist/lib/isc/x86_64/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/x86_64/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_64/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/x86_64/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/x86_64/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_64/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:09:59 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/x86_64/include/isc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isc/x86_64/include/isc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_64/include/isc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.2 2007/09/14 04:10:00 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isc/x86_64/include/isc/atomic.h
===================================================================
--- vendor/bind/dist/lib/isc/x86_64/include/isc/atomic.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isc/x86_64/include/isc/atomic.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: atomic.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: atomic.h,v 1.6 2008/01/24 23:47:00 tbox Exp $ */
#ifndef ISC_ATOMIC_H
#define ISC_ATOMIC_H 1
Modified: vendor/bind/dist/lib/isccc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isccc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001, 2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -80,7 +80,7 @@
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccc. at A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libisccc. at A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libisccc. at A@ timestamp
Modified: vendor/bind/dist/lib/isccc/alist.c
===================================================================
--- vendor/bind/dist/lib/isccc/alist.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/alist.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: alist.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: alist.c,v 1.8 2007/08/28 07:20:43 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccc/api
===================================================================
--- vendor/bind/dist/lib/isccc/api 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/api 2016-11-03 12:20:06 UTC (rev 9200)
@@ -5,5 +5,5 @@
# 9.9: 90-109
# 9.9-sub: 130-139
LIBINTERFACE = 80
-LIBREVISION = 3
+LIBREVISION = 6
LIBAGE = 0
Modified: vendor/bind/dist/lib/isccc/base64.c
===================================================================
--- vendor/bind/dist/lib/isccc/base64.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/base64.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: base64.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: base64.c,v 1.8 2007/08/28 07:20:43 tbox Exp $ */
/*! \file */
@@ -53,8 +53,9 @@
isc_result_t result;
sr.base = source->rstart;
- sr.length = source->rend - source->rstart;
- isc_buffer_init(&tb, target->rstart, target->rend - target->rstart);
+ sr.length = (unsigned int)(source->rend - source->rstart);
+ isc_buffer_init(&tb, target->rstart,
+ (unsigned int)(target->rend - target->rstart));
result = isc_base64_totext(&sr, wordlength, wordbreak, &tb);
if (result != ISC_R_SUCCESS)
@@ -69,7 +70,8 @@
isc_buffer_t b;
isc_result_t result;
- isc_buffer_init(&b, target->rstart, target->rend - target->rstart);
+ isc_buffer_init(&b, target->rstart,
+ (unsigned int)(target->rend - target->rstart));
result = isc_base64_decodestring(cstr, &b);
if (result != ISC_R_SUCCESS)
return (result);
Modified: vendor/bind/dist/lib/isccc/cc.c
===================================================================
--- vendor/bind/dist/lib/isccc/cc.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/cc.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2007, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cc.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: cc.c,v 1.18 2007/08/28 07:20:43 tbox Exp $ */
/*! \file */
@@ -42,6 +42,7 @@
#include <isc/assertions.h>
#include <isc/hmacmd5.h>
#include <isc/print.h>
+#include <isc/safe.h>
#include <isc/stdlib.h>
#include <isccc/alist.h>
@@ -86,7 +87,7 @@
static isc_result_t
value_towire(isccc_sexpr_t *elt, isccc_region_t *target)
{
- size_t len;
+ unsigned int len;
unsigned char *lenp;
isccc_region_t *vr;
isc_result_t result;
@@ -116,7 +117,7 @@
result = table_towire(elt, target);
if (result != ISC_R_SUCCESS)
return (result);
- len = (size_t)(target->rstart - lenp);
+ len = (unsigned int)(target->rstart - lenp);
/*
* 'len' is 4 bytes too big, since it counts
* the placeholder length too. Adjust and
@@ -140,7 +141,7 @@
result = list_towire(elt, target);
if (result != ISC_R_SUCCESS)
return (result);
- len = (size_t)(target->rstart - lenp);
+ len = (unsigned int)(target->rstart - lenp);
/*
* 'len' is 4 bytes too big, since it counts
* the placeholder length. Adjust and emit.
@@ -264,7 +265,8 @@
if (result != ISC_R_SUCCESS)
return (result);
if (secret != NULL)
- return (sign(signed_rstart, (target->rstart - signed_rstart),
+ return (sign(signed_rstart,
+ (unsigned int)(target->rstart - signed_rstart),
hmd5_rstart, secret));
return (ISC_R_SUCCESS);
}
@@ -311,7 +313,8 @@
/*
* Verify.
*/
- if (strcmp((char *)digestb64, isccc_sexpr_tostring(hmd5)) != 0)
+ if (!isc_safe_memcmp((unsigned char *) isccc_sexpr_tostring(hmd5),
+ digestb64, HMD5_LENGTH))
return (ISCCC_R_BADAUTH);
return (ISC_R_SUCCESS);
@@ -402,6 +405,7 @@
if (secret != NULL) {
if (checksum_rstart != NULL)
result = verify(alist, checksum_rstart,
+ (unsigned int)
(source->rend - checksum_rstart),
secret);
else
Modified: vendor/bind/dist/lib/isccc/ccmsg.c
===================================================================
--- vendor/bind/dist/lib/isccc/ccmsg.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/ccmsg.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ccmsg.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: ccmsg.c,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccc/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isccc/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.5 2007/06/19 23:47:22 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isccc/include/isccc/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.7 2007/06/19 23:47:22 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isccc/include/isccc/alist.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/alist.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/alist.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: alist.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: alist.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_ALIST_H
#define ISCCC_ALIST_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/base64.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/base64.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/base64.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: base64.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: base64.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_BASE64_H
#define ISCCC_BASE64_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/cc.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/cc.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/cc.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cc.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: cc.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_CC_H
#define ISCCC_CC_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/ccmsg.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/ccmsg.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/ccmsg.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ccmsg.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: ccmsg.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_CCMSG_H
#define ISCCC_CCMSG_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/events.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/events.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/events.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: events.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: events.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_EVENTS_H
#define ISCCC_EVENTS_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/lib.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/lib.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/lib.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lib.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lib.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_LIB_H
#define ISCCC_LIB_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/result.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/result.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/result.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: result.h,v 1.12 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_RESULT_H
#define ISCCC_RESULT_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/sexpr.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/sexpr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/sexpr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sexpr.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: sexpr.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_SEXPR_H
#define ISCCC_SEXPR_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/symtab.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/symtab.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/symtab.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: symtab.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: symtab.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_SYMTAB_H
#define ISCCC_SYMTAB_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/symtype.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/symtype.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/symtype.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: symtype.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: symtype.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_SYMTYPE_H
#define ISCCC_SYMTYPE_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/types.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/types.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/types.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: types.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: types.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_TYPES_H
#define ISCCC_TYPES_H 1
Modified: vendor/bind/dist/lib/isccc/include/isccc/util.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/util.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/util.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: util.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: util.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */
#ifndef ISCCC_UTIL_H
#define ISCCC_UTIL_H 1
@@ -52,15 +52,15 @@
#define GET16(v, w) \
do { \
v = (unsigned int)w[0] << 8; \
- v |= (unsigned int)w[1]; \
+ v |= (unsigned int)w[1]; \
w += 2; \
} while (0)
#define GET24(v, w) \
do { \
- v = (unsigned int)w[0] << 16; \
- v |= (unsigned int)w[1] << 8; \
- v |= (unsigned int)w[2]; \
+ v = (unsigned int)w[0] << 16; \
+ v |= (unsigned int)w[1] << 8; \
+ v |= (unsigned int)w[2]; \
w += 3; \
} while (0)
@@ -67,9 +67,9 @@
#define GET32(v, w) \
do { \
v = (unsigned int)w[0] << 24; \
- v |= (unsigned int)w[1] << 16; \
- v |= (unsigned int)w[2] << 8; \
- v |= (unsigned int)w[3]; \
+ v |= (unsigned int)w[1] << 16; \
+ v |= (unsigned int)w[2] << 8; \
+ v |= (unsigned int)w[3]; \
w += 4; \
} while (0)
@@ -76,13 +76,13 @@
#define GET64(v, w) \
do { \
v = (isc_uint64_t)w[0] << 56; \
- v |= (isc_uint64_t)w[1] << 48; \
- v |= (isc_uint64_t)w[2] << 40; \
- v |= (isc_uint64_t)w[3] << 32; \
- v |= (isc_uint64_t)w[4] << 24; \
- v |= (isc_uint64_t)w[5] << 16; \
- v |= (isc_uint64_t)w[6] << 8; \
- v |= (isc_uint64_t)w[7]; \
+ v |= (isc_uint64_t)w[1] << 48; \
+ v |= (isc_uint64_t)w[2] << 40; \
+ v |= (isc_uint64_t)w[3] << 32; \
+ v |= (isc_uint64_t)w[4] << 24; \
+ v |= (isc_uint64_t)w[5] << 16; \
+ v |= (isc_uint64_t)w[6] << 8; \
+ v |= (isc_uint64_t)w[7]; \
w += 8; \
} while (0)
@@ -91,7 +91,7 @@
GET8(v, w); \
if (v == 0) \
d = ISCCC_TRUE; \
- else { \
+ else { \
d = ISCCC_FALSE; \
if (v == 255) \
GET16(v, w); \
@@ -101,7 +101,7 @@
#define GETC32(v, w) \
do { \
GET24(v, w); \
- if (v == 0xffffffu) \
+ if (v == 0xffffffu) \
GET32(v, w); \
} while (0)
@@ -109,7 +109,7 @@
#define GET_MEM(v, c, w) \
do { \
- memcpy(v, w, c); \
+ memmove(v, w, c); \
w += c; \
} while (0)
@@ -193,7 +193,7 @@
#define PUT_MEM(s, c, w) \
do { \
- memcpy(w, s, c); \
+ memmove(w, s, c); \
w += c; \
} while (0)
Modified: vendor/bind/dist/lib/isccc/include/isccc/version.h
===================================================================
--- vendor/bind/dist/lib/isccc/include/isccc/version.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/include/isccc/version.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: version.h,v 1.9 2007/06/19 23:47:22 tbox Exp $ */
/*! \file isccc/version.h */
Modified: vendor/bind/dist/lib/isccc/lib.c
===================================================================
--- vendor/bind/dist/lib/isccc/lib.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/lib.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lib.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lib.c,v 1.9 2007/08/28 07:20:43 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccc/result.c
===================================================================
--- vendor/bind/dist/lib/isccc/result.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/result.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: result.c,v 1.10 2007/08/28 07:20:43 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccc/sexpr.c
===================================================================
--- vendor/bind/dist/lib/isccc/sexpr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/sexpr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sexpr.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: sexpr.c,v 1.9 2007/08/28 07:20:43 tbox Exp $ */
/*! \file */
@@ -112,7 +112,7 @@
}
sexpr->value.as_region.rend = sexpr->value.as_region.rstart +
region_size;
- memcpy(sexpr->value.as_region.rstart, region->rstart, region_size);
+ memmove(sexpr->value.as_region.rstart, region->rstart, region_size);
/*
* NUL terminate.
*/
@@ -311,7 +311,7 @@
REQUIRE(sexpr != NULL &&
(sexpr->type == ISCCC_SEXPRTYPE_STRING ||
sexpr->type == ISCCC_SEXPRTYPE_BINARY));
-
+
if (sexpr->type == ISCCC_SEXPRTYPE_BINARY)
return ((char *)sexpr->value.as_region.rstart);
return (sexpr->value.as_string);
Modified: vendor/bind/dist/lib/isccc/symtab.c
===================================================================
--- vendor/bind/dist/lib/isccc/symtab.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/symtab.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -29,7 +29,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: symtab.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: symtab.c,v 1.11 2007/09/13 04:45:18 each Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccc/version.c
===================================================================
--- vendor/bind/dist/lib/isccc/version.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccc/version.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: version.c,v 1.7 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccfg/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isccfg/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
@@ -78,7 +78,7 @@
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg. at A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libisccfg. at A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libisccfg. at A@ timestamp
Modified: vendor/bind/dist/lib/isccfg/aclconf.c
===================================================================
--- vendor/bind/dist/lib/isccfg/aclconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/aclconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aclconf.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
#include <config.h>
@@ -213,15 +213,17 @@
* elements table after all the nested ACLs have been merged in to the
* parent.
*/
-static int
+static isc_result_t
count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
- isc_boolean_t *has_negative)
+ isc_log_t *lctx, cfg_aclconfctx_t *ctx, isc_mem_t *mctx,
+ isc_uint32_t *count, isc_boolean_t *has_negative)
{
const cfg_listelt_t *elt;
- const cfg_obj_t *cacl = NULL;
isc_result_t result;
- int n = 0;
+ isc_uint32_t n = 0;
+ REQUIRE(count != NULL);
+
if (has_negative != NULL)
*has_negative = ISC_FALSE;
@@ -241,7 +243,12 @@
n++;
} else if (cfg_obj_islist(ce)) {
isc_boolean_t negative;
- n += count_acl_elements(ce, cctx, &negative);
+ isc_uint32_t sub;
+ result = count_acl_elements(ce, cctx, lctx, ctx, mctx,
+ &sub, &negative);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ n += sub;
if (negative)
n++;
} else if (cfg_obj_isstring(ce)) {
@@ -251,26 +258,45 @@
n++;
} else if (strcasecmp(name, "any") != 0 &&
strcasecmp(name, "none") != 0) {
- result = get_acl_def(cctx, name, &cacl);
- if (result == ISC_R_SUCCESS)
- n += count_acl_elements(cacl, cctx,
- NULL) + 1;
+ dns_acl_t *inneracl = NULL;
+ /*
+ * Convert any named acls we reference now if
+ * they have not already been converted.
+ */
+ result = convert_named_acl(ce, cctx, lctx, ctx,
+ mctx, 0, &inneracl);
+ if (result == ISC_R_SUCCESS) {
+ if (inneracl->has_negatives)
+ n++;
+ else
+ n += inneracl->length;
+ dns_acl_detach(&inneracl);
+ } else
+ return (result);
}
}
}
- return n;
+ *count = n;
+ return (ISC_R_SUCCESS);
}
isc_result_t
-cfg_acl_fromconfig(const cfg_obj_t *caml,
- const cfg_obj_t *cctx,
- isc_log_t *lctx,
- cfg_aclconfctx_t *ctx,
- isc_mem_t *mctx,
- unsigned int nest_level,
+cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx,
+ isc_log_t *lctx, cfg_aclconfctx_t *ctx,
+ isc_mem_t *mctx, unsigned int nest_level,
dns_acl_t **target)
{
+ return (cfg_acl_fromconfig2(caml, cctx, lctx, ctx, mctx,
+ nest_level, 0, target));
+}
+
+isc_result_t
+cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
+ isc_log_t *lctx, cfg_aclconfctx_t *ctx,
+ isc_mem_t *mctx, unsigned int nest_level,
+ isc_uint16_t family, dns_acl_t **target)
+{
isc_result_t result;
dns_acl_t *dacl = NULL, *inneracl = NULL;
dns_aclelement_t *de;
@@ -300,11 +326,14 @@
* elements table. (Note that if nest_level is nonzero,
* *everything* goes in the elements table.)
*/
- int nelem;
+ isc_uint32_t nelem;
- if (nest_level == 0)
- nelem = count_acl_elements(caml, cctx, NULL);
- else
+ if (nest_level == 0) {
+ result = count_acl_elements(caml, cctx, lctx, ctx,
+ mctx, &nelem, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ } else
nelem = cfg_list_length(caml, ISC_FALSE);
result = dns_acl_create(mctx, nelem, &dacl);
@@ -319,6 +348,8 @@
const cfg_obj_t *ce = cfg_listelt_value(elt);
isc_boolean_t neg;
+ INSIST(dacl->length <= dacl->alloc);
+
if (cfg_obj_istuple(ce)) {
/* This must be a negated element. */
ce = cfg_tuple_get(ce, "value");
@@ -349,6 +380,16 @@
unsigned int bitlen;
cfg_obj_asnetprefix(ce, &addr, &bitlen);
+ if (family != 0 && family != addr.family) {
+ char buf[ISC_NETADDR_FORMATSIZE + 1];
+ isc_netaddr_format(&addr, buf, sizeof(buf));
+ cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
+ "'%s': incorrect address family; "
+ "ignoring", buf);
+ if (nest_level != 0)
+ dns_acl_detach(&de->nestedacl);
+ continue;
+ }
/*
* If nesting ACLs (nest_level != 0), we negate
@@ -360,6 +401,7 @@
goto cleanup;
if (nest_level > 0) {
+ INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
@@ -381,6 +423,7 @@
goto cleanup;
nested_acl:
if (nest_level > 0 || inneracl->has_negatives) {
+ INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
if (de->nestedacl != NULL)
@@ -390,14 +433,18 @@
dns_acl_detach(&inneracl);
/* Fall through. */
} else {
+ INSIST(dacl->length + inneracl->length
+ <= dacl->alloc);
dns_acl_merge(dacl, inneracl,
ISC_TF(!neg));
de += inneracl->length; /* elements added */
dns_acl_detach(&inneracl);
+ INSIST(dacl->length <= dacl->alloc);
continue;
}
} else if (cfg_obj_istype(ce, &cfg_type_keyref)) {
/* Key name. */
+ INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_keyname;
de->negative = neg;
dns_name_init(&de->keyname, NULL);
@@ -416,6 +463,7 @@
goto cleanup;
if (nest_level != 0) {
+ INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
@@ -437,19 +485,26 @@
dacl->has_negatives = !neg;
if (nest_level != 0) {
+ INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = !neg;
} else
continue;
} else if (strcasecmp(name, "localhost") == 0) {
+ INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_localhost;
de->negative = neg;
} else if (strcasecmp(name, "localnets") == 0) {
+ INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_localnets;
de->negative = neg;
} else {
if (inneracl != NULL)
dns_acl_detach(&inneracl);
+ /*
+ * This call should just find the cached
+ * of the named acl.
+ */
result = convert_named_acl(ce, cctx, lctx, ctx,
mctx, new_nest_level,
&inneracl);
Modified: vendor/bind/dist/lib/isccfg/api
===================================================================
--- vendor/bind/dist/lib/isccfg/api 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/api 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,6 +4,6 @@
# 9.8: 80-89, 120-129
# 9.9: 90-109
# 9.9-sub: 130-139
-LIBINTERFACE = 82
-LIBREVISION = 7
-LIBAGE = 0
+LIBINTERFACE = 84
+LIBREVISION = 2
+LIBAGE = 2
Modified: vendor/bind/dist/lib/isccfg/dnsconf.c
===================================================================
--- vendor/bind/dist/lib/isccfg/dnsconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/dnsconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnsconf.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: dnsconf.c,v 1.4 2009/09/02 23:48:03 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccfg/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isccfg/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.7 2007/06/19 23:47:22 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/Makefile.in
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001, 2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.12 2007/06/19 23:47:22 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -26,7 +26,8 @@
# machine generated. The latter are handled specially in the
# install target below.
#
-HEADERS = aclconf.h cfg.h grammar.h log.h namedconf.h version.h
+HEADERS = aclconf.h cfg.h dnsconf.h grammar.h log.h namedconf.h \
+ version.h
SUBDIRS =
TARGETS =
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/aclconf.h
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/aclconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/aclconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2010-2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aclconf.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
#ifndef ISCCFG_ACLCONF_H
#define ISCCFG_ACLCONF_H 1
@@ -58,13 +58,16 @@
*/
isc_result_t
-cfg_acl_fromconfig(const cfg_obj_t *caml,
- const cfg_obj_t *cctx,
- isc_log_t *lctx,
- cfg_aclconfctx_t *ctx,
- isc_mem_t *mctx,
- unsigned int nest_level,
+cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx,
+ isc_log_t *lctx, cfg_aclconfctx_t *ctx,
+ isc_mem_t *mctx, unsigned int nest_level,
dns_acl_t **target);
+
+isc_result_t
+cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
+ isc_log_t *lctx, cfg_aclconfctx_t *ctx,
+ isc_mem_t *mctx, unsigned int nest_level,
+ isc_uint16_t family, dns_acl_t **target);
/*
* Construct a new dns_acl_t from configuration data in 'caml' and
* 'cctx'. Memory is allocated through 'mctx'.
@@ -75,6 +78,11 @@
* nested dns_acl_t object when the referring objects were created
* passing the same ACL configuration context 'ctx'.
*
+ * cfg_acl_fromconfig() is a backward-compatible version of
+ * cfg_acl_fromconfig2(), which allows an address family to be
+ * specified. If 'family' is not zero, then only addresses/prefixes
+ * of a matching family (AF_INET or AF_INET6) may be configured.
+ *
* On success, attach '*target' to the new dns_acl_t object.
*/
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/cfg.h
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/cfg.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/cfg.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cfg.h,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: cfg.h,v 1.46 2010/08/13 23:47:04 tbox Exp $ */
#ifndef ISCCFG_CFG_H
#define ISCCFG_CFG_H 1
@@ -380,10 +380,20 @@
cfg_print(const cfg_obj_t *obj,
void (*f)(void *closure, const char *text, int textlen),
void *closure);
+void
+cfg_printx(const cfg_obj_t *obj, unsigned int flags,
+ void (*f)(void *closure, const char *text, int textlen),
+ void *closure);
+
+#define CFG_PRINTER_XKEY 0x1 /* '?' out shared keys. */
+
/*%<
* Print the configuration object 'obj' by repeatedly calling the
* function 'f', passing 'closure' and a region of text starting
* at 'text' and comprising 'textlen' characters.
+ *
+ * If CFG_PRINTER_XKEY the contents of shared keys will be obscured
+ * by replacing them with question marks ('?')
*/
void
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/dnsconf.h
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/dnsconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/dnsconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnsconf.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: dnsconf.h,v 1.3 2009/09/02 23:48:03 tbox Exp $ */
#ifndef ISCCFG_NAMEDCONF_H
#define ISCCFG_NAMEDCONF_H 1
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/grammar.h
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/grammar.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/grammar.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2002, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: grammar.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: grammar.h,v 1.24 2011/01/04 23:47:14 tbox Exp $ */
#ifndef ISCCFG_GRAMMAR_H
#define ISCCFG_GRAMMAR_H 1
@@ -86,6 +86,7 @@
void (*f)(void *closure, const char *text, int textlen);
void *closure;
int indent;
+ int flags;
};
/*% A clause definition. */
@@ -266,6 +267,7 @@
LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_qstring;
LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_astring;
LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_ustring;
+LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_sstring;
LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_sockaddr;
LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr;
LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr4;
@@ -314,6 +316,9 @@
cfg_parse_astring(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
isc_result_t
+cfg_parse_sstring(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
+
+isc_result_t
cfg_parse_rawaddr(cfg_parser_t *pctx, unsigned int flags, isc_netaddr_t *na);
void
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/log.h
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/log.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/log.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: log.h,v 1.14 2009/01/18 23:48:14 tbox Exp $ */
#ifndef ISCCFG_LOG_H
#define ISCCFG_LOG_H 1
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/namedconf.h
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/namedconf.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/namedconf.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: namedconf.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: namedconf.h,v 1.18 2010/08/11 18:14:20 each Exp $ */
#ifndef ISCCFG_NAMEDCONF_H
#define ISCCFG_NAMEDCONF_H 1
Modified: vendor/bind/dist/lib/isccfg/include/isccfg/version.h
===================================================================
--- vendor/bind/dist/lib/isccfg/include/isccfg/version.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/include/isccfg/version.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: version.h,v 1.9 2007/06/19 23:47:22 tbox Exp $ */
/*! \file isccfg/version.h */
Modified: vendor/bind/dist/lib/isccfg/log.c
===================================================================
--- vendor/bind/dist/lib/isccfg/log.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/log.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: log.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: log.c,v 1.11 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/isccfg/namedconf.c
===================================================================
--- vendor/bind/dist/lib/isccfg/namedconf.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/namedconf.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2002, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: namedconf.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -120,35 +120,9 @@
static cfg_type_t cfg_type_viewopts;
static cfg_type_t cfg_type_zone;
static cfg_type_t cfg_type_zoneopts;
-static cfg_type_t cfg_type_dynamically_loadable_zones;
-static cfg_type_t cfg_type_dynamically_loadable_zones_opts;
static cfg_type_t cfg_type_v4_aaaa;
+static cfg_type_t cfg_type_dlz;
-/*
- * Clauses that can be found in a 'dynamically loadable zones' statement
- */
-static cfg_clausedef_t
-dynamically_loadable_zones_clauses[] = {
- { "database", &cfg_type_astring, 0 },
- { NULL, NULL, 0 }
-};
-
-/*
- * A dynamically loadable zones statement.
- */
-static cfg_tuplefielddef_t dynamically_loadable_zones_fields[] = {
- { "name", &cfg_type_astring, 0 },
- { "options", &cfg_type_dynamically_loadable_zones_opts, 0 },
- { NULL, NULL, 0 }
-};
-
-static cfg_type_t cfg_type_dynamically_loadable_zones = {
- "dlz", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
- &cfg_rep_tuple,
- dynamically_loadable_zones_fields
- };
-
-
/*% tkey-dhkey */
static cfg_tuplefielddef_t tkey_dhkey_fields[] = {
@@ -368,7 +342,7 @@
isc_mem_put(pctx->mctx, obj, sizeof(*obj));
return (ISC_R_NOMEMORY);
}
- memcpy(obj->value.string.base, "local", 5);
+ memmove(obj->value.string.base, "local", 5);
obj->value.string.base[5] = '\0';
*ret = obj;
return (ISC_R_SUCCESS);
@@ -865,7 +839,7 @@
{ "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI },
{ "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI },
/* only 1 DLZ per view allowed */
- { "dlz", &cfg_type_dynamically_loadable_zones, 0 },
+ { "dlz", &cfg_type_dlz, 0 },
{ "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI },
{ "trusted-keys", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI },
{ "managed-keys", &cfg_type_managedkeys, CFG_CLAUSEFLAG_MULTI },
@@ -1358,6 +1332,7 @@
{ "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
{ "minimal-responses", &cfg_type_boolean, 0 },
{ "preferred-glue", &cfg_type_astring, 0 },
+ { "no-case-compress", &cfg_type_bracketed_aml, 0 },
{ "provide-ixfr", &cfg_type_boolean, 0 },
/*
* Note that the query-source option syntax is different
@@ -1600,7 +1575,6 @@
namedconf_or_view_clauses,
view_clauses,
zone_clauses,
- dynamically_loadable_zones_clauses,
NULL
};
static cfg_type_t cfg_type_viewopts = {
@@ -1620,15 +1594,19 @@
/*% The "dynamically loadable zones" statement syntax. */
+static cfg_clausedef_t
+dlz_clauses[] = {
+ { "database", &cfg_type_astring, 0 },
+ { NULL, NULL, 0 }
+};
static cfg_clausedef_t *
-dynamically_loadable_zones_clausesets[] = {
- dynamically_loadable_zones_clauses,
+dlz_clausesets[] = {
+ dlz_clauses,
NULL
};
-static cfg_type_t cfg_type_dynamically_loadable_zones_opts = {
- "dynamically_loadable_zones_opts", cfg_parse_map,
- cfg_print_map, cfg_doc_map, &cfg_rep_map,
- dynamically_loadable_zones_clausesets
+static cfg_type_t cfg_type_dlz = {
+ "dlz", cfg_parse_named_map, cfg_print_map, cfg_doc_map,
+ &cfg_rep_map, dlz_clausesets
};
/*%
@@ -1637,7 +1615,7 @@
static cfg_clausedef_t
key_clauses[] = {
{ "algorithm", &cfg_type_astring, 0 },
- { "secret", &cfg_type_astring, 0 },
+ { "secret", &cfg_type_sstring, 0 },
{ NULL, NULL, 0 }
};
@@ -1658,21 +1636,21 @@
static cfg_clausedef_t
server_clauses[] = {
{ "bogus", &cfg_type_boolean, 0 },
- { "provide-ixfr", &cfg_type_boolean, 0 },
- { "request-ixfr", &cfg_type_boolean, 0 },
- { "support-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
- { "transfers", &cfg_type_uint32, 0 },
- { "transfer-format", &cfg_type_transferformat, 0 },
- { "keys", &cfg_type_server_key_kludge, 0 },
{ "edns", &cfg_type_boolean, 0 },
{ "edns-udp-size", &cfg_type_uint32, 0 },
+ { "keys", &cfg_type_server_key_kludge, 0 },
{ "max-udp-size", &cfg_type_uint32, 0 },
{ "notify-source", &cfg_type_sockaddr4wild, 0 },
{ "notify-source-v6", &cfg_type_sockaddr6wild, 0 },
+ { "provide-ixfr", &cfg_type_boolean, 0 },
{ "query-source", &cfg_type_querysource4, 0 },
{ "query-source-v6", &cfg_type_querysource6, 0 },
+ { "request-ixfr", &cfg_type_boolean, 0 },
+ { "support-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+ { "transfer-format", &cfg_type_transferformat, 0 },
{ "transfer-source", &cfg_type_sockaddr4wild, 0 },
{ "transfer-source-v6", &cfg_type_sockaddr6wild, 0 },
+ { "transfers", &cfg_type_uint32, 0 },
{ NULL, NULL, 0 }
};
static cfg_clausedef_t *
Modified: vendor/bind/dist/lib/isccfg/parser.c
===================================================================
--- vendor/bind/dist/lib/isccfg/parser.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/parser.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: parser.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
@@ -183,14 +183,22 @@
void (*f)(void *closure, const char *text, int textlen),
void *closure)
{
+ cfg_printx(obj, 0, f, closure);
+}
+
+void
+cfg_printx(const cfg_obj_t *obj, unsigned int flags,
+ void (*f)(void *closure, const char *text, int textlen),
+ void *closure)
+{
cfg_printer_t pctx;
pctx.f = f;
pctx.closure = closure;
pctx.indent = 0;
+ pctx.flags = flags;
obj->type->print(&pctx, obj);
}
-
/* Tuples. */
isc_result_t
@@ -702,7 +710,7 @@
isc_mem_put(pctx->mctx, obj, sizeof(*obj));
return (ISC_R_NOMEMORY);
}
- memcpy(obj->value.string.base, contents, len);
+ memmove(obj->value.string.base, contents, len);
obj->value.string.base[len] = '\0';
*ret = obj;
@@ -762,6 +770,22 @@
return (result);
}
+isc_result_t
+cfg_parse_sstring(cfg_parser_t *pctx, const cfg_type_t *type,
+ cfg_obj_t **ret)
+{
+ isc_result_t result;
+ UNUSED(type);
+
+ CHECK(cfg_getstringtoken(pctx));
+ return (create_string(pctx,
+ TOKEN_STRING(pctx),
+ &cfg_type_sstring,
+ ret));
+ cleanup:
+ return (result);
+}
+
isc_boolean_t
cfg_is_enum(const char *s, const char *const *enums) {
const char * const *p;
@@ -819,6 +843,18 @@
}
static void
+print_sstring(cfg_printer_t *pctx, const cfg_obj_t *obj) {
+ cfg_print_chars(pctx, "\"", 1);
+ if ((pctx->flags & CFG_PRINTER_XKEY) != 0) {
+ unsigned int len = obj->value.string.length;
+ while (len-- > 0)
+ cfg_print_chars(pctx, "?", 1);
+ } else
+ cfg_print_ustring(pctx, obj);
+ cfg_print_chars(pctx, "\"", 1);
+}
+
+static void
free_string(cfg_parser_t *pctx, cfg_obj_t *obj) {
isc_mem_put(pctx->mctx, obj->value.string.base,
obj->value.string.length + 1);
@@ -855,6 +891,15 @@
};
/*
+ * Any string (quoted or unquoted); printed with quotes.
+ * If CFG_PRINTER_XKEY is set when printing the string will be '?' out.
+ */
+cfg_type_t cfg_type_sstring = {
+ "string", cfg_parse_sstring, print_sstring, cfg_doc_terminal,
+ &cfg_rep_string, NULL
+};
+
+/*
* Booleans
*/
@@ -1261,8 +1306,9 @@
"not implemented", clause->name);
if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) {
- cfg_parser_warning(pctx, 0, "option '%s' is not "
- "configured", clause->name);
+ cfg_parser_warning(pctx, 0, "option '%s' was not "
+ "enabled at compile time",
+ clause->name);
result = ISC_R_FAILURE;
goto cleanup;
}
@@ -1631,7 +1677,7 @@
goto cleanup;
}
obj->value.string.length = r.length;
- memcpy(obj->value.string.base, r.base, r.length);
+ memmove(obj->value.string.base, r.base, r.length);
obj->value.string.base[r.length] = '\0';
*ret = obj;
return (result);
@@ -2480,5 +2526,6 @@
pctx.f = f;
pctx.closure = closure;
pctx.indent = 0;
+ pctx.flags = 0;
cfg_doc_obj(&pctx, type);
}
Modified: vendor/bind/dist/lib/isccfg/version.c
===================================================================
--- vendor/bind/dist/lib/isccfg/version.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/isccfg/version.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: version.c,v 1.7 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
Added: vendor/bind/dist/lib/lwres/Atffile
===================================================================
--- vendor/bind/dist/lib/lwres/Atffile (rev 0)
+++ vendor/bind/dist/lib/lwres/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,5 @@
+Content-Type: application/X-atf-atffile; version="1"
+
+prop: test-suite = bind9
+
+tp: tests
Modified: vendor/bind/dist/lib/lwres/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.34 2007/06/19 23:47:22 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -31,25 +31,25 @@
CWARNINGS =
# Alphabetically
-OBJS = context. at O@ gai_strerror. at O@ getaddrinfo. at O@ gethost. at O@ \
+OBJS = compat. at O@ context. at O@ \
+ gai_strerror. at O@ getaddrinfo. at O@ gethost. at O@ \
getipnode. at O@ getnameinfo. at O@ getrrset. at O@ herror. at O@ \
lwbuffer. at O@ lwconfig. at O@ lwpacket. at O@ lwresutil. at O@ \
lwres_gabn. at O@ lwres_gnba. at O@ lwres_grbn. at O@ lwres_noop. at O@ \
- lwinetaton. at O@ lwinetpton. at O@ lwinetntop. at O@ print. at O@ \
- strtoul. at O@
+ lwinetaton. at O@ lwinetpton. at O@ lwinetntop. at O@ print. at O@
# Alphabetically
-SRCS = context.c gai_strerror.c getaddrinfo.c gethost.c \
+SRCS = compat.c context.c gai_strerror.c getaddrinfo.c gethost.c \
getipnode.c getnameinfo.c getrrset.c herror.c \
lwbuffer.c lwconfig.c lwpacket.c lwresutil.c \
lwres_gabn.c lwres_gnba.c lwres_grbn.c lwres_noop.c \
- lwinetaton.c lwinetpton.c lwinetntop.c print.c \
- strtoul.c
+ lwinetaton.c lwinetpton.c lwinetntop.c print.c
LIBS = @LIBS@
SUBDIRS = include man unix
TARGETS = timestamp
+TESTDIRS = @UNITTESTS@
@BIND9_MAKE_RULES@
@@ -78,7 +78,7 @@
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} liblwres. at A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} liblwres. at A@ ${DESTDIR}${libdir}
clean distclean::
rm -f liblwres. at A@ liblwres.la timestamp
Modified: vendor/bind/dist/lib/lwres/api
===================================================================
--- vendor/bind/dist/lib/lwres/api 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/api 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,6 +4,6 @@
# 9.8: 80-89, 120-129
# 9.9: 90-109
# 9.9-sub: 130-139
-LIBINTERFACE = 80
-LIBREVISION = 6
+LIBINTERFACE = 81
+LIBREVISION = 0
LIBAGE = 0
Modified: vendor/bind/dist/lib/lwres/assert_p.h
===================================================================
--- vendor/bind/dist/lib/lwres/assert_p.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/assert_p.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: assert_p.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
#ifndef LWRES_ASSERT_P_H
#define LWRES_ASSERT_P_H 1
Added: vendor/bind/dist/lib/lwres/compat.c
===================================================================
--- vendor/bind/dist/lib/lwres/compat.c (rev 0)
+++ vendor/bind/dist/lib/lwres/compat.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (c) 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*! \file */
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#include <config.h>
+
+#include <limits.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <lwres/stdlib.h>
+#include <lwres/string.h>
+
+#define DE_CONST(konst, var) \
+ do { \
+ union { const void *k; void *v; } _u; \
+ _u.k = konst; \
+ var = _u.v; \
+ } while (0)
+
+/*!
+ * Convert a string to an unsigned long integer.
+ *
+ * Ignores `locale' stuff. Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+unsigned long
+lwres_strtoul(const char *nptr, char **endptr, int base) {
+ const char *s = nptr;
+ unsigned long acc;
+ unsigned char c;
+ unsigned long cutoff;
+ int neg = 0, any, cutlim;
+
+ /*
+ * See strtol for comments as to the logic used.
+ */
+ do {
+ c = *s++;
+ } while (isspace(c));
+ if (c == '-') {
+ neg = 1;
+ c = *s++;
+ } else if (c == '+')
+ c = *s++;
+ if ((base == 0 || base == 16) &&
+ c == '0' && (*s == 'x' || *s == 'X')) {
+ c = s[1];
+ s += 2;
+ base = 16;
+ }
+ if (base == 0)
+ base = c == '0' ? 8 : 10;
+ cutoff = (unsigned long)ULONG_MAX / (unsigned long)base;
+ cutlim = (unsigned long)ULONG_MAX % (unsigned long)base;
+ for (acc = 0, any = 0;; c = *s++) {
+ if (!isascii(c))
+ break;
+ if (isdigit(c))
+ c -= '0';
+ else if (isalpha(c))
+ c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+ else
+ break;
+ if (c >= base)
+ break;
+ if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
+ any = -1;
+ else {
+ any = 1;
+ acc *= base;
+ acc += c;
+ }
+ }
+ if (any < 0) {
+ acc = ULONG_MAX;
+ errno = ERANGE;
+ } else if (neg)
+ acc = -acc;
+ if (endptr != 0)
+ DE_CONST(any ? s - 1 : nptr, *endptr);
+ return (acc);
+}
+
+size_t
+lwres_strlcpy(char *dst, const char *src, size_t size) {
+ char *d = dst;
+ const char *s = src;
+ size_t n = size;
+
+ /* Copy as many bytes as will fit */
+ if (n != 0U && --n != 0U) {
+ do {
+ if ((*d++ = *s++) == 0)
+ break;
+ } while (--n != 0U);
+ }
+
+ /* Not enough room in dst, add NUL and traverse rest of src */
+ if (n == 0U) {
+ if (size != 0U)
+ *d = '\0'; /* NUL-terminate dst */
+ while (*s++)
+ ;
+ }
+
+ return(s - src - 1); /* count does not include NUL */
+}
Modified: vendor/bind/dist/lib/lwres/context.c
===================================================================
--- vendor/bind/dist/lib/lwres/context.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/context.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: context.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: context.c,v 1.55 2009/09/02 23:48:03 tbox Exp $ */
/*! \file context.c
lwres_context_create() creates a #lwres_context_t structure for use in
@@ -181,7 +181,11 @@
ctx->sock = -1;
ctx->timeout = LWRES_DEFAULT_TIMEOUT;
+#ifndef WIN32
ctx->serial = time(NULL); /* XXXMLG or BEW */
+#else
+ ctx->serial = _time32(NULL);
+#endif
ctx->use_ipv4 = 1;
ctx->use_ipv6 = 1;
@@ -286,7 +290,11 @@
static lwres_result_t
context_connect(lwres_context_t *ctx) {
+#ifndef WIN32
int s;
+#else
+ SOCKET s;
+#endif
int ret;
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
@@ -295,8 +303,8 @@
int domain;
if (ctx->confdata.lwnext != 0) {
- memcpy(&ctx->address, &ctx->confdata.lwservers[0],
- sizeof(lwres_addr_t));
+ memmove(&ctx->address, &ctx->confdata.lwservers[0],
+ sizeof(lwres_addr_t));
LWRES_LINK_INIT(&ctx->address, link);
} else {
/* The default is the IPv4 loopback address 127.0.0.1. */
@@ -310,8 +318,8 @@
}
if (ctx->address.family == LWRES_ADDRTYPE_V4) {
- memcpy(&sin.sin_addr, ctx->address.address,
- sizeof(sin.sin_addr));
+ memmove(&sin.sin_addr, ctx->address.address,
+ sizeof(sin.sin_addr));
sin.sin_port = htons(lwres_udp_port);
sin.sin_family = AF_INET;
sa = (struct sockaddr *)&sin;
@@ -318,8 +326,8 @@
salen = sizeof(sin);
domain = PF_INET;
} else if (ctx->address.family == LWRES_ADDRTYPE_V6) {
- memcpy(&sin6.sin6_addr, ctx->address.address,
- sizeof(sin6.sin6_addr));
+ memmove(&sin6.sin6_addr, ctx->address.address,
+ sizeof(sin6.sin6_addr));
sin6.sin6_port = htons(lwres_udp_port);
sin6.sin6_family = AF_INET6;
sa = (struct sockaddr *)&sin6;
@@ -332,12 +340,16 @@
InitSockets();
#endif
s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+#ifndef WIN32
if (s < 0) {
-#ifdef WIN32
+ return (LWRES_R_IOERROR);
+ }
+#else
+ if (s == INVALID_SOCKET) {
DestroySockets();
-#endif
return (LWRES_R_IOERROR);
}
+#endif
ret = connect(s, sa, salen);
if (ret != 0) {
@@ -357,7 +369,7 @@
return (LWRES_R_IOERROR);
}
- ctx->sock = s;
+ ctx->sock = (int)s;
return (LWRES_R_SUCCESS);
}
Modified: vendor/bind/dist/lib/lwres/context_p.h
===================================================================
--- vendor/bind/dist/lib/lwres/context_p.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/context_p.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: context_p.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: context_p.h,v 1.19 2008/12/17 23:47:58 tbox Exp $ */
#ifndef LWRES_CONTEXT_P_H
#define LWRES_CONTEXT_P_H 1
Modified: vendor/bind/dist/lib/lwres/gai_strerror.c
===================================================================
--- vendor/bind/dist/lib/lwres/gai_strerror.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/gai_strerror.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gai_strerror.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: gai_strerror.c,v 1.22 2007/06/19 23:47:22 tbox Exp $ */
/*! \file gai_strerror.c
* lwres_gai_strerror() returns an error message corresponding to an
@@ -63,7 +63,8 @@
"ai_socktype not supported",
"system error returned in errno",
"bad hints",
- "bad protocol"
+ "bad protocol",
+ "overflow"
};
/*% Returns an error message corresponding to an error code returned by getaddrinfo() */
Modified: vendor/bind/dist/lib/lwres/getaddrinfo.c
===================================================================
--- vendor/bind/dist/lib/lwres/getaddrinfo.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/getaddrinfo.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* This code is derived from software contributed to ISC by
@@ -18,7 +18,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getaddrinfo.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: getaddrinfo.c,v 1.54 2008/11/25 23:47:23 tbox Exp $ */
/*! \file */
@@ -134,13 +134,13 @@
#include <config.h>
#include <errno.h>
+#include <string.h>
-#include <isc/string.h>
-
#include <lwres/lwres.h>
#include <lwres/net.h>
#include <lwres/netdb.h>
#include <lwres/stdlib.h>
+#include <lwres/string.h>
#define SA(addr) ((struct sockaddr *)(addr))
#define SIN(addr) ((struct sockaddr_in *)(addr))
@@ -392,7 +392,7 @@
* Convert to a V4 mapped address.
*/
struct in6_addr *a6 = (struct in6_addr *)abuf;
- memcpy(&a6->s6_addr[12], &a6->s6_addr[0], 4);
+ memmove(&a6->s6_addr[12], &a6->s6_addr[0], 4);
memset(&a6->s6_addr[10], 0xff, 2);
memset(&a6->s6_addr[0], 0, 10);
goto inet6_addr;
@@ -427,7 +427,7 @@
ai_list = ai;
ai->ai_socktype = socktype;
SIN(ai->ai_addr)->sin_port = port;
- memcpy((char *)ai->ai_addr + addroff, abuf, addrsize);
+ memmove((char *)ai->ai_addr + addroff, abuf, addrsize);
if (flags & AI_CANONNAME) {
#if defined(LWRES_HAVE_SIN6_SCOPE_ID)
if (ai->ai_family == AF_INET6)
@@ -579,7 +579,7 @@
*aip = ai;
ai->ai_socktype = socktype;
SIN(ai->ai_addr)->sin_port = port;
- memcpy(&SIN(ai->ai_addr)->sin_addr, v4_loop, 4);
+ memmove(&SIN(ai->ai_addr)->sin_addr, v4_loop, 4);
} else {
lwres = lwres_getaddrsbyname(lwrctx, hostname,
LWRES_ADDRTYPE_V4, &by);
@@ -597,8 +597,8 @@
*aip = ai;
ai->ai_socktype = socktype;
SIN(ai->ai_addr)->sin_port = port;
- memcpy(&SIN(ai->ai_addr)->sin_addr,
- addr->address, 4);
+ memmove(&SIN(ai->ai_addr)->sin_addr,
+ addr->address, 4);
if (flags & AI_CANONNAME) {
ai->ai_canonname = strdup(by->realname);
if (ai->ai_canonname == NULL)
@@ -643,7 +643,7 @@
*aip = ai;
ai->ai_socktype = socktype;
SIN6(ai->ai_addr)->sin6_port = port;
- memcpy(&SIN6(ai->ai_addr)->sin6_addr, v6_loop, 16);
+ memmove(&SIN6(ai->ai_addr)->sin6_addr, v6_loop, 16);
} else {
lwres = lwres_getaddrsbyname(lwrctx, hostname,
LWRES_ADDRTYPE_V6, &by);
@@ -661,8 +661,8 @@
*aip = ai;
ai->ai_socktype = socktype;
SIN6(ai->ai_addr)->sin6_port = port;
- memcpy(&SIN6(ai->ai_addr)->sin6_addr,
- addr->address, 16);
+ memmove(&SIN6(ai->ai_addr)->sin6_addr,
+ addr->address, 16);
if (flags & AI_CANONNAME) {
ai->ai_canonname = strdup(by->realname);
if (ai->ai_canonname == NULL)
@@ -706,6 +706,9 @@
if (socktype == 0)
return (EAI_SOCKTYPE);
+ if (strlen(name) >= sizeof(slocal->sun_path))
+ return (EAI_OVERFLOW);
+
ai = ai_alloc(AF_LOCAL, sizeof(*slocal));
if (ai == NULL)
return (EAI_MEMORY);
@@ -712,6 +715,7 @@
slocal = SLOCAL(ai->ai_addr);
strncpy(slocal->sun_path, name, sizeof(slocal->sun_path));
+ slocal->sun_path[sizeof(slocal->sun_path) - 1] = '\0';
ai->ai_socktype = socktype;
/*
Modified: vendor/bind/dist/lib/lwres/gethost.c
===================================================================
--- vendor/bind/dist/lib/lwres/gethost.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/gethost.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gethost.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: gethost.c,v 1.34 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
@@ -24,7 +24,7 @@
* lookups by means of the lightweight resolver. They are similar to the
* standard gethostent(3) functions provided by most operating systems.
* They use a struct hostent which is usually defined in <namedb.h>.
- *
+ *
* \code
* struct hostent {
* char *h_name; // official name of host
@@ -35,29 +35,29 @@
* };
* #define h_addr h_addr_list[0] // address, for backward compatibility
* \endcode
- *
+ *
* The members of this structure are:
- *
+ *
* \li h_name:
* The official (canonical) name of the host.
- *
+ *
* \li h_aliases:
* A NULL-terminated array of alternate names (nicknames) for the
* host.
- *
+ *
* \li h_addrtype:
* The type of address being returned -- PF_INET or PF_INET6.
- *
+ *
* \li h_length:
* The length of the address in bytes.
- *
+ *
* \li h_addr_list:
* A NULL terminated array of network addresses for the host. Host
* addresses are returned in network byte order.
- *
+ *
* For backward compatibility with very old software, h_addr is the first
* address in h_addr_list.
- *
+ *
* lwres_gethostent(), lwres_sethostent(), lwres_endhostent(),
* lwres_gethostent_r(), lwres_sethostent_r() and lwres_endhostent_r()
* provide iteration over the known host entries on systems that provide
@@ -64,7 +64,7 @@
* such functionality through facilities like /etc/hosts or NIS. The
* lightweight resolver does not currently implement these functions; it
* only provides them as stub functions that always return failure.
- *
+ *
* lwres_gethostbyname() and lwres_gethostbyname2() look up the hostname
* name. lwres_gethostbyname() always looks for an IPv4 address while
* lwres_gethostbyname2() looks for an address of protocol family af:
@@ -72,7 +72,7 @@
* Successful calls of the functions return a struct hostent for the name
* that was looked up. NULL is returned if the lookups by
* lwres_gethostbyname() or lwres_gethostbyname2() fail.
- *
+ *
* Reverse lookups of addresses are performed by lwres_gethostbyaddr().
* addr is an address of length len bytes and protocol family type --
* PF_INET or PF_INET6. lwres_gethostbyname_r() is a thread-safe function
@@ -83,7 +83,7 @@
* h_addr_list elements of the struct hostent returned in resbuf.
* Successful calls to lwres_gethostbyname_r() return resbuf, which is a
* pointer to the struct hostent it created.
- *
+ *
* lwres_gethostbyaddr_r() is a thread-safe function that performs a
* reverse lookup of address addr which is len bytes long and is of
* protocol family type -- PF_INET or PF_INET6. If an error occurs, the
@@ -95,35 +95,35 @@
* struct hostent returned in resbuf. Successful calls to
* lwres_gethostbyaddr_r() return resbuf, which is a pointer to the
* struct hostent it created.
- *
+ *
* \section gethost_return Return Values
- *
+ *
* The functions lwres_gethostbyname(), lwres_gethostbyname2(),
* lwres_gethostbyaddr(), and lwres_gethostent() return NULL to indicate
* an error. In this case the global variable lwres_h_errno will contain
* one of the following error codes defined in \link netdb.h <lwres/netdb.h>:\endlink
- *
+ *
* \li #HOST_NOT_FOUND:
* The host or address was not found.
- *
+ *
* \li #TRY_AGAIN:
* A recoverable error occurred, e.g., a timeout. Retrying the
* lookup may succeed.
- *
+ *
* \li #NO_RECOVERY:
* A non-recoverable error occurred.
- *
+ *
* \li #NO_DATA:
* The name exists, but has no address information associated with
* it (or vice versa in the case of a reverse lookup). The code
* NO_ADDRESS is accepted as a synonym for NO_DATA for backwards
* compatibility.
- *
+ *
* lwres_hstrerror() translates these error codes to suitable error
* messages.
- *
+ *
* lwres_gethostent() and lwres_gethostent_r() always return NULL.
- *
+ *
* Successful calls to lwres_gethostbyname_r() and
* lwres_gethostbyaddr_r() return resbuf, a pointer to the struct hostent
* that was initialised by these functions. They return NULL if the
@@ -131,19 +131,19 @@
* names referenced by the h_name, h_aliases, and h_addr_list elements of
* the struct hostent. If buf was too small, both lwres_gethostbyname_r()
* and lwres_gethostbyaddr_r() set the global variable errno to ERANGE.
- *
+ *
* \section gethost_see See Also
- *
+ *
* gethostent(), \link getipnode.c getipnode\endlink, lwres_hstrerror()
- *
+ *
* \section gethost_bugs Bugs
- *
+ *
* lwres_gethostbyname(), lwres_gethostbyname2(), lwres_gethostbyaddr()
* and lwres_endhostent() are not thread safe; they return pointers to
* static data and provide error codes through a global variable.
* Thread-safe versions for name and address lookup are provided by
* lwres_gethostbyname_r(), and lwres_gethostbyaddr_r() respectively.
- *
+ *
* The resolver daemon does not currently support any non-DNS name
* services such as /etc/hosts or NIS, consequently the above functions
* don't, either.
@@ -153,6 +153,9 @@
#include <errno.h>
#include <string.h>
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h> /* uintptr_t */
+#endif
#include <lwres/net.h>
#include <lwres/netdb.h>
@@ -161,7 +164,7 @@
#define LWRES_ALIGNBYTES (sizeof(char *) - 1)
#define LWRES_ALIGN(p) \
- (((unsigned long)(p) + LWRES_ALIGNBYTES) &~ LWRES_ALIGNBYTES)
+ (((uintptr_t)(p) + LWRES_ALIGNBYTES) &~ LWRES_ALIGNBYTES)
static struct hostent *he = NULL;
static int copytobuf(struct hostent *, struct hostent *, char *, int);
@@ -294,69 +297,69 @@
static int
copytobuf(struct hostent *he, struct hostent *hptr, char *buf, int buflen) {
- char *cp;
- char **ptr;
- int i, n;
- int nptr, len;
+ char *cp;
+ char **ptr;
+ int i, n;
+ int nptr, len;
- /*
+ /*
* Find out the amount of space required to store the answer.
*/
- nptr = 2; /* NULL ptrs */
- len = (char *)LWRES_ALIGN(buf) - buf;
- for (i = 0; he->h_addr_list[i]; i++, nptr++) {
- len += he->h_length;
- }
- for (i = 0; he->h_aliases[i]; i++, nptr++) {
- len += strlen(he->h_aliases[i]) + 1;
- }
- len += strlen(he->h_name) + 1;
- len += nptr * sizeof(char*);
+ nptr = 2; /* NULL ptrs */
+ len = (int)((char *)LWRES_ALIGN(buf) - buf);
+ for (i = 0; he->h_addr_list[i]; i++, nptr++) {
+ len += he->h_length;
+ }
+ for (i = 0; he->h_aliases[i]; i++, nptr++) {
+ len += strlen(he->h_aliases[i]) + 1;
+ }
+ len += strlen(he->h_name) + 1;
+ len += nptr * sizeof(char*);
- if (len > buflen) {
- return (-1);
- }
+ if (len > buflen) {
+ return (-1);
+ }
- /*
+ /*
* Copy address size and type.
*/
- hptr->h_addrtype = he->h_addrtype;
- n = hptr->h_length = he->h_length;
+ hptr->h_addrtype = he->h_addrtype;
+ n = hptr->h_length = he->h_length;
- ptr = (char **)LWRES_ALIGN(buf);
- cp = (char *)LWRES_ALIGN(buf) + nptr * sizeof(char *);
+ ptr = (char **)LWRES_ALIGN(buf);
+ cp = (char *)LWRES_ALIGN(buf) + nptr * sizeof(char *);
- /*
+ /*
* Copy address list.
*/
- hptr->h_addr_list = ptr;
- for (i = 0; he->h_addr_list[i]; i++, ptr++) {
- memcpy(cp, he->h_addr_list[i], n);
- hptr->h_addr_list[i] = cp;
- cp += n;
- }
- hptr->h_addr_list[i] = NULL;
- ptr++;
+ hptr->h_addr_list = ptr;
+ for (i = 0; he->h_addr_list[i]; i++, ptr++) {
+ memmove(cp, he->h_addr_list[i], n);
+ hptr->h_addr_list[i] = cp;
+ cp += n;
+ }
+ hptr->h_addr_list[i] = NULL;
+ ptr++;
- /*
+ /*
* Copy official name.
*/
- n = strlen(he->h_name) + 1;
- strcpy(cp, he->h_name);
- hptr->h_name = cp;
- cp += n;
+ n = strlen(he->h_name) + 1;
+ strcpy(cp, he->h_name);
+ hptr->h_name = cp;
+ cp += n;
- /*
+ /*
* Copy aliases.
*/
- hptr->h_aliases = ptr;
- for (i = 0; he->h_aliases[i]; i++) {
- n = strlen(he->h_aliases[i]) + 1;
- strcpy(cp, he->h_aliases[i]);
- hptr->h_aliases[i] = cp;
- cp += n;
- }
- hptr->h_aliases[i] = NULL;
+ hptr->h_aliases = ptr;
+ for (i = 0; he->h_aliases[i]; i++) {
+ n = strlen(he->h_aliases[i]) + 1;
+ strcpy(cp, he->h_aliases[i]);
+ hptr->h_aliases[i] = cp;
+ cp += n;
+ }
+ hptr->h_aliases[i] = NULL;
- return (0);
+ return (0);
}
Modified: vendor/bind/dist/lib/lwres/getipnode.c
===================================================================
--- vendor/bind/dist/lib/lwres/getipnode.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/getipnode.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getipnode.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: getipnode.c,v 1.47 2009/09/01 23:47:45 tbox Exp $ */
/*! \file */
@@ -420,7 +420,7 @@
/*
* Restore original address.
*/
- memcpy(he2->h_addr, src, len);
+ memmove(he2->h_addr, src, len);
return (he2);
}
@@ -595,7 +595,7 @@
for (cp = buf;
(*have_v4 == 0 || *have_v6 == 0) && cp < cplim;
cp += cpsize) {
- memcpy(&lifreq, cp, sizeof(lifreq));
+ memmove(&lifreq, cp, sizeof(lifreq));
#ifdef LWRES_PLATFORM_HAVESALEN
#ifdef FIX_ZERO_SA_LEN
if (lifreq.lifr_addr.sa_len == 0)
@@ -620,10 +620,10 @@
switch (lifreq.lifr_addr.ss_family) {
case AF_INET:
if (*have_v4 == 0) {
- memcpy(&in4,
- &((struct sockaddr_in *)
- &lifreq.lifr_addr)->sin_addr,
- sizeof(in4));
+ memmove(&in4,
+ &((struct sockaddr_in *)
+ &lifreq.lifr_addr)->sin_addr,
+ sizeof(in4));
if (in4.s_addr == INADDR_ANY)
break;
n = ioctl(s, SIOCGLIFFLAGS, (char *)&lifreq);
@@ -636,10 +636,10 @@
break;
case AF_INET6:
if (*have_v6 == 0) {
- memcpy(&in6,
- &((struct sockaddr_in6 *)
- &lifreq.lifr_addr)->sin6_addr,
- sizeof(in6));
+ memmove(&in6,
+ &((struct sockaddr_in6 *)
+ &lifreq.lifr_addr)->sin6_addr,
+ sizeof(in6));
if (memcmp(&in6, &in6addr_any,
sizeof(in6)) == 0)
break;
@@ -760,7 +760,7 @@
for (cp = buf;
(*have_v4 == 0 || *have_v6 == 0) && cp < cplim;
cp += cpsize) {
- memcpy(&u.ifreq, cp, sizeof(u.ifreq));
+ memmove(&u.ifreq, cp, sizeof(u.ifreq));
#ifdef LWRES_PLATFORM_HAVESALEN
#ifdef FIX_ZERO_SA_LEN
if (u.ifreq.ifr_addr.sa_len == 0)
@@ -775,7 +775,7 @@
cpsize = sizeof(u.ifreq.ifr_name) + u.ifreq.ifr_addr.sa_len;
#endif /* HAVE_MINIMUM_IFREQ */
if (cpsize > sizeof(u.ifreq) && cpsize <= sizeof(u))
- memcpy(&u.ifreq, cp, cpsize);
+ memmove(&u.ifreq, cp, cpsize);
#elif defined SIOCGIFCONF_ADDR
cpsize = sizeof(u.ifreq);
#else
@@ -787,10 +787,10 @@
switch (u.ifreq.ifr_addr.sa_family) {
case AF_INET:
if (*have_v4 == 0) {
- memcpy(&in4,
- &((struct sockaddr_in *)
- &u.ifreq.ifr_addr)->sin_addr,
- sizeof(in4));
+ memmove(&in4,
+ &((struct sockaddr_in *)
+ &u.ifreq.ifr_addr)->sin_addr,
+ sizeof(in4));
if (in4.s_addr == INADDR_ANY)
break;
n = ioctl(s, SIOCGIFFLAGS, (char *)&u.ifreq);
@@ -803,10 +803,10 @@
break;
case AF_INET6:
if (*have_v6 == 0) {
- memcpy(&in6,
- &((struct sockaddr_in6 *)
- &u.ifreq.ifr_addr)->sin6_addr,
- sizeof(in6));
+ memmove(&in6,
+ &((struct sockaddr_in6 *)
+ &u.ifreq.ifr_addr)->sin6_addr,
+ sizeof(in6));
if (memcmp(&in6, &in6addr_any,
sizeof(in6)) == 0)
break;
@@ -908,13 +908,13 @@
* Convert to mapped if required.
*/
if (af == AF_INET6 && he1->h_addrtype == AF_INET) {
- memcpy(*npp, in6addr_mapped,
- sizeof(in6addr_mapped));
- memcpy(*npp + sizeof(in6addr_mapped), *cpp,
- INADDRSZ);
+ memmove(*npp, in6addr_mapped,
+ sizeof(in6addr_mapped));
+ memmove(*npp + sizeof(in6addr_mapped), *cpp,
+ INADDRSZ);
} else {
- memcpy(*npp, *cpp,
- (af == AF_INET) ? INADDRSZ : IN6ADDRSZ);
+ memmove(*npp, *cpp,
+ (af == AF_INET) ? INADDRSZ : IN6ADDRSZ);
}
cpp++;
npp++;
@@ -931,13 +931,13 @@
* Convert to mapped if required.
*/
if (af == AF_INET6 && he2->h_addrtype == AF_INET) {
- memcpy(*npp, in6addr_mapped,
- sizeof(in6addr_mapped));
- memcpy(*npp + sizeof(in6addr_mapped), *cpp,
- INADDRSZ);
+ memmove(*npp, in6addr_mapped,
+ sizeof(in6addr_mapped));
+ memmove(*npp + sizeof(in6addr_mapped), *cpp,
+ INADDRSZ);
} else {
- memcpy(*npp, *cpp,
- (af == AF_INET) ? INADDRSZ : IN6ADDRSZ);
+ memmove(*npp, *cpp,
+ (af == AF_INET) ? INADDRSZ : IN6ADDRSZ);
}
cpp++;
npp++;
@@ -1060,7 +1060,7 @@
he->h_addr_list[0] = malloc(he->h_length);
if (he->h_addr_list[0] == NULL)
goto cleanup;
- memcpy(he->h_addr_list[0], src, he->h_length);
+ memmove(he->h_addr_list[0], src, he->h_length);
he->h_addr_list[1] = NULL;
return (he);
@@ -1140,7 +1140,7 @@
he->h_addr_list[i] = malloc(he->h_length);
if (he->h_addr_list[i] == NULL)
goto cleanup;
- memcpy(he->h_addr_list[i], addr->address, he->h_length);
+ memmove(he->h_addr_list[i], addr->address, he->h_length);
addr = LWRES_LIST_NEXT(addr, link);
i++;
}
Modified: vendor/bind/dist/lib/lwres/getnameinfo.c
===================================================================
--- vendor/bind/dist/lib/lwres/getnameinfo.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/getnameinfo.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getnameinfo.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/lib/lwres/getrrset.c
===================================================================
--- vendor/bind/dist/lib/lwres/getrrset.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/getrrset.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getrrset.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
+/* $Id: getrrset.c,v 1.18 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
@@ -228,8 +228,8 @@
result = ERRSET_NOMEMORY;
goto fail;
}
- memcpy(rrset->rri_rdatas[i].rdi_data, response->rdatas[i],
- rrset->rri_rdatas[i].rdi_length);
+ memmove(rrset->rri_rdatas[i].rdi_data, response->rdatas[i],
+ rrset->rri_rdatas[i].rdi_length);
}
rrset->rri_nsigs = response->nsigs;
rrset->rri_sigs = sane_calloc(rrset->rri_nsigs,
@@ -246,8 +246,8 @@
result = ERRSET_NOMEMORY;
goto fail;
}
- memcpy(rrset->rri_sigs[i].rdi_data, response->sigs[i],
- rrset->rri_sigs[i].rdi_length);
+ memmove(rrset->rri_sigs[i].rdi_data, response->sigs[i],
+ rrset->rri_sigs[i].rdi_length);
}
lwres_grbnresponse_free(lwrctx, &response);
Modified: vendor/bind/dist/lib/lwres/herror.c
===================================================================
--- vendor/bind/dist/lib/lwres/herror.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/herror.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2005, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005, 2007, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -27,11 +27,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@@ -72,7 +68,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static const char sccsid[] = "@(#)herror.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] =
- "$Id: herror.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $";
+ "$Id$";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
Modified: vendor/bind/dist/lib/lwres/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.8 2007/06/19 23:47:22 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/lwres/include/lwres/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,8 +13,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
-
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
@@ -24,8 +22,9 @@
# machine generated. The latter are handled specially in the
# install target below.
#
-HEADERS = context.h lwbuffer.h lwpacket.h lwres.h result.h \
- int.h lang.h list.h ipv6.h version.h
+HEADERS = context.h int.h ipv6.h lang.h list.h \
+ lwbuffer.h lwpacket.h lwres.h result.h \
+ stdlib.h string.h version.h
SUBDIRS =
TARGETS =
Modified: vendor/bind/dist/lib/lwres/include/lwres/context.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/context.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/context.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: context.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: context.h,v 1.23 2008/12/17 23:47:58 tbox Exp $ */
#ifndef LWRES_CONTEXT_H
#define LWRES_CONTEXT_H 1
Modified: vendor/bind/dist/lib/lwres/include/lwres/int.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/int.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/int.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: int.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: int.h,v 1.14 2007/06/19 23:47:23 tbox Exp $ */
#ifndef LWRES_INT_H
#define LWRES_INT_H 1
Modified: vendor/bind/dist/lib/lwres/include/lwres/ipv6.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/ipv6.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/ipv6.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ipv6.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: ipv6.h,v 1.16 2007/06/19 23:47:23 tbox Exp $ */
#ifndef LWRES_IPV6_H
#define LWRES_IPV6_H 1
Modified: vendor/bind/dist/lib/lwres/include/lwres/lang.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/lang.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/lang.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lang.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lang.h,v 1.13 2007/06/19 23:47:23 tbox Exp $ */
#ifndef LWRES_LANG_H
#define LWRES_LANG_H 1
Modified: vendor/bind/dist/lib/lwres/include/lwres/list.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/list.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/list.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: list.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: list.h,v 1.14 2007/06/19 23:47:23 tbox Exp $ */
#ifndef LWRES_LIST_H
#define LWRES_LIST_H 1
Modified: vendor/bind/dist/lib/lwres/include/lwres/lwbuffer.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/lwbuffer.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/lwbuffer.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwbuffer.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwbuffer.h,v 1.22 2007/06/19 23:47:23 tbox Exp $ */
/*! \file lwres/lwbuffer.h
Modified: vendor/bind/dist/lib/lwres/include/lwres/lwpacket.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/lwpacket.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/lwpacket.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwpacket.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwpacket.h,v 1.24 2007/06/19 23:47:23 tbox Exp $ */
#ifndef LWRES_LWPACKET_H
#define LWRES_LWPACKET_H 1
Modified: vendor/bind/dist/lib/lwres/include/lwres/lwres.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/lwres.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/lwres.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwres.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwres.h,v 1.57 2007/06/19 23:47:23 tbox Exp $ */
#ifndef LWRES_LWRES_H
#define LWRES_LWRES_H 1
@@ -121,6 +121,7 @@
lwres_uint32_t family;
lwres_uint16_t length;
unsigned char address[LWRES_ADDR_MAXLEN];
+ lwres_uint32_t zone;
LWRES_LINK(lwres_addr_t) link;
};
Modified: vendor/bind/dist/lib/lwres/include/lwres/netdb.h.in
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/netdb.h.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/netdb.h.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: netdb.h.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: netdb.h.in,v 1.41 2009/01/18 23:48:14 tbox Exp $ */
/*! \file */
@@ -88,6 +88,7 @@
#undef EAI_SYSTEM
#undef EAI_BADHINTS
#undef EAI_PROTOCOL
+#undef EAI_OVERFLOW
#undef EAI_MAX
#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */
@@ -103,7 +104,8 @@
#define EAI_SYSTEM 11 /* system error returned in errno */
#define EAI_BADHINTS 12
#define EAI_PROTOCOL 13
-#define EAI_MAX 14
+#define EAI_OVERFLOW 14
+#define EAI_MAX 15
/*
* Flag values for getaddrinfo()
Modified: vendor/bind/dist/lib/lwres/include/lwres/platform.h.in
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/platform.h.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/platform.h.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: platform.h.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: platform.h.in,v 1.21 2007/06/19 23:47:23 tbox Exp $ */
/*! \file */
@@ -59,7 +59,7 @@
@LWRES_PLATFORM_NEEDIN6ADDRANY@
/*
- * If this system is missing in6addr_loopback,
+ * If this system is missing in6addr_loopback,
* LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK will be defined.
*/
@LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK@
@@ -84,7 +84,7 @@
* Defined this system needs vsnprintf() and snprintf().
*/
@LWRES_PLATFORM_NEEDVSNPRINTF@
-
+
/*
* If this system need a modern sprintf() that returns (int) not (char*).
*/
@@ -100,6 +100,11 @@
*/
@LWRES_PLATFORM_NEEDSTRTOUL@
+/*! \brief
+ * Define if this system needs strlcpy.
+ */
+ at LWRES_PLATFORM_NEEDSTRLCPY@
+
#ifndef LWRES_PLATFORM_USEDECLSPEC
#define LIBLWRES_EXTERNAL_DATA
#else
Modified: vendor/bind/dist/lib/lwres/include/lwres/result.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/result.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/result.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: result.h,v 1.21 2007/06/19 23:47:23 tbox Exp $ */
#ifndef LWRES_RESULT_H
#define LWRES_RESULT_H 1
Modified: vendor/bind/dist/lib/lwres/include/lwres/stdlib.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/stdlib.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/stdlib.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: stdlib.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
-
#ifndef LWRES_STDLIB_H
#define LWRES_STDLIB_H 1
Added: vendor/bind/dist/lib/lwres/include/lwres/string.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/string.h (rev 0)
+++ vendor/bind/dist/lib/lwres/include/lwres/string.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef LWRES_STRING_H
+#define LWRES_STRING_H 1
+
+/*! \file lwres/string.h */
+
+#include <stdlib.h>
+
+#include <lwres/lang.h>
+#include <lwres/platform.h>
+
+#ifdef LWRES_PLATFORM_NEEDSTRLCPY
+#define strlcpy lwres_strlcpy
+#endif
+
+LWRES_LANG_BEGINDECLS
+
+size_t lwres_strlcpy(char *dst, const char *src, size_t size);
+
+LWRES_LANG_ENDDECLS
+
+#endif
Modified: vendor/bind/dist/lib/lwres/include/lwres/version.h
===================================================================
--- vendor/bind/dist/lib/lwres/include/lwres/version.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/include/lwres/version.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: version.h,v 1.9 2007/06/19 23:47:23 tbox Exp $ */
/*! \file lwres/version.h */
Modified: vendor/bind/dist/lib/lwres/lwbuffer.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwbuffer.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwbuffer.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwbuffer.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwbuffer.c,v 1.15 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
@@ -23,7 +23,7 @@
* These functions provide bounds checked access to a region of memory
* where data is being read or written. They are based on, and similar
* to, the isc_buffer_ functions in the ISC library.
- *
+ *
* A buffer is a region of memory, together with a set of related
* subregions. The used region and the available region are disjoint, and
* their union is the buffer's region. The used region extends from the
@@ -31,7 +31,7 @@
* region extends from one byte greater than the last used byte to the
* end of the buffer's region. The size of the used region can be changed
* using various buffer commands. Initially, the used region is empty.
- *
+ *
* The used region is further subdivided into two disjoint regions: the
* consumed region and the remaining region. The union of these two
* regions is the used region. The consumed region extends from the
@@ -39,14 +39,14 @@
* any). The remaining region the current pointer to the end of the used
* region. The size of the consumed region can be changed using various
* buffer commands. Initially, the consumed region is empty.
- *
+ *
* The active region is an (optional) subregion of the remaining region.
* It extends from the current offset to an offset in the remaining
* region. Initially, the active region is empty. If the current offset
* advances beyond the chosen offset, the active region will also be
* empty.
- *
- *
+ *
+ *
* \verbatim
* /------------entire length---------------\\
* /----- used region -----\\/-- available --\\
@@ -54,13 +54,13 @@
* | consumed | remaining | |
* +----------------------------------------+
* a b c d e
- *
+ *
* a == base of buffer.
* b == current pointer. Can be anywhere between a and d.
* c == active pointer. Meaningful between b and d.
* d == used pointer.
* e == length of buffer.
- *
+ *
* a-e == entire length of buffer.
* a-d == used region.
* a-b == consumed region.
@@ -67,34 +67,34 @@
* b-d == remaining region.
* b-c == optional active region.
* \endverbatim
- *
+ *
* lwres_buffer_init() initializes the lwres_buffer_t *b and assocates it
* with the memory region of size length bytes starting at location base.
- *
+ *
* lwres_buffer_invalidate() marks the buffer *b as invalid. Invalidating
* a buffer after use is not required, but makes it possible to catch its
* possible accidental use.
- *
+ *
* The functions lwres_buffer_add() and lwres_buffer_subtract()
* respectively increase and decrease the used space in buffer *b by n
* bytes. lwres_buffer_add() checks for buffer overflow and
* lwres_buffer_subtract() checks for underflow. These functions do not
* allocate or deallocate memory. They just change the value of used.
- *
+ *
* A buffer is re-initialised by lwres_buffer_clear(). The function sets
* used , current and active to zero.
- *
+ *
* lwres_buffer_first() makes the consumed region of buffer *p empty by
* setting current to zero (the start of the buffer).
- *
+ *
* lwres_buffer_forward() increases the consumed region of buffer *b by n
* bytes, checking for overflow. Similarly, lwres_buffer_back() decreases
* buffer b's consumed region by n bytes and checks for underflow.
- *
+ *
* lwres_buffer_getuint8() reads an unsigned 8-bit integer from *b and
* returns it. lwres_buffer_putuint8() writes the unsigned 8-bit integer
* val to buffer *b.
- *
+ *
* lwres_buffer_getuint16() and lwres_buffer_getuint32() are identical to
* lwres_buffer_putuint8() except that they respectively read an unsigned
* 16-bit or 32-bit integer in network byte order from b. Similarly,
@@ -101,7 +101,7 @@
* lwres_buffer_putuint16() and lwres_buffer_putuint32() writes the
* unsigned 16-bit or 32-bit integer val to buffer b, in network byte
* order.
- *
+ *
* Arbitrary amounts of data are read or written from a lightweight
* resolver buffer with lwres_buffer_getmem() and lwres_buffer_putmem()
* respectively. lwres_buffer_putmem() copies length bytes of memory at
@@ -339,7 +339,7 @@
REQUIRE(b->used + length <= b->length);
cp = (unsigned char *)b->base + b->used;
- memcpy(cp, base, length);
+ memmove(cp, base, length);
b->used += length;
}
@@ -357,5 +357,5 @@
cp += b->current;
b->current += length;
- memcpy(base, cp, length);
+ memmove(base, cp, length);
}
Modified: vendor/bind/dist/lib/lwres/lwconfig.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwconfig.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwconfig.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwconfig.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
-
/*! \file */
/**
@@ -67,9 +65,12 @@
#include <lwres/lwres.h>
#include <lwres/net.h>
#include <lwres/result.h>
+#include <lwres/stdlib.h>
+#include <lwres/string.h>
#include "assert_p.h"
#include "context_p.h"
+#include "print_p.h"
#if ! defined(NS_INADDRSZ)
@@ -204,6 +205,7 @@
memset(addr->address, 0, LWRES_ADDR_MAXLEN);
addr->family = 0;
addr->length = 0;
+ addr->zone = 0;
}
static char *
@@ -449,25 +451,57 @@
lwres_create_addr(const char *buffer, lwres_addr_t *addr, int convert_zero) {
struct in_addr v4;
struct in6_addr v6;
+ char buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255") +
+ sizeof("%4294967295")];
+ char *percent;
+ size_t n;
+ n = strlcpy(buf, buffer, sizeof(buf));
+ if (n >= sizeof(buf))
+ return (LWRES_R_FAILURE);
+
+ percent = strchr(buf, '%');
+ if (percent != NULL)
+ *percent = 0;
+
if (lwres_net_aton(buffer, &v4) == 1) {
if (convert_zero) {
unsigned char zeroaddress[] = {0, 0, 0, 0};
unsigned char loopaddress[] = {127, 0, 0, 1};
if (memcmp(&v4, zeroaddress, 4) == 0)
- memcpy(&v4, loopaddress, 4);
+ memmove(&v4, loopaddress, 4);
}
addr->family = LWRES_ADDRTYPE_V4;
addr->length = NS_INADDRSZ;
- memcpy((void *)addr->address, &v4, NS_INADDRSZ);
+ addr->zone = 0;
+ memmove((void *)addr->address, &v4, NS_INADDRSZ);
- } else if (lwres_net_pton(AF_INET6, buffer, &v6) == 1) {
+ } else if (lwres_net_pton(AF_INET6, buf, &v6) == 1) {
addr->family = LWRES_ADDRTYPE_V6;
addr->length = NS_IN6ADDRSZ;
- memcpy((void *)addr->address, &v6, NS_IN6ADDRSZ);
- } else {
+ memmove((void *)addr->address, &v6, NS_IN6ADDRSZ);
+ if (percent != NULL) {
+ unsigned long zone;
+ char *ep;
+
+ percent++;
+
+#ifdef HAVE_IF_NAMETOINDEX
+ zone = if_nametoindex(percent);
+ if (zone != 0U) {
+ addr->zone = zone;
+ return (LWRES_R_SUCCESS);
+ }
+#endif
+ zone = strtoul(percent, &ep, 10);
+ if (ep != percent && *ep == 0)
+ addr->zone = zone;
+ else
+ return (LWRES_R_FAILURE);
+ } else
+ addr->zone = 0;
+ } else
return (LWRES_R_FAILURE); /* Unrecognised format. */
- }
return (LWRES_R_SUCCESS);
}
@@ -630,6 +664,7 @@
int i;
int af;
char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+ char buf[sizeof("%4000000000")];
const char *p;
lwres_conf_t *confdata;
lwres_addr_t tmpaddr;
@@ -647,7 +682,13 @@
if (p != tmp)
return (LWRES_R_FAILURE);
- fprintf(fp, "nameserver %s\n", tmp);
+ if (af == AF_INET6 && confdata->lwservers[i].zone != 0) {
+ snprintf(buf, sizeof(buf), "%%%u",
+ confdata->nameservers[i].zone);
+ } else
+ buf[0] = 0;
+
+ fprintf(fp, "nameserver %s%s\n", tmp, buf);
}
for (i = 0; i < confdata->lwnext; i++) {
@@ -658,7 +699,13 @@
if (p != tmp)
return (LWRES_R_FAILURE);
- fprintf(fp, "lwserver %s\n", tmp);
+ if (af == AF_INET6 && confdata->lwservers[i].zone != 0) {
+ snprintf(buf, sizeof(buf), "%%%u",
+ confdata->nameservers[i].zone);
+ } else
+ buf[0] = 0;
+
+ fprintf(fp, "lwserver %s%s\n", tmp, buf);
}
if (confdata->domainname != NULL) {
Modified: vendor/bind/dist/lib/lwres/lwinetaton.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwinetaton.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwinetaton.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005, 2007, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1996-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -27,11 +27,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@@ -72,7 +68,7 @@
*/
#if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
-static char rcsid[] = "$Id: lwinetaton.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $";
+static char rcsid[] = "$Id: lwinetaton.c,v 1.16 2007/06/19 23:47:22 tbox Exp $";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
@@ -96,7 +92,8 @@
int
lwres_net_aton(const char *cp, struct in_addr *addr) {
lwres_uint32_t val;
- int base, n;
+ int base;
+ ptrdiff_t n;
unsigned char c;
lwres_uint8_t parts[4];
lwres_uint8_t *pp = parts;
Modified: vendor/bind/dist/lib/lwres/lwinetntop.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwinetntop.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwinetntop.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -19,7 +19,7 @@
*/
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] =
- "$Id: lwinetntop.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $";
+ "$Id: lwinetntop.c,v 1.18 2007/06/19 23:47:22 tbox Exp $";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
Modified: vendor/bind/dist/lib/lwres/lwinetpton.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwinetpton.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwinetpton.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1996-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@
*/
#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$Id: lwinetpton.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $";
+static char rcsid[] = "$Id$";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
@@ -90,8 +90,9 @@
const char *pch;
if ((pch = strchr(digits, ch)) != NULL) {
- unsigned int new = *tp * 10 + (pch - digits);
+ unsigned int new = *tp * 10;
+ new += (unsigned int)(pch - digits);
if (new > 255)
return (0);
*tp = new;
@@ -115,7 +116,7 @@
}
if (octets < 4)
return (0);
- memcpy(dst, tmp, NS_INADDRSZ);
+ memmove(dst, tmp, NS_INADDRSZ);
return (1);
}
@@ -198,7 +199,7 @@
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
- const int n = tp - colonp;
+ const int n = (int)(tp - colonp);
int i;
for (i = 1; i <= n; i++) {
@@ -209,6 +210,6 @@
}
if (tp != endp)
return (0);
- memcpy(dst, tmp, NS_IN6ADDRSZ);
+ memmove(dst, tmp, NS_IN6ADDRSZ);
return (1);
}
Modified: vendor/bind/dist/lib/lwres/lwpacket.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwpacket.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwpacket.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwpacket.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwpacket.c,v 1.18 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
Modified: vendor/bind/dist/lib/lwres/lwres_gabn.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwres_gabn.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwres_gabn.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwres_gabn.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwres_gabn.c,v 1.33 2007/06/19 23:47:22 tbox Exp $ */
/*! \file lwres_gabn.c
These are low-level routines for creating and parsing lightweight
@@ -40,23 +40,23 @@
typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t;
typedef struct {
- lwres_uint32_t flags;
- lwres_uint32_t addrtypes;
- lwres_uint16_t namelen;
- char *name;
+ lwres_uint32_t flags;
+ lwres_uint32_t addrtypes;
+ lwres_uint16_t namelen;
+ char *name;
} lwres_gabnrequest_t;
typedef struct {
- lwres_uint32_t flags;
- lwres_uint16_t naliases;
- lwres_uint16_t naddrs;
- char *realname;
- char **aliases;
- lwres_uint16_t realnamelen;
- lwres_uint16_t *aliaslen;
- lwres_addrlist_t addrs;
- void *base;
- size_t baselen;
+ lwres_uint32_t flags;
+ lwres_uint16_t naliases;
+ lwres_uint16_t naddrs;
+ char *realname;
+ char **aliases;
+ lwres_uint16_t realnamelen;
+ lwres_uint16_t *aliaslen;
+ lwres_addrlist_t addrs;
+ void *base;
+ size_t baselen;
} lwres_gabnresponse_t;
\endcode
@@ -142,9 +142,9 @@
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_GETADDRSBYNAME;
@@ -223,9 +223,9 @@
buf = CTXMALLOC(buflen);
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_GETADDRSBYNAME;
Modified: vendor/bind/dist/lib/lwres/lwres_gnba.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwres_gnba.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwres_gnba.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwres_gnba.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwres_gnba.c,v 1.28 2007/09/24 17:18:25 each Exp $ */
/*! \file lwres_gnba.c
These are low-level routines for creating and parsing lightweight
@@ -29,7 +29,7 @@
structure. Another render function converts the getnamebyaddr
response structure -- lwres_gnbaresponse_t to the canonical format.
This is complemented by a parse function which converts a packet in
- canonical format to a getnamebyaddr response structure.
+ canonical format to a getnamebyaddr response structure.
These structures are defined in \link lwres.h <lwres/lwres.h.>\endlink They are shown
below.
@@ -38,19 +38,19 @@
#define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U
typedef struct {
- lwres_uint32_t flags;
- lwres_addr_t addr;
+ lwres_uint32_t flags;
+ lwres_addr_t addr;
} lwres_gnbarequest_t;
typedef struct {
- lwres_uint32_t flags;
- lwres_uint16_t naliases;
- char *realname;
- char **aliases;
- lwres_uint16_t realnamelen;
- lwres_uint16_t *aliaslen;
- void *base;
- size_t baselen;
+ lwres_uint32_t flags;
+ lwres_uint16_t naliases;
+ char *realname;
+ char **aliases;
+ lwres_uint16_t realnamelen;
+ lwres_uint16_t *aliaslen;
+ void *base;
+ size_t baselen;
} lwres_gnbaresponse_t;
\endcode
@@ -66,14 +66,14 @@
of packet pkt to a lwres_gnbarequest_t structure. Buffer b provides
space to be used for storing this structure. When the function
succeeds, the resulting lwres_gnbarequest_t is made available
- through *structp. lwres_gnbaresponse_parse() offers the same
-semantics as lwres_gnbarequest_parse() except it yields a
+ through *structp. lwres_gnbaresponse_parse() offers the same
+semantics as lwres_gnbarequest_parse() except it yields a
lwres_gnbaresponse_t structure.
lwres_gnbaresponse_free() and lwres_gnbarequest_free() release the
- memory in resolver context ctx that was allocated to the
- lwres_gnbaresponse_t or lwres_gnbarequest_t structures referenced
- via structp. Any memory associated with ancillary buffers and
+ memory in resolver context ctx that was allocated to the
+ lwres_gnbaresponse_t or lwres_gnbarequest_t structures referenced
+ via structp. Any memory associated with ancillary buffers and
strings for those structures is also discarded.
\section lwres_gbna_return Return Values
@@ -135,9 +135,9 @@
buf = CTXMALLOC(buflen);
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_GETNAMEBYADDR;
@@ -199,9 +199,9 @@
buf = CTXMALLOC(buflen);
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_GETNAMEBYADDR;
Modified: vendor/bind/dist/lib/lwres/lwres_grbn.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwres_grbn.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwres_grbn.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwres_grbn.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwres_grbn.c,v 1.10 2007/06/19 23:47:22 tbox Exp $ */
/*! \file lwres_grbn.c
@@ -61,9 +61,9 @@
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_GETRDATABYNAME;
@@ -139,9 +139,9 @@
buf = CTXMALLOC(buflen);
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_GETRDATABYNAME;
Modified: vendor/bind/dist/lib/lwres/lwres_noop.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwres_noop.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwres_noop.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwres_noop.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwres_noop.c,v 1.19 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
@@ -22,11 +22,11 @@
/**
* These are low-level routines for creating and parsing lightweight
* resolver no-op request and response messages.
- *
+ *
* The no-op message is analogous to a ping packet: a packet is sent to
* the resolver daemon and is simply echoed back. The opcode is intended
* to allow a client to determine if the server is operational or not.
- *
+ *
* There are four main functions for the no-op opcode. One render
* function converts a no-op request structure -- lwres_nooprequest_t --
* to the lighweight resolver's canonical format. It is complemented by a
@@ -35,27 +35,27 @@
* response structure -- lwres_noopresponse_t to the canonical format.
* This is complemented by a parse function which converts a packet in
* canonical format to a no-op response structure.
- *
+ *
* These structures are defined in \link lwres.h <lwres/lwres.h.> \endlink They are shown below.
- *
+ *
* \code
* #define LWRES_OPCODE_NOOP 0x00000000U
- *
+ *
* typedef struct {
* lwres_uint16_t datalength;
* unsigned char *data;
* } lwres_nooprequest_t;
- *
+ *
* typedef struct {
* lwres_uint16_t datalength;
* unsigned char *data;
* } lwres_noopresponse_t;
* \endcode
- *
+ *
* Although the structures have different types, they are identical. This
* is because the no-op opcode simply echos whatever data was sent: the
* response is therefore identical to the request.
- *
+ *
* lwres_nooprequest_render() uses resolver context ctx to convert no-op
* request structure req to canonical format. The packet header structure
* pkt is initialised and transferred to buffer b. The contents of *req
@@ -63,7 +63,7 @@
* lwres_noopresponse_render() performs the same task, except it converts
* a no-op response structure lwres_noopresponse_t to the lightweight
* resolver's canonical format.
- *
+ *
* lwres_nooprequest_parse() uses context ctx to convert the contents of
* packet pkt to a lwres_nooprequest_t structure. Buffer b provides space
* to be used for storing this structure. When the function succeeds, the
@@ -71,14 +71,14 @@
* lwres_noopresponse_parse() offers the same semantics as
* lwres_nooprequest_parse() except it yields a lwres_noopresponse_t
* structure.
- *
+ *
* lwres_noopresponse_free() and lwres_nooprequest_free() release the
* memory in resolver context ctx that was allocated to the
* lwres_noopresponse_t or lwres_nooprequest_t structures referenced via
* structp.
- *
+ *
* \section lwres_noop_return Return Values
- *
+ *
* The no-op opcode functions lwres_nooprequest_render(),
* lwres_noopresponse_render() lwres_nooprequest_parse() and
* lwres_noopresponse_parse() all return #LWRES_R_SUCCESS on success. They
@@ -91,9 +91,9 @@
* received packet. These functions will return #LWRES_R_FAILURE if
* pktflags in the packet header structure #lwres_lwpacket_t indicate that
* the packet is not a response to an earlier query.
- *
+ *
* \section lwres_noop_see See Also
- *
+ *
* lwpacket.c
*/
@@ -132,9 +132,9 @@
buf = CTXMALLOC(buflen);
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_NOOP;
@@ -185,9 +185,9 @@
buf = CTXMALLOC(buflen);
if (buf == NULL)
return (LWRES_R_NOMEMORY);
- lwres_buffer_init(b, buf, buflen);
+ lwres_buffer_init(b, buf, (unsigned int)buflen);
- pkt->length = buflen;
+ pkt->length = (lwres_uint32_t)buflen;
pkt->version = LWRES_LWPACKETVERSION_0;
pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE;
pkt->opcode = LWRES_OPCODE_NOOP;
Modified: vendor/bind/dist/lib/lwres/lwresutil.c
===================================================================
--- vendor/bind/dist/lib/lwres/lwresutil.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/lwresutil.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwresutil.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id: lwresutil.c,v 1.34 2007/06/19 23:47:22 tbox Exp $ */
/*! \file */
@@ -27,7 +27,7 @@
* given by *len. The buffer's current pointer is advanced to point at
* the character following the string length, the encoded string, and
* the trailing NULL character.
- *
+ *
* lwres_addr_parse() extracts an address from the buffer b. The
* buffer's current pointer b->current is presumed to point at an
* encoded address: the address preceded by a 32-bit protocol family
@@ -36,10 +36,10 @@
* the address that was copied. b->current is advanced to point at the
* next byte of available data in the buffer following the encoded
* address.
- *
+ *
* lwres_getaddrsbyname() and lwres_getnamebyaddr() use the
* lwres_gnbaresponse_t structure defined below:
- *
+ *
* \code
* typedef struct {
* lwres_uint32_t flags;
@@ -54,45 +54,45 @@
* size_t baselen;
* } lwres_gabnresponse_t;
* \endcode
- *
+ *
* The contents of this structure are not manipulated directly but
- * they are controlled through the \link lwres_gabn.c lwres_gabn*\endlink functions.
- *
+ * they are controlled through the \link lwres_gabn.c lwres_gabn*\endlink functions.
+ *
* The lightweight resolver uses lwres_getaddrsbyname() to perform
* foward lookups. Hostname name is looked up using the resolver
- * context ctx for memory allocation. addrtypes is a bitmask
+ * context ctx for memory allocation. addrtypes is a bitmask
* indicating which type of addresses are to be looked up. Current
* values for this bitmask are #LWRES_ADDRTYPE_V4 for IPv4 addresses
* and #LWRES_ADDRTYPE_V6 for IPv6 addresses. Results of the lookup are
* returned in *structp.
- *
- * lwres_getnamebyaddr() performs reverse lookups. Resolver context
+ *
+ * lwres_getnamebyaddr() performs reverse lookups. Resolver context
* ctx is used for memory allocation. The address type is indicated by
* addrtype: #LWRES_ADDRTYPE_V4 or #LWRES_ADDRTYPE_V6. The address to be
- * looked up is given by addr and its length is addrlen bytes. The
- * result of the function call is made available through *structp.
- *
+ * looked up is given by addr and its length is addrlen bytes. The
+ * result of the function call is made available through *structp.
+ *
* \section lwresutil_return Return Values
- *
+ *
* Successful calls to lwres_string_parse() and lwres_addr_parse()
- * return #LWRES_R_SUCCESS. Both functions return #LWRES_R_FAILURE if
- * the buffer is corrupt or #LWRES_R_UNEXPECTEDEND if the buffer has
+ * return #LWRES_R_SUCCESS. Both functions return #LWRES_R_FAILURE if
+ * the buffer is corrupt or #LWRES_R_UNEXPECTEDEND if the buffer has
* less space than expected for the components of the encoded string
* or address.
- *
+ *
* lwres_getaddrsbyname() returns #LWRES_R_SUCCESS on success and it
* returns #LWRES_R_NOTFOUND if the hostname name could not be found.
- *
+ *
* #LWRES_R_SUCCESS is returned by a successful call to
* lwres_getnamebyaddr().
- *
+ *
* Both lwres_getaddrsbyname() and lwres_getnamebyaddr() return
* #LWRES_R_NOMEMORY when memory allocation requests fail and
* #LWRES_R_UNEXPECTEDEND if the buffers used for sending queries and
- * receiving replies are too small.
- *
+ * receiving replies are too small.
+ *
* \section lwresutil_see See Also
- *
+ *
* lwbuffer.c, lwres_gabn.c
*/
@@ -390,7 +390,7 @@
request.flags = 0;
request.addr.family = addrtype;
request.addr.length = addrlen;
- memcpy(request.addr.address, addr, addrlen);
+ memmove(request.addr.address, addr, addrlen);
pkt.pktflags = 0;
pkt.serial = serial;
pkt.result = 0;
Modified: vendor/bind/dist/lib/lwres/man/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/man/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id: Makefile.in,v 1.9 2007/06/19 23:47:23 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/lwres/man/lwres.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: June 18, 2007
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES" "3" "June 18, 2007" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -39,7 +39,7 @@
.PP
The BIND 9 lightweight resolver library is a simple, name service independent stub resolver library. It provides hostname\-to\-address and address\-to\-hostname lookup services to applications by transmitting lookup requests to a resolver daemon
\fBlwresd\fR
-running on the local host. The resover daemon performs the lookup using the DNS or possibly other name service protocols, and returns the results to the application through the library. The library and resolver daemon communicate using a simple UDP\-based protocol.
+running on the local host. The resolver daemon performs the lookup using the DNS or possibly other name service protocols, and returns the results to the application through the library. The library and resolver daemon communicate using a simple UDP\-based protocol.
.SH "OVERVIEW"
.PP
The lwresd library implements multiple name service APIs. The standard
@@ -159,7 +159,7 @@
\fBresolver\fR(5),
\fBlwresd\fR(8).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>June 18, 2007</date>
</refentryinfo>
<refmeta>
@@ -40,6 +39,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -63,7 +63,7 @@
and address-to-hostname lookup services to applications by
transmitting lookup requests to a resolver daemon
<command>lwresd</command>
- running on the local host. The resover daemon performs the
+ running on the local host. The resolver daemon performs the
lookup using the DNS or possibly other name service protocols,
and returns the results to the application through the library.
The library and resolver daemon communicate using a simple
Modified: vendor/bind/dist/lib/lwres/man/lwres.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476274"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres — introduction to the lightweight resolver library</p>
@@ -32,7 +32,7 @@
<div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <lwres/lwres.h></pre></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543350"></a><h2>DESCRIPTION</h2>
+<a name="id2543360"></a><h2>DESCRIPTION</h2>
<p>
The BIND 9 lightweight resolver library is a simple, name service
independent stub resolver library. It provides hostname-to-address
@@ -39,7 +39,7 @@
and address-to-hostname lookup services to applications by
transmitting lookup requests to a resolver daemon
<span><strong class="command">lwresd</strong></span>
- running on the local host. The resover daemon performs the
+ running on the local host. The resolver daemon performs the
lookup using the DNS or possibly other name service protocols,
and returns the results to the application through the library.
The library and resolver daemon communicate using a simple
@@ -47,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543363"></a><h2>OVERVIEW</h2>
+<a name="id2543372"></a><h2>OVERVIEW</h2>
<p>
The lwresd library implements multiple name service APIs.
The standard
@@ -101,7 +101,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543427"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2>
+<a name="id2543436"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2>
<p>
When a client program wishes to make an lwres request using the
native low-level API, it typically performs the following
@@ -149,7 +149,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543575"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2>
+<a name="id2543585"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2>
<p>
When implementing the server side of the lightweight resolver
protocol using the lwres library, a sequence of actions like the
@@ -191,7 +191,7 @@
<p></p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543658"></a><h2>SEE ALSO</h2>
+<a name="id2543668"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_gethostent</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getipnode</span>(3)</span>,
Modified: vendor/bind/dist/lib/lwres/man/lwres_buffer.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_buffer.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_buffer.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_buffer.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_buffer
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: June 18, 2007
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_BUFFER" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_BUFFER" "3" "June 18, 2007" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -227,7 +227,7 @@
to
\fIbase\fR.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_buffer.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_buffer.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_buffer.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_buffer.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>June 18, 2007</date>
</refentryinfo>
<refmeta>
@@ -35,6 +34,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_buffer.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_buffer.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_buffer.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_buffer.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem — lightweight resolver buffer management</p>
@@ -262,7 +262,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543893"></a><h2>DESCRIPTION</h2>
+<a name="id2543904"></a><h2>DESCRIPTION</h2>
<p>
These functions provide bounds checked access to a region of memory
where data is being read or written.
Modified: vendor/bind/dist/lib/lwres/man/lwres_config.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_config.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_config.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_config.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_config
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_CONFIG" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_CONFIG" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -100,7 +100,7 @@
.PP
\fI/etc/resolv.conf\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_config.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_config.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_config.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_config.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_config.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_config.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_config.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_config.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get — lightweight resolver configuration</p>
@@ -90,7 +90,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543445"></a><h2>DESCRIPTION</h2>
+<a name="id2543456"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_conf_init()</code>
creates an empty
<span class="type">lwres_conf_t</span>
@@ -123,7 +123,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543512"></a><h2>RETURN VALUES</h2>
+<a name="id2543523"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_conf_parse()</code>
returns <span class="errorcode">LWRES_R_SUCCESS</span>
if it successfully read and parsed
@@ -142,13 +142,13 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543549"></a><h2>SEE ALSO</h2>
+<a name="id2543560"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">stdio</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543575"></a><h2>FILES</h2>
+<a name="id2543586"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
Modified: vendor/bind/dist/lib/lwres/man/lwres_context.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_context.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_context.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_context.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_context
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_CONTEXT" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_CONTEXT" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -164,7 +164,7 @@
\fBmalloc\fR(3),
\fBfree\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_context.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_context.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_context.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_context.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_context.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_context.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_context.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_context.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management</p>
@@ -172,7 +172,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543536"></a><h2>DESCRIPTION</h2>
+<a name="id2543546"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_context_create()</code>
creates a <span class="type">lwres_context_t</span> structure for use in
lightweight resolver operations. It holds a socket and other
@@ -258,7 +258,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543723"></a><h2>RETURN VALUES</h2>
+<a name="id2543734"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_context_create()</code>
returns <span class="errorcode">LWRES_R_NOMEMORY</span> if memory for
the <span class="type">struct lwres_context</span> could not be allocated,
@@ -283,7 +283,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543773"></a><h2>SEE ALSO</h2>
+<a name="id2543784"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_conf_init</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">malloc</span>(3)</span>,
Modified: vendor/bind/dist/lib/lwres/man/lwres_gabn.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gabn.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gabn.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gabn.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_gabn
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GABN" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_GABN" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -53,7 +53,7 @@
.PP
There are four main functions for the getaddrbyname opcode. One render function converts a getaddrbyname request structure \(em
\fBlwres_gabnrequest_t\fR
-\(em to the lighweight resolver's canonical format. It is complemented by a parse function that converts a packet in this canonical format to a getaddrbyname request structure. Another render function converts the getaddrbyname response structure \(em
+\(em to the lightweight resolver's canonical format. It is complemented by a parse function that converts a packet in this canonical format to a getaddrbyname request structure. Another render function converts the getaddrbyname response structure \(em
\fBlwres_gabnresponse_t\fR
\(em to the canonical format. This is complemented by a parse function which converts a packet in canonical format to a getaddrbyname response structure.
.PP
@@ -189,7 +189,7 @@
.PP
\fBlwres_packet\fR(3)
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_gabn.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gabn.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gabn.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gabn.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -121,7 +121,7 @@
There are four main functions for the getaddrbyname opcode.
One render function converts a getaddrbyname request structure —
<type>lwres_gabnrequest_t</type> —
- to the lighweight resolver's canonical format.
+ to the lightweight resolver's canonical format.
It is complemented by a parse function that converts a packet in this
canonical format to a getaddrbyname request structure.
Another render function converts the getaddrbyname response structure
Modified: vendor/bind/dist/lib/lwres/man/lwres_gabn.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gabn.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gabn.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gabn.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling</p>
@@ -178,7 +178,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543526"></a><h2>DESCRIPTION</h2>
+<a name="id2543537"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver name-to-address lookup request and
@@ -188,7 +188,7 @@
There are four main functions for the getaddrbyname opcode.
One render function converts a getaddrbyname request structure —
<span class="type">lwres_gabnrequest_t</span> —
- to the lighweight resolver's canonical format.
+ to the lightweight resolver's canonical format.
It is complemented by a parse function that converts a packet in this
canonical format to a getaddrbyname request structure.
Another render function converts the getaddrbyname response structure
@@ -278,7 +278,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543671"></a><h2>RETURN VALUES</h2>
+<a name="id2543682"></a><h2>RETURN VALUES</h2>
<p>
The getaddrbyname opcode functions
<code class="function">lwres_gabnrequest_render()</code>,
@@ -316,7 +316,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543737"></a><h2>SEE ALSO</h2>
+<a name="id2543748"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>
</p>
</div>
Modified: vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gai_strerror.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_gai_strerror
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GAI_STRERROR" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_GAI_STRERROR" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -123,7 +123,7 @@
\fBgetaddrinfo\fR(3),
\fBRFC2133\fR().
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gai_strerror.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gai_strerror.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gai_strerror.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gai_strerror — print suitable error string</p>
@@ -42,7 +42,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543365"></a><h2>DESCRIPTION</h2>
+<a name="id2543376"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_gai_strerror()</code>
returns an error message corresponding to an error code returned by
<code class="function">getaddrinfo()</code>.
@@ -110,7 +110,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543580"></a><h2>SEE ALSO</h2>
+<a name="id2543591"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">strerror</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getaddrinfo</span>(3)</span>,
Modified: vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getaddrinfo.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_getaddrinfo
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GETADDRINFO" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_GETADDRINFO" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -240,7 +240,7 @@
\fBsendmsg\fR(2),
\fBsocket\fR(2).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getaddrinfo.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getaddrinfo.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getaddrinfo.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name</p>
@@ -89,7 +89,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543416"></a><h2>DESCRIPTION</h2>
+<a name="id2543427"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_getaddrinfo()</code>
is used to get a list of IP addresses and port numbers for host
<em class="parameter"><code>hostname</code></em> and service
@@ -283,7 +283,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543794"></a><h2>RETURN VALUES</h2>
+<a name="id2543804"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_getaddrinfo()</code>
returns zero on success or one of the error codes listed in
<span class="citerefentry"><span class="refentrytitle">gai_strerror</span>(3)</span>
@@ -294,7 +294,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543831"></a><h2>SEE ALSO</h2>
+<a name="id2543842"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getaddrinfo</span>(3)</span>,
Modified: vendor/bind/dist/lib/lwres/man/lwres_gethostent.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gethostent.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gethostent.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gethostent.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_gethostent
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GETHOSTENT" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_GETHOSTENT" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -309,7 +309,7 @@
or
\fBNIS\fR, consequently the above functions don't, either.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_gethostent.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gethostent.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gethostent.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gethostent.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_gethostent.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gethostent.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gethostent.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gethostent.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry</p>
@@ -228,7 +228,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543612"></a><h2>DESCRIPTION</h2>
+<a name="id2543623"></a><h2>DESCRIPTION</h2>
<p>
These functions provide hostname-to-address and
address-to-hostname lookups by means of the lightweight resolver.
@@ -366,7 +366,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543963"></a><h2>RETURN VALUES</h2>
+<a name="id2543974"></a><h2>RETURN VALUES</h2>
<p>
The functions
<code class="function">lwres_gethostbyname()</code>,
@@ -430,7 +430,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544197"></a><h2>SEE ALSO</h2>
+<a name="id2544208"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">gethostent</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getipnode</span>(3)</span>,
@@ -439,7 +439,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544231"></a><h2>BUGS</h2>
+<a name="id2544242"></a><h2>BUGS</h2>
<p><code class="function">lwres_gethostbyname()</code>,
<code class="function">lwres_gethostbyname2()</code>,
<code class="function">lwres_gethostbyaddr()</code>
Modified: vendor/bind/dist/lib/lwres/man/lwres_getipnode.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getipnode.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getipnode.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getipnode.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_getipnode
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GETIPNODE" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_GETIPNODE" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -200,7 +200,7 @@
\fBlwres_getnameinfo\fR(3),
\fBlwres_hstrerror\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_getipnode.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getipnode.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getipnode.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getipnode.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_getipnode.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getipnode.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getipnode.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getipnode.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API</p>
@@ -98,7 +98,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543435"></a><h2>DESCRIPTION</h2>
+<a name="id2543446"></a><h2>DESCRIPTION</h2>
<p>
These functions perform thread safe, protocol independent
nodename-to-address and address-to-nodename
@@ -217,7 +217,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543693"></a><h2>RETURN VALUES</h2>
+<a name="id2543704"></a><h2>RETURN VALUES</h2>
<p>
If an error occurs,
<code class="function">lwres_getipnodebyname()</code>
@@ -261,7 +261,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543790"></a><h2>SEE ALSO</h2>
+<a name="id2543801"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2553</span></span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
Modified: vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getnameinfo.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_getnameinfo
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GETNAMEINFO" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_GETNAMEINFO" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -111,7 +111,7 @@
\fBgetnameinfo\fR(3)
are.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getnameinfo.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getnameinfo.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getnameinfo.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getnameinfo — lightweight resolver socket address structure to hostname and
@@ -82,7 +82,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543397"></a><h2>DESCRIPTION</h2>
+<a name="id2543408"></a><h2>DESCRIPTION</h2>
<p>
This function is equivalent to the
<span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span> function defined in RFC2133.
@@ -149,13 +149,13 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543539"></a><h2>RETURN VALUES</h2>
+<a name="id2543549"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_getnameinfo()</code>
returns 0 on success or a non-zero error code if an error occurs.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543550"></a><h2>SEE ALSO</h2>
+<a name="id2543561"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2133</span></span>,
<span class="citerefentry"><span class="refentrytitle">getservbyport</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
@@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543608"></a><h2>BUGS</h2>
+<a name="id2543619"></a><h2>BUGS</h2>
<p>
RFC2133 fails to define what the nonzero return values of
<span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span>
Modified: vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getrrsetbyname.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_getrrsetbyname
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Oct 18, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GETRRSETBYNAME" "3" "Oct 18, 2000" "BIND9" "BIND9"
+.TH "LWRES_GETRRSETBYNAME" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -158,7 +158,7 @@
.PP
\fBlwres\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getrrsetbyname.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Oct 18, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_getrrsetbyname.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getrrsetbyname.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records</p>
@@ -102,7 +102,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543418"></a><h2>DESCRIPTION</h2>
+<a name="id2543429"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_getrrsetbyname()</code>
gets a set of resource records associated with a
<em class="parameter"><code>hostname</code></em>, <em class="parameter"><code>class</code></em>,
@@ -150,7 +150,7 @@
<p></p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543530"></a><h2>RETURN VALUES</h2>
+<a name="id2543541"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_getrrsetbyname()</code>
returns zero on success, and one of the following error codes if
an error occurred:
@@ -184,7 +184,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543630"></a><h2>SEE ALSO</h2>
+<a name="id2543641"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>.
</p>
</div>
Modified: vendor/bind/dist/lib/lwres/man/lwres_gnba.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gnba.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gnba.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gnba.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_gnba
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_GNBA" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_GNBA" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -177,7 +177,7 @@
.PP
\fBlwres_packet\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_gnba.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gnba.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gnba.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gnba.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_gnba.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_gnba.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_gnba.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gnba.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling</p>
@@ -183,7 +183,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543529"></a><h2>DESCRIPTION</h2>
+<a name="id2543540"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver address-to-name lookup request and
@@ -270,7 +270,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543669"></a><h2>RETURN VALUES</h2>
+<a name="id2543680"></a><h2>RETURN VALUES</h2>
<p>
The getnamebyaddr opcode functions
<code class="function">lwres_gnbarequest_render()</code>,
@@ -308,7 +308,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543735"></a><h2>SEE ALSO</h2>
+<a name="id2543746"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>.
</p>
</div>
Modified: vendor/bind/dist/lib/lwres/man/lwres_hstrerror.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_hstrerror.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_hstrerror.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_hstrerror.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_hstrerror
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_HSTRERROR" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_HSTRERROR" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -93,7 +93,7 @@
\fBherror\fR(3),
\fBlwres_hstrerror\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_hstrerror.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_hstrerror.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_hstrerror.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_hstrerror.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_hstrerror.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_hstrerror.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_hstrerror.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_hstrerror.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_herror, lwres_hstrerror — lightweight resolver error message generation</p>
@@ -50,7 +50,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543383"></a><h2>DESCRIPTION</h2>
+<a name="id2543394"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_herror()</code>
prints the string <em class="parameter"><code>s</code></em> on
<span class="type">stderr</span> followed by the string generated by
@@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543501"></a><h2>RETURN VALUES</h2>
+<a name="id2543512"></a><h2>RETURN VALUES</h2>
<p>
The string <span class="errorname">Unknown resolver error</span> is returned by
<code class="function">lwres_hstrerror()</code>
@@ -94,7 +94,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543522"></a><h2>SEE ALSO</h2>
+<a name="id2543532"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">herror</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_hstrerror</span>(3)</span>.
Modified: vendor/bind/dist/lib/lwres/man/lwres_inetntop.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_inetntop.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_inetntop.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_inetntop.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_inetntop
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_INETNTOP" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_INETNTOP" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -71,7 +71,7 @@
\fBinet_ntop\fR(3),
\fBerrno\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_inetntop.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_inetntop.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_inetntop.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_inetntop.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_inetntop.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_inetntop.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_inetntop.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_inetntop.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_net_ntop — lightweight resolver IP address presentation</p>
@@ -62,7 +62,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543383"></a><h2>DESCRIPTION</h2>
+<a name="id2543394"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_net_ntop()</code>
converts an IP address of protocol family
<em class="parameter"><code>af</code></em> — IPv4 or IPv6 — at
@@ -80,7 +80,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543415"></a><h2>RETURN VALUES</h2>
+<a name="id2543426"></a><h2>RETURN VALUES</h2>
<p>
If successful, the function returns <em class="parameter"><code>dst</code></em>:
a pointer to a string containing the presentation format of the
@@ -93,7 +93,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543448"></a><h2>SEE ALSO</h2>
+<a name="id2543459"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC1884</span></span>,
<span class="citerefentry"><span class="refentrytitle">inet_ntop</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">errno</span>(3)</span>.
Modified: vendor/bind/dist/lib/lwres/man/lwres_noop.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_noop.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_noop.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_noop.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_noop
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_NOOP" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_NOOP" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -57,7 +57,7 @@
.PP
There are four main functions for the no\-op opcode. One render function converts a no\-op request structure \(em
\fBlwres_nooprequest_t\fR
-\(em to the lighweight resolver's canonical format. It is complemented by a parse function that converts a packet in this canonical format to a no\-op request structure. Another render function converts the no\-op response structure \(em
+\(em to the lightweight resolver's canonical format. It is complemented by a parse function that converts a packet in this canonical format to a no\-op request structure. Another render function converts the no\-op response structure \(em
\fBlwres_noopresponse_t\fR
to the canonical format. This is complemented by a parse function which converts a packet in canonical format to a no\-op response structure.
.PP
@@ -177,7 +177,7 @@
.PP
\fBlwres_packet\fR(3)
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_noop.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_noop.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_noop.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_noop.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -128,7 +128,7 @@
There are four main functions for the no-op opcode.
One render function converts a no-op request structure —
<type>lwres_nooprequest_t</type> —
- to the lighweight resolver's canonical format.
+ to the lightweight resolver's canonical format.
It is complemented by a parse function that converts a packet in this
canonical format to a no-op request structure.
Another render function converts the no-op response structure —
Modified: vendor/bind/dist/lib/lwres/man/lwres_noop.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_noop.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_noop.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_noop.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling</p>
@@ -179,7 +179,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543526"></a><h2>DESCRIPTION</h2>
+<a name="id2543537"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver no-op request and response messages.
@@ -195,7 +195,7 @@
There are four main functions for the no-op opcode.
One render function converts a no-op request structure —
<span class="type">lwres_nooprequest_t</span> —
- to the lighweight resolver's canonical format.
+ to the lightweight resolver's canonical format.
It is complemented by a parse function that converts a packet in this
canonical format to a no-op request structure.
Another render function converts the no-op response structure —
@@ -270,7 +270,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543676"></a><h2>RETURN VALUES</h2>
+<a name="id2543687"></a><h2>RETURN VALUES</h2>
<p>
The no-op opcode functions
<code class="function">lwres_nooprequest_render()</code>,
@@ -309,7 +309,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543742"></a><h2>SEE ALSO</h2>
+<a name="id2543753"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>
</p>
</div>
Modified: vendor/bind/dist/lib/lwres/man/lwres_packet.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_packet.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_packet.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_packet.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_packet
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_PACKET" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_PACKET" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -164,7 +164,7 @@
both functions return
\fBLWRES_R_UNEXPECTEDEND\fR.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_packet.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_packet.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_packet.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_packet.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
Modified: vendor/bind/dist/lib/lwres/man/lwres_packet.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_packet.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_packet.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_packet.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions</p>
@@ -66,7 +66,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543394"></a><h2>DESCRIPTION</h2>
+<a name="id2543404"></a><h2>DESCRIPTION</h2>
<p>
These functions rely on a
<span class="type">struct lwres_lwpacket</span>
@@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543710"></a><h2>RETURN VALUES</h2>
+<a name="id2543721"></a><h2>RETURN VALUES</h2>
<p>
Successful calls to
<code class="function">lwres_lwpacket_renderheader()</code> and
Modified: vendor/bind/dist/lib/lwres/man/lwres_resutil.3
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_resutil.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_resutil.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_resutil.3,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+.\" $Id$
.\"
.hy 0
.ad l
@@ -20,11 +20,11 @@
.\" Title: lwres_resutil
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: March 10, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "LWRES_RESUTIL" "3" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "LWRES_RESUTIL" "3" "March 10, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -97,7 +97,7 @@
.PP
The lightweight resolver uses
\fBlwres_getaddrsbyname()\fR
-to perform foward lookups. Hostname
+to perform forward lookups. Hostname
\fIname\fR
is looked up using the resolver context
\fIctx\fR
@@ -164,7 +164,7 @@
\fBlwres_buffer\fR(3),
\fBlwres_gabn\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
Modified: vendor/bind/dist/lib/lwres/man/lwres_resutil.docbook
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_resutil.docbook 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_resutil.docbook 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,11 +18,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_resutil.docbook,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
<refentry>
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>March 10, 2012</date>
</refentryinfo>
<refmeta>
@@ -37,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2012</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -154,7 +154,7 @@
<para>
The lightweight resolver uses
<function>lwres_getaddrsbyname()</function> to perform
- foward lookups.
+ forward lookups.
Hostname <parameter>name</parameter> is looked up using the
resolver
context <parameter>ctx</parameter> for memory allocation.
Modified: vendor/bind/dist/lib/lwres/man/lwres_resutil.html
===================================================================
--- vendor/bind/dist/lib/lwres/man/lwres_resutil.html 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/man/lwres_resutil.html 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_resutil.html,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ -->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -22,7 +22,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2476282"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions</p>
@@ -134,7 +134,7 @@
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543470"></a><h2>DESCRIPTION</h2>
+<a name="id2543481"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_string_parse()</code>
retrieves a DNS-encoded string starting the current pointer of
lightweight resolver buffer <em class="parameter"><code>b</code></em>: i.e.
@@ -186,7 +186,7 @@
<p>
The lightweight resolver uses
<code class="function">lwres_getaddrsbyname()</code> to perform
- foward lookups.
+ forward lookups.
Hostname <em class="parameter"><code>name</code></em> is looked up using the
resolver
context <em class="parameter"><code>ctx</code></em> for memory allocation.
@@ -210,7 +210,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543609"></a><h2>RETURN VALUES</h2>
+<a name="id2543620"></a><h2>RETURN VALUES</h2>
<p>
Successful calls to
<code class="function">lwres_string_parse()</code>
@@ -248,7 +248,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543681"></a><h2>SEE ALSO</h2>
+<a name="id2543691"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_buffer</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_gabn</span>(3)</span>.
Modified: vendor/bind/dist/lib/lwres/print.c
===================================================================
--- vendor/bind/dist/lib/lwres/print.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/print.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: print.c,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $ */
-
#include <config.h>
#include <ctype.h>
@@ -26,6 +24,7 @@
#define LWRES__PRINT_SOURCE /* Used to get the lwres_print_* prototypes. */
#include <lwres/stdlib.h>
+#include <lwres/string.h>
#include "assert_p.h"
#include "print_p.h"
Modified: vendor/bind/dist/lib/lwres/print_p.h
===================================================================
--- vendor/bind/dist/lib/lwres/print_p.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/print_p.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: print_p.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
#ifndef LWRES_PRINT_P_H
#define LWRES_PRINT_P_H 1
Deleted: vendor/bind/dist/lib/lwres/strtoul.c
===================================================================
--- vendor/bind/dist/lib/lwres/strtoul.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/strtoul.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,135 +0,0 @@
-/*
- * Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2003 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Copyright (c) 1990, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*! \file */
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-/* $Id: strtoul.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
-
-#include <config.h>
-
-#include <limits.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include <lwres/stdlib.h>
-
-#define DE_CONST(konst, var) \
- do { \
- union { const void *k; void *v; } _u; \
- _u.k = konst; \
- var = _u.v; \
- } while (0)
-
-/*!
- * Convert a string to an unsigned long integer.
- *
- * Ignores `locale' stuff. Assumes that the upper and lower case
- * alphabets and digits are each contiguous.
- */
-unsigned long
-lwres_strtoul(const char *nptr, char **endptr, int base) {
- const char *s = nptr;
- unsigned long acc;
- unsigned char c;
- unsigned long cutoff;
- int neg = 0, any, cutlim;
-
- /*
- * See strtol for comments as to the logic used.
- */
- do {
- c = *s++;
- } while (isspace(c));
- if (c == '-') {
- neg = 1;
- c = *s++;
- } else if (c == '+')
- c = *s++;
- if ((base == 0 || base == 16) &&
- c == '0' && (*s == 'x' || *s == 'X')) {
- c = s[1];
- s += 2;
- base = 16;
- }
- if (base == 0)
- base = c == '0' ? 8 : 10;
- cutoff = (unsigned long)ULONG_MAX / (unsigned long)base;
- cutlim = (unsigned long)ULONG_MAX % (unsigned long)base;
- for (acc = 0, any = 0;; c = *s++) {
- if (!isascii(c))
- break;
- if (isdigit(c))
- c -= '0';
- else if (isalpha(c))
- c -= isupper(c) ? 'A' - 10 : 'a' - 10;
- else
- break;
- if (c >= base)
- break;
- if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
- any = -1;
- else {
- any = 1;
- acc *= base;
- acc += c;
- }
- }
- if (any < 0) {
- acc = ULONG_MAX;
- errno = ERANGE;
- } else if (neg)
- acc = -acc;
- if (endptr != 0)
- DE_CONST(any ? s - 1 : nptr, *endptr);
- return (acc);
-}
Added: vendor/bind/dist/lib/lwres/tests/Atffile
===================================================================
--- vendor/bind/dist/lib/lwres/tests/Atffile (rev 0)
+++ vendor/bind/dist/lib/lwres/tests/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,5 @@
+Content-Type: application/X-atf-atffile; version="1"
+
+prop: test-suite = bind9
+
+tp-glob: *_test
Added: vendor/bind/dist/lib/lwres/tests/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/tests/Makefile.in (rev 0)
+++ vendor/bind/dist/lib/lwres/tests/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,54 @@
+# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id$
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+# Attempt to disable parallel processing.
+.NOTPARALLEL:
+.NO_PARALLEL:
+
+ at BIND9_VERSION@
+
+ at BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I. -Iinclude -I../include ${LWRES_INCLUDES}
+CDEFINES = -DTESTS="\"${top_builddir}/lib/lwres/tests/\""
+
+LWRESLIBS = ../liblwres. at A@
+LWRESDEPLIBS = ../liblwres. at A@
+
+LIBS = @LIBS@ @ATFLIBS@
+
+OBJS =
+SRCS = config_test.c
+
+SUBDIRS =
+TARGETS = config_test at EXEEXT@
+
+ at BIND9_MAKE_RULES@
+
+config_test at EXEEXT@: config_test. at O@ ${LWRESDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ config_test. at O@ ${LWRESLIBS} ${LIBS}
+
+unit::
+ sh ${top_srcdir}/unit/unittest.sh
+
+clean distclean::
+ rm -f ${TARGETS}
+ rm -f atf.out
Added: vendor/bind/dist/lib/lwres/tests/config_test.c
===================================================================
--- vendor/bind/dist/lib/lwres/tests/config_test.c (rev 0)
+++ vendor/bind/dist/lib/lwres/tests/config_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "../lwconfig.c"
+
+static void
+setup_test() {
+ /*
+ * atf-run changes us to a /tmp directory, so tests
+ * that access test data files must first chdir to the proper
+ * location.
+ */
+ ATF_CHECK(chdir(TESTS) != -1);
+}
+
+ATF_TC(parse_linklocal);
+ATF_TC_HEAD(parse_linklocal, tc) {
+ atf_tc_set_md_var(tc, "descr", "lwres_conf_parse link-local nameserver");
+}
+ATF_TC_BODY(parse_linklocal, tc) {
+ lwres_result_t result;
+ lwres_context_t *ctx = NULL;
+ unsigned char addr[16] = { 0xfe, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01 };
+
+ UNUSED(tc);
+
+ setup_test();
+
+ lwres_context_create(&ctx, NULL, NULL, NULL,
+ LWRES_CONTEXT_USEIPV4 | LWRES_CONTEXT_USEIPV6);
+ ATF_CHECK_EQ(ctx->confdata.nsnext, 0);
+ ATF_CHECK_EQ(ctx->confdata.nameservers[0].zone, 0);
+
+ result = lwres_conf_parse(ctx, "testdata/link-local.conf");
+ ATF_CHECK_EQ(result, LWRES_R_SUCCESS);
+ ATF_CHECK_EQ(ctx->confdata.nsnext, 1);
+ ATF_CHECK_EQ(ctx->confdata.nameservers[0].zone, 1);
+ ATF_CHECK_EQ(memcmp(ctx->confdata.nameservers[0].address, addr, 16), 0);
+ lwres_context_destroy(&ctx);
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+ ATF_TP_ADD_TC(tp, parse_linklocal);
+ return (atf_no_error());
+}
Added: vendor/bind/dist/lib/lwres/tests/testdata/link-local.conf
===================================================================
--- vendor/bind/dist/lib/lwres/tests/testdata/link-local.conf (rev 0)
+++ vendor/bind/dist/lib/lwres/tests/testdata/link-local.conf 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1 @@
+nameserver fe80::1%1
Modified: vendor/bind/dist/lib/lwres/unix/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/unix/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/unix/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/lwres/unix/include/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/unix/include/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/unix/include/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/lwres/unix/include/lwres/Makefile.in
===================================================================
--- vendor/bind/dist/lib/lwres/unix/include/lwres/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/unix/include/lwres/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/lib/lwres/unix/include/lwres/net.h
===================================================================
--- vendor/bind/dist/lib/lwres/unix/include/lwres/net.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/unix/include/lwres/net.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: net.h,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
#ifndef LWRES_NET_H
#define LWRES_NET_H 1
Modified: vendor/bind/dist/lib/lwres/version.c
===================================================================
--- vendor/bind/dist/lib/lwres/version.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/lib/lwres/version.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: version.c,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $ */
+/* $Id$ */
/*! \file */
Modified: vendor/bind/dist/make/Makefile.in
===================================================================
--- vendor/bind/dist/make/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/make/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/make/includes.in
===================================================================
--- vendor/bind/dist/make/includes.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/make/includes.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: includes.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id$
# Search for machine-generated header files in the build tree,
# and for normal headers in the source tree (${top_srcdir}).
Modified: vendor/bind/dist/make/mkdep.in
===================================================================
--- vendor/bind/dist/make/mkdep.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/make/mkdep.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -21,11 +21,7 @@
## 2. Redistributions in binary form must reproduce the above copyright
## notice, this list of conditions and the following disclaimer in the
## documentation and/or other materials provided with the distribution.
-## 3. All advertising materials mentioning features or use of this software
-## must display the following acknowledgement:
-## This product includes software developed by the University of
-## California, Berkeley and its contributors.
-## 4. Neither the name of the University nor the names of its contributors
+## 3. Neither the name of the University nor the names of its contributors
## may be used to endorse or promote products derived from this software
## without specific prior written permission.
## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
Modified: vendor/bind/dist/make/rules.in
===================================================================
--- vendor/bind/dist/make/rules.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/make/rules.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: rules.in,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $
+# $Id$
###
### Common Makefile rules for BIND 9.
@@ -303,6 +303,7 @@
LINK_PROGRAM = @LN_S@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_DATA = @INSTALL_DATA@
+INSTALL_LIBRARY = @INSTALL_LIBRARY@
###
### Programs used when generating documentation. It's ok for these
Modified: vendor/bind/dist/srcid
===================================================================
--- vendor/bind/dist/srcid 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/srcid 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1 +1 @@
-SRCID=de58cd1a
+SRCID=8fc2e361
Modified: vendor/bind/dist/unit/Makefile.in
===================================================================
--- vendor/bind/dist/unit/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.1.1 2013-01-30 01:45:01 laffer1 Exp $
+# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
Modified: vendor/bind/dist/unit/README
===================================================================
--- vendor/bind/dist/unit/README 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/README 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,2 +1,21 @@
These unit tests for BIND 9 are based on the NetBSD Automated Test Framework
-release 0.12.
+release 0.17.
+
+To build an external copy of ATF for use by BIND 9:
+
+ $ cd atf-src
+ $ configure --prefix=<prefix> --enable-tools --disable-shared
+ $ make
+ $ make install
+
+Subsequently, specify the ATF prefix when building BIND 9:
+
+ $ configure --with-atf=<prefix>
+
+ATF can also be built automatically during the BIND 9 build,
+by specifying --with-atf without an argument:
+
+ $ configure --with-atf
+
+This causes BIND 9 to build ATF in the atf-src directory and
+link to it directly.
Modified: vendor/bind/dist/unit/atf-src/AUTHORS
===================================================================
--- vendor/bind/dist/unit/atf-src/AUTHORS 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/AUTHORS 2016-11-03 12:20:06 UTC (rev 9200)
@@ -20,6 +20,11 @@
initial version of the atf-check utility and started the addition of the
ATF_REQUIRE family of macros in the C interface.
+* Paul Goyette <pgoyette at NetBSD.org>
+ Implemented timestamping of test programs and test cases so that
+ atf-report can provide timings for their execution.
+
+
===========================================================================
vim: filetype=text:textwidth=75:expandtab:shiftwidth=2:softtabstop=2
Modified: vendor/bind/dist/unit/atf-src/Atffile
===================================================================
--- vendor/bind/dist/unit/atf-src/Atffile 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -6,6 +6,7 @@
tp: atf-c++
tp: atf-sh
tp: test-programs
-tp: atf-config
-tp: atf-report
-tp: atf-run
+
+tp-glob: atf-config*
+tp-glob: atf-report*
+tp-glob: atf-run*
Modified: vendor/bind/dist/unit/atf-src/COPYING
===================================================================
--- vendor/bind/dist/unit/atf-src/COPYING 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/COPYING 2016-11-03 12:20:06 UTC (rev 9200)
@@ -5,7 +5,7 @@
License
*******
-Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+Copyright (c) 2007, 2008, 2009, 2010, 2011, 2012 The NetBSD Foundation, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -31,6 +31,36 @@
POSSIBILITY OF SUCH DAMAGE.
+Copyright 2011, 2012 Google Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+* Neither the name of Google Inc. nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+
Relicensed code
***************
Modified: vendor/bind/dist/unit/atf-src/INSTALL
===================================================================
--- vendor/bind/dist/unit/atf-src/INSTALL 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/INSTALL 2016-11-03 12:20:06 UTC (rev 9200)
@@ -40,18 +40,9 @@
* A make(1) utility.
If you are building ATF from the code on the repository, you will also need
-the following tools. The versions listed here are the ones used to build
-the files bundled in the last formal release, but these are not strictly
-required. Newer ones will most likely work and, maybe, some slightly older
-ones:
+to have GNU autoconf, automake and libtool installed.
-* GNU autoconf 2.68
-* GNU automake 1.11.1
-
-* GNU libtool 2.2.6b
-
-
Regenerating the build system
*****************************
@@ -186,26 +177,35 @@
and work directories for test cases. This is just a default and can be
overriden at run time.
+* GDB
+ Possible values: empty, absolute path to GNU GDB.
+ Default: empty.
+
+ Specifies the path to the GNU GDB binary that atf-run will use to gather
+ a stack trace of a crashing test program. If empty, the configure script
+ will try to find a suitable binary for you.
+
The following flags are specific to ATF's 'configure' script:
* --enable-developer
Possible values: yes, no
- Default: Depends on the version number. Stable versions define this to
- 'no' while all others have it set to 'yes'.
+ Default: 'yes' in Git HEAD builds; 'no' in formal releases.
- Enables several features useful for development, such as the inclusion of
- debugging symbols in all objects or the enabling of warnings during
- compilation.
+ Enables several features useful for development, such as the inclusion
+ of debugging symbols in all objects or the enforcement of compilation
+ warnings.
-* --enable-unstable-shared
+ The compiler will be executed with an exhaustive collection of warning
+ detection features regardless of the value of this flag. However, such
+ warnings are only fatal when --enable-developer is 'yes'.
+
+* --enable-tools
Possible values: yes, no
Default: no.
- Forces the building of shared libraries in addition to static ones. The
- build of shared libraries is currently disabled because their ABIs and
- APIs are unstable and subject to change. This flag is provided for
- development purposes only and will be removed once the libraries are
- stable enough.
+ Enables the build of the deprecated atf-config, atf-report, atf-run
+ and atf-version tools. atf-report and atf-run have been superseded by
+ Kyua, and atf-config and atf-version are unnecessary.
Post-installation steps
Added: vendor/bind/dist/unit/atf-src/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,18 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+include("atf-c/Kyuafile")
+include("atf-c++/Kyuafile")
+include("atf-sh/Kyuafile")
+include("test-programs/Kyuafile")
+
+if fs.exists("atf-config/Kyuafile") then
+ include("atf-config/Kyuafile")
+end
+if fs.exists("atf-report/Kyuafile") then
+ include("atf-report/Kyuafile")
+end
+if fs.exists("atf-run/Kyuafile") then
+ include("atf-run/Kyuafile")
+end
Modified: vendor/bind/dist/unit/atf-src/Makefile.am
===================================================================
--- vendor/bind/dist/unit/atf-src/Makefile.am 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/Makefile.am 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,7 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
+atf_aclocal_DATA =
BUILT_SOURCES =
CLEANFILES =
EXTRA_DIST =
@@ -38,21 +39,27 @@
man_MANS =
noinst_DATA =
noinst_LTLIBRARIES =
+INSTALLCHECK_TARGETS =
+PHONY_TARGETS =
ACLOCAL_AMFLAGS = -I m4
+AM_DISTCHECK_CONFIGURE_FLAGS = --enable-tools
include admin/Makefile.am.inc
include atf-c/Makefile.am.inc
include atf-c++/Makefile.am.inc
-include atf-config/Makefile.am.inc
-include atf-report/Makefile.am.inc
-include atf-run/Makefile.am.inc
include atf-sh/Makefile.am.inc
-include atf-version/Makefile.am.inc
include bootstrap/Makefile.am.inc
include doc/Makefile.am.inc
include test-programs/Makefile.am.inc
+if ENABLE_TOOLS
+include atf-report/Makefile.am.inc
+include atf-config/Makefile.am.inc
+include atf-run/Makefile.am.inc
+include atf-version/Makefile.am.inc
+endif
+
#
# Top-level distfile documents.
#
@@ -69,10 +76,11 @@
PKG_CONFIG_PATH=$(prefix)/lib/pkgconfig
testsdir = $(exec_prefix)/tests
-pkgtestsdir = $(testsdir)/atf
+pkgtestsdir = $(testsdir)/$(PACKAGE)
-installcheck-local: installcheck-atf
-.PHONY: installcheck-atf
+if ENABLE_TOOLS
+INSTALLCHECK_TARGETS += installcheck-atf
+PHONY_TARGETS += installcheck-atf
installcheck-atf:
logfile=$$(pwd)/installcheck.log; \
fifofile=$$(pwd)/installcheck.fifo; \
@@ -89,8 +97,23 @@
"installcheck.log; exit was $${res}"; \
test $${res} -eq 0
CLEANFILES += installcheck.fifo installcheck.log
+endif
-pkgtests_DATA = Atffile
+PHONY_TARGETS += installcheck-kyua
+if HAVE_KYUA
+if !ENABLE_TOOLS
+INSTALLCHECK_TARGETS += installcheck-kyua
+endif
+installcheck-kyua:
+ cd $(pkgtestsdir) && $(TESTS_ENVIRONMENT) $(KYUA) test
+endif
+
+installcheck-local: $(INSTALLCHECK_TARGETS)
+
+pkgtests_DATA = Kyuafile
+if ENABLE_TOOLS
+pkgtests_DATA += Atffile
+endif
EXTRA_DIST += $(pkgtests_DATA)
BUILD_SH_TP = \
@@ -103,19 +126,29 @@
# Custom targets.
#
-.PHONY: depend
-depend:
+dist-hook: forbid-dist
+if ENABLE_TOOLS
+forbid-dist:
+ @true
+else
+forbid-dist:
+ @echo "Sorry; cannot make dist without the tools enabled."
+ @echo "Please reconfigure with --enable-tools."
+ @false
+endif
-.PHONY: clean-all
+PHONY_TARGETS += clean-all
clean-all:
- MTN="$(MTN)" $(SH) $(srcdir)/admin/clean-all.sh
+ GIT="$(GIT)" $(SH) $(srcdir)/admin/clean-all.sh
-.PHONY: release
+PHONY_TARGETS += release
release:
$(SH) $(srcdir)/admin/release.sh $(PACKAGE_VERSION) $(DIST_ARCHIVES)
-.PHONY: release-test
+PHONY_TARGETS += release-test
release-test:
$(SH) $(srcdir)/admin/release-test.sh $(DIST_ARCHIVES)
+.PHONY: $(PHONY_TARGETS)
+
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
Modified: vendor/bind/dist/unit/atf-src/Makefile.in
===================================================================
--- vendor/bind/dist/unit/atf-src/Makefile.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/Makefile.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.12.2 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
+
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -17,7 +17,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -46,7 +46,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -75,7 +75,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -104,7 +104,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -133,7 +133,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -162,7 +162,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -191,7 +191,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -220,7 +220,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -249,7 +249,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -278,7 +278,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -307,7 +307,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -336,7 +336,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -365,7 +365,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -394,7 +394,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -425,9 +425,27 @@
VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@@ -443,9 +461,7 @@
build_triplet = @build@
host_triplet = @host@
target_triplet = @target@
-bin_PROGRAMS = atf-config/atf-config$(EXEEXT) \
- atf-report/atf-report$(EXEEXT) atf-run/atf-run$(EXEEXT) \
- atf-sh/atf-sh$(EXEEXT) atf-version/atf-version$(EXEEXT)
+bin_PROGRAMS = atf-sh/atf-sh$(EXEEXT) $(am__EXEEXT_1)
libexec_PROGRAMS = atf-sh/atf-check$(EXEEXT)
DIST_COMMON = README $(am__configure_deps) $(atf_c_HEADERS) \
$(atf_c___HEADERS) $(dist_man_MANS) $(include_HEADERS) \
@@ -463,10 +479,13 @@
$(srcdir)/bootstrap/Makefile.am.inc \
$(srcdir)/doc/Makefile.am.inc \
$(srcdir)/test-programs/Makefile.am.inc \
- $(top_srcdir)/atf-c/defs.h.in $(top_srcdir)/configure AUTHORS \
- COPYING INSTALL NEWS admin/compile admin/config.guess \
- admin/config.sub admin/depcomp admin/install-sh \
- admin/ltmain.sh admin/missing
+ $(top_srcdir)/admin/compile $(top_srcdir)/admin/config.guess \
+ $(top_srcdir)/admin/config.sub $(top_srcdir)/admin/depcomp \
+ $(top_srcdir)/admin/install-sh $(top_srcdir)/admin/ltmain.sh \
+ $(top_srcdir)/admin/missing $(top_srcdir)/atf-c/defs.h.in \
+ $(top_srcdir)/configure AUTHORS COPYING INSTALL NEWS TODO \
+ admin/compile admin/config.guess admin/config.sub \
+ admin/depcomp admin/install-sh admin/ltmain.sh admin/missing
tests_atf_c_PROGRAMS = atf-c/atf_c_test$(EXEEXT) \
atf-c/build_test$(EXEEXT) atf-c/check_test$(EXEEXT) \
atf-c/config_test$(EXEEXT) atf-c/error_test$(EXEEXT) \
@@ -474,7 +493,6 @@
atf-c/tp_test$(EXEEXT) atf-c/utils_test$(EXEEXT)
tests_atf_c_detail_PROGRAMS = atf-c/detail/dynstr_test$(EXEEXT) \
atf-c/detail/env_test$(EXEEXT) atf-c/detail/fs_test$(EXEEXT) \
- atf-c/detail/test_helpers_test$(EXEEXT) \
atf-c/detail/list_test$(EXEEXT) atf-c/detail/map_test$(EXEEXT) \
atf-c/detail/process_helpers$(EXEEXT) \
atf-c/detail/process_test$(EXEEXT) \
@@ -487,6 +505,7 @@
atf-c++/tests_test$(EXEEXT) atf-c++/utils_test$(EXEEXT)
tests_atf_c___detail_PROGRAMS = \
atf-c++/detail/application_test$(EXEEXT) \
+ atf-c++/detail/auto_array_test$(EXEEXT) \
atf-c++/detail/env_test$(EXEEXT) \
atf-c++/detail/exceptions_test$(EXEEXT) \
atf-c++/detail/expand_test$(EXEEXT) \
@@ -496,26 +515,62 @@
atf-c++/detail/sanity_test$(EXEEXT) \
atf-c++/detail/text_test$(EXEEXT) \
atf-c++/detail/ui_test$(EXEEXT)
-tests_atf_report_PROGRAMS = atf-report/fail_helper$(EXEEXT) \
- atf-report/misc_helpers$(EXEEXT) \
- atf-report/pass_helper$(EXEEXT) \
- atf-report/reader_test$(EXEEXT)
-tests_atf_run_PROGRAMS = atf-run/atffile_test$(EXEEXT) \
- atf-run/bad_metadata_helper$(EXEEXT) \
- atf-run/config_test$(EXEEXT) atf-run/expect_helpers$(EXEEXT) \
- atf-run/fs_test$(EXEEXT) atf-run/io_test$(EXEEXT) \
- atf-run/misc_helpers$(EXEEXT) atf-run/pass_helper$(EXEEXT) \
- atf-run/several_tcs_helper$(EXEEXT) \
- atf-run/requirements_test$(EXEEXT) \
- atf-run/signals_test$(EXEEXT) \
- atf-run/test_program_test$(EXEEXT) atf-run/user_test$(EXEEXT) \
- atf-run/zero_tcs_helper$(EXEEXT)
check_PROGRAMS = bootstrap/h_app_empty$(EXEEXT) \
bootstrap/h_app_opts_args$(EXEEXT) \
bootstrap/h_tp_basic_c$(EXEEXT) \
bootstrap/h_tp_basic_cpp$(EXEEXT)
+ at ENABLE_TOOLS_TRUE@am__append_1 = doc/atf.7
+ at ENABLE_TOOLS_TRUE@am__append_2 = doc/atf.7
+ at ENABLE_TOOLS_TRUE@am__append_3 = doc/atf.7.in
+ at ENABLE_TOOLS_TRUE@am__append_4 = doc/atf-formats.5 \
+ at ENABLE_TOOLS_TRUE@ atf-report/atf-report.1 \
+ at ENABLE_TOOLS_TRUE@ atf-config/atf-config.1 atf-run/atf-run.1 \
+ at ENABLE_TOOLS_TRUE@ atf-version/atf-version.1
tests_test_programs_PROGRAMS = test-programs/c_helpers$(EXEEXT) \
test-programs/cpp_helpers$(EXEEXT)
+ at ENABLE_TOOLS_TRUE@am__append_5 = atf-report/atf-report \
+ at ENABLE_TOOLS_TRUE@ atf-config/atf-config atf-run/atf-run \
+ at ENABLE_TOOLS_TRUE@ atf-version/atf-version
+ at ENABLE_TOOLS_TRUE@am__append_6 = $(css_DATA) $(dtd_DATA) $(xsl_DATA) \
+ at ENABLE_TOOLS_TRUE@ $(tests_atf_report_DATA) \
+ at ENABLE_TOOLS_TRUE@ atf-report/integration_test.sh \
+ at ENABLE_TOOLS_TRUE@ $(tests_atf_config_DATA) \
+ at ENABLE_TOOLS_TRUE@ atf-config/integration_test.sh \
+ at ENABLE_TOOLS_TRUE@ $(tests_atf_run_DATA) \
+ at ENABLE_TOOLS_TRUE@ atf-run/integration_test.sh $(hooks_DATA) \
+ at ENABLE_TOOLS_TRUE@ $(eg_DATA) atf-version/generate-revision.sh
+ at ENABLE_TOOLS_TRUE@tests_atf_report_PROGRAMS = \
+ at ENABLE_TOOLS_TRUE@ atf-report/fail_helper$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-report/misc_helpers$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-report/pass_helper$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-report/reader_test$(EXEEXT)
+ at ENABLE_TOOLS_TRUE@am__append_7 = atf-report/integration_test \
+ at ENABLE_TOOLS_TRUE@ atf-config/integration_test \
+ at ENABLE_TOOLS_TRUE@ atf-run/integration_test \
+ at ENABLE_TOOLS_TRUE@ atf-version/revision.h \
+ at ENABLE_TOOLS_TRUE@ atf-version/revision.h.stamp \
+ at ENABLE_TOOLS_TRUE@ installcheck.fifo installcheck.log
+ at ENABLE_TOOLS_TRUE@tests_atf_run_PROGRAMS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/atffile_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/bad_metadata_helper$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/config_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/expect_helpers$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/fs_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/io_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/misc_helpers$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/pass_helper$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/several_tcs_helper$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/requirements_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/test_program_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/user_test$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/zero_tcs_helper$(EXEEXT)
+ at ENABLE_TOOLS_TRUE@am__append_8 = atf-version/revision.h
+ at ENABLE_TOOLS_TRUE@am__append_9 = atf-version/revision.h.stamp \
+ at ENABLE_TOOLS_TRUE@ installcheck-atf
+ at ENABLE_TOOLS_TRUE@am__append_10 = installcheck-atf
+ at ENABLE_TOOLS_FALSE@@HAVE_KYUA_TRUE at am__append_11 = installcheck-kyua
+ at ENABLE_TOOLS_TRUE@am__append_12 = Atffile
subdir = .
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/compiler-flags.m4 \
@@ -536,12 +591,34 @@
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = bconfig.h
CONFIG_CLEAN_FILES = atf-c/defs.h
+CONFIG_CLEAN_VPATH_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
"$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(tests_atf_cdir)" \
"$(DESTDIR)$(tests_atf_c__dir)" \
@@ -557,12 +634,14 @@
"$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(man1dir)" \
"$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man4dir)" \
"$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)" \
+ "$(DESTDIR)$(atf_aclocaldir)" \
"$(DESTDIR)$(atf_c__dirpkgconfigdir)" \
"$(DESTDIR)$(atf_cpkgconfigdir)" "$(DESTDIR)$(atf_shdir)" \
- "$(DESTDIR)$(cssdir)" "$(DESTDIR)$(docdir)" \
- "$(DESTDIR)$(dtddir)" "$(DESTDIR)$(egdir)" \
- "$(DESTDIR)$(hooksdir)" "$(DESTDIR)$(pkgtestsdir)" \
- "$(DESTDIR)$(tests_atf_cdir)" "$(DESTDIR)$(tests_atf_c__dir)" \
+ "$(DESTDIR)$(atf_shpkgconfigdir)" "$(DESTDIR)$(cssdir)" \
+ "$(DESTDIR)$(docdir)" "$(DESTDIR)$(dtddir)" \
+ "$(DESTDIR)$(egdir)" "$(DESTDIR)$(hooksdir)" \
+ "$(DESTDIR)$(pkgtestsdir)" "$(DESTDIR)$(tests_atf_cdir)" \
+ "$(DESTDIR)$(tests_atf_c__dir)" \
"$(DESTDIR)$(tests_atf_c___detaildir)" \
"$(DESTDIR)$(tests_atf_c_detaildir)" \
"$(DESTDIR)$(tests_atf_configdir)" \
@@ -571,7 +650,6 @@
"$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(xsldir)" \
"$(DESTDIR)$(atf_cdir)" "$(DESTDIR)$(atf_c__dir)" \
"$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
atf_c___detail_libtest_helpers_la_LIBADD =
am__dirstamp = $(am__leading_dot)dirstamp
@@ -586,7 +664,7 @@
$(am_atf_c_detail_libtest_helpers_la_OBJECTS)
libatf_c___la_DEPENDENCIES = libatf-c.la
am_libatf_c___la_OBJECTS = atf-c++/build.lo atf-c++/check.lo \
- atf-c++/config.lo atf-c++/tests.lo \
+ atf-c++/config.lo atf-c++/tests.lo atf-c++/utils.lo \
atf-c++/detail/application.lo atf-c++/detail/env.lo \
atf-c++/detail/exceptions.lo atf-c++/detail/expand.lo \
atf-c++/detail/fs.lo atf-c++/detail/parser.lo \
@@ -593,6 +671,9 @@
atf-c++/detail/process.lo atf-c++/detail/text.lo \
atf-c++/detail/ui.lo
libatf_c___la_OBJECTS = $(am_libatf_c___la_OBJECTS)
+libatf_c___la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(libatf_c___la_LDFLAGS) $(LDFLAGS) -o $@
libatf_c_la_LIBADD =
am_libatf_c_la_OBJECTS = atf-c/libatf_c_la-build.lo \
atf-c/libatf_c_la-check.lo atf-c/libatf_c_la-config.lo \
@@ -610,15 +691,13 @@
nodist_libatf_c_la_OBJECTS =
libatf_c_la_OBJECTS = $(am_libatf_c_la_OBJECTS) \
$(nodist_libatf_c_la_OBJECTS)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-tests_atf_cPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-tests_atf_c__PROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-tests_atf_c___detailPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-tests_atf_c_detailPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-tests_atf_reportPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-tests_atf_runPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-tests_test_programsPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+libatf_c_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libatf_c_la_LDFLAGS) $(LDFLAGS) -o $@
+ at ENABLE_TOOLS_TRUE@am__EXEEXT_1 = atf-report/atf-report$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-config/atf-config$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf-run$(EXEEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-version/atf-version$(EXEEXT)
PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(tests_atf_c_PROGRAMS) \
$(tests_atf_c___PROGRAMS) $(tests_atf_c___detail_PROGRAMS) \
$(tests_atf_c_detail_PROGRAMS) $(tests_atf_report_PROGRAMS) \
@@ -626,87 +705,93 @@
am_atf_c___atf_c___test_OBJECTS = atf-c++/atf_c++_test.$(OBJEXT)
atf_c___atf_c___test_OBJECTS = $(am_atf_c___atf_c___test_OBJECTS)
atf_c___atf_c___test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
+ $(ATF_CXX_LIBS)
am_atf_c___build_test_OBJECTS = atf-c++/build_test.$(OBJEXT)
atf_c___build_test_OBJECTS = $(am_atf_c___build_test_OBJECTS)
atf_c___build_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
+ $(ATF_CXX_LIBS)
am_atf_c___check_test_OBJECTS = atf-c++/check_test.$(OBJEXT)
atf_c___check_test_OBJECTS = $(am_atf_c___check_test_OBJECTS)
atf_c___check_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
+ $(ATF_CXX_LIBS)
am_atf_c___config_test_OBJECTS = atf-c++/config_test.$(OBJEXT)
atf_c___config_test_OBJECTS = $(am_atf_c___config_test_OBJECTS)
atf_c___config_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
+ $(ATF_CXX_LIBS)
am_atf_c___detail_application_test_OBJECTS = \
atf-c++/detail/application_test.$(OBJEXT)
atf_c___detail_application_test_OBJECTS = \
$(am_atf_c___detail_application_test_OBJECTS)
atf_c___detail_application_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+am_atf_c___detail_auto_array_test_OBJECTS = \
+ atf-c++/detail/auto_array_test.$(OBJEXT)
+atf_c___detail_auto_array_test_OBJECTS = \
+ $(am_atf_c___detail_auto_array_test_OBJECTS)
+atf_c___detail_auto_array_test_DEPENDENCIES = \
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_env_test_OBJECTS = \
atf-c++/detail/env_test.$(OBJEXT)
atf_c___detail_env_test_OBJECTS = \
$(am_atf_c___detail_env_test_OBJECTS)
atf_c___detail_env_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_exceptions_test_OBJECTS = \
atf-c++/detail/exceptions_test.$(OBJEXT)
atf_c___detail_exceptions_test_OBJECTS = \
$(am_atf_c___detail_exceptions_test_OBJECTS)
atf_c___detail_exceptions_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_expand_test_OBJECTS = \
atf-c++/detail/expand_test.$(OBJEXT)
atf_c___detail_expand_test_OBJECTS = \
$(am_atf_c___detail_expand_test_OBJECTS)
atf_c___detail_expand_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_fs_test_OBJECTS = atf-c++/detail/fs_test.$(OBJEXT)
atf_c___detail_fs_test_OBJECTS = $(am_atf_c___detail_fs_test_OBJECTS)
atf_c___detail_fs_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_parser_test_OBJECTS = \
atf-c++/detail/parser_test.$(OBJEXT)
atf_c___detail_parser_test_OBJECTS = \
$(am_atf_c___detail_parser_test_OBJECTS)
atf_c___detail_parser_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_process_test_OBJECTS = \
atf-c++/detail/process_test.$(OBJEXT)
atf_c___detail_process_test_OBJECTS = \
$(am_atf_c___detail_process_test_OBJECTS)
atf_c___detail_process_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_sanity_test_OBJECTS = \
atf-c++/detail/sanity_test.$(OBJEXT)
atf_c___detail_sanity_test_OBJECTS = \
$(am_atf_c___detail_sanity_test_OBJECTS)
atf_c___detail_sanity_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_text_test_OBJECTS = \
atf-c++/detail/text_test.$(OBJEXT)
atf_c___detail_text_test_OBJECTS = \
$(am_atf_c___detail_text_test_OBJECTS)
atf_c___detail_text_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___detail_ui_test_OBJECTS = atf-c++/detail/ui_test.$(OBJEXT)
atf_c___detail_ui_test_OBJECTS = $(am_atf_c___detail_ui_test_OBJECTS)
atf_c___detail_ui_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
+ atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
am_atf_c___macros_test_OBJECTS = atf-c++/macros_test.$(OBJEXT)
atf_c___macros_test_OBJECTS = $(am_atf_c___macros_test_OBJECTS)
atf_c___macros_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
+ $(ATF_CXX_LIBS)
am_atf_c___tests_test_OBJECTS = atf-c++/tests_test.$(OBJEXT)
atf_c___tests_test_OBJECTS = $(am_atf_c___tests_test_OBJECTS)
atf_c___tests_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
+ $(ATF_CXX_LIBS)
am_atf_c___utils_test_OBJECTS = atf-c++/utils_test.$(OBJEXT)
atf_c___utils_test_OBJECTS = $(am_atf_c___utils_test_OBJECTS)
atf_c___utils_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
+ $(ATF_CXX_LIBS)
am_atf_c_atf_c_test_OBJECTS = atf-c/atf_c_test.$(OBJEXT)
atf_c_atf_c_test_OBJECTS = $(am_atf_c_atf_c_test_OBJECTS)
atf_c_atf_c_test_DEPENDENCIES = atf-c/detail/libtest_helpers.la \
@@ -762,12 +847,6 @@
$(am_atf_c_detail_sanity_test_OBJECTS)
atf_c_detail_sanity_test_DEPENDENCIES = \
atf-c/detail/libtest_helpers.la libatf-c.la
-am_atf_c_detail_test_helpers_test_OBJECTS = \
- atf-c/detail/test_helpers_test.$(OBJEXT)
-atf_c_detail_test_helpers_test_OBJECTS = \
- $(am_atf_c_detail_test_helpers_test_OBJECTS)
-atf_c_detail_test_helpers_test_DEPENDENCIES = \
- atf-c/detail/libtest_helpers.la libatf-c.la
am_atf_c_detail_text_test_OBJECTS = atf-c/detail/text_test.$(OBJEXT)
atf_c_detail_text_test_OBJECTS = $(am_atf_c_detail_text_test_OBJECTS)
atf_c_detail_text_test_DEPENDENCIES = atf-c/detail/libtest_helpers.la \
@@ -796,131 +875,206 @@
atf_c_utils_test_OBJECTS = $(am_atf_c_utils_test_OBJECTS)
atf_c_utils_test_DEPENDENCIES = atf-c/detail/libtest_helpers.la \
libatf-c.la
-am_atf_config_atf_config_OBJECTS = atf-config/atf-config.$(OBJEXT)
+am__atf_config_atf_config_SOURCES_DIST = atf-config/atf-config.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_config_atf_config_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-config/atf-config.$(OBJEXT)
atf_config_atf_config_OBJECTS = $(am_atf_config_atf_config_OBJECTS)
-atf_config_atf_config_DEPENDENCIES = libatf-c++.la
-am_atf_report_atf_report_OBJECTS = atf-report/atf-report.$(OBJEXT) \
- atf-report/reader.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_config_atf_config_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_report_atf_report_SOURCES_DIST = atf-report/atf-report.cpp \
+ atf-report/reader.cpp atf-report/reader.hpp
+ at ENABLE_TOOLS_TRUE@am_atf_report_atf_report_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-report/atf-report.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-report/reader.$(OBJEXT)
atf_report_atf_report_OBJECTS = $(am_atf_report_atf_report_OBJECTS)
-atf_report_atf_report_DEPENDENCIES = libatf-c++.la
-am_atf_report_fail_helper_OBJECTS = atf-report/fail_helper.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_report_atf_report_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_report_fail_helper_SOURCES_DIST = atf-report/fail_helper.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_report_fail_helper_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-report/fail_helper.$(OBJEXT)
atf_report_fail_helper_OBJECTS = $(am_atf_report_fail_helper_OBJECTS)
-atf_report_fail_helper_DEPENDENCIES = libatf-c++.la
-am_atf_report_misc_helpers_OBJECTS = \
- atf-report/misc_helpers.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_report_fail_helper_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_report_misc_helpers_SOURCES_DIST = \
+ atf-report/misc_helpers.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_report_misc_helpers_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-report/misc_helpers.$(OBJEXT)
atf_report_misc_helpers_OBJECTS = \
$(am_atf_report_misc_helpers_OBJECTS)
-atf_report_misc_helpers_DEPENDENCIES = libatf-c++.la
-am_atf_report_pass_helper_OBJECTS = atf-report/pass_helper.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_report_misc_helpers_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_report_pass_helper_SOURCES_DIST = atf-report/pass_helper.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_report_pass_helper_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-report/pass_helper.$(OBJEXT)
atf_report_pass_helper_OBJECTS = $(am_atf_report_pass_helper_OBJECTS)
-atf_report_pass_helper_DEPENDENCIES = libatf-c++.la
-am_atf_report_reader_test_OBJECTS = \
- atf-report/atf_report_reader_test-reader_test.$(OBJEXT) \
- atf-report/atf_report_reader_test-reader.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_report_pass_helper_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_report_reader_test_SOURCES_DIST = atf-report/reader_test.cpp \
+ atf-report/reader.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_report_reader_test_OBJECTS = atf-report/atf_report_reader_test-reader_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-report/atf_report_reader_test-reader.$(OBJEXT)
atf_report_reader_test_OBJECTS = $(am_atf_report_reader_test_OBJECTS)
-atf_report_reader_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
-am_atf_run_atf_run_OBJECTS = atf-run/atf-run.$(OBJEXT) \
- atf-run/atffile.$(OBJEXT) atf-run/config.$(OBJEXT) \
- atf-run/fs.$(OBJEXT) atf-run/io.$(OBJEXT) \
- atf-run/requirements.$(OBJEXT) atf-run/signals.$(OBJEXT) \
- atf-run/test-program.$(OBJEXT) atf-run/timer.$(OBJEXT) \
- atf-run/user.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_report_reader_test_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ atf-c++/detail/libtest_helpers.la \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_atf_run_SOURCES_DIST = atf-run/atf-run.cpp \
+ atf-run/atffile.cpp atf-run/atffile.hpp atf-run/config.cpp \
+ atf-run/config.hpp atf-run/fs.cpp atf-run/fs.hpp \
+ atf-run/io.cpp atf-run/io.hpp atf-run/requirements.cpp \
+ atf-run/requirements.hpp atf-run/signals.cpp \
+ atf-run/signals.hpp atf-run/test-program.cpp \
+ atf-run/test-program.hpp atf-run/timer.cpp atf-run/timer.hpp \
+ atf-run/user.cpp atf-run/user.hpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_atf_run_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-atf-run.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-atffile.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-config.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-fs.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-io.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-requirements.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-signals.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-test-program.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-timer.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atf_run-user.$(OBJEXT)
atf_run_atf_run_OBJECTS = $(am_atf_run_atf_run_OBJECTS)
-atf_run_atf_run_DEPENDENCIES = libatf-c++.la
-am_atf_run_atffile_test_OBJECTS = \
- atf-run/atf_run_atffile_test-atffile_test.$(OBJEXT) \
- atf-run/atf_run_atffile_test-atffile.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_atf_run_DEPENDENCIES = $(ATF_CXX_LIBS)
+am__atf_run_atffile_test_SOURCES_DIST = atf-run/atffile_test.cpp \
+ atf-run/atffile.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_atffile_test_OBJECTS = atf-run/atf_run_atffile_test-atffile_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_atffile_test-atffile.$(OBJEXT)
atf_run_atffile_test_OBJECTS = $(am_atf_run_atffile_test_OBJECTS)
-atf_run_atffile_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
-am_atf_run_bad_metadata_helper_OBJECTS = \
- atf-run/bad_metadata_helper.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_atffile_test_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ atf-c++/detail/libtest_helpers.la \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_bad_metadata_helper_SOURCES_DIST = \
+ atf-run/bad_metadata_helper.c
+ at ENABLE_TOOLS_TRUE@am_atf_run_bad_metadata_helper_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/bad_metadata_helper.$(OBJEXT)
atf_run_bad_metadata_helper_OBJECTS = \
$(am_atf_run_bad_metadata_helper_OBJECTS)
-atf_run_bad_metadata_helper_DEPENDENCIES = libatf-c.la
-am_atf_run_config_test_OBJECTS = \
- atf-run/atf_run_config_test-config_test.$(OBJEXT) \
- atf-run/atf_run_config_test-config.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_bad_metadata_helper_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ libatf-c.la
+am__atf_run_config_test_SOURCES_DIST = atf-run/config_test.cpp \
+ atf-run/config.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_config_test_OBJECTS = atf-run/atf_run_config_test-config_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_config_test-config.$(OBJEXT)
atf_run_config_test_OBJECTS = $(am_atf_run_config_test_OBJECTS)
-atf_run_config_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
-am_atf_run_expect_helpers_OBJECTS = atf-run/expect_helpers.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_config_test_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ atf-c++/detail/libtest_helpers.la \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_expect_helpers_SOURCES_DIST = atf-run/expect_helpers.c
+ at ENABLE_TOOLS_TRUE@am_atf_run_expect_helpers_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/expect_helpers.$(OBJEXT)
atf_run_expect_helpers_OBJECTS = $(am_atf_run_expect_helpers_OBJECTS)
-atf_run_expect_helpers_DEPENDENCIES = libatf-c.la
-am_atf_run_fs_test_OBJECTS = atf-run/fs_test.$(OBJEXT) \
- atf-run/fs.$(OBJEXT) atf-run/user.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_expect_helpers_DEPENDENCIES = libatf-c.la
+am__atf_run_fs_test_SOURCES_DIST = atf-run/fs_test.cpp atf-run/fs.cpp \
+ atf-run/user.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_fs_test_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/fs_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/fs.$(OBJEXT) atf-run/user.$(OBJEXT)
atf_run_fs_test_OBJECTS = $(am_atf_run_fs_test_OBJECTS)
-atf_run_fs_test_DEPENDENCIES = libatf-c++.la
-am_atf_run_io_test_OBJECTS = atf-run/io_test.$(OBJEXT) \
- atf-run/io.$(OBJEXT) atf-run/signals.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_fs_test_DEPENDENCIES = $(ATF_CXX_LIBS)
+am__atf_run_io_test_SOURCES_DIST = atf-run/io_test.cpp atf-run/io.cpp \
+ atf-run/signals.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_io_test_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/io_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/io.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals.$(OBJEXT)
atf_run_io_test_OBJECTS = $(am_atf_run_io_test_OBJECTS)
-atf_run_io_test_DEPENDENCIES = atf-c++/detail/libtest_helpers.la \
- libatf-c++.la
-am_atf_run_misc_helpers_OBJECTS = atf-run/misc_helpers.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_io_test_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ atf-c++/detail/libtest_helpers.la \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_misc_helpers_SOURCES_DIST = atf-run/misc_helpers.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_misc_helpers_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/misc_helpers.$(OBJEXT)
atf_run_misc_helpers_OBJECTS = $(am_atf_run_misc_helpers_OBJECTS)
-atf_run_misc_helpers_DEPENDENCIES = libatf-c++.la
-am_atf_run_pass_helper_OBJECTS = atf-run/pass_helper.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_misc_helpers_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_pass_helper_SOURCES_DIST = atf-run/pass_helper.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_pass_helper_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/pass_helper.$(OBJEXT)
atf_run_pass_helper_OBJECTS = $(am_atf_run_pass_helper_OBJECTS)
-atf_run_pass_helper_DEPENDENCIES = libatf-c++.la
-am_atf_run_requirements_test_OBJECTS = \
- atf-run/requirements_test.$(OBJEXT) \
- atf-run/requirements.$(OBJEXT) atf-run/user.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_pass_helper_DEPENDENCIES = $(ATF_CXX_LIBS)
+am__atf_run_requirements_test_SOURCES_DIST = \
+ atf-run/requirements_test.cpp atf-run/requirements.cpp \
+ atf-run/user.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_requirements_test_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/requirements_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/requirements.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/user.$(OBJEXT)
atf_run_requirements_test_OBJECTS = \
$(am_atf_run_requirements_test_OBJECTS)
-atf_run_requirements_test_DEPENDENCIES = libatf-c++.la
-am_atf_run_several_tcs_helper_OBJECTS = \
- atf-run/several_tcs_helper.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_requirements_test_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_several_tcs_helper_SOURCES_DIST = \
+ atf-run/several_tcs_helper.c
+ at ENABLE_TOOLS_TRUE@am_atf_run_several_tcs_helper_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/several_tcs_helper.$(OBJEXT)
atf_run_several_tcs_helper_OBJECTS = \
$(am_atf_run_several_tcs_helper_OBJECTS)
-atf_run_several_tcs_helper_DEPENDENCIES = libatf-c.la
-am_atf_run_signals_test_OBJECTS = atf-run/signals_test.$(OBJEXT) \
- atf-run/signals.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_several_tcs_helper_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ libatf-c.la
+am__atf_run_signals_test_SOURCES_DIST = atf-run/signals_test.cpp \
+ atf-run/signals.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_signals_test_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals.$(OBJEXT)
atf_run_signals_test_OBJECTS = $(am_atf_run_signals_test_OBJECTS)
-atf_run_signals_test_DEPENDENCIES = libatf-c++.la
-am_atf_run_test_program_test_OBJECTS = \
- atf-run/atf_run_test_program_test-test_program_test.$(OBJEXT) \
- atf-run/atf_run_test_program_test-fs.$(OBJEXT) \
- atf-run/atf_run_test_program_test-io.$(OBJEXT) \
- atf-run/atf_run_test_program_test-requirements.$(OBJEXT) \
- atf-run/atf_run_test_program_test-signals.$(OBJEXT) \
- atf-run/atf_run_test_program_test-test-program.$(OBJEXT) \
- atf-run/atf_run_test_program_test-timer.$(OBJEXT) \
- atf-run/atf_run_test_program_test-user.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_signals_test_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_test_program_test_SOURCES_DIST = \
+ atf-run/test_program_test.cpp atf-run/fs.cpp atf-run/io.cpp \
+ atf-run/requirements.cpp atf-run/signals.cpp \
+ atf-run/test-program.cpp atf-run/timer.cpp atf-run/user.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_test_program_test_OBJECTS = atf-run/atf_run_test_program_test-test_program_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_test_program_test-fs.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_test_program_test-io.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_test_program_test-requirements.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_test_program_test-signals.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_test_program_test-test-program.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_test_program_test-timer.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/atf_run_test_program_test-user.$(OBJEXT)
atf_run_test_program_test_OBJECTS = \
$(am_atf_run_test_program_test_OBJECTS)
-atf_run_test_program_test_DEPENDENCIES = \
- atf-c++/detail/libtest_helpers.la libatf-c++.la
-am_atf_run_user_test_OBJECTS = atf-run/user_test.$(OBJEXT) \
- atf-run/user.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_test_program_test_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ atf-c++/detail/libtest_helpers.la \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
+am__atf_run_user_test_SOURCES_DIST = atf-run/user_test.cpp \
+ atf-run/user.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_run_user_test_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/user_test.$(OBJEXT) \
+ at ENABLE_TOOLS_TRUE@ atf-run/user.$(OBJEXT)
atf_run_user_test_OBJECTS = $(am_atf_run_user_test_OBJECTS)
-atf_run_user_test_DEPENDENCIES = libatf-c++.la
-am_atf_run_zero_tcs_helper_OBJECTS = \
- atf-run/zero_tcs_helper.$(OBJEXT)
+ at ENABLE_TOOLS_TRUE@atf_run_user_test_DEPENDENCIES = $(ATF_CXX_LIBS)
+am__atf_run_zero_tcs_helper_SOURCES_DIST = atf-run/zero_tcs_helper.c
+ at ENABLE_TOOLS_TRUE@am_atf_run_zero_tcs_helper_OBJECTS = \
+ at ENABLE_TOOLS_TRUE@ atf-run/zero_tcs_helper.$(OBJEXT)
atf_run_zero_tcs_helper_OBJECTS = \
$(am_atf_run_zero_tcs_helper_OBJECTS)
-atf_run_zero_tcs_helper_DEPENDENCIES = libatf-c.la
+ at ENABLE_TOOLS_TRUE@atf_run_zero_tcs_helper_DEPENDENCIES = libatf-c.la
am_atf_sh_atf_check_OBJECTS = atf-sh/atf-check.$(OBJEXT)
atf_sh_atf_check_OBJECTS = $(am_atf_sh_atf_check_OBJECTS)
-atf_sh_atf_check_DEPENDENCIES = libatf-c++.la
+atf_sh_atf_check_DEPENDENCIES = $(ATF_CXX_LIBS)
am_atf_sh_atf_sh_OBJECTS = atf-sh/atf-sh.$(OBJEXT)
atf_sh_atf_sh_OBJECTS = $(am_atf_sh_atf_sh_OBJECTS)
-atf_sh_atf_sh_DEPENDENCIES = libatf-c++.la
-am_atf_version_atf_version_OBJECTS = \
- atf-version/atf_version_atf_version-atf-version.$(OBJEXT)
+atf_sh_atf_sh_DEPENDENCIES = $(ATF_CXX_LIBS)
+am__atf_version_atf_version_SOURCES_DIST = \
+ atf-version/atf-version.cpp
+ at ENABLE_TOOLS_TRUE@am_atf_version_atf_version_OBJECTS = atf-version/atf_version_atf_version-atf-version.$(OBJEXT)
nodist_atf_version_atf_version_OBJECTS =
atf_version_atf_version_OBJECTS = \
$(am_atf_version_atf_version_OBJECTS) \
$(nodist_atf_version_atf_version_OBJECTS)
-atf_version_atf_version_DEPENDENCIES = libatf-c++.la
+ at ENABLE_TOOLS_TRUE@atf_version_atf_version_DEPENDENCIES = \
+ at ENABLE_TOOLS_TRUE@ $(ATF_CXX_LIBS)
am_bootstrap_h_app_empty_OBJECTS = bootstrap/h_app_empty.$(OBJEXT)
bootstrap_h_app_empty_OBJECTS = $(am_bootstrap_h_app_empty_OBJECTS)
-bootstrap_h_app_empty_DEPENDENCIES = libatf-c++.la
+bootstrap_h_app_empty_DEPENDENCIES = $(ATF_CXX_LIBS)
am_bootstrap_h_app_opts_args_OBJECTS = \
bootstrap/h_app_opts_args.$(OBJEXT)
bootstrap_h_app_opts_args_OBJECTS = \
$(am_bootstrap_h_app_opts_args_OBJECTS)
-bootstrap_h_app_opts_args_DEPENDENCIES = libatf-c++.la
+bootstrap_h_app_opts_args_DEPENDENCIES = $(ATF_CXX_LIBS)
am_bootstrap_h_tp_basic_c_OBJECTS = bootstrap/h_tp_basic_c.$(OBJEXT)
bootstrap_h_tp_basic_c_OBJECTS = $(am_bootstrap_h_tp_basic_c_OBJECTS)
bootstrap_h_tp_basic_c_DEPENDENCIES = libatf-c.la
@@ -928,7 +1082,7 @@
bootstrap/h_tp_basic_cpp.$(OBJEXT)
bootstrap_h_tp_basic_cpp_OBJECTS = \
$(am_bootstrap_h_tp_basic_cpp_OBJECTS)
-bootstrap_h_tp_basic_cpp_DEPENDENCIES = libatf-c++.la
+bootstrap_h_tp_basic_cpp_DEPENDENCIES = $(ATF_CXX_LIBS)
am_test_programs_c_helpers_OBJECTS = \
test-programs/c_helpers.$(OBJEXT)
test_programs_c_helpers_OBJECTS = \
@@ -938,14 +1092,7 @@
test-programs/cpp_helpers.$(OBJEXT)
test_programs_cpp_helpers_OBJECTS = \
$(am_test_programs_cpp_helpers_OBJECTS)
-test_programs_cpp_helpers_DEPENDENCIES = libatf-c++.la
-tests_atf_cSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-tests_atf_c__SCRIPT_INSTALL = $(INSTALL_SCRIPT)
-tests_atf_configSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-tests_atf_reportSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-tests_atf_runSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-tests_atf_shSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-tests_test_programsSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+test_programs_cpp_helpers_DEPENDENCIES = $(ATF_CXX_LIBS)
SCRIPTS = $(tests_atf_c_SCRIPTS) $(tests_atf_c___SCRIPTS) \
$(tests_atf_config_SCRIPTS) $(tests_atf_report_SCRIPTS) \
$(tests_atf_run_SCRIPTS) $(tests_atf_sh_SCRIPTS) \
@@ -953,6 +1100,7 @@
DEFAULT_INCLUDES = -I. at am__isrc@
depcomp = $(SHELL) $(top_srcdir)/admin/depcomp
am__depfiles_maybe = depfiles
+am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
@@ -978,6 +1126,7 @@
$(atf_c___build_test_SOURCES) $(atf_c___check_test_SOURCES) \
$(atf_c___config_test_SOURCES) \
$(atf_c___detail_application_test_SOURCES) \
+ $(atf_c___detail_auto_array_test_SOURCES) \
$(atf_c___detail_env_test_SOURCES) \
$(atf_c___detail_exceptions_test_SOURCES) \
$(atf_c___detail_expand_test_SOURCES) \
@@ -999,7 +1148,6 @@
$(atf_c_detail_process_helpers_SOURCES) \
$(atf_c_detail_process_test_SOURCES) \
$(atf_c_detail_sanity_test_SOURCES) \
- $(atf_c_detail_test_helpers_test_SOURCES) \
$(atf_c_detail_text_test_SOURCES) \
$(atf_c_detail_user_test_SOURCES) $(atf_c_error_test_SOURCES) \
$(atf_c_macros_test_SOURCES) $(atf_c_tc_test_SOURCES) \
@@ -1036,6 +1184,7 @@
$(atf_c___atf_c___test_SOURCES) $(atf_c___build_test_SOURCES) \
$(atf_c___check_test_SOURCES) $(atf_c___config_test_SOURCES) \
$(atf_c___detail_application_test_SOURCES) \
+ $(atf_c___detail_auto_array_test_SOURCES) \
$(atf_c___detail_env_test_SOURCES) \
$(atf_c___detail_exceptions_test_SOURCES) \
$(atf_c___detail_expand_test_SOURCES) \
@@ -1057,30 +1206,33 @@
$(atf_c_detail_process_helpers_SOURCES) \
$(atf_c_detail_process_test_SOURCES) \
$(atf_c_detail_sanity_test_SOURCES) \
- $(atf_c_detail_test_helpers_test_SOURCES) \
$(atf_c_detail_text_test_SOURCES) \
$(atf_c_detail_user_test_SOURCES) $(atf_c_error_test_SOURCES) \
$(atf_c_macros_test_SOURCES) $(atf_c_tc_test_SOURCES) \
$(atf_c_tp_test_SOURCES) $(atf_c_utils_test_SOURCES) \
- $(atf_config_atf_config_SOURCES) \
- $(atf_report_atf_report_SOURCES) \
- $(atf_report_fail_helper_SOURCES) \
- $(atf_report_misc_helpers_SOURCES) \
- $(atf_report_pass_helper_SOURCES) \
- $(atf_report_reader_test_SOURCES) $(atf_run_atf_run_SOURCES) \
- $(atf_run_atffile_test_SOURCES) \
- $(atf_run_bad_metadata_helper_SOURCES) \
- $(atf_run_config_test_SOURCES) \
- $(atf_run_expect_helpers_SOURCES) $(atf_run_fs_test_SOURCES) \
- $(atf_run_io_test_SOURCES) $(atf_run_misc_helpers_SOURCES) \
- $(atf_run_pass_helper_SOURCES) \
- $(atf_run_requirements_test_SOURCES) \
- $(atf_run_several_tcs_helper_SOURCES) \
- $(atf_run_signals_test_SOURCES) \
- $(atf_run_test_program_test_SOURCES) \
- $(atf_run_user_test_SOURCES) \
- $(atf_run_zero_tcs_helper_SOURCES) $(atf_sh_atf_check_SOURCES) \
- $(atf_sh_atf_sh_SOURCES) $(atf_version_atf_version_SOURCES) \
+ $(am__atf_config_atf_config_SOURCES_DIST) \
+ $(am__atf_report_atf_report_SOURCES_DIST) \
+ $(am__atf_report_fail_helper_SOURCES_DIST) \
+ $(am__atf_report_misc_helpers_SOURCES_DIST) \
+ $(am__atf_report_pass_helper_SOURCES_DIST) \
+ $(am__atf_report_reader_test_SOURCES_DIST) \
+ $(am__atf_run_atf_run_SOURCES_DIST) \
+ $(am__atf_run_atffile_test_SOURCES_DIST) \
+ $(am__atf_run_bad_metadata_helper_SOURCES_DIST) \
+ $(am__atf_run_config_test_SOURCES_DIST) \
+ $(am__atf_run_expect_helpers_SOURCES_DIST) \
+ $(am__atf_run_fs_test_SOURCES_DIST) \
+ $(am__atf_run_io_test_SOURCES_DIST) \
+ $(am__atf_run_misc_helpers_SOURCES_DIST) \
+ $(am__atf_run_pass_helper_SOURCES_DIST) \
+ $(am__atf_run_requirements_test_SOURCES_DIST) \
+ $(am__atf_run_several_tcs_helper_SOURCES_DIST) \
+ $(am__atf_run_signals_test_SOURCES_DIST) \
+ $(am__atf_run_test_program_test_SOURCES_DIST) \
+ $(am__atf_run_user_test_SOURCES_DIST) \
+ $(am__atf_run_zero_tcs_helper_SOURCES_DIST) \
+ $(atf_sh_atf_check_SOURCES) $(atf_sh_atf_sh_SOURCES) \
+ $(am__atf_version_atf_version_SOURCES_DIST) \
$(bootstrap_h_app_empty_SOURCES) \
$(bootstrap_h_app_opts_args_SOURCES) \
$(bootstrap_h_tp_basic_c_SOURCES) \
@@ -1087,6 +1239,11 @@
$(bootstrap_h_tp_basic_cpp_SOURCES) \
$(test_programs_c_helpers_SOURCES) \
$(test_programs_cpp_helpers_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
man1dir = $(mandir)/man1
man3dir = $(mandir)/man3
man4dir = $(mandir)/man4
@@ -1094,49 +1251,35 @@
man7dir = $(mandir)/man7
NROFF = nroff
MANS = $(dist_man_MANS) $(man_MANS)
-atf_c__dirpkgconfigDATA_INSTALL = $(INSTALL_DATA)
-atf_cpkgconfigDATA_INSTALL = $(INSTALL_DATA)
-atf_shDATA_INSTALL = $(INSTALL_DATA)
-cssDATA_INSTALL = $(INSTALL_DATA)
-docDATA_INSTALL = $(INSTALL_DATA)
-dtdDATA_INSTALL = $(INSTALL_DATA)
-egDATA_INSTALL = $(INSTALL_DATA)
-hooksDATA_INSTALL = $(INSTALL_DATA)
-pkgtestsDATA_INSTALL = $(INSTALL_DATA)
-tests_atf_cDATA_INSTALL = $(INSTALL_DATA)
-tests_atf_c__DATA_INSTALL = $(INSTALL_DATA)
-tests_atf_c___detailDATA_INSTALL = $(INSTALL_DATA)
-tests_atf_c_detailDATA_INSTALL = $(INSTALL_DATA)
-tests_atf_configDATA_INSTALL = $(INSTALL_DATA)
-tests_atf_reportDATA_INSTALL = $(INSTALL_DATA)
-tests_atf_runDATA_INSTALL = $(INSTALL_DATA)
-tests_atf_shDATA_INSTALL = $(INSTALL_DATA)
-tests_test_programsDATA_INSTALL = $(INSTALL_DATA)
-xslDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(atf_c__dirpkgconfig_DATA) $(atf_cpkgconfig_DATA) \
- $(atf_sh_DATA) $(css_DATA) $(doc_DATA) $(dtd_DATA) $(eg_DATA) \
- $(hooks_DATA) $(noinst_DATA) $(pkgtests_DATA) \
- $(tests_atf_c_DATA) $(tests_atf_c___DATA) \
- $(tests_atf_c___detail_DATA) $(tests_atf_c_detail_DATA) \
- $(tests_atf_config_DATA) $(tests_atf_report_DATA) \
- $(tests_atf_run_DATA) $(tests_atf_sh_DATA) \
- $(tests_test_programs_DATA) $(xsl_DATA)
-atf_cHEADERS_INSTALL = $(INSTALL_HEADER)
-atf_c__HEADERS_INSTALL = $(INSTALL_HEADER)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
+DATA = $(atf_aclocal_DATA) $(atf_c__dirpkgconfig_DATA) \
+ $(atf_cpkgconfig_DATA) $(atf_sh_DATA) $(atf_shpkgconfig_DATA) \
+ $(css_DATA) $(doc_DATA) $(dtd_DATA) $(eg_DATA) $(hooks_DATA) \
+ $(noinst_DATA) $(pkgtests_DATA) $(tests_atf_c_DATA) \
+ $(tests_atf_c___DATA) $(tests_atf_c___detail_DATA) \
+ $(tests_atf_c_detail_DATA) $(tests_atf_config_DATA) \
+ $(tests_atf_report_DATA) $(tests_atf_run_DATA) \
+ $(tests_atf_sh_DATA) $(tests_test_programs_DATA) $(xsl_DATA)
HEADERS = $(atf_c_HEADERS) $(atf_c___HEADERS) $(include_HEADERS)
ETAGS = etags
CTAGS = ctags
+CSCOPE = cscope
+AM_RECURSIVE_TARGETS = cscope
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
- { test ! -d $(distdir) \
- || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
- && rm -fr $(distdir); }; }
+ if test -d "$(distdir)"; then \
+ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -rf "$(distdir)" \
+ || { sleep 5 && rm -rf "$(distdir)"; }; \
+ else :; fi
+am__post_remove_distdir = $(am__remove_distdir)
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
+DIST_TARGETS = dist-gzip
distuninstallcheck_listfiles = find . -type f -print
+am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
+ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -1150,7 +1293,9 @@
ATF_CONFSUBDIR = @ATF_CONFSUBDIR@
ATF_SHELL = @ATF_SHELL@
ATF_WORKDIR = @ATF_WORKDIR@
+ATTRIBUTE_FORMAT_PRINTF = @ATTRIBUTE_FORMAT_PRINTF@
ATTRIBUTE_NORETURN = @ATTRIBUTE_NORETURN@
+ATTRIBUTE_UNUSED = @ATTRIBUTE_UNUSED@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -1173,8 +1318,11 @@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ENABLE_TOOLS = @ENABLE_TOOLS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GDB = @GDB@
+GIT = @GIT@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
@@ -1181,6 +1329,7 @@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+KYUA = @KYUA@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
@@ -1191,7 +1340,6 @@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
-MTN = @MTN@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
@@ -1224,6 +1372,7 @@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+atf_aclocaldir = @atf_aclocaldir@
atf_arch = @atf_arch@
atf_confdir = @atf_confdir@
atf_cssdir = @atf_cssdir@
@@ -1278,58 +1427,56 @@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-BUILT_SOURCES = atf-version/revision.h
+atf_aclocal_DATA = atf-c/atf-common.m4 atf-c/atf-c.m4 \
+ atf-c++/atf-c++.m4 atf-sh/atf-sh.m4
+BUILT_SOURCES = $(am__append_8)
CLEANFILES = atf-c/atf-c.pc atf-c/pkg_config_test atf-c++/atf-c++.pc \
- atf-c++/pkg_config_test atf-config/integration_test \
- atf-report/integration_test atf-run/integration_test \
- atf-sh/misc_helpers atf-sh/atf_check_test \
- atf-sh/atf-check_test atf-sh/config_test \
+ atf-c++/pkg_config_test atf-sh/atf-sh.pc atf-sh/misc_helpers \
+ atf-sh/atf_check_test atf-sh/atf-check_test atf-sh/config_test \
atf-sh/integration_test atf-sh/normalize_test atf-sh/tc_test \
- atf-sh/tp_test atf-version/revision.h \
- atf-version/revision.h.stamp bootstrap/h_tp_basic_sh \
+ atf-sh/tp_test bootstrap/h_tp_basic_sh \
bootstrap/h_tp_atf_check_sh bootstrap/h_tp_fail \
- bootstrap/h_tp_pass doc/atf.7 test-programs/sh_helpers \
+ bootstrap/h_tp_pass $(am__append_2) test-programs/sh_helpers \
test-programs/config_test test-programs/expect_test \
- test-programs/fork_test test-programs/meta_data_test \
- test-programs/result_test test-programs/srcdir_test \
- installcheck.fifo installcheck.log
-EXTRA_DIST = admin/check-install.sh admin/check-style-common.awk \
- admin/check-style-c.awk admin/check-style-cpp.awk \
- admin/check-style-man.awk admin/check-style-shell.awk \
- admin/check-style.sh atf-c/atf-c.pc.in $(tests_atf_c_DATA) \
- atf-c/pkg_config_test.sh $(tests_atf_c_detail_DATA) \
+ test-programs/meta_data_test test-programs/result_test \
+ test-programs/srcdir_test $(am__append_7)
+EXTRA_DIST = admin/check-style-common.awk admin/check-style-c.awk \
+ admin/check-style-cpp.awk admin/check-style-man.awk \
+ admin/check-style-shell.awk admin/check-style.sh \
+ atf-c/atf-common.m4 atf-c/atf-c.m4 atf-c/atf-c.pc.in \
+ $(tests_atf_c_DATA) atf-c/pkg_config_test.sh \
+ $(tests_atf_c_detail_DATA) atf-c++/atf-c++.m4 \
atf-c++/atf-c++.pc.in $(tests_atf_c___DATA) \
atf-c++/pkg_config_test.sh $(tests_atf_c___detail_DATA) \
- $(tests_atf_config_DATA) atf-config/integration_test.sh \
- $(css_DATA) $(dtd_DATA) $(xsl_DATA) $(tests_atf_report_DATA) \
- atf-report/integration_test.sh $(tests_atf_run_DATA) \
- atf-run/integration_test.sh $(hooks_DATA) $(eg_DATA) \
- $(atf_sh_DATA) $(tests_atf_sh_DATA) atf-sh/misc_helpers.sh \
+ $(atf_sh_DATA) atf-sh/atf-sh.m4 atf-sh/atf-sh.pc.in \
+ $(tests_atf_sh_DATA) atf-sh/misc_helpers.sh \
atf-sh/atf_check_test.sh atf-sh/atf-check_test.sh \
atf-sh/config_test.sh atf-sh/integration_test.sh \
atf-sh/normalize_test.sh atf-sh/tc_test.sh atf-sh/tp_test.sh \
- atf-version/generate-revision.sh bootstrap/h_tp_basic_sh.sh \
- bootstrap/h_tp_atf_check_sh.sh bootstrap/h_tp_fail.sh \
- bootstrap/h_tp_pass.sh bootstrap/testsuite \
- bootstrap/package.m4 bootstrap/testsuite.at $(testsuite_incs) \
- doc/atf.7.in $(tests_test_programs_DATA) \
- test-programs/common.sh test-programs/sh_helpers.sh \
- test-programs/config_test.sh test-programs/expect_test.sh \
- test-programs/fork_test.sh test-programs/meta_data_test.sh \
+ bootstrap/h_tp_basic_sh.sh bootstrap/h_tp_atf_check_sh.sh \
+ bootstrap/h_tp_fail.sh bootstrap/h_tp_pass.sh \
+ bootstrap/testsuite bootstrap/package.m4 \
+ bootstrap/testsuite.at $(testsuite_incs) $(am__append_3) \
+ $(tests_test_programs_DATA) test-programs/common.sh \
+ test-programs/sh_helpers.sh test-programs/config_test.sh \
+ test-programs/expect_test.sh test-programs/meta_data_test.sh \
test-programs/result_test.sh test-programs/srcdir_test.sh \
- $(doc_DATA) INSTALL README $(pkgtests_DATA)
+ $(am__append_6) $(doc_DATA) INSTALL README $(pkgtests_DATA)
dist_man_MANS = atf-c/atf-c-api.3 atf-c++/atf-c++-api.3 \
- atf-config/atf-config.1 atf-report/atf-report.1 \
- atf-run/atf-run.1 atf-sh/atf-check.1 atf-sh/atf-sh.1 \
- atf-sh/atf-sh-api.3 atf-version/atf-version.1 \
- doc/atf-formats.5 doc/atf-test-case.4 doc/atf-test-program.1
+ atf-sh/atf-check.1 atf-sh/atf-sh.1 atf-sh/atf-sh-api.3 \
+ doc/atf-test-case.4 doc/atf-test-program.1 $(am__append_4)
include_HEADERS = atf-c.h atf-c++.hpp
lib_LTLIBRARIES = libatf-c.la libatf-c++.la
-man_MANS = doc/atf.7
+man_MANS = $(am__append_1)
noinst_DATA = INSTALL README
noinst_LTLIBRARIES = atf-c/detail/libtest_helpers.la \
atf-c++/detail/libtest_helpers.la
+INSTALLCHECK_TARGETS = installcheck-bootstrap $(am__append_10) \
+ $(am__append_11)
+PHONY_TARGETS = check-style installcheck-bootstrap $(am__append_9) \
+ installcheck-kyua clean-all release release-test
ACLOCAL_AMFLAGS = -I m4
+AM_DISTCHECK_CONFIGURE_FLAGS = --enable-tools
libatf_c_la_SOURCES = atf-c/build.c atf-c/build.h atf-c/check.c \
atf-c/check.h atf-c/config.c atf-c/config.h atf-c/error.c \
atf-c/error.h atf-c/error_fwd.h atf-c/macros.h atf-c/tc.c \
@@ -1360,6 +1507,7 @@
"-DATF_WORKDIR=\"$(ATF_WORKDIR)\"" \
-I$(srcdir)/atf-c
+libatf_c_la_LDFLAGS = -version-info 0:0:0
atf_c_HEADERS = atf-c/build.h \
atf-c/check.h \
atf-c/config.h \
@@ -1375,7 +1523,9 @@
atf_cpkgconfigdir = $(atf_pkgconfigdir)
atf_cpkgconfig_DATA = atf-c/atf-c.pc
tests_atf_c_DATA = atf-c/Atffile \
- atf-c/macros_h_test.c
+ atf-c/Kyuafile \
+ atf-c/macros_h_test.c \
+ atf-c/unused_test.c
tests_atf_cdir = $(pkgtestsdir)/atf-c
atf_c_atf_c_test_SOURCES = atf-c/atf_c_test.c
@@ -1397,7 +1547,9 @@
atf_c_tp_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
atf_c_utils_test_SOURCES = atf-c/utils_test.c atf-c/h_build.h
atf_c_utils_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
-tests_atf_c_detail_DATA = atf-c/detail/Atffile
+tests_atf_c_detail_DATA = atf-c/detail/Atffile \
+ atf-c/detail/Kyuafile
+
tests_atf_c_detaildir = $(pkgtestsdir)/atf-c/detail
atf_c_detail_libtest_helpers_la_SOURCES = atf-c/detail/test_helpers.c \
atf-c/detail/test_helpers.h
@@ -1409,10 +1561,6 @@
atf_c_detail_env_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
atf_c_detail_fs_test_SOURCES = atf-c/detail/fs_test.c
atf_c_detail_fs_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
-atf_c_detail_test_helpers_test_SOURCES = atf-c/detail/test_helpers_test.c
-atf_c_detail_test_helpers_test_LDADD = atf-c/detail/libtest_helpers.la \
- libatf-c.la
-
atf_c_detail_list_test_SOURCES = atf-c/detail/list_test.c
atf_c_detail_list_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
atf_c_detail_map_test_SOURCES = atf-c/detail/map_test.c
@@ -1426,12 +1574,14 @@
atf_c_detail_text_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
atf_c_detail_user_test_SOURCES = atf-c/detail/user_test.c
atf_c_detail_user_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
+ATF_CXX_LIBS = libatf-c++.la libatf-c.la
libatf_c___la_LIBADD = libatf-c.la
libatf_c___la_SOURCES = atf-c++/build.cpp atf-c++/build.hpp \
atf-c++/check.cpp atf-c++/check.hpp atf-c++/config.cpp \
- atf-c++/config.hpp atf-c++/macros.hpp atf-c++/tests.cpp \
- atf-c++/tests.hpp atf-c++/utils.hpp \
- atf-c++/detail/application.cpp atf-c++/detail/application.hpp \
+ atf-c++/config.hpp atf-c++/macros.hpp atf-c++/noncopyable.hpp \
+ atf-c++/tests.cpp atf-c++/tests.hpp atf-c++/utils.cpp \
+ atf-c++/utils.hpp atf-c++/detail/application.cpp \
+ atf-c++/detail/application.hpp atf-c++/detail/auto_array.hpp \
atf-c++/detail/env.cpp atf-c++/detail/env.hpp \
atf-c++/detail/exceptions.cpp atf-c++/detail/exceptions.hpp \
atf-c++/detail/expand.cpp atf-c++/detail/expand.hpp \
@@ -1441,10 +1591,12 @@
atf-c++/detail/sanity.hpp atf-c++/detail/text.cpp \
atf-c++/detail/text.hpp atf-c++/detail/ui.cpp \
atf-c++/detail/ui.hpp
+libatf_c___la_LDFLAGS = -version-info 0:0:0
atf_c___HEADERS = atf-c++/build.hpp \
atf-c++/check.hpp \
atf-c++/config.hpp \
atf-c++/macros.hpp \
+ atf-c++/noncopyable.hpp \
atf-c++/tests.hpp \
atf-c++/utils.hpp
@@ -1452,183 +1604,79 @@
atf_c__dirpkgconfigdir = $(atf_pkgconfigdir)
atf_c__dirpkgconfig_DATA = atf-c++/atf-c++.pc
tests_atf_c___DATA = atf-c++/Atffile \
- atf-c++/macros_hpp_test.cpp
+ atf-c++/Kyuafile \
+ atf-c++/macros_hpp_test.cpp \
+ atf-c++/unused_test.cpp
tests_atf_c__dir = $(pkgtestsdir)/atf-c++
atf_c___atf_c___test_SOURCES = atf-c++/atf_c++_test.cpp
-atf_c___atf_c___test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___atf_c___test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___build_test_SOURCES = atf-c++/build_test.cpp atf-c/h_build.h
-atf_c___build_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___build_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___check_test_SOURCES = atf-c++/check_test.cpp
-atf_c___check_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___check_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___config_test_SOURCES = atf-c++/config_test.cpp
-atf_c___config_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___config_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___macros_test_SOURCES = atf-c++/macros_test.cpp
-atf_c___macros_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___macros_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___SCRIPTS = atf-c++/pkg_config_test
atf_c___tests_test_SOURCES = atf-c++/tests_test.cpp
-atf_c___tests_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___tests_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___utils_test_SOURCES = atf-c++/utils_test.cpp
-atf_c___utils_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-tests_atf_c___detail_DATA = atf-c++/detail/Atffile
+atf_c___utils_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+tests_atf_c___detail_DATA = atf-c++/detail/Atffile \
+ atf-c++/detail/Kyuafile
+
tests_atf_c___detaildir = $(pkgtestsdir)/atf-c++/detail
atf_c___detail_libtest_helpers_la_SOURCES = atf-c++/detail/test_helpers.cpp \
atf-c++/detail/test_helpers.hpp
atf_c___detail_application_test_SOURCES = atf-c++/detail/application_test.cpp
-atf_c___detail_application_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_application_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+atf_c___detail_auto_array_test_SOURCES = atf-c++/detail/auto_array_test.cpp
+atf_c___detail_auto_array_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_env_test_SOURCES = atf-c++/detail/env_test.cpp
-atf_c___detail_env_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_env_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_exceptions_test_SOURCES = atf-c++/detail/exceptions_test.cpp
-atf_c___detail_exceptions_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_exceptions_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_expand_test_SOURCES = atf-c++/detail/expand_test.cpp
-atf_c___detail_expand_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_expand_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_fs_test_SOURCES = atf-c++/detail/fs_test.cpp
-atf_c___detail_fs_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_fs_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_parser_test_SOURCES = atf-c++/detail/parser_test.cpp
-atf_c___detail_parser_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_parser_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_process_test_SOURCES = atf-c++/detail/process_test.cpp
-atf_c___detail_process_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_process_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_sanity_test_SOURCES = atf-c++/detail/sanity_test.cpp
-atf_c___detail_sanity_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_sanity_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_text_test_SOURCES = atf-c++/detail/text_test.cpp
-atf_c___detail_text_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_text_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_c___detail_ui_test_SOURCES = atf-c++/detail/ui_test.cpp
-atf_c___detail_ui_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-atf_config_atf_config_SOURCES = atf-config/atf-config.cpp
-atf_config_atf_config_LDADD = libatf-c++.la
-tests_atf_config_DATA = atf-config/Atffile
-tests_atf_configdir = $(pkgtestsdir)/atf-config
-tests_atf_config_SCRIPTS = atf-config/integration_test
-atf_report_atf_report_SOURCES = atf-report/atf-report.cpp \
- atf-report/reader.cpp \
- atf-report/reader.hpp
-
-atf_report_atf_report_LDADD = libatf-c++.la
-cssdir = $(atf_cssdir)
-css_DATA = atf-report/tests-results.css
-dtddir = $(atf_dtddir)
-dtd_DATA = atf-report/tests-results.dtd
-xsldir = $(atf_xsldir)
-xsl_DATA = atf-report/tests-results.xsl
-tests_atf_report_DATA = atf-report/Atffile
-tests_atf_reportdir = $(pkgtestsdir)/atf-report
-atf_report_fail_helper_SOURCES = atf-report/fail_helper.cpp
-atf_report_fail_helper_LDADD = libatf-c++.la
-atf_report_misc_helpers_SOURCES = atf-report/misc_helpers.cpp
-atf_report_misc_helpers_LDADD = libatf-c++.la
-atf_report_pass_helper_SOURCES = atf-report/pass_helper.cpp
-atf_report_pass_helper_LDADD = libatf-c++.la
-tests_atf_report_SCRIPTS = atf-report/integration_test
-atf_report_reader_test_SOURCES = atf-report/reader_test.cpp \
- atf-report/reader.cpp
-
-atf_report_reader_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_report_reader_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-atf_run_atf_run_SOURCES = atf-run/atf-run.cpp \
- atf-run/atffile.cpp \
- atf-run/atffile.hpp \
- atf-run/config.cpp \
- atf-run/config.hpp \
- atf-run/fs.cpp \
- atf-run/fs.hpp \
- atf-run/io.cpp \
- atf-run/io.hpp \
- atf-run/requirements.cpp \
- atf-run/requirements.hpp \
- atf-run/signals.cpp \
- atf-run/signals.hpp \
- atf-run/test-program.cpp \
- atf-run/test-program.hpp \
- atf-run/timer.cpp \
- atf-run/timer.hpp \
- atf-run/user.cpp \
- atf-run/user.hpp
-
-atf_run_atf_run_LDADD = libatf-c++.la
-tests_atf_run_DATA = atf-run/Atffile
-tests_atf_rundir = $(pkgtestsdir)/atf-run
-atf_run_atffile_test_SOURCES = atf-run/atffile_test.cpp \
- atf-run/atffile.cpp
-
-atf_run_atffile_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_run_atffile_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-atf_run_bad_metadata_helper_SOURCES = atf-run/bad_metadata_helper.c
-atf_run_bad_metadata_helper_LDADD = libatf-c.la
-atf_run_config_test_SOURCES = atf-run/config_test.cpp \
- atf-run/config.cpp
-
-atf_run_config_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_run_config_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-atf_run_expect_helpers_SOURCES = atf-run/expect_helpers.c
-atf_run_expect_helpers_LDADD = libatf-c.la
-atf_run_fs_test_SOURCES = atf-run/fs_test.cpp \
- atf-run/fs.cpp \
- atf-run/user.cpp
-
-atf_run_fs_test_LDADD = libatf-c++.la
-atf_run_io_test_SOURCES = atf-run/io_test.cpp \
- atf-run/io.cpp \
- atf-run/signals.cpp
-
-atf_run_io_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-atf_run_misc_helpers_SOURCES = atf-run/misc_helpers.cpp
-atf_run_misc_helpers_LDADD = libatf-c++.la
-atf_run_pass_helper_SOURCES = atf-run/pass_helper.cpp
-atf_run_pass_helper_LDADD = libatf-c++.la
-atf_run_several_tcs_helper_SOURCES = atf-run/several_tcs_helper.c
-atf_run_several_tcs_helper_LDADD = libatf-c.la
-atf_run_requirements_test_SOURCES = atf-run/requirements_test.cpp \
- atf-run/requirements.cpp \
- atf-run/user.cpp
-
-atf_run_requirements_test_LDADD = libatf-c++.la
-atf_run_signals_test_SOURCES = atf-run/signals_test.cpp atf-run/signals.cpp
-atf_run_signals_test_LDADD = libatf-c++.la
-atf_run_test_program_test_SOURCES = atf-run/test_program_test.cpp \
- atf-run/fs.cpp \
- atf-run/io.cpp \
- atf-run/requirements.cpp \
- atf-run/signals.cpp \
- atf-run/test-program.cpp \
- atf-run/timer.cpp \
- atf-run/user.cpp
-
-atf_run_test_program_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_run_test_program_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-atf_run_user_test_SOURCES = atf-run/user_test.cpp atf-run/user.cpp
-atf_run_user_test_LDADD = libatf-c++.la
-atf_run_zero_tcs_helper_SOURCES = atf-run/zero_tcs_helper.c
-atf_run_zero_tcs_helper_LDADD = libatf-c.la
-tests_atf_run_SCRIPTS = atf-run/integration_test
-hooksdir = $(pkgdatadir)
-hooks_DATA = atf-run/share/atf-run.hooks
-egdir = $(atf_egdir)
-eg_DATA = atf-run/sample/atf-run.hooks atf-run/sample/common.conf
+atf_c___detail_ui_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
atf_sh_atf_check_SOURCES = atf-sh/atf-check.cpp
-atf_sh_atf_check_LDADD = libatf-c++.la
+atf_sh_atf_check_LDADD = $(ATF_CXX_LIBS)
atf_sh_atf_sh_SOURCES = atf-sh/atf-sh.cpp
-atf_sh_atf_sh_LDADD = libatf-c++.la
+atf_sh_atf_sh_LDADD = $(ATF_CXX_LIBS)
atf_sh_DATA = atf-sh/libatf-sh.subr
atf_shdir = $(pkgdatadir)
-tests_atf_sh_DATA = atf-sh/Atffile
+atf_shpkgconfigdir = $(atf_pkgconfigdir)
+atf_shpkgconfig_DATA = atf-sh/atf-sh.pc
+tests_atf_sh_DATA = atf-sh/Atffile \
+ atf-sh/Kyuafile
+
tests_atf_shdir = $(pkgtestsdir)/atf-sh
tests_atf_sh_SCRIPTS = atf-sh/misc_helpers atf-sh/atf_check_test \
atf-sh/atf-check_test atf-sh/config_test \
atf-sh/integration_test atf-sh/normalize_test atf-sh/tc_test \
atf-sh/tp_test
-atf_version_atf_version_SOURCES = atf-version/atf-version.cpp
-nodist_atf_version_atf_version_SOURCES = atf-version/revision.h
-atf_version_atf_version_CPPFLAGS = -Iatf-version
-atf_version_atf_version_LDADD = libatf-c++.la
bootstrap_h_app_empty_SOURCES = bootstrap/h_app_empty.cpp
-bootstrap_h_app_empty_LDADD = libatf-c++.la
+bootstrap_h_app_empty_LDADD = $(ATF_CXX_LIBS)
bootstrap_h_app_opts_args_SOURCES = bootstrap/h_app_opts_args.cpp
-bootstrap_h_app_opts_args_LDADD = libatf-c++.la
+bootstrap_h_app_opts_args_LDADD = $(ATF_CXX_LIBS)
bootstrap_h_tp_basic_c_SOURCES = bootstrap/h_tp_basic_c.c
bootstrap_h_tp_basic_c_LDADD = libatf-c.la
bootstrap_h_tp_basic_cpp_SOURCES = bootstrap/h_tp_basic_cpp.cpp
-bootstrap_h_tp_basic_cpp_LDADD = libatf-c++.la
+bootstrap_h_tp_basic_cpp_LDADD = $(ATF_CXX_LIBS)
check_SCRIPTS = bootstrap/h_tp_basic_sh bootstrap/h_tp_atf_check_sh \
bootstrap/h_tp_fail bootstrap/h_tp_pass
DISTCLEANFILES = \
@@ -1646,18 +1694,142 @@
$(srcdir)/bootstrap/t_test_program_list.at \
$(srcdir)/bootstrap/t_test_program_run.at
-tests_test_programs_DATA = test-programs/Atffile
+tests_test_programs_DATA = test-programs/Atffile \
+ test-programs/Kyuafile
+
tests_test_programsdir = $(pkgtestsdir)/test-programs
test_programs_c_helpers_SOURCES = test-programs/c_helpers.c
test_programs_c_helpers_LDADD = libatf-c.la
test_programs_cpp_helpers_SOURCES = test-programs/cpp_helpers.cpp
-test_programs_cpp_helpers_LDADD = libatf-c++.la
+test_programs_cpp_helpers_LDADD = $(ATF_CXX_LIBS)
common_sh = $(srcdir)/test-programs/common.sh
tests_test_programs_SCRIPTS = test-programs/sh_helpers \
test-programs/config_test test-programs/expect_test \
- test-programs/fork_test test-programs/meta_data_test \
- test-programs/result_test test-programs/srcdir_test
+ test-programs/meta_data_test test-programs/result_test \
+ test-programs/srcdir_test
+ at ENABLE_TOOLS_TRUE@atf_report_atf_report_SOURCES = atf-report/atf-report.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-report/reader.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-report/reader.hpp
+ at ENABLE_TOOLS_TRUE@atf_report_atf_report_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@cssdir = $(atf_cssdir)
+ at ENABLE_TOOLS_TRUE@css_DATA = atf-report/tests-results.css
+ at ENABLE_TOOLS_TRUE@dtddir = $(atf_dtddir)
+ at ENABLE_TOOLS_TRUE@dtd_DATA = atf-report/tests-results.dtd
+ at ENABLE_TOOLS_TRUE@xsldir = $(atf_xsldir)
+ at ENABLE_TOOLS_TRUE@xsl_DATA = atf-report/tests-results.xsl
+ at ENABLE_TOOLS_TRUE@tests_atf_report_DATA = atf-report/Atffile \
+ at ENABLE_TOOLS_TRUE@ atf-report/Kyuafile
+
+ at ENABLE_TOOLS_TRUE@tests_atf_reportdir = $(pkgtestsdir)/atf-report
+ at ENABLE_TOOLS_TRUE@atf_report_fail_helper_SOURCES = atf-report/fail_helper.cpp
+ at ENABLE_TOOLS_TRUE@atf_report_fail_helper_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_report_misc_helpers_SOURCES = atf-report/misc_helpers.cpp
+ at ENABLE_TOOLS_TRUE@atf_report_misc_helpers_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_report_pass_helper_SOURCES = atf-report/pass_helper.cpp
+ at ENABLE_TOOLS_TRUE@atf_report_pass_helper_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@tests_atf_report_SCRIPTS = atf-report/integration_test
+ at ENABLE_TOOLS_TRUE@atf_report_reader_test_SOURCES = atf-report/reader_test.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-report/reader.cpp
+
+ at ENABLE_TOOLS_TRUE@atf_report_reader_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
+ at ENABLE_TOOLS_TRUE@atf_report_reader_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_config_atf_config_SOURCES = atf-config/atf-config.cpp
+ at ENABLE_TOOLS_TRUE@atf_config_atf_config_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@tests_atf_config_DATA = atf-config/Atffile \
+ at ENABLE_TOOLS_TRUE@ atf-config/Kyuafile
+
+ at ENABLE_TOOLS_TRUE@tests_atf_configdir = $(pkgtestsdir)/atf-config
+ at ENABLE_TOOLS_TRUE@tests_atf_config_SCRIPTS = atf-config/integration_test
+ at ENABLE_TOOLS_TRUE@atf_run_atf_run_CPPFLAGS = "-DGDB=\"$(GDB)\""
+ at ENABLE_TOOLS_TRUE@atf_run_atf_run_SOURCES = atf-run/atf-run.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/atffile.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/atffile.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/config.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/config.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/fs.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/fs.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/io.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/io.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/requirements.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/requirements.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/test-program.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/test-program.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/timer.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/timer.hpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/user.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/user.hpp
+
+ at ENABLE_TOOLS_TRUE@atf_run_atf_run_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@tests_atf_run_DATA = atf-run/Atffile \
+ at ENABLE_TOOLS_TRUE@ atf-run/Kyuafile
+
+ at ENABLE_TOOLS_TRUE@tests_atf_rundir = $(pkgtestsdir)/atf-run
+ at ENABLE_TOOLS_TRUE@atf_run_atffile_test_SOURCES = atf-run/atffile_test.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/atffile.cpp
+
+ at ENABLE_TOOLS_TRUE@atf_run_atffile_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
+ at ENABLE_TOOLS_TRUE@atf_run_atffile_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_bad_metadata_helper_SOURCES = atf-run/bad_metadata_helper.c
+ at ENABLE_TOOLS_TRUE@atf_run_bad_metadata_helper_LDADD = libatf-c.la
+ at ENABLE_TOOLS_TRUE@atf_run_config_test_SOURCES = atf-run/config_test.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/config.cpp
+
+ at ENABLE_TOOLS_TRUE@atf_run_config_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
+ at ENABLE_TOOLS_TRUE@atf_run_config_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_expect_helpers_SOURCES = atf-run/expect_helpers.c
+ at ENABLE_TOOLS_TRUE@atf_run_expect_helpers_LDADD = libatf-c.la
+ at ENABLE_TOOLS_TRUE@atf_run_fs_test_SOURCES = atf-run/fs_test.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/fs.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/user.cpp
+
+ at ENABLE_TOOLS_TRUE@atf_run_fs_test_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_io_test_SOURCES = atf-run/io_test.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/io.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals.cpp
+
+ at ENABLE_TOOLS_TRUE@atf_run_io_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_misc_helpers_SOURCES = atf-run/misc_helpers.cpp
+ at ENABLE_TOOLS_TRUE@atf_run_misc_helpers_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_pass_helper_SOURCES = atf-run/pass_helper.cpp
+ at ENABLE_TOOLS_TRUE@atf_run_pass_helper_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_several_tcs_helper_SOURCES = atf-run/several_tcs_helper.c
+ at ENABLE_TOOLS_TRUE@atf_run_several_tcs_helper_LDADD = libatf-c.la
+ at ENABLE_TOOLS_TRUE@atf_run_requirements_test_SOURCES = atf-run/requirements_test.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/requirements.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/user.cpp
+
+ at ENABLE_TOOLS_TRUE@atf_run_requirements_test_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_signals_test_SOURCES = atf-run/signals_test.cpp atf-run/signals.cpp
+ at ENABLE_TOOLS_TRUE@atf_run_signals_test_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_test_program_test_SOURCES = atf-run/test_program_test.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/fs.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/io.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/requirements.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/signals.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/test-program.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/timer.cpp \
+ at ENABLE_TOOLS_TRUE@ atf-run/user.cpp
+
+ at ENABLE_TOOLS_TRUE@atf_run_test_program_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
+ at ENABLE_TOOLS_TRUE@atf_run_test_program_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_user_test_SOURCES = atf-run/user_test.cpp atf-run/user.cpp
+ at ENABLE_TOOLS_TRUE@atf_run_user_test_LDADD = $(ATF_CXX_LIBS)
+ at ENABLE_TOOLS_TRUE@atf_run_zero_tcs_helper_SOURCES = atf-run/zero_tcs_helper.c
+ at ENABLE_TOOLS_TRUE@atf_run_zero_tcs_helper_LDADD = libatf-c.la
+ at ENABLE_TOOLS_TRUE@tests_atf_run_SCRIPTS = atf-run/integration_test
+ at ENABLE_TOOLS_TRUE@hooksdir = $(pkgdatadir)
+ at ENABLE_TOOLS_TRUE@hooks_DATA = atf-run/share/atf-run.hooks
+ at ENABLE_TOOLS_TRUE@egdir = $(atf_egdir)
+ at ENABLE_TOOLS_TRUE@eg_DATA = atf-run/sample/atf-run.hooks \
+ at ENABLE_TOOLS_TRUE@ atf-run/sample/common.conf
+ at ENABLE_TOOLS_TRUE@atf_version_atf_version_SOURCES = atf-version/atf-version.cpp
+ at ENABLE_TOOLS_TRUE@nodist_atf_version_atf_version_SOURCES = atf-version/revision.h
+ at ENABLE_TOOLS_TRUE@atf_version_atf_version_CPPFLAGS = -Iatf-version
+ at ENABLE_TOOLS_TRUE@atf_version_atf_version_LDADD = $(ATF_CXX_LIBS)
+
#
# Top-level distfile documents.
#
@@ -1670,8 +1842,8 @@
PKG_CONFIG_PATH=$(prefix)/lib/pkgconfig
testsdir = $(exec_prefix)/tests
-pkgtestsdir = $(testsdir)/atf
-pkgtests_DATA = Atffile
+pkgtestsdir = $(testsdir)/$(PACKAGE)
+pkgtests_DATA = Kyuafile $(am__append_12)
BUILD_SH_TP = \
echo "Creating $${dst}"; \
echo "\#! $(bindir)/atf-sh" >$${dst}; \
@@ -1683,21 +1855,21 @@
.SUFFIXES:
.SUFFIXES: .c .cpp .lo .o .obj
-am--refresh:
+am--refresh: Makefile
@:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/admin/Makefile.am.inc $(srcdir)/atf-c/Makefile.am.inc $(srcdir)/atf-c/detail/Makefile.am.inc $(srcdir)/atf-c++/Makefile.am.inc $(srcdir)/atf-c++/detail/Makefile.am.inc $(srcdir)/atf-config/Makefile.am.inc $(srcdir)/atf-report/Makefile.am.inc $(srcdir)/atf-run/Makefile.am.inc $(srcdir)/atf-sh/Makefile.am.inc $(srcdir)/atf-version/Makefile.am.inc $(srcdir)/bootstrap/Makefile.am.inc $(srcdir)/doc/Makefile.am.inc $(srcdir)/test-programs/Makefile.am.inc $(am__configure_deps)
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/admin/Makefile.am.inc $(srcdir)/atf-c/Makefile.am.inc $(srcdir)/atf-c/detail/Makefile.am.inc $(srcdir)/atf-c++/Makefile.am.inc $(srcdir)/atf-c++/detail/Makefile.am.inc $(srcdir)/atf-sh/Makefile.am.inc $(srcdir)/bootstrap/Makefile.am.inc $(srcdir)/doc/Makefile.am.inc $(srcdir)/test-programs/Makefile.am.inc $(srcdir)/atf-report/Makefile.am.inc $(srcdir)/atf-config/Makefile.am.inc $(srcdir)/atf-run/Makefile.am.inc $(srcdir)/atf-version/Makefile.am.inc $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
- cd $(srcdir) && $(AUTOMAKE) --foreign \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
+ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
&& exit 0; \
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
- cd $(top_srcdir) && \
- $(AUTOMAKE) --foreign Makefile
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -1708,26 +1880,26 @@
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
esac;
+$(srcdir)/admin/Makefile.am.inc $(srcdir)/atf-c/Makefile.am.inc $(srcdir)/atf-c/detail/Makefile.am.inc $(srcdir)/atf-c++/Makefile.am.inc $(srcdir)/atf-c++/detail/Makefile.am.inc $(srcdir)/atf-sh/Makefile.am.inc $(srcdir)/bootstrap/Makefile.am.inc $(srcdir)/doc/Makefile.am.inc $(srcdir)/test-programs/Makefile.am.inc $(srcdir)/atf-report/Makefile.am.inc $(srcdir)/atf-config/Makefile.am.inc $(srcdir)/atf-run/Makefile.am.inc $(srcdir)/atf-version/Makefile.am.inc:
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(top_srcdir)/configure: $(am__configure_deps)
- cd $(srcdir) && $(AUTOCONF)
+ $(am__cd) $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+ $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
bconfig.h: stamp-h1
- @if test ! -f $@; then \
- rm -f stamp-h1; \
- $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
- else :; fi
+ @if test ! -f $@; then rm -f stamp-h1; else :; fi
+ @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi
stamp-h1: $(srcdir)/bconfig.h.in $(top_builddir)/config.status
@rm -f stamp-h1
cd $(top_builddir) && $(SHELL) ./config.status bconfig.h
$(srcdir)/bconfig.h.in: $(am__configure_deps)
- cd $(top_srcdir) && $(AUTOHEADER)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
rm -f stamp-h1
touch $@
@@ -1737,40 +1909,49 @@
cd $(top_builddir) && $(SHELL) ./config.status $@
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
- test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
if test -f $$p; then \
- f=$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ list2="$$list2 $$p"; \
else :; fi; \
- done
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
uninstall-libLTLIBRARIES:
@$(NORMAL_UNINSTALL)
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
- p=$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
done
clean-libLTLIBRARIES:
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
- test "$$dir" != "$$p" || dir=.; \
- echo "rm -f \"$${dir}/so_locations\""; \
- rm -f "$${dir}/so_locations"; \
- done
+ @list='$(lib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
clean-noinstLTLIBRARIES:
-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
- @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
- test "$$dir" != "$$p" || dir=.; \
- echo "rm -f \"$${dir}/so_locations\""; \
- rm -f "$${dir}/so_locations"; \
- done
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
atf-c++/detail/$(am__dirstamp):
@$(MKDIR_P) atf-c++/detail
@: > atf-c++/detail/$(am__dirstamp)
@@ -1779,7 +1960,7 @@
@: > atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
atf-c++/detail/test_helpers.lo: atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/libtest_helpers.la: $(atf_c___detail_libtest_helpers_la_OBJECTS) $(atf_c___detail_libtest_helpers_la_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/libtest_helpers.la: $(atf_c___detail_libtest_helpers_la_OBJECTS) $(atf_c___detail_libtest_helpers_la_DEPENDENCIES) $(EXTRA_atf_c___detail_libtest_helpers_la_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
$(CXXLINK) $(atf_c___detail_libtest_helpers_la_OBJECTS) $(atf_c___detail_libtest_helpers_la_LIBADD) $(LIBS)
atf-c/detail/$(am__dirstamp):
@$(MKDIR_P) atf-c/detail
@@ -1790,7 +1971,7 @@
atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo: \
atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/libtest_helpers.la: $(atf_c_detail_libtest_helpers_la_OBJECTS) $(atf_c_detail_libtest_helpers_la_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/libtest_helpers.la: $(atf_c_detail_libtest_helpers_la_OBJECTS) $(atf_c_detail_libtest_helpers_la_DEPENDENCIES) $(EXTRA_atf_c_detail_libtest_helpers_la_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
$(LINK) $(atf_c_detail_libtest_helpers_la_OBJECTS) $(atf_c_detail_libtest_helpers_la_LIBADD) $(LIBS)
atf-c++/$(am__dirstamp):
@$(MKDIR_P) atf-c++
@@ -1806,6 +1987,8 @@
atf-c++/$(DEPDIR)/$(am__dirstamp)
atf-c++/tests.lo: atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
+atf-c++/utils.lo: atf-c++/$(am__dirstamp) \
+ atf-c++/$(DEPDIR)/$(am__dirstamp)
atf-c++/detail/application.lo: atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
atf-c++/detail/env.lo: atf-c++/detail/$(am__dirstamp) \
@@ -1824,8 +2007,8 @@
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
atf-c++/detail/ui.lo: atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-libatf-c++.la: $(libatf_c___la_OBJECTS) $(libatf_c___la_DEPENDENCIES)
- $(CXXLINK) -rpath $(libdir) $(libatf_c___la_OBJECTS) $(libatf_c___la_LIBADD) $(LIBS)
+libatf-c++.la: $(libatf_c___la_OBJECTS) $(libatf_c___la_DEPENDENCIES) $(EXTRA_libatf_c___la_DEPENDENCIES)
+ $(libatf_c___la_LINK) -rpath $(libdir) $(libatf_c___la_OBJECTS) $(libatf_c___la_LIBADD) $(LIBS)
atf-c/$(am__dirstamp):
@$(MKDIR_P) atf-c
@: > atf-c/$(am__dirstamp)
@@ -1866,453 +2049,617 @@
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
atf-c/detail/libatf_c_la-user.lo: atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-libatf-c.la: $(libatf_c_la_OBJECTS) $(libatf_c_la_DEPENDENCIES)
- $(LINK) -rpath $(libdir) $(libatf_c_la_OBJECTS) $(libatf_c_la_LIBADD) $(LIBS)
+libatf-c.la: $(libatf_c_la_OBJECTS) $(libatf_c_la_DEPENDENCIES) $(EXTRA_libatf_c_la_DEPENDENCIES)
+ $(libatf_c_la_LINK) -rpath $(libdir) $(libatf_c_la_OBJECTS) $(libatf_c_la_LIBADD) $(LIBS)
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
- @list='$(bin_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(bin_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
- rm -f "$(DESTDIR)$(bindir)/$$f"; \
- done
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
clean-binPROGRAMS:
- @list='$(bin_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
clean-checkPROGRAMS:
- @list='$(check_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
- @list='$(libexec_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libexecdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libexecdir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-libexecPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(libexec_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
- rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
- done
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
clean-libexecPROGRAMS:
- @list='$(libexec_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-tests_atf_cPROGRAMS: $(tests_atf_c_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_cdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_cdir)"
- @list='$(tests_atf_c_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_cPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(tests_atf_cdir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_cPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(tests_atf_cdir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(tests_atf_c_PROGRAMS)'; test -n "$(tests_atf_cdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_cdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_cdir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(tests_atf_cdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(tests_atf_cdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_cPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_cdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_cdir)/$$f"; \
- done
+ @list='$(tests_atf_c_PROGRAMS)'; test -n "$(tests_atf_cdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(tests_atf_cdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(tests_atf_cdir)" && rm -f $$files
clean-tests_atf_cPROGRAMS:
- @list='$(tests_atf_c_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(tests_atf_c_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-tests_atf_c__PROGRAMS: $(tests_atf_c___PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_c__dir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_c__dir)"
- @list='$(tests_atf_c___PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_c__PROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(tests_atf_c__dir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_c__PROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(tests_atf_c__dir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(tests_atf_c___PROGRAMS)'; test -n "$(tests_atf_c__dir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_c__dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_c__dir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(tests_atf_c__dir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(tests_atf_c__dir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_c__PROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c___PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_c__dir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_c__dir)/$$f"; \
- done
+ @list='$(tests_atf_c___PROGRAMS)'; test -n "$(tests_atf_c__dir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(tests_atf_c__dir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(tests_atf_c__dir)" && rm -f $$files
clean-tests_atf_c__PROGRAMS:
- @list='$(tests_atf_c___PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(tests_atf_c___PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-tests_atf_c___detailPROGRAMS: $(tests_atf_c___detail_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_c___detaildir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_c___detaildir)"
- @list='$(tests_atf_c___detail_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_c___detailPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(tests_atf_c___detaildir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_c___detailPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(tests_atf_c___detaildir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(tests_atf_c___detail_PROGRAMS)'; test -n "$(tests_atf_c___detaildir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_c___detaildir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_c___detaildir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(tests_atf_c___detaildir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(tests_atf_c___detaildir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_c___detailPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c___detail_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_c___detaildir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_c___detaildir)/$$f"; \
- done
+ @list='$(tests_atf_c___detail_PROGRAMS)'; test -n "$(tests_atf_c___detaildir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(tests_atf_c___detaildir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(tests_atf_c___detaildir)" && rm -f $$files
clean-tests_atf_c___detailPROGRAMS:
- @list='$(tests_atf_c___detail_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(tests_atf_c___detail_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-tests_atf_c_detailPROGRAMS: $(tests_atf_c_detail_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_c_detaildir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_c_detaildir)"
- @list='$(tests_atf_c_detail_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_c_detailPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(tests_atf_c_detaildir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_c_detailPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(tests_atf_c_detaildir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(tests_atf_c_detail_PROGRAMS)'; test -n "$(tests_atf_c_detaildir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_c_detaildir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_c_detaildir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(tests_atf_c_detaildir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(tests_atf_c_detaildir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_c_detailPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c_detail_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_c_detaildir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_c_detaildir)/$$f"; \
- done
+ @list='$(tests_atf_c_detail_PROGRAMS)'; test -n "$(tests_atf_c_detaildir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(tests_atf_c_detaildir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(tests_atf_c_detaildir)" && rm -f $$files
clean-tests_atf_c_detailPROGRAMS:
- @list='$(tests_atf_c_detail_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(tests_atf_c_detail_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-tests_atf_reportPROGRAMS: $(tests_atf_report_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_reportdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_reportdir)"
- @list='$(tests_atf_report_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_reportPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(tests_atf_reportdir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_reportPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(tests_atf_reportdir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(tests_atf_report_PROGRAMS)'; test -n "$(tests_atf_reportdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_reportdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_reportdir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(tests_atf_reportdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(tests_atf_reportdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_reportPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_report_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_reportdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_reportdir)/$$f"; \
- done
+ @list='$(tests_atf_report_PROGRAMS)'; test -n "$(tests_atf_reportdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(tests_atf_reportdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(tests_atf_reportdir)" && rm -f $$files
clean-tests_atf_reportPROGRAMS:
- @list='$(tests_atf_report_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(tests_atf_report_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-tests_atf_runPROGRAMS: $(tests_atf_run_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_rundir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_rundir)"
- @list='$(tests_atf_run_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_runPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(tests_atf_rundir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_atf_runPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(tests_atf_rundir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(tests_atf_run_PROGRAMS)'; test -n "$(tests_atf_rundir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_rundir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_rundir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(tests_atf_rundir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(tests_atf_rundir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_runPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_run_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_rundir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_rundir)/$$f"; \
- done
+ @list='$(tests_atf_run_PROGRAMS)'; test -n "$(tests_atf_rundir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(tests_atf_rundir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(tests_atf_rundir)" && rm -f $$files
clean-tests_atf_runPROGRAMS:
- @list='$(tests_atf_run_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(tests_atf_run_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-tests_test_programsPROGRAMS: $(tests_test_programs_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(tests_test_programsdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_test_programsdir)"
- @list='$(tests_test_programs_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_test_programsPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(tests_test_programsdir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(tests_test_programsPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(tests_test_programsdir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(tests_test_programs_PROGRAMS)'; test -n "$(tests_test_programsdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_test_programsdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_test_programsdir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(tests_test_programsdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(tests_test_programsdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_test_programsPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_test_programs_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(tests_test_programsdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_test_programsdir)/$$f"; \
- done
+ @list='$(tests_test_programs_PROGRAMS)'; test -n "$(tests_test_programsdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(tests_test_programsdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(tests_test_programsdir)" && rm -f $$files
clean-tests_test_programsPROGRAMS:
- @list='$(tests_test_programs_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(tests_test_programs_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
atf-c++/atf_c++_test.$(OBJEXT): atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
-atf-c++/atf_c++_test$(EXEEXT): $(atf_c___atf_c___test_OBJECTS) $(atf_c___atf_c___test_DEPENDENCIES) atf-c++/$(am__dirstamp)
+atf-c++/atf_c++_test$(EXEEXT): $(atf_c___atf_c___test_OBJECTS) $(atf_c___atf_c___test_DEPENDENCIES) $(EXTRA_atf_c___atf_c___test_DEPENDENCIES) atf-c++/$(am__dirstamp)
@rm -f atf-c++/atf_c++_test$(EXEEXT)
$(CXXLINK) $(atf_c___atf_c___test_OBJECTS) $(atf_c___atf_c___test_LDADD) $(LIBS)
atf-c++/build_test.$(OBJEXT): atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
-atf-c++/build_test$(EXEEXT): $(atf_c___build_test_OBJECTS) $(atf_c___build_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
+atf-c++/build_test$(EXEEXT): $(atf_c___build_test_OBJECTS) $(atf_c___build_test_DEPENDENCIES) $(EXTRA_atf_c___build_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
@rm -f atf-c++/build_test$(EXEEXT)
$(CXXLINK) $(atf_c___build_test_OBJECTS) $(atf_c___build_test_LDADD) $(LIBS)
atf-c++/check_test.$(OBJEXT): atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
-atf-c++/check_test$(EXEEXT): $(atf_c___check_test_OBJECTS) $(atf_c___check_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
+atf-c++/check_test$(EXEEXT): $(atf_c___check_test_OBJECTS) $(atf_c___check_test_DEPENDENCIES) $(EXTRA_atf_c___check_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
@rm -f atf-c++/check_test$(EXEEXT)
$(CXXLINK) $(atf_c___check_test_OBJECTS) $(atf_c___check_test_LDADD) $(LIBS)
atf-c++/config_test.$(OBJEXT): atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
-atf-c++/config_test$(EXEEXT): $(atf_c___config_test_OBJECTS) $(atf_c___config_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
+atf-c++/config_test$(EXEEXT): $(atf_c___config_test_OBJECTS) $(atf_c___config_test_DEPENDENCIES) $(EXTRA_atf_c___config_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
@rm -f atf-c++/config_test$(EXEEXT)
$(CXXLINK) $(atf_c___config_test_OBJECTS) $(atf_c___config_test_LDADD) $(LIBS)
atf-c++/detail/application_test.$(OBJEXT): \
atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/application_test$(EXEEXT): $(atf_c___detail_application_test_OBJECTS) $(atf_c___detail_application_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/application_test$(EXEEXT): $(atf_c___detail_application_test_OBJECTS) $(atf_c___detail_application_test_DEPENDENCIES) $(EXTRA_atf_c___detail_application_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/application_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_application_test_OBJECTS) $(atf_c___detail_application_test_LDADD) $(LIBS)
+atf-c++/detail/auto_array_test.$(OBJEXT): \
+ atf-c++/detail/$(am__dirstamp) \
+ atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
+atf-c++/detail/auto_array_test$(EXEEXT): $(atf_c___detail_auto_array_test_OBJECTS) $(atf_c___detail_auto_array_test_DEPENDENCIES) $(EXTRA_atf_c___detail_auto_array_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+ @rm -f atf-c++/detail/auto_array_test$(EXEEXT)
+ $(CXXLINK) $(atf_c___detail_auto_array_test_OBJECTS) $(atf_c___detail_auto_array_test_LDADD) $(LIBS)
atf-c++/detail/env_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/env_test$(EXEEXT): $(atf_c___detail_env_test_OBJECTS) $(atf_c___detail_env_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/env_test$(EXEEXT): $(atf_c___detail_env_test_OBJECTS) $(atf_c___detail_env_test_DEPENDENCIES) $(EXTRA_atf_c___detail_env_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/env_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_env_test_OBJECTS) $(atf_c___detail_env_test_LDADD) $(LIBS)
atf-c++/detail/exceptions_test.$(OBJEXT): \
atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/exceptions_test$(EXEEXT): $(atf_c___detail_exceptions_test_OBJECTS) $(atf_c___detail_exceptions_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/exceptions_test$(EXEEXT): $(atf_c___detail_exceptions_test_OBJECTS) $(atf_c___detail_exceptions_test_DEPENDENCIES) $(EXTRA_atf_c___detail_exceptions_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/exceptions_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_exceptions_test_OBJECTS) $(atf_c___detail_exceptions_test_LDADD) $(LIBS)
atf-c++/detail/expand_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/expand_test$(EXEEXT): $(atf_c___detail_expand_test_OBJECTS) $(atf_c___detail_expand_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/expand_test$(EXEEXT): $(atf_c___detail_expand_test_OBJECTS) $(atf_c___detail_expand_test_DEPENDENCIES) $(EXTRA_atf_c___detail_expand_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/expand_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_expand_test_OBJECTS) $(atf_c___detail_expand_test_LDADD) $(LIBS)
atf-c++/detail/fs_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/fs_test$(EXEEXT): $(atf_c___detail_fs_test_OBJECTS) $(atf_c___detail_fs_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/fs_test$(EXEEXT): $(atf_c___detail_fs_test_OBJECTS) $(atf_c___detail_fs_test_DEPENDENCIES) $(EXTRA_atf_c___detail_fs_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/fs_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_fs_test_OBJECTS) $(atf_c___detail_fs_test_LDADD) $(LIBS)
atf-c++/detail/parser_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/parser_test$(EXEEXT): $(atf_c___detail_parser_test_OBJECTS) $(atf_c___detail_parser_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/parser_test$(EXEEXT): $(atf_c___detail_parser_test_OBJECTS) $(atf_c___detail_parser_test_DEPENDENCIES) $(EXTRA_atf_c___detail_parser_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/parser_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_parser_test_OBJECTS) $(atf_c___detail_parser_test_LDADD) $(LIBS)
atf-c++/detail/process_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/process_test$(EXEEXT): $(atf_c___detail_process_test_OBJECTS) $(atf_c___detail_process_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/process_test$(EXEEXT): $(atf_c___detail_process_test_OBJECTS) $(atf_c___detail_process_test_DEPENDENCIES) $(EXTRA_atf_c___detail_process_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/process_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_process_test_OBJECTS) $(atf_c___detail_process_test_LDADD) $(LIBS)
atf-c++/detail/sanity_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/sanity_test$(EXEEXT): $(atf_c___detail_sanity_test_OBJECTS) $(atf_c___detail_sanity_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/sanity_test$(EXEEXT): $(atf_c___detail_sanity_test_OBJECTS) $(atf_c___detail_sanity_test_DEPENDENCIES) $(EXTRA_atf_c___detail_sanity_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/sanity_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_sanity_test_OBJECTS) $(atf_c___detail_sanity_test_LDADD) $(LIBS)
atf-c++/detail/text_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/text_test$(EXEEXT): $(atf_c___detail_text_test_OBJECTS) $(atf_c___detail_text_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/text_test$(EXEEXT): $(atf_c___detail_text_test_OBJECTS) $(atf_c___detail_text_test_DEPENDENCIES) $(EXTRA_atf_c___detail_text_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/text_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_text_test_OBJECTS) $(atf_c___detail_text_test_LDADD) $(LIBS)
atf-c++/detail/ui_test.$(OBJEXT): atf-c++/detail/$(am__dirstamp) \
atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c++/detail/ui_test$(EXEEXT): $(atf_c___detail_ui_test_OBJECTS) $(atf_c___detail_ui_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
+atf-c++/detail/ui_test$(EXEEXT): $(atf_c___detail_ui_test_OBJECTS) $(atf_c___detail_ui_test_DEPENDENCIES) $(EXTRA_atf_c___detail_ui_test_DEPENDENCIES) atf-c++/detail/$(am__dirstamp)
@rm -f atf-c++/detail/ui_test$(EXEEXT)
$(CXXLINK) $(atf_c___detail_ui_test_OBJECTS) $(atf_c___detail_ui_test_LDADD) $(LIBS)
atf-c++/macros_test.$(OBJEXT): atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
-atf-c++/macros_test$(EXEEXT): $(atf_c___macros_test_OBJECTS) $(atf_c___macros_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
+atf-c++/macros_test$(EXEEXT): $(atf_c___macros_test_OBJECTS) $(atf_c___macros_test_DEPENDENCIES) $(EXTRA_atf_c___macros_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
@rm -f atf-c++/macros_test$(EXEEXT)
$(CXXLINK) $(atf_c___macros_test_OBJECTS) $(atf_c___macros_test_LDADD) $(LIBS)
atf-c++/tests_test.$(OBJEXT): atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
-atf-c++/tests_test$(EXEEXT): $(atf_c___tests_test_OBJECTS) $(atf_c___tests_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
+atf-c++/tests_test$(EXEEXT): $(atf_c___tests_test_OBJECTS) $(atf_c___tests_test_DEPENDENCIES) $(EXTRA_atf_c___tests_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
@rm -f atf-c++/tests_test$(EXEEXT)
$(CXXLINK) $(atf_c___tests_test_OBJECTS) $(atf_c___tests_test_LDADD) $(LIBS)
atf-c++/utils_test.$(OBJEXT): atf-c++/$(am__dirstamp) \
atf-c++/$(DEPDIR)/$(am__dirstamp)
-atf-c++/utils_test$(EXEEXT): $(atf_c___utils_test_OBJECTS) $(atf_c___utils_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
+atf-c++/utils_test$(EXEEXT): $(atf_c___utils_test_OBJECTS) $(atf_c___utils_test_DEPENDENCIES) $(EXTRA_atf_c___utils_test_DEPENDENCIES) atf-c++/$(am__dirstamp)
@rm -f atf-c++/utils_test$(EXEEXT)
$(CXXLINK) $(atf_c___utils_test_OBJECTS) $(atf_c___utils_test_LDADD) $(LIBS)
atf-c/atf_c_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/atf_c_test$(EXEEXT): $(atf_c_atf_c_test_OBJECTS) $(atf_c_atf_c_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/atf_c_test$(EXEEXT): $(atf_c_atf_c_test_OBJECTS) $(atf_c_atf_c_test_DEPENDENCIES) $(EXTRA_atf_c_atf_c_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/atf_c_test$(EXEEXT)
$(LINK) $(atf_c_atf_c_test_OBJECTS) $(atf_c_atf_c_test_LDADD) $(LIBS)
atf-c/build_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/build_test$(EXEEXT): $(atf_c_build_test_OBJECTS) $(atf_c_build_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/build_test$(EXEEXT): $(atf_c_build_test_OBJECTS) $(atf_c_build_test_DEPENDENCIES) $(EXTRA_atf_c_build_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/build_test$(EXEEXT)
$(LINK) $(atf_c_build_test_OBJECTS) $(atf_c_build_test_LDADD) $(LIBS)
atf-c/check_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/check_test$(EXEEXT): $(atf_c_check_test_OBJECTS) $(atf_c_check_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/check_test$(EXEEXT): $(atf_c_check_test_OBJECTS) $(atf_c_check_test_DEPENDENCIES) $(EXTRA_atf_c_check_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/check_test$(EXEEXT)
$(LINK) $(atf_c_check_test_OBJECTS) $(atf_c_check_test_LDADD) $(LIBS)
atf-c/config_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/config_test$(EXEEXT): $(atf_c_config_test_OBJECTS) $(atf_c_config_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/config_test$(EXEEXT): $(atf_c_config_test_OBJECTS) $(atf_c_config_test_DEPENDENCIES) $(EXTRA_atf_c_config_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/config_test$(EXEEXT)
$(LINK) $(atf_c_config_test_OBJECTS) $(atf_c_config_test_LDADD) $(LIBS)
atf-c/detail/dynstr_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/dynstr_test$(EXEEXT): $(atf_c_detail_dynstr_test_OBJECTS) $(atf_c_detail_dynstr_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/dynstr_test$(EXEEXT): $(atf_c_detail_dynstr_test_OBJECTS) $(atf_c_detail_dynstr_test_DEPENDENCIES) $(EXTRA_atf_c_detail_dynstr_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/dynstr_test$(EXEEXT)
$(LINK) $(atf_c_detail_dynstr_test_OBJECTS) $(atf_c_detail_dynstr_test_LDADD) $(LIBS)
atf-c/detail/env_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/env_test$(EXEEXT): $(atf_c_detail_env_test_OBJECTS) $(atf_c_detail_env_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/env_test$(EXEEXT): $(atf_c_detail_env_test_OBJECTS) $(atf_c_detail_env_test_DEPENDENCIES) $(EXTRA_atf_c_detail_env_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/env_test$(EXEEXT)
$(LINK) $(atf_c_detail_env_test_OBJECTS) $(atf_c_detail_env_test_LDADD) $(LIBS)
atf-c/detail/fs_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/fs_test$(EXEEXT): $(atf_c_detail_fs_test_OBJECTS) $(atf_c_detail_fs_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/fs_test$(EXEEXT): $(atf_c_detail_fs_test_OBJECTS) $(atf_c_detail_fs_test_DEPENDENCIES) $(EXTRA_atf_c_detail_fs_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/fs_test$(EXEEXT)
$(LINK) $(atf_c_detail_fs_test_OBJECTS) $(atf_c_detail_fs_test_LDADD) $(LIBS)
atf-c/detail/list_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/list_test$(EXEEXT): $(atf_c_detail_list_test_OBJECTS) $(atf_c_detail_list_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/list_test$(EXEEXT): $(atf_c_detail_list_test_OBJECTS) $(atf_c_detail_list_test_DEPENDENCIES) $(EXTRA_atf_c_detail_list_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/list_test$(EXEEXT)
$(LINK) $(atf_c_detail_list_test_OBJECTS) $(atf_c_detail_list_test_LDADD) $(LIBS)
atf-c/detail/map_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/map_test$(EXEEXT): $(atf_c_detail_map_test_OBJECTS) $(atf_c_detail_map_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/map_test$(EXEEXT): $(atf_c_detail_map_test_OBJECTS) $(atf_c_detail_map_test_DEPENDENCIES) $(EXTRA_atf_c_detail_map_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/map_test$(EXEEXT)
$(LINK) $(atf_c_detail_map_test_OBJECTS) $(atf_c_detail_map_test_LDADD) $(LIBS)
atf-c/detail/process_helpers.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/process_helpers$(EXEEXT): $(atf_c_detail_process_helpers_OBJECTS) $(atf_c_detail_process_helpers_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/process_helpers$(EXEEXT): $(atf_c_detail_process_helpers_OBJECTS) $(atf_c_detail_process_helpers_DEPENDENCIES) $(EXTRA_atf_c_detail_process_helpers_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/process_helpers$(EXEEXT)
$(LINK) $(atf_c_detail_process_helpers_OBJECTS) $(atf_c_detail_process_helpers_LDADD) $(LIBS)
atf-c/detail/process_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/process_test$(EXEEXT): $(atf_c_detail_process_test_OBJECTS) $(atf_c_detail_process_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/process_test$(EXEEXT): $(atf_c_detail_process_test_OBJECTS) $(atf_c_detail_process_test_DEPENDENCIES) $(EXTRA_atf_c_detail_process_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/process_test$(EXEEXT)
$(LINK) $(atf_c_detail_process_test_OBJECTS) $(atf_c_detail_process_test_LDADD) $(LIBS)
atf-c/detail/sanity_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/sanity_test$(EXEEXT): $(atf_c_detail_sanity_test_OBJECTS) $(atf_c_detail_sanity_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/sanity_test$(EXEEXT): $(atf_c_detail_sanity_test_OBJECTS) $(atf_c_detail_sanity_test_DEPENDENCIES) $(EXTRA_atf_c_detail_sanity_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/sanity_test$(EXEEXT)
$(LINK) $(atf_c_detail_sanity_test_OBJECTS) $(atf_c_detail_sanity_test_LDADD) $(LIBS)
-atf-c/detail/test_helpers_test.$(OBJEXT): \
- atf-c/detail/$(am__dirstamp) \
- atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/test_helpers_test$(EXEEXT): $(atf_c_detail_test_helpers_test_OBJECTS) $(atf_c_detail_test_helpers_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
- @rm -f atf-c/detail/test_helpers_test$(EXEEXT)
- $(LINK) $(atf_c_detail_test_helpers_test_OBJECTS) $(atf_c_detail_test_helpers_test_LDADD) $(LIBS)
atf-c/detail/text_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/text_test$(EXEEXT): $(atf_c_detail_text_test_OBJECTS) $(atf_c_detail_text_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/text_test$(EXEEXT): $(atf_c_detail_text_test_OBJECTS) $(atf_c_detail_text_test_DEPENDENCIES) $(EXTRA_atf_c_detail_text_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/text_test$(EXEEXT)
$(LINK) $(atf_c_detail_text_test_OBJECTS) $(atf_c_detail_text_test_LDADD) $(LIBS)
atf-c/detail/user_test.$(OBJEXT): atf-c/detail/$(am__dirstamp) \
atf-c/detail/$(DEPDIR)/$(am__dirstamp)
-atf-c/detail/user_test$(EXEEXT): $(atf_c_detail_user_test_OBJECTS) $(atf_c_detail_user_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
+atf-c/detail/user_test$(EXEEXT): $(atf_c_detail_user_test_OBJECTS) $(atf_c_detail_user_test_DEPENDENCIES) $(EXTRA_atf_c_detail_user_test_DEPENDENCIES) atf-c/detail/$(am__dirstamp)
@rm -f atf-c/detail/user_test$(EXEEXT)
$(LINK) $(atf_c_detail_user_test_OBJECTS) $(atf_c_detail_user_test_LDADD) $(LIBS)
atf-c/error_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/error_test$(EXEEXT): $(atf_c_error_test_OBJECTS) $(atf_c_error_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/error_test$(EXEEXT): $(atf_c_error_test_OBJECTS) $(atf_c_error_test_DEPENDENCIES) $(EXTRA_atf_c_error_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/error_test$(EXEEXT)
$(LINK) $(atf_c_error_test_OBJECTS) $(atf_c_error_test_LDADD) $(LIBS)
atf-c/macros_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/macros_test$(EXEEXT): $(atf_c_macros_test_OBJECTS) $(atf_c_macros_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/macros_test$(EXEEXT): $(atf_c_macros_test_OBJECTS) $(atf_c_macros_test_DEPENDENCIES) $(EXTRA_atf_c_macros_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/macros_test$(EXEEXT)
$(LINK) $(atf_c_macros_test_OBJECTS) $(atf_c_macros_test_LDADD) $(LIBS)
atf-c/tc_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/tc_test$(EXEEXT): $(atf_c_tc_test_OBJECTS) $(atf_c_tc_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/tc_test$(EXEEXT): $(atf_c_tc_test_OBJECTS) $(atf_c_tc_test_DEPENDENCIES) $(EXTRA_atf_c_tc_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/tc_test$(EXEEXT)
$(LINK) $(atf_c_tc_test_OBJECTS) $(atf_c_tc_test_LDADD) $(LIBS)
atf-c/tp_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/tp_test$(EXEEXT): $(atf_c_tp_test_OBJECTS) $(atf_c_tp_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/tp_test$(EXEEXT): $(atf_c_tp_test_OBJECTS) $(atf_c_tp_test_DEPENDENCIES) $(EXTRA_atf_c_tp_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/tp_test$(EXEEXT)
$(LINK) $(atf_c_tp_test_OBJECTS) $(atf_c_tp_test_LDADD) $(LIBS)
atf-c/utils_test.$(OBJEXT): atf-c/$(am__dirstamp) \
atf-c/$(DEPDIR)/$(am__dirstamp)
-atf-c/utils_test$(EXEEXT): $(atf_c_utils_test_OBJECTS) $(atf_c_utils_test_DEPENDENCIES) atf-c/$(am__dirstamp)
+atf-c/utils_test$(EXEEXT): $(atf_c_utils_test_OBJECTS) $(atf_c_utils_test_DEPENDENCIES) $(EXTRA_atf_c_utils_test_DEPENDENCIES) atf-c/$(am__dirstamp)
@rm -f atf-c/utils_test$(EXEEXT)
$(LINK) $(atf_c_utils_test_OBJECTS) $(atf_c_utils_test_LDADD) $(LIBS)
atf-config/$(am__dirstamp):
@@ -2323,7 +2670,7 @@
@: > atf-config/$(DEPDIR)/$(am__dirstamp)
atf-config/atf-config.$(OBJEXT): atf-config/$(am__dirstamp) \
atf-config/$(DEPDIR)/$(am__dirstamp)
-atf-config/atf-config$(EXEEXT): $(atf_config_atf_config_OBJECTS) $(atf_config_atf_config_DEPENDENCIES) atf-config/$(am__dirstamp)
+atf-config/atf-config$(EXEEXT): $(atf_config_atf_config_OBJECTS) $(atf_config_atf_config_DEPENDENCIES) $(EXTRA_atf_config_atf_config_DEPENDENCIES) atf-config/$(am__dirstamp)
@rm -f atf-config/atf-config$(EXEEXT)
$(CXXLINK) $(atf_config_atf_config_OBJECTS) $(atf_config_atf_config_LDADD) $(LIBS)
atf-report/$(am__dirstamp):
@@ -2336,22 +2683,22 @@
atf-report/$(DEPDIR)/$(am__dirstamp)
atf-report/reader.$(OBJEXT): atf-report/$(am__dirstamp) \
atf-report/$(DEPDIR)/$(am__dirstamp)
-atf-report/atf-report$(EXEEXT): $(atf_report_atf_report_OBJECTS) $(atf_report_atf_report_DEPENDENCIES) atf-report/$(am__dirstamp)
+atf-report/atf-report$(EXEEXT): $(atf_report_atf_report_OBJECTS) $(atf_report_atf_report_DEPENDENCIES) $(EXTRA_atf_report_atf_report_DEPENDENCIES) atf-report/$(am__dirstamp)
@rm -f atf-report/atf-report$(EXEEXT)
$(CXXLINK) $(atf_report_atf_report_OBJECTS) $(atf_report_atf_report_LDADD) $(LIBS)
atf-report/fail_helper.$(OBJEXT): atf-report/$(am__dirstamp) \
atf-report/$(DEPDIR)/$(am__dirstamp)
-atf-report/fail_helper$(EXEEXT): $(atf_report_fail_helper_OBJECTS) $(atf_report_fail_helper_DEPENDENCIES) atf-report/$(am__dirstamp)
+atf-report/fail_helper$(EXEEXT): $(atf_report_fail_helper_OBJECTS) $(atf_report_fail_helper_DEPENDENCIES) $(EXTRA_atf_report_fail_helper_DEPENDENCIES) atf-report/$(am__dirstamp)
@rm -f atf-report/fail_helper$(EXEEXT)
$(CXXLINK) $(atf_report_fail_helper_OBJECTS) $(atf_report_fail_helper_LDADD) $(LIBS)
atf-report/misc_helpers.$(OBJEXT): atf-report/$(am__dirstamp) \
atf-report/$(DEPDIR)/$(am__dirstamp)
-atf-report/misc_helpers$(EXEEXT): $(atf_report_misc_helpers_OBJECTS) $(atf_report_misc_helpers_DEPENDENCIES) atf-report/$(am__dirstamp)
+atf-report/misc_helpers$(EXEEXT): $(atf_report_misc_helpers_OBJECTS) $(atf_report_misc_helpers_DEPENDENCIES) $(EXTRA_atf_report_misc_helpers_DEPENDENCIES) atf-report/$(am__dirstamp)
@rm -f atf-report/misc_helpers$(EXEEXT)
$(CXXLINK) $(atf_report_misc_helpers_OBJECTS) $(atf_report_misc_helpers_LDADD) $(LIBS)
atf-report/pass_helper.$(OBJEXT): atf-report/$(am__dirstamp) \
atf-report/$(DEPDIR)/$(am__dirstamp)
-atf-report/pass_helper$(EXEEXT): $(atf_report_pass_helper_OBJECTS) $(atf_report_pass_helper_DEPENDENCIES) atf-report/$(am__dirstamp)
+atf-report/pass_helper$(EXEEXT): $(atf_report_pass_helper_OBJECTS) $(atf_report_pass_helper_DEPENDENCIES) $(EXTRA_atf_report_pass_helper_DEPENDENCIES) atf-report/$(am__dirstamp)
@rm -f atf-report/pass_helper$(EXEEXT)
$(CXXLINK) $(atf_report_pass_helper_OBJECTS) $(atf_report_pass_helper_LDADD) $(LIBS)
atf-report/atf_report_reader_test-reader_test.$(OBJEXT): \
@@ -2360,7 +2707,7 @@
atf-report/atf_report_reader_test-reader.$(OBJEXT): \
atf-report/$(am__dirstamp) \
atf-report/$(DEPDIR)/$(am__dirstamp)
-atf-report/reader_test$(EXEEXT): $(atf_report_reader_test_OBJECTS) $(atf_report_reader_test_DEPENDENCIES) atf-report/$(am__dirstamp)
+atf-report/reader_test$(EXEEXT): $(atf_report_reader_test_OBJECTS) $(atf_report_reader_test_DEPENDENCIES) $(EXTRA_atf_report_reader_test_DEPENDENCIES) atf-report/$(am__dirstamp)
@rm -f atf-report/reader_test$(EXEEXT)
$(CXXLINK) $(atf_report_reader_test_OBJECTS) $(atf_report_reader_test_LDADD) $(LIBS)
atf-run/$(am__dirstamp):
@@ -2369,27 +2716,27 @@
atf-run/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) atf-run/$(DEPDIR)
@: > atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/atf-run.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-atf-run.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/atffile.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-atffile.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/config.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-config.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/fs.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-fs.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/io.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-io.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/requirements.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-requirements.$(OBJEXT): \
+ atf-run/$(am__dirstamp) atf-run/$(DEPDIR)/$(am__dirstamp)
+atf-run/atf_run_atf_run-signals.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/signals.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-test-program.$(OBJEXT): \
+ atf-run/$(am__dirstamp) atf-run/$(DEPDIR)/$(am__dirstamp)
+atf-run/atf_run_atf_run-timer.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/test-program.$(OBJEXT): atf-run/$(am__dirstamp) \
+atf-run/atf_run_atf_run-user.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/timer.$(OBJEXT): atf-run/$(am__dirstamp) \
- atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/user.$(OBJEXT): atf-run/$(am__dirstamp) \
- atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/atf-run$(EXEEXT): $(atf_run_atf_run_OBJECTS) $(atf_run_atf_run_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/atf-run$(EXEEXT): $(atf_run_atf_run_OBJECTS) $(atf_run_atf_run_DEPENDENCIES) $(EXTRA_atf_run_atf_run_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/atf-run$(EXEEXT)
$(CXXLINK) $(atf_run_atf_run_OBJECTS) $(atf_run_atf_run_LDADD) $(LIBS)
atf-run/atf_run_atffile_test-atffile_test.$(OBJEXT): \
@@ -2396,12 +2743,12 @@
atf-run/$(am__dirstamp) atf-run/$(DEPDIR)/$(am__dirstamp)
atf-run/atf_run_atffile_test-atffile.$(OBJEXT): \
atf-run/$(am__dirstamp) atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/atffile_test$(EXEEXT): $(atf_run_atffile_test_OBJECTS) $(atf_run_atffile_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/atffile_test$(EXEEXT): $(atf_run_atffile_test_OBJECTS) $(atf_run_atffile_test_DEPENDENCIES) $(EXTRA_atf_run_atffile_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/atffile_test$(EXEEXT)
$(CXXLINK) $(atf_run_atffile_test_OBJECTS) $(atf_run_atffile_test_LDADD) $(LIBS)
atf-run/bad_metadata_helper.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/bad_metadata_helper$(EXEEXT): $(atf_run_bad_metadata_helper_OBJECTS) $(atf_run_bad_metadata_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/bad_metadata_helper$(EXEEXT): $(atf_run_bad_metadata_helper_OBJECTS) $(atf_run_bad_metadata_helper_DEPENDENCIES) $(EXTRA_atf_run_bad_metadata_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/bad_metadata_helper$(EXEEXT)
$(LINK) $(atf_run_bad_metadata_helper_OBJECTS) $(atf_run_bad_metadata_helper_LDADD) $(LIBS)
atf-run/atf_run_config_test-config_test.$(OBJEXT): \
@@ -2408,47 +2755,57 @@
atf-run/$(am__dirstamp) atf-run/$(DEPDIR)/$(am__dirstamp)
atf-run/atf_run_config_test-config.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/config_test$(EXEEXT): $(atf_run_config_test_OBJECTS) $(atf_run_config_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/config_test$(EXEEXT): $(atf_run_config_test_OBJECTS) $(atf_run_config_test_DEPENDENCIES) $(EXTRA_atf_run_config_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/config_test$(EXEEXT)
$(CXXLINK) $(atf_run_config_test_OBJECTS) $(atf_run_config_test_LDADD) $(LIBS)
atf-run/expect_helpers.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/expect_helpers$(EXEEXT): $(atf_run_expect_helpers_OBJECTS) $(atf_run_expect_helpers_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/expect_helpers$(EXEEXT): $(atf_run_expect_helpers_OBJECTS) $(atf_run_expect_helpers_DEPENDENCIES) $(EXTRA_atf_run_expect_helpers_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/expect_helpers$(EXEEXT)
$(LINK) $(atf_run_expect_helpers_OBJECTS) $(atf_run_expect_helpers_LDADD) $(LIBS)
atf-run/fs_test.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/fs_test$(EXEEXT): $(atf_run_fs_test_OBJECTS) $(atf_run_fs_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/fs.$(OBJEXT): atf-run/$(am__dirstamp) \
+ atf-run/$(DEPDIR)/$(am__dirstamp)
+atf-run/user.$(OBJEXT): atf-run/$(am__dirstamp) \
+ atf-run/$(DEPDIR)/$(am__dirstamp)
+atf-run/fs_test$(EXEEXT): $(atf_run_fs_test_OBJECTS) $(atf_run_fs_test_DEPENDENCIES) $(EXTRA_atf_run_fs_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/fs_test$(EXEEXT)
$(CXXLINK) $(atf_run_fs_test_OBJECTS) $(atf_run_fs_test_LDADD) $(LIBS)
atf-run/io_test.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/io_test$(EXEEXT): $(atf_run_io_test_OBJECTS) $(atf_run_io_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/io.$(OBJEXT): atf-run/$(am__dirstamp) \
+ atf-run/$(DEPDIR)/$(am__dirstamp)
+atf-run/signals.$(OBJEXT): atf-run/$(am__dirstamp) \
+ atf-run/$(DEPDIR)/$(am__dirstamp)
+atf-run/io_test$(EXEEXT): $(atf_run_io_test_OBJECTS) $(atf_run_io_test_DEPENDENCIES) $(EXTRA_atf_run_io_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/io_test$(EXEEXT)
$(CXXLINK) $(atf_run_io_test_OBJECTS) $(atf_run_io_test_LDADD) $(LIBS)
atf-run/misc_helpers.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/misc_helpers$(EXEEXT): $(atf_run_misc_helpers_OBJECTS) $(atf_run_misc_helpers_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/misc_helpers$(EXEEXT): $(atf_run_misc_helpers_OBJECTS) $(atf_run_misc_helpers_DEPENDENCIES) $(EXTRA_atf_run_misc_helpers_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/misc_helpers$(EXEEXT)
$(CXXLINK) $(atf_run_misc_helpers_OBJECTS) $(atf_run_misc_helpers_LDADD) $(LIBS)
atf-run/pass_helper.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/pass_helper$(EXEEXT): $(atf_run_pass_helper_OBJECTS) $(atf_run_pass_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/pass_helper$(EXEEXT): $(atf_run_pass_helper_OBJECTS) $(atf_run_pass_helper_DEPENDENCIES) $(EXTRA_atf_run_pass_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/pass_helper$(EXEEXT)
$(CXXLINK) $(atf_run_pass_helper_OBJECTS) $(atf_run_pass_helper_LDADD) $(LIBS)
atf-run/requirements_test.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/requirements_test$(EXEEXT): $(atf_run_requirements_test_OBJECTS) $(atf_run_requirements_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/requirements.$(OBJEXT): atf-run/$(am__dirstamp) \
+ atf-run/$(DEPDIR)/$(am__dirstamp)
+atf-run/requirements_test$(EXEEXT): $(atf_run_requirements_test_OBJECTS) $(atf_run_requirements_test_DEPENDENCIES) $(EXTRA_atf_run_requirements_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/requirements_test$(EXEEXT)
$(CXXLINK) $(atf_run_requirements_test_OBJECTS) $(atf_run_requirements_test_LDADD) $(LIBS)
atf-run/several_tcs_helper.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/several_tcs_helper$(EXEEXT): $(atf_run_several_tcs_helper_OBJECTS) $(atf_run_several_tcs_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/several_tcs_helper$(EXEEXT): $(atf_run_several_tcs_helper_OBJECTS) $(atf_run_several_tcs_helper_DEPENDENCIES) $(EXTRA_atf_run_several_tcs_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/several_tcs_helper$(EXEEXT)
$(LINK) $(atf_run_several_tcs_helper_OBJECTS) $(atf_run_several_tcs_helper_LDADD) $(LIBS)
atf-run/signals_test.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/signals_test$(EXEEXT): $(atf_run_signals_test_OBJECTS) $(atf_run_signals_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/signals_test$(EXEEXT): $(atf_run_signals_test_OBJECTS) $(atf_run_signals_test_DEPENDENCIES) $(EXTRA_atf_run_signals_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/signals_test$(EXEEXT)
$(CXXLINK) $(atf_run_signals_test_OBJECTS) $(atf_run_signals_test_LDADD) $(LIBS)
atf-run/atf_run_test_program_test-test_program_test.$(OBJEXT): \
@@ -2467,17 +2824,17 @@
atf-run/$(am__dirstamp) atf-run/$(DEPDIR)/$(am__dirstamp)
atf-run/atf_run_test_program_test-user.$(OBJEXT): \
atf-run/$(am__dirstamp) atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/test_program_test$(EXEEXT): $(atf_run_test_program_test_OBJECTS) $(atf_run_test_program_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/test_program_test$(EXEEXT): $(atf_run_test_program_test_OBJECTS) $(atf_run_test_program_test_DEPENDENCIES) $(EXTRA_atf_run_test_program_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/test_program_test$(EXEEXT)
$(CXXLINK) $(atf_run_test_program_test_OBJECTS) $(atf_run_test_program_test_LDADD) $(LIBS)
atf-run/user_test.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/user_test$(EXEEXT): $(atf_run_user_test_OBJECTS) $(atf_run_user_test_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/user_test$(EXEEXT): $(atf_run_user_test_OBJECTS) $(atf_run_user_test_DEPENDENCIES) $(EXTRA_atf_run_user_test_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/user_test$(EXEEXT)
$(CXXLINK) $(atf_run_user_test_OBJECTS) $(atf_run_user_test_LDADD) $(LIBS)
atf-run/zero_tcs_helper.$(OBJEXT): atf-run/$(am__dirstamp) \
atf-run/$(DEPDIR)/$(am__dirstamp)
-atf-run/zero_tcs_helper$(EXEEXT): $(atf_run_zero_tcs_helper_OBJECTS) $(atf_run_zero_tcs_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
+atf-run/zero_tcs_helper$(EXEEXT): $(atf_run_zero_tcs_helper_OBJECTS) $(atf_run_zero_tcs_helper_DEPENDENCIES) $(EXTRA_atf_run_zero_tcs_helper_DEPENDENCIES) atf-run/$(am__dirstamp)
@rm -f atf-run/zero_tcs_helper$(EXEEXT)
$(LINK) $(atf_run_zero_tcs_helper_OBJECTS) $(atf_run_zero_tcs_helper_LDADD) $(LIBS)
atf-sh/$(am__dirstamp):
@@ -2488,12 +2845,12 @@
@: > atf-sh/$(DEPDIR)/$(am__dirstamp)
atf-sh/atf-check.$(OBJEXT): atf-sh/$(am__dirstamp) \
atf-sh/$(DEPDIR)/$(am__dirstamp)
-atf-sh/atf-check$(EXEEXT): $(atf_sh_atf_check_OBJECTS) $(atf_sh_atf_check_DEPENDENCIES) atf-sh/$(am__dirstamp)
+atf-sh/atf-check$(EXEEXT): $(atf_sh_atf_check_OBJECTS) $(atf_sh_atf_check_DEPENDENCIES) $(EXTRA_atf_sh_atf_check_DEPENDENCIES) atf-sh/$(am__dirstamp)
@rm -f atf-sh/atf-check$(EXEEXT)
$(CXXLINK) $(atf_sh_atf_check_OBJECTS) $(atf_sh_atf_check_LDADD) $(LIBS)
atf-sh/atf-sh.$(OBJEXT): atf-sh/$(am__dirstamp) \
atf-sh/$(DEPDIR)/$(am__dirstamp)
-atf-sh/atf-sh$(EXEEXT): $(atf_sh_atf_sh_OBJECTS) $(atf_sh_atf_sh_DEPENDENCIES) atf-sh/$(am__dirstamp)
+atf-sh/atf-sh$(EXEEXT): $(atf_sh_atf_sh_OBJECTS) $(atf_sh_atf_sh_DEPENDENCIES) $(EXTRA_atf_sh_atf_sh_DEPENDENCIES) atf-sh/$(am__dirstamp)
@rm -f atf-sh/atf-sh$(EXEEXT)
$(CXXLINK) $(atf_sh_atf_sh_OBJECTS) $(atf_sh_atf_sh_LDADD) $(LIBS)
atf-version/$(am__dirstamp):
@@ -2505,7 +2862,7 @@
atf-version/atf_version_atf_version-atf-version.$(OBJEXT): \
atf-version/$(am__dirstamp) \
atf-version/$(DEPDIR)/$(am__dirstamp)
-atf-version/atf-version$(EXEEXT): $(atf_version_atf_version_OBJECTS) $(atf_version_atf_version_DEPENDENCIES) atf-version/$(am__dirstamp)
+atf-version/atf-version$(EXEEXT): $(atf_version_atf_version_OBJECTS) $(atf_version_atf_version_DEPENDENCIES) $(EXTRA_atf_version_atf_version_DEPENDENCIES) atf-version/$(am__dirstamp)
@rm -f atf-version/atf-version$(EXEEXT)
$(CXXLINK) $(atf_version_atf_version_OBJECTS) $(atf_version_atf_version_LDADD) $(LIBS)
bootstrap/$(am__dirstamp):
@@ -2516,22 +2873,22 @@
@: > bootstrap/$(DEPDIR)/$(am__dirstamp)
bootstrap/h_app_empty.$(OBJEXT): bootstrap/$(am__dirstamp) \
bootstrap/$(DEPDIR)/$(am__dirstamp)
-bootstrap/h_app_empty$(EXEEXT): $(bootstrap_h_app_empty_OBJECTS) $(bootstrap_h_app_empty_DEPENDENCIES) bootstrap/$(am__dirstamp)
+bootstrap/h_app_empty$(EXEEXT): $(bootstrap_h_app_empty_OBJECTS) $(bootstrap_h_app_empty_DEPENDENCIES) $(EXTRA_bootstrap_h_app_empty_DEPENDENCIES) bootstrap/$(am__dirstamp)
@rm -f bootstrap/h_app_empty$(EXEEXT)
$(CXXLINK) $(bootstrap_h_app_empty_OBJECTS) $(bootstrap_h_app_empty_LDADD) $(LIBS)
bootstrap/h_app_opts_args.$(OBJEXT): bootstrap/$(am__dirstamp) \
bootstrap/$(DEPDIR)/$(am__dirstamp)
-bootstrap/h_app_opts_args$(EXEEXT): $(bootstrap_h_app_opts_args_OBJECTS) $(bootstrap_h_app_opts_args_DEPENDENCIES) bootstrap/$(am__dirstamp)
+bootstrap/h_app_opts_args$(EXEEXT): $(bootstrap_h_app_opts_args_OBJECTS) $(bootstrap_h_app_opts_args_DEPENDENCIES) $(EXTRA_bootstrap_h_app_opts_args_DEPENDENCIES) bootstrap/$(am__dirstamp)
@rm -f bootstrap/h_app_opts_args$(EXEEXT)
$(CXXLINK) $(bootstrap_h_app_opts_args_OBJECTS) $(bootstrap_h_app_opts_args_LDADD) $(LIBS)
bootstrap/h_tp_basic_c.$(OBJEXT): bootstrap/$(am__dirstamp) \
bootstrap/$(DEPDIR)/$(am__dirstamp)
-bootstrap/h_tp_basic_c$(EXEEXT): $(bootstrap_h_tp_basic_c_OBJECTS) $(bootstrap_h_tp_basic_c_DEPENDENCIES) bootstrap/$(am__dirstamp)
+bootstrap/h_tp_basic_c$(EXEEXT): $(bootstrap_h_tp_basic_c_OBJECTS) $(bootstrap_h_tp_basic_c_DEPENDENCIES) $(EXTRA_bootstrap_h_tp_basic_c_DEPENDENCIES) bootstrap/$(am__dirstamp)
@rm -f bootstrap/h_tp_basic_c$(EXEEXT)
$(LINK) $(bootstrap_h_tp_basic_c_OBJECTS) $(bootstrap_h_tp_basic_c_LDADD) $(LIBS)
bootstrap/h_tp_basic_cpp.$(OBJEXT): bootstrap/$(am__dirstamp) \
bootstrap/$(DEPDIR)/$(am__dirstamp)
-bootstrap/h_tp_basic_cpp$(EXEEXT): $(bootstrap_h_tp_basic_cpp_OBJECTS) $(bootstrap_h_tp_basic_cpp_DEPENDENCIES) bootstrap/$(am__dirstamp)
+bootstrap/h_tp_basic_cpp$(EXEEXT): $(bootstrap_h_tp_basic_cpp_OBJECTS) $(bootstrap_h_tp_basic_cpp_DEPENDENCIES) $(EXTRA_bootstrap_h_tp_basic_cpp_DEPENDENCIES) bootstrap/$(am__dirstamp)
@rm -f bootstrap/h_tp_basic_cpp$(EXEEXT)
$(CXXLINK) $(bootstrap_h_tp_basic_cpp_OBJECTS) $(bootstrap_h_tp_basic_cpp_LDADD) $(LIBS)
test-programs/$(am__dirstamp):
@@ -2542,301 +2899,277 @@
@: > test-programs/$(DEPDIR)/$(am__dirstamp)
test-programs/c_helpers.$(OBJEXT): test-programs/$(am__dirstamp) \
test-programs/$(DEPDIR)/$(am__dirstamp)
-test-programs/c_helpers$(EXEEXT): $(test_programs_c_helpers_OBJECTS) $(test_programs_c_helpers_DEPENDENCIES) test-programs/$(am__dirstamp)
+test-programs/c_helpers$(EXEEXT): $(test_programs_c_helpers_OBJECTS) $(test_programs_c_helpers_DEPENDENCIES) $(EXTRA_test_programs_c_helpers_DEPENDENCIES) test-programs/$(am__dirstamp)
@rm -f test-programs/c_helpers$(EXEEXT)
$(LINK) $(test_programs_c_helpers_OBJECTS) $(test_programs_c_helpers_LDADD) $(LIBS)
test-programs/cpp_helpers.$(OBJEXT): test-programs/$(am__dirstamp) \
test-programs/$(DEPDIR)/$(am__dirstamp)
-test-programs/cpp_helpers$(EXEEXT): $(test_programs_cpp_helpers_OBJECTS) $(test_programs_cpp_helpers_DEPENDENCIES) test-programs/$(am__dirstamp)
+test-programs/cpp_helpers$(EXEEXT): $(test_programs_cpp_helpers_OBJECTS) $(test_programs_cpp_helpers_DEPENDENCIES) $(EXTRA_test_programs_cpp_helpers_DEPENDENCIES) test-programs/$(am__dirstamp)
@rm -f test-programs/cpp_helpers$(EXEEXT)
$(CXXLINK) $(test_programs_cpp_helpers_OBJECTS) $(test_programs_cpp_helpers_LDADD) $(LIBS)
install-tests_atf_cSCRIPTS: $(tests_atf_c_SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_cdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_cdir)"
- @list='$(tests_atf_c_SCRIPTS)'; for p in $$list; do \
+ @list='$(tests_atf_c_SCRIPTS)'; test -n "$(tests_atf_cdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_cdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_cdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- if test -f $$d$$p; then \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " $(tests_atf_cSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_cdir)/$$f'"; \
- $(tests_atf_cSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_cdir)/$$f"; \
- else :; fi; \
- done
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(tests_atf_cdir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(tests_atf_cdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_cSCRIPTS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c_SCRIPTS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_cdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_cdir)/$$f"; \
- done
+ @list='$(tests_atf_c_SCRIPTS)'; test -n "$(tests_atf_cdir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(tests_atf_cdir)'; $(am__uninstall_files_from_dir)
install-tests_atf_c__SCRIPTS: $(tests_atf_c___SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_c__dir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_c__dir)"
- @list='$(tests_atf_c___SCRIPTS)'; for p in $$list; do \
+ @list='$(tests_atf_c___SCRIPTS)'; test -n "$(tests_atf_c__dir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_c__dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_c__dir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- if test -f $$d$$p; then \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " $(tests_atf_c__SCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_c__dir)/$$f'"; \
- $(tests_atf_c__SCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_c__dir)/$$f"; \
- else :; fi; \
- done
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(tests_atf_c__dir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(tests_atf_c__dir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_c__SCRIPTS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c___SCRIPTS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_c__dir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_c__dir)/$$f"; \
- done
+ @list='$(tests_atf_c___SCRIPTS)'; test -n "$(tests_atf_c__dir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(tests_atf_c__dir)'; $(am__uninstall_files_from_dir)
install-tests_atf_configSCRIPTS: $(tests_atf_config_SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_configdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_configdir)"
- @list='$(tests_atf_config_SCRIPTS)'; for p in $$list; do \
+ @list='$(tests_atf_config_SCRIPTS)'; test -n "$(tests_atf_configdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_configdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_configdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- if test -f $$d$$p; then \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " $(tests_atf_configSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_configdir)/$$f'"; \
- $(tests_atf_configSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_configdir)/$$f"; \
- else :; fi; \
- done
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(tests_atf_configdir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(tests_atf_configdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_configSCRIPTS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_config_SCRIPTS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_configdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_configdir)/$$f"; \
- done
+ @list='$(tests_atf_config_SCRIPTS)'; test -n "$(tests_atf_configdir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(tests_atf_configdir)'; $(am__uninstall_files_from_dir)
install-tests_atf_reportSCRIPTS: $(tests_atf_report_SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_reportdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_reportdir)"
- @list='$(tests_atf_report_SCRIPTS)'; for p in $$list; do \
+ @list='$(tests_atf_report_SCRIPTS)'; test -n "$(tests_atf_reportdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_reportdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_reportdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- if test -f $$d$$p; then \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " $(tests_atf_reportSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_reportdir)/$$f'"; \
- $(tests_atf_reportSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_reportdir)/$$f"; \
- else :; fi; \
- done
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(tests_atf_reportdir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(tests_atf_reportdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_reportSCRIPTS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_report_SCRIPTS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_reportdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_reportdir)/$$f"; \
- done
+ @list='$(tests_atf_report_SCRIPTS)'; test -n "$(tests_atf_reportdir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(tests_atf_reportdir)'; $(am__uninstall_files_from_dir)
install-tests_atf_runSCRIPTS: $(tests_atf_run_SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_rundir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_rundir)"
- @list='$(tests_atf_run_SCRIPTS)'; for p in $$list; do \
+ @list='$(tests_atf_run_SCRIPTS)'; test -n "$(tests_atf_rundir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_rundir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_rundir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- if test -f $$d$$p; then \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " $(tests_atf_runSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_rundir)/$$f'"; \
- $(tests_atf_runSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_rundir)/$$f"; \
- else :; fi; \
- done
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(tests_atf_rundir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(tests_atf_rundir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_runSCRIPTS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_run_SCRIPTS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_rundir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_rundir)/$$f"; \
- done
+ @list='$(tests_atf_run_SCRIPTS)'; test -n "$(tests_atf_rundir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(tests_atf_rundir)'; $(am__uninstall_files_from_dir)
install-tests_atf_shSCRIPTS: $(tests_atf_sh_SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_shdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_shdir)"
- @list='$(tests_atf_sh_SCRIPTS)'; for p in $$list; do \
+ @list='$(tests_atf_sh_SCRIPTS)'; test -n "$(tests_atf_shdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_shdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_shdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- if test -f $$d$$p; then \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " $(tests_atf_shSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_shdir)/$$f'"; \
- $(tests_atf_shSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_shdir)/$$f"; \
- else :; fi; \
- done
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(tests_atf_shdir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(tests_atf_shdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_atf_shSCRIPTS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_sh_SCRIPTS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " rm -f '$(DESTDIR)$(tests_atf_shdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_shdir)/$$f"; \
- done
+ @list='$(tests_atf_sh_SCRIPTS)'; test -n "$(tests_atf_shdir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(tests_atf_shdir)'; $(am__uninstall_files_from_dir)
install-tests_test_programsSCRIPTS: $(tests_test_programs_SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(tests_test_programsdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_test_programsdir)"
- @list='$(tests_test_programs_SCRIPTS)'; for p in $$list; do \
+ @list='$(tests_test_programs_SCRIPTS)'; test -n "$(tests_test_programsdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_test_programsdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_test_programsdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- if test -f $$d$$p; then \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " $(tests_test_programsSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_test_programsdir)/$$f'"; \
- $(tests_test_programsSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_test_programsdir)/$$f"; \
- else :; fi; \
- done
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(tests_test_programsdir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(tests_test_programsdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-tests_test_programsSCRIPTS:
@$(NORMAL_UNINSTALL)
- @list='$(tests_test_programs_SCRIPTS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
- echo " rm -f '$(DESTDIR)$(tests_test_programsdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_test_programsdir)/$$f"; \
- done
+ @list='$(tests_test_programs_SCRIPTS)'; test -n "$(tests_test_programsdir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(tests_test_programsdir)'; $(am__uninstall_files_from_dir)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
- -rm -f atf-c++/atf_c++_test.$(OBJEXT)
- -rm -f atf-c++/build.$(OBJEXT)
- -rm -f atf-c++/build.lo
- -rm -f atf-c++/build_test.$(OBJEXT)
- -rm -f atf-c++/check.$(OBJEXT)
- -rm -f atf-c++/check.lo
- -rm -f atf-c++/check_test.$(OBJEXT)
- -rm -f atf-c++/config.$(OBJEXT)
- -rm -f atf-c++/config.lo
- -rm -f atf-c++/config_test.$(OBJEXT)
- -rm -f atf-c++/detail/application.$(OBJEXT)
- -rm -f atf-c++/detail/application.lo
- -rm -f atf-c++/detail/application_test.$(OBJEXT)
- -rm -f atf-c++/detail/env.$(OBJEXT)
- -rm -f atf-c++/detail/env.lo
- -rm -f atf-c++/detail/env_test.$(OBJEXT)
- -rm -f atf-c++/detail/exceptions.$(OBJEXT)
- -rm -f atf-c++/detail/exceptions.lo
- -rm -f atf-c++/detail/exceptions_test.$(OBJEXT)
- -rm -f atf-c++/detail/expand.$(OBJEXT)
- -rm -f atf-c++/detail/expand.lo
- -rm -f atf-c++/detail/expand_test.$(OBJEXT)
- -rm -f atf-c++/detail/fs.$(OBJEXT)
- -rm -f atf-c++/detail/fs.lo
- -rm -f atf-c++/detail/fs_test.$(OBJEXT)
- -rm -f atf-c++/detail/parser.$(OBJEXT)
- -rm -f atf-c++/detail/parser.lo
- -rm -f atf-c++/detail/parser_test.$(OBJEXT)
- -rm -f atf-c++/detail/process.$(OBJEXT)
- -rm -f atf-c++/detail/process.lo
- -rm -f atf-c++/detail/process_test.$(OBJEXT)
- -rm -f atf-c++/detail/sanity_test.$(OBJEXT)
- -rm -f atf-c++/detail/test_helpers.$(OBJEXT)
- -rm -f atf-c++/detail/test_helpers.lo
- -rm -f atf-c++/detail/text.$(OBJEXT)
- -rm -f atf-c++/detail/text.lo
- -rm -f atf-c++/detail/text_test.$(OBJEXT)
- -rm -f atf-c++/detail/ui.$(OBJEXT)
- -rm -f atf-c++/detail/ui.lo
- -rm -f atf-c++/detail/ui_test.$(OBJEXT)
- -rm -f atf-c++/macros_test.$(OBJEXT)
- -rm -f atf-c++/tests.$(OBJEXT)
- -rm -f atf-c++/tests.lo
- -rm -f atf-c++/tests_test.$(OBJEXT)
- -rm -f atf-c++/utils_test.$(OBJEXT)
- -rm -f atf-c/atf_c_test.$(OBJEXT)
- -rm -f atf-c/build_test.$(OBJEXT)
- -rm -f atf-c/check_test.$(OBJEXT)
- -rm -f atf-c/config_test.$(OBJEXT)
- -rm -f atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.$(OBJEXT)
- -rm -f atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo
- -rm -f atf-c/detail/dynstr_test.$(OBJEXT)
- -rm -f atf-c/detail/env_test.$(OBJEXT)
- -rm -f atf-c/detail/fs_test.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-dynstr.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-dynstr.lo
- -rm -f atf-c/detail/libatf_c_la-env.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-env.lo
- -rm -f atf-c/detail/libatf_c_la-fs.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-fs.lo
- -rm -f atf-c/detail/libatf_c_la-list.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-list.lo
- -rm -f atf-c/detail/libatf_c_la-map.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-map.lo
- -rm -f atf-c/detail/libatf_c_la-process.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-process.lo
- -rm -f atf-c/detail/libatf_c_la-sanity.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-sanity.lo
- -rm -f atf-c/detail/libatf_c_la-text.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-text.lo
- -rm -f atf-c/detail/libatf_c_la-tp_main.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-tp_main.lo
- -rm -f atf-c/detail/libatf_c_la-user.$(OBJEXT)
- -rm -f atf-c/detail/libatf_c_la-user.lo
- -rm -f atf-c/detail/list_test.$(OBJEXT)
- -rm -f atf-c/detail/map_test.$(OBJEXT)
- -rm -f atf-c/detail/process_helpers.$(OBJEXT)
- -rm -f atf-c/detail/process_test.$(OBJEXT)
- -rm -f atf-c/detail/sanity_test.$(OBJEXT)
- -rm -f atf-c/detail/test_helpers_test.$(OBJEXT)
- -rm -f atf-c/detail/text_test.$(OBJEXT)
- -rm -f atf-c/detail/user_test.$(OBJEXT)
- -rm -f atf-c/error_test.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-build.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-build.lo
- -rm -f atf-c/libatf_c_la-check.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-check.lo
- -rm -f atf-c/libatf_c_la-config.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-config.lo
- -rm -f atf-c/libatf_c_la-error.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-error.lo
- -rm -f atf-c/libatf_c_la-tc.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-tc.lo
- -rm -f atf-c/libatf_c_la-tp.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-tp.lo
- -rm -f atf-c/libatf_c_la-utils.$(OBJEXT)
- -rm -f atf-c/libatf_c_la-utils.lo
- -rm -f atf-c/macros_test.$(OBJEXT)
- -rm -f atf-c/tc_test.$(OBJEXT)
- -rm -f atf-c/tp_test.$(OBJEXT)
- -rm -f atf-c/utils_test.$(OBJEXT)
- -rm -f atf-config/atf-config.$(OBJEXT)
- -rm -f atf-report/atf-report.$(OBJEXT)
- -rm -f atf-report/atf_report_reader_test-reader.$(OBJEXT)
- -rm -f atf-report/atf_report_reader_test-reader_test.$(OBJEXT)
- -rm -f atf-report/fail_helper.$(OBJEXT)
- -rm -f atf-report/misc_helpers.$(OBJEXT)
- -rm -f atf-report/pass_helper.$(OBJEXT)
- -rm -f atf-report/reader.$(OBJEXT)
- -rm -f atf-run/atf-run.$(OBJEXT)
- -rm -f atf-run/atf_run_atffile_test-atffile.$(OBJEXT)
- -rm -f atf-run/atf_run_atffile_test-atffile_test.$(OBJEXT)
- -rm -f atf-run/atf_run_config_test-config.$(OBJEXT)
- -rm -f atf-run/atf_run_config_test-config_test.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-fs.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-io.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-requirements.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-signals.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-test-program.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-test_program_test.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-timer.$(OBJEXT)
- -rm -f atf-run/atf_run_test_program_test-user.$(OBJEXT)
- -rm -f atf-run/atffile.$(OBJEXT)
- -rm -f atf-run/bad_metadata_helper.$(OBJEXT)
- -rm -f atf-run/config.$(OBJEXT)
- -rm -f atf-run/expect_helpers.$(OBJEXT)
- -rm -f atf-run/fs.$(OBJEXT)
- -rm -f atf-run/fs_test.$(OBJEXT)
- -rm -f atf-run/io.$(OBJEXT)
- -rm -f atf-run/io_test.$(OBJEXT)
- -rm -f atf-run/misc_helpers.$(OBJEXT)
- -rm -f atf-run/pass_helper.$(OBJEXT)
- -rm -f atf-run/requirements.$(OBJEXT)
- -rm -f atf-run/requirements_test.$(OBJEXT)
- -rm -f atf-run/several_tcs_helper.$(OBJEXT)
- -rm -f atf-run/signals.$(OBJEXT)
- -rm -f atf-run/signals_test.$(OBJEXT)
- -rm -f atf-run/test-program.$(OBJEXT)
- -rm -f atf-run/timer.$(OBJEXT)
- -rm -f atf-run/user.$(OBJEXT)
- -rm -f atf-run/user_test.$(OBJEXT)
- -rm -f atf-run/zero_tcs_helper.$(OBJEXT)
- -rm -f atf-sh/atf-check.$(OBJEXT)
- -rm -f atf-sh/atf-sh.$(OBJEXT)
- -rm -f atf-version/atf_version_atf_version-atf-version.$(OBJEXT)
- -rm -f bootstrap/h_app_empty.$(OBJEXT)
- -rm -f bootstrap/h_app_opts_args.$(OBJEXT)
- -rm -f bootstrap/h_tp_basic_c.$(OBJEXT)
- -rm -f bootstrap/h_tp_basic_cpp.$(OBJEXT)
- -rm -f test-programs/c_helpers.$(OBJEXT)
- -rm -f test-programs/cpp_helpers.$(OBJEXT)
+ -rm -f atf-c++/*.$(OBJEXT)
+ -rm -f atf-c++/*.lo
+ -rm -f atf-c++/detail/*.$(OBJEXT)
+ -rm -f atf-c++/detail/*.lo
+ -rm -f atf-c/*.$(OBJEXT)
+ -rm -f atf-c/*.lo
+ -rm -f atf-c/detail/*.$(OBJEXT)
+ -rm -f atf-c/detail/*.lo
+ -rm -f atf-config/*.$(OBJEXT)
+ -rm -f atf-report/*.$(OBJEXT)
+ -rm -f atf-run/*.$(OBJEXT)
+ -rm -f atf-sh/*.$(OBJEXT)
+ -rm -f atf-version/*.$(OBJEXT)
+ -rm -f bootstrap/*.$(OBJEXT)
+ -rm -f test-programs/*.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@@ -2851,9 +3184,11 @@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/$(DEPDIR)/macros_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/$(DEPDIR)/tests.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/$(DEPDIR)/tests_test.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-c++/$(DEPDIR)/utils.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/$(DEPDIR)/utils_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/detail/$(DEPDIR)/application.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/detail/$(DEPDIR)/application_test.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-c++/detail/$(DEPDIR)/auto_array_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/detail/$(DEPDIR)/env.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/detail/$(DEPDIR)/env_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c++/detail/$(DEPDIR)/exceptions.Plo at am__quote@
@@ -2907,7 +3242,6 @@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c/detail/$(DEPDIR)/process_helpers.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c/detail/$(DEPDIR)/process_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c/detail/$(DEPDIR)/sanity_test.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at atf-c/detail/$(DEPDIR)/test_helpers_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c/detail/$(DEPDIR)/text_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-c/detail/$(DEPDIR)/user_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-config/$(DEPDIR)/atf-config.Po at am__quote@
@@ -2918,7 +3252,16 @@
@AMDEP_TRUE@@am__include@ @am__quote at atf-report/$(DEPDIR)/misc_helpers.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-report/$(DEPDIR)/pass_helper.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-report/$(DEPDIR)/reader.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf-run.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-atf-run.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-atffile.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-config.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-fs.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-io.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-requirements.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-signals.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-test-program.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-timer.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atf_run-user.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_config_test-config.Po at am__quote@
@@ -2931,9 +3274,7 @@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atf_run_test_program_test-user.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/atffile.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/bad_metadata_helper.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/config.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/expect_helpers.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/fs.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/fs_test.Po at am__quote@
@@ -2946,8 +3287,6 @@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/several_tcs_helper.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/signals.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/signals_test.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/test-program.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/timer.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/user.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/user_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at atf-run/$(DEPDIR)/zero_tcs_helper.Po at am__quote@
@@ -2964,7 +3303,7 @@
.c.o:
@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ mv -f $$depbase.Tpo $$depbase.Po
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $<
@@ -2972,7 +3311,7 @@
.c.obj:
@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCC_TRUE@ mv -f $$depbase.Tpo $$depbase.Po
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
@@ -2980,141 +3319,141 @@
.c.lo:
@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ mv -f $$depbase.Tpo $$depbase.Plo
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo: atf-c/detail/test_helpers.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_c_detail_libtest_helpers_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/atf_c_detail_libtest_helpers_la-test_helpers.Tpo -c -o atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo `test -f 'atf-c/detail/test_helpers.c' || echo '$(srcdir)/'`atf-c/detail/test_helpers.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/atf_c_detail_libtest_helpers_la-test_helpers.Tpo atf-c/detail/$(DEPDIR)/atf_c_detail_libtest_helpers_la-test_helpers.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_c_detail_libtest_helpers_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/atf_c_detail_libtest_helpers_la-test_helpers.Tpo -c -o atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo `test -f 'atf-c/detail/test_helpers.c' || echo '$(srcdir)/'`atf-c/detail/test_helpers.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/atf_c_detail_libtest_helpers_la-test_helpers.Tpo atf-c/detail/$(DEPDIR)/atf_c_detail_libtest_helpers_la-test_helpers.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/test_helpers.c' object='atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_c_detail_libtest_helpers_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo `test -f 'atf-c/detail/test_helpers.c' || echo '$(srcdir)/'`atf-c/detail/test_helpers.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_c_detail_libtest_helpers_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/atf_c_detail_libtest_helpers_la-test_helpers.lo `test -f 'atf-c/detail/test_helpers.c' || echo '$(srcdir)/'`atf-c/detail/test_helpers.c
atf-c/libatf_c_la-build.lo: atf-c/build.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-build.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-build.Tpo -c -o atf-c/libatf_c_la-build.lo `test -f 'atf-c/build.c' || echo '$(srcdir)/'`atf-c/build.c
- at am__fastdepCC_TRUE@ mv -f atf-c/$(DEPDIR)/libatf_c_la-build.Tpo atf-c/$(DEPDIR)/libatf_c_la-build.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-build.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-build.Tpo -c -o atf-c/libatf_c_la-build.lo `test -f 'atf-c/build.c' || echo '$(srcdir)/'`atf-c/build.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/$(DEPDIR)/libatf_c_la-build.Tpo atf-c/$(DEPDIR)/libatf_c_la-build.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/build.c' object='atf-c/libatf_c_la-build.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-build.lo `test -f 'atf-c/build.c' || echo '$(srcdir)/'`atf-c/build.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-build.lo `test -f 'atf-c/build.c' || echo '$(srcdir)/'`atf-c/build.c
atf-c/libatf_c_la-check.lo: atf-c/check.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-check.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-check.Tpo -c -o atf-c/libatf_c_la-check.lo `test -f 'atf-c/check.c' || echo '$(srcdir)/'`atf-c/check.c
- at am__fastdepCC_TRUE@ mv -f atf-c/$(DEPDIR)/libatf_c_la-check.Tpo atf-c/$(DEPDIR)/libatf_c_la-check.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-check.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-check.Tpo -c -o atf-c/libatf_c_la-check.lo `test -f 'atf-c/check.c' || echo '$(srcdir)/'`atf-c/check.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/$(DEPDIR)/libatf_c_la-check.Tpo atf-c/$(DEPDIR)/libatf_c_la-check.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/check.c' object='atf-c/libatf_c_la-check.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-check.lo `test -f 'atf-c/check.c' || echo '$(srcdir)/'`atf-c/check.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-check.lo `test -f 'atf-c/check.c' || echo '$(srcdir)/'`atf-c/check.c
atf-c/libatf_c_la-config.lo: atf-c/config.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-config.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-config.Tpo -c -o atf-c/libatf_c_la-config.lo `test -f 'atf-c/config.c' || echo '$(srcdir)/'`atf-c/config.c
- at am__fastdepCC_TRUE@ mv -f atf-c/$(DEPDIR)/libatf_c_la-config.Tpo atf-c/$(DEPDIR)/libatf_c_la-config.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-config.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-config.Tpo -c -o atf-c/libatf_c_la-config.lo `test -f 'atf-c/config.c' || echo '$(srcdir)/'`atf-c/config.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/$(DEPDIR)/libatf_c_la-config.Tpo atf-c/$(DEPDIR)/libatf_c_la-config.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/config.c' object='atf-c/libatf_c_la-config.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-config.lo `test -f 'atf-c/config.c' || echo '$(srcdir)/'`atf-c/config.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-config.lo `test -f 'atf-c/config.c' || echo '$(srcdir)/'`atf-c/config.c
atf-c/libatf_c_la-error.lo: atf-c/error.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-error.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-error.Tpo -c -o atf-c/libatf_c_la-error.lo `test -f 'atf-c/error.c' || echo '$(srcdir)/'`atf-c/error.c
- at am__fastdepCC_TRUE@ mv -f atf-c/$(DEPDIR)/libatf_c_la-error.Tpo atf-c/$(DEPDIR)/libatf_c_la-error.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-error.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-error.Tpo -c -o atf-c/libatf_c_la-error.lo `test -f 'atf-c/error.c' || echo '$(srcdir)/'`atf-c/error.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/$(DEPDIR)/libatf_c_la-error.Tpo atf-c/$(DEPDIR)/libatf_c_la-error.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/error.c' object='atf-c/libatf_c_la-error.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-error.lo `test -f 'atf-c/error.c' || echo '$(srcdir)/'`atf-c/error.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-error.lo `test -f 'atf-c/error.c' || echo '$(srcdir)/'`atf-c/error.c
atf-c/libatf_c_la-tc.lo: atf-c/tc.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-tc.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-tc.Tpo -c -o atf-c/libatf_c_la-tc.lo `test -f 'atf-c/tc.c' || echo '$(srcdir)/'`atf-c/tc.c
- at am__fastdepCC_TRUE@ mv -f atf-c/$(DEPDIR)/libatf_c_la-tc.Tpo atf-c/$(DEPDIR)/libatf_c_la-tc.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-tc.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-tc.Tpo -c -o atf-c/libatf_c_la-tc.lo `test -f 'atf-c/tc.c' || echo '$(srcdir)/'`atf-c/tc.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/$(DEPDIR)/libatf_c_la-tc.Tpo atf-c/$(DEPDIR)/libatf_c_la-tc.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/tc.c' object='atf-c/libatf_c_la-tc.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-tc.lo `test -f 'atf-c/tc.c' || echo '$(srcdir)/'`atf-c/tc.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-tc.lo `test -f 'atf-c/tc.c' || echo '$(srcdir)/'`atf-c/tc.c
atf-c/libatf_c_la-tp.lo: atf-c/tp.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-tp.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-tp.Tpo -c -o atf-c/libatf_c_la-tp.lo `test -f 'atf-c/tp.c' || echo '$(srcdir)/'`atf-c/tp.c
- at am__fastdepCC_TRUE@ mv -f atf-c/$(DEPDIR)/libatf_c_la-tp.Tpo atf-c/$(DEPDIR)/libatf_c_la-tp.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-tp.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-tp.Tpo -c -o atf-c/libatf_c_la-tp.lo `test -f 'atf-c/tp.c' || echo '$(srcdir)/'`atf-c/tp.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/$(DEPDIR)/libatf_c_la-tp.Tpo atf-c/$(DEPDIR)/libatf_c_la-tp.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/tp.c' object='atf-c/libatf_c_la-tp.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-tp.lo `test -f 'atf-c/tp.c' || echo '$(srcdir)/'`atf-c/tp.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-tp.lo `test -f 'atf-c/tp.c' || echo '$(srcdir)/'`atf-c/tp.c
atf-c/libatf_c_la-utils.lo: atf-c/utils.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-utils.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-utils.Tpo -c -o atf-c/libatf_c_la-utils.lo `test -f 'atf-c/utils.c' || echo '$(srcdir)/'`atf-c/utils.c
- at am__fastdepCC_TRUE@ mv -f atf-c/$(DEPDIR)/libatf_c_la-utils.Tpo atf-c/$(DEPDIR)/libatf_c_la-utils.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/libatf_c_la-utils.lo -MD -MP -MF atf-c/$(DEPDIR)/libatf_c_la-utils.Tpo -c -o atf-c/libatf_c_la-utils.lo `test -f 'atf-c/utils.c' || echo '$(srcdir)/'`atf-c/utils.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/$(DEPDIR)/libatf_c_la-utils.Tpo atf-c/$(DEPDIR)/libatf_c_la-utils.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/utils.c' object='atf-c/libatf_c_la-utils.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-utils.lo `test -f 'atf-c/utils.c' || echo '$(srcdir)/'`atf-c/utils.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/libatf_c_la-utils.lo `test -f 'atf-c/utils.c' || echo '$(srcdir)/'`atf-c/utils.c
atf-c/detail/libatf_c_la-dynstr.lo: atf-c/detail/dynstr.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-dynstr.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-dynstr.Tpo -c -o atf-c/detail/libatf_c_la-dynstr.lo `test -f 'atf-c/detail/dynstr.c' || echo '$(srcdir)/'`atf-c/detail/dynstr.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-dynstr.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-dynstr.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-dynstr.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-dynstr.Tpo -c -o atf-c/detail/libatf_c_la-dynstr.lo `test -f 'atf-c/detail/dynstr.c' || echo '$(srcdir)/'`atf-c/detail/dynstr.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-dynstr.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-dynstr.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/dynstr.c' object='atf-c/detail/libatf_c_la-dynstr.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-dynstr.lo `test -f 'atf-c/detail/dynstr.c' || echo '$(srcdir)/'`atf-c/detail/dynstr.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-dynstr.lo `test -f 'atf-c/detail/dynstr.c' || echo '$(srcdir)/'`atf-c/detail/dynstr.c
atf-c/detail/libatf_c_la-env.lo: atf-c/detail/env.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-env.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-env.Tpo -c -o atf-c/detail/libatf_c_la-env.lo `test -f 'atf-c/detail/env.c' || echo '$(srcdir)/'`atf-c/detail/env.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-env.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-env.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-env.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-env.Tpo -c -o atf-c/detail/libatf_c_la-env.lo `test -f 'atf-c/detail/env.c' || echo '$(srcdir)/'`atf-c/detail/env.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-env.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-env.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/env.c' object='atf-c/detail/libatf_c_la-env.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-env.lo `test -f 'atf-c/detail/env.c' || echo '$(srcdir)/'`atf-c/detail/env.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-env.lo `test -f 'atf-c/detail/env.c' || echo '$(srcdir)/'`atf-c/detail/env.c
atf-c/detail/libatf_c_la-fs.lo: atf-c/detail/fs.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-fs.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-fs.Tpo -c -o atf-c/detail/libatf_c_la-fs.lo `test -f 'atf-c/detail/fs.c' || echo '$(srcdir)/'`atf-c/detail/fs.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-fs.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-fs.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-fs.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-fs.Tpo -c -o atf-c/detail/libatf_c_la-fs.lo `test -f 'atf-c/detail/fs.c' || echo '$(srcdir)/'`atf-c/detail/fs.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-fs.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-fs.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/fs.c' object='atf-c/detail/libatf_c_la-fs.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-fs.lo `test -f 'atf-c/detail/fs.c' || echo '$(srcdir)/'`atf-c/detail/fs.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-fs.lo `test -f 'atf-c/detail/fs.c' || echo '$(srcdir)/'`atf-c/detail/fs.c
atf-c/detail/libatf_c_la-list.lo: atf-c/detail/list.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-list.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-list.Tpo -c -o atf-c/detail/libatf_c_la-list.lo `test -f 'atf-c/detail/list.c' || echo '$(srcdir)/'`atf-c/detail/list.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-list.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-list.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-list.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-list.Tpo -c -o atf-c/detail/libatf_c_la-list.lo `test -f 'atf-c/detail/list.c' || echo '$(srcdir)/'`atf-c/detail/list.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-list.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-list.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/list.c' object='atf-c/detail/libatf_c_la-list.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-list.lo `test -f 'atf-c/detail/list.c' || echo '$(srcdir)/'`atf-c/detail/list.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-list.lo `test -f 'atf-c/detail/list.c' || echo '$(srcdir)/'`atf-c/detail/list.c
atf-c/detail/libatf_c_la-map.lo: atf-c/detail/map.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-map.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-map.Tpo -c -o atf-c/detail/libatf_c_la-map.lo `test -f 'atf-c/detail/map.c' || echo '$(srcdir)/'`atf-c/detail/map.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-map.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-map.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-map.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-map.Tpo -c -o atf-c/detail/libatf_c_la-map.lo `test -f 'atf-c/detail/map.c' || echo '$(srcdir)/'`atf-c/detail/map.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-map.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-map.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/map.c' object='atf-c/detail/libatf_c_la-map.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-map.lo `test -f 'atf-c/detail/map.c' || echo '$(srcdir)/'`atf-c/detail/map.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-map.lo `test -f 'atf-c/detail/map.c' || echo '$(srcdir)/'`atf-c/detail/map.c
atf-c/detail/libatf_c_la-process.lo: atf-c/detail/process.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-process.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-process.Tpo -c -o atf-c/detail/libatf_c_la-process.lo `test -f 'atf-c/detail/process.c' || echo '$(srcdir)/'`atf-c/detail/process.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-process.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-process.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-process.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-process.Tpo -c -o atf-c/detail/libatf_c_la-process.lo `test -f 'atf-c/detail/process.c' || echo '$(srcdir)/'`atf-c/detail/process.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-process.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-process.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/process.c' object='atf-c/detail/libatf_c_la-process.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-process.lo `test -f 'atf-c/detail/process.c' || echo '$(srcdir)/'`atf-c/detail/process.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-process.lo `test -f 'atf-c/detail/process.c' || echo '$(srcdir)/'`atf-c/detail/process.c
atf-c/detail/libatf_c_la-sanity.lo: atf-c/detail/sanity.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-sanity.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-sanity.Tpo -c -o atf-c/detail/libatf_c_la-sanity.lo `test -f 'atf-c/detail/sanity.c' || echo '$(srcdir)/'`atf-c/detail/sanity.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-sanity.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-sanity.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-sanity.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-sanity.Tpo -c -o atf-c/detail/libatf_c_la-sanity.lo `test -f 'atf-c/detail/sanity.c' || echo '$(srcdir)/'`atf-c/detail/sanity.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-sanity.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-sanity.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/sanity.c' object='atf-c/detail/libatf_c_la-sanity.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-sanity.lo `test -f 'atf-c/detail/sanity.c' || echo '$(srcdir)/'`atf-c/detail/sanity.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-sanity.lo `test -f 'atf-c/detail/sanity.c' || echo '$(srcdir)/'`atf-c/detail/sanity.c
atf-c/detail/libatf_c_la-text.lo: atf-c/detail/text.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-text.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-text.Tpo -c -o atf-c/detail/libatf_c_la-text.lo `test -f 'atf-c/detail/text.c' || echo '$(srcdir)/'`atf-c/detail/text.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-text.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-text.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-text.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-text.Tpo -c -o atf-c/detail/libatf_c_la-text.lo `test -f 'atf-c/detail/text.c' || echo '$(srcdir)/'`atf-c/detail/text.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-text.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-text.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/text.c' object='atf-c/detail/libatf_c_la-text.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-text.lo `test -f 'atf-c/detail/text.c' || echo '$(srcdir)/'`atf-c/detail/text.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-text.lo `test -f 'atf-c/detail/text.c' || echo '$(srcdir)/'`atf-c/detail/text.c
atf-c/detail/libatf_c_la-tp_main.lo: atf-c/detail/tp_main.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-tp_main.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-tp_main.Tpo -c -o atf-c/detail/libatf_c_la-tp_main.lo `test -f 'atf-c/detail/tp_main.c' || echo '$(srcdir)/'`atf-c/detail/tp_main.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-tp_main.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-tp_main.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-tp_main.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-tp_main.Tpo -c -o atf-c/detail/libatf_c_la-tp_main.lo `test -f 'atf-c/detail/tp_main.c' || echo '$(srcdir)/'`atf-c/detail/tp_main.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-tp_main.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-tp_main.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/tp_main.c' object='atf-c/detail/libatf_c_la-tp_main.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-tp_main.lo `test -f 'atf-c/detail/tp_main.c' || echo '$(srcdir)/'`atf-c/detail/tp_main.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-tp_main.lo `test -f 'atf-c/detail/tp_main.c' || echo '$(srcdir)/'`atf-c/detail/tp_main.c
atf-c/detail/libatf_c_la-user.lo: atf-c/detail/user.c
- at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-user.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-user.Tpo -c -o atf-c/detail/libatf_c_la-user.lo `test -f 'atf-c/detail/user.c' || echo '$(srcdir)/'`atf-c/detail/user.c
- at am__fastdepCC_TRUE@ mv -f atf-c/detail/$(DEPDIR)/libatf_c_la-user.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-user.Plo
+ at am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atf-c/detail/libatf_c_la-user.lo -MD -MP -MF atf-c/detail/$(DEPDIR)/libatf_c_la-user.Tpo -c -o atf-c/detail/libatf_c_la-user.lo `test -f 'atf-c/detail/user.c' || echo '$(srcdir)/'`atf-c/detail/user.c
+ at am__fastdepCC_TRUE@ $(am__mv) atf-c/detail/$(DEPDIR)/libatf_c_la-user.Tpo atf-c/detail/$(DEPDIR)/libatf_c_la-user.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='atf-c/detail/user.c' object='atf-c/detail/libatf_c_la-user.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-user.lo `test -f 'atf-c/detail/user.c' || echo '$(srcdir)/'`atf-c/detail/user.c
+ at am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libatf_c_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atf-c/detail/libatf_c_la-user.lo `test -f 'atf-c/detail/user.c' || echo '$(srcdir)/'`atf-c/detail/user.c
.cpp.o:
@am__fastdepCXX_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCXX_TRUE@ mv -f $$depbase.Tpo $$depbase.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $<
@@ -3122,7 +3461,7 @@
.cpp.obj:
@am__fastdepCXX_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCXX_TRUE@ mv -f $$depbase.Tpo $$depbase.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
@@ -3130,7 +3469,7 @@
.cpp.lo:
@am__fastdepCXX_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCXX_TRUE@ mv -f $$depbase.Tpo $$depbase.Plo
+ at am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(LTCXXCOMPILE) -c -o $@ $<
@@ -3137,7 +3476,7 @@
atf-report/atf_report_reader_test-reader_test.o: atf-report/reader_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-report/atf_report_reader_test-reader_test.o -MD -MP -MF atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Tpo -c -o atf-report/atf_report_reader_test-reader_test.o `test -f 'atf-report/reader_test.cpp' || echo '$(srcdir)/'`atf-report/reader_test.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-report/reader_test.cpp' object='atf-report/atf_report_reader_test-reader_test.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-report/atf_report_reader_test-reader_test.o `test -f 'atf-report/reader_test.cpp' || echo '$(srcdir)/'`atf-report/reader_test.cpp
@@ -3144,7 +3483,7 @@
atf-report/atf_report_reader_test-reader_test.obj: atf-report/reader_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-report/atf_report_reader_test-reader_test.obj -MD -MP -MF atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Tpo -c -o atf-report/atf_report_reader_test-reader_test.obj `if test -f 'atf-report/reader_test.cpp'; then $(CYGPATH_W) 'atf-report/reader_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-report/reader_test.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-report/reader_test.cpp' object='atf-report/atf_report_reader_test-reader_test.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-report/atf_report_reader_test-reader_test.obj `if test -f 'atf-report/reader_test.cpp'; then $(CYGPATH_W) 'atf-report/reader_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-report/reader_test.cpp'; fi`
@@ -3151,7 +3490,7 @@
atf-report/atf_report_reader_test-reader.o: atf-report/reader.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-report/atf_report_reader_test-reader.o -MD -MP -MF atf-report/$(DEPDIR)/atf_report_reader_test-reader.Tpo -c -o atf-report/atf_report_reader_test-reader.o `test -f 'atf-report/reader.cpp' || echo '$(srcdir)/'`atf-report/reader.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-report/$(DEPDIR)/atf_report_reader_test-reader.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-report/$(DEPDIR)/atf_report_reader_test-reader.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-report/reader.cpp' object='atf-report/atf_report_reader_test-reader.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-report/atf_report_reader_test-reader.o `test -f 'atf-report/reader.cpp' || echo '$(srcdir)/'`atf-report/reader.cpp
@@ -3158,14 +3497,154 @@
atf-report/atf_report_reader_test-reader.obj: atf-report/reader.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-report/atf_report_reader_test-reader.obj -MD -MP -MF atf-report/$(DEPDIR)/atf_report_reader_test-reader.Tpo -c -o atf-report/atf_report_reader_test-reader.obj `if test -f 'atf-report/reader.cpp'; then $(CYGPATH_W) 'atf-report/reader.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-report/reader.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-report/$(DEPDIR)/atf_report_reader_test-reader.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-report/$(DEPDIR)/atf_report_reader_test-reader.Tpo atf-report/$(DEPDIR)/atf_report_reader_test-reader.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-report/reader.cpp' object='atf-report/atf_report_reader_test-reader.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_report_reader_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-report/atf_report_reader_test-reader.obj `if test -f 'atf-report/reader.cpp'; then $(CYGPATH_W) 'atf-report/reader.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-report/reader.cpp'; fi`
+atf-run/atf_run_atf_run-atf-run.o: atf-run/atf-run.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-atf-run.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-atf-run.Tpo -c -o atf-run/atf_run_atf_run-atf-run.o `test -f 'atf-run/atf-run.cpp' || echo '$(srcdir)/'`atf-run/atf-run.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-atf-run.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-atf-run.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atf-run.cpp' object='atf-run/atf_run_atf_run-atf-run.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-atf-run.o `test -f 'atf-run/atf-run.cpp' || echo '$(srcdir)/'`atf-run/atf-run.cpp
+
+atf-run/atf_run_atf_run-atf-run.obj: atf-run/atf-run.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-atf-run.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-atf-run.Tpo -c -o atf-run/atf_run_atf_run-atf-run.obj `if test -f 'atf-run/atf-run.cpp'; then $(CYGPATH_W) 'atf-run/atf-run.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atf-run.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-atf-run.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-atf-run.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atf-run.cpp' object='atf-run/atf_run_atf_run-atf-run.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-atf-run.obj `if test -f 'atf-run/atf-run.cpp'; then $(CYGPATH_W) 'atf-run/atf-run.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atf-run.cpp'; fi`
+
+atf-run/atf_run_atf_run-atffile.o: atf-run/atffile.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-atffile.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-atffile.Tpo -c -o atf-run/atf_run_atf_run-atffile.o `test -f 'atf-run/atffile.cpp' || echo '$(srcdir)/'`atf-run/atffile.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-atffile.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-atffile.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atffile.cpp' object='atf-run/atf_run_atf_run-atffile.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-atffile.o `test -f 'atf-run/atffile.cpp' || echo '$(srcdir)/'`atf-run/atffile.cpp
+
+atf-run/atf_run_atf_run-atffile.obj: atf-run/atffile.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-atffile.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-atffile.Tpo -c -o atf-run/atf_run_atf_run-atffile.obj `if test -f 'atf-run/atffile.cpp'; then $(CYGPATH_W) 'atf-run/atffile.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atffile.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-atffile.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-atffile.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atffile.cpp' object='atf-run/atf_run_atf_run-atffile.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-atffile.obj `if test -f 'atf-run/atffile.cpp'; then $(CYGPATH_W) 'atf-run/atffile.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atffile.cpp'; fi`
+
+atf-run/atf_run_atf_run-config.o: atf-run/config.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-config.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-config.Tpo -c -o atf-run/atf_run_atf_run-config.o `test -f 'atf-run/config.cpp' || echo '$(srcdir)/'`atf-run/config.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-config.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-config.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/config.cpp' object='atf-run/atf_run_atf_run-config.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-config.o `test -f 'atf-run/config.cpp' || echo '$(srcdir)/'`atf-run/config.cpp
+
+atf-run/atf_run_atf_run-config.obj: atf-run/config.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-config.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-config.Tpo -c -o atf-run/atf_run_atf_run-config.obj `if test -f 'atf-run/config.cpp'; then $(CYGPATH_W) 'atf-run/config.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/config.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-config.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-config.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/config.cpp' object='atf-run/atf_run_atf_run-config.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-config.obj `if test -f 'atf-run/config.cpp'; then $(CYGPATH_W) 'atf-run/config.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/config.cpp'; fi`
+
+atf-run/atf_run_atf_run-fs.o: atf-run/fs.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-fs.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-fs.Tpo -c -o atf-run/atf_run_atf_run-fs.o `test -f 'atf-run/fs.cpp' || echo '$(srcdir)/'`atf-run/fs.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-fs.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-fs.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/fs.cpp' object='atf-run/atf_run_atf_run-fs.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-fs.o `test -f 'atf-run/fs.cpp' || echo '$(srcdir)/'`atf-run/fs.cpp
+
+atf-run/atf_run_atf_run-fs.obj: atf-run/fs.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-fs.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-fs.Tpo -c -o atf-run/atf_run_atf_run-fs.obj `if test -f 'atf-run/fs.cpp'; then $(CYGPATH_W) 'atf-run/fs.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/fs.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-fs.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-fs.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/fs.cpp' object='atf-run/atf_run_atf_run-fs.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-fs.obj `if test -f 'atf-run/fs.cpp'; then $(CYGPATH_W) 'atf-run/fs.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/fs.cpp'; fi`
+
+atf-run/atf_run_atf_run-io.o: atf-run/io.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-io.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-io.Tpo -c -o atf-run/atf_run_atf_run-io.o `test -f 'atf-run/io.cpp' || echo '$(srcdir)/'`atf-run/io.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-io.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-io.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/io.cpp' object='atf-run/atf_run_atf_run-io.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-io.o `test -f 'atf-run/io.cpp' || echo '$(srcdir)/'`atf-run/io.cpp
+
+atf-run/atf_run_atf_run-io.obj: atf-run/io.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-io.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-io.Tpo -c -o atf-run/atf_run_atf_run-io.obj `if test -f 'atf-run/io.cpp'; then $(CYGPATH_W) 'atf-run/io.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/io.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-io.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-io.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/io.cpp' object='atf-run/atf_run_atf_run-io.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-io.obj `if test -f 'atf-run/io.cpp'; then $(CYGPATH_W) 'atf-run/io.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/io.cpp'; fi`
+
+atf-run/atf_run_atf_run-requirements.o: atf-run/requirements.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-requirements.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-requirements.Tpo -c -o atf-run/atf_run_atf_run-requirements.o `test -f 'atf-run/requirements.cpp' || echo '$(srcdir)/'`atf-run/requirements.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-requirements.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-requirements.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/requirements.cpp' object='atf-run/atf_run_atf_run-requirements.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-requirements.o `test -f 'atf-run/requirements.cpp' || echo '$(srcdir)/'`atf-run/requirements.cpp
+
+atf-run/atf_run_atf_run-requirements.obj: atf-run/requirements.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-requirements.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-requirements.Tpo -c -o atf-run/atf_run_atf_run-requirements.obj `if test -f 'atf-run/requirements.cpp'; then $(CYGPATH_W) 'atf-run/requirements.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/requirements.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-requirements.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-requirements.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/requirements.cpp' object='atf-run/atf_run_atf_run-requirements.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-requirements.obj `if test -f 'atf-run/requirements.cpp'; then $(CYGPATH_W) 'atf-run/requirements.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/requirements.cpp'; fi`
+
+atf-run/atf_run_atf_run-signals.o: atf-run/signals.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-signals.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-signals.Tpo -c -o atf-run/atf_run_atf_run-signals.o `test -f 'atf-run/signals.cpp' || echo '$(srcdir)/'`atf-run/signals.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-signals.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-signals.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/signals.cpp' object='atf-run/atf_run_atf_run-signals.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-signals.o `test -f 'atf-run/signals.cpp' || echo '$(srcdir)/'`atf-run/signals.cpp
+
+atf-run/atf_run_atf_run-signals.obj: atf-run/signals.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-signals.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-signals.Tpo -c -o atf-run/atf_run_atf_run-signals.obj `if test -f 'atf-run/signals.cpp'; then $(CYGPATH_W) 'atf-run/signals.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/signals.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-signals.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-signals.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/signals.cpp' object='atf-run/atf_run_atf_run-signals.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-signals.obj `if test -f 'atf-run/signals.cpp'; then $(CYGPATH_W) 'atf-run/signals.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/signals.cpp'; fi`
+
+atf-run/atf_run_atf_run-test-program.o: atf-run/test-program.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-test-program.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-test-program.Tpo -c -o atf-run/atf_run_atf_run-test-program.o `test -f 'atf-run/test-program.cpp' || echo '$(srcdir)/'`atf-run/test-program.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-test-program.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-test-program.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/test-program.cpp' object='atf-run/atf_run_atf_run-test-program.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-test-program.o `test -f 'atf-run/test-program.cpp' || echo '$(srcdir)/'`atf-run/test-program.cpp
+
+atf-run/atf_run_atf_run-test-program.obj: atf-run/test-program.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-test-program.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-test-program.Tpo -c -o atf-run/atf_run_atf_run-test-program.obj `if test -f 'atf-run/test-program.cpp'; then $(CYGPATH_W) 'atf-run/test-program.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/test-program.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-test-program.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-test-program.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/test-program.cpp' object='atf-run/atf_run_atf_run-test-program.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-test-program.obj `if test -f 'atf-run/test-program.cpp'; then $(CYGPATH_W) 'atf-run/test-program.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/test-program.cpp'; fi`
+
+atf-run/atf_run_atf_run-timer.o: atf-run/timer.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-timer.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-timer.Tpo -c -o atf-run/atf_run_atf_run-timer.o `test -f 'atf-run/timer.cpp' || echo '$(srcdir)/'`atf-run/timer.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-timer.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-timer.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/timer.cpp' object='atf-run/atf_run_atf_run-timer.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-timer.o `test -f 'atf-run/timer.cpp' || echo '$(srcdir)/'`atf-run/timer.cpp
+
+atf-run/atf_run_atf_run-timer.obj: atf-run/timer.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-timer.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-timer.Tpo -c -o atf-run/atf_run_atf_run-timer.obj `if test -f 'atf-run/timer.cpp'; then $(CYGPATH_W) 'atf-run/timer.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/timer.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-timer.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-timer.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/timer.cpp' object='atf-run/atf_run_atf_run-timer.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-timer.obj `if test -f 'atf-run/timer.cpp'; then $(CYGPATH_W) 'atf-run/timer.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/timer.cpp'; fi`
+
+atf-run/atf_run_atf_run-user.o: atf-run/user.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-user.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-user.Tpo -c -o atf-run/atf_run_atf_run-user.o `test -f 'atf-run/user.cpp' || echo '$(srcdir)/'`atf-run/user.cpp
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-user.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-user.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/user.cpp' object='atf-run/atf_run_atf_run-user.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-user.o `test -f 'atf-run/user.cpp' || echo '$(srcdir)/'`atf-run/user.cpp
+
+atf-run/atf_run_atf_run-user.obj: atf-run/user.cpp
+ at am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atf_run-user.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atf_run-user.Tpo -c -o atf-run/atf_run_atf_run-user.obj `if test -f 'atf-run/user.cpp'; then $(CYGPATH_W) 'atf-run/user.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/user.cpp'; fi`
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atf_run-user.Tpo atf-run/$(DEPDIR)/atf_run_atf_run-user.Po
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/user.cpp' object='atf-run/atf_run_atf_run-user.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atf_run_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atf_run-user.obj `if test -f 'atf-run/user.cpp'; then $(CYGPATH_W) 'atf-run/user.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/user.cpp'; fi`
+
atf-run/atf_run_atffile_test-atffile_test.o: atf-run/atffile_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atffile_test-atffile_test.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Tpo -c -o atf-run/atf_run_atffile_test-atffile_test.o `test -f 'atf-run/atffile_test.cpp' || echo '$(srcdir)/'`atf-run/atffile_test.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atffile_test.cpp' object='atf-run/atf_run_atffile_test-atffile_test.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atffile_test-atffile_test.o `test -f 'atf-run/atffile_test.cpp' || echo '$(srcdir)/'`atf-run/atffile_test.cpp
@@ -3172,7 +3651,7 @@
atf-run/atf_run_atffile_test-atffile_test.obj: atf-run/atffile_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atffile_test-atffile_test.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Tpo -c -o atf-run/atf_run_atffile_test-atffile_test.obj `if test -f 'atf-run/atffile_test.cpp'; then $(CYGPATH_W) 'atf-run/atffile_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atffile_test.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atffile_test.cpp' object='atf-run/atf_run_atffile_test-atffile_test.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atffile_test-atffile_test.obj `if test -f 'atf-run/atffile_test.cpp'; then $(CYGPATH_W) 'atf-run/atffile_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atffile_test.cpp'; fi`
@@ -3179,7 +3658,7 @@
atf-run/atf_run_atffile_test-atffile.o: atf-run/atffile.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atffile_test-atffile.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Tpo -c -o atf-run/atf_run_atffile_test-atffile.o `test -f 'atf-run/atffile.cpp' || echo '$(srcdir)/'`atf-run/atffile.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atffile.cpp' object='atf-run/atf_run_atffile_test-atffile.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atffile_test-atffile.o `test -f 'atf-run/atffile.cpp' || echo '$(srcdir)/'`atf-run/atffile.cpp
@@ -3186,7 +3665,7 @@
atf-run/atf_run_atffile_test-atffile.obj: atf-run/atffile.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_atffile_test-atffile.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Tpo -c -o atf-run/atf_run_atffile_test-atffile.obj `if test -f 'atf-run/atffile.cpp'; then $(CYGPATH_W) 'atf-run/atffile.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atffile.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Tpo atf-run/$(DEPDIR)/atf_run_atffile_test-atffile.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/atffile.cpp' object='atf-run/atf_run_atffile_test-atffile.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_atffile_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_atffile_test-atffile.obj `if test -f 'atf-run/atffile.cpp'; then $(CYGPATH_W) 'atf-run/atffile.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/atffile.cpp'; fi`
@@ -3193,7 +3672,7 @@
atf-run/atf_run_config_test-config_test.o: atf-run/config_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_config_test-config_test.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_config_test-config_test.Tpo -c -o atf-run/atf_run_config_test-config_test.o `test -f 'atf-run/config_test.cpp' || echo '$(srcdir)/'`atf-run/config_test.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_config_test-config_test.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_config_test-config_test.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/config_test.cpp' object='atf-run/atf_run_config_test-config_test.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_config_test-config_test.o `test -f 'atf-run/config_test.cpp' || echo '$(srcdir)/'`atf-run/config_test.cpp
@@ -3200,7 +3679,7 @@
atf-run/atf_run_config_test-config_test.obj: atf-run/config_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_config_test-config_test.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_config_test-config_test.Tpo -c -o atf-run/atf_run_config_test-config_test.obj `if test -f 'atf-run/config_test.cpp'; then $(CYGPATH_W) 'atf-run/config_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/config_test.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_config_test-config_test.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_config_test-config_test.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/config_test.cpp' object='atf-run/atf_run_config_test-config_test.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_config_test-config_test.obj `if test -f 'atf-run/config_test.cpp'; then $(CYGPATH_W) 'atf-run/config_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/config_test.cpp'; fi`
@@ -3207,7 +3686,7 @@
atf-run/atf_run_config_test-config.o: atf-run/config.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_config_test-config.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_config_test-config.Tpo -c -o atf-run/atf_run_config_test-config.o `test -f 'atf-run/config.cpp' || echo '$(srcdir)/'`atf-run/config.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_config_test-config.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_config_test-config.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/config.cpp' object='atf-run/atf_run_config_test-config.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_config_test-config.o `test -f 'atf-run/config.cpp' || echo '$(srcdir)/'`atf-run/config.cpp
@@ -3214,7 +3693,7 @@
atf-run/atf_run_config_test-config.obj: atf-run/config.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_config_test-config.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_config_test-config.Tpo -c -o atf-run/atf_run_config_test-config.obj `if test -f 'atf-run/config.cpp'; then $(CYGPATH_W) 'atf-run/config.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/config.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_config_test-config.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_config_test-config.Tpo atf-run/$(DEPDIR)/atf_run_config_test-config.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/config.cpp' object='atf-run/atf_run_config_test-config.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_config_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_config_test-config.obj `if test -f 'atf-run/config.cpp'; then $(CYGPATH_W) 'atf-run/config.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/config.cpp'; fi`
@@ -3221,7 +3700,7 @@
atf-run/atf_run_test_program_test-test_program_test.o: atf-run/test_program_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-test_program_test.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Tpo -c -o atf-run/atf_run_test_program_test-test_program_test.o `test -f 'atf-run/test_program_test.cpp' || echo '$(srcdir)/'`atf-run/test_program_test.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/test_program_test.cpp' object='atf-run/atf_run_test_program_test-test_program_test.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-test_program_test.o `test -f 'atf-run/test_program_test.cpp' || echo '$(srcdir)/'`atf-run/test_program_test.cpp
@@ -3228,7 +3707,7 @@
atf-run/atf_run_test_program_test-test_program_test.obj: atf-run/test_program_test.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-test_program_test.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Tpo -c -o atf-run/atf_run_test_program_test-test_program_test.obj `if test -f 'atf-run/test_program_test.cpp'; then $(CYGPATH_W) 'atf-run/test_program_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/test_program_test.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test_program_test.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/test_program_test.cpp' object='atf-run/atf_run_test_program_test-test_program_test.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-test_program_test.obj `if test -f 'atf-run/test_program_test.cpp'; then $(CYGPATH_W) 'atf-run/test_program_test.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/test_program_test.cpp'; fi`
@@ -3235,7 +3714,7 @@
atf-run/atf_run_test_program_test-fs.o: atf-run/fs.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-fs.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Tpo -c -o atf-run/atf_run_test_program_test-fs.o `test -f 'atf-run/fs.cpp' || echo '$(srcdir)/'`atf-run/fs.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/fs.cpp' object='atf-run/atf_run_test_program_test-fs.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-fs.o `test -f 'atf-run/fs.cpp' || echo '$(srcdir)/'`atf-run/fs.cpp
@@ -3242,7 +3721,7 @@
atf-run/atf_run_test_program_test-fs.obj: atf-run/fs.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-fs.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Tpo -c -o atf-run/atf_run_test_program_test-fs.obj `if test -f 'atf-run/fs.cpp'; then $(CYGPATH_W) 'atf-run/fs.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/fs.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-fs.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/fs.cpp' object='atf-run/atf_run_test_program_test-fs.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-fs.obj `if test -f 'atf-run/fs.cpp'; then $(CYGPATH_W) 'atf-run/fs.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/fs.cpp'; fi`
@@ -3249,7 +3728,7 @@
atf-run/atf_run_test_program_test-io.o: atf-run/io.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-io.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-io.Tpo -c -o atf-run/atf_run_test_program_test-io.o `test -f 'atf-run/io.cpp' || echo '$(srcdir)/'`atf-run/io.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-io.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-io.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-io.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-io.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/io.cpp' object='atf-run/atf_run_test_program_test-io.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-io.o `test -f 'atf-run/io.cpp' || echo '$(srcdir)/'`atf-run/io.cpp
@@ -3256,7 +3735,7 @@
atf-run/atf_run_test_program_test-io.obj: atf-run/io.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-io.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-io.Tpo -c -o atf-run/atf_run_test_program_test-io.obj `if test -f 'atf-run/io.cpp'; then $(CYGPATH_W) 'atf-run/io.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/io.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-io.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-io.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-io.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-io.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/io.cpp' object='atf-run/atf_run_test_program_test-io.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-io.obj `if test -f 'atf-run/io.cpp'; then $(CYGPATH_W) 'atf-run/io.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/io.cpp'; fi`
@@ -3263,7 +3742,7 @@
atf-run/atf_run_test_program_test-requirements.o: atf-run/requirements.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-requirements.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Tpo -c -o atf-run/atf_run_test_program_test-requirements.o `test -f 'atf-run/requirements.cpp' || echo '$(srcdir)/'`atf-run/requirements.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/requirements.cpp' object='atf-run/atf_run_test_program_test-requirements.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-requirements.o `test -f 'atf-run/requirements.cpp' || echo '$(srcdir)/'`atf-run/requirements.cpp
@@ -3270,7 +3749,7 @@
atf-run/atf_run_test_program_test-requirements.obj: atf-run/requirements.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-requirements.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Tpo -c -o atf-run/atf_run_test_program_test-requirements.obj `if test -f 'atf-run/requirements.cpp'; then $(CYGPATH_W) 'atf-run/requirements.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/requirements.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-requirements.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/requirements.cpp' object='atf-run/atf_run_test_program_test-requirements.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-requirements.obj `if test -f 'atf-run/requirements.cpp'; then $(CYGPATH_W) 'atf-run/requirements.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/requirements.cpp'; fi`
@@ -3277,7 +3756,7 @@
atf-run/atf_run_test_program_test-signals.o: atf-run/signals.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-signals.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Tpo -c -o atf-run/atf_run_test_program_test-signals.o `test -f 'atf-run/signals.cpp' || echo '$(srcdir)/'`atf-run/signals.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/signals.cpp' object='atf-run/atf_run_test_program_test-signals.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-signals.o `test -f 'atf-run/signals.cpp' || echo '$(srcdir)/'`atf-run/signals.cpp
@@ -3284,7 +3763,7 @@
atf-run/atf_run_test_program_test-signals.obj: atf-run/signals.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-signals.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Tpo -c -o atf-run/atf_run_test_program_test-signals.obj `if test -f 'atf-run/signals.cpp'; then $(CYGPATH_W) 'atf-run/signals.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/signals.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-signals.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/signals.cpp' object='atf-run/atf_run_test_program_test-signals.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-signals.obj `if test -f 'atf-run/signals.cpp'; then $(CYGPATH_W) 'atf-run/signals.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/signals.cpp'; fi`
@@ -3291,7 +3770,7 @@
atf-run/atf_run_test_program_test-test-program.o: atf-run/test-program.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-test-program.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Tpo -c -o atf-run/atf_run_test_program_test-test-program.o `test -f 'atf-run/test-program.cpp' || echo '$(srcdir)/'`atf-run/test-program.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/test-program.cpp' object='atf-run/atf_run_test_program_test-test-program.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-test-program.o `test -f 'atf-run/test-program.cpp' || echo '$(srcdir)/'`atf-run/test-program.cpp
@@ -3298,7 +3777,7 @@
atf-run/atf_run_test_program_test-test-program.obj: atf-run/test-program.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-test-program.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Tpo -c -o atf-run/atf_run_test_program_test-test-program.obj `if test -f 'atf-run/test-program.cpp'; then $(CYGPATH_W) 'atf-run/test-program.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/test-program.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-test-program.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/test-program.cpp' object='atf-run/atf_run_test_program_test-test-program.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-test-program.obj `if test -f 'atf-run/test-program.cpp'; then $(CYGPATH_W) 'atf-run/test-program.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/test-program.cpp'; fi`
@@ -3305,7 +3784,7 @@
atf-run/atf_run_test_program_test-timer.o: atf-run/timer.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-timer.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Tpo -c -o atf-run/atf_run_test_program_test-timer.o `test -f 'atf-run/timer.cpp' || echo '$(srcdir)/'`atf-run/timer.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/timer.cpp' object='atf-run/atf_run_test_program_test-timer.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-timer.o `test -f 'atf-run/timer.cpp' || echo '$(srcdir)/'`atf-run/timer.cpp
@@ -3312,7 +3791,7 @@
atf-run/atf_run_test_program_test-timer.obj: atf-run/timer.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-timer.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Tpo -c -o atf-run/atf_run_test_program_test-timer.obj `if test -f 'atf-run/timer.cpp'; then $(CYGPATH_W) 'atf-run/timer.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/timer.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-timer.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/timer.cpp' object='atf-run/atf_run_test_program_test-timer.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-timer.obj `if test -f 'atf-run/timer.cpp'; then $(CYGPATH_W) 'atf-run/timer.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/timer.cpp'; fi`
@@ -3319,7 +3798,7 @@
atf-run/atf_run_test_program_test-user.o: atf-run/user.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-user.o -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-user.Tpo -c -o atf-run/atf_run_test_program_test-user.o `test -f 'atf-run/user.cpp' || echo '$(srcdir)/'`atf-run/user.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-user.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-user.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-user.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-user.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/user.cpp' object='atf-run/atf_run_test_program_test-user.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-user.o `test -f 'atf-run/user.cpp' || echo '$(srcdir)/'`atf-run/user.cpp
@@ -3326,7 +3805,7 @@
atf-run/atf_run_test_program_test-user.obj: atf-run/user.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-run/atf_run_test_program_test-user.obj -MD -MP -MF atf-run/$(DEPDIR)/atf_run_test_program_test-user.Tpo -c -o atf-run/atf_run_test_program_test-user.obj `if test -f 'atf-run/user.cpp'; then $(CYGPATH_W) 'atf-run/user.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/user.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-run/$(DEPDIR)/atf_run_test_program_test-user.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-user.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-run/$(DEPDIR)/atf_run_test_program_test-user.Tpo atf-run/$(DEPDIR)/atf_run_test_program_test-user.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-run/user.cpp' object='atf-run/atf_run_test_program_test-user.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_run_test_program_test_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-run/atf_run_test_program_test-user.obj `if test -f 'atf-run/user.cpp'; then $(CYGPATH_W) 'atf-run/user.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-run/user.cpp'; fi`
@@ -3333,7 +3812,7 @@
atf-version/atf_version_atf_version-atf-version.o: atf-version/atf-version.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_version_atf_version_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-version/atf_version_atf_version-atf-version.o -MD -MP -MF atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Tpo -c -o atf-version/atf_version_atf_version-atf-version.o `test -f 'atf-version/atf-version.cpp' || echo '$(srcdir)/'`atf-version/atf-version.cpp
- at am__fastdepCXX_TRUE@ mv -f atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Tpo atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Tpo atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-version/atf-version.cpp' object='atf-version/atf_version_atf_version-atf-version.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_version_atf_version_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-version/atf_version_atf_version-atf-version.o `test -f 'atf-version/atf-version.cpp' || echo '$(srcdir)/'`atf-version/atf-version.cpp
@@ -3340,7 +3819,7 @@
atf-version/atf_version_atf_version-atf-version.obj: atf-version/atf-version.cpp
@am__fastdepCXX_TRUE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_version_atf_version_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT atf-version/atf_version_atf_version-atf-version.obj -MD -MP -MF atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Tpo -c -o atf-version/atf_version_atf_version-atf-version.obj `if test -f 'atf-version/atf-version.cpp'; then $(CYGPATH_W) 'atf-version/atf-version.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-version/atf-version.cpp'; fi`
- at am__fastdepCXX_TRUE@ mv -f atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Tpo atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Po
+ at am__fastdepCXX_TRUE@ $(am__mv) atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Tpo atf-version/$(DEPDIR)/atf_version_atf_version-atf-version.Po
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='atf-version/atf-version.cpp' object='atf-version/atf_version_atf_version-atf-version.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atf_version_atf_version_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o atf-version/atf_version_atf_version-atf-version.obj `if test -f 'atf-version/atf-version.cpp'; then $(CYGPATH_W) 'atf-version/atf-version.cpp'; else $(CYGPATH_W) '$(srcdir)/atf-version/atf-version.cpp'; fi`
@@ -3363,606 +3842,726 @@
-rm -rf test-programs/.libs test-programs/_libs
distclean-libtool:
- -rm -f libtool
-install-man1: $(man1_MANS) $(man_MANS)
+ -rm -f libtool config.lt
+install-man1: $(dist_man_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
- @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.1*) list="$$list $$i" ;; \
- esac; \
+ @list1=''; \
+ list2='$(dist_man_MANS) $(man_MANS)'; \
+ test -n "$(man1dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.1[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
done; \
- for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 1*) ;; \
- *) ext='1' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
- done
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
uninstall-man1:
@$(NORMAL_UNINSTALL)
- @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.1*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 1*) ;; \
- *) ext='1' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
- done
-install-man3: $(man3_MANS) $(man_MANS)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS) $(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
+install-man3: $(dist_man_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
- @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.3*) list="$$list $$i" ;; \
- esac; \
+ @list1=''; \
+ list2='$(dist_man_MANS) $(man_MANS)'; \
+ test -n "$(man3dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.3[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \
+ fi; \
done; \
- for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 3*) ;; \
- *) ext='3' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
- done
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \
+ done; }
+
uninstall-man3:
@$(NORMAL_UNINSTALL)
- @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.3*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 3*) ;; \
- *) ext='3' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
- done
-install-man4: $(man4_MANS) $(man_MANS)
+ @list=''; test -n "$(man3dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS) $(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.3[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir)
+install-man4: $(dist_man_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man4dir)" || $(MKDIR_P) "$(DESTDIR)$(man4dir)"
- @list='$(man4_MANS) $(dist_man4_MANS) $(nodist_man4_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.4*) list="$$list $$i" ;; \
- esac; \
+ @list1=''; \
+ list2='$(dist_man_MANS) $(man_MANS)'; \
+ test -n "$(man4dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man4dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man4dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.4[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^4][0-9a-z]*$$,4,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man4dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man4dir)/$$inst" || exit $$?; \
+ fi; \
done; \
- for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 4*) ;; \
- *) ext='4' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man4dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man4dir)/$$inst"; \
- done
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man4dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man4dir)" || exit $$?; }; \
+ done; }
+
uninstall-man4:
@$(NORMAL_UNINSTALL)
- @list='$(man4_MANS) $(dist_man4_MANS) $(nodist_man4_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.4*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 4*) ;; \
- *) ext='4' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man4dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man4dir)/$$inst"; \
- done
-install-man5: $(man5_MANS) $(man_MANS)
+ @list=''; test -n "$(man4dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS) $(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.4[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^4][0-9a-z]*$$,4,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man4dir)'; $(am__uninstall_files_from_dir)
+install-man5: $(dist_man_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
- @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.5*) list="$$list $$i" ;; \
- esac; \
+ @list1=''; \
+ list2='$(dist_man_MANS) $(man_MANS)'; \
+ test -n "$(man5dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.5[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+ fi; \
done; \
- for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 5*) ;; \
- *) ext='5' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
- done
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+ done; }
+
uninstall-man5:
@$(NORMAL_UNINSTALL)
- @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.5*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 5*) ;; \
- *) ext='5' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
- done
-install-man7: $(man7_MANS) $(man_MANS)
+ @list=''; test -n "$(man5dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS) $(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.5[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
+install-man7: $(dist_man_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man7dir)" || $(MKDIR_P) "$(DESTDIR)$(man7dir)"
- @list='$(man7_MANS) $(dist_man7_MANS) $(nodist_man7_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.7*) list="$$list $$i" ;; \
- esac; \
+ @list1=''; \
+ list2='$(dist_man_MANS) $(man_MANS)'; \
+ test -n "$(man7dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.7[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \
+ fi; \
done; \
- for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 7*) ;; \
- *) ext='7' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst"; \
- done
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \
+ done; }
+
uninstall-man7:
@$(NORMAL_UNINSTALL)
- @list='$(man7_MANS) $(dist_man7_MANS) $(nodist_man7_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.7*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 7*) ;; \
- *) ext='7' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man7dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man7dir)/$$inst"; \
+ @list=''; test -n "$(man7dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS) $(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.7[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir)
+install-atf_aclocalDATA: $(atf_aclocal_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(atf_aclocal_DATA)'; test -n "$(atf_aclocaldir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(atf_aclocaldir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(atf_aclocaldir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(atf_aclocaldir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(atf_aclocaldir)" || exit $$?; \
done
+
+uninstall-atf_aclocalDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(atf_aclocal_DATA)'; test -n "$(atf_aclocaldir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(atf_aclocaldir)'; $(am__uninstall_files_from_dir)
install-atf_c__dirpkgconfigDATA: $(atf_c__dirpkgconfig_DATA)
@$(NORMAL_INSTALL)
- test -z "$(atf_c__dirpkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(atf_c__dirpkgconfigdir)"
- @list='$(atf_c__dirpkgconfig_DATA)'; for p in $$list; do \
+ @list='$(atf_c__dirpkgconfig_DATA)'; test -n "$(atf_c__dirpkgconfigdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(atf_c__dirpkgconfigdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(atf_c__dirpkgconfigdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(atf_c__dirpkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(atf_c__dirpkgconfigdir)/$$f'"; \
- $(atf_c__dirpkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(atf_c__dirpkgconfigdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(atf_c__dirpkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(atf_c__dirpkgconfigdir)" || exit $$?; \
done
uninstall-atf_c__dirpkgconfigDATA:
@$(NORMAL_UNINSTALL)
- @list='$(atf_c__dirpkgconfig_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(atf_c__dirpkgconfigdir)/$$f'"; \
- rm -f "$(DESTDIR)$(atf_c__dirpkgconfigdir)/$$f"; \
- done
+ @list='$(atf_c__dirpkgconfig_DATA)'; test -n "$(atf_c__dirpkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(atf_c__dirpkgconfigdir)'; $(am__uninstall_files_from_dir)
install-atf_cpkgconfigDATA: $(atf_cpkgconfig_DATA)
@$(NORMAL_INSTALL)
- test -z "$(atf_cpkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(atf_cpkgconfigdir)"
- @list='$(atf_cpkgconfig_DATA)'; for p in $$list; do \
+ @list='$(atf_cpkgconfig_DATA)'; test -n "$(atf_cpkgconfigdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(atf_cpkgconfigdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(atf_cpkgconfigdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(atf_cpkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(atf_cpkgconfigdir)/$$f'"; \
- $(atf_cpkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(atf_cpkgconfigdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(atf_cpkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(atf_cpkgconfigdir)" || exit $$?; \
done
uninstall-atf_cpkgconfigDATA:
@$(NORMAL_UNINSTALL)
- @list='$(atf_cpkgconfig_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(atf_cpkgconfigdir)/$$f'"; \
- rm -f "$(DESTDIR)$(atf_cpkgconfigdir)/$$f"; \
- done
+ @list='$(atf_cpkgconfig_DATA)'; test -n "$(atf_cpkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(atf_cpkgconfigdir)'; $(am__uninstall_files_from_dir)
install-atf_shDATA: $(atf_sh_DATA)
@$(NORMAL_INSTALL)
- test -z "$(atf_shdir)" || $(MKDIR_P) "$(DESTDIR)$(atf_shdir)"
- @list='$(atf_sh_DATA)'; for p in $$list; do \
+ @list='$(atf_sh_DATA)'; test -n "$(atf_shdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(atf_shdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(atf_shdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(atf_shDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(atf_shdir)/$$f'"; \
- $(atf_shDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(atf_shdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(atf_shdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(atf_shdir)" || exit $$?; \
done
uninstall-atf_shDATA:
@$(NORMAL_UNINSTALL)
- @list='$(atf_sh_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(atf_shdir)/$$f'"; \
- rm -f "$(DESTDIR)$(atf_shdir)/$$f"; \
+ @list='$(atf_sh_DATA)'; test -n "$(atf_shdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(atf_shdir)'; $(am__uninstall_files_from_dir)
+install-atf_shpkgconfigDATA: $(atf_shpkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(atf_shpkgconfig_DATA)'; test -n "$(atf_shpkgconfigdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(atf_shpkgconfigdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(atf_shpkgconfigdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(atf_shpkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(atf_shpkgconfigdir)" || exit $$?; \
done
+
+uninstall-atf_shpkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(atf_shpkgconfig_DATA)'; test -n "$(atf_shpkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(atf_shpkgconfigdir)'; $(am__uninstall_files_from_dir)
install-cssDATA: $(css_DATA)
@$(NORMAL_INSTALL)
- test -z "$(cssdir)" || $(MKDIR_P) "$(DESTDIR)$(cssdir)"
- @list='$(css_DATA)'; for p in $$list; do \
+ @list='$(css_DATA)'; test -n "$(cssdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(cssdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(cssdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(cssDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(cssdir)/$$f'"; \
- $(cssDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(cssdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cssdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(cssdir)" || exit $$?; \
done
uninstall-cssDATA:
@$(NORMAL_UNINSTALL)
- @list='$(css_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(cssdir)/$$f'"; \
- rm -f "$(DESTDIR)$(cssdir)/$$f"; \
- done
+ @list='$(css_DATA)'; test -n "$(cssdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(cssdir)'; $(am__uninstall_files_from_dir)
install-docDATA: $(doc_DATA)
@$(NORMAL_INSTALL)
- test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
- @list='$(doc_DATA)'; for p in $$list; do \
+ @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(docDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docdir)/$$f'"; \
- $(docDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
done
uninstall-docDATA:
@$(NORMAL_UNINSTALL)
- @list='$(doc_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(docdir)/$$f'"; \
- rm -f "$(DESTDIR)$(docdir)/$$f"; \
- done
+ @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir)
install-dtdDATA: $(dtd_DATA)
@$(NORMAL_INSTALL)
- test -z "$(dtddir)" || $(MKDIR_P) "$(DESTDIR)$(dtddir)"
- @list='$(dtd_DATA)'; for p in $$list; do \
+ @list='$(dtd_DATA)'; test -n "$(dtddir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(dtddir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(dtddir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(dtdDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(dtddir)/$$f'"; \
- $(dtdDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(dtddir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dtddir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(dtddir)" || exit $$?; \
done
uninstall-dtdDATA:
@$(NORMAL_UNINSTALL)
- @list='$(dtd_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(dtddir)/$$f'"; \
- rm -f "$(DESTDIR)$(dtddir)/$$f"; \
- done
+ @list='$(dtd_DATA)'; test -n "$(dtddir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(dtddir)'; $(am__uninstall_files_from_dir)
install-egDATA: $(eg_DATA)
@$(NORMAL_INSTALL)
- test -z "$(egdir)" || $(MKDIR_P) "$(DESTDIR)$(egdir)"
- @list='$(eg_DATA)'; for p in $$list; do \
+ @list='$(eg_DATA)'; test -n "$(egdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(egdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(egdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(egDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(egdir)/$$f'"; \
- $(egDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(egdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(egdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(egdir)" || exit $$?; \
done
uninstall-egDATA:
@$(NORMAL_UNINSTALL)
- @list='$(eg_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(egdir)/$$f'"; \
- rm -f "$(DESTDIR)$(egdir)/$$f"; \
- done
+ @list='$(eg_DATA)'; test -n "$(egdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(egdir)'; $(am__uninstall_files_from_dir)
install-hooksDATA: $(hooks_DATA)
@$(NORMAL_INSTALL)
- test -z "$(hooksdir)" || $(MKDIR_P) "$(DESTDIR)$(hooksdir)"
- @list='$(hooks_DATA)'; for p in $$list; do \
+ @list='$(hooks_DATA)'; test -n "$(hooksdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(hooksdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(hooksdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(hooksDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(hooksdir)/$$f'"; \
- $(hooksDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(hooksdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(hooksdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(hooksdir)" || exit $$?; \
done
uninstall-hooksDATA:
@$(NORMAL_UNINSTALL)
- @list='$(hooks_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(hooksdir)/$$f'"; \
- rm -f "$(DESTDIR)$(hooksdir)/$$f"; \
- done
+ @list='$(hooks_DATA)'; test -n "$(hooksdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(hooksdir)'; $(am__uninstall_files_from_dir)
install-pkgtestsDATA: $(pkgtests_DATA)
@$(NORMAL_INSTALL)
- test -z "$(pkgtestsdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgtestsdir)"
- @list='$(pkgtests_DATA)'; for p in $$list; do \
+ @list='$(pkgtests_DATA)'; test -n "$(pkgtestsdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkgtestsdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkgtestsdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(pkgtestsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgtestsdir)/$$f'"; \
- $(pkgtestsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgtestsdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgtestsdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgtestsdir)" || exit $$?; \
done
uninstall-pkgtestsDATA:
@$(NORMAL_UNINSTALL)
- @list='$(pkgtests_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(pkgtestsdir)/$$f'"; \
- rm -f "$(DESTDIR)$(pkgtestsdir)/$$f"; \
- done
+ @list='$(pkgtests_DATA)'; test -n "$(pkgtestsdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pkgtestsdir)'; $(am__uninstall_files_from_dir)
install-tests_atf_cDATA: $(tests_atf_c_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_cdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_cdir)"
- @list='$(tests_atf_c_DATA)'; for p in $$list; do \
+ @list='$(tests_atf_c_DATA)'; test -n "$(tests_atf_cdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_cdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_cdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_cDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_cdir)/$$f'"; \
- $(tests_atf_cDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_cdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_cdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_cdir)" || exit $$?; \
done
uninstall-tests_atf_cDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_cdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_cdir)/$$f"; \
- done
+ @list='$(tests_atf_c_DATA)'; test -n "$(tests_atf_cdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_cdir)'; $(am__uninstall_files_from_dir)
install-tests_atf_c__DATA: $(tests_atf_c___DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_c__dir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_c__dir)"
- @list='$(tests_atf_c___DATA)'; for p in $$list; do \
+ @list='$(tests_atf_c___DATA)'; test -n "$(tests_atf_c__dir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_c__dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_c__dir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_c__DATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_c__dir)/$$f'"; \
- $(tests_atf_c__DATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_c__dir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_c__dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_c__dir)" || exit $$?; \
done
uninstall-tests_atf_c__DATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c___DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_c__dir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_c__dir)/$$f"; \
- done
+ @list='$(tests_atf_c___DATA)'; test -n "$(tests_atf_c__dir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_c__dir)'; $(am__uninstall_files_from_dir)
install-tests_atf_c___detailDATA: $(tests_atf_c___detail_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_c___detaildir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_c___detaildir)"
- @list='$(tests_atf_c___detail_DATA)'; for p in $$list; do \
+ @list='$(tests_atf_c___detail_DATA)'; test -n "$(tests_atf_c___detaildir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_c___detaildir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_c___detaildir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_c___detailDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_c___detaildir)/$$f'"; \
- $(tests_atf_c___detailDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_c___detaildir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_c___detaildir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_c___detaildir)" || exit $$?; \
done
uninstall-tests_atf_c___detailDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c___detail_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_c___detaildir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_c___detaildir)/$$f"; \
- done
+ @list='$(tests_atf_c___detail_DATA)'; test -n "$(tests_atf_c___detaildir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_c___detaildir)'; $(am__uninstall_files_from_dir)
install-tests_atf_c_detailDATA: $(tests_atf_c_detail_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_c_detaildir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_c_detaildir)"
- @list='$(tests_atf_c_detail_DATA)'; for p in $$list; do \
+ @list='$(tests_atf_c_detail_DATA)'; test -n "$(tests_atf_c_detaildir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_c_detaildir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_c_detaildir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_c_detailDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_c_detaildir)/$$f'"; \
- $(tests_atf_c_detailDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_c_detaildir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_c_detaildir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_c_detaildir)" || exit $$?; \
done
uninstall-tests_atf_c_detailDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_c_detail_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_c_detaildir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_c_detaildir)/$$f"; \
- done
+ @list='$(tests_atf_c_detail_DATA)'; test -n "$(tests_atf_c_detaildir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_c_detaildir)'; $(am__uninstall_files_from_dir)
install-tests_atf_configDATA: $(tests_atf_config_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_configdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_configdir)"
- @list='$(tests_atf_config_DATA)'; for p in $$list; do \
+ @list='$(tests_atf_config_DATA)'; test -n "$(tests_atf_configdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_configdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_configdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_configDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_configdir)/$$f'"; \
- $(tests_atf_configDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_configdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_configdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_configdir)" || exit $$?; \
done
uninstall-tests_atf_configDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_config_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_configdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_configdir)/$$f"; \
- done
+ @list='$(tests_atf_config_DATA)'; test -n "$(tests_atf_configdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_configdir)'; $(am__uninstall_files_from_dir)
install-tests_atf_reportDATA: $(tests_atf_report_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_reportdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_reportdir)"
- @list='$(tests_atf_report_DATA)'; for p in $$list; do \
+ @list='$(tests_atf_report_DATA)'; test -n "$(tests_atf_reportdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_reportdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_reportdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_reportDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_reportdir)/$$f'"; \
- $(tests_atf_reportDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_reportdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_reportdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_reportdir)" || exit $$?; \
done
uninstall-tests_atf_reportDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_report_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_reportdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_reportdir)/$$f"; \
- done
+ @list='$(tests_atf_report_DATA)'; test -n "$(tests_atf_reportdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_reportdir)'; $(am__uninstall_files_from_dir)
install-tests_atf_runDATA: $(tests_atf_run_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_rundir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_rundir)"
- @list='$(tests_atf_run_DATA)'; for p in $$list; do \
+ @list='$(tests_atf_run_DATA)'; test -n "$(tests_atf_rundir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_rundir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_rundir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_runDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_rundir)/$$f'"; \
- $(tests_atf_runDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_rundir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_rundir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_rundir)" || exit $$?; \
done
uninstall-tests_atf_runDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_run_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_rundir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_rundir)/$$f"; \
- done
+ @list='$(tests_atf_run_DATA)'; test -n "$(tests_atf_rundir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_rundir)'; $(am__uninstall_files_from_dir)
install-tests_atf_shDATA: $(tests_atf_sh_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_atf_shdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_atf_shdir)"
- @list='$(tests_atf_sh_DATA)'; for p in $$list; do \
+ @list='$(tests_atf_sh_DATA)'; test -n "$(tests_atf_shdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_atf_shdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_atf_shdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_atf_shDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_atf_shdir)/$$f'"; \
- $(tests_atf_shDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_atf_shdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_atf_shdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_atf_shdir)" || exit $$?; \
done
uninstall-tests_atf_shDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_atf_sh_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_atf_shdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_atf_shdir)/$$f"; \
- done
+ @list='$(tests_atf_sh_DATA)'; test -n "$(tests_atf_shdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_atf_shdir)'; $(am__uninstall_files_from_dir)
install-tests_test_programsDATA: $(tests_test_programs_DATA)
@$(NORMAL_INSTALL)
- test -z "$(tests_test_programsdir)" || $(MKDIR_P) "$(DESTDIR)$(tests_test_programsdir)"
- @list='$(tests_test_programs_DATA)'; for p in $$list; do \
+ @list='$(tests_test_programs_DATA)'; test -n "$(tests_test_programsdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(tests_test_programsdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(tests_test_programsdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(tests_test_programsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(tests_test_programsdir)/$$f'"; \
- $(tests_test_programsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(tests_test_programsdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tests_test_programsdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(tests_test_programsdir)" || exit $$?; \
done
uninstall-tests_test_programsDATA:
@$(NORMAL_UNINSTALL)
- @list='$(tests_test_programs_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(tests_test_programsdir)/$$f'"; \
- rm -f "$(DESTDIR)$(tests_test_programsdir)/$$f"; \
- done
+ @list='$(tests_test_programs_DATA)'; test -n "$(tests_test_programsdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(tests_test_programsdir)'; $(am__uninstall_files_from_dir)
install-xslDATA: $(xsl_DATA)
@$(NORMAL_INSTALL)
- test -z "$(xsldir)" || $(MKDIR_P) "$(DESTDIR)$(xsldir)"
- @list='$(xsl_DATA)'; for p in $$list; do \
+ @list='$(xsl_DATA)'; test -n "$(xsldir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(xsldir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(xsldir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(xslDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(xsldir)/$$f'"; \
- $(xslDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(xsldir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(xsldir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(xsldir)" || exit $$?; \
done
uninstall-xslDATA:
@$(NORMAL_UNINSTALL)
- @list='$(xsl_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(xsldir)/$$f'"; \
- rm -f "$(DESTDIR)$(xsldir)/$$f"; \
- done
+ @list='$(xsl_DATA)'; test -n "$(xsldir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(xsldir)'; $(am__uninstall_files_from_dir)
install-atf_cHEADERS: $(atf_c_HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(atf_cdir)" || $(MKDIR_P) "$(DESTDIR)$(atf_cdir)"
- @list='$(atf_c_HEADERS)'; for p in $$list; do \
+ @list='$(atf_c_HEADERS)'; test -n "$(atf_cdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(atf_cdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(atf_cdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(atf_cHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(atf_cdir)/$$f'"; \
- $(atf_cHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(atf_cdir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(atf_cdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(atf_cdir)" || exit $$?; \
done
uninstall-atf_cHEADERS:
@$(NORMAL_UNINSTALL)
- @list='$(atf_c_HEADERS)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(atf_cdir)/$$f'"; \
- rm -f "$(DESTDIR)$(atf_cdir)/$$f"; \
- done
+ @list='$(atf_c_HEADERS)'; test -n "$(atf_cdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(atf_cdir)'; $(am__uninstall_files_from_dir)
install-atf_c__HEADERS: $(atf_c___HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(atf_c__dir)" || $(MKDIR_P) "$(DESTDIR)$(atf_c__dir)"
- @list='$(atf_c___HEADERS)'; for p in $$list; do \
+ @list='$(atf_c___HEADERS)'; test -n "$(atf_c__dir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(atf_c__dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(atf_c__dir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(atf_c__HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(atf_c__dir)/$$f'"; \
- $(atf_c__HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(atf_c__dir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(atf_c__dir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(atf_c__dir)" || exit $$?; \
done
uninstall-atf_c__HEADERS:
@$(NORMAL_UNINSTALL)
- @list='$(atf_c___HEADERS)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(atf_c__dir)/$$f'"; \
- rm -f "$(DESTDIR)$(atf_c__dir)/$$f"; \
- done
+ @list='$(atf_c___HEADERS)'; test -n "$(atf_c__dir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(atf_c__dir)'; $(am__uninstall_files_from_dir)
install-includeHEADERS: $(include_HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
- @list='$(include_HEADERS)'; for p in $$list; do \
+ @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
- $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \
done
uninstall-includeHEADERS:
@$(NORMAL_UNINSTALL)
- @list='$(include_HEADERS)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
- rm -f "$(DESTDIR)$(includedir)/$$f"; \
- done
+ @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -3969,7 +4568,7 @@
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
@@ -3976,7 +4575,7 @@
TAGS: $(HEADERS) $(SOURCES) bconfig.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
+ set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) bconfig.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -3984,15 +4583,20 @@
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$tags $$unique; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) bconfig.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
list='$(SOURCES) $(HEADERS) bconfig.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
@@ -3999,17 +4603,41 @@
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$tags $$unique
+ $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
- && cd $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) $$here
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscope: cscope.files
+ test ! -s cscope.files \
+ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
+
+clean-cscope:
+ -rm -f cscope.files
+
+cscope.files: clean-cscope cscopelist
+
+cscopelist: $(HEADERS) $(SOURCES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+ -rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(DISTFILES)
@case `sed 15q $(srcdir)/NEWS` in \
@@ -4018,8 +4646,21 @@
echo "NEWS not updated; not releasing" 1>&2; \
exit 1;; \
esac
+ @list='$(MANS)'; if test -n "$$list"; then \
+ list=`for p in $$list; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+ if test -n "$$list" && \
+ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+ echo "error: found man pages containing the 'missing help2man' replacement text:" >&2; \
+ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
+ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+ echo " typically 'make maintainer-clean' will remove them" >&2; \
+ exit 1; \
+ else :; fi; \
+ else :; fi
$(am__remove_distdir)
- test -d $(distdir) || mkdir $(distdir)
+ test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -4035,13 +4676,17 @@
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
- cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
- test -f $(distdir)/$$file \
- || cp -p $$d/$$file $(distdir)/$$file \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@@ -4048,39 +4693,45 @@
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-hook
- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ -test -n "$(am__skip_mode_fix)" \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
- || chmod -R a+r $(distdir)
+ || chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
- $(am__remove_distdir)
+ $(am__post_remove_distdir)
dist-bzip2: distdir
- tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
- $(am__remove_distdir)
+ tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
+ $(am__post_remove_distdir)
-dist-lzma: distdir
- tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
- $(am__remove_distdir)
+dist-lzip: distdir
+ tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
+ $(am__post_remove_distdir)
+dist-xz: distdir
+ tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
+ $(am__post_remove_distdir)
+
dist-tarZ: distdir
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
- $(am__remove_distdir)
+ $(am__post_remove_distdir)
dist-shar: distdir
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
- $(am__remove_distdir)
+ $(am__post_remove_distdir)
dist-zip: distdir
-rm -f $(distdir).zip
zip -rq $(distdir).zip $(distdir)
- $(am__remove_distdir)
+ $(am__post_remove_distdir)
-dist dist-all: distdir
- tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
- $(am__remove_distdir)
+dist dist-all:
+ $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
+ $(am__post_remove_distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
@@ -4088,26 +4739,31 @@
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
- GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
- bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
- *.tar.lzma*) \
- unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.lz*) \
+ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
+ *.tar.xz*) \
+ xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
- GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
- chmod -R a-w $(distdir); chmod a+w $(distdir)
+ chmod -R a-w $(distdir); chmod u+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
chmod a-w $(distdir)
+ test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
- && cd $(distdir)/_build \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
@@ -4128,14 +4784,24 @@
&& rm -rf "$$dc_destdir" \
&& $(MAKE) $(AM_MAKEFLAGS) dist \
&& rm -rf $(DIST_ARCHIVES) \
- && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
- $(am__remove_distdir)
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+ && cd "$$am__cwd" \
+ || exit 1
+ $(am__post_remove_distdir)
@(echo "$(distdir) archives ready for distribution: "; \
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
distuninstallcheck:
- @cd $(distuninstallcheck_dir) \
- && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ @test -n '$(distuninstallcheck_dir)' || { \
+ echo 'ERROR: trying to run $@ with an empty' \
+ '$$(distuninstallcheck_dir)' >&2; \
+ exit 1; \
+ }; \
+ $(am__cd) '$(distuninstallcheck_dir)' || { \
+ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
+ exit 1; \
+ }; \
+ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
|| { echo "ERROR: files left after uninstall:" ; \
if test -n "$(DESTDIR)"; then \
echo " (check DESTDIR support)"; \
@@ -4160,7 +4826,7 @@
install-binPROGRAMS: install-libLTLIBRARIES
installdirs:
- for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(tests_atf_cdir)" "$(DESTDIR)$(tests_atf_c__dir)" "$(DESTDIR)$(tests_atf_c___detaildir)" "$(DESTDIR)$(tests_atf_c_detaildir)" "$(DESTDIR)$(tests_atf_reportdir)" "$(DESTDIR)$(tests_atf_rundir)" "$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(tests_atf_cdir)" "$(DESTDIR)$(tests_atf_c__dir)" "$(DESTDIR)$(tests_atf_configdir)" "$(DESTDIR)$(tests_atf_reportdir)" "$(DESTDIR)$(tests_atf_rundir)" "$(DESTDIR)$(tests_atf_shdir)" "$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man4dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(atf_c__dirpkgconfigdir)" "$(DESTDIR)$(atf_cpkgconfigdir)" "$(DESTDIR)$(atf_shdir)" "$(DESTDIR)$(cssdir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(dtddir)" "$(DESTDIR)$(egdir)" "$(DESTDIR)$(hooksdir)" "$(DESTDIR)$(pkgtestsdir)" "$(DESTDIR)$(tests_atf_cdir)" "$(DESTDIR)$(tests_atf_c__dir)" "$(DESTDIR)$(tests_atf_c___detaildir)" "$(DESTDIR)$(tests_atf_c_detaildir)" "$(DESTDIR)$(tests_atf_configdir)" "$(DESTDIR)$(tests_atf_reportdir)" "$(DESTDIR)$(tests_atf_rundir)" "$(DESTDIR)$(tests_atf_shdir)" "$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(xsldir)" "$(DESTDIR)$(atf_cdir)" "$(DESTDIR)$(atf_c__dir)" "$(DESTDIR)$(includedir)"; do \
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(tests_atf_cdir)" "$(DESTDIR)$(tests_atf_c__dir)" "$(DESTDIR)$(tests_atf_c___detaildir)" "$(DESTDIR)$(tests_atf_c_detaildir)" "$(DESTDIR)$(tests_atf_reportdir)" "$(DESTDIR)$(tests_atf_rundir)" "$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(tests_atf_cdir)" "$(DESTDIR)$(tests_atf_c__dir)" "$(DESTDIR)$(tests_atf_configdir)" "$(DESTDIR)$(tests_atf_reportdir)" "$(DESTDIR)$(tests_atf_rundir)" "$(DESTDIR)$(tests_atf_shdir)" "$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man4dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(atf_aclocaldir)" "$(DESTDIR)$(atf_c__dirpkgconfigdir)" "$(DESTDIR)$(atf_cpkgconfigdir)" "$(DESTDIR)$(atf_shdir)" "$(DESTDIR)$(atf_shpkgconfigdir)" "$(DESTDIR)$(cssdir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(dtddir)" "$(DESTDIR)$(egdir)" "$(DESTDIR)$(hooksdir)" "$(DESTDIR)$(pkgtestsdir)" "$(DESTDIR)$(tests_atf_cdir)" "$(DESTDIR)$(tests_atf_c__dir)" "$(DESTDIR)$(tests_atf_c___detaildir)" "$(DESTDIR)$(tests_atf_c_detaildir)" "$(DESTDIR)$(tests_atf_configdir)" "$(DESTDIR)$(tests_atf_reportdir)" "$(DESTDIR)$(tests_atf_rundir)" "$(DESTDIR)$(tests_atf_shdir)" "$(DESTDIR)$(tests_test_programsdir)" "$(DESTDIR)$(xsldir)" "$(DESTDIR)$(atf_cdir)" "$(DESTDIR)$(atf_c__dir)" "$(DESTDIR)$(includedir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: $(BUILT_SOURCES)
@@ -4174,10 +4840,15 @@
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
@@ -4185,6 +4856,7 @@
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-rm -f atf-c++/$(DEPDIR)/$(am__dirstamp)
-rm -f atf-c++/$(am__dirstamp)
-rm -f atf-c++/detail/$(DEPDIR)/$(am__dirstamp)
@@ -4236,13 +4908,16 @@
html: html-am
+html-am:
+
info: info-am
info-am:
-install-data-am: install-atf_cHEADERS install-atf_c__HEADERS \
- install-atf_c__dirpkgconfigDATA install-atf_cpkgconfigDATA \
- install-atf_shDATA install-cssDATA install-docDATA \
+install-data-am: install-atf_aclocalDATA install-atf_cHEADERS \
+ install-atf_c__HEADERS install-atf_c__dirpkgconfigDATA \
+ install-atf_cpkgconfigDATA install-atf_shDATA \
+ install-atf_shpkgconfigDATA install-cssDATA install-docDATA \
install-dtdDATA install-egDATA install-hooksDATA \
install-includeHEADERS install-man install-pkgtestsDATA \
install-tests_atf_cDATA install-tests_atf_cPROGRAMS \
@@ -4263,20 +4938,30 @@
install-dvi: install-dvi-am
+install-dvi-am:
+
install-exec-am: install-binPROGRAMS install-libLTLIBRARIES \
install-libexecPROGRAMS
install-html: install-html-am
+install-html-am:
+
install-info: install-info-am
+install-info-am:
+
install-man: install-man1 install-man3 install-man4 install-man5 \
install-man7
install-pdf: install-pdf-am
+install-pdf-am:
+
install-ps: install-ps-am
+install-ps-am:
+
installcheck-am: installcheck-local
maintainer-clean: maintainer-clean-am
@@ -4299,11 +4984,12 @@
ps-am:
-uninstall-am: uninstall-atf_cHEADERS uninstall-atf_c__HEADERS \
- uninstall-atf_c__dirpkgconfigDATA uninstall-atf_cpkgconfigDATA \
- uninstall-atf_shDATA uninstall-binPROGRAMS uninstall-cssDATA \
- uninstall-docDATA uninstall-dtdDATA uninstall-egDATA \
- uninstall-hooksDATA uninstall-includeHEADERS \
+uninstall-am: uninstall-atf_aclocalDATA uninstall-atf_cHEADERS \
+ uninstall-atf_c__HEADERS uninstall-atf_c__dirpkgconfigDATA \
+ uninstall-atf_cpkgconfigDATA uninstall-atf_shDATA \
+ uninstall-atf_shpkgconfigDATA uninstall-binPROGRAMS \
+ uninstall-cssDATA uninstall-docDATA uninstall-dtdDATA \
+ uninstall-egDATA uninstall-hooksDATA uninstall-includeHEADERS \
uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
uninstall-man uninstall-pkgtestsDATA uninstall-tests_atf_cDATA \
uninstall-tests_atf_cPROGRAMS uninstall-tests_atf_cSCRIPTS \
@@ -4327,35 +5013,39 @@
uninstall-man: uninstall-man1 uninstall-man3 uninstall-man4 \
uninstall-man5 uninstall-man7
-.MAKE: install-am install-strip
+.MAKE: all check check-am install install-am install-strip
.PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \
- clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
- clean-libLTLIBRARIES clean-libexecPROGRAMS clean-libtool \
- clean-noinstLTLIBRARIES clean-tests_atf_cPROGRAMS \
- clean-tests_atf_c__PROGRAMS clean-tests_atf_c___detailPROGRAMS \
+ clean-binPROGRAMS clean-checkPROGRAMS clean-cscope \
+ clean-generic clean-libLTLIBRARIES clean-libexecPROGRAMS \
+ clean-libtool clean-noinstLTLIBRARIES \
+ clean-tests_atf_cPROGRAMS clean-tests_atf_c__PROGRAMS \
+ clean-tests_atf_c___detailPROGRAMS \
clean-tests_atf_c_detailPROGRAMS \
clean-tests_atf_reportPROGRAMS clean-tests_atf_runPROGRAMS \
- clean-tests_test_programsPROGRAMS ctags dist dist-all \
- dist-bzip2 dist-gzip dist-hook dist-lzma dist-shar dist-tarZ \
- dist-zip distcheck distclean distclean-compile \
- distclean-generic distclean-hdr distclean-libtool \
- distclean-local distclean-tags distcleancheck distdir \
- distuninstallcheck dvi dvi-am html html-am info info-am \
- install install-am install-atf_cHEADERS install-atf_c__HEADERS \
- install-atf_c__dirpkgconfigDATA install-atf_cpkgconfigDATA \
- install-atf_shDATA install-binPROGRAMS install-cssDATA \
- install-data install-data-am install-docDATA install-dtdDATA \
- install-dvi install-dvi-am install-egDATA install-exec \
- install-exec-am install-hooksDATA install-html install-html-am \
- install-includeHEADERS install-info install-info-am \
- install-libLTLIBRARIES install-libexecPROGRAMS install-man \
- install-man1 install-man3 install-man4 install-man5 \
- install-man7 install-pdf install-pdf-am install-pkgtestsDATA \
- install-ps install-ps-am install-strip install-tests_atf_cDATA \
- install-tests_atf_cPROGRAMS install-tests_atf_cSCRIPTS \
- install-tests_atf_c__DATA install-tests_atf_c__PROGRAMS \
- install-tests_atf_c__SCRIPTS install-tests_atf_c___detailDATA \
+ clean-tests_test_programsPROGRAMS cscope cscopelist ctags dist \
+ dist-all dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar \
+ dist-tarZ dist-xz dist-zip distcheck distclean \
+ distclean-compile distclean-generic distclean-hdr \
+ distclean-libtool distclean-local distclean-tags \
+ distcleancheck distdir distuninstallcheck dvi dvi-am html \
+ html-am info info-am install install-am \
+ install-atf_aclocalDATA install-atf_cHEADERS \
+ install-atf_c__HEADERS install-atf_c__dirpkgconfigDATA \
+ install-atf_cpkgconfigDATA install-atf_shDATA \
+ install-atf_shpkgconfigDATA install-binPROGRAMS \
+ install-cssDATA install-data install-data-am install-docDATA \
+ install-dtdDATA install-dvi install-dvi-am install-egDATA \
+ install-exec install-exec-am install-hooksDATA install-html \
+ install-html-am install-includeHEADERS install-info \
+ install-info-am install-libLTLIBRARIES install-libexecPROGRAMS \
+ install-man install-man1 install-man3 install-man4 \
+ install-man5 install-man7 install-pdf install-pdf-am \
+ install-pkgtestsDATA install-ps install-ps-am install-strip \
+ install-tests_atf_cDATA install-tests_atf_cPROGRAMS \
+ install-tests_atf_cSCRIPTS install-tests_atf_c__DATA \
+ install-tests_atf_c__PROGRAMS install-tests_atf_c__SCRIPTS \
+ install-tests_atf_c___detailDATA \
install-tests_atf_c___detailPROGRAMS \
install-tests_atf_c_detailDATA \
install-tests_atf_c_detailPROGRAMS \
@@ -4371,11 +5061,12 @@
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
pdf pdf-am ps ps-am tags uninstall uninstall-am \
- uninstall-atf_cHEADERS uninstall-atf_c__HEADERS \
- uninstall-atf_c__dirpkgconfigDATA uninstall-atf_cpkgconfigDATA \
- uninstall-atf_shDATA uninstall-binPROGRAMS uninstall-cssDATA \
- uninstall-docDATA uninstall-dtdDATA uninstall-egDATA \
- uninstall-hooksDATA uninstall-includeHEADERS \
+ uninstall-atf_aclocalDATA uninstall-atf_cHEADERS \
+ uninstall-atf_c__HEADERS uninstall-atf_c__dirpkgconfigDATA \
+ uninstall-atf_cpkgconfigDATA uninstall-atf_shDATA \
+ uninstall-atf_shpkgconfigDATA uninstall-binPROGRAMS \
+ uninstall-cssDATA uninstall-docDATA uninstall-dtdDATA \
+ uninstall-egDATA uninstall-hooksDATA uninstall-includeHEADERS \
uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
uninstall-man uninstall-man1 uninstall-man3 uninstall-man4 \
uninstall-man5 uninstall-man7 uninstall-pkgtestsDATA \
@@ -4398,13 +5089,7 @@
uninstall-tests_test_programsSCRIPTS uninstall-xslDATA
-dist-hook: check-install
-.PHONY: check-install
-check-install: $(srcdir)/INSTALL
- $(srcdir)/admin/check-install.sh $(srcdir)/INSTALL
-
dist-hook: check-style
-.PHONY: check-style
check-style:
$(srcdir)/admin/check-style.sh
@@ -4415,12 +5100,12 @@
dist-hook: kill-defs-h
kill-defs-h:
rm -f $(distdir)/atf-c/defs.h
-atf-c/atf-c.pc: $(srcdir)/atf-c/atf-c.pc.in
+atf-c/atf-c.pc: $(srcdir)/atf-c/atf-c.pc.in Makefile
test -d atf-c || mkdir -p atf-c
- sed -e 's,__ATF_VERSION__, at PACKAGE_VERSION@,g' \
- -e 's,__CC__,$(CC),g' \
- -e 's,__INCLUDEDIR__,$(includedir),g' \
- -e 's,__LIBDIR__,$(libdir),g' \
+ sed -e 's#__ATF_VERSION__#$(PACKAGE_VERSION)#g' \
+ -e 's#__CC__#$(CC)#g' \
+ -e 's#__INCLUDEDIR__#$(includedir)#g' \
+ -e 's#__LIBDIR__#$(libdir)#g' \
<$(srcdir)/atf-c/atf-c.pc.in >atf-c/atf-c.pc.tmp
mv atf-c/atf-c.pc.tmp atf-c/atf-c.pc
atf-c/pkg_config_test: $(srcdir)/atf-c/pkg_config_test.sh
@@ -4431,12 +5116,12 @@
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
-atf-c++/atf-c++.pc: $(srcdir)/atf-c++/atf-c++.pc.in
+atf-c++/atf-c++.pc: $(srcdir)/atf-c++/atf-c++.pc.in Makefile
test -d atf-c++ || mkdir -p atf-c++
- sed -e 's,__ATF_VERSION__, at PACKAGE_VERSION@,g' \
- -e 's,__CXX__,$(CXX),g' \
- -e 's,__INCLUDEDIR__,$(includedir),g' \
- -e 's,__LIBDIR__,$(libdir),g' \
+ sed -e 's#__ATF_VERSION__#$(PACKAGE_VERSION)#g' \
+ -e 's#__CXX__#$(CXX)#g' \
+ -e 's#__INCLUDEDIR__#$(includedir)#g' \
+ -e 's#__LIBDIR__#$(libdir)#g' \
<$(srcdir)/atf-c++/atf-c++.pc.in >atf-c++/atf-c++.pc.tmp
mv atf-c++/atf-c++.pc.tmp atf-c++/atf-c++.pc
atf-c++/pkg_config_test: $(srcdir)/atf-c++/pkg_config_test.sh
@@ -4447,24 +5132,12 @@
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
-atf-config/integration_test: $(srcdir)/atf-config/integration_test.sh
- test -d atf-config || mkdir -p atf-config
- @src="$(srcdir)/atf-config/integration_test.sh"; \
- dst="atf-config/integration_test"; $(BUILD_SH_TP)
-
-# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
-atf-report/integration_test: $(srcdir)/atf-report/integration_test.sh
- test -d atf-report || mkdir -p atf-report
- @src="$(srcdir)/atf-report/integration_test.sh"; \
- dst="atf-report/integration_test"; $(BUILD_SH_TP)
-
-# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
-atf-run/integration_test: $(srcdir)/atf-run/integration_test.sh
- test -d atf-run || mkdir -p atf-run
- @src="$(srcdir)/atf-run/integration_test.sh"; \
- dst="atf-run/integration_test"; $(BUILD_SH_TP)
-
-# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
+atf-sh/atf-sh.pc: $(srcdir)/atf-sh/atf-sh.pc.in Makefile
+ test -d atf-sh || mkdir -p atf-sh
+ sed -e 's#__ATF_VERSION__#$(PACKAGE_VERSION)#g' \
+ -e 's#__EXEC_PREFIX__#$(exec_prefix)#g' \
+ <$(srcdir)/atf-sh/atf-sh.pc.in >atf-sh/atf-sh.pc.tmp
+ mv atf-sh/atf-sh.pc.tmp atf-sh/atf-sh.pc
atf-sh/misc_helpers: $(srcdir)/atf-sh/misc_helpers.sh
test -d atf-sh || mkdir -p atf-sh
@src="$(srcdir)/atf-sh/misc_helpers.sh"; \
@@ -4499,18 +5172,6 @@
dst="atf-sh/tp_test"; $(BUILD_SH_TP)
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
-atf-version/revision.h: atf-version/revision.h.stamp
- @test -d atf-version || mkdir -p atf-version
- @cmp -s atf-version/revision.h atf-version/revision.h.stamp || \
- cp -p atf-version/revision.h.stamp atf-version/revision.h
-.PHONY: atf-version/revision.h.stamp
-atf-version/revision.h.stamp:
- @test -d atf-version || mkdir -p atf-version
- @$(top_srcdir)/atf-version/generate-revision.sh \
- -m "$(MTN)" -r $(top_srcdir) -o atf-version/revision.h.stamp \
- -v $(PACKAGE_VERSION)
-
-# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
bootstrap/h_tp_basic_sh: $(srcdir)/bootstrap/h_tp_basic_sh.sh
test -d bootstrap || mkdir -p bootstrap
@src=$(srcdir)/bootstrap/h_tp_basic_sh.sh; dst=$@; $(BUILD_SH_TP)
@@ -4536,6 +5197,7 @@
echo 'm4_define(AT_PACKAGE_VERSION, @PACKAGE_VERSION@)'; \
echo 'm4_define(AT_PACKAGE_STRING, @PACKAGE_STRING@)'; \
echo 'm4_define(AT_PACKAGE_BUGREPORT, @PACKAGE_BUGREPORT@)'; \
+ echo 'm4_define(ENABLE_TOOLS, @ENABLE_TOOLS@)'; \
} >$(srcdir)/bootstrap/package.m4
@target_srcdir at bootstrap/testsuite: $(srcdir)/bootstrap/testsuite.at \
@@ -4545,20 +5207,17 @@
-I $(srcdir)/bootstrap \
$(srcdir)/bootstrap/testsuite.at -o $@.tmp
mv $@.tmp $@
-
-installcheck-local: installcheck-bootstrap
-.PHONY: installcheck-bootstrap
installcheck-bootstrap: @target_srcdir at bootstrap/testsuite check
$(TESTS_ENVIRONMENT) $(srcdir)/bootstrap/testsuite
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
-doc/atf.7: $(srcdir)/doc/atf.7.in
- test -d doc || mkdir -p doc
- sed -e 's,__DOCDIR__,$(docdir),g' \
- -e 's,__TESTSDIR__,$(testsdir),g' \
- <$(srcdir)/doc/atf.7.in >doc/atf.7.tmp
- mv doc/atf.7.tmp doc/atf.7
+ at ENABLE_TOOLS_TRUE@doc/atf.7: $(srcdir)/doc/atf.7.in
+ at ENABLE_TOOLS_TRUE@ test -d doc || mkdir -p doc
+ at ENABLE_TOOLS_TRUE@ sed -e 's#__DOCDIR__#$(docdir)#g' \
+ at ENABLE_TOOLS_TRUE@ -e 's#__TESTSDIR__#$(testsdir)#g' \
+ at ENABLE_TOOLS_TRUE@ <$(srcdir)/doc/atf.7.in >doc/atf.7.tmp
+ at ENABLE_TOOLS_TRUE@ mv doc/atf.7.tmp doc/atf.7
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
test-programs/sh_helpers: $(srcdir)/test-programs/sh_helpers.sh
@@ -4573,10 +5232,6 @@
test -d test-programs || mkdir -p test-programs
@src="$(srcdir)/test-programs/expect_test.sh $(common_sh)"; \
dst="test-programs/expect_test"; $(BUILD_SH_TP)
-test-programs/fork_test: $(srcdir)/test-programs/fork_test.sh
- test -d test-programs || mkdir -p test-programs
- @src="$(srcdir)/test-programs/fork_test.sh $(common_sh)"; \
- dst="test-programs/fork_test"; $(BUILD_SH_TP)
test-programs/meta_data_test: $(srcdir)/test-programs/meta_data_test.sh
test -d test-programs || mkdir -p test-programs
@src="$(srcdir)/test-programs/meta_data_test.sh $(common_sh)"; \
@@ -4591,45 +5246,77 @@
dst="test-programs/srcdir_test"; $(BUILD_SH_TP)
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
+ at ENABLE_TOOLS_TRUE@atf-report/integration_test: $(srcdir)/atf-report/integration_test.sh
+ at ENABLE_TOOLS_TRUE@ test -d atf-report || mkdir -p atf-report
+ at ENABLE_TOOLS_TRUE@ @src="$(srcdir)/atf-report/integration_test.sh"; \
+ at ENABLE_TOOLS_TRUE@ dst="atf-report/integration_test"; $(BUILD_SH_TP)
-installcheck-local: installcheck-atf
-.PHONY: installcheck-atf
-installcheck-atf:
- logfile=$$(pwd)/installcheck.log; \
- fifofile=$$(pwd)/installcheck.fifo; \
- cd $(pkgtestsdir); \
- rm -f $${fifofile}; \
- mkfifo $${fifofile}; \
- cat $${fifofile} | tee $${logfile} | $(TESTS_ENVIRONMENT) atf-report & \
- $(TESTS_ENVIRONMENT) atf-run >>$${fifofile}; \
- res=$${?}; \
- wait; \
- rm $${fifofile}; \
- echo; \
- echo "The verbatim output of atf-run has been saved to" \
- "installcheck.log; exit was $${res}"; \
- test $${res} -eq 0
+# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
+ at ENABLE_TOOLS_TRUE@atf-config/integration_test: $(srcdir)/atf-config/integration_test.sh
+ at ENABLE_TOOLS_TRUE@ test -d atf-config || mkdir -p atf-config
+ at ENABLE_TOOLS_TRUE@ @src="$(srcdir)/atf-config/integration_test.sh"; \
+ at ENABLE_TOOLS_TRUE@ dst="atf-config/integration_test"; $(BUILD_SH_TP)
+# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
+ at ENABLE_TOOLS_TRUE@atf-run/integration_test: $(srcdir)/atf-run/integration_test.sh
+ at ENABLE_TOOLS_TRUE@ test -d atf-run || mkdir -p atf-run
+ at ENABLE_TOOLS_TRUE@ @src="$(srcdir)/atf-run/integration_test.sh"; \
+ at ENABLE_TOOLS_TRUE@ dst="atf-run/integration_test"; $(BUILD_SH_TP)
+
+# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
+ at ENABLE_TOOLS_TRUE@atf-version/revision.h: atf-version/revision.h.stamp
+ at ENABLE_TOOLS_TRUE@ @test -d atf-version || mkdir -p atf-version
+ at ENABLE_TOOLS_TRUE@ @cmp -s atf-version/revision.h atf-version/revision.h.stamp || \
+ at ENABLE_TOOLS_TRUE@ cp -p atf-version/revision.h.stamp atf-version/revision.h
+ at ENABLE_TOOLS_TRUE@atf-version/revision.h.stamp:
+ at ENABLE_TOOLS_TRUE@ @test -d atf-version || mkdir -p atf-version
+ at ENABLE_TOOLS_TRUE@ @$(top_srcdir)/atf-version/generate-revision.sh \
+ at ENABLE_TOOLS_TRUE@ -g "$(GIT)" -r $(top_srcdir) -o atf-version/revision.h.stamp \
+ at ENABLE_TOOLS_TRUE@ -v $(PACKAGE_VERSION)
+
+# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
+ at ENABLE_TOOLS_TRUE@installcheck-atf:
+ at ENABLE_TOOLS_TRUE@ logfile=$$(pwd)/installcheck.log; \
+ at ENABLE_TOOLS_TRUE@ fifofile=$$(pwd)/installcheck.fifo; \
+ at ENABLE_TOOLS_TRUE@ cd $(pkgtestsdir); \
+ at ENABLE_TOOLS_TRUE@ rm -f $${fifofile}; \
+ at ENABLE_TOOLS_TRUE@ mkfifo $${fifofile}; \
+ at ENABLE_TOOLS_TRUE@ cat $${fifofile} | tee $${logfile} | $(TESTS_ENVIRONMENT) atf-report & \
+ at ENABLE_TOOLS_TRUE@ $(TESTS_ENVIRONMENT) atf-run >>$${fifofile}; \
+ at ENABLE_TOOLS_TRUE@ res=$${?}; \
+ at ENABLE_TOOLS_TRUE@ wait; \
+ at ENABLE_TOOLS_TRUE@ rm $${fifofile}; \
+ at ENABLE_TOOLS_TRUE@ echo; \
+ at ENABLE_TOOLS_TRUE@ echo "The verbatim output of atf-run has been saved to" \
+ at ENABLE_TOOLS_TRUE@ "installcheck.log; exit was $${res}"; \
+ at ENABLE_TOOLS_TRUE@ test $${res} -eq 0
+ at HAVE_KYUA_TRUE@installcheck-kyua:
+ at HAVE_KYUA_TRUE@ cd $(pkgtestsdir) && $(TESTS_ENVIRONMENT) $(KYUA) test
+
+installcheck-local: $(INSTALLCHECK_TARGETS)
+
#
# Custom targets.
#
-.PHONY: depend
-depend:
-
-.PHONY: clean-all
+dist-hook: forbid-dist
+ at ENABLE_TOOLS_TRUE@forbid-dist:
+ at ENABLE_TOOLS_TRUE@ @true
+ at ENABLE_TOOLS_FALSE@forbid-dist:
+ at ENABLE_TOOLS_FALSE@ @echo "Sorry; cannot make dist without the tools enabled."
+ at ENABLE_TOOLS_FALSE@ @echo "Please reconfigure with --enable-tools."
+ at ENABLE_TOOLS_FALSE@ @false
clean-all:
- MTN="$(MTN)" $(SH) $(srcdir)/admin/clean-all.sh
-
-.PHONY: release
+ GIT="$(GIT)" $(SH) $(srcdir)/admin/clean-all.sh
release:
$(SH) $(srcdir)/admin/release.sh $(PACKAGE_VERSION) $(DIST_ARCHIVES)
-
-.PHONY: release-test
release-test:
$(SH) $(srcdir)/admin/release-test.sh $(DIST_ARCHIVES)
+.PHONY: $(PHONY_TARGETS)
+
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
Modified: vendor/bind/dist/unit/atf-src/NEWS
===================================================================
--- vendor/bind/dist/unit/atf-src/NEWS 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/NEWS 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,6 +2,187 @@
===========================================================================
+Changes in version 0.17
+***********************
+
+Experimental version released on February 14th, 2013.
+
+* Added the atf_utils_cat_file, atf_utils_compare_file,
+ atf_utils_copy_file, atf_utils_create_file, atf_utils_file_exists,
+ atf_utils_fork, atf_utils_grep_file, atf_utils_grep_string,
+ atf_utils_readline, atf_utils_redirect and atf_utils_wait utility
+ functions to atf-c-api. Documented the already-public
+ atf_utils_free_charpp function.
+
+* Added the cat_file, compare_file, copy_file, create_file, file_exists,
+ fork, grep_collection, grep_file, grep_string, redirect and wait
+ functions to the atf::utils namespace of atf-c++-api. These are
+ wrappers around the same functions added to the atf-c-api library.
+
+* Added the ATF_CHECK_MATCH, ATF_CHECK_MATCH_MSG, ATF_REQUIRE_MATCH and
+ ATF_REQUIRE_MATCH_MSG macros to atf-c to simplify the validation of a
+ string against a regular expression.
+
+* Miscellaneous fixes for manpage typos and compilation problems with
+ clang.
+
+* Added caching of the results of those configure tests that rely on
+ executing a test program. This should help crossbuild systems by
+ providing a mechanism to pre-specify what the results should be.
+
+* PR bin/45690: Make atf-report convert any non-printable characters to
+ a plain-text representation (matching their corresponding hexadecimal
+ entities) in XML output files. This is to prevent the output of test
+ cases from breaking xsltproc later.
+
+
+Changes in version 0.16
+***********************
+
+Experimental version released on July 10th, 2012.
+
+* Added a --enable-tools flag to configure to request the build of the
+ deprecated ATF tools, whose build is now disabled by default. In order
+ to continue running tests, you should migrate to Kyua instead of enabling
+ the build of the deprecated tools. The kyua-atf-compat package provides
+ transitional compatibility versions of atf-run and atf-report built on
+ top of Kyua.
+
+* Tweaked the ATF_TEST_CASE macro of atf-c++ so that the compiler can
+ detect defined but unused test cases.
+
+* PR bin/45859: Fixed some XSLT bugs that resulted in the tc-time and
+ tp-time XML tags leaking into the generated HTML file. Also improved
+ the CSS file slightly to correct alignment and color issues with the
+ timestamps column.
+
+* Optimized atf-c++/macros.hpp so that GNU G++ consumes less memory during
+ compilation with GNU G++.
+
+* Flipped the default to building shared libraries for atf-c and atf-c++,
+ and started versioning them. As a side-effect, this removes the
+ --enable-unstable-shared flag from configure that appears to not work any
+ more (under NetBSD). Additionally, some distributions require the use of
+ shared libraries for proper dependency tracking (e.g. Fedora), so it is
+ better if we do the right versioning upstream.
+
+* Project hosting moved from an adhoc solution (custom web site and
+ Monotone repository) to Google Code (standard wiki and Git). ATF now
+ lives in a subcomponent of the Kyua project.
+
+
+Changes in version 0.15
+***********************
+
+Experimental version released on January 16th, 2012.
+
+* Respect stdin in atf-check. The previous release silenced stdin for any
+ processes spawned by atf, not only test programs, which caused breakage
+ in tests that pipe data through atf-check.
+
+* Performance improvements to atf-sh.
+
+* Enabled detection of unused parameters and variables in the code and
+ fixed all warnings.
+
+* Changed the behavior of "developer mode". Compiler warnings are now
+ enabled unconditionally regardless of whether we are in developer mode or
+ not; developer mode is now only used to perform strict warning checks and
+ to enable assertions. Additionally, developer mode is now only
+ automatically enabled when building from the repository, not for formal
+ releases.
+
+* Added new Autoconf M4 macros (ATF_ARG_WITH, ATF_CHECK_C and
+ ATF_CHECK_CXX) to provide a consistent way of defining a --with-arg flag
+ in configure scripts and detecting the presence of any of the ATF
+ bindings. Note that ATF_CHECK_SH was already introduced in 0.14, but it
+ has now been modified to also honor --with-atf if instantiated.
+
+* Added timing support to atf-run / atf-report.
+
+* Added support for a 'require.memory' property, to specify the minimum
+ amount of physical memory needed by the test case to yield valid results.
+
+* PR bin/45690: Force an ISO-8859-1 encoding in the XML files generated by
+ atf-report so that invalid data in the output of test cases does not
+ mangle our report.
+
+
+Changes in version 0.14
+***********************
+
+Experimental version released on June 14th, 2011.
+
+* Added a pkg-config file for atf-sh and an aclocal file to ease the
+ detection of atf-sh from autoconf scripts.
+
+* Made the default test case body defined by atf_sh fail. This is to
+ ensure that test cases are properly defined in test programs and helps
+ in catching typos in the names of the body functions.
+
+* PR bin/44882: Made atf-run connect the stdin of test cases to /dev/zero.
+ This provides more consistent results with "normal" execution (in
+ particular, when tests are executed detached from a terminal).
+
+* Made atf-run hardcode TZ=UTC for test cases. It used to undefine TZ, but
+ that does not take into account that libc determines the current timezone
+ from a configuration file.
+
+* All test programs will now print a warning when they are not run through
+ atf-run(1) stating that this is unsupported and may deliver incorrect
+ results.
+
+* Added support for the 'require.files' test-case property. This allows
+ test cases to specify installed files that must be present for the test
+ case to run.
+
+
+Changes in version 0.13
+***********************
+
+Experimental version released on March 31st, 2011.
+
+This is the first release after the creation of the Kyua project, a more
+modular and reliable replacement for ATF. From now on, ATF will change to
+accomodate the transition to this new codebase, but ATF will still continue
+to see development in the short/medium term. Check out the project page at
+http://code.google.com/p/kyua/ for more details.
+
+The changes in this release are:
+
+* Added support to run the tests with the Kyua runtime engine (kyua-cli), a
+ new package that aims to replace atf-run and atf-report. The ATF tests
+ can be run with the new system by issuing a 'make installcheck-kyua' from
+ the top-level directory of the project (assuming the 'kyua' binary is
+ available during the configuration stage of ATF).
+
+* atf-run and atf-report are now in maintenance mode (but *not* deprecated
+ yet!). Kyua already implements a new, much more reliable runtime engine
+ that provides similar features to these tools. That said, it is not
+ complete yet so all development efforts should go towards it.
+
+* If GDB is installed, atf-run dumps the stack trace of crashing test
+ programs in an attempt to aid debugging. Contributed by Antti Kantee.
+
+* Reverted default timeout change in previous release and reset its value
+ to 5 minutes. This was causing several issues, specially when running
+ the existing NetBSD test suite in qemu.
+
+* Fixed the 'match' output checker in atf-check to properly validate the
+ last line of a file even if it does not have a newline.
+
+* Added the ATF_REQUIRE_IN and ATF_REQUIRE_NOT_IN macros to atf-c++ to
+ check for the presence (or lack thereof) of an element in a collection.
+
+* PR bin/44176: Fixed a race condition in atf-run that would crash atf-run
+ when the cleanup of a test case triggered asynchronous modifications to
+ its work directory (e.g. killing a daemon process that cleans up a pid
+ file in the work directory).
+
+* PR bin/44301: Fixed the sample XSLT file to report bogus test programs
+ instead of just listing them as having 0 test cases.
+
+
Changes in version 0.12
***********************
Added: vendor/bind/dist/unit/atf-src/TODO
===================================================================
--- vendor/bind/dist/unit/atf-src/TODO (rev 0)
+++ vendor/bind/dist/unit/atf-src/TODO 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,184 @@
+Things to do Automated Testing Framework
+===========================================================================
+
+
+Last revised: November 30th, 2010
+
+
+This document includes the list of things that need to be done in ATF that
+are most requested by the users. This information used to be available in
+an ad-hoc bug tracker but that proved to be a bad idea. I have collected
+all worthy comments in here.
+
+Please note that most work these days is going into Kyua (see
+http://code.google.com/p/kyua/). The ideas listed here apply to the
+components of ATF that have *not* been migrated to the new codebase yet.
+For bug reports or ideas that apply to the components that already have
+been migrated, please use the bug tracker in the URL above. Similarly,
+whenever a component is migrated, the ideas in this file should be revised
+and migrated to the new bug tracker where appropriate.
+
+
+---------------------------------------------------------------------------
+Add build-time checks to atf-sh
+
+The 0.7 release introduced build-time tests to atf-c and atf-c++, but not
+to atf-sh. Expose the functionality to the shell interface.
+
+This will probably require writing an atf-build utility that exposes the C
+code and can be called from the shell.
+
+---------------------------------------------------------------------------
+Revisit what to do when an Atffile lists a non-existent file
+
+---------------------------------------------------------------------------
+Add ATF_CHECK* versions to atf-c++ to support non-fatal tests
+
+---------------------------------------------------------------------------
+Implement race-condition tests
+
+gcooper:
+
+I would think that stress/negative tests would be of more value than race
+condition tests (they're similar, but not exactly the same in my mind).
+
+In particular,
+
+1. Feed through as much data as possible to determine where reporting
+ breaks down.
+2. Feed through data quickly and terminate ASAP. The data should be
+ captured. Terminate child applications with unexpected exit codes and
+ signals (in particular, SIGCHLD, SIGPIPE, exit codes that terminate,
+ etc).
+3. Open up a file descriptor in the test application, don't close the file
+ descriptor.
+4. fork(2) a process; don't wait(2) for the application to complete.
+
+There are other scenarios that could be exercised, but these are the ones
+I could think of off the topic of my head.
+
+--
+
+jmmv:
+
+1. The thing is: how do you express any of this in a portable/abstract
+ interface? How do you express that a test case "receives data"? What
+ does that exactly mean? I don't think the framework should care about
+ this: each test should be free to decide where its data is and how to
+ deal with it.
+
+2. Ditto.
+
+3. Not sure I understand your request, but testing for "unexpected exit
+ codes" is already supported. See wiki:DesignXFail for the feature
+ design details.
+
+4. What's the problem with this case? The test case exits right away after
+ terminating the execution of its body; any open file descriptors,
+ leaked memory, etc. die with it.
+
+5. forking and not waiting for a subprocess was a problem already
+ addressed.
+
+I kinda have an idea of what Antti means with "race condition tests", but
+every time I have tried to describe my understanding of matters I seem to
+be wrong. Would be nice to have a clear description of what this involves;
+in particular, what are the expectations from the framework and how should
+the feature be exposed.
+
+As of now, what I understand by "race condition test" is: a test case that
+exercises a race condition. The test case may finish without triggering
+the race, in which case it just exists with a successful status.
+Otherwise, if the race triggers, the test case gets stuck and times out.
+The result should be reported as an "expected failure" different from
+timeout.
+
+--
+
+pooka:
+
+Yup. Plus some atf-wide mechanism for the operator to supply some kind of
+guideline if the test should try to trigger the race for a second or for
+an hour.
+
+--
+
+jmmv:
+
+Alright. While mocking up some code for this, I think that your two
+requests are complementary.
+
+On the one hand, when you are talking about a "race condition" test you
+really mean an "expected race condition" test. Correct? If so, we need to
+extend the xfail mechanism to add one more case, which is to report any
+failures as a race condition error and, if there is no failure, report the
+test as successful.
+
+On the other hand, the atf-wide mechanism to support how long the test
+should run for can be thought as a "stress test" mechanism. I.e. run this
+test for X time / iterations and report its results regularly without
+involving xfail at all.
+
+So, with this in mind:
+
+* For a test that triggers an unfixed race condition, you set xfail to
+ race mode and define the test as a stress test. Any failures are
+ reported as expected failures.
+
+* For a test that verifies a supposedly-fixed race condition, you do *not*
+ set xfail to race mode, and only set the test to stress test. Any
+ failures are reported as real failures.
+
+These stress test cases implement a single iteration of the test and
+atf-run is in charge of running the test several times, stopping on the
+first failure.
+
+Does that make sense?
+
+---------------------------------------------------------------------------
+Implement ATF_REQUIRE_ERRNO
+
+pooka:
+
+Most of the lines in tests against system functionality are:
+
+if (syscall(args) == -1)
+ atf_tc_fail_errno("flop")
+
+Some shorthand would be helpful, like ATF_REQUIRE_ERRNO(syscall(args))
+Also, a variant which allows arbitrary return value checks (e.g. "!= 0" or
+"< 124" or "!= size") would be nice.
+
+--
+
+gcooper:
+
+There's a problem with this request; not all functions fail in the same
+way ... in particular compare the pthread family of functions (which
+return errno) vs many native syscalls. Furthermore, compare some
+fcntl-like syscalls vs other syscalls. One size fits all solutions may not
+be a wise idea in this case, so I think that the problem statement needs
+to be better defined, because the above request is too loose.
+
+FWIW, there's also a TEST macro in LTP, which tests for non-zero status,
+and sets an appropriate set of global variables for errnos and return
+codes, respectively. It was a good idea, but has been mostly abandoned
+because it's too difficult to define a success and failure in a universal
+manner, so I think that we need to be careful with what's implemented in
+ATF to not repeat the mistakes that others have made.
+
+--
+
+jmmv:
+
+I think you've got a good point.
+
+This was mostly intended to simplify the handling of the stupid errno
+global variable. I think this is valuable to have, but maybe the
+macro/function name should be different because _ERRNO can be confusing.
+Probably something like an ATF_CHECK_LIBC / ATF_CHECK_PTHREAD approach
+would be more flexible and simple.
+
+
+===========================================================================
+vim: filetype=text:textwidth=75:expandtab:shiftwidth=2:softtabstop=2
Deleted: vendor/bind/dist/unit/atf-src/aclocal.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/aclocal.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/aclocal.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,917 +0,0 @@
-# generated automatically by aclocal 1.10.1 -*- Autoconf -*-
-
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(AC_AUTOCONF_VERSION, [2.67],,
-[m4_warning([this file was generated for autoconf 2.67.
-You have another version of autoconf. It may work, but is not guaranteed to.
-If you have problems, you may need to regenerate the build system entirely.
-To do so, use the procedure documented by the package, typically `autoreconf'.])])
-
-# Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_AUTOMAKE_VERSION(VERSION)
-# ----------------------------
-# Automake X.Y traces this macro to ensure aclocal.m4 has been
-# generated from the m4 files accompanying Automake X.Y.
-# (This private macro should not be called outside this file.)
-AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.10'
-dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
-dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.10.1], [],
- [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
-])
-
-# _AM_AUTOCONF_VERSION(VERSION)
-# -----------------------------
-# aclocal traces this macro to find the Autoconf version.
-# This is a private macro too. Using m4_define simplifies
-# the logic in aclocal, which can simply ignore this definition.
-m4_define([_AM_AUTOCONF_VERSION], [])
-
-# AM_SET_CURRENT_AUTOMAKE_VERSION
-# -------------------------------
-# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
-# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
-AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.10.1])dnl
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-_AM_AUTOCONF_VERSION(AC_AUTOCONF_VERSION)])
-
-# AM_AUX_DIR_EXPAND -*- Autoconf -*-
-
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
-# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
-# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
-#
-# Of course, Automake must honor this variable whenever it calls a
-# tool from the auxiliary directory. The problem is that $srcdir (and
-# therefore $ac_aux_dir as well) can be either absolute or relative,
-# depending on how configure is run. This is pretty annoying, since
-# it makes $ac_aux_dir quite unusable in subdirectories: in the top
-# source directory, any form will work fine, but in subdirectories a
-# relative path needs to be adjusted first.
-#
-# $ac_aux_dir/missing
-# fails when called from a subdirectory if $ac_aux_dir is relative
-# $top_srcdir/$ac_aux_dir/missing
-# fails if $ac_aux_dir is absolute,
-# fails when called from a subdirectory in a VPATH build with
-# a relative $ac_aux_dir
-#
-# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
-# are both prefixed by $srcdir. In an in-source build this is usually
-# harmless because $srcdir is `.', but things will broke when you
-# start a VPATH build or use an absolute $srcdir.
-#
-# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
-# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
-# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
-# and then we would define $MISSING as
-# MISSING="\${SHELL} $am_aux_dir/missing"
-# This will work as long as MISSING is not called from configure, because
-# unfortunately $(top_srcdir) has no meaning in configure.
-# However there are other variables, like CC, which are often used in
-# configure, and could therefore not use this "fixed" $ac_aux_dir.
-#
-# Another solution, used here, is to always expand $ac_aux_dir to an
-# absolute PATH. The drawback is that using absolute paths prevent a
-# configured tree to be moved without reconfiguration.
-
-AC_DEFUN([AM_AUX_DIR_EXPAND],
-[dnl Rely on autoconf to set up CDPATH properly.
-AC_PREREQ([2.50])dnl
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
-])
-
-# AM_CONDITIONAL -*- Autoconf -*-
-
-# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 8
-
-# AM_CONDITIONAL(NAME, SHELL-CONDITION)
-# -------------------------------------
-# Define a conditional.
-AC_DEFUN([AM_CONDITIONAL],
-[AC_PREREQ(2.52)dnl
- ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
- [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])dnl
-AC_SUBST([$1_FALSE])dnl
-_AM_SUBST_NOTMAKE([$1_TRUE])dnl
-_AM_SUBST_NOTMAKE([$1_FALSE])dnl
-if $2; then
- $1_TRUE=
- $1_FALSE='#'
-else
- $1_TRUE='#'
- $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
- AC_MSG_ERROR([[conditional "$1" was never defined.
-Usually this means the macro was only invoked conditionally.]])
-fi])])
-
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 9
-
-# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
-# written in clear, in which case automake, when reading aclocal.m4,
-# will think it sees a *use*, and therefore will trigger all it's
-# C support machinery. Also note that it means that autoscan, seeing
-# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
-
-
-# _AM_DEPENDENCIES(NAME)
-# ----------------------
-# See how the compiler implements dependency checking.
-# NAME is "CC", "CXX", "GCJ", or "OBJC".
-# We try a few techniques and use that to set a single cache variable.
-#
-# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
-# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
-# dependency, and given that the user is not expected to run this macro,
-# just rely on AC_PROG_CC.
-AC_DEFUN([_AM_DEPENDENCIES],
-[AC_REQUIRE([AM_SET_DEPDIR])dnl
-AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
-AC_REQUIRE([AM_MAKE_INCLUDE])dnl
-AC_REQUIRE([AM_DEP_TRACK])dnl
-
-ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
- [$1], CXX, [depcc="$CXX" am_compiler_list=],
- [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
- [$1], UPC, [depcc="$UPC" am_compiler_list=],
- [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
- [depcc="$$1" am_compiler_list=])
-
-AC_CACHE_CHECK([dependency style of $depcc],
- [am_cv_$1_dependencies_compiler_type],
-[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named `D' -- because `-MD' means `put the output
- # in D'.
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_$1_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
- fi
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
- # Solaris 8's {/usr,}/bin/sh.
- touch sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- case $depmode in
- nosideeffect)
- # after this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- none) break ;;
- esac
- # We check with `-c' and `-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle `-M -o', and we need to detect this.
- if depmode=$depmode \
- source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_$1_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_$1_dependencies_compiler_type=none
-fi
-])
-AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
-AM_CONDITIONAL([am__fastdep$1], [
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
-])
-
-
-# AM_SET_DEPDIR
-# -------------
-# Choose a directory name for dependency files.
-# This macro is AC_REQUIREd in _AM_DEPENDENCIES
-AC_DEFUN([AM_SET_DEPDIR],
-[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
-])
-
-
-# AM_DEP_TRACK
-# ------------
-AC_DEFUN([AM_DEP_TRACK],
-[AC_ARG_ENABLE(dependency-tracking,
-[ --disable-dependency-tracking speeds up one-time build
- --enable-dependency-tracking do not reject slow dependency extractors])
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
-fi
-AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-AC_SUBST([AMDEPBACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
-])
-
-# Generate code to set up dependency tracking. -*- Autoconf -*-
-
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-#serial 3
-
-# _AM_OUTPUT_DEPENDENCY_COMMANDS
-# ------------------------------
-AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
-[for mf in $CONFIG_FILES; do
- # Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named `Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`AS_DIRNAME("$mf")`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running `make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # When using ansi2knr, U may be empty or an underscore; expand it
- U=`sed -n 's/^U = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`AS_DIRNAME(["$file"])`
- AS_MKDIR_P([$dirpart/$fdir])
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
- done
-done
-])# _AM_OUTPUT_DEPENDENCY_COMMANDS
-
-
-# AM_OUTPUT_DEPENDENCY_COMMANDS
-# -----------------------------
-# This macro should only be invoked once -- use via AC_REQUIRE.
-#
-# This code is only required when automatic dependency tracking
-# is enabled. FIXME. This creates each `.P' file that we will
-# need in order to bootstrap the dependency handling code.
-AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
-[AC_CONFIG_COMMANDS([depfiles],
- [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
- [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
-])
-
-# Do all the work for Automake. -*- Autoconf -*-
-
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2008 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 13
-
-# This macro actually does too much. Some checks are only needed if
-# your package does certain things. But this isn't really a big deal.
-
-# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
-# AM_INIT_AUTOMAKE([OPTIONS])
-# -----------------------------------------------
-# The call with PACKAGE and VERSION arguments is the old style
-# call (pre autoconf-2.50), which is being phased out. PACKAGE
-# and VERSION should now be passed to AC_INIT and removed from
-# the call to AM_INIT_AUTOMAKE.
-# We support both call styles for the transition. After
-# the next Automake release, Autoconf can make the AC_INIT
-# arguments mandatory, and then we can depend on a new Autoconf
-# release and drop the old call support.
-AC_DEFUN([AM_INIT_AUTOMAKE],
-[AC_PREREQ([2.60])dnl
-dnl Autoconf wants to disallow AM_ names. We explicitly allow
-dnl the ones we care about.
-m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
-AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
-AC_REQUIRE([AC_PROG_INSTALL])dnl
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-AC_SUBST([CYGPATH_W])
-
-# Define the identity of the package.
-dnl Distinguish between old-style and new-style calls.
-m4_ifval([$2],
-[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
- AC_SUBST([PACKAGE], [$1])dnl
- AC_SUBST([VERSION], [$2])],
-[_AM_SET_OPTIONS([$1])dnl
-dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
-m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
- [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
-
-_AM_IF_OPTION([no-define],,
-[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
- AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
-
-# Some tools Automake needs.
-AC_REQUIRE([AM_SANITY_CHECK])dnl
-AC_REQUIRE([AC_ARG_PROGRAM])dnl
-AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
-AM_MISSING_PROG(AUTOCONF, autoconf)
-AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
-AM_MISSING_PROG(AUTOHEADER, autoheader)
-AM_MISSING_PROG(MAKEINFO, makeinfo)
-AM_PROG_INSTALL_SH
-AM_PROG_INSTALL_STRIP
-AC_REQUIRE([AM_PROG_MKDIR_P])dnl
-# We need awk for the "check" target. The system "awk" is bad on
-# some platforms.
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([AC_PROG_MAKE_SET])dnl
-AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
- [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
- [_AM_PROG_TAR([v7])])])
-_AM_IF_OPTION([no-dependencies],,
-[AC_PROVIDE_IFELSE([AC_PROG_CC],
- [_AM_DEPENDENCIES(CC)],
- [define([AC_PROG_CC],
- defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [_AM_DEPENDENCIES(CXX)],
- [define([AC_PROG_CXX],
- defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJC],
- [_AM_DEPENDENCIES(OBJC)],
- [define([AC_PROG_OBJC],
- defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
-])
-])
-
-
-# When config.status generates a header, we must update the stamp-h file.
-# This file resides in the same directory as the config header
-# that is generated. The stamp files are numbered to have different names.
-
-# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
-# loop where config.status creates the headers, so we can generate
-# our stamp files there.
-AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
-[# Compute $1's index in $config_headers.
-_am_arg=$1
-_am_stamp_count=1
-for _am_header in $config_headers :; do
- case $_am_header in
- $_am_arg | $_am_arg:* )
- break ;;
- * )
- _am_stamp_count=`expr $_am_stamp_count + 1` ;;
- esac
-done
-echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_SH
-# ------------------
-# Define $install_sh.
-AC_DEFUN([AM_PROG_INSTALL_SH],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
-AC_SUBST(install_sh)])
-
-# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 2
-
-# Check whether the underlying file-system supports filenames
-# with a leading dot. For instance MS-DOS doesn't.
-AC_DEFUN([AM_SET_LEADING_DOT],
-[rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-AC_SUBST([am__leading_dot])])
-
-# Check to see how 'make' treats includes. -*- Autoconf -*-
-
-# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 3
-
-# AM_MAKE_INCLUDE()
-# -----------------
-# Check to see how make treats includes.
-AC_DEFUN([AM_MAKE_INCLUDE],
-[am_make=${MAKE-make}
-cat > confinc << 'END'
-am__doit:
- @echo done
-.PHONY: am__doit
-END
-# If we don't find an include directive, just comment out the code.
-AC_MSG_CHECKING([for style of include used by $am_make])
-am__include="#"
-am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
- am__include=include
- am__quote=
- _am_result=GNU
-fi
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
- echo '.include "confinc"' > confmf
- if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
- am__include=.include
- am__quote="\""
- _am_result=BSD
- fi
-fi
-AC_SUBST([am__include])
-AC_SUBST([am__quote])
-AC_MSG_RESULT([$_am_result])
-rm -f confinc confmf
-])
-
-# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 5
-
-# AM_PROG_CC_C_O
-# --------------
-# Like AC_PROG_CC_C_O, but changed for automake.
-AC_DEFUN([AM_PROG_CC_C_O],
-[AC_REQUIRE([AC_PROG_CC_C_O])dnl
-AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([compile])dnl
-# FIXME: we rely on the cache variable name because
-# there is no other way.
-set dummy $CC
-ac_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
-if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-dnl Make sure AC_PROG_CC is never called again, or it will override our
-dnl setting of CC.
-m4_define([AC_PROG_CC],
- [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
-])
-
-# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
-
-# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 5
-
-# AM_MISSING_PROG(NAME, PROGRAM)
-# ------------------------------
-AC_DEFUN([AM_MISSING_PROG],
-[AC_REQUIRE([AM_MISSING_HAS_RUN])
-$1=${$1-"${am_missing_run}$2"}
-AC_SUBST($1)])
-
-
-# AM_MISSING_HAS_RUN
-# ------------------
-# Define MISSING if not defined so far and test if it supports --run.
-# If it does, set am_missing_run to use it, otherwise, to nothing.
-AC_DEFUN([AM_MISSING_HAS_RUN],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([missing])dnl
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
- am_missing_run="$MISSING --run "
-else
- am_missing_run=
- AC_MSG_WARN([`missing' script is too old or missing])
-fi
-])
-
-# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_MKDIR_P
-# ---------------
-# Check for `mkdir -p'.
-AC_DEFUN([AM_PROG_MKDIR_P],
-[AC_PREREQ([2.60])dnl
-AC_REQUIRE([AC_PROG_MKDIR_P])dnl
-dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P,
-dnl while keeping a definition of mkdir_p for backward compatibility.
-dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
-dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
-dnl Makefile.ins that do not define MKDIR_P, so we do our own
-dnl adjustment using top_builddir (which is defined more often than
-dnl MKDIR_P).
-AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
-case $mkdir_p in
- [[\\/$]]* | ?:[[\\/]]*) ;;
- */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
-esac
-])
-
-# Helper functions for option handling. -*- Autoconf -*-
-
-# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 3
-
-# _AM_MANGLE_OPTION(NAME)
-# -----------------------
-AC_DEFUN([_AM_MANGLE_OPTION],
-[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
-
-# _AM_SET_OPTION(NAME)
-# ------------------------------
-# Set option NAME. Presently that only means defining a flag for this option.
-AC_DEFUN([_AM_SET_OPTION],
-[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
-
-# _AM_SET_OPTIONS(OPTIONS)
-# ----------------------------------
-# OPTIONS is a space-separated list of Automake options.
-AC_DEFUN([_AM_SET_OPTIONS],
-[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
-
-# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
-# -------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-AC_DEFUN([_AM_IF_OPTION],
-[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-
-# Check to make sure that the build environment is sane. -*- Autoconf -*-
-
-# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 4
-
-# AM_SANITY_CHECK
-# ---------------
-AC_DEFUN([AM_SANITY_CHECK],
-[AC_MSG_CHECKING([whether build environment is sane])
-# Just in case
-sleep 1
-echo timestamp > conftest.file
-# Do `set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
- if test "$[*]" = "X"; then
- # -L didn't work.
- set X `ls -t $srcdir/configure conftest.file`
- fi
- rm -f conftest.file
- if test "$[*]" != "X $srcdir/configure conftest.file" \
- && test "$[*]" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
-alias in your environment])
- fi
-
- test "$[2]" = conftest.file
- )
-then
- # Ok.
- :
-else
- AC_MSG_ERROR([newly created file is older than distributed files!
-Check your system clock])
-fi
-AC_MSG_RESULT(yes)])
-
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_STRIP
-# ---------------------
-# One issue with vendor `install' (even GNU) is that you can't
-# specify the program used to strip binaries. This is especially
-# annoying in cross-compiling environments, where the build's strip
-# is unlikely to handle the host's binaries.
-# Fortunately install-sh will honor a STRIPPROG variable, so we
-# always use install-sh in `make install-strip', and initialize
-# STRIPPROG with the value of the STRIP variable (set by the user).
-AC_DEFUN([AM_PROG_INSTALL_STRIP],
-[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'. However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
-if test "$cross_compiling" != no; then
- AC_CHECK_TOOL([STRIP], [strip], :)
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-AC_SUBST([INSTALL_STRIP_PROGRAM])])
-
-# Copyright (C) 2006 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_SUBST_NOTMAKE(VARIABLE)
-# ---------------------------
-# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
-# This macro is traced by Automake.
-AC_DEFUN([_AM_SUBST_NOTMAKE])
-
-# Check how to create a tarball. -*- Autoconf -*-
-
-# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 2
-
-# _AM_PROG_TAR(FORMAT)
-# --------------------
-# Check how to create a tarball in format FORMAT.
-# FORMAT should be one of `v7', `ustar', or `pax'.
-#
-# Substitute a variable $(am__tar) that is a command
-# writing to stdout a FORMAT-tarball containing the directory
-# $tardir.
-# tardir=directory && $(am__tar) > result.tar
-#
-# Substitute a variable $(am__untar) that extract such
-# a tarball read from stdin.
-# $(am__untar) < result.tar
-AC_DEFUN([_AM_PROG_TAR],
-[# Always define AMTAR for backward compatibility.
-AM_MISSING_PROG([AMTAR], [tar])
-m4_if([$1], [v7],
- [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
- [m4_case([$1], [ustar],, [pax],,
- [m4_fatal([Unknown tar format])])
-AC_MSG_CHECKING([how to create a $1 tar archive])
-# Loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
-_am_tools=${am_cv_prog_tar_$1-$_am_tools}
-# Do not fold the above two line into one, because Tru64 sh and
-# Solaris sh will not grok spaces in the rhs of `-'.
-for _am_tool in $_am_tools
-do
- case $_am_tool in
- gnutar)
- for _am_tar in tar gnutar gtar;
- do
- AM_RUN_LOG([$_am_tar --version]) && break
- done
- am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
- am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
- am__untar="$_am_tar -xf -"
- ;;
- plaintar)
- # Must skip GNU tar: if it does not support --format= it doesn't create
- # ustar tarball either.
- (tar --version) >/dev/null 2>&1 && continue
- am__tar='tar chf - "$$tardir"'
- am__tar_='tar chf - "$tardir"'
- am__untar='tar xf -'
- ;;
- pax)
- am__tar='pax -L -x $1 -w "$$tardir"'
- am__tar_='pax -L -x $1 -w "$tardir"'
- am__untar='pax -r'
- ;;
- cpio)
- am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
- am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
- am__untar='cpio -i -H $1 -d'
- ;;
- none)
- am__tar=false
- am__tar_=false
- am__untar=false
- ;;
- esac
-
- # If the value was cached, stop now. We just wanted to have am__tar
- # and am__untar set.
- test -n "${am_cv_prog_tar_$1}" && break
-
- # tar/untar a dummy directory, and stop if the command works
- rm -rf conftest.dir
- mkdir conftest.dir
- echo GrepMe > conftest.dir/file
- AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
- rm -rf conftest.dir
- if test -s conftest.tar; then
- AM_RUN_LOG([$am__untar <conftest.tar])
- grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
- fi
-done
-rm -rf conftest.dir
-
-AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
-AC_MSG_RESULT([$am_cv_prog_tar_$1])])
-AC_SUBST([am__tar])
-AC_SUBST([am__untar])
-]) # _AM_PROG_TAR
-
-m4_include([m4/compiler-flags.m4])
-m4_include([m4/cxx-std-funcs.m4])
-m4_include([m4/developer-mode.m4])
-m4_include([m4/libtool.m4])
-m4_include([m4/ltoptions.m4])
-m4_include([m4/ltsugar.m4])
-m4_include([m4/ltversion.m4])
-m4_include([m4/lt~obsolete.m4])
-m4_include([m4/module-application.m4])
-m4_include([m4/module-defs.m4])
-m4_include([m4/module-env.m4])
-m4_include([m4/module-fs.m4])
-m4_include([m4/module-sanity.m4])
-m4_include([m4/module-signals.m4])
-m4_include([m4/runtime-tool.m4])
Modified: vendor/bind/dist/unit/atf-src/admin/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -27,18 +27,12 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
-dist-hook: check-install
-.PHONY: check-install
-check-install: $(srcdir)/INSTALL
- $(srcdir)/admin/check-install.sh $(srcdir)/INSTALL
-
dist-hook: check-style
-.PHONY: check-style
+PHONY_TARGETS += check-style
check-style:
$(srcdir)/admin/check-style.sh
-EXTRA_DIST += admin/check-install.sh \
- admin/check-style-common.awk \
+EXTRA_DIST += admin/check-style-common.awk \
admin/check-style-c.awk \
admin/check-style-cpp.awk \
admin/check-style-man.awk \
Deleted: vendor/bind/dist/unit/atf-src/admin/check-install.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/check-install.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/check-install.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,92 +0,0 @@
-#! /bin/sh
-#
-# Automated Testing Framework (atf)
-#
-# Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
-# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#
-# A utility to ensure that INSTALL lists the correct versions of the
-# tools used to generate the distfile.
-#
-
-Prog_Name=${0##*/}
-
-#
-# err message
-#
-err() {
- echo "${Prog_Name}: ${@}" 1>&2
- exit 1
-}
-
-#
-# warn message
-#
-warn() {
- echo "${Prog_Name}: ${@}" 1>&2
-}
-
-#
-# check_tool readme_file prog_name verbose_name
-#
-# Executes 'prog_name' to determine its version and checks if the
-# given 'readme_file' contains 'verbose_name <version>' in it.
-#
-check_tool() {
- readme=${1}
- prog=${2}
- name=${3}
-
- ver=$(${prog} --version | head -n 1 | cut -d ' ' -f 4)
-
- if grep "\\* ${name} ${ver}" ${readme} >/dev/null; then
- true
- else
- warn "Incorrect version of ${name}"
- false
- fi
-}
-
-#
-# main readme_file
-#
-# Entry point.
-#
-main() {
- readme=${1}
- ret=0
-
- check_tool ${readme} autoconf "GNU autoconf" || ret=1
- check_tool ${readme} automake "GNU automake" || ret=1
- check_tool ${readme} libtool "GNU libtool" || ret=1
-
- return ${ret}
-}
-
-main "${@}"
-
-# vim: syntax=sh:expandtab:shiftwidth=4:softtabstop=4
Modified: vendor/bind/dist/unit/atf-src/admin/check-style-c.awk
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/check-style-c.awk 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/check-style-c.awk 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/admin/check-style-common.awk
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/check-style-common.awk 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/check-style-common.awk 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/admin/check-style-cpp.awk
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/check-style-cpp.awk 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/check-style-cpp.awk 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/admin/check-style-man.awk
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/check-style-man.awk 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/check-style-man.awk 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/admin/check-style-shell.awk
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/check-style-shell.awk 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/check-style-shell.awk 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/admin/check-style.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/check-style.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/check-style.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -91,6 +91,7 @@
-name "*.c" -o \
-name "*.cpp" -o \
-name "*.h" -o \
+ -name "*.h.in" -o \
-name "*.hpp" -o \
-name "*.m4" -o \
-name "*.sh" \
@@ -100,6 +101,7 @@
-type f -a \
\! -name "aclocal.m4" \
\! -name "bconfig.h" \
+ \! -name "defs.h" \
\! -name "libtool.m4" \
\! -name "ltoptions.m4" \
\! -name "ltsugar.m4" \
Property changes on: vendor/bind/dist/unit/atf-src/admin/check-style.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/admin/compile
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/compile 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/compile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,10 +1,9 @@
#! /bin/sh
-# Wrapper for compilers which do not understand `-c -o'.
+# Wrapper for compilers which do not understand '-c -o'.
-scriptversion=2009-10-06.20; # UTC
+scriptversion=2012-03-05.13; # UTC
-# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software
-# Foundation, Inc.
+# Copyright (C) 1999-2012 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey at cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -29,9 +28,207 @@
# bugs to <bug-automake at gnu.org> or send patches to
# <automake-patches at gnu.org>.
+nl='
+'
+
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" "" $nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv/,$2, in
+ *,$file_conv,*)
+ ;;
+ mingw/*)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin/*)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine/*)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+ func_file_conv "$1"
+ if test -z "$lib_path"; then
+ lib_path=$file
+ else
+ lib_path="$lib_path;$file"
+ fi
+ linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+ lib=$1
+ found=no
+ save_IFS=$IFS
+ IFS=';'
+ for dir in $lib_path $LIB
+ do
+ IFS=$save_IFS
+ if $shared && test -f "$dir/$lib.dll.lib"; then
+ found=yes
+ lib=$dir/$lib.dll.lib
+ break
+ fi
+ if test -f "$dir/$lib.lib"; then
+ found=yes
+ lib=$dir/$lib.lib
+ break
+ fi
+ done
+ IFS=$save_IFS
+
+ if test "$found" != yes; then
+ lib=$lib.lib
+ fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+ # Assume a capable shell
+ lib_path=
+ shared=:
+ linker_opts=
+ for arg
+ do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ eat=1
+ case $2 in
+ *.o | *.[oO][bB][jJ])
+ func_file_conv "$2"
+ set x "$@" -Fo"$file"
+ shift
+ ;;
+ *)
+ func_file_conv "$2"
+ set x "$@" -Fe"$file"
+ shift
+ ;;
+ esac
+ ;;
+ -I)
+ eat=1
+ func_file_conv "$2" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -I*)
+ func_file_conv "${1#-I}" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -l)
+ eat=1
+ func_cl_dashl "$2"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -l*)
+ func_cl_dashl "${1#-l}"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -L)
+ eat=1
+ func_cl_dashL "$2"
+ ;;
+ -L*)
+ func_cl_dashL "${1#-L}"
+ ;;
+ -static)
+ shared=false
+ ;;
+ -Wl,*)
+ arg=${1#-Wl,}
+ save_ifs="$IFS"; IFS=','
+ for flag in $arg; do
+ IFS="$save_ifs"
+ linker_opts="$linker_opts $flag"
+ done
+ IFS="$save_ifs"
+ ;;
+ -Xlinker)
+ eat=1
+ linker_opts="$linker_opts $2"
+ ;;
+ -*)
+ set x "$@" "$1"
+ shift
+ ;;
+ *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+ func_file_conv "$1"
+ set x "$@" -Tp"$file"
+ shift
+ ;;
+ *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+ func_file_conv "$1" mingw
+ set x "$@" "$file"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+ done
+ if test -n "$linker_opts"; then
+ linker_opts="-link$linker_opts"
+ fi
+ exec "$@" $linker_opts
+ exit 1
+}
+
+eat=
+
case $1 in
'')
- echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
@@ -38,12 +235,12 @@
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
-Wrapper for compilers which do not understand `-c -o'.
-Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
-right script to run: please start by reading the file `INSTALL'.
+right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake at gnu.org>.
EOF
@@ -53,11 +250,13 @@
echo "compile $scriptversion"
exit $?
;;
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ func_cl_wrapper "$@" # Doesn't return...
+ ;;
esac
ofile=
cfile=
-eat=
for arg
do
@@ -66,8 +265,8 @@
else
case $1 in
-o)
- # configure might choose to run compile as `compile cc -o foo foo.c'.
- # So we strip `-o arg' only if arg is an object.
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ # So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
@@ -94,10 +293,10 @@
done
if test -z "$ofile" || test -z "$cfile"; then
- # If no `-o' option was seen then we might have been invoked from a
+ # If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
- # `.c' file was seen then we are probably linking. That is also
+ # '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
@@ -106,7 +305,7 @@
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
-# Note: use `[/\\:.-]' here to ensure that we don't use the same name
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
Property changes on: vendor/bind/dist/unit/atf-src/admin/compile
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: vendor/bind/dist/unit/atf-src/admin/config.guess
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/config.guess 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/config.guess 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/unit/atf-src/admin/config.guess
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: vendor/bind/dist/unit/atf-src/admin/config.sub
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/config.sub 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/config.sub 2016-11-03 12:20:06 UTC (rev 9200)
Property changes on: vendor/bind/dist/unit/atf-src/admin/config.sub
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/admin/depcomp
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/depcomp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/depcomp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,10 +1,9 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
-scriptversion=2009-04-28.21; # UTC
+scriptversion=2012-03-27.16; # UTC
-# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
-# Software Foundation, Inc.
+# Copyright (C) 1999-2012 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,7 +27,7 @@
case $1 in
'')
- echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
@@ -40,11 +39,11 @@
Environment variables:
depmode Dependency tracking mode.
- source Source file read by `PROGRAMS ARGS'.
- object Object file output by `PROGRAMS ARGS'.
+ source Source file read by 'PROGRAMS ARGS'.
+ object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
- tmpdepfile Temporary file to use when outputing dependencies.
+ tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake at gnu.org>.
@@ -57,6 +56,12 @@
;;
esac
+# A tabulation character.
+tab=' '
+# A newline character.
+nl='
+'
+
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
@@ -90,10 +95,24 @@
# This is just like msvisualcpp but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
- cygpath_u="sed s,\\\\\\\\,/,g"
+ cygpath_u='sed s,\\\\,/,g'
depmode=msvisualcpp
fi
+if test "$depmode" = msvc7msys; then
+ # This is just like msvc7 but w/o cygpath translation.
+ # Just convert the backslash-escaped backslashes to single forward
+ # slashes to satisfy depend.m4
+ cygpath_u='sed s,\\\\,/,g'
+ depmode=msvc7
+fi
+
+if test "$depmode" = xlc; then
+ # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency informations.
+ gccflag=-qmakedep=gcc,-MF
+ depmode=gcc
+fi
+
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
@@ -148,20 +167,21 @@
## The second -e expression handles DOS-style file names with drive letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
-## This next piece of magic avoids the `deleted header file' problem.
+## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
- tr ' ' '
-' < "$tmpdepfile" |
-## Some versions of gcc put a space before the `:'. On the theory
+ tr ' ' "$nl" < "$tmpdepfile" |
+## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
-## well.
+## well. hp depmode also adds that space, but also prefixes the VPATH
+## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
- sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
+ | sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -193,18 +213,15 @@
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
- # the IRIX cc adds comments like `#:fec' to the end of the
+ # the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
- tr ' ' '
-' < "$tmpdepfile" \
+ tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
- tr '
-' ' ' >> "$depfile"
+ tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
- tr ' ' '
-' < "$tmpdepfile" \
+ tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> "$depfile"
else
@@ -216,10 +233,17 @@
rm -f "$tmpdepfile"
;;
+xlc)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
- # current directory. Also, the AIX compiler puts `$object:' at the
+ # current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
@@ -249,12 +273,11 @@
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
- # Each line is of the form `foo.o: dependent.h'.
+ # Each line is of the form 'foo.o: dependent.h'.
# Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
+ # '$object: dependent.h' and one to simply 'dependent.h:'.
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
- # That's a tab and a space in the [].
- sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
@@ -265,12 +288,13 @@
;;
icc)
- # Intel's C compiler understands `-MD -MF file'. However on
- # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+ # Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'.
+ # However on
+ # $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# ICC 7.0 will fill foo.d with something like
# foo.o: sub/foo.c
# foo.o: sub/foo.h
- # which is wrong. We want:
+ # which is wrong. We want
# sub/foo.o: sub/foo.c
# sub/foo.o: sub/foo.h
# sub/foo.c:
@@ -277,11 +301,13 @@
# sub/foo.h:
# ICC 7.1 will output
# foo.o: sub/foo.c sub/foo.h
- # and will wrap long lines using \ :
+ # and will wrap long lines using '\':
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
-
+ # tcc 0.9.26 (FIXME still under development at the moment of writing)
+ # will emit a similar output, but also prepend the continuation lines
+ # with horizontal tabulation characters.
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
@@ -290,15 +316,21 @@
exit $stat
fi
rm -f "$depfile"
- # Each line is of the form `foo.o: dependent.h',
- # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+ # Each line is of the form 'foo.o: dependent.h',
+ # or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'.
# Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
- sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process this invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
- sed -e 's/$/ :/' >> "$depfile"
+ # '$object: dependent.h' and one to simply 'dependent.h:'.
+ sed -e "s/^[ $tab][ $tab]*/ /" -e "s,^[^:]*:,$object :," \
+ < "$tmpdepfile" > "$depfile"
+ sed '
+ s/[ '"$tab"'][ '"$tab"']*/ /g
+ s/^ *//
+ s/ *\\*$//
+ s/^[^:]*: *//
+ /^$/d
+ /:$/d
+ s/$/ :/
+ ' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -334,7 +366,7 @@
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
- # Add `dependent.h:' lines.
+ # Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
@@ -349,9 +381,9 @@
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
- # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
- # dependencies in `foo.d' instead, so we check for that too.
+ # dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
@@ -397,8 +429,7 @@
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
- # That's a tab and a space in the [].
- sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
@@ -405,6 +436,52 @@
rm -f "$tmpdepfile"
;;
+msvc7)
+ if test "$libtool" = yes; then
+ showIncludes=-Wc,-showIncludes
+ else
+ showIncludes=-showIncludes
+ fi
+ "$@" $showIncludes > "$tmpdepfile"
+ stat=$?
+ grep -v '^Note: including file: ' "$tmpdepfile"
+ if test "$stat" = 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ # The first sed program below extracts the file names and escapes
+ # backslashes for cygpath. The second sed program outputs the file
+ # name when reading, but also accumulates all include files in the
+ # hold buffer in order to output them again at the end. This only
+ # works with sed implementations that can handle large buffers.
+ sed < "$tmpdepfile" -n '
+/^Note: including file: *\(.*\)/ {
+ s//\1/
+ s/\\/\\\\/g
+ p
+}' | $cygpath_u | sort -u | sed -n '
+s/ /\\ /g
+s/\(.*\)/'"$tab"'\1 \\/p
+s/.\(.*\) \\/\1:/
+H
+$ {
+ s/.*/'"$tab"'/
+ G
+ p
+}' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvc7msys)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
#nosideeffect)
# This comment above is used by automake to tell side-effect
# dependency tracking mechanisms from slower ones.
@@ -422,7 +499,7 @@
shift
fi
- # Remove `-o $object'.
+ # Remove '-o $object'.
IFS=" "
for arg
do
@@ -442,15 +519,14 @@
done
test -z "$dashmflag" && dashmflag=-M
- # Require at least two characters before searching for `:'
+ # Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
- # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+ # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
- sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
- tr ' ' '
-' < "$tmpdepfile" | \
+ tr ' ' "$nl" < "$tmpdepfile" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@@ -503,9 +579,10 @@
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
- cat < "$tmpdepfile" > "$depfile"
- sed '1,2d' "$tmpdepfile" | tr ' ' '
-' | \
+ # makedepend may prepend the VPATH from the source file name to the object.
+ # No need to regex-escape $object, excess matching of '.' is harmless.
+ sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@@ -525,7 +602,7 @@
shift
fi
- # Remove `-o $object'.
+ # Remove '-o $object'.
IFS=" "
for arg
do
@@ -594,8 +671,8 @@
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
- sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
- echo " " >> "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
+ echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
Property changes on: vendor/bind/dist/unit/atf-src/admin/depcomp
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/admin/install-sh
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/install-sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/install-sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: install-sh.in,v 1.4 2007/07/12 18:32:50 jlam Exp $
+# $NetBSD: install-sh.in,v 1.6 2012/01/11 13:07:31 hans Exp $
# This script now also installs multiple files, but might choke on installing
# multiple files with spaces in the file names.
#
@@ -44,7 +44,8 @@
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
-instcmd="$mvprog"
+instcmd="$cpprog"
+instflags=""
pathcompchmodcmd="$chmodprog 755"
chmodcmd="$chmodprog 755"
chowncmd=""
@@ -84,6 +85,11 @@
shift
continue;;
+ -m*)
+ chmodcmd="$chmodprog ${1#-m}"
+ shift
+ continue;;
+
-o) chowncmd="$chownprog $2"
shift
shift
@@ -104,6 +110,10 @@
shift
continue;;
+ -p) instflags="-p"
+ shift
+ continue;;
+
*) if [ x"$msrc" = x ]
then
msrc="$dst"
@@ -154,7 +164,7 @@
if [ -f "$srcarg" ]
then
- doinst="$instcmd"
+ doinst="$instcmd $instflags"
elif [ -d "$srcarg" ]
then
echo "install: $srcarg: not a regular file"
Property changes on: vendor/bind/dist/unit/atf-src/admin/install-sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/admin/ltmain.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/ltmain.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/ltmain.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4522,7 +4522,7 @@
-l*)
if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*)
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
# These systems don't actually have a C or math library (as such)
continue
;;
@@ -6308,6 +6308,7 @@
func_arith $current - $age
major=.$func_arith_result
versuffix="$major.$age.$revision"
+ versuffix2="$major.$age"
;;
osf)
@@ -6368,8 +6369,10 @@
esac
if test "$need_version" = no; then
versuffix=
+ versuffix2=
else
versuffix=".0.0"
+ versuffix2=".0.0"
fi
fi
@@ -6377,6 +6380,7 @@
if test "$avoid_version" = yes && test "$need_version" = no; then
major=
versuffix=
+ versuffix2=
verstring=""
fi
@@ -6476,7 +6480,7 @@
if test "$build_libtool_libs" = yes; then
if test -n "$rpath"; then
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*)
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
# these systems don't actually have a c library (as such)!
;;
*-*-rhapsody* | *-*-darwin1.[012])
Property changes on: vendor/bind/dist/unit/atf-src/admin/ltmain.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/admin/missing
===================================================================
--- vendor/bind/dist/unit/atf-src/admin/missing 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/admin/missing 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,10 +1,9 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
-scriptversion=2009-04-28.21; # UTC
+scriptversion=2012-01-06.18; # UTC
-# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
-# 2008, 2009 Free Software Foundation, Inc.
+# Copyright (C) 1996-2012 Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard at iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -26,7 +25,7 @@
# the same distribution terms that you use for the rest of that program.
if test $# -eq 0; then
- echo 1>&2 "Try \`$0 --help' for more information"
+ echo 1>&2 "Try '$0 --help' for more information"
exit 1
fi
@@ -34,7 +33,7 @@
sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
-# In the cases where this matters, `missing' is being run in the
+# In the cases where this matters, 'missing' is being run in the
# srcdir already.
if test -f configure.ac; then
configure_ac=configure.ac
@@ -65,7 +64,7 @@
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
-Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+Handle 'PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Options:
@@ -74,21 +73,20 @@
--run try to run the given command, and emulate it if it fails
Supported PROGRAM values:
- aclocal touch file \`aclocal.m4'
- autoconf touch file \`configure'
- autoheader touch file \`config.h.in'
+ aclocal touch file 'aclocal.m4'
+ autoconf touch file 'configure'
+ autoheader touch file 'config.h.in'
autom4te touch the output file, or create a stub one
- automake touch all \`Makefile.in' files
- bison create \`y.tab.[ch]', if possible, from existing .[ch]
- flex create \`lex.yy.c', if possible, from existing .c
+ automake touch all 'Makefile.in' files
+ bison create 'y.tab.[ch]', if possible, from existing .[ch]
+ flex create 'lex.yy.c', if possible, from existing .c
help2man touch the output file
- lex create \`lex.yy.c', if possible, from existing .c
+ lex create 'lex.yy.c', if possible, from existing .c
makeinfo touch the output file
- tar try tar, gnutar, gtar, then tar without non-portable flags
- yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+ yacc create 'y.tab.[ch]', if possible, from existing .[ch]
-Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
-\`g' are ignored when checking the name.
+Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
+'g' are ignored when checking the name.
Send bug reports to <bug-automake at gnu.org>."
exit $?
@@ -100,8 +98,8 @@
;;
-*)
- echo 1>&2 "$0: Unknown \`$1' option"
- echo 1>&2 "Try \`$0 --help' for more information"
+ echo 1>&2 "$0: Unknown '$1' option"
+ echo 1>&2 "Try '$0 --help' for more information"
exit 1
;;
@@ -122,15 +120,6 @@
# Not GNU programs, they don't have --version.
;;
- tar*)
- if test -n "$run"; then
- echo 1>&2 "ERROR: \`tar' requires --run"
- exit 1
- elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
- exit 1
- fi
- ;;
-
*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
@@ -137,7 +126,7 @@
exit 1
elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
# Could not run --version or --help. This is probably someone
- # running `$TOOL --version' or `$TOOL --help' to check whether
+ # running '$TOOL --version' or '$TOOL --help' to check whether
# $TOOL exists and not knowing $TOOL uses missing.
exit 1
fi
@@ -149,9 +138,9 @@
case $program in
aclocal*)
echo 1>&2 "\
-WARNING: \`$1' is $msg. You should only need it if
- you modified \`acinclude.m4' or \`${configure_ac}'. You might want
- to install the \`Automake' and \`Perl' packages. Grab them from
+WARNING: '$1' is $msg. You should only need it if
+ you modified 'acinclude.m4' or '${configure_ac}'. You might want
+ to install the Automake and Perl packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
@@ -158,9 +147,9 @@
autoconf*)
echo 1>&2 "\
-WARNING: \`$1' is $msg. You should only need it if
- you modified \`${configure_ac}'. You might want to install the
- \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+WARNING: '$1' is $msg. You should only need it if
+ you modified '${configure_ac}'. You might want to install the
+ Autoconf and GNU m4 packages. Grab them from any GNU
archive site."
touch configure
;;
@@ -167,9 +156,9 @@
autoheader*)
echo 1>&2 "\
-WARNING: \`$1' is $msg. You should only need it if
- you modified \`acconfig.h' or \`${configure_ac}'. You might want
- to install the \`Autoconf' and \`GNU m4' packages. Grab them
+WARNING: '$1' is $msg. You should only need it if
+ you modified 'acconfig.h' or '${configure_ac}'. You might want
+ to install the Autoconf and GNU m4 packages. Grab them
from any GNU archive site."
files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
test -z "$files" && files="config.h"
@@ -186,9 +175,9 @@
automake*)
echo 1>&2 "\
-WARNING: \`$1' is $msg. You should only need it if
- you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
- You might want to install the \`Automake' and \`Perl' packages.
+WARNING: '$1' is $msg. You should only need it if
+ you modified 'Makefile.am', 'acinclude.m4' or '${configure_ac}'.
+ You might want to install the Automake and Perl packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print |
sed 's/\.am$/.in/' |
@@ -197,10 +186,10 @@
autom4te*)
echo 1>&2 "\
-WARNING: \`$1' is needed, but is $msg.
+WARNING: '$1' is needed, but is $msg.
You might have modified some files without having the
proper tools for further handling them.
- You can get \`$1' as part of \`Autoconf' from any GNU
+ You can get '$1' as part of Autoconf from any GNU
archive site."
file=`echo "$*" | sed -n "$sed_output"`
@@ -220,13 +209,13 @@
bison*|yacc*)
echo 1>&2 "\
-WARNING: \`$1' $msg. You should only need it if
- you modified a \`.y' file. You may need the \`Bison' package
+WARNING: '$1' $msg. You should only need it if
+ you modified a '.y' file. You may need the Bison package
in order for those modifications to take effect. You can get
- \`Bison' from any GNU archive site."
+ Bison from any GNU archive site."
rm -f y.tab.c y.tab.h
if test $# -ne 1; then
- eval LASTARG="\${$#}"
+ eval LASTARG=\${$#}
case $LASTARG in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
@@ -250,13 +239,13 @@
lex*|flex*)
echo 1>&2 "\
-WARNING: \`$1' is $msg. You should only need it if
- you modified a \`.l' file. You may need the \`Flex' package
+WARNING: '$1' is $msg. You should only need it if
+ you modified a '.l' file. You may need the Flex package
in order for those modifications to take effect. You can get
- \`Flex' from any GNU archive site."
+ Flex from any GNU archive site."
rm -f lex.yy.c
if test $# -ne 1; then
- eval LASTARG="\${$#}"
+ eval LASTARG=\${$#}
case $LASTARG in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
@@ -273,10 +262,10 @@
help2man*)
echo 1>&2 "\
-WARNING: \`$1' is $msg. You should only need it if
+WARNING: '$1' is $msg. You should only need it if
you modified a dependency of a manual page. You may need the
- \`Help2man' package in order for those modifications to take
- effect. You can get \`Help2man' from any GNU archive site."
+ Help2man package in order for those modifications to take
+ effect. You can get Help2man from any GNU archive site."
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
@@ -291,12 +280,12 @@
makeinfo*)
echo 1>&2 "\
-WARNING: \`$1' is $msg. You should only need it if
- you modified a \`.texi' or \`.texinfo' file, or any other file
+WARNING: '$1' is $msg. You should only need it if
+ you modified a '.texi' or '.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
- call might also be the consequence of using a buggy \`make' (AIX,
- DU, IRIX). You might want to install the \`Texinfo' package or
- the \`GNU make' package. Grab either from any GNU archive site."
+ call might also be the consequence of using a buggy 'make' (AIX,
+ DU, IRIX). You might want to install the Texinfo package or
+ the GNU make package. Grab either from any GNU archive site."
# The file to touch is that specified with -o ...
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
@@ -318,49 +307,14 @@
touch $file
;;
- tar*)
- shift
-
- # We have already tried tar in the generic part.
- # Look for gnutar/gtar before invocation to avoid ugly error
- # messages.
- if (gnutar --version > /dev/null 2>&1); then
- gnutar "$@" && exit 0
- fi
- if (gtar --version > /dev/null 2>&1); then
- gtar "$@" && exit 0
- fi
- firstarg="$1"
- if shift; then
- case $firstarg in
- *o*)
- firstarg=`echo "$firstarg" | sed s/o//`
- tar "$firstarg" "$@" && exit 0
- ;;
- esac
- case $firstarg in
- *h*)
- firstarg=`echo "$firstarg" | sed s/h//`
- tar "$firstarg" "$@" && exit 0
- ;;
- esac
- fi
-
- echo 1>&2 "\
-WARNING: I can't seem to be able to run \`tar' with the given arguments.
- You may want to install GNU tar or Free paxutils, or check the
- command line arguments."
- exit 1
- ;;
-
*)
echo 1>&2 "\
-WARNING: \`$1' is needed, and is $msg.
+WARNING: '$1' is needed, and is $msg.
You might have modified some files without having the
- proper tools for further handling them. Check the \`README' file,
+ proper tools for further handling them. Check the 'README' file,
it often tells you about the needed prerequisites for installing
this package. You may also peek at any GNU archive site, in case
- some other package would contain this missing \`$1' program."
+ some other package would contain this missing '$1' program."
exit 1
;;
esac
Property changes on: vendor/bind/dist/unit/atf-src/admin/missing
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/atf-c/Atffile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/Atffile 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -10,6 +10,7 @@
tp: config_test
tp: error_test
tp: macros_test
+tp: pkg_config_test
tp: tc_test
tp: tp_test
tp: utils_test
Added: vendor/bind/dist/unit/atf-src/atf-c/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,16 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="atf_c_test"}
+atf_test_program{name="build_test"}
+atf_test_program{name="check_test"}
+atf_test_program{name="config_test"}
+atf_test_program{name="error_test"}
+atf_test_program{name="macros_test"}
+atf_test_program{name="pkg_config_test"}
+atf_test_program{name="tc_test"}
+atf_test_program{name="tp_test"}
+atf_test_program{name="utils_test"}
+
+include("detail/Kyuafile")
Modified: vendor/bind/dist/unit/atf-src/atf-c/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -62,6 +62,7 @@
"-DATF_SHELL=\"$(ATF_SHELL)\"" \
"-DATF_WORKDIR=\"$(ATF_WORKDIR)\"" \
-I$(srcdir)/atf-c
+libatf_c_la_LDFLAGS = -version-info 0:0:0
# XXX For some reason, the nodist line above does not work as expected.
# Work this problem around.
@@ -84,21 +85,26 @@
dist_man_MANS += atf-c/atf-c-api.3
+atf_aclocal_DATA += atf-c/atf-common.m4 atf-c/atf-c.m4
+EXTRA_DIST += atf-c/atf-common.m4 atf-c/atf-c.m4
+
atf_cpkgconfigdir = $(atf_pkgconfigdir)
atf_cpkgconfig_DATA = atf-c/atf-c.pc
CLEANFILES += atf-c/atf-c.pc
EXTRA_DIST += atf-c/atf-c.pc.in
-atf-c/atf-c.pc: $(srcdir)/atf-c/atf-c.pc.in
+atf-c/atf-c.pc: $(srcdir)/atf-c/atf-c.pc.in Makefile
test -d atf-c || mkdir -p atf-c
- sed -e 's,__ATF_VERSION__, at PACKAGE_VERSION@,g' \
- -e 's,__CC__,$(CC),g' \
- -e 's,__INCLUDEDIR__,$(includedir),g' \
- -e 's,__LIBDIR__,$(libdir),g' \
+ sed -e 's#__ATF_VERSION__#$(PACKAGE_VERSION)#g' \
+ -e 's#__CC__#$(CC)#g' \
+ -e 's#__INCLUDEDIR__#$(includedir)#g' \
+ -e 's#__LIBDIR__#$(libdir)#g' \
<$(srcdir)/atf-c/atf-c.pc.in >atf-c/atf-c.pc.tmp
mv atf-c/atf-c.pc.tmp atf-c/atf-c.pc
tests_atf_c_DATA = atf-c/Atffile \
- atf-c/macros_h_test.c
+ atf-c/Kyuafile \
+ atf-c/macros_h_test.c \
+ atf-c/unused_test.c
tests_atf_cdir = $(pkgtestsdir)/atf-c
EXTRA_DIST += $(tests_atf_c_DATA)
Modified: vendor/bind/dist/unit/atf-src/atf-c/atf-c-api.3
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/atf-c-api.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/atf-c-api.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,14 +26,17 @@
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 1, 2010
+.Dd November 30, 2012
.Dt ATF-C-API 3
.Os
.Sh NAME
+.Nm atf-c-api ,
.Nm ATF_CHECK ,
.Nm ATF_CHECK_MSG ,
.Nm ATF_CHECK_EQ ,
.Nm ATF_CHECK_EQ_MSG ,
+.Nm ATF_CHECK_MATCH ,
+.Nm ATF_CHECK_MATCH_MSG ,
.Nm ATF_CHECK_STREQ ,
.Nm ATF_CHECK_STREQ_MSG ,
.Nm ATF_CHECK_ERRNO ,
@@ -41,6 +44,8 @@
.Nm ATF_REQUIRE_MSG ,
.Nm ATF_REQUIRE_EQ ,
.Nm ATF_REQUIRE_EQ_MSG ,
+.Nm ATF_REQUIRE_MATCH ,
+.Nm ATF_REQUIRE_MATCH_MSG ,
.Nm ATF_REQUIRE_STREQ ,
.Nm ATF_REQUIRE_STREQ_MSG ,
.Nm ATF_REQUIRE_ERRNO ,
@@ -56,6 +61,12 @@
.Nm ATF_TC_WITHOUT_HEAD ,
.Nm ATF_TP_ADD_TC ,
.Nm ATF_TP_ADD_TCS ,
+.Nm atf_tc_get_config_var ,
+.Nm atf_tc_get_config_var_wd ,
+.Nm atf_tc_get_config_var_as_bool ,
+.Nm atf_tc_get_config_var_as_bool_wd ,
+.Nm atf_tc_get_config_var_as_long ,
+.Nm atf_tc_get_config_var_as_long_wd ,
.Nm atf_no_error ,
.Nm atf_tc_expect_death ,
.Nm atf_tc_expect_exit ,
@@ -66,7 +77,19 @@
.Nm atf_tc_fail ,
.Nm atf_tc_fail_nonfatal ,
.Nm atf_tc_pass ,
-.Nm atf_tc_skip
+.Nm atf_tc_skip ,
+.Nm atf_utils_cat_file ,
+.Nm atf_utils_compare_file ,
+.Nm atf_utils_copy_file ,
+.Nm atf_utils_create_file ,
+.Nm atf_utils_file_exists ,
+.Nm atf_utils_fork ,
+.Nm atf_utils_free_charpp ,
+.Nm atf_utils_grep_file ,
+.Nm atf_utils_grep_string ,
+.Nm atf_utils_readline ,
+.Nm atf_utils_redirect ,
+.Nm atf_utils_wait
.Nd C API to write ATF-based test programs
.Sh SYNOPSIS
.In atf-c.h
@@ -74,6 +97,8 @@
.Fn ATF_CHECK_MSG "expression" "fail_msg_fmt" ...
.Fn ATF_CHECK_EQ "expression_1" "expression_2"
.Fn ATF_CHECK_EQ_MSG "expression_1" "expression_2" "fail_msg_fmt" ...
+.Fn ATF_CHECK_MATCH "regexp" "string"
+.Fn ATF_CHECK_MATCH_MSG "regexp" "string" "fail_msg_fmt" ...
.Fn ATF_CHECK_STREQ "string_1" "string_2"
.Fn ATF_CHECK_STREQ_MSG "string_1" "string_2" "fail_msg_fmt" ...
.Fn ATF_CHECK_ERRNO "exp_errno" "bool_expression"
@@ -81,6 +106,8 @@
.Fn ATF_REQUIRE_MSG "expression" "fail_msg_fmt" ...
.Fn ATF_REQUIRE_EQ "expression_1" "expression_2"
.Fn ATF_REQUIRE_EQ_MSG "expression_1" "expression_2" "fail_msg_fmt" ...
+.Fn ATF_REQUIRE_MATCH "regexp" "string"
+.Fn ATF_REQUIRE_MATCH_MSG "regexp" "string" "fail_msg_fmt" ...
.Fn ATF_REQUIRE_STREQ "string_1" "string_2"
.Fn ATF_REQUIRE_STREQ_MSG "string_1" "string_2" "fail_msg_fmt" ...
.Fn ATF_REQUIRE_ERRNO "exp_errno" "bool_expression"
@@ -96,6 +123,12 @@
.Fn ATF_TC_WITHOUT_HEAD "name"
.Fn ATF_TP_ADD_TC "tp_name" "tc_name"
.Fn ATF_TP_ADD_TCS "tp_name"
+.Fn atf_tc_get_config_var "tc" "varname"
+.Fn atf_tc_get_config_var_wd "tc" "variable_name" "default_value"
+.Fn atf_tc_get_config_var_as_bool "tc" "variable_name"
+.Fn atf_tc_get_config_var_as_bool_wd "tc" "variable_name" "default_value"
+.Fn atf_tc_get_config_var_as_long "tc" "variable_name"
+.Fn atf_tc_get_config_var_as_long_wd "tc" "variable_name" "default_value"
.Fn atf_no_error
.Fn atf_tc_expect_death "reason" "..."
.Fn atf_tc_expect_exit "exitcode" "reason" "..."
@@ -107,6 +140,67 @@
.Fn atf_tc_fail_nonfatal "reason"
.Fn atf_tc_pass
.Fn atf_tc_skip "reason"
+.Ft void
+.Fo atf_utils_cat_file
+.Fa "const char *file"
+.Fa "const char *prefix"
+.Fc
+.Ft bool
+.Fo atf_utils_compare_file
+.Fa "const char *file"
+.Fa "const char *contents"
+.Fc
+.Ft void
+.Fo atf_utils_copy_file
+.Fa "const char *source"
+.Fa "const char *destination"
+.Fc
+.Ft void
+.Fo atf_utils_create_file
+.Fa "const char *file"
+.Fa "const char *contents"
+.Fa "..."
+.Fc
+.Ft void
+.Fo atf_utils_file_exists
+.Fa "const char *file"
+.Fc
+.Ft pid_t
+.Fo atf_utils_fork
+.Fa "void"
+.Fc
+.Ft void
+.Fo atf_utils_free_charpp
+.Fa "char **argv"
+.Fc
+.Ft bool
+.Fo atf_utils_grep_file
+.Fa "const char *regexp"
+.Fa "const char *file"
+.Fa "..."
+.Fc
+.Ft bool
+.Fo atf_utils_grep_string
+.Fa "const char *regexp"
+.Fa "const char *str"
+.Fa "..."
+.Fc
+.Ft char *
+.Fo atf_utils_readline
+.Fa "int fd"
+.Fc
+.Ft void
+.Fo atf_utils_redirect
+.Fa "const int fd"
+.Fa "const char *file"
+.Fc
+.Ft void
+.Fo atf_utils_wait
+.Fa "const pid_t pid"
+.Fa "const int expected_exit_status"
+.Fa "const char *expected_stdout"
+.Fa "const char *expected_stderr"
+.Fc
.Sh DESCRIPTION
The ATF
.Pp
@@ -248,6 +342,16 @@
.Ft long
.Fn atf_tc_get_config_var_as_long_wd
functions, which can be called in any of the three parts of a test case.
+.Pp
+The
+.Sq _wd
+variants take a default value for the variable which is returned if the
+variable is not defined.
+The other functions without the
+.Sq _wd
+suffix
+.Em require
+the variable to be defined.
.Ss Access to the source directory
It is possible to get the path to the test case's source directory from any
of its three components by querying the
@@ -360,7 +464,7 @@
condition is detected by calling the
.Fn atf_tc_fail
function.
-Use this variant whenever it makes now sense to continue the execution of a
+Use this variant whenever it makes no sense to continue the execution of a
test case when the checked condition is not met.
The
.Sq CHECK
@@ -395,6 +499,16 @@
.Fn ATF_REQUIRE_EQ_MSG
take two expressions and fail if the two evaluated values are not equal.
.Pp
+.Fn ATF_CHECK_MATCH ,
+.Fn ATF_CHECK_MATCH_MSG ,
+.Fn ATF_REQUIRE_MATCH
+and
+.Fn ATF_REQUIRE_MATCH_MSG
+take a regular expression and a string and fail if the regular expression does
+not match the given string.
+Note that the regular expression is not anchored, so it will match anywhere in
+the string.
+.Pp
.Fn ATF_CHECK_STREQ ,
.Fn ATF_CHECK_STREQ_MSG ,
.Fn ATF_REQUIRE_STREQ
@@ -411,6 +525,180 @@
means that a call failed and
.Va errno
has to be checked against the first value.
+.Ss Utility functions
+The following functions are provided as part of the
+.Nm
+API to simplify the creation of a variety of tests.
+In particular, these are useful to write tests for command-line interfaces.
+.Pp
+.Ft void
+.Fo atf_utils_cat_file
+.Fa "const char *file"
+.Fa "const char *prefix"
+.Fc
+.Bd -offset indent
+Prints the contents of
+.Fa file
+to the standard output, prefixing every line with the string in
+.Fa prefix .
+.Ed
+.Pp
+.Ft bool
+.Fo atf_utils_compare_file
+.Fa "const char *file"
+.Fa "const char *contents"
+.Fc
+.Bd -offset indent
+Returns true if the given
+.Fa file
+matches exactly the expected inlined
+.Fa contents .
+.Ed
+.Pp
+.Ft void
+.Fo atf_utils_copy_file
+.Fa "const char *source"
+.Fa "const char *destination"
+.Fc
+.Bd -offset indent
+Copies the file
+.Fa source
+to
+.Fa destination .
+The permissions of the file are preserved during the code.
+.Ed
+.Pp
+.Ft void
+.Fo atf_utils_create_file
+.Fa "const char *file"
+.Fa "const char *contents"
+.Fa "..."
+.Fc
+.Bd -offset indent
+Creates
+.Fa file
+with the text given in
+.Fa contents ,
+which is a formatting string that uses the rest of the variable arguments.
+.Ed
+.Pp
+.Ft void
+.Fo atf_utils_file_exists
+.Fa "const char *file"
+.Fc
+.Bd -offset indent
+Checks if
+.Fa file
+exists.
+.Ed
+.Pp
+.Ft pid_t
+.Fo atf_utils_fork
+.Fa "void"
+.Fc
+.Bd -offset indent
+Forks a process and redirects the standard output and standard error of the
+child to files for later validation with
+.Fn atf_utils_wait .
+Fails the test case if the fork fails, so this does not return an error.
+.Ed
+.Pp
+.Ft void
+.Fo atf_utils_free_charpp
+.Fa "char **argv"
+.Fc
+.Bd -offset indent
+Frees a dynamically-allocated array of dynamically-allocated strings.
+.Ed
+.Pp
+.Ft bool
+.Fo atf_utils_grep_file
+.Fa "const char *regexp"
+.Fa "const char *file"
+.Fa "..."
+.Fc
+.Bd -offset indent
+Searches for the
+.Fa regexp ,
+which is a formatting string representing the regular expression,
+in the
+.Fa file .
+The variable arguments are used to construct the regular expression.
+.Ed
+.Pp
+.Ft bool
+.Fo atf_utils_grep_string
+.Fa "const char *regexp"
+.Fa "const char *str"
+.Fa "..."
+.Fc
+.Bd -offset indent
+Searches for the
+.Fa regexp ,
+which is a formatting string representing the regular expression,
+in the literal string
+.Fa str .
+The variable arguments are used to construct the regular expression.
+.Ed
+.Pp
+.Ft char *
+.Fo atf_utils_readline
+.Fa "int fd"
+.Fc
+.Bd -offset indent
+Reads a line from the file descriptor
+.Fa fd .
+The line, if any, is returned as a dynamically-allocated buffer that must be
+released with
+.Xr free 3 .
+If there was nothing to read, returns
+.Sq NULL .
+.Ed
+.Pp
+.Ft void
+.Fo atf_utils_redirect
+.Fa "const int fd"
+.Fa "const char *file"
+.Fc
+.Bd -offset indent
+Redirects the given file descriptor
+.Fa fd
+to
+.Fa file .
+This function exits the process in case of an error and does not properly mark
+the test case as failed.
+As a result, it should only be used in subprocesses of the test case; specially
+those spawned by
+.Fn atf_utils_fork .
+.Ed
+.Pp
+.Ft void
+.Fo atf_utils_wait
+.Fa "const pid_t pid"
+.Fa "const int expected_exit_status"
+.Fa "const char *expected_stdout"
+.Fa "const char *expected_stderr"
+.Fc
+.Bd -offset indent
+Waits and validates the result of a subprocess spawned with
+.Fn atf_utils_wait .
+The validation involves checking that the subprocess exited cleanly and returned
+the code specified in
+.Fa expected_exit_status
+and that its standard output and standard error match the strings given in
+.Fa expected_stdout
+and
+.Fa expected_stderr .
+.Pp
+If any of the
+.Fa expected_stdout
+or
+.Fa expected_stderr
+strings are prefixed with
+.Sq save: ,
+then they specify the name of the file into which to store the stdout or stderr
+of the subprocess, and no comparison is performed.
+.Ed
.Sh EXAMPLES
The following shows a complete test program with a single test case that
validates the addition operator:
Added: vendor/bind/dist/unit/atf-src/atf-c/atf-c.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/atf-c.m4 (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c/atf-c.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,48 @@
+dnl
+dnl Automated Testing Framework (atf)
+dnl
+dnl Copyright 2011 Google Inc.
+dnl All rights reserved.
+dnl
+dnl Redistribution and use in source and binary forms, with or without
+dnl modification, are permitted provided that the following conditions are
+dnl met:
+dnl
+dnl * Redistributions of source code must retain the above copyright
+dnl notice, this list of conditions and the following disclaimer.
+dnl * Redistributions in binary form must reproduce the above copyright
+dnl notice, this list of conditions and the following disclaimer in the
+dnl documentation and/or other materials provided with the distribution.
+dnl * Neither the name of Google Inc. nor the names of its contributors
+dnl may be used to endorse or promote products derived from this software
+dnl without specific prior written permission.
+dnl
+dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+dnl "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+dnl LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+dnl A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+dnl OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+dnl SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+dnl LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+dnl DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+dnl THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+dnl OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+dnl
+
+dnl ATF_CHECK_C([version-spec])
+dnl
+dnl Checks if atf-c is present. If version-spec is provided, ensures that
+dnl the installed version of atf-sh matches the required version. This
+dnl argument must be something like '>= 0.14' and accepts any version
+dnl specification supported by pkg-config.
+dnl
+dnl Defines and substitutes ATF_C_CFLAGS and ATF_C_LIBS with the compiler
+dnl and linker flags need to build against atf-c.
+AC_DEFUN([ATF_CHECK_C], [
+ spec="atf-c[]m4_default_nblank([ $1], [])"
+ _ATF_CHECK_ARG_WITH(
+ [PKG_CHECK_MODULES([ATF_C], [${spec}],
+ [found=yes found_atf_c=yes], [found=no])],
+ [required ${spec} not found])
+])
Added: vendor/bind/dist/unit/atf-src/atf-c/atf-common.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/atf-common.m4 (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c/atf-common.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,92 @@
+dnl
+dnl Automated Testing Framework (atf)
+dnl
+dnl Copyright 2011 Google Inc.
+dnl All rights reserved.
+dnl
+dnl Redistribution and use in source and binary forms, with or without
+dnl modification, are permitted provided that the following conditions are
+dnl met:
+dnl
+dnl * Redistributions of source code must retain the above copyright
+dnl notice, this list of conditions and the following disclaimer.
+dnl * Redistributions in binary form must reproduce the above copyright
+dnl notice, this list of conditions and the following disclaimer in the
+dnl documentation and/or other materials provided with the distribution.
+dnl * Neither the name of Google Inc. nor the names of its contributors
+dnl may be used to endorse or promote products derived from this software
+dnl without specific prior written permission.
+dnl
+dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+dnl "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+dnl LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+dnl A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+dnl OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+dnl SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+dnl LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+dnl DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+dnl THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+dnl OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+dnl
+
+dnl ATF_ARG_WITH
+dnl
+dnl Adds a --with-atf flag to the configure script that allows the user to
+dnl enable or disable atf support.
+dnl
+dnl The ATF_CHECK_{C,CXX,SH} macros honor the flag defined herein if
+dnl instantiated. If not instantiated, they will request the presence of
+dnl the libraries unconditionally.
+dnl
+dnl Defines the WITH_ATF Automake conditional if ATF has been found by any
+dnl of the ATF_CHECK_{C,CXX,SH} macros.
+AC_DEFUN([ATF_ARG_WITH], [
+ m4_define([atf_arg_with_called], [yes])
+
+ m4_divert_text([DEFAULTS], [with_atf=auto])
+ AC_ARG_WITH([atf],
+ [AS_HELP_STRING([--with-atf=<yes|no|auto>],
+ [build atf-based test programs])],
+ [with_atf=${withval}], [with_atf=auto])
+
+ m4_divert_text([DEFAULTS], [
+ found_atf_c=no
+ found_atf_cxx=no
+ found_atf_sh=no
+ ])
+ AM_CONDITIONAL([WITH_ATF], [test x"${found_atf_c}" = x"yes" -o \
+ x"${found_atf_cxx}" = x"yes" -o \
+ x"${found_atf_sh}" = x"yes"])
+])
+
+dnl _ATF_CHECK_ARG_WITH(check, error_message)
+dnl
+dnl Internal macro to execute a check conditional on the --with-atf flag
+dnl and handle the result accordingly.
+dnl
+dnl 'check' specifies the piece of code to be run to detect the feature.
+dnl This code must set the 'found' shell variable to yes or no depending
+dnl on the raw result of the check.
+AC_DEFUN([_ATF_CHECK_ARG_WITH], [
+ m4_ifdef([atf_arg_with_called], [
+ m4_fatal([ATF_ARG_WITH must be called after the ATF_CHECK_* checks])
+ ])
+
+ m4_divert_text([DEFAULTS], [with_atf=yes])
+
+ if test x"${with_atf}" = x"no"; then
+ _found=no
+ else
+ $1
+ if test x"${with_atf}" = x"auto"; then
+ _found="${found}"
+ else
+ if test x"${found}" = x"yes"; then
+ _found=yes
+ else
+ AC_MSG_ERROR([$2])
+ fi
+ fi
+ fi
+])
Modified: vendor/bind/dist/unit/atf-src/atf-c/atf_c_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/atf_c_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/atf_c_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/check.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/check.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/check.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -306,8 +306,6 @@
if (r->pimpl == NULL)
return atf_no_memory_error();
- (void) atf_config_get("atf_workdir");
-
err = array_to_list(argv, &r->pimpl->m_argv);
if (atf_is_error(err))
goto out;
Modified: vendor/bind/dist/unit/atf-src/atf-c/check.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/check.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/check.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/check_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/check_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/check_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -90,14 +90,10 @@
void
check_line(int fd, const char *exp)
{
- atf_dynstr_t line;
-
- atf_dynstr_init(&line);
- ATF_CHECK(!read_line(fd, &line));
- ATF_CHECK_MSG(atf_equal_dynstr_cstring(&line, exp),
- "read: '%s', expected: '%s'",
- atf_dynstr_cstring(&line), exp);
- atf_dynstr_fini(&line);
+ char *line = atf_utils_readline(fd);
+ ATF_CHECK(line != NULL);
+ ATF_CHECK_STREQ_MSG(exp, line, "read: '%s', expected: '%s'", line, exp);
+ free(line);
}
/* ---------------------------------------------------------------------
@@ -246,15 +242,15 @@
{
init_and_run_h_tc(&ATF_TC_NAME(h_build_c_o_ok),
&ATF_TC_PACK_NAME(h_build_c_o_ok), "stdout", "stderr");
- ATF_CHECK(grep_file("stdout", "-o test.o"));
- ATF_CHECK(grep_file("stdout", "-c test.c"));
+ ATF_CHECK(atf_utils_grep_file("-o test.o", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("-c test.c", "stdout"));
init_and_run_h_tc(&ATF_TC_NAME(h_build_c_o_fail),
&ATF_TC_PACK_NAME(h_build_c_o_fail), "stdout", "stderr");
- ATF_CHECK(grep_file("stdout", "-o test.o"));
- ATF_CHECK(grep_file("stdout", "-c test.c"));
- ATF_CHECK(grep_file("stderr", "test.c"));
- ATF_CHECK(grep_file("stderr", "UNDEFINED_SYMBOL"));
+ ATF_CHECK(atf_utils_grep_file("-o test.o", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("-c test.c", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("test.c", "stderr"));
+ ATF_CHECK(atf_utils_grep_file("UNDEFINED_SYMBOL", "stderr"));
}
ATF_TC(build_cpp);
@@ -267,16 +263,16 @@
{
init_and_run_h_tc(&ATF_TC_NAME(h_build_cpp_ok),
&ATF_TC_PACK_NAME(h_build_cpp_ok), "stdout", "stderr");
- ATF_CHECK(grep_file("stdout", "-o.*test.p"));
- ATF_CHECK(grep_file("stdout", "test.c"));
- ATF_CHECK(grep_file("test.p", "foo bar"));
+ ATF_CHECK(atf_utils_grep_file("-o.*test.p", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("test.c", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("foo bar", "test.p"));
init_and_run_h_tc(&ATF_TC_NAME(h_build_cpp_fail),
&ATF_TC_PACK_NAME(h_build_cpp_fail), "stdout", "stderr");
- ATF_CHECK(grep_file("stdout", "-o test.p"));
- ATF_CHECK(grep_file("stdout", "test.c"));
- ATF_CHECK(grep_file("stderr", "test.c"));
- ATF_CHECK(grep_file("stderr", "non-existent.h"));
+ ATF_CHECK(atf_utils_grep_file("-o test.p", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("test.c", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("test.c", "stderr"));
+ ATF_CHECK(atf_utils_grep_file("non-existent.h", "stderr"));
}
ATF_TC(build_cxx_o);
@@ -289,15 +285,15 @@
{
init_and_run_h_tc(&ATF_TC_NAME(h_build_cxx_o_ok),
&ATF_TC_PACK_NAME(h_build_cxx_o_ok), "stdout", "stderr");
- ATF_CHECK(grep_file("stdout", "-o test.o"));
- ATF_CHECK(grep_file("stdout", "-c test.cpp"));
+ ATF_CHECK(atf_utils_grep_file("-o test.o", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("-c test.cpp", "stdout"));
init_and_run_h_tc(&ATF_TC_NAME(h_build_cxx_o_fail),
&ATF_TC_PACK_NAME(h_build_cxx_o_fail), "stdout", "stderr");
- ATF_CHECK(grep_file("stdout", "-o test.o"));
- ATF_CHECK(grep_file("stdout", "-c test.cpp"));
- ATF_CHECK(grep_file("stderr", "test.cpp"));
- ATF_CHECK(grep_file("stderr", "UNDEFINED_SYMBOL"));
+ ATF_CHECK(atf_utils_grep_file("-o test.o", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("-c test.cpp", "stdout"));
+ ATF_CHECK(atf_utils_grep_file("test.cpp", "stderr"));
+ ATF_CHECK(atf_utils_grep_file("UNDEFINED_SYMBOL", "stderr"));
}
ATF_TC(exec_array);
Modified: vendor/bind/dist/unit/atf-src/atf-c/config.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/config.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/config.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/config_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/config_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/config_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/defs.h.in
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/defs.h.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/defs.h.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -30,6 +30,8 @@
#if !defined(ATF_C_DEFS_H)
#define ATF_C_DEFS_H
+#define ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(a, b) @ATTRIBUTE_FORMAT_PRINTF@
#define ATF_DEFS_ATTRIBUTE_NORETURN @ATTRIBUTE_NORETURN@
+#define ATF_DEFS_ATTRIBUTE_UNUSED @ATTRIBUTE_UNUSED@
#endif /* !defined(ATF_C_DEFS_H) */
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/Atffile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/Atffile 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -9,6 +9,5 @@
tp: map_test
tp: process_test
tp: sanity_test
-tp: test_helpers_test
tp: text_test
tp: user_test
Added: vendor/bind/dist/unit/atf-src/atf-c/detail/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,13 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="dynstr_test"}
+atf_test_program{name="env_test"}
+atf_test_program{name="fs_test"}
+atf_test_program{name="list_test"}
+atf_test_program{name="map_test"}
+atf_test_program{name="process_test"}
+atf_test_program{name="sanity_test"}
+atf_test_program{name="text_test"}
+atf_test_program{name="user_test"}
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -47,7 +47,8 @@
atf-c/detail/user.c \
atf-c/detail/user.h
-tests_atf_c_detail_DATA = atf-c/detail/Atffile
+tests_atf_c_detail_DATA = atf-c/detail/Atffile \
+ atf-c/detail/Kyuafile
tests_atf_c_detaildir = $(pkgtestsdir)/atf-c/detail
EXTRA_DIST += $(tests_atf_c_detail_DATA)
@@ -68,11 +69,6 @@
atf_c_detail_fs_test_SOURCES = atf-c/detail/fs_test.c
atf_c_detail_fs_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
-tests_atf_c_detail_PROGRAMS += atf-c/detail/test_helpers_test
-atf_c_detail_test_helpers_test_SOURCES = atf-c/detail/test_helpers_test.c
-atf_c_detail_test_helpers_test_LDADD = atf-c/detail/libtest_helpers.la \
- libatf-c.la
-
tests_atf_c_detail_PROGRAMS += atf-c/detail/list_test
atf_c_detail_list_test_SOURCES = atf-c/detail/list_test.c
atf_c_detail_list_test_LDADD = atf-c/detail/libtest_helpers.la libatf-c.la
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/dynstr_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/env.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/env.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/env.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/env_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/env_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/env_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/fs.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/fs.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/fs.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -46,6 +46,7 @@
#include <string.h>
#include <unistd.h>
+#include "atf-c/defs.h"
#include "atf-c/error.h"
#include "fs.h"
@@ -584,7 +585,7 @@
}
void
-atf_fs_stat_fini(atf_fs_stat_t *st)
+atf_fs_stat_fini(atf_fs_stat_t *st ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/fs.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/fs.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/fs.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/fs_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/fs_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/fs_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/list.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/list.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/list.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/list.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/list.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/list.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/list_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/list_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/list_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/map.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/map.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/map.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/map.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/map.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/map.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/map_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/map_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/map_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/process.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/process.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/process.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -197,7 +197,7 @@
}
void
-atf_process_status_fini(atf_process_status_t *s)
+atf_process_status_fini(atf_process_status_t *s ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
@@ -592,6 +592,7 @@
struct exec_args {
const atf_fs_path_t *m_prog;
const char *const *m_argv;
+ void (*m_prehook)(void);
};
static
@@ -600,6 +601,9 @@
{
struct exec_args *ea = v;
+ if (ea->m_prehook != NULL)
+ ea->m_prehook();
+
const int ret = const_execvp(atf_fs_path_cstring(ea->m_prog), ea->m_argv);
const int errnocopy = errno;
INV(ret == -1);
@@ -613,11 +617,12 @@
const atf_fs_path_t *prog,
const char *const *argv,
const atf_process_stream_t *outsb,
- const atf_process_stream_t *errsb)
+ const atf_process_stream_t *errsb,
+ void (*prehook)(void))
{
atf_error_t err;
atf_process_child_t c;
- struct exec_args ea = { prog, argv };
+ struct exec_args ea = { prog, argv, prehook };
PRE(outsb == NULL ||
atf_process_stream_type(outsb) != atf_process_stream_type_capture);
@@ -645,7 +650,8 @@
const atf_fs_path_t *prog,
const atf_list_t *argv,
const atf_process_stream_t *outsb,
- const atf_process_stream_t *errsb)
+ const atf_process_stream_t *errsb,
+ void (*prehook)(void))
{
atf_error_t err;
const char **argv2;
@@ -660,7 +666,7 @@
if (atf_is_error(err))
goto out;
- err = atf_process_exec_array(s, prog, argv2, outsb, errsb);
+ err = atf_process_exec_array(s, prog, argv2, outsb, errsb, prehook);
free(argv2);
out:
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/process.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/process.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/process.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -124,11 +124,13 @@
const atf_fs_path_t *,
const char *const *,
const atf_process_stream_t *,
- const atf_process_stream_t *);
+ const atf_process_stream_t *,
+ void (*)(void));
atf_error_t atf_process_exec_list(atf_process_status_t *,
const atf_fs_path_t *,
const atf_list_t *,
const atf_process_stream_t *,
- const atf_process_stream_t *);
+ const atf_process_stream_t *,
+ void (*)(void));
#endif /* !defined(ATF_C_PROCESS_H) */
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/process_helpers.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/process_helpers.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/process_helpers.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/process_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/process_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/process_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -28,8 +28,8 @@
*/
#include <sys/types.h>
+#include <sys/time.h>
#include <sys/resource.h>
-#include <sys/time.h>
#include <sys/wait.h>
#include <errno.h>
@@ -95,12 +95,12 @@
{
switch (type) {
case stdout_type:
- ATF_CHECK(grep_file("stdout", "stdout: msg"));
- ATF_CHECK(!grep_file("stdout", "stderr: msg"));
+ ATF_CHECK(atf_utils_grep_file("stdout: msg", "stdout"));
+ ATF_CHECK(!atf_utils_grep_file("stderr: msg", "stdout"));
break;
case stderr_type:
- ATF_CHECK(grep_file("stderr", "stderr: msg"));
- ATF_CHECK(!grep_file("stderr", "stdout: msg"));
+ ATF_CHECK(atf_utils_grep_file("stderr: msg", "stderr"));
+ ATF_CHECK(!atf_utils_grep_file("stdout: msg", "stderr"));
break;
default:
UNREACHABLE;
@@ -110,7 +110,7 @@
struct capture_stream {
struct base_stream m_base;
- atf_dynstr_t m_msg;
+ char *m_msg;
};
#define CAPTURE_STREAM(type) \
{ .m_base = BASE_STREAM(capture_stream_init, \
@@ -126,7 +126,7 @@
s->m_base.m_sb_ptr = &s->m_base.m_sb;
RE(atf_process_stream_init_capture(&s->m_base.m_sb));
- RE(atf_dynstr_init(&s->m_msg));
+ s->m_msg = NULL;
}
static
@@ -137,10 +137,10 @@
switch (s->m_base.m_type) {
case stdout_type:
- (void) read_line(atf_process_child_stdout(c), &s->m_msg);
+ s->m_msg = atf_utils_readline(atf_process_child_stdout(c));
break;
case stderr_type:
- (void) read_line(atf_process_child_stderr(c), &s->m_msg);
+ s->m_msg = atf_utils_readline(atf_process_child_stderr(c));
break;
default:
UNREACHABLE;
@@ -155,18 +155,18 @@
switch (s->m_base.m_type) {
case stdout_type:
- ATF_CHECK(grep_string(&s->m_msg, "stdout: msg"));
- ATF_CHECK(!grep_string(&s->m_msg, "stderr: msg"));
+ ATF_CHECK(atf_utils_grep_string("stdout: msg", s->m_msg));
+ ATF_CHECK(!atf_utils_grep_string("stderr: msg", s->m_msg));
break;
case stderr_type:
- ATF_CHECK(!grep_string(&s->m_msg, "stdout: msg"));
- ATF_CHECK(grep_string(&s->m_msg, "stderr: msg"));
+ ATF_CHECK(!atf_utils_grep_string("stdout: msg", s->m_msg));
+ ATF_CHECK(atf_utils_grep_string("stderr: msg", s->m_msg));
break;
default:
UNREACHABLE;
}
- atf_dynstr_fini(&s->m_msg);
+ free(s->m_msg);
atf_process_stream_fini(&s->m_base.m_sb);
}
@@ -689,7 +689,7 @@
static
void
-child_report_pid(void *v)
+child_report_pid(void *v ATF_DEFS_ATTRIBUTE_UNUSED)
{
const pid_t pid = getpid();
if (write(STDOUT_FILENO, &pid, sizeof(pid)) != sizeof(pid))
@@ -730,7 +730,7 @@
static
void
-child_loop(void *v)
+child_loop(void *v ATF_DEFS_ATTRIBUTE_UNUSED)
{
for (;;)
sleep(1);
@@ -738,13 +738,13 @@
static
void
-nop_signal(int sig)
+nop_signal(int sig ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
static
void
-child_spawn_loop_and_wait_eintr(void *v)
+child_spawn_loop_and_wait_eintr(void *v ATF_DEFS_ATTRIBUTE_UNUSED)
{
atf_process_child_t child;
atf_process_status_t status;
@@ -860,7 +860,8 @@
static
void
-do_exec(const atf_tc_t *tc, const char *helper_name, atf_process_status_t *s)
+do_exec(const atf_tc_t *tc, const char *helper_name, atf_process_status_t *s,
+ void (*prehook)(void))
{
atf_fs_path_t process_helpers;
const char *argv[3];
@@ -872,7 +873,7 @@
argv[2] = NULL;
printf("Executing %s %s\n", argv[0], argv[1]);
- RE(atf_process_exec_array(s, &process_helpers, argv, NULL, NULL));
+ RE(atf_process_exec_array(s, &process_helpers, argv, NULL, NULL, prehook));
atf_fs_path_fini(&process_helpers);
}
@@ -880,16 +881,10 @@
void
check_line(int fd, const char *exp)
{
- atf_dynstr_t line;
- bool eof;
-
- atf_dynstr_init(&line);
- eof = read_line(fd, &line);
- ATF_CHECK(!eof);
- ATF_CHECK_MSG(atf_equal_dynstr_cstring(&line, exp),
- "read: '%s', expected: '%s'",
- atf_dynstr_cstring(&line), exp);
- atf_dynstr_fini(&line);
+ char *line = atf_utils_readline(fd);
+ ATF_CHECK(line != NULL);
+ ATF_CHECK_STREQ_MSG(exp, line, "read: '%s', expected: '%s'", line, exp);
+ free(line);
}
ATF_TC(exec_failure);
@@ -901,7 +896,7 @@
{
atf_process_status_t status;
- do_exec(tc, "exit-failure", &status);
+ do_exec(tc, "exit-failure", &status, NULL);
ATF_CHECK(atf_process_status_exited(&status));
ATF_CHECK_EQ(atf_process_status_exitstatus(&status), EXIT_FAILURE);
atf_process_status_fini(&status);
@@ -931,7 +926,7 @@
RE(atf_fs_path_init_fmt(&outpath, "stdout"));
RE(atf_process_stream_init_redirect_path(&outsb, &outpath));
RE(atf_process_exec_list(&status, &process_helpers, &argv, &outsb,
- NULL));
+ NULL, NULL));
atf_process_stream_fini(&outsb);
atf_fs_path_fini(&outpath);
}
@@ -951,6 +946,27 @@
atf_fs_path_fini(&process_helpers);
}
+static void
+exit_early(void)
+{
+ exit(80);
+}
+
+ATF_TC(exec_prehook);
+ATF_TC_HEAD(exec_prehook, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests execing a command with a prehook");
+}
+ATF_TC_BODY(exec_prehook, tc)
+{
+ atf_process_status_t status;
+
+ do_exec(tc, "exit-success", &status, exit_early);
+ ATF_CHECK(atf_process_status_exited(&status));
+ ATF_CHECK_EQ(atf_process_status_exitstatus(&status), 80);
+ atf_process_status_fini(&status);
+}
+
ATF_TC(exec_success);
ATF_TC_HEAD(exec_success, tc)
{
@@ -960,7 +976,7 @@
{
atf_process_status_t status;
- do_exec(tc, "exit-success", &status);
+ do_exec(tc, "exit-success", &status, NULL);
ATF_CHECK(atf_process_status_exited(&status));
ATF_CHECK_EQ(atf_process_status_exitstatus(&status), EXIT_SUCCESS);
atf_process_status_fini(&status);
@@ -1103,6 +1119,7 @@
/* Add the tests for the free functions. */
ATF_TP_ADD_TC(tp, exec_failure);
ATF_TP_ADD_TC(tp, exec_list);
+ ATF_TP_ADD_TC(tp, exec_prehook);
ATF_TP_ADD_TC(tp, exec_success);
ATF_TP_ADD_TC(tp, fork_cookie);
ATF_TP_ADD_TC(tp, fork_out_capture_err_capture);
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/sanity.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/sanity.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/sanity.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -56,14 +56,17 @@
#define INV(x) \
do { \
+ (void)(x); \
} while (0)
#define PRE(x) \
do { \
+ (void)(x); \
} while (0)
#define POST(x) \
do { \
+ (void)(x); \
} while (0)
#endif /* !defined(NDEBUG) */
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/sanity_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/sanity_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/sanity_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -53,21 +53,6 @@
enum type { inv, pre, post, unreachable };
-static
-bool
-grep(const atf_dynstr_t *line, const char *text)
-{
- const char *l = atf_dynstr_cstring(line);
- bool found;
-
- found = false;
-
- if (strstr(l, text) != NULL)
- found = true;
-
- return found;
-}
-
struct test_data {
enum type m_type;
bool m_cond;
@@ -109,9 +94,8 @@
{
atf_process_child_t child;
atf_process_status_t status;
- bool eof;
int nlines;
- atf_dynstr_t lines[3];
+ char *lines[3];
{
atf_process_stream_t outsb, errsb;
@@ -125,13 +109,9 @@
}
nlines = 0;
- eof = false;
- do {
- RE(atf_dynstr_init(&lines[nlines]));
- if (!eof)
- eof = read_line(atf_process_child_stderr(&child), &lines[nlines]);
+ while (nlines < 3 && (lines[nlines] =
+ atf_utils_readline(atf_process_child_stderr(&child))) != NULL)
nlines++;
- } while (nlines < 3);
ATF_REQUIRE(nlines == 0 || nlines == 3);
RE(atf_process_child_wait(&child, &status));
@@ -147,29 +127,29 @@
if (!cond) {
switch (t) {
case inv:
- ATF_REQUIRE(grep(&lines[0], "Invariant"));
+ ATF_REQUIRE(atf_utils_grep_string("Invariant", lines[0]));
break;
case pre:
- ATF_REQUIRE(grep(&lines[0], "Precondition"));
+ ATF_REQUIRE(atf_utils_grep_string("Precondition", lines[0]));
break;
case post:
- ATF_REQUIRE(grep(&lines[0], "Postcondition"));
+ ATF_REQUIRE(atf_utils_grep_string("Postcondition", lines[0]));
break;
case unreachable:
- ATF_REQUIRE(grep(&lines[0], "Invariant"));
+ ATF_REQUIRE(atf_utils_grep_string("Invariant", lines[0]));
break;
}
- ATF_REQUIRE(grep(&lines[0], __FILE__));
- ATF_REQUIRE(grep(&lines[2], PACKAGE_BUGREPORT));
+ ATF_REQUIRE(atf_utils_grep_string(__FILE__, lines[0]));
+ ATF_REQUIRE(atf_utils_grep_string(PACKAGE_BUGREPORT, lines[2]));
}
while (nlines > 0) {
nlines--;
- atf_dynstr_fini(&lines[nlines]);
+ free(lines[nlines]);
}
}
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -30,7 +30,6 @@
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
-#include <regex.h>
#include <unistd.h>
#include "atf-c/build.h"
@@ -46,38 +45,42 @@
static
void
-build_check_c_o_aux(const char *path, const char *failmsg)
+build_check_c_o_aux(const char *path, const char *failmsg,
+ const bool expect_pass)
{
bool success;
atf_dynstr_t iflag;
- const char *optargs[2];
+ const char *optargs[4];
RE(atf_dynstr_init_fmt(&iflag, "-I%s", atf_config_get("atf_includedir")));
optargs[0] = atf_dynstr_cstring(&iflag);
- optargs[1] = NULL;
+ optargs[1] = "-Wall";
+ optargs[2] = "-Werror";
+ optargs[3] = NULL;
RE(atf_check_build_c_o(path, "test.o", optargs, &success));
atf_dynstr_fini(&iflag);
- if (!success)
- atf_tc_fail(failmsg);
+ if ((expect_pass && !success) || (!expect_pass && success))
+ atf_tc_fail("%s", failmsg);
}
void
-build_check_c_o(const atf_tc_t *tc, const char *sfile, const char *failmsg)
+build_check_c_o(const atf_tc_t *tc, const char *sfile, const char *failmsg,
+ const bool expect_pass)
{
atf_fs_path_t path;
RE(atf_fs_path_init_fmt(&path, "%s/%s",
atf_tc_get_config_var(tc, "srcdir"), sfile));
- build_check_c_o_aux(atf_fs_path_cstring(&path), failmsg);
+ build_check_c_o_aux(atf_fs_path_cstring(&path), failmsg, expect_pass);
atf_fs_path_fini(&path);
}
void
-header_check(const atf_tc_t *tc, const char *hdrname)
+header_check(const char *hdrname)
{
FILE *srcfile;
char failmsg[128];
@@ -90,7 +93,7 @@
snprintf(failmsg, sizeof(failmsg),
"Header check failed; %s is not self-contained", hdrname);
- build_check_c_o_aux("test.c", failmsg);
+ build_check_c_o_aux("test.c", failmsg, true);
}
void
@@ -102,72 +105,6 @@
is_detail ? "" : "detail/"));
}
-bool
-grep_string(const atf_dynstr_t *str, const char *regex)
-{
- int res;
- regex_t preg;
-
- printf("Looking for '%s' in '%s'\n", regex, atf_dynstr_cstring(str));
- ATF_REQUIRE(regcomp(&preg, regex, REG_EXTENDED) == 0);
-
- res = regexec(&preg, atf_dynstr_cstring(str), 0, NULL, 0);
- ATF_REQUIRE(res == 0 || res == REG_NOMATCH);
-
- regfree(&preg);
-
- return res == 0;
-}
-
-bool
-grep_file(const char *file, const char *regex, ...)
-{
- bool done, found;
- int fd;
- va_list ap;
- atf_dynstr_t formatted;
-
- va_start(ap, regex);
- RE(atf_dynstr_init_ap(&formatted, regex, ap));
- va_end(ap);
-
- done = false;
- found = false;
- ATF_REQUIRE((fd = open(file, O_RDONLY)) != -1);
- do {
- atf_dynstr_t line;
-
- RE(atf_dynstr_init(&line));
-
- done = read_line(fd, &line);
- if (!done)
- found = grep_string(&line, atf_dynstr_cstring(&formatted));
-
- atf_dynstr_fini(&line);
- } while (!found && !done);
- close(fd);
-
- atf_dynstr_fini(&formatted);
-
- return found;
-}
-
-bool
-read_line(int fd, atf_dynstr_t *dest)
-{
- char ch;
- ssize_t cnt;
-
- while ((cnt = read(fd, &ch, sizeof(ch))) == sizeof(ch) &&
- ch != '\n') {
- const atf_error_t err = atf_dynstr_append_fmt(dest, "%c", ch);
- ATF_REQUIRE(!atf_is_error(err));
- }
- ATF_REQUIRE(cnt != -1);
-
- return cnt == 0;
-}
-
struct run_h_tc_data {
atf_tc_t *m_tc;
const char *m_resname;
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -52,7 +52,7 @@
} \
ATF_TC_BODY(name, tc) \
{ \
- header_check(tc, hdrname); \
+ header_check(hdrname); \
}
#define BUILD_TC(name, sfile, descr, failmsg) \
@@ -63,14 +63,23 @@
} \
ATF_TC_BODY(name, tc) \
{ \
- build_check_c_o(tc, sfile, failmsg); \
+ build_check_c_o(tc, sfile, failmsg, true); \
}
-void build_check_c_o(const atf_tc_t *, const char *, const char *);
-void header_check(const atf_tc_t *, const char *);
+#define BUILD_TC_FAIL(name, sfile, descr, failmsg) \
+ ATF_TC(name); \
+ ATF_TC_HEAD(name, tc) \
+ { \
+ atf_tc_set_md_var(tc, "descr", descr); \
+ } \
+ ATF_TC_BODY(name, tc) \
+ { \
+ build_check_c_o(tc, sfile, failmsg, false); \
+ }
+
+void build_check_c_o(const atf_tc_t *, const char *, const char *, const bool);
+void header_check(const char *);
void get_process_helpers_path(const atf_tc_t *, const bool,
struct atf_fs_path *);
-bool grep_string(const struct atf_dynstr *, const char *);
-bool grep_file(const char *, const char *, ...);
bool read_line(int, struct atf_dynstr *);
void run_h_tc(atf_tc_t *, const char *, const char *, const char *);
Deleted: vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/test_helpers_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,185 +0,0 @@
-/*
- * Automated Testing Framework (atf)
- *
- * Copyright (c) 2009, 2010 The NetBSD Foundation, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
- * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
- * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
- * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <unistd.h>
-
-#include <atf-c.h>
-
-#include "dynstr.h"
-#include "test_helpers.h"
-
-/* ---------------------------------------------------------------------
- * Test cases for the free functions.
- * --------------------------------------------------------------------- */
-
-/* TODO: Add checks for build_check_c_o and the macros defined in the
- * header file. */
-
-ATF_TC(grep_string);
-ATF_TC_HEAD(grep_string, tc)
-{
- atf_tc_set_md_var(tc, "descr", "Tests the grep_string helper "
- "function");
-}
-ATF_TC_BODY(grep_string, tc)
-{
- atf_dynstr_t str;
-
- atf_dynstr_init_fmt(&str, "a string - aaaabbbb");
- ATF_CHECK(grep_string(&str, "a string"));
- ATF_CHECK(grep_string(&str, "^a string"));
- ATF_CHECK(grep_string(&str, "aaaabbbb$"));
- ATF_CHECK(grep_string(&str, "aa.*bb"));
- ATF_CHECK(!grep_string(&str, "foo"));
- ATF_CHECK(!grep_string(&str, "bar"));
- ATF_CHECK(!grep_string(&str, "aaaaa"));
-
- atf_dynstr_fini(&str);
-}
-
-
-ATF_TC(grep_file);
-ATF_TC_HEAD(grep_file, tc)
-{
- atf_tc_set_md_var(tc, "descr", "Tests the grep_file helper function");
-}
-ATF_TC_BODY(grep_file, tc)
-{
- FILE *f;
-
- f = fopen("test.txt", "w");
- ATF_CHECK(f != NULL);
- fprintf(f, "line1\n");
- fprintf(f, "the second line\n");
- fprintf(f, "aaaabbbb\n");
- fclose(f);
-
- ATF_CHECK(grep_file("test.txt", "line1"));
- ATF_CHECK(grep_file("test.txt", "line%d", 1));
- ATF_CHECK(grep_file("test.txt", "second line"));
- ATF_CHECK(grep_file("test.txt", "aa.*bb"));
- ATF_CHECK(!grep_file("test.txt", "foo"));
- ATF_CHECK(!grep_file("test.txt", "bar"));
- ATF_CHECK(!grep_file("test.txt", "aaaaa"));
-}
-
-ATF_TC(read_line);
-ATF_TC_HEAD(read_line, tc)
-{
- atf_tc_set_md_var(tc, "descr", "Tests the read_line function");
-}
-ATF_TC_BODY(read_line, tc)
-{
- const char *l1 = "First line with % formatting % characters %";
- const char *l2 = "Second line; much longer than the first one";
- const char *l3 = "Last line, without terminator";
-
- {
- FILE *f;
-
- f = fopen("test", "w");
- ATF_REQUIRE(f != NULL);
- fclose(f);
- }
-
- {
- int fd;
- atf_dynstr_t dest;
- bool eof;
-
- fd = open("test", O_RDONLY);
- ATF_REQUIRE(fd != -1);
-
- RE(atf_dynstr_init(&dest));
- eof = read_line(fd, &dest);
- ATF_REQUIRE(eof);
- atf_dynstr_fini(&dest);
- }
-
- {
- FILE *f;
-
- f = fopen("test", "w");
- ATF_REQUIRE(f != NULL);
-
- fprintf(f, "%s\n", l1);
- fprintf(f, "%s\n", l2);
- fprintf(f, "%s", l3);
-
- fclose(f);
- }
-
- {
- int fd;
- atf_dynstr_t dest;
- bool eof;
-
- fd = open("test", O_RDONLY);
- ATF_REQUIRE(fd != -1);
-
- RE(atf_dynstr_init(&dest));
- eof = read_line(fd, &dest);
- ATF_REQUIRE(!eof);
- printf("1st line: >%s<\n", atf_dynstr_cstring(&dest));
- ATF_REQUIRE(atf_equal_dynstr_cstring(&dest, l1));
- atf_dynstr_fini(&dest);
-
- RE(atf_dynstr_init(&dest));
- eof = read_line(fd, &dest);
- ATF_REQUIRE(!eof);
- printf("2nd line: >%s<\n", atf_dynstr_cstring(&dest));
- ATF_REQUIRE(atf_equal_dynstr_cstring(&dest, l2));
- atf_dynstr_fini(&dest);
-
- RE(atf_dynstr_init(&dest));
- eof = read_line(fd, &dest);
- ATF_REQUIRE(eof);
- printf("3rd line: >%s<\n", atf_dynstr_cstring(&dest));
- ATF_REQUIRE(atf_equal_dynstr_cstring(&dest, l3));
- atf_dynstr_fini(&dest);
-
- close(fd);
- }
-}
-
-/* ---------------------------------------------------------------------
- * Main.
- * --------------------------------------------------------------------- */
-
-ATF_TP_ADD_TCS(tp)
-{
- /* Add the tests for the free functions. */
- ATF_TP_ADD_TC(tp, grep_string);
- ATF_TP_ADD_TC(tp, grep_file);
- ATF_TP_ADD_TC(tp, read_line);
-
- return atf_no_error();
-}
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/text.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/text.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/text.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/text.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/text.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/text.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/text_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/text_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/text_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -97,7 +97,7 @@
static
atf_error_t
-word_count(const char *word, void *data)
+word_count(const char *word ATF_DEFS_ATTRIBUTE_UNUSED, void *data)
{
size_t *counter = data;
@@ -113,7 +113,7 @@
static
atf_error_t
-word_fail_at(const char *word, void *data)
+word_fail_at(const char *word ATF_DEFS_ATTRIBUTE_UNUSED, void *data)
{
struct fail_at *fa = data;
atf_error_t err;
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/tp_main.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/tp_main.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/tp_main.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,7 @@
#include "atf-c/utils.h"
#include "dynstr.h"
+#include "env.h"
#include "fs.h"
#include "map.h"
#include "sanity.h"
@@ -127,6 +128,13 @@
progname);
}
+static
+void
+print_warning(const char *message)
+{
+ fprintf(stderr, "%s: WARNING: %s\n", progname, message);
+}
+
/* ---------------------------------------------------------------------
* Options handling.
* --------------------------------------------------------------------- */
@@ -322,11 +330,13 @@
{
atf_error_t err;
int ch;
+ int old_opterr;
err = params_init(p, argv[0]);
if (atf_is_error(err))
goto out;
+ old_opterr = opterr;
opterr = 0;
while (!atf_is_error(err) &&
(ch = getopt(argc, argv, GETOPT_POSIX ":lr:s:v:")) != -1) {
@@ -360,6 +370,7 @@
argv += optind;
/* Clear getopt state just in case the test wants to use it. */
+ opterr = old_opterr;
optind = 1;
#if defined(HAVE_OPTRESET)
optreset = 1;
@@ -485,6 +496,14 @@
goto out;
}
+ if (!atf_env_has("__RUNNING_INSIDE_ATF_RUN") || strcmp(atf_env_get(
+ "__RUNNING_INSIDE_ATF_RUN"), "internal-yes-value") != 0)
+ {
+ print_warning("Running test cases without atf-run(1) is unsupported");
+ print_warning("No isolation nor timeout control is being applied; you "
+ "may get unexpected failures; see atf-test-case(4)");
+ }
+
switch (p->m_tcpart) {
case BODY:
err = atf_tp_run(tp, p->m_tcname, atf_fs_path_cstring(&p->m_resfile));
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/user.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/user.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/user.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/user.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/user.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/user.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/detail/user_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/detail/user_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/detail/user_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -64,6 +64,7 @@
gid_t gids[NGROUPS_MAX];
gid_t g, maxgid;
int ngids;
+ const gid_t maxgid_limit = 1 << 16;
{
int i;
@@ -73,13 +74,20 @@
atf_tc_fail("Call to getgroups failed");
maxgid = 0;
for (i = 0; i < ngids; i++) {
+ printf("User group %d is %u\n", i, gids[i]);
if (maxgid < gids[i])
maxgid = gids[i];
}
printf("User belongs to %d groups\n", ngids);
- printf("Last GID is %d\n", maxgid);
+ printf("Last GID is %u\n", maxgid);
}
+ if (maxgid > maxgid_limit) {
+ printf("Test truncated from %u groups to %u to keep the run time "
+ "reasonable enough\n", maxgid, maxgid_limit);
+ maxgid = maxgid_limit;
+ }
+
for (g = 0; g < maxgid; g++) {
bool found = false;
int i;
Modified: vendor/bind/dist/unit/atf-src/atf-c/error.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/error.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/error.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/error.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/error.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/error.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/error_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/error_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/error_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,6 +34,7 @@
#include <atf-c.h>
+#include "atf-c/defs.h"
#include "atf-c/error.h"
#include "detail/test_helpers.h"
@@ -44,7 +45,8 @@
static
void
-test_format(const atf_error_t err, char *buf, size_t buflen)
+test_format(const atf_error_t err ATF_DEFS_ATTRIBUTE_UNUSED,
+ char *buf, size_t buflen)
{
snprintf(buf, buflen, "Test formatting function");
}
Modified: vendor/bind/dist/unit/atf-src/atf-c/macros.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/macros.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/macros.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -30,6 +30,10 @@
#if !defined(ATF_C_MACROS_H)
#define ATF_C_MACROS_H
+#include <string.h>
+
+#include <atf-c/defs.h>
+#include <atf-c/error.h>
#include <atf-c/tc.h>
#include <atf-c/tp.h>
#include <atf-c/utils.h>
@@ -76,7 +80,7 @@
#define ATF_TC_HEAD(tc, tcptr) \
static \
void \
- atfu_ ## tc ## _head(atf_tc_t *tcptr)
+ atfu_ ## tc ## _head(atf_tc_t *tcptr ATF_DEFS_ATTRIBUTE_UNUSED)
#define ATF_TC_HEAD_NAME(tc) \
(atfu_ ## tc ## _head)
@@ -84,7 +88,7 @@
#define ATF_TC_BODY(tc, tcptr) \
static \
void \
- atfu_ ## tc ## _body(const atf_tc_t *tcptr)
+ atfu_ ## tc ## _body(const atf_tc_t *tcptr ATF_DEFS_ATTRIBUTE_UNUSED)
#define ATF_TC_BODY_NAME(tc) \
(atfu_ ## tc ## _body)
@@ -92,7 +96,7 @@
#define ATF_TC_CLEANUP(tc, tcptr) \
static \
void \
- atfu_ ## tc ## _cleanup(const atf_tc_t *tcptr)
+ atfu_ ## tc ## _cleanup(const atf_tc_t *tcptr ATF_DEFS_ATTRIBUTE_UNUSED)
#define ATF_TC_CLEANUP_NAME(tc) \
(atfu_ ## tc ## _cleanup)
@@ -177,6 +181,24 @@
ATF_CHECK_MSG(strcmp(x, y) == 0, "%s != %s (%s != %s): " fmt, \
#x, #y, x, y, ##__VA_ARGS__)
+#define ATF_REQUIRE_MATCH(regexp, string) \
+ ATF_REQUIRE_MSG(atf_utils_grep_string("%s", string, regexp), \
+ "'%s' not matched in '%s'", regexp, string);
+
+#define ATF_CHECK_MATCH(regexp, string) \
+ ATF_CHECK_MSG(atf_utils_grep_string("%s", string, regexp), \
+ "'%s' not matched in '%s'", regexp, string);
+
+#define ATF_REQUIRE_MATCH_MSG(regexp, string, fmt, ...) \
+ ATF_REQUIRE_MSG(atf_utils_grep_string("%s", string, regexp), \
+ "'%s' not matched in '%s': " fmt, regexp, string, \
+ ##__VA_ARGS__);
+
+#define ATF_CHECK_MATCH_MSG(regexp, string, fmt, ...) \
+ ATF_CHECK_MSG(atf_utils_grep_string("%s", string, regexp), \
+ "'%s' not matched in '%s': " fmt, regexp, string, \
+ ##__VA_ARGS__);
+
#define ATF_CHECK_ERRNO(exp_errno, bool_expr) \
atf_tc_check_errno(__FILE__, __LINE__, exp_errno, #bool_expr, bool_expr)
Modified: vendor/bind/dist/unit/atf-src/atf-c/macros_h_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/macros_h_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/macros_h_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -84,20 +84,20 @@
#define TEST_MACRO_2 invalid + name
#define TEST_MACRO_3 invalid + name
ATF_TC(TEST_MACRO_1);
-ATF_TC_HEAD(TEST_MACRO_1, tc) { }
-ATF_TC_BODY(TEST_MACRO_1, tc) { }
+ATF_TC_HEAD(TEST_MACRO_1, tc) { if (tc != NULL) {} }
+ATF_TC_BODY(TEST_MACRO_1, tc) { if (tc != NULL) {} }
atf_tc_t *test_name_1 = &ATF_TC_NAME(TEST_MACRO_1);
void (*head_1)(atf_tc_t *) = ATF_TC_HEAD_NAME(TEST_MACRO_1);
void (*body_1)(const atf_tc_t *) = ATF_TC_BODY_NAME(TEST_MACRO_1);
ATF_TC_WITH_CLEANUP(TEST_MACRO_2);
-ATF_TC_HEAD(TEST_MACRO_2, tc) { }
-ATF_TC_BODY(TEST_MACRO_2, tc) { }
-ATF_TC_CLEANUP(TEST_MACRO_2, tc) { }
+ATF_TC_HEAD(TEST_MACRO_2, tc) { if (tc != NULL) {} }
+ATF_TC_BODY(TEST_MACRO_2, tc) { if (tc != NULL) {} }
+ATF_TC_CLEANUP(TEST_MACRO_2, tc) { if (tc != NULL) {} }
atf_tc_t *test_name_2 = &ATF_TC_NAME(TEST_MACRO_2);
void (*head_2)(atf_tc_t *) = ATF_TC_HEAD_NAME(TEST_MACRO_2);
void (*body_2)(const atf_tc_t *) = ATF_TC_BODY_NAME(TEST_MACRO_2);
void (*cleanup_2)(const atf_tc_t *) = ATF_TC_CLEANUP_NAME(TEST_MACRO_2);
ATF_TC_WITHOUT_HEAD(TEST_MACRO_3);
-ATF_TC_BODY(TEST_MACRO_3, tc) { }
+ATF_TC_BODY(TEST_MACRO_3, tc) { if (tc != NULL) {} }
atf_tc_t *test_name_3 = &ATF_TC_NAME(TEST_MACRO_3);
void (*body_3)(const atf_tc_t *) = ATF_TC_BODY_NAME(TEST_MACRO_3);
Modified: vendor/bind/dist/unit/atf-src/atf-c/macros_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/macros_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/macros_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -52,7 +52,7 @@
static
void
-create_ctl_file(const atf_tc_t *tc, const char *name)
+create_ctl_file(const char *name)
{
atf_fs_path_t p;
@@ -100,9 +100,9 @@
} \
ATF_TC_BODY(h_ ## id, tc) \
{ \
- create_ctl_file(tc, "before"); \
+ create_ctl_file("before"); \
macro; \
- create_ctl_file(tc, "after"); \
+ create_ctl_file("after"); \
}
#define H_CHECK_HEAD_NAME(id) ATF_TC_HEAD_NAME(h_check_ ## id)
@@ -125,6 +125,11 @@
#define H_CHECK_STREQ(id, v1, v2) \
H_DEF(check_streq_ ## id, ATF_CHECK_STREQ(v1, v2))
+#define H_CHECK_MATCH_HEAD_NAME(id) ATF_TC_HEAD_NAME(h_check_match_ ## id)
+#define H_CHECK_MATCH_BODY_NAME(id) ATF_TC_BODY_NAME(h_check_match_ ## id)
+#define H_CHECK_MATCH(id, v1, v2) \
+ H_DEF(check_match_ ## id, ATF_CHECK_MATCH(v1, v2))
+
#define H_CHECK_EQ_MSG_HEAD_NAME(id) \
ATF_TC_HEAD_NAME(h_check_eq_msg_ ## id)
#define H_CHECK_EQ_MSG_BODY_NAME(id) \
@@ -139,6 +144,13 @@
#define H_CHECK_STREQ_MSG(id, v1, v2, msg) \
H_DEF(check_streq_msg_ ## id, ATF_CHECK_STREQ_MSG(v1, v2, msg))
+#define H_CHECK_MATCH_MSG_HEAD_NAME(id) \
+ ATF_TC_HEAD_NAME(h_check_match_msg_ ## id)
+#define H_CHECK_MATCH_MSG_BODY_NAME(id) \
+ ATF_TC_BODY_NAME(h_check_match_msg_ ## id)
+#define H_CHECK_MATCH_MSG(id, v1, v2, msg) \
+ H_DEF(check_match_msg_ ## id, ATF_CHECK_MATCH_MSG(v1, v2, msg))
+
#define H_CHECK_ERRNO_HEAD_NAME(id) ATF_TC_HEAD_NAME(h_check_errno_ ## id)
#define H_CHECK_ERRNO_BODY_NAME(id) ATF_TC_BODY_NAME(h_check_errno_ ## id)
#define H_CHECK_ERRNO(id, exp_errno, bool_expr) \
@@ -164,6 +176,11 @@
#define H_REQUIRE_STREQ(id, v1, v2) \
H_DEF(require_streq_ ## id, ATF_REQUIRE_STREQ(v1, v2))
+#define H_REQUIRE_MATCH_HEAD_NAME(id) ATF_TC_HEAD_NAME(h_require_match_ ## id)
+#define H_REQUIRE_MATCH_BODY_NAME(id) ATF_TC_BODY_NAME(h_require_match_ ## id)
+#define H_REQUIRE_MATCH(id, v1, v2) \
+ H_DEF(require_match_ ## id, ATF_REQUIRE_MATCH(v1, v2))
+
#define H_REQUIRE_EQ_MSG_HEAD_NAME(id) \
ATF_TC_HEAD_NAME(h_require_eq_msg_ ## id)
#define H_REQUIRE_EQ_MSG_BODY_NAME(id) \
@@ -178,6 +195,13 @@
#define H_REQUIRE_STREQ_MSG(id, v1, v2, msg) \
H_DEF(require_streq_msg_ ## id, ATF_REQUIRE_STREQ_MSG(v1, v2, msg))
+#define H_REQUIRE_MATCH_MSG_HEAD_NAME(id) \
+ ATF_TC_HEAD_NAME(h_require_match_msg_ ## id)
+#define H_REQUIRE_MATCH_MSG_BODY_NAME(id) \
+ ATF_TC_BODY_NAME(h_require_match_msg_ ## id)
+#define H_REQUIRE_MATCH_MSG(id, v1, v2, msg) \
+ H_DEF(require_match_msg_ ## id, ATF_REQUIRE_MATCH_MSG(v1, v2, msg))
+
#define H_REQUIRE_ERRNO_HEAD_NAME(id) ATF_TC_HEAD_NAME(h_require_errno_ ## id)
#define H_REQUIRE_ERRNO_BODY_NAME(id) ATF_TC_BODY_NAME(h_require_errno_ ## id)
#define H_REQUIRE_ERRNO(id, exp_errno, bool_expr) \
@@ -240,11 +264,11 @@
ATF_REQUIRE(exists("after"));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf_utils_grep_file("^passed", "result"));
} else {
- ATF_REQUIRE(grep_file("result", "^failed"));
- ATF_REQUIRE(grep_file("error", "macros_test.c:[0-9]+: %s$",
- t->exp_regex));
+ ATF_REQUIRE(atf_utils_grep_file("^failed", "result"));
+ ATF_REQUIRE(atf_utils_grep_file(
+ "macros_test.c:[0-9]+: %s$", "error", t->exp_regex));
}
ATF_REQUIRE(unlink("before") != -1);
@@ -282,11 +306,12 @@
ATF_REQUIRE(exists("before"));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf_utils_grep_file("^passed", "result"));
ATF_REQUIRE(exists("after"));
} else {
- ATF_REQUIRE(grep_file("result", "^failed: .*macros_test.c:[0-9]+: "
- "%s$", t->exp_regex));
+ ATF_REQUIRE(atf_utils_grep_file(
+ "^failed: .*macros_test.c:[0-9]+: %s$", "result",
+ t->exp_regex));
ATF_REQUIRE(!exists("after"));
}
@@ -340,11 +365,11 @@
ATF_REQUIRE(exists("after"));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf_utils_grep_file("^passed", "result"));
} else {
- ATF_REQUIRE(grep_file("result", "^failed"));
- ATF_REQUIRE(grep_file("error", "Check failed: .*"
- "macros_test.c:[0-9]+: %s$", t->msg));
+ ATF_REQUIRE(atf_utils_grep_file("^failed", "result"));
+ ATF_REQUIRE(atf_utils_grep_file("Check failed: .*"
+ "macros_test.c:[0-9]+: %s$", "error", t->msg));
}
ATF_REQUIRE(unlink("before") != -1);
@@ -381,11 +406,11 @@
ATF_CHECK(exists("after"));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf_utils_grep_file("^passed", "result"));
} else {
- ATF_REQUIRE(grep_file("result", "^failed"));
- ATF_CHECK(grep_file("error", "Check failed: .*"
- "macros_test.c:[0-9]+: %s$", t->msg));
+ ATF_REQUIRE(atf_utils_grep_file("^failed", "result"));
+ ATF_CHECK(atf_utils_grep_file("Check failed: .*"
+ "macros_test.c:[0-9]+: %s$", "error", t->msg));
}
ATF_CHECK(unlink("before") != -1);
@@ -485,6 +510,40 @@
}
/* ---------------------------------------------------------------------
+ * Test cases for the ATF_CHECK_MATCH and ATF_CHECK_MATCH_MSG macros.
+ * --------------------------------------------------------------------- */
+
+H_CHECK_MATCH(yes, "hello [a-z]+", "abc hello world");
+H_CHECK_MATCH(no, "hello [a-z]+", "abc hello WORLD");
+H_CHECK_MATCH_MSG(yes, "hello [a-z]+", "abc hello world", "lowercase");
+H_CHECK_MATCH_MSG(no, "hello [a-z]+", "abc hello WORLD", "uppercase");
+
+ATF_TC(check_match);
+ATF_TC_HEAD(check_match, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the ATF_CHECK_MATCH and "
+ "ATF_CHECK_MATCH_MSG macros");
+}
+ATF_TC_BODY(check_match, tc)
+{
+ struct check_eq_test tests[] = {
+ { H_CHECK_MATCH_HEAD_NAME(yes), H_CHECK_MATCH_BODY_NAME(yes),
+ "hello [a-z]+", "abc hello world", "", true },
+ { H_CHECK_MATCH_HEAD_NAME(no), H_CHECK_MATCH_BODY_NAME(no),
+ "hello [a-z]+", "abc hello WORLD",
+ "'hello \\[a-z\\]\\+' not matched in 'abc hello WORLD'", false },
+ { H_CHECK_MATCH_MSG_HEAD_NAME(yes), H_CHECK_MATCH_MSG_BODY_NAME(yes),
+ "hello [a-z]+", "abc hello world", "", true },
+ { H_CHECK_MATCH_MSG_HEAD_NAME(no), H_CHECK_MATCH_MSG_BODY_NAME(no),
+ "hello [a-z]+", "abc hello WORLD",
+ "'hello \\[a-z\\]\\+' not matched in 'abc hello WORLD': uppercase",
+ false },
+ { NULL, NULL, 0, 0, "", false }
+ };
+ do_check_eq_tests(tests);
+}
+
+/* ---------------------------------------------------------------------
* Test cases for the ATF_REQUIRE and ATF_REQUIRE_MSG macros.
* --------------------------------------------------------------------- */
@@ -526,11 +585,11 @@
ATF_REQUIRE(exists("before"));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf_utils_grep_file("^passed", "result"));
ATF_REQUIRE(exists("after"));
} else {
- ATF_REQUIRE(grep_file("result", "^failed: .*macros_test.c:[0-9]+: "
- "%s$", t->msg));
+ ATF_REQUIRE(atf_utils_grep_file(
+ "^failed: .*macros_test.c:[0-9]+: %s$", "result", t->msg));
ATF_REQUIRE(!exists("after"));
}
@@ -567,11 +626,11 @@
ATF_REQUIRE(exists("before"));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf_utils_grep_file("^passed", "result"));
ATF_REQUIRE(exists("after"));
} else {
- ATF_REQUIRE(grep_file("result", "^failed: .*macros_test.c"
- ":[0-9]+: %s$", t->msg));
+ ATF_REQUIRE(atf_utils_grep_file("^failed: .*macros_test.c"
+ ":[0-9]+: %s$", "result", t->msg));
ATF_REQUIRE(!exists("after"));
}
@@ -673,12 +732,47 @@
}
/* ---------------------------------------------------------------------
+ * Test cases for the ATF_REQUIRE_MATCH and ATF_REQUIRE_MATCH_MSG macros.
+ * --------------------------------------------------------------------- */
+
+H_REQUIRE_MATCH(yes, "hello [a-z]+", "abc hello world");
+H_REQUIRE_MATCH(no, "hello [a-z]+", "abc hello WORLD");
+H_REQUIRE_MATCH_MSG(yes, "hello [a-z]+", "abc hello world", "lowercase");
+H_REQUIRE_MATCH_MSG(no, "hello [a-z]+", "abc hello WORLD", "uppercase");
+
+ATF_TC(require_match);
+ATF_TC_HEAD(require_match, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the ATF_REQUIRE_MATCH and "
+ "ATF_REQUIRE_MATCH_MSG macros");
+}
+ATF_TC_BODY(require_match, tc)
+{
+ struct require_eq_test tests[] = {
+ { H_REQUIRE_MATCH_HEAD_NAME(yes), H_REQUIRE_MATCH_BODY_NAME(yes),
+ "hello [a-z]+", "abc hello world", "", true },
+ { H_REQUIRE_MATCH_HEAD_NAME(no), H_REQUIRE_MATCH_BODY_NAME(no),
+ "hello [a-z]+", "abc hello WORLD",
+ "'hello \\[a-z\\]\\+' not matched in 'abc hello WORLD'", false },
+ { H_REQUIRE_MATCH_MSG_HEAD_NAME(yes),
+ H_REQUIRE_MATCH_MSG_BODY_NAME(yes),
+ "hello [a-z]+", "abc hello world", "", true },
+ { H_REQUIRE_MATCH_MSG_HEAD_NAME(no), H_REQUIRE_MATCH_MSG_BODY_NAME(no),
+ "hello [a-z]+", "abc hello WORLD",
+ "'hello \\[a-z\\]\\+' not matched in 'abc hello WORLD': uppercase",
+ false },
+ { NULL, NULL, 0, 0, "", false }
+ };
+ do_require_eq_tests(tests);
+}
+
+/* ---------------------------------------------------------------------
* Miscellaneous test cases covering several macros.
* --------------------------------------------------------------------- */
static
bool
-aux_bool(const char *fmt)
+aux_bool(const char *fmt ATF_DEFS_ATTRIBUTE_UNUSED)
{
return false;
}
@@ -685,7 +779,7 @@
static
const char *
-aux_str(const char *fmt)
+aux_str(const char *fmt ATF_DEFS_ATTRIBUTE_UNUSED)
{
return "foo";
}
@@ -728,12 +822,12 @@
if (t->fatal) {
bool matched =
- grep_file("result", "^failed: .*macros_test.c:[0-9]+: "
- "%s$", t->msg);
+ atf_utils_grep_file(
+ "^failed: .*macros_test.c:[0-9]+: %s$", "result", t->msg);
ATF_CHECK_MSG(matched, "couldn't find error string in result");
} else {
- bool matched = grep_file("error", "Check failed: .*"
- "macros_test.c:[0-9]+: %s$", t->msg);
+ bool matched = atf_utils_grep_file("Check failed: .*"
+ "macros_test.c:[0-9]+: %s$", "error", t->msg);
ATF_CHECK_MSG(matched, "couldn't find error string in output");
}
}
@@ -749,6 +843,11 @@
"do not cause syntax errors when used",
"Build of macros_h_test.c failed; some macros in atf-c/macros.h "
"are broken");
+BUILD_TC_FAIL(detect_unused_tests, "unused_test.c",
+ "Tests that defining an unused test case raises a warning (and thus "
+ "an error)",
+ "Build of unused_test.c passed; unused test cases are not properly "
+ "detected");
/* ---------------------------------------------------------------------
* Main.
@@ -760,11 +859,13 @@
ATF_TP_ADD_TC(tp, check_eq);
ATF_TP_ADD_TC(tp, check_streq);
ATF_TP_ADD_TC(tp, check_errno);
+ ATF_TP_ADD_TC(tp, check_match);
ATF_TP_ADD_TC(tp, require);
ATF_TP_ADD_TC(tp, require_eq);
ATF_TP_ADD_TC(tp, require_streq);
ATF_TP_ADD_TC(tp, require_errno);
+ ATF_TP_ADD_TC(tp, require_match);
ATF_TP_ADD_TC(tp, msg_embedded_fmt);
@@ -771,6 +872,7 @@
/* Add the test cases for the header file. */
ATF_TP_ADD_TC(tp, include);
ATF_TP_ADD_TC(tp, use);
+ ATF_TP_ADD_TC(tp, detect_unused_tests);
return atf_no_error();
}
Modified: vendor/bind/dist/unit/atf-src/atf-c/pkg_config_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/pkg_config_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/pkg_config_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2008 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/tc.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/tc.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/tc.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -29,6 +29,7 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/uio.h>
#include <errno.h>
#include <fcntl.h>
@@ -103,7 +104,7 @@
const int, const char *, const bool,
void (*)(struct context *, atf_dynstr_t *));
static atf_error_t check_prog_in_dir(const char *, void *);
-static atf_error_t check_prog(struct context *, const char *, void *);
+static atf_error_t check_prog(struct context *, const char *);
static void
context_init(struct context *ctx, const atf_tc_t *tc, const char *resfile)
@@ -156,30 +157,42 @@
write_resfile(const int fd, const char *result, const int arg,
const atf_dynstr_t *reason)
{
- char buffer[1024];
- int ret;
+ static char NL[] = "\n", CS[] = ": ";
+ char buf[64];
+ const char *r;
+ struct iovec iov[5];
+ ssize_t ret;
+ int count = 0;
- if (arg == -1 && reason == NULL) {
- if (snprintf(buffer, sizeof(buffer), "%s\n", result) <= 0)
- goto err;
- } else if (arg == -1 && reason != NULL) {
- if (snprintf(buffer, sizeof(buffer), "%s: %s\n", result,
- atf_dynstr_cstring(reason)) <= 0)
- goto err;
- } else if (arg != -1 && reason != NULL) {
- if (snprintf(buffer, sizeof(buffer), "%s(%d): %s\n", result,
- arg, atf_dynstr_cstring(reason)) <= 0)
- goto err;
- } else {
- UNREACHABLE;
+ INV(arg == -1 || reason != NULL);
+
+#define UNCONST(a) ((void *)(unsigned long)(const void *)(a))
+ iov[count].iov_base = UNCONST(result);
+ iov[count++].iov_len = strlen(result);
+
+ if (reason != NULL) {
+ if (arg != -1) {
+ iov[count].iov_base = buf;
+ iov[count++].iov_len = snprintf(buf, sizeof(buf), "(%d)", arg);
+ }
+
+ iov[count].iov_base = CS;
+ iov[count++].iov_len = sizeof(CS) - 1;
+
+ r = atf_dynstr_cstring(reason);
+ iov[count].iov_base = UNCONST(r);
+ iov[count++].iov_len = strlen(r);
}
+#undef UNCONST
- while ((ret = write(fd, buffer, strlen(buffer))) == -1 && errno == EINTR)
- ; /* Retry. */
+ iov[count].iov_base = NL;
+ iov[count++].iov_len = sizeof(NL) - 1;
+
+ while ((ret = writev(fd, iov, count)) == -1 && errno == EINTR)
+ continue; /* Retry. */
if (ret != -1)
return atf_no_error();
-err:
return atf_libc_error(
errno, "Failed to write results file; result %s, reason %s", result,
reason == NULL ? "null" : atf_dynstr_cstring(reason));
@@ -449,7 +462,7 @@
}
static atf_error_t
-check_prog(struct context *ctx, const char *prog, void *data)
+check_prog(struct context *ctx, const char *prog)
{
atf_error_t err;
atf_fs_path_t p;
@@ -863,7 +876,7 @@
static void
_atf_tc_require_prog(struct context *ctx, const char *prog)
{
- check_fatal_error(check_prog(ctx, prog, NULL));
+ check_fatal_error(check_prog(ctx, prog));
}
static void
Modified: vendor/bind/dist/unit/atf-src/atf-c/tc.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/tc.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/tc.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -103,22 +103,35 @@
atf_error_t atf_tc_cleanup(const atf_tc_t *);
/* To be run from test case bodies only. */
-void atf_tc_fail(const char *, ...) ATF_DEFS_ATTRIBUTE_NORETURN;
-void atf_tc_fail_nonfatal(const char *, ...);
-void atf_tc_pass(void) ATF_DEFS_ATTRIBUTE_NORETURN;
+void atf_tc_fail(const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 2)
+ ATF_DEFS_ATTRIBUTE_NORETURN;
+void atf_tc_fail_nonfatal(const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 2);
+void atf_tc_pass(void)
+ ATF_DEFS_ATTRIBUTE_NORETURN;
void atf_tc_require_prog(const char *);
-void atf_tc_skip(const char *, ...) ATF_DEFS_ATTRIBUTE_NORETURN;
+void atf_tc_skip(const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 2)
+ ATF_DEFS_ATTRIBUTE_NORETURN;
void atf_tc_expect_pass(void);
-void atf_tc_expect_fail(const char *, ...);
-void atf_tc_expect_exit(const int, const char *, ...);
-void atf_tc_expect_signal(const int, const char *, ...);
-void atf_tc_expect_death(const char *, ...);
-void atf_tc_expect_timeout(const char *, ...);
+void atf_tc_expect_fail(const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 2);
+void atf_tc_expect_exit(const int, const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(2, 3);
+void atf_tc_expect_signal(const int, const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(2, 3);
+void atf_tc_expect_death(const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 2);
+void atf_tc_expect_timeout(const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 2);
/* To be run from test case bodies only; internal to macros.h. */
-void atf_tc_fail_check(const char *, const size_t, const char *, ...);
+void atf_tc_fail_check(const char *, const size_t, const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(3, 4);
void atf_tc_fail_requirement(const char *, const size_t, const char *, ...)
- ATF_DEFS_ATTRIBUTE_NORETURN;
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(3, 4)
+ ATF_DEFS_ATTRIBUTE_NORETURN;
void atf_tc_check_errno(const char *, const size_t, const int,
const char *, const bool);
void atf_tc_require_errno(const char *, const size_t, const int,
Modified: vendor/bind/dist/unit/atf-src/atf-c/tc_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/tc_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/tc_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -40,7 +40,11 @@
ATF_TC_HEAD(empty, tc)
{
+ if (tc != NULL) {}
}
+ATF_TC_BODY(empty, tc)
+{
+}
ATF_TC_HEAD(test_var, tc)
{
@@ -47,10 +51,6 @@
atf_tc_set_md_var(tc, "test-var", "Test text");
}
-ATF_TC_BODY(empty, tc)
-{
-}
-
/* ---------------------------------------------------------------------
* Test cases for the "atf_tc_t" type.
* --------------------------------------------------------------------- */
Modified: vendor/bind/dist/unit/atf-src/atf-c/tp.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/tp.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/tp.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/tp.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/tp.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/tp.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c/tp_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/tp_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/tp_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -54,13 +54,16 @@
char *const argv[] = { arg1, arg2, arg3, arg4, NULL };
int ch;
+ bool zflag;
/* Given that this obviously is a test program, and that we used the
* same driver to start, we can test getopt(3) right here without doing
* any fancy stuff. */
+ zflag = false;
while ((ch = getopt(argc, argv, ":Z")) != -1) {
switch (ch) {
case 'Z':
+ zflag = true;
break;
case '?':
@@ -70,6 +73,7 @@
}
}
+ ATF_REQUIRE(zflag);
ATF_REQUIRE_EQ_MSG(1, argc - optind, "Invalid number of arguments left "
"after the call to getopt(3)");
ATF_CHECK_STREQ_MSG("foo", argv[optind], "The non-option argument is "
Added: vendor/bind/dist/unit/atf-src/atf-c/unused_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/unused_test.c (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c/unused_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,56 @@
+/*
+ * Automated Testing Framework (atf)
+ *
+ * Copyright (c) 2012 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+ * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <atf-c/macros.h>
+
+ATF_TC(this_is_used);
+ATF_TC_HEAD(this_is_used, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "A test case that is not referenced");
+}
+ATF_TC_BODY(this_is_used, tc)
+{
+}
+
+ATF_TC(this_is_unused);
+ATF_TC_HEAD(this_is_unused, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "A test case that is referenced");
+}
+ATF_TC_BODY(this_is_unused, tc)
+{
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+ ATF_TP_ADD_TC(tp, this_is_used);
+ /* ATF_TP_ADD_TC(tp, this_is_unused); */
+
+ return atf_no_error();
+}
Modified: vendor/bind/dist/unit/atf-src/atf-c/utils.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/utils.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/utils.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -27,11 +27,222 @@
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include "atf-c/utils.h"
+
+#include <sys/stat.h>
+#include <sys/wait.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <regex.h>
+#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
-#include "atf-c/utils.h"
+#include <atf-c.h>
+#include "detail/dynstr.h"
+
+/** Searches for a regexp in a string.
+ *
+ * \param regex The regexp to look for.
+ * \param str The string in which to look for the expression.
+ *
+ * \return True if there is a match; false otherwise. */
+static
+bool
+grep_string(const char *regex, const char *str)
+{
+ int res;
+ regex_t preg;
+
+ printf("Looking for '%s' in '%s'\n", regex, str);
+ ATF_REQUIRE(regcomp(&preg, regex, REG_EXTENDED) == 0);
+
+ res = regexec(&preg, str, 0, NULL, 0);
+ ATF_REQUIRE(res == 0 || res == REG_NOMATCH);
+
+ regfree(&preg);
+
+ return res == 0;
+}
+
+/** Prints the contents of a file to stdout.
+ *
+ * \param name The name of the file to be printed.
+ * \param prefix An string to be prepended to every line of the printed
+ * file. */
void
+atf_utils_cat_file(const char *name, const char *prefix)
+{
+ const int fd = open(name, O_RDONLY);
+ ATF_REQUIRE_MSG(fd != -1, "Cannot open %s", name);
+
+ char buffer[1024];
+ ssize_t count;
+ bool continued = false;
+ while ((count = read(fd, buffer, sizeof(buffer) - 1)) > 0) {
+ buffer[count] = '\0';
+
+ if (!continued)
+ printf("%s", prefix);
+
+ char *iter = buffer;
+ char *end;
+ while ((end = strchr(iter, '\n')) != NULL) {
+ *end = '\0';
+ printf("%s\n", iter);
+
+ iter = end + 1;
+ if (iter != buffer + count)
+ printf("%s", prefix);
+ else
+ continued = false;
+ }
+ if (iter < buffer + count) {
+ printf("%s", iter);
+ continued = true;
+ }
+ }
+ ATF_REQUIRE(count == 0);
+}
+
+/** Compares a file against the given golden contents.
+ *
+ * \param name Name of the file to be compared.
+ * \param contents Expected contents of the file.
+ *
+ * \return True if the file matches the contents; false otherwise. */
+bool
+atf_utils_compare_file(const char *name, const char *contents)
+{
+ const int fd = open(name, O_RDONLY);
+ ATF_REQUIRE_MSG(fd != -1, "Cannot open %s", name);
+
+ const char *pos = contents;
+ ssize_t remaining = strlen(contents);
+
+ char buffer[1024];
+ ssize_t count;
+ while ((count = read(fd, buffer, sizeof(buffer))) > 0 &&
+ count <= remaining) {
+ if (memcmp(pos, buffer, count) != 0) {
+ close(fd);
+ return false;
+ }
+ remaining -= count;
+ pos += count;
+ }
+ close(fd);
+ return count == 0 && remaining == 0;
+}
+
+/** Copies a file.
+ *
+ * \param source Path to the source file.
+ * \param destination Path to the destination file. */
+void
+atf_utils_copy_file(const char *source, const char *destination)
+{
+ const int input = open(source, O_RDONLY);
+ ATF_REQUIRE_MSG(input != -1, "Failed to open source file during "
+ "copy (%s)", source);
+
+ const int output = open(destination, O_WRONLY | O_CREAT | O_TRUNC, 0777);
+ ATF_REQUIRE_MSG(output != -1, "Failed to open destination file during "
+ "copy (%s)", destination);
+
+ char buffer[1024];
+ ssize_t length;
+ while ((length = read(input, buffer, sizeof(buffer))) > 0)
+ ATF_REQUIRE_MSG(write(output, buffer, length) == length,
+ "Failed to write to %s during copy", destination);
+ ATF_REQUIRE_MSG(length != -1, "Failed to read from %s during copy", source);
+
+ struct stat sb;
+ ATF_REQUIRE_MSG(fstat(input, &sb) != -1,
+ "Failed to stat source file %s during copy", source);
+ ATF_REQUIRE_MSG(fchmod(output, sb.st_mode) != -1,
+ "Failed to chmod destination file %s during copy",
+ destination);
+
+ close(output);
+ close(input);
+}
+
+/** Creates a file.
+ *
+ * \param name Name of the file to create.
+ * \param contents Text to write into the created file.
+ * \param ... Positional parameters to the contents. */
+void
+atf_utils_create_file(const char *name, const char *contents, ...)
+{
+ va_list ap;
+ atf_dynstr_t formatted;
+ atf_error_t error;
+
+ va_start(ap, contents);
+ error = atf_dynstr_init_ap(&formatted, contents, ap);
+ va_end(ap);
+ ATF_REQUIRE(!atf_is_error(error));
+
+ const int fd = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+ ATF_REQUIRE_MSG(fd != -1, "Cannot create file %s", name);
+ ATF_REQUIRE(write(fd, atf_dynstr_cstring(&formatted),
+ atf_dynstr_length(&formatted)) != -1);
+ close(fd);
+
+ atf_dynstr_fini(&formatted);
+}
+
+/** Checks if a file exists.
+ *
+ * \param path Location of the file to check for.
+ *
+ * \return True if the file exists, false otherwise. */
+bool
+atf_utils_file_exists(const char *path)
+{
+ const int ret = access(path, F_OK);
+ if (ret == -1) {
+ if (errno != ENOENT)
+ atf_tc_fail("Failed to check the existence of %s: %s", path,
+ strerror(errno));
+ else
+ return false;
+ } else
+ return true;
+}
+
+/** Spawns a subprocess and redirects its output to files.
+ *
+ * Use the atf_utils_wait() function to wait for the completion of the spawned
+ * subprocess and validate its exit conditions.
+ *
+ * \return 0 in the new child; the PID of the new child in the parent. Does
+ * not return in error conditions. */
+pid_t
+atf_utils_fork(void)
+{
+ const pid_t pid = fork();
+ if (pid == -1)
+ atf_tc_fail("fork failed");
+
+ if (pid == 0) {
+ atf_utils_redirect(STDOUT_FILENO, "atf_utils_fork_out.txt");
+ atf_utils_redirect(STDERR_FILENO, "atf_utils_fork_err.txt");
+ }
+ return pid;
+}
+
+/** Frees an dynamically-allocated "argv" array.
+ *
+ * \param argv A dynamically-allocated array of dynamically-allocated
+ * strings. */
+void
atf_utils_free_charpp(char **argv)
{
char **ptr;
@@ -41,3 +252,164 @@
free(argv);
}
+
+/** Searches for a regexp in a file.
+ *
+ * \param regex The regexp to look for.
+ * \param file The file in which to look for the expression.
+ * \param ... Positional parameters to the regex.
+ *
+ * \return True if there is a match; false otherwise. */
+bool
+atf_utils_grep_file(const char *regex, const char *file, ...)
+{
+ int fd;
+ va_list ap;
+ atf_dynstr_t formatted;
+ atf_error_t error;
+
+ va_start(ap, file);
+ error = atf_dynstr_init_ap(&formatted, regex, ap);
+ va_end(ap);
+ ATF_REQUIRE(!atf_is_error(error));
+
+ ATF_REQUIRE((fd = open(file, O_RDONLY)) != -1);
+ bool found = false;
+ char *line = NULL;
+ while (!found && (line = atf_utils_readline(fd)) != NULL) {
+ found = grep_string(atf_dynstr_cstring(&formatted), line);
+ free(line);
+ }
+ close(fd);
+
+ atf_dynstr_fini(&formatted);
+
+ return found;
+}
+
+/** Searches for a regexp in a string.
+ *
+ * \param regex The regexp to look for.
+ * \param str The string in which to look for the expression.
+ * \param ... Positional parameters to the regex.
+ *
+ * \return True if there is a match; false otherwise. */
+bool
+atf_utils_grep_string(const char *regex, const char *str, ...)
+{
+ bool res;
+ va_list ap;
+ atf_dynstr_t formatted;
+ atf_error_t error;
+
+ va_start(ap, str);
+ error = atf_dynstr_init_ap(&formatted, regex, ap);
+ va_end(ap);
+ ATF_REQUIRE(!atf_is_error(error));
+
+ res = grep_string(atf_dynstr_cstring(&formatted), str);
+
+ atf_dynstr_fini(&formatted);
+
+ return res;
+}
+
+/** Reads a line of arbitrary length.
+ *
+ * \param fd The descriptor from which to read the line.
+ *
+ * \return A pointer to the read line, which must be released with free(), or
+ * NULL if there was nothing to read from the file. */
+char *
+atf_utils_readline(const int fd)
+{
+ char ch;
+ ssize_t cnt;
+ atf_dynstr_t temp;
+ atf_error_t error;
+
+ error = atf_dynstr_init(&temp);
+ ATF_REQUIRE(!atf_is_error(error));
+
+ while ((cnt = read(fd, &ch, sizeof(ch))) == sizeof(ch) &&
+ ch != '\n') {
+ error = atf_dynstr_append_fmt(&temp, "%c", ch);
+ ATF_REQUIRE(!atf_is_error(error));
+ }
+ ATF_REQUIRE(cnt != -1);
+
+ if (cnt == 0 && atf_dynstr_length(&temp) == 0) {
+ atf_dynstr_fini(&temp);
+ return NULL;
+ } else
+ return atf_dynstr_fini_disown(&temp);
+}
+
+/** Redirects a file descriptor to a file.
+ *
+ * \param target_fd The file descriptor to be replaced.
+ * \param name The name of the file to direct the descriptor to.
+ *
+ * \pre Should only be called from the process spawned by fork_for_testing
+ * because this exits uncontrolledly.
+ * \post Terminates execution if the redirection fails. */
+void
+atf_utils_redirect(const int target_fd, const char *name)
+{
+ if (target_fd == STDOUT_FILENO)
+ fflush(stdout);
+ else if (target_fd == STDERR_FILENO)
+ fflush(stderr);
+
+ const int new_fd = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+ if (new_fd == -1)
+ err(EXIT_FAILURE, "Cannot create %s", name);
+ if (new_fd != target_fd) {
+ if (dup2(new_fd, target_fd) == -1)
+ err(EXIT_FAILURE, "Cannot redirect to fd %d", target_fd);
+ }
+ close(new_fd);
+}
+
+/** Waits for a subprocess and validates its exit condition.
+ *
+ * \param pid The process to be waited for. Must have been started by
+ * testutils_fork().
+ * \param exitstatus Expected exit status.
+ * \param expout Expected contents of stdout.
+ * \param experr Expected contents of stderr. */
+void
+atf_utils_wait(const pid_t pid, const int exitstatus, const char *expout,
+ const char *experr)
+{
+ int status;
+ ATF_REQUIRE(waitpid(pid, &status, 0) != -1);
+
+ atf_utils_cat_file("atf_utils_fork_out.txt", "subprocess stdout: ");
+ atf_utils_cat_file("atf_utils_fork_err.txt", "subprocess stderr: ");
+
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(exitstatus, WEXITSTATUS(status));
+
+ const char *save_prefix = "save:";
+ const size_t save_prefix_length = strlen(save_prefix);
+
+ if (strlen(expout) > save_prefix_length &&
+ strncmp(expout, save_prefix, save_prefix_length) == 0) {
+ atf_utils_copy_file("atf_utils_fork_out.txt",
+ expout + save_prefix_length);
+ } else {
+ ATF_REQUIRE(atf_utils_compare_file("atf_utils_fork_out.txt", expout));
+ }
+
+ if (strlen(experr) > save_prefix_length &&
+ strncmp(experr, save_prefix, save_prefix_length) == 0) {
+ atf_utils_copy_file("atf_utils_fork_err.txt",
+ experr + save_prefix_length);
+ } else {
+ ATF_REQUIRE(atf_utils_compare_file("atf_utils_fork_err.txt", experr));
+ }
+
+ ATF_REQUIRE(unlink("atf_utils_fork_out.txt") != -1);
+ ATF_REQUIRE(unlink("atf_utils_fork_err.txt") != -1);
+}
Modified: vendor/bind/dist/unit/atf-src/atf-c/utils.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/utils.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/utils.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -30,6 +30,25 @@
#if !defined(ATF_C_UTILS_H)
#define ATF_C_UTILS_H
+#include <stdbool.h>
+#include <unistd.h>
+
+#include <atf-c/defs.h>
+
+void atf_utils_cat_file(const char *, const char *);
+bool atf_utils_compare_file(const char *, const char *);
+void atf_utils_copy_file(const char *, const char *);
+void atf_utils_create_file(const char *, const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(2, 3);
+bool atf_utils_file_exists(const char *);
+pid_t atf_utils_fork(void);
void atf_utils_free_charpp(char **);
+bool atf_utils_grep_file(const char *, const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 3);
+bool atf_utils_grep_string(const char *, const char *, ...)
+ ATF_DEFS_ATTRIBUTE_FORMAT_PRINTF(1, 3);
+char *atf_utils_readline(int);
+void atf_utils_redirect(const int, const char *);
+void atf_utils_wait(const pid_t, const int, const char *, const char *);
#endif /* ATF_C_UTILS_H */
Modified: vendor/bind/dist/unit/atf-src/atf-c/utils_test.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c/utils_test.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c/utils_test.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -27,8 +27,15 @@
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include <sys/stat.h>
+#include <sys/wait.h>
+
+#include <fcntl.h>
+#include <stddef.h>
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
#include <atf-c.h>
@@ -36,9 +43,219 @@
#include "detail/test_helpers.h"
-ATF_TC_WITHOUT_HEAD(free_charpp_empty);
-ATF_TC_BODY(free_charpp_empty, tc)
+/** Reads the contents of a file into a buffer.
+ *
+ * Up to buflen-1 characters are read into buffer. If this function returns,
+ * the contents read into the buffer are guaranteed to be nul-terminated.
+ * Note, however, that if the file contains any nul characters itself,
+ * comparing it "as a string" will not work.
+ *
+ * \param path The file to be read, which must exist.
+ * \param buffer Buffer into which to store the file contents.
+ * \param buflen Size of the target buffer.
+ *
+ * \return The count of bytes read. */
+static ssize_t
+read_file(const char *path, void *const buffer, const size_t buflen)
{
+ const int fd = open(path, O_RDONLY);
+ ATF_REQUIRE_MSG(fd != -1, "Cannot open %s", path);
+ const ssize_t length = read(fd, buffer, buflen - 1);
+ close(fd);
+ ATF_REQUIRE(length != -1);
+ ((char *)buffer)[length] = '\0';
+ return length;
+}
+
+ATF_TC_WITHOUT_HEAD(cat_file__empty);
+ATF_TC_BODY(cat_file__empty, tc)
+{
+ atf_utils_create_file("file.txt", "%s", "");
+ atf_utils_redirect(STDOUT_FILENO, "captured.txt");
+ atf_utils_cat_file("file.txt", "PREFIX");
+ fflush(stdout);
+ close(STDOUT_FILENO);
+
+ char buffer[1024];
+ read_file("captured.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(cat_file__one_line);
+ATF_TC_BODY(cat_file__one_line, tc)
+{
+ atf_utils_create_file("file.txt", "This is a single line\n");
+ atf_utils_redirect(STDOUT_FILENO, "captured.txt");
+ atf_utils_cat_file("file.txt", "PREFIX");
+ fflush(stdout);
+ close(STDOUT_FILENO);
+
+ char buffer[1024];
+ read_file("captured.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("PREFIXThis is a single line\n", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(cat_file__several_lines);
+ATF_TC_BODY(cat_file__several_lines, tc)
+{
+ atf_utils_create_file("file.txt", "First\nSecond line\nAnd third\n");
+ atf_utils_redirect(STDOUT_FILENO, "captured.txt");
+ atf_utils_cat_file("file.txt", ">");
+ fflush(stdout);
+ close(STDOUT_FILENO);
+
+ char buffer[1024];
+ read_file("captured.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ(">First\n>Second line\n>And third\n", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(cat_file__no_newline_eof);
+ATF_TC_BODY(cat_file__no_newline_eof, tc)
+{
+ atf_utils_create_file("file.txt", "Foo\n bar baz");
+ atf_utils_redirect(STDOUT_FILENO, "captured.txt");
+ atf_utils_cat_file("file.txt", "PREFIX");
+ fflush(stdout);
+ close(STDOUT_FILENO);
+
+ char buffer[1024];
+ read_file("captured.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("PREFIXFoo\nPREFIX bar baz", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(compare_file__empty__match);
+ATF_TC_BODY(compare_file__empty__match, tc)
+{
+ atf_utils_create_file("test.txt", "%s", "");
+ ATF_REQUIRE(atf_utils_compare_file("test.txt", ""));
+}
+
+ATF_TC_WITHOUT_HEAD(compare_file__empty__not_match);
+ATF_TC_BODY(compare_file__empty__not_match, tc)
+{
+ atf_utils_create_file("test.txt", "%s", "");
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "\n"));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "foo"));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", " "));
+}
+
+ATF_TC_WITHOUT_HEAD(compare_file__short__match);
+ATF_TC_BODY(compare_file__short__match, tc)
+{
+ atf_utils_create_file("test.txt", "this is a short file");
+ ATF_REQUIRE(atf_utils_compare_file("test.txt", "this is a short file"));
+}
+
+ATF_TC_WITHOUT_HEAD(compare_file__short__not_match);
+ATF_TC_BODY(compare_file__short__not_match, tc)
+{
+ atf_utils_create_file("test.txt", "this is a short file");
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", ""));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "\n"));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "this is a Short file"));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "this is a short fil"));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "this is a short file "));
+}
+
+ATF_TC_WITHOUT_HEAD(compare_file__long__match);
+ATF_TC_BODY(compare_file__long__match, tc)
+{
+ char long_contents[3456];
+ size_t i = 0;
+ for (; i < sizeof(long_contents) - 1; i++)
+ long_contents[i] = '0' + (i % 10);
+ long_contents[i] = '\0';
+ atf_utils_create_file("test.txt", "%s", long_contents);
+
+ ATF_REQUIRE(atf_utils_compare_file("test.txt", long_contents));
+}
+
+ATF_TC_WITHOUT_HEAD(compare_file__long__not_match);
+ATF_TC_BODY(compare_file__long__not_match, tc)
+{
+ char long_contents[3456];
+ size_t i = 0;
+ for (; i < sizeof(long_contents) - 1; i++)
+ long_contents[i] = '0' + (i % 10);
+ long_contents[i] = '\0';
+ atf_utils_create_file("test.txt", "%s", long_contents);
+
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", ""));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "\n"));
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", "0123456789"));
+ long_contents[i - 1] = 'Z';
+ ATF_REQUIRE(!atf_utils_compare_file("test.txt", long_contents));
+}
+
+ATF_TC_WITHOUT_HEAD(copy_file__empty);
+ATF_TC_BODY(copy_file__empty, tc)
+{
+ atf_utils_create_file("src.txt", "%s", "");
+ ATF_REQUIRE(chmod("src.txt", 0520) != -1);
+
+ atf_utils_copy_file("src.txt", "dest.txt");
+ ATF_REQUIRE(atf_utils_compare_file("dest.txt", ""));
+ struct stat sb;
+ ATF_REQUIRE(stat("dest.txt", &sb) != -1);
+ ATF_REQUIRE_EQ(0520, sb.st_mode & 0xfff);
+}
+
+ATF_TC_WITHOUT_HEAD(copy_file__some_contents);
+ATF_TC_BODY(copy_file__some_contents, tc)
+{
+ atf_utils_create_file("src.txt", "This is a\ntest file\n");
+ atf_utils_copy_file("src.txt", "dest.txt");
+ ATF_REQUIRE(atf_utils_compare_file("dest.txt", "This is a\ntest file\n"));
+}
+
+ATF_TC_WITHOUT_HEAD(create_file);
+ATF_TC_BODY(create_file, tc)
+{
+ atf_utils_create_file("test.txt", "This is a test with %d", 12345);
+
+ char buffer[128];
+ read_file("test.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("This is a test with 12345", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(file_exists);
+ATF_TC_BODY(file_exists, tc)
+{
+ atf_utils_create_file("test.txt", "foo");
+
+ ATF_REQUIRE( atf_utils_file_exists("test.txt"));
+ ATF_REQUIRE( atf_utils_file_exists("./test.txt"));
+ ATF_REQUIRE(!atf_utils_file_exists("./test.tx"));
+ ATF_REQUIRE(!atf_utils_file_exists("test.txt2"));
+}
+
+ATF_TC_WITHOUT_HEAD(fork);
+ATF_TC_BODY(fork, tc)
+{
+ fprintf(stdout, "Should not get into child\n");
+ fprintf(stderr, "Should not get into child\n");
+ pid_t pid = atf_utils_fork();
+ if (pid == 0) {
+ fprintf(stdout, "Child stdout\n");
+ fprintf(stderr, "Child stderr\n");
+ exit(EXIT_SUCCESS);
+ }
+
+ int status;
+ ATF_REQUIRE(waitpid(pid, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
+
+ char buffer[1024];
+ read_file("atf_utils_fork_out.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("Child stdout\n", buffer);
+ read_file("atf_utils_fork_err.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("Child stderr\n", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(free_charpp__empty);
+ATF_TC_BODY(free_charpp__empty, tc)
+{
char **array = malloc(sizeof(char *) * 1);
array[0] = NULL;
@@ -45,8 +262,8 @@
atf_utils_free_charpp(array);
}
-ATF_TC_WITHOUT_HEAD(free_charpp_some);
-ATF_TC_BODY(free_charpp_some, tc)
+ATF_TC_WITHOUT_HEAD(free_charpp__some);
+ATF_TC_BODY(free_charpp__some, tc)
{
char **array = malloc(sizeof(char *) * 4);
array[0] = strdup("first");
@@ -57,13 +274,264 @@
atf_utils_free_charpp(array);
}
+ATF_TC_WITHOUT_HEAD(grep_file);
+ATF_TC_BODY(grep_file, tc)
+{
+ atf_utils_create_file("test.txt", "line1\nthe second line\naaaabbbb\n");
+
+ ATF_CHECK(atf_utils_grep_file("line1", "test.txt"));
+ ATF_CHECK(atf_utils_grep_file("line%d", "test.txt", 1));
+ ATF_CHECK(atf_utils_grep_file("second line", "test.txt"));
+ ATF_CHECK(atf_utils_grep_file("aa.*bb", "test.txt"));
+ ATF_CHECK(!atf_utils_grep_file("foo", "test.txt"));
+ ATF_CHECK(!atf_utils_grep_file("bar", "test.txt"));
+ ATF_CHECK(!atf_utils_grep_file("aaaaa", "test.txt"));
+}
+
+ATF_TC_WITHOUT_HEAD(grep_string);
+ATF_TC_BODY(grep_string, tc)
+{
+ const char *str = "a string - aaaabbbb";
+ ATF_CHECK(atf_utils_grep_string("a string", str));
+ ATF_CHECK(atf_utils_grep_string("^a string", str));
+ ATF_CHECK(atf_utils_grep_string("aaaabbbb$", str));
+ ATF_CHECK(atf_utils_grep_string("a%s*bb", str, "a."));
+ ATF_CHECK(!atf_utils_grep_string("foo", str));
+ ATF_CHECK(!atf_utils_grep_string("bar", str));
+ ATF_CHECK(!atf_utils_grep_string("aaaaa", str));
+}
+
+ATF_TC_WITHOUT_HEAD(readline__none);
+ATF_TC_BODY(readline__none, tc)
+{
+ atf_utils_create_file("empty.txt", "%s", "");
+
+ const int fd = open("empty.txt", O_RDONLY);
+ ATF_REQUIRE(fd != -1);
+ ATF_REQUIRE(atf_utils_readline(fd) == NULL);
+ close(fd);
+}
+
+ATF_TC_WITHOUT_HEAD(readline__some);
+ATF_TC_BODY(readline__some, tc)
+{
+ const char *l1 = "First line with % formatting % characters %";
+ const char *l2 = "Second line; much longer than the first one";
+ const char *l3 = "Last line, without terminator";
+
+ atf_utils_create_file("test.txt", "%s\n%s\n%s", l1, l2, l3);
+
+ const int fd = open("test.txt", O_RDONLY);
+ ATF_REQUIRE(fd != -1);
+
+ char *line;
+
+ line = atf_utils_readline(fd);
+ ATF_REQUIRE_STREQ(l1, line);
+ free(line);
+
+ line = atf_utils_readline(fd);
+ ATF_REQUIRE_STREQ(l2, line);
+ free(line);
+
+ line = atf_utils_readline(fd);
+ ATF_REQUIRE_STREQ(l3, line);
+ free(line);
+
+ close(fd);
+}
+
+ATF_TC_WITHOUT_HEAD(redirect__stdout);
+ATF_TC_BODY(redirect__stdout, tc)
+{
+ printf("Buffer this");
+ atf_utils_redirect(STDOUT_FILENO, "captured.txt");
+ printf("The printed message");
+ fflush(stdout);
+
+ char buffer[1024];
+ read_file("captured.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("The printed message", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(redirect__stderr);
+ATF_TC_BODY(redirect__stderr, tc)
+{
+ fprintf(stderr, "Buffer this");
+ atf_utils_redirect(STDERR_FILENO, "captured.txt");
+ fprintf(stderr, "The printed message");
+ fflush(stderr);
+
+ char buffer[1024];
+ read_file("captured.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ("The printed message", buffer);
+}
+
+ATF_TC_WITHOUT_HEAD(redirect__other);
+ATF_TC_BODY(redirect__other, tc)
+{
+ const char *message = "Foo bar\nbaz\n";
+ atf_utils_redirect(15, "captured.txt");
+ ATF_REQUIRE(write(15, message, strlen(message)) != -1);
+ close(15);
+
+ char buffer[1024];
+ read_file("captured.txt", buffer, sizeof(buffer));
+ ATF_REQUIRE_STREQ(message, buffer);
+}
+
+static void
+fork_and_wait(const int exitstatus, const char* expout, const char* experr)
+{
+ const pid_t pid = atf_utils_fork();
+ if (pid == 0) {
+ fprintf(stdout, "Some output\n");
+ fprintf(stderr, "Some error\n");
+ exit(123);
+ }
+ atf_utils_wait(pid, exitstatus, expout, experr);
+ exit(EXIT_SUCCESS);
+}
+
+ATF_TC_WITHOUT_HEAD(wait__ok);
+ATF_TC_BODY(wait__ok, tc)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output\n", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
+ }
+}
+
+ATF_TC_WITHOUT_HEAD(wait__invalid_exitstatus);
+ATF_TC_BODY(wait__invalid_exitstatus, tc)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(120, "Some output\n", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_FAILURE, WEXITSTATUS(status));
+ }
+}
+
+ATF_TC_WITHOUT_HEAD(wait__invalid_stdout);
+ATF_TC_BODY(wait__invalid_stdout, tc)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output foo\n", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_FAILURE, WEXITSTATUS(status));
+ }
+}
+
+ATF_TC_WITHOUT_HEAD(wait__invalid_stderr);
+ATF_TC_BODY(wait__invalid_stderr, tc)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output\n", "Some error foo\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_FAILURE, WEXITSTATUS(status));
+ }
+}
+
+ATF_TC_WITHOUT_HEAD(wait__save_stdout);
+ATF_TC_BODY(wait__save_stdout, tc)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "save:my-output.txt", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
+
+ ATF_REQUIRE(atf_utils_compare_file("my-output.txt", "Some output\n"));
+ }
+}
+
+ATF_TC_WITHOUT_HEAD(wait__save_stderr);
+ATF_TC_BODY(wait__save_stderr, tc)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output\n", "save:my-output.txt");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
+
+ ATF_REQUIRE(atf_utils_compare_file("my-output.txt", "Some error\n"));
+ }
+}
+
HEADER_TC(include, "atf-c/utils.h");
ATF_TP_ADD_TCS(tp)
{
- ATF_TP_ADD_TC(tp, free_charpp_empty);
- ATF_TP_ADD_TC(tp, free_charpp_some);
+ ATF_TP_ADD_TC(tp, cat_file__empty);
+ ATF_TP_ADD_TC(tp, cat_file__one_line);
+ ATF_TP_ADD_TC(tp, cat_file__several_lines);
+ ATF_TP_ADD_TC(tp, cat_file__no_newline_eof);
+ ATF_TP_ADD_TC(tp, compare_file__empty__match);
+ ATF_TP_ADD_TC(tp, compare_file__empty__not_match);
+ ATF_TP_ADD_TC(tp, compare_file__short__match);
+ ATF_TP_ADD_TC(tp, compare_file__short__not_match);
+ ATF_TP_ADD_TC(tp, compare_file__long__match);
+ ATF_TP_ADD_TC(tp, compare_file__long__not_match);
+
+ ATF_TP_ADD_TC(tp, copy_file__empty);
+ ATF_TP_ADD_TC(tp, copy_file__some_contents);
+
+ ATF_TP_ADD_TC(tp, create_file);
+
+ ATF_TP_ADD_TC(tp, file_exists);
+
+ ATF_TP_ADD_TC(tp, fork);
+
+ ATF_TP_ADD_TC(tp, free_charpp__empty);
+ ATF_TP_ADD_TC(tp, free_charpp__some);
+
+ ATF_TP_ADD_TC(tp, grep_file);
+ ATF_TP_ADD_TC(tp, grep_string);
+
+ ATF_TP_ADD_TC(tp, readline__none);
+ ATF_TP_ADD_TC(tp, readline__some);
+
+ ATF_TP_ADD_TC(tp, redirect__stdout);
+ ATF_TP_ADD_TC(tp, redirect__stderr);
+ ATF_TP_ADD_TC(tp, redirect__other);
+
+ ATF_TP_ADD_TC(tp, wait__ok);
+ ATF_TP_ADD_TC(tp, wait__save_stdout);
+ ATF_TP_ADD_TC(tp, wait__save_stderr);
+ ATF_TP_ADD_TC(tp, wait__invalid_exitstatus);
+ ATF_TP_ADD_TC(tp, wait__invalid_stdout);
+ ATF_TP_ADD_TC(tp, wait__invalid_stderr);
+
ATF_TP_ADD_TC(tp, include);
return atf_no_error();
Added: vendor/bind/dist/unit/atf-src/atf-c++/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,14 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="atf_c++_test"}
+atf_test_program{name="build_test"}
+atf_test_program{name="check_test"}
+atf_test_program{name="config_test"}
+atf_test_program{name="macros_test"}
+atf_test_program{name="pkg_config_test"}
+atf_test_program{name="tests_test"}
+atf_test_program{name="utils_test"}
+
+include("detail/Kyuafile")
Modified: vendor/bind/dist/unit/atf-src/atf-c++/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,8 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
+ATF_CXX_LIBS = libatf-c++.la libatf-c.la
+
lib_LTLIBRARIES += libatf-c++.la
libatf_c___la_LIBADD = libatf-c.la
libatf_c___la_SOURCES = atf-c++/build.cpp \
@@ -36,9 +38,12 @@
atf-c++/config.cpp \
atf-c++/config.hpp \
atf-c++/macros.hpp \
+ atf-c++/noncopyable.hpp \
atf-c++/tests.cpp \
atf-c++/tests.hpp \
+ atf-c++/utils.cpp \
atf-c++/utils.hpp
+libatf_c___la_LDFLAGS = -version-info 0:0:0
include_HEADERS += atf-c++.hpp
atf_c___HEADERS = atf-c++/build.hpp \
@@ -45,6 +50,7 @@
atf-c++/check.hpp \
atf-c++/config.hpp \
atf-c++/macros.hpp \
+ atf-c++/noncopyable.hpp \
atf-c++/tests.hpp \
atf-c++/utils.hpp
atf_c__dir = $(includedir)/atf-c++
@@ -51,44 +57,44 @@
dist_man_MANS += atf-c++/atf-c++-api.3
+atf_aclocal_DATA += atf-c++/atf-c++.m4
+EXTRA_DIST += atf-c++/atf-c++.m4
+
atf_c__dirpkgconfigdir = $(atf_pkgconfigdir)
atf_c__dirpkgconfig_DATA = atf-c++/atf-c++.pc
CLEANFILES += atf-c++/atf-c++.pc
EXTRA_DIST += atf-c++/atf-c++.pc.in
-atf-c++/atf-c++.pc: $(srcdir)/atf-c++/atf-c++.pc.in
+atf-c++/atf-c++.pc: $(srcdir)/atf-c++/atf-c++.pc.in Makefile
test -d atf-c++ || mkdir -p atf-c++
- sed -e 's,__ATF_VERSION__, at PACKAGE_VERSION@,g' \
- -e 's,__CXX__,$(CXX),g' \
- -e 's,__INCLUDEDIR__,$(includedir),g' \
- -e 's,__LIBDIR__,$(libdir),g' \
+ sed -e 's#__ATF_VERSION__#$(PACKAGE_VERSION)#g' \
+ -e 's#__CXX__#$(CXX)#g' \
+ -e 's#__INCLUDEDIR__#$(includedir)#g' \
+ -e 's#__LIBDIR__#$(libdir)#g' \
<$(srcdir)/atf-c++/atf-c++.pc.in >atf-c++/atf-c++.pc.tmp
mv atf-c++/atf-c++.pc.tmp atf-c++/atf-c++.pc
tests_atf_c___DATA = atf-c++/Atffile \
- atf-c++/macros_hpp_test.cpp
+ atf-c++/Kyuafile \
+ atf-c++/macros_hpp_test.cpp \
+ atf-c++/unused_test.cpp
tests_atf_c__dir = $(pkgtestsdir)/atf-c++
EXTRA_DIST += $(tests_atf_c___DATA)
tests_atf_c___PROGRAMS = atf-c++/atf_c++_test
atf_c___atf_c___test_SOURCES = atf-c++/atf_c++_test.cpp
-atf_c___atf_c___test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-
+atf_c___atf_c___test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___PROGRAMS += atf-c++/build_test
atf_c___build_test_SOURCES = atf-c++/build_test.cpp atf-c/h_build.h
-atf_c___build_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-
+atf_c___build_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___PROGRAMS += atf-c++/check_test
atf_c___check_test_SOURCES = atf-c++/check_test.cpp
-atf_c___check_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-
+atf_c___check_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___PROGRAMS += atf-c++/config_test
atf_c___config_test_SOURCES = atf-c++/config_test.cpp
-atf_c___config_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-
+atf_c___config_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___PROGRAMS += atf-c++/macros_test
atf_c___macros_test_SOURCES = atf-c++/macros_test.cpp
-atf_c___macros_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-
+atf_c___macros_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___SCRIPTS = atf-c++/pkg_config_test
CLEANFILES += atf-c++/pkg_config_test
EXTRA_DIST += atf-c++/pkg_config_test.sh
@@ -99,12 +105,10 @@
tests_atf_c___PROGRAMS += atf-c++/tests_test
atf_c___tests_test_SOURCES = atf-c++/tests_test.cpp
-atf_c___tests_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-
+atf_c___tests_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___PROGRAMS += atf-c++/utils_test
atf_c___utils_test_SOURCES = atf-c++/utils_test.cpp
-atf_c___utils_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
-
+atf_c___utils_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
include atf-c++/detail/Makefile.am.inc
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
Modified: vendor/bind/dist/unit/atf-src/atf-c++/atf-c++-api.3
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/atf-c++-api.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/atf-c++-api.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,10 +26,11 @@
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd October 21, 2010
+.Dd November 30, 2012
.Dt ATF-C++-API 3
.Os
.Sh NAME
+.Nm atf-c++-api ,
.Nm ATF_ADD_TEST_CASE ,
.Nm ATF_CHECK_ERRNO ,
.Nm ATF_FAIL ,
@@ -38,7 +39,9 @@
.Nm ATF_REQUIRE ,
.Nm ATF_REQUIRE_EQ ,
.Nm ATF_REQUIRE_ERRNO ,
+.Nm ATF_REQUIRE_IN ,
.Nm ATF_REQUIRE_MATCH ,
+.Nm ATF_REQUIRE_NOT_IN ,
.Nm ATF_REQUIRE_THROW ,
.Nm ATF_REQUIRE_THROW_RE ,
.Nm ATF_SKIP ,
@@ -46,8 +49,21 @@
.Nm ATF_TEST_CASE_BODY ,
.Nm ATF_TEST_CASE_CLEANUP ,
.Nm ATF_TEST_CASE_HEAD ,
+.Nm ATF_TEST_CASE_NAME ,
+.Nm ATF_TEST_CASE_USE ,
.Nm ATF_TEST_CASE_WITH_CLEANUP ,
.Nm ATF_TEST_CASE_WITHOUT_HEAD ,
+.Nm atf::utils::cat_file ,
+.Nm atf::utils::compare_file ,
+.Nm atf::utils::copy_file ,
+.Nm atf::utils::create_file ,
+.Nm atf::utils::file_exists ,
+.Nm atf::utils::fork ,
+.Nm atf::utils::grep_collection ,
+.Nm atf::utils::grep_file ,
+.Nm atf::utils::grep_string ,
+.Nm atf::utils::redirect ,
+.Nm atf::utils::wait
.Nd C++ API to write ATF-based test programs
.Sh SYNOPSIS
.In atf-c++.hpp
@@ -59,7 +75,9 @@
.Fn ATF_REQUIRE "expression"
.Fn ATF_REQUIRE_EQ "expression_1" "expression_2"
.Fn ATF_REQUIRE_ERRNO "exp_errno" "bool_expression"
+.Fn ATF_REQUIRE_IN "element" "collection"
.Fn ATF_REQUIRE_MATCH "regexp" "string_expression"
+.Fn ATF_REQUIRE_NOT_IN "element" "collection"
.Fn ATF_REQUIRE_THROW "expected_exception" "statement"
.Fn ATF_REQUIRE_THROW_RE "expected_exception" "regexp" "statement"
.Fn ATF_SKIP "reason"
@@ -67,8 +85,65 @@
.Fn ATF_TEST_CASE_BODY "name"
.Fn ATF_TEST_CASE_CLEANUP "name"
.Fn ATF_TEST_CASE_HEAD "name"
+.Fn ATF_TEST_CASE_NAME "name"
+.Fn ATF_TEST_CASE_USE "name"
.Fn ATF_TEST_CASE_WITH_CLEANUP "name"
.Fn ATF_TEST_CASE_WITHOUT_HEAD "name"
+.Ft void
+.Fo atf::utils::cat_file
+.Fa "const std::string& path"
+.Fa "const std::string& prefix"
+.Fc
+.Ft bool
+.Fo atf::utils::compare_file
+.Fa "const std::string& path"
+.Fa "const std::string& contents"
+.Fc
+.Ft void
+.Fo atf::utils::copy_file
+.Fa "const std::string& source"
+.Fa "const std::string& destination"
+.Fc
+.Ft void
+.Fo atf::utils::create_file
+.Fa "const std::string& path"
+.Fa "const std::string& contents"
+.Fc
+.Ft void
+.Fo atf::utils::file_exists
+.Fa "const std::string& path"
+.Fc
+.Ft pid_t
+.Fo atf::utils::fork
+.Fa "void"
+.Fc
+.Ft bool
+.Fo atf::utils::grep_collection
+.Fa "const std::string& regexp"
+.Fa "const Collection& collection"
+.Fc
+.Ft bool
+.Fo atf::utils::grep_file
+.Fa "const std::string& regexp"
+.Fa "const std::string& path"
+.Fc
+.Ft bool
+.Fo atf::utils::grep_string
+.Fa "const std::string& regexp"
+.Fa "const std::string& path"
+.Fc
+.Ft void
+.Fo atf::utils::redirect
+.Fa "const int fd"
+.Fa "const std::string& path"
+.Fc
+.Ft void
+.Fo atf::utils::wait
+.Fa "const pid_t pid"
+.Fa "const int expected_exit_status"
+.Fa "const std::string& expected_stdout"
+.Fa "const std::string& expected_stderr"
+.Fc
.Sh DESCRIPTION
ATF provides a mostly-macro-based programming interface to implement test
programs in C or C++.
@@ -166,6 +241,18 @@
macros, all of which take the test case's name.
Following each of these, a block of code is expected, surrounded by the
opening and closing brackets.
+.Pp
+Additionally, the
+.Fn ATF_TEST_CASE_NAME
+macro can be used to obtain the name of the class corresponding to a
+particular test case, as the name is internally manged by the library to
+prevent clashes with other user identifiers.
+Similarly, the
+.Fn ATF_TEST_CASE_USE
+macro can be executed on a particular test case to mark it as "used" and
+thus prevent compiler warnings regarding unused symbols.
+Note that
+.Em you should never have to use these macros during regular operation.
.Ss Program initialization
The library provides a way to easily define the test program's
.Fn main
@@ -185,7 +272,7 @@
former call.
.Ss Header definitions
The test case's header can define the meta-data by using the
-.Fn set
+.Fn set_md_var
method, which takes two parameters: the first one specifies the
meta-data variable to be set and the second one specifies its value.
Both of them are strings.
@@ -313,14 +400,22 @@
takes two expressions and raises a failure if the two do not evaluate to
the same exact value.
.Pp
+.Fn ATF_REQUIRE_IN
+takes an element and a collection and validates that the element is present in
+the collection.
+.Pp
.Fn ATF_REQUIRE_MATCH
takes a regular expression and a string and raises a failure if the regular
expression does not match the string.
.Pp
+.Fn ATF_REQUIRE_NOT_IN
+takes an element and a collection and validates that the element is not present
+in the collection.
+.Pp
.Fn ATF_REQUIRE_THROW
takes the name of an exception and a statement and raises a failure if
the statement does not throw the specified exception.
-.Fn ATF_REQUIRE_THROW_EQ
+.Fn ATF_REQUIRE_THROW_RE
takes the name of an exception, a regular expresion and a statement and raises a
failure if the statement does not throw the specified exception and if the
message of the exception does not match the regular expression.
@@ -334,6 +429,163 @@
means that a call failed and
.Va errno
has to be checked against the first value.
+.Ss Utility functions
+The following functions are provided as part of the
+.Nm
+API to simplify the creation of a variety of tests.
+In particular, these are useful to write tests for command-line interfaces.
+.Pp
+.Ft void
+.Fo atf::utils::cat_file
+.Fa "const std::string& path"
+.Fa "const std::string& prefix"
+.Fc
+.Bd -offset indent
+Prints the contents of
+.Fa path
+to the standard output, prefixing every line with the string in
+.Fa prefix .
+.Ed
+.Pp
+.Ft bool
+.Fo atf::utils::compare_file
+.Fa "const std::string& path"
+.Fa "const std::string& contents"
+.Fc
+.Bd -offset indent
+Returns true if the given
+.Fa path
+matches exactly the expected inlined
+.Fa contents .
+.Ed
+.Pp
+.Ft void
+.Fo atf::utils::copy_file
+.Fa "const std::string& source"
+.Fa "const std::string& destination"
+.Fc
+.Bd -offset indent
+Copies the file
+.Fa source
+to
+.Fa destination .
+The permissions of the file are preserved during the code.
+.Ed
+.Pp
+.Ft void
+.Fo atf::utils::create_file
+.Fa "const std::string& path"
+.Fa "const std::string& contents"
+.Fc
+.Bd -offset indent
+Creates
+.Fa file
+with the text given in
+.Fa contents .
+.Ed
+.Pp
+.Ft void
+.Fo atf::utils::file_exists
+.Fa "const std::string& path"
+.Fc
+.Bd -offset indent
+Checks if
+.Fa path
+exists.
+.Ed
+.Pp
+.Ft pid_t
+.Fo atf::utils::fork
+.Fa "void"
+.Fc
+.Bd -offset indent
+Forks a process and redirects the standard output and standard error of the
+child to files for later validation with
+.Fn atf::utils::wait .
+Fails the test case if the fork fails, so this does not return an error.
+.Ed
+.Pp
+.Ft bool
+.Fo atf::utils::grep_collection
+.Fa "const std::string& regexp"
+.Fa "const Collection& collection"
+.Fc
+.Bd -offset indent
+Searches for the regular expression
+.Fa regexp
+in any of the strings contained in the
+.Fa collection .
+This is a template that accepts any one-dimensional container of strings.
+.Ed
+.Pp
+.Ft bool
+.Fo atf::utils::grep_file
+.Fa "const std::string& regexp"
+.Fa "const std::string& path"
+.Fc
+.Bd -offset indent
+Searches for the regular expression
+.Fa regexp
+in the file
+.Fa path .
+The variable arguments are used to construct the regular expression.
+.Ed
+.Pp
+.Ft bool
+.Fo atf::utils::grep_string
+.Fa "const std::string& regexp"
+.Fa "const std::string& str"
+.Fc
+.Bd -offset indent
+Searches for the regular expression
+.Fa regexp
+in the string
+.Fa str .
+.Ed
+.Ft void
+.Fo atf::utils::redirect
+.Fa "const int fd"
+.Fa "const std::string& path"
+.Fc
+.Bd -offset indent
+Redirects the given file descriptor
+.Fa fd
+to the file
+.Fa path .
+This function exits the process in case of an error and does not properly mark
+the test case as failed.
+As a result, it should only be used in subprocesses of the test case; specially
+those spawned by
+.Fn atf::utils::fork .
+.Ed
+.Pp
+.Ft void
+.Fo atf::utils::wait
+.Fa "const pid_t pid"
+.Fa "const int expected_exit_status"
+.Fa "const std::string& expected_stdout"
+.Fa "const std::string& expected_stderr"
+.Fc
+.Bd -offset indent
+Waits and validates the result of a subprocess spawned with
+.Fn atf::utils::wait .
+The validation involves checking that the subprocess exited cleanly and returned
+the code specified in
+.Fa expected_exit_status
+and that its standard output and standard error match the strings given in
+.Fa expected_stdout
+and
+.Fa expected_stderr .
+.Pp
+If any of the
+.Fa expected_stdout
+or
+.Fa expected_stderr
+strings are prefixed with
+.Sq save: ,
+then they specify the name of the file into which to store the stdout or stderr
+of the subprocess, and no comparison is performed.
+.Ed
.Sh EXAMPLES
The following shows a complete test program with a single test case that
validates the addition operator:
@@ -343,7 +595,7 @@
ATF_TEST_CASE(addition);
ATF_TEST_CASE_HEAD(addition)
{
- set("descr", "Sample tests for the addition operator");
+ set_md_var("descr", "Sample tests for the addition operator");
}
ATF_TEST_CASE_BODY(addition)
{
@@ -359,7 +611,7 @@
ATF_TEST_CASE(open_failure);
ATF_TEST_CASE_HEAD(open_failure)
{
- set("descr", "Sample tests for the open function");
+ set_md_var("descr", "Sample tests for the open function");
}
ATF_TEST_CASE_BODY(open_failure)
{
@@ -369,7 +621,7 @@
ATF_TEST_CASE(known_bug);
ATF_TEST_CASE_HEAD(known_bug)
{
- set("descr", "Reproduces a known bug");
+ set_md_var("descr", "Reproduces a known bug");
}
ATF_TEST_CASE_BODY(known_bug)
{
Added: vendor/bind/dist/unit/atf-src/atf-c++/atf-c++.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/atf-c++.m4 (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/atf-c++.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,48 @@
+dnl
+dnl Automated Testing Framework (atf)
+dnl
+dnl Copyright 2011 Google Inc.
+dnl All rights reserved.
+dnl
+dnl Redistribution and use in source and binary forms, with or without
+dnl modification, are permitted provided that the following conditions are
+dnl met:
+dnl
+dnl * Redistributions of source code must retain the above copyright
+dnl notice, this list of conditions and the following disclaimer.
+dnl * Redistributions in binary form must reproduce the above copyright
+dnl notice, this list of conditions and the following disclaimer in the
+dnl documentation and/or other materials provided with the distribution.
+dnl * Neither the name of Google Inc. nor the names of its contributors
+dnl may be used to endorse or promote products derived from this software
+dnl without specific prior written permission.
+dnl
+dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+dnl "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+dnl LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+dnl A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+dnl OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+dnl SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+dnl LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+dnl DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+dnl THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+dnl OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+dnl
+
+dnl ATF_CHECK_CXX([version-spec])
+dnl
+dnl Checks if atf-c++ is present. If version-spec is provided, ensures that
+dnl the installed version of atf-sh matches the required version. This
+dnl argument must be something like '>= 0.14' and accepts any version
+dnl specification supported by pkg-config.
+dnl
+dnl Defines and substitutes ATF_CXX_CFLAGS and ATF_CXX_LIBS with the compiler
+dnl and linker flags need to build against atf-c++.
+AC_DEFUN([ATF_CHECK_CXX], [
+ spec="atf-c++[]m4_default_nblank([ $1], [])"
+ _ATF_CHECK_ARG_WITH(
+ [PKG_CHECK_MODULES([ATF_CXX], [${spec}],
+ [found=yes found_atf_cxx=yes], [found=no])],
+ [required ${spec} not found])
+])
Modified: vendor/bind/dist/unit/atf-src/atf-c++/check.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/check.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/check.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/check.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/check.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/check.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -39,7 +39,7 @@
#include <string>
#include <vector>
-#include <atf-c++/utils.hpp>
+#include <atf-c++/noncopyable.hpp>
namespace atf {
@@ -60,7 +60,7 @@
//! of executing arbitrary command and manages files containing
//! its output.
//!
-class check_result : utils::noncopyable {
+class check_result : noncopyable {
//!
//! \brief Internal representation of a result.
//!
Modified: vendor/bind/dist/unit/atf-src/atf-c++/check_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/check_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/check_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -191,15 +191,17 @@
}
ATF_TEST_CASE_BODY(build_c_o)
{
+ ATF_TEST_CASE_USE(h_build_c_o_ok);
run_h_tc< ATF_TEST_CASE_NAME(h_build_c_o_ok) >();
- ATF_REQUIRE(grep_file("stdout", "-o test.o"));
- ATF_REQUIRE(grep_file("stdout", "-c test.c"));
+ ATF_REQUIRE(atf::utils::grep_file("-o test.o", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("-c test.c", "stdout"));
+ ATF_TEST_CASE_USE(h_build_c_o_fail);
run_h_tc< ATF_TEST_CASE_NAME(h_build_c_o_fail) >();
- ATF_REQUIRE(grep_file("stdout", "-o test.o"));
- ATF_REQUIRE(grep_file("stdout", "-c test.c"));
- ATF_REQUIRE(grep_file("stderr", "test.c"));
- ATF_REQUIRE(grep_file("stderr", "UNDEFINED_SYMBOL"));
+ ATF_REQUIRE(atf::utils::grep_file("-o test.o", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("-c test.c", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("test.c", "stderr"));
+ ATF_REQUIRE(atf::utils::grep_file("UNDEFINED_SYMBOL", "stderr"));
}
ATF_TEST_CASE(build_cpp);
@@ -209,16 +211,18 @@
}
ATF_TEST_CASE_BODY(build_cpp)
{
+ ATF_TEST_CASE_USE(h_build_cpp_ok);
run_h_tc< ATF_TEST_CASE_NAME(h_build_cpp_ok) >();
- ATF_REQUIRE(grep_file("stdout", "-o.*test.p"));
- ATF_REQUIRE(grep_file("stdout", "test.c"));
- ATF_REQUIRE(grep_file("test.p", "foo bar"));
+ ATF_REQUIRE(atf::utils::grep_file("-o.*test.p", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("test.c", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("foo bar", "test.p"));
+ ATF_TEST_CASE_USE(h_build_cpp_fail);
run_h_tc< ATF_TEST_CASE_NAME(h_build_cpp_fail) >();
- ATF_REQUIRE(grep_file("stdout", "-o test.p"));
- ATF_REQUIRE(grep_file("stdout", "test.c"));
- ATF_REQUIRE(grep_file("stderr", "test.c"));
- ATF_REQUIRE(grep_file("stderr", "non-existent.h"));
+ ATF_REQUIRE(atf::utils::grep_file("-o test.p", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("test.c", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("test.c", "stderr"));
+ ATF_REQUIRE(atf::utils::grep_file("non-existent.h", "stderr"));
}
ATF_TEST_CASE(build_cxx_o);
@@ -228,15 +232,17 @@
}
ATF_TEST_CASE_BODY(build_cxx_o)
{
+ ATF_TEST_CASE_USE(h_build_cxx_o_ok);
run_h_tc< ATF_TEST_CASE_NAME(h_build_cxx_o_ok) >();
- ATF_REQUIRE(grep_file("stdout", "-o test.o"));
- ATF_REQUIRE(grep_file("stdout", "-c test.cpp"));
+ ATF_REQUIRE(atf::utils::grep_file("-o test.o", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("-c test.cpp", "stdout"));
+ ATF_TEST_CASE_USE(h_build_cxx_o_fail);
run_h_tc< ATF_TEST_CASE_NAME(h_build_cxx_o_fail) >();
- ATF_REQUIRE(grep_file("stdout", "-o test.o"));
- ATF_REQUIRE(grep_file("stdout", "-c test.cpp"));
- ATF_REQUIRE(grep_file("stderr", "test.cpp"));
- ATF_REQUIRE(grep_file("stderr", "UNDEFINED_SYMBOL"));
+ ATF_REQUIRE(atf::utils::grep_file("-o test.o", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("-c test.cpp", "stdout"));
+ ATF_REQUIRE(atf::utils::grep_file("test.cpp", "stderr"));
+ ATF_REQUIRE(atf::utils::grep_file("UNDEFINED_SYMBOL", "stderr"));
}
ATF_TEST_CASE(exec_cleanup);
Modified: vendor/bind/dist/unit/atf-src/atf-c++/config.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/config.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/config.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/config.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/config.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/config.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/config_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/config_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/config_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/Atffile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/Atffile 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -3,6 +3,7 @@
prop: test-suite = atf
tp: application_test
+tp: auto_array_test
tp: env_test
tp: exceptions_test
tp: expand_test
Added: vendor/bind/dist/unit/atf-src/atf-c++/detail/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,14 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="application_test"}
+atf_test_program{name="auto_array_test"}
+atf_test_program{name="env_test"}
+atf_test_program{name="exceptions_test"}
+atf_test_program{name="expand_test"}
+atf_test_program{name="fs_test"}
+atf_test_program{name="parser_test"}
+atf_test_program{name="sanity_test"}
+atf_test_program{name="text_test"}
+atf_test_program{name="ui_test"}
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -29,6 +29,7 @@
libatf_c___la_SOURCES += atf-c++/detail/application.cpp \
atf-c++/detail/application.hpp \
+ atf-c++/detail/auto_array.hpp \
atf-c++/detail/env.cpp \
atf-c++/detail/env.hpp \
atf-c++/detail/exceptions.cpp \
@@ -47,7 +48,8 @@
atf-c++/detail/ui.cpp \
atf-c++/detail/ui.hpp
-tests_atf_c___detail_DATA = atf-c++/detail/Atffile
+tests_atf_c___detail_DATA = atf-c++/detail/Atffile \
+ atf-c++/detail/Kyuafile
tests_atf_c___detaildir = $(pkgtestsdir)/atf-c++/detail
EXTRA_DIST += $(tests_atf_c___detail_DATA)
@@ -57,42 +59,46 @@
tests_atf_c___detail_PROGRAMS = atf-c++/detail/application_test
atf_c___detail_application_test_SOURCES = atf-c++/detail/application_test.cpp
-atf_c___detail_application_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_application_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+tests_atf_c___detail_PROGRAMS += atf-c++/detail/auto_array_test
+atf_c___detail_auto_array_test_SOURCES = atf-c++/detail/auto_array_test.cpp
+atf_c___detail_auto_array_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
+
tests_atf_c___detail_PROGRAMS += atf-c++/detail/env_test
atf_c___detail_env_test_SOURCES = atf-c++/detail/env_test.cpp
-atf_c___detail_env_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_env_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/exceptions_test
atf_c___detail_exceptions_test_SOURCES = atf-c++/detail/exceptions_test.cpp
-atf_c___detail_exceptions_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_exceptions_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/expand_test
atf_c___detail_expand_test_SOURCES = atf-c++/detail/expand_test.cpp
-atf_c___detail_expand_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_expand_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/fs_test
atf_c___detail_fs_test_SOURCES = atf-c++/detail/fs_test.cpp
-atf_c___detail_fs_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_fs_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/parser_test
atf_c___detail_parser_test_SOURCES = atf-c++/detail/parser_test.cpp
-atf_c___detail_parser_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_parser_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/process_test
atf_c___detail_process_test_SOURCES = atf-c++/detail/process_test.cpp
-atf_c___detail_process_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_process_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/sanity_test
atf_c___detail_sanity_test_SOURCES = atf-c++/detail/sanity_test.cpp
-atf_c___detail_sanity_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_sanity_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/text_test
atf_c___detail_text_test_SOURCES = atf-c++/detail/text_test.cpp
-atf_c___detail_text_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_text_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_c___detail_PROGRAMS += atf-c++/detail/ui_test
atf_c___detail_ui_test_SOURCES = atf-c++/detail/ui_test.cpp
-atf_c___detail_ui_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_c___detail_ui_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/application.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/application.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/application.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,10 @@
#include <cstring>
#include <iostream>
+extern "C" {
+#include "atf-c/defs.h"
+}
+
#include "application.hpp"
#include "sanity.hpp"
#include "ui.hpp"
@@ -151,7 +155,8 @@
}
void
-impl::app::process_option(int ch, const char* arg)
+impl::app::process_option(int ch ATF_DEFS_ATTRIBUTE_UNUSED,
+ const char* arg ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
@@ -178,6 +183,7 @@
}
int ch;
+ const int old_opterr = ::opterr;
::opterr = 0;
while ((ch = ::getopt(m_argc, m_argv, optstr.c_str())) != -1) {
switch (ch) {
@@ -201,6 +207,7 @@
m_argv += ::optind;
// Clear getopt state just in case the test wants to use it.
+ opterr = old_opterr;
optind = 1;
#if defined(HAVE_OPTRESET)
optreset = 1;
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/application.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/application.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/application.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/application_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/application_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/application_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -52,13 +52,16 @@
char *const argv[] = { arg1, arg2, arg3, arg4, NULL };
int ch;
+ bool zflag;
// Given that this obviously is an application, and that we used the
// same driver to start, we can test getopt(3) right here without doing
// any fancy stuff.
+ zflag = false;
while ((ch = ::getopt(argc, argv, ":Z")) != -1) {
switch (ch) {
case 'Z':
+ zflag = true;
break;
case '?':
@@ -68,6 +71,7 @@
}
}
+ ATF_REQUIRE(zflag);
ATF_REQUIRE_EQ(1, argc - optind);
ATF_REQUIRE_EQ(std::string("foo"), argv[optind]);
Added: vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array.hpp (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,179 @@
+//
+// Automated Testing Framework (atf)
+//
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+// CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+// IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+// GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+// IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+
+#if !defined(_ATF_CXX_AUTO_ARRAY_HPP_)
+#define _ATF_CXX_AUTO_ARRAY_HPP_
+
+#include <cstddef>
+
+namespace atf {
+
+// ------------------------------------------------------------------------
+// The "auto_array" class.
+// ------------------------------------------------------------------------
+
+template< class T >
+struct auto_array_ref {
+ T* m_ptr;
+
+ explicit auto_array_ref(T*);
+};
+
+template< class T >
+auto_array_ref< T >::auto_array_ref(T* ptr) :
+ m_ptr(ptr)
+{
+}
+
+template< class T >
+class auto_array {
+ T* m_ptr;
+
+public:
+ auto_array(T* = NULL) throw();
+ auto_array(auto_array< T >&) throw();
+ auto_array(auto_array_ref< T >) throw();
+ ~auto_array(void) throw();
+
+ T* get(void) throw();
+ const T* get(void) const throw();
+ T* release(void) throw();
+ void reset(T* = NULL) throw();
+
+ auto_array< T >& operator=(auto_array< T >&) throw();
+ auto_array< T >& operator=(auto_array_ref< T >) throw();
+
+ T& operator[](int) throw();
+ operator auto_array_ref< T >(void) throw();
+};
+
+template< class T >
+auto_array< T >::auto_array(T* ptr)
+ throw() :
+ m_ptr(ptr)
+{
+}
+
+template< class T >
+auto_array< T >::auto_array(auto_array< T >& ptr)
+ throw() :
+ m_ptr(ptr.release())
+{
+}
+
+template< class T >
+auto_array< T >::auto_array(auto_array_ref< T > ref)
+ throw() :
+ m_ptr(ref.m_ptr)
+{
+}
+
+template< class T >
+auto_array< T >::~auto_array(void)
+ throw()
+{
+ if (m_ptr != NULL)
+ delete [] m_ptr;
+}
+
+template< class T >
+T*
+auto_array< T >::get(void)
+ throw()
+{
+ return m_ptr;
+}
+
+template< class T >
+const T*
+auto_array< T >::get(void)
+ const throw()
+{
+ return m_ptr;
+}
+
+template< class T >
+T*
+auto_array< T >::release(void)
+ throw()
+{
+ T* ptr = m_ptr;
+ m_ptr = NULL;
+ return ptr;
+}
+
+template< class T >
+void
+auto_array< T >::reset(T* ptr)
+ throw()
+{
+ if (m_ptr != NULL)
+ delete [] m_ptr;
+ m_ptr = ptr;
+}
+
+template< class T >
+auto_array< T >&
+auto_array< T >::operator=(auto_array< T >& ptr)
+ throw()
+{
+ reset(ptr.release());
+ return *this;
+}
+
+template< class T >
+auto_array< T >&
+auto_array< T >::operator=(auto_array_ref< T > ref)
+ throw()
+{
+ if (m_ptr != ref.m_ptr) {
+ delete [] m_ptr;
+ m_ptr = ref.m_ptr;
+ }
+ return *this;
+}
+
+template< class T >
+T&
+auto_array< T >::operator[](int pos)
+ throw()
+{
+ return m_ptr[pos];
+}
+
+template< class T >
+auto_array< T >::operator auto_array_ref< T >(void)
+ throw()
+{
+ return auto_array_ref< T >(release());
+}
+
+} // namespace atf
+
+#endif // !defined(_ATF_CXX_AUTO_ARRAY_HPP_)
Added: vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array_test.cpp (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/auto_array_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,304 @@
+//
+// Automated Testing Framework (atf)
+//
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+// CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+// IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+// GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+// IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+
+extern "C" {
+#include <sys/types.h>
+}
+
+#include <iostream>
+
+#include "atf-c/defs.h"
+
+#include "../macros.hpp"
+
+#include "auto_array.hpp"
+
+// ------------------------------------------------------------------------
+// Tests for the "auto_array" class.
+// ------------------------------------------------------------------------
+
+class test_array {
+public:
+ int m_value;
+
+ static ssize_t m_nblocks;
+
+ static
+ atf::auto_array< test_array >
+ do_copy(atf::auto_array< test_array >& ta)
+ {
+ return atf::auto_array< test_array >(ta);
+ }
+
+ void* operator new(size_t size ATF_DEFS_ATTRIBUTE_UNUSED)
+ {
+ ATF_FAIL("New called but should have been new[]");
+ return new int(5);
+ }
+
+ void* operator new[](size_t size)
+ {
+ m_nblocks++;
+ void* mem = ::operator new(size);
+ std::cout << "Allocated 'test_array' object " << mem << "\n";
+ return mem;
+ }
+
+ void operator delete(void* mem ATF_DEFS_ATTRIBUTE_UNUSED)
+ {
+ ATF_FAIL("Delete called but should have been delete[]");
+ }
+
+ void operator delete[](void* mem)
+ {
+ std::cout << "Releasing 'test_array' object " << mem << "\n";
+ if (m_nblocks == 0)
+ ATF_FAIL("Unbalanced delete[]");
+ m_nblocks--;
+ ::operator delete(mem);
+ }
+};
+
+ssize_t test_array::m_nblocks = 0;
+
+ATF_TEST_CASE(auto_array_scope);
+ATF_TEST_CASE_HEAD(auto_array_scope)
+{
+ set_md_var("descr", "Tests the automatic scope handling in the "
+ "auto_array smart pointer class");
+}
+ATF_TEST_CASE_BODY(auto_array_scope)
+{
+ using atf::auto_array;
+
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ {
+ auto_array< test_array > t(new test_array[10]);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+}
+
+ATF_TEST_CASE(auto_array_copy);
+ATF_TEST_CASE_HEAD(auto_array_copy)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' copy "
+ "constructor");
+}
+ATF_TEST_CASE_BODY(auto_array_copy)
+{
+ using atf::auto_array;
+
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ {
+ auto_array< test_array > t1(new test_array[10]);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+
+ {
+ auto_array< test_array > t2(t1);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+}
+
+ATF_TEST_CASE(auto_array_copy_ref);
+ATF_TEST_CASE_HEAD(auto_array_copy_ref)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' copy "
+ "constructor through the auxiliary auto_array_ref object");
+}
+ATF_TEST_CASE_BODY(auto_array_copy_ref)
+{
+ using atf::auto_array;
+
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ {
+ auto_array< test_array > t1(new test_array[10]);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+
+ {
+ auto_array< test_array > t2 = test_array::do_copy(t1);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+}
+
+ATF_TEST_CASE(auto_array_get);
+ATF_TEST_CASE_HEAD(auto_array_get)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' get "
+ "method");
+}
+ATF_TEST_CASE_BODY(auto_array_get)
+{
+ using atf::auto_array;
+
+ test_array* ta = new test_array[10];
+ auto_array< test_array > t(ta);
+ ATF_REQUIRE_EQ(t.get(), ta);
+}
+
+ATF_TEST_CASE(auto_array_release);
+ATF_TEST_CASE_HEAD(auto_array_release)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' release "
+ "method");
+}
+ATF_TEST_CASE_BODY(auto_array_release)
+{
+ using atf::auto_array;
+
+ test_array* ta1 = new test_array[10];
+ {
+ auto_array< test_array > t(ta1);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ test_array* ta2 = t.release();
+ ATF_REQUIRE_EQ(ta2, ta1);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ delete [] ta1;
+}
+
+ATF_TEST_CASE(auto_array_reset);
+ATF_TEST_CASE_HEAD(auto_array_reset)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' reset "
+ "method");
+}
+ATF_TEST_CASE_BODY(auto_array_reset)
+{
+ using atf::auto_array;
+
+ test_array* ta1 = new test_array[10];
+ test_array* ta2 = new test_array[10];
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 2);
+
+ {
+ auto_array< test_array > t(ta1);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 2);
+ t.reset(ta2);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ t.reset();
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+}
+
+ATF_TEST_CASE(auto_array_assign);
+ATF_TEST_CASE_HEAD(auto_array_assign)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' "
+ "assignment operator");
+}
+ATF_TEST_CASE_BODY(auto_array_assign)
+{
+ using atf::auto_array;
+
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ {
+ auto_array< test_array > t1(new test_array[10]);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+
+ {
+ auto_array< test_array > t2;
+ t2 = t1;
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+}
+
+ATF_TEST_CASE(auto_array_assign_ref);
+ATF_TEST_CASE_HEAD(auto_array_assign_ref)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' "
+ "assignment operator through the auxiliary auto_array_ref "
+ "object");
+}
+ATF_TEST_CASE_BODY(auto_array_assign_ref)
+{
+ using atf::auto_array;
+
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ {
+ auto_array< test_array > t1(new test_array[10]);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+
+ {
+ auto_array< test_array > t2;
+ t2 = test_array::do_copy(t1);
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ }
+ ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+}
+
+ATF_TEST_CASE(auto_array_access);
+ATF_TEST_CASE_HEAD(auto_array_access)
+{
+ set_md_var("descr", "Tests the auto_array smart pointer class' access "
+ "operator");
+}
+ATF_TEST_CASE_BODY(auto_array_access)
+{
+ using atf::auto_array;
+
+ auto_array< test_array > t(new test_array[10]);
+
+ for (int i = 0; i < 10; i++)
+ t[i].m_value = i * 2;
+
+ for (int i = 0; i < 10; i++)
+ ATF_REQUIRE_EQ(t[i].m_value, i * 2);
+}
+
+// ------------------------------------------------------------------------
+// Main.
+// ------------------------------------------------------------------------
+
+ATF_INIT_TEST_CASES(tcs)
+{
+ // Add the test for the "auto_array" class.
+ ATF_ADD_TEST_CASE(tcs, auto_array_scope);
+ ATF_ADD_TEST_CASE(tcs, auto_array_copy);
+ ATF_ADD_TEST_CASE(tcs, auto_array_copy_ref);
+ ATF_ADD_TEST_CASE(tcs, auto_array_get);
+ ATF_ADD_TEST_CASE(tcs, auto_array_release);
+ ATF_ADD_TEST_CASE(tcs, auto_array_reset);
+ ATF_ADD_TEST_CASE(tcs, auto_array_assign);
+ ATF_ADD_TEST_CASE(tcs, auto_array_assign_ref);
+ ATF_ADD_TEST_CASE(tcs, auto_array_access);
+}
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/env.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/env.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/env.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/env.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/env.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/env.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/env_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/env_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/env_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -34,6 +34,7 @@
#include <cstdarg>
#include <cstdio>
#include <cstring>
+#include <new>
extern "C" {
#include "../../atf-c/error.h"
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -31,6 +31,7 @@
#define _ATF_CXX_EXCEPTIONS_HPP_
#include <stdexcept>
+#include <string>
extern "C" {
struct atf_error;
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/exceptions_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -32,6 +32,7 @@
}
#include <cstdio>
+#include <new>
#include "../macros.hpp"
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/expand.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/expand_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/expand_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/expand_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/fs.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/fs_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/fs_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/fs_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/parser.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/parser_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/parser_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/parser_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/process.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/process.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/process.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2008 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -50,10 +50,10 @@
// ------------------------------------------------------------------------
template< class C >
-atf::utils::auto_array< const char* >
+atf::auto_array< const char* >
collection_to_argv(const C& c)
{
- atf::utils::auto_array< const char* > argv(new const char*[c.size() + 1]);
+ atf::auto_array< const char* > argv(new const char*[c.size() + 1]);
std::size_t pos = 0;
for (typename C::const_iterator iter = c.begin(); iter != c.end();
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/process.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/process.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/process.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2008 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -41,11 +41,10 @@
#include <string>
#include <vector>
+#include "auto_array.hpp"
#include "exceptions.hpp"
#include "fs.hpp"
-#include "../utils.hpp"
-
namespace atf {
namespace process {
@@ -64,7 +63,7 @@
// std::tr1::shared_array instead when it becomes widely available.
// The reason would be to remove all copy constructors and assignment
// operators from this class.
- utils::auto_array< const char* > m_exec_argv;
+ auto_array< const char* > m_exec_argv;
void ctor_init_exec_argv(void);
public:
@@ -118,7 +117,7 @@
child fork(void (*)(void*), const OutStream&, const ErrStream&, void*);
template< class OutStream, class ErrStream > friend
status exec(const atf::fs::path&, const argv_array&,
- const OutStream&, const ErrStream&);
+ const OutStream&, const ErrStream&, void (*)(void));
public:
stream_capture(void);
@@ -130,7 +129,7 @@
child fork(void (*)(void*), const OutStream&, const ErrStream&, void*);
template< class OutStream, class ErrStream > friend
status exec(const atf::fs::path&, const argv_array&,
- const OutStream&, const ErrStream&);
+ const OutStream&, const ErrStream&, void (*)(void));
public:
stream_connect(const int, const int);
@@ -142,7 +141,7 @@
child fork(void (*)(void*), const OutStream&, const ErrStream&, void*);
template< class OutStream, class ErrStream > friend
status exec(const atf::fs::path&, const argv_array&,
- const OutStream&, const ErrStream&);
+ const OutStream&, const ErrStream&, void (*)(void));
public:
stream_inherit(void);
@@ -154,7 +153,7 @@
child fork(void (*)(void*), const OutStream&, const ErrStream&, void*);
template< class OutStream, class ErrStream > friend
status exec(const atf::fs::path&, const argv_array&,
- const OutStream&, const ErrStream&);
+ const OutStream&, const ErrStream&, void (*)(void));
public:
stream_redirect_fd(const int);
@@ -166,7 +165,7 @@
child fork(void (*)(void*), const OutStream&, const ErrStream&, void*);
template< class OutStream, class ErrStream > friend
status exec(const atf::fs::path&, const argv_array&,
- const OutStream&, const ErrStream&);
+ const OutStream&, const ErrStream&, void (*)(void));
public:
stream_redirect_path(const fs::path&);
@@ -182,7 +181,7 @@
friend class child;
template< class OutStream, class ErrStream > friend
status exec(const atf::fs::path&, const argv_array&,
- const OutStream&, const ErrStream&);
+ const OutStream&, const ErrStream&, void (*)(void));
status(atf_process_status_t&);
@@ -249,7 +248,8 @@
template< class OutStream, class ErrStream >
status
exec(const atf::fs::path& prog, const argv_array& argv,
- const OutStream& outsb, const ErrStream& errsb)
+ const OutStream& outsb, const ErrStream& errsb,
+ void (*prehook)(void))
{
atf_process_status_t s;
@@ -257,7 +257,8 @@
atf_error_t err = atf_process_exec_array(&s, prog.c_path(),
argv.exec_argv(),
outsb.get_sb(),
- errsb.get_sb());
+ errsb.get_sb(),
+ prehook);
if (atf_is_error(err))
throw_atf_error(err);
@@ -264,6 +265,14 @@
return status(s);
}
+template< class OutStream, class ErrStream >
+status
+exec(const atf::fs::path& prog, const argv_array& argv,
+ const OutStream& outsb, const ErrStream& errsb)
+{
+ return exec(prog, argv, outsb, errsb, NULL);
+}
+
} // namespace process
} // namespace atf
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/process_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/process_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/process_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2008 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/sanity.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/sanity.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/sanity.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2009 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -27,10 +27,6 @@
// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
-extern "C" {
-#include <regex.h>
-}
-
#include <fstream>
#include <iostream>
#include <string>
@@ -45,27 +41,31 @@
#include "test_helpers.hpp"
void
-build_check_cxx_o_aux(const atf::fs::path& sfile, const char* failmsg)
+build_check_cxx_o_aux(const atf::fs::path& sfile, const char* failmsg,
+ const bool expect_pass)
{
std::vector< std::string > optargs;
optargs.push_back("-I" + atf::config::get("atf_includedir"));
+ optargs.push_back("-Wall");
+ optargs.push_back("-Werror");
- if (!atf::check::build_cxx_o(sfile.str(), "test.o",
- atf::process::argv_array(optargs)))
+ const bool result = atf::check::build_cxx_o(
+ sfile.str(), "test.o", atf::process::argv_array(optargs));
+ if ((expect_pass && !result) || (!expect_pass && result))
ATF_FAIL(failmsg);
}
void
build_check_cxx_o(const atf::tests::tc& tc, const char* sfile,
- const char* failmsg)
+ const char* failmsg, const bool expect_pass)
{
const atf::fs::path sfilepath =
atf::fs::path(tc.get_config_var("srcdir")) / sfile;
- build_check_cxx_o_aux(sfilepath, failmsg);
+ build_check_cxx_o_aux(sfilepath, failmsg, expect_pass);
}
void
-header_check(const atf::tests::tc& tc, const char *hdrname)
+header_check(const char *hdrname)
{
std::ofstream srcfile("test.c");
ATF_REQUIRE(srcfile);
@@ -74,7 +74,7 @@
const std::string failmsg = std::string("Header check failed; ") +
hdrname + " is not self-contained";
- build_check_cxx_o_aux(atf::fs::path("test.c"), failmsg.c_str());
+ build_check_cxx_o_aux(atf::fs::path("test.c"), failmsg.c_str(), true);
}
atf::fs::path
@@ -84,43 +84,6 @@
".." / "atf-c" / "detail" / "process_helpers";
}
-bool
-grep_file(const char* name, const char* regex)
-{
- std::ifstream is(name);
- ATF_REQUIRE(is);
-
- bool found = false;
-
- std::string line;
- std::getline(is, line);
- while (!found && is.good()) {
- if (grep_string(line, regex))
- found = true;
- else
- std::getline(is, line);
- }
-
- return found;
-}
-
-bool
-grep_string(const std::string& str, const char* regex)
-{
- int res;
- regex_t preg;
-
- std::cout << "Looking for '" << regex << "' in '" << str << "'\n";
- ATF_REQUIRE(::regcomp(&preg, regex, REG_EXTENDED) == 0);
-
- res = ::regexec(&preg, str.c_str(), 0, NULL, 0);
- ATF_REQUIRE(res == 0 || res == REG_NOMATCH);
-
- ::regfree(&preg);
-
- return res == 0;
-}
-
void
test_helpers_detail::check_equal(const char* expected[],
const string_vector& actual)
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/test_helpers.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2009 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -53,7 +53,7 @@
} \
ATF_TEST_CASE_BODY(name) \
{ \
- header_check(*this, hdrname); \
+ header_check(hdrname); \
}
#define BUILD_TC(name, sfile, descr, failmsg) \
@@ -64,9 +64,20 @@
} \
ATF_TEST_CASE_BODY(name) \
{ \
- build_check_cxx_o(*this, sfile, failmsg); \
+ build_check_cxx_o(*this, sfile, failmsg, true); \
}
+#define BUILD_TC_FAIL(name, sfile, descr, failmsg) \
+ ATF_TEST_CASE(name); \
+ ATF_TEST_CASE_HEAD(name) \
+ { \
+ set_md_var("descr", descr); \
+ } \
+ ATF_TEST_CASE_BODY(name) \
+ { \
+ build_check_cxx_o(*this, sfile, failmsg, false); \
+ }
+
namespace atf {
namespace tests {
class tc;
@@ -73,11 +84,9 @@
}
}
-void header_check(const atf::tests::tc&, const char*);
-void build_check_cxx_o(const atf::tests::tc&, const char*, const char*);
+void header_check(const char*);
+void build_check_cxx_o(const atf::tests::tc&, const char*, const char*, bool);
atf::fs::path get_process_helpers_path(const atf::tests::tc&);
-bool grep_file(const char*, const char*);
-bool grep_string(const std::string&, const char*);
struct run_h_tc_data {
const atf::tests::vars_map& m_config;
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/text.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/text.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/text.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -133,3 +133,28 @@
return b;
}
+
+int64_t
+impl::to_bytes(std::string str)
+{
+ if (str.empty())
+ throw std::runtime_error("Empty value");
+
+ const char unit = str[str.length() - 1];
+ int64_t multiplier;
+ switch (unit) {
+ case 'k': case 'K': multiplier = 1 << 10; break;
+ case 'm': case 'M': multiplier = 1 << 20; break;
+ case 'g': case 'G': multiplier = 1 << 30; break;
+ case 't': case 'T': multiplier = int64_t(1) << 40; break;
+ default:
+ if (!std::isdigit(unit))
+ throw std::runtime_error(std::string("Unknown size unit '") + unit
+ + "'");
+ multiplier = 1;
+ }
+ if (multiplier != 1)
+ str.erase(str.length() - 1);
+
+ return to_type< int64_t >(str) * multiplier;
+}
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/text.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/text.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/text.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -30,6 +30,10 @@
#if !defined(_ATF_CXX_TEXT_HPP_)
#define _ATF_CXX_TEXT_HPP_
+extern "C" {
+#include <stdint.h>
+}
+
#include <sstream>
#include <stdexcept>
#include <string>
@@ -98,6 +102,11 @@
bool to_bool(const std::string&);
//!
+//! \brief Converts the given string to a bytes size.
+//!
+int64_t to_bytes(std::string);
+
+//!
//! \brief Changes the case of a string to lowercase.
//!
//! Returns a new string that is a lowercased version of the original
@@ -133,7 +142,7 @@
std::istringstream ss(str);
T value;
ss >> value;
- if (!ss.eof() || (!ss.eof() && !ss.good()))
+ if (!ss.eof() || (ss.eof() && (ss.fail() || ss.bad())))
throw std::runtime_error("Cannot convert string to requested type");
return value;
}
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/text_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/text_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/text_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -310,6 +310,29 @@
ATF_REQUIRE_THROW(std::runtime_error, to_bool("false2"));
}
+ATF_TEST_CASE(to_bytes);
+ATF_TEST_CASE_HEAD(to_bytes)
+{
+ set_md_var("descr", "Tests the to_bytes function");
+}
+ATF_TEST_CASE_BODY(to_bytes)
+{
+ using atf::text::to_bytes;
+
+ ATF_REQUIRE_EQ(0, to_bytes("0"));
+ ATF_REQUIRE_EQ(12345, to_bytes("12345"));
+ ATF_REQUIRE_EQ(2 * 1024, to_bytes("2k"));
+ ATF_REQUIRE_EQ(4 * 1024 * 1024, to_bytes("4m"));
+ ATF_REQUIRE_EQ(int64_t(8) * 1024 * 1024 * 1024, to_bytes("8g"));
+ ATF_REQUIRE_EQ(int64_t(16) * 1024 * 1024 * 1024 * 1024, to_bytes("16t"));
+
+ ATF_REQUIRE_THROW_RE(std::runtime_error, "Empty", to_bytes(""));
+ ATF_REQUIRE_THROW_RE(std::runtime_error, "Unknown size unit 'd'",
+ to_bytes("12d"));
+ ATF_REQUIRE_THROW(std::runtime_error, to_bytes(" "));
+ ATF_REQUIRE_THROW(std::runtime_error, to_bytes(" k"));
+}
+
ATF_TEST_CASE(to_string);
ATF_TEST_CASE_HEAD(to_string)
{
@@ -335,6 +358,7 @@
ATF_REQUIRE_EQ(to_type< int >("0"), 0);
ATF_REQUIRE_EQ(to_type< int >("1234"), 1234);
+ ATF_REQUIRE_THROW(std::runtime_error, to_type< int >(" "));
ATF_REQUIRE_THROW(std::runtime_error, to_type< int >("0 a"));
ATF_REQUIRE_THROW(std::runtime_error, to_type< int >("a"));
@@ -360,6 +384,7 @@
ATF_ADD_TEST_CASE(tcs, split_delims);
ATF_ADD_TEST_CASE(tcs, trim);
ATF_ADD_TEST_CASE(tcs, to_bool);
+ ATF_ADD_TEST_CASE(tcs, to_bytes);
ATF_ADD_TEST_CASE(tcs, to_string);
ATF_ADD_TEST_CASE(tcs, to_type);
}
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -28,11 +28,10 @@
//
extern "C" {
-#include <unistd.h>
-
#include <sys/ioctl.h>
#include <termios.h>
+#include <unistd.h>
}
#include <sstream>
Modified: vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/detail/ui.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/macros.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/macros.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/macros.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -36,31 +36,48 @@
#include <atf-c++/tests.hpp>
+// Do not define inline methods for the test case classes. Doing so
+// significantly increases the memory requirements of GNU G++ during
+// compilation.
+
#define ATF_TEST_CASE_WITHOUT_HEAD(name) \
+ namespace { \
class atfu_tc_ ## name : public atf::tests::tc { \
void body(void) const; \
public: \
- atfu_tc_ ## name(void) : atf::tests::tc(#name, false) {} \
- };
+ atfu_tc_ ## name(void); \
+ }; \
+ static atfu_tc_ ## name* atfu_tcptr_ ## name; \
+ atfu_tc_ ## name::atfu_tc_ ## name(void) : atf::tests::tc(#name, false) {} \
+ }
#define ATF_TEST_CASE(name) \
+ namespace { \
class atfu_tc_ ## name : public atf::tests::tc { \
void head(void); \
void body(void) const; \
public: \
- atfu_tc_ ## name(void) : atf::tests::tc(#name, false) {} \
- };
+ atfu_tc_ ## name(void); \
+ }; \
+ static atfu_tc_ ## name* atfu_tcptr_ ## name; \
+ atfu_tc_ ## name::atfu_tc_ ## name(void) : atf::tests::tc(#name, false) {} \
+ }
#define ATF_TEST_CASE_WITH_CLEANUP(name) \
+ namespace { \
class atfu_tc_ ## name : public atf::tests::tc { \
void head(void); \
void body(void) const; \
void cleanup(void) const; \
public: \
- atfu_tc_ ## name(void) : atf::tests::tc(#name, true) {} \
- };
+ atfu_tc_ ## name(void); \
+ }; \
+ static atfu_tc_ ## name* atfu_tcptr_ ## name; \
+ atfu_tc_ ## name::atfu_tc_ ## name(void) : atf::tests::tc(#name, true) {} \
+ }
#define ATF_TEST_CASE_NAME(name) atfu_tc_ ## name
+#define ATF_TEST_CASE_USE(name) (atfu_tcptr_ ## name) = NULL
#define ATF_TEST_CASE_HEAD(name) \
void \
@@ -101,6 +118,12 @@
} \
} while (false)
+#define ATF_REQUIRE_IN(element, collection) \
+ ATF_REQUIRE((collection).find(element) != (collection).end())
+
+#define ATF_REQUIRE_NOT_IN(element, collection) \
+ ATF_REQUIRE((collection).find(element) == (collection).end())
+
#define ATF_REQUIRE_MATCH(regexp, string) \
do { \
if (!atf::tests::detail::match(regexp, string)) { \
@@ -192,8 +215,8 @@
#define ATF_ADD_TEST_CASE(tcs, tcname) \
do { \
- atf::tests::tc* tcptr = new atfu_tc_ ## tcname(); \
- (tcs).push_back(tcptr); \
+ atfu_tcptr_ ## tcname = new atfu_tc_ ## tcname(); \
+ (tcs).push_back(atfu_tcptr_ ## tcname); \
} while (0);
#endif // !defined(_ATF_CXX_MACROS_HPP_)
Modified: vendor/bind/dist/unit/atf-src/atf-c++/macros_hpp_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/macros_hpp_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/macros_hpp_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2008 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -106,6 +106,7 @@
ATF_TEST_CASE_HEAD(TEST_MACRO_1) { }
ATF_TEST_CASE_BODY(TEST_MACRO_1) { }
void instantiate_1(void) {
+ ATF_TEST_CASE_USE(TEST_MACRO_1);
atf::tests::tc* the_test = new ATF_TEST_CASE_NAME(TEST_MACRO_1)();
delete the_test;
}
@@ -114,12 +115,16 @@
ATF_TEST_CASE_BODY(TEST_MACRO_2) { }
ATF_TEST_CASE_CLEANUP(TEST_MACRO_2) { }
void instatiate_2(void) {
+ ATF_TEST_CASE_USE(TEST_MACRO_2);
atf::tests::tc* the_test = new ATF_TEST_CASE_NAME(TEST_MACRO_2)();
delete the_test;
}
ATF_TEST_CASE_WITH_CLEANUP(TEST_MACRO_3);
+ATF_TEST_CASE_HEAD(TEST_MACRO_3) { }
ATF_TEST_CASE_BODY(TEST_MACRO_3) { }
+ATF_TEST_CASE_CLEANUP(TEST_MACRO_3) { }
void instatiate_3(void) {
+ ATF_TEST_CASE_USE(TEST_MACRO_3);
atf::tests::tc* the_test = new ATF_TEST_CASE_NAME(TEST_MACRO_3)();
delete the_test;
}
Modified: vendor/bind/dist/unit/atf-src/atf-c++/macros_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/macros_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/macros_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2008 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -38,6 +38,7 @@
#include <stdexcept>
#include "macros.hpp"
+#include "utils.hpp"
#include "detail/fs.hpp"
#include "detail/process.hpp"
@@ -51,7 +52,7 @@
static
void
-create_ctl_file(const atf::tests::tc& tc, const char *name)
+create_ctl_file(const char *name)
{
ATF_REQUIRE(open(name, O_CREAT | O_WRONLY | O_TRUNC, 0644) != -1);
}
@@ -67,9 +68,9 @@
}
ATF_TEST_CASE_BODY(h_pass)
{
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
ATF_PASS();
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
ATF_TEST_CASE(h_fail);
@@ -79,9 +80,9 @@
}
ATF_TEST_CASE_BODY(h_fail)
{
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
ATF_FAIL("Failed on purpose");
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
ATF_TEST_CASE(h_skip);
@@ -91,9 +92,9 @@
}
ATF_TEST_CASE_BODY(h_skip)
{
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
ATF_SKIP("Skipped on purpose");
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
ATF_TEST_CASE(h_require);
@@ -105,9 +106,9 @@
{
bool condition = atf::text::to_bool(get_config_var("condition"));
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
ATF_REQUIRE(condition);
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
ATF_TEST_CASE(h_require_eq);
@@ -120,11 +121,30 @@
long v1 = atf::text::to_type< long >(get_config_var("v1"));
long v2 = atf::text::to_type< long >(get_config_var("v2"));
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
ATF_REQUIRE_EQ(v1, v2);
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
+ATF_TEST_CASE(h_require_in);
+ATF_TEST_CASE_HEAD(h_require_in)
+{
+ set_md_var("descr", "Helper test case");
+}
+ATF_TEST_CASE_BODY(h_require_in)
+{
+ const std::string element = get_config_var("value");
+
+ std::set< std::string > collection;
+ collection.insert("foo");
+ collection.insert("bar");
+ collection.insert("baz");
+
+ create_ctl_file("before");
+ ATF_REQUIRE_IN(element, collection);
+ create_ctl_file("after");
+}
+
ATF_TEST_CASE(h_require_match);
ATF_TEST_CASE_HEAD(h_require_match)
{
@@ -135,11 +155,30 @@
const std::string regexp = get_config_var("regexp");
const std::string string = get_config_var("string");
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
ATF_REQUIRE_MATCH(regexp, string);
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
+ATF_TEST_CASE(h_require_not_in);
+ATF_TEST_CASE_HEAD(h_require_not_in)
+{
+ set_md_var("descr", "Helper test case");
+}
+ATF_TEST_CASE_BODY(h_require_not_in)
+{
+ const std::string element = get_config_var("value");
+
+ std::set< std::string > collection;
+ collection.insert("foo");
+ collection.insert("bar");
+ collection.insert("baz");
+
+ create_ctl_file("before");
+ ATF_REQUIRE_NOT_IN(element, collection);
+ create_ctl_file("after");
+}
+
ATF_TEST_CASE(h_require_throw);
ATF_TEST_CASE_HEAD(h_require_throw)
{
@@ -147,7 +186,7 @@
}
ATF_TEST_CASE_BODY(h_require_throw)
{
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
if (get_config_var("what") == "throw_int")
ATF_REQUIRE_THROW(std::runtime_error, if (1) throw int(5));
@@ -158,7 +197,7 @@
ATF_REQUIRE_THROW(std::runtime_error,
if (0) throw std::runtime_error("e"));
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
ATF_TEST_CASE(h_require_throw_re);
@@ -168,7 +207,7 @@
}
ATF_TEST_CASE_BODY(h_require_throw_re)
{
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
if (get_config_var("what") == "throw_int")
ATF_REQUIRE_THROW_RE(std::runtime_error, "5", if (1) throw int(5));
@@ -182,7 +221,7 @@
ATF_REQUIRE_THROW_RE(std::runtime_error, "e",
if (0) throw std::runtime_error("e"));
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
static int
@@ -205,7 +244,7 @@
}
ATF_TEST_CASE_BODY(h_check_errno)
{
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
if (get_config_var("what") == "no_error")
ATF_CHECK_ERRNO(-1, errno_ok_stub() == -1);
@@ -216,7 +255,7 @@
else
UNREACHABLE;
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
ATF_TEST_CASE(h_require_errno);
@@ -226,7 +265,7 @@
}
ATF_TEST_CASE_BODY(h_require_errno)
{
- create_ctl_file(*this, "before");
+ create_ctl_file("before");
if (get_config_var("what") == "no_error")
ATF_REQUIRE_ERRNO(-1, errno_ok_stub() == -1);
@@ -237,7 +276,7 @@
else
UNREACHABLE;
- create_ctl_file(*this, "after");
+ create_ctl_file("after");
}
// ------------------------------------------------------------------------
@@ -251,8 +290,9 @@
}
ATF_TEST_CASE_BODY(pass)
{
+ ATF_TEST_CASE_USE(h_pass);
run_h_tc< ATF_TEST_CASE_NAME(h_pass) >();
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
ATF_REQUIRE(atf::fs::exists(atf::fs::path("before")));
ATF_REQUIRE(!atf::fs::exists(atf::fs::path("after")));
}
@@ -264,8 +304,9 @@
}
ATF_TEST_CASE_BODY(fail)
{
+ ATF_TEST_CASE_USE(h_fail);
run_h_tc< ATF_TEST_CASE_NAME(h_fail) >();
- ATF_REQUIRE(grep_file("result", "^failed: Failed on purpose"));
+ ATF_REQUIRE(atf::utils::grep_file("^failed: Failed on purpose", "result"));
ATF_REQUIRE(atf::fs::exists(atf::fs::path("before")));
ATF_REQUIRE(!atf::fs::exists(atf::fs::path("after")));
}
@@ -277,8 +318,10 @@
}
ATF_TEST_CASE_BODY(skip)
{
+ ATF_TEST_CASE_USE(h_skip);
run_h_tc< ATF_TEST_CASE_NAME(h_skip) >();
- ATF_REQUIRE(grep_file("result", "^skipped: Skipped on purpose"));
+ ATF_REQUIRE(atf::utils::grep_file("^skipped: Skipped on purpose",
+ "result"));
ATF_REQUIRE(atf::fs::exists(atf::fs::path("before")));
ATF_REQUIRE(!atf::fs::exists(atf::fs::path("after")));
}
@@ -308,14 +351,16 @@
std::cout << "Checking with a " << t->cond << " value\n";
+ ATF_TEST_CASE_USE(h_require);
run_h_tc< ATF_TEST_CASE_NAME(h_require) >(config);
ATF_REQUIRE(atf::fs::exists(before));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
ATF_REQUIRE(atf::fs::exists(after));
} else {
- ATF_REQUIRE(grep_file("result", "^failed: .*condition not met"));
+ ATF_REQUIRE(atf::utils::grep_file(
+ "^failed: .*condition not met", "result"));
ATF_REQUIRE(!atf::fs::exists(after));
}
@@ -356,14 +401,15 @@
<< " and expecting " << (t->ok ? "true" : "false")
<< "\n";
+ ATF_TEST_CASE_USE(h_require_eq);
run_h_tc< ATF_TEST_CASE_NAME(h_require_eq) >(config);
ATF_REQUIRE(atf::fs::exists(before));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
ATF_REQUIRE(atf::fs::exists(after));
} else {
- ATF_REQUIRE(grep_file("result", "^failed: .*v1 != v2"));
+ ATF_REQUIRE(atf::utils::grep_file("^failed: .*v1 != v2", "result"));
ATF_REQUIRE(!atf::fs::exists(after));
}
@@ -373,6 +419,51 @@
}
}
+ATF_TEST_CASE(require_in);
+ATF_TEST_CASE_HEAD(require_in)
+{
+ set_md_var("descr", "Tests the ATF_REQUIRE_IN macro");
+}
+ATF_TEST_CASE_BODY(require_in)
+{
+ struct test {
+ const char *value;
+ bool ok;
+ } *t, tests[] = {
+ { "foo", true },
+ { "bar", true },
+ { "baz", true },
+ { "xxx", false },
+ { "fooa", false },
+ { "foo ", false },
+ { NULL, false }
+ };
+
+ const atf::fs::path before("before");
+ const atf::fs::path after("after");
+
+ for (t = &tests[0]; t->value != NULL; t++) {
+ atf::tests::vars_map config;
+ config["value"] = t->value;
+
+ ATF_TEST_CASE_USE(h_require_in);
+ run_h_tc< ATF_TEST_CASE_NAME(h_require_in) >(config);
+
+ ATF_REQUIRE(atf::fs::exists(before));
+ if (t->ok) {
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
+ ATF_REQUIRE(atf::fs::exists(after));
+ } else {
+ ATF_REQUIRE(atf::utils::grep_file("^failed: ", "result"));
+ ATF_REQUIRE(!atf::fs::exists(after));
+ }
+
+ atf::fs::remove(before);
+ if (t->ok)
+ atf::fs::remove(after);
+ }
+}
+
ATF_TEST_CASE(require_match);
ATF_TEST_CASE_HEAD(require_match)
{
@@ -402,14 +493,15 @@
<< " and expecting " << (t->ok ? "true" : "false")
<< "\n";
+ ATF_TEST_CASE_USE(h_require_match);
run_h_tc< ATF_TEST_CASE_NAME(h_require_match) >(config);
ATF_REQUIRE(atf::fs::exists(before));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
ATF_REQUIRE(atf::fs::exists(after));
} else {
- ATF_REQUIRE(grep_file("result", "^failed: "));
+ ATF_REQUIRE(atf::utils::grep_file("^failed: ", "result"));
ATF_REQUIRE(!atf::fs::exists(after));
}
@@ -419,6 +511,51 @@
}
}
+ATF_TEST_CASE(require_not_in);
+ATF_TEST_CASE_HEAD(require_not_in)
+{
+ set_md_var("descr", "Tests the ATF_REQUIRE_NOT_IN macro");
+}
+ATF_TEST_CASE_BODY(require_not_in)
+{
+ struct test {
+ const char *value;
+ bool ok;
+ } *t, tests[] = {
+ { "foo", false },
+ { "bar", false },
+ { "baz", false },
+ { "xxx", true },
+ { "fooa", true },
+ { "foo ", true },
+ { NULL, false }
+ };
+
+ const atf::fs::path before("before");
+ const atf::fs::path after("after");
+
+ for (t = &tests[0]; t->value != NULL; t++) {
+ atf::tests::vars_map config;
+ config["value"] = t->value;
+
+ ATF_TEST_CASE_USE(h_require_not_in);
+ run_h_tc< ATF_TEST_CASE_NAME(h_require_not_in) >(config);
+
+ ATF_REQUIRE(atf::fs::exists(before));
+ if (t->ok) {
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
+ ATF_REQUIRE(atf::fs::exists(after));
+ } else {
+ ATF_REQUIRE(atf::utils::grep_file("^failed: ", "result"));
+ ATF_REQUIRE(!atf::fs::exists(after));
+ }
+
+ atf::fs::remove(before);
+ if (t->ok)
+ atf::fs::remove(after);
+ }
+}
+
ATF_TEST_CASE(require_throw);
ATF_TEST_CASE_HEAD(require_throw)
{
@@ -447,17 +584,18 @@
std::cout << "Checking with " << t->what << " and expecting "
<< (t->ok ? "true" : "false") << "\n";
+ ATF_TEST_CASE_USE(h_require_throw);
run_h_tc< ATF_TEST_CASE_NAME(h_require_throw) >(config);
ATF_REQUIRE(atf::fs::exists(before));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
ATF_REQUIRE(atf::fs::exists(after));
} else {
std::cout << "Checking that message contains '" << t->msg
<< "'\n";
std::string exp_result = std::string("^failed: .*") + t->msg;
- ATF_REQUIRE(grep_file("result", exp_result.c_str()));
+ ATF_REQUIRE(atf::utils::grep_file(exp_result.c_str(), "result"));
ATF_REQUIRE(!atf::fs::exists(after));
}
@@ -481,8 +619,9 @@
} *t, tests[] = {
{ "throw_int", false, "unexpected error" },
{ "throw_rt_match", true, NULL },
- { "throw_rt_no_match", true, "threw.*runtime_error(baz foo bar a).*"
- "does not match 'a foo bar baz'" },
+ { "throw_rt_no_match", false,
+ "threw.*runtime_error\\(baz foo bar a\\).*"
+ "does not match 'foo\\.\\*baz'" },
{ "no_throw_rt", false, "did not throw" },
{ NULL, false, NULL }
};
@@ -497,17 +636,18 @@
std::cout << "Checking with " << t->what << " and expecting "
<< (t->ok ? "true" : "false") << "\n";
- run_h_tc< ATF_TEST_CASE_NAME(h_require_throw) >(config);
+ ATF_TEST_CASE_USE(h_require_throw_re);
+ run_h_tc< ATF_TEST_CASE_NAME(h_require_throw_re) >(config);
ATF_REQUIRE(atf::fs::exists(before));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
ATF_REQUIRE(atf::fs::exists(after));
} else {
std::cout << "Checking that message contains '" << t->msg
<< "'\n";
std::string exp_result = std::string("^failed: .*") + t->msg;
- ATF_REQUIRE(grep_file("result", exp_result.c_str()));
+ ATF_REQUIRE(atf::utils::grep_file(exp_result.c_str(), "result"));
ATF_REQUIRE(!atf::fs::exists(after));
}
@@ -544,6 +684,7 @@
atf::tests::vars_map config;
config["what"] = t->what;
+ ATF_TEST_CASE_USE(h_check_errno);
run_h_tc< ATF_TEST_CASE_NAME(h_check_errno) >(config);
ATF_REQUIRE(atf::fs::exists(before));
@@ -550,13 +691,13 @@
ATF_REQUIRE(atf::fs::exists(after));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
} else {
- ATF_REQUIRE(grep_file("result", "^failed"));
+ ATF_REQUIRE(atf::utils::grep_file("^failed", "result"));
std::string exp_result = "macros_test.cpp:[0-9]+: " +
std::string(t->msg) + "$";
- ATF_REQUIRE(grep_file("stderr", exp_result.c_str()));
+ ATF_REQUIRE(atf::utils::grep_file(exp_result.c_str(), "stderr"));
}
atf::fs::remove(before);
@@ -591,16 +732,17 @@
atf::tests::vars_map config;
config["what"] = t->what;
+ ATF_TEST_CASE_USE(h_require_errno);
run_h_tc< ATF_TEST_CASE_NAME(h_require_errno) >(config);
ATF_REQUIRE(atf::fs::exists(before));
if (t->ok) {
- ATF_REQUIRE(grep_file("result", "^passed"));
+ ATF_REQUIRE(atf::utils::grep_file("^passed", "result"));
ATF_REQUIRE(atf::fs::exists(after));
} else {
std::string exp_result = "^failed: .*macros_test.cpp:[0-9]+: " +
std::string(t->msg) + "$";
- ATF_REQUIRE(grep_file("result", exp_result.c_str()));
+ ATF_REQUIRE(atf::utils::grep_file(exp_result.c_str(), "result"));
ATF_REQUIRE(!atf::fs::exists(after));
}
@@ -621,6 +763,11 @@
"do not cause syntax errors when used",
"Build of macros_hpp_test.cpp failed; some macros in "
"atf-c++/macros.hpp are broken");
+BUILD_TC_FAIL(detect_unused_tests, "unused_test.cpp",
+ "Tests that defining an unused test case raises a warning (and thus "
+ "an error)",
+ "Build of unused_test.cpp passed; unused test cases are not properly "
+ "detected");
// ------------------------------------------------------------------------
// Main.
@@ -635,7 +782,9 @@
ATF_ADD_TEST_CASE(tcs, check_errno);
ATF_ADD_TEST_CASE(tcs, require);
ATF_ADD_TEST_CASE(tcs, require_eq);
+ ATF_ADD_TEST_CASE(tcs, require_in);
ATF_ADD_TEST_CASE(tcs, require_match);
+ ATF_ADD_TEST_CASE(tcs, require_not_in);
ATF_ADD_TEST_CASE(tcs, require_throw);
ATF_ADD_TEST_CASE(tcs, require_throw_re);
ATF_ADD_TEST_CASE(tcs, require_errno);
@@ -643,4 +792,5 @@
// Add the test cases for the header file.
ATF_ADD_TEST_CASE(tcs, include);
ATF_ADD_TEST_CASE(tcs, use);
+ ATF_ADD_TEST_CASE(tcs, detect_unused_tests);
}
Added: vendor/bind/dist/unit/atf-src/atf-c++/noncopyable.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/noncopyable.hpp (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/noncopyable.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,56 @@
+//
+// Automated Testing Framework (atf)
+//
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+// CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+// IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+// GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+// IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+
+#if !defined(_ATF_CXX_NONCOPYABLE_HPP_)
+#define _ATF_CXX_NONCOPYABLE_HPP_
+
+namespace atf {
+
+// ------------------------------------------------------------------------
+// The "noncopyable" class.
+// ------------------------------------------------------------------------
+
+class noncopyable {
+ // The class cannot be empty; otherwise we get ABI-stability warnings
+ // during the build, which will break it due to strict checking.
+ int m_noncopyable_dummy;
+
+ noncopyable(const noncopyable& nc);
+ noncopyable& operator=(const noncopyable& nc);
+
+protected:
+ // Explicitly needed to provide some non-private functions. Otherwise
+ // we also get some warnings during the build.
+ noncopyable(void) {}
+ ~noncopyable(void) {}
+};
+
+} // namespace atf
+
+#endif // !defined(_ATF_CXX_NONCOPYABLE_HPP_)
Modified: vendor/bind/dist/unit/atf-src/atf-c++/pkg_config_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/pkg_config_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/pkg_config_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2008 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-c++/tests.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/tests.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/tests.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -55,9 +55,11 @@
#include "atf-c/utils.h"
}
+#include "noncopyable.hpp"
#include "tests.hpp"
#include "detail/application.hpp"
+#include "detail/auto_array.hpp"
#include "detail/env.hpp"
#include "detail/exceptions.hpp"
#include "detail/fs.hpp"
@@ -127,7 +129,7 @@
static std::map< atf_tc_t*, impl::tc* > wraps;
static std::map< const atf_tc_t*, const impl::tc* > cwraps;
-struct impl::tc_impl : atf::utils::noncopyable {
+struct impl::tc_impl : atf::noncopyable {
std::string m_ident;
atf_tc_t m_tc;
bool m_has_cleanup;
@@ -190,8 +192,7 @@
{
atf_error_t err;
- utils::auto_array< const char * > array(
- new const char*[(config.size() * 2) + 1]);
+ auto_array< const char * > array(new const char*[(config.size() * 2) + 1]);
const char **ptr = array.get();
for (vars_map::const_iterator iter = config.begin();
iter != config.end(); iter++) {
@@ -641,6 +642,16 @@
impl::tc* tc = find_tc(init_tcs(), fields.first);
+ if (!atf::env::has("__RUNNING_INSIDE_ATF_RUN") || atf::env::get(
+ "__RUNNING_INSIDE_ATF_RUN") != "internal-yes-value")
+ {
+ std::cerr << m_prog_name << ": WARNING: Running test cases without "
+ "atf-run(1) is unsupported\n";
+ std::cerr << m_prog_name << ": WARNING: No isolation nor timeout "
+ "control is being applied; you may get unexpected failures; see "
+ "atf-test-case(4)\n";
+ }
+
try {
switch (fields.second) {
case BODY:
Modified: vendor/bind/dist/unit/atf-src/atf-c++/tests.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/tests.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/tests.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -38,7 +38,7 @@
#include <atf-c/defs.h>
}
-#include <atf-c++/utils.hpp>
+#include <atf-c++/noncopyable.hpp>
namespace atf {
namespace tests {
@@ -74,7 +74,7 @@
struct tc_impl;
-class tc : utils::noncopyable {
+class tc : noncopyable {
std::auto_ptr< tc_impl > pimpl;
protected:
Modified: vendor/bind/dist/unit/atf-src/atf-c++/tests_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/tests_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/tests_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Added: vendor/bind/dist/unit/atf-src/atf-c++/unused_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/unused_test.cpp (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/unused_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,52 @@
+//
+// Automated Testing Framework (atf)
+//
+// Copyright (c) 2012 The NetBSD Foundation, Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+// CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+// IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+// GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+// IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+
+#include <atf-c++/macros.hpp>
+
+ATF_TEST_CASE(this_is_used);
+ATF_TEST_CASE_HEAD(this_is_used)
+{
+}
+ATF_TEST_CASE_BODY(this_is_used)
+{
+}
+
+ATF_TEST_CASE(this_is_unused);
+ATF_TEST_CASE_HEAD(this_is_unused)
+{
+}
+ATF_TEST_CASE_BODY(this_is_unused)
+{
+}
+
+ATF_INIT_TEST_CASES(tcs)
+{
+ ATF_ADD_TEST_CASE(tcs, this_is_used);
+ //ATF_ADD_TEST_CASE(tcs, this_is_unused);
+}
Added: vendor/bind/dist/unit/atf-src/atf-c++/utils.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/utils.cpp (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-c++/utils.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,104 @@
+//
+// Automated Testing Framework (atf)
+//
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+// CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+// IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+// GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+// IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+
+extern "C" {
+#include "atf-c/utils.h"
+}
+
+#include <cstdlib>
+#include <iostream>
+
+#include "utils.hpp"
+
+void
+atf::utils::cat_file(const std::string& path, const std::string& prefix)
+{
+ atf_utils_cat_file(path.c_str(), prefix.c_str());
+}
+
+void
+atf::utils::copy_file(const std::string& source, const std::string& destination)
+{
+ atf_utils_copy_file(source.c_str(), destination.c_str());
+}
+
+bool
+atf::utils::compare_file(const std::string& path, const std::string& contents)
+{
+ return atf_utils_compare_file(path.c_str(), contents.c_str());
+}
+
+void
+atf::utils::create_file(const std::string& path, const std::string& contents)
+{
+ atf_utils_create_file(path.c_str(), "%s", contents.c_str());
+}
+
+bool
+atf::utils::file_exists(const std::string& path)
+{
+ return atf_utils_file_exists(path.c_str());
+}
+
+pid_t
+atf::utils::fork(void)
+{
+ std::cout.flush();
+ std::cerr.flush();
+ return atf_utils_fork();
+}
+
+bool
+atf::utils::grep_file(const std::string& regex, const std::string& path)
+{
+ return atf_utils_grep_file("%s", path.c_str(), regex.c_str());
+}
+
+bool
+atf::utils::grep_string(const std::string& regex, const std::string& str)
+{
+ return atf_utils_grep_string("%s", str.c_str(), regex.c_str());
+}
+
+void
+atf::utils::redirect(const int fd, const std::string& path)
+{
+ if (fd == STDOUT_FILENO)
+ std::cout.flush();
+ else if (fd == STDERR_FILENO)
+ std::cerr.flush();
+ atf_utils_redirect(fd, path.c_str());
+}
+
+void
+atf::utils::wait(const pid_t pid, const int exitstatus,
+ const std::string& expout, const std::string& experr)
+{
+ atf_utils_wait(pid, exitstatus, expout.c_str(), experr.c_str());
+}
Modified: vendor/bind/dist/unit/atf-src/atf-c++/utils.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/utils.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/utils.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -30,170 +30,38 @@
#if !defined(_ATF_CXX_UTILS_HPP_)
#define _ATF_CXX_UTILS_HPP_
-#include <cstddef>
+extern "C" {
+#include <unistd.h>
+}
+#include <string>
+
namespace atf {
namespace utils {
-// ------------------------------------------------------------------------
-// The "auto_array" class.
-// ------------------------------------------------------------------------
+void cat_file(const std::string&, const std::string&);
+bool compare_file(const std::string&, const std::string&);
+void copy_file(const std::string&, const std::string&);
+void create_file(const std::string&, const std::string&);
+bool file_exists(const std::string&);
+pid_t fork(void);
+bool grep_file(const std::string&, const std::string&);
+bool grep_string(const std::string&, const std::string&);
+void redirect(const int, const std::string&);
+void wait(const pid_t, const int, const std::string&, const std::string&);
-template< class T >
-struct auto_array_ref {
- T* m_ptr;
-
- explicit auto_array_ref(T*);
-};
-
-template< class T >
-auto_array_ref< T >::auto_array_ref(T* ptr) :
- m_ptr(ptr)
+template< typename Collection >
+bool
+grep_collection(const std::string& regexp, const Collection& collection)
{
-}
-
-template< class T >
-class auto_array {
- T* m_ptr;
-
-public:
- auto_array(T* = NULL) throw();
- auto_array(auto_array< T >&) throw();
- auto_array(auto_array_ref< T >) throw();
- ~auto_array(void) throw();
-
- T* get(void) throw();
- const T* get(void) const throw();
- T* release(void) throw();
- void reset(T* = NULL) throw();
-
- auto_array< T >& operator=(auto_array< T >&) throw();
- auto_array< T >& operator=(auto_array_ref< T >) throw();
-
- T& operator[](int) throw();
- operator auto_array_ref< T >(void) throw();
-};
-
-template< class T >
-auto_array< T >::auto_array(T* ptr)
- throw() :
- m_ptr(ptr)
-{
-}
-
-template< class T >
-auto_array< T >::auto_array(auto_array< T >& ptr)
- throw() :
- m_ptr(ptr.release())
-{
-}
-
-template< class T >
-auto_array< T >::auto_array(auto_array_ref< T > ref)
- throw() :
- m_ptr(ref.m_ptr)
-{
-}
-
-template< class T >
-auto_array< T >::~auto_array(void)
- throw()
-{
- if (m_ptr != NULL)
- delete [] m_ptr;
-}
-
-template< class T >
-T*
-auto_array< T >::get(void)
- throw()
-{
- return m_ptr;
-}
-
-template< class T >
-const T*
-auto_array< T >::get(void)
- const throw()
-{
- return m_ptr;
-}
-
-template< class T >
-T*
-auto_array< T >::release(void)
- throw()
-{
- T* ptr = m_ptr;
- m_ptr = NULL;
- return ptr;
-}
-
-template< class T >
-void
-auto_array< T >::reset(T* ptr)
- throw()
-{
- if (m_ptr != NULL)
- delete [] m_ptr;
- m_ptr = ptr;
-}
-
-template< class T >
-auto_array< T >&
-auto_array< T >::operator=(auto_array< T >& ptr)
- throw()
-{
- reset(ptr.release());
- return *this;
-}
-
-template< class T >
-auto_array< T >&
-auto_array< T >::operator=(auto_array_ref< T > ref)
- throw()
-{
- if (m_ptr != ref.m_ptr) {
- delete [] m_ptr;
- m_ptr = ref.m_ptr;
+ for (typename Collection::const_iterator iter = collection.begin();
+ iter != collection.end(); ++iter) {
+ if (grep_string(regexp, *iter))
+ return true;
}
- return *this;
+ return false;
}
-template< class T >
-T&
-auto_array< T >::operator[](int pos)
- throw()
-{
- return m_ptr[pos];
-}
-
-template< class T >
-auto_array< T >::operator auto_array_ref< T >(void)
- throw()
-{
- return auto_array_ref< T >(release());
-}
-
-// ------------------------------------------------------------------------
-// The "noncopyable" class.
-// ------------------------------------------------------------------------
-
-class noncopyable {
- // The class cannot be empty; otherwise we get ABI-stability warnings
- // during the build, which will break it due to strict checking.
- int m_noncopyable_dummy;
-
- noncopyable(const noncopyable& nc);
- noncopyable& operator=(const noncopyable& nc);
-
-protected:
- // Explicitly needed to provide some non-private functions. Otherwise
- // we also get some warnings during the build.
- noncopyable(void) {}
- ~noncopyable(void) {}
-};
-
} // namespace utils
} // namespace atf
Modified: vendor/bind/dist/unit/atf-src/atf-c++/utils_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++/utils_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++/utils_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -27,7 +27,19 @@
// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
+extern "C" {
+#include <sys/stat.h>
+#include <sys/wait.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+}
+
+#include <cstdlib>
#include <iostream>
+#include <set>
+#include <string>
+#include <vector>
#include "macros.hpp"
#include "utils.hpp"
@@ -34,250 +46,390 @@
#include "detail/test_helpers.hpp"
+static std::string
+read_file(const char *path)
+{
+ char buffer[1024];
+
+ const int fd = open(path, O_RDONLY);
+ if (fd == -1)
+ ATF_FAIL("Cannot open " + std::string(path));
+ const ssize_t length = read(fd, buffer, sizeof(buffer) - 1);
+ close(fd);
+ ATF_REQUIRE(length != -1);
+ if (length == sizeof(buffer) - 1)
+ ATF_FAIL("Internal buffer not long enough to read temporary file");
+ ((char *)buffer)[length] = '\0';
+
+ return buffer;
+}
+
// ------------------------------------------------------------------------
-// Tests for the "auto_array" class.
+// Tests cases for the free functions.
// ------------------------------------------------------------------------
-class test_array {
-public:
- int m_value;
+ATF_TEST_CASE_WITHOUT_HEAD(cat_file__empty);
+ATF_TEST_CASE_BODY(cat_file__empty)
+{
+ atf::utils::create_file("file.txt", "");
+ atf::utils::redirect(STDOUT_FILENO, "captured.txt");
+ atf::utils::cat_file("file.txt", "PREFIX");
+ std::cout.flush();
+ close(STDOUT_FILENO);
- static ssize_t m_nblocks;
+ ATF_REQUIRE_EQ("", read_file("captured.txt"));
+}
- static
- atf::utils::auto_array< test_array >
- do_copy(atf::utils::auto_array< test_array >& ta)
- {
- return atf::utils::auto_array< test_array >(ta);
- }
+ATF_TEST_CASE_WITHOUT_HEAD(cat_file__one_line);
+ATF_TEST_CASE_BODY(cat_file__one_line)
+{
+ atf::utils::create_file("file.txt", "This is a single line\n");
+ atf::utils::redirect(STDOUT_FILENO, "captured.txt");
+ atf::utils::cat_file("file.txt", "PREFIX");
+ std::cout.flush();
+ close(STDOUT_FILENO);
- void* operator new(size_t size)
- {
- ATF_FAIL("New called but should have been new[]");
- return new int(5);
- }
+ ATF_REQUIRE_EQ("PREFIXThis is a single line\n", read_file("captured.txt"));
+}
- void* operator new[](size_t size)
- {
- m_nblocks++;
- void* mem = ::operator new(size);
- std::cout << "Allocated 'test_array' object " << mem << "\n";
- return mem;
- }
+ATF_TEST_CASE_WITHOUT_HEAD(cat_file__several_lines);
+ATF_TEST_CASE_BODY(cat_file__several_lines)
+{
+ atf::utils::create_file("file.txt", "First\nSecond line\nAnd third\n");
+ atf::utils::redirect(STDOUT_FILENO, "captured.txt");
+ atf::utils::cat_file("file.txt", ">");
+ std::cout.flush();
+ close(STDOUT_FILENO);
- void operator delete(void* mem)
- {
- ATF_FAIL("Delete called but should have been delete[]");
- }
+ ATF_REQUIRE_EQ(">First\n>Second line\n>And third\n",
+ read_file("captured.txt"));
+}
- void operator delete[](void* mem)
- {
- std::cout << "Releasing 'test_array' object " << mem << "\n";
- if (m_nblocks == 0)
- ATF_FAIL("Unbalanced delete[]");
- m_nblocks--;
- ::operator delete(mem);
- }
-};
+ATF_TEST_CASE_WITHOUT_HEAD(cat_file__no_newline_eof);
+ATF_TEST_CASE_BODY(cat_file__no_newline_eof)
+{
+ atf::utils::create_file("file.txt", "Foo\n bar baz");
+ atf::utils::redirect(STDOUT_FILENO, "captured.txt");
+ atf::utils::cat_file("file.txt", "PREFIX");
+ std::cout.flush();
+ close(STDOUT_FILENO);
-ssize_t test_array::m_nblocks = 0;
+ ATF_REQUIRE_EQ("PREFIXFoo\nPREFIX bar baz", read_file("captured.txt"));
+}
-ATF_TEST_CASE(auto_array_scope);
-ATF_TEST_CASE_HEAD(auto_array_scope)
+ATF_TEST_CASE_WITHOUT_HEAD(compare_file__empty__match);
+ATF_TEST_CASE_BODY(compare_file__empty__match)
{
- set_md_var("descr", "Tests the automatic scope handling in the "
- "auto_array smart pointer class");
+ atf::utils::create_file("test.txt", "");
+ ATF_REQUIRE(atf::utils::compare_file("test.txt", ""));
}
-ATF_TEST_CASE_BODY(auto_array_scope)
+
+ATF_TEST_CASE_WITHOUT_HEAD(compare_file__empty__not_match);
+ATF_TEST_CASE_BODY(compare_file__empty__not_match)
{
- using atf::utils::auto_array;
+ atf::utils::create_file("test.txt", "");
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "\n"));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "foo"));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", " "));
+}
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- {
- auto_array< test_array > t(new test_array[10]);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ATF_TEST_CASE_WITHOUT_HEAD(compare_file__short__match);
+ATF_TEST_CASE_BODY(compare_file__short__match)
+{
+ atf::utils::create_file("test.txt", "this is a short file");
+ ATF_REQUIRE(atf::utils::compare_file("test.txt", "this is a short file"));
}
-ATF_TEST_CASE(auto_array_copy);
-ATF_TEST_CASE_HEAD(auto_array_copy)
+ATF_TEST_CASE_WITHOUT_HEAD(compare_file__short__not_match);
+ATF_TEST_CASE_BODY(compare_file__short__not_match)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' copy "
- "constructor");
+ atf::utils::create_file("test.txt", "this is a short file");
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", ""));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "\n"));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "this is a Short file"));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "this is a short fil"));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "this is a short file "));
}
-ATF_TEST_CASE_BODY(auto_array_copy)
+
+ATF_TEST_CASE_WITHOUT_HEAD(compare_file__long__match);
+ATF_TEST_CASE_BODY(compare_file__long__match)
{
- using atf::utils::auto_array;
+ char long_contents[3456];
+ size_t i = 0;
+ for (; i < sizeof(long_contents) - 1; i++)
+ long_contents[i] = '0' + (i % 10);
+ long_contents[i] = '\0';
+ atf::utils::create_file("test.txt", long_contents);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- {
- auto_array< test_array > t1(new test_array[10]);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ ATF_REQUIRE(atf::utils::compare_file("test.txt", long_contents));
+}
- {
- auto_array< test_array > t2(t1);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ATF_TEST_CASE_WITHOUT_HEAD(compare_file__long__not_match);
+ATF_TEST_CASE_BODY(compare_file__long__not_match)
+{
+ char long_contents[3456];
+ size_t i = 0;
+ for (; i < sizeof(long_contents) - 1; i++)
+ long_contents[i] = '0' + (i % 10);
+ long_contents[i] = '\0';
+ atf::utils::create_file("test.txt", long_contents);
+
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", ""));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "\n"));
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", "0123456789"));
+ long_contents[i - 1] = 'Z';
+ ATF_REQUIRE(!atf::utils::compare_file("test.txt", long_contents));
}
-ATF_TEST_CASE(auto_array_copy_ref);
-ATF_TEST_CASE_HEAD(auto_array_copy_ref)
+ATF_TEST_CASE_WITHOUT_HEAD(copy_file__empty);
+ATF_TEST_CASE_BODY(copy_file__empty)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' copy "
- "constructor through the auxiliary auto_array_ref object");
+ atf::utils::create_file("src.txt", "");
+ ATF_REQUIRE(chmod("src.txt", 0520) != -1);
+
+ atf::utils::copy_file("src.txt", "dest.txt");
+ ATF_REQUIRE(atf::utils::compare_file("dest.txt", ""));
+ struct stat sb;
+ ATF_REQUIRE(stat("dest.txt", &sb) != -1);
+ ATF_REQUIRE_EQ(0520, sb.st_mode & 0xfff);
}
-ATF_TEST_CASE_BODY(auto_array_copy_ref)
+
+ATF_TEST_CASE_WITHOUT_HEAD(copy_file__some_contents);
+ATF_TEST_CASE_BODY(copy_file__some_contents)
{
- using atf::utils::auto_array;
+ atf::utils::create_file("src.txt", "This is a\ntest file\n");
+ atf::utils::copy_file("src.txt", "dest.txt");
+ ATF_REQUIRE(atf::utils::compare_file("dest.txt", "This is a\ntest file\n"));
+}
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- {
- auto_array< test_array > t1(new test_array[10]);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ATF_TEST_CASE_WITHOUT_HEAD(create_file);
+ATF_TEST_CASE_BODY(create_file)
+{
+ atf::utils::create_file("test.txt", "This is a %d test");
- {
- auto_array< test_array > t2 = test_array::do_copy(t1);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ ATF_REQUIRE_EQ("This is a %d test", read_file("test.txt"));
}
-ATF_TEST_CASE(auto_array_get);
-ATF_TEST_CASE_HEAD(auto_array_get)
+ATF_TEST_CASE_WITHOUT_HEAD(file_exists);
+ATF_TEST_CASE_BODY(file_exists)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' get "
- "method");
+ atf::utils::create_file("test.txt", "foo");
+
+ ATF_REQUIRE( atf::utils::file_exists("test.txt"));
+ ATF_REQUIRE( atf::utils::file_exists("./test.txt"));
+ ATF_REQUIRE(!atf::utils::file_exists("./test.tx"));
+ ATF_REQUIRE(!atf::utils::file_exists("test.txt2"));
}
-ATF_TEST_CASE_BODY(auto_array_get)
+
+ATF_TEST_CASE_WITHOUT_HEAD(fork);
+ATF_TEST_CASE_BODY(fork)
{
- using atf::utils::auto_array;
+ std::cout << "Should not get into child\n";
+ std::cerr << "Should not get into child\n";
+ pid_t pid = atf::utils::fork();
+ if (pid == 0) {
+ std::cout << "Child stdout\n";
+ std::cerr << "Child stderr\n";
+ exit(EXIT_SUCCESS);
+ }
- test_array* ta = new test_array[10];
- auto_array< test_array > t(ta);
- ATF_REQUIRE_EQ(t.get(), ta);
+ int status;
+ ATF_REQUIRE(waitpid(pid, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
+
+ ATF_REQUIRE_EQ("Child stdout\n", read_file("atf_utils_fork_out.txt"));
+ ATF_REQUIRE_EQ("Child stderr\n", read_file("atf_utils_fork_err.txt"));
}
-ATF_TEST_CASE(auto_array_release);
-ATF_TEST_CASE_HEAD(auto_array_release)
+ATF_TEST_CASE_WITHOUT_HEAD(grep_collection__set);
+ATF_TEST_CASE_BODY(grep_collection__set)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' release "
- "method");
+ std::set< std::string > strings;
+ strings.insert("First");
+ strings.insert("Second");
+
+ ATF_REQUIRE( atf::utils::grep_collection("irs", strings));
+ ATF_REQUIRE( atf::utils::grep_collection("cond", strings));
+ ATF_REQUIRE(!atf::utils::grep_collection("Third", strings));
}
-ATF_TEST_CASE_BODY(auto_array_release)
+
+ATF_TEST_CASE_WITHOUT_HEAD(grep_collection__vector);
+ATF_TEST_CASE_BODY(grep_collection__vector)
{
- using atf::utils::auto_array;
+ std::vector< std::string > strings;
+ strings.push_back("First");
+ strings.push_back("Second");
- test_array* ta1 = new test_array[10];
- {
- auto_array< test_array > t(ta1);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- test_array* ta2 = t.release();
- ATF_REQUIRE_EQ(ta2, ta1);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- delete [] ta1;
+ ATF_REQUIRE( atf::utils::grep_collection("irs", strings));
+ ATF_REQUIRE( atf::utils::grep_collection("cond", strings));
+ ATF_REQUIRE(!atf::utils::grep_collection("Third", strings));
}
-ATF_TEST_CASE(auto_array_reset);
-ATF_TEST_CASE_HEAD(auto_array_reset)
+ATF_TEST_CASE_WITHOUT_HEAD(grep_file);
+ATF_TEST_CASE_BODY(grep_file)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' reset "
- "method");
+ atf::utils::create_file("test.txt", "line1\nthe second line\naaaabbbb\n");
+
+ ATF_REQUIRE(atf::utils::grep_file("line1", "test.txt"));
+ ATF_REQUIRE(atf::utils::grep_file("second line", "test.txt"));
+ ATF_REQUIRE(atf::utils::grep_file("aa.*bb", "test.txt"));
+ ATF_REQUIRE(!atf::utils::grep_file("foo", "test.txt"));
+ ATF_REQUIRE(!atf::utils::grep_file("bar", "test.txt"));
+ ATF_REQUIRE(!atf::utils::grep_file("aaaaa", "test.txt"));
}
-ATF_TEST_CASE_BODY(auto_array_reset)
+
+ATF_TEST_CASE_WITHOUT_HEAD(grep_string);
+ATF_TEST_CASE_BODY(grep_string)
{
- using atf::utils::auto_array;
+ const char *str = "a string - aaaabbbb";
+ ATF_REQUIRE(atf::utils::grep_string("a string", str));
+ ATF_REQUIRE(atf::utils::grep_string("^a string", str));
+ ATF_REQUIRE(atf::utils::grep_string("aaaabbbb$", str));
+ ATF_REQUIRE(atf::utils::grep_string("aa.*bb", str));
+ ATF_REQUIRE(!atf::utils::grep_string("foo", str));
+ ATF_REQUIRE(!atf::utils::grep_string("bar", str));
+ ATF_REQUIRE(!atf::utils::grep_string("aaaaa", str));
+}
- test_array* ta1 = new test_array[10];
- test_array* ta2 = new test_array[10];
- ATF_REQUIRE_EQ(test_array::m_nblocks, 2);
+ATF_TEST_CASE_WITHOUT_HEAD(redirect__stdout);
+ATF_TEST_CASE_BODY(redirect__stdout)
+{
+ std::cout << "Buffer this";
+ atf::utils::redirect(STDOUT_FILENO, "captured.txt");
+ std::cout << "The printed message";
+ std::cout.flush();
- {
- auto_array< test_array > t(ta1);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 2);
- t.reset(ta2);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- t.reset();
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ ATF_REQUIRE_EQ("The printed message", read_file("captured.txt"));
}
-ATF_TEST_CASE(auto_array_assign);
-ATF_TEST_CASE_HEAD(auto_array_assign)
+ATF_TEST_CASE_WITHOUT_HEAD(redirect__stderr);
+ATF_TEST_CASE_BODY(redirect__stderr)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' "
- "assignment operator");
+ std::cerr << "Buffer this";
+ atf::utils::redirect(STDERR_FILENO, "captured.txt");
+ std::cerr << "The printed message";
+ std::cerr.flush();
+
+ ATF_REQUIRE_EQ("The printed message", read_file("captured.txt"));
}
-ATF_TEST_CASE_BODY(auto_array_assign)
+
+ATF_TEST_CASE_WITHOUT_HEAD(redirect__other);
+ATF_TEST_CASE_BODY(redirect__other)
{
- using atf::utils::auto_array;
+ const std::string message = "Foo bar\nbaz\n";
+ atf::utils::redirect(15, "captured.txt");
+ ATF_REQUIRE(write(15, message.c_str(), message.length()) != -1);
+ close(15);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- {
- auto_array< test_array > t1(new test_array[10]);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
+ ATF_REQUIRE_EQ(message, read_file("captured.txt"));
+}
- {
- auto_array< test_array > t2;
- t2 = t1;
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+static void
+fork_and_wait(const int exitstatus, const char* expout, const char* experr)
+{
+ const pid_t pid = atf::utils::fork();
+ if (pid == 0) {
+ std::cout << "Some output\n";
+ std::cerr << "Some error\n";
+ exit(123);
}
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ atf::utils::wait(pid, exitstatus, expout, experr);
+ exit(EXIT_SUCCESS);
}
-ATF_TEST_CASE(auto_array_assign_ref);
-ATF_TEST_CASE_HEAD(auto_array_assign_ref)
+ATF_TEST_CASE_WITHOUT_HEAD(wait__ok);
+ATF_TEST_CASE_BODY(wait__ok)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' "
- "assignment operator through the auxiliary auto_array_ref "
- "object");
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output\n", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
+ }
}
-ATF_TEST_CASE_BODY(auto_array_assign_ref)
+
+ATF_TEST_CASE_WITHOUT_HEAD(wait__invalid_exitstatus);
+ATF_TEST_CASE_BODY(wait__invalid_exitstatus)
{
- using atf::utils::auto_array;
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(120, "Some output\n", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_FAILURE, WEXITSTATUS(status));
+ }
+}
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
- {
- auto_array< test_array > t1(new test_array[10]);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
-
- {
- auto_array< test_array > t2;
- t2 = test_array::do_copy(t1);
- ATF_REQUIRE_EQ(test_array::m_nblocks, 1);
- }
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
+ATF_TEST_CASE_WITHOUT_HEAD(wait__invalid_stdout);
+ATF_TEST_CASE_BODY(wait__invalid_stdout)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output foo\n", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_FAILURE, WEXITSTATUS(status));
}
- ATF_REQUIRE_EQ(test_array::m_nblocks, 0);
}
-ATF_TEST_CASE(auto_array_access);
-ATF_TEST_CASE_HEAD(auto_array_access)
+ATF_TEST_CASE_WITHOUT_HEAD(wait__invalid_stderr);
+ATF_TEST_CASE_BODY(wait__invalid_stderr)
{
- set_md_var("descr", "Tests the auto_array smart pointer class' access "
- "operator");
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output\n", "Some error foo\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_FAILURE, WEXITSTATUS(status));
+ }
}
-ATF_TEST_CASE_BODY(auto_array_access)
+
+ATF_TEST_CASE_WITHOUT_HEAD(wait__save_stdout);
+ATF_TEST_CASE_BODY(wait__save_stdout)
{
- using atf::utils::auto_array;
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "save:my-output.txt", "Some error\n");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
- auto_array< test_array > t(new test_array[10]);
+ ATF_REQUIRE(atf::utils::compare_file("my-output.txt", "Some output\n"));
+ }
+}
- for (int i = 0; i < 10; i++)
- t[i].m_value = i * 2;
+ATF_TEST_CASE_WITHOUT_HEAD(wait__save_stderr);
+ATF_TEST_CASE_BODY(wait__save_stderr)
+{
+ const pid_t control = fork();
+ ATF_REQUIRE(control != -1);
+ if (control == 0)
+ fork_and_wait(123, "Some output\n", "save:my-output.txt");
+ else {
+ int status;
+ ATF_REQUIRE(waitpid(control, &status, 0) != -1);
+ ATF_REQUIRE(WIFEXITED(status));
+ ATF_REQUIRE_EQ(EXIT_SUCCESS, WEXITSTATUS(status));
- for (int i = 0; i < 10; i++)
- ATF_REQUIRE_EQ(t[i].m_value, i * 2);
+ ATF_REQUIRE(atf::utils::compare_file("my-output.txt", "Some error\n"));
+ }
}
// ------------------------------------------------------------------------
@@ -292,17 +444,44 @@
ATF_INIT_TEST_CASES(tcs)
{
- // Add the test for the "auto_array" class.
- ATF_ADD_TEST_CASE(tcs, auto_array_scope);
- ATF_ADD_TEST_CASE(tcs, auto_array_copy);
- ATF_ADD_TEST_CASE(tcs, auto_array_copy_ref);
- ATF_ADD_TEST_CASE(tcs, auto_array_get);
- ATF_ADD_TEST_CASE(tcs, auto_array_release);
- ATF_ADD_TEST_CASE(tcs, auto_array_reset);
- ATF_ADD_TEST_CASE(tcs, auto_array_assign);
- ATF_ADD_TEST_CASE(tcs, auto_array_assign_ref);
- ATF_ADD_TEST_CASE(tcs, auto_array_access);
+ // Add the test for the free functions.
+ ATF_ADD_TEST_CASE(tcs, cat_file__empty);
+ ATF_ADD_TEST_CASE(tcs, cat_file__one_line);
+ ATF_ADD_TEST_CASE(tcs, cat_file__several_lines);
+ ATF_ADD_TEST_CASE(tcs, cat_file__no_newline_eof);
+ ATF_ADD_TEST_CASE(tcs, compare_file__empty__match);
+ ATF_ADD_TEST_CASE(tcs, compare_file__empty__not_match);
+ ATF_ADD_TEST_CASE(tcs, compare_file__short__match);
+ ATF_ADD_TEST_CASE(tcs, compare_file__short__not_match);
+ ATF_ADD_TEST_CASE(tcs, compare_file__long__match);
+ ATF_ADD_TEST_CASE(tcs, compare_file__long__not_match);
+
+ ATF_ADD_TEST_CASE(tcs, copy_file__empty);
+ ATF_ADD_TEST_CASE(tcs, copy_file__some_contents);
+
+ ATF_ADD_TEST_CASE(tcs, create_file);
+
+ ATF_ADD_TEST_CASE(tcs, file_exists);
+
+ ATF_ADD_TEST_CASE(tcs, fork);
+
+ ATF_ADD_TEST_CASE(tcs, grep_collection__set);
+ ATF_ADD_TEST_CASE(tcs, grep_collection__vector);
+ ATF_ADD_TEST_CASE(tcs, grep_file);
+ ATF_ADD_TEST_CASE(tcs, grep_string);
+
+ ATF_ADD_TEST_CASE(tcs, redirect__stdout);
+ ATF_ADD_TEST_CASE(tcs, redirect__stderr);
+ ATF_ADD_TEST_CASE(tcs, redirect__other);
+
+ ATF_ADD_TEST_CASE(tcs, wait__ok);
+ ATF_ADD_TEST_CASE(tcs, wait__invalid_exitstatus);
+ ATF_ADD_TEST_CASE(tcs, wait__invalid_stdout);
+ ATF_ADD_TEST_CASE(tcs, wait__invalid_stderr);
+ ATF_ADD_TEST_CASE(tcs, wait__save_stdout);
+ ATF_ADD_TEST_CASE(tcs, wait__save_stderr);
+
// Add the test cases for the header file.
ATF_ADD_TEST_CASE(tcs, include);
}
Modified: vendor/bind/dist/unit/atf-src/atf-c++.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c++.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c++.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -31,5 +31,6 @@
#define _ATF_CXX_HPP_
#include <atf-c++/macros.hpp>
+#include <atf-c++/utils.hpp>
#endif // !defined(_ATF_CXX_HPP_)
Modified: vendor/bind/dist/unit/atf-src/atf-c.h
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-c.h 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-c.h 2016-11-03 12:20:06 UTC (rev 9200)
@@ -32,5 +32,6 @@
#include <atf-c/error.h>
#include <atf-c/macros.h>
+#include <atf-c/utils.h>
#endif /* !defined(ATF_C_H) */
Added: vendor/bind/dist/unit/atf-src/atf-config/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-config/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-config/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,5 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="integration_test"}
Modified: vendor/bind/dist/unit/atf-src/atf-config/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-config/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-config/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -29,10 +29,11 @@
bin_PROGRAMS += atf-config/atf-config
atf_config_atf_config_SOURCES = atf-config/atf-config.cpp
-atf_config_atf_config_LDADD = libatf-c++.la
+atf_config_atf_config_LDADD = $(ATF_CXX_LIBS)
dist_man_MANS += atf-config/atf-config.1
-tests_atf_config_DATA = atf-config/Atffile
+tests_atf_config_DATA = atf-config/Atffile \
+ atf-config/Kyuafile
tests_atf_configdir = $(pkgtestsdir)/atf-config
EXTRA_DIST += $(tests_atf_config_DATA)
Modified: vendor/bind/dist/unit/atf-src/atf-config/atf-config.1
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-config/atf-config.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-config/atf-config.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-config/atf-config.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-config/atf-config.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-config/atf-config.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -32,6 +32,10 @@
#include <map>
#include <string>
+extern "C" {
+#include "atf-c/defs.h"
+}
+
#include "atf-c++/config.hpp"
#include "atf-c++/detail/application.hpp"
@@ -67,7 +71,7 @@
}
void
-atf_config::process_option(int ch, const char* arg)
+atf_config::process_option(int ch, const char* arg ATF_DEFS_ATTRIBUTE_UNUSED)
{
switch (ch) {
case 't':
Modified: vendor/bind/dist/unit/atf-src/atf-config/integration_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-config/integration_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-config/integration_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -164,36 +164,6 @@
done
}
-# XXX: This does not seem to belong here...
-atf_test_case arch
-arch_head()
-{
- atf_set "descr" "Tests that the current value of atf_arch is correct" \
- "for the corresponding atf_machine"
-}
-arch_body()
-{
- atf_check -s eq:0 -o save:stdout -e empty atf-config -t atf_arch
- arch=$(cat stdout)
- atf_check -s eq:0 -o save:stdout -e empty atf-config -t atf_machine
- machine=$(cat stdout)
- echo "Machine type ${machine}, architecture ${arch}"
-
- case ${machine} in
- i386|i486|i586|i686)
- exp_arch=i386
- ;;
- x86_64)
- exp_arch=amd64
- ;;
- *)
- exp_arch=${machine}
- esac
- echo "Expected architecture ${exp_arch}"
-
- atf_check_equal ${arch} ${exp_arch}
-}
-
atf_init_test_cases()
{
atf_add_test_case list_all
@@ -205,8 +175,6 @@
atf_add_test_case query_mixture
atf_add_test_case override_env
-
- atf_add_test_case arch
}
# vim: syntax=sh:expandtab:shiftwidth=4:softtabstop=4
Added: vendor/bind/dist/unit/atf-src/atf-report/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-report/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,6 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="integration_test"}
+atf_test_program{name="reader_test"}
Modified: vendor/bind/dist/unit/atf-src/atf-report/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -31,7 +31,7 @@
atf_report_atf_report_SOURCES = atf-report/atf-report.cpp \
atf-report/reader.cpp \
atf-report/reader.hpp
-atf_report_atf_report_LDADD = libatf-c++.la
+atf_report_atf_report_LDADD = $(ATF_CXX_LIBS)
dist_man_MANS += atf-report/atf-report.1
cssdir = $(atf_cssdir)
@@ -46,21 +46,22 @@
xsl_DATA = atf-report/tests-results.xsl
EXTRA_DIST += $(xsl_DATA)
-tests_atf_report_DATA = atf-report/Atffile
+tests_atf_report_DATA = atf-report/Atffile \
+ atf-report/Kyuafile
tests_atf_reportdir = $(pkgtestsdir)/atf-report
EXTRA_DIST += $(tests_atf_report_DATA)
tests_atf_report_PROGRAMS = atf-report/fail_helper
atf_report_fail_helper_SOURCES = atf-report/fail_helper.cpp
-atf_report_fail_helper_LDADD = libatf-c++.la
+atf_report_fail_helper_LDADD = $(ATF_CXX_LIBS)
tests_atf_report_PROGRAMS += atf-report/misc_helpers
atf_report_misc_helpers_SOURCES = atf-report/misc_helpers.cpp
-atf_report_misc_helpers_LDADD = libatf-c++.la
+atf_report_misc_helpers_LDADD = $(ATF_CXX_LIBS)
tests_atf_report_PROGRAMS += atf-report/pass_helper
atf_report_pass_helper_SOURCES = atf-report/pass_helper.cpp
-atf_report_pass_helper_LDADD = libatf-c++.la
+atf_report_pass_helper_LDADD = $(ATF_CXX_LIBS)
tests_atf_report_SCRIPTS = atf-report/integration_test
CLEANFILES += atf-report/integration_test
@@ -74,6 +75,6 @@
atf_report_reader_test_SOURCES = atf-report/reader_test.cpp \
atf-report/reader.cpp
atf_report_reader_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_report_reader_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_report_reader_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
Modified: vendor/bind/dist/unit/atf-src/atf-report/atf-report.1
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/atf-report.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/atf-report.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd October 29, 2007
+.Dd December 16, 2011
.Dt ATF-REPORT 1
.Os
.Sh NAME
@@ -98,7 +98,7 @@
This file contains the results for all test cases and test programs.
Test cases are logged using the following syntax:
.Bd -literal -offset indent
-tc, test-program, test-case, result[, reason]
+tc, duration, test-program, test-case, result[, reason]
.Ed
.Pp
The
@@ -112,7 +112,7 @@
.Pp
Test programs are logged with the following syntax:
.Bd -literal -offset indent
-tp, test-program, result[, reason]
+tp, duration, test-program, result[, reason]
.Ed
.Pp
In this case, the
@@ -125,8 +125,10 @@
or
.Sq bogus ,
which mentions those test programs that failed to execute by some reason.
-The reason file is only available in the last case.
+The reason field is only available in the last case.
.Pp
+The time required to execute each test case and test program is
+also provided.
You should not rely on the order of the entries in the resulting output.
.It ticker
A user-friendly report that shows the progress of the test suite's
Modified: vendor/bind/dist/unit/atf-src/atf-report/atf-report.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/atf-report.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/atf-report.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -27,13 +27,22 @@
// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
+extern "C" {
+#include <sys/time.h>
+}
+
+#include <cctype>
#include <cstdlib>
#include <fstream>
+#include <iomanip>
#include <iostream>
#include <memory>
+#include <sstream>
#include <utility>
#include <vector>
+#include "atf-c/defs.h"
+
#include "atf-c++/detail/application.hpp"
#include "atf-c++/detail/fs.hpp"
#include "atf-c++/detail/sanity.hpp"
@@ -44,7 +53,7 @@
typedef std::auto_ptr< std::ostream > ostream_ptr;
-ostream_ptr
+static ostream_ptr
open_outfile(const atf::fs::path& path)
{
ostream_ptr osp;
@@ -57,6 +66,16 @@
return osp;
}
+static std::string
+format_tv(struct timeval* tv)
+{
+ std::ostringstream output;
+ output << static_cast< long >(tv->tv_sec) << '.'
+ << std::setfill('0') << std::setw(6)
+ << static_cast< long >(tv->tv_usec);
+ return output.str();
+}
+
// ------------------------------------------------------------------------
// The "writer" interface.
// ------------------------------------------------------------------------
@@ -80,11 +99,12 @@
virtual void write_info(const std::string&, const std::string&) {}
virtual void write_ntps(size_t) {}
virtual void write_tp_start(const std::string&, size_t) {}
- virtual void write_tp_end(const std::string&) {}
+ virtual void write_tp_end(struct timeval*, const std::string&) {}
virtual void write_tc_start(const std::string&) {}
virtual void write_tc_stdout_line(const std::string&) {}
virtual void write_tc_stderr_line(const std::string&) {}
- virtual void write_tc_end(const std::string&, const std::string&) {}
+ virtual void write_tc_end(const std::string&, struct timeval*,
+ const std::string&) {}
virtual void write_eof(void) {}
};
@@ -115,7 +135,8 @@
virtual
void
- write_tp_start(const std::string& name, size_t ntcs)
+ write_tp_start(const std::string& name,
+ size_t ntcs ATF_DEFS_ATTRIBUTE_UNUSED)
{
m_tpname = name;
m_failed = false;
@@ -123,14 +144,17 @@
virtual
void
- write_tp_end(const std::string& reason)
+ write_tp_end(struct timeval* tv, const std::string& reason)
{
+ const std::string timestamp = format_tv(tv);
+
if (!reason.empty())
- (*m_os) << "tp, " << m_tpname << ", bogus, " << reason << "\n";
+ (*m_os) << "tp, " << timestamp << ", " << m_tpname << ", bogus, "
+ << reason << "\n";
else if (m_failed)
- (*m_os) << "tp, " << m_tpname << ", failed\n";
+ (*m_os) << "tp, " << timestamp << ", "<< m_tpname << ", failed\n";
else
- (*m_os) << "tp, " << m_tpname << ", passed\n";
+ (*m_os) << "tp, " << timestamp << ", "<< m_tpname << ", passed\n";
}
virtual
@@ -142,12 +166,13 @@
virtual
void
- write_tc_end(const std::string& state, const std::string& reason)
+ write_tc_end(const std::string& state, struct timeval* tv,
+ const std::string& reason)
{
- std::string str = "tc, " + m_tpname + ", " + m_tcname + ", " + state;
+ std::string str = m_tpname + ", " + m_tcname + ", " + state;
if (!reason.empty())
str += ", " + reason;
- (*m_os) << str << "\n";
+ (*m_os) << "tc, " << format_tv(tv) << ", " << str << "\n";
if (state == "failed")
m_failed = true;
@@ -211,7 +236,7 @@
}
void
- write_tp_end(const std::string& reason)
+ write_tp_end(struct timeval* tv, const std::string& reason)
{
using atf::ui::format_text_with_tag;
@@ -225,7 +250,7 @@
<< "\n";
m_failed_tps.push_back(m_tpname);
}
- (*m_os) << "\n";
+ (*m_os) << "[" << format_tv(tv) << "s]\n\n";
(*m_os).flush();
m_tpname.clear();
@@ -241,10 +266,13 @@
}
void
- write_tc_end(const std::string& state, const std::string& reason)
+ write_tc_end(const std::string& state, struct timeval* tv,
+ const std::string& reason)
{
std::string str;
+ (*m_os) << "[" << format_tv(tv) << "s] ";
+
if (state == "expected_death" || state == "expected_exit" ||
state == "expected_failure" || state == "expected_signal" ||
state == "expected_timeout") {
@@ -267,7 +295,7 @@
// XXX Wrap text. format_text_with_tag does not currently allow
// to specify the current column, which is needed because we have
// already printed the tc's name.
- (*m_os) << str << "\n";
+ (*m_os) << str << '\n';
m_tcname = "";
}
@@ -354,7 +382,6 @@
class xml_writer : public writer {
ostream_ptr m_os;
- size_t m_curtp, m_ntps;
std::string m_tcname, m_tpname;
static
@@ -368,17 +395,24 @@
std::string
elemval(const std::string& str)
{
- std::string ostr;
+ std::ostringstream buf;
for (std::string::const_iterator iter = str.begin();
iter != str.end(); iter++) {
- switch (*iter) {
- case '&': ostr += "&"; break;
- case '<': ostr += "<"; break;
- case '>': ostr += ">"; break;
- default: ostr += *iter;
+ const int character = static_cast< unsigned char >(*iter);
+ if (character == '&') {
+ buf << "&";
+ } else if (character == '<') {
+ buf << "<";
+ } else if (character == '>') {
+ buf << ">";
+ } else if (std::isalnum(character) || std::ispunct(character) ||
+ std::isspace(character)) {
+ buf << static_cast< char >(character);
+ } else {
+ buf << "&#" << character << ";";
}
}
- return ostr;
+ return buf.str();
}
void
@@ -388,16 +422,18 @@
}
void
- write_tp_start(const std::string& tp, size_t ntcs)
+ write_tp_start(const std::string& tp,
+ size_t ntcs ATF_DEFS_ATTRIBUTE_UNUSED)
{
(*m_os) << "<tp id=\"" << attrval(tp) << "\">\n";
}
void
- write_tp_end(const std::string& reason)
+ write_tp_end(struct timeval* tv, const std::string& reason)
{
if (!reason.empty())
(*m_os) << "<failed>" << elemval(reason) << "</failed>\n";
+ (*m_os) << "<tp-time>" << format_tv(tv) << "</tp-time>";
(*m_os) << "</tp>\n";
}
@@ -420,7 +456,8 @@
}
void
- write_tc_end(const std::string& state, const std::string& reason)
+ write_tc_end(const std::string& state, struct timeval* tv,
+ const std::string& reason)
{
std::string str;
@@ -437,6 +474,7 @@
(*m_os) << "<skipped>" << elemval(reason) << "</skipped>\n";
} else
UNREACHABLE;
+ (*m_os) << "<tc-time>" << format_tv(tv) << "</tc-time>";
(*m_os) << "</tc>\n";
}
@@ -450,7 +488,7 @@
xml_writer(const atf::fs::path& p) :
m_os(open_outfile(p))
{
- (*m_os) << "<?xml version=\"1.0\"?>\n"
+ (*m_os) << "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
<< "<!DOCTYPE tests-results PUBLIC "
"\"-//NetBSD//DTD ATF Tests Results 0.1//EN\" "
"\"http://www.NetBSD.org/XML/atf/tests-results.dtd\">\n\n"
@@ -498,11 +536,11 @@
}
void
- got_tp_end(const std::string& reason)
+ got_tp_end(struct timeval* tv, const std::string& reason)
{
for (outs_vector::iterator iter = m_outs.begin();
iter != m_outs.end(); iter++)
- (*iter)->write_tp_end(reason);
+ (*iter)->write_tp_end(tv, reason);
}
void
@@ -530,11 +568,12 @@
}
void
- got_tc_end(const std::string& state, const std::string& reason)
+ got_tc_end(const std::string& state, struct timeval* tv,
+ const std::string& reason)
{
for (outs_vector::iterator iter = m_outs.begin();
iter != m_outs.end(); iter++)
- (*iter)->write_tc_end(state, reason);
+ (*iter)->write_tc_end(state, tv, reason);
}
void
@@ -638,6 +677,9 @@
int
atf_report::main(void)
{
+ if (m_argc > 0)
+ throw std::runtime_error("No arguments allowed");
+
if (m_oflags.empty())
m_oflags.push_back(fmt_path_pair("ticker", atf::fs::path("-")));
Modified: vendor/bind/dist/unit/atf-src/atf-report/fail_helper.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/fail_helper.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/fail_helper.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-report/integration_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/integration_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/integration_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -117,48 +117,51 @@
# NO_CHECK_STYLE_BEGIN
cat >expout <<EOF
-tc, expect_helpers, death_and_exit, expected_death, Exit case
-tc, expect_helpers, death_and_signal, expected_death, Signal case
-tc, expect_helpers, death_but_pass, failed, Test case was expected to terminate abruptly but it continued execution
-tc, expect_helpers, exit_any_and_exit, expected_exit, Call will exit
-tc, expect_helpers, exit_but_pass, failed, Test case was expected to exit cleanly but it continued execution
-tc, expect_helpers, exit_code_and_exit, expected_exit, Call will exit
-tc, expect_helpers, fail_and_fail_check, expected_failure, And fail again: 2 checks failed as expected; see output for more details
-tc, expect_helpers, fail_and_fail_requirement, expected_failure, Fail reason: The failure
-tc, expect_helpers, fail_but_pass, failed, Test case was expecting a failure but none were raised
-tc, expect_helpers, pass_and_pass, passed
-tc, expect_helpers, pass_but_fail_check, failed, 1 checks failed; see output for more details
-tc, expect_helpers, pass_but_fail_requirement, failed, Some reason
-tc, expect_helpers, signal_any_and_signal, expected_signal, Call will signal
-tc, expect_helpers, signal_but_pass, failed, Test case was expected to receive a termination signal but it continued execution
-tc, expect_helpers, signal_no_and_signal, expected_signal, Call will signal
-tc, expect_helpers, timeout_and_hang, expected_timeout, Will overrun
-tc, expect_helpers, timeout_but_pass, failed, Test case was expected to hang but it continued execution
-tp, expect_helpers, failed
+tc, #.#, expect_helpers, death_and_exit, expected_death, Exit case
+tc, #.#, expect_helpers, death_and_signal, expected_death, Signal case
+tc, #.#, expect_helpers, death_but_pass, failed, Test case was expected to terminate abruptly but it continued execution
+tc, #.#, expect_helpers, exit_any_and_exit, expected_exit, Call will exit
+tc, #.#, expect_helpers, exit_but_pass, failed, Test case was expected to exit cleanly but it continued execution
+tc, #.#, expect_helpers, exit_code_and_exit, expected_exit, Call will exit
+tc, #.#, expect_helpers, fail_and_fail_check, expected_failure, And fail again: 2 checks failed as expected; see output for more details
+tc, #.#, expect_helpers, fail_and_fail_requirement, expected_failure, Fail reason: The failure
+tc, #.#, expect_helpers, fail_but_pass, failed, Test case was expecting a failure but none were raised
+tc, #.#, expect_helpers, pass_and_pass, passed
+tc, #.#, expect_helpers, pass_but_fail_check, failed, 1 checks failed; see output for more details
+tc, #.#, expect_helpers, pass_but_fail_requirement, failed, Some reason
+tc, #.#, expect_helpers, signal_any_and_signal, expected_signal, Call will signal
+tc, #.#, expect_helpers, signal_but_pass, failed, Test case was expected to receive a termination signal but it continued execution
+tc, #.#, expect_helpers, signal_no_and_signal, expected_signal, Call will signal
+tc, #.#, expect_helpers, timeout_and_hang, expected_timeout, Will overrun
+tc, #.#, expect_helpers, timeout_but_pass, failed, Test case was expected to hang but it continued execution
+tp, #.#, expect_helpers, failed
EOF
# NO_CHECK_STYLE_END
- atf_check -s eq:0 -o file:expout -e empty -x "atf-report -o csv:- <tps.out"
+ atf_check -s eq:0 -o file:expout -e empty -x \
+ "atf-report -o csv:- <tps.out | " \
+ "sed -E -e 's/[0-9]+.[0-9]{6}, /#.#, /'"
# NO_CHECK_STYLE_BEGIN
cat >expout <<EOF
expect_helpers (1/1): 17 test cases
- death_and_exit: Expected failure: Exit case
- death_and_signal: Expected failure: Signal case
- death_but_pass: Failed: Test case was expected to terminate abruptly but it continued execution
- exit_any_and_exit: Expected failure: Call will exit
- exit_but_pass: Failed: Test case was expected to exit cleanly but it continued execution
- exit_code_and_exit: Expected failure: Call will exit
- fail_and_fail_check: Expected failure: And fail again: 2 checks failed as expected; see output for more details
- fail_and_fail_requirement: Expected failure: Fail reason: The failure
- fail_but_pass: Failed: Test case was expecting a failure but none were raised
- pass_and_pass: Passed.
- pass_but_fail_check: Failed: 1 checks failed; see output for more details
- pass_but_fail_requirement: Failed: Some reason
- signal_any_and_signal: Expected failure: Call will signal
- signal_but_pass: Failed: Test case was expected to receive a termination signal but it continued execution
- signal_no_and_signal: Expected failure: Call will signal
- timeout_and_hang: Expected failure: Will overrun
- timeout_but_pass: Failed: Test case was expected to hang but it continued execution
+ death_and_exit: [#.#s] Expected failure: Exit case
+ death_and_signal: [#.#s] Expected failure: Signal case
+ death_but_pass: [#.#s] Failed: Test case was expected to terminate abruptly but it continued execution
+ exit_any_and_exit: [#.#s] Expected failure: Call will exit
+ exit_but_pass: [#.#s] Failed: Test case was expected to exit cleanly but it continued execution
+ exit_code_and_exit: [#.#s] Expected failure: Call will exit
+ fail_and_fail_check: [#.#s] Expected failure: And fail again: 2 checks failed as expected; see output for more details
+ fail_and_fail_requirement: [#.#s] Expected failure: Fail reason: The failure
+ fail_but_pass: [#.#s] Failed: Test case was expecting a failure but none were raised
+ pass_and_pass: [#.#s] Passed.
+ pass_but_fail_check: [#.#s] Failed: 1 checks failed; see output for more details
+ pass_but_fail_requirement: [#.#s] Failed: Some reason
+ signal_any_and_signal: [#.#s] Expected failure: Call will signal
+ signal_but_pass: [#.#s] Failed: Test case was expected to receive a termination signal but it continued execution
+ signal_no_and_signal: [#.#s] Expected failure: Call will signal
+ timeout_and_hang: [#.#s] Expected failure: Will overrun
+ timeout_but_pass: [#.#s] Failed: Test case was expected to hang but it continued execution
+[#.#s]
Test cases for known bugs:
expect_helpers:death_and_exit: Exit case
@@ -182,7 +185,8 @@
EOF
# NO_CHECK_STYLE_END
atf_check -s eq:0 -o file:expout -e empty -x \
- "atf-report -o ticker:- <tps.out"
+ "atf-report -o ticker:- <tps.out | " \
+ "sed -E -e 's/[0-9]+.[0-9]{6}/#.#/'"
# Just ensure that this does not crash for now...
atf_check -s eq:0 -o ignore -e empty -x "atf-report -o xml:- <tps.out"
@@ -253,19 +257,20 @@
# NO_CHECK_STYLE_BEGIN
cat >expout <<EOF
-tc, dir1/tp1, main, passed
-tp, dir1/tp1, passed
-tc, dir1/tp2, main, failed, This always fails
-tp, dir1/tp2, failed
-tc, tp3, main, passed
-tp, tp3, passed
-tc, tp4, main, failed, This always fails
-tp, tp4, failed
-tp, tp5, bogus, Invalid format for test case list: 1: Unexpected token \`<<NEWLINE>>'; expected \`:'
+tc, #.#, dir1/tp1, main, passed
+tp, #.#, dir1/tp1, passed
+tc, #.#, dir1/tp2, main, failed, This always fails
+tp, #.#, dir1/tp2, failed
+tc, #.#, tp3, main, passed
+tp, #.#, tp3, passed
+tc, #.#, tp4, main, failed, This always fails
+tp, #.#, tp4, failed
+tp, #.#, tp5, bogus, Invalid format for test case list: 1: Unexpected token \`<<NEWLINE>>'; expected \`:'
EOF
# NO_CHECK_STYLE_END
- atf_check -s eq:0 -o file:expout -e empty -x 'atf-report -o csv:- <tps.out'
+ atf_check -s eq:0 -o file:expout -e empty -x \
+ "atf-report -o csv:- <tps.out | sed -E -e 's/[0-9]+.[0-9]{6}, /#.#, /'"
}
atf_test_case output_ticker
@@ -281,19 +286,24 @@
# NO_CHECK_STYLE_BEGIN
cat >expout <<EOF
dir1/tp1 (1/5): 1 test cases
- main: Passed.
+ main: [#.#s] Passed.
+[#.#s]
dir1/tp2 (2/5): 1 test cases
- main: Failed: This always fails
+ main: [#.#s] Failed: This always fails
+[#.#s]
tp3 (3/5): 1 test cases
- main: Passed.
+ main: [#.#s] Passed.
+[#.#s]
tp4 (4/5): 1 test cases
- main: Failed: This always fails
+ main: [#.#s] Failed: This always fails
+[#.#s]
tp5 (5/5): 0 test cases
tp5: BOGUS TEST PROGRAM: Cannot trust its results because of \`Invalid format for test case list: 1: Unexpected token \`<<NEWLINE>>'; expected \`:''
+[#.#s]
Failed (bogus) test programs:
tp5
@@ -308,7 +318,8 @@
0 skipped test cases.
EOF
- atf_check -s eq:0 -o file:expout -e empty -x 'atf-report -o ticker:- <tps.out'
+ atf_check -s eq:0 -o file:expout -e empty -x \
+ "atf-report -o ticker:- <tps.out | sed -E -e 's/[0-9]+.[0-9]{6}/#.#/'"
}
# NO_CHECK_STYLE_END
@@ -324,7 +335,7 @@
# NO_CHECK_STYLE_BEGIN
cat >expout <<EOF
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE tests-results PUBLIC "-//NetBSD//DTD ATF Tests Results 0.1//EN" "http://www.NetBSD.org/XML/atf/tests-results.dtd">
<tests-results>
@@ -332,32 +343,33 @@
<tp id="dir1/tp1">
<tc id="main">
<passed />
-</tc>
-</tp>
+<tc-time>#.#</tc-time></tc>
+<tp-time>#.#</tp-time></tp>
<tp id="dir1/tp2">
<tc id="main">
<failed>This always fails</failed>
-</tc>
-</tp>
+<tc-time>#.#</tc-time></tc>
+<tp-time>#.#</tp-time></tp>
<tp id="tp3">
<tc id="main">
<passed />
-</tc>
-</tp>
+<tc-time>#.#</tc-time></tc>
+<tp-time>#.#</tp-time></tp>
<tp id="tp4">
<tc id="main">
<failed>This always fails</failed>
-</tc>
-</tp>
+<tc-time>#.#</tc-time></tc>
+<tp-time>#.#</tp-time></tp>
<tp id="tp5">
<failed>Invalid format for test case list: 1: Unexpected token \`<<NEWLINE>>'; expected \`:'</failed>
-</tp>
+<tp-time>#.#</tp-time></tp>
<info class="endinfo">Another value</info>
</tests-results>
EOF
# NO_CHECK_STYLE_END
- atf_check -s eq:0 -o file:expout -e empty -x 'atf-report -o xml:- <tps.out'
+ atf_check -s eq:0 -o file:expout -e empty -x \
+ "atf-report -o xml:- < tps.out | sed -E -e 's/>[0-9]+.[0-9]{6}</>#.#</'"
}
atf_test_case output_xml_space
@@ -380,7 +392,7 @@
# NO_CHECK_STYLE_BEGIN
cat >expout <<EOF
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE tests-results PUBLIC "-//NetBSD//DTD ATF Tests Results 0.1//EN" "http://www.NetBSD.org/XML/atf/tests-results.dtd">
<tests-results>
@@ -400,8 +412,8 @@
<so> </so>
<so> EOF</so>
<passed />
-</tc>
-</tp>
+<tc-time>#.#</tc-time></tc>
+<tp-time>#.#</tp-time></tp>
<info class="endinfo">Another value</info>
</tests-results>
EOF
@@ -408,9 +420,19 @@
# NO_CHECK_STYLE_END
run_helpers
- atf_check -s eq:0 -o file:expout -e empty -x 'atf-report -o xml:- <tps.out'
+ atf_check -s eq:0 -o file:expout -e empty -x \
+ "atf-report -o xml:- <tps.out | sed -E -e 's/>[0-9]+.[0-9]{6}</>#.#</'"
}
+atf_test_case too_many_args
+too_many_args_body()
+{
+ cat >experr <<EOF
+atf-report: ERROR: No arguments allowed
+EOF
+ atf_check -s eq:1 -o empty -e file:experr atf-report foo
+}
+
atf_init_test_cases()
{
atf_add_test_case default
@@ -420,6 +442,7 @@
atf_add_test_case output_ticker
atf_add_test_case output_xml
atf_add_test_case output_xml_space
+ atf_add_test_case too_many_args
}
# vim: syntax=sh:expandtab:shiftwidth=4:softtabstop=4
Modified: vendor/bind/dist/unit/atf-src/atf-report/misc_helpers.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/misc_helpers.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/misc_helpers.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-report/pass_helper.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/pass_helper.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/pass_helper.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-report/reader.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/reader.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/reader.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -27,10 +27,16 @@
// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
+extern "C" {
+#include <sys/time.h>
+}
+
#include <map>
#include <sstream>
#include <utility>
+#include "atf-c/defs.h"
+
#include "atf-c++/detail/parser.hpp"
#include "atf-c++/detail/sanity.hpp"
#include "atf-c++/detail/text.hpp"
@@ -44,12 +50,12 @@
// Auxiliary functions.
// ------------------------------------------------------------------------
-static
-size_t
-string_to_size_t(const std::string& str)
+template< typename Type >
+Type
+string_to_int(const std::string& str)
{
std::istringstream ss(str);
- size_t s;
+ Type s;
ss >> s;
return s;
@@ -112,6 +118,24 @@
} // namespace atf_tps
+struct timeval
+read_timeval(atf::parser::parser< atf_tps::tokenizer >& parser)
+{
+ using namespace atf_tps;
+
+ atf::parser::token t = parser.expect(text_type, "timestamp");
+ const std::string::size_type divider = t.text().find('.');
+ if (divider == std::string::npos || divider == 0 ||
+ divider == t.text().length() - 1)
+ throw atf::parser::parse_error(t.lineno(),
+ "Malformed timestamp value " + t.text());
+
+ struct timeval tv;
+ tv.tv_sec = string_to_int< long >(t.text().substr(0, divider));
+ tv.tv_usec = string_to_int< long >(t.text().substr(divider + 1));
+ return tv;
+}
+
// ------------------------------------------------------------------------
// The "atf_tps_reader" class.
// ------------------------------------------------------------------------
@@ -126,44 +150,54 @@
}
void
-impl::atf_tps_reader::got_info(const std::string& what,
- const std::string& val)
+impl::atf_tps_reader::got_info(
+ const std::string& what ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& val ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-impl::atf_tps_reader::got_ntps(size_t ntps)
+impl::atf_tps_reader::got_ntps(size_t ntps ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-impl::atf_tps_reader::got_tp_start(const std::string& tp, size_t ntcs)
+impl::atf_tps_reader::got_tp_start(
+ const std::string& tp ATF_DEFS_ATTRIBUTE_UNUSED,
+ size_t ntcs ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-impl::atf_tps_reader::got_tp_end(const std::string& reason)
+impl::atf_tps_reader::got_tp_end(
+ struct timeval* tv ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& reason ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-impl::atf_tps_reader::got_tc_start(const std::string& tcname)
+impl::atf_tps_reader::got_tc_start(
+ const std::string& tcname ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-impl::atf_tps_reader::got_tc_stdout_line(const std::string& line)
+impl::atf_tps_reader::got_tc_stdout_line(
+ const std::string& line ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-impl::atf_tps_reader::got_tc_stderr_line(const std::string& line)
+impl::atf_tps_reader::got_tc_stderr_line(
+ const std::string& line ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-impl::atf_tps_reader::got_tc_end(const std::string& state,
- const std::string& reason)
+impl::atf_tps_reader::got_tc_end(
+ const std::string& state ATF_DEFS_ATTRIBUTE_UNUSED,
+ struct timeval* tv ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& reason ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
@@ -206,6 +240,10 @@
t = p.expect(colon_type, "`:'");
+ struct timeval s1 = read_timeval(p);
+
+ t = p.expect(comma_type, "`,'");
+
t = p.expect(text_type, "test program name");
std::string tpname = t.text();
@@ -212,7 +250,7 @@
t = p.expect(comma_type, "`,'");
t = p.expect(text_type, "number of test programs");
- size_t ntcs = string_to_size_t(t.text());
+ size_t ntcs = string_to_int< std::size_t >(t.text());
t = p.expect(nl_type, "new line");
@@ -232,6 +270,13 @@
t = p.expect(colon_type, "`:'");
+ struct timeval s2 = read_timeval(p);
+
+ struct timeval s3;
+ timersub(&s2, &s1, &s3);
+
+ t = p.expect(comma_type, "`,'");
+
t = p.expect(text_type, "test program name");
if (t.text() != tpname)
throw parse_error(t.lineno(), "Test program name used in "
@@ -249,7 +294,7 @@
t = p.next();
}
- ATF_PARSER_CALLBACK(p, got_tp_end(reason));
+ ATF_PARSER_CALLBACK(p, got_tp_end(&s3, reason));
}
void
@@ -266,8 +311,13 @@
t = p.expect(colon_type, "`:'");
+ struct timeval s1 = read_timeval(p);
+
+ t = p.expect(comma_type, "`,'");
+
t = p.expect(text_type, "test case name");
std::string tcname = t.text();
+
ATF_PARSER_CALLBACK(p, got_tc_start(tcname));
t = p.expect(nl_type, "new line");
@@ -297,6 +347,13 @@
t = p.expect(colon_type, "`:'");
+ struct timeval s2 = read_timeval(p);
+
+ struct timeval s3;
+ timersub(&s2, &s1, &s3);
+
+ t = p.expect(comma_type, "`,'");
+
t = p.expect(text_type, "test case name");
if (t.text() != tcname)
throw parse_error(t.lineno(),
@@ -310,7 +367,7 @@
skipped_type, "expected_{death,exit,failure,signal,timeout}, failed, "
"passed or skipped");
if (t.type() == passed_type) {
- ATF_PARSER_CALLBACK(p, got_tc_end("passed", ""));
+ ATF_PARSER_CALLBACK(p, got_tc_end("passed", &s3, ""));
} else {
std::string state;
if (t.type() == expected_death_type) state = "expected_death";
@@ -327,7 +384,7 @@
if (reason.empty())
throw parse_error(t.lineno(), "Empty reason for " + state +
" test case result");
- ATF_PARSER_CALLBACK(p, got_tc_end(state, reason));
+ ATF_PARSER_CALLBACK(p, got_tc_end(state, &s3, reason));
}
t = p.expect(nl_type, "new line");
@@ -341,7 +398,7 @@
std::pair< size_t, atf::parser::headers_map > hml =
atf::parser::read_headers(m_is, 1);
- atf::parser::validate_content_type(hml.second, "application/X-atf-tps", 2);
+ atf::parser::validate_content_type(hml.second, "application/X-atf-tps", 3);
tokenizer tkz(m_is, hml.first);
atf::parser::parser< tokenizer > p(tkz);
@@ -356,7 +413,7 @@
t = p.expect(colon_type, "`:'");
t = p.expect(text_type, "number of test programs");
- size_t ntps = string_to_size_t(t.text());
+ size_t ntps = string_to_int< std::size_t >(t.text());
ATF_PARSER_CALLBACK(p, got_ntps(ntps));
t = p.expect(nl_type, "new line");
Modified: vendor/bind/dist/unit/atf-src/atf-report/reader.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/reader.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/reader.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -30,6 +30,10 @@
#if !defined(_ATF_REPORT_FORMATS_HPP_)
#define _ATF_REPORT_FORMATS_HPP_
+extern "C" {
+#include <sys/time.h>
+}
+
#include <istream>
#include <string>
@@ -65,12 +69,13 @@
virtual void got_info(const std::string&, const std::string&);
virtual void got_ntps(size_t);
virtual void got_tp_start(const std::string&, size_t);
- virtual void got_tp_end(const std::string&);
+ virtual void got_tp_end(struct timeval*, const std::string&);
virtual void got_tc_start(const std::string&);
virtual void got_tc_stdout_line(const std::string&);
virtual void got_tc_stderr_line(const std::string&);
- virtual void got_tc_end(const std::string&, const std::string&);
+ virtual void got_tc_end(const std::string&, struct timeval*,
+ const std::string&);
virtual void got_eof(void);
public:
Modified: vendor/bind/dist/unit/atf-src/atf-report/reader_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/reader_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/reader_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -65,7 +65,8 @@
}
void
- got_tp_end(const std::string& reason)
+ got_tp_end(struct timeval* tv ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& reason)
{
m_calls.push_back("got_tp_end(" + reason + ")");
}
@@ -77,7 +78,9 @@
}
void
- got_tc_end(const std::string& state, const std::string& reason)
+ got_tc_end(const std::string& state,
+ struct timeval* tv ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& reason)
{
const std::string r = state + (reason.empty() ? "" : ", " + reason);
m_calls.push_back("got_tc_end(" + r + ")");
@@ -120,7 +123,7 @@
ATF_TEST_CASE_BODY(tps_1)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 0\n"
;
@@ -142,13 +145,13 @@
ATF_TEST_CASE_BODY(tps_2)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 2\n"
- "tp-start: first-prog, 0\n"
- "tp-end: first-prog\n"
- "tp-start: second-prog, 0\n"
- "tp-end: second-prog, This program failed\n"
+ "tp-start: 123.456, first-prog, 0\n"
+ "tp-end: 123.567, first-prog\n"
+ "tp-start: 123.678, second-prog, 0\n"
+ "tp-end: 123.789, second-prog, This program failed\n"
;
const char* exp_calls[] = {
@@ -172,37 +175,37 @@
ATF_TEST_CASE_BODY(tps_3)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 2\n"
- "tp-start: first-prog, 3\n"
- "tc-start: first-test\n"
- "tc-end: first-test, passed\n"
- "tc-start: second-test\n"
- "tc-end: second-test, skipped, Testing skipped reason\n"
- "tc-start: third-test\n"
- "tc-end: third-test, failed, Testing failed reason\n"
- "tp-end: first-prog\n"
- "tp-start: second-prog, 3\n"
- "tc-start: first-test\n"
+ "tp-start: 123.123, first-prog, 3\n"
+ "tc-start: 123.234, first-test\n"
+ "tc-end: 123.345, first-test, passed\n"
+ "tc-start: 123.456, second-test\n"
+ "tc-end: 123.567, second-test, skipped, Testing skipped reason\n"
+ "tc-start: 123.678, third.test\n"
+ "tc-end: 123.789, third.test, failed, Testing failed reason\n"
+ "tp-end: 123.890, first-prog\n"
+ "tp-start: 124.901, second-prog, 3\n"
+ "tc-start: 124.1012, first-test\n"
"tc-so:first stdout line for 1st test\n"
"tc-se:first stderr line for 1st test\n"
"tc-so:second stdout line for 1st test\n"
"tc-se:second stderr line for 1st test\n"
- "tc-end: first-test, passed\n"
- "tc-start: second-test\n"
+ "tc-end: 124.1123, first-test, passed\n"
+ "tc-start: 124.1234, second-test\n"
"tc-so:first stdout line for 2nd test\n"
"tc-se:first stderr line for 2nd test\n"
"tc-so:second stdout line for 2nd test\n"
"tc-se:second stderr line for 2nd test\n"
- "tc-end: second-test, skipped, Testing skipped reason\n"
- "tc-start: third-test\n"
+ "tc-end: 124.1345, second-test, skipped, Testing skipped reason\n"
+ "tc-start: 124.1456, third.test\n"
"tc-so:first stdout line for 3rd test\n"
"tc-se:first stderr line for 3rd test\n"
"tc-so:second stdout line for 3rd test\n"
"tc-se:second stderr line for 3rd test\n"
- "tc-end: third-test, failed, Testing failed reason\n"
- "tp-end: second-prog, This program failed\n"
+ "tc-end: 124.1567, third.test, failed, Testing failed reason\n"
+ "tp-end: 124.1678, second-prog, This program failed\n"
;
const char* exp_calls[] = {
@@ -212,7 +215,7 @@
"got_tc_end(passed)",
"got_tc_start(second-test)",
"got_tc_end(skipped, Testing skipped reason)",
- "got_tc_start(third-test)",
+ "got_tc_start(third.test)",
"got_tc_end(failed, Testing failed reason)",
"got_tp_end()",
"got_tp_start(second-prog, 3)",
@@ -228,7 +231,7 @@
"got_tc_stdout_line(second stdout line for 2nd test)",
"got_tc_stderr_line(second stderr line for 2nd test)",
"got_tc_end(skipped, Testing skipped reason)",
- "got_tc_start(third-test)",
+ "got_tc_start(third.test)",
"got_tc_stdout_line(first stdout line for 3rd test)",
"got_tc_stderr_line(first stderr line for 3rd test)",
"got_tc_stdout_line(second stdout line for 3rd test)",
@@ -250,40 +253,40 @@
ATF_TEST_CASE_BODY(tps_4)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info: a, foo\n"
"info: b, bar\n"
"info: c, baz\n"
"tps-count: 2\n"
- "tp-start: first-prog, 3\n"
- "tc-start: first-test\n"
- "tc-end: first-test, passed\n"
- "tc-start: second-test\n"
- "tc-end: second-test, skipped, Testing skipped reason\n"
- "tc-start: third-test\n"
- "tc-end: third-test, failed, Testing failed reason\n"
- "tp-end: first-prog\n"
- "tp-start: second-prog, 3\n"
- "tc-start: first-test\n"
+ "tp-start: 234.1, first-prog, 3\n"
+ "tc-start: 234.12, first-test\n"
+ "tc-end: 234.23, first-test, passed\n"
+ "tc-start: 234.34, second-test\n"
+ "tc-end: 234.45, second-test, skipped, Testing skipped reason\n"
+ "tc-start: 234.56, third-test\n"
+ "tc-end: 234.67, third-test, failed, Testing failed reason\n"
+ "tp-end: 234.78, first-prog\n"
+ "tp-start: 234.89, second-prog, 3\n"
+ "tc-start: 234.90, first-test\n"
"tc-so:first stdout line for 1st test\n"
"tc-se:first stderr line for 1st test\n"
"tc-so:second stdout line for 1st test\n"
"tc-se:second stderr line for 1st test\n"
- "tc-end: first-test, passed\n"
- "tc-start: second-test\n"
+ "tc-end: 234.101, first-test, passed\n"
+ "tc-start: 234.112, second-test\n"
"tc-so:first stdout line for 2nd test\n"
"tc-se:first stderr line for 2nd test\n"
"tc-so:second stdout line for 2nd test\n"
"tc-se:second stderr line for 2nd test\n"
- "tc-end: second-test, skipped, Testing skipped reason\n"
- "tc-start: third-test\n"
+ "tc-end: 234.123, second-test, skipped, Testing skipped reason\n"
+ "tc-start: 234.134, third-test\n"
"tc-so:first stdout line for 3rd test\n"
"tc-se:first stderr line for 3rd test\n"
"tc-so:second stdout line for 3rd test\n"
"tc-se:second stderr line for 3rd test\n"
- "tc-end: third-test, failed, Testing failed reason\n"
- "tp-end: second-prog, This program failed\n"
+ "tc-end: 234.145, third-test, failed, Testing failed reason\n"
+ "tp-end: 234.156, second-prog, This program failed\n"
"info: d, foo\n"
"info: e, bar\n"
"info: f, baz\n"
@@ -340,11 +343,11 @@
ATF_TEST_CASE_BODY(tps_5)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 1\n"
- "tp-start: the-prog, 1\n"
- "tc-start: the-test\n"
+ "tp-start: 345.123, the-prog, 1\n"
+ "tc-start: 345.134, the-test\n"
"tc-so:--- a 2007-11-04 14:00:41.000000000 +0100\n"
"tc-so:+++ b 2007-11-04 14:00:48.000000000 +0100\n"
"tc-so:@@ -1,7 +1,7 @@\n"
@@ -357,8 +360,8 @@
"tc-so:+Second modified line.\n"
"tc-so: \n"
"tc-so: EOF\n"
- "tc-end: the-test, passed\n"
- "tp-end: the-prog\n"
+ "tc-end: 345.145, the-test, passed\n"
+ "tp-end: 345.156, the-prog\n"
;
// NO_CHECK_STYLE_BEGIN
@@ -396,27 +399,27 @@
ATF_TEST_CASE_BODY(tps_6)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 1\n"
- "tp-start: the-prog, 8\n"
- "tc-start: one\n"
- "tc-end: one, expected_death, The reason\n"
- "tc-start: two\n"
- "tc-end: two, expected_exit, This would be an exit\n"
- "tc-start: three\n"
- "tc-end: three, expected_failure, And this a failure\n"
- "tc-start: four\n"
- "tc-end: four, expected_signal, And this a signal\n"
- "tc-start: five\n"
- "tc-end: five, failed, Another reason\n"
- "tc-start: six\n"
- "tc-end: six, passed\n"
- "tc-start: seven\n"
- "tc-end: seven, skipped, Skipping it\n"
- "tc-start: eight\n"
- "tc-end: eight, expected_timeout, Some hang reason\n"
- "tp-end: the-prog\n"
+ "tp-start: 321.1, the-prog, 8\n"
+ "tc-start: 321.12, one\n"
+ "tc-end: 321.23, one, expected_death, The reason\n"
+ "tc-start: 321.34, two\n"
+ "tc-end: 321.45, two, expected_exit, This would be an exit\n"
+ "tc-start: 321.56, three\n"
+ "tc-end: 321.67, three, expected_failure, And this a failure\n"
+ "tc-start: 321.78, four\n"
+ "tc-end: 321.89, four, expected_signal, And this a signal\n"
+ "tc-start: 321.90, five\n"
+ "tc-end: 321.101, five, failed, Another reason\n"
+ "tc-start: 321.112, six\n"
+ "tc-end: 321.123, six, passed\n"
+ "tc-start: 321.134, seven\n"
+ "tc-end: 321.145, seven, skipped, Skipping it\n"
+ "tc-start: 321.156, eight\n"
+ "tc-end: 321.167, eight, expected_timeout, Some hang reason\n"
+ "tp-end: 321.178, the-prog\n"
;
// NO_CHECK_STYLE_BEGIN
@@ -457,7 +460,7 @@
ATF_TEST_CASE_BODY(tps_50)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"foo\n"
;
@@ -478,7 +481,7 @@
ATF_TEST_CASE_BODY(tps_51)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count\n"
;
@@ -499,7 +502,7 @@
ATF_TEST_CASE_BODY(tps_52)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count:\n"
;
@@ -520,7 +523,7 @@
ATF_TEST_CASE_BODY(tps_53)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 1\n"
"foo\n"
@@ -543,24 +546,36 @@
ATF_TEST_CASE_BODY(tps_54)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 1\n"
"foo\n"
"tp-start\n"
"tp-start:\n"
- "tp-start: foo\n"
- "tp-start: foo,\n"
- "tp-start: foo, 0\n"
+ "tp-start: 123\n"
+ "tp-start: 123.\n"
+ "tp-start: 123.456\n"
+ "tp-start: 123.456,\n"
+ "tp-start: 123.456, foo\n"
+ "tp-start: 123.456, foo,\n"
+ "tp-start: 123.456, foo, 0\n"
"bar\n"
- "tp-start: foo, 0\n"
+ "tp-start: 456.789, foo, 0\n"
"tp-end\n"
- "tp-start: foo, 0\n"
+ "tp-start: 777.777, foo, 0\n"
"tp-end:\n"
- "tp-start: foo, 0\n"
- "tp-end: bar\n"
- "tp-start: foo, 0\n"
- "tp-end: foo,\n"
+ "tp-start: 777.777, foo, 0\n"
+ "tp-end: 777\n"
+ "tp-start: 777.777, foo, 0\n"
+ "tp-end: 777.\n"
+ "tp-start: 777.777, foo, 0\n"
+ "tp-end: 777.888\n"
+ "tp-start: 777.777, foo, 0\n"
+ "tp-end: 777.888, \n"
+ "tp-start: 777.777, foo, 0\n"
+ "tp-end: 777.888, bar\n"
+ "tp-start: 777.777, foo, 0\n"
+ "tp-end: 777.888, foo,\n"
;
const char* exp_calls[] = {
@@ -571,14 +586,23 @@
const char* exp_errors[] = {
"4: Unexpected token `foo'; expected start of test program",
"5: Unexpected token `<<NEWLINE>>'; expected `:'",
- "6: Unexpected token `<<NEWLINE>>'; expected test program name",
- "7: Unexpected token `<<NEWLINE>>'; expected `,'",
- "8: Unexpected token `<<NEWLINE>>'; expected number of test programs",
- "10: Unexpected token `bar'; expected end of test program",
- "12: Unexpected token `<<NEWLINE>>'; expected `:'",
- "14: Unexpected token `<<NEWLINE>>'; expected test program name",
- "16: Test program name used in terminator does not match opening",
- "18: Empty reason for failed test program",
+ "6: Unexpected token `<<NEWLINE>>'; expected timestamp",
+ "7: Malformed timestamp value 123",
+ "8: Malformed timestamp value 123.",
+ "9: Unexpected token `<<NEWLINE>>'; expected `,'",
+ "10: Unexpected token `<<NEWLINE>>'; expected test program name",
+ "11: Unexpected token `<<NEWLINE>>'; expected `,'",
+ "12: Unexpected token `<<NEWLINE>>'; expected number of test programs",
+ "14: Unexpected token `bar'; expected end of test program",
+ "16: Unexpected token `<<NEWLINE>>'; expected `:'",
+ "18: Unexpected token `<<NEWLINE>>'; expected timestamp",
+ "20: Malformed timestamp value 777",
+ "22: Malformed timestamp value 777.",
+ "24: Unexpected token `<<NEWLINE>>'; expected `,'",
+
+ "26: Unexpected token `<<NEWLINE>>'; expected test program name",
+ "28: Test program name used in terminator does not match opening",
+ "30: Empty reason for failed test program",
NULL
};
@@ -589,26 +613,38 @@
ATF_TEST_CASE_BODY(tps_55)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 1\n"
- "tp-start: foo, 1\n"
+ "tp-start: 100.200, foo, 1\n"
"foo\n"
"tc-start\n"
"tc-start:\n"
- "tc-start: foo\n"
+ "tc-start: 111\n"
+ "tc-start: 111.\n"
+ "tc-start: 111.222\n"
+ "tc-start: 111.222,\n"
+ "tc-start: 111.222, foo\n"
"bar\n"
- "tc-start: foo\n"
+ "tc-start: 111.333, foo\n"
"tc-end\n"
- "tc-start: foo\n"
+ "tc-start: 111.444, foo\n"
"tc-end:\n"
- "tc-start: foo\n"
- "tc-end: bar\n"
- "tc-start: foo\n"
- "tc-end: foo\n"
- "tc-start: foo\n"
- "tc-end: foo,\n"
- "tp-end: foo\n"
+ "tc-start: 111.444, foo\n"
+ "tc-end: 111\n"
+ "tc-start: 111.444, foo\n"
+ "tc-end: 111.\n"
+ "tc-start: 111.444, foo\n"
+ "tc-end: 111.555\n"
+ "tc-start: 111.444, foo\n"
+ "tc-end: 111.555, \n"
+ "tc-start: 111.444, foo\n"
+ "tc-end: 111.555, bar\n"
+ "tc-start: 111.444, foo\n"
+ "tc-end: 111.555, foo\n"
+ "tc-start: 111.444, foo\n"
+ "tc-end: 111.555, foo,\n"
+ "tp-end: 111.666, foo\n"
;
const char* exp_calls[] = {
@@ -621,14 +657,22 @@
const char* exp_errors[] = {
"5: Unexpected token `foo'; expected start of test case",
"6: Unexpected token `<<NEWLINE>>'; expected `:'",
- "7: Unexpected token `<<NEWLINE>>'; expected test case name",
- "9: Unexpected token `bar'; expected end of test case or test case's stdout/stderr line",
- "11: Unexpected token `<<NEWLINE>>'; expected `:'",
- "13: Unexpected token `<<NEWLINE>>'; expected test case name",
- "15: Test case name used in terminator does not match opening",
- "17: Unexpected token `<<NEWLINE>>'; expected `,'",
- "19: Unexpected token `<<NEWLINE>>'; expected expected_{death,exit,failure,signal,timeout}, failed, passed or skipped",
- "20: Unexpected token `tp-end'; expected start of test case",
+ "7: Unexpected token `<<NEWLINE>>'; expected timestamp",
+ "8: Malformed timestamp value 111",
+ "9: Malformed timestamp value 111.",
+ "10: Unexpected token `<<NEWLINE>>'; expected `,'",
+ "11: Unexpected token `<<NEWLINE>>'; expected test case name",
+ "13: Unexpected token `bar'; expected end of test case or test case's stdout/stderr line",
+ "15: Unexpected token `<<NEWLINE>>'; expected `:'",
+ "17: Unexpected token `<<NEWLINE>>'; expected timestamp",
+ "19: Malformed timestamp value 111",
+ "21: Malformed timestamp value 111.",
+ "23: Unexpected token `<<NEWLINE>>'; expected `,'",
+ "25: Unexpected token `<<NEWLINE>>'; expected test case name",
+ "27: Test case name used in terminator does not match opening",
+ "29: Unexpected token `<<NEWLINE>>'; expected `,'",
+ "31: Unexpected token `<<NEWLINE>>'; expected expected_{death,exit,failure,signal,timeout}, failed, passed or skipped",
+ "32: Unexpected token `tp-end'; expected start of test case",
NULL
};
// NO_CHECK_STYLE_END
@@ -640,23 +684,23 @@
ATF_TEST_CASE_BODY(tps_56)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 1\n"
- "tp-start: foo, 1\n"
- "tc-start: foo\n"
- "tc-end: foo, passe\n"
- "tc-start: foo\n"
- "tc-end: foo, passed,\n"
- "tc-start: bar\n"
- "tc-end: bar, failed\n"
- "tc-start: bar\n"
- "tc-end: bar, failed,\n"
- "tc-start: baz\n"
- "tc-end: baz, skipped\n"
- "tc-start: baz\n"
- "tc-end: baz, skipped,\n"
- "tp-end: foo\n"
+ "tp-start: 111.222, foo, 1\n"
+ "tc-start: 111.333, foo\n"
+ "tc-end: 111.444, foo, passe\n"
+ "tc-start: 111.333, foo\n"
+ "tc-end: 111.444, foo, passed,\n"
+ "tc-start: 111.555, bar\n"
+ "tc-end: 111.666, bar, failed\n"
+ "tc-start: 111.555, bar\n"
+ "tc-end: 111.666, bar, failed,\n"
+ "tc-start: 111.555, baz\n"
+ "tc-end: 111.666, baz, skipped\n"
+ "tc-start: 111.555, baz\n"
+ "tc-end: 111.666, baz, skipped,\n"
+ "tp-end: 111.777, foo\n"
;
const char* exp_calls[] = {
@@ -686,11 +730,11 @@
ATF_TEST_CASE_BODY(tps_57)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 2\n"
- "tp-start: foo, 0\n"
- "tp-end: foo\n"
+ "tp-start: 111.222, foo, 0\n"
+ "tp-end: 111.333, foo\n"
;
const char* exp_calls[] = {
@@ -712,13 +756,13 @@
ATF_TEST_CASE_BODY(tps_58)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"tps-count: 1\n"
- "tp-start: foo, 0\n"
- "tp-end: foo\n"
- "tp-start: bar, 0\n"
- "tp-end: bar\n"
+ "tp-start: 111.222, foo, 0\n"
+ "tp-end: 111.333, foo\n"
+ "tp-start: 111.444, bar, 0\n"
+ "tp-end: 111.555, bar\n"
;
const char* exp_calls[] = {
@@ -740,7 +784,7 @@
ATF_TEST_CASE_BODY(tps_59)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info\n"
;
@@ -761,7 +805,7 @@
ATF_TEST_CASE_BODY(tps_60)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info:\n"
;
@@ -782,7 +826,7 @@
ATF_TEST_CASE_BODY(tps_61)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info: a\n"
;
@@ -803,7 +847,7 @@
ATF_TEST_CASE_BODY(tps_62)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info: a,\n"
;
@@ -825,7 +869,7 @@
ATF_TEST_CASE_BODY(tps_63)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info: a, b\n"
;
@@ -847,19 +891,21 @@
ATF_TEST_CASE_BODY(tps_64)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info: a, b\n"
+ "info: a.b.c.def, g\n"
"tps-count\n"
;
const char* exp_calls[] = {
"got_info(a, b)",
+ "got_info(a.b.c.def, g)",
NULL
};
const char* exp_errors[] = {
- "4: Unexpected token `<<NEWLINE>>'; expected `:'",
+ "5: Unexpected token `<<NEWLINE>>'; expected `:'",
NULL
};
@@ -870,7 +916,7 @@
ATF_TEST_CASE_BODY(tps_65)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info: a, b\n"
"tps-count:\n"
@@ -893,7 +939,7 @@
ATF_TEST_CASE_BODY(tps_66)
{
const char* input =
- "Content-Type: application/X-atf-tps; version=\"2\"\n"
+ "Content-Type: application/X-atf-tps; version=\"3\"\n"
"\n"
"info: a, b\n"
"tps-count: 0\n"
Modified: vendor/bind/dist/unit/atf-src/atf-report/tests-results.css
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/tests-results.css 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/tests-results.css 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,6 +31,10 @@
margin: 0 0 0 0;
}
+.nobr {
+ white-space: nowrap;
+}
+
h1 {
background: black;
color: white;
@@ -56,6 +60,11 @@
padding: 3pt;
}
+p.details {
+ margin-left: 20pt;
+ margin-right: 20pt;
+}
+
p.term {
margin-left: 40pt;
margin-right: 40pt;
@@ -138,9 +147,27 @@
padding: 3pt 6pt 3pt 6pt;
}
+table.tcs-summary td.numeric {
+ width: 1pt;
+}
+
+table.tcs-summary td.numeric p {
+ text-align: right;
+}
+
+table.tcs-summary td.tp-numeric {
+ background: #dddddd;
+ width: 1pt;
+}
+
+table.tcs-summary td.tp-numeric p {
+ text-align: right;
+}
+
table.tcs-summary td.tp-id {
background: #dddddd;
font-weight: bold;
+ width: 1pt;
}
table.tcs-summary td.tc-id p {
@@ -149,16 +176,24 @@
table.tcs-summary td.tcr-passed {
background: #aaffaa;
+ width: 1pt;
}
table.tcs-summary td.tcr-failed {
background: #ffaaaa;
+ width: 1pt;
}
table.tcs-summary td.tcr-skipped {
background: #ffffaa;
+ width: 1pt;
}
table.tcs-summary td.tcr-xfail {
background: #ffaaff;
+ width: 1pt;
}
+
+table.tcs-summary td.tcr-reason {
+ width: 100%;
+}
Modified: vendor/bind/dist/unit/atf-src/atf-report/tests-results.dtd
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/tests-results.dtd 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/tests-results.dtd 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
<!--
++ Automated Testing Framework (atf)
++
- ++ Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+ ++ Copyright (c) 2007 The NetBSD Foundation, Inc.
++ All rights reserved.
++
++ Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-report/tests-results.xsl
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-report/tests-results.xsl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-report/tests-results.xsl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,7 +4,7 @@
<!--
++ Automated Testing Framework (atf)
++
- ++ Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+ ++ Copyright (c) 2007 The NetBSD Foundation, Inc.
++ All rights reserved.
++
++ Redistribution and use in source and binary forms, with or without
@@ -86,6 +86,9 @@
<xsl:if test="$ntcs-skipped > 0">
<xsl:call-template name="skipped-tcs-summary" />
</xsl:if>
+ <xsl:if test="$ntps-failed > 0">
+ <xsl:call-template name="failed-tps-summary" />
+ </xsl:if>
<xsl:call-template name="info-bottom" />
<xsl:apply-templates select="tp" mode="details" />
@@ -98,8 +101,8 @@
<table class="summary">
<tr>
- <th><p>Item</p></th>
- <th><p>Value</p></th>
+ <th class="nobr"><p>Item</p></th>
+ <th class="nobr"><p>Value</p></th>
</tr>
<tr class="group">
@@ -167,14 +170,16 @@
<td class="numeric"><p><xsl:value-of select="$ntps" /></p></td>
</tr>
<tr class="entry">
- <td><p>Bogus test programs</p></td>
<xsl:choose>
<xsl:when test="$ntps-failed > 0">
+ <td><p><a href="#failed-tps-summary">Bogus test
+ programs</a></p></td>
<td class="numeric-error">
<p><xsl:value-of select="$ntps-failed" /></p>
</td>
</xsl:when>
<xsl:otherwise>
+ <td><p>Bogus test programs</p></td>
<td class="numeric">
<p><xsl:value-of select="$ntps-failed" /></p>
</td>
@@ -272,9 +277,10 @@
<table class="tcs-summary">
<tr>
- <th><p>Test case</p></th>
- <th><p>Result</p></th>
- <th><p>Reason</p></th>
+ <th class="nobr"><p>Test case</p></th>
+ <th class="nobr"><p>Result</p></th>
+ <th class="nobr"><p>Reason</p></th>
+ <th class="nobr"><p>Duration</p></th>
</tr>
<xsl:apply-templates select="tp" mode="summary">
<xsl:with-param name="which">all</xsl:with-param>
@@ -288,9 +294,10 @@
<table class="tcs-summary">
<tr>
- <th><p>Test case</p></th>
- <th><p>Result</p></th>
- <th><p>Reason</p></th>
+ <th class="nobr"><p>Test case</p></th>
+ <th class="nobr"><p>Result</p></th>
+ <th class="nobr"><p>Reason</p></th>
+ <th class="nobr"><p>Duration</p></th>
</tr>
<xsl:apply-templates select="tp" mode="summary">
<xsl:with-param name="which">xfail</xsl:with-param>
@@ -304,9 +311,10 @@
<table class="tcs-summary">
<tr>
- <th><p>Test case</p></th>
- <th><p>Result</p></th>
- <th><p>Reason</p></th>
+ <th class="nobr"><p>Test case</p></th>
+ <th class="nobr"><p>Result</p></th>
+ <th class="nobr"><p>Reason</p></th>
+ <th class="nobr"><p>Duration</p></th>
</tr>
<xsl:apply-templates select="tp" mode="summary">
<xsl:with-param name="which">failed</xsl:with-param>
@@ -314,6 +322,20 @@
</table>
</xsl:template>
+ <xsl:template name="failed-tps-summary">
+ <a name="failed-tps-summary" />
+ <h2 id="failed-tps-summary">Bogus test programs summary</h2>
+
+ <table class="tcs-summary">
+ <tr>
+ <th class="nobr">Test program</th>
+ </tr>
+ <xsl:apply-templates select="tp" mode="summary">
+ <xsl:with-param name="which">bogus</xsl:with-param>
+ </xsl:apply-templates>
+ </table>
+ </xsl:template>
+
<xsl:template name="skipped-tcs-summary">
<a name="skipped-tcs-summary" />
<h2 id="skipped-tcs-summary">Skipped test cases summary</h2>
@@ -320,9 +342,10 @@
<table class="tcs-summary">
<tr>
- <th><p>Test case</p></th>
- <th><p>Result</p></th>
- <th><p>Reason</p></th>
+ <th class="nobr"><p>Test case</p></th>
+ <th class="nobr"><p>Result</p></th>
+ <th class="nobr"><p>Reason</p></th>
+ <th class="nobr"><p>Duration</p></th>
</tr>
<xsl:apply-templates select="tp" mode="summary">
<xsl:with-param name="which">skipped</xsl:with-param>
@@ -335,6 +358,7 @@
<xsl:variable name="chosen">
<xsl:choose>
+ <xsl:when test="$which = 'bogus' and failed">yes</xsl:when>
<xsl:when test="$which = 'passed' and tc/passed">yes</xsl:when>
<xsl:when test="$which = 'failed' and tc/failed">yes</xsl:when>
<xsl:when test="$which = 'xfail' and
@@ -358,10 +382,15 @@
<td class="tp-id" colspan="3">
<p><xsl:value-of select="@id" /></p>
</td>
+ <td class="tp-numeric">
+ <p><xsl:value-of select="tp-time" />s</p>
+ </td>
</tr>
- <xsl:apply-templates select="tc" mode="summary">
- <xsl:with-param name="which" select="$which" />
- </xsl:apply-templates>
+ <xsl:if test="$which != 'bogus'">
+ <xsl:apply-templates select="tc" mode="summary">
+ <xsl:with-param name="which" select="$which" />
+ </xsl:apply-templates>
+ </xsl:if>
</xsl:if>
</xsl:template>
@@ -408,48 +437,51 @@
expected_failure|expected_timeout|
expected_signal|failed|passed|
skipped" mode="tc" />
+ <td class="numeric">
+ <p><xsl:value-of select="tc-time" />s</p>
+ </td>
</tr>
</xsl:if>
</xsl:template>
<xsl:template match="passed" mode="tc">
- <td class="tcr-passed"><p>Passed</p></td>
- <td><p>N/A</p></td>
+ <td class="tcr-passed"><p class="nobr">Passed</p></td>
+ <td class="tcr-reason"><p>N/A</p></td>
</xsl:template>
<xsl:template match="expected_death" mode="tc">
- <td class="tcr-xfail"><p>Expected death</p></td>
- <td><p><xsl:apply-templates /></p></td>
+ <td class="tcr-xfail"><p class="nobr">Expected death</p></td>
+ <td class="tcr-reason"><p><xsl:apply-templates /></p></td>
</xsl:template>
<xsl:template match="expected_exit" mode="tc">
- <td class="tcr-xfail"><p>Expected exit</p></td>
- <td><p><xsl:apply-templates /></p></td>
+ <td class="tcr-xfail"><p class="nobr">Expected exit</p></td>
+ <td class="tcr-reason"><p><xsl:apply-templates /></p></td>
</xsl:template>
<xsl:template match="expected_failure" mode="tc">
- <td class="tcr-xfail"><p>Expected failure</p></td>
- <td><p><xsl:apply-templates /></p></td>
+ <td class="tcr-xfail"><p class="nobr">Expected failure</p></td>
+ <td class="tcr-reason"><p><xsl:apply-templates /></p></td>
</xsl:template>
<xsl:template match="expected_timeout" mode="tc">
- <td class="tcr-xfail"><p>Expected timeout</p></td>
- <td><p><xsl:apply-templates /></p></td>
+ <td class="tcr-xfail"><p class="nobr">Expected timeout</p></td>
+ <td class="tcr-reason"><p><xsl:apply-templates /></p></td>
</xsl:template>
<xsl:template match="expected_signal" mode="tc">
- <td class="tcr-xfail"><p>Expected signal</p></td>
- <td><p><xsl:apply-templates /></p></td>
+ <td class="tcr-xfail"><p class="nobr">Expected signal</p></td>
+ <td class="tcr-reason"><p><xsl:apply-templates /></p></td>
</xsl:template>
<xsl:template match="failed" mode="tc">
- <td class="tcr-failed"><p>Failed</p></td>
- <td><p><xsl:apply-templates /></p></td>
+ <td class="tcr-failed"><p class="nobr">Failed</p></td>
+ <td class="tcr-reason"><p><xsl:apply-templates /></p></td>
</xsl:template>
<xsl:template match="skipped" mode="tc">
- <td class="tcr-skipped"><p>Skipped</p></td>
- <td><p><xsl:apply-templates /></p></td>
+ <td class="tcr-skipped"><p class="nobr">Skipped</p></td>
+ <td class="tcr-reason"><p><xsl:apply-templates /></p></td>
</xsl:template>
<xsl:template match="tp" mode="details">
@@ -481,6 +513,11 @@
<xsl:value-of select="../@id" /><xsl:text>/</xsl:text>
<xsl:value-of select="@id" /></h2>
+ <xsl:if test="tc-time">
+ <p class="details">Duration:
+ <xsl:apply-templates select="tc-time" mode="details" /></p>
+ </xsl:if>
+
<h3>Termination reason</h3>
<xsl:apply-templates select="expected_death|expected_exit|expected_failure|
expected_signal|expected_timeout|
@@ -498,6 +535,10 @@
</xsl:if>
</xsl:template>
+ <xsl:template match="tc-time" mode="details">
+ <xsl:apply-templates /> seconds
+ </xsl:template>
+
<xsl:template match="so" mode="details">
<xsl:apply-templates />
<xsl:if test="position() != last()">
Added: vendor/bind/dist/unit/atf-src/atf-run/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-run/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,13 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="atffile_test"}
+atf_test_program{name="config_test"}
+atf_test_program{name="fs_test"}
+atf_test_program{name="integration_test"}
+atf_test_program{name="io_test"}
+atf_test_program{name="requirements_test"}
+atf_test_program{name="signals_test"}
+atf_test_program{name="test_program_test"}
+atf_test_program{name="user_test"}
Modified: vendor/bind/dist/unit/atf-src/atf-run/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -28,6 +28,7 @@
#
bin_PROGRAMS += atf-run/atf-run
+atf_run_atf_run_CPPFLAGS = "-DGDB=\"$(GDB)\""
atf_run_atf_run_SOURCES = atf-run/atf-run.cpp \
atf-run/atffile.cpp \
atf-run/atffile.hpp \
@@ -47,10 +48,11 @@
atf-run/timer.hpp \
atf-run/user.cpp \
atf-run/user.hpp
-atf_run_atf_run_LDADD = libatf-c++.la
+atf_run_atf_run_LDADD = $(ATF_CXX_LIBS)
dist_man_MANS += atf-run/atf-run.1
-tests_atf_run_DATA = atf-run/Atffile
+tests_atf_run_DATA = atf-run/Atffile \
+ atf-run/Kyuafile
tests_atf_rundir = $(pkgtestsdir)/atf-run
EXTRA_DIST += $(tests_atf_run_DATA)
@@ -58,7 +60,7 @@
atf_run_atffile_test_SOURCES = atf-run/atffile_test.cpp \
atf-run/atffile.cpp
atf_run_atffile_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_run_atffile_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_run_atffile_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/bad_metadata_helper
atf_run_bad_metadata_helper_SOURCES = atf-run/bad_metadata_helper.c
@@ -68,7 +70,7 @@
atf_run_config_test_SOURCES = atf-run/config_test.cpp \
atf-run/config.cpp
atf_run_config_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_run_config_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_run_config_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/expect_helpers
atf_run_expect_helpers_SOURCES = atf-run/expect_helpers.c
@@ -78,21 +80,21 @@
atf_run_fs_test_SOURCES = atf-run/fs_test.cpp \
atf-run/fs.cpp \
atf-run/user.cpp
-atf_run_fs_test_LDADD = libatf-c++.la
+atf_run_fs_test_LDADD = $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/io_test
atf_run_io_test_SOURCES = atf-run/io_test.cpp \
atf-run/io.cpp \
atf-run/signals.cpp
-atf_run_io_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_run_io_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/misc_helpers
atf_run_misc_helpers_SOURCES = atf-run/misc_helpers.cpp
-atf_run_misc_helpers_LDADD = libatf-c++.la
+atf_run_misc_helpers_LDADD = $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/pass_helper
atf_run_pass_helper_SOURCES = atf-run/pass_helper.cpp
-atf_run_pass_helper_LDADD = libatf-c++.la
+atf_run_pass_helper_LDADD = $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/several_tcs_helper
atf_run_several_tcs_helper_SOURCES = atf-run/several_tcs_helper.c
@@ -102,11 +104,11 @@
atf_run_requirements_test_SOURCES = atf-run/requirements_test.cpp \
atf-run/requirements.cpp \
atf-run/user.cpp
-atf_run_requirements_test_LDADD = libatf-c++.la
+atf_run_requirements_test_LDADD = $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/signals_test
atf_run_signals_test_SOURCES = atf-run/signals_test.cpp atf-run/signals.cpp
-atf_run_signals_test_LDADD = libatf-c++.la
+atf_run_signals_test_LDADD = $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/test_program_test
atf_run_test_program_test_SOURCES = atf-run/test_program_test.cpp \
@@ -118,11 +120,11 @@
atf-run/timer.cpp \
atf-run/user.cpp
atf_run_test_program_test_CPPFLAGS = -I$(srcdir)/atf-c++/detail
-atf_run_test_program_test_LDADD = atf-c++/detail/libtest_helpers.la libatf-c++.la
+atf_run_test_program_test_LDADD = atf-c++/detail/libtest_helpers.la $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/user_test
atf_run_user_test_SOURCES = atf-run/user_test.cpp atf-run/user.cpp
-atf_run_user_test_LDADD = libatf-c++.la
+atf_run_user_test_LDADD = $(ATF_CXX_LIBS)
tests_atf_run_PROGRAMS += atf-run/zero_tcs_helper
atf_run_zero_tcs_helper_SOURCES = atf-run/zero_tcs_helper.c
Modified: vendor/bind/dist/unit/atf-src/atf-run/atf-run.1
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/atf-run.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/atf-run.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -165,7 +165,7 @@
stanzas to the top of the output report; these are defined by the
.Sq application/X-atf-tps format
described in
-.Xr atf-formats 1 .
+.Xr atf-formats 5 .
Always use the
.Sq atf_tps_writer_info
function to print these.
Modified: vendor/bind/dist/unit/atf-src/atf-run/atf-run.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/atf-run.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/atf-run.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -33,6 +33,7 @@
extern "C" {
#include <sys/types.h>
+#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>
@@ -67,6 +68,12 @@
namespace impl = atf::atf_run;
+#if defined(MAXCOMLEN)
+static const std::string::size_type max_core_name_length = MAXCOMLEN;
+#else
+static const std::string::size_type max_core_name_length = std::string::npos;
+#endif
+
class atf_run : public atf::application::app {
static const char* m_description;
@@ -99,6 +106,59 @@
int main(void);
};
+static void
+sanitize_gdb_env(void)
+{
+ try {
+ atf::env::unset("TERM");
+ } catch (...) {
+ // Just swallow exceptions here; they cannot propagate into C, which
+ // is where this function is called from, and even if these exceptions
+ // appear they are benign.
+ }
+}
+
+static void
+dump_stacktrace(const atf::fs::path& tp, const atf::process::status& s,
+ const atf::fs::path& workdir, impl::atf_tps_writer& w)
+{
+ PRE(s.signaled() && s.coredump());
+
+ w.stderr_tc("Test program crashed; attempting to get stack trace");
+
+ const atf::fs::path corename = workdir /
+ (tp.leaf_name().substr(0, max_core_name_length) + ".core");
+ if (!atf::fs::exists(corename)) {
+ w.stderr_tc("Expected file " + corename.str() + " not found");
+ return;
+ }
+
+ const atf::fs::path gdb(GDB);
+ const atf::fs::path gdbout = workdir / "gdb.out";
+ const atf::process::argv_array args(gdb.leaf_name().c_str(), "-batch",
+ "-q", "-ex", "bt", tp.c_str(),
+ corename.c_str(), NULL);
+ atf::process::status status = atf::process::exec(
+ gdb, args,
+ atf::process::stream_redirect_path(gdbout),
+ atf::process::stream_redirect_path(atf::fs::path("/dev/null")),
+ sanitize_gdb_env);
+ if (!status.exited() || status.exitstatus() != EXIT_SUCCESS) {
+ w.stderr_tc("Execution of " GDB " failed");
+ return;
+ }
+
+ std::ifstream input(gdbout.c_str());
+ if (input) {
+ std::string line;
+ while (std::getline(input, line).good())
+ w.stderr_tc(line);
+ input.close();
+ }
+
+ w.stderr_tc("Stack trace complete");
+}
+
const char* atf_run::m_description =
"atf-run is a tool that runs tests programs and collects their "
"results.";
@@ -370,8 +430,8 @@
if (user.first != -1 && user.second != -1) {
if (::chown(workdir.get_path().c_str(), user.first,
user.second) == -1) {
- throw atf::system_error("chmod(" +
- workdir.get_path().str() + ")", "chmod(2) failed",
+ throw atf::system_error("chown(" +
+ workdir.get_path().str() + ")", "chown(2) failed",
errno);
}
resfile = workdir.get_path() / "tcr";
@@ -380,6 +440,8 @@
std::pair< std::string, const atf::process::status > s =
impl::run_test_case(tp, tcname, "body", tcmd, config,
resfile, workdir.get_path(), w);
+ if (s.second.signaled() && s.second.coredump())
+ dump_stacktrace(tp, s.second, workdir.get_path(), w);
if (has_cleanup)
(void)impl::run_test_case(tp, tcname, "cleanup", tcmd,
config, resfile, workdir.get_path(), w);
Modified: vendor/bind/dist/unit/atf-src/atf-run/atffile.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/atffile.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/atffile.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -29,6 +29,8 @@
#include <fstream>
+#include "atf-c/defs.h"
+
#include "atf-c++/detail/exceptions.hpp"
#include "atf-c++/detail/expand.hpp"
#include "atf-c++/detail/parser.hpp"
@@ -90,19 +92,23 @@
}
void
-detail::atf_atffile_reader::got_conf(const std::string& name,
- const std::string& val)
+detail::atf_atffile_reader::got_conf(
+ const std::string& name ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& val ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-detail::atf_atffile_reader::got_prop(const std::string& name,
- const std::string& val)
+detail::atf_atffile_reader::got_prop(
+ const std::string& name ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& val ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
void
-detail::atf_atffile_reader::got_tp(const std::string& name, bool isglob)
+detail::atf_atffile_reader::got_tp(
+ const std::string& name ATF_DEFS_ATTRIBUTE_UNUSED,
+ bool isglob ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
Modified: vendor/bind/dist/unit/atf-src/atf-run/atffile.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/atffile.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/atffile.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/atffile_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/atffile_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/atffile_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2009 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/config.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/config.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/config.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -30,6 +30,8 @@
#include <fstream>
#include <vector>
+#include "atf-c/defs.h"
+
#include "atf-c++/config.hpp"
#include "atf-c++/detail/env.hpp"
@@ -136,8 +138,9 @@
}
void
-detail::atf_config_reader::got_var(const std::string& var,
- const std::string& val)
+detail::atf_config_reader::got_var(
+ const std::string& var ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::string& val ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
Modified: vendor/bind/dist/unit/atf-src/atf-run/config_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/config_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/config_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -27,7 +27,9 @@
// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
+#include "atf-c++/detail/env.hpp"
#include "atf-c++/detail/test_helpers.hpp"
+#include "atf-c++/config.hpp"
#include "atf-c++/macros.hpp"
#include "config.hpp"
@@ -37,6 +39,14 @@
using atf::tests::vars_map;
+namespace atf {
+namespace config {
+
+void __reinit(void);
+
+} // namespace config
+} // namespace atf
+
// -------------------------------------------------------------------------
// Tests for the "config" parser.
// -------------------------------------------------------------------------
@@ -351,6 +361,8 @@
ATF_TEST_CASE(read_config_files_none);
ATF_TEST_CASE_HEAD(read_config_files_none) {}
ATF_TEST_CASE_BODY(read_config_files_none) {
+ atf::env::set("ATF_CONFDIR", ".");
+ atf::config::__reinit();
ATF_REQUIRE(vars_map() == impl::read_config_files("test-suite"));
}
Modified: vendor/bind/dist/unit/atf-src/atf-run/fs.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/fs.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/fs.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -44,7 +44,9 @@
#include <cstdlib>
#include <cstring>
+#include "atf-c++/detail/auto_array.hpp"
#include "atf-c++/detail/process.hpp"
+#include "atf-c++/detail/sanity.hpp"
#include "fs.hpp"
#include "user.hpp"
@@ -61,6 +63,19 @@
bool);
static void do_unmount(const atf::fs::path&);
+// The cleanup routines below are tricky: they are executed immediately after
+// a test case's death, and after we have forcibly killed any stale processes.
+// However, even if the processes are dead, this does not mean that the file
+// system we are scanning is stable. In particular, if the test case has
+// mounted file systems through fuse/puffs, the fact that the processes died
+// does not mean that the file system is truly unmounted.
+//
+// The code below attempts to cope with this by catching errors and either
+// ignoring them or retrying the actions on the same file/directory a few times
+// before giving up.
+static const int max_retries = 5;
+static const int retry_delay_in_seconds = 1;
+
// The erase parameter in this routine is to control nested mount points.
// We want to descend into a mount point to unmount anything that is
// mounted under it, but we do not want to delete any files while doing
@@ -70,19 +85,24 @@
void
cleanup_aux(const atf::fs::path& p, dev_t parent_device, bool erase)
{
- atf::fs::file_info fi(p);
+ try {
+ atf::fs::file_info fi(p);
- if (fi.get_type() == atf::fs::file_info::dir_type)
- cleanup_aux_dir(p, fi, fi.get_device() == parent_device);
+ if (fi.get_type() == atf::fs::file_info::dir_type)
+ cleanup_aux_dir(p, fi, fi.get_device() == parent_device);
- if (fi.get_device() != parent_device)
- do_unmount(p);
+ if (fi.get_device() != parent_device)
+ do_unmount(p);
- if (erase) {
- if (fi.get_type() == atf::fs::file_info::dir_type)
- atf::fs::rmdir(p);
- else
- atf::fs::remove(p);
+ if (erase) {
+ if (fi.get_type() == atf::fs::file_info::dir_type)
+ atf::fs::rmdir(p);
+ else
+ atf::fs::remove(p);
+ }
+ } catch (const atf::system_error& e) {
+ if (e.code() != ENOENT && e.code() != ENOTDIR)
+ throw e;
}
}
@@ -92,15 +112,39 @@
bool erase)
{
if (erase && ((fi.get_mode() & S_IRWXU) != S_IRWXU)) {
- if (chmod(p.c_str(), fi.get_mode() | S_IRWXU) == -1)
- throw atf::system_error(IMPL_NAME "::cleanup(" +
- p.str() + ")", "chmod(2) failed", errno);
+ int retries = max_retries;
+retry_chmod:
+ if (chmod(p.c_str(), fi.get_mode() | S_IRWXU) == -1) {
+ if (retries > 0) {
+ retries--;
+ ::sleep(retry_delay_in_seconds);
+ goto retry_chmod;
+ } else {
+ throw atf::system_error(IMPL_NAME "::cleanup(" +
+ p.str() + ")", "chmod(2) failed",
+ errno);
+ }
+ }
}
std::set< std::string > subdirs;
{
- const atf::fs::directory d(p);
- subdirs = d.names();
+ bool ok = false;
+ int retries = max_retries;
+ while (!ok) {
+ INV(retries > 0);
+ try {
+ const atf::fs::directory d(p);
+ subdirs = d.names();
+ ok = true;
+ } catch (const atf::system_error& e) {
+ retries--;
+ if (retries == 0)
+ throw e;
+ ::sleep(retry_delay_in_seconds);
+ }
+ }
+ INV(ok);
}
for (std::set< std::string >::const_iterator iter = subdirs.begin();
@@ -122,9 +166,18 @@
in_path : in_path.to_absolute();
#if defined(HAVE_UNMOUNT)
- if (unmount(abs_path.c_str(), 0) == -1)
- throw atf::system_error(IMPL_NAME "::cleanup(" + in_path.str() + ")",
- "unmount(2) failed", errno);
+ int retries = max_retries;
+retry_unmount:
+ if (unmount(abs_path.c_str(), 0) == -1) {
+ if (errno == EBUSY && retries > 0) {
+ retries--;
+ ::sleep(retry_delay_in_seconds);
+ goto retry_unmount;
+ } else {
+ throw atf::system_error(IMPL_NAME "::cleanup(" + in_path.str() +
+ ")", "unmount(2) failed", errno);
+ }
+ }
#else
// We could use umount(2) instead if it was available... but
// trying to do so under, e.g. Linux, is a nightmare because we
@@ -148,7 +201,7 @@
impl::temp_dir::temp_dir(const atf::fs::path& p)
{
- atf::utils::auto_array< char > buf(new char[p.str().length() + 1]);
+ atf::auto_array< char > buf(new char[p.str().length() + 1]);
std::strcpy(buf.get(), p.c_str());
if (::mkdtemp(buf.get()) == NULL)
throw system_error(IMPL_NAME "::temp_dir::temp_dir(" +
Modified: vendor/bind/dist/unit/atf-src/atf-run/fs.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/fs.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/fs.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/fs_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/fs_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/fs_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/integration_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/integration_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/integration_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -29,6 +29,8 @@
create_atffile()
{
+ ATF_CONFDIR="$(pwd)"; export ATF_CONFDIR
+
cat >Atffile <<EOF
Content-Type: application/X-atf-atffile; version="1"
@@ -118,6 +120,18 @@
EOF
}
+atf_test_case no_warnings
+no_warnings_head()
+{
+ atf_set "descr" "Tests that atf-run suppresses warnings about not running" \
+ "within atf-run"
+}
+no_warnings_body()
+{
+ create_helper pass
+ atf_check -s eq:0 -o ignore -e not-match:'WARNING.*atf-run' atf-run helper
+}
+
atf_test_case config
config_head()
{
@@ -367,8 +381,9 @@
create_atffile helper
+ re='^tc-end: [0-9][0-9]*\.[0-9]*, tc1,'
atf_check -s eq:1 \
- -o match:'^tc-end: tc1, failed,.*failed to create' \
+ -o match:"${re} failed,.*failed to create" \
-o not-match:'resfile found' \
-e empty atf-run
}
@@ -393,7 +408,8 @@
create_atffile helper
- atf_check -s eq:1 -o match:'^tc-end: tc1, .*line 1.*line 2' -e empty atf-run
+ re='^tc-end: [0-9][0-9]*\.[0-9]*, tc1,'
+ atf_check -s eq:1 -o match:"${re} .*line 1.*line 2" -e empty atf-run
}
atf_test_case broken_tp_list
@@ -422,7 +438,7 @@
create_atffile helper
- re='^tp-end: helper,'
+ re='^tp-end: [0-9][0-9]*\.[0-9]*, helper,'
re="${re} Invalid format for test case list:.*First property.*ident"
atf_check -s eq:1 -o match:"${re}" -e empty atf-run
}
@@ -444,8 +460,9 @@
create_atffile helper
+ re='^tp-end: [0-9][0-9]*\.[0-9]*, helper,'
atf_check -s eq:1 \
- -o match:'^tp-end: helper,.*Invalid format for test case list' \
+ -o match:"${re} .*Invalid format for test case list" \
-e empty atf-run
}
@@ -465,8 +482,9 @@
create_atffile helper
+ re='^tc-end: [0-9][0-9]*\.[0-9]*, tc1,'
atf_check -s eq:1 \
- -o match:'^tc-end: tc1,.*exited successfully.*reported failure' \
+ -o match:"${re} .*exited successfully.*reported failure" \
-e empty atf-run
}
@@ -489,7 +507,8 @@
create_atffile helper
- atf_check -s eq:1 -o match:'^tc-end: tc2,.*received signal 9' \
+ re='^tc-end: [0-9][0-9]*\.[0-9]*, tc2,'
+ atf_check -s eq:1 -o match:"${re} .*received signal 9" \
-e empty atf-run
}
@@ -581,8 +600,8 @@
isolation_env_body()
{
undef_vars="LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY \
- LC_NUMERIC LC_TIME TZ"
- def_vars="HOME"
+ LC_NUMERIC LC_TIME"
+ def_vars="HOME TZ"
mangleenv="env"
for v in ${undef_vars} ${def_vars}; do
@@ -605,6 +624,8 @@
for v in ${def_vars}; do
atf_check -s eq:0 -o ignore -e empty grep "^tc-so:${v}=" stdout
done
+
+ atf_check -s eq:0 -o ignore -e empty grep "^tc-so:TZ=UTC" stdout
}
atf_test_case isolation_home
@@ -619,6 +640,18 @@
atf_check -s eq:0 -o ignore -e ignore env HOME=foo atf-run helper
}
+atf_test_case isolation_stdin
+isolation_stdin_head()
+{
+ atf_set "descr" "Tests that atf-run nullifies the stdin of test cases"
+}
+isolation_stdin_body()
+{
+ create_helper read_stdin
+ create_atffile helper
+ atf_check -s eq:0 -o ignore -e ignore -x 'echo hello world | atf-run helper'
+}
+
atf_test_case isolation_umask
isolation_umask_head()
{
@@ -853,6 +886,36 @@
-v var1=a -v var2=' ' helper
}
+atf_test_case require_files
+require_files_head()
+{
+ atf_set "descr" "Tests that atf-run validates the require.files property"
+}
+require_files_body()
+{
+ create_helper require_files
+ create_atffile helper
+
+ touch i-exist
+
+ echo "Checking absolute paths"
+ atf_check -s eq:0 -o match:"${TESTCASE}, passed" -e ignore atf-run \
+ -v files='/bin/cp' helper
+ atf_check -s eq:0 -o match:"${TESTCASE}, passed" -e ignore atf-run \
+ -v files="$(pwd)/i-exist" helper
+ atf_check -s eq:0 \
+ -o match:"${TESTCASE}, skipped, .*/dont-exist" \
+ -e ignore atf-run -v files="$(pwd)/i-exist $(pwd)/dont-exist" helper
+
+ echo "Checking that relative paths are not allowed"
+ atf_check -s eq:1 \
+ -o match:"${TESTCASE}, failed, Relative paths.*not allowed.*hello" \
+ -e ignore atf-run -v files='hello' helper
+ atf_check -s eq:1 \
+ -o match:"${TESTCASE}, failed, Relative paths.*not allowed.*a/b" \
+ -e ignore atf-run -v files='a/b' helper
+}
+
atf_test_case require_machine
require_machine_head()
{
@@ -1029,6 +1092,7 @@
atf_init_test_cases()
{
+ atf_add_test_case no_warnings
atf_add_test_case config
atf_add_test_case vflag
atf_add_test_case atffile
@@ -1045,6 +1109,7 @@
atf_add_test_case hooks
atf_add_test_case isolation_env
atf_add_test_case isolation_home
+ atf_add_test_case isolation_stdin
atf_add_test_case isolation_umask
atf_add_test_case cleanup_pass
atf_add_test_case cleanup_fail
@@ -1055,6 +1120,7 @@
atf_add_test_case cleanup_symlink
atf_add_test_case require_arch
atf_add_test_case require_config
+ atf_add_test_case require_files
atf_add_test_case require_machine
atf_add_test_case require_progs
atf_add_test_case require_user_root
Modified: vendor/bind/dist/unit/atf-src/atf-run/io.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/io.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/io.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -41,9 +41,9 @@
#include "../atf-c/error.h"
}
+#include "../atf-c++/detail/auto_array.hpp"
#include "../atf-c++/detail/exceptions.hpp"
#include "../atf-c++/detail/sanity.hpp"
-#include "../atf-c++/utils.hpp"
#include "io.hpp"
@@ -290,7 +290,7 @@
impl::muxer::read_one(const size_t index, const int fd, std::string& accum,
const bool report_errors)
{
- atf::utils::auto_array< char > buffer(new char[m_bufsize]);
+ atf::auto_array< char > buffer(new char[m_bufsize]);
const size_t nbytes = safe_read(fd, buffer.get(), m_bufsize - 1,
report_errors);
INV(nbytes < m_bufsize);
@@ -319,7 +319,7 @@
void
impl::muxer::mux(volatile const bool& terminate)
{
- atf::utils::auto_array< struct pollfd > poll_fds(new struct pollfd[m_nfds]);
+ atf::auto_array< struct pollfd > poll_fds(new struct pollfd[m_nfds]);
for (size_t i = 0; i < m_nfds; i++) {
poll_fds[i].fd = m_fds[i];
poll_fds[i].events = POLLIN;
Modified: vendor/bind/dist/unit/atf-src/atf-run/io.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/io.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/io.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,8 @@
#include "fs.hpp"
-#include "../atf-c++/utils.hpp"
+#include "../atf-c++/detail/auto_array.hpp"
+#include "../atf-c++/noncopyable.hpp"
namespace atf {
namespace atf_run {
@@ -253,8 +254,7 @@
//! However, it is not copyable to avoid introducing inconsistences with
//! the on-disk file and the in-memory buffers.
//!
-class systembuf :
- public std::streambuf, atf::utils::noncopyable
+class systembuf : public std::streambuf, atf::noncopyable
{
public:
typedef int handle_type;
@@ -374,15 +374,9 @@
//! this happens, the buffer eventually empties and the system blocks
//! until the writer generates some data.
//!
-class pistream :
- public std::istream, utils::noncopyable
+class pistream : public std::istream, noncopyable
{
//!
- //! \brief The file handle managed by this stream.
- //!
- int m_fd;
-
- //!
//! \brief The systembuf object used to manage this stream's data.
//!
systembuf m_systembuf;
@@ -406,12 +400,12 @@
// The "muxer" class.
// ------------------------------------------------------------------------
-class muxer : utils::noncopyable {
+class muxer : noncopyable {
const int* m_fds;
const size_t m_nfds;
const size_t m_bufsize;
- atf::utils::auto_array< std::string > m_buffers;
+ atf::auto_array< std::string > m_buffers;
protected:
virtual void line_callback(const size_t, const std::string&) = 0;
Modified: vendor/bind/dist/unit/atf-src/atf-run/io_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/io_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/io_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -407,8 +407,9 @@
std::cout << "flush done\n";
check_stream(std::cout);
+ sigchld.unprogram();
int status;
- ::wait(&status);
+ ATF_REQUIRE(::waitpid(pid, &status, 0) != -1);
ATF_REQUIRE(WIFEXITED(status));
ATF_REQUIRE(WEXITSTATUS(status) == EXIT_SUCCESS);
Modified: vendor/bind/dist/unit/atf-src/atf-run/misc_helpers.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/misc_helpers.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/misc_helpers.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -37,6 +37,7 @@
#include <cstdlib>
#include <fstream>
#include <iomanip>
+#include <ios>
#include <iostream>
#include <string>
@@ -65,6 +66,15 @@
// Helper tests for "t_integration".
// ------------------------------------------------------------------------
+ATF_TEST_CASE(pass);
+ATF_TEST_CASE_HEAD(pass)
+{
+ set_md_var("descr", "Helper test case for the t_integration test program");
+}
+ATF_TEST_CASE_BODY(pass)
+{
+}
+
ATF_TEST_CASE(config);
ATF_TEST_CASE_HEAD(config)
{
@@ -165,6 +175,26 @@
ATF_REQUIRE_EQ(fi1.get_inode(), fi2.get_inode());
}
+ATF_TEST_CASE(read_stdin);
+ATF_TEST_CASE_HEAD(read_stdin)
+{
+ set_md_var("descr", "Helper test case for the t_integration test program");
+}
+ATF_TEST_CASE_BODY(read_stdin)
+{
+ char buf[100];
+ ssize_t len = ::read(STDIN_FILENO, buf, sizeof(buf) - 1);
+ ATF_REQUIRE(len != -1);
+
+ buf[len + 1] = '\0';
+ for (ssize_t i = 0; i < len; i++) {
+ if (buf[i] != '\0') {
+ fail("The stdin of the test case does not seem to be /dev/zero; "
+ "got '" + std::string(buf) + "'");
+ }
+ }
+}
+
ATF_TEST_CASE(umask);
ATF_TEST_CASE_HEAD(umask)
{
@@ -244,6 +274,16 @@
std::cout << "var2: " << get_config_var("var2") << "\n";
}
+ATF_TEST_CASE(require_files);
+ATF_TEST_CASE_HEAD(require_files)
+{
+ set_md_var("descr", "Helper test case for the t_integration test program");
+ set_md_var("require.files", get_config_var("files", "not-set"));
+}
+ATF_TEST_CASE_BODY(require_files)
+{
+}
+
ATF_TEST_CASE(require_machine);
ATF_TEST_CASE_HEAD(require_machine)
{
@@ -336,6 +376,8 @@
std::string which = atf::env::get("TESTCASE");
// Add helper tests for t_integration.
+ if (which == "pass")
+ ATF_ADD_TEST_CASE(tcs, pass);
if (which == "config")
ATF_ADD_TEST_CASE(tcs, config);
if (which == "fds")
@@ -348,6 +390,8 @@
ATF_ADD_TEST_CASE(tcs, env_list);
if (which == "env_home")
ATF_ADD_TEST_CASE(tcs, env_home);
+ if (which == "read_stdin")
+ ATF_ADD_TEST_CASE(tcs, read_stdin);
if (which == "umask")
ATF_ADD_TEST_CASE(tcs, umask);
if (which == "cleanup_states")
@@ -358,6 +402,8 @@
ATF_ADD_TEST_CASE(tcs, require_arch);
if (which == "require_config")
ATF_ADD_TEST_CASE(tcs, require_config);
+ if (which == "require_files")
+ ATF_ADD_TEST_CASE(tcs, require_files);
if (which == "require_machine")
ATF_ADD_TEST_CASE(tcs, require_machine);
if (which == "require_progs")
Modified: vendor/bind/dist/unit/atf-src/atf-run/pass_helper.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/pass_helper.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/pass_helper.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/requirements.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/requirements.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/requirements.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -27,10 +27,19 @@
// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
-// TODO: We probably don't want to raise std::runtime_error for the errors
-// detected in this file.
+extern "C" {
+#include <sys/param.h>
+#include <sys/sysctl.h>
+}
+
+#include <cerrno>
+#include <cstring>
#include <stdexcept>
+extern "C" {
+#include "atf-c/defs.h"
+}
+
#include "atf-c++/config.hpp"
#include "atf-c++/detail/fs.hpp"
@@ -106,6 +115,23 @@
static
std::string
+check_files(const std::string& progs)
+{
+ const std::vector< std::string > v = atf::text::split(progs, " ");
+ for (std::vector< std::string >::const_iterator iter = v.begin();
+ iter != v.end(); iter++) {
+ const atf::fs::path file(*iter);
+ if (!file.is_absolute())
+ throw std::runtime_error("Relative paths are not allowed when "
+ "checking for a required file (" + file.str() + ")");
+ if (!atf::fs::exists(file))
+ return "Required file '" + file.str() + "' not found";
+ }
+ return "";
+}
+
+static
+std::string
check_machine(const std::string& machines)
{
const std::vector< std::string > v = atf::text::split(machines, " ");
@@ -122,8 +148,68 @@
return "Requires one of the '" + machines + "' machine types";
}
+#if defined(__APPLE__) || defined(__NetBSD__)
static
std::string
+check_memory_sysctl(const int64_t needed, const char* sysctl_variable)
+{
+ int64_t available;
+ std::size_t available_length = sizeof(available);
+ if (::sysctlbyname(sysctl_variable, &available, &available_length,
+ NULL, 0) == -1) {
+ const char* e = std::strerror(errno);
+ return "Failed to get sysctl(hw.usermem64) value: " + std::string(e);
+ }
+
+ if (available < needed) {
+ return "Not enough memory; needed " + atf::text::to_string(needed) +
+ ", available " + atf::text::to_string(available);
+ } else
+ return "";
+}
+# if defined(__APPLE__)
+static
+std::string
+check_memory_darwin(const int64_t needed)
+{
+ return check_memory_sysctl(needed, "hw.usermem");
+}
+# elif defined(__NetBSD__)
+static
+std::string
+check_memory_netbsd(const int64_t needed)
+{
+ return check_memory_sysctl(needed, "hw.usermem64");
+}
+# else
+# error "Conditional error"
+# endif
+#else
+static
+std::string
+check_memory_unknown(const int64_t needed ATF_DEFS_ATTRIBUTE_UNUSED)
+{
+ return "";
+}
+#endif
+
+static
+std::string
+check_memory(const std::string& raw_memory)
+{
+ const int64_t needed = atf::text::to_bytes(raw_memory);
+
+#if defined(__APPLE__)
+ return check_memory_darwin(needed);
+#elif defined(__NetBSD__)
+ return check_memory_netbsd(needed);
+#else
+ return check_memory_unknown(needed);
+#endif
+}
+
+static
+std::string
check_progs(const std::string& progs)
{
const std::vector< std::string > v = atf::text::split(progs, " ");
@@ -186,8 +272,12 @@
failure_reason = check_arch(value);
else if (name == "require.config")
failure_reason = check_config(value, config);
+ else if (name == "require.files")
+ failure_reason = check_files(value);
else if (name == "require.machine")
failure_reason = check_machine(value);
+ else if (name == "require.memory")
+ failure_reason = check_memory(value);
else if (name == "require.progs")
failure_reason = check_progs(value);
else if (name == "require.user")
Modified: vendor/bind/dist/unit/atf-src/atf-run/requirements_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/requirements_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/requirements_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -28,6 +28,7 @@
//
#include "atf-c++/config.hpp"
+#include "atf-c++/detail/text.hpp"
#include "atf-c++/macros.hpp"
#include "requirements.hpp"
@@ -48,7 +49,7 @@
const atf::tests::vars_map& config = no_config)
{
const std::string actual = impl::check_requirements(metadata, config);
- if (actual != expected)
+ if (!atf::text::match(actual, expected))
ATF_FAIL("Requirements failure reason \"" + actual + "\" does not "
"match \"" + expected + "\"");
}
@@ -138,6 +139,54 @@
}
// -------------------------------------------------------------------------
+// Tests for the require.files metadata property.
+// -------------------------------------------------------------------------
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_files_one_ok);
+ATF_TEST_CASE_BODY(require_files_one_ok) {
+ atf::tests::vars_map metadata;
+ metadata["require.files"] = "/bin/ls";
+ do_check("", metadata);
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_files_one_missing);
+ATF_TEST_CASE_BODY(require_files_one_missing) {
+ atf::tests::vars_map metadata;
+ metadata["require.files"] = "/non-existent/foo";
+ do_check("Required file '/non-existent/foo' not found", metadata);
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_files_one_fail);
+ATF_TEST_CASE_BODY(require_files_one_fail) {
+ atf::tests::vars_map metadata;
+ metadata["require.files"] = "/bin/cp this-is-relative";
+ ATF_REQUIRE_THROW_RE(std::runtime_error, "Relative.*(this-is-relative)",
+ impl::check_requirements(metadata, no_config));
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_files_many_ok);
+ATF_TEST_CASE_BODY(require_files_many_ok) {
+ atf::tests::vars_map metadata;
+ metadata["require.files"] = "/bin/ls /bin/cp";
+ do_check("", metadata);
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_files_many_missing);
+ATF_TEST_CASE_BODY(require_files_many_missing) {
+ atf::tests::vars_map metadata;
+ metadata["require.files"] = "/bin/ls /non-existent/bar /bin/cp";
+ do_check("Required file '/non-existent/bar' not found", metadata);
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_files_many_fail);
+ATF_TEST_CASE_BODY(require_files_many_fail) {
+ atf::tests::vars_map metadata;
+ metadata["require.files"] = "/bin/cp also-relative";
+ ATF_REQUIRE_THROW_RE(std::runtime_error, "Relative.*(also-relative)",
+ impl::check_requirements(metadata, no_config));
+}
+
+// -------------------------------------------------------------------------
// Tests for the require.machine metadata property.
// -------------------------------------------------------------------------
@@ -176,6 +225,37 @@
}
// -------------------------------------------------------------------------
+// Tests for the require.memory metadata property.
+// -------------------------------------------------------------------------
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_memory_ok);
+ATF_TEST_CASE_BODY(require_memory_ok) {
+ atf::tests::vars_map metadata;
+ metadata["require.memory"] = "1m";
+ do_check("", metadata);
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_memory_not_enough);
+ATF_TEST_CASE_BODY(require_memory_not_enough) {
+ atf::tests::vars_map metadata;
+ metadata["require.memory"] = "128t";
+#if defined(__APPLE__) || defined(__NetBSD__)
+ do_check("Not enough memory; needed 140737488355328, available [0-9]*",
+ metadata);
+#else
+ skip("Don't know how to check for the amount of physical memory");
+#endif
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(require_memory_fail);
+ATF_TEST_CASE_BODY(require_memory_fail) {
+ atf::tests::vars_map metadata;
+ metadata["require.memory"] = "foo";
+ ATF_REQUIRE_THROW(std::runtime_error,
+ impl::check_requirements(metadata, no_config));
+}
+
+// -------------------------------------------------------------------------
// Tests for the require.progs metadata property.
// -------------------------------------------------------------------------
@@ -284,6 +364,14 @@
ATF_ADD_TEST_CASE(tcs, require_config_many_ok);
ATF_ADD_TEST_CASE(tcs, require_config_many_fail);
+ // Add test cases for require.files.
+ ATF_ADD_TEST_CASE(tcs, require_files_one_ok);
+ ATF_ADD_TEST_CASE(tcs, require_files_one_missing);
+ ATF_ADD_TEST_CASE(tcs, require_files_one_fail);
+ ATF_ADD_TEST_CASE(tcs, require_files_many_ok);
+ ATF_ADD_TEST_CASE(tcs, require_files_many_missing);
+ ATF_ADD_TEST_CASE(tcs, require_files_many_fail);
+
// Add test cases for require.machine.
ATF_ADD_TEST_CASE(tcs, require_machine_one_ok);
ATF_ADD_TEST_CASE(tcs, require_machine_one_fail);
@@ -290,6 +378,11 @@
ATF_ADD_TEST_CASE(tcs, require_machine_many_ok);
ATF_ADD_TEST_CASE(tcs, require_machine_many_fail);
+ // Add test cases for require.memory.
+ ATF_ADD_TEST_CASE(tcs, require_memory_ok);
+ ATF_ADD_TEST_CASE(tcs, require_memory_not_enough);
+ ATF_ADD_TEST_CASE(tcs, require_memory_fail);
+
// Add test cases for require.progs.
ATF_ADD_TEST_CASE(tcs, require_progs_one_ok);
ATF_ADD_TEST_CASE(tcs, require_progs_one_missing);
Modified: vendor/bind/dist/unit/atf-src/atf-run/several_tcs_helper.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/several_tcs_helper.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/several_tcs_helper.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -52,10 +52,7 @@
{
}
-ATF_TC(third);
-ATF_TC_HEAD(third, tc)
-{
-}
+ATF_TC_WITHOUT_HEAD(third);
ATF_TC_BODY(third, tc)
{
}
Modified: vendor/bind/dist/unit/atf-src/atf-run/share/atf-run.hooks
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/share/atf-run.hooks 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/share/atf-run.hooks 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -62,7 +62,7 @@
set -- $(env)
val=${1}; shift
while [ ${#} -gt 0 ]; do
- if echo "${1}" | grep '^[a-zA-Z_][a-zA-Z_]*=' >/dev/null; then
+ if echo "${1}" | grep '^[a-zA-Z0-0_][a-zA-Z0-9_]*=' >/dev/null; then
atf_tps_writer_info "env" "${val}"
val="${1}"
else
Modified: vendor/bind/dist/unit/atf-src/atf-run/signals.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/signals.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/signals.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/signals.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/signals.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/signals.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/signals_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/signals_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/signals_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2008 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -37,6 +37,8 @@
#include <cstdlib>
#include <iostream>
+#include "atf-c/defs.h"
+
#include "atf-c++/macros.hpp"
#include "atf-c++/detail/exceptions.hpp"
@@ -53,7 +55,7 @@
static
void
- handler(int signo)
+ handler(int signo ATF_DEFS_ATTRIBUTE_UNUSED)
{
happened = true;
}
@@ -77,7 +79,7 @@
static
void
- handler(int signo)
+ handler(int signo ATF_DEFS_ATTRIBUTE_UNUSED)
{
happened = true;
}
@@ -223,7 +225,7 @@
static
void
-reset_child(void *v)
+reset_child(void *v ATF_DEFS_ATTRIBUTE_UNUSED)
{
sigusr1::program();
Modified: vendor/bind/dist/unit/atf-src/atf-run/test-program.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/test-program.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/test-program.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -30,7 +30,9 @@
extern "C" {
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/time.h>
+#include <fcntl.h>
#include <signal.h>
#include <unistd.h>
}
@@ -41,6 +43,8 @@
#include <fstream>
#include <iostream>
+#include "atf-c/defs.h"
+
#include "atf-c++/detail/env.hpp"
#include "atf-c++/detail/parser.hpp"
#include "atf-c++/detail/process.hpp"
@@ -110,7 +114,7 @@
m_tcs[ident].insert(std::make_pair("has.cleanup", "false"));
if (m_tcs[ident].find("timeout") == m_tcs[ident].end())
- m_tcs[ident].insert(std::make_pair("timeout", "30"));
+ m_tcs[ident].insert(std::make_pair("timeout", "300"));
}
public:
@@ -167,6 +171,24 @@
};
static
+std::string
+generate_timestamp(void)
+{
+ struct timeval tv;
+ if (gettimeofday(&tv, NULL) == -1)
+ return "0.0";
+
+ char buf[32];
+ const int len = snprintf(buf, sizeof(buf), "%ld.%ld",
+ static_cast< long >(tv.tv_sec),
+ static_cast< long >(tv.tv_usec));
+ if (len >= static_cast< int >(sizeof(buf)) || len < 0)
+ return "0.0";
+ else
+ return buf;
+}
+
+static
void
append_to_vector(std::vector< std::string >& v1,
const std::vector< std::string >& v2)
@@ -220,6 +242,17 @@
static
void
+silence_stdin(void)
+{
+ ::close(STDIN_FILENO);
+ int fd = ::open("/dev/null", O_RDONLY);
+ if (fd == -1)
+ throw std::runtime_error("Could not open /dev/null");
+ INV(fd == STDIN_FILENO);
+}
+
+static
+void
prepare_child(const atf::fs::path& workdir)
{
const int ret = ::setpgid(::getpid(), 0);
@@ -239,9 +272,13 @@
atf::env::unset("LC_MONETARY");
atf::env::unset("LC_NUMERIC");
atf::env::unset("LC_TIME");
- atf::env::unset("TZ");
+ atf::env::set("TZ", "UTC");
+ atf::env::set("__RUNNING_INSIDE_ATF_RUN", "internal-yes-value");
+
impl::change_directory(workdir);
+
+ silence_stdin();
}
static
@@ -379,8 +416,9 @@
}
void
-detail::atf_tp_reader::got_tc(const std::string& ident,
- const std::map< std::string, std::string >& md)
+detail::atf_tp_reader::got_tc(
+ const std::string& ident ATF_DEFS_ATTRIBUTE_UNUSED,
+ const std::map< std::string, std::string >& md ATF_DEFS_ATTRIBUTE_UNUSED)
{
}
@@ -418,7 +456,15 @@
ident_regex + "; was '" + value + "'");
} else if (name == "require.arch") {
} else if (name == "require.config") {
+ } else if (name == "require.files") {
} else if (name == "require.machine") {
+ } else if (name == "require.memory") {
+ try {
+ (void)atf::text::to_bytes(value);
+ } catch (const std::runtime_error&) {
+ throw parse_error(lineno, "The require.memory property requires an "
+ "integer value representing an amount of bytes");
+ }
} else if (name == "require.progs") {
} else if (name == "require.user") {
} else if (name == "timeout") {
@@ -521,7 +567,7 @@
{
atf::parser::headers_map hm;
atf::parser::attrs_map ct_attrs;
- ct_attrs["version"] = "2";
+ ct_attrs["version"] = "3";
hm["Content-Type"] =
atf::parser::header_entry("Content-Type", "application/X-atf-tps",
ct_attrs);
@@ -546,7 +592,8 @@
impl::atf_tps_writer::start_tp(const std::string& tp, size_t ntcs)
{
m_tpname = tp;
- m_os << "tp-start: " << tp << ", " << ntcs << "\n";
+ m_os << "tp-start: " << generate_timestamp() << ", " << tp << ", "
+ << ntcs << "\n";
m_os.flush();
}
@@ -555,9 +602,10 @@
{
PRE(reason.find('\n') == std::string::npos);
if (reason.empty())
- m_os << "tp-end: " << m_tpname << "\n";
+ m_os << "tp-end: " << generate_timestamp() << ", " << m_tpname << "\n";
else
- m_os << "tp-end: " << m_tpname << ", " << reason << "\n";
+ m_os << "tp-end: " << generate_timestamp() << ", " << m_tpname
+ << ", " << reason << "\n";
m_os.flush();
}
@@ -565,7 +613,7 @@
impl::atf_tps_writer::start_tc(const std::string& tcname)
{
m_tcname = tcname;
- m_os << "tc-start: " << tcname << "\n";
+ m_os << "tc-start: " << generate_timestamp() << ", " << tcname << "\n";
m_os.flush();
}
@@ -591,10 +639,10 @@
impl::atf_tps_writer::end_tc(const std::string& state,
const std::string& reason)
{
- std::string str = "tc-end: " + m_tcname + ", " + state;
+ std::string str = ", " + m_tcname + ", " + state;
if (!reason.empty())
str += ", " + reason;
- m_os << str << "\n";
+ m_os << "tc-end: " << generate_timestamp() << str << "\n";
m_os.flush();
}
@@ -647,7 +695,7 @@
static volatile bool terminate_poll;
static void
-sigchld_handler(const int signo)
+sigchld_handler(const int signo ATF_DEFS_ATTRIBUTE_UNUSED)
{
terminate_poll = true;
}
@@ -724,10 +772,9 @@
UNREACHABLE;
}
- ::killpg(child_pid, SIGTERM);
+ ::killpg(child_pid, SIGKILL);
mux.flush();
atf::process::status status = child.wait();
- ::killpg(child_pid, SIGKILL);
std::string reason;
Modified: vendor/bind/dist/unit/atf-src/atf-run/test_program_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/test_program_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/test_program_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -98,11 +98,11 @@
// at the moment will be bogus if there are some.
static
void
-check_equal(const atf::tests::tc& tc, const std::string& str,
+check_match(const atf::tests::tc& tc, const std::string& str,
const std::string& exp)
{
- if (str != exp) {
- std::cout << "String equality check failed.\n"
+ if (!atf::text::match(str, exp)) {
+ std::cout << "String match check failed.\n"
<< "Adding >> and << to delimit the string boundaries "
"below.\n";
std::cout << "GOT:\n";
@@ -190,7 +190,7 @@
"\n"
"ident: test_case_1\n"
"descr: This is the description\n"
- "timeout: 30\n"
+ "timeout: 300\n"
"\n"
"ident: test_case_2\n"
"\n"
@@ -201,7 +201,7 @@
// NO_CHECK_STYLE_BEGIN
const char* exp_calls[] = {
- "got_tc(test_case_1, {descr=This is the description, ident=test_case_1, timeout=30})",
+ "got_tc(test_case_1, {descr=This is the description, ident=test_case_1, timeout=300})",
"got_tc(test_case_2, {ident=test_case_2})",
"got_tc(test_case_3, {X-prop1=A custom property, descr=Third test case, ident=test_case_3})",
"got_eof()",
@@ -224,9 +224,10 @@
"\n"
"ident: single_test\n"
"descr: Some description\n"
- "timeout: 30\n"
+ "timeout: 300\n"
"require.arch: thearch\n"
"require.config: foo-bar\n"
+ "require.files: /a/1 /b/2\n"
"require.machine: themachine\n"
"require.progs: /bin/cp mv\n"
"require.user: root\n"
@@ -234,7 +235,7 @@
// NO_CHECK_STYLE_BEGIN
const char* exp_calls[] = {
- "got_tc(single_test, {descr=Some description, ident=single_test, require.arch=thearch, require.config=foo-bar, require.machine=themachine, require.progs=/bin/cp mv, require.user=root, timeout=30})",
+ "got_tc(single_test, {descr=Some description, ident=single_test, require.arch=thearch, require.config=foo-bar, require.files=/a/1 /b/2, require.machine=themachine, require.progs=/bin/cp mv, require.user=root, timeout=300})",
"got_eof()",
NULL
};
@@ -474,7 +475,7 @@
"\n"
"\n"
"ident: test\n"
- "timeout: 30\n"
+ "timeout: 300\n"
;
const char* exp_calls[] = {
@@ -489,6 +490,29 @@
do_parser_test< tp_reader >(input, exp_calls, exp_errors);
}
+ATF_TEST_CASE_WITHOUT_HEAD(tp_60);
+ATF_TEST_CASE_BODY(tp_60)
+{
+ const char* input =
+ "Content-Type: application/X-atf-tp; version=\"1\"\n"
+ "\n"
+ "ident: test\n"
+ "require.memory: 12345D\n"
+ ;
+
+ const char* exp_calls[] = {
+ NULL
+ };
+
+ const char* exp_errors[] = {
+ "4: The require.memory property requires an integer value representing"
+ " an amount of bytes",
+ NULL
+ };
+
+ do_parser_test< tp_reader >(input, exp_calls, exp_errors);
+}
+
// -------------------------------------------------------------------------
// Tests for the "tps" writer.
// -------------------------------------------------------------------------
@@ -502,6 +526,7 @@
{
std::ostringstream expss;
std::ostringstream ss;
+ const char *ts_regex = "[0-9]+\\.[0-9]{1,6}, ";
#define RESET \
expss.str(""); \
@@ -508,13 +533,13 @@
ss.str("")
#define CHECK \
- check_equal(*this, ss.str(), expss.str())
+ check_match(*this, ss.str(), expss.str())
{
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
}
@@ -522,7 +547,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.info("foo", "bar");
@@ -538,7 +563,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.ntps(0);
@@ -550,7 +575,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.ntps(123);
@@ -562,7 +587,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.ntps(2);
@@ -570,19 +595,19 @@
CHECK;
w.start_tp("foo", 0);
- expss << "tp-start: foo, 0\n";
+ expss << "tp-start: " << ts_regex << "foo, 0\n";
CHECK;
w.end_tp("");
- expss << "tp-end: foo\n";
+ expss << "tp-end: " << ts_regex << "foo\n";
CHECK;
w.start_tp("bar", 0);
- expss << "tp-start: bar, 0\n";
+ expss << "tp-start: " << ts_regex << "bar, 0\n";
CHECK;
w.end_tp("failed program");
- expss << "tp-end: bar, failed program\n";
+ expss << "tp-end: " << ts_regex << "bar, failed program\n";
CHECK;
}
@@ -590,7 +615,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.ntps(1);
@@ -598,15 +623,15 @@
CHECK;
w.start_tp("foo", 1);
- expss << "tp-start: foo, 1\n";
+ expss << "tp-start: " << ts_regex << "foo, 1\n";
CHECK;
w.start_tc("brokentc");
- expss << "tc-start: brokentc\n";
+ expss << "tc-start: " << ts_regex << "brokentc\n";
CHECK;
w.end_tp("aborted");
- expss << "tp-end: foo, aborted\n";
+ expss << "tp-end: " << ts_regex << "foo, aborted\n";
CHECK;
}
@@ -614,7 +639,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.ntps(1);
@@ -622,35 +647,35 @@
CHECK;
w.start_tp("thetp", 3);
- expss << "tp-start: thetp, 3\n";
+ expss << "tp-start: " << ts_regex << "thetp, 3\n";
CHECK;
w.start_tc("passtc");
- expss << "tc-start: passtc\n";
+ expss << "tc-start: " << ts_regex << "passtc\n";
CHECK;
w.end_tc("passed", "");
- expss << "tc-end: passtc, passed\n";
+ expss << "tc-end: " << ts_regex << "passtc, passed\n";
CHECK;
w.start_tc("failtc");
- expss << "tc-start: failtc\n";
+ expss << "tc-start: " << ts_regex << "failtc\n";
CHECK;
w.end_tc("failed", "The reason");
- expss << "tc-end: failtc, failed, The reason\n";
+ expss << "tc-end: " << ts_regex << "failtc, failed, The reason\n";
CHECK;
w.start_tc("skiptc");
- expss << "tc-start: skiptc\n";
+ expss << "tc-start: " << ts_regex << "skiptc\n";
CHECK;
w.end_tc("skipped", "The reason");
- expss << "tc-end: skiptc, skipped, The reason\n";
+ expss << "tc-end: " << ts_regex << "skiptc, skipped, The reason\n";
CHECK;
w.end_tp("");
- expss << "tp-end: thetp\n";
+ expss << "tp-end: " << ts_regex << "thetp\n";
CHECK;
}
@@ -658,7 +683,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.ntps(1);
@@ -666,11 +691,11 @@
CHECK;
w.start_tp("thetp", 1);
- expss << "tp-start: thetp, 1\n";
+ expss << "tp-start: " << ts_regex << "thetp, 1\n";
CHECK;
w.start_tc("thetc");
- expss << "tc-start: thetc\n";
+ expss << "tc-start: " << ts_regex << "thetc\n";
CHECK;
w.stdout_tc("a line");
@@ -686,11 +711,11 @@
CHECK;
w.end_tc("passed", "");
- expss << "tc-end: thetc, passed\n";
+ expss << "tc-end: " << ts_regex << "thetc, passed\n";
CHECK;
w.end_tp("");
- expss << "tp-end: thetp\n";
+ expss << "tp-end: " << ts_regex << "thetp\n";
CHECK;
}
@@ -698,7 +723,7 @@
RESET;
impl::atf_tps_writer w(ss);
- expss << "Content-Type: application/X-atf-tps; version=\"2\"\n\n";
+ expss << "Content-Type: application/X-atf-tps; version=\"3\"\n\n";
CHECK;
w.ntps(1);
@@ -706,11 +731,11 @@
CHECK;
w.start_tp("thetp", 0);
- expss << "tp-start: thetp, 0\n";
+ expss << "tp-start: " << ts_regex << "thetp, 0\n";
CHECK;
w.end_tp("");
- expss << "tp-end: thetp\n";
+ expss << "tp-end: " << ts_regex << "thetp\n";
CHECK;
w.info("foo", "bar");
@@ -762,7 +787,7 @@
check_property((*iter).second, "descr", "Description 1");
check_property((*iter).second, "has.cleanup", "false");
check_property((*iter).second, "ident", "first");
- check_property((*iter).second, "timeout", "30");
+ check_property((*iter).second, "timeout", "300");
}
{
@@ -786,7 +811,7 @@
ATF_REQUIRE_EQ(3, (*iter).second.size());
check_property((*iter).second, "has.cleanup", "false");
check_property((*iter).second, "ident", "third");
- check_property((*iter).second, "timeout", "30");
+ check_property((*iter).second, "timeout", "300");
}
}
@@ -965,6 +990,7 @@
ATF_ADD_TEST_CASE(tcs, tp_57);
ATF_ADD_TEST_CASE(tcs, tp_58);
ATF_ADD_TEST_CASE(tcs, tp_59);
+ ATF_ADD_TEST_CASE(tcs, tp_60);
ATF_ADD_TEST_CASE(tcs, atf_tps_writer);
@@ -982,6 +1008,8 @@
ATF_ADD_TEST_CASE(tcs, parse_test_case_result_skipped);
ATF_ADD_TEST_CASE(tcs, parse_test_case_result_unknown);
+ ATF_ADD_TEST_CASE(tcs, read_test_case_result_failed);
+ ATF_ADD_TEST_CASE(tcs, read_test_case_result_skipped);
ATF_ADD_TEST_CASE(tcs, read_test_case_result_no_file);
ATF_ADD_TEST_CASE(tcs, read_test_case_result_empty_file);
ATF_ADD_TEST_CASE(tcs, read_test_case_result_multiline);
Modified: vendor/bind/dist/unit/atf-src/atf-run/timer.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/timer.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/timer.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -27,12 +27,22 @@
// IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
+#if defined(HAVE_CONFIG_H)
+# include <bconfig.h>
+#endif
+
extern "C" {
-#include <signal.h>
+#include <sys/time.h>
}
#include <cerrno>
+#include <csignal>
+#include <ctime>
+extern "C" {
+#include "atf-c/defs.h"
+}
+
#include "atf-c++/detail/exceptions.hpp"
#include "atf-c++/detail/sanity.hpp"
@@ -42,53 +52,126 @@
namespace impl = atf::atf_run;
#define IMPL_NAME "atf::atf_run"
+#if !defined(HAVE_TIMER_T)
+static impl::timer* compat_handle;
+#endif
+
// ------------------------------------------------------------------------
// Auxiliary functions.
// ------------------------------------------------------------------------
-namespace sigalrm {
-
-bool m_fired = false;
-impl::timer* m_timer = NULL;
-
+#if defined(HAVE_TIMER_T)
+static
void
-handler(const int signo)
+handler(const int signo ATF_DEFS_ATTRIBUTE_UNUSED, siginfo_t* si,
+ void* uc ATF_DEFS_ATTRIBUTE_UNUSED)
{
- PRE(signo == SIGALRM);
-
- m_fired = true;
- m_timer->timeout_callback();
+ impl::timer* timer = static_cast< impl::timer* >(si->si_value.sival_ptr);
+ timer->set_fired();
+ timer->timeout_callback();
}
+#else
+static
+void
+handler(const int signo ATF_DEFS_ATTRIBUTE_UNUSED,
+ siginfo_t* si ATF_DEFS_ATTRIBUTE_UNUSED,
+ void* uc ATF_DEFS_ATTRIBUTE_UNUSED)
+{
+ compat_handle->set_fired();
+ compat_handle->timeout_callback();
+}
+#endif
-} // anonymous namespace
-
// ------------------------------------------------------------------------
// The "timer" class.
// ------------------------------------------------------------------------
-impl::timer::timer(const unsigned int seconds)
+struct impl::timer::impl {
+#if defined(HAVE_TIMER_T)
+ ::timer_t m_timer;
+ ::itimerspec m_old_it;
+#else
+ ::itimerval m_old_it;
+#endif
+
+ struct ::sigaction m_old_sa;
+ volatile bool m_fired;
+
+ impl(void) : m_fired(false)
+ {
+ }
+};
+
+impl::timer::timer(const unsigned int seconds) :
+ m_pimpl(new impl())
{
- sigalrm::m_fired = false;
- sigalrm::m_timer = this;
- m_sigalrm.reset(new signal_programmer(SIGALRM, sigalrm::handler));
+ struct ::sigaction sa;
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_SIGINFO;
+ sa.sa_sigaction = ::handler;
+ if (::sigaction(SIGALRM, &sa, &m_pimpl->m_old_sa) == -1)
+ throw system_error(IMPL_NAME "::timer::timer",
+ "Failed to set signal handler", errno);
- ::itimerval timeval;
- timeval.it_interval.tv_sec = 0;
- timeval.it_interval.tv_usec = 0;
- timeval.it_value.tv_sec = seconds;
- timeval.it_value.tv_usec = 0;
+#if defined(HAVE_TIMER_T)
+ struct ::sigevent se;
+ se.sigev_notify = SIGEV_SIGNAL;
+ se.sigev_signo = SIGALRM;
+ se.sigev_value.sival_ptr = static_cast< void* >(this);
+ se.sigev_notify_function = NULL;
+ se.sigev_notify_attributes = NULL;
+ if (::timer_create(CLOCK_MONOTONIC, &se, &m_pimpl->m_timer) == -1) {
+ ::sigaction(SIGALRM, &m_pimpl->m_old_sa, NULL);
+ throw system_error(IMPL_NAME "::timer::timer",
+ "Failed to create timer", errno);
+ }
- if (::setitimer(ITIMER_REAL, &timeval, &m_old_timeval) == -1)
+ struct ::itimerspec it;
+ it.it_interval.tv_sec = 0;
+ it.it_interval.tv_nsec = 0;
+ it.it_value.tv_sec = seconds;
+ it.it_value.tv_nsec = 0;
+ if (::timer_settime(m_pimpl->m_timer, 0, &it, &m_pimpl->m_old_it) == -1) {
+ ::sigaction(SIGALRM, &m_pimpl->m_old_sa, NULL);
+ ::timer_delete(m_pimpl->m_timer);
throw system_error(IMPL_NAME "::timer::timer",
"Failed to program timer", errno);
+ }
+#else
+ ::itimerval it;
+ it.it_interval.tv_sec = 0;
+ it.it_interval.tv_usec = 0;
+ it.it_value.tv_sec = seconds;
+ it.it_value.tv_usec = 0;
+ if (::setitimer(ITIMER_REAL, &it, &m_pimpl->m_old_it) == -1) {
+ ::sigaction(SIGALRM, &m_pimpl->m_old_sa, NULL);
+ throw system_error(IMPL_NAME "::timer::timer",
+ "Failed to program timer", errno);
+ }
+ INV(compat_handle == NULL);
+ compat_handle = this;
+#endif
}
impl::timer::~timer(void)
{
- const int ret = ::setitimer(ITIMER_REAL, &m_old_timeval, NULL);
+#if defined(HAVE_TIMER_T)
+ {
+ const int ret = ::timer_delete(m_pimpl->m_timer);
+ INV(ret != -1);
+ }
+#else
+ {
+ const int ret = ::setitimer(ITIMER_REAL, &m_pimpl->m_old_it, NULL);
+ INV(ret != -1);
+ }
+#endif
+ const int ret = ::sigaction(SIGALRM, &m_pimpl->m_old_sa, NULL);
INV(ret != -1);
- sigalrm::m_timer = NULL;
- sigalrm::m_fired = false;
+
+#if !defined(HAVE_TIMER_T)
+ compat_handle = NULL;
+#endif
}
bool
@@ -95,9 +178,15 @@
impl::timer::fired(void)
const
{
- return sigalrm::m_fired;
+ return m_pimpl->m_fired;
}
+void
+impl::timer::set_fired(void)
+{
+ m_pimpl->m_fired = true;
+}
+
// ------------------------------------------------------------------------
// The "child_timer" class.
// ------------------------------------------------------------------------
@@ -117,9 +206,10 @@
void
impl::child_timer::timeout_callback(void)
{
+ static const timespec ts = { 1, 0 };
m_terminate = true;
-
- // Should use killpg(2) but, according to signal(7), using this system
- // call in a signal handler context is not safe.
- ::kill(m_pid, SIGKILL);
+ ::kill(-m_pid, SIGTERM);
+ ::nanosleep(&ts, NULL);
+ if (::kill(-m_pid, 0) != -1)
+ ::kill(-m_pid, SIGKILL);
}
Modified: vendor/bind/dist/unit/atf-src/atf-run/timer.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/timer.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/timer.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -31,13 +31,12 @@
#define _ATF_RUN_ALARM_HPP_
extern "C" {
-#include <sys/time.h>
#include <sys/types.h>
}
#include <memory>
-#include "atf-c++/utils.hpp"
+#include "atf-c++/noncopyable.hpp"
namespace atf {
namespace atf_run {
@@ -48,9 +47,9 @@
// The "timer" class.
// ------------------------------------------------------------------------
-class timer : utils::noncopyable {
- ::itimerval m_old_timeval;
- std::auto_ptr< signal_programmer > m_sigalrm;
+class timer : noncopyable {
+ struct impl;
+ std::auto_ptr< impl > m_pimpl;
public:
timer(const unsigned int);
@@ -57,6 +56,7 @@
virtual ~timer(void);
bool fired(void) const;
+ void set_fired(void);
virtual void timeout_callback(void) = 0;
};
Modified: vendor/bind/dist/unit/atf-src/atf-run/user.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/user.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/user.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -28,16 +28,16 @@
//
extern "C" {
-#include <unistd.h>
-
#include <sys/types.h>
#include <pwd.h>
+#include <unistd.h>
#include "../atf-c/detail/user.h"
}
#include <stdexcept>
+#include <string>
#include "../atf-c++/detail/sanity.hpp"
Modified: vendor/bind/dist/unit/atf-src/atf-run/user.hpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/user.hpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/user.hpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-run/user_test.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/user_test.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/user_test.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -82,6 +82,14 @@
std::cout << "Last GID is " << maxgid << "\n";
}
+ const gid_t maxgid_limit = 1 << 16;
+ if (maxgid > maxgid_limit) {
+ std::cout << "Test truncated from " << maxgid << " groups to "
+ << maxgid_limit << " to keep the run time reasonable "
+ "enough\n";
+ maxgid = maxgid_limit;
+ }
+
for (gid_t g = 0; g <= maxgid; g++) {
if (groups.find(g) == groups.end()) {
std::cout << "Checking if user does not belong to group "
Modified: vendor/bind/dist/unit/atf-src/atf-run/zero_tcs_helper.c
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-run/zero_tcs_helper.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-run/zero_tcs_helper.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -31,5 +31,6 @@
ATF_TP_ADD_TCS(tp)
{
+ if (tp != NULL) {} /* Use tp. */
return atf_no_error();
}
Added: vendor/bind/dist/unit/atf-src/atf-sh/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-sh/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,11 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="tc_test"}
+atf_test_program{name="tp_test"}
+atf_test_program{name="normalize_test"}
+atf_test_program{name="config_test"}
+atf_test_program{name="atf-check_test"}
+atf_test_program{name="atf_check_test"}
+atf_test_program{name="integration_test"}
Modified: vendor/bind/dist/unit/atf-src/atf-sh/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -29,12 +29,12 @@
libexec_PROGRAMS += atf-sh/atf-check
atf_sh_atf_check_SOURCES = atf-sh/atf-check.cpp
-atf_sh_atf_check_LDADD = libatf-c++.la
+atf_sh_atf_check_LDADD = $(ATF_CXX_LIBS)
dist_man_MANS += atf-sh/atf-check.1
bin_PROGRAMS += atf-sh/atf-sh
atf_sh_atf_sh_SOURCES = atf-sh/atf-sh.cpp
-atf_sh_atf_sh_LDADD = libatf-c++.la
+atf_sh_atf_sh_LDADD = $(ATF_CXX_LIBS)
dist_man_MANS += atf-sh/atf-sh.1
atf_sh_DATA = atf-sh/libatf-sh.subr
@@ -43,7 +43,22 @@
dist_man_MANS += atf-sh/atf-sh-api.3
-tests_atf_sh_DATA = atf-sh/Atffile
+atf_aclocal_DATA += atf-sh/atf-sh.m4
+EXTRA_DIST += atf-sh/atf-sh.m4
+
+atf_shpkgconfigdir = $(atf_pkgconfigdir)
+atf_shpkgconfig_DATA = atf-sh/atf-sh.pc
+CLEANFILES += atf-sh/atf-sh.pc
+EXTRA_DIST += atf-sh/atf-sh.pc.in
+atf-sh/atf-sh.pc: $(srcdir)/atf-sh/atf-sh.pc.in Makefile
+ test -d atf-sh || mkdir -p atf-sh
+ sed -e 's#__ATF_VERSION__#$(PACKAGE_VERSION)#g' \
+ -e 's#__EXEC_PREFIX__#$(exec_prefix)#g' \
+ <$(srcdir)/atf-sh/atf-sh.pc.in >atf-sh/atf-sh.pc.tmp
+ mv atf-sh/atf-sh.pc.tmp atf-sh/atf-sh.pc
+
+tests_atf_sh_DATA = atf-sh/Atffile \
+ atf-sh/Kyuafile
tests_atf_shdir = $(pkgtestsdir)/atf-sh
EXTRA_DIST += $(tests_atf_sh_DATA)
Modified: vendor/bind/dist/unit/atf-src/atf-sh/atf-check.1
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf-check.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf-check.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-sh/atf-check.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf-check.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf-check.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2008 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -40,6 +40,7 @@
#include <cstdlib>
#include <cstring>
#include <fstream>
+#include <ios>
#include <iostream>
#include <iterator>
#include <list>
@@ -48,9 +49,9 @@
#include "atf-c++/check.hpp"
#include "atf-c++/config.hpp"
-#include "atf-c++/utils.hpp"
#include "atf-c++/detail/application.hpp"
+#include "atf-c++/detail/auto_array.hpp"
#include "atf-c++/detail/exceptions.hpp"
#include "atf-c++/detail/fs.hpp"
#include "atf-c++/detail/process.hpp"
@@ -115,7 +116,7 @@
std::ostream(NULL),
m_fd(-1)
{
- atf::utils::auto_array< char > buf(new char[p.str().length() + 1]);
+ atf::auto_array< char > buf(new char[p.str().length() + 1]);
std::strcpy(buf.get(), p.c_str());
m_fd = ::mkstemp(buf.get());
@@ -185,6 +186,7 @@
{ "int", SIGINT },
{ "quit", SIGQUIT },
{ "trap", SIGTRAP },
+ { "abrt", SIGABRT },
{ "kill", SIGKILL },
{ "segv", SIGSEGV },
{ "pipe", SIGPIPE },
@@ -269,7 +271,7 @@
else
value = parse_signal(value_str);
} else
- throw atf::application::usage_error("Invalid output checker");
+ throw atf::application::usage_error("Invalid status checker");
return status_check(type, negated, value);
}
@@ -379,7 +381,7 @@
bool found = false;
std::string line;
- while (!found && std::getline(stream, line).good()) {
+ while (!found && !std::getline(stream, line).fail()) {
if (atf::text::match(line, regexp))
found = true;
}
@@ -422,8 +424,6 @@
if (f2.bad())
throw std::runtime_error("Failed to read from " + p1.str());
- std::cout << "1 read: " << f1.gcount() << "\n";
- std::cout << "2 read: " << f2.gcount() << "\n";
if ((f1.gcount() == 0) && (f2.gcount() == 0)) {
equal = true;
break;
Modified: vendor/bind/dist/unit/atf-src/atf-sh/atf-check_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf-check_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf-check_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2008 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -27,7 +27,7 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
-# The Atf_Check variable is set by atf-sh.
+# The Atf_Check and Atf-Shell variables are set by atf-sh.
h_pass()
{
@@ -36,7 +36,7 @@
echo "Running [atf-check $*] against [${cmd}]"
cat >script.sh <<EOF
-#! $(atf-config -t atf_shell)
+#! ${Atf_Shell}
${cmd}
EOF
chmod +x script.sh
@@ -54,7 +54,7 @@
echo "Running [atf-check $*] against [${cmd}]"
cat >script.sh <<EOF
-#! $(atf-config -t atf_shell)
+#! ${Atf_Shell}
${cmd}
EOF
chmod +x script.sh
@@ -211,10 +211,10 @@
h_pass "echo foo bar" -o inline:"foo bar\n"
h_pass "printf 'foo bar'" -o inline:"foo bar"
h_pass "printf '\t\n\t\n'" -o inline:"\t\n\t\n"
- # XXX Ugly hack to workaround the lack of \e in FreeBSD. Look for a
- # nicer solution...
+ # XXX Ugly hack to workaround the lack of \e in FreeBSD. Also, \e doesn't
+ # seem to work as expected in Linux. Look for a nicer solution.
case $(uname) in
- FreeBSD)
+ Darwin|FreeBSD|Linux)
h_pass "printf '\a\b\f\n\r\t\v'" -o inline:"\a\b\f\n\r\t\v"
;;
*)
@@ -234,6 +234,7 @@
}
oflag_match_body()
{
+ h_pass "printf no-newline" -o "match:^no-newline"
h_pass "echo line1; echo foo bar" -o "match:^foo"
h_pass "echo foo bar" -o "match:o b"
h_fail "echo foo bar" -o "match:baz"
@@ -330,10 +331,10 @@
h_pass "echo foo bar 1>&2" -e inline:"foo bar\n"
h_pass "printf 'foo bar' 1>&2" -e inline:"foo bar"
h_pass "printf '\t\n\t\n' 1>&2" -e inline:"\t\n\t\n"
- # XXX Ugly hack to workaround the lack of \e in FreeBSD. Look for a
- # nicer solution...
+ # XXX Ugly hack to workaround the lack of \e in FreeBSD. Also, \e doesn't
+ # seem to work as expected in Linux. Look for a nicer solution.
case $(uname) in
- FreeBSD)
+ Darwin|FreeBSD|Linux)
h_pass "printf '\a\b\f\n\r\t\v' 1>&2" -e inline:"\a\b\f\n\r\t\v"
;;
*)
@@ -365,6 +366,7 @@
}
eflag_match_body()
{
+ h_pass "printf no-newline 1>&2" -e "match:^no-newline"
h_pass "echo line1 1>&2; echo foo bar 1>&2" -e "match:^foo"
h_pass "echo foo bar 1>&2" -e "match:o b"
h_fail "echo foo bar 1>&2" -e "match:baz"
@@ -398,6 +400,17 @@
h_fail "echo foo bar 1>&2" -e not-match:foo
}
+atf_test_case stdin
+stdin_head()
+{
+ atf_set "descr" "Tests that stdin is preserved"
+}
+stdin_body()
+{
+ echo "hello" | ${Atf_Check} -o match:"hello" cat || \
+ atf_fail "atf-check does not seem to respect stdin"
+}
+
atf_test_case invalid_umask
invalid_umask_head()
{
@@ -442,6 +455,8 @@
atf_add_test_case eflag_multiple
atf_add_test_case eflag_negated
+ atf_add_test_case stdin
+
atf_add_test_case invalid_umask
}
Modified: vendor/bind/dist/unit/atf-src/atf-sh/atf-sh-api.3
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf-sh-api.3 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf-sh-api.3 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -65,10 +65,12 @@
{
const std::string libexecdir = atf::config::get("atf_libexecdir");
const std::string pkgdatadir = atf::config::get("atf_pkgdatadir");
+ const std::string shell = atf::config::get("atf_shell");
std::string* command = new std::string();
command->reserve(512);
(*command) += ("Atf_Check='" + libexecdir + "/atf-check' ; " +
+ "Atf_Shell='" + shell + "' ; " +
". " + pkgdatadir + "/libatf-sh.subr ; " +
". " + fix_plain_name(filename) + " ; " +
"main \"${@}\"");
Added: vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.m4 (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,53 @@
+dnl
+dnl Automated Testing Framework (atf)
+dnl
+dnl Copyright 2011 Google Inc.
+dnl All rights reserved.
+dnl
+dnl Redistribution and use in source and binary forms, with or without
+dnl modification, are permitted provided that the following conditions are
+dnl met:
+dnl
+dnl * Redistributions of source code must retain the above copyright
+dnl notice, this list of conditions and the following disclaimer.
+dnl * Redistributions in binary form must reproduce the above copyright
+dnl notice, this list of conditions and the following disclaimer in the
+dnl documentation and/or other materials provided with the distribution.
+dnl * Neither the name of Google Inc. nor the names of its contributors
+dnl may be used to endorse or promote products derived from this software
+dnl without specific prior written permission.
+dnl
+dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+dnl "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+dnl LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+dnl A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+dnl OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+dnl SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+dnl LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+dnl DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+dnl THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+dnl OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+dnl
+
+dnl ATF_CHECK_SH([version-spec])
+dnl
+dnl Checks if atf-sh is present. If version-spec is provided, ensures that
+dnl the installed version of atf-sh matches the required version. This
+dnl argument must be something like '>= 0.14' and accepts any version
+dnl specification supported by pkg-config.
+dnl
+dnl Defines and substitutes ATF_SH with the full path to the atf-sh interpreter.
+AC_DEFUN([ATF_CHECK_SH], [
+ spec="atf-sh[]m4_default_nblank([ $1], [])"
+ _ATF_CHECK_ARG_WITH(
+ [AC_MSG_CHECKING([for ${spec}])
+ PKG_CHECK_EXISTS([${spec}], [found=yes], [found=no])
+ if test "${found}" = yes; then
+ ATF_SH="$(${PKG_CONFIG} --variable=interpreter atf-sh)"
+ AC_SUBST([ATF_SH], [${ATF_SH}])
+ found_atf_sh=yes
+ fi
+ AC_MSG_RESULT([${ATF_SH}])],
+ [required ${spec} not found])
+])
Added: vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.pc.in
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.pc.in (rev 0)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf-sh.pc.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,8 @@
+# ATF pkg-config file
+
+exec_prefix=__EXEC_PREFIX__
+interpreter=${exec_prefix}/bin/atf-sh
+
+Name: atf-sh
+Description: Automated Testing Framework (POSIX shell binding)
+Version: __ATF_VERSION__
Modified: vendor/bind/dist/unit/atf-src/atf-sh/atf_check_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/atf_check_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/atf_check_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -54,7 +54,7 @@
expout_mismatch_head()
{
atf_set "descr" "Verifies that atf_check prints a diff of the" \
- "stdout and the expected stdout if the two do no" \
+ "stdout and the expected stdout if the two do not" \
"match"
}
expout_mismatch_body()
@@ -79,7 +79,7 @@
experr_mismatch_head()
{
atf_set "descr" "Verifies that atf_check prints a diff of the" \
- "stderr and the expected stderr if the two do no" \
+ "stderr and the expected stderr if the two do not" \
"match"
}
experr_mismatch_body()
Modified: vendor/bind/dist/unit/atf-src/atf-sh/config_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/config_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/config_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -36,14 +36,14 @@
{
h="$(atf_get_srcdir)/misc_helpers -s $(atf_get_srcdir)"
- atf_check -s eq:0 -o match:'foo not found' -e empty -x \
+ atf_check -s eq:0 -o match:'foo not found' -e ignore -x \
"TEST_VARIABLE=foo ${h} config_has"
- atf_check -s eq:0 -o match:'foo found' -e empty -x \
+ atf_check -s eq:0 -o match:'foo found' -e ignore -x \
"TEST_VARIABLE=foo ${h} -v foo=bar config_has"
echo "Checking for deprecated variables"
- atf_check -s eq:0 -o match:'workdir not found' -e empty -x \
+ atf_check -s eq:0 -o match:'workdir not found' -e ignore -x \
"TEST_VARIABLE=workdir ${h} config_has"
}
@@ -67,10 +67,10 @@
[ "${v}" = "the default value" ] || \
atf_fail "Default value does not work"
- atf_check -s eq:0 -o match:'foo = bar' -e empty -x \
+ atf_check -s eq:0 -o match:'foo = bar' -e ignore -x \
"TEST_VARIABLE=foo ${h} -v foo=bar config_get"
- atf_check -s eq:0 -o match:'foo = baz' -e empty -x \
+ atf_check -s eq:0 -o match:'foo = baz' -e ignore -x \
"TEST_VARIABLE=foo ${h} -v foo=baz config_get"
}
Modified: vendor/bind/dist/unit/atf-src/atf-sh/libatf-sh.subr
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/libatf-sh.subr 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/libatf-sh.subr 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -33,9 +33,6 @@
# GLOBAL VARIABLES
# ------------------------------------------------------------------------
-# The list of all test cases defined by the test program.
-Defined_Test_Cases=
-
# Values for the expect property.
Expect=pass
Expect_Reason=
@@ -61,9 +58,7 @@
Test_Case_Vars=
# The list of all test cases provided by the test program.
-# Subset of ${Defined_Test_Cases}.
Test_Cases=
-Test_Cases_With_Cleanup=
# ------------------------------------------------------------------------
# PUBLIC INTERFACE
@@ -79,9 +74,6 @@
#
atf_add_test_case()
{
- _atf_is_tc_defined "${1}" || \
- _atf_error 128 "Test case ${1} was not correctly defined by" \
- "this test program"
Test_Cases="${Test_Cases} ${1}"
}
@@ -157,7 +149,7 @@
_atf_validate_expect
Expect=death
- _atf_create_resfile expected_death -1 "${@}"
+ _atf_create_resfile "expected_death: ${*}"
}
#
@@ -170,7 +162,7 @@
_atf_validate_expect
Expect=timeout
- _atf_create_resfile expected_timeout -1 "${@}"
+ _atf_create_resfile "expected_timeout: ${*}"
}
#
@@ -185,7 +177,11 @@
_atf_validate_expect
Expect=exit
- _atf_create_resfile expected_exit "${_exitcode}" "${@}"
+ if [ "${_exitcode}" = "-1" ]; then
+ _atf_create_resfile "expected_exit: ${*}"
+ else
+ _atf_create_resfile "expected_exit(${_exitcode}): ${*}"
+ fi
}
#
@@ -226,7 +222,11 @@
_atf_validate_expect
Expect=signal
- _atf_create_resfile expected_signal "${_signo}" "${@}"
+ if [ "${_signo}" = "-1" ]; then
+ _atf_create_resfile "expected_signal: ${*}"
+ else
+ _atf_create_resfile "expected_signal(${_signo}): ${*}"
+ fi
}
#
@@ -238,7 +238,7 @@
#
atf_expected_failure()
{
- _atf_create_resfile expected_failure -1 "${Expect_Reason}:" "${@}"
+ _atf_create_resfile "expected_failure: ${Expect_Reason}: ${*}"
exit 0
}
@@ -256,7 +256,7 @@
atf_expected_failure "${@}"
;;
pass)
- _atf_create_resfile failed -1 "${@}"
+ _atf_create_resfile "failed: ${*}"
exit 1
;;
*)
@@ -284,21 +284,10 @@
#
atf_get_srcdir()
{
- _atf_internal_get srcdir
+ echo ${Source_Dir}
}
#
-# atf_init_test_cases
-#
-# The function in charge of registering the test cases that have to
-# be made available to the user. Must be redefined.
-#
-atf_init_test_cases()
-{
- _atf_error 128 "No test cases defined"
-}
-
-#
# atf_pass
#
# Makes the test case pass. Shouldn't be used in general, as a test
@@ -312,7 +301,7 @@
atf_fail "Test case was expecting a failure but got a pass instead"
;;
pass)
- _atf_create_resfile passed -1
+ _atf_create_resfile passed
exit 0
;;
*)
@@ -377,7 +366,7 @@
#
atf_skip()
{
- _atf_create_resfile skipped -1 "${@}"
+ _atf_create_resfile "skipped: ${*}"
exit 0
}
@@ -391,12 +380,10 @@
#
atf_test_case()
{
- Defined_Test_Cases="${Defined_Test_Cases} ${1}"
-
eval "${1}_head() { :; }"
- eval "${1}_body() { :; }"
+ eval "${1}_body() { atf_fail 'Test case not implemented'; }"
if [ "${2}" = cleanup ]; then
- Test_Cases_With_Cleanup="${Test_Cases_With_Cleanup} ${1}"
+ eval __has_cleanup_${1}=true
eval "${1}_cleanup() { :; }"
else
eval "${1}_cleanup() {
@@ -440,70 +427,21 @@
}
#
-# _atf_create_resfile result arg [reason ...]
+# _atf_create_resfile contents
#
# Creates the results file.
#
_atf_create_resfile()
{
- _result="${1}"; shift
- if [ "${1}" -eq -1 ]; then
- _arg=""
- shift
- else
- _arg="(${1})"
- shift
- fi
- if [ ${#} -gt 0 ]; then
- _reason=": ${*}"
- else
- _reason=""
- fi
-
if [ -n "${Results_File}" ]; then
- echo "${_result}${_arg}${_reason}" >"${Results_File}" || \
+ echo "${*}" >"${Results_File}" || \
_atf_error 128 "Cannot create results file '${Results_File}'"
else
- echo "${_result}${_arg}${_reason}"
+ echo "${*}"
fi
}
#
-# _atf_ensure_boolean var
-#
-# Ensures that the test case defined the variable 'var' to a boolean
-# value.
-#
-_atf_ensure_boolean()
-{
- _atf_ensure_not_empty ${1}
-
- case $(atf_get ${1}) in
- [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee])
- atf_set ${1} true
- ;;
- [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee])
- atf_set ${1} false
- ;;
- *)
- _atf_error 128 "Invalid value for boolean variable \`${1}'"
- ;;
- esac
-}
-
-#
-# _atf_ensure_not_empty var
-#
-# Ensures that the test case defined the variable 'var' to a non-empty
-# value.
-#
-_atf_ensure_not_empty()
-{
- [ -n "$(atf_get ${1})" ] || \
- _atf_error 128 "Undefined or empty variable \`${1}'"
-}
-
-#
# _atf_error error_code [msg1 [.. msgN]]
#
# Prints the given error message (which can be composed of multiple
@@ -523,6 +461,17 @@
}
#
+# _atf_warning msg1 [.. msgN]
+#
+# Prints the given warning message (which can be composed of multiple
+# arguments, in which case are joined by a single space).
+#
+_atf_warning()
+{
+ echo "${Prog_Name}: WARNING:" "$@" 1>&2
+}
+
+#
# _atf_find_in_path program
#
# Looks for a program in the path and prints the full path to it or
@@ -556,49 +505,12 @@
_atf_has_tc()
{
for _tc in ${Test_Cases}; do
- if [ ${_tc} = ${1} ]; then
- return 0
- fi
+ [ "${_tc}" != "${1}" ] || return 0
done
return 1
}
#
-# _atf_get_bool varname
-#
-# Evaluates a test case-specific variable as a boolean and returns its
-# value.
-#
-_atf_get_bool()
-{
- eval $(atf_get ${1})
-}
-
-#
-# _atf_internal_get varname
-#
-# Prints the value of a test case-specific internal variable. Given
-# that one should not get the value of non-existent variables, it is
-# fine to always use this function as 'val=$(_atf_internal_get var)'.
-#
-_atf_internal_get()
-{
- eval echo \${__tc_internal_var_${Test_Case}_${1}}
-}
-
-#
-# _atf_internal_set varname val1 [.. valN]
-#
-# Sets the test case's private variable 'varname' to the specified
-# values which are concatenated using a single blank space.
-#
-_atf_internal_set()
-{
- _var=${1}; shift
- eval __tc_internal_var_${Test_Case}_${_var}=\"\${*}\"
-}
-
-#
# _atf_list_tcs
#
# Describes all test cases and prints the list to the standard output.
@@ -640,7 +552,6 @@
#
_atf_parse_head()
{
- ${Parsing_Head} && _atf_error 128 "_atf_parse_head called recursively"
Parsing_Head=true
Test_Case="${1}"
@@ -650,11 +561,8 @@
atf_set has.cleanup "true"
fi
+ ${1}_head
atf_set ident "${1}"
- ${1}_head
- _atf_ensure_not_empty ident
- test $(atf_get ident) = "${1}" || \
- _atf_error 128 "Test case redefined ident"
Parsing_Head=false
}
@@ -684,75 +592,40 @@
;;
esac
- if _atf_has_tc ${_tcname}; then
- _atf_parse_head ${_tcname}
+ _atf_has_tc "${_tcname}" || _atf_syntax_error "Unknown test case \`${1}'"
- _atf_internal_set srcdir "${Source_Dir}"
-
- case ${_tcpart} in
- body)
- if ${_tcname}_body; then
- _atf_validate_expect
- _atf_create_resfile passed -1
- else
- Expect=pass
- atf_fail "Test case body returned a non-ok exit code, but" \
- "this is not allowed"
- fi
- ;;
- cleanup)
- if _atf_has_cleanup "${_tcname}"; then
- if ${_tcname}_cleanup; then
- :
- else
- _atf_error 128 "The test case cleanup returned a non-ok" \
- "exit code, but this is not allowed"
- fi
- fi
- ;;
- *)
- _atf_error 128 "Unknown test case part"
- ;;
- esac
- else
- _atf_syntax_error "Unknown test case \`${1}'"
+ if [ "${__RUNNING_INSIDE_ATF_RUN}" != "internal-yes-value" ]; then
+ _atf_warning "Running test cases without atf-run(1) is unsupported"
+ _atf_warning "No isolation nor timeout control is being applied;" \
+ "you may get unexpected failures; see atf-test-case(4)"
fi
-}
-#
-# _atf_sighup_handler
-#
-# Handler for the SIGHUP signal that registers its occurrence so that
-# it can be processed at a later stage.
-#
-_atf_sighup_handler()
-{
- Held_Signals="${Held_Signals} SIGHUP"
-}
+ _atf_parse_head ${_tcname}
-#
-# _atf_sigint_handler
-#
-# Handler for the SIGINT signal that registers its occurrence so that
-# it can be processed at a later stage.
-#
-_atf_sigint_handler()
-{
- Held_Signals="${Held_Signals} SIGINT"
+ case ${_tcpart} in
+ body)
+ if ${_tcname}_body; then
+ _atf_validate_expect
+ _atf_create_resfile passed
+ else
+ Expect=pass
+ atf_fail "Test case body returned a non-ok exit code, but" \
+ "this is not allowed"
+ fi
+ ;;
+ cleanup)
+ if _atf_has_cleanup "${_tcname}"; then
+ ${_tcname}_cleanup || _atf_error 128 "The test case cleanup" \
+ "returned a non-ok exit code, but this is not allowed"
+ fi
+ ;;
+ *)
+ _atf_error 128 "Unknown test case part"
+ ;;
+ esac
}
#
-# _atf_sigterm_handler
-#
-# Handler for the SIGTERM signal that registers its occurrence so that
-# it can be processed at a later stage.
-#
-_atf_sigterm_handler()
-{
- Held_Signals="${Held_Signals} SIGTERM"
-}
-
-#
# _atf_syntax_error msg1 [.. msgN]
#
# Formats and prints a syntax error message and terminates the
@@ -766,20 +639,6 @@
}
#
-# _atf_is_tc_defined tc-name
-#
-# Returns a boolean indicating if the given test case was defined by the
-# test program or not.
-#
-_atf_is_tc_defined()
-{
- for _tc in ${Defined_Test_Cases}; do
- [ ${_tc} = ${1} ] && return 0
- done
- return 1
-}
-
-#
# _atf_has_cleanup tc-name
#
# Returns a boolean indicating if the given test case has a cleanup
@@ -787,10 +646,9 @@
#
_atf_has_cleanup()
{
- for _tc in ${Test_Cases_With_Cleanup}; do
- [ ${_tc} = ${1} ] && return 0
- done
- return 1
+ _found=true
+ eval "[ x\"\${__has_cleanup_${1}}\" = xtrue ] || _found=false"
+ [ "${_found}" = true ]
}
#
@@ -898,17 +756,6 @@
_atf_error 1 "Cannot find the test program in the source" \
"directory \`${Source_Dir}'"
- # Set some global variables useful to the user. Not specific to the
- # test case because they may be needed during initialization too.
- # XXX I'm not too fond on this though. Sure, it is very useful in some
- # situations -- such as in NetBSD's fs/tmpfs/* tests where each test
- # program includes a helper subroutines file -- but there are also
- # other, maybe better ways to achieve the same. Because, for example,
- # at the moment it is not possible to detect failures in the inclusion
- # and report them nicely. Plus this change is difficult to implement
- # in the current C++ API.
- _atf_internal_set srcdir "${Source_Dir}"
-
# Call the test program's hook to register all available test cases.
atf_init_test_cases
Modified: vendor/bind/dist/unit/atf-src/atf-sh/misc_helpers.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/misc_helpers.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/misc_helpers.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -235,6 +235,12 @@
exit 1
}
+atf_test_case tc_missing_body
+tc_missing_body_head()
+{
+ atf_set "descr" "Helper test case for the t_tc test program"
+}
+
# -------------------------------------------------------------------------
# Helper tests for "t_tp".
# -------------------------------------------------------------------------
@@ -280,6 +286,7 @@
atf_add_test_case tc_pass_false
atf_add_test_case tc_pass_return_error
atf_add_test_case tc_fail
+ atf_add_test_case tc_missing_body
# Add helper tests for t_tp.
[ -f $(atf_get_srcdir)/subrs ] && . $(atf_get_srcdir)/subrs
Modified: vendor/bind/dist/unit/atf-src/atf-sh/normalize_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/normalize_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/normalize_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-sh/tc_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/tc_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/tc_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -43,9 +43,22 @@
atf_check -s eq:1 -o ignore -e match:'An error' ${h} tc_fail
}
+atf_test_case missing_body
+missing_body_head()
+{
+ atf_set "descr" "Verifies that test cases without a body are reported" \
+ "as failed"
+}
+missing_body_body()
+{
+ h="$(atf_get_srcdir)/misc_helpers -s $(atf_get_srcdir)"
+ atf_check -s eq:1 -o ignore -e ignore ${h} tc_missing_body
+}
+
atf_init_test_cases()
{
atf_add_test_case default_status
+ atf_add_test_case missing_body
}
# vim: syntax=sh:expandtab:shiftwidth=4:softtabstop=4
Modified: vendor/bind/dist/unit/atf-src/atf-sh/tp_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-sh/tp_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-sh/tp_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -44,7 +44,7 @@
EOF
atf_check -s eq:0 -o match:'Calling helper' \
- -o match:'This is a helper subroutine' -e empty ./work/misc_helpers \
+ -o match:'This is a helper subroutine' -e ignore ./work/misc_helpers \
-s "$(pwd)"/work tp_srcdir
}
Modified: vendor/bind/dist/unit/atf-src/atf-version/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-version/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-version/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -31,7 +31,7 @@
atf_version_atf_version_SOURCES = atf-version/atf-version.cpp
nodist_atf_version_atf_version_SOURCES = atf-version/revision.h
atf_version_atf_version_CPPFLAGS = -Iatf-version
-atf_version_atf_version_LDADD = libatf-c++.la
+atf_version_atf_version_LDADD = $(ATF_CXX_LIBS)
dist_man_MANS += atf-version/atf-version.1
EXTRA_DIST += atf-version/generate-revision.sh
@@ -44,11 +44,11 @@
cp -p atf-version/revision.h.stamp atf-version/revision.h
CLEANFILES += atf-version/revision.h.stamp
-.PHONY: atf-version/revision.h.stamp
+PHONY_TARGETS += atf-version/revision.h.stamp
atf-version/revision.h.stamp:
@test -d atf-version || mkdir -p atf-version
@$(top_srcdir)/atf-version/generate-revision.sh \
- -m "$(MTN)" -r $(top_srcdir) -o atf-version/revision.h.stamp \
+ -g "$(GIT)" -r $(top_srcdir) -o atf-version/revision.h.stamp \
-v $(PACKAGE_VERSION)
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
Modified: vendor/bind/dist/unit/atf-src/atf-version/atf-version.1
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-version/atf-version.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-version/atf-version.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/atf-version/atf-version.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-version/atf-version.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-version/atf-version.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -69,7 +69,7 @@
#if defined(PACKAGE_REVISION_TYPE_DIST)
std::cout << format_text("Built from a distribution file; no revision "
"information available.") << "\n";
-#elif defined(PACKAGE_REVISION_TYPE_MTN)
+#elif defined(PACKAGE_REVISION_TYPE_GIT)
std::cout << format_text_with_tag(PACKAGE_REVISION_BRANCH, "Branch: ",
false) << "\n";
std::cout << format_text_with_tag(PACKAGE_REVISION_BASE
Modified: vendor/bind/dist/unit/atf-src/atf-version/generate-revision.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/atf-version/generate-revision.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/atf-version/generate-revision.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -2,7 +2,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -35,9 +35,9 @@
set -e
-Prog_Name=`echo "${0}" | sed 's;.*/;;'`
+Prog_Name=${0##*/}
-MTN=
+GIT=
ROOT=
#
@@ -49,60 +49,13 @@
}
#
-# call_mtn args
+# call_git args
#
-call_mtn() {
- ${MTN} --root=${ROOT} "${@}"
+call_git() {
+ ( cd "${ROOT}" && "${GIT}" "${@}" )
}
-# extract_certs rev
#
-extract_certs() {
- call_mtn automate certs ${1} | awk '
-BEGIN {
- current_cert = ""
-}
-
-/^[ \t]*name "([^"]*)"[ \t]*$/ {
- current_cert = substr($2, 2, length($2) - 2)
- next
-}
-
-/^[ \t]*value "([^"]*)"[ \t]*$/ {
- value = substr($2, 2, length($2) - 2)
- if (current_cert == "branch") {
- print "rev_branch=\"" value "\""
- } else if (current_cert == "date") {
- print "rev_date=\"" value "\""
- }
- next
-}
-'
-}
-
-#
-# get_rev_info_into_vars
-#
-# Sets the following variables to describe the current revision of the tree:
-# rev_base_id: The base revision identifier.
-# rev_branch: The branch name.
-# rev_modified: true if the tree has been locally modified.
-# rev_date: The date of the revision.
-#
-get_rev_info_into_vars() {
- rev_base_id=`call_mtn automate get_base_revision_id`
-
- if call_mtn status | grep "no changes" >/dev/null; then
- rev_modified=false
- else
- rev_modified=true
- fi
-
- # The following defines several rev_* variables.
- eval `extract_certs ${rev_base_id}`
-}
-
-#
# generate_from_dist revfile version
#
generate_from_dist() {
@@ -115,16 +68,23 @@
}
#
-# generate_from_mtn revfile
+# generate_from_git revfile
#
-generate_from_mtn() {
+generate_from_git() {
revfile=${1}
- get_rev_info_into_vars
+ rev_base_id=$(call_git rev-parse HEAD)
+ rev_branch=$(call_git branch | grep '^\* ' | cut -d ' ' -f 2-)
+ rev_date=$(call_git log -1 | grep '^Date:' | sed -e 's,^Date:[ \t]*,,')
+ if [ -z "$(call_git status -s)" ]; then
+ rev_modified=false
+ else
+ rev_modified=true
+ fi
>${revfile}
- echo "#define PACKAGE_REVISION_TYPE_MTN" >>${revfile}
+ echo "#define PACKAGE_REVISION_TYPE_GIT" >>${revfile}
echo "#define PACKAGE_REVISION_BRANCH \"${rev_branch}\"" >>${revfile}
echo "#define PACKAGE_REVISION_BASE \"${rev_base_id}\"" >>${revfile}
@@ -144,10 +104,10 @@
main() {
outfile=
version=
- while getopts :m:r:o:v: arg; do
+ while getopts :g:r:o:v: arg; do
case ${arg} in
- m)
- MTN=${OPTARG}
+ g)
+ GIT=${OPTARG}
;;
o)
outfile=${OPTARG}
@@ -170,8 +130,8 @@
[ -n "${version}" ] || \
err "Must specify a version number with -v"
- if [ -n "${MTN}" -a -d ${ROOT}/_MTN ]; then
- generate_from_mtn ${outfile}
+ if [ -n "${GIT}" -a -d ${ROOT}/.git ]; then
+ generate_from_git ${outfile}
else
generate_from_dist ${outfile} ${version}
fi
Property changes on: vendor/bind/dist/unit/atf-src/atf-version/generate-revision.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/bootstrap/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -29,11 +29,11 @@
check_PROGRAMS = bootstrap/h_app_empty
bootstrap_h_app_empty_SOURCES = bootstrap/h_app_empty.cpp
-bootstrap_h_app_empty_LDADD = libatf-c++.la
+bootstrap_h_app_empty_LDADD = $(ATF_CXX_LIBS)
check_PROGRAMS += bootstrap/h_app_opts_args
bootstrap_h_app_opts_args_SOURCES = bootstrap/h_app_opts_args.cpp
-bootstrap_h_app_opts_args_LDADD = libatf-c++.la
+bootstrap_h_app_opts_args_LDADD = $(ATF_CXX_LIBS)
check_PROGRAMS += bootstrap/h_tp_basic_c
bootstrap_h_tp_basic_c_SOURCES = bootstrap/h_tp_basic_c.c
@@ -41,7 +41,7 @@
check_PROGRAMS += bootstrap/h_tp_basic_cpp
bootstrap_h_tp_basic_cpp_SOURCES = bootstrap/h_tp_basic_cpp.cpp
-bootstrap_h_tp_basic_cpp_LDADD = libatf-c++.la
+bootstrap_h_tp_basic_cpp_LDADD = $(ATF_CXX_LIBS)
check_SCRIPTS = bootstrap/h_tp_basic_sh
CLEANFILES += bootstrap/h_tp_basic_sh
@@ -103,6 +103,7 @@
echo 'm4_define(AT_PACKAGE_VERSION, @PACKAGE_VERSION@)'; \
echo 'm4_define(AT_PACKAGE_STRING, @PACKAGE_STRING@)'; \
echo 'm4_define(AT_PACKAGE_BUGREPORT, @PACKAGE_BUGREPORT@)'; \
+ echo 'm4_define(ENABLE_TOOLS, @ENABLE_TOOLS@)'; \
} >$(srcdir)/bootstrap/package.m4
@target_srcdir at bootstrap/testsuite: $(srcdir)/bootstrap/testsuite.at \
@@ -113,8 +114,8 @@
$(srcdir)/bootstrap/testsuite.at -o $@.tmp
mv $@.tmp $@
-installcheck-local: installcheck-bootstrap
-.PHONY: installcheck-bootstrap
+INSTALLCHECK_TARGETS += installcheck-bootstrap
+PHONY_TARGETS += installcheck-bootstrap
installcheck-bootstrap: @target_srcdir at bootstrap/testsuite check
$(TESTS_ENVIRONMENT) $(srcdir)/bootstrap/testsuite
Modified: vendor/bind/dist/unit/atf-src/bootstrap/h_app_empty.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/h_app_empty.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/h_app_empty.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/h_app_opts_args.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/h_app_opts_args.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/h_app_opts_args.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/h_tp_atf_check_sh.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/h_tp_atf_check_sh.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/h_tp_atf_check_sh.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_cpp.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_cpp.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_cpp.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_sh.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_sh.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/h_tp_basic_sh.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/package.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/package.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/package.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,6 +1,7 @@
# Signature of the current package.
m4_define(AT_PACKAGE_NAME, Automated Testing Framework)
m4_define(AT_PACKAGE_TARNAME, atf)
-m4_define(AT_PACKAGE_VERSION, 0.12)
-m4_define(AT_PACKAGE_STRING, Automated Testing Framework 0.12)
+m4_define(AT_PACKAGE_VERSION, 0.17)
+m4_define(AT_PACKAGE_STRING, Automated Testing Framework 0.17)
m4_define(AT_PACKAGE_BUGREPORT, atf-devel at NetBSD.org)
+m4_define(ENABLE_TOOLS, yes)
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_application_help.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_application_help.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_application_help.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_application_opts_args.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_application_opts_args.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_application_opts_args.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_atf_config.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_atf_config.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_atf_config.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_atf_run.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_atf_run.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_atf_run.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_subr_atf_check.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_subr_atf_check.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_subr_atf_check.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_compare.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_compare.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_compare.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_filter.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_filter.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_filter.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_list.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_list.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_list.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_run.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_run.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/t_test_program_run.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/bootstrap/testsuite
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/testsuite 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/testsuite 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#! /bin/sh
-# Generated from bootstrap/testsuite.at by GNU Autoconf 2.68.
+# Generated from bootstrap/testsuite.at by GNU Autoconf 2.69.
#
-# Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+# Copyright (C) 2009-2012 Free Software Foundation, Inc.
#
# This test suite is free software; the Free Software Foundation gives
# unlimited permission to copy, distribute and modify it.
@@ -162,7 +162,8 @@
else
exitcode=1; echo positional parameters were not saved.
fi
-test x\$exitcode = x0 || exit 1"
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
@@ -207,21 +208,25 @@
if test "x$CONFIG_SHELL" != x; then :
- # We cannot yet assume a decent shell, so we have to provide a
- # neutralization value for shells without unset; and this also
- # works around shells that cannot unset nonexistent variables.
- # Preserve -v and -x to the replacement shell.
- BASH_ENV=/dev/null
- ENV=/dev/null
- (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
- export CONFIG_SHELL
- case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
- esac
- exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
+ export CONFIG_SHELL
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
fi
if test x$as_have_required = xno; then :
@@ -323,6 +328,14 @@
} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
# as_fn_append VAR VALUE
# ----------------------
# Append the text in VALUE to the end of the definition contained in VAR. Take
@@ -444,6 +457,10 @@
chmod +x "$as_me.lineno" ||
{ $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+ # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+ # already done that, so ensure we don't try to do so again and fall
+ # in an infinite loop. This has already happened in practice.
+ _as_can_reexec=no; export _as_can_reexec
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensitive to this).
@@ -478,16 +495,16 @@
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
+ # In both cases, we have to default to `cp -pR'.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@@ -499,28 +516,8 @@
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in #(
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -587,22 +584,17 @@
# Whether to enable colored test results.
at_color=no
# List of the tested programs.
-at_tested='atf-config
-atf-run'
+at_tested=''
# As many question marks as there are digits in the last test group number.
# Used to normalize the test group numbers so that `ls' lists them in
# numerical order.
at_format='?'
# Description of all the test groups.
-at_help_all="1;t_application_opts_args.at:30;application: arguments and options handling;;
-2;t_application_help.at:30;application: online help option;;
-3;t_test_program_filter.at:30;test_program: filter test cases by name;;
-4;t_test_program_run.at:30;test_program: output format and exit codes;;
-5;t_test_program_list.at:30;test_program: list test cases;;
-6;t_atf_config.at:30;atf-config: querying of build-time variables;;
-7;t_atf_run.at:30;atf-run: execution of tests;;
-8;t_test_program_compare.at:30;test_program: compare the user-visible interfaces;;
-9;t_subr_atf_check.at:30;subr: atf_check function;;
+at_help_all="1;t_test_program_filter.at:30;test_program: filter test cases by name;;
+2;t_test_program_run.at:30;test_program: output format and exit codes;;
+3;t_test_program_list.at:30;test_program: list test cases;;
+4;t_test_program_compare.at:30;test_program: compare the user-visible interfaces;;
+5;t_subr_atf_check.at:30;subr: atf_check function;;
"
# List of the all the test groups.
at_groups_all=`$as_echo "$at_help_all" | sed 's/;.*//'`
@@ -616,7 +608,7 @@
for at_grp
do
eval at_value=\$$at_grp
- if test $at_value -lt 1 || test $at_value -gt 9; then
+ if test $at_value -lt 1 || test $at_value -gt 5; then
$as_echo "invalid test group: $at_value" >&2
exit 1
fi
@@ -914,7 +906,7 @@
# List of tests.
if $at_list_p; then
cat <<_ATEOF || at_write_fail=1
-Automated Testing Framework 0.12 test suite: bootstrap tests test groups:
+Automated Testing Framework 0.17 test suite: bootstrap tests test groups:
NUM: FILE-NAME:LINE TEST-GROUP-NAME
KEYWORDS
@@ -955,10 +947,10 @@
exit $at_write_fail
fi
if $at_version_p; then
- $as_echo "$as_me (Automated Testing Framework 0.12)" &&
+ $as_echo "$as_me (Automated Testing Framework 0.17)" &&
cat <<\_ATEOF || at_write_fail=1
-Copyright (C) 2010 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This test suite is free software; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
_ATEOF
@@ -1132,11 +1124,11 @@
# Banners and logs.
$as_echo "## ------------------------------------------------------------- ##
-## Automated Testing Framework 0.12 test suite: bootstrap tests. ##
+## Automated Testing Framework 0.17 test suite: bootstrap tests. ##
## ------------------------------------------------------------- ##"
{
$as_echo "## ------------------------------------------------------------- ##
-## Automated Testing Framework 0.12 test suite: bootstrap tests. ##
+## Automated Testing Framework 0.17 test suite: bootstrap tests. ##
## ------------------------------------------------------------- ##"
echo
@@ -1980,7 +1972,7 @@
$as_echo "Please send $at_msg and all information you think might help:
To: <atf-devel at NetBSD.org>
- Subject: [Automated Testing Framework 0.12] $as_me: $at_fail_list${at_fail_list:+ failed${at_xpass_list:+, }}$at_xpass_list${at_xpass_list:+ passed unexpectedly}
+ Subject: [Automated Testing Framework 0.17] $as_me: $at_fail_list${at_fail_list:+ failed${at_xpass_list:+, }}$at_xpass_list${at_xpass_list:+ passed unexpectedly}
You may investigate any problem if you feel able to do so, in which
case the test suite provides a good starting point. Its output may
@@ -1995,8 +1987,8 @@
## Actual tests. ##
## ------------- ##
#AT_START_1
-at_fn_group_banner 1 't_application_opts_args.at:30' \
- "application: arguments and options handling" " "
+at_fn_group_banner 1 't_test_program_filter.at:30' \
+ "test_program: filter test cases by name" " "
at_xfail=no
(
$as_echo "1. $at_setup_line: testing $at_desc ..."
@@ -2003,751 +1995,6 @@
$at_traceon
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:34: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_empty -h"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:34"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_empty -h
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:34"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:35: grep ' -d ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:35"
-( $at_check_trace; grep ' -d ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:35"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:36: grep ' -h ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:36"
-( $at_check_trace; grep ' -h ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:36"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:37: grep ' -v ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:37"
-( $at_check_trace; grep ' -v ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:37"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:38: grep ' -z ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:38"
-( $at_check_trace; grep ' -z ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:38"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:42: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args -h"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:42"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args -h
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:42"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:43: grep ' -d ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:43"
-( $at_check_trace; grep ' -d ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:43"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:44: grep ' -h ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:44"
-( $at_check_trace; grep ' -h ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:44"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:45: grep ' -v ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:45"
-( $at_check_trace; grep ' -v ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:45"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:46: grep ' -z ' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:46"
-( $at_check_trace; grep ' -z ' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:46"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:50: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_empty -d"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:50"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_empty -d
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:50"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:51: grep 'Unknown option.*-d' stderr"
-at_fn_check_prepare_trace "t_application_opts_args.at:51"
-( $at_check_trace; grep 'Unknown option.*-d' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:51"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:52: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_empty -v"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:52"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_empty -v
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:52"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:53: grep 'Unknown option.*-v' stderr"
-at_fn_check_prepare_trace "t_application_opts_args.at:53"
-( $at_check_trace; grep 'Unknown option.*-v' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:53"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:54: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_empty -z"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:54"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_empty -z
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:54"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:55: grep 'Unknown option.*-z' stderr"
-at_fn_check_prepare_trace "t_application_opts_args.at:55"
-( $at_check_trace; grep 'Unknown option.*-z' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:55"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:59: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args -d"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:59"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args -d
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:59"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:60: grep -- '-d given' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:60"
-( $at_check_trace; grep -- '-d given' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:60"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:61: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args -v"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:61"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args -v
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:61"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:62: grep 'Option.*-v.*requires an argument' stderr"
-at_fn_check_prepare_trace "t_application_opts_args.at:62"
-( $at_check_trace; grep 'Option.*-v.*requires an argument' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:62"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:63: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args -v foo"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:63"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args -v foo
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:63"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:64: grep -- '-v given with argument foo' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:64"
-( $at_check_trace; grep -- '-v given with argument foo' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:64"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:65: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args -z"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:65"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args -z
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:65"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:66: grep 'Unknown option.*-z' stderr"
-at_fn_check_prepare_trace "t_application_opts_args.at:66"
-( $at_check_trace; grep 'Unknown option.*-z' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:66"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:69: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args -- -d"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:69"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args -- -d
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:69"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:70: grep -- '-d given' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:70"
-( $at_check_trace; grep -- '-d given' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:70"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:71: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args arg -d"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:71"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args arg -d
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:71"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:72: grep -- '-d given' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:72"
-( $at_check_trace; grep -- '-d given' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_opts_args.at:72"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:76: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_empty -h"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:76"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_empty -h
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:76"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:77: grep '\\[options\\]\$' stdout"
-at_fn_check_prepare_dynamic "grep '\\[options\\]$' stdout" "t_application_opts_args.at:77"
-( $at_check_trace; grep '\[options\]$' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:77"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:81: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_opts_args -h"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_opts_args.at:81"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_opts_args -h
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:81"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_opts_args.at:82: grep '\\[options\\] <arg1> <arg2>' stdout"
-at_fn_check_prepare_trace "t_application_opts_args.at:82"
-( $at_check_trace; grep '\[options\] <arg1> <arg2>' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_opts_args.at:82"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
- set +x
- $at_times_p && times >"$at_times_file"
-) 5>&1 2>&1 7>&- | eval $at_tee_pipe
-read at_status <"$at_status_file"
-#AT_STOP_1
-#AT_START_2
-at_fn_group_banner 2 't_application_help.at:30' \
- "application: online help option" " "
-at_xfail=no
-(
- $as_echo "2. $at_setup_line: testing $at_desc ..."
- $at_traceon
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_help.at:32: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_empty"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_help.at:32"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_empty
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_help.at:32"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_help.at:33: grep 'Available options' stdout"
-at_fn_check_prepare_trace "t_application_help.at:33"
-( $at_check_trace; grep 'Available options' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_application_help.at:33"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_application_help.at:35: \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_app_empty -h"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_application_help.at:35"
-( $at_check_trace; $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_app_empty -h
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_help.at:35"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_application_help.at:36: grep 'Available options' stdout"
-at_fn_check_prepare_trace "t_application_help.at:36"
-( $at_check_trace; grep 'Available options' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_application_help.at:36"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
- set +x
- $at_times_p && times >"$at_times_file"
-) 5>&1 2>&1 7>&- | eval $at_tee_pipe
-read at_status <"$at_status_file"
-#AT_STOP_2
-#AT_START_3
-at_fn_group_banner 3 't_test_program_filter.at:30' \
- "test_program: filter test cases by name" " "
-at_xfail=no
-(
- $as_echo "3. $at_setup_line: testing $at_desc ..."
- $at_traceon
-
-
for h in tp_basic_c tp_basic_cpp tp_basic_sh; do
{ set +x
@@ -2788,7 +2035,7 @@
cd ${old}
echo ${topdir}
})/bootstrap invalid
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -2801,7 +2048,7 @@
$as_echo "$at_srcdir/t_test_program_filter.at:36: grep \"Unknown test case .invalid'\" stderr"
at_fn_check_prepare_trace "t_test_program_filter.at:36"
( $at_check_trace; grep "Unknown test case .invalid'" stderr
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -2849,7 +2096,7 @@
cd ${old}
echo ${topdir}
})/bootstrap "*p*"
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -2862,7 +2109,7 @@
$as_echo "$at_srcdir/t_test_program_filter.at:41: grep \"Unknown test case .\\\\*p\\\\*'\" stderr"
at_fn_check_prepare_trace "t_test_program_filter.at:41"
( $at_check_trace; grep "Unknown test case .\\*p\\*'" stderr
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -2914,7 +2161,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -2927,7 +2174,7 @@
$as_echo "$at_srcdir/t_test_program_filter.at:47: cmp -s resout expres"
at_fn_check_prepare_trace "t_test_program_filter.at:47"
( $at_check_trace; cmp -s resout expres
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -2979,7 +2226,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -2992,7 +2239,7 @@
$as_echo "$at_srcdir/t_test_program_filter.at:52: cmp -s resout expres"
at_fn_check_prepare_trace "t_test_program_filter.at:52"
( $at_check_trace; cmp -s resout expres
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3044,7 +2291,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -3057,7 +2304,7 @@
$as_echo "$at_srcdir/t_test_program_filter.at:57: cmp -s resout expres"
at_fn_check_prepare_trace "t_test_program_filter.at:57"
( $at_check_trace; cmp -s resout expres
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3073,13 +2320,13 @@
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_3
-#AT_START_4
-at_fn_group_banner 4 't_test_program_run.at:30' \
+#AT_STOP_1
+#AT_START_2
+at_fn_group_banner 2 't_test_program_run.at:30' \
"test_program: output format and exit codes" " "
at_xfail=no
(
- $as_echo "4. $at_setup_line: testing $at_desc ..."
+ $as_echo "2. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -3123,7 +2370,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -3140,7 +2387,7 @@
$as_echo "$at_srcdir/t_test_program_run.at:36: diff -u expres resout"
at_fn_check_prepare_trace "t_test_program_run.at:36"
( $at_check_trace; diff -u expres resout
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3188,7 +2435,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -3205,7 +2452,7 @@
$as_echo "$at_srcdir/t_test_program_run.at:39: diff -u expres resout"
at_fn_check_prepare_trace "t_test_program_run.at:39"
( $at_check_trace; diff -u expres resout
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3253,7 +2500,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -3270,7 +2517,7 @@
$as_echo "$at_srcdir/t_test_program_run.at:42: diff -u expres resout"
at_fn_check_prepare_trace "t_test_program_run.at:42"
( $at_check_trace; diff -u expres resout
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3318,7 +2565,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout default
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -3335,7 +2582,7 @@
$as_echo "$at_srcdir/t_test_program_run.at:45: diff -u expres resout"
at_fn_check_prepare_trace "t_test_program_run.at:45"
( $at_check_trace; diff -u expres resout
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3351,13 +2598,13 @@
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_4
-#AT_START_5
-at_fn_group_banner 5 't_test_program_list.at:30' \
+#AT_STOP_2
+#AT_START_3
+at_fn_group_banner 3 't_test_program_list.at:30' \
"test_program: list test cases" " "
at_xfail=no
(
- $as_echo "5. $at_setup_line: testing $at_desc ..."
+ $as_echo "3. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -3418,7 +2665,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -l
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3466,7 +2713,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -l pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -3479,7 +2726,7 @@
$as_echo "$at_srcdir/t_test_program_list.at:52: grep 'Cannot provide test case names with -l' stderr"
at_fn_check_prepare_trace "t_test_program_list.at:52"
( $at_check_trace; grep 'Cannot provide test case names with -l' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3527,7 +2774,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -l pass fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -3540,7 +2787,7 @@
$as_echo "$at_srcdir/t_test_program_list.at:56: grep 'Cannot provide test case names with -l' stderr"
at_fn_check_prepare_trace "t_test_program_list.at:56"
( $at_check_trace; grep 'Cannot provide test case names with -l' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -3556,1736 +2803,13 @@
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_5
-#AT_START_6
-at_fn_group_banner 6 't_atf_config.at:30' \
- "atf-config: querying of build-time variables" " "
-at_xfail=no
-(
- $as_echo "6. $at_setup_line: testing $at_desc ..."
- $at_traceon
-
-
-
-all_vars="atf_arch \
- atf_build_cc \
- atf_build_cflags \
- atf_build_cpp \
- atf_build_cppflags \
- atf_build_cxx \
- atf_build_cxxflags \
- atf_confdir \
- atf_includedir \
- atf_libdir \
- atf_libexecdir \
- atf_machine \
- atf_pkgdatadir \
- atf_shell \
- atf_workdir"
-all_vars_no=15
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:51: atf-config"
-at_fn_check_prepare_trace "t_atf_config.at:51"
-( $at_check_trace; atf-config
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:51"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:52: test $(wc -l stdout | awk '{ print $1 }') = \${all_vars_no}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:52"
-( $at_check_trace; test $(wc -l stdout | awk '{ print $1 }') = ${all_vars_no}
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:52"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-for v in ${all_vars}; do
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:54: grep \"\${v}\" stdout"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:54"
-( $at_check_trace; grep "${v}" stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:54"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-done
-
-for v in ${all_vars}; do
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:59: atf-config \${v}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:59"
-( $at_check_trace; atf-config ${v}
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:59"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:60: test $(wc -l stdout | awk '{ print $1 }') = 1"
-at_fn_check_prepare_notrace 'a shell pipeline' "t_atf_config.at:60"
-( $at_check_trace; test $(wc -l stdout | awk '{ print $1 }') = 1
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:60"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:61: grep \"\${v}\" stdout"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:61"
-( $at_check_trace; grep "${v}" stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:61"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:62: cut -d ' ' -f 3- stdout"
-at_fn_check_prepare_trace "t_atf_config.at:62"
-( $at_check_trace; cut -d ' ' -f 3- stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:62"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:63: mv stdout expout"
-at_fn_check_prepare_trace "t_atf_config.at:63"
-( $at_check_trace; mv stdout expout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:63"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:64: atf-config -t \${v}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:64"
-( $at_check_trace; atf-config -t ${v}
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-$at_diff expout "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:64"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-done
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:68: atf-config atf_libexecdir atf_pkgdatadir"
-at_fn_check_prepare_trace "t_atf_config.at:68"
-( $at_check_trace; atf-config atf_libexecdir atf_pkgdatadir
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:68"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:69: grep 'atf_libexecdir' stdout"
-at_fn_check_prepare_trace "t_atf_config.at:69"
-( $at_check_trace; grep 'atf_libexecdir' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:69"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:70: grep 'atf_pkgdatadir' stdout"
-at_fn_check_prepare_trace "t_atf_config.at:70"
-( $at_check_trace; grep 'atf_pkgdatadir' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:70"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:71: test $(wc -l stdout | awk '{ print $1 }') = 2"
-at_fn_check_prepare_notrace 'a shell pipeline' "t_atf_config.at:71"
-( $at_check_trace; test $(wc -l stdout | awk '{ print $1 }') = 2
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:71"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:74: atf-config non_existent"
-at_fn_check_prepare_trace "t_atf_config.at:74"
-( $at_check_trace; atf-config non_existent
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_config.at:74"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_config.at:75: grep 'Unknown variable.*non_existent' stderr"
-at_fn_check_prepare_trace "t_atf_config.at:75"
-( $at_check_trace; grep 'Unknown variable.*non_existent' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:75"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-for v in ${all_vars}; do
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:79: atf-config \${v} non_existent"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:79"
-( $at_check_trace; atf-config ${v} non_existent
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_config.at:79"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:80: grep 'Unknown variable.*non_existent' stderr"
-at_fn_check_prepare_trace "t_atf_config.at:80"
-( $at_check_trace; grep 'Unknown variable.*non_existent' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:80"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:82: atf-config non_existent \${v}"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:82"
-( $at_check_trace; atf-config non_existent ${v}
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_config.at:82"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:83: grep 'Unknown variable.*non_existent' stderr"
-at_fn_check_prepare_trace "t_atf_config.at:83"
-( $at_check_trace; grep 'Unknown variable.*non_existent' stderr
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:83"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-done
-
-for v in ${all_vars}; do
- V=$(echo ${v} | tr '[a-z]' '[A-Z]')
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:90: env \${V}=testval atf-config"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:90"
-( $at_check_trace; env ${V}=testval atf-config
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:90"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:91: mv stdout all"
-at_fn_check_prepare_trace "t_atf_config.at:91"
-( $at_check_trace; mv stdout all
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:91"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:93: grep \"^\${v} : \" all"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:93"
-( $at_check_trace; grep "^${v} : " all
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:93"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:94: mv stdout affected"
-at_fn_check_prepare_trace "t_atf_config.at:94"
-( $at_check_trace; mv stdout affected
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:94"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:95: grep -v \"^\${v} : \" all"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:95"
-( $at_check_trace; grep -v "^${v} : " all
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:95"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:96: mv stdout unaffected"
-at_fn_check_prepare_trace "t_atf_config.at:96"
-( $at_check_trace; mv stdout unaffected
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:96"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:98: test $(wc -l affected | awk '{ print $1 }') = 1"
-at_fn_check_prepare_notrace 'a shell pipeline' "t_atf_config.at:98"
-( $at_check_trace; test $(wc -l affected | awk '{ print $1 }') = 1
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:98"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:99: test $(wc -l unaffected | awk '{ print $1 }') = \$((\${all_vars_no} - 1))"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_config.at:99"
-( $at_check_trace; test $(wc -l unaffected | awk '{ print $1 }') = $((${all_vars_no} - 1))
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:99"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:102: grep \"^\${v} : testval\$\" affected"
-at_fn_check_prepare_notrace 'a ${...} parameter expansion' "t_atf_config.at:102"
-( $at_check_trace; grep "^${v} : testval$" affected
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_config.at:102"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
- { set +x
-$as_echo "$at_srcdir/t_atf_config.at:103: grep ' : testval\$' unaffected"
-at_fn_check_prepare_dynamic "grep ' : testval$' unaffected" "t_atf_config.at:103"
-( $at_check_trace; grep ' : testval$' unaffected
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_config.at:103"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-done
-
- set +x
- $at_times_p && times >"$at_times_file"
-) 5>&1 2>&1 7>&- | eval $at_tee_pipe
-read at_status <"$at_status_file"
-#AT_STOP_6
-#AT_START_7
-at_fn_group_banner 7 't_atf_run.at:30' \
- "atf-run: execution of tests" " "
-at_xfail=no
-(
- $as_echo "7. $at_setup_line: testing $at_desc ..."
- $at_traceon
-
-
-
-
-
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:47: mkdir top"
-at_fn_check_prepare_trace "t_atf_run.at:47"
-( $at_check_trace; mkdir top
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:47"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:48: mkdir top/dir1"
-at_fn_check_prepare_trace "t_atf_run.at:48"
-( $at_check_trace; mkdir top/dir1
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:48"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:49: mkdir top/dir2"
-at_fn_check_prepare_trace "t_atf_run.at:49"
-( $at_check_trace; mkdir top/dir2
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:49"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-cat >top/Atffile <<'_ATEOF'
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = atf
-
-tp: dir1
-tp: dir2
-tp: test1
-tp: test2
-_ATEOF
-
-cat >top/dir1/Atffile <<'_ATEOF'
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = atf
-
-tp: test3
-_ATEOF
-
-cat >top/dir2/Atffile <<'_ATEOF'
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = atf
-
-tp: test4
-tp: test5
-_ATEOF
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:75: sed -e 's, at TC_NAME@,tc_1,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_pass"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:75"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_1,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_pass
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:75"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:75: mv stdout top/test1"
-at_fn_check_prepare_trace "t_atf_run.at:75"
-( $at_check_trace; mv stdout top/test1
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:75"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:75: chmod +x top/test1"
-at_fn_check_prepare_trace "t_atf_run.at:75"
-( $at_check_trace; chmod +x top/test1
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:75"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:76: sed -e 's, at TC_NAME@,tc_2,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_fail"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:76"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_2,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_fail
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:76"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:76: mv stdout top/test2"
-at_fn_check_prepare_trace "t_atf_run.at:76"
-( $at_check_trace; mv stdout top/test2
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:76"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:76: chmod +x top/test2"
-at_fn_check_prepare_trace "t_atf_run.at:76"
-( $at_check_trace; chmod +x top/test2
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:76"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:77: sed -e 's, at TC_NAME@,tc_3,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_pass"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:77"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_3,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_pass
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:77"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:77: mv stdout top/dir1/test3"
-at_fn_check_prepare_trace "t_atf_run.at:77"
-( $at_check_trace; mv stdout top/dir1/test3
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:77"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:77: chmod +x top/dir1/test3"
-at_fn_check_prepare_trace "t_atf_run.at:77"
-( $at_check_trace; chmod +x top/dir1/test3
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:77"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:78: sed -e 's, at TC_NAME@,tc_4,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_fail"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:78"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_4,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_fail
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:78"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:78: mv stdout top/dir2/test4"
-at_fn_check_prepare_trace "t_atf_run.at:78"
-( $at_check_trace; mv stdout top/dir2/test4
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:78"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:78: chmod +x top/dir2/test4"
-at_fn_check_prepare_trace "t_atf_run.at:78"
-( $at_check_trace; chmod +x top/dir2/test4
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:78"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:79: sed -e 's, at TC_NAME@,tc_5,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_pass"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:79"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_5,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_pass
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:79"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:79: mv stdout top/dir2/test5"
-at_fn_check_prepare_trace "t_atf_run.at:79"
-( $at_check_trace; mv stdout top/dir2/test5
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:79"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:79: chmod +x top/dir2/test5"
-at_fn_check_prepare_trace "t_atf_run.at:79"
-( $at_check_trace; chmod +x top/dir2/test5
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:79"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:81: cd top/dir1 && atf-run"
-at_fn_check_prepare_trace "t_atf_run.at:81"
-( $at_check_trace; cd top/dir1 && atf-run
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:81"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:82: grep '^tc-end: tc_3, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:82"
-( $at_check_trace; grep '^tc-end: tc_3, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:82"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:83: grep -i 'tc_[1245]' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:83"
-( $at_check_trace; grep -i 'tc_[1245]' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:83"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:84: grep 'tc-so:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:84"
-( $at_check_trace; grep 'tc-so:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:84"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:85: grep 'tc-se:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:85"
-( $at_check_trace; grep 'tc-se:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:85"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:87: cd top/dir2 && atf-run"
-at_fn_check_prepare_trace "t_atf_run.at:87"
-( $at_check_trace; cd top/dir2 && atf-run
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:87"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:88: grep '^tc-end: tc_4, failed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:88"
-( $at_check_trace; grep '^tc-end: tc_4, failed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:88"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:89: grep '^tc-end: tc_5, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:89"
-( $at_check_trace; grep '^tc-end: tc_5, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:89"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:90: grep -i 'tc_[123]' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:90"
-( $at_check_trace; grep -i 'tc_[123]' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:90"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:91: grep 'tc-so:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:91"
-( $at_check_trace; grep 'tc-so:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:91"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:92: grep 'tc-se:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:92"
-( $at_check_trace; grep 'tc-se:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:92"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:94: cd top && atf-run"
-at_fn_check_prepare_trace "t_atf_run.at:94"
-( $at_check_trace; cd top && atf-run
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:94"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:95: grep '^tc-end: tc_1, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:95"
-( $at_check_trace; grep '^tc-end: tc_1, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:95"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:96: grep '^tc-end: tc_2, failed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:96"
-( $at_check_trace; grep '^tc-end: tc_2, failed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:96"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:97: grep '^tc-end: tc_3, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:97"
-( $at_check_trace; grep '^tc-end: tc_3, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:97"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:98: grep '^tc-end: tc_4, failed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:98"
-( $at_check_trace; grep '^tc-end: tc_4, failed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:98"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:99: grep '^tc-end: tc_5, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:99"
-( $at_check_trace; grep '^tc-end: tc_5, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:99"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:100: grep 'tc-so:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:100"
-( $at_check_trace; grep 'tc-so:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:100"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:101: grep 'tc-se:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:101"
-( $at_check_trace; grep 'tc-se:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:101"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-cat >top/Atffile <<'_ATEOF'
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = atf
-
-tp-glob: *
-_ATEOF
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:111: cd top && atf-run"
-at_fn_check_prepare_trace "t_atf_run.at:111"
-( $at_check_trace; cd top && atf-run
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:111"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:112: grep '^tc-end: tc_1, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:112"
-( $at_check_trace; grep '^tc-end: tc_1, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:112"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:113: grep '^tc-end: tc_2, failed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:113"
-( $at_check_trace; grep '^tc-end: tc_2, failed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:113"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:114: grep '^tc-end: tc_3, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:114"
-( $at_check_trace; grep '^tc-end: tc_3, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:114"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:115: grep '^tc-end: tc_4, failed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:115"
-( $at_check_trace; grep '^tc-end: tc_4, failed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:115"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:116: grep '^tc-end: tc_5, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:116"
-( $at_check_trace; grep '^tc-end: tc_5, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:116"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:117: grep 'tc-so:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:117"
-( $at_check_trace; grep 'tc-so:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:117"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:118: grep 'tc-se:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:118"
-( $at_check_trace; grep 'tc-se:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:118"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-cat >top/Atffile <<'_ATEOF'
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = atf
-
-tp-glob: d*
-_ATEOF
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:128: cd top && atf-run"
-at_fn_check_prepare_trace "t_atf_run.at:128"
-( $at_check_trace; cd top && atf-run
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:128"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:129: grep '^tc-end: tc_3, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:129"
-( $at_check_trace; grep '^tc-end: tc_3, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:129"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:130: grep '^tc-end: tc_4, failed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:130"
-( $at_check_trace; grep '^tc-end: tc_4, failed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:130"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:131: grep '^tc-end: tc_5, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:131"
-( $at_check_trace; grep '^tc-end: tc_5, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:131"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:132: grep 'tc-so:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:132"
-( $at_check_trace; grep 'tc-so:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:132"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:133: grep 'tc-se:ignore-me' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:133"
-( $at_check_trace; grep 'tc-se:ignore-me' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:133"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:138: rm -rf top"
-at_fn_check_prepare_trace "t_atf_run.at:138"
-( $at_check_trace; rm -rf top
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:138"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:139: mkdir top"
-at_fn_check_prepare_trace "t_atf_run.at:139"
-( $at_check_trace; mkdir top
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:139"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:140: sed -e 's, at TC_NAME@,tc_1,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_pass"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:140"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_1,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_pass
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:140"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:140: mv stdout top/test1"
-at_fn_check_prepare_trace "t_atf_run.at:140"
-( $at_check_trace; mv stdout top/test1
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:140"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:140: chmod +x top/test1"
-at_fn_check_prepare_trace "t_atf_run.at:140"
-( $at_check_trace; chmod +x top/test1
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:140"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:141: sed -e 's, at TC_NAME@,tc_2,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_pass"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:141"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_2,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_pass
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:141"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:141: mv stdout top/test2"
-at_fn_check_prepare_trace "t_atf_run.at:141"
-( $at_check_trace; mv stdout top/test2
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:141"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:141: chmod +x top/test2"
-at_fn_check_prepare_trace "t_atf_run.at:141"
-( $at_check_trace; chmod +x top/test2
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:141"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:142: sed -e 's, at TC_NAME@,tc_3,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_pass"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:142"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_3,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_pass
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:142"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:142: mv stdout top/test3"
-at_fn_check_prepare_trace "t_atf_run.at:142"
-( $at_check_trace; mv stdout top/test3
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:142"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:142: chmod +x top/test3"
-at_fn_check_prepare_trace "t_atf_run.at:142"
-( $at_check_trace; chmod +x top/test3
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:142"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:143: chmod -x top/test3"
-at_fn_check_prepare_trace "t_atf_run.at:143"
-( $at_check_trace; chmod -x top/test3
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:143"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:144: sed -e 's, at TC_NAME@,tc_4,g' <\$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_pass"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:144"
-( $at_check_trace; sed -e 's, at TC_NAME@,tc_4,g' <$({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_pass
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:144"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:144: mv stdout top/.test4"
-at_fn_check_prepare_trace "t_atf_run.at:144"
-( $at_check_trace; mv stdout top/.test4
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:144"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:144: chmod +x top/.test4"
-at_fn_check_prepare_trace "t_atf_run.at:144"
-( $at_check_trace; chmod +x top/.test4
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:144"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:145: chmod -x top/.test4"
-at_fn_check_prepare_trace "t_atf_run.at:145"
-( $at_check_trace; chmod -x top/.test4
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:145"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-cat >top/Atffile <<'_ATEOF'
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = atf
-
-tp-glob: *
-_ATEOF
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:153: cd top && atf-run"
-at_fn_check_prepare_trace "t_atf_run.at:153"
-( $at_check_trace; cd top && atf-run
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:153"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:154: grep '^tc-end: tc_1, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:154"
-( $at_check_trace; grep '^tc-end: tc_1, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:154"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:155: grep '^tc-end: tc_2, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:155"
-( $at_check_trace; grep '^tc-end: tc_2, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:155"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:156: grep -i 'tc_3' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:156"
-( $at_check_trace; grep -i 'tc_3' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:156"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:157: grep -i 'tc_4' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:157"
-( $at_check_trace; grep -i 'tc_4' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:157"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:160: rm -rf top"
-at_fn_check_prepare_trace "t_atf_run.at:160"
-( $at_check_trace; rm -rf top
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:160"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:161: mkdir top"
-at_fn_check_prepare_trace "t_atf_run.at:161"
-( $at_check_trace; mkdir top
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:161"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:162: cp \$({
- old=\$(pwd)
- while test \$(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=\$(pwd)
- cd \${old}
- echo \${topdir}
-})/bootstrap/h_tp_basic_sh top"
-at_fn_check_prepare_notrace 'a $(...) command substitution' "t_atf_run.at:162"
-( $at_check_trace; cp $({
- old=$(pwd)
- while test $(pwd) != '/' -a ! -e ./Makefile; do
- cd ..
- done
- topdir=$(pwd)
- cd ${old}
- echo ${topdir}
-})/bootstrap/h_tp_basic_sh top
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-at_fn_diff_devnull "$at_stdout" || at_failed=:
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:162"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-cat >top/Atffile <<'_ATEOF'
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = atf
-
-tp: h_tp_basic_sh
-_ATEOF
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:170: cd top && atf-run"
-at_fn_check_prepare_trace "t_atf_run.at:170"
-( $at_check_trace; cd top && atf-run
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-echo stderr:; tee stderr <"$at_stderr"
-echo stdout:; tee stdout <"$at_stdout"
-at_fn_check_status 1 $at_status "$at_srcdir/t_atf_run.at:170"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:171: grep '^tc-end: pass, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:171"
-( $at_check_trace; grep '^tc-end: pass, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:171"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:172: grep '^tc-end: fail, failed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:172"
-( $at_check_trace; grep '^tc-end: fail, failed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:172"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:173: grep '^tc-end: skip, skipped' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:173"
-( $at_check_trace; grep '^tc-end: skip, skipped' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:173"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-{ set +x
-$as_echo "$at_srcdir/t_atf_run.at:174: grep '^tc-end: default, passed' stdout"
-at_fn_check_prepare_trace "t_atf_run.at:174"
-( $at_check_trace; grep '^tc-end: default, passed' stdout
-) >>"$at_stdout" 2>>"$at_stderr"
-at_status=$? at_failed=false
-$at_check_filter
-at_fn_diff_devnull "$at_stderr" || at_failed=:
-echo stdout:; cat "$at_stdout"
-at_fn_check_status 0 $at_status "$at_srcdir/t_atf_run.at:174"
-$at_failed && at_fn_log_failure
-$at_traceon; }
-
-
- set +x
- $at_times_p && times >"$at_times_file"
-) 5>&1 2>&1 7>&- | eval $at_tee_pipe
-read at_status <"$at_status_file"
-#AT_STOP_7
-#AT_START_8
-at_fn_group_banner 8 't_test_program_compare.at:30' \
+#AT_STOP_3
+#AT_START_4
+at_fn_group_banner 4 't_test_program_compare.at:30' \
"test_program: compare the user-visible interfaces" ""
at_xfail=no
(
- $as_echo "8. $at_setup_line: testing $at_desc ..."
+ $as_echo "4. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -5327,7 +2851,7 @@
cd ${old}
echo ${topdir}
})/bootstrap
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -5375,7 +2899,7 @@
cd ${old}
echo ${topdir}
})/bootstrap
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -5423,7 +2947,7 @@
cd ${old}
echo ${topdir}
})/bootstrap
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -5471,7 +2995,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -h
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -5519,7 +3043,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -h
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -5567,7 +3091,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -h
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -5615,7 +3139,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -Z
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -5663,7 +3187,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -Z
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -5711,7 +3235,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -Z
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -5759,7 +3283,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -l
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -5807,7 +3331,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -l
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -5855,7 +3379,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -l
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -5903,7 +3427,7 @@
cd ${old}
echo ${topdir}
})/bootstrap
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -5952,7 +3476,7 @@
cd ${old}
echo ${topdir}
})/bootstrap
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6001,7 +3525,7 @@
cd ${old}
echo ${topdir}
})/bootstrap
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6049,7 +3573,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -6099,7 +3623,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6112,7 +3636,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:80: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:80"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6162,7 +3686,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6175,7 +3699,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:86: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:86"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6223,7 +3747,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -6273,7 +3797,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6286,7 +3810,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:96: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:96"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6336,7 +3860,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6349,7 +3873,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:102: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:102"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6397,7 +3921,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -6447,7 +3971,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6460,7 +3984,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:112: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:112"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6510,7 +4034,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6523,7 +4047,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:118: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:118"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6571,7 +4095,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout default
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -6621,7 +4145,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout default
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6634,7 +4158,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:128: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:128"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6684,7 +4208,7 @@
cd ${old}
echo ${topdir}
})/bootstrap -r resout default
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6697,7 +4221,7 @@
$as_echo "$at_srcdir/t_test_program_compare.at:134: cmp -s resout resexp"
at_fn_check_prepare_trace "t_test_program_compare.at:134"
( $at_check_trace; cmp -s resout resexp
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
at_fn_diff_devnull "$at_stderr" || at_failed=:
@@ -6745,7 +4269,7 @@
cd ${old}
echo ${topdir}
})/bootstrap pass fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -6794,7 +4318,7 @@
cd ${old}
echo ${topdir}
})/bootstrap pass fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6843,7 +4367,7 @@
cd ${old}
echo ${topdir}
})/bootstrap pass fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6891,7 +4415,7 @@
cd ${old}
echo ${topdir}
})/bootstrap unknown
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -6940,7 +4464,7 @@
cd ${old}
echo ${topdir}
})/bootstrap unknown
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -6989,7 +4513,7 @@
cd ${old}
echo ${topdir}
})/bootstrap unknown
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -7037,7 +4561,7 @@
cd ${old}
echo ${topdir}
})/bootstrap pass:cleanup
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -7086,7 +4610,7 @@
cd ${old}
echo ${topdir}
})/bootstrap pass:cleanup
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -7135,7 +4659,7 @@
cd ${old}
echo ${topdir}
})/bootstrap pass:cleanup
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -7183,7 +4707,7 @@
cd ${old}
echo ${topdir}
})/bootstrap skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; tee stderr <"$at_stderr"
@@ -7232,7 +4756,7 @@
cd ${old}
echo ${topdir}
})/bootstrap skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -7281,7 +4805,7 @@
cd ${old}
echo ${topdir}
})/bootstrap skip
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
$at_diff experr "$at_stderr" || at_failed=:
@@ -7295,13 +4819,13 @@
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_8
-#AT_START_9
-at_fn_group_banner 9 't_subr_atf_check.at:30' \
+#AT_STOP_4
+#AT_START_5
+at_fn_group_banner 5 't_subr_atf_check.at:30' \
"subr: atf_check function" " "
at_xfail=no
(
- $as_echo "9. $at_setup_line: testing $at_desc ..."
+ $as_echo "5. $at_setup_line: testing $at_desc ..."
$at_traceon
@@ -7343,7 +4867,7 @@
cd ${old}
echo ${topdir}
})/bootstrap exitcode_0_0
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7390,7 +4914,7 @@
cd ${old}
echo ${topdir}
})/bootstrap exitcode_0_1
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7437,7 +4961,7 @@
cd ${old}
echo ${topdir}
})/bootstrap exitcode_1_0
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7484,7 +5008,7 @@
cd ${old}
echo ${topdir}
})/bootstrap exitcode_1_1
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7532,7 +5056,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_expout_pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7579,7 +5103,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_expout_fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7626,7 +5150,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_ignore_empty
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7673,7 +5197,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_ignore_sth
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7720,7 +5244,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_null_empty
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7767,7 +5291,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_null_sth
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7814,7 +5338,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_stdout_written
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7861,7 +5385,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_match_ok
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7908,7 +5432,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stdout_match_fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -7956,7 +5480,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_experr_pass
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8003,7 +5527,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_experr_fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8050,7 +5574,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_ignore_empty
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8097,7 +5621,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_ignore_sth
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8144,7 +5668,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_null_empty
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8191,7 +5715,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_null_sth
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8238,7 +5762,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_stderr_written
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8285,7 +5809,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_match_ok
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8332,7 +5856,7 @@
cd ${old}
echo ${topdir}
})/bootstrap stderr_match_fail
-) >>"$at_stdout" 2>>"$at_stderr"
+) >>"$at_stdout" 2>>"$at_stderr" 5>&-
at_status=$? at_failed=false
$at_check_filter
echo stderr:; cat "$at_stderr"
@@ -8346,4 +5870,4 @@
$at_times_p && times >"$at_times_file"
) 5>&1 2>&1 7>&- | eval $at_tee_pipe
read at_status <"$at_status_file"
-#AT_STOP_9
+#AT_STOP_5
Property changes on: vendor/bind/dist/unit/atf-src/bootstrap/testsuite
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/unit/atf-src/bootstrap/testsuite.at
===================================================================
--- vendor/bind/dist/unit/atf-src/bootstrap/testsuite.at 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/bootstrap/testsuite.at 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -60,20 +60,25 @@
AT_CHECK([diff -u expres $1], [0], [], [])])
m4_define(CHECK_TCS_TCR,
- [AT_CHECK([grep '^tc-end: $1, $2' $3], [0], [ignore], [])])
+ [AT_CHECK([grep '^tc-end: @<:@0-9. @:>@*, $1, $2' $3], [0],
+ [ignore], [])])
m4_define(CHECK_TPS_TCR,
- [AT_CHECK([grep '^tc-end: $1, $2' $3], [0], [ignore], [])])
+ [AT_CHECK([grep '^tc-end: @<:@0-9. @:>@*, $1, $2' $3], [0],
+ [ignore], [])])
dnl The tests below are sorted depending on how important they are.
-m4_include(bootstrap/t_application_opts_args.at)
-m4_include(bootstrap/t_application_help.at)
m4_include(bootstrap/t_test_program_filter.at)
m4_include(bootstrap/t_test_program_run.at)
m4_include(bootstrap/t_test_program_list.at)
-m4_include(bootstrap/t_atf_config.at)
-m4_include(bootstrap/t_atf_run.at)
m4_include(bootstrap/t_test_program_compare.at)
m4_include(bootstrap/t_subr_atf_check.at)
+m4_if([ENABLE_TOOLS], yes, [
+ m4_include(bootstrap/t_application_opts_args.at)
+ m4_include(bootstrap/t_application_help.at)
+ m4_include(bootstrap/t_atf_config.at)
+ m4_include(bootstrap/t_atf_run.at)
+])
+
dnl vim: syntax=m4:expandtab:shiftwidth=4:softtabstop=4
Deleted: vendor/bind/dist/unit/atf-src/configure
===================================================================
--- vendor/bind/dist/unit/atf-src/configure 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/configure 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,18823 +0,0 @@
-#! /bin/sh
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.67 for Automated Testing Framework 0.12.
-#
-# Report bugs to <atf-devel at NetBSD.org>.
-#
-#
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
-# Foundation, Inc.
-#
-#
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else
- case \`(set -o) 2>/dev/null\` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
-
-else
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1"
- if (eval "$as_required") 2>/dev/null; then :
- as_have_required=yes
-else
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
-
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- as_found=:
- case $as_dir in #(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir/$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi; }
-IFS=$as_save_IFS
-
-
- if test "x$CONFIG_SHELL" != x; then :
- # We cannot yet assume a decent shell, so we have to provide a
- # neutralization value for shells without unset; and this also
- # works around shells that cannot unset nonexistent variables.
- BASH_ENV=/dev/null
- ENV=/dev/null
- (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
-fi
-
- if test x$as_have_required = xno; then :
- $as_echo "$0: This script requires a shell more modern than all"
- $as_echo "$0: the shells that I found on your system."
- if test x${ZSH_VERSION+set} = xset ; then
- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
- else
- $as_echo "$0: Please tell bug-autoconf at gnu.org and
-$0: atf-devel at NetBSD.org about your system, including any
-$0: error possibly output before this message. Then install
-$0: a modern shell, or manually run the script under such a
-$0: shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- $as_echo "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -p'
- fi
-else
- as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in #(
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-case X$lt_ECHO in
-X*--fallback-echo)
- # Remove one level of quotation (which was required for Make).
- ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
- ;;
-esac
-
-ECHO=${lt_ECHO-echo}
-if test "X$1" = X--no-reexec; then
- # Discard the --no-reexec flag, and continue.
- shift
-elif test "X$1" = X--fallback-echo; then
- # Avoid inline document here, it may be left over
- :
-elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
- # Yippee, $ECHO works!
- :
-else
- # Restart under the correct shell.
- exec $SHELL "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
- # used as fallback echo
- shift
- cat <<_LT_EOF
-$*
-_LT_EOF
- exit 0
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-if test -z "$lt_ECHO"; then
- if test "X${echo_test_string+set}" != Xset; then
- # find a string as large as possible, as long as the shell can cope with it
- for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
- # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
- if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
- { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
- then
- break
- fi
- done
- fi
-
- if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- :
- else
- # The Solaris, AIX, and Digital Unix default echo programs unquote
- # backslashes. This makes it impossible to quote backslashes using
- # echo "$something" | sed 's/\\/\\\\/g'
- #
- # So, first we look for a working echo in the user's PATH.
-
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for dir in $PATH /usr/ucb; do
- IFS="$lt_save_ifs"
- if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
- test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- ECHO="$dir/echo"
- break
- fi
- done
- IFS="$lt_save_ifs"
-
- if test "X$ECHO" = Xecho; then
- # We didn't find a better echo, so look for alternatives.
- if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # This shell has a builtin print -r that does the trick.
- ECHO='print -r'
- elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
- test "X$CONFIG_SHELL" != X/bin/ksh; then
- # If we have ksh, try running configure again with it.
- ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
- export ORIGINAL_CONFIG_SHELL
- CONFIG_SHELL=/bin/ksh
- export CONFIG_SHELL
- exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
- else
- # Try using printf.
- ECHO='printf %s\n'
- if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # Cool, printf works
- :
- elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
- export CONFIG_SHELL
- SHELL="$CONFIG_SHELL"
- export SHELL
- ECHO="$CONFIG_SHELL $0 --fallback-echo"
- elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- ECHO="$CONFIG_SHELL $0 --fallback-echo"
- else
- # maybe with a smaller string...
- prev=:
-
- for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
- if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
- then
- break
- fi
- prev="$cmd"
- done
-
- if test "$prev" != 'sed 50q "$0"'; then
- echo_test_string=`eval $prev`
- export echo_test_string
- exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
- else
- # Oops. We lost completely, so just stick with echo.
- ECHO=echo
- fi
- fi
- fi
- fi
- fi
-fi
-
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-lt_ECHO=$ECHO
-if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
- lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
-fi
-
-
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME='Automated Testing Framework'
-PACKAGE_TARNAME='atf'
-PACKAGE_VERSION='0.12'
-PACKAGE_STRING='Automated Testing Framework 0.12'
-PACKAGE_BUGREPORT='atf-devel at NetBSD.org'
-PACKAGE_URL='http://www.NetBSD.org/~jmmv/atf/'
-
-ac_unique_file="atf-c.h"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif
-#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-# include <memory.h>
-# endif
-# include <string.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_subst_vars='LTLIBOBJS
-LIBOBJS
-MTN
-ATF_SHELL
-atf_xsldir
-atf_pkgconfigdir
-atf_egdir
-atf_dtddir
-atf_cssdir
-ATF_WORKDIR
-atf_confdir
-ATF_CONFSUBDIR
-atf_machine
-atf_arch
-target_srcdir
-ATF_BUILD_CXXFLAGS
-ATF_BUILD_CXX
-ATF_BUILD_CPPFLAGS
-ATF_BUILD_CPP
-ATF_BUILD_CFLAGS
-ATF_BUILD_CC
-ATTRIBUTE_NORETURN
-CXXCPP
-am__fastdepCXX_FALSE
-am__fastdepCXX_TRUE
-CXXDEPMODE
-ac_ct_CXX
-CXXFLAGS
-CXX
-CPP
-OTOOL64
-OTOOL
-LIPO
-NMEDIT
-DSYMUTIL
-lt_ECHO
-RANLIB
-AR
-OBJDUMP
-LN_S
-NM
-ac_ct_DUMPBIN
-DUMPBIN
-LD
-FGREP
-EGREP
-GREP
-SED
-am__fastdepCC_FALSE
-am__fastdepCC_TRUE
-CCDEPMODE
-AMDEPBACKSLASH
-AMDEP_FALSE
-AMDEP_TRUE
-am__quote
-am__include
-DEPDIR
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-LIBTOOL
-am__untar
-am__tar
-AMTAR
-am__leading_dot
-SET_MAKE
-AWK
-mkdir_p
-MKDIR_P
-INSTALL_STRIP_PROGRAM
-STRIP
-install_sh
-MAKEINFO
-AUTOHEADER
-AUTOMAKE
-AUTOCONF
-ACLOCAL
-VERSION
-PACKAGE
-CYGPATH_W
-am__isrc
-INSTALL_DATA
-INSTALL_SCRIPT
-INSTALL_PROGRAM
-target_os
-target_vendor
-target_cpu
-target
-host_os
-host_vendor
-host_cpu
-host
-build_os
-build_vendor
-build_cpu
-build
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_shared
-enable_static
-with_pic
-enable_fast_install
-enable_dependency_tracking
-with_gnu_ld
-enable_libtool_lock
-enable_unstable_shared
-enable_developer
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-CPP
-CXX
-CXXFLAGS
-CCC
-CXXCPP
-ATF_BUILD_CC
-ATF_BUILD_CFLAGS
-ATF_BUILD_CPP
-ATF_BUILD_CPPFLAGS
-ATF_BUILD_CXX
-ATF_BUILD_CXXFLAGS
-ATF_CONFSUBDIR
-ATF_WORKDIR
-ATF_SHELL'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
- If a cross compiler is detected then cross compile mode will be used" >&2
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures Automated Testing Framework 0.12 to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/atf]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-
-Program names:
- --program-prefix=PREFIX prepend PREFIX to installed program names
- --program-suffix=SUFFIX append SUFFIX to installed program names
- --program-transform-name=PROGRAM run sed PROGRAM on installed program names
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
- --target=TARGET configure for building compilers for TARGET [HOST]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
- case $ac_init_help in
- short | recursive ) echo "Configuration of Automated Testing Framework 0.12:";;
- esac
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --enable-shared[=PKGS] build shared libraries [default=no]
- --enable-static[=PKGS] build static libraries [default=yes]
- --enable-fast-install[=PKGS]
- optimize for fast installation [default=yes]
- --disable-dependency-tracking speeds up one-time build
- --enable-dependency-tracking do not reject slow dependency extractors
- --disable-libtool-lock avoid locking (might break parallel builds)
- --enable-unstable-shared
- Enables the build of shared libraries with unstable
- ABIs/APIs
- --enable-developer enable developer features
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-pic try to use only PIC/non-PIC objects [default=use
- both]
- --with-gnu-ld assume the C compiler uses GNU ld [default=no]
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- CPP C preprocessor
- CXX C++ compiler command
- CXXFLAGS C++ compiler flags
- CXXCPP C++ preprocessor
- ATF_BUILD_CC
- C compiler to use at runtime
- ATF_BUILD_CFLAGS
- C compiler flags to use at runtime
- ATF_BUILD_CPP
- C/C++ preprocessor to use at runtime
- ATF_BUILD_CPPFLAGS
- C/C++ preprocessor flags to use at runtime
- ATF_BUILD_CXX
- C++ compiler to use at runtime
- ATF_BUILD_CXXFLAGS
- C++ compiler flags to use at runtime
- ATF_CONFSUBDIR
- Subdirectory of sysconfdir under which to look for files
- ATF_WORKDIR Default location to use for ATF work directories
- ATF_SHELL Location of the POSIX shell interpreter to use
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to <atf-devel at NetBSD.org>.
-Automated Testing Framework home page: <http://www.NetBSD.org/~jmmv/atf/>.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for guested configure.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-Automated Testing Framework configure 0.12
-generated by GNU Autoconf 2.67
-
-Copyright (C) 2010 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-
-Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-# ac_fn_c_try_compile LINENO
-# --------------------------
-# Try to compile conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_compile
-
-# ac_fn_c_try_link LINENO
-# -----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_link
-
-# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists and can be compiled using the include files in
-# INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- eval "$3=yes"
-else
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
-
-} # ac_fn_c_check_header_compile
-
-# ac_fn_c_try_cpp LINENO
-# ----------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_cpp
-
-# ac_fn_c_try_run LINENO
-# ----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
-# that executables *can* be run.
-ac_fn_c_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- ac_retval=0
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_run
-
-# ac_fn_c_check_func LINENO FUNC VAR
-# ----------------------------------
-# Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_c_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main ()
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- eval "$3=yes"
-else
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
-
-} # ac_fn_c_check_func
-
-# ac_fn_cxx_try_compile LINENO
-# ----------------------------
-# Try to compile conftest.$ac_ext, and return whether this succeeded.
-ac_fn_cxx_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_cxx_try_compile
-
-# ac_fn_cxx_try_cpp LINENO
-# ------------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_cxx_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_cxx_try_cpp
-
-# ac_fn_cxx_try_link LINENO
-# -------------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded.
-ac_fn_cxx_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_cxx_try_link
-
-# ac_fn_cxx_try_run LINENO
-# ------------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
-# that executables *can* be run.
-ac_fn_cxx_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- ac_retval=0
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
- as_fn_set_status $ac_retval
-
-} # ac_fn_cxx_try_run
-
-# ac_fn_cxx_check_func LINENO FUNC VAR
-# ------------------------------------
-# Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_cxx_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main ()
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_link "$LINENO"; then :
- eval "$3=yes"
-else
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
-
-} # ac_fn_cxx_check_func
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by Automated Testing Framework $as_me 0.12, which was
-generated by GNU Autoconf 2.67. Invocation command line was
-
- $ $0 $@
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- $as_echo "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- $as_echo "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- $as_echo "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- $as_echo "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- $as_echo "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- $as_echo "$as_me: caught signal $ac_signal"
- $as_echo "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-$as_echo "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_URL "$PACKAGE_URL"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-ac_site_file1=NONE
-ac_site_file2=NONE
-if test -n "$CONFIG_SITE"; then
- # We do not want a PATH search for config.site.
- case $CONFIG_SITE in #((
- -*) ac_site_file1=./$CONFIG_SITE;;
- */*) ac_site_file1=$CONFIG_SITE;;
- *) ac_site_file1=./$CONFIG_SITE;;
- esac
-elif test "x$prefix" != xNONE; then
- ac_site_file1=$prefix/share/config.site
- ac_site_file2=$prefix/etc/config.site
-else
- ac_site_file1=$ac_default_prefix/share/config.site
- ac_site_file2=$ac_default_prefix/etc/config.site
-fi
-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
-do
- test "x$ac_site_file" = xNONE && continue
- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-$as_echo "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-$as_echo "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-
-$as_echo "#define PACKAGE_COPYRIGHT \"Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.\"" >>confdefs.h
-
-ac_aux_dir=
-for ac_dir in admin "$srcdir"/admin; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
- break
- fi
-done
-if test -z "$ac_aux_dir"; then
- as_fn_error $? "cannot find install-sh, install.sh, or shtool in admin \"$srcdir\"/admin" "$LINENO" 5
-fi
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
-
-
-ac_config_headers="$ac_config_headers bconfig.h"
-
-
-
-ac_config_commands="$ac_config_commands bootstrap/atconfig"
-
-
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-$as_echo_n "checking build system type... " >&6; }
-if test "${ac_cv_build+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
-test "x$ac_build_alias" = x &&
- as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-$as_echo "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-$as_echo_n "checking host system type... " >&6; }
-if test "${ac_cv_host+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-$as_echo "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking target system type" >&5
-$as_echo_n "checking target system type... " >&6; }
-if test "${ac_cv_target+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$target_alias" = x; then
- ac_cv_target=$ac_cv_host
-else
- ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $target_alias failed" "$LINENO" 5
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_target" >&5
-$as_echo "$ac_cv_target" >&6; }
-case $ac_cv_target in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical target" "$LINENO" 5;;
-esac
-target=$ac_cv_target
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_target
-shift
-target_cpu=$1
-target_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-target_os=$*
-IFS=$ac_save_IFS
-case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac
-
-
-# The aliases save the names the user supplied, while $host etc.
-# will get canonicalized.
-test -n "$target_alias" &&
- test "$program_prefix$program_suffix$program_transform_name" = \
- NONENONEs,x,x, &&
- program_prefix=${target_alias}-
-
-am__api_version='1.10'
-
-# Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-$as_echo_n "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in #((
- ./ | .// | /[cC]/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
- done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test "${ac_cv_path_install+set}" = set; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-$as_echo "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-$as_echo_n "checking whether build environment is sane... " >&6; }
-# Just in case
-sleep 1
-echo timestamp > conftest.file
-# Do `set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
- if test "$*" = "X"; then
- # -L didn't work.
- set X `ls -t $srcdir/configure conftest.file`
- fi
- rm -f conftest.file
- if test "$*" != "X $srcdir/configure conftest.file" \
- && test "$*" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
-alias in your environment" "$LINENO" 5
- fi
-
- test "$2" = conftest.file
- )
-then
- # Ok.
- :
-else
- as_fn_error $? "newly created file is older than distributed files!
-Check your system clock" "$LINENO" 5
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-test "$program_prefix" != NONE &&
- program_transform_name="s&^&$program_prefix&;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
- program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $.
-# By default was `s,x,x', remove it if useless.
-ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
-
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
-
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
- am_missing_run="$MISSING --run "
-else
- am_missing_run=
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
-$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
-$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
-if test -z "$MKDIR_P"; then
- if test "${ac_cv_path_mkdir+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in mkdir gmkdir; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
- case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir (GNU coreutils) '* | \
- 'mkdir (coreutils) '* | \
- 'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
- break 3;;
- esac
- done
- done
- done
-IFS=$as_save_IFS
-
-fi
-
- test -d ./--version && rmdir ./--version
- if test "${ac_cv_path_mkdir+set}" = set; then
- MKDIR_P="$ac_cv_path_mkdir -p"
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for MKDIR_P within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- MKDIR_P="$ac_install_sh -d"
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-$as_echo "$MKDIR_P" >&6; }
-
-mkdir_p="$MKDIR_P"
-case $mkdir_p in
- [\\/$]* | ?:[\\/]*) ;;
- */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
-esac
-
-for ac_prog in gawk mawk nawk awk
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_AWK+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$AWK"; then
- ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_AWK="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-$as_echo "$AWK" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$AWK" && break
-done
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
-set x ${MAKE-make}
-ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- SET_MAKE=
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- am__isrc=' -I$(srcdir)'
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-
-
-# Define the identity of the package.
- PACKAGE='atf'
- VERSION='0.12'
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE "$PACKAGE"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define VERSION "$VERSION"
-_ACEOF
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
-
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'. However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_STRIP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
-# We need awk for the "check" target. The system "awk" is bad on
-# some platforms.
-# Always define AMTAR for backward compatibility.
-
-AMTAR=${AMTAR-"${am_missing_run}tar"}
-
-am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
-
-
-
-
-
-
-case `pwd` in
- *\ * | *\ *)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
-esac
-
-
-
-macro_version='2.2.6b'
-macro_revision='1.3017'
-
-
-
-
-
-
-
-
-
-
-
-
-
-ltmain="$ac_aux_dir/ltmain.sh"
-
-DEPDIR="${am__leading_dot}deps"
-
-ac_config_commands="$ac_config_commands depfiles"
-
-
-am_make=${MAKE-make}
-cat > confinc << 'END'
-am__doit:
- @echo done
-.PHONY: am__doit
-END
-# If we don't find an include directive, just comment out the code.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
-$as_echo_n "checking for style of include used by $am_make... " >&6; }
-am__include="#"
-am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
- am__include=include
- am__quote=
- _am_result=GNU
-fi
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
- echo '.include "confinc"' > confmf
- if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
- am__include=.include
- am__quote="\""
- _am_result=BSD
- fi
-fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
-$as_echo "$_am_result" >&6; }
-rm -f confinc confmf
-
-# Check whether --enable-dependency-tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then :
- enableval=$enable_dependency_tracking;
-fi
-
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
-fi
- if test "x$enable_dependency_tracking" != xno; then
- AMDEP_TRUE=
- AMDEP_FALSE='#'
-else
- AMDEP_TRUE='#'
- AMDEP_FALSE=
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-
-
-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-$as_echo_n "checking whether the C compiler works... " >&6; }
-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else
- ac_file=''
-fi
-if test -z "$ac_file"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-$as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-$as_echo_n "checking for C compiler default output file name... " >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-$as_echo "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-$as_echo_n "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-$as_echo "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdio.h>
-int
-main ()
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-$as_echo_n "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-$as_echo "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-$as_echo_n "checking for suffix of object files... " >&6; }
-if test "${ac_cv_objext+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-$as_echo "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_compiler_gnu=yes
-else
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-else
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-else
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c89" != xno; then :
-
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-depcc="$CC" am_compiler_list=
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-$as_echo_n "checking dependency style of $depcc... " >&6; }
-if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named `D' -- because `-MD' means `put the output
- # in D'.
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
- # Solaris 8's {/usr,}/bin/sh.
- touch sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- case $depmode in
- nosideeffect)
- # after this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- none) break ;;
- esac
- # We check with `-c' and `-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle `-M -o', and we need to detect this.
- if depmode=$depmode \
- source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-$as_echo_n "checking for a sed that does not truncate output... " >&6; }
-if test "${ac_cv_path_SED+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-$as_echo "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-
-
-
-
-
-
-
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if test "${ac_cv_path_GREP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-$as_echo "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-$as_echo_n "checking for egrep... " >&6; }
-if test "${ac_cv_path_EGREP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-$as_echo "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-$as_echo_n "checking for fgrep... " >&6; }
-if test "${ac_cv_path_FGREP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
- then ac_cv_path_FGREP="$GREP -F"
- else
- if test -z "$FGREP"; then
- ac_path_FGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in fgrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
-# Check for GNU ac_path_FGREP and select it if it is found.
- # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'FGREP' >> "conftest.nl"
- "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_FGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_FGREP="$ac_path_FGREP"
- ac_path_FGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_FGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_FGREP"; then
- as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_FGREP=$FGREP
-fi
-
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-$as_echo "$ac_cv_path_FGREP" >&6; }
- FGREP="$ac_cv_path_FGREP"
-
-
-test -z "$GREP" && GREP=grep
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then :
- withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
-else
- with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test "$GCC" = yes; then
- # Check if gcc -print-prog-name=ld gives a path.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-$as_echo_n "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD="$ac_prog"
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test "$with_gnu_ld" = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-$as_echo_n "checking for GNU ld... " >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-$as_echo_n "checking for non-GNU ld... " >&6; }
-fi
-if test "${lt_cv_path_LD+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$LD"; then
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS="$lt_save_ifs"
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD="$ac_dir/$ac_prog"
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test "$with_gnu_ld" != no && break
- ;;
- *)
- test "$with_gnu_ld" != yes && break
- ;;
- esac
- fi
- done
- IFS="$lt_save_ifs"
-else
- lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi
-fi
-
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-$as_echo "$LD" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
-if test "${lt_cv_prog_gnu_ld+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-$as_echo "$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-
-
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if test "${lt_cv_path_NM+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM="$NM"
-else
- lt_nm_to_check="${ac_tool_prefix}nm"
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS="$lt_save_ifs"
- test -z "$ac_dir" && ac_dir=.
- tmp_nm="$ac_dir/$lt_tmp_nm"
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the `sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
- */dev/null* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS="$lt_save_ifs"
- done
- : ${lt_cv_path_NM=no}
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-$as_echo "$lt_cv_path_NM" >&6; }
-if test "$lt_cv_path_NM" != "no"; then
- NM="$lt_cv_path_NM"
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$ac_tool_prefix"; then
- for ac_prog in "dumpbin -symbols" "link -dump -symbols"
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_DUMPBIN+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$DUMPBIN"; then
- ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DUMPBIN=$ac_cv_prog_DUMPBIN
-if test -n "$DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-$as_echo "$DUMPBIN" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$DUMPBIN" && break
- done
-fi
-if test -z "$DUMPBIN"; then
- ac_ct_DUMPBIN=$DUMPBIN
- for ac_prog in "dumpbin -symbols" "link -dump -symbols"
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_DUMPBIN"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
-if test -n "$ac_ct_DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-$as_echo "$ac_ct_DUMPBIN" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_DUMPBIN" && break
-done
-
- if test "x$ac_ct_DUMPBIN" = x; then
- DUMPBIN=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DUMPBIN=$ac_ct_DUMPBIN
- fi
-fi
-
-
- if test "$DUMPBIN" != ":"; then
- NM="$DUMPBIN"
- fi
-fi
-test -z "$NM" && NM=nm
-
-
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-$as_echo_n "checking the name lister ($NM) interface... " >&6; }
-if test "${lt_cv_nm_interface+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:4688: $ac_compile\"" >&5)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&5
- (eval echo "\"\$as_me:4691: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&5
- (eval echo "\"\$as_me:4694: output\"" >&5)
- cat conftest.out >&5
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-$as_echo "$lt_cv_nm_interface" >&6; }
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-$as_echo_n "checking whether ln -s works... " >&6; }
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-$as_echo "no, using $LN_S" >&6; }
-fi
-
-# find the maximum length of command line arguments
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-$as_echo_n "checking the maximum length of command line arguments... " >&6; }
-if test "${lt_cv_sys_max_cmd_len+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- i=0
- teststring="ABCD"
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8 ; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
- = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
- test $i != 17 # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-
-fi
-
-if test -n $lt_cv_sys_max_cmd_len ; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
-$as_echo "none" >&6; }
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-
-
-
-
-
-: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
-$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
-# Try some XSI features
-xsi_shell=no
-( _lt_dummy="a/b/c"
- test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
- = c,a/b,, \
- && eval 'test $(( 1 + 1 )) -eq 2 \
- && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
- && xsi_shell=yes
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
-$as_echo "$xsi_shell" >&6; }
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
-$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
-lt_shell_append=no
-( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
- >/dev/null 2>&1 \
- && lt_shell_append=yes
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
-$as_echo "$lt_shell_append" >&6; }
-
-
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-
-
-
-
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-
-
-
-
-
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-$as_echo_n "checking for $LD option to reload object files... " >&6; }
-if test "${lt_cv_ld_reload_flag+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_ld_reload_flag='-r'
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-$as_echo "$lt_cv_ld_reload_flag" >&6; }
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- darwin*)
- if test "$GCC" = yes; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
-set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OBJDUMP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$OBJDUMP"; then
- ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OBJDUMP=$ac_cv_prog_OBJDUMP
-if test -n "$OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-$as_echo "$OBJDUMP" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OBJDUMP"; then
- ac_ct_OBJDUMP=$OBJDUMP
- # Extract the first word of "objdump", so it can be a program name with args.
-set dummy objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_OBJDUMP"; then
- ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_OBJDUMP="objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
-if test -n "$ac_ct_OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-$as_echo "$ac_ct_OBJDUMP" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_OBJDUMP" = x; then
- OBJDUMP="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OBJDUMP=$ac_ct_OBJDUMP
- fi
-else
- OBJDUMP="$ac_cv_prog_OBJDUMP"
-fi
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-
-
-
-
-
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-$as_echo_n "checking how to recognize dependent libraries... " >&6; }
-if test "${lt_cv_deplibs_check_method+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given extended regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[4-9]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[45]*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[3-9]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be Linux ELF.
-linux* | k*bsd*-gnu)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-$as_echo "$lt_cv_deplibs_check_method" >&6; }
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ar; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_AR+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_AR="${ac_tool_prefix}ar"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AR=$ac_cv_prog_AR
-if test -n "$AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-$as_echo "$AR" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_AR"; then
- ac_ct_AR=$AR
- # Extract the first word of "ar", so it can be a program name with args.
-set dummy ar; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_AR"; then
- ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_AR="ar"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_AR=$ac_cv_prog_ac_ct_AR
-if test -n "$ac_ct_AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-$as_echo "$ac_ct_AR" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_AR" = x; then
- AR="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- AR=$ac_ct_AR
- fi
-else
- AR="$ac_cv_prog_AR"
-fi
-
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-
-
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_STRIP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-test -z "$STRIP" && STRIP=:
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_RANLIB+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-$as_echo "$RANLIB" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-$as_echo "$ac_ct_RANLIB" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_RANLIB" = x; then
- RANLIB=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- RANLIB=$ac_ct_RANLIB
- fi
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-test -z "$RANLIB" && RANLIB=:
-
-
-
-
-
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
-if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[BCDT]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[ABCDGISTW]'
- ;;
-hpux*)
- if test "$host_cpu" = ia64; then
- symcode='[ABCDEGRST]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[BCDEGRST]'
- ;;
-osf*)
- symcode='[BCDEGQRST]'
- ;;
-solaris*)
- symcode='[BDRT]'
- ;;
-sco3.2v5*)
- symcode='[DT]'
- ;;
-sysv4.2uw2*)
- symcode='[DT]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[ABDT]'
- ;;
-sysv4)
- symcode='[DFNSTU]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[ABCDGIRSTW]' ;;
-esac
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function
- # and D for any global variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK '"\
-" {last_section=section; section=\$ 3};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
-" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
-" s[1]~/^[@?]/{print s[1], s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- # Now try to grab the symbols.
- nlist=conftest.nm
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5
- (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-const struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_save_LIBS="$LIBS"
- lt_save_CFLAGS="$CFLAGS"
- LIBS="conftstm.$ac_objext"
- CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest${ac_exeext}; then
- pipe_works=yes
- fi
- LIBS="$lt_save_LIBS"
- CFLAGS="$lt_save_CFLAGS"
- else
- echo "cannot find nm_test_func in $nlist" >&5
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&5
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
- fi
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test "$pipe_works" = yes; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-
-fi
-
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-$as_echo "failed" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-$as_echo "ok" >&6; }
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --enable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then :
- enableval=$enable_libtool_lock;
-fi
-
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out which ABI we are using.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE="32"
- ;;
- *ELF-64*)
- HPUX_IA64_MODE="64"
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out which ABI we are using.
- echo '#line 5900 "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- if test "$lt_cv_prog_gnu_ld" = yes; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out which ABI we are using.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_i386"
- ;;
- ppc64-*linux*|powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- ppc*-*linux*|powerpc*-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -belf"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
-if test "${lt_cv_cc_needs_belf+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- lt_cv_cc_needs_belf=yes
-else
- lt_cv_cc_needs_belf=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-$as_echo "$lt_cv_cc_needs_belf" >&6; }
- if test x"$lt_cv_cc_needs_belf" != x"yes"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS="$SAVE_CFLAGS"
- fi
- ;;
-sparc*-*solaris*)
- # Find out which ABI we are using.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*) LD="${LD-ld} -m elf64_sparc" ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks="$enable_libtool_lock"
-
-
- case $host_os in
- rhapsody* | darwin*)
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_DSYMUTIL+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$DSYMUTIL"; then
- ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DSYMUTIL=$ac_cv_prog_DSYMUTIL
-if test -n "$DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-$as_echo "$DSYMUTIL" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DSYMUTIL"; then
- ac_ct_DSYMUTIL=$DSYMUTIL
- # Extract the first word of "dsymutil", so it can be a program name with args.
-set dummy dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_DSYMUTIL"; then
- ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
-if test -n "$ac_ct_DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-$as_echo "$ac_ct_DSYMUTIL" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_DSYMUTIL" = x; then
- DSYMUTIL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DSYMUTIL=$ac_ct_DSYMUTIL
- fi
-else
- DSYMUTIL="$ac_cv_prog_DSYMUTIL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
-set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_NMEDIT+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$NMEDIT"; then
- ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-NMEDIT=$ac_cv_prog_NMEDIT
-if test -n "$NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-$as_echo "$NMEDIT" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_NMEDIT"; then
- ac_ct_NMEDIT=$NMEDIT
- # Extract the first word of "nmedit", so it can be a program name with args.
-set dummy nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_NMEDIT"; then
- ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_NMEDIT="nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
-if test -n "$ac_ct_NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-$as_echo "$ac_ct_NMEDIT" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_NMEDIT" = x; then
- NMEDIT=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- NMEDIT=$ac_ct_NMEDIT
- fi
-else
- NMEDIT="$ac_cv_prog_NMEDIT"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
-set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_LIPO+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$LIPO"; then
- ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LIPO=$ac_cv_prog_LIPO
-if test -n "$LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-$as_echo "$LIPO" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_LIPO"; then
- ac_ct_LIPO=$LIPO
- # Extract the first word of "lipo", so it can be a program name with args.
-set dummy lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_LIPO"; then
- ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_LIPO="lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
-if test -n "$ac_ct_LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-$as_echo "$ac_ct_LIPO" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_LIPO" = x; then
- LIPO=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- LIPO=$ac_ct_LIPO
- fi
-else
- LIPO="$ac_cv_prog_LIPO"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OTOOL+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$OTOOL"; then
- ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL=$ac_cv_prog_OTOOL
-if test -n "$OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-$as_echo "$OTOOL" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL"; then
- ac_ct_OTOOL=$OTOOL
- # Extract the first word of "otool", so it can be a program name with args.
-set dummy otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_OTOOL"; then
- ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_OTOOL="otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
-if test -n "$ac_ct_OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-$as_echo "$ac_ct_OTOOL" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL" = x; then
- OTOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL=$ac_ct_OTOOL
- fi
-else
- OTOOL="$ac_cv_prog_OTOOL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OTOOL64+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$OTOOL64"; then
- ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL64=$ac_cv_prog_OTOOL64
-if test -n "$OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-$as_echo "$OTOOL64" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL64"; then
- ac_ct_OTOOL64=$OTOOL64
- # Extract the first word of "otool64", so it can be a program name with args.
-set dummy otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_OTOOL64"; then
- ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_OTOOL64="otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
-if test -n "$ac_ct_OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-$as_echo "$ac_ct_OTOOL64" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL64" = x; then
- OTOOL64=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL64=$ac_ct_OTOOL64
- fi
-else
- OTOOL64="$ac_cv_prog_OTOOL64"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-$as_echo_n "checking for -single_module linker flag... " >&6; }
-if test "${lt_cv_apple_cc_single_mod+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_apple_cc_single_mod=no
- if test -z "${LT_MULTI_MODULE}"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&5
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
-if test "${lt_cv_ld_exported_symbols_list+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- lt_cv_ld_exported_symbols_list=yes
-else
- lt_cv_ld_exported_symbols_list=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS="$save_LDFLAGS"
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
- case $host_os in
- rhapsody* | darwin1.[012])
- _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
- 10.[012]*)
- _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
- 10.*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test "$lt_cv_apple_cc_single_mod" = "yes"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
- _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
- fi
- if test "$DSYMUTIL" != ":"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-$as_echo_n "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
- break
-fi
-
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-$as_echo "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
-
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_stdc=yes
-else
- ac_cv_header_stdc=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then :
- :
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-$as_echo "#define STDC_HEADERS 1" >>confdefs.h
-
-fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-for ac_header in dlfcn.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
-"
-if test "x$ac_cv_header_dlfcn_h" = x""yes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_DLFCN_H 1
-_ACEOF
-
-fi
-
-done
-
-
-
-# Set options
-# Check whether --enable-shared was given.
-if test "${enable_shared+set}" = set; then :
- enableval=$enable_shared; p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
- for pkg in $enableval; do
- IFS="$lt_save_ifs"
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS="$lt_save_ifs"
- ;;
- esac
-else
- enable_shared=no
-fi
-
-
-
-
-
-
-
-
-
-
- enable_dlopen=no
-
-
- enable_win32_dll=no
-
-
-
- # Check whether --enable-static was given.
-if test "${enable_static+set}" = set; then :
- enableval=$enable_static; p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
- for pkg in $enableval; do
- IFS="$lt_save_ifs"
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS="$lt_save_ifs"
- ;;
- esac
-else
- enable_static=yes
-fi
-
-
-
-
-
-
-
-
-
-
-# Check whether --with-pic was given.
-if test "${with_pic+set}" = set; then :
- withval=$with_pic; pic_mode="$withval"
-else
- pic_mode=default
-fi
-
-
-test -z "$pic_mode" && pic_mode=default
-
-
-
-
-
-
-
- # Check whether --enable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then :
- enableval=$enable_fast_install; p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
- for pkg in $enableval; do
- IFS="$lt_save_ifs"
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS="$lt_save_ifs"
- ;;
- esac
-else
- enable_fast_install=yes
-fi
-
-
-
-
-
-
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ltmain"
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-test -z "$LN_S" && LN_S="ln -s"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "${ZSH_VERSION+set}" ; then
- setopt NO_GLOB_SUBST
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-$as_echo_n "checking for objdir... " >&6; }
-if test "${lt_cv_objdir+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-$as_echo "$lt_cv_objdir" >&6; }
-objdir=$lt_cv_objdir
-
-
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define LT_OBJDIR "$lt_cv_objdir/"
-_ACEOF
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test "X${COLLECT_NAMES+set}" != Xset; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a `.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld="$lt_cv_prog_gnu_ld"
-
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-for cc_temp in $compiler""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
-done
-cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD="$MAGIC_CMD"
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS="$lt_save_ifs"
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/${ac_tool_prefix}file; then
- lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool at gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS="$lt_save_ifs"
- MAGIC_CMD="$lt_save_MAGIC_CMD"
- ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-
-
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-$as_echo_n "checking for file... " >&6; }
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD="$MAGIC_CMD"
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS="$lt_save_ifs"
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/file; then
- lt_cv_path_MAGIC_CMD="$ac_dir/file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool at gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS="$lt_save_ifs"
- MAGIC_CMD="$lt_save_MAGIC_CMD"
- ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- else
- MAGIC_CMD=:
- fi
-fi
-
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-
-lt_save_CC="$CC"
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-objext=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-
-lt_prog_compiler_no_builtin_flag=
-
-if test "$GCC" = yes; then
- lt_prog_compiler_no_builtin_flag=' -fno-builtin'
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_rtti_exceptions=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="-fno-rtti -fno-exceptions"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7428: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:7432: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_rtti_exceptions=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
- lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
-else
- :
-fi
-
-fi
-
-
-
-
-
-
- lt_prog_compiler_wl=
-lt_prog_compiler_pic=
-lt_prog_compiler_static=
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
-
- if test "$GCC" = yes; then
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_static='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test "$host_cpu" = ia64; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- lt_prog_compiler_pic='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the `-m68020' flag to GCC prevents building anything better,
- # like `-m68040'.
- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- lt_prog_compiler_pic='-DDLL_EXPORT'
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
- ;;
-
- interix[3-9]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- lt_prog_compiler_can_build_shared=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic=-Kconform_pic
- fi
- ;;
-
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- lt_prog_compiler_wl='-Wl,'
- if test "$host_cpu" = ia64; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- else
- lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
- ;;
-
- hpux9* | hpux10* | hpux11*)
- lt_prog_compiler_wl='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- lt_prog_compiler_static='${wl}-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- lt_prog_compiler_wl='-Wl,'
- # PIC (with -KPIC) is the default.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu)
- case $cc_basename in
- # old Intel for x86_64 which still supported -KPIC.
- ecc*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='--shared'
- lt_prog_compiler_static='--static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- ccc*)
- lt_prog_compiler_wl='-Wl,'
- # All Alpha code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
- xl*)
- # IBM XL C 8.0/Fortran 10.1 on PPC
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-qpic'
- lt_prog_compiler_static='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C 5.9
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Wl,'
- ;;
- *Sun\ F*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl=''
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- lt_prog_compiler_wl='-Wl,'
- # All OSF/1 code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- rdos*)
- lt_prog_compiler_static='-non_shared'
- ;;
-
- solaris*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95*)
- lt_prog_compiler_wl='-Qoption ld ';;
- *)
- lt_prog_compiler_wl='-Wl,';;
- esac
- ;;
-
- sunos4*)
- lt_prog_compiler_wl='-Qoption ld '
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec ;then
- lt_prog_compiler_pic='-Kconform_pic'
- lt_prog_compiler_static='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- unicos*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_can_build_shared=no
- ;;
-
- uts4*)
- lt_prog_compiler_pic='-pic'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *)
- lt_prog_compiler_can_build_shared=no
- ;;
- esac
- fi
-
-case $host_os in
- # For platforms which do not support PIC, -DPIC is meaningless:
- *djgpp*)
- lt_prog_compiler_pic=
- ;;
- *)
- lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
- ;;
-esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5
-$as_echo "$lt_prog_compiler_pic" >&6; }
-
-
-
-
-
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if test "${lt_cv_prog_compiler_pic_works+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_pic_works=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7767: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:7771: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_pic_works=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
-
-if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
- case $lt_prog_compiler_pic in
- "" | " "*) ;;
- *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
- esac
-else
- lt_prog_compiler_pic=
- lt_prog_compiler_can_build_shared=no
-fi
-
-fi
-
-
-
-
-
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if test "${lt_cv_prog_compiler_static_works+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_static_works=no
- save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_static_works=yes
- fi
- else
- lt_cv_prog_compiler_static_works=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS="$save_LDFLAGS"
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
-
-if test x"$lt_cv_prog_compiler_static_works" = xyes; then
- :
-else
- lt_prog_compiler_static=
-fi
-
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7872: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:7876: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7927: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:7931: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-hard_links="nottested"
-if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
- # do not overwrite the value of need_locks provided by the user
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-$as_echo_n "checking if we can lock with hard links... " >&6; }
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-$as_echo "$hard_links" >&6; }
- if test "$hard_links" = no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
-
- runpath_var=
- allow_undefined_flag=
- always_export_symbols=no
- archive_cmds=
- archive_expsym_cmds=
- compiler_needs_object=no
- enable_shared_with_static_runtimes=no
- export_dynamic_flag_spec=
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- hardcode_automatic=no
- hardcode_direct=no
- hardcode_direct_absolute=no
- hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld=
- hardcode_libdir_separator=
- hardcode_minus_L=no
- hardcode_shlibpath_var=unsupported
- inherit_rpath=no
- link_all_deplibs=unknown
- module_cmds=
- module_expsym_cmds=
- old_archive_from_new_cmds=
- old_archive_from_expsyms_cmds=
- thread_safe_flag_spec=
- whole_archive_flag_spec=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- include_expsyms=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ` (' and `)$', so one must not match beginning or
- # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
- # as well as any symbol that contains `d'.
- exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test "$GCC" != yes; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd*)
- with_gnu_ld=no
- ;;
- esac
-
- ld_shlibs=yes
- if test "$with_gnu_ld" = yes; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='${wl}'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- export_dynamic_flag_spec='${wl}--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
- else
- whole_archive_flag_spec=
- fi
- supports_anon_versioning=no
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[3-9]*)
- # On AIX/PPC, the GNU linker is very broken
- if test "$host_cpu" != ia64; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- allow_undefined_flag=unsupported
- # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
- # as there is no search path for DLLs.
- hardcode_libdir_flag_spec='-L$libdir'
- allow_undefined_flag=unsupported
- always_export_symbols=no
- enable_shared_with_static_runtimes=yes
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- interix[3-9]*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- export_dynamic_flag_spec='${wl}-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu)
- tmp_diet=no
- if test "$host_os" = linux-dietlibc; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test "$tmp_diet" = no
- then
- tmp_addflag=
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
- whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- whole_archive_flag_spec=
- tmp_sharedflag='--shared' ;;
- xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
- compiler_needs_object=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-
- if test "x$supports_anon_versioning" = xyes; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- xlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld='-rpath $libdir'
- archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- ld_shlibs=no
- fi
- ;;
-
- netbsd*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
-
- if test "$ld_shlibs" = no; then
- runpath_var=
- hardcode_libdir_flag_spec=
- export_dynamic_flag_spec=
- whole_archive_flag_spec=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- hardcode_minus_L=yes
- if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- hardcode_direct=unsupported
- fi
- ;;
-
- aix[4-9]*)
- if test "$host_cpu" = ia64; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=""
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to AIX nm, but means don't demangle with GNU nm
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # need to do runtime linking.
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- archive_cmds=''
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- file_list_spec='${wl}-f,'
-
- if test "$GCC" = yes; then
- case $host_os in aix4.[012]|aix4.[012].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`${CC} -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- hardcode_minus_L=yes
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_libdir_separator=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag="$shared_flag "'${wl}-G'
- fi
- else
- # not using gcc
- if test "$host_cpu" = ia64; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag='${wl}-G'
- else
- shared_flag='${wl}-bM:SRE'
- fi
- fi
- fi
-
- export_dynamic_flag_spec='${wl}-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- always_export_symbols=yes
- if test "$aix_use_runtimelinking" = yes; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- allow_undefined_flag='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-
-lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\(.*\)$/\1/
- p
- }
- }'
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
- hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
- else
- if test "$host_cpu" = ia64; then
- hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
- allow_undefined_flag="-z nodefs"
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-
-lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\(.*\)$/\1/
- p
- }
- }'
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
- hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- no_undefined_flag=' ${wl}-bernotok'
- allow_undefined_flag=' ${wl}-berok'
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec='$convenience'
- archive_cmds_need_lc=yes
- # This is similar to how AIX traditionally builds its shared libraries.
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- bsdi[45]*)
- export_dynamic_flag_spec=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- old_archive_from_new_cmds='true'
- # FIXME: Should let the user specify the lib program.
- old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
- fix_srcfile_path='`cygpath -w "$srcfile"`'
- enable_shared_with_static_runtimes=yes
- ;;
-
- darwin* | rhapsody*)
-
-
- archive_cmds_need_lc=no
- hardcode_direct=no
- hardcode_automatic=yes
- hardcode_shlibpath_var=unsupported
- whole_archive_flag_spec=''
- link_all_deplibs=yes
- allow_undefined_flag="$_lt_dar_allow_undefined"
- case $cc_basename in
- ifort*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test "$_lt_dar_can_shared" = "yes"; then
- output_verbose_link_cmd=echo
- archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
- module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
- archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
- module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
-
- else
- ld_shlibs=no
- fi
-
- ;;
-
- dgux*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- freebsd1*)
- ld_shlibs=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- hpux9*)
- if test "$GCC" = yes; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
- else
- archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
- fi
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- export_dynamic_flag_spec='${wl}-E'
- ;;
-
- hpux10*)
- if test "$GCC" = yes -a "$with_gnu_ld" = no; then
- archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test "$with_gnu_ld" = no; then
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_flag_spec_ld='+b $libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='${wl}-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- fi
- ;;
-
- hpux11*)
- if test "$GCC" = yes -a "$with_gnu_ld" = no; then
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- fi
- if test "$with_gnu_ld" = no; then
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_separator=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- ;;
- *)
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='${wl}-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test "$GCC" = yes; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-int foo(void) {}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
-
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS="$save_LDFLAGS"
- else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator=:
- inherit_rpath=yes
- link_all_deplibs=yes
- ;;
-
- netbsd*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- newsos6)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator=:
- hardcode_shlibpath_var=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- hardcode_direct_absolute=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- export_dynamic_flag_spec='${wl}-E'
- else
- case $host_os in
- openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- ;;
- *)
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- ;;
- esac
- fi
- else
- ld_shlibs=no
- fi
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
- old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
- ;;
-
- osf3*)
- if test "$GCC" = yes; then
- allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test "$GCC" = yes; then
- allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
- archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- hardcode_libdir_flag_spec='-rpath $libdir'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_separator=:
- ;;
-
- solaris*)
- no_undefined_flag=' -z defs'
- if test "$GCC" = yes; then
- wlarc='${wl}'
- archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='${wl}'
- archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_shlibpath_var=no
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands `-z linker_flag'. GCC discards it without `$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test "$GCC" = yes; then
- whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
- else
- whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- link_all_deplibs=yes
- ;;
-
- sunos4*)
- if test "x$host_vendor" = xsequent; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- reload_cmds='$CC -r -o $output$reload_objs'
- hardcode_direct=no
- ;;
- motorola)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- hardcode_shlibpath_var=no
- ;;
-
- sysv4.3*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- export_dynamic_flag_spec='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- ld_shlibs=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag='${wl}-z,text'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- runpath_var='LD_RUN_PATH'
-
- if test "$GCC" = yes; then
- archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We can NOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- no_undefined_flag='${wl}-z,text'
- allow_undefined_flag='${wl}-z,nodefs'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='${wl}-R,$libdir'
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- export_dynamic_flag_spec='${wl}-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test "$GCC" = yes; then
- archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- *)
- ld_shlibs=no
- ;;
- esac
-
- if test x$host_vendor = xsni; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- export_dynamic_flag_spec='${wl}-Blargedynsym'
- ;;
- esac
- fi
- fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-$as_echo "$ld_shlibs" >&6; }
-test "$ld_shlibs" = no && can_build_shared=no
-
-with_gnu_ld=$with_gnu_ld
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc" in
-x|xyes)
- # Assume -lc should be added
- archive_cmds_need_lc=yes
-
- if test "$enable_shared" = yes && test "$GCC" = yes; then
- case $archive_cmds in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl
- pic_flag=$lt_prog_compiler_pic
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag
- allow_undefined_flag=
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
- (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- then
- archive_cmds_need_lc=no
- else
- archive_cmds_need_lc=yes
- fi
- allow_undefined_flag=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5
-$as_echo "$archive_cmds_need_lc" >&6; }
- ;;
- esac
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-$as_echo_n "checking dynamic linker characteristics... " >&6; }
-
-if test "$GCC" = yes; then
- case $host_os in
- darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
- *) lt_awk_arg="/^libraries:/" ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
- if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
- else
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary.
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path/$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
- else
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
-BEGIN {RS=" "; FS="/|\n";} {
- lt_foo="";
- lt_count=0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo="/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[lt_foo]++; }
- if (lt_freq[lt_foo] == 1) { print lt_foo; }
-}'`
- sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=".so"
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-case $host_os in
-aix3*)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='${libname}${release}${shared_ext}$major'
- ;;
-
-aix[4-9]*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test "$host_cpu" = ia64; then
- # AIX 5 supports IA64
- library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line `#! .'. This would cause the generated library to
- # depend on `.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- if test "$aix_use_runtimelinking" = yes; then
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- else
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='${libname}${release}.a $libname.a'
- soname_spec='${libname}${release}${shared_ext}$major'
- fi
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='${libname}${shared_ext}'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[45]*)
- version_type=linux
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=".dll"
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$host_os in
- yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \${file}`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH printed by
- # mingw gcc, but we are running on Cygwin. Gcc prints its search
- # path with ; separators, and with drive letters. We can handle the
- # drive letters (cygwin fileutils understands them), so leave them,
- # especially as we might pass files found there to a mingw objdump,
- # which wouldn't understand a cygwinified path. Ahh.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- ;;
- esac
- ;;
-
- *)
- library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
- soname_spec='${libname}${release}${major}$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd1*)
- dynamic_linker=no
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[123]*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
- freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-gnu*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- if test "X$HPUX_IA64_MODE" = X32; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- fi
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555.
- postinstall_cmds='chmod 555 $lib'
- ;;
-
-interix[3-9]*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
- sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-# This must be Linux ELF.
-linux* | k*bsd*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- # Some binutils ld are patched to set DT_RUNPATH
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
- shlibpath_overrides_runpath=yes
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Append ld.so.conf contents to the search path
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd*)
- version_type=sunos
- sys_lib_dlsearch_path_spec="/usr/lib"
- need_lib_prefix=no
- # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
- case $host_os in
- openbsd3.3 | openbsd3.3.*) need_version=yes ;;
- *) need_version=no ;;
- esac
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- case $host_os in
- openbsd2.[89] | openbsd2.[89].*)
- shlibpath_overrides_runpath=no
- ;;
- *)
- shlibpath_overrides_runpath=yes
- ;;
- esac
- else
- shlibpath_overrides_runpath=yes
- fi
- ;;
-
-os2*)
- libname_spec='$name'
- shrext_cmds=".dll"
- need_lib_prefix=no
- library_names_spec='$libname${shared_ext} $libname.a'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=LIBPATH
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test "$with_gnu_ld" = yes; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec ;then
- version_type=linux
- library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
- soname_spec='$libname${shared_ext}.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=freebsd-elf
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test "$with_gnu_ld" = yes; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-$as_echo "$dynamic_linker" >&6; }
-test "$dynamic_linker" = no && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
- sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
-fi
-if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
- sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" ||
- test -n "$runpath_var" ||
- test "X$hardcode_automatic" = "Xyes" ; then
-
- # We can hardcode non-existent directories.
- if test "$hardcode_direct" != no &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
- test "$hardcode_minus_L" != no; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action=unsupported
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-$as_echo "$hardcode_action" >&6; }
-
-if test "$hardcode_action" = relink ||
- test "$inherit_rpath" = yes; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
- test "$enable_shared" = no; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-
-
-
-
-
- if test "x$enable_dlopen" != xyes; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen="load_add_on"
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen="LoadLibrary"
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen="dlopen"
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-int
-main ()
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_dl_dlopen=yes
-else
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
-
- lt_cv_dlopen="dyld"
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
-
-fi
-
- ;;
-
- *)
- ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = x""yes; then :
- lt_cv_dlopen="shl_load"
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-$as_echo_n "checking for shl_load in -ldld... " >&6; }
-if test "${ac_cv_lib_dld_shl_load+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load ();
-int
-main ()
-{
-return shl_load ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_dld_shl_load=yes
-else
- ac_cv_lib_dld_shl_load=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = x""yes; then :
- lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
-else
- ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = x""yes; then :
- lt_cv_dlopen="dlopen"
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-int
-main ()
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_dl_dlopen=yes
-else
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-$as_echo_n "checking for dlopen in -lsvld... " >&6; }
-if test "${ac_cv_lib_svld_dlopen+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-int
-main ()
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_svld_dlopen=yes
-else
- ac_cv_lib_svld_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = x""yes; then :
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-$as_echo_n "checking for dld_link in -ldld... " >&6; }
-if test "${ac_cv_lib_dld_dld_link+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dld_link ();
-int
-main ()
-{
-return dld_link ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_dld_dld_link=yes
-else
- ac_cv_lib_dld_dld_link=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = x""yes; then :
- lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
- ;;
- esac
-
- if test "x$lt_cv_dlopen" != xno; then
- enable_dlopen=yes
- else
- enable_dlopen=no
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS="$CPPFLAGS"
- test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS="$LDFLAGS"
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS="$LIBS"
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-$as_echo_n "checking whether a program can dlopen itself... " >&6; }
-if test "${lt_cv_dlopen_self+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test "$cross_compiling" = yes; then :
- lt_cv_dlopen_self=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line 10294 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-$as_echo "$lt_cv_dlopen_self" >&6; }
-
- if test "x$lt_cv_dlopen_self" = xyes; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
-if test "${lt_cv_dlopen_self_static+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test "$cross_compiling" = yes; then :
- lt_cv_dlopen_self_static=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line 10390 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self_static=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-$as_echo "$lt_cv_dlopen_self_static" >&6; }
- fi
-
- CPPFLAGS="$save_CPPFLAGS"
- LDFLAGS="$save_LDFLAGS"
- LIBS="$save_LIBS"
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-striplib=
-old_striplib=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-$as_echo_n "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP" ; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- fi
- ;;
- *)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
- # Report which library types will actually be built
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-$as_echo_n "checking if libtool supports shared libraries... " >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-$as_echo "$can_build_shared" >&6; }
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-$as_echo_n "checking whether to build shared libraries... " >&6; }
- test "$can_build_shared" = "no" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test "$enable_shared" = yes && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[4-9]*)
- if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
- test "$enable_shared" = yes && enable_static=no
- fi
- ;;
- esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-$as_echo "$enable_shared" >&6; }
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-$as_echo_n "checking whether to build static libraries... " >&6; }
- # Make sure either enable_shared or enable_static is yes.
- test "$enable_shared" = yes || enable_static=yes
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-$as_echo "$enable_static" >&6; }
-
-
-
-
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC="$lt_save_CC"
-
-
-
-
-
-
-
-
-
-
-
-
-
- ac_config_commands="$ac_config_commands libtool"
-
-
-
-
-# Only expand once:
-
-
-# Check whether --enable-unstable-shared was given.
-if test "${enable_unstable_shared+set}" = set; then :
- enableval=$enable_unstable_shared; case $enableval in
- yes|no) enable_shared=${enableval} ;;
- *) enable_shared=${enableval} ;;
- esac
-else
- enable_shared=no
-fi
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-
-
-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_compiler_gnu=yes
-else
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-else
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-else
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c89" != xno; then :
-
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-depcc="$CC" am_compiler_list=
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-$as_echo_n "checking dependency style of $depcc... " >&6; }
-if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named `D' -- because `-MD' means `put the output
- # in D'.
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
- # Solaris 8's {/usr,}/bin/sh.
- touch sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- case $depmode in
- nosideeffect)
- # after this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- none) break ;;
- esac
- # We check with `-c' and `-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle `-M -o', and we need to detect this.
- if depmode=$depmode \
- source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-if test "x$CC" != xcc; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5
-$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5
-$as_echo_n "checking whether cc understands -c and -o together... " >&6; }
-fi
-set dummy $CC; ac_cc=`$as_echo "$2" |
- sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-if eval "test \"\${ac_cv_prog_cc_${ac_cc}_c_o+set}\"" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-# Make sure it works both with $CC and with simple cc.
-# We do the test twice because some compilers refuse to overwrite an
-# existing .o file with -o, though they will create one.
-ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
-rm -f conftest2.*
-if { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } &&
- test -f conftest2.$ac_objext && { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; };
-then
- eval ac_cv_prog_cc_${ac_cc}_c_o=yes
- if test "x$CC" != xcc; then
- # Test first that cc exists at all.
- if { ac_try='cc -c conftest.$ac_ext >&5'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
- rm -f conftest2.*
- if { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } &&
- test -f conftest2.$ac_objext && { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; };
- then
- # cc works too.
- :
- else
- # cc exists but doesn't like -o.
- eval ac_cv_prog_cc_${ac_cc}_c_o=no
- fi
- fi
- fi
-else
- eval ac_cv_prog_cc_${ac_cc}_c_o=no
-fi
-rm -f core conftest*
-
-fi
-if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h
-
-fi
-
-# FIXME: we rely on the cache variable name because
-# there is no other way.
-set dummy $CC
-ac_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-
-
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-if test -z "$CXX"; then
- if test -n "$CCC"; then
- CXX=$CCC
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CXX"; then
- ac_cv_prog_CXX="$CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CXX=$ac_cv_prog_CXX
-if test -n "$CXX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
-$as_echo "$CXX" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CXX" && break
- done
-fi
-if test -z "$CXX"; then
- ac_ct_CXX=$CXX
- for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CXX"; then
- ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CXX="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
-if test -n "$ac_ct_CXX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
-$as_echo "$ac_ct_CXX" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CXX" && break
-done
-
- if test "x$ac_ct_CXX" = x; then
- CXX="g++"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CXX=$ac_ct_CXX
- fi
-fi
-
- fi
-fi
-# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
-$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
-if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- ac_compiler_gnu=yes
-else
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
-$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GXX=yes
-else
- GXX=
-fi
-ac_test_CXXFLAGS=${CXXFLAGS+set}
-ac_save_CXXFLAGS=$CXXFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
-$as_echo_n "checking whether $CXX accepts -g... " >&6; }
-if test "${ac_cv_prog_cxx_g+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_save_cxx_werror_flag=$ac_cxx_werror_flag
- ac_cxx_werror_flag=yes
- ac_cv_prog_cxx_g=no
- CXXFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- ac_cv_prog_cxx_g=yes
-else
- CXXFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
-
-else
- ac_cxx_werror_flag=$ac_save_cxx_werror_flag
- CXXFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- ac_cv_prog_cxx_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_cxx_werror_flag=$ac_save_cxx_werror_flag
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
-$as_echo "$ac_cv_prog_cxx_g" >&6; }
-if test "$ac_test_CXXFLAGS" = set; then
- CXXFLAGS=$ac_save_CXXFLAGS
-elif test $ac_cv_prog_cxx_g = yes; then
- if test "$GXX" = yes; then
- CXXFLAGS="-g -O2"
- else
- CXXFLAGS="-g"
- fi
-else
- if test "$GXX" = yes; then
- CXXFLAGS="-O2"
- else
- CXXFLAGS=
- fi
-fi
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-depcc="$CXX" am_compiler_list=
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-$as_echo_n "checking dependency style of $depcc... " >&6; }
-if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named `D' -- because `-MD' means `put the output
- # in D'.
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CXX_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
- # Solaris 8's {/usr,}/bin/sh.
- touch sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- case $depmode in
- nosideeffect)
- # after this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- none) break ;;
- esac
- # We check with `-c' and `-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle `-M -o', and we need to detect this.
- if depmode=$depmode \
- source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CXX_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CXX_dependencies_compiler_type=none
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
-$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
-CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
- am__fastdepCXX_TRUE=
- am__fastdepCXX_FALSE='#'
-else
- am__fastdepCXX_TRUE='#'
- am__fastdepCXX_FALSE=
-fi
-
-
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-if test -z "$CXX"; then
- if test -n "$CCC"; then
- CXX=$CCC
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CXX"; then
- ac_cv_prog_CXX="$CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CXX=$ac_cv_prog_CXX
-if test -n "$CXX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
-$as_echo "$CXX" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CXX" && break
- done
-fi
-if test -z "$CXX"; then
- ac_ct_CXX=$CXX
- for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CXX"; then
- ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CXX="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
-if test -n "$ac_ct_CXX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
-$as_echo "$ac_ct_CXX" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CXX" && break
-done
-
- if test "x$ac_ct_CXX" = x; then
- CXX="g++"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CXX=$ac_ct_CXX
- fi
-fi
-
- fi
-fi
-# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
-$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
-if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- ac_compiler_gnu=yes
-else
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
-$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GXX=yes
-else
- GXX=
-fi
-ac_test_CXXFLAGS=${CXXFLAGS+set}
-ac_save_CXXFLAGS=$CXXFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
-$as_echo_n "checking whether $CXX accepts -g... " >&6; }
-if test "${ac_cv_prog_cxx_g+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_save_cxx_werror_flag=$ac_cxx_werror_flag
- ac_cxx_werror_flag=yes
- ac_cv_prog_cxx_g=no
- CXXFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- ac_cv_prog_cxx_g=yes
-else
- CXXFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
-
-else
- ac_cxx_werror_flag=$ac_save_cxx_werror_flag
- CXXFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- ac_cv_prog_cxx_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_cxx_werror_flag=$ac_save_cxx_werror_flag
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
-$as_echo "$ac_cv_prog_cxx_g" >&6; }
-if test "$ac_test_CXXFLAGS" = set; then
- CXXFLAGS=$ac_save_CXXFLAGS
-elif test $ac_cv_prog_cxx_g = yes; then
- if test "$GXX" = yes; then
- CXXFLAGS="-g -O2"
- else
- CXXFLAGS="-g"
- fi
-else
- if test "$GXX" = yes; then
- CXXFLAGS="-O2"
- else
- CXXFLAGS=
- fi
-fi
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-depcc="$CXX" am_compiler_list=
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-$as_echo_n "checking dependency style of $depcc... " >&6; }
-if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named `D' -- because `-MD' means `put the output
- # in D'.
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CXX_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
- # Solaris 8's {/usr,}/bin/sh.
- touch sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- case $depmode in
- nosideeffect)
- # after this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- none) break ;;
- esac
- # We check with `-c' and `-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle `-M -o', and we need to detect this.
- if depmode=$depmode \
- source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CXX_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CXX_dependencies_compiler_type=none
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
-$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
-CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
- am__fastdepCXX_TRUE=
- am__fastdepCXX_FALSE='#'
-else
- am__fastdepCXX_TRUE='#'
- am__fastdepCXX_FALSE=
-fi
-
-
-if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
- ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
- (test "X$CXX" != "Xg++"))) ; then
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5
-$as_echo_n "checking how to run the C++ preprocessor... " >&6; }
-if test -z "$CXXCPP"; then
- if test "${ac_cv_prog_CXXCPP+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CXXCPP needs to be expanded
- for CXXCPP in "$CXX -E" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_cxx_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_cxx_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_cxx_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
- break
-fi
-
- done
- ac_cv_prog_CXXCPP=$CXXCPP
-
-fi
- CXXCPP=$ac_cv_prog_CXXCPP
-else
- ac_cv_prog_CXXCPP=$CXXCPP
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5
-$as_echo "$CXXCPP" >&6; }
-ac_preproc_ok=false
-for ac_cxx_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_cxx_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_cxx_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
-
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-_lt_caught_CXX_error=yes; }
-fi
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-else
- _lt_caught_CXX_error=yes
-fi
-
-
-
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-archive_cmds_need_lc_CXX=no
-allow_undefined_flag_CXX=
-always_export_symbols_CXX=no
-archive_expsym_cmds_CXX=
-compiler_needs_object_CXX=no
-export_dynamic_flag_spec_CXX=
-hardcode_direct_CXX=no
-hardcode_direct_absolute_CXX=no
-hardcode_libdir_flag_spec_CXX=
-hardcode_libdir_flag_spec_ld_CXX=
-hardcode_libdir_separator_CXX=
-hardcode_minus_L_CXX=no
-hardcode_shlibpath_var_CXX=unsupported
-hardcode_automatic_CXX=no
-inherit_rpath_CXX=no
-module_cmds_CXX=
-module_expsym_cmds_CXX=
-link_all_deplibs_CXX=unknown
-old_archive_cmds_CXX=$old_archive_cmds
-no_undefined_flag_CXX=
-whole_archive_flag_spec_CXX=
-enable_shared_with_static_runtimes_CXX=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-objext_CXX=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working. Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test "$_lt_caught_CXX_error" != yes; then
- # Code to be used in simple compile tests
- lt_simple_compile_test_code="int some_variable = 0;"
-
- # Code to be used in simple link tests
- lt_simple_link_test_code='int main(int, char *[]) { return(0); }'
-
- # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
- # save warnings/boilerplate of simple test code
- ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-
- ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-
-
- # Allow CC to be a program name with arguments.
- lt_save_CC=$CC
- lt_save_LD=$LD
- lt_save_GCC=$GCC
- GCC=$GXX
- lt_save_with_gnu_ld=$with_gnu_ld
- lt_save_path_LD=$lt_cv_path_LD
- if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
- lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
- else
- $as_unset lt_cv_prog_gnu_ld
- fi
- if test -n "${lt_cv_path_LDCXX+set}"; then
- lt_cv_path_LD=$lt_cv_path_LDCXX
- else
- $as_unset lt_cv_path_LD
- fi
- test -z "${LDCXX+set}" || LD=$LDCXX
- CC=${CXX-"c++"}
- compiler=$CC
- compiler_CXX=$CC
- for cc_temp in $compiler""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
-done
-cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-
- if test -n "$compiler"; then
- # We don't want -fno-exception when compiling C++ code, so set the
- # no_builtin_flag separately
- if test "$GXX" = yes; then
- lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
- else
- lt_prog_compiler_no_builtin_flag_CXX=
- fi
-
- if test "$GXX" = yes; then
- # Set up default GNU C++ configuration
-
-
-
-# Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then :
- withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
-else
- with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test "$GCC" = yes; then
- # Check if gcc -print-prog-name=ld gives a path.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-$as_echo_n "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD="$ac_prog"
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test "$with_gnu_ld" = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-$as_echo_n "checking for GNU ld... " >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-$as_echo_n "checking for non-GNU ld... " >&6; }
-fi
-if test "${lt_cv_path_LD+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$LD"; then
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS="$lt_save_ifs"
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD="$ac_dir/$ac_prog"
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test "$with_gnu_ld" != no && break
- ;;
- *)
- test "$with_gnu_ld" != yes && break
- ;;
- esac
- fi
- done
- IFS="$lt_save_ifs"
-else
- lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi
-fi
-
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-$as_echo "$LD" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
-if test "${lt_cv_prog_gnu_ld+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-$as_echo "$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-
-
-
-
- # Check if GNU C++ uses GNU ld as the underlying linker, since the
- # archiving commands below assume that GNU ld is being used.
- if test "$with_gnu_ld" = yes; then
- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-
- hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
- export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
-
- # If archive_cmds runs LD, not CC, wlarc should be empty
- # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
- # investigate it a little bit more. (MM)
- wlarc='${wl}'
-
- # ancient GNU ld didn't support --whole-archive et. al.
- if eval "`$CC -print-prog-name=ld` --help 2>&1" |
- $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
- else
- whole_archive_flag_spec_CXX=
- fi
- else
- with_gnu_ld=no
- wlarc=
-
- # A generic and very simple default shared library creation
- # command for GNU C++ for the case where it uses the native
- # linker, instead of GNU ld. If possible, this setting should
- # overridden to take advantage of the native linker features on
- # the platform it is being used on.
- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
- fi
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
-
- else
- GXX=no
- with_gnu_ld=no
- wlarc=
- fi
-
- # PORTME: fill in a description of your system's C++ link characteristics
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
- ld_shlibs_CXX=yes
- case $host_os in
- aix3*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- aix[4-9]*)
- if test "$host_cpu" = ia64; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=""
- else
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # need to do runtime linking.
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- case $ld_flag in
- *-brtl*)
- aix_use_runtimelinking=yes
- break
- ;;
- esac
- done
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- archive_cmds_CXX=''
- hardcode_direct_CXX=yes
- hardcode_direct_absolute_CXX=yes
- hardcode_libdir_separator_CXX=':'
- link_all_deplibs_CXX=yes
- file_list_spec_CXX='${wl}-f,'
-
- if test "$GXX" = yes; then
- case $host_os in aix4.[012]|aix4.[012].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`${CC} -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct_CXX=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- hardcode_minus_L_CXX=yes
- hardcode_libdir_flag_spec_CXX='-L$libdir'
- hardcode_libdir_separator_CXX=
- fi
- esac
- shared_flag='-shared'
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag="$shared_flag "'${wl}-G'
- fi
- else
- # not using gcc
- if test "$host_cpu" = ia64; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag='${wl}-G'
- else
- shared_flag='${wl}-bM:SRE'
- fi
- fi
- fi
-
- export_dynamic_flag_spec_CXX='${wl}-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to
- # export.
- always_export_symbols_CXX=yes
- if test "$aix_use_runtimelinking" = yes; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- allow_undefined_flag_CXX='-berok'
- # Determine the default libpath from the value encoded in an empty
- # executable.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_link "$LINENO"; then :
-
-lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\(.*\)$/\1/
- p
- }
- }'
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
- hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
-
- archive_expsym_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
- else
- if test "$host_cpu" = ia64; then
- hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
- allow_undefined_flag_CXX="-z nodefs"
- archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_link "$LINENO"; then :
-
-lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\(.*\)$/\1/
- p
- }
- }'
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
- hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- no_undefined_flag_CXX=' ${wl}-bernotok'
- allow_undefined_flag_CXX=' ${wl}-berok'
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec_CXX='$convenience'
- archive_cmds_need_lc_CXX=yes
- # This is similar to how AIX traditionally builds its shared
- # libraries.
- archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
- fi
- fi
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- allow_undefined_flag_CXX=unsupported
- # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- else
- ld_shlibs_CXX=no
- fi
- ;;
-
- chorus*)
- case $cc_basename in
- *)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- esac
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
- # as there is no search path for DLLs.
- hardcode_libdir_flag_spec_CXX='-L$libdir'
- allow_undefined_flag_CXX=unsupported
- always_export_symbols_CXX=no
- enable_shared_with_static_runtimes_CXX=yes
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- ld_shlibs_CXX=no
- fi
- ;;
- darwin* | rhapsody*)
-
-
- archive_cmds_need_lc_CXX=no
- hardcode_direct_CXX=no
- hardcode_automatic_CXX=yes
- hardcode_shlibpath_var_CXX=unsupported
- whole_archive_flag_spec_CXX=''
- link_all_deplibs_CXX=yes
- allow_undefined_flag_CXX="$_lt_dar_allow_undefined"
- case $cc_basename in
- ifort*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test "$_lt_dar_can_shared" = "yes"; then
- output_verbose_link_cmd=echo
- archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
- module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
- archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
- module_expsym_cmds_CXX="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
- if test "$lt_cv_apple_cc_single_mod" != "yes"; then
- archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
- archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
- fi
-
- else
- ld_shlibs_CXX=no
- fi
-
- ;;
-
- dgux*)
- case $cc_basename in
- ec++*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- ghcx*)
- # Green Hills C++ Compiler
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- esac
- ;;
-
- freebsd[12]*)
- # C++ shared libraries reported to be fairly broken before
- # switch to ELF
- ld_shlibs_CXX=no
- ;;
-
- freebsd-elf*)
- archive_cmds_need_lc_CXX=no
- ;;
-
- freebsd* | dragonfly*)
- # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
- # conventions
- ld_shlibs_CXX=yes
- ;;
-
- gnu*)
- ;;
-
- hpux9*)
- hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
- hardcode_libdir_separator_CXX=:
- export_dynamic_flag_spec_CXX='${wl}-E'
- hardcode_direct_CXX=yes
- hardcode_minus_L_CXX=yes # Not in the search PATH,
- # but as the default
- # location of the library.
-
- case $cc_basename in
- CC*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- aCC*)
- archive_cmds_CXX='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
- ;;
- *)
- if test "$GXX" = yes; then
- archive_cmds_CXX='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
- else
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- fi
- ;;
- esac
- ;;
-
- hpux10*|hpux11*)
- if test $with_gnu_ld = no; then
- hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
- hardcode_libdir_separator_CXX=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- ;;
- *)
- export_dynamic_flag_spec_CXX='${wl}-E'
- ;;
- esac
- fi
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct_CXX=no
- hardcode_shlibpath_var_CXX=no
- ;;
- *)
- hardcode_direct_CXX=yes
- hardcode_direct_absolute_CXX=yes
- hardcode_minus_L_CXX=yes # Not in the search PATH,
- # but as the default
- # location of the library.
- ;;
- esac
-
- case $cc_basename in
- CC*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- aCC*)
- case $host_cpu in
- hppa*64*)
- archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- ia64*)
- archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- *)
- archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- esac
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
- ;;
- *)
- if test "$GXX" = yes; then
- if test $with_gnu_ld = no; then
- case $host_cpu in
- hppa*64*)
- archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- ia64*)
- archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- *)
- archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- esac
- fi
- else
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- fi
- ;;
- esac
- ;;
-
- interix[3-9]*)
- hardcode_direct_CXX=no
- hardcode_shlibpath_var_CXX=no
- hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
- export_dynamic_flag_spec_CXX='${wl}-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
- irix5* | irix6*)
- case $cc_basename in
- CC*)
- # SGI C++
- archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
-
- # Archives containing C++ object files must be created using
- # "CC -ar", where "CC" is the IRIX C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
- ;;
- *)
- if test "$GXX" = yes; then
- if test "$with_gnu_ld" = no; then
- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- else
- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
- fi
- fi
- link_all_deplibs_CXX=yes
- ;;
- esac
- hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator_CXX=:
- inherit_rpath_CXX=yes
- ;;
-
- linux* | k*bsd*-gnu)
- case $cc_basename in
- KCC*)
- # Kuck and Associates, Inc. (KAI) C++ Compiler
-
- # KCC will only create a shared library if the output file
- # ends with ".so" (or ".sl" for HP-UX), so rename the library
- # to its proper name (with version) after linking.
- archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
- archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
-
- hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
- export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
-
- # Archives containing C++ object files must be created using
- # "CC -Bstatic", where "CC" is the KAI C++ compiler.
- old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
- ;;
- icpc* | ecpc* )
- # Intel C++
- with_gnu_ld=yes
- # version 8.0 and above of icpc choke on multiply defined symbols
- # if we add $predep_objects and $postdep_objects, however 7.1 and
- # earlier do not add the objects themselves.
- case `$CC -V 2>&1` in
- *"Version 7."*)
- archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- *) # Version 8.0 or newer
- tmp_idyn=
- case $host_cpu in
- ia64*) tmp_idyn=' -i_dynamic';;
- esac
- archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- esac
- archive_cmds_need_lc_CXX=no
- hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
- export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
- whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
- ;;
- pgCC* | pgcpp*)
- # Portland Group C++ compiler
- case `$CC -V` in
- *pgCC\ [1-5]* | *pgcpp\ [1-5]*)
- prelink_cmds_CXX='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
- old_archive_cmds_CXX='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
- $RANLIB $oldlib'
- archive_cmds_CXX='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
- archive_expsym_cmds_CXX='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
- ;;
- *) # Version 6 will use weak symbols
- archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
- archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
- ;;
- esac
-
- hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
- export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
- whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
- ;;
- cxx*)
- # Compaq C++
- archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
-
- runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec_CXX='-rpath $libdir'
- hardcode_libdir_separator_CXX=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
- ;;
- xl*)
- # IBM XL 8.0 on PPC, with GNU ld
- hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
- export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
- archive_cmds_CXX='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
- archive_expsym_cmds_CXX='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
- fi
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
- no_undefined_flag_CXX=' -zdefs'
- archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- archive_expsym_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
- hardcode_libdir_flag_spec_CXX='-R$libdir'
- whole_archive_flag_spec_CXX='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
- compiler_needs_object_CXX=yes
-
- # Not sure whether something based on
- # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
- # would be better.
- output_verbose_link_cmd='echo'
-
- # Archives containing C++ object files must be created using
- # "CC -xar", where "CC" is the Sun C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
- ;;
- esac
- ;;
- esac
- ;;
-
- lynxos*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
-
- m88k*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
-
- mvs*)
- case $cc_basename in
- cxx*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- esac
- ;;
-
- netbsd*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
- wlarc=
- hardcode_libdir_flag_spec_CXX='-R$libdir'
- hardcode_direct_CXX=yes
- hardcode_shlibpath_var_CXX=no
- fi
- # Workaround some broken pre-1.5 toolchains
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
- ;;
-
- *nto* | *qnx*)
- ld_shlibs_CXX=yes
- ;;
-
- openbsd2*)
- # C++ shared libraries are fairly broken
- ld_shlibs_CXX=no
- ;;
-
- openbsd*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct_CXX=yes
- hardcode_shlibpath_var_CXX=no
- hardcode_direct_absolute_CXX=yes
- archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
- hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
- export_dynamic_flag_spec_CXX='${wl}-E'
- whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
- fi
- output_verbose_link_cmd=echo
- else
- ld_shlibs_CXX=no
- fi
- ;;
-
- osf3* | osf4* | osf5*)
- case $cc_basename in
- KCC*)
- # Kuck and Associates, Inc. (KAI) C++ Compiler
-
- # KCC will only create a shared library if the output file
- # ends with ".so" (or ".sl" for HP-UX), so rename the library
- # to its proper name (with version) after linking.
- archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
- hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
- hardcode_libdir_separator_CXX=:
-
- # Archives containing C++ object files must be created using
- # the KAI C++ compiler.
- case $host in
- osf3*) old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;;
- *) old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;;
- esac
- ;;
- RCC*)
- # Rational C++ 2.4.1
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- cxx*)
- case $host in
- osf3*)
- allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
- archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
- hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
- ;;
- *)
- allow_undefined_flag_CXX=' -expect_unresolved \*'
- archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
- archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
- echo "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
- $RM $lib.exp'
- hardcode_libdir_flag_spec_CXX='-rpath $libdir'
- ;;
- esac
-
- hardcode_libdir_separator_CXX=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
- ;;
- *)
- if test "$GXX" = yes && test "$with_gnu_ld" = no; then
- allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
- case $host in
- osf3*)
- archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- ;;
- *)
- archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- ;;
- esac
-
- hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator_CXX=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
-
- else
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- fi
- ;;
- esac
- ;;
-
- psos*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
-
- sunos4*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.x
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- lcc*)
- # Lucid
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- esac
- ;;
-
- solaris*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.2, 5.x and Centerline C++
- archive_cmds_need_lc_CXX=yes
- no_undefined_flag_CXX=' -zdefs'
- archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- hardcode_libdir_flag_spec_CXX='-R$libdir'
- hardcode_shlibpath_var_CXX=no
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands `-z linker_flag'.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract'
- ;;
- esac
- link_all_deplibs_CXX=yes
-
- output_verbose_link_cmd='echo'
-
- # Archives containing C++ object files must be created using
- # "CC -xar", where "CC" is the Sun C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
- ;;
- gcx*)
- # Green Hills C++ Compiler
- archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
-
- # The C++ compiler must be used to create the archive.
- old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
- ;;
- *)
- # GNU C++ compiler with Solaris linker
- if test "$GXX" = yes && test "$with_gnu_ld" = no; then
- no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
- if $CC --version | $GREP -v '^2\.7' > /dev/null; then
- archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
- archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
- else
- # g++ 2.7 appears to require `-G' NOT `-shared' on this
- # platform.
- archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
- archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
- fi
-
- hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
- ;;
- esac
- fi
- ;;
- esac
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag_CXX='${wl}-z,text'
- archive_cmds_need_lc_CXX=no
- hardcode_shlibpath_var_CXX=no
- runpath_var='LD_RUN_PATH'
-
- case $cc_basename in
- CC*)
- archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We can NOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- no_undefined_flag_CXX='${wl}-z,text'
- allow_undefined_flag_CXX='${wl}-z,nodefs'
- archive_cmds_need_lc_CXX=no
- hardcode_shlibpath_var_CXX=no
- hardcode_libdir_flag_spec_CXX='${wl}-R,$libdir'
- hardcode_libdir_separator_CXX=':'
- link_all_deplibs_CXX=yes
- export_dynamic_flag_spec_CXX='${wl}-Bexport'
- runpath_var='LD_RUN_PATH'
-
- case $cc_basename in
- CC*)
- archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- tandem*)
- case $cc_basename in
- NCC*)
- # NonStop-UX NCC 3.20
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- esac
- ;;
-
- vxworks*)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
-
- *)
- # FIXME: insert proper C++ library support
- ld_shlibs_CXX=no
- ;;
- esac
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
-$as_echo "$ld_shlibs_CXX" >&6; }
- test "$ld_shlibs_CXX" = no && can_build_shared=no
-
- GCC_CXX="$GXX"
- LD_CXX="$LD"
-
- ## CAVEAT EMPTOR:
- ## There is no encapsulation within the following macros, do not change
- ## the running order or otherwise move them around unless you know exactly
- ## what you are doing...
- # Dependencies to place before and after the object being linked:
-predep_objects_CXX=
-postdep_objects_CXX=
-predeps_CXX=
-postdeps_CXX=
-compiler_lib_search_path_CXX=
-
-cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
- Foo (void) { a = 0; }
-private:
- int a;
-};
-_LT_EOF
-
-if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- # Parse the compiler output and extract the necessary
- # objects, libraries and library flags.
-
- # Sentinel used to keep track of whether or not we are before
- # the conftest object file.
- pre_test_object_deps_done=no
-
- for p in `eval "$output_verbose_link_cmd"`; do
- case $p in
-
- -L* | -R* | -l*)
- # Some compilers place space between "-{L,R}" and the path.
- # Remove the space.
- if test $p = "-L" ||
- test $p = "-R"; then
- prev=$p
- continue
- else
- prev=
- fi
-
- if test "$pre_test_object_deps_done" = no; then
- case $p in
- -L* | -R*)
- # Internal compiler library paths should come after those
- # provided the user. The postdeps already come after the
- # user supplied libs so there is no need to process them.
- if test -z "$compiler_lib_search_path_CXX"; then
- compiler_lib_search_path_CXX="${prev}${p}"
- else
- compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
- fi
- ;;
- # The "-l" case would never come before the object being
- # linked, so don't bother handling this case.
- esac
- else
- if test -z "$postdeps_CXX"; then
- postdeps_CXX="${prev}${p}"
- else
- postdeps_CXX="${postdeps_CXX} ${prev}${p}"
- fi
- fi
- ;;
-
- *.$objext)
- # This assumes that the test object file only shows up
- # once in the compiler output.
- if test "$p" = "conftest.$objext"; then
- pre_test_object_deps_done=yes
- continue
- fi
-
- if test "$pre_test_object_deps_done" = no; then
- if test -z "$predep_objects_CXX"; then
- predep_objects_CXX="$p"
- else
- predep_objects_CXX="$predep_objects_CXX $p"
- fi
- else
- if test -z "$postdep_objects_CXX"; then
- postdep_objects_CXX="$p"
- else
- postdep_objects_CXX="$postdep_objects_CXX $p"
- fi
- fi
- ;;
-
- *) ;; # Ignore the rest.
-
- esac
- done
-
- # Clean up.
- rm -f a.out a.exe
-else
- echo "libtool.m4: error: problem compiling CXX test program"
-fi
-
-$RM -f confest.$objext
-
-# PORTME: override above test on systems where it is broken
-case $host_os in
-interix[3-9]*)
- # Interix 3.5 installs completely hosed .la files for C++, so rather than
- # hack all around it, let's just trust "g++" to DTRT.
- predep_objects_CXX=
- postdep_objects_CXX=
- postdeps_CXX=
- ;;
-
-linux*)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
-
- # The more standards-conforming stlport4 library is
- # incompatible with the Cstd library. Avoid specifying
- # it if it's in CXXFLAGS. Ignore libCrun as
- # -library=stlport4 depends on it.
- case " $CXX $CXXFLAGS " in
- *" -library=stlport4 "*)
- solaris_use_stlport4=yes
- ;;
- esac
-
- if test "$solaris_use_stlport4" != yes; then
- postdeps_CXX='-library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
-
-solaris*)
- case $cc_basename in
- CC*)
- # The more standards-conforming stlport4 library is
- # incompatible with the Cstd library. Avoid specifying
- # it if it's in CXXFLAGS. Ignore libCrun as
- # -library=stlport4 depends on it.
- case " $CXX $CXXFLAGS " in
- *" -library=stlport4 "*)
- solaris_use_stlport4=yes
- ;;
- esac
-
- # Adding this requires a known-good setup of shared libraries for
- # Sun compiler versions before 5.6, else PIC objects from an old
- # archive will be linked into the output, leading to subtle bugs.
- if test "$solaris_use_stlport4" != yes; then
- postdeps_CXX='-library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
-esac
-
-
-case " $postdeps_CXX " in
-*" -lc "*) archive_cmds_need_lc_CXX=no ;;
-esac
- compiler_lib_search_dirs_CXX=
-if test -n "${compiler_lib_search_path_CXX}"; then
- compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- lt_prog_compiler_wl_CXX=
-lt_prog_compiler_pic_CXX=
-lt_prog_compiler_static_CXX=
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
-
- # C++ specific cases for pic, static, wl, etc.
- if test "$GXX" = yes; then
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_static_CXX='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test "$host_cpu" = ia64; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static_CXX='-Bstatic'
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- lt_prog_compiler_pic_CXX='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the `-m68020' flag to GCC prevents building anything better,
- # like `-m68040'.
- lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
- mingw* | cygwin* | os2* | pw32* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
- ;;
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic_CXX='-fno-common'
- ;;
- *djgpp*)
- # DJGPP does not support shared libraries at all
- lt_prog_compiler_pic_CXX=
- ;;
- interix[3-9]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic_CXX=-Kconform_pic
- fi
- ;;
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- ;;
- *)
- lt_prog_compiler_pic_CXX='-fPIC'
- ;;
- esac
- ;;
- *qnx* | *nto*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic_CXX='-fPIC -shared'
- ;;
- *)
- lt_prog_compiler_pic_CXX='-fPIC'
- ;;
- esac
- else
- case $host_os in
- aix[4-9]*)
- # All AIX code is PIC.
- if test "$host_cpu" = ia64; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static_CXX='-Bstatic'
- else
- lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
- chorus*)
- case $cc_basename in
- cxch68*)
- # Green Hills C++ Compiler
- # _LT_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
- ;;
- esac
- ;;
- dgux*)
- case $cc_basename in
- ec++*)
- lt_prog_compiler_pic_CXX='-KPIC'
- ;;
- ghcx*)
- # Green Hills C++ Compiler
- lt_prog_compiler_pic_CXX='-pic'
- ;;
- *)
- ;;
- esac
- ;;
- freebsd* | dragonfly*)
- # FreeBSD uses GNU C++
- ;;
- hpux9* | hpux10* | hpux11*)
- case $cc_basename in
- CC*)
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
- if test "$host_cpu" != ia64; then
- lt_prog_compiler_pic_CXX='+Z'
- fi
- ;;
- aCC*)
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic_CXX='+Z'
- ;;
- esac
- ;;
- *)
- ;;
- esac
- ;;
- interix*)
- # This is c89, which is MS Visual C++ (no shared libs)
- # Anyone wants to do a port?
- ;;
- irix5* | irix6* | nonstopux*)
- case $cc_basename in
- CC*)
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_static_CXX='-non_shared'
- # CC pic flag -KPIC is the default.
- ;;
- *)
- ;;
- esac
- ;;
- linux* | k*bsd*-gnu)
- case $cc_basename in
- KCC*)
- # KAI C++ Compiler
- lt_prog_compiler_wl_CXX='--backend -Wl,'
- lt_prog_compiler_pic_CXX='-fPIC'
- ;;
- ecpc* )
- # old Intel C++ for x86_64 which still supported -KPIC.
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_pic_CXX='-KPIC'
- lt_prog_compiler_static_CXX='-static'
- ;;
- icpc* )
- # Intel C++, used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_pic_CXX='-fPIC'
- lt_prog_compiler_static_CXX='-static'
- ;;
- pgCC* | pgcpp*)
- # Portland Group C++ compiler
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_pic_CXX='-fpic'
- lt_prog_compiler_static_CXX='-Bstatic'
- ;;
- cxx*)
- # Compaq C++
- # Make sure the PIC flag is empty. It appears that all Alpha
- # Linux and Compaq Tru64 Unix objects are PIC.
- lt_prog_compiler_pic_CXX=
- lt_prog_compiler_static_CXX='-non_shared'
- ;;
- xlc* | xlC*)
- # IBM XL 8.0 on PPC
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_pic_CXX='-qpic'
- lt_prog_compiler_static_CXX='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
- lt_prog_compiler_pic_CXX='-KPIC'
- lt_prog_compiler_static_CXX='-Bstatic'
- lt_prog_compiler_wl_CXX='-Qoption ld '
- ;;
- esac
- ;;
- esac
- ;;
- lynxos*)
- ;;
- m88k*)
- ;;
- mvs*)
- case $cc_basename in
- cxx*)
- lt_prog_compiler_pic_CXX='-W c,exportall'
- ;;
- *)
- ;;
- esac
- ;;
- netbsd*)
- ;;
- *qnx* | *nto*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic_CXX='-fPIC -shared'
- ;;
- osf3* | osf4* | osf5*)
- case $cc_basename in
- KCC*)
- lt_prog_compiler_wl_CXX='--backend -Wl,'
- ;;
- RCC*)
- # Rational C++ 2.4.1
- lt_prog_compiler_pic_CXX='-pic'
- ;;
- cxx*)
- # Digital/Compaq C++
- lt_prog_compiler_wl_CXX='-Wl,'
- # Make sure the PIC flag is empty. It appears that all Alpha
- # Linux and Compaq Tru64 Unix objects are PIC.
- lt_prog_compiler_pic_CXX=
- lt_prog_compiler_static_CXX='-non_shared'
- ;;
- *)
- ;;
- esac
- ;;
- psos*)
- ;;
- solaris*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.2, 5.x and Centerline C++
- lt_prog_compiler_pic_CXX='-KPIC'
- lt_prog_compiler_static_CXX='-Bstatic'
- lt_prog_compiler_wl_CXX='-Qoption ld '
- ;;
- gcx*)
- # Green Hills C++ Compiler
- lt_prog_compiler_pic_CXX='-PIC'
- ;;
- *)
- ;;
- esac
- ;;
- sunos4*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.x
- lt_prog_compiler_pic_CXX='-pic'
- lt_prog_compiler_static_CXX='-Bstatic'
- ;;
- lcc*)
- # Lucid
- lt_prog_compiler_pic_CXX='-pic'
- ;;
- *)
- ;;
- esac
- ;;
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- case $cc_basename in
- CC*)
- lt_prog_compiler_wl_CXX='-Wl,'
- lt_prog_compiler_pic_CXX='-KPIC'
- lt_prog_compiler_static_CXX='-Bstatic'
- ;;
- esac
- ;;
- tandem*)
- case $cc_basename in
- NCC*)
- # NonStop-UX NCC 3.20
- lt_prog_compiler_pic_CXX='-KPIC'
- ;;
- *)
- ;;
- esac
- ;;
- vxworks*)
- ;;
- *)
- lt_prog_compiler_can_build_shared_CXX=no
- ;;
- esac
- fi
-
-case $host_os in
- # For platforms which do not support PIC, -DPIC is meaningless:
- *djgpp*)
- lt_prog_compiler_pic_CXX=
- ;;
- *)
- lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
- ;;
-esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic_CXX" >&5
-$as_echo "$lt_prog_compiler_pic_CXX" >&6; }
-
-
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic_CXX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
-$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... " >&6; }
-if test "${lt_cv_prog_compiler_pic_works_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_pic_works_CXX=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14036: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:14040: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_pic_works_CXX=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works_CXX" >&5
-$as_echo "$lt_cv_prog_compiler_pic_works_CXX" >&6; }
-
-if test x"$lt_cv_prog_compiler_pic_works_CXX" = xyes; then
- case $lt_prog_compiler_pic_CXX in
- "" | " "*) ;;
- *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
- esac
-else
- lt_prog_compiler_pic_CXX=
- lt_prog_compiler_can_build_shared_CXX=no
-fi
-
-fi
-
-
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if test "${lt_cv_prog_compiler_static_works_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_static_works_CXX=no
- save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_static_works_CXX=yes
- fi
- else
- lt_cv_prog_compiler_static_works_CXX=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS="$save_LDFLAGS"
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works_CXX" >&5
-$as_echo "$lt_cv_prog_compiler_static_works_CXX" >&6; }
-
-if test x"$lt_cv_prog_compiler_static_works_CXX" = xyes; then
- :
-else
- lt_prog_compiler_static_CXX=
-fi
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_c_o_CXX=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14135: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:14139: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o_CXX=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
-$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- lt_cv_prog_compiler_c_o_CXX=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14187: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:14191: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o_CXX=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
-$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
-
-
-
-
-hard_links="nottested"
-if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
- # do not overwrite the value of need_locks provided by the user
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-$as_echo_n "checking if we can lock with hard links... " >&6; }
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-$as_echo "$hard_links" >&6; }
- if test "$hard_links" = no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
-
- export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- case $host_os in
- aix[4-9]*)
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to AIX nm, but means don't demangle with GNU nm
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
- fi
- ;;
- pw32*)
- export_symbols_cmds_CXX="$ltdll_cmds"
- ;;
- cygwin* | mingw* | cegcc*)
- export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;/^.*[ ]__nm__/s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
- ;;
- *)
- export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- ;;
- esac
- exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
-$as_echo "$ld_shlibs_CXX" >&6; }
-test "$ld_shlibs_CXX" = no && can_build_shared=no
-
-with_gnu_ld_CXX=$with_gnu_ld
-
-
-
-
-
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc_CXX" in
-x|xyes)
- # Assume -lc should be added
- archive_cmds_need_lc_CXX=yes
-
- if test "$enable_shared" = yes && test "$GCC" = yes; then
- case $archive_cmds_CXX in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl_CXX
- pic_flag=$lt_prog_compiler_pic_CXX
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
- allow_undefined_flag_CXX=
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
- (eval $archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- then
- archive_cmds_need_lc_CXX=no
- else
- archive_cmds_need_lc_CXX=yes
- fi
- allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc_CXX" >&5
-$as_echo "$archive_cmds_need_lc_CXX" >&6; }
- ;;
- esac
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-$as_echo_n "checking dynamic linker characteristics... " >&6; }
-
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=".so"
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-case $host_os in
-aix3*)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='${libname}${release}${shared_ext}$major'
- ;;
-
-aix[4-9]*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test "$host_cpu" = ia64; then
- # AIX 5 supports IA64
- library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line `#! .'. This would cause the generated library to
- # depend on `.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- if test "$aix_use_runtimelinking" = yes; then
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- else
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='${libname}${release}.a $libname.a'
- soname_spec='${libname}${release}${shared_ext}$major'
- fi
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='${libname}${shared_ext}'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[45]*)
- version_type=linux
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=".dll"
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$host_os in
- yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \${file}`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH printed by
- # mingw gcc, but we are running on Cygwin. Gcc prints its search
- # path with ; separators, and with drive letters. We can handle the
- # drive letters (cygwin fileutils understands them), so leave them,
- # especially as we might pass files found there to a mingw objdump,
- # which wouldn't understand a cygwinified path. Ahh.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- ;;
- esac
- ;;
-
- *)
- library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
- soname_spec='${libname}${release}${major}$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd1*)
- dynamic_linker=no
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[123]*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
- freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-gnu*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- if test "X$HPUX_IA64_MODE" = X32; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- fi
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555.
- postinstall_cmds='chmod 555 $lib'
- ;;
-
-interix[3-9]*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
- sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-# This must be Linux ELF.
-linux* | k*bsd*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- # Some binutils ld are patched to set DT_RUNPATH
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl_CXX\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec_CXX\""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_link "$LINENO"; then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
- shlibpath_overrides_runpath=yes
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Append ld.so.conf contents to the search path
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd*)
- version_type=sunos
- sys_lib_dlsearch_path_spec="/usr/lib"
- need_lib_prefix=no
- # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
- case $host_os in
- openbsd3.3 | openbsd3.3.*) need_version=yes ;;
- *) need_version=no ;;
- esac
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- case $host_os in
- openbsd2.[89] | openbsd2.[89].*)
- shlibpath_overrides_runpath=no
- ;;
- *)
- shlibpath_overrides_runpath=yes
- ;;
- esac
- else
- shlibpath_overrides_runpath=yes
- fi
- ;;
-
-os2*)
- libname_spec='$name'
- shrext_cmds=".dll"
- need_lib_prefix=no
- library_names_spec='$libname${shared_ext} $libname.a'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=LIBPATH
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test "$with_gnu_ld" = yes; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec ;then
- version_type=linux
- library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
- soname_spec='$libname${shared_ext}.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=freebsd-elf
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test "$with_gnu_ld" = yes; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-$as_echo "$dynamic_linker" >&6; }
-test "$dynamic_linker" = no && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
- sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
-fi
-if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
- sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
-hardcode_action_CXX=
-if test -n "$hardcode_libdir_flag_spec_CXX" ||
- test -n "$runpath_var_CXX" ||
- test "X$hardcode_automatic_CXX" = "Xyes" ; then
-
- # We can hardcode non-existent directories.
- if test "$hardcode_direct_CXX" != no &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test "$_LT_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
- test "$hardcode_minus_L_CXX" != no; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action_CXX=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action_CXX=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action_CXX=unsupported
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action_CXX" >&5
-$as_echo "$hardcode_action_CXX" >&6; }
-
-if test "$hardcode_action_CXX" = relink ||
- test "$inherit_rpath_CXX" = yes; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
- test "$enable_shared" = no; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-
-
-
-
-
-
- fi # test -n "$compiler"
-
- CC=$lt_save_CC
- LDCXX=$LD
- LD=$lt_save_LD
- GCC=$lt_save_GCC
- with_gnu_ld=$lt_save_with_gnu_ld
- lt_cv_path_LDCXX=$lt_cv_path_LD
- lt_cv_path_LD=$lt_save_path_LD
- lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
- lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test "$_lt_caught_CXX_error" != yes
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C++ compiler works" >&5
-$as_echo_n "checking whether the C++ compiler works... " >&6; }
-if test "${atf_cv_prog_cxx_works+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_link "$LINENO"; then :
- atf_cv_prog_cxx_works=yes
-else
- atf_cv_prog_cxx_works=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $atf_cv_prog_cxx_works" >&5
-$as_echo "$atf_cv_prog_cxx_works" >&6; }
-if test "${atf_cv_prog_cxx_works}" = no; then
- as_fn_error $? "C++ compiler cannot create executables" "$LINENO" 5
-fi
-
-
- # Check whether --enable-developer was given.
-if test "${enable_developer+set}" = set; then :
- enableval=$enable_developer;
-else
- case ${PACKAGE_VERSION} in
- 0.*|*99*|*alpha*|*beta*)
- enable_developer=yes
- ;;
- *)
- enable_developer=no
- ;;
- esac
-fi
-
-
- if test ${enable_developer} = yes; then
- try_werror=yes
-
- try_c_cxx_flags="-g \
- -Wall \
- -Wcast-qual \
- -Wextra \
- -Wno-unused-parameter \
- -Wpointer-arith \
- -Wredundant-decls \
- -Wreturn-type \
- -Wshadow \
- -Wsign-compare \
- -Wswitch \
- -Wwrite-strings"
-
- try_c_flags="-Wmissing-prototypes \
- -Wno-traditional \
- -Wstrict-prototypes"
-
- try_cxx_flags="-Wabi \
- -Wctor-dtor-privacy \
- -Wno-deprecated \
- -Wno-non-template-friend \
- -Wno-pmf-conversions \
- -Wnon-virtual-dtor \
- -Woverloaded-virtual \
- -Wreorder \
- -Wsign-promo \
- -Wsynth"
-
- #
- # The following flags should also be enabled but cannot be. Reasons
- # given below.
- #
- # -Wold-style-cast: Raises errors when using TIOCGWINSZ, at least under
- # Mac OS X. This is due to the way _IOR is defined.
- #
- else
- try_werror=no
- try_c_cxx_flags="-DNDEBUG"
- try_c_flags=
- try_cxx_flags=
- fi
- try_c_cxx_flags="${try_c_cxx_flags} -D_FORTIFY_SOURCE=2"
-
- # Try and set -Werror first so that tests for other flags are accurate.
- # Otherwise, compilers such as clang will report the flags as a warning and
- # we will conclude they are supported... but when they are combined with
- # -Werror they cause build failures.
- if test ${try_werror} = yes; then
-
- valid_cflags=
- for f in -Werror; do
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} supports ${f}" >&5
-$as_echo_n "checking whether ${CC} supports ${f}... " >&6; }
- saved_cflags="${CFLAGS}"
- valid_cflag=no
- CFLAGS="${CFLAGS} ${f}"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- valid_cflag=yes
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- CFLAGS="${saved_cflags}"
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
- if test ${valid_cflag} = yes; then
- valid_cflags="${valid_cflags} ${f}"
- fi
-
- done
- if test -n "${valid_cflags}"; then
- CFLAGS="${CFLAGS} ${valid_cflags}"
- fi
-
-
- valid_cxxflags=
- for f in -Werror; do
-
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CXX} supports ${f}" >&5
-$as_echo_n "checking whether ${CXX} supports ${f}... " >&6; }
- saved_cxxflags="${CXXFLAGS}"
- valid_cxxflag=no
- CXXFLAGS="${CXXFLAGS} ${f}"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_link "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- valid_cxxflag=yes
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- CXXFLAGS="${saved_cxxflags}"
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
- if test ${valid_cxxflag} = yes; then
- valid_cxxflags="${valid_cxxflags} ${f}"
- fi
-
- done
- if test -n "${valid_cxxflags}"; then
- CXXFLAGS="${CXXFLAGS} ${valid_cxxflags}"
- fi
-
- fi
-
-
- valid_cflags=
- for f in ${try_c_cxx_flags} ${try_c_flags}; do
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} supports ${f}" >&5
-$as_echo_n "checking whether ${CC} supports ${f}... " >&6; }
- saved_cflags="${CFLAGS}"
- valid_cflag=no
- CFLAGS="${CFLAGS} ${f}"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- valid_cflag=yes
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- CFLAGS="${saved_cflags}"
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
- if test ${valid_cflag} = yes; then
- valid_cflags="${valid_cflags} ${f}"
- fi
-
- done
- if test -n "${valid_cflags}"; then
- CFLAGS="${CFLAGS} ${valid_cflags}"
- fi
-
-
- valid_cxxflags=
- for f in ${try_c_cxx_flags} ${try_cxx_flags}; do
-
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CXX} supports ${f}" >&5
-$as_echo_n "checking whether ${CXX} supports ${f}... " >&6; }
- saved_cxxflags="${CXXFLAGS}"
- valid_cxxflag=no
- CXXFLAGS="${CXXFLAGS} ${f}"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_link "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- valid_cxxflag=yes
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- CXXFLAGS="${saved_cxxflags}"
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
- if test ${valid_cxxflag} = yes; then
- valid_cxxflags="${valid_cxxflags} ${f}"
- fi
-
- done
- if test -n "${valid_cxxflags}"; then
- CXXFLAGS="${CXXFLAGS} ${valid_cxxflags}"
- fi
-
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf is in std" >&5
-$as_echo_n "checking whether vsnprintf is in std... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <cstdarg>
- #include <cstdio>
-int
-main ()
-{
-va_list ap;
- char* buf = NULL;
- const char* fmt = NULL;
- std::vsnprintf(buf, 0, fmt, ap);
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_VSNPRINTF_IN_STD 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt allows a + sign for POSIX behavior" >&5
-$as_echo_n "checking whether getopt allows a + sign for POSIX behavior... " >&6; }
- if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run test program while cross compiling
-See \`config.log' for more details" "$LINENO" 5; }
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-int
-main ()
-{
-
- int argc = 4;
- char* argv[5] = {
- strdup("conftest"),
- strdup("-+"),
- strdup("-a"),
- strdup("bar"),
- NULL
- };
- int ch;
- int seen_a = 0, seen_plus = 0;
-
- while ((ch = getopt(argc, argv, "+a:")) != -1) {
- switch (ch) {
- case 'a':
- seen_a = 1;
- break;
-
- case '+':
- seen_plus = 1;
- break;
-
- case '?':
- default:
- ;
- }
- }
-
- return (seen_a && !seen_plus) ? EXIT_SUCCESS : EXIT_FAILURE;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- getopt_allows_plus=yes
-
-$as_echo "#define HAVE_GNU_GETOPT 1" >>confdefs.h
-
-else
- getopt_allows_plus=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${getopt_allows_plus}" >&5
-$as_echo "${getopt_allows_plus}" >&6; }
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset" >&5
-$as_echo_n "checking whether getopt has optreset... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <unistd.h>
-int
-main ()
-{
-
- optreset = 1;
- return EXIT_SUCCESS;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- getopt_has_optreset=yes
-else
- getopt_has_optreset=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- if test x"${getopt_has_optreset}" = yes; then
-
-$as_echo "#define HAVE_OPTRESET 1" >>confdefs.h
-
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${getopt_has_optreset}" >&5
-$as_echo "${getopt_has_optreset}" >&6; }
- ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __attribute__((noreturn)) is supported" >&5
-$as_echo_n "checking whether __attribute__((noreturn)) is supported... " >&6; }
- if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run test program while cross compiling
-See \`config.log' for more details" "$LINENO" 5; }
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
-#if ((__GNUC__ == 2 && __GNUC_MINOR__ >= 5) || __GNUC__ > 2)
- return 0;
-#else
- return 1;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_run "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- value="__attribute__((noreturn))"
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- value=""
-
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
- ATTRIBUTE_NORETURN=${value}
-
-
-
- for ac_func in putenv setenv unsetenv
-do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether putenv is in std" >&5
-$as_echo_n "checking whether putenv is in std... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <cstdio>
-int
-main ()
-{
-std::putenv("a=b");
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_PUTENV_IN_STD 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether setenv is in std" >&5
-$as_echo_n "checking whether setenv is in std... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <cstdio>
-int
-main ()
-{
-std::setenv("a", "b");
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_SETENV_IN_STD 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether unsetenv is in std" >&5
-$as_echo_n "checking whether unsetenv is in std... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <cstdio>
-int
-main ()
-{
-std::unsetenv("a");
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_UNSETENV_IN_STD 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether basename takes a constant pointer" >&5
-$as_echo_n "checking whether basename takes a constant pointer... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <libgen.h>
-int
-main ()
-{
-
- const char* s = "/foo/bar/";
- (void)::basename(s);
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_CONST_BASENAME 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether dirname takes a constant pointer" >&5
-$as_echo_n "checking whether dirname takes a constant pointer... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <libgen.h>
-int
-main ()
-{
-
- const char* s = "/foo/bar/";
- (void)::dirname(s);
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_CONST_DIRNAME 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getcwd(NULL, 0) works" >&5
-$as_echo_n "checking whether getcwd(NULL, 0) works... " >&6; }
- if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run test program while cross compiling
-See \`config.log' for more details" "$LINENO" 5; }
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <unistd.h>
-int
-main ()
-{
-
- char *cwd = getcwd(NULL, 0);
- return (cwd != NULL) ? EXIT_SUCCESS : EXIT_FAILURE;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_run "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_GETCWD_DYN 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-
- for ac_func in unmount
-do :
- ac_fn_cxx_check_func "$LINENO" "unmount" "ac_cv_func_unmount"
-if test "x$ac_cv_func_unmount" = x""yes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_UNMOUNT 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf is in std" >&5
-$as_echo_n "checking whether snprintf is in std... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <cstdio>
-int
-main ()
-{
-char buf;
- std::snprintf(&buf, 1, "");
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_compile "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-$as_echo "#define HAVE_SNPRINTF_IN_STD 1" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the last valid signal" >&5
-$as_echo_n "checking for the last valid signal... " >&6; }
- if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run test program while cross compiling
-See \`config.log' for more details" "$LINENO" 5; }
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <err.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
-
- int i;
- FILE *f;
-
- i = 0;
- while (i < 1024) {
- i++;
- if (i != SIGKILL && i != SIGSTOP) {
- struct sigaction sa;
- int ret;
-
- sa.sa_handler = SIG_IGN;
- sigemptyset(&sa.sa_mask);
- sa.sa_flags = 0;
-
- ret = sigaction(i, &sa, NULL);
- if (ret == -1) {
- if (errno == EINVAL) {
- i--;
- break;
- } else
- err(EXIT_FAILURE, "sigaction failed");
- }
- }
- }
- if (i == 100)
- errx(EXIT_FAILURE, "too much signals");
-
- f = fopen("conftest.cnt", "w");
- if (f == NULL)
- err(EXIT_FAILURE, "failed to open file");
-
- fprintf(f, "%d\n", i);
- fclose(f);
-
- return EXIT_SUCCESS;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_cxx_try_run "$LINENO"; then :
- if test ! -f conftest.cnt; then
- last_signo=15
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed; assuming ${last_signo}" >&5
-$as_echo "failed; assuming ${last_signo}" >&6; }
- else
- last_signo=$(cat conftest.cnt)
- rm -f conftest.cnt
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${last_signo}" >&5
-$as_echo "${last_signo}" >&6; }
- fi
-else
- last_signo=15
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed; assuming ${last_signo}" >&5
-$as_echo "failed; assuming ${last_signo}" >&6; }
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-
-cat >>confdefs.h <<_ACEOF
-#define LAST_SIGNO ${last_signo}
-_ACEOF
-
-
-
-
-
- test x"${ATF_BUILD_CC-unset}" = x"unset" && ATF_BUILD_CC="${CC}"
-
-
-
-
- test x"${ATF_BUILD_CFLAGS-unset}" = x"unset" && ATF_BUILD_CFLAGS="${CFLAGS}"
-
-
-
-
- test x"${ATF_BUILD_CPP-unset}" = x"unset" && ATF_BUILD_CPP="${CPP}"
-
-
-
-
- test x"${ATF_BUILD_CPPFLAGS-unset}" = x"unset" && ATF_BUILD_CPPFLAGS="${CPPFLAGS}"
-
-
-
-
- test x"${ATF_BUILD_CXX-unset}" = x"unset" && ATF_BUILD_CXX="${CXX}"
-
-
-
-
- test x"${ATF_BUILD_CXXFLAGS-unset}" = x"unset" && ATF_BUILD_CXXFLAGS="${CXXFLAGS}"
-
-
-
-
-if test "${srcdir}" = .; then
- target_srcdir=
-else
- target_srcdir="${srcdir}/"
-fi
-
-
-
-machine=${target_cpu}
-
-case ${machine} in
- i[3-9]86)
- arch=i386
- ;;
- x86_64)
- arch=amd64
- ;;
- *)
- arch=${machine}
- ;;
-esac
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: Machine type: ${machine}, architecture: ${arch}" >&5
-$as_echo "$as_me: Machine type: ${machine}, architecture: ${arch}" >&6;}
-atf_arch=${arch}
-
-atf_machine=${machine}
-
-
-
-
-if test x"${ATF_CONFSUBDIR-unset}" = x"unset"; then
- ATF_CONFSUBDIR=atf
-else
- case ${ATF_CONFSUBDIR} in
- /*)
- as_fn_error $? "ATF_CONFSUBDIR must hold a relative path" "$LINENO" 5
- ;;
- *)
- ;;
- esac
-fi
-if test x"${ATF_CONFSUBDIR}" = x""; then
- atf_confdir=\${sysconfdir}
-
-else
- atf_confdir=\${sysconfdir}/${ATF_CONFSUBDIR}
-
-fi
-
-
-if test x"${ATF_WORKDIR}" = x""; then
- for t in /tmp /var/tmp; do
- if test -d ${t}; then
- ATF_WORKDIR=${t}
- break
- fi
- done
- if test x"${ATF_WORKDIR}" = x""; then
- as_fn_error $? "Could not guess a value for ATF_WORKDIR" "$LINENO" 5
- fi
-else
- case ${ATF_WORKDIR} in
- /*)
- ;;
- *)
- as_fn_error $? "ATF_WORKDIR must hold an absolute path" "$LINENO" 5
- ;;
- esac
-fi
-
-atf_cssdir=\${datadir}/examples/atf
-
-atf_dtddir=\${datadir}/xml/atf
-
-atf_egdir=\${datadir}/examples/atf
-
-atf_pkgconfigdir=\${libdir}/pkgconfig
-
-atf_xsldir=\${datadir}/xsl/atf
-
-
-
-
-if test x"${ATF_SHELL}" = x""; then
- for ac_prog in bash sh
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_ATF_SHELL+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- case $ATF_SHELL in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ATF_SHELL="$ATF_SHELL" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_path_ATF_SHELL="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ATF_SHELL=$ac_cv_path_ATF_SHELL
-if test -n "$ATF_SHELL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ATF_SHELL" >&5
-$as_echo "$ATF_SHELL" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ATF_SHELL" && break
-done
-
-else
- case ${ATF_SHELL} in
- /*)
- ;;
- *)
- as_fn_error $? "ATF_SHELL must hold an absolute path" "$LINENO" 5
- ;;
- esac
-fi
-if test x"${ATF_SHELL}" = x""; then
- as_fn_error $? "No POSIX shell interpreter found; maybe set ATF_SHELL?" "$LINENO" 5
-fi
-
-
-# Extract the first word of "mtn", so it can be a program name with args.
-set dummy mtn; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_MTN+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- case $MTN in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_MTN="$MTN" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_path_MTN="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-MTN=$ac_cv_path_MTN
-if test -n "$MTN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MTN" >&5
-$as_echo "$MTN" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-
-
-ac_config_files="$ac_config_files Makefile atf-c/defs.h"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- test "x$cache_file" != "x/dev/null" &&
- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-$as_echo "$as_me: updating cache $cache_file" >&6;}
- cat confcache >$cache_file
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-DEFS=-DHAVE_CONFIG_H
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIBOBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
- as_fn_error $? "conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCXX\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCXX\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-
-: ${CONFIG_STATUS=./config.status}
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- $as_echo "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -p'
- fi
-else
- as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in #(
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by Automated Testing Framework $as_me 0.12, which was
-generated by GNU Autoconf 2.67. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-case $ac_config_headers in *"
-"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
-esac
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_headers="$ac_config_headers"
-config_commands="$ac_config_commands"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Configuration commands:
-$config_commands
-
-Report bugs to <atf-devel at NetBSD.org>.
-Automated Testing Framework home page: <http://www.NetBSD.org/~jmmv/atf/>."
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
-ac_cs_version="\\
-Automated Testing Framework config.status 0.12
-configured by $0, generated by GNU Autoconf 2.67,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2010 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-MKDIR_P='$MKDIR_P'
-AWK='$AWK'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- $as_echo "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- $as_echo "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --header | --heade | --head | --hea )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append CONFIG_HEADERS " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h)
- # Conflict between --help and --header
- as_fn_error $? "ambiguous option: \`$1'
-Try \`$0 --help' for more information.";;
- --help | --hel | -h )
- $as_echo "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
- $as_echo "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-#
-# INIT-COMMANDS
-#
-
-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
-
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
-macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
-enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
-enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
-pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
-enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
-host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
-host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
-host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
-build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
-build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
-build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
-SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
-Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
-GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
-EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
-FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
-LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
-NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
-LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
-max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
-ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
-exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
-lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
-lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
-lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
-reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
-reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`'
-deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
-file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
-AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
-AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
-STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
-RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
-old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
-CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
-compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
-GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
-objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
-SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
-ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
-MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
-need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
-DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
-NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
-LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
-OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
-OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
-libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
-shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
-export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
-whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
-allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
-no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
-inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
-link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
-fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
-always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
-export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
-include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
-prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
-variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
-need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
-need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
-version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
-runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
-shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
-shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
-libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
-library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
-soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
-postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
-sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
-sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
-enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
-enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
-enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
-old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
-striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_lib_search_dirs='`$ECHO "X$compiler_lib_search_dirs" | $Xsed -e "$delay_single_quote_subst"`'
-predep_objects='`$ECHO "X$predep_objects" | $Xsed -e "$delay_single_quote_subst"`'
-postdep_objects='`$ECHO "X$postdep_objects" | $Xsed -e "$delay_single_quote_subst"`'
-predeps='`$ECHO "X$predeps" | $Xsed -e "$delay_single_quote_subst"`'
-postdeps='`$ECHO "X$postdeps" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_lib_search_path='`$ECHO "X$compiler_lib_search_path" | $Xsed -e "$delay_single_quote_subst"`'
-LD_CXX='`$ECHO "X$LD_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_cmds_CXX='`$ECHO "X$old_archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_CXX='`$ECHO "X$compiler_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-GCC_CXX='`$ECHO "X$GCC_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag_CXX='`$ECHO "X$lt_prog_compiler_no_builtin_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_wl_CXX='`$ECHO "X$lt_prog_compiler_wl_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_pic_CXX='`$ECHO "X$lt_prog_compiler_pic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_static_CXX='`$ECHO "X$lt_prog_compiler_static_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o_CXX='`$ECHO "X$lt_cv_prog_compiler_c_o_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-archive_cmds_need_lc_CXX='`$ECHO "X$archive_cmds_need_lc_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes_CXX='`$ECHO "X$enable_shared_with_static_runtimes_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-export_dynamic_flag_spec_CXX='`$ECHO "X$export_dynamic_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-whole_archive_flag_spec_CXX='`$ECHO "X$whole_archive_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_needs_object_CXX='`$ECHO "X$compiler_needs_object_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_from_new_cmds_CXX='`$ECHO "X$old_archive_from_new_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds_CXX='`$ECHO "X$old_archive_from_expsyms_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-archive_cmds_CXX='`$ECHO "X$archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-archive_expsym_cmds_CXX='`$ECHO "X$archive_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-module_cmds_CXX='`$ECHO "X$module_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-module_expsym_cmds_CXX='`$ECHO "X$module_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-with_gnu_ld_CXX='`$ECHO "X$with_gnu_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-allow_undefined_flag_CXX='`$ECHO "X$allow_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-no_undefined_flag_CXX='`$ECHO "X$no_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec_CXX='`$ECHO "X$hardcode_libdir_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec_ld_CXX='`$ECHO "X$hardcode_libdir_flag_spec_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_separator_CXX='`$ECHO "X$hardcode_libdir_separator_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_direct_CXX='`$ECHO "X$hardcode_direct_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_direct_absolute_CXX='`$ECHO "X$hardcode_direct_absolute_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_minus_L_CXX='`$ECHO "X$hardcode_minus_L_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_shlibpath_var_CXX='`$ECHO "X$hardcode_shlibpath_var_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_automatic_CXX='`$ECHO "X$hardcode_automatic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-inherit_rpath_CXX='`$ECHO "X$inherit_rpath_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-link_all_deplibs_CXX='`$ECHO "X$link_all_deplibs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-fix_srcfile_path_CXX='`$ECHO "X$fix_srcfile_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-always_export_symbols_CXX='`$ECHO "X$always_export_symbols_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-export_symbols_cmds_CXX='`$ECHO "X$export_symbols_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-exclude_expsyms_CXX='`$ECHO "X$exclude_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-include_expsyms_CXX='`$ECHO "X$include_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-prelink_cmds_CXX='`$ECHO "X$prelink_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-file_list_spec_CXX='`$ECHO "X$file_list_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_action_CXX='`$ECHO "X$hardcode_action_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_lib_search_dirs_CXX='`$ECHO "X$compiler_lib_search_dirs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-predep_objects_CXX='`$ECHO "X$predep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-postdep_objects_CXX='`$ECHO "X$postdep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-predeps_CXX='`$ECHO "X$predeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-postdeps_CXX='`$ECHO "X$postdeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_lib_search_path_CXX='`$ECHO "X$compiler_lib_search_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
-
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# Quote evaled strings.
-for var in SED \
-GREP \
-EGREP \
-FGREP \
-LD \
-NM \
-LN_S \
-lt_SP2NL \
-lt_NL2SP \
-reload_flag \
-OBJDUMP \
-deplibs_check_method \
-file_magic_cmd \
-AR \
-AR_FLAGS \
-STRIP \
-RANLIB \
-CC \
-CFLAGS \
-compiler \
-lt_cv_sys_global_symbol_pipe \
-lt_cv_sys_global_symbol_to_cdecl \
-lt_cv_sys_global_symbol_to_c_name_address \
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
-SHELL \
-ECHO \
-lt_prog_compiler_no_builtin_flag \
-lt_prog_compiler_wl \
-lt_prog_compiler_pic \
-lt_prog_compiler_static \
-lt_cv_prog_compiler_c_o \
-need_locks \
-DSYMUTIL \
-NMEDIT \
-LIPO \
-OTOOL \
-OTOOL64 \
-shrext_cmds \
-export_dynamic_flag_spec \
-whole_archive_flag_spec \
-compiler_needs_object \
-with_gnu_ld \
-allow_undefined_flag \
-no_undefined_flag \
-hardcode_libdir_flag_spec \
-hardcode_libdir_flag_spec_ld \
-hardcode_libdir_separator \
-fix_srcfile_path \
-exclude_expsyms \
-include_expsyms \
-file_list_spec \
-variables_saved_for_relink \
-libname_spec \
-library_names_spec \
-soname_spec \
-finish_eval \
-old_striplib \
-striplib \
-compiler_lib_search_dirs \
-predep_objects \
-postdep_objects \
-predeps \
-postdeps \
-compiler_lib_search_path \
-LD_CXX \
-compiler_CXX \
-lt_prog_compiler_no_builtin_flag_CXX \
-lt_prog_compiler_wl_CXX \
-lt_prog_compiler_pic_CXX \
-lt_prog_compiler_static_CXX \
-lt_cv_prog_compiler_c_o_CXX \
-export_dynamic_flag_spec_CXX \
-whole_archive_flag_spec_CXX \
-compiler_needs_object_CXX \
-with_gnu_ld_CXX \
-allow_undefined_flag_CXX \
-no_undefined_flag_CXX \
-hardcode_libdir_flag_spec_CXX \
-hardcode_libdir_flag_spec_ld_CXX \
-hardcode_libdir_separator_CXX \
-fix_srcfile_path_CXX \
-exclude_expsyms_CXX \
-include_expsyms_CXX \
-file_list_spec_CXX \
-compiler_lib_search_dirs_CXX \
-predep_objects_CXX \
-postdep_objects_CXX \
-predeps_CXX \
-postdeps_CXX \
-compiler_lib_search_path_CXX; do
- case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in reload_cmds \
-old_postinstall_cmds \
-old_postuninstall_cmds \
-old_archive_cmds \
-extract_expsyms_cmds \
-old_archive_from_new_cmds \
-old_archive_from_expsyms_cmds \
-archive_cmds \
-archive_expsym_cmds \
-module_cmds \
-module_expsym_cmds \
-export_symbols_cmds \
-prelink_cmds \
-postinstall_cmds \
-postuninstall_cmds \
-finish_cmds \
-sys_lib_search_path_spec \
-sys_lib_dlsearch_path_spec \
-old_archive_cmds_CXX \
-old_archive_from_new_cmds_CXX \
-old_archive_from_expsyms_cmds_CXX \
-archive_cmds_CXX \
-archive_expsym_cmds_CXX \
-module_cmds_CXX \
-module_expsym_cmds_CXX \
-export_symbols_cmds_CXX \
-prelink_cmds_CXX; do
- case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Fix-up fallback echo if it was mangled by the above quoting rules.
-case \$lt_ECHO in
-*'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
- ;;
-esac
-
-ac_aux_dir='$ac_aux_dir'
-xsi_shell='$xsi_shell'
-lt_shell_append='$lt_shell_append'
-
-# See if we are running on zsh, and set the options which allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}" ; then
- setopt NO_GLOB_SUBST
-fi
-
-
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- TIMESTAMP='$TIMESTAMP'
- RM='$RM'
- ofile='$ofile'
-
-
-
-
-
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "bconfig.h") CONFIG_HEADERS="$CONFIG_HEADERS bconfig.h" ;;
- "bootstrap/atconfig") CONFIG_COMMANDS="$CONFIG_COMMANDS bootstrap/atconfig" ;;
- "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
- "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "atf-c/defs.h") CONFIG_FILES="$CONFIG_FILES atf-c/defs.h" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
- test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
- test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp=
- trap 'exit_status=$?
- { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "�"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-# Set up the scripts for CONFIG_HEADERS section.
-# No need to generate them if there are no CONFIG_HEADERS.
-# This happens for instance with `./config.status Makefile'.
-if test -n "$CONFIG_HEADERS"; then
-cat >"$tmp/defines.awk" <<\_ACAWK ||
-BEGIN {
-_ACEOF
-
-# Transform confdefs.h into an awk script `defines.awk', embedded as
-# here-document in config.status, that substitutes the proper values into
-# config.h.in to produce config.h.
-
-# Create a delimiter string that does not exist in confdefs.h, to ease
-# handling of long lines.
-ac_delim='%!_!# '
-for ac_last_try in false false :; do
- ac_t=`sed -n "/$ac_delim/p" confdefs.h`
- if test -z "$ac_t"; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-
-# For the awk script, D is an array of macro values keyed by name,
-# likewise P contains macro parameters if any. Preserve backslash
-# newline sequences.
-
-ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
-sed -n '
-s/.\{148\}/&'"$ac_delim"'/g
-t rset
-:rset
-s/^[ ]*#[ ]*define[ ][ ]*/ /
-t def
-d
-:def
-s/\\$//
-t bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3"/p
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
-d
-:bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3\\\\\\n"\\/p
-t cont
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
-t cont
-d
-:cont
-n
-s/.\{148\}/&'"$ac_delim"'/g
-t clear
-:clear
-s/\\$//
-t bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/"/p
-d
-:bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
-b cont
-' <confdefs.h | sed '
-s/'"$ac_delim"'/"\\\
-"/g' >>$CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- for (key in D) D_is_set[key] = 1
- FS = "�"
-}
-/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
- line = \$ 0
- split(line, arg, " ")
- if (arg[1] == "#") {
- defundef = arg[2]
- mac1 = arg[3]
- } else {
- defundef = substr(arg[1], 2)
- mac1 = arg[2]
- }
- split(mac1, mac2, "(") #)
- macro = mac2[1]
- prefix = substr(line, 1, index(line, defundef) - 1)
- if (D_is_set[macro]) {
- # Preserve the white space surrounding the "#".
- print prefix "define", macro P[macro] D[macro]
- next
- } else {
- # Replace #undef with comments. This is necessary, for example,
- # in the case of _POSIX_SOURCE, which is predefined and required
- # on some systems where configure will not decide to define it.
- if (defundef == "undef") {
- print "/*", prefix defundef, macro, "*/"
- next
- }
- }
-}
-{ print }
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
- as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
-fi # test -n "$CONFIG_HEADERS"
-
-
-eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-$as_echo "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`$as_echo "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
- ac_MKDIR_P=$MKDIR_P
- case $MKDIR_P in
- [\\/$]* | ?:[\\/]* ) ;;
- */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-s&@MKDIR_P@&$ac_MKDIR_P&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$tmp/stdin"
- case $ac_file in
- -) cat "$tmp/out" && rm -f "$tmp/out";;
- *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
- :H)
- #
- # CONFIG_HEADER
- #
- if test x"$ac_file" != x-; then
- {
- $as_echo "/* $configure_input */" \
- && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
- } >"$tmp/config.h" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
-$as_echo "$as_me: $ac_file is unchanged" >&6;}
- else
- rm -f "$ac_file"
- mv "$tmp/config.h" "$ac_file" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- fi
- else
- $as_echo "/* $configure_input */" \
- && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
- || as_fn_error $? "could not create -" "$LINENO" 5
- fi
-# Compute "$ac_file"'s index in $config_headers.
-_am_arg="$ac_file"
-_am_stamp_count=1
-for _am_header in $config_headers :; do
- case $_am_header in
- $_am_arg | $_am_arg:* )
- break ;;
- * )
- _am_stamp_count=`expr $_am_stamp_count + 1` ;;
- esac
-done
-echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
-$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$_am_arg" : 'X\(//\)[^/]' \| \
- X"$_am_arg" : 'X\(//\)$' \| \
- X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$_am_arg" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`/stamp-h$_am_stamp_count
- ;;
-
- :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-$as_echo "$as_me: executing $ac_file commands" >&6;}
- ;;
- esac
-
-
- case $ac_file$ac_mode in
- "bootstrap/atconfig":C) cat >bootstrap/atconfig <<ATEOF
-# Configurable variable values for building test suites.
-# Generated by $0.
-# Copyright (C) 2010 Free Software Foundation, Inc.
-
-# The test suite will define top_srcdir=$at_top_srcdir/../.. etc.
-at_testdir='bootstrap'
-abs_builddir='$ac_abs_builddir'
-at_srcdir='$ac_srcdir'
-abs_srcdir='$ac_abs_srcdir'
-at_top_srcdir='$ac_top_srcdir'
-abs_top_srcdir='$ac_abs_top_srcdir'
-at_top_build_prefix='$ac_top_build_prefix'
-abs_top_builddir='$ac_abs_top_builddir'
-
-# Backward compatibility with Autotest <= 2.59b:
-at_top_builddir=\$at_top_build_prefix
-
-AUTOTEST_PATH='bootstrap'
-
-SHELL=\${CONFIG_SHELL-'$SHELL'}
-ATEOF
- ;;
- "depfiles":C) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
- # Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named `Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`$as_dirname -- "$mf" ||
-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$mf" : 'X\(//\)[^/]' \| \
- X"$mf" : 'X\(//\)$' \| \
- X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$mf" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running `make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # When using ansi2knr, U may be empty or an underscore; expand it
- U=`sed -n 's/^U = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`$as_dirname -- "$file" ||
-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$file" : 'X\(//\)[^/]' \| \
- X"$file" : 'X\(//\)$' \| \
- X"$file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir=$dirpart/$fdir; as_fn_mkdir_p
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
- done
-done
- ;;
- "libtool":C)
-
- # See if we are running on zsh, and set the options which allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}" ; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile="${ofile}T"
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-
-# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008 Free Software Foundation, Inc.
-# Written by Gordon Matzigkeit, 1996
-#
-# This file is part of GNU Libtool.
-#
-# GNU Libtool is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# As a special exception to the GNU General Public License,
-# if you distribute this file as part of a program or library that
-# is built using GNU Libtool, you may include this file under the
-# same distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with GNU Libtool; see the file COPYING. If not, a copy
-# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
-# obtained by writing to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-
-# The names of the tagged configurations supported by this script.
-available_tags="CXX "
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Which release of libtool.m4 was used?
-macro_version=$macro_version
-macro_revision=$macro_revision
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# What type of objects to build.
-pic_mode=$pic_mode
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="\$SED -e 1s/^X//"
-
-# A grep program that handles long lines.
-GREP=$lt_GREP
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# A literal string matcher.
-FGREP=$lt_FGREP
-
-# A BSD- or MS-compatible name lister.
-NM=$lt_NM
-
-# Whether we need soft or hard links.
-LN_S=$lt_LN_S
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Object file suffix (normally "o").
-objext=$ac_objext
-
-# Executable file suffix (normally "").
-exeext=$exeext
-
-# whether the shell understands "unset".
-lt_unset=$lt_unset
-
-# turn spaces into newlines.
-SP2NL=$lt_lt_SP2NL
-
-# turn newlines into spaces.
-NL2SP=$lt_lt_NL2SP
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# An object symbol dumper.
-OBJDUMP=$lt_OBJDUMP
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == "file_magic".
-file_magic_cmd=$lt_file_magic_cmd
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# A symbol stripping program.
-STRIP=$lt_STRIP
-
-# Commands used to install an old-style archive.
-RANLIB=$lt_RANLIB
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# A C compiler.
-LTCC=$lt_CC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_CFLAGS
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration.
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair.
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# Transform the output of nm in a C name address pair when lib prefix is needed.
-global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# An echo program that does not interpret backslashes.
-ECHO=$lt_ECHO
-
-# Used to examine libraries when file_magic_cmd begins with "file".
-MAGIC_CMD=$MAGIC_CMD
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
-DSYMUTIL=$lt_DSYMUTIL
-
-# Tool to change global to local symbols on Mac OS X.
-NMEDIT=$lt_NMEDIT
-
-# Tool to manipulate fat objects and archives on Mac OS X.
-LIPO=$lt_LIPO
-
-# ldd/readelf like tool for Mach-O binaries on Mac OS X.
-OTOOL=$lt_OTOOL
-
-# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
-OTOOL64=$lt_OTOOL64
-
-# Old archive suffix (normally "a").
-libext=$libext
-
-# Shared library suffix (normally ".so").
-shrext_cmds=$lt_shrext_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at link time.
-variables_saved_for_relink=$lt_variables_saved_for_relink
-
-# Do we need the "lib" prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Library versioning type.
-version_type=$version_type
-
-# Shared library runtime path variable.
-runpath_var=$runpath_var
-
-# Shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names. First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Command to use after installation of a shared archive.
-postinstall_cmds=$lt_postinstall_cmds
-
-# Command to use after uninstallation of a shared archive.
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# As "finish_cmds", except a single script fragment to be evaled but
-# not shown.
-finish_eval=$lt_finish_eval
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Compile-time system search path for libraries.
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries.
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# Commands used to build an old-style archive.
-old_archive_cmds=$lt_old_archive_cmds
-
-# A language specific compiler.
-CC=$lt_compiler
-
-# Is the compiler the GNU compiler?
-with_gcc=$GCC
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc
-
-# Whether or not to disallow shared libs when runtime libs are static.
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Whether the compiler copes with passing no objects directly.
-compiler_needs_object=$lt_compiler_needs_object
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-
-# Commands used to build a loadable module if different from building
-# a shared archive.
-module_cmds=$lt_module_cmds
-module_expsym_cmds=$lt_module_expsym_cmds
-
-# Whether we are building with GNU ld or not.
-with_gnu_ld=$lt_with_gnu_ld
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that enforces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# If ld is used when linking, flag to hardcode \$libdir into a binary
-# during linking. This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
-
-# Whether we need a single "-rpath" flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
-# DIR into the resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
-# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
-# library is relocated.
-hardcode_direct_absolute=$hardcode_direct_absolute
-
-# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-# into the resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-# into the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Set to "yes" if building a shared library automatically hardcodes DIR
-# into the library and all subsequent libraries and executables linked
-# against it.
-hardcode_automatic=$hardcode_automatic
-
-# Set to yes if linker adds runtime paths of dependent libraries
-# to runtime path list.
-inherit_rpath=$inherit_rpath
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path=$lt_fix_srcfile_path
-
-# Set to "yes" if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# Commands necessary for linking programs (against libraries) with templates.
-prelink_cmds=$lt_prelink_cmds
-
-# Specify filename containing input files.
-file_list_spec=$lt_file_list_spec
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# The directories searched by this compiler when creating a shared library.
-compiler_lib_search_dirs=$lt_compiler_lib_search_dirs
-
-# Dependencies to place before and after the objects being linked to
-# create a shared library.
-predep_objects=$lt_predep_objects
-postdep_objects=$lt_postdep_objects
-predeps=$lt_predeps
-postdeps=$lt_postdeps
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_compiler_lib_search_path
-
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
-
-ltmain="$ac_aux_dir/ltmain.sh"
-
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- case $xsi_shell in
- yes)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_dirname file append nondir_replacement
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-func_dirname ()
-{
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac
-}
-
-# func_basename file
-func_basename ()
-{
- func_basename_result="${1##*/}"
-}
-
-# func_dirname_and_basename file append nondir_replacement
-# perform func_basename and func_dirname in a single function
-# call:
-# dirname: Compute the dirname of FILE. If nonempty,
-# add APPEND to the result, otherwise set result
-# to NONDIR_REPLACEMENT.
-# value returned in "$func_dirname_result"
-# basename: Compute filename of FILE.
-# value retuned in "$func_basename_result"
-# Implementation must be kept synchronized with func_dirname
-# and func_basename. For efficiency, we do not delegate to
-# those functions but instead duplicate the functionality here.
-func_dirname_and_basename ()
-{
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac
- func_basename_result="${1##*/}"
-}
-
-# func_stripname prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-func_stripname ()
-{
- # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
- # positional parameters, so assign one to ordinary parameter first.
- func_stripname_result=${3}
- func_stripname_result=${func_stripname_result#"${1}"}
- func_stripname_result=${func_stripname_result%"${2}"}
-}
-
-# func_opt_split
-func_opt_split ()
-{
- func_opt_split_opt=${1%%=*}
- func_opt_split_arg=${1#*=}
-}
-
-# func_lo2o object
-func_lo2o ()
-{
- case ${1} in
- *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
- *) func_lo2o_result=${1} ;;
- esac
-}
-
-# func_xform libobj-or-source
-func_xform ()
-{
- func_xform_result=${1%.*}.lo
-}
-
-# func_arith arithmetic-term...
-func_arith ()
-{
- func_arith_result=$(( $* ))
-}
-
-# func_len string
-# STRING may not start with a hyphen.
-func_len ()
-{
- func_len_result=${#1}
-}
-
-_LT_EOF
- ;;
- *) # Bourne compatible functions.
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_dirname file append nondir_replacement
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-func_dirname ()
-{
- # Extract subdirectory from the argument.
- func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
- if test "X$func_dirname_result" = "X${1}"; then
- func_dirname_result="${3}"
- else
- func_dirname_result="$func_dirname_result${2}"
- fi
-}
-
-# func_basename file
-func_basename ()
-{
- func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
-}
-
-
-# func_stripname prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-# func_strip_suffix prefix name
-func_stripname ()
-{
- case ${2} in
- .*) func_stripname_result=`$ECHO "X${3}" \
- | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
- *) func_stripname_result=`$ECHO "X${3}" \
- | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
- esac
-}
-
-# sed scripts:
-my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
-my_sed_long_arg='1s/^-[^=]*=//'
-
-# func_opt_split
-func_opt_split ()
-{
- func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
- func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
-}
-
-# func_lo2o object
-func_lo2o ()
-{
- func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
-}
-
-# func_xform libobj-or-source
-func_xform ()
-{
- func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
-}
-
-# func_arith arithmetic-term...
-func_arith ()
-{
- func_arith_result=`expr "$@"`
-}
-
-# func_len string
-# STRING may not start with a hyphen.
-func_len ()
-{
- func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
-}
-
-_LT_EOF
-esac
-
-case $lt_shell_append in
- yes)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_append var value
-# Append VALUE to the end of shell variable VAR.
-func_append ()
-{
- eval "$1+=\$2"
-}
-_LT_EOF
- ;;
- *)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_append var value
-# Append VALUE to the end of shell variable VAR.
-func_append ()
-{
- eval "$1=\$$1\$2"
-}
-
-_LT_EOF
- ;;
- esac
-
-
- sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-
-
- cat <<_LT_EOF >> "$ofile"
-
-# ### BEGIN LIBTOOL TAG CONFIG: CXX
-
-# The linker used to build libraries.
-LD=$lt_LD_CXX
-
-# Commands used to build an old-style archive.
-old_archive_cmds=$lt_old_archive_cmds_CXX
-
-# A language specific compiler.
-CC=$lt_compiler_CXX
-
-# Is the compiler the GNU compiler?
-with_gcc=$GCC_CXX
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl_CXX
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic_CXX
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static_CXX
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc_CXX
-
-# Whether or not to disallow shared libs when runtime libs are static.
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
-
-# Whether the compiler copes with passing no objects directly.
-compiler_needs_object=$lt_compiler_needs_object_CXX
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
-
-# Commands used to build a shared archive.
-archive_cmds=$lt_archive_cmds_CXX
-archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
-
-# Commands used to build a loadable module if different from building
-# a shared archive.
-module_cmds=$lt_module_cmds_CXX
-module_expsym_cmds=$lt_module_expsym_cmds_CXX
-
-# Whether we are building with GNU ld or not.
-with_gnu_ld=$lt_with_gnu_ld_CXX
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag_CXX
-
-# Flag that enforces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag_CXX
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
-
-# If ld is used when linking, flag to hardcode \$libdir into a binary
-# during linking. This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
-
-# Whether we need a single "-rpath" flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
-
-# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
-# DIR into the resulting binary.
-hardcode_direct=$hardcode_direct_CXX
-
-# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
-# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
-# library is relocated.
-hardcode_direct_absolute=$hardcode_direct_absolute_CXX
-
-# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-# into the resulting binary.
-hardcode_minus_L=$hardcode_minus_L_CXX
-
-# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-# into the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
-
-# Set to "yes" if building a shared library automatically hardcodes DIR
-# into the library and all subsequent libraries and executables linked
-# against it.
-hardcode_automatic=$hardcode_automatic_CXX
-
-# Set to yes if linker adds runtime paths of dependent libraries
-# to runtime path list.
-inherit_rpath=$inherit_rpath_CXX
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs_CXX
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path=$lt_fix_srcfile_path_CXX
-
-# Set to "yes" if exported symbols are required.
-always_export_symbols=$always_export_symbols_CXX
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds_CXX
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms_CXX
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms_CXX
-
-# Commands necessary for linking programs (against libraries) with templates.
-prelink_cmds=$lt_prelink_cmds_CXX
-
-# Specify filename containing input files.
-file_list_spec=$lt_file_list_spec_CXX
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action_CXX
-
-# The directories searched by this compiler when creating a shared library.
-compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX
-
-# Dependencies to place before and after the objects being linked to
-# create a shared library.
-predep_objects=$lt_predep_objects_CXX
-postdep_objects=$lt_postdep_objects_CXX
-predeps=$lt_predeps_CXX
-postdeps=$lt_postdeps_CXX
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
-
-# ### END LIBTOOL TAG CONFIG: CXX
-_LT_EOF
-
- ;;
-
- esac
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
-
-if test ${enable_shared} = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Shared libraries with unstable ABIs/APIs have been enabled." >&5
-$as_echo "$as_me: WARNING: Shared libraries with unstable ABIs/APIs have been enabled." >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please do not install them as part of a binary package." >&5
-$as_echo "$as_me: WARNING: Please do not install them as part of a binary package." >&2;}
-fi
-
Modified: vendor/bind/dist/unit/atf-src/configure.ac
===================================================================
--- vendor/bind/dist/unit/atf-src/configure.ac 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/configure.ac 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -31,12 +31,12 @@
dnl Initialize the GNU build system.
dnl -----------------------------------------------------------------------
-AC_INIT([Automated Testing Framework], [0.12], [atf-devel at NetBSD.org], [atf],
- [http://www.NetBSD.org/~jmmv/atf/])
+AC_INIT([Automated Testing Framework], [0.17], [atf-devel at NetBSD.org], [atf],
+ [http://code.google.com/p/kyua/wiki/ATF])
AC_PREREQ([2.65])
-AC_COPYRIGHT([Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.])
+AC_COPYRIGHT([Copyright (c) 2007-2012 The NetBSD Foundation, Inc.])
AC_DEFINE([PACKAGE_COPYRIGHT],
- ["Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc."],
+ ["Copyright (c) 2007-2012 The NetBSD Foundation, Inc."],
[Define to the copyright string applicable to this package.])
AC_CONFIG_AUX_DIR([admin])
AC_CONFIG_HEADERS([bconfig.h])
@@ -48,22 +48,18 @@
AM_INIT_AUTOMAKE([1.9 check-news foreign subdir-objects -Wall])
-LT_INIT([disable-shared])
-dnl This is just a hack to reverse the meaning of the --enable-shared
-dnl flag provided by libtool. We want it to default to building static
-dnl libraries only for now, but these are painful during development.
-dnl It is nice to have an easy way to enable shared library builds.
-dnl
-dnl TODO(1.0): Enable shared libraries by default, and fix their
-dnl -version-info.
-AC_ARG_ENABLE(unstable-shared,
- AS_HELP_STRING([--enable-unstable-shared],
- [Enables the build of shared libraries with unstable ABIs/APIs]),
+LT_INIT
+
+AC_ARG_ENABLE(tools,
+ AS_HELP_STRING([--enable-tools],
+ [Enables the build of the deprecated ATF tools]),
[case $enableval in
- yes|no) enable_shared=${enableval} ;;
- *) enable_shared=${enableval} ;;
+ yes|no) enable_tools=${enableval} ;;
+ *) AC_MSG_ERROR([Invalid value passed to --enable-tools]) ;;
esac],
- [enable_shared=no])
+ [enable_tools=no])
+AC_SUBST([ENABLE_TOOLS], ${enable_tools})
+AM_CONDITIONAL([ENABLE_TOOLS], [test "${enable_tools}" = yes])
dnl -----------------------------------------------------------------------
dnl Check for the C and C++ compilers and required features.
@@ -88,7 +84,7 @@
AC_MSG_ERROR([C++ compiler cannot create executables])
fi
-ATF_DEVELOPER_MODE
+KYUA_DEVELOPER_MODE([C,C++])
ATF_MODULE_APPLICATION
ATF_MODULE_DEFS
@@ -97,6 +93,8 @@
ATF_MODULE_SANITY
ATF_MODULE_SIGNALS
+AC_CHECK_TYPE([timer_t], [], [], [[#include <time.h>]])
+
ATF_RUNTIME_TOOL([ATF_BUILD_CC],
[C compiler to use at runtime], [${CC}])
ATF_RUNTIME_TOOL([ATF_BUILD_CFLAGS],
@@ -128,24 +126,13 @@
dnl Architecture and machine checks.
dnl -----------------------------------------------------------------------
-machine=${target_cpu}
+atf_arch=`uname -p`
+atf_machine=`uname -m`
-case ${machine} in
- i@<:@3-9@:>@86)
- arch=i386
- ;;
- x86_64)
- arch=amd64
- ;;
- *)
- arch=${machine}
- ;;
-esac
+AC_MSG_NOTICE([Machine type: ${atf_machine}, architecture: ${atf_arch}])
+AC_SUBST(atf_arch, ${atf_arch})
+AC_SUBST(atf_machine, ${atf_machine})
-AC_MSG_NOTICE([Machine type: ${machine}, architecture: ${arch}])
-AC_SUBST(atf_arch, ${arch})
-AC_SUBST(atf_machine, ${machine})
-
dnl -----------------------------------------------------------------------
dnl User-customizable variables.
dnl -----------------------------------------------------------------------
@@ -191,6 +178,7 @@
esac
fi
+AC_SUBST(atf_aclocaldir, \${datadir}/aclocal)
AC_SUBST(atf_cssdir, \${datadir}/examples/atf)
AC_SUBST(atf_dtddir, \${datadir}/xml/atf)
AC_SUBST(atf_egdir, \${datadir}/examples/atf)
@@ -221,7 +209,10 @@
dnl Check for required tools.
dnl -----------------------------------------------------------------------
-AC_PATH_PROG([MTN], [mtn])
+AC_PATH_PROG([GDB], [gdb])
+AC_PATH_PROG([KYUA], [kyua])
+AM_CONDITIONAL([HAVE_KYUA], [test -n "${KYUA}"])
+AC_PATH_PROG([GIT], [git])
dnl -----------------------------------------------------------------------
dnl Finally, generate output.
@@ -229,9 +220,9 @@
AC_OUTPUT([Makefile atf-c/defs.h])
-if test ${enable_shared} = yes; then
- AC_MSG_WARN([Shared libraries with unstable ABIs/APIs have been enabled.])
- AC_MSG_WARN([Please do not install them as part of a binary package.])
+if test ${enable_tools} = yes; then
+ AC_MSG_WARN([Building the deprecated ATF tools (atf-run and atf-report);])
+ AC_MSG_WARN([please migrate to Kyua as soon as feasible.])
fi
dnl vim: syntax=m4:expandtab:shiftwidth=4:softtabstop=4
Modified: vendor/bind/dist/unit/atf-src/doc/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/doc/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/doc/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -27,19 +27,24 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
+dist_man_MANS += doc/atf-test-case.4 \
+ doc/atf-test-program.1
+
+if ENABLE_TOOLS
+
man_MANS += doc/atf.7
CLEANFILES += doc/atf.7
EXTRA_DIST += doc/atf.7.in
-dist_man_MANS += doc/atf-formats.5 \
- doc/atf-test-case.4 \
- doc/atf-test-program.1
+dist_man_MANS += doc/atf-formats.5
doc/atf.7: $(srcdir)/doc/atf.7.in
test -d doc || mkdir -p doc
- sed -e 's,__DOCDIR__,$(docdir),g' \
- -e 's,__TESTSDIR__,$(testsdir),g' \
+ sed -e 's#__DOCDIR__#$(docdir)#g' \
+ -e 's#__TESTSDIR__#$(testsdir)#g' \
<$(srcdir)/doc/atf.7.in >doc/atf.7.tmp
mv doc/atf.7.tmp doc/atf.7
+endif
+
# vim: syntax=make:noexpandtab:shiftwidth=8:softtabstop=8
Modified: vendor/bind/dist/unit/atf-src/doc/atf-formats.5
===================================================================
--- vendor/bind/dist/unit/atf-src/doc/atf-formats.5 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/doc/atf-formats.5 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 7, 2010
+.Dd December 20, 2011
.Dt ATF-FORMATS 5
.Os
.Sh NAME
@@ -149,7 +149,7 @@
var1 = this is a variable value
var2 = this is another one # Optional comment at the end.
.Ed
-.Ss Format: application/X-atf-tps, version: 2
+.Ss Format: application/X-atf-tps, version: 3
The
.Sq application/X-atf-tps
format multiplexes the standard output, standard error and results output
@@ -165,14 +165,16 @@
INFO ::= 'info' COLON STRING COMMA STRING NEWLINE
TPS-COUNT ::= 'tps-count' COLON POSITIVE-NUMBER NEWLINE
TP-STANZA ::= TP-START TC-STANZA* TC-END
-TP-START ::= 'tp-start' COLON STRING COMMA POSITIVE-NUMBER NEWLINE
-TP-END ::= 'tc-end' COLON STRING (COMMA STRING)?
+TP-START ::= 'tp-start' COLON TIMESTAMP COMMA STRING COMMA
+ POSITIVE-NUMBER NEWLINE
+TP-END ::= 'tc-end' COLON TIMESTAMP COMMA STRING (COMMA STRING)?
TC-STANZA ::= TC-START (TC-SO | TC-SE)* TC-END
-TC-START ::= 'tc-start' COLON STRING NEWLINE
+TC-START ::= 'tc-start' COLON TIMESTAMP COMMA STRING NEWLINE
TC-SO ::= 'tc-so' COLON STRING NEWLINE
TC-SE ::= 'tc-se' COLON STRING NEWLINE
-TC-END ::= 'tc-end' COLON STRING COMMA TCR NEWLINE
+TC-END ::= 'tc-end' COLON TIMESTAMP COMMA STRING COMMA TCR NEWLINE
TCR ::= 'passed' | ('failed' | 'skipped') COMMA STRING
+TIMESTAMP ::= [0-9]+.[0-9]+
.Ed
.Pp
The meaning of the constructions above is:
@@ -212,18 +214,18 @@
An example:
.Bd -literal -offset indent
tps-count: 2
-tp-start: calculator, 2
-tc-start: add
-tc-end: add, passed
-tc-start: subtract
+tp-start: calculator, 1324318951.838923, 2
+tc-start: add, 1324318951.839101
+tc-end: add, 1324318951.839500, passed
+tc-start: subtract, 1324318951.840001
tc-so: 3-2 expected to return 1 but got 0
-tc-end: subtract, failed, Calculated an unexpected value
-tp-end: calculator
-tp-start: files, 1
-tc-start: copy
+tc-end: subtract, 1324318952.000123, failed, Calculated an unexpected value
+tp-end: calculator, 1324318952.002301
+tp-start: files, 1, 1324318952.502348
+tc-start: copy, 1324318952.508291
tc-se: could not find the cp(1) utility
-tc-end: copy, skipped
-tp-end: files
+tc-end: copy, 1324318953.203145, skipped
+tp-end: files, 1324318953.203800
.Ed
.Sh SEE ALSO
.Xr atf 7
Modified: vendor/bind/dist/unit/atf-src/doc/atf-test-case.4
===================================================================
--- vendor/bind/dist/unit/atf-src/doc/atf-test-case.4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/doc/atf-test-case.4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd October 31, 2010
+.Dd January 13, 2011
.Dt ATF-TEST-CASE 4
.Os
.Sh NAME
@@ -61,7 +61,7 @@
This body is only executed if the abstract conditions specified by the
header are met.
The
-.Em cleanup routine
+.Em cleanup
routine is a piece of code always executed after the body, regardless of
the exit status of the test case.
It can be used to undo side-effects of the test case.
@@ -148,6 +148,9 @@
collected by the test program they are contained in.
The developer need not care about this as long as he uses the correct
APIs to implement the test cases.
+.Pp
+The standard input of the test cases is unconditionally connected to
+.Sq /dev/zero .
.Ss Meta-data
The following list describes all meta-data properties interpreted
internally by ATF.
@@ -179,7 +182,7 @@
The test case's identifier.
Must be unique inside the test program and should be short but descriptive.
.It require.arch
-Type textual.
+Type: textual.
Optional.
.Pp
A whitespace separated list of architectures that the test case can be run
@@ -192,12 +195,32 @@
to execute the test case.
If any of the required variables is not defined, the test case is
.Em skipped .
+.It require.files
+Type: textual.
+Optional.
+.Pp
+A whitespace separated list of files that must be present to execute the
+test case.
+The names of these files must be absolute paths.
+If any of the required files is not found, the test case is
+.Em skipped .
.It require.machine
-Type textual.
+Type: textual.
Optional.
.Pp
A whitespace separated list of machine types that the test case can be run
under without causing errors due to a machine type mismatch.
+.It require.memory
+Type: integer.
+Optional.
+Specifies the minimum amount of physical memory needed by the test.
+The value can have a size suffix such as
+.Sq K ,
+.Sq M ,
+.Sq G
+or
+.Sq T
+to make the amount of bytes easier to type and read.
.It require.progs
Type: textual.
Optional.
@@ -219,18 +242,23 @@
.Sq root
or
.Sq unprivileged .
-If the requested privileges do not match the current user, the test case is
+.Pp
+If the test case is running as a regular user and this property is
+.Sq root ,
+the test case is
.Em skipped .
.Pp
-.Em NOTE :
-In the future, it is expected that the test case will attempt to gain the
-necessary privileges on its own before failing.
-At the very least, lowering the privileges from the super-user to an
-unprivileged user will be supported.
+If the test case is running as root and this property is
+.Sq unprivileged ,
+.Xr atf-run 1
+will automatically drop the privileges if the
+.Sq unprivileged-user
+configuration property is set; otherwise the test case is
+.Em skipped .
.It timeout
Type: integral.
Optional; defaults to
-.Sq 30 .
+.Sq 300 .
.Pp
Specifies the maximum amount of time the test case can run.
This is particularly useful because some tests can stall either because they
@@ -268,19 +296,24 @@
.It Ev LC_TIME
Undefined.
.It Ev TZ
-Undefined.
+Hardcoded to
+.Sq UTC .
.El
.Ss Work directories
The test program always creates a temporary directory
and switches to it before running the test case's body.
This way the test case is free to modify its current directory as it
-wishes, and the test program will be able to clean it up later on in a
+wishes, and the runtime engine will be able to clean it up later on in a
safe way, removing any traces of its execution from the system.
+To do so, the runtime engine will perform a recursive removal of the work
+directory without crossing mount points; if a mount point is found, the
+file system will be unmounted (if possible).
.Ss File creation mode mask (umask)
Test cases are always executed with a file creation mode mask (umask) of
.Sq 0022 .
The test case's code is free to change this during execution.
.Sh SEE ALSO
+.Xr atf-run 1 ,
.Xr atf-test-program 1 ,
.Xr atf-formats 5 ,
.Xr atf 7
Modified: vendor/bind/dist/unit/atf-src/doc/atf-test-program.1
===================================================================
--- vendor/bind/dist/unit/atf-src/doc/atf-test-program.1 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/doc/atf-test-program.1 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 18, 2010
+.Dd February 6, 2011
.Dt ATF-TEST-PROGRAM 1
.Os
.Sh NAME
@@ -43,6 +43,10 @@
.Sh DESCRIPTION
Test programs written using the ATF libraries all share a common user
interface, which is what this manual page describes.
+.Em NOTE: There is no binary known as
+.Nm ;
+.Em what is described in this manual page is the command-line interface
+.Em exposed by the atf-c, atf-c++ and atf-sh bindings .
.Pp
In the first synopsis form, the test program will execute the provided
test case and print its results to the standard output, unless otherwise
Modified: vendor/bind/dist/unit/atf-src/doc/atf.7.in
===================================================================
--- vendor/bind/dist/unit/atf-src/doc/atf.7.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/doc/atf.7.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
.\"
.\" Automated Testing Framework (atf)
.\"
-.\" Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/m4/compiler-flags.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/compiler-flags.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/compiler-flags.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,110 +1,159 @@
-dnl
-dnl Automated Testing Framework (atf)
-dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright 2010 Google Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
-dnl modification, are permitted provided that the following conditions
-dnl are met:
-dnl 1. Redistributions of source code must retain the above copyright
-dnl notice, this list of conditions and the following disclaimer.
-dnl 2. Redistributions in binary form must reproduce the above copyright
-dnl notice, this list of conditions and the following disclaimer in the
-dnl documentation and/or other materials provided with the distribution.
+dnl modification, are permitted provided that the following conditions are
+dnl met:
dnl
-dnl THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
-dnl CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-dnl INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-dnl IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
-dnl DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-dnl DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-dnl GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-dnl INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-dnl IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-dnl OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-dnl IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+dnl * Redistributions of source code must retain the above copyright
+dnl notice, this list of conditions and the following disclaimer.
+dnl * Redistributions in binary form must reproduce the above copyright
+dnl notice, this list of conditions and the following disclaimer in the
+dnl documentation and/or other materials provided with the distribution.
+dnl * Neither the name of Google Inc. nor the names of its contributors
+dnl may be used to endorse or promote products derived from this software
+dnl without specific prior written permission.
dnl
+dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+dnl "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+dnl LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+dnl A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+dnl OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+dnl SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+dnl LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+dnl DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+dnl THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+dnl OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-dnl -----------------------------------------------------------------------
-dnl Check for C/C++ compiler flags
-dnl -----------------------------------------------------------------------
+dnl \file compiler-flags.m4
+dnl
+dnl Macros to check for the existence of compiler flags. The macros in this
+dnl file support both C and C++.
+dnl
+dnl Be aware that, in order to detect a flag accurately, we may need to enable
+dnl strict warning checking in the compiler (i.e. enable -Werror). Some
+dnl compilers, e.g. Clang, report unknown -W flags as warnings unless -Werror is
+dnl selected. This fact would confuse the flag checks below because we would
+dnl conclude that a flag is valid while in reality it is not. To resolve this,
+dnl the macros below will pass -Werror to the compiler along with any other flag
+dnl being checked.
+
+dnl Checks for a compiler flag and sets a result variable.
dnl
-dnl ATF_CC_FLAG(flag_name, accum_var)
+dnl This is an auxiliary macro for the implementation of _KYUA_FLAG.
dnl
-dnl Checks whether the C compiler supports the flag 'flag_name' and, if
-dnl found, appends it to the variable 'accum_var'.
+dnl \param 1 The shell variable containing the compiler name. Used for
+dnl reporting purposes only. C or CXX.
+dnl \param 2 The shell variable containing the flags for the compiler.
+dnl CFLAGS or CXXFLAGS.
+dnl \param 3 The name of the compiler flag to check for.
+dnl \param 4 The shell variable to set with the result of the test. Will
+dnl be set to 'yes' if the flag is valid, 'no' otherwise.
+dnl \param 5 Additional, optional flags to pass to the C compiler while
+dnl looking for the flag in $3. We use this here to pass -Werror to the
+dnl flag checks (unless we are checking for -Werror already).
+AC_DEFUN([_KYUA_FLAG_AUX], [
+ if test x"${$4-unset}" = xunset; then
+ AC_MSG_CHECKING(whether ${$1} supports $3)
+ saved_flags="${$2}"
+ $4=no
+ $2="${$2} $5 $3"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [return 0;])],
+ AC_MSG_RESULT(yes)
+ $4=yes,
+ AC_MSG_RESULT(no))
+ $2="${saved_flags}"
+ fi
+])
+
+
+dnl Checks for a compiler flag and appends it to a result variable.
dnl
-AC_DEFUN([ATF_CC_FLAG], [
- AC_LANG_PUSH(C)
- AC_MSG_CHECKING(whether ${CC} supports $1)
- saved_cflags="${CFLAGS}"
- valid_cflag=no
- CFLAGS="${CFLAGS} $1"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([], [return 0;])],
- AC_MSG_RESULT(yes)
- valid_cflag=yes,
- AC_MSG_RESULT(no))
- CFLAGS="${saved_cflags}"
- AC_LANG_POP()
-
- if test ${valid_cflag} = yes; then
- $2="${$2} $1"
+dnl \param 1 The shell variable containing the compiler name. Used for
+dnl reporting purposes only. CC or CXX.
+dnl \param 2 The shell variable containing the flags for the compiler.
+dnl CFLAGS or CXXFLAGS.
+dnl \param 3 The name of the compiler flag to check for.
+dnl \param 4 The shell variable to which to append $3 if the flag is valid.
+AC_DEFUN([_KYUA_FLAG], [
+ _KYUA_FLAG_AUX([$1], [$2], [-Werror], [kyua_$1_has_werror])
+ if test "$3" = "-Werror"; then
+ found=${kyua_$1_has_werror}
+ else
+ found=unset
+ if test ${kyua_$1_has_werror} = yes; then
+ _KYUA_FLAG_AUX([$1], [$2], [$3], [found], [-Werror])
+ else
+ _KYUA_FLAG_AUX([$1], [$2], [$3], [found], [])
+ fi
fi
+ if test ${found} = yes; then
+ $4="${$4} $3"
+ fi
])
+
+dnl Checks for a C compiler flag and appends it to a variable.
dnl
-dnl ATF_CC_FLAGS(flag_names, accum_var)
-dnl Checks whether the C compiler supports the flags 'flag_names', one by
-dnl one, and appends the valid ones to 'accum_var'.
+dnl \pre The current language is C.
dnl
-AC_DEFUN([ATF_CC_FLAGS], [
+dnl \param 1 The name of the compiler flag to check for.
+dnl \param 2 The shell variable to which to append $1 if the flag is valid.
+AC_DEFUN([KYUA_CC_FLAG], [
+ AC_LANG_ASSERT([C])
+ _KYUA_FLAG([CC], [CFLAGS], [$1], [$2])
+])
+
+
+dnl Checks for a C++ compiler flag and appends it to a variable.
+dnl
+dnl \pre The current language is C++.
+dnl
+dnl \param 1 The name of the compiler flag to check for.
+dnl \param 2 The shell variable to which to append $1 if the flag is valid.
+AC_DEFUN([KYUA_CXX_FLAG], [
+ AC_LANG_ASSERT([C++])
+ _KYUA_FLAG([CXX], [CXXFLAGS], [$1], [$2])
+])
+
+
+dnl Checks for a set of C compiler flags and appends them to CFLAGS.
+dnl
+dnl The checks are performed independently and only when all the checks are
+dnl done, the output variable is modified.
+dnl
+dnl \param 1 Whitespace-separated list of C flags to check.
+AC_DEFUN([KYUA_CC_FLAGS], [
+ AC_LANG_PUSH([C])
valid_cflags=
for f in $1; do
- ATF_CC_FLAG(${f}, valid_cflags)
+ KYUA_CC_FLAG(${f}, valid_cflags)
done
if test -n "${valid_cflags}"; then
- $2="${$2} ${valid_cflags}"
+ CFLAGS="${CFLAGS} ${valid_cflags}"
fi
+ AC_LANG_POP([C])
])
+
+dnl Checks for a set of C++ compiler flags and appends them to CXXFLAGS.
dnl
-dnl ATF_CXX_FLAG(flag_name, accum_var)
+dnl The checks are performed independently and only when all the checks are
+dnl done, the output variable is modified.
dnl
-dnl Checks whether the C++ compiler supports the flag 'flag_name' and, if
-dnl found, appends it to the variable 'accum_var'.
+dnl \pre The current language is C++.
dnl
-AC_DEFUN([ATF_CXX_FLAG], [
- AC_LANG_PUSH(C++)
- AC_MSG_CHECKING(whether ${CXX} supports $1)
- saved_cxxflags="${CXXFLAGS}"
- valid_cxxflag=no
- CXXFLAGS="${CXXFLAGS} $1"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([], [return 0;])],
- AC_MSG_RESULT(yes)
- valid_cxxflag=yes,
- AC_MSG_RESULT(no))
- CXXFLAGS="${saved_cxxflags}"
- AC_LANG_POP()
-
- if test ${valid_cxxflag} = yes; then
- $2="${$2} $1"
- fi
-])
-
-dnl
-dnl ATF_CXX_FLAGS(flag_names, accum_var)
-dnl Checks whether the C++ compiler supports the flags 'flag_names', one by
-dnl one, and appends the valid ones to 'accum_var'.
-dnl
-AC_DEFUN([ATF_CXX_FLAGS], [
+dnl \param 1 Whitespace-separated list of C flags to check.
+AC_DEFUN([KYUA_CXX_FLAGS], [
+ AC_LANG_PUSH([C++])
valid_cxxflags=
for f in $1; do
- ATF_CXX_FLAG(${f}, valid_cxxflags)
+ KYUA_CXX_FLAG(${f}, valid_cxxflags)
done
if test -n "${valid_cxxflags}"; then
- $2="${$2} ${valid_cxxflags}"
+ CXXFLAGS="${CXXFLAGS} ${valid_cxxflags}"
fi
+ AC_LANG_POP([C++])
])
Modified: vendor/bind/dist/unit/atf-src/m4/cxx-std-funcs.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/cxx-std-funcs.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/cxx-std-funcs.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/m4/developer-mode.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/developer-mode.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/developer-mode.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,110 +1,112 @@
-dnl
-dnl Automated Testing Framework (atf)
-dnl
-dnl Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
+dnl Copyright 2010 Google Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
-dnl modification, are permitted provided that the following conditions
-dnl are met:
-dnl 1. Redistributions of source code must retain the above copyright
-dnl notice, this list of conditions and the following disclaimer.
-dnl 2. Redistributions in binary form must reproduce the above copyright
-dnl notice, this list of conditions and the following disclaimer in the
-dnl documentation and/or other materials provided with the distribution.
+dnl modification, are permitted provided that the following conditions are
+dnl met:
dnl
-dnl THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
-dnl CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-dnl INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-dnl IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
-dnl DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-dnl DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-dnl GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-dnl INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-dnl IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-dnl OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-dnl IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+dnl * Redistributions of source code must retain the above copyright
+dnl notice, this list of conditions and the following disclaimer.
+dnl * Redistributions in binary form must reproduce the above copyright
+dnl notice, this list of conditions and the following disclaimer in the
+dnl documentation and/or other materials provided with the distribution.
+dnl * Neither the name of Google Inc. nor the names of its contributors
+dnl may be used to endorse or promote products derived from this software
+dnl without specific prior written permission.
dnl
+dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+dnl "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+dnl LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+dnl A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+dnl OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+dnl SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+dnl LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+dnl DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+dnl THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+dnl OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-dnl -----------------------------------------------------------------------
-dnl Set up the developer mode
-dnl -----------------------------------------------------------------------
-
+dnl \file developer-mode.m4
dnl
-dnl ATF_DEVELOPER_MODE
+dnl "Developer mode" is a mode in which the build system reports any
+dnl build-time warnings as fatal errors. This helps in minimizing the
+dnl amount of trivial coding problems introduced in the code.
+dnl Unfortunately, this is not bullet-proof due to the wide variety of
+dnl compilers available and their different warning diagnostics.
dnl
-dnl Adds a --enable-developer flag to the configure script and, when given,
-dnl checks for and enables several flags useful during development.
+dnl When developer mode support is added to a package, the compilation will
+dnl gain a bunch of extra warning diagnostics. These will NOT be enforced
+dnl unless developer mode is enabled.
dnl
-AC_DEFUN([ATF_DEVELOPER_MODE], [
- AC_ARG_ENABLE(developer,
- AS_HELP_STRING(--enable-developer,
- [enable developer features]),,
- [case ${PACKAGE_VERSION} in
- 0.*|*99*|*alpha*|*beta*)
- enable_developer=yes
- ;;
- *)
- enable_developer=no
- ;;
- esac])
+dnl Developer mode is enabled when the user requests it through the
+dnl configure command line, or when building from the repository. The
+dnl latter is to minimize the risk of committing new code with warnings
+dnl into the tree.
- if test ${enable_developer} = yes; then
- try_werror=yes
- try_c_cxx_flags="-g \
- -Wall \
- -Wcast-qual \
- -Wextra \
- -Wno-unused-parameter \
- -Wpointer-arith \
- -Wredundant-decls \
- -Wreturn-type \
- -Wshadow \
- -Wsign-compare \
- -Wswitch \
- -Wwrite-strings"
+dnl Adds "developer mode" support to the package.
+dnl
+dnl This macro performs the actual definition of the --enable-developer
+dnl flag and implements all of its logic. See the file-level comment for
+dnl details as to what this implies.
+AC_DEFUN([KYUA_DEVELOPER_MODE], [
+ m4_foreach([language], [$1], [m4_set_add([languages], language)])
- try_c_flags="-Wmissing-prototypes \
- -Wno-traditional \
- -Wstrict-prototypes"
+ AC_ARG_ENABLE(
+ [developer],
+ AS_HELP_STRING([--enable-developer], [enable developer features]),,
+ [if test -d ${srcdir}/.git; then
+ AC_MSG_NOTICE([building from HEAD; developer mode autoenabled])
+ enable_developer=yes
+ else
+ enable_developer=no
+ fi])
- try_cxx_flags="-Wabi \
- -Wctor-dtor-privacy \
- -Wno-deprecated \
- -Wno-non-template-friend \
- -Wno-pmf-conversions \
- -Wnon-virtual-dtor \
- -Woverloaded-virtual \
- -Wreorder \
- -Wsign-promo \
- -Wsynth"
+ #
+ # The following warning flags should also be enabled but cannot be.
+ # Reasons given below.
+ #
+ # -Wold-style-cast: Raises errors when using TIOCGWINSZ, at least under
+ # Mac OS X. This is due to the way _IOR is defined.
+ #
- #
- # The following flags should also be enabled but cannot be. Reasons
- # given below.
- #
- # -Wold-style-cast: Raises errors when using TIOCGWINSZ, at least under
- # Mac OS X. This is due to the way _IOR is defined.
- #
+ try_c_cxx_flags="-D_FORTIFY_SOURCE=2 \
+ -Wall \
+ -Wcast-qual \
+ -Wextra \
+ -Wpointer-arith \
+ -Wredundant-decls \
+ -Wreturn-type \
+ -Wshadow \
+ -Wsign-compare \
+ -Wswitch \
+ -Wwrite-strings"
+
+ try_c_flags="-Wmissing-prototypes \
+ -Wno-traditional \
+ -Wstrict-prototypes"
+
+ try_cxx_flags="-Wabi \
+ -Wctor-dtor-privacy \
+ -Wno-deprecated \
+ -Wno-non-template-friend \
+ -Wno-pmf-conversions \
+ -Wnon-virtual-dtor \
+ -Woverloaded-virtual \
+ -Wreorder \
+ -Wsign-promo \
+ -Wsynth"
+
+ if test ${enable_developer} = yes; then
+ try_werror=yes
+ try_c_cxx_flags="${try_c_cxx_flags} -g -Werror"
else
try_werror=no
- try_c_cxx_flags="-DNDEBUG"
- try_c_flags=
- try_cxx_flags=
+ try_c_cxx_flags="${try_c_cxx_flags} -DNDEBUG"
fi
- try_c_cxx_flags="${try_c_cxx_flags} -D_FORTIFY_SOURCE=2"
- # Try and set -Werror first so that tests for other flags are accurate.
- # Otherwise, compilers such as clang will report the flags as a warning and
- # we will conclude they are supported... but when they are combined with
- # -Werror they cause build failures.
- if test ${try_werror} = yes; then
- ATF_CC_FLAGS(-Werror, CFLAGS)
- ATF_CXX_FLAGS(-Werror, CXXFLAGS)
- fi
-
- ATF_CC_FLAGS(${try_c_cxx_flags} ${try_c_flags}, CFLAGS)
- ATF_CXX_FLAGS(${try_c_cxx_flags} ${try_cxx_flags}, CXXFLAGS)
+ m4_set_contains([languages], [C],
+ [KYUA_CC_FLAGS(${try_c_cxx_flags} ${try_c_flags})])
+ m4_set_contains([languages], [C++],
+ [KYUA_CXX_FLAGS(${try_c_cxx_flags} ${try_cxx_flags})])
])
Modified: vendor/bind/dist/unit/atf-src/m4/module-application.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/module-application.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/module-application.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -30,9 +30,11 @@
AC_DEFUN([ATF_MODULE_APPLICATION], [
ATF_CHECK_STD_VSNPRINTF
- AC_LANG_PUSH([C])
- AC_MSG_CHECKING(whether getopt allows a + sign for POSIX behavior)
- AC_RUN_IFELSE([AC_LANG_PROGRAM([#include <stdlib.h>
+ AC_CACHE_CHECK(
+ [whether getopt allows a + sign for POSIX behavior],
+ [kyua_cv_getopt_plus], [
+ AC_LANG_PUSH([C])
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([#include <stdlib.h>
#include <string.h>
#include <unistd.h>], [
int argc = 4;
@@ -64,25 +66,29 @@
return (seen_a && !seen_plus) ? EXIT_SUCCESS : EXIT_FAILURE;
])],
- [getopt_allows_plus=yes
- AC_DEFINE([HAVE_GNU_GETOPT], [1],
- [Define to 1 if getopt allows a + sign for POSIX behavior])],
- [getopt_allows_plus=no])
- AC_MSG_RESULT(${getopt_allows_plus})
- AC_LANG_POP([C])
+ [kyua_cv_getopt_plus=yes],
+ [kyua_cv_getopt_plus=no])
+ AC_LANG_POP([C])
+ ])
+ if test x"${kyua_cv_getopt_plus}" = xyes; then
+ AC_DEFINE([HAVE_GNU_GETOPT], [1],
+ [Define to 1 if getopt allows a + sign for POSIX behavior])
+ fi
- AC_LANG_PUSH([C])
- AC_MSG_CHECKING(whether getopt has optreset)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <stdlib.h>
+ AC_CACHE_CHECK(
+ [whether getopt has optreset],
+ [kyua_cv_getopt_optreset], [
+ AC_LANG_PUSH([C])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <stdlib.h>
#include <unistd.h>], [
optreset = 1;
return EXIT_SUCCESS;
])],
- [getopt_has_optreset=yes],
- [getopt_has_optreset=no])
- if test x"${getopt_has_optreset}" = yes; then
+ [kyua_cv_getopt_optreset=yes],
+ [kyua_cv_getopt_optreset=no])
+ AC_LANG_POP([C])
+ ])
+ if test x"${kyua_cv_getopt_optreset}" = xyes; then
AC_DEFINE([HAVE_OPTRESET], [1], [Define to 1 if getopt has optreset])
fi
- AC_MSG_RESULT(${getopt_has_optreset})
- AC_LANG_POP([C])
])
Modified: vendor/bind/dist/unit/atf-src/m4/module-defs.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/module-defs.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/module-defs.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2008 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -27,15 +27,48 @@
dnl IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
dnl
-AC_DEFUN([ATF_MODULE_DEFS], [
+AC_DEFUN([ATF_ATTRIBUTE_FORMAT_PRINTF], [
+ AC_MSG_CHECKING(
+ [whether __attribute__((__format__(__printf__, a, b))) is supported])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([
+#include <stdarg.h>
+#include <stdio.h>
+
+static void test_printf(const char *, ...)
+ __attribute__((__format__(__printf__, 1, 2)));
+
+static void
+test_printf(const char *format, ...)
+{
+ va_list ap;
+
+ va_start(ap, format);
+ vprintf(format, ap);
+ va_end(ap);
+}], [
+ test_printf("foo %s", "bar");
+ return 0;
+])],
+ [AC_MSG_RESULT(yes)
+ value="__attribute__((__format__(__printf__, a, b)))"],
+ [AC_MSG_RESULT(no)
+ value=""]
+ )
+ AC_SUBST([ATTRIBUTE_FORMAT_PRINTF], [${value}])
+])
+
+AC_DEFUN([ATF_ATTRIBUTE_NORETURN], [
dnl XXX This check is overly simple and should be fixed. For example,
dnl Sun's cc does support the noreturn attribute but CC (the C++
dnl compiler) does not. And in that case, CC just raises a warning
dnl during compilation, not an error, which later breaks the
dnl atf-c++/t_pkg_config:cxx_build check.
- AC_MSG_CHECKING(whether __attribute__((noreturn)) is supported)
- AC_RUN_IFELSE(
- [AC_LANG_PROGRAM([], [
+ AC_CACHE_CHECK(
+ [whether __attribute__((__noreturn__)) is supported],
+ [kyua_cv_attribute_noreturn], [
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([], [
#if ((__GNUC__ == 2 && __GNUC_MINOR__ >= 5) || __GNUC__ > 2)
return 0;
#else
@@ -42,10 +75,38 @@
return 1;
#endif
])],
+ [kyua_cv_attribute_noreturn=yes],
+ [kyua_cv_attribute_noreturn=no])
+ ])
+ if test x"${kyua_cv_attribute_noreturn}" = xyes; then
+ value="__attribute__((__noreturn__))"
+ else
+ value=""
+ fi
+ AC_SUBST([ATTRIBUTE_NORETURN], [${value}])
+])
+
+AC_DEFUN([ATF_ATTRIBUTE_UNUSED], [
+ AC_MSG_CHECKING(whether __attribute__((__unused__)) is supported)
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([
+static void
+function(int a __attribute__((__unused__)))
+{
+}], [
+ function(3);
+ return 0;
+])],
[AC_MSG_RESULT(yes)
- value="__attribute__((noreturn))"],
+ value="__attribute__((__unused__))"],
[AC_MSG_RESULT(no)
value=""]
)
- AC_SUBST([ATTRIBUTE_NORETURN], [${value}])
+ AC_SUBST([ATTRIBUTE_UNUSED], [${value}])
])
+
+AC_DEFUN([ATF_MODULE_DEFS], [
+ ATF_ATTRIBUTE_FORMAT_PRINTF
+ ATF_ATTRIBUTE_NORETURN
+ ATF_ATTRIBUTE_UNUSED
+])
Modified: vendor/bind/dist/unit/atf-src/m4/module-env.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/module-env.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/module-env.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/m4/module-fs.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/module-fs.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/module-fs.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -50,17 +50,22 @@
[Define to 1 if dirname takes a constant pointer]),
AC_MSG_RESULT(no))
- AC_MSG_CHECKING(whether getcwd(NULL, 0) works)
- AC_RUN_IFELSE(
- [AC_LANG_PROGRAM([#include <stdlib.h>
+ AC_CACHE_CHECK(
+ [whether getcwd(NULL, 0) works],
+ [kyua_cv_getcwd_works], [
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([#include <stdlib.h>
#include <unistd.h>], [
char *cwd = getcwd(NULL, 0);
return (cwd != NULL) ? EXIT_SUCCESS : EXIT_FAILURE;
])],
- AC_MSG_RESULT(yes)
+ [kyua_cv_getcwd_works=yes],
+ [kyua_cv_getcwd_works=no])
+ ])
+ if test x"${kyua_cv_getcwd_works}" = xyes; then
AC_DEFINE([HAVE_GETCWD_DYN], [1],
- [Define to 1 if getcwd(NULL, 0) works]),
- AC_MSG_RESULT(no))
+ [Define to 1 if getcwd(NULL, 0) works])
+ fi
AC_CHECK_FUNCS([unmount])
])
Modified: vendor/bind/dist/unit/atf-src/m4/module-sanity.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/module-sanity.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/module-sanity.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
dnl
dnl Automated Testing Framework (atf)
dnl
-dnl Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
+dnl Copyright (c) 2007 The NetBSD Foundation, Inc.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/m4/module-signals.m4
===================================================================
--- vendor/bind/dist/unit/atf-src/m4/module-signals.m4 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/m4/module-signals.m4 2016-11-03 12:20:06 UTC (rev 9200)
@@ -28,8 +28,10 @@
dnl
AC_DEFUN([ATF_MODULE_SIGNALS], [
- AC_MSG_CHECKING(for the last valid signal)
- AC_RUN_IFELSE([AC_LANG_PROGRAM([#include <err.h>
+ AC_CACHE_CHECK(
+ [for the last valid signal],
+ [kyua_cv_signal_lastno], [
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([#include <err.h>
#include <errno.h>
#include <signal.h>
#include <stdio.h>
@@ -71,16 +73,14 @@
return EXIT_SUCCESS;
])],
- [if test ! -f conftest.cnt; then
- last_signo=15
- AC_MSG_RESULT(failed; assuming ${last_signo})
- else
- last_signo=$(cat conftest.cnt)
- rm -f conftest.cnt
- AC_MSG_RESULT(${last_signo})
- fi],
- [last_signo=15
- AC_MSG_RESULT(failed; assuming ${last_signo})])
- AC_DEFINE_UNQUOTED([LAST_SIGNO], [${last_signo}],
+ [if test ! -f conftest.cnt; then
+ kyua_cv_signal_lastno=15
+ else
+ kyua_cv_signal_lastno=$(cat conftest.cnt)
+ rm -f conftest.cnt
+ fi],
+ [kyua_cv_signal_lastno=15])
+ ])
+ AC_DEFINE_UNQUOTED([LAST_SIGNO], [${kyua_cv_signal_lastno}],
[Define to the last valid signal number])
])
Modified: vendor/bind/dist/unit/atf-src/test-programs/Atffile
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/Atffile 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/Atffile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -4,7 +4,6 @@
tp: config_test
tp: expect_test
-tp: fork_test
tp: meta_data_test
tp: srcdir_test
tp: result_test
Added: vendor/bind/dist/unit/atf-src/test-programs/Kyuafile
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/Kyuafile (rev 0)
+++ vendor/bind/dist/unit/atf-src/test-programs/Kyuafile 2016-11-03 12:20:06 UTC (rev 9200)
@@ -0,0 +1,9 @@
+syntax("kyuafile", 1)
+
+test_suite("atf")
+
+atf_test_program{name="config_test"}
+atf_test_program{name="expect_test"}
+atf_test_program{name="meta_data_test"}
+atf_test_program{name="srcdir_test"}
+atf_test_program{name="result_test"}
Modified: vendor/bind/dist/unit/atf-src/test-programs/Makefile.am.inc
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/Makefile.am.inc 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/Makefile.am.inc 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -27,7 +27,8 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
-tests_test_programs_DATA = test-programs/Atffile
+tests_test_programs_DATA = test-programs/Atffile \
+ test-programs/Kyuafile
tests_test_programsdir = $(pkgtestsdir)/test-programs
EXTRA_DIST += $(tests_test_programs_DATA)
@@ -37,7 +38,7 @@
tests_test_programs_PROGRAMS += test-programs/cpp_helpers
test_programs_cpp_helpers_SOURCES = test-programs/cpp_helpers.cpp
-test_programs_cpp_helpers_LDADD = libatf-c++.la
+test_programs_cpp_helpers_LDADD = $(ATF_CXX_LIBS)
common_sh = $(srcdir)/test-programs/common.sh
EXTRA_DIST += test-programs/common.sh
@@ -66,14 +67,6 @@
@src="$(srcdir)/test-programs/expect_test.sh $(common_sh)"; \
dst="test-programs/expect_test"; $(BUILD_SH_TP)
-tests_test_programs_SCRIPTS += test-programs/fork_test
-CLEANFILES += test-programs/fork_test
-EXTRA_DIST += test-programs/fork_test.sh
-test-programs/fork_test: $(srcdir)/test-programs/fork_test.sh
- test -d test-programs || mkdir -p test-programs
- @src="$(srcdir)/test-programs/fork_test.sh $(common_sh)"; \
- dst="test-programs/fork_test"; $(BUILD_SH_TP)
-
tests_test_programs_SCRIPTS += test-programs/meta_data_test
CLEANFILES += test-programs/meta_data_test
EXTRA_DIST += test-programs/meta_data_test.sh
Modified: vendor/bind/dist/unit/atf-src/test-programs/c_helpers.c
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/c_helpers.c 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/c_helpers.c 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
/*
* Automated Testing Framework (atf)
*
- * Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -177,22 +177,6 @@
safe_remove(atf_tc_get_config_var(tc, "tmpfile"));
}
-ATF_TC_WITH_CLEANUP(cleanup_fork);
-ATF_TC_HEAD(cleanup_fork, tc)
-{
- atf_tc_set_md_var(tc, "descr", "Helper test case for the t_cleanup test "
- "program");
-}
-ATF_TC_BODY(cleanup_fork, tc)
-{
-}
-ATF_TC_CLEANUP(cleanup_fork, tc)
-{
- close(STDOUT_FILENO);
- close(STDERR_FILENO);
- close(3);
-}
-
/* ---------------------------------------------------------------------
* Helper tests for "t_config".
* --------------------------------------------------------------------- */
@@ -386,44 +370,10 @@
}
/* ---------------------------------------------------------------------
- * Helper tests for "t_fork".
- * --------------------------------------------------------------------- */
-
-ATF_TC(fork_stop);
-ATF_TC_HEAD(fork_stop, tc)
-{
- atf_tc_set_md_var(tc, "descr", "Helper test case for the t_fork test "
- "program");
-}
-ATF_TC_BODY(fork_stop, tc)
-{
- FILE *f;
- const char *dfstr, *pfstr;
-
- dfstr = atf_tc_get_config_var(tc, "donefile");
- pfstr = atf_tc_get_config_var(tc, "pidfile");
-
- f = fopen(pfstr, "w");
- if (f == NULL)
- atf_tc_fail("Failed to create pidfile %s", pfstr);
- fprintf(f, "%d", (int)getpid());
- fclose(f);
- printf("Wrote pid file\n");
-
- printf("Waiting for done file\n");
- while (access(dfstr, F_OK) != 0)
- usleep(10000);
- printf("Exiting\n");
-}
-
-/* ---------------------------------------------------------------------
* Helper tests for "t_meta_data".
* --------------------------------------------------------------------- */
-ATF_TC(metadata_no_descr);
-ATF_TC_HEAD(metadata_no_descr, tc)
-{
-}
+ATF_TC_WITHOUT_HEAD(metadata_no_descr);
ATF_TC_BODY(metadata_no_descr, tc)
{
}
@@ -460,15 +410,13 @@
* Helper tests for "t_result".
* --------------------------------------------------------------------- */
-ATF_TC(result_pass);
-ATF_TC_HEAD(result_pass, tc) { }
+ATF_TC_WITHOUT_HEAD(result_pass);
ATF_TC_BODY(result_pass, tc)
{
printf("msg\n");
}
-ATF_TC(result_fail);
-ATF_TC_HEAD(result_fail, tc) { }
+ATF_TC_WITHOUT_HEAD(result_fail);
ATF_TC_BODY(result_fail, tc)
{
printf("msg\n");
@@ -475,8 +423,7 @@
atf_tc_fail("Failure reason");
}
-ATF_TC(result_skip);
-ATF_TC_HEAD(result_skip, tc) { }
+ATF_TC_WITHOUT_HEAD(result_skip);
ATF_TC_BODY(result_skip, tc)
{
printf("msg\n");
@@ -517,7 +464,6 @@
ATF_TP_ADD_TC(tp, cleanup_skip);
ATF_TP_ADD_TC(tp, cleanup_curdir);
ATF_TP_ADD_TC(tp, cleanup_sigterm);
- ATF_TP_ADD_TC(tp, cleanup_fork);
/* Add helper tests for t_config. */
ATF_TP_ADD_TC(tp, config_unset);
@@ -544,9 +490,6 @@
ATF_TP_ADD_TC(tp, expect_timeout_and_hang);
ATF_TP_ADD_TC(tp, expect_timeout_but_pass);
- /* Add helper tests for t_fork. */
- ATF_TP_ADD_TC(tp, fork_stop);
-
/* Add helper tests for t_meta_data. */
ATF_TP_ADD_TC(tp, metadata_no_descr);
ATF_TP_ADD_TC(tp, metadata_no_head);
Modified: vendor/bind/dist/unit/atf-src/test-programs/config_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/config_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/config_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Modified: vendor/bind/dist/unit/atf-src/test-programs/cpp_helpers.cpp
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/cpp_helpers.cpp 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/cpp_helpers.cpp 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
//
// Automated Testing Framework (atf)
//
-// Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
+// Copyright (c) 2007 The NetBSD Foundation, Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,7 @@
#include <fstream>
#include <iostream>
-#include "atf-c++/macros.hpp"
+#include <atf-c++.hpp>
#include "atf-c++/detail/fs.hpp"
@@ -225,27 +225,6 @@
}
// ------------------------------------------------------------------------
-// Helper tests for "t_fork".
-// ------------------------------------------------------------------------
-
-ATF_TEST_CASE(fork_stop);
-ATF_TEST_CASE_HEAD(fork_stop)
-{
- set_md_var("descr", "Helper test case for the t_fork test program");
-}
-ATF_TEST_CASE_BODY(fork_stop)
-{
- std::ofstream os(get_config_var("pidfile").c_str());
- os << ::getpid() << "\n";
- os.close();
- std::cout << "Wrote pid file\n";
- std::cout << "Waiting for done file\n";
- while (::access(get_config_var("donefile").c_str(), F_OK) != 0)
- ::usleep(10000);
- std::cout << "Exiting\n";
-}
-
-// ------------------------------------------------------------------------
// Helper tests for "t_meta_data".
// ------------------------------------------------------------------------
@@ -363,9 +342,6 @@
ATF_ADD_TEST_CASE(tcs, expect_timeout_and_hang);
ATF_ADD_TEST_CASE(tcs, expect_timeout_but_pass);
- // Add helper tests for t_fork.
- ATF_ADD_TEST_CASE(tcs, fork_stop);
-
// Add helper tests for t_meta_data.
ATF_ADD_TEST_CASE(tcs, metadata_no_descr);
ATF_ADD_TEST_CASE(tcs, metadata_no_head);
Modified: vendor/bind/dist/unit/atf-src/test-programs/expect_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/expect_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/expect_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -37,10 +37,11 @@
atf_test_case expect_pass
expect_pass_body() {
for h in $(get_helpers); do
- atf_check -s eq:0 "${h}" -r result expect_pass_and_pass
+ atf_check -s eq:0 -e ignore "${h}" -r result expect_pass_and_pass
check_result result "passed"
- atf_check -s eq:1 "${h}" -r result expect_pass_but_fail_requirement
+ atf_check -s eq:1 -e ignore "${h}" -r result \
+ expect_pass_but_fail_requirement
check_result result "failed: Some reason"
# atf-sh does not support non-fatal failures yet; skip checks for
@@ -77,10 +78,11 @@
# atf-sh does not support non-fatal failures yet; skip checks for
# such conditions.
for h in $(get_helpers sh_helpers); do
- atf_check -s eq:0 "${h}" -r result expect_fail_and_fail_requirement
+ atf_check -s eq:0 -e ignore "${h}" -r result \
+ expect_fail_and_fail_requirement
check_result result "expected_failure: Fail reason: The failure"
- atf_check -s eq:1 "${h}" -r result expect_fail_but_pass
+ atf_check -s eq:1 -e ignore "${h}" -r result expect_fail_but_pass
check_result result "failed: .*expecting a failure"
done
}
@@ -88,13 +90,13 @@
atf_test_case expect_exit
expect_exit_body() {
for h in $(get_helpers); do
- atf_check -s eq:0 "${h}" -r result expect_exit_any_and_exit
+ atf_check -s eq:0 -e ignore "${h}" -r result expect_exit_any_and_exit
check_result result "expected_exit: Call will exit"
- atf_check -s eq:123 "${h}" -r result expect_exit_code_and_exit
+ atf_check -s eq:123 -e ignore "${h}" -r result expect_exit_code_and_exit
check_result result "expected_exit\(123\): Call will exit"
- atf_check -s eq:1 "${h}" -r result expect_exit_but_pass
+ atf_check -s eq:1 -e ignore "${h}" -r result expect_exit_but_pass
check_result result "failed: .*expected to exit"
done
}
@@ -102,13 +104,16 @@
atf_test_case expect_signal
expect_signal_body() {
for h in $(get_helpers); do
- atf_check -s signal:9 "${h}" -r result expect_signal_any_and_signal
+ atf_check -s signal:9 -e ignore "${h}" -r result \
+ expect_signal_any_and_signal
check_result result "expected_signal: Call will signal"
- atf_check -s signal:hup "${h}" -r result expect_signal_no_and_signal
+ atf_check -s signal:hup -e ignore "${h}" -r result \
+ expect_signal_no_and_signal
check_result result "expected_signal\(1\): Call will signal"
- atf_check -s eq:1 "${h}" -r result expect_signal_but_pass
+ atf_check -s eq:1 -e ignore "${h}" -r result \
+ expect_signal_but_pass
check_result result "failed: .*termination signal"
done
}
@@ -116,13 +121,14 @@
atf_test_case expect_death
expect_death_body() {
for h in $(get_helpers); do
- atf_check -s eq:123 "${h}" -r result expect_death_and_exit
+ atf_check -s eq:123 -e ignore "${h}" -r result expect_death_and_exit
check_result result "expected_death: Exit case"
- atf_check -s signal:kill "${h}" -r result expect_death_and_signal
+ atf_check -s signal:kill -e ignore "${h}" -r result \
+ expect_death_and_signal
check_result result "expected_death: Signal case"
- atf_check -s eq:1 "${h}" -r result expect_death_but_pass
+ atf_check -s eq:1 -e ignore "${h}" -r result expect_death_but_pass
check_result result "failed: .*terminate abruptly"
done
}
@@ -130,7 +136,7 @@
atf_test_case expect_timeout
expect_timeout_body() {
for h in $(get_helpers); do
- atf_check -s eq:1 "${h}" -r result expect_timeout_but_pass
+ atf_check -s eq:1 -e ignore "${h}" -r result expect_timeout_but_pass
check_result result "failed: Test case was expected to hang but it" \
"continued execution"
done
Deleted: vendor/bind/dist/unit/atf-src/test-programs/fork_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/fork_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/fork_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,64 +0,0 @@
-#
-# Automated Testing Framework (atf)
-#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
-# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-# TODO: This test program is about checking the test case's "environment"
-# (not the variables). Should be named something else than t_fork.
-
-atf_test_case stop
-stop_head()
-{
- atf_set "descr" "Tests that sending a stop signal to a test case does" \
- "not report it as failed"
-}
-stop_body()
-{
- for h in $(get_helpers); do
- ${h} -s $(atf_get_srcdir) -v pidfile=$(pwd)/pid \
- -v donefile=$(pwd)/done -r resfile fork_stop &
- ppid=${!}
- echo "Waiting for pid file for test program ${ppid}"
- while test ! -f pid; do sleep 1; done
- pid=$(cat pid)
- echo "Test case's pid is ${pid}"
- kill -STOP ${pid}
- touch done
- echo "Wrote done file"
- kill -CONT ${pid}
- wait ${ppid}
- atf_check -s eq:0 -o ignore -e empty grep '^passed$' resfile
- rm -f pid done
- done
-}
-
-atf_init_test_cases()
-{
- atf_add_test_case stop
-}
-
-# vim: syntax=sh:expandtab:shiftwidth=4:softtabstop=4
Modified: vendor/bind/dist/unit/atf-src/test-programs/meta_data_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/meta_data_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/meta_data_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -35,8 +35,8 @@
no_descr_body()
{
for h in $(get_helpers); do
- atf_check -s eq:0 -o ignore -e empty ${h} -s $(atf_get_srcdir) -l
- atf_check -s eq:0 -o match:passed -e empty ${h} -s $(atf_get_srcdir) \
+ atf_check -s eq:0 -o ignore -e ignore ${h} -s $(atf_get_srcdir) -l
+ atf_check -s eq:0 -o match:passed -e ignore ${h} -s $(atf_get_srcdir) \
metadata_no_descr
done
}
@@ -49,8 +49,8 @@
no_head_body()
{
for h in $(get_helpers); do
- atf_check -s eq:0 -o ignore -e empty ${h} -s $(atf_get_srcdir) -l
- atf_check -s eq:0 -o match:passed -e empty ${h} -s $(atf_get_srcdir) \
+ atf_check -s eq:0 -o ignore -e ignore ${h} -s $(atf_get_srcdir) -l
+ atf_check -s eq:0 -o match:passed -e ignore ${h} -s $(atf_get_srcdir) \
metadata_no_head
done
}
Modified: vendor/bind/dist/unit/atf-src/test-programs/result_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/result_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/result_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,23 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
+atf_test_case atf_run_warnings
+atf_run_warnings_head()
+{
+ # The fact that this test case is in this test program is an abuse.
+ atf_set "descr" "Tests that the test case prints a warning because" \
+ "it is not being run by atf-run"
+}
+atf_run_warnings_body()
+{
+ unset __RUNNING_INSIDE_ATF_RUN
+ srcdir="$(atf_get_srcdir)"
+ for h in $(get_helpers); do
+ atf_check -s eq:0 -o match:"passed" -e match:"WARNING.*atf-run" \
+ "${h}" -s "${srcdir}" result_pass
+ done
+}
+
atf_test_case result_on_stdout
result_on_stdout_head()
{
@@ -38,11 +55,11 @@
srcdir="$(atf_get_srcdir)"
for h in $(get_helpers); do
atf_check -s eq:0 -o match:"passed" -o match:"msg" \
- -e empty "${h}" -s "${srcdir}" result_pass
+ -e ignore "${h}" -s "${srcdir}" result_pass
atf_check -s eq:1 -o match:"failed: Failure reason" -o match:"msg" \
- -e empty "${h}" -s "${srcdir}" result_fail
+ -e ignore "${h}" -s "${srcdir}" result_fail
atf_check -s eq:0 -o match:"skipped: Skipped reason" -o match:"msg" \
- -e empty "${h}" -s "${srcdir}" result_skip
+ -e ignore "${h}" -s "${srcdir}" result_skip
done
}
@@ -56,15 +73,15 @@
{
srcdir="$(atf_get_srcdir)"
for h in $(get_helpers); do
- atf_check -s eq:0 -o inline:"msg\n" -e empty "${h}" -s "${srcdir}" \
+ atf_check -s eq:0 -o inline:"msg\n" -e ignore "${h}" -s "${srcdir}" \
-r resfile result_pass
atf_check -o inline:"passed\n" cat resfile
- atf_check -s eq:1 -o inline:"msg\n" -e empty "${h}" -s "${srcdir}" \
+ atf_check -s eq:1 -o inline:"msg\n" -e ignore "${h}" -s "${srcdir}" \
-r resfile result_fail
atf_check -o inline:"failed: Failure reason\n" cat resfile
- atf_check -s eq:0 -o inline:"msg\n" -e empty "${h}" -s "${srcdir}" \
+ atf_check -s eq:0 -o inline:"msg\n" -e ignore "${h}" -s "${srcdir}" \
-r resfile result_skip
atf_check -o inline:"skipped: Skipped reason\n" cat resfile
done
@@ -112,6 +129,7 @@
atf_init_test_cases()
{
+ atf_add_test_case atf_run_warnings
atf_add_test_case result_on_stdout
atf_add_test_case result_to_file
atf_add_test_case result_to_file_fail
Modified: vendor/bind/dist/unit/atf-src/test-programs/sh_helpers.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/sh_helpers.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/sh_helpers.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -111,23 +111,6 @@
rm $(atf_config_get tmpfile)
}
-atf_test_case cleanup_fork cleanup
-cleanup_fork_head()
-{
- atf_set "descr" "Helper test case for the t_cleanup test program"
-}
-cleanup_fork_body()
-{
- :
-}
-cleanup_fork_cleanup()
-{
- exec 1>out
- exec 2>err
- exec 3>res
- rm -f out err res
-}
-
# -------------------------------------------------------------------------
# Helper tests for "t_config".
# -------------------------------------------------------------------------
@@ -175,24 +158,6 @@
}
# -------------------------------------------------------------------------
-# Helper tests for "t_fork".
-# -------------------------------------------------------------------------
-
-atf_test_case fork_stop
-fork_stop_head()
-{
- atf_set "descr" "Helper test case for the t_fork test program"
-}
-fork_stop_body()
-{
- echo ${$} >$(atf_config_get pidfile)
- echo "Wrote pid file"
- echo "Waiting for done file"
- while ! test -f $(atf_config_get donefile); do sleep 1; done
- echo "Exiting"
-}
-
-# -------------------------------------------------------------------------
# Helper tests for "t_expect".
# -------------------------------------------------------------------------
@@ -387,7 +352,6 @@
atf_add_test_case cleanup_skip
atf_add_test_case cleanup_curdir
atf_add_test_case cleanup_sigterm
- atf_add_test_case cleanup_fork
# Add helper tests for t_config.
atf_add_test_case config_unset
@@ -414,9 +378,6 @@
atf_add_test_case expect_timeout_and_hang
atf_add_test_case expect_timeout_but_pass
- # Add helper tests for t_fork.
- atf_add_test_case fork_stop
-
# Add helper tests for t_meta_data.
atf_add_test_case metadata_no_descr
atf_add_test_case metadata_no_head
Modified: vendor/bind/dist/unit/atf-src/test-programs/srcdir_test.sh
===================================================================
--- vendor/bind/dist/unit/atf-src/test-programs/srcdir_test.sh 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/atf-src/test-programs/srcdir_test.sh 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,7 +1,7 @@
#
# Automated Testing Framework (atf)
#
-# Copyright (c) 2007, 2008, 2010 The NetBSD Foundation, Inc.
+# Copyright (c) 2007 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -48,7 +48,7 @@
cp ${hp} tmp
atf_check -s eq:0 -o ignore -e ignore -x \
"cd tmp && ./${h} srcdir_exists"
- atf_check -s eq:1 -o empty -e empty "${hp}" -r res srcdir_exists
+ atf_check -s eq:1 -o empty -e ignore "${hp}" -r res srcdir_exists
atf_check -s eq:0 -o ignore -e empty grep "Cannot find datafile" res
done
}
@@ -71,7 +71,7 @@
cp ${hp} tmp/.libs
atf_check -s eq:0 -o ignore -e ignore -x \
"cd tmp && ./.libs/${h} srcdir_exists"
- atf_check -s eq:1 -o empty -e empty "${hp}" -r res srcdir_exists
+ atf_check -s eq:1 -o empty -e ignore "${hp}" -r res srcdir_exists
atf_check -s eq:0 -o ignore -e empty grep "Cannot find datafile" res
done
@@ -81,7 +81,7 @@
cp ${hp} tmp/.libs/lt-${h}
atf_check -s eq:0 -o ignore -e ignore -x \
"cd tmp && ./.libs/lt-${h} srcdir_exists"
- atf_check -s eq:1 -o empty -e empty "${hp}" -r res srcdir_exists
+ atf_check -s eq:1 -o empty -e ignore "${hp}" -r res srcdir_exists
atf_check -s eq:0 -o ignore -e empty grep "Cannot find datafile" res
done
}
Modified: vendor/bind/dist/unit/unittest.sh.in
===================================================================
--- vendor/bind/dist/unit/unittest.sh.in 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/unit/unittest.sh.in 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: unittest.sh.in,v 1.1.1.2 2013-08-22 22:52:01 laffer1 Exp $
+# $Id$
PATH=${PATH}:@ATFBIN@
export PATH
Modified: vendor/bind/dist/util/mksymtbl.pl
===================================================================
--- vendor/bind/dist/util/mksymtbl.pl 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/util/mksymtbl.pl 2016-11-03 12:20:06 UTC (rev 9200)
@@ -14,13 +14,13 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: mksymtbl.pl,v 1.1.1.1 2013-01-30 01:45:02 laffer1 Exp $
+# $Id$
use strict;
use diagnostics;
$^W = 1;
-my $rev = '$Id: mksymtbl.pl,v 1.1.1.1 2013-01-30 01:45:02 laffer1 Exp $';
+my $rev = '$Id$';
$rev =~ s/\$//g;
$rev =~ s/,v//g;
$rev =~ s/Id: //;
Property changes on: vendor/bind/dist/util/mksymtbl.pl
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Modified: vendor/bind/dist/version
===================================================================
--- vendor/bind/dist/version 2016-11-03 12:03:04 UTC (rev 9199)
+++ vendor/bind/dist/version 2016-11-03 12:20:06 UTC (rev 9200)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.1.1.2 2013-08-22 22:51:51 laffer1 Exp $
+# $Id$
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -7,6 +7,7 @@
DESCRIPTION=
MAJORVER=9
MINORVER=8
-PATCHVER=5
-RELEASETYPE=-P
-RELEASEVER=2
+PATCHVER=8
+RELEASETYPE=
+RELEASEVER=
+EXTENSIONS=
More information about the Midnightbsd-cvs
mailing list